From f4a8902a1946e0202622e73ab47a48c7a3d4ab25 Mon Sep 17 00:00:00 2001 From: Canopy bot Date: Sat, 5 Nov 2022 15:14:01 +0000 Subject: [PATCH] updated from main (commit 2e42a836c40546a3183203e7a0bfd1774aa3f04e) --- About | 88 ++ Posts/ARP | 54 + Posts/BadRecordMac | 59 + Posts/BottomUp | 61 + Posts/Conex | 317 ++++ Posts/DNS | 266 ++++ Posts/Deploy | 59 + Posts/DnsServer | 276 ++++ Posts/EC | 45 + Posts/Functoria | 119 ++ Posts/Jackline | 337 +++++ Posts/Maintainers | 77 + Posts/Monitoring | 115 ++ Posts/NGI | 67 + Posts/OCaml | 121 ++ Posts/OpamMirror | 32 + Posts/OperatingSystem | 161 ++ Posts/Pinata | 45 + Posts/ReproducibleOPAM | 43 + Posts/Solo5 | 66 + Posts/Summer2019 | 31 + Posts/Syslog | 152 ++ Posts/Traceroute | 346 +++++ Posts/VMM | 279 ++++ Posts/X50907 | 54 + Posts/index.html | 27 + Posts/nqsbWebsite | 194 +++ atom | 1059 +++++++++++++ index.html | 28 + static/css/highlight.css | 101 ++ static/css/style.css | 152 ++ static/img/conex.png | Bin 0 -> 6908 bytes static/img/crobur-june-2019-unikernel.png | Bin 0 -> 364498 bytes static/img/crobur-june-2019.png | Bin 0 -> 266627 bytes static/img/encrypted-alert.png | Bin 0 -> 50962 bytes static/img/jackline.png | Bin 0 -> 6985 bytes static/img/jackline2.png | Bin 0 -> 12551 bytes static/img/mirage-console-bytes.svg | 40 + static/img/mirage-console-xen-bytes-full.svg | 55 + static/img/mirage-console-xen.svg | 669 ++++++++ static/img/mirage-console.svg | 407 +++++ static/img/performance-nqsbio.png | Bin 0 -> 310097 bytes static/img/pinata-bytes.svg | 95 ++ static/img/pinata-deps.svg | 1341 +++++++++++++++++ static/img/pinata_access_20180403.png | Bin 0 -> 6370 bytes .../img/pinata_access_cumulative_20180403.png | Bin 0 -> 5387 bytes static/img/tcp-frame-client.png | Bin 0 -> 84602 bytes static/img/tcp-frame-server.png | Bin 0 -> 76195 bytes static/js/highlight.pack.js | 2 + tags/UI | 3 + tags/background | 6 + tags/bitcoin | 3 + tags/deployment | 8 + tags/future | 3 + tags/http | 3 + tags/logging | 3 + tags/mirageos | 23 + tags/monitoring | 4 + tags/myself | 3 + tags/opam | 3 + tags/operating system | 3 + tags/overview | 6 + tags/package signing | 6 + tags/protocol | 8 + tags/provisioning | 3 + tags/security | 12 + tags/tls | 6 + 67 files changed, 7546 insertions(+) create mode 100644 About create mode 100644 Posts/ARP create mode 100644 Posts/BadRecordMac create mode 100644 Posts/BottomUp create mode 100644 Posts/Conex create mode 100644 Posts/DNS create mode 100644 Posts/Deploy create mode 100644 Posts/DnsServer create mode 100644 Posts/EC create mode 100644 Posts/Functoria create mode 100644 Posts/Jackline create mode 100644 Posts/Maintainers create mode 100644 Posts/Monitoring create mode 100644 Posts/NGI create mode 100644 Posts/OCaml create mode 100644 Posts/OpamMirror create mode 100644 Posts/OperatingSystem create mode 100644 Posts/Pinata create mode 100644 Posts/ReproducibleOPAM create mode 100644 Posts/Solo5 create mode 100644 Posts/Summer2019 create mode 100644 Posts/Syslog create mode 100644 Posts/Traceroute create mode 100644 Posts/VMM create mode 100644 Posts/X50907 create mode 100644 Posts/index.html create mode 100644 Posts/nqsbWebsite create mode 100644 atom create mode 100644 index.html create mode 100644 static/css/highlight.css create mode 100644 static/css/style.css create mode 100644 static/img/conex.png create mode 100644 static/img/crobur-june-2019-unikernel.png create mode 100644 static/img/crobur-june-2019.png create mode 100644 static/img/encrypted-alert.png create mode 100644 static/img/jackline.png create mode 100644 static/img/jackline2.png create mode 100644 static/img/mirage-console-bytes.svg create mode 100644 static/img/mirage-console-xen-bytes-full.svg create mode 100644 static/img/mirage-console-xen.svg create mode 100644 static/img/mirage-console.svg create mode 100644 static/img/performance-nqsbio.png create mode 100644 static/img/pinata-bytes.svg create mode 100644 static/img/pinata-deps.svg create mode 100644 static/img/pinata_access_20180403.png create mode 100644 static/img/pinata_access_cumulative_20180403.png create mode 100644 static/img/tcp-frame-client.png create mode 100644 static/img/tcp-frame-server.png create mode 100644 static/js/highlight.pack.js create mode 100644 tags/UI create mode 100644 tags/background create mode 100644 tags/bitcoin create mode 100644 tags/deployment create mode 100644 tags/future create mode 100644 tags/http create mode 100644 tags/logging create mode 100644 tags/mirageos create mode 100644 tags/monitoring create mode 100644 tags/myself create mode 100644 tags/opam create mode 100644 tags/operating system create mode 100644 tags/overview create mode 100644 tags/package signing create mode 100644 tags/protocol create mode 100644 tags/provisioning create mode 100644 tags/security create mode 100644 tags/tls diff --git a/About b/About new file mode 100644 index 0000000..5fa98b7 --- /dev/null +++ b/About @@ -0,0 +1,88 @@ + +About

About

Written by hannes
Classified under: overviewmyselfbackground
Published: 2016-04-01 (last updated: 2021-11-19)

What is a "full stack engineer"?

+

Analysing the word literally, we should start with silicon and some electrons, +maybe a soldering iron, and build everything all the way up to our favourite +communication system.

+

While I know how to solder, I don't plan to write about hardware in here. I'll +assume that off-the-shelf hardware (arm/amd64) is available and trustworthy. +Read the Intel x86 considered +harmful paper in +case you're interested in trustworthiness of hardware.

+

My current obsession is to enable people to take back control over their data: +simple to setup, secure, decentralised infrastructure. We're not there yet, +which also means I've plenty of projects :).

+

I will write about my projects, which cover topics on various software layers.

+

Myself

+

I'm Hannes Mehnert, a hacker +(in the original sense of the word), 3X years old. In my spare time, I'm not +only a hacker, but also a barista. I like to travel and repair my recumbent +bicycle.

+

Back in 199X, my family bought a PC. It came +with MS-DOS installed, I also remember Windows 3.1 (likely on a later computer). +This didn't really hook me into computers, but over the years I started with +friends to modify some computer games (e.g. modifying text of Civilization). I +first encountered programming in high school around 1995: Borland's Turbo Pascal +(which chased me for several years).

+

Fast forwarding a bit, I learned about the operating system Linux (starting with +SUSE 6.4) and got hooked (by providing basic network services (NFS/YP/Samba)) to +UNIX. In 2000 I joined the Chaos Computer Club. +Over the years I learned various things, from Linux kernel modifications, +Perl, PHP, basic network and security. I use FreeBSD since 4.5, FreeBSD-CURRENT +on my laptop. I helped to reverse engineer and analyse the security of a voting +computer in the Netherlands, and some +art installations in Berlin and Paris. There were +several annual Chaos Communication Congresses where I co-setup the network +(backbone, access layer, wireless, network services such as DHCP/DNS), struggling with +Cisco hardware from their demo pool, and also amongst others HP, Force10, Lucent, Juniper +equipment.

+

In the early 200X I started to program Dylan, a LISP +dialect (dynamic, multiple inheritance, object-oriented), which even resulted in +a TCP/IP +implementation +including a wireshark-like GTK based user interface with a shell similar to IOS for configuring the stack.

+

I got excited about programming languages and type theory (thanks to +types and programming languages, an +excellent book); a key event for me was the international conference on functional programming (ICFP). I wondered how a +gradually typed +Dylan would look like, leading to my master thesis. Gradual typing is the idea to evolve untyped programs into typed ones, and runtime type errors must be in the dynamic part. To me, this sounded like a great idea, to start with some random code, and add types later. +My result was not too convincing (too slow, unsound type system). +Another problem with Dylan is that the community is very small, without sufficient time and energy to maintain the +self-hosted compiler(s) and the graphical IDE.

+

During my studies I met Peter Sestoft. +After half a year off in New Zealand (working on formalising some type systems), +I did a PhD in the ambitious research project "Tools and methods for +scalable software verification", where we mechanised proofs of the functional correctness +of imperative code (PIs: Peter and Lars Birkedal). +The idea was great, the project was fun, but we ended with 3000 lines of proof +script for a 100 line Java program. The Java program was taken off-the-shelf, +several times refactored, and most of its shared mutable state was removed. The +proof script was in Coq, using our higher-order separation logic.

+

I concluded two things: formal verification is hard and usually not applicable +for off-the-shelf software. Since we have to rewrite the software anyways, why +not do it in a declarative way?

+

Some artefacts from that time are still around: an eclipse plugin for +Coq, I also started (with David) the idris-mode for +emacs. Idris is a dependently +typed programming language (you can express richer types), actively being +researched (I would not consider it production ready yet, needs more work on a +faster runtime, and libraries).

+

After I finished my PhD, I decided to slack off for some time to make decent +espresso. I ended up spending the winter (beginning of 2014) in Mirleft, +Morocco. A good friend of mine pointed me to MirageOS, a +clean-slate operating system written in the high-level language OCaml. I got +hooked pretty fast, after some experience with LISP machines I imagined a modern +OS written in a single functional programming language.

+

From summer 2014 until end of 2017 I worked as a postdoctoral researcher at University of Cambridge (in the rigorous engineering of mainstream systems project) with Peter Sewell. I primarily worked on TLS, MirageOS, opam signing, and network semantics. In 2018 I relocated back to Berlin and am working on robur.

+

MirageOS had various bits and pieces into place, including infrastructure for +building and testing (and a neat self-hosted website). A big gap was security. +No access control, no secure sockets layer, nothing. This will be the topic of +another post.

+

OCaml is academically and commercially used, compiles to native code (arm/amd64/likely more), is +fast enough ("Reassuring, because our blanket performance statement 'OCaml +delivers at least 50% of the performance of a decent C compiler' is +not invalidated :-)" Xavier Leroy), and the community is sufficiently large.

+

Me on the intertubes

+

You can find me on twitter and on +GitHub.

+

The data of this blog is stored in a git repository.

+
\ No newline at end of file diff --git a/Posts/ARP b/Posts/ARP new file mode 100644 index 0000000..edc489b --- /dev/null +++ b/Posts/ARP @@ -0,0 +1,54 @@ + +Re-engineering ARP

Re-engineering ARP

Written by hannes
Classified under: mirageosprotocol
Published: 2016-07-12 (last updated: 2021-11-19)

What is ARP?

+

ARP is the Address Resolution Protocol, widely used in legacy IP networks (which support only IPv4). It is responsible to translate an IPv4 address to an Ethernet address. It is strictly more general, abstracting over protocol and hardware addresses. It is basically DNS (the domain name system) on a different layer.

+

ARP is link-local: ARP frames are not routed into other networks, all stay in the same broadcast domain. Thus there is no need for a hop limit (time-to-live). A reverse lookup mechanism (hardware address to protocol) is also available, named reverse ARP ;).

+

I will focus on ARP in this article, as used widely to translate IPv4 addresses into Ethernet addresses. There are two operations in ARP: request and response. A request is usually broadcasted to all hosts (by setting the destination to the broadcast Ethernet address, ff:ff:ff:ff:ff:ff), while a reply is send via unicast (to the host which requested that information).

+

The frame format is pretty straightforward: 2 bytes hardware address type, 2 bytes protocol type, 1 byte length for both types, 2 bytes operation, followed by source addresses (hardware and protocol), and target addresses. In total 28 bytes, considering 48 bit Ethernet addresses and 32 bit IPv4 addresses.

+

It was initially specified in RFC 826, but reading through RFC 1122 (requirements for Internet Hosts - Communication layer), and maybe the newer RFC 5227 (IPv4 address conflict detection) does not hurt.

+

On UNIX systems, you can investigate your arp table, also called arp cache, using the arp command line utility.

+

Protocol logic

+

Let us look what our ARP handler actually needs to do? Translating IPv4 addresses to Ethernet addresses, but where does it learn new information?

+

First of all, our ARP handler needs to know its own IPv4 address and its Ethernet address. It will even broadcast them on startup, so-called gratuitous ARP. The purpose of this is to inform all other hosts on the same network that we are here now. And if another host, let's name it barf, has the same IPv4 address, some sort of conflict resolution needs to happen (otherwise all hosts on the network are confused to whether to send us or barf packets).

+

Once initialisation is over, our ARP handler needs to wait for ARP requests from other hosts on the network, and if addresses to our IPv4 address, issue a reply. The other event which might happen is that a user wants to send an IPv4 packet to another host on the network. In this case, we either already have the Ethernet address in our cache, or we need to send an ARP request to the network and wait for a reply. Since packets might get lost, we actually need to retry sending ARP requests until a limit is reached. To keep the cache in a reasonable size, old entries should be dropped if unused. Also, the Ethernet address of hosts may change, due to hardware replacement or failover.

+

That's it. Pretty straightforward.

+

Design

+

Back in 2008, together with Andreas Bogk, we just used a hash table and installed expiration and retransmission timers when needed. Certainly timers sometimes needed to be cancelled, and testing the code was cumbersome. It were only 250 lines of Dylan code plus some wire format definition.

+

Nowadays, after some years of doing formal verification and typed functional programming, I try to have effects, including mutable state, isolated and explicitly annotated. The code should not contain surprises, but straightforward to understand. The core protocol logic should not be convoluted with side effects, rather a small wrapper around it should. Once this is achieved, testing is straightforward. If the fashion of the asynchronous task library changes (likely with OCaml multicore), the core logic can be reused. It can also be repurposed to run as a test oracle. You can read more marketing of this style in our Usenix security paper.

+

My proposed style and hash tables are not good friends, since hash tables in OCaml are imperative structures. Instead, a Map (documentation) is a functional data structure for associating keys with values. Its underlying data structure is a balanced binary tree.

+

Our ARP handler certainly has some state, at least its IPv4 address, its Ethernet address, and the map containing entries.

+

We have to deal with the various effects mentioned earlier:

+
    +
  • Network we provide a function taking a state and a packet, transforming to successor state, potentially output on the network, and potentially waking up tasks which are awaiting the mac address. +
    • +
  • Timer we need to rely on an external periodic event calling our function tick, which transforms a state to a successor state, a list of ARP requests to be send out (retransmission), and a list of tasks to be informed that a timeout occurred. +
    • +
  • Query a query for an IPv4 address using some state leads to a successor state, and either an immediate answer with the Ethernet address, or an ARP request to be sent and waiting for an answer, or just waiting for an answer in the case another task has already requested that IPv4 address. Since we don't want to convolute the protocol core with tasks, we'll let the effectful layer decide how to achieve that by abstracting over some alpha to store, and requiring a merge : alpha option -> alpha function. +
    • +
+

Excursion: security

+

ARP is a link-local protocol, thus attackers have to have access to the same link-layer: either a cable in the same switch or hub, or in the same wireless network (if you're into modern technology).

+

A very common attack vector for protocols is the so called person in the middle attack, where the attacker sits between you and the remote host. An attacker can achieve this using ARP spoofing: if they can convince your computer that the attacker is the gateway, your computer will send all packets to the attacker, who either forwards them to the remote host, or modifies them, or drops them.

+

ARP does not employ any security mechanism, it is more a question of receiving the first answer (depending on the implementation). A common countermeasure is to manually fill the cache with the gateway statically. This only needs updates if the gateway is replaced, or gets a new network card.

+

Denial of service attacks are also possible using ARP: if the implementation preserves all replies, the cache might expand immensely. This happens sometimes in switch hardware, which have a limited cache, and once it is full, they go into hub mode. This means all frames are broadcasted on all ports. This enables an attacker to passively sniff all traffic in the local network.

+

One denial of service attack vector is due to choosing a hash table as underlying store. Its hash function should be collision-resistant, one way, and its output should be fixed length. A good choice would be a cryptographic hash function (like SHA-256), but these are too expensive and thus rarely used for hash tables. Denial of Service via Algorithmic Complexity Attacks and Efficient Denial of Service Attacks on Web Application Platforms are worth studying. If you expose your hash function to user input (and don't use a private seed), you might accidentally open your attack surface.

+

Back to our design

+

To mitigate person in the middle attacks, we provide an API to add static entries, which are never overwritten by network input. While our own IPv4 addresses are advertised if a matching ARP request was received, other static entries are not advertised (neither are dynamic entries). We do only insert entries to our cache if we have an outstanding request or already an entry. To provide low latency, just before a dynamic entry would timeout, we send another request for this IPv4 address to the network.

+

Implementation

+

I have the source, its documentation, a test suite and a coverage report online.

+

The implementation of the core logic still fits in less than 250 lines of code. Below 100 more lines are needed for decoding and encoding byte buffers. And another 140 lines to implement the Mirage ARP interface. Tests are available which cover the protocol logic and decoding/encoding to 100%.

+

The effectful layer is underspecified (especially regarding conflicts: what happens if there is an outstanding request for an IPv4 address and I add a static entry for this?). There is an implementation based on hash tables, which I used to benchmark a bit.

+

Correctness aside, the performance should be in the same ballpark. I am mainly interested in how much input can be processed, being it invalid input, random valid input, random requests, random replies, and a mix of all that above plus some valid requests which should be answered. I ran the tests in two modes, one with accelerated time (where a minute passed in a second) to increase the pressure on the cache (named fast), one in real time. The results are in the table below (bigger numbers are better). It shows that neither approach is slower by design (of course there is still room for improvement).

+
| Test          | Hashtable |    fast |     Map |    fast |
+| ------------- | --------- | ------- | ------- | ------- |
+| invalid       |   2813076 | 2810684 | 2806899 | 2835905 |
+| valid         |   1126805 | 1320737 | 1770123 | 1785630 |
+| request       |   2059550 | 2044507 | 2109540 | 2119289 |
+| replies       |   1293293 | 1313405 | 1432225 | 1449860 |
+| mixed         |   2158481 | 2191617 | 2196092 | 2213530 |
+| queries       |     42058 |   45258 |   44803 |   44379 |
+
+

I ran each benchmark 3 times on a single core (used cpuset -l 3 to pin it to one specific core) and picked the best set of results. The measure is number of packets processed over 5 seconds, using the Mirage ARP API. The full source code is in the bench subdirectory. As always, take benchmarks with a grain of salt: everybody will always find the right parameters for their microbenchmarks.

+

There was even a bug in the MirageOS ARP code: its definition of gratuitous ARP is wrong.

+

I'm interested in feedback, either via +twitter or via eMail.

+
\ No newline at end of file diff --git a/Posts/BadRecordMac b/Posts/BadRecordMac new file mode 100644 index 0000000..9c79dc2 --- /dev/null +++ b/Posts/BadRecordMac @@ -0,0 +1,59 @@ + +Catch the bug, walking through the stack

Catch the bug, walking through the stack

Written by hannes
Classified under: mirageossecurity
Published: 2016-05-03 (last updated: 2021-11-19)

BAD RECORD MAC

+

Roughly 2 weeks ago, Engil informed me that a TLS alert pops up in his browser sometimes when he reads this website. His browser reported that the message authentication code was wrong. From RFC 5246: This message is always fatal and should never be observed in communication between proper implementations (except when messages were corrupted in the network).

+

I tried hard, but could not reproduce, but was very worried and was eager to find the root cause (some little fear remained that it was in our TLS stack). I setup this website with some TLS-level tracing (extending the code from our TLS handshake server). We tried to reproduce the issue with traces and packet captures (both on client and server side) in place from our computer labs office with no success. Later, Engil tried from his home and after 45MB of wire data, ran into this issue. Finally, evidence! Isolating the TCP flow with the alert resulted in just about 200KB of packet capture data (TLS ASCII trace around 650KB).

+

encrypted alert

+

What is happening on the wire? After some data is successfully transferred, at some point the client sends an encrypted alert (see above). The TLS session used a RSA key exchange and I could decrypt the TLS stream with Wireshark, which revealed that the alert was indeed a bad record MAC. Wireshark's "follow SSL stream" showed all client requests, but not all server responses. The TLS level trace from the server showed properly encrypted data. I tried to spot the TCP payload which caused the bad record MAC, starting from the alert in the client capture (the offending TCP frame should be closely before the alert).

+

client TCP frame

+

There is plaintext data which looks like a HTTP request in the TCP frame sent by the server to the client? WTF? This should never happen! The same TCP frame on the server side looked even more strange: it had an invalid checksum.

+

server TCP frame

+

What do we have so far? We spotted some plaintext data in a TCP frame which is part of a TLS session. The TCP checksum is invalid.

+

This at least explains why we were not able to reproduce from our office: usually, TCP frames with invalid checksums are dropped by the receiving TCP stack, and the sender will retransmit TCP frames which have not been acknowledged by the recipient. However, this mechanism only works if the checksums haven't been changed by a well-meaning middleman to be correct! Our traces are from a client behind a router doing network address translation, which has to recompute the TCP checksum because it modifies destination IP address and port. It seems like this specific router does not validate the TCP checksum before recomputing it, so it replaced the invalid TCP checksum with a valid one.

+

Next steps are: what did the TLS layer intended to send? Why is there a TCP frame with an invalid checksum emitted?

+

Looking into the TLS trace, the TCP payload in question should have started with the following data:

+
0000  0B C9 E5 F3 C5 32 43 6F  53 68 ED 42 F8 67 DA 8B  .....2Co Sh.B.g..
+0010  17 87 AB EA 3F EC 99 D4  F3 38 88 E6 E3 07 D5 6E  ....?... .8.....n
+0020  94 9A 81 AF DD 76 E2 7C  6F 2A C6 98 BA 70 1A AD  .....v.| o*...p..
+0030  95 5E 13 B0 F7 A3 8C 25  6B 3D 59 CE 30 EC 56 B8  .^.....% k=Y.0.V.
+0040  0E B9 E7 20 80 FA F1 AC  78 52 66 1E F1 F8 CC 0D  ........ xRf.....
+0050  6C CD F0 0B E4 AD DA BA  40 55 D7 40 7C 56 32 EE  l....... @U.@|V2.
+0060  9D 0B A8 DE 0D 1B 0A 1F  45 F1 A8 69 3A C3 4B 47  ........ E..i:.KG
+0070  45 6D 7F A6 1D B7 0F 43  C4 D0 8C CF 52 77 9F 06  Em.....C ....Rw..
+0080  59 31 E0 9D B2 B5 34 BD  A4 4B 3F 02 2E 56 B9 A9  Y1....4. .K?..V..
+0090  95 38 FD AD 4A D6 35 E4  66 86 6E 03 AF 2C C9 00  .8..J.5. f.n..,..
+
+

The ethernet, IP, and TCP headers are in total 54 bytes, thus we have to compare starting at 0x0036 in the screenshot above. The first 74 bytes (till 0x007F in the screenshot, 0x0049 in the text dump) are very much the same, but then they diverge (for another 700 bytes).

+

I manually computed the TCP checksum using the TCP/IP payload from the TLS trace, and it matches the one reported as invalid. Thus, a big relief: both the TLS and the TCP/IP stack have used the correct data. Our memory disclosure issue must be after the TCP checksum is computed. After this:

+ +

As mentioned earlier I'm still using mirage-net-xen release 1.4.1.

+

Communication with the Xen hypervisor is done via shared memory. The memory is allocated by mirage-net-xen, which then grants access to the hypervisor using Xen grant tables. The TX protocol is implemented here in mirage-net-xen, which includes allocation of a ring buffer. The TX protocol also has implementations for writing requests and waiting for responses, both of which are identified using a 16bit integer. When a response has arrived from the hypervisor, the respective page is returned into the pool of shared pages, to be reused by the next packet to be transmitted.

+

Instead of a whole page (4096 byte) per request/response, each page is split into two blocks (since the most common MTU for ethernet is 1500 bytes). The identifier in use is the grant reference, which might be unique per page, but not per block.

+

Thus, when two blocks are requested to be sent, the first polled response will immediately release both into the list of free blocks. When another packet is sent, the block still waiting to be sent in the ringbuffer can be reused. This leads to corrupt data being sent.

+

The fix was already done back in December to the master branch of mirage-net-xen, and has now been backported to the 1.4 branch. In addition, a patch to avoid collisions on the receiving side has been applied to both branches (and released in versions 1.4.2 resp. 1.6.1).

+

What can we learn from this? Read the interface documentation (if there is any), and make sure unique identifiers are really unique. Think about the lifecycle of pieces of memory. Investigation of high level bugs pays off, you might find some subtle error on a different layer. There is no perfect security, and code only gets better if more people read and understand it.

+

The issue was in mirage-net-xen since its initial release, but only occured under load, and thanks to reliable protocols, was silently discarded (an invalid TCP checksum leads to a dropped frame and retransmission of its payload).

+

We have seen plain data in a TLS encrypted stream. The plain data was intended to be sent to the dom0 for logging access to the webserver. The same code is used in our Piñata, thus it could have been yours (although I tried hard and couldn't get the Piñata to leak data).

+

Certainly, interfacing the outside world is complex. The mirage-block-xen library uses a similar protocol to access block devices. From a brief look, that library seems to be safe (using 64bit identifiers).

+

I'm interested in feedback, either via +twitter or via eMail.

+

Other updates in the MirageOS ecosystem

+ +
\ No newline at end of file diff --git a/Posts/BottomUp b/Posts/BottomUp new file mode 100644 index 0000000..d0a4b9d --- /dev/null +++ b/Posts/BottomUp @@ -0,0 +1,61 @@ + +Counting Bytes

Counting Bytes

Written by hannes
Classified under: mirageosbackground
Published: 2016-06-11 (last updated: 2021-11-19)

I was busy writing code, text, talks, and also spend a week without Internet, where I ground and brewed 15kg espresso.

+

Size of a MirageOS unikernel

+

There have been lots of claims and myths around the concrete size of MirageOS unikernels. In this article I'll apply some measurements which overapproximate the binary sizes. The tools used for the visualisations are available online, and soon hopefully upstreamed into the mirage tool. This article uses mirage-2.9.0 (which might be outdated at the time of reading).

+

Let us start with a very minimal unikernel, consisting of a unikernel.ml:

+
module Main (C: V1_LWT.CONSOLE) = struct
+  let start c = C.log_s c "hello world"
+end
+
+

and the following config.ml:

+
open Mirage
+
+let () =
+  register "console" [
+    foreign "Unikernel.Main" (console @-> job) $ default_console
+  ]
+
+

If we mirage configure --unix and mirage build, we end up (at least on a 64bit FreeBSD-11 system with OCaml 4.02.3) with a 2.8MB main.native, dynamically linked against libthr, libm and libc (ldd ftw), or a 4.5MB Xen virtual image (built on a 64bit Linux computer).

+

In the _build directory, we can find some object files and their byte sizes:

+
 7144 key_gen.o
+14568 main.o
+ 3552 unikernel.o
+
+

These do not sum up to 2.8MB ;)

+

We did not specify any dependencies ourselves, thus all bits have been injected automatically by the mirage tool. Let us dig a bit deeper what we actually used. mirage configure generates a Makefile which includes the dependent OCaml libraries, and the packages which are used:

+
LIBS   = -pkgs functoria.runtime, mirage-clock-unix, mirage-console.unix, mirage-logs, mirage-types.lwt, mirage-unix, mirage.runtime
+PKGS   = functoria lwt mirage-clock-unix mirage-console mirage-logs mirage-types mirage-types-lwt mirage-unix
+
+

I explained bits of our configuration DSL Functoria earlier. The mirage-clock device is automatically injected by mirage, providing an implementation of the CLOCK device. We use a mirage-console device, where we print the hello world. Since mirage-2.9.0 the logging library (and its reporter, mirage-logs) is automatically injected as well, which actually uses the clock. Also, the mirage type signatures are required. The mirage-unix contains a sleep, a main, and provides the argument vector argv (all symbols in the OS module).

+

Looking into the archive files of those libraries, we end up with ~92KB (NB mirage-types only contains types, and thus no runtime data):

+
15268 functoria/functoria-runtime.a
+ 3194 mirage-clock-unix/mirage-clock.a
+12514 mirage-console/mirage_console_unix.a
+24532 mirage-logs/mirage_logs.a
+14244 mirage-unix/OS.a
+21964 mirage/mirage-runtime.a
+
+

This still does not sum up to 2.8MB since we're missing the transitive dependencies.

+

Visualising recursive dependencies

+

Let's use a different approach: first recursively find all dependencies. We do this by using ocamlfind to read META files which contain a list of dependent libraries in their requires line. As input we use LIBS from the Makefile snippet above. The code (OCaml script) is available here. The colour scheme is red for pieces of the OCaml distribution, yellow for input packages, and orange for the dependencies.

+

+

This is the UNIX version only, the Xen version looks similar (but worth mentioning).

+

+

You can spot at the right that mirage-bootvar uses re, which provoked me to open a PR, but Jon Ludlam already had a nicer PR which is now merged (and a new release is in preparation).

+

Counting bytes

+

While a dependency graphs gives a big picture of what the composed libraries of a MirageOS unikernel, we also want to know how many bytes they contribute to the unikernel. The dependency graph only contains the OCaml-level dependencies, but MirageOS has in addition to that a pkg-config universe of the libraries written in C (such as mini-os, openlibm, ...).

+

We overapproximate the sizes here by assuming that a linker simply concatenates all required object files. This is not true, since the sum of all objects is empirically factor two of the actual size of the unikernel.

+

I developed a pie chart visualisation, but a friend of mine reminded me that such a chart is pretty useless for comparing slices for the human brain. I spent some more time to develop a treemap visualisation to satisfy the brain. The implemented algorithm is based on squarified treemaps, but does not use implicit mutable state. In addition, the provided script parses common linker flags (-o -L -l) and collects arguments to be linked in. It can be passed to ocamlopt as the C linker, more instructions at the end of treemap.ml (which should be cleaned up and integrated into the mirage tool, as mentioned earlier).

+

+

+

As mentioned above, this is an overapproximation. The libgcc.a is only needed on Xen (see this comment), I have not yet tracked down why there is a libasmrun.a and a libxenasmrun.a.

+

More complex examples

+

Besides the hello world, I used the same tools on our BTC Piñata.

+

+

+

Conclusion

+

OCaml does not yet do dead code elimination, but there is a PR based on the flambda middle-end which does so. I haven't yet investigated numbers using that branch.

+

Those counting statistics could go into more detail (e.g. using nm to count the sizes of concrete symbols - which opens the possibility to see which symbols are present in the objects, but not in the final binary). Also, collecting the numbers for each module in a library would be great to have. In the end, it would be great to easily spot the source fragments which are responsible for a huge binary size (and getting rid of them).

+

I'm interested in feedback, either via +twitter or via eMail.

+
\ No newline at end of file diff --git a/Posts/Conex b/Posts/Conex new file mode 100644 index 0000000..37e052d --- /dev/null +++ b/Posts/Conex @@ -0,0 +1,317 @@ + +Conex, establish trust in community repositories

Conex, establish trust in community repositories

Written by hannes
Classified under: package signingsecurityoverview
Published: 2017-02-16 (last updated: 2021-11-19)

Less than two years after the initial proposal, we're happy to present conex +0.9.2. Pleas note that this is still work in progress, to be deployed with opam +2.0 and the opam repository.

+

screenshot

+

Conex is a library to verify and attest release integrity and +authenticity of a community repository through the use of cryptographic signatures.

+

Packages are collected in a community repository to provide an index and +allowing cross-references. Authors submit their packages to the repository. which +is curated by a team of janitors. Information +about a package stored in a repository includes: license, author, releases, +their dependencies, build instructions, url, tarball checksum. When someone +publishes a new package, the janitors integrate it into the repository, if it +compiles and passes some validity checks. For example, its name must not be misleading, +nor may it be too general.

+

Janitors keep an eye on the repository and fix emergent failures. A new +compiler release, or a release of a package on which other packages depend, might break the compilation of +a package. Janitors usually fix these problems by adding a patch to the build script, or introducing +a version constraint in the repository.

+

Conex ensures that every release of each package has been approved by its author or a quorum of janitors. +A conex-aware client initially verifies the repository using janitor key fingerprints as anchor. +Afterwards, the on-disk repository is trusted, and every update is verified (as a patch) individually. +This incremental verification is accomplished by ensuring all resources +that the patch modifies result in a valid repository with +sufficient approvals. Additionally, monotonicity is preserved by +embedding counters in each resource, and enforcing a counter +increment after modification. +This mechanism avoids rollback attacks, when an +attacker presents you an old version of the repository.

+

A timestamping service (NYI) will periodically approve a global view of the +verified repository, together with a timestamp. This is then used by the client +to prevent mix-and-match attacks, where an attacker mixes some old packages and +some new ones. Also, the client is able to detect freeze attacks, since at +least every day there should be a new signature done by the timestamping service.

+

The trust is rooted in digital signatures by package authors. The server which +hosts the repository does not need to be trusted. Neither does the host serving +release tarballs.

+

If a single janitor would be powerful enough to approve a key for any author, +compromising one janitor would be sufficient to enroll any new identities, +modify dependencies, build scripts, etc. In conex, a quorum of janitors (let's +say 3) have to approve such changes. This is different from current workflows, +where a single janitor with access to the repository can merge fixes.

+

Conex adds metadata, in form of resources, to the repository to ensure integrity and +authenticity. There are different kinds of resources:

+
    +
  • Authors, consisting of a unique identifier, public key(s), accounts. +
    • +
  • Teams, sharing the same namespace as authors, containing a set of members. +
    • +
  • Authorisation, one for each package, describing which identities are authorised for the package. +
    • +
  • Package index, for each package, listing all releases. +
    • +
  • Release, for each release, listing checksums of all data files. +
    • +
+

Modifications to identities and authorisations need to be approved by a quorum +of janitors, package index and release files can be modified either by an authorised +id or by a quorum of janitors.

+

Documentation

+

API documentation is +available online, also a coverage +report.

+

We presented an abstract at OCaml +2016 about an +earlier design.

+

Another article on an earlier design (from +2015) is also +available.

+

Conex is inspired by the update +framework, especially on their CCS 2010 +paper, and +adapted to the opam repository.

+

The TUF +spec +has a good overview of attacks and threat model, both of which are shared by conex.

+

What's missing

+
    +
  • See issue 7 for a laundry list +
    • +
  • Timestamping service +
    • +
  • Key revocation and rollover +
    • +
  • Tool to approve a PR (for janitors) +
    • +
  • Camelus like opam-repository check bot +
    • +
  • Integration into release management systems +
    • +
+

Getting started

+

At the moment, our opam repository +does not include any metadata needed for signing. We're in a bootstrap phase: +we need you to generate a keypair, claim your packages, and approve your releases.

+

We cannot verify the main opam repository yet, but opam2 has support for a +repository validation command, +builtin, which should then call out to conex_verify (there is a --nostrict +flag for the impatient). There is also an example repository which uses the opam validation command.

+

To reduce the manual work, we analysed 7000 PRs of the opam repository within +the last 4.5 years (more details here. +This resulted in an educated guess who are the people +modifying each package, which we use as a basis whom to authorise for +which packages. Please check with conex_author status below whether your team +membership and authorised packages were inferred correctly.

+

Each individual author - you - need to generate their private key, submit +their public key and starts approving releases (and old ones after careful +checking that the build script, patches, and tarball checksum are valid). +Each resource can be approved in multiple versions at the same time.

+

Installation

+

TODO: remove clone once PR 8494 is merged.

+
$ git clone -b auth https://github.com/hannesm/opam-repository.git repo
+$ opam install conex
+$ cd repo
+
+

This will install conex, namely command line utilities, conex_author and +conex_verify_nocrypto/conex_verify_openssl. All files read and written by conex are in the usual +opam file format. This means can always manually modify them (but be careful, +modifications need to increment counters, add checksums, and be signed). Conex +does not deal with git, you have to manually git add files and open pull +requests.

+

Author enrollment

+

For the opam repository, we will use GitHub ids as conex ids. Thus, your conex +id and your GitHub id should match up.

+
repo$ conex_author init --repo ~/repo --id hannesm
+Created keypair hannesm.  Join teams, claim your packages, sign your approved resources and open a PR :)
+
+

This attempts to parse ~/repo/id/hannesm, errors if it is a team or an author +with a publickey. Otherwise it generates a keypair, writes the private part as +home.hannes.repo.hannesm.private (the absolute path separated by dots, +followed by your id, and private - if you move your repository, rename your +private key) into ~/.conex/, the checksums of the public part and your +accounts into ~/repo/id/hannesm. See conex_author help init for more +options (esp. additional verbosity -v can be helpful).

+
repo$ git status -s
+ M id/hannesm
+
+repo$ git diff //abbreviated output
+-  ["counter" 0x0]
++  ["counter" 0x1]
+
+-  ["resources" []]
++  [
++    "resources"
++    [
++      [
++        ["typ" "key"]
++        ["name" "hannesm"]
++        ["index" 0x1]
++        ["digest" ["SHA256" "ht9ztjjDwWwD/id6LSVi7nKqVyCHQuQu9ORpr8Zo2aY="]]
++      ]
++      [
++        ["typ" "account"]
++        ["name" "hannesm"]
++        ["index" 0x2]
++        ["digest" ["SHA256" "aCsktJ5M9PI6T+m1NIQtuIFYILFkqoHKwBxwvuzpuzg="]]
++      ]
++
++keys: [
++  [
++    [
++      "RSA"
++      """
++-----BEGIN PUBLIC KEY-----
++MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyUhArwt4XcxLanARyH9S
+...
++9KQdg6QnLsQh/j74QKLOZacCAwEAAQ==
++-----END PUBLIC KEY-----"""
++      0x58A3419F
++    ]
++    [
++      0x58A79A1D
++      "RSA-PSS-SHA256"
++      "HqqicsDx4hG9pFM5E7"
++    ]
++  ]
++]
+
+

Status

+

If you have a single identity and contribute to a single signed opam repository, +you don't need to specify --id or --repo from now on.

+

The status subcommand presents an author-specific view on the repository. It +lists the own public keys, team membership, queued resources, and authorised +packages.

+

The opam repository is in a transitionary state, we explicitly pass --quorum 0, which means that every checksum is valid (approved by a quorum of 0 +janitors).

+
repo$ conex_author status --quorum 0 arp
+author hannesm #1 (created 0) verified 3 resources, 0 queued
+4096 bit RSA key created 1487094175 approved, SHA256: ht9ztjjDwWwD/id6LSVi7nKqVyCHQuQu9ORpr8Zo2aY=
+account GitHub hannesm approved
+account email hannes@mehnert.org approved
+package arp authorisation approved
+conex_author: [ERROR] package index arp was not found in repository
+
+

This shows your key material and accounts, team membership and packages you are +authorised to modify (inferred as described +here.

+

The --noteam argument limits the package list to only these you are personally +authorised for. The --id argument presents you with a view of another author, +or from a team perspective. The positional argument is a prefix matching on +package names (leave empty for all).

+

Resource approval

+

Each resource needs to be approved individually. Each author has a local queue +for to-be-signed resources, which is extended with authorisation, init, +key, release, and team (all have a --dry-run flag). The queue can be +dropped using conex_author reset. Below shown is conex_author sign, which +let's you interactively approve queued resources and cryptopgraphically signs +your approved resources afterwards.

+

The output of conex_author status listed an authorisation for conf-gsl, +which I don't feel responsible for. Let's drop my privileges:

+
repo$ conex_author authorisation conf-gsl --remove -m hannesm
+modified authorisation and added resource to your queue.
+
+

I checked my arp release careful (checksums of tarballs are correct, opam files +do not execute arbitrary shell code, etc.), and approve this package and its +single release:

+
repo$ conex_author release arp
+conex_author.native: [WARNING] package index arp was not found in repository
+conex_author.native: [WARNING] release arp.0.1.1 was not found in repository
+wrote release and added resources to your queue.
+
+

Once finished with joining and leaving teams (using the team subcommand), +claiming packages (using the authorisation subcommand), and approve releases +(using the release subcommand), you have to cryprographically sign your queued +resource modifications:

+
repo$ conex_author sign
+release arp.0.1.1 #1 (created 1487269425)
+[descr: SHA256: aCsNvcj3cBKO0GESWG4r3AzoUEnI0pHGSyEDYNPouoE=;
+opam: SHA256: nqy6lD1UP+kXj3+oPXLt2VMUIENEuHMVlVaG2V4z3p0=;
+url: SHA256: FaUPievda6cEMjNkWdi0kGVK7t6EpWGfQ4q2NTSTcy0=]
+approved (yes/No)?
+package arp #1 (created 1487269425) [arp.0.1.1]
+approved (yes/No)?y
+authorisation conf-gsl #1 (created 0) empty
+approved (yes/No)?y
+wrote hannesm to disk
+
+repo$ conex_author status --quorum 0 arp
+author hannesm #1 (created 0) verified 7 resources, 0 queued
+4096 bit RSA key created 1487094175 approved, SHA256: ht9ztjjDwWwD/id6LSVi7nKqVyCHQuQu9ORpr8Zo2aY=
+account GitHub hannesm approved
+account email hannes@mehnert.org approved
+package arp authorisation approved package index approved
+release arp.0.1.1: approved
+
+

If you now modify anything in packages/arp (add subdirectories, modify opam, +etc.), this will not be automatically approved (see below for how to do this).

+

You manually need to git add some created files.

+
repo$ git status -s
+ M id/hannesm
+ M packages/conf-gsl/authorisation
+?? packages/arp/arp.0.1.1/release
+?? packages/arp/package
+
+repo$ git add packages/arp/arp.0.1.1/release packages/arp/package
+repo$ git commit -m "hannesm key enrollment and some fixes" id packages
+
+

Now push this to your fork, and open a PR on opam-repository!

+

Editing a package

+

If you need to modify a released package, you modify the opam file (as before, +e.g. introducing a conflict with a dependency), and then approve the +modifications. After your local modifications, conex_author status will +complain:

+
repo$ conex_author status arp --quorum 0
+package arp authorisation approved package index approved
+release arp.0.1.1: checksums for arp.0.1.1 differ, missing on disk: empty, missing in checksums file: empty, checksums differ: [have opam: SHA256: QSGUU9HdPOrwoRs6XJka4cZpd8h+8NN1Auu5IMN8ew4= want opam: SHA256: nqy6lD1UP+kXj3+oPXLt2VMUIENEuHMVlVaG2V4z3p0=]
+
+repo$ conex_author release arp.0.1.1
+released and added resources to your resource list.
+
+repo$ conex_author sign
+release arp.0.1.1 #1 (created 1487269943)
+[descr: SHA256: aCsNvcj3cBKO0GESWG4r3AzoUEnI0pHGSyEDYNPouoE=;
+opam: SHA256: QSGUU9HdPOrwoRs6XJka4cZpd8h+8NN1Auu5IMN8ew4=;
+url: SHA256: FaUPievda6cEMjNkWdi0kGVK7t6EpWGfQ4q2NTSTcy0=]
+approved (yes/No)? y
+wrote hannesm to disk
+
+

The release subcommand recomputed the checksums, incremented the counter, and +added it to your queue. The sign command signed the approved resource.

+
repo$ git status -s
+ M id/hannesm
+ M packages/arp/arp.0.1.1/opam
+ M packages/arp/arp.0.1.1/package
+
+repo$ git commit -m "fixed broken arp package" id packages
+
+

Janitor tools

+

Janitors need to approve teams, keys, accounts, and authorisations.

+

To approve resources which are already in the repository on disk, +the key subcommand queues approval of keys and accounts of the provided author:

+
repo$ conex_author key avsm
+added keys and accounts to your resource list.
+
+

The authorisation subcommand, and team subcommand behave similarly for +authorisations and teams.

+

Bulk operations are supported as well:

+
conex_author authorisation all
+
+

This will approve all authorisations of the repository which are not yet +approved by you. Similar for the key and team subcommands, which also +accept all.

+

Don't forget to conex_author sign afterwards (or yes | conex_author sign).

+

Verification

+

The two command line utlities, conex_verify_openssl and +conex_verify_nocrypto contain the same logic and same command line arguments.

+

For bootstrapping purposes (nocrypto is an opam package with dependencies), +conex_verify_openssl relies on the openssl command line tool (version 1.0.0 +and above) for digest computation and verification of the RSA-PSS signature.

+

The goal is to use the opam2 provided hooks, but before we have signatures we +cannot enable them.

+

See the example repository for initial +verification experiments, and opam2 integration.

+

I'm interested in feedback, please open an issue on the conex +repository. This article itself is stored as +Markdown in a different repository.

+
\ No newline at end of file diff --git a/Posts/DNS b/Posts/DNS new file mode 100644 index 0000000..05e9a45 --- /dev/null +++ b/Posts/DNS @@ -0,0 +1,266 @@ + +My 2018 contains robur and starts with re-engineering DNS

My 2018 contains robur and starts with re-engineering DNS

Written by hannes
Classified under: mirageosprotocol
Published: 2018-01-11 (last updated: 2021-11-19)

2018

+

At the end of 2017, I resigned from my PostDoc position at University of +Cambridge (in the rems project). Early +December 2017 I organised the 4th MirageOS hack +retreat, with which I'm +very satisfied. In March 2018 the 5th retreat will +happen (please sign up!).

+

In 2018 I moved to Berlin and started to work for the (non-profit) Center for +the cultivation of technology with our +robur.io project "At robur, we build performant bespoke +minimal operating systems for high-assurance services". robur is only possible +by generous donations in autumn 2017, enthusiastic collaborateurs, supportive +friends, and a motivated community, thanks to all. We will receive funding from +the prototypefund to work on a +CalDAV server implementation in OCaml +targeting MirageOS. We're still looking for donations and further funding, +please get in touch. Apart from CalDAV, I want to start the year by finishing +several projects which I discovered on my hard drive. This includes DNS, opam +signing, TCP, ... . My personal goal for 2018 is to develop a +flexible mirage deploy, because after configuring and building a unikernel, I +want to get it smoothly up and running (spoiler: I already use +albatross in production).

+

To kick off (3% of 2018 is already used) this year, I'll talk in more detail +about µDNS, an opinionated from-scratch +re-engineered DNS library, which I've been using since Christmas 2017 in production for +ns.nqsb.io and +ns.robur.io. The +development started in March 2017, and continued over several evenings and long +weekends. My initial motivation was to implement a recursive resolver to run on +my laptop. I had a working prototype in use on my laptop over 4 months in the +summer 2017, but that code was not in a good shape, so I went down the rabbit +hole and (re)wrote a server (and learned more about GADT). A configurable +resolver needs a server, as local overlay, usually anyways. Furthermore, +dynamic updates are standardised and thus a configuration interface exists +inside the protocol, even with hmac-signatures for authentication! +Coincidentally, I started to solve another issue, namely automated management of let's +encrypt certificates (see this +branch for an +initial hack). On my journey, I also reported a cache poisoning vulnerability, +which was fixed in Docker for +Windows.

+

But let's get started with some content. Please keep in mind that while the +code is publicly available, it is not yet released (mainly since the test +coverage is not high enough, and the lack of documentation). I appreciate early +adopters, please let me know if you find any issues or find a use case which is +not straightforward to solve. This won't be the last article about DNS this +year - persistent storage, resolver, let's encrypt support are still missing.

+

What is DNS?

+

The domain name system is a core Internet +protocol, which translates domain names to IP addresses. A domain name is +easier to memorise for human beings than an IP address. DNS is hierarchical and +decentralised. It was initially "specified" in Nov 1987 in RFC +1034 and RFC +1035. Nowadays it spans over more than 20 +technical RFCs, 10 security related, 5 best current practises and another 10 +informational. The basic encoding and mechanisms did not change.

+

On the Internet, there is a set of root servers (administrated by IANA) which +provide the information about which name servers are authoritative for which top level +domain (such as ".com"). They provide the information about which name servers are +responsible for which second level domain name (such as "example.com"), and so +on. There are at least two name servers for each domain name in separate +networks - in case one is unavailable the other can be reached.

+

The building blocks for DNS are: the resolver, a stub (gethostbyname provided +by your C library) or caching forwarding resolver (at your ISP), which send DNS +packets to another resolver, or a recursive resolver which, once seeded with the +root servers, finds out the IP address of a requested domain name. The other +part are authoritative servers, which reply to requests for their configured +domain.

+

To get some terminology, a DNS client sends a query, consisting of a domain +name and a query type, and expects a set of answers, which are called resource +records, and contain: name, time to live, type, and data. The resolver +iteratively requests resource records from authoritative servers, until the requested +domain name is resolved or fails (name does not exist, server +failure, server offline).

+

DNS usually uses UDP as transport which is not reliable and limited to 512 byte +payload on the Internet (due to various middleboxes). DNS can also be +transported via TCP, and even via TLS over UDP or TCP. If a DNS packet +transferred via UDP is larger than 512 bytes, it is cut at the 512 byte mark, +and a bit in its header is set. The receiver can decide whether to use the 512 +bytes of information, or to throw it away and attempt a TCP connection.

+

DNS packet

+

The packet encoding starts with a 16bit identifier followed by a 16bit header +(containing operation, flags, status code), and four counters, each 16bit, +specifying the amount of resource records in the body: questions, answers, +authority records, and additional records. The header starts with one bit +operation (query or response), four bits opcode, various flags (recursion, +authoritative, truncation, ...), and the last four bit encode the response code.

+

A question consists of a domain name, a query type, and a query class. A +resource record additionally contains a 32bit time to live, a length, and the +data.

+

Each domain name is a case sensitive string of up to 255 bytes, separated by . +into labels of up to 63 bytes each. A label is either encoded by its length +followed by the content, or by an offset to the start of a label in the current +DNS frame (poor mans compression). Care must be taken during decoding to avoid +cycles in offsets. Common operations on domain names are comparison: equality, +ordering, and also whether some domain name is a subdomain of another domain +name, should be efficient. My initial representation naïvely was a list of +strings, now it is an array of strings in reverse order. This speeds up common +operations by a factor of 5 (see test/bench.ml).

+

The only really used class is IN (for Internet), as mentioned in RFC +6895. Various query types (MD, MF, +MB, MG, MR, NULL, AFSDB, ...) are barely or never used. There is no +need to convolute the implementation and its API with these legacy options (if +you have a use case and see those in the wild, please tell me).

+

My implemented packet decoding does decompression, only allows valid internet +domain names, and may return a partial parse - to use as many resource records +in truncated packets as possible. There are no exceptions raised, the parsing +uses a monadic style error handling. Since label decompression requires the +parser to know absolute offsets, the original buffer and the offset is manually +passed around at all times, instead of using smaller views on the buffer. The +decoder does not allow for gaps, when the outer resource data length specifies a +byte length which is not completely consumed by the specific resource data +subparser (an A record must always consume four bytes). Failing to check this can +lead to a way to exfiltrate data without getting noticed.

+

Each zone (a served domain name) contains a SOA "start of authority" entry, +which includes the primary nameserver name, the hostmaster's email address (both +encoded as domain name), a serial number of the zone, a refresh, retry, expiry, +and minimum interval (all encoded as 32bit unsigned number in seconds). Common +resource records include A, which payload is 32bit IPv4 address. A nameserver +(NS) record carries a domain name as payload. A mail exchange (MX) whose +payload is a 16bit priority and a domain name. A CNAME record is an alias to +another domain name. These days, there are even records to specify the +certificate authority authorisation (CAA) records containing a flag (critical), +a tag ("issue") and a value ("letsencrypt.org").

+

Server

+

The operation of a DNS server is to listen for a request and serve a reply. +Data to be served can be canonically encoded (the RFC describes the format) in a +zone file. Apart from insecurity in DNS server implementations, another attack +vector are amplification attacks where an attacker crafts a small UDP frame +with a fake source IP address, and the server answers with a large response to +that address which may lead to a DoS attack. Various mitigations exist +including rate limiting, serving large replies only via TCP, ...

+

Internally, the zone file data is stored in a tree (module +Dns_trie +implementation), +where each node contains two maps: sub, which key is a label and value is a +subtree and dns_map (module Dns_map), which key is a resource record type and +value is the resource record. Both use the OCaml +Map ("also known +as finite maps or dictionaries, given a total ordering function over the +keys. All operations over maps are purely applicative (no side-effects). The +implementation uses balanced binary trees, and therefore searching and insertion +take time logarithmic in the size of the map").

+

The server looks up the queried name, and in the returned Dns_map the queried +type. The found resource records are sent as answer, which also includes the +question and authority information (NS records of the zone) and additional glue +records (IP addresses of names mentioned earlier in the same zone).

+

Dns_map

+

The data structure which contains resource record types as key, and a collection +of matching resource records as values. In OCaml the value type must be +homogenous - using a normal sum type leads to an unneccessary unpacking step +(or lacking type information):

+
let lookup_ns t =
+  match Map.find NS t with
+  | None -> Error `NotFound
+  | Some (NS nameservers) -> Ok nameservers
+  | Some _ -> Error `NotFound
+
+

Instead, I use in my current rewrite generalized algebraic data +types (read +OCaml manual and +Mads Hartmann blog post about use cases for +GADTs, Andreas +Garnæs about using GADTs for GraphQL type +modifiers) +to preserve a relation between key and value (and A record has a list of IPv4 +addresses and a ttl as value) - similar to +hmap, but different: a closed key-value +mapping (the GADT), no int for each key and mutable state. Thanks to Justus +Matthiesen for helping me with GADTs and this code. Look into the +interface and +implementation.

+
(* an ordering relation, I dislike using int for that *)
+module Order = struct
+  type (_,_) t =
+    | Lt : ('a, 'b) t
+    | Eq : ('a, 'a) t
+    | Gt : ('a, 'b) t
+end
+
+module Key = struct
+  (* The key and its value type *)
+  type _ t =
+    | Soa : (int32 * Dns_packet.soa) t
+    | A : (int32 * Ipaddr.V4.t list) t
+    | Ns : (int32 * Dns_name.DomSet.t) t
+    | Cname : (int32 * Dns_name.t) t
+
+  (* we need a total order on our keys *)
+  let compare : type a b. a t -> b t -> (a, b) Order.t = fun t t' ->
+    let open Order in
+    match t, t' with
+    | Cname, Cname -> Eq | Cname, _ -> Lt | _, Cname -> Gt
+    | Ns, Ns -> Eq | Ns, _ -> Lt | _, Ns -> Gt
+    | Soa, Soa -> Eq | Soa, _ -> Lt | _, Soa -> Gt
+    | A, A -> Eq
+end
+
+type 'a key = 'a Key.t
+
+(* our OCaml Map with an encapsulated constructor as key *)
+type k = K : 'a key -> k
+module M = Map.Make(struct
+    type t = k
+    (* the price I pay for not using int as three-state value *)
+    let compare (K a) (K b) = match Key.compare a b with
+      | Order.Lt -> -1
+      | Order.Eq -> 0
+      | Order.Gt -> 1
+  end)
+
+(* v contains a key and value pair, wrapped by a single constructor *)
+type v = V : 'a key * 'a -> v
+
+(* t is the main type of a Dns_map, used by clients *)
+type t = v M.t
+
+(* retrieve a typed value out of the store *)
+let get : type a. a Key.t -> t -> a = fun k t ->
+  match M.find (K k) t with
+  | V (k', v) ->
+    (* this comparison is superfluous, just for the types *)
+    match Key.compare k k' with
+    | Order.Eq -> v
+    | _ -> assert false
+
+

This helps me to programmaticaly retrieve tightly typed values from the cache, +important when code depends on concrete values (i.e. when there are domain +names, look these up as well and add as additional records). Look into server/dns_server.ml

+

Dynamic updates, notifications, and authentication

+

Dynamic updates specify in-protocol +record updates (supported for example by nsupdate from ISC bind-tools), +notifications are used by primary servers +to notify secondary servers about updates, which then initiate a zone +transfer to retrieve up to date +data. Shared hmac secrets are used to +ensure that the transaction (update, zone transfer) was authorised. These are +all protocol extensions, there is no need to use out-of-protocol solutions.

+

The server logic for update and zone transfer frames is slightly more complex, +and includes a dependency upon an authenticator (implemented using the +nocrypto library, and +ptime).

+

Deployment and Let's Encrypt

+

To deploy servers without much persistent data, an authentication schema is +hardcoded in the dns-server: shared secrets are also stored as DNS entries +(DNSKEY), and _transfer.zone, _update.zone, and _key-management.zone names +are introduced to encode the permissions. A _transfer key also needs to +encode the IP address of the primary (to know where to request zone transfers) +and secondary IP (to know where to send notifications).

+

Please have a look at +ns.robur.io and the examples for more details. The shared secrets are provided as boot parameter of the unikernel.

+

I hacked maker's +ocaml-letsencrypt +library to use µDNS and sending update frames to the given IP address. I +already used this to have letsencrypt issue various certificates for my domains.

+

There is no persistent storage of updates yet, but this can be realised by +implementing a secondary (which is notified on update) that writes every new +zone to persistent storage (e.g. disk +or git). I also plan to have an +automated Let's Encrypt certificate unikernel which listens for certificate +signing requests and stores signed certificates in DNS. Luckily the year only +started and there's plenty of time left.

+

I'm interested in feedback, either via twitter +hannesm@mastodon.social or via eMail.

+
\ No newline at end of file diff --git a/Posts/Deploy b/Posts/Deploy new file mode 100644 index 0000000..15ce4cb --- /dev/null +++ b/Posts/Deploy @@ -0,0 +1,59 @@ + +Deploying binary MirageOS unikernels

Deploying binary MirageOS unikernels

Written by hannes
Classified under: mirageosdeployment
Published: 2021-06-30 (last updated: 2021-11-15)

Introduction

+

MirageOS development focus has been a lot on tooling and the developer experience, but to accomplish our goal to "get MirageOS into production", we need to lower the barrier. This means for us to release binary unikernels. As described earlier, we received a grant for "Deploying MirageOS" from NGI Pointer to work on the required infrastructure. This is joint work with Reynir.

+

We provide at builds.robur.coop binary unikernel images (and supplementary software). Doing binary releases of MirageOS unikernels is challenging in two aspects: firstly to be useful for everyone, a binary unikernel should not contain any configuration (such as private keys, certificates, etc.). Secondly, the binaries should be reproducible. This is crucial for security; everyone can reproduce the exact same binary and verify that our build service did only use the sources. No malware or backdoors included.

+

This post describes how you can deploy MirageOS unikernels without compiling it from source, then dives into the two issues outlined above - configuration and reproducibility - and finally describes how to setup your own reproducible build infrastructure for MirageOS, and how to bootstrap it.

+

Deploying MirageOS unikernels from binary

+

To execute a MirageOS unikernel, apart from a hypervisor (Xen/KVM/Muen), a tender (responsible for allocating host system resources and passing these to the unikernel) is needed. Using virtio, this is conventionally done with qemu on Linux, but its code size (and attack surface) is huge. For MirageOS, we develop Solo5, a minimal tender. It supports hvt - hardware virtualization (Linux KVM, FreeBSD BHyve, OpenBSD VMM), spt - sandboxed process (a tight seccomp ruleset (only a handful of system calls allowed, no hardware virtualization needed), Linux only). Apart from that, muen (a hypervisor developed in Ada), virtio (for some cloud deployments), and xen (PVHv2 or Qubes 4.0) - read more. We deploy our unikernels as hvt with FreeBSD BHyve as hypervisor.

+

On builds.robur.coop, next to the unikernel images, solo5-hvt packages are provided - download the binary and install it. A NixOS package is already available - please note that soon packaging will be much easier (and we will work on packages merged into distributions).

+

When the tender is installed, download a unikernel image (e.g. the traceroute described in an earlier post), and execute it:

+
$ solo5-hvt --net:service=tap0 -- traceroute.hvt --ipv4=10.0.42.2/24 --ipv4-gateway=10.0.42.1
+
+

If you plan to orchestrate MirageOS unikernels, you may be interested in albatross - we provide binary packages as well for albatross. An upcoming post will go into further details of how to setup albatross.

+

MirageOS configuration

+

A MirageOS unikernel has a specific purpose - composed of OCaml libraries - selected at compile time, which allows to only embed the required pieces. This reduces the attack surface drastically. At the same time, to be widely useful to multiple organisations, no configuration data must be embedded into the unikernel.

+

Early MirageOS unikernels such as mirage-www embed content (blog posts, ..) and TLS certificates and private keys in the binary (using crunch). The Qubes firewall (read the blog post by Thomas for more information) used to include the firewall rules until v0.6 in the binary, since v0.7 the rules are read dynamically from QubesDB. This is big usability improvement.

+

We have several possibilities to provide configuration information in MirageOS, on the one hand via boot parameters (can be pre-filled at development time, and further refined at configuration time, but those passed at boot time take precedence). Boot parameters have a length limitation.

+

Another option is to use a block device - where the TLS reverse proxy stores the configuration, modifiable via a TCP control socket (authentication using a shared hmac secret).

+

Several other unikernels, such as this website and our CalDAV server, store the content in a remote git repository. The git URI and credentials (private key seed, host key fingerprint) are passed via boot parameter.

+

Finally, another option that we take advantage of is to introduce a post-link step that rewrites the binary to embed configuration. The tool caravan developed by Romain that does this rewrite is used by our openvpn router (binary).

+

In the future, some configuration information - such as monitoring system, syslog sink, IP addresses - may be done via DHCP on one of the private network interfaces - this would mean that the DHCP server has some global configuration option, and the unikernels no longer require that many boot parameters. Another option we want to investigate is where the tender shares a file as read-only memory-mapped region from the host system to the guest system - but this is tricky considering all targets above (especially virtio and muen).

+

Behind the scenes: reproducible builds

+

To provide a high level of assurance and trust, if you distribute binaries in 2021, you should have a recipe how they can be reproduced in a bit-by-bit identical way. This way, different organisations can run builders and rebuilders, and a user can decide to only use a binary if it has been reproduced by multiple organisations in different jurisdictions using different physical machines - to avoid malware being embedded in the binary.

+

For a reproduction to be successful, you need to collect the checksums of all sources that contributed to the built, together with other things (host system packages, environment variables, etc.). Of course, you can record the entire OS and sources as a tarball (or file system snapshot) and distribute that - but this may be suboptimal in terms of bandwidth requirements.

+

With opam, we already have precise tracking which opam packages are used, and since opam 2.1 the opam switch export includes extra-files (patches) and records the VCS version. Based on this functionality, orb, an alternative command line application using the opam-client library, can be used to collect (a) the switch export, (b) host system packages, and (c) the environment variables. Only required environment variables are kept, all others are unset while conducting a build. The only required environment variables are PATH (sanitized with an allow list, /bin, /sbin, with /usr, /usr/local, and /opt prefixes), and HOME. To enable Debian's apt to install packages, DEBIAN_FRONTEND is set to noninteractive. The SWITCH_PATH is recorded to allow orb to use the same path during a rebuild. The SOURCE_DATE_EPOCH is set to enable tools that record a timestamp to use a static one. The OS* variables are only used for recording the host OS and version.

+

The goal of reproducible builds can certainly be achieved in several ways, including to store all sources and used executables in a huge tarball (or docker container), which is preserved for rebuilders. The question of minimal trusted computing base and how such a container could be rebuild from sources in reproducible way are open.

+

The opam-repository is a community repository, where packages are released to on a daily basis by a lot of OCaml developers. Package dependencies usually only use lower bounds of other packages, and the continuous integration system of the opam repository takes care that upon API changes all reverse dependencies include the right upper bounds. Using the head commit of opam-repository usually leads to a working package universe.

+

For our MirageOS unikernels, we don't want to stay behind with ancient versions of libraries. That's why our automated building is done on a daily basis with the head commit of opam-repository. Since our unikernels are not part of the main opam repository (they include the configuration information which target to use, e.g. hvt), and we occasionally development versions of opam packages, we use the unikernel-repo as overlay.

+

If no dependent package got a new release, the resulting binary has the same checksum. If any dependency was released with a newer release, this is picked up, and eventually the checksum changes.

+

Each unikernel (and non-unikernel) job (e.g. dns-primary outputs some artifacts:

+
    +
  • the binary image (in bin/, unikernel image, OS package) +
    • +
  • the build-environment containing the environment variables used for this build +
    • +
  • the system-packages containing all packages installed on the host system +
    • +
  • the opam-switch that contains all opam packages, including git commit or tarball with checksum, and potentially extra patches, used for this build +
    • +
  • a job script and console output +
    • +
+

To reproduce such a built, you need to get the same operating system (OS, OS_FAMILY, OS_DISTRIBUTION, OS_VERSION in build-environment), the same set of system packages, and then you can orb rebuild which sets the environment variables and installs the opam packages from the opam-switch.

+

You can browse the different builds, and if there are checksum changes, you can browse to a diff between the opam switches to reason whether the checksum change was intentional (e.g. here the checksum of the unikernel changed when the x509 library was updated).

+

The opam reproducible build infrastructure is driven by:

+ +

These tools are themselves reproducible, and built on a daily basis. The infrastructure executing the build jobs installs the most recent packages of orb and builder before conducting a build. This means that our build infrastructure is reproducible as well, and uses the latest code when it is released.

+

Conclusion

+

Thanks to NGI funding we now have reproducible MirageOS binary builds available at builds.robur.coop. The underlying infrastructure is reproducible, available for multiple platforms (Ubuntu using docker, FreeBSD using jails), and can be easily bootstrapped from source (once you have OCaml and opam working, getting builder and orb should be easy). All components are open source software, mostly with permissive licenses.

+

We also have an index over sha-256 checksum of binaries - in the case you find a running unikernel image where you forgot which exact packages were used, you can do a reverse lookup.

+

We are aware that the web interface can be improved (PRs welcome). We will also work on the rebuilder setup and run some rebuilds.

+

Please reach out to us (at team AT robur DOT coop) if you have feedback and suggestions.

+
\ No newline at end of file diff --git a/Posts/DnsServer b/Posts/DnsServer new file mode 100644 index 0000000..004642a --- /dev/null +++ b/Posts/DnsServer @@ -0,0 +1,276 @@ + +Deploying authoritative OCaml-DNS servers as MirageOS unikernels

Deploying authoritative OCaml-DNS servers as MirageOS unikernels

Written by hannes
Classified under: mirageosprotocoldeployment
Published: 2019-12-23 (last updated: 2021-11-19)

Goal

+

Have your domain served by OCaml-DNS authoritative name servers. Data is stored in a git remote, and let's encrypt certificates can be requested to DNS. This software is deployed since more than two years for several domains such as nqsb.io and robur.coop. This present the authoritative server side, and certificate library of the OCaml-DNS implementation formerly known as µDNS.

+

Prerequisites

+

You need to own a domain, and be able to delegate the name service to your own servers. +You also need two spare public IPv4 addresses (in different /24 networks) for your name servers. +A git server or remote repository reachable via git over ssh. +Servers which support solo5 guests, and have the corresponding tender installed. +A computer with opam (>= 2.0.0) installed.

+

Data preparation

+

Figure out a way to get the DNS entries of your domain in a "master file format", i.e. what bind uses.

+

This is a master file for the mirage domain, defining $ORIGIN to avoid typing the domain name after each hostname (use @ if you need the domain name only; if you need to refer to a hostname in a different domain end it with a dot (.), i.e. ns2.foo.com.). The default time to live $TTL is an hour (3600 seconds). +The zone contains a start of authority (SOA) record containing the nameserver, hostmaster, serial, refresh, retry, expiry, and minimum. +Also, a single name server (NS) record ns1 is specified with an accompanying address (A) records pointing to their IPv4 address.

+
git-repo> cat mirage
+$ORIGIN mirage.
+$TTL 3600
+@	SOA	ns1	hostmaster	1	86400	7200	1048576	3600
+@	NS	ns1
+ns1     A       127.0.0.1
+www	A	1.1.1.1
+git-repo> git add mirage && git commit -m initial && git push
+
+

Installation

+

On your development machine, you need to install various OCaml packages. You don't need privileged access if common tools (C compiler, make, libgmp) are already installed. You have opam installed.

+

Let's create a fresh switch for the DNS journey:

+
$ opam init
+$ opam update
+$ opam switch create udns 4.09.0
+# waiting a bit, a fresh OCaml compiler is getting bootstrapped
+$ eval `opam env` #sets some environment variables
+
+

The last command set environment variables in your current shell session, please use the same shell for the commands following (or run eval $(opam env) in another shell and proceed in there - the output of opam switch sohuld point to udns).

+

Validation of our zonefile

+

First let's check that OCaml-DNS can parse our zonefile:

+
$ opam install dns-cli #installs ~/.opam/udns/bin/ozone and other binaries
+$ ozone <git-repo>/mirage # see ozone --help
+successfully checked zone
+
+

Great. Error reporting is not great, but line numbers are indicated (ozone: zone parse problem at line 3: syntax error), lexer and parser are lex/yacc style (PRs welcome).

+

FWIW, ozone accepts --old <filename> to check whether an update from the old zone to the new is fine. This can be used as pre-commit hook in your git repository to avoid bad parse states in your name servers.

+

Getting the primary up

+

The next step is to compile the primary server and run it to serve the domain data. Since the git-via-ssh client is not yet released, we need to add a custom opam repository to this switch.

+
# git via ssh is not yet released, but this opam repository contains the branch information
+$ opam repo add git-ssh git+https://github.com/roburio/git-ssh-dns-mirage3-repo.git
+# get the `mirage` application via opam
+$ opam install lwt mirage
+
+# get the source code of the unikernels
+$ git clone -b future https://github.com/roburio/unikernels.git
+$ cd unikernels/primary-git
+
+# let's build the server first as unix application
+$ mirage configure --prng fortuna #--no-depext if you have all system dependencies
+$ make depend
+$ make
+
+# run it
+$ ./primary_git
+# starts a unix process which clones https://github.com/roburio/udns.git
+# attempts to parse the data as zone files, and fails on parse error
+$ ./primary-git --remote=https://my-public-git-repository
+# this should fail with ENOACCESS since the DNS server tries to listen on port 53
+
+# which requires a privileged user, i.e. su, sudo or doas
+$ sudo ./primary-git --remote=https://my-public-git-repository
+# leave it running, run the following programs in a different shell
+
+# test it
+$ host ns1.mirage 127.0.0.1
+ns1.mirage has address 127.0.0.1
+$ dig any mirage @127.0.0.1
+# a DNS packet printout with all records available for mirage
+
+

That's exciting, the DNS server serving answers from a remote git repository.

+

Securing the git access with ssh

+

Let's authenticate the access by using ssh, so we feel ready to push data there as well. The primary-git unikernel already includes an experimental ssh client, all we need to do is setting up credentials - in the following a RSA keypair and the server fingerprint.

+
# collect the RSA host key fingerprint
+$ ssh-keyscan <git-server> > /tmp/git-server-public-keys
+$ ssh-keygen -l -E sha256 -f /tmp/git-server-public-keys | grep RSA
+2048 SHA256:a5kkkuo7MwTBkW+HDt4km0gGPUAX0y1bFcPMXKxBaD0 <git-server> (RSA)
+# we're interested in the SHA256:yyy only
+
+# generate a ssh keypair
+$ awa_gen_key # installed by the make depend step above in ~/.opam/udns/bin
+seed is pIKflD07VT2W9XpDvqntcmEW3OKlwZL62ak1EZ0m
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5b2cSSkZ5/MAu7pM6iJLOaX9tJsfA8DB1RI34Zygw6FA0y8iisbqGCv6Z94ZxreGATwSVvrpqGo5p0rsKs+6gQnMCU1+sOC4PRlxy6XKgj0YXvAZcQuxwmVQlBHshuq0CraMK9FASupGrSO8/dW30Kqy1wmd/IrqW9J1Cnw+qf0C/VEhIbo7btlpzlYpJLuZboTvEk1h67lx1ZRw9bSPuLjj665yO8d0caVIkPp6vDX20EsgITdg+cFjWzVtOciy4ETLFiKkDnuzHzoQ4EL8bUtjN02UpvX2qankONywXhzYYqu65+edSpogx2TuWFDJFPHgcyO/ZIMoluXGNgQlP awa@awa.local
+# please run your own awa_gen_key, don't use the numbers above
+
+

The public key needs is in standard OpenSSH format and needs to be added to the list of accepted keys on your server - the exact steps depend on your git server, if you're running your own with gitosis, add it as new public key file and grant that key access to the data repository. If you use gitlab or github, you may want to create a new user account and with the generated key.

+

The private key is not displayed, but only the seed required to re-generate it, when using the same random number generator, in our case fortuna implemented by nocrypto - used by both awa_gen_key and primary_git. The seed is provided as command-line argument while starting primary_git:

+
# execute with git over ssh, authenticator from ssh-keyscan, seed from awa_gen_key
+$ ./primary_git --authenticator=SHA256:a5kkkuo7MwTBkW+HDt4km0gGPUAX0y1bFcPMXKxBaD0 --seed=pIKflD07VT2W9XpDvqntcmEW3OKlwZL62ak1EZ0m --remote=ssh://git@<git-server>/repo-name.git
+# started up, you can try the host and dig commands from above if you like
+
+

To wrap up, we now have a primary authoritative name server for our zone running as Unix process, which clones a remote git repository via ssh on startup and then serves it.

+

Authenticated data updates

+

Our remote git repository is the source of truth, if you need to add a DNS entry to the zone, you git pull, edit the zone file, remember to increase the serial in the SOA line, run ozone, git commit and push to the repository.

+

So, the primary_git needs to be informed of git pushes. This requires a communication channel from the git server (or somewhere else, e.g. your laptop) to the DNS server. I prefer in-protocol solutions over adding yet another protocol stack, no way my DNS server will talk HTTP REST.

+

The DNS protocol has an extension for notifications of zone changes (as a DNS packet), usually used between the primary and secondary servers. The primary_git accepts these notify requests (i.e. bends the standard slightly), and upon receival pulls the remote git repository, and serves the fresh zone files. Since a git pull may be rather excessive in terms of CPU cycles and network bandwidth, only authenticated notifications are accepted.

+

The DNS protocol specifies in another extension authentication (DNS TSIG) with transaction signatures on DNS packets including a timestamp and fudge to avoid replay attacks. As key material hmac secrets distribued to both the communication endpoints are used.

+

To recap, the primary server is configured with command line parameters (for remote repository url and ssh credentials), and serves data from a zonefile. If the secrets would be provided via command line, a restart would be necessary for adding and removing keys. If put into the zonefile, they would be publicly served on request. So instead, we'll use another file, still in zone file format, in the top-level domain _keys, i.e. the mirage._keys file contains keys for the mirage zone. All files ending in ._keys are parsed with the normal parser, but put into an authentication store instead of the domain data store, which is served publically.

+

For encoding hmac secrets into DNS zone file format, the DNSKEY format is used (designed for DNSsec). The bind software comes with dnssec-keygen and tsig-keygen to generate DNSKEY output: flags is 0, protocol is 3, and algorithm identifier for SHA256 is 163 (SHA384 164, SHA512 165). This is reused by the OCaml DNS library. The key material itself is base64 encoded.

+

Access control and naming of keys follows the DNS domain name hierarchy - a key has the form name._operation.domain, and has access granted to domain and all subdomains of it. Two operations are supported: update and transfer. In the future there may be a dedicated notify operation, for now we'll use update. The name part is ignored for the update operation.

+

Since we now embedd secret information in the git repository, it is a good idea to restrict access to it, i.e. make it private and not publicly cloneable or viewable. Let's generate a first hmac secret and send a notify:

+
$ dd if=/dev/random bs=1 count=32 | b64encode -
+begin-base64 644 -
+kJJqipaQHQWqZL31Raar6uPnepGFIdtpjkXot9rv2xg=
+====
+[..]
+git-repo> echo "personal._update.mirage. DNSKEY 0 3 163 kJJqipaQHQWqZL31Raar6uPnepGFIdtpjkXot9rv2xg=" > mirage._keys
+git-repo> git add mirage._keys && git commit -m "add hmac secret" && git push
+
+# now we need to restart the primary git to get the git repository with the key
+$ ./primary_git --seed=... # arguments from above, remote git, host key fingerprint, private key seed
+
+# now test that a notify results in a git pull
+$ onotify 127.0.0.1 mirage --key=personal._update.mirage:SHA256:kJJqipaQHQWqZL31Raar6uPnepGFIdtpjkXot9rv2xg=
+# onotify was installed by dns-cli in ~/.opam/udns/bin/onotify, see --help for options
+# further changes to the hmac secrets don't require a restart anymore, a notify packet is sufficient :D
+
+

Ok, this onotify command line could be setup as a git post-commit hook, or run manually after each manual git push.

+

Secondary

+

It's time to figure out how to integrate the secondary name server. An already existing bind or something else that accepts notifications and issues zone transfers with hmac-sha256 secrets should work out of the box. If you encounter interoperability issues, please get in touch with me.

+

The secondary subdirectory of the cloned unikernels repository is another unikernel that acts as secondary server. It's only command line argument is a list of hmac secrets used for authenticating that the received data originates from the primary server. Data is initially transferred by a full zone transfer (AXFR), later updates (upon refresh timer or notify request sent by the primary) use incremental (IXFR). Zone transfer requests and data are authenticated with transaction signatures again.

+

Convenience by OCaml DNS is that transfer key names matter, and are of the form .._transfer.domain, i.e. 1.1.1.1.2.2.2.2._transfer.mirage if the primary server is 1.1.1.1, and the secondary 2.2.2.2. Encoding the IP address in the name allows both parties to start the communication: the secondary starts by requesting a SOA for all domains for which keys are provided on command line, and if an authoritative SOA answer is received, the AXFR is triggered. The primary server emits notification requests on startup and then on every zone change (i.e. via git pull) to all secondary IP addresses of transfer keys present for the specific zone in addition to the notifications to the NS records in the zone.

+
$ cd ../secondary
+$ mirage configure --prng fortuna
+# make depend should not be needed since all packages are already installed by the primary-git
+$ make
+$ ./secondary
+
+

IP addresses and routing

+

Both primary and secondary serve the data on the DNS port (53) on UDP and TCP. To run both on the same machine and bind them to different IP addresses, we'll use a layer 2 network (ethernet frames) with a host system software switch (bridge interface service), the unikernels as virtual machines (or seccomp-sandboxed) via the solo5 backend. Using xen is possible as well. As IP address range we'll use 10.0.42.0/24, and the host system uses the 10.0.42.1.

+

The primary git needs connectivity to the remote git repository, thus on a laptop in a private network we need network address translation (NAT) from the bridge where the unikernels speak to the Internet where the git repository resides.

+
# on FreeBSD:
+# configure NAT with pf, you need to have forwarding enabled
+$ sysctl net.inet.ip.forwarding: 1
+$ echo 'nat pass on wlan0 inet from 10.0.42.0/24 to any -> (wlan0)' >> /etc/pf.conf
+$ service pf restart
+
+# make tap interfaces UP on open()
+$ sysctl net.link.tap.up_on_open: 1
+
+# bridge creation, naming, and IP setup
+$ ifconfig bridge create
+bridge0
+$ ifconfig bridge0 name service
+$ ifconfig bridge0 10.0.42.1/24
+
+# two tap interfaces for our unikernels
+$ ifconfig tap create
+tap0
+$ ifconfig tap create
+tap1
+# add them to the bridge
+$ ifconfig service addm tap0 addm tap1
+
+

Primary and secondary setup

+

Let's update our zone slightly to reflect the IP changes.

+
git-repo> cat mirage
+$ORIGIN mirage.
+$TTL 3600
+@	SOA	ns1	hostmaster	2	86400	7200	1048576	3600
+@	NS	ns1
+@	NS	ns2
+ns1     A       10.0.42.2
+ns2	A	10.0.42.3
+
+# we also need an additional transfer key
+git-repo> cat mirage._keys
+personal._update.mirage. DNSKEY 0 3 163 kJJqipaQHQWqZL31Raar6uPnepGFIdtpjkXot9rv2xg=
+10.0.42.2.10.0.42.3._transfer.mirage. DNSKEY 0 3 163 cDK6sKyvlt8UBerZlmxuD84ih2KookJGDagJlLVNo20=
+git-repo> git commit -m "udpates" . && git push
+
+

Ok, the git repository is ready, now we need to compile the unikernels for the virtualisation target (see other targets for further information).

+
# back to primary
+$ cd ../primary-git
+$ mirage configure -t hvt --prng fortuna # or e.g. -t spt (and solo5-spt below)
+# installs backend-specific opam packages, recompiles some
+$ make depend
+$ make
+[...]
+$ solo5-hvt --net:service=tap0 -- primary_git.hvt --ipv4=10.0.42.2/24 --ipv4-gateway=10.0.42.1 --seed=.. --authenticator=.. --remote=ssh+git://...
+# should now run as a virtual machine (kvm, bhyve), and clone the git repository
+$ dig any mirage @10.0.42.2
+# should reply with the SOA and NS records, and also the name server address records in the additional section
+
+# secondary
+$ cd ../secondary
+$ mirage configure -t hvt --prng fortuna
+$ make
+$ solo5-hvt --net:service=tap1 -- secondary.hvt --ipv4=10.0.42.3/24 --keys=10.0.42.2.10.0.42.3._transfer.mirage:SHA256:cDK6sKyvlt8UBerZlmxuD84ih2KookJGDagJlLVNo20=
+# an ipv4-gateway is not needed in this setup, but in real deployment later
+# it should start up and transfer the mirage zone from the primary
+
+$ dig any mirage @10.0.42.3
+# should now output the same information as from 10.0.42.2
+
+# testing an update and propagation
+# edit mirage zone, add a new record and increment the serial number
+git-repo> echo "foo A 127.0.0.1" >> mirage
+git-repo> vi mirage <- increment serial
+git-repo> git commit -m 'add foo' . && git push
+$ onotify 10.0.42.2 mirage --key=personal._update.mirage:SHA256:kJJqipaQHQWqZL31Raar6uPnepGFIdtpjkXot9rv2xg=
+
+# now check that it worked
+$ dig foo.mirage @10.0.42.2 # primary
+$ dig foo.mirage @10.0.42.3 # secondary got notified and transferred the zone
+
+

You can also check the behaviour when restarting either of the VMs, whenever the primary is available the zone is synchronised. If the primary is down, the secondary still serves the zone. When the secondary is started while the primary is down, it won't serve any data until the primary is online (the secondary polls periodically, the primary sends notifies on startup).

+

Dynamic data updates via DNS, pushed to git

+

DNS is a rich protocol, and it also has builtin updates that are supported by OCaml DNS, again authenticated with hmac-sha256 and shared secrets. Bind provides the command-line utility nsupdate to send these update packets, a simple oupdate unix utility is available as well (i.e. for integration of dynamic DNS clients). You know the drill, add a shared secret to the primary, git push, notify the primary, and voila we can dynamically in-protocol update. An update received by the primary via this way will trigger a git push to the remote git repository, and notifications to the secondary servers as described above.

+
# being lazy, I reuse the key above
+$ oupdate 10.0.42.2 personal._update.mirage:SHA256:kJJqipaQHQWqZL31Raar6uPnepGFIdtpjkXot9rv2xg= my-other.mirage 1.2.3.4
+
+# let's observe the remote git
+git-repo> git pull
+# there should be a new commit generated by the primary
+git-repo> git log
+
+# test it, should return 1.2.3.4
+$ dig my-other.mirage @10.0.42.2
+$ dig my-other.mirage @10.0.42.3
+
+

So we can deploy further oupdate (or nsupdate) clients, distribute hmac secrets, and have the DNS zone updated. The source of truth is still the git repository, where the primary-git pushes to. Merge conflicts and timing of pushes is not yet dealt with. They are unlikely to happen since the primary is notified on pushes and should have up-to-date data in storage. Sorry, I'm unsure about the error semantics, try it yourself.

+

Let's encrypt!

+

Let's encrypt is a certificate authority (CA), which certificate is shipped as trust anchor in web browsers. They specified a protocol for automated certificate management environment (ACME), used to get X509 certificates for your services. In the protocol, a certificate signing request (publickey and hostname) is sent to let's encrypt servers, which sends a challenge to proof the ownership of the hostnames. One widely-used way to solve this challenge is running a web server, another is to serve it as text record from the authoritative DNS server.

+

Since I avoid persistent storage when possible, and also don't want to integrate a HTTP client stack in the primary server, I developed a third unikernel that acts as (hidden) secondary server, performs the tedious HTTP communication with let's encrypt servers, and stores all data in the public DNS zone.

+

For encoding of certificates, the DANE working group specified TLSA records in DNS. They are quadruples of usage, selector, matching type, and ASN.1 DER-encoded material. We set usage to 3 (domain-issued certificate), matching type to 0 (no hash), and selector to 0 (full certificate) or 255 (private usage) for certificate signing requests. The interaction is as follows:

+
    +
  1. Primary, secondary, and let's encrypt unikernels are running +
    2. +
  2. A service (ocertify, unikernels/certificate, or the dns-certify.mirage library) demands a TLS certificate, and has a hmac-secret for the primary DNS +
    3. +
  3. The service generates a certificate signing request with the desired hostname(s), and performs an nsupdate with TLSA 255 +
    4. +
  4. The primary accepts the update, pushes the new zone to git, and sends notifies to secondary and let's encrypt unikernels which (incrementally) transfer the zone +
    5. +
  5. The let's encrypt unikernel notices while transferring the zone a signing request without a certificate, starts HTTP interaction with let's encrypt +
    6. +
  6. The let's encrypt unikernel solves the challenge, sends the response as update of a TXT record to the primary nameserver +
    7. +
  7. The primary pushes the TXT record to git, and notifies secondaries (which transfer the zone) +
    8. +
  8. The let's encrypt servers request the TXT record from either or both authoritative name servers +
    9. +
  9. The let's encrypt unikernel polls for the issued certificate and send an update to the primary TLSA 0 +
    10. +
  10. The primary pushes the certificate to git, notifies secondaries (which transfer the zone) +
    11. +
  11. The service polls TLSA records for the hostname, and use it upon retrieval +
    12. +
+

Note that neither the signing request nor the certificate contain private key material, thus it is fine to serve them publically. Please also note, that the service polls for the certificate for the hostname in DNS, which is valid (start and end date) certificate and uses the same public key, this certificate is used and steps 3-10 are not executed.

+

The let's encrypt unikernel does not serve anything, it is a reactive system which acts upon notification from the primary. Thus, it can be executed in a private address space (with a NAT). Since the OCaml DNS server stack needs to push notifications to it, it preserves all incoming signed SOA requests as candidates for notifications on update. The let's encrypt unikernel ensures to always have a connection to the primary to receive notifications.

+
# getting let's encrypt up and running
+$ cd ../lets-encrypt
+$ mirage configure -t hvt --prng fortuna
+$ make depend
+$ make
+
+# run it
+$ solo5-hvt --net:service=tap2 -- letsencrypt.hvt --keys=...
+
+# test it
+$ ocertify 10.0.42.2 foo.mirage
+
+

For actual testing with let's encrypt servers you need to have the primary and secondary deployed on your remote hosts, and your domain needs to be delegated to these servers. Good luck. And ensure you have backup your git repository.

+

As fine print, while this tutorial was about the mirage zone, you can stick any number of zones into the git repository. If you use a _keys file (without any domain prefix), you can configure hmac secrets for all zones, i.e. something to use in your let's encrypt unikernel and secondary unikernel. Dynamic addition of zones is supported, just create a new zonefile and notify the primary, the secondary will be notified and pick it up. The primary responds to a signed SOA for the root zone (i.e. requested by the secondary) with the SOA response (not authoritative), and additionally notifications for all domains of the primary.

+

Conclusion and thanks

+

This tutorial presented how to use the OCaml DNS based unikernels to run authoritative name servers for your domain, using a git repository as the source of truth, dynamic authenticated updates, and let's encrypt certificate issuing.

+

There are further steps to take, such as monitoring -- have a look at the monitoring branch of the opam repository above, and the future-robur branch of the unikernels repository above, which use a second network interface for reporting syslog and metrics to telegraf / influx / grafana. Some DNS features are still missing, most prominently DNSSec.

+

I'd like to thank all people involved in this software stack, without other key components, including git, irmin 2.0, nocrypto, awa-ssh, cohttp, solo5, mirage, ocaml-letsencrypt, and more.

+

If you want to support our work on MirageOS unikernels, please donate to robur. I'm interested in feedback, either via twitter, hannesm@mastodon.social or via eMail.

+
\ No newline at end of file diff --git a/Posts/EC b/Posts/EC new file mode 100644 index 0000000..c8b4a18 --- /dev/null +++ b/Posts/EC @@ -0,0 +1,45 @@ + +Cryptography updates in OCaml and MirageOS

Cryptography updates in OCaml and MirageOS

Written by hannes
Classified under: mirageossecuritytls
Published: 2021-04-23 (last updated: 2021-11-19)

Introduction

+

Tl;DR: mirage-crypto-ec, with x509 0.12.0, and tls 0.13.0, provide fast and secure elliptic curve support in OCaml and MirageOS - using the verified fiat-crypto stack (Coq to OCaml to executable which generates C code that is interfaced by OCaml). In x509, a long standing issue (countryName encoding), and archive (PKCS 12) format is now supported, in addition to EC keys. In tls, ECDH key exchanges are supported, and ECDSA and EdDSA certificates.

+

Elliptic curve cryptography

+

Since May 2020, our OCaml-TLS stack supports TLS 1.3 (since tls version 0.12.0 on opam).

+

TLS 1.3 requires elliptic curve cryptography - which was not available in mirage-crypto (the maintained fork of nocrypto).

+

There are two major uses of elliptic curves: key exchange (ECDH) for establishing a shared secret over an insecure channel, and digital signature (ECDSA) for authentication, integrity, and non-repudiation. (Please note that the construction of digital signatures on Edwards curves (Curve25519, Ed448) is called EdDSA instead of ECDSA.)

+

Elliptic curve cryptoraphy is vulnerable to various timing attacks - have a read of the overview article on ECDSA. When implementing elliptic curve cryptography, it is best to avoid these known attacks. Gladly, there are some projects which address these issues by construction.

+

In addition, to use the code in MirageOS, it should be boring C code: no heap allocations, only using a very small amount of C library functions -- the code needs to be compiled in an environment with nolibc.

+

Two projects started in semantics, to solve the issue from the grounds up: fiat-crypto and hacl-star: their approach is to use a proof system (Coq or F* to verify that the code executes in constant time, not depending on data input. Both projects provide as output of their proof systems C code.

+

For our initial TLS 1.3 stack, Clément, Nathan and Etienne developed fiat-p256 and hacl_x5519. Both were one-shot interfaces for a narrow use case (ECDH for NIST P-256 and X25519), worked well for their purpose, and allowed to gather some experience from the development side.

+

Changed requirements

+

Revisiting our cryptography stack with the elliptic curve perspective had several reasons, on the one side the customer project NetHSM asked for feasibility of ECDSA/EdDSA for various elliptic curves, on the other side DNSSec uses elliptic curve cryptography (ECDSA), and also wireguard relies on elliptic curve cryptography. The number of X.509 certificates using elliptic curves is increasing, and we don't want to leave our TLS stack in a state where it can barely talk to a growing number of services on the Internet.

+

Looking at hacl-star, their support is limited to P-256 and Curve25519, any new curve requires writing F*. Another issue with hacl-star is C code quality: their C code does neither compile with older C compilers (found on Oracle Linux 7 / CentOS 7), nor when enabling all warnings (> 150 are generated). We consider the C compiler as useful resource to figure out undefined behaviour (and other problems), and when shipping C code we ensure that it compiles with -Wall -Wextra -Wpedantic --std=c99 -Werror. The hacl project ships a bunch of header files and helper functions to work on all platforms, which is a clunky ifdef desert. The hacl approach is to generate a whole algorithm solution: from arithmetic primitives, group operations, up to cryptographic protocol - everything included.

+

In contrast, fiat-crypto is a Coq development, which as part of compilation (proof verification) generates executables (via OCaml code extraction from Coq). These executables are used to generate modular arithmetic (as C code) given a curve description. The generated C code is highly portable, independent of platform (word size is taken as input) - it only requires a <stdint.h>, and compiles with all warnings enabled (once a minor PR got merged). Supporting a new curve is simple: generate the arithmetic code using fiat-crypto with the new curve description. The downside is that group operations and protocol needs to implemented elsewhere (and is not part of the proven code) - gladly this is pretty straightforward to do, especially in high-level languages.

+

Working with fiat-crypto

+

As mentioned, our initial fiat-p256 binding provided ECDH for the NIST P-256 curve. Also, BoringSSL uses fiat-crypto for ECDH, and developed the code for group operations and cryptographic protocol on top of it.

+

The work needed was (a) ECDSA support and (b) supporting more curves (let's focus on NIST curves). For ECDSA, the algorithm requires modular arithmetics in the field of the group order (in addition to the prime). We generate these primitives with fiat-crypto (named npYYY_AA) - that required a small fix in decoding hex. Fiat-crypto also provides inversion since late October 2020, paper - which allowed to reduce our code base taken from BoringSSL. The ECDSA protocol was easy to implement in OCaml using the generated arithmetics.

+

Addressing the issue of more curves was also easy to achieve, the C code (group operations) are macros that are instantiated for each curve - the OCaml code are functors that are applied with each curve description.

+

Thanks to the test vectors (as structured data) from wycheproof (and again thanks to Etienne, Nathan, and Clément for their OCaml code decodin them), I feel confident that our elliptic curve code works as desired.

+

What was left is X25519 and Ed25519 - dropping the hacl dependency entirely felt appealing (less C code to maintain from fewer projects). This turned out to require more C code, which we took from BoringSSL. It may be desirable to reduce the imported C code, or to wait until a project on top of fiat-crypto which provides proven cryptographic protocols is in a usable state.

+

To avoid performance degradation, I distilled some X25519 benchmarks, turns out the fiat-crypto and hacl performance is very similar.

+

Achievements

+

The new opam package mirage-crypto-ec is released, which includes the C code generated by fiat-crypto (including inversion), point operations from BoringSSL, and some OCaml code for invoking these functions and doing bounds checks, and whether points are on the curve. The OCaml code are some functors that take the curve description (consisting of parameters, C function names, byte length of value) and provide Diffie-Hellman (Dh) and digital signature algorithm (Dsa) modules. The nonce for ECDSA is computed deterministically, as suggested by RFC 6979, to avoid private key leakage.

+

The code has been developed in NIST curves, removing blinding (since we use operations that are verified to be constant-time), added missing length checks (reported by Greg), curve25519, a fix for signatures that do not span the entire byte size (discovered while adapting X.509), fix X25519 when the input has offset <> 0. It works on x86 and arm, both 32 and 64 bit (checked by CI). The development was partially sponsored by Nitrokey.

+

What is left to do, apart from further security reviews, is performance improvements, Ed448/X448 support, and investigating deterministic k for P521. Pull requests are welcome.

+

When you use the code, and encounter any issues, please report them.

+

Layer up - X.509 now with ECDSA / EdDSA and PKCS 12 support, and a long-standing issue fixed

+

With the sign and verify primitives, the next step is to interoperate with other tools that generate and use these public and private keys. This consists of serialisation to and deserialisation from common data formats (ASN.1 DER and PEM encoding), and support for handling X.509 certificates with elliptic curve keys. Since X.509 0.12.0, it supports EC private and public keys, including certificate validation and issuance.

+

Releasing X.509 also included to go through the issue tracker and attempt to solve the existing issues. This time, the "country name is encoded as UTF8String, while RFC demands PrintableString" filed more than 5 years ago by Reynir, re-reported by Petter in early 2017, and again by Vadim in late 2020, was fixed by Vadim.

+

Another long-standing pull request was support for PKCS 12, the archive format for certificate and private key bundles. This has been developed and merged. PKCS 12 is a widely used and old format (e.g. when importing / exporting cryptographic material in your browser, used by OpenVPN, ...). Its specification uses RC2 and 3DES (see this nice article), which are the default algorithms used by openssl pkcs12.

+

One more layer up - TLS

+

In TLS we are finally able to use ECDSA (and EdDSA) certificates and private keys, this resulted in slightly more complex configuration - the constraints between supported groups, signature algorithms, ciphersuite, and certificates are intricate:

+

The ciphersuite (in TLS before 1.3) specifies which key exchange mechanism to use, but also which signature algorithm to use (RSA/ECDSA). The supported groups client hello extension specifies which elliptic curves are supported by the client. The signature algorithm hello extension (TLS 1.2 and above) specifies the signature algorithm. In the end, at load time the TLS configuration is validated and groups, ciphersuites, and signature algorithms are condensed depending on configured server certificates. At session initiation time, once the client reports what it supports, these parameters are further cut down to eventually find some suitable cryptographic parameters for this session.

+

From the user perspective, earlier the certificate bundle and private key was a pair of X509.Certificate.t list and Mirage_crypto_pk.Rsa.priv, now the second part is a X509.Private_key.t - all provided constructors have been updates (notably X509_lwt.private_of_pems and Tls_mirage.X509.certificate).

+

Finally, conduit and mirage

+

Thanks to Romain, conduit* 4.0.0 was released which supports the modified API of X.509 and TLS. Romain also developed patches and released mirage 3.10.3 which supports the above mentioned work.

+

Conclusion

+

Elliptic curve cryptography is now available in OCaml using verified cryptographic primitives from the fiat-crypto project - opam install mirage-crypto-ec. X.509 since 0.12.0 and TLS since 0.13.0 and MirageOS since 3.10.3 support this new development which gives rise to smaller EC keys. Our old bindings, fiat-p256 and hacl_x25519 have been archived and will no longer be maintained.

+

Thanks to everyone involved on this journey: reporting issues, sponsoring parts of the work, helping with integration, developing initial prototypes, and keep motivating me to continue this until the release is done.

+

In the future, it may be possible to remove zarith and gmp from the dependency chain, and provide EC-only TLS servers and clients for MirageOS. The benefit will be much less C code (libgmp-freestanding.a is 1.5MB in size) in our trusted code base.

+

Another potential project that is very close now is a certificate authority developed in MirageOS - now that EC keys, PKCS 12, revocation lists, ... are implemented.

+

Footer

+

If you want to support our work on MirageOS unikernels, please donate to robur. I'm interested in feedback, either via twitter, hannesm@mastodon.social or via eMail.

+
\ No newline at end of file diff --git a/Posts/Functoria b/Posts/Functoria new file mode 100644 index 0000000..ea75dd9 --- /dev/null +++ b/Posts/Functoria @@ -0,0 +1,119 @@ + +Configuration DSL step-by-step

Configuration DSL step-by-step

Written by hannes
Classified under: mirageosbackground
Published: 2016-05-10 (last updated: 2021-11-19)

Sorry for being late again with this article, I had other ones planned, but am not yet satisfied with content and code, will have to wait another week.

+

MirageOS configuration

+

As described in an earlier post, MirageOS is a library operating system which generates single address space custom kernels (so called unikernels) for each application. The application code is (mostly) independent on the used backend. To achieve this, the language which expresses the configuration of a MirageOS unikernel is rather complex, and has to deal with package dependencies, setup of layers (network stack starting at the (virtual) ethernet device, or sockets), logging, tracing.

+

The abstraction over concrete implementation of e.g. the network stack is done by providing a module signature in the mirage-types package. The socket-based network stack, the tap device based network stack, and the Xen virtual network device based network stack implement this signature (depending on other module signatures). The unikernel contains code which applies those dependent modules to instantiate a custom-tailored network stack for the specific configuration. A developer should only describe what their requirements are, the user who wants to deploy it should provide the concrete configuration. And the developer should not need to manually instantiate the network stack for all possible configurations, this is what the mirage tool should embed.

+

Initially, MirageOS contained an adhoc system which relied on concatenation of strings representing OCaml code. This turned out to be error prone. In 2015 Drup developed Functoria, a domain-specific language (DSL) to organize functor applications, primarily for MirageOS. It has been introduced in a blog post. It is not limited to MirageOS (although this is the primary user right now).

+

Functoria has been included in MirageOS since its 2.7.0 release at the end of February 2016. Functoria provides support for command line arguments which can then either be passed at configuration time or at boot time to the unikernel (such as IP address configuration) using the cmdliner library underneath (and includes dynamic man pages, help, sensible command line parsing, and even visualisation (mirage describe) of the configuration and data dependencies).

+

I won't go into details about command line arguments in here, please have a look at the functoria blog post in case you're interested. Instead, I'll describe how to define a Functoria device which inserts content as code at configuration time into a MirageOS unikernel (running here, source). Using this approach, no external data (using crunch or a file system image) is needed, while the content can still be modified using markdown. Also, no markdown to HTML converter is needed at runtime, but this step is completely done at compile time (the result is a small (still too large) unikernel, 4.6MB).

+

Unikernel

+

Similar to my nqsb.io website post, this unikernel only has a single resource and thus does not need to do any parsing (or even call read). The main function is start:

+
let start stack _ =
+  S.listen_tcpv4 stack ~port:80 (serve rendered) ;
+  S.listen stack
+
+

Where S is a V1_LWT.STACKV4, a complete TCP/IP stack for IPv4. The functions we are using are listen_tcpv4, which needs a stack, port and a callback (and should be called register_tcp_callback), and listen which polls for incoming frames.

+

Our callback is serve rendered, where serve is defined as:

+
let serve data tcp =
+  TCP.writev tcp [ header; data ] >>= fun _ ->
+  TCP.close tcp
+
+

Upon an incoming TCP connection, the list consisting of header ; data is written to the connection, which is subsequently closed.

+

The function header is very similar to our previous one, splicing a proper HTTP header together:

+
let http_header ~status xs =
+  let headers = List.map (fun (k, v) -> k ^ ": " ^ v) xs in
+  let lines   = status :: headers @ [ "\r\n" ] in
+  Cstruct.of_string (String.concat "\r\n" lines)
+
+let header = http_header
+    ~status:"HTTP/1.1 200 OK"
+    [ ("Content-Type", "text/html; charset=UTF-8") ;
+      ("Connection", "close") ]
+
+

And the rendered function consists of some hardcoded HTML, and references to two other modules, Style.data and Content.data:

+
let rendered =
+  Cstruct.of_string
+    (String.concat "" [
+        "<html><head>" ;
+        "<title>1st MirageOS hackathon: 11-16th March 2016, Marrakech, Morocco</title>" ;
+        "<style>" ; Style.data ; "</style>" ;
+        "</head>" ;
+        "<body><div id=\"content\">" ;
+        Content.data ;
+        "</div></body></html>" ])
+
+

This puts together the pieces we need for a simple HTML site. This unikernel does not have any external dependencies, if we assume that the mirage toolchain, the types, and the network implementation are already provided (the latter two are implicitly added by the mirage tool depending on the configuration, the first you'll have to install manually opam install mirage).

+

But wait, where do Style and Content come from? There are no ml modules in the repository. Instead, there is a content.md and style.css in the data subdirectory.

+

Configuration

+

We use the builtin configuration time magic of functoria to translate these into OCaml modules, in such a way that our unikernel does not need to embed code to render markdown to HTML and carry along a markdown data file.

+

Inside of config.ml, let's look again at the bottom:

+
let () =
+  register "marrakech2016" [
+    foreign
+      ~deps:[abstract config_shell]
+      "Unikernel.Main"
+      ( stackv4 @-> job )
+      $ net
+  ]
+
+

The function register is provided by the mirage tool, it will execute the list of jobs using the given name. To construct a job, we use the foreign combinator, which might have dependencies (here, a list with the single element config_shell explained later, using the abstract combinator), the name of the main function (Unikernel.main), a typ (here constructed using the @-> combinator, from a stackv4 to a job), and this applied (using the $ combinator) to the net (an actual implementation of stackv4).

+

The net implementation is as following:

+
let address addr nm gw =
+  let f = Ipaddr.V4.of_string_exn in
+  { address = f addr ; netmask = f nm ; gateways = [f gw] }
+
+let server = address "198.167.222.204" "255.255.255.0" "198.167.222.1"
+
+let net =
+  if_impl Key.is_xen
+    (direct_stackv4_with_static_ipv4 default_console tap0 server)
+    (socket_stackv4 default_console [Ipaddr.V4.any])
+
+

Depending on whether we're running on unix or xen, either a socket stack (for testing) or the concrete IP configuration for deployment (using if_impl and is_xen from our DSLs).

+

So far nothing too surprising, only some combinators of the functoria DSL which let us describe the possible configuration options.

+

Let us look into config_shell, which embeds the markdown and CSS into OCaml modules at configuration time:

+
type sh = ShellConfig
+
+let config_shell = impl @@ object
+    inherit base_configurable
+
+    method configure i =
+      let open Functoria_app.Cmd in
+      let (>>=) = Rresult.(>>=) in
+      let dir = Info.root i in
+      run "echo 'let data = {___|' > style.ml" >>= fun () ->
+      run "cat data/style.css >> style.ml" >>= fun () ->
+      run "echo '|___}' >> style.ml" >>= fun () ->
+      run "echo 'let data = {___|' > content.ml" >>= fun () ->
+      run "omd data/content.md >> content.ml" >>= fun () ->
+      run "echo '|___}' >> content.ml"
+
+    method clean i = Functoria_app.Cmd.run "rm -f style.ml content.ml"
+
+    method module_name = "Functoria_runtime"
+    method name = "shell_config"
+    method ty = Type ShellConfig
+end
+
+

Functoria uses classes internally, and we extend the base_configurable class, which extends configurable with some sensible defaults.

+

The important bits are what actually happens during configure and clean: execution of some shell commands (echo, omd, and rm) using the functoria application builder interface. Some information is as well exposed via the Functoria_info module.

+

Wrapup

+

We walked through the configuration magic of MirageOS, which is a domain-specific language designed for MirageOS demands. We can run arbitrary commands at compile time, and do not need to escape into external files, such as Makefile or shell scripts, but can embed them in our config.ml.

+

I'm interested in feedback, either via +twitter or via eMail.

+

Other updates in the MirageOS ecosystem

+ +
\ No newline at end of file diff --git a/Posts/Jackline b/Posts/Jackline new file mode 100644 index 0000000..2d238b1 --- /dev/null +++ b/Posts/Jackline @@ -0,0 +1,337 @@ + +Jackline, a secure terminal-based XMPP client

Jackline, a secure terminal-based XMPP client

Written by hannes
Classified under: UIsecurity
Published: 2017-01-30 (last updated: 2021-09-08)

screenshot

+

Back in 2014, when we implemented TLS in OCaml, at some point +I was bored with TLS. I usually need at least two projects (but not more than 5) at the same time to +procrastinate the one I should do with the other one - it is always more fun to +do what you're not supposed to do. I started to implement another security +protocol (Off-the-record, resulted in +ocaml-otr) on my own, +applying what I learned while co-developing TLS with David. I was eager to +actually deploy our TLS stack: using it with a web server (see this post) is fun, but only using one half +of the state machine (server side) and usually short-lived connections +(discovers lots of issues with connection establishment) - not the client side +and no long living connection (which may discover other kinds of issues, such as +leaking memory).

+

To use the stack, I needed to find an application I use on a daily basis (thus +I'm eager to get it up and running if it fails to work). Mail client or web +client are just a bit too big for a spare time project (maybe not ;). Another +communication protocol I use daily is jabber, or +XMPP. Back then I used +mcabber inside a terminal, which is a curses based client +written in C.

+

I started to develop jackline (first +commit is 13th November 2014), a terminal based XMPP client in +OCaml. This is a report of a +work-in-progress (unreleased, but publicly available!) software project. I'm +not happy with the code base, but neverthelss consider it to be a successful +project: dozens of friends are using it (no exact numbers), I got contributions from other people +(more than 25 commits from more than 8 individuals), I use it on a daily basis +for lots of personal communication.

+

What is XMPP?

+

The eXtensible Messaging and Presence Protocol (previously known as Jabber) +describes (these days as RFC 6120) a +communication protocol based on XML fragments, which enables near real-time +exchange of structured (and extensible) data between two network entities.

+

The landscape of instant messaging used to contain ICQ, AOL instant messenger, +and MSN messenger. In 1999, people defined a completely open protocol standard, +then named Jabber, since 2011 official RFCs. It is a federated (similar to +eMail) near-real time extensible messaging system (including presence +information) used for instant messaging. Extensions include end-to-end +encryption, multi-user chat, audio transport, ... Unicode support is builtin, +everything is UTF8 encoded.

+

There are various open jabber servers where people can register accounts, as +well as closed ones. Google Talk used to federate (until 2014) into XMPP, +Facebook chat used to be based on XMPP. Those big companies wanted something +"more usable" (where they're more in control, reliable message delivery via +caching in the server and mandatory delivery receipts, multiple devices all +getting the same messages), and thus moved away from the open standard.

+

XMPP Security

+

Authentication is done via a TLS channel (where your client should authenticate +the server), and SASL that the server authenticates your client. I +investigated in 2008 (in German) +which clients and servers use which authentication methods (I hope the state of +certificate verification improved in the last decade).

+

End-to-end encryption is achievable using OpenPGP (rarely used in my group of +friends) via XMPP, or Off-the-record, which was +pioneered over XMPP, and is still in wide use - it gave rise to forward secrecy: +if your long-term (stored on disk) asymmetric keys get seized or stolen, they +are not sufficient to decrypt recorded sessions (you can't derive the session +key from the asymmetric keys) -- but the encrypted channel is still +authenticated (once you verified the public key via a different channel or a +shared secret, using the Socialist millionaires problem).

+

OTR does not support offline messages (the session keys may already be destroyed +by the time the communication partner reconnects and receives the stored +messages), and thus recently omemo was +developed. Other messaging protocols (Signal, Threema) are not really open, +support no federation, but have good support for group encryption and offline +messaging. (There is a nice overview over secure messaging and threats.)

+

There is (AFAIK) no encrypted group messaging via XMPP; also the XMPP server +contains lots of sensible data: your address book (buddy list), together with +offline messages, nicknames you gave to your buddies, subscription information, +and information every time you connect (research of privacy preserving presence +protocols has been done, but is not widely used AFAIK, +e.g. DP5).

+

XMPP client landscape

+

See wikipedia for an +extensive comparison (which does not mention jackline :P).

+

A more opinionated analysis is that you were free to choose between C - where +all code has to do manual memory management and bounds checking - with ncurses +(or GTK) and OpenSSL (or GnuTLS) using libpurple (or some other barely +maintained library which tries to unify all instant messaging protocols), or +Python - where you barely know upfront what it will do at runtime - with GTK and +some OpenSSL, or even JavaScript - where external scripts can dynamically modify +the prototype of everything at runtime (and thus modify code arbitrarily, +violating invariants) - calling out to C libraries (NSS, maybe libpurple, who +knows?).

+

Due to complex APIs of transport layer security, certificate verification is +still not always done correctly (that's just +one example, you'll find more) - even if, it may not allow custom trust anchors +or certificate fingerprint based verification - which are crucial for a +federated operations without a centralised trust authority.

+

Large old code basis usually gather dust and getting bitrot - and if you add +patch by patch from random people on the Internet, you've to deal with the most +common bug: insufficient checking of input (or output data, if you encrypt only the plain body, but not the marked up one). In some +programming languages this easily leads to execution of remote code, other programming languages steal the +work from programmers by deploying automated memory management (finally machines +take our work away! :)) - also named garbage collection, often used together +with automated bounds checking -- this doesn't mean that you're safe - there are +still logical flaws, and integer overflows (and funny things which happen at +resource starvation), etc.

+

Goals and non-goals

+

My upfront motivation was to write and use an XMPP client tailored to my needs. +I personally don't use many graphical applications (coding in emacs, mail via +thunderbird, firefox, mplayer, mupdf), but stick mostly to terminal +applications. I additionally don't use any terminal multiplexer (saw too many +active screen sessions on remote servers where people left root shells open).

+

The goal was from the beginning +to write a "minimalistic graphical user interface for a secure (fail hard) +and trustworthy XMPP client". By fail hard I mean exactly that: if it can't +authenticate the server, don't send the password. If there is no +end-to-end encrypted session, don't send the message.

+

As a user of (unreleased) software, there is a single property which I like to +preserve: continue to support all data written to persistent storage. Even +during large refactorings, ensure that data on the user's disk will also be +correctly parsed. There is nothing worse than having to manually configure an +application after update. The solution is straightforward: put a version in +every file you write, and keep readers for all versions ever written around. +My favourite marshalling format (human readable, structured) are still +S-expressions - luckily there is a +sexplib in OCaml for handling these. +Additionally, once the initial configuration file has been created (e.g. interactively with the application), the application +does no further writes to the config file. Users can make arbitrary modifications to the file, +and restart the application (and they can make changes while the application is running).

+

I also appreciate another property of software: don't ever transmit any data or +open a network connection unless initiated by the user (this means no autoconnect on startup, or user is typing indications). Don't be obviously +fingerprintable. A more mainstream demand is surely that software should not +phone home - that's why I don't know how many people are using jackline, reports +based on friends opinions are hundreds of users, I personally know at least +several dozens.

+

As written earlier, I often take +a look at the trusted computing base of a computer system. Jackline's trusted +computing base consists of the client software itself, its OCaml dependencies +(including OTR, TLS, tty library, ...), then the OCaml runtime system, which +uses some parts of libc, and a whole UNIX kernel underneath -- one goal is to +have jackline running as a unikernel (then you connect via SSH or telnet and +TLS).

+

There are only a few features I need in an XMPP client: single account, strict +validation, delivery receipts, notification callback, being able to deal with +friends logged in multiple times with wrongly set priorities - and end-to-end +encryption. I don't need inline HTML, avatar images, my currently running +music, leaking timezone information, etc. I explicitly don't want to import any +private key material from other clients and libraries, because I want to ensure +that the key was generated by a good random number generator (read David's blog article on randomness and entropy).

+

The security story is crucial: always do strict certificate validation, fail +hard, make it noticable by the user if they're doing insecure communication. +Only few people are into reading out loud their OTR public key fingerprint, and +SMP is not trivial -- thus jackline records the known public keys together with +a set of resources used, a session count, and blurred timestamps (accuracy: day) +when the publickey was initially used and when it was used the last time.

+

I'm pragmatic - if there is some server (or client) deployed out there which +violates (my interpretation of) the specification, I'm happy to implement workarounds. Initially I +worked roughly one day a week on jackline.

+

To not release the software for some years was something I learned from the +slime project (watch Luke's presentation from 2013) - if +there's someone complaining about an issue, fix it within 10 minutes and ask +them to update. This only works if each user compiles the git version anyways.

+

User interface

+

other screenshot

+

Stated goal is minimalistic. No heavy use of colours. Visibility on +both black and white background (btw, as a Unix process there is no way to find +out your background colour (or is there?)). The focus is also security - and +that's where I used colours from the beginning: red is unencrypted (non +end-to-end, there's always the transport layer encryption) communication, green +is encrypted communication. Verification status of the public key uses the same +colours: red for not verified, green for verified. Instead of colouring each +message individually, I use the encryption status of the active contact +(highlighted in the contact list, where messages you type now will be sent to) +to colour the entire frame. This results in a remarkable visual indication and +(at least I) think twice before presssing return in a red terminal. Messages +were initially white/black, but got a bit fancier over time: incoming messages +are bold, multi user messages mentioning your nick are underlined.

+

The graphical design is mainly inspired by mcabber, as mentioned earlier. There +are four components: the contact list in the upper left, chat window upper +right, log window on the bottom (surrounded by two status bars), and a readline +input. The sizes are configurable (via commands and key shortcuts). A +different view is having the chat window fullscreen (or only the received +messages) - useful for copy and pasting fragments. Navigation is done in the +contact list. There is a single active contact (colours are inverted in the +contact list, and the contact is mentioned in the status bar), whose chat +messages are displayed.

+

There is not much support for customisation - some people demanded to have a +7bit ASCII version (I output some unicode characters for layout). Recently I +added support to customise the colours. I tried to ensure it looks fine on both +black and white background.

+

Code

+

Initially I targeted GTK with OCaml, but that excursion only lasted two weeks, +when I switched to a lambda-term terminal +interface.

+

UI

+

The lambda-term interface survived for a good year (until 7th Feb 2016), +when I started to use notty - developed by +David - using a decent unicode library.

+

Notty back then was under heavy development, I spend several hours rebasing +jackline to updates in notty. What I got out of it is proper unicode support: +the symbol 茶 gets two characters width (see screenshot at top of page), and the layouting keeps track +how many characters are already written on the terminal.

+

I recommend to look into notty if you want to +do terminal graphics in OCaml!

+

Application logic and state

+

Stepping back, an XMPP client reacts to two input sources: the user input +(including terminal resize), and network input (or failure). The output is a +screen (80x25 characters) image. Each input event can trigger output events on +the display and the network.

+

I used to use multiple threads and locking between shared data for these kinds +of applications: there can go something wrong when network and user input +happens at the same time, or what if the output is interrupted by more input +(which happens e.g. during copy and paste).

+

Initially I used lots of shared data and had hope, but this was clearly not a +good solution. Nowadays I use mailboxes, and separate tasks which wait for +receiving a message: one task which writes persistent data (session counts, +verified fingerprints) periodically to ask, another which writes on change to +disk, an error handler +(init_system) +which resets the state upon a connection failure, another task which waits for +user input +(read_terminal), +one waiting for network input (Connect, including reconnecting timers), +one to call out the notification hooks +(Notify), +etc. The main task is simple: wait for input, process input (producing a new +state), render the state, and recursively call itself +(loop).

+

Only recently I solved the copy and paste issue by delaying all redraws by 40ms, +and canceling if another redraw is scheduled.

+

The whole +state +contains some user interface parameters (/buddywith, /logheight, ..), as +well as the contact map, which contain users, which have sessions, each +containing chat messages.

+

The code base is just below 6000 lines of code (way too big ;), and nowadays +supports multi-user chat, sane multi-resource interaction (press enter to show +all available resources of a contact and message each individually in case you +need to), configurable colours, tab completions for nicknames and commands, +per-user input history, emacs keybindings. It even works with the XMPP gateway +provided by slack (some startup doing a centralised groupchat with picture embedding and +animated cats).

+

Road ahead

+

Common feature requests are: omemo support, +IRC support, +support for multiple accounts +(tbh, these are all +things I'd like to have as well).

+

But there's some mess to clean up:

+
    +
  1. +

    The XMPP library makes heavy use of +functors (to abstract over the concrete IO, etc.), and embeds IO deep inside it. +I do prefer (see e.g. our TLS paper, or my ARP post) these days to have a pure interface for +the protocol implementation, providing explicit input (state, event, data), and +output (state, action, potentially data to send on network, potentially data to +process by the application). The sasl implementation +is partial and deeply embedded. The XML parser is as well deeply embedded (and +has some issues). +The library needs to be torn apart (something I procrastinate since more than +a year). Once it is pure, the application can have full control over when to +call IO (and esp use the same protocol implementation as well for registering a +new account - currently not supported).

    +
    2. +
  2. +

    On the frontend side (the cli subfolder), there is too much knowledge of +XMPP. It should be more general, and be reusable (some bits and pieces are +notty utilities, such as wrapping a string to fit into a text box of specific +width, see +split_unicode).

    +
    3. +
  3. +

    The command processing engine itself is 1300 lines (including ad-hoc string +parsing) +(Cli_commands), +best to replaced by a more decent command abstraction.

    +
    4. +
  4. +

    A big record of functions +(user_data) +is passed (during /connect in +handle_connect) +from the UI to the XMPP task to inject messages and errors.

    +
    5. +
  5. +

    The global variable +xmpp_session +should be part of the earlier mentioned cli_state, also contacts should be a map, not a Hashtbl (took me some time to learn).

    +
    6. +
  6. +

    Having jackline self-hosted as a MirageOS unikernel. I've implemented a a +telnet server, there is a +notty branch be used with the telnet +server. But there is (right now) no good story for persistent mutable storage.

    +
    7. +
  7. +

    Jackline predates some very elegant libraries, such as +logs and +astring, even +result - since 4.03 part of Pervasives - is not used. +Clearly, other libraries (such as TLS) do not yet use result.

    +
    8. +
  8. +

    After looking in more depths at the logs library, and at user interfaces - I +envision the graphical parts to be (mostly!?) a viewer of logs, and a command +shell (using a control interface, maybe +9p): Multiple layers (of a protocol), +slightly related (by tags - such as the OTR session), and have the layers be visible to users (see also +tlstools), a slightly different interface +of similarly structured data. In jackline I'd like to e.g. see all messages of +a single OTR session (see issue), or hide the presence messages in a multi-user chat, +investigate the high-level message, its XML encoded stanza, TLS encrypted +frames, the TCP flow, all down to the ethernet frames send over the wire - also +viewable as sequence diagram and other suitable (terminal) presentations (TCP +window size maybe in a size over time diagram).

    +
    9. +
  9. +

    Once the API between the sources (contacts, hosts) and the UI (what to +display, where and how to trigger notifications, where and how to handle global +changes (such as reconnect)) is clear and implemented, commands need to be +reinvented (some, such as navigation commands and emacs keybindings, are generic +to the user interface, others are specific to XMPP and/or OTR): a new transport +(IRC) or end-to-end crypto protocol (omemo) - should be easy to integrate (with +similar minimal UI features and colours).

    +
    10. +
+

Conclusion

+

Jackline started as a procrastination project, and still is one. I only develop +on jackline if I enjoy it. I'm not scared to try new approaches in jackline, +and either reverting them or rewriting some chunks of code again. It is a +project where I publish early and push often. I've met several people (whom I +don't think I know personally) in the multi-user chatroom +jackline@conference.jabber.ccc.de, and fixed bugs, discussed features.

+

When introducing customisable colours, +the proximity to a log viewer became again clear to me - configurable colours +are for severities such as Success, Warning, Info, Error, Presence - +maybe I really should get started on implementing a log viewer.

+

I would like to have more community contributions to jackline, but the lack of +documentation (there aren't even a lot of interface files), mixed with a +non-mainstream programming language, and a convoluted code base, makes me want +some code cleanups first, or maybe starting from scratch.

+

I'm interested in feedback, either via twitter or +on the jackline repository on GitHub.

+
\ No newline at end of file diff --git a/Posts/Maintainers b/Posts/Maintainers new file mode 100644 index 0000000..e2f7194 --- /dev/null +++ b/Posts/Maintainers @@ -0,0 +1,77 @@ + +Who maintains package X?

Who maintains package X?

Written by hannes
Classified under: package signingsecurity
Published: 2017-02-16 (last updated: 2017-03-09)

A very important data point for conex, the new opam signing utility, is who is authorised for a given package. We +could have written this manually down, or force each author to create a +pull request for their packages, but this would be a long process and not +easy: the main opam repository has around 1500 unique packages, and 350 +contributors. Fortunately, it is a git repository with 5 years of history, and +over 6900 pull requests. Each opam file may also contain a maintainers entry, +a list of strings (usually a mail address).

+

The data sources we correlate are the maintainers entry in opam file, and who +actually committed in the opam repository. This is inspired by some GitHub +discussion.

+

GitHub id and email address

+

For simplicity, since conex uses any (unique) identifier for authors, and the opam +repository is hosted on GitHub, we use a GitHub id as author identifier. +Maintainer information is an email address, thus we need a mapping between them.

+

We wrote a shell +script +to find all PR merges, their GitHub id (in a brittle way: using the name of the +git remote), and email address of the last commit. It also saves a diff of the +PR for later. This results in 6922 PRs (opam repository version 38d908dcbc58d07467fbc00698083fa4cbd94f9d).

+

The metadata output is processed by +github_mail: +we ignore PRs from GitHub organisations PR.ignore_github, where commits +PR.ignore_pr are picked from a different author (manually), bad mail addresses, +and Jeremy's mail address (it is added to too many GitHub ids otherwise). The +goal is to have a for an email address a single GitHub id. 329 authors with 416 mail addresses are mapped.

+

Maintainer in opam

+

As mentioned, lots of packages contain a maintainers entry. In +maintainers +we extract the mail addresses of the most recently released opam +file. +Some hardcoded matches are teams which do not properly maintain the maintainers +field (such as mirage and xapi-project ;). We're open for suggestions to extend +this massaging to the needs. Additionally, the contact at ocamlpro mail address +was used for all packages before the maintainers entry was introduced (based on +a discussion with Louis Gesbert). 132 packages with empty maintainers.

+

Fitness

+

Combining these two data sources, we hoped to find a strict small set of whom to +authorise for which package. Turns out some people use different mail addresses +for git commits and opam maintainer entries, which are be easily +fixed.

+

While processing the full diffs of each +PR +(using the diff parser of conex mentioned above), ignoring the 44% done by +janitors +(a manually created set by looking at log data, please report if wrong), we +categorise the modifications: authorised modification (the GitHub id is +authorised for the package), modification by an author to a team-owned package +(propose to add this author to the team), modification of a package where no +GitHub id is authorised, and unauthorised modification. We also ignore packages +which are no longer in the opam repository.

+

2766 modifications were authorised, 418 were team-owned, 452 were to packages +with no maintainer, and 570 unauthorised. This results in 125 unowned packages.

+

Out of the 452 modifications to packages with no maintainer, 75 are a global +one-to-one author to package relation, and are directly authorised.

+

Inference of team members is an overapproximation (everybody who committed +changes to their packages), additionally the janitors are missing. We will have +to fill these manually.

+
alt-ergo -> OCamlPro-Iguernlala UnixJunkie backtracking bobot nobrowser
+janestreet -> backtracking hannesm j0sh rgrinberg smondet
+mirage -> MagnusS dbuenzli djs55 hannesm hnrgrgr jonludlam mato mor1 pgj pqwy pw374 rdicosmo rgrinberg ruhatch sg2342 talex5 yomimono
+ocsigen -> balat benozol dbuenzli hhugo hnrgrgr jpdeplaix mfp pveber scjung slegrand45 smondet vasilisp
+xapi-project -> dbuenzli djs55 euanh mcclurmc rdicosmo simonjbeaumont yomimono
+
+

Alternative approach: GitHub urls

+

An alternative approach (attempted earlier) working only for GitHub hosted projects, is to authorise +the use of the user part of the GitHub repository +URL. +Results after filtering GitHub organisations are not yet satisfactory (but only +56 packages with no maintainer, output repo. This approach +completely ignores the manually written maintainer field.

+

Conclusion

+

Manually maintained metadata is easily out of date, and not very useful. But +combining automatically created metadata with manually, and some manual tweaking +leads to reasonable data.

+

The resulting authorised inference is available in this branch.

+
\ No newline at end of file diff --git a/Posts/Monitoring b/Posts/Monitoring new file mode 100644 index 0000000..a72c555 --- /dev/null +++ b/Posts/Monitoring @@ -0,0 +1,115 @@ + +All your metrics belong to influx

All your metrics belong to influx

Written by hannes
Classified under: mirageosmonitoringdeployment
Published: 2022-03-08 (last updated: 2022-03-08)

Introduction to monitoring

+

At robur we use a range of MirageOS unikernels. Recently, we worked on improving the operations story thereof. One part is shipping binaries using our reproducible builds infrastructure. Another part is, once deployed we want to observe what is going on.

+

I first got into touch with monitoring - collecting and graphing metrics - with MRTG and munin - and the simple network management protocol SNMP. From the whole system perspective, I find it crucial that the monitoring part of a system does not add pressure. This favours a push-based design, where reporting is done at the disposition of the system.

+

The rise of monitoring where graphs are done dynamically (such as Grafana) and can be programmed (with a query language) by the operator are very neat, it allows to put metrics in relation after they have been recorded - thus if there's a thesis why something went berserk, you can graph the collected data from the past and prove or disprove the thesis.

+

Monitoring a MirageOS unikernel

+

From the operational perspective, taking security into account - either the data should be authenticated and integrity-protected, or being transmitted on a private network. We chose the latter, there's a private network interface only for monitoring. Access to that network is only granted to the unikernels and metrics collector.

+

For MirageOS unikernels, we use the metrics library - which design shares the idea of logs that only if there's a reporter registered, work is performed. We use the Influx line protocol via TCP to report via Telegraf to InfluxDB. But due to the design of metrics, other reporters can be developed and used -- prometheus, SNMP, your-other-favourite are all possible.

+

Apart from monitoring metrics, we use the same network interface for logging via syslog. Since the logs library separates the log message generation (in the OCaml libraries) from the reporting, we developed logs-syslog, which registers a log reporter sending each log message to a syslog sink.

+

We developed a small library for metrics reporting of a MirageOS unikernel into the monitoring-experiments package - which also allows to dynamically adjust log level and disable or enable metrics sources.

+

Required components

+

Install from your operating system the packages providing telegraf, influxdb, and grafana.

+

Setup telegraf to contain a socket listener:

+
[[inputs.socket_listener]]
+  service_address = "tcp://192.168.42.14:8094"
+  keep_alive_period = "5m"
+  data_format = "influx"
+
+

Use a unikernel that reports to Influx (below the heading "Unikernels (with metrics reported to Influx)" on builds.robur.coop) and provide --monitor=192.168.42.14 as boot parameter. Conventionally, these unikernels expect a second network interface (on the "management" bridge) where telegraf (and a syslog sink) are running. You'll need to pass --net=management and --arg='--management-ipv4=192.168.42.x/24' to albatross-client-local.

+

Albatross provides a albatross-influx daemon that reports information from the host system about the unikernels to influx. Start it with --influx=192.168.42.14.

+

Adding monitoring to your unikernel

+

If you want to extend your own unikernel with metrics, follow along these lines.

+

An example is the dns-primary-git unikernel, where on the branch future we have a single commit ahead of main that adds monitoring. The difference is in the unikernel configuration and the main entry point. See the binary builts in contrast to the non-monitoring builts.

+

In config, three new command line arguments are added: --monitor=IP, --monitor-adjust=PORT --syslog=IP and --name=STRING. In addition, the package monitoring-experiments is required. And a second network interface management_stack using the prefix management is required and passed to the unikernel. Since the syslog reporter requires a console (to report when logging fails), also a console is passed to the unikernel. Each reported metrics includes a tag vm=<name> that can be used to distinguish several unikernels reporting to the same InfluxDB.

+

Command line arguments:

+
   let doc = Key.Arg.info ~doc:"The fingerprint of the TLS certificate." [ "tls-cert-fingerprint" ] in
+   Key.(create "tls_cert_fingerprint" Arg.(opt (some string) None doc))
+ 
++let monitor =
++  let doc = Key.Arg.info ~doc:"monitor host IP" ["monitor"] in
++  Key.(create "monitor" Arg.(opt (some ip_address) None doc))
++
++let monitor_adjust =
++  let doc = Key.Arg.info ~doc:"adjust monitoring (log level, ..)" ["monitor-adjust"] in
++  Key.(create "monitor_adjust" Arg.(opt (some int) None doc))
++
++let syslog =
++  let doc = Key.Arg.info ~doc:"syslog host IP" ["syslog"] in
++  Key.(create "syslog" Arg.(opt (some ip_address) None doc))
++
++let name =
++  let doc = Key.Arg.info ~doc:"Name of the unikernel" ["name"] in
++  Key.(create "name" Arg.(opt string "ns.nqsb.io" doc))
++
+ let mimic_impl random stackv4v6 mclock pclock time =
+   let tcpv4v6 = tcpv4v6_of_stackv4v6 $ stackv4v6 in
+   let mhappy_eyeballs = mimic_happy_eyeballs $ random $ time $ mclock $ pclock $ stackv4v6 in
+
+

Requiring monitoring-experiments, registering command line arguments:

+
     package ~min:"3.7.0" ~max:"3.8.0" "git-mirage";
+     package ~min:"3.7.0" "git-paf";
+     package ~min:"0.0.8" ~sublibs:["mirage"] "paf";
++    package "monitoring-experiments";
++    package ~sublibs:["mirage"] ~min:"0.3.0" "logs-syslog";
+   ] in
+   foreign
+-    ~keys:[Key.abstract remote_k ; Key.abstract axfr]
++    ~keys:[
++      Key.abstract remote_k ; Key.abstract axfr ;
++      Key.abstract name ; Key.abstract monitor ; Key.abstract monitor_adjust ; Key.abstract syslog
++    ]
+     ~packages
+
+

Added console and a second network stack to foreign:

+
     "Unikernel.Main"
+-    (random @-> pclock @-> mclock @-> time @-> stackv4v6 @-> mimic @-> job)
++    (console @-> random @-> pclock @-> mclock @-> time @-> stackv4v6 @-> mimic @-> stackv4v6 @-> job)
++
+
+

Passing a console implementation (default_console) and a second network stack (with management prefix) to register:

+
+let management_stack = generic_stackv4v6 ~group:"management" (netif ~group:"management" "management")
+ 
+ let () =
+   register "primary-git"
+-    [dns_handler $ default_random $ default_posix_clock $ default_monotonic_clock $
+-     default_time $ net $ mimic_impl]
++    [dns_handler $ default_console $ default_random $ default_posix_clock $ default_monotonic_clock $
++     default_time $ net $ mimic_impl $ management_stack]
+
+

Now, in the unikernel module the functor changes (console and second network stack added):

+
@@ -4,17 +4,48 @@
+ 
+ open Lwt.Infix
+ 
+-module Main (R : Mirage_random.S) (P : Mirage_clock.PCLOCK) (M : Mirage_clock.MCLOCK) (T : Mirage_time.S) (S : Mirage_stack.V4V6) (_ : sig e
+nd) = struct
++module Main (C : Mirage_console.S) (R : Mirage_random.S) (P : Mirage_clock.PCLOCK) (M : Mirage_clock.MCLOCK) (T : Mirage_time.S) (S : Mirage
+_stack.V4V6) (_ : sig end) (Management : Mirage_stack.V4V6) = struct
+ 
+   module Store = Irmin_mirage_git.Mem.KV(Irmin.Contents.String)
+   module Sync = Irmin.Sync(Store)
+
+

And in the start function, the command line arguments are processed and used to setup syslog and metrics monitoring to the specified addresses. Also, a TCP listener is waiting for monitoring and logging adjustments if --monitor-adjust was provided:

+
   module D = Dns_server_mirage.Make(P)(M)(T)(S)
++  module Monitoring = Monitoring_experiments.Make(T)(Management)
++  module Syslog = Logs_syslog_mirage.Udp(C)(P)(Management)
+ 
+-  let start _rng _pclock _mclock _time s ctx =
++  let start c _rng _pclock _mclock _time s ctx management =
++    let hostname = Key_gen.name () in
++    (match Key_gen.syslog () with
++     | None -> Logs.warn (fun m -> m "no syslog specified, dumping on stdout")
++     | Some ip -> Logs.set_reporter (Syslog.create c management ip ~hostname ()));
++    (match Key_gen.monitor () with
++     | None -> Logs.warn (fun m -> m "no monitor specified, not outputting statistics")
++     | Some ip -> Monitoring.create ~hostname ?listen_port:(Key_gen.monitor_adjust ()) ip management);
+     connect_store ctx >>= fun (store, upstream) ->
+     load_git None store upstream >>= function
+     | Error (`Msg msg) ->
+
+

Once you compiled the unikernel (or downloaded a binary with monitoring), and start that unikernel by passing --net:service=tap0 and --net:management=tap10 (or whichever your tap interfaces are), and as unikernel arguments --ipv4=<my-ip-address> and --management-ipv4=192.168.42.2/24 for IPv4 configuration, --monitor=192.168.42.14, --syslog=192.168.42.10, --name=my.unikernel, --monitor-adjust=12345.

+

With this, your unikernel will report metrics using the influx protocol to 192.168.42.14 on port 8094 (every 10 seconds), and syslog messages via UDP to 192.168.0.10 (port 514). You should see your InfluxDB getting filled and syslog server receiving messages.

+

When you configure Grafana to use InfluxDB, you'll be able to see the data in the data sources.

+

Please reach out to us (at team AT robur DOT coop) if you have feedback and suggestions.

+
\ No newline at end of file diff --git a/Posts/NGI b/Posts/NGI new file mode 100644 index 0000000..23553fd --- /dev/null +++ b/Posts/NGI @@ -0,0 +1,67 @@ + +The road ahead for MirageOS in 2021

The road ahead for MirageOS in 2021

Written by hannes
Classified under: mirageos
Published: 2021-01-25 (last updated: 2021-11-19)

Introduction

+

2020 was an intense year. I hope you're healthy and keep being healthy. I am privileged (as lots of software engineers and academics are) to be able to work from home during the pandemic. Let's not forget people in less privileged situations, and let’s try to give them as much practical, psychological and financial support as we can these days. And as much joy as possible to everyone around :)

+

I cancelled the autumn MirageOS retreat due to the pandemic. Instead I collected donations for our hosts in Marrakech - they were very happy to receive our financial support, since they had a difficult year, since their income is based on tourism. I hope that in autumn 2021 we'll have an on-site retreat again.

+

For 2021, we (at robur) got a grant from the EU (via NGI pointer) for "Deploying MirageOS" (more details below), and another grant from OCaml software foundation for securing the opam supply chain (using conex). Some long-awaited releases for MirageOS libraries, namely a ssh implementation and a rewrite of our git implementation have already been published.

+

With my MirageOS view, 2020 was a pretty successful year, where we managed to add more features, fixed lots of bugs, and paved the road ahead. I want to thank OCamlLabs for funding work on MirageOS maintenance.

+

Recap 2020

+

Here is a very subjective random collection of accomplishments in 2020, where I was involved with some degree.

+

NetHSM

+

NetHSM is a hardware security module in software. It is a product that uses MirageOS for security, and is based on the muen separation kernel. We at robur were heavily involved in this product. It already has been security audited by an external team. You can pre-order it from Nitrokey.

