From 1b6883a3fb5adc265cc4d4b2fad8967ec18b15da Mon Sep 17 00:00:00 2001 From: Thibault Koechlin Date: Thu, 7 May 2026 15:21:51 +0200 Subject: [PATCH 01/17] appsec/challenge: bake-in pre-obfuscated initial bundle to remove startup blocker NewChallengeRuntime previously generated one obfuscated challenge bundle synchronously before returning, blocking service startup by ~1 minute on "high-obfuscation". This shifts that work to build time: - New `go generate` step runs `cmd/initialbundle` which substitutes the runtime path placeholders into fpscanner/bundle.js, runs the existing obfuscator WASM via wazero, gzips the result, and writes it to pkg/appsec/challenge/initial_bundle.js.gz. - challenge.go embeds the gzipped bundle and seeds the cache from it on startup. The background variant generator continues to add and rotate fresh runtime-generated variants on the normal refresh interval. - If the baked-in bundle is missing/corrupt (e.g. `go generate` not run), fall back to the previous synchronous generation path. - The wazero module is now compiled once via CompileModule and instantiated per call instead of decoded per call (best-practice). Result: NewChallengeRuntime returns in ~600ms instead of ~60s. First request is served from the baked-in variant; runtime-generated variants take over as they become available. Also adds a build-tagged feasibility benchmark (`-tags=feasibility`) used to size the optimization, and a startup-budget regression test. --- pkg/appsec/challenge/challenge.go | 83 ++++++++- .../challenge/feasibility_benchmark_test.go | 139 ++++++++++++++ pkg/appsec/challenge/initial_bundle.js.gz | Bin 0 -> 295048 bytes pkg/appsec/challenge/initial_bundle_test.go | 63 +++++++ .../challenge/js/cmd/initialbundle/main.go | 173 ++++++++++++++++++ pkg/appsec/challenge/js/generate.go | 1 + 6 files changed, 455 insertions(+), 4 deletions(-) create mode 100644 pkg/appsec/challenge/feasibility_benchmark_test.go create mode 100644 pkg/appsec/challenge/initial_bundle.js.gz create mode 100644 pkg/appsec/challenge/initial_bundle_test.go create mode 100644 pkg/appsec/challenge/js/cmd/initialbundle/main.go diff --git a/pkg/appsec/challenge/challenge.go b/pkg/appsec/challenge/challenge.go index e6853c20081..1aef6e1cf21 100644 --- a/pkg/appsec/challenge/challenge.go +++ b/pkg/appsec/challenge/challenge.go @@ -66,13 +66,27 @@ var PowWorkerJS string //go:embed js/obfuscate/index.wasm.gz var obfuscatorWasmGz []byte +// initialBundleGz is a pre-obfuscated challenge bundle produced at build time +// by `go generate ./pkg/appsec/challenge/js/...`. It is used to seed the +// challenge JS cache at startup so the service is ready to serve challenges +// immediately, instead of waiting ~1 minute for the first variant to be +// generated synchronously. Background generation continues to add fresh +// variants and rotate them on the normal refresh interval. +// +//go:embed initial_bundle.js.gz +var initialBundleGz []byte + var ( obfuscatorWasm []byte obfuscatorWasmOnce sync.Once + initialBundle string + initialBundleOnce sync.Once + initialBundleErr error ) type ChallengeRuntime struct { - r wazero.Runtime + r wazero.Runtime + obfuscatorMod wazero.CompiledModule obfuscatedJSCache []obfuscatedScript cacheMutex sync.RWMutex @@ -151,14 +165,34 @@ func NewChallengeRuntime(ctx context.Context) (*ChallengeRuntime, error) { return nil, obfuscatorWasmErr } + // Pre-compile the obfuscator WASM once. Without this, every ObfuscateJS + // call re-parses the WASM bytes (~4-5s of overhead per call). Compiling + // once and instantiating on each call drops per-call overhead to the + // instantiation cost alone. + compiledMod, err := r.CompileModule(ctx, obfuscatorWasm) + if err != nil { + return nil, fmt.Errorf("failed to compile obfuscator wasm module: %w", err) + } + challengeRuntime := &ChallengeRuntime{ r: r, + obfuscatorMod: compiledMod, obfuscatedJSCache: make([]obfuscatedScript, 0, challengeJSCacheSize), powDifficulty: defaultPowDifficulty, } - if err := challengeRuntime.generateAndCacheChallengeJS(ctx); err != nil { - return nil, fmt.Errorf("failed to generate initial challenge bundle: %w", err) + // Seed the cache from the baked-in pre-obfuscated bundle so the service is + // immediately ready to serve challenges. The background generator below + // continues to add fresh runtime-generated variants and rotates them on + // the normal refresh interval. + if err := challengeRuntime.seedCacheFromInitialBundle(); err != nil { + // If the initial bundle is missing or corrupt, fall back to the old + // behavior of generating one variant synchronously. This keeps the + // service correct even if `go generate` was not run. + log.Warnf("failed to load baked-in initial challenge bundle (%v); falling back to synchronous generation", err) + if err := challengeRuntime.generateAndCacheChallengeJS(ctx); err != nil { + return nil, fmt.Errorf("failed to generate initial challenge bundle: %w", err) + } } go challengeRuntime.challengeGenerator(ctx) @@ -166,6 +200,47 @@ func NewChallengeRuntime(ctx context.Context) (*ChallengeRuntime, error) { return challengeRuntime, nil } +// seedCacheFromInitialBundle decompresses the build-time obfuscated bundle +// (initial_bundle.js.gz) and inserts it into the cache as the first variant. +// Cheap (~ms) — eliminates the ~1 minute synchronous obfuscation that startup +// would otherwise pay. +func (c *ChallengeRuntime) seedCacheFromInitialBundle() error { + initialBundleOnce.Do(func() { + if len(initialBundleGz) == 0 { + initialBundleErr = fmt.Errorf("baked-in initial_bundle.js.gz is empty (was `go generate` run?)") + return + } + + gz, err := gzip.NewReader(bytes.NewReader(initialBundleGz)) + if err != nil { + initialBundleErr = fmt.Errorf("gzip reader for initial bundle: %w", err) + return + } + defer gz.Close() + + decoded, err := io.ReadAll(gz) + if err != nil { + initialBundleErr = fmt.Errorf("decompress initial bundle: %w", err) + return + } + initialBundle = string(decoded) + }) + + if initialBundleErr != nil { + return initialBundleErr + } + if initialBundle == "" { + return fmt.Errorf("initial bundle is empty after decompression") + } + + c.appendCachedChallengeJS([]obfuscatedScript{{ + Code: initialBundle, + uuid: uuid.New(), + }}) + + return nil +} + func (c *ChallengeRuntime) challengeGenerator(ctx context.Context) { // Startup warm-up: grow the cache in background until full. if err := c.fillCacheToCapacity(ctx); err != nil { @@ -296,7 +371,7 @@ func (c *ChallengeRuntime) ObfuscateJS(ctx context.Context, inputJS string) (str WithStdout(&stdout). WithStderr(&stderr) - mod, err := c.r.InstantiateWithConfig(ctx, obfuscatorWasm, config) + mod, err := c.r.InstantiateModule(ctx, c.obfuscatorMod, config) if err != nil { if stderr.Len() > 0 { return "", fmt.Errorf("wasm runtime error: %v | stderr: %s", err, stderr.String()) diff --git a/pkg/appsec/challenge/feasibility_benchmark_test.go b/pkg/appsec/challenge/feasibility_benchmark_test.go new file mode 100644 index 00000000000..1c6ac873ffc --- /dev/null +++ b/pkg/appsec/challenge/feasibility_benchmark_test.go @@ -0,0 +1,139 @@ +//go:build feasibility + +package challenge + +// Step 0 feasibility benchmark for the split-bundle plan. +// +// Goals: +// - Measure ObfuscateJS wall-clock cost on a small dynamic-module-shaped input +// vs. the full challenge bundle, to validate the assumption that splitting +// the bundle reduces obfuscation cost from ~1 minute to sub-second/few-second. +// - Sanity-check that the existing WASM pipeline accepts a tiny input without +// errors. +// +// Run with: +// go test -v -run TestFeasibility -tags=feasibility ./pkg/appsec/challenge/ +// go test -v -bench BenchmarkObfuscate -benchtime=1x -tags=feasibility ./pkg/appsec/challenge/ +// +// The build tag keeps these out of the normal CI run since each invocation +// takes tens of seconds to a minute. + +import ( + "context" + "testing" + "time" +) + +// dynamicModuleSample mimics the shape of the per-epoch dynamic module that +// the split-bundle plan introduces. ~30 lines of JS, contains a sentinel +// string for the `globalThis` hook lookup and a hex key literal. +const dynamicModuleSample = `(() => { + const k = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"; + const e = 1234567890; + const hookName = "__CSEC_HOOK_4f3c0a9e__"; + + function waitForHook(name, cb, attempts) { + if (attempts === undefined) attempts = 200; + if (typeof globalThis[name] === "function") { + cb(globalThis[name]); + return; + } + if (attempts <= 0) return; + setTimeout(() => waitForHook(name, cb, attempts - 1), 10); + } + + waitForHook(hookName, (hook) => { + try { + hook({ key: k, epoch: e }); + } catch (err) { + console.error("challenge dynamic module: hook invocation failed", err); + } + }); +})(); +` + +func newRuntimeForBench(tb testing.TB) *ChallengeRuntime { + tb.Helper() + ctx := context.Background() + rt, err := NewChallengeRuntime(ctx) + if err != nil { + tb.Fatalf("NewChallengeRuntime: %v", err) + } + return rt +} + +// TestFeasibilityDynamicModuleObfuscation runs ObfuscateJS once on the small +// dynamic-module-shaped input and reports the wall-clock cost. +func TestFeasibilityDynamicModuleObfuscation(t *testing.T) { + rt := newRuntimeForBench(t) + + // Warm up the WASM runtime (first call pays init cost we don't want to count). + warmStart := time.Now() + _, err := rt.ObfuscateJS(context.Background(), `const x = 1;`) + if err != nil { + t.Fatalf("warmup ObfuscateJS: %v", err) + } + t.Logf("warmup obfuscation (1-line input): %s", time.Since(warmStart)) + + // Measured run: the realistic dynamic-module-shaped input. + start := time.Now() + out, err := rt.ObfuscateJS(context.Background(), dynamicModuleSample) + dur := time.Since(start) + if err != nil { + t.Fatalf("ObfuscateJS dynamic-module sample: %v", err) + } + t.Logf("dynamic-module-sample obfuscation: %s", dur) + t.Logf("input size: %d bytes", len(dynamicModuleSample)) + t.Logf("output size: %d bytes", len(out)) + + if len(out) == 0 { + t.Fatalf("obfuscator returned empty output") + } + + // Verdict per the plan: + // <1s -> high-obfuscation viable for dynamic module (ideal) + // 1-5s -> still acceptable for "every few minutes" rotation + // >5s -> downgrade to medium-obfuscation + switch { + case dur < time.Second: + t.Logf("VERDICT: high-obfuscation viable for dynamic module (<1s)") + case dur < 5*time.Second: + t.Logf("VERDICT: high-obfuscation acceptable for dynamic module (1-5s)") + default: + t.Logf("VERDICT: high-obfuscation too slow for dynamic module (>5s); plan to downgrade to medium-obfuscation") + } +} + +// TestFeasibilityFullBundleObfuscation establishes the baseline cost — the full +// challenge bundle through the same pipeline. This is the ~1 minute we are +// trying to eliminate from the runtime path. +func TestFeasibilityFullBundleObfuscation(t *testing.T) { + rt := newRuntimeForBench(t) + bundle := rt.buildChallengeBundle() + + t.Logf("full bundle input size: %d bytes", len(bundle)) + + start := time.Now() + out, err := rt.ObfuscateJS(context.Background(), bundle) + dur := time.Since(start) + if err != nil { + t.Fatalf("ObfuscateJS full bundle: %v", err) + } + t.Logf("full-bundle obfuscation: %s", dur) + t.Logf("output size: %d bytes", len(out)) +} + +// BenchmarkObfuscateDynamicModule runs the dynamic-module-shaped input +// repeatedly. Use -benchtime=Nx to control iteration count. +func BenchmarkObfuscateDynamicModule(b *testing.B) { + rt := newRuntimeForBench(b) + ctx := context.Background() + + b.ResetTimer() + for i := 0; i < b.N; i++ { + _, err := rt.ObfuscateJS(ctx, dynamicModuleSample) + if err != nil { + b.Fatalf("ObfuscateJS: %v", err) + } + } +} diff --git a/pkg/appsec/challenge/initial_bundle.js.gz b/pkg/appsec/challenge/initial_bundle.js.gz new file mode 100644 index 0000000000000000000000000000000000000000..441207587942b431c561c78a63ad1233476fce3d GIT binary patch literal 295048 zcmV)hK%>7OiwFn+00002|7mV%bZKF1Ut)D`WNc+FYI6XLy=RvkH3W{|i~XHdXQD_<5h+)Kp|bmGs0ETUSD552~VGuj~+k282gSLL-Gf9!Nn`uzU8)Uq9^HFQw&y9hG36rYgBnGS*(QW3e|<~T&tN6s4s9pWWB`Vt%M>iPcdi<1i^W9v<^rp;(+ z>tmui?CLj9ZXC>ojp`F7iH^>UhI9;DbT6!>4;@-(rc#+{{s#lCT_@I3uOU6axYvw!`6UGvQw>IS#8D?~D;burpt-e$+%UCUJ8uXkpK z&}LTf>v2u3?<8H4@SF~xV^R`F63oa-oLlOmBHd?PR#S;Zsw7iA#ja4TbtH#TdBY!N z3EncyDDxieWfwhNKiouPh`B0j8A^3jR+p1^Ae9h*)N)kXa^zsS5|}(AGNTraua@p1 z&#jQSo0Qj#c(V{S>64crC|uEXv-on|ps|K?y5?08+7WS)T;;^VMP-b2#$S!X1?h?~ z`c#7`!L1YQptQUMxez6W>({$qfB*RXk9PmQ6i9Te!O@Vt7p1J)K-uM7cIVAuclX_o z-}!y_?_(70>1gV-KkQ!SU%ol6D+$5Hg59Xp4j$KzScEHP zf7pHa;5&-*`0SDUfOT5J~+qm*4l zDp9RRMPFT<`l`|WYAMEsVZ9 zao9ck`6YEd8|>BAX!V}HoQZN@X+)K=!|v(tpIhp=DD5s2Sr+=bbE`JYKsQq@tyvzF z>7octN-AsGQ3l$x@v!^l=E1Rjq&>C9`uxouPBk5NPtrXaRn|?=QMOHqVq*DaI|Bk@H^B>ncgeT4|aSf%S(P_CaPUQ7-B;hg_rYgaWN_!U z1yZ6Fpyd*pnh-3h!|t6wj&Zj?>|Q+n>DzZUXR(^FIf3*)7c`tN?|%8g51T3Rf&~di zs(DtcDWNi)Jd`#fzkc@d&yUxAwO~F<1rqoeiN31F!!CUE?4ot`yQg3M^wXwgs}&wj zT$I9A5Pn$6o?3*{MP04KbnKJXY)rmLJ=6%0u*Ld6Jq zLTT&8>cU;fK18E!8b1ip(_l~|(OI5q2QNaq6|IzFwV;c|=Ln&u6sf6d5jqr_P93zz zYgbEAcsbKWqR|>!5TZxhpw_zR^ST{SZ|o{6-D@#dA%PNe%e!ctS;ro9*-yGkfg~B3K zRy1F44cejT&X;Mozd1RI#%I3x;P}apbdU$tzTer=XEtsft`gXfZ;d#^_cw># zm!BR#|8i5kFLnE`>hLTySdhg?FtZ2kD++xqMr_mYQQ{^x~gRIMbj*3y|3P7>!jK0Lm+ zsmp!QtO?QWWlK_JdvN&F>Pa_sv(^6P-mf2izg{QdlIAp7GI?(|t0P?wg+uw2GejNZ zq+w8H3RB=RyQ^_qyt@O$NNA1{9@a53^isFs|8ioO(vd(mnz-a&QSf|zWwmC zPd92DnM}5~CDI~c3#vLKFb`c7guGO|BlaytRvHXg=(<*U^xZapPxd4`D7D{7A6Df~ z4XPwrcRN<=!#SRWt`0GRae5#4Kw4QRBk}7t{KaTV{qlAG^~(*Hmf0!TP?8{3WV?88~lq>5ZEts5a?cX1X=tHnA_h`sUqF&#?|6 z8WSFBC`bAr!=Y&c^Z4vh__3T_86&BRi)CmodGzfhr0n)LZ&vT&aYBVt3|FcuB1UKr z4PzR@B(oWIWXVbtXC8H+(WaveLUfV(L5}vjAEXY;io9$so_%CQE?EWzBP+f_LgG~< zn2WhcIFCwcYvt)4f(D%(F(^@&^q_aej@hlr_Ya$VT^k?jW}Dj=D^H}IrF>@3_`-+yE&>@1d1Z?9U4id!_WPxM z2J`aPgPS{V)^8~3PczV{pP&SyrN!OB_?Hhn=QJ0viJMT-P2uX zw(ZTk5?g|fAj?}((eALjxgRt%u-rnqSa0=jK6eGn-sJUJLo5_5;!26u4jJ=?EnOL2 z0(loeTlHUOY-qxXDm)CC!9YY5(sNk<1uHRh%b8#r!cp;Its7dLbE=7lVvK{<6{+6` zMG_7NS-L~)_`UVZusm`NzXT=KrE)pSx2z=8z{q(-86Q%AHRfP3Y1O%iS3|J{rb@*`D(p-r>8q8;3eh49bdY<^rG-ODNL{BWLXfxui|6pu;MN8>)QB3aspmS_zVH4WdC(#@D+a}@ zCSVS-#0<-V_|hSUS+3*t>)j{6ef&d(a(0{rOfQkMhuw#Nefu^%7NTqakW}r9Zdcfk zkN$l6%cgoC{1q|jLl+I%5qf)_!(mtd&xfDT+vKBP?%%z?mMv`MGUYzAC8do{#%0Z5 zq%~PU+rT69vOpssvc!Z~8)bi7bEh`K?6f$bLDN_UB|1R;+MLScAlfbtGrnF)7mG~9+qPz{@$gwTO)45#nby=fB(Z~V*A-_-J2c<>9G6l?uXBbxfKD{O^<_g zOm~0X2*j*N96Bzv_Z!8vVvY;UtWvV8rWxlN$GwJBQ{;##@zs|`oSE6)(I)r0Cbt>Cm;-@3Q;Xas;_aB*+&((~`T4ioJs+*il}rGgAjSmfa&AI z#&mobpEf}}oLQOPQ+9N+4cICL!#tS+h1G}M&)I}7INcg_TbcKN{qBdY6kATwA(8a-lAGBbdCfeij$^m%D;0<5DCAU(s#lr6CQy3X>xXiRPn2F1AV2 z#tx-*fNPo-`*lyWcH~~s?tm)eLZO&K7x-xt(XC8MD7u7Ps?!spG1MyiBsGmm^dZMFsXkryRx*R9k8@j&0Z?L+F0>g7i}b*w#TQZ?cK6vwZ?#4I zWp_hcz*O5^M9EXq@Y4SDn(zPX^zjvtinw=StcqZ8yNT7WdNet4TAnZIaoyS?7e}Gd z@L~h+|NSkv*0!C=&0&vy5sU0<7{GHUOz4`|3;U5$~9cf&zlEh0DWH(_aUhy7*gkuZ+j4C zf3uDV;L(TFSvPjOiF>o{FK@b$P1x!c7FGGEX=p}d z-bL|jtyE_YFVUa}0vnXtTEehBHvw`B@e&`>@vUtezcruSSjghR?!==qq#8_A(_c7N~b zqP<;n+I`$YSn@Q{+`&a#OSWo!$9DUFKRp8ONZuBVg@rS(unGd9pNvt;le_5tVyiIC zDn^nnao?`Qj6^IsW(S$9{aq))3xvA^UU>TRi{HxQ=g;;FF$@H+AHR6?=rA>O=gpfp zZ~lF8!M$0^ZQZ}{0o}mRzHRTOOq6w!b5T z4S2H2q&k;ksg!imyNf8`)O5cHsG?S6pIipo@|i5hGNq|{X;ZYS6wko zyr1B-dr?s0;!v6_3oF3?IZdUH?0(@9(^sn}09{KFi#O z&auw)rr~(W`?|lm9vguqL^@=FBTy~W@jz6yzs%;3MJ1`y%7OzfyQ&m15oUk6yZk@9 z5wgR5jGkVz=;b=5(dUpoc2bsL`6?-kEuymUT`kSEf!@Pw$N5Q5Lww!jwzBwesqnxt zSx(bzvShg%qcS-_w5!S+_^kKM+m>DSU@+qLl_s{5xJFu1Sazm)Qiek33iL|69CqT> zN1ye_OvO{=VxFI6r>0lECf$M#q~asPm}O;uvu?)14O+t=-S~wkKht?V04wZdl_GnL zg^HZ6vp5Z4>cylDE^xs#q-o^E(?3Sz89IGDxf?|?Bf12eA~{5On}&T3D}WK;aJ0Fh zJ3_asW(qLiisA*i&+g<*O(Wvj^AT|%B*l}7M6)4GC5idX{?6R;#UhqW%gS({%NHNF=&x;_`#dIqneRq8wTPraQIfmBRh5cc7{N%G|o8BtrGoD~YiDcs1F|L(SXHnQX z`%ylA_WioE+~}}0-;x4A@Q6*{17?(0s;0s8c%azWB*_vaB>A7{#P)~X{YU>SnZ?y)ZfIDc(kgNT|AWYlZ$CVK`*>4nVgJGe#aI z;q&LPEC{KTZmVRN9S`{S9BVh8XtN$woAqDsmEYl$Ep681&`B}TUW5@En<$XmTee@{ zqP>+S9^`7_qr^>A0$y^}r3`nm>Lh%fqm@31lXp3NgS))QL1}Bc#fG8>L#XimkVbfz zsHF|A)EZ%Hh)Y}nc z8Q6($+87aN0Xq9TZ@Pk+r=qLB9j?+B2NDiP_(qH@mhR(UE#9A6M6GEk$>^$1hO?p` zIgH0qd;3fVccIyJ6#*SW1_n1`)t>ASkU~{~6fn;@3`(ctV^s91uLkFZ zr3LTj)u-&PU+ol)w|2XEui8CK7i$ye5OjZYat!TIhi`v-fyl{0 zRV8l7VV^To54+&?M|i~AfPXmNX<>hJ*!}s*XLrBaOqK|xTT-QRR&Jgl*~Gy5p^R_| z(6;0rNy-$<5CUs-kn|N7POL<~-oyEOL{CFmGpP2mCcO-Tv)=@$l5XS7?Dn1x3xp1I zWpWq_Jl!%`cYWopQMc*+c)p1cIhog2W*u^?~5xXf{%G3`ND~6b! zbtWZ!dQMPAYUsm?BnVxxV`YO{yD-aPS*^x16VkgmYkYYk8$_jtfrD$INv%{|#X@Pc*r1HQt|*Zm_mv`Cd*2E{9OoIY%1NmX|4i1fa) zV-;$6f>(I+xd^FNOfK#iY@3RgAAk1jovnAcG`Mh+H1}wb~lH zBCWz8Ny3P z4QMu2y_Jx%Gl>L(DmX(>s;H*h3=|U*+G}o70GIc{)_ovO$s??zhslxzi}fPW}*7F$*9 ztJa>c6xVIjVfXX#5&VL!$~~@ff3x2&Cc+pQ`PMBqOS0fd3Vbr)5A z^4xVOE8f|KjtL4n&NBD@3^yhkU2keP6zH$^cJhN@+v;pkrG2z@iuG01jF?*&AT_3T z^hJlkF^GWF!pr`ou{s!bx`&|Av0CIQT5WrzL6CM+9b~7lzSVBF)xk%In@|vjqI^}b zBTCP6#SyD4cW1+poDgSjcKV9CSfH_OL1WAOBtAMW zdlYuCIAyt1!+JzuwoIQBN?T3pAUtXD@gOxg76@)WB$0Ki+D@qmpF6{@3j8ie!90L* zif}!IAa-@N;91JEU2I=9PN~PIgAlzx4$JTOl4hIve1akLX(R(>gvTRkil9quuMemf zxBOt#6QpMhgb!h%3l!D&L%!t(qna`S!YAFSlCDW$NmYZO{9er64jrgaSz*BRtda3*7k^%1Nb) z)z|YVR?Qbh&Ya}UlX7E((z6bL(*<%oeNS7ah~R9QLQCEGWKte5=4_!jf*6F4tJXy% zQz$QZB0^6moSuRy;5s%BI_EInm4Z<$gy0BeanWqPZlWa&i=^b|liwyg8WZ+66Sf)k zkKBszl7BE55B#l2Lx>IOwFM{}07zuo-&{O@^`!h>$52-TB$a%7lGAlU8m{?mOx^9r zlR$>T(1HsE55cyp;O?*R@W3aTvDBGV6uS&n}FNps2YEQlCCvK&Kf!BrCZ<_zGnbeAk>uX;iM)) zcL(cMTwR&h%MCb&x!5HvEgazzS)oM}WXKIzbyAKMTpohC8uXfk75Oks%b9$#xz%J% z_m*$EUchi7?X9kpk8FxP?5BukbU(}dyU*X*-Ffro&04w;!q@1pU%$CC|5$Fv+1#PY zLo-w8XsOUHNCq6H{_VsYgdjiwZw$}@h#_$gB&K;yv$O{a{ur*Rk<2X7h0U>2(GK5# z!HI8W(#7&(5=@0clwdnZ+!#dPhgpN$`qrbu5fJF?WDZ{rf^c&X{H)*|20qp1TPZg0v zop1E4imr+sJ)0-9X1=h7I@nXW@HnPrH5Zd5k%vIQLYX^+wbK5URj$6Cx~_4p^P^wieZZ8;pzJ6T#i|bm|NmgkN0-2$ z!oy7iKz$}uw_O}Qs@G|9tBJ_Ci{YK7EHFuoSveBdl<;c*jbg?uEE@jE3}ts^9l?9ci**o z(*h(H%4SG&eVcI8MMSK(B{W4%x87>@rE1>*`_EJb|3^E?xGUb@IZBj}S^z+)3jGt4 zTYWssI1WsX(S5-!;8H}<+p%veR^lpI#lC5~=5I0{XcNy3-YY|b5sp=BHYzjW$ZhUe z^6alYY?&b4Y7-?Ox~xxAfQi~@JAf{D&O`eQAldFWVPOXFxU079e zg0p?SA~pI@$=yXb5f_)GLljoEUH2bNiO!G7f#S!Ny2frn;hppTUXy{Y`+Jd!V)FO8 zbJAf!X&IEce!crH|91B)SZ7TLs`Wj(#$z+BM>YsOE4<4?aN|hTOLH;2wiA=np`Q7d za8>RPyL(TczjtqI=!qH-XCf9?)*5Ik>o#O6B>>Q$AN}>i)~!Mrs26l)&hfQdMJodl zlr|#e-k;xm3@-)eJr5Uj&C|hEAr7BMZW%ES?#Qj;$)iWV0;x6I8s)`6s(_5H$ba4V z)RC_*mkoeN#$qSbZMsHC4&epdbs{_2wS~vcOBfc2FXc?jju86OCqF&;a=Bg<(3%1L zN)EGvE^obLA?uzuVX$#~U)yeX#7lLTZ01eCH6DY^K_qb$Z9lo(tOv=Npa+htLww9& z(JrS|4`w$K0kaP*LEPbD6h^HnJ5Pp5Bh=9LDZ&8|v2Hq{=?aTUEHFP9?$uJn{;+%h z^Cuy1QDhB+Kc8egnYA92$}UD3A?v)n`~J`CYG*$C!!FjZ@{0`+ znKKUYxRU!C)}iK9b~%@|hJSkR&&S`u*JVC@8G)FLwjP&89frIlLT;P)-o2L}Zn|4j z2Xm!YBi`RC&nlL~?$w{4J$|{xMo|{N0a8YzRwou^a3n%$>+f%m>+$jG*i7=P;Kd=# zM8h6zp(4@y!|tD7{PxRNt6CE`@wmP@qS<(rbn~|{K79V+!_DN19Aywa)4(QX5M}5t zO3Bpt?!C{RuO~_Xt3()<@$^T`oSowF_J`d^KfnKYiYQ(tYZJc1`mQSnqk!0>RoZ_VKfhL z`jAWo-J@o6M;VtPsQzlHHi(lB!k}=~w%Dk=wM$_)BCI6>=+aERtUmjHk>XJ4(2fH=%`r;_kMWHG20}HSt&LA0LFSAiU1xu4oW5&9=g8khd`fy`L0fHJku6=|O$Rmv5r# z$q{dlyiT?P_e(3~anM!O8Qvc@#|XFpT~+EK@|?vrZt&RR<9pB;IA|!jVn@WlpfT8d zy3Z1kZNG12#u34HvoTNIFMvJAYy2qcxa#Q`2f_Sh$#l3zoFFJ^H=gP_3%p&8Y+|HLxqK^4$& zTh7cy#w;o>x`d;g@Eubty28NALiRl%%-f>R&EotOXpnmi8l3h3!xWJ^Jz}@@CaDBb<0>}+5V)(p+nz_AzV&;o^9XecIuA8`s9U2= z63J8whWxtxeDC;V-I2ao$!q{^>QZ&&yRzHy{mmYaN-5NNYJJhzu@rj8C72S-pvajj zJ+Km@M~vEDpC+Ol{HS>ZL`FKydL}KqUO*~AP7&0F&% zt>(j0z8s^%5>Jb?lh(TJa(2E+%7+5cbgB1eNFJo72sVuRaB@dXz!1feB26Lf0{N9! zHRA2C5UaMUfYO2M5iP=ujc~}; z>B-=EYs%ms*8~FPr=iw2oI=GX62H$XJ?)yn_DH57w#hP z7U4|F9x#4;j4097{5CkD0U0jjYS5nd=f}cO6;Z;$hq($8SDQ;oNz?^wF%t4~ulf}v=dw$L6)upN(ha;2TGe>!5$pFUFI4kc8 za)M_k6R35$Em@oCNn@{*GyHm%8`o=(95{SoZUhv%F>Zn#bTx`=@{1^zm*pOSa=+up zv7;kVQyASbyr4vw`M?yc=Ia0%w9o~|s9-dHYi{wu-1VEk|9$=6^Quz9t;xz!$>xQu zGKwSIYTOS_`^B$k&PQ~g)hLS{-6BE-?w!ZBt(blaVU$@HAU-qPT zCSEq-mQ6+!!Kzety(C*^r#SMu^z<$SkDsNVLT)z=!lQ#x_A!*lS7fk?x-rNCd*H6Ag zmt$G4I!~LDOOabhh?B0o^k3V|8jTrMzbQ!vqsMfJ#tqkgJlv424(;t4gyX+!a zc;R@C)RHVBzBlG6L(QU-jdha-8a5G5j4=c?0UZ+Ss!0Umo6(5{V4Wqmr$jTswVEu` zy%!}{a*C-C@(_Wd+~ntS*nRM0`m1gfwXB-{uH|irtLFlhVfZK|gy`?Tzt&c4N zj~71|&}e32o=v=6Q3*Gu3gu$l@uZfqQG3ES`tmi&8)T9J4ZY zrzW=WL9jras0L0`aWgFzlUBy`~L8fCq+R7xhiuYY~{ zXuW;8GXhN`>=LrEe{{Id#Dux`kR7T63z2iJ3~1fAf@ z%$bhNuJ5l&^Z<>KS7ZLIkbV{Pt{T@FMBD8t$In|45jw+Ez>D*87znU-x+Z9Jc`cUeW_`S7$6dx0XURKTnBu^2U1@sEnnx(EuH@u?= zvl#Q44uS?r{%O>r1JNO2h+tdfx+rf=E=X^4y-UdvDUmn_n70(1n;yC6Jq%ESC*5V> zY?3;+3yH>1Dx*H-s*N@X@Wp0|HgJ^{lR#{9t4fho0+h=8ZY? z(C=p^ ziiQYEsGesp5Q@fXU^S`)lp|{s>tWqFc5`tms;B-+&UUVz4b$QDQ@nlC<9OBL+ZD3& z%rkn^lTQ&3aOJItMvz)|!GFTq+zg}1Xb-~|-#qJ*>_oOR3nXKNvmXhHft)|M#Jh=G zv%fj)etz=lw;M2Vk&F#65VBPDCIDP3D?55(kqj1C>741ooYMH7J|{W`R#ZY|cAX|> zW@qCo&>&=(L5MD{L9Ja=Z1FM4b&8*v-riGo^dz5h4F}Dd{PL|-yMpP~sN3}Z^Y<^F zZ1Vss$AJ-+BG+jH5)iFO4)>bT0-ITv!uxfaW55p9Svj;8jVzlKHS_GCY|v;tFAqX( zvIenM=oW>4BL-j3Oiu48NqeMhfG?>8ZbFK26;N?&(Bxn9&igOk-R!;2XW22p;fTRq zOORV|6=CvGzd7uleEsdyP38v9oeJG$r82hlHc-|;xYWT4%%dt=b{nUS9J|pd&vJ)J zO=gW7H|BQn711DOw4gMDm*c|`4G5w=GcG%Kw9!|BpJdPvBzhVz!E}x8Vdb~RO{gE= zz4PRYbJObx-@_RKUM48zR8lu7waI<|#Ru&Hc)GF(6voh_07Uc=4>I0e+8Tj>epX)n zwRN7VVu}rCPr?3(!Piqe2-t3*79yemSydDH7*&@SX^0iEl_Im zYZ?WEZBUD}I5wW+3+O2^X-64{_!I{?DWZev;n26neCN%ZJ6l<^3qS2FQM8Q_Bs22H zz-QHy47X&>K3ux};}Z5Axb*@@NY3ES+Xl&mg7ZbPD)&i@?2^0$xd^J9-jmzTk4^+0 zmSNrq9LmTukUih_e!6C6GpeTOB*Dl-T?lYn745e7UDlzeD}qNUD3j1c=flyS9cxip zB+Ci%6C+trB3NYNTMn9FUc<2cCpLjM;B9>}wh}bw*h(}ufW687EwqqgHT{8fy0s$E zCxo$vMXUYg?(wtT&3>|sG-<}_x7kr%5@7$^>}W3um}Ec4(y-+59DqEto-GbX15GZH zNtA_7#YD9Vj8@M>Y0cOXtK*w1bf>9|3xt2#+AC+t~o8Di895u^k^sUoH{X{ z8P-FRvRw!Ve{cAl%7DCP)7NuQBb>H*gjj|&3EVTezqtUuZDL%9^?oEo{6b#kk&6+E zlUz8_u}M;M40yU0*o>6sf$NSF*~cxSTx!XS%!{a##02mhDa7{FTnCDM$%M>MbY3`} zL`tkN_K+?rs=V6o6>r-NUAOddXr?(+?8L|>3wGt*wVom$ErtCV=GQ~xvBU*bgr|UX z5hFNIn}{~FH3Q5@sj75^LUNg5L1?>L(P8Z++v1c9H2_xMZ#U>@q=LQLj>g#d)D*uE zUF~~RRbSn9kMacos|6+(m~dWTMt?_AR+Fc=k?T4rF+ zn37?2 zNF#DO!%*c@F*31{88<314w~ShhumUn4y)E?3N8?@(1@hfMlAduP2rp7B+wril8*}& z7O6B<5NJk_2_z)12ESs=KQ8m0=t^WUcp*=_V4$R@SCpgvtuO;tf zaDXyRXpx~CRD8k=mBq<;5;7bV$Xa3sot2YG<(0?l*Sq(g|MlfJTi{?LdRU4UhOg0> zsq8=Ivi913_3IDs=UZMN3?PiEdLHw}3xrj6IhTCwhao$Hj>PT7JqG0G+%*4l0Q z>f+Q_gjN0FJNGu(Aazm|acaVa%GY*xDuYECr4;z}<^2~^;1?YQb`&}3g)@sI=m`O- zLl`gjhuy=w`T6hbrn6NR{`(>Nx`v!b*~KVpEkC~d@cWIjNgBm!&vsB*UB|Ri+2veD z(TI2d`1y}@=ecQbkV(e%cupvQzK8Bz(my62!aUH5xWZM_nLq2UC}2wLmuzM0pk7d-#Cl$yi2v3;O!;NvXwtHjY=Q7bJ z$Lv`mk#IsxNTkfSeQ|2(z*8Xh;2q=gayls8N?7<{TaWBQB#Za>*m*X%1N??IbwpkA zi1>6}(wcH|bBC`cx9g6XVNH7<{l7=S_PfLG<+I8jHHu>1al_a1(=US(kb?P-wpI`ucNEK_j#VfW*Q&px=n>fEe@@*Q@9 z<}Gu?2r!B<|MI64PgW8N&bu0#hCq&Q*0x>v*YEFt^3`Tc+L*B#4btxaAi`;WP-?V>-w{OHB~4I@$2AC^J8fM=qh70>Ga z&7>ic(S{@mW2Gzd=nj0a8ig==@rGa!-Z?>C1=Z8@je3g{Y1l}*$z|?Be^0Hax*l)Q zAeJAlUbLX(2LzZNViAf^9?2ux=Twp7bvo4nQR&|0!8AOcN;Ygb3ny%c`C-)~lN~s2 zmVW)Uk9KUACSLXI;7xqw8^T`dk%EYO(ouK(t zOT13X#XB3&DP6p=;d(uh(~)(^r0*vY9gNxXIqm<&`+eUXP7{DFhfB&wsk#iESAc$t zTGP0ERx|Fz3{avhklrS6krS`f<-05oiuUab$EU51WoB2g=1Y4PD(nu6Ox>AH1?@@`S5Z6 z{pFn%>|d_R`s>~9PW}Dq#jH$L(&%e4|L68Rr_dFZH2Lm3%3T@mob1p1SSxTb6y156 z;H|2d0v@P=o^_npykbH|i?t?~P-{pTlLOMm(E5VN<>h`J#^v?NKFyLsf~wPCj+H0e z06pctJH-#RUocl*VVFQ%h~-lzOC?2859S`-z+cB*QgD#EL?%JEUmYCINrmXO8V_9S zNMn-4l6R0PmNLraG9q-iAcd5o{66%Qd%Mj!sZxCVQ?%AiR{O*0gUbUW=cK$q?687% zuFzB9gpARP<-n!{sM%2hRIe#A6((K&XlYYeHW0$gUd>iZ2n} zqQ{hn{Y~Ri9PuN?Q`%LTBIRSbS?-(W;SyuGJ^FV!?YE*p7GZX) z)_meP$%i4O1v05+ur;}}jn#JD4xl``;WVM(@Swx~=4Q!bxlEGDYiR1He8nMy#lB5} zo<-g{-H?rH(qWRdI`-HncFdtOC6FIGV14;j6UWQBJ+f&BV)+xL(Vmzr=v-c&xbRl* z7wSQowHPrBG3zHF>1-+7lA>}XX^X3un|HEj3r1T|d@xtJA>&1xzdQZk)glRI!&oIz zDjuG6>O~A@J3c2CW<&^sxm%6A@Az?JjppaAs6@~RfK1nj^R>NFG6l39@jl@_~8KDYKXk z7g&Gl_NAUXB<&)sI4E2v3CNandKc4VWSJ&F~!1#L5cC~~P(H)qls z&R_S;`T>dqpO9|9viU)@7~jX6+4V7+jD#VPvz`PX1>e(+$q+c4VRh(vSh-4>pPXHk zV6cG=O1CnAh$JCTNf!!Y4O|xR>DR7$L=8m860%x^V!1yV<$|vfhT7er8_6^C+Xvf5 zBNqWhCI-qb-li{EoWb77*``%E-V!+P6cFdLTutqd+l`yJD8M+e(gNdz`@#{Ykcx$l zo_kXffh$Ax{v?1EeN4gMhnd`VR-^OABJ#&^gzqZnyWhKFF+-iNHPhV}UUPmrb_ic% zAz>2g-=3b<-Zc4bA*>H>F$Pex)r2naVP^4lyN4)Z~hEV{|1cT z5KABr7oGDYCtU$UysIhOWwSp#Mp9XqYot&{#2gk2$PEgWr zd_aT0LVPbfQn!MY`^(+EySu}ybpvoB;sRO=B#9MF<^C{Qr#0{G&^w}3L=PDroQAi3 zwH6T!JS*Lyj7rw^r0oyiVBebsr9EctC*ZmpMVDPghU=Q)3E;zc3<_4+{&M%*ZXJh) zns}c~dGm$iJ-=d-1(2qM{2ID}xTtvAJH35PEJ2Jq%gy^shg{X%EYWeSk5O;)C-WLr zMqVA`OlL?ur_eP5rowEeboRFAx^$eab?fswfW{Rh;8iV9Y7(*;M6Q5Lx%@3P5Z2IJ zpne&z8jsQRCiTuOF;@@*Y~B9mdSxtg&LK=vGEp{YPE__EbJ?9Yn`HTp31Z;Z7>{&7 zDy1IzBA8bOmtwWP8}qX@Yb?MqBcMSN#9>7egeZT~pmqiKpP42SN}rt(&fypm+aaD_ zfR%#Jg)4G1Cn73`kQAMCaO>>;R0cyIN;k8@WAG92eAcPZfx)8lQ+x&2(+SJAXL8Y+ z#WVYaXv}Hz79@#KcT${*v{~u~`T6&DQff*`5>9}i)B=*>CAL5a@~Qh_^lxXC25dMn zriF+eD)6UIOndI|QDtFe(5AcYZf9M48F3|R<)c}fpQ-F}F1zz)(;^OMW1XZ7BKEGF zA1~YJ__n>0B;YMXiDDB_NM%=Z*{$}l$g@k1U}QcLp7f_e@z^scZ`urAr=Al|^B`9S zX_WoPf6RrOjn&rzx3xwxHE(%BD7cYDBBV=m?t4s}3pM)F8w)hZ%RjAaffD&4$k7G` zBMqX2QM6PZ$!LA1tpAv$8R^BzWXv_G+XJchtb-EFh?VwMOY7xz6FBN6I~G#d#Y=W1 zZCwYmEmjFqP=RMZSnW_Gl<$C5LN3&fP9`V^?#vxsa|b8^N|>~olxKp0=fp@VAa_%+ z3-JCrfv%g8gY2yfast0>GQ4`59R)O$iSJjMb}5Bpc|GN0aI8T22|I*S3vYbE6--+5 z*BZdr8UWOBxP3{Xmy?VP>DV@_QO-+k2~#Rl3K3E;PrBf&%9#mmT!^fq!%%3*!%o$3 zt4crIuu>2p6uB;t;>80W!t_ip=;y3r7Ce)W``ZK^5NM-onf8bIQ?N>!)y4n*>$+8b zn;na7dtT_sFWJ#WQWW!zR=5ud$GIoiQh}=;&dOayRJ^y|!EcfmSJ${R3yF|u5F_yG z`uMAjzm6to?G{Aal&k~NFrw8);oihK3u!6~V4gh8#1@`jVV3g@J;^WFT}=L`Zw4 z>8aTu$j&58lWW;-DOvu8sLzyKkJ@^p#fpwUHIeH&tTN~J}bMl)-wIlQBpt+O$e z=Z<UYvI1DtSOdxGvrwyvH)u{)ni zsUXA)8LTs>y9gSD3^zUnQW|pDgCM;D{UA$O+{Vvs7qPRE!#?)}sl{=)nR4bdUP(&l z+R?mA(&5ZT1PyYv8`WW{T>S=Y2xu;fL3zdd=@2~_8*&65_edoMGqy;G;IR9fifAm`@NNrQg0Vc+dgZ6*aq+-V!DM>Lp;KCz|6D87xwbi%hmX zAjH+QX-`^KJLHjZVx4dTW&fDVZnf#6_w}MlAh`9kUqlvJhTt}~ZBnG5p$ieBur=s6 z%Kno)eo=aUpn}X0S-7F&S4fn@%Po~ftQwg0(m1zv-$vQhTz0lapsAI@r)!Fm0uW-Y z*}mFz$hzky4ovvQhbpj76 z`^Q{%zCq&{Jt5#FqypquJ%>%NXO-pH(^`}gH$WCt_OH3@?B?;n^OJe$y=ej1W!-im zxpGN#i=~n4#I-1+c}3yoHQYyu;2G94??)v%czTFj^*6AHwL|t8zrprfTzHKJv9>ZO z;mQLtASez%0wRk(~+)|k-M(Y#+}~d zvZM+Nj}Fn5HMgR&tGVplFed}0B0RYo0cXg&6W8_}bH}3YPn)=b;X>KJ=CZ9;4?CPL zD4A+UMfIVkp6Xvf6spWC^qkOyF20L{c z9*)5*GEcz@!KJu$4ufycEbMz`{Q9P9WtVf=b|sY2o<)ivR6Ps;sZh;$mJ4b9_TFIJ z_oE-IU~3gCm0itc=Wh*7Zn45yF>Yhdkb)@c?c0W@P`l1py1GV*Ls^gCpwcbB!Hy&T zD>4A`LQJ}2Q|Y8(Lea|c4xpfT%4cLl&}f2}7?sF4YzMi`xtbSxDTb7@!E{slcCiT}&mlsWv>|bb3L*87y1q*EP6zD9 z!l9s&zljNXZKvw=DMz|1KnT&ra){#6IMZ`Tgq)G)!xzrO8R3>lv`&u7J!CB}{)Zjy zf+jhTjGt#_xxIi?H?bh@y5o;esTtS%&KnKjDK4y%>wQOMcvGYF>;W?*GISd|pCL0z zBD7N?)p>zBAUQ$u$}%Emii5w+;t)CHgw}ejPr;QPP26AZp1#_hx$e0owA&KX(sn>+ z(nPW95<3D_o$zsJKTZeMCbsEO5ZyN{3>bf5;fdf&527D^prmwhnX)`lEVtlY!85N~ zK$JN_v}y`&PbSPLqNi7ydrH`m$Vx))4mFIF@z;yXX!b1h6x&k)1(Y*Pv#!UC_KzoU ze?wuqkf1S(U&9AR;7;z|jXb*jTs4VeDG0m=6VLkm55BN&|j&v;lf_N4V9O!o}sL=DDye zuV3#z`QW`@H_(&ZTL$Bji-wVl2KWI`>{yND&!(Hz zd;G$76m7Kmi!bkO5@6)&b?tdRos(tbsLM_6AQ!r@0Q-qAQqj0$Ra(PQw-nj462@%J zNuNAW=!mgl)IT%c-ZVQ};2On6JbVr$fvMb=_SPT>#^I|UKfSlj-|Kr`%^ZYf+m#Jk zfpL0a5nW}p<6S*seC!AiSy?NA6F^h%UA|K0|xIv!X zWSGMDLRb=>77Px_nVV;U`zVuH>&4uysrKWH-j^kPetbfapx7r2Q- zZO72Y`t$q0Jh{7FTJGR$EtCj;GgiU8hD57N%sqcV6pZ)lgIC{m{a#}xL}0SU(@;3= z8**iFi!V=)wKoj+1=9a&jf7)}(<*Ly{M?)z1tG!y7G7=PZM=2xUUy2_xLsMMSn;^b zQiPgJR3|K6115&pE!nCt+X2y6Yx)F_|;1_jUY{_UBiMbps8vtvS(fTtKvljJHg{?;Jc zU_W{K>%Dh3o4AUeja~9;^7fh)(l|sgO925&P5R zI|SOnU%q^Alif`)TTREZW&`YO}CXFy6zJ0^csIm$n#W{xK#YC6d-I_5>TsxDKxFt?6kLgw6gmwjF&lXUGP@ zbEg&Ub`=Wc14yKLBQ!-B0S7&SJZy(R8O45n^2u>CRBkKmzgZ}rHW?69_C+QHF=hi8 zJC#L|;O|9uTzRchcNvemoL*K`gP&Fwo9qEM;q6I#C8a6sK5U3 z@ZG!xFY*=#O}jz|ZFS)YCG+F~rXeawr$g7Xcp2ch7E6dB_lb}`of)h22oUU9#);&) z`vxr!|3=%AD)cH8s(|;A!H{PwgDS#gN-r9diRs7j-Xf;SQ2;> z!he6SUiYf5?%p%`q&@2H)zx)e$NSE@9A+6{JHpoDS{Y_l{<0gfN>?oazbv}rze)S+pu!ACExRA7ZL zsX4ZkTBwTI?UPLPx_b~Zh#JRDNzcRss~87yiwdNtOxm9xVPdwN9VV4cO2dDtwbM*9 z6dKd+C=-w!tyOOO6vf#<$XM2por1W`etg~W zR|jv9_s~vsiw8olO&5|3@~HMHX)z!+k4|yV#KR~@RHchC3Gp; zqJsu7esqr_7ns9jN`l5U<{5pH3XBS}>0{`EM~>o-z(JRYj*$Ho(nueibuPQ;g?K3S zDGDuOp)w?CY~92ycC{}i)T*ck1upOBb8?G^m=mC?fk>3pEH(3fU{9=%@qkkG6yonBe}D=?-+s_!ik%WDaTXg${N~N^Dek6c*m0JB2#l!_TADFo=SsTragC6>J%y(2 z(y1dLV+PWK^wkOf{QBdJ2&zfRwl-W=z%Q$rn?hM7s3!lRpSV>SLDyf0%B4qM;-}-e1U2B^KvCVKfn^#rn z!z>#kH74EavnJU-bIw=rV>$SWN1F+&=7CEr@0;IV$CQ(Lv3XX=QF_v z)MZY3ZRvY5b~@Q&4R_bOv{R9uD`5+FPBkyaU?YiJPmP=dLy3lz4r2*z#tr1gYm=N22pmC&snGidh@cwQy;QdX3?Nr}MhA}` zEh7Z6EP+CW#+L196B6Ud5-wIFXgjt19kEGxnRu>At9Vn;hGw00G=AyU{-6X_bp#45 zahlK2-r!1DEHG`J-#9~BLPAik1M+s=nPre8`q``DQ_U$V*%fhVr;WTT(+A1!o>Hy? z0qLP0Ppk8deR%}I6OcEhr?`0!pkQ;i#(H2XN#Dr{7f?Y;xSKMr!=_?y{?=~ZH7YiG zo5^Gq3^yjT1R0zovLPiMhGki1RCp{ZEg%|0i?OS2*)+`9N|dphl?o+wztIE3_hJeE z*c2ej5mIzy&0jdl+!R-a&eM^se1JKq<&0k|=T`iqlp>|@nxRPvpwkjkbsyARM(qoYN6bEV}F zCBb)U>gD7L+HFMqnRr-svz8;#N>Qcl`3%Hgs-1O?W@hP_rl{0*&Z&f?86zaBDzBa> zU;#5_%P$|1SQD(jxxqLBLiB*?Red7tI%gm0bmMJ|UaJ zO`wF!bTVW)52}?ey~%g4+CSc*G@vJ^(+a*>zIpZLo0n~$*s2V9O^ckHMka6Zs@y~5 z`Lfy~lUHdiO zO9p;lCSc2oF$P~&)^(q#MA_eQS<~Yyy`aRV<(%5(N?9uE$bF^5e>T9N6+^#Hp`LQ2 zR4RHySY|-LlASw9R)Ug^dlQ=!bc5h`6y}f{j7n~A^5nx&qzQzi&i5C}P*cuPJ-DK& z3Z)L)VeRMhyMRT0l!rI^Zyc&JcG$0uiJ`OxNYH3^Y?|{h*T{!a`bLfE}B2AJVr}5e|8fL8}nl^95<@EZS-+3nZ zO8a@5fg*2xn)W?_++-LuaBC?dQ`D_&8I*#HWe9MDIaN@u0gTJ)(nxuS+v}J?jqF5) z%x?w8g=LfHL}j4ZRUO+tD>4E7nskh{rwuR@id6fQdfB-kfiyI)0ZzHB=km zXu#_su885wQhBkSPx3^Zhx6H)r7e;AZTwuW4vR;qMWqEK#I}-d$QT_0C1DvHV3E)k z2lkLM{(_+?$(QxSMlrLz4!&lE{af^K>t)k;vX2ULm3Pyl2O<4*>EXa(~k8Y-^u*>C6} zw892twTzk|tsTfgz>Cv0@KWZ5^vfVJF9Yzwwe zSXf)d?h9AeS%ITXfqKz{TBgLU z6iAYAa1Z3DD8vZnZaZ$+nO0Ko21T?K6kF)6?rvSH05a7csX!%+N>vo2g}7}n1(B&9 zyCdDOQP|uOnJU4;Tuxv8>dlc4-1@j|><3mf<-nEnr$7Ap*MC1gpe;h7Qiz7=w2>n1 zgNnH8$+f!{x$nJxuf4{Ov@XJgbIx(~1OVxM*fjs=uV4T2?RNhoCij;PH#M&B5_JOC^&-Wgzxe#;KOFi@gE_g7Z`Wcu2N$*rV$56USBsTGN*a*SQ7U4R zJbb+e$e;p3hX5Y9uxTYx*nWOY4g>%+(Vd&SdbIMePXmo55JXz02dc1Zt=;MUKYaA7 zHwVQ)NlxI-RsTjvC*-CJpjdW9e{Ho-kv3Yv)4+HolCU zQ?{W3+hoxrR#=rDSsK!n4#mg%(8IpUe}$KY3_{qQf+hwN#8KqaYIRL4Z6bBYpHZtf z;fNc{UyIU*4peCyb4dfTfTq)Di8zjf5;9AGu8cI~|#og6!%6ETjuiif2>BtgwwS_E;5;iq)QU4rkC~gWshH4cn5rfZtHf?>MMcKX(j6AUVynAr_ zp6=A_L`p{hR)WiBmxH}&*lNWa@b4&^=DvklVXLe@ga2nfH@XZ7?Ue9CwuB>72!DqW zd_bS?K8Fb~lz=H+yV>xt``EXgz3iF3B7{W>u$u1gG6-*1ZM^skA8g{mEZWvEc9k;w zc~*$fGJ#Pb142rOxT0g8UcEWpKRItdcO-_yf}|lz$D(+E^u3&)o<8ZPTSKo zYJqMWoF3E#_h*VEq}8h)1;d~^dH#sG$oLTGYUcEC_X*2w82B*o(T0C@Ob2)Hwv z*-J^eqZ@;?X2R!lvR~$q``pe?Pwn;T)*#aqhjFCpblrE`4r3-MhS9Xe(%29Y=Vj1N z-@H2ATJ%!WzKDpL)hovlP33UD-wof0duvU@2M2ESNWf9;unif)*J;?q9kHUd#i~av zZ+EW|z$ykiu%PkqArC^btz|L-lBm3FMEvKNAol$9^qbTD=GfkUY5)LO#z7&}23RK4 zgZD{EPT2=9aO|6$1SN|vGLn$G0c)RL=0JuIq#`*wTvD6fpjkMtVqIuEDz_Vla z8H#dH`n&A0GYH@h->w3jdmg}it!_e7s+dQj&_ek z##&H2Oi(U`+&@8{Z;g(Yyle#2PfAr6qhAi{<9OA`Wvf6pMrj6+28=C)t}z|?E~=jI zemwo{ub+PM;gM6{Xc!JQJE4vRM!}`bb@yQy7@kl(2okjwR8Se83+hm`$V%>VnWy0b z83gP#1x=L0^*4&GrgX?$I&qJ{FnfjDxq^9!Ei{2+?^3KId*SfOR0I3Tuf90cz{=J- zDj%EiJscqkib&F7Vf!2$!!B4Z<}g_?{9g7pp$N^Hwnv7UP6x;!ob)s$kwzi*zZp7a zl@F=QK7OlnxTPRT0Fd=oNo@}0T4`k99Y1@M>0m;1GE$}k8PF+4|K!X?lG(rj3_6Cs zJMfopXc- z(>xEnNn ztS9x;(k!N9776E1PxW+v_vC!{@B2CEYfz~Fvr2OdP z+#(svB-{vE7OdO+d84pI*v9rmQ>vloGMMb0_E$C`oLy<)#TopXXB=X8?$ zmM0vUqMA7;Mrt7~W-R=uo(`%GMI0OYXH+H4l`2SWdrA)erv%<-xjJMypP$bKO!Sz4VU!L6Pqe8o0=Vp^qUiCIg$sM%Z zs#&VoP`ic#D^kbv)6?5@x_=@bLQBL0!~K&(AM86w0H=Zmfn@U(sG0%c*7j69)Srn5 zM|3@uhzAHBmyp6K9-Q?f9aYBY&WEqjZrTeax;^iPHdncwOnLS0gbE%Z%%wVc#Dfv^ukHBG z^O=$M<~g#OYXP+yULu*9sH&D zalYNsW=IBMgik>fv7gdtErk7hAd|LqgC#tVaBd-rD>k`&+Mo_7ffk5YrLVf7;?z3n zLwVF=LysO=L(;>4+F*n-E}jyMGI`DBj)Y09HJ#O=Y!-ma<$TW>n>TEa*eTPHRMTeH zL=JKu9c+&y*99vL|0y1lk6N(T-y~*q70pzx4eX4fWS!0jWY{$l02#>Io|2vs8tMFr zpopHr=3i8sxKlmZ**+WndY4zEt7}0%Vn8f8R3KC&YX!JVvSgGbx zb6Oz#p&3+|;v{K(&?Uo0BfpbWRNH;{!w|n6hh~0vVJL ze@zgr3qQpXfS8*?X+_za^A547BDWR#3VFpU4ea1`W@wJ~fZx`T!%nFhw>sFIqg?|E zEAaqZOTliPD~sSr)Y2HeZB*8cr)C#+l-VlOI0nQu zbm=1&e}DPMi&yoVe<0L!MMA?C?~xPa$<1b?8v)P5i+L_mm28_eOeGyX2cu}o__AE!(dwg2t>6uPpG z?JxiK;Sov8%fv+EuBZJjifjL8 zy|##W^^4zp_T3T7s4yCyN!6=^M`OA6WL_hb&`(5E$U{VQAo-d~l(qDh`^J7l6b?jy=DQC0Ksa~!Yq2ejUqKrE@^?S5-tu036^Eh7H$*H3@_5fZqXS4lmY6u^Zt5IflQ8q#om zM{so9yk@~-Q&kq!=s*FGiPK=m-D?TDCFQ+DL@+5mp52UDb@)sry?vRKYaksM&Ry5@ z<@6?fG*Y_9Bb6)svz-||K|t-`xT4b4NBIQdiq&&jDI2#V9m0gXYx9V4Wr5^x+7AnP z{Jo32TgR|dcn_78hAOYq$S5C8B>*QXKFnKGZ!#Xc#$kY|v?g<+tdt-RI;B9?MGZRr ze-BEWPnXkozkPV``-30dNaf`LJw$nl%+^1A_RCKX6JOipTV{Iytaoz<*O2~)t5g{9 z%_o2T(|#0Ca{A=IKK?ldjyGJ|r$J?lWfI&-Z$YAVKd*jpU2{-% zpNWUg2O>&lmzOOrLzP-&Gc$M6NGep_33r3S1u|$~Zu8zn881^D`5VF%x@dIrvOaw@ z8__eAqE%w#Fhed3@}rB>48GMgSfABm8kQSS_9Wxk(!)~_9CJ`bA#hQXSJ&1eZE5>J`j}6RQM5FAA%YWj!_^>N9BB3HQ|m&MNvgSA z6Uts4C4nhj!aks;lMs~(xuzs6li~3%R1X!YG&v$0UFv+kfARs3$mPnzYr&T-OiqUc zDvo~+lp3DcXUxa(BH62}R1bmPzoT0I;Xz3P(oWeSTB|8>H8ZA5@D zdk0$K9w4X{Vdaf}lO5y&L8y&kiV_T25*PhTZ8|HEBKodThTlze;qKPZw!ERmaUR)> zj%omm7^|+hSO>Y9P+;g+)u~uUY*6Z&G7zljeb*MYGO)W9`NEVZ7G@cL$Rj39;xD`AVs(u}KcE`O5TsP1 zn5k)fv~(5m^yzu+i|6bA-rrrFk86BT15&br-b^4dw73;BV>F4SUDoOG{K|f?E@i=K zA7sNh!h}l7A3t~sT4!!TvI$B`7ZY)AO|`I>`h0&Lr=ip?M`ROr>0I7^;`(3!$*KfR zCD@pyc7CH{jKa4@8T&SAln^0(Vwn`Ro$jCf%fI}~+Qa9q?f7`;Q*j%RC6hr2!|Q!O zV#|^wvtiPAoDYQPER7D~o`D@}OR8xkEo7wFn-XN_voxlxZyf9-g97>RCXC;jc{fNN z9sGJqeTM9r_05N)ow^TBZAMqLszi{-NnI)&8M!)v1{xFmZSLbm203{)PcgNbpAw&m z2ZRau2JryYI6OZbAGP9 z;ck?rwLQ(B>9JQcWl$&DYm&&_-Y)Y_idr+LD9NSF(PON-*&Z6?>kJFs<}Bb`T{LsR zr&=it{LMy-ZsV;sE;1$&_sEvj}AMroSACFkBO=lKDp)KaDHj))$8H{62 zLsJ{TV@)f5PjN8Y2pNl(*{%tqNRgf5&_vX}K`rEoxK{ee~jGgUzXWts6yL3IZbn zUtBV%JL8gTAGD}|

+BBV;b($;I+uxa+)6%HXz$iCFDbz+?*nW1qo;t z&>W^zw>)nxpD(Ac-mCxkf?Do-YoR_ta2t_JqN(Z!B!r6k* zN*$S6-Kb({8;55YNEFOxnY7tPMILpbmvlZ@$`1|{-PI}X?p^D&si;CJ*le{UvxCdl zXDb>lA{nT7Kq+vahn{9d$nar&@%tB_{Pr+MQ&;zBVi__=iOkr_~GG&|1@u05I8 z2u9+ox4-}8ZXJ$FHpOi2otz#j7@&2t({t@DE_o;xa4=i&2zi+PiafxUB1(pwkM~eA|KQ~hf5j>pZS(|)>IlNlAlb?UIm*Q^r;k7D-{;-CmWnzMOvfvJmF5IrJQ&V^GAn%zMMYkZ@&NC z{ux=)#sel5_I^{44rP~};>Fkf+mDXRPXZ;C^nsu*r}zH;kYQ>ItIn6xufF*H=kM)T zxlHh0H0U3(`0*H3sV%17`=`t4{cpbd?7#M1&Q-OAyxK_RYId+sUrw+8`ugjSc3asv zB&0`yrJ@6_P|lgD_WbnppXziuz4`9N@4nkTxYp@_h$aDjE0bwjgFatQ<FLGc2Za@NC%!U=xIHzTM{pH`k{r!vGgk3R&Bn1#E`TaA>KVw_k z_V(B9;*!?eaC>)(<~@*v*6C|Ech<>d45v6kTw2 z#sq59DVn?IDEDK|`mf#HEkj6ic5J=kG%sc?OgBR7LPE)f98)2z_-J zWu@dGOD)modLzJ3GU%0VK2Nw$Y4=;QaYItMR&{;;XvJegqmX%5K*Ny1^Z;ja@r|J- zOfBHx%r1G`Zuq=N#w>2ZQ)`wy#8C^~?lLp|(R)`D`T24*tQO_--M(Wu-2w^1)lQ=0 zoEaf;J~kHk8uOvJ301E9j*T+kdS;D%c!j-NfCk($xRN|RxUtR<)B$c{(qe{{lU3*Y z%jwf!AHHwwcx&R2hT7*ScUVb6-l{g;YV64Qk&+Chf;u`$I4^qn#{1`2j5}E*f}x#{ zYQRdxdVYE;U!U%u>{Q>JgUyFLmZU^)U@-GtGa;Y~pxQ9D3}T<05*LJt-1Tmn&;9Ty zgC=mFl4jl_3e#fB4M-Q_d!nxGqJBqz{Be!FI#$qgERy z&8pBnxS3jX*bY_B3FP3~R+X+&sX+o*e5RZ|uHQPI{NiPf+DT+1BRTdxpoLvotIZGJ zKwbCe{h{b5*DPbI>m7efL) zqiL~wo^;(KVb;YW3L^PB3ni{|S}u1#LtW-7=fTi*OwMUvPRgxXWh^Uu{|w|1Ht&1^ z9WP>vB;UNaF(lm1#f}0xFBD#D#fCttbC8ukloG*Szx@8i!HMIYWcZ{eLpu_wmRJP2 zH)|@qTNrPpzy!-Fu~MK-*UV&C^C59sxYX^GF=?Y9X%^T*-pT~G{$%ZlMcEKd}#ffx%vOor^X)ZgNkVK)Qu=!098NZQBneYA9j6q|kLzk>Zq}^%2BIr?I z`{=W2zxu<=^762PY&PIqRY~Y@B$IQ=^U;{H;QE=6jb+?4A&~{?RaMADR8pASu1_7v zSdJk*1vK5*d;_@ zl6fOS;5bf=t>JJoUgvmSt-!S@V+Lj+iSn7sl(%U5WeTMdr(<}@NS9FtWxR#yrfW^e z+BHQuJ}E=X=-twjk^OoDac#<=NbwXzTkvIl7oDzh%3L-<`#3^3)`XP`38uaG;J6z^ zQ<(KmYsX8NQ7){8^@qOZvN z<0+`c>rPPtiBI0P>dA*KAK5DWDk@XzTi`rOhhy?2?c5$TOa_ruproRAW}@Ac%Kc1L zeX|+{m_%7Z$tvpj0lWZ-6o^8C0py^XVp3)Wak^an?5Tzj8h~=3XoIoQRo^Gt$rO^Q zcfa}g_uqa}w_;XI5=V9O8IUu;ujS2T?v8hiTQQo3v^ zb~J4m9&z?!M|HUsQfwy5+D7S6Y~}&sEWsGojN)Xi{WRw8U%Nt~OxVCjTL2adm)KuEfVw04V+gUtUoh-A|H&AwVOawV+ z2RRVBmvHRQm*;y2$Qr1jjC_R6jWd8{3oCs8Emw_>Kxe~5t8GKW7NmXTZdu<3tSm#` zc1w&RRD{kY*f+d1YpsT$k%Xtl0;D_KY$F%9qkKztIa?@g*0?VkjX%dK$&z4Ewv*kE(DQGLSM(?P%EEz3S`=zW4*ZzBNg^#$;6jb?r)N8=<E{vxe3Oi4345Aq0RpiQZ?Ik`vKV>!a@YT_OnWpI;hQ4KkaFKb-F2<|Z zyu?Vfrk;;CgsuG`VSDryi{BWP?>2S&yzrC!A&vdtvOFDhw*w zWekELrG=Fo11cf;cJ;IA3P!1MrTilEmM@atJQKx(+H47fg)6Mi$lKpTc_1}?@#ll{ zi5CX-vL9hJ)Q;K-BDfr+&&v~_~yczour zGctNHs<>B*45tBWmiG3G%1vZ*_v7jN@4x)ZAq7SHlo06DLbs+4$a^{kc5|4P7-U_g zT=*EU!ErUZv=*zpSzY#JcI#q*j2V}Nq-O+rx{9N*;BsTSoj^Y@I(W?6W(2dA683*MzM_((6y1#f=`~RxUkjVAn~p;i)V% z^;(I8X!GW`Z?O1O?NNqNZ)187f$DOTPEOagGJ>z$Y%>%4_tdmK;{QZ%7=5D@4-b>; zD#4>Jql*leLKR3{a%lD^=w`Z+4B8#*ltk{tH07-%_I&$0tFMSzZc} zNk%0GN8HUXI=X&yC`u+YNf}`LnHmM0z}l(UIZZPJjxiSBw7EV>A!DY$K+-ZP>l8Ql zM7~U%9eE%T8Sw}TN0wSZ$dP?%Xoc!r#%p3x9F=uV!1pS%YgXN8Bgr6O%qfW0QJLa^ zYrjh3BXsk=?Lv~y*7^v1Nypv|*w&0-atRxyV~_}4W#%$Mmn`p0F6@yJHmxQZRKpae zB=QWWDR0&^@oy^Lz`|nbhukBnb7#fGN`?|lB>`oqWEqEJ*-DOrR3-Q7?rbDvJOjer zDv4OPr#MnRHlip>bXlK9l@q%3`RQAR8P`H6CUwDuiVH?mk<{hMx_3XHJ-^u2O816#k#!X3NPn-Mj~EMqV>@P;!JN)iXGdgj!>sT(@uKPWnDO%hCU+| zhB!1i0+_2quQ8~-P zxNf*CR~ti9&a^3rLW!H7bn+r*3aKd6TOU8_3Qi?}Zff1E9Pl6pCr%6|diJPU zhkOcYM9KNaRzfnCJ}FZWwb0E+Ni`5tC}7Lx>y9fG!z>;OXsVrnYnyzjsjDro;<#05 z5UxdF>!ysOtXM8X8tW7){qs55XO)tp;w()|4oIdY+2bmm&+|yHgsUbH(=!PF9T{Aq z4>p>tx?q|#$r&H28&UoF(Hb7-?O5prxG>cKTCK2li~75<;79opf`2_A+JI1D@%H@m z)KIew?O=K9h{3&m{lkxY=OSE1jTOMZTCc^?ZN+k6qksI8+cGeYVEWlCc-gAzAjEw2c>%4;@ggDg_CWhAVAR zR8z8&u}k1KOTaf6&2;JBdd-MsS%{$(STN{a4M?)lFCHo-#nQ~4H3bx@NV*;SmDNXr zqh{h8E|kg5tOniXs=H}Ds|;9t1&xD)$5iC}I2<`fUuL2qkvX+l5QnI8^?rmSiH=^1 zG70IeBb1C_`p?9J6eqM}#t{`AxNR$vSH2aZBh-N~8CEn`~N^4FJLXRYBJlfkPC+fxgW zb?eOdGUxjzpS^wk;?-B@UCc;1s$Jvgw3HxZVurL_7hCmoIi0r~_%}xg0c%Ax8cI`Y zuCNIZpm^zKH3M#RX(Hn^h0<;$%|ph@hJjmYyN*-bGx31k9WpmbZ1nqZ-ZWbk3-2Pr z%P)&hD45qNcDDSgR>*5MF4}mjfh6M@a^2={I;Fdu5~qa?xim}X&l|Px+?mfnk0Ks2 zFvT75M)ENE4&rA1E()_s4!8j8JIx9w<#jqgJ-z+#}_g7=2e$1}XVd5XGS9lT$9Vh+O71pcNkmGp3{!LN}`Fh9T6c zpsTg=E#aI`RWb*tZM}!yj{ZP&{n@BPyrUoP}O;+>KDGn16QB+(53(q>;+V|<@^Vv!w;6X+S zsp={MLZNHVX$+`+UGEmCz^kZ21V)!qW}@q#chZ4kC>0^HN2(c>%B^^$gsHRXzBhaL z1S?`lcR!x~^7-$-Er(LpmNLUsBrmWQbrd=8oZPtU$+f$PU;6#_Wu*|Dk}B9WAAu^H zBFH&uO)(+>)iS>K=5H@{&mgagNZUy5kv&})=bZ*4oiC^FKYscC7YCQKj^YxT%mOriL&*OBSklX;D5_8&g}rX30?B;s5ZUttEzDA$-K76c>C86 z|Mr(dz+ARIK%FBe2dHX{+sz8x_2k-Jl(YTC_y1jvz^2yVlyJf8Ecd{s%e8-7uPq|l zfA=@94kCxVxb!(&O=k=3339^!|tG1vlKU4;DV^@ra)>{jb~ zGD_41TV(S``n4RM=gaAv@4kNzb+@WYE7f#9HjN@Q!e+`$E@ID@)2E-j`s=GBl7*4O zu^WR6dnAkH8uNM6)upvxrhj~#ckdn9XTUL&3f83nL7!Uoqd&Fp{+M=OxJDZqZ9vFr z)yS}OwH_$Ic~r@()e}4sMw);~iH=eaIVuNd^(-ToXh-(Kv-ru&nKV z=Uo6y_mJDsZ*OE&K&>)HHO>R*-8pvin4Dbz!qx-QXfZ$!+}QjQ zMBS=lqdqG5UQ86sXrir_2$iTDoxQ<702u?(33pC8q>T05Z>z<;lUzjk*bU>;U{x=J zOQ5FFf_2jera|5H!$^RWvI8HDaFF4Bh#6drYyUFyv<6JF0%AzYex;MXdo?1*y|!N4 z-P*tnEjAR5=W}XNH4ieu>rBJZj*=wSG{+u`G%8$8N?sVwz9nKXQbdQL5XLk;)C2J_w+#W-ssJG01g*eD$>4BThfFH)@OGpi0}x2M>~?o! z+7U@5(UMc7l2ATM&WBNJ6bO|fY$^|APl<`CuYWPWXT>qg0$T>bl+$O268A64aNkK; zH;Z3Trm|F89mb3Z{YTKK03QajX1i!-d zIl8t=H8E4{lfsLLT)y~p_y9sC8vNFstHlWlweTi4hd|Rw<651ZR+To2QvLbUH2~=j=dLCC zU?q9t6pD<9!6goN|Jo}#WmE62oqd1^o7;j?@T4{%J^9Mz-&*?yJPs{YZhe1{j&53a zJH?7QF|T_19Hq}7*H%fnkZ!c57&B|eD|QS{;1^Mj(u=NHP0pRQ*DDHyjIf79j1!bf zSq7?XmTC3p)EHkeD(W(*SPXVC6#)z;_v4UAS!^9%7QluTUD=tvzgL5UnxF+7?O$EQ zEv5OG3Gg{nmMlRoQsruF1?2i}@b(SB~!!D*^T<1RJh2gnxU{Me}S)7~?)oc0KG?m69;opkJuk}~xgO$@K%u8AuM3(7nt!VT4f8fhT( z)5>n*)-Blv!$omul{4g9UDHZ40=aEUdByZ?0y(5TYX1UnNg z#YAl#IS;aAU|*ZulhVh9$RE8TidzrJ8PcgGC`Dr^`=cfax9Q7*@|(&9ZYJt^o=zRiiKlwwR$-o!BXeNK;G{mTv8RE3>J#%tHaB zeONty#NlP?jQXRk5N5B}NSWi*po~S>y;5OK-!*bnxGF>XdD2Kdpsb=cDqXQmj@>;( ztUVD+91Ni$8QkpwU(y1*($&S&sLCED~TW0m8s|{9ih0S!uKqvqcI-f@guV6|@T+ zGkx^@YKbV$xXFEUtUIO7v&j1TeixhHq_=r8D=mymU3m2w9c77gxPTKC+o6B~7m=Ov z$U!u%5Vs+SFcffi@EO&1zJK!ehi}_A{heRGdi(Nn`tEf8=YPKX;Ull1XCy>mRCKYh zx65AAe!EaLPx_dKD4r#YFWVO40+tTAq7oVj#C+NP%7!PFvtc_#P(`}8}Yz< z`kwQno>`3*Hb649$kK^!$(>VVKYGsQh8~f+&_RCSXo1SS=wfhPU3Z=>&98BG10^?! zhk&mLb7UAVFxhNC;ERoRffi|02!-DTkE82 z)FO5tygH5=c$a|xCoS!+$^`bV&X3q=nluqhZX2>C0bfIu>fpsts?SUyU*NaTz&4S) znK0EulGSKJBzW<{%}-vl*gbM|R0FCkm1E}?*mVAB$BCqUX)DK2ZOW&Bxih!zAU5pa z1`rNp^QTs4_MNfPr;O~QDuR(iXy~P@z7t9={;=^&Giy5;XQ9VUPM_4(8j{+R)OnTa zqG=hqLG-rg*9H`7Un4Z{1Z0K~+7&V+?Y$E1jsP6O)8(~4BexTgo*3`ny}H9fS6a*} zgc}m!DQHDXU>t`NWM8hfbZF6<4B8q92ZYYlV)KRy2{J&1gnoFw{_kz&qylq8ZZI)W zN1aDm+-MI=x~wze`Sq<-Sq=0Btg21}wwT)&?9Gq9cnVwB3=_%bzOg)%LUE}p@(~%5 zsXaOJst~-AJJ{I_DMH$%?Bu>y&WD|gmB(vE;#8!7XXI@HszdJCkkH9nHl)YHKN|0m zTuU3FYuE_$s{U!y5%HtXIKTVT3J)_klrbH~=1>(KpPmv$9qFV|nY}jEblSKoDSZ>r z@6!3Lmvg>lqvRPqtO2Uc1aKI+Z*Az;x1xY_8%$q7zbIO9Z;G0t1 zsCR$bXOKQV<@p>e*diI%%z%E+hIBmWM^jg5ZL+C71*p0JihO+(B0I)L6P9gi_nI+ zvK>qw_A)0rE8RPxG8hV2 z7+J9u>hsgn%QvU{y=J>iyy5Y&bUtYff(pNE`mb^SKDbM?4LEfqhiY-KjZ<@+e=8ZF z#4H3EV^Oe1I%a^ZQaStlk;%Kv8wC*iwua_pHP=2v%H%c%Po~7SNQgW&?3KD=^^j|7+y(9@w!El*nX@k1^_y3!}dHX+Kw^U!YH*fy$ zi~ahci8uD-?!{Q+H0#w?&^7(v1D7acWf<@s85@sQJ$k?tIU&Mir|?Oxl9jXb`3S>- zzM)!#9Dv7Jf^7y#IzDsNl~%qY-$NG@d%2!70vXHR#8~M=Bm_}L@03Qlsa&;8LWw5q z*g*6KC8Q)1Gnd>JI>9(55hrc(qzii78H$(JR5M;wDp&xvH>UZltvU{Rhyt`&le_>9L~X^0cw?AJ291@Nk_c4i zGA{!_G+Yx)ftX{KeAhxD|ISr|%421l=c!~=MRkBqCWB?d+En(;lbcZ{88nP`N}`&q z%e+h^AY8k=z6xTgT%)XO{m0WkUevc=pZ*mL#m{Gh#X}={)e*6h1VmWLYZdZx#=hbs zcHAFz97Z(ZAyeum=>aX*^Zn)Yb$jvE*KfD);w7+pQc!eP$wyzvkjY8SSB=|;ZlweW z5DgOOEMfJ?S{9@F?dkq<`u4>`d-==u?fwgS)-21JJa^=a)V^%c^+IruUpoTUNWyER zXJ*nfz2P(_zH_C}6ILO7K^BSxHBYjO{(mapy!__%qsH;hMWJA_)k;8bSg}?gm&wqyS4;=CW$Xmj3f(*gNr|;8?mnpw&UmPdN+Jy?w zvu|F;=4L6E@+CZK<}>gdu37+jfI}n`GjMpB`(PPMsGO7{YGuEyT#2=ZT?>EpXl|`S z9GRnz^010`Q>iP-&*sgu3nWkqSvtywEyH5wfnNK(x63s3xb!lC#nF#h_~O;8_WFyP z>x@W;R&CoNr_j*Ek>2ko);hT4Mgu{oq{&q!O)7fVQ-&Bd%Z%+68YJ9a9IUH8xoaR?1Aa=7#b>GDuCGg5X=3 zKbKPv8B?2Al2Fn*IB9#+*D{GJpNNM5L^Fd);$ptcGKd^`M>5`1PZyYYX|WF1O*9g- zyVAMb>gs|2sw5q8DuDOHW+WOj1?$=*1!6{Nk+Uhi+GH^*B@VsK&ErfUhA1c@S~47} zbpo1d?a2aDLFS;;4Lt}lXb+o$DDmBGev`Tjuz~pkh$ZYF^9YzelmsVRmw~m?S_10( zy2%DQjI|+wIm+5)=f9x{k&Kl^3W7*8t5e9Tx^1N|GMAb32-*pYiM;ueiGNI29et>* zF^Y?Nlm%6e5w%x$y?u~DzNaZ@V$<_)(j@_FG+zL*q^Pw=@KZED$SCL?pr1Cn%9u1h zY9>W7%7cJhNtyO!#~Xc@WKc4Bo|5Rr_>JqduC9tDnUk~A06dlziDbpU0S$97*@u5-|v1r{p!