From 2fe10ffa082edde9dd822a61e3999dc474e7f12f Mon Sep 17 00:00:00 2001 From: Sascha Steinbiss Date: Tue, 3 Oct 2023 20:04:54 +0200 Subject: [PATCH] add JA4 tests --- tests/ja4-quic/README.md | 119 +++++++++++++++++++++++++ tests/ja4-quic/input.pcap | Bin 0 -> 14412 bytes tests/ja4-quic/suricata.yaml | 29 ++++++ tests/ja4-quic/test.yaml | 14 +++ tests/ja4-rules-disabled/input.pcap | Bin 0 -> 39990 bytes tests/ja4-rules-disabled/suricata.yaml | 25 ++++++ tests/ja4-rules-disabled/test.rules | 2 + tests/ja4-rules-disabled/test.yaml | 9 ++ tests/ja4-rules-invalid/test.rules | 1 + tests/ja4-rules-invalid/test.yaml | 15 ++++ tests/ja4-rules/input.pcap | Bin 0 -> 39990 bytes tests/ja4-rules/suricata.yaml | 28 ++++++ tests/ja4-rules/test.rules | 4 + tests/ja4-rules/test.yaml | 29 ++++++ tests/ja4-tls-quic/README.md | 70 +++++++++++++++ tests/ja4-tls-quic/input.pcap | Bin 0 -> 39990 bytes tests/ja4-tls-quic/suricata.yaml | 28 ++++++ tests/ja4-tls-quic/test.yaml | 19 ++++ tests/ja4-tls/README.md | 38 ++++++++ tests/ja4-tls/input.pcap | Bin 0 -> 2961 bytes tests/ja4-tls/suricata.yaml | 28 ++++++ tests/ja4-tls/test.yaml | 14 +++ 22 files changed, 472 insertions(+) create mode 100644 tests/ja4-quic/README.md create mode 100644 tests/ja4-quic/input.pcap create mode 100644 tests/ja4-quic/suricata.yaml create mode 100644 tests/ja4-quic/test.yaml create mode 100644 tests/ja4-rules-disabled/input.pcap create mode 100644 tests/ja4-rules-disabled/suricata.yaml create mode 100644 tests/ja4-rules-disabled/test.rules create mode 100644 tests/ja4-rules-disabled/test.yaml create mode 100644 tests/ja4-rules-invalid/test.rules create mode 100644 tests/ja4-rules-invalid/test.yaml create mode 100644 tests/ja4-rules/input.pcap create mode 100644 tests/ja4-rules/suricata.yaml create mode 100644 tests/ja4-rules/test.rules create mode 100644 tests/ja4-rules/test.yaml create mode 100644 tests/ja4-tls-quic/README.md create mode 100644 tests/ja4-tls-quic/input.pcap create mode 100644 tests/ja4-tls-quic/suricata.yaml create mode 100644 tests/ja4-tls-quic/test.yaml create mode 100644 tests/ja4-tls/README.md create mode 100644 tests/ja4-tls/input.pcap create mode 100644 tests/ja4-tls/suricata.yaml create mode 100644 tests/ja4-tls/test.yaml diff --git a/tests/ja4-quic/README.md b/tests/ja4-quic/README.md new file mode 100644 index 000000000..fbec43af6 --- /dev/null +++ b/tests/ja4-quic/README.md @@ -0,0 +1,119 @@ +# JA4 QUIC + +This test checks whether the correct JA4 fingerprints are calculated for the +given pcap, according to the [reference implementation](https://github.com/FoxIO-LLC/ja4). + +## PCAP + +Pcap was created on developer machine using a short `tcpdump` session: +``` +tcpdump -w out.pcap -i wlp61s0 'port 443 and udp' +``` + +## Result + +`q13d0310h3_55b375c5d22e_cd85d2d88918` which means + +* `q`: QUIC +* `13`: TLS 1.3 +* `d`: SNI is set +* `03`: 3 cipher suites in Client Hello +* `10`: 10 extensions in Client Hello +* `h3`: ALPN protocol + +and the hashes of the corresponding sorted extension codes. + + +## Reference output: + +``` +$ ../ja4/binaries/linux/ja4 tests/ja4-quic/input.pcap +- stream: 0 + transport: udp + src: 192.168.178.25 + dst: 142.250.181.201 + src_port: 51333 + dst_port: 443 + tls_server_name: www.blogger.com + ja4: q13d0310h3_55b375c5d22e_cd85d2d88918 +- stream: 1 + transport: udp + src: 192.168.178.25 + dst: 142.251.209.129 + src_port: 53371 + dst_port: 443 + tls_server_name: socpuppet.blogspot.com + ja4: q13d0310h3_55b375c5d22e_cd85d2d88918 +- stream: 2 + transport: udp + src: 192.168.178.25 + dst: 142.250.181.206 + src_port: 50440 + dst_port: 443 + tls_server_name: apis.google.com + ja4: q13d0310h3_55b375c5d22e_cd85d2d88918 +- stream: 3 + transport: udp + src: 192.168.178.25 + dst: 142.250.181.201 + src_port: 37252 + dst_port: 443 + tls_server_name: www.blogger.com + ja4: q13d0310h3_55b375c5d22e_cd85d2d88918 +- stream: 4 + transport: udp + src: 192.168.178.25 + dst: 142.250.181.206 + src_port: 57334 + dst_port: 443 + tls_server_name: apis.google.com + ja4: q13d0310h3_55b375c5d22e_cd85d2d88918 +- stream: 5 + transport: udp + src: 192.168.178.25 + dst: 142.250.185.164 + src_port: 38677 + dst_port: 443 + tls_server_name: www.google.com + ja4: q13d0310h3_55b375c5d22e_cd85d2d88918 +- stream: 6 + transport: udp + src: 192.168.178.25 + dst: 142.250.181.195 + src_port: 42849 + dst_port: 443 + tls_server_name: www.gstatic.com + ja4: q13d0310h3_55b375c5d22e_cd85d2d88918 +- stream: 7 + transport: udp + src: 192.168.178.25 + dst: 142.251.209.131 + src_port: 32997 + dst_port: 443 + tls_server_name: fonts.gstatic.com + ja4: q13d0310h3_55b375c5d22e_cd85d2d88918 +- stream: 8 + transport: udp + src: 192.168.178.25 + dst: 142.250.181.193 + src_port: 60461 + dst_port: 443 + tls_server_name: 4.bp.blogspot.com + ja4: q13d0310h3_55b375c5d22e_cd85d2d88918 +- stream: 9 + transport: udp + src: 192.168.178.25 + dst: 142.250.181.193 + src_port: 52446 + dst_port: 443 + tls_server_name: 1.bp.blogspot.com + ja4: q13d0310h3_55b375c5d22e_cd85d2d88918 +- stream: 10 + transport: udp + src: 192.168.178.25 + dst: 142.250.181.193 + src_port: 41171 + dst_port: 443 + tls_server_name: 2.bp.blogspot.com + ja4: q13d0310h3_55b375c5d22e_cd85d2d88918 +``` diff --git a/tests/ja4-quic/input.pcap b/tests/ja4-quic/input.pcap new file mode 100644 index 0000000000000000000000000000000000000000..5c15069ee622545b93cd4870bf50aae4f54a15fc GIT binary patch literal 14412 zcmaLdLy#cK)-B+&ZQHIctIM`++qP}nwr$(CZL{C$d;c46b}}LdImqc3YvswlR?W0=|WX01yTM`MEdb1K>l92JI_r zz>N859v=$^>;$=xY8(CMHXy`S=pQW3_XIZp0HHZJPEJ`Dl~3N$f=>C$Q62$+%SYYy zGC#pud^LQeq7r*hPCMV|RA$mtTb2Vf7(u`&eFErKZI` zsg%u+)#r#sugkhR1etASuPbOn#*An$bo8uy7H6z#H7(I^wj(ZMPYwAP3{ssP)klm)}Unt-gRuI9ea(BHvb zmHEN`dh1vNWc5j$+4DU8RT%=DR^|I+REBl9Fv=KMV_2g)Oqi~{i}oIt+5UW}L@58` ze5cI!h2!zT;S)z}ANsHudD-&JMjL*84}X-k z``EZ?*XaASWG-mu2}vD|>hOsKkL>dlaSYRCIEz|7Q3k*|3UYb+-YxwSjxHEt;)-M2 z!k>7vQVZehp7eE>T4hFZKALH-GLJyh{|LvZj=IU8;N^*1c1THPHQ703Afh(;?eiWt zFQlla?rM!fIA)tq&gJqGo)?CY?wVE?mGI~2g9_pM$z$E#PqkQ*dT1eAd1ca^=Nfie z>||}T?QWc&s2UYX)pQ5^S6kl5?Yi1?$BR8oVO?TFcPs3^4`f@o}-TvyCvm zSa7i;kBwM&W^<&>Ld$&UXCli>)zj=C2DpuWqDvk*-(_M=OsQ^RVbH??H3scUCeIE& z^>shmm1+5sK?8T`*;2<%BeErGih2H})c&*Rpo&YuUm zoa4I(wi30%rKt5w-_}+VK_>}X6h{iKvmg2g*szRcs31lwoYjC%C6!`pl`i{`tI(F? z>pBej2@Z}B4f3|eLQKR1`Y;}R3EDncrWlWr3Q!~`gnb6A8VY3QDKvym6%IZ+v`g*s zl@(;(!<4PNDxirzVE2nh3t{->)q=}Q9MyOYBg-A`?K*DxhGfzZ& zNT?uJRlRR$N+8Dfi;UBJLZ9LrmqMm_x>sHYN(~Ha5}R)*$AoreW&2~I%XEK$gm~WyyX9K4O*DxT>HEu z1OSN#ja#S3X20Oirz9qH4z|#yC#*KUk9$uAqOyW3Fpv8uN%9l|PYOf7g!SMgEl;ic zjy}~%%eP5_s!?1^$gm^>Z@A!7s5^!<4*Sq+bCxpxMp=!e7Un`OqG?q;-}j zLyy5E3@pH9asw_qkeAc-VXAuvkcr5#a5Fm=$^_@@VIYgu>wx;oM4%D8_M9q&%pi%o zY@r^G2iK-kH4I^XpbXi+RTEpV`S@{tudBM6eqSwsMt=GxbRp9i0zxn77rd@7#SGHR zeL3o4i=ZKQz(cXC*_Qe9G=r@(X`28DRi#LI`N0!iD^}s_qk<@5GHnx9J$F#o{;9)k zcsc`y)kGjn>05?F`hMYPPKK`=!Db(m#&o}lI4h|}vP=`zDS$d=!+tb5|M?>c5I+^t za*CJa=bo=4)Wm_C+Og;E`F0p25X_qjqG*BGO1qy9opm3Jsc;;f?>noJgm?y4^CWCm zILQx)z5Mo>N;WQXysCh_s>M~E>rP4(Y6PR@#NP7t+a-wS*U4JV>&9DaRJ`Nswl!YFMJKbtemNMAN4O5t1{QBF4uqbJ|NiQTs|CVuL zMl#4PTBPz@Q=kz`>eDx6J{TjxhF4RU^=I#ryDk5m5=Vn3cN5G8p=d~qY4Tc}Uh4x< zPy`&_e)^PR+2o2vs)wolr^$^PSyJsdGAqNCP-HGg&MYYW0$U-w>#?>^y;s7%+@@b9 zNs6*Qm||Y1$Wmwxth%(}QrUaDe0V%n&Mb}R0&xvfY|gVSu#2MjuZ_>j|7K%1=3g88 zCH^lr&J08RwK0@w>_55jOm@pk=VT)8uZ@>F%B=?PR?!Xmzp9syy0?KM@t;1kzdNTK z}cWbCZQ%TO24%1tOL+_F`DBB%Ke?0(S+U8aaL>Kab-`d!vf+$KaA@<;BXR2>*lgXW{$7HL~cdltq( zYpKLc06ip>d(2dIW3c^*)b276pza6Nu9~(45Wh9fP4Q&x@NV0}Utal1+r!(51w}^O zX(UFa?cSA^&5zMT4-3mYi)XqV9&MLXGR$%uCE4FLs}(WDtBM2U@Uy;a_kDhJ%SZ`b z{$K@r(RMseK(-Gt;zQ`>^1dq6qPtMM?!P?m8G+SXxyjPPx7y+?) z0*=Re?YiS=s8Dxtq+Rt*N>6=X${C>1B|}AZ=<5E+^UzKca89bj{8>-WMwjz>W+H4d0=gc`H!UuF+EvtA$8oVF_PK}1E=gOgr{8Np|13SpgC^uWi3mdKB7z%W|xDHx^M(ebwGS68FfnTWIsa)^OUsL}^Ec6t{_$CAir09odV4d730 z5lr}*Jzd&F1&k%eGraD(G_bLYRD=GXqAtwD?K{oXzyhfA=)E%1_2bojI#_FNS$QQH zi+03ga3V+nTm6)K4G>vZizkOs@2)LmYYh~~gVe3hah0lU6fs;Fz@ROi(e41<3aStO zsW9%1c+z3`k0pXldvG-6>@cL+a;}B1GID!|e#snxOi%laAwIfAw~40>{V|A*BCT7M zFSzzB6Si{>+=s5^&nm8EhfRk=jj}R{a?Hx3V3K#Bnp_#x$hvd3)hC#WaZx6?bjM7P zf>QGP%~Na!3o&8HB4uLvqW;|Y2m57jdO!d|;d2u)x)a9F2)c);r_+5K`W3H1~G2iH-mSqkaqp zBJiiWM?%4bfH$(8Q@Phip0}n@wa*Md*G{mH;cp~=YkVsK^^sMwyhvX{VFYzS=A(|B z<+KbwLId&BK^5P@e{3{<0{)jytxELQMsm^rb?W$_zc#AfO#H{j)wgtx52)(zzc$7P z7tsiP D;L9OR*_X&sP2FF-`guA;x{!rL=d`0Jo}#99(vpx9=V4 ztY1tt3#w>L4ER9JG!D%>D2Ng?aLXjYDRCR=!DIRjZ~s0pzc6eGO8!JB9jG8nh4-`1Z-9M8e>-@s^pEFt|@R z6^TGP29!X?N_m0<hxqJs-_N(19!B88rO(Ym-)#BXz?FGx%<@? z4FHR@D#&szY&i~++%%d&Q;PW&n*1VNqEk%P*n8{qezFYU{50i_URZ(f@y1(w41i){ z>{W967O;X65@%1?tL7x0e9Qp~K^wopX;1?;ah)0Bkc^7C?X+si=zrUeucA#*Lpdt> zqD!V*>(|DLdh;6>-w?cl$3oH(gyE<`f)JnVpRDtKW?)<(sy{OO88WwGFVKA$tP$Ev z-%=|9i5#zhKv^}Tm1c0pR0E?d4SFXR3_6#r^d zp7+Y7E2Y*TJ;m0_NE7eexLJH56redDYsB1%MHT8I==cGfm6Xi{6PpJnU}(m=*zTD5 z=H?boH*tG+5kJx|&z^IDs%XlGa(>d)pYric5cn3Z zP~{`h46TW+g(TJ`_X;PZWlpWg_-_2k37;TWMfY5^lgiDrPmjwrz|Oi73cd4-8W12H~#OIop#@ zS46IFL+X1m=|K7BVPm7WAtuJ9rsSrJF=b2ei%R)Sf-kvG9SQ?z%2`9d-RQwLRv>%O3IzSFiVd$jDX(Bu2?fb@+0(p9lXhf>09R8X-}l3;5U?NBNE~q z1iNEd=a9frS+DUAh5L!F7oIzfQ7+poCZ*fj5=EUQ7k_&t@*2$V^Vyx@tDZ8^LXDN>?Da7f}S zSnsMM&lc&0gli>(C>4_F=D`dkNQ1c77%TbOec~8R?#Z!c^}J^~D}{Qt*ihj>a=tuN zY|*O!I4RQ#&NI8;*YZvBEM^795z|>LfP>#u>eu&J6y^(j;OWA;-oAv`<1&)BT%_j% z0LqC48m_S<-tuo3(9&=XTKC-2y^%U?xl#LQwD%eTe%@dX{bOU#I^e(92 z&0s0&aUd5VnrO-A9ugmvDK=2>+AcfxRq!0$oW`!yE?)kyYbd#2Asuso!Rw4JFF9hZ4J5_i}D*Iq&N(j7R zhlMc+dp$6=IM8Af@JEHOCs-bs>y}~m_EWzZlNd}$hcq72c`oJ2Gq|kda+Py3Zav`b zSdtl)qkwg{)Qau*w(l_=|K>yaq?OGR*SyB?vwdS1v3^*O_`H5JD{e$H<~>Pbp787w z<}$2g4C_Wqx_MF!QXYc?L`fl`rB-T^(s0}09v#Ez zR?A19g-PY}zgYaOsMyX3>J|{1SZcT6mX0*q=S1QX%z*_^xwjfE+W8WuHuuWL9z&^6A(nbRW@w`Ky12|vxR^ho9)wi5$g`8gz{~#u`>ItVE?O@#uImeFWw^0 zkKENtT5D2Jf5iD5>_@HbcO<@pB0dda{@k_S?zzp`(hT=?$|8$eZoOA72rMJAibi`l zG*t_QGxq~UW288RaOI&g? zT(F#}oZ`*gFGol+u1R!nfeA@chDAk&c&BeK(V^xqZi^|1Q`N55m%}ZY4x0$nB}qtF z!&vAGFNEhDcF~R_Q<1aXq;`UCkJAe3im+OJ>o-d zS!(Q0{%RhM7O^G^Qs89WTZY2>&vt3<05rXbRpv+5+(SXx(O-mkr-Afr01RO1lryoe zAg&=@Aaa@kYQq)$1e3NYr?Ako@DGCzZuLYO;jHwgPA$`jpKoVI2U**l?K;c7QBC#- zYQ_Fyy`;h^X-PX1p}DfaT+24z_X9iB?u`+he{mCd>aGE$0ce6rDZo<3%}Zu z0nNNSvA=fwYvThv_`ldl#rxMrIobc(*j|*1`qxH9um9%8wAg`Os}wP`zc%)xd-n+< zF2E4ofbu}-u)L0Ji=tRYw!^Yj>=bo}Gj#A+!ao(?NqIJNNmU@4Fo~tnP6hAv3Ptpy zFt-_>Yo9uNcSFOQI7PzK&p+YO;j2+A;b2QLX$T^`)y(eSO%DDVunYgg+`P6?OkHKo zp5&A3a8pVSi_lfsJK~%AdldbQowMXA&3OD+rlb81TzLG-Jv?(tZJPxUvQAmN9j`yc z2~YJPICx`N8Dr2-6d%XB&Oe9c!i_ORf%~QxoxDR1^-nzd;_nUu(igRW&?^7z6HzY8 zSb;pRqlKC<-qP9_RJXE*4@i8nia$7{*$jo}WwbewRi!xLxE?#D0bDSsUVHB!QJl=q#K(?fnUi4J4L?@ zSq)0)5RoyHSCPI8T)1Y%Sd11gguIx+c~6S>B)#{q8q74r6o`J&_wXJ{6#!ybwDn&N zeWx{4ze&LIj9*=>zT`ALAST;)PFW}$BM_xlJk_K*kJQiet(5XzamF8K3e?hfDO=cM z5d^aP(`oJRCN1@-$yc2{zEKC{XfnKlYQnn=^NnRG#g{IhrpJJ>gE}p&d8f+@#5ldH zSViu%p^^iIX24VyruBfYb1C#1*J7=)G9Pf(#Kb_;EWn0R6LPGe2{Pad+Qm9?KLlf4 z)tEJ@KzLjJ9ObVHD$MiL|1-^F`*P9lKXxA6s>asp|D%-CvU7d*s^biRa2Y*rI&v?e z8@XE;gAx>ni#8nDp+FZIwC^cce?maUvWrF)l|Ky`0*YKvTM0M zUa1)7@UW2&qJ3AJic0j#-lTEcAtWoqrL_G6Fbg}8HI~bbc!Bl|*Bc&{Hnc=XjG50& zZmmQD1vQwecGU)lv@_MPD4BV$C_9g#dM+?vY0unStP_Ct4rP@Qro|HsRU`F{T`%nV znpeOo#Ml18d~n11Z9>~9*I)Db+T$3oP2dh5KyT0!*Y_;qX9&vdofQ+Aq>P4%AKsL4#E_?!MMk$wbhzpYudg47}ho(RhuMtD8(#>y|rHiSpL zwA<@-1Z-V9)0aO7(PxhC3o{5+V&PTQP>0rP0dAkz>gPFfPE%}LfesvrL8v!{4#C4a zN6N+rIC~pLe`G2UeW+y8rKp$FyE{$1OB3KaoUirn{@Qq>0r@XBE?xe$u{`kqa^qmB z{$CqiVy6F-8{3%Jv6OvbtpD1WEF?tWWWJ1XUY%Jbdb?b(72&OsP(MQS;mtddmkJ$P zATbfXgp@k(zqUVVr`T1uypsJ}loB|jbaGG5de?xpm>UQ0kc*RpX2;&WV%l^D{3VN4 zEtqkEY2vDj-Q#_$J3sT`ivtkYc{zaO)6KXo=|+Pxj9?1=$U*J#MhyKiKIY7LEDDsk z?odcHn?4w>9WPU!= z34x)Bhy<^et(Zk#qg>FKX8Gx z60aKwA~{4-@wb3NMtlpP8ebrO;RAowhxbO7J)t#@wd@6!+#Xtv))v=d@~G z1wh^`A%4i~k}nnXdYFydG)Z_2F3eFJ?7A=ZLw3mbB3W1~g$e*JR@clrqcDVS-uoC? zYo&P+O=mU#$!wj7J;xk~ZW)(>E?(f-fiKT;Aiw6=BymOWw9BaR>n<;bxt%ZwI_T0> ziabB}g5OB|#%Ziw;LUj6J9j)9<3AYg)kR34IT=F5)J!QC#GkqIn3CPLY8!jiBe{Fl4rYxrf z`iY`!3p{UW`gFJg>{$G6!nvR*P*-I?fLA%I7pKGtNayNdipCUoT&L%7bfrkC@@*TB ze;;A<#_Px#23Bo(Nsu=^loVPJM$!}t7g$YxJ*O0VzO6iA>-D0@)dpnr+Z;iyX=|G5 zOhJ5!c(IIS)}|m*nzA8Mb&M&GADwhxB%cS)y(*)UoS%<&SWAba${hoD|0sZ^Gk-qP z7O-u370chm;C*8l13a@iuU51xTRQY5Ee7I#rCfd4+E5GMN~1xzMcyg*Vi5>_!A-37 z2zlmp;U60|$EC3hCMHkl|-J4IE=03F9j$!j0 z097w(j9CHJZ(V1j*VVIguPheE#N}%u=m>M@X3laalWBP7A_g_+OnDu$slN(ax57*I zp!Uk<8ve&dBA{3*t075DSGr<)-GvW-v9kSRmjS=AdsKb1E3~ z4VXiHEIsZrQ&4W*e8R~Y*8+;UIXOCP+xjNg@$51&j?fr9%GkET?P}^cu}|ThCPnX_ z)J7&~vflQe}YAzlSH0tjHd?;hFq5cWP;K(KzVl+EiH5UnzzO1*{FN<%+XqC=0;AiVJ4^TTR zZ)~nsRkYxFe_07qf_=T|5WV`WuOE#AUq`;z!N)rpqnXXOiXX2EcOWXv&iD2n%oFAS zQ;>t@A!2~Nb!hQAo(%x0A&MSE`1#9wKG=|vgg_upVN3wPy>Ln{rZAwwAc5Hy6k&dG z@S%Tk-n;{NkAoHCF^6Rnp}KOdtU4F{*qgp(KH15(w5_ItC7{O{lE02;WeT(Mru%ZE zv;?m$`wvMd&vmRKt&|-Kr148<@zHXPno<_uF=nWV!}VhuRNNZE4B)=Vt5PkK*T9ta zFnxNH^%Rw8?6rc&Me9Ixc`eU;kxC*C=spnP@3M_9)ijl)yhA$8lfuqY22y%G+T5m) zcB@{^jHV&!GO$rCf7|4hNOh|+VK1#AhCU=lNWVgZIghOyF}UGXE8_3U+B*aHH<`h0 zTZbq1a0O*0Tra})SghMMInjfEIuJ)C1Y?7*xiLc@PslhYTl*OV9MRtt0E)sa=$%8S zKRst7Zdk?