+

TLS 1.3

+

Dating back to 2016, at the TRON (TLS 1.3 Ready or NOt), we developed a first draft of a 1.3 implementation of OCaml-TLS. Finally in May 2020 we got our act together, including ECC (ECDH P256 from fiat-crypto, X25519 from hacl) and testing with tlsfuzzer, and release tls 0.12.0 with TLS 1.3 support. Later we added ECC ciphersuites to TLS version 1.2, implemented ChaCha20/Poly1305, and fixed an interoperability issue with Go's implementation.

+

Mirage-crypto provides the underlying cryptographic primitives, initially released in March 2020 as a fork of nocrypto -- huge thanks to pqwy for his great work. Mirage-crypto detects CPU features at runtime (thanks to Julow) (bugfix for bswap), using constant time modular exponentation (powm_sec) and hardens against Lenstra's CRT attack, supports compilation on Windows (thanks to avsm), async entropy harvesting (thanks to seliopou), 32 bit support, chacha20/poly1305 (thanks to abeaumont), cross-compilation (thanks to EduardoRFS) and various bug fixes, even memory leak (thanks to talex5 for reporting several of these issues), and RSA interoperability (thanks to psafont for investigation and mattjbray for reporting). This library feels very mature now - being used by multiple stakeholders, and lots of issues have been fixed in 2020.

+

Qubes Firewall

+

The MirageOS based Qubes firewall is the most widely used MirageOS unikernel. And it got major updates: in May Steffi announced her and Mindy's work on improving it for Qubes 4.0 - including dynamic firewall rules via QubesDB. Thanks to prototypefund for sponsoring.

+

In October 2020, we released Mirage 3.9 with PVH virtualization mode (thanks to mato). There's still a memory leak to be investigated and fixed.

+

IPv6

+

In December, with Mirage 3.10 we got the IPv6 code up and running. Now MirageOS unikernels have a dual stack available, besides IPv4-only and IPv6-only network stacks. Thanks to nojb for the initial code and MagnusS.

+

Turns out this blog, but also robur services, are now available via IPv6 :)

+

Albatross

+

Also in December, I pushed an initial release of albatross, a unikernel orchestration system with remote access. Deploy your unikernel via a TLS handshake -- the unikernel image is embedded in the TLS client certificates.

+

Thanks to reynir for statistics support on Linux and improvements of the systemd service scripts. Also thanks to cfcs for the initial Linux port.

+

CA certs

+

For several years I postponed the problem of how to actually use the operating system trust anchors for OCaml-TLS connections. Thanks to emillon for initial code, there are now ca-certs and ca-certs-nss opam packages (see release announcement) which fills this gap.

+

Unikernels

+

I developed several useful unikernels in 2020, and also pushed a unikernel gallery to the Mirage website:

+

Traceroute in MirageOS

+

I already wrote about traceroute which traces the routing to a given remote host.

+

Unipi - static website hosting

+

Unipi is a static site webserver which retrieves the content from a remote git repository. Let's encrypt certificate provisioning and dynamic updates via a webhook to be executed for every push.

+

TLSTunnel - TLS demultiplexing

+

The physical machine this blog and other robur infrastructure runs on has been relocated from Sweden to Germany mid-December. Thanks to UPS! Fewer IPv4 addresses are available in the new data center, which motivated me to develop tlstunnel.

+

The new behaviour is as follows (see the monitoring branch):

+
    +
  • listener on TCP port 80 which replies with a permanent redirect to https +
    • +
  • listener on TCP port 443 which forwards to a backend host if the requested server name is configured +
    • +
  • its configuration is stored on a block device, and can be dynamically changed (with a custom protocol authenticated with a HMAC) +
    • +
  • it is setup to hold a wildcard TLS certificate and in DNS a wildcard entry is pointing to it +
    • +
  • setting up a new service is very straightforward: only the new name needs to be registered with tlstunnel together with the TCP backend, and everything will just work +
    • +
+

2021

+

The year started with a release of awa, a SSH implementation in OCaml (thanks to haesbaert for initial code). This was followed by a git 3.0 release (thanks to dinosaure).

+

Deploying MirageOS - NGI Pointer

+

For 2021 we at robur received funding from the EU (via NGI pointer) for "Deploying MirageOS", which boils down into three parts:

+
    +
  • reproducible binary releases of MirageOS unikernels, +
    • +
  • monitoring (and other devops features: profiling) and integration into existing infrastructure, +
    • +
  • and further documentation and advertisement. +
    • +
+

Of course this will all be available open source. Please get in touch via eMail (team aT robur dot coop) if you're eager to integrate MirageOS unikernels into your infrastructure.

+

We discovered at an initial meeting with an infrastructure provider that a DNS resolver is of interest - even more now that dnsmasq suffered from dnspooq. We are already working on an implementation of DNSSec.

+

MirageOS unikernels are binary reproducible, and infrastructure tools are available. We are working hard on a web interface (and REST API - think of it as "Docker Hub for MirageOS unikernels"), and more tooling to verify reproducibility.

+

Conex - securing the supply chain

+

Another funding from the OCSF is to continue development and deploy conex - to bring trust into opam-repository. This is a great combination with the reproducible build efforts, and will bring much more trust into retrieving OCaml packages and using MirageOS unikernels.

+

MirageOS 4.0

+

Mirage so far still uses ocamlbuild and ocamlfind for compiling the virtual machine binary. But the switch to dune is close, a lot of effort has been done. This will make the developer experience of MirageOS much more smooth, with a per-unikernel monorepo workflow where you can push your changes to the individual libraries.

+

Footer

+

If you want to support our work on MirageOS unikernels, please donate to robur. I'm interested in feedback, either via twitter, hannesm@mastodon.social or via eMail.

+
\ No newline at end of file diff --git a/Posts/OCaml b/Posts/OCaml new file mode 100644 index 0000000..e7335f1 --- /dev/null +++ b/Posts/OCaml @@ -0,0 +1,121 @@ + +Why OCaml

Why OCaml

Written by hannes
Classified under: overviewbackground
Published: 2016-04-17 (last updated: 2021-11-19)

Programming

+

For me, programming is fun. I enjoy doing it, every single second. All the way +from designing over experimenting to debugging why it does not do what I want. +In the end, the computer is dumb and executes only what you (or code from +someone else which you rely on) tell it to do.

+

To abstract from assembly code, which is not portable, programming languages were +developed. Different flavoured languages vary in +expressive power and static guarantees. Many claim to be general purpose or +systems languages; depending on the choices of +the language designer and tooling around the language, it is a language which lets you conveniently develop programs in.

+

A language designer decides on the builtin abstraction mechanisms, each of which +is both a burden and a blessing: it might be interfering (which to use? for or while, trait or object), +orthogonal (one way to do it), or even synergistic (higher order functions and anonymous functions). Another choice is whether the language includes a type +system, and if the developer can cheat on it (by allowing arbitrary type casts, a weak type system). A strong static type system +allows a developer to encode invariants, without the need to defer to runtime +assertions. Type systems differ in their expressive power (dependent typing are the hot research area at the moment). Tooling depends purely +on the community size, natural selection will prevail the useful tools +(community size gives inertia to other factors: demand for libraries, package manager, activity on stack overflow, etc.).

+

Why OCaml?

+

As already mentioned in other +articles here, it is a +combination of sufficiently large community, runtime stability and performance, modularity, +carefully thought out abstraction mechanisms, maturity (OCaml recently turned 20), and functional features.

+

The latter is squishy, I'll try to explain it a bit: you define your concrete +data types as products (int * int, a tuple of integers), records ({ foo : int ; bar : int } to name fields), sums (type state = Initial | WaitingForKEX | Established, or variants, or tagged union in C). +These are called algebraic data types. Whenever you have a +state machine, you can encode the state as a variant and use a +pattern match to handle the different cases. The compiler checks whether your pattern match is complete +(contains a line for each member of the variant). Another important aspect of +functional programming is that you can pass functions to other functions +(higher-order functions). Also, recursion is fundamental for functional +programming: a function calls itself -- combined with a variant type (such as +type 'a list = Nil | Cons of 'a * 'a list) it is trivial to show termination.

+

Side effects make the program interesting, because they +communicate with other systems or humans. Side effects should be isolated and +explicitly stated (in the type!). Algorithm and protocol +implementations should not deal with side effects internally, but leave this to an +effectful layer on top of it. The internal pure functions +(which receive arguments and return values, no other way of communication) inside +preserve referential +transparency. +Modularity helps to separate the concerns.

+

The holy grail is declarative programing, write what +a program should achieve, not how to achieve it (like often done in an imperative language).

+

OCaml has a object and class system, which I do not use. OCaml also contains +exceptions (and annoyingly the standard library (e.g. List.find) is full of +them), which I avoid as well. Libraries should not expose any exception (apart from out of memory, a really exceptional situation). If your +code might end up in an error state (common for parsers which process input +from the network), return a variant type as value (type ('a, 'b) result = Ok of 'a | Error of 'b). +That way, the caller has to handle +both the success and failure case explicitly.

+

Where to start?

+

The OCaml website contains a variety of +tutorials and examples, including +introductionary +material how to get +started with a new library. Editor integration (at least for emacs, vim, and +atom) is via merlin +available.

+

A very good starting book is OCaml from the very +beginning to learn the functional ideas in OCaml (also +its successor More +OCaml). +Another good book is real world OCaml, though it +is focussed around the "core" library (which I do not recommend due to its +huge size).

+

There are programming +guidelines, best to re-read +on a regular schedule. Daniel wrote guidelines how to handle with errors and results.

+

Opam is the OCaml package manager. +The opam repository contains over 1000 +libraries. The quality varies, I personally like the small libraries done by +Daniel Bünzli, as well as our +nqsb libraries (see mirleft org), +notty. +A concise library (not much code), +including tests, documentation, etc. is +hkdf. For testing I currently prefer +alcotest. For cooperative tasks, +lwt is decent (though it is a bit convoluted by +integrating too many features).

+

I try to stay away from big libraries such as ocamlnet, core, extlib, batteries. +When I develop a library I do not want to force anyone into using such large +code bases. Since opam is widely used, distributing libraries became easier, +thus the trend is towards small libraries (such as +astring, +ptime, +PBKDF, scrypt).

+

What is needed? This depends on your concrete goal. There are lots of +issues in lots of libraries, the MirageOS project also has a list of +Pioneer projects which +would be useful to have. I personally would like to have a native simple +authentication and security layer (SASL) +implementation in OCaml soon (amongst other things, such as using an ELF section for +data, +strtod).

+

A dashboard for MirageOS is +under development, which will hopefully ease tracking of what is being actively +developed within MirageOS. Because I'm impatient, I setup an atom +feed +which watches lots of MirageOS-related repositories.

+

I hope I gave some insight into OCaml, and why I currently enjoy it. A longer read on applicability of OCaml is our Usenix 2015 paper +Not-quite-so-broken TLS: lessons in re-engineering a security protocol +specification and +implementation. I'm interested in feedback, either via +twitter or via eMail.

+

Other updates in the MirageOS ecosystem

+ +
\ No newline at end of file diff --git a/Posts/OpamMirror b/Posts/OpamMirror new file mode 100644 index 0000000..74c4fb4 --- /dev/null +++ b/Posts/OpamMirror @@ -0,0 +1,32 @@ + +Mirroring the opam repository and all tarballs

Mirroring the opam repository and all tarballs

Written by hannes
Classified under: mirageosdeploymentopam
Published: 2022-09-29 (last updated: 2022-10-11)

We at robur developed opam-mirror in the last month and run a public opam mirror at https://opam.robur.coop (updated hourly).

+

What is opam and why should I care?

+

Opam is the OCaml package manager (also used by other projects such as coq). It is a source based system: the so-called repository contains the metadata (url to source tarballs, build dependencies, author, homepage, development repository) of all packages. The main repository is hosted on GitHub as ocaml/opam-repository, where authors of OCaml software can contribute (as pull request) their latest releases.

+

When opening a pull request, automated systems attempt to build not only the newly released package on various platforms and OCaml versions, but also all reverse dependencies, and also with dependencies with the lowest allowed version numbers. That's crucial since neither semantic versioning has been adapted across the OCaml ecosystem (which is tricky, for example due to local opens any newly introduced binding will lead to a major version bump), neither do many people add upper bounds of dependencies when releasing a package (nobody is keen to state "my package will not work with cmdliner in version 1.2.0").

+

So, the opam-repository holds the metadata of lots of OCaml packages (around 4000 at the moment this article was written) with lots of versions (in total 25000) that have been released. It is used by the opam client to figure out which packages to install or upgrade (using a solver that takes the version bounds into consideration).

+

Of course, opam can use other repositories (overlays) or forks thereof. So nothing stops you from using any other opam repository. The url to the source code of each package may be a tarball, or a git repository or other version control systems.

+

The vast majority of opam packages released to the opam-repository include a link to the source tarball and a cryptographic hash of the tarball. This is crucial for security (under the assumption the opam-repository has been downloaded from a trustworthy source - check back later this year for updates on conex). At the moment, there are some weak spots in respect to security: md5 is still allowed, and the hash and the tarball are downloaded from the same server: anyone who is in control of that server can inject arbitrary malicious data. As outlined above, we're working on infrastructure which fixes the latter issue.

+

How does the opam client work?

+

Opam, after initialisation, downloads the index.tar.gz from https://opam.ocaml.org/index.tar.gz, and uses this as the local opam universe. An opam install cmdliner will resolve the dependencies, and download all required tarballs. The download is first tried from the cache, and if that failed, the URL in the package file is used. The download from the cache uses the base url, appends the archive-mirror, followed by the hash algorithm, the first two characters of the has of the tarball, and the hex encoded hash of the archive, i.e. for cmdliner 1.1.1 which specifies its sha512: https://opam.ocaml.org/cache/sha512/54/5478ad833da254b5587b3746e3a8493e66e867a081ac0f653a901cc8a7d944f66e4387592215ce25d939be76f281c4785702f54d4a74b1700bc8838a62255c9e.

+

How does the opam repository work?

+

According to DNS, opam.ocaml.org is a machine at amazon. It likely, apart from the website, uses opam admin index periodically to create the index tarball and the cache. There's an observable delay between a package merge in the opam-repository and when it shows up at opam.ocaml.org. Recently, there was a reported downtime.

+

Apart from being a single point of failure, if you're compiling a lot of opam projects (e.g. a continuous integration / continuous build system), it makes sense from a network usage (and thus sustainability perspective) to move the cache closer to where you need the source archives. We're also organising the MirageOS hack retreats in a northern African country with poor connectivity - so if you gather two dozen camels you better bring your opam repository cache with you to reduce the bandwidth usage (NB: this requires at the moment cooperation of all participants to configure their default opam repository accordingly).

+

Re-developing "opam admin create" as MirageOS unikernel

+

The need for a local opam cache at our reproducible build infrastructure and the retreats, we decided to develop opam-mirror as a MirageOS unikernel. Apart from a useful showcase using persistent storage (that won't fit into memory), and having fun while developing it, our aim was to reduce our time spent on system administration (the opam admin index is only one part of the story, it needs a Unix system and a webserver next to it - plus remote access for doing software updates - which has quite some attack surface.

+

Another reason for re-developing the functionality was that the opam code (what opam admin index actually does) is part of the opam source code, which totals to 50_000 lines of code -- looking up whether one or all checksums are verified before adding the tarball to the cache, was rather tricky.

+

In earlier years, we avoided persistent storage and block devices in MirageOS (by embedding it into the source code with crunch, or using a remote git repository), but recent development, e.g. of chamelon sparked some interest in actually using file systems and figuring out whether MirageOS is ready in that area. A month ago we started the opam-mirror project.

+

Opam-mirror takes a remote repository URL, and downloads all referenced archives. It serves as a cache and opam-repository - and does periodic updates from the remote repository. The idea is to validate all available checksums and store the tarballs only once, and store overlays (as maps) from the other hash algorithms.

+

Code development and improvements

+

Initially, our plan was to use ocaml-git for pulling the repository, chamelon for persistent storage, and httpaf as web server. With ocaml-tar recent support of gzip we should be all set, and done within a few days.

+

There is already a gap in the above plan: which http client to use - in the best case something similar to our http-lwt-client - in MirageOS: it should support HTTP 1.1 and HTTP 2, TLS (with certificate validation), and using happy-eyeballs to seemlessly support both IPv6 and legacy IPv4. Of course it should follow redirect, without that we won't get far in the current Internet.

+

On the path (over the last month), we fixed file descriptor leaks (memory leaks) in paf -- which is used as a runtime for httpaf and h2.

+

Then we ran into some trouble with chamelon (out of memory, some degraded peformance, it reporting out of disk space), and re-thought our demands for opam-mirror. Since the cache is only ever growing (new packages are released), there's no need to ever remove anything: it is append-only. Once we figured that out, we investigated what needs to be done in ocaml-tar (where tar is in fact a tape archive, and was initially designed as file format to be appended to) to support appending to an archive.

+

We also re-thought our bandwidth usage, and instead of cloning the git remote at startup, we developed git-kv which can dump and restore the git state.

+

Also, initially we computed all hashes of all tarballs, but with the size increasing (all archives are around 7.5GB) this lead to a major issue of startup time (around 5 minutes on a laptop), so we wanted to save and restore the maps as well.

+

Since neither git state nor the maps are suitable for tar's append-only semantics, and we didn't want to investigate yet another file system - such as fat may just work fine, but the code looks slightly bitrot, and the reported issues and non-activity doesn't make this package very trustworthy from our point of view. Instead, we developed mirage-block-partition to partition a block device into two. Then we just store the maps and the git state at the end - the end of a tar archive is 2 blocks of zeroes, so stuff at the far end aren't considered by any tooling. Extending the tar archive is also possible, only the maps and git state needs to be moved to the end (or recomputed). As file system, we developed oneffs which stores a single value on the block device.

+

We observed a high memory usage, since each requested archive was first read from the block device into memory, and then sent out. Thanks to Pierre Alains recent enhancements of the mirage-kv API, there is a get_partial, that we use to chunk-wise read the archive and send it via HTTP. Now, the memory usage is around 20MB (the git repository and the generated tarball are kept in memory).

+

What is next? Downloading and writing to the tar archive could be done chunk-wise as well; also dumping and restoring the git state is quite CPU intensive, we would like to improve that. Adding the TLS frontend (currently done on our site by our TLS termination proxy tlstunnel) similar to how unipi does it, including let's encrypt provisioning -- should be straightforward (drop us a note if you'd be interesting in that feature).

+

Conclusion

+

To conclude, we managed within a month to develop this opam-mirror cache from scratch. It has a reasonable footprint (CPU and memory-wise), is easy to maintain and easy to update - if you want to use it, we also provide reproducible binaries for solo5-hvt. You can use our opam mirror with opam repository set-url default https://opam.robur.coop (revert to the other with opam repository set-url default https://opam.ocaml.org) or use it as a backup with opam repository add robur --rank 2 https://opam.robur.coop.

+

Please reach out to us (at team AT robur DOT coop) if you have feedback and suggestions. We are a non-profit company, and rely on donations for doing our work - everyone can contribute.

+
\ No newline at end of file diff --git a/Posts/OperatingSystem b/Posts/OperatingSystem new file mode 100644 index 0000000..2011799 --- /dev/null +++ b/Posts/OperatingSystem @@ -0,0 +1,161 @@ + +Operating systems

Operating systems

Written by hannes
Classified under: overviewoperating systemmirageos
Published: 2016-04-09 (last updated: 2021-11-19)

Sorry to be late with this entry, but I had to fix some issues.

+

What is an operating system?

+

Wikipedia says: "An operating system (OS) is system software that manages +computer hardware and software resources and provides common services for +computer programs." Great. In other terms, it is an abstraction layer. +Applications don't need to deal with the low-level bits (device drivers) of the +computer.

+

But if we look at the landscape of deployed operating systems, there is a lot +more going on than abstracting devices: usually this includes process management (scheduler), +memory management (virtual memory), C +library, user management +(including access control), persistent storage (file system), network stack, +etc. all being part of the kernel, and executed in kernel space. A +counterexample is Minix, which consists of a tiny +microkernel, and executes the above mentioned services as user-space processes.

+

We are (or at least I am) interested in robust systems. Development is done +by humans, thus will always be error-prone. Even a proof of its functional +correctness can be flawed if the proof system is inconsistent or the +specification is wrong. We need to have damage control in place by striving +for the principle of least authority. +The goods to guard is the user data (passwords, personal information, private +mails, ...), which lives in memory.

+

A CPU contains protection rings, +where the kernel runs in ring 0 and thus has full access to the hardware, +including memory. A flaw in the kernel is devastating for the security of the +entire system, it is part of the trusted computing base). +Every byte of kernel code should be carefully developed and audited. If we +can contain code into areas with less authority, we should do so. Obviously, +the mechanism to contain code needs to be carefully audited as well, since +it will likely need to run in privileged mode.

+

In a virtualised world, we run a +hypervisor in ring -1, on top of +which we run an operating system kernel. The hypervisor gives access to memory +and hardware to virtual machines, schedules those virtual machines on +processors, and should isolate the virtual machines from each other (by using +the MMU).

+

there's no cloud, just other people's computers

+

This ominous "cloud" uses hypervisors on huge amount of physical machines, and +executes off-the-shelf operating systems as virtual machines on top. Accounting +is done by resource usage (time, bandwidth, storage).

+

From scratch

+

Ok, now we have hypervisors which already deals with memory and scheduling. Why +should we have the very same functionality again in the (general purpose) operating +system running as virtual machine?

+

Additionally, earlier in my life (back in 2005 at the Dutch hacker camp "What +the hack") I proposed (together with Andreas Bogk) to phase out UNIX before +2038-01-19 (this is when time_t +overflows, unless promoted to 64 bit), and replace it with Dylan. A random +comment about +our talk on the Internet is "the proposal that rewriting an entire OS in a +language with obscure syntax was somewhat original. However, I now somewhat feel +a strange urge to spend some time on Dylan, which is really weird..."

+

Being without funding back then, we didn't get far (hugest success was a +TCP/IP stack in +Dylan), and as mentioned earlier I went into formal methods and mechanised +proofs of full functional correctness properties.

+

MirageOS

+

At the end of 2013, David pointed me to +MirageOS, an operating system developed from scratch in the +functional and statically typed language OCaml. I've not +used much OCaml before, but some other functional programming languages. +Since then, I spend nearly every day on developing OCaml libraries (with varying success on being happy +with my code). In contrast to Dylan, there are more than two people developing MirageOS.

+

The idea is straightforward: use a hypervisor, and its hardware +abstractions (virtualised input/output and network device), and execute the +OCaml runtime directly on it. No C library included (since May 2015, see this +thread). +The virtual machine, based on the OCaml runtime and composed of OCaml libraries, +uses a single address space and runs in ring 0.

+

As mentioned above, all code which runs in ring 0 needs to be carefully +developed and checked since a flaw in it can jeopardise the security properties +of the entire system: the TCP/IP library should not have access to the private +key used for the TLS handshake. If we trust the OCaml runtime, especially its +memory management, there is no way for the TCP/IP library to access the memory +of the TLS subsystem: the TLS API does not expose the private key via an API +call, and being in a memory safe language, a library cannot read arbitrary +memory. There is no real need to isolate each library into a separate address +spaces. In my opinion, using capabilities for memory access would be a great +improvement, similar to barrelfish. OCaml has a C +foreign function call interface which can be used to read arbitrary memory -- +you have to take care that all C bits of the system are not malicious (it is +fortunately difficult to embed C code into MirageOS, thus only few bits written +in C are in MirageOS (such as (loop and allocation free) crypto +primitives). +To further read up on the topic, there is a nice article about the +security.

+

This website is 12MB in size (and I didn't even bother to strip yet), which +includes the static CSS and JavaScript (bootstrap, jquery, fonts), HTTP, TLS (also X.509, ASN.1, crypto), git (and irmin), TCP/IP libraries. +The memory management in MirageOS is +straightforward: the hypervisor provides the OCaml runtime with a chunk of memory, which +immediately takes all of it.

+

This is much simpler to configure and deploy than a UNIX operating system: +There is no virtual memory, no process management, no file +system (the markdown content is held in memory with irmin!), no user management in the image.

+

At compile (configuration) time, the TLS keys are baked into the image, in addition to the url of the remote +git repository, the IPv4 address and ports the image should use: +The full command line for configuring this website is: mirage configure --no-opam --xen -i Posts -n "full stack engineer" -r git://git.robur.io/hannes/hannes.robur.coop.git --dhcp false --network 0 --ip 198.167.222.205 --netmask 255.255.255.0 --gateways 198.167.222.1 --tls 443 --port 80. +It relies on the fact that the TLS certificate chain and private key are in the tls/ subdirectory, which is transformed to code and included in the image (using crunch). An improvement would be to use an ELF section, but there is no code yet. +After configuring and installing the required dependencies, a make builds the statically linked image.

+

Deployment is done via xl create canopy.xl. The file canopy.xl is automatically generated by mirage --configure (but might need modifications). It contains the full path to the image, the name of the bridge +interface, and how much memory the image can use:

+
name = 'canopy'
+kernel = 'mir-canopy.xen'
+builder = 'linux'
+memory = 256
+on_crash = 'preserve'
+vif = [ 'bridge=br0' ]
+
+

To rephrase: instead of running on a multi-purpose operating system including processes, file system, etc., this website uses a +set of libraries, which are compiled and statically +linked into the virtual machine image.

+

MirageOS uses the module system of OCaml to define how interfaces should be, thus an +application developer does not need to care whether they are using the TCP/IP +stack written in OCaml, or the sockets API of a UNIX operating system. This +also allows to compile and debug your library on UNIX using off-the-shelf tools +before deploying it as a virtual machine (NB: this is a lie, since there is code +which is only executed when running on Xen, and this code can be buggy) ;).

+

Most of the MirageOS ecosystem is developed under MIT/ISC/BSD license, which +allows everybody to use it for whichever project they want.

+

Did I mention that by using less code the attack vector shrinks? In +addition to that, using a memory safe programming language, where the developer +does not need to care about memory management and bounds checks, immediately removes +several classes of security problems (namely spatial and temporal memory +issues), once the runtime is trusted. +The OCaml runtime was reviewed by the French Agence nationale de la sécurité des systèmes d’information in 2013, +leading to some changes, such as separation of immutable strings (String) from mutable byte vectors (Bytes).

+

The attack surface is still big enough: logical issues, resource management, and there is no access +control. This website does not need access control, publishing of content is protected by relying on GitHub's +access control.

+

I hope I gave some insight into what the purpose of an operating systems is, and +how MirageOS fits into the picture. I'm interested in feedback, either via +twitter or via eMail.

+

Other updates in the MirageOS ecosystem

+
    +
  • this website is based on Canopy, the content is stored as markdown in a git repository +
    • +
  • it was running in a FreeBSD jail, but when I compiled too much the underlying zfs file system wasn't happy (and is now hanging in kernel space in a read) +
    • +
  • no remote power switch (borrowed to a friend 3 weeks ago), nobody was willing to go to the data centre and reboot +
    • +
  • I wanted to move it anyways to a host where I can deploy Xen guest VMs +
    • +
  • turns out the Xen compilation and deployment mode needed some love: + +
    • +
  • I was travelling +
    • +
  • good news: it now works on Xen, and there is an atom feed +
    • +
  • life of an "eat your own dogfood" full stack engineer ;) +
    • +
+
\ No newline at end of file diff --git a/Posts/Pinata b/Posts/Pinata new file mode 100644 index 0000000..4407c05 --- /dev/null +++ b/Posts/Pinata @@ -0,0 +1,45 @@ + +The Bitcoin Piñata - no candy for you

The Bitcoin Piñata - no candy for you

Written by hannes
Classified under: mirageossecuritybitcoin
Published: 2018-04-18 (last updated: 2021-11-19)

History

+

On February 10th 2015 David Kaloper-Meršinjak and Hannes Mehnert +launched (read also Amir's +description) our bug bounty +program in the form of our +Bitcoin Piñata MirageOS unikernel. Thanks again to +IPredator for both hosting our services and lending us +the 10 Bitcoins! We analysed a +bit more in depth after running it for five months. Mindy recently wrote about +whacking the Bitcoin +Piñata.

+

On March 18th 2018, after more than three years, IPredator, the lender of the Bitcoins, repurposed the 10 Bitcoins for other projects. Initially, we thought that the Piñata would maybe run for a month or two, but IPredator, David, and I decided to keep it running. The update of the Piñata's bounty is a good opportunity to reflect on the project.

+

The 10 Bitcoin in the Piñata were fluctuating in price over time, at peak worth 165000€.

+

From the start of the Piñata project, we published the source code, the virtual machine image, and the versions of the used libraries in a git repository. Everybody could develop their exploits locally before launching them against our Piñata. The Piñata provides TLS endpoints, which require private keys and certificates. These are generated by the Piñata at startup, and the secret for the Bitcoin wallet is provided as a command line argument.

+

Initially the Piñata was deployed on a Linux/Xen machine, later it was migrated to a FreeBSD host using BHyve and VirtIO with solo5, and in December 2017 it was migrated to native BHyve (using ukvm-bin and solo5). We also changed the Piñata code to accomodate for updates, such as the MirageOS 3.0 release, and the discontinuation of floating point numbers for timestamps (asn1-combinators 0.2.0, x509 0.6.0, tls 0.9.0).

+

Motivation

+

We built the Piñata for many purposes: to attract security professionals to evaluate our from-scratch developed TLS stack, to gather empirical data for our Usenix Security 15 paper, and as an improvement to current bug bounty programs.

+

Most bug bounty programs require communication via forms and long wait times for +human experts to evaluate the potential bug. This evaluation is subjective, +intransparent, and often requires signing of non-disclosure agreements (NDA), +even before the evaluation starts.

+

Our Piñata automates these parts, getting rid of wait times and NDAs. To get +the private wallet key that holds the bounty, you need to successfully establish +an authenticated TLS session or find a flaw elsewhere in the stack, which allows +to read arbitrary memory. Everyone can track transactions of the blockchain and +see if the wallet still contains the bounty.

+

Of course, the Piñata can't prove that our stack is secure, and it can't prove +that the access to the wallet is actually inside. But trust us, it is!

+

Observations

+

I still remember vividly the first nights in February 2015, being so nervous that I woke up every two hours and checked the blockchain. Did the Piñata still have the Bitcoins? I was familiar with the code of the Piñata and was afraid there might be a bug which allows to bypass authentication or leak the private key. So far, this doesn't seem to be the case.

+

In April 2016 we stumbled upon an information disclosure in the virtual network +device driver for Xen in MirageOS. Given enough +bandwidth, this could have been used to access the private wallet key. We +upgraded the Piñata and released the MirageOS Security Advisory +00.

+

We analysed the Piñata's access logs to the and bucketed them into website traffic and bounty connections. We are still wondering what happened in July 2015 and July 2017 where the graph shows spikes. Could it be a presentation mentioning the Piñata, or a new automated tool which tests for TLS vulnerabilities, or an increase in market price for Bitcoins?

+

Piñata access Piñata access cumulative

+

The cumulative graph shows that more than 500,000 accesses to the Piñata website, and more than 150,000 attempts at connecting to the Piñata bounty.

+

You can short-circuit the client and server Piñata endpoint and observe the private wallet key being transferred on your computer, TLS encrypted with the secret exchanged by client and server, using socat -x TCP:ownme.ipredator.se:10000 TCP:ownme.ipredator.se:10002.

+

If you attempted to exploit the Piñata, please let us know what you tried! Via +twitter +hannesm@mastodon.social or via eMail.

+

Since the start of 2018 we are developing robust software and systems at robur. If you like our work and want to support us with donations or development contracts, please get in touch with team@robur.io. Robur is a project of the German non-profit Center for the cultivation of technology. Donations to robur are tax-deductible in Europe.

+
\ No newline at end of file diff --git a/Posts/ReproducibleOPAM b/Posts/ReproducibleOPAM new file mode 100644 index 0000000..62bd83b --- /dev/null +++ b/Posts/ReproducibleOPAM @@ -0,0 +1,43 @@ + +Reproducible MirageOS unikernel builds

Reproducible MirageOS unikernel builds

Written by hannes
Classified under: mirageossecuritypackage signing
Published: 2019-12-16 (last updated: 2021-11-19)

Reproducible builds summit

+

I'm just back from the Reproducible builds summit 2019. In 2018, several people developing OCaml and opam and MirageOS, attended the Reproducible builds summit in Paris. The notes from last year on opam reproducibility and MirageOS reproducibility are online. After last years workshop, Raja started developing the opam reproducibilty builder orb, which I extended at and after this years summit. This year before and after the facilitated summit there were hacking days, which allowed further interaction with participants, writing some code and conduct experiments. I had this year again an exciting time at the summit and hacking days, thanks to our hosts, organisers, and all participants.

+

Goal

+

Stepping back a bit, first look on the goal of reproducible builds: when compiling source code multiple times, the produced binaries should be identical. It should be sufficient if the binaries are behaviourally equal, but this is pretty hard to check. It is much easier to check bit-wise identity of binaries, and relaxes the burden on the checker -- checking for reproducibility is reduced to computing the hash of the binaries. Let's stick to the bit-wise identical binary definition, which also means software developers have to avoid non-determinism during compilation in their toolchains, dependent libraries, and developed code.

+

A checklist of potential things leading to non-determinism has been written up by the reproducible builds project. Examples include recording the build timestamp into the binary, ordering of code and embedded data. The reproducible builds project also developed disorderfs for testing reproducibility and diffoscope for comparing binaries with file-dependent readers, falling back to objdump and hexdump. A giant test infrastructure with lots of variations between the builds, mostly using Debian, has been setup over the years.

+

Reproducibility is a precondition for trustworthy binaries. See why does it matter. If there are no instructions how to get from the published sources to the exact binary, why should anyone trust and use the binary which claims to be the result of the sources? It may as well contain different code, including a backdoor, bitcoin mining code, outputting the wrong results for specific inputs, etc. Reproducibility does not imply the software is free of security issues or backdoors, but instead of a audit of the binary - which is tedious and rarely done - the source code can be audited - but the toolchain (compiler, linker, ..) used for compilation needs to be taken into account, i.e. trusted or audited to not be malicious. I will only ever publish binaries if they are reproducible.

+

My main interest at the summit was to enhance existing tooling and conduct some experiments about the reproducibility of MirageOS unikernels -- a unikernel is a statically linked ELF binary to be run as Unix process or virtual machine. MirageOS heavily uses OCaml and opam, the OCaml package manager, and is an opam package itself. Thus, checking reproducibility of a MirageOS unikernel is the same problem as checking reproducibility of an opam package.

+

Reproducible builds with opam

+

Testing for reproducibility is achieved by taking the sources and compile them twice independently. Afterwards the equality of the resulting binaries can be checked. In trivial projects, the sources is just a single file, or originate from a single tarball. In OCaml, opam uses a community repository where OCaml developers publish their package releases to, but can also use custom repositores, and in addition pin packages to git remotes (url including branch or commit), or a directory on the local filesystem. Manually tracking and updating all dependent packages of a MirageOS unikernel is not feasible: our hello-world compiled for hvt (kvm/BHyve) already has 79 opam dependencies, including the OCaml compiler which is distribued as opam package. The unikernel serving this website depends on 175 opam packages.

+

Conceptually there should be two tools, the initial builder, which takes the latest opam packages which do not conflict, and exports exact package versions used during the build, as well as hashes of binaries. The other tool is a rebuilder, which imports the export, conducts a build, and outputs the hashes of the produced binaries.

+

Opam has the concept of a switch, which is an environment where a package set is installed. Switches are independent of each other, and can already be exported and imported. Unfortunately the export is incomplete: if a package includes additional patches as part of the repository -- sometimes needed for fixing releases where the actual author or maintainer of a package responds slowly -- these package neither the patches end up in the export. Also, if a package is pinned to a git branch, the branch appears in the export, but this may change over time by pushing more commits or even force-pushing to that branch. In PR #4040 (under discussion and review), also developed during the summit, I propose to embed the additional files as base64 encoded values in the opam file. To solve the latter issue, I modified the export mechanism to embed the git commit hash (PR #4055), and avoid sources from a local directory and which do not have a checksum.

+

So the opam export contains the information required to gather the exact same sources and build instructions of the opam packages. If the opam repository would be self-contained (i.e. not depend on any other tools), this would be sufficient. But opam does not run in thin air, it requires some system utilities such as /bin/sh, sed, a GNU make, commonly git, a C compiler, a linker, an assembler. Since opam is available on various operating systems, the plugin depext handles host system dependencies, e.g. if your opam package requires gmp to be installed, this requires slightly different names depending on host system or distribution, take a look at conf-gmp. This also means, opam has rather good information about both the opam dependencies and the host system dependencies for each package. Please note that the host system packages used during compilation are not yet recorded (i.e. which gmp package was installed and used during the build, only that a gmp package has to be installed). The base utilities mentioned above (C compiler, linker, shell) are also not recorded yet.

+

Operating system information available in opam (such as architecture, distribution, version), which in some cases maps to exact base utilities, is recorded in the build-environment, a separate artifact. The environment variable SOURCE_DATE_EPOCH, used for communicating the same timestamp when software is required to record a timestamp into the resulting binary, is also captured in the build environment.

+

Additional environment variables may be captured or used by opam packages to produce different output. To avoid this, both the initial builder and the rebuilder are run with minimal environment variables: only PATH (normalised to a whitelist of /bin, /usr/bin, /usr/local/bin and /opt/bin) and HOME are defined. Missing information at the moment includes CPU features: some libraries (gmp?, nocrypto) emit different code depending on the CPU feature.

+

Tooling

+

TL;DR: A build builds an opam package, and outputs .opam-switch, .build-hashes.N, and .build-environment.N. A rebuild uses these artifacts as input, builds the package and outputs another .build-hashes.M and .build-environment.M.

+

The command-line utility orb can be installed and used:

+
$ opam pin add orb git+https://github.com/hannesm/orb.git#active
+$ orb build --twice --keep-build-dir --diffoscope <your-favourite-opam-package>
+
+

It provides two subcommands build and rebuild. The build command takes a list of local opam --repos where to take opam packages from (defaults to default), a compiler (either a variant --compiler=4.09.0+flambda, a version --compiler=4.06.0, or a pin to a local development version --compiler-pin=~/ocaml), and optionally an existing switch --use-switch. It creates a switch, builds the packages, and emits the opam export, hashes of all files installed by these packages, and the build environment. The flags --keep-build retains the build products, opam's --keep-build-dir in addition temporary build products and generated source code. If --twice is provided, a rebuild (described next) is executed after the initial build.

+

The rebuild command takes a directory with the opam export and build environment to build the opam package. It first compares the build-environment with the host system, sets the SOURCE_DATE_EPOCH and switch location accordingly and executes the import. Once the build is finished, it compares the hashes of the resulting files with the previous run. On divergence, if build directories were kept in the previous build, and if diffoscope is available and --diffoscope was provided, diffoscope is run on the diverging files. If --keep-build-dir was provided as well, diff -ur can be used to compare the temporary build and sources, including build logs.

+

The builds are run in parallel, as opam does, this parallelism does not lead to different binaries in my experiments.

+

Results and discussion

+

All MirageOS unikernels I have deployed are reproducible \o/. Also, several binaries such as orb itself, opam, solo5-hvt, and all albatross utilities are reproducible.

+

The unikernel range from hello world, web servers (e.g. this blog, getting its data on startup via a git clone to memory), authoritative DNS servers, CalDAV server. They vary in size between 79 and 200 opam packages, resulting in 2MB - 16MB big ELF binaries (including debug symbols). The unikernel opam repository contains some reproducible unikernels used for testing. Some work-in-progress enhancements are needed to achieve this:

+

At the moment, the opam package of a MirageOS unikernel is automatically generated by mirage configure, but only used for tracking opam dependencies. I worked on mirage PR #1022 to extend the generated opam package with build and install instructions.

+

As mentioned above, if locale is set, ocamlgraph needs to be patched to emit a (locale-dependent) timestamp.

+

The OCaml program crunch embeds a subdirectory as OCaml code into a binary, which we use in MirageOS quite regularly for static assets, etc. This plays in several ways into reproducibility: on the one hand, it needs a timestamp for its last_modified functionality (and adheres since June 2018 to the SOURCE_DATE_EPOCH spec, thanks to Xavier Clerc). On the other hand, it used before version 3.2.0 (released Dec 14th) hashtables for storing the file contents, where iteration is not deterministic (the insertion is not sorted), fixed in PR #51 by using a Map instead.

+

In functoria, a tool used to configure MirageOS devices and their dependencies, can emit a list of opam packages which were required to build the unikernel. This uses opam list --required-by --installed --rec <pkgs>, which uses the cudf graph (thanks to Raja for explanation), that is during the rebuild dropping some packages. The PR #189 avoids by not using the --rec argument, but manually computing the fixpoint.

+

Certainly, the choice of environment variables, and whether to vary them (as debian does) or to not define them (or normalise) while building, is arguably. Since MirageOS does neither support time zone nor internationalisation, there is no need to prematurely solving this issue. On related note, even with different locale settings, MirageOS unikernels are reproducible apart from an issue in ocamlgraph #90 embedding the output of date, which is different depending on LANG and locale (LC_*) settings.

+

Prior art in reproducible MirageOS unikernels is the mirage-qubes-firewall. Since early 2017 it is reproducible. Their approach is different by building in a docker container with the opam repository pinned to an exact git commit.

+

Further work

+

I only tested a certain subset of opam packages and MirageOS unikernels, mainly on a single machine (my laptop) running FreeBSD, and am happy if others will test reproducibility of their OCaml programs with the tools provided. There could as well be CI machines rebuilding opam packages and reporting results to a central repository. I'm pretty sure there are more reproducibility issues in the opam ecosystem. I developed an reproducible testing opam repository with opam packages that do not depend on OCaml, mainly for further tooling development. Some tests were also conducted on a Debian system with the same result. The variations, apart from build time, were using a different user, and different locale settings.

+

As mentioned above, more environment, such as the CPU features, and external system packages, should be captured in the build environment.

+

When comparing OCaml libraries, some output files (cmt / cmti / cma / cmxa) are not deterministic, but contain minimal diverge where I was not able to spot the root cause. It would be great to fix this, likely in the OCaml compiler distribution. Since the final result, the binary I'm interested in, is not affected by non-identical intermediate build products, I hope someone (you?) is interested in improving on this side. OCaml bytecode output also seems to be non-deterministic. There is a discussion on the coq issue tracker which may be related.

+

In contrast to initial plans, I did not used the BUILD_PATH_PREFIX_MAP environment variable, which is implemented in OCaml by PR #1515 (and followups). The main reasons are that something in the OCaml toolchain (I suspect the bytecode interpreter) needed absolute paths to find libraries, thus I'd need a symlink from the left-hand side to the current build directory, which was tedious. Also, my installed assembler does not respect the build path prefix map, and BUILD_PATH_PREFIX_MAP is not widely supported. See e.g. the Debian zarith package with different build paths and its effects on the binary.

+

I'm fine with recording the build path (switch location) in the build environment for now - it turns out to end up only once in MirageOS unikernels, likely by the last linking step, which hopefully soon be solved by llvm 9.0.

+

What was fun was to compare the unikernel when built on Linux with gcc against a built on FreeBSD with clang and lld - spoiler: they emit debug sections with different dwarf versions, it is pretty big. Other fun differences were between OCaml compiler versions: the difference between minor versions (4.08.0 vs 4.08.1) is pretty small (~100kB as human-readable output), while the difference between major version (4.08.1 vs 4.09.0) is rather big (~900kB as human-readable diff).

+

An item on my list for the future is to distribute the opam export, build hashes and build environment artifacts in a authenticated way. I want to integrate this as in-toto style into conex, my not-yet-deployed implementation of tuf for opam that needs further development and a test installation, hopefully in 2020.

+

If you want to support our work on MirageOS unikernels, please donate to robur. I'm interested in feedback, either via twitter, hannesm@mastodon.social or via eMail.

+
\ No newline at end of file diff --git a/Posts/Solo5 b/Posts/Solo5 new file mode 100644 index 0000000..4a8275e --- /dev/null +++ b/Posts/Solo5 @@ -0,0 +1,66 @@ + +Minimising the virtual machine monitor

Minimising the virtual machine monitor

Written by hannes
Classified under: futuremirageossecurity
Published: 2016-07-02 (last updated: 2021-11-19)
    +
  • Update (2016-10-19): all has been merged upstream now! +
    • +
  • Update (2016-10-30): static_website_tls works (TLS,HTTP,network via tap device)! +
    • +
  • Update (2017-02-23): no more extra remotes, Mirage3 is released! +
    • +
+

What?

+

As described earlier, MirageOS is a library operating system developed in OCaml. The code size is already pretty small, deployments are so far either as a UNIX binary or as a Xen virtual machine.

+

Xen is a hypervisor, providing concrete device drivers for the actual hardware of a physical machine, memory management, scheduling, etc. The initial release of Xen was done in 2003, since then the code size and code complexity of Xen is growing. It also has various different mechanisms for virtualisation, hardware assisted ones or purely software based ones, some where the guest operating system needs to cooperate others where it does not need to cooperate.

+

Since 2005, Intel CPUs (as well as AMD CPUs) provide hardware assistance for virtualisation (the VT-x extension), since 2008 extended page tables (EPT) are around which allow a guest to safely access the MMU. Those features gave rise to much smaller hypervisors, such as KVM (mainly Linux), bhyve (FreeBSD), xhyve (MacOSX), vmm (OpenBSD), which do not need to emulate the MMU and other things in software. The boot sequence in those hypervisors uses kexec or multiboot, instead of doing all the 16 bit, 32 bit, 64 bit mode changes manually.

+

MirageOS initially targeted only Xen, in 2015 there was a port to use rumpkernel (a modularised NetBSD), and 2016 solo5 emerged where you can run MirageOS on. Solo5 comes in two shapes, either as ukvm on top of KVM, or as a multiboot image using virtio interfaces (block and network, plus a serial console). Solo5 is only ~1000 lines of code (plus dlmalloc), and ISC-licensed.

+

A recent paper describes the advantages of a tiny virtual machine monitor in detail, namely no more venom like security issues since there is no legacy hardware emulated. Also, each virtual machine monitor can be customised to the unikernel running on top of it: if the unikernel does not need a block device, the monitor shouldn't contain code for it. The idea is to have one customised monitor for each unikernel.

+

While lots of people seem to like KVM and Linux, I still prefer FreeBSD, their jails, and nowadays bhyve. I finally found some time, thanks to various cleanups to the solo5 code base, to finally look into porting solo5 to FreeBSD/bhyve. It runs and can output to console.

+

How?

+

These instructions are still slightly bumpy. If you've a FreeBSD with bhyve (I use FreeBSD-CURRENT), and OCaml and opam (>=1.2.2) installed, it is pretty straightforward to get solo5 running. First, I'd suggest to use a fresh opam switch in case you work on other OCaml projects: opam switch -A 4.04.0 solo5 (followed by eval `opam config env` to setup some environment variables).

+

You need some software from the ports: devel/pkgconf, devel/gmake, devel/binutils, and sysutils/grub2-bhyve.

+

An opam install mirage mirage-logs solo5-kernel-virtio mirage-bootvar-solo5 mirage-solo5 should provide you with a basic set of libraries.

+

Now you can get the mirage-skeleton repository, and inside of device-usage/console, run mirage configure --no-opam --virtio followed by make. There should be a resulting mir-console.virtio.

+

Once that is in place, start your VM:

+
sudo grub-bhyve -M 128M console
+> multiboot (host)/home/hannes/mirage-skeleton/console/mir-console.virtio
+> boot
+
+sudo bhyve -A -H -P -s 0:0,hostbridge -s 1:0,lpc -l com1,stdio -m 128M console
+
+

The following output will appear on your controlling terminal:

+
            |      ___|
+  __|  _ \  |  _ \ __ \
+\__ \ (   | | (   |  ) |
+____/\___/ _|\___/____/
+multiboot: Using memory: 0x100000 - 0x8000000
+TSC frequency estimate is 2593803000 Hz
+Solo5: new bindings
+STUB: getenv() called
+hello
+world
+hello
+world
+hello
+world
+hello
+world
+solo5_app_main() returned with 0
+Kernel done.
+Goodbye!
+
+

Network and TLS stack works as well (tested 30th October).

+

Open issues

+
    +
  • I'm not happy to require ld from the ports (but the one in base does not produce sensible binaries with -z max-page-size=0x1000 related) +
    • +
  • Via twitter, bhyve devs suggested to port ukvm to ubhyve. This is a great idea, to no longer depend on virtio, and get more speed. Any takers? +
    • +
  • Debugging via gdb should be doable somehow, bhyve has some support for gdb, but it is unclear to me what I need to do to enter the debugger (busy looping in the VM and a gdb remote to the port opened by bhyve does not work). +
    • +
+

Conclusion

+

I managed to get solo5 to work with bhyve. I even use clang instead of gcc and don't need to link libgcc.a. :) It is great to see further development in hypervisors and virtual machine monitors. Especially thanks to Martin Lucina for getting things sorted.

+

I'm interested in feedback, either via +twitter or via eMail.

+

Other updates in the MirageOS ecosystem

+

There were some busy times, several pull requests are still waiting to get merged (e.g. some cosmetics in mirage as preconditions for treemaps and dependency diagrams), I proposed to use sleep_ns : int64 -> unit io instead of the sleep : float -> unit io (nobody wants floating point numbers); also an RFC for random, Matt Gray proposed to get rid of CLOCK (and have a PCLOCK and a MCLOCK instead). Soon there will be a major MirageOS release which breaks all the previous unikernels! :)

+
\ No newline at end of file diff --git a/Posts/Summer2019 b/Posts/Summer2019 new file mode 100644 index 0000000..54a7b8d --- /dev/null +++ b/Posts/Summer2019 @@ -0,0 +1,31 @@ + +Summer 2019

Summer 2019

Written by hannes
Classified under: mirageossecuritypackage signingtlsmonitoringdeployment
Published: 2019-07-08 (last updated: 2021-11-19)

Working at robur

+

As announced previously, I started to work at robur early 2018. We're a collective of five people, distributed around Europe and the US, with the goal to deploy MirageOS unikernels. We do this by developing bespoke MirageOS unikernels which provide useful services, and deploy them for ourselves. We also develop new libraries and enhance existing ones and other components of MirageOS. Example unikernels include our website which uses Canopy, a CalDAV server that stores entries in a git remote, and DNS servers (the latter two are further described below).

+

Robur is part of the non-profit company Center for the Cultivation of Technology, who are managing the legal and administrative sides for us. We're ourselves responsible to acquire funding to pay ourselves reasonable salaries. We received funding for CalDAV from prototypefund and further funding from Tarides, for TLS 1.3 from OCaml Labs; security-audited an OCaml codebase, and received donations, also in the form of Bitcoins. We're looking for further funded collaborations and also contracting, mail us at team@robur.io. Please donate (tax-deductible in EU), so we can accomplish our goal of putting robust and sustainable MirageOS unikernels into production, replacing insecure legacy system that emit tons of CO2.

+

Deploying MirageOS unikernels

+

While several examples are running since years (the MirageOS website, Bitcoin Piñata, TLS demo server, etc.), and some shell-scripts for cloud providers are floating around, it is not (yet) streamlined.

+

Service deployment is complex: you have to consider its configuration, exfiltration of logs and metrics, provisioning with valid key material (TLS certificate, hmac shared secret) and authenticators (CA certificate, ssh key fingerprint). Instead of requiring millions lines of code during orchestration (such as Kubernetes), creating the images (docker), or provisioning (ansible), why not minimise the required configuration and dependencies?

+

Earlier in this blog I introduced Albatross, which serves in an enhanced version as our deployment platform on a physical machine (running 15 unikernels at the moment), I won't discuss more detail thereof in this article.

+

CalDAV

+

Steffi and I developed in 2018 a CalDAV server. Since November 2018 we have a test installation for robur, initially running as a Unix process on a virtual machine and persisting data to files on the disk. Mid-June 2019 we migrated it to a MirageOS unikernel, thanks to great efforts in git and irmin, unikernels can push to a remote git repository. We extended the ssh library with a ssh client and use this in git. This also means our CalDAV server is completely immutable (does not carry state across reboots, apart from the data in the remote repository) and does not have persistent state in the form of a block device. Its configuration is mainly done at compile time by the selection of libraries (syslog, monitoring, ...), and boot arguments passed to the unikernel at startup.

+

We monitored the resource usage when migrating our CalDAV server from Unix process to a MirageOS unikernel. The unikernel size is just below 10MB. The workload is some clients communicating with the server on a regular basis. We use Grafana with a influx time series database to monitor virtual machines. Data is collected on the host system (rusage sysctl, kinfo_mem sysctl, ifdata sysctl, vm_get_stats BHyve statistics), and our unikernels these days emit further metrics (mostly counters: gc statistics, malloc statistics, tcp sessions, http requests and status codes).

+

+

Please note that memory usage (upper right) and vm exits (lower right) use logarithmic scale. The CPU usage reduced by more than a factor of 4. The memory usage dropped by a factor of 25, and the network traffic increased - previously we stored log messages on the virtual machine itself, now we send them to a dedicated log host.

+

A MirageOS unikernel, apart from a smaller attack surface, indeed uses fewer resources and actually emits less CO2 than the same service on a Unix virtual machine. So we're doing something good for the environment! :)

+

Our calendar server contains at the moment 63 events, the git repository had around 500 commits in the past month: nearly all of them from the CalDAV server itself when a client modified data via CalDAV, and two manual commits: the initial data imported from the file system, and one commit for fixing a bug of the encoder in our icalendar library.

+

Our CalDAV implementation is very basic, scheduling, adding attendees (which requires sending out eMail), is not supported. But it works well for us, we have individual calendars and a shared one which everyone can write to. On the client side we use macOS and iOS iCalendar, Android DAVdroid, and Thunderbird. If you like to try our CalDAV server, have a look at our installation instructions. Please report issues if you find issues or struggle with the installation.

+

DNS

+

There has been more work on our DNS implementation, now here. We included a DNS client library, and some example unikernels are available. They as well require our opam repository overlay. Please report issues if you run into trouble while experimenting with that.

+

Most prominently is primary-git, a unikernel which acts as a primary authoritative DNS server (UDP and TCP). On startup, it fetches a remote git repository that contains zone files and shared hmac secrets. The zones are served, and secondary servers are notified with the respective serial numbers of the zones, authenticated using TSIG with the shared secrets. The primary server provides dynamic in-protocol updates of DNS resource records (nsupdate), and after successful authentication pushes the change to the remote git. To change the zone, you can just edit the zonefile and push to the git remote - with the proper pre- and post-commit-hooks an authenticated notify is send to the primary server which then pulls the git remote.

+

Another noteworthy unikernel is letsencrypt, which acts as a secondary server, and whenever a TLSA record with custom type (0xFF) and a DER-encoded certificate signing request is observed, it requests a signature from letsencrypt by solving the DNS challenge. The certificate is pushed to the DNS server as TLSA record as well. The DNS implementation provides ocertify and dns-mirage-certify which use the above mechanism to retrieve valid let's encrypt certificates. The caller (unikernel or Unix command-line utility) either takes a private key directly or generates one from a (provided) seed and generates a certificate signing request. It then looks in DNS for a certificate which is still valid and matches the public key and the hostname. If such a certificate is not present, the certificate signing request is pushed to DNS (via the nsupdate protocol), authenticated using TSIG with a given secret. This way our public facing unikernels (website, this blog, TLS demo server, ..) block until they got a certificate via DNS on startup - we avoid embedding of the certificate into the unikernel image.

+

Monitoring

+

We like to gather statistics about the resource usage of our unikernels to find potential bottlenecks and observe memory leaks ;) The base for the setup is the metrics library, which is similarly in design to the logs library: libraries use the core to gather metrics. A different aspect is the reporter, which is globally registered and responsible for exfiltrating the data via their favourite protocol. If no reporter is registered, the work overhead is negligible.

+

+

This is a dashboard which combines both statistics gathered from the host system and various metrics from the MirageOS unikernel. The monitoring branch of our opam repository overlay is used together with monitoring-experiments. The logs errors counter (middle right) was the icalendar parser which tried to parse its badly emitted ics (the bug is now fixed, the dashboard is from last month).

+

OCaml libraries

+

The domain-name library was developed to handle RFC 1035 domain names and host names. It initially was part of the DNS code, but is now freestanding to be used in other core libraries (such as ipaddr) with a small dependency footprint.

+

The GADT map is a normal OCaml Map structure, but takes key-dependent value types by using a GADT. This library also was part of DNS, but is more broadly useful, we already use it in our icalendar (the data format for calendar entries in CalDAV) library, our OpenVPN configuration parser uses it as well, and also x509 - which got reworked quite a bit recently (release pending), and there's preliminary PKCS12 support (which deserves its own article). TLS 1.3 is available on a branch, but is not yet merged. More work is underway, hopefully with sufficient time to write more articles about it.

+

Conclusion

+

More projects are happening as we speak, it takes time to upstream all the changes, such as monitoring, new core libraries, getting our DNS implementation released, pushing Conex into production, more features such as DNSSec, ...

+

I'm interested in feedback, either via twitter hannesm@mastodon.social or via eMail.

+
\ No newline at end of file diff --git a/Posts/Syslog b/Posts/Syslog new file mode 100644 index 0000000..1a060fb --- /dev/null +++ b/Posts/Syslog @@ -0,0 +1,152 @@ + +Exfiltrating log data using syslog

Exfiltrating log data using syslog

Written by hannes
Classified under: mirageosprotocollogging
Published: 2016-11-05 (last updated: 2021-11-19)

It has been a while since my last entry... I've been busy working on too many +projects in parallel, and was also travelling on several continents. I hope to +get back to a biweekly cycle.

+

What is syslog?

+

According to Wikipedia, syslog is a +standard for message logging. Syslog permits separation of the software which +generates, stores, reports, and analyses the message. A syslog message contains +at least a timestamp, a facility, and a severity. It was initially specified in +RFC 3164, though usage predates this RFC.

+

For a unikernel, which likely won't have any persistent storage, syslog is a way +to emit log messages (HTTP access log, debug messages, ...) via the network, and +defer the persistency problem to some other service.

+

Lots of programming languages have logger libraries, which reflect the different +severity of syslog roughly as log levels (debug, informational, warning, error, +fatal). So does OCaml since the beginning of 2016, there is the +Logs library which separates log message +generation from reporting: the closure producing the log string is only +evaluated if there is a reporter which needs to send it out. Additionally, the +reporter can extend the message with the log source name, a timestamp, etc.

+

The Logs library is slowly getting adopted by the MirageOS community (you can +see an incomplete list +here), there are reporters +available which integrate into Apple System +Log, Windows event +log, and also for MirageOS +console. There is a command-line +argument interface to set the log levels of your individual sources, which is +pretty neat. For debugging and running on Unix, console output is usually +sufficient, but for production usage having a console in some screen or tmux +or dumped to a file is usually annoying.

+

Gladly there was already the +syslog-message library, which +encodes and decodes syslog messages from the wire format to a typed +representation. I plugged those together and implemented a +reporter. The +simplest +one +emits each log message via UDP to a log collector. All reporters contain a +socket and handle socket errors themselves (trying to recover) - your +application (or unikernel) shouldn't fail just because the log collector is +currently offline.

+

The setup for Unix is straightforward:

+
Logs.set_reporter (udp_reporter (Unix.inet_addr_of_string "127.0.0.1") ())
+
+

It will report all log messages (you have to set the Log level yourself, +defaults to warning) to your local syslog. You might have already listening a +collector on your host, look in netstat -an for UDP port 514 (and in your +/etc/syslog.conf to see where log messages are routed to).

+

You can even do this from the OCaml toplevel (after opam install logs-syslog):

+
$ utop
+# #require "logs-syslog.unix";;
+# Logs.set_reporter (Logs_syslog_unix.udp_reporter (Unix.inet_addr_of_string "127.0.0.1") ());;
+# Logs.app (fun m -> m "hello, syslog world");;
+
+

I configured my syslog to have all informational messages routed to +/var/log/info.log, you can also try Logs.err (fun m -> m "err");; and look +into your /var/log/messages.

+

This is a good first step, but we want more: on the one side integration into +MirageOS, and a more reliable log stream (what about authentication and +encryption?). I'll cover both topics in the rest of this article.

+

MirageOS integration

+

Since Mirage3, syslog is integrated (see +documentation). +Some additions to your config.ml are needed, see ns +example or +marrakech +example.

+
let logger =
+  syslog_udp (* or _tcp or _tls *)
+    (syslog_config ~truncate:1484 "my_first_unikernel"
+       (Ipaddr.V4.of_string_exn "10.0.0.1")) (* your log host *)
+    stack
+
+let () =
+  register "my_first_unikernel" [
+    foreign ~deps:[abstract logger]
+    ...
+
+

Reliable syslog

+

The old BSD syslog RFC is obsoleted by RFC +5424, which describes a new wire format, +and also a transport over TCP, and TLS in +a subsequent RFC. Unfortunately the syslog-message library does not yet +support the new format (which supports user-defined structured data (key/value +fields), and unicode encoding), but I'm sure one day it will.

+

Another competing syslog RFC 3195 uses +XML encoding, but I have not bothered to look deeper into that one.

+

I implemented both the transport via TCP and via TLS. There are various +solutions used for framing (as described in RFC +6587): either prepend a decimal encoded +length (also specified in RFC6524, but obviously violates streaming +characteristics: the log source needs to have the full message in memory before +sending it out), or have a special delimiter between messages (0 byte, line +feed, CR LN, a custom byte sequence).

+

The TLS +reporter +uses our TLS library written entirely in OCaml, and requires mutual +authentication, both the log reporter has a private key and certificate, and the +log collector needs to present a certificate chain rooted in a provided CA +certificate.

+

Logs supports synchronous and asynchronous logging (where the latter is the +default, please read the note on synchronous +logging). In logs-syslog +this behaviour is not altered. There is no buffer or queue and single writer +task to emit log messages, but a mutex and error recovery which tries to +reconnect once for each log message (of course only if there is not already a +working connection). It is still not clear to me what the desired behaviour +should be, but when introducing buffers I'd loose the synchronous logging (or +will have to write rather intricate code).

+

To rewrap, logs-syslog implements the old BSD syslog protocol via UDP, TCP, +and TLS. There are reporters available using only the Caml +Unix module +(dependency-free!), using +Lwt (also +lwt-tls, +and using MirageOS +interface +(also +TLS). +The code size is below 500 lines in total.

+

MirageOS syslog in production

+

As collector I use syslog-ng, which is capable of receiving both the new and the +old syslog messages on all three transports. The configuration snippet for a +BSD syslog TLS collector is as following:

+
source s_tls {
+  tcp(port(6514)
+      tls(peer-verify(require-trusted)
+          cert-file("/etc/log/server.pem")
+          key-file("/etc/log/server.key")
+          ca-dir("/etc/log/certs"))); };
+
+destination d_tls { file("/var/log/ng-tls.log"); };
+
+log { source(s_tls); destination(d_tls); };
+
+

The "/etc/log/certs" directory contains the CA certificates, together with +links to their hashes (with a 0 appended: ln -s cacert.pem `openssl x509 -noout -hash -in cacert.pem`.0). I used +certify to generate the CA +infrastructure (CA cert, a server certificate for syslog-ng, and a client +certificate for my MirageOS unikernel).

+

It is running since a week like a +charm (already collected 700KB of HTTP access log), and feels much better than +previous ad-hoc solutions to exfiltrate log data.

+

The downside of syslog is obviously that it only works when the network is up -- +thus it does not work while booting, or when a persistent network failure +occured.

+

Code is on GitHub, documentation is +online, released in opam.

+

I'm interested in feedback, either via +twitter or via eMail.

+
\ No newline at end of file diff --git a/Posts/Traceroute b/Posts/Traceroute new file mode 100644 index 0000000..60f356a --- /dev/null +++ b/Posts/Traceroute @@ -0,0 +1,346 @@ + +Traceroute

Traceroute

Written by hannes
Classified under: mirageosprotocol
Published: 2020-06-24 (last updated: 2021-11-19)

Traceroute

+

Is a diagnostic utility which displays the route and measures transit delays of +packets across an Internet protocol (IP) network.

+
$ doas solo5-hvt --net:service=tap0 -- traceroute.hvt --ipv4=10.0.42.2/24 --ipv4-gateway=10.0.42.1 --host=198.167.222.207
+            |      ___|
+  __|  _ \  |  _ \ __ \
+\__ \ (   | | (   |  ) |
+____/\___/ _|\___/____/
+Solo5: Bindings version v0.6.5
+Solo5: Memory map: 512 MB addressable:
+Solo5:   reserved @ (0x0 - 0xfffff)
+Solo5:       text @ (0x100000 - 0x212fff)
+Solo5:     rodata @ (0x213000 - 0x24bfff)
+Solo5:       data @ (0x24c000 - 0x317fff)
+Solo5:       heap >= 0x318000 < stack < 0x20000000
+2020-06-22 15:41:25 -00:00: INF [netif] Plugging into service with mac 76:9b:36:e0:e5:74 mtu 1500
+2020-06-22 15:41:25 -00:00: INF [ethernet] Connected Ethernet interface 76:9b:36:e0:e5:74
+2020-06-22 15:41:25 -00:00: INF [ARP] Sending gratuitous ARP for 10.0.42.2 (76:9b:36:e0:e5:74)
+2020-06-22 15:41:25 -00:00: INF [udp] UDP interface connected on 10.0.42.2
+2020-06-22 15:41:25 -00:00: INF [application]  1  10.0.42.1  351us
+2020-06-22 15:41:25 -00:00: INF [application]  2  192.168.42.1  1.417ms
+2020-06-22 15:41:25 -00:00: INF [application]  3  192.168.178.1  1.921ms
+2020-06-22 15:41:25 -00:00: INF [application]  4  88.72.96.1  16.716ms
+2020-06-22 15:41:26 -00:00: INF [application]  5  *
+2020-06-22 15:41:27 -00:00: INF [application]  6  92.79.215.112  16.794ms
+2020-06-22 15:41:27 -00:00: INF [application]  7  145.254.2.215  21.305ms
+2020-06-22 15:41:27 -00:00: INF [application]  8  145.254.2.217  22.05ms
+2020-06-22 15:41:27 -00:00: INF [application]  9  195.89.99.1  21.088ms
+2020-06-22 15:41:27 -00:00: INF [application] 10  62.115.9.133  20.105ms
+2020-06-22 15:41:27 -00:00: INF [application] 11  213.155.135.82  30.861ms
+2020-06-22 15:41:27 -00:00: INF [application] 12  80.91.246.200  30.716ms
+2020-06-22 15:41:27 -00:00: INF [application] 13  80.91.253.163  28.315ms
+2020-06-22 15:41:27 -00:00: INF [application] 14  62.115.145.27  30.436ms
+2020-06-22 15:41:27 -00:00: INF [application] 15  80.67.4.239  42.826ms
+2020-06-22 15:41:27 -00:00: INF [application] 16  80.67.10.147  47.213ms
+2020-06-22 15:41:27 -00:00: INF [application] 17  198.167.222.207  48.598ms
+Solo5: solo5_exit(0) called
+
+

This means with a traceroute utility you can investigate which route is taken +to a destination host, and what the round trip time(s) on the path are. The +sample output above is taken from a virtual machine on my laptop to the remote +host 198.167.222.207. You can see there are 17 hops between us, with the first +being my laptop with a tiny round trip time of 351us, the second and third are +using private IP addresses, and are my home network. The round trip time of the +fourth hop is much higher, this is the first hop on the other side of my DSL +modem. You can see various hops on the public Internet: the packets pass from +my Internet provider's backbone across some exchange points to the destination +Internet provider somewhere in Sweden.

+

The implementation of traceroute relies mainly on the time-to-live (ttl) field +(in IPv6 lingua it is "hop limit") of IP packets, which is meant to avoid route +cycles that would infinitely forward IP packets in circles. Every router, when +forwarding an IP packet, first checks that the ttl field is greater than zero, +and then forwards the IP packet where the ttl is decreased by one. If the ttl +field is zero, instead of forwarding, an ICMP time exceeded packet is sent back +to the source.

+

Traceroute works by exploiting this mechanism: a series of IP packets with +increasing ttls is sent to the destination. Since upfront the length of the +path is unknown, it is a reactive system: first send an IP packet with a ttl of +one, if a ICMP time exceeded packet is returned, send an IP packet with a ttl of +two, etc. -- until an ICMP packet of type destination unreachable is received. +Since some hosts do not reply with a time exceeded message, it is crucial for +not getting stuck to use a timeout for each packet: when the timeout is reached, +an IP packet with an increased ttl is sent and an unknown for the ttl is +printed (see the fifth hop in the example above).

+

The packets send out are conventionally UDP packets without payload. From a +development perspective, one question is how to correlate the ICMP packet +with the sent UDP packet. Conveniently, ICMP packets contain the IP header and +the first eight bytes of the next protocol - the UDP header containing source +port, destination port, checksum, and payload length (each fields of size two +bytes). This means when we record the outgoing ports together with the sent +timestamp, and correlate the later received ICMP packet to the sent packet. +Great.

+

But as a functional programmer, let's figure whether we can abolish the +(globally shared) state. Since the ICMP packet contains the original IP +header and the first eight bytes of the UDP header, this is where we will +embed data. As described above, the data is the sent timestamp and the value +of the ttl field. For the latter, we can arbitrarily restrict it to 31 (5 bits). +For the timestamp, it is mainly a question about precision and maximum expected +round trip time. Taking the source and destination port are 32 bits, using 5 for +ttl, remaining are 27 bits (an unsigned value up to 134217727). Looking at the +decimal representation, 1 second is likely too small, 13 seconds are sufficient +for the round trip time measurement. This implies our precision is 100ns, by +counting the digits.

+

Finally to the code. First we need forth and back conversions between ports +and ttl, timestamp:

+
(* takes a time-to-live (int) and timestamp (int64, nanoseconda), encodes them
+   into 16 bit source port and 16 bit destination port:
+   - the timestamp precision is 100ns (thus, it is divided by 100)
+   - use the bits 27-11 of the timestamp as source port
+   - use the bits 11-0 as destination port, and 5 bits of the ttl
+*)
+let ports_of_ttl_ts ttl ts =
+  let ts = Int64.div ts 100L in
+  let src_port = 0xffff land (Int64.(to_int (shift_right ts 11)))
+  and dst_port = 0xffe0 land (Int64.(to_int (shift_left ts 5))) lor (0x001f land ttl)
+  in
+  src_port, dst_port
+
+(* inverse operation of ports_of_ttl_ts for the range (src_port and dst_port
+   are 16 bit values) *)
+let ttl_ts_of_ports src_port dst_port =
+  let ttl = 0x001f land dst_port in
+  let ts =
+    let low = Int64.of_int (dst_port lsr 5)
+    and high = Int64.(shift_left (of_int src_port) 11)
+    in
+    Int64.add low high
+  in
+  let ts = Int64.mul ts 100L in
+  ttl, ts
+
+

They should be inverse over the range of valid input: ports are 16 bit numbers, +ttl expected to be at most 31, ts a int64 expressed in nanoseconds.

+

Related is the function to print out one hop and round trip measurement:

+
(* write a log line of a hop: the number, IP address, and round trip time *)
+let log_one now ttl sent ip =
+  let now = Int64.(mul (logand (div now 100L) 0x7FFFFFFL) 100L) in
+  let duration = Mtime.Span.of_uint64_ns (Int64.sub now sent) in
+  Logs.info (fun m -> m "%2d  %a  %a" ttl Ipaddr.V4.pp ip Mtime.Span.pp duration)
+
+

The most logic is when a ICMP packet is received:

+
module Icmp = struct
+  type t = {
+    send : int -> unit Lwt.t ;
+    log : int -> int64 -> Ipaddr.V4.t -> unit ;
+    task_done : unit Lwt.u ;
+  }
+
+  let connect send log task_done =
+    let t = { send ; log ; task_done } in
+    Lwt.return t
+
+  (* This is called for each received ICMP packet. *)
+  let input t ~src ~dst buf =
+    let open Icmpv4_packet in
+    (* Decode the received buffer (the IP header has been cut off already). *)
+    match Unmarshal.of_cstruct buf with
+    | Error s ->
+      Lwt.fail_with (Fmt.strf "ICMP: error parsing message from %a: %s" Ipaddr.V4.pp src s)
+    | Ok (message, payload) ->
+      let open Icmpv4_wire in
+      (* There are two interesting cases: Time exceeded (-> send next packet),
+         and Destination (port) unreachable (-> we reached the final host and can exit) *)
+      match message.ty with
+      | Time_exceeded ->
+        (* Decode the payload, which should be an IPv4 header and a protocol header *)
+        begin match Ipv4_packet.Unmarshal.header_of_cstruct payload with
+          | Ok (pkt, off) when
+              (* Ensure this packet matches our sent packet: the protocol is UDP
+                 and the destination address is the host we're tracing *)
+              pkt.Ipv4_packet.proto = Ipv4_packet.Marshal.protocol_to_int `UDP &&
+              Ipaddr.V4.compare pkt.Ipv4_packet.dst (Key_gen.host ()) = 0 ->
+            let src_port = Cstruct.BE.get_uint16 payload off
+            and dst_port = Cstruct.BE.get_uint16 payload (off + 2)
+            in
+            (* Retrieve ttl and sent timestamp, encoded in the source port and
+               destination port of the UDP packet we sent, and received back as
+               ICMP payload. *)
+            let ttl, sent = ttl_ts_of_ports src_port dst_port in
+            (* Log this hop. *)
+            t.log ttl sent src;
+            (* Sent out the next UDP packet with an increased ttl. *)
+            let ttl' = succ ttl in
+            Logs.debug (fun m -> m "ICMP time exceeded from %a to %a, now sending with ttl %d"
+                           Ipaddr.V4.pp src Ipaddr.V4.pp dst ttl');
+            t.send ttl'
+          | Ok (pkt, _) ->
+            (* Some stray ICMP packet. *)
+            Logs.debug (fun m -> m "unsolicited time exceeded from %a to %a (proto %X dst %a)"
+                           Ipaddr.V4.pp src Ipaddr.V4.pp dst pkt.Ipv4_packet.proto Ipaddr.V4.pp pkt.Ipv4_packet.dst);
+            Lwt.return_unit
+          | Error e ->
+            (* Decoding error. *)
+            Logs.warn (fun m -> m "couldn't parse ICMP time exceeded payload (IPv4) (%a -> %a) %s"
+                          Ipaddr.V4.pp src Ipaddr.V4.pp dst e);
+            Lwt.return_unit
+        end
+      | Destination_unreachable when Ipaddr.V4.compare src (Key_gen.host ()) = 0 ->
+        (* We reached the final host, and the destination port was not listened to *)
+        begin match Ipv4_packet.Unmarshal.header_of_cstruct payload with
+          | Ok (_, off) ->
+            let src_port = Cstruct.BE.get_uint16 payload off
+            and dst_port = Cstruct.BE.get_uint16 payload (off + 2)
+            in
+            (* Retrieve ttl and sent timestamp. *)
+            let ttl, sent = ttl_ts_of_ports src_port dst_port in
+            (* Log the final hop. *)
+            t.log ttl sent src;
+            (* Wakeup the waiter task to exit the unikernel. *)
+            Lwt.wakeup t.task_done ();
+            Lwt.return_unit
+          | Error e ->
+            (* Decoding error. *)
+            Logs.warn (fun m -> m "couldn't parse ICMP unreachable payload (IPv4) (%a -> %a) %s"
+                          Ipaddr.V4.pp src Ipaddr.V4.pp dst e);
+            Lwt.return_unit
+        end
+      | ty ->
+        Logs.debug (fun m -> m "ICMP unknown ty %s from %a to %a: %a"
+                       (ty_to_string ty) Ipaddr.V4.pp src Ipaddr.V4.pp dst
+                       Cstruct.hexdump_pp payload);
+        Lwt.return_unit
+end
+
+

Now, the remaining main unikernel is the module Main:

+
module Main (R : Mirage_random.S) (M : Mirage_clock.MCLOCK) (Time : Mirage_time.S) (N : Mirage_net.S) = struct
+  module ETH = Ethernet.Make(N)
+  module ARP = Arp.Make(ETH)(Time)
+  module IPV4 = Static_ipv4.Make(R)(M)(ETH)(ARP)
+  module UDP = Udp.Make(IPV4)(R)
+
+  (* Global mutable state: the timeout task for a sent packet. *)
+  let to_cancel = ref None
+
+  (* Send a single packet with the given time to live. *)
+  let rec send_udp udp ttl =
+    (* This is called by the ICMP handler which successfully received a
+       time exceeded, thus we cancel the timeout task. *)
+    (match !to_cancel with
+     | None -> ()
+     | Some t -> Lwt.cancel t ; to_cancel := None);
+    (* Our hop limit is 31 - 5 bit - should be sufficient for most networks. *)
+    if ttl > 31 then
+      Lwt.return_unit
+    else
+      (* Create a timeout task which:
+         - sleeps for --timeout interval
+         - logs an unknown hop
+         - sends another packet with increased ttl
+      *)
+      let cancel =
+        Lwt.catch (fun () ->
+            Time.sleep_ns (Duration.of_ms (Key_gen.timeout ())) >>= fun () ->
+            Logs.info (fun m -> m "%2d  *" ttl);
+            send_udp udp (succ ttl))
+          (function Lwt.Canceled -> Lwt.return_unit | exc -> Lwt.fail exc)
+      in
+      (* Assign this timeout task. *)
+      to_cancel := Some cancel;
+      (* Figure out which source and destination port to use, based on ttl
+         and current timestamp. *)
+      let src_port, dst_port = ports_of_ttl_ts ttl (M.elapsed_ns ()) in
+      (* Send packet via UDP. *)
+      UDP.write ~ttl ~src_port ~dst:(Key_gen.host ()) ~dst_port udp Cstruct.empty >>= function
+      | Ok () -> Lwt.return_unit
+      | Error e -> Lwt.fail_with (Fmt.strf "while sending udp frame %a" UDP.pp_error e)
+
+  (* The main unikernel entry point. *)
+  let start () () () net =
+    let cidr = Key_gen.ipv4 ()
+    and gateway = Key_gen.ipv4_gateway ()
+    in
+    let log_one = fun port ip -> log_one (M.elapsed_ns ()) port ip
+    (* Create a task to wait on and a waiter to wakeup. *)
+    and t, w = Lwt.task ()
+    in
+    (* Setup network stack: ethernet, ARP, IPv4, UDP, and ICMP. *)
+    ETH.connect net >>= fun eth ->
+    ARP.connect eth >>= fun arp ->
+    IPV4.connect ~cidr ~gateway eth arp >>= fun ip ->
+    UDP.connect ip >>= fun udp ->
+    let send = send_udp udp in
+    Icmp.connect send log_one w >>= fun icmp ->
+
+    (* The callback cascade for an incoming network packet. *)
+    let ethif_listener =
+      ETH.input
+        ~arpv4:(ARP.input arp)
+        ~ipv4:(
+          IPV4.input
+            ~tcp:(fun ~src:_ ~dst:_ _ -> Lwt.return_unit)
+            ~udp:(fun ~src:_ ~dst:_ _ -> Lwt.return_unit)
+            ~default:(fun ~proto ~src ~dst buf ->
+                match proto with
+                | 1 -> Icmp.input icmp ~src ~dst buf
+                | _ -> Lwt.return_unit)
+            ip)
+        ~ipv6:(fun _ -> Lwt.return_unit)
+        eth
+    in
+    (* Start the callback in a separate asynchronous task. *)
+    Lwt.async (fun () ->
+        N.listen net ~header_size:Ethernet_wire.sizeof_ethernet ethif_listener >|= function
+        | Ok () -> ()
+        | Error e -> Logs.err (fun m -> m "netif error %a" N.pp_error e));
+    (* Send the initial UDP packet with a ttl of 1. This entails the domino
+       effect to receive ICMP packets, send out another UDP packet with ttl
+       increased by one, etc. - until a destination unreachable is received,
+       or the hop limit is reached. *)
+    send 1 >>= fun () ->
+    t
+end
+
+

The configuration (config.ml) for this unikernel is as follows:

+
open Mirage
+
+let host =
+  let doc = Key.Arg.info ~doc:"The host to trace." ["host"] in
+  Key.(create "host" Arg.(opt ipv4_address (Ipaddr.V4.of_string_exn "141.1.1.1") doc))
+
+let timeout =
+  let doc = Key.Arg.info ~doc:"Timeout (in millisecond)" ["timeout"] in
+  Key.(create "timeout" Arg.(opt int 1000 doc))
+
+let ipv4 =
+  let doc = Key.Arg.info ~doc:"IPv4 address" ["ipv4"] in
+  Key.(create "ipv4" Arg.(required ipv4 doc))
+
+let ipv4_gateway =
+  let doc = Key.Arg.info ~doc:"IPv4 gateway" ["ipv4-gateway"] in
+  Key.(create "ipv4-gateway" Arg.(required ipv4_address doc))
+
+let main =
+  let packages = [
+    package ~sublibs:["ipv4"; "udp"; "icmpv4"] "tcpip";
+    package "ethernet";
+    package "arp-mirage";
+    package "mirage-protocols";
+    package "mtime";
+  ] in
+  foreign
+    ~keys:[Key.abstract ipv4 ; Key.abstract ipv4_gateway ; Key.abstract host ; Key.abstract timeout]
+    ~packages
+    "Unikernel.Main"
+    (random @-> mclock @-> time @-> network @-> job)
+
+let () =
+  register "traceroute"
+    [ main $ default_random $ default_monotonic_clock $ default_time $ default_network ]
+
+

And voila, that's all the code. If you copy it together (or download the two +files from the GitHub repository), +and have OCaml, opam, and mirage (>= 3.8.0) installed, +you should be able to:

+
$ mirage configure -t hvt
+$ make depend
+$ make
+$ solo5-hvt --net:service=tap0 -- traceroute.hvt ...
+... get the output shown at top ...
+
+

Enhancements may be to use a different protocol (TCP? or any other protocol ID (may be used to encode more information), encode data into IPv4 ID, or the full 8 bytes of the upper protocol), encrypt/authenticate the data transmitted (and verify it has not been tampered with in the ICMP reply), improve error handling and recovery, send multiple packets for improved round trip time measurements, ...

+

If you develop enhancements you'd like to share, please sent a pull request to the git repository.

+

Motivation for this traceroute unikernel was while talking with Aaron and Paul, who contributed several patches to the IP stack which pass the ttl through.

+

If you want to support our work on MirageOS unikernels, please donate to robur. I'm interested in feedback, either via twitter, hannesm@mastodon.social or via eMail.

+
\ No newline at end of file diff --git a/Posts/VMM b/Posts/VMM new file mode 100644 index 0000000..7d0203a --- /dev/null +++ b/Posts/VMM @@ -0,0 +1,279 @@ + +Albatross - provisioning, deploying, managing, and monitoring virtual machines

Albatross - provisioning, deploying, managing, and monitoring virtual machines

Written by hannes
Classified under: mirageosdeploymentprovisioning
Published: 2017-07-10 (last updated: 2021-11-19)

How to deploy unikernels?

+

MirageOS has a pretty good story on how to compose your OCaml libraries into a +virtual machine image. The mirage command line utility contains all the +knowledge about which backend requires which library. This enables it to write a +unikernel using abstract interfaces (such as a network device). Additionally the +mirage utility can compile for any backend. (It is still unclear whether this +is a sustainable idea, since the mirage tool needs to be adjusted for every +new backend, but also for additional implementations of an interface.)

+

Once a virtual machine image has been created, it needs to be deployed. I run +my own physical hardware, with all the associated upsides and downsides. +Specifically I run several physical FreeBSD machines on +the Internet, and use the bhyve hypervisor with MirageOS as +described earlier. Recently, Martin +Lucina +developed +a +vmm +backend for Solo5. This means there is no +need to use virtio anymore, or grub2-bhyve, or the bhyve binary (which links +libvmmapi that already had a security +advisory). +Instead of the bhyve binary, a ~70kB small ukvm-bin binary (dynamically +linking libc) can be used which is the solo5 virtual machine monitor on the host +side.

+

Until now, I manually created and deployed virtual machines using shell scripts, +ssh logins, and a network file system shared with the FreeBSD virtual machine +which builds my MirageOS unikernels.

+

But there are several drawbacks with this approach, the biggest is that sharing +resources is hard - to enable a friend to run their unikernel on my server, +they'll need to have a user account, and even privileged permissions to +create virtual network interfaces and execute virtual machines.

+

To get rid of these ad-hoc shell scripts and copying of virtual machine images, +I developed an UNIX daemon which accomplishes the required work. This daemon +waits for (mutually!) authenticated network connections, and provides the +desired commands; to create a new virtual machine, to acquire a block device of +a given size, to destroy a virtual machine, to stream the console output of a +virtual machine.

+

System design

+

The system bears minimalistic characteristics. The single interface to the +outside world is a TLS stream over TCP. Internally, there is a family of +processes, one of which has superuser privileges, communicating via unix domain +sockets. The processes do not need any persistent storage (apart from the +revocation lists). A brief enumeration of the processes is provided below:

+
    +
  • vmmd (superuser privileges), which terminates TLS sessions, proxies messages, and creates and destroys virtual machines (including setup and teardown of network interfaces and virtual block devices) +
    • +
  • vmm_stats periodically gathers resource usage and network interface statistics +
    • +
  • vmm_console reads console output of every provided fifo, and stores this in a ringbuffer, replaying to a client on demand +
    • +
  • vmm_log consumes the event log (login, starting, and stopping of virtual machines) +
    • +
+

The system uses X.509 certificates as tokens. These are authenticated key value +stores. There are four shapes of certificates: a virtual machine certificate +which embeds the entire virtual machine image, together with configuration +information (resource usage, how many and which network interfaces, block device +access); a command certificate (for interactive use, allowing (a subset of) +commands such as attaching to console output); a revocation certificate which +contains a list of revoked certificates; and a delegation certificate to +distribute resources to someone else (an intermediate CA certificate).

+

The resources which can be controlled are CPUs, memory consumption, block +storage, and access to bridge interfaces (virtual switches) - encoded in the +virtual machine and delegation certificates. Additionally, delegation +certificates can limit the number of virtual machines.

+

Leveraging the X.509 system ensures that the client always has to present a +certificate chain from the root certificate. Each intermediate certificate is a +delegation certificate, which may further restrict resources. The serial +numbers of the chain is used as unique identifier for each virtual machine and +other certificates. The chain restricts access of the leaf certificate as well: +only the subtree of the chain can be viewed. E.g. if there are delegations to +both Alice and Bob from the root certificate, they can not see each other +virtual machines.

+

Connecting to the vmmd requires a TLS client, a CA certificate, a leaf +certificate (and the delegation chain) and its private key. In the background, +it is a multi-step process using TLS: first, the client establishes a TLS +connection where it authenticates the server using the CA certificate, then the +server demands a TLS renegotiation where it requires the client to authenticate +with its leaf certificate and private key. Using renegotiation over the +encrypted channel prevents passive observers to see the client certificate in +clear.

+

Depending on the leaf certificate, the server logic is slightly different. A +command certificate opens an interactive session where - depending on +permissions encoded in the certificate - different commands can be issued: the +console output can be streamed, the event log can be viewed, virtual machines +can be destroyed, statistics can be collected, and block devices can be managed.

+

When a virtual machine certificate is presented, the desired resource usage is +checked against the resource policies in the delegation certificate chain and +the currently running virtual machines. If sufficient resources are free, the +embedded virtual machine is started. In addition to other resource information, +a delegation certificate may embed IP usage, listing the network configuration +(gateway and netmask), and which addresses you're supposed to use. Boot +arguments can be encoded in the certificate as well, they are just passed to the +virtual machine (for easy deployment of off-the-shelf systems).

+

If a revocation certificate is presented, the embodied revocation list is +verified, and stored on the host system. Revocation is enforced by destroying +any revoked virtual machines and terminating any revoked interactive sessions. +If a delegation certificate is revoked, additionally the connected block devices +are destroyed.

+

The maximum size of a virtual machine image embedded into a X.509 certificate +transferred over TLS is 2 ^ 24 - 1 bytes, roughly 16 MB. If this turns out to +be not sufficient, compression may help. Or staging of deployment.

+

An example

+

Instructions on how to setup vmmd and the certificate authority are in the +README file of the albatross git repository. Here +is some (stripped) terminal output:

+
> openssl x509 -text -noout -in admin.pem
+Certificate:
+    Data:
+        Serial Number: b7:aa:77:f6:ca:08:ee:6a
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=dev
+        Subject: CN=admin
+        X509v3 extensions:
+            1.3.6.1.4.1.49836.42.42: ....
+            1.3.6.1.4.1.49836.42.0: ...
+
+> openssl asn1parse -in admin.pem
+  403:d=4  hl=2 l=  18 cons: SEQUENCE
+  405:d=5  hl=2 l=  10 prim: OBJECT            :1.3.6.1.4.1.49836.42.42
+  417:d=5  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:03020780
+  423:d=4  hl=2 l=  17 cons: SEQUENCE
+  425:d=5  hl=2 l=  10 prim: OBJECT            :1.3.6.1.4.1.49836.42.0
+  437:d=5  hl=2 l=   3 prim: OCTET STRING      [HEX DUMP]:020100
+
+> openssl asn1parse -in hello.pem
+  410:d=4  hl=2 l=  18 cons: SEQUENCE
+  412:d=5  hl=2 l=  10 prim: OBJECT            :1.3.6.1.4.1.49836.42.42
+  424:d=5  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:03020520
+  430:d=4  hl=2 l=  18 cons: SEQUENCE
+  432:d=5  hl=2 l=  10 prim: OBJECT            :1.3.6.1.4.1.49836.42.5
+  444:d=5  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:02020200
+  450:d=4  hl=2 l=  17 cons: SEQUENCE
+  452:d=5  hl=2 l=  10 prim: OBJECT            :1.3.6.1.4.1.49836.42.6
+  464:d=5  hl=2 l=   3 prim: OCTET STRING      [HEX DUMP]:020101
+  469:d=4  hl=5 l=3054024 cons: SEQUENCE
+  474:d=5  hl=2 l=  10 prim: OBJECT            :1.3.6.1.4.1.49836.42.9
+  486:d=5  hl=5 l=3054007 prim: OCTET STRING      [HEX DUMP]:A0832E99B204832E99AD7F454C46
+
+

The MirageOS private enterprise number is 1.3.6.1.4.1.49836, I use the arc 42 +here. I use 0 as version (an integer), where 0 is the current version.

+

42 is a bit string representing the permissions. 5 the amount of memory, 6 the +CPU id, and 9 finally the virtual machine image (as ELF binary). If you're +eager to see more, look into the Vmm_asn module.

+

Using a command certificate establishes an interactive session where you can +review the event log, see all currently running virtual machines, or attach to +the console (which is then streamed, if new console output appears while the +interactive session is active, you'll be notified). The db file is used to +translate between the internal names (mentioned above, hashed serial numbers) to +common names of the certificates - both on command input (attach hello) and +output.

+
> vmm_client cacert.pem admin.bundle admin.key localhost:1025 --db dev.db
+$ info
+info sn.nqsb.io: 'cpuset' '-l' '7' '/tmp/vmm/ukvm-bin.net' '--net=tap27' '--' '/tmp/81363f.0237f3.img' 91540 taps tap27
+info nqsbio: 'cpuset' '-l' '5' '/tmp/vmm/ukvm-bin.net' '--net=tap26' '--' '/tmp/81363f.43a0ff.img' 91448 taps tap26
+info marrakesh: 'cpuset' '-l' '4' '/tmp/vmm/ukvm-bin.net' '--net=tap25' '--' '/tmp/81363f.cb53e2.img' 91368 taps tap25
+info tls.nqsb.io: 'cpuset' '-l' '9' '/tmp/vmm/ukvm-bin.net' '--net=tap28' '--' '/tmp/81363f.ec692e.img' 91618 taps tap28
+$ log
+log: 2017-07-10 09:43:39 +00:00: marrakesh LOGIN 128.232.110.109:43142
+log: 2017-07-10 09:43:39 +00:00: marrakesh STARTED 91368 (tap tap25, block no)
+log: 2017-07-10 09:43:51 +00:00: nqsbio LOGIN 128.232.110.109:44663
+log: 2017-07-10 09:43:51 +00:00: nqsbio STARTED 91448 (tap tap26, block no)
+log: 2017-07-10 09:44:07 +00:00: sn.nqsb.io LOGIN 128.232.110.109:38182
+log: 2017-07-10 09:44:07 +00:00: sn.nqsb.io STARTED 91540 (tap tap27, block no)
+log: 2017-07-10 09:44:21 +00:00: tls.nqsb.io LOGIN 128.232.110.109:11178
+log: 2017-07-10 09:44:21 +00:00: tls.nqsb.io STARTED 91618 (tap tap28, block no)
+log: 2017-07-10 09:44:25 +00:00: hannes LOGIN 128.232.110.109:24207
+success
+$ attach hello
+console hello: 2017-07-09 18:44:52 +00:00             |      ___|
+console hello: 2017-07-09 18:44:52 +00:00   __|  _ \  |  _ \ __ \
+console hello: 2017-07-09 18:44:52 +00:00 \__ \ (   | | (   |  ) |
+console hello: 2017-07-09 18:44:52 +00:00 ____/\___/ _|\___/____/
+console hello: 2017-07-09 18:44:52 +00:00 Solo5: Memory map: 512 MB addressable:
+console hello: 2017-07-09 18:44:52 +00:00 Solo5:     unused @ (0x0 - 0xfffff)
+console hello: 2017-07-09 18:44:52 +00:00 Solo5:       text @ (0x100000 - 0x1e4fff)
+console hello: 2017-07-09 18:44:52 +00:00 Solo5:     rodata @ (0x1e5000 - 0x217fff)
+console hello: 2017-07-09 18:44:52 +00:00 Solo5:       data @ (0x218000 - 0x2cffff)
+console hello: 2017-07-09 18:44:52 +00:00 Solo5:       heap >= 0x2d0000 < stack < 0x20000000
+console hello: 2017-07-09 18:44:52 +00:00 STUB: getenv() called
+console hello: 2017-07-09 18:44:52 +00:00 2017-07-09 18:44:52 -00:00: INF [application] hello
+console hello: 2017-07-09 18:44:53 +00:00 2017-07-09 18:44:53 -00:00: INF [application] hello
+console hello: 2017-07-09 18:44:54 +00:00 2017-07-09 18:44:54 -00:00: INF [application] hello
+console hello: 2017-07-09 18:44:55 +00:00 2017-07-09 18:44:55 -00:00: INF [application] hello
+
+

If you use a virtual machine certificate, depending on allowed resource the +virtual machine is started or not:

+
> vmm_client cacert.pem hello.bundle hello.key localhost:1025
+success VM started
+
+

Sharing is caring

+

Deploying unikernels is now easier for myself on my physical machine. That's +fine. Another aspect comes for free by reusing X.509: further delegation (and +limiting thereof). Within a delegation certificate, the basic constraints +extension must be present which marks this certificate as a CA certificate. +This may as well contain a path length - how many other delegations may follow - +or whether the resources may be shared further.

+

If I delegate 2 virtual machines and 2GB of memory to Alice, and allow an +arbitrary path length, she can issue tokens to her friend Carol and Dan, each up +to 2 virtual machines and 2 GB memory (but also less -- within the X.509 system +even more, but vmmd will reject any resource increase in the chain) - who can +further delegate to Eve, .... Carol and Dan won't know of each other, +and vmmd will only start up to 2 virtual machines using 2GB of memory in total +(sum of Alice, Carol, and Dan deployed virtual machines). Alice may revoke any +issued delegation (using a revocation certificate described above) to free up +some resources for herself. I don't need to interact when Alice or Dan share +their delegated resources further.

+

Security

+

There are several security properties preserved by vmmd, such as the virtual +machine image is never transmitted in clear. Only properly authenticated +clients can create, destroy, gather statistics of their virtual machines.

+

Two disjoint paths in the delegation tree are not able to discover anything +about each other (apart from caches, which depend on how CPUs are delegated and +their concrete physical layout). Only smaller amounts of resources can be +delegated further down. Each running virtual machine image is strongly isolated +from all other virtual machines.

+

As mentioned in the last section, delegations of delegations may end up in the +hands of malicious people. Vmmd limits delegations to allocate resources on the +host system, namely bridges and file systems. Only top delegations - directly +signed by the certificate authority - create bridge interfaces (which are +explicitly named in the certificate) and file systems (one zfs for each top +delegation (to allow easy snapshots and backups)).

+

The threat model is that clients have layer 2 access to the hosts network +interface card, and all guests share a single bridge (if this turns out to be a +problem, there are ways to restrict to a point-to-point interface with routed IP +addresses). A malicious virtual machine can try to hijack ethernet and IP +addresses.

+

Possible DoS scenarios include also to spawn VMs very fast (which immediately +crash) or generating a lot of console output. Both is indirectly handled by the +control channel: to create a virtual machine image, you need to setup a TLS +connection (with two handshakes) and transfer the virtual machine image (there +is intentionally no "respawn on quit" option). The console output is read by a +single process with user privileges (in the future there may be one console +reading process for each top delegation). It may further be rate limited as +well. The console stream is only ever sent to a single session, as soon as +someone attaches to the console in one session, all other sessions have this +console detached (and are notified about that).

+

The control channel itself can be rate limited using the host system firewall.

+

The only information persistently stored on a block device are the certificate +revocation lists - virtual machine images, FIFOs, unix domain sockets are all +stored in a memory-backed file system. A virtual machine with a lots of disk +operation may only delay or starve revocation list updates - if this turns out +to be a problem, the solution may be to use separate physical block devices for +the revocation lists and virtual block devices for clients.

+

Conclusion

+

I showed a minimalistic system to provision, deploy, and manage virtual machine +images. It also allows to delegate resources (CPU, disk, ..) further. I'm +pretty satisfied with the security properties of the system.

+

The system embeds all data (configuration, resource policies, virtual machine +images) into X.509 certificates, and does not rely on an external file transfer +protocol. An advantage thereof is that all deployed images have been signed +with a private key.

+

All communication between the processes and between the client and the server +use a wire protocol, with structured input and output - this enables more +advanced algorithms (e.g. automated scaling) and fancier user interfaces than +the currently provided terminal based one.

+

The delegation mechanism allows to actually share computing resources in a +decentralised way - without knowing the final recipient. Revocation is builtin, +which can at any point delete access of a subtree or individual virtual machine +to the system. Instead of requesting revocation lists during the handshake, +they are pushed explicitly by the (sub)CA revoking a certificate.

+

While this system was designed for a physical server, it should be +straightforward to develop a Google compute engine / EC2 backend which extracts +the virtual machine image, commands, etc. from the certificate and deploys it to +your favourite cloud provider. A virtual machine image itself is only +processor-specific, and should be portable between different hypervisors - being +it FreeBSD and VMM, Linux and KVM, or MacOSX and Hypervisor.Framework.

+

The code is available on GitHub. If you want +to deploy your unikernel on my hardware, please send me a certificate signing +request. I'm interested in feedback, either via +twitter or open issues in the repository. This +article itself is stored in a different +repository (in case you have typo or +grammatical corrections).

+

I'm very thankful to people who gave feedback on earlier versions of this +article, and who discussed the system design with me. These are Addie, Chris, +Christiano, Joe, mato, Mindy, Mort, and sg.

+
\ No newline at end of file diff --git a/Posts/X50907 b/Posts/X50907 new file mode 100644 index 0000000..c2cc310 --- /dev/null +++ b/Posts/X50907 @@ -0,0 +1,54 @@ + +X509 0.7

X509 0.7

Written by hannes
Classified under: mirageossecuritytls
Published: 2019-08-15 (last updated: 2021-11-19)

Cryptographic material

+

Once a private and public key pair is generated (doesn't matter whether it is plain RSA, DSA, ECC on any curve), this is fine from a scientific point of view, and can already be used for authenticating and encrypting. From a practical point of view, the public parts need to be exchanged and verified (usually a fingerprint or hash thereof). This leads to the struggle how to encode this cryptographic material, and how to embed an identity (or multiple), capabilities, and other information into it. X.509 is a standard to solve this encoding and embedding, and provides more functionality, such as establishing chains of trust and revocation of invalidated or compromised material. X.509 uses certificates, which contain the public key, and additional information (in a extensible key-value store), and are signed by an issuer, either the private key corresponding to the public key - a so-called self-signed certificate - or by a different private key, an authority one step up the chain. A rather long, but very good introduction to certificates by Mike Malone is available here.

+

OCaml ecosystem evolving

+

More than 5 years ago David Kaloper and I released the initial ocaml-x509 package as part of our TLS stack, which contained code for decoding and encoding certificates, and path validation of a certificate chain (as described in RFC 5280). The validation logic and the decoder/encoder, based on the ASN.1 grammar specified in the RFC, implemented using David's asn1-combinators library changed much over time.

+

The OCaml ecosystem evolved over the years, which lead to some changes:

+
    +
  • Camlp4 deprecation - we used camlp4 for stream parsers of PEM-encoded certificates, and sexplib.syntax to derive s-expression decoders and encoders; +
    • +
  • Avoiding brittle ppx converters - which we used for s-expression decoders and encoders of certificates after camlp4 was deprecated; +
    • +
  • Build and release system iterations - initially oasis and a packed library, then topkg and ocamlbuild, now dune; +
    • +
  • Introduction of the result type in the standard library - we used to use [ `Ok of certificate option | `Fail of failure ]; +
    • +
  • No more leaking exceptions in the public API; +
    • +
  • Usage of pretty-printers, esp with the fmt library val pp : Format.formatter -> 'a -> unit, instead of val to_string : t -> string functions; +
    • +
  • Release of ptime, a platform-independent POSIX time support; +
    • +
  • Release of rresult, which includes combinators for computation results; +
    • +
  • Release of gmap, a Map whose value types depend on the key, used for X.509 extensions, GeneralName, DistinguishedName, etc.; +
    • +
  • Release of domain-name, a library for domain name operations (as specified in RFC 1035) - used for name validation; +
    • +
  • Usage of the alcotest unit testing framework (instead of oUnit). +
    • +
+

More use cases for X.509

+

Initially, we designed and used ocaml-x509 for providing TLS server endpoints and validation in TLS clients - mostly on the public web, where each operating system ships a set of ~100 trust anchors to validate any web server certificate against. But once you have a X.509 implementation, every authentication problem can be solved by applying it.

+

Authentication with path building

+

It turns out that the trust anchor sets are not equal across operating systems and versions, thus some web servers serve sets, instead of chains, of certificates - as described in RFC 4158, where the client implementation needs to build valid paths and accept a connection if any path can be validated. The path building was initially in 0.5.2 slightly wrong, but fixed quickly in 0.5.3.

+

Fingerprint authentication

+

The chain of trust validation is useful for the open web, where you as software developer don't know to which remote endpoint your software will ever connect to - as long as the remote has a certificate signed (via intermediates) by any of the trust anchors. In the early days, before let's encrypt was launched and embedded as trust anchors (or cross-signed by already deployed trust anchors), operators needed to pay for a certificate - a business model where some CAs did not bother to check the authenticity of a certificate signing request, and thus random people owning valid certificates for microsoft.com or google.com.

+

Instead of using the set of trust anchors, the fingerprint of the server certificate, or preferably the fingerprint of the public key of the certificate, can be used for authentication, as optionally done since some years in jackline, an XMPP client. Support for this certificate / public key pinning was added in x509 0.2.1 / 0.5.0.

+

Certificate signing requests

+

Until x509 0.4.0 there was no support for generating certificate signing requests (CSR), as defined in PKCS 10, which are self-signed blobs containing a public key, an identity, and possibly extensions. Such as CSR is sent to the certificate authority, and after validation of ownership of the identity and paying a fee, the certificate is issued. Let's encrypt specified the ACME protocol which automates the proof of ownership: they provide a HTTP API for requesting a challenge, providing the response (the proof of ownership) via HTTP or DNS, and then allow the submission of a CSR and downloading the signed certificate. The ocaml-x509 library provides operations for creating such a CSR, and also for signing a CSR to generate a certificate.

+

Mindy developed the command-line utility certify which uses these operations from the ocaml-x509 library and acts as a swiss-army knife purely in OCaml for these required operations.

+

Maker developed a let's encrypt library which implements the above mentioned ACME protocol for provisioning CSR to certificates, also using our ocaml-x509 library.

+

To complete the required certificate authority functionality, in x509 0.6.0 certificate revocation lists, both validation and signing, was implemented.

+

Deploying unikernels

+

As described in another post, I developed albatross, an orchestration system for MirageOS unikernels. This uses ASN.1 for internal socket communication and allows remote management via a TLS connection which is mutually authenticated with a X.509 client certificate. To encrypt the X.509 client certificate, first a TLS handshake where the server authenticates itself to the client is established, and over that connection another TLS handshake is established where the client certificate is requested. Note that this mechanism can be dropped with TLS 1.3, since there the certificates are transmitted over an already encrypted channel.

+

The client certificate already contains the command to execute remotely - as a custom extension, being it "show me the console output", or "destroy the unikernel with name = YYY", or "deploy the included unikernel image". The advantage is that the commands are already authenticated, and there is no need for developing an ad-hoc protocol on top of the TLS session. The resource limits, assigned by the authority, are also part of the certificate chain - i.e. the number of unikernels, access to network bridges, available accumulated memory, accumulated size for block devices, are constrained by the certificate chain presented to the server, and currently running unikernels. The names of the chain are used for access control - if Alice and Bob have intermediate certificates from the same CA, neither Alice may manage Bob's unikernels, nor Bob may manage Alice's unikernels. I'm using albatross since 2.5 years in production on two physical machines with ~20 unikernels total (multiple users, multiple administrative domains), and it works stable and is much nicer to deal with than scp and custom hacked shell scripts.

+

Why 0.7?

+

There are still some missing pieces in our ocaml-x509 implementation, namely modern ECC certificates (depending on elliptic curve primitives not yet available in OCaml), RSA-PSS signing (should be straightforward), PKCS 12 (there is a pull request, but this should wait until asn1-combinators supports the ANY defined BY construct to cleanup the code), ... +Once these features are supported, the library should likely be named PKCS since it supports more than X.509, and released as 1.0.

+

The 0.7 release series moved a lot of modules and function names around, thus it is a major breaking release. By using a map instead of lists for extensions, GeneralName, ..., the API was further revised - invariants that each extension key (an ASN.1 object identifier) may occur at most once are now enforced. By not leaking exceptions through the public interface, the API is easier to use safely - see let's encrypt, openvpn, certify, tls, capnp, albatross.

+

I intended in 0.7.0 to have much more precise types, esp. for the SubjectAlternativeName (SAN) extension that uses a GeneralName, but it turns out the GeneralName is as well used for NameConstraints (NC) in a different way -- IP in SAN is an IPv4 or IPv6 address, in CN it is the IP/netmask; DNS is a domain name in SAN, in CN it is a name starting with a leading dot (i.e. ".example.com"), which is not a valid domain name. In 0.7.1, based on a bug report, I had to revert these variants and use less precise types.

+

Conclusion

+

The work on X.509 was sponsored by OCaml Labs. You can support our work at robur by a donation, which we will use to work on our OCaml and MirageOS projects. You can also reach out to us to realize commercial products.

+

I'm interested in feedback, either via twitter hannesm@mastodon.social or via eMail.

+
\ No newline at end of file diff --git a/Posts/index.html b/Posts/index.html new file mode 100644 index 0000000..0f6df0c --- /dev/null +++ b/Posts/index.html @@ -0,0 +1,27 @@ + +full stack engineer

Mirroring the opam repository and all tarballs

Written by hannes

Re-developing an opam cache from scratch, as a MirageOS unikernel

+

All your metrics belong to influx

Written by hannes

How to monitor your MirageOS unikernel with albatross and monitoring-experiments

+

Deploying binary MirageOS unikernels

Written by hannes

Finally, we provide reproducible binary MirageOS unikernels together with packages to reproduce them and setup your own builder

+

Cryptography updates in OCaml and MirageOS

Written by hannes

Elliptic curves (ECDSA/ECDH) are supported in a maintainable and secure way.

+

The road ahead for MirageOS in 2021

Written by hannes

Home office, MirageOS unikernels, 2020 recap, 2021 tbd

+

Traceroute

Written by hannes

A MirageOS unikernel which traces the path between itself and a remote host.

+

Deploying authoritative OCaml-DNS servers as MirageOS unikernels

Written by hannes

A tutorial how to deploy authoritative name servers, let's encrypt, and updating entries from unix services.

+

Reproducible MirageOS unikernel builds

Written by hannes

MirageOS unikernels are reproducible :)

+

X509 0.7

Written by hannes

Five years since ocaml-x509 initial release, it has been reworked and used more widely

+

Summer 2019

Written by hannes

Bringing MirageOS into production, take IV monitoring, CalDAV, DNS

+

The Bitcoin Piñata - no candy for you

Written by hannes

More than three years ago we launched our Bitcoin Piñata as a transparent security bait. It is still up and running!

+

My 2018 contains robur and starts with re-engineering DNS

Written by hannes

New year brings new possibilities and a new environment. I've been working on the most Widely deployed key-value store, the domain name system. Primary and secondary name services are available, including dynamic updates, notify, and tsig authentication.

+

Albatross - provisioning, deploying, managing, and monitoring virtual machines

Written by hannes

all we need is X.509

+

Conex, establish trust in community repositories

Written by hannes

Conex is a library to verify and attest package release integrity and authenticity through the use of cryptographic signatures.

+

Who maintains package X?

Written by hannes

We describe why manual gathering of metadata is out of date, and version control systems are awesome.

+

Jackline, a secure terminal-based XMPP client

Written by hannes

implement it once to know you can do it. implement it a second time and you get readable code. implementing it a third time from scratch may lead to useful libraries.

+

Exfiltrating log data using syslog

Written by hannes

sometimes preservation of data is useful

+

Re-engineering ARP

Written by hannes

If you want it as you like, you've to do it yourself

+

Minimising the virtual machine monitor

Written by hannes

MirageOS solo5 multiboot native on bhyve

+

Counting Bytes

Written by hannes

looking into dependencies and their sizes

+

Configuration DSL step-by-step

Written by hannes

how to actually configure the system

+

Catch the bug, walking through the stack

Written by hannes

10BTC could've been yours

+

Fitting the things together

Written by hannes

building a simple website

+

Why OCaml

Written by hannes

a gentle introduction into OCaml

+

Operating systems

Written by hannes

Operating systems and MirageOS

+

\ No newline at end of file diff --git a/Posts/nqsbWebsite b/Posts/nqsbWebsite new file mode 100644 index 0000000..1c60e9e --- /dev/null +++ b/Posts/nqsbWebsite @@ -0,0 +1,194 @@ + +Fitting the things together

Fitting the things together

Written by hannes
Classified under: mirageoshttptlsprotocol
Published: 2016-04-24 (last updated: 2021-11-19)

Task

+

Our task is to build a small unikernel which provides a project website. On our way we will wade through various layers using code examples. The website itself contains a few paragraphs of text, some link lists, and our published papers in pdf form.

+

Spoiler alert final result can be seen here, the full code here.

+

A first idea

+

We could go all the way to use conduit for wrapping connections, and mirage-http (using cohttp, a very lightweight HTTP server). We'd just need to write routing code which in the end reads from a virtual file system, and some HTML and CSS for the actual site.

+

Turns out, the conduit library is already 1.7 MB in size and depends on 34 libraries, cohttp is another 3.7 MB and 40 dependent libraries. +Both libraries are actively developed, combined there were 25 releases within the last year.

+

Plan

+

Let me state our demands more clearly:

+
    +
  • easy to maintain +
    • +
  • updates roughly 3 times a year +
    • +
  • reasonable performance +
    • +
+

To achieve easy maintenance we keep build and run time dependencies small, use a single virtual machine image to ease deployment. We try to develop only little new code. Our general approach to performance is to do as little work as we can on each request, and precompute at compile time or once at startup as much as we can.

+

HTML code

+

From the tyxml description: "Tyxml provides a set of combinators to build Html5 and Svg documents. These combinators use the OCaml type-system to ensure the validity of the generated Html5 and Svg." A tutorial is available.

+

You can plug elements (or attributes) inside each other only if the HTML specification allows this (no <body> inside of a <body>). An example that can be rendered to a div with pcdata inside.

+

If you use utop (as interactive read-eval-print-loop), you first need to load tyxml by #require "tyxml".

+
open Html5.M
+
+let mycontent =
+  div ~a:[ a_class ["content"] ]
+    [ pcdata "This is a fabulous content." ]
+
+

In the end, our web server will deliver the page as a string, tyxml provides the function Html5.P.print : output:(string -> unit) -> doc -> unit. We use a temporary Buffer to print the document into.

+
# let buf = Buffer.create 100
+# Html5.P.print ~output:(Buffer.add_string buf) mycontent
+
+Error: This expression has type ([> Html5_types.div ] as 'a) elt but an expression was expected of type doc = [ `Html ] elt Type 'a = [> `Div ] is not compatible with type [ `Html ]
+The second variant type does not allow tag(s) `Div
+
+

This is pretty nice, we can only print complete HTML5 documents this way (there are printers for standalone elements as well), and will not be able to serve an incomplete page fragment!

+

To get it up and running, we wrap it inside of a html which has a header and a body:

+
# Html5.P.print ~output:(Buffer.add_string buf) (html (head (title (pcdata "title")) []) (body [ mycontent ]))
+# Buffer.contents buf
+
+"<!DOCTYPE html>\n<html xmlns=\"http://www.w3.org/1999/xhtml\"><head><title>title</title></head><body><div class=\"content\">This is a fabulous content.</div></body></html>"
+
+

The HTML content is done (in a pure way, no effects!), let's work on the binary pdfs. +Our full page source (CSS embedding is done via a string, no fancy types there (yet!?)) is on GitHub. Below we will use the render function for our content:

+
let render =
+  let buf = Buffer.create 500 in
+  Html5.P.print ~output:(Buffer.add_string buf) @@
+  html
+    (header "not quite so broken")
+    (body [ mycontent ]) ;
+  Cstruct.of_string @@ Buffer.contents buf
+
+

Binary data

+

There are various ways how to embed binary data into MirageOS:

+
    +
  • connect an external (FAT) disk image; upside: works for large data, independent, can be shared with other systems; downside: an extra file to distribute onto the production machine, lots of code (block storage and file system access) which can contain directory traversals and other issues +
    • +
  • embed as a special ELF section; downside: not yet implemented +
    • +
  • embed strings in the code; upside: no deployment hassle, works everywhere for small files; downside: need to encode binary to string chunks during build and decode in the MirageOS unikernel, it breaks with large files +
    • +
  • likely others such as use a tar image, read it during build or runtime; wait during bootup on a network socket (or connect somewhere) to receive the static data; use a remote git repository +
    • +
+

We'll use the embedding. There is support for this built in the mirage tool via crunch. If you crunch "foo" in config.ml, it will create a read-only key value store (KV_RO) named static1.ml containing everything in the local "foo" directory during mirage configure. +Each file is encoded as a list of chunks, each 4096 bytes in size in ASCII (octal escaping \000 of control characters).

+

The API is:

+
val read : t -> string -> int -> int -> [ `Ok of page_aligned_buffer list | `UnknownKey of string ]
+val size : t -> string -> [ `Ok of int64 | `UnknownKey of string ]
+
+

The lookup needs to retrieve first the chunk list for the given filename, and then splice the fragments together and return the requested offset and length as page aligned structures. Since this is not for free, we will read our pdfs only once during startup, and then keep a reference to the full pdfs which we deliver upon request:

+
let read_full_kv kv name =
+  KV.size kv name >>= function
+  | `Error (KV.Unknown_key e) -> Lwt.fail (Invalid_argument e)
+  | `Ok size ->
+    KV.read kv name 0 (Int64.to_int size) >>= function
+    | `Error (KV.Unknown_key e) -> Lwt.fail (Invalid_argument e)
+    | `Ok bufs -> Lwt.return (Cstruct.concat bufs)
+
+let start kv =
+  let d_nqsb = Page.render in
+  read_full_kv kv "nqsbtls-usenix-security15.pdf" >>= fun d_usenix ->
+  read_full_kv kv "tron.pdf" >>= fun d_tron ->
+  ...
+
+

The funny >>= syntax notes that something is doing input/output, which might be blocking or interrupted or failing. It composes effects using an imperative style (semicolon in other languages, another term is monadic bind). The Page.render function is described above, and is pure, thus no >>=.

+

We now have all the resources we wanted available inside our MirageOS unikernel. There is some cost during configuration (converting binary into code), and startup (concatenating lists, lookups, rendering HTML into string representation).

+

Building a HTTP response

+

HTTP consists of headers and data, we already have the data. A HTTP header contains of an initial status line (HTTP/1.1 200 OK), and a list of keys-values, each of the form key + ": " + value + "\r\n" (+ is string concatenation). The header is separated with "\r\n\r\n" from the data:

+
let http_header ~status xs =
+  let headers = List.map (fun (k, v) -> k ^ ": " ^ v) xs in
+  let lines = status :: headers @ [ "\r\n" ] in
+  String.concat "\r\n" lines
+
+let header content_type =
+  http_header ~status:"HTTP/1.1 200 OK" [ ("content-type", content_type) ]
+
+

We also know statically (at compile time) which headers to send: content-type should be text/html for our main page, and application/pdf for the pdf files. The status code 200 is used in HTTP to signal that the request is successful. We can combine the headers and the data during startup, because our single communication channel is HTTP, and thus we don't need access to the data or headers separately (support for HTTP caching etc. is out of scope).

+

We are now finished with the response side of HTTP, and can emit three different resources. Now, we need to handle incoming HTTP requests and dispatch them to the resource. Let's first to a brief detour to HTTPS (and thus TLS).

+

Security via HTTPS

+

Transport layer security is a protocol on top of TCP providing an end-to-end encrypted and authenticated channel. In our setting, our web server has a certificate and a private key to authenticate itself to the clients.

+

A certificate is a token containing a public key, a name, a validity period, and a signature from the authority which issued the certificate. The authority is crucial here: this infrastructure only works if the client trusts the public key of the authority (and thus can verify their signature on our certificate). I used let's encrypt (actually the letsencrypt.sh client (would be great to have one natively in OCaml) to get a signed certificate, which is widely accepted by web browsers.

+

The MirageOS interface for TLS is that it takes a FLOW (byte stream, e.g. TCP) and provides a FLOW. Libraries can be written to be agnostic whether they use a TCP stream or a TLS session to carry data.

+

We need to setup our unikernel that on new connections to the HTTPS port, it should first do a TLS handshake, and afterwards talk the HTTP protocol. For a TLS handshake we need to put the certificate and private key into the unikernel, using yet another key value store (crunch "tls").

+

On startup we read the certificate and private key, and use that to create a TLS server config:

+
let start stack kv keys =
+  read_cert keys "nqsb" >>= fun c_nqsb ->
+  let config = Tls.Config.server ~certificates:(`Single c_nqsb) () in
+  S.listen_tcpv4 stack ~port:443 (tls_accept config)
+
+

The listen_tcpv4 is provided by the stackv4 module, and gets a stack, a port number (HTTPS uses 443), and a function which receives a flow instance.

+
let tls_accept cfg tcp =
+  TLS.server_of_flow cfg tcp >>= function
+    | `Error _ | `Eof -> TCP.close tcp
+    | `Ok tls  -> ...
+
+

The server_of_flow is provided by the Mirage TLS layer. It can fail, if the client and server do not speak a common protocol suite, ciphersuite, or if one of the sides behaves non-protocol compliant.

+

To wrap up, we managed to listen on the HTTPS port and establish TLS sessions for each incoming request. We have our resources available, and now need to dispatch the request onto the resource.

+

HTTP request handling

+

HTTP is a string based protocol, the first line of the request contains the method and resource which the client wants to access, GET / HTTP/1.1. We could read a single line from the client, and cut the part between GET and HTTP/1.1 to deliver the resource.

+

This would either need some (brittle?) string processing, or a full-blown HTTP library on our side. "I'm sorry Dave, I can't do that". There is no way we'll do string processing on data received from the network for this.

+

Looking a bit deeper into TLS, there is a specification for server name indication from 2003. The main purpose is to run on a single IP(v4) address multiple TLS services. The client indicates in the TLS handshake what the server name is it wants to talk to. This extension looks in wikipedia widely enough deployed.

+

During the TLS handshake there is already some server name information exposed, and we have a very small set of available resources. Thanks to let's encrypt, generating certificates is easy and free of cost.

+

And, if we're down to a single resource, we can use the same technique used by David in +the BTC Piñata: just send the resource back without waiting for a request.

+

Putting it all together

+

What we need is a hostname for each resource, and certificates and private keys for them, or a single certificate with all hostnames as alternative names.

+

Our TLS library supports to select a certificate chain based on the requested name (look here). The following snippet is a setup to use the nqsb.io certificate chain by default (if no SNI is provided, or none matches), and also have a usenix15 and a tron certificate chain.

+
let start stack keys kv =
+  read_cert keys "nqsb" >>= fun c_nqsb ->
+  read_cert keys "usenix15" >>= fun c_usenix ->
+  read_cert keys "tron" >>= fun c_tron ->
+  let config = Tls.Config.server ~certificates:(`Multiple_default (c_nqsb, [ c_usenix ; c_tron])) () in
+  S.listen_tcpv4 stack ~port:443 (tls_accept config) ;
+
+

Back to dispatching code. We can extract the hostname information from an opaque tls value (the epoch data is fully described here:

+
let extract_name tls =
+  match TLS.epoch tls with
+   | `Error -> None
+   | `Ok e -> e.Tls.Core.own_name
+
+

Since this TLS extension is optional, the return type will be a string option.

+

Now, putting the dispatch together we need a function that gets all resources and the tls state value, and returns the data to send out:

+
let dispatch nqsb usenix tron tls =
+  match extract_name tls with
+   | Some "usenix15.nqsb.io" -> usenix
+   | Some "tron.nqsb.io" ->  tron
+   | Some "nqsb.io" ->  nqsb
+   | _ -> nqsb
+
+

This is again pure code, we need to put it now into the handler, our tls_accept calls the provided function with the tls flow:

+
let tls_accept f cfg tcp =
+  TLS.server_of_flow cfg tcp >>= function
+   | `Error _ | `Eof -> TCP.close tcp
+   | `Ok tls  -> Tls.writev tls (f tls) >>= fun _ -> TLS.close tls
+
+

And our full startup code:

+
let start stack keys kv =
+  let d_nqsb = [ header "text/html;charset=utf-8" ; Page.render ] in
+  read_pdf kv "nqsbtls-usenix-security15.pdf" >>= fun d_usenix ->
+  read_pdf kv "tron.pdf" >>= fun d_tron ->
+  let f = dispatch d_nqsb d_usenix d_tron in
+
+  read_cert keys "nqsb" >>= fun c_nqsb ->
+  read_cert keys "usenix15" >>= fun c_usenix ->
+  read_cert keys "tron" >>= fun c_tron ->
+  let config = Tls.Config.server ~certificates:(`Multiple_default (c_nqsb, [ c_usenix ; c_tron])) () in
+
+  S.listen_tcpv4 stack ~port:443 (tls_accept f config) ;
+  S.listen stack
+
+

That's it, the nqsb.io contains slightly more code to log onto a console, and to redirect requests on port 80 (HTTP) to port 443 (by signaling a 301 Moved permanently HTTP status code).

+

Conclusion

+

A comparison using Firefox builtin network diagnostics shows that the waiting before receiving data is minimal (3ms, even spotted 0ms).

+

+

We do not render HTML for each request, we do not splice data together, we don't even read the client request. And I'm sure we can improve the performance even more by profiling.

+

We saw a journey from typed XML over key value stores, HTTP, TLS, and HTTPS. The actual application code of our unikernel serving nqsb,io is less than 100 lines of OCaml. We used MirageOS for our minimal HTTPS website, serving a single resource per hostname. We depend (directly) on the tyxml library, the mirage tool and network stack, and the tls library. That's it.

+

There is a long list of potential features, such as full HTTP protocol compliance (caching, favicon, ...), logging, natively getting let's encrypt certificates -- but in the web out there it is sufficient to get picked up by search engines, and the maintenance is marginal.

+

For a start in MirageOS unikernels, look into our mirage-skeleton project, and into the /dev/winter presentation by Matt Gray.

+

I'm interested in feedback, either via +twitter or via eMail.