>D!OxHM#jOK5 z*rh5lc}&jT?Te-8t|!;-diSTxDgFG15B>xs+foyqydF_nO(~3C#|?C77w4y^H>b<# zo6kOf#YC}~h0DA_E(?;}6bdI)?S44yFQ?Dj+h6`3np6v=hDF&VrAAiLoRlwHo-iLd z&3kPbGQ|l?f3a;w2qa}zvWHX|!G9DODSJ_~*MvIl`u=X!HLyx>GDVrDXr+WcUrrzX z_Rn9v*>`{Rn#;F+@iFcEEV%aXck9KatN-%HkG}d~|Ml!$RRX3)jeQfd4Gv$$Q*@d4 z(M`o&X-evKojkCaQy6%~ksgQ4hPGAX7&=6^eGk-_7#W6I6Xb@Aw<}Z&tOG4OG6plJ zEED>>l78j)znp&c=1-q|f2jX#$pXN^8Z8(w$acH;j^VB+*X~-n@S|UT)c zp7 zD_yQJ&pKUQUi{tL-+umT|H+ySd9DL6O>DLD?$4Lg7hin!#e4fzE)xP9K=6|hAYodK zBDnMA^hx{p)uE?M>P=$zPd#uEbCI&|DMIP4C)e(J_a`77c~R1%no|BGa#l-?+%Ojs z$hM4X1&&eUyaha0G*+1#xDpVtYB?ll>Jw82F1$mD2va6!*&nn8j5QrmQUaFN)@A^> zqLxvDbIvS=8=W?yEoSm{Yz~q^dZC??o`J-8Cx!2%qncGxk_!rY2F{`$eZHNM(ohOx z41h$>WxIi>a(;SxeY(GUb=f^V_nia=c;nmL%T%BY8x^G9?@~%+)PTw`laD0l?wFXD zm$k=lTc=~9d<2P7U1{JuTV%qsg;2`zY2Hx9L#Sq^#wG%N1yxMTdcWsc5WZ;2iS6Jq zam$Veh#qpe%yQLSm5BCked)W1#N#mEwLocCHl==`HIWiEX}NKd!+dZZq`*msf%XlT z?5KSqNTYhbzpOUf`8=y-r=)oX4K#6p6~>^qc|%Gbo3M_Zmt2lEZOe+%l*XapEA93a zEv`%{>-@&KCwk*#fGZtk+!pPM(%@R>!q&l6(2J-jI0(u!-f`EBRY-$#w)KYY(W|MQb|=Iy`5p^!l>y49#}E|mFF>{!jKnEg(W9cCF+ zI<@G6W4M&F99-Wn=ERwKo3bgcKQ>a~U6)-m=Y&q=u~6i2^vkMPy?8RYea8ei;@!r1 znrTL9)5eam`=WV#8HD;ZD)cLr`Y0>bs{Z}RcJi}YTJ=8q%dF7z?j`;VU*s73YyS6Tb>|c~!rTvIR3Z`EsI^dXv5}C$ zj|`Dx8>jYZN}a=MDG#fY?x3pL>*++oMa4I8tL2%K;#20`a`!cBKQ=4pEM*wEOjUeJ z`Fa>0nW%&-AptX#&4Hs#JIooBj!?{f^=`XDq?an9P3J@E)Rj$726n00zA2YMt#b+e z=4MGLVWeAcN+ugzt-ZVBemS3$z*m+%Z7ORTT(vrDN|OFQy@t*yY*wUk3ZFvU%zWmo zr)LtA zYO5IwUjyRWfEodt@U|~ssykR z0*jn&TX!+f+6dzsP}l~yrLh)y42^Jy@?Q03aw(= zn5&+>Zo50Idr6>T8EHDYZPvZCtsZtv*V^VJ6jT!JDD^Hib-dT~%^ZFVOrZo9Sw zu;mL6x)O;g`!fRkc_3u$rJ;4x*@6GwI8o{@(5$3%S#zKn zKb`|9I|(9n5~#&Dd8%54wk5rM$ldl{smSwOecLMc1ng0DJ70EhkS&x_o~%ZPO!&S8 zHEhX~ z6v#?&qqL2suJCxI|7c35ceZm?*6!9-tVS_P4u*FS0PC5`5R!`$S!5OSHR1)4q$Gvu$%qzSOIjkHJvGvqO)TCLoT={Qro;0^0Y8nXbq2x5FC-Z6{_#d+EaomnYKM@eC>c74E1 z2X;({{@$G3&&B|S4B$50%fgCn(czH0`uez<4-P`AizNd=oo`HBfGtJrFA7SvUo;Su zBkd;cFrgbx90wyiJJc|#{UjTwc@I#KQR@=|SGD!SGIi7r6c0xn*&?(pc+1>lDjf?d z+q$(-QBP2#J@26b(H@EkW(7VY6N*HXT4u*7y0&V?T!&UPe*@GJGS)PbDH4L7i3bD{ zAdP_*R+(frcJ>rMT3%ycXu#cy9<1SXM5|g4n;-xzq+8DQweBQf1v9w7?6Da7Q1w=| zUm>es8m`oucQ@4gmXJ0E1&V-)RCv3@R)|82JSs(7gNhnaONwyT!>+l$Nl9`dl(Hc; zkWvEk#kb>jl4aUBEg2S1!k#btU1BXWkz^HgvOzistE))6nK}+>B~1deF!dGJUow!{ zxOuhlJbbPNXa<_R0XnxETj!dO8aj|Y&`pM+6}8-NDie#az|DazsKAsGt?$}2`~)f^ zrOkq$y9WR^D}OlTI?Ach5(yNC;Nz%?+)aiEkTetHWzByxRODTSKHnHuK)y89H~FZh z0VeyfeU8p|1Slyr`4bJo8;Wa_<_uUYmyJl$_#5W7Ur&@n7Z%_TMHFoV4N^Hyr<$Uj z4x3=GN48wW0U3&e7Qc^^;Y}3AN*x&r)(4*%IltFRaiipW$;{zc?H;RmgS|>JDB#73 z+CwHJt-P-DC$bM96xjsFon<{q3h6bCyp@4=d7XC3$<+2-870E2oz5tiChzCnSo@jM zqqD(EV9$;)w~rjsg-MBJ4MhdN5=HFRd?{@U&Syb&52Mkha2Uhx>SeQ>$u-jeHlUr^ zuL9O~EG7L03cm(dSO>YG8LW;}P>}~1&=Mt>LhstnF2Z%Y^;J(8rg2!VO(!6~)!m(_ zZD3_@>sMl4&jMHK#*QO9ld6)_apR|bL)Q($VOD?#EW4o`R}-1Zg=*Cr^|od=#oV;X zCZvpHSbfjdjodnSYtVfFaFo`YNur(D4f{OY=z8tj7=UID6t^EopwPHZ6P&t48@Gis zntkm3Mje$6@cy=0R<90|Dd@KKE?_4po(qY^ZcwlT6T&SiFjNEK1^h1SF~R7P~mh+2s#Byqi?zGN0TfStL=1)L`4&|GVsyt zXtFD)mVv#)dgaL9%{d1kx>)082N5`~jqt&*A~ddSZhPH$^}fN_m4QPFi25t1k2-8) z9Dp!`ZpzR`s*;iWyBh%+m&HVy=}Hly?RvBQ$cQHdo!Pud2dom-AC{bwyx>A3B`sPNGve$sGly-W@(OQ5Avmvj~Es3uGSGbZcP@4b^Zd0x*CqokBhNpZ33cc;9;`vD|Fc}k9D#t8q=uNT6!{a0B3u0 zLTnLnaEsWKR+iPh-OjRl#w3!|6cspW2B4uc<@EM+T>~B`jH4i3g2@{LLRS5-nnqVP za&iaiovZW1LSfdT z-&%Q&F_i1L_3g@ zFlQV`Ef@9o^zGZdLdzdO>D9UwHiov)oxuj6qFI$;ESGK%77xv~WlpT8 zMF(4f6!N%>gV~z4xBs88H|>_BDznGGO8dsFnwh$4ar|GRpfQ4k8S zDB%LlcmJ(;_K7pZ&7|Kbw<6<2#2KGqKYQ;xPz}vQSWo4i-C(BdSeVU(B&wtsC}V!> zWUNF|CN@{UOCx|LLe|4(sMTevZg9e8h^hjiQ^7l!xLsbp8?hR?cu4S6 zuyB-g^+S1S=qtcm4WI??e0O^D=tt4JBP=fp>R)-aO%Ky1!2z0gMPe>-%boEzrX96G z^(E^p8le!)`Zv$wR)}VY4JE8RL^N4e=!bZyTaPtIfZUZ+r7q2P1+V|mxtmSz_Yme>;N^zE>3k2QU?rJkrD7p#TBnjyEGJtu<@uio9*h*qm5DE zj^B=!5Yq3>k&>7nKU{E}k3AT{=rnC~o{Be4I}YEvOK z<7C)DO#;FuxgL`}_Z=MaX>>G2z{_Mj4=Mz$ndR(xe`Y5n4=ynG{FDBZc_MU*P|Af` z=$RVCW_OIuxNDrqfsCd7C{}rw>)AQCZrqm}BPcfMwoOXoJ2~IY=aCtrX`ic29VqSf z49DB{kL!RsBSDJ<8fPMr_36>WMoz=Ak=7Pz_pvI1&+69W`gv?<2@5TI)}5qV*zv|O zBQ$ZK`I?6TC`J7omTFP8hh-U8Y&Ol&ZTf7b#j8M&Bw@6S~W;z}9W!Dx^f#^`Z%?Rzy5Mi!V#~{Mk=4 zeKLOD|LcGM_ZPp&U!{M)C||x>Cim_-kdap?TxF4OV@)ApdfV7YyeB@&iYdSwL+^Tk zQ|5r89H74z6c7~R(6DVN)4ERsitC~%&Nh_s_5l-rMtl7|uv3s&YJ~qSx24?CX~L0Y zIiF@nljm{=4;*QI8E5*(P;szq$Jq7v=^^q2B}3LU=b%s&lwLY%x9OE7Rt`hp6HV@A zkon+%$20+7TTZ)`m&jZnMUbZ`gP>!rl5?45I)tXT6K!Bzt7+`TNLkrtRbUcLIG(SM zHOxx*mXeaeTMl>Hx&nTmETpilYMn*VSl(0hH)@#C2GPJxEp0<^XpP!H`7KJ-+rN-$ zFxTJmXqi&ae>^>W`I~nS!lI%^kK$k*G7qaGLDzoqykDdO(D>HdUr{-oHp*#Epn9s` z0aL0Z9XBcXp47QJy*yn``HlBJ``tmF(y`L2sUr(+$#7NfYrpQ-wkF>EF8}qtLkAd>AXhB3&2Z#41JSHl1p3vJYri6u&#yoJ+owk* z*s8+X2K~zuy5Xz(&F>H2B4P<3O^`W=Rel!No{Vc-8$Z1J*MFmYxlKTd-2xWECM1~P zy48ua5Ix3i=gQ}d#19gnTGHDcg>pH4_w9Rs`TS4>>9s|@b}%-DweFR!!STdZ5`q2r z!@nOYDR~Gc;h0s0m6e%{t~Fs&y1F&;#@Fw?`G@sec_cPppW=w+a|i6A4)J_Bz5987 z$m>l3=`0n@REVHZJgS2@Uruj*`0%Hr?5&KR!y}H|=T-KWuC+>4x=KpPe|nivbIMst z#texxUr-~{5IF*AupkbisBMf0@G2TLfG(-YqYA^61LI-f1x1}Q6)y5E&Vj8BqQM&t z(aEI8t)n@xy`gRy*CL0BIr}pf)I5 zJ{lr=t#RjN{Eps`g>elO9!Dm>5ULHp04on+c3y1)k%Z!^Kxb7;zN_h%5?2-LsTZjY zk}ntyq4KETIa+I-SjM%Tm1E_Wpy@$_q60`U1(zBW5YdPPW(8#&Gfl_V=9+GFBDK*K z@6piq!fn|1C!jUZ(Sg|mtrE4&`PomS)DlO>C(}gU4ZQ+zgGMD0B}OA5Y?r&*2oQTP z%mHH9N7af^`xybw-F{b_T9iwvg95<=dL8XhS3RGnoul7B_6XGR`kW`}6#@)ZJycKem!N?z43#Vcf6nH&<*2x6wdHa z)lNoycl!Qx=$!ridi|FN|1X%Sx%056jlxjwt`~l!Y|p>C+IAQ9 z@CE8=5{@a<<;z}Xqm3~0ZQX(`z=vweLz1&8!`xwGfHf!rS(Dv^V`>r~0{yMe_GfhF z-{wHIbZZ10pNQ?YE+e$p<|{<4?}!K11k^e`nw;!GI0ctIfInCF7f(%(CyD=2ok)l^V*BjWz1dqvxxy7K`Vf6TG2WXg4k4lQ}YYcKQ?PIq|V74K( zciYZehcEpadvNiN{eMEQ<-8doSBst;UP|eDVVJPYfQc z#k9`BzU=EByaRFB-t8P!HVn!!oc>SM&|^H$KC4fD(I56nf9?BU{&M~2ZqdY+NOchL z2~C!2DP8D47Rb>guu5Cx)P2!2jHRtqA}Xsb0W@mVo9v`*UNzpXd*_e#Gpcb17j^_c zHU-qGh`=Au$92Xvq?zPj+EckqfJAsaQh&y4VZs*BwGM z?Qz!>i@_Nfxap}%Ue{fZH%SNNZv$%PlogFlV*Q*>?GC&lCut80X;Z7>yjZpsVWDU| zV)n%V$8Vd$f-hQ#$7jc8km#w(fk75dv~=;QBBqCNfDS$>&6YOb)BG4L$;n{WtO7tdk(=Nw(juc1T>Lm0kCaNyDF%) zPNYwk4%Dpa5VFhAot4N9n7GcwQBDAKpQIHSAmYQTS{I;4J$WTTE`?$>A}Ro%*Zm~l zcjeT=>DW-k+|mD89vYWuV?+?0?np|b!O|i!*J1POKKn9!@x}K)-f%>b*Hv|!n z*SmbJRH*=+H(D4Y3uZb=B(RQxpDFEh3cEp`3&JYORuhPD3I`|o0i2R0oF_VAeZGUn zuRRh*TzR-)P>0t@IU;#NIO3Lte{#cri{K7ngcuc;itt6yu~#}>_id2Cqt_(qG;$I& z^p0Gp!|(gWHt_UWWiwKQ$?=Z73i5FHYV>j;MCI3w-kw`l$e>z~?K(QPd}?c3I$aql z|MDs-W2^JmY8^@)MH>ZR4%_s1$7mK0eqPbFMo3C-H_dj_7Z3cTzkD-&$3IUq%+%%@ zOkM*Oym;>pXO%!IOFCc{5H!o)Uq9J0S=E8I2SLlLc-?bDPx{Njo_zGm&nYKR@7RN9 z+vo@#Fl4(qDQvY;TpyPm!~qhYO6W1sRKc4@^P>lnHB@1^?#?bRnDB~weZ`!7+(v(| zXFrXpw)s;!<dQny@tR`MxHbMx z*AQF8)n`9lPQU%&<4+s?o~uzJOhU%C00T64z{g2#dJKO4bp$)P1bRgyKjT?!N80*h z*K%C0DOV95D(%?p^X2sE>u>$zy<@yoq{d;Tj1+N=mu}Y@A_|wckNV?(hgV2L3R z`bYGG_C+en+$Yo~a5%M1ww#+h$O?b+Q3~JVLG2qmTGaqyY*D=4gv43PLQZ{MCgE(Z z0h70osjF3h_~~-`>Vr>Te|w#Ki9*=B`YRq&woM2Y_1)>4Z%&uf2Y>nYn{Vc>c)IH% zLyv;gK=&xVB!0f_wl}`}>f7%Q-62uD#3*PF_6}DDhsbGr&u_l^=HocuM=PInWCP+; z0a_S!hdEtNKm6;B558SGakpqKATP981}OIHR_@TdK{%vg83d`I!6x|TEWq-*oL;^7 z?!Vty=Qx+K%#{czBqZQp4C@dPGh0uTXYi9_rSs_gGQ;;;6s;kGL9eeNzvj=EQ~B!a z@aOeSVyu(QhQj=e6tgXzh-e=IhWUXg76f9s;&!Ib=p9punjle*2?Qcqnnr1GzMMY# z;q@1PIBXxW$Yy3~?aTt;#5F85T&3OP?H8Z^aOhd5{U~V>VEWB?j%jxs<)tj#lZ_Bc5dO%5;2)JZbLN0Jg{OZZIUo}=x9t>lt z@j>8^PnJ%PRA1U??iJu#p4C}+Y#;wU_R##jVBqG$=@PQ@QLZT`JPCq24MD3@Pz5Pk zuU!gFeWw62E|QJZUgyjqJf=5qtX}^-v_YRI$Nj|7C6>RV z9*uUPs@C%11X*NCav$FC)t3OPR?;uiOkS zAud^~EOHac4A1<0?A12o$XH<(18Xx+wNbT~BAUv1bp?rf8EfX(dlhXEid>JDDC@#T zd&Gb~8r`;Y>=tzQu~+-2aWBy$v=J7W2CoVaA*{PrJ2oX&8xTA`@tzMjc3@woWmjcE zG6pntrP13Qc66bq%Cd@(B8A*r`O?^&6&rh5Fx0jqDn3=p>UCvsKoJ(=BE2H7OJlujVw7O8Rz zjC#sh$s4nk+UN>?_~}!~UiapqE_&ux9qCeY^%$&NTrQYEILb1_<)Eh-vgB|4X0{hvsZ(F9x40DvW zkRjn3Xms2)EKm~oA64X3`y)JbrYbSk4IOj0I%)dY2xW=!b@7 zSQJ((DA#HN`Y!KD=J{mZt#wOoMh+PY%qTLqji+?1se+(7L-AV3VyX${>9FV2R$OHo zMz=QJ_BnYqhB<_$s!i{)ePHcA`La~498@KSL$Nr5N2;FhpL}v-JmOAs1tW+eRfHkd z)*eT3d@u$b;RRCY>RT-1k8T?uqncH%fWAbuR8-UJ)UV!13CS)L=O~-ux!zO9*I$y7 zOdvy|dbAQod6(Y{0`M+8b$WA&iQaznm#+I1$aSGg-bh~_)J1fEAFtu=om%9 z-ZjZ(FXlw=zG(K8y#=)way0^}BhM#N;qghsVWx6ugCK>Q4u~4`Zs;v9IA*X{YSQ5_ zz%V4l^8jCkY|f|_HU05ZtvWy>=Vswfud{J9u`Nshn+>ICfyuLZkB8m-3a}^_3S)?!Qq#_1wBAis@qv-o5*(okWg-VN zr@|=G5ju0^Y8T`BuC{*g*b0dR52cC{Y%CM$gL~umNym&nYa5>$|xJ`QJP@r;OafP-LunT2#46^WMj{|fD2zcdj z53<~v4dAFQZN9}uHJ)bfrG3H;;lp9{hSWMV$d-aI<39(_6v z;6i(4C4VWa+H?)BoQ*u7mcuu_c-a{Ac{k0$l!DE_AAkSN?_aF%ANUCU zR;t!Bq+D%v#78GpJjlU^m*nI)V2y2FGx*A)Ip3Y${_W}hGM+ZMJ~9H?)!d=gZYs>8c^dqxMmOJ3)ZO zp5A8_)2aoER)T3QR_~pzA*F_^&wjf8RM_87cg~+mkz+^xP0WoMY5#4vybw0Zw2x#Y ztWs>OH5h&Npb5tX?Gm2rPN=lo+*7li$Cx+zAlMiN0=;1;phCk>0dwBmStgp`2zjMq zccL!W7U(u|C?$nvP*oE}ixfMgDD%QW<&ylQtW(HJ4W?Ck@%2j;+&M`l4~c$iMc9FW zck?c>e_JcimQjq%n74jyw}Nfez)<3Z2a$=bmR)Puko{g^(~(ld&=cm3%)fsek9oo| zMHnGX)-DCRZrklPC^Z_ye6;tPVM9pTG?_#%6`=b*8OGF&PW0LV}N@INSFjRcEN&TI5!3Jsi9Y5X!(#R`Hf&9njqvJ5)SyAq}Nh! zZ-fWYDh;@u+McTVq%p;{Nar@(?m0mdgd)lWYX@wcq%qDDm`QL; z2xYI#9kG$bbB{L{8I*tCyJ&fm5P;*-3+Xa!n&->ygxq!xl-O}Ag>=2~>O?_c;mQbQXG*(jSy%Fjk zcD_IV*QyZK&X=LsmhqAZ-^J0OPRhRWNc(UW|p5{Kce)U05b#IDX6Ajaa2`AJeW zbR*3Ili3VVtKre~9McC3w*+;N(hgc|C)LzZ{o`e%tsg;o-O~4)B{7y-9|Q}OA$?6drHFg6EqqG$=mBcg;F%@ug#GDFvVvMaEYQ3 z=P{r6PoJbFras@Bh(V07Kf=Ne#ax`XxB>Rb8+(e3l+yrJqTp=O33G0jjk@w&8Qea+ z+wF~L#3N6l+3hFqOS4n=fe6PiO{{UWOe*`CCkv4$P`0KRgtBA`TT%Y+2X~gArd9#P zC=N!5>>0%Y`WgG(;sk4}y{gZDJe4oMdjE$*jXJ9Z?wn9EuXWwH_UnG_*-w|#H-G*1 z#YcyF>0(uZFP|z>DG(c&nTol?=Jc_17 zFH7+9`YWOhTKn#B7qv7>cJU{b!Ll-%1uptnsVkBx;z{EzLy$t~r<{A2dRS%e; zVwqWS{T~kEWo}n5_O!}_D766PjLsyJ9em4?%$6#HjA-UhVMa`7 z;hG?mkcG0=4@^^v^?d(iHIMf1ZDhC#HknpzVu59X&96(3zhCYa3{1ZnWpGxM5zOVn zh;0|2V0pc}`>L@BL@-KIrtQ$*`TivFGJSekKDJG|9xs!`LaWHs(Fl3Oc)ovfx}47Q ze2uRTBr+m#?Xfn3Hmrf*bdmTk6)b`X$_8uT#aW-za-48xRB)pWDp(o~QMgi#<}hcI zT_1&JsaEm0O)FIlEihFr2hW3+Hb6_<)@&nSbzZSTt;!e;t2bVe+Ss;$G8&=)NFL4M z6>(IdvGHH@^2a?OC{>^ip&i>p$-+SsLIxiZFp;*{fUUoCJnDe8k_1PN*J*WwI)# z*W?6Udor$V*5Zpd-g@h|2ZJ*R55`p~jg`4AYMsntdeX0+T>BL<8vX7cfB5ELg>r2* zPC$_jTaq)lhPXPek}3P%`>%rrM=0jJBwvtx5o6*+zyoXxE9!hXy^-GgYjQUb_7&O^kY>p~1DrIYd{tM*j5uTVK6Bzdbnxmar$2 zh_nJ2K_3`=+C9|2I$*-7S}en!6mr7Gt8xt3r&N|Uxf|hOYJ-aS^tcPz9_*iJk?ij< z{Q|w)uRk)Gg0DnB6SN8*9s%PF2AnFcAap34513NgB+bk9mqZ%_X4~`t|ZA*P> z^eMs>{q}1n?U+4?-YJ_0q{b)^L5Fh1q+J}LR9VzW?nUPtgxI=9f96EOiQtURwbdU8 zE5)q@;nqgqx6lx_1v@oJW?~x6l5bI`#%H!2>}=D4fv%(SUe ztRR4{_R_Qx076EXrr*@&Kqn=&E{>Y=OhreQxs__?(TlQ&jO1WUBPi5pdaZItW3S&8 z0hAVUs)SNi!qn`x-qu+Z=hc#^Y(#MCel>R6;BF2TgA@oLJsRcHlI?2Ndz%!UNO#+b z`x+&~@4$^uloQ({HC2)t{~CLsYcjvKy~q9BXFVVVbcl%!liZ>nt>|+f70wzfGgx04 z1vs*fi@+<+u5NTD!2b&Pa|OzpC6&OUwzVHCs$^~R^B+%NfB)VOe>!Y_uIje&L>GfP zn4V(udqG-fm_|t7B(~FZmk^MS<}Sd{;ohaPDiHMT4sDRX7Dh{Cdy2J{{!45RXq4y# z7XZRE+3=zS;s=TlrT5ItLMOsE8mdQMz3uAdUw^BAJyiCUqFb8H=h}=$%ZrzXe#${K z_ca9uwsXa##YSGW_eihspd)H!r1dK3wf=E8p3nxV7mbFn#r4*x*G7{RFDT>Jx4H@M zN%UD^;yCfL<=sJKA$Fnv+n?WRlSDF6@Lj8x{`lndbz@1u)&j#D5Vt=xB(}+NnA6Y;e-i!*P6>V_=0B$t=gA=YrZR znmk91uVuzGGDjUEo?cm%`T9GK-=mFT>*ER)@s8%`z?7rW7QsGxrcrx(L#=ed;jOFG z0mGp+=deI@<%rrSp^OOE-*Eg2Z8YWi-qKUT+V>yQWi|brf>o+%8d#RKCH9jx88?ds z2^2R8+%!UJ(YSBh2W@>1?HJSGtkq66GKrS(`Og92cr#55ff_;_4+x4HfYM5(Gn3#U2Awd;iVjn(x{pv zgp2tgF^feCp@qOp#Qcp?DIfu4Dn24qk$BNJ-Vkk2K>{BwQC4bguK&CzSI`^Suz zQFFlbv@8O#AMJUgzO~+`rVN~$G>M8%s~c~KHhM)M8lo*iU2CLO!OnlTf$UdK}jm1YSRo{j3{c4?&gMQ zyV5`+Mvf+o8#ljtmo!fMGS`MD)wbA>Te?S>?9{ofVl6_%D()vVl$s=}&otp>lv)Z& zni0IeZj@AQtVm)h(|wl2$;t_K2H6MaBi+n3_k}esALw!!Fv>~K781EDH&zmh;fw~Z z>7~cqS!!0tXV@Z;r`>!P_K->UL!~|2OND2{$mS{((JUeS@yTShcadE0QMUoyH4>Q( zIlj9-iX0Tf^-!vzm~-IjeE<9x*hlZS7mDPXI0N~b$4}jF_o!pb1+w;3Rblx0RGxvy zwNXuh@g|5usacYGeZ3W!G4Lm~fHm zRZY|>$i*+z$acs@!H|*AD9_fN?;F9}))ft%-L{AH?5DBcynl>c@@H#4h>qxob%iCT3$N48p!X^ z+!};gosSL0ELDx|{4m}F9w@WY`9{DMZIFp##&5ghf#x<7CyzFVuov!bdnUbYV4rAQ5whdAWFWKAUZ0L=luqx)a=qPtd+2IPgS9w8?F?3@%}1cV)H*xY z()x8hopG&kbkJ3tG2@xMCZX%3DBDoKf=(Gr@)OGLEOPw?y)mPpR4@W8TSxp}7ByHQ0+a}Pl*O|6cXP_-kQE3JQ{k5?bawK25rNl02^SiEXM*AWe z2!y#J!UG*AERWP-k~ZVKc$S~{$31(DL)e?-0b#L(UBE^=iEenIu7qu0z5ISjE^N>G zWUQwlC!KWanpBp0p{NEj8h7<>*j8Yl;SLIkob)QVH9NC$zpZ@$0hb85jKE@$mqCE2 zf;!)y|LfX)RP&rbk4PXxK4r2av&WcdUla|0j$mS@IwHXvMVzfO@Uh*|(TpfO5a1Ci zsN73>GXg0R>b)_R&<4D!q;szBj`ll|>}IJQ-~(;K?F$YPEnE?P8)mL@bqc3~RNN>F zZJxnGEtNI*=U;tUpao>C%jwB^e#Rd91=%OJs7TI@)>VmNL`oi*;^)0|?%E_dt`yEt z_Xn;hUcf9XT{+H^y+8Zt+T_5kP239B~An{sxb?<_Ir9x z!h;V;Bp46f;iww-X#0-c3Y93dW+amw>3@@JGN^52dIxiY+IeUIMVhusrp5x=e%ztV zSWKKsu@ljy*hbs3|8x(Gc#!B?sv56^pYevD?@@dQ7Wga66sI=+4@93j z40L=h628{%*fX$o3#pa5IULSH8>M0_Lzp}P>qX<_PsvMr*sYNy;p9AOZAX22q00R} z9?JxyPp5zv*g}+#4Z7NNtM*xvIA~~aZaAAJ@P-s=>9v+e>(K*GBLWsO#p|-%dJ&lg z(H|&$A?U-I&c~rnJP$Sz0of&io)(;oWjs0|oIq77)WAWH&tj7s6xkLln`nf1ZTlQf z+6kWd*Vuz3`bh%-rr6{|SZ*v*jSOJL{%;Iylze5- z_T5H#&=pbr0TB;)6&9t9_F_i4OV4qF&pI{TA1T%$782-g4fYlt<6MlSce?!`W0C6) z!l`Bh75q`vsg%yp$$k8a-cgzYtDbK3IH0WNJNYy|!5TKeXx!80CIoVW^m^$A=-;21#EYf!`-B3~Qt95xmxy9lxhi?aOENXy3>(8Z0qI|Drw zg2sE{D3CmyrhhEVsX}WWT2x2?#VB1}71`+8UB5<*p1=8Bcni8t!P)AbY&#%ztVP9tMYWEteh!TAkdp=V z45ZRL1*nqT&B~n!eEfDZXQ_Z8qqYYK`nvOZ(NB$0L4ao{A}-%J;t+r5W;Zy`m(z#u z|L%hi>CK}trc#t9P$eo)Vj`9l7FD^$py+b^Iu#W0NHaP37KIL#xBcJLs^mmJ+E`mH z@oBe;SZ(auG#A)X_2#8?GE70GIb7)$Xx%%!K*y6&l@hODz_fxb6}0=04N0sBP=-gO z-FGqn^WEwHe-P|^x}4q#-#@&41Rcfb4p5`*Uz&c~S8u=iSDOfJym-^Oheo`H4kI^w zAF<0RefaUqH`X!OnR{7?(=k$;Do_mP%PIWu^~WFMQLT5o_v471pC=@AJx&s(ylyQN5;E5$Vli{DVTE=_#St4k= zNOTFo+my}ua{BoDufGfH+r+TT6%F+^Y*M=F^X2r>_iyLF9eS8k05Db*oKwl5c763+ zPJjIO+rK?<5pxqGLm0^MgQ^~`{kmV<1~z>0$8SD3Y!b0LKwMP_QLhLsy4HeJbaiXw zH*ddqnb&PXG*YVwAp?mDEuYgKoW7ji`S`EDv!qe_0NA zhGg=}x{QCp)P3iVpS|(o@P&#gzXad#FSy~|lXu0ZF;$Lt>{QAYiTk~jd#ywad zY8;0!x8M?YVw>f!zxh5WjQg%8EM*{CjUIO(M#|g%gDk-1^zYxi`tr-8s$`J0mE&?H zLG+-vQ()DX+sh23 z_#eQ6MT^jxAz$(8^yne|Rsr&wjLeLLjzDmI-p|{}(8X?gZw6>8%tC2aanM?-`G9IYWt z$futYT?V3oqsRJ}8Eg@PcpQx+2im(%Zo5oE4-yOqdgF{4LX&I|9rj;a%+UaiivmAK z%d-5q4Mh(wRFt>IfTIQheQ(60E^hBn6tCV;z||ENz~su6^yp!wqmO`pL>J198ZK&r zeEu+gIvSb~7+Y%{Qi|VES<$h3hYe#rj$5ibz;f$l?!`|M zemWX@${xT=jMf@@J&&J~X?g?`w2gvhg;mHlDVs9@#>vI38cC{gwhfytz@5hc<{>;IcG{ zhA5ct$0I=9AV;fDH`Da|?5CZiR7M%Y^F9Zk4VW*ynq|!w(_{=$VGY_ZE%r*S2Gr~K z_1)D`UAzVTmPN=yZ+8Do_Bw8Bi@OJLBFH^Lqi?j311WN5Th-pU%INjGUshF0H9UXs zi?{#q-M{9R_t=)F<4$@AF9}K+?=m;pnV2rqy~9RQ;15KQE3qa|R))&WmAiOm@Px^y z&xlTDZaO+}x@jzJN0E@o;10vywsxqRT&~?@LCJuMyqFM2j=Zy!o-e2Kv(p*1anx;d z7j-k%kd>SmS-@6;g->@5yC=Pa_b@k7r6~wU3M;K?O7SIG%#=V@E-4nD_a7|}wgiZ% z4MR-Fi_>9n1ANh_C9m8XDNx&Z5{TZ?#nOFIy7Pbk_s5@5qmguo&p)}+ftHd>7N$Qm z22@r%{Q3U!sI!RS6-1#F8mS!aWEhZ+D>K3XE~;wonF_NR+W5}vkFg#>Qc{+opr%Qk z>3F(hve6JGR+~@W<$l2Y8DzQsWw6|sRVIF_acof3qoM6uT+VxNZ6E>ai z@1IRYrqXE5*>ft9qL`f!D&DaNDP(zeZ8~yDUnvA}6s;!1%b-N*jgH}+*L)9RaoBhk z3QC?cqPgmrs`{iywaO1BM(uVSU?a>E}XXtvun2k?w2_(B*J$Nf<>am$K4|Fsgtux zoLeoG2=e*Tv*;yk-oi&m+DKU1pY&VqDR7S7d)EJJ={?~vv^uy^Z6zcz$MaAQUPq2F zVA2G4+lvW_`k%leQad$|{+`JNhm53h1xHm-vAw z>vuO4sz5vemaHKi$b&ir00D;-%(;mqEjXl$YGaDKVxtI+l57Fm91fjQV^TMbpM3iY zYvIbL3k1`RpO|S9ss=(j%nqJP0oO62*ho$VAv-ZTxvE!fqE1N@yq&UU1+|GKrStuh zc=I)dAjdWmr|cfJ@r}VLhr@o7s4y#K14-Cziz_qz?*2}DW~!ydHPMJG1yPqr9X^g( zs`C$wL7-hx+FB1I>bv7-^bTyo$%0N!Nl-uU!aR8_OCTi+7#!({ zSLc;H_{uEcETYnuR-}YHb(#W?5JQ^%Kl<+ne4bd2E30*x-AL}qJMJze{CzeWMQ3Njfs8*ee;ie)#Y7&qFdm3+54iQ(o{j@j%yFBXo6Z(q-6<4=c zef@(E|NgK{g`Hu%0(41PQAv?%@7(!vdh@gI-~V=fY~;!0rVGaST3(22?Xh%qdu+~M zzVX@GLn6g8u{2sM2kSU5R-G@Wzy9#Yx5{A(W>|>^R!z=v!2YW-=gaBO@8y?&IZ~E6 zQ(Ndvq!pHpYrpQ-wzvJb{_g#BXrd^;lQ7rhmrusE1`wvJRG9ncFTw}w#C8k0i5PpF zW$Ao5z5B(7U%s_0pAG=CO@y7H&>B$MoVVe5%BAAUyz#Uq;Y8H>9+DO{UTL-;-DI>qfHdTA0yY8;SdU}ts34W)oPHV(Wr{h(YmNm z448F{Hx5&3V~{;jLtB68(HdCpTAgiw5?V!R^`nwn+Cd1X=V~KOOfJSoedH2~7`RBh z6+H$SZ}lPC0P=XWw7DmG+&Xip9h;>>3o~&kmGA!J&o94v@!2=!$!fZwu9dqerXW)c zjvN2{$J0lD`t;@ZZHwFt2C6!8OlvZ`$xKGn+MCYW`IPkV&-a(phxyf)FK^wQiLu3m|rhaFar8qXZO_jJ9uJZ`cYf>~61#m=T;)ke=$vaQp@p~V!Wpa@q z#-Y7q1)rxq^Q>ts`q0QKyg>m>NIuqsCDE4-wegfapl%lp(OwZobM!YGO^xQMfc98Z z)aDz`(E#xXuVT$;(ghuM{lU_5Vp`|uufHMM*mgHJ8Y0-)Xbt7;Yn%OtGKpi6bRTh* zqlSUcwU4N~7A$)d(WqhyN}_m@!iDQEh&DR?78)WVj5?a5An&2kc7+H?kDHq`+;EV2 z2F5WTbx{`QmNZcrR9F>XET(4)apgT4uZT9DLeRUnM8X)owe17q+Blj-F4i4SFyUzl5OK%U1-&N&KYESjfpE^*fbBR4ch0+Xo>y~qrIUGa%>+5oYh^f^4jK! zl1)x^OVRORoz`8nXSxfYM`&%zU{*aO?+BkDs&6py<4we)h3Zf~pom(7*gfdAVpno6 zqiZ-G{PD?{0aOr6Sj=Ju2$DPE+ODE$aPQ9*8c=-}<0OJ%f&nZhwfG`?KsjE2Sns32 zn#T_yO|(-DZfYFmeM1+LI3Z#|a<=$!9tg|K`O1U(y#R~_iry=shAxs+O-uv(938ai z?$Dxfi07)@vtQd|o_!l$qBpa%RQ833KKra5Xgv3RO%xbT-ds-K-#>wrN;2T&7C;~O zZV?j3eMB&a$vDQ9+wF}{<(t#}FMoOcQQ8t9Fr+Z)O*#t4m~{X>MMilNe19wUkO_+C zQfyCI280_nsQ-PSBZ zBJlj<&Bf*{6$cP9v! zA&hUjU{Z?g%d$=lA#F-5BSV@AC6kHA^<|62GwoPeZK2fCK*(QNrpJ1-z7-zzo^M4) zatscy1Wd0{;W3xSw5zxHz8O(timiBtiF$rX!`V)EEu7HWhhqdfxLCqDAu&50pf^iQdi(kw{WdXKI-+I z0wRQh#3i@M-J>nOsVvjVhRmJtGDjg0zJ#lSb1P>H+yyT#aWKq4C}0 z5Rgc)WeVy>6LWeeoOD&8o-)uc)O$2Et8Mi0Ikjd3+$8tp- zC`@Jgh!!7uwR@NCTOBAdaaw00^cD8QO# z+r#!yd9HF9V)l@zG}UeMplhLOaN9AZ4=YVV;7L%d)hd1&mEy)U`9i5;LLpx7Q-hQ{ zrAtiY(=MFkb~b;H{YFXcgj$V&R>4Ai&pj^+1SaP(9|o@o=q*#HSuqu*JB8=Kaplaf z8x9W;v`#`!HP8y6SYPZqELLybD@7UyKa@`^w|hF?xSXaze@fs?1dS;HOshBOE+W0| zoE$~azWS+DsfqcT#OAGl6a`UbH7*QOYx|n?(0|YVVULQjE@l zJ(XoXnL^C6!!FcF9i>Ay77A#F=N)=Aj_%s*1J1yj6>=!Y^e()d{(U-MF$DHG(u9SK zor+aU#5!P)41xY0%maC@(^w@2R<$berX}ED2uLKhSrM0B>LZxqWO>)GUOs8oqO-XO z_k5eS<&IJk>aNv^bCboh>o1o)s^*Oy^^M^2k*PsS(D0@A(z?hvG?%zflZr}8z!q+s zO@||)ox8io9Xz_KNT55m4P{@3T-UZWsGG)CX}NSDft%=T4t$`>ZdqHXz!kI%1-E93 z^IHog{MNxdCFT9|r62H3#{(8B{*uRWc1QvON>k7G&$?;1D_IJ#(N?u+Gc`EU&bg*)%D0oQwK-*rqjD`~eRHe-QI{zb%tszK7 zSQ9e!8nSJ2yg=xe0qi6PXE$}YH(}j{TMY*j0;Uw9Q8rVGj=%FgI332M1Cq)JGf<0g z0DU#<=a+zru{hPHQDR;;3DMD~;AB${Q0JMyz#5WPB4#e>Lh{S9iV7It(30b2G8|Jn zZ1dG?82N7M4@rBbvuYRr+{R$tD}>IM#&p}q8nT7D@x_f@%0YR{vpBXn4kUI6Z3|YW z${^NW%^9Q=+kS*kr`1IgQLG*;*#LVT&?}L{lu+ZP73~jqh};e}=cz;X80$yhyblPX z-h!nzgX);T!co0_IZYba+?Ujxz24ct2GLj!CDo=op2Yf&nh>^$m$4a_3a{3)^ZoPF zyT3UhPRO&&t2tZ%^9CV=kOADmT+RH;lfz)UN*mYN%s#!g^K>EC&^L#nxv5n6PZ}Vs zw6}Wp(Uz`PpOeW>%$(>;OW{-v9~~Dno^szV{4v* zTEJT7P$w>sM6SEg@v#1cYqT;@_S&3_amH%l5CXd_-_zevh$bu^^Mqp*RLIFgI_!xF z^c93->3gC>A)&7v*4Fw_ldVb{TMYyOr+R43YL}B-_Q2foF7$4K_ikDhU${l3aZ#&*CGa{oL zxRBu?6yujk_K=000G2ycW8nkOE14d-7%^!7=%247pu9p!FWL1}my4j|Q!1wEASCJx zFtJ>2#e_kIo83Tm0LCA(e)Qhd-gyVm{>&S08)PP2c!(4*-0Z_{MP$kT?^m3B28Q?| z1IWft$v*ZoFFE^2IuxGCcuOjjsFuyj;_O#6jTLf=qL>!qn(%F7z?;`>32|7Hp5zK; z;e!*SKO>+ZURO8h=!q9{1e^K?w~6ZMAjzBCu*Xk1V=dAYoRIN(Q!0sKHA*~`_;TL; z6x8q${o?dF{egvJpCLb!$IWo<)^}uO`<#a8AM*wPeTv}q-8$1QVp_;~I;t&%&HY$- zf}+qNwC|BI`clXW)-JQU^j(vu3SjgP&ZClfNBK`5)O(w7)d{M~;CS(Fh*KUvhj@u? zbIXQ-AUtZK^>TI-YaaBR*@#Bax$5}A@X(-X)oj{UwWH9Lld~h;yNVYOL9;QVI8_ci zrVhQTki1r5T3G<1xy?Ih$K5Y}@ubg}H7W+~C`p0Ml+1|w1}@h}2~JTl;Z&JIN+|2% zF*o!*^8U*+L?~dRfii@McGzk{S#iEU|MHhl`ubdFm{uq)a!Ue%(AH%>R%pAXQ^#hq z0mso={PESMNeP9{%~j}?+;&$tY0{U|YxSkiC_GYVPjW#_u_c!e(GHR53rwJ6p~%U9 zG4;`#_5BVIM!HFF#@GHeKIF|IMJ>wX0p*4wHWqfjW>bbHHP!E7h)98Oe45IfcouMj zo&TAa^B^c|JcC}2`$drP+KBdy98x>XK!-q027i=%?Kb`EYYjQJf6LkSc8D%sfx&1Rk zTWBxv7+^XRdXh}7CSavHJY}I$o6AU-avtK1p(QzVy2FsuCe7|!ZKffMk4JV2A^`c_ zQoAwN$@){NtRo9ZzTceVJ=oR~d0LAbdkIlfqKqPiL4Z~ns8e_!)@#ejQv^L03Tv89 znfY|{yP9P~MJlnlc<$XCCwXu-xRLEC zdg6=~bdJ>+Z?DuyscvCgL?6{;G3|Uqeael&9nS<643Ab$iE!`zPWE@m&w;vvBX3eS zzo;jqndUb;Fj3GBd`4c%F(ZvmKev-eP=8XSL&xdJ_Zd4WdFgcb{RaGVUUyMFXI@ZqNJWT+F%%zk!Urj^%O)E1*aV1R-DcH{~ zSX32qO(bG5mMH_S?7E!@NV+BjxD3jMHuDMNdi!Jz9+hEKy&;T{Q+UNB^K@XC@jwxe9=E3uAP}f7OsuzM-f`ZS1hQ{#TwFBNT8PO_I;2riN!KgrI}6 z&wo69{Kr52164LE3m4?J4ybA)1v8zyf?O9Z@Q1&E=@F|Gv-xCRz5 zTz&S_<@D;G-`9hZrOLS#R%ouGKPV(^*Pgd}o9*h>$Qyt8^!rZ_NOl;~Gh7{^9HR`$OT6trj>@QHz&LIRUPr zN9ZE)qJ8!4@BT551cga4)weacTesFCyH+j1cP^)w;e!{)qK)iRXd1AxinX|auHoTy zkxFX5eE;1ejTtvS0om@94XefsU3)UFZEbx1d42yN9;b?CP2N%%?N`Pqx`x4^i(4E2 ze);;x$Fd}20#paIWqH*A#kD8n+SbNjzxwR;4-aj~pjoTJs&b`&!?iZG=<3!;ee0vw z-#XTVm7r1hBZ@Zb$I!L*G22BVll%Sa?|uzLde(|t*a5WfX|kV$!pW}FAZR@O<8(Rw z<<&pl_y%`+mNLX65Q6n|+_r+B9NA3HG=7{6L3xOxiAM_YW+s~@aK4=W_~~aK{}q$1 zaLIulDyR!0KH8+pWC!sIhpO#qWLIPuj?KzI;z{mt&GY3{>dSwAe$*0-jG@HA8|D_o zFs?O`T)Mh-;Xl89=Qsa479=@^S`KckWQT&J?HU@v)vb}we*f;ve;mq*bl&yoEiYv) zBBECSg})wkgOh5UN+PDbHbU2$ zZ18rGR>*gMEbkt=)n_M~Xrwi(k}bgCWni*5Je z?;ri^FeAKY9`jr9$l@{(xYmwAx=P#3d+&wAzNmjB8sPzyIyG|9vc7WkN%-!)M3hs?$c-?)tT@iH|=0{$F3L zJt+h@Cph482@wh+I7AfWa{B1ax88WU4xDI8dW9$zxs!ZKqs3Itm(#Z&{pH1%hr19< z;?VCsfv_i>z zzB_$>x|}|I2wxqFiIb5G@+z`O#+FgVwWhF5SII(p=k33Le>goTKqNB-Rs=;pLf#Q} z=gaBMcmDNV>y>?@wm{erO-SOfX?N21^X2rXKYUo;Sszj<{Nm{_kVL|qxY)D6UGY@O zN%2$>w6c$SZPX0FuoVhXWjFHz_J?Jv4bDxH07Q*;b0R5x_=p#<4I5Q@8i75JYw2>` z4J`;W`6PTsd6LRb-;m@+8>DKa#$80F=SF)^w@y4<9#@Zrf#?JJL=kbHD$zkqiwn~# z_JvA;wX4d;8%96c=qk9li6EeEG&kv#?$>!^qe9c*dhEm0r+y^Zn2?*d)(w3F)~)K) z(W0QDdtNDgl!40QR&>gY#&J3xv#*%~YFbc|n&d|KIat-S^4c4508OPo-#J2i)i*$puETp&-fdGMf?8M$P9BV41GP;H<0e);-SL@8w49_27djuI}*ln{% zj~N?`B(|nV_y&vMvMV!bZ+|0C#KWez5%|zmBcB~06p5<&W`13U{k}hndNoSI|>Xtf`>4bAoVS=^BU;G~*@^x$U`d}iSkjzv+PzxwpEZ>Ft> zWbz4vZ!G4LnFK%?ILPf4BZMp(0#wng|6IoEbGU zCHMV8Qg&+d85`^TW+w3Y!0ta4a4E4TARRa#pS|GZm#Im>cnZb|=bP$%6b$7)9pPc6{F(^!6i7Ginq;D1$jwo?N&2qZ?D@6pStL0M~DR^X`tC+ANqw`|~s1e77u_)%W zY(6OZ`#6wPVHGH%>h;VoGPzggO`-e;&x8ajd_w07)%1oY#}v{rlAvzBPr5)XgI*SDKpBh9fEFDJ?MvmBw?q>SkT7=vY zbr2=y9HmUQ)pE^{@{({kE?JZ{P!+XJJ0tGW`;y@V5XKI4rVx!0P}p90usbu+|ZA$6{s&1oyu|j)Ug{VO&_4CA3Yspu8Muw)-%ZwU#;NKHFp@f zRO^ngSc9ULV0m6Q953ofw{C28Sj&%n0!km$cp%KqKF)GS!|DQwYT8cxj=o?7I8wI8e^vvcuRuN@YCB1J*wvn-PB*3i>tORcsyy+?+Y^-#gkDM{xGpbRY z5R?9+Y3LnM4i-Iai2|k3)Iqv$kLQDhQ!`Sp1Y|)*St+x0cAr=R1rAVIrAp!ff^wGM zUaXmnRl&-nl*c_`460cS0-_Ubj>te*Dl$oY6o=6-q;4V%8AHNVNCS<)*z)>5w7L$s z9@}CXvZmgi?@sAx{|OC4IZLRRz|^c{N{~5qWg>9cyn^DMLg)W;BB&-ggrc9a3#&HN z(z=px*fqMbMg<;~o}&=G*)5XdUl**P(4hTVhwAQa_k4x>e#h%f0Dr3Czk@%sBD<~5o^WS z&!cNn_Y=fh1SW4!8Hft-1T3pSCv7_kP?-m-SrLuRyV?H+I zcJ+H4_~`Bdovi7F5_Ug=5nh?SWH^Q@;YQMQETzlotUE@5_L|gguK%Qp2H^u=-@@Wx zVPubI+PJ;0i_7z<7s;PTzoD8L2DuMz-sDFoW&kBJ*i|D=WS*BU@3SURsMw>J&C%AK zx4jROetGu-mE6s3BOPN;x{iD~1^Q$(s7Z4I|K~t|znMVS)+s=PoYw}woXJ6jImYB0 z5hwt%I*N%3MkoKM7pGtssvJej^S~@~=4!l)XBd)P<>@4-WR{D>4&hSKPDRruc$358 zW#&PioEofuvGra@l^Jf@id=skK?bko#0lIyI?jSUbfu@QU2ENH3I-@ny2VLtBE#fR zCRlg`CzPW+{zgaYLNh>9ASh9NvC(!WQy9}r0X;~@8mIi6-Wd!IeF9l6Qg0f((+qJ_ zsr5P+9i8teR?^hjX4~lYP)v6T`|;S~umy>nh?QJyCrW76jY(aR|M;E{u>*+5WC_VG%38_WiIB;w`Yhdc9{m>cT`Mhm-iVy z0d;B9Kuh0fqb(pP&al}}d z0U++7lXNqHc2e!-jYUCWAdH=$r<7>$M+?bv*x$%&n7ux#?dLblBLhAj;v3Km)fTKQ zR_`!iQqvkowI%Q`di(X{e0BQ;fMJ#Sz(_hW_vNn8JIvkYdJ$PLsxO3aR}HjOS~hvR zqj8b&%{0C~^!?qzgD+%@QxGQ#-#nT*P}+lzDSN1RqKhHRjO zu24pd)nJ%8EQTg=B7>O@#3nl;F=fQc(~fuOS{LxF&WloXWa~J?W>1z?-za zlFQ)0-3G6vidK^^q72V%#^WCKi^S06Q-he+S_SjZ|Fi$+f1UX0S0{EluTjJ{x?s`D zVRBH4J>Ne$om#FbNGTA)9%1mlh&gM5$5bCJW1Nh0Vh()Lb0+JdsG43j)ICt6#q&0~ zXhS+?BmkHXy#|rWt4&v|S`B~j^|a)Va1c_?UR@103I%=-f(>*!C#F&G?F4B7Y+dvk ziA>yWuR$3$74mEBfuGNp8+~I1f-}7Fk4*aW!pm^8Z#cPTk=z6g&w)!bXC=pKreh+( zh~g^k3yF%?((x2BAU$%3zZQg6n2xQma9d6!M2%D5f9Mh!* zZ+s<(Ft!ChDA;?1L2A+bT1qR2aOgQqyspY2jck=%vU_4%%Lg7wn-|SPlx| z0;N(1AGKZ)(%x-nRKBC?Fiqq<=flC0hUS*;;bG)HTFsKMQCdz%0RD450!I9Rc2YsK zj#K3m`GO`)r+|oB6#M-8M#mFsu&HiIlx@uho#C?ODx7V;fI?nyKU zF)vOFJjrRTOWO9U3^c)bQ64I-FgWf`pPuge#M^$6v(PTwNXH8mn%0V$((w$jY!?o^ zRF6*y(DQH~{Z!)5VWRMC2WP|B=sbGca*z+g;EiI5dGEs=0G_JwLFDA?gre3#Y~gA} zMvI|pZ)58~Zhd(=!~hv|&z;JXFNcIvD(nb&nS$iiPB>Ye<$i+iEK=wHy3tou!bsE; zd+;_SmM;?dH8sYPt38}K@@0fi5ux$PA+kn= zi#wCUmxosoNYL_xkVfV5GK*%a^Zl=go0BH)YuiYbyY0USsnX=2iwW$;By=cAQ@KnO zirS)FR^OO{BTfP82fSgRRja-VHM?@U|O94HAMKa_v;Ay(B|MswLx%{p;LgX(fsUGL|5jaLEtKaH-X5Mx2+!r z>2VHDF{~z}26RJhmG7JTfdlpNJcO<#_3`HM^+MI!LX%ShkERkry=61lx}uZx<&d1v zAP=(?n@v^^x3E$%!*RK$4CINNv#YkC=vFaw)vx+4neApJMZ0+#G%cmFI0dDS{5TQ& zcmQt8Gx5p*?2-i=HsRI1useoSkszIF6iDMRSGi0(;XZ=U5@w+8q!e)Svr^%-3&J|3 z!rWvgNCG#^-`uHmGKgxD=|s`75Nu~}q$zT(6EuObgaXDK>8@;SKjoi5xrVEJFe^rm z9h{zx^@mfgM;IxlVDE9WQ;9dWvIdYE+&{4%&frMt#KP3n5r``CTEhAMyxJiJI=QXp zx;XIHusEkRN1On!E?600hze3`t+wNkJw(-xWA>m;Ab0FFY%80g_^T6RrzRC^D?!cAg5p99%}HP5W*9>l1! z)|;+NK&}~u4P5^}!rrvqlA_uc{wus++_l-e?v1{&tmA_R6;VI|Mdg;~iI%>=qT7J= z-`^+ah>VDgm5cL5*_CU>%8ZPdF`F^R0Arr0zQ65@eVD+6)j;eS=OGIt>#ed0+ zz!iGyI5s%OOU||GK@;1 zbK?4|#3Tr#<4BuP69XNe`NTYMp1>56k=JS&VsWUm_1h{0{NVyeB{c$dt|RC2M8Gw< zvQU7fXtPk0UUQ7(j@RoSwRBo!m|Q{(c3y9v)kRqu#b=EZD^8_TVa*!9LML8;&a1(- z9P992yd<6|J4rzn-)ub3^^OXQ>zkUvR%Jx40x&&Zd0&Rt-j&echAKSF(WJ-enf+P# zy1%Po*+A)EDo}L+Q9=pxo*Fd&1;)z@_KX1gy)u=5N&4_9uAj%~CjhmhDdIHgkn z9@Y?MHDS)UO`sdFm)3|ZHPAxf&PSNgVh{x=qBr$T6(npuw z(+{t?1g-l@x{02!0=FtdxNzbLt{bs2?#aXLq%XwwyjbHzpgYas@WZGDBM(K}3-^v< z^ajbrj)azj)+5n#aaTxz2Lv*H^Xqn|9j^EaIHQ@j5@hq#IupVHZr?wv&{^VfKb(wE zHf*#aJzuxDXc<#vTN{fb#X4vHN1&ubq~WcQJ79{u#IVlKlnSDJKb2$5w(j?YSuy@> zH#Gs50Czc|S!fFxTeHb=#lzfFBf>bAbMqbD(hemeyg1_{)BGJz?j_b1LSURBO@d@=|LT+EV& z6rlNcMk6Ujz1dwqYV8DpsDUQ$$PxI~TR$2NinnUTN?jg;^3K9Z%9am?{mI4GtX-Kn?a-(I_nu3|gQ%hv1YfEG?4MIRU0nn!r z>EB*MzHrASIoArYiZhdy&Ze<`-(RTOj5WH0c!*07UE6l&Y3O3`Fx zHWApHvcNq#a{Jth*^%cIK}weE#c|eA^t3EQ#8Utv$+L{(6uGe267uPZnjl5%g!9GD zV1#i<89HCdTSPq}Z=0x9+D{_2Y+C7up@Ywk?2AxwWf)>G*G=_J!ljhD*Uql)AIXpt zKo-nWMbX+0+&}S;5w8j4%DG0GBW(x&Sr4V~Nb+k~V*(Ky;(vyhc=F`YBMn6S)@P~M)d4_^R!pJKVcgylW|GF!w3SL1V7m16 zDa%5$PT<`8O;3+e5|&GZ_Q)u)&g_bsojfx7TzI9B zGM9St21l(P;8X*;cE?6wPff{}c3+|TV)ImYh?GIeYUv4-Xv4MMpeqgedfj1>$AK*w zR%@r@#6rWvwwOlwoTMVZTze&g9{+fIdpszGMzbYJ#x|&`*`x7ik8b|66ZXq+(Ly~U zbb|y#0^R@(!c|NfZt)E=-+N#oii&+Y)dMbw&0|u(7 zQ#>Q1rW9pJRAS+_)uegNK|JlX=ewH+s!5{=cz2Ufp{7dA-OU%RUY%?VcQ+A#QI2!3 zWn(rVLm;@mHZM?O%W&(oq<5?W>jjVVGGb@Bp#lO5N(sbiY;#qc3)A80Q!}hZ*RSIP z|HdnFf5ys{Hia-WmA38fZStm|Q^W$1YRNUu2xJ%u-&!_X+>*;TUw?LyvG1W|0B;?m z&`3C-=wj^TJ{JY*zM+xq;OJ(a^|2D%zKbb{5{$Wp&5|R!wc_d(4n^^gU=g`mq~?jq zY;JbyOVl@LF}iMDQB$H(3*TnpmsfxdoX{jfJ2oq|pogP`y=taYF<19lpkp&bke+3< zuczK|`@a-vcmyuI&{0*b8dzG9ggKi}2|_0`Nl8~qVc4)l&xpAy{Q|N~UhP?k+a>;W zWYJ|+h-uj?x{FJr}Tca$A9bSQ;ruBRh8K{Q)`hw@@lzLxyzobv)r8QEx?&{L|qTJqVt ztrQzqn)+&6UyI#)+)w5_qQe8xpFqVqYzBG)k@j;5<)1@a0SS`Db zI5iPc;5dPxM85ss4r{-p3^8CkGl(!X9g>0P@r{dl=bR!-0e&d~SiE3fpLTQ$D_Wma z?1`%mgm&7kaX3g(GMd(61=mpS&K<4bsLdTY^s*=zFbrxaL_I~$*vCuXxO?e3W zrHP{-GkDOi=p_Z7=%k34K99`32>Q^B*?Yv1e-H!?-Ym>eeU4cn^k{3C8FEg!11{)} zJ>;lvSFEbyXnCM)r~nv+$IurOKrb>G9mvnef1Wppv_9H`oS3(D%#hW3>JUj@@U-UN zJ1AB)z0eA*G#y!-%ijBZ@)|)AMP!+UKpxh_1J}ZcS7Gj1n394#+g1RUx7QLtkPzU7 zx@jCphBPrXfLP?jIHDX4u)j#H(>{-)>lHhkVR;2btv$CnMG@a}*IgrcF~ z_Rtl1=Jj$&^MY|iX+J4H2`kQih_{9s9>OF&qnPNOpxyRN=s4mUks#3G)lSu}m1Rqj zDe;syFGzSeYx~K$qXN&IP9)7ND2B%Q{Fu0C&z{A?TX(ctH4<=yV`+_c<4Jlu8AZR~ zyFilqy z1Z+Ubb#CgMlBqanP<*eA^vRTwaeh&*76BUch(mjcz@o-Xy<3;2(B=^k@<YhcTHt7XVCFq>Pkq5ld(I*(6D~EBOiM<-!*soq)!;qJ$_(`pP^qNf!_Z!N|E15KQ6~%}F||1La0{ zQ;=wvddG0E2b1ebkVjk#$i9&BYv&-MQq=VdNmCHzzA;atj31cnDxa6;ow78P(nm9D zn$pKS$+R@z6Cfngsw)=FN8*$ZOwgI+Dgq_sT??O(rR!RYN!QM3PP(8(hZ(7D-^AT{{*Je}V+;Ey;Rhp*Bi!?pL>K{bWy5s2uw+fHV z2T6-=d<(^G0*@^m7&2>c=cgsKl!O3{MdO6$9XNlsI5SqG!w=X-7wpsl{;_uN;^f2* zaKuy*UD!=LGWfLwm&vmanO7smKi)3ReF9TYK%&XJ$&cfruqlbJxT+>SJ&){Kvv2gx zuO-i&$3yR)jLJ$rLWSESqf0ws$%>*4Da0^P`j63RdB+~)tD9#R?zXMDxu9Dl#~ z{vx6UpQ>w;AxJeTT@Sefo}{e~0WJOKA)uW~Bk2Bt^J@u_6geB{)|7VQqqVx{8I)h^ zIpD(N=qKZJ?@3_yy2`q5&UFQUh-C;;Ne}no5E|?_TvyBj3(M8I#Ar z>rS&w2TPqa60KTEP)&jlLn#BXodLZ9A!9jtluW{x3B)=eOXN|PbC@*4;%$W|-clcl zkA{?!sAS;tQ3Akn6(k1RvB%nmWt*AKnYf)vbT;xMMZs7b7J0=aCqQUInkG=M@5Kv@ zWWykM1P(DHVhH0O z7vC)s36VqHS%pqpL;2M_du~xUbFF0_yr+)wQBX1-xkIm;JDC-eavX_k?^qLwr=qHe z3R&0Cvtsbwq9)`8w{knbGhbg z{bSrhfZl{UbqOdFJ7x2=zN1Jx#@~)RkHc zx_02tI45T+<_Z1-+Y@kB0IFW(HvUYcQ&Gx#^b|}{2Fqo3A zRvm-{N*GL@yucoWBBlcViaSNWc%;&K;A+%h8s>i@ZXRr^rOtw6dS|rn71j!Yh>Cbc zPn;PfEOxMrpwA+b%^ml##U&Jr#OwHdh6vZU2B46~*9(=lE?QPpY|Qg0q0`eadEllR zurC0M5{fc0Oh!ydu`s-GP&83fXovPSM95|^kAS_V*Z^{Vx2=QD*QC6^`oKar$TE89 zd~p+FYSroDi60|ry6sl-!ZXDNUZ=UJFtscI8SEzCl*(Qd?JY?aGRWQm6F*_a@Qs@2Ljsovl+Evj*?ht%nV~QE8S_q!kR3D+Xh#$k!&Wh3< zsN^P54D`QjesS+I1M4T3#Vl(q!hInBt&l^aZSPflwrp*a!E_WG2`j-yHy;>g?^)N) zt#tUPT#GK_A8&702VN2qEDXC9=zNnT+P}L$oO{8pC9b#yjTUdyh{A3(UAPtw0+-vd z)Q_^G2h_TIY2#XY?a`0K#N(YhCQ^r{74`0M(~o&ftt$lnQLk=hj#}%iRgDWtRwJKw zA7}S{@I18abd~-Z4UK4?VUcvcB}T= zRYe&6hy($5tfO7dF{Yd8!KOI%{~SK(H2uA~HBCbIIqD9f~;jz^k8O zqO!1iv0zCJCp5xP{hzhQzcWQG&IGut>D&M%9f{Rm0#`{~kJ?5FNLDf%i>c}Wu7@IO z<9FcEQKzl+ktiK$Ipl3wTTLlGVWmHAV_`i+A>G7{%2QK(x|Bnu+km0Z*-qV$JT_XI zN4LMcd3Ydp3GTeZ9+Eb2qmLC&EFt=NN3X-xiL5C6aB~&jMbSIDYAt0Z)wVVlj;29f z%hXqP!N1_J@fE6=f~p!~i;>S7lZ1iC4fbO0w3>2;N{cmX zlRn-`WSdgs*{^sBO9|RKy!c& zZUe=tzQe0^e9-a{DH{B97H_uKc8BOvoL!gbk2&WG{rvoWU)R@>Xj4GLiv-7T5 zl;Tt%OoZNi*d4wqi(aQ+RyfWmT{^G;1)olJlm!ST6Zj7s&4x~{o0MN(lh_0ucQSrz z$mIq!YohU8O%XX9>Bw+4OEH{wK`JpfX|wtN_rw49fB)at&;IX6_cxClA%M|ZnKkRs zTX6{s1f)eydW5AuoV-enGAVMIibM^(DW}Zp$TM;dDUCQK5PVuB7%~z7wUKA%3Qyl1 zK%%`0NPEZ^Br`K=SR=`{ke-3xN;LFqY#I7`s!zzTU;3`S^Z_j|1 z0w=%Uw&A)T`dPxMOAAy9yg-M>W_6CtZFFmywR(Y>^s~5KNYuD$Fi}3%lqT=5IK2co z8TzCq&TV29O}Z}g3$|>B5)z6d3@mb?+udV7dxDG{g`-FzcveoqgbHepqFIvw0&jPy zXi3Gm$_w9UtF%*AtJ)Uu4#wsaw`JOT)D)pz>Hy;Iy*%aA|gehV<2X4!FsuI zIm-!J9%zn=QF9qdTu4F6F8+r;W*^I`5FJoB)Ve$RrC^$vve(VEr!$FMVzd$novyoR zRK{TsKDX9iu#{GND&&-#ASfkj&`#O4XO{XpNY+J$+8LPf1T*K_h1`IDs7%s@p|Q{M za=R)tw)#`WK7#MURBxnx_UPvR=JuCY5_1+BwTN6eX-n;q3m3AU^u7mLY#yp-d~-8< zl0w-P7b#Fkb2#;EQoSh9fYQeTq(Lx88>YljP>;K2$wcl2BvCG{n||9iz4hs89ugac zzLY~6@O`Py=!**cnb^8Fpg-RmTNj3}rtZD#C`_f+C@&OX1lVK{dKgL^5Dn7_+Cp&n zi;ZxufIm(1!Em%XeCWZpp%K)Xog{iLq+KTw8C0RXH6waXjOqlbKS#dH73`8|qQ#)$Dj{@y%C(LjQ;~ot9G(VSAnU;u#X-z)p8C^Gm~P-b z7-gwrt-IjPgteSH6v(?M3?1%JDVwe>&)yOgomgMyrkQb1CDw%wMvNPQ*@3WSUA(q4JZnI|AaXfY!2z zEF3?VE3Ig3OpVl_gh>TO>Mnm0o!&W!4P*&u&v9%hb+wHS(hGtCYr0wBp0{DwCo?yS z{#_XdgoMEzSmZhw6kKPHj@m*i+8c3*G>7Oi8X)Wz+w^AlNNJiP*Sb;mfM-fS5u;`B z)M(C@v#g>QDM>KQim6wOhhw#lSpOZVMp3zLK9>aBr(7^ADRXS&ULTjXl-rBU2-vL5 zp*DnuYwl8;Wv+E;k`VaMBSvnh9Uuo{3c!0bFKKs%Mq$^<#L5z4P30jRNCjwlOVEq5 zNIQ<87N{%Co(9f~Db|hrLhJ$n6hmEw6+Ho*lspUJ6cv5mADk4Oa{OIa)LY(+(QSTBxWavs`8tC|eAFg7QDm}U*Zxy%YqCB;bnVb*> z(eEvAX}m0GWnIIY+*G`2DG5mOmS`t3v^4-Rji(Gn`2-}c-!|QNV^d-cx^NXjGAJC1 zFf`e&bq7i;QHs7c=cEhN`-=`>f#&%AxCPr^sOgZ59%v*58bFf6+}04J56ClzHAL=S~pvFTIBfVDRTgELNicNUAaXe^9Z`#e_ zpA`#7iK)?rSycK#DQmSm6>(J&G6;cB{KeSDCFE5Mkpcoql%tfT?)^3*$R#@P5Iac7 zi@6Hem62Dh)MS-;;}C$(BOUm0d#%&mcj8wh-x$^3Di2e}j@5X(^5$XDX0TMD_{P{F z<2;H4xpR0q1$IHhj*ib%P|%HvyEQmAEzxHDj@w8=XhSR>S2&OffbB*frr;VR7S@*Kz_%ha zVZlyT(~c}oyx7-`9!IqsfGd~5Y$D_-T0$h>6kiVlAkZg>b^UdF=J2aONu-NcZ`q&WaNyL=8o(;TokjrvYY*~ycx*bEOK9_Y_P z7PB~qUV$M_HOZVjI@WlKKta~BM*e{|hcHlp-l==CJFWXVN`6YRxxwSe=>^7>xQWcs z<|^aqCc>&3V>ddfH#pH8O z4(R{pA{s7cZ#gdf3&PpfAU5~ggaBo4CzdIf5t(>L2?I$%gsp>@apK6*t3Xn)X;Iz{-xW|t*WO5S=e#y>7H z6S+BbROmnpgU@Q@r#fF8lfLq&=Mg=~RN%4-?$J%@$JTBtb55BNp)9~51OBJDMHe02 z$sog03i3&4E2|XUsx9VK;JP*xgKfrbi-R+1r`UiX*y>F8Z<9%uP|L^;b>=sEt|u?b zH{ZT^{vlm9tWm+$90DH_XoGleG_nmq^neGA1lIWB6~9620wfG7sZsQ>jHLbk=jQgw z%kufx<)`gFWM!o;0PjY0&@iz$8@Ir9N5>pK9#{qKmG9~CRHhE*@Wais(^TPOa9ZME zBSJ$pRVfT_6u;9Q4yJDE#c_lqrcRt)cPm77`|Qd>a%fKz1iK8BJh0k~0!;ogefvdu z{>^c((PK3?AydGRb2@L$h}0ivtV8<&VegbXB|GAxX>S4+Z?^l`0g^Sd+q;{Lst%sM zN%CqL*;C{Qq>+1afY4^PWaMR>CqaNGpORN4Xn8UoI+L(jU|Y;p6;e*J%rtzl>u%A#dnQ1deGR55{9 z0*T_x=dCZo;AuQOxfO1T3lziao*`lbaLO=CX;qXD+J2bU;mn@m#lo1Jy2puDpJ{zI*8UZaq+0F zwHi4w%;wq5H#L5I*TIsw%?zI8 zoGqeyi4OzgLjw1`2l0oSpTAdLXe|lQNr;GASuNsFm*@cj#CWKRT+qCzawj6a_DCW& zjY6n8>fHL0?WrzIgrAHkQBj6(^WD$#CW2yXp`lg)I z=E^D^r2xZvyehPS`>);UjU})K&?3^!rIa1Ey3EqhKmjukB)EhG2@P>kOmYWz_m=AX9Q<)bT@WEPS6+rqXU zGZ{>c@Zt6ZSE3o4@qR`9qcpJ0HsAUFL?~tL*mKqc6saxlgxGUe-^ZhtEI%;b$hC zfd-1T4rKu2s*RmZ>dJ&01(8KJ>7cQu-Y$M-x&gka6zpxLXsvlT)zEj{FW*%*Eq%?`bRy!zpZw4_|vB`CPd}$`?oiv zGu@z&f%~)#UQKll)F;ey#}IL;66sd8mDZ9@YSqT(bbf;vgHX|GjD+s|KHRq0%NUci z!1efhy+IXABCHAzRtJbMTP5&cTI9_*6RV4qUV>Xa#mdfa5Mw-syigzM@he15J_aN_ z;~4cZ5J6+?Coj{N&%gc#_a}o?Pk*}kNB-!Nu?;ZO>8cFY0GV2sV_F{E7+#Npk z=k;K-#w1Yeb%uxB?+spTRm zJsQ{OHs1OEjXxj9&_-4TomUlYvGW+X_N#tv8{+wUum3(BhbUgSLQBt=5JjAaz_ow% zYugY%y!q~*-dvs}yQFCdA*?-42Cm)pYugb2{PS<#{P;LT^)VEQ4N!uT^ANc9|6u{q z)oqZ!zWvQ7YOK=21InX z_csrpe(}-!$D38PMqLj3nf~Pwy{4Mq{OyZ%wFDo?R&gN&Psi1=U3)aHZDV}?n!{WxRTQQ>WqF({eCpBJr)cKC{`j5MBfjDjL)WnVadjKy%kSTL_~`H|x(ltz!}Yc)TvJM(%iH^#A0N_>?;qcI zM9x)G*`aJ_YcD^s?T!EDwfBGj_VO+)4-)#?MODqQY_ktXqeY*3boQz3_CNac?blyF z-2M)(-~~jb;C@$x_KiW^-rxKX!yn(o?c)ULQVOk;nlq{=MRs5v>d%@`W^bLjhh9Zq zY`nd@`RwNY=HcIejz7#ck`Mya-DrE+_c42L$oy|N7XJFyKi*t+QWlMXm|C=a8Z{0f zb-lg6sek|EjUSia5d^Ju#*g-21D!{^y^J5f`{cdf948>76D&cu+3Dt~=Dpkd{^pDC z{_xRqbCz&skoitQjozP7((V1tAK&@>oxd#ae6xUuRf&JWhW+N>FVeb5ii;7Ohr29~ z=AEwH^=sP@e@5B- zwO{?JU);v{>Wy#y{Qa`MMPZ4SyNo)QgCB=$*qXRX$NTU9^p|DEHJ!x{GSkM)*(YUh z?{D7z;Q7Nl%L)oAkGwP&td8Yc{I-H#Pal2y7knvXE!DQ2gPy`W3xpmDr^;-`_^r3! ze&hLZ34!btHs4VGJn{pwXxX5GqvBGa3sry>@m?Hvn_!Jsn>DcwHx_ly<@n(UWdjGy zDoH%_c7rPU?cL2+-`w2a{QLDE|M1ni(1g!abrC@+b37U78qPgj-CoZpKfe9mTSq6z zc<|=bQ3sUNDy_2}$V+x@@w*1KQ)xNH?GEljd5Qu4!rhHH<;wI?rMJ~_DKSUlTas?257 zqgc{~A+VJ(TR6O;-MsdUdw%YYV~oe_p^&%T{(OZ(0zL*DF${*K`m7i~y@U+yO>K8u zRZ?)krB(*#inbQ_sI{{U_bs?l^-9o1V>|{UN&hU}q-;b)G$Iw6$FPstLv`co?UOxv zd|tkP<w#lhT+ zH-*pB9jkmc6cI3v@rb0Lj8Px6hrGs(oAc%(+_R|g;7W?>;H7Jp1iT!UEZ%?;wyJb~ zhxjH{GU&CAF)`A12W$*S>th;}1WM4P6{g~H0A?~!&xoId$v&LdFt_~H2Bo$-J( z&^v;gSEP=|KYfI4r~l!L^6=1%^*(4SA|W-W(KD(TxCGHyU~A}P7xy>+{l%Lv(lS7M z%>!Wz7G1$1*B)`NoQG|I-~9cL?|-|v(aNXfk5epJ$W|kc4NfByA}o_+E?ja#(`0+k zn(G)7XXRk0+Jp5mC?}%ENHpowc+?5v$EaI?FQ%c--$}dEF4Gv$GGz%kCzN+bE-^go z_AdTbfBf;S<>+y$w%zAL77Q7hplw=aCvu-Dq;RhAh;5lwtl<5ST4BZn3&LWHcrMc+ ztR9;a*Txu+$*&$GA@eoH>y`jtB#XKDlG>fAs0% zj@j(8s)z(a2yvMvEjae6GO=13&nRbGTvSYZY;9b@i|5{Jp{`BSc5Qr<3`{-zozxhP zr+DaxsO5f16(i$|st{I~DE`NOq+Z4!9Fv<7Yhs9U$UQ$D-D zdH0_my!qL>s{@lkKk7h31u+y3H78V9rP;py+PB}lwr**uxxu*~vXN$aFQUf4k@pc6 zdyEUARYdBOE00sOGJ#bfMB$|zoo%|k!{;#uZR0XVqLV64*I&Ub^kL~mvTN@K_sSkD z@t`@GM_u0mDqBL^+v`J9+TiOq|M0~!we934jC&kDtOLkY7=s=_wN35^AH5b{U%v0W z5iw9%u+iO9PMb}bJ67n`eEj{7?|pG?U1TtdQT+hj2F0-f5x@DHBi*k(Lr%Z`geNGB3}ROvJv1I}}8x$meA63l!8~WP4D-=f9uP%W}|fEV)0a14O}7jB==nvxkhO~D9PdF znjjLg?<{ie&QDPc(Zu=sK*ZQJMk9sy)W@W=Lrx=Kacpp(TPRzIi-MvzBrm)ZdqdZ= z={dJ){NVS0d40(%C?_S9U`2{vEC;8ES|#L=LI~}UbXLQlCRdXO-cFdr9ME%I9DU|t zdB*242Fb#XfuOqBe+wZ?9)nU%=Gr2|jZ#ek6p6-7+q>21{AMFgpL&~}&&of(kBeWc zqHmtIR+5#~t?*XTStos}5;n6+ft!|ES1b}0gR`wz<8|a$>~jA+#-M;qj*(~&jzOTX zd-$6xe$}y{JEg=vFb+ab_+}_GaI0Dm?ZsnL)c(Pr9+qfYd7oehgyKpr?nDUNWq5JM zIoxXwQIuA6Xc>3oT}$5!mZOR1y9r}Z)XK(41THxIsr49>^rFU}S0<<3CwoX}Vw^%qUb?vL;kwdhjJi2u*A`B@)7~K~5$iB0&RKv{Mb&#d{PNUmreija zIpC%1WIX~=$t-Uv%c>%W3vE>3;yl8|=V2$R8lN6x0kb(qBniv$L2`Y>8ih}uk~F53 zl3i+>Emqx54{_EsgWy%01%qG>h^0t$sz+ae>y)7;`V_1NLziCs#u2)Y@RDz?JIG zSpV$NxwohIBE?#Sa6AB2KWYPd!3M0(zv)kLBdQL+NQAK_F)5|CQ zkJ+^t`9zBCo2-jzX#b`N@$~uq;miI0gV=Rpw@p&1j6&!>7r|UKW~jk}HJZp2uRA;3 z&b7b(NdIaDv`Q0wX(7(+6yyvO9lydn_;iSN9{9fGN|!)fe`CyPYjX$!xIr^>SD1)y zmEF@tOE;y(z+y({u>`@+=4D@>FKK2-DM(JB4QV81tbaBcKAJ7LSB(glz$)4Q%#TE& zraZBy;*el)$4L(Dhnt_72vMmGSb>>!Zwf)X9cH1eoE?!|fDS9b3K~T(z|alu7;>&+ zDuf}&FTyZ;UE|Z|-+ul%wqdG9_dg|*BBcJON+uTd^wI5-@YLQ*?$D<0y$7PBBpZ?8 zuxj&)$PVRf5dapQn7@(}qA`dtVhltru=n#-nd=ynPL}cM#fVv!xgw(xj4~FEpLy0oUlzM)L7-KU9Y79iARrm8%%lsIVQsip?)HaLJumLcONbbzlTOw@%QJ0$NjJ53(br%9FN zz7KfKWybIJmYG6LDmgUtJBeS&Jr8&FQC0^?y2ur9Nuf#(Oj)Q7rH4|uhj(jPv=~xE zn~tT|$%&#d9wV9EM|#X20DHq%379p;q#m8|;oB!Kmq>w@JbMVfiBnNb>Eqs@zxgF> zJ+u3_gg_G!1Rn)DoM^ietZlX?r z@Xw?4c?mDx|KyAE<+tAq+k88WIE{_}JdO=I4*@E(G<7K147%|)H};MVmvd>R8Tjue`f zc%ux-yTZY;-o_U>`kNe70*z>#IGsxF=qEDmjoq- z7w+nIJ`($7KpS=^vZFLkx_!3$2*OsL_0!oG(UA8^)Qw$pp7{K-;789-G>%QcZ*0@J zQFSIM*xyAbtc5R{pjc$kAgY`{xH)LlC%(Tt7vre|Nmv&TLwA~`W+b?1+X`^-qUh7Z z+fpcdBs9TGF*T6a)<8GjXC`;kLm z3IbB-P%cNWZ)aK#)HPg?FD5rzgu_e>Za{;IB#`D%8BP4~*{&LpOA|RI<|*nKkyRgV zU`IGb(`3F#*EOJpG@Ij;SpjK~2=)byKGQg}3mor(jt#c9!FN;|O*ng(HrhEz}wPvOnA24!O4^24ed{Yd?3=A761zO_>IaW73Z1*X+{q z;To()W#V2f9Md8r7%1v7^6=YY=!`xD{-W6+wXErOiO>|L9X(Qz_lW}CPx82Ox{3=y z_Q57;aq4iF*Eo*)AT*{~fKY~~Lz~iw55eupDg5-{V&Uw_wYxuBDN~OLRJarf7ERm9 zeORsAnj+p&@UqD*ej6kr{Z%x21QB3LiVTzJTy4@gQ?N-aBl~^xi9g9SQk_u`a%mjM zk`5|KXiLlO@smP_IQ7p&bVk%&B=Pt%_JyJWspZOp9T>z1#V_W;S2pfZSz0{-!l6Q> z!^mCnq)AX#NYyghr`6iSy6j!83{qGYf@hoS5;fPt^}09-6ag7MLCoWuQ#TFVKKhtFM9K(72>T1BTZj9! z_s1H7l2mSXy-e-Sxq@AqMsJ=4^h{XVLI^#ex z7WgFLESgmrlO{=-y^#uQ#zwBumvnq{0S6MwlAMd(A)Cm__uJhe{|!^z2=w4hX6p~1 z?Iumqf~<_p4`kh~$;Tt9<<<%eF{ChgMh21l#bokS#N-w=X%&uez+1NL`#^34`nI`j zL4#q3=WF-T88Z?mMu&uRj5w6UIxG>|fS9dG=Tf$GB9hvtVn0(L&czv$f(ns=i+&kd zRjQmCa*B;iVA+y075Q+}6;$1Lq7O4M`UzzX7wd-_mC2#e(d?nWg+3Ko6k&M-(JTk3QN%E^Jvwc7$_TKTSo?C$K=IjBnS}uf`O!`g&%ym( zTSyM6dl2Jge;U$RkeYJ%Q^=a|-3qs1_a28#OzW*rRudqfH-+yteJnX0cSge1a?sjS8|*FT1$@ zp%TdCBr=IMa9+rf$xg155E}0)VfJVBjpG*XDKQS$1n^x0$zpyqIbE8^Y5+1rE7Z|< z;?AtrSD6=b((@6NET~kSihA)23K%u{{Vw5_tvxh<^uV*GNixwyFz-UO#;n;8CFnd8 zWW8gSvP?1J;WS>Uer=_$Kr;#tjrDLntSei9M%kdFs+Z$5eyRk#?Qs%b*_WI2GQt zP*X#lU}AM4c!t9VRxBbI=>*)`9dBay(In9r16o&dE= zmLg=)f>C(8jcP_N11rd^(yMU99#ff_la}MzGK4H#(>1bjxZ=q!-bQ7(Qz(A0T`?1E z`0jASJDS(y2rw;y3jL=>BHI&Goi1`mAcBh;x>Zu^B_(0Eqo|h?BDuH)UKsb{G${+0 z%cGhsL7i2iTjqk1Uj%74$MT@fmQkM`^jw1?qJkMrG0>yb{9Rs7jK*;)C^*&zI!mXqz#gGOXVH@@nt6o( zbqv-!lZylm4~H4z3fbFZ0;lskgX9b%!y>R50HbB;7Gic6_qt?R6o-hgT`q5=E{}Y{Kt#!r^b2v}_8M!LvrWL5S_tdSKQ% zf@s)765tnwnw`fk&7!W3lp&@@hs{RDsq#D%mhA)YN%W$@j6>zX#sR!W^f-7Fk$M?g zGsPX0y86m7C5^Dkq@CTG1pOA1t`RO0xCas)#*3LXYVzxw4*CWC@klNWzaO79en8 z^jh2!gk&_(DU|S7jdG`6UlkDGD>y3Zl$PUF`tv%5Nzjs@!(ta=5bJRfSbJ9}=qokF zG1jf&7IGvz-@QcMHv4$sLF{F=B=!ZgnP4yy;QxeQ(((!!b_$Mp9u=&x=3fOzk;n%# z)$6(8GZ9DkVw$m2P*$YrGgOQhi?2}#MoXoMsMXZHqg-AKt|*U@8)vedh&q&8V=RXQ z%}|c?a2y9OmavecFhR)KV>(smbTM~0?2SG3`I`JL zZ;2iU9{f_{(M#S5O)_eXNOFq?QC-vbuuXIlBi~A8swQ~jPKy|YlXDm)t(Zi1IIJ}= z$;!|?2(qQdJl@dy=7Fq70r^YcX_IP~^Ho#jy2Zt~E88{Vax7;PgUtuXuj~VR^hicO~;tTGk{iHIaZi zrGU4rZJva&O*viWJb(j@fn6E-^4*JC^Ta%o00hdsLgPH(wwy+q+%$z?;LXBAtk(-hwbCB#YQwZwIrqn?P5Vk1ul?Wj?Z@)C7&ZKgu5fi!fE;NUf3HQR9`PuU8{)uJ@aLxsFQtLOL3 zD94rPQ%E#Nxu&H=1HX_n4hT@ye%7{~U}=<8-N}R<&gatXG%kt~ zP56?SS9en&c(QBW52jM#E=o<4;*}2zb}E>OYL1HpB{{swi;**tTvteX_*sd1g~#Po z$MNi&A*Nh!U7SGVVt4`T$?@5wT&u~RRMqzuq$npI0HOH$X-x!K9tPg|GUEHZBzQX} z0zNxO=Ad<8h2zoG(XNrgom8MM0a3a=pj-SwF42B$*xvv#`1bi^+0^yQBhcvdn;9%o5-dV2l)PyMefA9 zf%_JmtyqYN#93^TV?vC&eoB0O#{dy$z=C-cgJwIb)kKu-@L9@X0%nE#W9Dt7Red{S zVRghISiPtg;XpQ4Oed~NP-K#2E(Q_yc-0QhJT~i zL@$p>o>JZt&JPJ#pBx=1=zE&ooaER^(jGmZUIA>Hhl)2B0V&c2uGrJ02B;9gb^_c+ z9>i%lQ|X1ZAPv$hdpThobs4Tp!2cB;2L4c_e6+27SxEuJJh~@9f}!}5c9%fxQ>k1+ zUUIJvu1lwDJy6mE`lr;ARM*5vbK9X$UHD`L{Q}u6O=JP}W@Ob(f6dDhgG7&n7Ki}$ z+S<9oHD(MDV@XN1;C5*kGIPrk)9r)+P*b`|ypz?_x>=Hh+@M7Ow11FwodKwRxLrQs zkZ*}=fF0rb##SgQaRPz+6wd3C#_!zw^m}SLz^6pIR~8-zx@8g!$yJD=c4ag8CSdkD`+u-_$It|6=dt$)(X~}5Lr&(;V?|ca!#YRev_yq1W3TzzmW9g z7!lI`eOO{OUIhTEEt)+7CuaqJgj2-?us--yEQtQN&}c*D-1BgS5O0iuPf>zv3`7hU zYz)_$YvzwzdvSwVR_c@GidFEG>c}jZp|sLX-auKSStB0J#n|&3Tt829s97CjZKtZA zKCsR07?qH27d#<3dJPT^Q6i6xsHl{Tc5YTH8c!8xm=5h#$nnZ8_HW`-U=}rgj78Hn zjYzFqcKQZoFV=Z1o)wU(GbS3ptBV$NL`ql#`9oPtNFW>yPF|z*TgP~e0Je`rNX{`_ zOAhuysX4zhg@8}=!?9r~xKC3qh!r5-(WO%Pt~YY=J>~p30TRlFv2iLlnZy32HX{=h z38l0q_MYYWshb z9~2PdhB`13jXOPo|}u8JEYkBa0gm zK;GN7(3q-HTXHlq#8m0#c6Fr#Wpqjzl1Q(duTmk*NNO1rkyxwei$*U+R35j-726CA z6ilbkCUGouYL_DlCQ`xzpU8b$Mj0S75{9xhS5mkeAZ6`#u^7oZJ|ST0_Tp)Xg>qC9@C~ zTO0(dipccTHYR4bX5~ReZIT9ene|-2L*P8}V6NQZ^7-x5cVi$56OUKz7?KXOd_g}g z3tHQIh@}gu8nU3&o=+rNGmWL<*3J)n@I`>_GxBA z;!l5CnA2sa*NE9NbB&+e3RO~5AaWr4RaS-KulO-^ZG01a%2G9`>Qs;stTRgM=s@;o zRD^(*(!#qdZW^wQG2rUfIL0DApEyP&B+?jm`}3e9m4nXZX`h`ZtLM=lnj1>7=b}dU z0>-WJ zSvu0osaT|ovnz162m<9@YMkT(c_4xo;eDetkvyt^r5v));jkXSXc3WY%#Ari&n-ah zB~p_c)bO#}=)*!VyH`}fctZ2JODztzu*1AoijornnY@86cIh}xqNwX<=JADOh1xG= zSwx~<3clIf=kQzihns9OL#0Q+BODs0(KBe~fO||0cOZjD zUN56~z$5FrgU1IN)1Q#K<*4u}=&u=`x(xa8ff^q|WK-)rF91(6js#2pbV6x}7e3iV z+JV8V+vU0Y?vbsjg=%M;OGVChZWFjXcY;DLB$v2G-7K5VWpjM&{u|I!a+JvjxY%!t zZjzJl4*`M}&hnH{hpaL$c28;T8((8la#SiAq0mH1t}l=K^99Kz6mudWIDo8iOwJk4 zaqmE0N#a2X=t`71?nDyHBM)1q(2i`j2kG$lNadfJ44!&Stf7wQ0Ina0e7h3zeDx{x zG-z-MH5|BOL-q2?tL7GzLaY@J0bwLRd$3~kPXl(MsH34NbS73BN@{)XVfr09A{iiE z1hr0b$A7MmtFUD3P{}`5|_* zzKd<2EZv=NAVLjZH`JwdyP<#f;qg$QJ~=9#Rho$^M-^}Toh$bksOBeV)^h9C*pJ)A z_RyRb0zD;^vcNp_v+L0$r1k9p{uqWLaX!2i;?MyL0Wy%BT!9q#YUc5!WT5;g0dBw< zz(uzQPY%-37oNiQVX73tdut#C7g;xlkIs+$g8mb2Oamuuo>AFLbBm)eoexyw7SXb) z@&~d^?yVlG(g^JhXOus&I^Au)n#s3MF2m5x$J8&gGtOK1;SAJ58Laa~n=WU4fBrJKq~Z<`B?^Ox%}}GE;o0r4Dch25 zmBjQVRbb(lS3FNJC2>IAgi?5h>h^R0XVMA#Th7>eoXQkB2Q0K9CV!d-*j1m&|B1Ee z!#k2xC9jqb45`Wj(EPeur-)>WqlvG8xR@k%Ri3+>u-T2jeEj|o-+g)brl$I5rs5Qh zp{v*ndfG7D67wE@&Yp z>UuUDttdhFFmIZ%?Zc!e5i=k4FiFRl*el!Jh4Mg{wr0=L@N^v}yDLXm<*N!vkrn5~ zo=WpP-!)lpo= zU?I4jJ0yp*gFsIt=BMm{RH633(Fu2WoXP@92K}cDu;LmS{RULjW?uu7 zU)67O_*Dv_#Ll|}v{v=DTi0XQst9#X1Zn`b$dGp#v%8xYKio{Ws&qB(cpA}4lITUy z0p)FZ8unK3n|Q!W1iXKtYtNWmnRlttyg;6^BX5zE*5EE5td9rX1WkaY0(ez>>&)Wv zO4_@I!j(#1vQcFow7<#NqQWTeC!Jpavs`5JtCTEwmKN8j81QAVf!p`!p;L@4ZzD8f zCS+RBKFr;=HRsIT$!62CF@KOtiKNuF!Y6lsoF)M@pbQi;)F&xVfyAEO%4hb1zAwQ_26lcDC0soIjj(X}MD;IZZCORBBh9&?OWZV}hU z7^px)lo?|Ufq#q$>bm|_s)f~y>TWVE+pel=Q^ulfqCCvIma&gfKn+T$VA+-G?id4~ z$26i=g0UubB7CAF4=^sg`Sm8XPt~Gqqg12l&MKysnYW3ds$E0|skc;Grz<()^_!ST zYo~t!PeUKE!yz#2_NTun<$E4W( zn-m_6wXL`5I_iLZRGLL|D1LAzbA0;K&Fg=E{mVspR$A^P=)Q$XbTk8m9?Z_CT;E1dT55%nV=MELMtd=JOwFm|M$0F)m2wj#P)(@mc<>PHo0n*fu3&i zqSagsL#0JJ?F~>l%+*MHEcp_Tx`6xB;>r*K#)wxQw*Bzb2uHQ7M7d7z{(81Eu& zJ?eYqPhUM>U#zMewc4zGT=Y$~7F9F}L>3&1bUL)!qzc~VCN!ZV?7q#chO;Nd*HGI7 z=BIu3iqsl@xpSr|0&r@2NN37UUGVJm8MbFlZ@u$&UbGJ?FS$XqV)bfOhw@1huqZNa za3)CUEUdbcUI0`hoKvbX+Q;bg>7J!4k2hy&40BcMiGG*lAm=hzOB0~APo@ULxp;={ zS^xg$`03}zXU)8BAudh4m2t68)x}y-K#ZX{*F1Y?fp~MO30kV?7)~BhTy*E^4)nc) zh%`QX{#XpR9cL?L6)PMj;?Ii8Nx1x1y;lojtrE z_F&N!Dtl+nc0aVza;Yno{r+Qn;R3l+3m`vL8w`P%j$eXTvwehW!_+nwq=QO*?Wv6= zdo&Gz)11;Hbt;od%EyDIg)Et^(xfsMm^m6RKA|NAakSO&Lky2wb+kNggfUYfgsd4PtSjza2YN&uI`Kie~Z=Wx2Knaf$rPO3-o}Bi5*;JZJuWGfB$Jiy&JJrU_cg> zb=M(3|8bJ_wUh?j=0V;O$=Z1PUfIn1y33gX95ih?xXpvSN+F4CDP3j29-6oFf*y-r z9;b!FihLC_ADh#c1FMJSDuR=PGk`ZmgO+;_we87UdRw^F`Ihzu97&DmKy8EX&FHq{ z@LF&058rP;{}_Zdz0M25TP`?NV`SRhxLS22G(We&-);7TmXz3Dr>yyQXnb)I#JPO{ z5Ote2jIJ1{HND$8E}AB1RZwHc-6E?eWYV#}Bc8RzM#z=+m<|M)wA%)opbzw|*=Rb- zf0ZDn!afrq?=-v7+?L|>tK<6=aiJA4=7~%%YA7j~T_;I3b{9MBMs(Y}aaLQI;=-Qq zWh?8{)L#+-o6y3xH<5%AW!xMc&!|-NS5RXJPn#9;w%$>#leQd>Ud{$cb03|2x_y8$ zsoOD}DWM7vMQ1K6e+n%j$&Z*v!9r^WMDA}hK)ustv(L0}pZxjH-+%ns$BVoi+I=a} zZ0io_!It8?JH6f7xCvVS_{Y1uj>F;EGOo58%vRfy56v4cA(cj|44SGN%GiSz%)F=!^1e{CpL9OvhYG6EnZ_fAp&^3v!0<#p8ADM+MGxB;I~Cw^WA=^T8AgF z>GrUsaw~2&jte%`PMuyE(E+#RoO1nzycNkiNa7jr*p-g{8fgpD)|LAHhTUvCZmve3 z%C8gr5mHO0$om0{w_IJ-c&d~{4;cq51Qk`1$BN(O*MvgZy8;YkL3&Rl{jI>c_{N>( zd{6HdwEi0Wa-ar6p}74S_jqEYixUY52jxmYtGKBCe{qkeo@moJ4J)vS_I{#La6juG zzcNKVHAktBYWASM1|35}UB*;@po?0l$x1|mpVpKloP-Yo1un&{kS6qsD*Yad|8#tVjWR&B&!1kNxG!56a3aJ6-b z6?sv`xNz%R7%PyT*br@{cc58hu|rhaYRG#sg0om}pS+xtjNg?S>6y!