=j?Hsf(N?8@9Lz5bECMq<&!hVxob0rY?cG0~TJHc1+ngegd9tU*c~HvP zf3Ida(UJ1_h&xzwBH|$T_D~eys+M(|`FpH*k>vtP<*$wNsMEAIh+wEx*)~kz8g}@F zf2C^)Nua-u2xP1r$2AsWK4Eg>%ro*{efB>S5I-GyBF%b+_IAbtns9%^ueF@=xOcV@ zZn|s`0JBD5{Apvi+!O$;Tgb>BkCqGCQVTQ)A_1ngVnj+S^5=g8%;7>DYo` zCmBo`1A)c8TqVvOPDFPU>ZBAyu1K#DIiIBO(w0QuCz0<6OsaKx03p+i*e~VyiamJ^ zD7Vx~>Yq-%uNHktWkVA&JnaGMw?-5#8$e3XB;P%Cj?&w(#{FfBkxd9&WJs*pLkY!D zVcsP#;N2liZd{6&mS0be)jkWNh|YShH?h6eENG-c&1e;4fZqvQsN$P9!=wssxgQ99 zMtI z;KckHc^=UkRoYx;S}OukQyg|RnHPhxhM;_T&4#MF)!RB} za?Q0`l;oO;K&N}XRxrMtzQ?(lgpxR;xR8f--9(>$7IYmpODw+guU(trXAouSv1yW7 zieq?p#&Dbrw?{R`R`!WvNgMq%+yFwBYx|Vu7|8Ufxe<0F6;M<sdwWgh&F)h_B9a z%*Vb~?Y9x9a~xWb~f3yQV$I~tWf^t^yfr(3G+*plkIu}=SRBOXL|5Gp$hDQ7<` zHz5eVQXI%7{W61^!*^=REl<*4UN__B3B!rf=Qo7*=g()Q&R$fm16%{=D?*5EIZJ5v zk4jDnu!sgb9k1~tGgcJMg^}uhye5_o;K@obn_vljTtQq>ocR^cHuv;%BWOl_CqsFS z(pf0~RCVKD#SnZ|WC)1huOw|y&HZeYZpJmLeEjA?p@HpNPmiF}nsLSg1lZPG+^TVA z={|{7DD4w9LID290>8=E8RSWWG3FcK$r6bd%L1QmAg2C zQm>}dvA2Fhs)7Lbr!3E-l2wL5Rq?w?T0HjAFmJFRR2gvx$XGrW0#tP98s_N$pjqyv zZP~ruFS90yMTF2N(OeWG^*f+HUb)`(LgAaHXLOj_8HVSpQKB7U9;+|$+U~j}DUs9# z+QsCC0WeF#&_cb@W<3Cto`VJXuQo0L zwOA$cSuzeH|S$=(;F^Wk>^gfi{mTojagl9I(M&OADIXD{*Ac1ADiQ-ZOJ@v>jp4F@GT@C)$SGdx;Qukf4EE}`_h6nV-?Y20gvJr4u=76C5 zjSP{zjiR_n+P^!^ev&!AaE%LUdS6TIdXidhhe{y4n(=n;ZnkA>4a-i%kBe?m2)5|G zhUHtfGNrNe?VaqdB?&w3LG?nQCB$)g-fE|vz)>`M9XkyBWp|h4jlsC%!&b!}D>w$Eub@`m)OfIE-5> zcRK8UHKx*TU&!%kRBv#vh(f!N>gjmiE;{->G8)<3{_~R%JR?nL9gP5h?bdE3`xq!T zzytx^Iiai`DaeC*QYqp>v_MKr1IHjO@zakxeOn$zN@Ickkg7a(!M@JXTva%vC zrZ8p7swkMk&z)nZ;?ykLF+~2U<}m>}lCN z1w8b$o~Fb+nT=eP?6}ZZou@a$_4oYBSkr@kRqF8pKMtQ(hoshyd{@&CP{^rQ7A}4m zBgq3Y0s79`@Pi43avxQ1nb1fH9>&pSwkLSAEuJ;?TiCwf&>~n5*q%oSA7)#H7atx` zzO`3L>h=XMi|Xj-Df;|CcRv+-qA!aUzdxq^y1O1?(a{TDE_^h%U**Y*8_}&lNyp zaNj{TryboEehaGP&ux&)}F^BV4??KU41?n8CB+>U)sd$a<6WSe}<%46bUVVt@Gwnz^O1Q01`IjdDr4v~D z{91r?PE(M5kFlQR2>txulSSYzoAa`rMGp@;3;hi0d4?tmoNGu(xRQx`A z^D88a6Auc>s4hq4*Nw~I<5Qssyqe1|q_ux-%$oW)8;j`v+PER`KO6HF|Jq3UI{6

etX5!M%$8!uqfAGEtlEe6*SQGh)%O-byW}5r+bc@A|)vboVU0J z$T~4@1P=CumW;}a*7%h4BElDbw|`(2iDV<;Gx4J{BF~l4f%WBfbU)-yv_4R?-iX#y zNt$YIG-}h_LuH{>;Y`IgpT`2}a3Lu_ztFu~stU@z3cNI6izBYrZY&Q>ASa5Z={zW@nr*bHI`svw zGD9U}WY1v{B~$xKZH|8U8c=bfY@qT8u(zk?Nw+-dd0Jd@92D4xpC!@RA=K6t_v`fxZ!}o`g6Ot>3_hE5$0n9>6JTi z38~ihBG`$Pwm$%E+ZP#5U55m3j3CYmW+?5`P`+@Q#0Zk8CT#ZG#*ghWQRK!bEXZjk z&D1JabDmJDXLtbz(mudBDkNyfg#{ zxax{iqmH&an5jauBT~F7c>=r=rs>#@3Gc1mIlL?ynlpe?RXN8}Pk73nhxY9q)e9-V z_VeKP)JJArb#T3t=ezd~X7MZK3}Xe=qffhM*%s=dZXhGk%D6FxTLZK^&Cp}57mOfN zfchO{IZm4@w5QibKbJZ#TW-(WB;Bpv+i-8z#+C%lk2?VpUR*h%WY9R{18Z#s>{b>_KpNTS{sY zqnHbRn{kMHTe&6$h1}Et_*-BE3H>&wPfSxvc^hZs;!KwP+TB+x?5vx$w@&G_(48N< z&h8+D$}eLW{LBC*ZGmR^dfsIx8z4K@Ge>M~p!sp_s(k5fnCVb+y8ho12C9!TwggR9 z5+Q=Hq;sbPQQ;?6^Xw?P4f>)oV-Xo`BVPH;Db3YJPJwK;^Y@ooeZXSBU+~u+x%}PS zm56v>RQxih@;+t6MjbD17{z3qi5Sn4_){!MOjSo6!zq)rc+>wY&z4rB-88t02D{7`Vz}d z!+n~Hw;oYT;e&kcc5{qAXzHD?+rpL3bs|Izxy$BxyDFW?xf0bo?&lHZEyGYO^w4+I zCbVLwOzQ+%QP_pOr`mES*XhD~Q&VQP=~}}|)#^~?G(~0Mv*KK~0M%x24#DigKU`%Y zUq{27rO(kYIJlB1n$%)20wL5YzbKj^)|&98wE!R#*Wg9M4&xI>*Lv$`28d%3bK43I z`Pk*cKIF3SojZi20_fl5M{CVwPbaG0U8hB&=V8)@Cj2ljH{5>9kr#V;-DeNM{XdT_ Bt}g%p literal 0 HcmV?d00001 diff --git a/tests/ja4-quic/suricata.yaml b/tests/ja4-quic/suricata.yaml new file mode 100644 index 000000000..e57b3ba41 --- /dev/null +++ b/tests/ja4-quic/suricata.yaml @@ -0,0 +1,29 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + filetype: regular #regular|syslog|unix_dgram|unix_stream|redis + filename: eve.json + types: + - alert: + payload: no + payload-buffer-size: 4kb + payload-printable: no + packet: no + metadata: no + - tls: + extended: yes + - quic + +app-layer: + protocols: + tls: + enabled: yes + detection-ports: + dp: 443 + ja4-fingerprints: yes + quic: + enabled: yes + diff --git a/tests/ja4-quic/test.yaml b/tests/ja4-quic/test.yaml new file mode 100644 index 000000000..eadec91d9 --- /dev/null +++ b/tests/ja4-quic/test.yaml @@ -0,0 +1,14 @@ +requires: + min-version: 7.0.0 + files: + - rust/src/quic/ja4.rs + +args: + - -k none + +checks: + - filter: + count: 11 + match: + event_type: quic + quic.ja4: q13d0310h3_55b375c5d22e_cd85d2d88918 diff --git a/tests/ja4-rules-disabled/input.pcap b/tests/ja4-rules-disabled/input.pcap new file mode 100644 index 0000000000000000000000000000000000000000..464a1f838ff0acf5a2ef2919fff6ef0e0bf006f4 GIT binary patch literal 39990 zcmeEu1yEeu)@I`t+}+*X9fAb6;O_43ZXvk41a|_#-66ppf(C-S%QW}Bd*{FJzE^Xn zDm7J8^_p4~ed=_7`&(!2^{sW-`^@y#<$(gg0ss324gdkZ*)g**g6jqW7y|!(H2@fW zn1=l+R_dPTMd+$NEF1tp2Ps4Z0{`W=(_ha306-`pB>(`Vf4nirfTs8k3(}e^?rQyd zqz3fmC7KQZ00oE01pxzt1Ob7D4WH))9svNrLH~hxeFOr~1-^f^e_;Is7l;TI8wsF- zvz~L8#-eks!cA+V;6tQZ-@%upwO`V(-}*zh(L7sSAML=AOJNW(yRR& zenfwppA8Vv#2*P7DVhlAgn#hjdPRFhAwB^CXaV`X+FwyX$^S1=u%MA*$p4Ij0R{pJ zyb2(XU|=OJPUr+_lerGn3{XG3qqxqb&=y>L)K1S9G&NZrZ-j}uVm{NjKb7B2ThR`L z=S_i14^L-8J%3;fh<(P(1!XY?5Vf?Rf}nz;f_2e$F?P{)F^!dum2{zYp#d@hSpY@= zI}j)V7WUO;04x9o0Dx*_ZRcWaYHi?XLhs;WVZ>l$X9K_l0A7G60syeUAL#vk06y># z761+a3Oq&%{3sFt0q_RYoCVt4+1Z|vnSmJq0f2Z7JOBV5fC4}Q2ZII&2Y~>ChJXNp zhJ*wG9s>Ya0ki;W;Fkf z=z(Y;z>h#d^6-FxgMk5X0brm2P%#T278npaGV=AC&;fnF!Tx{#>owG-#XT@(sF|Ft%F8o%su^2u+Dcyyey^5f#}z{?dMU z?xJ;$_qD0Q){Izaa-r82oeOD$Q$)IsvWZRXTdZ_*=o1DbmIP0W&MdpC>s*yH9QHL( z@RPG?Qg>dBNprBv?EPzN18=sH`-9T2-6GYf5ShXl47--CXJqqIH6vy>W|>umQ3o~i z#XlsGE2SUTaL8}$w0&~w%ayJGS@3w&j_t@>s$(^(TzHR!tlq z?=v%^SCj`bZxo`iyf8>qKFyp+4imdFfoz+Y+gf1uPp~*Z)Y3oEbfKrM?N(}wRW4Ql z6m+dwU|aboeCMp9)V+f4m2m^kR^*(8>aJ<?uJ<|`Oz7Kt2LG6${FrJK`07v|2TP}ZkQgI zjCUSeh>?H7+m~yajrLi=li&ySwMv^-VXM>U4ito+-=$e!7IPzEjA!LdP)2C|^jVHY zuN=H!P(fy?7(|grl>~ooRK{Z+*QpgFDtPM~uUvX$)TXbVe0-m&O7iaTmKL`@ozPv8 zJ0_|<$Yh{205L}YQ5=D{t0-yWMc0$cR@8z-zbtc+0vN})}il*i5v1)DE7 ztYm#W{F1;1mzrkC+SjX=S>br1YRC!cQ5zv23?ae${js~rp(=h^(|5#;seoS`4RdME!-y9TN*r* z7vb4RM)21Br+Z;pS{T^8bGEzq1Q!mAwIs#01oV?5hD#ni!Q$ujE5YSswyn3yN-7~~ z;D}jMLud91bu7y{(iEC84z%L23WE%T4#br^ygFoq2Pdv!^?crPPue^D?fD6n^8H5> z>Sjif3_e#WlvhR7RkCgMv`%Ij>y#^Tn=p}^n97^h;>xoN%$ceSPZ37vb0Yk)lP~Zg z$)k~q+-5X`p)`}76RBffDXu37MOtlJaRCPPq77gGa8sPp;Dzq@kLS52XDf`m`#;z3 zvg|C3US?SW-;vqN?S}uvlRA{QWEtATI%rp(Jl5n5`DjFEm^%{MYMY#AM!j?iiv|}i zCC~2G)=(9$g%sjq5o-bUnyKFcGxe`1aNHfcY?w>^k)R&_M}eab)P(z26ysMEFkl%4 zw7=>B*xyzi=F;C(2MYjAt@LL-ki@{xkrxDo8_8nBkbx|Lzvvy28^TLg!Z{|HVcgzi zSvpk}iqhTNe)?W~@WG8;tlYr?;Y^E1)k_dJOWB!|)c)oy%1Z3+WEXym-2)l%=ex`k z6;9W6iqw%+at_V%a=0eOvJ2Ay6>dm^;39D?g^_H20Xe*s#l`Q4M$cnEb1R{WK5cAH zdPxr<>eQ{pt2|6NPWCkWIWC4}`rh2qo8bK@!9y0T0h5}*0KsLatJEjV8u2OSCkYd(->Kg zs(caO+osbYqHSu0lB&Cm>UiPF#m(^fyvtIlB5#>56L|}S+nF{xW^mrwoyX~CYYbQ#y^G3B?bw@fGx~lrq@<}eqo=Z+Av8IU zCV=d_y$k~qedbhpmMtY>gq+i$EB$k~I#i4v zypEc2BA>-jWXLK3#fU|9Lxrt#1raCr*y00HtkF3j%{rp2o6PW1{@6eNg`U`C3zrMpiQV_8$5uaW4d9e z^9a4gBAzaw#BC;XMk(J!_JydsglwKbZ$ZP5t@oaRr*m*$XeCN`v(490qslF)9@sfk zoK;3;wx2z7Ce?v%D4h+vDiLHOVrLIYM4GO?5-1Wlj+vDTxGdD=yfe=?zUTAs^BhI8 z`S2iAx8p8;0Yb$3I?I}V;ap~Woy(X1ZZ5|=f&zdg-*5KUW(A=Ccbk>hi~&T!f(AtE z|Iw^yzGjR+iYownK#aWmyYU?F!QyHHh`g?B=t^2;D^I3WroKdzs+f{Okrd~1Yvuc< zqEOXF&CEeq{nlaIDrDb07v<1|7Mhde|wa5e~dEl&!Yque*hgMyb)Ha7pVp# z&OJZb6#d1QtyHvJ2@aYIVaY*{7yt1AGMA~RRUI?01%I!7C7ranCe$comNH{%&9A2B{0-Mr=Dbmv z4gR={DD@saj(vefFYpq+Xv9UCo=r4vQ??T2FR1|=%`UT>!FQcPJ`NV$%60D3pXUke z5e<`#1nQHWPuD{#Yu>ocpv-9siK0h-tH!*Oia(ePR-*ucH#dBi71nrbfA8hGj%vx# zWO+^yRvh5y>VdOq2bJ3ELsinfk8by<6qHfV*o6|Nz8RmO&iJ6;Xl)>XtKofarqTv@ z4u0lFH*Kl8701SgT(0R0R^7<#O;sKdxD*Mn);-e6FhA z_##-wdAy7l(IKij^_Hmfn7OSfm9I~r9L(B%#ao;hk5k#i(BbuRH+$p$OADgdLnGUD zNpZyn-|*DoDKR;tJ8|$e;yt$a^Rw^XTTZr#5Z1*o>G^K2X0XCESCKZ+zt~Rklx?5( zF6^~PQg5B^_y0gF#CDH3Y<5n9UE6yQ9>B^*(&v{Cr?rHte?qwnY8!^pS6omm$fE_SE zU+u3bpxl4A-TNmBP~Lq-ewX)5*v}M(iKWNnL&aCH` zygwtP*D3>JtgCq}Hrl$|v3+XO;2dCg@pUn3%0d>&6J4c{|JIgrk+X2fwL1k2%25xx zw$>qyhr>qF!24L~s_7pjmohw@dWrGUN1BH!dsus*yDOci=U>cw3rzn`l$dfmRk<^?mErvw0tSX|xnIN28W?`RqK5T6 z>ayYJ0qWk(|Ij@<{^?BQSCnlaiVH9azuI3jF+lL|X5xRMyy~9dADQ?!lvkJF@M}D- zz`ClmmE%mnS{e)9ywog1KW_IJD5AX%0{r^d+*sl0`F%e3PX95}2>vQYO7CJIde4!AW$>1zJ$Aiv3R_wUsF9{o1Y14ZCfrj%7_zlS@=4LKSyZusOXgpd1 zI!79k?D&q0Bq!6nFIl$73D=15fR9n)yK#h6+@A&?p2pU!V=jtfaV&h#^%LS&omt*+ zLv;&y??m|Jy!()Xtm>z1S3%r5QQDMa+WMo$M%5i_Q|PRY3|B$IG-i9k=wt1*S)CW- z&loQh;bBY2P-VF$d~aivWL&^^J0dl$l|)Kbp(+OP zVUkxbw~`Bbf?@lUaZ)j#N|S1seq0(A`SR56!pSzL&!NB*!+yfS{WL9^h-J&6p5n?# zC6@?Ai~1t>(5$^6#X7SblV8^$hGEQyh!H#bM$jjf=jwo z(BZ0QbgaU`g!DJV2Ck}IMt@vm-POwmhz&;!th*k1*U zGbwhb!Pfg-bh=Hlh%!>w+ti!i>krZ=Thh(VFXCq}_7 zqzis#tji)h;!U%q9L>`|vL(@3d3IL|9aLhS8sikEf`hf5zv~N?^Refk&AdEz!3#cX zlU$80A}Ue_H)OGH`}rZZK3S(puwQuUmbX+MENsdTqEM#yd#W44ODA>oH*Blqz1oTL zn9ZdF2Wt`J4{K;7;S;S6!bc}xlz-a7(r-T6RW`tTkI+`{b9YUa^ueCnHneNYom92= zz@(hwHEMkitt@m#ve;5dwUnf^&B%!yr4PT-k7lyFJhGZ-z}TtGgBO|Esly3N$KEdd zsRc&NM6Qtqu@x}M5lwA0xDqsJ;0Jn(h=cYGM8(Ib!|%tC6a||Wb5-%6NWMW-qH>X;_KmR=~=IJS&T|%tC_LiP2)r zC)2-^Izjk8fSE$Ihu$TVyfD)-dr=sLXrfS^amf|Tr?op)wor4C?{_XQtZfTsG|w2c zkPU3QPkuzXrd?m5KPi5tjlG#{4TWq;c!^;h9*g8SQ_PUb+fBlY1J(8<1m3$Hja zLVu@jz5K>UHscF~n***@YnscIcR~JvWFJq?h;DUz0Ul=lCJD0u-ziQpB*1c(v<)T3AXYvl!a_jfBVKFHtn09bit@cvm3kab)O z(($3{?kQZ^%nHff26yzci-$kgr{Ib=DDL+tyF-C!5#POk;(l}dI-rtYNt+o+`{m!! z*1!2RGRVjLy9{cd{FydTiyaWn60k19zg+s(6x`&WnhI=@m%?*>oRp&CKTBPc2L zA_N#+fg!x~4-XOL_n zO{v%)+E2IZSi?~CUNZbk_ycVihk3E_qql$-Heu*XM!w+U=lVcY{QOHnvfTncnYXQ! z82hAS^+dI2BI3adcYKFGHndH^CRhlszQe(%^JjW%A5mx)_kvcQb2)dA{E*=!ZR!rK zc1S#u^Ha_jC;wu zk`jALt!cF~kGe`g)4%RR_P$Rg#JF@J$z!+hhI|oNPnv>nMT%kz)l(yQ8Ga}R>lBPg zeTIP=_r;(~->uV=B$vI4x8v?mglv_QOktjqM?)SAu`YernFyEVV7g@KC!X#OpEofE zU=p|`+_&MLk_^}!Eos;8UgpA`Pg*9 zCKYPhOgc-ZrK+lV!*r-L3nXC2;T$q0ISJXgMva5;NEj=PJM+o(F!krlUYdRK@n|4h#$qt_b$O@@zmL3|d;93t@|`ibNu zWn69{+M3`SL1fdY*-|43o!GbeLa??h9tk^6|CS5^0xDAQ{Q30Lw-u~i(G8BzR5v3L z<6~;%Hpm#N9&(M%QfH(6C!0OaTxa=k>u&aHSxptlDnGXHhsp%5Flc||^6)3->lI)M z70u@DpZ4NxtG^Ia&u%TCWvdOqWKrTDiYgX2Bs?$KJ{f`PlnCUz{aG+-w;F=5_zmPBItYd4^hnli zbsw~oiz;vK=&X6MHa=?mIn;bGtX;MuD(ue)py^TirLZXz?_*FCK@iZ;t5U*q;XrNj zI=HK_@8RVK=eyjYpF1GG$Y>6KB(J+UlvT3t1D$W&B@5BpTiX>UyI-EkDGtAffd-$) z|N1g%fN#nnug!n~sPGnYS}EW-x8bBtZ!DT6Q^t2KmkozKEfPV<7hpA%va2}~5(N$3 z?V0Upq<$HJ27Q0Y8lRpa>7%G04H{8n#*Urr8iN7r-ZsP&9rQJwAQvRB{9BHX5S=mU zH(yuicyoV7DUJblv3swI3Sm=1Pt0_k5>?Lw9m!FCb7#9xYl-goNwdpe6-c_zHbHSc zls~eQ8!Kr%F9?ku;%0x7FL~92aA2nXRWc~-@}Fd|28i-2WKh`UcNx?P{j(nM;_Q|1 zrd<2iT0@X*?3vnxoVCk6KTJjw$j&uUi0Cf*65z=sY?i-d!zI7ce)*NObN`bJR^R>_ z85GX_T?Sb~{!IHf8Kf`2{zRv*=}xCh><3D^*;;pBY3TQ{%pwiOuiZ4e+wS7@g4SOx zN<%@WdVvXp<}zXfGG(K*I@;I?y4Qjs`|18XsL2zn-c}{o^NWj{nQvZ`a%=KH-nw>N zajeM?wr%Z&=i<%L9>RbL4uTIxB)iKVtW3p>x13>fGHhLMIX9e^F1~36VHFjJGg22; zUBY2%UTaYfQ}y3p=x>FjAB3-$5xT&I*q(p+4v!e>V$CCIE?m_}2#)fBC)t%bk;75Q z9s7u4=O<&?cKLQmk#&im-#3*{7X}t}Qo4FUn*%G5olYf^A9df$_Wq<$C+HhhbU1w< z+W{&rFA3#D>Z;6fCCx&QnpXzF%2suksVlk-l8SOQIvYs`;UKJEsAmxvxeKmwEa)r5 z4I?UWX^C3YL_N_E4Q^h8<0#sDiL`;OY6Q!!{nCHfjTt0mC1jm?>GqkRc5Wm`gkx_( zIlZ`{=r9Bxfp&_%9A}^xWqhi{zn*`7sveUL!7j}Hcz)5o@M^fEIwiFJXeRiY^#DKZ zvNIyvOlKc{rPWibV$${J&AYvfd(#Mm^>G@L8+#gD;%1D@=CTUfshqwLJ`LY<*RwRa zF7p}iTG8nsgn>cy?^n*gU4|6kM_9s8g`WL_;)Ta`Y{bjPr4<7`a2eN}*#jt=t&FTd;!M`X5i%Df}s-n<%eofPkpM1AUo@M79653|=dkbM*N4Vgw=!ZJTTY(~TVFca z*pSG|V&AR{6Q9nHCw`ec{SmMw2oNlv8OZg(IT#G?y3Dj7uu ziwiFb)Ww+e%5+Z!HJ0PlcNmw*b~|St(P@DH8u-<4{f`|U)jKxwS$Jz0lFW$td0Ba6 zGutr{T`UU$SE{OSv%IJ`)qP+C2ScSd$W;`mGVL!9{(IjEJ4WK(k9@@~`@(gVZLW$0 zQg^1So6Eg?xA+y;NR6$I-3@P*nWu2KB*jG-cQo&_1S#{B7xv?iVJGdJbhf>F_7O%V zaq7<)>u>Q(Cnw(>vh&W9_E>|(Ia`+DoTK*&f)fk4OFqz%^A z4i8`4956}e&C^8Vm(JecHqZOhJ8Lu>jKe6wL1kT*7Vn;zQ1eAXJ{NFUHo>=|LbD@c zhu;0*uqbdHPaf7~PDl@&%-mO88+;^dhga8!@l<4dhlvr}#Zco_+4;3J;;1(HXx7#! zl@A2*P!V<4gCOv#SQC#y%F3M)|BEKRx8o?5A2I~p$> zX;V}RV><2M^c(^DUc~;8uRo~#d;U4bvQO&OJ0eZff_9BvU+_1&?b+rzheWJoP*4f5 z$ww_=3^@%CpCmb}1()yRPbLjyn+=tcZT9MP56I~ow^}ENXctAaKx$2LpZ()%nMObR zX`5%)!oA(gbWsSH>Jfw6ZmHSlP^GozjJbenn(BF|o5%s*7#p7IrmYX|;(XU*Pxx%> zpMx#5Pn4qD2lMH-f3x=kGxe{M!MEH0Nd}?sKmmCmfZyz|-5`k7-|Yt9ZvQTW`!|2q zgG7eQ{6q>$)Y{@ZF->ue7Z}x|%8JRTpX!B=?zL*(nzpR4g3bjy=!gqJK7zVn_GVgjkT)B#+U14e2Lh5`H6aZ)UWdSh6U^gSz9499Sv|9A|4}J%hLq~ zvR9L1Ki^MRwpE@ktR(qXp$b|RCzx784|DjxF^n4n44Q6h5L<-J?u}Xc3%>zz4A%s8 zOsBm8Kap&$7t@#s0~dg;D)paZd@U1rffwvog@q&|Ff8u>UAL@v|7*$wNygvHgrTKB zhsAGY!jE1q4DAC^$V9}o0*ZD<$a=zXD6)E_~*9W>bhitprZl$=kjO@Zai&tu2xh1b3Ai4HAvi8_JDt(-xYy zM+TsroAsgQyHL>B&1Qh!9epG|*$-bZVRYWRHL%Vfp z5bklUKzKy4`2kzh-oOwnpAD9bIy+l+5>$;}xAXanT1impbmdCCj8eBp7yd(VMi!!qyZXvB@Ng6k`;m#mLh zdGel~CanTKawc;x`vsonS>A18z1bbSrW_V3KR$PV<^SM^md%z4%N<~U;GeSND8W}` z+F*0~gdkKAdn45`vGc)bYFSr`sr9RJ?>i*of-u>HzyZ@b0URIDs`v!TCGbU>X+I8l z-(g~2T?+bJ0UlXTGaE-|Q*~t_c|TLBV0Q+EajjDakzhCfEL%L2G?vrHq42% zAt*l&06*nsk3o7{VKkxH1)W) zsc)>ec+{qHmJBd`S*sCQq9Vk?Y`mzc;9y;l>@ETIp3v`EQBMxjNplr@+lM4Fzf0v) z;+m0jkjYqz=tDmsj|6=g)_YhuF@HVePsktTogqb;AXS*xGXJc`_Z267!;77cR)ikg zhCzDxE`s*L&k$GZOY7HnO4n3*>=>;0$R8x%jF534Jo*BXZ9+sNYwR~qT=;VIvvwRz zCvRiI$&*|XB?^SVU?n>Q;|z)zA7Yb|ZNO||dF$qoMQ2O*P~I%Gm83vWZXK(peh+Y! z0!614AnC8CuU;)36q=>Eqb^2a9UelTBZY;LrH!|6_jQpC9}wZYip4aZ)x?wHH>l5i z@s6scwj<0GOMN$h3i*D}^0eLRke_=hIz;<4P;q(%(-bPF>+s6iTbzB)?GmzeX-1;j zznIDkrI`Jk?u^1Fn(2k%YVU(#ZtLQ3fS{%};dRt32^OWwa1&s6*!){^sO?