+

Other updates in the MirageOS ecosystem

+ +
\ No newline at end of file diff --git a/atom b/atom new file mode 100644 index 0000000..92732f6 --- /dev/null +++ b/atom @@ -0,0 +1,1059 @@ +urn:uuid:981361ca-e71d-4997-a52c-baeee78e4156full stack engineer2022-10-11T12:14:07-00:00<p>Re-developing an opam cache from scratch, as a MirageOS unikernel</p> +2022-09-29T13:04:14-00:00<p>We at <a href="https://robur.coop">robur</a> developed <a href="https://git.robur.io/robur/opam-mirror">opam-mirror</a> in the last month and run a public opam mirror at https://opam.robur.coop (updated hourly).</p> +<h1>What is opam and why should I care?</h1> +<p><a href="https://opam.ocaml.org">Opam</a> is the OCaml package manager (also used by other projects such as <a href="https://coq.inria.fr">coq</a>). It is a source based system: the so-called repository contains the metadata (url to source tarballs, build dependencies, author, homepage, development repository) of all packages. The main repository is hosted on GitHub as <a href="https://github.com/ocaml/opam-repository">ocaml/opam-repository</a>, where authors of OCaml software can contribute (as pull request) their latest releases.</p> +<p>When opening a pull request, automated systems attempt to build not only the newly released package on various platforms and OCaml versions, but also all reverse dependencies, and also with dependencies with the lowest allowed version numbers. That's crucial since neither semantic versioning has been adapted across the OCaml ecosystem (which is tricky, for example due to local opens any newly introduced binding will lead to a major version bump), neither do many people add upper bounds of dependencies when releasing a package (nobody is keen to state &quot;my package will not work with <a href="https://erratique.ch/software/cmdliner">cmdliner</a> in version 1.2.0&quot;).</p> +<p>So, the opam-repository holds the metadata of lots of OCaml packages (around 4000 at the moment this article was written) with lots of versions (in total 25000) that have been released. It is used by the opam client to figure out which packages to install or upgrade (using a solver that takes the version bounds into consideration).</p> +<p>Of course, opam can use other repositories (overlays) or forks thereof. So nothing stops you from using any other opam repository. The url to the source code of each package may be a tarball, or a git repository or other version control systems.</p> +<p>The vast majority of opam packages released to the opam-repository include a link to the source tarball and a cryptographic hash of the tarball. This is crucial for security (under the assumption the opam-repository has been downloaded from a trustworthy source - check back later this year for updates on <a href="/Posts/Conex">conex</a>). At the moment, there are some weak spots in respect to security: md5 is still allowed, and the hash and the tarball are downloaded from the same server: anyone who is in control of that server can inject arbitrary malicious data. As outlined above, we're working on infrastructure which fixes the latter issue.</p> +<h1>How does the opam client work?</h1> +<p>Opam, after initialisation, downloads the <code>index.tar.gz</code> from <code>https://opam.ocaml.org/index.tar.gz</code>, and uses this as the local opam universe. An <code>opam install cmdliner</code> will resolve the dependencies, and download all required tarballs. The download is first tried from the cache, and if that failed, the URL in the package file is used. The download from the cache uses the base url, appends the archive-mirror, followed by the hash algorithm, the first two characters of the has of the tarball, and the hex encoded hash of the archive, i.e. for cmdliner 1.1.1 which specifies its sha512: <code>https://opam.ocaml.org/cache/sha512/54/5478ad833da254b5587b3746e3a8493e66e867a081ac0f653a901cc8a7d944f66e4387592215ce25d939be76f281c4785702f54d4a74b1700bc8838a62255c9e</code>.</p> +<h1>How does the opam repository work?</h1> +<p>According to DNS, opam.ocaml.org is a machine at amazon. It likely, apart from the website, uses <code>opam admin index</code> periodically to create the index tarball and the cache. There's an observable delay between a package merge in the opam-repository and when it shows up at opam.ocaml.org. Recently, there was <a href="https://discuss.ocaml.org/t/opam-ocaml-org-is-currently-down-is-that-where-indices-are-kept-still/">a reported downtime</a>.</p> +<p>Apart from being a single point of failure, if you're compiling a lot of opam projects (e.g. a continuous integration / continuous build system), it makes sense from a network usage (and thus sustainability perspective) to move the cache closer to where you need the source archives. We're also organising the MirageOS <a href="http://retreat.mirage.io">hack retreats</a> in a northern African country with poor connectivity - so if you gather two dozen camels you better bring your opam repository cache with you to reduce the bandwidth usage (NB: this requires at the moment cooperation of all participants to configure their default opam repository accordingly).</p> +<h1>Re-developing &quot;opam admin create&quot; as MirageOS unikernel</h1> +<p>The need for a local opam cache at our <a href="https://builds.robur.coop">reproducible build infrastructure</a> and the retreats, we decided to develop <a href="https://git.robur.io/robur/opam-mirror">opam-mirror</a> as a <a href="https://mirage.io">MirageOS unikernel</a>. Apart from a useful showcase using persistent storage (that won't fit into memory), and having fun while developing it, our aim was to reduce our time spent on system administration (the <code>opam admin index</code> is only one part of the story, it needs a Unix system and a webserver next to it - plus remote access for doing software updates - which has quite some attack surface.</p> +<p>Another reason for re-developing the functionality was that the opam code (what opam admin index actually does) is part of the opam source code, which totals to 50_000 lines of code -- looking up whether one or all checksums are verified before adding the tarball to the cache, was rather tricky.</p> +<p>In earlier years, we avoided persistent storage and block devices in MirageOS (by embedding it into the source code with <a href="https://github.com/mirage/ocaml-crunch">crunch</a>, or using a remote git repository), but recent development, e.g. of <a href="https://somerandomidiot.com/blog/2022/03/04/chamelon/">chamelon</a> sparked some interest in actually using file systems and figuring out whether MirageOS is ready in that area. A month ago we started the opam-mirror project.</p> +<p>Opam-mirror takes a remote repository URL, and downloads all referenced archives. It serves as a cache and opam-repository - and does periodic updates from the remote repository. The idea is to validate all available checksums and store the tarballs only once, and store overlays (as maps) from the other hash algorithms.</p> +<h1>Code development and improvements</h1> +<p>Initially, our plan was to use <a href="https://github.com/mirage/ocaml-git">ocaml-git</a> for pulling the repository, <a href="https://github.com/yomimono/chamelon">chamelon</a> for persistent storage, and <a href="https://github.com/inhabitedtype/httpaf">httpaf</a> as web server. With <a href="https://github.com/mirage/ocaml-tar">ocaml-tar</a> recent support of <a href="https://github.com/mirage/ocaml-tar/pull/88">gzip</a> we should be all set, and done within a few days.</p> +<p>There is already a gap in the above plan: which http client to use - in the best case something similar to our <a href="https://github.com/roburio/http-lwt-client">http-lwt-client</a> - in MirageOS: it should support HTTP 1.1 and HTTP 2, TLS (with certificate validation), and using <a href="https://github.com/roburio/happy-eyeballs">happy-eyeballs</a> to seemlessly support both IPv6 and legacy IPv4. Of course it should follow redirect, without that we won't get far in the current Internet.</p> +<p>On the path (over the last month), we fixed file descriptor leaks (memory leaks) in <a href="https://github.com/dinosaure/paf-le-chien">paf</a> -- which is used as a runtime for httpaf and h2.</p> +<p>Then we ran into some trouble with chamelon (<a href="https://github.com/yomimono/chamelon/issues/11">out of memory</a>, some degraded peformance, it reporting out of disk space), and re-thought our demands for opam-mirror. Since the cache is only ever growing (new packages are released), there's no need to ever remove anything: it is append-only. Once we figured that out, we investigated what needs to be done in ocaml-tar (where tar is in fact a tape archive, and was initially designed as file format to be appended to) to support appending to an archive.</p> +<p>We also re-thought our bandwidth usage, and instead of cloning the git remote at startup, we developed <a href="https://git.robur.io/robur/git-kv">git-kv</a> which can dump and restore the git state.</p> +<p>Also, initially we computed all hashes of all tarballs, but with the size increasing (all archives are around 7.5GB) this lead to a major issue of startup time (around 5 minutes on a laptop), so we wanted to save and restore the maps as well.</p> +<p>Since neither git state nor the maps are suitable for tar's append-only semantics, and we didn't want to investigate yet another file system - such as <a href="https://github.com/mirage/ocaml-fat">fat</a> may just work fine, but the code looks slightly bitrot, and the reported issues and non-activity doesn't make this package very trustworthy from our point of view. Instead, we developed <a href="https://github.com/reynir/mirage-block-partition">mirage-block-partition</a> to partition a block device into two. Then we just store the maps and the git state at the end - the end of a tar archive is 2 blocks of zeroes, so stuff at the far end aren't considered by any tooling. Extending the tar archive is also possible, only the maps and git state needs to be moved to the end (or recomputed). As file system, we developed <a href="https://git.robur.io/reynir/oneffs">oneffs</a> which stores a single value on the block device.</p> +<p>We observed a high memory usage, since each requested archive was first read from the block device into memory, and then sent out. Thanks to Pierre Alains <a href="https://github.com/mirage/mirage-kv/pull/28">recent enhancements</a> of the mirage-kv API, there is a <code>get_partial</code>, that we use to chunk-wise read the archive and send it via HTTP. Now, the memory usage is around 20MB (the git repository and the generated tarball are kept in memory).</p> +<p>What is next? Downloading and writing to the tar archive could be done chunk-wise as well; also dumping and restoring the git state is quite CPU intensive, we would like to improve that. Adding the TLS frontend (currently done on our site by our TLS termination proxy <a href="https://github.com/roburio/tlstunnel">tlstunnel</a>) similar to how <a href="https://github.com/roburio/unipi">unipi</a> does it, including let's encrypt provisioning -- should be straightforward (drop us a note if you'd be interesting in that feature).</p> +<h1>Conclusion</h1> +<p>To conclude, we managed within a month to develop this opam-mirror cache from scratch. It has a reasonable footprint (CPU and memory-wise), is easy to maintain and easy to update - if you want to use it, we also provide <a href="https://builds.robur.coop/job/opam-mirror">reproducible binaries</a> for solo5-hvt. You can use our opam mirror with <code>opam repository set-url default https://opam.robur.coop</code> (revert to the other with <code>opam repository set-url default https://opam.ocaml.org</code>) or use it as a backup with <code>opam repository add robur --rank 2 https://opam.robur.coop</code>.</p> +<p>Please reach out to us (at team AT robur DOT coop) if you have feedback and suggestions. We are a non-profit company, and rely on <a href="https://robur.coop/Donate">donations</a> for doing our work - everyone can contribute.</p> +urn:uuid:0dbd251f-32c7-57bd-8e8f-7392c0833a09Mirroring the opam repository and all tarballs2022-10-11T12:14:07-00:00hannes<p>How to monitor your MirageOS unikernel with albatross and monitoring-experiments</p> +2022-03-08T11:26:31-00:00<h1>Introduction to monitoring</h1> +<p>At <a href="https://robur.coop">robur</a> we use a range of MirageOS unikernels. Recently, we worked on improving the operations story thereof. One part is shipping binaries using our <a href="https://builds.robur.coop">reproducible builds infrastructure</a>. Another part is, once deployed we want to observe what is going on.</p> +<p>I first got into touch with monitoring - collecting and graphing metrics - with <a href="https://oss.oetiker.ch/mrtg/">MRTG</a> and <a href="https://munin-monitoring.org/">munin</a> - and the simple network management protocol <a href="https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol">SNMP</a>. From the whole system perspective, I find it crucial that the monitoring part of a system does not add pressure. This favours a push-based design, where reporting is done at the disposition of the system.</p> +<p>The rise of monitoring where graphs are done dynamically (such as <a href="https://grafana.com/">Grafana</a>) and can be programmed (with a query language) by the operator are very neat, it allows to put metrics in relation after they have been recorded - thus if there's a thesis why something went berserk, you can graph the collected data from the past and prove or disprove the thesis.</p> +<h1>Monitoring a MirageOS unikernel</h1> +<p>From the operational perspective, taking security into account - either the data should be authenticated and integrity-protected, or being transmitted on a private network. We chose the latter, there's a private network interface only for monitoring. Access to that network is only granted to the unikernels and metrics collector.</p> +<p>For MirageOS unikernels, we use the <a href="https://github.com/mirage/metrics">metrics</a> library - which design shares the idea of <a href="https://erratique.ch/software/logs">logs</a> that only if there's a reporter registered, work is performed. We use the Influx line protocol via TCP to report via <a href="https://www.influxdata.com/time-series-platform/telegraf/">Telegraf</a> to <a href="https://www.influxdata.com/">InfluxDB</a>. But due to the design of <a href="https://github.com/mirage/metrics">metrics</a>, other reporters can be developed and used -- prometheus, SNMP, your-other-favourite are all possible.</p> +<p>Apart from monitoring metrics, we use the same network interface for logging via syslog. Since the logs library separates the log message generation (in the OCaml libraries) from the reporting, we developed <a href="https://github.com/hannesm/logs-syslog">logs-syslog</a>, which registers a log reporter sending each log message to a syslog sink.</p> +<p>We developed a small library for metrics reporting of a MirageOS unikernel into the <a href="https://github.com/roburio/monitoring-experiments">monitoring-experiments</a> package - which also allows to dynamically adjust log level and disable or enable metrics sources.</p> +<h2>Required components</h2> +<p>Install from your operating system the packages providing telegraf, influxdb, and grafana.</p> +<p>Setup telegraf to contain a socket listener:</p> +<pre><code>[[inputs.socket_listener]] + service_address = &quot;tcp://192.168.42.14:8094&quot; + keep_alive_period = &quot;5m&quot; + data_format = &quot;influx&quot; +</code></pre> +<p>Use a unikernel that reports to Influx (below the heading &quot;Unikernels (with metrics reported to Influx)&quot; on <a href="https://builds.robur.coop">builds.robur.coop</a>) and provide <code>--monitor=192.168.42.14</code> as boot parameter. Conventionally, these unikernels expect a second network interface (on the &quot;management&quot; bridge) where telegraf (and a syslog sink) are running. You'll need to pass <code>--net=management</code> and <code>--arg='--management-ipv4=192.168.42.x/24'</code> to albatross-client-local.</p> +<p>Albatross provides a <code>albatross-influx</code> daemon that reports information from the host system about the unikernels to influx. Start it with <code>--influx=192.168.42.14</code>.</p> +<h2>Adding monitoring to your unikernel</h2> +<p>If you want to extend your own unikernel with metrics, follow along these lines.</p> +<p>An example is the <a href="https://github.com/roburio/dns-primary-git">dns-primary-git</a> unikernel, where on the branch <code>future</code> we have a single commit ahead of main that adds monitoring. The difference is in the unikernel configuration and the main entry point. See the <a href="https://builds.robur.coop/job/dns-primary-git-monitoring/build/latest/">binary builts</a> in contrast to the <a href="https://builds.robur.coop/job/dns-primary-git/build/latest/">non-monitoring builts</a>.</p> +<p>In config, three new command line arguments are added: <code>--monitor=IP</code>, <code>--monitor-adjust=PORT</code> <code>--syslog=IP</code> and <code>--name=STRING</code>. In addition, the package <code>monitoring-experiments</code> is required. And a second network interface <code>management_stack</code> using the prefix <code>management</code> is required and passed to the unikernel. Since the syslog reporter requires a console (to report when logging fails), also a console is passed to the unikernel. Each reported metrics includes a tag <code>vm=&lt;name&gt;</code> that can be used to distinguish several unikernels reporting to the same InfluxDB.</p> +<p>Command line arguments:</p> +<pre><code class="language-patch"> let doc = Key.Arg.info ~doc:&quot;The fingerprint of the TLS certificate.&quot; [ &quot;tls-cert-fingerprint&quot; ] in + Key.(create &quot;tls_cert_fingerprint&quot; Arg.(opt (some string) None doc)) + ++let monitor = ++ let doc = Key.Arg.info ~doc:&quot;monitor host IP&quot; [&quot;monitor&quot;] in ++ Key.(create &quot;monitor&quot; Arg.(opt (some ip_address) None doc)) ++ ++let monitor_adjust = ++ let doc = Key.Arg.info ~doc:&quot;adjust monitoring (log level, ..)&quot; [&quot;monitor-adjust&quot;] in ++ Key.(create &quot;monitor_adjust&quot; Arg.(opt (some int) None doc)) ++ ++let syslog = ++ let doc = Key.Arg.info ~doc:&quot;syslog host IP&quot; [&quot;syslog&quot;] in ++ Key.(create &quot;syslog&quot; Arg.(opt (some ip_address) None doc)) ++ ++let name = ++ let doc = Key.Arg.info ~doc:&quot;Name of the unikernel&quot; [&quot;name&quot;] in ++ Key.(create &quot;name&quot; Arg.(opt string &quot;ns.nqsb.io&quot; doc)) ++ + let mimic_impl random stackv4v6 mclock pclock time = + let tcpv4v6 = tcpv4v6_of_stackv4v6 $ stackv4v6 in + let mhappy_eyeballs = mimic_happy_eyeballs $ random $ time $ mclock $ pclock $ stackv4v6 in +</code></pre> +<p>Requiring <code>monitoring-experiments</code>, registering command line arguments:</p> +<pre><code class="language-patch"> package ~min:&quot;3.7.0&quot; ~max:&quot;3.8.0&quot; &quot;git-mirage&quot;; + package ~min:&quot;3.7.0&quot; &quot;git-paf&quot;; + package ~min:&quot;0.0.8&quot; ~sublibs:[&quot;mirage&quot;] &quot;paf&quot;; ++ package &quot;monitoring-experiments&quot;; ++ package ~sublibs:[&quot;mirage&quot;] ~min:&quot;0.3.0&quot; &quot;logs-syslog&quot;; + ] in + foreign +- ~keys:[Key.abstract remote_k ; Key.abstract axfr] ++ ~keys:[ ++ Key.abstract remote_k ; Key.abstract axfr ; ++ Key.abstract name ; Key.abstract monitor ; Key.abstract monitor_adjust ; Key.abstract syslog ++ ] + ~packages +</code></pre> +<p>Added console and a second network stack to <code>foreign</code>:</p> +<pre><code class="language-patch"> &quot;Unikernel.Main&quot; +- (random @-&gt; pclock @-&gt; mclock @-&gt; time @-&gt; stackv4v6 @-&gt; mimic @-&gt; job) ++ (console @-&gt; random @-&gt; pclock @-&gt; mclock @-&gt; time @-&gt; stackv4v6 @-&gt; mimic @-&gt; stackv4v6 @-&gt; job) ++ +</code></pre> +<p>Passing a console implementation (<code>default_console</code>) and a second network stack (with <code>management</code> prefix) to <code>register</code>:</p> +<pre><code class="language-patch">+let management_stack = generic_stackv4v6 ~group:&quot;management&quot; (netif ~group:&quot;management&quot; &quot;management&quot;) + + let () = + register &quot;primary-git&quot; +- [dns_handler $ default_random $ default_posix_clock $ default_monotonic_clock $ +- default_time $ net $ mimic_impl] ++ [dns_handler $ default_console $ default_random $ default_posix_clock $ default_monotonic_clock $ ++ default_time $ net $ mimic_impl $ management_stack] +</code></pre> +<p>Now, in the unikernel module the functor changes (console and second network stack added):</p> +<pre><code class="language-patch">@@ -4,17 +4,48 @@ + + open Lwt.Infix + +-module Main (R : Mirage_random.S) (P : Mirage_clock.PCLOCK) (M : Mirage_clock.MCLOCK) (T : Mirage_time.S) (S : Mirage_stack.V4V6) (_ : sig e +nd) = struct ++module Main (C : Mirage_console.S) (R : Mirage_random.S) (P : Mirage_clock.PCLOCK) (M : Mirage_clock.MCLOCK) (T : Mirage_time.S) (S : Mirage +_stack.V4V6) (_ : sig end) (Management : Mirage_stack.V4V6) = struct + + module Store = Irmin_mirage_git.Mem.KV(Irmin.Contents.String) + module Sync = Irmin.Sync(Store) +</code></pre> +<p>And in the <code>start</code> function, the command line arguments are processed and used to setup syslog and metrics monitoring to the specified addresses. Also, a TCP listener is waiting for monitoring and logging adjustments if <code>--monitor-adjust</code> was provided:</p> +<pre><code class="language-patch"> module D = Dns_server_mirage.Make(P)(M)(T)(S) ++ module Monitoring = Monitoring_experiments.Make(T)(Management) ++ module Syslog = Logs_syslog_mirage.Udp(C)(P)(Management) + +- let start _rng _pclock _mclock _time s ctx = ++ let start c _rng _pclock _mclock _time s ctx management = ++ let hostname = Key_gen.name () in ++ (match Key_gen.syslog () with ++ | None -&gt; Logs.warn (fun m -&gt; m &quot;no syslog specified, dumping on stdout&quot;) ++ | Some ip -&gt; Logs.set_reporter (Syslog.create c management ip ~hostname ())); ++ (match Key_gen.monitor () with ++ | None -&gt; Logs.warn (fun m -&gt; m &quot;no monitor specified, not outputting statistics&quot;) ++ | Some ip -&gt; Monitoring.create ~hostname ?listen_port:(Key_gen.monitor_adjust ()) ip management); + connect_store ctx &gt;&gt;= fun (store, upstream) -&gt; + load_git None store upstream &gt;&gt;= function + | Error (`Msg msg) -&gt; +</code></pre> +<p>Once you compiled the unikernel (or downloaded a binary with monitoring), and start that unikernel by passing <code>--net:service=tap0</code> and <code>--net:management=tap10</code> (or whichever your <code>tap</code> interfaces are), and as unikernel arguments <code>--ipv4=&lt;my-ip-address&gt;</code> and <code>--management-ipv4=192.168.42.2/24</code> for IPv4 configuration, <code>--monitor=192.168.42.14</code>, <code>--syslog=192.168.42.10</code>, <code>--name=my.unikernel</code>, <code>--monitor-adjust=12345</code>.</p> +<p>With this, your unikernel will report metrics using the influx protocol to 192.168.42.14 on port 8094 (every 10 seconds), and syslog messages via UDP to 192.168.0.10 (port 514). You should see your InfluxDB getting filled and syslog server receiving messages.</p> +<p>When you configure <a href="https://grafana.com/docs/grafana/latest/getting-started/getting-started-influxdb/">Grafana to use InfluxDB</a>, you'll be able to see the data in the data sources.</p> +<p>Please reach out to us (at team AT robur DOT coop) if you have feedback and suggestions.</p> +urn:uuid:b8f1fa5b-d8dd-5a54-a9e4-064b9dcd053eAll your metrics belong to influx2022-03-08T11:26:31-00:00hannes<p>Finally, we provide reproducible binary MirageOS unikernels together with packages to reproduce them and setup your own builder</p> +2021-06-30T13:13:37-00:00<h2>Introduction</h2> +<p>MirageOS development focus has been a lot on tooling and the developer experience, but to accomplish <a href="https://robur.coop">our</a> goal to &quot;get MirageOS into production&quot;, we need to lower the barrier. This means for us to release binary unikernels. As described <a href="/Posts/NGI">earlier</a>, we received a grant for &quot;Deploying MirageOS&quot; from <a href="https://pointer.ngi.eu">NGI Pointer</a> to work on the required infrastructure. This is joint work with <a href="https://reynir.dk/">Reynir</a>.</p> +<p>We provide at <a href="https://builds.robur.coop">builds.robur.coop</a> binary unikernel images (and supplementary software). Doing binary releases of MirageOS unikernels is challenging in two aspects: firstly to be useful for everyone, a binary unikernel should not contain any configuration (such as private keys, certificates, etc.). Secondly, the binaries should be <a href="https://reproducible-builds.org">reproducible</a>. This is crucial for security; everyone can reproduce the exact same binary and verify that our build service did only use the sources. No malware or backdoors included.</p> +<p>This post describes how you can deploy MirageOS unikernels without compiling it from source, then dives into the two issues outlined above - configuration and reproducibility - and finally describes how to setup your own reproducible build infrastructure for MirageOS, and how to bootstrap it.</p> +<h2>Deploying MirageOS unikernels from binary</h2> +<p>To execute a MirageOS unikernel, apart from a hypervisor (Xen/KVM/Muen), a tender (responsible for allocating host system resources and passing these to the unikernel) is needed. Using virtio, this is conventionally done with qemu on Linux, but its code size (and attack surface) is huge. For MirageOS, we develop <a href="https://github.com/solo5/solo5">Solo5</a>, a minimal tender. It supports <em>hvt</em> - hardware virtualization (Linux KVM, FreeBSD BHyve, OpenBSD VMM), <em>spt</em> - sandboxed process (a tight seccomp ruleset (only a handful of system calls allowed, no hardware virtualization needed), Linux only). Apart from that, <a href="https://muen.sk"><em>muen</em></a> (a hypervisor developed in Ada), <em>virtio</em> (for some cloud deployments), and <em>xen</em> (PVHv2 or Qubes 4.0) - <a href="https://github.com/Solo5/solo5/blob/master/docs/building.md">read more</a>. We deploy our unikernels as hvt with FreeBSD BHyve as hypervisor.</p> +<p>On <a href="https://builds.robur.coop">builds.robur.coop</a>, next to the unikernel images, <a href="https://builds.robur.coop/job/solo5-hvt/"><em>solo5-hvt</em> packages</a> are provided - download the binary and install it. A <a href="https://github.com/NixOS/nixpkgs/tree/master/pkgs/os-specific/solo5">NixOS package</a> is already available - please note that <a href="https://github.com/Solo5/solo5/pull/494">soon</a> packaging will be much easier (and we will work on packages merged into distributions).</p> +<p>When the tender is installed, download a unikernel image (e.g. the <a href="https://builds.robur.coop/job/traceroute/build/latest/">traceroute</a> described in <a href="/Posts/Traceroute">an earlier post</a>), and execute it:</p> +<pre><code>$ solo5-hvt --net:service=tap0 -- traceroute.hvt --ipv4=10.0.42.2/24 --ipv4-gateway=10.0.42.1 +</code></pre> +<p>If you plan to orchestrate MirageOS unikernels, you may be interested in <a href="https://github.com/roburio/albatross">albatross</a> - we provide <a href="https://builds.robur.coop/job/albatross/">binary packages as well for albatross</a>. An upcoming post will go into further details of how to setup albatross.</p> +<h2>MirageOS configuration</h2> +<p>A MirageOS unikernel has a specific purpose - composed of OCaml libraries - selected at compile time, which allows to only embed the required pieces. This reduces the attack surface drastically. At the same time, to be widely useful to multiple organisations, no configuration data must be embedded into the unikernel.</p> +<p>Early MirageOS unikernels such as <a href="https://github.com/mirage/mirage-www">mirage-www</a> embed content (blog posts, ..) and TLS certificates and private keys in the binary (using <a href="https://github.com/mirage/ocaml-crunch">crunch</a>). The <a href="https://github.com/mirage/qubes-mirage-firewall">Qubes firewall</a> (read the <a href="http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/">blog post by Thomas</a> for more information) used to include the firewall rules until <a href="https://github.com/mirage/qubes-mirage-firewall/releases/tag/v0.6">v0.6</a> in the binary, since <a href="https://github.com/mirage/qubes-mirage-firewall/tree/v0.7">v0.7</a> the rules are read dynamically from QubesDB. This is big usability improvement.</p> +<p>We have several possibilities to provide configuration information in MirageOS, on the one hand via boot parameters (can be pre-filled at development time, and further refined at configuration time, but those passed at boot time take precedence). Boot parameters have a length limitation.</p> +<p>Another option is to <a href="https://github.com/roburio/tlstunnel/">use a block device</a> - where the TLS reverse proxy stores the configuration, modifiable via a TCP control socket (authentication using a shared hmac secret).</p> +<p>Several other unikernels, such as <a href="https://github.com/Engil/Canopy">this website</a> and <a href="https://github.com/roburio/caldav">our CalDAV server</a>, store the content in a remote git repository. The git URI and credentials (private key seed, host key fingerprint) are passed via boot parameter.</p> +<p>Finally, another option that we take advantage of is to introduce a post-link step that rewrites the binary to embed configuration. The tool <a href="https://github.com/dinosaure/caravan">caravan</a> developed by Romain that does this rewrite is used by our <a href="https://github.com/roburio/openvpn/tree/robur/mirage-router">openvpn router</a> (<a href="https://builds.robur.coop/job/openvpn-router/build/latest/">binary</a>).</p> +<p>In the future, some configuration information - such as monitoring system, syslog sink, IP addresses - may be done via DHCP on one of the private network interfaces - this would mean that the DHCP server has some global configuration option, and the unikernels no longer require that many boot parameters. Another option we want to investigate is where the tender shares a file as read-only memory-mapped region from the host system to the guest system - but this is tricky considering all targets above (especially virtio and muen).</p> +<h2>Behind the scenes: reproducible builds</h2> +<p>To provide a high level of assurance and trust, if you distribute binaries in 2021, you should have a recipe how they can be reproduced in a bit-by-bit identical way. This way, different organisations can run builders and rebuilders, and a user can decide to only use a binary if it has been reproduced by multiple organisations in different jurisdictions using different physical machines - to avoid malware being embedded in the binary.</p> +<p>For a reproduction to be successful, you need to collect the checksums of all sources that contributed to the built, together with other things (host system packages, environment variables, etc.). Of course, you can record the entire OS and sources as a tarball (or file system snapshot) and distribute that - but this may be suboptimal in terms of bandwidth requirements.</p> +<p>With opam, we already have precise tracking which opam packages are used, and since opam 2.1 the <code>opam switch export</code> includes <a href="https://github.com/ocaml/opam/pull/4040">extra-files (patches)</a> and <a href="https://github.com/ocaml/opam/pull/4055">records the VCS version</a>. Based on this functionality, <a href="https://github.com/roburio/orb">orb</a>, an alternative command line application using the opam-client library, can be used to collect (a) the switch export, (b) host system packages, and (c) the environment variables. Only required environment variables are kept, all others are unset while conducting a build. The only required environment variables are <code>PATH</code> (sanitized with an allow list, <code>/bin</code>, <code>/sbin</code>, with <code>/usr</code>, <code>/usr/local</code>, and <code>/opt</code> prefixes), and <code>HOME</code>. To enable Debian's <code>apt</code> to install packages, <code>DEBIAN_FRONTEND</code> is set to <code>noninteractive</code>. The <code>SWITCH_PATH</code> is recorded to allow orb to use the same path during a rebuild. The <code>SOURCE_DATE_EPOCH</code> is set to enable tools that record a timestamp to use a static one. The <code>OS*</code> variables are only used for recording the host OS and version.</p> +<p>The goal of reproducible builds can certainly be achieved in several ways, including to store all sources and used executables in a huge tarball (or docker container), which is preserved for rebuilders. The question of minimal trusted computing base and how such a container could be rebuild from sources in reproducible way are open.</p> +<p>The opam-repository is a community repository, where packages are released to on a daily basis by a lot of OCaml developers. Package dependencies usually only use lower bounds of other packages, and the continuous integration system of the opam repository takes care that upon API changes all reverse dependencies include the right upper bounds. Using the head commit of opam-repository usually leads to a working package universe.</p> +<p>For our MirageOS unikernels, we don't want to stay behind with ancient versions of libraries. That's why our automated building is done on a daily basis with the head commit of opam-repository. Since our unikernels are not part of the main opam repository (they include the configuration information which target to use, e.g. <em>hvt</em>), and we occasionally development versions of opam packages, we use <a href="https://git.robur.io/robur/unikernel-repo">the unikernel-repo</a> as overlay.</p> +<p>If no dependent package got a new release, the resulting binary has the same checksum. If any dependency was released with a newer release, this is picked up, and eventually the checksum changes.</p> +<p>Each unikernel (and non-unikernel) job (e.g. <a href="https://builds.robur.coop/job/dns-primary-git/build/latest/">dns-primary</a> outputs some artifacts:</p> +<ul> +<li>the <a href="https://builds.robur.coop/job/dns-primary-git/build/latest/f/bin/primary_git.hvt">binary image</a> (in <code>bin/</code>, unikernel image, OS package) +</li> +<li>the <a href="https://builds.robur.coop/job/dns-primary-git/build/latest/f/build-environment"><code>build-environment</code></a> containing the environment variables used for this build +</li> +<li>the <a href="https://builds.robur.coop/job/dns-primary-git/build/latest/f/system-packages"><code>system-packages</code></a> containing all packages installed on the host system +</li> +<li>the <a href="https://builds.robur.coop/job/dns-primary-git/build/latest/f/opam-switch"><code>opam-switch</code></a> that contains all opam packages, including git commit or tarball with checksum, and potentially extra patches, used for this build +</li> +<li>a job script and console output +</li> +</ul> +<p>To reproduce such a built, you need to get the same operating system (OS, OS_FAMILY, OS_DISTRIBUTION, OS_VERSION in build-environment), the same set of system packages, and then you can <code>orb rebuild</code> which sets the environment variables and installs the opam packages from the opam-switch.</p> +<p>You can <a href="https://builds.robur.coop/job/dns-primary-git/">browse</a> the different builds, and if there are checksum changes, you can browse to a diff between the opam switches to reason whether the checksum change was intentional (e.g. <a href="https://builds.robur.coop/compare/ba9ab091-9400-4e8d-ad37-cf1339114df8/23341f6b-cd26-48ab-9383-e71342455e81/opam-switch">here</a> the checksum of the unikernel changed when the x509 library was updated).</p> +<p>The opam reproducible build infrastructure is driven by:</p> +<ul> +<li><a href="https://github.com/roburio/orb">orb</a> conducting reproducible builds (<a href="https://builds.robur.coop/job/orb/">packages</a>) +</li> +<li><a href="https://github.com/roburio/builder">builder</a> scheduling builds in contained environments (<a href="https://builds.robur.coop/job/builder/">packages</a>) +</li> +<li><a href="https://git.robur.io/robur/builder-web">builder-web</a> storing builds in a database and providing a HTTP interface (<a href="https://builds.robur.coop/job/builder-web/">packages</a>) +</li> +</ul> +<p>These tools are themselves reproducible, and built on a daily basis. The infrastructure executing the build jobs installs the most recent packages of orb and builder before conducting a build. This means that our build infrastructure is reproducible as well, and uses the latest code when it is released.</p> +<h2>Conclusion</h2> +<p>Thanks to NGI funding we now have reproducible MirageOS binary builds available at <a href="https://builds.robur.coop">builds.robur.coop</a>. The underlying infrastructure is reproducible, available for multiple platforms (Ubuntu using docker, FreeBSD using jails), and can be easily bootstrapped from source (once you have OCaml and opam working, getting builder and orb should be easy). All components are open source software, mostly with permissive licenses.</p> +<p>We also have an index over sha-256 checksum of binaries - in the case you find a running unikernel image where you forgot which exact packages were used, you can do a reverse lookup.</p> +<p>We are aware that the web interface can be improved (PRs welcome). We will also work on the rebuilder setup and run some rebuilds.</p> +<p>Please reach out to us (at team AT robur DOT coop) if you have feedback and suggestions.</p> +urn:uuid:331831d8-6093-5dd7-9164-445afff953cbDeploying binary MirageOS unikernels2021-11-15T11:17:23-00:00hannes<p>Elliptic curves (ECDSA/ECDH) are supported in a maintainable and secure way.</p> +2021-04-23T13:33:06-00:00<h2>Introduction</h2> +<p>Tl;DR: mirage-crypto-ec, with x509 0.12.0, and tls 0.13.0, provide fast and secure elliptic curve support in OCaml and MirageOS - using the verified <a href="https://github.com/mit-plv/fiat-crypto/">fiat-crypto</a> stack (Coq to OCaml to executable which generates C code that is interfaced by OCaml). In x509, a long standing issue (countryName encoding), and archive (PKCS 12) format is now supported, in addition to EC keys. In tls, ECDH key exchanges are supported, and ECDSA and EdDSA certificates.</p> +<h2>Elliptic curve cryptography</h2> +<p><a href="https://mirage.io/blog/tls-1-3-mirageos">Since May 2020</a>, our <a href="https://usenix15.nqsb.io">OCaml-TLS</a> stack supports TLS 1.3 (since tls version 0.12.0 on opam).</p> +<p>TLS 1.3 requires elliptic curve cryptography - which was not available in <a href="https://github.com/mirage/mirage-crypto">mirage-crypto</a> (the maintained fork of <a href="https://github.com/mirleft/ocaml-nocrypto">nocrypto</a>).</p> +<p>There are two major uses of elliptic curves: <a href="https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman">key exchange (ECDH)</a> for establishing a shared secret over an insecure channel, and <a href="https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm">digital signature (ECDSA)</a> for authentication, integrity, and non-repudiation. (Please note that the construction of digital signatures on Edwards curves (Curve25519, Ed448) is called EdDSA instead of ECDSA.)</p> +<p>Elliptic curve cryptoraphy is <a href="https://eprint.iacr.org/2020/615">vulnerable</a> <a href="https://raccoon-attack.com/">to</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407">various</a> <a href="https://github.com/mimoo/timing_attack_ecdsa_tls">timing</a> <a href="https://minerva.crocs.fi.muni.cz/">attacks</a> - have a read of the <a href="https://blog.trailofbits.com/2020/06/11/ecdsa-handle-with-care/">overview article on ECDSA</a>. When implementing elliptic curve cryptography, it is best to avoid these known attacks. Gladly, there are some projects which address these issues by construction.</p> +<p>In addition, to use the code in MirageOS, it should be boring C code: no heap allocations, only using a very small amount of C library functions -- the code needs to be compiled in an environment with <a href="https://github.com/mirage/ocaml-freestanding/tree/v0.6.4/nolibc">nolibc</a>.</p> +<p>Two projects started in semantics, to solve the issue from the grounds up: <a href="https://github.com/mit-plv/fiat-crypto/">fiat-crypto</a> and <a href="https://github.com/project-everest/hacl-star/">hacl-star</a>: their approach is to use a proof system (<a href="https://coq.inria.fr">Coq</a> or <a href="https://www.fstar-lang.org/">F*</a> to verify that the code executes in constant time, not depending on data input. Both projects provide as output of their proof systems C code.</p> +<p>For our initial TLS 1.3 stack, <a href="https://github.com/pascutto/">Clément</a>, <a href="https://github.com/NathanReb/">Nathan</a> and <a href="https://github.com/emillon/">Etienne</a> developed <a href="https://github.com/mirage/fiat">fiat-p256</a> and <a href="https://github.com/mirage/hacl">hacl_x5519</a>. Both were one-shot interfaces for a narrow use case (ECDH for NIST P-256 and X25519), worked well for their purpose, and allowed to gather some experience from the development side.</p> +<h3>Changed requirements</h3> +<p>Revisiting our cryptography stack with the elliptic curve perspective had several reasons, on the one side the customer project <a href="https://www.nitrokey.com/products/nethsm">NetHSM</a> asked for feasibility of ECDSA/EdDSA for various elliptic curves, on the other side <a href="https://github.com/mirage/ocaml-dns/pull/251">DNSSec</a> uses elliptic curve cryptography (ECDSA), and also <a href="https://www.wireguard.com/">wireguard</a> relies on elliptic curve cryptography. The number of X.509 certificates using elliptic curves is increasing, and we don't want to leave our TLS stack in a state where it can barely talk to a growing number of services on the Internet.</p> +<p>Looking at <a href="https://github.com/project-everest/hacl-star/"><em>hacl-star</em></a>, their <a href="https://hacl-star.github.io/Supported.html">support</a> is limited to P-256 and Curve25519, any new curve requires writing F*. Another issue with hacl-star is C code quality: their C code does neither <a href="https://github.com/mirage/hacl/issues/46">compile with older C compilers (found on Oracle Linux 7 / CentOS 7)</a>, nor when enabling all warnings (&gt; 150 are generated). We consider the C compiler as useful resource to figure out undefined behaviour (and other problems), and when shipping C code we ensure that it compiles with <code>-Wall -Wextra -Wpedantic --std=c99 -Werror</code>. The hacl project <a href="https://github.com/mirage/hacl/tree/master/src/kremlin">ships</a> a bunch of header files and helper functions to work on all platforms, which is a clunky <code>ifdef</code> desert. The hacl approach is to generate a whole algorithm solution: from arithmetic primitives, group operations, up to cryptographic protocol - everything included.</p> +<p>In contrast, <a href="https://github.com/mit-plv/fiat-crypto/"><em>fiat-crypto</em></a> is a Coq development, which as part of compilation (proof verification) generates executables (via OCaml code extraction from Coq). These executables are used to generate modular arithmetic (as C code) given a curve description. The <a href="https://github.com/mirage/mirage-crypto/tree/main/ec/native">generated C code</a> is highly portable, independent of platform (word size is taken as input) - it only requires a <code>&lt;stdint.h&gt;</code>, and compiles with all warnings enabled (once <a href="https://github.com/mit-plv/fiat-crypto/pull/906">a minor PR</a> got merged). Supporting a new curve is simple: generate the arithmetic code using fiat-crypto with the new curve description. The downside is that group operations and protocol needs to implemented elsewhere (and is not part of the proven code) - gladly this is pretty straightforward to do, especially in high-level languages.</p> +<h3>Working with fiat-crypto</h3> +<p>As mentioned, our initial <a href="https://github.com/mirage/fiat">fiat-p256</a> binding provided ECDH for the NIST P-256 curve. Also, BoringSSL uses fiat-crypto for ECDH, and developed the code for group operations and cryptographic protocol on top of it.</p> +<p>The work needed was (a) ECDSA support and (b) supporting more curves (let's focus on NIST curves). For ECDSA, the algorithm requires modular arithmetics in the field of the group order (in addition to the prime). We generate these primitives with fiat-crypto (named <code>npYYY_AA</code>) - that required <a href="https://github.com/mit-plv/fiat-crypto/commit/e31a36d5f1b20134e67ccc5339d88f0ff3cb0f86">a small fix in decoding hex</a>. Fiat-crypto also provides inversion <a href="https://github.com/mit-plv/fiat-crypto/pull/670">since late October 2020</a>, <a href="https://eprint.iacr.org/2021/549">paper</a> - which allowed to reduce our code base taken from BoringSSL. The ECDSA protocol was easy to implement in OCaml using the generated arithmetics.</p> +<p>Addressing the issue of more curves was also easy to achieve, the C code (group operations) are macros that are instantiated for each curve - the OCaml code are functors that are applied with each curve description.</p> +<p>Thanks to the test vectors (as structured data) from <a href="https://github.com/google/wycheproof/">wycheproof</a> (and again thanks to Etienne, Nathan, and Clément for their OCaml code decodin them), I feel confident that our elliptic curve code works as desired.</p> +<p>What was left is X25519 and Ed25519 - dropping the hacl dependency entirely felt appealing (less C code to maintain from fewer projects). This turned out to require more C code, which we took from BoringSSL. It may be desirable to reduce the imported C code, or to wait until a project on top of fiat-crypto which provides proven cryptographic protocols is in a usable state.</p> +<p>To avoid performance degradation, I distilled some <a href="https://github.com/mirage/mirage-crypto/pull/107#issuecomment-799701703">X25519 benchmarks</a>, turns out the fiat-crypto and hacl performance is very similar.</p> +<h3>Achievements</h3> +<p>The new opam package <a href="https://mirage.github.io/mirage-crypto/doc/mirage-crypto-ec/Mirage_crypto_ec/index.html">mirage-crypto-ec</a> is released, which includes the C code generated by fiat-crypto (including <a href="https://github.com/mit-plv/fiat-crypto/pull/670">inversion</a>), <a href="https://github.com/mirage/mirage-crypto/blob/main/ec/native/point_operations.h">point operations</a> from BoringSSL, and some <a href="https://github.com/mirage/mirage-crypto/blob/main/ec/mirage_crypto_ec.ml">OCaml code</a> for invoking these functions and doing bounds checks, and whether points are on the curve. The OCaml code are some functors that take the curve description (consisting of parameters, C function names, byte length of value) and provide Diffie-Hellman (Dh) and digital signature algorithm (Dsa) modules. The nonce for ECDSA is computed deterministically, as suggested by <a href="https://tools.ietf.org/html/rfc6979">RFC 6979</a>, to avoid private key leakage.</p> +<p>The code has been developed in <a href="https://github.com/mirage/mirage-crypto/pull/101">NIST curves</a>, <a href="https://github.com/mirage/mirage-crypto/pull/106">removing blinding</a> (since we use operations that are verified to be constant-time), <a href="https://github.com/mirage/mirage-crypto/pull/108">added missing length checks</a> (reported by <a href="https://github.com/greg42">Greg</a>), <a href="https://github.com/mirage/mirage-crypto/pull/107">curve25519</a>, <a href="https://github.com/mirage/mirage-crypto/pull/117">a fix for signatures that do not span the entire byte size (discovered while adapting X.509)</a>, <a href="https://github.com/mirage/mirage-crypto/pull/118">fix X25519 when the input has offset &lt;&gt; 0</a>. It works on x86 and arm, both 32 and 64 bit (checked by CI). The development was partially sponsored by Nitrokey.</p> +<p>What is left to do, apart from further security reviews, is <a href="https://github.com/mirage/mirage-crypto/issues/109">performance improvements</a>, <a href="https://github.com/mirage/mirage-crypto/issues/112">Ed448/X448 support</a>, and <a href="https://github.com/mirage/mirage-crypto/issues/105">investigating deterministic k for P521</a>. Pull requests are welcome.</p> +<p>When you use the code, and encounter any issues, please <a href="https://github.com/mirage/mirage-crypto/issues">report them</a>.</p> +<h2>Layer up - X.509 now with ECDSA / EdDSA and PKCS 12 support, and a long-standing issue fixed</h2> +<p>With the sign and verify primitives, the next step is to interoperate with other tools that generate and use these public and private keys. This consists of serialisation to and deserialisation from common data formats (ASN.1 DER and PEM encoding), and support for handling X.509 certificates with elliptic curve keys. Since X.509 0.12.0, it supports EC private and public keys, including certificate validation and issuance.</p> +<p>Releasing X.509 also included to go through the issue tracker and attempt to solve the existing issues. This time, the <a href="https://github.com/mirleft/ocaml-x509/issues/69">&quot;country name is encoded as UTF8String, while RFC demands PrintableString&quot;</a> filed more than 5 years ago by <a href="https://github.com/reynir">Reynir</a>, re-reported by <a href="https://github.com/paurkedal">Petter</a> in early 2017, and again by <a href="https://github.com/NightBlues">Vadim</a> in late 2020, <a href="https://github.com/mirleft/ocaml-x509/pull/140">was fixed by Vadim</a>.</p> +<p>Another long-standing pull request was support for <a href="https://tools.ietf.org/html/rfc7292">PKCS 12</a>, the archive format for certificate and private key bundles. This has <a href="https://github.com/mirleft/ocaml-x509/pull/114">been developed and merged</a>. PKCS 12 is a widely used and old format (e.g. when importing / exporting cryptographic material in your browser, used by OpenVPN, ...). Its specification uses RC2 and 3DES (see <a href="https://unmitigatedrisk.com/?p=654">this nice article</a>), which are the default algorithms used by <code>openssl pkcs12</code>.</p> +<h2>One more layer up - TLS</h2> +<p>In TLS we are finally able to use ECDSA (and EdDSA) certificates and private keys, this resulted in slightly more complex configuration - the constraints between supported groups, signature algorithms, ciphersuite, and certificates are intricate:</p> +<p>The ciphersuite (in TLS before 1.3) specifies which key exchange mechanism to use, but also which signature algorithm to use (RSA/ECDSA). The supported groups client hello extension specifies which elliptic curves are supported by the client. The signature algorithm hello extension (TLS 1.2 and above) specifies the signature algorithm. In the end, at load time the TLS configuration is validated and groups, ciphersuites, and signature algorithms are condensed depending on configured server certificates. At session initiation time, once the client reports what it supports, these parameters are further cut down to eventually find some suitable cryptographic parameters for this session.</p> +<p>From the user perspective, earlier the certificate bundle and private key was a pair of <code>X509.Certificate.t list</code> and <code>Mirage_crypto_pk.Rsa.priv</code>, now the second part is a <code>X509.Private_key.t</code> - all provided constructors have been updates (notably <code>X509_lwt.private_of_pems</code> and <code>Tls_mirage.X509.certificate</code>).</p> +<h2>Finally, conduit and mirage</h2> +<p>Thanks to <a href="https://github.com/dinosaure">Romain</a>, conduit* 4.0.0 was released which supports the modified API of X.509 and TLS. Romain also developed patches and released mirage 3.10.3 which supports the above mentioned work.</p> +<h2>Conclusion</h2> +<p>Elliptic curve cryptography is now available in OCaml using verified cryptographic primitives from the fiat-crypto project - <code>opam install mirage-crypto-ec</code>. X.509 since 0.12.0 and TLS since 0.13.0 and MirageOS since 3.10.3 support this new development which gives rise to smaller EC keys. Our old bindings, fiat-p256 and hacl_x25519 have been archived and will no longer be maintained.</p> +<p>Thanks to everyone involved on this journey: reporting issues, sponsoring parts of the work, helping with integration, developing initial prototypes, and keep motivating me to continue this until the release is done.</p> +<p>In the future, it may be possible to remove zarith and gmp from the dependency chain, and provide EC-only TLS servers and clients for MirageOS. The benefit will be much less C code (libgmp-freestanding.a is 1.5MB in size) in our trusted code base.</p> +<p>Another potential project that is very close now is a certificate authority developed in MirageOS - now that EC keys, PKCS 12, revocation lists, ... are implemented.</p> +<h2>Footer</h2> +<p>If you want to support our work on MirageOS unikernels, please <a href="https://robur.coop/Donate">donate to robur</a>. I'm interested in feedback, either via <a href="https://twitter.com/h4nnes">twitter</a>, <a href="https://mastodon.social/@hannesm">hannesm@mastodon.social</a> or via eMail.</p> +urn:uuid:16427713-5da1-50cd-b17c-ca5b5cca431dCryptography updates in OCaml and MirageOS2021-11-19T18:04:52-00:00hannes<p>Home office, MirageOS unikernels, 2020 recap, 2021 tbd</p> +2021-01-25T12:45:54-00:00<h2>Introduction</h2> +<p>2020 was an intense year. I hope you're healthy and keep being healthy. I am privileged (as lots of software engineers and academics are) to be able to work from home during the pandemic. Let's not forget people in less privileged situations, and let’s try to give them as much practical, psychological and financial support as we can these days. And as much joy as possible to everyone around :)</p> +<p>I cancelled the autumn MirageOS retreat due to the pandemic. Instead I collected donations for our hosts in Marrakech - they were very happy to receive our financial support, since they had a difficult year, since their income is based on tourism. I hope that in autumn 2021 we'll have an on-site retreat again.</p> +<p>For 2021, we (at <a href="https://robur.coop">robur</a>) got a grant from the EU (via <a href="https://pointer.ngi.eu">NGI pointer</a>) for &quot;Deploying MirageOS&quot; (more details below), and another grant from <a href="https://ocaml-sf.org">OCaml software foundation</a> for securing the opam supply chain (using <a href="https://github.com/hannesm/conex">conex</a>). Some long-awaited releases for MirageOS libraries, namely a <a href="https://discuss.ocaml.org/t/ann-first-release-of-awa-ssh">ssh implementation</a> and a rewrite of our <a href="https://discuss.ocaml.org/t/ann-release-of-ocaml-git-v3-0-duff-encore-decompress-etc/">git implementation</a> have already been published.</p> +<p>With my MirageOS view, 2020 was a pretty successful year, where we managed to add more features, fixed lots of bugs, and paved the road ahead. I want to thank <a href="https://ocamllabs.io/">OCamlLabs</a> for funding work on MirageOS maintenance.</p> +<h2>Recap 2020</h2> +<p>Here is a very subjective random collection of accomplishments in 2020, where I was involved with some degree.</p> +<h3>NetHSM</h3> +<p><a href="https://www.nitrokey.com/products/nethsm">NetHSM</a> is a hardware security module in software. It is a product that uses MirageOS for security, and is based on the <a href="https://muen.sk">muen</a> separation kernel. We at <a href="https://robur.coop">robur</a> were heavily involved in this product. It already has been security audited by an external team. You can pre-order it from Nitrokey.</p> +<h3>TLS 1.3</h3> +<p>Dating back to 2016, at the <a href="https://www.ndss-symposium.org/ndss2016/tron-workshop-programme/">TRON</a> (TLS 1.3 Ready or NOt), we developed a first draft of a 1.3 implementation of <a href="https://github.com/mirleft/ocaml-tls">OCaml-TLS</a>. Finally in May 2020 we got our act together, including ECC (ECDH P256 from <a href="https://github.com/mit-plv/fiat-crypto/">fiat-crypto</a>, X25519 from <a href="https://project-everest.github.io/">hacl</a>) and testing with <a href="https://github.com/tlsfuzzer/tlsfuzzer">tlsfuzzer</a>, and release tls 0.12.0 with TLS 1.3 support. Later we added <a href="https://github.com/mirleft/ocaml-tls/pull/414">ECC ciphersuites to TLS version 1.2</a>, implemented <a href="https://github.com/mirleft/ocaml-tls/pull/414">ChaCha20/Poly1305</a>, and fixed an <a href="https://github.com/mirleft/ocaml-tls/pull/424">interoperability issue with Go's implementation</a>.</p> +<p><a href="https://github.com/mirage/mirage-crypto">Mirage-crypto</a> provides the underlying cryptographic primitives, initially released in March 2020 as a fork of <a href="https://github.com/mirleft/ocaml-nocrypto">nocrypto</a> -- huge thanks to <a href="https://github.com/pqwy">pqwy</a> for his great work. Mirage-crypto detects <a href="https://github.com/mirage/mirage-crypto/pull/53">CPU features at runtime</a> (thanks to <a href="https://github.com/Julow">Julow</a>) (<a href="https://github.com/mirage/mirage-crypto/pull/96">bugfix for bswap</a>), using constant time modular exponentation (powm_sec) and hardens against Lenstra's CRT attack, supports <a href="https://github.com/mirage/mirage-crypto/pull/39">compilation on Windows</a> (thanks to <a href="https://github.com/avsm">avsm</a>), <a href="https://github.com/mirage/mirage-crypto/pull/90">async entropy harvesting</a> (thanks to <a href="https://github.com/seliopou">seliopou</a>), <a href="https://github.com/mirage/mirage-crypto/pull/65">32 bit support</a>, <a href="https://github.com/mirage/mirage-crypto/pull/72">chacha20/poly1305</a> (thanks to <a href="https://github.com/abeaumont">abeaumont</a>), <a href="https://github.com/mirage/mirage-crypto/pull/84">cross-compilation</a> (thanks to <a href="https://github.com/EduardoRFS">EduardoRFS</a>) and <a href="https://github.com/mirage/mirage-crypto/pull/78">various</a> <a href="https://github.com/mirage/mirage-crypto/pull/81">bug</a> <a href="https://github.com/mirage/mirage-crypto/pull/83">fixes</a>, even <a href="https://github.com/mirage/mirage-crypto/pull/95">memory leak</a> (thanks to <a href="https://github.com/talex5">talex5</a> for reporting several of these issues), and <a href="https://github.com/mirage/mirage-crypto/pull/99">RSA</a> <a href="https://github.com/mirage/mirage-crypto/pull/100">interoperability</a> (thanks to <a href="https://github.com/psafont">psafont</a> for investigation and <a href="https://github.com/mattjbray">mattjbray</a> for reporting). This library feels very mature now - being used by multiple stakeholders, and lots of issues have been fixed in 2020.</p> +<h3>Qubes Firewall</h3> +<p>The <a href="https://github.com/mirage/qubes-mirage-firewall/">MirageOS based Qubes firewall</a> is the most widely used MirageOS unikernel. And it got major updates: in May <a href="https://github.com/linse">Steffi</a> <a href="https://groups.google.com/g/qubes-users/c/Xzplmkjwa5Y">announced</a> her and <a href="https://github.com/yomimono">Mindy's</a> work on improving it for Qubes 4.0 - including <a href="https://www.qubes-os.org/doc/vm-interface/#firewall-rules-in-4x">dynamic firewall rules via QubesDB</a>. Thanks to <a href="https://prototypefund.de/project/portable-firewall-fuer-qubesos/">prototypefund</a> for sponsoring.</p> +<p>In October 2020, we released <a href="https://mirage.io/blog/announcing-mirage-39-release">Mirage 3.9</a> with PVH virtualization mode (thanks to <a href="https://github.com/mato">mato</a>). There's still a <a href="https://github.com/mirage/qubes-mirage-firewall/issues/120">memory leak</a> to be investigated and fixed.</p> +<h3>IPv6</h3> +<p>In December, with <a href="https://mirage.io/blog/announcing-mirage-310-release">Mirage 3.10</a> we got the IPv6 code up and running. Now MirageOS unikernels have a dual stack available, besides IPv4-only and IPv6-only network stacks. Thanks to <a href="https://github.com/nojb">nojb</a> for the initial code and <a href="https://github.com/MagnusS">MagnusS</a>.</p> +<p>Turns out this blog, but also robur services, are now available via IPv6 :)</p> +<h3>Albatross</h3> +<p>Also in December, I pushed an initial release of <a href="https://github.com/roburio/albatross">albatross</a>, a unikernel orchestration system with remote access. <em>Deploy your unikernel via a TLS handshake -- the unikernel image is embedded in the TLS client certificates.</em></p> +<p>Thanks to <a href="https://github.com/reynir">reynir</a> for statistics support on Linux and improvements of the systemd service scripts. Also thanks to <a href="https://github.com/cfcs">cfcs</a> for the initial Linux port.</p> +<h3>CA certs</h3> +<p>For several years I postponed the problem of how to actually use the operating system trust anchors for OCaml-TLS connections. Thanks to <a href="https://github.com/emillon">emillon</a> for initial code, there are now <a href="https://github.com/mirage/ca-certs">ca-certs</a> and <a href="https://github.com/mirage/ca-certs-nss">ca-certs-nss</a> opam packages (see <a href="https://discuss.ocaml.org/t/ann-ca-certs-and-ca-certs-nss">release announcement</a>) which fills this gap.</p> +<h2>Unikernels</h2> +<p>I developed several useful unikernels in 2020, and also pushed <a href="https://mirage.io/wiki/gallery">a unikernel gallery</a> to the Mirage website:</p> +<h3>Traceroute in MirageOS</h3> +<p>I already wrote about <a href="/Posts/Traceroute">traceroute</a> which traces the routing to a given remote host.</p> +<h3>Unipi - static website hosting</h3> +<p><a href="https://github.com/roburio/unipi">Unipi</a> is a static site webserver which retrieves the content from a remote git repository. Let's encrypt certificate provisioning and dynamic updates via a webhook to be executed for every push.</p> +<h4>TLSTunnel - TLS demultiplexing</h4> +<p>The physical machine this blog and other robur infrastructure runs on has been relocated from Sweden to Germany mid-December. Thanks to UPS! Fewer IPv4 addresses are available in the new data center, which motivated me to develop <a href="https://github.com/roburio/tlstunnel">tlstunnel</a>.</p> +<p>The new behaviour is as follows (see the <code>monitoring</code> branch):</p> +<ul> +<li>listener on TCP port 80 which replies with a permanent redirect to <code>https</code> +</li> +<li>listener on TCP port 443 which forwards to a backend host if the requested server name is configured +</li> +<li>its configuration is stored on a block device, and can be dynamically changed (with a custom protocol authenticated with a HMAC) +</li> +<li>it is setup to hold a wildcard TLS certificate and in DNS a wildcard entry is pointing to it +</li> +<li>setting up a new service is very straightforward: only the new name needs to be registered with tlstunnel together with the TCP backend, and everything will just work +</li> +</ul> +<h2>2021</h2> +<p>The year started with a release of <a href="https://discuss.ocaml.org/t/ann-first-release-of-awa-ssh">awa</a>, a SSH implementation in OCaml (thanks to <a href="https://github.com/haesbaert">haesbaert</a> for initial code). This was followed by a <a href="https://discuss.ocaml.org/t/ann-release-of-ocaml-git-v3-0-duff-encore-decompress-etc/">git 3.0 release</a> (thanks to <a href="https://github.com/dinosaure">dinosaure</a>).</p> +<h3>Deploying MirageOS - NGI Pointer</h3> +<p>For 2021 we at robur received funding from the EU (via <a href="https://pointer.ngi.eu/">NGI pointer</a>) for &quot;Deploying MirageOS&quot;, which boils down into three parts:</p> +<ul> +<li>reproducible binary releases of MirageOS unikernels, +</li> +<li>monitoring (and other devops features: profiling) and integration into existing infrastructure, +</li> +<li>and further documentation and advertisement. +</li> +</ul> +<p>Of course this will all be available open source. Please get in touch via eMail (team aT robur dot coop) if you're eager to integrate MirageOS unikernels into your infrastructure.</p> +<p>We discovered at an initial meeting with an infrastructure provider that a DNS resolver is of interest - even more now that dnsmasq suffered from <a href="https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf">dnspooq</a>. We are already working on an <a href="https://github.com/mirage/ocaml-dns/pull/251">implementation of DNSSec</a>.</p> +<p>MirageOS unikernels are binary reproducible, and <a href="https://github.com/rjbou/orb/pull/1">infrastructure tools are available</a>. We are working hard on a web interface (and REST API - think of it as &quot;Docker Hub for MirageOS unikernels&quot;), and more tooling to verify reproducibility.</p> +<h3>Conex - securing the supply chain</h3> +<p>Another funding from the <a href="http://ocaml-sf.org/">OCSF</a> is to continue development and deploy <a href="https://github.com/hannesm/conex">conex</a> - to bring trust into opam-repository. This is a great combination with the reproducible build efforts, and will bring much more trust into retrieving OCaml packages and using MirageOS unikernels.</p> +<h3>MirageOS 4.0</h3> +<p>Mirage so far still uses ocamlbuild and ocamlfind for compiling the virtual machine binary. But the switch to dune is <a href="https://github.com/mirage/mirage/issues/1195">close</a>, a lot of effort has been done. This will make the developer experience of MirageOS much more smooth, with a per-unikernel monorepo workflow where you can push your changes to the individual libraries.</p> +<h2>Footer</h2> +<p>If you want to support our work on MirageOS unikernels, please <a href="https://robur.coop/Donate">donate to robur</a>. I'm interested in feedback, either via <a href="https://twitter.com/h4nnes">twitter</a>, <a href="https://mastodon.social/@hannesm">hannesm@mastodon.social</a> or via eMail.</p> +urn:uuid:bc7675a5-47d0-5ce1-970c-01ed07fdf404The road ahead for MirageOS in 20212021-11-19T18:04:52-00:00hannes<p>A MirageOS unikernel which traces the path between itself and a remote host.</p> +2020-06-24T10:38:10-00:00<h2>Traceroute</h2> +<p>Is a diagnostic utility which displays the route and measures transit delays of +packets across an Internet protocol (IP) network.</p> +<pre><code class="language-bash">$ doas solo5-hvt --net:service=tap0 -- traceroute.hvt --ipv4=10.0.42.2/24 --ipv4-gateway=10.0.42.1 --host=198.167.222.207 + | ___| + __| _ \ | _ \ __ \ +\__ \ ( | | ( | ) | +____/\___/ _|\___/____/ +Solo5: Bindings version v0.6.5 +Solo5: Memory map: 512 MB addressable: +Solo5: reserved @ (0x0 - 0xfffff) +Solo5: text @ (0x100000 - 0x212fff) +Solo5: rodata @ (0x213000 - 0x24bfff) +Solo5: data @ (0x24c000 - 0x317fff) +Solo5: heap &gt;= 0x318000 &lt; stack &lt; 0x20000000 +2020-06-22 15:41:25 -00:00: INF [netif] Plugging into service with mac 76:9b:36:e0:e5:74 mtu 1500 +2020-06-22 15:41:25 -00:00: INF [ethernet] Connected Ethernet interface 76:9b:36:e0:e5:74 +2020-06-22 15:41:25 -00:00: INF [ARP] Sending gratuitous ARP for 10.0.42.2 (76:9b:36:e0:e5:74) +2020-06-22 15:41:25 -00:00: INF [udp] UDP interface connected on 10.0.42.2 +2020-06-22 15:41:25 -00:00: INF [application] 1 10.0.42.1 351us +2020-06-22 15:41:25 -00:00: INF [application] 2 192.168.42.1 1.417ms +2020-06-22 15:41:25 -00:00: INF [application] 3 192.168.178.1 1.921ms +2020-06-22 15:41:25 -00:00: INF [application] 4 88.72.96.1 16.716ms +2020-06-22 15:41:26 -00:00: INF [application] 5 * +2020-06-22 15:41:27 -00:00: INF [application] 6 92.79.215.112 16.794ms +2020-06-22 15:41:27 -00:00: INF [application] 7 145.254.2.215 21.305ms +2020-06-22 15:41:27 -00:00: INF [application] 8 145.254.2.217 22.05ms +2020-06-22 15:41:27 -00:00: INF [application] 9 195.89.99.1 21.088ms +2020-06-22 15:41:27 -00:00: INF [application] 10 62.115.9.133 20.105ms +2020-06-22 15:41:27 -00:00: INF [application] 11 213.155.135.82 30.861ms +2020-06-22 15:41:27 -00:00: INF [application] 12 80.91.246.200 30.716ms +2020-06-22 15:41:27 -00:00: INF [application] 13 80.91.253.163 28.315ms +2020-06-22 15:41:27 -00:00: INF [application] 14 62.115.145.27 30.436ms +2020-06-22 15:41:27 -00:00: INF [application] 15 80.67.4.239 42.826ms +2020-06-22 15:41:27 -00:00: INF [application] 16 80.67.10.147 47.213ms +2020-06-22 15:41:27 -00:00: INF [application] 17 198.167.222.207 48.598ms +Solo5: solo5_exit(0) called +</code></pre> +<p>This means with a traceroute utility you can investigate which route is taken +to a destination host, and what the round trip time(s) on the path are. The +sample output above is taken from a virtual machine on my laptop to the remote +host 198.167.222.207. You can see there are 17 hops between us, with the first +being my laptop with a tiny round trip time of 351us, the second and third are +using private IP addresses, and are my home network. The round trip time of the +fourth hop is much higher, this is the first hop on the other side of my DSL +modem. You can see various hops on the public Internet: the packets pass from +my Internet provider's backbone across some exchange points to the destination +Internet provider somewhere in Sweden.</p> +<p>The implementation of traceroute relies mainly on the time-to-live (ttl) field +(in IPv6 lingua it is &quot;hop limit&quot;) of IP packets, which is meant to avoid route +cycles that would infinitely forward IP packets in circles. Every router, when +forwarding an IP packet, first checks that the ttl field is greater than zero, +and then forwards the IP packet where the ttl is decreased by one. If the ttl +field is zero, instead of forwarding, an ICMP time exceeded packet is sent back +to the source.</p> +<p>Traceroute works by exploiting this mechanism: a series of IP packets with +increasing ttls is sent to the destination. Since upfront the length of the +path is unknown, it is a reactive system: first send an IP packet with a ttl of +one, if a ICMP time exceeded packet is returned, send an IP packet with a ttl of +two, etc. -- until an ICMP packet of type destination unreachable is received. +Since some hosts do not reply with a time exceeded message, it is crucial for +not getting stuck to use a timeout for each packet: when the timeout is reached, +an IP packet with an increased ttl is sent and an unknown for the ttl is +printed (see the fifth hop in the example above).</p> +<p>The packets send out are conventionally UDP packets without payload. From a +development perspective, one question is how to correlate the ICMP packet +with the sent UDP packet. Conveniently, ICMP packets contain the IP header and +the first eight bytes of the next protocol - the UDP header containing source +port, destination port, checksum, and payload length (each fields of size two +bytes). This means when we record the outgoing ports together with the sent +timestamp, and correlate the later received ICMP packet to the sent packet. +Great.</p> +<p>But as a functional programmer, let's figure whether we can abolish the +(globally shared) state. Since the ICMP packet contains the original IP +header and the first eight bytes of the UDP header, this is where we will +embed data. As described above, the data is the sent timestamp and the value +of the ttl field. For the latter, we can arbitrarily restrict it to 31 (5 bits). +For the timestamp, it is mainly a question about precision and maximum expected +round trip time. Taking the source and destination port are 32 bits, using 5 for +ttl, remaining are 27 bits (an unsigned value up to 134217727). Looking at the +decimal representation, 1 second is likely too small, 13 seconds are sufficient +for the round trip time measurement. This implies our precision is 100ns, by +counting the digits.</p> +<p>Finally to the code. First we need forth and back conversions between ports +and ttl, timestamp:</p> +<pre><code class="language-OCaml">(* takes a time-to-live (int) and timestamp (int64, nanoseconda), encodes them + into 16 bit source port and 16 bit destination port: + - the timestamp precision is 100ns (thus, it is divided by 100) + - use the bits 27-11 of the timestamp as source port + - use the bits 11-0 as destination port, and 5 bits of the ttl +*) +let ports_of_ttl_ts ttl ts = + let ts = Int64.div ts 100L in + let src_port = 0xffff land (Int64.(to_int (shift_right ts 11))) + and dst_port = 0xffe0 land (Int64.(to_int (shift_left ts 5))) lor (0x001f land ttl) + in + src_port, dst_port + +(* inverse operation of ports_of_ttl_ts for the range (src_port and dst_port + are 16 bit values) *) +let ttl_ts_of_ports src_port dst_port = + let ttl = 0x001f land dst_port in + let ts = + let low = Int64.of_int (dst_port lsr 5) + and high = Int64.(shift_left (of_int src_port) 11) + in + Int64.add low high + in + let ts = Int64.mul ts 100L in + ttl, ts +</code></pre> +<p>They should be inverse over the range of valid input: ports are 16 bit numbers, +ttl expected to be at most 31, ts a int64 expressed in nanoseconds.</p> +<p>Related is the function to print out one hop and round trip measurement:</p> +<pre><code class="language-OCaml">(* write a log line of a hop: the number, IP address, and round trip time *) +let log_one now ttl sent ip = + let now = Int64.(mul (logand (div now 100L) 0x7FFFFFFL) 100L) in + let duration = Mtime.Span.of_uint64_ns (Int64.sub now sent) in + Logs.info (fun m -&gt; m &quot;%2d %a %a&quot; ttl Ipaddr.V4.pp ip Mtime.Span.pp duration) +</code></pre> +<p>The most logic is when a ICMP packet is received:</p> +<pre><code class="language-OCaml">module Icmp = struct + type t = { + send : int -&gt; unit Lwt.t ; + log : int -&gt; int64 -&gt; Ipaddr.V4.t -&gt; unit ; + task_done : unit Lwt.u ; + } + + let connect send log task_done = + let t = { send ; log ; task_done } in + Lwt.return t + + (* This is called for each received ICMP packet. *) + let input t ~src ~dst buf = + let open Icmpv4_packet in + (* Decode the received buffer (the IP header has been cut off already). *) + match Unmarshal.of_cstruct buf with + | Error s -&gt; + Lwt.fail_with (Fmt.strf &quot;ICMP: error parsing message from %a: %s&quot; Ipaddr.V4.pp src s) + | Ok (message, payload) -&gt; + let open Icmpv4_wire in + (* There are two interesting cases: Time exceeded (-&gt; send next packet), + and Destination (port) unreachable (-&gt; we reached the final host and can exit) *) + match message.ty with + | Time_exceeded -&gt; + (* Decode the payload, which should be an IPv4 header and a protocol header *) + begin match Ipv4_packet.Unmarshal.header_of_cstruct payload with + | Ok (pkt, off) when + (* Ensure this packet matches our sent packet: the protocol is UDP + and the destination address is the host we're tracing *) + pkt.Ipv4_packet.proto = Ipv4_packet.Marshal.protocol_to_int `UDP &amp;&amp; + Ipaddr.V4.compare pkt.Ipv4_packet.dst (Key_gen.host ()) = 0 -&gt; + let src_port = Cstruct.BE.get_uint16 payload off + and dst_port = Cstruct.BE.get_uint16 payload (off + 2) + in + (* Retrieve ttl and sent timestamp, encoded in the source port and + destination port of the UDP packet we sent, and received back as + ICMP payload. *) + let ttl, sent = ttl_ts_of_ports src_port dst_port in + (* Log this hop. *) + t.log ttl sent src; + (* Sent out the next UDP packet with an increased ttl. *) + let ttl' = succ ttl in + Logs.debug (fun m -&gt; m &quot;ICMP time exceeded from %a to %a, now sending with ttl %d&quot; + Ipaddr.V4.pp src Ipaddr.V4.pp dst ttl'); + t.send ttl' + | Ok (pkt, _) -&gt; + (* Some stray ICMP packet. *) + Logs.debug (fun m -&gt; m &quot;unsolicited time exceeded from %a to %a (proto %X dst %a)&quot; + Ipaddr.V4.pp src Ipaddr.V4.pp dst pkt.Ipv4_packet.proto Ipaddr.V4.pp pkt.Ipv4_packet.dst); + Lwt.return_unit + | Error e -&gt; + (* Decoding error. *) + Logs.warn (fun m -&gt; m &quot;couldn't parse ICMP time exceeded payload (IPv4) (%a -&gt; %a) %s&quot; + Ipaddr.V4.pp src Ipaddr.V4.pp dst e); + Lwt.return_unit + end + | Destination_unreachable when Ipaddr.V4.compare src (Key_gen.host ()) = 0 -&gt; + (* We reached the final host, and the destination port was not listened to *) + begin match Ipv4_packet.Unmarshal.header_of_cstruct payload with + | Ok (_, off) -&gt; + let src_port = Cstruct.BE.get_uint16 payload off + and dst_port = Cstruct.BE.get_uint16 payload (off + 2) + in + (* Retrieve ttl and sent timestamp. *) + let ttl, sent = ttl_ts_of_ports src_port dst_port in + (* Log the final hop. *) + t.log ttl sent src; + (* Wakeup the waiter task to exit the unikernel. *) + Lwt.wakeup t.task_done (); + Lwt.return_unit + | Error e -&gt; + (* Decoding error. *) + Logs.warn (fun m -&gt; m &quot;couldn't parse ICMP unreachable payload (IPv4) (%a -&gt; %a) %s&quot; + Ipaddr.V4.pp src Ipaddr.V4.pp dst e); + Lwt.return_unit + end + | ty -&gt; + Logs.debug (fun m -&gt; m &quot;ICMP unknown ty %s from %a to %a: %a&quot; + (ty_to_string ty) Ipaddr.V4.pp src Ipaddr.V4.pp dst + Cstruct.hexdump_pp payload); + Lwt.return_unit +end +</code></pre> +<p>Now, the remaining main unikernel is the module <code>Main</code>:</p> +<pre><code class="language-OCaml">module Main (R : Mirage_random.S) (M : Mirage_clock.MCLOCK) (Time : Mirage_time.S) (N : Mirage_net.S) = struct + module ETH = Ethernet.Make(N) + module ARP = Arp.Make(ETH)(Time) + module IPV4 = Static_ipv4.Make(R)(M)(ETH)(ARP) + module UDP = Udp.Make(IPV4)(R) + + (* Global mutable state: the timeout task for a sent packet. *) + let to_cancel = ref None + + (* Send a single packet with the given time to live. *) + let rec send_udp udp ttl = + (* This is called by the ICMP handler which successfully received a + time exceeded, thus we cancel the timeout task. *) + (match !to_cancel with + | None -&gt; () + | Some t -&gt; Lwt.cancel t ; to_cancel := None); + (* Our hop limit is 31 - 5 bit - should be sufficient for most networks. *) + if ttl &gt; 31 then + Lwt.return_unit + else + (* Create a timeout task which: + - sleeps for --timeout interval + - logs an unknown hop + - sends another packet with increased ttl + *) + let cancel = + Lwt.catch (fun () -&gt; + Time.sleep_ns (Duration.of_ms (Key_gen.timeout ())) &gt;&gt;= fun () -&gt; + Logs.info (fun m -&gt; m &quot;%2d *&quot; ttl); + send_udp udp (succ ttl)) + (function Lwt.Canceled -&gt; Lwt.return_unit | exc -&gt; Lwt.fail exc) + in + (* Assign this timeout task. *) + to_cancel := Some cancel; + (* Figure out which source and destination port to use, based on ttl + and current timestamp. *) + let src_port, dst_port = ports_of_ttl_ts ttl (M.elapsed_ns ()) in + (* Send packet via UDP. *) + UDP.write ~ttl ~src_port ~dst:(Key_gen.host ()) ~dst_port udp Cstruct.empty &gt;&gt;= function + | Ok () -&gt; Lwt.return_unit + | Error e -&gt; Lwt.fail_with (Fmt.strf &quot;while sending udp frame %a&quot; UDP.pp_error e) + + (* The main unikernel entry point. *) + let start () () () net = + let cidr = Key_gen.ipv4 () + and gateway = Key_gen.ipv4_gateway () + in + let log_one = fun port ip -&gt; log_one (M.elapsed_ns ()) port ip + (* Create a task to wait on and a waiter to wakeup. *) + and t, w = Lwt.task () + in + (* Setup network stack: ethernet, ARP, IPv4, UDP, and ICMP. *) + ETH.connect net &gt;&gt;= fun eth -&gt; + ARP.connect eth &gt;&gt;= fun arp -&gt; + IPV4.connect ~cidr ~gateway eth arp &gt;&gt;= fun ip -&gt; + UDP.connect ip &gt;&gt;= fun udp -&gt; + let send = send_udp udp in + Icmp.connect send log_one w &gt;&gt;= fun icmp -&gt; + + (* The callback cascade for an incoming network packet. *) + let ethif_listener = + ETH.input + ~arpv4:(ARP.input arp) + ~ipv4:( + IPV4.input + ~tcp:(fun ~src:_ ~dst:_ _ -&gt; Lwt.return_unit) + ~udp:(fun ~src:_ ~dst:_ _ -&gt; Lwt.return_unit) + ~default:(fun ~proto ~src ~dst buf -&gt; + match proto with + | 1 -&gt; Icmp.input icmp ~src ~dst buf + | _ -&gt; Lwt.return_unit) + ip) + ~ipv6:(fun _ -&gt; Lwt.return_unit) + eth + in + (* Start the callback in a separate asynchronous task. *) + Lwt.async (fun () -&gt; + N.listen net ~header_size:Ethernet_wire.sizeof_ethernet ethif_listener &gt;|= function + | Ok () -&gt; () + | Error e -&gt; Logs.err (fun m -&gt; m &quot;netif error %a&quot; N.pp_error e)); + (* Send the initial UDP packet with a ttl of 1. This entails the domino + effect to receive ICMP packets, send out another UDP packet with ttl + increased by one, etc. - until a destination unreachable is received, + or the hop limit is reached. *) + send 1 &gt;&gt;= fun () -&gt; + t +end +</code></pre> +<p>The configuration (<code>config.ml</code>) for this unikernel is as follows:</p> +<pre><code class="language-OCaml">open Mirage + +let host = + let doc = Key.Arg.info ~doc:&quot;The host to trace.&quot; [&quot;host&quot;] in + Key.(create &quot;host&quot; Arg.(opt ipv4_address (Ipaddr.V4.of_string_exn &quot;141.1.1.1&quot;) doc)) + +let timeout = + let doc = Key.Arg.info ~doc:&quot;Timeout (in millisecond)&quot; [&quot;timeout&quot;] in + Key.(create &quot;timeout&quot; Arg.(opt int 1000 doc)) + +let ipv4 = + let doc = Key.Arg.info ~doc:&quot;IPv4 address&quot; [&quot;ipv4&quot;] in + Key.(create &quot;ipv4&quot; Arg.(required ipv4 doc)) + +let ipv4_gateway = + let doc = Key.Arg.info ~doc:&quot;IPv4 gateway&quot; [&quot;ipv4-gateway&quot;] in + Key.(create &quot;ipv4-gateway&quot; Arg.(required ipv4_address doc)) + +let main = + let packages = [ + package ~sublibs:[&quot;ipv4&quot;; &quot;udp&quot;; &quot;icmpv4&quot;] &quot;tcpip&quot;; + package &quot;ethernet&quot;; + package &quot;arp-mirage&quot;; + package &quot;mirage-protocols&quot;; + package &quot;mtime&quot;; + ] in + foreign + ~keys:[Key.abstract ipv4 ; Key.abstract ipv4_gateway ; Key.abstract host ; Key.abstract timeout] + ~packages + &quot;Unikernel.Main&quot; + (random @-&gt; mclock @-&gt; time @-&gt; network @-&gt; job) + +let () = + register &quot;traceroute&quot; + [ main $ default_random $ default_monotonic_clock $ default_time $ default_network ] +</code></pre> +<p>And voila, that's all the code. If you copy it together (or download the two +files from <a href="https://github.com/roburio/traceroute">the GitHub repository</a>), +and have OCaml, opam, and <a href="https://mirage.io/wiki/install">mirage (&gt;= 3.8.0)</a> installed, +you should be able to:</p> +<pre><code class="language-bash">$ mirage configure -t hvt +$ make depend +$ make +$ solo5-hvt --net:service=tap0 -- traceroute.hvt ... +... get the output shown at top ... +</code></pre> +<p>Enhancements may be to use a different protocol (TCP? or any other protocol ID (may be used to encode more information), encode data into IPv4 ID, or the full 8 bytes of the upper protocol), encrypt/authenticate the data transmitted (and verify it has not been tampered with in the ICMP reply), improve error handling and recovery, send multiple packets for improved round trip time measurements, ...</p> +<p>If you develop enhancements you'd like to share, please sent a pull request to the git repository.</p> +<p>Motivation for this traceroute unikernel was while talking with <a href="https://twitter.com/networkservice">Aaron</a> and <a href="https://github.com/phaer">Paul</a>, who contributed several patches to the IP stack which pass the ttl through.</p> +<p>If you want to support our work on MirageOS unikernels, please <a href="https://robur.coop/Donate">donate to robur</a>. I'm interested in feedback, either via <a href="https://twitter.com/h4nnes">twitter</a>, <a href="https://mastodon.social/@hannesm">hannesm@mastodon.social</a> or via eMail.</p> +urn:uuid:ed3036f6-83d2-5e80-b3da-4ccbedb5ae9eTraceroute2021-11-19T18:04:52-00:00hannes<p>A tutorial how to deploy authoritative name servers, let's encrypt, and updating entries from unix services.</p> +2019-12-23T21:30:53-00:00<h2>Goal</h2> +<p>Have your domain served by OCaml-DNS authoritative name servers. Data is stored in a git remote, and let's encrypt certificates can be requested to DNS. This software is deployed since more than two years for several domains such as <code>nqsb.io</code> and <code>robur.coop</code>. This present the authoritative server side, and certificate library of the OCaml-DNS implementation formerly known as <a href="/Posts/DNS">µDNS</a>.</p> +<h2>Prerequisites</h2> +<p>You need to own a domain, and be able to delegate the name service to your own servers. +You also need two spare public IPv4 addresses (in different /24 networks) for your name servers. +A git server or remote repository reachable via git over ssh. +Servers which support <a href="https://github.com/solo5/solo5">solo5</a> guests, and have the corresponding tender installed. +A computer with <a href="https://opam.ocaml.org">opam</a> (&gt;= 2.0.0) installed.</p> +<h2>Data preparation</h2> +<p>Figure out a way to get the DNS entries of your domain in a <a href="https://tools.ietf.org/html/rfc1034">&quot;master file format&quot;</a>, i.e. what bind uses.</p> +<p>This is a master file for the <code>mirage</code> domain, defining <code>$ORIGIN</code> to avoid typing the domain name after each hostname (use <code>@</code> if you need the domain name only; if you need to refer to a hostname in a different domain end it with a dot (<code>.</code>), i.e. <code>ns2.foo.com.</code>). The default time to live <code>$TTL</code> is an hour (3600 seconds). +The zone contains a <a href="https://tools.ietf.org/html/rfc1035#section-3.3.13">start of authority (<code>SOA</code>) record</a> containing the nameserver, hostmaster, serial, refresh, retry, expiry, and minimum. +Also, a single <a href="https://tools.ietf.org/html/rfc1035#section-3.3.11">name server (<code>NS</code>) record</a> <code>ns1</code> is specified with an accompanying <a href="https://tools.ietf.org/html/rfc1035#section-3.4.1">address (<code>A</code>) records</a> pointing to their IPv4 address.</p> +<pre><code class="language-shell">git-repo&gt; cat mirage +$ORIGIN mirage. +$TTL 3600 +@ SOA ns1 hostmaster 1 86400 7200 1048576 3600 +@ NS ns1 +ns1 A 127.0.0.1 +www A 1.1.1.1 +git-repo&gt; git add mirage &amp;&amp; git commit -m initial &amp;&amp; git push +</code></pre> +<h2>Installation</h2> +<p>On your development machine, you need to install various OCaml packages. You don't need privileged access if common tools (C compiler, make, libgmp) are already installed. You have <code>opam</code> installed.</p> +<p>Let's create a fresh <code>switch</code> for the DNS journey:</p> +<pre><code class="language-shell">$ opam init +$ opam update +$ opam switch create udns 4.09.0 +# waiting a bit, a fresh OCaml compiler is getting bootstrapped +$ eval `opam env` #sets some environment variables +</code></pre> +<p>The last command set environment variables in your current shell session, please use the same shell for the commands following (or run <code>eval $(opam env)</code> in another shell and proceed in there - the output of <code>opam switch</code> sohuld point to <code>udns</code>).</p> +<h3>Validation of our zonefile</h3> +<p>First let's check that OCaml-DNS can parse our zonefile:</p> +<pre><code class="language-shell">$ opam install dns-cli #installs ~/.opam/udns/bin/ozone and other binaries +$ ozone &lt;git-repo&gt;/mirage # see ozone --help +successfully checked zone +</code></pre> +<p>Great. Error reporting is not great, but line numbers are indicated (<code>ozone: zone parse problem at line 3: syntax error</code>), <a href="https://github.com/mirage/ocaml-dns/tree/v4.2.0/zone">lexer and parser are lex/yacc style</a> (PRs welcome).</p> +<p>FWIW, <code>ozone</code> accepts <code>--old &lt;filename&gt;</code> to check whether an update from the old zone to the new is fine. This can be used as <a href="https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks">pre-commit hook</a> in your git repository to avoid bad parse states in your name servers.</p> +<h3>Getting the primary up</h3> +<p>The next step is to compile the primary server and run it to serve the domain data. Since the git-via-ssh client is not yet released, we need to add a custom opam repository to this switch.</p> +<pre><code class="language-shell"># git via ssh is not yet released, but this opam repository contains the branch information +$ opam repo add git-ssh git+https://github.com/roburio/git-ssh-dns-mirage3-repo.git +# get the `mirage` application via opam +$ opam install lwt mirage + +# get the source code of the unikernels +$ git clone -b future https://github.com/roburio/unikernels.git +$ cd unikernels/primary-git + +# let's build the server first as unix application +$ mirage configure --prng fortuna #--no-depext if you have all system dependencies +$ make depend +$ make + +# run it +$ ./primary_git +# starts a unix process which clones https://github.com/roburio/udns.git +# attempts to parse the data as zone files, and fails on parse error +$ ./primary-git --remote=https://my-public-git-repository +# this should fail with ENOACCESS since the DNS server tries to listen on port 53 + +# which requires a privileged user, i.e. su, sudo or doas +$ sudo ./primary-git --remote=https://my-public-git-repository +# leave it running, run the following programs in a different shell + +# test it +$ host ns1.mirage 127.0.0.1 +ns1.mirage has address 127.0.0.1 +$ dig any mirage @127.0.0.1 +# a DNS packet printout with all records available for mirage +</code></pre> +<p>That's exciting, the DNS server serving answers from a remote git repository.</p> +<h3>Securing the git access with ssh</h3> +<p>Let's authenticate the access by using ssh, so we feel ready to push data there as well. The primary-git unikernel already includes an experimental <a href="https://github.com/haesbaert/awa-ssh">ssh client</a>, all we need to do is setting up credentials - in the following a RSA keypair and the server fingerprint.</p> +<pre><code class="language-shell"># collect the RSA host key fingerprint +$ ssh-keyscan &lt;git-server&gt; &gt; /tmp/git-server-public-keys +$ ssh-keygen -l -E sha256 -f /tmp/git-server-public-keys | grep RSA +2048 SHA256:a5kkkuo7MwTBkW+HDt4km0gGPUAX0y1bFcPMXKxBaD0 &lt;git-server&gt; (RSA) +# we're interested in the SHA256:yyy only + +# generate a ssh keypair +$ awa_gen_key # installed by the make depend step above in ~/.opam/udns/bin +seed is pIKflD07VT2W9XpDvqntcmEW3OKlwZL62ak1EZ0m +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5b2cSSkZ5/MAu7pM6iJLOaX9tJsfA8DB1RI34Zygw6FA0y8iisbqGCv6Z94ZxreGATwSVvrpqGo5p0rsKs+6gQnMCU1+sOC4PRlxy6XKgj0YXvAZcQuxwmVQlBHshuq0CraMK9FASupGrSO8/dW30Kqy1wmd/IrqW9J1Cnw+qf0C/VEhIbo7btlpzlYpJLuZboTvEk1h67lx1ZRw9bSPuLjj665yO8d0caVIkPp6vDX20EsgITdg+cFjWzVtOciy4ETLFiKkDnuzHzoQ4EL8bUtjN02UpvX2qankONywXhzYYqu65+edSpogx2TuWFDJFPHgcyO/ZIMoluXGNgQlP awa@awa.local +# please run your own awa_gen_key, don't use the numbers above +</code></pre> +<p>The public key needs is in standard OpenSSH format and needs to be added to the list of accepted keys on your server - the exact steps depend on your git server, if you're running your own with <a href="https://github.com/tv42/gitosis">gitosis</a>, add it as new public key file and grant that key access to the data repository. If you use gitlab or github, you may want to create a new user account and with the generated key.</p> +<p>The private key is not displayed, but only the seed required to re-generate it, when using the same random number generator, in our case <a href="http://mirleft.github.io/ocaml-nocrypto/doc/Nocrypto.Rng.html">fortuna implemented by nocrypto</a> - used by both <code>awa_gen_key</code> and <code>primary_git</code>. The seed is provided as command-line argument while starting <code>primary_git</code>:</p> +<pre><code class="language-shell"># execute with git over ssh, authenticator from ssh-keyscan, seed from awa_gen_key +$ ./primary_git --authenticator=SHA256:a5kkkuo7MwTBkW+HDt4km0gGPUAX0y1bFcPMXKxBaD0 --seed=pIKflD07VT2W9XpDvqntcmEW3OKlwZL62ak1EZ0m --remote=ssh://git@&lt;git-server&gt;/repo-name.git +# started up, you can try the host and dig commands from above if you like +</code></pre> +<p>To wrap up, we now have a primary authoritative name server for our zone running as Unix process, which clones a remote git repository via ssh on startup and then serves it.</p> +<h3>Authenticated data updates</h3> +<p>Our remote git repository is the source of truth, if you need to add a DNS entry to the zone, you git pull, edit the zone file, remember to increase the serial in the SOA line, run <code>ozone</code>, git commit and push to the repository.</p> +<p>So, the <code>primary_git</code> needs to be informed of git pushes. This requires a communication channel from the git server (or somewhere else, e.g. your laptop) to the DNS server. I prefer in-protocol solutions over adding yet another protocol stack, no way my DNS server will talk HTTP REST.</p> +<p>The DNS protocol has an extension for <a href="https://tools.ietf.org/html/rfc1996">notifications of zone changes</a> (as a DNS packet), usually used between the primary and secondary servers. The <code>primary_git</code> accepts these notify requests (i.e. bends the standard slightly), and upon receival pulls the remote git repository, and serves the fresh zone files. Since a git pull may be rather excessive in terms of CPU cycles and network bandwidth, only authenticated notifications are accepted.</p> +<p>The DNS protocol specifies in another extension <a href="https://tools.ietf.org/html/rfc2845">authentication (DNS TSIG)</a> with transaction signatures on DNS packets including a timestamp and fudge to avoid replay attacks. As key material hmac secrets distribued to both the communication endpoints are used.</p> +<p>To recap, the primary server is configured with command line parameters (for remote repository url and ssh credentials), and serves data from a zonefile. If the secrets would be provided via command line, a restart would be necessary for adding and removing keys. If put into the zonefile, they would be publicly served on request. So instead, we'll use another file, still in zone file format, in the top-level domain <code>_keys</code>, i.e. the <code>mirage._keys</code> file contains keys for the <code>mirage</code> zone. All files ending in <code>._keys</code> are parsed with the normal parser, but put into an authentication store instead of the domain data store, which is served publically.</p> +<p>For encoding hmac secrets into DNS zone file format, the <a href="https://tools.ietf.org/html/rfc4034#section-2"><code>DNSKEY</code></a> format is used (designed for DNSsec). The <a href="https://www.isc.org/bind/">bind</a> software comes with <code>dnssec-keygen</code> and <code>tsig-keygen</code> to generate DNSKEY output: flags is 0, protocol is 3, and algorithm identifier for SHA256 is 163 (SHA384 164, SHA512 165). This is reused by the OCaml DNS library. The key material itself is base64 encoded.</p> +<p>Access control and naming of keys follows the DNS domain name hierarchy - a key has the form name._operation.domain, and has access granted to domain and all subdomains of it. Two operations are supported: update and transfer. In the future there may be a dedicated notify operation, for now we'll use update. The name part is ignored for the update operation.</p> +<p>Since we now embedd secret information in the git repository, it is a good idea to restrict access to it, i.e. make it private and not publicly cloneable or viewable. Let's generate a first hmac secret and send a notify:</p> +<pre><code class="language-shell">$ dd if=/dev/random bs=1 count=32 | b64encode - +begin-base64 644 - +kJJqipaQHQWqZL31Raar6uPnepGFIdtpjkXot9rv2xg= +==== +[..] +git-repo&gt; echo &quot;personal._update.mirage. DNSKEY 0 3 163 kJJqipaQHQWqZL31Raar6uPnepGFIdtpjkXot9rv2xg=&quot; &gt; mirage._keys +git-repo&gt; git add mirage._keys &amp;&amp; git commit -m &quot;add hmac secret&quot; &amp;&amp; git push + +# now we need to restart the primary git to get the git repository with the key +$ ./primary_git --seed=... # arguments from above, remote git, host key fingerprint, private key seed + +# now test that a notify results in a git pull +$ onotify 127.0.0.1 mirage --key=personal._update.mirage:SHA256:kJJqipaQHQWqZL31Raar6uPnepGFIdtpjkXot9rv2xg= +# onotify was installed by dns-cli in ~/.opam/udns/bin/onotify, see --help for options +# further changes to the hmac secrets don't require a restart anymore, a notify packet is sufficient :D +</code></pre> +<p>Ok, this onotify command line could be setup as a git post-commit hook, or run manually after each manual git push.</p> +<h3>Secondary</h3> +<p>It's time to figure out how to integrate the secondary name server. An already existing bind or something else that accepts notifications and issues zone transfers with hmac-sha256 secrets should work out of the box. If you encounter interoperability issues, please get in touch with me.</p> +<p>The <code>secondary</code> subdirectory of the cloned <code>unikernels</code> repository is another unikernel that acts as secondary server. It's only command line argument is a list of hmac secrets used for authenticating that the received data originates from the primary server. Data is initially transferred by a <a href="https://tools.ietf.org/html/rfc5936">full zone transfer (AXFR)</a>, later updates (upon refresh timer or notify request sent by the primary) use <a href="https://tools.ietf.org/html/rfc1995">incremental (IXFR)</a>. Zone transfer requests and data are authenticated with transaction signatures again.</p> +<p>Convenience by OCaml DNS is that transfer key names matter, and are of the form <primary-ip>.<secondary-ip>._transfer.domain, i.e. <code>1.1.1.1.2.2.2.2._transfer.mirage</code> if the primary server is 1.1.1.1, and the secondary 2.2.2.2. Encoding the IP address in the name allows both parties to start the communication: the secondary starts by requesting a SOA for all domains for which keys are provided on command line, and if an authoritative SOA answer is received, the AXFR is triggered. The primary server emits notification requests on startup and then on every zone change (i.e. via git pull) to all secondary IP addresses of transfer keys present for the specific zone in addition to the notifications to the NS records in the zone.</p> +<pre><code class="language-shell">$ cd ../secondary +$ mirage configure --prng fortuna +# make depend should not be needed since all packages are already installed by the primary-git +$ make +$ ./secondary +</code></pre> +<h3>IP addresses and routing</h3> +<p>Both primary and secondary serve the data on the DNS port (53) on UDP and TCP. To run both on the same machine and bind them to different IP addresses, we'll use a layer 2 network (ethernet frames) with a host system software switch (bridge interface <code>service</code>), the unikernels as virtual machines (or seccomp-sandboxed) via the <a href="https://github.com/solo5/solo5">solo5</a> backend. Using xen is possible as well. As IP address range we'll use 10.0.42.0/24, and the host system uses the 10.0.42.1.</p> +<p>The primary git needs connectivity to the remote git repository, thus on a laptop in a private network we need network address translation (NAT) from the bridge where the unikernels speak to the Internet where the git repository resides.</p> +<pre><code class="language-shell"># on FreeBSD: +# configure NAT with pf, you need to have forwarding enabled +$ sysctl net.inet.ip.forwarding: 1 +$ echo 'nat pass on wlan0 inet from 10.0.42.0/24 to any -&gt; (wlan0)' &gt;&gt; /etc/pf.conf +$ service pf restart + +# make tap interfaces UP on open() +$ sysctl net.link.tap.up_on_open: 1 + +# bridge creation, naming, and IP setup +$ ifconfig bridge create +bridge0 +$ ifconfig bridge0 name service +$ ifconfig bridge0 10.0.42.1/24 + +# two tap interfaces for our unikernels +$ ifconfig tap create +tap0 +$ ifconfig tap create +tap1 +# add them to the bridge +$ ifconfig service addm tap0 addm tap1 +</code></pre> +<h3>Primary and secondary setup</h3> +<p>Let's update our zone slightly to reflect the IP changes.</p> +<pre><code class="language-shell">git-repo&gt; cat mirage +$ORIGIN mirage. +$TTL 3600 +@ SOA ns1 hostmaster 2 86400 7200 1048576 3600 +@ NS ns1 +@ NS ns2 +ns1 A 10.0.42.2 +ns2 A 10.0.42.3 + +# we also need an additional transfer key +git-repo&gt; cat mirage._keys +personal._update.mirage. DNSKEY 0 3 163 kJJqipaQHQWqZL31Raar6uPnepGFIdtpjkXot9rv2xg= +10.0.42.2.10.0.42.3._transfer.mirage. DNSKEY 0 3 163 cDK6sKyvlt8UBerZlmxuD84ih2KookJGDagJlLVNo20= +git-repo&gt; git commit -m &quot;udpates&quot; . &amp;&amp; git push +</code></pre> +<p>Ok, the git repository is ready, now we need to compile the unikernels for the virtualisation target (see <a href="https://mirage.io/wiki/hello-world#Building-for-Another-Backend">other targets</a> for further information).</p> +<pre><code class="language-shell"># back to primary +$ cd ../primary-git +$ mirage configure -t hvt --prng fortuna # or e.g. -t spt (and solo5-spt below) +# installs backend-specific opam packages, recompiles some +$ make depend +$ make +[...] +$ solo5-hvt --net:service=tap0 -- primary_git.hvt --ipv4=10.0.42.2/24 --ipv4-gateway=10.0.42.1 --seed=.. --authenticator=.. --remote=ssh+git://... +# should now run as a virtual machine (kvm, bhyve), and clone the git repository +$ dig any mirage @10.0.42.2 +# should reply with the SOA and NS records, and also the name server address records in the additional section + +# secondary +$ cd ../secondary +$ mirage configure -t hvt --prng fortuna +$ make +$ solo5-hvt --net:service=tap1 -- secondary.hvt --ipv4=10.0.42.3/24 --keys=10.0.42.2.10.0.42.3._transfer.mirage:SHA256:cDK6sKyvlt8UBerZlmxuD84ih2KookJGDagJlLVNo20= +# an ipv4-gateway is not needed in this setup, but in real deployment later +# it should start up and transfer the mirage zone from the primary + +$ dig any mirage @10.0.42.3 +# should now output the same information as from 10.0.42.2 + +# testing an update and propagation +# edit mirage zone, add a new record and increment the serial number +git-repo&gt; echo &quot;foo A 127.0.0.1&quot; &gt;&gt; mirage +git-repo&gt; vi mirage &lt;- increment serial +git-repo&gt; git commit -m 'add foo' . &amp;&amp; git push +$ onotify 10.0.42.2 mirage --key=personal._update.mirage:SHA256:kJJqipaQHQWqZL31Raar6uPnepGFIdtpjkXot9rv2xg= + +# now check that it worked +$ dig foo.mirage @10.0.42.2 # primary +$ dig foo.mirage @10.0.42.3 # secondary got notified and transferred the zone +</code></pre> +<p>You can also check the behaviour when restarting either of the VMs, whenever the primary is available the zone is synchronised. If the primary is down, the secondary still serves the zone. When the secondary is started while the primary is down, it won't serve any data until the primary is online (the secondary polls periodically, the primary sends notifies on startup).</p> +<h3>Dynamic data updates via DNS, pushed to git</h3> +<p>DNS is a rich protocol, and it also has builtin <a href="https://tools.ietf.org/html/rfc2136">updates</a> that are supported by OCaml DNS, again authenticated with hmac-sha256 and shared secrets. Bind provides the command-line utility <code>nsupdate</code> to send these update packets, a simple <code>oupdate</code> unix utility is available as well (i.e. for integration of dynamic DNS clients). You know the drill, add a shared secret to the primary, git push, notify the primary, and voila we can dynamically in-protocol update. An update received by the primary via this way will trigger a git push to the remote git repository, and notifications to the secondary servers as described above.</p> +<pre><code class="language-shell"># being lazy, I reuse the key above +$ oupdate 10.0.42.2 personal._update.mirage:SHA256:kJJqipaQHQWqZL31Raar6uPnepGFIdtpjkXot9rv2xg= my-other.mirage 1.2.3.4 + +# let's observe the remote git +git-repo&gt; git pull +# there should be a new commit generated by the primary +git-repo&gt; git log + +# test it, should return 1.2.3.4 +$ dig my-other.mirage @10.0.42.2 +$ dig my-other.mirage @10.0.42.3 +</code></pre> +<p>So we can deploy further <code>oupdate</code> (or <code>nsupdate</code>) clients, distribute hmac secrets, and have the DNS zone updated. The source of truth is still the git repository, where the primary-git pushes to. Merge conflicts and timing of pushes is not yet dealt with. They are unlikely to happen since the primary is notified on pushes and should have up-to-date data in storage. Sorry, I'm unsure about the error semantics, try it yourself.</p> +<h3>Let's encrypt!</h3> +<p><a href="https://letsencrypt.org/">Let's encrypt</a> is a certificate authority (CA), which certificate is shipped as trust anchor in web browsers. They specified a protocol for <a href="https://tools.ietf.org/html/draft-ietf-acme-acme-05">automated certificate management environment (ACME)</a>, used to get X509 certificates for your services. In the protocol, a certificate signing request (publickey and hostname) is sent to let's encrypt servers, which sends a challenge to proof the ownership of the hostnames. One widely-used way to solve this challenge is running a web server, another is to serve it as text record from the authoritative DNS server.</p> +<p>Since I avoid persistent storage when possible, and also don't want to integrate a HTTP client stack in the primary server, I developed a third unikernel that acts as (hidden) secondary server, performs the tedious HTTP communication with let's encrypt servers, and stores all data in the public DNS zone.</p> +<p>For encoding of certificates, the DANE working group specified <a href="https://tools.ietf.org/html/rfc6698.html#section-7.1">TLSA</a> records in DNS. They are quadruples of usage, selector, matching type, and ASN.1 DER-encoded material. We set usage to 3 (domain-issued certificate), matching type to 0 (no hash), and selector to 0 (full certificate) or 255 (private usage) for certificate signing requests. The interaction is as follows:</p> +<ol> +<li>Primary, secondary, and let's encrypt unikernels are running +</li> +<li>A service (<code>ocertify</code>, <code>unikernels/certificate</code>, or the <code>dns-certify.mirage</code> library) demands a TLS certificate, and has a hmac-secret for the primary DNS +</li> +<li>The service generates a certificate signing request with the desired hostname(s), and performs an nsupdate with TLSA 255 <DER encoded signing-request> +</li> +<li>The primary accepts the update, pushes the new zone to git, and sends notifies to secondary and let's encrypt unikernels which (incrementally) transfer the zone +</li> +<li>The let's encrypt unikernel notices while transferring the zone a signing request without a certificate, starts HTTP interaction with let's encrypt +</li> +<li>The let's encrypt unikernel solves the challenge, sends the response as update of a TXT record to the primary nameserver +</li> +<li>The primary pushes the TXT record to git, and notifies secondaries (which transfer the zone) +</li> +<li>The let's encrypt servers request the TXT record from either or both authoritative name servers +</li> +<li>The let's encrypt unikernel polls for the issued certificate and send an update to the primary TLSA 0 <DER encoded certificate> +</li> +<li>The primary pushes the certificate to git, notifies secondaries (which transfer the zone) +</li> +<li>The service polls TLSA records for the hostname, and use it upon retrieval +</li> +</ol> +<p>Note that neither the signing request nor the certificate contain private key material, thus it is fine to serve them publically. Please also note, that the service polls for the certificate for the hostname in DNS, which is valid (start and end date) certificate and uses the same public key, this certificate is used and steps 3-10 are not executed.</p> +<p>The let's encrypt unikernel does not serve anything, it is a reactive system which acts upon notification from the primary. Thus, it can be executed in a private address space (with a NAT). Since the OCaml DNS server stack needs to push notifications to it, it preserves all incoming signed SOA requests as candidates for notifications on update. The let's encrypt unikernel ensures to always have a connection to the primary to receive notifications.</p> +<pre><code class="language-shell"># getting let's encrypt up and running +$ cd ../lets-encrypt +$ mirage configure -t hvt --prng fortuna +$ make depend +$ make + +# run it +$ solo5-hvt --net:service=tap2 -- letsencrypt.hvt --keys=... + +# test it +$ ocertify 10.0.42.2 foo.mirage +</code></pre> +<p>For actual testing with let's encrypt servers you need to have the primary and secondary deployed on your remote hosts, and your domain needs to be delegated to these servers. Good luck. And ensure you have backup your git repository.</p> +<p>As fine print, while this tutorial was about the <code>mirage</code> zone, you can stick any number of zones into the git repository. If you use a <code>_keys</code> file (without any domain prefix), you can configure hmac secrets for all zones, i.e. something to use in your let's encrypt unikernel and secondary unikernel. Dynamic addition of zones is supported, just create a new zonefile and notify the primary, the secondary will be notified and pick it up. The primary responds to a signed SOA for the root zone (i.e. requested by the secondary) with the SOA response (not authoritative), and additionally notifications for all domains of the primary.</p> +<h3>Conclusion and thanks</h3> +<p>This tutorial presented how to use the OCaml DNS based unikernels to run authoritative name servers for your domain, using a git repository as the source of truth, dynamic authenticated updates, and let's encrypt certificate issuing.</p> +<p>There are further steps to take, such as monitoring -- have a look at the <code>monitoring</code> branch of the opam repository above, and the <code>future-robur</code> branch of the unikernels repository above, which use a second network interface for reporting syslog and metrics to telegraf / influx / grafana. Some DNS features are still missing, most prominently DNSSec.</p> +<p>I'd like to thank all people involved in this software stack, without other key components, including <a href="https://github.com/mirage/ocaml-git">git</a>, <a href="https://irmin.io/">irmin 2.0</a>, <a href="https://github.com/mirleft/ocaml-nocrypto">nocrypto</a>, <a href="https://github.com/haesbaert/awa-ssh">awa-ssh</a>, <a href="https://github.com/mirage/ocaml-cohttp">cohttp</a>, <a href="https://github.com/solo5/sol5">solo5</a>, <a href="https://github.com/mirage/mirage">mirage</a>, <a href="https://github.com/mmaker/ocaml-letsencrypt">ocaml-letsencrypt</a>, and more.</p> +<p>If you want to support our work on MirageOS unikernels, please <a href="https://robur.coop/Donate">donate to robur</a>. I'm interested in feedback, either via <a href="https://twitter.com/h4nnes">twitter</a>, <a href="https://mastodon.social/@hannesm">hannesm@mastodon.social</a> or via eMail.</p> +urn:uuid:e3d4fd9e-e379-5c86-838e-46034ddd435dDeploying authoritative OCaml-DNS servers as MirageOS unikernels2021-11-19T18:04:52-00:00hannes<p>MirageOS unikernels are reproducible :)</p> +2019-12-16T18:29:30-00:00<h2>Reproducible builds summit</h2> +<p>I'm just back from the <a href="https://reproducible-builds.org/events/Marrakesh2019/">Reproducible builds summit 2019</a>. In 2018, several people developing <a href="https://ocaml.org">OCaml</a> and <a href="https://opam.ocaml.org">opam</a> and <a href="https://mirage.io">MirageOS</a>, attended <a href="https://reproducible-builds.org/events/paris2018/">the Reproducible builds summit in Paris</a>. The notes from last year on <a href="https://reproducible-builds.org/events/paris2018/report/#Toc11410_331763073">opam reproducibility</a> and <a href="https://reproducible-builds.org/events/paris2018/report/#Toc11681_331763073">MirageOS reproducibility</a> are online. After last years workshop, Raja started developing the opam reproducibilty builder <a href="https://github.com/rjbou/orb">orb</a>, which I extended at and after this years summit. This year before and after the facilitated summit there were hacking days, which allowed further interaction with participants, writing some code and conduct experiments. I had this year again an exciting time at the summit and hacking days, thanks to our hosts, organisers, and all participants.</p> +<h2>Goal</h2> +<p>Stepping back a bit, first look on the <a href="https://reproducible-builds.org/">goal of reproducible builds</a>: when compiling source code multiple times, the produced binaries should be identical. It should be sufficient if the binaries are behaviourally equal, but this is pretty hard to check. It is much easier to check <strong>bit-wise identity of binaries</strong>, and relaxes the burden on the checker -- checking for reproducibility is reduced to computing the hash of the binaries. Let's stick to the bit-wise identical binary definition, which also means software developers have to avoid non-determinism during compilation in their toolchains, dependent libraries, and developed code.</p> +<p>A <a href="https://reproducible-builds.org/docs/test-bench/">checklist</a> of potential things leading to non-determinism has been written up by the reproducible builds project. Examples include recording the build timestamp into the binary, ordering of code and embedded data. The reproducible builds project also developed <a href="https://packages.debian.org/sid/disorderfs">disorderfs</a> for testing reproducibility and <a href="https://diffoscope.org/">diffoscope</a> for comparing binaries with file-dependent readers, falling back to <code>objdump</code> and <code>hexdump</code>. A giant <a href="https://tests.reproducible-builds.org/">test infrastructure</a> with <a href="https://tests.reproducible-builds.org/debian/index_variations.html">lots of variations</a> between the builds, mostly using Debian, has been setup over the years.</p> +<p>Reproducibility is a precondition for trustworthy binaries. See <a href="https://reproducible-builds.org/#why-does-it-matter">why does it matter</a>. If there are no instructions how to get from the published sources to the exact binary, why should anyone trust and use the binary which claims to be the result of the sources? It may as well contain different code, including a backdoor, bitcoin mining code, outputting the wrong results for specific inputs, etc. Reproducibility does not imply the software is free of security issues or backdoors, but instead of a audit of the binary - which is tedious and rarely done - the source code can be audited - but the toolchain (compiler, linker, ..) used for compilation needs to be taken into account, i.e. trusted or audited to not be malicious. <strong>I will only ever publish binaries if they are reproducible</strong>.</p> +<p>My main interest at the summit was to enhance existing tooling and conduct some experiments about the reproducibility of <a href="https://mirage.io">MirageOS unikernels</a> -- a unikernel is a statically linked ELF binary to be run as Unix process or <a href="https://github.com/solo5/solo5">virtual machine</a>. MirageOS heavily uses <a href="https://ocaml.org">OCaml</a> and <a href="https://opam.ocaml.org">opam</a>, the OCaml package manager, and is an opam package itself. Thus, <em>checking reproducibility of a MirageOS unikernel is the same problem as checking reproducibility of an opam package</em>.</p> +<h2>Reproducible builds with opam</h2> +<p>Testing for reproducibility is achieved by taking the sources and compile them twice independently. Afterwards the equality of the resulting binaries can be checked. In trivial projects, the sources is just a single file, or originate from a single tarball. In OCaml, opam uses <a href="https://github.com/ocaml/opam-repository">a community repository</a> where OCaml developers publish their package releases to, but can also use custom repositores, and in addition pin packages to git remotes (url including branch or commit), or a directory on the local filesystem. Manually tracking and updating all dependent packages of a MirageOS unikernel is not feasible: our hello-world compiled for hvt (kvm/BHyve) already has 79 opam dependencies, including the OCaml compiler which is distribued as opam package. The unikernel serving this website depends on 175 opam packages.</p> +<p>Conceptually there should be two tools, the <em>initial builder</em>, which takes the latest opam packages which do not conflict, and exports exact package versions used during the build, as well as hashes of binaries. The other tool is a <em>rebuilder</em>, which imports the export, conducts a build, and outputs the hashes of the produced binaries.</p> +<p>Opam has the concept of a <code>switch</code>, which is an environment where a package set is installed. Switches are independent of each other, and can already be exported and imported. Unfortunately the export is incomplete: if a package includes additional patches as part of the repository -- sometimes needed for fixing releases where the actual author or maintainer of a package responds slowly -- these package neither the patches end up in the export. Also, if a package is pinned to a git branch, the branch appears in the export, but this may change over time by pushing more commits or even force-pushing to that branch. In <a href="https://github.com/ocaml/opam/pull/4040">PR #4040</a> (under discussion and review), also developed during the summit, I propose to embed the additional files as base64 encoded values in the opam file. To solve the latter issue, I modified the export mechanism to <a href="https://github.com/ocaml/opam/pull/4055">embed the git commit hash (PR #4055)</a>, and avoid sources from a local directory and which do not have a checksum.</p> +<p>So the opam export contains the information required to gather the exact same sources and build instructions of the opam packages. If the opam repository would be self-contained (i.e. not depend on any other tools), this would be sufficient. But opam does not run in thin air, it requires some system utilities such as <code>/bin/sh</code>, <code>sed</code>, a GNU make, commonly <code>git</code>, a C compiler, a linker, an assembler. Since opam is available on various operating systems, the plugin <code>depext</code> handles host system dependencies, e.g. if your opam package requires <code>gmp</code> to be installed, this requires slightly different names depending on host system or distribution, take a look at <a href="https://github.com/ocaml/opam-repository/blob/master/packages/conf-gmp/conf-gmp.1/opam">conf-gmp</a>. This also means, opam has rather good information about both the opam dependencies and the host system dependencies for each package. Please note that the host system packages used during compilation are not yet recorded (i.e. which <code>gmp</code> package was installed and used during the build, only that a <code>gmp</code> package has to be installed). The base utilities mentioned above (C compiler, linker, shell) are also not recorded yet.</p> +<p>Operating system information available in opam (such as architecture, distribution, version), which in some cases maps to exact base utilities, is recorded in the build-environment, a separate artifact. The environment variable <a href="https://reproducible-builds.org/specs/source-date-epoch/"><code>SOURCE_DATE_EPOCH</code></a>, used for communicating the same timestamp when software is required to record a timestamp into the resulting binary, is also captured in the build environment.</p> +<p>Additional environment variables may be captured or used by opam packages to produce different output. To avoid this, both the initial builder and the rebuilder are run with minimal environment variables: only <code>PATH</code> (normalised to a whitelist of <code>/bin</code>, <code>/usr/bin</code>, <code>/usr/local/bin</code> and <code>/opt/bin</code>) and <code>HOME</code> are defined. Missing information at the moment includes CPU features: some libraries (gmp?, nocrypto) emit different code depending on the CPU feature.</p> +<h2>Tooling</h2> +<p><em>TL;DR: A <strong>build</strong> builds an opam package, and outputs <code>.opam-switch</code>, <code>.build-hashes.N</code>, and <code>.build-environment.N</code>. A <strong>rebuild</strong> uses these artifacts as input, builds the package and outputs another <code>.build-hashes.M</code> and <code>.build-environment.M</code>.</em></p> +<p>The command-line utility <code>orb</code> can be installed and used:</p> +<pre><code class="language-sh">$ opam pin add orb git+https://github.com/hannesm/orb.git#active +$ orb build --twice --keep-build-dir --diffoscope &lt;your-favourite-opam-package&gt; +</code></pre> +<p>It provides two subcommands <code>build</code> and <code>rebuild</code>. The <code>build</code> command takes a list of local opam <code>--repos</code> where to take opam packages from (defaults to <code>default</code>), a compiler (either a variant <code>--compiler=4.09.0+flambda</code>, a version <code>--compiler=4.06.0</code>, or a pin to a local development version <code>--compiler-pin=~/ocaml</code>), and optionally an existing switch <code>--use-switch</code>. It creates a switch, builds the packages, and emits the opam export, hashes of all files installed by these packages, and the build environment. The flags <code>--keep-build</code> retains the build products, opam's <code>--keep-build-dir</code> in addition temporary build products and generated source code. If <code>--twice</code> is provided, a rebuild (described next) is executed after the initial build.</p> +<p>The <code>rebuild</code> command takes a directory with the opam export and build environment to build the opam package. It first compares the build-environment with the host system, sets the <code>SOURCE_DATE_EPOCH</code> and switch location accordingly and executes the import. Once the build is finished, it compares the hashes of the resulting files with the previous run. On divergence, if build directories were kept in the previous build, and if diffoscope is available and <code>--diffoscope</code> was provided, diffoscope is run on the diverging files. If <code>--keep-build-dir</code> was provided as well, <code>diff -ur</code> can be used to compare the temporary build and sources, including build logs.</p> +<p>The builds are run in parallel, as opam does, this parallelism does not lead to different binaries in my experiments.</p> +<h2>Results and discussion</h2> +<p><strong>All MirageOS unikernels I have deployed are reproducible \o/</strong>. Also, several binaries such as <code>orb</code> itself, <code>opam</code>, <code>solo5-hvt</code>, and all <code>albatross</code> utilities are reproducible.</p> +<p>The unikernel range from hello world, web servers (e.g. this blog, getting its data on startup via a git clone to memory), authoritative DNS servers, CalDAV server. They vary in size between 79 and 200 opam packages, resulting in 2MB - 16MB big ELF binaries (including debug symbols). The <a href="https://github.com/roburio/reproducible-unikernel-repo">unikernel opam repository</a> contains some reproducible unikernels used for testing. Some work-in-progress enhancements are needed to achieve this:</p> +<p>At the moment, the opam package of a MirageOS unikernel is automatically generated by <code>mirage configure</code>, but only used for tracking opam dependencies. I worked on <a href="https://github.com/mirage/mirage/pull/1022">mirage PR #1022</a> to extend the generated opam package with build and install instructions.</p> +<p>As mentioned above, if locale is set, ocamlgraph needs to be patched to emit a (locale-dependent) timestamp.</p> +<p>The OCaml program <a href="https://github.com/mirage/ocaml-crunch"><code>crunch</code></a> embeds a subdirectory as OCaml code into a binary, which we use in MirageOS quite regularly for static assets, etc. This plays in several ways into reproducibility: on the one hand, it needs a timestamp for its <code>last_modified</code> functionality (and adheres since <a href="https://github.com/mirage/ocaml-crunch/pull/45">June 2018</a> to the <code>SOURCE_DATE_EPOCH</code> spec, thanks to Xavier Clerc). On the other hand, it used before version 3.2.0 (released Dec 14th) hashtables for storing the file contents, where iteration is not deterministic (the insertion is not sorted), <a href="https://github.com/mirage/ocaml-crunch/pull/51">fixed in PR #51</a> by using a Map instead.</p> +<p>In functoria, a tool used to configure MirageOS devices and their dependencies, can emit a list of opam packages which were required to build the unikernel. This uses <code>opam list --required-by --installed --rec &lt;pkgs&gt;</code>, which uses the cudf graph (<a href="https://github.com/mirage/functoria/pull/189#issuecomment-566696426">thanks to Raja for explanation</a>), that is during the rebuild dropping some packages. The <a href="https://github.com/mirage/functoria/pull/189">PR #189</a> avoids by not using the <code>--rec</code> argument, but manually computing the fixpoint.</p> +<p>Certainly, the choice of environment variables, and whether to vary them (as <a href="https://tests.reproducible-builds.org/debian/index_variations.html">debian does</a>) or to not define them (or normalise) while building, is arguably. Since MirageOS does neither support time zone nor internationalisation, there is no need to prematurely solving this issue. On related note, even with different locale settings, MirageOS unikernels are reproducible apart from an <a href="https://github.com/backtracking/ocamlgraph/pull/90">issue in ocamlgraph #90</a> embedding the output of <a href="https://pubs.opengroup.org/onlinepubs/9699919799/utilities/date.html"><code>date</code></a>, which is different depending on <code>LANG</code> and locale (<code>LC_*</code>) settings.</p> +<p>Prior art in reproducible MirageOS unikernels is the <a href="https://github.com/mirage/qubes-mirage-firewall/">mirage-qubes-firewall</a>. Since <a href="https://github.com/mirage/qubes-mirage-firewall/commit/07ff3d61477383860216c69869a1ffee59145e45">early 2017</a> it is reproducible. Their approach is different by building in a docker container with the opam repository pinned to an exact git commit.</p> +<h2>Further work</h2> +<p>I only tested a certain subset of opam packages and MirageOS unikernels, mainly on a single machine (my laptop) running FreeBSD, and am happy if others will test reproducibility of their OCaml programs with the tools provided. There could as well be CI machines rebuilding opam packages and reporting results to a central repository. I'm pretty sure there are more reproducibility issues in the opam ecosystem. I developed an <a href="https://github.com/roburio/reproducible-testing-repo">reproducible testing opam repository</a> with opam packages that do not depend on OCaml, mainly for further tooling development. Some tests were also conducted on a Debian system with the same result. The variations, apart from build time, were using a different user, and different locale settings.</p> +<p>As mentioned above, more environment, such as the CPU features, and external system packages, should be captured in the build environment.</p> +<p>When comparing OCaml libraries, some output files (cmt / cmti / cma / cmxa) are not deterministic, but contain minimal diverge where I was not able to spot the root cause. It would be great to fix this, likely in the OCaml compiler distribution. Since the final result, the binary I'm interested in, is not affected by non-identical intermediate build products, I hope someone (you?) is interested in improving on this side. OCaml bytecode output also seems to be non-deterministic. There is <a href="https://github.com/coq/coq/issues/11229">a discussion on the coq issue tracker</a> which may be related.</p> +<p>In contrast to initial plans, I did not used the <a href="https://reproducible-builds.org/specs/build-path-prefix-map/"><code>BUILD_PATH_PREFIX_MAP</code></a> environment variable, which is implemented in OCaml by <a href="https://github.com/ocaml/ocaml/pull/1515">PR #1515</a> (and followups). The main reasons are that something in the OCaml toolchain (I suspect the bytecode interpreter) needed absolute paths to find libraries, thus I'd need a symlink from the left-hand side to the current build directory, which was tedious. Also, my installed assembler does not respect the build path prefix map, and BUILD_PATH_PREFIX_MAP is not widely supported. See e.g. the Debian <a href="https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/ocaml-zarith.html">zarith</a> package with different build paths and its effects on the binary.</p> +<p>I'm fine with recording the build path (switch location) in the build environment for now - it turns out to end up only once in MirageOS unikernels, likely by the last linking step, which <a href="http://blog.llvm.org/2019/11/deterministic-builds-with-clang-and-lld.html">hopefully soon be solved by llvm 9.0</a>.</p> +<p>What was fun was to compare the unikernel when built on Linux with gcc against a built on FreeBSD with clang and lld - spoiler: they emit debug sections with different dwarf versions, it is pretty big. Other fun differences were between OCaml compiler versions: the difference between minor versions (4.08.0 vs 4.08.1) is pretty small (~100kB as human-readable output), while the difference between major version (4.08.1 vs 4.09.0) is rather big (~900kB as human-readable diff).</p> +<p>An item on my list for the future is to distribute the opam export, build hashes and build environment artifacts in a authenticated way. I want to integrate this as <a href="https://in-toto.io/">in-toto</a> style into <a href="https://github.com/hannesm/conex">conex</a>, my not-yet-deployed implementation of <a href="https://theupdateframework.github.io/">tuf</a> for opam that needs further development and a test installation, hopefully in 2020.</p> +<p>If you want to support our work on MirageOS unikernels, please <a href="https://robur.coop/Donate">donate to robur</a>. I'm interested in feedback, either via <a href="https://twitter.com/h4nnes">twitter</a>, <a href="https://mastodon.social/@hannesm">hannesm@mastodon.social</a> or via eMail.</p> +urn:uuid:09922d6b-56c8-595d-8086-5aef9656cbc4Reproducible MirageOS unikernel builds2021-11-19T18:04:52-00:00hannes<p>Five years since ocaml-x509 initial release, it has been reworked and used more widely</p> +2019-08-15T11:21:30-00:00<h2>Cryptographic material</h2> +<p>Once a private and public key pair is generated (doesn't matter whether it is plain RSA, DSA, ECC on any curve), this is fine from a scientific point of view, and can already be used for authenticating and encrypting. From a practical point of view, the public parts need to be exchanged and verified (usually a fingerprint or hash thereof). This leads to the struggle how to encode this cryptographic material, and how to embed an identity (or multiple), capabilities, and other information into it. <a href="https://en.wikipedia.org/wiki/X.509">X.509</a> is a standard to solve this encoding and embedding, and provides more functionality, such as establishing chains of trust and revocation of invalidated or compromised material. X.509 uses certificates, which contain the public key, and additional information (in a extensible key-value store), and are signed by an issuer, either the private key corresponding to the public key - a so-called self-signed certificate - or by a different private key, an authority one step up the chain. A rather long, but very good introduction to certificates by Mike Malone is <a href="https://smallstep.com/blog/everything-pki.html">available here</a>.</p> +<h2>OCaml ecosystem evolving</h2> +<p>More than 5 years ago David Kaloper and I <a href="https://mirage.io/blog/introducing-x509">released the initial ocaml-x509</a> package as part of our <a href="https://nqsb.io">TLS stack</a>, which contained code for decoding and encoding certificates, and path validation of a certificate chain (as described in <a href="https://tools.ietf.org/html/rfc6125">RFC 5280</a>). The validation logic and the decoder/encoder, based on the ASN.1 grammar specified in the RFC, implemented using David's <a href="https://github.com/mirleft/ocaml-asn1-combinators">asn1-combinators</a> library changed much over time.</p> +<p>The OCaml ecosystem evolved over the years, which lead to some changes:</p> +<ul> +<li>Camlp4 deprecation - we used camlp4 for stream parsers of PEM-encoded certificates, and sexplib.syntax to derive s-expression decoders and encoders; +</li> +<li>Avoiding brittle ppx converters - which we used for s-expression decoders and encoders of certificates after camlp4 was deprecated; +</li> +<li>Build and release system iterations - initially oasis and a packed library, then topkg and ocamlbuild, now dune; +</li> +<li>Introduction of the <code>result</code> type in the standard library - we used to use <code>[ `Ok of certificate option | `Fail of failure ]</code>; +</li> +<li>No more leaking exceptions in the public API; +</li> +<li>Usage of pretty-printers, esp with the <a href="https://erratique.ch/software/fmt">fmt</a> library <code>val pp : Format.formatter -&gt; 'a -&gt; unit</code>, instead of <code>val to_string : t -&gt; string</code> functions; +</li> +<li>Release of <a href="https://erratique.ch/software/ptime">ptime</a>, a platform-independent POSIX time support; +</li> +<li>Release of <a href="https://erratique.ch/software/rresult">rresult</a>, which includes combinators for computation <code>result</code>s; +</li> +<li>Release of <a href="https://github.com/hannesm/gmap">gmap</a>, a <code>Map</code> whose value types depend on the key, used for X.509 extensions, GeneralName, DistinguishedName, etc.; +</li> +<li>Release of <a href="https://github.com/hannesm/domain-name">domain-name</a>, a library for domain name operations (as specified in <a href="https://tools.ietf.org/html/rfc1035">RFC 1035</a>) - used for name validation; +</li> +<li>Usage of the <a href="https://github.com/mirage/alcotest">alcotest</a> unit testing framework (instead of oUnit). +</li> +</ul> +<h2>More use cases for X.509</h2> +<p>Initially, we designed and used ocaml-x509 for providing TLS server endpoints and validation in TLS clients - mostly on the public web, where each operating system ships a set of ~100 trust anchors to validate any web server certificate against. But once you have a X.509 implementation, every authentication problem can be solved by applying it.</p> +<h3>Authentication with path building</h3> +<p>It turns out that the trust anchor sets are not equal across operating systems and versions, thus some web servers serve sets, instead of chains, of certificates - as described in <a href="https://tools.ietf.org/html/rfc4158">RFC 4158</a>, where the client implementation needs to build valid paths and accept a connection if any path can be validated. The path building was initially in 0.5.2 slightly wrong, but fixed quickly in <a href="https://github.com/mirleft/ocaml-x509/commit/1a1476308d24bdcc49d45c4cd9ef539ca57461d2">0.5.3</a>.</p> +<h3>Fingerprint authentication</h3> +<p>The chain of trust validation is useful for the open web, where you as software developer don't know to which remote endpoint your software will ever connect to - as long as the remote has a certificate signed (via intermediates) by any of the trust anchors. In the early days, before <a href="https://letsencrypt.org/">let's encrypt</a> was launched and embedded as trust anchors (or cross-signed by already deployed trust anchors), operators needed to pay for a certificate - a business model where some CAs did not bother to check the authenticity of a certificate signing request, and thus random people owning valid certificates for microsoft.com or google.com.</p> +<p>Instead of using the set of trust anchors, the fingerprint of the server certificate, or preferably the fingerprint of the public key of the certificate, can be used for authentication, as optionally done since some years in <a href="https://github.com/hannesm/jackline/commit/a1e6f3159be1e45e6b690845e1b29366c41239a2">jackline</a>, an XMPP client. Support for this certificate / public key pinning was added in x509 0.2.1 / 0.5.0.</p> +<h3>Certificate signing requests</h3> +<p>Until x509 0.4.0 there was no support for generating certificate signing requests (CSR), as defined in PKCS 10, which are self-signed blobs containing a public key, an identity, and possibly extensions. Such as CSR is sent to the certificate authority, and after validation of ownership of the identity and paying a fee, the certificate is issued. Let's encrypt specified the ACME protocol which automates the proof of ownership: they provide a HTTP API for requesting a challenge, providing the response (the proof of ownership) via HTTP or DNS, and then allow the submission of a CSR and downloading the signed certificate. The ocaml-x509 library provides operations for creating such a CSR, and also for signing a CSR to generate a certificate.</p> +<p>Mindy developed the command-line utility <a href="https://github.com/yomimono/ocaml-certify/">certify</a> which uses these operations from the ocaml-x509 library and acts as a swiss-army knife purely in OCaml for these required operations.</p> +<p>Maker developed a <a href="https://github.com/mmaker/ocaml-letsencrypt">let's encrypt library</a> which implements the above mentioned ACME protocol for provisioning CSR to certificates, also using our ocaml-x509 library.</p> +<p>To complete the required certificate authority functionality, in x509 0.6.0 certificate revocation lists, both validation and signing, was implemented.</p> +<h3>Deploying unikernels</h3> +<p>As <a href="/Posts/VMM">described in another post</a>, I developed <a href="https://github.com/hannesm/albatross">albatross</a>, an orchestration system for MirageOS unikernels. This uses ASN.1 for internal socket communication and allows remote management via a TLS connection which is mutually authenticated with a X.509 client certificate. To encrypt the X.509 client certificate, first a TLS handshake where the server authenticates itself to the client is established, and over that connection another TLS handshake is established where the client certificate is requested. Note that this mechanism can be dropped with TLS 1.3, since there the certificates are transmitted over an already encrypted channel.</p> +<p>The client certificate already contains the command to execute remotely - as a custom extension, being it &quot;show me the console output&quot;, or &quot;destroy the unikernel with name = YYY&quot;, or &quot;deploy the included unikernel image&quot;. The advantage is that the commands are already authenticated, and there is no need for developing an ad-hoc protocol on top of the TLS session. The resource limits, assigned by the authority, are also part of the certificate chain - i.e. the number of unikernels, access to network bridges, available accumulated memory, accumulated size for block devices, are constrained by the certificate chain presented to the server, and currently running unikernels. The names of the chain are used for access control - if Alice and Bob have intermediate certificates from the same CA, neither Alice may manage Bob's unikernels, nor Bob may manage Alice's unikernels. I'm using albatross since 2.5 years in production on two physical machines with ~20 unikernels total (multiple users, multiple administrative domains), and it works stable and is much nicer to deal with than <code>scp</code> and custom hacked shell scripts.</p> +<h2>Why 0.7?</h2> +<p>There are still some missing pieces in our ocaml-x509 implementation, namely modern ECC certificates (depending on elliptic curve primitives not yet available in OCaml), RSA-PSS signing (should be straightforward), PKCS 12 (there is a <a href="https://github.com/mirleft/ocaml-x509/pull/114">pull request</a>, but this should wait until asn1-combinators supports the <code>ANY defined BY</code> construct to cleanup the code), ... +Once these features are supported, the library should likely be named PKCS since it supports more than X.509, and released as 1.0.</p> +<p>The 0.7 release series moved a lot of modules and function names around, thus it is a major breaking release. By using a map instead of lists for extensions, GeneralName, ..., the API was further revised - invariants that each extension key (an ASN.1 object identifier) may occur at most once are now enforced. By not leaking exceptions through the public interface, the API is easier to use safely - see <a href="https://github.com/mmaker/ocaml-letsencrypt/commit/dc53518f46310f384c9526b1d96a8e8f815a09c7">let's encrypt</a>, <a href="https://git.robur.io/?p=openvpn.git;a=commitdiff;h=929c53116c1438ba1214f53df7506d32da566ccc">openvpn</a>, <a href="https://github.com/yomimono/ocaml-certify/pull/17">certify</a>, <a href="https://github.com/mirleft/ocaml-tls/pull/394">tls</a>, <a href="https://github.com/mirage/capnp-rpc/pull/158">capnp</a>, <a href="https://github.com/hannesm/albatross/commit/50ed6a8d1ead169b3e322aaccb469e870ad72acc">albatross</a>.</p> +<p>I intended in 0.7.0 to have much more precise types, esp. for the SubjectAlternativeName (SAN) extension that uses a GeneralName, but it turns out the GeneralName is as well used for NameConstraints (NC) in a different way -- IP in SAN is an IPv4 or IPv6 address, in CN it is the IP/netmask; DNS is a domain name in SAN, in CN it is a name starting with a leading dot (i.e. &quot;.example.com&quot;), which is not a valid domain name. In 0.7.1, based on a bug report, I had to revert these variants and use less precise types.</p> +<h2>Conclusion</h2> +<p>The work on X.509 was sponsored by <a href="http://ocamllabs.io/">OCaml Labs</a>. You can support our work at robur by a <a href="https://robur.io/Donate">donation</a>, which we will use to work on our OCaml and MirageOS projects. You can also reach out to us to realize commercial products.</p> +<p>I'm interested in feedback, either via <strike><a href="https://twitter.com/h4nnes">twitter</a></strike> <a href="https://mastodon.social/@hannesm">hannesm@mastodon.social</a> or via eMail.</p> +urn:uuid:f2cf2a6a-8eef-5c2c-be03-d81a1bf0f066X509 0.72021-11-19T18:04:52-00:00hannes<p>Bringing MirageOS into production, take IV monitoring, CalDAV, DNS</p> +2019-07-08T19:29:05-00:00<h2>Working at <a href="https://robur.io">robur</a></h2> +<p>As announced <a href="/Posts/DNS">previously</a>, I started to work at robur early 2018. We're a collective of five people, distributed around Europe and the US, with the goal to deploy MirageOS unikernels. We do this by developing bespoke MirageOS unikernels which provide useful services, and deploy them for ourselves. We also develop new libraries and enhance existing ones and other components of MirageOS. Example unikernels include <a href="https://robur.io">our website</a> which uses <a href="https://github.com/Engil/Canopy">Canopy</a>, a <a href="https://robur.io/Our%20Work/Projects#CalDAV-Server">CalDAV server that stores entries in a git remote</a>, and <a href="https://github.com/roburio/unikernels">DNS servers</a> (the latter two are further described below).</p> +<p>Robur is part of the non-profit company <a href="https://techcultivation.org">Center for the Cultivation of Technology</a>, who are managing the legal and administrative sides for us. We're ourselves responsible to acquire funding to pay ourselves reasonable salaries. We received funding for CalDAV from <a href="https://prototypefund.de">prototypefund</a> and further funding from <a href="https://tarides.com">Tarides</a>, for TLS 1.3 from <a href="http://ocamllabs.io/">OCaml Labs</a>; security-audited an OCaml codebase, and received <a href="https://robur.io/Donate">donations</a>, also in the form of Bitcoins. We're looking for further funded collaborations and also contracting, mail us at <code>team@robur.io</code>. Please <a href="https://robur.io/Donate">donate</a> (tax-deductible in EU), so we can accomplish our goal of putting robust and sustainable MirageOS unikernels into production, replacing insecure legacy system that emit tons of CO<span style="vertical-align: baseline; position: relative;bottom: -0.4em;">2</span>.</p> +<h2>Deploying MirageOS unikernels</h2> +<p>While several examples are running since years (the <a href="https://mirage.io">MirageOS website</a>, <a href="http://ownme.ipredator.se">Bitcoin Piñata</a>, <a href="https://tls.nqsb.io">TLS demo server</a>, etc.), and some shell-scripts for cloud providers are floating around, it is not (yet) streamlined.</p> +<p>Service deployment is complex: you have to consider its configuration, exfiltration of logs and metrics, provisioning with valid key material (TLS certificate, hmac shared secret) and authenticators (CA certificate, ssh key fingerprint). Instead of requiring millions lines of code during orchestration (such as Kubernetes), creating the images (docker), or provisioning (ansible), why not minimise the required configuration and dependencies?</p> +<p><a href="/Posts/VMM">Earlier in this blog I introduced Albatross</a>, which serves in an enhanced version as our deployment platform on a physical machine (running 15 unikernels at the moment), I won't discuss more detail thereof in this article.</p> +<h2>CalDAV</h2> +<p><a href="https://linse.me/">Steffi</a> and I developed in 2018 a CalDAV server. Since November 2018 we have a test installation for robur, initially running as a Unix process on a virtual machine and persisting data to files on the disk. Mid-June 2019 we migrated it to a MirageOS unikernel, thanks to great efforts in <a href="https://github.com/mirage/ocaml-git">git</a> and <a href="https://github.com/mirage/irmin">irmin</a>, unikernels can push to a remote git repository. We <a href="https://github.com/haesbaert/awa-ssh/pull/8">extended the ssh library</a> with a ssh client and <a href="https://github.com/mirage/ocaml-git/pull/362">use this in git</a>. This also means our CalDAV server is completely immutable (does not carry state across reboots, apart from the data in the remote repository) and does not have persistent state in the form of a block device. Its configuration is mainly done at compile time by the selection of libraries (syslog, monitoring, ...), and boot arguments passed to the unikernel at startup.</p> +<p>We monitored the resource usage when migrating our CalDAV server from Unix process to a MirageOS unikernel. The unikernel size is just below 10MB. The workload is some clients communicating with the server on a regular basis. We use <a href="https://grafana.com/">Grafana</a> with a <a href="https://www.influxdata.com/">influx</a> time series database to monitor virtual machines. Data is collected on the host system (<code>rusage</code> sysctl, <code>kinfo_mem</code> sysctl, <code>ifdata</code> sysctl, <code>vm_get_stats</code> BHyve statistics), and our unikernels these days emit further metrics (mostly counters: gc statistics, malloc statistics, tcp sessions, http requests and status codes).</p> +<p><a href="/static/img/crobur-june-2019.png"><img src="/static/img/crobur-june-2019.png" width="700" /></a></p> +<p>Please note that memory usage (upper right) and vm exits (lower right) use logarithmic scale. The CPU usage reduced by more than a factor of 4. The memory usage dropped by a factor of 25, and the network traffic increased - previously we stored log messages on the virtual machine itself, now we send them to a dedicated log host.</p> +<p>A MirageOS unikernel, apart from a smaller attack surface, indeed uses fewer resources and actually emits less CO<span style="vertical-align: baseline; position: relative;bottom: -0.4em;">2</span> than the same service on a Unix virtual machine. So we're doing something good for the environment! :)</p> +<p>Our calendar server contains at the moment 63 events, the git repository had around 500 commits in the past month: nearly all of them from the CalDAV server itself when a client modified data via CalDAV, and two manual commits: the initial data imported from the file system, and one commit for fixing a bug of the encoder in our <a href="https://github.com/roburio/icalendar/pull/2">icalendar library</a>.</p> +<p>Our CalDAV implementation is very basic, scheduling, adding attendees (which requires sending out eMail), is not supported. But it works well for us, we have individual calendars and a shared one which everyone can write to. On the client side we use macOS and iOS iCalendar, Android DAVdroid, and Thunderbird. If you like to try our CalDAV server, have a look <a href="https://github.com/roburio/caldav/tree/future/README.md">at our installation instructions</a>. Please <a href="https://github.com/roburio/caldav/issues">report issues</a> if you find issues or struggle with the installation.</p> +<h2>DNS</h2> +<p>There has been more work on our DNS implementation, now <a href="https://github.com/mirage/ocaml-dns">here</a>. We included a DNS client library, and some <a href="https://github.com/roburio/unikernels/tree/future">example unikernels</a> are available. They as well require our <a href="https://github.com/roburio/git-ssh-dns-mirage3-repo">opam repository overlay</a>. Please report issues if you run into trouble while experimenting with that.</p> +<p>Most prominently is <code>primary-git</code>, a unikernel which acts as a primary authoritative DNS server (UDP and TCP). On startup, it fetches a remote git repository that contains zone files and shared hmac secrets. The zones are served, and secondary servers are notified with the respective serial numbers of the zones, authenticated using TSIG with the shared secrets. The primary server provides dynamic in-protocol updates of DNS resource records (<code>nsupdate</code>), and after successful authentication pushes the change to the remote git. To change the zone, you can just edit the zonefile and push to the git remote - with the proper pre- and post-commit-hooks an authenticated notify is send to the primary server which then pulls the git remote.</p> +<p>Another noteworthy unikernel is <code>letsencrypt</code>, which acts as a secondary server, and whenever a TLSA record with custom type (0xFF) and a DER-encoded certificate signing request is observed, it requests a signature from letsencrypt by solving the DNS challenge. The certificate is pushed to the DNS server as TLSA record as well. The DNS implementation provides <code>ocertify</code> and <code>dns-mirage-certify</code> which use the above mechanism to retrieve valid let's encrypt certificates. The caller (unikernel or Unix command-line utility) either takes a private key directly or generates one from a (provided) seed and generates a certificate signing request. It then looks in DNS for a certificate which is still valid and matches the public key and the hostname. If such a certificate is not present, the certificate signing request is pushed to DNS (via the nsupdate protocol), authenticated using TSIG with a given secret. This way our public facing unikernels (website, this blog, TLS demo server, ..) block until they got a certificate via DNS on startup - we avoid embedding of the certificate into the unikernel image.</p> +<h2>Monitoring</h2> +<p>We like to gather statistics about the resource usage of our unikernels to find potential bottlenecks and observe memory leaks ;) The base for the setup is the <a href="https://github.com/mirage/metrics">metrics</a> library, which is similarly in design to the <a href="https://erratique.ch/software/logs">logs</a> library: libraries use the core to gather metrics. A different aspect is the reporter, which is globally registered and responsible for exfiltrating the data via their favourite protocol. If no reporter is registered, the work overhead is negligible.</p> +<p><a href="/static/img/crobur-june-2019-unikernel.png"><img src="/static/img/crobur-june-2019-unikernel.png" width="700" /></a></p> +<p>This is a dashboard which combines both statistics gathered from the host system and various metrics from the MirageOS unikernel. The <code>monitoring</code> branch of our opam repository overlay is used together with <a href="https://github.com/hannesm/monitoring-experiments">monitoring-experiments</a>. The logs errors counter (middle right) was the icalendar parser which tried to parse its badly emitted ics (the bug is now fixed, the dashboard is from last month).</p> +<h2>OCaml libraries</h2> +<p>The <a href="https://github.com/hannesm/domain-name">domain-name</a> library was developed to handle RFC 1035 domain names and host names. It initially was part of the DNS code, but is now freestanding to be used in other core libraries (such as ipaddr) with a small dependency footprint.</p> +<p>The <a href="https://github.com/hannesm/gmap">GADT map</a> is a normal OCaml Map structure, but takes key-dependent value types by using a GADT. This library also was part of DNS, but is more broadly useful, we already use it in our icalendar (the data format for calendar entries in CalDAV) library, our <a href="https://git.robur.io/?p=openvpn.git;a=summary">OpenVPN</a> configuration parser uses it as well, and also <a href="https://github.com/mirleft/ocaml-x509/pull/115">x509</a> - which got reworked quite a bit recently (release pending), and there's preliminary PKCS12 support (which deserves its own article). <a href="https://github.com/hannesm/ocaml-tls">TLS 1.3</a> is available on a branch, but is not yet merged. More work is underway, hopefully with sufficient time to write more articles about it.</p> +<h2>Conclusion</h2> +<p>More projects are happening as we speak, it takes time to upstream all the changes, such as monitoring, new core libraries, getting our DNS implementation released, pushing Conex into production, more features such as DNSSec, ...</p> +<p>I'm interested in feedback, either via <strike><a href="https://twitter.com/h4nnes">twitter</a></strike> <a href="https://mastodon.social/@hannesm">hannesm@mastodon.social</a> or via eMail.</p> +urn:uuid:fd3a6aa5-a7ba-549a-9d0f-5f05fa6c434eSummer 20192021-11-19T18:04:52-00:00hannes \ No newline at end of file diff --git a/index.html b/index.html new file mode 100644 index 0000000..1ec6330 --- /dev/null +++ b/index.html @@ -0,0 +1,28 @@ + +full stack engineer

Mirroring the opam repository and all tarballs

Written by hannes

Re-developing an opam cache from scratch, as a MirageOS unikernel

+

All your metrics belong to influx

Written by hannes

How to monitor your MirageOS unikernel with albatross and monitoring-experiments

+

Deploying binary MirageOS unikernels

Written by hannes

Finally, we provide reproducible binary MirageOS unikernels together with packages to reproduce them and setup your own builder

+

Cryptography updates in OCaml and MirageOS

Written by hannes

Elliptic curves (ECDSA/ECDH) are supported in a maintainable and secure way.

+

The road ahead for MirageOS in 2021

Written by hannes

Home office, MirageOS unikernels, 2020 recap, 2021 tbd

+

Traceroute

Written by hannes

A MirageOS unikernel which traces the path between itself and a remote host.

+

Deploying authoritative OCaml-DNS servers as MirageOS unikernels

Written by hannes

A tutorial how to deploy authoritative name servers, let's encrypt, and updating entries from unix services.

+

Reproducible MirageOS unikernel builds

Written by hannes

MirageOS unikernels are reproducible :)

+

X509 0.7

Written by hannes

Five years since ocaml-x509 initial release, it has been reworked and used more widely

+

Summer 2019

Written by hannes

Bringing MirageOS into production, take IV monitoring, CalDAV, DNS

+

The Bitcoin Piñata - no candy for you

Written by hannes

More than three years ago we launched our Bitcoin Piñata as a transparent security bait. It is still up and running!

+

My 2018 contains robur and starts with re-engineering DNS

Written by hannes

New year brings new possibilities and a new environment. I've been working on the most Widely deployed key-value store, the domain name system. Primary and secondary name services are available, including dynamic updates, notify, and tsig authentication.

+

Albatross - provisioning, deploying, managing, and monitoring virtual machines

Written by hannes

all we need is X.509

+

Conex, establish trust in community repositories

Written by hannes

Conex is a library to verify and attest package release integrity and authenticity through the use of cryptographic signatures.

+

Who maintains package X?

Written by hannes

We describe why manual gathering of metadata is out of date, and version control systems are awesome.

+

Jackline, a secure terminal-based XMPP client

Written by hannes

implement it once to know you can do it. implement it a second time and you get readable code. implementing it a third time from scratch may lead to useful libraries.