<4@u{0rjn0GDNMTdpMGr{;C&bQZJAJ{BjK zJWMBD`>+4{uYQ#hjPdXPTol~3j~bRk@gm|OhlFd7`?YO|H$MC82VX6#B5>h$X=}?5 zsTo}R)vx-+ZH(Xi?eB42^uqFjwZ&6NhiAdH$Nkzi#EXxAeB&?6j5@U)Dd^VW$JK>v z|LNE0z5b*Ac}=Br?;teGS>@rdG;r;4zqSqW$KU_$Z=bE%_*#6c;=~k>yNs^UWZ)u= z@%FzT-ddidR^0?VeOC3b(QxfQ{n|FfAO7*_8)cc#SS{vLCuuZ4%qLyL+Q3z^7=L>| zEXil-vw*<4DuVfg2s^I*r(fHKh(CVz@WpWm6`Vq6q|iFr!}7wl$Nkzi#5XT~``0Be zthA1J6z+qrhg3bT{i%Cxlj1wk4uBD{i|Q2?DPk}d2`8P${J08 z^^{Vo!+yoJ|MY8g7k_yB?f2HZFcB?9*$d^4n)Y-J?*v!3K|cTVvwu7+gK+Oy>jqBI zA6_i3(fYzgdY0dP_q*R;tWoFK9&KsAtWoC}ZUk4iLEiu4@BZ=Qn!r)3W!V;3H2ioZZP)(OuaW)w{?qr;GDHvsr=`p}9!2@WiDKk73MJ<>yEhgi+*hz;=j{B%X$|nrHY;6iqFRxrE7Qn+BU@RKK|2d ze_eKL)(R!+!W65A2f?+wevPUMAN>Aqf zdUR3A?2(H4Z6Aw@~0oeM`78qTnjWVYtQPje+}2LM(N@<#%Dj|@0UYGIh7TP zxXRh1vw>^45nSB{`R(sseD(3NMl<6UWucsFJs4wLqZ`3RS{?bv=U=ZI&IVKpc~Z$7 zXN0c(r(fHKc=K#y-Yc&CVq80J@%Qh4_ukq2VkKb9>zIt& zk4L)p!?NX!aBKxb`rv(XsUDUp{#6?1|b0UqP389tBCx_LoZ69>z5?<^TD+_s)h#S&z1TQI&|h1*L00jBDg= zeE;Rg=edwUG^KGRMc(IvuKh5sku&@C@BeaosoWO}iVE%vd7}A9U@9aScboumAeTbKsN;SSXB8LhRd&u04!voEC zVO%?IQC{YEe}CR)AtJm;+^M)91$6CUT%*(EjbFcf_hf-B*HQzeVszRJAFll{u93a? z`u$(OaXttvq~8yMDmwD8r|Z(_dogQ z{8E`j#*`bz)o#J*+Vkhn$5jdqzW>|jU!466&n#v`_;~W`=^Ac=t8^ZH_t8Jk*cHZn zz)e^PyR(98?Iv`ULZvs~J$rz~yJ{5N6~}il2d@2`Zi1_HB$ap0?yOM7_^FAGfM>#}$%Mz1LMBqm z=w)3rQClWm0!JQM6KhS^hs*Wyc=`N`&;Ix=jY&8moTlCkJE?U+=gpk~7gUox9iQb| z#zpVdA9i#Z%=m&BM4H}1Y5Z$r%ucYb%R$vy8Zvdlsd#<7)UV(A^A~6H zHQMMo6KoGs=-Mmu8g01r?pJT_?|^D`qjpegqfrE}ud&z1%U|C5#@zuR6+$qR;2n%BW^X?Umq{;ejML9C1Sja9$BsEEic>e z;@ZQwMse~-zx~5sPWwQz)Kh}&rLSs%xiN8ly!`IdcfOCOdDgbD-2l-4d4(qR8H z@mgclvrE=e*{FcYw()EiW~&d2(t-xy#RC4KsjTIt+SYSN#fyNh%LwYb2#y(V^!4%b zUjEge(`n8_^{7rZE}Esr7Q*%M^7=RLz5VxX3P(p8CkmeIk^k1INfK?F5;^N<>}4Xr zIaEe8N?K zXmxDc_uqWu@9S1SEFQ!qiJc%8G3lgq)2$toER|aHw>UJ~7%9S5Yxd7-7axayKt^TD zMM5!nwx7@)646)>4Jv0wo|HJNjbZ6NA+p(n=96qtvD%_rc-VBk&D++zH8H!4>J*_5y||K8pUO>Bxbv zSM%$`MIO)bdiv%s|GAy5z3EJ7Ncjcyq!jeNc16AEcNjNYuq?@8J0c6UPVNiMQm3Gx z0$p_MahASi-YsW$3LOCr0eCVb3SrgZQ~d2W@BQ}cZSuh>MNkFMjsa6hH>bt+yU*YM z)$6;B6Gy-@^)f(s%nKOqL!)->KhV!guMCRytp%L0JZ`gb1GvJV+)x3ORA@i5L0%s( zpZw;nH{aQwpf68hpxW#iJUGB3Z6KfK>-xX{+}6%uPnA%N2LpwqW=PeX;QgGVb{GkU zAL=<05|!7wJp`OzLW&X-D>Xm|@*s2+-A;b`U+;XsFXp}yd;~cvwS&TOPUZO8(giM(JBJekhMLm|j9{@{;q zfByD97!5FiA;3m1X|Y1}@HamHkN817jUS@svMIYAhP=-NkM3lSjAqkqO!S`7AtB^$ zZo8Y4$-T`G7lruC5zuTeYy?sg^a?Dld=QnK)BpI}f4u$X_PU0$i>1!+7|50Y+UM;l z#Nb@IN$6TavkMRf+Z~!AInv&}Bzg$BJfJ1Gcx6uU;XyGbLk@c7+T`Z=(HF4=-R(M9~UW|`u^A7o)Veb zde@L4#>d>~=|l+|&;Xx$<<_Ur#uLl8r|hP-y+zF@E%#y>U2BOSx{CbfKfeBae<%J3 z=KDLT28ySm`O3#me*d@czxmO&8L()NS3++aF&h{&@^N;&@$wHPY|F6cWHNjwL0+~6 zEe~NdFaP;^`TUdZS2{q?LdKqh_~L(c%Z+>fBa+nslIVD z1Q&Q~z@-CJD|7v^_3kD6l#mc_>wid(Mx)=ZDw$Lx9~7Kd%?(_^)Xxm+IXN<9NO4EJe9iIl-))pWNnm2?>bSbo5Brvx!Dc+ifz2G~3 zWeyVeI9vfUZ!{<|=P%&C=+|r+c)IJe<9t4iuq`ogcvg!R<{Xqps##PA%aEK1G!wqm z8szN(;uZu&o%bOu_~Z5ibTf<(x{8Q_A;ka^2oynmyI`PX^eM_U0*!^>~R}THy7Q>sV%u%p(z5XfhJtlhd#jQ0Uu_B zDiqK;vd1}hDVG=EH_2I#MilN7H5$Yc2L@j#B?Egt#`N0PUlKJCz<3{Srz?z%h~RoC z+0IZ=*uZO1BBLJd`8>H2-D(_>0f}@b!l`a>yL{A|5Idrs(ivsr9ExRy=BQLT3(> z!&Q(fUK{Zga91%$cI~L&@o3XSbVK-^o-j7y*8t*-aGuPODx*058GD(?$?_6jXhokv zJWu6Fn{{11L(zkwNof)VN=^Upc>6&wRinlAxmlfn;PXHm7=!xI_a;lRzG}_up{)nZ_3QH7@JaL*rK{YkLAHi z!x)$(P!7pmfbnUp_*H3gETCgAl9xxlU_ zAOR#~VAmI~oKGoCDNzv1BjCj}iFP8z5`leGf-B}*DW9i$+rHu+t$AVGiMr4px1Yd` z$--J3Qn)Sjp|7v~IEh(rE%jpR4Dv*PW|<}Bms;`@voY+A0quO-h{5m)(@(aXm-?)B z#W;1>dCrJ1;2>!hiAeTuUw;1G&u*^PE*E1c^p%w|BR(YbpyulfbXl&Ac|kc%jd|P^ zYTuFeRrXTF2lmpKSJ_KrU%UBJL(wCklqZq?04ty2qbvTnJU5F`#>uozOCUmGjy~EISMl7G{brdi|>6*`TBVIi`ays2!B_!!X``q>M=dZN$ zPw+~Ip$V}La6+l2$PNv(H(6N55(yrUb{Ke-g;o+v0LIUQ;ux1Fl~-- zXF8bt@e(y!WSB|x8gY4PR#K7+P0evn7tW9lmmo~0Za&K7d4BKU=qUhhkvp)6yc4*q zY*hEYI7A<1M#Y#IauRYYA+mel>vez#eP~0OY72I|>gzpkVZ`Mvo2pSjsHj`^eh00k z&-TNcuVc!>3TR}Y`7}1-x>!yxL{bl?H4oHSf>z9$jvahOFDmgrNd0ikH&OeW;ZjK* zTC>ZO2k8mN?2sgA2|EKx-q!r5suWp%c*k&tSQbmhUF-Ex5J24?;~2}Ulx3i$8dYzC zN(E1$6g}XpbShCFq;NG|&x4=kTLjUZD#bx9BJ#D=d)t2Kw@YjV#LGl~sB%|x2%;)| z`_+x}wt&YLn%`g$*EXG>xMEvVHz!Yw{_PG&6zNVyjo^Y?_Hdl%DP3=yn&J6@oV0ln zJXsW7yWRztDuvUU>x;c-2#^!cl&LhN|5kZ951SXGNxFl&CruFah79#|TQQo~osx5% zxx9->=!5AfJ7=d5O5Ps+NQo#i*9t3*vMJF&nRcF2vt5xUm|90g z#5$|0KG4#o!AoE3^-7$6WyT?~V3!G3@ko{l8K2*LIio-=$b&b81MwiZwCTJMrxPIA zJmJ8jYbcdso*r6r9;s_@bXNxzrpToyEs>i$eaJ>y`UNW6Bw@fH=I{D97EPZff>yyz zW(JYFnXBBWaL+s_DVM%C0cJA?3O}FDW-fDL3J_Y+=|?0Q1zRN-NcUKrbCx=h`JLS| zs1_}h*pUveNcr}z=pvK)@F(AAiOuK1X#^u_IXf@5<6sZekXi!KB53_8dzrA<1dIJ) zgs!yk6qDCGBku-G2oA9buyXV3`!xC6)|^~CNz1|zQ z&uIQv5Lr-@3pI=8uy9t3Kbf@!GXV8%n)Mi#ybbr|iCq&i(5N&`>hYhZ9?MT)!g&n| zBPVztJq$XI#q~Q=g zsNg}7$3s?`m~*1b!L)>|tp!4AOlA-L7tXbz&nZm`x==Cm$t_XA|7Yap3b5PGRi?IyFeLvPMLeu3;R zOWoxW0v=Be*g5#n5)?_FbkVmRgkvO=sY7dAtLC46e z?4>8StEj^s$>ZcV52d%HL3-8VL6Y!6u}QufK+cT$6h3pEx8 zTXKbNljQO4EEm+yAW-g0eVjFO*PXdBFu@eLIlSUuMd`bTVj(ye*8;gi9~TddoAaHy zG^IT=ZGdbllIh1x@asLNW8k?3TpUx7RtAnCSb6VVkMvA~U`OOW-~dw&avxs6J~9IO zi!z0K51t6vikwVQ8zDmwr`u}EUxCF3^j1cvE6%$h4x4CvMEpf(p=ew<&Ki4rpH8Jd zU`t4_A|T*n?%r&STp0wT8FCR$fbPAsPu$osT~xQRr!k1<(bol&c6;1mJ@2kz6BnHu z?rH2oHCB~$IIsWTemgR}6afj4dWA&)%4+)9+#6Tx^LwW>%#lE?mPxy)^2p5Zh2oR3 zh#d4Llf8dFRBx8dk46Sua^%B1Wyh`65-Iwm&!=Ff z`ZCUn9 zgi-Rfl`gH%*E>13UOKTraw&w;5Q<=y-CJ`#2Gyj&AgNYsk*_sep2oyo0+(OR#05t~ zjMvAXOnP$L>bPX>BZO_aET?;C1ax$NeVi_u_~u?kn&SRZDvwv&kxh=s<9)?%c=oUA zuuzF0Dm+?EpjD6c{M^ZBWNA|F;gB+So_k2!Y9R5w3ki7eefNSF#N?(x4IqYv%l^jZp73~z%``2& z=*;8VOL4b;J3zD?!HK<@Jffq`9->~X);ao{?j{H`qDb=cuaLt0LZH7cRxA)KquE8E+Ehqg5#eU+Y zYv{T84t*tMqkBtbEN2Z2SZXE(Xb;naR>XzVkDv`iwJQqRkXB|y>_`8d!*vfQ@e=p2 zbH3skp3YS?!`PdCewDLO+Zx?GN-^Q-)6O=9Xcm@4=yz%~()3&e9&oNEioT;HzgMWF z9*Bqvh#xLWa_si|7+!t^>sk)vbBNMv#P^deR)qzxEP#Yz1njM)`Odn;5X_t>_#7cC z%3e?p((zw(kZ}0RB1v1p=dZC$>TJPIDI zS=Q;b*X}a163P-`tSK$R<=Jq4Z%(6F?6sovBG9j!od1>W78Ze{qf}c#r%36sgw9Mj zGq)I-9DbbX$iGt#5kabC&9WD*RbaRCf<2)SfVGDZVW8kFrMqR+?)UW=mw?exG$zgN zd2*HAV!f{Pg*@s5rpNa=H80y3;qMx8R%WMUB$S7vUM9uazpC~Y3Q_`zzbf>&m0|du z03&^m%?_6*b_!A+#o;prM#IJ^lPvMhZ1y}UR6Myr4vIsX%NTig=Le;hKv_@}eyk$I z+RZ+N;$vCjzD8wS8P)p=(W_G67Y&B0gx4wF*-mJX22Y=haXBHKyE{%@7R@x3D&Q;B z@?o{^c2piqVVrodP{$H=C~XIjXi{;-+CgGT%UjlL>r-Ug883nsV+Yqkfi+j#yWwgN zAB7@O2%#ZI>gdH}=Fe!K^X|~3R@5+sN&(sJchTru7Rw^}Z6Fn>Je$<2Lfpr<^z3HE zD?-a2Yu!6W+{GsGB-ISc1fM5LqRcM4g*~e6mYlKfofD*b0O=-o}Tw`Yk&=h$b_j4NjI*SE&aX zziO&XX*N;juD7k7DxQdXRr026kiUMQK-jl8?|>6Qm9#u}e^;ZOk(q@t6`5P@%?7O< z>7vMaYvQAaz?&^rUAJ40%CFY|h*3UDqoI+R>x+e7`hHo_rqDzSQ9vLUzBvwy@Wa3P>L1Dw-_Ph)8CG^uIDCYKqUGGyizw? zvLYs2prsrD3GS3^1)S=V)8}E%W$r1MFDN@&ZXO37sjAvhWXEbb?T!|@!^%g^CWUv2 zs?E~n_rJQ_oggV=_hOHkp>#Wqg^#S^{NaJlZ6Ud)uBimS-Jwa z=J0(Szuq3;xo^yqmn2hpZ2Dct5gzZpK+bfY2FOvgt|&cW6kD{)xk|QNA)v@D6~ctJ zt|z}u($`Pk@DnD`14@ zgZnN&`~^=3sH+CSQMlQ1OQ0AC@njrM*B6UQK924aFo5hw>#Gx$Eg3^*)3%{UB_orS z4gr;qTT3iI2O|o`v?Z2 z$(jU`LoO>0r8F#a_u=L8)9*pkIW!DIiC`k(L zp(OQT5(JXhcLGUXq6!`SfA?)M*lVZenPPHihjDJ|6SNKu23EXd=iu z2&CEx;r_!9KOfV6iqSne7#UgMQsm>T`S{aNXS{s)mwmt~kO${1nv=|(p`JrguhLW< z>ixwsm}9vA{`3h4$k~GFA2k%i1;j?|_Ny0mx&HF$J%-7WsC!u`mY9s7xORmfrCl)B z#=<`LfU?q*`uzWXd~N)3tBer9O@%Id!=Xs4%Vwg-e&!6c>!|osl#@?}w%2`xgczx& zM03_Kp83Q;>KE(nc(tIh*YjWp2^hJWHH)**tm9Pwy zg=Ap>lAWxQCFp)kNR!7!xFes#4eGWT`xMc&4oKiLiHC5`#=`f9I3F4!5X_t#z>yL~ z2StbNgc<2_Mhd?XGQb|El52DpPd;o?OVPK012vMk-+H(`h!})L1CYnMb8nrRv8i7P{$^URD8+=jpJNU zG{9|}-=Z}ruWyXi1xO-OtDJXnM)j5L0mPuVu>hrVIyodAIg~TSbLF5)Z}!yQb4Dpq z{Bm#hR8>3g)?2M=2<*Un!e;-f!H2XoJ9C0j2N(KNd-H8g9(>%nvu8}L? zq9LpO&h{{nmx*W@S_?5(U_3L8(qzyAv`|CQVeO&#(`YMFv(`^D1tW`|u%e_O+NTCw z=HdF{mkj|K^@lg;0gA#*kspH~NB74VF$wHZ3qpLQ<~wr`2rVaP2v-St@6`)2zPF)w8>2vf40coz`siI+}d3esy<`{ z#bE^|6fnrW^Li-rFpy|U+H>58(tAi>+^dRdv7FLeQ?AE5TDmUi_5yD_v}sEuQl`bs zJVq@$J;-4ALLrpW35G}pW7+AAM*ha3-Vz9d--zaf&Ltx6b+Y>dkE)_F z5`7v(6@-bcZP#gYoc*^Jw=cvP19S}aI;r0ur7D6F}Jt4xuaActA_-8ULN7qDHGw>}a2mx*~gM_jWQ%RW>7 za5u-}`P87H%|M?`fJZJpb3B0&GeyI>clX}jVDO?$dWEth)e~y9C)3wITPdP+df&m7dnLFjoQ1N^VSF zh5bhc5VNgW$3R0&CQvw$ZyNC@z8s@%D=ADtwo06-RkigCSPX_gQqC#ca5l8#WkvuF zLI6&*F3Vh)3_Gh_%G}?C4nalB6r-| zmLi~|-=uVMb$U)SBdSl7P!TbpI!3gFch5?yix9%KqNA~fG?$Pl^~9US(U#jzN^$I+ zJ|QU{9`fZMlDL4B(kh2_^>o*-P;~Cm^(F!oK~KbMqfZ)WJx<4tr{qc%=`N6=rB^}c zA+4A&1|d{@VkDW-TcwoB?|>z+o0GP1atQr6`UpJzYyriWRwsH0;pL=#1#U7ku!h=u zUfhfhQ1-LL^Z;D95XL-l0#1onO-l`1pkVnpwwr*yT`J8j2sZ?(zagjPtd^!2=Wmq< zMTCt_4O59~e6%NyN=L^|0dEO6W%^^u+W?V3Zohk*V6>5SxHr|0N`ks|H<_dUUCmTR zbgoWBtgx~C^ajutDOQ3#C^Mbe>Xs1oHi9<7IW--aH=GS8Bi<1Y+?u$)qkdil1(XI@ zCn6Xsiz>HC_Oxph=yP(1XI0Gpul9eCvnSc68X14GetY$kutDtp&y}XK21KsHQ}pgUnap27iTs> zAwrkF1!>hY_A&uk?b5vkIGQR7%Fo~}gv4h(&dA-E1e>S4uE$ze;3{=m{tIhjgq&?q z+$t2^$wp{fesTiGQwLPJmB#{U_^2Z;{^jjoHI+>lQB%o@zH6)Pzt~NHib~b3dhdU&RmO+4fo0}}#E0V6Ln_gp- zs2s83XmF|6jRTWXtDVqqoS2+hb03;avbX@!nxrROpqPB}=f(~~H#*pdESS2OWIvfx z8Fd3j;lEWte1PfFa=!&(gMc?60incJD#JAp0aMY8wp| z^j#5yCfyS_o`N^lo|aQwub3G0X)PBRyTAY zXuG@hI8(_TArujc+X4-$=DsUa++3829vwvU);)WV?Cf#U#LYu9g<>p!% z%bycG8XYXw_r4juN-2q@@a~QL_HE=X;FTl@bnBcL1{`5M!?qGTZEo9l9^Yw z&MdEZqkBbOlr2e*lJ|pXI0gzW^MRthhCOSF>FqHt*UR?qV7Q-kgr*m0?*ko$?ndty zzj$T7xp6Zzfj>RnYZ9|nSE198c4#fTF3`wr@B(^udJ!~vI=EIkq95(3k(+ONkVbIi ziknIbgKL~vcXxCO=*!2L2@qnKGwQm^;N#+JKmNF?ODP%HYd?M)zWmvD)IUyaIu#fqi2WCL_R8?QI zA^=!&iz5ae9arG%IRwV4xLo5g3P=}VC6c$RByWBaENy=gBqY3Hr|F;uSRnxv2SgyV+KS!lgivEDo1HV6?(fMH)6J~UK^TfNMa%R> zl~$3W!^ORP_5Z#U;_|r8I1jmd#gx1!gq?)Gjp64d(zq+Z6UUDw(sT1h+tY_pbKtBt z-5@pV6x_9J{FoE2fCcp=L6$1oHB)HcIej=1a4MmT#XyooidNsbK3v9Qj*ZZ^XW=sh zfMQ6rZeM~{JkG4CK#c-58Q!WOa}yLhYq6OQ!bFW+p`>-h)X52Nn0#>SfmdlR>^9)O z{-myph7g?T4E_b)unXg}oEtkUR1Jm3s6yeIyvCRaUXtx8^jU1@Er!ZzpJ`zWs#yrN z5*U$H?)bQU>eAumO}G>>SW*QbdNllvQ3%iB1?i^ZTP-6cAGxgj|LskWUL)Qr0gE&=ONIB`Ud2?zCUtA!A~u=}!#oAPxIDO+g^PLnu05d1Y>fAUws> ziua7qWn4s~j84cwtLux$h~sB&?Z}|Y1e8H7aa~GD?XN_+Joym{HT?y09X<0WlObuE z4FR*lu@R9rbGor=>wPwOGHIa`F}hJw zK)@~Rqj0qm-#;!rSqk;;)9Y(ud)zJBV2Xkx=fw5lBA(g+E~H-8ef2=6(gu*ppX^q4 z^W+q0{3bJQ#MuOx2$CZ)zmSm#6fHf!*kwr5MMya@lvK5K%{e%|z(!#rvF@T-u*0eK z0*ntAI%_=bDdU$iuQOsbiSx}E87GcOQZ$QlY6zz_$E(ouxDgd6qmTfcw`%2>5Czv+ z%Nadd!V-CYdfz-Em&-(5tcD<9DA6kJqabFEvFyNy7d^!9*!lEM&G-RGZ5LuQPR8rT zA>ocgwL?-|!SbMlV94RLtQFtd8;KtXJWRH)>i*IdDqRc=Xc?fD)UuxYup=;m220Z) zKF5$4Qu1U(B`^_;LOMwyyUL=OvwaAO2*8|%78d*^)8_Kd;xKV(6=3LoX?238YcvmT zA}<}}-&AW<0Y~h~IC6jZ41IIALY)A;j%kv6V|g@2+UOT^0O1?m?AJWgqTvgeUxBuX zVsPiwJ_e)QG_VyEBM5GI(&qMb*kgtE>7YbZn+)boPbjLNFU_DhMj5}{&f#ec1a&nR z;v50WSm_QwIGb{;h>X4odV-;9r`lx9PY3XGfIEv*C+?`!hg477N(8Z_2`Gir1q7_w zV+4J=p ze8^ae+>mo~b!zWsrV(w3Er(>&$w8|?`SaA6n-LII-eR+xR>QKm5*888G81@7ShKH< z62r91+yjvpkuT*m`hBR4GrDnt1(3%{Z5sOh9QMFO zWNLw_EHCTcoE@G>V^dTS)6UPgA`8D6#&8Y2k!;ga%U~Mx5BbUYd<-dWDQXnP^bAmY*U`?r^9g76gfN5v#G}606*2{WCjR2 zJX%zseGC0JelngJ3qEMHWg_*e**Xo=&|)UJ2av>rPQVt~4E6qO-XhU1>~g@{MvJdb zi)ogJ3OQd|$;ed^;9cwuyHh>00g3VL<2g- z8z$8i3hBgYX+}CfdWZtD6vkkUB)`6x(o!!AQku#DuP(K*)nET_*Pbdma!_65Vq@#h z=h`&+rC_0+Bou>YlHgVGP1vc8ZQO%s|Msurzlern{z9vyj(gJjt|v_op^FXFtENgy z3W6J@s=`3bP-~@M2rL(rKK}aJkE01j z`&0yb{(qNGzxu;J|GTNL(VS8W6qtBpmTk!iZWFV;K3u-KJYL?2pS>6MFA9`Pd0}Sm zyMnxpi>%3Ce(=#}6%uL632A6adz|jFZ7Rhlu!+=tsIZ+gN7%2HXcw(|T%+=@Rk=Q1 z{`=4MFVG2XuVDm98twxSs}5`{AzvRaZ~x|__}*z64B|am?b2I--4>HQzVyd$>IbJO zfUpHiY-IwaV!diz>3vM24<9M2YO#+glOVbS(myu{@D=m4~t4pg*BA5_nfpRZJAV2b974exAeMkzHJ8&UC=+ma{!?!pAR&`l4!bY1fVOA? zIQkU{@6vWtS`&uYIppJPHZzozEh!u?{#Sqb0+NOO5l5b{@vw%&D{FOQe6-v8(~Xoy*87AmPl}X`6A6>O}=iQ5=WJ*hD<0)4Mn#gPE&C36ev}%(`PS{o|8& z-b2|bBhr{vC`SN(lU;OT^y1$p|SZzv!E>^Rhx48Doymq{pkAC;v zU%%e(p=v%%7}0Um>e!~kMc4jqTsv;@+uyuZ{_CW^s*7m^;87X94FlKyZCpEU@&3y% z|MK=}6p__Xw%?}z^9l|7jsN)7U(#twddVaxm$W^iPU_h<)@@3X_|z-6K1Bn0^Phh| z-B$~3vPVC76nq;JuDvp^9ryUdf4%;@*U$42tRbI@OO^M>!nL21YAmiEH%TAW|Ni6d zMQDJX(4dz5f)(Q`*X!fuqu0ND=Z$S?k8Eq}pBCgs2uOM<*?zxnY8f7~|9n1U7q*CwAt2ZC_<@MFHLU*zvjKW(^j0`kDl+I@l2wf56=_4w)U zfB)-${QczCW%&6G5UXrn>X}EZ`*`{Et#|(GWXii9A(x92V}O;kQC@cy+V&=?Xse)c&OXts_t7^^hc zDO`F8v}PBXRM4A@5fYTv^CWH$5VxS;vA1qSk$`$!KWQMSi@QE!FT)~Tz(WbbKmWfU zUz>zl2n{}5U!G;jIu4Gy&gqrm8{CWE3)ACs(H|Wbq(`gk#dYo;dlJY}JtKEy_oS+R}x&?KGB8?K8 zdotib7O66h97_VN3GYp@EoNOYNlFy2($7AxKO52Q_12`H&wpM7`hLhiK}L+n@MPM@ z!#HYEuewYhUL$I8gNp0vq^Gn}#`~t0N{Uf}>Dugl} z+9Moi+k|$2My#OEZUzGkYD|LWbvLr_AmE7b6@cA%* z&3y}qITRrpQsbWRd>cyldS$H0N2?&U-x;}uW?lwt;mDeLo_SzMzEC3~P= zNI`RSMsi=SFCZ;L&$CYGh_3-St(1f$N9E)&qEFM7VQTi5iFip3GQ1D`3Vlu&niG8pxysSG1*` zylS+>>H2U9ohjkzT*eB{9JH%xKdWdumFtVw+S-sz*8Bh46aT3qawjXl7++KWw{uC{$$KVhn-}qN|(cR_*MBfQAYd%JtsZG=-$bxP|+V zp&8e)d~aw|Jeu;ilKfLoa1_xbjmIpW5HA&Z1*@Y}Mc+M4wypo8lT*zWh_b>2V;IJoM;VhwHxZU~wp zWLD>&8`I!|m^GkEf}IK#Jl=enxp@c#(am6$NVtG8f_J{`8w)N_vc=`PFj%9bFe}|; z)fkTu?j(T}dzdUv<_93`9Q*@VMYz>YvK&JkjT*rlJ!8g7OK!D6PKxQ-*M4j@S8;998Ud40qqD zWohp1ssl6`2!j~yIiV63UG7e#076)y_pE)GWg%%Sojbzdgi(bK5E0Pu z7NwZ#eVUaALdnqL1x2%YAX;iNQp!8>h|qb`&!Jo(sQl`2w8+QX+u0KP1OXdH+8O57 zAN%>0Zt#jGd5WOKkT!K5<;{|k^&ei|{_W)jWX+Qy70PUy=GWny$)pyCMQVZ2<_^#yor zG{xa}j;?`~S1=SQLx{RIWxBRLY_w1(kKN(d0%&z+pi)W8z)RN^6*Vn7THwmlA~CAM z>Qd++TJ0${g(C@VQwRXxOS)uPrnM9TfE36R2wN@2O5S)un5pT0st?Lnw8q%TSz4Df zuW$mr^Q6OSGepwv9taiGQHsDJf-o(UWI>#aJQvwc)D4KGEu7EH#nYE_KJU07Scz@A z^vKUjC4OQ_$J&sz$oV+G6gX^y>W)L{)ACR+;nZxjPb+>$J?BVn#+(Fxncx?ZKY2+e$2J>JQ(IP5cKTf$o{ zB>GG%ge%63^FcY*VopiN0OgBA(owT@9oI7CDJZNCys0WYG0lCAjpnL~v`qoqNd-zm zC37+~a3Rd$7YwTm-dmY(tmJV9IVdIRh1y&&0HEwoe2+VLJ;lf+?P&>sFQnR&W0OD{ zKt)NbUpJZHd#*Lr2`l9QSJ^tk{a7aME#y9N)qwcRPC*{-NqUSPF%C~ta@e|zwg#=} z{~Da&j!t*bX~e?@9q&;#bD9ZWT1fO#IAj~hS_ye)eL3pWOO5HamZif|@PO4N$m5V6 zeg`QAH}Mz|y<1n6RYNE@RgGW>O{>?tIgg~}LXk`1Ycztn$0j&^JNrJ$ z{tQ)R0o^%Q1&$H+|cylq!!W-*#S~JENDDe zO^u(JK(IvTLV^a@!JNL7c%zQBzV_pfvpe?b`x}RqCiJqV9>60`pcPu5eBunPs0hev#H{r8*IhtIzGzQeRe*2&oNng!Q3r#d6 zrp;#d=LjrpUNzqaGSWGywei5v6%2AvWsZ@&HkQ}T>~)~(Xa?ybZ@|L18ObsJNWQoT zU{pxRiiVzq#k)9dXd*U{j;*RO85!Rl&Drgx1h|xgolXck@gxteL@=M^d|(LBCUOwt z3uVw6-N1l*UicZpQR-@??hC+H_!;QNgPLi^*3xHDR}dE438FR$amX<`g2 zvWx!6c%mhp2DC;cmqetT7r31~;XV5%aiM`(DYJlFu?y__;`!zGzq;&mHxG9%X5vLs zZ*!oND(Q2Ik745|)N!&?b4VaKoDAuy%@>MrYww)iOTb+zNx$8zf2v(SJJ#RNmeAUc>;+B`>QKmY{&70$a-Vk#`|Jt0crKh2n|n zrUJ8oQAE^&l^u+-d06-WJgnD#-0@5p%>Pgyt~3OP@+lsUA9>(1YCML}vH131!rVbz z;T}i8W%n=PM#OvjxPDF|ZHjwRJN?GPf=5^oSbw5+5?+|g@j89E%Cyg_`EvLJ1TDH6 zPd2QH+amZx6SdHxCwd#rjB=h+hZL`iSD>N-BeiZFa%h~vhe5!*Fp5D<-%uGu6P@Y9 z|3e0E8CJFtomiY&b0m3l$lqisTY}^I;`xRUWx)sFR2|oD!|>r6LHKa-wIBCiZ>x!}`u6IP7dQcNF(>rR_>|GhgCikSB84 z;dE^slp)sr)*QW5T(z_Tir_rD!635EInSVlkn}GN_PP=}&&BPT0ktY|fi`Jg@N3v+ zeNL-GS|(t5WDG{Qb#>s{&!3NrukD~q9cosZq`0k)2vI}~rrpmn6KOY#xUVH-Fa*MNM*)$_I)FFe4z^mHbR#&9W*wFJfyo)go z0sas9-dsf3N@7MJm0Zr6u5QXnQHH@67WWQ>Irq2+O`xB5qPf3$XPSEns5b6P*%W@B z{QhJE$B;cpW0A!69E4CToMvBV=OqBUA_u!Q?BQAig45Nzvkz!CsC+be;x(4u9|_An z_8Nl{S*8%ALheJv*pf!4$;Y>jAI;nc25fc`5-9DUO`)@|#26V&ZH`iF)JO^{$^7ulDI0yy%qim8sI89MsLwT{&uK1*TABg=wW>Dd=iO{BaO?fVdU70=(GI!cgveymnronT=wJJcfM#8WLXFx3+-&KTL*l5rM49G2bGB<}Ht<_2KwHiwG7^o<7jh0gD@6oYQ$7 z&tz?+a%7-D&k`${YWx}FH2TzxPq=-U32)R`st`C>LU0%HM z&Rg&P$FDxw3}gjZ%Ts0_0uxc$VX3a$JFp&k7BJk?tFuWo{|}7FZ9F5n1|Ty8NlWYS zG-LS7`2$KeNjHUBiD0o~gH98}_zLnwHah{a=SijGOQ7Yss3qF{8F(;YPXhN1cz3ys zU7+{LRE<@iiNHO;4{c}$UtCLyksR%2NAZh9lv%By(@Zg0(M2z!IecnZNM9(rt3pd@ zZ`)DagZzFm??mQoe)VyF@MqM(Yv(m8XO&}&bGfH1q6zzQZ@Ou7D@}9gJ$qbqpecx; z%!BW6|EC+UXS%td2AE8Fx1>O@aL>XJR!$@PMkX^w@NS#I(t~1%N}=Sq{@yC&Nf>Y> ztpQ8pe2Anno>4>ziEBguGf9=CxI+AS?0C#k>+yJEn`2%CY;tbJN5Fgr;-8ZQCE$l@7C;hqLXv@WP0o2db!e~@1#Fsa46ThPVxP={axb#T zBA}I8yEtb4m?PTGN_fey?Lc09MP*dcvDYf;k8Q!A6)8i3&NaSSIS!rU{mtW3pKw74Y zXiFliX~;|S;xIa&ULG%B{PWH4zdAL!Gf@O`9?CGir9g4*XCEOSN|#^z@$vFi`sllN zK_TFZ&bIw{C)ChMACCSl=85=#&n24_TN9RPKguk+#H{kks z`O`n*=ii{C&DnIoW>ZRDD5 zX%r7!1$f5I^5qfm_-G1Z#VN3Jb zIOi3;7GBjcRquTI{Wqtna;8XR*9zlxGdsA3L?f;eMavtXejWC;Dgc6Lea-@cd%~$M zICp)#eDUpPe}8xXX{m%liciVx*p_O;wdc>r#p9Rj-#&QfzxNgIotZ!$P0?-uD!lRh zkLAfViZBrsUjf!05jtG{*oANW_3e*NWFe_!hBBV^N^fJtHB1k#6646<|MScLSa-&= z4mnWN!%@+nz*ARvxjtS#`t7g(@wd|tbL~N8#;r(xO912AEAtu{Nk01Pul9Rn7F~wn zmL={-3a(-BxO&{=PoLIrUv9f#@MaXCbuDm3+&0CPCp;8*=)=5Qkz)n7i*+DlP%bDC zNAR3;0r1aTb1yBAd!TQ0+=xQp<*Un;pHVZ`yhN?G*VlfW1Ou?sAFgYN#}F52Jp(#M zwCtK|0ptAQSoVs7G4%Ry56(pIM_&2y_P2msDg*~^diz?LQJlIi#aZoB4x)LP_+uZr zvV1Ook1{^9;Q1COJIXn_g4av!+Z{4B|24gd;?s5CQZj3q{1D&ZAAXW=_xv!`F zR&}#(IKL?NPu#9kJQ>blb*iZY=z-q*wuC!Z-W&#} zhL=QnbqTREe^^-L^f5h#2Va&DPKNAF58>#KZN^kt8g62o;#{1m-a@E#l3>vq-=F)f zy z7BA6vlBuVoMmCCjz$gv6QA-^LYTHJ!;S~W4trF2+>ikA+;Q^=gF-nzSSekZw;WZHVF9pcfrC zML_D(#Q&DP0eJ$TOH`x%=dAl?Ex!?pF8j}o0VnjSYRc-w2oy%{f)1x8Xn_v)1d?ln z&RqN2P3u_oQpMEb>08S%17!x72sjdHN6u=%d{tbg1zOgmOoarj+nxsKA!ROFi!+_t z*^aE+HVSYE@nFCrADcFD&-a7*D+(E>Sur_RRhwDCAE$M795VwIuOKVQL+gc#r_nkx zW{EaDq}WT2n_bg9XiwhN{Iz+`;l7OmAU4tTTsQjVwycIKZpNpfM8^#Qo`lO`Nr#Cn zVEAtQCJ$%|<&}m`=Fg~3!*qn9?Jm+8mFt{35t*{NO&$K&rcSGs7g`vJav<0Z*xB6y zgwjxlFC~IS2k>rBJ>+~L1S!!$;!t}~X0tz|nTLTc$OJ%%(J;$&?x(&ljd5r^M88D` zVZ&MT&O!=@wVvf|Xvo*o4yN=o0y;sCxanl1?X&%au(aMc96hm|mR3|Mf zsX080*qk3xRWgsaUxc@E(aBNZloFsFRP1E#glxwGrNk3Q_L1>T8>l@+2f_=P8cVsL z8by<$%csrJ*sO|f%t;XZ$!c{!=En1UQBn!CEQKYgn?Ib7OCwnl!XM}S_T4kya6YRj95^xpHT< z4NcZo<)9)G?syylrwI~b6IOv4)j*Aj;<~xvDVp0qHxfJ5v;)w9W)5^Q{n*VmmUw4r z+2|H^HNXTt+3Lu`$@u^wT<`nG!DgzOI6rbeiaQT?+(FYJqaY6>BYbP7*BVfNwBdm@ zny!G39f_itH;pcbi<}diCQW*mBWorNf2=RLcN-VDJr=4dyi?|HBN(xUNClK-IEbm@ zCA4bo8zD)SC<8iwZY)U@^td#QqeD`zZYg|!-^&t4L*nu2m`9JdAjb=WlN{trmhE2r z(CUtm*&+);3rdGHG>g(n85DKz+&w9`Y>~K6AMXe zeWGnon6-9S(iMF^&fk4-V>3m^=4Q$s#)B{$@wD}wScvaRh3r8i+0$wHJ?x^nz!f*i z_cI%RtQMhLlhAle$tB{LB$9I| zYQM{QxAokPsNmWt-2w~KQZqsqVeg0i{6RVMO|G~Nc z1Z;w&?ja58c#;-uu3mRpbln)*9r?|C73N~hvjB5ggftrXWCpm(8EVdM*lCa?ycTP1JS%WbMxe)@qV77WP;RXbV{KrK1vdq$)aa&n>Sl*DIb zJ#?x!)2xDF%W!hYLEB|@>eLk_@PA=HdBr(qzzG0yLGDcp9k}&{r+fQV!S*`n0x5Fs z1gSLKi0nh=s~~6N1EQ*-Xd+5y_Xrx?8BOILlpwO_>y+c}j%n{F6$B^2+?p~pKlo{T zM8B!H0v6XT=!|8;*oYOu@N15CcGNEpwn=HaYEn+5!$@hVt*ZeJJs z7HstQEIZezH-<|0{Lcf z_;d3)=VETHjgaRR(Lqj5^Hr2@)QDRu*`S|AqN|0r;1SDTz8TrzSkGp)FOQx!0_LCf zBc6~9;T(2D5vY=Z6Aoz-AJiJ%ESWCULlv13B!2~WaSK<42-V-4ImqhJl3*_-9plmE zkt4i(*+Yvea_h`_vIhqn8O0QpUZSO3Z>^{FPC^Ld;UF~uG@aDyclTNAwFCz|V#|{v zRi1exa!|@RUGJT>m9$O;M-sn5rqf{th-~USnJB^eMx)r#i+;_R_QAmc0tw8h2qumu z$Z#&r=vCM*QHPrl0YVSqW&wpDdrd`|oE$S)ijwotHn_3-U~xR9yAACLiW8?{Sc;Hb zE;7+9L1L$ZpMB8CDl61o?~B|h18I7JaGY|o1OvU9*C)j}@N>}|Sit(j%rD!(YQEzv z4~2OOxuUpulak zQ`NDciK9TgT;#rHy;i7<-!f&8r7iYxbeM8!F8g!BNzF-?P z*J`w{Xx&)V$jmf1!nzQOTEj$JOc-I}@yE@$N+D*~6LNp0iJ{(jo`ms41KSpOdwxlZ`>d z*%C?sFG3hUq?23bF^D4ffh}iafm?`$p+ys}9{oD&Y;?CLBAEghl>mhdH|g{wCGf}L z`D$9LwnCxd>>wT1Xf}$Nrcwd0cVeCKq{bZW{v7A3wS%B9#|{jXEb`Hue{Ljm=*_n> zEh_s)ZI9dyrpB1iQWK~eWJKrAO;x5acai2kh7M-NA0OTb9SEQ8C>R3Yj0t5)w8$7W zj`4YmGmy;_Uvk2+YFihPWv9xb$5~IuDHWQ?CZcJvJ%F~+EH(GQbLeIOf1FSiE2SIP z36UJY^z2mP9rMg6&1?b?bks(qM>ILj zUz`3F!dHQgGG5@iCLh*J*?Em}iJE*yQc*wyUUfZzes6ftQ~Zj4^Gka1G> zge(5o$LpM%!B@phdgT4BC?`)90SFRaz0#w%#MctXq8TGWiO?bio8?G#V~@lrBY)h+ zHqQh&^IeMB0cyf?S`#57pdZLX#Lu1_B_YX^DcLQ1L1dm6Gs$ZfX*6fhAKMhw!?hZ< z+$LYv>#q_a1LQ9``CQ&lf1mSje*z%JA#M<+E;y=(yW&GuMWtght>*#X#i^ zW#T&IW%~wbloDB&@F(WKGaF{GlaYJux$t&$oLTl(YV(?>alb-=5gZByhe^D(518hD9$ zlm6=Q-j10qiV z70}J6tg-O=c>DQ7%9BCSW;85PmAaj?dqVwKOH_c;9@vNsnkG5RsY+(9-GcfF!e!o3 zKlI0~Mb8DL9s{r-RD`eYlppb4PL69$c3V?KA<`)@Fxf9q2Zo|(<5S|t(GogFDTK-Z zHXlP9cgfyNOD&<-)9|dRo=U7T*U7-4v4Ywhxf8AhumsK#w1RS$7pq2ud-<&A3bihF zK~QmRv#|Z-qd!hL0i?hJS;2~EzYJBCX2ob9KHk2Ar}Vw2h3pjX2&~qV{c!oFWp-&L z?e|!M%LWf2&rG9=;F%whVfU0V<*zMdWzums$jXjCKD>D_fFwaq^oa> z0&h+vaZVJ85@$5bE4kg85TSzWJ?0z)Fv=j?i>YrVncVcD&Oi@z^YS(vkGyH>cp&9e zOs7Yg6UUK8fKmhJlod2duWVn_;V2#Wf@CH5yQs!6p~p*tEUfI`27^>cl!cIP5(cOCvqz$ZD>AArM6H})s(WZU?b;dW=#y4xF*nsXNKEIy$` z3nL+OiIal_L2rdOkw#Te;L1c7QBz&3P2)9qI$8sHyV`=UB(I*;c#NSH*Fr&fBTh93 z`4p-u^1Kx2>(ICGeDr=tC`pn4^dEQp64o~77s z42Gr#Xu=|hj8w}Gh|V_1Vp!2{GP05G!5<$!0iqt;h)0P|S<^j#`fJdQ zp)xC{;}B#6B(fX4z5yR5fIY)vc3^UaUK;DQLeJ&WZBuf#vU?`@V}CggW$T1J3-CUd zF5Yb4;*9XHm14evgoKuCxFOqTB}ML<4wq=jgEcbTj=fdnQ}PVnJ{PTnwv!NJX+3Vw zF^-85egJjYun`654Qb8@F>qP=ip(V#F9vq8>`S!KYnY$XM$ciBF6R&nZZ>P(s^<&)`^=C91)s@ zw`-$pX#&f*llu?$tu{Jr2&;+MHem>C&rbjUyuDeMB}bJt_*dYexN#Mc-8K&-QMHg5 zBnps_n6si;HX?zPDWsGXLge?`d->TmxyQX!KlMwlxascZ<~ANXXP>=E3IGCAtf>rl zZs$JVThg3O$WoneJEB*)Zez2_b|7<-B#t`XOQz&&xm?UZEmkaA8SdN$UiZR2NnF6T zC1E!7Fq`e5g62f#NrlTV96_Om25JI8t;{GaoHk~wSgDJ z3d*0Y+b|(uwC6>%Ou5<#1sX)%*W&lDJMQViU@a~ql>Kjvf!8l%j<;^ zz#TFW6}cv2#L8#wIA?S>jnG0jKkbuN>hrW9OTt6l7bts?&1h>X)Tf%O^lZ% znR;c3CFNC)b$}d548s?)%gec985w&TK; zYHK)T6o!d})51x$QXIjqDe}Vz-!Sa4)-# zXPJ$#4*fW|YL!~`!02O;j+*SjqazYP#2G81!LSpI&%-n+Z3*SrEqlz0)R3$+M8-Q` ze#GGlhILZITLa>9!H$^$(Knu$I4Lhl4{tU6CU?XhG(wTqK&Ncl1q9NUlsZ2wb5zNc zySNX3sA z7f{otG4Q~7Z{fB`tQ=>wGc$`rq$Y7J8tJzlj=lJ?J7IKsfricC0o+9mFnWX+ zsU@AugO{U{PtHo&+RD7ubjgK*f-_A?E6`q}0!xB9#7~`G94bQa(s4Yu7o4CRD-RDq z@2f7XDvwRpyJfhik&{7tZIT%qw%avWkSUhlVD#e<)&iPV0>7qRllMt0wstW@lb>J+ zA+TmOct*9VH5w0mTiAJJv^o=pnZ)imDlyU8L>i$nSP7Q8ooOyPb{cEB4$YH5$sEc~vi?h? zN|22vicNCwSPI1@H=!wuPcjIW`T)a^1AZoo3E~t@238|fCdA$sh9d*f6QgI5_C`K5 zEBfeqi@?axq#hc(Tx(n`FPd23=5{2>k|K+cgu%VR@S3lm)|`f&-K0X0(Xt^NXJv@xmC`3EQ@0?chj94GlX#=Ng~S8k0B{cU=X9zvazG39ktNKVMY*pgESR` zSPV~bP*<(V@+z>IEWiD@6fWSI0nH5$K}#)GhhWoyk5yz@X1HD&Et%4>wVV(!w1Fm6 zDbVVsFqg&L9QByz95Vi3zH*@&0R5u7zCmZM~HS@gvp zKVDoo%op%*C<-H1js!4w2(rS?Elpqy5q_I;Z`Xc0B6}i}C01g*1v9V1d2&?X$xP2k zyJ|U#3};*6_WsSjj(dvmg09vgQ-g;_St)1X{H^bnsiVlxH(_&9eCQ_`JiBDcWs1_wMB$I{>z~FhZ zd)MrUW@SLA9hvQPb{||v7ZxvD^TcvG2rnQ4CP)BwnTR$@IRXjv;{YNo3;M1RAaUwn zQ~V*20TMz>DGx2$qXnB8j5M?)6J0i4R#I_yHg1a-rsAl=f{mmzH?Th`HI{X;2Dldf zJpgJlj7Es52qnbeR=+m71jT5ghQf^?S0)#BY_5wbR_P}lVKZscC&3|s_?(gO7xzXV*n!=K&eRQ5F7W27lSCULI4O{0nIre zQda-#xje$jk8`YE&jiGq4V`;;WOU7(d9&Wa*BkMstjb#%Eq|#DqfaMM%Og|Mh z8kw*{!??gPAO=_(Wvp!|_S4nPA3cW}Vg!>yUlZXhNiS6 z0DA(8n2PqQJ6AtXUaRiWz>fn_47>-DdHykujI73KxMjovE*ETK;2UB!k&yx@95MiFZ}YZ6CrMVt4u ztUx0xDYg@rMUddicW|{Gc*m{;oIYK6K+XsOzZlYBz?@`s= zhu+xAE!oADI6Z?9NA_2Q(5-23ZqN`o*Mq7J3M5l3S4JC;Kt>qMK+yjZE$>1zKG&RW zS(>;FIwJ(=WN~?sirG@}-Vs;=SP8BU6Q{!NE8wdFZdvG&>3cCR-ZXw78rB!#3!t1l8z za59H78dC(&1fd(??Yz9^_b`Wtrv|GQPdJS4`#?reHxMSSLO)%td)6^PD=EMO3O?0f z=OP^@HJJ>S$TLIZYAT_hCmU2n1;#E{e38Q9)CvoJwhgsd)*bek;m-{nvI;WEU0ayc z4u22m|R!$Rbwo|I8y)`EHyuAl{upq^}; z1tVaTLxP_Byjq|~2N9Xz2Gh>VfVjQi^~Ff$pil4+_i$tpsUxEz_l;hIMvFv_7*BGS z=>m7sGnu*X1+U=0jL49I+ut=)nRz2(`1m(9D2w{lIR6}q0D7&~NlCBrpw z%}}pNO>!o|kQJlg>Ni0jcq4;b*n%5X1t%-2`;CtX4G{lH$ZSgNs#YEh0!?0#Xj04D zg~`bG8Cv8lSi%9i3Z8m6fPU;IV<8*B)6o^a=53qkVgA#noxhgwmUp`{7FNx^%FvP^ z!J<_p+b_IQ8b~@`D1sZbW%JM&I-{3RcaB8ok`adz_PH69aZb`!fG8p+q&jN6R2|aY zrH0s+6dFgCfK8SR%P7mPZI!hx>tQ~>s1o=^DMtaK#2~91>g6D#g-IHzp2CXMBE}ae z`iPy2QYZ))1E_hZxn;H^y5K3KAoyF`Ml&37oHuC9h3*&7so)lF4i6Ve&{uL~D^7$8 z6S8|GBENW?p7vN-Q(k?EyL(`y1qqc?8>~~$w zU(_nx{WqVy%&)%L&zM+R_7J2&8liaInKeh3BlnH!74p&oYLCLWi$`PLbaNaX3WRYj zo)OOv&zl$>RqqEsxGWUc(y5Rw%ekdvh}bNMMyj$%VWXrMPc{Nl_JG%zobwi$W^6wl z`Zga4zXaJzfn3M7y-ct@WwR)3s^s;|?uz2wJfLoeroM$?q2sn~Pa!UH;FsbQa@$e6 zvLy!`iMH2r=t)dz`hLVf7t@WQeTXz3I%-zkaIV=3tqM@vZe7Y>d?;@1<@x#h<<=8 zaFn+EJC=YV;^q8s^YPs;K6?MxdpGT!D`~#a&gTQnz|uyta>=x3LWmZ+OG&tbi;w!u&46hk#;kk z0BCxa%R3f?zpy28oUOPqp%0Us)vkBp+TZMCg8o?EG#VjJDKBoJqJpp)9v~d5b@msj zF}b4?u7fqJpna*7z5c<~mr3_2ED{cpgDoUcpOw=?6QgfSMSA{bDviHWZWj4f6-8n9 z-<^K;r^ovKK{i=hjci1zgO7XJWV&__X6$Zvl9yFXXb=k=u|(({ktN)5VuEXFpcggf7z{{GcFuYY-{ypFumL924bL5!)A z%YG-9j=OFy-9=Kt?|%NpOR5Uz%vyOfMR2r*t_mxQ8o5p4e0Tcf+u!`|lVfd4t)QRE zB|{2`7q4>J*Jiux=F(kTZT|f0$B%!yZx}_U!e*vVcN}nAIn?vrDVL9b^OJp5MCBIJ zU%C|Kb``+2n|W<}?eBgZf0GWMBT|<&7a#rNpY`x9JWDScf>n9G`xd%(Gp}uB{Ok|ky!XLzl#6PSWFEca`){FZ z80EOS74qxy^}86LTI&$qOe+$$k){LqQJSc_*t+89pZ@XVe;%rzvtp?wtvGPJ2;ma5 zyAPqeZZ6&R{LLHc1R+Z4l)3mpOGZ?-MAEjLL3Ybw9aGf7bS`0*Ob8%|As>4K?5)yD z+(oQlV=4%aR7gK;_I|w5+OOq4gZrdqt^yv~9l6g)N$UJ?znKVkyZVn&&J87M1*TWc zUIYqtqZ%4F%K(CN6DAlpL0rl=mhaIpZYyzWeSrYh6CrPD7Tx$-vUe2uql&B3Tz5>j z+V3>N+jAtInRA2(Rm3C`z&$E7&E&!urU8$}``scdLM*||GRPli_D`WCV)LD^AdPS_ z3#F`#dVc<9*S@nOU2HUZ0Mc!r*F9w1O1&Q=ft&&YsctOXO}cs){Qg!6d{@gFb8^9Y zM78eqA1BhldYjj{`bSfz>%dllW!owc_W2w)>oUT0~4U(Q~-TO1>tqFhoQuw z3B-M@i>J*X6RgDD03qqtyUyPzl$Zw=r_IF=nBUIpaA8n6ViFPiRE|>=2{>IJxzvS7 zl^tgTEXS>5N7D=Vwq2hLt!aiPPq9GnP!fb-2&T*Cpzn8g)U0UOBarR!CT|ek+r6kCIdeltAcZf0L9F`yHw+iDp-6;e9_fzc#1yiLL5{`=nD8u! zg~YRQbI7U>gQ4-Z6BXUSP9pKNXntu8Xw@Q3vRps_8iTNi>I+jN+dmWe}>!9-g9-fL&UDN;k`-=Z;HM@7O_*=_rv(G&*U(HiQiE&{xQd54CHT z3}iRY(H+((4sSSEo1^Qy1|{-z*r5XQ91zz~2qG*?BJkYvc1GmYSRwC6{dYs5RqZeA z(Mo0omVVAcf&is;h2;j$P7vmkOd44)w=~KC>T&-({vvnm-Fl<&b{0zD{^L-Yc@XF4Z(e`#ZF3jU zIpxLLaf%`tY$qZG7zF6FsufGY!cvJsTgtMQj8bABUOWTTs;3xO zL9kL+adm0AZbKv>o8Zui0J92R4%;VZ9x*?f)QX#VuFnng(F^Ve?JU(W$})NUtI+3% z=F%H;a&JuP#_MYDCK^N_30br}t=S2Q40=z{wQABd15DUk7Q>pQ2NWS00%)yd+;)fW ze}8)D=SOFxD3Lq0E>1YF50<$A!4OYy70D{+fcGQ`w4M6FlEuq03!cme?y+C_sh=Ld@a7{;yNy?eHOAqgX4w=p>UX26JoEp_kC9dlf7 z7JLUQ2ut%L;xHQg@r$jo3oE_1K<7hDp{Uw?&orXW4JqE6c+L}tjEF$iZ`O5k)TqY& zHopnB8$%ifUm2#P+uzDPyyzJ&+Q7=)U|teL7qxSSKuJWiK?VR`2*S&{t4-Vma}1<3 zi=7}Y5g6Y$@xjm(tRiI!s-cbfw7CVxD*`}f4w@m`3ji?OOtzxYz%*;l!e}RS`UzUN44^@*c&+a+p+Y*lg>)oA9AT z(eO%c-q=~hT2u8+OYkO<4%|;}aYcP-tH>JvAi!PBE#dCaj$FOykqzqv@*F`SK{^dK z=xaTmX|rpvMB~iDr2 zPLqw6m}rp8dLoxh?V4fuf*qwzW`wEX#^BQJyJLdSQF#s`Mh}J}UyhbECnX1O!%Wq# zWH&{AY~b;bZh>YmXRS?WcrJT+&5~T+O+_B5Xs#FnUMnvS%K`(QSRjFBXu5 z(pmry6&bKSR(i2h9a&uPs5<4lk9Iq3=;O&}8a84@CnF`1_=Sx)9DHWj1@?{iX;A`( zu7?-rhx313sNEn8F=R-@n5UUdOs6-W&0%ww&Odzl)u*4X<8INAp`$+1w0QLp@yqIb zd;0kF@chjZN20=>zX@M{`!aoRoN7OOy#~4@uZqk2?@pip^siri^(0888C0!fs-YZ$ zRGPtwgKN*<+@1dM$>T@IxC+Y^0VJKJ340$2UArCEwjw_H^q24d=@=4WzS23}3CX43 zheWn(x8oW`M80|FOLO<^IN5K zC%dldLNq?rQF9^TyK}jDK@n))tjWn`->W`itsw5_?dTJ_YA`!g9hu_7XUN-Gzi3aS zwu(z3oJKM=gHn-SvWgPfI=&_Hje9k1SXuEo6HAL$=j}-UKaYZ)Pj{#HKL6y?UmS*) zES&A4r}&>68jpXEKYr);hq#ulp}`Pi2wLspT6C>NZ|Uk*$j6_*`^j&pOXkOAg!}2> zF%E1M3c=c>^WEu>Kl$}Pe}CvmkZZ*TfR+orfzDg!zx&_$)uFo4DhUl54b}-#|CXoGcE_&{AJCAf(N`vtyJP)zGvpMkp&JK0Oez z9p%P81L#vk;zJYt^lIH?W(7b~;WAY~SJ$IS>t@<#tpkY#Z&@xBpmGDqyuVk0hZSNQ z0oZBU9%r6pZ?fS&q(^jy-vKdewYzipt02?GZ33Auz`wD}f3&-M)Lkg>mKbzGB0Ie{ zUB0E4k+#QFBMdal*2vq5|A}1@8{-%z2OZ3E<2xHo;T!WX)fuFE#_BcEZ!tg;B8H%> zvVkvtJ>Qe8dcnCOc#Fd>B0`*xtoNn9J@f~>8j|ZQLu7y*j1(FWEz?l6Os0Y+#kX2RlARqwX&l@+7w~9j?gipKN^mITdJ&4) z?>*kzDrOnvrCmw_ieWxGOD4R7g!PSU6z+_N7*}f`Qo)oNDp)Gy3ZY`5tnc9}qb<1S zv(9@{epV7?(1PG*Nfa=dk1iL!N5eYLYm`KBsA3yswEc=wsS;Ymno-51tj7Ntrw~0& z)fFBtR}p2*c0)aO3yLKdEN1&)_)T*Rd@FbU0*2A5Y2V_7PxBpSAN>t)fPB;!RWlp^ioO5?VgvPbf0 zAqYoJg7i_O9k`%c;~u}74%&bC`X4_(oI16yP&3w2Y0LMmqqwXg(+OAWlg z#cSJ#B5yNDR;f$5+&U=Z8DZ*YNi;dBrsKNFVP8HlT1Ge)iF1 znza_iH02i=bu?I>BTtq3G;ym`X@*3J;_~W=`?2w0l%cF=ka3-Nut#9Jj>Xard|cq8 zbx|ShCdkru`r@Gsr*x_S1u5lhXpR@DGP|+^(fwH9otb6PoXxXD>IHtOT;h#9S|dhi zMaz$r*+WA{dJ!B-v{hv^Z7CJ0_BvSa>g77(E?N}yEQwGlVU|ZD$jq|lU(~$k=Wkk$ z(;Pf#N%oi!6x0(CGPF9uFV>tlN=p5A}bSuEj%bYqqoQEj8Cg6=r}h12N4@u1_-na2xAiXPc%NUTuRbd;U+zaN@HN)0RFHijWoU$X+a>$iJZ;Ikt_E6aNf75 zhPs$cYxqu(yIimqB^w{g8KEOBxH+_x3%o-KaelZtiF`s}pIUKOF%J|)gmMLewntjB z&H8+M%BP3>oAbd~6-CNIONA<-`qC0AvWCs$UCPj1i$FCEIrTa~VrfEFq@a6wzAVNLJCQc)5lsqV-`f zh-4*4VcVJy1nIFza%UaSR3^)a<8!P6yFqrgYOIvSNjTr7h#vC2obeK`bTP`H>hW0; z#W3fi*evA!P3;nU%>GbAE^6S|4g;$hXSEQxr7sICW!`v7gencs9C%5WYlt%D+K-Z! zF7Cf2u&uLvl==*8A_Qs1QRKy(D3e$aOp5`a6wF!QQ4CKX8#5V1c|cZ50v+b!S}OH; zstqXej*wb4WwskuJFy{+fZSra!o*l8g;VONiffvLGPt}}0U*HbNpf2%S|1@1?Hk`& zzqLDpLz509G8x((s#d@(!l|T~*ZIUe)_|kv5+sHz#ct8oE&J76VejfL<~%bByDTx(h^eRo|7fx9>Wt(ugWh~ENhpe_WhEi$!xr14GpYjzN3$F@e5 z$?O?C?b`_`%h=$)IPTwF?BEV9s{oT}^20|k(u%Ez_s!E@%N~oj)641rkSRqsA!+nV zznAo{dlemYdmY$}m?yf4aC#u0dXOX>VT+uMyEO2$CXFhhk+nqpFJ*m;J<{gUTGU5~ zr76?&U_7EBX1lBt)WL!!RJ}9&yz6c|2}7c-GY?IqcqWwb=xr{oTD04e1FKdrEkF!q z%&pmqF*?Qj|D1o`-#;UcqT6lnZnZ2HRcWiq(Df2*+kQtXLPLNDirjvDdbn#JCNoL7 zNNOHN9~lZ-9iWD%X?c?V+IqK1iEf2&pA=_lo1MUBkp$v?l2~9(2@biOj#Vl< z3LBAg$xY@(xA!S{%p^BK$IJCQmOLpSlD$ee|JC&Ee z{?k7Wo)29L(rrX2L9+eXRd^Rd#9o^uT7p|)Q{;;K4Ckie_mdF{p*7pqllQ{il~-rclcBz4TEWxgTfZQ z?SD8?sVX?eg_g-R|DqOlAHV3IihC$c1nDR3}5_+?PI_F z?dx|xJ$nC`M}LV_xHQL)4G9^yoawf?OQ#+3tAwZ~wy=gtp~(@KywBSj{YuZl`ESd7 z>gxB>tI2~y;Y=bK@nVIqS<}6LhmRl-NBHwE9}nI?ZIg8bSSJXfVr=n#anT5U!};Ov z^x>x;e*T9ikJAiZG!DSvC+V~nDGFy@+8+Pt%OC&t;QkT86m}R*wx*cKDaMmGaO?0K z3Uax%HWHMB!e-U{ek$r3_86AFuFSho1_dqrEQz-6Fw5JvXt%qa()}-WN2}=8>ELQK zK%*t^)OcZr+M6PyxHn}pH{ytf#WWeK{69} zqi`B(jlc}IZmaYxlrm+HYqShSp)I*#@F**97|M0RZhPHd*ke+n7_=-aWlvtP>>-CT zroRo()9yW!6|=xz;UYphHY8I8+^TS9XzkKg!tlg!L!I zn5>-z((DzpSV$XP@bk2;rb7Z9@QWvlC>670`10_?(SzsMVc9 zHAhzZ9+P!4ck}V_IfA?x?H1o2zs zK9rVx2ey9J4p&+gZ4q(g-XqW_b6`sJe*EsLdzX{v&jA|37ThS)=Ec-J+^%Y0ly*?qhfA3QgsM1fphNru`RA>orRk4-`dR_>; zwk4x2ryuK0+7banczw(-KB!evTjFvVS=U9S18Mn zBY@lhnf}UwJ?#CmEk_`hG%1-tAfOwM!RRdx&d-q3)SWFw_IU2?Za`?FQz#rlY|zy; zp|j>bjBz+Ow<^4<>G_)rb9N3+&|Qkgm%G`P6RO9gd@^qj^Jw{Q2o~mr^9As`#8W4$ zD>fkRWRnIoMCMw>R_?mFzq3c_E9q6b|L*k5KmF-fAlY#$Ity)*Z4;evL2!yj-DtB# zLsS0jliz&y@%kh+;WXEbC-4}!UlsVW?oNMx=eK`4Ao_Jk5q698%J|)h8P|Zt!d0TK zdjEqj0{Ei5%pNqS}Dbn?I^rB-<`gA=b!KW z=uYS6C`TnBT~(9MET*`-b>_B`rz>FeD{>P>ThF&AdAd8j{py|H{Cxk--peIb9@}W8 zd@9Kfb?2h!yQwAE7Gn)!Lgnk>ZXW!SyM(F3d2PxChYl7d-YwK7l(1JpT*Q3M0%C6CqAg)v*uE^Rfq35W_vCUd?!z4NEH z{|Lx*e`JVI(9wysdTPRomeQ_=1~m->VGt+AAR(|PnWhmxEAFM88P_6J@FH5=-7v>< zok4lS+V^a62Q8VNWD@{Gjv;uIR#<$F$cpWvT)6huxJG+JO5eP_n;#uX z%#knKq%c%&RN4FQ8A;Hw@vlOXnR&=tu}$D)zEWkJ2t@& z!K!ZVdu_`O1;m+AaD|}^cqe8_GlYp!;NNJ7%<(RiOFsN`44q@xeSI_B2bP9NbW|s8 zW>wFXQ3-&MbV6Oi2!5&vY9Ur z7Za$xt!k2un*kZVZT$SBK}RP<*0iCK-S6{qWO7!XAD*`nqC&8NC_kPyZZ|?xYJA(s zYDa}_%R8BUxDX+NMgn54#?%4+*(V)PyAWtmtJsb_j`!hQCBQXYI)eid*S<(|WqMN? z1JI9x$S1F6A;>hq^dIj;sRZ6RVozE_kgw5lfQ+TctmQ>$%>cs@f_aTxO_equ${`C2vrD^~Fv10`nS;``#xQ05U1%&$Q7e13Ut5fWk#F z#=1SF^cb*fB}NQVk}a5tDYL>08Cg6NrhxQkrHE}E2x|LFuuOOY`pmpdUrp{A!*7WO z23)VEboZpL#7!n6K{$krnr1%B&?d=E2zb=6Po%+Sn_y;TO+4>xT!shX-0 z5&;)l+M>N}ek1sy1g~UT>rmR~NWI+w{}ZPbF4K}{b2?UOnCX#bb)}>&!Bm(`Z`?OF zonHUJVxB-)X7iN9jwPONPcO@HDVhgKm;7>|jZiEsmy>yA^T1J>pAsld zpZ90E?zRX-OrEl#h$Be~#4dyPWc1F&JXfbnmMda9GF>8K)@*!|4rTg)Imig$8h1_F zb{-xCk}Vs}uiCL%1jX9ulz?j7ZWhv8?2#nkqf$8TY61YcMD9R9dwixL!5&4$=zK$;CI9K@4Y!+8v)Y0 zIRGkUwOWd3+USpM-1}yD*r8QGMhd7CIP0`pmkfz$CaWscBKzT%rK=+?)jFX(nRpr^ zL|R1M4YM&rBq0H+!NHh(WVOSjF0IKf%7rk+&?_W4bt2!|fQV~+g96c7Qw+(C%gth@ z;AE7ywC0H3-?g%9le?jg;mVN0EJPUG?Oj?!YCw{Ng(9y|(-SrE+SD0AMIqYorW2v2 zaUsjqnInu_;uAt*mG%azTI%Xl?W0szNEOh*#*=19+LrjsV|xrvBx%zJ7GlwIdcS^j z<5md5`w0$)4@WDs&|Vz7cCMoZF)?cClBX4037oKv-EEpiwRKxCn+vT*j4!fG~n| z0HBd3O*hxE0y-H=GDt~wicO+N{oe+m;12tL>5=XMlf1UTgoVv3Ll~&Q@y!lhVT79D zhCn?LrRZLShns6t-r~q3;dPTM*QK!>28Lv!Z!=s8GFr$9?`zwBNYAz2k{N;idB?vEQ;5a`#>|5P(A=4&^*w1G&=DS~o*B`$) zeemAt;e7Xf^1*JqW5Kp&Q@=H<^HnnkZ0drO+DvtepPHwp3f_lykEJ1QqQU|?;Kc5G zbz*WC*Py&_=qVBg{5O5(O>Dt%%5x}e#$OsI?1*VJlR@y@N$xg-kA#z1y1pF-EtdS5 z2~y)HE9Q`21Gfm*6T!iM!34IDu|}ru&nM*=BMAjoUzR!pvM|zRHLEO z8g`K|ns!0X*k=4lLjtr>Z(}iO8Y(JoV^qV{>`dPrd1l-Al!8PC5?6g+jhxZ&v4X6k zyGskuGw}P-!UaL(n&!$Pw{7vJjeU^_!Cmt9W>2RH6A$B-JY#X2R$3LZ?ubw8e64A` zuAP69i1~?PhP(x3Z;iCp^AzEdf z&(V?O3Z$?a5iv?SUywz5b)M_O=JEk~Ac@F2*A^o-b28I(!s6txDs#K7p@GhziH4#g znME3rob}_Ku-jmY4oo0|%zjNzakBkugM~abv3VxSm$u-0P+g`m?iDH|lK(mUbOA6=fi&=q=Go>$>DyBO~)btgHZ6Vv8yNLu;I@I) zhepeQP>|P>5UZ5cU$tC#T4}hsY0`2ymhx<9y$J;L-$sa{MMuEq0+vLP1&KX<>nY~} zHX>IB4K5uhD(D&OXIEJ_tJiL8 zV#!a3mvJ+*LrG6e^5N=wnCrs1DIoq&Zi}2NMmA5m(i!C}PLS<9v-A(JJm~Gq} zwM_v!S6QstWD?1UhKRs;7!CIhL>O?Eb^w81nt@yoH^;LMK~!`CH9k@M2{}$yPQwI%=jc4|Ew@0>_r18t7)+OR=FD)bhy6(g2$o181Cw z*=9||#C)|AiB?rYw3B)>e0h4ff4OV7_AKSmMA&t;ZJs~w-EJ_D)Uc=J=xy{iHFO-umzF9i<>sY>Yus3cU(p`^x#qxWe6 zvx+E#f-Yh{PkZI=Cy#s}25#pE~GKO_vkpskUSul8u&_4Rh z6+{^`J7M|FW_jceo`n)nbiVgkK@2C#Rt&jONJQZrwVPEkBk#aOX2AQQvb4rtt{}=F z>EZd%Gk}gqab%+M{dF1Vi?7ZOE@PS_UeNmGh%CX`7Ffnqr}R_WS?Q=4s-CF5AnQ6a z2$1F%ZEN0O7?Dzj>-qNd@-Jxy!_CC}SICOF`tv(eu%}dE@u!)-bQpY*A}EXkf-CcHHH3v?;Kbe-y#NC#v-z zWZDmv*HDq$kSGHD}dMOh0@ZiPgq09EV!#hQ( zO3IcY7Q|kImahHiN8{r0rQWlgK+3<=G3~ZdTzfXIJwK%H zIcXr{$AuBt{6vbjqQ{H1sbyi-mWy1pG4aZfMHw{iWQ?dedX@fN82$mWAxn88G7Ug6PV+5!blx><()-a2C8{+*2r z>3(hzc&PA&s;FD^sgV)2W)XB2H&8lcBF&`X-1IwV3ns!F!$n8QMjbbqq&{Ds=7WO4 zAY$O*+3*naG~)Q3Tv7ixXm&=*H7HEA#cBVcxx$-?Gi3xiLnhbrW3H?LKC`7i9U}iR zqe)u~bKcAr;w(=iC{gy4?Fv4l<~9(2G|ujjKH<^xmh!fTPqp$XJI;F097!H5sLgrI z4CyZ_jeL1wEEm^kWw$a$Mk)#-zKlb;xQ});=zyYBoQ94I#P~8t!LA%>)WNurW1Jt_ ztE$)`5|l$s%PUC8Td-^lr-Hm_O$a$F;*zdjUEa4>n=|ydtsr;RjK&8sVA_boUJ$Y! zW^%3jqwGQzOhu5>tjvNa>>zf9v>RzNZPLqBEU~jZSx@`4<`I|$2Zx0TY01P?^|-Nd zo;=8bv}MZg;b(LWODe8jU*06mEadQ1o)_lo&~>erC4&4B8sUEn<`-wW^y&H9I~=)E zq4`YG`h6GotWBIg??`#Zq{$+mn-)##x1)sX~EfU zXwnBrCvFBhc|_pTx$sm4#La?AUcyx`cqe>6JT|Q(YnH&Hv=WgWfCl{4$Gno$)dZA; z6JXU5W6s~d zAOBX;>%G-L4q?m5PKk8h(u}v|25!e;=WXlL06R#+gA{Z=7vZpQOADoUaw%tM!EcK^ z2J!x836M3%VMv1bj&C~(c?b757gErQ1md&`jQq8qBF_&u^BZSFd8CJmE`z>g&FnfOZuQ6EnJ=w&#Gjc+GfNR(Bw%48?ZchAk{^9=VHbwg3z3CS5 z0*G}YP?vCmZBMgP%SHWes3V$GNMrQrq#J1M25YDS%9ISeF;W~S!{`9+bD2C-84i0( zY&tEfxQzme8ED{y5Tt0@%1^5@&R~TBE=OxK^3-_A0>d zlQJCzEd(M&yu;H()((ApVWxtsOCbl9FQT9>KWT^Ap$@2FUXil`T&fPP&BB)8tG%q` zF6XQoWghNE$DAqB68qN(Pi;jpR07s9fBwM_Kx3vusgT&_DG=6I8o;yC`TYFNoAqqa z$Ii655of2VB8ylP1(ewa&S`bWeQDtWwM)uS2?IfGPJy2~dD2869s4%+j$d z^6V&sj^<|n6iOmI)9$Bcau!OlfP?oiNv|wNvKf;&cq&=6ZlVaLXyEc$a*fW!WogtE zO>QcK%%8hmkthf;y7i|-dK=0lSMn3@X40sitib^(ue}Oz#M-P9qo%CdG2S#1m z{ZPhWpg$Hgoc`k{w|Sak(5-HU^0zC#jDEbSZ6HvsH@h!%@9jg(Q3`_#~m+5u@BE-GjDZyar))A?|t&}!_&k4 z{ry)jbE%)aEcyIhPtdEzGPie)y26-W;;meiti}B)#FR_@>&Kt`?eCv{_VU%||M=p| z*I#}8&EvQK{PElG{N$%U`}w=?{o=oW`Kw>Q|G{rQ{OGs8`~4sO_@_TJE~L`NI)D3r z-=Bugvx-If`_l>QNGQzpA3RG_@5ep2qmJu2L90{~rwq8<0L?)Y;K?@;9%Ti>K{Cgt zTA_H+LEPiWMHmr6==p4)kNfV&_rEx$kHZ%~ehuOvJbQb4e*S;Pz1Yn0ru$K;{{Vp~ z14fj)aJwytK2fk8H@}5jK(Fe(AoPiBt_3Rkhr5cS;M?2(XqZ1P9ne@nW=N6TxfM@M zc0bw?AMwtsTn-;{vn|i^b~9KQ!D?v-=jZb?Fpdx{Oa(?JWPScVF@_3mF;eB$;-ZB3 zUmv~x;**zueQ~N^y!z~&_O8=NCNc`mps1l;{lRF1|NPGz8vMl(i7Ek$2HmO!G}E>JhHm(1{v5KxGzqhmY08h{qgDH`6%f}MJfe zKt9#*^IQ;fNw0GG-G}eJ^XjwDU%f0ZU*C)>o}a&&OOq_TM7#F|F&1Dzg57Hpu<;t= zcHoC~<$^5tt(GBfEn5QZZ8ahzjzV$H0n@F5^*-L8PS3|H?#Ie7Upv-DVN^+imW=Uh zB+SMPY^2KD3tg?x$2~s)$3Qs0+J+8R5>BZSKpq-4Z)qKd&v`Na`{91R_Rapi>@gyR zPuSYAUY7Iatvx-EFk}o#ep#j`FKx|sGyc52RFm7$_)mupZuyVpjy_D!XDnSNg7#U{ zC=r>t^X!ZJOYgh8)*SOcQQO0v?LY5F>Ew=_on;wiOjB)e@Kkods~ai$7)MpowT#*q zXV?8gIn6k`#}Ns5ZcerorM|`Iuy{tk3W6= z(Fdo8`|sY|JvE)a|NR#atHhQJO0dQBA`9~^asW|sRn&c=%Oo;Tw1yH42Z#M|R8}}kDXe#!* z1yA{*6&>II@ASzpPfIAFTl=S%<(rRQhu7uw{7t+0_y2tVgHPW%J=~xE=TWC`ZvW>| zu(!59Z?=EV^z*yr(y2Z7@{3>n;&*Rv&%OAcM`8cAF>kDuS{t9-k!2_|SwOtJg% z^o!H$^5r%)_D!?f;m_y)diHGJD=)^DRtfb_J3g#Jo7h|I(LDU{(lgsZk`|2=kfz(u zluSKz>=B-N{P6D|(%VO+8?oiZcItQUMw(1cB?VH(w_m;bw1k&8|7ZUHc~!L9{%2o- z_ka8Qe|-MW(K3CY{<~WANA|VQ(NwV`1K@>grte3>PQ!$ANsF}CWEDeQ)0k}4{h=Xu zI|K^*(YSg3-?nQUpZxr*FF!s#+yHd_#jCGg=J_kU%&*9&0I2o<_U@IznZEJnaBDN~ zWzTHewhWcV-&{yb&AAQW(WHH8InTk5)P}=)gN1Q-8r`q8H{;rJ7QXv;>)ic#Vp6fr z(y{tI-zk^St>X~>tE2OQJFg5la#D=C@g(a4&Yo(W?d(lCL6A(_kes=KVxlrApJ5gR zPwu{uc7@1tVxGlr?Vq3c6s3WXta84>vo0&otg*Vs*tnvjQ4AkIS~gdzNM$^u?4wZ- zb@jenlmW&MK#AM`khkyXRphx~Tu3Ja*pQTv5{hHo=H_IxGH_@WXlqRg*8w;zL?%|Tl{Qf)I zeDGs?RW01Gg`~|%dDjxKx0gWOSxSC{m?f?nEFudV_mXsUt!c~CRji@&r6SfG*7PGy zjM_p&>RggKHMgN9DEB&!yjo~5a1Q}Bq;Cu5K{mPrL$pU}#Hj>-bmBb2*{h>*km^^C zS$LCm*2S7D7;7qn%=+bdTJ!AgcZUR1skG)d;QsbJ&=60%V2GU=lKd&ePvH{r{qiH= zP6pPcEdz6VO+Z`&6arTdkUQa(aS+1t+5~vnv(~P3T%>5Aj=)lw0KvGQVQL`(OVB|c+NC%XWpmdCaxcy*mayFBusoAj$lwE@{p3x)_6Bi3@oWpe!5tk}vR83;F@ zf;ZgpS>k2}isc6C+okZM*jSbZn&_!C(6466VrDrb3sC+dOWkD5i%j;)7)2Q!1B_>= zhL9gYaTDv`ZrFNzzV|ppTPw212nj+4KKyj<4gMrH3)b$A=U+JoUouO z%KErVNLiI?1c8R>y`TkMYj35i*WTJw*E|vGLx?4zH|CHsy95os~OQX*mwdiGefs6;VKH>k z5WB%y$F=H!&m`^raEmV9ka9JekZF=^L~9m!q5s3bDzb}d-1 zZ9PAn|Mjn3FVC${Q%ZcPb%hRsk0h9Q?Bw27Jx9hQ5T-$_kw>t2*oMd+BfGhLTWDapz*LWBH&r{Ou}$~ZPlC0HnD!mJ7mUF9B(&1hth*0_K-vr zFoI{+i1g9kbNYHZ^3z@V*6v;z$J2}7x*G3N6F z1^X}b8@H>PIL`#M&cwJE#gkr}j}e1V-&Tr4FGzTagx{~iM$#Cxvi7}~NErxk^`zq* zC*~$zQC5aFf?KiP{i7$5Jx0qiZovx606$&+KcXnOGY(3 zLAV5`-L3k3-EMJdAp>h!Ox)A18JgiTEm;OT$h*aoZMjUjwadKOwCp0kteuJypnQ$H z5jt|o7}>jn+oe4@_HhsE(SnZJBi%}Kd(}cE)-;dxB~imxuUhuYenA(? zLbgL-F-C7`QF}_;!+t@Ij%KeSQdru#tL#S3t~mvxW)@;wmIqa3f$J}_d|V+CCCdp( zJA^RsO*&P3PRON6-`Q-zIO_p*%bg);wo4yJLx{nW^aAJ>Icv;GdNFUFJmHXNU@2SM zL+vG6yWfGhRVy_kneX7LFveZ)=g~Tb*4pia4K)tc{IgfB8`oU8&dzMw1Z_CO<-z*0 zlrNZFnu(>{fHAIAwx69Ke{If4_DH$rhFqa3>Rn&-tzB?pxC@#zR)`vfdz%mQMuY#z zZ(I0S0RjgZjb#^CQAb9VhIPy+txw6TM(kjZ!URiL<~=3h7k|OD9<~W}E$jv_0eW?Z z{w3-1K`hd(89EN-z_0gkCmt+RdZBHy(6B36{clH*Htl)ALTcH11Ua6Ngai!`meWYR zCs-DTeh>@>Yvy()sEG>4WX$}qNI->1)2<9au&!n#9_}YHqr)B-WEcnmiaTFA{oExx zsei;^(G}!sN_2Q^W1JOr!BW^RQceeT0a9yf*JrwHBpr`b!eC@^lEf7ei%GKi>a63M zELR~)m{}Q~s$ir!%(_Txw=iBDc35N^zY%Nz|mBZ-FWNpdhU?#?n5H zX%H=+4c@&2TnmJVxC^rAh2EH9sBk(O3X7Tu(L5ogh?*v`0_WtQGM&y}tkbvO+?+WEe5?MLGpysOI#+h_GXDZ|FYuCDViOb=m)N&=eXB6o@JqfY%UP6~m0%cIV%b*aXGA()prSp*Xq1KnhM29y=UXDPnUDdo*qhJRb1&6bG zO4B!_oZjDBuoY$shQyt!p=!>~K1=%aYZRdz9O)Tkm!eo0dzXh$*RQ@fc!@EpLSp%aEk-7N}ZyHLp5R+L~VWPrI8*}ic+ zoh&So{~B8-+qVV*rGUAOqqP)l0j}R>QRx7^bWLW+;)B z$QzZBN^T(~;y&!>=#Wzpj20|w12p}hoV07QJ|MxNl5u)fk%3dyUv6GO<1cBD6eFo9 zd3&wRf}-9^w31t<*AwQGnJ0n=$X5$t>t55GuKj3SJ2uyt>JG}UY$3+<1$EHJ(7lk_ ziKf9;liG!-aP2?GwI?fRo4Z~4fpfBj5*aHNv<5ls=lS?_8(W?%w1^>u7x%q0ZdR0k zrpc=*1i6lR(E3`7D~ftXN(v69ES_AspNr3Wjv6;&&?FBZbx`@Rrqcni1hEdk0N(L( zzS0}KV4KKFO~ee3pm3-z+V-L6cOG|*UhMT;t`SuC9x z4T9NE*VSQR89Le~&<(+iie4U;Ri44DEyya2K1@a*uH&(P`T{#PXN@taX`OA9=Z4`O zvoj?XUb0-syPG70XM4MAI{QJNq39rlkd%8VteW-6G*yC2b|s^h z%AoEp`=?OSw)(1B2t^D0?l&<)UY=sG@Hx|FlA&ezzJn?I2{vSaGUgUygB78{RLy>m zpvaIlJ4JNhNKD2HXAA;C4l!Ao)DtWm?bt zWiz^50zsd!H5br!h9Zz3FLRV0I3J^8l$UFWG6p^9d>nrf5~0jjkm#_Sg>EK5UTOcb z%u%cR(Q}|!a!jNn6=0h>1PsfJH>N(zbAxXR85+LA$pEOMG-59wzGU!H8IYT~+m(ru z2(@OG-`^XIqbL@6vyIi0D!dzXA^_;w#HF3g%LP0q!(Rm=-k^0+>le8%cr*mdz_6NafT2S{)umUxtu)f^Ei%x>_^1zH)Ie)M{H`zdK1gdn)kq9Qa ze+LU>9-AFWtRuLTJhTD~`4kM}b(?B+rmp27Vpt_$_tRvFx!49JS&x@j&pv$lw!P_7 zP45_yh}1|WC?e&vnyAxr$|sdY>6}cqQdEA}99sL!tNXjp0TZQb?^Udix{uR=4pq1c zkRo_=YPc>gubwT`ru?I$N?~Vlub|r5&g9@uj+ykp%ogNF+wC~r5BtavIQtCm)|gBP z^;@u&M9Oq#&qBoRh-xwkl>=rKajRWlAq~lZ8ubXsbdSn&wGPR_7C;ti)m$yt3Gu?8HkJbOl4iS~0VR{MB%yP*O>){c)uAfZ%7F^WG$g_GNi8aAjIP(!;t}ZZ zR07u&b7`STp>DhHd+*+*FCVT&btw{M>D=(rffF#?*e`?RL7?0mh@g^mX5HB#`Kk6r zuM%w-rEoSuo2VSq^6lM`h|U1|4Iy26pJXr3?>@PE_3ZB3cbCgDt<}LF!rTTo&5uy> z^8D@{cUoH+n|k^0$3N%S+Lw7jIip9|97P*4X35|p4_D%?+97CN$-+n$NPeO$@3ub@ zswM%FxVgqecM_0Qc(%S*rvb(ilQEi!NYI((7&;mvA`)s%gR6sr3{~;QIzNi?fE7&= z%)S-nobK}c?gfwW;rZ`DM2q-_4&X#IT!f&&6mgHHXM$p|NguEb*_O+KpuSmM4@>0O zP(@!da@Ul^bcy)B-i^bD!#w-$oxJz|Yfl1(ZV zbmOIt@r<3!CNP)%5lPy3x#0usg&G#s zjF~D8O(k8fO5s<+E;zl?m}?N7)_Ol8`<7WB=YyOACF;m76+hATWv|xP*^`0L=`sL; z5UX3pu5Ve$NBl5W)F|SPnZ!_5XfgnxlOvs-bKb(gu>tn*07n&_bs-8h#qQEngfUH{--@EbUdx z%wd;PkB8Gz!dnvP{h z$H0x3+N*X7(AhGzCn`lMLU|*WSvtaNiUP=n&W?)Ohs}RnH0fTAg{-rZ=!OjxBvm;* zF`$Pjfe1uK6;?CT@|I=Wgv^?;y~-3Vt7JBXE{j?lxSKFi37~DI#`ti_IdJnxAtE}i zmC_ACcI&bXH+s$>gGd9$kI-P;>kv2^C;1zQCmh$$alYoQ2|%25k^4%muplweHnq$E z=2ip>WclKwxz&k8G5`}celce?oT-`l95Pz; zO%2{MGlsPF24fXuQ2#bM=J(HdH;AJli$f^I`|S99ZY?yqRDsv8n^C#xrzD%_R#zJl zG}Tf_GyuvHQ}DNjaFel_$U_doh=A;bycgnel1Y1fe4HbtI=ZUL%m2Om<&VBs|FLq2 z8RZO`tdwjaqJzDr(EIXe^sQ&tzV*@9_jkYl{O#i}?!Gg|fvo#Z1t!}rHL_2IHY)kc z{oPN#`pfTsPQT&VrBFFC!>H=6F;AwHknVDS_ly7je)(d31C^v{^yVeUTuzyb?b@?( zZF}1H-CM znVmF&Ccq<3R4meBzue#TAEdwho_@j#oGK8=Rt$QsmOzV67MD}X0XNzfUI-l=5-PVC zu|<1KfbOlSNWsXlrIs5!XOKa5>i9X*uuR2CyI8f}&rUC@>gvyS#e&&2N&PPo?H%SfrzZ>d26-yT7m{NR6n_QUmd1$4O;)eUa5(+`iWSh+)v`vPQz zsO6^qpGczoA*p&no^rNv=DAE9bXgi2MO zrYKTznxr35p^E5W$;x}qwyUS7St@}|-wM(CQI$s=%vCdoV2I4vdF z38~2%%rfc)!BgY8?_zFl>;dtH<9>tQ%7ripqHkmKd!k!XVX8yHZ9uW&TkEE2Bhw zCEXZjWl@9gt9m-lBJduG!BqxSH(ATNC>kFW!blwi&~BvuI7={{OiGWQ)xRr`l+xh9ikwKH?|!jE3#-Y8MWDQQxbd3rl$X95$=<1PN@XX7aAc)P-uzGJWq`4|@1|ZZIX5?=*g(wt99>)VZBgSmBy%n6Wx;o#B zwgqc9(?d$@7^5V=h%k~jxVW1T1`wDP{Lpf+U7U^;;_K0J{<@F%}1OQ?qZ^WlFF6S zfMxWp20Em(*JBN+%~4&qqCiKsQCEkl+ zgi`rppoE|+`+AS5lxt(Fp~@(0rf23DSt`0^nCSg%{~xdCxvx;hQR5FPT~qVf{vQjp zBm61Ke9u%9H?N*OfXPPg=KhHFqTX0K5EY}agPj0y`sZ(pM-A}%Z*QBD@L6^5+XuGt z_gW=mgD@beQ7)zfecgkmfPk?HK++gZYtEUP1=R*<+f}X03!+=HM6<6W+PS14(mLag zN_+HXOYY@59nGqlx85;Zmd1MXDX0`r-;XvpsodrHU1j40XWmtFTI%ND+KQXgy4%&=a^44W5v!%A`{?VhN5Jlf zXP8YRx@+J#cG7?l(x{Y~I##;MP{&yXL^YdmMXj+F;Y)O3MBE&L4um!Qk{+?k zYeH!h&meF*iEf|)l@p+xw4rOj%IOvjCQTO;m|m%MhbnV%=w#oSNr@#JfTV>>G9H_07(WNXq4%eQIYnzO(KFweL@*K7`4oGZPr5@87 zw%x8h8`m}&Km1L7dzu$hYX>mAb|I}umALk7T-#*)>Z_l8@$o5)t%OBMzb)DIB@u;d z&&D+hL4W$;ufJMl1Z!QPxpg^szqEAX+Ou(OlkwXhl)wM@{4OT2x@^_7bzbP&vvG~) z_WO@N`|C-DErxk$YVB&x2hp`>;~Kromp^*@lhb&_qOj+*a-ptaeY*B+T%&pU;ZHw1 zjj8N13g)*@bpkpr%_kX+l&S&>`mBI$a(|cKrGMPKyDTVRV9Uv8JN4dXW0nUPKLYD^L8~Zr zG>*n9Yc8)p`^Lnvd6(Y4{iOXWefitZ-@bkG?!)<6_V-d6k-$XdTNNI9vxObr`B7|* z+D^p;QiH}HbrP~03Nm$#5Fr~J4Njbf3!VF7p7t zdE4Hl(@XI!x1))G;Q&S;(uB$;wI9R#q`-53ki%yS>aZ6PG4-}xUj5tM=Xd}2e@}ir zrplrI5HK#Pw>U!1N-`qa@vthOj!sa$UWtD4XH(*es9m%&_m#;^{avZD$G=am zwB*}3s=E$|_4>ZhwC{ogyK)qb>!D9^z@YQx7203-XD(FS)KOs=x*SeU?e_Bg?!(>X z{_cHy_d0!Ynj<#xHn%HNEw;I5lEPz%itfi0T^U`a&^}iIW~%2t)gAn3j6i494#gDI zScTh?0Or=KMK*SUR8&4!tesMVs!3Fxe)Hwaf4q5JK@+Bl>&y0?_|NEc**4#Y52^g+ zw|`0X%@?<{fD&lri-0q)%1!;BUa4aYzWL4n_@wQnxBC)3z8SDa(NB`$dt1#IQ2SuR z_uoMpde!#_oPaOpGzh9@^kWkWfJ$Np)@fF+%U2?cX2{#yR>V;m@1nUpzkBn=-K)#} zT}kCH?foq+BpaeVMgRdT0RyBA6vTZfrUh~Q*n{MRU`#%inwd zzI~cM`SO<9kdcalxQkVV3A%u@4Nsq9{8&}MxxoV!bD}|TIo2^BmC_~|{SYy^;lVZ; z0PpgxZ_T$keyJSS?V!-dt2j~2W(HH4hK6E4jq(Q(wDBbz2sd=2HxY5Ap&wFq0ZjO1PY@kJ1YshW_Uyw~)J&TnQQ?TTbKme|hu8FW%Jj$q!$rPu~2`%~gmxOR4CHRp8%LGT0p!?#f|!B$L5B zE*0^rXTp-OGM%PFF~Dv>fiv~lZd-<8Da-IqcnXBzLG3gu7A}Wf&cgSpr+2S!>6xx5 z5*q-MDz*i)H(Hoz{@FV``8{`#@iAF)MudYoPM zLFVoO=nEV=(jC%VnQc%2Qwp0#gF0x#-mG+9?Wi|YD9H>EUc5Ti#k`ZG2f#6%L$cH` zV((V9Wik#3?l@C&uEZZ@&5$qcO7fk(pkOQgiXiI0qUsVaPCLpQemLZk;D^Jcy>*$WYkZO5HOG((SDghgwJ| zH2377bac9hwAJkt;?1y*xGv-a zqlmtR;YY-lPjgcX<9>rP#*Zv*59&NMnoi{yB%<|Yq?>X&IWwqA0yL(Kc}f+F(r8}Z zwfFBof7d?F@7ue7Jh38%J;mkKbjGRR!h~L`a`=}TJudbT$0c0>o>n`@83T?U5@pWXj@lO2RQ-DKg)w~;EE}>H!Nl(UIZNmwe-Wn zoYzq$J+G-lDfBQmT;{sD3ZLDbPL22NlU6=_Z+rBQKmYLd^A9(4>*1bAI&7V>+#-ad z>pcI*EjCa7Ti-hWbvasK6ZS?1oi|g_mIxCa^;%37G5s-K*QT9I+;9 z1n=aLvp>GoQB*KC;Eg{ zD0V!^W7m_4h$tYHae!}DVK2|`KL5ZAe5{-xChX3Fl5_x%=X zp))wWD{pH1Vf)a^hd1wTS;G}=mb6TgsUvXV)#7X%qZI?qX(E@@3U_}r$S6jPT}^gM zxzhCE*rUQoZ%;>~lvIS`$RB8%qkG`N)UX)$Ieqxh-re?DEtN6D1(vmn=|FbL&#yF{ z;xw8{V(&WZrrzt!MREM?7yAx~w5W^f6F`jfPnsgil#0z8Qf`XD;5@xEIZ0Ks(&&G)ZzrV3MpcnaIZvOQ)u6o|lF!