#v92Y7u z45V}Ct_Sz`#fNIW;=X5$r1*MLm~)^|$R|du=Cq$Xtq+H0eV(5~L%LbdDhjD_G1uU7 zTW!_Gj>7b?f>VZXRLtr!3!e(Xr8g0`Tmf<8^A00>zaI?Qf8@Tk^?0M23DNza>HY0{ z-C^UD)lUeA+R$7llDme$SzKRX-)|LOd<{A1N(G(p;w6X*AIZ|yu-$E4j_+6j2g>&4 z4E$*P&b~V9EspKS5>``_lqFHrYP3x^?h-~FrS7LC2V`eUc2#Y!2l}u{-}waCNr*wd`P6w$`Tc+*05=*t zy8cxU?0}j2SLuPQ)4!An-oM{8&IF?Tif&of>Gv`rn)T0mAgt5amDxtULG#j=(NFoj z!I19p8C>M;&;1~&c$jnKdEfR;s_^jpIxElGSK6n)l6LmLbjyFxrhEJ~GANt!yMdXf8dR8Za0yX0VW=U| ze7Syv|J>?W7llK}IFib{o*=XA2urdhi?zRXZ@=@i4%xzn9eTToUw|d4*->SE=;~c3lAO}FeipR97JK=;m-cDbzhUicaS}5XYQyOw(Dm4M^_d2 zElx@93OyZ%JPS;um=b$i&xQ-fY=$96Vu{7EoEa|tB+S}HT*;5$PX_M`cTQ7h|9%qdS4+V>`nUkoiK zN3kCWBdf{+MuGnUoF2JdIgRS!)Qh0-l;b8e%nnO5l-qRs&;zlh@o}o9hI?$O;6p>Y zw6lwO4R#Xk6$$Y0M{@&?S^cs%nlqb;t~^mbymj?n9T7& z%&H0EQRW);RXS@Jvry1bTFeLoF?-u8a}Um2)H#~^NhRVyOFIr(!L%S&zZZDAL>}O> z`~0tq$|G=f(<9pS#T6cNyN-qE^p-2SW#uf> zwmY#?mic!-PHPx^kS{lY`7-u^e^O+TE(Qoa?1|7#?;H8h@KLAGs;)LOT`jVeYfu25 zvOOl#!k+%&=JE)vh3U<0g~g<;;ouS2)NseLNoL}lqgOi7L3!d#&TRmOI9wl8dtKo^ zz|gk0Rv7Gx6CILYZzHp!O!E*Y7YV5y7S!?d`yS2>25~`Kt~^`|+@pw5hc{+%wByL! z(ZwfQHuYd^ln^hUYKTtwQiOLtmiUs!YY^`ybVZ9M>$om13}v}1>xb|*noXNVmf1T? z^@9o~n6A)K4yO$LxV?QP<4^{2KVM6HN~Y9>KZVZ={hBtc*&mUyALAEDZ8pb_@IdWHfE{00;wOfF zC>!RkjBE%G|Da7I=j^4?6(Ju9tt(T%Q{^$*D= zR|fNL94*Dn@0(?HpAx<0Y#C+KUZ2wQJIlXdhCC9N;1*O`pZ;#2_w z?}Eslgy$}(Qo{}3U}`)N2j4b{^at+{$Pqzz^p0_W2U-0L$A|67B!OFFYUH4lY51l)%HTscenH)HhhxPN?IsXiTAQ?QIt>pCG9uIzTI}j~z8!75 z#CU1NRPVfYyaNGBb=o_JmA(eoMY^rb6-U^!!scxKvD9~F8TJAqs){wkg3UBbQjpbd`XRMU0;9jErrxD;G z&$8Q%GWzv=g-_$mchFt6^fZ0(4Ac{wZ=*9M}l!P!g-Q8AlPEuE?xV>wO;?t%kX#x@nRyM13QTRj zO~IP{VZtr{2%RCPbnT8Lcy_AJBqVc>wX`zV+^iHHM zGuo5z!DXpKWd_M6%HI?Ylgs+Gl-^}l{IH=89)AtrnqL^cDzm`wz5O3u{U7B_^3$&= zXH;f?FK6a8{wQY%|5yrEOS+GUY5K%vw^y)y6 zv!=-h7(B3Z_gXHMaq)Af31jSUwEievhpl#c#-$IKeRvX@L9U0Cxs6{QxH90IgZSmv&{#J1)8mw;G39I^sSr(ihvsY5_l}+bvK*zzJ~W0l1BF9cH_WqiFNtv zuqU(_-Q$j0fOUeE$7k*Z5IkA#tehA$0AgCyvOIwg9@d_$h-(3My69zlJNOU8d|XnT zb!m2_4eKlI@MZ=y%!4ol4&w7k7?z-&SpCFV&Qca%YA$j;&aDXsW&bMQvj76$y|CP- z?kbjv9O1<`L^ban6bIef<{6?Rtx^5mm3Cy{5G!@xE^*tHqB}d@zrg0I8G$%A;5t66 z2YMKMu`4@2t!^W3LZh_|j=rz;={BjY!t9LlB;qM=qnHYp@#&Tj9ru7lRX4iU7f35w z8vWj;_eCCf*A2omnV}>H#@m^4F7*0)!c*% ztSn}RL^iSyzvp%3aWhtW2i7ph^6>;P%m_dgMxH1sV6qjYqxd z+M#&vy~muVR``195@$Nd7!eZbiw-45Wr?#phC=ZKSwGZ%iEuJu%j#ZltdB70Vs7e^ z0fTXSOnY+}f~`Sq0dI?lJ9@9EzVCT=n)5PXLFNN(4KBohdC8hcRq;0hLlh!@7C-K* z!0q((gf{CNE%wZxtA(zJfd1h;=_QKV@PMLW(gFJ>8z~A1MH5rnMM^B!QxB!>LiM7D zeHkMVQ;td4DDk{vTE3MsL=u;sPnL##e8Y^~CNN=&Fn@9k?X|fzz}S7wXHs$ntG;~-ZqU2P zhNGdFGtAQCB%5Vuj0ZBT<(@e#(X6smI6s_T(@Qp@0+mO?M^%JcpoX4`Y!Z~KqBT_P zJ6ZLluCCuSCFJegJ3%!%*x~ua=PVINYLa%6a$rhjLZ>(B9ktt_@zeTc6Cm$=EokM{ zbHm3QO7OMz;N1o1e61rAaeQ;2Ay_O|&r&={ z*jxCd!-{p#I%g&`jOz2@$InH){UKwFwg{-Kh7yVwj)nAO@`{}kQnzcDN|$QXs3`=t zdQQr-sC3Ec;Dg2C>?}3|r&(LA z$!c|Vu|siAB9v%a6K5<@BHl43F$3)@DiR- zeI2o|?Zl<%%S`n>4%mxT;cRtto5Nzk(o5FpHFc2G_NEtQk0{>8)LVJanfo6Ys7iOe zh>HAcY_NJ8M{Gq3kTOmV%S4wU^$WI%e{L6I$p8|bkM#;@QR8}>?LNX-*Ve$K{PbbY zbSz%!)!9F<$ZvYzPGis&t*LMH2CyQC5l^{3aWPl+j^E~+wzPRR*6jj_$tR;4qR8Ez zrSc#W=P@Ezo}a1Ylhd764=%8%M`kq2Z7$)dtzZ+H%po%V{pAqE)$f%<>v7)GTZ7wT zGc0$-N#MwV*LV%(W}fBTZL__zC>t@i4L4Cx#=&@Oq>WU6KF83=bXO(4N(V*sLD3rj z%AY`(SDaJyOiVXWJ3wv^w*lAlsaKkN3l}t^(%4+UMmKXg0o^|%g07jwI_1Bp40VsK*^TV#Tm3HE!BYp2_Wp5>Xs zbxoO1s$H^GSu$bp7QQj1F}z9->3)Z0fJD4tj!Z2+)7FRDSEq z{88~TSVP4c3!SrpU8mHQU;G$4>~mzip_;Kf?gj}iv)c#?-v-->EZ~<`bSLpcXwy4! zrkfIS4ph$SEg_!th@@Ym3g0x29LtcE(#9KX;LVLd(8?PS4zC}H6frnoR`F`)9< zYc6fi#MYIE^P!T1i9c@c&nJi=h1m}54$V_UnLD>aU6O%aPt2h35&V=)8X z6CFH^N%Grj%q~OQUDf+D9!oUbX0w& zXd4tw<&=TTFO~v}XZ%a!6>9Rwyo-I=u;)DVCe~#aY@V7YM>fHmSPU|=HI*e7-8o`~ z@gpbNj$K)7zh2oIH-kEr#~J{LHHDfX7FgPoWu)HKGK=jU#hu(irDk<>0xQSu;K|0>dVH{#m#3dBQl%W z95LnDd@5Fy%&Zul+Va`0w`Hdf~qd6mRyQGxc|A z9P^!y`1=b1s#1h?uS9yIn?=HKwNzU89x_W-Hx*e|G7fh_f<4r zQ96MrzwZ|MH)I9>Hran{yaO)G<}dv-S>PQ508SJ*Nx*uwKmJJ1aw5J%)Nix#C`LUiTO>0q@BCQ-KwMji}u|kV_K+ z4B!p$kutCLFWaxc5CGtF$p6PDP4$_Bw1UsYZj1rH00f#yFgwTGBG4HC5NoTTpTafh zFpf6(L1=HG4}cy0Sn~1>rLoY4f9VU_=LWNxcl*f;d9I~`A01JbRWhqc4~A6?B!`(eIKl>_@t=ysC!H@Wl`c8Q~sTiP6oP?nNCSGErJ^EF1V4X1$w&oUNXZ=|3Gq|nA|JH(yWVQN2m9flNJvPTndp57AJ>KCw1<}NE$wW%(FzDHnFZa~KByak>be)&6mX??GjrQ4> z38-ZuMDovKkl;V|xa`CzKLtPG@ivgckZZqTNWMH1`F2jOblK)?S=bp5Z|*kG*vZkQ z%2Xm09Eyze@pRoX1EhT?O}gjVyOcN}nh7tE-{R2jwv;MBl(bj(1C-090Aq;3n2WA> zJNei)zdZHF0r5Jqcj)us3!rHeb4}m2Lcr;c? zEuBS;zW)LKxqc9Br2?zYHUQmCvix3r>c+j2*FgP1u?j5dqoFoI-^bz(1&NOPYI;Ln z$8535j_*;}y$kUO@cpRfwx`W{4+2rV@QmPZiDF9@BNXprZngDvgbkS&zPJ~0j(j_N zNQI)K4(Fzq>zxU~b5SW@?dW4(oG2}OGdre(6lkVVe=OdD2-&JB&{<(0YbaW~yw;}n zn0cVUc)F*a`bbJmdTwgZ1P1QTI7iCL0E1B@<>&_Sgza(>0y=PYpNST~+HL;bDEvoO zy6OFJ_z|~;lKYbShvHPUOenZ3>K;q?j}2zQA0bd>%fjAQgmzyN1%Z|gntHRQsmmLc zs&jdAE3I>SKmCa2EzN$m1@#e#j#YTWXF=wCZ-%bi**2z5B zh#}EAs`=iBPp&XAsNkCwU$N2R(qP9ERg&&OZ_7SXgL-$*@KI8-YNkAxV7}SJn6eLO z(WG*N*lNa#e~*v1)Elr(B{B~a7Px@|Nc}{D9Ur?RFfuR2{8h+Kw>TkO@|Gb0N}@YnK6NB$KsWQ#E&;{$gBl z(L+V4?OU?`*kxfz9b`rj0?xu$A=g8YG!zqc5p5I~ZF-d0xLDF?IHvugxXb}&SV&r# zGh8T$1>f{Z1r=_-C+u-(^BSU@9`&uG?VtewA~qUYn!SXJZq!-Zpw4JzUWk-A0uQp% zu<*hL6<@e4!8t~Lct4rlYxeYc?(%5TC52b^Ac#G#%Mo1Y*WilJji6$-MUsq^FSVVX zCSwMi-+TaQ&roXC8m6_WIobq3NgO#{l8}XEBB>0Lf@X?(Qa3%`!;O1tLLd=aig_d# zOu9;=h;Fln5mki@Z$LbaA2|e$)gX+<0ZpZ`_x@ao9~DzfpZnJ(zAn~$YCQ!AVWvZO`V1dMHRE z;4KeAnsT~q+9jKB*!y>AbNjdY-^ja@VZ>#wLYX!UlU@wHX#`C)%hBH5N+k8Uv=!(i z+z|;wm>Ox%4Bd6_6B*zslI>e35+Yiz4i%|bJJ6BD_K_$AzjjIgef`%1|MkFsJ@B7A z@S6QLO@2-GQ+oFU2=gCmKe2=)(~35nh^3rdRc715oJJT>p~W39*o{MO=}Z?6fR;q_ za!_h;^Djjr0>-$A4X}N`IYZv^^c?^56I==lNERDo)UY_@LV%FUTvWRD(R}`1Vya%zHy|Flla}bm{ zL?N|zWhf`BzciPg5AZW^DruOL4SyMuC(%%Kl##jD&j{5IPI$Xt9+2<>;jz#1m_AL` zqE~pjDtc*|N29HFx|Z}Z#7!MV11DO27m$=;8{V!rFr*8k$BUtl;uXAO zickunQsx()By**;WUF8rnE^s`>WuJPX~F}Ht6;&#qqph%VP}fi+Rye;(X+QmQe5`6 zAE-1{bQHMOPOLR9-Dd|!=DB&Q4el0RBTcD4onDq#PL^Fts<^7#uz-&x} z$d3TbbDDim!A2{ujeSZxwhBY?Ucn3gqOti>QngatMu0FL^0|rN-)MTq8ST%m0Oc5e zjJpOz2{o^@&OI*A6^<-o!uvSV+*|n&T5NNE?#5?cgdV@M0_Soa-Na|`^94aL8$P%` zO3%+J1OZBtg6H4j6<-0H@8#b&{W)e(i+~_rd|4cXUrX5&8T3Zm zY_7yR%1mB47$}hr9G&8VZP24Ruh%JkBD+>KC49nKsMeC=iI~gD(>1L#IoKCgwWpfk zzfjIz-aJp=?0c%~1nI$+GNMTHPc(rViLPPWe=>>V8kNSw-Q%NSWxs+SD;k?^ksE!N z76Gn8?wa^WG=l;<7pjZt)y&RY=Pb3MZCP{dLnK5Al1DM+TPPgKIH~>&*+&N)_!rgY`3FAl-Y)PTq46)~$MHnHR#~>f>~1z`vTZZwp%#!<>V|Y0l#9)YUuL6BUkV5P@!d{X)=~DZjpM97 zQ6`RrPLg3@5W#$eZpQCWb4I1Jp`1L`l9Jz5dyJ6@liyyeDPdR5UIg6WL$E+w~Xbf=*8B8cuw_Cuw1saj#5 zFv@Acc<~jzZRw#V!~9yIEZ^eWJ|UeA7^2Fs6TX=8yp7pG8H#?bsNx6dk%`Q7m<(teZU((ZCX z2hrDg`D9IvFxu4KGU@dcW8<`(RKe>cGTj$b<$Zx84jz!Qnn z?)1WlbJ!5m=z7LKgN1$Xw#TPx-?%ES2y(;n0k|(aru~-d_gmLWJTLLr$TT>LiAgjc zK`k0Niv?G;3mGE45zc+9A;zZU>hsXL-SuM`M!A;_32_qyXQ&;gW1aQtrYJNDOm@^6 zn0voe5=$n@%@Xsl(GnTGZzlT2Y#f!|l%nnvW*5aW!nOzfv7MPt@#@1>kRCl>yG4k~ z4bVh=F@k-Mnr;$j>+nIvJbjGFEu=BPTZ>FFq~^ROoJUX~$}=O#Ph)qT30N|HHp-v9 zWPQz>OQZd9>d193xp8N>q?_f<11#q+S9!b+mfaqmdAnx6iS!RmqBQKxx?np z2b+DD*MhU810*iandH1e%ns5uLBHA0gE<3h*Pe;5MA+L2KDC&+H;ohV+|0XwHxIGK z+b~N_wX6f0W}Qi=D`HtjL3}A)XUb~ZK*5- zHdP)wI&cl!28dV=>WXZ5(i(? z=D*~NFpP{mr4=#-ERb4pUwgEo4_;C>$?R0re7(Mq7MV zZuze&a6q;1)*FTMc&b&n<&Nq8co@DFdKTJ|_#hzI>9JV*Bdr;vk_d&ykT)jtY=Bq) zM|G1p9KL7kn{zgU3f2g8nw28>yCDe52kd);a+0lcg%#s6%EPi$O z%jmL$?Ru(0j}~P{rrk+$@-*o9=bV7%#LR6QNPKH;v(4b;+Fder84o~bin{;kZGZf9S& znU>i2#&6|)WM3ynx!@vlMl04iNVIq}QYB=}ZjZ#($&7*36O<3CO^krXrIXWkJNfWj z6jzRt<-bbUvJ;XEVLVwAnNMdGK0@N-hsSGkn6)k{;GVPzJT!X|(FR#LA6Cn>11;7!wrRI3?RDK z#xt}!6<4_NBCt9Qcw3lMJ3Y{|V{?^XKjkU+L9aQu{u+&qKpGQ|%uFqziczY#N9We2 zs;vn}dEf&C&&}UoaDP>VCUOo)eq{tJtkPJQAtaVKIJXLZ!L5Cm8jr;+RM)WzsLG2Y z@H!%w8twGUSM=H-0m481!eck$mOTA{g+*W0J?RzS@6s$K3(?4BuHtY za)JmOF=Jn)fv%$bt`;DnB(Ey80f^XkD~99A2NhM^Bj*5rgs#Tjv;Xyq8y*M8DTLIK zJ~O&`Y5q5R4rv8-xVxJp`h1`0mj`A7l`V%%Od>$uwl`9>ahsFV*EH$Pq7>n)g+Z%v zNbJIPGzV5JF>Ho9G4gpxweLoxDDXpo6%}djBSRjXCd$Hb8q~jy@!ch%YB-qQs6nS9 zd)aRR1Bo=+1e~?MLBKaz%ZZ7doCF!H6{`bjqF)QWSHBQL<1yfZ+ZrLQUpLa|5~d<+ zFpe)hw+0)m6Jo4C$1NAO|9(aQ}N`XP@FoTVvH5BO*=1ztXUksnc1 zS!uQXl22)lMDjRfZli)>xJG26u0J{xmUVSupELN#yVN>l)j!rCIwp49EpOk`%!o7g z{g2XlJa#DcRr!AKQaQs#(JzM9Kn|OFOZ$4_Zw=K7nC~8e)Pi2xkEWkdnCsHR8Xpb%YP6 z6UOHbp+mT39I`1erjs`iBeZu5<;-rxzx#O{~1#Putp2~Es>kh9+Axo(;;d^ z!@!9vQoE-rlxXWFRGsR5$e}5ftkS#h?Qc z!2Z*=FZt{A2H^aM!^r7MB`T?29koujE?}9bu}9?_Yj9g!=$f+i@YKk@f;TQ{!G1&M zI`(Qn)1zW5zMn5-y6^=b{|RsV3H>F1GrsKqaD3ULg{1y&CE`_^O~~$;w0;CC{5^Vg zSCydUa$e+mqPRr-1>S!C?<7FF`z7FK+N-1*mJF2X{n6DKwrjA{__OV}kH{UY;1N2# zBF}$03RswrZ$J*hvs*laRr}0NE)J=~C5_e0H!ZNGpwpnTo^ms>CF{x47gi&vH)-A9 z_<0#z$~J6t!216TNSCfMs<} z#DBmt6%rhYZr+vs!o~2b05c}NQq{~W#!+zd$&@V8shRHrQ#;qhA66@nQk7g`sNIkW^9f=XsWp|M zc=RUl@e(|xU1sv3T(OAqV0=AyG``L_U7o8jRv3gH3vT&oxZC3^N}*S8J~zRMqeKa6 zeGNo_!ouW8Y7QqQh~*tF6TUteHw4P-tLX^?Xm^C7-~=hH6e>W8S$Wc$Q3e_Thr+Pd zkm27-Pk?@CA+0K_#S+x((6Hvx(Ee#n3Z3KTJQ(G>RH{=&h=LMP^p=r1?N+HCKo`WB zb3IQkl6?+spz5xs>`1IXU&P$*uPu|Z@TG11B|r{I;n>Sg>VAGJ4H7UAg3l5 z82GaGW9yPQx|#RkLZh^->}M++5J>#aDLZuGJA0q3Eg{2zm)j)dfzr-2#R%bT+9}pZ ztqdI_wI79n)3|)HW1u70Ic3Sirx9W;l3`Pq@S`-f4{aJ+K*LGsrQg=R$4Nk>yo2CM zdq0r5=7@DVY%#svLs{ZxjQ4XB@2-KVBW8yJfpl27RjhMv}6 zv_)ZMiiaviIBzo(d(3a`GoXmIlc=CC?%KYb?XLxl$R`=>%l<9WqLzQ+H9= ztQMP5*F^$y$s})IfT|?q`~3&joFfsjwa=93ou`D_g45tP>3oQ&b@_sU$VAr8#!EeM zG*+9Z+YGRbc%GAfc-x3=)fl3da>IPy$HGKY^3X(N2Vu#g<1gQ6-p^D}Cw2d^$|E^+ z#vpm!_w?@&O8N2(vFP}ud){YPCz&(>+;W(gk^G12v6ZK0CCYaU<$!&nKb!g5wsno=5 zBdwc*x_6__-BdjYy^j?zA}c~x6)x!5c!q!|&-5HS4ma10^ga~wqGprnHpysnv8u&VZ=%4MXyB^}8R}obRFw81zTjMyXrh*MMKl=Eq z)_L8_Gi#TiqEIL4JK2a0(Y)^Cr}h1@ z&Ko_h+%rg%;v2$K8@Nr{pmZi93G99#n|ZWog48KTm)gnJhKUT3y{FlRu1V=e@&!#k zOaQu>#08ta20U?wTLAEuI{knGFJUVW**P#qRZ*nkVXm6D5M@TibA^Z}OhkIuBFprP zQe|*674_>*q-(y!7%S?Lx_0}?KzR5fFNLTNG+<6FN%doi%U7de{pwGIlg7`6I?`EQlhXgy8j*AF!W9Q;jl%R=yMl$K-I_(aIegp&}UPgST87o~MQux5<*i zI%EEa=eO1Z{sTQrO1Yi+lCTtR_75Qc>tB*neO`SAjo@12opjNiJYh{|Z;z-bvoC#4 z299vW?o2LQ0S)c1a1*H=J7S9S+wNtS`Qq;6I_z3{RQ}WcGz^@be_f9!zD)GVyB6Lbxd- zBn~{2fOLL<-eDdv!b#7uTs3lBi{I^Rpsm<=G!J55>sgC7_TjB?Mv;rhv57GTjta*a zhLKR3&m<2QH@l9H0_jit_HJVQQr=*ZlNe51elx&xBFwdA-}4LI_jvIyFv5+~wyle- zWCyv>VEG`F4+G_`y*=b_`6kWdelvcZG%^7Za@7&uVpq1*m7Y0PCnbDB-YaZdc3)*Z zs>OJtoM95a7)V=S3b`*4!n-=w1j~{6a-#*{#^dLN!)tX?KPM1nt+{-bVqJMsci?8B zp_V4GYt`M*7>Vu}ALUzz>uaR^OT%nnb2FUSLR9QT(&Bd-LpXnou1^P%c6TFKdbcP4 znM_RcIIV4vr;KK-ZYN)7%1%|PhhxOA$&KcV+7}z_PAiBQz1J!&Wts#hTCXT6AOvr1 zN;_;2x{u#0A-dOTkNs~!;m1v;G33Cj$nuC(>SM-7VrYSaP-|zj-t-@49i^G|jL}qk znAP7<`qa*xG%+B;GXg`Eb-V@q_rt+BaIrB$*>+2Z1J9*LR8mDu@*%WMwLPrnl+#8e zvKzjCFbIdzK>|nP?~}FU6$*JUL-WM9Wp1V<-Zg0bm~nH5gS_2v>Gh&V(!)X>@TLB)$5q19v~;5XJITnm<40(I$l|D1`$qgho(EF z0OcAFVl*`moo;MHS?Ic^nz-CKqFKxpLc5yz?DZ;YOtN9{!=s*BTbx3iF*kmGhZBT& zOW0R>gy1AH zKo#-OWApFI)f0TlT(A(--~IW&6i_AHfeqACc-GMo{DtR&33+yMZ5%2m{}XsJUHw~u zz53q;o?(c#gnMr1AC2kJWE8Lu{fo~&)Nmjw3SY!~^a=fM+_^&J5x?u&hE4aC?iXwoAvetpgVP&-EsrE}$NhsQ+=O%mD)Ccr>U8rz5kg8#bCg<8nEx=xn3~)x%;EK+bY<3iHmpM z6qp{;#TLX%L34=okF@9627oEp-5NPQ@gw%&1Ge+YxbQ7Zir8q_TWCsW=i2;Ff}Bw} zjGK27?*TG(;TOcN`b3(^5kfvUY|!xV!j;`f(|V-+pv*vba1$Ct<5^M}jrk}6in@r~ z>r@-i`%`BZ`0(4LC@E5z5XYe$>NGwf=RhD9@;_n&orB-O(qEn79^>hiEW0|`#xZQ{ ziVz6GlA{OktQuTCT<|Xmz*-?>D{cO0H(YEnLgkY5&}svPJiYZ`{oX>@hfw_Gu>%pk z1jbZ2Fp#^dwm#)2npXNT#w06w=?7vsq39+amKc1ev%wi5v~CxVH|;4`PVY-ZjPt;h z)CY?dm$B7=nXvVozm|A6&SJwloA{vigSt-p5&FC933=gxEG|}Hbkk_m&#}`7 zH0#OT{E_pPpamf+EIe%$5kFVVqF)sXQPrQfhY`{m-NfD8)2tc25WTju>~c0*d=9Qg zyjcYiIcKo!Q7)(eqpe~NWdqAK^{wPXi*KIU9xAsqnZDuWSGJR&HccDm;HKVmb z=8n^R&n4(j4>d?2U8nm|>wb(4<<5J`-;&~o&??TYk*Au+9i99{G1XC3wpfuego#6d?HvFHZeX6+qd1a+bZmdk5xJQ{5FX*@Ej=M!3?f*xgHt zc#RJKjsaByY=@j7ZK1^O$Ts(nHt-%yLs)d1Bt)5hT43vYPgls2^J!rRLoimSn(DK3 zaHPayyRN}CfeNf1t7}t6v)Yg?X#g=`5|gY6UAY-ATv!jyn1^rRfUpZ0IcoCmRo<&k zm4|wXC_n|Nw-R%UN8R$Cr9$>JMry!-%YKpCoHfE}s+<}H0n2nvPNyOfN0_A}>QHL3 zxsLby^J{HzID4QSzLY~hz{Fvfj{w=7Q<3cNXjU+Li9#(YU0U(HLIL(Y`56Z@zSs}x z1`?q0^UUo_{+e(A_W5TC2VfuJDP_?(q>$q^(w&b}iy|>t0 zZ!=WT?L_P4`*dkge0gI{1L6opZ2|rO2MHdDbA#CB(3TrGEs9LF!$g#mh{M3+8;JcE zlq$xSAA9@G;DeDwaeI9gtA7NPj5NAp4JIbz-de!m@^`?3U=$GA^rtjK{cSJJT?*~@ zbJ5T-*w%I79zCTkxa>f%81jOc%AST#jbxvt|KRD(Slw4{JnmY+K78Yjs2VoJ*h_7l ziV3p8tB%$<6X2({f^HHwV93^cV0S?x3TRHHHD~l`^ zVr!OX+F;lq$pmwugAhfC?N@!rs(}EwsQ5mwU&FXSRl8LnwK#9g&a+W>|2Y2|)!z_X zYOa?{6*Ixl9+WYm0A$V~6oeE>LQy*5NMon(n@F*=oTscXez5<@>6lS`g!>GO4?bq~ z;**a6wi0Jpjil@wHa>>diP^aDYdUnJ-KRMLq2f)|hisVPlF)&_5R_pvsq}#2-jTKEa;8a5 z8rg$v=dMQG54ckD0Xh*=phQY}%q99Cl2Opr1(xs3{Ug76X-U^OI;@GQV2qi$iCej5 zwZmdyY}xCp|PMwmKVn&hQ#609eas4}X=iM0DS>R2<7lTPGQf#ane*Vp#*s z>n-H94Cz4ja*4ltgB0Y0ygR)42&aUkWxBHp)#ATu-GVVuPtX#*ES-ar!fymmH!8xJZV`hM}cCA%6d{>Tt!gI!hnp5#IRcErnvX`it zEee;MkDLnVHm?g8P*|0&r=9^G*w8rwm8S(2GJvI|e=LR7*;7E|cAds@!CN?2HZcsA zQ>`}#HjA!-RoaM+YWihzXGok%-EJU++LH52sTt1WI#hmQ>MabQsW)%&$W^4e(-=E| zWg}+($DW-{nxT<+CYGjxyHv8PwC~$qo#vJDs62ETTcQBa-zNWC~=M?^TlA?-#7dt)isgTip_9P>6@9^_g zRK=&7!Qx8JxHtQPCI*E9(E3aje#u|i1Aye8u?GMNQKneb0^P^jQJ1gV``zn`zUpFW ze!oJ-3fhk~3HUFh22`kjB}z*^)r8>l8DIEuR&*Yg-L-e~Xe?^5v;9o327x3f>6-8& z*DhQTRXfUmVvmheOK1V2I!D*zzVO0)e-a7qNJOA6`*`Au;yf>*sZd)rV~Y1$RmfE+ zag3#RisO(virbFqH-U4=XBI698cTT7!m+_D3fYXzc1BzIK^4A_EX>wsz;Y!#tNc=# zqHgr_CB-)wn$#OC!