+

Exfiltrating log data using syslog

Written by hannes

sometimes preservation of data is useful

+

Re-engineering ARP

Written by hannes

If you want it as you like, you've to do it yourself

+

Minimising the virtual machine monitor

Written by hannes

MirageOS solo5 multiboot native on bhyve

+

Counting Bytes

Written by hannes

looking into dependencies and their sizes

+

Configuration DSL step-by-step

Written by hannes

how to actually configure the system

+

Catch the bug, walking through the stack

Written by hannes

10BTC could've been yours

+

Fitting the things together

Written by hannes

building a simple website

+

Why OCaml

Written by hannes

a gentle introduction into OCaml

+

Operating systems

Written by hannes

Operating systems and MirageOS

+

About

Written by hannes

introduction (myself, this site)

+

\ No newline at end of file diff --git a/static/css/highlight.css b/static/css/highlight.css new file mode 100644 index 0000000..5376f34 --- /dev/null +++ b/static/css/highlight.css @@ -0,0 +1,101 @@ +/* + +grayscale style (c) MY Sun + +*/ + +.hljs { + display: block; + overflow-x: auto; + padding: 0.5em; + color: #333; + background: #fff; +} + +.hljs-comment, +.hljs-quote { + color: #777; + font-style: italic; +} + +.hljs-keyword, +.hljs-selector-tag, +.hljs-subst { + color: #333; + font-weight: bold; +} + +.hljs-number, +.hljs-literal { + color: #777; +} + +.hljs-string, +.hljs-doctag, +.hljs-formula { + color: #333; + background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAQAAAAECAYAAACp8Z5+AAAAJ0lEQVQIW2O8e/fufwYGBgZBQUEQxcCIIfDu3Tuwivfv30NUoAsAALHpFMMLqZlPAAAAAElFTkSuQmCC) repeat; +} + +.hljs-title, +.hljs-section, +.hljs-selector-id { + color: #000; + font-weight: bold; +} + +.hljs-subst { + font-weight: normal; +} + +.hljs-class .hljs-title, +.hljs-type, +.hljs-name { + color: #333; + font-weight: bold; +} + +.hljs-tag { + color: #333; +} + +.hljs-regexp { + color: #333; + background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAICAYAAADA+m62AAAAPUlEQVQYV2NkQAN37979r6yszIgujiIAU4RNMVwhuiQ6H6wQl3XI4oy4FMHcCJPHcDS6J2A2EqUQpJhohQDexSef15DBCwAAAABJRU5ErkJggg==) repeat; +} + +.hljs-symbol, +.hljs-bullet, +.hljs-link { + color: #000; + background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAKElEQVQIW2NkQAO7d+/+z4gsBhJwdXVlhAvCBECKwIIwAbhKZBUwBQA6hBpm5efZsgAAAABJRU5ErkJggg==) repeat; +} + +.hljs-built_in, +.hljs-builtin-name { + color: #000; + text-decoration: underline; +} + +.hljs-meta { + color: #999; + font-weight: bold; +} + +.hljs-deletion { + color: #fff; + background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAADCAYAAABS3WWCAAAAE0lEQVQIW2MMDQ39zzhz5kwIAQAyxweWgUHd1AAAAABJRU5ErkJggg==) repeat; +} + +.hljs-addition { + color: #000; + background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAkAAAAJCAYAAADgkQYQAAAALUlEQVQYV2N89+7dfwYk8P79ewZBQUFkIQZGOiu6e/cuiptQHAPl0NtNxAQBAM97Oejj3Dg7AAAAAElFTkSuQmCC) repeat; +} + +.hljs-emphasis { + font-style: italic; +} + +.hljs-strong { + font-weight: bold; +} diff --git a/static/css/style.css b/static/css/style.css new file mode 100644 index 0000000..1c10220 --- /dev/null +++ b/static/css/style.css @@ -0,0 +1,152 @@ +html { + background-color: #fafafa; + font-family: medium-content-serif-font,Georgia,Cambria,"Times New Roman",Times,serif; + font-size: 21px; +} + +html a { + text-decoration-line: underline; + text-decoration-style: dotted; + text-decoration-color: #1a1a1a; + color: black; +} + +html a:visited { + text-decoration-line: underline; + text-decoration-style: dotted; + text-decoration-color: #1a1a1a; + color: black; +} + +li { + margin: 0.5em 0; + line-height: 1.6; +} + +p { + line-height: 1.6; +} + +.navbar { + box-sizing: border-box; + box-shadow: 0 2px 2px -2px rgba(0,0,0,.15); + position: fixed; + top: 0; + right: 0; + left: 0; + z-index: 1030; + background-color: white; +} + +.container { + margin: 0 auto; + max-width: 800px; +} + +blockquote { + font-style: italic; + padding: 0px 20px; + margin: 0 0 20px; + border-left: 5px solid #eee; +} + +main { + margin-top: 100px; +} + +.flex-container { + display: flex; + width: 100%; + justify-content: center; +} + +article { + margin-top: 30px; +} + +footer { + margin-top: 20px; +} + +pre { + padding: 0px; + line-height: 1.3; +} + +body h2 { + margin-bottom: 3px; + font-weight: 700; + font-size: 40px; + line-height: 1.04; + letter-spacing: -.028em; + font-family: medium-content-sans-serif-font,"Lucida Grande","Lucida Sans Unicode","Lucida Sans",Geneva,Arial,sans-serif; +} + +p > code { + word-wrap: break-word; +} + +.post-title { +} +.author { + font-size: 13px; +} +.date { + font-size: 13px; +} +time { + font-size: 13px; +} +footer { + font-size: 13px; +} +.tags { + font-size: 13px; +} +.post, +.listing { + width: 90%; + max-width: 800px; +} +a.list-group-item { + border: 0; +} +.extract { + margin-top: 10px; +} +.tag { + font-size: 13px; + margin-right: 4px; +} + +.navbar-nav { + clear:both; + margin-left: 0px; + padding-left: 0px; + font-family: medium-content-sans-serif-font,"Lucida Grande","Lucida Sans Unicode","Lucida Sans",Geneva,Arial,sans-serif; + font-size: 15px; +} + +.navbar-default li a, .navbar-default li a:visited { + color: #777; +} +.navbar-default li a:hover { + color: black; +} +.navbar-default li { + list-style-type: none; + font-size: 21px; + color: #777; + display: inline-block; + padding-right: 15px; +} + +.navbar-header { + background-color: #9B111E; +} +.navbar-brand { + font-family: "Helvetica Neue",Helvetica,Arial,sans-serif; + font-weight: 700; + font-size: 40px; + background-color: #9B111E; +} diff --git a/static/img/conex.png b/static/img/conex.png new file mode 100644 index 0000000000000000000000000000000000000000..49b99376001df47ff4d3efdfa2e5d3ffe4e50783 GIT binary patch literal 6908 zcmY*;2{@Ep`1ep$N{T^EG?)>iqTX!T_n9$`Wr*z2D`p}~W1Wm$p^34i5Xoa1S<04O zL`Alyk?f&jF!p`@#{2#M-*tW0b6w}T&+lyaxvz8o?)y1Uw22Xtmj}WF0)cqZC_Nkq zbO-=}I7K)Qv5|Dm*m3sju!}ZU8w7e6cYMc@i(MDHgTi4!puh_tP)Gy_w8e%(ra&N{ zDHDo{odc-2X(R^kQTz;n_cH{!XWiH_Bk()fItu@ zw4S!P{{ZWy&C?0x(x~v%kHU>Nl(bk)UlhPSU=y+nC!Nf{O6+-arOQmh()5FytI(AX zA_j+P7bR8Q+xR67vhA2@h27(;>)m2nF<=DFP1bzZ@;o^du=yT*%QdikeS_J)e;2wY z_=ghr?3CJ+AuzAPm&vK&WM#hoZMj-JdFc~!aw`&;R>b%2Z*3A6ev}eji&25AfZ@=F z=N(0TYug5Wp3At$(dHHgzF+;*%#RJLDp~r^O9)!mN69N0f|D(BisX1=UG25)|0d@@ z$$wQE?1-%kfe9v8ow2$4AaO#qg`}GrlwQ_7J3qrr4GQ|H$YjB`HQ}v7ZRfA|@q5hX z*)4n_z8CLIR_D=pGps$y7Y@x5OQ{66HIwzo-<&fXVoH-zntum44*<9+T>m(s5lWel z7o~qcrqSK7VqcP%DA~FAa_tNEsE*PaXs#rRk+f&!*CS~tOC2b&zWBN=GE_}?KI;A} zWWihGrU!7foPnJ6Ky??WrGxS1jTbiX!uF#;$f#q;J|WpY@O8e2ka$tMIR55Uyz|=? z$fa*JSi-zTPHXmhC3>{M8gR%Ir57aKj0MlHp%?ulRi|c~GKVF7Qm%cjjK-9hKg8zL z=58o9o3Sd_S>c1W!PqPkmi0)m=$^Hb+RwF`dpvU&s2XU(IZ#d&Vk)71e3*!i{8ZVZ zh~cWt8jvQa?VMpA&a+UDoOxjlhrrN%E2a;^kMs~zQqMzRFZeS}_U=*xx4tV*(@mB~ z-sEw%#c@)31kP zN>+R^PiFhDXg8GT@C}laKiovom%suDoQTZchtR@Y`w|6oE8^^G!o(`lRm_peXX@k; zi{x-5eXf%!cLS}vDZgx8$ni@z%;K3uqtjzMj)}W_Xs3)>99^s znaP~!{kdWl;Qpt{xG+8C^p6Xf+I$EcDGBw6 zKqfv_?LC%1z5+7oKC)@xIQA~?*m=mZ-NP&t(KrWgqLRSjH8Ey6&YY8KX4teX7jIGKU3oUPN#g9AV`4Jn3okwKWoI@sa_0=KDRW zj_$N!^T6`>pvTE+?Fhc9HU!c98*}S&BJ+Tw{ zy?XXzo8b;inSOlQQeL!XO2h_&x4DMxJeJw3+P&;{=&lK&SqP1jl;5D{1o3vAxuHH` zwwp%JC?hUkDQJ_VsaF?bJUU$(QBs=`aQI*b9?07)cxQYK5yb3U9z@jI8#ij)@^!R| z9?&0DyT<^YG{phWI)7<@&6Qq5EncjULc7b^>%lAhSVUAHP9;CZt7uu7XlWD9d;`U@;NLNm zTZeFHXiK7x+vsT#%~I*|L@=o@>9NTYz?63|d*;3c-169bS4WNI?htNT(Su6o;2CDS8 zk-v`J5fR$o;s>b=yKx~}p`43p&AB37pz}<$4G{LiPBkK1(!y7VpTFvA0*9u-cq-v> zk_|iwSzp*PPg7OgvL#SAUK#udiry`*mzJqs*P}%vZzgbw_6^zK`Yv66(LVY!{Pk^z z{Q(#2346!~i=nR@m6ra_QgCs{Y<&m8g(_iV&ZH4tHV-zdKt<#?9eQDZ?u1c$D3Pc zk9QhW#q$OaXu4!BRJ!AIV>^=ei_(knrZ}c#c$|{V+3l2tM%u)>S3B9R#G@*na!EN) zz*bYq-oD>bjOV>U{;-4~rS}kIQYhc=(rCY2=^49Fx0}C5e#*Pv96?$qkEENNl~51z zL5(&j8cjbtH3BcfV$FHtSB4sLt9mYCfHZNR%lvY_H|u5v(KqkBbVIep{YKODYr@>0 z_@f6aZGh>#8E1cvGWnm3J-tJ(%8XP5+*T7=nt~gFTbsv8XE6lTGuHIVMf<d0R#ZtDu7}pjowaacBx2AZfWf?RNlfo3#{cd(?XWIpDeaBX;^{W znIx1Sru+!DHSzyY3%?j@b3#8DVJr2{DionC@HxN=+kRYn=8u|i<50(BtT@j1LwvZ{ zVD1MnojQAGKJ^({6~}zWfqR-A`!Z9AQYbGroc{rAVHr|vtvm1~OlxL*w#=mD&UE5^ zbKiiFq)b+V;rqRJL-KenB+e0MM2P67J8(4$kLBdHy4TGTvpLO7kUBZ}TTK3Izfw$V zR^KE|9L?;cq$Hns`t+brQtIp}&O{rZWL9uY25MbcHu4t-$_%&#V+eGweY7xx>hNXo zs+oVjPHlKx-uCm-Ok#3ee5ziJI$f3L*IkTUw4SnSinK_w?Bokm!Aa$5=dt1tgN^IC z@3qE`I`A8X>z%w{>S!e1;nRdS;Uy2$c1JHd)ko_|q=zHY-=I^LZ?wJk4E8DYG;0@W z$Ax_z%cYA^!_njAqPv`udE!@IcY!(O`qCo0OPxc!UsjcSB(=uuP5-`nSD%8OnYC(? zN6p@DK0NI2Zzg5teJmV>>a;IVx=uYB?ABx}TjwV7AnyuZ?)du_x=peu-4g=$z2f+q zOHEBGc?kea>TNxis{OrHj(1f=t@OY(X5teJe_jwppZp!!(*9>{tnz)AR|Ftu;W%BW z8v{i4qnW+QbJQ5Yl?zR@fU20+dpT;fuSa^?npqoq+Sj8WHs?7);BM5zX(`HSsf9DN zuK+JwcemQOpjh$GRN^t?S%(jHD5c{{Qtv+Rpz1`P&fvv(`K4C2qwAksmQGcS0uRo%=7>?lwcaMaEz+fuVUzkb^)vk!U1p<+lYkL-Y8qHMXRn=|3bdT>{V7mN zx`xBTVoXnD6m#Bi<{3JI=+t`C_O$_qOTV+!`4nBJ9O1&$OHDT34aR%Qy78VX+Yx0?NZOo`R+8t^R$}KL8|&q%FC8Ey#oMqVL#r z{;1C_+zd#5TU6{R_x%FJoznLbNHVGUEmLy@XZYjOOs}%n{UX@69~XIPiPhuQoj)!J z0z6q7j6Ujfz8Trk53-#GI&o@LmityZN&wGhC?P%tulX(>k*A%#%#VpOE=72+AHdz; zlF`Iv;EF*Y5gAQG%@`JHw~QM)TMr*BZU-;H0)(u5uDE*Hq%oe2 zj9@AY|DkM9AI`B9qoy6q=C$tGmpZeYTjI)*^blyYufYQ#CiPtA_}8RzbJL}hgszm{ zz_w>Mb6-Ib$i7p>YUQFwSp}a~84V}by(Pn8^KV@P<@!t8^;&yBho>c1zy@d4)Twjn z<`!=q*yQ6YtUfsEu)o_E9K62@-8k+sAgiUY`eVEAu>vc+=UxJ2gJXYVcOJSQ5j?@$ zVI;#-&rjo_?rki_1&?*ko8qn;sEB_!WtAzv;#BsfAw^EA_mnW=Mtrj$YChkT?{JPm zjcX(M)%*BPmYlj6Z@aNz(Ot9EtS~}ScW@JCRQ``eJ7y&3g++b!sz;a1A2X8KxCg!D z{P{1Y1b9MJ*zx}7D<%6Tu@O~65?p_z&>k0Obh&z^GrvcqG@K2_B9{4!0uR~mbGs!k z(dua{-Y0X9p!E}NqsnG{QaBZIgbzrUbhc3dRtbCg$FuZ7{%M8wvzf0l`VV2=bZV^a zI2EV9cD2AFre?$Ur15iW_hv5tdkJ&wsmD0Fr?e-T5{GE@m&EgX7&6v za9r4tbTNF%3it24t<*|B1%~U07xj$8@L(T9l#5XaV5zm4<(D-pP=h&s7lB_16=+4| zNug4ofss+)C%*?q;&)nRJTc6mXW9zw!l?UcCwjFBQ~(}Xpes|I?0uPk#&RbCNjiIj z_**F5SE%$VfsaVtf7sL6)Jm6Hu*UhE!EFxMomQ2)627y-i?hdOO0=HN zuKnkkfcb|zUrnzn7H&qN^t1SokVd6RZdw#9k=q`61dlq^oIbEt-0t^Fhd|{%ES{dw zU#m9rWGIp$OLNrZ=k$seG_8$S0mLrSXKXcm>8|rt9OlwoqssjD03o9JQsn|2ve|HmG`9l<7|~vcTyu zHaSVWGVpo5+Cl)zs))I$=t5%xr%UM*B^Lz!!>SXG_gzBs1Hg}wo#%8_6NjW&cSka6 zZeup7Dg*{W7BISQ-4pk3>gJB2EFjL5AOi*z>&{4URW4?OYE58lTaTolVset<72@d_hpR{k}c`R*p$f^^~9cmpG6vL>6Os^f9M)Ny2} zuzBKq)!F{f7tp$_bTt{KfNGi~y)#hofbNl(f`qX)&2tf=%NRgt+BXe>HjQf z7ii;GLn85}RL0$>D?I6uy_F`#yIWz5+rtwa08#CHQ@sc34=-u_XZr`gku?~~bcDRw z5i$oee3Lqd%dYXbS#sf})V-efsGA}34?$V$T0GSF<_=)Y|2eUG2bD+w?<(`oAzijl zrt(=lgb=~OYRBysIaO3MwR&URZ}cjCy0;g0`56?Cqj-}%FKQ&M^d;p69dz3^&cbtu zcFNIK#%Y41l7g|D)ZE_uu088^4}rd0RKn*q-!M7G__A(FCd#l;;# zK(UGEVsOF%#;Y(r{!n?{&Ma@xlNppsy!#*Y2RQy0nQD=38%l(>g>!rB(r0e;U#NKG zQGw#hOx-Mo-oAb?o%7oV-mBnsNrj>N$w_s5DfH@z)3jZ&Ip??9AB>JbNq0XeH$s_c zh3N+I_ScI+^hb>RV}*~NF7Y2owBxQFGw8e>R5#7k45*F*BTfoUN4soOgWz=D1fJml zSqr3*L_HP~s3=5VAiF~ZB+fqmK?1{h=lbr>-n@v<(oG-97Q-uRCOBWU_0C>7Pl=CW z#{@d69ti`oc2G~{Es$McyqqTeJUV>4VyyWZ5|Xnnje-o7@Cs*msZ+j_z_Rs4s(i9{ zV?NeXQGP~Szc?#?s~b|ClAk*_R<_;xNFpY#eA^w!)zo$mCFa_7XiY7aEUu1Z_oBp| zaQpwcAlyc;X6DS`FtuH`9KcMoLiJ`xxhF(3oIb;y~-hIUeU=)En8 z`EOWy^)gIy-ZTch{)4ie$wIDCQA#KoqD#qoP%ZH(c0lc%15?{T8#?}iCN2hiReuR4smbqTbS;WDwT-oi;KoJKU<(ryilXWcUS zToH$M%YHET*eJ8{ZOS{KGW>eKkqfN;$^GFM7_~1NiV8A@z$3Ajm{S9AcB)kydwm!6 zGWWJbfk)#VU%J#T$}i)+^vVo+(wjL%8d-_apdG90>DV=6r~r`H;*nP9`FxAf*w!7C z83DYf(P1;&bL5XQ^xt`^^pxn-E5P}IKUhOEed%1~Rl5#Yb~T&G1qfhc@S@z7STJ_c zihP7zuz(y}p6Ca^;5J+Z(Qe&uRJ>MfKy3=Ah=y50-jx^ZaD=!t^q6v0Wh8Je9A-7p;&H|L13_fCx3HHwc9S|lE#;PEJ5cTpik-lNmp7<^1am20HdTiajW?+VmLV)z zHkslcKL=-s@qR7@zHU+p3WW9l%K1$yM1k=CN^3|bdo6bgk*!X)0ZaX$%-KP~s7o-> z5cxkyL+beLt1M*LT0z+ttm=0%d@6=>Tik~b+M`Wp1JT3;FoAy5a6So&aLIbKyQc>! zQ^&W*>6LvPqTQ(bDdj|>CqZdt7N4W57Y7pA8uKzAw}X=p`Y>v89g`6<-@B5aco#r` z3@6QfLMJp!k>mO@96*I0d4{&+I}^o{mURN9f1&wcyCW zx2W3+BsyC#b$5~^(F%rKY14I^#4H$sXjMU42Pg-= zCr+;>4o2|{uhd}EgbvG~YPNLoe$Njn-eWpz%{-ZQiX*%OQ3om42I%Ve@GEx|gg+vL zc&JWzzS0@ScK*kT%zyp{ujwB|6C0?KLCpV5SoPUjD{GW|*ATsfAiF^h!co4!01Y5$T~Y}XM8;U$(hW-<B+6Dh*kCBu&f%3Na%B-v+8cwSdTpD`z>8$yUDGF? zMel=DtD)BY&={b*2!OvGZmynFhVk& zH=%ujw&4aP_Rl3{V+^Xk#RtyUj?UD6j*J`I=b$&w#>hkCePsh~0AI3(eyeC%vtk*b zXialtjQ8fYwjwKMRye8J$F=TK(UUmy@uWx;`b$E&_eae2a?MK5GrWBxgTdVYt?At76^?J_3zDMK!E z$-P86wbx2(>5!e-d(U{`yZBMr*50o-5}PwnUQf&wx#7k#Gv~G&#{y;Usb8)UqB-3; z%}C%w>)scIT(?CW;@^|zsGGCmki)=&q+ff@pP;h8dF#AHd?f$x-5iQ4@xQ`r;eEcZ Yt8&*?bkcO$zn(y7eIvbMo!epm2frj;;Q#;t literal 0 HcmV?d00001 diff --git a/static/img/crobur-june-2019-unikernel.png b/static/img/crobur-june-2019-unikernel.png new file mode 100644 index 0000000000000000000000000000000000000000..226093fec9bf7a88f64a74451d6a21ac0436f215 GIT binary patch literal 364498 zcmcG$1yogA7d8xv(v5(m2M~}{xAgE>95V|HD=Bpju^%_0 zyy@=LffiXe|J^^EeozXN-%YUBTNNQ|zihsJ7}`dA8)nV%XS+x;-ub%et(g*L{vl^b zrmdnb^NStBe~w3h9Zm431z+FV4mJq(*D7JzhW<0FeL_DUl=R03-`5jsd%ZG>C?wA3 zjd(s-{7uJ!PW> z9w$NDyAs1H!8LlS@&3ijNj379^#_HsZW_CMXIy27WUs2NkmSS;gdukTBv=}RyZ|XI*fo-I?X9LN>Db4a1ycnonzN*w`hAt zQ3M%%)4leC;$!eLzKEbaTCAviutAd#iZ3dI$pnF>PD9iVhvuv(@+ckGS}3CCPL-jmH@=fRq~2Hfp6B z=H=Z{$x z>(^`S-r?c?Yk@W7`XZy5S6JBz6xbpJ5eHZxoLAnTn)7tW*oe`Ti8GmTk~H%i}>mZ31zkEDw_lji`J(V3OVzQUXdp=xw*Me==p5@8JJHG zsTDRlx;i}pmf1s$cUBX{)p8X8+-e^!=BZEY=I z@_-xHU^3FN*Jfa}?u{Ao#@R>+nQ3Z3pmV*_!5jGP&OWg3OVktFv-dsy0U8FytLpO> zWwk9P89DMkuS9Nr6$d_NO>AGgu@XQanNpE_zHo6#(`@e8zx;V*!L^T8e}{U`pehf#zU};L_64K&o)b#CC~Zj|#mg6*cwUJ9nU> z5D8_`bpPzlH+Qelk>n)btqX64k#ZL|Gziepd^RE$eXo$i%F1d+Ov}V{+!>zeb9p>h z;}ES`zVBF@l)ZU)cu2_najL>X9;McCwYNXUVaMz*A9EQ{(u0eQzHfFZhca%mCa~ zd6P;xQ)0Xag!9B+MdfI`C|a|`K)0E6a}I|r8*`$siv~&UCXcHrPUCg?_r7E?x@wdV z>_W0U>YSPL)%cI|EHN=8-=QB&)@3_sdb?tqKu48gYs@mON((=1R)AijzU&PN5>(n>(0+o6Ip#n$AZ2%R@hAKbV19S zH+7cEi?hAiND9F<_^F8IDF-dB>G^*8oj3kCubvWP+z*hW#Sa$OuXhFWohdU3o&4_c znn-WPv?N7dCd+Z>=dft{*P5F1ok=GK^(c`??;|2Cr>o>eMd46Xw<7KGftOFyitgt2 z;j=#y5iYmYCqfB9iP(@GoW~jB zG5s55P95XrZzYbKmyP-8JD@my2;-EjYfTd{@d&+WiMOcLXBRyqF7`C$7_jpyxNDg5hH{U49Lo+;1=J{ zuPpj}2l!w~@6CWE?PH*yEKZe|I~3ZnRKG_;M66|Un4CeMrLq~0xd8L2DhyQocvzCk z=aQe1@#=U(nUu?#iJAH2Jip#`mnymk1tRF_T;1^b1J0l#huxe2`_WRR)x_3gp)8f2 z&(AU+ph>)b-CpN%JHD2!A1u!Hy8F=^5hVkICbPk&nHe%s`e5;yBHilK-RX|bPG{KM z_5LDt<-BRB*6YbNzuQ?YR^b97w0mMfScGVS4AW!n>>eE~=(y57S#Bmz8;c`4ss^U3qT+e~{voy2kK0Iv znHM5m$Y^+?4@DVZZL{|3#)4dD7DSc4gQ@HbKnI{BClwQ<9V@w*i^#EYM!_Ss}R4Y?FOpZDT(Yx zP&SS!wr}<7beELdR`11&o}HW&*Cv(qEZ)hp=K=TU1RX@>zA=X_R#O@PcXO=ycMh z%WQ1CEW;S{fM8|5As#kadBi_eW`e%G<0SEG-0O09^X3hQJiaK4UQLbJpn>nys8w@- zqU5OaDkRNf4Ss=OXNOcUL+wV=CS@cRG`^hko(kns$%u#3MMaS zov%b65*oTYPeDq`Zuz4dtihV=h5q;N-xD$?1O)|^XqQL$J%&JVA+fr+I~T>(cly2p zjt&wM66#C^`uj&Ea@h?G4zB0x<{gdHFff>%e@*{&5-bXt*$NL?YwMj2W$Nh)i=*#O zx4I20*PlOso-8-Do@(Gd*^ioO5Qz8yoMR&&EXHYl!0+rD8xau^pDxUAJ-OO!z*nb8 zgI}*Hzm;^~=|4eivK@7K6%i5o0XQLEL&xo^-M%=#B8>u6NX6&OEY7PMt48Na-h-7D zjo5nI-JaJf@p8S`vtF0Sn{fD@!Qx~bQDqt`s<){Mvi!*@zLG^O>%tX6mm36mYL2Hn zwbxhJTJ!lkla*E+B)%vSU|qUy{fNSO#X*93|E`2GM%&8zI)EO-F&UN>mU(IBpDVw7S%ZF1%~6hAoGhZ4;DCD@+NOD)@aMhNk03-7m6Yj!;&gUiNO@S|H|SYN)9A z;Q<~HTezgt{>#CXXWKiW##2XgYva{LN7&x`=;e-Rpk>s zBMThvT&ABMp1pgglF>VzIyeJYoE4mTp%DBXwpVMC4D!4$L?je?aen*3v@Ljb7Cc94 zXW!gT~7zz_BDNe zdQ)uIbRA*%?d4MeVKZB!^xl{l4c!E>wjj)Uhvm-JYN7+b*tj_1!+o)yo+5=Lfu2aV z*yw1lm2PEU+uNIKHdZ}%kGTT4`=g0sL%)-lxO(Tk2Df>kpgv9Ya}Zp-88Uu5e3D=g zYxnWTe80_B*<6hnb+VMQiK0MEMHx^aL8*(kG=jpTp7sS*wzGWR=k|2G=5t_wY;wMx zSA;d$?XPelD>Jo6z++n^tl52h4E@}{lc#DCgiU!c;^|SKQ54m;I$pAI!dD)@%#KSS zF}6lnoG);`a2-3nS8UkqyVU+7A$!cS|8$o>Th8M%4j$#N;dii<#ph1&CD7-zwn0z7 z@451Y;Wi;*ew`a^DqCK+fOlrzuY`exCF1>id$!AvZTb)fR!!aYw63s+t2D^Fm;f$9 zKfHb0nqT!)Sa@EAPC;BsD)J$_WnXMjZLNn&-b#89EhXQle3iV;a8j?O_MZ0kY{yyw z#_g>ppR1yImn}6NS67AG8=tl|#^&L4i_7-lXyD5?PCR4sbLA7q7Z(>#d-_4TQ>oMF zcZ(P<>9yS14?uTYtLT_zrD*!kIu~691q1LGL`Hmk{NJm5|4jwy?;-yq_65?X<1&>^Amjo!zqTN;O-6 z3J(<(5-D&v#M)elf~kJIH!GW`X33Foe9S&3bn+wIc*Wi;OftI7v$)TA?X*MuZ=Msuj=5>}bnlqZrw15k;9dD}7b~9rn^6u{L>gbWpRx`l; zP88}_Tb_{IJcv^IS?^XNmKTI71u{4&PNRa`?$n8^4NMO!G$f?3d{9ASOU44rqGAd> zt)3#C18UPk`0knT4ZI+q|I@sWU5}sWWBwoFjB_Wz=UEE2s-0kT{6sYw*4Z>1Vh( zUsjCe1Q6nkf(^Db_3&Nkpt8>D6MF6l>&iae_2)k4>%)4*MRC;kD>+eb)A`e(|0fdzyp#sv*!luqg zP#oVC?R2Guuk<&ZAyi~txb@T47evd;%Ms-Kxa8!MfCecnEEvy(8a8=%;5~&mgIowW zYYuq;??H?*Ex%anPdqJXa^4&XL?rVHk5HFfcH@eS3%5%0X)&T@2WUBVKNDlDDJdF}LlEy@MB%okNY$fZJ`V zpGG(tuU^RnY_3t0i7=9cQ>945ZoVn=MKrC?)#)>03@qfy-2P{dHG=A6PWlwoL4o`; zI@@U27#J8RAA~PAsG%P~1}he%LSEbvUhUq{Sou2ECiV+`FYV@zB1n}c)EeLvfhHSf z1`UVJ%fTo-GUhBr_TCexP1b^sIq(5iA8o2rPqa-7Iio+dL`6F?FC+P+|4W68*f;NViYMqf{@a%L+s zCJB9v^xjTF{B(m!sN%ifa6&|EtX{LX4O_TfvH5(Y503PhO=T%x2m?*99+5*H*va@u zZd7UMvr{K_Ha1mNY_AiFm6@3afK|;as{-^A`)9ryiItZX8`L^>cv)eiqN1XsSNiFf zlbQbE+( znW>d68vo&Lt|q0%pbp~gt5-`|vT-(!f&ffFAT3awM6c$VxqCMcDs{@iZGw<;fLyJZ zItSomVWN|E=J0#*jD>{--D+DC6aCe$m5Q57@pKdj^iy2@t?b!ym*U#W3IPE@h1CQL z4^KCr_--W8?X^s`tv)!xH>qS9_1A_L9P&r7RVkY8-rhRb-Kkx>FAPL$HN7<1*E(tp zF_YG|(^b2GKT6<~U6ER^T~*?BFn&&YgwuSF_&th~8`O@DP5rS!W|SJ5FU zRvYlUR#$v5S1G#=2|(7p5pdfR!264zKQY-DN@o|AThECTPT!3+r-eHE2!8Xj`eHF< z&cT-iII_kBus~MU*5>M5`h1xQBzjiaSg~tgyu+rnWQ#vf$0`bZ_f98ee$@d$z;&Lz z7Gz2kG_+6BH2AbLE+<>+d1?tCK73=fzwzz_0PmtuepY-I;8AL7>Q%>wkS})gLLf~o zZV5mvh>ePRNJ^Uc0cXBgUw0c3@))n@+nc*65IA`W#f*HO8pvb}eRVR2f0z(bv9bc% zvchuga420ZbGRFO_=PQ9Eq#dPSpH+k%2egHZOPk=^J6M0y(V3D!RzlajM@hW4*GS@ zYxsrgW78YM)O~$pfCfmnNNCocE<+2+Z}6Em(AK_KY?Jal-5IWPVH0+RN;<9g(a^2_ zER33I3T%*^R<+qy8{5-;AaRiS&5Fa)m%X=FrmeNL!8y#js_Vq_bnaRHmOW3Qplo0& zUrc97V_I68#b`EQrn@4N?P~}DxYPz&b)_5;VZK5VkA}YXoL`tJsohXORcnORGt((PD!gfA ziw~7ekdw@l+lsy^9io5s7m-=eEd55Ky7gwt=67ExwqOBWx_uOhPRxm1!whEu` z8;2+X@J zIz^}Re%wENiLEBwPG@SvxNN3q=&F1B>H%anW3L8DdwM#^saAP;d1EucG9)4-tnxae z5JeGw6x{N1g@+vi&9>NvblWutmU%|yThe3SxCBzs2nZ}Kb%a*i&Z^|8?M_#RhKKj` z_ZMW$Np787$|rJxI)*YqDl!On^b8Cc^fD}Q>#O?Z2FWJiB})b-hF=`LDy3m!a$f1i z9hcQmkGLkWsukSZ6>5I!r|9|eC62J8wY~jUje?W&UqN(zz@(8&<@9c8h_TmDr4srQsZ8 zmAP*Qum`oZWAN}|0tpniD|F*+&x#k`sw{p5-_@&CiZ6@u6`mUz9ew$NP@Ckp=M+lF z%z!^1W4BI5wEB`IXUx)BXE$9eh|7A0$Mkpu(D8foej=IUNeYUv*?P?*(|#7iVzR)k zy0n#&vc!6bK@sW2*yv78ww^enhvj zn88}Fo_yiIy@%CxQ1X)r)?hCc6zFvufZcEEq^9;``-sSWCDis;a^v6G*)do=zI-`F z!)=rOB&6;ORanh^H-5aOtu7WT4teDJ8nj}J3=ANi;NvGA-o_wID6EWRrJoNB5aYoZ+` zEsnCfA9qeMV|BHtG-kQme0u}pp;oOPAs!x^=P^hg$X3&=%J>qpt8J#AS^xY1*7Nx} zkM9rMz5zCj=no%;N(>DX*Eefx%1^cXlrtrD%u)-;q@hQ>HYb*qm)%jBjh zn!vz7fHRZ%TwZHey@)oCl6K~AUPNen3j8m4iEO5;YTXZBIXIM>P|C{4?DRR*bY^5^ zPzcrm$|CL)L4A!N0Mm9)>^bgOR@U2bkO0&&0j~)cUc6*#TBqK9}3e>dlad1RXCYx{lhs}@Y^7R{8YMRV1IY-|s+6oG) zogU+8e?3-UpWp~Fa5P*9OYLO}txPdIw`YCv_T!Ubd#BrCZ$T{?!5OJnwRh``GZq#N zJ{n?k)>$v42zntO!)^yM0}l^9~+$+eZoClm8kb`yJ(W+?;R-D-JifJQpH8R?KE zYzE1CHsBfg-S&RuD8g8q_10FLU0TCOepsHo!z6{(SeMlO!5Ys{qBl?AikCARND_2m=r`w}5c2+_Tg}3(TLs({4hqsK zwVHc7NPCenHn@G^JV9sQVq;@>f0nA|jC#O|IfVFMj7Gp{vMgBVFym5u-{DY2zfe_; z#Gnw!^*AzxegM@JA_9Wr&C&HAd8*a64<-(F-Qftm8oV0|VD(!6{F(14y(+g+L6U<#;Ndvt;+@}8qOw9&;-0rlSCeE zOjXL}D3J5JY~_w_o_E#Yih^_n9ML~tXz9^+arBTazEC3c3*e3B>s+kP_8Q^4Cdk+n zTjNCqDtQggJ=f1IN(`GzK_UvWD4NHd6Xq2`SXl;5-n<+f$9wg3h5GePxw(hFUEST% zzQo4>((IRPIM>blUKvkUk%PR3g2&!pqhPw;EmbBfKVK+NbP<3U8QDIC6oHr&-%h?w zMdeREyx?s(wSr&4)B$eK%36I@+TF2>8!QgjC8JFv-)lOl%F4>ZCLSu$EcsNRdHWNj z`5{ObvukL$+<5C*7$XAlU&>Tjx5_kK_2nv$^;Ul z1QNq=&2<9#1H%$k0tws@rIi8IXEwg9FQ?z>WD8#%8`ClRtWDmk*ZYS~3p=!)*LQ|v zqND$!rT|9eH0h-Vk;=nrkxH~1S(b>AAcQVkzM2WX4r3fNd(Gm$EHB!PK6q>Qb10o! zDzehBOuM{2QuuOzrq-$CyI1&f&3R4D6IF`MpQQoP^xp>tF1Azsn1}?f)Oie_K-yne zj3>Sh&)!5`hLJpbASaYBu44C^Xy%^VPf+_YhWl|@Jgvv z&M|C4lO--EmG|fxTlfYxX~t?$cRsmp$fq~wvG|(|ThIOFGk601aD03Wuu}hL<%{Rbc{!=qOGk#&SKL* z^#!cRXu8p3Pr=(vN1)Fzb$a>oC4kcrl){TkM~>zRdBan@5ysk8`H3&-Lxwn(Jyp`O zt(w%FNjx6 z)^!i5`+}@OG8634cp^WvcaIp-Zq1e0Z(4lF-30ZsO`5dc8)M9}ndX9iU^g28W!6H; z6YEBFxY87ObEbC6Pgs8BcIpWi%9v<@5)()<&y_*#ceW!mZe(e*r7xwfOz`wXX?JhBou-*;yA>63 z`d~Zn7n!wlRuB=XtR6URS9GGFJwbfiF8Vu%qp;i3t+IC595Klp&Q)Uo&H)D>zb*Ci z{Qw9Z-TF#TMOhhJNmcb&Z>`Qnn*Leyvrx?usX0{C*xAYO#`SPT7S=)Kc$-*^SY=tt zSmBXd;mP%rF2=bVDKEYt7vr&;6#xIIVyHP~Iz1x2;+2GEy}blRw+zpArnar-c?XzW z7N1Dz6pah@uTPS%M{86^mw%e}+Rd|H_zr4Vjs>O17!D9|hi zS>LX!AphhVU+yz0Isz*$Cm=j|&Gs-{@`g0flhP;_XQa|94nQ|dQm)I^PK1akQp+i{ z_EXR7&b^o2w>Ydzy> z5~nGVMs_-E3*!0OpI%%6U*)1V+A!a5*7(uym5zX5pfOftRy_Z4E$6Bqdw5%~a&mpj ziT`S+(S69A0~CVGW_C8me1x6pPXOcvT+mHfe{r(Xop*WOdiZ|zS&`j+ef(ahWNe8| z7+u}vOg20c%5eKzx0K8^W6R3t&3n(huab6Q!Pyx2@(*dtbgLXo4PDjGtxqq;i*(b| zBT}EY+%ibzjH;iIv)%G2|23&x(v!s2{ewy`yQ3NU$%&8hv2ya{)>R^p7Rm=Jnfg0y zY`+J^;5Z(c3P~tS+g`GfWlFlgIc| z@f5j9xoRLl6}p7dHJJb0SAdlj7Of~$)c;Eg3C4m1Sx}|%7*BgsJvzcdbIw<8P5lBS zXV<29yt&Dm!JB70ydAD`8OYABP#_RQwV*Y(&gdzx@%QxqIX?0m4q3Q;S82{qZG@!H zH@UH>=C-p&Vp9@FW27^6KG`aq5NIL42;q%d?KiiQ5Q>NDypOJP3L4mskNjZXwCCB_ zzo+qS*?YzK>93j0VQ9|tw)@tB*|fN(L5k|CjDOA_$pl8%suDdM-!rBp?|VJJaGJt_ z|NB4$1jPj&6*Fyz2x@{3&eqDSANi!}{+vGq?;+&S83)+d-J6>Wa`BpU@zQR``F(`{ zZT=ZSOn;Ygr6hIS3)H;wb?x{u68%iQ`Vt^YTijAbT#M4TPgW?2e&6BFM<#L&&?8^t z++j|0MK#M|A8YMfF@hiD6=NI{wzqK~_;2%O)TP3?J9+;yh`j<0L63<_Nd6$4pevqJ zC%MIZKVIj}{RhQD4_;!vBtk$yfz(cF!=Y&o6aUdTsbqxeK{zxN-S=l2O09^CLEA)5(q-8T^oP^u1E zNqfrmkABsE0;q_-%f zamfCe>q1k*_C(R`_eR%s#edD(2hfh{*TG2tJ+nZ=2t=DB`{!HDCAz{sIEqwAe@>Lk zT66c`wu1TJunug|n#~+w{Ml=P@&9_O(jx!Z$Y1jj;y-dz1cSvmY>4wRZ-6@=*?1An6g=p7($0UH@m6cToS!Q2S`NWN+^lBHc&g z2qQPr*2o!kB4+=ke*Qhu(#^wA&4ab5aGnCNBzo?5t#4~U6k5wc-If)r4mk;ns23ji`-BZV35-zOKjJA{Kb6nkaz zMCE!P^Uk|x@eV;nk!GwX%t(jpTXdl?x4&HB%|WkuEhY(e-bc4x|GtxTnDE;%Xxt0ZiR9!>q9 zONAri4OKz)y%;oXvRkQ9Axpt$_e%6^Jd_<_0WI^zD3_N+&$|YoIDAZ^Y@o<4w5VY7 zP73LEKWOJ74izFdefoxy8Qq{%=BD=!1O0o-Y_U^6)+ZXpxTkw|h6&fY0+mv56w;EW z)2W-gS3sVCpZeh|e7gi_w7y!N2m|_~l<9P+4clg}%%pF;C{pN>9zw&yvIp*uD(Zb| zz0K7r$SS7@ItFEAEDx@+=g9?}?Z>wK?qd+YEI)PGo=6sO8M*XJ^}FG1{qwq{JrlW8 zcmMO3*r}4{M_Z1YZIS$+nPa;RbzZWlSP0*~M?*t(U&TDtDPC(k`%GIp(v_{L;r3bO zs!g-qyo|LdzuH~qg~P$;VPh7q)t5mg56dr6>d)DbJ}tc#994;eJ3;6*Ee3O9hA}uLPWJ-pcf=1Kp!=D>>1(E5$EPolI2C zhI{u9YZdXu0>9ph$S{ohT;J2w(80xh;<53pZI2v^vwJw$Upv`aEVwI+f4X6DM0mZ` zEU0BBd<%E-@bGB%^~qw}EMtu;WlHqDJT?Rg$!3a|kh|X#$VyJC?}$Yuonp#NnalP9 zBtWBBYqNpgw+`Ge8Kn8<5FJ9p$?0;i)X_T4Eq}zu&iXxp*J)DI5aeV)>aeLO6rXCS zG`qNp@@MIt3*X9#Opr$4w8m>i811a1>Q-}ZS9r%JVyUYTJb?GJLV=1*hMqC)^1m3g)qXv|CeRKkYsobQ@(%yr7*`43Y}D#P}fR`61s{3l;F@?~J7)H=U;d zn~sX~7L?BEX4x%v6UN|$T@-$D3^738X>q>4I9&~+r>9pc7z6qoR1}n&vpFwNW48&} z8mo^}qXoR%FC13m>;-3f?Ma3%gWB!UP^I&i70hX^4V^dVF~Y@n&M zv8bYZa50p0TSX`mGU+708=N`u7wd5u$QlUgz$f<7riZ0foN}7 zU4h#l$ywU|sb6_*GstH7l2bU#d6@q!B9i-v`QPSaKE-C>{e32cZ^)c=K{)?`@!(UD z+5drp>|*xq9UVY<>A}57pIfdegAyuKi@+9FMI<|X4v39d=hx#>0@illK+>; z?bpT9jE=q&55XGGQpBm!=|gT+8Dd!U>wd7Eoz45r1BLCXVnEAFws@tJzh?%zzY@)U zJ+4jXy8JZ~jQd3zp>_WtC3Cf>_x~IE{SRC)cp>6M7L@Q0GB963nxj`MnE=x(l?Ww- z;sBY}#i7aklm%$4iXHr@OOb@4#7!TPVg3$>=*}R65~4S^5^li)YiWqcJtPK%I}b?I z)2K9B3|~EXgXW8yTe%#A#L?vdYq~0q9A{cYk@zx#kYI{}H>9-w-Lxu0w9A2P{rI>F zRSjVtL#>_RT(*!(3Goe@zeu3ugWUJ(`*B(lX>SdYEO$BUo~3EW#z?>BDNS!0;-Ds! z)gD*VPfNhbUATG^qIJ(NSRIMskrE8?cm*hG`=KHy-$F1Fl`5&nHFRcAPxr)f0DQp@#I=iWcQoH6Rq543e zT_0Tw$ETJ1)*||zO1xksLn2f@ksFJ6h!S!1=bfL8Vyw|U242^dej3-;E5~#Wmyei8 z+20v)+05~n^b)Au6P-f!v$H@v*vvZ@PYkv{$+W*GZW<6K=e=KohBqXF0s%c96awz{ zHiWrEKw8xdzdZW({H~8HdipbHuF2RqBI<%(fTzVO8$8{KLTpeT-6m{IcqZsDEb0rkYzJbR0ijy@M5hm=wcLBxdOu$g|(Z3#dgGkxQkK5Xs^n@jZJ zoHnb*ArX78qhUk-0bxL$l=%SFfkA!v@`SY5pmD3Eby)4KVJcCvSnk~eM_KfRoP*#s z+$}-9S#(h-i#tCXuKQf)`LZO??EIe`s(q3+Q><1iGj#%cdGh!Gl!DJpuv52 ziZf8O)U%%D_oKD`?TM1U*Jbsv6nFT~gRn4+rtkOA*Mx7{mqFNp zKxb~h`N+mHH8~%QRL}cR$Mu;GB=EXy;mf~zMIXYXcRo(7N?`#i^a-AymwEbV0UT?* z+-k^4Nf9(3N)uIItZcAy3vb?DRutm%;cI*(>^IDBrwD4X;KBfGmo#z#nq!I|#!@!d z3MzOFms3`X0tfCgC7*VZ$kfw&CtiWpHr0yq@hV({`*t-4dtA;&;9nGyv+U zM{Dv|{Z*fUxH_9cCYgQxqM^Zxi?reOCZ23f%3!xM@lTc%A#=5BL8jRnxoXR?tvEwJ z*Hu2-=77^U7t!}V+e9QJmKGBA&byc6x^{9N&LJv!)|2_G@yF~I78a+g6*kkIHyCBL z^pBK=N5-47D(9tw;_T*OZ@F4UY%mU9pg8uyPQJ+6cqihamu7g8BphAHZ={&v#(l@WO9da(~jpI#4 z-=keO(wo_*=KE=Ljb6HQj8W2rjpfp`am{CQOF%aBJ@HINT>QLw`?k?}^AH>WWB~=T zaV+ydQz@D0P=j7tS~}Rg4{r$wGDy10XnCpi^`($J^#E>0RZ`(IdV2FkUG#}UZJ)u$ zGoE?eL>nguw-irHSD^5p)2^UrWJF(_BEIu;F}*rI=HrM{M+svU>?g1F`By-1_`(n9 zx*{oARq|4jxUPX9Re@{T$jfT9xzze=n|Me88lW+jWBs0Z%}}G+G?4}q-Oc3 zLRMbim}C5RwlkeM&dg!0^pYCa-MThRcb7S<*n2CElMR|{CT8ooV_QYKRY3Ju3zT^9 z91W`=RqXAPOCXeBP*(;$QmoBdoy|?2CtG)~u=VI9_$6H=N1y0 zJDl5_tq%%fjAPMGNJ&X?Ww6;_Xc1IZ886Yjy)aAlJ0C`NGEDN~+dT$lv?5KjM)dv! z&PGZe;aT(+yw0k2eJ@6i4pcfhUPbo!G_R&?uy?%l31 z@@de>25LPkKvcVO3gg8o#^m?+;0l`S3^CLMVP*rUB-~~>S-7}P&kvS$iU!)t;1f63 zmnW6;JHTMPc6Q{pUmxpy6H^18Bu{rBj`|X^*AmkgN1pOLR!Qnhde(`wtW~)>mRDj;Hnq?; zqY!yjJXXmjs9!nEnKe1CqGjA$+#0j5yg6R^8nmz<(0o#l19>lJC!XCFTH~_7Yt0VC z1K_Qv1o%U!)%!}bAU)j(`eA#*Zr=~cc^kFM#eEZ~WBLdPR)XHWt5Zpk_{l*f?Qz>OdIjc|}Z#C?v^^Bs(ap*oktx|8kXotqd& zO`*&E<$AhVLEqN%nVFpVaOmq@{0}toEuq$F;85HNuhdkwmTck=LG2*$Nup^IQLVnXr+>?9UV6Z@opOU#rpFnmId1Q;jkECQ!w+sWZkbc2tKj z3d3qo`-Ieua3M5IaxYMDQIJ4+E+W`MWfXG(s2(iF3*!rJw0&TLXUy7VKYC=&cIHL_ z{jx|c`6VkWCN{Rt05$L)gJ?JCN;Mtyv^*`$`Qvr8-@4A=3w~KmH%?m7t z|I2c!iTzHQjV?6-#nt;m2(2T#ea`Z{4Tb!6*S50^RG_yLs-}yzgbcCiFJLa>3_=XE z;#(?jS{gM<)ZXPJC-Q+Z=E2q~VkzN>QJXE@g{M?|Uw;J?VH}z?pZ=&eDe&ZexyeY1 zSxUd9QXpm4t+HJ;6XdzL5%RebI6XH8l2c?XiU!~7gr3(Vyq2#AKcxV*qqEl3@k2$| zjiEOj9rWo2a#*>gaB%B3@Gll8mDoaqOzN*&VF4?{qdozL~H%wOPA3`Lnov`T9@b-{aX0eQV`1H3pOUgN%rwR@A63uf$+^{lykuR;Zdm{2QL= z*nfHYiBD~Pbw}f{?kHoOBG=wbRnUn-nFRNbcFf0gK_b@CQLL;OC%gZ&c=P?>Wr$*s zjj1~D@IvE=tz+f=d5=-7j$0@-UB$CCsmt?2YmT@^Pq1%LNZ%q=lnie=mkfBRmrOJt zAIjcE#<~P;m{m5jor8Q1OFt?s6vN1Pmq6ijcc!%b%a`Nr)jm+EJehGCd_X`rMf5mI z+VgC0G{Xd4RNBMi0zR=WOEWTI;8zK#23bPZ(uZ?aW5NXzR4qF>rka(AvG=ejcxr%z z1k|i@3O0XB|MwA>iKq``@pUF==C#h8`XU+7_ELMC;!_KU)St5Qy6V zVPYpI_g%9u&g}K;ow>@ZVJXVWhomiKfyk$n=cm(lbaF}iJvo%zHdDvRZgXSX&M3^# zTueGE(A@0@NRGS6nCIJr&8~Yh>bntI8oM%!P@GDg>tU%>Al2M@gG?b(!}SrNO87Ws zYA2zpI@bRGw9b3``sNJIT}4G_M$Y0Sr6i6b$z8P+D$^qn#ALVgV#gEO5dOT8po}@Q4Kuwb{@4v>+RpJI{U-ReN8SXs5$wfd>GgteQ z@tsSg@trMW8zSF-f&wAsvMY^0nVUwxK%Mzl(c#||N+1GYqrdfacN23ua%}z0AAD2& z|6J2hE(pTu>;kYx*nl>AaPQ)sM@>z$qiY}j9=6Toe_s#*0iKY?Wp{Htst9_AQj(Iak35Zx7K8EW&UcOg zWjh5lqM+X<(S(hS4K!_p{KJAE3@M>nUibnYA;QU|)Y9;8!-ERPyDu838)m6KRq6#A zSY{_68v(Q~oDGXeTH)7Ni$mQ11Z%o22BJ36?y&;UNH`!G_ya<4%^5o*U)YP$o5|BFgq=wrW&)wu16>uv9NAQ*Go z7@9j=KP+i7C^rp1s&4P>1h{)*yd;dAeV{ClS}MYQ=Rm68^l%wl_!U!}CnQGZ>UdMo zz58XjWc|jj#NGpy%&!$fPk;nyzQnH?H1>gvoi;izH+KVGdjxuadENGs&bXR@4Cw-W zZNiz-(Cg%6xhqn$o>+8>=&dSC94inSfBpLOW-!N8*k`pjCjYI`P}*~5-AeFf2y&9f z!$lbtsyU!Br6-1oYgOXC5!8(BAE;Y(yjn|T-2c!fs8uU=QQugWFUo?-)umy-Ew)+Q!Gabit&(*<8hXmnzNdc zl9Gf(2l#RY5NamNObSAWH=?kLG||N|>g9)c+@=kWVe_!zE{bKl&7yFi<@Pu-*!-E7 z=~ADj^y{k&Mr-Ojfv!FrY;Ngm<_^#yv^?rgJ zt+?#$OX6(MIuQ_r0ibi7785O$jL$ijrHze>3SK#3Xg5sNa~J~pFT;Ngasax=nRSJ) zkIVBvPEgFa4~j}(N!u%=-h5eIHdm*?>nSK1*dA|8TzwEFO%vU>ytD**)*2l<>=-o) z?d`4v#};&dlx4Yy(%=DkJ{TZ$-!xspbQ>*C&gO6ZqblLths>6v->67P{~y-gIxMR8 zYa1pM2apCyK^h5BQV|3P7(hU}OH#U#E-7gdLFp3dP+CerMM}D)MMOZl`&;9E|DNxC zp6@x{zrOjyLttjl%-+{t*IMT~&vUVBB`f0hRy$8aLaR(tGaV_hzRNHfTD~I)fx~Mv zm$HObPX2im)g2R1U}X4h6`Vf45F3`rr?6xr7^GdoD`@u{EmU_IQK-|m_mt)!XJfqx z%(-Tp69eFHpRG--7m7I2Hy0ldJ@)@}lL*&xM$q?5JQ@4LV&6N+EXU0kpA}QsZl_KZ z>uke{7C-K;0HRFeR+)b3CJ%Oacn|1GjXt>66<)MVrWZ9Uk0<4b_`&WtSHLeP*K>)8 zTGVk?A_S>oWPF`894br>A))F*ldxDSdz10rd#Bw+wCe0H-_q_9Fx+bR{uxME z<|{Xv1e4z~`2Ea!zcpa(Pj1qyM$lCCy{5AC5!J7B?{!A<)2W&nCi2FfUr$%Y6MI&1 zuJn&t){WV2iH>!8t|!MxNKbn4Vl@u=Z;%I@H`+`$9R6Tk-?ZWj1DfUom7hWT;yX_) zLu3y0v1s1u?oV3&#v!6VIl=GMyEptjlfxRw_IF~&7;eWJjrg8a_?yNULw+^{84T>O zAC)S&L6{lG92TqJ^G)+r5lGT>aUh#KG();psP7NX+QNrr0!OW z8K3XjI3!t`HJ#3rqBuj74V@|mh2FVh}YPLaiiDn52K{pPA5lhHu!jWB+msG z_AZXj_q_Ke;Ld*6@BD83r)PP>w#QHO!geDLG+Y+1#WY?@u}t;@=p*sZHdLo)hu*{B zB+%OWG6xm?+GAfT`7JIZbdXLVKTk@cY@pGd>vZ(XuB|oepK!RVkIL!ys((mawEHzW z^dVb(PqJA2`k*sijYUs#Pf9gVaYKPoxw|gxxnu8wqFyEN5$Gd_XyV_1jgE;^YirxWW|k zKSx;4p0=nJs2}gI)&yIog|ITRu;#vR{B?V+M0n;`SR5xW@A3S;xK%{b7Rc?0BeK1q zJ?h)(VLiX=b-KGEY-`BP+dP=Wb^S(_(MM^-(hKZ^itF(-| zdVAS}fd#v}GLoXhKQkKFu>h%{e$A7#$fCVRK@JYetGc>2hldwA6FRpZ?+yO}QQwU2 zfd$yF;4)rrb6xuGw*9sT@ip1`816QUq}mB|T;icjQT(x_`E5Qf7Vfr@`xm@&&S&X^ za~+na8)Xy}$o#x!noiewPXjWVp75+sI5g*29<9}L`QINXa(7s{P$`U*r#4IqXmUFJ z;9Zl3=6Rb>I+Y@&vi(kv zK4||E+n;XpuL8|(t^dp!ja@J30}qKN04#-u4dE-?%a`B##HFO9%sVDQHenA~JeU~h z?+x=^P?+Mlal^32{&ez=3xlUe=hlMJ=v$5&*dVgsi^Fd9Xqz|)=-uPIzoMhvgFu(u z=7vV{*&klU$4}wk4@qb)nXL4jA1Y9~_GU%wcDx>YY`qN~gWqwX{UA6J`Fr1kX7%pP zna?$2U}wYnf`?jC%cH!dW2sD@Ts%9Q!1NkzxD2iIb> zjR+Qn(@G;^NAu`^+b+O^*pv>cZ4wwci5m-lpzGtb?dY?YCJ%%Z$M~`Bw)A z9)3rWyiJu&%>x7gQF9N%-dvUBeKO`0)bjCMC{M$A1(v0{-Xo7%=Z^uHCp&;lSs&fZ z9vB!nIY|M57h~{chI?qcfW5BEbOHf0EG3%WKR5boYdxf-8z;c>9^c9CuShj=6q|luH;P`# zjH9rULo~n1kGfvq{4wH9@;mx0NGt@o3AJG70^eCLL(_S`F%>hnubQPc$9Wrme8ni&bLkT95621Dw^%?i2@6w>g z3v1b!OCZ7-2k>&hc_%O ziKrMl<5PAS;<;VARHAza*D~ljIzJqZ8u=@xi`EsgGBYu84_*u*EHw%Vxp*QaD_gG2 zQM^n!IU+g%35|~YgujG;7w89;o}qf3{aSWCx_%jAM_Sqj>pKXAQ|jK~H5f$aitEyu z!be0xpG-Ds9hyj}b?UM~Z*{smYJ`v%f4@;ulh$2zCh;;per32Xn}ZXW{ZI7e(tX#G z2(OBuq=HivK!f4%hF%1mQIfw`wms8mp52r$S%`stc?TJL){S_RY@Q?tA4N`-6zc=98`M-@ot9zXXe; zPhTF=0aSi6N@-?hR;!xa@3_d9qs;N=?x2_N0+9EBVS+e4*;8`8i!^Xde2~^Uw@J+fM&kENdut4m)yu#3fvHx!aVY2z@=+{ z@@_b>iBO98;eqL5tpCdnGk4_Ba=i_Hn&#sqLIk2*)U_42SLoo%w7nHJHa3)tY*YLl zTU5~?@_>Aenq=XARrBn~%U3iIO0d;(EC#(xQrj8P8Rk4Jf5C`sL%+k^L>|2je|mAh zlgQp?DQzJZW|X?$vAIwRYz_0neX1PfiS>o-K+N6xpv9)E&_Z4v5 z*&MX{UR}WXWX5MD8i2YwXWVyZa|)2FLUYb?f&(Fa63o>sRlibN|3($`1GYkChO6J= z5@bI?Ut+&>%7<3K_4mz`Gcc%X7cWA8YYj;2I;(b+OR6}p9yl$C%HgkR&8~YCS2VL?0&x~2JW=T&x)>Fop zrL&aPS8+TVAT*=okGsmmwFGV8GBNn?;4*bqSo^n>T;~;p5-Ie}+n%@kx_4qFGnwog z+viU&(GKQ`Ck+%i&u$fS>8x{mjdoClBjlS0p~rj6w0&dncz>O@oF=A?HjBb=Dzmbs zg%N+o&j!HE$%8w0O{(IacP;pzZ)*jKIzF4zZIwj$$}1~hJFjI-*DX1-9^VRM6Bj)z z#Vu<*IsywKd)_Mo3;owi$zS{ZiZVY+_g<@(TLj5J)85`C?4bVH299^yqHCp{kuzWu zAUx&8fhqoE`d5$MfjIazK^V44;vz=i5YT^Bau|OfLd+ERfS7_n$*z@8Ozdh?7$p#uLsW+Xl#0}KdD<8FBt%P|qbDyRmN%+=>Umf;70PS2# zS@Z4_OJKx;g@TWW_hL+1#bYtI(b`SOuJ_ZV*MBW)5&kBjqB=O3k7d-%LV?8Sw4*)a zXg5&u@+dvzc&yj1_3@RAt}J#ZfzbFnDC5Bp5lZJ??*+l2EItNdkBw{ZwDs)*q4Z6A zc(+GM1|{9t_D2{O% z>DqmF=49M9E|);x?_0Xy@!2u`LG!s-v+L5aj*bp0MC^|Y%}?`?=FQD@)?B%9GUL*#b1q8oaoXkFJBFwkLdg5+ihr_ zE^}7`p1K9@n7d!!&G^{L#rZ7p3u zh5HIuLg)UKX8zNTqz_`TDU4xQk#(yxo(Ca0#p<9j3!Y~J?q zW_M9p(*QV7o%On{jGUiMFziz3j(|4OCMhN&0$Kdjg}V!ScJqtCwVgdBI@Ed^B+2$L z_4oR52-OqXwSYYyn&|I*tB$U9a39>omwj{Niucyf0xPw=DYsFBw0c)f&IAgI(C(-x zI6TlkF3~q+7=1Y;yTdl+LL{z&E+NhXzyHb6<{nwurHTIa@eDf%2L$+#;`%^J08kRp z+k%M`9=QGZ6h46;i4ag0Bml~=o{W_Gy(^||p#(s@AISv-Y7GDYkf1XMU#7Y_TcIQ_ zNf0Cn-R4;FvwZWT-e$it>ki(glT>0@4{J%Tyo^#MP20ZVZ9_pr%Q`&O*A-xYV1zai+QuK2`%J}mguegyq|I7Go1moo1XoQ z^Z+!O*%Y(G2un^p=c`L5xNEwV$%FDOKU$L~s`R@zSu}gLwJ_J&Pv`rj#_8X{CnQAe zK9vNl^nLPW-N$hm8UE}vIoYd}&z|Ks_?F4$Iv-F8(@xuL$X%_jOf*Ua%Z%{K^lce} zfXDw?csuU)!YPJ!|AtV~*nNiL)9S5#;TexMKJvEnv-P@iwjnG>F=srIxt%G4Q zuv-ec`e+0!`#{_as@2I(>yMcDxvEx4BbI{CG|FWylb-|a7#>4R9dlTT?2MarTK>UQ zrDA|CMYcSu^*Q7dpDIveKVE#t!aj5O;?rR!^)MbD-iP(GPVY0wxghv2NQlC{;whY{ znKRyCRgw2Zh=*tO%PLVN@Gb4X3j`9kI!%t0Oc3KnC&rfxP_K(}2#HR%5V<92Qt}54 zD-B>2*ZE@0f?_*&eY(_FFQpE)v(Kw%BMHUaT6o1NI5QJGB@0^HZ1HmI;VCvWkg_`# zX$Yg&j}ok(5%ZdnAmaRJQG2m(kkCW|gpKBHE-gJCDb?v}CcSb+2%3Wk`SV@ira`Z} zLy6(G;|9QOj(mL;!pN15rNLiKw;!)Xx&YD1O1uWFWfQHsga@B#faOZYz0;gn@e=@5 z09Yjplhf#GB&3NRVQ?qD^@oJ&Y1`tT$#+5PFBjA1pB?aIQ2{ zk_Jj#i<9M!ed~5ZM8s>lXqy}yKcDqmo@~c97wW!uOBn&niTOM*eE2oKXEHHjr$(QK zL@a$T;W~eytNR^NCK4QiyzotZZQV;J`TfkowquV@75((}^(U$mu9lsg_{da7Mn#pM z9NZGzEstb>IziwU?NOF{^^WzM1ss%oGVbKBVf@l<%i;>yLw?6j+6&1UxY>vi27doK zKT<)WopKiB0!r*{GVzlQ)0(v@$juOp(5JlZx-mQ5cubt=w-|SwNG~1f1AX89Y2V&M zqO68~K}98{^_gaI#y93&iK};A%l(kaND>pPN+6R))4zz)w%dRnF?f?IfETFs&hNOQ zv%_9B1)!`Elaqf^GWy!R^Oa_$HX{Hw@=4597ie-A9}4!I?#~FXc344^95}9E0}(mx zDZ@d&RdIIsxN3Ja3uqn3#~ICMN5{Rw(>`rmWJnvPIN1Vq;GI|cpZh^0`mAW73-IFY z3N*1WHI;K+r0%?_v%gO}(ZJ<+g1&e4&y$r)L&QZHVo2=S@p35emUHD3>|A|(PU_d2 z2EivZN#U(B2lPW~HdaGU)V}?7$dp(J5(cq0%I~T1YvCE6954hid3XEfO~;+r{Yuk* zq#?Q`)Af(b;Ou)7_$hk6$pr)K&IyS5BJOKDC)?-yP=RP)f!N2+^d_;vtHq5z+HC|4 z4AAnr*)%qfBZg2t^CZ6w&s*GZg67(Y#49hXsws)*meb7O7%x%6Zm|EeBmQs+JQsO< zR_x+Ce&+T$lg@$IYLOkF%-vxvD62_mXgJC7?z;Xi|DERkre@uC3hv&Xc_!kb=*gJX zyWC;B?*QZa5#A2Xc4;ORSJxe2EbK$4SvPUA!Bc)!ODp#D!Y4;NG!~OHx&q9eqc!jK zt+Xw{HAi=A{|d?};-g=81}goEw{h4;frx6LA`^bIemCk2%ld;S%k4Cc}k- z8g>fc+7O#AcDMv_N+*_ofrK+*`O_xZ)CaA5dio`r4EaTuZrs1R;i2t!Hoh47s-gYW zc(uUDa4FbbF29FRsGuNnDXx3rfSW|1O$}ScILiDXdb1CyZh}H z4#%%0Ng=>e{AlJp-QeaqL2zy}aDCb;tp<#H`CJ8H=wKZipFQ;}v!XZkzw9 zc}TqZTHQW9h%c6gi?qB=AJ^D6y2x~ZkjDDxC&7j}JrQ&Ry3vQy&M#bEwaOa+4k=Mv zVBkKt!O`!S4nrIuo570kUOglfq(pnqDWM7_rx*|%mQjAXN zh1>>9c5h#>HvJWiaLqYaRzvrm78ZlVymqKOy(=#S=dRDoT&v8qN-m(;ojDd0n-)BU zMnv=Zo{UCXFXY08eoGW3)tWiMjGDA>GW<@Kpb=ZR?A-DGPiF!b^a;N+uN3b4VVR7H z0fkWp{0$Ugm!32*RZ~?3JW7g5#mY+O%i%UyaoqJ9Y8kz2#G|+O$E6qN(nW}>$3q1I zVdgZ^U)~Q4=zV5g1V)F`*3W)snKX96*0uy}9QAvF!uK$kD zl1o^_MF8!#)=aNWH%>gylGLrS&ruGhivFS}Ee+X(-B|hN@^F!TDnih1V`_Fh5&T?A zH1(8~pC`rDL7R_;0PC5yTfY5`+F_LGlt4KF9}TTs=7%2IDP0H2Od*TuXA*!=*%$w4 z11FBzHX^D}#$eIIpOs+de&H z$L0?Zf$gu2>!mo&5f>3mtT&&&^BzrC$&rEF_!b)*iYX2ddD>Bj)O)^O&{P>Mo7otO zSZ>Vddt_1@gPpL|UY^*64J3Mw2;~|QzhrGTMBO$K<0ogWxFkUwoY2W}|4v>Tj1!d_ z`!rleaIj(lGq+cLQGFe)LVB_O2GOny!iiW62%lKj7Kg3Q7D z4->zI7prQI#sDk%Ep?+|Jb2jUT2`@c#IMt_IS&LX4{dHpZRT1k)` z5y;B>S52uHwb~>uZuI=$s3RlkHKctV9UZ{I1zYxt-g`g_*?9LM*Yd4%dt5;1hsCXM zUv`i<-2T75|Bn*J+iXhd-0|RQJ03)I@0ls?f3YR{5T5ri(^6AU0B-&Q@RvXEM9{4{ zc+-5F|9Vyc>N5-+0hVdg&VW3)29EHep9cR28l|+`|4X3|piftj0K<4s=z(kWfYFaN z&_q<`|LZsy(ZTJceSAq^j&1erRg#b$biXBY|Bu(>(928gLoxFG=X(XVHi`d3KpY*+ zPS#h-J(8!ypf2)X2b3_KO}bF2z!nM4#O58)B8d9Ouk-H{Kq)Ay`oPD>C;AF_>E!pO z{kk1vdMAcCSeZQJ+TUlagM=lU8ma&LiLRU4-!<4!h%+_xeNzETmowo=v4=E9S&EY& z(<<~|0g|DGPz42r2yjI5(!5jbInhT6(5f3#ED`Iy+!FWv`Rq|EoVs1@3hu54EPSpj z=!0h3|EmZ2>2oVlFe~M+kjU-JXZylSnnMT6i8)KC+EMh8lpXXHxN`pedx8C$p9BMF z)&KKoXywQK4SWh-p8ryAVqo}nVgoZJ-SaI}MWwtmP#nPzI2!*5`q8iKEBCyHd6j{| z=#s<#ag&`h<@=IwX_bOSlTjZq7JEXjDnu|0#d=M-^tk@EVVP-b+r|@=zfi&uY~hID{{ViNPG^PW>?SNis>bcrjH;VOL&lA zE1la~=88#EcFPn+Kri|XU0?sztW>G^VA_wbSVz+cBDoWb4Jxi={qV}I(|Rl1=|Gk8 z6DJyV+|J;y=($4@CmY;{mPTnEIP``coQEar+E*Jf+{M_qh~+>I-7n1~1@!%b{0f*0 zn(GvSvvF6B=Y_?$*KuRq@A74L+xErjMP4Su?cd+dum+~~FdG9a(DAt14xRB&JXuZT z_H+OpZw%c%uzvy?lgXi$5g68o@|yjn99_3Uot-U~0Z=~W(mN&1siCQv=sTCVJ0KwD z-*SSsR!ZX+=Hjve{yNdabh;~7Ag3N)=xV;_zt*se#zozhhuBT#O~6)Zb5(eT{_c}v zaF<#4-#CN30N6;hrI+u5T~!!^pA=$gplYQ!X;6|p0`}pFbz6P?$w4LY;rAL{CnrxK zm6>x~o&$9YyO7P^SWYYn8V+i@4o=5g8|1(}sd(Ksth2r=7Qg1!gfAINDCWA6*Y*zb#^8Ujv^;E!lr4Mt(n>Akxh(5M z&FaC~F+;aS#VKu(Zip|zZ6X|`Ecl`pk5_<~D4?820Q(3zeE)OvIbEWyQKn+ zSBmgmk3@;QZ)s?LZJ+W&ldm^)P}ElVtdgr0n)jAh_Tp^CFlzFC6z-*{4<3{)Kf2@7 zKbHmGHetML6ZPOTlmTEyo%{Md0hol=_Xw?%@IkhAQ}g38a{24MGd+$0A=|y{1!$T* ztWcmw-qqA7>u6%PxIQ?SFw{hsGW`%TbAzQAktOC~2d$P+#mBv$duc|7f1AV(8P}8) zHl@;vX{-#{_Gl^M1%KcRu;cPw0<>`lF_#H0-m6IFw!b$qdDWU zE*2D~zJ0eC0+x`lFks>Qy<*3yTp?u0|0dSp0{Z?TWxBY>Mqi|hkpR_Y{43pgOW>&V zzp7Bw3Dc7Pr=|nv(xv9T@1j+x?alTK**Dc~HV;@{NUw9h=vY{9tU37c86N~zq$DIw z-o5Exzdrl)NeU?oqhG)Tt_Y0xC|znrRvMo);e&0W=k~8f2cqB5daHfZ;uGJo0|!*6 zy6kiK@CpC*g3p}^&3Snl3+FIH;{?`6wZqJvrF1!f;+`C!!ipTVvA@M?Nl1LWyWYfn zC4Ac3eG_y`&>9&Ba=`edfVLM`uUHybJ;bXSH>X91x`joGdiPbDJI-c{Hw=oqDv3T9 zGL5S_X&fs$GoM`@DQTm;N>3AJQ*6yIK%)pI5#YJh{|F01Led!^KTx8tdk7nWz+^x(vmN(}2zUrEncQR}WS<)tKBGwVbtlUxtF|dOV?G?|b$>Bl%XbLvJU3 zZAkBX6(%Y=`>x*5jNAT9XI~O8;e1xmV}XCw59R3bhwe+lHjn%1_EijlM_B5Z7-K8_ zIo`_3eXqI_fwlPXZo=CeT3zORej|Vg!L$yKxz^7l%qVagx7oFRY$~JQRc|3c!?i;J zvK%eWgok*Gw~+{H{wKEZHSV4LMw7r^OeoP&;JtqF;zfu<<5fC3TZ3A|vXuSKhChGk zz%bpdD-mYYz}&0gjH(}_2>^PD_@A8^xJQGVrbaO58`UMPuBOiJ2FKgG8+}=lC0$FP zjsbGO(u>@sr6nkdfOj>?&uR{6j9245*4(@Y8ZT2Pm%Dfq@96*OT>x(h6H^Rg5{ zn_p&>t*xzKk*3nmbJhz4nhwy_7~KHybn?viSSFfg$w%1#XjA6w*C2=>kl^-t+5|f? zP%;3l{C7tk&cf4Mb&fLe|qoiVi>E9Ak8rruYRp% zK_#f?#wgFadYg6E-%E076~msXjQVm2ZM#qHpVLI0T2jw6lpy!36zvA_4Hh@lgzJ48A*#&T=qB+2@!7*-Z_Y=1PewdbOm@i8coxDR{zU;yS z_n}_~SDN}X$}LXo9({e@a>H+=Ts>z+Y#@P4leFG`B3GVr)d-rz_B-l44AwAT=R@t@ zj~^ylgjJi(OB5-9NyccX4s? zJ6d`L`bqgaG||;AlW12DGiOtj&aOBZM?&J&cn17CF*Psfvpdq&_@AFKN?w}a{lcDUr}@~RcH3Zf|7D}t zStyf0FtPLLk>Cnx>YulV&Bv{Ao#Oa-TVNr6wW)uOlWrtndmj9wAIm3@BJC$@r;By6 zPv1S!cGmGs@(mn8O12epPTIO3oT*{MOuJi2baV)I+yCSCXDI%b_Q%L}v?=X0OUK{5 z@suXbHnb@l$(fMdase32EaJ`Ac-M8IO$R_zgZXx1R$J)KpYa?ZJHYQ)GZ3 zx>YmVxC-K(xf`!i*5?SVzuyQcMQThQ6sru<7qp$#^+c}is`I3}>ey-iG@-a-)IB$X z7xJ_anO&IdS{p(r&V2jl%~I%%YY!)m{{9;Zz~LnTyRa4JQE&FKI&4M>f8ySvK` z1K>L4=R==wt3&NATXU+jDq7-~(6ykJC+4&@)M4W}3b+^^-qz!9uYuNm2hcuH$n2lZ zv+sypZFYq11&DNqn=%=|;c3)bH!N!sDJvA5{-6P94KD6=Uf!AvJ?%`UU~a>PPg}}_ zRUcA`-#^|@2Tg?C!7~yNVgj&0NEsO(?$lKA&Ha9fCK(b73;RI)P%jJEJ|H0FVXbXS zA5ejum)zfuV0S=4;x_F^yaiV7*(TNQVmU5?2`^<;E(?caMx1UJ0UdcaBJ_R;@Hq5?p{jzI`0O0U0flN6Kh>aNyZx3vbd z%@^>t8x{7`-5G*5BOsQCAz@{ZW+l9Q>DTDv33Eswfv9`hiagHNJgv}WA?^0Fu14oj z;0i0l;5$&LQFIBQN9YcM4e4rdIN80!op~7D(X{=oe#9u2LDbQ4{)-~`eWsia6?45R zBSyBC;KUrPuf1$++*l0`uFYNNjgE-`+x!uiD&18s-d-*)p0wj1snq-ysdwG)v9pJv z#}E+#`}*&{zs+uiaeJ@&P$C#%Y!JYvLFO|vJ}y~OOlkb?F$y-GlqCyrD)&Y@o1qRIRFE zYPYIhTl(9vA7RaioUFP=JmH=HN7PvLb#cjp^q5h}FwMZ+T*)rjSBqOG07Kbs30qf65$T!hWjww0;&k(8^6AhY5bn7w zHax4K`Y64yz$(D(`aVEWm;&RYe_g+xjctaY^?25+Pc2r+y7?xf>!Me zSLxpA8^4;F){dCs6T6GzfDD~)^NO>xu`&I1r8yY_fN%re&F6Tk2B6_8 zzp2OGzF52ocL5nOmJB0BR)dGE^TLC3k%)-CzT>recc6$VunodIfMj^2r05M7Lwk?X z&|_}w-8|@*Px!>V-&WeEoj{}VB328fkzZW0*8wYpM-w0t-8=m` z2t=0)XdE#>JR;nR&*bMb>cPhV+{3qJIs6z1>sYAkK)0+{&s~DO#`?38>)KGqI-yzD z6&~molnq-G;IwtbTXmGgr*(7k@c7P!+yP6dN^Uh*`CVway;fjrG&E9v&KnPI26)nz zPENP}`N&>oGfFN4o6Ny5zvP)zE8vf3y&wyw6Low}{Gv}_F3o*rGi0@<+qnrC^zXD! zzR==pmg)Ke2rq^9{0YbySmC<;4aP4}2ST`r)-|mNAlf?;jSq;4jYZGW1S0o2_-Z*h zIYFa(1#r`ogUv+xhF&~ELa-h?sYI3F65>5EPy7sL1PsQAk1@Hcov42i21>v?z9r(mc8+P9nbUMhOZ5eW%NT%6N%UiA!L*I|q@`RPCx zZ=qna|M@8;dToIvDM*8b?8m@oMEvwN*f z6k=&2FLoD;xAEWyjKxvs9R7KU0WyD>0-@JnCin1ROf#KUjH7)w00CZy30hF-nI@X! zG8)~`^E(`14Qjc$KCA^qt$LWruo4pg;swpB6&WREe2OWO#VCDo%^yrRzo)&}Y-6xf)9znZS)Is0fJW&uPefpoRKn2(R_3Jf&q210V?=%`JA;v4bm7wfRlTl?B zk5i@yD3s91pHHU0pg`SUI zgNGbwrx&}^U<7q9q!En4j+|M4zswLW=LNT?c$+d%&E0ePWou;x-gVG#2G&{SLkX>k zl_E;|1AE7nYCGMuZ@UXsB2&P>^gWa?tbIQI!7T--ChxStOgnFT5e6t^Wo2pfyuYt9 z1lr&=_|!nAKjA{VA}knP#K9p&i~TcRh4DT?ubSmRU-6!V=_$Y<0Ck9qPc!gYNi4Gy zcPdHge9ztW9x`Egr%`;~6Qa1kt1J&Dbb>E6Q0p&Z-G?H@7AI)~z0B4EMy#uvOZ35; zMxFB2Oto9lgWRnJY#n|52ItQaMECSNoy@v^m5i1yNXy9FIlBe%J^({b>b`of(M|u6 zZk@e~KQq&L4jJHL0mdO2x6lPyRlI$@A)xGP$%0d6qr%iNHGrV&_E$ zB*M+R^*?H3X_9;`IXSt5f{U==0}D463V-u4-Z6DgtbPMO=Syfv*!}IcRj{i}xT<01 zk^a5D_tXAayZP8?bo+QStPDGdJoq_5ik-u#$2#y8g5h?BAp^c=$3yoQVeVv(I;WGX z@28a5OFp;nBEYX}mP-2jWn0d~;dB1~$be5&NN#qjJD8j1DgnpO0EwHz1=6eU{)+o1>Z3 z4x5Ok8!tTDHxFi?a8hK1R#P%Ci2ID)qzmwBce>E_90NmLnuN@(@a8Qf&fk3=UOJ02 zdG!4^WOFwrC?3^iMEfs$wz#LNc^L+t5}wG#IB zYt^e0P8iD!T8I7^80GDV*Lcx!sQ&pI3Uk^y{)wvt#;-$c>igx z9#-UxUW0bgaQ2=rW|%kF?G|1cMCrU#i+~hE^u|s7E8|Rm23qvh|2mXOwEYUy`v5^N z@buWg2u81#e7$!}93zQCgYl6O_30+^i*}0%f)FD%(uT6%+*W?*Z|6%QC`@T6nx6hX z0z*0EsW(Dv_ z6xZN{8H=*iS5RmZlgc+KP`*G{L1n2aq|F6^NrNBpL)5L=n3;rz)`PjCuREEV1X4VD z<`=kkqwNc>_j?s$GZ9?L(!@l6dY{A^KQ*7NpK>r~GMp^meC7+|)r)b8jvw1 z^<|pg!Vw5~+(9vL#n;3tc~3o(g&;1|>F)*J(1HA^9&)D1KYtiDJP9&4Q`ZEts8hEE zuO;F}i!h@*+}tsaR@i1^L z15i)jTH)c+Ad$%zlB0%aoaFG)ll#mp6fIcRFh!qPSbpoq{T!9FVD0aW%Ze3|tw6yR zsQsvqMx_yb4ltT`$rW!VZmxdF_ali@(9RMhMS=mCc#r*gK^ zJ*9(}IN_D%UZxkh$a8%EISbMUQd472!OB#ZXfmB1U5JwLTV31dXsvZ*uhr%hSXK-s zuINy}S8>3gm&CVhCCPey3x@8E%un1zhVr|x1<3{c<0~AXgv9#rE{6lDVljj*5hR1p zF=BQlqW_OpjChw)B(@ZhuK<$6>E^WrS+<+M6)vFJ0m%}wDLttYQr&vzhuPYC9>v~kt z*O{Lb*$v6R2RU=*9sYL2h2jqG{M}ys3rt_k1ju4s4ix{U(E&!!D22kWgoNQIuzq=Q znmkWnyWXefu(N?c27C!5xy6>F!(qaajHh(@dabH{GxJCGCpM(SoQgAEb!%FRDhWhX zEWuI&`27jX3wZ6gmh-C@1fnkp1T6MpeTRk0*h5qIJ=UQOK|S&{S%*;45&cC1W~>0w@-Rt|IVDiK{ze|2TY>_zDQhqqmyVVg;g;wdXkhbqm|Y>nPLz- zK{j!NiAAK`kF-xfafTjSMD*61Vr4F(gzvm;iFnZz+;d^G=pd2ahOp%Cx&<-JxbT#i z4vVpkriac3&V0$=*k?4VKu5_MMNEw9MzmiKO&>Mj6qx+357$zCSLExCG_F{FJ=b$ywzw7R)N zXE8QdP_junF<1JEzhkpg^1RU@vk_wY$3mmYM)}c$OP)ncYF4Qnob^AvuIt&e{b_CJ zy`1{))}MP`%hB{xJ6c6 z;?Ad^mi0co79vTk>+$}=nS6mxFO4xV+|}Ic>8(smQ9nXH0e{^juoYEbxs@4mx!oCs z9rh_sT%JkrZ!%&~ zIxa-El2v3xyH`#lQ2W}85jCvjtbLM5SnV4> z8E7mDAFX`gq>AYEycpUwEUnwa(gS@Q`oQ*RB**6z{o;VT zT$rMvBm>-C15sbiZsJ>u;RrCJuN7Z8QxdToKKjG$hBDv!@l`fZ6(xTixr@8(_0Zc` z=j?&{<@;DP2uAfb+F_^` zp5sJxa=E%SSnGa7NC_~qaOjub7@*#LJ2ca~=Uv&BJJc|nAJ7%HjbMDGy3O5{g1$`x z&Lga;6JL_npDzl`jI$(X^`K%*I7Z0aCHRq{g0FS3xzuHyYS97zV-ZJ;td$cn8Ovjq z`wG`2Z{5oN>d01{P<*JE^WdTUjg>Oe2-S*Z@yIhCzJ%;A9uN_-@^PLJx%v{?;8*Q; zN(NeK5gf;6vx!E*nvD~r9{YGRiL-vFJ9)|Lp+qD;eq`?bAI=&E?3vV%Qxq^0>c)zp3ONF27h= zPEHGgPyX(*WXcYBwx)0@e8JQFMAULW>u=!4NM~Vsy7yiaH~Y1Rm4dun1^!W&SH*pa z3%RyQ--@-U9Sr)+?Kme&EUNO03IY81v`ZW6pHX%@(b(r)$xU*M`lE`i85LvCdyDuM zZi2Yq54f~*l1N7Muyk3-mWL^hoPz{pRojbxk!?mjBk2epxF)A!zaTs?`iODF5z_{_Vsc zavGvjUj*YK7or4o$?bnA2uFu_QXC%R#nRmN;dH$OX0F)CP|~CJgNUz2SYxCJ>X?P@ z;v~V>4;%_t-1SZ60={MnE(_wwJu)B~|Aw$k6vY4hl(FJN+LWKPk^QU@Z>?&Bu~ot$ zpKo1Yc7J(*5vd%tLBTz4#xYu4%Wt-c7b5HoUtW}7Fy>=l&%RjM@pVAJy!cT{-Y3p^ zNg;pNucz_4uqkS)6^mCd`?wa}G|TwA#H3HLy(^y!43~=_oh}<^OUevl$5WYOAzzYJI66X`Te7bnOiq6FPt3n1U|b(t}VwQN}nYGB%u%Lm< z+>BCs+08x&G%-6IcT4=gIbvyr2*|p-y z<7tH_ zB=gIz`=v@{ZjL&`bQjL^^pGH>(&k5=jT#vT*{K6uG7YbhaJrKOD^N_tw@_(C;^{wb z$6UiEIFnA}r;B^U z(qeg?F_=*itEV`L*!js~!drvv()3z6MApTZE+XvsNj}I)Onp)bhs%l*6R*$y%91U`#a?VCPS09UbxuzUe1`A;^{13yvU5Ytjmt) z>Ov%imdc%71g>R1X0x0)v*OS7lf6j7h-_a@#qn(S$>DinlkcHq_cpB)7)=y+4~bhL zzGnX+MLyHbjkKfeV9yL8&AR`X^w~v7V7*uUP$-ECwnU43JU0S*uP;t?A+(t-;^8b$ z2WS^el8OxOSv~)`TtF+fZne_ciWM$VGJwNr&N|w){*su3Z&_iWkgPB2IV8ft(2_+p zs<0Fcm))Xb408H=>(J1K_LZ>oSVg?x=VK&sea=pX{Pa>*Av|L2N6-TMjo%f@@=ZXC zL&fHBys>F{rTmh?KSTnbBkP{>@15?BkOfFQ8e|Nod+CHLPR~yK3#{c$hb_7 z8iDMj)}vI4uFqa2Ds;*VG*+R%v}4W-`|}@559o@`z9zXv^%R{oXBw;VWj%;vdY%}D zhs3hf;j-E$t(LMG(I`hTvi3PqunRoiissBo;t?)VF}R1o{f*OrWXN(4uyT>D_oT*xqxTHt%!5}3zypCyc8rZNq2VPy9E>b z*0ppyZz)3+`jCUrs%+%-{+lMj@Wn})1b*ANUJ|%}HZFgG>BD+X z+7o{lEDe<&9Wr`iVm7z=Xr?3yJ2G05!@@`+K+#T! zyQWC?;U$k+#Rs~!s_hS5obiQE`Lp~^z&4yf#)oBlbFif`U3GZFS6}fx=Sw3NoH+J< zhcll8DiR*@;|EwGH}&7%7@@92z0-#Y1&S6q!^8k<)B&E|qT(F%&8#DI@$F*R=Zo98 zmZlerZVceaXx`B-VUg`l?q(`DrsPH6STeUhy(zo@__OUV#FyC(Lb*(qYP$=|S-RxX z95v~|*Iy!{MRGd6;(dxL$Uc&S*Xm~p{d&9Tp7vS+pQ9q&Me}_+Pp$r>`-ArG#__8% zHM3-WFRrP~4VyRxeC@E(c9ctam9B)CgV>pD!@ohuY*yTC@V9wR&H9 zM>@_@MJnrE?I-mky?!tC7$Zrn5139|b}}l0bgLhEU)0yC^p_oO&ymRmS2ZN`20d*x zAMGvb=6-C^6ZJgCw)Cr*?;zhR!QnPZL~e`8JB6|R{)bvh`ZW!fLh-Zt7%xy4Ounca zbMo{F$PtzmUhpg*GrJjX##B=iNOIF6{_taOo}2j*O+)nj1~HPip#ARV>1Aolz`OT3 zUf@M}jbsXjo3~n%^`Yw}L1&;Z)H(muMK1m>&KWJz)xKt;9TZOd-oBqcK8{v2CxwYE z|0n7WbEaD^#S6IYA(x3tt*&$qw#=Dkd4adHfFmr4_{T)-GuA_@c4@Xt z?H!g@qaXKlj`VYtom73-g7<8j-br*V@1|l74`aZV>8Situg`jOc-oQz`u%F-=wI_Te01LkF2AxOTt+bBl&HLY{#7zJS6DEyuDD;}TzGTT#`$h? z7SW0GcX>Uo7r0^Ff4(3t7Br{b;Qhe=w4z#yl7?0aK@xEh)hGuMETpTDQ;LTB*0N6A z8%;^aa#VG(gj$Y!QjZ5Bs|NAuGGlP|^>0x|Ww#{<$yZ0N_AwRoIJgvkXnW+S+_JTqXJ3Z7b>-# zM}4>Lt3ZbLrCksJ^v=2yas8hr*z7Sx3w9kFY90+d3Nfs^X@iE=oH32Maa;>#k83X{ zWF5@*#4m889PM8}53v7#c)G^uy4R@7)>l=UdG z#z1PlEE-c$ipG(P6|Pi^SdoTF1B4QN`BN=b$~-@>eA-;Lj*RcWeKVCpJSY}CYP>?t z_F%GT7Kp*(|D~M8cyqs|=d%tX&B)tpP!co>LvIjua6?K^{Gw<4qpB~Pt@(qSL*ib% z^|p;Q`mY0YU9voWu^*drou3)P5J_BBkb&CIu-;8dCHDSMs|-KPP@KRCQ5Y7Bs0jsp zU=cYvFEcr9*NpnwkZS(g<^*t?vh;7k2&3hU)(`jkCgxI2?UH1gK6&}?r(j%>9`Tx# z)RjP2s32(&*dsNK4r+`*(e}!5y#IO^<2%!7EkXteq`CPOx1RK4JOHiIqDD~+0nhHp zN_b7CMOjZDqSDxT`#mtsyq2N;>S)wwZe0r#Huws%KKynZ@>XKt%-;0Zcely<*39OVh zN)87Y_?SSe<*Uy6IWIHvBudz}&YMH-8 zMqWIL<2UB&WY|B&RHLYkz~}otL{Kh1mtQZrr7CVVhg{{2fYAVp!{QS|H#W9+WKq<^dT|x`LtxS=^!EtE-HiadCl|M&CyTqxxc$XAUTIsZN9{bjW zB0V;-xLC#DvtMb~dEnhDFUW^eWrJro`>;}-I>K}TLp8Z1}>9=dSix}y?HHUzveA*xGDtfUBFun@7{7A zb-)IRWFRAedR^iR0k?vq@Ci0+nb@aNMBY0#m;T!`A_B$~EmoM=>$7Cpy0f155`*(a zGj0xbzgZzTZnYf@e8eH^&g*rQJ9if*tR@*(u%(d>mXZbk{divoc=HGs^$K+#JnJu? zv*dhT7EXMbZ?Uc8x!A@6{_?xEzgM`m?GnIr8^;LxfX>%2wUty?Z%6Z8f;gc;s>}B| zFH_8=?Qs7E_tul_vqutR0oS2znrk`$gas|z9{w5www47cR28eNJxqU*91PVx3Rj$4qWnORna|X%qhWV2Ih%v0 z5BT+u^M3tetc$#-iulCYY#Fhp6iD{>qR+AR)qjpjbCh{$@|acBxcaf1i_>-EVb3SKEcCfm}CNo|M#9rL~~yYvvdp3Gbf=7k#|^ zt2X0lZ3K1^+R0d)q?qe6HLZ~_wA4RE){9ryZXz19MISe%zWEY`gWj5@e_>tKx5CGI zeCpZ}0P-*{o3P~Yu$nDT@&v{5HiFRNL=F4f`f_jRU-xw!PQ3F~42Xc7AWr?0&gskq zR8%M&&jxrv!-b?jO};FGjM>Bht43Sm5sr##a%>PXSq(apg~7`$Ey+j<@~0dg7(vpJQd|-2v zPvb(tMLeAMo<7cdS@f_C6F-1m8x+4wnNwvH71F!YSQoTIv;MFlN3>-&{E{a}yIu7j zBi$hU0+2#u?R{Q@8CC85_sa)5l7wAvm(B@%ESu&y&VJD?YM{^L=qw`id6lI?P1d^?TjU*ZuD3(X@)Uc>*UzNIyl9 zKi1BUC(9l2lVcM^lKiC9OG7IFW-neIcat`^Pf16$$5Dv-Ke0QXngf~VP(~%O4FT8E zP)7&4Vbg5IcMjWUrGdveI&#*Us!)W^4HroaSwvhbjJC)oXDfn$B`674`F;^v!{IS4 zF{C4hcC&qgZ+haWBL4a!kn9u*#+dk}f!PKp(+K!r?Yj#<9er;1EmWA00=TqyQxp&Z;gFPly#4pgS5LsLW_dzjeeL0WwOr@oxVo+xOtK z1&2D4-vslAbV3d$W#0Df#JjmE``8uuDRC+DzjY+F#R%k-p~$Qms9;I%!>oa7_Wd=; z6}SOG-dP5Qy@J1WJRTP$-`gI8EL1FBrmh5f6h^yf{vbUJl3un7CY78%cWafKn1YTU zFW81J)QKZrp4zQy3zeFbQ6%7wC9cDYAQvem`1y(XB%$#pK@DcQvEx|sDKdidX26WS zFgWcTZ~TqPBH(5%5Zg02-+2yi)Y)Y9Vx4yc8rLw5iX;CoKj4x9DdMm0og64Lq%`z=5ElK*5Nlnm2isu#V^~5lFJ>`%j zSa3ADy7w|gdb;i7jtgrL^>ys!XZIr1s|yR^b81N6bRE^(Xc(25CqQ#Bq=81ZipCLd+bL>*7z&_v0pHug%ZrFNBV349dUT zX2ETE!Taha$PBXV$Y1S>wP`nbwn zzh(cx#RX@ob89&DmqG(_HgYj=-)32g4=sGT@;O@>rgj-u?OW%fSUCTD7rtsmfKTLgV?$8LkQ%Om1xGC?&9wMC>P(MK}U+e_DxJw_M%a?DJT9{uc$ikKpR|zvSv-7JCmq3l|IR^(fYQ^eH z&u#gOm#!xo{^F0RbfBAzGIJJpdz?ZoY0MWVC)a!srhETh-B4Ls={ePj{Yv;c{uPjk zHS5~m`kD*$Zn+;=2vh1PJhZv~OEXuer`#Ek?6gp^5^%rDix(!5_0*^_o}r?3VI|(i z0M5GUoXZ4ctUauON!^!D~eSkxkV9Hq{_J+4d?f=f)|cH3&2MS?kIH_JlPpJxG-}u=(XNflqv`Y^LTg_Z8A+)Sgb?;9LbgV1P10|Mf@Zq<*`3-t z!jh5ummL5Tt~jLmcb#U{VXsS;NE@>AM#z2zs9lH}2P)-vSb2!&Y@_cxSjcFf*YJ8d zY`33Tkuh2P;=StB0bcE)Hntsh%61ZEV!EV+U-)&_k;lOkH!})D|4L}$xZHdf&n}R z;O2^?6`dIL7tCY{BwfT0RkFZ@6|@s3s>n;uL+v^mC^Sn?X#Sp2W}Z$S=5(G$%V~VR zR9F~SRn&@4t^lsKHU;@Kyv_bIlL0*rm_xi`r}oB6!SZTwRim2COX2os zll{)N_p&+BWc!oTHnKJK0IC7Xl&NIl?B@G~+s6k{hcL~V=N?vIAOr#eLe|Gvq0r5C z%$Tm)@ByIeNSzL#o9k@1A8>wS@~w{YO9}eIf^Awg;_~xCwB+}zXZ!N$N25GOZZ9ud zW_1PadFfm=6j=)hiNP1d=n1V%qQ&p9u6HgoBO2)Mhpj=qIzPZxINKb&tDZWG49HCJ zUzRN?$S0ii?3Q(t2}kPBDn?`Qu9K!T-K=Ig#&s9j2UmN9KE_mLWumjj@7nki2y{(+ z)HnTy<433v^!9r0{j1rIMMi{$1y&Emi{j-1%c`3kV4Ej&ibs_ql2 zOzY2)-8}4c{Mh1t^lmrPibULD7DEd59Tv z*1xG%{g|#hkK+X(lk2HE+rt|vS=6^>%2=&8#qeX?;ryq4Y7Bq|QMLQ2Q! zT8FU#Mr#1>F;UZ*dj(sk_T<-T{V~c^<~an^w{2Z#H7|o6*z(7y?V7;bFkeprF7;yA z}UfEnF%VgO>@Wo7~S{ecH`6HLl0{$GC4kLK1O@5=U0in zY<9OS2|_-VXC5t}`KN-sG#Cm%?|EBE3Z&Pr4a1GKorUlN6-yQSQTKU|8}&R1Q@<3* z3-1ZTk<%*CfqP!B?EUge~rW8Dbn3g;kuxI{_yh z8A$PdSPyi$NU>~E0*1b^ET@Mxig6Pf#!?YFGU)#fuDOhouG3v$_VDN#;Y+WulYTIj zYW`B?st_>(m}(;1`1u23&^f;>$C+g&2~%Y(V^=o5{Is#p?s*G?$>;H^r*QNAW@}Z@ z(e^Ro9e^Ba9h|UyJJN-5xsg+N80Ob7Dj`gU7<>w0HWAD2zuPRW^XuQh2{NClQY?D+ zcKY{4gRXmJ+ioUwFXK)h_ERjM-!C-QL<6+lkVjFFS}UAtwhbn}@GX=r4%Yw}7OZG4 zvhh~b#kZFWqL2Pv%{`trajl#@Sdc_-<1W}^1x|Fnj;Ghuees+?cd_APQJ>+Fz=^ry zfGV=axQtfcc;^{^a@petJfeasRlS)KCjTI`Uv9rM&CAWoufJivaH>jA4swUCshle1UxlVikS{(tN~f>Sh?(iP75fXBya=m-~X2C zy-!bX0C(u-L*sCCMl!smsokzkIdv~X!wvBChzpQo%4{InG2IuP{zh$AvlYX8Mmq`L z(JQEqz)xAJvamjk`AfO`GuhJ71{k;G(i-?b3hXRb5bp*<9f7)t_q$tfXrG03AK)&Y z5RLt_DV}^81tdV*-h%IAulbmhz!dJZ!Wby6Img!E;)B}<%HZakLhan6Fcypz`vkr> zYe{%o3IdB*;iVoU`20!u{10PZ`vQwug0muXL2?>gpxJ91TZuhTZXihJYDtptQf{MR z`JcTozd-1diIRFXiP^w7qWSWJUtrS|C+k)U*^C6hQ))h7Y|LwRqnhrNap*(l#kWUnGBvatK`;3Y>v!JPa z&Fh2Qv!k~l(hq>es`h59uRBdhp!o2D)v|mSPG_RZ`9e1Q68!!y} zz!NTY;1{mClR9!?P&Et!P&>%_cO1RmC~p)v@N1l9)li0xDBIb!4H?I7I?5bg4Tr&r zZGbwii#C9C5h|+rrOppgeG-w8Y&X&x3-wg_s$H;JwW*gPBQvJ`c_O>!o<12 zvh@RB9SIJZ0#Ykp;m6cyQfJm zljkh-!-elrg86Io_7kD^i?w}K_5Yv~C8Nd~jz|bceCs4!-n;`JPf@A?x@U;@i{A>% zXIJ-72=gj5;N!_83?c-0?qE6)QJErJ+1G3UKjeILl+6|Q!wFF2>zkQF(E`G-=Z-ow zYN8n*NFiAipy|%NyNA87U6ICs6b2OZuZ({PTeL~6B-wAHi47S@&BwyW637s`kH1Wb z;mth-u}TIhLidPnW^&}^3;v`dKdB&w>6uo11y;j0y7?d#Z|-+0 zbH0I!(Axp<6iW$J2RoAorI(oK&U-SAm6p?$Onmggi9BG=n1=SNDMIVzna4X7Rq{_4 zX=)jfrk&7mMf|+JLOPpn5~Il*qo|x?_)4G63AW0wl#?JR5P#p#;#j^Y13hyIeI2NM z$fmz3WPAtop#e|Ba-V##0imH_5pBjE>KhBWGr5NsT6(7&FDjGw;~E1Cx>6XTY7Vrw zLzzdTA4hBooado~+Pzk)%49b~#k2ve;*)td#^R5o?-lJs+x&xcJih_Lxol1c``@IG zu7+U&SNIQj;s3#j5CDVPIYwvY(xoL@uKjkejm3Dom*6*_^k>U54U4jPJ72sds494! zhM0$rA)YUONSP7b(y%T2%GYsn;FA!8-}DZJ-1MCS>jCMCZT_0MA39Mw5eCPwJ4b1n z4pnwnlow<8lMo_pT_ize0c6nqR*%_1|D%d6b)J5WA zYeBFo4+5IyS2KxwjwbL1!Q&p1p*CxU6Oiv>OqMpVr4g|i+72V7T{napk7HJy1sG#w zIJ8qrY9fqAZ_8p;Ne_WJKAAZA%UVbLl(K_>ozmW%`FTsE_p`f{gtpDx6R_1Bq-}^~ zVRBl5o0>D^uhOnt>fDHJ^dB) zvpI_8V=LsN^Pm6kd>ggT>hM|@ysw5iLYOO0F8ErRlUu_Xk}LbGniP~>XmEePus%qG*X>JzB48Un^8H;J{8Vp}aT5iH z7jJVlcoL9-(zD@k*#}ey(Gah+Xv^j|{ruz9j%p1jei8_}-J*grMF(mIu&UJ@=BoIO zNe&L=&Cl1<~V)HGyfdP867 zhEIAbUXkk8@!Pe75RBmISv2tl1sAahYY2{!g~qyZ)_P>}Gp)>2XT*;(Pk%VHEYvJ& zlHw9e(&%H43L^U$%Ezk{7BPcevOa>ac>1rC5>A4PP`2- zZry)E?hK0j9_e=FyAIjJ@!HLcAA1I$6nKj>=1F*B{!K6Nq@HK#{nSeY7c4^bwiQBO z`(}T8|1dWQd4$j(cLS?lkD^u6A_F!(pT+CB5fC^&-Ja5Vt;~gvE(@#nH$1V?c0D#w zx!&`4U~V~|#|R8X9bC+ip$Udr2(nfSo5rDX&&^h~2@Uwmz~-vwOMZ8tkbs&}y2DWe zlD^|k>IVp%=4-%2nW|j#Jv(_k_qvym81$H-04qAe!?T7n3%SM0v*&+ds!Y)R7zm`| z$@E;Ms;Gr)ID82won#<`>N~rdS(l;C!J~mCNxJfISE0(l%Jz;KyRq&3XnbtDj*mC9 z3qx8EyM>#)7E^QhiUr_~1mpx460_TsE<0Ke-fr@;>tA#{E0Q@`5i?l@#F)2j!z@_E zQSJ>QT(?2HoL;nm7{N)mi{<2_@Tg20w45`~4s`CzF2?H)nT@AmDS$<5UCwV#6hF+= zxtde1MVsad*9HK?uGrs5s*u_XE2Vyx(onyN=%ea_?91u+$-4^WAU#4^OjJ}@?$pZ4%Hkq4;2$@EpX>zu6F9P-`ltjy zs$(jz|8o&Y0J+r5nYqwyR}7Im$jvy%5TgFc9gzr9$#V^A$2O>^*1<=3!NysHPgDz( zr-<~*dLsA*IlNP-qNU%g&_%}6*i3dUu=6X5@FHZrZbuqr8cO#N(zvK|5|p2ou-HcV zYf4JEI`#*Ip5BF06uk996uf2qHn{0oZV9#6FpL;7V3bW6Z#`jr-)DFw(h?=8*u=*>XN*4>Wij&xkDdpZDV2aGc@M(b#hqIx2xESx-=X%#zn|0cC~WH*X^DqN(u2c&)pG9c}E< z!DpJox9h_0DC?Hw6^f7)gdA~7s!>`5)0}|-=*u$fuHIchWT4f5#cR!a>a1jVhAa=T z-#e3AWPgqJJ!uxCAlC+(`@6|pHw;Z^^NP35F1Fb(s_2(9j{m__neBbvc<%)P58=n7 z=|AV9Gvt8{8a0VU>*zQ_$;)20GDYg?M@;dJ@$QgWmtC5B0&dE37wbY_0al{4KOBa@ zz{Zb{10vT)Adl`Gfu99DP4F1=XhR zK?}9qch@HV?Ru6%b#iT51-yD4Z^wMzB|F)S;t*2eE^@&fiJ>gA3B_=wnsB(kPOB&2 z<)CL5Alw+wP529f^{wK_>CG&8%B`wUd5$IVe)N+)IKS!u-0wKJib%yoi@_}`cUz!` zZ|LSXHZmu%1fPdJ@zQbieV*$pz3)reO4=B+UQz(<{$HSSWnfsu^Mw)#jE2+taiJ*w z((0DuoK{gW)t82r2=kLdi+;nbA%h~k1vv+TOtHU?j}8(=ov68s5?IUW$-xE$nRD`L z3z-$$PG#b6n}ah|-v?0O(9Xb}gvT#`@+@@J_S%zevHu*>(t{zh9Y_n9O)ThuAY1%= z$V_V(Vgmtl3q;ZT&mafULaizwgBCUCSrNz&-Q;$|{D!&EdmIYKsE5AuJj=i>0$ct$ zbwpvm+7_gmD^@l1%E(gtkYufWR|ovpGtziU3pn^UDbp+M3AvNb)`ixp7%Id?$yEAJ z;TUKY?#%FKGa@oco$3UBUuI667xG&D$D(?lqFa#UE)ibhlCQP537BqG5!i`I4?5Yb^2)rA{W zKPCx!8u|IY>vHv)z+`LJ`%K{!O z&#Z`Ly)eT36LJ#PsHn?D)U)S@>PM@mvi%l_m(q5TZ~Z!+T5nJ*vx$v2$#O~EqmhK` zPiEg~NQP;-)w|!1LG$&y#v0Jp^H4f@z}Q{Ljsya0-iC`2w%y8ozm&7_6UzwXrJv5} z)-4I(NwnVF>fdj0OD6%@=4Fbc24;nj#DgwbZ;y)+mB0lOj};f$N$10BzXefG9F(bq zDTKW)uw2?JeqT`iN-d(qKq2^tu#pkEk7eEa+B1a7cd;S)g0Ch>z&Q3%cXMR*`oVz_ z#M;XSp_U{zO0=qI$ugd{GeVOON`m=a##tCI4XMUfvLdU2XjIe~MF1k%juJ!3oPF^% z{^wK&8;C{r5cv%yO_OwWH9VK^X76k}No}5Y;pqd)ewe_`)aT6bp04WY2|7Ht^$l2b zoz-|%!xqC(Vl}I7LsMIZ5^S}!X1-rsPF6(&&fB#6i(Sd}co| z0sQZCv#oBInH@=o&!D4?XGhbemCY{;+V<^_8wwj9r{ky27EE5G%{mv(S+8%I0xC&_ zaD@^456L(r#W1-2zu?yWHf!Rar$Qc7f`j2c;f*3GT?TGXDdD9SSDiIO`iZptT3w6u z&I0W8;NHNN!#Wn@U&FX?ZuvgP{$SQPbF0~1=`F5?g4=Uy_V@p&u2urLALl3Y@$weJ zPelmc>mq|*)P8wQXvmV2O{>O(BK++~W>8|y72yA*` zo#HY>c}eoJfn05?AD*d5<|G07?hfY2sOd#ipHsE8{XVAB>uj`Az13WAFYMGaI)=N? z*bXGAfE2?PN=F>wR{WcUmCe!3sRO9GX+SNR_@);nEk5uCFz7&`#_rsJ8+)I?|& zgh0ivbU>lz!Z2CuJ$MI#&JRY~P_A`*6l%Aw+LyUf7k#{X+=e+iJ4y>EY)&)t!r34# za5OAVbtKbc3k=L0bonDE_}}B8LX6s4#B1d+#GXewefIzQ-b{N5c7k>j`}=n{n?9Vs z_P1xX6~4N-@g{181oC1=v-h8|Kzq0yPffd>~2*P7eI7RZh;*Z9PuJcPj* zEpc%ai+8!a&tJSwj6sl64mM{va)~sd$UK435AZSEP%beR0v4#3or__aGdj(I zzFV>2Muf#$fp0yUdv5D1N;v=qs6I`Zygj=NB7JfU!}lcjo3pmCO#I%&y5b>G23l<( z9$>@$$mB`wJniwk#bXKl!>>R%+2+8(2MdoD zHU}S>=L0-T{uKiu^L#%Z#2duORw~fww7=$ew^V4Z9~>PWySTbRfbdl-lk+*@3T`@5 z)Yuni&KMpB(n&YyDtJV|Qj5xsRV6Y9eL4>s0KYe$y?bm`TJr5#s7;Y}i>HGaHek%N z0UF>jvUN}`eBDk12EsCYqs4w*q5`n_IXCM5HZaG=*5M#I1w@8v#5TvoRwtdx)bhGV zPe!y|K52o_Uh6$DTkHW}uXF3H&z?gd;r(5P_fbyBK@yMqRrYRE4CuHIqJ+!$@4baW zx5qJFPh^Q1FaWR9^v##IL!rlLw~pQJEdC}#JL`Ydel~!Lxrd_;mL19;D)b1nP$)4{ zRj_#gn^rQIWq`c}Il029n_ zE&xD}_vAn}>nZe*2JrO3i<+jh_+IGyHu!me+=(o!f5`cJ*z*Lo}f}wYDngKJt7;Fo^{anUQJHUgwkKEB2n0Hc^_U_w)clhxjTj z&V;yiUQ!fJst=~XL#&sSZ*LwCIiRu6r6OiY(LngQf_w-1c=S8YPB@_R5$vO`v_vC%6{uz;AY}>XQ(>EBH9Du>TEdy^1pj=9x1-xa8 zI%k+QR3i45um^ExSG5SNX&s-~n~^ODixR1~GBo<-bfTF_Y)o%Bc@5~AA#f!mSaW-i z^KAzqCMqA`2!we51T4J9elfKSSI0jidUfc~O~wq~T3xi;%N@i{nY&=%rB&hcczAg4 zT|{2lch{g(;(r9~t3_E;-=ZEr&8|O{pNZbD2K#;gX-*)7FPk@Zgsg|}UXYNGeD`{Z zir+-NHakHQH?ARq|N4`tp4HyQGes_6?>CO)j`5KOyunOP!o)dwYM(>R+8%AA{TAm z!MKToo&{#M>A+Pt?{6hXi1v6lCkHgBt$wP};si$(MUp0iDM zQ(mb_rfInY0-$hSE1bWbAV<=vcQf?op=CKyz#~Fx?#Ptl&#DBd!B4dfVG%gtk78hq zIj%Wx@~cXo$nl|dH)$PI^pfd;G>8y>iEh%yLM!MVt66%te-!A^?^+%!${{4E5dPZs zVyOC~J&9Ni{4KYC4Hz?qZB0S~3}$lESHOTY`hKqx!Nifc{M*l_Y?y&8lpZRnnP=Q|AN@bq9LT{e~9TJP> zyW7FPbY6VWOQOB(T=gUTx3F-8yUSdudx;z$EKtpz%!lFLtY}R|x!{Q?ycW2-y z0EksfNfBvCeki0`six6=EV#{QxWDKe|21xM)#bP)aJ+RbH#Wz-fpn17NI9s=5i=n( zPZo^M%&fYR&!tlzUamj4<-R#eg?FO)IIYa=IBHPz8rMEYwl!MKdAE5ip;0mSph;8F0V2zL#j~(r}6J^Tz|t0(U$yB4p~XG{vH52UKblVZUD2ZU4dHl=3Ti z=OuM=m$Q`Bv@Ho;q0~bBDTm*m`b3DPuGbxd<$RS1dV+RDr>02pr|^`*_IXMz=-$b> zCtu^ISyfHy)NQ+Z3K$=vbG=6TpGKIdGOjalJF zN5?}KECVgqr98cdm6pf|Rn&9AHrv5YE87@;c;9NSbGu7vfO2@#$qNOOQw`m{2Q^WT1*^~?=hgxhf*Z$8s8+E`_y%;dYpdFLG5?v@W!MKF zU|qrIiToes6=}6h>N*$30T*`~En^#2mXVy-O{GUmo(E*uVq z?d|wtvY5=~o%PiS%T}FLEQ~S3iJ_&~U&MeQE44v~{cLJ#?iu8aqj5+pbT;$Lc5Ca+ z?(H1o-RR>POID`qV)NHrT69~(h@o%OBYaVOJNz+cP~%d%qja#}@eitoCTsktJ$e{t zvViEeivu1rSj+cK+3tv`gka@C`KLa{F^P@w?Wv#~hzwBGg}Iy1=4)J=dg<+SH)`iV z!F1oGs5oa@fzSwi7{&diKgdKU$={XFR*_oJjZb+h8Hiuc7#@ln$abnZ~aiuMaXma{cuiCy{ zRnTX^yT$FN$-uipBGTRS#NUGf`;iD2#VX1r=4?yf(k7@W4pi&uv>*yH&2SV>W8H71 zpQO=^!6DI9V17@KAl3Ct=DBfLVNe=Sdqxxhf;H8<5h&(lHahYjyO>2JBWSf`c^(H8 z+Zb|#$k~KeiAMe@7c&?G+V+tc1zuMa2lu1aneG^LCV51xn+UK_hGo9{XTGT;C46_bGYI%GiFuIOv^zNC=oH-M-~t{3O7Zd!FkqJf7>_P z&S!sm26P3Gz)-O3ZOJ@ic!wlZ1X_Evbva|B*bmglvQIBiT>>)YxDg#w=m_WB!tjxu zjB8_Fqdy;#x_5V*t8u{VtlhhVO8V=5VB-6*fNKqG7=0V>*U)zo-V*bfMvsl&mOj*X zfjZ5f6TYY?BI;ZUsY-MM1ttvq5HVr4f1_@bdzW8&PzxU!*Gb>k+Z?mvi#nj)9NwqW z3CaRDKsXSg>TsQ4!MagYe_baAjuM44M>U!l5f;C0LB`vb^LqO(yR>BJc1wtmB|@mc z=Z+mMfolxg&;}hj!066?UR!M+tX;J|ZP!n^C4p8Q$O}^qIEv_?(r^d6d|H|>%(^_J zsAwQ_y1OQ%UMYlYJAFz}-cgynCIFqo5d+hjpEb)PG1)H*6gu7T_-;*1x%hLyV-wq| zJx@^aul(aCwb4ES1-ZEdB~-zxpjUtO;N*aIZy~6bKQCa0 zC}=V64Ke-oo?otX6%fM#inF*p{DZS=_3esAtX#x9N{l?N)i&!O{?OVpKu3?UbI(>A z1f7SK`q*liad+;&EO^a;w1Tti@!m0ttQ;fattzp<3|Nd>g78zWOK7<4hQPXqmOw)4 zMXY*OJN~vVF}&{}sd*t2ect#=v}Cq;s_FIF5@8aQ(n0y#P7=NN!i-V4^=rh7t0q(- zdQ*8{-Uiw!OK!6kNDC-#BHdM+YD@GlixPPc4?agxKfh%Wh#a$RfozRt_mJStd5S@A zgw*`EEDQh;P2{}DXV3r_(JZc8gOlVv`1rmp=V|B^@wVQ=Rg#abS+ z4#aWY{;akVMdX5{dZ|H6+^=z#Wm3hW{@ASHoAzxQyOo%xGP!V!V84|AicetNZV3An zJqgc$EdVGwEdg$OhOm*1aLG5kLp>P8j_z74ztsr?-A%XZN0+cjq^%seOH z=WMti;1rRh&H>KaP=_iMb{^oIO1bGRYoca9ZnWp$h8L`9`glZoSrM<+u{pjx`_Nx! zo?~5-u*F0OEFuleuPsGZa7?E+Z#O=27YL0)_ttuIkiv&=sS}srTGAn_z@tT^cPiZN z+r0#i>b-o#f|3N_XsUYe3wEdaMsy=+6TLG%CfNADYCB_r8Tz??hr5O=R~)AF+xxua zi-y;i43Y&_&{7aEz*Pz@OVggfoHOxki2V8YH!f9ENOs~PPWx>g5X-vy`BZZGw%mbXla(s~HTZ0u z8l*TQDqzfcS)qWGI!{D z?}&d3ll#Nv4NuZV3d>2Vlv}Ne1Mcnr5 zw-!nr)o^x2f(FOYiEiX_^s=%e>_V?S@cq8OqGRmat8LrN8%lqrHqKYo-48SzcDORD z;!)%E^Mhy!nQ#Cghj;vO#5~2pRzIb{ zMPrEl61^*2=&XDFCgF8AUlGx#V;YcGK_vZQCK~S>V($~qj&{+bX$LcSAJd0NF>Ei< zTiO80@ikZ3126vER3p(kF&J88{y$1f2oV`scQxI%E9HHBL@-_N?{hnmZb?B`q=hp@ zUi412aW2n<+wK+I_J5vySQ2JfGAz8i#uO0aqUKFxChB%@IDu(U0 zNg!3$pFi8Rul*nG_M18j5WLj_?kBBms#|MCjKv~mT4S&9o2d-IM?!26$*5waGG4p6 zB&6ZZ*kdd|BT8?$N=+tgjgoI8E(&nJ?&x(U+l;VOf=Ye-14qxzs=i*3f*N;&7GbUf zD($K;;}ryE@i4782c9_o!Gp=w98#g6|4V-GeU!!b5Mhsk@t)6oXh>BHDF{iDulK|u z0LP=P_n|*tCTbW7MPe}50A$$Q$ISwtQ>Av_1c2}(F}#-Ku_P7`;FWp2qtAOu9d!zYZ2kid|lnZWx=Dm=~ceGT9o5hU7H~?HBf8LtKH)vpTjK z?ATuRaUa3d&hNH8Rh?G^)BYNg?7;Ys3Jw6!Qq5E-+F>b#G#l8L>AA%s0gHj5 z(+pq$$y1x)P3Bxcy=nM1FGCjnZOx#w7ybBEx5dg2ydov!7$;+pjOYi{;r=C2H5`2Y z#Tg&-Ox@py#MhV!X$)>>p^Ch)+yHnQHm{Az_8?rfNZ>>;YPPczK~n>jq~`CdH7s3c zn!K-*52$~p#~j2q_9ck;-~rnc2&BTVj3k1I?9(j&|LN<$@6It6*Q;5zFuFg})E;gQ zb|gR4*guHF&M7k><`%Hqa_Asd!L-2y!J!R)-{=adAQ-t2eiVwr&3)Uh-5A`=$E260 zQS{4>?0BgXOd=`MXORY3WY=NCJ9nhqPu(t}8vhxaMAV;=M8YVsuojb*%ea3UG(~$G zJ7AC}|5vei77Fva493Eb<`^1`=7D4J#!9P4ed3zn<|tXeyiGk}rnZuSB{9etn5&GM zJsP1?aSnU)RZb2r^f_-DsHOs%q=x=Dp;=%_68|ZC$P5k0rR5$NfmBjfzK;stoxTys z=JEfVVC0{*I-mR%6F5m>wlMQRE3*p0bdwNJ1T%}^fGIwM*^Jq+9dru*4Ey&?1N2w5 zamW|V#_{>B#cZbJDKiSmVj(Rtm)V8+4(@Gg|wzGR7xM5@H^( zjX7ZahS=GPt#o(G%k>CzNL$Kfw+#y(Sw*bK{xVyWC;O;KL-Q7L7 zLvVMyJLlxQTd(R?@ryqVyVqW8t~tl}MmE)X7p~stJyt4f^kCY!=fY{}b^@q3OnC$*r^vPBF^xX*s1BOm^)M zw^fBbXr@_{+(2w0vu>lj+odJLDyGaj;HE-OM1vc*HR%_X!p+492LbV9y!TeN~8`q^Pa2to-89U?Wh${-~w4uvb$`&V2!WOj`0A zyi2k-MsoV1Ut!dG3|Ew-&?dSm70dTQ0!F!+qPh3(j4CL+mI$GlqCY!xwsyuBuS6UI z!9nPlbSuY8^W9B7wp6*J0$N~@1eVGW41O_AW|e=DtVXmLCTd?617l z+$?IFeGXXvQ;vyR^*)hPOvyOIw1v&~te}8qE#>r14IMQoSas6Qli_Pc>003)N36=xu>=`0F$C*WGJ`Ub;Db+)}s;;*GYlx$9>IzvL4nV@wz) zHKGhT%kTX-fBtwsnA9La@ZQL4tq9H;wjk(99_gKfI}z3R`S_Leb0U|cV_&zsyvG}m z5GsiAI;o24?`+)~B6pqD4kEWFXV+IoHL%##9=D~YZYxlG zLjM-S@PQz8R&?J5)%QW+96_CjR|{>87Om z=awXd>saRHQAHu^R6g&UzPMTo-4uL(@Mc$kDEm zf8&H|a&aPC#7xcm9SXn;!$hhVn{qzqZYb`MXY%%EeD6dnRz@tEjXlYz~6YJ zZX8OHj?;Mm3n#v}_F3rHx{^gw8XmQQr(<%2;lD-=mcfsihxFuT_y`>$P3jev(77NQY-(9~CSRvPpc|=H`u2c4YC|eh^Y&XBcwrH(8ry-pvfL8uo=c zewl+M2&8xegfG$*TMeSKLc?M<%tlJ*3xrM1gJZdaHwGxVPLzP+_&OksOBe=`ENUQY~kjG&-2qR-EYl-7J=%FQ)1ar@eE)wcJ{Mn4bnrQj!N-T}O+xtCI) zvE|g}Fg@8nj@tfo&k;{KdgG04kp@38EGnBK>ZEVF6N?I+H!HKg&LqpzwPm;x>Fh)9 zIVt1XyAB?^g`}z;^aEz*_ENwf)>?PEK2WOs)Bk3#|Jv`e|EUQ$#T6fs<_ZIpJ@X8J z3lYh;kXws2CLZ}T^i0264bK)cC|5l=^nXT%J_K8j^^4ZU$kdE}aoozFn?o_N<@30N z*5Bh{p@Kb#quig2{o`9EV0-43X1cD)HV0U1*=?hnWSRt`GOiw&`9ODjUQEsO4fKi` zcsS^PFCy_4UL(qc@n5Jvs{7DuSeG_2j>PR_1c6!+Dpj}nW zjLQ6PSfN6I>m*i&6m9DZfm!z-)`j~P zo1Z)9J(StOi#c0#+ap!0iV3w`P;tE6N4?}6KPg|Y<2;zs8MdTZ#PJA#Qy>lLB~RH> zS#-k?EP%tCsmcyd8WbN39Dv0$4!wc06c}k$1fI9CF+VU?7~YQ1`5CTO^McN_h`m+f z{jJp-SLR^Kci^X?MGd93W+)TnNxLa2YYN{N`|6i}p(K^6T3`2wqG$0U0bV%D;Slfd zzcpB_?d_XDqlkb(17!WBBA-rSP^SDjV#Q3&^+`u3Wf^9dr~V79eGPRS-dJ;fiT}_2 z;pTG7ea|AVBtKF3P!KTc^Y6gtIN%7(@!xsr&Jh5F8}euefM&F*$#h9`(I;Bf%RV)N z`QJW;C`A`}EMLza<{-%DjmBUz<)1=i_v4lCru9mc;ONPxIc~Tfpt(xGy&1itlXm&>R3-YZP{je9Ofqlljkh2}{`y)|r7nsA$dilr6qee=$1vhYc}-l?I^>ag4?MofS^p0ZexeM7`}WZ)O4BCW7vE?}G9 z=|iN&Qj($0Gy|K&R3jK9-Hh_=28%W1o%nYX=GnWl`(+m%D}W}Ze=OkRh{8(+z*pPT zw{+YC4DB`;DfgB9-#=boT!910G#M)c$l!Y3 zMxK{NQzXkq@$`j2Wviw0HNpa@O zy0T{f=zY_kd_RgKY~D<5VpNSgggTwMI9Yt)sHJyoHW&K)R}O0u2}BvU718z-=PJ_Ho}7y$4B&`> z_P3D}QV2$24XvfA(C8tuiDlT;A-3sf2*p5SbboLX+EVxWxB~+xu&y@r+WEuiV~;)^ zHb!;OxQlVnlQjrz@SV~0g6G=9VE%|P*($u{hGGr_mjLN+zcOC8Q;=$hLxcu$AT&H- zJC>rKsm$l06p=cn1_k)*g@#hu@c5@tMk{l{*zdao~#gBHE=)u%jv+BRxW3|KO#WZe=EjZW+CJ((T+|v(TF6c z*MN--Xa$2h*jB!cIMk5d)yZn5;E(+EjfQFkOs0R?itO>pNY{9@!7o&{L##vpZ%y+i zM}s5OKt_dAbjuKL&{9D$5rtLUftsD%T5V^WiP8{t%YVUc=;VCA_ll*xI_7oz5n8rI zkGIN8CGit}GD#Ue;h*$4-Cy8jx;xPNBLp-OuL-?^Vw*nJ1gG!!x7z7;LHTpAt%?Al zNhq6SCd)+2#^i`}5vX`~`q*60cT-Uzb5#!bxJ-meSmJPu;U^+GuXI=G8*Bv>y0d>e zjkPeNhL=oZ(NetEM>A&RA}5mB5Ej9cp7V0fx>PPR<9jP z^)tpVR=+7G&|ANu7s(&A-c01(&_RJTL-lzzmK81RsrLln(*q)u%=P5C0TG>(GlnLH zn`w1bp4Vex+6Hz>qh)FjD>OUf9&#bbIfOoezcQcAVE4#bGZ)a9M=o(CJH96Zf|v|% zyY9Na~H&SU)Kq{-%_x0lBj`kKxRwigR5U`%FJD|!=WOO$7<}Rx0$bF1iA6BryQtqG2f@Eb5_~7VWG%jtsQ^A?zV-N zE>UfI)Xw2Re{WbptR2?3f|%ZvL{~BC{q^jccD5Hvg7N8cTrsKo%j&>z0kiB64Z%%4 zr62W5ps-z7_C)ZFMEukWbdJA-fdW`3o4il5mCVI$IE2A4(qBz&`3>^;E?jE@T zKT*<#yQSOTuVS_N6GIE}_;o>${4nXD)4~*J^cbdF;lS7MAEUH z(+*hl&*ImX9@AuxXn)EJ0e}ad`5)s_v%s`2YWv6M26|nrDG=&+$W05Ek{Karow4Ba zb`=Xo>mvX@4yD-A`07f+J(;1u<^5kTXAaHxiE|j%|Rz|>#6|l>}o=i#z7u(V5 zzI?wRRY#L`(mAzCgW&w3g_&qEZLKB&0Y8Q;wZzW~{vq1-06BVZmtYxsRB3kv56sM2!dYjxE+}q?>4B zPJoM!gI{*7YI$D*@-s8nxXeV~`s`1`-WSQibYW~6!9v(P124yEENQjv(NvEr9dZ_9 z@Hg8QI`@YFzB&DQ7JoTbX^9Vfy@&`CYU{w@i)h0bo3<^e#PsdE)%lgW`tx5--+3=g zWQR{gN;x^0qEnWDD=r?V(?gXnTc|O*M9TAZS#R7JEk5#Vw(%kzXgkxuz=D%Rx}7dJ z$adOIw}n^XfvU*Y{DH?2@OXs}!kMsrTxifvyKkkZ>P)_vk4_3uE<`_cKQL}qc_YZd{4C2xU*@Qy& z??s_>trE`8Z%qQF$B^AZsG>M!dg8WX_9hb|If-BTOUZn8uU#?tCznVun0c3I^qGwGU=m{ z=`t|h`c1ZSLr5})ODFY6_XD5iMxR?qEO+)Y z?5LXlnhT(oh#P)y7i#fL2zHsEYbuiGuofkWkKVM;KkpY;5$v0y-lT^I+z^|84e8yu+~*4J*C7a4WPAr_IBp z)R%g@BjDs|^VID6M{!Mvp)vJJ0 z!e0*kPOWcsJM|1ochlg>?Iwe4t=y@s31j^>Z-94&-#)ZEbA$ne7*+8t&PqdJ;HF@E^dP$*z*P3R4>lykS%T;iHFKQhW$W78{WQTDbp5x>Th- zAAFW~C^lhAxtZC5Hh|f>+20rkogG9)1|32dLG7ylck}Z*|FEea(SF+-V-?0> zzgo7BeLofT7HvA2(W+U6hCR=jgN0}#A&*!N`B8EikrkC`9bO*2@K#uQVDPdJDEm7X zV1(K-9FX1s49C_O0mvjpBk_;oRHk@WyU(CFh40sXKd8Y1BT_idBacM#LQ~lkYu8CB z#DGKGPXA#F*`H#}&V6&**^QMqj-hBAqOoVkG zN8ddXbM>AN*ahc?fIi>bklOZKdPL1w6*peJ)4b(({?(v`EJ>ki56XlEbqsL>1v5Y? zFp^I@P6CR8YKc;cr?K{ib4stvk0igJrBb4vt#vO~-d0N@BoAD&^n91cisW0>KP=yK z_DM{BM-LLHp>}>MD$0O08dD&jCIfsROxnOre2uFn*kac*QkZ9Vd_I(tXb@=!wvn!i z`r*Nk^7<;A^r+dt=zp+XD;mdvlyS9Z91#!CrP(RB?{S1t9DI9R(ZSiTkI^>8z|f&z zxEsU35M{5Z7S>#4i>(bEZqqIuW*s2_N}jkQrvjQ{pqeJ+OrLR8i4m&l{{@&en~S|| ze|@%U+^6g9+OYnURFHAs{(8Ii*Ezpx(|=sP2h}nEx$XnYTAzB5#brGo^rJwQv~H zZvd0?JApEz!*W8*ZEq8t)GL8(8_FdCMEBE+2Tq0h!>zdJXD(+&pa-Di=l_jF2 z4+3HFUstggYM%rmxSUAbA}NPB)N-JFhgYkP|LF6!1yDHL%sY{gVF&^5+R7lMg*+DF zG#rS<9PZl>8oON5xU^3))KHp$=tC{8R}=suiMbd17buyskrCiYA&UcFDCZh^-9}>_ z@Od{ED3O*Re!~AXA7d9tomQ|~_luT?&E1#dVQ&}K-tyJ0z3|`e$1-x(avRHaYv2J? z((hSnBnoe#4-lcq0#lo${I}t0#3k2Qe&ZT(vG~c80;DNnR&2LZH?QL;zKj0!z31VC z_B$Xp@A~$3yuLW|usVL(Y0cwy#Yv~?Y3*rLhyUdc1B4nO`g+0e`Y@3tT%vlsSyp%O z9=M(Nb{J^r?Ng{mDX1L-4yLw6#2qL)IR82+0vWz$`d@>MXi@@_E%gVV z_p5g9OILv2cW`y&N_o(3VgB`S`--A`OOyZ_Skgkj(Bmvt29a<+0gl;8_Ph>-#F*o< zp7eT$G|#Gb1H|Zz-;jKu{wQq$kRoUInRsCWfXP)77m5VghG%c#>)>Yo@zjI+R3flU zLa9uH-5DHnQe;+G5|NG<$pCv|`f+dMzsQi}AjjB08?|JFb&&Tot_M-Y=cG z_bYZ!)$r1)tfCo)k3XtkCNj{B!HD(6Mfc1Y|Lg0q6Qq4J|DiVjer`UjmN|CH^JenM zZttk}j1AfR&(`Ur=Ut7%^w%oRF|UKQi@o{MTwIHq)ydXTX z_%*xU*MM=3=z~Cl-taCRkgUv(1Oxg9w2cMvIw{kqWK>vdYL;Xd7szJ3@it+Nmnl%K zU4(!p6l&%vIK&w8TutbZ{ece5G8jGc@YB53O{C?ai1)7OSnacbJ({7qLe<_~mVcnL zQa$x2Ti5JGtK)3Yaq?FxG@#FhcT;UN+99mew%F&joD4mJYxMXPC;vhGvBrfbR3uP~O`W zxgk-^DC~_q9JwEcKo38WO~w%q2Qr!qWt)c<00a?xBk4XIlLDVmubIgTM*7142L<3)IcGLTQ2{ zaT$0{l#!Y%;P&V%<`NA!dG98w`dTmsLcR8f=l=0s`Lh zgjwZvY`N>4^>_%V<%0dHn1Q_#X~TMe^+PRPYi5w}23Unu;1cWQr&H@;Cmiv|7viwb zeAjy!p`W{~j`+{=7(53ZR6Dsc6J;t7%23PHsze1Qr+72bvf_kGzIO`hNyz-B^&z=D zG_eR1T?q{W=PZdT+eMAq9cdl=(AkGm}yuIi4ru7O3ckGYF4 znSiU=QK391OX82QW^ubj81L*az?VT+3=#m^y$dO64v-~lb8da0t^kq1^<2rV4slD0 z^Xcd<3}Asx$iApspS6k6rM^drd!m|sTmKbl9R`rlE*dBX% zt<3dDlO9cn=KuuCn^^E>!-Iudea4=x954w5WqRHDAcNL^83*#m~KR8anu(ZouStf6?yVcy~_w`e0?;)cmgh9?05m z|GPV)@SJsAmHii%`@ls&T2j{f6Ge&CZ%83>E33Mi+}t`0d-tw1KSWzQM1A#G>A z%l@{|ca-ynUj2f+yxwi&tETw)e5@9=G6$mZLx&I%)dYySjId(j)4`cP~YX%eb-RF##9E(IH=%@rT)ye0leX^%(< zNtdl~?BHH)8*r%~x6oqFSe|}oQTz^ks<1FGiv4taT`AZ7?+A)W4p{OkOGWeGFhIX^ z-Xr&)>p5nGAv6 z2_dMcKZ1nCUVp%kA@vml+FoXZ>P7)ZxhH;9B&4?}bd@w2v~hIqw+w5~e;9~vc~C&8 zLj6(isy`xv(mfCMSDKy1xi&+e6c+IlAn;eW*J*ggLYUU6g@@Sy$R+{LLgW_Juw=g^wMy*OtxjF6Yj0?4jqW8F0R-W_533tnpoCw{Xw^J@7m0T`= z<*V^Rvq@GHuo12>=f<4J6jI>fNrlm@tgKYUPpGu6T958;sqP=u1gn)=&me!Uv!E}x z9DCCol{PzV_&KR?v%H?dXa%->qX_`gKAnYuK#Pc}=<%VCNP*`jw)UBBEo!CtY^hRn zmarNi_ih*sYM69WL zOwkC-(a79pwJmMC)k`YIiRMC>{vZ)EGv|D@&5Oi-n`y77U}sXXC#LX{@XE>@|AE|e z?Uw{cM;Pvx6!$H(RwsXuT8V9++DH4A6;<=zFDS-_HhPKdA2=w7AE5oJ-u&I#3uMxs zw)pRJbQ%9}jO8VqJP&&DLO@k&AAd@YY8&D{EO+^mEZg+I^LjXs!f`638d80^rX_y< z5w&}H4=fxMq|#6(uSv&jjZ1icDy1Lzs6XB4#39-<*U+Sr`^7*LKO5r)3;+-joz4~j z_vi>xejtTlUz_HtqlyxcQ-Jbv%mQ3*A_-AT&@-!gnq{!?aKFBER$b0+u?XM0Jm6*~ zIbgj zu;$Q)01WHwNCGjEz{~3tK!l3P7H|?7iWTgBB6{gfntCM+nmLQ>cB`RIB$)NcfH1cm zv~r`TRVB20_0Xwr%88@wmOn=D8cu6B#qV*xV4W_$Jk_Iw;yaEG9{E}(%oV(`O;~B& zDbR7&`xOXC)>BVokHq!boHYJ*F~hIlWRut^q{&TF&D2Ut*9w&?n+>=H2LAlfhZnZ! zBK!K%{chGs2r!hK6$jGd$ ztnLpi87~7t{LD^Rpb>4`!?JoJK6k3LF-#|u|A#?ZC1(*rDw)uLB~*wWMD9O?b3v^! zBiiH~JbU9ESUXgthAn|*bl;&OetDwd@vZUH`4#|_*YKWSwr9kJRu15dvX=Vh_`j#s z`RX0dI$8BWnWkiYK(MIT4*~s@TgpY!`I)l6n*9EL&h{x>>bH&I^aK--l|uhM4tg`X zP;dSU7Vi?5voH5gDJ(^^u2eCHoymIagay{}xA^vW-oI9yU2fQOABA;Bvt@kZ)4}j` z8L4C{nw|E1x|N^MielkxK|p>7HA!gkAN4kDc@a_T(xL^%{&XHUVEE;})p;=u0Z6cu zby5elg|V{ub^Fi)r=62dPqzfr0f6*1KGX%d6CK+CG7IJj+R@khZ>y~V^1JN&v+m|| z_ZY5_$;>-`IgXdumq1z5Rff_jG=?Q#r+P&7A79(lc~@ zy!aE23*73S7ug2n8OxT;Yktobik3`{21wI3-{p?o(5YA!bs6cA{x3|o$im|P!gQMr zfUNt+n^Cok5tebj%aQ654P#h=5?OS$<Z1X4O+WK3*rdRj_{dgxMHwIowpYiU1#b?Bm`d5Nt!rzj7kTwh=IJQ zs{DzGa|28`QDp#mCsLcp!%JOg?g}J6gk8R4ccCXRhYv#6D5c(3Cj#ICNbiW(+@&vt zz1XiucYrH%qpnsOQNn+16F_Y>u9bE2Vso%(^{0PsUCrx)-a(Okja!l#oGo$IVfXnI zVrq$Hfdi6z{e2*lMcyKmi;Bita*iKb$@4@uC#DVuygcy#X*-Mf0Bz@V_LIz?IO&L4 zn97xOdEP3VK6slT@2^zENYo@~QD=#lPiAcD{tY`ST#LBQTb(}=UM}jgK@sDc*1wx_ zVE3d4sfvX@p)qup0>Q{22@ydh?jmc>rV`kIVq_ZeWiwczY*QCjeQCkScHNLu+;B2~ zxk%ycP|Fpp_ao;60FSX3C@4kAEkh2%tH_4{T;bcd&FceDRi1XEof&l7mnUj%nGnKp zcmLo5t+I*aBr@w&Y z5BI6Fd}*6AZDK^gF*y{0J=bseZ++{26v7R%?JE{TfmJ?Py)~^MtS5HwoExnTW4_6Y zR;*rm%Zf%J6Q@D)DT5fjdaq|24LGI_;eoL&l}WF{MR*y+T1yl#M?}4mhHN&7vWvuJ z1M)KZWPdFI#7GIK#q_Mfm&1&J_RGZkWj*7zx15m|PrqnJ5doug-?-68s`3&VfZf{w zx0y^G;FhDu?k&m9_1M@YgZrN-hKW^sN=OClrnm3p$mGQFE$o4n_yd~|y$(@Ep8SS) z%?=WOw^%pelaaRUv6sKUQ}zCCIxw(|yHn#WC|`_Xyq9f7;ESWBEPMzM!}H#b=#sGC zTIv!@2!3=#qwTOcp0WrR)gbWFCsASU+=cI|w5)d~Wc7=wL@|HLK}Jk$FCe|PiRlw? z1hf+WwsssSJ$lUEEFN_|D2))FkKgWZT#%bLk@}i|cmo1BWYWUb7iR_M{GZtLh@>o--S_o*CO?6zl2!-E zSc>mL3^eGfg}L&1_vXAB4j>W6REK?2Q5P{B z^6j2V6Bn**;tn2Q81>cP2;<;Y;ES8M!1&^Aq-7GyFu`Gv@|`3fGtH538W_&8(G&7Xb>mW&%nKpl5JCaM{)Q(GURGtfD(1iu0 zhjDV7fV0VP$t25?scRS`QyAXzNedtJCW?Z)!VF>Fyk!6@j~2LHM;ICy(&hgSG$$yx z{4zFOj~L0*t}dny8=`}S7-^co2zXPtI*~H*a1uAappl!q#4{8@M{x=jnm5rkqyN4C zttXb}!Ye}8jL1fLf4T&?lG?2C011HY<5FM_?0b+JiASM6$AwFGYES+j5ibB*w1oJ9 zwOO~hPPNRkDW(dXG|r$VJb#rfEyzY@9H<7%`tQMU1;Ct)AMl^aJ)El|22FXEFOC|b zsUw5Er6V{pv!mLic-hwXKV%EI_}2m9W3t>{mu1TC_^jp(PylN9jJX#>e zXD{(Lt|Hu5UDc${hChGhEP7L;jf-bG{w6zPlb0?6Fq=3(;yGdc>4~UXk3I`n`@ovW zqajH6brbT>S0+NMPf(;_IDe!c-fgJk)li7Mkf<&%d4t%pzX;OBA*4|IP`keLa+G|6 z1D72kxG6nkpaO8$tR4BBV{Tiq(v8?Cp*47~dBT7ds7sX>Ed06e#sX(J5pZc1S~i^D z3@pqCf&dzDL|)OnxLVgVZ>HNCZsYE}lS4aC<(d4&Rud-bXv;fG$jVI&ZO9&u@u!jA zxq^=zW=lD}%Yo%PA))IFp2}6@6bgR#PYrFlKET9ZgT+`eo;UTs?R@>#DT;cE)+@A2 zrGTBaUt;dN(U*WAEpy05z+8w2>b)+b1#|4h>wZw+2R|}WkhRCdO26vIrvb^M>sbw7 zeIUjVgekw{meaK|CWGA^u^iP~$ts1+SsK59KfDcjnI|M^6{G*^z`+@}Ou=$B6 zFkbB?`6rubV(;gP@}3YidF%(0$V=V~oQY-gYU{Gf4n0$KKc+cMLJlsKr?r7ZVC!M- zuiOnW-vzJQd3>}LEkOR;wYxlNLWpu6Tw7cQN>rT`dP{ve$)BNro2?`GC@`v98o6Ott&TDpY^4(ii&}osdMXz1Y zjrovUe1`tFG#?C8rWTB4d4+8WEzCONV!6u|>gvug)VpjTq|vZ7dEkPJ?b)rdrHY@# z9-|0_HC8jH@2XhAJQ<5)k}vKI7OvcAFd{{wD)A6O8q*fO58IE<+;HiGOVrx{o5y8) zspH!_-0%p<-^U7p0&6_0)F3Rlrhg-Zi-QjO(`C~Z2i;$0OWpy#^u`8~rig?X=Y3(I z0`4^fp?4Z~5GG>s<#ydQ7MTI8U=gLQc*zm}@ z57`XNwPqiGzR=3IaeLaXe(t@<{^)!YZZq#>Z9kdw<;sxZamTW|AT|!@Au8(=hiXkiPfW+TPicDHq^C2Ihf&diRm4yFta@p-U$!%w$W(snU{G zoW!?+Y>MG*2=D0k4pJ+sgN@#7NrV6UG>cy}vvJwA8?CkH43dR|QBj$GEe90W`-6@T z2zN!0%Oh%yEYwj_7e%jA}`wa{6biv=LW>XyGanjcK$-H;1pyYaZVfLU^AP2`H zPY5)e>UdzBT2ejSuiKIYNJ9W)N2*LEtk3{ujgYyKzqhcVzfuoW7KyGwZ33m|h6kA?WqKFeBwk^~6NmCYn1sq^A+8i3dg z?h)HGra5>_(%gcN^B1CEI{-G$c@f5vH(PfSd7Ud$Fa#6TR0#se}pIW#)$4MVrw?r% zm(c9D%Qz6GezF@v=s4SkrqFtwRqN}DWtjsk3@A=q@7D05+b-bl4j22%`Hh_U0OxG}rR>uGmH!-epus z&rfx<37^C!*Z+C7aKqUI1Qq;IYQ-a%2p2xq!;5p6Ub&lYr?_~XuZhi{U^48-w%z(q z@;A*9;UuMbkzhX5rf1k8r?3D`VWYoFFu)W#`4tUXXrCG82PZ5a6j~0rg$EUs)lt?2 z7LyNX2gP>++X^u6?Mevq{z?+%OLduk%pKn!rmXdb?t@ip78|<;5U{YfxcaeHN;V}n zRElLMA{?t!UecUG8PlM&;EQ12%ZP#Dga1MUFW;IVg>>b`*kr#ez$sBZM8JMT4dCW; zj8L}z+W1OEuo&(D6`(JBrRD+$;_2@vlilMPzda%TzKGV(9LWYZzs{@X`Q@~wr7Al0 ze098vH|qZz%;LcCSRX3@O`LU68T1&`^`DHyCYXnYG9T7aev`ZCyxJVZKr_)UWPQvu zcig;P$$nZ33iqk1RmtG3jhBSlxnnsRV#W<`{ObvnQ#vV*@TQNiur9d|JtstkhW=`x zDe0r>0CuHI%^wEh2|sB|U<^Sf5a-~ee%ETxZ@W}YxvsrTmMFq3%m^Tp0?dwhrPrfW zUGjnt4=7P_T3OdMc*TfubH!+b^c;Lyv0dXsvWf4gfn-mIRl7KFzrDvi@u@_`99RUC ziUc;NK!GyjP&<#q{Ea?5p;vMJU6i@Y<;oC8dRToR`P;1J-^H>HBN2F=8rRz+!KQ2H zQZO0+Gy_#K(E{rnGJ>|%zrE3r^`$>w&~2E@sJBAAVPHXc{FEd-Cq_hrJZU$^uRVyx zsU6cwo{k37K;z%3PH#Fu`mMV@-Rl$SV+lXYn?8C05#LGIFh-kLZSyyN^4NbJ7h`*C zB{J@GZ$7BH2VXpj5njM!fosm{?61i)!{B@ox1b`fYed~O`e5+0!01m1%s1~g)rjKn zB#|*qAyk4@*Rc=A?QQ&8#78Z~`yJyl<1}`FLwcY1x@NY9MgA$Ho3KA;o|p$s1{OU9 zAnzka;v2g5b?u8MuhU1H*apxOgGuQ3T`Z#;N15j+(~se80jkP~bz43gp*aFF5rNLJ z8Ara9yZH5Z;vrTaNI;N*KcSZ2I&-a39XTUU_;--PD@;kCcPeo# z>|sVlkT`4ItZ!1e&RCnTkly3~Bal^&%zy}@-L+5!4I5bdd*5DIzfE84J_stDV&IZ5kr>_M|{ zc{`E&JL;pu^PfVN^otU4R5D#EJc>`Vwq6egre&RJ^g3 zTNa^NJHRaRdWcX5ovL3ron zvf;R`IZzD+1t#(t--D}F;-~FwL=izm^wY)km`{gG2iUxlxukMS*qnFM)3YiJY|$mAh&tyd$Am$l zbJ%Tr`aUdn)#RDgIRQZA<}YqEReosvP}BDd)<&f)sJ@ghvS;zHz)W{M%bw`x{0Jw* z>$(Y_saBz@0x^|h=07Qz3MLZA2;7zsYZsW>mxNf3qw#AnxqlsPO5`8PajxfzKX5^5 zHV8E=Q%q7G*i5!VNx9nXQdjOYx+W55&D=dL`%bLuKUz;zfjx?Cy^3{%lPg9uM~s^c z)}2Dqd13y5ib1~g?wj|zcOo|d*OSA4mH;zQ$n^Pa#mD-i7K>|(Q`4P7joO$1w+aCP z>L8WdLpx@St%IW$K#2e(`(!+LS;cA7QUSZ{8u>CIVx&TfC_c24$Hl|rYyVa`8^zW) zJh!?G0(LHjpQuq>6=qzQn;px~Yd2!5fK7TKrYp;1MXJ!2=IR3P1dzmFkxMd@XT%%T(-N5(c3PeUw|-Z$y!eG=jMWF}G-;HE zow4iCP*lJ8OqU-*2~}1L<4WHjzx`cf+L>D?8`q*fr=Kn)7$Lf9mR8(0k+O-axM_dT0$#M0p_Uu*4Ib z1Ouo4O!^Jvy;(Np1YbH&wFUIK)1338v>D#$>){g+oHSgHrExpCU#!YvB`jaxG_RgV zI+4Ie@jl!=->&J<;6?SfUmsh&T=G9({*8d3M}ytqUVFZ2^8lnc1LOQJ=TRO9KfG4w zR&PRN-8Z+0AMe1WULjza?J%8(y*1}oD`)|8^TV~L)AoBH-p}slNPP|uDAx6{)4mP= z^jRT`?P}pV$a5`yF-}!=P?&uBBVj9F?|*T}uy(Sk&f6npQM|ce!7Y)TR1ezw&=08&(PO0l+O=`Ud%JwO zXkO9(jjfkrQthbq^tqP*VSv~z{gy%JWmAfwb!H9t;;hu?-Z`zRqi0q$pJ)i8f^@BQ z&lvb0RS&aXD6sir2AL=S81p?QF}z&jBt47(EnQI&ROpsD>RJm$c1uOBpj3nUS(cN0 z*Q1vqr(b1QI#azm)!JOveTYL>$MceFUQ>k9($6#a(z34$%1>SqL{x~{?Ly$Udk+Eb z?X0e#L*b766lPokUtmtC?YfXx6r!|HdwBd`t}TVRW1IlR7%n1}A7Fx*3ZUcghR!pO z_DA(riSd_%4~0PW=iDoVN>j$kL3!i2to@6`06_)GTe@LNrJ6tX6tpltQV0y*C*w4v zs|Gr@)>hv!O`!t*q|=v}&Hn9>Cm`Ru_UjaCxOp!HTiHfP+fhV&eZ8S-wuMT^&U!On zSE}j<=*9j^5do=^Q>chgkAO}!<1-$>0D}zbxTKl}E-+yU|G&(OUJA`mR-BGU4SKks zO0U;W%cXkhdCUI3J`s5nOUvWKLl|%Fla|YXJspsDEsA@3#oyaU!Czh0>kgQ zUOWF)pVy~Tw`HMlL!XHhcN?0CF!EwUCeLzNT07g4+c5p@Wv8I=U8c?E{gXL$1p;@i zCEXK)Hl0qJD6Z7BBFxE}C#5XJ%(CqGkY#Q>L=iBy5@Amls1fTjenQWtdf9lreSPlt za(`A`y&r2dpWjd<{(JNPaerG}x1L$^D_D`$%aJ2eIK5pQUC7@%HNi>+O(PA?zEZ`G zP8NRHbqLn`(910fJ&x#csKgL4=+M`7NU7V_Q>%T~gBylzar|`yEYa)O>2Z?+XO`Rz z$Z-tfK@q4F{$wKHfT&MzE+tw$hYbd%PIL~qu9s&F?z85n0n@!KURDzb)U(tLq*k!! z%{V>xzwG?H7ulc?b`M1ziSWK5v?>pSkU(Y%vqRsRJAh3hX&v?7=zEarX6|iehU`@* zyhrN$Oh$;D)R(J}iF0L5#iM_R*wu}~@BaAC$^E!Qr>sQkJ$gvOS9enRdF#nEh|qGz zYrQO%{qsf;u@O!h@W@>twm!7Ayqa;2P?cT7&tuj@!|AmTvWvV;Ry=W@BUy;j=cVx7 zBAlYGZUk-52=D-^+01K?$uD}7A@TZ-I}jo`Mpv2Mp=-hDx##5hIH|*vOej01UCZ~M zKna_~k#<$Xn>qad>=@xT6X_#kpzd0)I#-7S?lhy#fZDMLB_GZ%=+?n5vHDt>sVx(hDrrTJCnfm8 z0tZcUzv8J^lczr;{P8Or6<87gyy&m^aDp^aM+HK})Nu?M=UBA0wWs+Vom3NA62?-4 z$st`oWO=TE4JG0AsgHft^%0O>J|KqohGoAqN)vw%5O1x9cjJMVo0!ktdD79%Zfa_( z2j7PcV*VqnNf484POt^pjPVRT*m9y!v4r?-n%{=J=Qj<(NH}U(1<26r!;;czIv!g2 z?`^HAeO?C<+|>1oBij@+@y=}s1^clr+=n~%F^HHe)7iu_kN%Q~_NH$=44D4ipQ$`9 zxFE*(6n$o7ol06|Ma}Nd2<8}bB+47;s$l{73`y4l%`TU_qndT@*Cjejb(TxZqc|Q1 z%_KlMNbZyAy7PUCv*}mat|Bmx;qi)j?@tKluMnw;xR8JG8PcN+Kv(q|@8suto*KT^ zbAEDl9TFCkyE9*{FL})KG0=%eFAm%p_G~PFoiHIae6wZteWVgWrpQ{tTO~&luxq*ljcq55Z5vJF#%$2o#>6%ot5IXy zY;4=MCwQly@B6!J*8KU*ntRVZ*k?cc9DFZjF@m;I18ZCU@f>lsA+ZJ~<42&1$)s^( zSDs^KNy*9QN9Wxs`R>j2ul)|D_dVCN{_=x}{3;CciV(&RJnRju^=)X=Ygn%HM?JG{ zS(g--_MHSCHY6mpsA}J%Q;C+4-}COosRPgL=n|40hV>st(BJigGMYs<)`BNZC51#0{9A>yew zu^wigxrwLX;&vSA^*zY88I#{Sm;n4;+Ooi)?L}J^+csU_?Gl$EVxi(bVehJ|P&W&^ z^?@vchnO6yYhh4zGWddm z)3yApdf*9hj-wZRf~M(Ohyd-!g&+Q2@2jC1Zd4~tbHfluo=Pm&G736-7s6dVPTsj{ zk$)wcB6>S8Q6p6vvbh2s3U_Y?rQe?mTN-L_zWMfUK{Kh9jYr4oYtiP_X9CWbvq{1F zcY)8WZ%Y_uwtBHsDjNkXxMiOQMQ9B2l!vYeDJEBfdX`u+`CM*dKlWk+dUAJpQuSLO z!NLJsYiyv0w;k~Oidmml{w%qQKGm=R<5D%tZH#O1aDult5Q@O_ULrXD7w2@K;$ead ziXRpn2rlEsZ~Ol1=m{L(O3}!R%j>9XKKX7?PH43WA7UY=(Xi<=oigum=E>xS4L@wn zFy-aJ>eZ-w9{;MVz*>~#UH|PjRTp|D{Bp=qs6?_WO$`rtIZ<4U&vT+$;^g;JYPdvL zZ~|lUBf{^y!dM^6;44M)z71DYHd(FzKkp|Jrjjck=2xlIC}5GPSho0uCT(18W@dJ3NM$N`ybeYbR|(&+hz=5O{T@nNI;G8o~n{ z;QvBQbLs+EX1=cQG7eq*tT03ezx&eF z@~_~I#Z&}4;6mmmnY#Zd=Vw6ygdL*FC;TiP&}R{8`YejeD`>Rw}m zLm_r1e2n)2Ef~EK;NuIur78X=8^0$3*wWd2T{sl}XmM-5B|>@M6Lr1ELmGUc>;+>9 zjGvA3B`wu>c`vcpC_mI53eoJwiq(aqzK}~muC;CE>oyQ&a3RHj1W<%TL%r6zK18<{ zM*CA^Rzf|C6z?PeENr4oGYfSXUWI$g3z6WGzSZ-;u@Des67-R#*)8+!wKtjhx7zmh zgpPu!!IBB6Vx}8oI+b=d>pCAxsRmjq6klKJ(Q{xelkT?Kl_R28cUzR-hM6bo&no5T zBq6~2C-3daGHLW%5=+nqTOO=rHo~75l#ci1sB~{xgN7yq7Z0pyDL;rW$<`M7*rXtnyWQANgX|BEQ?z=4_n~28DAMa7B(3VLn&z_OzGLX};F|qfS6p)s%e`;Q{q}yLrs!8E?Q1+$a^gO<5@bQ zUH7M!?lCIryu)kqG8UwNc1=#sUdC2-;w$W(J`#p=xxT+f;L!Ex)n#7Bj*b(qaA7Z- zTr__czH?kP0embM?nuw*dU>uPaBTzFA9g%ft!ezyGwH`47}a}BVS0d_vz6liBFtO9 zD^9mifF4-d$F*4=JYecSL;`#rxAT?1rzd#O$f3$*CL;aC;I9W%VplcCCPeCJdo}K%Wcqs7EOqPk zx?LJC_$Gbvd3aM|aGVj-Q%ZHTF8G8WGgWX~C7&k6fMH?X+k+`qMpbcq?dFfwj3dC1 z7;Ps_)3*iykY^wDmCf?aFAP0I9ROm^#ZT}M#oFcJ__? zxP2@2k*FQCG`EfDaD?lhw#~*Gup#udz{ljUG7>UI!mRq!PsIPN$oW1P8Y$LLXqL|0 z!v$sYDY8eC>$#epW2!7hv17I4Gdhy#jNW3s{q~pVaNvjUc9pP3-Cj${q|VDlmyR3eU_4XPU^q^0rV!Okv!8@9#w1o{bQjSS% z(f>>gLiNWhfof!APokWjwhOQVIxpS}^SzgDmVSR>VJFS|&L@aFU`)ey(Nk;&Fm!c1 zZmH@(*orr?6X;Td^b2NRKKGK2T_gB?5&qb3PJ{CZeEYepkaBoa+SC7<=4lr(Q(NU( zZ!i;VJ&h)W0!dEIcJX>l1^6YL+;Q5W{BjXode*?a=5j@FIBl;5|A4i58ym~%v&j5~ zhL|?D>N!3ucI|rZI&`uZMl?66%UXcvclGRov(-Spf6@e!}t^|hc>Q-n3{L>3+EBV{3;@kF-82&hPX?aysv$UUO?-|0yknN;a~`8 z{~NWSDDA=it4e?4MrgpwqEm6*VwbzOy9SU<2imVL)I8_mkJShcc(;4g3WH}A`sa#~ zGglqY?HyX)rxxBm9(WKS{n|F%E}irnv)}?LgQ7LK24Cqns&@w!grACsm<$Q~On17_T!XS&nUG~5D@3&+S9<@q@;@QCx(znog>MMO!=n1I zQT(cuyZC;F!V9HZnC7&xTtAk1J;C%OFA4L=EX<~!o~@2p=2JP^q)$LXASQa1jzft; zc#kOg)-OvEFXW*C;eVLQw4-XpfT8aw!T%+h(2V=MxCyd0Q#i%*WV59HXTd~o?~ZZM zzl$7KDlgEpv|0@sP*qZdJbq_)oR*;r?I$sq z#dpTpG3jqdc)ps+n)4^*rru$4N)ALtf{Q?w9fMV?PeZhWrJklDtcV)mvtH}dP-Qx{ zr`vaDXnegEys9iMvNb9RpD`nDVrQhP9hWQu29tYNi;<&iVR%jvL8az!)ut7|A3i+DMWbo{E zZ51v3tsA-B-VR46e_s^Nf%DrI65s~1#!q~$<#CUWxhKyb{Ppe5(otlvhrW7Md;`5Y zrKK(@BPQn^;svKe`9F(9{%4Vz%E)3OfC_)U;d0a0!kS>X`V$d?lDxOTm!{w5G0gB^ zcD@v+SH3-WdH;12y1ohzEvBm>z_9Jr6KE1>FROYrCO^L+j003{fd>419nn=}*xn~# z1q+S~k0a2Qj%kWzXZk*_!Kd(Q?BG1d*D&%{%3}Es<)H~bkz}F@V%5D zYKhCJ=CypMtQb!<6+4j6%YSq*H5xV@l}KJB2kx$LK`6cubr}D5a=DJ?e@l1J9n9DV z1WsD^7JZZ;2Rqdi+FXZ~2oO&a^=&y@F2 zQ%{*%Y+bFTsi|vR4SiP#Md5dm?l<`DSxCZgs|bmW?CFyPC1)Uf`KmcT;mUHCy=#jd z1BSf%U2o}o5MAkZ*4sR^^T)y1TIqoCLS&)tt(?Ga?F@XF%*bp;C2j)iHqLxSRg0~m zJQ(GD$htB2l2TcwgSoq#4n8j6Ebcb@#$es)`SkaaaMgRJLdU)|5p{>9qw61R~f;rxK9t`_s{F&L^`1zZDatqu5P7lu3!{oXbu-Ca^gcuc6g zagm?@vqA?v2#6-0j7r%UJC~sZa^J-@H?ZxUAhJz0QKR4!<>G9dA^$#}E9YY`Ft{Fb z|9e=fCD>8&zC&WQK=CMCqnx6qkhkNb+5y6@^k{VT$~u!(a4?n(wlF_P;&+2@hxFhz z2|f$F;c}E@0Ivn?6u(YqLk9ZqVj}FS>~?0`33SIR^ckx20U}>wxG+ee*CB+3nmZn+ z9u=)u*l`v45y@5s>I>X#9WBmA{7>k)^;lV)yz_q156rUO%Kc%U&}L^tqcs@M(k5J5 z@OqdkcMi&kQU^A=slLqlmy~-tB}RG~)E1jlx|~{7Mi#FlSFooC2pX^tB{&+9b@@wm zhTZuw(cvY6>3fliBs$G;Fo@;aOtGx=FxrSQw{z7Vb`=Oe5z0m5)>*3mx0-eBCA|-0 z?}fN2R36PAh2w=C^W80#t7^EYlKnnj^Gyt3t2Qpyp8I<9WE*~9d^SDO%hBr$!yi$M z!47@&?BExr)bwJ_ju{s^9wVwHGXWoiatPS9k&(I{9q8VYbr-cB*Ob8m_ZG7sjyK=r z#?N(>_#}?#vGWzKH5)WUP;5^-9-ZJKS`soG$LJ@Y3ki&mmzKkqrv;(dnBK&ycROq@ zi{L)q!i^g-C!s$bnE-X4qr$`h^!hxhL@NtU4^!6pGza~|C3(T(BeUfm9!w*jDYy+V z6I_LzM*BMwr7wiXrxCCzdOBf6xVQIkxZ~_nNtG&y`Vf~@G68_fcAL{hVdszFXyeYW znXWLbP?SGXrgVS&-pQR?xipdy#b3$1{r_84-3)E7ZoTN_ncd0W=%UZ~-q$jj>b|d? z`Ocx=p~}Q?&B<>kO zfd^k0^D=zi0AVTuU&6#7@V6^AVc0bB)Zh1~yBd$Gt<)P|2E3_}j4EQGx4pZ&>);A6 zY0nV!I+|2Kt{X$vS?pxa2&CUlGFfV(55fZ$DY^f50XIvF*=$k3FcQ_FqB)4$e1a&g zYrD{^QJ4MZC@b_pky)~7Y*EPm(nc8A=O+BD^rh*Kxc(Wv6rTL>tC&$>e>kZWU@PUV zK_FxEEs8NQHhY{o`ApDrG^`IY+kg2FyBdCJ3;X~V~`Z0m2tP+)mb5_ z8wdBcvo-oyr$5kC{~Eb^mGCfsa#|S=TdN<=aWNx~&3O^>z)93!1*ZhYdWHx`@^B$` z$LTJji9yxx`_91jn4a+FE>g9K@cbMoZ6^+Tj#jU3_{@$>97TRW9Nsr;v(?;O_(Exj>+q~K7;W<^$lU)ikejH{Iuooz&W?A;|@C7p(69W z-7&A5iSLlY4{)aPX0vP#pk+wzyv_rC-(+4<1;k{;Js(Hs`^E4cS#>YGaRRAVyLj0> z2fAxQzZo2{z;2C-0Y04wWu=wa7b{GVUUOJ$q9XnD3M z?GOSf?#KFgU2j;X9$t^LCHj>${?(~;l>!Z1e*xOce)QM<(7v9nj1hcNJH8`d_pAW* zW;nFuBJ?a?ZK?XQg)n!G3%cuqQDM#$qDR4&yz`8XxnHg-g?XnPo$J3NHMOaMT17W z5^=EbNF!#DH%pB`)-)c^(`s(`vLpb&OzF_%g9Y^QgUl3RCFvNjXQ5bOeIJET?(@5w4VzlpzKCQ07T&sUeUTcVUXz&0)-#U908Q-%Db}`yqa#9R49r zo#UgVi6)`cK{?idjJV)|9oX>7=E%++_@35>`y1Wu5p%nb_hOQcsbEA$3;h>9RgL^& z(rs-qr|9VnF$31h282+|+%%YF*v9|wM=`7Cm+RRZ?@#tFpa+omkbR6_5S`wQ*Ezf1 zPSgzW5vkl?e?6AAeX5h^(=Y@qbp*>11NTN@085=dN1L&S_?I79(%e4>8e~c&x*R=S z@^Kn&RDS@vYlyKk77W$QMOlUZ2cwL+E zzysd)yHMLnArCRmPA_*A1HuN$8l4B?N!^(7Iv zoySSrP(u|si#=Q7ZsqV1!ksVaaDaprA!BJW63G1#qbwqg1sY3a2OGP=Rsi_rK3Uwu zpwXT~(gVZ4O~h08&G&R^F$HLgBLcP+=YlU0$HGt)b3jJV+6u_r_ajJ}0h{cEA1VeMv5z4*De` z92EdB%1vPcRqE1r=+^a3zP6dgFGWx27)jFKf5DdL2!8 zcEn02$W9nrXZRTS?&>y|jJZ|z*}Uf(2;{wfXVw$)2Pa2(2ggC2{WahV943a8nK8R) z=O8t-%ddw{^Qm~^xlUS+rmNlFt-rW(oyzw*`0wS#BRJVFjQ&o6b;*2xVU}>#&$}_{ zD|&w>#yrY)aewZLgAB6mqMhKMgTDHf*c8o+WwRcNZ6cWOGR+`sep=dCte7gE3Na&?iC&fJpzE8pP*Z0z$Eu!I=R` zgJxqxE3>mdd36|dXaf_Bn7bV{$CvXYQGD-HX&JzqKj+*rdpMC6h0$^u4X}P`yNI#A z`_&FD*#ay+=doua;|4$RYB7hq3w8gxXIMk`>)m-T#U0PB$UIdo%Tc_!KNh40IQArK z-jHsj!QE}>8P~_gWOWEo5|k0pc6_;cqm8^R)*~}ZwTFSOpJ|?kKk{i~F75`WMd{Q_ zFOJ$^ORXQ|yk4)uf2#RAQ#xCi2F!k&$=n>&5<}etN3I*4U11(g&qZ@?rEEdwy7|-f zyaWn5UL=6=GlPfLlt{1#15>j+O?C6vKZZ_F{~l-UtqJK#QLs9Yth{3!y7>K_Bpx-G z!d%hR&RYu>0NZ#!k)utxwjo`+<1UB$o8B5aPgw*CP(Ncxk++~^4q|EUuzS|6X;#Bu zTHtq`-^#m`wg|e7ggK6Il0LxS)XrwK?y%+HHUNzKi3Ek5X9;Iz3G4lB_g>sw^V0V^ z8DZRU1M)qbURLmync+V7s#xqofB#xr#Z@$nOK-uNu}x#=RJBTW>C4ep+eV}3{*j?l z<)u;Fr9@RzHL1ZrKuDWJdZ2qyr&~t~&o%o!%sEruH>n$Fns+H@f;{1ox%hAEV9|~u z`^|0x7UyC_!DbSPPul15m)>>ARX={IrKI*U=S5;Q_O8gDb;!@ZS`x8tx)e8 zT2ny7!;DNA{7m7Fip4>{n7}#G`B9c&%MyP|d`!uU+US{mz>+E{OiH9OT*6U5rQaV_ z5tQ?@am7@#NhaGCv*tKP#!1P)iCTS!AK;P9o7y~e_0KEYYr6XM(a@B+3H;XqE;xRe z)#gq<32go)oO_42)kdgp(~I~P6eB}Rd#%=JuSnog)Y;K3)jxi#BAkxeI&9pHERAlY z2r6>AP^Eao0>H&*R@ADzeZCbIOxd$N-8VUDgjWq$H_%N!$MJ5&Zq#lz!TnOtH!x9DwFqw~BpoOwj+5?! z99en$2Px>1S3^5HwV&-Xd+pO3gu@$joLc3)otYPGT6*s<0^b((ZxV34I#B>5Z^J`i zBEv)&0T&#kYfH1(&Ua`BqUP6}ZcQiz(Pps#VF&Ol)$I>OY6h=YDBoEJqm*KOjYM_U!%J&}z8EIKM&F=%daF;@jJMZbjS>s65X0emv zQ4k36Nx~=>jLu3ZNsMO=g6jA1c2~cl09ePxyMd!vDSoyA@BaRa?FZ(--OqM+J|8~7+ib6kmc#yVjEapB zCT4E^HQ}j`7`NBI6tMy`4cx(qi_;+LaqN$Dg)0{eok2@)X=N_A^+}Ard#A)6V*)1o{c)3V_`-vyYeaYt8 z{n&{_mpMYs)>CQ%R=Il?-HaNz@MhJ1#RLs%^@}tQ%J!WRC^+N;M_z#YRZnPD=fMe^!P?Wp zPOr-Dz}p*?lao`{S~ZpSD?0AUKqm)Lx^;r%NHteTE5Sv<1}0&;^#mQ8S^`A6fRL^3 z3zcc__E_FBd#D*iH}jX{h!qe8*DMx#&1GH97O8}x`|*eS0T{aVIHSin2+$lcs>u4? zSNI7+(04S2#Mkyi$rBUMc|Q$zdhr~RI`pFQ1blCqHK401dNUxI4$hPn3oBnFqsJkq z{TztL$6ovgA5P0DBMRs)Drw6KCupD%KFuA`i;TvzB&{_{u2+}!EpvWZ%x#Q1$K16q zdF$ER^ZP*NH@Z=)RcZq4u(EYicxtiUql2@D#u(_rG}H-I>Gmrr^J=(N)Ty=l0Y19e zv;g>;`LULZCjcf7A+a7UcMJfW|}RoaDVNTW_*}kK$#VwNtjSj_ig0 zW%7X2o=DMTI%*^&?g2jI)we#ACKBX|Vx|%o%^RVjC`zd!+Zit<=;TL!`mjrs^+x0+QOP=#>x-C&}9`Q;0BDyaGj+_Xq1Zgj# zd5?cG7b{Z@lpv=KWfU2p;&N5AL!dGt+BY_$*389iW?$atJZ7A(C#WiV z&s%T1PyK`p&ufY3F=tBtzQ^p!Vclc(tr6r9>=K(MFv^q&$zq~1htdSG^fUx*vI46w zE92lMQJp`sxF+!Ddtkaws;_n|lA@bJ^yC@wqDcH<0<>2kR)G!6ng&B)|-N{gE8 zr@j48Zvpq8bnzSQl3^{spPlLzc^%U-lDW_f2=Ue#25zziy$Id%fF)JG?zu0C^;Qaq zdM4W(wntkOa=*1)|2q16w#@E1t{5`_`tfXG=k2|?v{Y1NlOYG5gb^DX>xw_(*jUvy zX%re1F|fZSLJ~8?B;ro`H8u(}PBO?}gv&tBJCWmJyuNc9*sGYIe-gv9V+mQBlaT%tPG0n)3aJc-`?)Vo|Y|mhGg8 z`i{Rh?<(NoS=l)_c!aW#6zC3GkcEXfl4wR;K;;uP7L=)9ExvS|ufnn{JJN9}`|}9$ z@$p@>oUV#$TaohtAEg0)$LFg}gCLW#qMwm!j>_nB;d>ry zNzJZq-k^rR^xjwBu4~{9NI-{aK$0W>O;48>4e0?C)cuuep z-E+tA(v$Q4BMH9{eaR(Qb5KGYb+IlHvDCjmPdv2J`-PVLpkrSpj|14qvBZo_#OK_w zw&%4mSL1|%Ar0t$Z9;C*C1F+qquuhPQ8-s4$wzN$-0rDneG z!>U|mG}IHU<`W_N25y)UvSuk$T^Sxo09#^WBF)6{g2FWH zfLJ~}4||7N_Q;769o4Nz_OD;Zf2=!Gb%$?y+qFknPnXi+q?m9NWh^~c>A7aBUNz4i zh0`a6C@${9RxIjfyJZFeq)ul`)83`?YAI>i*?f)?V3F#CoX)o4%x0EZ<-?~dpyK;T zn-hIxL?q^N@xYs{8CXU9OGKfGZOg2GshX#+k*{$+FF}F|~e~68RIH2SABkyhv z5&OHYxAVxR&lS~VNGM9Ol=)p*!e1MT9g?niVegU0w_A7Uenli~xJt&eCp5Q*>%DNh zk@EY6f6l8~lOWC}KnhH~!dTRGvY}24A20?ztUF(I?*dp@Sf=hO1~t&b`{9J1{J&B| z0l*q;f*y{w$Ddd8o{v=)P~&r=d0AepzmlojV9>$;5>?u2D)DyRRq+_{uJ=y6NpiM0 z-G~QwaXI%v8k<~MTL$jRgaA~LFQ||Z-QnRI(|2oo#*<13{%*oP?Cd76JK7FpmsDOq zWR}rePj7eOw(^wE|y@Fk-W{U%=A?x(;t!eyE=gr=Yf!9pbMa);|}tu(0@JAaIoab(RmY(0({B>UVkIAH{KaOZ`#ynz$U1&h&5w?V^>0a z350iE7Hqmsm7VYX_Gu1D#c!q?&{-TzxjE~S`kYNI{eV45|AQP@vM%Yvm!*p-_(Cp>_~k5~!i|8f(^ZsSAYP7!Fs?A<@!W z6#QG6ty|^;kIpl9d2-ZUsSZAsr}013H{Y?_qE$jne}kt>u+Uq6BSOfYOt=#8h?Brw zv9x7dRSTAs_9uhK^DEIi;abb>p$>!ai%TvfVpewUYBNkk1w$FScS~ncuV-8GKQM(= z`BvL@_hR4s--i^Rh9;g2Ub5Y+|J0_mJUU!@3#`lAs-%tkS|-Xx0fZ6WguTfyOkk8BKDxmmmQ+nr3g`E#bXYME$EJohqD{r>O*Z zXO@bZ<`0o`{ijTnh?e2mDe-xE7jdz}e(`MDV+rCqX^;G8v~Lf|Iy=w(+*fnPDHtTD zfd~kH_=ZkH`B}M8RR5XGh#z`A^=8ndiG~$lAm*aPSJ=XsHx9ke%ILpR-he47j{@6@ z%#L-9VrCL^`{27 z0TM-JKitDbyy82e;Im493BPV8q7Z$*?C5|8By?+#4&N=VJi;`66APRF=*EJDg%Qs^ zH|=rPDzld#+#1R`@P79y)8qZ&?!ArPlxG1SIVyd(?xJx1EeO1~k}*7k8?Ddxmwa!J z!q*fVk(CaYz(04Pz)MD^oJXp!HJ6|444ZORB7FTL*x7{7zg>cR0jm`MIx5(QSPKC^ zpbB^;XA*Eo|5Rf{FREb-sQ}pJjAV4Kd|ZF1fasc8g1`<((vvhhi!thg*jiwT*lAkT z`yP2QtO{$l21FAM5P|Ae-4x#FDm+~4M*_4tK$PQ&B)Jd&x4rvHpY>9+v)a|CKC3fbT4Vb$;ywc{GgDsGp< zWRN*jbV^xCHzBa=_C)&zj6v-f54oD3b;Y#5C`~SY90J9M{1w-d+upniZ~KMnqLN=+ z8ST7!c9N^IyDnS?rhU|OzmmKgzg*!Y(sZ3p2-q&0|AS8>5dmd>8@b&nG_^X8Bq6W^ z-?8)5+XKx|jyss6z1Xp5_EWW_dPvO^BVWd5cT@QR)$@NNyL;J-^nt!8FmI!*vV849vzNmy# zUzJW7l^s5a1KD-3`JTI8%L5yb2JO=zNDb9>Q2Cc=110qf`JF~5(aD`q0b>L^m`*L2 zLAa(L9W%X+E59sm<8Ngh85qR5Cda;Joy%UCZV7;~#vuIjAp>vUGrbROO)Y~eqpzty zq&{7Fqe4z3!bk@#V3kQ<$U#vo+4nAt2PPXehX^f(S?%g~QlC6UA`?tRfL<3GXA2OD zEEwRx9Rr8>onjF1wY49s?tM-7q%_BKVDIC_-IW)pPn@*rU6zA;JDb6?K#@|scVpqU z&4Ps^d69Vz^S@n10mIU2hE8l^i|K}Q-jI3PdAhd_zg7{`c;h?$vy;z71Q4BWO93kuQsP@lPo(-1acYEQj1^$(if7_^sboxQeq7fEii zx%6=I*98sq8=TfxWa#2E6C>|$l#}~Ew%yuFHZ6^Ky)}vTiVR4Fl#Yt_myx{k+I7_ zNX?z4COQ9Qp7(OLH2B*r;;-LhkUmie!f5G569!{m8dw)=63=%HA#8bItnN_~JUiFz}F4>@}H*zyA>>9)KY z16rHHnf9bzpd_Wc_}59}SZimvLvMIGeXEQFp6&_!6(%J#YBn=s%wXFC^)@q*^S(7YpornnUABN8F=n&}dlT#dRC)=d zfIWD;oOkthz8^oCi2GuFmUA-o2`MI zv`6=rpL&~IK6Dvw%il&2DZ;zZdAwGMlqHaq+60V$?UIOPB}(*lY{89vp~$`A)W1Jl>iN-$xwHx8^#W_Bxpp_azzp0~z8^LMekK;rU#ctPaL#h|Tnbn9 zmD($2hZBZ*sg=Pq{%`MD|217PD^iT`wTYLiYPL%BQjHjosbPMOv+c=pveT}+8|yu< zDDV^$gQdftXXVAyaGgriA;Nj#EAKE#?JqT}s?3a;X!ZJPJ{gUKNa?4_x>8u$y7iRV zCa#7Yx1Kw?%2MFJrzKa>hKv}zO)_7^;g!d|`{8Rs3u3-FqFQ~H$P0+oc5w@YyR*bQ zO5rAjHe{f=XZz56tUC`2%Y_h?cKo2XNRI1@v=_CQc~de~@F5lnO80LmNRig9ID0tE zzRcE{GVmG>{fvYpUej8e0cSreg0s*CKO7Hv!oMqMyvW6Q3D_MfXy=XcxuXXZmij3lr-kfcph-fAbpCj zz;Hkxbak^s$T}8$wFzYN-3ofS1v2T5B%jl%J>A?4fr$xAJnjb#6Now4LprL!`^iy2 zwW;RQC*N1Ri~F{{_k#Bg2b#p(zfQhulD8_$m%F8 zxT;Y*uTD+A<1s<1PflFHx&LK_k`Q1gu2iq9-7s-zA``)er#voaU!f)g&acIwf3vV# zRmi3%?k6jHNPhGen4|dK(gKohe9fc-$aFd+zV`QMXhOPD^2nBA_7j!UJw=AQ@#DiQw0Ej%3#x)$MyFs|>$cY(7lVuRLlc6TV0=S6Fm)bQl(8bG& zwYAUGQ7!cptE!l*Fg^*ybFw>0a5Xk|u+0Vb3A$hXwzY=;jn_OXu*I?Pt#}-ze@1AInvtLg61G&C&*&fAUf!-bcIA+ZJ=`uZJGGP9WsW8 zEN!Uc6*qt8)8U@uwblFwb*kv48P;EP*a%7|tSMFMWdJUe9n?uMKBTX3>4?zCc*d)j$n=QU!=(Z7p_ zje`RY0;2v)a$OPAF*Q=8-yfCB3nhL73ZvmTAiIr`?@ISuRH^TEOl`WHx!kVKly5Iz z#mJU3Dyf?xa@|Pt0P;fpdd-iwim!L4=&W$w>f&MW#<1AX-NTGXwAu|KAS*z?o{v8i z2dUppJ*7$EVm=PvC^F7>T!bX9N(y}OQg$>Jmh`o#3I?9^}em(ON1Cv5S&+!?Vi?7R$=R?)H(z7scc!X!+NYX-GOjFbv#7zX#sJ7qAxgOUC zx))H%NmbUnPiK${JK*jj@B`tKA<0C-TxZ-5k~z52mkCaZEgybBzB!(w9?`Lc#racU z_DjjzOxT4LNi8Cna zz4SIY8UUvVNJz4N(RyE8w9jy|PyY?iGs5?6Tzf#eObK+h*PryE0v-nF>uyuTM|AA! zZ(?n9WAQD>w>YtR@d<%`2{^8~hW>Xe2Ee>{J6(>{k;a9#c}@E{qS#8oB1ZURSiEL$ z<6i&2eY4V+%sq;x+RBwJ!D6*EgRLP6rv%QaP9si`J`FRdP9jz%uD7{oO2>6l4T22D7lXo%2&^a5AR> z4Xv#3&;ws(P%EF&9DF7lovMM|4Myz=C0no;#Nspt9FVJ|Ao4~6zeDb!WYVdqEJ8$7 zla;-hVx72d%8}g{qiIQde7i*2;!E4sMo(uDK6IXSYOb9r2zy@~FrR}gDBH}oJ~x-d zj}q1RX~&SMu=`IZE1Xq}3E6dYfzK%U62<1B6sL)E6SXG zr|A9jS{z0{Z#5(p|JJL~E3JZ#Q_fePAzMblTXwI=hWX#4GqdDm4J#R9*t;I#%XJthdbHqnP-NzHcOzR{~&KcOrA& zS9i>D14{PbJq%vk0q4`tpH(4j4g0n3DG+Gh1{4AMh%nBpoWl5nyt?cd0mgkTi~0rr zw4|FlRMVEOJ4BPJ*Pl^zHjr4-J{BIWy|!BY`~ZBt=0#9_I&AY$M~VeA?Z4O|kGcU( zj!<(pj+)!gm25xtY@fOOH}ce-_jcnv3JwbqLfFaGT|T?$&2o(gXT?^WU=|F^!3AcK z3s-6AdH?{?oHQ~4ag}Eb#(Fuf__**P-O}n^TX7;_<`dB&xbwLnq%_o@gWsQ-^a7sLi>^5ZT;GK)tS$J zKsE+#9iP_-zsnN8_jiTkd4)NBGaZLL>SWyCuUc*wUk;D-8WI14WtphJREa=H9ahQ^ z$&!J|kDogam;0ab@H_vy5dOT^W~|0P=h-NM1*ngR;?OpG0y3PVWba=d&Z z3QaN-z3SmE6ar<<6n844_g2G3!MAdHZTvx7(K8;-ji_DHw0DOA-pj(Ht+E^Bnc6J7 z5oiXIiu}RUL$@?z(|9X8&=t5I~kyUkO11+fm~mb9RjkH~HbA zXY4Bbu|0%{8WKv%uxg{qAA9%{=0)R!;noS5ou#kqL4p81Zo|eDVzi*bzp0LB=l$8` z7gd6lnTUzR$pLkVGlz84(l&ZLy*NC$;jNO3YIB&9{3RD{{MX(~z$fL2e62FS3u>0I z6$wAt35!m|vB5mjsXwM~&@i1d^clgev7cd&E|A8l{6^d^{>;Wz5|{G4PAF2n@3B9t zkBJg$Ei)a^T0iIvgF7(B3f1P3&F6fN%ZqJ`=gyt)BHJKPM;i$fgb0eMev$i>a#^o>w>04qbk}?`a`ezm`&)oe(?q17kjjkqrK~ zrh0O?h?BJJ9z2BKVu0tVr<(T-W2u4Hq@(R;$3{2&`l3Ko{?m{HZliH!RW0sgs+O(Tgx{Hfp`I8NKT%SdTRcp2mG2Ag7%NQ(fgA+BY9%+CH%c^p`8HDC@?Z;)WA5HqF z6HG^N*>rEai?^{vT9AJFCmjpRK31;_&;ysFn~(Fa8cmP3I`j`7+vzz_>W;O=7K#}_HdHdl`JU!;|z3UftEJ$fyzds4d$BQ$jO`~Lph z(&WrrhR&$m>0U`x#ioccA-}^bUXn5t9rRr3C8(9#DgD(yTA{yg6_iaS>+tBKe+E|p zH5bjk#qH;whgypRjnQGCY+Avq-;aOW9B;K?{Y3HI9gH`bTG|xv2x*C$tK2tPKbBU6 zI#?VjM%50kfJ-s|Vff92U=H`^h?C?cLlob=iZ|hB={lw91)cx~aAC8$brD=s zkSF2MjZ65iF$OgJ9pBF*K?~eH40mS08cKl6CV2{aiO_>fG9#m-H2NhRjV9^@4hi`W z)+I)vQ4A9d($Qe~os>c%h7bj^@Dbvv5?;edOVjD2Fp<1yMs`0=`R4}wi4dJeXfpi5 z#u7Q>#!h3lO2_T65@#ADNh*-B%eRRw6Om+72-mov>T#GdNVK2hHZ%L`4JZ{cwp!Pr z@yu%zLCYfKJC^g-O}uBQ%BMf|?7?7!5i7i?#djnz!~53-V{e#(uP(yyCv@_na@~%s zCvJ;;;IM4nz$%hk3z<&vO;YW1csETe6yMU+bx=9E#Rn0^9Z)~@DcFsviHW!hB(%(z z3m%mSF%ws-Z-cOcI<-EgdU`1XJ_UzqW75Duqum9o^&jSQfuZePpqZOQnn31r+}5T+ z+g9F2X4!D*NKjYOhw*pjDjNvR{!f969&Z{i$J5z?IgNtW6n+ecSy7L&bH!+S8!exxS40@gST&Yn+i$hMKPKUJ zm&-U?A?1XI2*tA@e+7jS(v~M%rrDie`qJO)kZ4Y5WSO1zuOW;iC?5serEI~>&ftbW%XN{4h(uS=|gc* zpJz4POj&fzp$DP>dhT*?D;^8@{~%~fr@`JiG5D)iqg?Ubr*vf!lMO_{YtM;xc04U=e)A-JL*+bZUj!-h5XdNdFI_6e6Lpi{sHH~r03#m^- zOWvo3VsmUe!FzMfNEwsKuAWca;L#pJt4rhB1|?e#8!)@4CpvM$NuvdSb90`I)V=`Ug68)P1sh1(ySf2hb~jU(jr|}F*1XmdB{S^$5yI+NfE82VIoX$f zvy}K5@YPMZ#4kPhd%}0Y^_;ERm56Ug=<>&dX0|@BThV^;BWJ6tfz4*;k~~HsIh^cE zSBuY!C#{^3i-F(C&F-3N2de*+TkL-j;-9qEUdb?7uzmymhq7#mNe;HW4!Eq%;Jo%(PQ6>ptn+Sp}!a|Cuu?23vXJd3-pRZZ9Njqa3pgs*qUUlT2q?1o0_8I| zg48tTkyD)Z8g$?ryYR_Y6D#|MB_WPkUr738JS4$%(XMNIsL{T#Nkor0hl{gjpb>w% zc)5J3!;-SFClpDPjupO`-_+D>P%4>}wH8d+;cmEyPZJ@GNU$E@b)tOd!_naADhY1^ zUwymgT?RO=R)fHI!N~*LKBD=joC6Ciqi8V=9B$S>*>LOdUTtI{eSD|-T`i>aI_j@; zZQa%QBC#od9?La!zsKFx<+0^^b8*uxR1Guw^=j4^^*7wxPMDqGze^r5`UdvjvZ>XF z&x>lANYF} ztaicX^=qIuaQ{w2IAicLlFJZ-Zq^E)zXtBak63Nd`w^Q{=mveM%+*^*BiTN6G!pTO z*19*0b@nrg4#FW9O-k`F#FKHAbEY!%#q_s?Dl!>M2UF7$*Cj~MSP7V3=ac~!3dfBV zTTK{6giU{2GL1m8t!ND9GImJ%+`w|%ju6xR0;ek|@T(*cH>8xDLrzuCQdnf^&%Q97 zfXCkgOy59Y%OfIMIMZ(#g0wp$I~gZS1G<*U?eBPP zhIi>V|D*1Mln*n7@$8E_%QU^V-nB6$L5g zFcKtMf_gMXhzfLBo0UdKGEr4}NKZ{J2&%(sIkZ)5K@Qy>FDGesZC{1~Gz?qbKk;vX z49)LY+pej*!l*7Ja4LCKvy2yZrK-jRr3hn*H$|860)6;Z?Rct)0(@!(qPJb=6u!yU}yY< zxvM>p3eC%slT4S-Iz9x}pTICWtSyP6EJ;OAY5B|nxfTR}_k-KOUTS-$N}_Rxce ziC_qK<|kc=_)is?-1@0A=6;9+=*V&cS3NvbxoGXhNltpe<;F7kd4S^*82nIahP-4` zzn!>WUpzjl%tlu`RWBW!wy$(}`CERtBWwyBW%K*PsDib8#Po6NdCD~z5P)xfWPZ=# zO{4zJ1M>}E z`1g4GDYKIiFc)Nl$#Ztul$X61m9Rcn;v9aG0m{RiY>HHoYm6P;wSgyXAu(!aV){!U z6Z0(Pzdn#XTqQkc4bf4ZR;`kL9CuL~+=k2hl^Megb+9y4AbW*tu^^UhpbC@94|WM( z(e~-6C9%qntCd2*{>o>oY<&E^ttfT_hiU5bW#LJKiPvDL`WlHYX9MVV5d;$B00ZzsF)`y)tVJKIYGn7ZhVuqz89Z5sH>mnn=yP zxPr`Z({1J&@k6O>0P-61_un~#<5qBsRNEOvOkq2j6-1EA*Dti`fMtT8YVIXOEiBD8 z@(_g)sJ-a2g7UZwYi_DZq1SNq!3yA7loqe{e=xSmdY!KM&%Xlx@dr4PZeo(2JzJPF zdi=$h>nwVm{YX(zW95VRi7ER#nI%>Jj<26nk^+iXB-(uadYYdaV|L^?F{ye@?|;o$ zL_~1GA_W6Pio1Z#_$PX#5&Ge;J7qLPQV|OWR7D>R4D-ReS6H zy=l3fyoCg?1Wm+p)^05D8%$L-BwktnX@U%Jl}$-&-rX!o4+9m#2pc8UVubE@#UI^V z$TqXvf3mCW)^?ABH^19A+?u4XMUB#x%eS+O7v0St2Xo~g?D$t}h@}CXw3;Hh5L|gd z-Pm~<839qZ0iO?D+6(2J(CW-hGAAKf$g-`tJ&p1qd3gtPaLV*5(UHj*8oa7jIlyQb zlp3hZ@kRJ8Lx6*E^uxLw^q3&bqijSaco!4^u{!d)iacb9y48!