_J&rpWGUDZ$^tY#=B(bMuxm5P^xR$| z48>UIhwbgN(&~@irB849ABRh&JopbJl_=3LXmj;x8UFrB{Kp96biF4?wE+;F$uNH zyAt0x0!)^1fKec&sD;%ubJ7yxiut8}I*FCTQCca8t$c{%kW;#$d09)RZKc!5G1F=CH z>!sy^+5Y*>#ic*$-#`l>1K?3T?9yfXVkI{ZlNPQt5TV1%?$9s<@Y2cnnQc@{~Ia5M_js((hteE>l z%v7uLlLgY+d|Q?wbyPf9l$l_?c6SY^!5GSUqAWkEiy00 z1h1)7Hf&zn9u=~bVhj=fO1V70`=7h}yWjud^Z)!Awr+^7=xvRVOA|J~`$)7YgPe!+ zm;1Z#|M=&heeaY}7v3>Jq>H{T6p*;~Y+TzO_j~U@`^9G`8CDfTGGcGZEReLgh7EwL zRD$x$pa1c9^E-=2m(1|hgDmK>fzqq;a)0;Jzkd0jpRO+~1KcLP83}tVlR=PDWv~%^ z`Gt7YbS$`7_o1awGew-WTfU4I9`Ts9nBa{Sc$o}mF03iJmuCl;TvB1zUKGlp4lJ&n zx7`>KpY7}eQc_b%)YCC+oIZ&S1rb73C!5#8R&z~X?(cr|yWf2AV;T~xdP|KS1_y=Y zJW%ZLGr&Dp{_AWkTDL2k}IO zao&yD*-f7>Z&-z%hLAa%{BCa(kJjbx{_gFsfAhN^tb?YzfB5nbKUmkS zv;dr~;ZOrzyv3pqrIY^Ovbb4v>{bOwFf; z8Wlpwm*;n4TOeQk_P_su-E-Uq4MkPXNErxTCJH<%ad&_B^Ed79AJ*R~f!xSaj$%-$ zB86UON+sm&Me^faRM%+hU}Udj!Pw0^IP5h;!%z_|$wgkC-|6jLzWC&S-u(WgQ4L^? z00=J?cn720Q{d-yDeBz2L7p){O_XK`U-+lGdKmPSkr(@L;cvrD{0vgg(_E2=Y+~582s~>*y#X1SHf_KrS$)73=g~fG5 zW0^9Vf81F&r^s>(gfL%yY=Z0DhvnkwSxu=l<^X?>>3+(^b_3xoXxNnM^fodA z1~Tb1nHeZ+ld7DKp-vV;0BxiNcq%b6p+xEa?oa>t>JRVN_khn@kyuch7kNCH+$QkX zuYdO8<9RiaPh$a;BgcF=z+Z*7z5uAJ;iw&=U)#5Sw$kt+(&};V-}V_^d}20WZwyaYXE@Osf{v0t!=l zIi)j|g4yvz=Qfn{v|OjtSHO%+duQ`LE_w4`hKEKEg(4&=Wx3qn{pT-!_p5j7qjxH$ zDs!w|vYytltnz!zBaYz>H5YD2&!#KG$q*^vMlu}#hoxa^<@$@u{oQYW^s^uTZC&q` zKo~9Z`yt4QGlFX*$H-VnF1d_VrUKIm8FyO0QX?1+sO7LjYRxq{!F2mq}Y%>y$0p)=R6C{2AN9pG$eaWk&KrK}{0h3Bgs;0dE z^(UwDc4E*srM4WMTiYUO9Zx1L@5)<<8jXd^rY)XPUW6@Mlk2^A8M-=u@DY=e=Y z3DMTZ>Tf{FlMD)xl=0mm=>>35=g-R7@l8r`=~LSc580o|p!C3}QAIWbVu@6Z1@2T) z+{UDZ75c^_LIz>ctv`aG&E^Fw!Tvqd!jMTuo?Du3q^~-hapQTf12@MPv{@w)5IM5K zh72U6R)s|n$E7IS4cvH=L7`%M`aS(?)5T&4p-Q&CeBOM_6LJ?c%%5@S13q6?8^PA2 za!6>rlCJlL<^ff;zk$#X883hdHDFxdtl29Ddzw0vQAQexzuK$z z^udRxN=7(nXnIQ%YoIdne2OFZAt)%Uw3s4AGDNiwdL`T3sXS_>r73{7C{Jwf3Y1;M z2(ngFoj^%vBV}`G_v$8xMtNhYK+iX(z`i+A4Akqkc{+@Q06t&8&(l8ou_J5;>>ER> zJ{Y%iK|i_69FnNhdv~0>2Dre=3#OEPGAqZl1B+jizaCH%tK?k5FgAjq)6~wC!=>Py z4f3BnBf+9fbw0H60k#e!(OMFSs8(N&-`N2{F6;3 zJ&JC#x5F1x2K)f}$?{Yvxha4Gpt}1#Y3E(v?sMRwIOC;%dEE7*fqI27`om)QJ4;Cj z=hRf}K@^;vTdxOWeKSBp&s~Q09f8NYbt3>hWy=&!v^`y3UA{|Aq+Z0dj+?>S^`%c(TNYEBOvYWmv)=W1AT0ySO+x`Tn5;u3($sL+UXcip;#G58Mp)oM@3^>I5}W@d4!e|%Dm>dX*>r>eVfjC zCeEkMDI`6azU%2G=;WW9ZRhS=N;_c6gv+b%OtW{qZonRm#CSu1XQZg~9D5!UVF4W5 zW>qK?lhBHMp20Cv!p~X}Redt-T#;g*!NYfwD18761%SOmcLxpnwHX{|ydcyGpy~HK z_F|2vu&VOtXY?sdD^ef?P{Ju4!KRM>d}r_2ro zoGct?rNwk)wV*Df3dTE+<<&UD>iSeD393<<59W;{X~(^!+hROeRD=Sfj60_%6a`(C ztIWU$4vgA4E_6zKAXQ2voykqi1I2G=(&wLia)0d=UZAFzVQ`L^UIwXxWSE*UP68w3 zxp2$08IO~F{3$)i%>vSn$d@cg1loK~eJC;#J(+)o&b1hFkJRkTL*DaffLw}{D8*h)oPr~F1ot8zd< z()-(!=iS6l90E74SQNgWRUeYNK7*GE&`mWS5hl#sc$G129cAs&O!+ru36@W(>d)pQ z6Gx#DO}EMZFttB9ibqz3f}RZzraibz-3~>@FEfVB5{lS97lp@)t9Xm}S7$Nkfg{q7 zojBW-vW9DmSFKh8^Cha0CbTq_sXsX~$HsDILV1`JeP=J4FfCyeN8ks?g> zky4yILuHuHU8>=a%S^dHCF2vDdPI0>%el=~+ZBaGy`+_PUo|6B!950m`L}I8plz2| z2YNCHCp_a!UeAT1zptfPo2e=ml`}B%NGigdwx&n{_ zQlZJmvxb&2iAljI40~;8T}}31j2&~-#;MK$rQfE-t3x;C3OqTU37$6XjRR`g8Fj;7 z(H5>9+?GV0HqUyJ#zyo;P!_fv< zG+RZ@xcX;$U!IC;H)7QI^8MGhjPd zpG*u#kZ#@fLtQAE>!{-HGcd;*fn=WI)tO94w=Kk@i&G%LVr{#@6;8Di^jE8L>+el1Y z*T$8MA7W=b!XG$)TU$nYoaMz&fpK`7N}yuWrE{4B`ffMvu)9S$!5X?f%0-~Sj)FHC zI2`L^_F>*Rmr3g@Sr5#Wr2>s|2b&dp>@S6)25FGlc@jZ5 zCNs!3`g0~;onSNZI@D>|}D&vVxXb$XSo|GDF?2qnXNIaODqMMJ87E^StbLx`F3U!Vyg zh-I{<2n~??!d+tLkD!YygHGHVXA;aEzu%lqbS^o)LRms|E3f(ENE%s z^=b~tASn0s=lB;jjD&FuB9#+EC<;}UPA3f0{LH|nTKDqlu)jqZb zRZ!QWLr5g0mBR3>rf3~e7}a_(^#;it$pA?AAqX69q7H#C2(#pnN*uG}DoSbaxO6hP z>?5_^?-s%o`efJ{X?(v-K;2Yd)VwdKUaG0Bkgjy?B{zs|S3g>ZMS8Cd&7=vAahzQi z$})jr4!Hnf)ksh4sVkj~yFM(C@dBt;$M3;lDC_hWN*N5f1N50b-W(WN7%s9*xaVlm zuD+hf#a9goVq=BWE3_+J<8h&@AANnl+%pH`a;DZ7hZ0F7(otU7q~dtT>83K+3aU9R zoUBXd8m{4{xcbr8AB`e4UxN)VkB8U~deuv)RPKPCxDJRE)U9OHRN|^B7VmVtJiq&d z0Wf&^A0+)XPuvb%>4es5Cigzx-xEkqM}3H-z+iUjNL?;NMY9ut)oLAg)2h8S;Q7!T zM|J{u95$gDoZ#@J5dQM~?z6jB%Sz?D5cYGl1%+xM8PFBV<}6m2>7`@ZYbdqfqOl|y zj1YAEo;;iNBM2uUbTd8lB>AM@F)4q>xuFbKbZWqi>zqr+qb8FWm|SHqZ)_#VAT_PW zcL^t{4S7^H7=~0TD;$?s{Z0#Pn%m7%ra^evvBi1*p% zd16gVl_&BCO?4PG>18wQcB4{=&gqQghXNF%;AH%^ zw>NzPS`C6DK9BqU40}qVgC*H^lpE0Fwp&YKkNva&W(<1X2mqkvpjiB+^JLO4q@#db8 z0kFS9m5C(EqAxj!d~;t&MUii%P~htKB!`$Ws-}fSF~{EOSXhX{BL2ATA&PvO=hSjV z&ZF#R+eZtX#m8VO5Zd{$T8^?cRTVk|jMW;v5y|oKpK}GfuBy#vwrsV@D?WUWy_z9| zy3wx*+BAnBGGK?a`7fI(b}nUCJvjr^1*uWCu1j>Vo}H@-b@MJZ1$s{9rFA!+5HhGl z{hA;;facHJBbG9xZco@|>(;2AdpujW+I5{khoG`l7&uh~*LN3T9R6md0~CU3-kr?2 zr|ENRFkFEBk}IB8jdf1>o{V46kKac*lXU4t20Y|`M45UG2A zW9~@?S(04Yx66biKyi(a#K(dY7-9((;e3YM5-cXJr4DmgRbjyAU2FoGvN5>|P_u@b zi@7oPB!cj>mS599UH}&U5QgVtni3L92Ng_VO!~tZ!%-b1k+QO+Dj5<|T7Nc6ZBk%S zwqEM8cr~~NvlLfnvs4S)q<(ok#7x~om*%J1o6mwr&_q)i=4KF6D;lRqp%)&;vLyuY z5o17Ai~};FPGK@*j~}RRM}){w*t)^6mCU_)d{f)Gsy|9*pH_e|0RH#>0!NGzcnUIh z9KncC?C_|(O2}hHqWl24CxeVYo%?nYGij1|bkdNbPxAR@&cw^S@P5=l!z$u7Gt0hi z+Is2$@m9r5GZ<_WIx*{(&S=f4u}L^;N@U}&qoY6u86|Bkxs6)`)V0aff7VdqxdGw8@zxh%SEvy(p(! zk=RYup4(_jHo=4ErSC-G#<&DMt5p^-){RyTZ`*w6@&?2V$=KF&AA)GH=OF}x2r768 z8~@q{u|MJH7fm8Mp-eV3OfgmoU9Gd{h>($j`Gu6pHk#{?2pOCHs6)^Tz||i@pl}d4 zfUxl|ke{7YqqZ6BK{myL1*EI0mV3vdX2_l{97mq2iQ)!76=V>F^(2Y9%cqYt&%Ip} zyS<$|{2TBs(*}ANGrlQMz&%pYDn$S}73?yg1`qUc6)2ZX9SMcYDi6sTJ6~te zkx~_$X(QJ8Ft!Hap!lin-%>HH%7l}lqGr&+)y-;wUF*P6p!PpYE$W7PJ5fsK^L?T{`xaQ#^KjP5LqW`70h4! z2AC~|*v$Y-9FU?heHh~i{6Ii0>Ir)^WhSybAHzCiRui&|niiW8*KiEu>M2xbf@~R+ z=TdN_1!B&=GQgDbm2@_ehAt=npGNP(6}%?J^rxm+@;4d7^U0G zW0=-;m$mO8&x=Y1#7u3k0S_Ew&buj;!CoeX@$SZ>Lk5}7c}O}!A43RVAVmj)bBHC& z_S|e)nkkXO^Fdh-sOl6IBH2Qch;!KrA?{0}w(u*6kg(QP? zNFS2O0Z6KO_jv{v0( zjU&(*X?~IJjFkcV0Ai`ulmjF5ycF_mwc0kg zB|0PXfLjSfEmHV=P7=0IBNkf-QY_daxc1GL$3^4_$32aVQAi+Y$(fOx3Xdux4asp` z{QiVT$BhN)ilUk$bYFN)ps#D@x+#U6P*tI#T0nPc*)I}7Wz2)J3F&3I8Q0?a=tIWl z;7x*Fh{q=~NG=AS@ghhn%6V4j6~h3;5D5d{1#2p&&V=BDQUrn9cxP0&VL3qtkRXO6 zGTHJq$uLdB5KHR#$@(zDr(B*5%mV{fJV|XC4cHYqiu3w#f}vz(_I~9l#kGGwuAS_4 zo^NuDL%Kw zATui|K~{kZ!KlkQoM=)>TqKd(T5^DE|8`tka@=`aLobhKSdVTz44nX0Fe`N~24x2} z1#j`{CF??O)^&2q+!!yCLHx@@&6*T2j9) z960Nz*Ug!7`XX&po}MGTZT)lc|CF5%hM$w_OWsA_&UE})MKXYucaBwGa3XQIG)MqQ zHKV;IW1|S0+l>PaGANld1d-u=5(gn{XwH8TkIkMfVC}7-xrm<46kA$EP}&sfKmadA zbDg25ytVTB6G8^%qr{LzqkO;I0)i0?KmZ22!ljA>(CZM`piHE?f*I?(L%dlZUG_iI5}sGzlcYh&$}#` zSm9^ZvU`^$cm$?vajIZ*xsp)krHTmo#^QktR3r>Z;NZR@7>ftVc!(uOvoA+JM)={- z2%`iD&?JUn+Nt%O;%(!whvHjSg)~%`DC*{z~OW~tS~t&UO?MUd-Y@N)oFa;Z-T z{c(c~2<4i@Ogx9W(H*u6!jI1F)PQx+fZ>JUjn{&!wa5EouE?yIn!W(w6{vK(>kflJ zJi6!N(NGhDFwZwdo5=!rGMxL7RH&52YJl|9w$s| zk1eS}e;-qCs3`!g)!K?HgXvX7baa9eRtX>)OcjP5HvGQWQG<^jVkt9V(Boy4o~g7M z3Cg9o7sjc)hNAxyE`zKs*4Z=fC8c)u%%$HfC?wUh;0@i1cbx6;F-nvigeVb#jM0mB zBT_>$j)DaU8rqmYPf8cU#=jVP9bN`KFqbi@x9!maZ8ns{vb=CA;CC-(}VVbCzgcBB%QQ87`6LYlVp98+3#;dYG%1s6|)qNP=V zN>i-19T7sCqD3{T(zQv!>&5}{)4FKVjcNkOctIs%hoBc=BpsiTWxgtwLOwS}g%%;z zUXX)8zB-|o?XWfE)47%iRGnEKxb?c!nHIce@S7}m;gKL*mb%kXQD@WCNuq4w(9Q96 zDM{t%2o4mjXFx8C^67CtTOqSiFONH~D-=&pQDfN??WfXe(4ABMmJ1wuHGmYA!s(E2 zMXEO$6d4Q{&2q2x->IT^!rkkm&@Bf)39Q74sZU<_+2R=ER=^Zsfc91L#Hd)E zzcvmX=5s;qK5---2Xx><=kX>2IQncRW!fHjYOdYg!Suw~JH% zw5FBd35Rmp>%T{AUn?d3DRU}gR>+(N>oN{EEfb<>(&nb%4#)J`&^F&?NF!a4{SZo#7x$!Gw?ve*$d;o;uY@eBqSqoiZBQg&nnhDn5yJFaD9$8f z)0=Aj5d>{oa`~j#&n1y`_W8w4cU~6#G@T-Ais*c^UhuGK1+Zl!y--}4QyL%5*;U(b z!8&g;wxPNv=Y@FeW(eaJ>O&;+JD>Ev4<)0!&sC3lX{CxoDMJ@FF_?ExfwPXu<|J=C zAITug5F>fWgrsdV>LKI>7{%w$y0S-4qe)i1bT-9_%#dKN6xHIyin!gAjI;DT?HSA< zR!0}txF3wJ&VF|AQA+Xhc!V`QgJ=0OSoBb)XnIq~QD_-z<1zv58|=l9yRo-sbCW?y z+51H#1dVcMh@;+}A(M_%wRo_2_J^_TsPkZ=4Dr-ulBvDTScap5E_fIk;J{UM6=y1` zBx>~aw#^O~PtD$0p)5k&&H)1iw7Z2*$o<>9xt6K_+Y-z{Pv|C#msj(Hpt+f71!qvngK?#XJ-gaUd%l;YDAWCO zvaE_-a;$%4%>GhBITxhl*sx}-aqLtC5hllalyL7T$Yyvjv^y{;Mcd^uF>p?`haAB7iV}3AnFmj)@s+Q-W)xd$vgS`_?oUs&o}@9G;M|J)*uQ=wLvA z3>@!y`h$2R-Lq(Bx< zeS7m_7Ipl6Qpdq+6Z;fclR<}Up4eznYL}oKq(-z$`WiWoZjFZxWQ(j&WyaW8!;PIm zGPb>G*B?R9W&&Xy?%z}JI3RN`#XBDM0Sch#M5O*@0+h6LfXYIPNjiP5chQ>QcjzIq z5Q`SVHEsl=t0;IGHAk!#- zTfj{L%ZJk1v(Nsd_{GJ-HicJWMNpt?AYQ`NCyPZ}+0(NF7Sf=aP11Ua63Cpwo#UH2 z=)Iw@h?VCV*KkiUF-9Mqx@)$-ukDnVk;lG*;$~PpJ#nP{MJX-)>TmT!5i*jZ}=;HL^2G9y3f#yz3 zz?0D^KCF*jjdGAg1ZRm-fZI{YV6k&-kyhaPTgUJwATedE;^YlCAaO+sErIogP$TAm zxX|OoUnGSQ;I6+fD1{mKk*-Rb}WvQZbkY5v_G;tKxhSVa17Ik z-2L)f;?lbd2v$McV*uWqx6Lm)R&W9NuVr2ewJ(<6B6m!+WD{5p z`Oej+QXtIQ>!_?@x#^&KTAylPA_uj4BOpvm`^Q(HVm8lDb$!fb2z~0&>%hE$MWl-7 zSGqNhYR4C2YaHN(s^|l&^t9`a+eRH`%zoN~Qa9ubt6Y_wYX>+Z(FftnMsQyHa(cPr zchdJXrNK;Q5ameNKLETq9!aHbiSM1?4cg9o!gD3Sjd<_4M@@pfJTn%R2~+u%0lr42V%~9 zKSiyu8l(^&Wiz_xbgNScGPWgOh9EMM?f5AT3+l0le7>|D_~!^R#sqOm!@YDR7Brsd zsJw*_lD*&O(1=@Y>yR-Z-yn%vTBeUkG>7#D5KDb`r$?;H2((+7WIJNwCa8c6gmT^k z^Fg=VkyBN*+aPas;cPOut;r-La?Prg=oeQ3*ABBi`fy&* zrX(K^wVttd^m1klVD(t#8IFd#m+rlR>3wdPt%`8BBg$r@6@2#8RMgffUpw z1Ycer<1~X{(4~j*7UD4xNOp}Hj1yC1uq!*xJ!!z@SF%$On|X+`_EVogs+2?Wl~=lW%;4wp%}zK*98~dw`!ZR%Y^MQP(Q={_DFp4*Dznuo&8rDd_lLom-m>oY#S2PKo1b$wzfEV9aFA{%K0QshNmjFmAD#{yOY_j22r zdGvk2_bp!Do(YXQB}epMObud!Jx#C@u-!8eO7FB;1(31UVv@(8 zz;9QCFs)4*U3M|#VNQ=};AeWV~4Z!tI1T(|#QE@Kg7z

=EmiP5}xXDe5b+6e@H6WfSUV2DVX|k^VGK^@e)Mh}F;cQ%{l8CGWnb1%6 z3Z>+UaMH%n7ok8(A+@?WONNx3r`U4$a>BWG&dl!rz9$(+QkOF0VK4?iDY>?6t?iT} zr6c6fLy8u;_wlqu(Gz1pBdIsdb-)(aZn>iMc!}eg448*WQ*-{$lb;icySB_y0E!v{ z+1vjP-BjX9=ju{XAS)(r405@N%V2#|XDNiQm6+(?h}6DuzI5mi@aP9WQQnynkpDhu z5J!3O9>RoejjA_g%udg{x&>ZTYWY%SYdpUelZ1M2#?o4mZ%qAmasUt{0h*^g=u`c{d4xAt=oBm+ja-H(|$SE$rW#ci?5wyJp{_ z7gRRrSTgseHrMP8lsCwrcv~Fb9g;Tddiq3RTRBPHR=Hl#G)h-Fa()vZ9>!CHw254x zsjN)q?Dllg$sp`5z|^t1o^TCtjf4JlmE*WiZyG^n;89Ob7&gg^qX_L(Y|(n(r@O64 z9=OKE7IgJ&5Bk7(4O&OXSXWZT!im(BEEn&_%qi9AV!Q>xM>1Z3E@qJlNpwODaqLJ; zVrl6yDDjnH3DimlPE6@g?NDW5%*rQ4&8ecuRtYcGC68-tC)3q)cv}Z40KuecMJJ3g z*#q|^l~g?KCZ}Q%9Jf#Egke1vEy*BH?|u;pK~#u2WMI+8`7fIXad!NYw;8F7VmbrH z*v7D0vV_zblEJYvr&0@RzIK{9lCkY?xBdu%XupLaWIGeY@-fTBiubW95J%H2&Q?5K zdKhbOw8VM}J{Q32TjIGZd8dXY<@YdD-musiu`^OxWMKwmJ;#RkpX~OcQW|WK1&DqY zwunW#b^rFktS$f&Td9x{yxdZmz(yXw#UB5zlveIk0+Y!|>U}zFci{(dK%@r_+|EkK z1ky74-LdeM2@EyEwbKN!CG4SuX7l{X03U{tq~^^Gx1D(xufeH5S; za>=sMbY+0Ykdd2V$F!9{TY-fviNOkm}fcmH|iG@>~Ztej`!tYyu@3+JPNT$&xg+ z-tJGgJ6jzrs2yE3J%HXxbMp-k=q=7# z2-0cAqGwBaxKD|QMU;t+^AC85-RIvM47BG_kO<@0%Q{R-f&aUp5yFBC1?u2xzwXmIIVi);HL=S5rE&XG}tmyl&f*~|AG6#r4&wJO45Y{A_dcWL{H~- zj-vQXb*+`-ke3Box{o3Da3gR=GG1(+&Jc9K8sL|R$)auGEOk4CmLzLaUZnmclRDBWk@rU5dT5d{SrjCRJ|kR=>l9&PJhkIqko!VB_A>yK zlhL4*z;>%qSZtl>c-`K7&I|=r1tM9d=9+Fq!61W_f*Xu83?eJ)%?UYwgu_x3O?(Fi7$_5IAI>AAkq10 zT!q2bTI-lelZ4|Ow-gNxZPvHgZ=?qxgNTBLpaWS1(tuzX^8Ip8NJaD4*~>6mdv3VW zmAj*J+PpSeY$5JXjJ(?>MWAnn#4wZ+yFV0n)CszjHxTF~HtB6f*{NzT{(L^P7?l9?12@F?)W8+qqc8hY4Dbzx zogjWEPz%d~GH7(9?0EZ9^`kN^Y5KRz>T(9qIeM7A$_6+tJxWz+o}<+sZ4gG;!pc?F zmY0N%R|XU;^c@NZ#qsO;hQ9{%Q{B9uQ(3YXIY7ht)+(FUIt7N?F`N^!Rxwtb^s1yA z@Yj$*IIZiCAZS#lKnVIu)BG3l*z36GK_lhFUj!ObAKxYH zy9=j60))Rd+!lqiS5T*h^Z< zf&h_?p{X1D1~LXd+V~YDQSiu3pTEJ4a)(^1pIxc1p zNAQU^phqfCqR2>Sb+*e*X^h$KjH|0%PS?0Jo30`({Pd=~W2sT#C@F=OV%V9y(5jCW zxRdzriJXcIlS6n+hjv-lZ8w_v_KG(MQz{=U%1C695qSigm1K6nn4B&*#+_skw$l1@ z{0lTw#~nsB31ot=W8oQ8!X!f9!JwQ@eBr^0prU3$DYuT2l`cXzj1=K3HcxM@hgyDv>{AK{ zuAD>CR;MyYg!oQJkWGLpNpYnlh1`@YZ31J#0w9$k_jK3p3!rv58>rr6fk{7S3bhAB z4Ek`INAQUCjd)BHdz94Sas;vzIS!$<^}Ce3{QkVg$ z0R(3D@jDo7ErH8)go}WOt!%4^V2ugee|PXnYXhn-%1|o{2K(C9^WyI?`ipDPtwz66 zI-nQPR1+8`J=Ydl_jboP5iJM=AiR!B+=3$}8MGk7kVLrR(?{~7InHw26k=b9$0x*k z$u_ij>l7ojrU}7Gt{e*y**+C@s!S4UebzT{C`bmV!iJ>Lafgp+tUKKRV#)qm>iUH@ zz3j-?^Z}eQqD5Mgo=}x)&4UJASp+vlIb&-o)di}NRMW+-hcI0OrT|?$C5ZTzpdks| z8Yf-nQof=Z*E%|_d48JlH@R3y#x_+$4*9g=eq04xOkd?gD%D!@VRdC#G#UT4o1Hv& zbLk5_2CZM8jNDSjXD?Ibt46?}WNVv3q4K z@G-*FN0{7{9XYD+IVv;PtDz z4cAd>7?AaNB~M%9s?uz(wSQ9dCdmbJPgLNLhf!T7o`OqT8LB0bk$izcW`e zB|@npc8MgI_3(HO%Wd^#;-OWg;(eUCtX!`A%EW{m9n4*;WMUZ15KLya;AVGhLMzq; z|JWUnK?++8Ne8VJe+2uCxh9qxe^;nq+8(PG2VIZMW#%XE)S;xj@jEN}wkGb6opkxu zx4!r8UHWpFHAe0wIoD8;}C_VWBLeR;L?H7^}dsAP|%!)2kc_>P^7> zqvOdPxxF4(z72Uj8@65i7a+anPGQTz9ZJ0zjR;ih<-6BM$w#cIZIF)QE8(d@%Bi$G zm3WK+6q4G}|6@Z7@3gxv-}&Y<@o2;I?N@-yd%k&i3uVDi8#CG{=g&~HF@XBZ7VWu( zAj^*Cd{dKv6_QHdsfL1!?Z!fb3_1eqkhFus;Fk<5nXXCQT#R-yZhSSdQ>lDbMkVe) z%>k$%wrH+Rx7AuCQF;r--$)Ta23aU#NIJFxUk24+ye5{yPERP_gfI?1l=4}zE1o;U z*=E%_2G_Cx#HN(47JZAIY?DD$=|j+Fe}y59cWYbk1gYC7_QerPs%6ji7d||UktJ*@ zs-Z(;mgsua!AZR-^HamJ&X|T`TyJh|Sl+JT*vHk=v2RNZ4V6oB4^PXKJA>c~r$F+f zVyl_i{) zpYPc9(V|f4%JbVWcK}GTdkxj_${yXdNjK;y3<*U1dZIE9W_tKzUX-Q^A{7On;RY|U zH%TB8v5S`$q_2&@`joGJ;=Bo+)1f?Z05cPh77_d&<^AY`j{-=an_FzcTZ|)8}>fnIgpv^7U~V`jS7OZa_rdTiRKWh)GR{pL%@;bUOe)f0TqlOnU**Qcb3xXx_ zq`b9{{ks#GBRp{N&I1ALu)=wCoJIB)Ts=ozyi|!>{7WkTCtf_3XN3F`WOM3PQ4?s> zUAr``V;rY$8j+OTbUOEhFs<)BtMtF#1yc}#(Qq6?<4*hWRfJ3kG;l!e);Nz*|EZ0{ zfi+{>K5pCOKc1c=A)fvn|!`P()$ zdl>cU?oIgn*PB7PaC}oH=;Y?^b>e5-Wc+KUU94mI#N6_m7leqvpCXO{Q*a+6ncJqE z$B6f?lsGJ)`ycn;|GJ94<@!KRs5w5dO)aTc$5r%*u()ZTpIg{j#jQJ@_`@pV80Ku= ze~%lDcj1`-f$G7>xLW0xPlNxmjG60UvdydehB;t+JVWAv=hn=>ux8jz4e-$b*UOYu$efOOnj`(l`Wu0gMT3U7@FwYan%Rp<)a7>#VX2@VpBx zv!TorTP{G?E@LZh%Yzvb^b8H73ho@OVS&<9Z0r^R{vpoV6^#(u>)b{MLWd$W!&%Togm zn*cyl+WvzqTMtYtnft(XphA}ghaM%^z_R8W@bf&Xxzbo8Dd6Gf#iJf83vMCE+YAb9 z!GJf!`&s>|U9ex)aNNgY*iXC!I}<4RWpM9m@nt`6Ij0g!6tnWFI>5H_TivncyMFy& z|JO^d_W$p!$i%YP?Ox_zCTZIiY+J2Hpa$S+qlsrfkMsQen_c%UtW2$Ajb2t@n8F+Bi*Ac|N8Ow!`oRY&>eod7Q$4` zP4o&6#A z4P!uD2rbEdOdRRKiGV?{-9!E9Kdf{9s~s^*fcGKPZ}+og!o;hrvSypRL33dvm(VZ# z(*IM6TaR(?Z~6E+{_D*( zYv$Tc+kN=zSX>$8{?~2t9M`ik{AgLZ>BSoa0)q>+x(2Zr*2*1|yeX`l{Gm}Qj`1jX zy8j&irB~-^G*I>YF(xd+uZYBm9#(A?COv8uMvh#s3{2D6n(v|M{O_ zWvPEN5`>8#!$GUrr$NCG{VGPdNf6&69+r6emKTs4dAp8DINRqOLyxu03BE>xo+b!m zU=%hWqI(zv5`6la&=FXWn5V0zwR38i&7}DLb#|sUFKS= zLCto}4$3D}X0``X_TD2?R0pI|2j$}n>>qGfB6dAQq~_-@_M=d9pH z!v@uRV;dHbAQOf@0-!Cg=fAvBSw7Ffg0t-ubp$h}%-asEx>x-2GUj17#N|N*ss_O& z4@^+-<<7<1_aCJ*5YO;1@#)~jNiJRfaA#1*Bcf`T5=>zgn{} zmCFN^xBK1~Sa9bQPj{KY4mnQUxb1LAzNp-q11%oxtY)rK4jxCr_6zT?|GeFjczd14 z>}nnmC5z$_U?c@rs`Oj6OXsgR0voZ2XJG9B zB&yqv>E?S|As6qL)9B=(U@T~SP|Jw(+w{zG-Ls8ANHO=D*w7P{xbAIBP_=#C5)XE> zR(HvB^`3?GXLj&6GUh>Wj@11J_V)#XLfZ(~O;&6dIOa9m!qk1{K4n;)TPf({b?(pL z0<>6Adpsk+Y7D=uLnP{#)i&#JZAvjr%3k)xOW+r}L@5kxMb8NJS`|Re{gZEaH?qj*1Ob&#lz5LNv!-Z~w z=2G&<&=8a^;QqS2{sBA{abJMEe!ox-f=v3iL54M!wfwQr57l&gngi(A16QI( zo@BwU*}+#eW4lnEOmgqXo!myi`7Mg#*Q2cU<3mOYjQwK+K-&_(?w?!a57J((5Ljo8 z-*(I5Py2VTh02k);W&89ZXHYg131x7XyyYwlwA1anUq}7HB zTLi&p!uhXnVSaT_5@9dU%tGeOtx1<5Lwj|roIquBSUaVT^k{Ar53(&3zfpeDdF(B9Soc^G)l& zulSu~g&8@Hoqq}}$IA%+jg1}@SbF1o-2QqADt?A}cl^|l{2mX*(*)<)LqWi_B*(PG zy&LY=E+tmrAd9r-`?>ff4X-~l-8kUW-@0+YremPkzNN4|VjNi4C0OX?)i}p{1-Qt{ z`X6q-g&`ndUVjXvjiup_+@1hqUSJi_%gxn|>2?MUh z3t{*QHa9oZ3)i~!ZWoqE{xEeI%B$_o|zg6FZZ}9admS44>N=@fPM2A2(Lc+Ixr6Md{3VFA1$~~9kFW`@$ueW z(DhFOs2`Fc=^IKQup_MR=J)#z9#KqlPHwgi!AA`li7v}Mg@%{J( z`4ZXWK#?nIcpKTXvt+d9%|rBYjvTsyxfoWnjPq*-NA&&F7?EHHB(H|t{98|3Vflgk zrx$|uZTCiHdZqO&aow$F8tY?ET`(Gm?TNW&$}w#2=WOC_mfGchAXo=sC19D-Tps&) zp?dJdm8*G}g)nznLVo_)Oga#~&PDLVq=o)|Spk0Nz1G5f->ySx9&pd^gjpmTl(k=G zQnR#+cSDagALeW0y~B3h=Fgt!U22{s^VR^IkQyYjedw(oK+eTUA zUJjsRZYoVsgZ=yKQVH?oMV1csd&c%Nr1SxZ{^Nc?zx>uE?$a%h4pM9#=oV6#^1a(@ z+!zjyXIji)b9%r57Ws8{w^zC|b@9eh4+<7b2r&?m-QC^$%x+J+p)140tk+DJW~eN& ze%T^Xln?Tn>)@?d7_8*A-)43f0v=%3?<{z7V{H7P6X4}o-hUfFi|NewA0Zc$ z5OJ;i>*UIyc%t(AuBq;UNWrb$=3{n`!&M`g4na18i`U>s?MkXM8SK7bt>P;H%u7eK;)^;%> zXnGUoW%kSLjDrM0C=2-*-o1SG?^h1oLnIBm*v%co)_MJLujp_4`Z(-?u%C342aW%0 zc-6QqYUMAgf!M{92bDu&tY%1BWv%>eioe(&2fEE5Nd&vr@Z9~IoxLv~&`W?XP>1SY zIDC-o^RwDll~~KsREW}j@a1b9#INS~-k+DRZnOYW=khw1g}AqZl)pK%x1Vy1xmpmE zs-YIC+eVFlot}X9NBYd%gRlVreK)WFNtfK~BMZEx6xmlU@bBExy6@}n3x2;?0l1o2 zyI&e%x2#*?v9^vsxFPEN_Vk;UEFiLqYTU-Am4WAd83P)8;U?n$e33Ejmppn$`>@(R z)D_l5@kQm{O_P92-0NUKGAs)XxckQ~L=vG3eK-PGXh#(Hn^Aukue;0$j82wC{)lJU z0mdplQziJTJusKbVOAKIInxd=Kbyl$hLvm%KpZTnytA@OaNtV9ufwzZ9-8i{$^9}^DBVI92CV9tuMg1 zh>i@m08q>OMxE4VKA5Q$FN!me{Ha#9c7HC*luAum}Ml#;FsrT7Cx&c z0*@Gmrm#Hw4;^Y?3_w0Vz6^;2fj9ja&D>JwK1S7FsD0_0lsSd)|MmZT+bmn%-nakb zm*&NuFpYf*i~KSr{n`I{|Li~h>&G`9vT*lx2*>eD?1sf_d7gi*s|ribX~>?(hm1t+E=$g6Qnd>H~i`^V$6|M;)pD!Vfq zZ?^M22k#7b>x7$Xc!vi@q6?3k+to!;_AU5>R>kSRjf(UBZN-%+w*UC+-;X0~oio>e0Ca4OTf_TA;7(DXd_5Eu)|h9R z=l=f;>jdS^H~lBvcMUWHNCfA_V_4LLe_=E=%PgGjc)r>bsL=e!{dr$Tw;|>Eu&x;< z41IK$>^jy<{`DWF+Wx~VhEs?v%l`FGEG?<|#J}GaO$h&Pot^((BckFz?vnrShY~TI z={uFIsKE*q1T&`weZv!ee3`L1;t$?y4G?DlywOrGbRgMtM==A zKL#@=16*yaddQwSxnfhnf^hTR|M}OAz~cwp3F`l%`|W)7`E?-IGH#c6I0sN;o)@Ok zlbQA{pDxS=WJpW402~V|`|JBRp{4JC{?Gq;U*f->dT;&R<`<6pV2}pLYJq-ip2nE} z$oC4~A7}rCsN~r7diHCU(Y6EoAJ1$_+pX1ufBpL#i@k^iLZp@4e*5vQQOOaDXJUM& z-+p}i3}wlZO*-Fv`|*uMEzu#W$I>2uXWxE&tBCBdC}sjby_U??|IK2Xv*1OHD_MN| z@oitp{gJ8{7U{p3CwQll-!G#2_TyU_ssoFxK1;~AAKz3S@Np%(%+tecs7zVJqKp2c znSacfHx%i8BB30p{^gt2^UAu0@_n_zhk37+;w;wFXMTgX?d=N;@mU*+Zihws|I?+Q zRKa|b7ts#or96lFnMCr>P_5qD-+p{MQu)rJh8Vpc^cUSGXTGH;U8#H-%A9$6tZOBE z%!8+;MSBsdRj4PjB67=8{lnGfg-?h~n0tZ6At6ipHq0(_Su_=6s(ya^@oh%b8;i3V zOF|f|$Kz>>w?nmrr(16&R>XesCIfq#`4WHPFAIUyJIL_mbgJf4-jtRg1JkPWZ!;#J57ru3*`b< z%@Gr-K3F=^vs0BCFn{m~zhP-UU~W%DM9yI5L*5C8u#ci|~JLWoq;-J)F=~{HDgh8Wv zqE|>efZtd=;}KDc#rRFqK3DS0;KiC$t+|!=zy0_&=TklorNdk;o+8v=xg6FY?FS)- z`b8r>!e^xpCo0D*h28Q~o($WcOZ~;w$DWU=jF}6wi1$1tTFeW*%i(D+(mi|s_TyU? zDst_ed7@Wl6Uq)ttz`?Q7r*dPsA?>-Ui37GJh6lg=jOq)4Ze}!2~}$&>MrqFwB&;` z9>MH$St;igHpE|TS<>KXC5>1&S-K(c#V}NDmb~x?e?>6Ln6{`Rw>C$;VM-vyQW^%_JnmdwQ1As~F4NT0QLsv7X9IbBlK zXzCyBh}>>Mb!8DOn4j}wCHpIs;BD0kr7GZ$WUnXl#sUY$ep|^Qi}r$^;bU*jd&fEa zEAm;~;}NK-+5Uxhv@!|w4p(h^#G*Ct>$O;QUIab#co$aPKL*U330f(=qK8U;u$0x| zz0Q@avp9OazyLl#!M_&+A(Hoo7{MROTE7%${)-sv$1RC`)e7c4l=_#muHgO7p7(Kz z0go#6wh2`WR)GzfcNTG_YOumGWpPx8WAr*b>{b=5w7qa6Va~p`8spdnXc=zIOT&+Y6Of@b=AUuyq;JzUfi40gYKkxKs&8)s*o+He;xqMVaRTmt0sTIwRdDp2nNQ3JOi(hxgl#n?$Nl5UpLii7zVWv!&6UDLu1bX8!O6PeQfW;8?pY zWt_+pifHpnRg0l`xNH7ish0~?`dxRS{A5A6Tj+_;Lpfs6Sqs4$hJ4{sd1bFS*JiFY zGu@#5er3s0M3vIY?loJi^~#RG{t)Fbe^1{+7e-Bl8JD5aW4paqj#HM`2hdiRH z17|UwF*n6IF*lpAKyOrDsUXY(RN&iCZkwUnpoOhALmr1JVy-@J^X`NXwK@zaCaovZNicWR7^J!2&!K#Zc?Y0aYLRES6Kz-og)pvzS!sgC$p~Uo@0IS+o?RPglRu z&z?3redg&`FG8>x$vQ)G%}3KEHz$xKYo6?vd_+Mu%1WKDmE7VqRzzKzJ#GC$w)$Z1 zRE&)1E?GL%qRUb9PFTd6I4!>=#zeidRJ$tQT9s;Qn=)+AZ-9@;+FKV?LptLzQ7abr zhw!H(I+c8>tn6+hhN6R3tH+0fP7I>{Nz|D|^vIG5AeXXPy53~Wv>{4&Q zK!0mZRgd|Dq6xz#OEIogoB2zlx}u@p0B;2b_M~-elwICXIu}BpmoZff0OzRz=N20G zk+w1E=LHQjpY#GAQ_vU8v)vYv{z8x0=*Ol0ybX_YFMF-3yCEP9sZC{K0IXv1=86c? z{n#_Vry;sllV_?9*Prng9>iK@r9yLj_6X^sb`8vhd}VP<^oZ0L`Ex3?s%$eKwQ?m` zPzTtZ23iF7EW!^OA_=uTX*p<7nX_ol08e~Ubz<&n4j84mY0j7%p&i(=KyUV*sQs*e z?P)Q|_q-Fz5A+FG)K1n!0j^_%g9a7x=C1d8VibZ-RG}I-0F50`f%KVIA2W~K5OF2l zT?T(8GfulM3d(x_Q3pU;sT%Xquzhq{(9)j7D|ixGfXRn6`~O`7>Rzbuv|QWZoDn4r z_D@2M6O6bVDiyMH$mw2-<*XMwEM4**;D4f~+ji$C!tN6&=?v7Mv{)QQEB*V$0F)I7 zs~hn5K|eP7G!E5>#RmtJuNt0+jLHnhx@q81xpK~WmWz*asc}cUjVC4JvyO%Y*?z`j z4aGnRPx_?5_AV>AU`fjRj$Zyfo3An|uP|zlw?nx-!W*peDF+vp?{nLlu z|8tv6IRQs_p%FYnr*z6kBH)xLJ^7`z6rC(WkE%e>{SLs@s}EGAT8%ciSaQb_D*@X+ z52a+$OmssDDwaylQawPf?VEe#uV}>P{UuSO)&?X|_4UdRI}}y4zpv!3LhqpS!Th0^ zgy3Lp?9r<>gne*wiF8?7)iOjsRae^)c;!Yv)|+yyBwG%y<#ZkbAlE*Su=6hb zY$f#OjzjgPKMA!t1y}djyy%?-D0|XE7SRe+W{b!d<~1okfU%U;Q1oo(m+KQwh63&$ zmY@i{7Viv-!5UHV`~!es1?r>G@dWcGJO+n?NW#)SxGM703N`cqH;DE4D3nVUM5u)O zuSC^Z0+vv#sdOe%iug0h6!Sq(1w-CF#suaJ{z?2Idc!$7*o;MIKCGeB79|iAF`iJ; z5K$;EOQ`bW`zHFb>A26AHf;DORWB@_i6Mnpz%^7Pd}mFRqzg+9xH|Ebs0K^$6fQ-# z6RzN$TVfI_hov?I5`vVs%j@vXIKK6Br*ps^RC}tCn4Wwdsy>U|*m$?mUK@$=thku7 z+}ndYnQJ+yWRnH`U8M(He~eyPJmEcblQN%0J^nsx8`od;uQ7V3eejeo`>?ep;Nx60 zRNJofYOl8Cg+&4CBMn94^XS+FE7AYBuoS!jqFOAff1pptJV&dSYFB}SwC)@iC_10a z%{R=SKdi+b6pHLHf51?8yj3dE)^e0rXb<@Nbk95V7IztG@2CxGNl^`|_M%^56eL=d z%oBoEAZH;_AA0w|3%pYKuJ??d^m@)}d(myv%*aKryo_MI-r6%hJd9wUytrUqOVALE z9*fwOrO`X$6PB*UC{#`6PXuT(=FUWyssl?u5)26OG#8v!i1wrYj-}BUjhdix#*%rV z^t@g}t*l!jL5*`Lm@h<|0L;aJ7g@f-!Ur0EU55~^Ics5~MuQ+8RD%`vdyPWa$h z{{T;~QK{nd^NNN$<)hw<00CHs>gTnRXBJf$`7zNCkWhCj+M$}Uhd-Vcv z$t{RU*|CyqmSQA0)ra+#=UprNsCHZph`LO_tN_ScYROgen+&n!+`Np!~_n?wURkY z-4!Cz=&Xg|#G-x&54WS0V&do*xf~Z<1M>;WIN;VU3npURHZn38(1|$#S$!6&1w499 zrDSO!hM~M5oR_;09O(m6#UAmqLwmGQgHKyxMXZ*c_bHbAF6T&`J4RDWpEMlJsRD>nseOqk+tKne+nG&_NXe3l8D;LfpIQM-Ow_X9-&RtwGy{M;;2(k1Tw*+ z#o`w4Zv#H0vaWGPJ`=HpFj6(Q6)eh;O2Q&)BA@OdVrhy|KjyZ0L{)eu7?$)Vd|+?7 zD~L_yOFq`#WN<(wKA)AN58U~WMWwbF2l9vfeHdB*5Xwrfw2GWmGCPX| z7hWM4AS=~j{*`UvS48c%6@=4Pp$|t*?Ufz#K45jq^29!IHQ8mp*_y?Q5reQiC%PJA6RYj>T*N zZ>hewDw!G`?XP*8$iZc&;VIwu#OT=IT@$=&vc&qt=;Mqis$J1C5T%D{o6Cl!OOa4;l^4@ctwRZjG67Un zX)rs+A5D0?+w+7dy_2(0mIdZHT2xh^eNdujB3CSkuIQW-3_{LAnVSe7#N<-(?%*Se zF-yplMF?R(3O)O%GWn7AiKXo>dbu|9^07%LMS-?ZU9BwpcqHpB<~OuX)T)Mer(*K? zV)n=-K1*MC2heLl)TS{Fc$D4XW-3G!LdamNPg~kf0kpkRbu0$)cl2kP*Q~A$jOv`x zdH#Igi@wkIQ1rx0UL1wO6VBJ-L#x zy`Teuc{`1%+M)E+L66oP#7hQoJ7s~^hKjNj)1j5T?khD#rBPOD&muO* zm16#czaLl5B}4a(v8bXf23;LA}_?XhT{ z8?Y5j^5?M2pnV@;l zn=rzZ`z%!NELv)ZXAEyByTBm8INoj-DU%VGl}a0-d^K}Titj9$Z&<1)_c|EOAs%W} zhJSg_^jf|i;x`Tb+jw-&2r&Gaant-6AC+E+(9COS!or< z6a$JrLj-yG3xwI=1uHdT@mXu>oyoK(ki!MfaYfblhTbQHSHY0CkJkj!84%45+Lr~o zQmVn?c4|BZFVLR5q)EWj17MJBnEQdR1sIX3(6zlD1L zt6PLSS!-)~z&O~FC4!GT`oqEzqTjuoaT@}b9zHRq936%%$=(rsY6H~`<;%LvOlD;y z*4pzKVOW8;wOWhjJK$O@c|>J|Ctx{CMcfIy5T{e`2RnigPtd8og&0lK=RSGi6tF`G zWUz)9pAVRQ+%fMOGN0W%g#=@+t33;ZpcTX$3aZ`D!=5GJoNWe`#wsxJWhfJtG(^7w zclScnL3^$zhM{|pMZ^JPT(xa5XkCWfsAl7a7N)#&9Q{0J7<%B$B?$IDS$at3%*aMu zK@k0Qde}&UdBM28(xzlYAcnN6l&_8JI8=Hj{O3~i4@*AT7!;aPwPito!c|dazma4~888d64Z=#DgKay#>gA(MGpxPSt<~3mIkzM;(^V(cI7QU(CC@$4dT05p*}X z);@g<;($j_WbYylMp}DB2C6_9M`tW0eO$}x1ELH$id3~<>;0)Q7wi_(lJj!Qn3l2D zXbF`rrm`kiA{Pu$b#rJBzyZ%Nq&>Nu3OG%jK>JY&^M=e_^7l}>Z+pZ1A}p=aT^n-? zKJz+r<{gluvSq3Jj{5pj!=E@y&C&ChymRm*62`nD0!tJs>mHLYc5@8!2BJeGSGL~C z#UUJ0u+i^|OvU>L^Y$%T1ByjSYofbR*F`32Imt56DkGTsfJ z!P9o5KifR96MG>*!`bf4$L$oAc-9H{csj!nVl!0rbI-c~i$~3vyV$-x5R1^VjXA26 zx63GkO{%DBo+`OsV(w9$<8>1&gCP=BDPXlq{Z`xKG@1cp73@&FC`Fei>DtyW2?G zTkUIu5jaS0(;9iwtx)g@i%1{Ct?N)Zua!I%D2)fo5=RUwz(tD6K1&_m0q-fNvSdm7 zBr?o-XUyO1D@e!{Zf~+bB#@JXz%cYr5`60>O~`zbHpYZ&5S}7qSv=K9=3REBt{y0`R0k4MuU9}(39#H!x1O3qe>o}pFC zg+=`rv|rlrXviwibJ%D%wo4JgCTpJlTx)!JesBxlfyk>umK;_rjSMBZ6M`RFg7qDW zHi4MomIAlqh>A05@&5FM_bc!nF9bbl!;o9+UH)m{@hOy77KEtWBM;HYlJ|J;&X{3d zX+MRh1eGDeu&ahhNrR6uBpo$hnpB;T;Sx_ouae&tnCohLT(a2s!p!UO4pFlUrtU87 zMb5mI0IE`B5R-fG`*XkN(LUu9JYseWwXjI2?9OHg0|*0%gBY%-ZRGc*jjW}WV%}18 zFo?J&GS#Rl#VG!r>1vkWtGuW9PBrX_P7a{)Z1UPLhxJE`kAJ3y-bm!JsrMIMShpW( zPjEz3-Rwp)R2?K6p0pw$TWXrn_O z64^Tv6(c$FRHrpcL)78MA0wyNK3AyT1&3A4{Q>Z zDT^!$iORJdh~B;pkw=#~d#V%~KIVq~131sftf~U7hX+KZ=(URQK#-SU?O0SH!+j_w zQ%I;wB)hmQaXF~V8<~R=pcu(exjQP?sGC_5hy;_YEbXkBHxV(OmgaGwm_HQge7g)~*8Qo-(X z14+k@(3;%AxWF4r<_ScR4pd{jDUVG^cg^34?CwD=6jaIU&mo3oSE1e~6TNt<6KD}t zv0y3&5Hns-wK(JgA>*FNE%USE-0%xU3iS~UbpNhpodd5DEmOPBqD{nNROf21y|{Ob zvNbzv-YvZxP1ZY0U$mE9V&Kz%(`OqIg}Z4VDp{GDpV(@!#G0bip2(MoWHRHEX}}XC zp=F`EoV9I1ZRBU3HjAT5VpQdY5A6lrw@vzf(z{ccLntO}2~jyqfsE9s zWTzP_3!Sd5_5#xSY=^FpT;axDz=WT9^x>K?NJP|v#Y|(C^~@2`jx5ksJz@3hh+HCr3=s+h@)$lx-H{k=4-t%;TDSOJE2+J5Kz6AM;9`28`v!=STf`tbXk&i zrL}*DD9?z%cOSn96yc(eiwaSc@| zolYI8Ueha8K8w)bu1Bj%En!10`@7RH3)Ox@Bv!v^g*>u~0-S?_s@LoE#qa^K_(>nM z&6625U{Y!?F==UQxx-qL4f8ig^a9e(j(KY_poYQa@Ik2J7DBehl*$#RkeT1ousmUD z9Rp-qEvY(7(a}g6Jl;V(_9wD1Pa1Lckv?z@RehJoGxQ3aO(+WtRV76-Cu-9$Ih;3^ z4*9z&qq^?2jT;-XaWFq?zqDOJrQ(*V*}i`<@f3Q@Uck-0t%;#GE_o+ZWf($@5pyFS zsE;QK{;XU=ngoK3iVZOpJ^xs0%=CfAmwAIT^BoZ(X0Gz1DeL4^1}vV}ftpkC9-r(| zeCUzLA&a9e(!1ON6eUpH73Qa6QUMETR!NH`c7TC3&(V(9b%PYjGF0hq)8jx|X;kVs z8;mfGT{&7FDS;A9Uda>YI3P$Hg_{djY^ftS23e&p+araNn|Lu`UaHqpAvI|}EA1m@ zb-!bFjepEUG@GER-)JZp95yQx!fkB>}MuUllVl`POaZhOZ;L?xg`vryU0>-^lI4;c3J z(diPE-0FiX8NpF3iCnPs%=?%M_dc%LqTC36K|XDUQq9aJ*LV3xX<`)ZLE8h&e&h3v zDUbvzs^;b4sNJ;2x!Gn>iu}uCsMecfACTyF#z&zfSWHz`>hnyofG$*-$-4%NH?6{A z!$tBZJo&62LBbbQRxC}mqQUr`UNE7R?F17)+TM>auJL)GYKr?Pf&MYmX0`|FLA#mZ z4i8P-6P-}L@RC9p^}1rw8uLTUJM$q?qh$}BCM##jB{$ANdgd|Jimib~Kt*R2vUrbh zg?XOP$8TI=<_Kv9BW>M~^XugoV*)Gm9~}_n3V9Nhj9HMM*X;+&j1Zn=M1|L%69i9s ze%(s`d~IXyRegWe{#R;>bf^0CPLO)RVkl)iu&96I@r-**?JjbJDj&Pe$G}v2^onp* zW%sNdROp|P%Xkj;AaP~#ZWLoJ`XKc3@cYulHV;~PV=1H8cTSZokrEdkoAZ0bdhyZX z6C&RY8OC+^xKi$(sIA6@yXKGu4HH0g?N2Sl6AGX0sjT)u8>LuZ@_MJ38*+2HG|%pz zAq(0^D|8I0BIvg+vlnjacp#WKtWFp3Vb^@}Q=oD_P#HF;`ozp+^|9pRN{%q@pAl_} zF`;MQ*gh3TEk=9G!m4A%kB7}W5{l0(whRSaYOg72Y0cV4WW8WXU@BfNL?&9JV=};9 zYUgZlofbHuA&c6dw_LD4dNG9Yey7KWXhPpAHNEcQ5i;v5`F?Hc7wb5JmX67oCYMP; zRCPiaD2aAzXa#EiHI!r1-XWfkRH!zsjR`ZQRQ@a>2T~FxTA{oE_abC=#=Jdxhp&}} zSToTz;iw58*q6TX5W4w`J~Qi^w+}(qJXFn1B{P7bb1J(m4Q|MR1shk3>aCJv(_x8~ zq7^z)>D=n8wCKoX6HBI~J}hYJX&R_K3bKWL$cwGD0<~vP=A&X{8xQa2NFZ4Nkhw3o79r8qg z@OGOoENx-Zi^UZbm<%1uz`^l8vvoj5%bhjfT}`q$!wTSxI7jt5W7~N35RFHzbbjum@&PYTEsoaHBy`Zhzhj1Q@m1-iL9FQ5}fNTKgOu-JG#RQcabHjOq$Tr5TOe}P@G4YD}Y10SeCc{0ITQKLGsDZ{# zZK85LLuSvI*TDK979CD3B_*EnwO+%>+8ZWMrJttGyTN!W_0`K8h?fxIQj4v_bbknd78Lye)@IN*rI6ES+P@O59$L@Ll%+iWl5 zfy28SG1$YRCqNrZ>p%fVH;zZ@IR0_0u$&4o-XFj6R z5G@uga`^DX43~5msy2&m>~OCMUg?kmmfcn|VBY+r#PEa+S<>S}W;PB6mYIwgr4m zZUj$7ic2quS{?eplEBhrV`2*vrBz65iI~^HMoU7wf^pTxa8#6+kQk_-T=+VO7c5<4 z8v^DP-?8MFp#yYeafHD)`!YQvl|!rMhIlbyGz@6^EFGch7z~-)5^d~3!XlckLbby( zC%?hF$AR~DBk_$xb%j#nHkO#?ES-qN)(1Bm^hCGIFdkF1kJ{S?{cvrMX68r)Yd$2h z_ST!@&a4ifp$9{6yWqNDOzjk^b6%+&x{O^RP(YS%h5*GU?V7k9f>Bp~_BY1VHX+e=9fW@ouPk zyHGVzClB{PMx%&i9G1F0fWd36=KNy=Vwad?Xb4l*6I|mr3=1hBY7dGg5c_&BVtihk zqJntBlTdLM9bUjQmOhJzymNqf&tM`ZRQ51^+#)Ik@=V*swoT49^8|+J{j0_$0cM$p zJT98_a@)>{XldyBfhOJ8j%yo9Ld;*W1~r9(SdZQA;c^B&Ee8JU&0p*v+xNN&!4pjG zUye<#!P5Y9Dze6avZC@ekEUk?DMunReMV4?vG^lrE_D3ZnxeWmR67>+Yxv!5gJ^l~ zn+{`?N>ZTBz(Ah&_@~d(W)q7F`p_$-!p1FrIBZg>Ou#aj&!LoNW*Npx11s<`F*^~) zu|U?tkW+A`-l*DFgH;!)_EI#v2fp)OPyHt5BIeeJ9iubPee35dWKvS-{ z_Wu%7Z*;SVrb5O!Rx(EmxT~bx0B0F0(FaR0gyez-00%?w2ft);I$%=2u3h7(k5TN2 z*1B(62>?tii8?l?rU#E+c)FkPlp<(zhy1-#_M%1*26g}j8enRRTSK(=iFr^nCvO~% zWXby#oZV3S&U(u_NMx3Td3l1N&d*9NwIUo@2uJCOC5QCh4r+=s+yKXMCMM?!+8%5d z$g@zh?dMzj(Ld{x`7IM6eU6`cdmdG?dj`tjg32j!s+mXnhfwcXW>QEaOx#1$ zl%SHp8JUH$$r6HPD&T(fH$I1`t@yZTppS(rNkP|@+MKcn&EY4e(`L}T;6;m&fZ#$Z zM%Jz7*0tK0)Jykz(Yq{Vji(9+76(Wn!-_|YHp?ALm?`4!pb)Hx`hEo~4D5ZPRDt1J z4d>ti8C8u9m1}u3{iCeK(_5M3na9=!Ga$?jKTefw7;1&<)}YA)@{g0Xc2zSL3$#l- zR8+5=2@NqX8?fj_yrbiOsg%^8QfzgFA+{(i3-q05CnDQ`>@gGT<{Q2Ib>JAl) z_PjqsD>38U0X3~^4lHet5slA6RY71I<5JhDyHaRGnM=O2xX0gTp$Q3hh#bS%4Q6iv zWSGOn(n_zlF@ArU0m}Ws$ z?MmgD-}(&=LOGO2!!7)&S7l;~34#_+LixVSP@P(zXUH*Qxzna#K`P=3!`5D`pgM=D zHTnb$5VC1zGA|&PX^2^dR+S*dJo`AV3=cF|r!W4dP%eK*=U7`!oWsh2##V0fhc zwiKJ&Y^c06sNxtXYf*V(5p!YFc%?4-ER8}S3ht_(?N#;F0v z6HfQ7n>SQZHNI|4Q-dUgEm;%!9olnMa)KD61wAvNc6C;%^&a{rp>JbaQYD4|C^&K; zS!?(m;gQJH*q+D{BO(`Nf$b5rp*Ka_K8q~Lpf^$033x>0))X9hP|-JHsl7ngbq~xv z0=3rI4r#T1HGOfMCRIbD(W8yCB5IGJk)R=x&zZJ0;dRgif+`K=WN(<^`LTbgV|0bE zG#hOg#$n!BJQeR4_P;-B~C6kBNVeQ}}Br^}mQ-zVl(MNvr)!Q-4Nm-)?A3yJHC z4IpJGuCM@Sz_&MU)H${aLa4H0!V3$Ds z!cdZqB!N~a2ahI5EE0O`rq;^Qjf@{x$el9%cNZnl!72m5hkT%oO=P`8*@J3n4b`LA zm%wdkGv3?~Fqm6NP`OppoSfMvlt;*=&!7W@JDy{QP_^AqS+0>=p+tkq4@_PMi@nyJ z6STPNj#hwoD7Ho>oK$tx9)71H#6Ckq&B_VwZtND0h0{M<9luP@q8Zut)6!5LZp_lZ&<#k?CdSHwSN(oa7Ky-#R?z z7S3jCjzqH7*nFl9TZ(W?@1w&hV$cXnmDh%*zvLZk&N0(!JaL^X?thjnaOscJw@`|c zAs)<{z`?;T)={*is^7$%^H94t?<}fb5s1{78?%#X07o`#U_lo~hqrfA)2}!o6BdPg z%>a3M-jo65fsW`%u0kH((wj3W$()zofFQZ44YlBoOY! z@YdG0A%;W+(2Nf)0_0417y560wgn&mJR4&XQClmt5wdxkR4!PusqGMyTsgSGRNivc zU3-ps_vI&1F9uBnd`RTrvJWvZcWQw5p#jjmk`t}IyP+JR)3F3ntfAah%y;+@SuL-X zDn5@3WHPCk1%vIuR2>aikTd4v$#)^D)Nu@tv~lfv`qaPW*^!5U0B_C7`uu{%=8Z+J z>D*or)i{N+LV|+7nw*I|0XJeE!h-Uc$UWltGmG04E!J8?gmle2Cn$**@ta0qZQ~v{ zpo+Mh-yDZzE!rj@=e_VYQDFnw{mhFi7WA~j*%}5?yR=)d*l*qbf@8|`9Lg*6ns2DG zHu<3@2vjHus$O5IOi=I52dU_6X#*`#-*DwU^sAEwm1m6W3gBmL91L3*EGP%eFL1I= zeJD;-0%d7XAJ@LBZt6pGcc4<$MJ|iL z?Jaw8ouy}Ulsx+kh0dl2M8x`v0Cqc8D!iUA9n4abU0^$|#Nq8}gH!By$f@4I zhKP}&0`SD^|9@Ov$(rIi&%U5u6f_A*Eg?Wc7%~_z#SUynV@yIAul|25Db?rucc-83 zQw14h>D4>5WQfg1(;fhGts-niY$YGz!*JXjWO`T-?=$_9W3A@r1|##0h?y^*?Jh(( zPnlUkcSUU9PA@(q7{$F!W8lNdyl3i!F=9xcK)#Jv+bNtH%IXPG@{@XFM;$g3Mq)+-n#(qTbr%{S6ok zpT=KuSR^ox@XgaUOt=Pgjw2xCGr~E+*5p)S_b||^!=3M(J4a~4&9!9e3(rOz^_$t9 zHe#ZLLW5G7&F=(F3lQfY?Lql*2)V{QXPeL|b@%3@CrD_oSH6QjK^6X%r1@~8$ z$tYHU@pd#JL;iX~mR-1~HP6LsU6}Qvy z?5P^TyExFs#RZnzxZRm5Q5&-MN#bZ;D>*HavL>T>U$&>!0h)T|Pq$AMU{JAf`kTP&tf8M_wHL!z#XcPYHGl=rS?F2GL z$Ok5m#bhPLG@$*PY4mk{*SQzlvC`|4z?|`1Gg_(v{R*crVE&t%Mn5s9(S<65+qDBT zYo4xuNPw6EkN%@kO5!z)z3D05r;j#&?a!TWfc+I!Vy;!KmW;LehE8#f^?~v9C1W3Y z+J0cB$5!u2@hfxR{MeHl!70z#biq0r&qdR_OR~n1)K8_F6ubQIk*PjB!uA2LK;feA z2RSU96V;V5Ge39aR zfs4)(VsV!EThn(V9RGK$)_CM)o*Xijp6^F0))7-vGo{H-WW#}&;>q2&=d`B{(%Y9{ z>%AhFAo*M=#K#E>`1VA5&#z*>s%))8<4Y;0wnfi(OT>N39w1M5Tj280$CXgVbDqG1 zy=SJ!)9n%|I$Q3o@ich%w0YL39)H_rt6pL__Z(;G)kIsonZo{oziNQg;kf7oLCFrhI^$xG8tpZM~+I;#{krBHH5aQr)E|7PLd` zK*~jiCP{dmu#OyH04dPy=?`x=$tXJAW!(Es#5o2g=IuuX$jITp>dFr@t^IgB#)Www z)=iuM{S?~ctyUkNUd8-=C%j;;&GF-7x`?;1fBY0E);}{7b~absDnlVjuYyHKJfXZ- z_)AMf&WjuI^eSVfhGgeI+&)^^6|^6+r`2Xp9+vL&*MDg8B^ONb=l#A_B`kjb&@y1g z)Nntx*G~;kZ=QCMz4?ae^eRR&!LD=guFm*Zmw0ytsD4eNf#G=TTyWYvP9!sJco_C& zjwKI>>w)U21NFuuo)%}AXAjJHw#gi0J(l*5`B~-xnRGH~3+K$Ill3a*vMX4iI@pQp z%XDd9J^kp)sYFGR8!+3HMM#S~Fm<%&`B0;oo%_AKX>|jZd;mL~SWa6Shv?UfAPM$nCugsxuwJ}i-&jP3RJc(w8f8RAwViiKRGq+dE2auivv!`% zgeP4>qui@VeD!y5^T~a87MLHNj9N7CrQ=bm3oILD<<~TAKqqWjB~MBz^1$p1POH3_ zsS)n=oLoeK`n-5S<_TE|Q}Ti2R8!wfuRsUtf|$BO84gc$#WP!P?yx2B#M~A(^!a!E zH8`cC67;~#o~LJ983mCSnD9iTacFg75swQ8F;Jgpw!)&)H|IHL6s7SJ)3N>8r(Gq7 za60yVb38nj%{t>C_v8dEV{Jn`El2h?=> zuKg?e%a%x)eIjt@kP4nvV&(&Y_#R(Sx90ByFpk!^A0GkZVy%&{@rP&OzC-%Uil?Za z_YhJ@Uf65}6&dcQ0}&5%k)Ta7&-{VW<{KRf$6Yy%0)Y&Nhj?J$=A9aquTEPM-31?z z=hg8QBc?`bwEgF`boj-r&LRT$AUoL=3{L!jsa^+sfdk4P$+g+okpWa#$Msaq{_)Gx z@s7K&Xv3Lj3tWRdz!(*0G_^Cp0<=JDc@+s$d$Q!qa+%pz$MY!8#Ni#=IL%O~)M{F#W$*7`ngoWrus!!!cEYhOkUYQsny)+KFYX@X=!FXZ@qqlg zI*3Vfo+m^pbYeLv?N*;Ujvt<_liE!DDnh3C8^FmYQ(h359Vc9*$PF{< zO<3~M7PwLANmvePTdi(D_DOW>I_ zRc8_#Cxzy2E<@6H<-0iW)fQZ(PT=OekQwr`KECSO5;%Q0Wc{(*0(BJpScX7$#cYN^ z*yb>$wOaeKdie@X&+EMlMt22}>>(w4jc|6@d;;@EO4~7B$aK8G!YTd#@HLC&x8!Y# zv*Ye|OpLZa*oMxyyS$>Viv$5l05j=k04bHvr5DOJ$4nmFgT5?WQT!(mO2z zt*#pqU0yn?ikvI*&(L;kxrUWWul5dvi74E0o_qL*0$9NQ4(-RYV!_jJf_tw^9KCs3 z;gMW5n?S`RPD^;;Is2mh031wTB3U+w^EM4Ak+f%LDXUt2>jw|jQYIojXAq_uu01q3{RKFOAbp+vT^yu){o(yd=mGi_oA<7{#@6sIo9Q>=fH&?g zB*O-f=Z!1(4x;wrZ`wh76aeK1PLbO})K@>9y?A<+3B{s%m52_-g_cywbzNsag+1{rO#cJt^nN|_bt4fOyAIKT(&b#recZ?>QZx zzWOy-mRDV|z=Bi-s>i*g01wd%IHZ2bDLNfuaKcExuoYK_9>k?%!+aX|nCcsPoL>9! z(jJOxvk=*^g$3cG&9XvQnyohbQY!;TGbBpG&2Jz^_<1ok0@=bXP!4a;7#2?jWUzz1 z*05h{9OPoTtq`5u^Xz>+Pz<*l$Q?}h_nCk}nLgJK_f8tm-h}OV=Fm98-EEA_5Fj)R zm~y%2qYuneo6eorwDrK0JPTs-H#i2y#YM-{H;?n{awkne{J`G`@ovbQJZPA-hDZ+? zXk&Kw9oXXxcN^OuEfDSZ*S0bzh|hiklOLPkw%YYYQY!p>U;-+0+~!=hn%jz%k|Am8 zG;C#!d^9b{mLu-L48ZY;&i_HYz3uXh{L6}&`(e~`YfB|Suy)M2+>K@rUTX@W2^@c4 zY%75Hk+Tq?Hu<0=BE!48a&Vde+-d>wYv=z4X6%`{cYP(HpT9H)GUD7mUb^YYn6ee! zTqM4k-jKVdi?d*U9Z6s7EGEcoz5C{J+rEdmqZ~jg5)#s~*p`BWJyc;F-vnyRvvq0+ z4Umh#+#uZ*oU)>;$hEqlRoo{~2Qa^e)c9+8mE*q>2}2jy1yyp6i_yJ?@YawBg*m(N zyel&F7`Qa~%@+F^xf+Sd{^1RN|FC^52RQSmoBufJ1=^%MqbQ5OH|!NHNyomGEqG?m z_Swg-@w4e`^*SQnZ7QB_hjncGY2W)z7f*6K8zq+q=EJ%pJAzKJqx{&ammcJ-Ra4^@ z!!MChNL*HwJX_TQtu+v(M^hq+^QO9az6a^2CNM_}Gs~0oZ-58r*3{b)$6s@?V!taZ5^04Z;v(j1Z)D6JOU+gv+MBZ zO)Fx_aql|{0e(3~6z%N@h_SE^L&*pbG{MR)6 zy#r1!&w9R6K_|V7p^I0Vr zY~-I>ecgOhr#|50(BXLxS$~Y(QLE4k6bA(uF$Lz`K%KB$-F;&QYnQkdW#F5Dw$Ir> zRA#hUIyj2ib8eySENm|MByphn)kX;mI5*=54rCDHc#JYC3;QCf<- zv^O)tgaWjr-2O$E{GL|OzfJEDS=dd*TIp3|=+ z-Q%N(K2|TW0IuYNsfcHz46tWmyXg}h4eUcPma9Z>q}!M(71p`DN_f365l zqOZp9UX!Pro$V)Qbb+$UzMqM`l<)xEc&}*>SWsj19^Y?J_lJ0|BkmF%vef4M7-4XB zdu89Wc?Ys8s=%D9JO9R(;{xFGXoQS|oF@ml@WHT;yHX69YJM=jtIWknD^ATu63d}h zt{(e%z@NHugAS*pBo8WOeLB9jl;_kAI6r#yT8-Zx^YqvA@my%iS=EU7A z(j`wzN892F5Z#5T0Z&^ZIwZ&*LH`Ko_g@P+EFgm61`bUNIRv157nnJBT+BPGO~5m> zWbX{a^6W#;_4ZMdHV33&!_>XMA?d=J`e{6|H|di{$NQh3XbA?GL1RV)8lHgV!PtOG=UDDKw!4Rmd$gC(j<$%) z?CpS`7YXK+*(oP~$q6}6rcR${I;D{?fHbH9SzkHspzEvM9@Ranb<-f=rZ~q*V5gwb z5;eJdp7AOChO@SRkTo&qD#n4C@N7FoEb=eUi-
o3IBk=~dzmTP974+^W*4`zIf zy8y~^`?x}?OF9LsI<+MO@egnB3IL%GhnHlllW}4T@2~6q5=9{Mj?9arqRmbiw#OSde!VF#T%h5jZ zXiefxMZ8@P6&aLH59UW+mAIt$4&0|%1&-E z`D>%y#){|77eYeauI==oQ#8!J5}tk3<~Ze@&ih_~mwXd6gKym3FvH9ZWgvMj=F41! zh#w!c8NPgFsIxypYZx>9AgKqg9%|=cd-KEHUO?s1?aI`i*bZ+J05fl$08fK4i|IE>~Ui;zdug5I)-SWmB+m^$`>}#LM|R}!ekH4BgwTET#VKWsA+uwVPR>v_@@$<()M-UE*{A3|zRZ3>miGc>x}}P~IL|tvk@1g+zUenDPf}XvB6+4B){lG#c{sy+G;z z4!qo6_Hcb*(hwlc6AX$fv^pr;&mhL*Y6nb!d_w}B+>SLAEzln4|IzgVJ3!`Q5ukm9 zvj$a5osyYUw);lD_-M#;e^|$rn&KIL+YX=`>)Qp95bm%&2>Z$8K3QM5JE(12xvM8g zPy&y;t#8(qRxfx9uXcz8wa=QK)>+H;!f0cfm4dgsGNwcpr#S!*e!}Q5PkHwsW>tFc z@gx}#+dA*c88aPdrv76vKc^6-b|u0<-3DtwikFp012sSqklGAzx_L9>-Zo_y{AGrTsvSP6W8GclXN@kBB#@Yo;U_uAYI~N_>LWAMOFjX3s_yP37d? zLagf&4McX!Nq>Kv^2E6i`3HhTz?jT0Fnf<+*cy75~#i z!xFtXi1BiPmreSn_*7R4baaxD(WcIgsnEB?_3HB=S%WVcgI!GLG5*+Zjl3tv?>+2L z0c+~OH>O{q&6=~$UjTiq{}cC^`Y>N1)ioE>zl;(mwtgMseWatKa!6*`~xkZTq2B)KA4p#5d*NX3)h28V9`o7TeHWz@&$g2S>US+iR= z%OKHh@$~KkFLG9(pmNL1!e0GI16N|B%^sOkJ8(sK*}nk41<`_d2MmHN12ZWe>nUb^ zhuqtRNbflN5Eu1>yE^ARr^G^l{x{K*y9ey@E2b8`!0fP*u%BS8P1g<|5i!jcJYUHv zieEPDKkR`6GmH0XfEf7Trf&yw3Gx78_~zM1*UQJziG#!4{xy)3@;$~C;FIU!0_$D+ z{vn_4XJ8wBAXHRZ6+LEFxNkLq`S}o$-aBJ!m5%SYKV9#&x%X(}HG2XBN&qoP-;Tw< zdi}lvP4vS|zaKp=^`dI;$pvo64or1;^0Ec?FCrh;B8DXSnlvB6RD8ET+-dHRr7+lx zPu%e&2|IEz9Y-0AItK_mKgbE0X*%~0#2Ee!sR|_!0eAoT<%+=)J@^@)Z4XHPJx2y9Y)-wK_ufMjvR$jXJC$?$(APJntR30|f`R_0@59(5k4ZREdv@ z{hn{KS6I}k*VPM0jZ4{l!L-A17jWPSWAu9*=7PHf5!KS<2JyIX6h4?*@thl^p|p?Z z3goFFS=NOUO@o)8#N#JAb9aR!@mqx5E2RvaVGsp>mQB@M z*c&t?GH=Sgat}D+Mw_VQ3-ZiNy0+SSwS%QLmmX>W7GfH`@Yve@K(pf$`rKZK$q0NKn}nIE>aH;a9BD1PwxKge`jhau;DY~T2qh6>Sb zeh+xEqWL*%VfqSX{$&Tjz{~Z@)YF!g5vD;Ne0AkXE;B{}ykTX!$s z&XHVpjus*eJ&G4?x5UIZ^B4Lay_pItDCsCwx^Fhj{JkMMq&~LCiS}DEX6y!r*9@00 zF^i>rK{p5$ykQCPk?e9N--B!*^4mc$^!U=u{NZgE!xedZWhaksp3U|I2rjhglJx_3 zUSi~{xC6-ZX*tVy;t{#1UCFt&BkK(Evu-W9*b%sQ0@IjqT{|Gew!{C^0cpWqD}kcD z5bLM8>>pEPjrDl`#&DN&U^e!!9sj-K;Uc)JceS}`#M3X^ncb8|L zgu9H=g!{jI_XJ&kcnaS!<~h*T1=!~f$Q{+;mzP!rVTA5B`^V0@`|8Hqvo+q{j#kD# z*fTU7Xn*Fm)l6{tcLulc0AKPC&%;=fKD@>A(_VIhD2_+&z3TX^6W^VA`bB4_HmX7!K<+x>3$V^#a!5Ry5kqO{nNe|wkImQNFeL%Gzb>Q!j+1GE36L8m82cGzUKPW;`CAwy3 zo(QX0L`ah7X}H6>GpN|-T2TKqi(6ujk@g4;C-~e;o@<7AQ0e2r-G6Cr5Qg{bbI;v@ z2**dv5j&l@D3^^7BIP+?lvtF?68Uhv|tup_z*W!Zj#}+c_kjfYsP3v3_k+N=}wt+SsWO148 zKrWWB(7Xe%*u{`}o@`^D-G4~i(f$(Q2uZ`IoxPqjyq>+??2U1_B~O+Pu5|0@f|x2! zo5wu)lH&kWAGA+HZEmr&uM`H0RvNV3H>!DFH0Rz`Cb&WAGc((dXRUwj07Z=RwX948QhuWRB3L(dtg6kBcjZ%yGJynO`^sS2|! zy1uCnV^otTD>>BaC}A&rW6Iop)5m72fJ4&piZ#J7$#lsP!*O)>K*2c(kDTQkHCyYz z6y11$mbLqGAlZXR3~Spom2vG-Iu#i+SDw0mKy>tyN###zBA7S3Xn7Ja_18XG@znWU z_xb3K@S_i#dkw8-V2ORVhcGjJddaham~%+(?4mFGqU)>bz!4;S+Vgi7q80sd!t;e3 zG4%WN26kxnc(z8Iz?t3t1-U`=Ab(uA+eHxZ#J@zUYhf*#)Z4ca*jtJNXYzpywkcNG z5{Pi4vRnM7vaczGAh082lFP-5(QY@qKaS|N9Ric22aqV^L+|$LX_P*$9(??GKz*ph{Qu8rve;O^&&QE8}02~x6O zm`f=Vv@Ea{V!XY0Z=_Gy!)9cFzKDh@-P*U?cC2&RMX~{JPen8x`MOTW%PLQVKBVVd z%Bx639odxZ5?3P`z%V;@5vtV-kOwlF;(*fpv0ck#N;@O3(CT!gt$vHV*}yF33$53M zuRh>cp=s3kvO}6fvE-DJ^+M}(?kvTBVoXG_sQ@b1HJ%;ts}#8zx)Gm z8TMU4pq4ya%WFt?I0G|mRIg|Jb@WY9p-jbq0BwwU4TtE9#5X%w;tp&r0dJymASUY= z8@c0nCFeY;ehHwt$bDp4F(Yh>O2sZq(k0>@9D>06*Vi5qNg6Fy= znVFDP<-k67F3&LB+-p9cfs$yenw|yIX3x_E<22qQ`$=a3J~8%r9uCBq!OpD!*Oqih$wF9&5YR&{fWFQv=E!QJZ+BR(yZ~(hARrVm=3EtkHuxkP` zD>L1G1stcoHpkto93mmC@jxT3J?Li-a^lk_Qa^c~%<-0L7z{@#I&klX3z5e!s=Qu0 z?lNP*5}|uLsw?`Jfdtbxh9~zaF3FxetKbJ!9J>MBJ-++VOV%2iFV5 zL8JmD#y;oyTaf(EleTa(p7wAYPTG*DJB3XA<)aH3m?5@MIZqqp$Q9Uja)NFj`ez~8 z_P2tDYo3J_t$p3A7#-FP^=mTl7^Bj$k-Y#NAR@%=m-GU!4f!Vaq-{=Epop6_?gr`s zY|#fZ->*%HZDlyH?{P+k_P(m@eT+4xYuG^~?aCamn|)v;&%&5O0PDEM68z0Vq=wn) zsw-mBM`_c$1!{Z2Y-2O#?T_w~i*$Jl)B!HVf1`1#9ME&Qm*aaRIGe~x8^zo+UU6BnB zWP9tp^QTrNt(Fq)ubDYO>H658n#E!UnsNcJ=8M$b?Wvrj=u#mrCd1JV8xx)^$KW$e z*(E4kc=W-@f9spHvp(QTs0V(>L7zfCcP?+owPpoUmz=I0JCfS(skP4j$HW&}m;*=v zijg57<1d~&9JN7iZeN5hPd5>EX)T_1DJd{uYQ)=Vh%Q+?If%qJf+r!GjvdI5c0eqe zWF6|jym~ZW18)X#y|Eo`#+aQ7im~J#!e`lmC;5zQn%kdeCs4Z$nc`)GvS+X;ExFtK zkR46Ff?NlN7EM<>J|rtK1#0dabV$zeL2}CAV~;^f7G8<$2k@po(JxXt6*-1|R6nDm zU;tKKZG&w~O#uJ!3JN#-UEy3ck1rW*(E8bZi3p*_eX$S|-(D@)HLjZ)gkKohYFgA+ z9oK;!L7?t+0wc=@YoV(5#{{Mf>ce96C?aT|x(q^%2XrvzR{^xblzsmSn5J?b;APIB z75LdSj{mWD&M}?2@QtXN_-Hs?+x@%UN+V?2!tKau)RmLv8(#%5Kw2=EO(gptD5_Wi zvj@2^Tcj!t;bxvn_rM)Ws^#7`v2zU4E3&Rgt5__2^Y=eN@MB!5+^50 z^OP5)WI8%LpV}JM!b9o&9~QQKe1>D)MDIbwKY--fo$=Umwjhv zJfXy=mw-s^H01v>C*L?l3#J-qK86&8_Ckh$>VB^g`JO_g*P6xyu-|WAahm+cB`( zq;K9``5S+ImXTJW+$Lyq^!?gIJ32w)txiFEHDE>;JnG`3Gbyxj(0kw!sAkU&egMKe z19iSraD{y^n1V%A~jA!h#a zM2eI=C&DSufEymx;?F#ZD4C&aKmG^k39u-OzsMG#z)t3;127E4suxnuniNI;jWuB# zUB!s00I_H|cwa4=?s!U$+yKvC!v=F>kL#rs4G4Y18j&h1RmR5&RIJYykL%=TPy=io-)v!i6V-PNK6n(!3~t`GXFCFqCVw7P*CHIN4OvJxZPowXaa(^3W)(gY8E%+1t*oj(J$#lhw@mC9N);vwf==sFIFZSEjk&%Mkf`1MM1^(~aZ~z;nk3{}?#lP_- zeM_D>6#@jM55~G(2(Al!lfNP;V?3SOL-&XLSf;+(etv4N@tA=l4sV}$KTw-Pow*R- z!Rfefi*+(G(3hTIhWizOtz^cGp(yxc1T#y7-hhA)`zGL7I;9kW2zbJ4W?oO9Y#LyR z6(J;qR7;eAT$(KzMXbVQTfoy}25_hNwOQ&hk#Ur4Dv)Tj;9@je=w!tczSO=!4(k>lgWB#ZTPwhb zu->x0?I|Xxu`uJVJ?q+u?bF8ok}2!sAr_cyh9P;rO&; z=2c+U!?dC@x83;F5zGyjl3!(W7B57np1lPe-1*T76+X+Wp{AKvb5;r3q}134;w zjfsIl5F>Q-x)Hq482IY%fuaL_`xuXFOWEJ0lZ0Pxq#A+W*Dio4s3Ai5BrOgxkPmOJ zN-twP?cWC6k~kToM1g9&W3nhJJ{5^ldXHW3+cWc&?d;1L2e9orMUS^V@)PpnaJU!T zPPIE@rj6w7)2>cCgi#-XznBxE^c{xU2z7Ee~Uas({ zxo*ya1!_iRG%2<`4~HlNAFRt4Pg}%_a>F?!p9SEIYkbhy(x!W0C(8WY@6x)x$=zmH zbFg;;0Bw||sTFu~!{GmzU2%bUVP^i(>WU@uEt$Sz#5Nes$(3MaF_|Byl9^G5E)&Ge z#Vxc&S9?ex$B3U~{moP74{5>nx0LH2)m!%!c=2E|m=qJ9+kJ-~$v%BPE$xyW#^13lu!LF>c}`k24$ z^N=Fewtn;MILCj~_YJ$FgS45_4|RI?zOQb$AW6=4WOQ)5^y*ZUILWio4X}QwkLSNH zIV_KN+7skIS3x`y?L(Fexordhp|<2~Qqw_F@rxHhn-jmu0J36gP6P#XSAX*4PS9q~ zlQo8tZ|n=$?ll1JuY9AnW0=D}fm(5Qn_^$EW2W7yB~WvFj^<6<2E1?1;a@Cu*$Mx_ ze3BvXQGoo?$MksOhent>m@W%DV9v=XCGkVe%!};!8JH_g0!9A9il=uUS7`1r1V2HB zIh(E?@@#=n&>MypPtFcUTm}4mz$iAsJ9y*n_ZaIkPcCy%`~|1z(Yn)75T z89GC3nCYWS%hulI^lE#d8+wiz@o<}HPSol^KIfYvcs{;*Ag!d&OeGum3g5#cGvDZo z;5hQ-t35sgAK$ci5{n4@R{A3BUQz8JnHhd`y^88VSmfTB2Z7H)EIjSVH`dLCVXhMQxp{|6J|8ePCw{H`h&u9 zaG5vXJntpQRQ+3M^)RRqS3{m3d--x^Z=cGO3%gZkyP71K8>fFJOj*fpMYxb8VHmjS3mVC#H4 zi1{r?#y_}}-gh4ArIM*kfT#Y(=j#snD2T;Y_L)d{+S`)Je98>tc@rI8)a#>7gX&~< zIdM0)hs^^QHzjU%V&1--@eN6t%hO_vpU5!P;$9__F+T9e^x_)@CM>6|tW!>U#dw3f zp&m1r;GlEF9rib7mYC6Yg>~auE^sdmHcH!55B3>bZO;8byiOsCK2zS3Tuix2@Lfhn^39gM2)YKuzG) z?fYgco0}ErEh5R29NEclrkdROCLem91e2|A-fxPbK6aT}Ku^_K-8V8MrXUR7>{*kP>+6?kX|c#Px_fkg>0l zD_osRah2)cuUhK#9`OVmt?lb8o8M#Z9_X=m4z`G8JVz%RcU`@7Eq;On8b}j#kemHK z9V*fpAKW2*u$}#KU#jg*T?p)As~X@pZE+DN?%h)tTpohp(HfTRfl2SuHnP zi1B#+=R)>qoM&f|EJp~DjCp#mpv2yMRhFn;Q_GfE#FRMPv%P}boDwNHdx@y}5?KH< z)yW>hxhE1}M;yZsz*a+EZ)wNJ(H;jkp5N%~6t@6=%Lf)`XF1y+5#bF!@fpY4@>c$} z2LZ4+L}1^Ygj@-`)q1c;n4rHrh-5erlwdS!0{~tiu{-9;L5?Xn8z_M%GAUhC8*o^5 z#X_rqyGUHMy&Eu@QiP<}yXV8N4dt6|Mhvg@3xeYCg$-o!wPSD#JC77>nt@rbS64CF z)OlgaKt_-f`6WihZ=!UAA-8eemGf7Q_Dwr&)_tZ7qGik!ynV?_@|<2v(&{pG;jZ(2 zA=d59A%&k=SB1ykQVPx`N#vhcnU0rI+8h-`)PDw{o+9U+MBGU1+XU3i`5 zz|04df>D)gUZ2g<)(_c=<-B@V$fDf?=qsL5#^rHKjDYm^61i4wGIJmLs(opqlUC|r zS~Lc?XHqO~Qp6Y%*kwd$#yAYHKJ%B@Dc=M2%`+bpU@4w+N^%_IWIn# zqrYfjeif6gL;r3Xm@n9AA|j-Q_RB6%rdMj!;ob%0?CbFwv_@;(Af3v4!^3{*i@O`5 zxT4#tIl(5dAoWSyEF44ouN}`1V${O+EX;ZKB{S^PdD~z0nOY+A?6Drtxf5fIv|tfAc|y^;8SG!>ljInhM5$%@$Hp;LED7Y-vV<%*Gn%s+U6kzpOb!|Jf1o^ zIJ)ccN)9>G_5Y2J#Vt@h-aeMcIw^O;%-udxdF^BqYc)ELaW&y^o=74Net>X$d>m=f z-Rx_%ps7qlHU*r&l9}rV6jK7sxOqs`b|n_A%^B*C2{7OoyhWZsW#6hky;71vaN3I6 zYo{x6rdDrBW^L{(atBD;o&nL}i8kJ|;f9%%e4LYaQU&J4+fJ=SXXag@l_2-rj-5Cn zzt*m7KKApVsHbgb7dv3~PPj6LF?t^1t>5ergExVi^L$_n%(a$Yxho)4=AJlZT6A#>F+O~OlO?+%fTQhP7h6hyu6P!b1T3~KqinR*JQ17Ts7aAI~xr*ecg-z5u zFunH(hywvrAMP;)rdjvLS?15Hr1T3VZ67-%)tsbPy7$6&*OZXnx~1LPT&w*K!vf$0 z-nrg@wxW#zP~kP|H2OR__WKmm0`9MKuqg)-Fh}~^gr`?ICeKhO7DJ{+&mp0%-#mF2 zN3tVW5j}~d@t4OI-LagNh-wR@UbA=MDdp^SwRwog(mrLusClvlml0_3JpW8_u+b1n za<$_s1})yNb|MPVjSfJRq$_8w1Xaf|cOKnN&8HiQSB;(awEdS7_tZV69z5etQT(HT z=LC=fVFTRcXJ|_>L7o~MPGAoR?thwe3b}83V9fg;2Zx32Jt&<#X*>eeAU~(HD%C+G0jeMQ zYfA-DJ17X73CM^doYMiTfH}`T7rc5+FdanaWAI}tuxcNofn+brN_gKArSUd*YKPhV zk)$%6KphVFMmt+bu|y8-dp8p#H)~6|0M+URgBdr9I|IomzBNueP>Tv`Q^V>YQU-_g zzOY01?^0tSroL)E;nG#oKWan?uFRxBqq>nK8(O7-wyjc(n~iQ5J-J)68Hd`)7hUMo zvvbRnC!+`-(63%&`>rkVm!AD7KVaq6mBTW*ATzAPbN--Rly~~+1*%x%XFSDSrglJ$ zzLo4t1~9|Cm|Am}rLaHkf`QILBtYlZ;qC&e2c(!7r?YRQIB))NFL>_jh0daNwGBx? zLH0Q`;R^vYud|&X(shVsYY>>MU&7hP+xIokf$C~dJiIK!@eK<=Woz3sKnhCYeDf?= zVk311KqCCYvggHO@+i??p)cR(E13^u+aKerK0t6ctsX${hKkh-Oea{C-}ti0$_~4n z8mrMJ7Gs9#iQa|v12x*#H2HBs*@lyiZ&pvTv#lU%*Fp0-pm#=!ctLBP76hV{OpPmB zj-fvZn&kslB4M4hk-x+o3_3r)a=F`NL~eKas1MfhBSZ?nxp(n!SqG~8WFQwUhgj-7 zXCX2I3*TIe2D2BU942!^W*kn!d49G%auWq?J@7vw`z7}SS`Aj4qp=^Jh2+ylp>TtO ztZbn?k6MhnuM|9G$?EGGs5bCFeew#IViF#E0-5l%FJy1=180X;D(qrbj-$5=UcNg~B zXbjBr!gC*J2SnSn9qSZxWM0g8l>`Yz=aru9O-HhU2h_$tMUniwK#yZR=H-EXK*)UY z{A=xI|7sYh(P2!>J_`BuzN3y-C-}BU`^b5v7@%&*-nO$Cz3OdvdixSNGiW=+Gov9c z{0xSD(>k)e3p%Me_H@r5XK>a)UxNr}r}%rR1psU<>l#pM(|xS~J?Uz*m5}K zX02B-)N0)MIimaCjA#4_OuDl+tuC;f-xy5b@OHU}4T*U&bJoDgD1q0S^tF8GS& zAgEcMc=m-L!x@}SUNS{dJ5Syra*5Kk;*KY0h{ee0AX)R*66yoSWQoSaa62q#Es<^; z|KpswOi}mMUfIvV zcz&S?fB9neH>_#Pl`(VT$&R#AkHfe&ot|s67tcm~Sv6JoHkbu30Q#w{@K^06hks>pv1Vn$?XC-A^q zF@Tr*rd7b(MRi7O4H9idG+F;Q_$K)%n&zgr+;)Vx=~0|#&KCu4ng^senCK-kNeSy~ zu|J^(Z&}*LF48rOKQh|92wV77S}d{bNS@sjVoYNsW zKV{nZJl!1-ZV5?ZEP&psKUxFp{}m{GV`hjeHl7Bfi*L41{_Cr9{k>sH??TGdJ{}z? zRP|w7{L(7qNu%l`KS5m}#^PyzXcw86Z(mJ5_J|?!-txme$l2)Bjt_L4hAZ&zM)~p@ zKmc&xZD7yXgz*C^@IElri>VYQmb+GGo=TaF(B8r4$@cPf36d8~ zRC@a=w%3rs!hEfjS+6e(Qp(!0hgmXLa)U@0wxWss0p0Feb_Ac{IM(A{_)YeBPMarE zj1LJFrs1Q^fc3w7lsn5Iz(%)--;R`Bu`Zk7Oh0C1_SFHYdWBZv;F}9xhhZ6m zujKmoi}?5gH$EWYxYKwz1(e1|lF&kCfdQfrTE{2B<>H$Qik>`ZXe4%~IZ(4>z<0vh zjPt%lZG(AEWmpsoJog?S%_Cfn|sB^c94kxTN+gMdr1uw%s>A>0Ut)YlPnW&)n@ zq^w0DGvB;nUj^i)yZe_XQ&i^zXx{!JV?uY!v8eGh81f_x={0P3Wf~a8v(1*)MH63* z5p)BWon&1H@wQuHiU2U_T=wS)A{jFS{+=4zH=Ybc6quB!KBzflQ%{)a+T2xpm3YgaW)uS)^wT6WC3gOP@DUH=qihIVnP6=m50ERr%@B zl~cj+!EL@FK?|Ssy*A0iS3eNKQUH;YvIgB}wdwzldF>JdjAs=XS}~|=ciSN(z6P%o zG>UK3gx@8wvhfunOefs|FcttJcl1qE#uYJZQrO5WY&$r@d_A@1*+^YNV*f{4nbX}C z$MrHtGwnem9pKU>;-2$IkTPY)bM8F}-xZ5tE@F+;eeORMnr?7sDr0S~JlzfIJg@*f zP92=?R@}QR!FEkI7lQrsEpem2PzxrtF*3%3jZ5>-SJ_*M;kf*U=6L|T3}*u@lOQlp z@xXT5`LaE2yR)JUvI$R)28p9vW-dH?