~5W(<-r`Z4A^ITt_GDO{WNC>#?p-4iK=0Dy^UdW&Jq!m3m&wgpRVPe!cnEC z5oaa|4~>lp{sFk*-DM+7SIyN%s#eiNst_7x%YF!J5MWugsN{MG5YGOSLh1$YGj&h> zhGg2QtX{D`GZh$-bv9*6g5Tm^Lme^u*6`7{i+9HqYORA~ONz~o#Ee-@@v;HgN_kKE z?y0xT_n`?~s0Y4FD6i|5zAEZ_q?wy|{fI+Fl05e2MixxV%smrgcSP`Ix^4_$l%cnS z1R^>^iG6deU!n&w5v+tVP<3Zc8t7&`Qh!iwbqkF4PK?UtyAr5s_SL1gDN=2s7?g42 zde=Fmr@2699`h_YXccVLYp(^`_EwMc=U2gd2xok=s&Rsp5Mr;-H0?95gk{6Z7q58| z5gx${!7axwZVg44OcHyP7aY`F6$K`~B@7f3LJd0MKSP#AL3f*1AXZF*Puu$12!7X~ z6V2a}F?d4mFE_#1M9EKD5Nj&Lo#yP-0;nFhXNfK!>;n+y8+du-*)L#PXNVC_!s_;4 zZqvCa$y2tqGajk17Z&jY2WF#Mu;U{CY;w$j35ymNH}&)0ot`>g9h)Y+Fq%WpASPca zo9l+44PPumGsrE+u9V?oV?X`?-2wGOX=**)OjS+}SS`=?C(9fp#E~(?pqGVF>`b0& zrWJ;(Ug!&!DNc)0C`rLEV6=Soxuk!+qzB-GwH=m#6bgtC%Yvk^x@vMn!ryG<0lC%sBSdp5*lpVF-Mh6OaS zAQzDDum;C{FW#veps1@rL65HWh$^;B|M@){_SX=acpDMVAsmDutv6Xx&RFGkPkUyB zRp~dTEMZqrf{Kx{fJdC|8-#XQI-(HB z8_P|gIsAXyoMdV)sOvZOB@*3qao&?9C}y4FX9c&rjGw#bC`9DqfzF_>Gx5>dYl}iF z%u}$1J9%UVibW-{MF1=TIX4DncR^n2XV5!;v0w8i`;mOU3Hp-1@+|PxKjT^8D`*N~ zl>5Hw5fHoS^k}O*D7jhWscOf#LW$S(M-_mGvL4^TU9_|b$NRV@LZvl(4J^Biy<0V* ztnuXnWJ!-!gOAl*6+s^e?bn06M?@J%Bme`+J0>SJF7PX##ZDa~8I|^fDHs}zKz)a! znN1V;TV!6$*?n|rwB+NWs9W!HWLvS)9hbnGcTtbrlGxHT-CW>WmjUu_IS#+wuEj)I zbRy@4%j=0SW_UVSE=?C&0aPDk=AT0CAT))C7z%Qs%2M*q+OEfWLj-t00jvIe*J;#T zEOpY{?eRYnY~&q4F;IeH(pDXuB-u&GAV5|CD#JynwI|XMc3R7+o``4UQEzJSVjSw<87>Ids%rzk@KrVkl#+2ML_LN@Gb>*m#<(aQ{q<$T5p# zV(p>a25KCY5VvbT1U~i{UBo1qs~Rk4lq-F@1t(NG^YvtGeC!!Ms>3T^$d*WhP2~X5 zP|{Rw_i%r7N=&kvHjSkO?KOIk*?<}Kq`naC5&&CIwKPAKyJ)LNjjlatKe*ZAPhz(* ztNr&+QTQ4dn?l0o%CuN~aWew?S-ky6tWqngn_Z^- zWKv6R7YQgrgb?XDxI}FYe>O!Z>IN@gU)ZE(%OAWA?d3Joint36Zb^lF6Dav_V);dt zn~ZzmI5GwaUVtbYF=!+$@w1$wZU9JnNDo`+8E7InaZLz6!Q$qF^sT~rNlwk&9Rj1< zX}jMeoCXY6iW#m_YkRNjIzZ6!6w3?%;dy~R#HxIk3@KiUm+bnIA;R=|dGldLqYDLo zYI@RCe^Zh9C7m>C=w=ymAyp-uxYoTTu-$#EAdsnd;k2)j!Tp3F@>%9Ddje#73n9Bfy;H!d&+zy*&S`?824F~5JE2f|nYsr#+=T>Q%SxZ3XNc~=}c11X8_^3GJ{PI)e?>q4f4q!>)<&a4J z!nc2LP`WFC*&ms{I70>v>R$>Ah5s%rY<+4>q!!WK>XH?1f^|1fBrJ{Btozsj!*_V=8CU#e^|EBtL1Odc|~YwWVbE z9nw0gx9^N`p!*6r9j@O=q2m0!Q+gDOldkOhpQAeE8htXGVa?M3lJu9?sdLq-Hc#xZ znk|jaQyXf^r*B%D$JSank5j?0k1!{;Z+H8?v9v14H(`q_Q}kHrxAy53T`UE~a((YhKuUKAqcw zCx5%b)bt3dhBpOGu16nUNN)hY3yPI~k<44bbg zY0=7`{&?)10!rJMA)6~n$E6f?N8=ZkI?1AB3WNYZtJiwQP zqc(dN%vVmRfIMnCrP}BYdlCJro#_?a8&zxI;VuSd`uK742UPGQuDb;6K86OP12Bz# z*TjcH!M*Der(NsKDF_4&fJ`Ju*rnk0qGPKf`JuHEz9FN%sfDT(mxNRA%#oalFMuwz zI6djWNHs+TZ)G2$S^l*iXXmAQz_0-MY$9zf9Hq=ES{leba#TDBXEQW~+Jt#opl(N1 z^9M<$U1tm?J9Pc2y?mav^U-WQ^TCzv9v3opR&@6BO-F*wO zyQ%)Opx&KE-kZ1tVU7$cZ%?daZkjFvdnbE(@RDFXK zZ0xj>EX2%~cIj>^nMQ{w!d`BgsFy5Lr2h!>`-@{jKRM>#NZU)1NcerY`9Q`L@${%q z-pS@mF(i}mdTHIf?oq!B5IA=`#^*M0JD)H{06LW!%p!-^V;?qX`MmIflLe}cM~?Z@ z0RWltbqDe1`Ed~X%$wBsfO`cj{2r>6FU)IN+hArzIVLZoMpgZG7VrX9kOsEz!gayX zQ)C<)H2!^WTT_1SsT)`f+Hv3efv0l5`=`5Qb^MxElQ#L$w-`PUmZ_-#7{;?cHRLq) zpDl3`?cP`^SJU<(ym4ch59FeSmIoQgV#K#6+vKbRwbNK31mMY@k=$G1Du}WCD zyhtSen@7{KQT%X9A_2?xbBjWLxs}AqV~ZdQ)x0D7%D2%?5QDzWsmBD?*sl5s?@w>L z`XfjkhCM&KZ3`Ye>FzM}ad><1YmCJDe}8x_C||gZTZwTLk#&HaDZKT=)wD%L8L537 zfljoF(DJF9$Vmkiv!ta~^dlRN)5w#1wklRrXEfQH(lph!ivwoc1o&??&R{kYyj{m0 z-2UjxTE_zX_yseJtQE#;m0>&!Mu@hivl_gG5b_|hj7JCLfs*W)YtSXQt&YUvy&YK5 zqU`+CP#&<0FqXU>*$%_W&HI$S*~TH8RFB@V?z=pkNqjkZThlo8ZT(td#%W7`5r?@s zLy9@#4MXGbl4BL#whHp%CYx5RS>+V?${B23oh56h&kr;(TZ)~T&$=228C?*7#R=ut z;mMHk#MrHSz3VA6K3MPNa>+NP1`gK!Zt6Ev=J!oB?S~jY|zdy^4mi`R6 z`=e=MINJ&iLVp?bEX-?EEEX_bHh&L~G|}Qx1^NV2RTC5QSVf-QT8RN+z|kHivLrQA zgRmiZipTW8X}c2hDgY17DwcVW@+1B{VTNsibr`2)FFFr)CCp-iCr4T_oY#%uTTTID z2W7mM^2N#gcP7q%^S@0!5tcA!8fA693HpOfPa36g$&@g@Yb-1RhT1F8c zk$wSjS(JC>1JwTYH7;Y5AB7$Q$uo+fhlr+G#OLue0lKemo!TeXRSAg5AKUIc9u{d^ z8*4o{5={w7X%-{fRO#s)$3nW4`+3>a#XLRa9(5?PsmiS9&39-(4iil9-chL|oRy{& zH;ZPT*61aT(Ck-M#b82|B?EhJ?qg)lcde+Tov65;$i#5=R64^Y%bOHDUc%Vm>e2w?kY}w zjLy5znhRE&&4&>xg>W`4+ers!-(!wY;lyMN4iJ0zceosIdkLtGskkz_pqqDUzgvS_ zKcTI|#6}aLjEZ6#e?8>OKv|c^bPwYjy%`l7W2P!+)r3ZFN>Fz@rKtZjmgY;ZQsHTa z|3kpAQDsv>>Ce)Rjjq~``W$n4d%{!t$DSTPYr6VPEx%T`Tp55W9vBmFpaY2r^jJ)IqhNKCr_|C_!MvN`g1z}FUjE(3O#xY* zG8@`RaXr>Gw1fl2YFc8c7sLzm9v3djwi?}FgcH?m3HJkLhIo)(C}b&E`Gqo2ct-Iv zu@Oo6KG$9RC%!y*b4y)wBfn7+-FjqyE!5U-CEb_t!*ko1Vn7EBc%u%v43+JPkMNic zYjC+kHombF|=r0!gazWXRH~u$UiW28P60D+Gb73V>EZeJ{LkOGGPUCH{ez z3LZ+L{y$5^_zD?sUcEH71N_x&VK>T2mYeagu}k8zXF#Y-{2hn7v2A{@FFV(#MYyd` z!N^(5K%&wWLQ$qWJZH}Gg*&`I^4BMZh)e@36Ua4JLTI4-IbJymz81n#8rw6}i@8So ztJIsrRWA9^hjldCRn{s9o|q|mAT?b|g;^oe%99wb4-LbAOF(rmBa0Fq>2R#O*CAs1 zli+XsnP=MAbmV)E)y7TsL2=mZD9nxGXRY;uG51{pdtxJD#(T)#dus>3HujqM4q^W5 zP%T2x8p$iJX>Cm#Js8bPNp@$|`Qsup_FYCtlFO4MZC&1{97ykHJT;0;?VZ_c$9T)p zS+NtUl}MN+4P`8mXQrGvMj7`bc}cn#Ojp^uf*u=&hZSv}n60;kGY(nl;D{|s0Nvag z#X>-=s=3{OJVBVk6s0g26Szz$@W+p|PL7mDV8Uh&X7OqCR^LDLoZD!49B^$$Q{TVX zkNA`QMn5~VeaT<9wtxx$Y-TD1$%_3 zsM)Kor;S%|FNq={c^$!NlQE$2&cjqs<9u7siZ@Ul&GtZBxoija^Q*yI95o3XsASMH77*~dT;zt58 z8>Q1Lrqc2o?}qjQXU`z`^WQjbg5|! z>^?7UdX0Iky7V%~QN!30%{mI=ijSe76uAO5JQV72`T<8hM~5|{jf z(PpElNv?_#>b%%Iq3yPxYT=)3z*ak!T=RMz>6M%=0hiStfyVEa_$cbIErW}eo=)AX zsOa_-@&~j{wC*zvZgEhoifcjfp^-*89m-On0)!EDIAtx9GwM$&^wQx_$3_qnbgJIY zB-~lr&pJ0@8V$CKjT4bfP7N+cxG~9!r{|Ilcj(-@!i#6MDt*536xi7sw_t0~65cEhx|zBU2Pdn9B=#2SalrGIYWvssOe9rf5%F}zq2x9 z(c8Oi any any (msg:"JA4 QUIC Test 1"; ja4.hash; content: "q13d0310h3_55b375c5d22e_cd85d2d88918"; sid:1;) +alert tls any any -> any any (msg:"JA4 TLS Test 1"; ja4.hash; content: "t13d1516h2_8daaf6152771_e5627efa2ab1"; sid:2;) diff --git a/tests/ja4-rules-disabled/test.yaml b/tests/ja4-rules-disabled/test.yaml new file mode 100644 index 000000000..bfbab03c1 --- /dev/null +++ b/tests/ja4-rules-disabled/test.yaml @@ -0,0 +1,9 @@ +requires: + min-version: 7.0.0 + files: + - rust/src/quic/ja4.rs + +args: + - -k none + +exit-code: 1 diff --git a/tests/ja4-rules-invalid/test.rules b/tests/ja4-rules-invalid/test.rules new file mode 100644 index 000000000..4af83b4f5 --- /dev/null +++ b/tests/ja4-rules-invalid/test.rules @@ -0,0 +1 @@ +alert smb any any -> any any (msg:"JA4 Broken Test 1"; ja4.hash; content: "q"; sid:1;) diff --git a/tests/ja4-rules-invalid/test.yaml b/tests/ja4-rules-invalid/test.yaml new file mode 100644 index 000000000..8e727c361 --- /dev/null +++ b/tests/ja4-rules-invalid/test.yaml @@ -0,0 +1,15 @@ +requires: + min-version: 7.0.0 + pcap: false + files: + - rust/src/quic/ja4.rs + +args: + - --engine-analysis + +exit-code: 1 + +checks: + - shell: + args: grep "rule contains conflicting protocols" suricata.log | wc -l | xargs + expect: 1 diff --git a/tests/ja4-rules/input.pcap b/tests/ja4-rules/input.pcap new file mode 100644 index 0000000000000000000000000000000000000000..464a1f838ff0acf5a2ef2919fff6ef0e0bf006f4 GIT binary patch literal 39990 zcmeEu1yEeu)@I`t+}+*X9fAb6;O_43ZXvk41a|_#-66ppf(C-S%QW}Bd*{FJzE^Xn zDm7J8^_p4~ed=_7`&(!2^{sW-`^@y#<$(gg0ss324gdkZ*)g**g6jqW7y|!(H2@fW zn1=l+R_dPTMd+$NEF1tp2Ps4Z0{`W=(_ha306-`pB>(`Vf4nirfTs8k3(}e^?rQyd zqz3fmC7KQZ00oE01pxzt1Ob7D4WH))9svNrLH~hxeFOr~1-^f^e_;Is7l;TI8wsF- zvz~L8#-eks!cA+V;6tQZ-@%upwO`V(-}*zh(L7sSAML=AOJNW(yRR& zenfwppA8Vv#2*P7DVhlAgn#hjdPRFhAwB^CXaV`X+FwyX$^S1=u%MA*$p4Ij0R{pJ zyb2(XU|=OJPUr+_lerGn3{XG3qqxqb&=y>L)K1S9G&NZrZ-j}uVm{NjKb7B2ThR`L z=S_i14^L-8J%3;fh<(P(1!XY?5Vf?Rf}nz;f_2e$F?P{)F^!dum2{zYp#d@hSpY@= zI}j)V7WUO;04x9o0Dx*_ZRcWaYHi?XLhs;WVZ>l$X9K_l0A7G60syeUAL#vk06y># z761+a3Oq&%{3sFt0q_RYoCVt4+1Z|vnSmJq0f2Z7JOBV5fC4}Q2ZII&2Y~>ChJXNp zhJ*wG9s>Ya0ki;W;Fkf z=z(Y;z>h#d^6-FxgMk5X0brm2P%#T278npaGV=AC&;fnF!Tx{#>owG-#XT@(sF|Ft%F8o%su^2u+Dcyyey^5f#}z{?dMU z?xJ;$_qD0Q){Izaa-r82oeOD$Q$)IsvWZRXTdZ_*=o1DbmIP0W&MdpC>s*yH9QHL( z@RPG?Qg>dBNprBv?EPzN18=sH`-9T2-6GYf5ShXl47--CXJqqIH6vy>W|>umQ3o~i z#XlsGE2SUTaL8}$w0&~w%ayJGS@3w&j_t@>s$(^(TzHR!tlq z?=v%^SCj`bZxo`iyf8>qKFyp+4imdFfoz+Y+gf1uPp~*Z)Y3oEbfKrM?N(}wRW4Ql z6m+dwU|aboeCMp9)V+f4m2m^kR^*(8>aJ<?uJ<|`Oz7Kt2LG6${FrJK`07v|2TP}ZkQgI zjCUSeh>?H7+m~yajrLi=li&ySwMv^-VXM>U4ito+-=$e!7IPzEjA!LdP)2C|^jVHY zuN=H!P(fy?7(|grl>~ooRK{Z+*QpgFDtPM~uUvX$)TXbVe0-m&O7iaTmKL`@ozPv8 zJ0_|<$Yh{205L}YQ5=D{t0-yWMc0$cR@8z-zbtc+0vN})}il*i5v1)DE7 ztYm#W{F1;1mzrkC+SjX=S>br1YRC!cQ5zv23?ae${js~rp(=h^(|5#;seoS`4RdME!-y9TN*r* z7vb4RM)21Br+Z;pS{T^8bGEzq1Q!mAwIs#01oV?5hD#ni!Q$ujE5YSswyn3yN-7~~ z;D}jMLud91bu7y{(iEC84z%L23WE%T4#br^ygFoq2Pdv!^?crPPue^D?fD6n^8H5> z>Sjif3_e#WlvhR7RkCgMv`%Ij>y#^Tn=p}^n97^h;>xoN%$ceSPZ37vb0Yk)lP~Zg z$)k~q+-5X`p)`}76RBffDXu37MOtlJaRCPPq77gGa8sPp;Dzq@kLS52XDf`m`#;z3 zvg|C3US?SW-;vqN?S}uvlRA{QWEtATI%rp(Jl5n5`DjFEm^%{MYMY#AM!j?iiv|}i zCC~2G)=(9$g%sjq5o-bUnyKFcGxe`1aNHfcY?w>^k)R&_M}eab)P(z26ysMEFkl%4 zw7=>B*xyzi=F;C(2MYjAt@LL-ki@{xkrxDo8_8nBkbx|Lzvvy28^TLg!Z{|HVcgzi zSvpk}iqhTNe)?W~@WG8;tlYr?;Y^E1)k_dJOWB!|)c)oy%1Z3+WEXym-2)l%=ex`k z6;9W6iqw%+at_V%a=0eOvJ2Ay6>dm^;39D?g^_H20Xe*s#l`Q4M$cnEb1R{WK5cAH zdPxr<>eQ{pt2|6NPWCkWIWC4}`rh2qo8bK@!9y0T0h5}*0KsLatJEjV8u2OSCkYd(->Kg zs(caO+osbYqHSu0lB&Cm>UiPF#m(^fyvtIlB5#>56L|}S+nF{xW^mrwoyX~CYYbQ#y^G3B?bw@fGx~lrq@<}eqo=Z+Av8IU zCV=d_y$k~qedbhpmMtY>gq+i$EB$k~I#i4v zypEc2BA>-jWXLK3#fU|9Lxrt#1raCr*y00HtkF3j%{rp2o6PW1{@6eNg`U`C3zrMpiQV_8$5uaW4d9e z^9a4gBAzaw#BC;XMk(J!_JydsglwKbZ$ZP5t@oaRr*m*$XeCN`v(490qslF)9@sfk zoK;3;wx2z7Ce?v%D4h+vDiLHOVrLIYM4GO?5-1Wlj+vDTxGdD=yfe=?zUTAs^BhI8 z`S2iAx8p8;0Yb$3I?I}V;ap~Woy(X1ZZ5|=f&zdg-*5KUW(A=Ccbk>hi~&T!f(AtE z|Iw^yzGjR+iYownK#aWmyYU?F!QyHHh`g?B=t^2;D^I3WroKdzs+f{Okrd~1Yvuc< zqEOXF&CEeq{nlaIDrDb07v<1|7Mhde|wa5e~dEl&!Yque*hgMyb)Ha7pVp# z&OJZb6#d1QtyHvJ2@aYIVaY*{7yt1AGMA~RRUI?01%I!7C7ranCe$comNH{%&9A2B{0-Mr=Dbmv z4gR={DD@saj(vefFYpq+Xv9UCo=r4vQ??T2FR1|=%`UT>!FQcPJ`NV$%60D3pXUke z5e<`#1nQHWPuD{#Yu>ocpv-9siK0h-tH!*Oia(ePR-*ucH#dBi71nrbfA8hGj%vx# zWO+^yRvh5y>VdOq2bJ3ELsinfk8by<6qHfV*o6|Nz8RmO&iJ6;Xl)>XtKofarqTv@ z4u0lFH*Kl8701SgT(0R0R^7<#O;sKdxD*Mn);-e6FhA z_##-wdAy7l(IKij^_Hmfn7OSfm9I~r9L(B%#ao;hk5k#i(BbuRH+$p$OADgdLnGUD zNpZyn-|*DoDKR;tJ8|$e;yt$a^Rw^XTTZr#5Z1*o>G^K2X0XCESCKZ+zt~Rklx?5( zF6^~PQg5B^_y0gF#CDH3Y<5n9UE6yQ9>B^*(&v{Cr?rHte?qwnY8!^pS6omm$fE_SE zU+u3bpxl4A-TNmBP~Lq-ewX)5*v}M(iKWNnL&aCH` zygwtP*D3>JtgCq}Hrl$|v3+XO;2dCg@pUn3%0d>&6J4c{|JIgrk+X2fwL1k2%25xx zw$>qyhr>qF!24L~s_7pjmohw@dWrGUN1BH!dsus*yDOci=U>cw3rzn`l$dfmRk<^?mErvw0tSX|xnIN28W?`RqK5T6 z>ayYJ0qWk(|Ij@<{^?BQSCnlaiVH9azuI3jF+lL|X5xRMyy~9dADQ?!lvkJF@M}D- zz`ClmmE%mnS{e)9ywog1KW_IJD5AX%0{r^d+*sl0`F%e3PX95}2>vQYO7CJIde4!AW$>1zJ$Aiv3R_wUsF9{o1Y14ZCfrj%7_zlS@=4LKSyZusOXgpd1 zI!79k?D&q0Bq!6nFIl$73D=15fR9n)yK#h6+@A&?p2pU!V=jtfaV&h#^%LS&omt*+ zLv;&y??m|Jy!()Xtm>z1S3%r5QQDMa+WMo$M%5i_Q|PRY3|B$IG-i9k=wt1*S)CW- z&loQh;bBY2P-VF$d~aivWL&^^J0dl$l|)Kbp(+OP zVUkxbw~`Bbf?@lUaZ)j#N|S1seq0(A`SR56!pSzL&!NB*!+yfS{WL9^h-J&6p5n?# zC6@?Ai~1t>(5$^6#X7SblV8^$hGEQyh!H#bM$jjf=jwo z(BZ0QbgaU`g!DJV2Ck}IMt@vm-POwmhz&;!th*k1*U zGbwhb!Pfg-bh=Hlh%!>w+ti!i>krZ=Thh(VFXCq}_7 zqzis#tji)h;!U%q9L>`|vL(@3d3IL|9aLhS8sikEf`hf5zv~N?^Refk&AdEz!3#cX zlU$80A}Ue_H)OGH`}rZZK3S(puwQuUmbX+MENsdTqEM#yd#W44ODA>oH*Blqz1oTL zn9ZdF2Wt`J4{K;7;S;S6!bc}xlz-a7(r-T6RW`tTkI+`{b9YUa^ueCnHneNYom92= zz@(hwHEMkitt@m#ve;5dwUnf^&B%!yr4PT-k7lyFJhGZ-z}TtGgBO|Esly3N$KEdd zsRc&NM6Qtqu@x}M5lwA0xDqsJ;0Jn(h=cYGM8(Ib!|%tC6a||Wb5-%6NWMW-qH>X;_KmR=~=IJS&T|%tC_LiP2)r zC)2-^Izjk8fSE$Ihu$TVyfD)-dr=sLXrfS^amf|Tr?op)wor4C?{_XQtZfTsG|w2c zkPU3QPkuzXrd?m5KPi5tjlG#{4TWq;c!^;h9*g8SQ_PUb+fBlY1J(8<1m3$Hja zLVu@jz5K>UHscF~n***@YnscIcR~JvWFJq?h;DUz0Ul=lCJD0u-ziQpB*1c(v<)T3AXYvl!a_jfBVKFHtn09bit@cvm3kab)O z(($3{?kQZ^%nHff26yzci-$kgr{Ib=DDL+tyF-C!5#POk;(l}dI-rtYNt+o+`{m!! z*1!2RGRVjLy9{cd{FydTiyaWn60k19zg+s(6x`&WnhI=@m%?*>oRp&CKTBPc2L zA_N#+fg!x~4-XOL_n zO{v%)+E2IZSi?~CUNZbk_ycVihk3E_qql$-Heu*XM!w+U=lVcY{QOHnvfTncnYXQ! z82hAS^+dI2BI3adcYKFGHndH^CRhlszQe(%^JjW%A5mx)_kvcQb2)dA{E*=!ZR!rK zc1S#u^Ha_jC;wu zk`jALt!cF~kGe`g)4%RR_P$Rg#JF@J$z!+hhI|oNPnv>nMT%kz)l(yQ8Ga}R>lBPg zeTIP=_r;(~->uV=B$vI4x8v?mglv_QOktjqM?)SAu`YernFyEVV7g@KC!X#OpEofE zU=p|`+_&MLk_^}!Eos;8UgpA`Pg*9 zCKYPhOgc-ZrK+lV!*r-L3nXC2;T$q0ISJXgMva5;NEj=PJM+o(F!krlUYdRK@n|4h#$qt_b$O@@zmL3|d;93t@|`ibNu zWn69{+M3`SL1fdY*-|43o!GbeLa??h9tk^6|CS5^0xDAQ{Q30Lw-u~i(G8BzR5v3L z<6~;%Hpm#N9&(M%QfH(6C!0OaTxa=k>u&aHSxptlDnGXHhsp%5Flc||^6)3->lI)M z70u@DpZ4NxtG^Ia&u%TCWvdOqWKrTDiYgX2Bs?$KJ{f`PlnCUz{aG+-w;F=5_zmPBItYd4^hnli zbsw~oiz;vK=&X6MHa=?mIn;bGtX;MuD(ue)py^TirLZXz?_*FCK@iZ;t5U*q;XrNj zI=HK_@8RVK=eyjYpF1GG$Y>6KB(J+UlvT3t1D$W&B@5BpTiX>UyI-EkDGtAffd-$) z|N1g%fN#nnug!n~sPGnYS}EW-x8bBtZ!DT6Q^t2KmkozKEfPV<7hpA%va2}~5(N$3 z?V0Upq<$HJ27Q0Y8lRpa>7%G04H{8n#*Urr8iN7r-ZsP&9rQJwAQvRB{9BHX5S=mU zH(yuicyoV7DUJblv3swI3Sm=1Pt0_k5>?Lw9m!FCb7#9xYl-goNwdpe6-c_zHbHSc zls~eQ8!Kr%F9?ku;%0x7FL~92aA2nXRWc~-@}Fd|28i-2WKh`UcNx?P{j(nM;_Q|1 zrd<2iT0@X*?3vnxoVCk6KTJjw$j&uUi0Cf*65z=sY?i-d!zI7ce)*NObN`bJR^R>_ z85GX_T?Sb~{!IHf8Kf`2{zRv*=}xCh><3D^*;;pBY3TQ{%pwiOuiZ4e+wS7@g4SOx zN<%@WdVvXp<}zXfGG(K*I@;I?y4Qjs`|18XsL2zn-c}{o^NWj{nQvZ`a%=KH-nw>N zajeM?wr%Z&=i<%L9>RbL4uTIxB)iKVtW3p>x13>fGHhLMIX9e^F1~36VHFjJGg22; zUBY2%UTaYfQ}y3p=x>FjAB3-$5xT&I*q(p+4v!e>V$CCIE?m_}2#)fBC)t%bk;75Q z9s7u4=O<&?cKLQmk#&im-#3*{7X}t}Qo4FUn*%G5olYf^A9df$_Wq<$C+HhhbU1w< z+W{&rFA3#D>Z;6fCCx&QnpXzF%2suksVlk-l8SOQIvYs`;UKJEsAmxvxeKmwEa)r5 z4I?UWX^C3YL_N_E4Q^h8<0#sDiL`;OY6Q!!{nCHfjTt0mC1jm?