*YeQgMpNRYTs--|e z=FZ>NN03XG4Ju(PzCh6(yq^5@=_gjzGHKY$p_F~xx?82Uc^t7v-6I&6!NoQ5CnWTY z$=Bk8e>n~I&uRD&izcSMOt0;ZQN!sJ8U3Mv^7O|Di#Ts4k($BSQF0f1RuwhJpho|{ zhMSQx9Qeo;4`~ps`JD)vx~%mVJ#c{pzk&ybB`Bc=Mh|9T_|WRstF}ej_6Q?<5}j1c zumaa9p%SYRsKdhBlYQkfhNX2K1BnL^wsfG}jWV3UCu0EsO{xO{0b${`;yD3TR5`fT z4AK&*FXe60l6*GT)}dMGm8F^$RKLhsEnItt(#bFPjLAsYsF78KQx#$gg)5+YOxu6(nkRPg|F1vW*S%YgkT$&A3MN90CdMo#%ZOS^R_BmO-hfA&Qj;ocvtG3?)8 zUZ3S-M1&2$8OYFy40U4La&4^e7r$mN^mRF_v+2M$fURAE)d)UT>2`c+T9uT(D?Adn zlXv}yPM5QDvj5HFc2k41Vc>Nd-O4mklEy(Flk%sxNEgM%@AD)fIn$TILM=BHbH$`) z8}AV?oz>e*h6m<8BADNc&FU5U27sc4P>$K;)(iR(5U5I@nMxF>r8ulehbW`?{t#hH zz>5}EqM=EFskPU{Uh&Is^m|!Zi!i9Zm0~dLY*Ts~X?=6x>rvVIv#9tb$MF6q0<+$Z z!IV5Z*CU|C4+GqZG*Cc-s7dtHSZ=NnKE)*3a}N-**-5N|1(gMBy3unFI=33hw;N#d z%6P26!nLOk1CvEHJ+xLU@r{E=#GsQcD2&x$G8fWU0E`ER*CHY+bnTH`$h_#X_qgx@ zL0aLQFuKK+7!(8Ms)-T(3b>U~hq`jpVd=SGdpuH{9c~g<}}@Ky!ctq2EfD z>sy-IhQh#&sIWVwxui`i)#7&j3X-XKNUTxEKXoTdjc0`4#Q`gnz-2ApH7c=PzQM-d z(~X1kb{4ljlR_zft=DbGkH?iyMRWBX+)mDxmsSsJ?{t%Eeojs^Zt?%BqEHFVf5$Jh zQ7oA{5E@pbr`4(Oggw&cR3!Gu;R!{_TY@8cmphg2s@po+N#e7cN7g_vg`{h7V05CP5Lie zdn;Rl5qxb47Phrs@*vmB*2_-EtNKaT_shR90AbNexYe^IXT zN(L1PnVL;bux;eEM&N#cYoQw#nfQ9Ip(Zp+tF09#G6rhq!MFT*gq)0!sFHMc9h5Qf zar`;ybKNf@Hfl-DbEwb1^Xa+E^mX$35=YZ;dOU;?jd3R|ryDIA7)4@KGSY3?_S2!u z_T!_j0wgP%e}kJ<)T!qA8=;2B`^?HzTn)O+>;Y*JrNP?d4ys4pyyVYcL%O?nME5cg zA6zVb&6>2%VFZPs8=eMFk%9sODJzd1r=hBDGD*!dLZ*6mX8My?`>Q+YpFRYeecl+K zMw#T_j;OFF$0X%d^NmdnPKz?uGA7EL;X2;jCpKG~_Gpm4o;;kX*kvoA3@U6cy1$+P z0J=^8JGWnR2sShU?^l)T>zxs$lpaS9adK@2a;4Qs;Sn{?=qlFFoMWQNa1H&&8;a(7 z=)-{YK-!}&TA}Nzm7tHKr&?Bs*oYNWg{*I3ssh3Ag%AKALIOHX1Xg(d=916=R%J3E zI~-NJE+y%YJa~gy3mE!RzwyW(83z);f}E)wCkP^=sKKfLePrnM1mt1uV$P+vO^wE0 zzaR%K-Ggfc7U>1jApA@Y%gb7}6h%=HRxgi0cW}-?Njm!z&!G$J=oIE2GlSet5D-+F zIU_d=p&BO731DQ7kt7;nWG=aDV*o@&WOsS{6+fw6Ya zIiBQ$AlI@uX^5LQQ4YR-7OuGT(4r@uD;5q=3*}woBCME97{qD*T27tAGCU+r*h2C{ z(W#*wY1N>H4E_GB3y1hLck^{skBiv2g7!D&Y584l?r89*t5@dj^^!FCnH8+r&Ja0U z=&7~b{&mw^{fh<|Fxs(>IoQ~G--%AV`Eoo=^U-I2#>Z0VchZ4a>8C)+;;0HWI+Xj)84_S#quxRn(DQo7XX4r>BN9^8dlF^Z$4{G*{zY66f>; zTZBuj2wF&;h%G}7GzW`!rOYO}+l7*2*TAQWkz1-rXl7S*2|zRz)F5*jQHlRs0J#ss({#5y zu+m{!o?9AqIpo&=0zZ+sz1-m=cMFNT$?cj$0e;$#V=XS|vuI`Pj(Rh4{d_%xy!PUu z0_r}r<2EGuT7d{zfFbOb9kKn2pp$ows%$%d0(#Iw2?v5Gjd1f)T8W&+_-@*?7l?MtZu#Cj7`OHxec z_<4-o&n_3{hVNXBN#G{10)`1rAn;(|dWpNrWsUxK8Grm4x65%$6cFgMy?Y5>`va^r ziq~7`zmx4Oein7Nikrg%yxUOS-@4QbK4m;{wRk@a+}kE+5YrL0kU#9zAFt^ohsb;i zx2KL2;{j>=l<(89(dN=+QhDdc8WrROw%Gc0U` zg)Kz!cKxk8&3ZwlxI-uuQ()4f!dceRk1L4dDxj#Si2W?_NM9QDuuhWO#wW}Udeo>; z>4aJZ86M5`TXR`zGmf`A8R*Qyz^2xBKFl{iAh#;3Ev9$5;0louJp3z3f@kaKn!3|y z47=XKqxqI;JkdDZjZZZiv9nK#Bq z&RTUxiX~Ffp6e)vU5e!`+>F*s?z+-7NVoD&G^YpYG4E_FRL69`rMkf<*pyn%;aT-! z)~OqJ@nbbR+o$Jm;Se#Sz+>nhQ-wON)*yly7p9cm<+EG+EZn;D%dDc$#{W=^p#$mv z)*D#;5xKj724)4nvMwKwAhOgS=XaN2|9~ux>a56($@>bPXx$J&7(Vb7jb{lA z(19{qPje3-;UU!!l70%TaJG=Tcwc?6&V()5eTm{rrK_8EQ9;l^+RhR zF!^&d2bUwQ#po(2B!mhU4p9P8Yu-W47UW-tE z4_$1u{`9Tyj55*H@?e578n(KH;eIe%_HA_iN$5>nqd7~n%DHOw?O}MM-@fjMQ3a5cclT3|?r!=F4)+0b96KlWwJ}*%pWL4UusNR0Jk4f`e+Rls*V0 zaTHe+8jvA-Qxh1-S-B{^g;3vVE2XQ{jiyOSYC5$--HMX{--DLJPL|GYu%xEGGKZg1 z@>Y7HRJD|PJ{FM<_198r&H^x6#0ZffySHm{0$-8WK!!OrwXu>XCrmE7X6YWISK$!xQW^qJ4#vZIixGFl1L}Hps-yp#dza8XNkJBTV zP&)I}8 zq2mBuijChMAOg){T(K?zuI@zbk>h}uw-k~G#7Hxfdt$$;;}U36xwEVRa}HnrxZ^KG#tf#r9Kg zF^Pu9hLz>lqy|F>s8v&m^*=qf>?%Xoe_Wso<#f785XsPi5MX=_9TM-TYwg1R87&^!A#qcl_^CW*C>R&zB@YlQQ7VLB;%G7Dr% zn084^DPNrTHuDePIt*o!T zbB#qAYT}qiR5HNK?x6gqcCcdQSK9no4eOKb;ur($s_18wJzn&w!#^$Z=W8^uM zDg&&uRZfl3PXyT>Uykz)X#C!cgq%{L@;J;JYnFr~_?TIRhl(38*M5>2^eGB4`7Qc} zPWw6DBu`*>>QCXh*{4i)^ayb73HgnAzk1x*#|b!1b}n_|8!rl-3tTm>E&k+g|2&|2 z^}ch74E~Hv0=-kN=12cSQdU>6WsU)cvlW;9!#QOdbvaUBn9cVygVv zyO^-g%G3)OAb=|NA|Q<{09=wX=Tnb5Ei3)0ZO|P{Q3-~J(4%JdrcH556{v)ADw}u- zaD8iAe@&Ji`ZQtsGHWr$)#*Ov@52fQAbzouLAQ`Jk)apY=E13{4UDwvBej+yIe{fK z2)-&OKNj#r4z)rbFBNtt_(g+K;OSasRl+5iLlSA=YYNzTQ!;TrCWa>AxO|BTlfcqP1G*iWX2 zEuL<=B#OsHfJaw#9N4R+DKZV*aJmeQ40oFc(Y|V)aVAGkr69BCZ5{Tk#uiE)LdbUm zvQQ(aLl=0<7E1==P?Ue{aptlt8#-?%NTAxFWxBgGBR1AX_ktG&(lvrVrPT|fJw3Bs-$zOI|quDjKmo++);pB=Ae z)joT4XxruPzGvWg6nd~^uPz}#H@sTN^L#pXq2|+`3^^K@cQWwP<=;148<2zao@pt? zmPHui;@kAd;hs^ZRYjPpk9`f#=smhL|?IG+&kX{kdw>=`q! zZ8f;1VrHS0VqM~^oLtv^+}6ByulUn&LKP<4=N(PXRhN`F3zsO>MO&ZLME9?yPS1$^ z`@XT-ccI>%9Nm5MZCufBM|E#8JS=SEW~1vpH2Xv1pGVuv$NMZeZN>iOFS%4)g?AtW z_!iw#y9?8PwePZYar)pXW3?4F{p>{XD7bc8M|T}PKDJ+foDMfEghL`w z9LjpR(Im|zT3NaIy=W`Y>TflhMS4c~0B*U|{&VEAShmu(FB$1Ig&qxCnNPoX`w69# z+%l=k%`pUsN1hzCwAIpw7M3y8%SEom(aK+7of4OylUtI5sKnpZk;a*#lYvwgNdKY?}T15$Ph9NHKi4Xd(zow9Hr>6|wtXOg2djHMvOL z>Mm9{kf}c3<=4!iisqTGtHhP}?xTm(p;$*jps}8?91i;g=H4i2m^ML!PNyyXpAFhNX@ zJ48LnC)4{Uvg~LE#k4u3c&(we)TxqQ#TA4G`S^wd|V~7EdvUif%jU*50IkUz{`TA>=fE z9lL7vJhPSzNIGcv+g${~%Th?num6zz5`^(()3f0Df!n6|Y*Lor`MdXk@`r`U!NHv< z8p6Y;^UP^BgxljU=f#{@;nhqioBh=5%V4|t57Ly$C6vbh>VzK-CzX@G_tVQaAMx!I zRo=&6KK8S`{TvQU#atI}A09rgz_G~!{%={a-GaejwO3h7}q1COHbk|M| zF262THb_tE4~cX(eNd(|bdoVfTIc`e(^ zGQQ`bs|dpm%j^3$7qSu^ZGlEu*8t;{&6J(l#deUDLnbe4ise(GC;+NIlZ23r0~;ly z#XJnY66*Jk#=*$=Z50zHc#3SxVm%k`mbSf^=7mP$hktd#LKGqnj);OXtN1r& zzu;d9ut+MBQPh1&1eh{+D#ej6L9r~Nm(*e6%VhoFIRPbW$z)(_nmBLz9p^67yd*bl zA5Tqjw}Z}auV{a}l+P1~6Hw$753P3qq`^3&N!PPdOpzX#Z7xhQ<77#}na{u$s5Bu- zZM6)~q}9<5`N=`O+v`2OM*S~lEOMK&+lxEVb}s(+p6AU(x*17Z`pCMf?&4ZEfza89P6-0`JUb{^aACe-=J0&RhxaNMjIB3mk>9dz zCI$8gpPk-Et=ntCS~<+{2Qc9wJT-Cq_o%p&#Oc6h^54|ImR@3NTITzql+f`@=f%sn zNd-!bKW&J{wM(m;??VQUuh{497oEr|=HT5&(t;j~Fh8Xm*}&#)%)${rhBP=z=P!;~ zC9dz{jedGkIJ?aDg)uHte8s3R1j7M449EBNJYO~3{AKnK%kszu4S@1-i3tGigU{j3u8mI>t)axyiH!Gbq9%x&z8^u}C5~xPCF& z$%$Gx;V*oaWY^x07b(qA+b3w&rdtWsevjR6R3<-jO zm(OA}AcuwIWFL#GsP*Jf^YdK>X<1|1-erj(jI>?jhr@F&KveZx(V>c~Az7TlKz3>B zZBm37`Lm$2Y5pq3$JgW9O|fbD96|8cQmJDIMEeK;0Mp~ORRTx=VW}83H}bd`6k7`j z7E%FLOBM-`I9ns*J4c!b0mc##>j_WrY~)oF(YP7qrz|^1gGR5Su##KiF*tTu(0xs^ z5V6yr2+V&RNzWRcYVk$pLP3)KAVC4}C{pMPr7PRIGUnQT6-Tn!Jo%hA)!Az092%c| z&d7{38Ib@LKde+G{dvenA0@!y3)8Fpau7LhJBh`576ghaA$yvuKD>^zgUGiBnU-V> z9;B&`?>ymus6^Plpq=jOdqDF!0Ya?pXPIDF-4j-sYX%HzVc;MdiS2rTwrpdu-#?D= zOmn&}D!U#Q-a9woh*Hm5IsyE6cYbsvOtUOq zmXxd6+barUFHO^b`|0iNg;sN(jI04QDqM~Keu+KX?KAIoP%85s5OCS8eBou594 z%?$j3kXXl1{#q{n)VL#HLK6_AZOy|-gFMVD@az87Q?q+cb@r0nj`hr94{?#@r1{n` zaXC9Hm4>Pby-^0}ORP4Hzr2p>lY$H4W{)WOG2-wuj#`SD)nU0=7}T)yjicWDQ!kEE z&5XDyx8p+FA9$~6xp9h`NEoR!Y+w|0M1(kfs(=u;_GApGprJQR&tI>(1zvORP9l#s zixP7GZ?X_tBWxiQ(GYzx2i)&SAb(D6Zf07BXFY;wH|L*rNY#lj$C&MUr0QMic=fT4 zS{h+U@rCUKtJ(=@_SD(azR(uyiDYQKbA@hYlmPG_f-RTFdLYk-q1xK@j4E|nEG1evauowTdqWYS`nN8n zTwy2L*37_PYS{8O!q!~TDbjJ}rWtH#qJaROi!^}(YK-r7wk{?@k~0fEda~%<(mtj&y&k4K#&i{R1ok`b5S)a9pDe&`3(g%*}-4{bh^O zZEMmq{jM|&b~7sb;CCr`7v6dKxDO6TC8SN3^?&?$>!JI46~*MUjkwoLF!VII*!9%e z<+(W|bYF|z@i^eVeuqV)--4s0S-Q7}S8HW*KR>8>47Q=@E8J}ZU$o$)Cnsf>2c2yR zF05=cO#L_TZtIghuPWe1p9}pHMd^v_k9Gr&(VG+;6Q+=z^+-Wk(qYA~QTSI%GWs6ysJDlplh(HX`g3a0nk1tna`nsZD#vt-sG z$c#?%Z|LZD*>~!ieT$HV91fr{v;*{0dhn|bC_cv3CbZx)KQ^ZYTVX$MpX}c|o7)LV zFJrD)pdw8(lXX^swa9c^`k>^aMU zZ}+DKM$tMH%Ipk%xiC_pT_oa#xKL1M-9aY4{zakbX5?0=rxStrFO-*N8p_QGc;idO zVJVPWMA{JBjK?x8f7i$&)1V-~Slb!(1g@pOGs82V^85wH}Qw{Pv(l$>A%QM+35(4x9}7rC}W@; zCdfrf8jBY8PbG^DgnZ#OXsvimkv1cPwqGN;s6MU@5HO2eIX)QpAQ2%tj~SVnae!-9 zw6ojyWSW#h6))VdaZ7`7P^C~*&}8SPgw#4z_c1&@6J`xH05k-kDkn$INy-}DnplTj1JWH)WH^j34|G{ z(&hASMW^C%ISb%T{)MSU-Q%N?{foOi%X%yb0!?d?eoj8DBMK5Ph+PS%PP7dRVmzne zk1DE)unbHYI|>rqaWxg|ce`E`O)===>2je6ap`V?!*6t*$m+O=bl?H$({yiGs*2pJ z={BfnnKA)Z#fbFA8G@t|m#vSj7aR09+|OUwYtDMo9?W|k*5d*=7unGdF-_swzMDwp z6x5~HC(g=&(r2%*Q@`10pe-PwvRX<0`b0QAi=TuU#UEGCNfj*u{ zRVBT`HzFw4Wyw{kSq>=mo3`1dR_A0fGy_`15(3YVH#>M?Tu9hPu8}#UT}t))(dxn04QBX6cNhGa%uQlyPH#qCC;klD zb^6eE%NeT}>PoU26U-wEpm_gA0kg;X@q{#`u@Qn_$u$RnixJox)c)sB=hYoln%Lp{ zUqnbCb1=6??yg{kd#_^_WyU&hekT2M+jMr9iusOt*QskuMW!{t1;Z+}n)CC!0PboD zC&s|>oNc7|&YS|A_^*id+Mce_c7 zzpv!G68@OV7S43~a=oo~`LX=etpeBL>JXJMLr+p`f&MS`f!_B&XJq&}Dlhz6JSj#$p6GFraZ%DF%#RAB$}rtwvbI7@`?t6hM1;~aOiEWJ#@O^q)9FV?gPjIj4S(LL{c$=H0qZ^qwLm!&Br z^0~~l_xX$8_0sY5t7KhcA&9~{5Re;$s=iFxb*v=7!=XJl-&*(&E+LBzNU(dPklbTI^-2?G zzOF3y%ELRuZm!j&JHL7EUA=fkDqK1O;(++AqCk$~IEz(Rqmr~ zbdc~-KqHqiuV|HS9|j~B28nwCqqym~Jn9R+@$e}|3wl9?hH!B8*prvJVc;4(vRCJU zVx{&;8MAd0h-0B4s5{ywsiw%rO``z?QWsjL8Pe87KY%n3L>++(Mi$L=gK=)-ZqQcx z7lwA%!L+eqO_JjE{(Vzfl0Cv=U9@DWApA&k+?uHI)mirSbP7_RBZl*?&67sTobd|L zTzn_yV3G0M@Iz%8BfL@SR%+w$*htJ)zx*)0q_rz^W-1E6?g-y&bfRk~1 zP_e5LRvQ6nNc1h41+LLNlCZW=1ppXaKX!{_Jq2gN^>xf~`=>LDnHFjzxDbZiDGS5F zC4u-7X}^D;PAFA?v#F6^Wy!U<|Io1MF>2x`b=m?Q8>TkbZ&_Fi62hFe z;N)OET2J>iPbxhMiwd<`t=HRP!8^^1XGHUso49H@g)HcRK}~u_;@1U5sv+3D>h}Sk zPA$)?qgq|gNcmuPK!omIipfT8-$p;phg#MR%y9PAqz&I+uQdVPeW(Jrfv7$;S9OZ7eN^D& z=8u<=Y@a>s58Jn7xPJxw5({t=Pu~rVTVe7s&HCQ|IDA)$<^ZCbtqL;^dYu2R|2A!? zuKF4GZ#HO(j0Fx}#9Go+LoN|i^@6XAoElh+QaJh?)xO3u0`-M>5Ht6A%!=hnc zmN!gkl-Ul>bz8{Rn4kVtW2Xdi&k+oZ@2ZlvgLe`3LkpM8>tyYu#F0f*Ud;0P47o11 z{u%NU-w4r2e zx8P0qb68NiB`C*Y@L0ZCi;BK#^Be%a!Z9&ztkB0^_*nZd<$|jMkR)4PcCL^0eZ#eT^(a80>@}I zQO0mxnMiypT_RaM4il7g!X`wP%An$$l`rt}S9bU(FJ&Y_q>jl!2rCR99i6(c2|h-` z^*aJtTf)~1qm(Um*OBJVyEA*=@<<(1FRy28zjy5MF8{rs{sXUn4Fn%NZ@zE7S8l=v zm`Ht3^S5DV*Es%PgSLEwW$x~~dz+4e9%5hXO>&I)m-popEOK&Ize48$x7Pe{R;sy3 zswl;^p$Ep3{UBrHXUO_VdOaqNB9pgJhUSswVil=QG6c@j|9n0|C6GIB&MtfoRyQr5 zHSSP#3g<4~&oj8B)4&8cY5eRAX;+Cb`h)#ZLLy*#^rwpBK2SPz;_S>x8! zJe3hzYB@c3O)`Sg3CVm$^%9!W!e_R6yA+9$sUfY&#krdp*7z+WTX=1tDXc9mL6+tx z$eaaHEhQcXqj^=JD_fzn#rawmyU~`Fy_vZN9!%|mG$3(FRZ@qj;hW*H&Yifp>3WD3 zyiN3~wgYppjUgz;z}@g{d`s3LGwOIYVh2LZE+Qb;Otu3ND#=JL9R4Z>%PR?%YHDp` zko1(B!jv`acmH10&-z*pb{;-f=Dt`ykxmYaZRnX{=9F#eIpjK}MF?@Fn4-)`C2LrV zq=_m5%{C|mCSE1=*$!gmlyK*p%PRE8kFomoY@ebVu)WvX*({vbl;+x>KfYw9lH#Al z_r&AW`lg)euXPb=q+f7JwIsF_u%>W8%MpjlzZw}Ip~EPPIrHn{7P#aINsT$OPGhtf zJ!#|WzXV#h=Kk&jaMHeOT^xkSd%Ryi$JV0 zu6WF325x9tTXa;|D2j3Fh}c#UhQENp{$&6fPR&SAur6JWwxt_1U2I5&xfAyDgHJRwrDz+8;zd4227#uA6|uYn;)V zIKrNpIsvMpF-zT*JLxYhB9gA*Y%K(riY|jf`RI%i`<&3-M3DXHfpNmKr&a7%3wnu` ziM@>)!u2zEGe@c7NWKyT${Lqx=lO22^(zCpBo?$?9J@Idj{am7DNf&Ryl%E+^Gun= zWJRc+$1hDgt|*6?x4+Iqp!7F=BG3`bhmn0-n}G;7*Ls;6j_`E~bnOunbBHc^;hLU6 zG$u?FNeGHfLa0oM%TF_+=FbX())8Zc&6*6VDenfl8|yS@plM@Rz@q(%Dq)#g6E;0;!Nn0_DrulAg+mFqCdDY=lIgl zoMxozYHOGz(&E5l@+66>_>NBq+brt&TXnQ`tp6?Q)3CYGIF2dbp&W$%H6KF(W)4TR z9X&T$QFPqrJWd1)@wuYqbqhok6M5r-x}QWg*;RzFtd~?m&uiTMva{rIvc4y(tyIyd zzKWZgTd_L^x#+=#8;)n@U?psXSt`X|QSFcK;{@@DLpG@Yal%@9Uf`jKuzZ|%Le@>{3cAs-c%k6o8>@q`T*r_tU}PeIg+a3BJH^?*1_=jwSoK7m z%@SxLeaCs#j78&drY=!9J`oIl%dr`V7-UZEqxTOxwuOaN!s~nW8*~gBA1X(t8v%u^ z<=|lThq2NLNkn-yE&fW@SOHSG3MWEkV5+pGl+sg4RKSwbO44NLIy5AQr5&jM7*M+c zD92C)twZ*igf$UqQIX}tnz?&8&$=X-(gn^`j!Z^S17iuJu7Xi6#stZYwlo6(vcX!5 zq1jh(Q%Hv5r&DX9J(r2oND-hxt6wm9i;(oHY0}9ctCg)dq`6FR9ie@)KbJhs)T{!@ z+xr->NJ%O#ju|9CjLyOy!z?T{=bzeTw>NGr=Z!ylB0Er^``3qW<(1_*Y5I=+!&%vsYS#*cW%xeNzG~ax`}=9Pu32FNC(;e5w{Q-vfKw zIDxgl6Y@DC4ATd|pWWKra~I0sc)q2+9vr6gYy}h)uFnR?z|eQ&@n(3jyp^C}5L#K6 zY}s^DKQEl0NDe8tn(42if*d;rZo4H)VxF0>J7BPEZggNjOuKwF}F z?C6-d)`M_Q=`h1hz#^mNEmam4dqO9tw?#0Ys|W=c zK%h~_;_NoDHh8?JG|oR21+Hath;f8Q1<0$1WD@Xj+0~Da*lR5Y^te;B z)a_7$u>m@=tg$kpbga_}dzrxq#wdWAD`>?*$O~+MSX5)<79h#Xae&#!{qK}B zrDT6#2@xQV8VsfCmQg$u}i;a7A1Zd;HLG1d**gILdnTtONO zaH71FfYkcgz}_T*20t~%Pg0_dEq+|YSuj4k^`T`auLCKSpx7 z7S08l$-qsMsom%B`3FEROF5P?6^Oiw&(P1g=&}njKK^I61*)^x;l0}Pgp!L-YEmX& zgYmm@A?f}?!*7;gD_Z0UisLW#D#>9QJcFjh#&+0VHwPD3--+(>;ZAKeqp1|0(^uj0 z(yl-&{=|2mU32GP80esx-9_#rSIE)U$1k;T<rG&|AJI=vPb1z(mY zCA;PyN30EAR=x?maFRJbtZ%;VQVGHUy53K^?h}9hUb^uGJRV93x_z_#>N+H100sEz z<3dTEsxEL!P^g!nFSDn17xJjM$!K?6oH0mAGNjKMQbZ0y`{KE|{v(x#mnmz|%uF>i zvzCJT3Cy*ksSpJOL5ga#PqinT-r~?d#h6qiEO5d=(ZOm4%$!QArPJs!m6`it4>IPT zn~5upg_Ml!u@H@DCFw^6{|Xn`p*Jy)2F3;O*6AkJ_EciGrxB>S0<}_6fQQF=p<%P^ z?6Jz;Xmv9^GB5GS+za6t%3q^aw()8>_T%zI^rg;_{g(OdpcF0le&Aw+E-!gi)n$-GFt+TH zU&@?{!kV7ISq4?&!^ijQSxOjSn%{^kFYTx=`y-ELbE+1$?6p%2{OWnlOyoG=w6Gn< z-TGrsmzMHLL-xcK=pSY{$%rsR)KxMl(NnGO^wRxJI8Du3zAQZ3B>|L&mG6up#}zAH z#R_m}VORcNB2_KD+;7b!^ao^w?qd$2H+%=rqMNsyx2)$amstU7#caz*4R^1O>$K^t zHa(Z=Wrz1TE*aXd=T4BSU zc1MdiQ_rClPkHz1;%?=RXjSS}_M|DqOSrEgO4${x7D-Y};YBBsmT0)#DS_92eHBL> zJ8&49wc9MrQ3E&6dN<`CAaq2EK7z@M_=RBrXVGp@s37~tLABa>K?te7*Hi91%BIk? zH-iv?N1f;eAE+HTS>aW~O01AP5T=3Rbp4N+DRmPzrl9HQynDbGH%i zLWk|ldEg-6So@}^(md8iR8#;<9X%)HUKDp~JI36F*4%eyOYi2A2}4_bN@ZEAn39VR z4293321Sf5D_rhfW-et*8N&F20R;GQ-G+cRWRdv~4>K zWKxB2H|=T|4@?j0Jq+~Be5wFBNAKy{*ER6CVp|g39o~P)&Q-AEUFCDGtXrjz9@!zH zNzK5OM15u3KTYjxpW5ZySJBj2NqxG^G*acE6x#0*n9u6pITr>)#mAafeAKE(h~@1DdGtw1_K=0~Wx>zXAjSIQkqmY`Nt&0$NRa{Xl%XbcLW4ce`sg$sfJ?}Be+CYDVN6wNJm%=Q zGIH8``MZz0lBvrEIm}W&cZsM0n(>y^ss_Ok2Wlr>8xsQ11;J=TfHFBhtqcN!PloZv z&|GnF6uU@gcFOa}w<&Zhr8qEBN*O^q2-=%fv6mBHS|0++D76IHxZVkCYDlZD28p5g zTZO=oj3mgDRS$dNYXaDmzv^>k?Y53$;h)H&(kK3kZuC zw;Tx#WPD(IOb(wQN>H874Dz2jwv$9&?vH*m`oEmBR|=KB4Kb*6kZl|1HuGs~p3&t8 zv#m0o((2GoC@d?Z=RG@Qql3oe5DW#EPVl+Z_*Q8_>(8MEy_ z6{^+y0AJ4I6>`&SR)fudc>VoR4=W*N=8`cOu(R zzLzw_ln7Y^uGboRzHRpF^8XrGv&AO41XrYS_N zEDHug3NJc~tXTWxfoAQ}+?{$)g3)hW9;ngT=#CXCo5@k*1sY;1 zh{#ZUyP1Xw21IN!L2#VbX|@6fQs|2c7Yv6M4^l)NKaT2|s^n`tvdfmgSAGL-`jBc# z4Ta6w_q9cW%0dCc_+K{VY6N)bKVZR1fRQ!d&cYoRZCBmQd}&I$TpK-Up;~P(TfcNE zZPePH%+%#PYs6H+_5d`lM&ohno3fMSF9$c6KD8xTU11nP*v^2lzu)%?=tVwrc)Wwr z04N9w;|m5@DpXSdIRu(9k3J?;S$BweU1^lUG0UovOga0oJ{)3i7DPur4WJC89FG9U z*nV$c=Z^HxK3MPy3<#<@YD?VW&o3N8YK0n32vD(5Fd&EKH+0)?*|e>QF`5Wl;JWyI zbY9T)AFLo*=z1Cqu<)CTHptvOGGAwtTYNS4+A$^=g+JP+BsRIL!b0%~7BNfS{59JB zvEUmol@SU_$`&y?HlSw6*?{)rA6%Fr#i{Z%;S?K?+|!GEPLkb#M$aP9-uFt(A0;po zB@8u6wW~NEuReq#v@+~gaZ6+uS5e(H(J@*T2KMA6lhtmAzL=O3vX`Udp-(-__ZmE`n51V$2-W()E@O)9x<~FOTKFaig@2V)1D79)I7&ZHzA5lc}NWEmgJb zF&U^`av{x+B>B!}W+AJC#sBM?)4uZ)AIA&7&(XGtx`&5{_fO*Yfv&IJt~3>pzn^^{ zdw;|tz6W~5p8)}Xqcywt;SK(YK9-@~W?WFWI^2+Vw7d8Sfk_D9>6ErY~&;78+u!nE1k0EE_)Y9Rl(bEa_D#!34ZEi;zIN!#)a@09rDf?T8x5!ncre zHSGJJEpsVRVuvodO{+%~6l7a!eAbwVyl^Ev%2{~j3!x^wAb9((&ICtQK7L53U2K75yW_fgk;{{noi|N96AS%5JKfDjOH-vzRH-sc|(9n zOF0l-;4_V!zxk;GCiJSXHu*I$$X0hRViU?HnW#+IL>&zrkYNK(T8XGBOH#Ib{mKLK zQ^!-ubo^~?7faRV%CS#X>B)>-EfE|#*9mPesj zI{D4OX1mRgQ2gqh(*PKA<3o%c2+GF4hl0vJS5Xhso_D)DYsSIDh}VtoxO{E4YIgAD zKW(%d5{w!#Rf$bVh>yoARz1B)sYt~d+--Gp8Moq*dNju>DH@aX8FK;j`|9)WeVr1k_(L+kZ%?wyDL*|pw_fNrC9NHps9+W`AG%h>qC5(XrsQoe3~N9Ggm@Au=nh+-`Sw48C%(HKCG zCtJi`ywy@OYeRe!{V@Woqpv#k8i7Oz788Sn%>h20h&Ap%-!)E1jqW9JjKtgx?o}xzsikhqY7qnhE^nO6_?W|$zlucIGeq=Cs zDi;N`Hy1ecRznIGmuBtVxdeiFWS?_ie=NY;iA*Q zXY=bnv)GS+2MORHWJLUq`N}jP{oA|UKHsZeZc0m+Oh0}Q3;Da#;^*ep?ZgsGsqszXWsiu^{<1$=3w+xygV;|3A$|*J|Klrh5wJ~rg$jj3UjYR$* z(Xvn`*%Hr+;r|G*31dkVpa{A9qVarR+6+{R+59!?#^+OK#w;3lhQ?&l$c^=r)7Xa# zzV^n25FlMXM|br_soehWYra^c`_5kLJpSELb&)63zkbPu(CYkLSz|iJZj|GZbW9)= zN}3!gn_*CtUwUu-d7e3oJ-nsoZd^!)V3D(eK&?n%Fa??YdFR$33YeNP{g#$<3GdCj z6A+e!_1x3j(+k5T&D=If5@!WTX-5txudhDX9a& zoSJ3)m8XR#I;&)jSf-T6;%BPNKp_V-b7ax3(nrZgPDb8TPrXJH*1e6?zjJwN;KSB#52#y9hg*LF2vg#upK_;l z;Hto|2$Xg%@?CguN<`z?77jI9p8#&AGZ>SQ@gA ziu;3yT`Yc4QDGQCfy$4=4y5U6#sDqilq*uX{a#}=qd9sQ{sgO7Nf{3-AiOT@Rj{+k z%M+|GAD9ZK-;G3>GzC07h6#BpTwbb8o-Xat&&q0 zNW+Y7@Qpt?QS(=$(r3VUc<7KNJm{stIv6SBVqx*QN>pXwom}^2k(9tz%BhrZQZT-0 z^<s^)Zm);K6|dEhjnZMp-PDT91I!xRp}wJM z?Ch|xqf*i(clH;5ymm9pss2>31mdi}>Ivk9I(*mgvoThPHMQeRSOfcH5I-pp9?A*M z(KBlr8X!iYO>ff1^_zBl`!4Cv7qmHg_RMCzn&7hqba(|1rel`w?(H2t?9p_?S#Z$} zy7~em^K1l(Yt0@rP5mFR(pl2*%&5aAT*`>#bKXl89>3KZ{&O|_{7+NpKWcyu--}hI zteGkm%?`T?Ur%)g5P?BKLF?=5qixO|N1d7|w~P*cliMBv_upuO)(#`GB+swi-Y>4* zhb%ccx&P_}Hhz+1VQ8r!fKU?a!RCs7(;ZPXoHV71a0&&I6ajA=Fhe`YsJ}s)QEOV* zsf-vLp=C8Th*+`E%{&P9immu%@CYg(>i(ayV0Guiei@;2)hJ*V2^z|=5T`F9vRnuW zE1U{q6cDFS#9$^G!fr%(a8+`a-Q>-Z<{*Zmq6iD;Ve2o}_NP^^W%wr%l0M1@6q`HX zoljZ~%$(#KhXW?0%4x!9{VJmQ6@pb8&HAI(;8`c;wg;FbD86BF-^{}U!A+a-AW~#( z@WuzDhTV`;sQwXis@=UOnQ;SEQT@zIS)APBRL)fogkZ_H5twP_>_0orJT#A^nL=6Y z-6=?dZ^WiVO0->EE%8V~C3PaY`ktiCr13P4D(6C!CU^+pN5g2osGk(>v zR!kTzcSdy`h2J36>=b%` zF}Mr6`k7})!E}|(s4^LG%gBvKt?|*t=TLkJ;;1ZGZ3q}5b@j1a=2S0b zE#>(vIA<#rsAF3sS|FjrWni+9)zyV&e-YM_GC%Z(#)P3sWr;2+PL^-H@X4{UwY|Yg zLgXeGDbBRoY2}r*HC^zT6$N)!)4x_Sk5U0-xW!`V4o2pKpxF~Sf?C__*M7BMk1lcO zniNsXS){JSzFK}B-Y%RuSlr}1|6)HaCI6@kC^T=MRxEOt8GE>^w)otPkh|B4~|?ST`& z|BeuPpXu`~L*Zs|I(*u6sPic#XE|X5@%$#wzNbuyhYigygig-KIJ{-UZI11uKpCvi zKH@EaXAV9V79@+5^Y7=v-5r%JpMq-%& zirZiXBi3kN`ED%nsYBRzbHvCDbr`C5@|eKurZ~Wfu(9G$pUy4efCQD4bM?4U&>Vkj zEcLInCiP!MmXNWR(ih~klJ*5Eyt3A0uFn|>Ltq?F?!T%<_xHz{LPB-SkiiR=5(n99{bq)|<`&s|VUVEI z#|(D@Q`eY3)`%=;r!cnc9y~xgiK%vTq5hLtXq^EE$Dt=}-neG!Fw$>9=)i#&>~ zgMtQn!P&7VI-0lH(t6ur@2pK0-iz!6jqjI8sQpDNvPUaDV$)0IJFUQ_7z(1ad;^El zxWWLLi8BX81ZDgTc>3hmN@n1@8SZttc1wtCJJ!(7Y+=%u;{sZ;&kJ)%vtuK4g8m36 z^^PTw5mQN}v67yU2a;M+#ho!_j!UMVA*)b)x1Xg5L{n*!ah%%`L6L+5A(+KbKpN_L zmVc&YrcL@}-bjRY?fS%ja<2;Tb0&CdZ|iHr3Yl-GKmP27L4Nje2n~4V>vIU$Ou7*e z-E!0+P=(>$V9!F(y~z|`a(L}M))K48opsDE)E@|>kFfM;-+%2}E??^LGdq|}k11T( zD$=t7YNFPQ86fKl^qbxYx&C|0!xMa}yZ+n^@I48)MICtd5ljjgqlSJXfAtaKd}&#| zhOPiy3t>u~EXOS&SB8|yOte3T5*t)K<+_%w?sr&h^|Y092NAa~UXak3K~PqB-q~|@ zq~ts;9rwPTSJizV7Xy_)1ApoZy$^luM+E#cVE=mghNOM23*B32epbO42F2cbS#&q3FQORWCkpv8|$fTvhcY$L7%$<>Z#PCch0?+1k zCdrODSxt&Qx;q@65t`h2IZd3S)2)-&fknomFu$!2wC-bEDJ}@-N=aB%afKn8GBTqv zG%1glZ}nUZPE)>qVG(hbk)Vrl^kjp{%eIs(HT)=V%cUKbXrpbC3^TY0+$lyvX+Gj^ zx&psbZ?d z)XAgt2h@YHlZ#7FE3ZBxown0v%=1VG+SO@==UP_<%n={c(3$2ERMF|LSsa_j{$fluGq>9r{7CD#`ITlr3vJMK3p7y;#r4|8up zk}bUwpGVp6@G-hN`!REH5p^|{47x&!vF5YE%3)JMGg@#eN-qoWkXA&}!`f;9l?n|@ zhT4dG-!YLMabKwm&7n3S=|ni`ADpY=m0FR;w-@#Z#}OKSR_ z(bCGUkp!Y>(R4y#@j_mLy;JeL_T~@QA{u=DZrvHGT8ryZdz`G9BW;4|Ob*N(Gu$ZD z=d(cb1;yv)5__=WP@EPO1Q)sxcSeN|?6rtGA~o*ewktp5Rm88E=>S$COOAh<~5*3tvC*s-u$??pwNkoRCuX zytyP=!?+y@Nc##aX&CrDE^GehSOuQ<^$DRI5md^8sDXM(LI6OMkC?SN(76Jq)h2gn zQL}tBlOZxqIi~PEuXeTliY^GECrqc4*T+Bd~_(iyd*gM1`x-^wy zL9>J;CgSca&q7VLx$qC9ED%;8uoN_EnL(Vq3dO;fj%Cs-_B=Z}adx9j0@QP*Py(6R z8V-HE7~j0&%CE$5kjlCamnfcN>Y}D&%&MRWlz*{VWlUyJESZ&yoLfGu`=+rW_3bDv zVuIviG$SX-+%=QyNih3PkSG5e60X*NJN1&4Pp>Sxp+E}`rTyGNb|vhnyqzk%aVFiG zQ$X>?a&h*j$@@Z18Yccn=4=g6x#gSq*nV*(CW))CpD(U*xFT<;d->!!QX5gD>7#$I z#W3r&8HOduwtz%~;a~9l#%~$PN1dhX&PEx5-PnYDw-bxR`JM*Wi(o3Ge!l4Y3x4!4 znwu@)n+(9Jb%ODNu(I9L*6R6(R}ZZ?-VwK;Li*n{@5P1Y1r)0?HYbS80bg4tzW%#@4>Hekb>XoUaId3?gh-}) zUV7(cKYxE6Bj*w2O<|4RZMn#19v7Ye&7>j-F;Kn z+$y!6SUwA>8hidf=J{=-+nSGH4#j6Td_<9AZU#mxH4AyKU|nt$t9aM zg4Zr{tML7=I6ePpWM`^{9pmD$eldrrMWQhmsjtzq%!@j-IC)|ZRGTiWB?rn;u(|}) z(SwOwFwPExED2MRnLb$n*3679KB)CUexsTHvi*Zo*0c zOmD~s%}JKAD52L1>Yp=dD@?}jB5VR_5prTTS!IE4^Pxx^{hEHexJ-9{2f`+?Msi8I z-*Uln-#pW3ZM?vaP7#qF9m~ zd@XTs!uA^CdFEbBS8?v`dNUDrSc|BSq6Ira!8GutcKyqHp0rCphpdZw3XZDJ)OnBH zIOMm}b2!__?0ekEe>bvS$9#L`_@0%*^tH(M)wpy%`}tOM?=vMn^>5tZNAI2DyOa=a zUe9^W=H>dBK8&wNb?)u2&n$Eh5~QM-biG%|^njcT=@jS+=nK`>&`c#8k&zg9{!;#vbB)x2m9I&I znklw)L{UCsDmpaSN_>nPwgD>xjZln{F=e7dJ9~D9A%R_3&TXc}*bAvxpoCwWQ^7e6 zSh<$dLI6r9UtSIJDDr^}>$@#Xx z2Uxvq$jI&bVLHW=rB}nRBt=RV>79ULcQ;sDQ)xdRuGIe~>R2teb8qjYYT@KQoGG%v z8GTJ2I(KWWJXPrdOw}kgRVV?T>Z^wTeX2R#)`8(JOX+-aU6^EPD=3+W*( zXE6%H%k6BM4zzVZP)DRgvg4J|lDjtc)hvkA*FZRAMZ)k$49HNOipi`h-J7>JukW5x zpS%sMH>2doL;Vd9EcvRonnc9^i+z82uul9iKY7}o zsone-otK+M%2>$8pceVaJT z_qJx_>{-s?(8-bJWoLG4dH^>vEaFcXJug27QKA|~%sk&$5&rIFo$dcbc1A&^xP zi^y;o5GiV%@M3s$QivK+6-ApGBPeFGU{Ky*W9jh%+knXy!=P_8^gW#RKCz*dsM;b< zY9=!>fuo|>uwnRKeyB7_J``6Stx8}J&A%iAn7ohTlZ|P*s^q!ukl%%Q-x@ia&nGja z6WJuvsnXcy>{JWGsrjRHo6f>~!zK1MZIXdhiH1!A)7ODsRKoZoqU!1p0BH#f8BsDE z!0P*D6Lp2pCU)LdgS~ttnMxAoxZ-eR(w1mcZWAcTxFLZET1G)jEX{Th~<TVa%G+O5_ZTc zVTCHks1hb>_sy;9o~WKuq{_#$oXoa$X4~rZ%>p+xZVO8?`7YG0XT=pC^H5JEh^kqf z;T0<`p&HRy3Hpw0*N{{y`pJ*lMJk+3sk$c0-(0Ef8`!q5pTRAeQ54B?NS5MhBF71e z9QIt{cKr!Oj?{%~qTbu31OmF#+|yvjP{ynM@FHz(kQVWx{9^CbRW7bKCa{ea+YRd) zO7eFzuOQWLva3H7z&?eAnqFUZmNfmy--G$Oll6O(1)NFw{vB^SFu1---rCQsC*HS3 z<5S=6Aa_3_-v{|l%DudR_x>w?8z#Swl2eQnbF*hnb1I+?Q!M>=@#X1zuSK!T_x=w%q-wU9RzsQzG!pKRtdL4*Y)Q8G_$D|_XfZ5-^}yBNA1tR&%H@6=qU4a z!oyTA@8@)_#uOTL(iYgwp7fDxi6D!nf&o4iz=;Y;E+#r`F_hEP3#hJF;2ExbBt;|A zt@|v8I%r61P9^7kApk)WQ>3Vv;s?&r3gx!NK1RuFeFt^Dc`}M<&QAQgA zG#|=)_uFKcb`T(mXk_QqXv>ewxYc-ViHed;6%6&nvvN301(ql^p|!h<_wGes%8T^} zrj5NH#U%9k*|bw}nJ}bt{p7=@hSg2EQ{ok5R6Krv!J6r!sGNLr9=k@>9k{6rfjp5J zeOb+%Gn-~DN$JMb8F-p*7zZXKlB)aCZXB7z)z>e;qs1c*eFTo)b~YyN4s*F}{g4UF8W zG=MiYNz}cJ8Fpsdzl$4eN+7r^+Nv8T*>*hBIUAsMpO%{hZdsx*ZR>50@&MDLA=U&O zMtV2EWou4aL7rF`g!Y4Y9X#m+66wOXWonCUV;MTTUpu*00-IN-o%=j64xpML(Z6Y} z5sJIVOyfN8(|bprdq;-(!PUl|s;-ru6q@N**Fi}t;cmF2YqxN6b%TUXXRCXAIUkqR z^1uGRd;}>m4^if4`HOy!`X#KJ))q@Ms$7YWyG1=n+}*#U(!7 zEyA{(1SNu-b^$@RWC*9u90H@x-duhwTmkvR62Ny{^p!1!0;c@dA&=RDzs<8>FSBs< z=59wDLiMxm2N|YWAqu86{{ zCtHU|8GUO;y8LeK#@Ql)R3#TbCx6#ppb+d7Z1V;})JaR(J8G34dZsZNqD;DfHfiLX zwH3bPgM(c#xKs;D$-~_GA5!16E!U`25&_t>*Sa^ArGOca4Z4|)ND$RFvt_2<+oFh4 zDj$);Gb!RVx-zaQ0EaMe-k^HEABkY@50?T_){*Dyo-0vbC=wEX1V)nARE*3vX&EArjj3Y@{KPT5g++!ArIn;)c z@^uaZ-DAsRCT$mO)tCnVB8`>dLCn}$a2jmT>-WgY4`gN8N|Qp>C1kCD*ywEdhrgy? zbotqYjRNESi0Qjmnyikvpx^Att*6zOdS=DXLg4)#TlByuW?w!Wc0LH15OP1VZazMa zp!vTt-lnLb67=_Cps$%eLVP4D@DZU|gxa4QzAV4Ez63`ag@*puj-EBY(?1ZskgbO3 zj%2an>$yWJRXRWz&s=>6>ohUp2wG4wUv)ad`RE@VAr7(fsvB9x6vRLyI0W2*Z}|Y@ z8Cea;W>FXg{T!Z()e#o`F2>b_CHq0p^8Qup7Gnv7BytSiRbRXKzA)cb-m3a5LQV#b z3Z0W)(qC!$<4Rn4MmXsN7NxDGFZ;UXBDh&MQxfJXnqY4$TGsR7C}6V2PSMb|yF+X# z!|F<6trnapSX|yd{fKxtj``IO&f|dhl`)=%8=NYJrNN$%s)TX8J#R znJk}qoT^DHr3>+OhuX8OD3*4ZP2V;(mYeL(k|T5$Kc!(Vd6*}Qp&`5**U!aRD0Lv zSx+0$N{fr5in~Cg9{ej};P{huQHoysXlYVx%frmTlemgEgg>HvMO=B`$RK8&oYJ7o zKZIH#+lKOcDabXC&+5XGc?N*FfOR&g?GZ|1i3~kUm)!hDS85?BnAUzy(oLTB09ZqS z+FWijhtZ|!9-6OM(dFLc&TrYE5Z+w4;+plt1m(kQ36HG>HxxzL{z*I|kR~!4ytj5a zcn#dBOo!7QS&p%mwRU^@U5jEUo7e3pVB69sW^~$}_qogH3Sh1J0p$^x7nq41{>h1Vj z5zXO^or-3PFY{L-^{N6wL{>E{UACPEDtnz0l?_kfTafB5V zY~XpPB1J2I6NuZESDQJqkw&+3a82wKM8~jL0uTyfP?p$q`*=VAwn^U_GBlmrv-yqO z!>kc>zj^=G=3JpzSoHI34)XAUZvYZ&l$##OBw_D_m$+Rre>X&{oVp5A|LCrblXdyl z|A|%P9G3?rbI!DgizBMbAq|zR(%QLzYi$2yFfhJ&{~KTYlu{@=tjCo!>}9mhQv6fME}iGN`D1+=Xt+656c-}CvRBNwm@rPVao^a>1UnkqG)%>8(Z9nG;|y5j=kI)^0k0o7rZ=$@hi0N zHRmMYnLE~C&Fe{#yYqAwTcua^XCGkumFwC6Q_|}~`nr`^Xv$LOOit;};5}jXW8zm; zz|&$1Q{Q$wb@_&m-ul?QS3kYQZ>gh>gzRgA(19+;%&e_q<=CCq)z5#^pXU$%)4u7M zJ%>C+?lq=tfRVw#!tvFBn9_l&1j|r>k}cLrTk^HWwaIi)#gWLh9Du`~T*{}V*D zpnZv)0!rrkDVR+$Q4-?nv+>UtQTswmz3Vz$0S_t>IBc`m-&i>bOR?c^)l~OGIGc9n z!hnisg|`lk@_{u8l=39CWr`YKzl(qz;$PZ+o&6%G;7LpILv2M;E`ZP52>4BiW&mB| z<4cVeQhNH_Fjn+VS3+>J2P<(f2 z=n!{^N!{&Y($6E#;TEeFH!RzL<(m8)FLG@dgGs-ms2*eL+6Bun+W&g%;|TL&{yxzkcPH2 za;*Aj>ZrnqE|q`7SxCZNT5Uw9fVO=WxH#qv`X_mmiE!HICK!;epsh1C9(F6=-`ZbJ z5~pMXpQf!odraq8!!)gRG!)y#))p&GHcb*?vEi!b~~sc)L1RG@acz_ zm5SEC;fSBFbp2g+?jj5F7~69wCLP0@Oouz zox*%~XnH%B;pdRW&1CR|BY*2JA}SQ>NOEu%`Y~CQmPgs*7loI{uW#t!ThLomrrOxL zZfsNZ4I((hjIwP+idIbIoFzA`7#>;9l)cKL3sS(TU<&5?=eW zo_V&zfU&gBiwB&ao|dxnh#!jd!}PYKtm=UQU7@wU%qX5bn}$*cKTpA1QN-nk7Y}NY zqo9vW@HriJrHf6|KbUTgM`X>A;WLKt&*p@ax@Xa zVnyxJpK2E7T?SB7>tUmlqq`r`9V~19{@6X33U|cR#B4J3=F%|`63DmF7}^NMRB>}E!Fzw{KDh88e5Y@!adwrDZf63-2qz!Fx^x= zzq3lI%ge0~>e!VP);#i+ky>N6%)74}V%wKAE0F5s4ez(00A>wK7e&8j60rM^ulk=z z5V8aXFI634GJ=Lh8?F-(^{iH|KLd|UB3XxA?CyID&p+(cH~M4rku2q)TfXy+9_%V2 z+f<5&$HX+m(QVQkd5nJekTRi;w}$)AcODN%jD)Z09s|#w_g}h#X&(QcdwBw0kFY-% zW^;b^Oq#4C=lRYM_l=fuai`n+#+6CgzZ2ETqw;%p_hJ2S4ruWB?cJaY za7hc{NEWCP$0#Tcf;fE_lu?^_a?p>LUsupuLQce0W@WGyiCDmr@i!QTnu?4I=@K2- z@;Ary;MXr?)z#%^GLDdHkVp?P&r}M-88SZRFb;X3*|QF`)H~)W)j<+ZBsOzQ)QkWD zPVy}0jf>GyuJBdZK^u6KEVN5V{R@OCC2dH(Y|pi{cUR!>RlF%FK{;IQ@M3Cx#ln1w zURF>6(q(F?G*=e+>4K2Q@?U}AIk6YU$4=F&ka06xPUYg`U#En+)Pm?Ehq^gNIfRs6 zzz%_24j9%5oGau8#d;G-y4413fX zZZ!LA4Q&}GuE}AVmuASCuf`+1xsX$L{RuhNY#`K1=IgYKzF1(p24^mlYeDfOLeK&8 z%&Oh%?Q+v{pw^2+cUD1?TMnkcB=wJA8=VE8?}d~hM&t&ZJfKsN1hoP#<$Kbs$-)x2 zO$z!NH7^zLH9#-q@mkgA`I@ylG|eWUbo|%vD`h)?^MhRI3G(Drz~eq{{xJRRPUw2p z@qapZtI%5Cm4$F>R@C5zxEv^oh&FA@u(E8VuCXMlvIMtOgWB=vvjq}|jfJ9d^XX-2 zs%nJWdD#ju)(DJXx=axgRmeqH%oOUxOwoPWtwb8jP@x)m5V%KjQg7&CTtqv&>8z0C z@HN~|1Z4l|c*l;G^z!3mX~?Pqlc`f9QyEHrVuVY@BHymv(Oll9bs#bW0hF{dUQi3VS++BEiI*`3 zyK0_nwbrs)1Px4Un5J{1xptG?h*K0^ZNA&)qALNgiTLm0b=vO4BuCKs5vG6)*D$10=Go+Ig}H7{MKqD3 zA-?w^u%>|WY@FfY@D{Vib^QpGS^*Qa+1^L6<_RqGh1cKcG}+nIm}!w$pM^;A88$MDZ0kAFQWCpPw zk*3NkAMR-!bq`vr+UG$PmZ|a)0kSGBWgC_Q=7p@;K?~P}VKke3`KpKge!TfD<4Qki z_wkjAK3nsRmPh{%!gWuZ3mXvEHfFZ-6+3Ky3|l<)9rbzN+-#4fybs)XKCCC`efT)| zKTPx4-^hIx3swEEgF=@6o}PgNO6T*BiO@(`&Jx1GU;q^*`BCLz8BrO~ar~+%c9Don z=dDyzR!S>Pu{!Zfrr{hW#EkjOV#VtUhGcluW^({IHa!D16D|x6fC$ESo)*_^7lpJ=8 zM15q1A6D?vOQ9SY=qu_P14=gYjv?RKBWFyp9?HF~Wr6!&7MTq<<;PKH4uyAcj+A+X z*hDB65zTD7CQx_Yds;d{Z~o}_WJ*uM=1NKM0SGzIGZjg(|G}J}nXjcb%$k6ro_`T?Chgh^xla)07#`X5TE`xF z5-Rk-RM0OoJKcX(t+anc#aCHLBms=_8t)V2*>#tnwwh>c>Z*b*@r4ytZG zP_B_1(;lt;{fP0$&Dw=4ZE6AXmaBR(Sse>kHh5$iZGQYsR~|bFmlqibZCAWOLU1+n z!b?$m^|ax=M2*HMfj57IP?5s}K1RRVY~0M11T~%40#YTRCx)bIvk#;U2>v`+$bBXm z5V<&YKOZYSlr{fveK}C^Gti%8q9Gb&98_VLf=+%0XKtxcuw%GZ0g1#0Jsypx05gym ztjY?F%d2fZmtZK=M6RXLN2H5UFOvM=<&vtB(6RzPi^G~L7@W#4I?;p^*E@4CcBwuV zFi9dKPG`PtN6L*Ol4x;tZ|--YCiOx48^Q{arGU*M;2I_U6mb+p-(6=tYx@+Iij}h5 z2}2AWeR!(--{jZTgK4t(+vt?m2<1>t`H%HCdGAejXJxf^cONJE{vVwttSpd^>gEej z*>**uK-9Yd-h5m)S7SW>$q2F1vm*FDn+jv;{R+t-3mA%#Bv7(co~1V~wyR}dpvWE% zDK~4Kk%CYc`EYx>?;c^={jar$VU#GDD&ZZ@iSCHUW)iu_VD_#i&jQWd3=hk&*scA){z@gd-Tx5yZbjVM_jr@@#RbvUDW7jV)Ti2AAb6O+&h7BitFjah2i z3~izvM&$2uPwpbTg{G)}nOv}~eY;!aiJOcLC$j(q8`cn)eKv-7bxWg(3(P>#W=n0z zJ%Th5=qf0M(Q>fy?nYZNn&?tRNCmogPQmMA#t7+cMWdVYX#B0=M=7!WLRB zzU193OUyJYAE@S?K5(GSlH+C-hpQqV^kvS9B;Y*wM zwTysgcEsDmorhph-BvL*(ef&$D|a+_4$<#NkDY&-e7B>w7YEy)YES=DBMNx_H&N$^ zGF1=sFbobdvVme3-Ok$b)SRx*>;}k$YXFq(FzgOB&GRYWI43kCH?};Y%jG%`^@a_W zS>sVlJO#SWHYJG^wk#T+HXlT*w9$FT(m58lz;0i1HfdcO9^cO*6->;)f)LQ|=<7xx z8+;N00LF>kDV=Z$065#$SU6Y4`*DkHGJ?%xL&ZYXDkigL7wf8X-yDB1dCz(YdXbZ= zY+A=?uGbRy$lzOa;duGaE}W}%ppDU)5eu4;g!#s52k_6*Kp<7{pccf%beU~xc(EAn zkv4@$+cb>4%u4YS79<;n8l=+ta=}vi2aXMvxNmwat;UTOV8=jWW7|&J_)EWaNJEMn+ zGJsl0;pcwUVcn>;8mS6_^V^sW9JmPSTz$zZt%llkCu@O`CDUV%%9T)f`PXa}9~^Gk z^cNE9Foh_V=>*a-sTt>$%J+ajc66~|axAoxT1LBK()Nf7TmzBN-dw#c3be;i9b<0xDb_3V#cHA75lEo&C?j`x3TVXJW5_y6#WhEm(1Pio08I4Frc4 zch?q*ySoH;2~wP*h2riOyil}2v9>^g$@9+4`}{vMH@VHt`JJ=(+G~CH=7V>{^ALwb zY@R+n++iialYOl9I+?Rm@U!6i7R^X(pmhQ8c~R-Gk>peT=ciSs_o zbM{KItE*!;kTa8VTi)>@ds8B^X-`i5^U}-yt>MF)eo1t*Md+_ahF^KG;rNyRm#T&2W!*{l$OzrpfJ*s=1D}?T(67Om)P`{X@V896>s?x zIP$3FO@L;f%mY2b}luaKT^I(kuuEBGPgej+_U~I@hcsrHB&77br^txl06~Yzi+O$c3Gp;iPPH4M}#$r5Twe^61kXJjH4XS&WGMjd!#P7 zq3%Vw2UtG-qkWv-OA3;PRa4efXUgAoQHx{6Woc#C|zW*H9 zj&}>Q^*Z3bCo(;I<0^{Kfb?SuzNnm+zn#45sKVM!qU6Fg-KBIa=z^mXI}Zo9B`JY~ zKC-|8hdRcI3Bq>91=eYxr<;iKwKKVSs(zDi?m1i|%?khb#~H)T=UBm6k(ap!Xd=h7 zKnXd$d}M(_O@z`?V(N^2|HjAeSCUb3jqKd8^*kMY{x_e+AQOZ;|LikSAg(UUrf=O= z15#YDx8vg`#hdlAax+zD5N9&QafFQ+aasClnk@nLLY5t-Vh!39h};n4NDfe96VqDfcNJa*U*rG#_xIqR`^zYgfk2|s z|K3W5?`hBeM?QFqg&B%U3#fEEA!x_?yRv4*Un7j@3g47Y&r&&BA(#P}0dcl3JLkFN zBbtLx$@BW%Z&@cLw?fHn6NVf*ze5q&(;M4L_d&YfN`+0V65FOzgB~#dOnn~x`1Xc@ z9#Qs)z@&peVFIZnKI9McwHBrmhJzIsR8fra7OeP1F^4Y;@Q{w+>KRVi5Cx3o(sfc- zQ8dlrV`%sR1<)%wIp++sV>s`xI3Z?=xJw@Y@Ied-F~LM z!jfNMFq~g+&%I`1&jv6`lDm=8#g^}qqe=5H_Ie=`WFnP=z>4=N`s+M4O_)VQp2%>1}REn4FSr zy8)koFPSfGsC_(uk7DEf`9wa-dx^>p#xJ<YGFR*WMz0%XU_vq-ke4L|fgz-F>?8$y=9_t4}>%Dbb^Gl+8Iqs+~Yy zB}pPT)$4(ROWS5BNshWTyJ#!8rC!07##X3$EjOw8B45B#ssm-?(Y2~4gC%JS+(Dp! z)JzCbASV^FMS?m-Wo0>%{#zFciG`&nPuM5jZ9OVu(F<Ze=-*_9ID6?e0nT1$hYHf7?5{ zuN1VGA`(Lfkgd}fs>aX}m%%FW(=)ey8fof7M zHOYg&2BQ$jp=NJ(xHUl%`)3^2^4PVxBTTFqkx!IVHep|y0uE{PjS_Tte@19dv;FEv zi}Q&0N{Xv+M<&x}I(D-D=_jy8c-Va?13J2k_ie@Inyw#3+Wmdyyi$|=pg z_lzgOMQ^7Smh;M%7H@b{y7J|KkZsGrmr*E6C}LIP+4Efy%K*y!bR}B3-SZY<=w%`M z9_)b(sQAY(nXizk9m;g6b{xCHUtk$vM`P=YrYu025p!iv@5N5i5y4Ofb=nxe7hmF= zQN0fW#XSb_CcI7ldm`f3|8MT8b>V+qHutIeaK{5#PU))sOy@{Fi0JJ)4V~&Ba0&ly zSsbEkwDgn%v=&f>twV^N&ddwKz~E!q@rke_jjBV9T?H}YDRu8_5KiC>(s!>UIhY=q zlFR1?W+wb~ybYWIc5ap9I7}H~s+93!c2|+H<^f53R?# zkjy~-gPncl!k$6L)~ZS*cacj3YLmZp)eG9O>v#UOpGc0VGB6K*g|aFQm3Zf}+jQoS z<`|{r91f<2URp_0<2Dol~``}ij*=j?W&w=Kr z^7bj&*b$*%M8C0SRm~2lIZ)rnFczCiHD5b7w01$6Ji#k%Peo>~LhH=N=hPcd*wn-T zIsZBnT1EV~3z5kZTdQ*tV$T*a$zd$hdQH?W{S6gOP(KYu#D`f3!X31vrKfKk?N}!B zc^mR83lXBddhn?C!4xINngfcfWn-AX)q^JBSTFTA{x0Rx@m-XF4vZ+=`g|-O{q;qf zosBQqAqdA#O|$9w?>t1v#CxB# zgb$Yeif*-@U9S(!2VnY%fIVf~?C?i-M zEOKqk{h!&tcfAX~rDiMyyK-8P7TSwU+s+HOLozbIexLos_>_wIg99;Wly`r_maxWJ zg4HqS8((dO5C7{R7aF#Qw}gM&jZ2-_mV^RERCaw}Y+CwGbdP_p{oL~hpUtc=xa~e8k8uz@VTNJ3#Q>Z|;@ZXkl^JIRBz9$VXo=iA z`NdL)(SIsti0=+up!2xIAyt{nv^nQ`iHGFXXdGZy{^VD;v=zeejloe4#c~u0R}eYw z+8A_j;s)KkV|KczzqG4rrO!X6g=+?&)yeN@%%AsP>{62CffXDMu@}&?Ln^53v^^zR zGOp3r7Xdbw{Ex&)ayDU!^-0IeehUT8RT{_VZh(`#Kxi3aUiN5;08{b>`rGz69r?P> z;4)ARsDP+L(co>mFsh4B`);^3DxolpuU%ZFqf&eQy8>mNA;nt>-=Kar!L%p`f$)gh z__Gc_*+6AmQRGi?p#;BnuAfCqGRA1B)2elhZsVQuUJB=`x}US*3S;)<4UTN((hK;% z<6EguD+2I(*Gq#vlGo{o=%>8Cf=jRAZNE*d}~7@u1sJ$%l}HwA-(NRfVG5_)0aZ zEPQc_{FcvC{=9UpyZ!>PmYrB@O`AEZ?MWVb2=V&N%HFN%>Kvm%LP7$8)M_HWMgHXV zvxKP9XGKf#$mI0Z?|nMR#tpzJ1M9#EC8Ys(V zD~~3M(n_4#*MT-kfGCV$xAWKHpvs_WBCmH<27QjRS2qJdU^<;jvGu-(xg&}396;W& zP-)7PyTKjBK}95{Oh}Kp%e|J>RZOh=7y+Ida=M0^$0zMUON|lJQc#2utU~c5anus} zMac~%SLjVRvPs2;1+PhRvj;~vyIOR7!d=v8eC3o4Q#`b*cI~OB)JkP;Cq{Nisqz+ z`i4xdu{bKHKkKUtI2A|lHLV08gAErCzV%9G?ON+5&iPT~@hAEP;@`7|``$8=YVIS`4zmlf=j>znnixci&VJs0FHE#9v>NCT50x_ia7 zN*C5dODUNpwgvvO8Szj#u!#&4z#LQ2HOHEylw&;n>l|PN1K=7>ny5S&7nT5fS4cp0 zBgbFjYG3J#HJY9k+`wlx+viXkl+G-be4MSmw&69 zZRhOGehc-R^{H$~E>_XcbV3vKh846X6X;d0?GwWyfW8s4?YPK!2y~wGnUYMxrli|F zbQ+@s#S)=g+=a0|q^``tKkT$K^ie&s}GWO9%Gz`jV_)S;q^mF=$fKt4R=Ixv$ z^ou2@?MFGIm-?;W?s4Gz*}is71hmrT8H6ymNX+;O3bnvXu1Qhk{Zj!AEZYT1-lQR_Pfv}%V1r0lrBg@Kae7@+0{${HaBWJsf zRXvwWto82Q(16vv3U+z?35h1>lRqvjf>h`Jb~Jd+vUj)$?U*1eS1J`)Fp;Eu4VWU3 z$GZ2j9L$}F#`*HN3lcmhELn=vzgX;QLKWXIklZY_JO*ntbgr%95r_dM(ly*U*B{r) zj&gDBW%PI{*)+q+5QMsZXdp*q5PdA%q^8I6p5&-tMv1Y!c4drFDR(MbXoJ;TRP~|2 zLigA>hC+DWwNHbHh4ON=YML}y!@+)rQ&qFId?m*+#B{0lp$g}^`O1PoC zIGY;%Ag=y_Ux?D32}@iaqv5kUN)XPzf14 zF&$OfPA$SyKkY;x7IIZfS@i^B!_Mpz%KY>+v$=~+W;L78((ki~+es%X=KUo4F-i5U zWb5|jgeD>;*1u?yKdx3B*y`o_vyjg5g%JJqr5OYqjqrQNENo!|Rz4Uw&-^xiieej8 zghqcnkq2HL)gamFBvF2E-^+!SYR^EB!H!x${c z9ppQ$6xlQqUyB)U_Jq@cv#LIWrPX(8wn-*4gW$GoVyjJ|IwFtJGt-c47z*Y3H6uJg zQUB{7h`Ca1H3^%Zh2Ds$WjEVQh_;PuieYosbo0cdS{Q~_0VqSP z{;?4E7J!fu{bkU-$i4>2An!V#Kt1=TmY|HZBR$@-h-y}U@Y?EFD}Q7vJ9k%T1JAHD zF>IiW7eD`!W>o3i?wy1l#WKGCh0Xe{5pi{Rw=y+qbIMJ_kzG+~Ji+{L)0AW#G@Q#h z#2KbCc))QL(cTdByS{_i|55<4`)GrEPHfKPm42`~>{{AF=N{MHP7# z)f~onv!$%Mmy$@Mw5o-U5a@%MLwTQW!}~RDH_s^ckm;3;=-MplXUbVe(5%p}yca7c z3o5*e-jS^k_o_b(joCv2BvfD~b~< z+}BEIZAdHWUsE!0c~u|oiJ*$c!aaDv-``@9{`hKp2ki5`^v~g^Xx}f~RyZk-_&xem zA{4@DGU3*_dZ5}0TtY6WQff=6Q0wc`PU`H%^_SFWl~jVts%HoTep1WhKLLdjTi)zH zTgV!QYBLzVU4r9!w6Yjgym_EEZG5;XD&U|Oa z9Cz5;;7C1Y5roN_(RDn>50+a4Ide%aeL3#DjB_kufH|B*?=)8K2O!!LW^qy1`w6XK z`q`X|rCm>kDL%=xDygQ^3IInW0**V9y?orcn0%Cu+2*A5S;!iy~E1z;pc6~fMrl%oQP>bGk5GS!Y7Y1ChVfo$`o+lApB*PNqqupD$ zA<3$T1<;A>&A67XastCcaX)i4mM{}+d0(Zlc|2%+s{OfEEHoWTn1MLI86-b7m+c`K z^k#QRU+f10RlxKA;oGIJf0=qh1{KZ3#&gi!PV{aVJ?NZwZ0QQ=m&(Sj)@xQT0gLIN z5@XK7H4xhTe|*OlJA_O2`A^o~8IDsa#*FVXcISaM4XroR61|%2cB0FUwSPvvyW8nS zQM~=rNlB}7e>nfxA)6N{Z+ox|Il{il_?msGpGf1J7)@Zumw3t)h~=3Eg~wLGE4gW_ za}$zB+mAe9u)O42#n-PP`p=NBe&HWcO>|dj0V-MXPAueWsfgyWi~Mv)(ZBt?Yti2x z3axbfS=QP~WN;FtzgJ9g3LyV`e$M=aT}=Cr_I3T2`?JGCXGlGjjUb~(Nw%$FpK(Jc z`RWR9wPWR|00^F${1}m?hjkXoZ!KElX#3!JUrYBNb56P(Jnpqi zi5z?12e&{+vvl%xuc;;J~%ab@AEntmej zDo@1Jg=ZB6MBxwsBVZqPVQ_Yq*P>mMgmc0#ADN9f2q`BJQerNN_g+Ywo?vxkgFYtJ zV3aYv)|0!}3Hh1W#j{w>$w`8<;w^9-va-#Crs!r4*DenwD7QWhxv3S}JC}FknBzFi zVJs@jynj~9nMKM2o^AU z{7z*Mh=fF+Tfk?ZBk+}#i#*8}LSRyNK`Ed7Hn9<)Y2v5IFkgVuFj=3@wqnA3Ti-`o z%RMSU(G3>9CZ9f~I?}^U1G>gLxjup4+ls1t)sep~TB)JaA840&Uv1id_2BdSAjI=^ zCjTbnZ~hWbAEWKSfL;=92^xOO+hx!qX^-wxG$b1lv{H>A^_N9FWm-!;nQwa9Q!Egm zS12zCnxmRe6~euV#^d3{$(9U&D95t9dj$Uk2=2$tq->PLi+t10O~mzjJ^o}f`s<-r zl&C~vl#G?E@o2|@P&4;u>nFEqs(I6YBtot0Mx4Ny9-pQRqu;_`%Le>S8PA*BOwLe^ zBgRK>RYxK1`ms`i@(kk}e-F6~v?A zL^^Lekca&4SEW|7Q8z1^=VzlD(#ClBF*?$Qcn>6Zy0}0N<=DOlEAU&a!*-k#?=4nY zYWv{N-FP*~TwU4)c^fmCdu{x8yCH z7xT@oqb}IJm*+#er6;q$ zw-1C0Px>XQuGW_cv+&=R@{CKh`JfrlBBXIZD+v?>Inu;*;~kC6L~b}UohW-SXnJHf zj0+n6fM`Qt&ug!zmt#dfA$Kw|&pBUnKba%=qsA;7u(sz5m~`bVVg*(X}xQK3)f61K_Imc4r90gBEz-boO+3Qag4omjChxA#~dxTM=;#-g4jms1$Jy51;W zt^ZLQRHDLkmpeS{W6>Ljn)cgz2R*_%v%Ds~V)GxbH#oYHZxlx}S{Z4tK+dk`gy@{K zlWPJ&6I#T#jF{+^myL$cN7%Su(NknI8v2g$p5iL11B0IFV7djsCQl?^Q%D{?Ey&K7 zhi^J10R0A=9$58KQ;eFHiAI*y?YgQ!;CT!P+IO0z`;4{GFtlqUySK1|H!Mm z@*8buHnge|ri8~QKQH1o9yo^O!@fr^S;411$?7&U4);!CYM7%8b7s`#l)0&9S@EwAOaEx=v+% zmN3=r$aU64Mse?JGCCZXoK2Y-O2NqGV&Np!A5vOz_uDUfJ2%7iX0Bh_Oi>VJ;Aik= zaoqol)q$7vO#x_dFWV}M%PStJ@5fWSxQ60HvzL1DQiV=+PrD~bFUa1%L6w28z;j#M z74iK9;*1t0i)=i%i)!QQZ_|~u_eY^_>ljME*N?U#&9lHclJ3Mc4(?h-B>=z?kL4CT zOIZndLrxcmm}GP6S{IXzfc92bD0jtbm9))p420sFj~*Bj>W zc$jG`TXiJ9u)dGnC0|H^o0VDKuD96dS}mLi@77i@&nsg!mdbv%DiuvGfRzDyZ+EC7b<1-Ye|Euf*(d{%~9|0ZJ}o+8p=P$eMru_cKce z)aO^>%yd79P?N4o-=y0gBdv@85LGFhwyZmU!y>_O&}oEGN?w-a+WxP5hZWr?5YnE~ z!B2O4deCk>)X9e}z^DSF_n_RGS-zm{B+&*7Fn|iPjn@0k|4#ECw@+NJR2>Lj`hmCk z+vd^Y;>M?bK5<1CD=n0norkgv_(}atk5UQNlPs_Lx%Dn0_`~E<4buAk|4((0&9qi$ zZGG7w?y1NXdd*|gW5hsU3K9l-qki{+jwZShP?f3X@+#X~^Z6Bw(}0#2es=Jr#hUv2 z9MLBwA>iu67ghCn7Q4P>bO}B+N7TtQ`to{LuRnm~vbHtjil=Z{8xI>z=jU=tYlj$? z!UG4l;x})jSXOuhZ~Isf{U_w==L_kTkkPseb{4%ZJj?lzUsFQN+Gv#=FgRE~c22iq z+KW{;`c;Nc^|_R{^GRshQP&AJ4hbTF zuz^Oe+Mv@``th@3gyDX-&^=n7am z1ja|%MrK>4{cW?YEyEBWU*jT}&5oP1oH>tvmVn9teC}g%D|o@uK`$w)MIX7~LsbYlJzMU1 ztib>gRFK+Z=AooMI(Dkl6DwvjCtS9f0X=N++FK<3<#A*e;ExSPS_PVEd2s%P+V(Jt z8qNtsZxLa>hL5=6jg#n_x3*$?{a1mX0nVh@8?k(C(zzh;jJ3K7&WTb_y=OM|k+j)Y zJ#}q!MszHb{ZPBuvum;<_Ek1dO2Wntcqfy#Y7(~^i2PntWP`QXKV<)QDCAG&-?7)L zYHEDWhz=erf%G?Xe&TZG*>jd!2aY$V$_p*JR~9Cctzt^>wA#UGfrg8?BS}4ptO8iS zeOSI;JiVJS_}UPnOkf_15O*AJ63_93p_sZrqSQgRy(8T_O%25O4POhWDsw2vi&=60Z*NGgzrc2nD+zOz$OkOw&)mFToSt1W6zwBV9(2q@m; zAV*9jJ~;oYu88&(o*;8{25t(})tn_27)&L@RpGv&i@+Ao9NW~vM~iHKQWyEkwQpOu zf<4a7z6P%IN+9GYk%>OEcklm>|H1<`%evUF)(|tGk>}Pr-T^jx4N(|ZhVKSDg>Rap z-F%O?V1tzXN+nCW`2MTKPHxeujXoPZ#YU}%?w|L&m-`i{nNpKCh*5171D&OH<8-HV zhDOeS9yM&8*6~k|O>4(^U!|)5U0*MK^~E?2ko-T4asMN(%7UroRYD)0c)1q%A(fk8 zJ;eq=cH^Va)umeDB1<9z3T?h-wOo*BpEHiF%?7?k5+=X7e{N`)uKrOx=gNLOTu!dvyw6IvU62#R3=2fp zS}Z#Fvz&CT?B{)}3z2Aqo+E1MGc87%!+@Ew!1{!bznP4jKJ3yi@Y;hm;LZhJuWO{l zb!L3A-u#D7&GC}eDC;T$J+m^glCLJdO$s3|fiZ7>Uxz$DEjjxOJD}LE5SEl4eKuPS z_>zqN^VgpwuWoPcvQ+^H^2}YtI^aTOqoY!*2wJ zbjAWX9pYsUM6vc%haJcPf&&#Aq~lyv^TdpRoj2j-Y;RP1BNCxCJC=RfYL2Z;jPF@X z{3ug%riT9{iQaE8lfn@NIud3H+Je!a$>(|iRJd;aqZ>Sf-04mmww7+uku{gNryem` zy~A-zeE1Jl1oDIeU~nfnDtJLF*y zSD9SbKfQ& zxJe)-pQo=GFA!D|$g#TRg(9`xHz^rA^yzqk$dS7nXabb!5$u=>6g-$_@6+KmHGk3B zrAGup1G|VSbDlZK5aK_BTP@_q5SC)Lxwv(v5iI>Tp)Sl z^Anfu(A6qnD6UAppb#R4MT^CkxKh@aS}TCV<7?QsSQR?7B*@1DyGW#N!3M(iD|}3_ zUjphv8_hAX+w>3-KgJ`h@3Zj$^8#wZ-?aHj^TO6b`3NHccS5ZUt1>?1W(9$oH_QKE?D{ z$|ug7s|{(el#OHiblHa5l-JtH#U0jXScuB2N5JQ!N@BNsiZW4X-*t(@%k6Vu-j5r{ z;c!GAdr_>sat-FWT>2-hB=5Rf%`lj(Z*Zuvqa5^T`zNTF_WAsM?MqI`DGu)`$FxRf zo}aD(f64jZFZVZ-Z184PH!ZGOXdme6&I0AHj%jzKfoGCX1^|`0hw_yx40cE#dEjC4 zJ-md%ilZ1}o2pvn1CuvUS4b0KX!9}6^@}fwUL}Gn+TDxVh3)y1x77zS!^sha5H!hN5_GJo|}ZVe$AcA0J{nn=dl-4lG% z?Wq+`3rfHLCF_GX8%4@V5_IG}5Xv0tYh7_1{Ec7lO+^@GK`OxfXdeVfodU)&`8=qt zLG4)j9=j8Q38zT4Ncb^iTFy4vg{kM-qE*QV&iay&&UmsgYpebA<1gV#svA_~o#Eb) zkNe(`PgqVqc+{rOK*9`(@&AeEs4Fjg?U%IG{k9}usK=mX@hJ(Zct$5b&WJ%rA4E(N z{qT%`ppO2xe=dbz`?Z=jcdOrDSkdC$guXS_TNy=7=;;j(o_Aih<9HlPRjaL}I7^j{ zSX)dx_24Q!jg=FCz_m=mamA4pz{P=+!xTtaQ$sy}PbG3H>1a6`T9iG5vfr z{G*a$B{tsDw4QB^&pVl3RNE*^rD@?*f;E|7+b#;mrkQIZIfht1c0zai)Kaz;9l2!C z$cn*gmpyMt3xinv8zn#*Mw~^t|KbhKSkxshd+Hh)*bXCEOV-syDi1U30VSkKaAQT; zR@Y)C6fUaSW+Q$0lO24={(9~XJlB&e!(8}{Jk&h;W%X}i84`*H8^^!$5WS%9#%sch z$!LP?MBi$t5qb!>woJw>&W--ana~_fp4wr&L3q7S$<%&dg^C@5+~Q#1`(zQ1bi8;B zj*VV60$@7$oz`GuqRb!O3ZdP(6uFh(Kjk5A5BmGHBX{={msIJ7mLQO1;jLW(goD5! zhkWX?>6OzGQxU=3?_bk{zBcEU&NEo-tx40xbBwPMWND!&BPHD9oS=7b_o(msz6c;s z%5>bO@o2se>Fj-Z=X;#6wDz87cNC_mf}Db3ZuIb9wWVLW7k)5lKk=0oCV~~o1QBw3 zChQkGjt%9Y6buXhicQPKODvDf3;+SQQhXy7`*u}rLui9(@)%ji0T2*efh?;5P$jp6 zgnOJ#PTxOOFY#9}iflCIRme4nVG&?nj+Ry zfGmpcEqUS5g0(&511lorJa)bkt}D;JERC=fsUI)9it>fSDj%m1%{Tk(Q+BDz&_pKK z%+cxob0ndB+{+TKB2yAY6JN?MylWIIx7|C+U+(;WgzV`(z}bq|x9{WsTp#P3fdvH} zxv>SJ5QeqL#|fxLMcyp%uXAIM!o7&RUxug@D_!%@iQ?1Tcv8O`D7dnn|D+mw zoeWJqe91;2%)A>Fke|nk47W{&5FQ&x zY^5N>s&=v$qB^36B2^)HE=s{o&&b=qz_?qo5)M-x^qtohWFQamkxJyPeGO)LMzNTC zw&T^F`LZ9Ovr=pHHFeAa&{_d3;;aT4igMj&b`Sn2jE_~&q80|YlT3p+YgH^wlXe-F zfIDr4iEt<##Rik#mK@yy_+rlch-aY++(WNbZH-XwL=ISI)A5f!02+6Ca6MV>1FFl2 zt-c+sL)tuhhS}AK1f~@-mUIcy?7fR;>D{hEwThwVTQfVId-UdhFT}?d5-o}+geBC@ z)DvH_ki~B?_$pi7#B$gR(YKT_=+`tABiiv!1YxE%f09Miqm0;?9|L5aa{P;EC4=ZC zJ}kcv@VwjF_PDCn4)$bNqV0X2lXy{!i4m798Djml+==vIiaI!a7tXK#e+1_H7fyQ$ z0KP2wS~id$3SDI&aJ*5b7lXSL-!!|I-MbPw#wWGx&YFEt`i+87%eO0eOnf@9tN8Spb2;}f|LNXiW%Fu8!D?I9+YC^VB)L$C!L)rJY2WCJ3 zcz!$a#Ib);T)w`)Sj|yl@*d(u8KX;>H%sm3-KoUhtsFfpk?b#*)->lbZAu>}Gy+0E z1bgmuVQ2uU$RjgjV=*g!p(x)yUzvyejkf(ymGOhBy|9<%Gn3#gPEpD9EzXHuyF(Tm zh7F+xX#bmZxgQAE+idHYM@~|YXlprlYI<{}Hml2e)7bF#{ulxbAdrHcwJjWDx|}QB1$dDK2E78va3wnYiW@C{;7s9Lw?;U>IX+FC5E$_sR+96%gNTRKq6V6L1 z0LLoDSp<4FA1wLHEvOI2*~zp?mRi)ejSRmYAG|zC%lw0zL*S!9@zG}k(CLfAb!AQ# zsvfIiH|!xsY?1?z!S!=NjK5`YC$;9qi24Hup?8NIJo6I|KoQcbNUCffK#?fO+gFD$ZN%Qbzyn7EuJo538=VQoi8uSR}(fqPM9IEl2I?WXj?D=R&M* z`)7wk{o>@lCe11WL75P(>eIs%v|Iz#Y%5&=N-3T*Q%1bs4-|e**=;N@0X}_S$*c&@ z7vWZ57#jqc!u*#pCCyUyd!ahitth<2Rm;t41Vr(MHansSlc}E#J^bUiTIogcn49>C z-4ZtU2aUUFWqENhY*vrz+37aiUSa1N>wgIAubcAE)xl+tzv002 z4m%{}+o9gqC&tNQt4k5m|C^B_Zb~gq6Rwm@X0z+Bcu&RI4YHosP%^0TyJ6|xpcve1tmadeg2rKL=hmdU7>llwE6;b; z3~76z1?$AS80WpL9)t{w+ubK_mlsOKi-mX?9{0FpVHE(6Qm}nKWW64xu}?zvhK^xi zM*@MFgpR?S7uC7@lW&SB^B@c_3=0(MSMT(+W71`4FFU{u>$j;V*kT_boz@b&QI%(pM36+GCwhC|(I<{ggF z%if8krQ(T-ucXKzGetD)P#$b?m)f#9BP-4Lvc>0*38U{DIVTu!M(WsqK^TLv<=aCY zt#IdXoE2?xQaey&p%nVX{RM8xNw5W_&%&!68;@Hqx*()AVgFS~^^Y$cfu-xD8}>3W z@?)sxeNC3I1Sc?qn%Q2vVt{+N!|b~SeuskxE_w0VTlz>J@$IcU*Qo%KW`tG2A6Al4 z#~bKI#8#`(g$ziugxaLCAWK2fA>U8`7=m_>m6z0BGG33rY-oM?ip6!Izl8pP^`13t z1lbQY@5hc2QCz)wR9lXRPZ^wA4(Cp$McuHQ@RwN=rV%W$!c|pn573de#AHdtr|TOV zO%!8JESEt<+{!Yikk9KDR=)M=ht{~))5QuAiB&5u7ISzjjFTp_@L0GfdFsc%qigIw z!f1l!^#tW^2Q;?2Am*BjegfXU_fU4M1RP+ay%WIn$U`LtgbWV&5=}Bld>j)MeG^X ze_DzobN^-9z{%I)&yjYlEf4d}6i499_R`SfvIp@|{LpR0By7OOuZszJ3P%$2v9+EG zBmN?hcL!vf3#c7E8LJOf3N=`qD4O}Xo-`sZm~Hy=)6Be{CNkD=q8&dEsxhM^9y`5T&UV4Kk@=|MC_m=!!9W&n@D#pkxlg>8;usM z$gnbCAo?A;p7vo%@cE92RFQcc#hFs`n-j7TbZ~KcDyh9jtd%=&Nc6 z2{gV|6`39X=?AikoZPX@yf=yBzyHJXKhNm`lmYU=MII_P^dvIms*(>3Qq zU`9s*6y&fxleKZ`s%ts&!&s_8#3E7jWM=+-gTyQ=1cO-qS~^Cv&qym*5pr3R#FMqQ zc}|;+@v1qsui8f%`1e7zg`Cb5Hc=b`VJPxCB)JfL79jFKzP=a$0wrb2B+ICuDdfIe z98te2EShy`KRRW`elN1UMbV$Stf%%0B;>61yM{&3>v5s#Et~~Qs?&Zl7Zd#=OcR2E z|IgVFzjUVTHT@5Q8M27?2g{?-A_b2MjP~r~&O)ViCme({OLC7-&}09u7w0YN^M^j- zOjh<}{KlPK0O+a&>&hdzc(<1vlCEJKb%+OVoYx&X#2Okn z4*6A1z#F?Qx0}E;%S_BajGc*IxjWRy_j%JGlAhV>>&&T=a>U#vev+e3j}D_<6>!<2 zaFy`Vr#J^QCYooqv9>nz7|8B!;MpfMA2W%kESJICcJmt5(jG=#FAk8ROE%Q6G|;uy zrIR>!ApXAJ#VU3W+np26$${HllhV$l@lidFi=_R+E+qJ!KK=TQ9I;OJSV#NOviPz9 z_ED?oT-emw=*lv;Y12>EA06lNYF&wi3kE@vV z;X@K(x8}F`;%aSwey3Iei<%Ynt)C6b=Y?l?Styz#u6{Zhn}J1s*$}rQ=T%ku{RDIq z^Yn6EvW#%JR2ztlA?rtcEA}O6p&o2m^i@T6`S(^|N#4V!{uYh&d?)eedEL8R(Z`de zh_NCX$wsJq_SMVuDNnz2P+-}}*4bI~x>SlwMb5i{DEocM=AnkQ8u5|9_rr&|A?GpK z#Saf-+sD#Ef5Tpby}l?Y`y<}rocw2P%n%qaj}MtDGdpr=qAL z7Bu+X#JFva4^8$gH0WwtQxzo+3QQBMEuEZn`iqcZ6%|X=rUPL|=3C%iDDuu=OR)`p z%MWN@XLS_Yv{U2GKqouIpgGKnOBHY%D+wLwA2O9OfVCKeuHaPq>|D1KFj%C`$pJ7A z*ihSax|j(W)CTKpbDbnRJD-jwq`Yyfkr%R?G+XHcmeGu!8pyB^+mpH;HXlC|vq=lW z-+yScS$9^0@Cu=3So}S8KBnB5RDfWXr1_Eilddg1DNZy+0ofVXjp_F&Os#d#wEC}Mj+!UY zWe3sZ{$olr(a?_T!5sWk`>!PzpA-?E6e!-D<#zi94^@CIS?t%ww4u4gPQe3q0|buN zv&fxgu5;%92!5CSCLUF`~6i28hF2Mqi(;rsnN+ybmoAXWLhQ0%n*(4ZN zlRNSshgQvhe;_Q4zliIlFX7quyv#w8n$Fk{*kAsrOg~dA#7|y_F^SbxZD*)aQ707q zBg5#^i2;2io!$hiB21m~NU%Y0e@azR$d6+WED~Oy^kiL=?lu(45(^(t!ym_wm;i=D z$!sHnsgRoZmNJku2`x$pL_xCwuuQUTpfJ+GUBD2S=Y|YuL1)}jQTEE^mpt`9uL1haW<10 z`N%3e4$x^jjb-#bL!nw_5R+esj0nZ>+1D=-Aj6PZ|J|RF8qCpwHVtdXEGW$ zbQkQX*?Ro4)F3yT5`Bg}<_+w`rD&4)MfKy7uf~K-R5aje=!XaK(@Va1o94O*hWzWz zbRy-@_T9kFg`3cQ>6uCSGwZlYQIdnww(yOSc$|aMV%TT-=~;hyzg>}Sk&T=qSdx-c zio8*u;tY;&UbM!&1g}rj5K7{kbrZ`oWEeU9XaMxNw!O!kG&T|h5?;=$%^WR>l_xu2 zcIJ4)7kOo_o#!Sw%is|4VlOxy7Djixz~rWqRM~jgS+acf1Mf?F-Z&d~L{5e?BW7?1 z<8S4IjL(zhE3NOCt16*D#|k|NvHGA@E>dhKjR3A>$x#%^azeV80iApr%6EQTL)|JEc0EP#_7Gc^`weh81BoZ{a7Pt4zc{)2`?SZuLh^;s^%RY z#ThsxY<;pxVHKHW)ChKh*fWMH2m|Sf@2@LE+4X-<9tV2T?fsH-vT#=RLNd_}$*$)C z%5Oxn3Br)M0J-8`+QeQj;(zH-+3&qu`fhfCe>us%;( z1a9k#-|6_RZ+=26TXtaZIStD?iGR2~wxCq*zGX2tk0jFS_!x7`6hG;BI!%iPALWMP z*7CjwcZ><%a4L~P*C`iQGOf5YVRluErjm|Z-J0()6_57UmRv=&+zBVKu(ORelU=9+ z5|eiKw;2}*mUSVHO7H$KP&Fu)CEHge#uE!dTX`D7Rty{r99&!yp`KcfT?R7)er?b; z;P&7Cr24J5Ql3~;-?Sul-X#+768$tj^wggMUEKCLCsq&IHoRRwb=~)C11A14<`9*C z)MFsu%yI$o2TcjHtwa0Ub6(#9-9&U}{;JN{Qa^tHInNMT?Dva_`h`T2c7x>e=4l>^ z3i3_c4=T#mI;!WDf=-*^{)`0mbp0(g6-3gcmRebM*&yS_j>^@NBjH@kG%T5?LA5S~ zCqP8pk{;2X&1L=&qOY1sTx79;-zSrRKMsgG6QZgXV5B2Tg1BM0uKIrFUea=1ga(fA zTLv(tB3jz!Z2Ux1P+HS0lTlb93jCC*9Xbq1MH|G55F&Y%q{o#_qkUKPu0!hT+R!b} zN{+@h*;Z+UEBlY3o%;y*xqkB=U&kJ7Xs7cN0v4&FLj^-5t9;`oU5%ADPt{BAg7NuY zv#4sr`rXqDwSrMtE_jA~@V&qt+#%27>+7gk1P>bAB>%ejkzN1kqK-5PaKq8k-B;!m z<}7`5uSwW<2|li@T#bBJcA$dC9qpRQM7;rN$laKLe;9NwXTZoLskMUiw4QBUSzHO{ z&}fB+p-}C@rn&5}+3W_mW_0G2BArmb!y*C*!VTgM<-w|5T-$XLd3a6C#X}xmN;ZTs}&-gosQO$Q5QRX6aH7d7jzMA z`@He6xz)Ok|EGEqQnS@H>#u6m%n~`m^!KL35g4hNFEwL_qNr!H*3QZydX{ywBpNX9 z;auK5%~i-pE3i;r+T$-z-Mgck2NjBQv`3x_pzCY#nwvDz3+m`UsdPG8;4_8X{lN=& zwxu(zlZ+^Kc#Gyl4IbM%mZ3OyuMD-x_jz|PP!JBE=gWH-PTq8dHK!VONr+g#UU4G4 zoyFT}IlN!HHLf_@I9OA}7F+jxx@K<+CzNjqQW#g03X}6TL65BcSXeyg;m;GQ0qnHY z`#Yt5G4zQ=c@@s||AOnOefs&!85LfL1s54r*b`J! zlKXB9yH;h)Iv1yzhuI7C*{vbHOze?xR0Em$8+RCI3oJzoW_Z2Rw+1gkEFnV2m&Wbv zmM#Vf{;}`r2)|xr-j=R9?LF^ZTa%-D62!0k0Nt?%`gk>sIt}^Xw@{sx%lgB-t>m{= z3j872m5VQN$Jv=U_ceM0Eyr7X?Vrd8cEQt$Y-*Tc#Fld!TQrum@rZK$*m?Zz3g~yP-_^ zFTu0hLv2YHc*a7bNCt#cSv?QlUY^CRXDH_v1igeC!uaIr;GNuI1+xI*I|3IkNo$#6V3ddBg(4ESN$wL11cPT~3^WV73O3f5#L|~alK&4khK+UkAK@xblBnmyy#>qsc ziUHfATr^ayB|dAxqIYNEohyg1R}0pKgA9=eeKSi~R8tVvHP6^k;=uw;M{NGP*`tPZ z;9?A$`@1apIByRz?T(xk34-U});GWHqahZ{{ubZ?XBLz4=0vO9w@s)zl2am`{KX`i zI^W?C)+w)iz>OP>DSQr=M9J;pG}KX+u(+%-4bHU0*6-?Sx3dZ^83{8}d9=MdUoKj0 z{<-G_Z%4-VK6CUsOvZ;h2p7WR-VAfqi$oUtY?lY!SBPl57pJ+$W;S2ar;*BcgZ0zz zqtO9>@7Mybl99MvPfxfRmED`{#NdE^V=^3+fA%2Z$92Wb)kGnNS@H@|>qzi+S0d!G zsLAOtgN%)^6;Gd)Ze&2Hw`3<#t}i>=V!EAY;p9V!L{r3ofI=#=JnL{-gLOd4Wbskg zv_wN)DOX!SZPT!QXuw!Jl5Y5m!o;HZ1RA zm5@|#IKpPnvcffwzdie#Kv62JH&-z3}L^b3iDAw z2&j*s9BUnXnqb;30U8mS)GVcynRX5}f+A63MM7xfm5FAZr=|1L?};W%=m`*68yy_0 zK)%4Oi4WnJ?_ z+X-9kjhd?L*C=d&gbqctiVTWM_)#sc8nB3rk_cCSDbqKk2o62YQ~s7Rx(HMxm5_=S zZdas*6o^d=ew*YFQ>eu(oBZ><>R%);xX%Lv#DOi#uyqVhHE$rqzhGTfzXd2J@yiPJ zV@dGY%!`XOTJUM_1FQJ+y!i88j?0H$FO`O}(x{~BM+@saY3uwiY8nI54ql9o#XJ>{ zt=rnLk;UOP0kJfXPNY7;Y{A0gPX5|w`PTD8`bhL27V?X2UkW;pHhf&b%~!|1C?g`; zs>va0CS19Nj)pzYGy9)^BEP0lqWfhT|uw zL0CE3%^t3D2kj6a2T-3de)H zm}c|c`r7FWdQr$EtnA0gw3!N~l)#?f zR$06tcnb@)tc)__m9aE!L6qdb)uAaJ)+Ic^WmWewp!P{tv`A}V^H2wg-9yoF{<~2+ zZw>R#+L89Gh@92!Ui|Ev^)8l;7wi}LU@lJzEN!g=wTfa?wa`kLradoLQzKdbPaNkN(m{7k1o)c`>9G7FAP=-GeLvDpTzJ5advn2*;XY%&xA>#De zR-o$a>%C2nbBDQa$%M50Hk0WT>FSgwQ|G%T*S~A&s#n>*se8M1d@TG(RQ-X$n&1EP z(d7Bsr#2MHy|?u)HIzStaNx@5uph#|rwt}SrzQ%k^}gctG=UDK#l4lT?~c;9>|81o z;6Ha92_CQFwTABO8D`|ipOP^ z;_%^5P%1^$RC{xme1H*sG=b#u3MT^d@Q@0VNn(5srKvp?hC{Np#?4HE7nbp#-oS9{ zBf-y;gIEh)Jna^bOA>S6JEL_DRsaZ+>B{SW3Z@+PD@B1dizIYrBd#&yF}U=@vYRpy zbZ8O427SMtbR`rW#U}2nS@)++ass@ZNMlR`&yF1pWNw$sd&ESDYsHZRy_O>{F`Zyj ztD;9k#HLTTX0P#=K3IQ9P#*x?wHmX%zJ-#CqJoJ z#5p_FvXwX@u*PSdReJVk@7G>UG-|vNXo%!zyox>6fo=VT<1+nQG=ux-KYf+3dG|Fs zc0{(GNUo}SNHi=^uMARMP}9_p)*0=zPZ3^c27&a>HtLhHfwhH0vQGUJgDLpr(r82i zY~RH`I?hCW%vH)TMzW*B6Jo>fE+RE7zy4*h zM+)g!7AW*GEZ&Uwso1!O&R*+5?q6LmkNBX5!7s>JDMM&CyX32&;5EeEr&V2GjMVx1 zQU%BLG5_0MS!@r6ff|j0o)6b2unFPc&D3-LBZqhTTp#IX3^c|*=%MvB)B8TrJ#Xo~ zRpTg@kjcQKSZ8c>C@F9MC5(k1-rCO7yB~&wG!m;f&`BT+7g(tP|mlP^ujXN^wFY5{Kg7O1OEyN2VpHeN9g>kjaxK z1WyfL=XhYimB4?(_{76mXIcmwkJYr_ZSHaH8`;)9mNe*S^8P&L`u*S#y}6pKxutzA~jIbheu7l*d}v#rpJR;9_Fjc?cKcZuKS zp+DM;XzPksB1GqX>VzMrC+*E7!#Wg3a@`%-&G+%*7!z_4$RAB-}Lf_uK|u%_2@E7Y7d{I4wPC_wKLw zZxozN z8BQsb@^gCwIvH3w*Ql%)Cfz4?Xdt1fRUD$xO8cH6-X=4|c8!?yj7=z`Srv+u7HwBW zW_Yx++3r#^zCAXZBP^_L()J*{5wJ}yG>uv^u|40~^NT>r=(QKP`vnu|y9`^LTR#C@Qj^Cmv#)&%tZ*yPX6@9ObC zTZ4LRT>Z^>HG151^;v~>UyeD()R$*NZ>~2G+09A9Tg& zYuAiRSu%q7Znd8abv!$cwDx=(!Yj+5ilbtAcMeZ84qus`^V;a;BlC%J$fRI&U}ETI z*g%f`i&f5mK=7q@tIG=(o^Y$j*%Q;p+_m;+kK5HuVL|2KoGRT@zM$aO@b}_ffycIc z)O&CyJ#X)JCNiRZIZ2FjRn`pzG+Ei1lS|&S$B+3H;ulVzR*qlY*qdF3D=q}#pM#`G zs7-w?*JsJWL=u?Vzt<^~5fvDCiQPEc^aX)5io%RKB}vw^z@?_U)Tbp!@ds!XVF^Yq*cci?;(0 z;Vs04y;NR4KActBXlm+eZ{Fa*GB`NnI4wou`}OuRq#({kwBTu^3U^DJ%z>>V0`>Y3b)5B&Wv}fr-TM%ZIp` z)oWQzZ3g(ZuM9Bsv3;!$g>YkyH1My7Hc$&_ z*=cLeSqP4qpU4t1eU2r6cnVhNg{F6Ljoz68P9OP_;ae1e3YSZEJ^>9RB24xBCEdjD zc7eoH_pqn_UD19~M*Ia6!DGPP!AQi0kWU!W&c)KS-NlIv6==R1%38n{J=(|!WK)m^ zvdkPzS@b;4efNpmCRk-Hz?`~Fq@LOxbNI7${AKolo*)ZO>`Gm=A}!yTEa2F7!b2EluJUJt?|BwCURy)2SHxfW3TQwaN5YS*FB8ZT z=O@?+91)=N-0PXO=a!lDVgS-x=IttZ$SJ1t>+VG?*W)DhPu6o3{m+)C=%T&yE^$}S z#Ic7!(0THSz7_0@zsv=u*iR~LE&S%g2knQQooA0bZ0=mfW zaLvdQB4*UBM!LBs?@e=i(jWK5rZ&8}3caN5!T`?=c_72|Xt@2;gpYkn@dHK^(EL!~q zyB;pP3wlM@{j2;ucpu8onJZ*PD>6AJ(Df>ji&v@?$g%H4)J1k(a9~1n-S6_>0v)mH zAxJ3woqln>I6=~TxX~p4*c9Sql|>%u`|?S#bYvfu8tU2BP;lC1*6Ng*al&k((YQ)}L&H1iKe19K*oGlD+Nn=Hwp7rNmjAV9%em+Sr`G(3hOd8Zo3{K`g1OcONV=Xn$0tCx zT$|n#!DrBud^!<4Q)-)nXZpoUeU=!K6-)0YnXpaFmxF|}ZbH+kroJyE#lxdw8-a)9 zyWkw-F*B%fR^$9}hy^@9Y%Z~zm}#h_&aXfCuLn^dv8n5bHYB*J!Y2L_>Cz$5mMT6wN?w>lB>)(ii^xCo<{jdAzGxfh@F=I%>bz_YW!S3G z^~nSA%T5%#MKL? zcasy_ely;g0bKGX3j7(@1a4M&cF*+D`-sGY7J9E%zh^W>p@at*Fe=Ex!yoervWM~gV@`Qf57yA@5_agDaq z5V8A%lwNI9-}eZfPA*BJ;$^gyW|O8+W8Yghkmmu8Y2BIeB=uwY#kj2O)y^zu1%D)T zU0L>)WMrgCJy=hJnI(M0LobU8*^K8zR*s+@Wo0|nJZTx~j9uF>Suc15z7=ORlkgnL94>AP^R^7?0Q(%ij zA1AUH+xa+uAsR{6<3#v#sDWAQ0z|M+zFS7MBnE%@#)cYepa@;X5k0Oc9NCVj5l0-oFNt>6qqTd>;FQrEpX`b}5^bb+ON)Eku2ajqwL<1i2NBwF#k<}4|`;v9|H!0N?Sy*)1 z=klpVVR1;xV)Iph1R}FyOJ`QtjQtde+5W8-{Uh! z!15Jn*|;V!ppnp=E91#CTf()6$dH+my=`SmQU{=%3@B4S($h`9(b?5D90LDxieL2( zP;pz|Vm$)(W0FjZ;fmS2XhNu)UnW=ytRWN-! z*Otz=5l`^B_coY)LNGH^pNa>-=G9tACRsAHrA~AuZOJ#C8 zT*J34PU2()Oi>MaPc0p|5C_X(k44(%StFzQLnGq4;Xy&{PabB9ZmI1*5CzP8LcuUvZO z<4I~JBhHGdlz_;+%G&SO@`=QN{!Y3<_<5(5c-B*v6;1oPplG$ll!R*6pnFR`QM!Hg zXiyr>5G5V*DekbQ++;%Dpg_b~0|8!w1)TeIyyV%1WmUGc(z~})t7+hmTG0aPgt+Rd zcX_N&b~@|iJU|THsgI=w;pNPc-}MzZYQiC(zMjy2TcUgYnXseo>|hrPv9C+XeDrGYyPD4?0zN_ z0MrVJqPMh6tDKx~T${PlvOMF)9$K&^Fi-53C>fMmO#W>llQc*(s8$k6K?}ymOCfeQ zm5y^ecxZWtc>uqOgtVn;aAtG%Hd)V0Da)gbF7hotNb17iZ4?vN4$K9{BGX#75(R@Z zVf3_8iYrNCazti;1ob3T&QUmy9a9s<;6t<<%~m({2)MGpY}V8ZI-a65{iuYDKk>Ww zWoCWmz5}&MEOqz=0_pZ7mhxhh;?54{1*ioo11q3I4#BT$C(pqq_@Bh?+h@9O=3;|y z>tFcbg0IwH#^x^%#UET=B(Hy4L~J}3Je^mRC=VtCwDf)fqirj;eIq!_Q_3nu6#)Ue zK>TNaJ7sb9@8rm0k38QKdk=Is=t>fq|7_AL0R=pp2GviZ3W~b1&_w8MND}QFSqM;! zmG&L;i{e2iMehaH1*g@O*QaiyzidsoIFjyMVp_PAYIF;`EhlteKRtacJz4MAjm3}j zb%Peh6*qjXHwM`ga;1PyxCKxVEK@b?2^Ca05kCgtHhmNy&2I;DF)Qm->D;iMH^ztr z3gU>AiHM)C3sU8#JA-Hv3s^rA;SFSLSOWv^W)DO|vZCrB6YAr}Y+dv^8Qv4Wnb6Wq zMXBp31#N=vlo-5sM66$?a_X3OIP2M|Q|T-}^ealbta}YBL&jyO-mZT%D>sV{pcQsiQ48n^B7kU7&q6KREe)4iw7O&L%BHFJ$PE{`#i{B zSM+{s_sh{*LRt8>)%f|^-9QmJ_F>y3NM4OGKcQr}lGa$1`i=Zsn=x};&Rj%WbBP7T zrz>GCWZ$iT6;c)?rBZWuc5JNAyjoa*rVx0zKVcDWFSR9`-{(a2Oa=86iQ+x{Nf9J&cId)>%wEsiO=Q-1szy+GH3uPveBM2ed?jLOCARI z_q|s*KsWCvnzuhs9*hu$BOcNmKV47xzKjC9-DWn}u6`sHbP@6m>TM(g4i*Po+dkTd z+Yf!F6z3_dH4uf6d(p&?R}mBYfT4_P>T`g(=k^I16&sJPpeU zl)(tPoLni_n26F+Pgk8aeNBnOlRTMeJ}p~A7e}3yfObC;IfH=P2yNud?(Kal?cF$@ z*S}t=vLgI7RDzXY05(=<+>9x_pl-%$YsXz*WoVb*0MD#PVwFkxU7rRXkT&gK81ret zf7IFEN0Gy-?^Xt;q1<^S%AMOHKAx6zp*crZ=;2_ZzXso(3D-qGz9K$6HfCCkq3FrV z)-16(n6&8~x6FfqZr^_uwVXLoQhK)=$sgN28`=VOjNACt2wM?CX;{%|k9&eChI!Fx zkr2>*MX5K;f^FT~AJ_Ix@7vYIjL-BV^vjg4Ipb$=wM7-C_Ai@>j_Kxf?sO~DjxyLH zBBI={eOR&(LXylx!}R4eT#0J!=$HXrmeK*8rF0iz_G`<^T2q*a1b>;@Ca9+&5dnD;>?uL1D$$BqzZ zXG+%R7^Xus=?v%EQ4_7B8R1KAta-xXvT(!0}HHjXA*EWRK3 zhNa%eY_iZkvtmyDPF}&C5nY6NKe{7^M}4?aigt`NqQZhttxJTqAfx=w+a|RxG(dO2 zrcy){$+wO{)9!&|MM=c+X+izkhbrH9ChUy;5CGz$CqQFXmn9pPm1#7VJDJojbpTu{ zZnGq@@FMgWPI-NWFbfxWO%cTK2551z_Y~{Mjb_-(Xoc{jFXHQ-?B*BH6I_t=C`}Qg z??B0lB9GkiE4dRZ@RFrU-iZw~zMrsL2oN(X_Ovz7rLoFeQRz{Th|31D`bzaE0j9Q5 ztE1~@qe!&SksQjtp6{lXXkG3&=n;>5ZB?ZP6lt;GWAHi1_02Q;e5(8Erk6ab$UKwo z?-7h;8Rdn~vg2+`rEV~0Qat$)sMHhc<-TW2fSz~#m2mpSS*(A@lV6V?yLxP&OQp{E z{Q@W-}qDbem`(ego0UoQ`-LmxkrA}Pms^X7j1;(8jJ6^IL ziOffhLkfuiJT4imf_k0H2Mk))-DHWO7=8SU1q|%O3Jr8wwf6(`&2scfWdNUP5fC+e zO8r=dBT}7+*u;*aj+8ol!MRdn#xiUbW@}96M&wK8_ZEot%e7GTV@Heq(j#N?U29pX zxvvNlRU)ub2SIPjLySucyaPzGuI?g%IlK#ChSeyQ?O~GAst;euI`GXz*QZze41Qco zwIBZ!Em!7xdG{w)MkHQtx`SZA=co6G_fxnyW?AoT#MT7rrAbZGbm6&cS7{99?obiAv9=~G5cne> zS%^{*-sM7^kQu|mPF0tWQZ#u^9@EXci1R_ci_~_dH162@>{tyjgV+Q{TQwZ-`vO|* zfy!$jyP61TqBRt2g0n_zo55;9O4Ye#d}cs3y`FG%Q7r(T)%=IZ9ca5CD@nXDvsRT3bamXE&K-XzIeYfP z7pp4o;pjx<4RLb+fMPb&wxfQ2M(2B;ks*Up&4z$@xosuV#_w2?WpM2taMijz0g^#t z1&mZ&WXT$A3}uF@adHE;2I(^%%OW!iI(KerWt02dGn~35o}hFVt2yHAqrq+T2SAzO z0mI~eik2!}c<4F%S1?}yy!sT=aQM{davM4nEE3+AHa6P^-P;pP`K;e8WX3p`)Tf#% zJ*Y%TMF+1;*4}heC1osKyM@Q)+;7~hBpo*zA6SRizRUUmc6FlbHiO^fJG*a#Q&9QyQ#k0q1ZL>fo*?V<1gIh3D38bU40Zes!$IA>HJ}w1?Z~zHoaicT<>1 zkJRY6l~PetD=1%u&C`Yu1Fvckp(wQetKz~-O~jyDdt3yg<(1AE-MBXaOJ+cHAH)QV zKbFQGKwHgV3qQ6nXbW^_vQ0MLWw5&Ddq3bnLTe`J5YMw~&#h$w@D*DQ6S@XUS@g)f z+Yycp%Qns$9~#i6O}o&~AI;*}L`ObcT~`Yg(X$3@7%-UYz^0iyIn`yjb$4=Ei9694 zzKRfsNU-nw0u~XPBRKvvk;Q+V`3OA(t$cRXs)CB7TP)IjW#)Be4-Lo~pHfUZ@84lj zWLOp$ORW>LR5Z>1O4RYya0u<8otrpWVZb&`hOB*DRl?zoW{1|P6j^+zm&fidCqjtM z;nus+BJ~d*DK?3U^m3nG&+B&asajId4YlWPiQ1oHjFz ze@)iPo_e~XZk9S7!e2QGF;FS@wt)n`8hU-X&KA`f%fk5XKST6NuSdxM zO_);hhZaM0NAtFVcOs^5d>5E-lVw%eTOcaStQsbHjYo5*4bl@$&vd$QptH3)Z6>Mr zZ-oT~`97`uS(-vxK!<~alUVgwF(vINfo;MOeG$Doc189y7@eG4`|h?4+TgG-h*=G$ zVL4G)JY$jrN z``!Kwd>$zXB1A*_@k3HN0>|L$)bjLrc9y=?>37F&{glzmueCB|;>g+<&_*B#8ne6h z`oU>kz(MCbeZ|&xV&wDPqsv74GZ`uAp$6)xJayoA_r;h+N8R9y&BwLlh_vlY;15m} z&zsS-YTX*sZY?80oE(furw_N_{^T6h0Uez`HUxc2BgxWUN^I3BF_1~axA^jQpJol% z6vK5+*sF(Vt1fC;{k}22LGNfJVuPzhU`8yFllAxUiK8H8o0*vJ(eDj<4huu#=Wpfc zeY)xoj};S3`|jfV=rfZqdVjQ7jblob!|$@*<;%k_>axDJvNC{UL=;cPU#DH6b~9?% zu=3n_-rMPYnymxy3Ip4%wJGKaZGIdHpu;;}8L5ak!KqG$pDpbvjh9};7z zruMHh>h<3egSKV|kle(})z7 zbE<4U;Z(S>sj2tLJ+wDiVnmIy*~QoY(aOfA81NmeTf4P&l%1J*@C~Thtd!=sTvx3F zo}8=+3;W$XFu-Bbb$|wx#A@scBY zARi?YwgN^qb5u)!nm_FX^#2uxsBIPL+nn2uM&8`l1@ww7zNU0w6g_XtK~4HMDS&In z;+9ZR%z8&Ls?n8@q+ZL`4>(?ZlV*oScMnDaCN(r1bTR+Ceiz3j+~n9;WmnfxNauZA z(BQ~#$2q-}u5J+ylb)+(9eLf3(YO1Qm5G&Aw z6$H+aTD}9|aBTQhXj7-lW~mXQsxNS1Ybl!EQ&(AwmZ)(8cBE?MKj5k-@U&*7T0gMLt&%&260wzj9q6`i*LEo!|MDb??hPt!~KUa#I z3;{%1w4F7KRWPdj{{*k5Ha%aV4y)ocrCk_ktM!88qkhTDQVLo=4a;E-tabSEFfqxq zXHX0K)i^8yU?j-R@Ajh-!L8P+q7WpKxw+p6hC%ywiXSr&;4AK@<93##YXyvwDJJD9 zclp)ELQDJO$8U^oaHVdoVLTaM6f+Oc@!k~qVznM<1?;+GGk*ZTl{r;z0n}N5aoTSr zIUi%K!_b&17h`qO(3qB}r$N@XIgCgvq_gJjvSPT4$?O-lw12<}{RbS#^W&SRXGGYS zB*M4b6e6EU9Uc~;z|d}Buqw9?a&t3ia1Ymi|E}2Y_DD1^d*>TaQbwxio5%k2UoB(OP&%~omjNCIViY^=vcOaC_j0wSV(0tGEDT5fKx!%__} zS%`6{_Ma|_r=m$%{q%N8S7-FU%BbkSFRtU3V-U+42JrhBJMDnZT8aQNV5>{P*!U-S zL$-hV2>lEmTem_7knwUca6>vTL$}#ny_`TPdN-Sth(jr&v+~59b#lKEWYlHFRWP&G z`)YoF27yUlhLDKJ>-5*+#hh9?`kcs!2=DXR zl&GzGV}l0EvX3o9a@AY6%g5|SFPIZ^`J(<*;z1{)z)hIYXTh$MHuHA>6+KLy!b-r> z+@@B!b*IKwmxQtL4?0&ERh1@7Ul$aIoc||!i<5?*&dz681DsgWlgfjtDc+$6i@{M* zzJf)XtV5RddcS8@tg%-*>mVIeLOzwnFW-@XAz%q$AwYwu5<>@>WPECB>oWYE&Cla< zgarBpbO4f9D28NSp_B%b21?9Hd3KBQDWD;eAMd$ST<*L!{CdxwfaLS=e{GaL<$tYH zA4(bw12AF!UrPn28v<|lzrAl5SQ7s;fS-ZpaAf~G`2S`O|97ANr$@F3HajjGHd<*O zvNtKE0fJxJO+o!Ch^TiU4-fj{KY#uZu?7vTONPT9r$e%ryL7xI-& zN?uPOjZMb;a9B|$$G<9rOcpf$U0s|~*j(ZjBdHFfiS`|xW`~jw(k3~^XKVR}XizQ4 zlywBL<;1b1IA4FF;oWJ&j}f@gr@tb8|&3`t??X zD{)~B3Jk=G+qv2>?&HFAgFM1m`qIk&ldZ;RnbiS)Lb!>9EqB4;iObJykH0D_nU>sZ z6#YM4AQOGFZ)l{UHq~GZvN&&)0p(Ygy6ZkFeL=w%gIcNR>gp;eT*Q;}*PC>%citPp z5H*oeFW|nzJitjEEK&okev1(D=g$vm@()j>c(C5t+KOh$Fuo>?4eS2rl<{&NhjVFW zLD1XVWwQd#O^>Yi=QoEuFmpCvXW94prQ5%Esxg~hKH=r=x8cAWGB$@+XA@K$ioWej zwR{nn#c>$e4Y-F`s;kfVUhhrjw0^e8M8@0;y7(b4r_AT)dDCP&17ke&VspTL-o}nM z+ihFSezh@Nsq9yq+jURiqpDt2tl8(-;KFE9cd9kuSZPN+Vf$Ep?@LFtgUiptAGQVY z%8H72mzTa*JBP)x$~u6w^#tY-3|Py`70G#>-8sz|BQU3IvXr9CxGd0OIL;nsTjQez z56;f+_6vfsC?2MNyY!a%mwyoH?Y)$HzF+shkL7rWJDV%mghMUnesjR(Y#*Mtg#Ad8 zn?Nbtbv<1;Blc)am;CF*zPk}-ej!s&1#_}q7y3Lhr4gyn|_qA@q6nP>$%@% zN@b1uUPf!qf~3cA$F-WRYWZS;4lCj}S65GGokKr<{AhJ%47i@EE@0EG(vr=g8>q#N z9rDj*e&RgfQ^fAXF`ML3gjqbjW+=;1jI*3&!GnPIcK?326@Lf6{ z<1lE{AdhBJ&(HkDLZ_~0%R#_nrCd<80DadooM$1h7N$t~ULl7~Pmo{Q7>y3h7NyIdyOKe34mUQZ~cyeV$GABa=Un z21<<1iB1g$z7d`Nq*Xe<;FsJsj9z=f2rjU0q~aMDVO>N477{oXex_#T_7dx0)l=ZB zNpqNU{ggCG{uN*mG>(r_7<-ynwQi}Wt(QP8z)|qxUw6iupPye4cqeOWx_-3CTB^1B zvuJ>xj;>to`R{0QNk~Wt6na%89f^q)s+#i>6)jl!tP@XGk4?($GZ>{QC@9!uGj;I0 z^*&D+WMXVAm-xcKf4_JILpIE8CgRZ-6JZR^m2L1lQxv47mEHf~v7J67YV^Bx5cR){ zN}#IMstS78>_ovP+u0qvNx$CBNNI6;^#Appbf!SOUaKr7S_>HoNhME6l%D?MP>l8M z@$$?}M(@ktpmCAztZ)#l($eQY85+P`3?*2Nqc?{Nx;nO^o zVIah?oz5-MVBVX~gVY)=U+;4qoT71X)L(&N>H<#wr-v46a`n$atT*iM3RZCIpZANT z8(>`rSZPT}Nqzs`9KxE}hj~?t4)NZ{g&kwd8kPsY;A^e2z;uC5d7b;xCxd zGKLjuZBzM6u|{QbtRX6QCfJWjGNq@5*#|TxT|Q&qCQ4g-@d*fGfvrQQ>Ev(MzonEL zF-b~FMo@ZzK=&|4aP#nZ{0MCq_4n@exolil!X}WCSzli#U!>mr0&Bhu4O7k9>336|q_OIKr(Qm@9QY`6 z-dAJT?9lMRO4-G%A*Cv>?bUQWwPdxdkv5{B)>v?XbH*r$$rBwOykcd%ZQ2@ z7vrvOh^G$51lYo6^bh$|8f$%mb9ZghSShUjID>oPRvHhB3fitrR3=@;U`uze^@1&D zMPsnl)nz|CM#NC4TwGqx3U@dzVX>b0EIZ0dONHLzcte&}qS$#9t&XT9PfD65vw*tb z_!v)16Kx)i$^D#6+7HS?`}Pt4f$q;q+N!U66<8K<9V;pzkLb|>^N7?`!e|*OnM5kl zgv3Oq;*msZe_vlW7i-)7e>yVV8Uh(wi_P7e$|(?V;}#aqiE44#fc`)|hqQa}v#=O| zZnC1tK78`on-t7ak&{Vz7YIY)-~025d&vR#gL2iJu&^-K);KpeH*|FLx3NQh6I>l$ za>}<4m)kcto^(oTYA`)120F{tV1C$&ote%R6n0*-l?`I$f%w0pE9&%jfX7QlCTtxF8HD?;88LzNrk)ZPm(zB-roK1-@753|o!`|?^nYO%&NUm&eIosi zk&)b616x=DA>`+OPzF=F#x)&m&aG?TE?{j$o(8!R%G(O{lr{zmA=9LZwS5_8M)N?_qWJ*qSIOyQ_f0%pgs3`b%UlapT zLPVtzbdV5fkO3)CN|f%F?vQR2q)SA)K^mmHL`1rzTe`dZJovuvj=O*R>~+>%_pUR4 zuvEaA`R4PfXJAHuIK}P4Sx3s^^+hBqp83P21x>%&taQcl4F|2o;VUT|t&?ksdq0VH z0SRvn>8VrS^_9(%Tj)rT%IGz0Z;gCO&3fj+mm-COdxHMXFEx^k%jM)?e}bX!tkCt` z#i8|)v9$m_Tv&kwOqm+>*UV~$mg=!5=1r+Ipa0BRj_WhJtCUO|ZGSA6Va!ZeX?-ug zQ;*=Mxe&qElr|cmLcZaA8F!q#vn07NLVJ9o5w?aw6S_3hEWJ8hjD>+wX|-qpxBTmv zjPh;H)`A9_Pu+#Jm6apo)yJM##1}6YbO&Xg9Q;xdKYfN}uOGbUv!ek$TiVaj#*OmpDu$L*{2g?8WD4oe)3*EYlRshx1bevTTAE*zv2hs@sAAUX-=p*X;np~!}{Tx8=IRM8jbyQ z`lE;YTd!F2OJ-gg2UKGAyjq_m3!#rb1^L;6`*IIaY*tOjlUu~zQw|3lZ#8;U8y#tD zR}3L#2H&_%cAHGu4J?mW?I~H;ONVA8AKN4BW!W})Lf&>}7E5Y~Wy_~*MRg=SUk)B5 zX7<=MEO_`rilSLu@jHrDe!vNR<=ybP>FJPgDrxGwaIs)uVfC#dRm#jY&Q8i*Pd4>n z{lcvZgovKi4f(G>#N&Ca$11Qa%AMf*BPFL=9cT>dfv)GL`$*H#&rwnRrDp5Eju0z% z2&70YuAId4_C^A!S3>B~_*-`d-2X=`JaypfjbB$q8xXdJS8_1d+v z%F6lKS?d)7>lKBV$$u-7&|ID>j|P!Ez00ZBu~P4aZNy4c&r&Rs($857M>*o*Lj~%) zPdR+l9CMB)>xHbsb?uapDyh#C%WT)r#CcDd&BkMbc!;WOR-eK=D@&w!hQ5i?Ap5mo z?0N5DvMOcusqEGA0IzRo?9(~U2$|303RDq`Z7CAHRs{VP%lfb3FjVszd zBBrdQ=EI04;(_2r)e@;N0FVt0i|F8ZeR*qp+o(TVab}et#dzq`XW52R?>%ZZ2WIB6 z6=Iq{8`N|#FVRQZ-Sn}cU0$@Q@Szuen3jpmmpjX8*uPrxDd|Z6DMDI@nnTi_+CcaI z31w1lhtD5B-p6wkPC*sND0e-tJKA+U+3ArA7PdOvnuTeQhg!IvVzk=P_IU4JYxp_M zt&RQlpmOs`1kR!}BQ>?~y0njvPnLY{+1arf>SaEdJh+^A9K#IDV%*WRV0jz^7m*=j zxc$m{>PNF+0MS>~<7hv>?Fm;ix?MA!Ipc!vieE;L=Gr20@7}fBp36Bs*76oM6N=$= z9asCadHGbT9YhnGc&!!~374^1^}C*}pL~^|rdO*fGU$nqjEt1ZIBOvHOtY@n>CaUU zax|L!-T*JC%x+T?l{1G}&dtEnx#`=t`}ISZoWde0zw%nO2gwQz$B6L87sg>KHH1_% zWKvVO&ySX0!i`-6L=hD2SFY^lerHk9?aLGhpBXCbbw1w9Re^8>r!TFr!4 z%koKAx@7%>7d%ABHI|r%*=c<4*Xlj7_$UDB$~in-Cgr>OmMl{Pu~ zT8%RAR3$XnemDr-itjZ0^<{IYaQ?&d$xdDd;NIF(UWLECj-qhfbtMm906ykbxzr|f zus+)RY>X^^KL}W%*>Sykq;h|xC$00FC%ZQu z9fJ4NiWcV{hsE9GP81Z0pXR9lMo#mTbBQN+msM2YeEo}hj+V>@X20z6A5@+&T6L)V z3Q=Kx37_~f{O9km9!;ClU_ZI}=ZXG&>3{d1(f!}_c0zB{to^7s(I3XzSct<$`Yq}o zGW%IZw?1q71!s zR23N)f0X#yl6t;qex-|xRGmIN(GvU5_h015&Ca)8y_~o>)FpZ`4(|%Ib&`DYY*NP{D6fxeJ2u! zD>mWsps7T#Y+iUaBK=*$<@@QsCHMs7>eLE+6Wmm<7HgB3qC`CiBd~b;c7F5V!zF!c zOQL|Myu3j=iv2T_IruUtBbYP==zE`Juj1a4LAi=cLX+M^Gx$mlM<&lNAuOhT%ngQ> zle2Q_o9EW|>CM;}m0m+xNj}*J>2Hqzd7{g1=<%Z8kb%W2}Q+N{K-NB7mj@^Yow`S^IX6H|QLQnqD_ZY@JfB@30p1x^uJ=a9w5M-vM7$_Z!} zgYJQmOv?=gw2!YcT{Bwf&+!Wh+3vW<=_5=Ndb&H%Uq|LlecMNZ1qCH_vI;XWhQdlB zkyh*4oAoZ4C?B&R4?G|Ke?cAA6%bKT>8&Oe<%Z{OY;5qJjY_15%!>06k_QW~jaSP9 zc6=nA=6|aF+AHuL(A8s=w$9GZP#mBW;tr{>bB|Io7>>VA= zCN_g)5EO{&6a)FYaxBIzpPRdrlQ?bsMa0Ejk9IQla$HNyw)gk3Z{A$%NdrRL>g9fr$~mV;xcudmo_f(M^L<+ZTz?=XX+Ha|Ruli&5&w#E~D{N%|( zZE-A)-@aXPamfu+DYux-`0Moo*Bqb5EA9}*&kr?4#8Z>uJdGFR%KSVIC+w&86(uvU zqIyzA?T=V}I_FIew77#B{Rvrg7rKI;zjy&xIZql|!(dTIlE%gU5z7Frk_i57i#FGD_eDK0cvz&nH;lqe> zo1R92p{spFiaF^fwDQ-G$N|Y@A?K6Lyx$*hc_x-y&O5Om)EmlX#c^1M=_uZbbUiu9 zXFKuqU@-2}`WaYmao7SsQ^pMOJEx6FG;A^+r=5kj8hj?bWt%`sU2|m}92h8-TU8p! zRSgOXDm@M48$xE@jL<-2%GaK)3>A9bymy;~gv+5VA|W9GW1b=6z`M3qeV#tH(9%K> z=CJ$Y1HQWVdYv(Jw2q#K3#^eAHzDpVo}lfEHAOj$|4XqQC(dv>MF}L`no=oQPr-Vf?$^|i~nJNDkn&CBeRv5K zu5_xHjSYQKL+@kD(aq_zGZ&2~_1@|B+f4@tS@BL=88*!w9Ua^FZMN2y%4Oz~np3fl zq$!V&k3Bp+T{dU&0o}&2zWww(F@nSLT9CZH6*+md*@@+J;$VI3Q(ME)GA0Yze3sN> zoI6JQ8ygXvdTW9AMvk!;aw{bTc{P(P{8L}83nUY=RUpQ`8~JIU4f|QEJS(4%m#(xq zsIXoRBI6v-kZuen7s^)K9;tOaGa>7%(P<6S)g9NL4EU<_@OEFi)Eog-@G|pQy zFE8k&CVdHRZtgVEXhg6`IQ?n&P>P$s+k^U)P>p;AF3UO0P?2J*#h^oUkJ{S!$oyPo z5HEk*%`oLEt@G*Znc=i5s8et6)db@W+<8> za{2vz@@bE?MizDLYp7^Al5jd>xkmvtIyF_GdFVS*x*o%AS)$b#=#9mk?OggYgwoXX zYil@NEhq^-Wp~CZte>##MYEYcwO+D%{ym43+fgP%WoWFuozc-tOABk;tl|>dhkl2| zKI^?U#c~x=!XYkhZgQ@wy#n=cViR85_2GcA)uu?Mw=T8T%VBFV4r3f$Egp-c+U2o-qzc3B*Vd# z>xCBpT+-1mGM6e~MS_V@ZDJMZl0`p0yU%ExFFHTDHQS0=-|Leu4a9S$?RsDOrjoF* zIY0jxcmgcSV>;(?`|tIIjkZ4io;T*Wvk>fKGhSa`pBEE&<4PAB|Mr%A3iv0ysW~`2 zj`c)Dwv2LR=TjAFBBV^R!cw{rOT7dzwc1gp@ims`kc#6OWl2?Q{WgU4oi z!p_Uf`~KN8ekYg2fu-e84$z2?ikImS$}`O~hQ&v{&C(St$A`zayH8NJ%UrkYs!&|d z$M$W{H%@=moF3JT9j{V}ljf?QdyO;roE1I|qd*iZiSl1gR2|p8M)=tD=j&{4E-n?@ zIDdakGc&UuGJ~!Jjl@tbT2%)IqIPpJQ?X_vK{J8<^$Fy88A^0ZtyBgjB1J@i-!RnI zuQW0esbrU&^%aP7n?t3o6DNH9@b5$;;5%CVzIr5x)|B^zd1ZB4fWNul9EsBIQ7Hl=DlQ07Juh}Hi-xGw#lMNC7gPi zEbX*aK7m>ERuaMH2Ae@}kuy96~&SdWd~Qt2m?&Cm5ltjH3rUU^7Ki6__Vu&YLe zNR-g;5PYvn)o*o2yQqOJ)~mO-2>3_@0s&ksK_PFdR@%+>Xr!OF_h6|RLnMh?*W>a< zKB{WlfUq7W4U}QLl+={llF!~eGc~2h0XaqQ3%<(tpAvPVS zRt`2nFy*EnnY4qE-Z$(ADlHJLdFJJZyBH%Ij^@9(e zp?Q1j7Or-7Q}H>KFXkNrf{2I+{UdULuy)pDLet*#w+4Owc!3zl?X{BsTmp#TTfvos zs{7NL`3DVt_#UXC$EcCv;rONI&pfSJ+Ehi!Zr%DA8mjtfkhonf_z-FQ?NTCLVHYW< zgYoc=L2RX!Pf$>2M+aM!#)_tPYA+IYSakVSn1qe*dx47|d$Z)@{hhe6f4PV_y3x=0 zIY|WTunnUzO7?PB?!y7;%;hvV`#3x#j`D#8E_;6JfN4&@J zH1|!%D&g8xt+Dc;C30i*>b7`FIZD!q7t85L4;swMAX9tPlY38%h2f&nyh-wV++n|( zFK68NiT1+BuC9+EX<`&qR2edvpr^A18S^;oP$$14Cge_XIX&XHg8Br!2@8_s#2^UW z!5nn%mXLu@oBVEf&X~ zA(i3g<~B7owIk=eIn}VUvjdcZ$A=G|eVE4<-|=B*8-D0J(49m&AML!gww9&2D}0?< z*D8{-e>_)xVlKEnIa%oF=qQfst<DCey5)=$1 z!fjWz*XCOZ(Cy?u!!Y`57UOtb`6xsBa@E%dyQe*L2r3C8AMLiY;t8~JeqBgFObV>s zOMbxAJ+&B{;5Wh+bvCY-ln(WfdWmtl3?h>K?dAARp+8q~?wG!xsx~RTdc|F(@~zY3 z{dit+UduUSef@N>XVAZ;?q>`?^#6O)%+Ah=#xl#&hr90X$^+M|4rNE(6}0kFdesVM zr-M9@Bu>^{&q)HgV?sl#4QE?GAqpbnbJd^*uW?=H!8yb|8+lR9 zd`A-OJHXspuh%B37QCj6KH2>ov$En7Ldh>AG*M;0ygA)SB_5+vs4Ke8Q|)?UU;unL zm_@F+{^I|M8E&At+8LJ;NXlKIdR(G>KJIX^fwQU?;PQiiHlkkN6XS7o$;R9Y5jQ*i z3jKL%WTbua1rESxP@6ikiOH1BIyg9p;k5m_kpSX3XRcvi%c~mI+jj{-U=GI9R^UwI zM?`Wvel09){or#)Wo-1bNQzEAGK%}oAwxFYekE z1;t`n5|mQ-O(LZvGUrZ8t_zA?`e4z5ytF~_<oP0Y= zy!=0^V!F~pHS-6uR`pg2uF<^9tvPF{uh&}ooDo=lSYEEkRg=N%w1|pJi$_X&R{v{# zzEj;Cv3Aukx!2t{d)VP@`2&Mek@<{wa7Km!KdbIa1gv4v7{=yHg}w=4==p=>NTioH z-0r0(#rE|_Sl}wm*L?R_s*{rT~OoX}>MFK5mxPw*=0HL?x6&RBdp8w!~Ez4YC*N zPvVhC^aFGxU^CV?HeTsY7Lo-1O0L*=XsfqZ4-SE)fn22PxEt8mlEl6-8x}h(_nWMa zl*V%FmDIX^JF(w>wJEfKa-A;lK(Y!rF_f45d@}ce19-#ZXpsL_xBELCyE(>9YP18w zn=<|vlnjHSfW##})MpZPiEh5xZq?eje5jSzGY#f|*OULh+_>|9Vx9dT2&KQj{Z96} z1Zs(=MucvAwDt0Eib!83%=2xZo$h3>#z0a|yN!=ZIrLUS=vPgKiwwq6trZkN5f%>> z2@MW@yZnb=Hyy81)NNoa(%(!v+Fdp{FSlsOydWITg!T0omY!r;sV@#Chufq$VDw5+ z--V)nvF8i%KyD)`Ps|SM4aI_-62bcyR@UU7SYTEFXaQ9dSSQaHCX=V=8=IRK+mXt} z1|z8!vn`#6fZO7Rg9w^8_lM%G`{v@KaJ>QOu z6}OVcks;RR%Vo~i9R!k1+aVwMbs~aMLo?WjVV54QB11w+WI5~3J6T0GW|Z0MSGr0X zV9x_FWX5Xu;@G#eG`!RnTuMYc4q5a5i-jOLWAe_fuOm&4cA}ot7v)~}_}=yBAr{Md z&zobTN1PWwi_=t*sja*GRU^W251bnXZ<-OoO;G+eHm13pI$S}+8a?aW1N`1vK>J(= z119kl=ngPYQ>ci+Ekfn|RmEYK0Al-A0!owY-3;DK9Ty zB)zYpv8JK%WZdC6$MtOJY$R$z=|ex8-5 zLh)1V_k3{(Ti4iIf?B1>F4)vnX}~DAPXYdzm6bKVj0o00b33dUbKr(rij>91zt~SB zb*WDs10zd=CYVc2#w-1H|HJssb>4*YydYk|bmO|F1)Pwy*Yt-?!e9u+qf^t@#cOUX2fUvF2b4V~qYYy{85&Vr3=C#lie~a4?k{6f0GmPbR_ngFskUl46 ztk$+xB@k6rU*_?<+icP)p^sxu6NO=X1O)WXh3{>FBw&-~tOwCT6E#-!hBi#_vj z-`jw6B~;WR2`>0?X9vq3z(If_<~!mX4;F$S%5Q-cdpo>-dXrK-GW+x^F)?xFs_Qur zb26DTBRR_9JkG}(c3g<1!TjmCF-PEq>f7g*fX`^7_SEq9))|6xVPyh;`{d9PI%V~n zDAj_yZ1mEvw9XO7^HU@RMan~E;GBM>P4o1fS?*>&foty>im`8D;da?(d{kVTYwabK zH|Q+RKX*r~e<-P0lBjd=Ug3#o{7 zwx$9#ipI`?plHZ9MDd!%b9yaa@bUBNnvHXSSW;G=79Z-4pf)u~bIL^RT5 za$J)j)xK~}j?VLNxYVpMw!(jDFoS^C__e4g7=I_v_Th*F39BuVdmp&8(Ml(tTFL33 z-f|p3V&&Ut&(yhlX*Ieq>+Ow#jCtFXg3I}+NTJr-V7N$8SeOxc4?O)N6cgNb8_(#& zsVKNr3+GB?`3siUmd7Q1N(ZlFR*O zOD*#QA|iEy<>w zo)W7XHss}X+hSpM_+Yc{`ee}vgVZaf@5@W_)tx!f=-qMP@pEmSQd3KC(%nVBqvp$f zH)}tmP_M%v?aGxawDi%@(aS3wgVui)75_; zpF`YHH}VwiS~Z$a4XQV}VPpp)ee$R?WLZXxK1o)Mh|N$YMWl}OWOqQPyqtqVF-n|*EJf-i_|le|L#Q0q zc?J$qjcT~mIji?4svXbAln0qnFP~+l3sZ#Q`ZrFC#&IcDrU1rJV|3-qCr!Po^Njkg z%h{pcXl_26*|6r+65AaJXM2Qqky!N7UzAH>I0tW$97Kd-o9=n+=$z z8k{%oUYwIya85RFIv(n|_sTrJ`Am6qw#(g==I$#(C+o}9<)4b+tYkznd0bUpUED)R z$gndmn<2BfNH{9m4_u)2M8(@_-3z;a)5JtAm;;96$!<$(&t%2_B(UjuRZ1XWVS~3i zTpqGKgftv&8W=!wbE}%gb;M$j-n2Qfi)jezH|Z$}usK@lGxCuH))Qj`6weC4M*u29Mp0PS~2ac9-x{Z1vVH+k>#=+eCN?%hsI~Q?)JCjCayJRDOLjW7FJw=i8p>GJo}Hp6 zSsZxl1lhocrHlY&JCzDH)T;9Bc*Vp0h&S&6_Uw~&1^G1wy$V;dsn^L@7)>$4H$CdA zdm)ukG#Z4;nu#01(Jr$%hpy+Ecl)A3tJF%8UtC?yImMB!b#bn=UdFq9oAxd`T%nor zuB&7FQVLYf&TDnKKGm6{fNCv3xci+B67V0iIZ*;73f_u5xhRJtkW#x+u4RHQP{Uc@< zGW-KQ@*T5`*<{PEAE38+QW|+?pEMI7tHT?WZe>y2NlUc>i!6ExqB{DiN zomj()6a)pwj%?ttiaWhaUjv2XxU*6x3I@rfJhYa|^72!&k$x%vmgQYFGBD)q#b?Rq zl$(yDsz`)E>_ji#^=Gj>r|nwN0Y{Tr^=_D-9|n#AYt-r-w?pf2<7L>KjVHR9y%(EP z;l{LHbQK4dg7*B;wAh9=b6llBrctXcYnJR7Fh(`!+suCAE- zoxnH^sOM%m%iq6M6lB;a+W6zgt>8kx!iG>_w{vPsPE3ZZ10`s7IXQS+ zfhJrph?O^CA^~wcD7jwpXJlj$_n&JFJqJq5p<1>pl*9Sxbw2(5f^jJN`}hbc-6@jdtw^%a75CAcreL%#l0pH01T`O18IJU*V>3+lVq(9p2Rn4Crr-VSq6 z+&)#dtv=lw0UZqKkRzn8-?W9>T3kz5WXSZ|(#D1|2@RX{A?5h2+G1};$ljQ4dz6K^ zo*Yf6mlpP&U}2dZGh$0i%R=>*=H~A4AO=KIM~m#^iv5K^l~8FLt*?Vtb> z3@DfpmeCnfow$IZ;L<~++tkIV>1b+BMRaRj!*ZJ6?yONLm>Ge$M;!_tM~iD}PpdwY9<=I1Z18UzM(R?>+FB8L}v3fEE_r3KBjPUA%wo%$KTB8%`hy}-}S ztGlp0jUFd294R(K8d|X;o#*#rCtQwC$EzzrzzK+EC1f+EwoR_)u$*^cbE%5teU_I^ zAaMJ_DUe6&cz^C$dz1$Mj_xuNsMR{G8wRd};58n~&NfC^*w9z#P9}I=Q-@i^V?OT^#@r+&nN~JDG$^F67UAj!vs8 z|5XLlgiFYKz`PFkEx&vzj)OwXbXK^ja#u@B3&NE8Ll-yIM2&OVB8X7<`*F7YoOoU7 za$Ivr>HemRvB&x|_K6DBEu*8O5K67a@A(zCK2m80;?(G`?-0qvtDTno{#SjhDR;DV z^$k|Ty}x&PQ?gf(ZhMT*LBfqNol@hoSI5G$jX|VF6SuElec^R;HdR_mic<7w365u} zjFrRfozvsJ&L|G$=pr7y$`|L^Slep|`B^s%QX$P1gWpK&ir!0?&KgvC;ydG?T3f*Q zmAhV4Tdi}oZ711EIbttg4&`ao+fKN2R!=Q1_N9rFVX$p?CB6u$jk`@uoQ1V2uP%Q3 z`i2*GbQdsF5Y@wxl#|O;u86=R7wgM;p1%z16EWYQ440_XIO!ZT)+5b^ zV?KWT2my`HpPktEHs<4<^YuDO^UHqkmsDVPXG*69*1Fd9FrJ<6Pe9EymNHglFMS-o z4YnDjT!;rc>;WF1@d+7y3>cp>DgCCTiXJsL_vx>cR}6Z1igI3XdBpKDl#PF}SvCKV zsUnKSE9)a%nA2-^`$;(|yy*cunhAc4934z1d-1_weNmL~{ z8Whjt9OZbm5yU_vvlID3-ND~=0D5OTT3ao_6jIdVYBpA2cCNO1KJL8UC)}9Z>M~U7 zn%kY0ZGN=7-YNPeg`0P?V6`ClV!S-$6&(r#(5F5S zpF&_S+)()W^B*M&iIj&N)yj&o(cSvjTxxY>T$-9U;r0;c-(9LEB_RR*yAGQeo0L7h zI@3?%0B=CU!J#5Po}sj_gPwk?ifbm*KP62M&Y3mOpa%~UJz0QU)=#5&O8#h$0D0D9 zvx;7mLCRrawfO5f*$UCpxL@7g@ z_g8H(@SW=^s?^V2@aa{me98L49s^@0|H`a3Jxg(07nt+uRJa*49Pzo7*)R4aO4t+W z{#MwN624uc0um52cz&wly&(FEs*k{S5PWmD7B zur)z=@z!sPVCu`1r9gz~V3V*b&^$>!EzcK8d0twh0)~3W{WXY&-;o6F0q(?|uZ~mW zQ+Jnb3&;fn7lw;}KcIn()Y00=dXe}p6RX8c6O?rpi%TP=wHgFP69Fkwif>CLlkJPg zLGv~_*K>qA&f6OhLj=1<+XB@Riio_$kly;UlYiAxGy|=x654k3-oj{V3!oA*K?5J@*Qf1(0(~+;mvj~4Zce#RzFGZEq zv7B4mAxg$>p4ar%Mx(pMsIPcl=Y7l(RDS{W>$Up!sKz)$Wj z4GcK9j*Pq-*=U)ysGdi|i=3ab;qZlB$ta`o&CT7E2krl8>zQPGS*0_D1nJV!ezJMj?LS3HXQ7&sm3$V;57Q=I;tez zbvL)ma7|6*OAD>~<>z|^r*BzoyfKDVQ!bQ&NyI8~|JKS-H5K$t0E`jb-92oU2&i)4 z^hJt~_TKWue)azNbSl7GX0Ulc(69nC-%Im&XR*D(xas2qwKz2tE%NFKd$om;_0Vtw%_~2}_Ssxxt6(vSYZQ4N|L9NsVGD`DM zgDv-Fuo&)8q@xZ_ zcW+_pyEh5g-+X&Uj$g4hSThZb9L2;85T#$C#`)omGs>GR6j0@Is$^k-{{CL3Qn5(k zTzmN<3{F~VYE;|=f3hJAsfxbL>gNUkXeIed?8h$_pCfVkiuuBJX?zxrc8Ot8toNj0 z@bL z_r>GcUK~F&c>%VdwAXP-wir}n@l@$DEuZk~FEc%LwdQp?@RrJ;Z4lvfoNM!6WZAUM z+p?bi*}mALtF1%mn%V^o3iR5ea%>5OHJWE!FLb_koY|F8L|~?Bc-{$45tTcmFrNx{~TM)y--?f&(9z* zwW1%+p)0X_aClf^qP)R1dvQus*k?5b-6b5GBE`UamTXu{Ynqzf{c~z1C?O0=3Y=ba zU6>YlLyO&ojl^bEz>zf0Z-aph;+jGCI9*N#-_} z*}nwEtGFn9s9xy*c+Xc5>8Ux&l_D#XqWtGXqvS4=Rpp~s>4nh#U8MVew!(o118)Q@ z?8l?cO8B`^z=EFr$A=CUc=!{$t^|Y)-rZJVRql6fX4dE<{e{^Cm(${wza%EfPg z{c1XjH3nXEl#BNU?ss@i+PL2?xi6W^KV!jk=Y7q0$V~PAIt>`q|9g-9%!S9kak_Pu znPgl-4eaqQHLvgALZnMv`ZxLXzrI_FdGpfWZ+sqTru1H!X^Zh6(i+sn|7RVB z{(T1iPg*KG|LslOUO=0rtN7>5T~DB8!mQso;Mct>PL+;QLM)?=yF!t5o#uWz%5@rc znSX}&4L%D)d>y};F_LI-slP2TF@bi5Co1gz;#3%3{ z+E_gKe-i~UQL?i;fOx@#@o8#%SQlVf$Si;#xg?p{o&4dQgv4Ia>liP+ZpEZe6-Qv8vDDd?e#+9zX zuZ}@$l9G~tG6N-*xR>^#)F#1@d%>ht?ycs%NF><>j#I#|$=Yaul*{~9@g)=qf}$`9 zT{m}kusREcP>LEC+AXwPMtPP2^>i{M6qIFTjz6`%sg@lX^F?tK&D{V52BH#x`R_M9 zEM!s)XLok|$12a^OnhK?1toz|pDwXYTThP+x)5-1G_(16eWgV~`TVqo8xKswus#?u znHX@8qQf_m*0k5L%zGhB z_nz878wbdG?e6XZGwCM+U2rT8IM;7(f%)5l;%wJp7s6`M;9L9rd1iIB+PRTe%ICB9 zPFSj{q(XZh*r$bpeAfnqN6S}0yk;vQF|r=^7lCOSF^x9-lj_gAX9xZ#R{-BE2`kCmZ})T}34w&&6X z`0~Qbo8tb4$7#xrRDK&_kFYRvdP)m6nU5AI<})Ey21>>zB+QfvO~|e zzgD>ju%b1F(2a<(=2?|W>FMcH2fPbiQ8}-Ar>mU;GucV>)JoXgd}D!03y>FmOzpe= zUt#WsY0dfB)w|orU#xDLxAJ!Lg2HauT34#&yoea+^!kv4fSGw0e9$*i+= zOy-maoB?9E$UYe|zq763_1_JRM~gOXzMHJ|wlR%P3&bs8snf0;t7=#-nU<|OIc9#- zb5$13HT~*uBN4#%J9S!8``gva8o|V-wvk0;l1~zC*VV+t==ndV7a}>R0?Fnnp$8lX zsOaSeJz)@EhlDJ{f$sYd;i8Rbf%(pOaQdh~30-cV2^r1fbtCM1Pe*fIYk`iKqZK{& zRiFiLT%1x4c$}Ldk_;j-$!($}=lve>MsEA911OfJ8v~F^C}V_xA6T{KcD#Z}!L{@V z+=wl`;QIF{`Q)Gz$mudVF~N|nOMvsljFgbfbvHzur;mPUXviKk|F5Q|7~s%*UB#l) zqV4Kh3w{WOnv*F|CqgL2z+VD}^xvCm4SoF9i``>aXWB_a3^d_`rh>{X=hg=Et3k1= zKxI6_xkG%LaL8#oo*2784ZO!du2ql^6?8cAo+O9%ZGW#41mZ(e zBq4_-b82k+LZx7h~^Nyt?|Zr z+Acih9G0nk?w-Kj9%|Lc^B37~hn1C;fzYZ1zS#mDKbT0oa@HJRn892_t6X!D#e!m* zqWm^eUVgO_nC#CYIyGFpj~)%_UrH5=OpUE;Z?|rlc?4Y@!h|29X=(yEAs``%2?^0E zdg!2Yc9<3q$iT20!K@xfMnVEeMs7?Nklk=+r)~2T1vnS{YHyR_;`VVdZ~fdQ#;m`N zdIDJ(m_dL6OZ2?V1?3tBrN)ONc@HZdKObLVioExfAD3(1I3e?2}lYrvAG2@%1Px0)AAD%k-46Xk6qt5v9#DL-M`5E*pr zt&WJtu^(>Kxr6Zr&fjGq;(#zGVl;mSjwJA3>Wf`5ViiUNcm2rh>FI&gZKzU?@y`{}mGFIGwGCoM(C$Kmsl`nu&8OGU7<42JL5JX%g@yA9zF#;(rS1@4U`ExgN#1iGh(XiIpVS%^2;ta+?#8`3NKUp@#5QI*(t>N?d zY-u+2>W-^V_&XARDJ%FrymcLu*c@Xk13zzL!<+?45=jfKXIdlYW<{?!Inm%q0=V1n zgj)xiKXix|$}oy6DP=+ki{n*K=8UqB_pf+fDnz+Tjm2!{cOIi86p{=XIdWQK03DEa zzx@84_rb~Y+|Gf=mb$wAyG8@b{3T5x&3%Tu86jy_dVAaZ6iJ5|b8pXQHtjB*omH-{ zpG_X8I3MpiL--e@ezn>&?6LJL0%3SGubBfnnq#jOfoTfVVNusFu%taqueaU~R?4A7 zy#HvnBar;4y}A9-;bux{5?H*Vg?VJ&2|o@sL`Y@I@PCoZC@bl0yVkEi*{)u!aTst- z`N9Y9ef@z&gKx|tG)ZDP`r2JUK}kte5s@IOKF;FU8~hxKPg<)p z3SHw-gRfaI%#!@FFjN&ksDyJ&SV>9u#PNvwdVA{+=4rH@MFhq^Wi=b8MIbaMYN{*z zn5!Gx&A7@XdFj@UW4nVa|JlNLB{s=eWvGX}7!ijTI~YO_C5R_G-E};gfzM|6S!Hz46R&qmGDW0DYEkR`vo2_ZGE#cSUk$@J2_*&~ zl|L!B;UYFK=~Jt8fmS?#<4pN#;OgzppKfdnI4-L6vvfL0?Z z(!9q%wFr7=rC2)|M2cOEHnEQG6{DgJ3dQ2?Hv?Jn6B_~#(Si$UEd*I8Z(SFyGAc3_ z9QpZlvKV6oz23#!=LsSOcl}mVlN}%brAwE98BVe2O(^EK$nG7-%W_xxL{DE)aNYiG zG&|xV0hbj<_x$;b`S#eyc$K!x<6{#O>su+01=ikT5OqRee>JUWVjZ23`ug)360T}N zu*`#ef^B(Omru+4HQu!s)+JM;LzWOvgM5uafA(UR#tXRQ@GO6$?Dto$V;S!1W<7Y} z^}*9KhRd3UgX3k2l=W(VvAy;-cvcBjhrwP3WEfS__I&63%nW}J(NNjj>4k-0b+Loz z>w9~*eX>RRG9gYxosBX~I66A!L(NE?_cA2ato9TSXVcDu=ey)Zd|~Uy%TN*MU2qp4 zKdp4h51%15Ee+C#VEnvKm28S?C(NQ_!2pX4|u9{kTOWf`T& z-*Kr2&RD^Vv&CT3lRQM=J4#VbQ)_GVQ=Lo|`tzmbTrd;Yf-2*VcGJR4wZcjVs0Yee>f9?==bkO&tiko!h zO->2;txweEa&GgEl=$(xF=;j4l|xy@OcRS6uC!IpRjdB#f6p0o4aC;t6FpA{9m*uA z%z>I%8h3qBsU7*6?Qr=KkSuqoM7;w8YwWlCp-hA;p&Twnu*sbt^!x%HnNDFNU@hL? zKddA#s{8A8rou+;sEBRo_5drS)M&zHc|sXzwWQPR?x2XlTb2Z(1{yjn{xOF}$XKVm z3E^nnf8QL$&N$6{Gqip&i|mBX1NuY$7l+RGJTgr&`-JZ#mqGpBTPcUPcZX8U+}cu_ zCiK6bj%o+l6scHl$1rbFF1w8tMG@HD0fJg*qztCh8T+RlF}ircmfv=WR4cnL>IJ2$ z$tLY!0!P}Sf5C%js)_0MisTP2_wBLRC|glm;RgXqyPvqHeNGJ}a7mrz7d#ZF7GOMic(V^1LYt;a6G^uHlXQX?%fZgPFN=wJ5tdZX{fm-gX zl4OPy#acXcJGMAKbM7I7rd|epnL09F)EP2tuHz?~q4wQV0&oWRoLSEL%7W39@iZ9F z0W^4Ctoc-ZFe7Kf(4hZ*t z9<`5I==GrSO*MtSCF(YYo@`hBj!XO5olr!$C*RpAkYIaiL_INsc5>k~vRM$A5_$Mb zD2No2Xe-d;a=0f;vSIax!st!n@3yY3AXwYLr+7o5>!al%sIQ>y z0yG+c2TTnyyZ-Mz*AhsED23?+$5=@EPHyJR7}Z^L5Ml(81c^khJ_c_XZ5uaj_D^NA z+TBjx5m)8yXpT+BbGt`h;R4q0e8!w%)!#P6ekIiGdTeYgP!7Mo7~C0?^Dxq?++V0M zn4W`SRg(L}W}@WEs_kvMta`2c$%natOOZWphsVdF(LB|}OGZ9pJB<20`*VGiDEj%)(L-(;9P|n(v`ECn#qhqvf*t z05C(!>cMwdjwcRV0~OVHs$8V&?${HZ&F$mWM&fTVz$VKN@_!3^g<#^LHS1i_o4*|P z|BJo142yDa`-KMtrIc=wlx`3dX-7~H>28#e?k*7!1VltYKm|b*L>fdIrIeIzknZlB zeU5A0&sz8Wti7LizaQRD?;OX{CCprN#XrvY#oM=UL)w0pDO$$qoq+yzLfb}=!5}3* zjeZ2PWzbGnm<8!4SB7UdPxNgrN+Prrt}WkM+C zIZRb`+av!G)}Cq*#Ro z?*iT;r1ii;|Dt`k?d7wV`x;=n#BT-fMXm2296FIECh7udLr5%I<8YB>`VWk{Jx=sL zL)2y8K8t9AI+@b#+Z+>cZ_C}7CF%C8e*m=ZTEHnL`o=~^M%s>5Qj4B!Kj_+=;ev&0 zVR;#lLw$9R1Gq`T!>mAXp6TW|DD}sRe#tkv8FqP9tF3xZ?95?0662e>zOMncdBD;9J z(NsqxY$c5Z%od<_4gd#So>KUQ%|zz9Ed~r;49GY#L4_86J>qIG67G=T+obdd&|EaM zX=%9h*Je2dkA4zW;3dK7^xE3AfHUoG##a{>7T6~5TAfo-xCt60eV>fd!IG(ZxIkUN z|HsRur1w5PujL8pUrYK~w2urzkNGl_WXgD^(-eBkmo;ys0sV2Vs{-%P&~er6sujJe z!RFD?*U35;MZ2dUuL zbYbs`bq_-tES(M@VZp_veAKX;yGmP_S!W z+^pd7ZnQQUDQ|nTTz?K#sPs@!eQ{!Ai);VEohM(()8%kOz6B?k5jHGV`Ruk{TX8ip zkI;76}aep$W6E9w?>>JS+Wa^&gKbHf1x^p!SGd8=VuA>VpagtznP~`|qr(!IzKiXeQfQkS) zz7|VItj&kZ&kd$OaO*OQ`}5UAXS`2xGaEQs8>>RC@+=!Z3`B8WQoH>lnsRHyvl77c z+F5GP&=d^5mo*5&Cj}uy5GvfPNFcReK<(&fsEtGA$rxLEYkfFo#63K*%!#=%6-J1P~U7M+35xp8Sx3uq5AltE)GKkw)b#|mv zC-)o_Pu4N=t-oPxu;>0a3c=lqlDehku@k;M@7vz!@iklL5#RzlKSkSXp^l!1G#5X; z_CMYa@AMk;+cV@ngc&gcFd0x>vow2HR;IOZDt0}>eP!f_+YId$`{|{n?4#?*yL0W> z(TZaJ;_Z{6pCFVQT7cw^dQ!mK|j=>n9S^#?xVa)ZsO24CnuKv>kOWC?Be zR|477r7wciaNpL{)VPbSc$H5OfQf<=sgcneP}I*KH(Rm>m_Fauj~^UR0;Ab(uZ8N~ zX3d5W`bc{ez;@ZF~xl~(s6Pft%_!hvREZ(Sd>$ZL|6 z=4=A5Jf)m&zNG8kSjyncs>2rr3+cymLFOmJT@o+|6JQW>ryfz&MMhG3uYJ_`2o0cL zzZeeJa9%b@JXE8%{P}3@bQWU%W#xo~jxYUI!tlg}UcH4Z_T=35l*PUiXs#$|^3ITj zzXA$!+vwiwrYX01Ds!Fo{Ct`b*E@G2=VxwEwy{t|EcHdb6mU6&?(d}0HRtKf@N)@| z4A*ye`%Z5c0bm29KJY=&7B2*v4M1MsUG-VZH7Y8EzPUxcvPOwsuWEYQ(axGSQFNVr zOu}0t>TG%TLSEMj=1J@`KQ%8 zyZT4~{e1wqc+T}3FenL~y^i;tfTwJ4SV2+NDh2Xh1NsF81&RUt#JB|>{x?SnJG;AW zRx7XFlZ(DmDI6XK$;N4^UG~97e%HpPcU353hLa-~Nqtr)q~Fum+M~5>;#K#n7FA7xx~N z9qlZS)7PB{2@6kyC4==iIS$rJ`j8W_(*=;z%agVn<-p5s2zS<-W0zxgM&y=>ZX zc|st)sk(P*<@Dq%_e+$Lwe{D$2cY}}DB4!zS&&EyFgT3u^we4Kq?Yo3wfdmYH2v&A zkw}Q?%Pzyz$B%V968{f4eYNmEZjU+70B|W_Oj>UDVJWAuDkTcWRp9h^H{mix9fd zpG{o}1=?V%uF#n?kI>XZ`fAkIbv~hgho^6D^6(P_fsR37gLh8>QihLcUIGm;Eui%!u)$8$?%sX6t84_+D#%4UtK>bV>&KuR{FGY4;%BXgBx*V0vSPL0 z`mcv-S)e%p*(vm+UR3%vD=dlRjE;;%@&vZEpkLip;{gyB`5PbUL-ne8*>mDsUT>j! z3#e?w2h0TZeyNBk=?1ymZ^7XZ8TxKahJdoH=f>oVAKhe6g6!2bG6#`cci8yqV61`7W023 z9z0k3lIR@XM2!bw$1LC|mmjIHzY=gM-;Ear3h!07#o`IuDJj|x!>`1&v_1=y4Vyeg zw^+=mLd^%y2%NL-BVbMgD0i9f0p6-&;ch}C$hEgMH?uNX&ZSjsdP{{lIy+ncOr4k) z=!BXsL7ng60zgT{tK4@uG4HKGVThE3WZUSDqEEHMS~YZ*9p#aL9k}`EnPNs^wcjBz zaZ1PD-X65$)W`k(Am#M+^P}X|<9DuSA6-Iz@~Z>^ybQ?4MqGix3Lt!lRvX$&up7KR z$?C`?if+x7ngEK^XL~(nwSt3#16Bf9N~dN&X=eAqAXFeRbZLGxTl%f&6Shr%^=M{i z=g2l-u>6l!_TXdX<>eywUH3s7cVzVDT$35LdGiqz4NnJknE&_A%JgtcD-pbwx7zP-D zyb4Fr)XZPN_^7=#{#c%R6 z)YhBd1Tj7-nlX&0Ee}Zf$N}6x#-h=eU09@^FpzQH{sAPcPqr+aTZ3 z?%I{Z;%v1hw;8Bpg8@>RwwTB29i%E<+Lv^JzmW8wqj)Lg`+cqax%eaW^Pv{7e?%!BI5QrAYU}9eH(Ummu|wst z;%&gT=Agsjr*(zj6HR)B(*}b#&58r`7atRXKrQq-n%AQrJB$@yV`O9mkP8RL0j$&= zQb%U+;LV)ADqV0(DYDCW6No)Uptry3APKoPFe9bx`g2pYou34LnSWt<9hqz|?~pC6Kp&B}AShyx3!O?K{73g!a3Wko4r_?4pQ>oZd4p^B{u+ zqz$}a!U+2I_xEdG=ZPbK4{6(qD6T3df~PpT-Wz7&88ig+Q^)g2{yAg}E09qRu1*)x?oYF}U9;_l}O z>Ae)l|GICrsoIpT;)-4tSL=#ikgbe?a!_#>dInyA_C=6pH@Ya%6m)8rMK6g!eCB{g zL0za6dVPk3Nc?zeLNVUg2c4JZ=)0_O#x-+kPnHPjkC5i4(ut75*dpu?9xf(kmUmsz zb3|>%vMHk>{UM{9?=^C-6}|z20L-7%R0bv*A&WaD)|%n4wE$!|zIn4m>VbBahVyVP z9y{k&9l*}R*%=upfX?*Or&KE^Y3PAnsn7KH7~rQ)lk}E41k@p{d;nAQ$@VE_)NHSl zH#C-kZUQ$4$UmNyFt#H>%KhlY8ForoA5}TyMwtDK^0fCL`QHM;>Q4vG$o3caILJ%g7`1+Ec`e zmD{;@e#d0-H`{{?Z=+|S8^!kT!~u~{3D5A%Ir5Q=MbLmOE6aNmau0S^sNCE^k0t{Q zy9&vR$1>y9*n1}c@I3zJK;ayqEx^gM;#HbEihnddtE6A-@|14tHvIEwk5;8I*=5~4 zugWR5aRlk>dklaWh3aY8@2vB9(PaAP_b9P2A68UUOe_sOE&@(MHk4XS(A8Hol@pk1 zHUXg6G?N8k1>orEuMYnWM?d3S`ANU@^y{Oek>Zq;wJ%O7z*tetP&54E_%Io?yHw$D zuH!3R84n(_ zGRq3YPGA8-qzH@!W->hRYmy51ikXm5qcK|JP_v8IJ#eF7$O?>J(0dmUU6^8^d29s= zuF%Hn=JiFLzH}Zm0*Ok`&e9=cM2UTOQbi8Si*(q3oJoBp13=yg$}~=Zpp9r4^>L*a zaK5@1k7T;$zx*Y!Q^J#9>nI{0_S_5f0^!^mg5irvTD<`jm) zHML&*>l33D*k_DD`|w~k85=k{tBZ?^D=UDTUn&E$EoDYFrj;8S3eK?hnK(_~5&qn# zn9eJltWwTBKd$GC-XO?G=UkuOV%gl;$$<I1D%Q$(ATtvG0Sdmm;*BqRyjrP&b|cX$enD@&oQ zCP9BN*w1H=QR=h9y8NRu`4ec@e^Q04yvCHIb7x5uOi0FnPKI{V1N{)sx@albL_xBk z=XC2U>;tH(9pI`F$EdJh7eV~NIc=*s|wq4-WTF z)w`b!AtLwDeA)qajv;b9l(fv*bpPsIiSZERsItO zY+-7E&BpKi;?Aq?Yj#7Q4>nu)2&AC-@CW0d+*|^qWyrMUS4Ds+8el%@Z@+HMw&8jF zO+dV2FkIlAk)gQr{(4N8w+8Xta-tAuVifN!)zby9w%ym@JfZreSLO{YyzN}^u5y>7 z_I_if_#dY(iX%Hq08*@}&PQhTF2Z=qF(~`!TY3npV^hYGQeS&}-JtET?<*;DpbPv@ zh=$1H6Jd*41zNmLXO+{`?Dhkp!otER-mTWeB2bL%!*@@-N!iBd2r?rQenXKEXy7L^ zo+=!__@Pd)rfBo^&kG+Nh*$bOQPJ1!6mcG5a{W$9ca-U=;DAJ?=*X%S*3+lLZI`r zrsPvYZY>&!zH&FlI2Fyen!RsX^S!m)ZEH58C7~nby72&ifxCap?}`%zRGa{6&pOc7 z_8NrIOvAjwzdY!=OH_48NG!m|CTyLdv%F({L|yR-BVS%ANth)KIvAv?_VyIfe8K`n zMt}$x`rjkMt%u4>vgq3A{FD)E#3~Ft+x2g zb0FUSO!K#bI{@aNX(E~kIKej{pQ(GV{Xc&f_=N8N2ipJZzWyhF;r~|P{?Ft5r(NQI z0`1XntM!I4lzYDd3_* z{par$&0TiR9DYH+_m9_q8({x~$?=~bYxp%a^=R(>5T%rqu?8mM1?4M#1cEaa;CrjX zHDGZpA~$}XkZ`;-U@bXkytwfrln4hvlRttYrf;}hQ0KQb2HAVCORYIRR5UROTp{~m zh3XTz9tD6#$bLZFsnk8qw(t5M4gdrT*n!T!eJk~$n6a0c$$p*Z`FV=!Z!aj|d}`fs zu!0_Rf3O?=%yaD;c8RHcU!J};D#{xW5z?A)r|RIE0(0hnqvU=5{gbXseGNZ;c+EY1 zor!nE6xV!uXtVSyS`v)DGS4H}?_p|SAOd%Ka%eYJJjU&ZinBDcMNfRWUWg}fuwr*Pu?S^5K07%no7ai@Y**#Fp%(X16Od?3X-dhWjhCLB zK=}jq|KsBpkd|lz$r4#W&dWzr8-g|gYzlDeJ_n4S0z;NQ-XEmpH$=xWYwTAJA)$A{ z{ zItG+05HT@`IozW)(Xm)bbH$f(X}rT^4M-z^jX}~fHTe|vWt**Pa%G(U-WOaTVH#I@ zPQbneErdA$=s(zMjN{T;87N2xfcU+}NZ^1<5PPIS9Co%!$Pr{QLH!7p`ke1^N$SILqTSCX?lPw3Cz+^t>1J60o?&JR% zicUHzM4BS_f$hNnPtQ}y2xJ;yu16GZ{p5LPN~xg@LX4Eg{!WWM3%5zxILMv=r4fJy zAb8mJ^4iHnx;!b{o#yY~UkbW`lVwro)073H%u7|LJbP(IA37bEE;KZr#o7lU*wW;;uWsB3m~tR2+$(a>I)K1^XN#u(yC)5oukL z6ow^Rol?U`+-A%l?UT?ng}r~Y)Si-*w7dO44T(eosO8>nlk0NNTdyq(kbZ(f%Vj3| z6b0lvzeUA=X|!MA&aQa%FDda#4Gn&m-=J~jf5L$C7PiWX>Sk~b+^?EU9KezolQcqG z1mBYRBWNC%dt1(fxU-DL~Rf9Y#)P;LFC;@$oShCWf|1I$e#~j_l51DK_6} zX}8rEw|~@A&%A0l{>^%L-h#%zZ~ku9za!o`)0eL3Jz$mO0$ziY(^mm(ggL<(Sjfy* zy!6C~fm*Z=Oo|aMlH0js;xNAdH`3i*XM>{KHydDi{5zcdt*n@T!(s@{u0xdINclbaXh2-$xFqm`RSa-= zGJ1FH2J#Jdi3_#Op$QT-a0U;3xJLssXuYq)#skVy^K;B9L zAr3Hbh{0g43zxS}{;>?4B_EU!YHoe=&b0K|)?`BjbTXhmpN=m&wDXZzYbrTp9FTNP zy}g=QDvo^RWfi2VCMqUCQUviL9*`KILJv>7_ok>m_PU(wK(fBWnr&P&R*>GrldFFN z_Sn|fXa^ZM>c1(pU%f_M7Es)&Aha=9TO0V8@Y3Wu#ve;^U?FSl57q#Q%WT(uCg0(9 zc6N$7jCmjL3lKwpx8fEHm5@6DvEe^siEkjiyu8#u+=*+MG4?yrgfbND6@KfrU%&NT zj=2S}HA<|>>FHAdk}!e3 z>5T*T-a=cD8m$ceG9fIPbp@+48%0FCgmmKf zuV+kd9gGLmOoJ?k&Cg#^9a8jpXxMeb<=>!et^4KrFCDoiK%#G|F?#OJN9`xAYx^Zu z#EH+InG8zjH@qHu{;9Z_D*o%SLbi5|Kg3J{C+5^77ZB#rf7p0Y7-O^*(u~rw0m=t~ zxC=HZa?#X&P+JE#>0x(;hC*Ba>NNRid(g@4$-Gi?yx9VEq{#M#rKRB#n}jc4uDba9 z;vrOa$?&e#3H9#vExm_yD}kvZ1eTb{O#QjBs&gP7NY-!T-vriy%fpoS28Vc7x8v_; zWHjUx%xZ%*G+imk>;cU+#u4#T{k~{#F;J|)O`1q`a@5D$;q_JjSIK|_;YXZ@(TLD` ztnY~aJMcV68l(T`k5{b`pw0jF4}h3sqBnaq0CmC%Yvs}EbyYesegg0sUVz|HNYx)$DFDM*pX#Cq@6QP%kU*mqJ)tIb zah!Wf_cjOeXUjC?Ez^GJ>k(yXoGm(+kOc+BKf!tR$u{xK+k3GY4#|&ttn-x&=m2+q$G>9 zW9PC;*p-Gb=Hq$vaYAHi2hs5v!jb3;wmdPCsdJr}*&pS{v)7?_#Rh~m6j@^-aBfMM zs#^+9e}aCeZHm!{yDhKA3_%f=SFiY4$DEDv#`bpWj~~28IZzwa)q+y|0VYNrzgl>Y z>p^!{7m~>o_<~;o+*iA1z+J|>g*(sgx0&BLu;Pl~_gsGrUAH>{Z{T)zcQY%qPJvHK z)`!PzA93L8YIhf)_x@ygv;@k>`lY!LvxDv7&icAem3M{;%jU+$!Da-mc?~&0kU^`p zW+Hlr=6nStxzJvRZg~^(AVhZJjf4+45giXFT>}*(AhaN^>6n^Wv!jMKXZY za>b@s57dO$9jCO#is~1uNGK>~f5mB)Ie(93yNyH0iB<9tPbMT)M1?W)nX~KOs^Mq= z#b8!<*V1T6@LA=T`ygTC3y>TG0|U_Akc$jsO@k!p{hgD;DN|-)8YNwOZ50)jrn_{Z z7pUK>Wl`|zQF(~ByQ0r9rcOTKU?%};#csMxnX7jp~5=sSUMrJ>Oij7yrHHnhM~ly4_f zt3sGb(S!S6r<|(s>(bBn$Ln=n#DK}7+gk7#_xC`JodB&Bl!7YmzQ!rgS)QKm$v1tZ zFG{MSh#q1h?fL5RX!tzxez`}2C!5nj;S5tuK41dM^B{ZBPdA17Y>VfOH{xE$^F z!cK$(HatLyvc0<|3@n9A)y`;oiDqFD10$p1-#()kFtw#AA<~|GA4OYp11y5H{2B>hUyKtnMWWs?jJzSnH+EC^d;3OWs9Fa`k=Kk{Qr+!Fl=>obg2A^U}XJ% zM49I`a5%BHr~edKL2qRLHUa{zInMl(Z7iA(6!e#J#s6pPYPoC{`QR5hPxi&%a~gf+ z2wRM^sa!9xZnIBO2Ydhi$?re(12N{Ggx)0oub%|k)&6IZkn7S}&Hws6;xppRPjbS) z6;*3lO%UbZOdTm<2mJGuk4qJpYeGfwHx~=^ab29q7(0U<}cZleB$39 z{W}TCHW;C)QjpL6=)XS7FFXH@&_O+lhf4exF>$m!L9`CQe&p*(z*<0&JH0cXfVjn4 z$1L1jC!W!4L8_+0!swK~g`YqXEqxJfN)>NPHF-*(%@}WfrM{4$r4UKe#m`-UBv9lo zg<3@A>yKJ&p^Wc;Jr@i0ItYNzaMv-LQJHy;s0nko6cS|fTxucF&u>j=m}32skzdao z%4p_QPoyo*6gnYLPxL^CDZclaT%F&$R8Q^}N9>;X;#5!DuZ^dro&*BhA3bT}&8c&n zb^`Lw6%;&qw)NE#(o)y`4oh6ubH+}UqY zav?k+nM4UU)KyIfwHu}=Y?(N*OTYPP`n*#YKglG!c;8#qRM$+`OzCDw*wL4mOoNEB z52_DrYi7QpAJ?x-|7us5Xly;)p)wPC?(9iWS7<#+oJFnGMpP$Apjdz2m85_s{?^u} zT*^qka9vkRrmNZLE*x^i`71{6*A_CJN{$f@(oHb?nwhTXbBvwAj-TcF;V z*^efkD*iIl`8q-DbT^v#%b`vD$WLHKY(`C97uBTt^%g@xJsH6VXY4K_MZR;9WxBed zj9o-G2y@o3lA4YXr3C@m@Fx(1sR8EtAF#e=VQkDfnVW@)_cQKvq z#)9AO3h&Na;;d*S^K+&$k^`j7*I}N+LBhAL;kBc6hpb zdq=NmN=R&+5QOL2Y=V$AQtouJehpz_{P8?i)#MHqwQeS_3GuSc2X4rqF$emiZxUsE z*u6lZOobi%$g}@CLlD+#uh^csJ4NH0A&wDsA=9^>in-WkHDNfim&(|l6|R3X#gfU_ zj_o0}c!2%h;m|l6R5_=5lks-)4tkTGAi7P|F#^w9akAHH+i`yXsU35h zMY^Uk%tn}8ny7{fUx7)swiSmRtGF_&)>;Ysi^o~`4T5o5G=4@Y#Q5x@5EA21lte`9yiAa;1(|={Uq`vYAM{!gbu#O27A7c8s(*M3cf~tW=5&hM> zZd1ceQkzrsnhGb2c_+=3)$0vqWe4kfr^j?ho=uCs1M6tV_{)nr z5~*S#h*c37Ayh}auf7F^)iU8QU?P}I)Fdji6SX4wsysgB9Bz#tT6~)Q<7^Lyj*mM~ zBNNPz1LjHt_PR1!2*uY;O1l@T#_UUyqh@(DHDX={^TW5oMzSZI< z+YMQidHa&%$y8VibVf)-W+^!#HUfj_AvOa0=DWQL1cE8ZuS0nugLH`w3yFo{lZTIB zVE9QsYJf!)cvA&|fd%G<(g+oAW0?Vt>ZI*6g2+_kOVTnJjKOb)o(2{cdsfvU7{a(u z4=3m1$q0|)o(vq_Qog?6M~6&JP*%+J@O<`WpHQMK;O&>6N9T4}{Db|Y7$)N~FrSTa z>``ENn`1m1>&R29d=uQAofTs9kX?|mIwon14^w(gkBEoo5(2SPJ;Zkjb5eH0JHwd$ z(qx=Xr&P>Wn@$I3ew|9LezV^9U3?>P?`5$n)3Ufk zSdEF5yw*J3!}d}^O+8*2^;3GO>dgjt)KHw&UW-<=^r&!OJ04I*^(dcAE0+wv=FV;06k9zH7*@4HHFP9)}UTi)_cSqk!+3WQAiW1 zyk$UOaAJ{Z;NZz%QL!NS5ki83XTnT~&PuPg*!sn&2jUVV$QYQ27# z{WiqG7`QUQ-Wix0I1JK1xh`=V;I9WVE&FK8J>%f_6CJj+V0jdw$3KDxGF5TTi%HkXQ zAjxB4IcL42w>GL*<-R*IXl|^#^T4tj%**!~^z}n|@`9sgzTeop*N; zkn-w5Q+)oryVf_@KJYerhbhe@RdV-O&Yw$_&;14@TL0xHe+`@0EI%gd&*I;)*SfQ$wre|LFx(DKbmuknGVP215pYV2!26w{lzA^9(`NAEn& zLXj)9G-Jaf7k8);&zj;i%+MQ%604kaUPD67@r=)E*^##Y&iIqs50apm!={W`yM`KD zJNd?U`U*#Ua~<7F_ERL+K^%ze1fJGsom;z9{ml5~@bvgf#o3!oG1_PKY_fHjV}~@< zXJ09WVY;$xs=?`r3J7cnp(ZUQ4`ZV5Dk~eixbJOA?cvvKx74_9PG`X)tB;x}MWlY; z3fL)<8Wz0+dUX&)$d%0)nfwlWt9Cm=C^N z1rsXzlkf6AsOq8R)q*wOIr#4!;{E&gr|pC&I)vxA&p5q}AUtd)+Mv5V*QGX-0959- zQPwuB{D_Linp?{s7KHn02)_!a3OVUBwXADl#w?+i<(Tp=zEBO-VT>K>!T6v_)6q%B zg+2&e4tafr|Kt^Aztj2yOVKL{u)BTnV}tleY{O~qGZW5Ou5}h-yKu?=l6_wO8lhUL`A$r8)?$yYEJ%@>u2K zP_ekj-kOdJ>QXROVYem)$eXO~7l9X1Hp2*Yl9`dGB8KOr)S<z@=-SCI~S&!0tP9+ zT^g<2^P%fWLZQI*QGfbJlmcBD|7`A%}yVY@{BeNyo1&nS+F!`Cn105jDX|W}A_r1#n`Z5>2 z?bB^;BXQn1G}$}}W0&^E_fP!(%!(Ak&S`Rt2RBb}=G$l$+p7@0GzX zteQMdfrE>hQ#P*>8MKt0-#FI=+gFxK)Ys`}-hDcI64jxx8-2 zAx(;58-<9vPi}J}SoDiXni%n9_<%WPDHzl!>>r#`2QOP``}iHsP3Bmm&GfzTuaDgw4i*zC z2`2AN&+>iC`A$3LJ74Wn+H{v1J>b5t$h-LXtxm@8I|K%rnLg1|fq7_P+P3}mbEbI(>_sV&tYM=yz(5Y+fF$fgYo;W9E1 z<2l@PF_%^hS}YInF8q}8qm=uciQW%EawJ=UF_Ni&a3=0K=1q(&W{;I)-pVn_jq!dV zm64u25=KFc>uvZ#YT)J6xKmEjuIS38S;^cQH$6 zCb{Z(@-c~jj{%>86H$ec1zee{x5 z@1_M^Hx3qZK8p5|riMIF5rl0dCgBac^tdDuF(W(4&HB;=Or_vp27S}7UuEOPzejDq z;Hi8Yt0cIh5Qe$!d_mH4+-1~oeV@%t6RCAMQ1GI3LEzb6HfK@R>9`^G_O7yOIFb3{ zxNq^XM5~_ed=XGYgiaz7Bu{9Kb#*s%&qv$rb&xQddpd+T}p$ZE8HJ?Qf@@^JP=SmZa z=P3&}C4?Y&M1}9L9?M z2I2p!N^1Qfp)Z2?bX)m!d5RvjKgrhA*myb>aELnDhBrS z#43=^u*cF1x>=sUs`d@x%8Q*R$l506k_;JGfRzG38SM=@ili06VLn8 zkNxLwNNsf1tW}{(QLE#=2Q3idEcQ%3-V#Suuc1zFVjM;}_&yRi*;xR43dn^XWBfWj zGT!M-*`Js9KW0V;mEXmn4CC6dH@Z=R+8ph>pKv4KTd^96`)ifrG&Ns*(?CQ}AW@^+ zDtce2mzmqez$G?6^X{2`ej*9SB!hmw5y?BtEWgpAQrj%-$8{Qtr7QMtappTEDrlLb za(EsI96F2A<+;k2_D+Qn>sGZqGP5AVP4#hJA7cL4g~SOHUBJju!F-D_qPFh3vsYL@ z(i+pX7FpJ7(sCl*M zk8ifr9Jfe7Nc{AoIwTJ38KJ6{M zCz9M&RyK&Ppxi%+T%j*_^|f9#vsCqaTFHG&g_&RRcNmeZ6p3E_k+K>rqGi;_T3D)# z>ssG2Wo|ifyf9p&ycuX-ln^Ixv_p|>EDp3z?BREmTp?3&7JYXwsBh#+R?kH z-J##*m0xpF0x5?*AI5h4#`pAV4nQ9gBs-%64ip2fRQq8fXrdY&jvMo6ZNOU7f00e< z^JeJ{KE)NV*>oR7i$<3sa)* zHZCIHO4j-EZ6*c=S*hz-c$`F-DmYluOp)Ka@NGjGsH71x-Ulp1?;I?H7z&fSwc3Y1 zzHT$r{5U4o3xZjmwzLIz%}Pe77TD>f{Ez$iEFos52TmZ_6Rpx@L=-Z(lJW4{&Ls8a z7e%J~XBDarVr=YeS(UKYT{%JxKdcLXEZEkkkNat5Q6#GUWZ?{bB^Rn&(UR3CU{&f1 z&!FG(LPx+v`2{sPn)Vn@PUVj!JbAJD&qT*<=p~HW$9ZoXNFFR#KeqmWk*gfIn|2k8 zXkx4nKe&F8spjME$0#iv*CNbfOw-`Yn66s4N$4;~H0BGGa%5Gl4`hgl5s|9xhAnxx zw~6y>FbWce_?J5C5qI>ipAi$vXDvD_BM9Tj9-dWqTe+B#-NBb)qQYu<5l9=HUZ ztf7ujOF0gHEro>NyLfaOUv~KIcA!>jj!J8euGef;t$FvS9RIK^Ud=1~=kf<{i`hw` z=gUDXGl_cZaJRzeH`ZvcZ_ISZvgK8IO&-h{huPih6+8F}qOT8Ybjc)QJiij@BZyS; zEq!?cgCjPbP|Sg0C*nb0*wyg)15=-+2I4Rv&Jd;LBN%r#W&6yxzfPxRG>0T^QPySX zf7HACMx1}FFYq^BAj5A`Ogu7te7|TXE2oJTVyYbI!YMfVd!yr z&4-icuJQ(h!qwD#0v$&y8+E#owuR^+R?hDV_!rJ9xMlWsFJ$dr@jm}tR@I`; z0^etB|ANm!_}rUoHE;W)yfL?R!6;4u+c6!})gsbNL*K%vcyBem$i08LR1zN%u9@^Q zUFzO_Y|zE|pqx?;a5V&aQNHH*>zBH+gkkm`rIyXk(4dRuIjOuC;G&@{e!9P8gev!_ zoT5Y5&1$CT9E{yto9F}5)Uqy|Kd+>u)IbBt)zVuLtp`f(W)dR=xRV}LQbyJ929x9G z*7tpO_5yfOBiFk<%!=OG=q8)i92N5Wykr%!^RRK46D z-(SV7Fa1rCL7Fi7yx-7C33vD7Xj}aQ-ZMt+Li2+-{K{@_Ib{uRtM{rW-uM^?P_je` z2;{IB^73YcutE zawa&CsWdu*9v`Rqyf0TU!#4ut6P%k%C0JG&WTV9!#AhDjG(X3&iXFJ~*wJOFzL~}^ z4rgBD@h5LP7e0<#RgJ#SrmPdtZD`D_4fC9`8(?iDI%AiJ zc>R9yzK`o$elgWn=j4v=3*!~2UCFNrL31eqroO&M`}^+5%DFL}xO8p6sUU76Wi%?3 zUy1)y%|`DaNB+`5tGwjq6ae#H8Y!7cg4kmbAPk!p;m$6}=w{?_4hdBJQc}Hq5pda8 z3m-Q1eCey-DcN;PIL?Tecpj+I69l2%ED3X}0~^s1@lPH4kK*GWFIAL?Dj9c#6Ek^^ z1$8^!xtV=EnWbNfueO$!PZ~eWa>Vcccz*?<$i!637|$7Uqw|_~9&=zB_j~DOW7^L2 zeazx_W^~|uF0noNX((o7Kl}{G4Q|~W%!FChVbxw-;S1~H2-h8}VdJ9#pXonRm`5 zXY}XFu_%4&m20PXmRnK&dF7&CHP!X2!ftWz6+`Q(Mor5TxlBJ5aN^jF_ON47WNLKZ zya79e;{)Tc@BdlN(luvpNspG)19=qrOVqvvomR(v0sA}%_RVACljV-FyEf0D za&tLD5~j}>Z?2ubJSQQYN(JqLuTsBq+y`SEzBjlZ@Hrfottxuz=?;Hltw^h(%1%Xht_m4ni=W@Y`T0ZzVb6xTgi*g#%4c*u`cuu8H3J$Sw+sx&A39M8-7ASHRWjs{Za;qaznFTfuqeCt zZTKD<>23t1I|P(&>FyTkmWCk)5Rp>4ySqcWm69I1ySww7=l6d%zT;pv*<0&g*L9{% zOI(u%TSX}BQ@8Q$LJ8{Ia?5^8ZR!tngan* zxSpNo%D8wr^oPWs)UJ5*@i=I<{e8{~a!~Q0V~fMT;OPUKoVf%_fYz&NqV{J6#&NYq z!=*~+++8NVBWfx18+N2#Qfi{5CDh)XL!+D;fx4w*swS*5xeJsc8SRg7wQz!0TyG}c zQsQ$NG*TXDA(kR-fwzrj(wq{)S}3KFO^{+k!lXtyyB_{dOa|4_u-CL12h@Vr;9$96 zBu#n)!l;>PIV9-4)|xBvHIV29#sGli%XkP|Iw>_&$)*km!t-ZO%IRO!X@MjFQboYV z1|qe-#cDYkLNdM1*y1V=-abzsYbyK)Umt3aRn!+<>SFPS!MRZZ(F*6uU~+)8<7H;c z!AW*?e0|hD`K|UpHQop3+Ze6R4wKUgv1_({gAQZgO}Se|F!kk)>q|3HFPiv6YlMiw zOMltOb3psU?4jnP{Y&#oL{JddnAHDUeILaTP{gQYbyF>OmKFlRP4o`DLe>rE7XG{N z$ek>ev}@dqt^3>iOwGIo+NB943YW9zN>YTt+}d*a5Tggs3k?J9+#_r|%FdOAUip1X#$@o3QwAx`#`d})k( zEjvhHFtRX>K;4NV5*m&Gy;dqOgVOS20^jJW;Uq#N>hhwC{>`h*e-zu z>wT=23(qGchlKGr_sJpL%+3_uJ>u~ag;Ds~=SVciV{U1m>WBNzj5)v~98t8fg2U3-5zH_RbYP z*G6vyxV?V*lvuUNUOFaB>At#B;pt!cxZkgXkWA(CA26%*A25segYiu=wySd4LOXdd ziJtX%a}OFE4=!$v)q*)F6&o9b$m7x&Yc%T_98F(C=FnSFKiL(CTlQPO?$Wh?!@$Ot z`40;=l@Zd#Pot(OW$rn3gkn;9jx1p`fBQWbQpe<;bn7_2!Bbq>7zJVa^+wL+bzsG+^h&Xw$-sqnuO zOETmAo`A!S9&egbmSaa52qHjQ_?>`iiU0c~&%OP-nLnZSs?<817M>G}o^)I5s6FVL zkPbWXU3ASBxzqeK3aT1y=o^?}2bW?ee9<S>y=BP?KY8a2o+%jIFM=(9iiJD_YTHkgBN+H2U%|}mLHf&J)P7JUn zFgJ@3`~dL|em8-m`SQcHu>{k@CdS^9`xuotVUiYQ+`*H+b-%CXOQgXJZX4rzhlAd7 zB7J*ItaSxGYMip$o{I`(2G{W2*9MVpFIhfg)&04g zYrud2B-{aRmB_3`2C_ejc-Z_EJoP@#;CB`KQZLcGB5M#wi|P%mb!Ez7^P=wCp^pFV z6WBy@4osGu*iW~{a1eAO1~8Wc6u;u=ACp-Z2gjR5zG308Go7T)!h+gSQeO$l@^QkE zno>aNLRX)5T34?Q`a1=cn+kW?J#=)Kh2!X};#he`Im*jJ!6Lt32Ttq~k;N@9UUY|s zh*2C5XLd;9=~r7(V<$<2TEkHGGMpY>!j^maH8Lq${|fwlc^I1Y>|6(*_-?}UJB#6% zcW2_jd@>chHI0WDA9dstJwzs(GL$@EfO8vbag@ab`~$rlwjN}5iDQ^5sdvi*x;pug zc_a*X5%P4I#UkoybZ{vzMVvB%BiKH8K`#f4vbCs1Gv@A-ku2~Th+l6b>3K|dEgclPu`w} zgmcQOXz4Jj+qVD}?`?1aPIX8}hpHJNcb{b*tg4lz*RWd2O_oK0re}(l$&CtKtfeTe z)v?L#$>Fy2_+nbSK_0Xf67uYzXRxelox_)^ir_BcKUx4pBgZ9Ju(7c;d3*DKI-j++YD$uRK-CzH5jGG#;;7u`FK;phr{X-{3i*Frgg+bcUh3o*3RIn-mFgSe z_t;uGR7_wA@j~j0R!P|Beb+>yDlWEAofC;jQpNnCw0@!O_Mc}nhp)GzwN>L>$RM_- z!SX?|D?*@7iI_rUyygT^PQb)2n%!Z8d!$S^xSMq;vvwi2!gfbW5cfoOEnmY2b+egT)EB3ENC^P;EEANlxh1UnxWiP#PC zV`@hNo@f0xCqBIm`Hz943w$$`dOVs?!|eF|O(5Qe9SNT?IuZSJUx@Qp;?Td=SDl`s zHPoH#jNc}L-oYko=C4pYHsjltSs0^U)A@?`y7u32cqhDi`BO3!3*%Sh(>Rvj9>Z&v z=snhJ_v^FK>g^~jlx9hwKw1jHI#ko(5Y7gj|8!yBZgH%htW=#}QUSMZy<=AF%cGGK zc=TD~e?7q;|+vKwAX=WKsVYHvU?<$l!6l|qai2=<$*o#MZ``XpF;&2Gth?zDT zrjnKiwCE@MjH-B!D~vA2EAhSzzT=GM4hI3CMw2IdC_Tpy!Yb?|!D@*Vx*mDU?hplVlU@doHtrKq)uMJ>Q05-Q-l(PMLlRsXV@wobm%0@58t1k|xewn*4#JJcz;a%u2q4U1D4CNx$VJE-Ci7%d% ztp%0zxmRwxG|@fIm)((d9md?pZMRy#U)_VN%5si-Kb<@d*9k@~n_ARqr8XYg#V5#{ z5x`$VGcGHp3)2qZD(VkV$FY6M(n5`I557q_{5`q$<>$1#y)j1W>3nGvP>XEu-?9Ego%G%Wd1s| zoQQG;Uq^<_Nu3LP(HSJp(=~obgIm4qUJmtqeJom))pJ;^eEHdvt^Urt>Qs;u$q15$ zmrcO5ai~?JriXzE%nk3uCMTwE4Nb9}j2NGvulYo{T=?Er@+Wzj#EaKp0jh2nDKzsP zc2`~FzG`p)EpzhLAJ>g2tv4b57C)uN7)KVFm)B#o3_p}s`RJGt>Tu(OoZ_Q?aqF|3 z>x2z;Zf3%JVr5|P5Lp^F7?B$4w#jRx*%>RaHn@jvql`v)QB(i8sgZ2 zXpu{vt5krPdKl(sKapLzQtU3wax)s{VE^YE!~dPN3M-G>7p%5ZljpK5it(l&Zd%)3Rlc$&0);VnX-4$G&KfZ#^pcNi<6Kx^k5kII9B;*ssZBU#u;Ob|t9zq)f zjwc3l7gyEX%{nH&E<_l6c*+lm@(2sX658g)@otOj^)EzwrfcFVpi7~Mb(LV+*b)vm zk}Q7_hulavDTVQU9`FzQa`h&7WCI#6{74Wi@O+9 zQDcK9;nOYLCA)qmlYeIX-VRXe%F|P$sO(TprQt~1idVu#s4~Q?ZW0k~v>HkHEb{fe z>c{*B{Te&bDG@oXn9ysYV71ST5_)br_Qbb^IT0Oz!@zDjUu+K#()=`6VgZph%C(O` zkt7RkVvmmlV?3YBa`2ypwiC9$bDEtu^G@g;b6*9>Rzy|?o91mO-*&p~&;TD~%d_kS zF;M6hNgH&&r)8+w_x{K?LK6dsM=l(rJU757UB}U4>;#RafM;Tg$RqHZng1g&khAQe;W;Q&^Ri+a_scl>M)caN?;OMP|UI7g6f-y5KH6G^XTSfjCUtrp38V*qCYQ5FQfVHcY5%mN1 zw-5?66l8o$LVyqefu!(ZVpl+YS^-7sn=Is;JRUBSk`xLGIqhASaUYL@DH2Rku=h3+ ztY?OZfDnU?6ODo+OHC6)KUrMyF#2w+-_9*g6E(xo0CI!fu}Qf&mnC9%lS$u+mHVH7 zoG*b<%p?sa2mAFp`+A-9a?KG^ZCIx7-TT39Z`?A;>G9;!+x_p+lw{s@EE8SH;^(RL zY0|XmsxqPNMq!R1frp1S*8|@#a}PA>at6El2@;bQMIK21j2bRSH5+*w$qdbsnytnv z$wUa!CSeC8_RC+)-DS?Ub`M(-O*;$(5LXH2Bi50_uNI}U1^wO;gt=DFUvmE#MoXPR^(}6<%-kz+>lr79*P!U-U*>1{jqyK`2L-4>!_9Y!#z3aW97bh^3$eg(W zK^&ufu3>o8EHRYcUTwJ*8IV`l6-dzeWk{PPYIJ1$=<8J2S-zzwRdAFe8EUH}sBza= zCup}k!Z)L_tJjdSWi~a0glV?hQ(2`&5>tvaHu43&I{%9a62?^@n*T2H8we5N$?RVN-ZJi>ASd??KnV#(`g<k!YV5$F2c}L^hH##*o`y)A-d~RGcLY~Z?|)^{NbYHvNe!X z<_)Rhf(Q|~<$kvI+8WOx%i70?g6@-(3;TTdMpu`y`%N~5%o^7ON0VNQ5vuw=TecH&0;kfJF#trOrbc+;twVC+C+dmjy*{ zrbMqbMDI0@Js5_WVRVq_L!Kxm;JNBID|!#xnqXr~9{Lo9Lv$?sMCS~8@s9Mw*Ls@3Dbm%R(<@~Pn0r+W z-`~|fG{~6i`V~zmV7#NI>0dsBJvXi}M+I;7%*)8w)8*0yBxe)#`c(?Ip>b=kH)zOjbUln^zI{U?ma!1izId-Gp zZtF+WF$F>dAkL1HugtT}6*=*ZEGJS{d{^XNeO<={wnXKezJs%0!;c+}0`1JkcOVsi>)41&x ztkmvW@SXz9P*kWa;_0a1Gd^&Z6QPmRsu2fNV;Hth3W1*+zJ@Lr;WD)mv-8B>FKJbX zdS6W6t(S+qkr*rm!&IzX224NVb6W-tLQKlj-!({@lEHkkq(YXpy93RxyYw9YDmsZ< zKY7Z36m&gVGQ8ZYwXkpNlSAnpQpOXZ1dM?{6^yoQo%e3LL5) zF1JrmtXezsq#hcp+ocD8#2d)Zd5BYL3 znQ}jm2`C;>D*T~m7rHH(C;?<$Nayuzz~g{K9t*LU{xK%jhUtkY{JmSWX&qc4ocb5;=I_G{&r;b?;Z z|5P594i-y1EG^O_@%zlBu&3Z#W#iYF-fkTtI+l132AFo>ZeqtspI5)&WBX6Zz7hlT<9VY3b-%myPcJuEuVZ>3)gX(YlY9tWrZkYOwFNIO8 z3X$gJO7vmB^DaX4wTB3n2fUqPmHG1cy2fyD?W327CFK0dAbK8ZU@VKHN_(Bd48U