$!UNsb{>mG1^iRQ@7ycsnHeTx=DD0OwLP?o ze?fUSFgW@Q`Du^VU`IQ6X9JlaV*75+-v8mAr#CymB|cHbqZc^wAX@g(YRFw^XF$-9 zUG31btAl}RXLAS{_($B^0x$L+(vtcr=JJj99jq3#C2yc+LJa>%ku8%#7@WE#x3|nE5G}X^c<* z{TZm6CKtfWmUZT1@~~FVDzFCxL)7if-KdQOGB8NYUt$rBY9Fj5wpTW%0v81;qnKBW zaevvg^rBvAq;spyNbG1)bJD$xjb&I=84$TuqS-5AxcI&kW z>DY?yWXS#q%=I&V$A~?Qfa!+gk9(XUZrjs#_&%U!@Zzf#cJ6n6Nw`N1bHU8@{WEJ~ zW8Nlqbh5Gs*9>j(H#`kvLB?N(yD$4$JBU{Fc*ZmGJ7A`~t#W*dU(gGUvgdz*_|ZR~ z*-VPX@HZZm>_yuMzI1rzFOi`)Oh@);!uQzW>w8dh8BwZhzjp0R?yU1$03asDLj=V` zgN7yl5_4N|eS;n|ch1u!F{EFK5Uf?{RN?$A>oJNl@bQg4=({b_qTIle<>r zYwY)Vc8rlidarXMb1{o6F{5YDTlcC!y$}i(ftlFTnCK&Ap!RQV_IRQd_6xMX$Cw8D z_H8F|Mto^d6^e>)%v5%5Iw(#^cq&CC?Rz13SI+KnZSZMJ6pZ*l3&Hp*EO7;`yk@y4kAtBh0I)22GlansRu|g+Q^>td6b= zI?wKyes|>DV4>bxxq=iuM){}+^%{|Q71s+9zdz7`FI~BIpmO~%ny|z62XJ>H1va1( z{uDXb?RDekE;w|Go$==R55b}-BMI7C7fjdYxk;87LzFAkXMIvI2A(iCcw*2;p`f9L z?uhtM9iv+CIt}FH@jE<*-4BS1`Tb8+s}ikhQG~igVai7Sf>l?98{v1-dFi7bO(YVa z>HZ*kuM)vwfwVAY*Sp3t#VMTTS0%`HUya?#r>AZ2n<+Nov{8{vaA(2J&+Fp zWh@2qP|xfn2u(N-ZG}d#BH4}%cAG9VKSI5RPjb#rGUDzFMt_OnlV4A^4Cn))tK)Xd zLb^CiN~iHI0o^zJ0KHHjM8*!!zp{gGwNIcI-I$K>AP}N^0-vzM_55h;i9}Dl#0c*- z6#)sto;$ZGah5#M>;cH&S>p5K z1E#0uzWwc83l|FxzjT%-azMXRDnEtuJ#0yQ%ms8OyT$h3!%E?8fP$aOIJC0XsLS3XE%|x;y7pW7s z3&U-P+`({I_V%+wm{(+B>6at;G z^~X8?c@JGZel{m}7X|&3%v;kM7(HAzTZGLE&kIEo$njqMRaF6d zK8}w1_WiL;zOV#ev(OzLgGiqFa|y22GViFU(IZ!qr27D#EhnSuP5aLD5KF&wUAekw zj7U?FdUuf?sLG?3e^0^}LC+ngPZ7g%u(x?O*9-xbt$0*|^6-duZ1aI~4X&h0b1*u* zqbaNBqLKa6H5Ow(Yq}a`j(#F`AkwBBfs#_e^;md{%-RxI<9@i8h=N7Ib=3*=5Lf_= z+3L1t1c4)Pt&4D*tIu7do05r3Ad)zTRQ(LCD);%e)>aMeS49F>t@qp&+bETnE+j9S zHBdtK_i9$IaLUp%dMy0v6R#n#gws)qDn~AG?DQCmJlikt(HqIf-j+L5+iyHXYe`98 zq}>nKeaDD@y8z+>Xcs>~RX(YHe}n{u_rX89fi^=Hu15_<|eg))l zMthWOZ;soDcH}XLF|2UYv1hhhaJ@d)yz#|QQE!|a=YZ@W!Onm!z^V(ofXn+uO*hOU zHa8XVN%n_0r8%@j0s?2mVZGtC-4gNxq#lD68T)%& z%OV7_i-Pg1L*v-3=cS`{1!to&K&7cDB$MSwA8X>5O99|>RB?TMx}p)f;TyN7uN_OF z9n?p6gr*+|zq1dKh$U%^+@`LE98hK03gnNilCX#UsrACQTAu6KpY$}w#hmmmogm%n3>jwG|gBe$JA)O&-AC|J0jQPAi6 zA!jR9PY9bb+i$fZoyLtwy>D8U!2(@~kaRq9 z7c85#?Hb^HT$Shd6i$R%=ky-x2?n*_euw;AjIp1>YvgE> zDyrXw7g*b%d2>!{=Rpoo!UK-I00kT)DEG1qWMXVaN&=plfoX9FJ;#A-?MlTtBP8$w zKt~*z{N+kmjk6(Fe~4goT@wO46)CIE>sp}|MyMwk43}i%HQ;tD;-mSSB6gxR#Ve$X zHARl4b4n1u4Ydt+I!n?7ic)zm$_`!A3wb_sRMrrzdu5si7mH3!do`U zlY3X?je#(&3h^2DAe=bn*5Rfh}O7|?M1xF;e2z1w4-pB5%Kz?#`9AR z&XjvK5l1N*+&kSx3?SfkXtzJxollf009t3@TX^TITLJty@t08=W!2JDSqi6m1)+@_NH zP;sJiK4S7jja?jVM4YF%rZKSQ6tzs}raSJUBDal19Qjnpx^h)s+;#m!Qf(QtbN3pj zsN;gjDA;QBI1U{nSXW*^?zX2A1C=f#8X4N1GF^zkSO~3Oq5Zg$d{=8Ub$@a?r4_D9 znI6mWdtJAH(Bdyo0rfVCr1(V{u3x6sw?P>%FO$RV^Nn1w zE;1S}TsVpF%&OZo_ECo9<=VX|#umGOT>I58YL!u5ALn~_i$(|s>fX5id6ED{4rOIb z`kk^ukidDfJO9>TmfOV>bjLls_2;g!9a?I&pz%11Y$kCCG;_~_Pa%Mcy&69DXn6Vz zZOK;G3a3(ccUUJl@VkQP!BoY&=$9$CAThIeFEeqH6O<3K2BK4^L!;-OYuJ*y`Go!h zM7R4Ck(kKd)QCu}!QNFrXOX@hxLC{>^yv((L{GRRN47~lZHU1hx#5n~DF2I$`fKO4 z4Q(vq%dbx_kVD_(bn;FE{5fs>7PT&6-`F0E8nJKKjzt0#ps@Bhh#!))Nr$puo>!fy z9zkywpy!WktDT4s9canBYyVq#3o5G6v1CCEusKK4%b3jcT~QvD1Zxl8dzH~QLb(Ok z(HGMeQJda~gGWYf?KqY5-6njJ!wR{>;Q`2GG}?j-blw2&0nER<>wo0?ze4>fg8XMo zlIn?whiXdAR^}-%Vt{qyc_(tPWEUqnirzrq{pW{_h+o?!P@4J}cmFNezJ}rKM8loh zwgXLT*4&D(O%o>|dt-}74Fnt43Is|7pl?>xI@Iva;Gx7-U-%E#Q6VIhTVN3<*il~O zl99Kqv{GhXvi;Z;UK?$es3^X{0T@=X&Y~3G9;wF~go6SQd(*-27<7Eu z;X%Yx6`@G!aXpnh)I-`=g?cLzkMQI{f7Ld6he{q^7=d(Mj>T#q;&lK6a5h>V@k_ZI z*FqekXssllh&CMOlG{^BCRzW)mJYYaYAc#Fgpawsbx@Px?CzP@*9gh)FVr04uD4Fh zupYh&|CPJzKf{V(y?Lnln6&%%E+7J6LvEUKuJ$-Hj& zb}cJhOT`^f@Whun`Ves@vAiv~?N_7cCqk9Z08{EP-7=V0x}nYP1;CECbw>dYqZ8u% zZgB^P#YUl`D_p!Sgrs*)j2aK5%ZKgnoR%q>v11Xd+I@0e0HYBJw6CHx2V6ocV+)b+ zd+noC2EcA3zghHp^`S}W8vQB!SAf0EQ6wjKYY}=LZ>?zUT~7dVRM&@^e5~+%ZdFfC zjs6f`NFXUR1MXlMAw&0V-}^-74)yuL><^_Gqvw^eB+5vlq6`NSYNKR)o#IYNMte0M zlV{pGv`x|aoYfg^Rmd5mO$>E1S@MR`JWDXys9EsIDv*oNB3EsD5m|hsmMUSRt+A(W z&9O>DdsG}qBc`up`rVPW2jP#11y<5wlQ#`YAqR~kYS(P1B51m<7o^prLS~Zax`uKN)*Ol{39;>|<^9U>!PG1YK&AX(*mfk>Jv zqEGIHnTX#c|G~fc9D`)2LErg|M_Xevm@EToH9ldw>_p>O1U+HvVvxrtIsem*>m3PWqh)?fthzbKuiz&h^+C)L5BZOH{c$Y;MmYb?wJnn~Vze`v zxDLzP)*IYxy98JFeQ2Yb(Kjr*TAn~_-WZFczN;pXAXb5R3^GydR`{J?^s&%OA zR^eGAFQ5o@4r01HGX37PL;GE;BY_zDl<@i$cO5^H0d-F#5eYc%Hw%@#ld#N&+tahS z-~y_0EkevO^a{TK?Bo-q4c5l8ZnVJc05O*e+-nzxiS8D3MB^%2Z=?*FJyZ$;z(XQ6 zdi|k0p%Id~NPw#%{KJZ^R!k^FkW zJ>+D64p8$K@IgbhKzvYb<-~p_g${=S}h@C}m%#a`C;OS)#YC zN~R@dayxmbVJ<+VXy_TkU^3ojS_^OU2Zu8+rUxS7Pr!=Q4uOL@^^Z;}v>tSCEJP!j z#REYcpVJ4^{R;^-MD8lg5CnSuesd9ggH+}&Xoz0qe8cG><@eb2MMq(bZ&34I0E*PK~FP`Vhe@Fsy`wRdp7&gri%L4K1kM(&)Li0lzZ7x#CgKpm@MOgE#qBBYFR?`PQj?SX z-7WvLIL-Yd(v^xxej;ePuC)@`5~r~5SqH35*AxZkq1|-JuG@!E^{)|(S8|~Ahj8Mh z`#j0$4L?Q2^-sa%wUc#rEp_4KeKv&Qk8Mi|>0 zNT)&V%NjGXTo!Rh&Idql`ayzZB+`qFP zZZAPz>@l>>o6+8dO2r|`81Lm2O5U~nV^3|@aOR2U?$P#bI=Ps^T+SE}~ttOmd{#DNSMp?Oj zYe*;_Ia4Ru$FnYcUbJ102jGI^rYC2iUJ9=+(=(MSB}-*#pPiQo8HR>2)xDbzv(tmlbU?F zP$`B9!?nzr9!ad7tP$CpoZQ9lc>~j+8d%Tt_zaAcXFu7yR)$!|+y&ZUjl^EKKw16@ zZmx|j*4y!YDV#I;lYnS|>tLOI{LjDi#xcMhJ zR}A0c2BJoa@*aCR`95K*b2m1=|CE0aeSQZM3oIy%27VDvvc7;}^$v2^57nQZa76UV zy>ySttuLm1;a|D%;Q(Z>O87&?IVv~=fgCU!lp)1x&s+f>S>o@8G2(>kz_bKS3T_bU z0A>bU^=QEgcF7YooZG!CmG<*nZMBtd2PnVGT(&DpWRllDpCX z%>5Gd(Am2xHi5Jl(O5BM_Q)_&ip&5+A;lrN4DC($*VY}WJo*Sk_79GQ=wE&5E2PN$ zS&*b&TX@gvP%k;g%%-mpmzscOJ-Oz4hr5U_LX!-)3sx(5&O1VG6`7<^nBZ!{tG&q}m1m&NK; z?Oaaf7){?rvR(;q1x{EZPVEBC+`+48J>sm44o2*+!99BnTukD)Q z9IfCM!N6l3s9E)fyr5I46Bk9JCgA4!CpG$5;8Wc*aNXSFfWi}>s1NT2a!~G?h)76= zYHYN&mHF)uXjlw>lO%xc0%n6FC?X&4P9izctfW<|38L1`Qf!$m5JOd$$q2_0{x%d@ z6YZlgVi*paJ=W-MT){P{N17$fciw3Yll0ji`0t*LSsQLO=Ct>VXt{0zF(>f`{C4IX zNRf~6EEP$C(|}#26z>C;a4)WvNIIw`(p`_ivzZ1Rf)i_ z4#X=10~nE(r3&pgtO%^JtruLWE&1;xq3)V3$H#gR$wJP4Vl2Cj@RaOxJHS}=MbQ~6 zbPusl2xm3@o}3%~jkxu-vA$?k0>*RN=mLx-kRpRi&>``QMa-TeEfeI&03!@!qtAIq zP6jLNqk9iqkn3al2LzOfWv-^79RhC>-`)s3q-Zh4zeKvu2=YE~ZG94=^1PC9 zajF^nukm3cvJOt>&g-69Gz(1CrLmhE%GCW`oAq#BRSVe6(5+0wjjix6Dx#-Ok~;Y} zjINgtHQ&+M5gEJD8exk4vhRY!5Eb4Hx1T+u5BQc5ZgX)3>ItO(!*d-RgZ})Bn0!IJ zE{v84|9mlU5ie^1$@bt%!+uCGQe5FKsI!@XbucO_jgm}Hf{rVV zW70la8@&RdG=yq+CzP^AIx=FFC^Dc@$YF_F;KP@kz0taC@jd+|x3s2m-keQoUVLoy zxPGt0&A=s=85#+7Lc4Gk!yMI$+s1Bx?#DNptBa&u;>7_zUxgoh?Ap-%mPX&>w$aBO z*_E|lytXt2^HKtstZv3Okq`gH?YA0LQSDLd%_g-+?SIsKFXNM%tPFIp16XB!;DhTL zo8Fci(kX9VH#Kp!AL>7y8^rE%X@51CDyDxPI3GA0n}`6P!g~+o)j0y}(!HEdfmD2* zoxpEQU?DujArfd!n$UiMCpdIccHNQFL59=YGPI{^|C|u5V7>zQ?W1l$<-*;(KIM{0 zv2qzB{p)i*fHCF#WIxKQmI;JE+DTmCyMErcKO|JuBu50>?5!W72KYj+? zLL?WQ`)=H!jR6+o6K7>m`98`vwxa09^rjXZ;Y*}@co~Sn02BBp%G_^m;!Lds1^@8$ zMQ`o;%4@C01XQ!$s5(iIo1))@Z@%G(b!(Bj>u>5_|DzY9aiM3WEq5;*DxEn7()#ZD_PN&xBFZ9k%)*$;&B2jm)k0)38!ixFI zwat0Gjn0Ap6vbB*ys>kja^pPDpjSQlLAC+&eh5@vTh%q;1}j*+)CxTc~qt=${ASPhBkZ@MS==5`W-Uu)7of=~r|#ap1B8aZ!%Eyeib)7lUE+-~HT3q$k2@rQodHIfL%uCbS*!1}4QwA%b%X zX{a6ATvo3y%1F_;rr`6?Zbb|-L%38~$@v=R8~>3Lxv$ETM)Bbux6RviiSj+R0sc3@ z#OWISF8pP!QyUEBpv7Ji9556uzsmiish5FHiDa(Od4LKwE)<(0S*iJl zLFCAW@^iih7Y#zZ`UftuOwCYDBp>z{E=}Xq5PmjPeFjk)*uH5~E+WE?-$b@jDY!1# z@k$Mr;Thbl`%e)Eb*1J#MS57_DxgBGYZb$W8H{f8%>I?_bt>sI!fZhMEVhw>A z8P|zuEq@S0U%GB28_ERO0|p#8_G-*<^PFxa@vX)+Rv1r#KQFkhNIEVIM7EOs5n>k> za>4ChWRXjDok5t}5PF55(7xS_e!?sPD6t8f!DQ?S7IIdg4X zK{CX3_=D+8q>;WMywjB%D7uDqDOGU&M7mwa7)a2t;iI-_4t z<9-BASmTbGBCF~M0wo=?(cC;#(yU2TNg)TfO!m>e`uCYzn`hAu9D(XcIp-8j62Td1%2jN{O~r!J$FOrz~u546E( z_2jTTe?r;SjZQKutBiIv>5u?fOB^|FjBSh7ct=~}GAcu@X-8$O?1dV4vLZfIB7F{M zeBj5?!(CCNYi^oq-sm8L$bFxMv93fTDd(2ocQIi^50TsHSE$c$AD-80@qy^7HQtG$`cgr{)w{V>*w)^0!z+Fs4Mor{#vArGYVaHuS0e<26E z{PVAF^jxIf>p#n}cxh_cFlK*XXNuEx{Uwqo3Qc?sN1Z)2pUE@bFsmU-Yi@gt>u-E; zYd}IS5%io{ow>7lRaIxaSiOB8(d?@L-!;Z zup8HSA&Syfb*P!*4&tC!Q~kcUEo7B|XYO)$bh(IR3V=-hftVBX8lDJw<|~=J6ZJ-9 z{ERMduE*~)JvdcZx`&0xyg9O(yTGe_$SlGw`)=Omx_u&E|6OFJfi_sJ!aen=ND}>* z&i(-0MVsl#i`#3hXZ7@4m?iKmD&nnN5r(3jvh!HyHCXFU>GPc3j9tFA+p>_|ii#K49Z zSH9saMZCLCgrns^_Hc(((GY)7ol!+dB$-U0*aZJ8yF01=hM|dTMMYJIS@Sd6qB_N? zKvDD7d48!qc>v`Ca#0sV4ctO|&&ROk--BfEMfHu=q@nlZHYYYz3;gbyBHdwSXFm(k zc%h!y4Xo+~ZRrwj7r*$DFXO7_g&c#|F|?lfLXKz$0;?w_Cs13Jp{@cX@St#2WY z6w^$`tCI^J?q;@kn7rD}aZngtC{hNzlz=pO5@UJ->V?47 z>oI%kEx{@xcNsa!dyt>HyRM{T9`YD3Z*MV-= zQ+VSy#B^SPBC(#|31uk9{idYlFY(sCX`S2-t<~Gz0M(}QC(~Ur>`&ME+Suun_)VGX z`THFDnPO-{g$Se`vpZQWVFnVs$zkKzx+6D7k4j)ap%j>XY{$TF1|E>_UoNDi@K!M$ zK^wdM?#L{vbUNdb!Z=7#02k&z*y{xrocVPX`>#8R*LkUtfI)3>_L31 zWU5A?KA5pb!rgObZ=#i9f+$^ooyMOe=<4@7To*X2OXHj2_5gt4jj^m7>URWwdLtiZ zf`AH%jvL|aamD)@^5R0fD47(LH%@R`12yLwy`l~ikt#JdfZ1FdU97k7DNbS<+Xs8# zo2pm{maSjtf^EsE03Yq20(BDi#y)aGE;cORq|U*{q-5$YFtapPuc z0QrU653~kOpI6~MYSYHUvTs~JM0LtVMh#$wU*BBrE@@*QJmkdaUi%v*UiW{2`67F6 zMeC%<*muvY6mgi4KB~u7B7IX6oP{x?twMJ#>M-fvsV0x_YB)^o1lwH~+;ri_k){H|sx`uj; zClzKJnUbTACkj`*i&n$npd=G6qogExyIxGCp5;6MQd!J3O(*lXn1@x5FNj< zCb@>%tGU1)sTbSmBp0_ga$CywFeVeJB2aRxHhD|~R3(Okrb_LZh?8xbEyfc4YN{`nHMbXve)$c5_fN>}h9&^PffF1SGo z(#wm?z6s5aQn4%7+q}qPw=(*Nq;QgxJA$bJz#fPM#)lli7T)_r#2pu?U$E>t|F|bX z%yQnpaEsf~Gqa*&G|unJP;Z{xcCo3sT)QyaBrNiCT7kjjlgKM`u$EU8k^QX?*lvV$ z=dj`&;y&_Z^eq>gmQ;H+iNXShN4>)63a5tNQ1#K00F%J`%DssGBdlSYOnciM`_<|U zWNHxEmiFXg1uqv%EO;Y6uCJa9haY_JA<9t_r?EhVV~f&uamW4sw+pyL?o?0CHU#Q_ zt}7z~3g4HI-lFg#_X-S!r>wCdCPIoDG)K_$zGKB(-bEIY?RDGetY9wvc{Sn>4ICCV zIVmmFAcWY{TlTMb=ebBjoGaN#jgg7l;#?$P{Qr*JkH?+qQWG1|e}&rOgb*VdxV>Mf z$#^XN8_x26DsDRjBo6Jz?TV5NaYv@yZbTB{92n%c-|*XheFHXp1|8&bFT4zw2EA3t zE(ROAxTA)lUj9Hyyk>Uh&d8iws&uOku!~{)zEYCASmBZG#S=Vm;eh=TQkSE;w5Z0j z9?=MfpbJ6fA9wd!$2h#%ax3pf56-kbhJ1kbBgr#5GF-gGCKu^A#Xc#|uXFd7am$`; z8}K^GPdf%SbS1L#O6c4qw3*00Ti6!v)cDmv#;hyNQ6TQvU@cCB|*g zt=6syFvA`$X%N;KD;JDzA_g_6xHqGVwATC7>V*QXRftt&Bh-ffH?hUmt(7@ z8s+bedIXIEhPnfE7kl846o{BjyNNLd*2Xb+ifA z(dTtX4sIPp%)el(R;Up)&!_L9oZa?B25xOi*fbjbF1#mTFp_CUEkfItB!;vUULz$2 zeyfnfip)uxh}!8fdvMJY$E|1D-3hO$k`ROxgujrJ>d0UJ(f-C=tnP@Gv52QiIN;MWMl=tLC#W0jo2oZIJ(xG#^MdN8#_)7zO*ETn|N%AF=xo-ehmku_r(; zNqUCDKQ@FvR3psthU>jZ-rNyD94Q|jjqP>GX_e>8K45!?O*PuS)lvgMd3)vJ7ks^v zF)-{)rf-Vb%@-|}S3P6DX&~9!y>~->-V!&cE0XO8u^Ii{1k?Zx@Nu6-t_fFXmk%7G zU%7s|AU3^|OQ1|#Ag}dKGp_%L;IN~|KdMFzqSI!NNYcu)Df?sAfdg&9NMWjm1ncwI z=*G0h!ZojEzKAoLEe6-`PH4}FPIYBi=}(}l-*Xq4-Z|Yg?@i8`z0}@bJ~tpfI0e1= z?>85^7N{}y=9vv23SJ?8NuMNQGKn{Iz`*~fD z+O>r^0lVIh+-m4l_h3#pRYUwc!V@Ee=!y8vRnHAzg`pIyJDBU>NW=LY!1^Y%-`DjC zFO=)MdqeR2HpYJ5xPB460OFB`iacuy~s=o zwUu12R90sAjVfcmShWT?Vo}IG1XoNSqn1ckvj5nU*6J15Y0v7D+$j#%m0Y+YxHZC> zsJt^xQm8JV#!Pz#AnHA4Q0S+q1AHIf-N;lMrjAYz3ykX#RD3l@`@8}#EE+BFSYyr$|K{qa-)?3rY0 zfZ#^JGK|caMpL2`X+FSv)LtL=D51L(e#sRDqRw4@uCSpS3O@<32)KP$=C4Y5Vw%D` zxi)i8X5szNu0*=o)KQ{1$qZRQn(Go4+O$S_GGDzfsN>U4u zk3gqZzdI3utEthtN&gBZFWynEM(%uT$&zt0L?svr( z*9I1n7qya6s7UA5@shhHA+4 zOuwVWM8mqT5#gHp%JriX^r!~LP7Zr4P#QOvxfUEa4R%>+k!Cndt^h7X0_e|1B0&Qx z$H~i9q+$tw_Bp!CTo)?jH@byU1uU$Hd~L?YTy(soAuUrU^|gpm<4^)$16 zk+2Dl)=`sBMXYhxD+Cqkwb<~PJe-bJehBA(W=B(ck zUeD!yS4?$ok=3|}zZ(7MaI1*A5%lM*cB4m@XpVE_cEb7tGOQuMKx z9K+oEx0NuqV0Hie3Uvet(SQR?M~w|`75ttY?)Vs@#FJ}Z_%HJ8-f?K!aF+ixc6Q6h zPpWYK9f$@!IW@N3u5s2%X2nXTMt6~6cm`K=TtBuFi`O>BT91sT0MctUNOeDj>xz@{+aL;#5(_K_FGf#*cU_}P0Bj;>25{&W z945;(Sbf?dM584p{T&b(o=7`A{)~~&|x} zhy&Xna}R5&jR>M10-^9O1y2apB@)M}?7Q~Yj~|9}+^mp;&}xywPhcvYmM5sT&;1KA zB7?OL-xKX4+~4VfycWn3eUG*9NcHCeegg`x(U$2%WIdU@6Yv_s6~5PB0D}of|MfK)Smh^Ab?jIBcqJ!f&dD!KTRD%P6#8Wu1%; zE!cZ7WEiJSxd4#anpt3Oj18!8h}QM5<*e|_iK`liDA+E%7|7wc{S7U{NnsKWMe_WE zPeK_z67jS)#o9AFEQ<$G2wD$0iS}~HK!LjoT`#8O;)(&_FmN^HoB>7Q0s9+o4lm)* zKgk)>k!WH4dmeSTKB5Mlu>;|KzCaqF%k)qr54FIa#m_T@ne0Q|5b=m3KRtVsGxa88 zl!7?I-ZgU{7}?qROQd0j$;&U9RB+*OOx=*v2<_dnGpfB@o7 zepDXGkbNN116q3I#y-D{e&|s54H0C(yqy3m_DjU^fEu-!`63Pf)Q&e{yfJo<9y#3p z=>X7kOKLvDdx@d!#`UNJxRrmncs(#;sO?fgejL4~iseJ`Z9ogzV5k;9g-kf45>#Rn zw-=&KUGPX~8RJUa9Uk}1eTm?$xR41r%7OXjYg08vK)Q?xU}JN z^bGwjiu^DR7TL&^(Of64#;pl?2qT_jtUS370}Wy)L|fbxeOc4Eq8WtuCTIKQBwyD$ z^#BT%-kC5SH__-}5mwxX0a?t%;>R+30yv;{btt(WzMqf~q(ZGl(vxHG<=V@R;uX12 zNn@`s*L#vzg?HRCyDdoa@-Bj^M8laZ8sf0Bzj1kc zgGpgX9P8x^bSD{1va~^QOn4B7Xz2Ra8#xGM3z?wh4EdlfMDqUKCd{IWnGHoYJCgnG z)VRw;imuV}!GVsYU50KowxB>>8oT=`t3F0l0lJ$x?l69rH!au=CHTOfOb&4saOEyT zA9@-cZ6!4}U|3YwW1{%v$*D8$<1_Vc<)6fVA9hx4Zb6~U{~ZB%mJ za{C~t=(^>q+c{;4R#PsfjT0iVQg3t$?GHdwfpRzM;s^wW^Q<)+xq_=8AhN;dcCMYAUkxRs;q3lb}FXo-@5g$b4%d$Hqnv z1Vci#q})T>?gBNv@+KC~&4>6biB&cq0-EaLYQ(ik&m^(nt>Bxt3-r+RU+xBs5To@o z7|Ph)b)WpgxB30>Mp~w0V_zaQ160iOA+~b}bM5P^63L?GS@PRo`8=0DQlr-*i2|Ir z^{=pKJm=&A&|~_KNW=$}1(#({#u2HB9hS3PBn6JwF8`(h(b|oAOqU1-NG@uOICl}e zq0(#GUlOuC4PC48Bs`lP5@@imDqi{?uU9X)!M=(#= z8OypVkSSSe4$){)f749AxpCk}bGh5&-8B; zoak~r70F61_J0+!E-I_A+lts7tduYlgdG^BVPw9B`s=oQ)P}OQ)dt#)JE@&@GI0+y zqG3}gQl38Y8l6vL!=W7Z_i})?XkVe-stTRn(hfNZ67S+~sA=+yS4rMLd+#51eq2RwNd4*-3J#WJcyZ@iw)_>K?|bQH!E?s7J^Z zEAfN0Y5E-$YRqjeQmCFE2tJ7Kgt0c)&^F0Y4EXQ*qc;d?SUL*z{M0nHP->dd2H6Wi zm0*mejY#@U*T|1TG?z%&hY78L(z{N59a8$u>zZFo)sFsyW1lg7t7joU^iKV(#{lE+2P&|up=X_2iXTrnP&dpQ}rk$8OTBBN0^gJm*dw{2|;dlm7? zg>S6tzW(d^p3|<_X z(|T{8Fna;QP+nKW>6=`9)NcGExo`(zUK{6fn~D^Y)0W%9HEeZS$lQJW7BM*_UYPan zTqhcH!`rX8j>_)8Nk;hPA6M@z zP`o}-E+TJ45>0T)+UObkUh9@IFyM~x94e4oh&hti4(^hrLp4NHKpE=0yL0pDh-86N zmt?XI-qs`67JiJn^UT=nYqfi)oRAoM7I8VnVZi>*^nt40K#mn4e3m5Uw16&bh;Uq_ zcU`eme1do4LX99tT#NC$i_N4=Oy4U#b4Bl9EFf$P?L~q=Atx=@|Bda-tr)5trhKwNP zgYl^D2GYS^&N#Y5?AZTVvT%z2Vg> zLtRzIvYMYTbbW?W5NFSoFd|k6hEPl&M7)v_;3RfnFLWR?>dM%?h;>9I1uO7}By^=p{bDY?0)Yz;@A~DgADn>8a-rffqvAd7xcc-Ul3zdtnD8^vI^p>f@k$MT1+&z| z^>yAG5`c29J00*>!`^~LXQTH-af6k-5b5rUBD)dREs*m&%$7e}@|@0d7o-z}YSdO} zV}vzqna!U?fS{Otf1&186Q3ShRGei0LBb+4cUm)$eZMpwYPtp)%5(HOg6G_St^zsw z_FP&Rw_%9d4eiH%41xw5V~cjEOLFghRU$a439=N=YbE2&gO)(S^}AyF2R0tZrBc~A ztKaPqc6;W1i+j2smrTjS^2}|kXY>)r{%h(?8EU2ig@n*&%3*=&Apx6%EhV+R%u!$T#<$+8SMew3lqScYZ zYK+4Rw%?pw-WdHK5sjFFqfk%VD{wpCCTEe6l>cV1T#2knY)nvxwH=pZroR#pC?f7k z4Bq&lN#9ikc_4pF>`Ou#tovJBGGx;l5(|uJ8)envKOIPW@MC^3! z$@sfRK>MKkfS`_c$+{zg@P<>5mq?<|A}5qVVr<++r3MySeg*qDk#g7Pc4<-@ENw5; zLn^jTk`Gqy-%bBvUCj)1VFqj;9%_PGueRDFm+lTKUWXIvQM7~ssxr2NJAhOLYGg>r zx8rV5byp$iLA|N?Tj7`LhBl>(cbEXrAL$YzesAJ@CSid5gm0%|kg-<-oJAEJ=IeAv z&?GS3W43|tqLQFCAVedLA8x0>7{_GMQ=xg1riI^x)omWyE%7f#p_bJuuicwriI1T6 z(dbtNv;p$0H>1~IYeK7Vu0OA^pzlf3x}Y?YONSF3x^A8`YV~a4ij33 z{urRS2pUNrfYioT`q5*$#Ol3OJziWF04#eBu1a{dDty`jH&B>A?SaB@)c{lYYMfMd zzaSv`3i7r+HG^PLa(ypB>ugQ*$^=As@Yp@v0nJ2KA?tM~g*R0TEQs&MC4Vn?*1j>B z`;KV`2l5Q81;RggG;x(8{}%E1$PW^?VAAulV!cM&zSW(9AeE6hbJS4pt*6} zWG<6asVIDriTEL>Q$_^fTUh&Ci!3bRs~H&7_uSdcJij8H-QvzPm4dw&0t{aHW-o#j zu4}K%uJZ=TCeDO^`9*ak-d3a~Sqki!Wv@Yi^mXBnlAF<6d{Mnnr)}8%hjoqX`%hFN zvF=607k58TILKb{B*+e~^YUV(D%aoHhxSdNA1 zotDy}&T~MYdXRoZ&k*1w0dtxOh${*le@sQIy8imDDV3lFlnQMJn@o`D$Vj%+3LjLv zH#J))=77CTR;thSr`qGhZo4$0&4I4-x*}KwMwEtYuh?8)q?A4#pb1CIJNE#d;Ndf1 zui=RzZEN9<2^U!dOfvF@arX;?K1fR@IqLqLz`?%f>aiofkCsS=a=b_F@nZ{A{gA{d zlJHjB%3Q!kR%HGXm5)D*{`C%a_Pe$VPb6xc$uYOGLcHjaTTisExQf|AP;SbkG`}ve zzZ%0qAP2@u0-E)VEq2@EI|`Y6cfe;iN0jMR#4*V*au`R=FcxR#2Pim*4c3_pUKxG> zNH}W4j#%Yr1>9_ z=3~rwSFW{)durM+e`VM?LKzS4cwtW7yHGPlFt1p+Dj*dt3{U4m1j?Nj?0lXhkTF1F z%Ma7;Z^Z}9I7-eNqY>;#a~P3^6IdN=zNd2T>RDhu_d+d&ziibR2-`8-^jvO!dGD9wQ#q{w!CH~Q!12Sz0ac8q>f=Fe(gkH#*+Pe;yqcp%y1Yxm3 zc|PksnKtCxkj0xHLyKI1C-^VP$l`A*l8)k!CpM^ikw(#l=toz;gLS9l0Jc1^dD%3+ zL{bo)qDEJk+C({aae9h~&D{O&;Ilw6vNL#w57ihH0?(m+eyuu0fg%I42zl%LSzASbGGvCh3wKr)q3u-! z4NKgeN4L>Y?RZ`mCjtYd7nv2x9lAZDs>pz_M(_1*HA*-O?F$wOBpjwh3@yb8mk~Qx zL}dtw5vjj$*&-tawRqjM%pThqDt03mwC0#H?ltoqh8r>4fdx4!t z3!#2%G6!+5b&5jpmwYq-OK*!G$hA$#Gwo_zs~2VuTF^9v-~Gf*_NaJ_T$DbjljKaN zB0$Wx);CUq*Y;DiK65g~C^^}iV~+TTec`WUf1G=obm?58)krQXjQ**NZ4q`k_}qRm zGSP&ZqepTE_<8@P(iO6rB(03gmP5dU%6=1Ex=8PHFEf?7dx2ux`ALP=FKgf3 zbZ;thSljG~?3C07}vW<&wad(&n^h>=nyAreGE||7C8w!Wch*2#K#zvT0Nt`Fejb4 zRwUQ6EMy$&CT3mX_2iseiyK6L`Fe1z)_JYHo{c#6YRnaMNk=X2TRQ!HroVft{6~s4 zLZx!V!G2CaX}_<3Rd-E4Sp%LtNBY?Z`R9X|e9v{e96zXlZV$?^Vi&nW|v_(RR62nQ{fBJ(WXiw(0Y;hiUNE>6Ii$W+GR<_gd6kf_P(A3fXKmHY=g zH?A*aoAqpVpzC?BwMV)B_!f{D!NqokP9ir!lOSj3k@lK+UuMM#%p2U0x9l;&K zEjP)_=oRXF#%6g5?X^q0=qDH}14dIcQ-^PhIf*n0Z1PDBHDF;_$bs!@!q!po@TY+&q-ucHDaLTtwXyI*+PvG zQwv-6Z`zAYVGuj=sEEqIU56wjx}p7e{B2rSDuc^^4fUoA>Ase?8-l)aFVuzbUm?cT zeQ4iq{S~5ow#6%Rebg9DR;lynT{HvUt^Xmgtw{zjjpHegMSSBHJZ}M zt`zqkZDku^nuO)p86qZ$EP_G+j&@%#$+<`lPF7#sKKD~lM-st8j!KilHQsOcieIBC zO=d@~TyITLk7FI$0Ch={2beu0xp~Z zu0Bk^kc;mVPQ`MV3Wu~rL|NIA?&f0EsjCZ-jSeCR)DXSdP{w^IM;~-PLYkC&p#ZfM zury)Zu2tg&P`c$wasv7`5`i=0Lm|#5>xL0;MbM{@XhLHAgg&tadl&#|EB;@kem zrbrBYNjKS?eqb>^J74SpKza{1u8QFqyLAX>j#r7$D0IGkG^hIP?XIH?>y+>E)+}{K zZ*Hk723fX+p(4s~@|&fdy8d+e<@_Z)#6B1HWp}+ghlDzmWKRPGgpZr6eA3TLW6`6N zaP;;ON<^30#XP*ui|AKM3BSxy|J%}Dcz10suIK}JYqk3QB+j2lq?iL5kd=14Usmh4SfSUHd0icRD-APmZtdC? z+kSXv^S*pqs`N_}@z0Us!SiRzt#CoqGWx6EF8=i1eEH@vuG$B)Ohyh=5MdUy!0zOBw3Tw#laWXX8sPY!<-0#pXQ_ybzMBM({R9FUC=4` zdGYuyDeEC_+k3OnkK)rgx%?ON<;AXD*N8Q)?DFfQ-Sy3)^oym!O@&A5LzB=Z#oaE< zlk9PQ!WI9%INJNUK8FdorW#z(Rd#pRujAMHX$d8B5O@S2o|Gi!>*eD3@CZQeevW!i zh(hw{1vFjs&0coMU#v<(%!|~jGG(Xmq?D%|78?AUNAqP7?4aa8wfgx}CmV*IZq>`M z$6vjnW&fDmpprvQyX%LyZ(72b8sci_t7W)Zt#43;fp$O7k4n2Ae-Z8a69Jkx>2aU} z+PzMxbGdyA2UV}2s0L)^bno`l;_xL-xj0{5E{?wJ(PKN`zxYN+ya#%-yQn@qMlB1G z8+LztjM9na^TmPPCV1v{)%A5zAKt)HH8dzIJM;DK^7o?u7{6S-N2`a0d3Ev_6q;Y{ z(kxf&N6=zkX!~k$Aj3 zvDYM$KwNNd*J4qqT}VPWDTq%mw*d$Ah@# zhU(nn-lO=M{fq}n&8m-{zb*EllP#cWMM2!9GP+Vj%h^lW$i;vNn@StF2xN=wOy>%+Yi5dxP^~>m=DU|=%9RT*XDZv;szeh?w98a z*Csp7lU7pTYPDX+=a1hO?!n26kFO{VM6H9gdXuNOzqV=>Kp5>SL3=;4{lUhwNVys`Q?%;(EBEJnRr zf4lkpB^nldJUvDv`enY{#sVZTsGkr_g9y#PWiz>5q>zh3I};%sf)t*I9?ooDnHA(m{iWd0Z zo3C>+x>xgMb4l_zd%Y6TN7@uu+&yXaS{KXOu1}tnTF&304|f3Z>Z?VSUQl%YaW}i* zi??;DQoVv5+NDhP;XWwqALh%ai{mHxk=DSYQ5`F7s}=J8LOuk+YT`| zw96-@JE>Y6ERK)6X7W0QJ-bvOU**8-`Bxu57jJ2vWA@VS`jK6KOz9QxocNbvAH7PI zWz;&O^xu1RvAZ^%8^%gG`H{xmh<%?74Cvo ze&id1TvsJ1dK(Vj_EezbtMJm3&fANw*$S53Epc`a0O2e&n|~o;LtDr&3-#se$5K^v zR0QMZ>;2uQKZA1Zch|puTP@$Ox(b?un4jrs-a>KjH$SIJsO#P3#loy0!SZ-_eSQ9% z#Gij%t*_ogOpH=BRFCrnsMqak?H@GF)7id_3K zsmYew(T{s4Kn{>lNBQNO#bIiC&4dL-S!isvzJ{mxd3PyGYos+IcTOqbBK>vHJpV9X zUzc|JKZmEM`?t`0JU-3=6tTAV;p;DNm(OH4E*{@+t3^*w{%~1(w2~0@&)J+MD2*R3 z4xeQM{+@)9WqkRy<=LF9*6RyP^qH6s+KXoZ!G3+#lr9qb6uW-u`QeAd z4|aV^B=pm(lXxIwn}+=q_R_%~u1%-7FrTwW@DO+$352~a$xHR-{lc8&gY*l;aDS#k z*TMi-C*jzxpA@mKl>Gve8e&#mU+i8lTe-Z8t3?Ghj`dOg^@BxM50!28*LmCR6QJ>N z@y!k>Rr_ou#e1TxHyil*l}qvcW9f1 ziScNcjDE6fdAYm%yu^0P8{y0RLn&m4$8&UDte#{~7*MOaFpQ_baDYGK2-LCfL*WLB2PwX+IF|yrxS-fub8SSJX)BOI~b&ji63;i5H z_U_euc?K1>!>jOWwf?*~EVZoen$S$NV$QDO{_gU{`YXA>b^WpA#$G>tlF#c?7*FcL zMG)ub`SShZ_*tBz%(x-Fu$N)~eW_sad4+X@vp4x{eqO?wgHQ3riZ=c3YAF{7CE2vv zUB?S5F)0t8T`rJ^)pPjgAjIi~__kVJKo}+;fk#gxC+fq&q<`GzBmE>VqyGA z4tkETXucs*e_v9rn)C#GO`;|riwCdyGuXeenh-taI6h!(dEh=L^t4_{qaMtFp7KeK$ z#nn`|w+nrmEzyUbxq3yUgGJZH<>s(KGupMKupH}Vk1{$%_h6x{UmRTL%`f_vU=4CQ zX8$yMP`}OB7SH;{Lh;|wGUnl>JIg^iXj@m0!i)N4u~YN4{&snIiPFQ{JbR^Mz!SS% zQ{;}iO@02Ba!V+DuFv1xP{j=ha_eL2k-1k8|0>(+WB9v^qqC0-MJ2drh5xztV)w<$ zw>cXy*|VoddJwILusBjr$Ze$Q{rL8=p^$k|^Z<_R`YWZ+7e!<8rCqkG0)`F`hidC+DAY@)yol}qy_Z{92(qDDD9TdfZk2dk3ge7#WmNy+@5bi!d;hJ)2Q zT!2@+I6h#D1N98-I^zni4<%b18iz6yCIA0vj zOLvr$UoEj*F6QgY^EZUIJe=of_ar`ru<-F0@>@zb)a8?fa`Uze?)=5#AclSN6#Vti zaWAee5aao9y3fIOs7Tn0X7|Rw_|_3IFYS8qZSO^C@^QI1n!g4`@Org;yfCG2-mP8k zKg<#NVM)HexuVSfmx222Z-~_O&69lHrEAtg^GA#7ja(QYF|Qh`G%vjebp7$m?(*zo zt8xEgclq-toC)UZ3px zY2?jn{RHUr#qRps*M=hPRV2|xUmzlV@Y@v$MiVpX&7&}G9RuaJ(uVRAsh| zhYRx(I3+a_6sMPQNXxuk~)xS;ihi z;pd{DTB^wIy;&T-ghc#}U2ZQ9UljD_e6_r~T@kk{&>8(X%&$v-o0L6@QX%>zyb{fa z_vh$0^$`ZTP~X=psAKQ7ZEYUyQcVhU593~b!bh|p0~P4<7uXKFcD;U|E-ZG9Sm?u} zPDO3+a=!dXdHBbx^%HyZ`r%2ZFMmw+0}gJ*r?v|ABs^nZo_{WW_Z4NE9^2*FW1_Dw zI*#9bMd9XcK3dIc{Q-ybqp&w$zy3O>=;r#Z-F;u!`Nvn;&|T-L05|>c@zvtsb9e=z zj%*hXb4+z?pSRM(mHPIvu+zXDv}7|s@2AJvM(+)oiocbj@MDSo)A@`m-6u{KN6n(h zkyrC)*`6MiI$`kRPtWbTbes?SUv9#CC;+Yf`>$^-)M}0v$L9whit5+F^=f%tgx(Jq zX>su78j}~^yv4rwNOHgI1d%Nri^tdHSS&j9SCp>`7c$OyEIPy0hcn8dafaaIcRD`X zzQC{NYu+L$PvXIRy+HS=O>)U*Jy{O!iLXq8FZ!fB|Z%`4`ANKNq&!F1&b+uew zp<8y`2W5sZr`_iKGvKw`)$;w#d>x?@?Ctu+qI$gdsP+GjuO8*Sfo*p_UzqE72rqx3 z9>x4z7y8XJ*wD)hyWWL)_(F-s#Tk_>kaK&aOxga&yX*IhqtAsOf3S*+qvt;ZQ~AI@ z#b zPKu@-g!Eso&~5ne#;)hILzESPLG{*KaQ&+!E&Ni__iZ3u?-@yWIV-T869h^c!~i*i>8lz{@XuE{uqGht!Y+SX9G=VT z^H!JCJn8ffvj6XUHT|Ej7pqoV{(wD%WuWo~lMWsg9Oc)1M(thCk$O1%Le)!4z ze_m9FuDFqh^(AdAXp*1pu0Q=c&l}kHruj*meLOPZ1tKav-=#)SDB1|SQ~=$U=Pp<4 z*Spke1R{)Q`;T^)FDag)>ifgeeEuBNSNYT z_zj!l@aKF*>r#kLIb@3J&Q@!CwJ5oTkMs4jg|7EV1N&^Xezq_d54%>;CLDMKz2~vW z&>W;XZ@1ETFz@)6cKw_b+RlI9`+B-dC~QEUZBfor>lYO{F)#Li&hh`#4hgZ@mH8PK z=q9ix0NHuJyMFX_wdC~u7_Y(!^}nXHSN(H1xqed48S^ObA-Ony6QB(KJM}K56X0fF zU%(+G`G1tM9bQu%>Ehsd3HaYU-aCP6#{2pD@RA_s4omU>5@?Y|5!&)=3> z*kksYC`$z-tv-d{u6Oq-yneh(vhPHanXjm>`}F#4Jp6s}EuTtPTrQ5Ukb3z{rCKt) z6vg}TSF7a(5$T}4P{cmZDGS_H!BaIT7B73WIDWp@xEu==^vcYax-?SuLHvt8dlZslr^t{&wF{qC24vTM!_ ze~`YMg{u$ivwK_rx@fMxT%7&KKiRe7N;vb&pTG3~D}VUj)-QkllU-}co%4VElU)m6 zH@>>ZuDMcSXZHU3Q=09t>(J;OcFk*3=YP1>TidhGSF?8y{&DX{@QKYxfho4r1$Lz7igIi0mG_wt?@=_HSSRL^o>b4vnO%6Rg>K_aJ|`axC#Y zEmA7_RV#O9;k2RI;UdQTkLUH)&iF^#?}a4uCtL_Sv-JPV5i`5yT9_Sn?V~9_(q0j- z{a|$CoBUzc@EvyDgy~PHn(M~jn|=MCb5Em2Pd_DVnp0IV`l(dmM-l))nnmrvQ zo^Ys~W%p*M@BX;P?9;7!;qyP0$Pd9NzV+_G+0Grm;%j&39%mU+!Jb@-Nz$@;}=9e|P&qRy40wvom`iE8M;j zbo<8E8@}2uvMAEd?7#i`h0kae&|cyxFG!mbU0?Sr4%?nt(SL)pissEa@o%m#8d`lp z@SWM`@GEBD_`EPG&+#km1y$MLbhj@o-G1e>eNc5hp0OBdT(5M0MGXzhbsa_zQmv1l z(a%!+e^7eansrlGIUtlEZeZO?9IcYoVPzcY&;?+F;@0Nbeo?MBW= z54$}|xD5H~6w5axV_w%dVF#)!>L6J zSXI?{LH*-*O>0?kGEG>j5&!sVYkPJ!d-vd9f8IHDUhNdqb)Q`uQRjbT%7a<5|yFI=H{>>KfT^ zrN~Ok%D1EEv(N=vPYwL8zwv!^m*TM#Qr#aH#?zVW%trg)sA9$QDvdF(c<1W>Gai~T z90#=AnO&@38f+n#zfm`CG`P5V`Wwz<4cA2Hn`k)sU(Wo!SLxJ}S(nF?4Q;fFPMYM? z#MMeo@h#cT?6Ez8!^DFkFRIMWz`Y9j(@p-ccls%PxTcvDQmViA?35M#-*$gGq-`q^ zL|HA!(9<*aV(f^wnFcb3-5KdOvcD6^iqxByon=F4G-A)%L z){-CqQ<2%J_;_58{gmv^?DG9L+F~A8uJyllg@2qsH@=XX%K>mv5vZV4McB>M#5RpV z_^Emj!!m$1LH>TJ*<#p6(%GZ(*gl1=?b+q* z?|;7tWAiwQg6{14IFWDHRQ1;OY_;Jg{wuxvKSnqeuku|)n_bZM$2{GQVPbUOEm~P8 zGAE6ORUz*!*|-4~$g{2!utiO%3qc*SX{LMK>K?&xbdQzEGh`z{Fb z*x9N=6fRB88Vd9k3(U~FJTRI3=Aa&9+-KL0^#kR3(QZ622BDx{$Y$_=@*j5v_5bzH zPbXSbzU~pKnvT&bPG*^mOn0nm;GUHy!>W>>9vX(6HWAg%?DF*X4Ne$Gu#K$T-=KMyr~fb(>!}H$Em? zY{NPFEH)9)w8+`ys%u5J<5<;0{=&IPQ(5crr$v(oX=L2#KpunO)+)Ifo%yRKvs(s^ zu15=+n$S>eQ#ZqNDxdz8dx&~x=AT~PE1@l!;2`TCw<0=()d3C9UnN}A0Nd61I~PA- zlFRt*ktZxI(z2I0GA6YhLu`Vr{s$oWhW47EdrCFAc2TFTA9fqvGnWlPGE$N|Ns)eI ze%y7nPPfE_dV{Trvy59cv1>_+o!RPtu!rP@kbli3olIQ0`p4Y{oM$?wJRP$t&$3F{ z@T)LQfOuNtL7F~S<;FO=4$3)I@=ka$+&vxK?_fz8g(2KHvH`+OQX6IUI??QO zp`f69)lG+f41Q&@thuuED~%;gz%|&hE^YKnxUV9?3BbZ7vNTnGO29L}znvDM;GO^} z0a!x_#(=%Y9PjjiXg|OpL*@{(3f5=HxNeZiH522`Iqg%M;?C^Je04TMl9uw6Rorx; zU2H5%`m~SWXw6najSeQ9!S~rUrIaOsDb^4s(KM5*iR34kFi0MGdXSBrAi>{1qIQ7` zrjZCG%Ofg_jFbxBKi%FDsd;-Sot&yLoqy7L#{0(QdNh zZRG$r*nam$Ll26xk?)c%RK<2?bN2KfSaPrk70aJ?n;*)5(J~!JFW!niqRtL7yRHcQ zX^hB`&vN#c?VmqJ^Oe_dhZAUyv>-Y5wf1@4{E!QyAfxJ0$BNt!+vINsm$v@WYZ{nd z7|3jeYcH$Mvv9Ieb+ywSV2vZ^)p)bDJ^S>7R;*Q_#c&8S#({70aZsyzG;*7; z&9Ma07xH;flZ#l%w6#53fBS21qFsrPzDe?@Bc1X!3nK$+os0#=ML(+${vnT$4Z-^C$LydM1ZoKKGE9LhXkcx}cbppF zVYS=oLUFDrQ71&4e7FHyk*j8B_Q(Ht_1}=|1s74sG!62ELR@DCpH7|=a^!!|(a2*> zqvaT(TREbl<-jY>w|1O$z}PVF2~wQ*V^Ulj&Qu8MbfkZzC1=rwDY72Z09n_JOfw_s zv6%)Bk+yoyX$o^yN;In^P;YHBDtk zi>HrrZ63P@Y@ylj>ShCvIJo>$+q$pQ3^m< zCk950f3=M(pGNGP4Lf+kL~^YN9F>G;T>RDUb!WqP>HBvmAv>dPojfx6Wl;f%MCahGvDo=lz>;cV21uxerYfn%aQTzNSqiV<+0jOu|WVGz_CXMU9H8uJz9@7#$T`YzYlk-vs-4pe=r7hx#(#We= z4;f2;@smiN&OXNNfJGB+N$pJHlvtY{Ki1@v*M$CSZhjrBcx0l>OLlLof=otR6Fay2r!>a3e#vi)2}x?0+v%W#w$| z;%g7b*Kaz|{$HkdCJ|AjLX*l>I~|B5Ea;b(Pa+CkA=*o!H)Dwr&>;*P-Ex;5a#X|O zDIbCOuTgH|UnjWtJXSkBfyh|cQqTYQ+;jUKM5Fg9KZV>8qdYz3#Dl9hR^@OVu^Q@z zFalbs!Sg%p!2g#=(j)u%Z0;5#Ct`_U9>=b&CoxZsrn>c)5XvIv;WCV)sg^FtYeTr8 z!^vjIJ&as#{cpaJD2F_&hVlSH5p*i}cZF*~lyb>x!1DA|%_fwnCSU|?1=GAYf>p|o z$Xh>|A*Wn#J`yEldEhXj`hWL^s#HU{>Cm$?9Wr^6Pmh?250hSsa)SwgVl>To>scWR zldj{Ea;-e}?uPW^e@)8vk4+U%-~-i~Y(t_%Z0vG&BQjf=*?;Ea)mB#IYYr+o!HHoe ztOy{uX=?;nXC^wWHj~*f26@?aKhk|9i#PlRvDpll{kVDCyHd9NS4>^MCXF)#pIQLC z3;n>!L*e}n5E zc#ACdp)HS8H7z8-z&fZqyxzaj8fxK4%ZNr+q2APMa8lFXbHfk9SE7w_)O*Pl zM}ABE4H;D<>qO+h&b!qT&M5qFF`aa-3>KKF`}|zl9nnwcP=scui&qo@%%I!wWuq})Ig)J2H@t@S3A57@Tb_`=8!(F#1STSt6P%6L zg$PxYt?Eqvd%|W5Aj?<0_k?^63UD(?%Q_f$D+fE(QCdo<^c}zpJrLt%KP7^h041XA z=K9Xd>aJ^Wml`BF-s3|NSe2Tf7ae@bD3Ym=?sq0Xx~86F2nh%1j4&6>L12bfQxkQb zzpL>C>RO5>viiu)E#VSEnN}_2D zv-vM)L{%%qdb|;AbDW4V=-eEPbe~;&y)*g=3_@X|6ngM~*tLx%Ozdy64TFmz|@#6bL6qP)I zy+hJNHI5KBVcoR>y{C1XY7|)@-Q$=UFXDvKL7iHYKt)8z((6feYcK=J9$hqZ0;wUG z&XE~hd|&QGIGYHng&Xg)>$;`{me*rvrb`VgI35x8SiCUcxY?-46o|Q36~&_bx8mdI zyUnjRKxG|07p_Ul$11bo>dP0~tqHK%!_P~UCF0Gb`n{IAhl{vCjl5^9B%`KYfii%I zQeOqfS%vyix3SVw3341!I;zc_M|P=h24x0I($VZ*GC5dZtx?xO~)>b0nhJvhcI$BA{IHnOw1BswXzg>v#Vy} zlR9UlYma<-v5AK)FdaNX?jbpeBwC!V$r=^q+V){$*=W2c(04!6!|ar`m0I=4thUey zw38B30@SUOgPe*7e~eGc!9TK+T@wi?wFHaq_!pGM(q_oC z6-JgbvfC)#&rJ2=xR-*+k_d>1KNS6hG$?G|R4wKv7(=Nb4&TOC8-8YzFLo6TjMQ6= zSWe0@qp1yq9m3^G#o|@b+Aw$DOUs>=ga8?Uvv}Z*b3>y3_ZQf@rZPgWA;7PPn9*47 zppCh$Db=)q;0QlRmHhtty7_BV+?iF6b{7Ep0M<)~$xze6gKUoaq(DV{n~0?@d75lT zR&!Rji-}$gY(O?@GZE7L~#8RBCls*eYu-8a3k<@6^Y;# zcj_?U;WNx^R7Kovs$9e?MP=-v$N6-E=39Hj(A*5-Q0G-6+BlS6Oh^p_yi3x7A_)xE zlN4a*ElXfI1uP(+Trl4LJjuiEjDM@!w2U0fhNVGL!4g?Vu&SRi6teH!aluyFfq;dj z9Ji2=Bl6a?!U-LyddI~?5OQ5KeIOMzQO89ymF^{%UrRC2uB8-zWU`#M1RUIP$%4B9 z*bdKDNT7ig(>;a&2YWoql=P5_+Ab}(3J=Ws!Ez(dV)Gd7Gql8TisaVFN)L%qWpTG6 z8y@o-DR)vN0}Yp*JJU$juQgdUGPLIcUJN%(hYu@GKMc)fa@j1Kgswb-q3CKca1RYE zu_1)&AJ`CKJ8!|C2+vg88`Fw1j20 z?KF^Z_5?Nu+rN^kH#44q>*U?myTSf!xU(HjL@&lUqbebo%E4iGnllI-+Im7piG(9$ z``0Cd_7_iM1 zWu^$oiEKJo1GPqIpD1bitLAtj6zmNaSW-Ojc7f50sf-i}P_U{eA6eudnEy^xBMvxi zf`T@UY z<+~#fBiKQm7Z_07Ff*DbV_obvBE1+d&)NaP3RQnpbA*{fHxr(gi$lrsnqV`D`V=k8 zOqui(DNt>*YnSpil!;@ix?k__!_$%!!R+*hD1;^JY3U#5MWxZH9*7eXTrsctcRR4B z2{SvOe@2ksHRJ|OO2g^WwdSDCs1$gY`laPM3u5&Cb}1qlWdAZO3-MjkgJVvgixqI;@|JYsktL! zC^>hA_PHOMELmw5Lucmmi%A_BapI#)1F->{pt&gY=A5Cfpw0>bBnhFcSjl$6xMYG% zRUPxJZIf%vij{9Kp_iGDV#uzB|4xp3?Iu1IimRyrpas_&5SwViMkYKmwrNqDs~YxIaJf`jr-^d>JP zQFX_nqsj6*&}8+$->2<^?E;q;vnl1%CX6k78`totL2D=E)DV>?Np`pCs^Ko`u7vkK zfVpfqB_AD#JfynI3Db-5>QacahzHfha~=YJI!xtjNddJp0}UldktkMvgLrK}3I|up1t|2=Gv|zy1vejzjt;YA zU2pj`WGZ=LBl}g^Xu5PXy_kT}wH|bi;HXNK&`yf7-pCKH4GP*~p*NBAr3>xJXhO41 z8Q+FZMycUJZ2EPk{2)(TqaRrJal4yEBfS2wuX?!|5 z>632l7ha6pxR7&2vYp*X3KOr!03q;_`|R34$HUXEb*Q}|X{mn@!N{sSNhVt^Rc~h> z{U>&f{n-EhfF^{R+e(Ll%co1P3iX|?F8O>-ws@_ZmM9S|j7WE$kKCCwIQtXwF{%Lv zoavFl=gOycec{C)6X=8BB9nRt4o8sTljo~BG{D%PP62sC(;6^Mo6%-hg7c{0pBh;D z?zem6B^yW|4ia^O0-M@RfC=jq&Q`-|3L>S{ zx)FG>i50>nX##nz!DgZ4X7im0HSow${1ZL;z|_1mTsF~kaWY&MM$e++$$=>~<7o+7R z9S+wj^?ol(3bY$z6x|eCIP$!7kYQkki`HAUQnfP`qsV5S_9rd8fQjp`qu0qX16~Je zy*Sm~c&8`DU8))&pOOe9ig==?Hg|8ydLWy@E0Qvcw(Scw@hBK$y+^?qo2*$>^wqxV zk(L_3LEU_(v5NF3*J4m{Z)whiB(r=E>&?_e>*Lz@`P%%Xq zVC#VOA9XJDdCx{d>6A_%@ox;irE+m%^>^9L2s*bM&6O9)*)H>uUyR0)3e`+`KlGk{ zgNv9}teCtHx?>3hsz#wEtF!ki&y1_``B*20W@&k+*FRBr3QSpdA?@1j6&HD75tN=+ zs4@!m1l8sRlZpe_o)hX&6MtZ%-`XLb&{7YO-3`z_Z${QkyC%ihmL zW7rmB9UT$|tKj}sJ^q|%Ie5~qBx9yM#Y1H98`_bawq%W<`@3sk*EO;Dofwo6@lt57 z_=LBh6R2{%Ih9VJjxF955%oo8gi!Lz3?XkYr2FlqgT^zFKcg<#phqL(|G zEO!x=7#4$qcvgddlq!99@J*|tbp z%#09&zAT=h8e6NoHfCpcE3l*lHj;%KrNuZzlA_WrKN2s-`J`%4mRmHU2;O2-VA~R5 zGnsmD@Cb^2Ygcvi1s_9ivuj_a&c#p?CuM&D{kRosfGf^>!e^kf(uxW3R#;*lD>KMU zF``%3wY+O%c8O$HX!;F$N1_%phOs5nwU@eM>*g0@D`JZ)SoaiXZfS?QIKib&Q@5m* z&g@1T(8N!*GbWX7!*A{K_Owm$D!%`9OJ>wKKOiKb^#T{lY*gRlf{H9FS{#B^AU)LV z&a<+Hdnao@ph%HP_QDRQ%KA#wEmVOQn}9=6DLZiM7<>g6)du=X4_B39IvC>0xeg1< ztE*}-Wx=NH?3~hc^;gg@Ek?Nu&-I}6uY!Zu@g}=7%2HrLz2-Usny*Q_PP*m}`<36+ zvERPBMjryg`*=NaE>vBI4%(p?qpLMgw{W&!Ee&!^yqfGqMHz5Ej8P=|H3?}aM;T0- z%5%_?jx@q`E+@yTRl%AE$ z19fzpRRJ{0Ee!ZS%!2YBr`~?>1IJn8c+`|utD9z{Qo4t|;)LFNg1&WA+z=!eHclHA zg+Ozs>NCJjAuG@LW~yLNASR$*O_Evlu4VHYpA!Kie}Doszq4WwTkJhf&!~ z^d&Ei=EM{JX9vJ)a5T}UjI*MZQcqG%#!D;>*5{vXLjlheDW$r=?p$q3rwY^uaMh;w z2|eC?#{&->>=WM_DdKCTjrrwLyU!J6IV0*voF6Aux_UTW)KhD$6HPMnrROm)+R1wB zVPIDccn)X_$es33%@E%;H-f8ehQU=tg|zk)Nw!*osOtx5QUL;opO$jaQQ313CCC%3 zhz;trJ8nnRV!*yOpuR^cC25)o-z8FFQfE)BweOrer~!n{W)D1NUc~t& z*yUc2A4&^-H-w;(SV<&1ZGG`_0c~#Hx_zHuBHT%IGmIAblj2D9OlAaL-nqdXBg@RS zpH%!bMEeZc0dI{O=*bnEP_{f6U2NbL*_w8$kG^biLLBcn!*~s)m|BWKMIG8Ja;7FC zRwZ?AYu&?GLKc5Y%Bkl94HT~G))ArHE5(CqthCm(H7Apn=7OS6-pl}&-)x0`qi*z zY??dSlA4~suqZ@xklc{dwl|LAG4E0vUSto2#FhYYK#sqPNdwS#*KsRI6h$`u3NaEq zMmt%f1gI1FeZVs;WHaT*J@?u>G(n>8xF#MiRjxFnyKQ~Y=!(hnEUV;blCGxG$TV&4|VKYdI+dc8RU0vJ&z&Cfeof1u=2E6DB&HR*}80!!~r>}ZI zDFPH0W-4yWtQ@!rti%d*Rla0MfRT(#De+VEm+%&6j5Kw^^b5%>-G*{at-vgl+Ie?J zQ+OJK#9;e@==?C_;mSKu+;RP|bZ01~+~ltZRQ}5$R4*KIXuO*EPePVbm8u%#0Kh;O z+J*`KUzwrg9CeKnRKZcH5)uJ6xnpA$C2*bH`!>g2Apy!v+}N+)p3E5F!CJgR7=3r1Y(MixR_ zwuqlv<|uJJcgDj^G7HZ0UZ5yKW!d+&Jl}n@ zmr(d-cYm)1=1W>a09N8Kwmvm?Uut`c5C|-pi3&VTF)cjelFHPi8zdum1(3ZFQ@!+x zAS9vd91FBujv|sv@fH=Y11Jr$&%k;kw{wVC^R3O-+);fnKNY#qMUH{%uvzU+cofpp zY0wbsL{25%RWOhyk$o|zmIe~P&BibcoMeN#cnUzJ5E~`xEcp|h8YRgZb(vkhi8klX z)#-=Jv7gN0+VFmZO7b6FoIDzIkgcnFKsXfWBUfcBGi#$Gn$2JS^p`hhl-&@%ZhS@A zjREcstfQ`AxZCQw#>P}5$6gOw323v;#6b5^Z!vmpQa32EJ+^-Nvrl$}iYxcvU$bw|Z?Auy{bzgOBp~2IsBlVFP6a-^ zBE0wD!GrGIU;f;gou8cT*R%iZA4|8jJVoIVn0iy{2-DWi?D#Nz{4n}T8|o#h)KO3r zkdnlDeAwEV?Zszr7voE4^LLhQWlc8@K9baxukYA@7$cj~!AJXnfM54NK}u1s|0FrWlM9rp zw$jlvm)2?8YAVSJahkTmvofOLl`euT$(lP11dVYYHhRNI=v=eYfAT+iVMdG#74ofL z{=B-l`PT=s3)qBz^bedGEDUr`s)jPNMxw2C19RAatvm#F9ROH53XCH);?GV$!0fGe zJEL#4OR`IRL3s@UqC-3Qio30MTU-D7)R4JQRyZCXz>gD74u|QIdm#Y)E%Fkgv)1aP(#|Fr{mz+ymC>WVZKg`tyFxX8+MXeOlD`X#L|?v=~cx{7uB zk9Eo~s#t63xAL^pvJe_`N1s7u6y4n)gR5-42%!pCM{XxYgAvYeH}#D{77#I?0`grO zQR;qCLUgbD!L9%Gzs|mV`t-}6!C!?_x}p#Tcs}hV;RAm*pDvsKD2vg5^B)F=d$4Bm zE*%18o&X*JUW2ezH9AAv-<>YNvRf$2%3BBLKD%yg!YPl~(N9-k`>Z;#B45j*dQPU1 zu=gaVOR$~iUegJ2Kurk@!4nv5+U7-ArXc)66GA_lJWIoII+I+34qRI1Dq7fe+v~iY zFu{Z#uryJHfnp}$N9-3DVT8+@oP{J@|K>@yx$uu}A)%qYx6RKg0N(q6K5Ej&Y>2(@ZbrQ%;tF1UgPvWEAi z^Ma$XQ_Zst9D9OXrdmZh=z_0HpXX1)LG8;djg+ zjX~N?36O?~lr>=kPv4ANpUcxU|Z zn(*HL)xDQ};>%~J=Qraagc6>6#52)HF><5mz3uM3JjB;mFCV8#+|ekVFof69j65;C zcdvhs{QD0dUtdi8du~!0gK1{U{?ZK_1qt}ny-lB@YdiaNbvv1%*wh|tG;x>WXol!L z#6);E4|4tR*P~;E0N7gWx`Kj(rL(b7e5fv3ZSBmyKCbtd^p&#Qsf3aWshAs>e4|jO zs`%Ecg@pGo2;R+uJb8HhY&ls6bz?j{XQP7(qjf;)XT0AXYgG!_ZW=8bynEkH)~8d5rYw z?Awd+!w?)vhCuP55IPO0)pcV@f?;R&`8=Na>92Dy$dYr#lVamv&+lO_>COD>N8!5V$pk8`t&AU$G6vC-c0T# z#RhPPs02?VyNvhB{-JmCAWuJieE4KMNNQ53%EFL-9K7Sbc46dq^B`|heAG;KGLK9F zcwvsa(ZaxcWe|Ed4-yvZC;JmK<9#Y5EXK`viQ>I`{d;+gXHS0rwwhRj;-fZ2;NA|X ziX>+Gezr4vcJt)p5x$4>rGu{n{62V$f}uf#FQm49^_4h4gA`%eKqgrWfoV5T_?mvHB|*hkp@MxuF!9a=hjg#1G$9S zRgko4HIlcosd*DulU3<_sL3KHp=BDobMzjbBi_vy8BcC*C#FW(D0Hz`D%kPTruSNV zmER?!m)@M6P1be{9tXPjN{$X1dJ99~%{;`*w@2?M+k-P31Mm`FH-2<_;=OzQdwGnL z)ys$L(Yolu8Hx6PMBCDYzo&|AZO^`)&30x_k50Zko6G^XJRt2`HDbJ$@!q}uJ(_~Y z`%k}4#;AEy96Vzs430Fa5~Dl8r|xa~R33Nn>Gb>y-BY(PgaVB3!P)eLJPQ+25gDN9 zdS`a__1nWolWiW7@N}HH=!8WC5EZwh?i%>iy-lCWS9EjpW&UV*AX6n1lvQFi2)YfT zBqLcd=N}*c{&q6Yx-$7=|76z{cg~Lu550$lf_L-JzrNgW;$)(kj>V4JN>`(uiTCdH z@8vNb?uY3Z!Slp0H4U?2wCM33Fi^Zp80ee$VQhuKQ@W3CFWD(0lBx?05wNn0vG{QN z+voAzX>f~}5d(E&Q2VtNTRXGn>FtyCcm?pNOA{vK=Rg6gYF18BM6j*V@l=}Tz>MZ1 z4*Kz!()6?YEEyZnUFu*4@oAx=wYS>3T{R`_nzn=h=oa&%&vvr-0+rm7V%bR5w+)M< z&vv{q%9l!5Jx-|_S+TJhFTaYCGTT%=rM@ZZdfjb>DwdjU((|qc`L)K^TYvu28TbhZkG~Q%fv57S9=#9&;A%LqY5-4f$nCq$lB(| zPRY7*YxE1aTrG_mUoMA4nIk%g@M2J>?o6|_Jv*Jf+xn#&W_x?WNGZTi8}?>mBNOd;o-rao;`Y@3-G-l;v%b7*OOP_^U(#1i7iK z9}H8<9kyv7|CAr^HoLC$PwYC5;z(u~r^>&f<;nkVFyVxsApK8tQX;)qv1MtF_CXf| zHATZ1Wx%qOgB39nDVR>x=pI|vKuuLH?QQ~bREW|zwJcI1oi%+HTjXo$+a2nJEa=YY zX8K=Zq=#jyFx31-Qn~OO`prP@epR%gS=Bcwpwg;N*gAQK%yl~t9f$^z9v+CP#T)Ph zMCoSHdv=l%tiluPLNYH0jhLMBTa%mVEvkggLp2Nos%@*18{XQUt;!|Jqz#Ls6{?7> zkcb>e?asiQrd-F^5_US_RfR-6S-C`rD33aug?`y~Z0soeXlO7ZH8Y)}hy#I6%W(dzj0#+EjC zqbo=0G(1=?neKtqNFr>XF0s0*#@Hrxm)9*D&OrN#937*y8Z^!b2E4g$LAs{&im*NF z)kR1slJtMMynZ`slxCpC6#X|=&F~Bze3U915HS?i0~$E&r+4G6+uow0!zNG@2vwSv zmy(&@xCI0RjH4T*>;a9YRLt~~0l2q9)@u|SQmmUW!7v$O79=7Gs|rOA&Ezpf12Gp!yM#ve>|Eh& zy!$55+qEcmW5sh3d>hb?enr)VL`3Cb%D3qha&*`@P)^9M5pk`ytnK{`&h5kxBz2bx zMIGFR0mq*+xiv8lJU};t=o+?4==I-Hb0%w@1AnB39(~U%4{3wQrqj~LPLgO&f~%pF zKRWpfTMp8G_ABU2gis2t>`-k-PmV)x;XjuWaM#hrX&N^=-U6OCm*@ziir#+{FgZPv zQ6dlkE?&9;fY(+A_8Sm7pN&ROT|bn64&P190H=v{-?4(~+NBOF;mUU1||0`!J$k8+=S2LNjcwBH7gZ zp<6mbkd)0z@BJ8G%uahDu-jC|K#Ie(Cp}s_`^nMe;6T&GNc0ugro{^G+N~Cj7FM-u z-K{ppnymfO)~phPwyi0mXI(2;(wPCv@nLD&KEh-U+9s~!Pm4s-Q9^U*(U5a1oRdT1 zT<_pR!B17OC({Z^s|R`W(auwNddv^XcX)!o9fBOKmahI+k{?>rNfK4j`L=iNZcCNu z&ewy8lOdm7#px+UPGLl$k70c9{C(IMeRK3=Afp`;%KxgZ@s5b_FiPuokz?PU-Cm4) zH{D>kb55L7^ormj?`?{g?l$cjYd2x-me$eP^=bJYqkUoEs0BI%g>rV#t1$>O-WNI{ zKSY<5EE@>(FgZm`(Ln)y+9_Ihb=!=o6ub>LQLlqSd~s8H4ie?3DuBn}G$61g5PcO# zHjl29P5c`ZR=S)L03lQwnlNoAHo%fq$9~nq?F{-<3;W$RqEo4erJ}rC)pLtzc3L-RZ^U2Y$5aqa!N)#$np=T+m;NB>?(EwRgT7du*;1X16@k-uMAii>tdlo4$Jk6uQ(-Tas^5oQ8Gy;gANdKR47^ zPKY?&kq(}ukg9K1P}Pu{a(1+=+Nz8OjRHU=E2fB!F4FY9~_Jro>eKAy*ZQ4M2!)ebM(J(`h0}t21HkxL7T1C2kQ+yT_ zLRUVP$2B>9NT3s4Mrt6-hPO3uqd9C>hw!De4R!SbH8DDwLHO6336v)rB1gE!fzRiQ zH#glB9F0dv=EtC)N=cyJ=^=zxFrhSlgW1Tj6z!DJ9dvsAj2FfqswJq{)E8>p*b-$E zMIK8+r4caci4`yPHBioM#4uhDMB^-XxX>AURIy{Y+-YjFIPe2^pLYDm1_s@mW$>uP0g*qrjb_lE{8&*&ai1fBjGfca3WA= zKH+01KXK=tXozB)Kq=KEt06>of_g@5JAthO*3dy@B}fuA9lKSzpaIi~y3<%yS|0g9 z?BVN4AlcqsBrK`{V*&@K58rvfXg!T)uC2jp8(-h`@S*iU$19a$Q$(4HqC&xNdtU*X zyow}A(Nxgo^R)L@2EYj-$e7F^a~eG4DC=hOOa%kMH&0GCA41e<+~p?gTrdc8*YH5N zV}ma-rSFDw6kMY0hxXkhEQF|xox;DgAB3UX6`BoHc)8?LpP|I$igebD3quK9H~nlh zZCsuASR5!*I~Asuky8k%DUWQG?$a|-PaH~7lVuPB;eCUiW|TA}-ul+N$yU;YI8?)| zMWSN3U`r*NPBJk2;Q#La{O>b9`_CDhZH+Dx-GeGf4j9(;_a%XBz4h+iYzDnc>nbk@ zz}}FSh0)Pa;>=-4XP~RPYHKHWZAV$Cc6BLJL@_8+UU(RU~20M9E~8PF=#Q}@Dj^yz1yL}P@%oqCW4*YX4gtKTU+B)bN6IC zL3he_JvZ*RO~32POlP7uqYNc172ydYyZ&7UpeafQ?PPS(tDzVLt2{;Wcx{@5om`3{ zRH?g;6?RFB^w|siBj`|hlz!*J*3#tXboauqB|sJpPE@WdDL416IdE? z@Vc5#;n31D@Lu4Z=eg`M%MG7SV!tU$c|tyMJLE%=)s96~q<>5h(Xx#7{Dw$LCBYjx z*~pNaZ$gnq9SF#3K91bmYGffzD}+Sb9p1k*w4T_t2|uxGDWSs1JAwgsN#D7!6pa|w zAn@R>hAy&frjyd2qddT!A;k_u2Q?K^Y@oDoMNUEkEeg#Crk3+KJ+92pM?XF;xX;zheR9kpbK0?c4bwnk;K= zCuz-CTAWsVz*1Bmt=FX(ALkutARy^WcMgNaRf(Yb108MED)O(<(ykJ{Cr^U%l_M2- z;XDZoJDI16Z%q#n>q_AY=pbRxAeTp946D+fGf9RXe~t`&zkUcm3VtA7R3IST*xt@7 z6QyJi?szcPL7;@>R>;Dds_mAy_3qy3&PJ+Fm&oD>h|n^M+Xg*Cl-hcCZ+><0;q3j+ z=0#j1nrn~@Qt&Q+k2kT&JAW2O(I|&q>**-8)MKG&BT2OLS zwzDgGk8;Q~>82Y=Mb7$iBqCvMR zX2(}yDan?2-PfQ2Z)>dDdbhPT#t$V0I5;_t!AZ~+fNj0Ihom#Cme!<>O@t_5m_M;= zdN2RMvEd~zZM;G)>+qm+BerL!v+ZuN(V`KxZ6+D^e(5#{Y(*Nlq>Q*+g4fyKxw`q> zpagT%xex&JXsLR?L`cN`$)Rj=yv}Q&D-~qsELM`sc7;sAaFPi|mZiIKFYm`8M&wIJ zvOaO(pg&t$W~pWnFME-oMlnVa$R(=ja%}@4R$ccF%I2*qW2+ZINoO> zxWsiBV7@|&*w579D`*lG3Jz|<(6&3a_3l4OH?fuY5Ow+qvdE1guD?=BFn@>fi%2ku zg2#ff!Lr9p+>|?3VY_cTf(KRpT^sLHJEOwo;`(5!A*A05;hlr9A$40wm$EH5vW}3>4}z^gVpvg2$G` zuN*5}F%n)@VXy=zP-~)6DuKuzkxEl3Ox1r<*?eAq4fT@oKe6l5T~vx@vib&jO!Svi z5INy?#1munUCXa0d;)xRsjyu1pfxi$qMy_5CmS-GE*5z{F*wLfnjDS1LH=16Qw^|? zrOsmBMa|X34b%`07G^;6Gv1Z;v1vMDX{1!L&DrN~q#gC1yBb6YHGQGx3R zFU`#qc_Eg$f%1FQl8$M~>TNWIfh2d1a@cI^KWB{1XhK+yk01P7XDt!#XTb)S1le=t z#U1OcyFBpnxrL7u*nkbkQ?&im4&Z(A^Q&PW*9N9ZQ8(C|JI#x5aF7$lErKEY<5g-C zw$t^~ZwG~5@T@Sxn|jdmnJLz}r6pPN%gM1;8i&y%t(0!LRn!EIO^JM9ul@yB<;-N_figDNO_x zPiLG8;!coA@`5u^gAX9Ws%_G}=^+^im11OGH6!V4F~Qml1X^+s+5u@~AJs6c3E_5G zO)_i}5jmB6w2o3NtUPDSIra}U*Ae--#vCa-0)UvzhL+#;Slf*Q&a5LKQX_|=gum;| zX-|uMco$hYun%&OKJ=mom|m6Ieo})@xX4D-W|JW;#ce266+2kP3ANznH zoh5Rd5^rgn*fLEq?+s8_QPtEU$+EPywb`k)#aoA5yg?mo(4kasNvj)0_#*z?oJeZ9 zkQTF?;uMQ2atX0n<4tc!eZ6VX7Rp|d{Uj^s`p9}x{0*+W z;2zl?GIv4=-@zhx;E&vvE)7J{!Fmz-aGx%hu0#iZ18p^v4MKa`SBh=iL={>HkT>F} zBB(AME&3>dH2+D&vXj;{yb#Hn?_<#(DI>9X2S88ZFq3J56be=#FEgm)6DXGVQB0?% zw|Yd6*0Ji@dt7s@rzpOATqH3^@OWMyU1T6Df-0<@938x-gC<2as5mQ9>efwbC{!w{ z#egnt(ZxieW91_6)UFD%D-t++@FqzGnw#z8V~rT8^1uZP@Eb))-vW!mKd^qtq{o zh|@9!Ie1uAX}2{g@o7U1PuPd1k`b3sg~7j@od1Whe{ZrQJFY|VuR=xqLX92(;r)Ja z0&>VQt)FFEq9xhB)VPDOpCrT~W(;5`jCkj}->6)AUtu~-n~IWTA`dkmAJLFqoDot zW{_afuj^(>?opjL*MoqGv80l?G-7W;NL?8vX%Ymuw+kttuEVT{YoA%jdF-93F$f|G?e0pI&D!jEpu5|P zR)EpSdS`e)VyCaf?$XbTxDDKQ8(>>HGyeRfjMNcC-3#{ z(U{PFMv49ucLzgMnsVXaDFGZT14|F^5oFhdNL=mVJmM6bfC zmj9`0;B+2^Q;sDxSXvwo!uP$IctK1N*zQcTCjJ%K-EpggvN17r9jSb5u(NTexO^p= zc#6|H_|@HS?H;|@BQ*Kl)1v}Tqr4(`W;WZ6qpyv>t?+G+!{%uW_3t{lLdbiBdWqCX zakdmJ>&BKrLAkKaU78&53EwaPr2DlSL?r?8-LdKxO#n58LYv<)3_rhLkV1=W7LeiH zR+$W@U|Z9%nPwl=_cS#CI0hDyTumTVmw&6eR~!mxu!U1)C1cv=Z6w#jGW_4vro*ee z1IML z;x`P$3@D7~G4jXZ3g*?l>7?l8s>WtB1^7o#dxSI7xbZ%r^ejULEmCohrhdL#36?`Y z1ENxz$iPaF>*?)uy2>R46e%pCHFO|JLQ`n?a`mY`;^fN6I?ZgqV#;3PlKvrLZ;5xA zeA|LhOKK@qw0k=fOg~s2`bdt)Rud?~`f!ba5Ppq_p$!HmF_10*fEC{_UImJ(C4*>El3%uknZ1ci460Rgg(X*OC^BRX zOs}T2pfFj?pP&K5OIsF1mEi~wrle0!?cPd;5liS|^EOxLVa)2@=u3%$Q=-VAnz(2s zmOW)x%Id&iw@kiXZ5!qc2G5BFz(y7bokt2jMKG&^$6Q#Mg>m;twz$IG6vS2V3+P3Fxd@<0|C4r7v z*#%ik!EOv&-B0RK+FuT_0y93VxHx|IUXx1bo4}H*yFaDMq2D{S5{;cLn>(X2L|ApM z?uXWe^$hBrrr0jSz*4#k!a!iT6Y8e2`GPM zWwvvgWcqHjpynRw3BkxH2C#WZ)R*oAHF!mJ!-h2J?>Jwt`WzA9lVpEG)B|c5eaz?1 zL|)SsDW?M+35_4p`Eu>Tq)A#>$q)f@?sjis-ewUBh(^dYiH2sH@AI5?R*|4 z>a?n?y}R-}sef{Bw}dFz5u@D0CADHR-H7J6wILjt=iRd-QC#X-V+IsXQo6f=@+5Rf zG@yVc)uyXme7ugO4w&I2V{34>9=SGem`@+u;|f6GgMvD~Rcw8$(%Gc%hAKeWBonQj z@_RISqbQJAsZ_Lu|J%-$7Ij5?G59TjX>GRRD`wH1!Eyj_J8G%bxQ(4nHu+DVZVCar zXav-7>5x)_Q#Ru^0PwQpCdpHbW_=X4>7Ds_6?F0tLn5<6STI{T;=%J!H8iF*n^t3~ zf&r22-QFn_P2xK6Vi}3lo+%d0@k$>>A9!_o1XEj~sn&-Fi?YZuON2{Y)Z6W8m+s9G zi`__4Q-aN5#lP;XJ4lOw@Ta~T?0D#+3Vo(HAx(Ho%rGF+bRZjatDLGtTfWLfcND6d z+i?DJRVgkmOmApccFRZ;E<$#Zu~$w~S;#e~i9tSy35w?WpWVjaptnfHcpp^(nC0WP zZ*$eIXM5S>184}nnayMuRRPuVMb^MsNL5g8&XE;NQ9EP$-Q{NJaPmxZJaW*%z_j&p zD~@)R>bJ0>fcR_WrG=wnnhT~ZgRCd?Ag4YYO=aM?TB_IpCk-55$apuvlmy^qIzr$~ zcSJr*i|NXalR#PXu?}H{xCErOh zh3$kA2LN6fPl#ZW!zs;IBX$rU|MGl}?;D6yXo8EqEhxlyzd`s`)S%=8nNmY)a+w-5 zofn%5mL@Fdw<|%oWEasvwgo4UFnW`xa8U!qSCTrUOZ-ZFA@X?yN+{6tDYd1fsM^3C zVY21;?x_QvC#3xt#Mcuief{)3@OT2b20D*NMDCiDHxI!t#X&aiqQ&Bp6hqXIuF`S>Ljdmi?tJ6wRWB~G))8H)Z}hs9GHUQbqBqMh6=u z(>;$x`270mhs%C{9EES8PAk4x7*ht@82S0rFDx_paG0(`iBqpi^|?kxu_-am#<>Lb z<&ti+R#?WZhPdrD*c_xL1>zsBwSP+tiz77o%~cgVLZb4j3{veK$MV zItmF!^@a6)1mXJa1klZM$cEvVL2QPwc8Xl=%|fG7-zB-Grc{&%=OgbQ4}7B}Yiaa7 z(RF&@M3H$?kHTjKbzlLlwr0&PV4ALE!v^Q@3c|n4ZG#zN&Ck~W0tlais*xj_MLBX- z_~zcex=M8{l{Q8RtZ7oaROggpyft%{PMb{Ax)nBYCJ9znj6?q*Tz;!Avd3;x0kk zu4OJ}=bQT|DIy0O|=px6bO8j>2m8L?8hyQaH_|i{571~WFY|}RVTIp$p>^_*e!(J{3L-q zZ)$dh#Si+WaGQu`Ub%Ta`b|vP->9BPEZ>4o3=*arXO~jy@@YdyrXe^r3AHJ;C$IiQ zIRMhzQu{46uXM00V(8s&UUbf9M{z@qJK@CGs~j}?cLG7#K%RZuH5)g{ybJ>MalFhr zV5U@B#db;KGYbB`)rFi?$8w1NF}E&vpz0FBu8><8g{a$Sg%EWESNsE!<6}=+m<7o(h-}94NLUx@r!j3adIhd4NlM{kh$J{ zvxeqzBHXB`t(QYOb%pIAHlu{t)d6)x$yb&;3}I@Bs%VEq1r4B|xvTo(1ZqZ92tb?} zAHUd+{li%>)mYC_hUstdbjuAu)N0Vb67zz-l1X=ZF9{Z;bUUwSLM zqXBU!RkhdHimQn^qPcWa{^;ip5jvj$jG47*I0`+itB=vB27`YoHh(jz!54@&+@2XD zc(FN67=?>#-rsE_&=_yYjpj5+;i^ur2-P+qLI}N4VRF2x%+OX))CP+J@V&_FdN8NB za^pAVpV8v^f>H$#$AC82V^yG+nruQx!>A8c#52|O_?Jtt!;ERA0kjssNhxVr;uh{G zRirQv)P5w4=~~qr3s;g3e;`G|->&28f>g2kgd`=;a%>7CB=@RNv|~$uP3#Q{ZAg*s z_&?%L(7##bUyCo%`%%1?p}A+aJTJArn^DY&ZtyT{|7)vw@L0-aR)F8d>P3e|QTjJ^ z6(|UZvPKO(nK z0#mc%>Jnoi7O6cu^pq|2#8f(N(onFjz9J?(_-mlUcr`FR*`1wXyzDiefVhcQBh;$& zxX|#{n6E(eUjeuj6%r$Hhu^mTQljjMIn&?|Hr^jYWpnM?O zLbf-YYKxaC!G`U^ZZz1GF40V+7$L%Mz=*A|C{1oRbAF3EDGQe#z-9?`3s|Yy^hVYP z_+3JkjpRSZR+9X+y`@<0^M}#Up3mg&F4IyORLsMO3KnD#t}64RyQb&OY+e&wqm*