>GqkRc5Wm`gkx_( zIlZ`{=r9Bxfp&_%9A}^xWqhi{zn*`7sveUL!7j}Hcz)5o@M^fEIwiFJXeRiY^#DKZ zvNIyvOlKc{rPWibV$${J&AYvfd(#Mm^>G@L8+#gD;%1D@=CTUfshqwLJ`LY<*RwRa zF7p}iTG8nsgn>cy?^n*gU4|6kM_9s8g`WL_;)Ta`Y{bjPr4<7`a2eN}*#jt=t&FTd;!M`X5i%Df}s-n<%eofPkpM1AUo@M79653|=dkbM*N4Vgw=!ZJTTY(~TVFca z*pSG|V&AR{6Q9nHCw`ec{SmMw2oNlv8OZg(IT#G?y3Dj7uu ziwiFb)Ww+e%5+Z!HJ0PlcNmw*b~|St(P@DH8u-<4{f`|U)jKxwS$Jz0lFW$td0Ba6 zGutr{T`UU$SE{OSv%IJ`)qP+C2ScSd$W;`mGVL!9{(IjEJ4WK(k9@@~`@(gVZLW$0 zQg^1So6Eg?xA+y;NR6$I-3@P*nWu2KB*jG-cQo&_1S#{B7xv?iVJGdJbhf>F_7O%V zaq7<)>u>Q(Cnw(>vh&W9_E>|(Ia`+DoTK*&f)fk4OFqz%^A z4i8`4956}e&C^8Vm(JecHqZOhJ8Lu>jKe6wL1kT*7Vn;zQ1eAXJ{NFUHo>=|LbD@c zhu;0*uqbdHPaf7~PDl@&%-mO88+;^dhga8!@l<4dhlvr}#Zco_+4;3J;;1(HXx7#! zl@A2*P!V<4gCOv#SQC#y%F3M)|BEKRx8o?5A2I~p$> zX;V}RV><2M^c(^DUc~;8uRo~#d;U4bvQO&OJ0eZff_9BvU+_1&?b+rzheWJoP*4f5 z$ww_=3^@%CpCmb}1()yRPbLjyn+=tcZT9MP56I~ow^}ENXctAaKx$2LpZ()%nMObR zX`5%)!oA(gbWsSH>Jfw6ZmHSlP^GozjJbenn(BF|o5%s*7#p7IrmYX|;(XU*Pxx%> zpMx#5Pn4qD2lMH-f3x=kGxe{M!MEH0Nd}?sKmmCmfZyz|-5`k7-|Yt9ZvQTW`!|2q zgG7eQ{6q>$)Y{@ZF->ue7Z}x|%8JRTpX!B=?zL*(nzpR4g3bjy=!gqJK7zVn_GVgjkT)B#+U14e2Lh5`H6aZ)UWdSh6U^gSz9499Sv|9A|4}J%hLq~ zvR9L1Ki^MRwpE@ktR(qXp$b|RCzx784|DjxF^n4n44Q6h5L<-J?u}Xc3%>zz4A%s8 zOsBm8Kap&$7t@#s0~dg;D)paZd@U1rffwvog@q&|Ff8u>UAL@v|7*$wNygvHgrTKB zhsAGY!jE1q4DAC^$V9}o0*ZD<$a=zXD6)E_~*9W>bhitprZl$=kjO@Zai&tu2xh1b3Ai4HAvi8_JDt(-xYy zM+TsroAsgQyHL>B&1Qh!9epG|*$-bZVRYWRHL%Vfp z5bklUKzKy4`2kzh-oOwnpAD9bIy+l+5>$;}xAXanT1impbmdCCj8eBp7yd(VMi!!qyZXvB@Ng6k`;m#mLh zdGel~CanTKawc;x`vsonS>A18z1bbSrW_V3KR$PV<^SM^md%z4%N<~U;GeSND8W}` z+F*0~gdkKAdn45`vGc)bYFSr`sr9RJ?>i*of-u>HzyZ@b0URIDs`v!TCGbU>X+I8l z-(g~2T?+bJ0UlXTGaE-|Q*~t_c|TLBV0Q+EajjDakzhCfEL%L2G?vrHq42% zAt*l&06*nsk3o7{VKkxH1)W) zsc)>ec+{qHmJBd`S*sCQq9Vk?Y`mzc;9y;l>@ETIp3v`EQBMxjNplr@+lM4Fzf0v) z;+m0jkjYqz=tDmsj|6=g)_YhuF@HVePsktTogqb;AXS*xGXJc`_Z267!;77cR)ikg zhCzDxE`s*L&k$GZOY7HnO4n3*>=>;0$R8x%jF534Jo*BXZ9+sNYwR~qT=;VIvvwRz zCvRiI$&*|XB?^SVU?n>Q;|z)zA7Yb|ZNO||dF$qoMQ2O*P~I%Gm83vWZXK(peh+Y! z0!614AnC8CuU;)36q=>Eqb^2a9UelTBZY;LrH!|6_jQpC9}wZYip4aZ)x?wHH>l5i z@s6scwj<0GOMN$h3i*D}^0eLRke_=hIz;<4P;q(%(-bPF>+s6iTbzB)?GmzeX-1;j zznIDkrI`Jk?u^1Fn(2k%YVU(#ZtLQ3fS{%};dRt32^OWwa1&s6*!){^sO?#v92Y7u z45V}Ct_Sz`#fNIW;=X5$r1*MLm~)^|$R|du=Cq$Xtq+H0eV(5~L%LbdDhjD_G1uU7 zTW!_Gj>7b?f>VZXRLtr!3!e(Xr8g0`Tmf<8^A00>zaI?Qf8@Tk^?0M23DNza>HY0{ z-C^UD)lUeA+R$7llDme$SzKRX-)|LOd<{A1N(G(p;w6X*AIZ|yu-$E4j_+6j2g>&4 z4E$*P&b~V9EspKS5>``_lqFHrYP3x^?h-~FrS7LC2V`eUc2#Y!2l}u{-}waCNr*wd`P6w$`Tc+*05=*t zy8cxU?0}j2SLuPQ)4!An-oM{8&IF?Tif&of>Gv`rn)T0mAgt5amDxtULG#j=(NFoj z!I19p8C>M;&;1~&c$jnKdEfR;s_^jpIxElGSK6n)l6LmLbjyFxrhEJ~GANt!yMdXf8dR8Za0yX0VW=U| ze7Syv|J>?W7llK}IFib{o*=XA2urdhi?zRXZ@=@i4%xzn9eTToUw|d4*->SE=;~c3lAO}FeipR97JK=;m-cDbzhUicaS}5XYQyOw(Dm4M^_d2 zElx@93OyZ%JPS;um=b$i&xQ-fY=$96Vu{7EoEa|tB+S}HT*;5$PX_M`cTQ7h|9%qdS4+V>`nUkoiK zN3kCWBdf{+MuGnUoF2JdIgRS!)Qh0-l;b8e%nnO5l-qRs&;zlh@o}o9hI?$O;6p>Y zw6lwO4R#Xk6$$Y0M{@&?S^cs%nlqb;t~^mbymj?n9T7& z%&H0EQRW);RXS@Jvry1bTFeLoF?-u8a}Um2)H#~^NhRVyOFIr(!L%S&zZZDAL>}O> z`~0tq$|G=f(<9pS#T6cNyN-qE^p-2SW#uf> zwmY#?mic!-PHPx^kS{lY`7-u^e^O+TE(Qoa?1|7#?;H8h@KLAGs;)LOT`jVeYfu25 zvOOl#!k+%&=JE)vh3U<0g~g<;;ouS2)NseLNoL}lqgOi7L3!d#&TRmOI9wl8dtKo^ zz|gk0Rv7Gx6CILYZzHp!O!E*Y7YV5y7S!?d`yS2>25~`Kt~^`|+@pw5hc{+%wByL! z(ZwfQHuYd^ln^hUYKTtwQiOLtmiUs!YY^`ybVZ9M>$om13}v}1>xb|*noXNVmf1T? z^@9o~n6A)K4yO$LxV?QP<4^{2KVM6HN~Y9>KZVZ={hBtc*&mUyALAEDZ8pb_@IdWHfE{00;wOfF zC>!RkjBE%G|Da7I=j^4?6(Ju9tt(T%Q{^$*D= zR|fNL94*Dn@0(?HpAx<0Y#C+KUZ2wQJIlXdhCC9N;1*O`pZ;#2_w z?}Eslgy$}(Qo{}3U}`)N2j4b{^at+{$Pqzz^p0_W2U-0L$A|67B!OFFYUH4lY51l)%HTscenH)HhhxPN?IsXiTAQ?QIt>pCG9uIzTI}j~z8!75 z#CU1NRPVfYyaNGBb=o_JmA(eoMY^rb6-U^!!scxKvD9~F8TJAqs){wkg3UBbQjpbd`XRMU0;9jErrxD;G z&$8Q%GWzv=g-_$mchFt6^fZ0(4Ac{wZ=*9M}l!P!g-Q8AlPEuE?xV>wO;?t%kX#x@nRyM13QTRj zO~IP{VZtr{2%RCPbnT8Lcy_AJBqVc>wX`zV+^iHHM zGuo5z!DXpKWd_M6%HI?Ylgs+Gl-^}l{IH=89)AtrnqL^cDzm`wz5O3u{U7B_^3$&= zXH;f?FK6a8{wQY%|5yrEOS+GUY5K%vw^y)y6 zv!=-h7(B3Z_gXHMaq)Af31jSUwEievhpl#c#-$IKeRvX@L9U0Cxs6{QxH90IgZSmv&{#J1)8mw;G39I^sSr(ihvsY5_l}+bvK*zzJ~W0l1BF9cH_WqiFNtv zuqU(_-Q$j0fOUeE$7k*Z5IkA#tehA$0AgCyvOIwg9@d_$h-(3My69zlJNOU8d|XnT zb!m2_4eKlI@MZ=y%!4ol4&w7k7?z-&SpCFV&Qca%YA$j;&aDXsW&bMQvj76$y|CP- z?kbjv9O1<`L^ban6bIef<{6?Rtx^5mm3Cy{5G!@xE^*tHqB}d@zrg0I8G$%A;5t66 z2YMKMu`4@2t!^W3LZh_|j=rz;={BjY!t9LlB;qM=qnHYp@#&Tj9ru7lRX4iU7f35w z8vWj;_eCCf*A2omnV}>H#@m^4F7*0)!c*% ztSn}RL^iSyzvp%3aWhtW2i7ph^6>;P%m_dgMxH1sV6qjYqxd z+M#&vy~muVR``195@$Nd7!eZbiw-45Wr?#phC=ZKSwGZ%iEuJu%j#ZltdB70Vs7e^ z0fTXSOnY+}f~`Sq0dI?lJ9@9EzVCT=n)5PXLFNN(4KBohdC8hcRq;0hLlh!@7C-K* z!0q((gf{CNE%wZxtA(zJfd1h;=_QKV@PMLW(gFJ>8z~A1MH5rnMM^B!QxB!>LiM7D zeHkMVQ;td4DDk{vTE3MsL=u;sPnL##e8Y^~CNN=&Fn@9k?X|fzz}S7wXHs$ntG;~-ZqU2P zhNGdFGtAQCB%5Vuj0ZBT<(@e#(X6smI6s_T(@Qp@0+mO?M^%JcpoX4`Y!Z~KqBT_P zJ6ZLluCCuSCFJegJ3%!%*x~ua=PVINYLa%6a$rhjLZ>(B9ktt_@zeTc6Cm$=EokM{ zbHm3QO7OMz;N1o1e61rAaeQ;2Ay_O|&r&={ z*jxCd!-{p#I%g&`jOz2@$InH){UKwFwg{-Kh7yVwj)nAO@`{}kQnzcDN|$QXs3`=t zdQQr-sC3Ec;Dg2C>?}3|r&(LA z$!c|Vu|siAB9v%a6K5<@BHl43F$3)@DiR- zeI2o|?Zl<%%S`n>4%mxT;cRtto5Nzk(o5FpHFc2G_NEtQk0{>8)LVJanfo6Ys7iOe zh>HAcY_NJ8M{Gq3kTOmV%S4wU^$WI%e{L6I$p8|bkM#;@QR8}>?LNX-*Ve$K{PbbY zbSz%!)!9F<$ZvYzPGis&t*LMH2CyQC5l^{3aWPl+j^E~+wzPRR*6jj_$tR;4qR8Ez zrSc#W=P@Ezo}a1Ylhd764=%8%M`kq2Z7$)dtzZ+H%po%V{pAqE)$f%<>v7)GTZ7wT zGc0$-N#MwV*LV%(W}fBTZL__zC>t@i4L4Cx#=&@Oq>WU6KF83=bXO(4N(V*sLD3rj z%AY`(SDaJyOiVXWJ3wv^w*lAlsaKkN3l}t^(%4+UMmKXg0o^|%g07jwI_1Bp40VsK*^TV#Tm3HE!BYp2_Wp5>Xs zbxoO1s$H^GSu$bp7QQj1F}z9->3)Z0fJD4tj!Z2+)7FRDSEq z{88~TSVP4c3!SrpU8mHQU;G$4>~mzip_;Kf?gj}iv)c#?-v-->EZ~<`bSLpcXwy4! zrkfIS4ph$SEg_!th@@Ym3g0x29LtcE(#9KX;LVLd(8?PS4zC}H6frnoR`F`)9< zYc6fi#MYIE^P!T1i9c@c&nJi=h1m}54$V_UnLD>aU6O%aPt2h35&V=)8X z6CFH^N%Grj%q~OQUDf+D9!oUbX0w& zXd4tw<&=TTFO~v}XZ%a!6>9Rwyo-I=u;)DVCe~#aY@V7YM>fHmSPU|=HI*e7-8o`~ z@gpbNj$K)7zh2oIH-kEr#~J{LHHDfX7FgPoWu)HKGK=jU#hu(irDk<>0xQSu;K|0>dVH{#m#3dBQl%W z95LnDd@5Fy%&Zul+Va`0w`Hdf~qd6mRyQGxc|A z9P^!y`1=b1s#1h?uS9yIn?=HKwNzU89x_W-Hx*e|G7fh_f<4r zQ96MrzwZ|MH)I9>Hran{yaO)G<}dv-S>PQ508SJ*Nx*uwKmJJ1aw5J%)Nix#C`LUiTO>0q@BCQ-KwMji}u|kV_K+ z4B!p$kutCLFWaxc5CGtF$p6PDP4$_Bw1UsYZj1rH00f#yFgwTGBG4HC5NoTTpTafh zFpf6(L1=HG4}cy0Sn~1>rLoY4f9VU_=LWNxcl*f;d9I~`A01JbRWhqc4~A6?B!`(eIKl>_@t=ysC!H@Wl`c8Q~sTiP6oP?nNCSGErJ^EF1V4X1$w&oUNXZ=|3Gq|nA|JH(yWVQN2m9flNJvPTndp57AJ>KCw1<}NE$wW%(FzDHnFZa~KByak>be)&6mX??GjrQ4> z38-ZuMDovKkl;V|xa`CzKLtPG@ivgckZZqTNWMH1`F2jOblK)?S=bp5Z|*kG*vZkQ z%2Xm09Eyze@pRoX1EhT?O}gjVyOcN}nh7tE-{R2jwv;MBl(bj(1C-090Aq;3n2WA> zJNei)zdZHF0r5Jqcj)us3!rHeb4}m2Lcr;c? zEuBS;zW)LKxqc9Br2?zYHUQmCvix3r>c+j2*FgP1u?j5dqoFoI-^bz(1&NOPYI;Ln z$8535j_*;}y$kUO@cpRfwx`W{4+2rV@QmPZiDF9@BNXprZngDvgbkS&zPJ~0j(j_N zNQI)K4(Fzq>zxU~b5SW@?dW4(oG2}OGdre(6lkVVe=OdD2-&JB&{<(0YbaW~yw;}n zn0cVUc)F*a`bbJmdTwgZ1P1QTI7iCL0E1B@<>&_Sgza(>0y=PYpNST~+HL;bDEvoO zy6OFJ_z|~;lKYbShvHPUOenZ3>K;q?j}2zQA0bd>%fjAQgmzyN1%Z|gntHRQsmmLc zs&jdAE3I>SKmCa2EzN$m1@#e#j#YTWXF=wCZ-%bi**2z5B zh#}EAs`=iBPp&XAsNkCwU$N2R(qP9ERg&&OZ_7SXgL-$*@KI8-YNkAxV7}SJn6eLO z(WG*N*lNa#e~*v1)Elr(B{B~a7Px@|Nc}{D9Ur?RFfuR2{8h+Kw>TkO@|Gb0N}@YnK6NB$KsWQ#E&;{$gBl z(L+V4?OU?`*kxfz9b`rj0?xu$A=g8YG!zqc5p5I~ZF-d0xLDF?IHvugxXb}&SV&r# zGh8T$1>f{Z1r=_-C+u-(^BSU@9`&uG?VtewA~qUYn!SXJZq!-Zpw4JzUWk-A0uQp% zu<*hL6<@e4!8t~Lct4rlYxeYc?(%5TC52b^Ac#G#%Mo1Y*WilJji6$-MUsq^FSVVX zCSwMi-+TaQ&roXC8m6_WIobq3NgO#{l8}XEBB>0Lf@X?(Qa3%`!;O1tLLd=aig_d# zOu9;=h;Fln5mki@Z$LbaA2|e$)gX+<0ZpZ`_x@ao9~DzfpZnJ(zAn~$YCQ!AVWvZO`V1dMHRE z;4KeAnsT~q+9jKB*!y>AbNjdY-^ja@VZ>#wLYX!UlU@wHX#`C)%hBH5N+k8Uv=!(i z+z|;wm>Ox%4Bd6_6B*zslI>e35+Yiz4i%|bJJ6BD_K_$AzjjIgef`%1|MkFsJ@B7A z@S6QLO@2-GQ+oFU2=gCmKe2=)(~35nh^3rdRc715oJJT>p~W39*o{MO=}Z?6fR;q_ za!_h;^Djjr0>-$A4X}N`IYZv^^c?^56I==lNERDo)UY_@LV%FUTvWRD(R}`1Vya%zHy|Flla}bm{ zL?N|zWhf`BzciPg5AZW^DruOL4SyMuC(%%Kl##jD&j{5IPI$Xt9+2<>;jz#1m_AL` zqE~pjDtc*|N29HFx|Z}Z#7!MV11DO27m$=;8{V!rFr*8k$BUtl;uXAO zickunQsx()By**;WUF8rnE^s`>WuJPX~F}Ht6;&#qqph%VP}fi+Rye;(X+QmQe5`6 zAE-1{bQHMOPOLR9-Dd|!=DB&Q4el0RBTcD4onDq#PL^Fts<^7#uz-&x} z$d3TbbDDim!A2{ujeSZxwhBY?Ucn3gqOti>QngatMu0FL^0|rN-)MTq8ST%m0Oc5e zjJpOz2{o^@&OI*A6^<-o!uvSV+*|n&T5NNE?#5?cgdV@M0_Soa-Na|`^94aL8$P%` zO3%+J1OZBtg6H4j6<-0H@8#b&{W)e(i+~_rd|4cXUrX5&8T3Zm zY_7yR%1mB47$}hr9G&8VZP24Ruh%JkBD+>KC49nKsMeC=iI~gD(>1L#IoKCgwWpfk zzfjIz-aJp=?0c%~1nI$+GNMTHPc(rViLPPWe=>>V8kNSw-Q%NSWxs+SD;k?^ksE!N z76Gn8?wa^WG=l;<7pjZt)y&RY=Pb3MZCP{dLnK5Al1DM+TPPgKIH~>&*+&N)_!rgY`3FAl-Y)PTq46)~$MHnHR#~>f>~1z`vTZZwp%#!<>V|Y0l#9)YUuL6BUkV5P@!d{X)=~DZjpM97 zQ6`RrPLg3@5W#$eZpQCWb4I1Jp`1L`l9Jz5dyJ6@liyyeDPdR5UIg6WL$E+w~Xbf=*8B8cuw_Cuw1saj#5 zFv@Acc<~jzZRw#V!~9yIEZ^eWJ|UeA7^2Fs6TX=8yp7pG8H#?bsNx6dk%`Q7m<(teZU((ZCX z2hrDg`D9IvFxu4KGU@dcW8<`(RKe>cGTj$b<$Zx84jz!Qnn z?)1WlbJ!5m=z7LKgN1$Xw#TPx-?%ES2y(;n0k|(aru~-d_gmLWJTLLr$TT>LiAgjc zK`k0Niv?G;3mGE45zc+9A;zZU>hsXL-SuM`M!A;_32_qyXQ&;gW1aQtrYJNDOm@^6 zn0voe5=$n@%@Xsl(GnTGZzlT2Y#f!|l%nnvW*5aW!nOzfv7MPt@#@1>kRCl>yG4k~ z4bVh=F@k-Mnr;$j>+nIvJbjGFEu=BPTZ>FFq~^ROoJUX~$}=O#Ph)qT30N|HHp-v9 zWPQz>OQZd9>d193xp8N>q?_f<11#q+S9!b+mfaqmdAnx6iS!RmqBQKxx?np z2b+DD*MhU810*iandH1e%ns5uLBHA0gE<3h*Pe;5MA+L2KDC&+H;ohV+|0XwHxIGK z+b~N_wX6f0W}Qi=D`HtjL3}A)XUb~ZK*5- zHdP)wI&cl!28dV=>WXZ5(i(? z=D*~NFpP{mr4=#-ERb4pUwgEo4_;C>$?R0re7(Mq7MV zZuze&a6q;1)*FTMc&b&n<&Nq8co@DFdKTJ|_#hzI>9JV*Bdr;vk_d&ykT)jtY=Bq) zM|G1p9KL7kn{zgU3f2g8nw28>yCDe52kd);a+0lcg%#s6%EPi$O z%jmL$?Ru(0j}~P{rrk+$@-*o9=bV7%#LR6QNPKH;v(4b;+Fder84o~bin{;kZGZf9S& znU>i2#&6|)WM3ynx!@vlMl04iNVIq}QYB=}ZjZ#($&7*36O<3CO^krXrIXWkJNfWj z6jzRt<-bbUvJ;XEVLVwAnNMdGK0@N-hsSGkn6)k{;GVPzJT!X|(FR#LA6Cn>11;7!wrRI3?RDK z#xt}!6<4_NBCt9Qcw3lMJ3Y{|V{?^XKjkU+L9aQu{u+&qKpGQ|%uFqziczY#N9We2 zs;vn}dEf&C&&}UoaDP>VCUOo)eq{tJtkPJQAtaVKIJXLZ!L5Cm8jr;+RM)WzsLG2Y z@H!%w8twGUSM=H-0m481!eck$mOTA{g+*W0J?RzS@6s$K3(?4BuHtY za)JmOF=Jn)fv%$bt`;DnB(Ey80f^XkD~99A2NhM^Bj*5rgs#Tjv;Xyq8y*M8DTLIK zJ~O&`Y5q5R4rv8-xVxJp`h1`0mj`A7l`V%%Od>$uwl`9>ahsFV*EH$Pq7>n)g+Z%v zNbJIPGzV5JF>Ho9G4gpxweLoxDDXpo6%}djBSRjXCd$Hb8q~jy@!ch%YB-qQs6nS9 zd)aRR1Bo=+1e~?MLBKaz%ZZ7doCF!H6{`bjqF)QWSHBQL<1yfZ+ZrLQUpLa|5~d<+ zFpe)hw+0)m6Jo4C$1NAO|9(aQ}N`XP@FoTVvH5BO*=1ztXUksnc1 zS!uQXl22)lMDjRfZli)>xJG26u0J{xmUVSupELN#yVN>l)j!rCIwp49EpOk`%!o7g z{g2XlJa#DcRr!AKQaQs#(JzM9Kn|OFOZ$4_Zw=K7nC~8e)Pi2xkEWkdnCsHR8Xpb%YP6 z6UOHbp+mT39I`1erjs`iBeZu5<;-rxzx#O{~1#Putp2~Es>kh9+Axo(;;d^ z!@!9vQoE-rlxXWFRGsR5$e}5ftkS#h?Qc z!2Z*=FZt{A2H^aM!^r7MB`T?29koujE?}9bu}9?_Yj9g!=$f+i@YKk@f;TQ{!G1&M zI`(Qn)1zW5zMn5-y6^=b{|RsV3H>F1GrsKqaD3ULg{1y&CE`_^O~~$;w0;CC{5^Vg zSCydUa$e+mqPRr-1>S!C?<7FF`z7FK+N-1*mJF2X{n6DKwrjA{__OV}kH{UY;1N2# zBF}$03RswrZ$J*hvs*laRr}0NE)J=~C5_e0H!ZNGpwpnTo^ms>CF{x47gi&vH)-A9 z_<0#z$~J6t!216TNSCfMs<} z#DBmt6%rhYZr+vs!o~2b05c}NQq{~W#!+zd$&@V8shRHrQ#;qhA66@nQk7g`sNIkW^9f=XsWp|M zc=RUl@e(|xU1sv3T(OAqV0=AyG``L_U7o8jRv3gH3vT&oxZC3^N}*S8J~zRMqeKa6 zeGNo_!ouW8Y7QqQh~*tF6TUteHw4P-tLX^?Xm^C7-~=hH6e>W8S$Wc$Q3e_Thr+Pd zkm27-Pk?@CA+0K_#S+x((6Hvx(Ee#n3Z3KTJQ(G>RH{=&h=LMP^p=r1?N+HCKo`WB zb3IQkl6?+spz5xs>`1IXU&P$*uPu|Z@TG11B|r{I;n>Sg>VAGJ4H7UAg3l5 z82GaGW9yPQx|#RkLZh^->}M++5J>#aDLZuGJA0q3Eg{2zm)j)dfzr-2#R%bT+9}pZ ztqdI_wI79n)3|)HW1u70Ic3Sirx9W;l3`Pq@S`-f4{aJ+K*LGsrQg=R$4Nk>yo2CM zdq0r5=7@DVY%#svLs{ZxjQ4XB@2-KVBW8yJfpl27RjhMv}6 zv_)ZMiiaviIBzo(d(3a`GoXmIlc=CC?%KYb?XLxl$R`=>%l<9WqLzQ+H9= ztQMP5*F^$y$s})IfT|?q`~3&joFfsjwa=93ou`D_g45tP>3oQ&b@_sU$VAr8#!EeM zG*+9Z+YGRbc%GAfc-x3=)fl3da>IPy$HGKY^3X(N2Vu#g<1gQ6-p^D}Cw2d^$|E^+ z#vpm!_w?@&O8N2(vFP}ud){YPCz&(>+;W(gk^G12v6ZK0CCYaU<$!&nKb!g5wsno=5 zBdwc*x_6__-BdjYy^j?zA}c~x6)x!5c!q!|&-5HS4ma10^ga~wqGprnHpysnv8u&VZ=%4MXyB^}8R}obRFw81zTjMyXrh*MMKl=Eq z)_L8_Gi#TiqEIL4JK2a0(Y)^Cr}h1@ z&Ko_h+%rg%;v2$K8@Nr{pmZi93G99#n|ZWog48KTm)gnJhKUT3y{FlRu1V=e@&!#k zOaQu>#08ta20U?wTLAEuI{knGFJUVW**P#qRZ*nkVXm6D5M@TibA^Z}OhkIuBFprP zQe|*674_>*q-(y!7%S?Lx_0}?KzR5fFNLTNG+<6FN%doi%U7de{pwGIlg7`6I?`EQlhXgy8j*AF!W9Q;jl%R=yMl$K-I_(aIegp&}UPgST87o~MQux5<*i zI%EEa=eO1Z{sTQrO1Yi+lCTtR_75Qc>tB*neO`SAjo@12opjNiJYh{|Z;z-bvoC#4 z299vW?o2LQ0S)c1a1*H=J7S9S+wNtS`Qq;6I_z3{RQ}WcGz^@be_f9!zD)GVyB6Lbxd- zBn~{2fOLL<-eDdv!b#7uTs3lBi{I^Rpsm<=G!J55>sgC7_TjB?Mv;rhv57GTjta*a zhLKR3&m<2QH@l9H0_jit_HJVQQr=*ZlNe51elx&xBFwdA-}4LI_jvIyFv5+~wyle- zWCyv>VEG`F4+G_`y*=b_`6kWdelvcZG%^7Za@7&uVpq1*m7Y0PCnbDB-YaZdc3)*Z zs>OJtoM95a7)V=S3b`*4!n-=w1j~{6a-#*{#^dLN!)tX?KPM1nt+{-bVqJMsci?8B zp_V4GYt`M*7>Vu}ALUzz>uaR^OT%nnb2FUSLR9QT(&Bd-LpXnou1^P%c6TFKdbcP4 znM_RcIIV4vr;KK-ZYN)7%1%|PhhxOA$&KcV+7}z_PAiBQz1J!&Wts#hTCXT6AOvr1 zN;_;2x{u#0A-dOTkNs~!;m1v;G33Cj$nuC(>SM-7VrYSaP-|zj-t-@49i^G|jL}qk znAP7<`qa*xG%+B;GXg`Eb-V@q_rt+BaIrB$*>+2Z1J9*LR8mDu@*%WMwLPrnl+#8e zvKzjCFbIdzK>|nP?~}FU6$*JUL-WM9Wp1V<-Zg0bm~nH5gS_2v>Gh&V(!)X>@TLB)$5q19v~;5XJITnm<40(I$l|D1`$qgho(EF z0OcAFVl*`moo;MHS?Ic^nz-CKqFKxpLc5yz?DZ;YOtN9{!=s*BTbx3iF*kmGhZBT& zOW0R>gy1AH zKo#-OWApFI)f0TlT(A(--~IW&6i_AHfeqACc-GMo{DtR&33+yMZ5%2m{}XsJUHw~u zz53q;o?(c#gnMr1AC2kJWE8Lu{fo~&)Nmjw3SY!~^a=fM+_^&J5x?u&hE4aC?iXwoAvetpgVP&-EsrE}$NhsQ+=O%mD)Ccr>U8rz5kg8#bCg<8nEx=xn3~)x%;EK+bY<3iHmpM z6qp{;#TLX%L34=okF@9627oEp-5NPQ@gw%&1Ge+YxbQ7Zir8q_TWCsW=i2;Ff}Bw} zjGK27?