fNg)rh@t3M0&0TRzM)A8P(w^4yz0CC~C~%p}s=Nl-tQi1=XTXl_r^aYzl# zXnE?n%x@?J4y)JZ?iZRYxIH)0Rv&ufJWooRZe2uY=9n#25A<*TqUU#4t-=f3%BQq- zF$3>UeU6XtOeSQoe0DV5&o>O~R#H!&ZK9z*8B-Q|T=u!R6k>4Y9}vfAN7j4J&yi~M zCt1cCm_2_gb6_@RqJHEoaGp97ep{~1o|=AHMmr;^K7bB{T?{bGzJAHC$ni%mGtjAk z<*Evl>AW5OMNXELS)lr3S$lsYo>qW3*3iE6DRY6G_ju_@|9q1@8kfNw$li=%kxxTP zqm}MJY?MZ4>|hm2D3>?`On*e>&~%umLK-CN@*}XEyg!-0Jz-1ztr4e)&HxcHY=^zC3o`f;-P5L>b_I2|dBW%9NeF zsfCk|6K)1ZDP$o4?MQxwnfcCPjVqg8LI^yhFjd&#=cyKhrM?j$TawK2o%TF9v4Fi8 zyA3G^gCJWeHh+i-KTQ|F&X`*xK>>-21?w!>yIj-jUd87Wve94G$2IK~bBqY}dWw3f zWCA9O>y<`x*29nyc7mUax+RmtDRli_P`jMc~BlLUsQ9$G^4QEXM4@*Y%cec(>IG}{xBU7&UgDShW z&vjetVWmfZVtr_zZ@MsiVFM+*W;KLmfi6J`Co+;Zo~!k^ZQMU2BE|2sXebFFnQpUs zUHJK;vFfL0nH}1=1r_ctCkWzEGF+>uC9A>HNzlCQ!$yeXQWbQFHvaHH^yPN$}Lsp94rN`Zv4ux&xWS{YL0zytcihS9V4}yn9B-Dm^}3mCAGtnDPVWu>|K*GweVi}5Oqbc z6E%v&S+w;Vn)R0Y{7Rh_Fwix6)ok|qTaoQOPE~?iIwgKhxL5}|>e-({)+xT4EdtJY zd_YK7!59J%0CrdAd|D9Y+Wb~*5pAvx^CXod*AkLrs8C+C_a3x$R}(5Q<00pCAwf#Q zU+)h<#F?BWZJ3TYwxTGIZ!-g4%ug#~ndKPiswKJI`WMwVC!=eW9J3TzpKIL&mYLG* zJ70pSnDX+s@x`KR!C_^OdlF<_+xPXhnl*}sAV9j+HKvw^vByJhQ>Q~ET>Hqej(P78 z9i2n(>lvU5tyG6qQ(ff|eOjF+FF8-JLK2sM4-esZ<_7sxR_pqq62X&e>`6oSq$0qJ zl^RQILNhZj+9EIGF$epJ))CT7gMSh~X*1S|M*|Wmx2252mjoYg9NEPsWCz}QY_N3KbBX`~2zBaD_HS`R9^5aHvN>@amnL#34vXL zpJbTeAZxVHZd!g3OXZ{D69J#S!+`TW3}1c}@iom*N6wBbz;yaSat--Ulcv?5IM%&3 z{x{6(j4TAsWA!fX405bNv|;Sw&{?AfwNzS&I-0j2Vnd9JY!f}D(8CpfmT@bmdHFV7 z9i}*9&-WR@D|VQvdSX75wi9aPsnAd-~s<0$qWxMs z#|v@Zc{iR$l|}PV2q=>&joxa-axS0utO9iv-onr#9wOOrX(`iaypyvEmwYhX zM>s9()Ob}58+DEc_Z#C*;44MpC(r{fvVg12Tu$YQ9kPV2% zYpG|xo=klKd;Hcku|ubZ8`aE_7}Q)In2?)(BNva`-&*wI7CUUbI^fz_#=VTX378HB z^6?(}3gY{|qaLT3Bg&SuL2p}IkEXSKqzF|JIiIc_`xVJsoSGGI(&y(%5SL^iNt9*m zM#|YI{)6_8H#ndjJJ3ou$+-&lhU6}0Qn%(ASHx&Egjp4SKbhxq_n}_nj=T5c)w`mf ztv(6i@3xTUouN%t^RlQewK}jcja#EIv7zQ`AlT$Z8rPx8F5tPgzuhafy6eAuq_kCr zFIRvNLICq0u2rcz>J%7m*lo2|QW9rqNmvcqXhw6n8gd82>4@SaX#I*@LaD}K{#uMo zA%oE*7fc^r*+BZh$9QEo?Ha8^P?!4nVcF%MO5ywIg4$Lo#{ro?BCb1oD6B-;e}Aq} zEKE%mja7aXBg9>o3aOl}yaKZ2My@}J6_v`OyjNFyY1Tl)3+GCZ`9I{ zTh_&DBK0^|rh|WN^(qtp%}qdpB5BO6W#Yad;#{YX+aYxKub&@V{Tsj4KG-%zrdsw* z*Mp%)B;3I4LhU_VJ#t0tzzx zyq9stZ7jK`0@^q(fiYuL99$e}buN*Ak!c+C#?OU)O8?y80c=kD@~%>hz;y7#{N}q; zVO8%^Iw(%cRkRH)zV_N@*LU7(WOYZN)ZD=SUh7wK9*bUU(jqS;iH|SvB|G1%D~tk3fUqc9*Wf8`n6r0i?tLP zV8x}3`n%~vU$Kt@njo|5evRLl z==nw}KU`Y275No}9%WQjRbbQ-c1*R^$;uk(1#2i9!$0S~b=3UyUSFN2)<{F951q6t z&nqw%92VOLs)hhO*}%=lFGQd3zaYT3Vln(6BwDeEVx0FuperiM@tSyaMRMIBF#rXq zrE*X>ZAJ%yP#^#{7ZA{7@ZywI&u3s-C(=ygD->fWwnrSdI?k1ZWfCl z-8Ck+N_2Aeg*qxhOFrwZp_2^Ce5;w}9{wF(E{?mBz0GVS05+VHH6HFX0ti?UdPye{ zzNql9Fz{$m)dJDtBO0GA6Mef7m{}nx-(0dz0ZfgmqnYOSPuq2DZayvv)D;nnO^Z-uJ^nR__QO(b=1EF& zmDCWIWQAI%m&eWnJHk!57Y;4{@#xA;g3)B29+$>kjj{=3CLE)smT@sm?|sx~s{Y}s zpg+zHkcT{&XJ87JiXva|0c$}J3*dz+v7iF^3A7VS>mz10rG=S{d@~(mqUytsCqB+bFF-`frZffhC=lWt@baxNMk?L>8F#1 z-}*j(e!tJ(aW=R1ceK&&Q(Q!wNZJl9H01`UZk=&ynSh)$J8nXnr^yVoL+0)a&}0|s zWnStpZ@%6ITV$Dc$0o6&#?E|)`>sWvP7#NN4y@b@8Gh`Lvo95@F&R)zH;?K;*@!i6!^})$83`a4^~9?OdX89 zMh8{z4QI!Hki?wUhjXhEul1BxmDGC`u^yj#V5N`})23}X((|U(CfL6CY*pYOU0`{X zahiI+@RrRNNSRlM6-nA6gp^kXh%#@FvfrG4>QOUJAy7N z)N7OWqmdju)*-8D69Y2ODf)(OYom=8NM0edMAcDxt=5`{KnBAR{~2v;`Rp@94vmv z9u{b`Vk+a|m__ctEct27cXO+Zo@bmep1<4+^2Oi|bE-c88>m!0v-P#F&Y&CB4o zE9c{jxJT)C3$rtq5zRXJ8KE6-sCtw&gB+m)e;x27p_ZHdMat~pg-_B+)`f^`)T##|h+~saH3T=m+)Ym$zXJm= zN8cj?QQkdbDRnp-##8U>Lt1AM6PrsQnNBlE=^H zPqticsrSv{Z8^FYN-i9%8^V2_rfp1#-wltkP*FCLbJeRdO9r#8cozU5DJri}P3Q=@ zq3(<9%pCY`{zf@y8?K&kg*#BQEEHP^RkXfce%^TOGy~!nZBAS(7*`}+W zWYNh|#oK7dSnZ>z{|V2|faGwGO>lG%Mk8a%=|@c@vyNKL=-)Pcep4&4yvT2ZZp)oj zoh(ip2ZDO7-9TT(g2syN(+)jI2sPhGU?Uh;8d;W(TqTTh^FXnrl-*@mKELD)n;@bRY_dQd&U&PQxdtcJln-}LNu6)nufDQV0YsOV^%#J? z8PBo7sB-ZJa|Ks2;zxS9C@ofw`3BA~dHf_0XiW-ie*3fuV7J*NnV!5n5h(hxr9DWlZ>jABN6w{#oAH}=~lcg5ok?q49m*2V1aYyEMvzv;zZ z=JMY~JcLzam#Ff6y5e#ItIU6=BrxyE`p@~4k_OU%Gt4B}Vm`TQgo=qrIu+JTu3H6| zLyA`}x+^m&J`Lqsg1m)esBtQ)Um-j44`Aq13J>9$j?nd7_WhZ-nouhr%V=!F)d{{G zAAb?-c z_QP|#Z?_PbZfvI!Q?G2dw~6BJ>%Om?9nzH)x$?c7omHWDS2dRuJVcvXXUo^F2(ffw zL9kBKlPK1VRW3U6lhH--{+icSd$!W4F6#XIez1Aoj<$JnhV+7Fo&NT{ml|nLtp!h9 zu~Y~*tH~U#LnQ0i-_|X7c@jD!mDGohtxR_mO5iu^W&UZR%T-|Bt$o&`6IPbN&9%DX z8zTmt7D;Txo;S&w|Hao0B!1@Bq8PN~sQ-l35j5H&@5cVEifGm&c`3q;+mqw#S8U*C zY99DH^WDSV<;y*0{ja@u480{p&k<>=WQ2;Sb{To}&z>v+x8Fo3wnstWwX%zZl|$Zg zrw*}`3C0s8>|Df8Fz0~gMs{5{6_Y~Fagu0^N4osLx;l@%gJPj!nc>Ul5N?f19mt6f zUB^`}PME3$3OlxV^xCqmN+t^)G6>S>;{aNSZ3^2@tw}xjz$MIYzFzI0wttN+c8mY# zWNGQ%!<}*PBWJJ~6?P2vlR%=POI3^Vub)tW>fh03QmUMfUx*@4nlN5TPYjx0q* zk=v~T$5fqLedb?3|B;De0i+hHkdu8u6p(XoOS004>kd>}^{8r~(9mtCx^qDd$!zRs zo~IN9(x0o+6y`%N>*m4G@3UoUb#|~qG^j{Dk|#2yf_qDh+@&gAi9+7uV}4%Mx^jihq-8T5CqGl&-$r_PyW~*iZ|Tnf5a;1Slg=-io6$0u zfxSM<1^0GBlS+S@aHxc}Zz_poTaA&W9LLO%Dx)4<%DzuVlPhq>Uf=$4wcU2wyCBtK zfordag*{^v11&_B+km&@sy;VbC(983!qY?ZhtU-iJ^Fx@YvBLdLWU^p;Yyq z<ugh1l9c1yAzO(J0so150(=5@& zsSYzH|EK-ki9<%rMCfaa)YZ6`UYo$bhKuj`rlR(1{lf`&Sn6leufr^Zfc#nzgQS9onbb%`IqHD_F5K!tliue zn2wz@vZc?lg;YKh*X!hUEK$H@Jh#67L=cDk*Jr|~cqF1xL5!qKg0kK#D|(ke%cyQ8 zws%daoQ{qq?|lu6VG)B^UTB%qFWrev6wp&R#;k;ZmdIeDjt)+-ZVg2@y*8c>p?={P zd`qR;-x8)JhK4ueq#!D}s`isbSCg2omz_fI%xf48zre_@UG5BTBWZ{Di-jiSDCIpj znzy{Ls*{R}-tV7Nfb(v~W>IgZ3HYW$vZ0`~sW3JQm!GkO2b+@x{eKUT!N6VjgaU_R z=j3RM%-kEY>An{sn%@@kh|w@!%q*ys_U<#?$i6 zsejI04}Z9m@tY*iiOPPg)x6V}oFhq5!}~?c{mm^L*Q=#XfBrwM9nLrzI@9EyL1p6+ zYWZE)J`|@r8}ntJKA?8^F@A;ql4WU5SR; zH$C(-pCdG$iQqB6{k*xNfFoS0F51{}zK-2ly4~!5&ZQQACj|dRqYO=H9%cIi@mx*-@!6qSVQfcMZ?}Qb! zhe-_zVz>T?n~ud7$i!&c$#K{&hM}@NbaKl`?lmO*DG@bL`4G(!;agG!A}u3WlxkX3 z*f<#$OTo11CtP+p|DI39$?*%Kor;w4+iu1xA%B@2BsPF6cvJblWi|vn%W|5y9A1iZ zA@;U@hJK;SjYLM1rF~TT8{)7Sqdn6eVoI(4Sclhom&YCR6$aze#_<~%KOi z*1Jg1;rise5+lBSn=7AdU7KP2vd2lxROI5#G4t&EDOG)v{*}-kJlnj-u`kLq)M8dC z|J(+=o5@GaxsM6V8zO(UJybgRo`s+ zYWMy+^Q1{Tec#MI-?b=jMEQ*u!jS?>{EL zIQ`erBpx;9De^iv`WEx0&+1b2QS~N=spBa>-~qDontH_>F#YVt1oPCree6#$X&YYQ zk&2?{6P(OUnlWy05t|=%_@(dNBQ|uaq#-|X<5Z&M-I4qjLNz*KMX+W<|BWtI(|)s zITa7B*j~!E6i%z!PE{_(M$QQ9$+6_?h=3mANLaG$f7(Z<_wqIv7Si@?ePo&PQGb--a_UauggW>^g?GME%Ve$t7W|{Eym(K z#IOE_{S85u_``2*L$HC{Y#9PtEfb(?M<5@&U@?{Vt}0+4&+kPcz&$~~!TqqsXRg9> z82~DI{pQItICUte2@puUfRjVP5&pNJ=b!wM!q-br^AXYo#uda#u-<2a?czmS75c$Z zgb0c7?6%vZU?Orw3F0;uFFVT7h7*Pa<36Gjm)nJlFaZ6}DYBZ35ZcfX%ASkQ(uMqM zgsY11U}QsYYn^^Ue;*6N-i@IZ?vydI9Bbw=eQ23cb&7hj+E?4k`H@)tx)tdH)!32L zf>s2N8NsOIUUU1xbTs@6sI;PFIgz%K&m+2Vi?y3WJvBSL)_2n4#R}sjEZ>03khtwp zS|cOKj7@CpWw!c1LnI=;5t=@F`l;?xQ;Y<(sKofm0Xu||tt6|lj0|{)IhB`hgIUo# z!=oh_q^ZG>o@}W;9h#QI%7X_C`LJO~bafDo`@y_2%lQSIdj)E}G@J%=-8G(rxZKNn6Ty9!xUHcaDte>{4cSx{0lO!v3VQ2Z~dHHc2pun+jl}W6fyVU zWsW>}i~|>bQ)X;2adf;p4sFF68zKje)LM7FPk3*jlJC@R$ek<`d$7 zH$^lQL9y5R>Yl$CGo^9Ah0OAH+H`^Yb@1kGW|9K-8l0iNb|Z=Kvx(rVQR6_?LL3wq z0f55>e(C^*^?JK zELmWoUK#sKAlWnje!nu2^!H^S7Ee}Hn;e`Hnd8mE#kjNoFjqjAS9L@lJ_WD3mwQuV zKEAB;B#({q2+|WuL`zfi{yVy9$79G8sgeIk;6u+AvWNfh>#&Xcr;9Ra1vd!dQ1y~o z+Ih8+w@TrgR9~`RiELC|d8hThb$+;xrx$68rIvwxxwZnI2_L0j>AS`8Ql{V2q@c0r z4c%|AA?;EO7b^pLR%joCZHB{QsB%_1JDm4h36#vQ6jvw@(zaz22l&$;`|LSSm20bt6 zT5REnO?eBI$HX&wy#2l({-sG0ND*H>%vl!JtYBMU{MJO)siYh!Bka zP==FX0n<4bmY*W6Uhy%xZf{UlT`t`ke-+QTHA>JnBd)ULi`u{;*L(GZ^4|xhnB)l3 zAEv0~G}XQ}@@sQ=YjT#zB@kH>PR{7Bn|BKo9>*kI_`aZHX2x5)Ab^4~!FlJqUITzuYOxD9lcLtB z3<}U>5{u5sN(EN=6#{h6IM^{Eu)%-}fypMdDTn${b#Aung?J#*s8yU;T^4?>wE2R0 zHv;CKN=XtGE(h&O-@ZHxaCz0*3(n7KBFd&^dD|*Y7B{5AwYK|JKJ8;)=(LeP10tua6(pb?iDXM`)Ar`l|)FBcy@Vv>3pf{ z_59S?BumO!OhXgsGWE7zEDadI{*p1OikOdcl&qC1NXkR^3BhEt@p~v&I!@;?U0p$!aypm zy{~@tqtlfg)wDCP|J{pP6rj&M{saKjhpJ^D1{CJteC`zh>^`*T>-mF2u!;a}Q=RER zT$HK~0A#EoF?NMVCqvIO^m19RRhCaO$R-tX-@3eGZ=)UD>cZmq(r=-J!3SU>rHKh3 zr-r%Fy=eeYKX}(2<*bql0H949*geU$u+%GM*tBayLvV7s=K+m?2!L|sYWlJqA8Vi6 zir%0UsuhO6caL0jv(<|i=hpb53+M)%TZ1SFK?K5en$20r#biaUy!WeJ#O}ygUQsWMPKR@=VWv|cgc;ls@E6N#SMvdJip%$qQb|Cn-WhPFy zMgYDE01k|Wq8*Y%g%HBZL1R7q<+)vNxc9;5zw*^3=Wdfkd8>l43Ko*FDXlc{x&`Q~ z-l140Lpa+@M^*;C&CX(yuuBrdv1eLYc2fYyVJX0i^#2DpV7#wN!^$O5k*GiWN&?O{^ z=4F+mH7b%!2Qwf*Git>Jvn;b?(rSqjNCSYv~-gkUte0mFJ@v{j*1S`=1zCCi_(NyYoLS_QZqga#v^Ed_0rwMqa6$GwJi zIa`aq@Z{ZE0p+f6t;Af#;82R7NGXLJ01_2Su~}#V0DJFN*cOe94^J9l;t zlum_-`t|RbI52?p77V|OEpFCjpPZ!@_eEoZqca@Ou)q6YA4j^a4=}YRu=Q^Ktu%6i;@YQA6XZ`VK{qY+p zY8Ubi^g6!gqexeZZYXZ$Yv<8um=^%V=m8yxL^hQuKyNgpP`GM*T1jBCFS?{@QZXSo zS1gr3gbaluRgS^5oUVfOa`<+fw$f#N?JdA2(TNV;h1@Fu0$}gFXCm>zuaYAuXH&N> zt)u|6OG~2H7N9Raf1r04Rl1zByjaYmIDBfGz@gUZTzf&z=bY0ii5hH`OTsDzh@>RFA~!M0;^%jw$p^ z2_Pt1{No(@MSvl{_&{ZN^htK@!g~7`Xf$_@IveKwfB)C$Un=v#v zkxy(hGlCfaII32m%Ywl#i78H`18Fs}I@SHx70KX9wOa1v)acNbj4wtli+~1zwojXl zDl7=lyLZ)V2k&|63tt-iOxNo&^u1y}_>QqJwTRgXz{)`8YjnrZ&DBsD$h%d(IGp6Q zq1vSjvs7tTu^3ZPJs z%pHffJ@@P-RK`+RnaHlvtm~b3&OQ0nWv}C0Ux-vN@KuRI6=dgx?y1I9H32DOZv*k7bDA#nrAK3bP=HBr4cMS1L)>_+qK6hBApp$HFWGWKzuv697Pj z`O*xhMOsPR?3E=bQ5q#&Zw=S18{D>1u(9Np4J|!eUaP#Z0|GRV63>A>)8H_Ny)7Dx z&4avNSfwji2Uoh%dnOBj1Uo9NR{vv#N|tTnF_wIH!3249G@G340)Pi&RY)@9=8J*R zKwDzZh!O};7E>3hq=H^y1$voO2O4&75u#d48+M7xTs39RW?0Xcfr@-BC+)H*+NG(j z_Lc~AoI$O6DO*z=3Qn@%pqIFHML(?_xaUlF7@*&?4!r&iB%DE62C^2vK7DY1bH3K7 zO;2^4=(-ebse6#jPtFz-8X(P*REI=`YAtQgcmM3>UAhY5!D#ey^{kIbsE}ERkbR(LBW1?Wg5^3qTp$?ksV!7u+Gj{yMC74=a>5D^3cptbPC_lhD#6Cj-Q zrw*Ef-z>g;NFS_2b6k&K;!6PViS8#CKe=1)TBrIP*&IBY1q+TSKu02xO(kx-*l3Ul zxT4))o_dqmgj^`ge5r-80}H`hbe)inX2ry=Q2^*=xuQ@wxV8Xot+C{TXBYaSqjSMC z_Hxh-C56^YE^)`1nkj6y{K!IP?WjZ}dE?BVPhFZV3s-p6vlwR2%Tku*YG}lCFLhF@ z`}eb%P={h}I!}g^qUHO)J2X<8E7O`ODzzo?bVX3SH1T2x-f=$yx-81wwK)Jlr9H2H zzckh+Dugoc1`7aWtR*J9{GmFC>Y2m#4!-;-$|&%oNw?#)E7#}ODj^IQp%N)YBEBr; zrVMpY&sEYe=P(0+4rkiWu1w%&-K@OFNf+rtOSl(nbNm@1J?w#coAB1HdxX_1c%E%sZSGL50;KpfhNr%>ZB) zhK-*uI{8eIbU9&Pa6Ug5nlmmd+T8>SG!we);(BUv*VD2P#u59zVVK` z50KUdR}r9h?j3v4?O*v_&*WDO(OE4sitEj6+3T&+6g_uc;^{oe+e>6si(U<^eg#o} zVaA!W#ZZ)<3ZKYbneU2 zxljhuhSEwU4+{pwP@IMXcfI*FS5Akl#Uc+10PcI^tGfH%fhfIOTcS8w>bR|qN;C&S z5LVz8ougTqsxHM;VZj0UO1o8}jmm0S%`Q=yGb%bxD{+X|h(vOQZ@ViMRo^yRzvnFr z*Fv#?GNzaRz>=SHw$thY06SN%@XgOdGB~cD?2KLVLmGWEDMxpVj$~!st5pD58w@2w?k zEsj@c!4Ez-asNXH0RTuT6a+yDC99e#HSwYVZP06LoM>QQbY1Qh5dlDY{}0^pz+F}2 z0U-EL4D>Z_U!roe{&Z)v*+8h7h1CyTEWXJuvRl9FX2=;xkv4JU-sU8YJWvnPWThg_-CH+ z&%{=DD-%!|@PJ71?iqWyrA>dLZw$D0Y9 z>m}$LB!ITEE~f}rxS~P|0|0Oc%lsv$eSN~6-CpesZ);pQHwyq$d6u?XsGzEgGwo*Y zk+(ingEUXEFqP#3v@4gWGZMHAiiJ=_7@nIQ9=AH^iXus@D$3=tgr?_7(kkb*1prjW z0+U+)Q0%YUQS5MnmH2rqgvpW#QMeG%O+b0mE&jiIBZ>`3miO_6r= zn7-yQN4M3fnuE`CJq7@+kXG8WcT9eI*~g03{5f@pwR+K^7+2VeW!h~UNzYy0>;Mg| zwO(Ptk&vT>ILaNnM_ZyiQ<~|#>leO7gfN^I&7tb#rMZ#`oDmGeX&Gj(PrNI;-8sr~ zue@93i}S}Ho!$M8oez%G5_j>*6D%}sl8W|?JnwW$y)#_sWcArrHqtFs)|ZbLzdPG$ zTa#xd^=k!S5`^ze?YgIa5^xN;YpBe9W5tKGTWvw52;>IxoBgeK*8cD>+cwJ*$CYX} zGu7UIaCB_f_OE~82>_VRlT-&n*2I(DwA(J06@vx>X1%C#AucixrWwkTRUI7wSjF1t zT0QlQ&Ed-I^tFeDw31Yf(Ar^d~$QGme6 zfei*@v@yDF%Jc2Y;Pn%gC~?B#nF5(qO3}&o9nFi|-dfY8A+}3J*nmd)*7f$Is`g2C zS-634r|sZtyq&MJ#e8x340dqg)?6npp+V186rYcsrUZ<%Rdip^;6}@;OQ973$K$z{l^~8-0RcEF#Wa%OFIV`!YH@0nio?bO#W&xf@A`n(21mGA`7=6_fQ8qAMj4qy4(1Jp|Ciy{I$qyyGRQnoiEu?|@DHR{o&bHJoz-XNvmGH*9YQ3tu2FhOi=_0vT%QEaaA6!5d5D@^V+p{@(n?a4%hfS$wWZMQbmy$C0tjg%9+u}~1ji~5stVBcDy%T9WHRUrLpiN`W0G(f z6ta~fL*h%$IRE6hy0ytRs3!2HzA^HRUZXiEbT z&`V_*OMawb0XAEJRtjl_LS&@i1#{18v#w0HNU1qgUGycd*3-hehAFCzO5W+tle9`L zHjJPD%=H?ob=#dwn6UI#WL9D1!k=%uWABN_U+n4jnes+)d%jZ^ehelJ4SOHL%*ENp zeY+aD<0VIVVC?Lv&PaVt3tA>^iA`wbb{l~=;&b0uenmu&??(hMl~i-JmbP0E7Kre8h z7B}X%oe8d6g0jk&0EXBa$||WauRAvj?Y;`3;t*KpV zk9kgpwN>EqR{Olv_cdEG2>~e8{pocm%kEOq_IP*C#N3y!I@U>GK@qkpD5I3I73~tm z)~a%0=_`OW(&E5DFrcyIJer}MJB^y+$rs(|F_SKdxelP!^;>X^*%=vFKbR}+p3E&9 z*0j-vLI&-@wG7Wn*n7u=`7;54mRfMA&N0Hdi4ROSu<8n&o5s$^5U5F~#7)TQQV zIosH^_{D;4Dzn|7caPM3B~Nsy)GIU7ojjOSUrCeL+ow!gX$q=0sES`qUFgwT=}h`j z=q(Kn_(B+BWt6sQf=dKw#YOHFLZEdB&^ep29YbeMTm}GVn?z!*DN9$dY1)!i+S|}G zb>jK3;FRs1&%Ii<``~=LlIl=7@T&9O23+`5+i6WoWzLcbmF+djHRr4=0MPZiJ>Lm+ zn#$8=yIZf7wMM3lG3d2xmDN2JnH}c#T&Mv+DY}mBUg)tl$}HRCB7#C~XLcRE<9T%- zWhWBxgEDbtv^L&+t7BcWzE)2c1!yl?f^~r?m2(OJfJz|~iir12iE@KOo<@(#IME!g zw7}sVV_-U7rKt`8APk6r2qL{(IRzhtIj9)J6^TUpyz`?E9sjFSGw0jSeDP%P;p_kH z2@bEs2<4X)jX*$N7yvHu*C>Gm4Gsoe8qpXH!54nM zG=m$4^Pqz-mH3v^I-l%q!nLW%w0C(qUtU{)2Bnb$03<31C=fu9#b@%m&eK{I04DbD z_-5-)ZInVudH%HDb>Cg1gNJdVh21(&(JDbe00<$J1KWF>!_|97FG+wZb#=840F9x_ za8`nVCRPwevZ66kn>qZUG99(jRUu#MPAO%e;Fdgo_p${F(9q-oLR&LFttOq2W!k3| z3jpK$_v}1&6abFB_P%5H-=UP&6kOrEPVKn&0Z(b70@Lyc=-jK0(>B$q3dKN>>ATMrxP3m2PKs0rtSqe0_A-E_gsAF5i`I&<{0J*mQaczLvd+A@|fTjLzyA z=FOzY>Q`)9vr1YsZrIG*ENwKaBWZDH`i~|r%-lc$imrR@`00CwubP4}I6m>zi;I6A z@n0RC{7PAP0Jwbo_^t~N1Hk1=^YxkUKHJ_|^A`udd-=&ncUI=RvukBj>|8jvz587* zyX}xNYUDCs=rVWQd&h;w>i{XJv}#UMcwRvb{9EQL4RUk89P=)zOaEurm9nddH0 z&#k+nOCZu|l9`ZHtBsN7xAOb<9oxTnsIk|)Yvk}<0C2ihw^;@NDoIoFsd7n{bf8wZ zWwlWOfC3Wnr6wk&ilCQqS+T^ z+Zz;*t~)n9cd?z0nt1>qWo*fpd{I&)WFl@Vsa5LjbS#t5n!&Zjyg z=@rqf1S8&wuxBdSS}2_)&JJbr|7Y(%!z4?x>p<{aGkemthf1wgY1P$L)e;S~L^m41 zf&ga;0>ecEgdjP)%Wm+S9m;RWnI)G)IV4DaAOM0SNP<0t22s@tt*W}T&Z^WRQiKi< zmrt7A{qa0xMrKAvMrL|N`l+v~Jlvm~+p}l#+4d6%gFI_ zM)}e#l7#JMXR_@rX(6q{R+!3MF<)}RoQz%H1<*+>N2JQO05}hRy8771v+k-$3t|Sb zP7_vAp!nFQ18s@8t%L@;I=_oIMOsKp*p4lhnR$eXVl5E|W%v3vsj}7ai(Mz+$+$A; z1=ZmqfXJx4iXylI8h~Dsr!k3>AXP(yUiI-$cNf!=U$B!#WJxlYT6xB9nS) zZ8|P{)Db$2-~#BRDv6R2za49l#!117{hTY5tw;wm6Q^4Pkt*iQ++^Tq)sP&;umDIU zR)mZYSb$rJb;-VOTdu8zV~KR>nl(j(<54BlR^Cp$yf;6ETBqvOsnIb2uF{#75rDy= z!uI!nB!T6MSS|_Dnh6~SJe4%!Web*LTaGd?TCdnE3Pr|PvK!p6INhZd={Q-QXSL2{ zS2w!Uwh#msfMC{!Brh8al2b@K(o!cWfV_$v--TD*;x;079nqcE%1-Eb-O8s%XswaP z%Jg))r#|}Vu*qft&!qqwedi>CTR_9NfEWx)V-B z)m?O!S%;#$P^{xv3u*M0!cj&;3||N*21}%3$8{%TJ7*=fZ39rl`)1=jaD2jS4M^>@ z-myfQ0+ul6)4c~UZBweTlFIL-mMu-Wl55+Gq1HtFo9`U?z_zItTdq#xFmdEseHD$? zOOsX!L4r&a#%)(+64Sfi|D((#|j3Tbdt|Iw|_WDDdiRWeoo?W-tdqp-!^SuDtn0- zi|skCOl?HxemDKX7nVF`Kk+T7lItJArhQ?Qdp)SU!Ue@itEZRI88`YI9Z z05HlM_BxKcLnLjez_Z+}kvx^G7)ZpiA$$1Y4}ZHcXyJETiIua{T+V5=;zncztspLn zjD~ZSDOYlqZF`hRl_O4etC{iW9^f2+?e{;RtXNbFVx$~7iB=u}p=^a10>XA?;(W=D zT;Br_8Ar#V^t6voyE4hePDdFn>kfTA;qF6b`l0H%LU*S zaz(p)YYrl^y$G(KESgx-I3Z#`XLZ^MfH!8h-QRqrQ&4s(mlGjC%Jl%WQ)|HK2xZx> zJsIYYlxF})C6zFlLcP&R!fM|WPaJPLo>IlAeIlt=fz%M2#Ti49CMk_{B*)9=kT5kg zJ$k9k7q8oTK3e1#0k}4uujd{doc4=(V5XDEEvgwIFT_gjGLDi?EQ|Z^e_^_~%@T29 zN(05g;#81sZEJU5xv|CHn^07bY$6fYrzXXrZD^-a*zr9gBwD1Y&db2FasYf4+rG!r zQb_BKz^mv>?V>w&JRR6~&xbyIp=AkQ1XQa}uVcEA6fx$3@B-Ib}BPckvQwW8fPGLCPh z7n|-<(=;iuJ>TMPD&QrR5=tOdFk-nCq+rEq6vnh{V>#L^md)D@cTct%BGyCl(S8-qV zn6hm1EYQt`31Y(}2rys<5g8_cz)V0UG{XQf7)&HtcN1u$?*ZLMAAQ_b^sQbS48wx8 zPU2`fsqlRB8et2Q0C1GPyzTQ_c5ltz4^oxJ2@~1UwB}l~fn!-x*_I>IG)WUJEG2CJ zTFQp0m6vG262)u0M=81s zqE5_$2Xu9)5F2a!>_q^kJ(s`&;N%Jg6#_VadTM5-Eox_9tRLRzO-^>aG;F0|&`w>R zU-@iXWihrZUaL~QN?Ox6sKupe0=+q0)Io4LDIw+_uX2Xc**$%*e=Ja!sP z1t*F9Exx`gSLW$jMD9ZD_U=NRqh(|@>tsbTwA(blNO7g!f{DY0K<~E6o2YGbgn51q zfMq+LOyb(~crs-BzAt;lwau(|n;o<|v!N5S&1vc??bxbZaz>k_iW@3NwNf{yLd)|2 z>^{8bp}~oEYP+73v(i`#r3gUCPSt7)%MFaXbGsvIjnCpsWCvaJF@ zIIz|M;hB+oKIW|lQ3j$w4q2Vq+yU+qm4pix&}Z| za!wzpKK#+{472~f$NZz~=s!w_sp!twV`fJ*`W9hjUbwD$LmG!mvey>vD03(-skUDk z$UpL_1CQOO+#HEz8qi56s6{RS$M-5qPLd#%7s8>vxtT_6B~j!mT`0MZ zTpj_#ETq)J6?)kuU^3ksUYk=})asxJV0dfwNVVosp!__5PGUuuPrg1qyvo34JTNpp zqbq}cSghm#xP^jYQLy7i;%&926K}X+M_Zg)v)P%Onrp@?4cbW<%tfy2S(#d~BjRi^ zvJeZ~ONCFI0@xM2s4l+1aqvFt#YX7VLdT>*kY*mxauos^V1hFp{(&O-Q9lC8vV5GO0zWG^sR3vXMp$VkKCTkzmQ1U<6n&OJWIgU+^}NvD$qu zsEPYpDeNq^3frpEvJ|B;Pd(X;kGHcVr0zkG7lpKEEa5KjTHq&7wZAO^t35C9Xm zJN6KO%bmio(~?fnHz|NPj2g@H5N1lvYrMy$vYU?7mL-!!=ZpE~ya@92z&B zshAy+WU=j`QJutcfw{QOkEmP&S`WAaN2bZliyle4t4Jl{&D12^M? z^Mzc|iCQ!erAn{aA3Q^9bfhH!cWB#7vm=j)6H*ur_*SZf1W=D`L(=xVvKyUm6tiF4 zd2s6s@%u+`R{43GE~96v6(d0SFrH60a6N)tlXO>Vc3}GKIRhNYjqsUOH`MXw=5-W$D*V*RU3o9y_~oC zJs(@0#F_}5#PY(HtF-N?>TpT>?VOBAS@pKFJJ%x117Me`+9Y#PWx#cOl@#qHU-0H? zowsI39v?Ud%k892!D=Mr0tnev;fyujvd2%AQ zM*NQBImVd0l>kt}WJptX_Ef$?&p1;7@mv=-ORlg*Lc?RQgSQX@L4io<5hQ4b7EG^Y&!VUp>~}hvT5*3<4+=z02*wP^@8eLd!<9kW#{=QP^3Mq3-p`p?e!m0FG%+Tib`N zmejKJzz6fzc#tlVf1Orm+I9v3>39xxmGwCZI-*jK9Y0(~Ko_mhFXkPuRU97jo%$T$ zt2CgToz#Rjr)G3Yozx=0Q*-TjTO7ufVpJ>_ zt>px?J^jw9+>^OD-NwtzZ&4UK)>_R$NxLyi`vJJcVoa$@+lee>>u=CW{@kG#IHMEQj+pqy!V3z zF&9q&^~(qITn8);j>iXGV}|Q50+^a?XDj9CXl>j6i|-@@QPL?6wmX1Yg@9&eIMNiY zKp_m$YSoHcv6U@pPQI8DSG~9ySq^pCe*lvmKi}$V%j9I}7mGkGU&=Q?6*p?f)`*H0 zgR~sKjN0jB`>@x}TS+eOb~@dzkt>#9cTBiaYr93&g1$r+3wP1ozB*VGeyC@YrSjRO z!E(WytS6cQ+m;4met~8|yn^~Cog~r!Sv4P zXj9(#+q%|wlHQs8=EbS zWhnq|A)l9vtXFX2MUL9r#dU*>aVA zj1opO0T3iCBwFSUlx7rCQWk(_?9?L*z*NVvOxQFziTPtH!cM9LC&_X{i{n|ol{z93 zw&#nelXQ7=H|Gwx;iaGyq$-YYkbsVLY$Sjh4_d+~$H^QFJ(Vh33~nh6`9V|XEZ6fz zw7*!(6QM*--Y(-aP zWCW)%-vI)eR`Y-kJ7GO?GL?|=me*=FIS!`d(w1Sb`p}0ek9;ilw&q0#zivpc{}lQZlRPb zyRkBnmToo0T86NNkYua*WRzcGuU{wVznq-8GOn*X(o=(t%@5}hsy;gab;q= zw&U43D+M5li5Y;>twV%EBJGT#Qt?Vhav<3j(XQz5Yb?*= zZUZJk&`RA}=yaOPa=jKrn<_hp9{JGmr?N(GqLIy+ijg!vF-T)66p)wab?_$ z)#QcAnZQ+8)Gv<1n3!~8hU+ioo9|-uWdL*I)Adtt0hm5{d~fu!cm7YCb1R?z%!Lb& zZJlk*wvNsW6F~^Eg6bt^0tB&3A<`&F73p|av5^V5lby@Sq-e(sSh|_npB+bOrm)jB zdw3KIw*bKM^Enw5?Wmn9N`rV_^SZ`^l(brjrH~d?$8r`|3h5U->cpLJvg0q`c=&O< zWu?ufa#DV=P_}|7jLP<+$jv9UUd%7PUZ-;d%T zwH6jQhhk}asmd3uI16G(Q=7$Q6dI2B(!Xxi~^K74ezMaSmin*@=y#Yue zS7b!EZ6Ic%ehS|{`sh)tg;93d{n^47e$@NXKa=}2RaJUV+*jWNdV`S~!aO-Ub^cQ6 z@FVs^pYw5Me5`xKotbRxI5L|&{4jZ?VKWmg@#`wamrv1=txioD4WMiX6MS$to$oZ8 zr~L=^->>RoXykn#Q6_4PU!J=#3ShGB<{NDQ7U{%D0)ye{?hdTeXs14g@B6?&G%6E5 z9UQ(7F9S%TBur%4l5wH|6v{<*Z-C<~UHtmO7SER2awIx{op%r{b)v4FJ$c=tnzOZ? zd)tMrm5EEU(o(iqg+f*H5*!KwCTe0p3YL_Tv;j;9Zqd!A@Pz4ue>_xq|GtIen^DUb`Sk29u^)X1!yzfqmt=pu7MB z@Kh?4ELAJ;+O^25+OADW0DEXlwcWftoeqxpL9tqDnp`QGC_B+iTyVnES57xU=URk# zbFNj(yL<9i)w~m&bdozT*wd8witzS0*2ZARQ$K*Q*SA)uf*GE?I5xPiT-*8KL(Z8? zV{KF2e(B6{0L_zcM0-A#*XK9E%wS2gtI)(09BGuTv|V&{TR?>H2D}hS7|SAnmiC?K zV#SNe%_(SK#jfuN%aU%uNf?T9su8!FL4G%YW?~n^#g2OVVzz&M;mQ-3Nzyi3OpT&F z=$DE)B#ua=?Kp;Al^8$@Cei?O*lM^t@-pz#8G%wO_57eypRSL~(s02!*>=nI+1awA zSy=Ts%5y$%2io@INRnv49kiQBqR^@oOJ3^400fK{cFs!LGxdplKA#VGZ3J|u6U%vyDE*Nh;_6uR%@q^6>;qB;13Q;k!n+qtX3mjN9PIK!Hjerz%As9 zR;LY^RHt&;h$bZko3InkS#~9xsD}nzyP3_&&FNZUD4e<2^}qhmmNWIVxU?!|H!76! zF+4k&>9&8XU00T2TACFQz|`@#tUZs(v6uJQVyu}ED7pB~sQ;wZX%))oNLNa^yD%qA z!oqH9PlZiSY0tMIrI8=0NUEKq6y{dyqy9V$pwa2*%r3ztyL`ybJMHS zB2kR!=yL$J7dpi)6(L})$b8F8K-Frd&1qIT)RK&DX?x4I>e!`PEd2svPbIF>CT!1o zhk&=r0|oLIpRHwDS$qlGd7DFDSz#(o(5U%4yAL$Txvg49N=0eGGL?~m%NJ$^Vf#am zgd*o8bF+<3&2k2XSTHpf*{LRgK$M(#8bHB{ z{k&%&WXs>}HAK<|faSpuaXScX+q>eqgq<)DQqEs2O=OhQ)PA$r8MnVE>eU1tFXQCD=4nK_gEWiSyjAeb`s;7mxk zD;^AhAu@qsFoOhO0FVJB7=~F$z$_$P;Y?AOz{Wsi+DTvm28bCCI93YkYe3&TG?ctU zJU$WiJ)ryOqX$tE#Rt@bd+c48>j;Fj2%<9@swexq|zw46Q_&FPs}KjSP->^_g?snpC~8SoWukad*ZuDB8_r0jynBC0c{iC^M+p_H z?N=)kmu8h^t?I+OE#IDK_y7bfqvHm<+ns6X)Cj9m@nbtFJ5hdMplnA$t zL2TH`iB1GKG8IzDT&XM?$J*6>gN`&|QLt003ULX90juHUilc$=w%Yl@=w!WGXx#9l zh@;dhnrkp`WRiB8zx~6(b){O35cs|=Cnv{e#tR?ZI`IMkVyc}!W*|;vJFvOMq-V~# zKb^#8z>wQ6ipFJN&}rB?zsUtZ93{t@iw6e1AZZ51HUMgon`?KFarpi z?J4%GoOa>>ww&s?#ZCa=U}@U(57fd4HRS9xN=2s~ZXa$~c@K)>C~>81vc1D@nXuJ_ zSFDy2CjlU!Q?^}^H0zzFZO6v4&6@VvX_SVk++OH}vteC2OUH05a&}w;pb&?g%ZYXb zDAGA=c}_D@X1P;|g$T9}z_!FpY{kK~)Lj;cax!TvvEsM`Kv61Gw=TI-f!#3a{uY<) zXjPT)VLvDh6-;V`A7XYrohN8VEmwJh$St@Ov;mW*iM^bF7D@_}B-#?}I4X)#_9`CN zo82iQE?oTP!o?TgKDOc~N@gY=JX{Zp+u{q|M(#vA^KYl#z=|G5Kzi<#6o{hk-KMSj z!Q?AJ#J($A(&k+s8Em{oxk^g*Oz63-PO%ylNBLR^4{KQpTlPTjvJNv@KF4%-nSCLb>1rxndsHlAaxP zn$9qQNaWmj#LivYIf zJLQqm#8?f0>)U}aNu0LojWLs75bxJk-ZC8k!(J;lGLR9_GjUTXwU}TH_1~6>sI5k;GavVIj+I8b(%iD)4srvx2(59z`ei3qHpC{*Qh1 zad*KjIy>(le)CUGZN6J83HmFQ;v=s0QV>hQY$ydAFcBGm4Ky;Q8HT#a=>(Vo0tqk# zBm|fxL4t@NKq6bj!3Ho4!^|K9Hk_H<$$+_ADgl_MogoNBBme=*;&L2_cLHOHz6bQp zLX(hph{q?O9}V9}AH4H9m*&IRN#EX~Lo! zM$wMEypO3S062LUo%J23%lhJZ@1a&~=PB71U06p69yiG^1CUBuLSO0Vo1<1IE&`Ac zIt?1y*-1?nN>jdA$wf|BP%%WYAfo16JE$%O_{W`2!W0KlsT3@weX=x==L0rDkyC6_WwSvmMRWX~eIvZ{~AddmCDS=QSIZiNH@wRn1pV!lh zqtLGGzi(el#ExkjCqF*rm*!ge;e^0xl&qr}^LElz%3c*ZX+^hhus?p-`sl;XoT7Or z004jhNklYqP)5-bCA5X*5xSGI+zq-HBeJRW-o z-HYQBvlqe$)6fB01`;br_|yvv#eAhP2I&~A3NZV5Yyor|L3+|22un8ot@!KJ#r zqv8Yre3g1i6JXU&)JHz-wC9r9x{}l;i^JB`*xZi2r%sjMS5UDA(xA#^nMJPH>cz%VXNtyWIO3H(x#b;?e(?qod! zUR0^(6Y1N!0l?@a(kmo5L^gs-PLwNp(Nr^rYqzJ?SbjMA)}BK<{j@$aHnp&Xv?eEk zHEm^rhyeuc0C^0zUYVY54)4vUqA=5O23lcZB+eH+Cb?AeR}h!q#>Bj?9_zbPxpT=?_S)E`k8vU95ew`osM5AW(0J(T2y`rAm}8r z#JRlFZbbkB&ROvsfE+hPt_qw3aIu-Q=js4l5lhEC)7f$WZ3bCk@;(|nH8#E?zHn>4 zotRa^fo*9P+JV!kBOOo19s-(gE{~#2ETxY=`napG_pvRbZ%*_=P4-*ru&su4dT-um zHiikr3?_nRqWQ2YCI$-t21bGmSac6>ge*HN;1cb!)NV`t+FbKr&Gqiy_(LvSiv*dwA~c zTfH_Ing#1y(jjV-ivkNncD*t(Y&-UlJuf%Wni}imiAk(2lqRnt+xLe?iU%Hlq{ai8 zyy-eHe)dwujgRC;Cp%u)UKfcSHR`AU5K39Axxck9pYOy9fFPygs2!`M)j%4@Y&))9 zpq4AbSmqoN0r0KVh;D#<&<-?H6tqBM-{I{G1yXUu7K!OJWpDt@=z-2>o68c#M+v zoGuOd0RRD$$&#)Eo~2i4!Y=QZNh`U18qg0OP(Sdf1As_SUmk8b(z(eqovlowQ*Y`p zsD*agoDwiwbFD-7?ilbQVzMcEqqc4O^vS3;eZD;q%e+Y1aS$|O+tW1wTjiJ@I9PVp z8gJgJw+_z!5ddYvruM69j+hUWYxUTk=lz+;0AQw^Xio=j6vd)5J>YeTtclU_@t|l+ z4ZxPhR}p}CZfalf99?4t&JC& z(@g+ulE66G%;w8z);~0@t4mL+AKWpSG?rKflc=LTMYm+SNLw?PqJgoN-)^)3lvN|K z%dWhBKQwXBF|OlC!-%8AL3_w;--;Sqx*4m2P(m(g0ZS+dA?CF{!XQiy=_D0#vm;6X zCOcjnX^C#U&WP9Cdf)x;gaTOGl1CNn+kwMv7Pe5G8m+W?d> zU<#XUBHop+os4!>VGb$jy8d}Hr@`vLelcP7epMb(43 zIj#=x8Xg$Tmz>z727qVg5}DI13Ek6f9J0|XyIaK$RsaM+`@ZdgO7Oy}90%cam@8VL zFww%h4n?rN{`%5KA9owJ-7|dp#Y=a*8U+0RhAaDRYZuakme^-o2VJ$#Qu{1xkF@q# zYOkgC*>blf_E>7SO}lNe*HXJ}xyMqwZMD}@dn~!nR{Lygucd}X{#=m%2Q&2v-P2oW zi>$r|^vy$)x>GzpG5TCkAAR&1Y}m;XkvayaoE}S#UDOwUwehPnX68N3KBMmez2QiV z)VF@S;3TzawX@^EJ^ozw&dk_UJR$*RvnCHRN5s?40p4*)^2L%B&Yios?#gtIeGdhn z-F@xGdgzs@(J^b!$bBDr{8VFbdpdR{5#F3@JvewAR27EeFph+%H|iy6PjODV58G$I zS=qhi)$pOm{I}}BeR!!e)~!Yurhnn#H(q!t-p;4b=kGu8f!%SGOzFXC<`GO!T|8C7 zX#m@uu}Qh};N#xeFgMcfth*iNE?<8CZhPWX8@2WpbY+Vr>*MX=`-+zulfd~GNA^81 zcWx?9^jTdvSTT+B7fNNnSv+(ge0~v%+cBw&vK~UXDTlx#sD|_}y8cS!=W%Yfk25 z^HkW0Q-_kdX#i7aPGj!})?uzNad51Ca9`~eGAV!ujyz^_g6w(C&m4N{Y?HUeVLaKG zsN$;&-_2cqwj~@F7l$^!!cf{6o7aIi+@9{zix1gv=@tW+K6SD^ zvLDu3yMz>MQ5pby3$vwN)yS&2u04I>(#gQfH`@RVq$N!nCjcb0pyk{)ubd30E==sb zuUdcNqmzkW<;lj?IxxuxCw9D;_F3qY$GZF62azx{&`A2?rYBu#IRh>lO6 zp9WB}0&jS$GrVUDU7Q)e-QBx38_ds#6PE|?%Lr%yQ*rf);@NW-7bn=sH(y$|j?`w_ z%g*_i^jE!^D-598} zIfE_vM?Nj2s3F-!mopk(TzILr{rr%}692QV`>K|6Ppb{vVc*kdL$QH=4E zXGVuUb8lrb6B`9Dn{yW6%gCT`W&7+e)i~xqMEzYA@+5#q?1!sVeLZ=7uiRIm@(FYDe7cw`#bWho|I{j_gx=gb>e%&rh3c2`cVUd(Nfj0NAhw#n79{8~uKGlh7n3(mV9yOnm~nk4=RC z_lI17B?*FIbY<*`VL%{e!-fR|U}K2DOdtcpB*-v8B$-Wj=S`qYG+zKhaAvO&04O_O zG62J5*a*lJnnA>ZiJ1*Rf(e2%aieZc0EzA&1j9^1EGq72%8$&%U<5_)a{9CPIv@g@ zu9b)ZI{r9pP{!x5%w7>>w@Uc`e3d)Nd*Ctk3Fr+*qF2efw&9pOd%m>C(U(pveRI$3 zp9p^c8a<%ni^q2E*m3dL=?#fn>ohyNnt!ss?-DpY_gZuN?jv&a+?m#@wNGYeK~(|S zZnZzM?Zt^2*TyGz?2y6qbO#teKYm|zZtQFbU~XdBw&{D%UjXRBnels$@Wp8}Fp%>a zZ%>?`tvhN#t7QD-=`=k}`}S^2jx}cIR{Zo<>>iGW-f&*N?v130o;bBqA-;X??F08b zH2TJy0CcMBCte3Yz{BGC=9w7+8gre&_}jA`4WK=7eKSCwDi1Ucf3NWTiuYTS*P@yv zCyhwiisDEAlfwY@TeZ;H0_gd0^tg$J7Uj5A3X@>{(GfC-v$@u!yX{ITP<1ZX4RA%a358R3A$esSy*zWr)B~HfQ zyYEs^UNjG)}%=Wpie%`+RoM;VE1Wcv&ZE)`K0^ zOUmj_b=daU@sq$w0Cw$UeYH%qr%uflE9qdGc7WF9 z^B>(Zb9M^J#OZY8;aog^@!SLe_x!h)epQ`&c4>G;?b4;f?y@)eYORH#?E~jeXA>Br zFpW;Xt{f+cqJ^cGwc&Fw)qv{uEi;!V7Dm}a`rCSvf%`Lo(N%Mi^4!Ip`Beh4qLa@r zii!l$-ht`4(aQjKqU-rMefs3UUQ_SeJNxM4Zo)%9c<9@|@oF#BWI)R4=tn>AkH3z! z60$Z~B~d1(Ni&%jxt8fJ?w@u){YL!i+v&Ss$p1{;)TfduU;50vJGbW#+JA75bx()e z9TWaU{wLlF-@0fnea!vX$@Iiq(OV5}67bW7|MBhQ?KhJ*KH`03L~hZXo`{a;WU-wd`JyX>!}m*$w6!IL(T^;>#+bqYSMSpmFXh($~})* zkABAc)P?lYh#LOW;G2_Xb0liHV_?95B>0Z}`hvqyAAM{B{L|0m1{|7p2L zKmvj_CN6aMIx`o?7A~k=FZuQHV-o<{Q(f*Wi57|2GzEakGpmQsmw7N33OMV$uPA2J zR&gb0P0uXcY`b#<9Y(Pw;v2SYDGntWvK^!mHW~$w21_#Uiy-bE{)K=P1VE4g_ZfjT zp;c=P*1k4(#rqe|EcWxcCNJr?bpG7Rly+_hG%Y zFEsS&m*=I~M;9dP1hNF~SH-ILFf%@lYu=v44gd>wgf@UA(aBtw6AL;qo&9c&0nqH| z<*bl=EzS*=B3#w!DF_)SU%J^zvYDW{@}w7?e|rUEn|g9_G}%%++2vc=hqmu6o*NC{B;0o`O4d!i>?y4Gka-#=_sqs zwwH`bUeyD-IXQ*N>zJt6Fh*azVx-gT*)!(O9O3)uqmSDS%Td~-esA1hpMc(ABwFyDWZW2=@dPFz0EjygB_w(*G>NZgVYo*;K276OdRan9 zWupJ-$y0xE><4qRZ~Bc5HarZJL~4+8X=<_2Ai4x$pMbvI6Tsa7;x*srx;EB|Y!F%G ztlFNd4#6yBs*kll!+sN7x4TM677&}PUuCk*-0uT@^wGzS;ek)>+kRx21aeisUF)2B z;nKyodd2;AKuTt-!<~Dgdq%NJN_GXcO>H}*4vnaxiF9h5$6ktGOd|~-k9>saGyZ2t zh{v2q|6}_IQrNO zI5HwY*aYk|0L9L#lk=uQpMc(ABu41u&RH^fa~|o4Bohg~69hDio?`VRb@MSAUR_P2 zQX`Z`rmoojZqIiP%sq47zAxCir#$(b)WJqoX|P0b%sF?7x%ABQ@f8|+ zXaRU3{N4|EKk%Ea-&}Vc4ESnCgH>@|g5$0Dt&h7O9}v~DsLbk_chh$-nv3XTL!n8E zJD5+5nfj}7ADaT7*l$g5mMkC&mZm-deHUZfwymH1)Ti#d@7`bj(qGHo`N7Zr;O9U8 zc_Mu6t6%@}m%qH?`dEup-_eC+GltR#NDu_>fS@ojfqRI6&Kg0%im#Tig2Aihq}GNl ziwd)ECr)){`zLa9$8wDm8&ajgl8h40d5axSNk|C*t<+7q&ote}31HzrcReIoSZ@S_ z1&fK~+6ZWioP~ke#~RT;@T>&_(h%f&7oeeVpl;P;nfBC8Eo8#IQ+?pdP2B>nw!3@a z!3Y2BPyG1b_#1yS`*Uz`@ZbIBZ%j-~GIJb<|K?x+>KkwL({T0C$E}6sDIM$D#b$3- zZ%Dc+LI5v#FZ^ioqtAAp+hgsiQf0ff?cL)J=`+iEoDA za>#i*etVW{{Z4o*kmAltaB$xo+{fm?gM-#Pv%R(BT{kS)Y2O3-u0^R-`r;SA`0~rI zRI3BoJC$nnCw}6`f9V(hQktg!;$Qyr=bwN6!i7aw)2=Z29kssDW~8442q3}Y_OFte zI(+Xmg@gi;1v|#-F3iNdsv1D5p#%U}(d@vbueQqfPH+1}dEz;xZ&q}5pd>ocG7o55 z5g1Y+Wl1LK6QZ|s`1gHFmyVS6g-s~3*6snVV1ppIPe893+?Oj^V;`0fShofAP`Gc> zO-|zVp1LUlvQ#g3MBeJkP2B>ny}Mh1Mx*hCpZNlShaZ0E7k}v&f8pnUq2FEm=;M|m zS9XJX@5);aNI%vQfD7uvU^4VE@B7B}#0h=kJIQy~UWn%26r#nNxhzgRq) zFVt#z^@tZ`*j7}pXq$?+q^e@Rv<<1=eDb~J)gv&kT0L42QCm^qmDOAN(T!H`%4cy! zX+rgm`XrlaRJH+yw6tIp=kuPe5M_^?Ln_U;NVW@W{tM@$u}PLkADN^Uk}S zP6xniuf1{Po+C?-D3+ycdB^DI?!e!S8qflg3F1x|X(jg-r7u7rh-*+|%&YPhNy=&o zMV6m?C$USlZ6EU*r}Fh2rFkOsVN0-ER3C-fGWiL%4X9azw>+|(`L+Pk|9KlJ&} zedvQ9`p5tHpDesnDwP_IdcUvs(Z{WZS8_XzuxG1R7S4tFEZ=XXZ@!+s-hX6$tOc5s z6TTG zm;^{rlkU%HNG3LHKw!wMKt^^QWi)P=t!3_3j{vYB(Jh%X^FI+ZAPk6MGM9j?G$PX3 z{mqxP$Og|>PeKqu5ZHhK0TM6-){sobFoT4d563pZvg$E|h#7(yAdzv=T^aIj^&|io zKx#Hj=+ZC@1Ms|+E>n(?vX$PS&z^+@E+pwxdy|}j73^zdw%-&t*vE~aR4N9YZii^M z+NEM?S!*h3i91I?XX?P4k$xfwP_}T~?w=M0Jte^*p#ZYTx+>4et8Ks;F zuU`IoyL`{|_D`24p0(0-1~v|rMYFSvfc9)kQg$pvMiMqjILv!zu=IoJ06=6O(Ccaq z$&v-BwXKhtyR;;`C`Q53WtzJ?3o%xJ^8vW$k zeXJE4Qr^i9L%ivf5`XG`@4Hj+A0OL13IkpQ@r&%mGZER-ehCTs(Q&RX?uc#Hf zyX`x+ed(9K_{G2a#df>nd48kO__?3^c>wp_cklo5*Z=1){LIf8)2E#J=;K!5-XGX& zx$5}0du#u;0AEnbcF6sJzdmjln(m|qG!bvUB-#T^Upuv#^>h2!^sr#3eF=^}7ErG@ z@`Zf%I$y|N9$QA(DN8A#M@KK*k-FLBZKpwEzEc%gz=l^~yKu@hlt#(zzqRdV2Z%0= zUgDcDP;X$h_lQD?@{QTX*z_u8dQ{vg2BILo@)tWnVRCZz%-PlbkqbCBQ#v%3J5(Hh z&Q9iTs7k(7d21|=5}Z2Km6J}BQV_|B%cJo3&dpBG)W&aV_gEvgkv-5*H~H%xasUNr z_2zil!COt5-tifr7aF80^bmFg?O?QZ!=>eT#D*1j)-;)KAyvgttI-;*UFgBq*f}#i z(V+?Mp)Rot!$};k`@Y`m-FxkDs46tsM3*m)rySmBgY4ifY1CV@0RcNP%!y_}tFBWw ziMiVPQyN@*cjx=Lr=Nc2&;Qg<{hh!4cb2|?^yoXjpDUNkv$L~zNw@5ykK2qrk8K^; zUV8cW-tE~M4ocC`R>Yf`FX-bIA%zlm(gS+4#iRZ3eO61Fs2_a0DIg$s>VwlW||7dffPe9)oPMkRYm;UlE z6$*tojvsmC;otwgKUn&yR6@}mTSYRVWa3Teh9gKYLEMQbAxaI16j@1cxHbq#CX!fP zaMmV=yGl8dx%MhK7ERa9wt>Yexi*C{yEZkAG+OsU zyJfuyL^)AuoAu}NeyH_8;?OJB_j+`w^i?3{At6B!>k9K%kSs~AZCkELfrxrIhS5i^ zr=AQ0q6eiRdJh7Ug<(Moavg^$VwPHOGRa)}Cp@`8LK zNjPBH0o&nSnerqMzD6b$#UzL`#a#nrTDIA_)SzaZmheH;O=Om-!qWT;lj*^to1u&h z43S{4$kM74GmA{wme_!4L6(upWJNMjR~eSF)Cqzz0V@J!s zPbP3AJ-J6n&Q@k-79==pY67_1yjgP+z=oO7RV_9QN#IO3nVE>P))7RMJvl+d%nTti zDM*<4e0SNUCff;cCaw$;G&GRxAerqCn7dC+GBI^qG)phuEv>7iObd_ale_IRtzJ2J zZZd2&`$DuVw)gWRZ^&*KOm5gT=93~R0iDhfe%DN8aBa?Pz{9En9fvKH8RGxg+ zimva{6Y^x>wB53W}vDqSD6t$pVq+#P8vB zbD6$sAAo=a(fT|)1d}1iwY8*#VnT26d@Ba2@q35u&G>q0Hf7%RjqbzU10hLL>stL- z_LxOVQkK0YqXah0?`l3-`+Bf->(;;ZxBu2J{=zR_dv}-N|M-Xh=%4ysPp;#>b z+OPi_fG7ib6=CKzN%-~_{Pms|%xJfA`@Bhm%o z+ixKc`STC?1c>b6fCV5ZW8ldEhS@McWH=M2>K3?|{tnsG$yQ;e#pH5Xk~#pax=%`I zHq0i7a_ww-D~;30$n6$f)crW1a>PvZv1m^yOFkVmKR& zL*_9Th3)2mP0l#ZU7+LdH=lW1JU30N?34z1M;+4%U1vTVGCLgjQy7iJ;+2l^hp;n1 zvrUbU=pTDYJ`++q8$OqDW`{ZS1pnZ7>30DXxjNF`ZP@CdHN@Mu@qP&lK%3@fX#7R- zbcgD@%{?h6GvZPMGbJAWxcSMiivPHx8j9_G<^e_49&>*kQwfFp^+PS1yNuIwV)7dG zmn`#K^-yThY>VcyH_Lit2Om5tzk9V4q%`VL{{BJi_>TBp2Zi^UPdqRF_#yMLcf@lH zJgGl>na`GJu!-3@OmE^I)hD2@kIBi2FZ|3G7XEzt>1UpP`k7U)9J@GEYhi1CzIdoCX6mLB@laVL8h`sQC4l z-X2BQA)$|K(xA*NcjH~fkP%Fp*1{^wEZbpE^8SJp08gvlS?VPT5RvKA&ue&mEDV@Q z2wvCoV+h?_vw?){o?^2kgc~tvp6EPDjOTMV;2^nlQ#Up?_KUypi`na|?e5-s^Ub&3 zd=tRz?Cekf)K3HW+-HBN-#`24<5r`*Er0*V_kZs{zq!7zOK?GoJc+yz1xb0LybuLJ z1u61GMJe(m3X(G389+;$Hgn6Ew&4z&w&pgQIb$xSX@|L`xy`0+xXngivEqN)vm2varVgyX4#6uM`@;E;A)g=|1 z2PsxX8mjQnc0QPJ5Sn0@`1C9$Qp65<5w&YP{UQB-%Zu`?nK&t4O(<+qEzjkx*jF?I zRo-@yPP{F@44{MBi{dNq<4=y#$;)&Sz%DvmrI8lqPKnnxcW3Jp&>IY6SlpqLH9>#~ zLI~J;llkp4@qEnG?Sw@xgkZ652egfcV7itB2W*z}acRq;HKbhYabKjtf#BIEKYGu9 zefvk;i_hBORWpwd7UgWibV4rYuD6AB*{z?mqhHV-sQMK;@xNA3X8gh30f{jmz$_jMDr0Da^gdf@;buIQmb?9@mCYD9=m zh?iTUo^_X{cvXD;3H{k~^!9GP#~`WG+>7Gr7!d#hJ*+==&^*%Q*#aut^}!A`a$Lw` zaE>M~(7SJmStbqO3GVM}8s{^g*8h)7IMo()8;)jEF~fN(yU5jeq9JBq z63+mD#4)@?Eb=HdsRjT7(|pN-9aD6KA16r9YB=3aDrifnTR23{Hl2HP` zSE?i+A&54iQq(PID?_O?BuJ9HQ46Sm1tQU7TLJ0{YRA{9Nyk-?tNK&<+@+FOlN!)_L_T-%9lIy8Wi)r zieHo8SXdPHn0xc6T&B~rVr2@YSLqv1n$Ky9CER^{|EM^6o&HKX#X56IZ zx;||kQs>+9zil`Bx0t;t#dR|?EiRv-x7*9_biP)mxkTQxO?3c}cnyD=wQWlCI`93_ zmi4!O6Kom?Au=s3!4?o~s$0u6pl>_zXA8#&0+H$&fmgx8Ts^g#WCcNDHLk)KQt}3- zJ;$Ob;h{oOo_sdQ@0r~Fqov8`oM2+bWdlV~Yj7uG&k^S*wPR8C-5@eKmx4J_LeCJ; z5L&Vq$#s))f~670N_*CQQ=qHy)(40s(>n8elR-+UU}tT;LNTE?oq8n{3kg7yt+^+{ zVhEDE!iyVT@@CVXvX}zW3|fZ=v?K{3pfhR2UTGLfl8InABda#1KtYt=y#|fH@>l-y z?%lh;^rc@0@PnWI!OwsG^F;XCSHJ${FMoOAn!&-r|L`CG{XhGs|7<~E#Img4`cMDy znPl|L!+`V`5^Gnd3P8H~;!q-+1GVyR#+xSU_q zz`!t=8ElF}`PxLQR4kP5wYr3JCIL$ z(e-zxbEZH2oL<@}EEd{PPzsTv)g=48u=;>Qf5@^anohlx20}x*Cl} zrilIU!w>!9Fa6>#{QNK6osHQ?2Ia`l{MDyUe(w^rX-u@HN9)b0tLnq<+qd`3nX`AW zwp*0!@b>+-RR{}BZf;=7l7xa%P>L)IN>TTh z3B4m&ykTI$WNyFofd$*r0s`xZfWAc_CPOTEb+#*$qm`>|CQ<`S-M}Wpwh<=AR$XI; zFiC0hdqHm3#GW7fiCwRte)(H(!~llN;`HUX6Y;m-j3;U)jJeCtIZkpvO-a}WXmBnu|2FU+495h7X}l`oheSlsjmelQ)(*AtXC zv=N{nh*|WGh>(P2q7Bz39_FpFtEx%m!X}cJ7Me7rOjw6;Lz2aU5{qnjy+c4t768E9 zjndzc?j+DVF5b5jwr&6H&;8u5|N3wI$PfQ8fI|llz4OkyolXb9Yp=a=3#C+;n$Xt#jq49D`SvJDzYrH<~e0$!L}&7MlNNR6?MOEU^MF#Ny=#oogz(5nj%e+ zrktioH5-jIliJ=1dDgfTm=<;Y&q-vA&DY0@CIZaD&JC{UVo zk46{>wwQ?SR%gH~#{$zj?H{B~j1Dlcre-%}GUbz-+rulPh&On=C`cv(u|;-|n9w8y zBvG=#v$H) zt?m6Lp_Vf_Jn2XN&$vI6Qkt?hq%~;`t)Vrg2CT^#N>lE>pHdoAq+wE|hD>&uhSBJL z_eM2FtEeu#9vmFNU4z%#-j+h8By-nqqH1NuJAdIwbIgc9Qx*=>RS}ojS&x|sk~k9_ zXP8V@d|{@idF=?(WuR$MN`eKtYA{`;C#Fn_%FN4>GkD(Zmot5sd5QDxy0n zf%NTG51eJP5JvFjl;>h;0>n(RTeqc!ff<6j(qo*}nEL6f-mhn$fZjaF($j&&=9Azc2o`+%eQAZsysJp|%t#>v0~UI9 zo<$`hv=Um~1KOw?p=KP5;)JzkrI0T1Zy?rx>-&!W`xgdY+4~daiRWyqb#8p|;~+vQ zPjSL=%Dz&L>LCJJ0GhOs!b7gLE;#~Xq&@5bEg>NYeF8dr+)TXQ%%yC}0D(x?)O&^L zh9%r2pJwTemroI_3_)3Cf z3|njUro6Kf9G@;%jMSr-E{x*BxAC1GX~T<`F5M-ABFOKlHOD$@bLkixA6s}`^&mL^ zU*71I=$t!(p#f`ZW=%mSjYBdih?mZ6yqA4ywisUaXnFy?R-e0}O%5At9G55BlkbuC z=wf2>JyzjcjZ>$l-V^oQM9xBYJqTpL>(h(u^;=_Mi0^;~G)V(+CV9~#BbJ30S4}i0 zHET*&Wx}+9W!+d3!c-$pU|*5C(314{mhqv{KlFF(|Lfm)sIw#iNfeusFT#Yw7}AoC z=ph1{G;5@+giGE!OE8>@lzNrykfiQNuFhVaG>B{?9Ld>5KdJ@B5p7>u=QSjeH@WeVQ-i>-A;4 zhLp0^YQ1yx=o3#q@%`Wb{a^j+*Toep`_ZHC_V~g|? z^poJ-F{DDNbwzGHzSC;=Op5aN01N;aaSKfB+?Rmv1Gu9a(0$y6=zBnK9ta2$6p2kp zKV`C!w_oQ`8fnOYg(T548qmyiRlZATjwvB_uly)YVcnPn2gNC(1dfHy^6kB2!Lh5W z1`v>t0-WiiY*?Lyp;&2=ZYma%j7bn{f(84A8w4^VdL{Q30c`{kvmurnaq1Ni1`I)p z?1aP3^z^TdfAUZMY4+mCkt09*vtRhT|LfnYR4RYzFaJ`ZP>AFBkw+f>{onh8E5G&3 zGhg}AFMsjW$y2r2*(*OieE6_2T&vaYo@VT01qODOYGdyur_>?KACK;$f!|YLz(B}# z@yJK2YAWh)R@dCrl0<~0O3w7gH(H;8?gKy`x$xmpS@p-oINuO`BfYS>rzfIhraUYaqj&f*ts3vq%( zvtzGpbar@wOP(ke;h-gx7UI8L5^ z=9#5$7K_DS`}JP~5QX7C`1^mK`zFl07<(Vvdiwbb@1Y7;g@5L5vOM(^QnKWF6IYD5 z^xSxVv$|HWfNFD4C1-krOQzo0AM|nO;Bqdd*ib(xp^w{yJ^{UXKuio~0jp=Ctv3n+ zlt7C#waJgTbK8DbvPdWuAkjPFz06u@!K*vOQK};jR&|0;weg*+vKW8&XG*{Iwa)K9 zySR^cY>HEk6WEFzi=MpK`qmpUfV?MykP99GDEZXv7y#QkueGd^W7Qw|`siD`yz}SB z_4ur@ZOfLrcU+)Jb4syM#$tP&B^VfrS&&6e(0j>(1uQ0jNWe09&xFw4s>jWOrJ);l ziFL_KMV2cD!)Duq_5IJ5U%JNiiR1*@zBxbBJc^Mo1j8YJBWJKIt30tJt9OzRGJypt zwl;|oxx2ycXzriVy*0l`FI2Jwcd)e9y~h6QcD+{<`_YP1nZ? z9C&Jn(L8x(?!8jsvZTP+9n&YEHvrp9Vs{ZF1aqd+PXM@^UYVI$2r>*}qOQGN%xL$W zcKZIE3e23P&I3&5PAdQd63n`r2e49&x037@Lhy`yW32z+)(V!e=Cm0R!HDoCHu79W z#N0C?lRbrQeAV4S(C1KYb6kK2bn0lj&U9qqI*y(9OzVPJv)OW`6H;r0>Gg2@PD zcsZi9>V${mrRIzn5(LD}%4s+nhpL zLidiJFd36_qJ_4NT3^06GMutzDJ-&ka8Hs^dk`c^8ot{JXaSh{L(~nyF?O0s$4DWd za6KD}6LQ1RHyOd0qav};#5Ow{I$d-%NaRf%FeZPQ_!~$dhFqk&P1KPky!vxhcCYC<>cn@Lw zy+cELO8`kFc0aQ9PyX@u-b0lik+QC>sILKi(;)EQe$s7bq%#->3<42g2-!c~-BczW zPYe(rZTa6kV}A62&0qtt0R)W6Qjw4W1M>lt3?U*jXafX55RP@CyDoL?O@Ji{gZvp2 zY^C;2nY(aRPu015q->)wx^`Dq2K6O4R>8gc1KV-%8}hf3D}?w2q`4908O7FP<_FG; zcgN}cRR$nsd4nx>6T00ySjEmDwzc~L(0$y_Ue|Ae%>yQY4QY$l$*=V+2w28flk;X_pcGgQk8;yhs3O0HV z0s;a|q_9rkQbEe_CJBlZj8v?Lg7hY}_Z{PE$wnB< zEHe`gUD`{cc-|acZ35o@!WGuFNXFt&OfCfyKjPT~0%Lu~;Li7~R-bWudFenslzjv5n zvgFcC%!a`u6 zzj$>`-x?YioSK<_Pqt1EfMsU7g*V2tk4o>NzS^FX7~zoc$Bay_wZvw&;M%=PpCS{O zMN`3D41%!OjwuB2KJ&>?w1trcuFleUc7bFyWOi1uWxF}}l6q#2CazYLfV{^%+2(p4 zr94&gTsli{-)lY?i+GmCmR`2Y-0Q*{Fk9b{-x_mXSFQV^3NHWCh;+xoi(DN;$2G?pH3pA0@w^Md1e?ONYOMkH)BjM2u_{CHQo zt0tBa(5~=U3d1Rw^MN{3xVX2q4N3wUfYz|DKHRO<2FW_9mwM(APoRozi;VNGY_8~s9)xj zn_xa97MfF-8+Ni$sc1Se02XYqgy5VgM7n*o#|^-U6gNvi+lfdG*j{eya%O^Zp>Te^ z+?rrw0>g-#v`TK=R7Ma6a5TH*H#Si1+OVdWm9WXZ$!GC_`uk5*E>4@vcckAQ=0^tV z^4aoB7VIqbfQDX2E=>u+%o^I&PVa2=x(eWc$$aQGpgX}pGeP#GQLv9bu8W60b8v7^ zxiJ+Gz-(Z^U@#}4o;+0}!G@s|CeDJv2@HsgEb7W6FatzH#0CVzOeDdE2{3G607=mE z6w?CHB$0-?Io0X?CUS{#)FsUqLgES7Yst{qVP6CKrt#<&YqWF2GjhbrMqkJIc7O#I zk;Hq%R-f z2Lo=MQE$~S^|<-;_rxD=GyAvEUS?`wxI`9a$DJM#bh zg!#z{b72ei%<;qoUD$~|qZYDOYDPe3uf9oVVWB6XJm9eVF28gGop7GQHUxF`nezZ17@o17t-gE*hDoNbOGN8* z29#hHf;Pu4l$Z^fb&y<2b3{R=5g?6VVLZ-X?P7;Kmcqc?B%5X%*|Gy>c#*Zhq~)jr zkevvupMaJOV*q)@Y_*m4IdIPL^@9>@wjo8Hsx6+~fad}M!A1(3HgYm2!wIKGkbQGe zCqrT3w%R88bSo^L$-+(P2I_Lle!*ClP>gE-UI2(6<9D z7yE|_ILQgCvHDKkSmcfA)?O=r?&_s^WGrZl*cB`@n-^`e$mw;ULL+bE*+cwj6SZ^d zD1ccx_B{XbWBdabaq10xw<8-17auj>`=I{e2F=7A*>C`M$oEY7jCgHSynB?MV=|X; zdc{wCL;U9t>K|n?kqH_!^Md@7g^wCM>%s-_HTuuH`0$(Z+u8eq#l7aKiRgsn;vxNL zhnodi(uNIbL&5rHnD`V&~ovP9FYvSvk@$ccMCg@xVLuBxA{3L@V zq=t#9eV&e=6>o*qojkuGf4e`*dJPk%7{daY?wWzF_z}8XPa$2A^#%ds)yHm=zW(k+Th6zzYz=WiWut5 zw5SE!uy7k8m{O!np>Gzs5=k~0BaOTc0d1Jf#vlEOStE@RFj0X9nmn_#-L#zFg=&)` zIww!w7v85lFExQSyi|hYsrxL)qHn&QuQjDU!?sIxi<`QQm`+DCI;u zq;_D2Dzeem06cdv=Z?5`If$m?gmbQ#YY8QD&57}eSSUl2rC>^oyOghn>*R)9kz+x= z$*~kW&7OB?I+wT&yE8nkFu(xq(+9k^d9{2rm7T@2185b*))_a>SvTY}XORUV z05FVPO=ew^+RaBQVUDHVP4^T{@hy7c_I6hRVkRh3U_9A*>P+s^B#*A~>jkPn2UN@&IKpJewC?i+wNJ?B8n8Eo0ag9m7+w+ZO zB=RV=umJ?LU^0LqULiJevoJ;@(SrBYhKCEo7sY6Y8sXK2Qej*alNq!x`kQt6V zS%~hK%8p`{cyicmk3^WAFB2s4#yy}jsyC%n_EK2wLT}^w2q6LFx`tXGafOxOKoR- zG=X^GL+X}bn7TVy2IlE+5{8(IHojJ~-mE9{a=^?cqr?}y&AXR(e}|b#7(*KJ!K-N6 z_Oa2^#G-46YH?g9T*YF=7E}mIOqwIrUVZu3Hc^TsPaaJpIX)7f*@{lejR#yF+w5as?3_9Aviy2N0RR#N@K)Zx*WCA}_)e2*0G^Y7uLaPUvn=5%iwGgektv`zzF@%-%RZl;;hLf_aHi5MU<5#1NnpcrW;o^|$Ps2bpJC zDpQd%OOcDL1=_-e3t~rjk-1ic#a8SY$2kUe@`2Ff$KoemzKUvxAiFxvvby(e+F$~D zn06kR-Ey(o9OYv!<+==l0l=EHWp1myHEE+cox{`+D!b_LC?DS`4hGcGma-DM_UI9u z(8gjhzqORz%GKQV1M$PJsqZBzt0f-LAAiiPun>mL+Oz0c<-cH{71r_dU1 zmpiskrOvwYQwye47y~WM%7_h{RhSot@o)okV>ok-cCu2^3O?mGL?KXsKt>C(s*cSt z?b=`8`bO#44c%`hgwo|UjgdwjY3!_(^}BdwEnoLSQApjB1psgoYuc%ApUdAd0@}z# zq7XaUNwfJp<&+7Kj(eiFhy-gEFP&fuQ%8&7Wr*{fTGAtff0kwHO3lyE#}x=X`=sNQGYKPU!H zUe8Q*dk~YwBo2fpx0bh#&ApfW+5d+l_Wq*!cQf;TKWjW>^LMTEsswb2hWFG*s`7XOVj#%j*1@DS_~lPZHeN#W0e4eF>DKAf`Z>=mxShs z!|bWG3(5&f>$qzNE=yshNG&)C4`92Dl4gE3aEGgAU;?8eN-pKk<*XxH#r~mm7{GSy zU0{A~%5Mn=-*MkrD6q{95f9(sT&XewIuv0s@mI{952f#)^E#L4tgXClW@ov^wKBFf zE84kz+N6?1rU5NjdQ@Z~ih&vks_|er%h%Tv@QiPixD7U*Bek8a;;u;O7@f0t$09dR zrJ=A|&qeQVzV9+F`BWrh1mDz#n3xQiwRk}9!lAs$9ThJh5|7GM1oNQ)1`yy>k$v?P za26abm~jIhssl8VxK<%za>bL)$6qMCYLJLj2WSFlVpizk$Kt1i!L&Cga;BYgil}tf zrClRHhKy!SS5#1G(R4c<4t6((EBS$=v`miXLG%8j;&qKUo61s)J?(Bt#~_vr*2HQx zm(>ziLr*-|y7zLSF}ghUq9FCu>?5<)1h}x`TefgA->yI5eBN9@BnQEHnzkP}=P>WIV*m9$kRpOI3$j$oQh{(F7o^{s<|Fw7t_$ecIe zA!n2v2?iz{H<{ORttOR@6G1xnnfDzPFK6!PDPjPJ=&>_+J6%XSW{hUT#G=2O?c==$ zzv_JSXCD2^KYyX$6xYCzl7arzC%y5!$j2Q2PUm+Trm0B&#ll~FKK$N0@jIjGXfM<= zCdcA%!`r8zYGf0c6*qa|njWn_6WLtZh)tsRt2( z2&ON<0RZsGkNY~vee?zbvR&TH({g{yzKOsBganDuCUGqYs)}v1<}v`4l99rJe~oYN zP4|tJ8p6=y;Zw1V8c%9B9f?N5vU;lh)MT!G8gDLKTugIQZex&23qP?T7!o^;64Myl zDk}qWdwGhJoIBue%jD5gPG#y{m(G)6I*h_OcLVA}h7%+J=6GsXT+Mg%>w~8ro<7j1 zNT+Qa%I()jyoe8qdkQuE^5C&(NyN8EH7ntgzrj!0uto~tBAq!vhaU+ad&%i~sWVJ0 z4FCqr60X@OS)svHPgqNad(oGP#$bu2>zwnb6(HxKlBZUP>AD^)30oo2oFuRnioR$C zm~H5xlKjjQ-v9K^=WIovd&>Fh%Mk$2uC&7`$1VX#Q&$KAe1?(I(K-^Tj_1uDXROor zpWC+%qlL|mR**3#4#&#uj(4|<8o;ca8;UAJ&Nl7Y04D93-OXVbGh2-FOE}^R4O}UN zYHX`SgLPhOR&E6=Q<3h7)&X~D zP?498bc&tAo;{td3|O7$-N922>BBO0N2nO&q?6FiaQ6wBm?PrrTY$EK*%3bRM(IR*KA-0yJP_ur(zt!)v#_`uop4T` zRB-NZ>^7FNHLbD2B1wb17~!p&5~GwMO+*D$+qeS+w9pi&PBr!&qe2k_NH|)L2Q(40 zNf8UvLyo~@h?hhq5a3ZRbp)6m2_AiMKB=q|i&?*Y!8&~?x##itDJ#-r<<41tTfiEc zMr~+#in~S#VOS$EfaJadS0C>&{K#Mb=Hpjp0Tj)4I-fL9To*ie>9qanFKL|goc4Z7Usqv(uSqTG^WAA7{d~> zJG(NG=xR34r>!K;L>96?1fcc&2OMc!sP_dJdKWC03uG7~4Wme;D;M|7{W*IrLQYD; zn_9&Q+SnvJCe4#wV-On{>Qm5w!+s?C1au!gfexG;MVt5r`vi1Pph{Z@Fm#gNT*r5P zD(>b3@8Z?W13Kn_3>(Q>P!W}kcv6Yh7CF~c63sRB*~(NZ;*MKx(j0&W&o=B?0K>T* zTO0Y)MF4nz=c&0|$LomkLYq*`qcFRH?O=x5b_!t53wK7lwabYxWivnw!^Q|B*Kn35 zt(m1y#ia@i>x3}|T?14nClpHnCk7@obl%?maQng7q4W94J+*4aW=<|4ph=s=mJU2% zBWDm|&LYhj=A`}Zq3Fn7+;A+MWXeL}p2FTx@X>)l`owvADk&EYZ2~^xzI_ zx*ivNY6qrTRD)$PQ#UgWt`>!DQIa4^xRj&0mH|*}@kbxF&Wxo|g73W({oD`vjewQ( z9J?|(_trq^o#RYGi~CYH%0 zj~`C96%d&84oTkaN zsRffy{cG!$7g3EVauSs&?Zz8PK)bP!iCL<(pvVQ$nZl(uH>}*D-JPu+N1v0YT*oI+ zp$5bI+Z)E94qCxST41>m2Jc| z8DT^$V@qFk=Cq8Z1q>TnGtDOr)zsY7K(e>Jbu!o5Quo^)TE)fwGwx1HXK?_xM7tUl z*2l#Y!@wA!uhd}>8ZjaOEpCiNxuxY-!+h*gfyZaC} z1zJXgDgtoad3U#U@PI!2hIqcaLPhR*`}{t$Z;*CO^Tnm#Qe>O?$t^|1Kxzpq!Jxfu zceMLe>xFCRToZ^=-Be*Y$(NnM)DZv@$vNb4Cm;+G5wj}zftV^Z!7#|A%rokK&E>F2 zpc5o?a|HA-b{(t@KU-OuRkchb2}Nx)cVl-)lt5?x*&rfVj&W0o6V}lZ4L%Y*`I_}S z02QSzuMXgZ^={c29B>9*b^%nx5KCF$($s<%JhO&jalM=jee}^|c;Hj}k9~X8=)Q2w zbug@ifSqs(;AnjGf6V`duLWQGl>doeY5hu1)iV*cwLuPRgE8@8)vDv#ujCdb?+-9_mGboyy z_y+r1_FDp?l~Xxgv#Gb}9mCU$B#liT*6dJsPjr8=<7}q`1Yxp-Jj{vY*h=%J%ioAJ zO(m|O?&?vINn|0e8T-5xlXQ^@d8!`9BdH=!dooJem`kMbc&!o>yTy?bt|NNjr*5ng z02joWTs;aMPL=l9&C)K%$Q*pH1&@lXq>(g)ZR;Nuq$=1#L|``aXZ};xyT|Nz0CcDs zQD@HAr~LCL)X@f}Cn`bYQUS}wC5$nWZQck^>?OU3X_=AwvNOJ=)%7S=v02b~S{iU4 zswA(yAmVywvH1o{^62?=>i_}BduVjH;L}i9OgD7BZ3auiwg@y7r(DR1M%w`Rz3+7L zuK0~V2>=*Fzy2qkv1wB-?60@Z#YrpY4tK&S=Hb8j>!Gdkanf+Ck|%R4m-YOh7*&HC zmL*X}#xf;iB8p<_yp>-R)9B>n)*0)JJf8jeu6y(%oo?`q2;zk{$eCQER*E1e%H*!z zd({=<-4?o;zzk`YB1hfF?NF{_DuKPq!GmE~N}r00lYlX|E?JgfVVDhAK)A+Fl)g-7 z>!RVc`Gd3XyT<E!!g9NJki%@(Ksc9P&oVHa7rFib*R>$K)jg-H}ZO zPrB3olqFN1#09WfqlEhIWdA)g+n3EGD6*28;_FIql*Nd4EPyj9n+DbOyx5+m6ovx| zyv|h>v=x*QMni+SAgUjnc}!f7D$X@c^Z(D@pGMhrW#@t5x6irLn}>KYBPIk82mmBO zfCC6J=UJJ`l$1(IwmisoN|q(NUDZ|P)zw|AtJ+nyx>VIJyKT#DYp~L?rA%8=YE0#z zWKPUXa3(>5n8%1f%n@&%?r_fTANNJXi$DMffM60J-?wrx1Mj_i@45T#Gu-d&{cV(L zR5%~IyiC{5C8jT0XD=EXB}a-_TBQvI$r9zQ<{ds10n(%t2jV(2h(Nh$0;r)V{9t{~ z>Jwv9lV_Xolpi0U+-J)Cyf!Y|7MSa(%Ll2R5Tkpt`e@H0C+|a z(RXv`zKur~XrFy$O4;;E>&3OCw8iaJ2PGyZR`8(S6e|%GaWEX(I#f^c0 zn`CGe)siGFZTmt2D04nq2>{q4LX7pinWA2C$+NWqAc2gwWK?f#Op#^dGGwMB!1<~^)H9jQ0^VLuQTMpY#rPqXp-f? zdk5cOXUTr|F@cA7787~ z(xeR0M`P=sBt%A;a_!*)KvblTxW}$PHjSKTZQso`G%<%PZRi8r+@Ll!X+RNkhI&|v zF423FrbZ~iga9r84^0i-6t`INHn|4o2;F)>JIIgi!;#JRz#3XX;W`Zm3Y5z&j!!ve zmRim3_xcJ>-4%W~wnr$*h5=wTTFt4gJBX63$5tjs#N?LG4YIq%@bxV`Ryi7JkR}d9 z$U0tUPetBZ(pi}crrUC!9vXBb5&%nI6Nbb-lbk`Ch*Rcp`Or|cyPeIRN*1Q9De?n9 zW|f_K)=S>RXi-XNQ`Wd70+nc*HBkr96s{BOsGmN-k7a4=W@kq9JrX<_TJLbM;dKY~ zW23Z{v=wCRr9&IfMQI;RC0JP-J5^c;^EUS~1&B#A7({~ZeA6qcV%m@?>fY)1cHqXFH)j?pVeQ_ZMnsE6o@H{{EqfJ3(!N>q)NSnWvduux3NJ!kPM zfC+k7YK&HT4cEPvtEc_cw1i2v*$h_G`aykUJ^T1Z=%X<|YL>-fw;S_Jp~7%oA_ZNg zQlFcEg&Ym~w&BCGv~d8BB^t)_(X9*L#C945?YL}R9&e7lo;d3uYPg9YVghKO5ew{g zT6=(poh2`t-H^XXP!}|t3XQlKZxS|0TG%4u>P^GF;p;lLG7e_NWdIq`oAqM^uvRV_ zzI}@FWs+Zy;cU2ckxE$+5D6V@h7P`Z2JJc3c0Lr zIWdspu1hz5WCm>%!(2yPq}h-F;*_bbDf!xn2J&V@O(nBhn$H6W3=yM5iI=whS%&(? z8>25d&jB!9E=N@^$Sue#ht$!UtTW&nt=%|+$?zxq{f?`b6DpAKqQrLuk$cvk)U~7@a-F%>XRW4_@)`lV# zR!h=8d!mgK@1rq5Ebt`}==IRo03Hhw6PcPWq=Hn5vFt#gwdPqGHtMP2A6i5IlCxuXYfu_UpJhxfr{d(-C2Wz^V z%4;JtoEMv%s+ariy6Q`h^#;90fQRVu*X0WUQWcSqsjG2Vlt@u#Sx*D#roo;SbH1z9 zM@T6Tu4n4@kR%qcgdL{R9&H?ZIr_>*6~2~b1(@2CZApW}k^oXzu$$O$l@#^l(06HP zI!F;^C=&@zF1BBdqzD3&&_1C9$cetum2|nQtHP_>o=r0pbR{LqVl_kEQ6!B(xWWrZ z^}rTs>XKSEtW7gcgB#LI!h+))RnyH>*EiE8hyYg5CL0|I%MR`eqS;8ID*_6|`CDF< z-WBaLa|E#F?$LB4<$!fq4^ArMo8+V5--s7H@I%HH*ougb z26P8IMlX7sc5qpo8&MNal#jSJ6`g9Xnz$I7YM>Ui_7;umU@3(pc8Pu2vNM%jkha}z zXO?lX&&%wNJP=pWW2j*K?6@^9i=dCR3|}~v zWi&*o&XvFrfXJz?n&So(M0_LGkRtG9%u<`#qKJyP#?3y(#vR5GBGntjV>|JiVU4q{j~`wdT^Uo~O#CR|DEAUr@4Y>qXBbtT9YlY+V$m zytS7Kiy~G-nS}9rx93Pdj??B@ur8X*JMW1B{L6`%CO7xj_OhTFZ&OcfC9Mur#u_o4 ziCtE3iD-{M8F6Vgo?qp~gZ2FnT1N$=X?RB)$B5zDt<_;wlupG;dxHH^(>d$RO$2i) zR&$`3=!!l0vT;17VofVZlz0nk^JYMh*#d#ROs+5OIwzy2z!~`i9MT*nRYhb2a34yF`oRO`$8W zC25XRYJ-4gOW(RzF#y+87T-{IU_cK^jeUIh9K9-BzmzNw)^dm-Ue=t9nyzrIARJZ> zdykZ@rc_i(s6I8gN}IUCT){Y*-98UGAO&WRo4!FYB=SI{$}Cm;h-YYO%7CGXIqDg% z$uSiRYtd)C7%Ba@`=k>3WwW)Fm_*VuZac=@lYW=V&C%uXpFOHqS#l8LGdS1&GwB9l zpHgdiTg0TH6f0VjA_)hX2%@@;v8~H`x0{_d(JhA9GBl|=l}#@R2Yq_bldV^utJ#&q zE0a@QrEB_p3f(T%v#We5w=i1iMI34Biy=14mjI+25pC)%C29?FNHek4U=N;H6F<$# z!I5&W(exL(AOh8FBNqZkrjf0oV7X#8+8X*6XgU`hOv#LLC|={KR6gSL$m`zL=hF28 zR(&+Qi0q@?3*53^f-)5@0I+=Fo7_{+__hWxZCnYA*2rArvh*@rB*?pIIK`QZcrCPW z|EjI*0WXGF!9y3a+@GP`C7cA1bR*?h&=d5;YPgu3*}K|@EaD;!f^X6Rek5MEh+xEw zp?Y7%@|0!dXrRgkQ#cR;;7jssyJQXvGS~)?5&hB)24lOYxTV<=sb>ywpQU89s*k5O zCNk0#&H`RUI!LrntbG{Ft%yrqTP=3jKelYIUeo6{O;{c^939n>c6v8My*gqEPg&%6 zZR1IfdzEE$)4&!2I)Pk6R08crJX$qt^YSVf!|0xKaXR4S^*xGdECcdeO zstmdh=tm77^VUpCjsr-d=RkQZ3=Gqxh3?c)>fkOQnsy%h?Eb(FNC+YbK@cDk@kA^# zB1j4-E-h46W{QHr#Kb}~v)+)FA%K}lggI0k?t(JWl~?B~i=7C&+eSuMQ};tAvWvS` zgfM1es(kO?aSKccB4pM(dn$L1@?If5PMzI;*MTLr#1IIN{q2(Cv;o>2G#OciT@D%p zB1j`TqXB3O!doj=NenO(i+f}G%<8@X3V_9qN85*n#E>*#b?aRb9XEwtMxIf8wc zu_>5QC~An>4)2kr2(<`mD2FxHdT3;cr$%Vfv#6RYCKeK~;81+hf1qZ#A^QwqHLV`< zk4VM6=&IQDQndL<l6f#q?rLUE!~A~M>~m_&eiLvyf)9xS4`!Yx-B zr3bF^8#ysBk>B-t_FPq$06d@{S;_cu-#L&UdL!HFXv-N@5Ss#r^R%4tM<$HJjy7MX z7Y^XDc+-5rISwFI#<|pd*6(lF5Z7U`UfhxtIqV09*T0@ruZO_Ud9`?wgM6CaPd{87FXcP{VAKrH zWaF%TI?AabZ?K&{et;hh{%Sq_~fF|V|I?B=A^q@9{Z2Cl!x#f^T!{-15CNi5U zpRVOQjxt3( z+LTR)`e=A|eV6H`Nm4{a+-0bkgY7ZN7rOU4%Pu$xjcI~MSX@VKCeewizBZ?gNluIB%UDReMjxPIpn?Xt7(HoT?ekDAIlc5;jNlcDhfik=j^wz==gn zHUrzpcLp~pQ&S?0>XloyFI=yPM)4%F8))Ju_q8az2rcbN!N_)XYA0D($m+7_4 z>2Q4P6QeoZEttci2%0phj-*@%cLBo>^|}@JwXa>=^7-!FW0x;?B%6QKNK2}-;q!fv ziR=m6yh{YMLzH*#8$MTCR6Jy4PAH>sZ>e(MPY|ST%*W{KDi9l0ZstT_ld;)P*d%$K zQl;=IHpPuBO8aHVwoq##XfV;+IejK{dWa9qh%-m=$tWlEg086i_vIhEw6SA1 zz~kL|S08p8Fl#6lu~L&o%_@Pe_p6`%p8SI?=j`EKd-RbNp1mMnZcjx%ppW(GF_)_b zS!K#k(V3I!q%{ht@D^J&V3sr|#erz}d#m>a}sMK&KSPFzVXkJNihDL*WkRgAc)rVVS; z#8W|GDuOOMS3|MJB{N~o(UrK7*5U~T3h?i-nl4`3-zb2{xG*sZ2 z52`05Q@8AKeB-Qjs?X`0vzLyQpMao3)LW0*127{lCq%ko)@_c|s0g6P*=1|z5q0dU zJ=GiZtL?;CRm7%1X;NU+%tpeCI(1!5h~2^71-U%18fhf#$D7BRmVP6B@uAhRrK|_w zQf6_uIVgR-8m}eYX#2}^Hw{HI-4XqqA(#Ra~cNL?}8mdR@$BNPB?#7U7H@c~>tC6hP-Zh#! z(AZOmG&O6*d?I^+(8`VvAMQExbP8Q1tlV&@;z}Xe$D*}HuVJfBMc%4(mFm-9-)#x? zp#YiFa;4_%SN@;;zr}Xg6UkxPDj}Jd;_i`IS7EQYzVBnykf*hs9AM zQJ2k~*lh)i-L;X))FVQR;pVO-YX*RT)KC#h`UbCJe!$G+RBt^3hE|r*t#ai^1K<<6 z7JYCcyAjS=rxIasopA3yt=PCb|E&^ zMEyYHfN%2I_{9wOBvcFnhxE}4^6Uf61JLjd_LFviMi`uX#D79+GMoB*X2EaEN6;oGvA(DvY#q!?bz@o7{;P)b|KWuC>3C@eD z#h9FIPLk$|<)@lvxOVFm!+|OMnCaAm>0D`7v%gRDHOb8tL@66A(;R>$u{2)lLlOWc z_;9vr3$2!ujYN@UU&DXpTGU2%K5Mn@V0=OY&<>*FgER4m7-fGI~Kx?wf0-;wx3hoiK=WyDN<7a$|z=o z7~U#%{SMwmNcF|b%bikG_XGs+e@Q2=`Q+UX1hh}4sqaoZ4W`xFeM9E5L2%)w*yzOf z-?0rP*tqdp#sF`BDT3z~-`lTy)!xfDLXQD{fP^wVjS^T9h+U}45U_u>!SbgAx z{9Z`5^z+yt?~Nnl|p)yuSv1R0|f#oxg_fjX=Ry^|{t zqC-I6T_lVQG+b;6CEjL4yPkc%9ty#_utHIf%R(fRBz_+8?~p$2S0t~@(+5uMpQJpY`aVOE9u0Z?(~Nk z{`B&5OdfVQiAndb!vEN;$lzq)n{URw_S&F||z zLQRyy5|I~-GY9Girz5i=Gq}%x(9q(nbNa!`{=Veyez&J)x&?cAtTuQ#vmi)LR(IE& zVPag1FAtS-)rfz^INvWv52+_2F3rT3!KkBh%e7+#g^DcnMThqkhnLgtES>AIc6IyN zO2h}iLg+Q!@YBW$IJ#m@F(P@8I*<|G8c++Q7^i{&pT7WVr4k9x;EiyP9@&~HR9 z0GKys_EmzL$ zQ#bi>nOCQ~B^V8=$Jss=Jq4iQs3CW7SnraGz`PQ#RIo}A=QHzlQ3Y_pYHeDS)`-OO z_QeCGv3UGwvdph#&fJ;*T+sgVrRlptF?#9Si-gL;NTP96P1X1xUf%KkZ#aS%1cJ8Ny@Pn?Uf=g<(&QoSC-|{ zNTu)kT!kf?SxyP&O>g6MD!ra60U+AZaJ@t`ea3J^*|YK*fH%??_g5#D;y2U#3*euM zo@MZX<^jiiG*JppWG}9(yIwIiiJye*Gk|M!<$4;lio$D|!u4x`YvK}s*V1JGhG{(3 ze6nu({tX0bG}IaA%tOVA<=BEr1BcZy4UW`ldCyW~UL~wlUN2UR;x0Ynuzf0b#YbzK zr-tHUGWno-!dBFjK|RWevYw-<1Kzk>y?9z+80UU}y_T*y~@7RF`=cz<{y4tC{ZQCq2nbI2}F9&{tx!1Kt1uySOiJ zHRi=-Fy4rreJH=DoZd>%EYL<~LxXA{u$0#?9;!)Rk*!GlyvPria`gxo&0@ciMynX_ zz(M`k5BNJoogk(T?i{J!_}rQ0jvd~1#EAaKTl_p=+lLmNcuhKnL+i7R`h zUDg{xAWQ_-VB>8~AaW3CQ2AN$)$pH9Bif+q*NiWW=mX3=MQ7?%@o%h;abCWZ_XICHu?$30C zSS(IqaSvJp!oRWp2e9!Uw8gS%mAUj0F>F&uqtl47@94mft<{PFFdvx+i%k)oP zoUePUo?kMA;{}y?WUwna5plZCP5*Hswrim4@r$!x4T3rVA|ZtxsK)(njeD%WECOsH zGEp6yi7##0Y}loDN0oElJPlv~BlDOEqvQKAq?s0J`gX6FK)P~WfIqjy;C2Lph#^%) z;STOMflTG52ex}iTxXl82ErqV(O}P%aZy9>2`1O1w-M)b6!B1OAN52_@#+f6#@#2I>ldhvu4sJoWRi z!RCy(`1bm?U_p?IcDjm6qnk)vFLVF44qLAo&zP*7+q=}APRYHwcT!vQDFITvn&Zg`Iw>M7iyB4~tT+xEL29$ISS zmnGKfB;OcuBojJ2FRtF?HwMfu?q8&t%~Lk*_4j|j@;!CWui7h>qL4R>*50yA?chg= z&;73-divkI;MTT!(Yr)~BPHm+&!z?~Nq}bf%mENE0zfk>Kr?GFgFs+LBoe7NngUD& zFiRo<5Xc}%kR(_H10)EVDS!$fe9a14Gbv)l#H=-=b;8!r1kx;t{zakeGY*&s4p;}i z-uU{xY&TcfuS6exr2Z0s{=WYCh50)^RbO2ElSiZf{MGv=4ByRCyRL`f~MmmdGf{O*YOc7Yb(E<23r2M00!viMf`&)%M%#iga&JqZCldelRGivl5l zUNst_n1)^um%aN_+2GD>@{Y$l)hs9Uh!5kSn7M;vk6)ZsZ+a{Amdn(e<3D`iHxtPW zfWQ3uH@1BBYya#268_PNfbQTvLvTlvM@g@?Gt9v@@2Kza)SE_gc`^T@AGoF&bG@xs{zBBe2K;?E0tcv{l6|Wer1dEHtMxI2Kiq*B- zsZxH2jX!VPVHk3VE3y^+x^wm!z#Xv9+ckdcV_L=a zUlW&q1P!YoUy=D8{&@a2cb=9px8)X?`HI*Os43DdsDT@?&j=%zw?jMo3_$I`8LB8( z#VyKj1@O1qc;gG^>3g4j?%-aA=@?Rq>)Gdb5B}?H^3|sM?@B%ZV$C24(gI)*GXwp` zzjPw@Z%fB;EEK~#0Mp(TqOEHe(Mka@DDo%>EM1r(=7r}Z4B~C`TXVCZB}o!=0dHx03ZmO zLC}1+7^s5|I_RK-cQkIagv;e}|KWGPu(-Iy%%0c$jeqxBuf6tK$6W7J7>;4uh9EF8 zm;eT$Z%G=epG7IU$K3Of`OsByWzw3gs7hY1 zHvA@J;*7txr`w{=*n~kuA96lSz{TLgLa?;Q7?&hdlpZxkzVH6vd~iOD2{~*}4x77d zj{K0nri9N70(WC*5)Z~j+G49n`B(M#dt$9ZYz$%!6I??^o2Jk+kE{f{B2;{9XF)fJ zw)O4XcCp**Hx}C>Re0@OwB>B=KXBM%P!o0rwQK|cB`w`_!t`1OzziY+^ZJ>HpfyG_ z^2uRiz!3qHAdW#+p-qBh%zF0|0j(vGhHOAZg;Bqamb+OBqA2Y%k{1HH{X5nc1(IvM z6kB|=`@_{S!-?zo9Z}(x5fPu#Z)V3|TM#ZwAL%z#d9R2oZB{pz7L-JK`+GF&R80wG zXc;g7Hi&L|6IOxiyC8gO_jpD6?M;ZcIO0<$w(0H1CEdNqX#p03TX`jY76c|R5d@f+!vh5~QMljAfC&F!K&)FYY#vc~zs#hGzz9=_2rP*Syvp%iBLB{I zwhjS(d&p$7Kl`&k^Q*t|4}&21^?&oPo_p@OnVFf6Svt5+@$AV?yjTYvbkIQu?+V;} z30E$cKmYeW58&a45Bnf2<$utz*gFhP%HIFJk$6|sib}1C0}TpauLYRnU6B)C zIsdLTPE?T8qaSo0_-^x=tLiF%UyOhLjCYO%|3u_77FlIo`AXw2hUD;fn%}AEdX~B# z@eZ5PJZK(x(R=Zly4FQq19I1UBTp@>C7*+7HBDOfi-GsV-gnVEA3!hY`4<~6yw85$ zdz`0cgV`~sZ{My3Gggq%a}QnmTLTBbMif+*cbDdlWJZ1vO}xxOR2uH5rAe^DJS}1p zA%)xGEcozqlmFf5v?G*;%WI?tuvJ%&06_r2%wk=i5kxKSEu;|8iu7)A1nZ3Y8XMhq zLeXMI6oEkXBgtxvVgLkcv^%09G-)OsrUGH@Yzz(w9Z%DX3*NI;1p>3yOm&|%fxw=B zKgnaVNg{w*(aMH#JKHyG39ANbsNw-5^G0yn*Oe5>b7{ZntokASddEtNq|wY${OWBV zs0B6qq)LeN4%@$73zZEKv_6f_>)NQ?ayAyY2|;fcwAUpfi;4jjd~*U?c$|I32UB~C z)IAUZT}Sm@JMi8+IL`Z?pi7bzTJs{e4U-@uw5V1PZ5|RSWKbC(2;HKci5U=W8*ylD z_O_B_TK{ehu^Sf(Hwl%75Nn&m#9@XE39RSNfH`SUnM&bBNDu%`M4CfJJ3Le~Nx8v# zx6TI&X95wD>q50!+PYvXiKle~0EYsIYt36f-TLj&TJtwuQOKeE&UUsA0eyRz*gJ9h^qG3S4&c>SUz^-N*&(1i=%9lRI_RK-4(@U6 za0!=6rOM?}$6W6`{Mdhe^vcT%7k)ThTC8=fu?4$LV@2&b8NBha$Vb1@{L3*pIvq^E z7MuW(pm>E_4AB+U(!#ECRY!tr`Pm2}AB%h}Dk3#iKk2^q#oCuVb|uMx6#yu_;=kH{ zp=aD@b{RuWZXBCD9mKrfJ`o07|MAD4{RNNe3%GJdd*sn8PemhcGyh-J8qE||bl_)1$^ zlPLn1O)xPG4aqD(5Kw{wlY)RD7=oCITN@-yVaX0j9I(ld3K9qpQ6~9H1AruE0y7NZ zDQ&k75gce!LnxR8mI#P6piJ@=O9C6h(`*Xz1GZU%0Vcr^%u>T(kO`MabC`Mn7Ga_S z7(@nnp0XJj-@l(phKB$kXaPkCh**HbT_I|15J6JlvB^vzq1gzpBA^WNnYAgj4!7Gj z8x4S_FnQ8gx3ftu1Arp1U>MR>Y;J2b1%n~hj1~}UQ~H6D>qZMVxxz!32rOiMV|1ip z6J^Jq*qqq5ZO_Ec#LmRFolI=owr#Ux+s5Ym_U!K2-9LT$yzh@br~0X?r|RCiwH$@9 zma2~3r>2=U_sa^!6=AYdY3Su006u{0Kr6H|HMZ-Hl^tcM0$-Yl{>q{HyN8n zxN_nABQqfshMN^fQVY#2=}bI<_&TvQ$%MF>lcJXR_`H`7M1~lv58>aW=vmg1jVTxb zv@c2p0y1S1U@2;e8@%DtJeLfF9Jb13%2^=+w5!QxKSTLd8aw?5Oux1|b3w4#)hs)N zUy{p4KG{on<$~X6Qn6pCa5nOVxYix3TCG#31BzsAu0Cu{OO-@(B!-C$Fh?R}s?~;- zinma1=FyoPFazl};pr7)g8;hBRqO|t3Dl?Hb2s`T!6l(Mq2uFbU1RSj8h7FenUad6 zh|ai}GDqUYTK^FM z&OQpavcdYd2^#?kmic@(0g8Otqrt%SY^pRBK9`q$Df5?5FkhP&7CaxFHn3uS74T+N z$x{r1IB+43ItTY}@zQ)fD#IdT7FvtX`umrsr~;=W@o_H1`M90*cV7*VXhGG_oSR1A z1Ti4O2i;>fYwk2-x?b=)D`x?-m*&28qB;LIoTIx&8CUovwv5{1paZYT8kQ>Ihv=rL zg2M4RXZV2)Pi6_8lYhOiw6krRIEw>e+mDhA?7S`+18*B@FEeoBn=);x&SvA0%vdsP zz#9bhq4k)Wu)hCbr8PmeNY`sYkuW)Z&P}|DqrhGSGRXA(k>dRJm zAlLL)0f6!XT(G{5nt8B9sk$N%P6wfUnY6<7Up@LThAAq~R0h=+P0-tGHIll&IjreK zYbHx0VYkn2TV!?HqD*Rpglp@;1&X9SjBexCl;wj8X4wD9%^BzR`Zp5QYAA>dj%aQW zbtPar8FN4|g-@L|mIu}rtULS`2NMs%^)gC2Cg**K67+?fU&jHlwjV&nuN`j2HWvMJ zbX=kmWww_3k5=LP?7Svi$7zCk$uu!(p1`K~z)PVkb#$J75 zlOK2Rj+{Ku#Q4+$NI@_x;2@Kvg8GxnvAe1_$BgO05Y0b85|A`m{Fa`10I`9-Kl?EC zmwfdhVWL#2zxBlogQ3eK1W_yzY|Ph?0ET9U7HoKFy}s6~T}OTZLl8;?lsq74tSor% z3_KD{<-gdx#KRsui?_g4xU?`yYg1N1-x?cMsTtWFs9b5hoS&M5zp6NJP;*iPp)c?@ z`BIwLG*h%{Z5n2#6agoV`zW9%PWdn<7{n7>Ncti;RmwY3B0SCeL7^}OPOeJiC_lfN z2F>Wo3V~Aw;Y70!;&7>m-~N)Tu4Kka7YJCAiNf{&EwcqpCtm}cuSw#YH#xEk%ELDF zn$JjqITJ_qS4VDUjW&yL5bmv`n|9GaMFux-%q(s^?@0RUtAIeZgk{Ur6el4!A+EhN z*Azhwb1LmTi-LrdWR&z3S(CVPp2Fsjt(+RQq{>L+aA!4V1eQruFJ5UhZ?VnuUqS8)J1HH9nYC@KBf| z2<5``@x-3-xhKqqvNE+eL4!ksR|ctP+i0d5UWotN5$q)$cpx!tcWA<`^up?>`i>K$ z6OJJt^5lOPsfj3?ppcC>~3k0n#8v2 zld~K+kXqvFy^g4i-y=_GcTH0#>P2TzXY-Rw1PDt#LyRlzzy_XTXa}%rT*&34XeR|r zm#MSj^fM3Eu%%-o=(%qKCjOy>4Kt3Qe~z!BTP$VA+R(@--WcfSh}lm4^X=J@r$Ead znRcu8XQAG!G2mM%``PCm@$2L0Ym>p;OCYS)+0Fr;Z-K|hrtwb*u0f17&d9zBNRLn1 z2Ssvc^Zj4&fd*FtlV6zabl=r{D#=Z>`}sO7dl(v6O}I8bdP|P8CsE)uV1l|fSH{EG z;%FEY$=6?HCXuNWqE@J2WIQNuPRRAYROh_HAnh9j%*H|azxXLA^cgRlu0{f=_&ffuqBtruXd! zHTq$>o2q&l+}GDvOpHUGsyQafVI2GbNBFr~@nItTfcFtQna7tTnHHpC`OIkXKPQgd z**+o5er{^HK6=Yf-FA8Zu~2g=tw$CjVUN}%KiKmMe?9r;Iix}&acy%~X>*8+26H2Z zCCX6Rxyl8_NX2<*k4pRij+zyEuW&U16DlUCB~(Z~JO_gif8MhHoHus+5c9TRJhRm6 zdbUt{fgEMJw1?6YJhLk&yGrvsW@X*vELL0ofEk$Ba_IZXJerTt}ZAb7vYTIX1MUDog(gA z4nt~HUt{`O!s1-INHQ1Ma7iD$Kg2Uo?57fIU4^pLza9-9{P-jBF@1{E@q1A9Iq|ge zXvj3ZU7XTA5YfX2RxhA)9k26+{$t?`0iR34&wM>OQk1MCeE#?A?2nUd7ppm;|5?}J zJKDwk36W{>dV4gV3=+=$Q|kin{$!MnK3(Yq%dmy?!R(^ZeZYT(W#C1_yJkttx z(iNvvAEOaavL5pd(xuuowcrK0&@i}vk;l1o(z5_0znd{_{6vz?C|fpjC>mhvfkPLl zGos~6P*LDbXA$kL#KN`H$9jBWS9-`4%K}$(V2C#!p5UEWpRixff=&>?Y8S#C#APMx z9JE+H3G2A3=p8|M1g3fk1i3bPY8CqEYd@WiC(;i^==^Zu0B&^XE$@F^+@Vv^9#8_r z-#KetBvt*^&VB&db`OCujyW2wk--7wSA5WY%|4sH^pDv$#facZrEuV|! zlouU~A{Sz30d~8KedXaF>*_iR4i=7F(0ii49dvvLLk})<{$s1Q4~j!Hkv(L5P69KkS-u)3m-#j}pnP ztmdNCR1`jEH+s0aoWY<(X=~$QXKOI9l%a5fy#T65RM43<^1wtCypeSAYl)+V`nlJe z$)7X^l^N^7xxbOt1I8@BN7=5E8Sj|+K4RUkTKF9?82;6?K_QYkK633@0tjXay?^_B z)1M9>7NG~}=gK2kFPchsD-5d?Vqku@VWAT zc>n$mAk9(LJ|DPxU#}e8&i}hsmV@@o9qhPIMeHPRcJf~ zLzaOyl!HDiXJ%n)DdgXpqd;_{Faa2ZLBWp4HFarxnNm(o!JClF4RF)`=y?22mva6{ zx=;h)A;*}?HxXI3usgoftvAG&wr3dLHVS;igJQ_9{xIOL(^{O~_Vd9sgxIwKl5{p!4`Zv>qCr4^%ibBWPY~RWJqZOd4adO^ z*^)>MNG!RvA1D?Zx~MH>K&c$;qOhb0Zlz2;>8{+ebf(IpeJ{BL#sl4zP6dP^F8%4U zn4qN;v;LMLWQwHgw_3h#8l8#YI_ZX%w%EC>I*HqjyfZ&^EI0HyK^d7wa&@~%?+m{i z!?-OMw{xI?cJUluRR)_bY`2ewXStKp{usv!tR|9LAI)S04FKc#)W75P@|5%m>^o39 zN((t(=YI$4%l}oC|EJaXW7FJj_YlhaX4bUpI$ZThQSwb;DE}%#qrMAvrfdhtP8~ii zMJ~#>udPOOfDSUXhX{iRR)#78sY1jeIW$xX1Sbug9+K{3(sEN~c{3|z%Xc&cIoCr9OjDTIhFIkNhX@U$i-TvC z%EE#D-XZwC=JOr9q%O2HYOph<^Tp5sI0A;Xo^sEa|Ghq|A|Xafn-F+|*gh%%w&(0U z1fX-&{h!c5i33E_=vsC74H?O{2sdlw)d?OF2u;Lm7V%xtSJ0JUMMBa<@cyC!>+|6; zcIls_DQB`ACa_V>YQ5B&vn+H^&vVA(Siq;-k_m&x-=Md!;@XFEETeb%Z*Kd4O@_s_ zp{8B35OK-3SOyiH34$n5KXEOeL4TF6ZN zR`&HhCA49E9!<<#jfr1}c`vMDOIlAM%IhzgJ!@H)dGs#KxJBYIu1$Tso5Y^Nhy^+$ z700NrZZui8K7;NE-vrj7^9`0#6Wg~n3qP*--b;!7lxco7mjT)Rgp|oUqwWqTj|^7* zu^&YkokVIgFw0UnReDOf_$KNow6#qU$R4lpJb_U%)CVRrhhoSBtC>#fi6BU6*6Iz{ zVI9_eTtSb=T;WM%+hIQl*$82npt0a5BA&ppE&+$Q7K~w4qKYp(t8eC-^aGwb&6eU! z0({bn?Xcn;Y#DV1)PD=aX05kUQJi!t^ZMwAx8t{e|DV|T{jHY=p|)yecW}|8QpG-1 zew*l;4shkP>5=DVm}Y8pr^Rj+Fp(YcsT~(#3asxxtdVopEJ$|cBHW*DGu_(j;Go)d zOU#DDAgCv-E**o)M4T#piTDi4I35eNl0T%@rYe_4eF({TT2$$*piv5EZ@Kxlc84aX zA>VoZSXfnoBv&8zNhYrmzI@pJ{ABUE#+BCYA5`Z_PabP^aZ+!E6I%f7=wskt=)&|_ z=gG*Dn340a%%p+e$njAgaZpy(eaq3u9rUtkt+-o6>7INJou%u#d%Hq=!Qc(G8vZ1{ z%z>5Yfc&C>0ZqT&$r+50MF=W=be)84q#WFoCEcZmpWjHto}d-#1#6okG)g+O8QrSg zPu}nONhy)%>pezG=uj^i%LvgI>mNMEhK6#)(nc({Yb7KYNcfeE z-?{34_SF9Cz1+v!_(2nbhWdJ!6V25dmIx7{IaQ9yBUPvGB1^eyooXPI$J{vELu$Bs z_)HQ{>K>Sj!b*v^9jDdk(r@ApBE9dC++f=+U*{=IZQ~n@3zra1J7iab)TcX$x(J#< zgV6ubQxzlxIt!Ato%tSN+pg1|(uO}NG88hN=rh{oZV&*7PdIQ{p19WP1{C2QG&MSK z>Rly+RCTWN*@OE39Cv)a*=O6-!r z%x?E8@ZxRD;eM5jg5|128TkiHg0mvK7-4ThP?G$$4LfnUmY4YdLZp)G^DhqtueV#i zm6{SH2XFhBRyFYCQ*Ey;-2*HWtO#h6Si>$^M=A)wfGl{v$`Rc{AURSf=f4>u6o(lH zSzgFFfMq_9iF!PO=ATu7u+Co0ugOTeaCm4ytgp~+`rCcb&=#1`k1e z7<)et01-)gHrbK5!Fb_g(-6++g$;&mT&U><5MW|nmJW|WuBvE6ZwW7|;R?T|k?b1> zsmm67~lCZR0=frWNr%YCcSPB)?(i;lH(rRhf)EA5;1bZRewmDM; z7y$spfNJ!gfgl^Mm_+u8<^6f`9oDo>NekYX;!&3EX60UJGKgy^w0+QK7Ze3npn>k$ z)fY8G+w0_Da=D=Fa7!vwd)(^g4hTC$V-v1CVr4##DSP{f_h69!L1(B+` zaFKgfT#aCf@uJY+$d_Vag#!Sf4bap5(!LP205Dl15Qsb{?5yhyctdhXCO-{IB(R;F z5V2ABj2;wPBqXAgAn0@nf5-BrbImYK8-zDu78V#rG*nd90#NhN8aGi!4L^+pPvHy? zHQvJ?mk9r#V|@-?_jl?G`u5()vc`wgX0#vObC9l(w&vY=M0M&9%)tpT*({^6po%y| zp#4i@^K&e}Ci2BNqYi~OI3|adUC2ZIEs4!y&WMbmZH#Pg!WgH|2sR)erdjxd>K_4- zZ)m7+d=P1me!MR^f{C1EBeE0=Ysykf@)ezjnq^q?nks*UhNF*iM~C-Y$520*k+Piv zpGJ~h8uM`{I*4`MYGCT}Bz+w$$9rlrO5dLyi=DqnsJ?S3Hu9nvB2!2mTmay>a%`X% ztPngcmZ0$jqXl=Jqe!&dOU((I(uqP1zp!XxJD=83U4XFj{55kBsZUxw~6A09s3wA51iDnJuT$>}4?u zDSIhMB)GnBw=LG1J;fh^UU_LH#^%${S5Y648UcgUQSud;Y6McvN^Ubvq+5r`qy}KF zLly^!o%L#WRmf15y0pn_qAcFT{{=|v4MU3qD4;LsW!+u%7H#5n^4Y$SS=8h&G*nTfU5%E=CdHllBR8zVsak!VXC=^ZE zvc^M*t}7~p|E!sU7$-LhNH_nxw$GE&6Hi41Kns0(w+@__&`S0jBnxmyraXtL~bn9Sz3S5;fC*cy_7E^=<Mhz2-#fXjvA7 zJ;s|?EG5EghU%#f29WC^5SP0H5BD3r1;aT=IZ5rxwVH3wB}$rP2C5oQcyJv*nnKN# z9mSI$Q%_j@ps^rxB$+*=gy6wLr_PT3EszgDPMWog-c*Uq82y}2ay81w+;6a7jOA=S z>Ng=-R~;{FBg21iyA}&O%Kpcmj&=fK`f2QW3E?%bbtxWbRZKcA&I;D|JQE|Ho$HEBHJvq7_I~Ez? z<3W|6c83nm1w49qxWz$T91?Oqc0f7XLN3F#q&&cwWTzZsa*ZQ$GsIk}#^%hD zfIV@(;gP(mFTAXet}qnt-uW$6q}$1!p&J;CA7`J+Pr05vf61&u&%#Z*y( zaqf0=W(!SMya6KZfg&ek*Ecg3YZN!TBy|a7&UB3I@R>+Gp8%r4C|v_|E+=+7kAkM4 zCL8P2{TKb(bthEZWPQ|KXX4LH2;e!eCLV)mQ8f@rizG#g#9_|%F*aQ{!jU~lJ-)-ISJF$H-eL z?85fGh1igMYqPdIPgEJ&MA^s26YRC-KGRW#d<5(cKW+Jo5nM2#jZVw565{tWC^S%$ zd-1YA@k~28A8mHJPH(v%r*5^vS>Wmj^BShda31DII}NZCI#mqgz14<(_^QTmsXlj0 zkbFOXDfuH{m@Z*;hrG_cn<9aC7ix`PJ3-RqHo%0)bBH|rpNHQshusI51kfEm&0Q=O zn58v8>>K&w5kJXz_(%5uePZtmDHX+@UnblYR$YQ7t8f$heNt5A)8{R ziAdwB-GsCU13|Eqda(!Sj~c{@-}WvCX+Bk~&05;Bn12H~0iy=<)qH1|-J@kD#sYsx zw;1veZ`!Gpy8c68%LyPv=SIPEK}~Esy(t$|8%D$5_$7(mE8!ll!J>XMv0B8n)lkhw zr|0sRy=fxp7jsw@4@;zsSO{FE4oky*ONT0_upC{kq6R>@gt^hY5oV))?bizD)9{!U z^gN$I;X1JkaGYe9iu$;#eJUKaC&@IE?~&TG5_{@>Eo2Q@HtxH2aP3zoAxFRw)(8k_ z@ZuKuxZVVZJQ*L8d@ODWpc)rdaS}*#=xK(1^!XVkR&u)Op_VFVejQ%+*=Eay*i#Cy zmnNkRjjJ_RP5C%o%{7;G9v!+gY;0No{>wFtKs-zgFJ_Ufe3w_oM?&e4G`ZB58)mNPN+uysuyT8%?yn#AGy1XWsh1h+t~gF;eC( z1!v>fse!(&A8A2I6W|x-8-Ai+uK#USkhMVS@-~@2Mur{aUHrwPD~T`^Fl~~|kis|b z{XWh>NmVCp39v=W6iFSLcBJd<>zvm0H+txoQ7;wa_sDsKD$W=VeqbJUDZQ1ixYe|is-eMDaDPae+5o(b=?r68k=K6dvjZ`O(#Quo-J!2M zP-Dp-`z)A%9D%B2q-iBD+X8|vIs$A|%t!*@s=ilpZ_UB?`G{+|AiYQ|oja9%nasZX zN|m9vys!*>_y8x88hGvu=2nW4KuZbx7yK=l%E|(c){I^N`vp7B9pslf0195@5BupP zBt}UtC}VMA*72qB#07wAn-rF4eIF|6JrO?mG&?2uRWWLl;?(DUKd`m8|$QsEChbS+**+*+~UXBn2hd6mm#)z&XGuZyIR6*`3%EMGl3B} zoLAaNGRY0aq|6iw30QH{S+gBFY;H?s|H%uek!jPlAIYyqh0WU<|Ri(9ts{Y);*v(M@Zwa4SFMQrOers+lHJhgwc;v(nv`d?4# zE4%Pwa@JgbQ8ZZZv{e#3?IrMoP@Q;r7~kIqz3B0&%COUPyOb8I&Szozly#?Ng?e7` z{*Cr2+6NyKsIGsT+(jHu#hfnhekggr*dxXWTfjNJ6@2{Fezxq6CsAgb)%m?vCJgLT z-{B#0RgLs0>^OYSg+|vtbx!j~cYbeopZPy8n5L76=X=49hCd9T zQa_R5if$R$+kZT?=-AgUD-nckanX}Irz#+n=kM*l$hfnvIfD8$gjCVni#}^KgKkt% zDlZge<4<;L$`_Ly%PITNy1u?6XbfI9JeO`BZ1FaS!JWxOJi)W-GKfyudM8H|WQd;x zD~E;zAJ?iA^r)$|9jRWD_U-=hc=u<{=4w9?`E|RsqQ-SaUj4f=<{m>gx`>{Bhlt^G zUhOZy1f#K$M^b$D`ub16fhG6nYQSb=QT@1cw(bS@k`7eH!!NIfW>4O1{`g8lf~d~F zVqhznm4@x7kL`=FOzCyQYPg%Xt6^=^hD#B60{8$d59+mmHN;yf{d~#|Ph<)4Osbf6@DmKPoHA8`fgI3ghc4G9X8U}}khr)!lMX>;l@RXNc#ZC<(X)_z} zQ|Kk@_!e$dyLBoV14O?-!kb77TJp14`25g>gVftZZ_knMliv;DSV45;TZZgPvt`#c zdx8xEiut3z?v){0;t?S|n}8ZLj85R~{&Tw=E;T{TzuSqniQ?eRr~+f5x;y@TPyz_l zNyK_#Rs`_3Z=r7saPKt`@?`YJOLjQwf^eR=@L^1#XAE5Gatk!uW2SPx^vSj@7D_(y z)W;FxQVN8~tu7^x+@JHvdV!5W_To z3GeN4U7dI6!uw+1mhJuoXkJwp@_3Dv0d-ypi)8QaV2@`!aDqyNq9N|?;0{5=KXnppMLqM<4n*B{nO@ygR|?Qo6_7ZYNmzJ-Gx z0OQr#UDXFKAZPhDIDfM9<}jo!f{pA5_pripda3fYJuUJOtbJe*;t>>Yb`oU$y-KztlD+3)Dy_xx7&2AEIs6aQ4$KQd{MOI%_ zwS_PmXP+P4ytTLC%XbsF{Jsp`Io=0evk7V{^Lty|Hh>Z~R$mzhYW9s3G^bw>TiScN zU!PrzRAb(I=i=Q2=XoWM7{odxW%s6cs}^+giKIj+nu@i(+_5MXbh*vo6hryDrO02Y za}}_^-A-)a6eZ+9@Q%yW#h+$JPc0h{gTu3{@d}w zTd^trc^1_>O8*U>MA|8`{&|BOXl+uf&;!;#N3MG~D?w(B4VUGYzuYZLo zy!`2mquW2^wu0eVX(RA5oUt~0F>6YT7S+oRQoaTQJg@UDXGNIkrhh9d=~I~ziKr!G z_Xw);qAeg2@?4f?HOre`wr{W_=IsI#n8Unl^Xur<)deRh~FNbqes}{+!RyGE21-8XopP zkhx2joH!{YTGB%d{0ZIk^PkyEFEQEU(=oG{yh3^Qlnq&qz-;<5X$KM8dXhda@@Kf@ zJ(<&daUwJE8r%Rv=c#_(XJg^UTl=`U=$p3%cg&M>a(83Kr{iCO7O@y_3p_XHEdK8` z$-n=0sPS(sj+BnsW{eZyCr>w{BfM>ZJn<|Omm6n>DRI+RRZC08lL?V4N6DGdO(H)Z(H@po0*-5kOsl$3xa6R|EjG-y%yFLWTrj zncX6XeW%B^-{@cr{P!i2zMpNv2(6GUOpMs1EB*d*n!v2ZNVhy4DlhTNll`(<&Knu` z&A%{w)#q+Tn7G4~0e`EzwfgJzxW&^++Qa*dT0t~97}10wdB1=3 z6jNb%vqMT?HbHOuIC*N&$J^%uQJ%*|Erpl>J*jrFN%)#X#B(BSrD@HvMnu+wAu`}^5(kQt1o5Ruy>X0rlL6-Wz@XUg01o4*7)MOG z-0r3nFD>prD{szDGFwN3yOqh_NnxE{w|uk4rX_EQH1099y28tGy3?mesEZBO+npW{ zPYhPv1;C5u!Cakv$n%vvirwsc2aoyFUfJu5^21ik%3?-5C|?A~Z%j=_!RVj8sZiOZSKkrPdzyaSH#Cj@~ z$Lb8`u_Dx@IqmavNZRHz3ekyr)MVZk3J=T-}M~C|qkL7R>cXR%bc9cpUtW{mEKVMd2 zyLOA0R!sp4-|!@#c3U0RRuhOj-9K|fU-J0Rr{c=s;=SuE-N@_?+N_lAZhl>ZLxJqk z{qi;a2lXO%dopjwKo9G!ZKAx7E$t~#&b1?ctx-Vl4NETt!6=wlbNf+pSc0i~x6{V+ zdxEy&?fhG3H|L+vd$7;?m)~7;IJ)u*F9ORdwQ^q`^{G)>0PJ{K7&36*tB%<^17OhX z&<4DT*kE++(2E!^t1_7KD!93jrsQ~mQ)MvXlbUXsNw)_zH0akA-h5125b!NuL66nF zWB1+ShqWz3gj}oEsi)g~zz~csyE|u))Wzc3^w@pphC+oSr_&YiM zwBa6_R`_QLmV~%>aMvpl!%ltH6T2@CB5<3_#s5enka)5Kvyd zT{|-)mlxSAqnPXneahk58wRM@)@(#8vE%>+0T%9w(W{du7Tli6nR<%=@Uu2-w=3}O zs@Lf3`N(~S7zRX>H`6;eS^#E}=xC_7x7j5Z#nVva=Q+rg@}M*6lV||=doo;89aymezInT?yR?)0+IQF^l=3uLB0pI2?DV>fgd6=XE zsKblgI6V1F$n=@dJ3%{-6v**hhcc{>^W1Yc!2$qYcqY$>+cks)m`ypQIu>CobyCHN z-0wQ+b&=zC9doK@^HoMXzU;r6@QK?$6f3sm_GA@>3;3*fEQZiA>I=m(>~nOmkfM7U zxdc1(gEz)_P)?1Alf3zb$gSsD3#lI^eerxMuM~pc%D|e_te4YEpMxw`uf;iTX+LoI zIEUcu2eirE6=wfeQ6H{6@+%|=LCUW;cpM=43(2-ravY}*Q_i?{mLO^0GD*1M!dkRg zrCv|`h`k7_NwO*k$a&YsOy2;43=l*jQ3@Gs<0i_tEaYqKt@|v}R$D;MRylx?a-o%I zDx=AVgv(oZvyPfPUV~m8WM4gQdsGGmz_oS0a;8oA+c+Ypr?c`k4Z4$10e}fy+~9Ni zFb*Q$dU<%irO3Hj5S5WONpTph9hsHBsS6T;(a`5Q;t3P3Mt`DDWFlfNw_b7kd$xdj zbrYG{iNhWSIM1a4pM~!C&yjJgi`}mDuTR4m=GL8eD~zzteMErg0i&605Z_}HwuPt5 z9g1P|W{sDCpsp=1A<$^C0FM%k%%;|GNEM}|Eb)0Dd&)*fX+7mtSVd{DBZP8C>7YtZ9 zeP3m@6-Zori-8FpCI3EO_k&Oae;E7`oloVuV5?4I42o%a6XdNm#XLvb7DMTIH& z-OK7{cZ#*b4Xr~~QGC?vtonK>^rH)5_~pq6GhLH+4PumVn-DPg9U=Lf+TCigzdmt$ zZ9C9lR*%xRaVZw`Iwp#%AsH5xVRu7{!2pGjc#rKQLO@iXSL(0vy&t}9gv>x5I|Ah2 z+JNUihuejPCCK*>(?Q`y&rhqG-zE}n(Flh8OaTN{{7mv6CC*}6-P-#r&8o}-EK0Zq zw>0Tu+0&EH^4mp*>xd*pKLJ=MtI)K)0xTV`wVgt=W>W{)Jq|}NUz`L_fs2{o08pBt zfgC2orO#*K^H$-pM_{e)T6YBG`#YSeR0$xc_7-8WfVb|$$yly| z;pB9NjYon}*(wvcrWqW*3Q@oatK@u9#F7rX>)wjrKl)HC-*E>&qb39+;@<(4fep(h z!B)!R-}(!dLP&s~WIc}0!TMQb7qXGm3p!S7ZvBw{2=Z!?q^p z`m_?|swh1cL6}J&Uv|`=a~&^1YSw^q;tz$=SS2bLlg~)o6&x)I5NqbzN?g8$^6tBZP zTVt{1q3^|I#G=pDUyE*)cu=Or6fJ8FSM#b*!+H;eJ}*yg)<#LO*y!VA%n2X24R2~4 zS0i}Q*VF`Dm$+)X$|AK}*dFG*R;d4Ov&`tmv^dt^vxO?gPGal`$f;Ot2ylX8 z={nKjFLH%|9z^vTNWleU8_#AUmRL%L#m&5g;XwTq(|~%P#rMOWNv-WQ0*``pgog2ntVnK@HQL4q5Io_sQbEN<(p zizUYoV@`kun6>B@M~uW|NC;V+z9U9Rs)i*2G)31OtK*)c2UofFo>87O zp_PhSTAdLGaPL&^XBX%!zqg`t@D}=b|J2k7J!k{>Uo}S9)?mAy4coRf1^2c0c}dl0 zG`Us4zt+`q5}zL<|E8|iCj5f!aZyu_apo{hYC^e7x=oB-ZBeH@jqFEHDZZPHAxrMk zyGk7aSHs*wgW_ADD|e=i1brJDKkeqy{Mg_p8GLCqvT1bCh?ne(!`pJ+yxt>V@&xD@;X1xR8iJl+W!@PXH2r;lQt*BzpzEqWT?Eobq*#iy9I7l`Okr}sN;Lez}P& zaNT!l;4>ZgI%&3@RoM|~2CgQxV@bF8=80+Qn9b(keRU6VuyKVXpJgBdzH&l~4mN)) z1q6BlNw`YQvLSzx20QU5Qd)feQig8u=_ie0#HUxa!zTWG7H*!