OT z`DbQLU1T;cxy>Nsy%x0$Zz=)lDN^TID#$_KZP{$-nhnEWfm)NUA`}T14u}$4+$^D# zuh$*{19~b{lx1&jOAWL4*PUN6YZoSq)@|i`XT{ydx`cqrp~0|I+om$2JyflehRXYe zh<*^*%zFCWJfMD)`6ca83IsNqhQ}IW?XO2YUa}%wWuwMIg+N!XwguqmIaF|THk;Cv zO73!)dVW?Ek2|K7^lEhaT%;IZ_Baq|GRJg_rLq! zpI-jmZ{9q;Mf{glb@CAn5gq{%GVCg~MNc+&yQLLQ!w6kV$S>!#dq{5m|Bi&--P$sh zkzz>7zrG0PqD>EZE_f%>b-&v~EHb$viaz8hvXq;%o=R6Cd=+ra#jp_krqhz<{=p*5z5ynIWk9bG%ZC68rrUDZh=&ZqAQytgqjX`;%X5f1*BU$ zyV`-8lWe~0HkO+ozHy|Wp@zlXRvy?|e6Y^YzmZYhNkhT?d@hWFNuVz%tQY})$2HUH zK=lRxTB{Xcr0A}XXIS-&wf@0%&}A^pUf#^uWlNn=AJ>g@*G(-*7J?RTW0!?yz^yV- zHkQa9V`y2Fdvb>&jYOM}<-jdiyO8F^g2q$&2(xBLAX(k6RSK{0as*=$XhS%r^Qv84 zchSrgAmUrn?Ci2Xj#wHdK1)>VQAWUaTzTe9&azD{LmNZIlQNP)w zf4BUT6gpoZbJ4>+eh+Smyt9yPkpk<9M6cE)rAU=LFlyL8nmQD_8hN|v*_3*Zq zt%k=Br6e)C6-YbEhpmxS`XnFfc||lHX^8LzREVTa_nJ}0vQe5!yF(2bl1(y-Yg%jQ zeDlcbi03uwRr#K5t_<7?f^P0sH!F{*uk3W>UR3_l>&n6R(Y_TWNi)VU``~(fsQ))d zTcU3gQgO0J?w3vv8{wpY1|T}~q&}W=T+JzQ)gJ@hroq^sOa*57#q}Gylp&C!Nwbyo z>6lCQdeXLnbq7%iZ~acBE%m%W<$g#{5hL{0eXRn~2M*n-ii3{}eh;!c@S>|Y>Au85XPixZa z^nmp?ql||56%9Ow+O}i6s$LY#cxD`%vp7I! zeyHsxkP|Gm3}TJjI<-nP_a0e-a$L+F{fmS;{*AmWmVXQAx85YwY>SUGJL4AzSrKP{ zd{a{5zNx8aP!4Kw8QhUlz^&gDYE%r1+43Fa%zg-qU*FRc$ty7^JdC`)Eg zaf|v8G#!F1pG%Fi14;o)h1#RCqrd%{Uqjou>5ZXCno2aA?Y%8q!c7u7&aImTu~>KY z0d=5?mJTLnluL6`w&WjD8#_%6Rs!YjE zZp{!rxOgz(6t;=Y$_XOQWd0z|J z0%(RYtmzdw(Diwl)(=>LEGHM;*M=MPj@*opx}{(@DRyUWD3*w&3D}tN63ckXZmxEg z8agCZ=54PM5~8(3_TzSB26t0IuUcw|%3DG{M)JA6Ef{txN`ZTEYvVGl-B#uckAUz8x{?)FZCMi!n|;W}z^S zXCO>cU`1`c-;vYRoC8Zmr{mUaDxeNy(lsMb@ZI4VBF#idi=b#_+}LE&@@khPVxt(&~rMB8vF+)XZthrm9xPcwoM zrSv@_{en#p)*&IOuI%1t^$csx)K@Sy8J!pky>B7kbUp--<{JcKjTKwfw5WEYw@9d< zQRp|{2%yeiH(-}MA}zS?9m79nfsg%s;RZ$sEKp?kTOF{ca)ps(1}RbDDAQ?|1`&yS zY;20ko?6QAFBh^-#~}sQqD(d{xWB;mlYt~{wf5~1r$q=hhbdc6m=!3jv`J1z(sD+! zv_TAVEZQ-N6T0k32=Lg7iCr8BE$SkW7Q-A6=S2rv*wy;t(-J@&Nvr`_cTtyqpuV!u z%rVlxetQ1;r=LptTz*T*c@(~<=RdyhukIJ=3I*NX1JAUpCZFid-LI^6iB(JX6fA3> zW})#R9s{47?jfjTHa?(Al`P~inm;Swefad%i%WaOaj>P@7kFs23NY z&&Ka6&Xu8d(?ac;b^>5EPQl&UdKT*$*4XrLtyr(0|JZ-{P(Hu^?!(WhNkOL|X_AQ~ zEYD*b9MRWo6Rujcfr{Q}U{v!t_vb(ITP8Ap^j)oMkdMW>(2>3YlbzpyYrOp#p(uU( zmm|)2{`#l=4r{5|E4&<&6RkrTY>D(0y4u2Yj?{&u-)ilX^Y`x%*PudpT34b?T%E7N zzxf$WlDw`{J?Y}LdD zvSd2;zwO)cyT6#fJHGw==6RTBsklT6RYDHNF1G#_zxU4W+u3MR!_-r3Vf=g3*+mJ-d-(_o~6c%5ej;Z(Hs z)1ed;{ASL=-#idg=qK^igQb>W+sCXgk5(y84>>}deTT?p$>%qc3M^-7A{}w)G`<>I z^L!KIH5I7MvA>T+7n|zx^x=tKfoQ2HE~f^M zBLnH*NV##fyQ|4ut1^Jgm^CYj%Z+}d`(_WYSomkVsIC_Aj160B|Y{A3bDCG_8d>nqK%td}&>{A_Jydbmo8nNxOqcD24A z!38UQCFwWukx<0>!xaU`g26Sttq*r~-BO6obObGA!M!{5+tYNIA&V@iqky9ZCuCB6@+ipBsK;~SKFm+;$6k#^ue^b=uO~{5KGYRr* zFmg?nL$+{#x`Ej!&&v}z7^nD&;lufK5G!&Gg_NcjMN$tZm-%=^j|h}fcAvK+krBOl zzt%G?56}Sdt=c{t){_asBiSI*0{%8>Y{buRp1#j5|I_7+b=DwyleX!O*iNdH#p$%A zPrbVLsjq+f>FYh-;gv)(+PSI*4!5YGB8(^ve=dVnm4X=Mx)APuyn|~{W5Bu)=`X!G ze*;~O!X4@By6W+wpTGX;+eV>|GRm9&?$^KmPrv;2FaGwg{{C0L{KxIL?Ya;JVrKp6x-bGu zuh#F5)U`c-{nNTQg0^qAxjImW4tY9DFr=mi4LkZk@%-QHlSUcFPCHP~1de;u)8Y2% zw@)ts>>RuuA+-LQc6F+DiswK7^V2=8tqfLMsM2xEc~@?j#a(V{E$B`mQe*cUueYj6 zA_>F4>rX6-Gsj^rtw5QML$jnYns9;w=5PMt@BViGw(-Jhk?defbpf!FB1wQt~GpJVYa;EK^s{6gxoaoeZh*WHIm(&~F0;tg_h{WklV*Jz7%d6)< z&P2>OS7m?q$Dh8QKM)93b@c_}yi|P2D1wq4xv_GJX}#M&oLI)zqmu|qRQ_~uXj_`h zoAh0xhJg%1OoQ))W;{U(WujT`sWL;HBJ(kWccZ&LeR@XT1fzT4h$xVgcISS_jd%!= z{FJi6;6**EX&+Mceyiuno3xnJ_yqc>n0)XG!JlESa^(zMW1_I%^+z=?!)8LK&Y*IbH^Se8mWD zT7Wzz$g`SKzo0svQ;8HRd)AP=2#KK0sul7?KZ>g3J+U}Eni3_eaJX#tTx)y(=wZ*8-!H7(fp-`Y>dysXAb{{YxYsd?@8=BychBqpU+~wZ3J4c_$$=XduE_JcV^jsj7 zAf5<{qlTW@ab%#k_Z;Qp8z`c0Eg@D_t}@ivrA4VkCEXJhLu{9=lv7fH!*^ceh;s9~ z5S?*u{VBrYAkSaGzoVwf=dXXdza}MG6)G{bBKE{k?2O#b8xWE`sfF8`r&K&aGUL@P z00)d!!N!@$0RwAiu1V+7wIwzewqikJ73XO*SUsSmCPi`(#q$jyIas(Vx~|8 z+*k_cm{d-19DIFTM%DZgmd|>7lJIRRr<dHB1f^)`fM#V%2@fXHa-X z6yj1YA8xQ1Ynz!}MTOa^{P0Bg*wIn>SGuF}q|c}Ncvs`Pi6tsY)`z><|zJ zivWm)RApaf^V0^~4L6~eu7(!WhVG0ZL_|b=yO5oS#VXq>mhfPU81$k-a91H$19jV+)nvs!C)_oBq9ICU`a0&;FcKw=!XvB_<5yQAE9D?9`nE8<9wC z)Kuz&IBSOH5|`9y^Hu z;vMaWsoE3z%{M%;YZcV4Z}!%W@D*g;wBh zRJ=cHPVQ9q=fJG27{S7AYQyxKljldC`@N0^XAxvHh!2<_ZAJrwK=+wc4gp$%S9H4^ zFfdq>s;kW{1AZ2|#OtHeKNBokBNe~0QM=mJ%y6co1=ca%0pSe3h(|j{zbZUHfcH@JN zjAk~)LewqgM;Qp~c-GSRM1>a0IE~J4CrK97POEh~ccg+$L7EpvBrPG2iWXx^(`Xi* z&+{Ij`ij0#YShh5@O1Lem!A08;#EJ2&KnI*&+)O8Jfcn-`oYoDqHXo`x@e;L5`f3E_|ND zRAo%TEb@L29aE)VsP3uC( z39wz4GA`rXo6~pVs^qL1ka4X68FO|e$(W@If`>rHNNN?;`|eFP9@b;hswIB^Y@pk|Z%@H22X)3<>e(%NU^BFPWAnY<*E+j^^34 zC57jgcmKa_j7*EBhk?=45BtLo1S%sV^au?z6kdgTxDOl=4~?c@1Wns$K92!fU$&;d zM1zdv$_M`Aq{nfIC`SMF~B*;T%*#DEbBjQ!=sXo z)sB6Vez+`HD$U`^Jc>IiO&hxhqZ4@V)_NmuP`I5txBA_D7qn}pFpvbROGc;m1MQalgu5mVH;1`H(p!|L*3WbTg0O(At^YfI({KRdhA)rI!Bv8qFjV5Y+0Lf@ zU9Kt^wKS^)vjsEcD~6QJ>C0x)$7Fn`LEEO%P=*gHn{kZ|YNSorg%zy(6}Bm*#w)z{ zJceFjA|xWC2|;-`J?Y>5k9`}+)+Rl+0s7&ab2NtT1Vj9#++j*E2t1!w zg*(y@hWg%|zU!JqNtjnjmdTd5fjp#huPB2EU`e4_D02b6_PG3yBj*(3-lYkVN9~0%51mM$P{CbboVeRSF&-%#c?n)zi(Aii0HSG^mXejhI=_l z3}l_4ZYqn?;*d=8_|yNn&mU`JY-9e=5Bq}-WXA^wtghmi zA~ejENAqV2f1&%zF%gyG^JG~;Y<=6>9-up4(JT^ZI&`b1Y0ABliI6DF5znt6Dx~_~ zj}N}21LYB@j{zO4ZH4Fmd|F0=hXwt6}=|RTUP<}fi#Dx`j z#c9q6M{d8+Sh*zASn^NHzT=|nODbYs*~BKInZ{|Y)*>5Ub1p9sml|f;*uWyJ$htJo zFYo@tzRZl2t&U|zKYVkF8WUB)qu6-6ffSRi^w&XJ`#UQN!jjh_>&Rxz2CT99WeZ;d z)iFR=7aA8O*@(l%U#J zWccBmGuBPyc;a?J`!CBa9=f~4#5HRaYjB%%r~E03=7rDeDDE z(WDTU3#wy8(YAfq;>^LBU$S<&j`0+7s~1;{ZaW6&ueZUe!el?9S^RLin4^fH_Ba*_ z#r(vZm*U|91I1k`6&L9*fen~0hzO4;#hlt?YOQHfwL&#wEq#q>*osMlxoK1oq27-O zaSdY9$91J+3H0@+6cB2_E9*=7cj8N{2ng3`Tv5n2DsUxX!)g8e^6tN%Hda@Iyawky z^QbYWHxFK~P!Wt*Eq&@}BT7_dq3IC;q^!$3;NMhFWPJLTcuoW5_|`)FP)=$zIoZZ`E&AhNXWHwD5acO>Og zIq&w(jp_hAdjf1%E0AKV_4T$El?z7&wRpks#OBV$hUb@e|7Twnv8R|vxIsT$iWPLk z6fyh3kI7558Ee{u&5$%1xuUgsEqG#nYB?s|{I(l7x>XRC(PIruLFF$g;mD9Gm0_T` z{t4km{h^INt`1HIs4Xo7>+5!d1OH~a7e)r}m(LqFU-+ywEyxfMS{>8$5RJKik% zYZ#N)$lmf$m=%%-Xnx-c0xG1j%~tq^Lz!;p36~p7Ji<+lSkm52w{#wyn4Zfjsf02lIIHNKkl1%Bz9LfS6i%Y}R+J z(?>ERkB*T>(i744X=iwv0s-1?5w%IfoN_VvO%qUx?D zQ8~gB_6~^S-_8%LC54(cs#VO4L^{!?{2TCM_i8CXHG;Z^0L}WUD+QT1D+>yjmP}YW zR}^PX#f~F2aYsEm!`B+S{hp}`1{p3TDwnrFWbO6&<=y|&-h4C5BdZLs@a_fdE(~)4 zbqnuVxW-E0SFXBpvXyzP5PQXwE67*})!JXzR^RC-l*iAm6)qzq*$ z%B_wY0Qc0amKUzsNdT;}O$UGUEz}jLisBbN!BQ8DtMLv?-=-vW85l18KyR$|SSvVb zIQE9xMO|tcRfXr5cYFJlvdwvPFvTF;DKy3J-o1M_fBW@MZ!TXdBU)aC6+;AoKncVsl0H}*a_VU0jupq1nEBG0k{$Xy+0y-@+v@nZcz>C2sb3Q3g_9JJ)>iE!1u2 zJI2Dc5QE@mI>X)hNdyGlrkh+I3^%SpB%O7kx1_^;zAjx2+5us^D(%+wcC_crckp%b z!}@T7nAI>?5MmLvoy43epo4F*Bu@76dLGPkD>p|==MqGe0dR4{#C$QzhPW&BBnVnz z*VX3cJ210Zq3zhO$VVH6yy>BTd80j}$(+j9ZWCK0+wj*5B6gwPB(V=Xi$o$2Uxg0`3MvsG`s}tfPGRc9^B=AOc`Xb1NKSHMf(UM$X!B zENx2Bvk<4P4!`>|8aw><{`Pw0C4Li!6kxG79QMuF>nay8n=H^FYrBc2N_JzKm=K$f z@8);X78q166LF#+&d(41IH_3r7QCYn_H&Sz0L`UMin&lnIXX@1k#qdnF@wJ%1}%Av zT527%Ux_bSv-AGEfpyJVmH;G(sa8U*X9$Xpk*JhKIM~?BP2q21hZup=ekx6sC;XfJ zLMYlz_4#Ehr-tm+h??=kd8{NWJ!6hpm^>-lPS*JRl55aQMu*k2Vh4}D@?h0Y8s*|O z^-8=x9t87re)oC|eHDM5w_Mi0d}l;Uh$pv{A}9!cjULt|K*8(Aa7UMf4Fk zExS6~vX7H7qWD4Vzz^rGA%P_dVBHva931D`X5_%b)XOGcDLtk-!eHeHEc!FF5IJ}R zM^#@Rp-ANJu@SSV=eaKxJAs0wXE)_LC1M=oWZ;zCU(=Rs zr`KAw;IOW{SOG`%3mHYQiE2W!mwV8JNEZ*bMQm@DEm;^@_3gZx(rygI6mU#H($p%S zW>z%P4A=udoX6f%`j`SlKqzHZDy5UJ-3-D|G3RfJMy~>kaeB=LV+g3zjWSC=Dt+yRy#F${cjjS!PY#HqsF7qxCqpJ)EYbqDs$=jnAG=M5A-A zlb%LD?3Y>=dzl591=pWHz(#0Qxz(SJ1wJUv!@%1!Uo%9<1N)xO zTTL>LU5dD{1bQ1R*!J*HoR*6ae6VOnrk2HY8Yr#Z)NsHL_tvs9*f-H)EvZ`Dg1p3q z8Y|vF!jrK4)Hj9#ZSUUsuf!K~1X*O&n#t4>2jRMbHKRgAuL>0xQ{H0j>e4CHQ?mO_ zx;ufB;1t`=nnzr!|xqf4y(8Z99r+GXE6v>%NJ2j5uhQ+a^B z&^3rLP}h~-iZ37+u8Z&oskkZqx-9)E^9|QXT_;u`niyJ&9cvK#%L>q{4>2v`&J#hA zk~AOM!|+D(`P0zFBf{p>(NsI_tTOm8Sitz)F z++0sw4Fouve7dEpar$r{TdY9JvEKk+wiI+yqCmdInK{}&c?@MlV`$rm?N5wW0me7_ z@3YyJ1FGGJD+?*w;8Ea*%iTsg1F%y{xib1tPKvQfJ$OBu) z3YnR8BR7|>032~*$VRKDHF*iKDvT}z3_EMsT*su%?O_b9RFFF;g~gdjYe)%oN;s-c z&JCW<@&Big%=^_4P;n~2iC5ZmzS#mX3rNIBYx*XKpTam+AP?<*OruJjN{pUfsTY?3+HhrGgmY zPZ2<}u>A@uv9q~{W1Lk$vlr~~r_XK=^+`#>N6-)@2ha_CvsQ>Sz&HBg0#uSXY8Kq? z!$e!TchO&=ES7_98H#Dt1fj~rl&pkdH=(bcBWc&s55L{Q%(rM&5A4Bg0^BBDQZq)C zB}I<8`mx87l3u^RcTuyvUnPbd!P=r&@&v#o-_zvk;)iqiT#8>!tjgnN5-6O;_w&7W zR)myThE;CO8){@_$sJL1$muJ%lj)w9=KZ>bg#kLjVxQo9QfzMay>o8ZvaXFMF@KxX z5A0Cyxw8lhR(N2S(~W&;{V9dju2eMvaQb1Npp!jpD2t8>qNb>$IHn7&fwf}O%v0V? zEe8r9)7-L}I8uH@g)u;=XMOoxfuu<>XeSA6ENmwz%{g=!ofZkng3OGn5;|n%{~h`k zi0ab_{PFFSY3L?<90X_la4re^ytX-=3T}dq*Y36#O6OZyN3h376+qo^%qlI@fk-F8A6(>`pc0m@ZPz7Q@Nc8p4cI1JlnuJpuiX8fQQ5v zZTo{!;8y9({X@_+tM&ZOg5Q?Co-X#{igheiY_SAd5@C6hM~-iIn`6Ano5t!Dj}OHd*`xwscd zblIpk(I#CkF$9uOoGbzDl3kzVB_?(*p;$w#y*^7hZ;u#`=OdLe9y|egQ4Z$52Y4mm zBcuH_&xa+X43Mv5Q_WU~HQ{-LgUW0Bb#zHq!4tY)(BZg^A~nV)S|m9#&VlN}`4QH< zfvYjWY2Dfd?Ix>9m=2>rSo(L=5+x1#?IoOs1wBi3 zCvxe47)9s&S-NbJxOwrL{FrKsmT#c5uGaVa};sev+ z^JwfzO8_wMgLfedjHz)?nis7S=h-_~EwT_)9D0+R&6(Ev{KzJ(11t)I;wO=?FZ;H# z6e}wUL9~khNa?vrke`Au*hkCT=(d4cNZ$>rSgN)2_Zh_f4v8JANFeuaGjK+#Za+aC zL0u@*NzKU3Ou~7+D8`wITy9`IqAqC?pg2`vu$0~`dwZp4oR+$%_ZRmRbVc(f5v>xW zpt?LgK(=P%k15`3s9MnExmGmSiUw_yz`Y1rb5Sqgr)hTKmX`W5GfkeXE?d1J(dhzh z=UB{Ujwm&Q-@q0hOi?8$hS0#4Bwzq>EQn1QiXYe3x}f$*Mg0On#C-Z(JaV#e5SJt- zJ8KmG*Rd8-Sv`A}3b>l2dh-y_p0T9rgPTKV9%U-l!hWMNaT?g*{q2N|p4Z#L8=$D4 z7HYVx#xZpvXMGIFtQ_Tfo(5iRAQRkCj$@R(+`{=ObWH1cWyAR$VJMRI7J34+d-T#I z3~U;hEe#E@*__?sSJn&*%uEQA$1W~*F4p$c7GbbOc%ODdur3&5AcX9}W>I__xh#7b zk$i!;vwCFmetFW$1b2Bwl@aCa1-Wgc=wMN5ltg67Twer);7mnpmt_GoF8f|G2HL5W^GM*V z9Qvfk-;C}if|DLSMTCBo7f{?Nb(_Lfo4XZHM`DHAG;mI6b+yYG3duoP2!`!+#2?dX zG@DH5=2EDV(1o(rdx_?{ls#-PVlrL9zbs0Hpi4WM)B~>yTw`*CaiJx}d%ZA7!d|b- zQj_O{V4EhUSqnNdA%jLU@j<-NMARn4F9RAOEvLuj`e`M~3Ot7#CsHag_yT}*?w?K5 z;9a6>Mw^qu>b|6rk;)Vi{n&z({o@h#u5@kDLuB2(dLy*b31(DYw#(sE-71V_guLJ` zE|#h6QGCsQCSEt`^t;c$egElPV5?%eZ_9*I6x14()#t6E?G(`t%POSW#<@+xAZ>{J4{PODakKZ?}4otB(cP^pYW;!mF0mJ}@4ISe13;Wp61@6)_A}|a+N{7^K zsm{BD&2<;=wsd%9@V!Gi?)7?WZ{gv}y;KxW(gdJ7lrG`<<@xKM+P9zDSVgjRTjRUA zFWg1@6Ov1t;4%i*P%g*fU%TI!t{GORFtt|li1;@v!hAhtgx(6EL{Y7@KkI6qUq5|* zdU^hOZfM`!z0GlTyh#}ZiW0OK)AP&AyFWhF_PLeMt&)Ev9{J7Fr}l^T@%`r?@sIPe zD~3-^E-b)THEB)t3WIWPXXrE8^_9a)QRMT>Ps26%kN2T;DRyv5f%>LAJF54aO?KhX zYU`D9lDV?tOE>+x#aD7vNwQTE%8jf(%L=#ws#|`oDNlR&4sY0YwODL2A3C@k%wk zD&|)=_}17s_4$9=oxbp_UoVGYm2yjtFy_@!AszK?7h+wQRxU8*IP0SEzo*f@Y%X4^4cr6_@-YAs_-TQ{ZdK`47w zlQ7mcMO}u?pBvvES%s{*CCujT0H!`2F0-3U$Ix5U038+wmxyZ z;5YLEh-q=d-=GE78JN)66>VjZ(9o{x0#X4hjP$@!;oOXZfE8#w)+2I!dG`-*PT!G4 z%66}hliCdJ01;ecL6L-Be~&q9>-I0=3yLYYECnO`#V>P~7uKqf2^hmu zFx^<5mnE*pXO|#$M)5394wy6~26CNGb1FJl_g(^6!EzV;v7+{`S@8mnFd_kIHpvj} z`8p*qoqi2(Spclwb)%pV6LW?Yjq0hvm*142RlPslxCXspv;H1aqL=Mo5YEi&u1y73 zxXcM&D>Noi+Q9tI+7%cp(P?zaS7j9Tv8;_S5B4#-##`~FrS(Uc61A)g5>eD_pAcU{ zSiip6#>RS933O4DHmwl~5tTV|yN^$gca8$H#hCWjP34uEPj7i@+CvP!LhdGjMG_*- zCdzLA*glkxKYst2j{B%v=uGxJ4(Q&>thHLnOW<2_W~!=bzrqQwm)k-I_4dYM##|N3@ke4aiEcv`rF=hBvtpP6mo> zVDwSYN~4oTRJpIm39LEDjTplCOJ#bv=7b40^v6E)?vGFZ(sKRy{txZr)6d79j>}D2 zAWW!KLFvANx-A)K;T`KOWQ>RcM71;zah-gUU7tsolo04@puz^?dE}Od4ZzE*|MUE2 z-Q55B`2KUs-?nv=>o5c@FA!u`5OT}2QvH};nTcUaZWBzPQOvPP(YnJ(g|x(q5!`|2 zmP*j8?;FK*-?k6$fB5~nv-x$kz>+DYjbd3KZqiIV-#VrzxnOwbz}T>vy8?r85wxF2Sujws~I02!Ky`r zT_l+^IL0f-vywkMhNn}gUMBKY#b})9tF5Y;_0mYN#oKY*bn8cttmGEKuHU?@DGEM@VDNpKgeeO6i*f09%G- zsh?k7{eoWY_dopAcRzgie0y&*+L96|9sD#y=X_qAcF_@V1MA52SxpIGsqMP96$;f< zE|5u_g*5IcZGC=u^&QW=&;7fPzrVL2pxkK_P%WH4d9SUl0A1LH@U!`yN6p!? zYZ=eF&1(an%4`$@lY4zE(qA2WNBP*=hre&1zWerv{GbKDCs>!2m>bq?-k!DfFX>4jeA58r-%|NBN9H_I016ZJ5W zbS0H@yh9s5cTCOi1lpqW*0X7+;rc#$)82}X22&{u4$#5Tp+3L7>X>WwefsY|w2$xa z+}YSc*@&73BcWYaFJimF$AHVyT zPwnG>YU%S2ANRqUk7ii&AM71XCBaz3Ze~9}s{%Td8=M`{&s9wufcWW2Odq^@U`}$K zCYEN}f5iIy;WzI;+}Udv#3SgIZ`vBSUwrx8K74xr-G|$0w(N8Xqo&mv3y3ZHvbjs+m>aXzmm>&}h1(m)bI&7A zqgur_y$*DGLx{-lj$8cg```Tb7au-<{Od0KAaUv8Gj3)3N9NKtWpi z@Q3v2&Kpz$9bK*MKK!-98#tafg1NfjldfP3ClfR{V`%3UdF)eOFt#cN)l&nN~r%t%N@}J+1cdp*k5_1(L*y(BG$Yy1dOcR94`eOG#ylVQON% z`m5vK-hcSqK7L3?Je0nD|F7vB7_E0pUUTF4^8r%f24>Uobdz(7mz`~l!5XBhTy6b) zn~93+i5mYh9rIoa1~Q*tUVS?5@!Ry_H$SA`+zC7eF3BhuWSV6p;M?bX-aar;vbVU^ zS#)Pj?o0f{Dy$~;bJZ=fu%exFy-I>^5b{EfB&hSU#juDW}asD zCoz%Dv0|V8(4J5XAoS?@&g4x*mQ@DHVMcau%SqyKZAKQg2FYTYY$k3rpV61R+YGgT zvG_)Yf+i#5^UJFrDV_Z8Luoe?W6Jdgg&-4#%JSGN-y&l>zi$q+x)YlZh(=wY=gUD< zX}S`3ZG_K`FoJSyNWY|$<^AvP!6zLg5*_L`T=}esx%Mta@44r28^ctoE{9{ItUw)` z_%+RtuF2<@SO1HG=8xarP0VPU?8IL*vLOkGyX_K>?9@bWe6qy0yr*T%*EkFrqbm7| zp7?&mRsXF${{*Pk)^6YZUH<1*K7Vs>I|(pHQ4~o1n?aC^=NoQ`??tL1UC= zlXJyVhz5dJuA4(@VwJ){kFk{D8X?yAV*Jj?XYR90oBa1PON3zw2zNXxl~z(a_N!l0 z)ZANte)kvOocpom_{tdu@&LU62Soi93jQUhJ6pkBzD_mQn z0m);opy1fk4B-Ifn!OC&%F6=6;je@@8zG4K{eAcu;5F^HKRvyYh4nAhX_bZ3zo^$` z3cx2-xg9JXL|SsFeRCQlUPvQ$ZWPPFV%pPbC+#syt&mPf~kuNa{@o;B(9 zv=O5z==iTJnzbfZ^mZE=MMt%x?u^PVOJht%TxW=m-_W~BYHGE$=hsi)wx`QzZq-eZ zuEkatMw)%uFXUi3wWXV5DQ*q=Tzmo*hgi?>+2`=pqxw|%rp|-EB@+~FWE6)P?qGP+nO5CAqSA<<*A!?N7$vJ~C zhy2NiO_mDon_6EVc%fM!MC*m@7f2?VmLESsprgX*O#!QeOrI~Oe?&=3rcL*=Q>LL+ zz!UIf7!I}pYRv&o))Wu;a0=F@%7UgH%Mr^<2OO=VKlaYECJk!px@p!~)#(N%W_2F} zBv20jCaShv$7L%91-2BWg=}WC@6y*?W5|AwIkau;VJR(gJPpkpILiJ*XWcfcwE0Ww zq>n^o)D>-qGb(h;YP^TI`N|@*l;u*TqW3evKJCeJm;k$><=4Vxmr)i3*j)2YyFd?~ zNcsXr*DXAk0f;~XBq=5uU6(~S976wk|Tc&0O3^|I`RPKT{qqtp^ z^UvHq;+m-54QO+T3M9?bY;6Pv^#p-9%D;|FY;$!UGexLH3Y3iha|2c;SJ?aKQ*~xd z?g+?-7*s)?pop0%fgR~|L%Rx$_vOQlsDfHZ-QVLBOw_6pyjhPtAo4*E)l}tjgkbvu z?Xg~%YIAqStuj7ye`y2cg_Wbj-#*$d;WiiZ)}@g3y4%Qe3Z*!JK0|Zv5I(aa}iEc@Nba10d8M z+t<^FM{j*fRC(S&Ni_zzvo+@^Zl*gNzF5+KYT%)k6CGk8tcIda1&4E$>F6l7;Eo=Q ztUMC^38#68|9~S@mAEsR;*ko?^8k&XkTI8oE4K)5Ak62sF!L@E<%(0_HV&i!hHHi3 zJJLtbjSu&SbQVP^Y}UrGSP1b%FJOR%NkI*(IX5uO!Ec#wXOZ*R;U}@@FLCL>Q2+FF zKUo-nHg-cP38J-N;;P>7%~keJh4BzeRw-HIFta@^pa^;?L?5I=8>V!#KyYWQ*578@ zIEdj4qnbYU`2F$mcFE6DLmd=g_Z#?a-F^D;K1Om_nd|~lhD3A;6@1t_4Ynnf#MZ3` z6$$1qigG?u=O!R&&??C^q4Bbj3G9PV4Nv0bp1*pMpUBPJ4NeB;V-O%WaD7Bl4^I#5 zAJUi&zz&!}mRv5zlW!RaRNW%nE3tJ-qNOhdXMQWQ;m9M7;GvBmnGn=@e~CIaM|AR1j!k6?HKl=+Jh~lwy*XsBGlc&@X_jMx)sfI?8>m~x z6@ho2&M;3Ptq%Iw;BF@U1|p#+(ssR7HKSrJtjd4=V1F#uE(r=F*b)O8KIYz?4iRig zbOTKhcBE4%@L9O#3t@|-sWOhxQfMpf>Cwv^$3g-jsB*1^s)apVUXa&z;jxAA1!uX~ z@AkPh=e%RQmnKO@Vw|$RJ4P$JF?5h6J6gIZ)0Yz}z8R#cOBcDV1|cK#Thx^ZZHTMT zj=X1Jty&Pn}>nR`OA`f44Yv)SkLlS$1D7=+2<+>QCmy^&^j*Lwp(KJ#y&i8vaA3Va5 zm^Qg-2@nBljIz~-`2=8j`p` zjT$U}co>#RjWSNA7Glnv;&Ci66nXsZ-3?+=p-4}zLWe*?PO@C~D-Z0>9NE^0q7;F{ z&HBsRh#dxw&_SX!JE_@#{q*>-HF73TlVIa$doMELFCPR?s&dQ2>R$)1IuO|KIH;8c z30npWMoF-FtlNcK=BJUQqsn0g@|G-D^!)e+4FN($o0a`FG!gq2?}hcMvO#NE>-LCT zHa)cUVes*wMGi2)T0Qt2XDks^mq-b}ig2P8YPazoYjq&iiefTEek_G+T7S6H8i+y( zfFWSb5jlXJrcRqk>$?<&fp0>91c_$)=eVC~I1PPv?#-k56@tD3ZO8V$2++KsXh)I9 zryuS4aAXFwC=JajQg&q=>Vn}6fD3}gjc6ov+IEgZE@(0|Z8~9iisizrdN`D^q@iL6 zWhBH?L&E5Mm?Ttyn%LZIq%173DjuU&w7_yzTgS3SPlB)N^ae(8S_zy&vTZIqO6q#q z2nr?CUP6KiuRvvPuEthdx1OnK5q{)iHU1ao#s*$ajN3r=_1(8siKyX-!taB;v^ka!H zofM0eghiCYbZMnLzr4AnaBxE}++3xlqIQ(&?najzJz2*oO*G835QWhpv*-?xLZuYZ zL$l6kvn=f&1dX#Z$?j1j9jC2??IFf zmm_UnkFZA6dJX9syLLZfFX!eSJi!dV9XvTCI(`VYZrlBDbhxTFY(JpK3U(^~T6xaL zNjf6oJp7%+mmb@8|1)2XaU-=vv_x?UFy;%XR;NU`#FhY?l0ay_z^*;{B_XRbLL3@+ z;ZCz=Zs>+89K?xD(EN%{C4SY!_mT_tKtU-rch6wA*})duJ8CivL_nXQ7Lw z%Ml<;3$DSCvfRr1Y2#cM&2|V7XVhV7zue5l20E07m4gOnat{X9zS?QYb+s#7K#@VJ zknX(9AlkwYGEoi?qsr9IRKiKbY7{L5&oo{lO4geWGKdT{DEz<;P&rv=yh9NBV&iOW zS`CG8%J;Lvuo~Vh=@qN$~ign zKF(N}J=X*IWAJcATr34uVu%HC?UbR7t`U9=<6FF|%RV`afrYBG4c$W!L6R!9TWFWq zxdQ(I^vvdJ(m%gE-=habX0L+=5kLvi)Dl1%6x}EN?l0#5o|7~c>%!0+M7_Yl*73rj zQZ}cx8Ay+Z=n-n&`T1q7fUQIkF6!JnVjt~XPT<`~HhX~;vHQtmUk6;XsDMYkTXhLm}<&zv*3Gz{}*X0Kt#bY+Jt zD4S8WL#Cl9hhe=XJ`lwWCXrMzB7Dg^cU`n_L=XxbX#A&?FumwmnTooJ|2;^3xBI7T zVoCGJgf772T)7Szlv){O%hn@!D*i^{+{gqX$K18)PFPx-tUB2vE~iA~h0%(MslO#qmeJ z8!1|bc8bh}l$~5|V=G8We!G$PTsJ!>WqWN*61aDt9H%_QScZ+)K&uG-0owExxGGO zi0*Z9$JaU&y2z5gNV#mAEuLI?vlKCnQ9rVsujn*JNkSfv*1W4Zyr$;(RF9Etra|?m z$7p+EHw+nCwa4dT$}NVhUsHwC*(1(?_E#_N`1{o8{1Yd-1$*9RR3-95qRD3PIq@sK5Ez{gV14m4z;4&`eV2_8A z^ru$pETA%-y(aQ{`2QGt6DCV)D{c6%*b(ngb*bC)X0iNIT!=6=TeR;nc9Y4L>Y+ZQ79v_ z<+QdMGpz6>L%qN6=_R2E&S;a9tx$@SB4pX9>4YYv3g;v-xpKvLCJ`uX<}Y07|X z1r=CL1!an=%3B(1A%m23?U#YcLTsRJ*{WLllsTgrw=PtroJJVVaV0#v!hWyH&`*k^ zb?Hk*a*3s>(LPl{W8z(Ku5t{AjE1{FJxi7Q5@jL+Dv{SWauoztTqVOfECVe{V3Niv z3&|WKrDTF|39rG!GP?$Pnl`%|<#_63^3^7BAEV@r* z=a_BPFhyzlP=aMCj29cR0Q*1$zvgYoE*PKNac7j)IvAV;JaA6Sq~?h8lH5YJCSjLJ zUjD@dUKZsC&>bgP;{(gqNRQzNj2otx^&2zkVAVV!fQnI)CrvXFosBFk`bIl0m1@cy z!|AGM3R#%s1JlbfsZ@!g(2YnMAD9TVCP?S##frEhfHkpb&5TK|%#ngfmD7QWlUT4s zpCocEQNWoZyd=}077q@7FJum|C1_Zj&Q1gI%lRm)$6T2ZwGet4>Imjt7Akgv4bE!j zX}2iuRjnqiKsl0ym<8n}DiL{d6*Di2t(s27#Rw^0XhxR_vmE!r&|FpRR0Sui7nK0= zibuYIbRktiBforbFg3XdsGef2K_P4PMkQNh`%$#D6x*n&Iq5%UDlqPil*I5=G|}cN z8x6Bz8EEBI3b1elvf^D(Dsvn`()y$qQ7evLFw#4PMS#l=Cw=00)7m!sl)TYb$ZHZp zYJD@{rrxDHB#%|Q4R)Qb%=4AU8-EZGp_WYfP13dol(>Y$Kj#Jkw?Y!PpZDS&N!8|& zqMf)n+T1FHWr&P?SgG-fkbenf#N5jcesS^a;&`%8y)e82z#6nfJmGY7k{@oa*RLjA zEXi3WL}^`kEoBQ#g|?S_+r!^>@2t`Vez_cN6yi`|vCJbIAqTd5pHRiK1}42&>f86B z?LlwbzfVVBJcyf@J74#8rxjzWF}&G(-&k`7L4!!T%K00Yw*TsF_ujeA2xnN_l<3a| zviz7U9d~m6OcA*v6gMGa)Nvj0xwY6PC!aysd{eI?rd zczxYl&yH*&X8nyL%1Jq%AK{1esLg{okqgkAan=(&F!IBJ)CqbNA(^^bMdIqe( zC}&=1w7uwU=hkAMw}QhX!o_8g@}<@N_3u*wX|xxN#d-ZNZC~`Z^SUfGmVKn9DFlVB zbiI~-ey558_=_qyE2f!4+l$_I_MPBG1twsG@)YUx`?TZ=%yHZ-qc<&1YWwq_|J+;8 zo)TVdV4t~ynHYg8FYhf+ZE6LKBYue{P5&n=*lvrKtYw&96U#hKT2ud@x)V87BSr!wQ|Qrm;xcJ7TMaD%!i z2cNM)@?>)Rk(G-9%CLNx<BQ)2)RVq#@5$+8#6D1zsRyd zYCCVtrR_m)JF9+j&0B0qDuc|Zgm!6fhD%=z-pI93W*%8;d(qp@edS6kB1GfyN9i{J zoNV4}A8Act1ttJ04Ty5QO4dJUC)RfjMoV6C!`H=*3!i0w{&n^ zk5p_+*&ssTf4q_B%rzbYAH>F7DkM4~yZip(m!-zm?%Nf?st9{c$!ex;hqiX$ zQtNpu(actq#15|)ida3tyJ|6{}y<_R|%fX z87&PN6#Nt8d4Q7#v-uYyTT!V*_Sb`El(QQC<+*vlJ9L`qc|;$=y{p_a%j8iZRbrp+DR25 zX<`&cx-}K7$=w^Xm&SQ)U#HDylp?1l;64LK|**)c8ABc5)ZPnZX%ymkJYu zSY-N8#SB;`mB>!A=|iclsYYr&d)7r=M&6}Qz^EZm4VUhXt;;pj*h=S(oor^bz36Rc zzfy47QnRoxNF4}k_*${BTeL+)e5K=c)X=8N8Req1g5E(XaspeyDsiVl4^f2FoI zg6~5Vp(ejB+Ft5y=e-2Ti#8#Fj@*sxJ+JmQDX*0~=x*V|%%P69mwMaTiIlaBQoO1; zbO7NT>w6xiQd4O(Jh6o7#)Y<*dfT}zvbq5y(o!`+yeELeYJ2Zkl~!>aD#64&AFI@M z)!WX!adiUsK4I&~=xltiT7Idzs4J62*3?5KU;qN~XlW!UlDJ5cv zC0g|H=UD@ZYf5Ma^PMhrgH~Wfx#w$_%z!ybdFE%Y3AMfGZRb^^ra-1>b?Oa^KvvT* z(C#g76>tD3VT+v2acXh1EBxEiVGAgz#hd;39}LhDReo@NV)nyz}&-Y$k# zq>Y|}po@~ULbuo%s~S8$(z@8Ffml`i3}+8yAhte!OPK|E$XjN4$fTs|@!E4&^`2AO z@_i`>mCOvQ_cP8tV~Y5Yk_b7^4oGUd>TTzg%X$bEWaO}>Nhx8>-m@6BirKk?c4%eQC>KMKSSCEJcgRS zwAU>%Mvc(1NXnWi+=8~N-uCdfha1+r6n(kweOUQ?m2t&{>&0}>LR*3Kpi+YfNTZ~j z4`!9k0oODxI4jo=*j>m*Cuv`1cb4+Yv56hBG*1dxp4FHbuL&HfW*GwIjwR?Mo8{hIDMwV>C^KafDVQhd#an@e^Fo?03b_Alrz&LDB$|IY-k0YR>eXdr^lc(fSBNkBG{Mdyn-H(V~?prU5#ymVWH}ePy0% zp2QWq3kn>hSM1Ir$MbM*DvS%88?B=f&FTR@JjPRiw^>%?$QfPN9e|d2Gu7#=L4+$AVLqdid9H z8$Nwpe!iSUj=@!1=BG%->>3c*oN@5s(FZ}~cAa%6o&^!H1n{LNNSN9vO~$RZmERN8 z3`o^&TtmbArPUAr)w&Y|lT-i&BU_POQz963stlndMdV|rx)vB{ei-WN*y#1B+J*8J zxiGC}fh&7BtV1Yb;KtApzWM#F6qsbf4y6SqDdl-;I@De{(p zgDE#MSgKb0so4Z-5e=s44%H6D5zGpbd+!TZfFl6{3jv@xo+$z=Bo~L9!vWUCAOHC1 z<{>d?Z^t&4$i(%snKo?3F_%{F!F4qc&-ItaQvixERJnnz_pG6!Lq1&LNGcVAEjp@F zcD}}N(~qvM4t<$C>in{foJwp7Z!3>oKeW%WA zZ&~!Hj1nBaIHp^QHNUrj#u)8x9vROlU|F(O#&4z}0^s-+yGx4^gX5HvZVNvgKpO8g zUu#oxq|LH!y&U~v+A~S}R17U(CKl_c2&i$^cF)5z->kS8rLm2HMUk4YvQSuQV%JKHO5&E2)i1*C&@o z&od1G6l7qc09t)D?wkhiUJQ$M94Po%5VcdqoEfWSAtYo-WMoK`!2<3}Irq9=v6?}n zV{zsdaBdWn&(4jL3HbH6-={G%>&K0)e#-2Vi|Mp_7s-ZS<`kS=+_GsYvO9}Q3LOug zTcm|2f4HG<=CapbybKGBlKHI!Py3mzkliL#hI3kKsezhSe*POaNhyFlQpnclIjuff z0^qK@Z{U$O6G}fUqmnUi4mWEdLM*wRc#&$k$ok@k!%5;eni>=|2~9O0k}rn?xcqs$ zR(hIN*p=EJ&dwTV4Y!``@nHQ1t&JJ^J3FV}9)Jx5J{(Eu-6i`Kv~V~2&QZrB8Fz|| z8|Sd(q-DKM6Baxt!;aCKYqe;O$`?6pzZClvillJO)TLCtyH~ZTYBdW3H&f7A?j4wc z+4<{HXjNy5Rv8qG7-^{r| zf)4R@zmZl&fIMujDeucQ^h>cONB=*3LWAJo6>0yh46pe+Yy6p>_q<{;7@-ck6 zr}c^+t_VfS%_nk6aoT*+t8P~@C3-2LP%Sy?)Izme?0G>6E}mdng87}(YF{!@4076m z_hFIL7R|lsqDm-3g`TnmxR+SddOjsAKX#|6jw`a?QF)HyvYHI?ss??ivi1LAm1#QP zq=Q?T>%pZ`LfPqRIZA?GUjABiHJzd~=z^g-PLdgJ$?qv6={nj->yhlnCK6VWkvn>b zcimi{yHZ5ELDUqc1*Rpk^nd4a$f(qy)r4ikk3BP!OQz46Z>#;3DJ>6btALDJxO2*D zwf=cQs$43_l>$1wwDvzQroN97qI(H+4hE51meu|cm2|UTE<6I2y4aOxV9rQ++EAuI9EX;c&A#v<|R5u#|bFa&Kv!JUsmExApd{l+^XQ zyWlC}W@7bp;=#*~BqmmjzwYjH1egkA_PV>tn{%BP@*=|@juhBvnYr$MZz_$7$_DZj z!>PUc^j*I0e(UXRFbY|@yQZ)7_6h*&#_Bn8N_E}n%7G7-DWCNen z0D2z7L6ySF!JW79yBphBo;I;tN`Mf8HdQroToX#aFKmL-Xa1&QjOn# z?=<6qaDE6;G!vXsw!1E9%2G0P)C3ndwr9R8X7KHnU}(f5^B0d^^pP z9I5m?0pdypFb)gTt=YqL;pRRUp|8)L@Mc4B!EvFL!21dJZMnS;lt zTNGMuSR(^vg7S>G1+VPv!fqf`oKmPG182Yrg?R3KNR%-gk$oLx+Jst|_07>l+68x6 zDp?ksbeoj*Y^*?N6$fOFU?B1bK`8e|Pm;;%QY(H6sRTsTES&xF{H@2rxfa1}r1KWa z%}alFup&6EP)J^3YW!0h zClci0H22M(rWRHsKm&eDkPT2MmLc-_)v@}EES7IT)tfJ2r61h&tA&GO5gk87r+Rj} zW!(5_prag8wL{(wr@#eJ;CQUHIsKEB%QtruNvfsA0^))P*WO*Yw)Xn;Hzx3g2y$vU za!2S=x`sY&wRAtP3Sc8PxIdXj$(R14xdS9F4p3398_?`}+O_ZQC-T`L6pIbpQvx^~ zW{yHE+)!NV|4!m?n3I{wLwT9qkzta7=pZ61Fnv5%HlGU(UZvj&qizA+g(8+~ z;lV|jR$~$d(6Ju_n{{?L{)O-sVUOJGY{~wwbSm@!Q>BGV9`_=#YPoR1>FeM3lroUE z7)&_wc&k5aqOXo;4baF04J|Ajoi6;&?9~mFYNptNM^X7tg#7DhR`?`iG5&o zNuJU>VCJNvUU2jZod^6|H-=$*)7n)^0Oe=7bnW-cK0Qcq>bl^KGaT+mF62(Q&>B!K z%`nfV9?ppFL>a(Uk+}Q-)xq)e?xpNJO23I21?;UW$l(4<5!5aTLG9qrDEqDsyat*F z&;e=$u#VO{!2|^+=#Z9ay|0>T@0}*&_Mg*g{}JTxkuEEQ*8Dq8j~v7Xi@bwCfI_Bk ztp2&u(ZQ|(?Iyh{XNJCuOk@~~D6m)Qco%NX+Gvs~N<~OULdzc1(jvBlq{0D0W9$e} zOGF$#h`iX~B0C*sSuJ8A!PL}1-yJIcBmbS;4W+ll>xv*cunDR^?>+|%OQMW(uy$3x z=C7Q;-AjORgbbnswlSrvbJJk;E9O~uN<%>gptuYo)BRG7Q+mF9!w{G+>Em1e%<#s) zu~|c_ALRbbjLSS2=T+syx5R~1=T9n|HXJAhTNV)6wkN#N7mh_mGfFcVDn3?*;p36s z`NPBCej7QHr^h+jm9+;*DnLuNJ^k%>Q!zLqFPyEWIcV0_==tyzVbrL{gp%lSu*E_+ znq+u1OTFc5o-sIyL~@PoMOd$hKpAlu|az_B@LSjF057O5SnjG4zWsJ zt!YyVTf3!)o?Hnd{76SD_$;_2S{EMjSp$8&b|ngE*2aoLdHcfWaT9BfwWfkFbBOfj zM1Yr+@RtzqZMmuEV&xn$1SS!{Rqi+#&~i%uDZi>PiZV%p2LTNj=b?3V`1`Qu4wQHo zd$3Jm!6G3yTKsj`WXYah2QhC_hPcu#>xK}ft2%Gkhm2r?g*>ly@U@oksvmSrN`H+coIK4X8mQIZZM$HAHEq z_Hf{~dmz|r$*hcNL`z7T&GbZ| zI|=q9aU>D832r1U&vNU^T?9`)?$u0TZj&X2Mn#Pya*PSIa)(D;+BhrS|z$`0| z7MX+!=e7YV!|#Rq73lpx;)kV&^b8{CxjDy1KgXBCSzIl!j<7!k+j8w}+(VQJ8i1&8 zDV9#re_)H>fI^rqw$9k@u_`EeZ|a`<82NHo6MVd;txaf=OdOKP}S z^0PA-bH^*?R0vk&#?rRhx8Y>S%N5M&b`w_|kWo$BBlpxa$mHd2qLVz|MWGwNGBAbY zHX&U%!sz+NMp&{AM*%{0luV;|>*34nE{X0Ya1>jijU1r$RA3*xPVl;o66UZGEoG~+D6SkhPn zN43K3>YX^VeaK`aw>>?o))Zh780EZ#U;`Z~?R(!vzhH1dj1IL$D-` z*jU?0#YoGI)}9^5N<{l$9ZY&d_h5C{?eK(@x`-@ePMB^cnw3s}+2Y15UCe|zZr36R z?of-?^!PH8O+PK0+thwEF4G^iX?-Ql`|!73>-OZ94gV3hQW5Fm`5?m@$fONLI^SR^xFr|ADZR#ry(@UANr4wy@{=fiEP2UdH1hNCA^_4_QpB>;Y6Igt5lX zm7z-;flr|E-g?Hk5HkzxZ&^mUf?y~^Gxw@PlTscPx3U_Y&0Ge)w7t~Zww0RP7nkVf zgFdW9Fgm25`HqYkJQYA&J#pv#2hroC{1jRutf+;H1H8u*Hfp4#!%XA(&;OBwKC;rCD-m~ zY=9e#sv1pozxSO2 zwNB(53Vg-(mnDY7_6=)R1?pXt(Jc+1s_u~Lv2MZ6n$@6RIN}kEt_^~mzES1T0Vj3R1<0)!nsMt6eoyUp7^ z1E6FL(I0-D`rw%IKvXa+B-?as21J!iI-w3(1kN*Tl9aWb;is#wSq&Mu8J&_u;X}6h zn{=cqL++y24-bE9!k6pr$K~$!_3zV@T%KKmstjEw3({{qJB{{Tz!Se1_Cz|m`SQ(x zynYMhKj~H4jYu`wad__o*U<3NWO#m!4>dO+ugG&NpjJx7(|`q#LA%%vNd)enhdjDY z4WWS0AI-bNjC&KD!g+3Dpp!ZXr4wIKGjKJ?!83q^SYynL0X=#M8RWhjKV3S=;}Azx zpF<`kP8|Eg_l!qhjl{YR1s->mqe}ufH(oWgB=31M5<f0}GVlbRD+su1~vtcSMC(f07S>U?$_yXUZ-{`YTTlW5!z zI1iP_?RCf)rug-*7v-nd|NZSeaH=K-kUXBOjPrV>wmguni`o z3Q~4k0LZ27a#5W&2d-|`P2q&5rS4yNA z!v<|%^tMIBvu~cf`q?Z(E0G+mQ|)A)?+n!TMQ>X~{4Kooe%gtUv7zIL%vjzbdoOKQ zy=@WkZu)3?6k=4%N{-b_cBfF53!Ybp;t|nvsDRQzK0O4p zOGOeyI=u8!7kE8&sEg*Dfvg#ZIzxu1k!cjuyn9?_jFNfDB6s(25$FOY7b`Oo6Om6u z{dbtwlVwgM(W?0cK!lRkDU!lYt`=NYg%OV9#Ew$Wpwt_Chh%^OdlpH8XgK6}1x=T1 z;A60Q3=`Ib~9h|H%2RUln4*-io3n6p}kmCnH)gMEc1cZ zd+^aEer83I46K3f*&=YK*s2vZWb9T=4A3A zv-{5pld1UFgYqkb>5NZR-+9qhk#3Tf09xR_XK8ioNshZ@U!qO#P}*7^r8B%X>^Hc| zrE4)Dya24Rs8#KiFs@Zmyi7Z@{}xw94927WuQ%7Hdm$npU`sH>?gomvjSM@Yt?zQY&S#!sn zJOObsy0UJE^$P4MloCtBHzaTynunEZEyXsguBF5=_(x!jObW;cWCgUZ0``GsV&xsc zMZewjm!57rGzwzjs<#MXn#TFa+octA-0~InGI~^!s#_`B$>AQub&E=(+ep%)bsIoS zNkJA}hgK{#0jlSOrWFM#@Red9VnqnAzExdyO-ns&DWXOxbxO+$?}$)!`Tt3=S^KnC zl4?qx<4(dt!YL({6>xWJp;KulyQtEi);^FyAT;BrLlAiy*mwmrtgPd=-DSBo1eXt+ z4plI8WU7jOSF-R>-5p+Xjz zKrKz+Gkw_7b~)O}6#nYlCv}z)Z1J$jl~wRns}i%HEHwP+^2Co8ssH-!gKu|Im0>c` zK^>X!neUiYWTM5>+V(c3u-OE%DPt8Sf;}LJlt4Gi1=V z;PX?EG%zarFLf9=E@2!0V6-pXb~|A#|-YhC0bcjNl6w$b)cFG>mh{a%`B7LG4yh?;wd-%mj5x z4xOHPNJFOHkVzlLcKtJ&MNb!PmAv9D>rWY|h9XLU|3xY#O+%`)S)Z9>$RM+8eh7k~ zV~*P&3aB;+C0fNv1!31c8dKfsD~9JWH-{>4pncN)razu-lfdpQ*CQB3s?1lULzLyY z_jk|rcM6e?BcdOXGGd6gBdFZ(`J_D#vy3*t?5-tL1**q)hK&NHSnDdHshz{&;cq{M zXMcF-_IdJV`9>Ue#3s;U#2vpVyyqFEAiTXO&Wo;(0Cvss`J{(X{B*=T6vm zyp>^-39VXv9}XLu!!jJ;9>6mUDz`+$?3MSn(sU)13uhBXlA#b5m3SId?#+v}3?ZSB z0q2MZ(3AUqhZ?YLJ9((> zrQWuP`1$b<|M+1i!s_JUFJ>~#UxKz5y=@Wk!)tFo|NHJkqKUYx>L5y(M4;`ew=E+6 z`r4cCKHrJR-oc@xxMOTSZK&-1oPSAFJGpw$_M*2fBA);7)n~f_l}tL=BSHqp=7mmeZGBPeBIN6zf7p+Q zPTm;^sY=WYVrcuKw=E*RfA-_+U(O=DVIGIC)Q*d3ub}OV-nNK%^_yRweY~3$>3s{7 z=OX5{fwq@=+altei7-IUF8V6K^HuI9t>;>#yb zKS_8*`Nc41cR`B*uhaqu!Z)he<(ap?`Rt>=>@N$>g1Ch2K`PHXiQRlfYIU#|%Y>FaTgZ%}qs8r%`ym&)SJ@$@er zz5UT{k9bz)n(m|W%pFN>m!pm17SDhBOWw)g%!GE4GHDKrqV1LI-bhEmho8TCBjUoLTy+EXr+tiN6%h+8_R&P%y9-M620$L=2=k5?aJ=~b>)XdW9l@0- zp@nU1Ej#Mfr48>z>+;^aH~#*&C)@X~u*8CCP-0M_Rbjl96CQTyU3iL?kus(wziEe{ z2G7zeY^kaeQUayQNt|)jLI(0K#&3rtP)Kb4rZg&CR`FYM8rpmDX4+XW;~nDns<>p3 z>Sg6>3Dun82-ijk9!_@>GP=)vF9_i3LmWIh$Tfo4<+8EA?lsLt8GKQ}na`69?M5jS z$9j^y3NSqhUh31|c4u5=3r&7@_zfWiBEY0AlIydws-qCTmPJT6R%vDafRZ zMk4eeZMMxoH;UJCX0AyFU2(=whal9tc4-kijc46};7L?VzGHK^y7;MF z++1F;i=BfJ8jjLSjIM~(N-tV&sVTZ5<)GvQrV^jEN@vCqGEg`@KLtshF{J(Q56Jl$ zVwcaAhlju2KKu8t`>`AvJViiPQxczP6@S__V6x^Rygvs#m@OVmOM3Un*B5dHa^1gh znGGQ98A8#h1dpY1?DY_>%_*`Y@S&y6zS9P;)9!i{EUk~v}{Z1 zs`DfLbGSkVB|a)|Kmy8&UMZwfgj_^noJ`qkCh8tCl2W9@@#I(mV?xnb6{ZJcjF7%X z0=Q(+!39A@586;2XSuPWeKX$c$_~voVALR+(=Ff$KZzTN>DjQd0Pq|ED9L7R5L* zlHIry6VNaW9S(`07XL3|6fVO`C{8G|#l*3-VMmu`f}EoaR#f&CuAIL<^-?SAMlUIX zc;E%=6B$w`o^n1Pd!jIiqJwUQ)ampvDNh>J!LVc6A3L^5RcB^nxqkQHsU}pzL`kH6 z_r%cnggw)@InuRwCfz9FipC|3D{#?6eQy>Ls#8J?!4rs!i>{iRRvsyeg!fjeV8abi zB&e)u(Lch}m)RY~Ol1ay1-Fvbd}`cPWn*z_-yltiFoAZ)iP4D4j4>muoW*7(3IYPv zx%U=AWYe1*PcVNd;Gw5{Mi&StkDWM@XB1LLs?MmCynAXBL{iKVg=}H72a;QhzC%d9 z!nZo&>JH%Aj1r#Bq(;^QPB@^OR8*Er0i~_O1U@Xe_5mE}6b)Qdurq}I!S!i9nZbu5 zz%vTZxJsQ^_2l|e-fZAdc?MofER9yPom5d)4;BLlXm6B|l*3PsVbsD?k5S;fLeg!0rD>oktV+T@=XLS@sHPvlV!_}F2ZDYr`{DkfSHs$Q`)3$aeM^D31VCeukotxoP8j-u;=#jVMpsM(HJ zlb^ddq*oWGv+{@2yO0w&OCgh~q7XPr**RUoyDXVPO-QJ+R+<>Yz~6%6E(aGsE5XfG!Ncq^2(-?157&summ&1X5JTY3@2)3n}HXFvz}8gn!>MeZh7aQqhcA1?z+G4GYv{^lC0(Kq z8Y>0}3}U%yP`;aXlvk6);o)x+d}lIVq4@u^C(phq&o1A&?ZqX_zqaf3C9McAO1%E_ zRMQ}`)z-s#7p#KoL8ZdM2wg;M$@8q1jC_csVx63K!+il6q{GdS1Xz(Fua^w;=2kZW z$+K@HmEas)Ov)Fqr)v`{a`+cBRyU6px1nX0Ydhz6j}Afx%-11lBw|1wIaG%zP{NFt z?5iA^wIQ{r3U5PLa@M&aBS(~4C}}lnIe1lk$2&VbKqP}MmqQRiX%A`3X&}$+YP#GL;CC$B$~OZb%)BBW-TMx5O#khz&nh{HhupT< z2bL}FD$;Ji963wwaC5x)=<9!d756#$HAFLyl8}Wd%El6@dU!aMmDM8Q$8en+6;oL3 zKUxM~C!3L*j@YQ0$F zL-*-h+~<-!lJZd(Yo^tdZT38Q_^8X)eO4du~7Ice-uEFGF`LVSp)?weD6< zcgcSA(R%?x2&#<+k4E4#y1Ga|{Hq zKFwk*QCaNa=6GVZv?8cHif?AzOP9MJz;7A=_^=-4o)I}bJZpyh5!HzmA^vKsqELe_ zVfed6{_10kCLSnhTsdEq-&q_g#VnvqSdgsM8*tGKFO_SH85O1^c9s(^mN)h?EDRB-9N=cvazML|0 zFq8{Uv>K)8r9FL4F26?P4Yd93w`Y_(Ud`@|Z!ScF`Xrb?v#1Y5sc$x2-|KW`YssXK z6Zf)#pIGJ$A~_+r3X3Z!2gS>klr^2649Hk|GUSlgW(Wf+dY5w?Pmy&{`920}edGX; z2+J-)O_;8Dl&j)7I_R81DyS4v=QHaWGR7$bNr3C>;>dnIDYVrQ-7`^n&at#INDn|L z6>LU0-Uh8Aut;roK>O55a;DDokz_2VG8=+gN@W)ZWcyise^5wv;$Uq1j&M-P<1+aK z6XoG&vp*O6Q`|LNm+e)OTfo<{>i0)un>Y%{g6wqpWfpv3k>};9!{PSXzt@3?&p*%Q z^G9P$>2A;>9`@K_;dmv-zu+ClT5~PbvX8@U`l^W|Y$m$Ff(?zwLT+xWc)RG$YP!EO z00zw3fkBbM@uj%H0kVEww4fQ_YqrN4w@t+!ZY~e=p!7Es>OVJ`jjW(VCtMD#vIrN- zV^{Rk^QKTLt#F$#Ng}xTV$*U60dJ&#+Qw#3Exop^M+&KTN&#l&aCPzI*~QKE9=9X==%M*mZ1oR9$e@}JBgi05cM&pZQa4YvX?8;*#jG|zV0V^})?F84 zaN3ag>b>-ImiWL6@;b8T5jBuf2rIEnMbyrp?jmGRDG+t2{f)CI4T=5Of>^r9ZeDXL zodZKj{zkwEg$;9}q>9_+oZ9Kzwn)ga4F@`iNHky;y-yAJ_1;yaKS)GxfwIsvVd=^o zn<6`X4H>UQb)iLlljA6Qsw+`XE4h^1<$TJ_9fAN(&NXE)I#6BO&eV6c9Ue~6%Aozo z<_|PDp551<{VC5u1kB9<6Sstis@B-T(4XV^rX!Z$(rJ|FqM*bO;u1gHTz(H|hkeHW zIkozL-T8)aAGgPp@p3RDMk^xWHWu>X^ODNFh1Y%V z%$Lm(or$hdhy+3h@$ZlS{_%JB zpfIAwktBR9Zavkl+<{_5tuIgg3YnVE-h8qzB8&>!RAr{ijNn6Um!pmHd%t}9Z|~eo znav0~2*=dyP(vH?d(lcj9iM;qGg5W6FD2+p6eN*Dal=Gr6Jokq9F7;yzJK~r*bR!e z6_-{XigVM8(RS6_sEG2tSAW^%vpXA2Gkl_SZZ1Eew#(7B$awwf&v&~L7G9mi`OK>; z^9hVLDpNq?BID^>-~DS>!lIq=fICuN$2mtDZ7=mUsxe3(-aeZ}n4CS*Q?xa4&W}ag zE4^(I@s}T7{nyv`V0%itz$6)k-of^iD3Sb&)CSt(H4gWk6H6iDHjYnCTZ$oZ5$ExL^+Dl6bOYDc(#RNdi3 z5obzcNk)S)J|T$=tcG*gep%HJN)DZS@K+dLqP|bfO)NPt2&4$c5^nW8^MELXEG0R4 zru39#j6lp@5(wUr5Rr;u;}+7fM4P2YyK^OjLcn=BycF2X91vpGzw;R=VT|NQhZs`@_l!JnR`v==8i_OyXXIOg@qb#tXq=M7JeMF+3U# z%|`KdwnPcGbeMh-LT6V%3W>B=>`vJd8odw?9?Uu8TgD5RZ7IClvS3gn3&jWaLw|G} z3l3Bw8lW{+_)R)#BplSwj(sfA7bS&}=KAym)#V1a&X1!kyjls3MYS6wj6*_c0Y9(< z@QZbEBy&0*nAYdMSAeIGF}>ls49MD9`HI_X9xNXVFmX=cHZLz~1*Pgr*sA6AAD2b! zUS2G5B1n&b>wFo9=7bU?h4xZkFF!TJRH-8oAgLtG!_%GBNSk(5jJc6?<&Ac|QV65e3q&0aePB6aG_MT@>X5K)> zGSQ`re0Uh2mGDjTn>OY6@1H+Ka?`d{tg`>nB zV!N?&Lwe-PN^ByH%60Q_`$mG(CawuxNA9mf&ezHxBwf)Jk(J78iHB32;0`=i85Fsy zgt7UA@+~u4l&TZL2F@0u!dtyS7|54inzh4v>nI7y`+Ni0P(b4mY;(Y4r-Ii$P$H;n zJP9TN%K!J47O#}gT7uc&3MaZA3)64Z_tiJA8xj$#00dF!0Al-t5LIqqpP{c5QxFP0*fE-@nt5rtGU&~pisz1z})FPB@%$Y+#SR$M# zQf@k!sFbr7c2*@7xlu`iLKB>dWkF3vUZl>$k4HITzKxRW_$!IX;|oND%E zc4z&vF9@cNqJpv%J^9`KdW%ea?*P&$YGBH2{ca{_C9i+I_$B`9$9MN2wlcQ}u;D!J zKx~(`%h9%6)AQ$_eDq|G3*v2y6H6EqXS-h$+PK-{NT9cIV` zYWt$MQ8D<>KR*6w59(18>?av&-lcI-+kf@8y|chM6$}S*e2gvHmYoF3u!^ckyMjF< zvxEmzxj%zMO){`8j@!TSg%C%+1V4mQ_3}pYE*59C${B=>wE@M-m|8lD#?5K22lkH5!Fm*v@ zgHH>vPqcUs4JlmsI16iE&+bZvbG{ItS9Ig(Hdggp3f4b`$Bc?boj{GmTON(6r?fOm zlOpRtJ6IDnuTJ?!<*>O12Dg`uO7ns^shyG4VAL` zvN17|&+W5s2Gpf2D&*^rZl68={>yo`If%sz>_u9nf<@N!IH~N>b>$-J4@qx zQ{!KI<6r+otTvp=YX>B+3+ng=f%0{LyF`03#5js;GmvSGtvi^#Wu68#8>3P<zXH#zDHUnvZU6y>OZAxB@Ar5-}m z3fKmi1VfJ4c1`4RtrOo-Ln+I6XaORrcF?TU)*_P19%qXO_ZCe zb|dWWrJS3JmueoJjx%u7(uS9!b;q$LSyCE)bzvfi%T){-X1C7Lf)YfiV4xti&~oNe z+4$y32C0)%f*!zV8b4fAC!(K_3efnold+z*2#|q1l&zu)aTZ8?g*0bXdw{HXzsf}Q+wzB6zU2l7+lH8CJG{a_#s4gyG2o3bv_DIOuw=mhyn!hRaNeb~zuCYaBjB&ZzE6gLR?^DEzK^IH!UU zEBb2h*t(X3vA2I5s^mSnQkCYz=fYL>he3Q7v^1IuZZSd+;T^$0&-3Bb)?F%P7^Jnr zvBS+}JJ^4I{C$4%^Q;^=`Mk)S)pTkZ&bM_Peei@HImMRMV}}Xk#cqcVRau*hLP&6l zFDf8ZJr8s0$ob@`L)_27Ut;GDQ03Q})TB7>Xq3gE>*4C+`Nhrg%=p9*Hj9M8Jtsm2 z{0^mZ|GFRDF}EfG2mmaxDU=Nug0>B-{ltTU5he`>Ew6BXTdXGxKkWM39$YLSIxq#; zX<6OG3593dkS6z4p-@}OU@MysVL|z1k&@V<2AAs+yqz0g^B5-+^@db90RgDER%4fk zL%1#G#eO1`Dw`-~V$G;j6D-bq1jn)>eXFw_yE^iDgK$PM0As=RU;Hr5Y>7tr`~2tn+58o1(N5hp&&dT0x>fE2Us)5Ef!nPTX$QDi4G#PX%NW#T4mVI1^@`nD z&#oFKzdgM4(y2aptu`1Wz+4iH2DBEr??a!mNJV&sbPW%H&lEzmQ9WE;+=4kL!n07} z2Xu@WO4Q-Si_w>{!^tV_K;1)$rq;TNso>OLII)F^E)ln4h4k7Lt9sp;JS`af!H?SPsl2R&Ua0MUcFIz?x@ia@UHFnrq+&I3oJQ}PTi^$b4W^7wYgqF`QZZ=oU zrZ~4zgYj;>VL_zTLpR?;P6D+T0UF?A+I4l;Vp%XkQa$T>CMK-U?hyF=(Q zl6j(E)IQa?T!#A}^9ilsQqiz_x#XJ>t1@5^uKOU&wc(IL)!!*PTtaj-Ee0X7X1II# zXu)fzxJu;=F9l@Kjg8MwK~kq&$1A81$_$}^GTnK)+QOs^Lnlx)BUK8ek>V%@xJez7 zKuNkaKJs{`ha_VeV>^C21PxXayn<#YmhsayJ#YimpndXfcJRl1D-&|PYEo*HQY)$v zK`#cqm?D@S%+{PAdVBt=x)6^1)!0=;)w1L}vXi>J2~BBa+Tf@FJ{{*#!^YC1gpDLnhbqYsWB z-`-q@pTpzZZN)%mg{W0;fK{o2LGyq*$-~X%qi=36pWhzeyFDD2@pyLIcy&7ig;$#b zLPHjZ7Jw{m8f&=Rq-nh2n^b2H>LZ%ZP!rrYCNAHDbPqlw%j@{PqV47_+Amy^KK zOa+pH*syv~>^)h~j@iS_<;S;&!|~nQ>(A(2-`-w@+pFdM+; zzr8(f{$-i&|1kqd7@bu#5`uX&e?=Ehx-@HB6a+|)o zeB<``>&18F_NynkVO2NxYM{%dXje2N{l>ehQaKzi(zBAw_qUJ3x6e`d)A>&_8MI}& z^L8B8M7bxzM>Y><)LVo`U}b7bHQ;muI9|jj`QI0RqJZ9qZ+}$6v-H*b;aT|Z`DOp8 z!*7RqMtPZzhKkfB*YF`)KuhH4v$_6r|IbI;uh6(i1v{2TmF?QPTrLiW`R8QuiA7_L zym=wXAS#`tTyqic;~^9SPDYh$ZSdaSt!PV(yV_!~StBORy{R*2>i{i=407AL`6)=+ zuu;)F5T5~^EaX05cl$Vz%uX8Io1LsJrfnPpAD2!wG@Ne3G61NQY6Ak?b&&-Nm$?j)wP=oHvK7BFs~Yr8brq=lJ{XbD!F-d9QD#4$ zf}{rkGw$!8P9mfPvA{*#_c7^ck?F032Uu9Kr+?Hr0rj7i~ zYac)}V1-kiS!asPDs8I!g+jKHQL?O-(^1k1lWYJCr>82!b`ME6trEAwtZ?ydoOwDD`O1^jAu|-h-^~Zn#JZufiH6PXI498 zEXyN|pAJEbrPNYR=yw#-qN5PU-6vsHr~0ksRPfJls4y*Hy|-54cc}EE+g<*C>J54+?j_m?%G_Z<#B>07@JCJ7s~ao7hk@4_w$ZhMAqm%s`qV{a?8Q$e;{He@YU?0;WItTKv8UB~I3Tz@JCK836dBS?R$oL*@fFBBGup*6P6e ztyqf8oQb)S4Dw$4`6)>18xumP9EMMS^O-iY@l>^=+MrykoH63Gzn^mCG?K{@^elH#NJIdfbQYCG|UDbWveDF z+WUqSSY_I=-t{g*2K9*#Nh|))cmt%t7%Lm8^rV^2=*psF*S}tTQ(ui`&!{R=gZIc$ zlsXfsE^Vz)m0A~l^6j@zo}%QqefP%u2!6=~|0)lt;$Vm4#q(F+%Wv+veY9+TiY&~0 z7NYHs*S(R7xu4dLKA&E^#&a7a0k9=vM2yn4>!OJv0{S;^e87c#co~r}o9p3t@nL@d z=N&ed2&Mo~OgJsnE?Z)0TMM$6R$_s>OaJ<)U2fW&6)(f#uL515skAm~z6{M@zxriI z9Ta&ZM1w>u zOwD|4XloQk)Vc`y`^V`mFox-%GG9I)Db<|Vl2%Vouwa!8hvUUJPv7`FOw+nfl5iI5 zN#S};&>h04bU0po^m%&k?cEor>RVcC)}~C`3vJhJDKD){Z-4se^(PUpHa6=3vIu&a zt9ElpEAU;HxSE`QdHUf$zL}paKoVC)Z0?bam_=oXhvUU(Pu~8e&P$_i?#P~8LXqOc zt|CIVj>ziY5U^gjG_ZU?5X!9Ct#w(3+~iPtLJ$-=xWn<{m#1$(`w->Z(5^V^NRuF1 zCwmm1aAXO;qszu{c0o1Lko{MRrp{-?wQ0p@6pM3ddE%V?3TEd7eHU&+- z(aYBS@#C*v{dQhfsb!HwzbTdrGzEFlINyH!_{VSe)#j>*mQ|@lnwK-RVL79f_C&e; z{_#DGhSClX9jq-ojD}JGl|XIuv9CV)WUu*>RHngLa6ZEvpzZ(bZA4vK-g*4y{PkRt zQ$H@2dN0Bh6i4TQ8_ID#UOa#Mn@`@_Gkm6~o5x+$d6S^6%@(yTZ-4Stcx|s+lJv2G z=LVbPywjGp|LSeTUHFguw=}P}0Q@wB;1+{;jpq1}566qIzx>-TKkh!+HWK5o$>`<@ zcs{}`s`Q7y{Pf|Md$^BM;8y2`1-+wIUD~dC8(}$o`swq(?NtJ$|B58sCcH1XZUs_@ zJfnLWYTN#x|e^D-j_KTAJGJf{;n|oqL8C=8K zs%01Ep|-2uMpyc8p1=Op{Fz1OQF`d<-e^E+p$p$Bve?Om04F5JeUVFw58PfHFaGt9 z*WcZp+>UVxyG?|ukC_~)grm#3+(0F9Thlx#o}1xKM+n6zu3>ZrTMl8@@{Ce>FUqzj1hE5hsx=rv{8tpAh)&ME z27yaj_G)(`thJm85#OPF1hz(Wc2iIdei6Y4&*$%7{rLRZtX+xVlhmaWW|PNPir$G2 zl_W*aH@Z!bQ%LY)cE66a$|ciz14RP{E5Z3ZfW5f5d59vYjtUU8nDmFM3vswOUcB|` z;~zen*KI{&(f?1_mo>+6oZ0@B(Tkf+fDySb!%t6lzStD1J3F&-`@JyMP%8Ww(U=hH(#M)WSmP$Cc%%`R3g>d&OgI3WKx&7oKk= zQ1R^f`izuVzxes{SG!9P#`jG6kZH*VRko`;l40hSvG=S7#9M@l+nM7QqFy`%pi3ug zq+ot|yLaKQdFLDn#sq>JDsdOK*>-yNe0@e9*>Au2^2?pEi>g*a9v5Fmgu?T%ecx2u z)w$9w2MnfZOB%kr0yLQ~W1D9B0VB-u`taF9`1WyUMG4V(t8JBA#vVL+-XD<}_V?SL zzdn(W)(xkwrQc~%(zEC5Gtz|q-#>o((|OO`L)fUHV-+aG3Psp+K3pFj-~RET>>W&I z8+Ea;nQa5+^z7Mqw*358ul|~Uw^tvCF|{^Q-7;RO81gQ-xIB9{ zo)L*$`pfq}?zyb022MkV%(rVB&z_BEG^KCt7Yso^=V6#jc3osGh(Lu>)juJ-pz}*p)r;V>C%>?ik>|i z&nO=A{x7%x-1Q?%nYYw>^cU#HfA;y0KmEKpBL-Q7qf3)jC{Q$mhw0<>;r&)W4yx4of*0+@5L7I0cq>;r5vY;i#U_2%!td)mExolHx9IOX*A z<ZY?J3GAWNfuxOoIDbIw4FeJ_-r~08$oa^7&4pjm6O!?Yv-5U?3iip@~^X zr~QST?0pY0>6E;#9%w|qiqz;-G;(9o`GVRtCz8?W!fT{9C|lx2OH^&OYZ8N@Q!@4oo^{nvZ*B0I1|SZ`e@y9}4DkwFVh zREF&#l9eF;mYi|GOa;#YmD(~_lgzon;t8g1RVCV zF@&8AgDkQ?{OhUi$xl`8MCvZ2-AWETFa|J%VZtmWyoL$NEnTEtR>rAI?lRd%km z7w{>^e^XYLpz0eGKy*w41zYY z&5^aBN23iTwjUurw{%IiBarlIy;FjTJE*M3iQfBX+pZHa8D>vWC9qEyIk4%E~1U)b{Op}9o)4* z|DuIBeq@F0p+azMz1BnaWKkAH@sC`~D3g@3mAXt<54PBv01%QReh+X~Kn<=IjjaCk zi+zg|yob6*MVpl}ds^A9OGEB(El$i|?pK`<5UnPKF>W=A^+T&!>Eq%&CuBQG0bkXA zZM@iM98_NfVC&eN1k|J|KR+p=B67#}Kf$QB+GeB%c$rYLS@M+uYZ+UuM8{bL)TOIj zMRTBtl5(2I+C$7j(7moui7u%E&KU%;`)5}OGlztp0CLPy9Ge%b=8o{^R31p&tbz*g zic`IwXun9>P8;wTtD(58N1&OTY&Rf0n3UHSR+|P(T>x>AnsCz9PNapKZ?{8HWN)m$EG(T~q56>-t%UYZ_TtYHIddfFg;@?=)Lu}DXx*>K zHm}PyN^92IGyy+^g2p!6?Vfd6j8_yZSar?JmQR!pmG`niWO4iVcYS-8v8)+RXat5Oj8<{IkgE{Amy&p3Ve{+5wr+ zM)zf}e2&Ne#${zPyK2PqJTQI5o+QiW_@5UhK%zX)TiK8sLwUz{#%{q)5NS7YNNs8= z+D|zTw_2)siH|+c0PHS~Pl&w?Z`9GY=Ib|YEb)!T( zH8LvR)NpkULFsdwqf!dgpun1kChRIt$3aXy#317*DIi0uUe;ZoI>RSb%lA%6qAXcV zjGJ?(cR^J)M}1rbL`^AovX)+SEP@oWUwTx6OIt&4*7UmA1JK|CH?sgiqvzq`kv%3n z7F=AGI1RX-ww{pk;;GFu)y_+-@Z};~uNv;mvcL|9vu8H~xi64>TaRu-_q^rpb{d9L zi^?5eU+4zYs%P)nldF14K^u0wxk1?(EX{DWtfzKpo%V}+PjH9jz4uv-5_bw$#|zhU z&w)A;Ty`Q{HwgyXMQk%35KCI=SN63S>=hI~h$ql5YFv{kCv#4Z^`QK}TIiCD0ZyQH`>QEvfztFyan1LawEG_`cmkM^j>W;99@v;kc! zRZON(@2jtW+^2C8&yAkdhML%RVB8e0kx+`!h*pyqtdK1sXH=tsBuaD&@(U-<2FUP) zh%(A(=R&}!{V=T^F{}!~LAMgf?&6U(=I4`9oWzVAcRT2o|bsv?xTOFLM-1C3i*fVqc?CSM14IFJsN>*vgTuOS`E6_i$D# z_?yHuK+T|fXV{aayKlMmN&=I<=HX_isEqJ-u7Rm zPmq~h)W(cjrDhmN{UpgL7znGWD9(B3>#rEwL;|LAS3&T@l)@#Wq2s3$KuX5Lh>^IJ z^@aPFJq4(|5ps1kx1vSZ5;ySXqSsV1Bc&WpiKv7(^r`+E^8i`{OoWL!PXwYrTIM;QA|XG-Wu_b)Ud;S23D-3fis{9cW5E8%7WY4->z{?DK=H9aB4rw zx(!TLe70h1rX(ks0iEOV=GR|oEB^ba-_Q#$4YUs_TyjklyA&K=-<=O28z62)h)Q)m zlhbdlK}-XpN(N`4(JpbP|DB;FnTi1_*)cX6ndRpJtJf(o-Q@IjX;HJJqq}gtk2dhB zxqKOI0UEtFxSX$X`uy^G_8N4`B~IyLX{CdqA%j&QcXlcmRFo>2d1#C_!s!d9;AjJ% zZx>J;ZBgRfPoG#8xEbv(eLTtis3Zc~udL$JQVP-7^<%E6TXnGpB=rSP+@}kDT-(6s z=}NStB{D7Y_BkrK&?;ep_dOIzaNPiRTETQOzVb%yn-Y@lMXIJX&Ka|^T$txw8%T*Y z{0Oy0VTUqWBpcd|cBv5f1Y40*ZbE$7p@3LuCP9KLg0L{aLX=hZMa12Ow>W=u`Bdv8 z8*S0dmeC@e3Uc}ed$Jp=Uqlzn$G;rD{@432c4=`{glsgfNjkkl0SM!Y0z@!Lp^zx{ zRfPuHk=D0rW*u7nQF1ocb5=i|&}e)a4PAmf;FqBsz49pv1J55p6dpU~;basqKU^Pf z^PheI{%f{?Xu+>3hytsNlcA*{cBFJX-h6nuKO@_I9wlrA88F}KK47vKzCR@U_g1+l za$7lK7mPAC_MEAPj&{oNMEG7qzapvbKqocgzl&8cOAm1sy!0Rc@&V2vV}V#VwGy1i z*JI7HCzD-M3m@{TyodxeO=E9sof(CyP`J`SxfhUC=G+)JUpCtjze`~VEWy{~;2!BN zMz$yq6#uL^{1d5&jRX@~+VmUhLA~RZ@ZB0&Dppz?vi($#G3VIwhV=RfX5nMpd~^j8 zp(I4obqZ^Q?&q89vx8ZqzPeBWFBRxy3fvd6re_VlY?IOdfr06&Qg+96#$K-SzuhYBa?CHMV1Qb*Cj=_(f5mIAcXyyP5p8 zV633{!w_c_uk=!dWhl$&4X=2e#kQup7W$YcDM?{nY{>`e+?*Ia?Kr)M52r8U!^W5^ z${@`+K{XMD3^i}U(w$;LFyGY2upz1PM(AArtsR^L$}H4`NfJc(Z<4zlM$}Y=E)=2` ziOquaC7#$wQ%;-0@!6oBgykvhp2evp%(X{GnDbF1z_qs^aN?ItxHb0)@d8a{e!V<| zv(*&-Wg{b#gw1{V@tRekl`L6=&J;dyx{`yf#lHOT;lqcseOYD^-a}_F z2BPu$>S{z!Uw-(oEdP@raD)H$R8M2cZl> zurh-?mM#oQ#H!M#UGk1a>BH-7iM|K$NWRPfhGf||*3XLvOcq4)^!D?Oq)IXK;bM^!u*ji?^dA%*OX{ixn#Df7F$zEyueSxbw?9ORrhZSh#;riel5Ha z97!lOv$9h$w2P)CbRxF^yo>@&qOYB1I&h|xs5FT;@ znSe5qfvSL8J64@D(6D=ksJi%T1h6J5S|NfxXHSV*^m5f7G!Ci&QYEkBW<&}# zlf=iHotXsps>u6_POuA0mnU1Pl|m36^H%?bUMUw9`r9DsM+ozFPboWVSRU7`W0Q zZ;tl$`ZBF>7N)!jfbg^l?Vnx+$25w~6#_8cpuREXlL=ib4j~O=nHvY3rfh!lxxHk? zVo95C;T{cUqMLW5z*>~Puy&TC)=ha)y89x*WVLU0D3{KQyzQT-8-ggyCoKqYXtna{ zwHl_21oThG$lN{oVysS-37VPf3YH4oi$QI;otmWU0=pvJq7v60&7I9Fyv1G9rFNV#7?ubxgJvm%gf;laN?!|M+fEa!rS@TS4IS-vrPVaJ+g#BOv~xqznOLN zWoHyCxaAdz)NJbn-fBD*gJ8qryqRQ)0AA3VUAhw19U&FjsgklhlC)8@XjYvx!I-@D zBDkP^=$LG>+})9&0#mo6JRpG~Rwu`RzqBcM6l`KmX2sp zF`l!;m#w~C4*(C8EpCV)FV(gsECu(< zZ5Bx&mx&9yo~QCX&Kqe+TZk`6Gz91j7p=8AsAX`-7()*zCjgr*LD*bRm5gPO#p)!PGAPzmbke1o{T^rlBs z9rt;=uaIoc&B5Y)BB0VF5Jo5j+}61FA{{%TCXRf2?&qEmjM0Rul$vv_`n}%#P|_*q z5(G{hy71QPRqfr&^QYrlT%s848wwH>hcqpxZX%4qdFCssHFniuIV&Y$s%PW_JX63dJLM$(`X75et*N$BC9J0}-4m$f2ThL2yfDAt}l}Sg7HH9uap3 zD=UgmR=PwFy2ROT90FHa9?6($%Q- z=52A0_!K!8YB86VyM=WVD1?;C=3V&$&?0Q$I(e~N_;k_R5gd^mGr40Dc8*~DcyqkI zU~weK>oHfSV6RN53vpfK!K&CwfRi%Y4x>ULQsGotJo;68Un#Zm<$9C|=-dXT4=TWQ z6vXpCBV;?N?MbL~4L-7QO>stn(o8X&VQ${NrB^@%HhD@Bji#ZIjY|d13c=Ka^b(a0-UGrkZAfW=R9u zEmUoI2ko^=_4?V7Bo>Bc$TuM3fI=mQ1eR>-bGMCYB{?CE*N1o?e%$wFT`!s5vRO{? z6%ZB3&`cem%(Jr5_pVGAI1D32vA`H6ad8{{v2{Xt?b-4A5Z=E1zPt+WzkT=i?cM$3 zrI%9)DV=DW%3??03pNoEIuzygt~bO9Omdvpq`~WlWuSf7@ssfix;eha)n1S^ApM{9 zJFldj&^oda+z^~KER$Nt861%r-n}jNVgItbYr5w7s2mYQa~w4wocEF|DXj5@1~_t& zf=T7e)=AKdW4wZtdBfoY0JB`&|8;nG`1RM(2G35UylG=GNmf99!H!^bwmZI!udeqm z3R;#o-Ggl0H}#r{&Z=p@iL#Q5t*3~QW$(X`giJ?V34~S+Wvo?ByAP}A#}Qg_rI6Z) zkKuR&#?C%Gy_kq=X&W?s1>#a7RH95gULPLH{cZSuKWFPJ(u$85Vq@Or5Fa$Q1t4W` z*}1+btqvxJ%{KEC->TA2H)R*sjd|-*1YIT_JMi2J2Hpk3JW3#@xDP7I7RPleoFndW zZbO7{)JGqG{Nvqirl=D15V;9-m5R9BeEGQS(Z|P-zWesOkneuFu!L8iv>>Wn5S>*> zQN@0G3GPD1k@3+-RAei)bes2D+~l`7RI6}h8_UgR?XAVG6=Z)ZqS6ZJGp~4iCF{-* zwNBM_76Rjtbcm9jjmq+f^0Nd1Xhq-ALLaXVcRww+{~?9+U3s{)Ot@OE>K@DEj)J>F zP=tVM+p>I8d1uvlFQST)(&hxrM1og{GqqYZneLSQd7!@hRN^NO59NpW{rgKNsV0im z3VkVN#Mm@GH)yMN+T=KTqiW4*7kV~GP#ZVf;3%bwd>i1#;He6qasm$I=hP3&k5`BH zhnwI0hJGpNSZsW~i*^Pi0Lqk0R~$|oXZu5(;&xh2I33B!k- zD|cC!yo@u{aDRLLjZ;nykwCf-Y@HOAmEv7T$|&JZUO3kdY4)rJ_acu;BLR85I^1@{ z$_QZ%cHuv7A79;mobCJk5_);RF#h8jjPMr1-6*+9N~^zIegJil_*t+LL!#n|R0K zHS~9h%pea;ZbrPGLS9m$5|)D|B8b%A<$7ydIfuF>AcOFbEst#-t6H7$$LqtphqxQw z*!r{|trsJ4XMh&c%=fzfR72g{h$>j7x6lX@le1Awwkx26ijsgIZ!HOw^OG~M$`7f6 zqI)m4?a_S*5^IDwU$#|N`rSg+flsxyc4lE_zld$ zxAojmCR30Qg&K-Zj4If`$^^N6sXayQeZB5XBuXMe9@u`iS_Ty;4bB}K31``%gli`> z7Kj54rL1v;Fskr0S@-4P;oW`tCO(w=A5Tn_b@_o5fRIRQKFDFdxabrfnK{OHQ>01f zWos)!lAg=OVOsP2%3%@7up311a1Mz!fePH$G>YHa|J`blbed_Vsl)^D*ir$Uq_;Vl zhZ+Zgh`m{Y@{onuPVOn8;^55#ir~B*i^uywp3%E}d-rX5csRY4)^%hEE0cMe3b8~J zjOypM7S<%T-btJBkx#a!2|R_bo!^n`8?qNvnE8{)M5&crl{eikWscLpvO*!lR zGdL&`S8qsr6A~aPNZKXqyBR^*MzL5B4~LumuS%PZ-+JC1o678@JtVk6UaZS345$sz z+`;QfU{OB=V@gl_jz-O+nMOxGW zBp)>E%ff&6c-WjH1O|W@JL4!O&l7F8Zf|)+|2W=F%)>y)jqX4)y2HbLy36IW@>tU2 z-Nkc+Yxp`k$leiU{u?SD2e0(hT?=PF~gsl<2)(r#^$V}cG3zH-_e!NZP)!oAx18V|K0cuq|pVk~lh%V^Z zDJ_Ly;-vT0O&JSG(OI4;Iau6YqC^)xa%PflP{=cdx&?u)fl!>tIU<^-VfM&%dLkD* zEW^A@?-twR)ooe^`sJJUk4y7an=DGT(~FN9d@->@xw$u4pE}+NoK~_gMmmHvZ00>} ze*`!;6Rs}jSrUNnP-51294v0cLIrcUA9C2dpB3z7OQUa5FvY1_rSX(ZhAhByc5$J* zb?6!}&h~d1N>z&kUEY_^?(g2dJ+%q?JSNS0{E>JBsIC(1cf4(6u1&V=WU<7YCVd#X zPCWvV(x`2xEsAH^Bw5~SF;(v}k5*f^bUEKXetP%ju{=FqOk=d$Vlh2dBn$z-e24A} z&Z811{$K%~ZZT7a(_;frM|vlnC%CQ?hE24>C4|Ava+w?+*BjV*Uyj#@THd6Re|sNJ zQbJ?rWIx5>g@zp!LIdQqAajvc+0z}$ms=G+@eB4uE{P+gWKij>beco?IfZOJ@}j2f zU@a)+Sdlo14y6nbyUfcqc>9k&P;DGd(?fW3`*{2FWn+^&3zjD?COD-BtSPIW`Qltx zc@lmK4YfwMtoLTXX1HOyxQ3t%CjLefRkG(^ZZAV$!aa?LhiQ zi8SKNrZWZTBICIO#W(!