*TG(;TOcN`b3(^5kfvUY|!xV!j;`f(|V-+pv*vba1$Ct<5^M}jrk}6in@r~ z>r@-i`%`BZ`0(4LC@E5z5XYe$>NGwf=RhD9@;_n&orB-O(qEn79^>hiEW0|`#xZQ{ ziVz6GlA{OktQuTCT<|Xmz*-?>D{cO0H(YEnLgkY5&}svPJiYZ`{oX>@hfw_Gu>%pk z1jbZ2Fp#^dwm#)2npXNT#w06w=?7vsq39+amKc1ev%wi5v~CxVH|;4`PVY-ZjPt;h z)CY?dm$B7=nXvVozm|A6&SJwloA{vigSt-p5&FC933=gxEG|}Hbkk_m&#}`7 zH0#OT{E_pPpamf+EIe%$5kFVVqF)sXQPrQfhY`{m-NfD8)2tc25WTju>~c0*d=9Qg zyjcYiIcKo!Q7)(eqpe~NWdqAK^{wPXi*KIU9xAsqnZDuWSGJR&HccDm;HKVmb z=8n^R&n4(j4>d?2U8nm|>wb(4<<5J`-;&~o&??TYk*Au+9i99{G1XC3wpfuego#6d?HvFHZeX6+qd1a+bZmdk5xJQ{5FX*@Ej=M!3?f*xgHt zc#RJKjsaByY=@j7ZK1^O$Ts(nHt-%yLs)d1Bt)5hT43vYPgls2^J!rRLoimSn(DK3 zaHPayyRN}CfeNf1t7}t6v)Yg?X#g=`5|gY6UAY-ATv!jyn1^rRfUpZ0IcoCmRo<&k zm4|wXC_n|Nw-R%UN8R$Cr9$>JMry!-%YKpCoHfE}s+<}H0n2nvPNyOfN0_A}>QHL3 zxsLby^J{HzID4QSzLY~hz{Fvfj{w=7Q<3cNXjU+Li9#(YU0U(HLIL(Y`56Z@zSs}x z1`?q0^UUo_{+e(A_W5TC2VfuJDP_?(q>$q^(w&b}iy|>t0 zZ!=WT?L_P4`*dkge0gI{1L6opZ2|rO2MHdDbA#CB(3TrGEs9LF!$g#mh{M3+8;JcE zlq$xSAA9@G;DeDwaeI9gtA7NPj5NAp4JIbz-de!m@^`?3U=$GA^rtjK{cSJJT?*~@ zbJ5T-*w%I79zCTkxa>f%81jOc%AST#jbxvt|KRD(Slw4{JnmY+K78Yjs2VoJ*h_7l ziV3p8tB%$<6X2({f^HHwV93^cV0S?x3TRHHHD~l`^ zVr!OX+F;lq$pmwugAhfC?N@!rs(}EwsQ5mwU&FXSRl8LnwK#9g&a+W>|2Y2|)!z_X zYOa?{6*Ixl9+WYm0A$V~6oeE>LQy*5NMon(n@F*=oTscXez5<@>6lS`g!>GO4?bq~ z;**a6wi0Jpjil@wHa>>diP^aDYdUnJ-KRMLq2f)|hisVPlF)&_5R_pvsq}#2-jTKEa;8a5 z8rg$v=dMQG54ckD0Xh*=phQY}%q99Cl2Opr1(xs3{Ug76X-U^OI;@GQV2qi$iCej5 zwZmdyY}xCp|PMwmKVn&hQ#609eas4}X=iM0DS>R2<7lTPGQf#ane*Vp#*s z>n-H94Cz4ja*4ltgB0Y0ygR)42&aUkWxBHp)#ATu-GVVuPtX#*ES-ar!fymmH!8xJZV`hM}cCA%6d{>Tt!gI!hnp5#IRcErnvX`it zEee;MkDLnVHm?g8P*|0&r=9^G*w8rwm8S(2GJvI|e=LR7*;7E|cAds@!CN?2HZcsA zQ>`}#HjA!-RoaM+YWihzXGok%-EJU++LH52sTt1WI#hmQ>MabQsW)%&$W^4e(-=E| zWg}+($DW-{nxT<+CYGjxyHv8PwC~$qo#vJDs62ETTcQBa-zNWC~=M?^TlA?-#7dt)isgTip_9P>6@9^_g zRK=&7!Qx8JxHtQPCI*E9(E3aje#u|i1Aye8u?GMNQKneb0^P^jQJ1gV``zn`zUpFW ze!oJ-3fhk~3HUFh22`kjB}z*^)r8>l8DIEuR&*Yg-L-e~Xe?^5v;9o327x3f>6-8& z*DhQTRXfUmVvmheOK1V2I!D*zzVO0)e-a7qNJOA6`*`Au;yf>*sZd)rV~Y1$RmfE+ zag3#RisO(virbFqH-U4=XBI698cTT7!m+_D3fYXzc1BzIK^4A_EX>wsz;Y!#tNc=# zqHgr_CB-)wn$#OC!~5W(<-r`Z4A^ITt_GDO{WNC>#?p-4iK=0Dy^UdW&Jq!m3m&wgpRVPe!cnEC z5oaa|4~>lp{sFk*-DM+7SIyN%s#eiNst_7x%YF!J5MWugsN{MG5YGOSLh1$YGj&h> zhGg2QtX{D`GZh$-bv9*6g5Tm^Lme^u*6`7{i+9HqYORA~ONz~o#Ee-@@v;HgN_kKE z?y0xT_n`?~s0Y4FD6i|5zAEZ_q?wy|{fI+Fl05e2MixxV%smrgcSP`Ix^4_$l%cnS z1R^>^iG6deU!n&w5v+tVP<3Zc8t7&`Qh!iwbqkF4PK?UtyAr5s_SL1gDN=2s7?g42 zde=Fmr@2699`h_YXccVLYp(^`_EwMc=U2gd2xok=s&Rsp5Mr;-H0?95gk{6Z7q58| z5gx${!7axwZVg44OcHyP7aY`F6$K`~B@7f3LJd0MKSP#AL3f*1AXZF*Puu$12!7X~ z6V2a}F?d4mFE_#1M9EKD5Nj&Lo#yP-0;nFhXNfK!>;n+y8+du-*)L#PXNVC_!s_;4 zZqvCa$y2tqGajk17Z&jY2WF#Mu;U{CY;w$j35ymNH}&)0ot`>g9h)Y+Fq%WpASPca zo9l+44PPumGsrE+u9V?oV?X`?-2wGOX=**)OjS+}SS`=?C(9fp#E~(?pqGVF>`b0& zrWJ;(Ug!&!DNc)0C`rLEV6=Soxuk!+qzB-GwH=m#6bgtC%Yvk^x@vMn!ryG<0lC%sBSdp5*lpVF-Mh6OaS zAQzDDum;C{FW#veps1@rL65HWh$^;B|M@){_SX=acpDMVAsmDutv6Xx&RFGkPkUyB zRp~dTEMZqrf{Kx{fJdC|8-#XQI-(HB z8_P|gIsAXyoMdV)sOvZOB@*3qao&?9C}y4FX9c&rjGw#bC`9DqfzF_>Gx5>dYl}iF z%u}$1J9%UVibW-{MF1=TIX4DncR^n2XV5!;v0w8i`;mOU3Hp-1@+|PxKjT^8D`*N~ zl>5Hw5fHoS^k}O*D7jhWscOf#LW$S(M-_mGvL4^TU9_|b$NRV@LZvl(4J^Biy<0V* ztnuXnWJ!-!gOAl*6+s^e?bn06M?@J%Bme`+J0>SJF7PX##ZDa~8I|^fDHs}zKz)a! znN1V;TV!6$*?n|rwB+NWs9W!HWLvS)9hbnGcTtbrlGxHT-CW>WmjUu_IS#+wuEj)I zbRy@4%j=0SW_UVSE=?C&0aPDk=AT0CAT))C7z%Qs%2M*q+OEfWLj-t00jvIe*J;#T zEOpY{?eRYnY~&q4F;IeH(pDXuB-u&GAV5|CD#JynwI|XMc3R7+o``4UQEzJSVjSw<87>Ids%rzk@KrVkl#+2ML_LN@Gb>*m#<(aQ{q<$T5p# zV(p>a25KCY5VvbT1U~i{UBo1qs~Rk4lq-F@1t(NG^YvtGeC!!Ms>3T^$d*WhP2~X5 zP|{Rw_i%r7N=&kvHjSkO?KOIk*?<}Kq`naC5&&CIwKPAKyJ)LNjjlatKe*ZAPhz(* ztNr&+QTQ4dn?l0o%CuN~aWew?S-ky6tWqngn_Z^- zWKv6R7YQgrgb?XDxI}FYe>O!Z>IN@gU)ZE(%OAWA?d3Joint36Zb^lF6Dav_V);dt zn~ZzmI5GwaUVtbYF=!+$@w1$wZU9JnNDo`+8E7InaZLz6!Q$qF^sT~rNlwk&9Rj1< zX}jMeoCXY6iW#m_YkRNjIzZ6!6w3?%;dy~R#HxIk3@KiUm+bnIA;R=|dGldLqYDLo zYI@RCe^Zh9C7m>C=w=ymAyp-uxYoTTu-$#EAdsnd;k2)j!Tp3F@>%9Ddje#73n9Bfy;H!d&+zy*&S`?824F~5JE2f|nYsr#+=T>Q%SxZ3XNc~=}c11X8_^3GJ{PI)e?>q4f4q!>)<&a4J z!nc2LP`WFC*&ms{I70>v>R$>Ah5s%rY<+4>q!!WK>XH?1f^|1fBrJ{Btozsj!*_V=8CU#e^|EBtL1Odc|~YwWVbE z9nw0gx9^N`p!*6r9j@O=q2m0!Q+gDOldkOhpQAeE8htXGVa?M3lJu9?sdLq-Hc#xZ znk|jaQyXf^r*B%D$JSank5j?0k1!{;Z+H8?v9v14H(`q_Q}kHrxAy53T`UE~a((YhKuUKAqcw zCx5%b)bt3dhBpOGu16nUNN)hY3yPI~k<44bbg zY0=7`{&?)10!rJMA)6~n$E6f?N8=ZkI?1AB3WNYZtJiwQP zqc(dN%vVmRfIMnCrP}BYdlCJro#_?a8&zxI;VuSd`uK742UPGQuDb;6K86OP12Bz# z*TjcH!M*Der(NsKDF_4&fJ`Ju*rnk0qGPKf`JuHEz9FN%sfDT(mxNRA%#oalFMuwz zI6djWNHs+TZ)G2$S^l*iXXmAQz_0-MY$9zf9Hq=ES{leba#TDBXEQW~+Jt#opl(N1 z^9M<$U1tm?J9Pc2y?mav^U-WQ^TCzv9v3opR&@6BO-F*wO zyQ%)Opx&KE-kZ1tVU7$cZ%?daZkjFvdnbE(@RDFXK zZ0xj>EX2%~cIj>^nMQ{w!d`BgsFy5Lr2h!>`-@{jKRM>#NZU)1NcerY`9Q`L@${%q z-pS@mF(i}mdTHIf?oq!B5IA=`#^*M0JD)H{06LW!%p!-^V;?qX`MmIflLe}cM~?Z@ z0RWltbqDe1`Ed~X%$wBsfO`cj{2r>6FU)IN+hArzIVLZoMpgZG7VrX9kOsEz!gayX zQ)C<)H2!^WTT_1SsT)`f+Hv3efv0l5`=`5Qb^MxElQ#L$w-`PUmZ_-#7{;?cHRLq) zpDl3`?cP`^SJU<(ym4ch59FeSmIoQgV#K#6+vKbRwbNK31mMY@k=$G1Du}WCD zyhtSen@7{KQT%X9A_2?xbBjWLxs}AqV~ZdQ)x0D7%D2%?5QDzWsmBD?*sl5s?@w>L z`XfjkhCM&KZ3`Ye>FzM}ad><1YmCJDe}8x_C||gZTZwTLk#&HaDZKT=)wD%L8L537 zfljoF(DJF9$Vmkiv!ta~^dlRN)5w#1wklRrXEfQH(lph!ivwoc1o&??&R{kYyj{m0 z-2UjxTE_zX_yseJtQE#;m0>&!Mu@hivl_gG5b_|hj7JCLfs*W)YtSXQt&YUvy&YK5 zqU`+CP#&<0FqXU>*$%_W&HI$S*~TH8RFB@V?z=pkNqjkZThlo8ZT(td#%W7`5r?@s zLy9@#4MXGbl4BL#whHp%CYx5RS>+V?${B23oh56h&kr;(TZ)~T&$=228C?*7#R=ut z;mMHk#MrHSz3VA6K3MPNa>+NP1`gK!Zt6Ev=J!oB?S~jY|zdy^4mi`R6 z`=e=MINJ&iLVp?bEX-?EEEX_bHh&L~G|}Qx1^NV2RTC5QSVf-QT8RN+z|kHivLrQA zgRmiZipTW8X}c2hDgY17DwcVW@+1B{VTNsibr`2)FFFr)CCp-iCr4T_oY#%uTTTID z2W7mM^2N#gcP7q%^S@0!5tcA!8fA693HpOfPa36g$&@g@Yb-1RhT1F8c zk$wSjS(JC>1JwTYH7;Y5AB7$Q$uo+fhlr+G#OLue0lKemo!TeXRSAg5AKUIc9u{d^ z8*4o{5={w7X%-{fRO#s)$3nW4`+3>a#XLRa9(5?PsmiS9&39-(4iil9-chL|oRy{& zH;ZPT*61aT(Ck-M#b82|B?EhJ?qg)lcde+Tov65;$i#5=R64^Y%bOHDUc%Vm>e2w?kY}w zjLy5znhRE&&4&>xg>W`4+ers!-(!wY;lyMN4iJ0zceosIdkLtGskkz_pqqDUzgvS_ zKcTI|#6}aLjEZ6#e?8>OKv|c^bPwYjy%`l7W2P!+)r3ZFN>Fz@rKtZjmgY;ZQsHTa z|3kpAQDsv>>Ce)Rjjq~``W$n4d%{!t$DSTPYr6VPEx%T`Tp55W9vBmFpaY2r^jJ)IqhNKCr_|C_!MvN`g1z}FUjE(3O#xY* zG8@`RaXr>Gw1fl2YFc8c7sLzm9v3djwi?}FgcH?m3HJkLhIo)(C}b&E`Gqo2ct-Iv zu@Oo6KG$9RC%!y*b4y)wBfn7+-FjqyE!5U-CEb_t!*ko1Vn7EBc%u%v43+JPkMNic zYjC+kHombF|=r0!gazWXRH~u$UiW28P60D+Gb73V>EZeJ{LkOGGPUCH{ez z3LZ+L{y$5^_zD?sUcEH71N_x&VK>T2mYeagu}k8zXF#Y-{2hn7v2A{@FFV(#MYyd` z!N^(5K%&wWLQ$qWJZH}Gg*&`I^4BMZh)e@36Ua4JLTI4-IbJymz81n#8rw6}i@8So ztJIsrRWA9^hjldCRn{s9o|q|mAT?b|g;^oe%99wb4-LbAOF(rmBa0Fq>2R#O*CAs1 zli+XsnP=MAbmV)E)y7TsL2=mZD9nxGXRY;uG51{pdtxJD#(T)#dus>3HujqM4q^W5 zP%T2x8p$iJX>Cm#Js8bPNp@$|`Qsup_FYCtlFO4MZC&1{97ykHJT;0;?VZ_c$9T)p zS+NtUl}MN+4P`8mXQrGvMj7`bc}cn#Ojp^uf*u=&hZSv}n60;kGY(nl;D{|s0Nvag z#X>-=s=3{OJVBVk6s0g26Szz$@W+p|PL7mDV8Uh&X7OqCR^LDLoZD!49B^$$Q{TVX zkNA`QMn5~VeaT<9wtxx$Y-TD1$%_3 zsM)Kor;S%|FNq={c^$!NlQE$2&cjqs<9u7siZ@Ul&GtZBxoija^Q*yI95o3XsASMH77*~dT;zt58 z8>Q1Lrqc2o?}qjQXU`z`^WQjbg5|! z>^?7UdX0Iky7V%~QN!30%{mI=ijSe76uAO5JQV72`T<8hM~5|{jf z(PpElNv?_#>b%%Iq3yPxYT=)3z*ak!T=RMz>6M%=0hiStfyVEa_$cbIErW}eo=)AX zsOa_-@&~j{wC*zvZgEhoifcjfp^-*89m-On0)!EDIAtx9GwM$&^wQx_$3_qnbgJIY zB-~lr&pJ0@8V$CKjT4bfP7N+cxG~9!r{|Ilcj(-@!i#6MDt*536xi7sw_t0~65cEhx|zBU2Pdn9B=#2SalrGIYWvssOe9rf5%F}zq2x9 z(c8Oi any any (msg:"JA4 QUIC Test 1"; ja4.hash; content: "q13d0310h3_55b375c5d22e_cd85d2d88918"; sid:1;) +alert tls any any -> any any (msg:"JA4 TLS Test 1"; ja4.hash; content: "t13d1516h2_8daaf6152771_e5627efa2ab1"; sid:2;) +alert quic any any -> any any (msg:"JA4 QUIC Test 2"; ja4.hash; content: "q13d0310h3_55b375c5d22e_cd85d2d88918X"; sid:3;) +alert tls any any -> any any (msg:"JA4 TLS Test 2"; ja4.hash; content: "t13d1516h2_8daaf6152771_e5627efa2ab1X"; sid:4;) diff --git a/tests/ja4-rules/test.yaml b/tests/ja4-rules/test.yaml new file mode 100644 index 000000000..e4572bd8a --- /dev/null +++ b/tests/ja4-rules/test.yaml @@ -0,0 +1,29 @@ +requires: + min-version: 7.0.0 + files: + - rust/src/quic/ja4.rs + +args: + - -k none + +checks: + - filter: + count: 1 + match: + event_type: tls + tls.ja4: t13d1516h2_8daaf6152771_e5627efa2ab1 + - filter: + count: 1 + match: + event_type: quic + quic.ja4: q13d0310h3_55b375c5d22e_cd85d2d88918 + - filter: + count: 1 + match: + event_type: alert + alert.signature: JA4 QUIC Test 1 + - filter: + count: 1 + match: + event_type: alert + alert.signature: JA4 TLS Test 1 diff --git a/tests/ja4-tls-quic/README.md b/tests/ja4-tls-quic/README.md new file mode 100644 index 000000000..c25a1f14a --- /dev/null +++ b/tests/ja4-tls-quic/README.md @@ -0,0 +1,70 @@ +# JA4 TLS + QUIC + +This test checks whether the correct JA4 fingerprints are calculated for the +given pcap, according to the [reference implementation](https://github.com/FoxIO-LLC/ja4). + +## PCAP + +Pcap was taken from https://www.cloudshark.org/captures/1737557e3427. + +## Result + + +### TCP TLS + +`t13d1516h2_8daaf6152771_e5627efa2ab1` which means + +* `t`: TCP +* `13`: TLS 1.2 +* `d`: SNI is set +* `15`: 15 cipher suites in Client Hello +* `16`: 16 extensions in Client Hello +* `h2`: ALPN protocol + +and the hashes of the corresponding sorted extension codes. + +### QUIC + +`q13d0310h3_55b375c5d22e_cd85d2d88918` which means + +* `q`: QUIC +* `13`: TLS 1.2 +* `d`: SNI is set +* `03`: 3 cipher suites in Client Hello +* `10`: 10 extensions in Client Hello +* `h3`: ALPN protocol + +and the hashes of the corresponding sorted extension codes. + + +## Reference output: + +According to [my issue upstream](https://github.com/FoxIO-LLC/ja4/issues/3): + +``` +../ja4/binaries/linux/ja4 tests/ja4-tls-quic/input.pcap +- stream: 0 + transport: tcp + src: 2001:db8:1::1 + dst: 2606:4700:10::6816:826 + src_port: 57098 + dst_port: 443 + tls_server_name: cloudflare-quic.com + ja4: t13d1516h2_8daaf6152771_e5627efa2ab1 + ja4s: t130200_1301_234ea6891581 + ja4l_c: 30_64 + ja4l_s: 5749_56 + http: + - ja4h: ge20nn16enus_0f5a7a41a252_000000000000_000000000000 +- stream: 0 + transport: udp + src: 2001:db8:1::1 + dst: 2606:4700:10::6816:826 + src_port: 50280 + dst_port: 443 + tls_server_name: cloudflare-quic.com + ja4: q13d0310h3_55b375c5d22e_cd85d2d88918 + ja4s: q130200_1301_234ea6891581 + ja4l_c: 113_64 + ja4l_s: 9285_56 +``` diff --git a/tests/ja4-tls-quic/input.pcap b/tests/ja4-tls-quic/input.pcap new file mode 100644 index 0000000000000000000000000000000000000000..464a1f838ff0acf5a2ef2919fff6ef0e0bf006f4 GIT binary patch literal 39990 zcmeEu1yEeu)@I`t+}+*X9fAb6;O_43ZXvk41a|_#-66ppf(C-S%QW}Bd*{FJzE^Xn zDm7J8^_p4~ed=_7`&(!2^{sW-`^@y#<$(gg0ss324gdkZ*)g**g6jqW7y|!(H2@fW zn1=l+R_dPTMd+$NEF1tp2Ps4Z0{`W=(_ha306-`pB>(`Vf4nirfTs8k3(}e^?rQyd zqz3fmC7KQZ00oE01pxzt1Ob7D4WH))9svNrLH~hxeFOr~1-^f^e_;Is7l;TI8wsF- zvz~L8#-eks!cA+V;6tQZ-@%upwO`V(-}*zh(L7sSAML=AOJNW(yRR& zenfwppA8Vv#2*P7DVhlAgn#hjdPRFhAwB^CXaV`X+FwyX$^S1=u%MA*$p4Ij0R{pJ zyb2(XU|=OJPUr+_lerGn3{XG3qqxqb&=y>L)K1S9G&NZrZ-j}uVm{NjKb7B2ThR`L z=S_i14^L-8J%3;fh<(P(1!XY?5Vf?Rf}nz;f_2e$F?P{)F^!dum2{zYp#d@hSpY@= zI}j)V7WUO;04x9o0Dx*_ZRcWaYHi?XLhs;WVZ>l$X9K_l0A7G60syeUAL#vk06y># z761+a3Oq&%{3sFt0q_RYoCVt4+1Z|vnSmJq0f2Z7JOBV5fC4}Q2ZII&2Y~>ChJXNp zhJ*wG9s>Ya0ki;W;Fkf z=z(Y;z>h#d^6-FxgMk5X0brm2P%#T278npaGV=AC&;fnF!Tx{#>owG-#XT@(sF|Ft%F8o%su^2u+Dcyyey^5f#}z{?dMU z?xJ;$_qD0Q){Izaa-r82oeOD$Q$)IsvWZRXTdZ_*=o1DbmIP0W&MdpC>s*yH9QHL( z@RPG?Qg>dBNprBv?EPzN18=sH`-9T2-6GYf5ShXl47--CXJqqIH6vy>W|>umQ3o~i z#XlsGE2SUTaL8}$w0&~w%ayJGS@3w&j_t@>s$(^(TzHR!tlq z?=v%^SCj`bZxo`iyf8>qKFyp+4imdFfoz+Y+gf1uPp~*Z)Y3oEbfKrM?N(}wRW4Ql z6m+dwU|aboeCMp9)V+f4m2m^kR^*(8>aJ<?uJ<|`Oz7Kt2LG6${FrJK`07v|2TP}ZkQgI zjCUSeh>?H7+m~yajrLi=li&ySwMv^-VXM>U4ito+-=$e!7IPzEjA!LdP)2C|^jVHY zuN=H!P(fy?7(|grl>~ooRK{Z+*QpgFDtPM~uUvX$)TXbVe0-m&O7iaTmKL`@ozPv8 zJ0_|<$Yh{205L}YQ5=D{t0-yWMc0$cR@8z-zbtc+0vN})}il*i5v1)DE7 ztYm#W{F1;1mzrkC+SjX=S>br1YRC!cQ5zv23?ae${js~rp(=h^(|5#;seoS`4RdME!-y9TN*r* z7vb4RM)21Br+Z;pS{T^8bGEzq1Q!mAwIs#01oV?5hD#ni!Q$ujE5YSswyn3yN-7~~ z;D}jMLud91bu7y{(iEC84z%L23WE%T4#br^ygFoq2Pdv!^?crPPue^D?fD6n^8H5> z>Sjif3_e#WlvhR7RkCgMv`%Ij>y#^Tn=p}^n97^h;>xoN%$ceSPZ37vb0Yk)lP~Zg z$)k~q+-5X`p)`}76RBffDXu37MOtlJaRCPPq77gGa8sPp;Dzq@kLS52XDf`m`#;z3 zvg|C3US?SW-;vqN?S}uvlRA{QWEtATI%rp(Jl5n5`DjFEm^%{MYMY#AM!j?iiv|}i zCC~2G)=(9$g%sjq5o-bUnyKFcGxe`1aNHfcY?w>^k)R&_M}eab)P(z26ysMEFkl%4 zw7=>B*xyzi=F;C(2MYjAt@LL-ki@{xkrxDo8_8nBkbx|Lzvvy28^TLg!Z{|HVcgzi zSvpk}iqhTNe)?W~@WG8;tlYr?;Y^E1)k_dJOWB!|)c)oy%1Z3+WEXym-2)l%=ex`k z6;9W6iqw%+at_V%a=0eOvJ2Ay6>dm^;39D?g^_H20Xe*s#l`Q4M$cnEb1R{WK5cAH zdPxr<>eQ{pt2|6NPWCkWIWC4}`rh2qo8bK@!9y0T0h5}*0KsLatJEjV8u2OSCkYd(->Kg zs(caO+osbYqHSu0lB&Cm>UiPF#m(^fyvtIlB5#>56L|}S+nF{xW^mrwoyX~CYYbQ#y^G3B?bw@fGx~lrq@<}eqo=Z+Av8IU zCV=d_y$k~qedbhpmMtY>gq+i$EB$k~I#i4v zypEc2BA>-jWXLK3#fU|9Lxrt#1raCr*y00HtkF3j%{rp2o6PW1{@6eNg`U`C3zrMpiQV_8$5uaW4d9e z^9a4gBAzaw#BC;XMk(J!