|eg@su z!}lTps+d(=!-BN_M{nwcK$><^h1$9}Bw=4XKyX6E;EAh@^v`mVzom@pbnP(-7spZZ zm`O$JqvnWcYNnKaGYPz+&eu^#96wgIt~2U|(hk6cbBB6X*ECZ|xQ0r@nmnf*!MY^s zPyG))OLc>hQ`SNPLNMR(ruYTMC{;@ek9%~ZB`w`jb6@%JPm$8o4#L%V?K0M}br`a* z`n}p|fl=_k69}O0jRRk=A(fNLdRR*7;|~wPFU1k;NG-IlyPSmFEI16hXi6bTbyQLv z9OZ{`$FmPjJB1w+vx3;zC*$Cg>?CKwW0)#kE3d0oz`qxpe~DZuKJL;*5<*=E%D&3? znsmo`Gc}ZlSw;ot$1(eUQF-*dL3t!sk2)eQ>vAT0imiROO1i(q0s7Kp1U2DXR7SI6 zF^I2Oj7hMs7TUb5+FKm4?h0i!p;*Xr%azq##82maZ&p{ko`9Z*6u{4CmINX2-emb^ z;rg(~GcduNYk|&%d7BGEpu3kQB4NFIN8k97R_(jbLmLhsPLw9Npv8erv(Np6%HG~y z6sA7dF>@LwT&>eIS96bq#8|zFyGh)I0f%86YRg?YuBk@Vu3t;@@=Z4nq0b-gjRZx2 zd|RrB{7#~#NrY*WhN`F>!I)udA0eS7_qC4oFiD3pq%SnYOPh+t?d9*8EV9_hoS#+z zHo9NIuwRf!ls}%f5pvPzkx~O{^bY6vnyAmWZHQS?GI-kGF*13{5Nf*4SZDnz?2GJt zNL?6?_Z@hDY8G0lBgrtD$0`z|rRrlCxMK@WIB(iJMGJwO*jzX==cHl@qoR%1(2@X% z>3aQBbNUki@WG_wBVf!S^Qx8v2Fj$6ls zRJr?H2NVE7@X8X%lcrG&5ANSRjA;|>N`(hykFakZl3b+g(5&_03$2y9nCY--U}!oK zelta}*5D0^-yAEUe+_a&YyMo^sI0F+ZhjzUvvZN&cSyFxAwSs%XSnZsd2D^hXJ-6Y zS`rW@7Ti>@QBBN?CE~jzBG8aR{cLb}#fF=2EL2Ep<8;Y0q*UD=Z5i}Ke;OGHb4+a> zL&>pc&3mNwxso~GMwdI}aznG2D{`t=#8AU4(*g`*bL`9vdo=;zkW5U~oz;!;Gs_a_ zkXXWC6EjHghIzh0Pu$4tSI10OW`*o~f-Wc+V%}2ZbzZ zx1*V~Bqm@HWMW3P`J2kXHK0s`b1QMmS};ji7u_tDG5m(PXlOm@N% zRy`YMLMFBB>ch3IGhKd6-p_yhEpWwEKd~2zMa5wOM2xjl15{<5<3Z09yLS{N92P%` z_R{a-fU5%-uOxc2<>H2aeW#`_%nXDo3iSceVrc_D?n-#ra$WqDX#{XfK%vj)v7y(q zTV?{hQjoA&0&1~%g)bsNjmwDJRSs@)Z})3%=VnUqG?Q!Y+yS>Ca&F)P(N6%8acQ0@ zzYn`Bfd3n@y_Ob4#YO70OiH`-P4^w<4N0ZD9`$_SfLvlsec*J@- z@z2F~Lz(TBu^^|hCE+5kPnoRWw0I^@31Z4Kx-00J1-%lPBkFe*_ zGURmE{g}_&_noKv81l~A)|dW+#g!mawJ6cQ3;Y~=)vp}zhcQ^|NHZcpWwXsnReEfo z2vawQ@=Jf|`HlhCCc3sxmn9drhewSWsn1&o%65@K@!sz?c@w5HHSZ7E%P@OSlLFeX z?)G@|HUeJ(Z@*?}egHJqnNm`A$^yZ_*HxkG6^$k$A6oASfE3Gjpw95V_3-N z?$Z49svV8Q>0|9{WJ+uRlBL}VMMTkso4F{yDEtD>Ti=w4shL!6J3GWMCuu%RIA!xD za0no4c^m%^0B1m$ziO*;$QPewY>uhqOiEi89vKER(WWuj&-n9Sm{5d7tta!=jny;CUMf2Y+ zWB?T?dS*@G!0r@I#4=<3O+>MW88Lq^y3>|^lq)kwrfPBhvTgc26lSpukf)EDt;u-2w*geAWu zAz(aKyzpO=!<|Zm?`)*|IK1N^I74uk(;5+IjY1_NFnGNZ9TR{oiyuzi z9|ZJCj7-pcjw(c8CXgl&6SZzI9KONprPedCY$3=qKnxZjfEXY`_-hJHA&3|Z4mAiE zYpfTT34#$aiL_y}wUaP0Y~1UW!Q3=zLq=j+6Z4I9jpI{6WkQCE$=bk;q#H=VDgr?C zs)E>Bp(k}d2+uE?&?aQtY;P}VZ?B+RnaXUSJSL;pTC<6^u;q}*oG$N{PKnnEVxvYu z6qO;Fm{Hoi3lY$F1+keoPv}x)MODWHi`y$gxQ@h?+c?ZDD{bN)1OXlg6|Ah#-1XmT zRS`x@{mjgKLb*%Q8m2@%D1V!SA^?&(Bl);iRp`2M7vaxrbMMLbfE-~Cux_#{f)${3 z^8&~g(Fb(xB=Mw7imgk^pnBD)(n{X>R=1t1|sW z_IszdE@59-j=ZP4dUZ7>Si3A_i+yHOBA1|=bdI0X??2{bQ&JKX)5)vq(7Mxrrk@cjoHG3;+3RL9DMHu@gfnEa_-?i3>Bqg&9ek zS(toE^~9{>9_^e|Vxeoz4|%+P}@znJ30{1=g@ApR6U< zS)1imAHY=39F4gjpAe%e|8L9PJ3pr&KAf&UyA)L#kM_D3BQ}9&^Ul9K5&7gHFs65dnVsMQg+ps{$Sp)#ryx>#}{9j>28*WBh8QY786p< zHm&)leXVIOyBqXe-(Zx9jO!#g##349IFu>tGK+|3s6zM}O!(41`i)m*Z+7Ff9K8eO)( zZB(zVy<(dx-yf{>U0b=?nze__rOo9&K2R^L*gY>$#RlzX`weP3pkqFL)6|05Vbs?) z`VB+GwT>C;a>W{oBVsUsWKOq(S zQV!7rNG2X#z`-3SSWb z03QitvN8W+V&JjTmCvfovXfKX6vUQAl{58E`L@}-M9IAu&;YQDjl$`AWLL`{l2IYG z3NvY@R`}6G9Z2;?-2yh4_xTF#P8-e3qLiv)E%3}>W%$9g%#8+1RpGpL>1NbV+2u$w z0E}#cc4zsesc_yQS8n4Hs_o%_@i+tCcM!*Q$@S-Ef^#zw0OzOuUz^_Gg&S6+Da@t3 z`oj6FAuzuZ0PuZ$<)w{B83-e4K|)(?A?i}Arpx{0%=7jyNPqaeUT3S<9z6`fL`;m3 zBeo#C&E9)DZ#~{sJ1HF}a37zm=Vj~#s(Vsuh=22gRvtq`+Jgy2Vw3;OuLhBkrV=t= z-ZZXyzWzUcc*DXBk8^?-RzdLyq@=OE?*IGV1rJQj`zx74h9|zhYH|JuKr-O0&zW9ET3?K^TemDtE?= z?Nk10P&=uEys&zOJs=``nd_=~g@Y<_4SIUc0uuvMu?u zNF__87!^n`fh0f>Br*nha_pI&&gsqJ#0uY!w|l0$r@JR$2m;{TKY*U|)~Rz&)l=!N zr|u{FQ7B(2u-qf%;&4{g&ho#P(5ozOGf)@TnY>H;nX9;p_YkfU&{q-_6-&-dBCp8> z&sN)CI21K|wS%YPq?viJGymD++3C``8N(|_qvY-sQ=&%?ZrMa2)#Ljmr83pt7-~=D z%}gbtcXsZbE>Hh2mZG}_ezSH9NF1D?U9vWZy!riL6x0czH zt~Yr!Dy6BNqrDO~oukR!qsIcO&*;fH-3^!5T2K#-MGxrCq1?zD(*V3$WF>VoVffXs zFkbH1-15V}cpU%_btLB!REL)#_ z2Ee7#7H6rZhzm>B4^vgTp)FcL05xGqUaFm|ucK#H;lg@gP9kJb4|{bI7avUzoVy*w z^vApP%n;FvjBF?$?zaa#%}shIdefVC$D!UB{(5$EGqD6Hg-du88;zJHbpep}6e@;m zi8z0rq|9zO8%hTYnVk{SDN#j|XiF;2E^1IPfDhFs3(nxvbUiuFNHfehC@cv^SNEZ- zg+kcSK};TQ=%6Eu(lJRE&+=p+pSBEQh$yOE)RtHSMmMSdu$n&GmJ4-dw}pgUSgE|^ z!AV7{63_-C3e?o$$S7ZP0X&yaB@8T$wiiiiP(=w8NZzA{7SAqHaz|#UpKV{UtCz3C zNni3tOF{+t+BxeABK5@U@w&A`9|(gQbE_{+ncMn9y0Y`n5-nz$Z7dMbCXe!^n1V|-J4JC$$>&dV&Je64gJ@4n58_alCw}N~@$9?tLX?O4kiPjm^ z-Spdr>t>u%4dVcg=QA&u;2$#5?=7weEgN@=Tr{gdUU20W@4`6so+?#H6w>UM^rBSJc zMIR0(q_gQ;*14SPO3%<}Hnx@)qf#VddZ4dYMAs>2s4@Pv#5tAy?$WD#s-5K)bw!|r zfG??~1AxYeCOEGl?J;v;SGYyNoiAYT1_Q~-sk6EwK607YAn;KP5V)U z|NT|=`Mr*fH+7e1>X#>_>QM6YN#_p>6$YbU-#Q(Sa(K6z_g2OHs61*AlPcYdcWPwy za9ekG1v4Cv9t!|K!i!bJA>UiPg|Bo#+2oz>ar{n$G>BFeL5HT7*JEd`yz;w9ql2s! zgz%DJ76kQ|djVfu#CyFc<1}ION@|1%a{gV;w2WFQ^_FGsj&r}0Dh))a_Yz%a6#yQQ z_@|eEBp~Y;j*RE2sH=D~^7b#814v$bkysn!>WfNL(ByujX%$UN;t-Z#)EM}$5xl<(oVJ$Xo!*Y$V9+swRx@E-vLiGi;2takNk!W=R1d^SsJ16T70G-Hw zHyp6TJ6ft;wZc)OtKVEkKog=`{nDGm3k2NJv4wXo*QFsZ=ZxysZjv+QOCt*(eD@a2 z)XDKF)gF}Q%k9mJwV0*!mHR6#mY5IqHML3s3YCCXU971%CPXa~&^#(GAyvon>cd%Y zbpo14rRsV|1^eov-J9cPM}XL~+QyyMPd4Vh=eBs@0CvKHyYUUCZVIZWtrlhXk6GzW zwKJ9EmfcaHi@I_*To30BcmRYVI#G-$sZfteo5_D~s4!x*7L@z>mzVWC1lR_9qd)&f zcKh{y;WJ0FQKWwLCe@lCFHbgF$3JXjTwecy+j_n?bUU>h zwVG*>r3wJ`Kx&KP51k3+X?AZ)jm$3m>LRX2M%hem?jQo>gXI}eM~}{xq}dlyLKGouRIXG?DZ=tqX|=81FEOelp$3B)hs_aH$oANRwrJ4p)!KtGI5 zNnfGMoTDW`i82i;2?=rh4uwA8Si&PFCLhMs6E`LRBh4`qQ$cY{;^TCy*GD zgzbcN7z?>oVy%_c=R7w>v^30dwJ^AIru$^Q6UCdt{H)#cU>tl$2Y@@J`c(aq3B?wcn`bL zC2mz#$Hm-{=;*4qw;J+jK@}TIN745hN=Rgg_ul)iA2*~ywNTN5Q1k+{vOO&u1C(2^ z5jrvGNr61fN^Do2DRF-x!wBjErUg$gok7y*sY@AYa8*{4{}HErKfu0Y#wM zlE+N1)GvWA$V)dJ)eoLo;AJL4QxfvzAqC*`FOe`>Z>Dn8OZD*bmtO`~phUVR;Z!q; za7i@p5dfuF%a}r=;A+k4E_l*jS7$Aw@dHur#zZ;ez-Ok(LjaB;J#}GGtGXv=D{7{2 zVahes%xq%WOS*=tOHG0>LMTz5W~~||;0NA7DpF6%@1syuW$LGaTnbZ}yFEw-Xz`1&9Nij=CM@GV?V{8yXlOknG zoX3Ct$CoqvPG9C3w&OFTHUO3Ee({dy>#d&~>wNyE2lq!=efin8O}YA%y-K*tVoezQa{O*KXX4%3x!BD+ z)!a3iFzwQq>1V}BOCfRSN|Mo`yb`WA<=GAA1I0u7*|W5fY-&JTI#Fa0g z!k2FEqrZ5K2O#0lnCVSV|MYpgeO(gohubxE{BLbr59gANiC38XAu1>BmX9x}CBA@gV-BSCJBoD57NN3{fR&gDaqg z1o@BwxJKEZY?LYF{gHYoCRS6o3Kp@gTmlI$AtZiI+Y zmivVMA+fNr(Fhck(y@p-Z-wR%_7SdstWo}Wbpk-Xj3o^RSv@{`8dIZ?gd|NVDGlS* zyNgH=ohZhrBxEu#r=6CiI}_()z9dW@lS^^oGjvcTYwI4~yncyV@y*JP_0(RJze$Qz z)0mQ)Ql(e(zTw`>H2{Oviv&P94FYsU(9X7N7KuQ3E~2}F_h6j6Y4hH~cC?4BJw{CE%nka1Z7 zjHsLzcB39J^Gh$`tnx+{+9TCTo2+Cfo3>i4N`prm+O@KotSpeBaCO-b=hEjC?oiH; zW6sb`?1A|gTB-3!;O*B~ow4Gp#gru#XqDJ4iKYS2(tP}?l>$)J-R_`JwAxPFEuZje zABqHk>*A=lK78JoNHqeT!fz;Qb$lk7I;3hrVq+$lW>)95WWitxEIFvxUY*jVs492k zu%7Ul)xAV&q#6=a#M32puUERMa|@pSz^H$`KVzD=(^W{{2Dov(H@Yi158P`TzY&4uDi(K*Asq)eP_? zqPeO9Pz;DmxJK3^py$f4#d;H>gba?(fIxL8rAJHvwn-dq*(&|5BVc;UTA1Jb>WW=Cw zyuDJtKnX`&QMEehLy2NiB-y#uNLxZS*s?S7R7ss62uT{#+PW*e`zB;aZ1o>KN;owusA5tmjIJN{&&oFy87?%1bR_a0@L&^}o& z4o=jY8qjH%gxWF*1rw|e^P1j;5^gb(3#x{Wl!dcOvL6V%PekW79zMizi$EyC7q@Kp zh#YpinC>1`RRG_o^;k>pQFcEpsp;QSc>t&NgzimFPy*m2X_QIyXBH$O2UWvroTj3# zq5@YSP!viVJCd2G+cNTX%ZY>8I@yENHg7`3#k-_wLrydOwd{2fWC%%(wjpK7xER+} zg7S#0&f{p_shO4=KjD=hj!3pK{a1PjU{(cB$hjZU$gPj;jyb5kQJDZ93W7-^@och} z2V5*MynBVIs2NnF-Tm0yCUeSreM)l>KfKXVgSdfiW|IuSFKw@z`i1-X)+B9c=4NG^tGPQ-ke_K3dwB4%Fakh;p8Dy} z=?k4Xp_D0QN)^<+&$GHEqmM^8nBFpqSVXcZeUPnxutxWh)yQL?n0O*6Ilw`I^ zyoe~3)DcLwRauXeN2{6Z!_>|_>RkJJh|>`x^%BnQ1I=iT6t#n@y5em=lgyaev{F*% zg6a#6=$k0L<|IFFnE;sOm>~yn;|6j>?}Q>*V%(vu4x$%?-s423h`RmqW4bu0QKNB+ zMsu5#O+cl9u2BhM^2mb$Kqm|5K<*BG7}@P=S-10m&~KDB04^X1>(B6c>68Mvlml?6 zs6`8?Klrk;XwiNSSK#L{xdD?rH#FXe6i!4h7&< z%2hahl*uPZb+3~#R5VbHHQ__X0JaITZE?gA03k3m71U&8EU052X1a_kqjq=SqR{OV zr_3qgj*Sw^+`lm84@mhmBgy#OqOs%?UGU5l^Yz5@nW0;Pg*yGr^ZMWKU2{|9T1kC9 z0U$^YZLA#V4XeI8G)F?+c8w}W)1O=^Ay5yAN#v$ZZ38LSXS8vR#dde2K(fxlPsJM?NT8PLNA`lRU~telb`5bhCLTZ;jd0Ep;vrny29N?_^Ihn_+xLB?h|fcd&gB*Q#4#FCv( z4ag89zj&B^wkWK4;m9o|>ilS3ZtRcEC69Dvx~;G#^|WSYU1Aeaj;`dYFMyFSB!JE= zF-4fv9E*r*s4I(50^7g^1#0V@|dR1Up2Rg=_woa z<&x3=%ckkq(EZY>HD|pk=}*)2mR31e#!!o#Kq_VOfi!Qx{E*OJWwHU@bJ{m^5wI*e zmL;P3<%`)*M54lMMdq!7<2LU}-*AGR~;MFs; zEn7RhS6~9j7;!_{_ig4$5{J-}Qe7YOqTQZ|${$e9k4R$&>{ML%jLiTH836EoRrtPr zF3-O(#iuGK`t07nG#1MLDHJv)w;oX|oxdvJ&{8s-W@e{eQLIfVUw|-DD;UC<)6(6t z(0-E3xb&?=`$N8y3(IGm_V20!U9_Tt(>WB!%B7+*vJP?Z>Lg>I1wY?rj@kP;vka1C+bBIRdhDE(ez=bD_JYvWEZDX znXxEwe3VZX+*(8a-tF1z2Wc&!x#=T>sARVo^`g^SV;c0DX!gTwa9U$8ySWirIYRMp za`1+*d<}D_6C00Hd6z$b#%WQ~17TTcC2#;#r;e^pyijb_+w(*MxIt*i#t2mWXu5w! zl>z)Fv2ItkuN$2i+|F@_FeY!&p`MY)5JgPBre zh=OG%np1Rx(q3P5bGk{|JyCfw(K{41rb#mG;Qjrv4%L^V!?P=GyRVh%jGUfb*sjPp z2$;32a%7j)^{BPd=kycx`9~9NQ}926>?1)@Q|fQs%vn7{LK&4xmx?k5;IEA6MrFT- zQVWbY;NA1+#W%{b9 z+(fc_ym{qx6;!2V&>e=tM$2--tMp(J0u*RvO1?!^irnhSA}y8_v?vGN$-%M6Ah9;1(E`I zxI9uzZazsB6XjXEqk~6h=R3D6Tj!Ooa0IDd0HJ22h&WU(wS`sPy<2$dV3442_zH<2$WE&Z~wG)r+H^C`rL`!t-;8Coig3cmMh72 zZ0Mx-rstoi_jH3%qXobb)b5J$#^S?0a4D3=03j7+zFO_j>EK&@bU*8#tVbv-t4! zN9L*X+RUJJ-p+T}!dOF9w`z$Ip?mMvKKZK8$Q6cSrt{-0)t#`n(bc2O+jE@cLq}H) zp&LBZB@bf&m@A4{F^#I`4*d}9J#ZfmygN%LttF?D>xPp}5CZj!+v;684M2N_eqgK0 zB-zdZEznHP@y*v|S5TcQ001fJcdB}Ux_0cFi+ZIQLlmQP%$*-9CWS$ycSS>6G?!+}?4g&OvN|MJ z00L^H7wIXs#P2vkW4|FoqP6R5I_Bp`O4>F3vwN=jUT)j>Gn?mir>!`j{?A_)|NUDV zgMurg^E!@&@2cfJCu>qh?)+!FHIo^x-Y7+ety?LxG*R7l`uK_0DraN&?doHBr&X*W zKoUSpET`Arzg3J6@T~G= zEJ$}|SzTB>%va8pk_Dz3BboZi*WC6z;yWXpP7i&XmNntC+TpLGTy5RhnDhW7P56uF z&_5o6nRMG(_PL3_qNU<$r-Nf7L-kzQ?$nAQQHTp6OLhvQC93$1IqeIt_B-|b-|F$0 zYSfK1qWNPg0&v#z>l>c~y9lu5tqU zxT=2Hc4ss*#r?rJ$ZIBm3b>Ty2WPTW)Co(vy!z)hI||RM#wS(ov(MwJuh5Tq)%TUP zdn0{fPT%6xOB1}2+aSVnP#2W31`&A@OC?R|KS4?(YQZ_{TPXU>iB$L~tsF*;^2RPf z0;{j$ZrUuh9MP{MmIToV2|V$>SUyslH55sCqlc3lqQu4-giZVXADZ7@-WO2wp~Td; zju>gizi~PdfuvmufKds+glH@g8oD_OTm0Ea{6_OqEWrpUA>*$V9$eDcZ;$yv?VL_U zPvzj}O>&3`J(!n-b|+O=SeTQEu9W)a?X|Q^AKG!QRb1a5-k+K|yIGjAP>nUEVouE) z;C#}nob6~H4*99Xz!ZD{-$m&=ru}u>sn8{MPAQd2mmrJrR9_=LfC3^BbCclbb_6@^ zN@J#adQpPuo9Tf&ymBV4=QTq)M&$WYD2H-(pm-p)p@@h>y`+jHu52tH*&PSha?}zV zFJXuzgeb*gPF4$H$4y7~Dt#ICN3SmI?a{dWn1Q0zZcW4v4{CLT=$W(WpJD>M_61fK zT$(yD1do``Uz@vKT0(eON=2!N%co?{VHxLN8AJ*^0&)iJ2_j|BdM)$tBuJQ4)#TxY00UOaY_v;g$M z*iDitXaKI0+JoT&CHhdLT9?aJ4Z;kZSSc#$9f^W5N}MbG+X zIcQK)NX4$sX5Z=9b>GI#xAxg7OG+sPl#)^jDTLrkawWLrG3P=GuB1>>3L%A*sx(=7 z{p-ix`qNXiZzP_$`1E_a*@re7_ii%o-E4e#NDtoYwWFXa%1IOds-a$T(V2wA?=lv^ zoI{kRkLTpUhQ=dG!_sbtVfwNtsTVeR+C6Q*pdIcAa_F-9}va1fkZB-R@p+-tS`)V$3opX zNV}5C1h4t4_<~)ptPQo(ifEqQ^|*H7`AQO`Rmu@c>VmnN0LXSR|K}qezp>FvqkiUe zTK0h`W$B2Cb~o43N`6a60^d>J2L6i`z7c-;AOL$$9C zr~E)9Xne{)H+D89I5fzRUtwcVgixyFq7d6)GM*2NrstOjJ-O(a%9fOjEyKv?J@(dH zGasCcW}c`#cYe0Br;9s3xM||xEC8PwqjtykuAlq+@((+sYIj(@r8)|bS>2sAlJj~3 zz`yAFwFBPqCo9j_3x4~ioayR>ke=?D1wN=|4K@p9$+nrN&mqko;S%4z&=3$4hK%D_A%i zKUSSkX0oFZ=?N({gF3g2{06-zsYEZAx_?HB z1%mGeX+`cvk3_?0+$S4_YDaG>XuzHI*%qfxL4Uqyo^c7ZHPbspGz|NfclrBgjX5Bt z3$MV4o;_hWI~!w)CGL;acXV=%vIPwuN8#+}jFOck389oIp$Urf4nSz8)y=C1qcrMf zj?bN1w2DdiXPoxI%F!`%^JZ7)QOtBI&s4dQcp*AxwEvjwsv-K7(vghW{RP*(1bd|n zLef|%%{YHQWweo04f(a_2muGE2_}U%gK(G`H&^Q>kNt`vH217EjwAdFTL(ZHaiDY= z|H+Zo4;3cb%?i;Hit28d|CXDIfo*!KkZk*S<@lWI6jIx!kq?bF!#@*PUGYp z%@u{oLqM^5B#JZlC$?Hq{$;lf3T4ghnT+opy3i#%!z>rh-yxfI#n1n@KlyKuKmJ7XimvNl`tlc_c;d-#e&ZXT``gdX&dw>N zqA2)_KmV)!`}hAi-Zs_lY`m%W`~Usrx4)olf`5@q)nw(a$Ohu?Om1!P=F9n zs3+&nHIOTXyh;E>0i;O*sl`KzXT!@WLa2g-q6D%@6D=eMRZtW}DFp&TpcI|u2!Hp9Bj@(T zKVk8Ot9VC%sP)6j7uZ0a-1%ip6A$xi-&05hzG9 zk7O??%eY9j78%c6t&giXi}&3)`s@pvt9AS0Z_$|Gm#7VEnX#_RTHU;)yFPO7!RPl5 zRcrPo-DR8c#=%0Vv~tnZ-&0B?!r_sH1LB>Xm15m7No>!_%62V#XxZ_;{&d-n_&y+Y zg4g?~?4|C+yH6kNDgk|k!HHq2bGwNPbI9ds81RWk;ahH7bcrW;l-_w_xGUE`9 znq;{sWuXB>@)x^B9AYuV|d8lH%IZ#Ay%#ffQ>Kr~lb)(uHQb#VVmpUYDq z8YO2nTH2`p;@m=~SrMAmRNhcZUqTn!amWIi%k}*6%-?({b^C`>cl@CGJb*3M1^_35 zk^imdQ_qa;O}5zOnT6%Y?a3Q&Pu=jn@-s$a$K3<>{_*r@lOpH}Ya9LIE!DA_)iyEz z)aLYcPXhIVzv)Ixw{^b~X1i0=pg}zfz1YrJg)=2na1d%N+DMyf9Q3*t326C=dhzRt z79I4VztKW!&H(kw2lIGlEL?`qwExp|0dIZ-O@6y21|;kbD#eykJwojF$OWx3eOc zIF;Gf?1Nq;!H%|DaNaTGm#GgxO2(@JrA(O}AChv6sEs`SjKzS`MeeB`RkhyaMjL7t z#f4VD5~*PRK%#ePC-_);@B>1NnW6iW|7dB75D@%MV)MS25*vaub2dAv>32^Wfz{G% zuw`wHacWT-<15Tl*-as$IU=Xr-YH5pDV8lxu@nIOWxB^j{85_y5-pyeN1o}K@o2xn zo73Zm{6?b&*8~76BnWiQ8v%JRQW9E4HxL&`RpLz&g;vWa>$BA7w9U~dlu~u8b9>}j zyms2@FjG5v8lxW)x+5Z;&pqqpn)I3H4ykFCP6kEdOq6hg;lCEPJ$cCe_t#CIeWj%E z{>SmmKnuAp7wCHEsHj#oprxNiX(vnmou&PP?`1S+C~gevHn6UD0M&?)ObW?XPRN*H z*^QDqo=pfY%w8-RjJ}KFZ#uolW$kv?PPHduFXm-m(CktMaE^ok_GWjTf>*l~=>tUx zltj#>?jl~ftMOe``mO5h19tx@W}INWm*~`N1Mr%v-RO^3%mH2{K69{q69oX%GzUZz zyjoX~G35V0P`umBQJYGA4?k<8J9{ZZvo?)`; zNvoHNSTg%{RR*w^MjvU+yqMb|WDGlfkk)>uHk&jy48iL1=3jENwqf7k6~5zSN71;| z=z63+_1CG6UvE@8iQdzg`H|b+2XiQ_A2!If%ATQdjt2#1eO)U7_;fOJ&Zr&BFI8c7 zML9>+%O{coCjbC|07*naQ~(U3q>%MBL_-g^=))!PYuvT!!>^eerV)VQQ`8|(pVV(0 z&~?iz)$2*Iq6yC;07Me31_2?2NGmknM8ds;Sg~9O)$<~Ls zwZWU4cROybj=YlWol?;)%4`uahtn^=V4=~$kz;4NaUa=!?{7iPZrHd`zKD{K>pS^bO5K>2b`pUl5Y1wu_4Orle2mnMXLKIa1Q3N28fT*S# z2>~DhMbskstU#53B19^p6eM9#P>=+mL{X^-6cM0QK>$QT5=s`S?S+n*C`CY|k`&D@ z8T1-5_O5FPilDJYSCh&e`^hNqNb@HdQShyn-BtWlqOY^CZR6aNFK)-VdGzWyEZR@2 zb_1M25-3U(nvqqA04J0#+K_DihbT!1q!LsS0w}47#6mD|iDtAE0;L!v2&htM22Q6{ z$;(v#@e$Aj)P;QaZLqx;p>T0a%Fgym5NMQM!l{dFrg7^{r!R>Y?(Qt@xpsVJHuL)a z{)>N5TT9J#BSXKm6CwS*#Vwm=Uww06>!#TiKQT?FlIL8AHV))xYpM2ZO{>GG%K89H zj4nJ&QerW_c*>n5##N)6H2Rr4_AWb~a+QF-!iXs|mvAkgXq1U)d@a?pG|h*FE)6WyOC|fW!D$}r z$x#Flej8eo;oQs4xey0=s13XhBLP50`M=5Z#mN7r=4?`WjgmVmBi~8&hES5wCiitm zd*kUT_ap7WKw1>wJa=GWzBy7ihmyh8fxwD`sX}6Dt#PL5N_5Y$HWHsdsehz4^Mhn} z74mkH>8u`mA-!=%E*JyBxgCuAVlk!}oy5*V9)brz5y}_=R~?SnvcXD(jT7VU9Y|3H ziMp*zfKVuH(Fk)%S~e1fs0d~N_(AoB983Rh$1k4mtR*B!!bEQieJDHoWV!9+JQ=Fb&2((xH3Y?} zo?bEabm@uo#{0|1_a5BpnjG-Thyj$D(H_*#%932;)|}9ro;PBueNR`91o60)aiiH6 zoXk2Ai2@~+kN_MiN~OY6$*sG&_}UV0?$6llQ?=nEW4%Lh<$?S`xEoni7QA%YanFvn zUm@imU%+XaYZHZrjHPnONfPx{^jfk{n%Wz3L14G2g6G#3!3>xi)~1=^e2x}>J7PPP zI&G#d)#vL;Qds)WNON@W^b5;9WXBQyEeip_KF4{T){{N4FXGaSt%gZs(CrgSH3{eo zB9P~3g0C|VK#F8~>#;_m6a+yP;!C8s>b?7kw>6k)%k?Fr;T@Y_Zv9p)9$1T_yX zdX`B_Sy@@3^!Y%gX2w8q&%O1hVG2d8yQ}Q4D)77(?|X+{!)(t)E&D0u9op< zN?|=HC#~~cQ1_8bp3o~oiHsGGxu%`(Rxb!Xm+JbYvaYEepGa?LS2WgB3(s}8eB;H$ zwN%#VD&7rDXKA81(xq(-Q4bMn? zp4QH`)-wn`lgvO>7kmkUA7;0Hs5TLpEibv*H&qoBV@`Sk4FE5x(jhk$Adan$Awd;euQ0szsb7u(A> z-OSHXMf_N|Ex|=~HR&E=w)Ma~)*M!pDpGRxWhzW-34KE}KI^bg#pM)Q1uu=MRP)1Y zM14i~f4equQ#8LXwe@}894BVgFrH@O1P!75b!(pxB^G!|kbvL>_j;4peoqx7@fN>D zF)i_?*G_GE4a}j^{ueS^_no)pu+ZsIYAPt9B>m|kQwqiWXFvN{&N=6NZf@4GotDk5 zM~)ozJP*K|Z|>i=ecMt3dTwscF!cWZ{;{z!0QcR0|BElYxFXMVI$f<+F8&>?q;c0j z+r#5nNh*a@N=m7CAeE5inJNJxL=i<4h*Ij!Z=Wbn*WUhuYGI_)(8j{MpADY9_`3#@ zY`XE|UCvD-x0%drpmRUo?|-jLSMxN{YAR?W?v*3YB_oPLX+$xl7!-qIL^41pl0q^l z4bX_BP#S?y?>haBtN1BL!ijR}#o1BwNW>bLMS3Tj=_1u1ci$r8qGk^)xu8LBQ}H~x zNdE>x^u+Co=t|Tj&#QPAi)(77G$ZvssU(P|cu|F8>M9fclf(TVI5It(K5)2qtpxAC z^Y{yUhoYFZwbtu(Q`axHcOC36^mdhkz;NC0A_?g0u9+~6_~hx1*4!nS1R=QYnu$uq zHjGQy_1rX=@9r$W@XAm+0FFR$zv=1vN*@hFmkrOzq`hj*zV)WlbNSRbQUk3;0M?9Z z43a2KjEVvvZQ|0%Bji^BldUGGM+K~VGMR#dPA6MbS)k$S!AGKY{tISU&LVp%%h^e~M@$t}yD*v^K|JnB; z<_;#$t*b{hV|!46WdKs~^5?Qc14O^4KC?T~KMnT#4D#zS{ZL%Vo1KIZ&#(p6{Nxb##uH2gv;ONw z3M!24?(KqdW*=J;-FpJTO}q>wdWcE1R8zZk+DPpPN>q3-aywza0Z$TYFtxLv<+;A^ zw79h^(NF8&pG=)CnWNL{cB?$BwH=sCH~eK~D+py$xbss=Ou=0yzT8DL2>(XO-lU{0 znEU%g$ImwMU$-3t>Orp>8!eA%9KZm~WH7!%hSKcF$*AnMOsG&2qA>!f&E49dDo&Cl zfR4r(q#y9!v@V+-GE6MI%ndzag1e?FPA>`q6h-B)=lM`=#FB ztTcujrB~HsFYlf!`JN1=`}zzTmV15N)~Ip%cXq?<8;P+mD~(8x(StaFlA(K zX!9#^BAAILLsuB+sI&IT*-5+Yl&b$-cIX$X6Z=#BPz#?tMO0@{nLk(!$!xfDjzfxLs9LAPHtGOxAtxb2rdCoUl7n^s2w}6`>Z7T*%)R6%TMh}1k-}o z7)!=)7cn9MNU5ZZ6ppF-J=~ij`cvd$eZGp)X!STXvH-rIt6vHE%l+hUCo%K*t7nZi0N2H+NQ8@ao>>#I^PO$gSdd@}wAY2ea z5OXv{*-ZZ(sr)W8!Oor1Dw0@GL-D$95K8IGs=QNAKY@kqy@uwxjnkja42DY%I2NeZ z9Ry6Nyhj=V{;${DIV6CH=}8N94?Q_rH5T~#u>!8QYHsYSdaAm_LG>{?cW-Lo6+Vj# zouN^LLP{bCVfqTPx5{(Q)a;=|&+|&IV4u$oXIxQDP}>SBwK3<)*s)>^T*{b-mfj3Z zw*nrKUm%sc(_8Q1oT)}-QF}otnFgg%t*9r?Hz=xUmWnH7xkWIh=OnNB^kVe{zu~rW zMP}iBkhJcao9f@xn5nY)rfA99AAMYvqg3yREMsx(o>=0IUPBBZuP3@{r_Ure0F60B zVCMS*@3BP3$HSnU+Wfj0KR?@3zBWMHzC$X%N|TBU=r9GCc7dhd*I1yZd(Q3W;c2OMC65sRaCzO=&Z*MpiR$5H#Y_N1&uxUpSYky##>@`EoEKy|UgJWfDq?nEVt3 ziCcozxu1c&Gvj#yh&`-W7<_)Tk)#f;-TbZ#XJIF`^ih21U>Qmq-Ss5k-mA zlwzcLU1|i)zZr-CxFQl%C?XUQAQBKD0#rbYn^zPSibx=a&@R@e?<%h1odCw<+1Vo@ z>uEqYlwl)$8(vAqbIKkBO;F}~*rT_kgnydZTa<#54JB(ToL6%74wD-F)ZWJHuPA7g zxrAj|YDm=HR3ZGKap7Lhv4e*nIQVyu z-n3SNYqn2vPBm?vu~l_;R1=AySaRE1tDG~9T@J!-&ge zw>8(eZs)}0YeF1cL zcingY{X2K=_?Lh1ubNlZQrT-FAjFj-p~xMvFjf5(xARq$e~Y9(<~JtHwn2Yffj#54 zol@n^GJHC_`JVb*!N{c*pI}yth@aB<#~PJ4-1bpKc71r0yCH8FdNloaX7<Gpczix_TI z=iA*)&qZTxzq}_Z)KmNC$;dJNkB{6IQ@j$JcW$HQTAdkI6b)r#$_z!((5y}6AWm-i zsv-YL(5SnExi}Qe+J`ED&(`?QJhBodzr zY={tV7ZjyR2qjf034m8yb|01Hi(eL%DWX6s+X6>}$j?|;;7I%5GtQE2z(pz1e8EX> zC5bCi6em>u{hqI>i}H({OAby#O^`B_KLfm<>2}NkN`xeoAr{2vCB^`7yN8Kj>CPOd zx{8G^K`8Nw`t%Z??mCdvbK!D%y(uCF;@Z=Gd*X=rNUXkVEWBPswWjVzi;K}{VK-=a ziYMB1JMCBmv4xA_J4O-5vS{REF9e`jj&Ikm8AI%u`l^yH|_f7amD)!1hM zPovTdaq25b&Hk-eR~9y*Fq|l`q%&F-~7oR z|A{y+w(p8<^uwqB^wWR(x1ammhwi=i$tSO*Z*balrV)S;N(coZM6+2?iCvN2xG{})Fh0NoKiFg@5B9R2i%H++ zh-+G7LqzkkrKA1a^>ik6Wnavncl%OKT6=fL-AbjCZ|CDUQ<_*Jai~zwG+IiAU1lTO z8#V0wxKSAd)ZzDhX4BNkRpvAQXfNLLx9ls3b&yDZ(yBn1TRo(F3$O z94+y;OC%Gxit})_SQv>dGi(HjA8VN;?YdN?5v&)PBjFSnBdxhCfbNb1Pt|s|X|1bw zQ*%~tCSfhQDE(NWaN5tkUqL0TS>YdSwkf3yNi2z^bi0*e3{`@FqQT$+u~asvZ9-Xw zIzltePv*cpFz;nZ z`0$B$et&qCfL;&jbo%#y|My>e?e$!4LA@cH%dMlb2OuC|lHUg1QU3QeYZz4kf6E#> zowggj{Fm*dq^yD(2tMuF5QWHXxhWQ!H#%Unk|_TPu)5Q?Cv4O#n-FG1#qCs>@bN)^VGnTF&{O<|yia}PKJmJDf}KVf!{IqBPLXF{ukYR+lTDbE_r&;odWr!Oo` z|B+UPuD=<>!)J3IhcAU^fwh4NJ=^4NKC3ku>Sf&A2^H+}C!qHNxG(Tb>6>nE3?*3t zB+wuYf=H1=vbwBiBlyx1w}*KmLSNB|0J&ap0boC(e&K(IdMnna)NJX3-XWukZZ`=s zMevtevcCD6(M179 z6g0^J^ya{noSElD2BT}JAAY<1!yDaQH@Md@D=e|6qT2Z)VD#%kL3X`{oNb7faRDc2zkvpemhN z<7k|zDATDI-_-Srs(w0^yN|HV_1UV`2Gjx6LwxSV0Kgd;?eeIqdf!P5%)*~+y?JAJ zoE3c#SV3$w>blc9eL{3?ubzp;DchqGH&?w#X9p6srfp0w7sjn2`if=!Qe6SiI423` zW2KoOy$6@#f8;4Cg<=Gv62$2iR99h^r-=XePNuZ@^jFPPivrem-@CF9ghDE%WK&%J zbyc|}#&8}Y4q4#3SMY^v z2}vnaTp$YO91exQ(CRD3%n(d+!4^WXEW_7n6^WHo#u4S;5*79xZM~;@n&_!*Mpsh< zA%N~0=+2Ts$N$W8i_hTPr+QVH@J3!)jO%!52Ws7}S)4 zX#mRP%II85${;0=QIQw0&SzBNM~-<`wbZA&ErrtD3AqXtPBoqJIEo?TDmPpHN)OMT z7P1Aq5jInyXe&q1sn{T=K10VRnAN;|;{J;n9S&`x4!$%y)&15pg;8|Dl7x9wTQU7CAFm^H;6Qrx8_&Isj^#!S!v5>>?=q6-iS!hxpS z@;ZGHAb}r~Zgjp_!c|-?mgTr{=b6Et;#a?aJ%F_9O91G;vSs4h;fHQH@W#=B(W&-z zlJ#~p2$9W4ZypSklB>4jSkYJx)+>d#O|gQIX9=jtIQi0Q#lljIr4)53>m)3tR76A| zlqdatt0Y!0f)F5H?d3}V2+hZdn-wofQBk}^p!D=zas5ph4F9Ao$0xO1(ibhejox_%^z>Ar(DfZN_T+}m9~bktZi@ip5f z)9GMh%CW5J`GU31%kQ~%^uVEx>#rNHR%gR_6?U<=tK|8rSPqhj##*C>>qdeT&gbU~ z%(ng0qY|jDKg2YDZOP6aIGhQ>VtXx)!pi!$WYQiNVrn*62n-emLmRyHZ*lDCw)dTy znM)o#+Sjz7_F5c8m5Uty?znaG$sg?yvIs!e1f^p6jf!dUnK63%E%|E2Y8tZVzaRh%4^O@;`oo{PxZ#(CN~QAqzyAkMJ@v!0 zSGH{4(p1@tqNu5|x8jxtz+~+3+Ci&jm@UkA1BlmE@h@yzqO!8w8Stbmf0@-hXFz$U z_a^%fyFEYD1dH+mN|RQPi0e6j{uQ>~%BpC!MMnBCJOQGlL?{R~HSUvOe2xSF2y-|m z>l4sFRHaBWcQwWnGWsg3mW<>_LrEcDNe+N0G)7chIi{-n&a6LppZglJvFppcqBHskbk@F1lSYc`>jNTN3)$>a4|i)qA>&!cj< zS1dehOw~S}YW390#k0`T{bAh*=DxN>c)@2Hfa7RLX7BK3tV-6_ONa==KP=%SFPSx2R6>yUDwynsKiFe%pMqS?9Ed41oDr$Esezm z+?Q$PJByUZ4{7x?Han=D+lie-_>`66S|TXNj4A-hus%G=0cv5D8;rmc}Auz5Nfs;d3CKqYe>&!3&k~H_6`SU02Dyx#adsOn_(&^K$in(Jpw+B3O zIZThDlt@X0l;^$PUetfUF0ibKgrrJ^S+lM0iuu1t5G9qSiTZ`UXhm1wpw#4{^d>8- zHgiL#JdXT;P|C^W@2re#JlJmg`PW&1IT#P1k|WgZ8CPp;-!@>n zcv~ZEDizChPNRydh$dukoHyQ#tIzP-%dz*S^pCHenDF%vUn&{I)n`OF0YWu%BXxFh ze~eK3ZTnc;imzR61F2+~%QgUP+cLd%=%V5=_I4F-xp`#im7P1L271?YuG+n8eDkLK zQ_pU*%mpLKqWfoyc_~&ohLe7bC%O<8^0_p6Coh9Y7dqhIxUF#qQ3^?EJYSO<}C9uiBAx z!@F-kao|YLsWTmCFUB!5^ou&(`++-;y?LNt$c1V2`5$E(JPKLeGYy?rstc7Z7(bZuD_uif zT~$49vf7uZ0w$ndKhsYUr8_3OyC`Uw)rZir*1fL+0EPgqP=ru25>$62Z&0gaXlMuk zIebh+f=EfJF|=uDt$dzW3#-9F;8ozBvD#C8t|Ig~;J)KA3G&U{o&f-4r-L@X&UjdA z=^n~16FBbcTY1hgpXa;gCZXbD+rUu!db_f6czpQGh`Hl1+wSQ8>wc|&ss zuI<@Is^hwf6g6cq-oNd>6*qQG%r`Ra$)v@{PXwOQ6A61u_dZ+QccfCybtc1bH`TPb z5qD>YoLsZwE)pEzW7VKsX&uaF(wI;1p5ESTX3AdY4T)Z-5kVX}Y7nQhvlHWo;nR4Mpo7|8jDdOtWz3fI-QlGn(a=H!s-gJGUf9j{NcKhi%U#!^Ph&Y_J9^+JTI z8d}iTdVV3WH!DPU&eiqQqzsBo*QMuq9;)qaZFFezw< zpk6t~a+#rA?kCvCUa0~hCyN?DD7j#du@V!bB&c+DZo$+nVOkt>CH&M-|EdSDSw5D& zNLm)5^dcYRPj6_=ADisj5^Ho|^pFzX&4cd~dO2+%7L+r#JF3j|UDr~Wd1L48x6Q}K z=#iJV?-{Z#XRs!fNfp+JAk?six-Pk3lbML}xr52}mRs6~My||JaV?xDRTb1DXH&~i z?h>q&7KJ&Lr*`|Qwy(jI}JYIL9}84c692t7Ai(H!uBZ7TACm0IH^Bu~ymC zGDNPx(FE3*g{Ppv$a-z_An?H9LY(Lr+H?U6A!o`K)09+pHanDACGqg^C3`bnaGH1L zop(O)z=!|kAN(uZb}m~$`7Pr1J8r+_mYaKfdq48vLjd;g+xO>x{uf{V(wF|rfBhq+ z@WkWapPZaH|E~S}_eW9u_!Cboy_ia+{`znJ8bBBX|LG6^P^otxE852BziZ7DBxfKR z2qj>IXdo2o?<>~r*2Vf5-a2U1-&rZ7qgFwMttw8D zpp7|Wk?vnrUcQRAiW{#v)7w#g{*9r0>5>I85>9a2p3~odVaLTJ&Zazo8XAwdW}9)T zvY?W2?`=m;kF}nfSZ}bq`Pz{aXWC2E^@KGx_RLpmHUM3_K4FfY6fsR6gt}wL)%r5`qYvJ7Y~R7&x@QB3I9;D?-MV>Z|DiqrQLO0(M`IOFrnZ*) z!K2-rvvs7C4NXK5bDSvQ2K9y!bDBt8pq6jFab#vLIWxadTye}2iS>*&mGlPt@-Mt{ zZt@w&nrW^#?r#~I8Joz~>dQ7KIA@l70RlRk@%HQ*+kdFf3(h&1OGQA?Ec`|55@Eyu z%oh^n%ED6=MHFkM$(NoGF5ELg|DTuC#m@ibcUPXNaamEPa>b70g=MK8>{Eqi3 z0lfiwm7{hm*)MB_kndQt_GCYHu#RIE*;*i4;PSi(iZl130z#Hv?REsjx;H$?Wlq zv6QbCCnpOlwLw-qWf-_ov$iYy(aJ~!8 z2aWhSH9E?iTa2L}%q&EZ7&d6r^42p9O1#3n45KiSxC~apRODu%%Ei1Cq7($fle1T< z!?}!?S-l6yCKFO9sZLEykHp?(wty8<@uXrBSJgS##d%%X|_U~6_=c@sJqVNr4E0;4f z)5?sLrms_dtNs+EZCgl$k$E~KyZ!j7(^ur9!gkvbQYk1Q z=(cNPpMUQ86&D|W{E5dOf8zYa`F#Et|EFJS{@oM|0r0i2KHB`_p$9*TcR6l# z%wl}|Xh^>sewV9dlgw+4{<6GS0(yHZn-AX(=C!Wg(FAnsPrZkjh{snKjAEOw!x6Ws*@j&{JHWfZjYf zf8=y$Yo@_2FJ*?Kn9czyps^Pgd;Stj=b-LiN-@7i`$t(y;i zFtDSm|t#>-1vtvp(;t~sWn-FC*qPaJIX|XQl=pMD9|m07hu-B^sd)v40#~} zj$CN+NX`&_vAR zh}M=rWUngk4kl)@dw|P1t9xAeyXsMU0upE$kv;X(3gS&?Q69+ciV6iv(*W^(XHTm7 z%xscC65&0i!gap4F1!S@0d(r^lhHX|^|A5~vuwRR*#9*37xQu9Zh6bL%Eqbs+u=%Gj%u^3Y#4w-ftdZr;!N-D-6x$xvW(MK#MfK*b#7nkY7_1|p`7mBO) zZULc`3Vs<995tnjFoFpsgrb@yLrJZ*Cg>idh@lfn=q2>7PqUy|Uw@YF$dK?C{jzp| zoA+cSML0?7iLF@FL-3f8@-o`yD$QJHObITfe{p^CI zU8D#hN+}5_FiD66A@hb5eISZLF{KD31t?KUf)GWCBxnYlm4pyTC;}{8fdZ9)0+EU; z0tpf*eJ7oGXBH;6DFLD!b7uHE;eCV!%~v!~?x+BWUIP(AX;<0jcRlXC^(dk0BHf2q zU}NuG#Py|~yB)dO2X8z2<;QNqdT|5Prr!C}ldVco0Pov%rdqdVikZIdilJSywfA)v z=ZcwJx~^*%CZIDZZ*nee>LTHUx+ZE3)6il7t{rkg);e&oZR1Q^u6F!%M@MVTGS=gQ zEi+0cfohf*>(D{CvQG`MI*kVE$64~Xsb#|;+W~0SadXA|Lz z0*~qRY?iXov!1Z79nH?AGa0|NrQYz(6`~N9-Du5KO=Hsg3qs{s&Cjmdgy2m0N>F~T|`-GlvY^+=(_Nz z-exyULzJsl)Ww*+-qfzI=gh$)%T6;_GCE1Exwv@$T}L1P!L=*cXTO66iW!Djm4Mcm zOeTV}${0(^WKFRVLe!pX$AUnA{k|k_FSGiA@m+BXA`p4`pS=Nhm^|N^LxY%Op7FRTTNLMqv55iMJ6m&AInIvvjen24rHfzAbm z)4}-P&OaKc@NjS(B>~`6IF>Lv%HD{^Yg>$ML`yU-iwG-n(j6TqM5@amx#k4f5XUefg;Y$};vmqH zYXxR(KnboiTp9tr6lE3sO(OlPg=404c|MM2)fe0wJfZ*>FH86aBt6l{bBh%W5ApM1U98a2&vhZ8ZL_y1|h+PpljYc zs_G&xCDcGfZNPs!J_u~nqn5sTnN+xO|1waN#egV3zH|I)nuGyzfl|47VD9Tr z?FJBYYMPfe!cr=>ZkXAByzh?dPidOC;4W>#i6}uM&=XE%8oX3?l8FdFHq{6t-OyK# zU#1paw|z1Q_16y%0LaB&a$Qcdr@ee;A_qW9#Xv zeq2Eeawt5{lH;m|e%KeXQZgKoX?$kCJinRGpwTvntXyz@yf zXnW?_l{PupU!0oFCK8dZUx0w_?kw+pbz?T;pI@O%v1xGr@bNAHal{Orhmj7zvSP#F zm5PZ7aTZ z=lJ74+yy}CDvqhkdC*1^qvsOsxpu5vwwn?boH3;kcEDI|u9Qsr6ExjtRl2)M$A>%O zZl;qpJ+Jrd8Y>jq^TlP}zJZ}xB(82^sZ%T2;r`yj?0lM^?~iOFfNmJ^s>&g)E!ENS zRkkHc-3GH)C!pVd=dqE|)|t7?s=o#;hzVUPx@{OdI?t{YC1IqkklwbfV6Kqjf^oi5 zO8fTfPwzY2I~S%vs=&Koh`dTbUm8lK(gjuaep28HN=Y6`A52T`IHZE61%`x)NI_GQ zEX4o0GDz(@#MqB@GCG$WIz%F%2Fj?EkuN6Ax78zqYE0u$LV#)j{>lhpv;!d2kdlu{Zc-gL;Ffg?0HvgB6} znhax>ph_tvYA2^#0A!-_7v1y)8TmT*TxNF|ZO5vYeAId}nz5*rk4qthNv+;b1E@-jX&p`9hdjv1t~d~4Qgq9nOA;vnMdO(V-_JYj%$}od{9PB5Xoij z9m()UpsE>!P>FZL==0-ly-W##OW$mm7a|Oqo|8&QPIV@#b+ctH0=lYV!Ih@eTVc}z z6*4mu)(P=Ksf;UF2D}-WR>|nHHeE)G{I#6}z?Jmqin(F4Z6Cz{@wri?|$dEf9GPRdH?y3{>z{Iw?7#h8-EW7D8DP422m-K{D*rI z9g+*LUw(Ela13i&w~uM2e;0wJ5&;wlm{K}Lus{L>z#>HqDD`Yr z&ydEd)NqEm@!9KVZ#-+lEB;tv+GqdyZixFHrHEcr+?CuRrR`d3gquYLAZVwJHkv!k zn_pAeOjE;a_TfPrZS=5~{qZ_$1j!J!P;2f21A(vzYwDticR}f0#l^s}!kexgJv!W( zPF>D?{*LQUA2``P*i%>4h|)4N>4 z!mL|Kn1&B5BcK_RmKh&B(zBs|UehiRs*Y0BJu8t2*GYNnO{a!Ww^eHn76RGHFany9 z=whu_H#<72m8#X%SzdZqTkCwoGcD_!mAXz8#X6TXir85KnoyB1CWBBjjJT=l0Dv)Z z_ie+^Jijc?M;Pgr#g!sqqy>R)TM^M!H8xw)b=Qe&wPmN`LZ+LV1YphyuZt!o&Kdj% z?mGJ1iwij`Mq;5^F^@6?3mgD?yGq%#|I(tkgk&U&HPepcl%`jgdr4n6s+r=IM$dKT zbW5&L@LYtksqyl5*7ABxmKbGUcX7+m?8sPa9QCbOp@c-YsE8AkJ8~&)-Pc{X{<`rW zKC_zrD1?HcLt-^feEXK!k?~bRMnz!yYLrw*dzBKb#XbW7Be9}Ux5UZC_Gt1bK5ufs z5XHK++yi<;PpRSS0AkLT_I{=wwdHCr9~?BGh{-=3tgW*569-om zO7R#T!PoS2bcs)i2qi432!py}1n!@)@{ijU;;Up){hAV@R1`$x>}{2!qD-ek5-HL2 zygth@IRgdFf~tKVl?SYr4fTlwiSC1Z20*;%GpHGQNh0-ZRbDv0b6t8abA*)R;nbzRQeAqVpZ{8cmskCDLUUwd^W&KP zO=gd>%OuyzDwcxgBlf>Mb@?0wVI`~yXooa-}&v|Y5u*|H1FVn0|yTr z08lIz|LHIPQ@kexl;1_@NRWTN%ii3uk`@VqY<*wfv~@<;i}My?vG>FA7)|L5oKaA! z4pIjpL@MP)r09!?L!&6KO?jPG=`_5bn&Moe>qruNPKvrJU8gxCB5b8*Q2^ixN};@d z=8lQ#CdN~gJ8NbVWr$vurEOaF=$ea;u#I^=l!h=W%VsQ%US^b~USAj>grki7)hW$; z2R-fOZ5yYLpXp>&wqzTZdV61Ikr7dA*m0~IOW2vT8w8PVo2z^5QY!Dc>E!f$GM8=` zx(FiV(q3sX-d7m23(8h3#r?M*dHwKU&9eb;L3HiH_GwvB5Eu>L=x(b-T$?YthF%8H z-dghlLt8>X5BB6+v-KDEZ(P=DvH5yzuHKsR-w6{fgeTbK=$42LNzR*CL>I zUo&1PI`hTUxoTYu*=L$OiZstRf3VmUkPL-x+I+m&%r&C_FY5|BM%`#&EgZ+gt z)TJa%edi_toy~afyMAQfp}y+!7pRXiRM1I`#a^Th3;s7$VM+<#?{c zNH0bO%VxaWZ$5eAWY_8GEZK-qXpkh*m=+72iR39>x<=0(T4mfk^d%U0sN&AKSeI{ zcyeAvQm6udO9o6CGnC-5$X~8RGSR4^AcQJL@5I2+5tI-D1oEo;GXO%>W$Db$B9uaD zOi3XlszZhIYkOW*R4lk4QeCzLM-vT};$EO)9?~o60Ud)tN-1PO-YGW0L6neJ#QXI< z52iC4UK*x0 zfWLk)xx1K{t={_b$o+3j-uOzCny)=DQTzojf6wXo)c$F)e_HOFmiwl~{%Lt&TJE2g z`=-Q!X*paFMGy68J@y$u32qwiP-Tp_2T~(SBQ$_BE^@DPqoLx&!q6r(W#yIMN`nj) z7SU=-+H2=y60<6)P+kvRI}NnD3_4c!17VId2G8|c+@#t&al-YJ2O(F$3FzM2j=*@50F#FQ}O~s1K1<}|gcifu?=1)(y0*Euk!a2gX^p(XqlCca9wz?pcu!7i$vG+cr!eA8890-CemLjIPI%GAbIL5yi~V zMZ%66aS}jDx#_no3e?*<|Hy+cUa0f}0--bB*;WKF&^t>YGpQPZNT*Y^HA8VHg^g6)r6q$F4O0*tU7LQgwE2 zn<7-ju?CvW+L09_rGYV90b zEg5328wNM$B~K9m*Izew^mx~@tQg{$C4A0Z${hkAl?-mUZuCdbZ6BY`N`sPE2}L|# zR|eq$)tJ;gV$@`#n*y+`c-!Wg!^eA8B`_t0;EXb5)&%p==w|?KzG0-^(BC}Jzm~Nq zMxt0tHR3o);`F)kD3@v6b=!#_J+pb02QeB&%p{_|VdePcI^opJx&*WaE~q;j`&|pe z+|C`7$7HM5wJa+|5XYLiq>H;|XewV$GL`o%v@ZK>FWHC`v33io$z6dalnNsmaq%M8`AOMt*l8g2C9;S7BDt*n{ zSo=-t8A{5xxM$OZqKrsMDB)KL==VC321yHAtZX?`OFoaMpJ7kz*PeZze*F#l)En$a z$LZ^D{Sif#Op(Uh_C=DBcbZ~L&thEO_@3;>i)2v?b7vEM_Ir-T+NZm-$5 z2$RqVi8C@zl149GBMpp-3R_nGDlHPHr~-rrMWCRF|I@B)vntno|LsRUbj#7VlI=iu zA(IR)MnR$p*ADKv>BNeQmKi;C&w-1HFqClpf$rkV2R1bS$pvHV(rPxFsxu~L3uyom zr%TzHgcH>phHXXX6`lOZT?b!0u&Gc<0tll8?F-xF#j_sJ5i^X7T^ICrR>o&DXaBj5 zZ}PScGhJ3#%0c;zZY^FDj;O<)wy!gttFw_nGqCC28 zxORAEE<*tQyqDRsX{uUxO65c*UAN50^Ub9@7KRZu{9I3uc<952Ufn-1HksKtkk1!d zsg}h80lh3kYHeliZASJZcimC(_@>#)9;&qg5S(eN`ATV zsRSO|7k(dn>cHQoWndR2XWeC2X4qp&5jRZAX2rmFZf> z)I_Da3IQEQ+S&b{#0lOQB!sAzmPVnJSe}d-x^N~%t)FQY@9QlU%E=X3MWJRIv3n+N za?0B_Pft!~r6K@?0UBffeD|Rv-NJy37ktUhyb8J)fR486d?B?~)hmqr`1DPv-lWSCnZg?qb7JGM=~v48NafA@;7P@DoVE240%7Nr)3 z!k(@&W6BTKb0m^Fk%HQ>kW2+RGT2`j8Ep}asuco*3{iOQWX7hxIZD;R6AN2Y@$wz1 zT-qzwuRP=QW5rbh`n`ilk){VUUp`Z*K}yb{q*U)#iOlAK?Vo_toTf7=Af&wXrLv@~ zIlx@u7E39sL~d(3AS;KrGB}Tvr6~~XgZ~A~_#C^~4ehx&-(|EF*O1Y8CqSA#b8pT6 zoiL`wLepu@yLEkX`e#-j zL;0Je{I-1&2b5HV5OrArLeGbwOma@&YwF)uu?p@U()=o!=UY$HgVCb1UPOW_DKtn$ zT?t9J^4seHUGJd)v_MP0`S%$@e+LcOVJmZ{m+@SzDtUqckUF6pgp<@sN&f%r{b!VA zS(+V&?eCm(-812RWM-r{mE}!Wchyvz>F&W`W-tUO5N1&z770S+5TGOi1Vo4=NJ>8l z0wOq~L;)Z~4zNgoqK2dh41npu^z^i;Hr3VT)7!|5$nfU*ckeys(~lQEUPMMlWo1TY z-Mw;EMclad__NPG`*RR6n_U#pK19j@3bz~+O6OF&b4VndyXWeM*DJ6S!~{w?=@m<_ zd8R`s1NyuMwFtbF$O8D2zx1=iLtE7(MEogzjE;^hRqCOq_P%^aqeG?8PX~L;M^@kG znd7tF9r0fHgwtaSr433<=fs0N8US86d+*&(j<$Z*8`PuuC~3xiGx4KvD@XZ_*RS5V zJ6LP1OvkKS(M|Vu)#7ADHLT485YR83yLz*olG1j{j2wDo@|=9`{p%Nw{SV`-OE zJuih=hSxLYO7QB7*MI;0Kc|XsEY+SPk_(O3gnwKW z-?Y^2M_nWe07P(Hb$ydWWSWZ#=_FwWmA-oY_6A?K&n$DF@ zu+~C#sr<{T_=e#Q&tm`}83c*Jm<$es6v8hk&p~tvZ&*fW`Z_K)<1nsG23}csgMhYr zuDft&@@`_9AE&M}%=e5QJz1?PlZ=x;VlW&PI$t^eqr0=O1l_-&@~?>Ei!NEP@pXnH zZ$RbFS?}d2Uy#9}1g|FcXcXziX1BD(A1@zSSlmPzI|3Lj$$aaG*94R3JYJuh+r$N1 zg>e`pt4mYCtT}pgVIxJ}{wm2jRe`7dB~FWQlAbv;Jv>-`@1wD1 z;$W*awIdS1nUgcuZw}n&aUK~Xlyrr=u6D{hduDoas>dn7vGdkG zguyFJJ%FPl3&#&F-k4aobk$mV>rIyH>TFh?Gy*#FfPQ+AIxsUcC7UA+E^{J-h`DO{ zi59i5@k#iQF2W{c(eh6p?qK7{%CLx7!rm3;5Rb1r6XqzJlA||S+2iVI$XBOX3 zFW*ZKuDj}goezLdNk9u}G<<5ryx%)W&scj<3Fz4I!=iPb05?+(+pa}J#hkRZ{D zJV?YV17@<2jwvUSNA^XWLt$K(&&jR}R=CG6@^un6Csch?XQ5IyIr7WwB*X@ePR4A9 z+V^_aBTBIr$Sj)WCUNbkDvWR9_-sHzQ#j-5W2B4ZRT+Q_AW{&+g+z|x9-*qAU-|PN z`Q|4dTpqc4dzb_>6M){X>Q`U8@jw6WO8|smMf>mBm9!&+rF*kodsjdMaE|)A>t|2Q z2=LvRUI0fAEv8xqo=&v4%Y_6!Jhb%PpRT*X8Y6Z$i`arUUc7m2d>}O|g9mNonsY@y zO6C^}aiaQrY8x-pPi_<}ukvWVZ_`y3cstW$b#%w~jn- z>sNFY>s`ghJD(f_aBr^b<#Q8ZpyNaWXeOSL4j^M>XQ5iIM9v8*-D~H^ouiMg9&Y<+ zV}#dETs%5Zx;3%M`_(!rcMd{0HnKD|*9AZu5&CJp=?mgY9EQ;Ts;cSvbGL{3%O6}g zu}e~fL7b+_@%ljS{JA^Rv%Q1;ySX@a6dSc#)Z0^O#$KvrXR)r09Ox^@iQn5@DHa;m zDgZNchilE`3$I+SRHC)0gT@Hu-KVsl7@HnDH20JD&j4t~K^Ugh`nplQCykVLX}JSH zy`GCg(@gv*T3NA>WI_1wlhITw;KwA3(jWWYNB@Sd-+;Xc_EP7R@5}rPt-`D;KWw#e zM-R_kyFCh9cD7|^AEdsolor95D!k%2fnIj$U1yg1dh0*_pbvJ^SpZ-b+7zNtq1<8d={lK?ZOE19Sw8nq~8q3XabXgWlb8}7vuWK#KX`pQG zax&0u^u|#mdqf6Ws9?h)O<~-=_KSBfzPrgQh85{l_{sv14LahNr%U-wCrBcL)UMRQ z=$;)qyEIcRtStq(fP%711_cw_0J6c_kdoF|8O}TJa5F!UT>bHma%NUcmQ$_#z@U!4 zq(O?S_4{~Ju%fgod-8@1isSaJZ(c1;<}O?v-SrZXVPk}^Y@DEQhs9v>`Zw>~xY2)q zzS{#^lF|VfPNM80MK3=mVIRp46yCy&g(^YPJ*H_=AsR^4NIIvb_( z6Xw5xOac8gLAN}hEpG`sZGp5}W`2S#I2^$4F(^-+kYp`8HV-Z{sH*~pLl6CxND62x z+Ob^?a?Bj<%Z_#~UFwt_iw9T%{ScB)d1Q1DsZVhSDU3d_;?26VF0vUWv14al<-j-;BusEj8DqEy$U-QX z**X2-aZ{VlIp-Rccut#x^F=HAckvJv(1Pv3-IbEzA>vf0sxF?N#FhPB9<%x`o>PJq zv4kZ!A||#HEWiTnL4QSDdX!(}6iJQTJzIHZ$Ms7m@yOP^(_Y~(Z|x~$bH!?deUMpi zh-AWUhdq8SSP45-bCFBxo7UXzo**O(JWQh`K(k+Z`BeZ3bpcF zocg&9qSwws^DD1iTXXzaxylGnStTtqcy(KFs%7Bae~k2%SFhih?x{33DGjxe+Zp_` z$7knO1I?9dxgapiuucL<6Qzv=kfyQ_)fY=SW2NWW-k#d*a&f0e8z)z!vYYYD$(hO7 zO=DDNh1^*I9R_-GwiAFcGVn|@@jD~?FF*IAZ|2t9)&AbHw`*>Cp8mss@SUN7O`#+D zx~q3422$OgC~u*wv$0ez^!8M8Q4+^~M@J(~RcA-NQ4f1MYt`yHSv)n<``(AAKD@Xw z_*+Xi+WzK&pZwexE_4(dKY9ObYw0U#`5JG)TVJ|(?bZsv-%LE`C{4XJ1+*8KG*ziy znIW>Rn&t&l`xtfsfFoTmBqEqH^$$$*imrdyI?eY|&o_%p8#6A^X+0kR?>F;Nv)ORA{=T)MWPD*mGH~9e z@i{992ea97{n?XK6Zg6%I=0$t=vW4UX?@*LSiPS1Z$5#@@|y9;U{B@QuG#OnQyV%3 z5-DT@HYc1<(y&>zxasbwzcq5_2h+!Dg&h~VSQ6QFvG!=Odc8Jaz56w55;{?#XM}Kn z;N?qKJ{~Z&doRhFdv>J^wy>piugC-PY zAseu(u2w7s45vm0fqC=Ao7e9S7`JJVpsffz2OtX4SI*yk|MKA{uA9qLNKX$e96PYX z76Lk92gmHlGM-Qhnx%wuk6z{Eq{q6-&e;c_D*q3(0Po?y5(x?Gu)~&P<#}GJ^@C4W z=FMVWMvG?YDXt(arAQKz68q)i$XnStb1*-!X&pOIW^T~RZXx#VGb@zztz#hF1MerK zg0t*>D!-jNIe?7jih7t#am>y+7Z#)Wmm?=7$Cs_$Pwp!JU8g&Joti? zAYZm5o^SvhEHfAkYKegW3@v*XlfjGh&-V8kQ`|j7%g1PT(=hn44vC!yvheDNhmm#( zzto0|s~(p&PaW5sdZpqxb-PAM%qJ85;?-gFf5KbuA1?&y06KrY`T{V zNNnpn^EY+%wCudPQs=Elq}MYbH|@&jWY=YD10hm|fD1^)F6|ax?TMYb>ale9ZBkifhNI?rVrqsfA^K;GnBWHY_f|WH#pg_2Qr*O`m5zU@bu|p zbHDwgXY@INyX%FY6-=UhWdOYK;;nZt9Z7~|ZbS4YCqb69mSLEB%DnW<yYh-NFg-4V6}Wm5Hmp5l4Zhf zefPqVYU2s>-#|t{KTR+IGnhGMx3MuaWSK3q;3w7`){;>6F%Zy32u>|KmmZkmFA2d$ z@5G`CFBGw*{TPNg!!~sXNGtd7Atk4Eugl-RlZOzbjXbF0&8BtEaV7>_Dbg*U*?l=< z2qk>0^F97vECNVLXC3@co9rrxY+5Tv`XMGl%v2*zDEX4Wttg-~0{XsXSV&== zb#5QAfhxvW`K>)RAPmmKN2+W|=xuzv%P8^bVkOpc0lnLD~ZF=Uv=Ke!I70pK=qn^o;8MkfqtvPKd@J zc~y9g9Zzl?63s!``<}KTHAh6@mIYuHr9HB6YdZnWCZZMxvGq?)^vs9%`cq%oXoGse z1|+uiV?mjmaLdoCt_y|$=abw(QhPOSj7nW_E+Cn*lVo!g%)3xq@Y7kliB?=SwxF|+ zCaLP~sMni8Gm*I{4Sc;O1B}8%YZ(SQ(Q2@_>UL=Q!ocKnDvyJma^Y;SbAY&KPR`8E zw~ZS{UW=WnM*T)4i~D8N~{ld;M1!wVl=T2V@B zBYb6>u}1~cPI}S;Ah=hayZ*t)C!Rk)9tG)61axmt`R={muC5igljBFGjT4ho{aE4m zZDWTa%jnS32N#ZCzcpO0<_G$gd%J6?QFre4&nHkx6vSPz19LlN4*iTNZ5j#w}O;DD`>xrWx= zP9!3z5`eG2_2K1fhmv$_Dm8~(3SoLQ=2vbwG_Z8*PMa;!saF1K;R$@B*Ywu`+f>;j z#?5nAXT4I*0jM8$u~tE#2l`42tAY5ejdN-97;RvWxqKU$#zx3>!uQQ^U&%S4?*xtKrN3mw4rX+#qG{#(_Q*(Sa;9sgg`DHKm#Qa4;g+Rs z&8+iSHn|!5ubiKJ=i{+*ZH4*|mbuz1nJn$lZLtqwVT=s?^eeAT|JHY(^U0N;^}Mnp z&9<4TGWLclnZUR(M`21+Joe_NaXlZpSbY|Bq^1z{^OdKW0smV?BGQQYmApNJI5r5je95- z9J4)cxE7`hDL!}G^dBAm^_L>UY#Bt500_omqH1qcvDnZWkYHxP#6)n8=c}wiU}o@4 z#Z}{nkkPNm;AI|~p~-#UVH(}%KE>q^zjgyGxn<$25*H7(ud3D~X%H;Cq>pkldm^Bd zL6vsdV3DGQ_O(Ligetk}aVa&dUtSXx-> z+5NOX_|^quvftL;sRBDZ|ttv3JqRX?sXST4tS}Wf(Z3$>4?U`e9|Lb>NXkVL*DCAcvPUxp^ zzI^MqzWdykbE=Kp#Ty$(lLP?F)+ytpuu#%@p54faw@E7_eC1k-+@m9lxhVbc!!|a} z)?vG`$xvVEg|kziTpOvaGV-iLrTR{8Dr2zGWhO6B~PgK_Hh7gh|Zzx3+myZ73JhD(xQT>+_T7~*m`;Hu zzxVNpjr#F=J-mIlKTdWW`CDSAV2s)*x@YCc-MNH*xE3@62Kc z09ALo18Q|ifF;OslBzSuX21WlQvkwwTRZ7>URo&I8#j+=H;)hHX|PETyR`MDeMy`QLx%6oAf; zb?Lm9o3vp&-84%g%V{com4<;gwW^T^5H50B=gMiX^UBsD?G!1)mu`(DSGKjiiA%f1 zZW?V3V`*%l{K4fz0EkJInGB?1=dUsKOpXDn@306|sYbO%_};~_C#!$l)UH0cubyFR zTL$MGm|aSns!B@C?3kZm3l2+Qc0xXC0y-6vjb-Qb!Qu3TWUE=W_nVg;d9r$c6y$<^ zn*BEbI4PYqI@-S$lyd>fRZ{9;640?@09g>i)kcGu8T$$nPo9)o(;h|5Qm&d!f2vqX zHPh|Ug2lrOxYRJtIrgIP;IO?-XPF`70rjytP;f#L$IiLtg9j)}TEv!ru*P^XTeJvh z=7+LWW*mwy7V|Dz4YZTt;p5-`&R$$xcIp%#LVxsv@c)1cZ^WbX;+_57p~N{4CZYqh z>g80+g8~3#6E?SlU@9O=5iGdcA(@-m(+Jpx=(^!*N0rj-mD@BOHbUW!ZH&sKTXtU4 zV6L8!otG@{&??IY>m1R}8{`UiP5qGQDzCi&%Ub&;%U@<2qB$T~U`uZJC09A2gyt}H z7Q_-Feewn~hlfi+K)`MU^b2PvY7IZ|+UI62)RlVB-O(U&wb&o%s)c^4R~67Gp|5M(2xw0_r5ury%BgLf-RQt_AxamPI{;WK18?iDg8tr`u_8%S%O<#W zaImL3yPOA5t@|B?)Khk#x7t#zrmMlSwqT&A^1|84cRoI5UHh_StnfUWn)dxvK1zP^ zt&6|?gJ*Y2Nv)-?Orm|?Gc84SGf{or^=D4ZeD~ecZ7)ev>3PQY^qShVg+$9>2kGut zU%U3h5039x-JD!A66xt|ES2{lTL1tE!Aa@^FcwN$Yvt~(rLl4?3STbNuCt@QydflAqZx!@I={HW_x;xIeDS`aF49!0ZR~b; zXSGzyZ%?{7ULltcjm$YGH}bO^Zm5F501goT1_3ev=Rs&VAFaW&Q>;_zMHWE*4i%qU z&gYVQ7utJVIG?SN#Ra!;#1`+$bEhW9?+&(Ws9kE6>P!LT!nj%uZOE!20B``KWysDi zrm_^$`*3$DI~(?UNlb z0EtjFIUbT5CB`kg2`yCM*H0gv>nt{|jIVr7Fzf0kWi)32I014*1nUF=jo1gEVyLoh z4pTJESXC&eS{3r?wL9x+5-hW5+Qwn2Y79Uoa30AzS`E}I&yK(I@zFICvT{(paFnDl;u7ESQ6|U_O*9GC{fA{BoL9I+?1`3weL_|C`3Z}+csRVB7sQJam@mt9TpK(-Pwr5&ITZ&iRhj! zos%{o0M-|B=RtEcZIdoC1=@0sh@l#6b3&vb?LeR>&=bz{jHh<<(Ha>j4fND*O%Cj2 zI-CpB#Zs=bquJfjER}O%pab8gsR}&{pueY9Z3el}bmWtI!%wsdH{9o&Z(JT5SpX3D zCP`F2N|bcoHUj$9=k8p%KGOQxm^MKO2YPD@rF^nk*WBM*SzImvm|rd~l_Mox;F*?a zH_>Xl0(zvsbmr*n4?j4$i?f8aBzKOZ_|mzFAHIKVm&DXY`o0Aa1U5A-=F~rRbpG!2 zjtc({qDg0F5v+Uc`G7T^ma8$mAwwP=9dc73xfb0 zOA^>!{tO`1QmwjmM^PHL+nC>KGM%NCueVb6m%n^ze!1i0YlpWGKHADsIbxQ8&`#xZ zjW`L`)b4Q-L{S^Fqt{=#GP}^#B6BO%{LsKscUQGu&uzTzc1M@Kp7L_35Qb^Ju`cIq z#G&t*wY7)61X?y$ZeLC5>8_S5`Ryk+V=oGmToj)=HoZBR;U>hf*W#&t&uom4$v)u7 z1-$mFOIMyQ9Ubaeo+|HXaN!hEql#6A;*OW*4~;B-eCcT0F2FWaNVfm^*)P6&?Fa9l z1Hh6Um}w>Wo~Vn#Vr6Nms68iAkfq__rCWDK)@zW@q&I2vSg{LX#cm18ibV{|lnMdB zddwb?5zML3o>iM%&75K~oN5tx=Irt5OE=fOM5IGFVQWVPT2|4P0T5$jEr{mXgro}q zz#a)pNh+)LU~0Z=Q(cSEaox7KYyd(tF#}jy&VPJ$w7FT$ottB?!nG5s5!x*&-|EFY zW!9pA0w5qi<;YUwkl2 zUf++m`SOzm6SH8nEI6KOOH^bE=%)z=>>Pu+jfRd?r8&q?Y#a{*V#kl3_^UC4taC1A zJ|IcKQo7V4++hZyluMeK2}4^rDV=ro$lG_jUh5`L>w}!Uf&d~Ml+yZG8w~<8_UDY@ zlw{o$p4y9Wn3ZDZ@TrC8nj{`J0o^nXfQzDo<9%u@gRoN=)eM`;p^(B_=eTM2(`1n# z;d#&p=!@c(O%MrYCizeZXp*q@^Aw}($wddzh)@D>>IoC zvzyMelHiyu2oz24X=O{s9QO#Xx!b@(H7Ix2RgTNz z9qU38yLO%V8CO2%<;S-+YlYjUc1n_lAo!I%jbjFSD)Y;E=7Z9qM1l6a-QN6}6H`C> z@OVDbzSq80k3wCp<&<Kz0i>zwEH*dZVQgga^w``F+j&H6gfVivUqlOC#YT5$y;482%jIdh zA`A~alWGMZPE}ub{o44zj+bcZDdT%?i`#}aZ8-GTp1X7XZvQUqGXP_yTxIZkyK8G6 zviHS}iGl9UPM{3HT1wOVlwo7#TA9g5=~8J&skL=N5?kP#Z(RE6g`?YzumQx0-*S&7 zkYnL#}&(hgyBXUeD7!NHz=$vg321Vh60zzhuWU$HQ?Q`GiRIm zWs++q)Dp0`d3WH}M4J{Mnl=xG)945R(0Q zPZ7vhXdIv~iX8w5DVXuF6wnf^@o5ckGCTtOxu9dh8WtqLU=T=~YKIRp%wMrd@MBM6!O4 zFa#i4pwcrkTwv8M%%BZeu3nOxw2eceaY$^Oa=Qrf0i&9#I=c}P_hW>mM#oLN^s)l; z?o)aZqi{8q8rwF`Q{lP;AX6$_-_tneYp-AZ{hyqfTkd#_1>0BV_2|`Q06HGx3|T8XhRkEEJ1{q_Ys0Yf+r2 zp3b__R4#`DUEUf;e0XSasg!RK!C_z)OZm=XGu3JfzkG6Rej`6?tWcXZ$bqMwqor~o zP1iZuQ%C0}Hpq&tlTvcvo7N`uRLdaP$PBt?Pu_d`{Zsc%I_qe={u+Rk=A~yQKDjo! z`{k*TzGngWp4O=XkfbUfrKReQ~T&YFFgUd^$!scXDTR7qu&)=>$!b&yYF83uph_R-%n=Ck@ zF!|~mpIo^MG4cBj&n=GggGG(mOcFT2Ko%gwFajXkI)rCpqxU%jnQUX67TVQI&& zW&~CXAUAi$eG1F#mfmd^lQ6=x$ zmIC_y%WW2of_YaxDak?ZZ7!0(x2J+ptgB|9$xW^k(5;<1ZOL0=il$xdh-_J2tmPN% zZe5$OAO{<+_nR%9GVT0=GUej9tsfGyiroCBn>$In1QVtN&WB9E^66KSWlG7X2Zos$ z?d=yx67!SGN;yI9aVVe{tTx&>yB`bA&j>6eJ7;&$4_YbMT4XN3Z4<`=gqdXjKH~RE zJn}-PI@Wn$zmW(}s?qzyhGxKl_mvn{3ARRfYHue?cI-ZNrTcw1^Z!)U&mt-6@&K(g zYq!EYWkvMm3s0=m(pLEN?#dIzp@bjVWht{pZwBv@{QZ^Yg6f)AL_9y z`rILRW{xKI_uSh&Fv^R2KR=DQKC;p}&Asl`N7@uEw>JkNC#ZI0$5E^E#1@t|S|S;9 zJS;byv#x;Ni2Q`9?_k7XBO#LY*UL>hXSsAv>f*{l7m;|tQIKqcz5C44*WfQX+QVeS zYmm^NwigKfR7wuR$GppJq{pd|foI!( zQJN}%;>3?r4?vuFJ)O-`HSa0gRcu!4K{HWNppPC}sy3ro%V?GPJ$roi!z-iR9Ss0s zU}_D&kc*R4tufR9h}=MLb)%%$7$G-Pz^}hBe)aYMfKxV4K82ZEGyPpZnEIm zKsyff)GgniQ3arllyYl2L}C0d{QM{5_qsQ3qHhahR7(`>`!+EOfFKtqyA61ZmYy_$ zXSR4iZ^;oQ?U!G@{`)_^KZkCNlr3ITnSq|F-j~$NIWp!xy_j*rTlEc(LfwdWCZL^= z(hc-h7nk$*e>NetG6-}Wug9Zn#wrX}n8GiA>60)@fAsD%8`)<7rAoe-Z*F0hwNc)t zl@&gB=I*6y?Pcsg{^^;?ss6pE(pq){IB{g^>u-Jd&ikil7k0E;dG~|UyR*-&`V|K0 z`7?JuzBIN`j_o|i7TMWxNz<6sLR19)7n-NED4?GG`Dg?>p|64 zj5}6t>$6u9Yvv(s!3ty{QnCs*f@%tz16cxV2p>SWz;W+tKs>b)L#!?PywX7^7$3AV zwdz;d`Q&yzXCLUOdOA-m)(L3ZwQ~y=ozSj&blsqYCCJ>TCz3Tb1+gLZi1yIuV29%T-K?clgIl8u7N95BHg|8x6wpr(G_i9mc2Gcr*%3dXD=M0ZnMpnB;<{iA zJ7z-j5l27V87u@_wzLxgE!kS3{7eJ89mY}MiG}L^v-0M2+WUf7@Izc_9?WkfB4i3^ z06{aDAHLgtAG42B~TAi#Z1 zhGi{(p8xoD_x>QpDph2m0W{a~u4ugsSCdr@ebi2|@#&bK@w5+ibqM$`8_laG>8B}!617p9HaXQnt+ zQK$hte|l=UoU7Dxp|A5%lBP0_gTC(S{BohAm`Gt;VE{)4Dsu~)3?+;e-UbTz_@Oxl z=9fEKZ`e{mf8$G6KfE%sMciPF2m+&x0+6QC-#~L88CjZ|>)KOwb5d=y;P{0%ue|-< z$=dy-yI66humFNpMf0`s!SQ>2yIta>^4RxmwXrFdd#dG{E4Q!AH{Q7N$+h89{r&{5 zw!)JRKu0mIH3IAl3>bGm0$R(~gM@H_zhXJEL$Z*P+}~4MEboDUW-^dU+2&>ibS{?y zIDLGgT+Uy=-A0ODspb7Zm#fj1m(1l>l%ipfyz%PgAN=TRL2}?4r-g~MT=IB5nQ>oVhkcu2#qvkKi+hv_26$Dxe!!?KyW^Ufgy2r zbpCgK^pfxq_ptC?uo{%ri%EC0-yi_aV=|-~BJSthJUK86RtanX>$BV;jw?$D3!#|< zXvg6kr9CV(F>7WIfN)$Gca@VeKk3*bVeYdV$Xj%#AZXVw1PiOJy`(+HCkPhVL|i$g zI#&HmoFbuj>>tTEQxHMPvH%?z;p1n7jDUW6pxH6=4k5^-fPHdVsT2%mR*#yqXeL(q zLMN_%U=oj|1hd&eKd6QDEsIQD*bd`;{HIRz|9>y+-`IblYy=-@TP7k<7LTjdXfVLM zzvyI63U-$FrhwK$`po8_Cj0R5Xld~Pwf)9|h?p`9j=dDER`gx$PXRr2rZ6|^WA zJ_rQC41P%D_;3C!`OU1XJPs6y{;XFF2nOW9j>!@`MkHw586R*A<;Ijf?Bw_*P5p@f znfPx<+^HM%k1d%sL4<(@P!=m&h*N4#(aqM+3%K`b-muPo6Miq%_I`=;B^j7du!Kyx zFz)JyMPo>A^ip?u3g+zcbE@a#m73W+B;#I^SDmV_&n-<}_!agRP5qei=UudUE3OIQ zm$!~4WE~LDIr18emI8W*`FJ?TrRP+zux_}q@@^5y<*oBuks^PGD`%v*$2NlZ;LGrx zSN7VB2n)adnU}r6p6Xk#UcYi{s1bV|#U=nxnKxg)#Y{;mQ>|A1r6M&-Yn7%lF;Z*U z;$a^ytdpr$052@%9g}fEF}I215B>D$p{0wrMm8QywG0Big@DdQ>HJawz>T}Ba$}}O z>}w-EWqZ0B3#CGw$S_Rj7Fry!>dGfV*ulQ?4?j2opj?mox@z;w#d@rsA1wdYcb+>u zR0@34h$VpGzVe;v-c2uWR|LE*oH;hPX3rX@D)7_uC#Oo~a64D1jmYQHmUD5Edf}?> zHSqLMPvtxBp59Z^S=vHC5B5~z#NP}13?Mb+DeEa?4Ym03IQ8TEQCO*#QJALlo4!bE zRm?X55V=3_*2N#Zcly3j0argkv}~+9^37^}zXUXsvvj|YU9nfrg-J8sO=s<#l)@bu zTKew0_g8QeMCyc6F5ckjp;P54E68>fn;VJgO)Z#~-}~XSwb~{EI<=zHGXRbro;`iy z-leODm&y-dkE6TUFT1viFXM5&AP&jezwnDc`Q*~r%zV!-_i6UHc!0aF+$RThz|~r= zUJoax1^`r#Ibtr}ksL6kBs4pZ0XWITx>{LU@4PsU6LmIkx z=kTT$U=fW&&cCtgeb~d=h3uRv31J{K*#I)eY^8H{{<%2uq=SptN*g6B9Ehw@W7M_Q z7TAX{2o_O0#<_V|e`RNh*Pyh((Ng%gd>KtIjDvpM+~q_g$%3-!Ldv^nzW5k z!EzYPkINU!&rtrhQBAN9+ViklHBlHhmD8%@ zs-@QY#4ZZxIyYOrgrtms&hW&*z_CO72x&qA&OWh@G8$lJe&n{HjhLl^N%uMb|1980 zkaK1Sxn(LT=WG_>t9{~FN6yVHf2zDpJkO^CT#ty55zqjDn3);-6DDh=oOA5&seeo* zd2XLf_ai_(%uOvHAPUl21|EWA$>#xDu(MW3GIl?0&fw|7ln8K;OrVY9m0cPDWL5^A zZ2VELa5*_NLtYp6$EX&lyG)CDSB%h^L;eqqr@68OIOUjR&rhaU{k zF#Xh>(j>v;2n=!%V2Vkdc|Z!=gpf_P1;DXL89;u*Exn}Nt@U%PPx%VqA?_F9yaQnJ z6wJBmaoPRJMgp3HMV49=Zn*jpLEv!SF|EvyZ3sE%wp(U(T(h-f7qb;r6N z&e)`na`!f!U;`nN_6>gij;$Y-AcPAz$ms5<*BV|vGS8lxe*66sorPw3Gsy+u*x|WL zHwT|PeQ#>6yO2u&eDV45>G`5_()X-VCJNKeLQ{FpSH|;X&2&xx0Du5VL_t)nr;MkZ z?^$MOEmJL1BXz1$<0Yv`jY?CMwvKC+YN?G(QV@cGKa$uIkwE;)ho^QCG7I9Sky7dY&ufl6o_+PJ*cxdjOKe3xo7a zFN{yjbhpkgSE3^$OU+o#EOh<k{?6Oy z_jtM1p6{E$H;MN4UciizVW88^m!w(-z6IQyFWq|Q!()47pV5+#dk#P$pVS-s_q@7q zI6h-!m`ecU!*p(O_qd4SnNw3AUmMnTFN0Vju(PzKEo#Po6zYybb9%OSrz^|Vt>()* zRlaARJ$pM0%-iprf8bOgK%hMVUBEOI4i}cb{rwmDe&%|t;KKWinyioN2{(SL*IN}P zJD+XHSlN04;RpmrY}HEOxPScJFKoF>)VJ`?j`3E+q?vT;H%EpUHSLHmMGeI+U`(QPCG>_p>``@ z-l+6OrK{C)*I9s^bqcbv+xaRyWSTefcrKjd%F)|lB}c{zTLBn**ltXsQ+Pvyr*$v; zi&gf7*m*~zjA8RD793*7eSNLM_QdaW&IstI2PqsF)RufC0cY(KyPA^1F@x2k4m4yf zD^H|?^?^w{Cx{&D9X7BxA&S=dS%9y0h&=h}H+?6<3+Ujs`&ye>=*(9=%?}n-O5Jrs?Y@?61O%3%-^*${js+i<%t8L6teD; zo>c-m61h8;gO;vpWrSdIGIv+6-oaImiKI)~5QUr8Z@`6{%$nCg4#k_?7^KQc=>igq zJJ#WFp3BcDug2c0l9~z5=ba|5GKQ*iJSfDzLejqV()F8@{ZsQ@dpY^+v6;Km-HmuR zL1^eFp>IpItrk&V|Kin&+3uxM?#Rf}@I>!dUc3HVzyJJ}SZc+5Iz8X@{dZ6LzIo;R z=LRe2ZUs}&IzGszZedRo5i}~1-&hxBN##h$&t>;Dyfl@m zk=m#vX_410!dhsf($qV9eD;6+&I{}9b`lNsZA#+)?&|gNtzNf@R)M!^fN^qczPv3p zZcMC5p|uwIT-tK}bxd*Wqa{)f(tJMo;K~YZU8zT>#^&C?bO=}(3?`}Pdm6y`lT#ON z3~#x=vqC8bP|P<6dn(`g>Dl!+Ol4^s@^`_w;Ng?PP76b~}!} z=g!|+SSq#+@wXF10$m$F`h@_@*i8o7${dW~tA<|P6;u117VMyHt#+X`TT2rw>L+4ICm zZR4t!djV`&6l^li`rfuSyo*&2IDxHM^pOg|u~(@lz2d&Jb1(m_sk{U7I;M`)PFFf- zj<9z_ih!}OB_1Y2h~T7@p{{)ZKsPP|DAx0h!J6)|LENcwhrzK;rb&53IWWj8*t7<_ zK+IkQIH>IS11g6ezk*HgwbrX>j+}3?dc!MJM zJWNH`-=zcN4ZA;N1oYE`*7lvY!JQa_;OrAS-Ae&xc4|L%uAdUplSI}W7y{Y~A>EE9 zNljvQOqsH*9d6I*54!t-Pi5cymw%6eRq-ugEAxW(Qjx;vhShm zqvX667q8L#YiG{U`n0P4fXwfw!2)*-QE3y`yx%U`g+fjyrb{9aYr*=0MNaxHcamRb zCy2ph;V-+|aS6alVg;d*n{c(`!mE&Ku#;f9NyJpV?b2@IDmTZZx@JMUZR5?&a^oB#YeE>wTvx!WKdJG8hL0{XRQ z$GbZlg_0uQvnK z5rwx;j4f_4xY#j&olH`hz}w?UPzmdK)>GDB;ig@Sxz0zalGal$3eq2caCD<2vzdg2 z4Hg_z`pt=c>Kt69v6ExJ?|fP-HqSw-WpGgZpX z?%2w^fMiT*Cx@lY4P5{mu}C@X5G*0I$jwr7fMa%kg_yW_TUJlGaB(HdoUFqI>^v5F z$7gwEio4bcX!e=v?ORvXq_l_CJYh9f;dYP)E8f!VlZ8~9#!I19pp63B3y+5t>@S7FLc7VXEcN?GIdI?!H2-#^}wdEzvEJ%dlG`(e5n_bg2 z99)Y_ahKxmURoSVad&rjg1fs*vEooPIK_**ySqDqH`o1q-~Z%H&STHa9$9NmY7(_7 zYj)BuZR;1=RPybaEx1#t=A(UmD63|q87p;RYUkn`o=ooJT!rIsss1ZX6{*{sban}swaJx6Njw$){GwhC5g*mDRwhm!5B z)RH(|KNLLplHujb(&j(o3bf^!`iCfy(ZCs#R;@V<=Nx=0Ic zOW2ut(Cq5MHhPgqF!gk;7%kk2_h;;ZCpFj6Ql1IT^B3vjH`ip|JIBt$Vy;3=c$!*2h6K6?_9ZQ z&3UxCz8BiVox&tgTNkSKSitNS%b4DZbM1~(GgS?K^F4oilK8^gviALRWh^2O#uOFI zs7G0QgrOglq9%~FJCP?x@klkk${$ZH;5Y7MxM7GhIOjo2)$EQ_Q zv*zqtA>y;0pG#$IfwRw(xWS+482cEh*HKl-mbxT(=Z0$NxWY<^tg-VKxulA&XrLQ`yhBE;@kf58DHefurW?Oc^E&XWE zcKsVk@T^#iHwCe*-23mhTe~cuGPijE)`xq# zpK9C<{){X${NNU36PT!~qFFsqV-={))__96DEB8IU1*XMLq#c4z7oi4Gv)%|l)dQD zk1%@fuoWz^s5nO0;!+wCHP|Gaag2E5mu9JcmNMyyTItyK!onO$2>RL|xBjd8@(35Q zN7NHgW)YCdOahu`bkb<1mhexq4%b{*F5Q)I7jvsvlM84pHO_4t%_99;k^*w6vLw{4x#PzJo<_K1 zWO@K+yBH71C1S3QOng-s|D67wm$7hLe= z*wA9+-jbn)w1}F*oe|+1FpPnzFOz<(d=VTj+V#jgw$*1cVnKH#*Gh0+_*cnku&3A^ zepAf=X6Je-)k`03aO<4c^lPC#DiYt`fo?;-D)z>S?=n2Ki4;8fABs^|?C0!u3!)-Q zU3U&We$g!Fl3NB*qj`pGd3iutt|?`bQ#*4b;X?R?_`;<@rC{w!XTrdp{eYM?r_006_v);E znR!TwSgVzHH8(zKR_ai8{&$9w?0lUEXZktgZjL6Wbt{hu+bcO5YCPb+)L@ufDRvz4 z(9HP+Go6G|$T(Ra_&(7B?8tWG;7l@o&B;ys2U=z(zCNH#w$>V3gqb`m*5~~mgO+O1 zf;oO)`qAzG%0G0@?=%SMoihxE;R9b0CPjWo5Xc2u zP!o&3k$16f;J%2>%|H8?iN|19Tx;u5PdcQpgXZ@M-{C?lK;8~n9z~;u#H-(ri!lM_ z^^E`cS9P-PhV3QMcyhTB1TWOe9Ap<|@~}0Yc$y86G43T2Li-+!VhSOGW}5rY^*xhza551JXdh?W&(P1SmK3#%s$^+^;p zc_Bro>P=Qk$F4huyG=w^htcrh7E~&keg9;ot~qI8;4z)-J=QmDMa{}7#@7O?^6DUJb6$D{ z2|-0kQcFw{cnCgi2aM@XTi0xmVOyVSKEH{S$XATwdZ=bN6G!S|&V$I3(x2vl1E;Hs zV%VPY1DIb-^B7PreNDhjGn-|04)mi*7ovn|0YJbKbik^H^<3m_ZtvMf+fbH?sXG=r zH2l~s>E?5xm`;FLP~Mv(711;YO0bKT-2LAC+E84}dZs`SH;PvnTfuI|vWk(jWujGV z-wdl(i}d|&p0w`bkUAf{q07}jv;f;bv67?kuAh37bi4;{Z5WmF014mf`o~2u(-zAy zyT`2JU4zsb6oL}rec0f(2YgmEr1m_~Uu%Lm;^dh+-&d;9?PFG??b-1+f*?F*s9B%% zxV6V-;2sg#dhSWZob%|uZs+m-uXT4-L?htEezvIh$M0qiZiXw5Gu$F_VRy^ze28kW zipgzYI<2=J!n$&VD2PXQj1Dqcwo_x@?BJgk2)pjBG~p&Y=W>zNsmkw8_rzDz0JL z1j1_QZ-lcAZx)@f%RLr%|N9|0U@DHZibe?dn@0tJR zIg!3~hl!0vJoq+aQe-xw@1xelK$U-H6{tad)>dduWZxwp`_l_3&Bco*zwmeZCowpI5ew+oDEteg3!|^-E<~kA z53?X^+FwG6sCFMOsA_!Am#>XQp201Xnsh#cSU?SEZ(CE4>T;VxSHl$TTF#{v*3m^3 ztNIOqCNe6hG4pBlQfrKN)A#rx^z^G-Ds%wXy*ov(fe`QY#E=PqP(c*`m>c>f7T+Om z^VErHv}tXXEXViytY0kti-rq8ds5iVRgnm!Ix$oaOhB;)5z=TYjGfVzDKwpo(E&Dm zj}P`-7vFCDB-b?TKdGO-Vm6m)Gix|EM3V^S8j{?*X?XCSZNz0KcXqYthvCbTyn41Q z4?rm6yHGgo*~)gXA9p^JzKW{&kPtp{pUAAwm5&9>MwT+oD3<^w@x-0^q_fzj>8La7 z3(VXRKU~)`_~L|`#>nL8s>BtR3p7#NKS`Wo!v5oxu)deNt+q1N)jzz6JCDtj{F+|B z2Ek=H7JCSCW|h29AdXMiOhWdIf_QzrGZD+qz7sSV6gE;ecLYQwb~B%Z>)FdbDg0%a z{(z;-Hapk$y9=5}0T7Ot(CvgicE`u5Uu&{V)~SRwHyJo$^goQKiRmCv$cUoBH69^5 zlOPP2f5&G3(Q@t+Z@wdK%K19UI@q-mu7SRwKQ{ztLh{f)lSzoRW$G{}7%5)!m0OaB z#~ZL@3+K(cKgAJQW}hKx>E&n|jX^+)!?`xEgp0lqd~bD6#&mAyIEuCR+dD=zGM9D6 z{;5HIA<7{!teIORTUHSbj;T|PzlPr<_+R{FU-aGGC+dD_LjMTO|8P|3!tng^S-Ie~-Dck! zu^{v5*`4ypH^uilbafMWX&UVZpFoKFbRJ%Q7^lRW^==G8EWmuVX(rVR{q8YDTYG4J z=96bfs}CZ)cjXRyksVF7{M`-FHoG;%p32uH>uk23?ZDPvc75Md6@IuJTiblzzHq&C zrsb-+XY#LDY5z?9q%nlN^7rTAy+Y!PyO0Wud$N+W&K_MkzpcXX-7%$W1WrQ1 z_-)Ex>PWjt>d&D_%EIk4WvLW>&BmbaQTHs&=^D=h9kV5aF18ihj2#HNEHd|& zC_Mdr>POMlXVUY0`W&x@!!7D>$OzxRwQR0_E{mhrp?MSHg<8JpLvDn^d{{gv8ALkh zKf4xxJJaw#k4*nXzner%1@4h|O15G#@Ipi}Gx*E%=v| zHMm=Tzdom^Os2$V*U2A zGI<9J@Z5B0UfcmfIywXpf2YyqynQ##Pr0ZjZyn1LJbCi<KlctXfp>}2}ze^f_DXhl#=KV$+|EI|u zOPA%pp(>M%1hm~T;K(_n5#0&MwSaB?mB@P>*Ze-8}J!lNZ+rjKJY-yR?7vGa;;RpFcxy>^@ zVz0J{d(?bkh6u$y3w<9m-vXeDYTKed=?92)qw8|N3PYVQ$ECPe1a1^nY<^qfNscMY z^LVYle)=20AE}7*zP7_#p>cI(W>#xdDm$j8>+0_lD4CN8En(*Fh7+4);C@yBWjwKW zX6fi=@&Nr~Vr>~^Q3?fQS_~uzNIE*Vugc9tN&Zj5>{juz6I5efs> z+u-R)P*k{qhEl6yUlG!c^E+ROZHF1BjtENiamU$_Wrm24u*l3CgZSF#o@bQ?C-QR$ zkILQMxkj7V^5q&6neE&-l|gKForBNGjD^Yi{Jj1Sr9Spn(J(Mp%zjPB+}~f*yWdWl zV)F*>589w#u7+pkAh^sqLjMvxs8+Yy_*}~oPr6dU_!uTV5;E@@6qhV-<>E!IT>=gv zv>%N2C&Bvaf_sfE_YC-AgOr-ZH`moL#_bh>HnAhslNB<#>C`@Br0oFHZC~2xi|82_ z30l*l@#YEW#$dbp-^pL9x?|K7?H4TfFQPmHpz6ZYEJCF{I#$cX?Irdc)<2s4LnUuT z0zW+l?T~EGKfd7hQo7Pjtstc+XmSW)5fiSP)^Z8_c|Q$S05nha+ac|D4(EFaWSGsD zefNQDq=6FZg>9^tkB@Aa!a%Stt8;@TpFig}Km3E?O27dCaNg)KTtDpQClgAIU2l93 zk96<1<&?M&bf&W@djQxG1YNm)iv6X}I?hf?oh2WJ3SepNTh}GJU|BrrElhL+UE}L_ zty{tl{=m6dGG!G#Y-)c9fE*bh|_=*x~jM?oo zV`OW|{l#SsOA2!AlG6RZwZa8d3p{}~!7LDcp4JhnZ@anhn&rzgJ(MAHCq%5o212KE ze_wZI_VB5Q4VJ7h!>9tj8!A1IT`xO)>}AFlK4jG!4ATL;1+1+o(|H@}IivNuKW1kE zJN-c5{O|3)N~x}ohFK+XFU6)iVIPN5&dL=6QlbZ&-oyt-jz%|9YnWji{n#KHhFlH- z&C6Z6$>oDOn7X?lyF0!^&Jsz~d9jsqTRF*gzn#uW)k)$Y#pQ7AREyj zrPDu?vX?PhOe zcjzxUV&7H&^=_F`o@Ol*`i%VaMfU}Z=?2Pij?+{=;rYN%G}r^W6&S*?7pKOIgMi~n zLNV2p$PISJzK*@E$jzJ#qfKTp^P2XsThT>f75N7zBkRlzk8(32OdI$DJDvg`KxeM;x`=! zo9UgLhMy5j%6}zM3ogxX!n^OT4V7@kj)owXU@d~LK{!39dziRAKt(kQf%#Npy5ls5 z-T8r^S0Qb$wbdpTO%ZM$48!0N*0e&f zK&-k3(_{mYi!&T#qznp^9{OGUo(}H0NX%-#@@ig=#L74BW>sk`kx$Lf@Nd2VDC=MZ zbvvHN<|H&$-)6kA(ckA6Yr9*R$Mj6*4fjf1k}rh~F*@i-$`d!=w==Cd-*o-l!eHS3 z`l+|hCb+dD(a4p;|D!t}3^gVCBMsG4sbVj|g$5cdfJr#e)Z~CG_M#ol3BI4k`Xbfv z6My(Xi@Vo)T}-Rr^tNL^a>+>Jm;9G3ye5<8=}Q1#`~Z(VuO^1T5C%pZ05*Eg3GC8> zz^F?euuJjIG`C5>VH=LIGj=>{@Uf!N{XSotBkU(@>xi>vbH6J6$zd+4Ow+MM3ST%!ap|HyD!C9uH)1z8*(5SAWf_U`9TI2&itp&7?lE#?5Cl zVy+U_lZBRJ*ca3abnE75owfP;_&L~u@Z3DO1d(N$NHwLb7#3@+N9uKy$ynD(m+37w zf+Q;q=iy(*t}~Yh(Ck|BbRC|a*}yX>ybhbEGUrgpk6>xBdGnO{3)J`qD>IBso@G6nx->Bgr zEs*{otNDE`nya+(<#rS3jwW%)KfH(X6@uYfI18Jo$~Fu z>deA(Y)J*!jV<1hDCuAD%I0#ap`ROgc6Vzsl>a^pe2L}lrVe@AcW&d6XzAo1nUz=ZE zx}veSn9;nv;nt?oJDF`{+GqFs{)!S68n+irXtwcM_x5Y1rMWB_(E$e9uGtr}Y$z8c+7f8tP+_ zZ-u^eyrSptAL9wWXU!Azc$ft10N*#?Z$BOuyB==olyc85j-O3{X9h1Q9}@;oEgx?m z@7di~_kH2$WUWkg>CSi|blOmMpWiZqFi7jTupdu@GNp-`CWQK^s=kzuu0`+~1K|ZC z-3{%j(G!w5OjI9ZAON>Tj)5m|qP2asy^vXIk~sO!kTvrkKi8IrG6cc{HHK8t+gflY z5Ip&I`fFrbVjbnNeAIw5|ANJ-7DLsW2r!=XfOvdfan>g^H}i zsp@3hu&(xHBsNj6BBQCeICaMVRxaHFFDl(0-GQG=Mk6 zii0HAP%fp|8=>3#MOM~y7njjTcGd-T*g!AvvrZ9AD#Vm*SKVWJHi3`*QW|Jx`$AvC zhF~^iKWXNVPPUr2z-&pxnSbMAwwAJ6Yx*VCOxgl{G(s!i=#Kk4cUP~KUiBMdm^6Xp zAEdIa4%~*g*rN_wwKgkN4CW}uyvm{KiOYFzNWOhUDw*U|MZiI9xh4hWXE5mXYGo-! z<^W+L_^-dipyi=?J6Ub>`tS0_un%T{K+C!*r^53d$20rii=eiG(M1G&F3$S<`vd78VvIKPQmSzYcxkb(J6U+pW~tc(puBO{ZniC58G?{{7>v{m`?|yjGhk zLgKt_OHDm%#}cZ-e1~Fwb5pls576Q9Jp2&)*QNzQkyxukaGrb4AQGEQtUPJ*FsA;` z3L=lUn5d8S$@!xO9zz;~vV%rvOQrksgQHD^W_5UHt{dQALqjwpY$Fc?Dk?yUz}+$X z6Qeev(PqO6J%CJ)M8PdvMvL>>nIC3r_-f`}5GJ~04I=+Q*q%L`#lvtl{vTNDBDCI{ z)6!*9^P3R|hh~?nP3t+yjH=e`0p_Cpz0!o6#tG=vTsNzt57LjdzS}4vc{YP*PK(x} zm`vDa542oG6T$u?o%q0(sE34`QQ)bw5S|;UYouK#^_LBRNp-GeklP!5Y+r|BxARqgQi@;f7v+*V>>2 zP0y-XY2^ivlB~-b$t-!xB1#Oq*6Lq$-?y}scyW;zjnC>2J~eRQQFq^)x4EB)gTe1^ zt%eJSgHm$FkQfCtdZFH`x%4C%gN#3FKN>+kda3zJHkGIZE2`mOU7Rx1g2c0?-skQ$ zf>zE{_6h=0kv90g?;9|8D!1P{+UWb^=NYVDkL=Hta&t-A(Qh}rPpd_r5P;XL;C3K? zlrsql3Gngqon-RS$J_gT$Kc7M0jnKlG}w+UwaU@@2oY|*P&oCSgBwQ>{Uc(hj0(B5=|&rXTc9~%bGqOq|goqnea1|O$D7%?fSq3%bG_kXn?_}%s`1DPw$ zE^u^8A``uMeswsoy(2}zI&p{QDonTaD)Bq(Xk?^dd67?KcX#Nydr~AN)QD-AtiUW= za153y9UIGmGbou(3e7zFHbP~0i%KqGl0`h}N>=$(j?nS>?n(>7{n8SQuIHPly3n7O zo2%Zt!~{sGR$oRZe)JP3w5q(QXm@X9d-BDK*M4p3>2yQN<5a88D}&eDa&HqX2eF^` z&~D9I-e2?@<*M&z`4FY09MO-lkLS&g$M>=B2a8;voPQTE(K3s(0Uz96Mr4b4ebjL@ zoa5CD(JejS9H9;{KSAhK0`9ki=Yev(8c_?wV*FS4v4Vbr>q6WobYx^?N9EEZGAB?O z8OM1U$M)c+g{$c2#ta8(4v(_e#Ttkbyr15E`EpGY)x7qUn(Y`f-eLNp0mnS!HB3=Y z|M9|h<-*Kk%%PT@dom}l@#XLpM~@GkOH(2p+T_Pk5lMTA_w41lz3(Z4l!rj!%2T87 z9HH`BkjCn4Fv)R;-WYFl-6RZ&(WA}$G$v5m&3!~@>*8o2Ob!kS z5T~d3bl71emeS#UUAgb0a(vT10FsSSi}Kn9Issz%-dBJx`PJaF*LMSO<;S)tB%!?e zm&yqEw=Y}R`m2~82SsI8MW<$+W7VtwNt?})Zhm!h8`T4sY`fhL4}C{`EjtUu{{9=L zYF^5vK#@>0VKnHG}32D|5#}8KLoy(z0U#P$iPEH@dh29U(!cC z+}xO%nf?6#S)}&CLj(HH5G}3bG6-OugOJFv#?bPwmI&BE-DM$0S=8;!2!F^EchqNI zOWp-}Ywyt?)D{ts$m>S;JDi*!rRIow|NbQ6-SZZv-^+67ay=a)>qMGch|{4{sXjxSwHMk`q8Wl8coZs*CpEB@>w!Q(rkEA=G@n-pt zDi<@$&aXN6J%T2^-Q5hE8_b6jjE1Z$2u-7i5G~`2jQ|5Wb`N49(Z6OKLbW0l6SIGv zWZb5Qd|J}kz^;}D2p3TNmX~2M+em^WqQag5qr`8*@**1LGOj+fIu z;LBq8`@V^OzBwZWb%?po*y-ziA@F%I{Ns-7)U#=OCeP@9UpYj0@c^AeAxTI}0wG&0 zOD_E`+eM#x(Y2*&^xC~I);I@@*%5=%^}VleN*ECs1V3sV-a(eT5=V}8F)@$fLzGM} zQliywgJy15SSC_$u|Re31;Tt;W9PqwZK$mo`KXL-B-TDjC6dSnfl{!*kbT`1=&AgOLBh7{Q^Zm)G;H3g0L(IAGFu4-I%0r@KX!{yaq! zqwiFt;dsRGz2@c!mlPDWJ!=1i6^|A*gK<7fC5Y;pbjE{f5ZHt1rAaDZj^OV5m3YJYc4kLzob$prjT5oBq2n8C!-9x8#zqNgGHQLLwt3#0-Q5|o7*erUqG? zV{6=BAy)&Wa$y_ZDUbTycN!>8b|~%edUQbsE&{%3d=z!R*nAw+GPAO7dSpBTUx_}R zYd|nBYi+-^H7qD?LyTs&f!6twG zu~T50Ju`W@&?)U_MHJa`DYcnN)Xit=uG2*MWh_j@xaZSn7mGKFe4K!kaf;g2 zK$^e^;s&J~@KX)^|31C>ba{9RLERItlD)JJ-Z^}1owoq59@2t0Um!wir#juYre>Vj zdB||C>PDQV!wHaIgnQ$%)n5tuc(k3|^SwFIx-tRRH5auTyz&C8@B0+{I+R4-pOWK6 z;p-Y3?`q%5fp9&wZ#QJ#Cn(#O*K&r&`dTPPSnv{pPU`aRvoLj&)rs#LlaOATu#f%8 zW0waHs$0@UDW>^1<5c!(b?CD%5R$EZzXB3>yUkYqe$h- zAhC3YM|Rzbxqk#4rk+RS7*KyPOLPUSZg;O@OyOqG7X%UHaG2yw$5sDJ4Z>dO3t9xl zYr&6u`0GF|Fi*vm^j-)Vk(?wm$zA^03l_QhJ~M1{1moo`6~FfI%Lvto^3MY5aB3wPw2=mjvaa|2(Q0xZR#D*N^DU!3jT9QQ z-}887ZKr_$#a+~hJ_VU5(7!@G9_>^5!iCV34!;Nw@McNkbdguTQ>!LqXb2C0dZ!T{ zp0@d6YFnOid0HJ>80P_jsahvnSv3&s6&1HHd4fUL9;`7Wdwbxgm!r$hTU3{3I$_8k zj3=Eljsr7D%CcB$IiDRs<^K1t^GWS+rrNK%ZEg;+S+M{uZCf-EQ^>yKKd9fsXX5GZ zZ@#0%i7s3-d}jW}i3$4jI-=N3i+5>+kAh}ueWdj1UmETIjQ?vG9kP7Wkk-w(}G z;G;R7-ZoNC$+cqvFjVT|!rJ#a_H^@Q{WemaE`Hp@jaznqEpwKWvmv)rxJg%WlkgHh zXfikJeFA;rTjBc+(ITrp0b0uYUq%oAw~OnqLuv36>2zi7P_B5{hZ7TTPZo6V!>mBW zt)}!rh}zL-s)^h@5dX%<*>X8LD>1~qh;xNR%BVN#5DV8DRSGbDOsM1reBWM0g^Q|% zhDTOo&}#$)Auo>rOWi&!xVM9X4jyFo?x{q?uD>0YNf^ZohrHC)vT+N=y8A~g-i;m$ zLo>ll6QZT~j^O?1CAY;bG$bn5N(KXe-J;mQ-r-4p`{w~#xp@iZz>f=$8*8J4Jp4bO z`*WrGXAz@xsu%6uT8LBEeqmHhCtk%aB~A{vU(neB#Pt~NRVUO9@LezL%2;@uY@vjs<+Wn)N!}>A$SMV9=nC#<>FTk4<@S|MPX$LY! zP_tDWcdyZVO3u$s_{%=b4)r@!Ul{GXZOJ9d{fN(cs`cDwJYF{s56&*Zd6WWYi7xQ8 zrhXRQ>sWsii<3pg<4cqHX}@*s);@m6U*=s69#!nfSmdJ;*^6AIICFyZ?dt%v#-n%6 zC;iP+&rxnxe&JlRcMDkcTwQRFqXdq`L)2AHG^=Px6_qwsK_^4W`ouwmYud(t?{8a3 zdIwE;LaOaFwsb>hZeKr`mJ6f92SBr3wtG8$sBA-UqBF@6m3!-F9>%6y*4d{zXc*ThwolMuX}U*_(r3E$kW2J6)5QN=+m2`RAR7!YQ% zG<+y?oE#dq4dnW)w|q?uw?RWrG`4P~@>pzs%bO*&YP$yCSxzrCwJ-gM!g1=x87v<> zv5`(FWI|OB8$#PAtKFr(z4Z6T=?!w;QuXZnd)hMIK2}ooSx7hG3Mq;ozGp2YQ*~Qz zN_c|B@5QH9>lbqD8;LTJ3&Uz&3gqA>KUL_`$l#}bO_^ars-#rQ$w<^MbMyw7YDMe`g&`b=pz(Is&T1J0>V z_NXYez5WEW)X7q@q-Xm=D%2e%+iAzMSs%hJU=Npkd`x=Om%a$4| zWxHE}sFYY;SGnq%IJM;QVDFtEKBTZMVuAerp9OoLg$G=mrH(Pl;Dl~!^J9}k87-^X zl2kDZQW{r<5I3GNG$V1O>9wFnQ#vvNCHhLz^ek$JOEn=@^M59gofuibNi5k94vENG zmzcLZ46}rJVFbAMOpidsXx*r zy|-hhBS@*X?xt8B!m8}HNSp++Lg=Z{S8Fw?98$Zkz?5go$m{t*H%6^i+kk>_F|ZYU z4>fo70!pu{Y=1iG9al{XSsGB$Kh)4luhusgMi=5z_@a#9VwPSOOcu8kL4g=&8hu#(ru6p8jy%ir4-OK&z5`dQ9tj9in@$M8llpA4lruw)uwy)Mb5N zF7GyQ8X;rK`5=pb^ISW93oC!Ol@h=3@5PXW#(+h_NQ8xzPQpM9T&PV5pvEdl zr8=v+YokCR&lohL5R%wwJ!TNatB96N9}|WVXUTQ*#v|T5BvR{cNM&9zqIlK%p0j~l zp%ikcyNkW};vSWe%uTCW;hzZX9cZz0cDeug<+q_8NcfYi7lq5jSc@Mv@}xIM2%@d; zY$gW)!2sSQPiQ|YJ(KyCp^`;fOuJ_;n`cN!qVxJ4^1oZ?Shz`-hF||v@iNU7sP|OU=7QkGh>-w^i&79 z(AxiU%vx+s!sM2&!f3dm3I5PzYrB(hIEXVtXGzOojp^!*{qNTLKmR*@iagKKhsUsx zN!)ho)nRLs8-OXk{mG@bUwqPPpIyYE=?pMUmT9Qq3|PyljQ_XxX`S!*+aqzn-;nBf z*rmn4l^OV@X#~d zUMC7am1iixk21vX+YB56X0rtI&$nX}JhhcOay4%%n5fZ){R4}70-yFwxo9Pe8AX*r zEFk3@9Z**b{==mER6-nI$YWH~kB7}kfxeo|b+qIgG0a+}$ zQ*xw%5gFA+iA?I!as`F|($5Jr>RVv4A*!8im$?fvQ_Eaxo z=FOaO53Px~%l2Z+uOiCd4bu@4PgJJ)^}ySHUMK5Lo1fmPqo$%!4`;rqd6KRoS>E&> zH?R6LIP3ma?%`|iS8R!(!_1-3BDWM1!yQ@3t!&VD_m1nJ+9NUX(+N3DROD-kz74K* zo)o}uD97e?$C|hI#s)4OgJN9^ucSf=VN)7VSU_-M5kX@l`&<^;=>SCFl&UB+fN!>y z8ilo9D`nbiwF41i!-$xGG>DFN0}Q`AWN{J+M0xn1)iknUf7)_TrV&)QQsz2983tsr zg(b84iTCG1@^>X@k#Z=^Tw&hh+EhD3_E2F)X_-sCS)u&PhA@neo56Q4_)hh%_u#7IkzUFeTTiX0RDqhb|S{dg)kZAzFPC z`&~KF2Z^{rAH%wbo27iMk~&1;aIFoVn8SBsnK1hcMou+(9%@_nNLw*cJ|Jy82nHbj zj#=JTrPbU9rE~c7y;2(ETY}fGAK&OAhL8S~cf#~6!~XsZ1CXR3r%3rB{1+mcr1A=w z0`#zFTOE=(k5`@%atJAKlrdg%EE4$l8c0K}K1oVijGRIZjm1#_jtnh|MeNfwBS@u&Bw%R3VRP6=)dOc8(Jwg1;>VzXd2{9j4+ z|JB;q-FKtica_~Qm6A^nm+u=6?*|SwB$ubBuRg#JUUQ4X41R^(?%S4+3n?#kCMQ9{`={1+GP@CTnfEEt>>J(!~l?~bNHI(M--UrB@ z@mt9{ZzS_X&=1#~5Iur`tN6cZxjM9L^yHFbGzm)Y87U+a^GiI2 za%bvzH5pNk+*nZ<{~TioP*35C0GY1JFS!YNr7zgq_ic^Pd>E>(gM++Kb$NG!5T4G) zQ3Yx|_+z#G_K7~~&go4_&0|tHIao{r8Y<;0<}!wm#*`j3U z9K9bJ-*A*M`TL3RJ-YKMb)&>Eeq7K$W{M5V&?aZ*Wr|ez16?^#Ig@21B!;g$47wa= zq!bos)#kamh37*~b!)dOvcF=q{*9DLSUFy!)fNaon&|+kHbU12XD~@yJIU(lwG5nH5$&5mV6P+T;OzFG2eS{#p8OE~$5~Q|!0p zB)su@ptYQDYec)3TM*$U(-&cQ@*PJ0JX-r&KF(58k-@4 z`hWyfi6rt8j&V6y>_v#CD-mGvEu2P5lx4;38ABx+5LGc-+lHTERhIEcx7&2GuGo*G zCPMg5DnE_@xESY#U%2nV44|?IqkQvGNM#)2=2I+I-6H1OT}jlwMFuc=q5}93i#Is8 z*lIKghYG&V^D$$p{62yvZv*BlW4hwH0wnAt9Ua+F4ya|zN%_V!=buDW;;`5P4Kd~Q zxPUBxqb|LatcW@N#{1b!`8y6u*Dc)xZE;PrFi!*w3ZduYGX_(fDyv~gkg zI);>+5b)=ZKj(HY((X`fyka2oNR9v$mjrWxMplQ23A`qy86X47RpRrs8B0dQ0fGtx z9j)v)g>t|>8vsCcz(Gs1_WRWxi(RI!1e#6n%XU__v`h#bq9Z)c9RN2sM>{|h_Di4* z2WEBK2^?gJt&z<3bPW`#@E@9Xo^W?3H?2op^b3XGJ-f)eL*NfHVp1!*oA83*Qu)At;|_MntAY5=N^ zpXlA3tf5J%=iuky#4@!d`l+qkegGIF%-8dW=CA=`zmsK2Bvp7Ng0dXSoGj&;58BcZ z71!HmKd+cn!~;xp(Lc_H12ML&_j!7AN?#vuZv~VvsghQgsd^ifey>_G9YReZx8nU9 zwF+U=<7d%qI|&?jla*yu`zE+e8~{@$R#AauByV_a{0o^!BBtI{0ue#qN+=l(mI#8L z3dAPw34{rpvU`L^!SMGsP3D?;JJn^JZ~CmXyC;7j4-e3bzE&j0nZh0au%UO&L1;~y zEXRgrOcgk`Mp`r$-D}VS-(C*l_2BRv=HWaV@i31*y$}$G_~3@5FGe22KAOAPPVu^F{-n zyUYe?z>FRT*MO~dpMw(q?xRcEg90QE3j~|&wd(AaH0Lb%HA@ps;=!C z-jskM-3`)>bVx~;bV^HicM3`)jdZ7kbeFP`ZV*X9y1U_<>UBTweZ9~7=ko{0b{~7~ zwbq>H9OoG0JlEXm;bDuN6!H2pE@*I&mF#u3u7n)Mg2@DN5m;O*vz7{V%>G85*DSMY z@l6>A=o59}!S}cW2;AkNWygK_1N<7h@VIZRax4zY5af{Ax~2!rW$La_w-$#mp0Nt4 z#*L(Q6(e*S<0b@@yf3~&y4bF#a?aM`qNZl&SoInm|0p^W+}UR=h1V@0liIsBOC8FM z9v_xM=OEUUt7b==?XV74mkxto1y6_Z(E!IL&Iua=J4mxt{kXF@43=#HZh5Q>%5R}P zj+1Iwhgn&C19KX8Dx9BK&V?8eQ*;j#ke~5mlbk@F@hq){7fE^THEgFRwMAm{BmNYs zu3^r$?s@%jMrJ3997R&zZ0WE#6&W#SLu)?>QgILL3|*b|E&iGi*Yw0wf*du*Z?A|L zHt%J1d1T7i7z;$5OY=Q#?y+D`7>$D{X`CpfQ>E(6Xw_{H%M)JGLpEVX!}uyE3{)aC z8bi~pGY?~|h>=W4SE(HCPBZFX^Atir6Ih4r5atsn4FWan&)19k>avF7E-lymw^H-b zLW)=Dkd%by%4ebS6!76HewCrfdjmX5h3l@Zs*|nf%Z{Qae2J7{T&{I1A_3^j^Y(qb zi$`cd`vQrAql9!yr}6VH-#?}EJFnt@$spv4Fh}jQ{5mMEE7QVgyqd20>XSzRT?|Kq;h{+ANzLto)hJSD9h!o(KdG)XL;b^lZD5zJ-ctslUv5|95E1^E4j3UJSWC?YPN|7LCQfPhN z(?$S+T~ByyZZDV3X1KL^Nb2mNRg*`R8 zi&@5b#h^krH8kmFG>A_<3pZa3WFy$i7LV5#5hk1I=P~>Nt7J4U z#_f7EZb7KzLet*oi&6OZoo|B?T)UWfSw@SeR<})_;wFV_7A4rDkmWv2QDyGREq*2= z6ze6`yJBD7)gAhjVedtHJ6!BsnyO;cb=ss;+Cw7)AF?Vk8$>_#QWsLi5Rzcc&Bsbd z4TIxiRXF`7o`iDTNc>cHeDD6-N251#?}`U#>I8j^3d+5;S8y`Ig(C13)${X%P#bg; zDC2b)tf~jRy`sI!i;R?IHr?n+CYyei>}D_g69*QH=Xmmc`^?be>aPPYh8Jl)15yT< z1B3GW4O;6fk_=;Qwg!t0pJJ07T=pg$E2M5ZT%xMHP>LPp$#HUb9G?nXeBpMbrO*?m zjAbg@w8JB+DjR2BB*R=;tLMQ$F~>q?d$5SjXuu+KBChrdJY4J%aahWb#zEC4Hr`4c zs;H1dQ_<}hJJAyJjzQ9u|EGjBmJI@lo#n=2?qkKNgnX6va*GEa(B3aj?rmmlE|BnLaWE|1@K%B~2K$9}OG+YU z!wwJq8qt?ZafFhFx!Wt5%nasY1Hzk|j!~_eBg*Tg1iS03$`KDP+eRoCEV)vkGfNOe z973r`r&ZfyU|56=@rl$kQ}AcJgIOkY(1XiB&*jK~3l+ch{yFYnNk=EFnB&#RcWn?# z7*;<=GIiqrVS*!2?Ey{tEVdi$d-jsgxOv-!Msfq2D`|hBg-p-`eKi24%fe8EjU4|e z*wGd~r0kQ6s%UtPs5npE&qq%QC(ATPW(@q{Ap0!`LfT0WCs_~pWs&r}in!R)G^$Qc z$N9Z9WW4BCMlA=~H=HFTdAX>$BKQtZ0V(CLd(v!xH;B#IkBy4Li#{9}PScZz73=UQ zC@csnx=Of4IR#%9)|W2Lz>ZacQHUwaN0CmDXAFbLosF)pQ6S#U)uQqV8P!l6 zheVODvU{;7pD|boijP&2ulWc*x%i56j6Q&7(@&9(7CXRtl7Vd~2Rn4I(ius1PhJNB z&z2u4cO6-}kETwg-b|@5rB)VIE%r6)6+R*b9UoWMFaj33Y)YvTty27>piXtH6T*=^ z6KMHTq-ri4q9H#zjK~-Q(O6R_9I=S8sF=vJ>@Z~12lg-oQ&mJ79X?vrtI(zSMSDfL zLy~%W1nOwHK)4+EfKaah7{p<&K5DDP;J1`iDu%F^;uY3k^Oc@ZcLqA4!;?}qLj$pv zgB|)^JNOdWBqm#%muolI64;>x4uy}yBA-7dgd>8WFS9I>wrFS>?U#lr>Q(8~J(i@> zmY>cC&ATPrc#Y6d!|}GnB>DLL!t|X<*iKGkyN!V}t>&<}>=OP}OgyTv8~j+cE=BDC zCj=4WpfEV4LW{56#oE98U?Z_$T!urX1F*!9#==S=0gB==cG3cR#FUb?hk{A@WDWGymECP zf4!8J=0!)vM#3*Eg~sMs;h=Z({Z!9-8ul5c#Ovu)R%+S1Oqc*mQQ1?LA`R=@viTpg zE38w*TS5-(l&L9bji|w!Uk61vPh@kgBUSaP9yg;T>;xrRh(sN^i~b6BvZ7>KKHfu1 z;dkn?K}||cq?C|7*J{QbZIULrUm>q64w|UIR<7`7CgDqlSHj0Ya(M5fWgG}`)joY5 z3+9XeS#9??i8xF#lKf1l_HwhNcx+!VQry03n8X{Hs1)jT1WJrT=i$A6M^wr+(JX4! zJhRxc^v7!P1n5{N47o4i5%8a-r@4NtHWZOR))jDqKqxJQVAGW`iu>{#`Ai~pTt%zU zJ4!JXT$Bnwrlesh;}ApAt07o>smtiDtW!SxbrzE>&$Bvl)Lk4Usn&6|l<+VEEQ8s} z)o3Y0gQ%6V$Eg&m!mc#Fovx*bLB^CY=wV{&Sv0&uRwWF) zA1$2w-@lla??#?_+uSEA3Zpj>Mi8JR8(4cOxvRB4uR{Y#<|(voP9lf zcrG80vt_YLM0gQJFW9Z}nl1xg2KC8(ySh%05Z-$A@e@+xWg zvFWuZTZ0`!_$5e3i@%T#!a*eIAQL5tn;%q~3aS>)3JsAVY?P3nD7zw|GK`4i{fD*WXWsU|O%f#TFgc3`!S$3}+%0?<0 zRWW>Yb*Ig*Ocsf-nn)C#qKFs}q@N6*Re&tcMu)G!VsW6v)RQ~4WtG2e({|qxhwVnj zgEU$>xv^Za&`~3RtUtDbHy4(Q7TQ@-j8t)+IOm(B$WVu|P$}C-uuq08Tc9oK9b|l z+4K^>9>ayfAXKO#JvUBDA;zBLgOfrw3dT^VdR~b5i3Euv)zJO=#P(QuEOS@gQc3na zO@(@@9GSbuPu4J%$yM5Yqj9f|4zS8_NviiggVuX-R1Yh4uBL_TWaY&fChn>g?R4wwmX^fU5arb*)Pyr?0}a**N> zB^o9y3LPS9C;WO*aH+9MwR!T~qUz{f+ohFy8M z+TD|x9Gc^dD+qZF1CDYPokgTZx|QA31U*$So_~U!3AEOEDr{a%&xOSWgAs^C`-)*7 zOYG~&lS8QaZ_P##Oo%63Gq88$0gWU;ge1Qnzag6_j3(uJ_nBj#zjfutlTtI#(J;~( zHQhPG5gGu44hsv!ULYY)NPq}343xeI`htSE^AaDSlMiN?fVMNxc^ID!74q7olVF06 zEgKU7f=*8XPX|Lzj%1iW2xBpI7pd;f^*lf+C=zBh-PthR`4Rsr3KBIrdUnu}GAa@U zWjUb(RRTJy2ux|_wW)l7?wOc5JU-iSnez~*A|zBA8T|tt%yI&{SRlG0U5@(81Sm;6 zF;ehGGRLxd=rEu8YmQ8Nx9dX|swMP52Ne=Y$g>-02_>YHSM90i^KN{HVFJYAK=umf zVLk_PO6r6F5g16ZNF;@(SkCrg>AujqNPx47Zx-55zD{0qlz_Lxd?v5Wp%%Ot^h*6O zNYugT=gXC&G10WcfESi=N|rFpQ>KxZia=AehPfx2=|f)ZwU8avWZlt5k? z)D?MyH~?Y-{kWEn1@%x@{`uOU3=&EXL7-GJu}D!8J-JM6=axa{UPg(;$|Wj#3xm#p z4iTezoRcd?4?)g&ViNZRHCQb}i}Z1Za%5E8psSsrR~%9T5;hWgASNvM6cU7bsxH;R zWb!SMKSzbLN(R!z%brIf`3acWwcCU5N{QGN>m4Il*~1;wWhzQvt0Tm447);IS8b7T zkd$D9(PfdSBb8($9dEapG;wfHBeC*+Iclhvx=LPd1>rF;h|mK&tQ$Gx@GS}>gOYCt zVF^Fmqeu)$UepRdBC1+G&|3&rYCf=()FP$(t~5EcN3o+}%TUqhtAR<7NJleb3Ut{} zhzK1@}Cwwlgmg3#u-|3&h7#54l z#Aqwk2vK1hMuH&0i)@PehuW!^w!h^hd_y{2>R`v|C4z)Or}P+J`iua^*hd&%q}VaU z3Q-t+8HxZ~8u8ftQ>kk)3qv|wtVMCLL!K>rJ5O#tq7BM|nPmcIcbPu^dqjERykc}K zY)*6p2t*8-i{*`yZ+KZeEMys~YUb(6f#V6YGQ}*2oESeLQBdkx=@-C)Rxm)ox8V1V zu&p#)GPv{!Is{S>tYnvN+RU9mh&I4xlenK5>2DU_x76vFR?8$H@lHl5g!aE=hK-Q7N4%OuAW*zs~huu^w-^S>?01*7E)R}mG#+(jb8X?jg2oHT>8o-H$S-q>#pnJYU`P1%8Ez%ZN3Z( zetU$AqyI4YILgH%r_44FJ8?8b*P=VuX_~spvLYsD!m&MEHZS?jGrJbu&P|RTjq>A~&g<}s3Q6L(B)UMs$BVdAyR1u$&ebl?o7=(dD zGB;eu_`Z(ywrN_vkW_5PI8o3Qr^EO&Y*s?&2TK>DU(on76eX0e&jzknPFPLsrpq*0 zp`fvxPZH&?J@>?zq#=TjYR`SbWFYWfhFlyTBEUua_^T{c6o+B>usQ@Ce~MQQU7n`m zN6GB>xYF*=Ye7p2ChZuRIRB)I;?~yN)fl1FyMCr&qn_hLT18?sgB_RQ2NKjyB z1Z!(RhQpr^yF^a{?~l+cIwk0f)~5T!M)KbM){pp%apn-6kdL8|L#tT^My{h$f{4&8 zdWa#7akS5Jwu(z4RHk$ zB4+2A`@bWEW}C7;Y|kAByOeL>eBHu^Sq@OK5zP4dJq?yiRT<*cn(H()lK4CEi8!Z^ znG=Ue{{8AdUz3B&ut+k>H3a|E=-HUknTPeh5XJ2+-)HJg`ivYs!bJI?8WMzn{^z(# z9)3Ccsc23i?5D41(lQ)R3H}`a&mWx%uMrrMhma8kAG>ciJ^1ygFS=rbCDUG(OkMv@ znSUc3oL4DAV*ui!faNH17BzywDy9pSsVc+^h_@&I?+-Dm#Joorn-9y$5qb&by^j1p z$D@mtla>!i)}dmZSk)C`wG%`OJ^Op)Fsm|lZ#2=#J>mfx0oeWXcxJtwCfwM|t2g!{ zCjIPKE@y2O8g+NzFMRiFNly6cVjS$nL16OS=kl;&y~FhO;%Gbu8bkJ8qKD1vw7BPh zDU;`5sH~#7)E4^YYbb_2Yf6X1Sa-*wcg$x&ep!56v2TrzCQJHk{y)1LUIupOj^pb5 zxPDg<#aVyG%wU^SU`uUYA3Y~Ae}giGWf%M?V#g25MJX=TaN!iB~h_&-GYL9$^UhH>=Y^EA&;Wh{6@#N9u5)JPz#bRXJ%%%&zf48nA~!) zzc90t8&Pk&@T1TeHke7fT6}_2VIn*t!bU?ky?Y|*OSR`o;ZPb6Ou&>C-0<2ouaCx3 ziU^T~