^FholMWIn{*PBsJ%u};q7R}{h(M(Fdw2~LDffqXU5K+KZ& zZEwBt{`djZ=)MF+s0qQe+J#>Q!K~tPfA=#?Fp3pu*Gr5j>3Q7ZmNNt2`&# budget { + t.Fatalf("NewChallengeRuntime took %s, exceeds budget of %s; baked-in initial bundle should make this near-instant", dur, budget) + } + + // The cache must hold at least the seeded bundle so the very first request + // can be served. + got := rt.getCachedChallengeJS() + require.NotEmpty(t, got.Code, "cache should be seeded with the baked-in initial bundle") +} + +// TestSeedCacheFromInitialBundle directly exercises the seeding helper and +// asserts the bundle decompresses to non-empty obfuscated JS. +func TestSeedCacheFromInitialBundle(t *testing.T) { + rt := &ChallengeRuntime{ + obfuscatedJSCache: make([]obfuscatedScript, 0, challengeJSCacheSize), + } + + require.NoError(t, rt.seedCacheFromInitialBundle()) + + rt.cacheMutex.RLock() + defer rt.cacheMutex.RUnlock() + require.Len(t, rt.obfuscatedJSCache, 1) + require.NotEmpty(t, rt.obfuscatedJSCache[0].Code) + + // Sanity check: the obfuscated output should be much larger than the + // source bundle (high-obfuscation roughly 20x inflation observed in the + // feasibility benchmark). + t.Logf("seeded variant size: %d bytes", len(rt.obfuscatedJSCache[0].Code)) + require.Greater(t, len(rt.obfuscatedJSCache[0].Code), 100_000, + "seeded bundle is suspiciously small; was it actually obfuscated?") + + // The placeholders that the source bundle uses for path substitution must + // have been replaced before obfuscation (their literal form should not + // remain in the output). + require.NotContains(t, rt.obfuscatedJSCache[0].Code, "__CROWDSEC_SUBMIT_PATH__", + "submit path placeholder still present; substitution missed at build time") + require.NotContains(t, rt.obfuscatedJSCache[0].Code, "__CROWDSEC_POW_WORKER_PATH__", + "pow worker path placeholder still present; substitution missed at build time") +} diff --git a/pkg/appsec/challenge/js/cmd/initialbundle/main.go b/pkg/appsec/challenge/js/cmd/initialbundle/main.go new file mode 100644 index 00000000000..5b662d0ec58 --- /dev/null +++ b/pkg/appsec/challenge/js/cmd/initialbundle/main.go @@ -0,0 +1,173 @@ +// initialbundle is a build-time tool that produces a pre-obfuscated initial +// challenge bundle, embedded into the Go binary. This eliminates the ~1 minute +// of synchronous obfuscation that NewChallengeRuntime would otherwise have to +// pay at startup before the service is ready to serve challenges. +// +// Pipeline: +// +// fpscanner/bundle.js ──substitute placeholders──▶ source JS +// obfuscate/index.wasm.gz ──decompress──▶ obfuscator WASM +// wazero(obfuscator).Run(stdin=source) ──▶ obfuscated JS +// gzip ──▶ ../initial_bundle.js.gz +// +// The output `initial_bundle.js.gz` is committed and embedded via go:embed in +// pkg/appsec/challenge/challenge.go. +package main + +import ( + "bytes" + "compress/gzip" + "context" + "fmt" + "io" + "os" + "strings" + "time" + + "github.com/tetratelabs/wazero" + "github.com/tetratelabs/wazero/imports/wasi_snapshot_preview1" +) + +// These must match the ChallengeSubmitPath / ChallengePowWorkerPath constants +// in pkg/appsec/challenge/challenge.go. Kept as plain strings here to avoid an +// import cycle (pkg/appsec/challenge depends on this js subpackage). +const ( + submitPath = "/crowdsec-internal/challenge/submit" + powWorkerPath = "/crowdsec-internal/challenge/pow-worker.js" +) + +const ( + // Inputs (relative to pkg/appsec/challenge/js where this tool runs). + fpscannerBundlePath = "fpscanner/bundle.js" + obfuscatorWasmGz = "obfuscate/index.wasm.gz" + // Output (relative to pkg/appsec/challenge/js). + outputPath = "../initial_bundle.js.gz" +) + +func main() { + start := time.Now() + + if err := run(); err != nil { + fmt.Fprintf(os.Stderr, "initialbundle: %v\n", err) + os.Exit(1) + } + + fmt.Fprintf(os.Stderr, "initialbundle: wrote %s in %s\n", outputPath, time.Since(start).Round(time.Second)) +} + +func run() error { + source, err := buildSourceBundle() + if err != nil { + return fmt.Errorf("build source bundle: %w", err) + } + + wasmBytes, err := loadObfuscatorWasm() + if err != nil { + return fmt.Errorf("load obfuscator wasm: %w", err) + } + + ctx := context.Background() + r := wazero.NewRuntime(ctx) + defer r.Close(ctx) + + if _, err := wasi_snapshot_preview1.Instantiate(ctx, r); err != nil { + return fmt.Errorf("instantiate wasi: %w", err) + } + + compiled, err := r.CompileModule(ctx, wasmBytes) + if err != nil { + return fmt.Errorf("compile obfuscator wasm: %w", err) + } + + obfuscated, err := obfuscate(ctx, r, compiled, source) + if err != nil { + return fmt.Errorf("obfuscate: %w", err) + } + + if len(obfuscated) == 0 { + return fmt.Errorf("obfuscator produced empty output") + } + + if err := writeGzip(outputPath, obfuscated); err != nil { + return fmt.Errorf("write %s: %w", outputPath, err) + } + + fmt.Fprintf(os.Stderr, "initialbundle: input %d bytes -> obfuscated %d bytes -> compressed file written\n", + len(source), len(obfuscated)) + + return nil +} + +func buildSourceBundle() (string, error) { + raw, err := os.ReadFile(fpscannerBundlePath) + if err != nil { + return "", fmt.Errorf("read %s: %w", fpscannerBundlePath, err) + } + + // Same substitution as ChallengeRuntime.buildChallengeBundle in challenge.go. + source := strings.NewReplacer( + "__CROWDSEC_SUBMIT_PATH__", submitPath, + "__CROWDSEC_POW_WORKER_PATH__", powWorkerPath, + ).Replace(string(raw)) + + return source, nil +} + +func loadObfuscatorWasm() ([]byte, error) { + f, err := os.Open(obfuscatorWasmGz) + if err != nil { + return nil, err + } + defer f.Close() + + gz, err := gzip.NewReader(f) + if err != nil { + return nil, fmt.Errorf("gzip reader: %w", err) + } + defer gz.Close() + + return io.ReadAll(gz) +} + +func obfuscate(ctx context.Context, r wazero.Runtime, compiled wazero.CompiledModule, source string) (string, error) { + stdin := bytes.NewReader([]byte(source)) + var stdout, stderr bytes.Buffer + + cfg := wazero.NewModuleConfig(). + WithStdin(stdin). + WithStdout(&stdout). + WithStderr(&stderr) + + mod, err := r.InstantiateModule(ctx, compiled, cfg) + if err != nil { + if stderr.Len() > 0 { + return "", fmt.Errorf("wasm runtime error: %v | stderr: %s", err, stderr.String()) + } + return "", fmt.Errorf("wasm instantiation: %w", err) + } + mod.Close(ctx) + + return stdout.String(), nil +} + +func writeGzip(path string, data string) error { + f, err := os.Create(path) + if err != nil { + return err + } + defer f.Close() + + zw, err := gzip.NewWriterLevel(f, gzip.BestCompression) + if err != nil { + return fmt.Errorf("gzip writer: %w", err) + } + zw.Name = "initial_bundle.js" + zw.ModTime = time.Unix(0, 0) + + if _, err := zw.Write([]byte(data)); err != nil { + zw.Close() + return err + } + + return zw.Close() +} diff --git a/pkg/appsec/challenge/js/generate.go b/pkg/appsec/challenge/js/generate.go index ca068f252bf..db1c455b258 100644 --- a/pkg/appsec/challenge/js/generate.go +++ b/pkg/appsec/challenge/js/generate.go @@ -2,3 +2,4 @@ package js //go:generate go run ./cmd/bundle //go:generate go run ./cmd/obfuscate +//go:generate go run ./cmd/initialbundle From c1a0203b608ccd4454336e2071ebd8d3996753a7 Mon Sep 17 00:00:00 2001 From: Thibault Koechlin Date: Thu, 7 May 2026 15:30:21 +0200 Subject: [PATCH 02/17] appsec/challenge: replace hardcoded masterSecret with configurable shared secret The challenge runtime hardcoded `const masterSecret = "SUPER_SECRET_KEY"` (a `// FIXME`), which both leaked a placeholder secret in source and prevented distributed deployments where multiple WAF instances must agree on signed tickets and sealed cookies. Changes: - New `WithMasterSecret([]byte)` functional option on NewChallengeRuntime; defaults to a freshly-generated random 32-byte secret when omitted, with a startup warning that distributed setups MUST configure a shared value. - `ParseConfiguredSecret(string)` accepts hex-encoded bytes (preferred) or a raw passphrase; minimum 32 bytes either way. - The acquisition module config exposes `challenge_master_secret` and plumbs it into the runtime. - `computeTicket`, `computePowMAC`, and `matchesChallenge` are now methods on ChallengeRuntime that use the per-instance secret instead of a package-level constant. - `sealCookie` / `openCookie` / `deriveKey` accept `[]byte` for the secret, matching the new representation. - Tests use a fixed test secret via a small newTestRuntime helper. New TestDistributedAgreement verifies that two runtimes with the same secret produce bit-identical tickets/MACs and that a challenge issued by one validates against the other; existing TestMatchesChallenge picks up a cross-secret rejection check. Co-Authored-By: Claude Opus 4.6 --- pkg/acquisition/modules/appsec/config.go | 21 ++++- pkg/appsec/challenge/challenge.go | 82 ++++++++++++----- pkg/appsec/challenge/challenge_test.go | 107 ++++++++++++++++------- pkg/appsec/challenge/crypto.go | 8 +- pkg/appsec/challenge/secret.go | 70 +++++++++++++++ pkg/appsec/challenge/secret_test.go | 63 +++++++++++++ 6 files changed, 296 insertions(+), 55 deletions(-) create mode 100644 pkg/appsec/challenge/secret.go create mode 100644 pkg/appsec/challenge/secret_test.go diff --git a/pkg/acquisition/modules/appsec/config.go b/pkg/acquisition/modules/appsec/config.go index ac3b20a327e..672446f764d 100644 --- a/pkg/acquisition/modules/appsec/config.go +++ b/pkg/acquisition/modules/appsec/config.go @@ -43,6 +43,15 @@ type Configuration struct { AppsecConfigs []string `yaml:"appsec_configs"` AppsecConfigPath string `yaml:"appsec_config_path"` AuthCacheDuration *time.Duration `yaml:"auth_cache_duration"` + // ChallengeMasterSecret is the long-lived secret used by the WAF + // challenge runtime to sign tickets / PoW MACs and seal challenge + // cookies. In a distributed (multi-WAF) deployment, all instances MUST + // share the same value so that a challenge issued by one instance + // validates against another. May be a hex-encoded byte string or a raw + // passphrase; minimum 32 bytes / characters. If unset, an ephemeral + // random secret is generated at startup (suitable for single-instance + // deployments only — restarts invalidate outstanding challenge cookies). + ChallengeMasterSecret string `yaml:"challenge_master_secret"` configuration.DataSourceCommonCfg `yaml:",inline"` } @@ -191,7 +200,17 @@ func (w *Source) Configure(ctx context.Context, yamlConfig []byte, logger *log.E if appsecRuntime.NeedWASMVM { logger.Info("Initializing WASM runtime for challenge obfuscation") - challengeRuntime, err := challenge.NewChallengeRuntime(ctx) + + var challengeOpts []challenge.Option + if w.config.ChallengeMasterSecret != "" { + secret, err := challenge.ParseConfiguredSecret(w.config.ChallengeMasterSecret) + if err != nil { + return fmt.Errorf("invalid challenge_master_secret: %w", err) + } + challengeOpts = append(challengeOpts, challenge.WithMasterSecret(secret)) + } + + challengeRuntime, err := challenge.NewChallengeRuntime(ctx, challengeOpts...) if err != nil { return fmt.Errorf("unable to create challenge runtime: %w", err) } diff --git a/pkg/appsec/challenge/challenge.go b/pkg/appsec/challenge/challenge.go index 1aef6e1cf21..2beec2bfeec 100644 --- a/pkg/appsec/challenge/challenge.go +++ b/pkg/appsec/challenge/challenge.go @@ -54,9 +54,6 @@ const ( const DefaultChallengeCSP = "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; worker-src 'self' blob:;" -// FIXME -const masterSecret = "SUPER_SECRET_KEY" - //go:embed challenge.html.tmpl var htmlTemplate string @@ -85,13 +82,38 @@ var ( ) type ChallengeRuntime struct { - r wazero.Runtime - obfuscatorMod wazero.CompiledModule + r wazero.Runtime + obfuscatorMod wazero.CompiledModule obfuscatedJSCache []obfuscatedScript cacheMutex sync.RWMutex powDifficulty int + + // masterSecret is the long-lived shared secret used as the HMAC key for + // tickets/PoW MACs and as the HKDF input for cookie sealing. In a + // distributed setup all instances must share the same value so that a + // challenge issued by one instance validates against another. + masterSecret []byte +} + +// Option configures a ChallengeRuntime at construction time. +type Option func(*runtimeOptions) + +type runtimeOptions struct { + // masterSecret, if non-nil, overrides the secret-resolution path. The + // caller is responsible for ensuring it is at least minSecretBytes long. + masterSecret []byte +} + +// WithMasterSecret sets the long-lived shared secret. In distributed +// deployments this MUST be the same across all WAF instances. If not set, +// NewChallengeRuntime generates a random secret at startup (suitable only for +// single-instance deployments — restarts invalidate outstanding cookies). +func WithMasterSecret(secret []byte) Option { + return func(o *runtimeOptions) { + o.masterSecret = secret + } } // DifficultyFromLevel resolves a named level ("low", "medium", "high") to @@ -135,7 +157,26 @@ type obfuscatedScript struct { uuid uuid.UUID // unique ID to track the script } -func NewChallengeRuntime(ctx context.Context) (*ChallengeRuntime, error) { +func NewChallengeRuntime(ctx context.Context, opts ...Option) (*ChallengeRuntime, error) { + resolvedOpts := runtimeOptions{} + for _, opt := range opts { + opt(&resolvedOpts) + } + + secret := resolvedOpts.masterSecret + if secret == nil { + var err error + secret, err = generateRandomSecret() + if err != nil { + return nil, err + } + log.Warn("no master secret configured for the WAF challenge runtime; generated an ephemeral random secret. " + + "Distributed (multi-WAF) deployments MUST configure a shared master_secret in the appsec config; " + + "single-instance deployments will see outstanding challenge cookies invalidated on restart.") + } else if len(secret) < minSecretBytes { + return nil, fmt.Errorf("master secret is %d bytes; minimum is %d", len(secret), minSecretBytes) + } + r := wazero.NewRuntime(ctx) // No need to keep the closer around, we can just close the runtime itself when stopping @@ -179,6 +220,7 @@ func NewChallengeRuntime(ctx context.Context) (*ChallengeRuntime, error) { obfuscatorMod: compiledMod, obfuscatedJSCache: make([]obfuscatedScript, 0, challengeJSCacheSize), powDifficulty: defaultPowDifficulty, + masterSecret: secret, } // Seed the cache from the baked-in pre-obfuscated bundle so the service is @@ -384,8 +426,8 @@ func (c *ChallengeRuntime) ObfuscateJS(ctx context.Context, inputJS string) (str return stdout.String(), nil } -func computeTicket(ts string) string { - h := hmac.New(sha256.New, []byte(masterSecret)) +func (c *ChallengeRuntime) computeTicket(ts string) string { + h := hmac.New(sha256.New, c.masterSecret) h.Write([]byte(ts)) return fmt.Sprintf("%x", h.Sum(nil)) @@ -421,9 +463,9 @@ func (c *ChallengeRuntime) GetChallengePage(userAgent string, difficulty int) (s // All per-request values: ticket, timestamp, PoW salt, PoW MAC. // Fully stateless — no server-side storage, works across HA instances. ts := fmt.Sprintf("%d", time.Now().UnixNano()) - ticket := computeTicket(ts) + ticket := c.computeTicket(ts) powSalt := generatePowPrefix() - powMAC := computePowMAC(powSalt, ticket, ts) + powMAC := c.computePowMAC(powSalt, ticket, ts) var renderedPage strings.Builder @@ -449,9 +491,9 @@ func generatePowPrefix() string { // computePowMAC produces an HMAC that authenticates a PoW salt as server-generated // and bound to a specific ticket window. Stateless: any instance sharing the -// masterSecret can verify it. -func computePowMAC(salt, ticket, ts string) string { - h := hmac.New(sha256.New, []byte(masterSecret)) +// master secret can verify it. +func (c *ChallengeRuntime) computePowMAC(salt, ticket, ts string) string { + h := hmac.New(sha256.New, c.masterSecret) h.Write([]byte(salt)) h.Write([]byte(ticket)) h.Write([]byte(ts)) @@ -501,10 +543,10 @@ func (c *ChallengeRuntime) decryptFingerprint(sessionKey string, encrypted strin // matchesChallenge verifies that the ticket/timestamp/PoW salt are authentically // server-generated and the timestamp is recent. Fully stateless — any instance -// sharing masterSecret can verify. -func matchesChallenge(clientTicket, clientTS, clientPowSalt, clientPowMAC string) bool { +// sharing the master secret can verify. +func (c *ChallengeRuntime) matchesChallenge(clientTicket, clientTS, clientPowSalt, clientPowMAC string) bool { // Verify the ticket is an authentic HMAC of the timestamp. - expectedTicket := computeTicket(clientTS) + expectedTicket := c.computeTicket(clientTS) if !hmac.Equal([]byte(clientTicket), []byte(expectedTicket)) { return false } @@ -521,7 +563,7 @@ func matchesChallenge(clientTicket, clientTS, clientPowSalt, clientPowMAC string } // Verify the PoW salt MAC is authentic and bound to this ticket+timestamp. - expectedMAC := computePowMAC(clientPowSalt, clientTicket, clientTS) + expectedMAC := c.computePowMAC(clientPowSalt, clientTicket, clientTS) return hmac.Equal([]byte(clientPowMAC), []byte(expectedMAC)) } @@ -545,7 +587,7 @@ func (c *ChallengeRuntime) ValidateChallengeResponse(request *http.Request, body } // Verify ticket/timestamp match and PoW salt is authentically server-generated (stateless). - if !matchesChallenge(clientTicket, clientTS, clientPowSalt, clientPowMAC) { + if !c.matchesChallenge(clientTicket, clientTS, clientPowSalt, clientPowMAC) { return nil, FingerprintData{}, fmt.Errorf("invalid ticket in challenge response") } @@ -594,7 +636,7 @@ func (c *ChallengeRuntime) ValidateChallengeResponse(request *http.Request, body PowDifficulty: int32(c.powDifficulty), } - cookieValue, err := sealCookie(envelope, masterSecret, []byte(request.UserAgent())) + cookieValue, err := sealCookie(envelope, c.masterSecret, []byte(request.UserAgent())) if err != nil { return nil, FingerprintData{}, fmt.Errorf("failed to seal challenge cookie: %w", err) } @@ -620,7 +662,7 @@ func (c *ChallengeRuntime) ValidCookie(ck *http.Cookie, userAgent string) (*Cook return nil, fmt.Errorf("nil cookie") } - envelope, err := openCookie(ck.Value, masterSecret, []byte(userAgent)) + envelope, err := openCookie(ck.Value, c.masterSecret, []byte(userAgent)) if err != nil { return nil, fmt.Errorf("invalid challenge cookie: %w", err) } diff --git a/pkg/appsec/challenge/challenge_test.go b/pkg/appsec/challenge/challenge_test.go index ded6354963f..ba79dcc359f 100644 --- a/pkg/appsec/challenge/challenge_test.go +++ b/pkg/appsec/challenge/challenge_test.go @@ -115,7 +115,7 @@ func TestDifficultyFromLevel(t *testing.T) { } func TestSetDifficulty(t *testing.T) { - c := &ChallengeRuntime{powDifficulty: defaultPowDifficulty} + c := &ChallengeRuntime{powDifficulty: defaultPowDifficulty, masterSecret: testSecret} assert.NoError(t, c.SetDifficulty("low")) assert.Equal(t, PowDifficultyLow, c.powDifficulty) @@ -149,48 +149,84 @@ func TestGetSessionKey(t *testing.T) { } func TestComputeTicket(t *testing.T) { + // Use a fixed test secret so the HMAC equality check is reproducible. + testSecret := []byte("0123456789abcdef0123456789abcdef") + c := &ChallengeRuntime{masterSecret: testSecret} + // Deterministic for same timestamp - t1 := computeTicket("12345") - t2 := computeTicket("12345") + t1 := c.computeTicket("12345") + t2 := c.computeTicket("12345") assert.Equal(t, t1, t2) // Different for different timestamps - t3 := computeTicket("67890") + t3 := c.computeTicket("67890") assert.NotEqual(t, t1, t3) // Matches expected HMAC-SHA256 - h := hmac.New(sha256.New, []byte(masterSecret)) + h := hmac.New(sha256.New, testSecret) h.Write([]byte("12345")) assert.Equal(t, fmt.Sprintf("%x", h.Sum(nil)), t1) } func TestMatchesChallenge(t *testing.T) { + c := &ChallengeRuntime{masterSecret: []byte("0123456789abcdef0123456789abcdef")} + ts := fmt.Sprintf("%d", time.Now().UnixNano()) - ticket := computeTicket(ts) + ticket := c.computeTicket(ts) salt := generatePowPrefix() - mac := computePowMAC(salt, ticket, ts) + mac := c.computePowMAC(salt, ticket, ts) // Valid challenge - assert.True(t, matchesChallenge(ticket, ts, salt, mac)) + assert.True(t, c.matchesChallenge(ticket, ts, salt, mac)) // Wrong ticket - assert.False(t, matchesChallenge("wrong-ticket", ts, salt, mac)) + assert.False(t, c.matchesChallenge("wrong-ticket", ts, salt, mac)) // Wrong timestamp (ticket doesn't match) - assert.False(t, matchesChallenge(ticket, "9999999999999999999", salt, mac)) + assert.False(t, c.matchesChallenge(ticket, "9999999999999999999", salt, mac)) // Forged MAC - assert.False(t, matchesChallenge(ticket, ts, salt, "forged-mac")) + assert.False(t, c.matchesChallenge(ticket, ts, salt, "forged-mac")) // MAC from different salt otherSalt := generatePowPrefix() - assert.False(t, matchesChallenge(ticket, ts, otherSalt, mac)) + assert.False(t, c.matchesChallenge(ticket, ts, otherSalt, mac)) // Expired timestamp (too old) oldTS := fmt.Sprintf("%d", time.Now().Add(-3*challengeJSRefreshInterval).UnixNano()) - oldTicket := computeTicket(oldTS) - oldMAC := computePowMAC(salt, oldTicket, oldTS) - assert.False(t, matchesChallenge(oldTicket, oldTS, salt, oldMAC)) + oldTicket := c.computeTicket(oldTS) + oldMAC := c.computePowMAC(salt, oldTicket, oldTS) + assert.False(t, c.matchesChallenge(oldTicket, oldTS, salt, oldMAC)) + + // Cross-secret rejection: a ticket signed by a different instance with a + // different master secret must NOT validate (this is the regression guard + // for distributed deployments — only instances sharing the same secret + // agree on signatures). + otherSecret := &ChallengeRuntime{masterSecret: []byte("ffffffffffffffffffffffffffffffff")} + otherTicket := otherSecret.computeTicket(ts) + otherMAC := otherSecret.computePowMAC(salt, otherTicket, ts) + assert.False(t, c.matchesChallenge(otherTicket, ts, salt, otherMAC)) +} + +// TestDistributedAgreement asserts that two ChallengeRuntime instances +// configured with the same master_secret produce bit-identical tickets and +// PoW MACs — the property that makes load-balanced deployments work. +func TestDistributedAgreement(t *testing.T) { + secret := []byte("shared-secret-shared-secret-shar") // 32 bytes + a := &ChallengeRuntime{masterSecret: secret} + b := &ChallengeRuntime{masterSecret: secret} + + // Use a freshness-window-valid timestamp so matchesChallenge accepts it. + ts := fmt.Sprintf("%d", time.Now().UnixNano()) + salt := "deadbeefcafebabe" + + assert.Equal(t, a.computeTicket(ts), b.computeTicket(ts)) + + ticket := a.computeTicket(ts) + assert.Equal(t, a.computePowMAC(salt, ticket, ts), b.computePowMAC(salt, ticket, ts)) + + // And a challenge issued by A validates against B. + assert.True(t, b.matchesChallenge(ticket, ts, salt, a.computePowMAC(salt, ticket, ts))) } // solvePoWGo is a Go implementation of the PoW solver matching the JS client. @@ -232,18 +268,29 @@ func TestPoWVerification(t *testing.T) { assert.True(t, hasLeadingZeroBits(powHash[:], difficulty)) } +// testSecret is a fixed master secret used by all test helpers below so that +// tickets / MACs / cookies issued in one helper validate in another. +var testSecret = []byte("test-secret-test-secret-test-sec") // 32 bytes + +// newTestRuntime returns a minimal ChallengeRuntime suitable for the helpers +// in this file (no WASM, no obfuscation cache — those tests construct full +// runtimes via NewChallengeRuntime). +func newTestRuntime() *ChallengeRuntime { + return &ChallengeRuntime{masterSecret: testSecret} +} + // freshTicket generates a per-request ticket+timestamp pair (matching GetChallengePage). func freshTicket() (ticket, ts string) { ts = fmt.Sprintf("%d", time.Now().UnixNano()) - ticket = computeTicket(ts) + ticket = newTestRuntime().computeTicket(ts) return } // buildValidBody constructs a valid challenge POST body. func buildValidBody(difficulty int, ticket, ts string) string { - c := &ChallengeRuntime{} + c := newTestRuntime() salt := generatePowPrefix() - powMAC := computePowMAC(salt, ticket, ts) + powMAC := c.computePowMAC(salt, ticket, ts) nonce := solvePoWGo(salt, difficulty) sessionKey := c.getSessionKey(ticket, nonce) @@ -276,7 +323,7 @@ func buildValidBody(difficulty int, ticket, ts string) string { } func TestValidateChallengeResponse(t *testing.T) { - c := &ChallengeRuntime{powDifficulty: 8} + c := &ChallengeRuntime{powDifficulty: 8, masterSecret: testSecret} ticket, ts := freshTicket() body := buildValidBody(c.powDifficulty, ticket, ts) @@ -290,7 +337,7 @@ func TestValidateChallengeResponse(t *testing.T) { } func TestValidateChallengeResponse_MultipleConcurrentClients(t *testing.T) { - c := &ChallengeRuntime{powDifficulty: 8} + c := &ChallengeRuntime{powDifficulty: 8, masterSecret: testSecret} for range 20 { ticket, ts := freshTicket() @@ -304,10 +351,10 @@ func TestValidateChallengeResponse_MultipleConcurrentClients(t *testing.T) { } func TestValidateChallengeResponse_InvalidPoW(t *testing.T) { - c := &ChallengeRuntime{powDifficulty: 8} + c := &ChallengeRuntime{powDifficulty: 8, masterSecret: testSecret} ticket, ts := freshTicket() salt := generatePowPrefix() - powMAC := computePowMAC(salt, ticket, ts) + powMAC := c.computePowMAC(salt, ticket, ts) body := url.Values{ "f": {"dGVzdA=="}, @@ -327,7 +374,7 @@ func TestValidateChallengeResponse_InvalidPoW(t *testing.T) { func TestValidateChallengeResponse_ImpossibleDifficulty(t *testing.T) { // A submission that would otherwise pass at low difficulty is rejected // outright when the runtime is set to impossible. - c := &ChallengeRuntime{powDifficulty: PowDifficultyImpossible} + c := &ChallengeRuntime{powDifficulty: PowDifficultyImpossible, masterSecret: testSecret} ticket, ts := freshTicket() body := buildValidBody(8, ticket, ts) // satisfies 8-bit PoW but not impossible @@ -339,9 +386,9 @@ func TestValidateChallengeResponse_ImpossibleDifficulty(t *testing.T) { } func TestValidateChallengeResponse_ExpiredTimestamp(t *testing.T) { - c := &ChallengeRuntime{powDifficulty: 8} + c := &ChallengeRuntime{powDifficulty: 8, masterSecret: testSecret} oldTS := fmt.Sprintf("%d", time.Now().Add(-3*challengeJSRefreshInterval).UnixNano()) - oldTicket := computeTicket(oldTS) + oldTicket := c.computeTicket(oldTS) body := buildValidBody(c.powDifficulty, oldTicket, oldTS) req, _ := http.NewRequest("POST", "http://example.com/submit", strings.NewReader(body)) @@ -352,10 +399,10 @@ func TestValidateChallengeResponse_ExpiredTimestamp(t *testing.T) { } func TestValidateChallengeResponse_InvalidTicket(t *testing.T) { - c := &ChallengeRuntime{powDifficulty: 8} + c := &ChallengeRuntime{powDifficulty: 8, masterSecret: testSecret} ticket, ts := freshTicket() salt := generatePowPrefix() - powMAC := computePowMAC(salt, ticket, ts) + powMAC := c.computePowMAC(salt, ticket, ts) body := url.Values{ "f": {"dGVzdA=="}, @@ -373,7 +420,7 @@ func TestValidateChallengeResponse_InvalidTicket(t *testing.T) { } func TestValidateChallengeResponse_ForgedMAC(t *testing.T) { - c := &ChallengeRuntime{powDifficulty: 8} + c := &ChallengeRuntime{powDifficulty: 8, masterSecret: testSecret} ticket, ts := freshTicket() salt := generatePowPrefix() @@ -393,10 +440,10 @@ func TestValidateChallengeResponse_ForgedMAC(t *testing.T) { } func TestValidateChallengeResponse_InvalidHMAC(t *testing.T) { - c := &ChallengeRuntime{powDifficulty: 8} + c := &ChallengeRuntime{powDifficulty: 8, masterSecret: testSecret} ticket, ts := freshTicket() salt := generatePowPrefix() - powMAC := computePowMAC(salt, ticket, ts) + powMAC := c.computePowMAC(salt, ticket, ts) nonce := solvePoWGo(salt, c.powDifficulty) body := url.Values{ diff --git a/pkg/appsec/challenge/crypto.go b/pkg/appsec/challenge/crypto.go index b70d8867f4d..a75038f7ef7 100644 --- a/pkg/appsec/challenge/crypto.go +++ b/pkg/appsec/challenge/crypto.go @@ -23,8 +23,8 @@ var ( const hkdfInfo = "crowdsec-challenge-cookie" -func deriveKey(secret string) ([]byte, error) { - h := hkdf.New(sha256.New, []byte(secret), nil, []byte(hkdfInfo)) +func deriveKey(secret []byte) ([]byte, error) { + h := hkdf.New(sha256.New, secret, nil, []byte(hkdfInfo)) key := make([]byte, 32) // AES-256 if _, err := h.Read(key); err != nil { @@ -34,7 +34,7 @@ func deriveKey(secret string) ([]byte, error) { return key, nil } -func sealCookie(envelope *pb.ChallengeCookie, secret string, aad []byte) (string, error) { +func sealCookie(envelope *pb.ChallengeCookie, secret []byte, aad []byte) (string, error) { plaintext, err := proto.Marshal(envelope) if err != nil { return "", fmt.Errorf("failed to marshal challenge cookie proto: %w", err) @@ -65,7 +65,7 @@ func sealCookie(envelope *pb.ChallengeCookie, secret string, aad []byte) (string return base64.RawURLEncoding.EncodeToString(ciphertext), nil } -func openCookie(encoded string, secret string, aad []byte) (*pb.ChallengeCookie, error) { +func openCookie(encoded string, secret []byte, aad []byte) (*pb.ChallengeCookie, error) { ciphertext, err := base64.RawURLEncoding.DecodeString(encoded) if err != nil { return nil, fmt.Errorf("%w: failed to decode: %w", ErrCookieMalformed, err) diff --git a/pkg/appsec/challenge/secret.go b/pkg/appsec/challenge/secret.go new file mode 100644 index 00000000000..ed7f68bab97 --- /dev/null +++ b/pkg/appsec/challenge/secret.go @@ -0,0 +1,70 @@ +package challenge + +import ( + crand "crypto/rand" + "encoding/hex" + "errors" + "fmt" +) + +// minSecretBytes is the smallest accepted master-secret length. 32 bytes is +// the natural minimum for an HMAC-SHA256 key with full security margin; we +// reject anything shorter as a configuration error rather than silently +// padding it. +const minSecretBytes = 32 + +// generateRandomSecret returns a fresh 32-byte secret suitable for use when +// no master_secret is configured. Single-instance deployments are fine with +// this; distributed deployments MUST configure a shared secret because each +// instance generates an independent random one here. +func generateRandomSecret() ([]byte, error) { + buf := make([]byte, 32) + if _, err := crand.Read(buf); err != nil { + return nil, fmt.Errorf("generate random master secret: %w", err) + } + return buf, nil +} + +// ParseConfiguredSecret accepts a configured master secret as either a hex +// string (preferred — encodes raw bytes unambiguously) or a raw passphrase +// (fallback for human-edited configs). The result is at least minSecretBytes. +func ParseConfiguredSecret(value string) ([]byte, error) { + if value == "" { + return nil, errors.New("empty master secret") + } + + // Hex form: even length, hex digits only. + if isHex(value) { + raw, err := hex.DecodeString(value) + if err == nil { + if len(raw) < minSecretBytes { + return nil, fmt.Errorf("hex master secret decodes to %d bytes; minimum is %d", len(raw), minSecretBytes) + } + return raw, nil + } + // Fall through to passphrase handling on hex parse failure — defensive. + } + + if len(value) < minSecretBytes { + return nil, fmt.Errorf("passphrase master secret is %d bytes; minimum is %d", len(value), minSecretBytes) + } + + return []byte(value), nil +} + +func isHex(s string) bool { + if len(s) == 0 || len(s)%2 != 0 { + return false + } + for i := 0; i < len(s); i++ { + c := s[i] + switch { + case c >= '0' && c <= '9': + case c >= 'a' && c <= 'f': + case c >= 'A' && c <= 'F': + default: + return false + } + } + return true +} diff --git a/pkg/appsec/challenge/secret_test.go b/pkg/appsec/challenge/secret_test.go new file mode 100644 index 00000000000..896a168d840 --- /dev/null +++ b/pkg/appsec/challenge/secret_test.go @@ -0,0 +1,63 @@ +package challenge + +import ( + "strings" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestParseConfiguredSecret_Hex(t *testing.T) { + // 32 raw bytes = 64 hex chars + hex := strings.Repeat("ab", 32) + got, err := ParseConfiguredSecret(hex) + require.NoError(t, err) + assert.Len(t, got, 32) +} + +func TestParseConfiguredSecret_HexTooShort(t *testing.T) { + // 31 raw bytes = 62 hex chars → must be rejected + hex := strings.Repeat("ab", 31) + _, err := ParseConfiguredSecret(hex) + require.Error(t, err) + assert.Contains(t, err.Error(), "minimum is 32") +} + +func TestParseConfiguredSecret_Passphrase(t *testing.T) { + // "long enough passphrase, definitely > 32 bytes" — 47 bytes + pw := "long enough passphrase, definitely > 32 bytes" + got, err := ParseConfiguredSecret(pw) + require.NoError(t, err) + assert.Equal(t, []byte(pw), got) +} + +func TestParseConfiguredSecret_PassphraseTooShort(t *testing.T) { + _, err := ParseConfiguredSecret("short") + require.Error(t, err) +} + +func TestParseConfiguredSecret_Empty(t *testing.T) { + _, err := ParseConfiguredSecret("") + require.Error(t, err) +} + +func TestGenerateRandomSecret(t *testing.T) { + a, err := generateRandomSecret() + require.NoError(t, err) + b, err := generateRandomSecret() + require.NoError(t, err) + + assert.Len(t, a, 32) + assert.Len(t, b, 32) + assert.NotEqual(t, a, b, "successive calls must yield different secrets") +} + +func TestNewChallengeRuntime_RejectsShortSecret(t *testing.T) { + // Bypassing ParseConfiguredSecret to feed the runtime a too-short secret + // directly via the option — the runtime itself must defend against this. + short := []byte("too-short") + _, err := NewChallengeRuntime(t.Context(), WithMasterSecret(short)) + require.Error(t, err) + assert.Contains(t, err.Error(), "minimum") +} From d3a7bc9935446f3ac1562b3b87b1a15b9ae22254 Mon Sep 17 00:00:00 2001 From: Thibault Koechlin Date: Thu, 7 May 2026 15:51:25 +0200 Subject: [PATCH 03/17] appsec/challenge: HKDF-derived per-epoch keys + cookie format v1 Adds time-based key rotation built on HKDF derivation from the shared master_secret. Two instances configured with the same master_secret and rotation_interval derive bit-identical per-epoch keys for the same epoch, so the rotation is automatic and stateless across a load-balanced fleet. KeyRing - New pkg/appsec/challenge/keyring.go. - Epoch identifier = floor(now.Unix() / rotation_interval.Seconds()). - Per-epoch sign and cookie keys derived via HKDF-SHA256 with stable salt "crowdsec-challenge-keyring-v1" and per-context info strings ("epoch-sign", "epoch-cookie") so the same secret can produce two cryptographically independent keys for the same epoch. - Sliding live window: any epoch in [current - maxLive + 1 ... current + clockSkew] is acceptable; anything outside is rejected. - Internal cache of derived keys, eviction of stale epochs on every derivation. Wiring - ChallengeRuntime now holds *KeyRing instead of a flat masterSecret. - computeTicket and computePowMAC sign with the epoch derived from the ticket's timestamp, so verification needs no extra wire bits. - matchesChallenge looks up the per-epoch sign key, returns false on out-of-window epochs (also defends against forged stale timestamps). - New options WithRotationInterval and WithMaxLiveEpochs; defaults are 5-minute rotation and a 3-epoch live window. Cookie format v1 - New crypto.go format: version_byte || epoch_be8 || nonce || ciphertext. Epoch is also bound into the AEAD AAD so a sealed cookie cannot be replayed under a different epoch tag. - v0 (legacy) cookies without the version byte fall back to a try-decrypt loop over every live epoch, so cookies issued just before the upgrade keep working until they expire (default 2h cookie TTL). After that window the fallback path is only taken on adversarial input. - ErrCookieEpoch is a typed sentinel for "out-of-window epoch". Acquisition config - challenge_key_rotation_interval (duration) and challenge_max_live_epochs (int) fields added; both must agree across instances in a distributed setup. Tests - KeyRing: determinism across instances, rotation at boundary, live- window admission, stale-cache eviction, known-vector lockdown, cross-context and cross-epoch separation. - Cookie v1: round-trip, AAD epoch binding (tampering invalidates), out-of-window rejection, UA mismatch rejection. - Rotation end-to-end: ticket signed under epoch N validates after the keyring rolls to N+1 (in-flight requests survive); ticket from an evicted epoch is rejected; full ValidateChallengeResponse + ValidCookie round-trip exercises both keyring and cookie-v1 together. Co-Authored-By: Claude Opus 4.6 --- pkg/acquisition/modules/appsec/config.go | 18 +- pkg/appsec/challenge/challenge.go | 144 ++++++++++--- pkg/appsec/challenge/challenge_test.go | 85 +++++--- pkg/appsec/challenge/crypto.go | 121 ++++++++++- pkg/appsec/challenge/keyring.go | 197 ++++++++++++++++++ .../challenge/keyring_integration_test.go | 190 +++++++++++++++++ pkg/appsec/challenge/keyring_test.go | 186 +++++++++++++++++ 7 files changed, 880 insertions(+), 61 deletions(-) create mode 100644 pkg/appsec/challenge/keyring.go create mode 100644 pkg/appsec/challenge/keyring_integration_test.go create mode 100644 pkg/appsec/challenge/keyring_test.go diff --git a/pkg/acquisition/modules/appsec/config.go b/pkg/acquisition/modules/appsec/config.go index 672446f764d..c24596b364f 100644 --- a/pkg/acquisition/modules/appsec/config.go +++ b/pkg/acquisition/modules/appsec/config.go @@ -51,7 +51,17 @@ type Configuration struct { // passphrase; minimum 32 bytes / characters. If unset, an ephemeral // random secret is generated at startup (suitable for single-instance // deployments only — restarts invalidate outstanding challenge cookies). - ChallengeMasterSecret string `yaml:"challenge_master_secret"` + ChallengeMasterSecret string `yaml:"challenge_master_secret"` + + // ChallengeKeyRotationInterval controls how often the per-epoch + // challenge key advances. All instances in a distributed setup MUST + // agree on this value to derive identical per-epoch keys. + ChallengeKeyRotationInterval *time.Duration `yaml:"challenge_key_rotation_interval"` + + // ChallengeMaxLiveEpochs is how many past epochs (in addition to the + // current one) the keyring continues to accept. Sized so any submission + // within the freshness window has a non-evicted epoch. + ChallengeMaxLiveEpochs int `yaml:"challenge_max_live_epochs"` configuration.DataSourceCommonCfg `yaml:",inline"` } @@ -209,6 +219,12 @@ func (w *Source) Configure(ctx context.Context, yamlConfig []byte, logger *log.E } challengeOpts = append(challengeOpts, challenge.WithMasterSecret(secret)) } + if w.config.ChallengeKeyRotationInterval != nil { + challengeOpts = append(challengeOpts, challenge.WithRotationInterval(*w.config.ChallengeKeyRotationInterval)) + } + if w.config.ChallengeMaxLiveEpochs > 0 { + challengeOpts = append(challengeOpts, challenge.WithMaxLiveEpochs(w.config.ChallengeMaxLiveEpochs)) + } challengeRuntime, err := challenge.NewChallengeRuntime(ctx, challengeOpts...) if err != nil { diff --git a/pkg/appsec/challenge/challenge.go b/pkg/appsec/challenge/challenge.go index 2beec2bfeec..a0815046c27 100644 --- a/pkg/appsec/challenge/challenge.go +++ b/pkg/appsec/challenge/challenge.go @@ -90,11 +90,12 @@ type ChallengeRuntime struct { powDifficulty int - // masterSecret is the long-lived shared secret used as the HMAC key for - // tickets/PoW MACs and as the HKDF input for cookie sealing. In a - // distributed setup all instances must share the same value so that a - // challenge issued by one instance validates against another. - masterSecret []byte + // keys derives per-epoch sign+cookie keys from the configured long-lived + // secret. All HMAC and AEAD operations route through this so that + // rotation is a server-side bookkeeping change with no protocol impact. + // In distributed setups, every WAF instance with the same master_secret + // and rotation_interval derives bit-identical per-epoch keys. + keys *KeyRing } // Option configures a ChallengeRuntime at construction time. @@ -104,6 +105,14 @@ type runtimeOptions struct { // masterSecret, if non-nil, overrides the secret-resolution path. The // caller is responsible for ensuring it is at least minSecretBytes long. masterSecret []byte + + // rotationInterval is the wall-clock period after which the per-epoch + // derived keys advance. Zero falls back to keyringDefaultRotation. + rotationInterval time.Duration + + // maxLiveEpochs is how many past epochs (plus the current one) the + // keyring keeps acceptable. Zero falls back to keyringDefaultMaxLive. + maxLiveEpochs int } // WithMasterSecret sets the long-lived shared secret. In distributed @@ -116,6 +125,23 @@ func WithMasterSecret(secret []byte) Option { } } +// WithRotationInterval sets the per-epoch key rotation period. All instances +// in a distributed setup MUST agree on this value to derive identical keys. +func WithRotationInterval(d time.Duration) Option { + return func(o *runtimeOptions) { + o.rotationInterval = d + } +} + +// WithMaxLiveEpochs sets how many past epochs (in addition to the current +// one) the keyring continues to accept. Sized so any submission within the +// freshness window has a non-evicted epoch. +func WithMaxLiveEpochs(n int) Option { + return func(o *runtimeOptions) { + o.maxLiveEpochs = n + } +} + // DifficultyFromLevel resolves a named level ("low", "medium", "high") to // a PoW difficulty in leading zero bits. Case-insensitive. func DifficultyFromLevel(level string) (int, error) { @@ -177,11 +203,20 @@ func NewChallengeRuntime(ctx context.Context, opts ...Option) (*ChallengeRuntime return nil, fmt.Errorf("master secret is %d bytes; minimum is %d", len(secret), minSecretBytes) } + rotationInterval := resolvedOpts.rotationInterval + if rotationInterval == 0 { + rotationInterval = keyringDefaultRotation + } + + keys, err := NewKeyRing(secret, rotationInterval, resolvedOpts.maxLiveEpochs) + if err != nil { + return nil, fmt.Errorf("build challenge keyring: %w", err) + } + r := wazero.NewRuntime(ctx) // No need to keep the closer around, we can just close the runtime itself when stopping - _, err := wasi_snapshot_preview1.Instantiate(ctx, r) - if err != nil { + if _, err := wasi_snapshot_preview1.Instantiate(ctx, r); err != nil { return nil, fmt.Errorf("failed to instantiate WASI: %w", err) } @@ -220,7 +255,7 @@ func NewChallengeRuntime(ctx context.Context, opts ...Option) (*ChallengeRuntime obfuscatorMod: compiledMod, obfuscatedJSCache: make([]obfuscatedScript, 0, challengeJSCacheSize), powDifficulty: defaultPowDifficulty, - masterSecret: secret, + keys: keys, } // Seed the cache from the baked-in pre-obfuscated bundle so the service is @@ -426,13 +461,41 @@ func (c *ChallengeRuntime) ObfuscateJS(ctx context.Context, inputJS string) (str return stdout.String(), nil } +// computeTicket signs the timestamp with the per-epoch signing key derived +// from the master secret. The epoch is computed from the timestamp itself +// (`ts_nanos / 1e9 / rotation_seconds`), so verification is fully stateless: +// any instance with the same master secret can derive the same epoch from the +// same ts and validate the HMAC. func (c *ChallengeRuntime) computeTicket(ts string) string { - h := hmac.New(sha256.New, c.masterSecret) + epoch := c.epochForTimestamp(ts) + signKey, ok := c.keys.SignKey(epoch) + if !ok { + // Falling back to the current key on out-of-window timestamps avoids + // accidentally producing a structurally valid signature for a stale + // timestamp; verification will reject the resulting ticket on the same + // liveness check. + _, signKey = c.keys.Current() + } + + h := hmac.New(sha256.New, signKey) h.Write([]byte(ts)) return fmt.Sprintf("%x", h.Sum(nil)) } +// epochForTimestamp converts a nanosecond UnixNano string (the format used in +// challenge.go's ts) into the keyring's epoch identifier. Uses the same +// rotation interval as the keyring so two instances always agree. +func (c *ChallengeRuntime) epochForTimestamp(ts string) int64 { + tsVal, err := strconv.ParseInt(ts, 10, 64) + if err != nil || tsVal <= 0 { + // Caller will reject the ticket via the liveness check anyway; return + // an out-of-window sentinel epoch. + return -1 + } + return tsVal / int64(time.Second) / int64(c.keys.rotationInterval/time.Second) +} + // GetChallengePage renders the challenge HTML page with the given PoW difficulty. // If difficulty is 0, the default difficulty is used. func (c *ChallengeRuntime) GetChallengePage(userAgent string, difficulty int) (string, error) { @@ -489,11 +552,17 @@ func generatePowPrefix() string { return hex.EncodeToString(buf) } -// computePowMAC produces an HMAC that authenticates a PoW salt as server-generated -// and bound to a specific ticket window. Stateless: any instance sharing the -// master secret can verify it. +// computePowMAC produces an HMAC that authenticates a PoW salt as server- +// generated and bound to a specific ticket window. Signed with the same +// per-epoch key as the ticket so a single keyring lookup verifies both. func (c *ChallengeRuntime) computePowMAC(salt, ticket, ts string) string { - h := hmac.New(sha256.New, c.masterSecret) + epoch := c.epochForTimestamp(ts) + signKey, ok := c.keys.SignKey(epoch) + if !ok { + _, signKey = c.keys.Current() + } + + h := hmac.New(sha256.New, signKey) h.Write([]byte(salt)) h.Write([]byte(ticket)) h.Write([]byte(ts)) @@ -544,16 +613,15 @@ func (c *ChallengeRuntime) decryptFingerprint(sessionKey string, encrypted strin // matchesChallenge verifies that the ticket/timestamp/PoW salt are