_JydsglwKbZ$ZP5t@oaRr*m*$XeCN`v(490qslF)9@sfk zoK;3;wx2z7Ce?v%D4h+vDiLHOVrLIYM4GO?5-1Wlj+vDTxGdD=yfe=?zUTAs^BhI8 z`S2iAx8p8;0Yb$3I?I}V;ap~Woy(X1ZZ5|=f&zdg-*5KUW(A=Ccbk>hi~&T!f(AtE z|Iw^yzGjR+iYownK#aWmyYU?F!QyHHh`g?B=t^2;D^I3WroKdzs+f{Okrd~1Yvuc< zqEOXF&CEeq{nlaIDrDb07v<1|7Mhde|wa5e~dEl&!Yque*hgMyb)Ha7pVp# z&OJZb6#d1QtyHvJ2@aYIVaY*{7yt1AGMA~RRUI?01%I!7C7ranCe$comNH{%&9A2B{0-Mr=Dbmv z4gR={DD@saj(vefFYpq+Xv9UCo=r4vQ??T2FR1|=%`UT>!FQcPJ`NV$%60D3pXUke z5e<`#1nQHWPuD{#Yu>ocpv-9siK0h-tH!*Oia(ePR-*ucH#dBi71nrbfA8hGj%vx# zWO+^yRvh5y>VdOq2bJ3ELsinfk8by<6qHfV*o6|Nz8RmO&iJ6;Xl)>XtKofarqTv@ z4u0lFH*Kl8701SgT(0R0R^7<#O;sKdxD*Mn);-e6FhA z_##-wdAy7l(IKij^_Hmfn7OSfm9I~r9L(B%#ao;hk5k#i(BbuRH+$p$OADgdLnGUD zNpZyn-|*DoDKR;tJ8|$e;yt$a^Rw^XTTZr#5Z1*o>G^K2X0XCESCKZ+zt~Rklx?5( zF6^~PQg5B^_y0gF#CDH3Y<5n9UE6yQ9>B^*(&v{Cr?rHte?qwnY8!^pS6omm$fE_SE zU+u3bpxl4A-TNmBP~Lq-ewX)5*v}M(iKWNnL&aCH` zygwtP*D3>JtgCq}Hrl$|v3+XO;2dCg@pUn3%0d>&6J4c{|JIgrk+X2fwL1k2%25xx zw$>qyhr>qF!24L~s_7pjmohw@dWrGUN1BH!dsus*yDOci=U>cw3rzn`l$dfmRk<^?mErvw0tSX|xnIN28W?`RqK5T6 z>ayYJ0qWk(|Ij@<{^?BQSCnlaiVH9azuI3jF+lL|X5xRMyy~9dADQ?!lvkJF@M}D- zz`ClmmE%mnS{e)9ywog1KW_IJD5AX%0{r^d+*sl0`F%e3PX95}2>vQYO7CJIde4!AW$>1zJ$Aiv3R_wUsF9{o1Y14ZCfrj%7_zlS@=4LKSyZusOXgpd1 zI!79k?D&q0Bq!6nFIl$73D=15fR9n)yK#h6+@A&?p2pU!V=jtfaV&h#^%LS&omt*+ zLv;&y??m|Jy!()Xtm>z1S3%r5QQDMa+WMo$M%5i_Q|PRY3|B$IG-i9k=wt1*S)CW- z&loQh;bBY2P-VF$d~aivWL&^^J0dl$l|)Kbp(+OP zVUkxbw~`Bbf?@lUaZ)j#N|S1seq0(A`SR56!pSzL&!NB*!+yfS{WL9^h-J&6p5n?# zC6@?Ai~1t>(5$^6#X7SblV8^$hGEQyh!H#bM$jjf=jwo z(BZ0QbgaU`g!DJV2Ck}IMt@vm-POwmhz&;!th*k1*U zGbwhb!Pfg-bh=Hlh%!>w+ti!i>krZ=Thh(VFXCq}_7 zqzis#tji)h;!U%q9L>`|vL(@3d3IL|9aLhS8sikEf`hf5zv~N?^Refk&AdEz!3#cX zlU$80A}Ue_H)OGH`}rZZK3S(puwQuUmbX+MENsdTqEM#yd#W44ODA>oH*Blqz1oTL zn9ZdF2Wt`J4{K;7;S;S6!bc}xlz-a7(r-T6RW`tTkI+`{b9YUa^ueCnHneNYom92= zz@(hwHEMkitt@m#ve;5dwUnf^&B%!yr4PT-k7lyFJhGZ-z}TtGgBO|Esly3N$KEdd zsRc&NM6Qtqu@x}M5lwA0xDqsJ;0Jn(h=cYGM8(Ib!|%tC6a||Wb5-%6NWMW-qH>X;_KmR=~=IJS&T|%tC_LiP2)r zC)2-^Izjk8fSE$Ihu$TVyfD)-dr=sLXrfS^amf|Tr?op)wor4C?{_XQtZfTsG|w2c zkPU3QPkuzXrd?m5KPi5tjlG#{4TWq;c!^;h9*g8SQ_PUb+fBlY1J(8<1m3$Hja zLVu@jz5K>UHscF~n***@YnscIcR~JvWFJq?h;DUz0Ul=lCJD0u-ziQpB*1c(v<)T3AXYvl!a_jfBVKFHtn09bit@cvm3kab)O z(($3{?kQZ^%nHff26yzci-$kgr{Ib=DDL+tyF-C!5#POk;(l}dI-rtYNt+o+`{m!! z*1!2RGRVjLy9{cd{FydTiyaWn60k19zg+s(6x`&WnhI=@m%?*>oRp&CKTBPc2L zA_N#+fg!x~4-XOL_n zO{v%)+E2IZSi?~CUNZbk_ycVihk3E_qql$-Heu*XM!w+U=lVcY{QOHnvfTncnYXQ! z82hAS^+dI2BI3adcYKFGHndH^CRhlszQe(%^JjW%A5mx)_kvcQb2)dA{E*=!ZR!rK zc1S#u^Ha_jC;wu zk`jALt!cF~kGe`g)4%RR_P$Rg#JF@J$z!+hhI|oNPnv>nMT%kz)l(yQ8Ga}R>lBPg zeTIP=_r;(~->uV=B$vI4x8v?mglv_QOktjqM?)SAu`YernFyEVV7g@KC!X#OpEofE zU=p|`+_&MLk_^}!Eos;8UgpA`Pg*9 zCKYPhOgc-ZrK+lV!*r-L3nXC2;T$q0ISJXgMva5;NEj=PJM+o(F!krlUYdRK@n|4h#$qt_b$O@@zmL3|d;93t@|`ibNu zWn69{+M3`SL1fdY*-|43o!GbeLa??h9tk^6|CS5^0xDAQ{Q30Lw-u~i(G8BzR5v3L z<6~;%Hpm#N9&(M%QfH(6C!0OaTxa=k>u&aHSxptlDnGXHhsp%5Flc||^6)3->lI)M z70u@DpZ4NxtG^Ia&u%TCWvdOqWKrTDiYgX2Bs?$KJ{f`PlnCUz{aG+-w;F=5_zmPBItYd4^hnli zbsw~oiz;vK=&X6MHa=?mIn;bGtX;MuD(ue)py^TirLZXz?_*FCK@iZ;t5U*q;XrNj zI=HK_@8RVK=eyjYpF1GG$Y>6KB(J+UlvT3t1D$W&B@5BpTiX>UyI-EkDGtAffd-$) z|N1g%fN#nnug!n~sPGnYS}EW-x8bBtZ!DT6Q^t2KmkozKEfPV<7hpA%va2}~5(N$3 z?V0Upq<$HJ27Q0Y8lRpa>7%G04H{8n#*Urr8iN7r-ZsP&9rQJwAQvRB{9BHX5S=mU zH(yuicyoV7DUJblv3swI3Sm=1Pt0_k5>?Lw9m!FCb7#9xYl-goNwdpe6-c_zHbHSc zls~eQ8!Kr%F9?ku;%0x7FL~92aA2nXRWc~-@}Fd|28i-2WKh`UcNx?P{j(nM;_Q|1 zrd<2iT0@X*?3vnxoVCk6KTJjw$j&uUi0Cf*65z=sY?i-d!zI7ce)*NObN`bJR^R>_ z85GX_T?Sb~{!IHf8Kf`2{zRv*=}xCh><3D^*;;pBY3TQ{%pwiOuiZ4e+wS7@g4SOx zN<%@WdVvXp<}zXfGG(K*I@;I?y4Qjs`|18XsL2zn-c}{o^NWj{nQvZ`a%=KH-nw>N zajeM?wr%Z&=i<%L9>RbL4uTIxB)iKVtW3p>x13>fGHhLMIX9e^F1~36VHFjJGg22; zUBY2%UTaYfQ}y3p=x>FjAB3-$5xT&I*q(p+4v!e>V$CCIE?m_}2#)fBC)t%bk;75Q z9s7u4=O<&?cKLQmk#&im-#3*{7X}t}Qo4FUn*%G5olYf^A9df$_Wq<$C+HhhbU1w< z+W{&rFA3#D>Z;6fCCx&QnpXzF%2suksVlk-l8SOQIvYs`;UKJEsAmxvxeKmwEa)r5 z4I?UWX^C3YL_N_E4Q^h8<0#sDiL`;OY6Q!!{nCHfjTt0mC1jm?>GqkRc5Wm`gkx_( zIlZ`{=r9Bxfp&_%9A}^xWqhi{zn*`7sveUL!7j}Hcz)5o@M^fEIwiFJXeRiY^#DKZ zvNIyvOlKc{rPWibV$${J&AYvfd(#Mm^>G@L8+#gD;%1D@=CTUfshqwLJ`LY<*RwRa zF7p}iTG8nsgn>cy?^n*gU4|6kM_9s8g`WL_;)Ta`Y{bjPr4<7`a2eN}*#jt=t&FTd;!M`X5i%Df}s-n<%eofPkpM1AUo@M79653|=dkbM*N4Vgw=!ZJTTY(~TVFca z*pSG|V&AR{6Q9nHCw`ec{SmMw2oNlv8OZg(IT#G?y3Dj7uu ziwiFb)Ww+e%5+Z!HJ0PlcNmw*b~|St(P@DH8u-<4{f`|U)jKxwS$Jz0lFW$td0Ba6 zGutr{T`UU$SE{OSv%IJ`)qP+C2ScSd$W;`mGVL!9{(IjEJ4WK(k9@@~`@(gVZLW$0 zQg^1So6Eg?xA+y;NR6$I-3@P*nWu2KB*jG-cQo&_1S#{B7xv?iVJGdJbhf>F_7O%V zaq7<)>u>Q(Cnw(>vh&W9_E>|(Ia`+DoTK*&f)fk4OFqz%^A z4i8`4956}e&C^8Vm(JecHqZOhJ8Lu>jKe6wL1kT*7Vn;zQ1eAXJ{NFUHo>=|LbD@c zhu;0*uqbdHPaf7~PDl@&%-mO88+;^dhga8!@l<4dhlvr}#Zco_+4;3J;;1(HXx7#! zl@A2*P!V<4gCOv#SQC#y%F3M)|BEKRx8o?5A2I~p$> zX;V}RV><2M^c(^DUc~;8uRo~#d;U4bvQO&OJ0eZff_9BvU+_1&?b+rzheWJoP*4f5 z$ww_=3^@%CpCmb}1()yRPbLjyn+=tcZT9MP56I~ow^}ENXctAaKx$2LpZ()%nMObR zX`5%)!oA(gbWsSH>Jfw6ZmHSlP^GozjJbenn(BF|o5%s*7#p7IrmYX|;(XU*Pxx%> zpMx#5Pn4qD2lMH-f3x=kGxe{M!MEH0Nd}?sKmmCmfZyz|-5`k7-|Yt9ZvQTW`!|2q zgG7eQ{6q>$)Y{@ZF->ue7Z}x|%8JRTpX!B=?zL*(nzpR4g3bjy=!gqJK7zVn_GVgjkT)B#+U14e2Lh5`H6aZ)UWdSh6U^gSz9499Sv|9A|4}J%hLq~ zvR9L1Ki^MRwpE@ktR(qXp$b|RCzx784|DjxF^n4n44Q6h5L<-J?u}Xc3%>zz4A%s8 zOsBm8Kap&$7t@#s0~dg;D)paZd@U1rffwvog@q&|Ff8u>UAL@v|7*$wNygvHgrTKB zhsAGY!jE1q4DAC^$V9}o0*ZD<$a=zXD6)E_~*9W>bhitprZl$=kjO@Zai&tu2xh1b3Ai4HAvi8_JDt(-xYy zM+TsroAsgQyHL>B&1Qh!9epG|*$-bZVRYWRHL%Vfp z5bklUKzKy4`2kzh-oOwnpAD9bIy+l+5>$;}xAXanT1impbmdCCj8eBp7yd(VMi!!qyZXvB@Ng6k`;m#mLh zdGel~CanTKawc;x`vsonS>A18z1bbSrW_V3KR$PV<^SM^md%z4%N<~U;GeSND8W}` z+F*0~gdkKAdn45`vGc)bYFSr`sr9RJ?>i*of-u>HzyZ@b0URIDs`v!TCGbU>X+I8l z-(g~2T?+bJ0UlXTGaE-|Q*~t_c|TLBV0Q+EajjDakzhCfEL%L2G?vrHq42% zAt*l&06*nsk3o7{VKkxH1)W) zsc)>ec+{qHmJBd`S*sCQq9Vk?Y`mzc;9y;l>@ETIp3v`EQBMxjNplr@+lM4Fzf0v) z;+m0jkjYqz=tDmsj|6=g)_YhuF@HVePsktTogqb;AXS*xGXJc`_Z267!;77cR)ikg zhCzDxE`s*L&k$GZOY7HnO4n3*>=>;0$R8x%jF534Jo*BXZ9+sNYwR~qT=;VIvvwRz zCvRiI$&*|XB?^SVU?n>Q;|z)zA7Yb|ZNO||dF$qoMQ2O*P~I%Gm83vWZXK(peh+Y! z0!614AnC8CuU;)36q=>Eqb^2a9UelTBZY;LrH!|6_jQpC9}wZYip4aZ)x?wHH>l5i z@s6scwj<0GOMN$h3i*D}^0eLRke_=hIz;<4P;q(%(-bPF>+s6iTbzB)?GmzeX-1;j zznIDkrI`Jk?u^1Fn(2k%YVU(#ZtLQ3fS{%};dRt32^OWwa1&s6*!){^sO?#v92Y7u z45V}Ct_Sz`#fNIW;=X5$r1*MLm~)^|$R|du=Cq$Xtq+H0eV(5~L%LbdDhjD_G1uU7 zTW!_Gj>7b?f>VZXRLtr!3!e(Xr8g0`Tmf<8^A00>zaI?Qf8@Tk^?0M23DNza>HY0{ z-C^UD)lUeA+R$7llDme$SzKRX-)|LOd<{A1N(G(p;w6X*AIZ|yu-$E4j_+6j2g>&4 z4E$*P&b~V9EspKS5>``_lqFHrYP3x^?h-~FrS7LC2V`eUc2#Y!2l}u{-}waCNr*wd`P6w$`Tc+*05=*t zy8cxU?0}j2SLuPQ)4!An-oM{8&IF?Tif&of>Gv`rn)T0mAgt5amDxtULG#j=(NFoj z!I19p8C>M;&;1~&c$jnKdEfR;s_^jpIxElGSK6n)l6LmLbjyFxrhEJ~GANt!yMdXf8dR8Za0yX0VW=U| ze7Syv|J>?W7llK}IFib{o*=XA2urdhi?zRXZ@=@i4%xzn9eTToUw|d4*->SE=;~c3lAO}FeipR97JK=;m-cDbzhUicaS}5XYQyOw(Dm4M^_d2 zElx@93OyZ%JPS;um=b$i&xQ-fY=$96Vu{7EoEa|tB+S}HT*;5$PX_M`cTQ7h|9%qdS4+V>`nUkoiK zN3kCWBdf{+MuGnUoF2JdIgRS!)Qh0-l;b8e%nnO5l-qRs&;zlh@o}o9hI?$O;6p>Y zw6lwO4R#Xk6$$Y0M{@&?S^cs%nlqb;t~^mbymj?n9T7& z%&H0EQRW);RXS@Jvry1bTFeLoF?-u8a}Um2)H#~^NhRVyOFIr(!L%S&zZZDAL>}O> z`~0tq$|G=f(<9pS#T6cNyN-qE^p-2SW#uf> zwmY#?mic!-PHPx^kS{lY`7-u^e^O+TE(Qoa?1|7#?;H8h@KLAGs;)LOT`jVeYfu25 zvOOl#!k+%&=JE)vh3U<0g~g<;;ouS2)NseLNoL}lqgOi7L3!d#&TRmOI9wl8dtKo^ zz|gk0Rv7Gx6CILYZzHp!O!E*Y7YV5y7S!?d`yS2>25~`Kt~^`|+@pw5hc{+%wByL! z(ZwfQHuYd^ln^hUYKTtwQiOLtmiUs!YY^`ybVZ9M>$om13}v}1>xb|*noXNVmf1T? z^@9o~n6A)K4yO$LxV?QP<4^{2KVM6HN~Y9>KZVZ={hBtc*&mUyALAEDZ8pb_@IdWHfE{00;wOfF zC>!RkjBE%G|Da7I=j^4?6(Ju9tt(T%Q{^$*D= zR|fNL94*Dn@0(?HpAx<0Y#C+KUZ2wQJIlXdhCC9N;1*O`pZ;#2_w z?}Eslgy$}(Qo{}3U}`)N2j4b{^at+{$Pqzz^p0_W2U-0L$A|67B!OFFYUH4lY51l)%HTscenH)HhhxPN?IsXiTAQ?QIt>pCG9uIzTI}j~z8!75 z#CU1NRPVfYyaNGBb=o_JmA(eoMY^rb6-U^!!scxKvD9~F8TJAqs){wkg3UBbQjpbd`XRMU0;9jErrxD;G z&$8Q%GWzv=g-_$mchFt6^fZ0(4Ac{wZ=*9M}l!P!g-Q8AlPEuE?xV>wO;?t%kX#x@nRyM13QTRj zO~IP{VZtr{2%RCPbnT8Lcy_AJBqVc>wX`zV+^iHHM zGuo5z!DXpKWd_M6%HI?Ylgs+Gl-^}l{IH=89)AtrnqL^cDzm`wz5O3u{U7B_^3$&= zXH;f?FK6a8{wQY%|5yrEOS+GUY5K%vw^y)y6 zv!=-h7(B3Z_gXHMaq)Af31jSUwEievhpl#c#-$IKeRvX@L9U0Cxs6{QxH90IgZSmv&{#J1)8mw;G39I^sSr(ihvsY5_l}+bvK*zzJ~W0l1BF9cH_WqiFNtv zuqU(_-Q$j0fOUeE$7k*Z5IkA#tehA$0AgCyvOIwg9@d_$h-(3My69zlJNOU8d|XnT zb!m2_4eKlI@MZ=y%!4ol4&w7k7?z-&SpCFV&Qca%YA$j;&aDXsW&bMQvj76$y|CP- z?kbjv9O1<`L^ban6bIef<{6?Rtx^5mm3Cy{5G!@xE^*tHqB}d@zrg0I8G$%A;5t66 z2YMKMu`4@2t!^W3LZh_|j=rz;={BjY!t9LlB;qM=qnHYp@#&Tj9ru7lRX4iU7f35w z8vWj;_eCCf*A2omnV}>H#@m^4F7*0)!c*% ztSn}RL^iSyzvp%3aWhtW2i7ph^6>;P%m_dgMxH1sV6qjYqxd z+M#&vy~muVR``195@$Nd7!eZbiw-45Wr?#phC=ZKSwGZ%iEuJu%j#ZltdB70Vs7e^ z0fTXSOnY+}f~`Sq0dI?lJ9@9EzVCT=n)5PXLFNN(4KBohdC8hcRq;0hLlh!@7C-K* z!0q((gf{CNE%wZxtA(zJfd1h;=_QKV@PMLW(gFJ>8z~A1MH5rnMM^B!QxB!>LiM7D zeHkMVQ;td4DDk{vTE3MsL=u;sPnL##e8Y^~CNN=&Fn@9k?X|fzz}S7wXHs$ntG;~-ZqU2P zhNGdFGtAQCB%5Vuj0ZBT<(@e#(X6smI6s_T(@Qp@0+mO?M^%JcpoX4`Y!Z~KqBT_P zJ6ZLluCCuSCFJegJ3%!%*x~ua=PVINYLa%6a$rhjLZ>(B9ktt_@zeTc6Cm$=EokM{ zbHm3QO7OMz;N1o1e61rAaeQ;2Ay_O|&r&={ z*jxCd!-{p#I%g&`jOz2@$InH){UKwFwg{-Kh7yVwj)nAO@`{}kQnzcDN|$QXs3`=t zdQQr-sC3Ec;Dg2C>?}3|r&(LA z$!c|Vu|siAB9v%a6K5<@BHl43F$3)@DiR- zeI2o|?Zl<%%S`n>4%mxT;cRtto5Nzk(o5FpHFc2G_NEtQk0{>8)LVJanfo6Ys7iOe zh>HAcY_NJ8M{Gq3kTOmV%S4wU^$WI%e{L6I$p8|bkM#;@QR8}>?LNX-*Ve$K{PbbY zbSz%!)!9F<$ZvYzPGis&t*LMH2CyQC5l^{3aWPl+j^E~+wzPRR*6jj_$tR;4qR8Ez zrSc#W=P@Ezo}a1Ylhd764=%8%M`kq2Z7$)dtzZ+H%po%V{pAqE)$f%<>v7)GTZ7wT zGc0$-N#MwV*LV%(W}fBTZL__zC>t@i4L4Cx#=&@Oq>WU6KF83=bXO(4N(V*sLD3rj z%AY`(SDaJyOiVXWJ3wv^w*lAlsaKkN3l}t^(%4+UMmKXg0o^|%g07jwI_1Bp40VsK*^TV#Tm3HE!BYp2_Wp5>Xs zbxoO1s$H^GSu$bp7QQj1F}z9->3)Z0fJD4tj!Z2+)7FRDSEq z{88~TSVP4c3!SrpU8mHQU;G$4>~mzip_;Kf?gj}iv)c#?-v-->EZ~<`bSLpcXwy4! zrkfIS4ph$SEg_!th@@Ym3g0x29LtcE(#9KX;LVLd(8?PS4zC}H6frnoR`F`)9< zYc6fi#MYIE^P!T1i9c@c&nJi=h1m}54$V_UnLD>aU6O%aPt2h35&V=)8X z6CFH^N%Grj%q~OQUDf+D9!oUbX0w& zXd4tw<&=TTFO~v}XZ%a!6>9Rwyo-I=u;)DVCe~#aY@V7YM>fHmSPU|=HI*e7-8o`~ z@gpbNj$K)7zh2oIH-kEr#~J{LHHDfX7FgPoWu)HKGK=jU#hu(irDk<>0xQSu;K|0>dVH{#m#3dBQl%W z95LnDd@5Fy%&Zul+Va`0w`Hdf~qd6mRyQGxc|A z9P^!y`1=b1s#1h?uS9yIn?=HKwNzU89x_W-Hx*e|G7fh_f<4r zQ96MrzwZ|MH)I9>Hran{yaO)G<}dv-S>PQ508SJ*Nx*uwKmJJ1aw5J%)Nix#C`LUiTO>0q@BCQ-KwMji}u|kV_K+ z4B!p$kutCLFWaxc5CGtF$p6PDP4$_Bw1UsYZj1rH00f#yFgwTGBG4HC5NoTTpTafh zFpf6(L1=HG4}cy0Sn~1>rLoY4f9VU_=LWNxcl*f;d9I~`A01JbRWhqc4~A6?B!`(eIKl>_@t=ysC!H@Wl`c8Q~sTiP6oP?nNCSGErJ^EF1V4X1$w&oUNXZ=|3Gq|nA|JH(yWVQN2m9flNJvPTndp57AJ>KCw1<}NE$wW%(FzDHnFZa~KByak>be)&6mX??GjrQ4> z38-ZuMDovKkl;V|xa`CzKLtPG@ivgckZZqTNWMH1`F2jOblK)?S=bp5Z|*kG*vZkQ z%2Xm09Eyze@pRoX1EhT?O}gjVyOcN}nh7tE-{R2jwv;MBl(bj(1C-090Aq;3n2WA> zJNei)zdZHF0r5Jqcj)us3!rHeb4}m2Lcr;c? zEuBS;zW)LKxqc9Br2?zYHUQmCvix3r>c+j2*FgP1u?j5dqoFoI-^bz(1&NOPYI;Ln z$8535j_*;}y$kUO@cpRfwx`W{4+2rV@QmPZiDF9@BNXprZngDvgbkS&zPJ~0j(j_N zNQI)K4(Fzq>zxU~b5SW@?dW4(oG2}OGdre(6lkVVe=OdD2-&JB&{<(0YbaW~yw;}n zn0cVUc)F*a`bbJmdTwgZ1P1QTI7iCL0E1B@<>&_Sgza(>0y=PYpNST~+HL;bDEvoO zy6OFJ_z|~;lKYbShvHPUOenZ3>K;q?j}2zQA0bd>%fjAQgmzyN1%Z|gntHRQsmmLc zs&jdAE3I>SKmCa2EzN$m1@#e#j#YTWXF=wCZ-%bi**2z5B zh#}EAs`=iBPp&XAsNkCwU$N2R(qP9ERg&&OZ_7SXgL-$*@KI8-YNkAxV7}SJn6eLO z(WG*N*lNa#e~*v1)Elr(B{B~a7Px@|Nc}{D9Ur?RFfuR2{8h+Kw>TkO@|Gb0N}@YnK6NB$KsWQ#E&;{$gBl z(L+V4?OU?`*kxfz9b`rj0?xu$A=g8YG!zqc5p5I~ZF-d0xLDF?IHvugxXb}&SV&r# zGh8T$1>f{Z1r=_-C+u-(^BSU@9`&uG?VtewA~qUYn!SXJZq!-Zpw4JzUWk-A0uQp% zu<*hL6<@e4!8t~Lct4rlYxeYc?(%5TC52b^Ac#G#%Mo1Y*WilJji6$-MUsq^FSVVX zCSwMi-+TaQ&roXC8m6_WIobq3NgO#{l8}XEBB>0Lf@X?(Qa3%`!;O1tLLd=aig_d# zOu9;=h;Fln5mki@Z$LbaA2|e$)gX+<0ZpZ`_x@ao9~DzfpZnJ(zAn~$YCQ!AVWvZO`V1dMHRE z;4KeAnsT~q+9jKB*!y>AbNjdY-^ja@VZ>#wLYX!UlU@wHX#`C)%hBH5N+k8Uv=!(i z+z|;wm>Ox%4Bd6_6B*zslI>e35+Yiz4i%|bJJ6BD_K_$AzjjIgef`%1|MkFsJ@B7A z@S6QLO@2-GQ+oFU2=gCmKe2=)(~35nh^3rdRc715oJJT>p~W39*o{MO=}Z?6fR;q_ za!_h;^Djjr0>-$A4X}N`IYZv^^c?^56I==lNERDo)UY_@LV%FUTvWRD(R}`1Vya%zHy|Flla}bm{ zL?N|zWhf`BzciPg5AZW^DruOL4SyMuC(%%Kl##jD&j{5IPI$Xt9+2<>;jz#1m_AL` zqE~pjDtc*|N29HFx|Z}Z#7!MV11DO27m$=;8{V!rFr*8k$BUtl;uXAO zickunQsx()By**;WUF8rnE^s`>WuJPX~F}Ht6;&#qqph%VP}fi+Rye;(X+QmQe5`6 zAE-1{bQHMOPOLR9-Dd|!=DB&Q4el0RBTcD4onDq#PL^Fts<^7#uz-&x} z$d3TbbDDim!A2{ujeSZxwhBY?Ucn3gqOti>QngatMu0FL^0|rN-)MTq8ST%m0Oc5e zjJpOz2{o^@&OI*A6^<-o!uvSV+*|n&T5NNE?#5?cgdV@M0_Soa-Na|`^94aL8$P%` zO3%+J1OZBtg6H4j6<-0H@8#b&{W)e(i+~_rd|4cXUrX5&8T3Zm zY_7yR%1mB47$}hr9G&8VZP24Ruh%JkBD+>KC49nKsMeC=iI~gD(>1L#IoKCgwWpfk zzfjIz-aJp=?0c%~1nI$+GNMTHPc(rViLPPWe=>>V8kNSw-Q%NSWxs+SD;k?^ksE!N z76Gn8?wa^WG=l;<7pjZt)y&RY=Pb3MZCP{dLnK5Al1DM+TPPgKIH~>&*+&N)_!rgY`3FAl-Y)PTq46)~$MHnHR#~>f>~1z`vTZZwp%#!<>V|Y0l#9)YUuL6BUkV5P@!d{X)=~DZjpM97 zQ6`RrPLg3@5W#$eZpQCWb4I1Jp`1L`l9Jz5dyJ6@liyyeDPdR5UIg6WL$E+w~Xbf=*8B8cuw_Cuw1saj#5 zFv@Acc<~jzZRw#V!~9yIEZ^eWJ|UeA7^2Fs6TX=8yp7pG8H#?bsNx6dk%`Q7m<(teZU((ZCX z2hrDg`D9IvFxu4KGU@dcW8<`(RKe>cGTj$b<$Zx84jz!Qnn z?)1WlbJ!5m=z7LKgN1$Xw#TPx-?%ES2y(;n0k|(aru~-d_gmLWJTLLr$TT>LiAgjc zK`k0Niv?G;3mGE45zc+9A;zZU>hsXL-SuM`M!A;_32_qyXQ&;gW1aQtrYJNDOm@^6 zn0voe5=$n@%@Xsl(GnTGZzlT2Y#f!|l%nnvW*5aW!nOzfv7MPt@#@1>kRCl>yG4k~ z4bVh=F@k-Mnr;$j>+nIvJbjGFEu=BPTZ>FFq~^ROoJUX~$}=O#Ph)qT30N|HHp-v9 zWPQz>OQZd9>d193xp8N>q?_f<11#q+S9!b+mfaqmdAnx6iS!RmqBQKxx?np z2b+DD*MhU810*iandH1e%ns5uLBHA0gE<3h*Pe;5MA+L2KDC&+H;ohV+|0XwHxIGK z+b~N_wX6f0W}Qi=D`HtjL3}A)XUb~ZK*5- zHdP)wI&cl!28dV=>WXZ5(i(? z=D*~NFpP{mr4=#-ERb4pUwgEo4_;C>$?R0re7(Mq7MV zZuze&a6q;1)*FTMc&b&n<&Nq8co@DFdKTJ|_#hzI>9JV*Bdr;vk_d&ykT)jtY=Bq) zM|G1p9KL7kn{zgU3f2g8nw28>yCDe52kd);a+0lcg%#s6%EPi$O z%jmL$?Ru(0j}~P{rrk+$@-*o9=bV7%#LR6QNPKH;v(4b;+Fder84o~bin{;kZGZf9S& znU>i2#&6|)WM3ynx!@vlMl04iNVIq}QYB=}ZjZ#($&7*36O<3CO^krXrIXWkJNfWj z6jzRt<-bbUvJ;XEVLVwAnNMdGK0@N-hsSGkn6)k{;GVPzJT!X|(FR#LA6Cn>11;7!wrRI3?RDK z#xt}!6<4_NBCt9Qcw3lMJ3Y{|V{?^XKjkU+L9aQu{u+&qKpGQ|%uFqziczY#N9We2 zs;vn}dEf&C&&}UoaDP>VCUOo)eq{tJtkPJQAtaVKIJXLZ!L5Cm8jr;+RM)WzsLG2Y z@H!%w8twGUSM=H-0m481!eck$mOTA{g+*W0J?RzS@6s$K3(?4BuHtY za)JmOF=Jn)fv%$bt`;DnB(Ey80f^XkD~99A2NhM^Bj*5rgs#Tjv;Xyq8y*M8DTLIK zJ~O&`Y5q5R4rv8-xVxJp`h1`0mj`A7l`V%%Od>$uwl`9>ahsFV*EH$Pq7>n)g+Z%v zNbJIPGzV5JF>Ho9G4gpxweLoxDDXpo6%}djBSRjXCd$Hb8q~jy@!ch%YB-qQs6nS9 zd)aRR1Bo=+1e~?MLBKaz%ZZ7doCF!H6{`bjqF)QWSHBQL<1yfZ+ZrLQUpLa|5~d<+ zFpe)hw+0)m6Jo4C$1NAO|9(aQ}N`XP@FoTVvH5BO*=1ztXUksnc1 zS!uQXl22)lMDjRfZli)>xJG26u0J{xmUVSupELN#yVN>l)j!rCIwp49EpOk`%!o7g z{g2XlJa#DcRr!AKQaQs#(JzM9Kn|OFOZ$4_Zw=K7nC~8e)Pi2xkEWkdnCsHR8Xpb%YP6 z6UOHbp+mT39I`1erjs`iBeZu5<;-rxzx#O{~1#Putp2~Es>kh9+Axo(;;d^ z!@!9vQoE-rlxXWFRGsR5$e}5ftkS#h?Qc z!2Z*=FZt{A2H^aM!^r7MB`T?29koujE?}9bu}9?_Yj9g!=$f+i@YKk@f;TQ{!G1&M zI`(Qn)1zW5zMn5-y6^=b{|RsV3H>F1GrsKqaD3ULg{1y&CE`_^O~~$;w0;CC{5^Vg zSCydUa$e+mqPRr-1>S!C?<7FF`z7FK+N-1*mJF2X{n6DKwrjA{__OV}kH{UY;1N2# zBF}$03RswrZ$J*hvs*laRr}0NE)J=~C5_e0H!ZNGpwpnTo^ms>CF{x47gi&vH)-A9 z_<0#z$~J6t!216TNSCfMs<} z#DBmt6%rhYZr+vs!o~2b05c}NQq{~W#!+zd$&@V8shRHrQ#;qhA66@nQk7g`sNIkW^9f=XsWp|M zc=RUl@e(|xU1sv3T(OAqV0=AyG``L_U7o8jRv3gH3vT&oxZC3^N}*S8J~zRMqeKa6 zeGNo_!ouW8Y7QqQh~*tF6TUteHw4P-tLX^?Xm^C7-~=hH6e>W8S$Wc$Q3e_Thr+Pd zkm27-Pk?@CA+0K_#S+x((6Hvx(Ee#n3Z3KTJQ(G>RH{=&h=LMP^p=r1?N+HCKo`WB zb3IQkl6?+spz5xs>`1IXU&P$*uPu|Z@TG11B|r{I;n>Sg>VAGJ4H7UAg3l5 z82GaGW9yPQx|#RkLZh^->}M++5J>#aDLZuGJA0q3Eg{2zm)j)dfzr-2#R%bT+9}pZ ztqdI_wI79n)3|)HW1u70Ic3Sirx9W;l3`Pq@S`-f4{aJ+K*LGsrQg=R$4Nk>yo2CM zdq0r5=7@DVY%#svLs{ZxjQ4XB@2-KVBW8yJfpl27RjhMv}6 zv_)ZMiiaviIBzo(d(3a`GoXmIlc=CC?%KYb?XLxl$R`=>%l<9WqLzQ+H9= ztQMP5*F^$y$s})IfT|?q`~3&joFfsjwa=93ou`D_g45tP>3oQ&b@_sU$VAr8#!EeM zG*+9Z+YGRbc%GAfc-x3=)fl3da>IPy$HGKY^3X(N2Vu#g<1gQ6-p^D}Cw2d^$|E^+ z#vpm!_w?@&O8N2(vFP}ud){YPCz&(>+;W(gk^G12v6ZK0CCYaU<$!&nKb!g5wsno=5 zBdwc*x_6__-BdjYy^j?zA}c~x6)x!5c!q!|&-5HS4ma10^ga~wqGprnHpysnv8u&VZ=%4MXyB^}8R}obRFw81zTjMyXrh*MMKl=Eq z)_L8_Gi#TiqEIL4JK2a0(Y)^Cr}h1@ z&Ko_h+%rg%;v2$K8@Nr{pmZi93G99#n|ZWog48KTm)gnJhKUT3y{FlRu1V=e@&!#k zOaQu>#08ta20U?wTLAEuI{knGFJUVW**P#qRZ*nkVXm6D5M@TibA^Z}OhkIuBFprP zQe|*674_>*q-(y!7%S?Lx_0}?KzR5fFNLTNG+<6FN%doi%U7de{pwGIlg7`6I?`EQlhXgy8j*AF!W9Q;jl%R=yMl$K-I_(aIegp&}UPgST87o~MQux5<*i zI%EEa=eO1Z{sTQrO1Yi+lCTtR_75Qc>tB*neO`SAjo@12opjNiJYh{|Z;z-bvoC#4 z299vW?o2LQ0S)c1a1*H=J7S9S+wNtS`Qq;6I_z3{RQ}WcGz^@be_f9!zD)GVyB6Lbxd- zBn~{2fOLL<-eDdv!b#7uTs3lBi{I^Rpsm<=G!J55>sgC7_TjB?Mv;rhv57GTjta*a zhLKR3&m<2QH@l9H0_jit_HJVQQr=*ZlNe51elx&xBFwdA-}4LI_jvIyFv5+~wyle- zWCyv>VEG`F4+G_`y*=b_`6kWdelvcZG%^7Za@7&uVpq1*m7Y0PCnbDB-YaZdc3)*Z zs>OJtoM95a7)V=S3b`*4!n-=w1j~{6a-#*{#^dLN!)tX?KPM1nt+{-bVqJMsci?8B zp_V4GYt`M*7>Vu}ALUzz>uaR^OT%nnb2FUSLR9QT(&Bd-LpXnou1^P%c6TFKdbcP4 znM_RcIIV4vr;KK-ZYN)7%1%|PhhxOA$&KcV+7}z_PAiBQz1J!&Wts#hTCXT6AOvr1 zN;_;2x{u#0A-dOTkNs~!;m1v;G33Cj$nuC(>SM-7VrYSaP-|zj-t-@49i^G|jL}qk znAP7<`qa*xG%+B;GXg`Eb-V@q_rt+BaIrB$*>+2Z1J9*LR8mDu@*%WMwLPrnl+#8e zvKzjCFbIdzK>|nP?~}FU6$*JUL-WM9Wp1V<-Zg0bm~nH5gS_2v>Gh&V(!)X>@TLB)$5q19v~;5XJITnm<40(I$l|D1`$qgho(EF z0OcAFVl*`moo;MHS?Ic^nz-CKqFKxpLc5yz?DZ;YOtN9{!=s*BTbx3iF*kmGhZBT& zOW0R>gy1AH zKo#-OWApFI)f0TlT(A(--~IW&6i_AHfeqACc-GMo{DtR&33+yMZ5%2m{}XsJUHw~u zz53q;o?(c#gnMr1AC2kJWE8Lu{fo~&)Nmjw3SY!~^a=fM+_^&J5x?u&hE4aC?iXwoAvetpgVP&-EsrE}$NhsQ+=O%mD)Ccr>U8rz5kg8#bCg<8nEx=xn3~)x%;EK+bY<3iHmpM z6qp{;#TLX%L34=okF@9627oEp-5NPQ@gw%&1Ge+YxbQ7Zir8q_TWCsW=i2;Ff}Bw} zjGK27?*TG(;TOcN`b3(^5kfvUY|!xV!j;`f(|V-+pv*vba1$Ct<5^M}jrk}6in@r~ z>r@-i`%`BZ`0(4LC@E5z5XYe$>NGwf=RhD9@;_n&orB-O(qEn79^>hiEW0|`#xZQ{ ziVz6GlA{OktQuTCT<|Xmz*-?>D{cO0H(YEnLgkY5&}svPJiYZ`{oX>@hfw_Gu>%pk z1jbZ2Fp#^dwm#)2npXNT#w06w=?7vsq39+amKc1ev%wi5v~CxVH|;4`PVY-ZjPt;h z)CY?dm$B7=nXvVozm|A6&SJwloA{vigSt-p5&FC933=gxEG|}Hbkk_m&#}`7 zH0#OT{E_pPpamf+EIe%$5kFVVqF)sXQPrQfhY`{m-NfD8)2tc25WTju>~c0*d=9Qg zyjcYiIcKo!Q7)(eqpe~NWdqAK^{wPXi*KIU9xAsqnZDuWSGJR&HccDm;HKVmb z=8n^R&n4(j4>d?2U8nm|>wb(4<<5J`-;&~o&??TYk*Au+9i99{G1XC3wpfuego#6d?HvFHZeX6+qd1a+bZmdk5xJQ{5FX*@Ej=M!3?f*xgHt zc#RJKjsaByY=@j7ZK1^O$Ts(nHt-%yLs)d1Bt)5hT43vYPgls2^J!rRLoimSn(DK3 zaHPayyRN}CfeNf1t7}t6v)Yg?X#g=`5|gY6UAY-ATv!jyn1^rRfUpZ0IcoCmRo<&k zm4|wXC_n|Nw-R%UN8R$Cr9$>JMry!-%YKpCoHfE}s+<}H0n2nvPNyOfN0_A}>QHL3 zxsLby^J{HzID4QSzLY~hz{Fvfj{w=7Q<3cNXjU+Li9#(YU0U(HLIL(Y`56Z@zSs}x z1`?q0^UUo_{+e(A_W5TC2VfuJDP_?(q>$q^(w&b}iy|>t0 zZ!=WT?L_P4`*dkge0gI{1L6opZ2|rO2MHdDbA#CB(3TrGEs9LF!$g#mh{M3+8;JcE zlq$xSAA9@G;DeDwaeI9gtA7NPj5NAp4JIbz-de!m@^`?3U=$GA^rtjK{cSJJT?*~@ zbJ5T-*w%I79zCTkxa>f%81jOc%AST#jbxvt|KRD(Slw4{JnmY+K78Yjs2VoJ*h_7l ziV3p8tB%$<6X2({f^HHwV93^cV0S?x3TRHHHD~l`^ zVr!OX+F;lq$pmwugAhfC?N@!rs(}EwsQ5mwU&FXSRl8LnwK#9g&a+W>|2Y2|)!z_X zYOa?{6*Ixl9+WYm0A$V~6oeE>LQy*5NMon(n@F*=oTscXez5<@>6lS`g!>GO4?bq~ z;**a6wi0Jpjil@wHa>>diP^aDYdUnJ-KRMLq2f)|hisVPlF)&_5R_pvsq}#2-jTKEa;8a5 z8rg$v=dMQG54ckD0Xh*=phQY}%q99Cl2Opr1(xs3{Ug76X-U^OI;@GQV2qi$iCej5 zwZmdyY}xCp|PMwmKVn&hQ#609eas4}X=iM0DS>R2<7lTPGQf#ane*Vp#*s z>n-H94Cz4ja*4ltgB0Y0ygR)42&aUkWxBHp)#ATu-GVVuPtX#*ES-ar!fymmH!8xJZV`hM}cCA%6d{>Tt!gI!hnp5#IRcErnvX`it zEee;MkDLnVHm?g8P*|0&r=9^G*w8rwm8S(2GJvI|e=LR7*;7E|cAds@!CN?2HZcsA zQ>`}#HjA!-RoaM+YWihzXGok%-EJU++LH52sTt1WI#hmQ>MabQsW)%&$W^4e(-=E| zWg}+($DW-{nxT<+CYGjxyHv8PwC~$qo#vJDs62ETTcQBa-zNWC~=M?^TlA?-#7dt)isgTip_9P>6@9^_g zRK=&7!Qx8JxHtQPCI*E9(E3aje#u|i1Aye8u?GMNQKneb0^P^jQJ1gV``zn`zUpFW ze!oJ-3fhk~3HUFh22`kjB}z*^)r8>l8DIEuR&*Yg-L-e~Xe?^5v;9o327x3f>6-8& z*DhQTRXfUmVvmheOK1V2I!D*zzVO0)e-a7qNJOA6`*`Au;yf>*sZd)rV~Y1$RmfE+ zag3#RisO(virbFqH-U4=XBI698cTT7!m+_D3fYXzc1BzIK^4A_EX>wsz;Y!#tNc=# zqHgr_CB-)wn$#OC!~5W(<-r`Z4A^ITt_GDO{WNC>#?p-4iK=0Dy^UdW&Jq!m3m&wgpRVPe!cnEC z5oaa|4~>lp{sFk*-DM+7SIyN%s#eiNst_7x%YF!J5MWugsN{MG5YGOSLh1$YGj&h> zhGg2QtX{D`GZh$-bv9*6g5Tm^Lme^u*6`7{i+9HqYORA~ONz~o#Ee-@@v;HgN_kKE z?y0xT_n`?~s0Y4FD6i|5zAEZ_q?wy|{fI+Fl05e2MixxV%smrgcSP`Ix^4_$l%cnS z1R^>^iG6deU!n&w5v+tVP<3Zc8t7&`Qh!iwbqkF4PK?UtyAr5s_SL1gDN=2s7?g42 zde=Fmr@2699`h_YXccVLYp(^`_EwMc=U2gd2xok=s&Rsp5Mr;-H0?95gk{6Z7q58| z5gx${!7axwZVg44OcHyP7aY`F6$K`~B@7f3LJd0MKSP#AL3f*1AXZF*Puu$12!7X~ z6V2a}F?d4mFE_#1M9EKD5Nj&Lo#yP-0;nFhXNfK!>;n+y8+du-*)L#PXNVC_!s_;4 zZqvCa$y2tqGajk17Z&jY2WF#Mu;U{CY;w$j35ymNH}&)0ot`>g9h)Y+Fq%WpASPca zo9l+44PPumGsrE+u9V?oV?X`?-2wGOX=**)OjS+}SS`=?C(9fp#E~(?pqGVF>`b0& zrWJ;(Ug!&!DNc)0C`rLEV6=Soxuk!+qzB-GwH=m#6bgtC%Yvk^x@vMn!ryG<0lC%sBSdp5*lpVF-Mh6OaS zAQzDDum;C{FW#veps1@rL65HWh$^;B|M@){_SX=acpDMVAsmDutv6Xx&RFGkPkUyB zRp~dTEMZqrf{Kx{fJdC|8-#XQI-(HB z8_P|gIsAXyoMdV)sOvZOB@*3qao&?9C}y4FX9c&rjGw#bC`9DqfzF_>Gx5>dYl}iF z%u}$1J9%UVibW-{MF1=TIX4DncR^n2XV5!;v0w8i`;mOU3Hp-1@+|PxKjT^8D`*N~ zl>5Hw5fHoS^k}O*D7jhWscOf#LW$S(M-_mGvL4^TU9_|b$NRV@LZvl(4J^Biy<0V* ztnuXnWJ!-!gOAl*6+s^e?bn06M?@J%Bme`+J0>SJF7PX##ZDa~8I|^fDHs}zKz)a! znN1V;TV!6$*?n|rwB+NWs9W!HWLvS)9hbnGcTtbrlGxHT-CW>WmjUu_IS#+wuEj)I zbRy@4%j=0SW_UVSE=?C&0aPDk=AT0CAT))C7z%Qs%2M*q+OEfWLj-t00jvIe*J;#T zEOpY{?eRYnY~&q4F;IeH(pDXuB-u&GAV5|CD#JynwI|XMc3R7+o``4UQEzJSVjSw<87>Ids%rzk@KrVkl#+2ML_LN@Gb>*m#<(aQ{q<$T5p# zV(p>a25KCY5VvbT1U~i{UBo1qs~Rk4lq-F@1t(NG^YvtGeC!!Ms>3T^$d*WhP2~X5 zP|{Rw_i%r7N=&kvHjSkO?KOIk*?<}Kq`naC5&&CIwKPAKyJ)LNjjlatKe*ZAPhz(* ztNr&+QTQ4dn?l0o%CuN~aWew?S-ky6tWqngn_Z^- zWKv6R7YQgrgb?XDxI}FYe>O!Z>IN@gU)ZE(%OAWA?d3Joint36Zb^lF6Dav_V);dt zn~ZzmI5GwaUVtbYF=!+$@w1$wZU9JnNDo`+8E7InaZLz6!Q$qF^sT~rNlwk&9Rj1< zX}jMeoCXY6iW#m_YkRNjIzZ6!6w3?%;dy~R#HxIk3@KiUm+bnIA;R=|dGldLqYDLo zYI@RCe^Zh9C7m>C=w=ymAyp-uxYoTTu-$#EAdsnd;k2)j!Tp3F@>%9Ddje#73n9Bfy;H!d&+zy*&S`?824F~5JE2f|nYsr#+=T>Q%SxZ3XNc~=}c11X8_^3GJ{PI)e?>q4f4q!>)<&a4J z!nc2LP`WFC*&ms{I70>v>R$>Ah5s%rY<+4>q!!WK>XH?1f^|1fBrJ{Btozsj!*_V=8CU#e^|EBtL1Odc|~YwWVbE z9nw0gx9^N`p!*6r9j@O=q2m0!Q+gDOldkOhpQAeE8htXGVa?M3lJu9?sdLq-Hc#xZ znk|jaQyXf^r*B%D$JSank5j?0k1!{;Z+H8?v9v14H(`q_Q}kHrxAy53T`UE~a((YhKuUKAqcw zCx5%b)bt3dhBpOGu16nUNN)hY3yPI~k<44bbg zY0=7`{&?)10!rJMA)6~n$E6f?N8=ZkI?1AB3WNYZtJiwQP zqc(dN%vVmRfIMnCrP}BYdlCJro#_?a8&zxI;VuSd`uK742UPGQuDb;6K86OP12Bz# z*TjcH!M*Der(NsKDF_4&fJ`Ju*rnk0qGPKf`JuHEz9FN%sfDT(mxNRA%#oalFMuwz zI6djWNHs+TZ)G2$S^l*iXXmAQz_0-MY$9zf9Hq=ES{leba#TDBXEQW~+Jt#opl(N1 z^9M<$U1tm?J9Pc2y?mav^U-WQ^TCzv9v3opR&@6BO-F*wO zyQ%)Opx&KE-kZ1tVU7$cZ%?daZkjFvdnbE(@RDFXK zZ0xj>EX2%~cIj>^nMQ{w!d`BgsFy5Lr2h!>`-@{jKRM>#NZU)1NcerY`9Q`L@${%q z-pS@mF(i}mdTHIf?oq!B5IA=`#^*M0JD)H{06LW!%p!-^V;?qX`MmIflLe}cM~?Z@ z0RWltbqDe1`Ed~X%$wBsfO`cj{2r>6FU)IN+hArzIVLZoMpgZG7VrX9kOsEz!gayX zQ)C<)H2!^WTT_1SsT)`f+Hv3efv0l5`=`5Qb^MxElQ#L$w-`PUmZ_-#7{;?cHRLq) zpDl3`?cP`^SJU<(ym4ch59FeSmIoQgV#K#6+vKbRwbNK31mMY@k=$G1Du}WCD zyhtSen@7{KQT%X9A_2?xbBjWLxs}AqV~ZdQ)x0D7%D2%?5QDzWsmBD?*sl5s?@w>L z`XfjkhCM&KZ3`Ye>FzM}ad><1YmCJDe}8x_C||gZTZwTLk#&HaDZKT=)wD%L8L537 zfljoF(DJF9$Vmkiv!ta~^dlRN)5w#1wklRrXEfQH(lph!ivwoc1o&??&R{kYyj{m0 z-2UjxTE_zX_yseJtQE#;m0>&!Mu@hivl_gG5b_|hj7JCLfs*W)YtSXQt&YUvy&YK5 zqU`+CP#&<0FqXU>*$%_W&HI$S*~TH8RFB@V?z=pkNqjkZThlo8ZT(td#%W7`5r?@s zLy9@#4MXGbl4BL#whHp%CYx5RS>+V?${B23oh56h&kr;(TZ)~T&$=228C?*7#R=ut z;mMHk#MrHSz3VA6K3MPNa>+NP1`gK!Zt6Ev=J!oB?S~jY|zdy^4mi`R6 z`=e=MINJ&iLVp?bEX-?EEEX_bHh&L~G|}Qx1^NV2RTC5QSVf-QT8RN+z|kHivLrQA zgRmiZipTW8X}c2hDgY17DwcVW@+1B{VTNsibr`2)FFFr)CCp-iCr4T_oY#%uTTTID z2W7mM^2N#gcP7q%^S@0!5tcA!8fA693HpOfPa36g$&@g@Yb-1RhT1F8c zk$wSjS(JC>1JwTYH7;Y5AB7$Q$uo+fhlr+G#OLue0lKemo!TeXRSAg5AKUIc9u{d^ z8*4o{5={w7X%-{fRO#s)$3nW4`+3>a#XLRa9(5?PsmiS9&39-(4iil9-chL|oRy{& zH;ZPT*61aT(Ck-M#b82|B?EhJ?qg)lcde+Tov65;$i#5=R64^Y%bOHDUc%Vm>e2w?kY}w zjLy5znhRE&&4&>xg>W`4+ers!-(!wY;lyMN4iJ0zceosIdkLtGskkz_pqqDUzgvS_ zKcTI|#6}aLjEZ6#e?8>OKv|c^bPwYjy%`l7W2P!+)r3ZFN>Fz@rKtZjmgY;ZQsHTa z|3kpAQDsv>>Ce)Rjjq~``W$n4d%{!t$DSTPYr6VPEx%T`Tp55W9vBmFpaY2r^jJ)IqhNKCr_|C_!MvN`g1z}FUjE(3O#xY* zG8@`RaXr>Gw1fl2YFc8c7sLzm9v3djwi?}FgcH?m3HJkLhIo)(C}b&E`Gqo2ct-Iv zu@Oo6KG$9RC%!y*b4y)wBfn7+-FjqyE!5U-CEb_t!*ko1Vn7EBc%u%v43+JPkMNic zYjC+kHombF|=r0!gazWXRH~u$UiW28P60D+Gb73V>EZeJ{LkOGGPUCH{ez z3LZ+L{y$5^_zD?sUcEH71N_x&VK>T2mYeagu}k8zXF#Y-{2hn7v2A{@FFV(#MYyd` z!N^(5K%&wWLQ$qWJZH}Gg*&`I^4BMZh)e@36Ua4JLTI4-IbJymz81n#8rw6}i@8So ztJIsrRWA9^hjldCRn{s9o|q|mAT?b|g;^oe%99wb4-LbAOF(rmBa0Fq>2R#O*CAs1 zli+XsnP=MAbmV)E)y7TsL2=mZD9nxGXRY;uG51{pdtxJD#(T)#dus>3HujqM4q^W5 zP%T2x8p$iJX>Cm#Js8bPNp@$|`Qsup_FYCtlFO4MZC&1{97ykHJT;0;?VZ_c$9T)p zS+NtUl}MN+4P`8mXQrGvMj7`bc}cn#Ojp^uf*u=&hZSv}n60;kGY(nl;D{|s0Nvag z#X>-=s=3{OJVBVk6s0g26Szz$@W+p|PL7mDV8Uh&X7OqCR^LDLoZD!49B^$$Q{TVX zkNA`QMn5~VeaT<9wtxx$Y-TD1$%_3 zsM)Kor;S%|FNq={c^$!NlQE$2&cjqs<9u7siZ@Ul&GtZBxoija^Q*yI95o3XsASMH77*~dT;zt58 z8>Q1Lrqc2o?}qjQXU`z`^WQjbg5|! z>^?7UdX0Iky7V%~QN!30%{mI=ijSe76uAO5JQV72`T<8hM~5|{jf z(PpElNv?_#>b%%Iq3yPxYT=)3z*ak!T=RMz>6M%=0hiStfyVEa_$cbIErW}eo=)AX zsOa_-@&~j{wC*zvZgEhoifcjfp^-*89m-On0)!EDIAtx9GwM$&^wQx_$3_qnbgJIY zB-~lr&pJ0@8V$CKjT4bfP7N+cxG~9!r{|Ilcj(-@!i#6MDt*536xi7sw_t0~65cEhx|zBU2Pdn9B=#2SalrGIYWvssOe9rf5%F}zq2x9 z(c8Oi0Rqi~-++|MSURxb1dxmR zNnB_I0L3Zia8#Ivd5t%b&k+n0BFW-TU&&vXBwrYiWB^FA1w}xGbflc$z)hyjhICG@ z)Q*|0VPDA;6Bdyq{R>$Wl9$0Rk@kbndd0~CpF^kk%z<>3a0$>J!G%5|0)L;7WYSj~ zS1K5SG}3+`b{40Q#KSj#N>l*tkG!T3F$A1~0-wOJR88fcl`g@kP-V_FRpef;%l(!| z1yR|S#_tTCIZl6i1prmPI$s+c=F|8hd}+Q6Ux+UWbb$^q1ld3vEC4h>0XT%Mn?T5* z(V%}+AP*G4G(ZO^e4+w?ZUFRK0>}U^E zgd}DMQh^Hv2y7~mVqps>j(#kQ2 z-L-n|yo%GAE1I8P#Xg)mCX(L^pr%0bvt)FDV*o)(q2w?O3!wun5MX`)+fHz?tppdf z&&5y#MMXeH2S+5ntL7XbN)?$O^?TH?D1uNZfLP9?6Cza15vNL{Y&#}{ppgS%24-Q- zW{MFEawNo{*t+|9`7_1gzu}n1pxOtxdk6Y|nSe1U_N?Vr_JoqWD02a!!_;9K5DRq{ zu9g?ofkVRZpW*-cYg}aZx645&0OKO!fZ!rDl#3vskbAAuDaG4;*rtXPe81i3&x4|u zW%b^lREjKWY}WO59ba$%k=5(6FF-ANht5W$^ofDgiVD=WU|+Cv{DS+v1FBxBZ^BZZ zEC_ApjaZATUPDCM`iHFEwWnlh1T)UPeed|Hnb);)|J8nCAo*@vhNoTSm05;bE;aIt zhZ}X@x|;~EG1arQIiFY(pAowzP-?IKv~ba|J)tLc>RexJ<#eq!wZ-KlZ&c?5vZ9Lv z&dwe2KoonU5bJA1K~Q}sD=1-||DT_N3wEy`#EtaCtlsww9ZH&4f!6z=6YU)~EZ^r+x8+^?-vNwYL2o_M{qHs- zvlGRu=;lQe$^ATo4i)wKxp-{)!ZhpaeOKarC_Q~z7kaj6h*z9`{AlD|>wq+-`_XRb z3a>qNMESW=LrG~5{bt4ABQj22hJmbub>sQl6_2_7<(BGp@t#a{pMfP~KxA7UQj2{O zlV|&tMGVyaW~-W6AKu}6SaF|$_?Y!r+Tx%@zc_pPl7dT`_q}fvTQyb{vEc4Q{$K#a z0t513DKdu>t=x;L!Sw|c>P%~mAXN)yag9evsKe}#=PC&C`awLPK9#BcZA z!g4v&Z6V{T<+-{izi{Q-!-_amR7yk2CpX=B9wn?x$LDsE^vV3bwVel2^$ul9n;o#T ztBXf1npSoOzA(5QAre2BRoXIGE473d?9MJQo+xZeytyN{X+}11?lDN*)a0;f@2TmF z-kV(Ab9?GHb6UTo46!R3eW)6!p=SJK#~SpKx}Rrtooo$5ESxOynb0HY%$;DAZqnu$Ciq-=-d)u|_G-({PFGnI8S%n4!kG zT6u#PZ&|OQC#+`*S$6=QF?a8ZYN#l{#o(Dv9=7H1u>D0@Ocj*Hol}a~C^uQ$7#`oF zVOf(!tQj8R(Ik-*MFo6FC+&x_$SY10l*N&s5*5JcFaqJanFxejeGuWTV&zszj@!D+`t%d5lW|g?DgzK zay@aeRG~5i-}Th+Gd&Hai~Vnm)HA;>I$Tjv?W&9G#J#EJrc096cjHe;IaF z=iy@waJolkplIEQ(xRm$boJG_rT$6UCJ$+)o<*ZU`6plMFvH3;~zwB5NM&Rr+wNH|^QooU$QjgO=>l2Zu>; zGv`RtopgQsBbCyd^W2vo)!stsxZBi0Y8V;!%PdP5WLePnIpG+>O_m_SB@u~G$?tL^ zh9r8a2~Fnh)TjVGvtp7++4y}_BnTLlP_pd^RiBJXiXbYG7-s!TVu^sb;ip7NNQ5~> rHi$51)4mYnz9Igw6ZDX3lE`6CS#>B}H8WfSkqCi(