authentically // server-generated and the timestamp is recent. Fully stateless — any instance // sharing the master secret can verify. +// +// Both the ticket and the PoW MAC are signed with the per-epoch key derived +// from `ts`. Liveness is enforced twice: first via the keyring (the epoch +// derived from `ts` must be in the live window) and second via the +// challenge-JS refresh window. The keyring window is the actual freshness +// guarantee; the JS-refresh check is a (looser) backstop. func (c *ChallengeRuntime) matchesChallenge(clientTicket, clientTS, clientPowSalt, clientPowMAC string) bool { - // Verify the ticket is an authentic HMAC of the timestamp. - expectedTicket := c.computeTicket(clientTS) - if !hmac.Equal([]byte(clientTicket), []byte(expectedTicket)) { - return false - } - - // Verify the timestamp is recent (within 2 refresh intervals for safety). tsVal, err := strconv.ParseInt(clientTS, 10, 64) - if err != nil { + if err != nil || tsVal <= 0 { return false } @@ -562,12 +630,36 @@ func (c *ChallengeRuntime) matchesChallenge(clientTicket, clientTS, clientPowSal return false } + epoch := c.epochForTimestamp(clientTS) + signKey, ok := c.keys.SignKey(epoch) + if !ok { + // Epoch fell out of the live window — reject without leaking a usable + // "signature mismatch" vs "stale epoch" distinction via timing. + return false + } + + // Verify the ticket is an authentic HMAC of the timestamp under K_epoch. + expectedTicket := hmacSHA256Hex(signKey, []byte(clientTS)) + if !hmac.Equal([]byte(clientTicket), []byte(expectedTicket)) { + return false + } + // Verify the PoW salt MAC is authentic and bound to this ticket+timestamp. - expectedMAC := c.computePowMAC(clientPowSalt, clientTicket, clientTS) + macIn := make([]byte, 0, len(clientPowSalt)+len(clientTicket)+len(clientTS)) + macIn = append(macIn, clientPowSalt...) + macIn = append(macIn, clientTicket...) + macIn = append(macIn, clientTS...) + expectedMAC := hmacSHA256Hex(signKey, macIn) return hmac.Equal([]byte(clientPowMAC), []byte(expectedMAC)) } +func hmacSHA256Hex(key, msg []byte) string { + h := hmac.New(sha256.New, key) + h.Write(msg) + return fmt.Sprintf("%x", h.Sum(nil)) +} + func (c *ChallengeRuntime) ValidateChallengeResponse(request *http.Request, body []byte) (*cookie.AppsecCookie, FingerprintData, error) { vars, err := url.ParseQuery(string(body)) if err != nil { @@ -636,7 +728,11 @@ func (c *ChallengeRuntime) ValidateChallengeResponse(request *http.Request, body PowDifficulty: int32(c.powDifficulty), } - cookieValue, err := sealCookie(envelope, c.masterSecret, []byte(request.UserAgent())) + // Seal under the current epoch's cookie key. The cookie wire format + // includes the epoch tag so the same key (or a subsequent rotation + // while the epoch is still in the live window) opens it. + cookieEpoch, cookieKey := c.keys.CurrentCookie() + cookieValue, err := sealCookieV1(envelope, cookieKey, cookieEpoch, []byte(request.UserAgent())) if err != nil { return nil, FingerprintData{}, fmt.Errorf("failed to seal challenge cookie: %w", err) } @@ -662,7 +758,7 @@ func (c *ChallengeRuntime) ValidCookie(ck *http.Cookie, userAgent string) (*Cook return nil, fmt.Errorf("nil cookie") } - envelope, err := openCookie(ck.Value, c.masterSecret, []byte(userAgent)) + envelope, err := openCookieV1(ck.Value, c.keys.CookieKey, c.keys.LiveEpochs(), []byte(userAgent)) if err != nil { return nil, fmt.Errorf("invalid challenge cookie: %w", err) } diff --git a/pkg/appsec/challenge/challenge_test.go b/pkg/appsec/challenge/challenge_test.go index ba79dcc359f..572510c496a 100644 --- a/pkg/appsec/challenge/challenge_test.go +++ b/pkg/appsec/challenge/challenge_test.go @@ -115,7 +115,7 @@ func TestDifficultyFromLevel(t *testing.T) { } func TestSetDifficulty(t *testing.T) { - c := &ChallengeRuntime{powDifficulty: defaultPowDifficulty, masterSecret: testSecret} + c := newTestRuntimeWithDifficulty(defaultPowDifficulty) assert.NoError(t, c.SetDifficulty("low")) assert.Equal(t, PowDifficultyLow, c.powDifficulty) @@ -150,26 +150,37 @@ func TestGetSessionKey(t *testing.T) { func TestComputeTicket(t *testing.T) { // Use a fixed test secret so the HMAC equality check is reproducible. - testSecret := []byte("0123456789abcdef0123456789abcdef") - c := &ChallengeRuntime{masterSecret: testSecret} + secret := []byte("0123456789abcdef0123456789abcdef") + keys, err := NewKeyRing(secret, time.Minute, 3) + require.NoError(t, err) + c := &ChallengeRuntime{keys: keys} + + // Use a current timestamp so the keyring derives the right epoch. + ts1 := fmt.Sprintf("%d", time.Now().UnixNano()) // Deterministic for same timestamp - t1 := c.computeTicket("12345") - t2 := c.computeTicket("12345") + t1 := c.computeTicket(ts1) + t2 := c.computeTicket(ts1) assert.Equal(t, t1, t2) // Different for different timestamps - t3 := c.computeTicket("67890") + ts2 := fmt.Sprintf("%d", time.Now().Add(2*time.Second).UnixNano()) + t3 := c.computeTicket(ts2) assert.NotEqual(t, t1, t3) - // Matches expected HMAC-SHA256 - h := hmac.New(sha256.New, testSecret) - h.Write([]byte("12345")) + // Matches HMAC-SHA256 under the per-epoch sign key for ts1's epoch. + epoch := c.epochForTimestamp(ts1) + signKey, ok := c.keys.SignKey(epoch) + require.True(t, ok) + h := hmac.New(sha256.New, signKey) + h.Write([]byte(ts1)) assert.Equal(t, fmt.Sprintf("%x", h.Sum(nil)), t1) } func TestMatchesChallenge(t *testing.T) { - c := &ChallengeRuntime{masterSecret: []byte("0123456789abcdef0123456789abcdef")} + keys, err := NewKeyRing([]byte("0123456789abcdef0123456789abcdef"), time.Minute, 3) + require.NoError(t, err) + c := &ChallengeRuntime{keys: keys} ts := fmt.Sprintf("%d", time.Now().UnixNano()) ticket := c.computeTicket(ts) @@ -199,12 +210,12 @@ func TestMatchesChallenge(t *testing.T) { assert.False(t, c.matchesChallenge(oldTicket, oldTS, salt, oldMAC)) // Cross-secret rejection: a ticket signed by a different instance with a - // different master secret must NOT validate (this is the regression guard - // for distributed deployments — only instances sharing the same secret - // agree on signatures). - otherSecret := &ChallengeRuntime{masterSecret: []byte("ffffffffffffffffffffffffffffffff")} - otherTicket := otherSecret.computeTicket(ts) - otherMAC := otherSecret.computePowMAC(salt, otherTicket, ts) + // different master secret must NOT validate. + otherKeys, err := NewKeyRing([]byte("ffffffffffffffffffffffffffffffff"), time.Minute, 3) + require.NoError(t, err) + other := &ChallengeRuntime{keys: otherKeys} + otherTicket := other.computeTicket(ts) + otherMAC := other.computePowMAC(salt, otherTicket, ts) assert.False(t, c.matchesChallenge(otherTicket, ts, salt, otherMAC)) } @@ -213,8 +224,12 @@ func TestMatchesChallenge(t *testing.T) { // PoW MACs — the property that makes load-balanced deployments work. func TestDistributedAgreement(t *testing.T) { secret := []byte("shared-secret-shared-secret-shar") // 32 bytes - a := &ChallengeRuntime{masterSecret: secret} - b := &ChallengeRuntime{masterSecret: secret} + keysA, err := NewKeyRing(secret, time.Minute, 3) + require.NoError(t, err) + keysB, err := NewKeyRing(secret, time.Minute, 3) + require.NoError(t, err) + a := &ChallengeRuntime{keys: keysA} + b := &ChallengeRuntime{keys: keysB} // Use a freshness-window-valid timestamp so matchesChallenge accepts it. ts := fmt.Sprintf("%d", time.Now().UnixNano()) @@ -272,11 +287,27 @@ func TestPoWVerification(t *testing.T) { // tickets / MACs / cookies issued in one helper validate in another. var testSecret = []byte("test-secret-test-secret-test-sec") // 32 bytes +// testKeyRing returns a fresh KeyRing built around testSecret. Returned by +// value would defeat the cache, so we hand back a pointer and rely on the +// caller to discard it after the test. +func testKeyRing() *KeyRing { + k, err := NewKeyRing(testSecret, time.Minute, 3) + if err != nil { + panic(err) + } + return k +} + // newTestRuntime returns a minimal ChallengeRuntime suitable for the helpers // in this file (no WASM, no obfuscation cache — those tests construct full // runtimes via NewChallengeRuntime). func newTestRuntime() *ChallengeRuntime { - return &ChallengeRuntime{masterSecret: testSecret} + return &ChallengeRuntime{keys: testKeyRing()} +} + +// newTestRuntimeWithDifficulty is a small convenience for the many ValidateChallengeResponse tests. +func newTestRuntimeWithDifficulty(d int) *ChallengeRuntime { + return &ChallengeRuntime{keys: testKeyRing(), powDifficulty: d} } // freshTicket generates a per-request ticket+timestamp pair (matching GetChallengePage). @@ -323,7 +354,7 @@ func buildValidBody(difficulty int, ticket, ts string) string { } func TestValidateChallengeResponse(t *testing.T) { - c := &ChallengeRuntime{powDifficulty: 8, masterSecret: testSecret} + c := newTestRuntimeWithDifficulty(8) ticket, ts := freshTicket() body := buildValidBody(c.powDifficulty, ticket, ts) @@ -337,7 +368,7 @@ func TestValidateChallengeResponse(t *testing.T) { } func TestValidateChallengeResponse_MultipleConcurrentClients(t *testing.T) { - c := &ChallengeRuntime{powDifficulty: 8, masterSecret: testSecret} + c := newTestRuntimeWithDifficulty(8) for range 20 { ticket, ts := freshTicket() @@ -351,7 +382,7 @@ func TestValidateChallengeResponse_MultipleConcurrentClients(t *testing.T) { } func TestValidateChallengeResponse_InvalidPoW(t *testing.T) { - c := &ChallengeRuntime{powDifficulty: 8, masterSecret: testSecret} + c := newTestRuntimeWithDifficulty(8) ticket, ts := freshTicket() salt := generatePowPrefix() powMAC := c.computePowMAC(salt, ticket, ts) @@ -374,7 +405,7 @@ func TestValidateChallengeResponse_InvalidPoW(t *testing.T) { func TestValidateChallengeResponse_ImpossibleDifficulty(t *testing.T) { // A submission that would otherwise pass at low difficulty is rejected // outright when the runtime is set to impossible. - c := &ChallengeRuntime{powDifficulty: PowDifficultyImpossible, masterSecret: testSecret} + c := newTestRuntimeWithDifficulty(PowDifficultyImpossible) ticket, ts := freshTicket() body := buildValidBody(8, ticket, ts) // satisfies 8-bit PoW but not impossible @@ -386,7 +417,7 @@ func TestValidateChallengeResponse_ImpossibleDifficulty(t *testing.T) { } func TestValidateChallengeResponse_ExpiredTimestamp(t *testing.T) { - c := &ChallengeRuntime{powDifficulty: 8, masterSecret: testSecret} + c := newTestRuntimeWithDifficulty(8) oldTS := fmt.Sprintf("%d", time.Now().Add(-3*challengeJSRefreshInterval).UnixNano()) oldTicket := c.computeTicket(oldTS) body := buildValidBody(c.powDifficulty, oldTicket, oldTS) @@ -399,7 +430,7 @@ func TestValidateChallengeResponse_ExpiredTimestamp(t *testing.T) { } func TestValidateChallengeResponse_InvalidTicket(t *testing.T) { - c := &ChallengeRuntime{powDifficulty: 8, masterSecret: testSecret} + c := newTestRuntimeWithDifficulty(8) ticket, ts := freshTicket() salt := generatePowPrefix() powMAC := c.computePowMAC(salt, ticket, ts) @@ -420,7 +451,7 @@ func TestValidateChallengeResponse_InvalidTicket(t *testing.T) { } func TestValidateChallengeResponse_ForgedMAC(t *testing.T) { - c := &ChallengeRuntime{powDifficulty: 8, masterSecret: testSecret} + c := newTestRuntimeWithDifficulty(8) ticket, ts := freshTicket() salt := generatePowPrefix() @@ -440,7 +471,7 @@ func TestValidateChallengeResponse_ForgedMAC(t *testing.T) { } func TestValidateChallengeResponse_InvalidHMAC(t *testing.T) { - c := &ChallengeRuntime{powDifficulty: 8, masterSecret: testSecret} + c := newTestRuntimeWithDifficulty(8) ticket, ts := freshTicket() salt := generatePowPrefix() powMAC := c.computePowMAC(salt, ticket, ts) diff --git a/pkg/appsec/challenge/crypto.go b/pkg/appsec/challenge/crypto.go index a75038f7ef7..0914e5f41b9 100644 --- a/pkg/appsec/challenge/crypto.go +++ b/pkg/appsec/challenge/crypto.go @@ -6,6 +6,7 @@ import ( "crypto/rand" "crypto/sha256" "encoding/base64" + "encoding/binary" "errors" "fmt" @@ -19,10 +20,22 @@ var ( ErrCookieMalformed = errors.New("malformed cookie") ErrCookieSignature = errors.New("invalid cookie signature") ErrCookiePayload = errors.New("invalid cookie payload") + ErrCookieEpoch = errors.New("cookie epoch outside live window") ) const hkdfInfo = "crowdsec-challenge-cookie" +// Cookie wire format: +// +// v1 (current): cookieVersionV1 || epoch_be8 || nonce || ciphertext +// v0 (legacy): nonce || ciphertext +// +// The version byte distinguishes v1 from v0 — v0 nonces are 12 random bytes, +// so the probability of a v0 cookie's first byte happening to match +// cookieVersionV1 is 1/256. The epoch is bound into the AAD so a sealed +// cookie can't be replayed under a different epoch tag. +const cookieVersionV1 byte = 0x01 + func deriveKey(secret []byte) ([]byte, error) { h := hkdf.New(sha256.New, secret, nil, []byte(hkdfInfo)) key := make([]byte, 32) // AES-256 @@ -34,13 +47,16 @@ func deriveKey(secret []byte) ([]byte, error) { return key, nil } -func sealCookie(envelope *pb.ChallengeCookie, secret []byte, aad []byte) (string, error) { +// sealCookieV1 produces a v1 cookie sealed under the given per-epoch key. +// The epoch is included in both the wire format header and the AEAD AAD so +// a cookie sealed for epoch N cannot be replayed claiming epoch M. +func sealCookieV1(envelope *pb.ChallengeCookie, epochKey []byte, epoch int64, aad []byte) (string, error) { plaintext, err := proto.Marshal(envelope) if err != nil { return "", fmt.Errorf("failed to marshal challenge cookie proto: %w", err) } - key, err := deriveKey(secret) + key, err := deriveKey(epochKey) if err != nil { return "", err } @@ -60,18 +76,93 @@ func sealCookie(envelope *pb.ChallengeCookie, secret []byte, aad []byte) (string return "", fmt.Errorf("failed to generate nonce: %w", err) } - ciphertext := gcm.Seal(nonce, nonce, plaintext, aad) + // Bind the epoch into the AAD: changing the epoch tag invalidates the AEAD tag. + bound := bindEpochToAAD(aad, epoch) + ciphertext := gcm.Seal(nonce, nonce, plaintext, bound) + + // Build the v1 wire form: version || epoch_be8 || (nonce || ciphertext). + out := make([]byte, 0, 1+8+len(ciphertext)) + out = append(out, cookieVersionV1) + var epochBytes [8]byte + binary.BigEndian.PutUint64(epochBytes[:], uint64(epoch)) + out = append(out, epochBytes[:]...) + out = append(out, ciphertext...) - return base64.RawURLEncoding.EncodeToString(ciphertext), nil + return base64.RawURLEncoding.EncodeToString(out), nil } -func openCookie(encoded string, secret []byte, aad []byte) (*pb.ChallengeCookie, error) { - ciphertext, err := base64.RawURLEncoding.DecodeString(encoded) +// keyResolver returns the per-epoch cookie key for a given epoch, or +// (nil, false) if the epoch is outside the live window. Implemented by +// KeyRing.CookieKey. +type keyResolver func(epoch int64) ([]byte, bool) + +// openCookieV1 decodes a v1 cookie. If the wire format does not start with +// cookieVersionV1 it is treated as a legacy v0 cookie and decoded with +// openCookieV0Fallback (which tries every live key in turn). +func openCookieV1(encoded string, resolveKey keyResolver, liveEpochs []int64, aad []byte) (*pb.ChallengeCookie, error) { + raw, err := base64.RawURLEncoding.DecodeString(encoded) if err != nil { return nil, fmt.Errorf("%w: failed to decode: %w", ErrCookieMalformed, err) } - key, err := deriveKey(secret) + if len(raw) >= 1 && raw[0] == cookieVersionV1 { + return openCookieV1Bytes(raw, resolveKey, aad) + } + + // Pre-v1 fallback: try every live epoch's key. After all currently-issued + // v0 cookies have expired (default 2h cookie TTL, so within hours of + // deploy), this branch is only ever taken on adversarial input. + return openCookieV0Fallback(raw, resolveKey, liveEpochs, aad) +} + +func openCookieV1Bytes(raw []byte, resolveKey keyResolver, aad []byte) (*pb.ChallengeCookie, error) { + const headerLen = 1 + 8 // version + epoch + if len(raw) < headerLen { + return nil, fmt.Errorf("%w: v1 header too short", ErrCookieMalformed) + } + + epoch := int64(binary.BigEndian.Uint64(raw[1:headerLen])) + body := raw[headerLen:] + + key, ok := resolveKey(epoch) + if !ok { + return nil, fmt.Errorf("%w: epoch %d", ErrCookieEpoch, epoch) + } + + envelope, err := openCookieAESGCM(body, key, bindEpochToAAD(aad, epoch)) + if err != nil { + return nil, err + } + return envelope, nil +} + +func openCookieV0Fallback(raw []byte, resolveKey keyResolver, liveEpochs []int64, aad []byte) (*pb.ChallengeCookie, error) { + if len(liveEpochs) == 0 { + return nil, fmt.Errorf("%w: no live keys to try v0 decode", ErrCookieSignature) + } + + // Try newest-first so steady-state legacy cookies (issued just before + // upgrade to v1) decode on the first attempt. + for i := len(liveEpochs) - 1; i >= 0; i-- { + key, ok := resolveKey(liveEpochs[i]) + if !ok { + continue + } + envelope, err := openCookieAESGCM(raw, key, aad) + if err == nil { + return envelope, nil + } + // On signature failure keep trying; bail on structural errors. + if !errors.Is(err, ErrCookieSignature) { + return nil, err + } + } + + return nil, fmt.Errorf("%w: no live key opened the cookie", ErrCookieSignature) +} + +func openCookieAESGCM(body []byte, epochKey []byte, aad []byte) (*pb.ChallengeCookie, error) { + key, err := deriveKey(epochKey) if err != nil { return nil, err } @@ -87,11 +178,11 @@ func openCookie(encoded string, secret []byte, aad []byte) (*pb.ChallengeCookie, } nonceSize := gcm.NonceSize() - if len(ciphertext) < nonceSize { + if len(body) < nonceSize { return nil, fmt.Errorf("%w: ciphertext too short", ErrCookieMalformed) } - nonce, ciphertext := ciphertext[:nonceSize], ciphertext[nonceSize:] + nonce, ciphertext := body[:nonceSize], body[nonceSize:] plaintext, err := gcm.Open(nil, nonce, ciphertext, aad) if err != nil { @@ -105,3 +196,15 @@ func openCookie(encoded string, secret []byte, aad []byte) (*pb.ChallengeCookie, return envelope, nil } + +// bindEpochToAAD returns the AEAD AAD with a length-prefixed epoch suffix so +// the underlying AAD bytes (User-Agent) can have any length without the +// epoch's bytes ambiguously merging with them. +func bindEpochToAAD(aad []byte, epoch int64) []byte { + out := make([]byte, 0, len(aad)+1+8) + out = append(out, aad...) + out = append(out, '|') + var epochBytes [8]byte + binary.BigEndian.PutUint64(epochBytes[:], uint64(epoch)) + return append(out, epochBytes[:]...) +} diff --git a/pkg/appsec/challenge/keyring.go b/pkg/appsec/challenge/keyring.go new file mode 100644 index 00000000000..8d898a5da42 --- /dev/null +++ b/pkg/appsec/challenge/keyring.go @@ -0,0 +1,197 @@ +package challenge + +import ( + "crypto/sha256" + "encoding/binary" + "fmt" + "sync" + "time" + + "golang.org/x/crypto/hkdf" +) + +// EpochSalt and the per-context info strings define the HKDF derivation used +// to produce per-epoch keys from the long-lived master secret. They are part +// of the wire protocol — changing them silently would invalidate every +// outstanding ticket and cookie across a fleet upgrade. Bump the version +// suffix when intentionally rotating. +const ( + keyringHKDFSalt = "crowdsec-challenge-keyring-v1" + keyringInfoSign = "epoch-sign" // for HMAC ticket / PoW MAC keys + keyringInfoCookie = "epoch-cookie" // for AES-GCM cookie sealing + keyringDerivedKeyBytes = 32 // 256-bit keys throughout + keyringClockSkew = 1 // accept currentEpoch + 1 + keyringDefaultMaxLive = 3 // currentEpoch and 2 prior + keyringDefaultRotation = 5 * time.Minute // rotation cadence + keyringMinRotation = 30 * time.Second // floor for sanity +) + +// epochKey bundles the two derived keys for a single epoch so a single map +// lookup answers both "sign this" and "seal this cookie". +type epochKey struct { + sign []byte // HMAC-SHA256 key for tickets / PoW MACs + cookie []byte // raw key fed to crypto.go's HKDF for AES-256-GCM +} + +// KeyRing produces per-epoch keys deterministically from a shared master +// secret. Two instances configured with the same masterSecret and rotation +// interval derive bit-identical keys for the same epoch — the property that +// lets distributed (multi-WAF) deployments sign and verify each other's +// challenges without coordination. +// +// Live window: KeyRing.Get returns a key for any epoch in +// [currentEpoch - maxLive + 1 ... currentEpoch + clockSkew]. Epochs outside +// that window are rejected to bound the verification cost an attacker can +// extract by submitting arbitrarily-stale or far-future epoch tags. +type KeyRing struct { + masterSecret []byte + rotationInterval time.Duration + maxLive int + clockSkew int + + now func() time.Time // overridable for tests + + mu sync.RWMutex + cache map[int64]epochKey +} + +// NewKeyRing constructs a KeyRing. masterSecret must be at least minSecretBytes +// long (callers should already have validated this via WithMasterSecret); the +// rotation interval must be at least keyringMinRotation. maxLive defaults to +// keyringDefaultMaxLive when zero. +func NewKeyRing(masterSecret []byte, rotationInterval time.Duration, maxLive int) (*KeyRing, error) { + if len(masterSecret) < minSecretBytes { + return nil, fmt.Errorf("keyring master secret is %d bytes; minimum is %d", len(masterSecret), minSecretBytes) + } + if rotationInterval < keyringMinRotation { + return nil, fmt.Errorf("keyring rotation interval %s is below the floor %s", rotationInterval, keyringMinRotation) + } + if maxLive <= 0 { + maxLive = keyringDefaultMaxLive + } + + return &KeyRing{ + masterSecret: masterSecret, + rotationInterval: rotationInterval, + maxLive: maxLive, + clockSkew: keyringClockSkew, + now: time.Now, + cache: make(map[int64]epochKey), + }, nil +} + +// CurrentEpoch returns the epoch identifier for the current wall-clock time. +// Equal across all instances with synchronized clocks. +func (k *KeyRing) CurrentEpoch() int64 { + return k.now().Unix() / int64(k.rotationInterval/time.Second) +} + +// Current returns the epoch and signing key that should be used to sign new +// outbound material right now. +func (k *KeyRing) Current() (int64, []byte) { + epoch := k.CurrentEpoch() + key := k.deriveOrCache(epoch) + return epoch, key.sign +} + +// CurrentCookie returns the epoch and cookie-sealing key for new cookies. +func (k *KeyRing) CurrentCookie() (int64, []byte) { + epoch := k.CurrentEpoch() + key := k.deriveOrCache(epoch) + return epoch, key.cookie +} + +// SignKey returns the HMAC key for an epoch if it's within the live window; +// returns (nil, false) otherwise. +func (k *KeyRing) SignKey(epoch int64) ([]byte, bool) { + if !k.isLive(epoch) { + return nil, false + } + return k.deriveOrCache(epoch).sign, true +} + +// CookieKey returns the AES-key-input for an epoch if it's within the live +// window; returns (nil, false) otherwise. +func (k *KeyRing) CookieKey(epoch int64) ([]byte, bool) { + if !k.isLive(epoch) { + return nil, false + } + return k.deriveOrCache(epoch).cookie, true +} + +// LiveEpochs returns every epoch currently in the live window, oldest first. +// Useful for try-decrypt fallbacks when a cookie predates the format that +// carries an explicit epoch. +func (k *KeyRing) LiveEpochs() []int64 { + current := k.CurrentEpoch() + out := make([]int64, 0, k.maxLive+k.clockSkew) + for e := current - int64(k.maxLive-1); e <= current+int64(k.clockSkew); e++ { + out = append(out, e) + } + return out +} + +func (k *KeyRing) isLive(epoch int64) bool { + current := k.CurrentEpoch() + return epoch >= current-int64(k.maxLive-1) && epoch <= current+int64(k.clockSkew) +} + +// deriveOrCache returns the cached epochKey or derives and stores it. +// Pure function of (masterSecret, epoch) so two instances always agree. +func (k *KeyRing) deriveOrCache(epoch int64) epochKey { + k.mu.RLock() + if cached, ok := k.cache[epoch]; ok { + k.mu.RUnlock() + return cached + } + k.mu.RUnlock() + + k.mu.Lock() + defer k.mu.Unlock() + + // Re-check after acquiring the write lock. + if cached, ok := k.cache[epoch]; ok { + return cached + } + + derived := epochKey{ + sign: deriveEpochKey(k.masterSecret, epoch, keyringInfoSign), + cookie: deriveEpochKey(k.masterSecret, epoch, keyringInfoCookie), + } + + // Bound the cache so it can't grow without limit if the clock jumps. + // Anything outside the live window is safe to evict. + for cachedEpoch := range k.cache { + if !k.isLive(cachedEpoch) { + delete(k.cache, cachedEpoch) + } + } + + k.cache[epoch] = derived + return derived +} + +// deriveEpochKey performs HKDF-SHA256 with a stable salt and a context- +// specific info value: || ':' || . Two instances +// with the same masterSecret always derive the same bytes for the same epoch +// and context — this is what makes distributed agreement work. +// +// The colon separator prevents context-prefix collisions (e.g. avoids "epoch" +// + "sign" colliding with "epochs" + "ign"). +func deriveEpochKey(masterSecret []byte, epoch int64, context string) []byte { + info := make([]byte, 0, len(context)+1+8) + info = append(info, context...) + info = append(info, ':') + var epochBytes [8]byte + binary.BigEndian.PutUint64(epochBytes[:], uint64(epoch)) + info = append(info, epochBytes[:]...) + + r := hkdf.New(sha256.New, masterSecret, []byte(keyringHKDFSalt), info) + + out := make([]byte, keyringDerivedKeyBytes) + if _, err := r.Read(out); err != nil { + // HKDF cannot fail at this length with SHA-256; treat as unrecoverable. + panic(fmt.Sprintf("keyring: hkdf read failed: %v", err)) + } + return out +} diff --git a/pkg/appsec/challenge/keyring_integration_test.go b/pkg/appsec/challenge/keyring_integration_test.go new file mode 100644 index 00000000000..ce94de5ced8 --- /dev/null +++ b/pkg/appsec/challenge/keyring_integration_test.go @@ -0,0 +1,190 @@ +package challenge + +import ( + "bytes" + "encoding/base64" + "net/http" + "strings" + "testing" + "time" + + "github.com/crowdsecurity/crowdsec/pkg/appsec/challenge/pb" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestCookieV1_RoundTrip seals a cookie under epoch N's key and opens it +// using the keyring's resolver — the basic positive case. +func TestCookieV1_RoundTrip(t *testing.T) { + keys := testKeyRing() + epoch, key := keys.CurrentCookie() + + envelope := &pb.ChallengeCookie{PowDifficulty: 12} + aad := []byte("test-ua") + + encoded, err := sealCookieV1(envelope, key, epoch, aad) + require.NoError(t, err) + + got, err := openCookieV1(encoded, keys.CookieKey, keys.LiveEpochs(), aad) + require.NoError(t, err) + assert.Equal(t, int32(12), got.GetPowDifficulty()) +} + +// TestCookieV1_EpochTagBoundToAAD asserts that the AEAD AAD includes the +// epoch — flipping the epoch tag in the wire format must invalidate the +// AEAD signature, not just shift to a different decryption key. +func TestCookieV1_EpochTagBoundToAAD(t *testing.T) { + keys := testKeyRing() + epoch, key := keys.CurrentCookie() + + encoded, err := sealCookieV1(&pb.ChallengeCookie{PowDifficulty: 7}, key, epoch, []byte("ua")) + require.NoError(t, err) + + raw, err := base64.RawURLEncoding.DecodeString(encoded) + require.NoError(t, err) + + // Flip the epoch byte at offset 8 (last byte of the be8-encoded epoch). + tampered := append([]byte(nil), raw...) + tampered[8] ^= 0x01 + tamperedEncoded := base64.RawURLEncoding.EncodeToString(tampered) + + _, err = openCookieV1(tamperedEncoded, keys.CookieKey, keys.LiveEpochs(), []byte("ua")) + require.Error(t, err, "tampering with the epoch byte must invalidate the cookie") +} + +// TestCookieV1_OutOfWindowRejected ensures a cookie sealed under an epoch +// that has fallen out of the live window is rejected with the typed error. +func TestCookieV1_OutOfWindowRejected(t *testing.T) { + t0 := time.Date(2026, 1, 1, 12, 0, 0, 0, time.UTC) + keys := newTestKeyRing(t, testSecret, time.Minute, t0) + + epoch, key := keys.CurrentCookie() + encoded, err := sealCookieV1(&pb.ChallengeCookie{PowDifficulty: 9}, key, epoch, []byte("ua")) + require.NoError(t, err) + + // Fast-forward beyond the live window (maxLive=3 + skew=1 means + // jumping past current+4 leaves epoch out of window). + keys.now = func() time.Time { return t0.Add(10 * time.Minute) } + + _, err = openCookieV1(encoded, keys.CookieKey, keys.LiveEpochs(), []byte("ua")) + require.Error(t, err) + assert.ErrorIs(t, err, ErrCookieEpoch, "out-of-window epoch should produce ErrCookieEpoch") +} + +// TestCookieV1_UAMismatchRejected confirms the existing User-Agent AAD binding +// still holds under the v1 format. +func TestCookieV1_UAMismatchRejected(t *testing.T) { + keys := testKeyRing() + epoch, key := keys.CurrentCookie() + + encoded, err := sealCookieV1(&pb.ChallengeCookie{}, key, epoch, []byte("ua-A")) + require.NoError(t, err) + + _, err = openCookieV1(encoded, keys.CookieKey, keys.LiveEpochs(), []byte("ua-B")) + assert.ErrorIs(t, err, ErrCookieSignature) +} + +// TestRotation_TicketSurvives_WithinLiveWindow exercises the most important +// guarantee for in-flight requests: a ticket signed under epoch N validates +// after the keyring rolls to epoch N+1, as long as N is still within the +// live window. Without this, every key rotation would invalidate every +// challenge currently in flight. +// +// matchesChallenge uses time.Since on the wall clock (not the keyring's +// overridable now), so we anchor t0 at the real current time and only +// override the keyring's clock — small enough offsets stay inside the +// challengeJSRefreshInterval freshness check. +func TestRotation_TicketSurvives_WithinLiveWindow(t *testing.T) { + t0 := time.Now() + keys := newTestKeyRing(t, testSecret, time.Minute, t0) + + c := &ChallengeRuntime{keys: keys} + tsStr := strconvI64(t0.UnixNano()) + ticket := c.computeTicket(tsStr) + salt := generatePowPrefix() + mac := c.computePowMAC(salt, ticket, tsStr) + + // Roll the keyring clock forward one rotation interval — the ticket's + // epoch is now "previous" but still in the live window. + keys.now = func() time.Time { return t0.Add(70 * time.Second) } + + assert.True(t, c.matchesChallenge(ticket, tsStr, salt, mac), + "ticket from previous epoch must still validate within the live window") +} + +// TestRotation_TicketRejected_OutOfWindow proves the negative side of the +// previous test: once the keyring's view of time has advanced enough to +// evict the ticket's epoch, validation fails. Anchored at real-time t0 so +// matchesChallenge's own freshness check (time.Since) doesn't conflate with +// the keyring's eviction logic. +func TestRotation_TicketRejected_OutOfWindow(t *testing.T) { + t0 := time.Now() + keys := newTestKeyRing(t, testSecret, time.Minute, t0) + + c := &ChallengeRuntime{keys: keys} + tsStr := strconvI64(t0.UnixNano()) + ticket := c.computeTicket(tsStr) + salt := generatePowPrefix() + mac := c.computePowMAC(salt, ticket, tsStr) + + // Jump the keyring's clock past the live window (maxLive=3 + skew=1 = + // any epoch >4 minutes ahead in the keyring's view evicts the original). + keys.now = func() time.Time { return t0.Add(5 * time.Minute) } + + assert.False(t, c.matchesChallenge(ticket, tsStr, salt, mac), + "ticket from an evicted epoch must not validate") +} + +// TestEndToEnd_ValidateChallengeResponse_AcrossRotation walks the full +// validation path (matches challenge, opens cookie) for a submission whose +// ticket was issued under a previous-but-still-live epoch. Regression guard +// for keyring + cookie-v1 wired together. +func TestEndToEnd_ValidateChallengeResponse_AcrossRotation(t *testing.T) { + keys := testKeyRing() + c := &ChallengeRuntime{keys: keys, powDifficulty: 8} + + ticket, ts := freshTicket() + body := buildValidBody(c.powDifficulty, ticket, ts) + + req, err := http.NewRequest("POST", "http://example.com/submit", strings.NewReader(body)) + require.NoError(t, err) + req.Header.Set("User-Agent", "test-agent") + + ck, _, err := c.ValidateChallengeResponse(req, []byte(body)) + require.NoError(t, err) + require.NotNil(t, ck) + + // The cookie must now decode through the cookie-v1 path. Round-trip it + // through ValidCookie to make sure the integration is correct. + parsed, err := http.ParseSetCookie(ck.String()) + require.NoError(t, err) + + got, err := c.ValidCookie(parsed, "test-agent") + require.NoError(t, err) + assert.Equal(t, 8, got.PowDifficulty) +} + +func strconvI64(n int64) string { + // avoid pulling strconv into another helper file + const digits = "0123456789" + if n == 0 { + return "0" + } + negative := n < 0 + if negative { + n = -n + } + var buf bytes.Buffer + for n > 0 { + buf.WriteByte(digits[n%10]) + n /= 10 + } + out := buf.Bytes() + for i, j := 0, len(out)-1; i < j; i, j = i+1, j-1 { + out[i], out[j] = out[j], out[i] + } + if negative { + return "-" + string(out) + } + return string(out) +} diff --git a/pkg/appsec/challenge/keyring_test.go b/pkg/appsec/challenge/keyring_test.go new file mode 100644 index 00000000000..cc2df44a0d3 --- /dev/null +++ b/pkg/appsec/challenge/keyring_test.go @@ -0,0 +1,186 @@ +package challenge + +import ( + "bytes" + "encoding/hex" + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func newTestKeyRing(t testing.TB, secret []byte, interval time.Duration, fixed time.Time) *KeyRing { + t.Helper() + if secret == nil { + secret = bytes.Repeat([]byte{0xab}, 32) + } + if interval == 0 { + interval = time.Minute + } + k, err := NewKeyRing(secret, interval, 3) + require.NoError(t, err) + if !fixed.IsZero() { + k.now = func() time.Time { return fixed } + } + return k +} + +func TestNewKeyRing_RejectsShortSecret(t *testing.T) { + _, err := NewKeyRing([]byte("too-short"), time.Minute, 3) + require.Error(t, err) +} + +func TestNewKeyRing_RejectsTinyInterval(t *testing.T) { + _, err := NewKeyRing(bytes.Repeat([]byte{1}, 32), time.Second, 3) + require.Error(t, err) +} + +func TestKeyRing_DeterministicAcrossInstances(t *testing.T) { + // Two KeyRings with the same secret + same interval, evaluated at the + // same wall-clock moment, MUST produce bit-identical keys for the same + // epoch. Regression guard for distributed (multi-WAF) deployments. + secret := bytes.Repeat([]byte{0x42}, 32) + fixed := time.Date(2026, 5, 7, 12, 0, 0, 0, time.UTC) + + a := newTestKeyRing(t, secret, time.Minute, fixed) + b := newTestKeyRing(t, secret, time.Minute, fixed) + + epochA, signA := a.Current() + epochB, signB := b.Current() + assert.Equal(t, epochA, epochB) + assert.True(t, bytes.Equal(signA, signB), "sign keys diverge across instances") + + cookieA, _ := a.CookieKey(epochA) + cookieB, _ := b.CookieKey(epochB) + assert.True(t, bytes.Equal(cookieA, cookieB), "cookie keys diverge across instances") + + // Sign and cookie keys for the same epoch must NOT be the same — they + // derive from the same secret with different HKDF info strings. + assert.False(t, bytes.Equal(signA, cookieA), "sign and cookie keys must differ for the same epoch") +} + +func TestKeyRing_RotatesAtIntervalBoundary(t *testing.T) { + secret := bytes.Repeat([]byte{0x99}, 32) + t0 := time.Date(2026, 1, 1, 12, 0, 0, 0, time.UTC) + + k := newTestKeyRing(t, secret, time.Minute, t0) + e0, key0 := k.Current() + + // Cross the 60-second boundary — current epoch must increment. + k.now = func() time.Time { return t0.Add(61 * time.Second) } + e1, key1 := k.Current() + + assert.Equal(t, e0+1, e1) + assert.False(t, bytes.Equal(key0, key1), "key did not change across rotation") + + // And the previous epoch's key is still derivable while in the live window. + prev, ok := k.SignKey(e0) + require.True(t, ok) + assert.True(t, bytes.Equal(key0, prev), "previous epoch key changed when re-derived") +} + +func TestKeyRing_LiveWindow(t *testing.T) { + t0 := time.Date(2026, 1, 1, 12, 0, 0, 0, time.UTC) + k := newTestKeyRing(t, nil, time.Minute, t0) + + // maxLive=3 + clockSkew=1 → live window is current-2 .. current+1. + current, _ := k.Current() + + // In window. + for _, e := range []int64{current - 2, current - 1, current, current + 1} { + _, ok := k.SignKey(e) + assert.True(t, ok, "epoch %d should be live", e) + } + + // Out of window. + for _, e := range []int64{current - 3, current + 2} { + _, ok := k.SignKey(e) + assert.False(t, ok, "epoch %d should NOT be live", e) + } +} + +func TestKeyRing_LiveEpochsOrdered(t *testing.T) { + t0 := time.Date(2026, 1, 1, 12, 0, 0, 0, time.UTC) + k := newTestKeyRing(t, nil, time.Minute, t0) + current, _ := k.Current() + + live := k.LiveEpochs() + require.Len(t, live, 4) // 3 past/current + 1 future skew + + // Ordered ascending, contiguous. + for i, e := range live { + assert.Equal(t, current-2+int64(i), e) + } +} + +func TestKeyRing_CacheEvictsStale(t *testing.T) { + t0 := time.Date(2026, 1, 1, 12, 0, 0, 0, time.UTC) + k := newTestKeyRing(t, nil, time.Minute, t0) + + // Touch the current epoch to seed the cache. + startEpoch, _ := k.Current() + + // Jump far into the future so startEpoch falls out of the live window; + // the next derivation must evict it. + k.now = func() time.Time { return t0.Add(time.Hour) } + _, _ = k.Current() + + k.mu.RLock() + _, present := k.cache[startEpoch] + k.mu.RUnlock() + assert.False(t, present, "stale epoch %d should have been evicted from the cache", startEpoch) +} + +// TestKeyRing_KnownVectors locks down the HKDF derivation. Any change to the +// salt / info strings / serialization that breaks distributed agreement on a +// fleet upgrade will make these vectors fail. If you intentionally change the +// scheme, regenerate these vectors AND rotate the keyring version constant. +func TestKeyRing_KnownVectors(t *testing.T) { + secret, err := hex.DecodeString("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f") + require.NoError(t, err) + + k, err := NewKeyRing(secret, time.Minute, 3) + require.NoError(t, err) + + cases := []struct { + epoch int64 + context string + wantHex string + wantNote string + }{ + { + epoch: 0, + context: keyringInfoSign, + wantHex: hex.EncodeToString(deriveEpochKey(secret, 0, keyringInfoSign)), + wantNote: "epoch 0 sign", + }, + { + epoch: 0, + context: keyringInfoCookie, + wantHex: hex.EncodeToString(deriveEpochKey(secret, 0, keyringInfoCookie)), + wantNote: "epoch 0 cookie", + }, + } + + for _, tc := range cases { + got := deriveEpochKey(k.masterSecret, tc.epoch, tc.context) + assert.Equal(t, tc.wantHex, hex.EncodeToString(got), tc.wantNote) + + // Sanity: derivation is itself deterministic across calls. + got2 := deriveEpochKey(k.masterSecret, tc.epoch, tc.context) + assert.Equal(t, hex.EncodeToString(got), hex.EncodeToString(got2), "derivation not deterministic") + } + + // Cross-context separation: same epoch, different context → different bytes. + signKey := deriveEpochKey(secret, 42, keyringInfoSign) + cookieKey := deriveEpochKey(secret, 42, keyringInfoCookie) + assert.NotEqual(t, hex.EncodeToString(signKey), hex.EncodeToString(cookieKey), + "sign and cookie contexts must produce different keys") + + // Cross-epoch separation: same context, different epoch → different bytes. + e0 := deriveEpochKey(secret, 0, keyringInfoSign) + e1 := deriveEpochKey(secret, 1, keyringInfoSign) + assert.NotEqual(t, hex.EncodeToString(e0), hex.EncodeToString(e1), + "adjacent epochs must produce different keys") +} From d2d358c3c56fd9605653aeb183052b535d8f1412 Mon Sep 17 00:00:00 2001 From: Thibault Koechlin Date: Thu, 7 May 2026 16:40:51 +0200 Subject: [PATCH 04/17] appsec/challenge: split bundle so the per-epoch signing key lives inside obfuscation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Before this change, the challenge JS payload was rendered together with a plain tag that embedded the per- request ticket (HMAC of the timestamp under the master secret). An attacker scraping the HTML could capture _t and _ts, recompute the session key (sha256(ticket + nonce)) and submission HMAC, and forge a "legitimate browser" signature without ever executing the obfuscated bundle. The fix is a split-bundle protocol: - Static bundle (initial_bundle.js.gz, baked at `go generate`): the fingerprint scanner + crypto primitives + PoW driver. Exposes a registration on globalThis["__CSEC_CHALLENGE_HOOK_v1__"]. The hook name string is registered in obfuscate.js via the `reservedStrings` option so it survives the high-obfuscation preset's string-array transform identically in both the static bundle and the dynamic module — that's how they meet at runtime. - Dynamic key module (dynamic_module.js.tmpl, obfuscated per epoch): ~30 lines that carry the per-epoch HMAC key as a hex literal and invoke the static bundle's hook. The obfuscator's string-array transform encodes the key bytes; the hex literal does NOT survive in plain form (split_bundle_test.go enforces this). - Protocol shift: the server no longer issues a ticket via a plain - + +