Lt`jFg?t<4TmeEsNnJ)v=1eZ@fbiS|6a-UUe-KE<2e@9eX8HS`qLGvzmj zZ(|_K^>g+&U&!u7kUr_3Efi(>g`57Fnc{-b*_J0IC28)KOYQDYTTc3Dv!36}%gA_M zv{6e)^rSmWAh*8o|2do?z+TU+HdCR;$k?V@D6cpoz0~SCup$uw=>(x!WKJyTLATD* zCleMUeB_~G++DvXpr3WqTw02c^<`A}{%C-;<7=)luh;3fZ?Vt7Pt{dAJCAB0i-z(Ro+MPinbmOk`gV5?$I?p@{c6YOYglvbZo zNaJ?jaf5-}-e2#`dwdDA%(vD3K;K5)>aiRM5!Tj2F$f*2`@!O! zb%Wgk8w~)67dwQL%|vrGp)zImmby>9roE?+DmI*Jy;Z%g*0jm|PVae^m{{rQ6{H=m z$~u&fJbjTX;QupUavos5s;2E0K|#&F?JS9a!)&v8A0#6dpPPk?B>7Z9%b!6K_~S`C zhd-Z@@aMa2evn1la^9luJ&rbY=|A*hT-g7<#Hdw1ePuu5&YuBs*eXaS750NQfrZ3T zJtgGaoU`xf%Eb&+@mdPK34a{%JlQE&@}>5vKIJFl+WY(KmhE0CLc_8zU{ zbesv2BIqfrqOvkjWBzb^G7>u*_-)taV6iO&*2U*@cQ)hc z>4_hIb+Tl4#=JKhQZU6+Z;lbKu>|lbpPICGVgGm53s8ew8WLs<_qu!9aWiwm3h8`{_M*}M;r`MW^-ubn^bx<< z7vmXw?YXAT<$A)hH+RuT`*8FH&01AeHOuoFfJs7AWry3vp?756gZ_D6@DUoIl??Z~ zni|a|Q#4c$%Z#s zEeF6rpZvgF9ewr04hVc2X^TV|^uQTJwaW_&D^Cs6n=LF`>shVn|!FxlZ9 zZ9w0_bpsoj|LNGSrkNuuV^XD{;|i}N^6%vhka~Z?739zBi3!@sEG2z?eQTbBHSL;> zR&HAGT-%xxv!6LT1RgFB&%h%`V(>ZO6aei;Jp)x8YQG`IgLT;QW@BOBYhMCt2B~@;FXk>ne7?AuT_sGy!y1=UV?}W-B zHVKuJCbCz420Om3J9&*8Grf>b`FH4ailGDn^|Lmw1dqhc%nF$X41A6xKulO#T3Xo3 z%Jv7qz}Yo#73RErZ)R=|?l8iG(ItZ0@0K@tfXi*SF<^;I=X-20mji(S(@7SJF-v=W8vUWgKN(o>~d?JmV+di&F)Fi7#vy zM2=)Xl-1zpJN!AX_lJ`RDk<;xB;Co)fZA)^I{h(+CQKc7=kULgV3k8?1o>fBGnC3T zU{lc$=GpCnB6L>1{WJK7Y$!QG?J0c1`oAvZ3dey>Ze3vJtHM5WO1so>t^16jl z;5xI@?5}TYMi?0wXcSWCb6##o@hsr$Bqk)h*4K}Q3H$z8E?K^8$ZfeZkel=a%g2vR zO&u1g8v6T-E$#-D5iCFIU9E}29-&vi>BCe2tcj6@rCQt8@v;0I%D45QG;aGvc!);X zQ{H6V1q&TtI9S^ji70{(rAhf*^~GmVk~?;ae+88ov*t_0>?rRn5RofA5zbCdD>n24 z$Kd6~-W-qD=_YNa$I4bw7Id>gT(8Bg{L`u8$LD-6p81}vGe_Vt!$QiYQZq9h50`UN zTBvBLh3>zu%7h`$)gO5H?(dYA)*l7nzq>z*G4Q*hPWq516%$F!cO3sp=<}@23-9y! zW>Yz$NJ)@vWn}s~?yniS$=TtKj|XbJPIr&?<1S=nW!cHU=R!X{FRzv;x95ZptY2Bj z{<{DtoyH#R3tNn44-O8dr>BRGnFB&qrdg@q=0%_?_8wo?%*+gxgdaO^33GOjTPALO z$omGcV?Z8m>Sj>k19mD}-0qssxb~hOls6RJnf!o5i&T)8#~1Wqdjt=`#Kf$wzP9@| z8$kW$=A49x`}Xq3{0xmezQIqohUz8BNoqns=C>d2meMshHk+fLN)HCeX9}AB3XOgH z9%X;B1nUtz2p!CE9k4zm^IUm~{#pG=WukDS(6@-D+NeXF7T>_Nb6HPMmZ%mfW`N&q z{saT}D7ccVaI0~vFpUygs2s6;`DaFbOP_dYjox$JK|kO1!u^Y7&9zQnSl)E<&1k z%j?r3q5I8Mu+WU*FiAcD&7tq{GX$apBCPFZ#%`gx?kK=8g0QB)b{hALDR(S9O*L3a z+RN*j$bQgwzv(0X<6vM7*_P||>>%;85^_Q^GBRvyW;M!na2%6|;Lrpikl*^H)#EeM z0GM}085!jAL{rbHQg!Y$W&r`BS0WM4ApZirAmAcR9emn!8fW6!3p&_6+7j*DB?kA( zHFj}Jfsv7uBNA|nqzgBzX_AV`EVmaaZ-=p5Wwsh*m+;((v<1(NteuqZDkJ~;xjpE)mMMvi`q@bYSH)guIodf89N%ZU2uX)E_67azYVOvhCcmMw= zO=%P&Jfs4I$^5+D+L|2`#k)W_#AqTOvzdzdjjRXFv~VaFTt(A%DWibvw#(e!TNuNQ zXp)nSj)kP(E=Tque(qn+{yC1H6ZpTq`8gU=mXL49*=f4>5|f2e$X1X%0+(68 z*1~b_6DvF1I6(Cj7{FAmeDlVd(^S>)&Z)}UGU}jH#Qm>4COfyTtg5T4XDUz%0y*5wLwh)H(6mlHACr>nxO4L~Gh06y0lQ=wNI^PZ zT+I9SlDzC6SP0L>#>IsZ`MR&It&K$!$;iaCJC@fAvTv4;)Ac89Rw^ng!JFMk^DJK> z&~d3K$xky8y%(H%0&{c1Wf1V*{MXO-WG*cW1O!{a9~9uZNX~irVAvqA=w*GM$|a00 zCK*HOI>e-RI)n+sUy4`ct)f3L zxwwqFyvILS9#E?!Ty?&W;#oXQ?wIFtTv>{bpCfRLj{aG!{LK4&_o|`e#WCQO`k#&0 zY#SE5E*AWaA_1#e1xG}tMAG?b8D~~s&heZW$J0EvEcA#K##i#$-HlKfe3SR8E5rTX zb8}RH*W7ygw#wru4$4qq0*#E|n8mKCgY&*gHTe=I5L0}Al5%lrN<(F=KKLw*&XB!9 zMqWPU#Z3WNk|06c?-;N`JtHos__U?vW8>3Weo=FJ7?~N)8B6D3 zRyX3ziheQJsdu73zFs{=){88BF4JM64fDmE$o2xPKe3xW)b+vM~~ov>glq`reV80vXWv7{fI^nnNy0dlQKA+6bL z2n~?BF2m*f8!~i>qtzH;Ef6P~2EM)%3OtKGCkoFbBUAWJ_-bZ}!@u-^{>WJ1JvU1+ zg$Zxn(!NwpU-v-lxc%@zCM>R~;MRka9E0z8uylW(GP5J6Xosgmit$AvVsUG(;XvS^ zwZ)`2`Uz{R;jeEupmuj~Rorv zQx}bUqe&cB&ee+E+XitBKN8m5f2~%%>w{4L8Iy^QmmpTrqb&k8bz~!=c;M(x$UBls zXT`>$^%roagaizXQ0z5ps;gHLrotb)xAniO6fQts_lQ!t5;a&%orqEy$$aq$t^I{y z6;M#0wyN?pdwe34+!T2dH-M0(`88M0H2jFKg}CyLwmj^F$o6de;2lbnFTh<*J=ZB{ z6cNYs@ts5vieH_RPXW(}qF7fi)2NHxu>MPVClH6j*LVx z@e&8bE;hE^ZBIuAlg!&@rBERa?A2#{c{x*%e13J*tDs+r2SFv~MR&fyqJ4aPd>m=; z5*Hhrik5cj#j_)+ESOH5x~{%>+Nf1NHzxay;f&w1C^;p?;!|ny;b7(+=EnR_2jC## z;^2&=o*m~(Jh{K<%_>dRsQ&FBK0*^e5Q9Z4%fD2e1d^#-W2eS-J z$xP0z1Majv;JEo+t!bXw;*M%tk3w9)V1NN!wNcX1xxU`1>`kw$ao!j{@)ryFt42y& za$gq32{c)~9`fu{c28fJDc8N|XLRmPjwIk{H|PMgvZCo?(Hk1$Psc=EXlZr35Y?hR zGCcfNHfH$9uRh&dyj+ey7#(ssWPiQrG%y5~d?8(b5W-26I!(OHjB5n7lS|*unZz%C zFPU4O1^wbvE6o#ebYeFgDbm(2Mi1+0_EJ%VU=L1{$j|(eG83G7=2LtKGI86Dc^FB} zS=FQGL#^L;j}g4I+WJz3m)pW43Nvb=a`Z+eg^|C4ovO z_F6OyZnYXKQ&CZ|;U-$d{pUdn6Ky{C6YYZ*-<#pzS~@RAh=qaSej@AL{pBijvCSK( zAXCPZ@un^kOqH*W@(T zii?lG^V3#N0N@Wis4#Rfdf(e4dJc0T9;?Z_+1Wd-@2#CP1`ju(uP=6HSdC?F5woK2 zmrAZle*&GoG3>iKYi=Hi?`UvZo5(d=Z93pQGIR^Jf_ykLPJh zkO3(j0hGt)ipGdVq;lk;%04{mxJt< z{5uK*_dI=11biKflH!)8$~w~6SF@Jc~$6aqHGfX@P%kiR~~a0_txm|iy?CTi;AN;rZUG4Q`rP#k`@yXz;H#8j`tJdot8 zqrdOQUuIV+(?QGUH&H>3Yi@apKx`xs8`>EFgT zl*nGIem5Ruti6SnnJt&6L~iDejz`d_G(pmlTFZwNj*Yre=vY&H$OnmDayJp3N#m7r~hJ%#lT&?TX}|ETzWlgp4D+S zot8_-WYC@)oj2l2UvRM`%#V*!AJp2*zh%i)9xfEO35(knRa)B9L#s=K0(&S{LW#RaKkmNm(!7qxzmrJtQ${ z@4B_%NQ}9<9WHmJq6(~+mg_cv_R$D-czyv+Y0sLg}O{_$qQ!qi$VTmrX1%_)#C~w z9`RJ-E~*%%mF|n$(w0+(A4*FBi~N#89;_rsfz)l9e74kjMJp4h@9#Stgb=ava0+u0 zL8$yc{$=>xcc6V9;j?cRHNg!CyPcz~d)^ zHt3KCeC>2Il?J3@Fmm9fz<%SG?+7nr{;?wexCiBF-w&zYXlFh*?FX40xJw^0GTNNh z`kxYU2amMI#>F`eam}C*a()Aj)W!x8-1Ji~x%9?=Rc=$;pu~M7V3RT6KE9cUXCA0N z+U)`k%4i&51zi1uL~ifn@kh|UzDNJ#=j9|p$izbbTtjNk`aOC#QkMUH6Fap_hu__g z27CW82|O4PKfil`ZNRi^2SnQWVN#S>;a@f9bupXyUvIRB`})E>2!A$-lCOJkpo;#t zv8r?;qI=x6YRDm0{`&to3@Kc}1tdnN|BOH}wbdBhXtCRW^!S3!_bTDJy>r~yJSkGo z&0&FuNTU*at$$ScdU}Xb?Zm{y#)$ufmd8Qc#V5TMP!cWDapAJ5{=_A_CsN)h{l?UE zC_|tqy7%3fwSuU%bqM^c9Zw8>YTYtmA`PdW8Ak~0df}||yTzrwQkMWzpcFA`jF{a= z@BlXsTexa5j3(F$Knq$!iScf&RjMUB+wk}oZDa_EfSaJhvSCD-($hi0?(s$9=%;hx z)7Z7s$p(VuLrNZrHX23M7{D8T$a+YhT~Q_*c?E%>_R5HhsyPLR{F$$fj8KZ=$~P43 z60)V1%o`snvEe<~YN;3*t&e|o3{?BCLKWnaTD^D58&HVcXbW7vyd%S7(n5l`FJ5ir zygXP=FV{Z#veF~>|57K)*gewbD_^BvWim-CDh`hb->*c}a4HbJ@S5bBdCeTYQmS4C z5cSLEq}Y2$p!IIoSlt!UFWoC=@ElQq;!61N;SiLhGkwpmZf|eF!?~9Y9c?-jwJ}0E z*Lw{Et5RRAWUI6>0bTjYIC*M#8Mk@*ESeTvdUvp6NJt0>bWjD|jDMwQ9=YH=vfw_? zp5HoOPA6+*r0n65W~B9lwsa4xj!@H?SHLe>kihpu;70N~Px@xQR(`)J~#Y+F*D)jy&>s2L) zp`P$WOUn{a9d-QmZS2sEwb^f~jM~P0d`{P6sOzm@*7A(Zi9KWLa|@Dq%U(CJ^z6Nn z86OzG{fbhBbOZ0Wsl{Q!qVUA5!(y27u^Tmo^r1qk?{hNeZjRhYNgK{nWbMBey$`@% zGY+0jExEbI0GzUXsy`L#t7>RWe?b%8bZY^G-v7?k9Td@DzQ6CXb8kJHzU8v^16Cqu z>6<}H_c_~!Mc)epd=pT9@Bq_ybGn7)$3XO%+VU$gh8SgY0fqcrW|R2 z(5nVK!Kp2yG{dNxu8~9myhNra2F7(dwDKN}z&_D!r~m><$Zj59VM5>6)eR)_C05X? zag)NniY@VxVaUg%1=Bm0F*-OUo*LfEJ5O!;e%luY_N`R8IKF@!$yp{Py-F z$&k(A;SMb{_wuNh?332#=j`n4lw5fouK$va5kl`|;z=J4{F7f?{W^_{ivtZ2#s5~u zb)Zz=vqSmtTZBQ0ss!|pccy)_Lhd6KJDfKZF?!)3B_$;jg)ac@;P$_71^M^dr(Iwl z|GCvM{i2oX@M1^hOu4VT%g2tem==JWN4QzInY zjrolnsL(CLvo0#0XXbs%i1-mmxT#j8+h`bG6WDaDW!wkFRih$C?fn`S-#;*rXa1ipp>K4krZ?%L_lC_}vo5GwYXmzp)k_z7f#9wzQSaKzxNIf3)vfE_m$hIJ`2N z1&kSd!OQc|c5!ihP~OJLznFo}UV?_P|P~!b1e>N9})s5nIW|?Q}bYMr}Asoq#pKrwLzs}6g&(Eh<%?x$cqXW`hNC6`Ywf**(@jp=+(E*prdBy8;J7x~4 zLXN$=2g)>Zcyle;0FX!{`48rGI$-r=C~g!g2=`T^Kw^Z2)F(Kh-}7bs8)j{0^aa>* z8`Ly3%zWH*I)sY+A9h(gZcB5!IlRy1(w*Ob`IwUOz0#l~bdsgHSkuaCJCa~TK7)S` z?haW=GJcHeS_gmmc#gGilH8~e4+hSp1tk2 z23=ALr|u`3*0GXa^fE1s2XVbaF!XOc(`xtdxIC1}20mH1U zeA{*iMRoL7zB^7M>X|A>daP#kX>p_ zuV1q7f97OI+dXcz_#mYECoNsB5R^|r>253gYElWLfZ`#mSh&&rX#|WiqPiJ&AoOY$ z-9b0b#k}(fpaieg)NYG}pWYqyMhUp>`fQh29<<;1k)wNn%F)B!!NXj&>CX1l(oo9L z$U(=0P_BPcQqr~qFF=qe9{motz3X4U-gFpfU>ATi0{Vj}gT;%0A@MIYyA(%#AW8Pp z$SAh76gL9lce&#t*}!iWg!zvq=NTZJ1nB8Mx6YH$O7S%vOfkZaZAp>6I@SNT;KpRv zH3fiv+LJLXr{(1APr|)B?7rx!nY0EfV$gKdMi%1EQ)}|7oeBLNcqtQ9ol%63bn~XHfvaOJ$%D=*$W^>!D|n z|3`Qs%8&1}I2&unj_t=SPW$VUOr%5SwcG_kiDzjMmNOLw`_0zhf#*qt^2qyiQ&~j? zlOyt}U@1`Ff*13HXhN5xt4ClLEsvA+tnGGt-`{IW*(JGJ*-355Pp!=fyJmopVbFZ$ z&r*VWrR3rp>6uC?M8X-r4U7Y%I@9t^ir{>xaB9r|O8^@gje%0cJxCG5?lw%ShbnLu<$vsz}%ZFIb zj2EZjqmwocf~y@gR{-(v)&j~loBRSEhlVcrM4Oy}EjyFv)Miw0Ub4+ac}5`#Ko% z!Ac|mf649rJ=eWvV%O*sh~e)CNHd512d)$}0LcTT7vQr}Ch4Ha=?Mb884@A^ydp9b z1Tng3AWMW!N8f%AHy&l{Q1~#^FUy0oGBkxgreF&jME)97E{4+liJhQ}ckO@k}b(Vx@Vse^?po4dUNxI#aj)&m%R)!iqM(n|vaYJP}={il2vlzKp!$ zcIamPz0f7ymtOdQLQbZa75_Wfx6{y*xul(L;EJAsYAH-7s6y4Aj%|R`Fjh3)l0Bp} z8+K6&N~Ms1W09sb2U_8NY?ZbjHEnZStZJ+u>gG`F?ypZfBK~cIx6+1%5jGh#t9e<| z3ir3QrcU8(yAV2Kbr4WNs`<$2+H`6ucJAx#lYd+R`_6zR*v=$ok2Kmpy4p%IwJ}Xr z*DOK$dnZSU-@jXW2rNIsjT)(1eI@jRQds`JqQ9d#kA7UP@X!~cCbpWbU{ z1#Xsq_k1JN98IJ0Z_m%BVAbsI<)r9;edviV($6jS&8m+)-?o~v`aY&*BHPP}{<$!P zFm{b(Z>p-azg;G&DkLo>PbZ%jEtA8Gt&aTUu%Dy=DE zAaGOt`<7}cxaOZa+b@w!mM)3wOSfGoKX4+#Lhb{|98mxEH%*FL9k{)7|9b$s6{Z3^ z{|{p_F??T|EEk47;6a0*aM`jsWswfNx&ODcq634?G|HM`#e}Xgd9*f^saU5J8ad0K>8T__B z*Su`*O#dG5?DaSYqEvS}iTgEfS=$Ka8qA=}cQ(Wl$z_)s`;{*$iEp~1A*x9+|$A7~TjPt3UIevkXlq3&W$!Bd(( zz4V6nLSua17T^8zexz^#H$lD;@(z(_&;eSpgkQQQ=7Z#^-$(EHT6ed0i87^n24kmjs9G7EqD-n`N!n9JZg(x&sp(MN8*VN zWBz}5{$BNBdg7%UEN)xlaq9FqEv}1ypK<&}YOp|TL817C947CW^lF=g2E2=ZuF3FT z;bglypYOHKJGRsAQREUKZLP!6^RBjz8q^>7uR5POKJS|kRnpBn9QRT`?PI=+qWOMxmEo$`NkAH#ckdX=-OuNXckNxp7UrFxx7g3fK+w8q26VK|A{@^)u> zk|j)=*tG3ppRGn~6Oj+!;b#1~w}e?%B{(l%%*3im-TEyq_>Ozauc_>2)fy+64J9oF@Vu^G7}t4pXVV*6A(k^D`@pT?enHzRA;LKJUmNrZkB z9imyi%uGlAo`xu=$li;v{H0pBI#$ZB*_|!yV)!3h8%-w0O`gG1kqbW6{`f{KnY=$` z;5D`KmpyL|5-uAKwA(zUFOuYMxhlL6e_KeMV{>5iXZLT*kym8kyNxh3$s*B}aGbfd z)O~sLVppoeiTw{u1hLB2-qMmW5(!9^X9Ha6gwt7qmUr4D(Z%DV>)&g%ZfY|Kr)rt7 ze)%b1ZnYctZsvl@hih8_eRbX0dT(XeN{WZ&#!$G2nuC5*q~jI8_S@^WsA2IFc7>Qy z6h$if`B>X?E5+MHmKI>6I)U zYg+h5h^eV{R+EM-s#fAWX)6vfL+)?gn^-NoeEIyGXEjE_FM*#?{v6X>-_`!ZnO-Fw-<9S!cDlZkskZrXZUiuINkVdq)?Gl)3*< zU7}$>92?8|(nj~ZF3O(-NgCk1y|{k+*BD|wRM~Hj#@>HREo2}0b@^+cfz-5)yvCIYr>Q*@ENZ;zH_#Dy5kX@m{3h=8(I|&W@`67)D>zo26T2 zHI+bq_odljegj!SUpg5z35n`z(vKfM^7E-_{F7f|g+)axHS)T|Uw}W8kdR1TOe7&9 zqM@W*vK7qBv$0=JDOt^Ml1_!Y)%sF;zJKp5tR^X0Tk9Lq+10h@D4+qCqTqRTjfTct z0}i}=_39M@5siyP*qv-=&m45I^NH`gS5^F6x1?k4pX3fU!Dp+h@f5;(GLqu4&T%Hg zJuN>N4v_9K+azZqOtfwZGI3e2jcI9{T0@yOkeCEyOr{dr<;CT#~My6g2YMx5JvILwA> zx*EGy;c)I(dFqr4X1U|* zfHA#Tj0jDe$3+zD(=|hD>%86!EhO&HpJC@#dZ>G~h?P|DzqN6mh?is)FqNrXm+bs1 zOPw5*`r~A&88syI)oBl&E5DSCqoZc8VqRH{n`BlpF)$?Oo|tC} z`8}J{=gywpUOkacan+(fThG6^Hy4-bdqq&(Srg!v<#O9b=M7d#GbbEXI_qS~( z?XmXu~%$O#>QSJ(#U(+@Axdy(-+16g>ZV z_VQAH4Y5<5_N`n29qr{#i_ zkx~7>H{MoPS4$+s#;$#Pb1KB3CtaQW`nR4Wxuu^!CFA1a_V(}@L?WbkXdm>)RmzkQ zRyfsWh*);d`84es7*!K;o}g2T{8nluQYVAdm$dgQe%aZox_?gM#q{z>dZrm&S8?RA z@#69K2=7f_t#HO%4k+22^{3dj#ivIvUh5X_Bn}udeA)NyLzJ5{gUff0kF8NcEs+94 z$vyaI&X5vM6P!M+ZQJo)Pp|GmC3E8Q=g(cOPGW}VCN-C@r&hS_ZOq`~IZg@}=8e%^YTjq-fN7GoxtOwM}GaU^BdpKfWng zUHf>u;^V(x;`@qQd+V=MWI+~S-Bh)XHDL=i`B^{Yy@Z`zVpq@9-fPZlQ-5MdjeGLT z3{;e6k~`kN_aJ2t8cy%dRZ5d6-`v8=6Dcw!=guhxcVB$`_;E)^M?k>D!~_vIr4uJk z)I@0J8+D{8KCitI27Y3+z@*5*q=<45c4%P7ocrC==YzeGYxy@>e&dYmEKQor9I4 z2Hb8PiChHl2XAjd%kg$w)zGHxER>ERyNhu2@^WO=(O~iO8t+B=XJ;>5DBtSz!5!F4 zjG-(r)e80Cc}Pe|z@myqN*9}5v!sh|F)-BC)_T=%EmT>Ilom|$$x2A9HddCny0-ME zk-YY^^xA9}Fd%+Pf3v=V5+7qu@mX=4{Gg{*)y2QLh&E4nYGw2JU>&}=pzm3-y6q!d zDakk6n<0@2Ua!u?CLTOnJ8OV!ZD~1wjxa5@^jz%?cD}5@cy7ykxH23%(`l3JfY;bM zUefnW3poGJ2-=4KI-Oyi(*2xh(8ydByXJj-_ zPj(4;v}fq)UoIjfR5rX};365yzp1Z^JjYP;%SU&AmSLlzxI)21w>j6ARXiP(+Ewe1 zVh|G2690&2c3KsM?YGjO%+M@giMG>Hv$T9-Y58wdsl!ZTaG3*o-F$`aOVH1nnt>)} zwXfO*uk7sYL#Qiv`>HZ8oja$U_i`mtz(z)16=S|4ARu6W&QCr{(0;L7QQX_x``r2S z!AeQStD_ZV%E^Ag0xH32gy+tAfBbldt+tXk%)DZh%yQtlM zq+apuX$ixzi-Fy5za_xHFgF*2YG`U=R?U@WEy&8`G3lM1nIXCKMX8bFBfU%rSW)eQ z?d{vQ)s6%{)uoAmIl%`?)_$CS@ZiDnwXL5Ys;HUItklpjGYXW1d9mnLmUqv*LWQY3 zd6MmR=;22#bc=yctK9K%!%2WsI#q5JdY>;+-nLyCtl{=elnGUxx^Vvdd0sQD3-0I? zgGlnv98t54jg6xtmpr7iw5ovAli*Ad7yd#snSnwxtp=jAXU{GS?R=da88LTI9UDie z&){wGtUN?4(`IOUCW&Q@+I5rh_t~FQWLtV4wl4!v_eIa>k94;|5p?YtqBoMCo^BRq z>b12se9lg~?WV2lG={`g^Ym%keU-zE$*`9cyPpi^wEXruO2|QUbJ+&d^!4l4rOb*X zh=DSpta+c<5)%^Gw2SLU2b0@0D37p9aZ)sPWg~Qfh5B{zm&9zH=UVe#wy_ntZl@vg zUS`l%8vjC=1x;%c)ywavJOq>Eqc9t zy&?G-YX;CJObpj1E%_#$>H0T%I+MOkt?Y4yYL4Z{xpdDpqGy`a5BBCB(Ds<@ua?om zT1aO$w6*22Ao(Se=&sUCJT}Nci>grR3}R z7JuC**jLohz#!(?ovtG%>}bV;PMN)NSCZKWRxAp)zX~ze%F2r5g>I^FqKcZDeZ#e_ ze{amGUw(^u@8$Im(LkOdI;YhV!a)sEN$KUwm#-G>i3UpTOyH3qEGa7&U7~iLm~Dx; zdgTf!J0e%FS{J;ghzsVUuWv(ZD>N?Q6A?r5&|XZQX_Qwul;=cdG!oUvt*gka;GN1cq3&o8ZdkN`H$R7%ewwjVwXX`axn;&E4YeexURzDlacj>~L#yQh@~Zs6nRyOqBZJD2-;D8yU5x z0SyVQ1(lh%GO98yvff(SV{XrhK$n7;o=!c6X5%38RaCkj_lqC%pJ+%BloFVSXe%5~+Y!f?;!ayDKeVpjDH5Ha5iB+6M{ zUcM4`!dsX|p&{%C4{vaRbI05i=^Z8}F1foL9M5JNdnoyibe{WwueK{Wnb4{Hgt==) z)b~E^&aIUJl-c!EG2EhUV>C-7#XQ`=+L*bFEQIN=lub_CXo-N86H0N|Tc{ zGFPumLQE|(XzI17I$SN^JTp5t*Y=r{`PQwc;){J*RgUYEXD(9Yn+?5$49M76s9cDu zCSXR1K3FNyy|rNB#ydlvv)52gDprezT1w3wd*W1@0vR9OHw?|%Mnke9L%g^@@X(!9 zl{{)_d!wUNbhnMg;mp=ds19~yN38iX=jL+Weu&U1>_!vY;lU>Rk@nNnj~nQUoujJ? z!kEEy++&%coEHm$VR=+rvs?86??-%qT^x4JM#vfwbtw~Z}>%Yg392GfH&5^|o!rb-bB=cinZ*IPDt1l#x;KFc7gsK#Vm^0ibMw6G&V_Ff3Tl4- zyhTs%{RrmtNxPDeZGX8_?nn=yXYd34g=P_G3Ivl|XS~!UAuJ2saROs+FCYAAI)p() zq(U)X60CP5e*vweSmnI^1yVWj7wA#jEbi}!Pf<~u`{=6UL=rQOS?saFZjG7DRvcp{ z>k>LTIt+U3__4qmydO1WDSY`tCvl58eXF?}vocg*fiik92j(-^ru(cd5K(NI6IEVp z+;tlg4|s&S)e#r_)!}2yh2&+a&jQR{T2{8Xp~2VJ7eWZa$`ghJ`4W&C)5v`c1P@-* z{%i@K*{0Ae7MIo}<3Vyoi04VNVHDS%$}4Ta<}(`#v4$W3mX-;gZm2K_C;+&Wx0e@( zT%M_f{n5V=mf=Fn19{2ds)>juhKek99EAZ?MMhEy;Z?k7=nM)90v8Lh`!*fjm$Vb} zQ;XfH`fC#}e!xjE(@{6oO`Wlo5C|F`tG>tE+C@ovr*Gl-xc&HKJOT}q zXJdLggNY52sO}gdR?>7NYNY1dzX`Z(HpHAjbmnxL^hdmG{;Xm3M*2*wa*+isuj`A@ zE+L17&Y6#FI&7tDKg3=(yY7i)1x2_X>h|gGw4t;G*89dPvDk>WqRyOcI8g5$a2ai1wlW+|FCis`TdP(OO|xB}q}Nb`)Z_!E$9bEgsS}`GNl6KP(l^?077N1<p;Fv?%m>Kr45@ZMt z)OYuy+K&agq*Uln9V={ty~7Qs_Rxc?tcE^1NZnZUpy`d;QDkKsQH{~th7q)mJ0Lp^TB1>qen9!j=<`$ z-nrxD=V#uPR6t$U+}yl2$w&3(jXhn!Bcg_umcyCQ4-C<@r5nDmUy+c6XcoLGLAngW zn#q{03~qm%pPz^O!dfeJ^bZf0Z*3tl8x!fPPnri2^$iU~0SjFyc6nkQFbjYaOqG3>QwMxf%y zKqsUOKA#LLb0Tk|5BZZCa`)0kTr=N=n=H#uIP!rhqo*$b505czOi7tfqfTckNKRbg zKiraU3dy*`!eT8L1?1Lr@0p8NfJXG&e#B={pab*$RnlYW>es;u4j&=m>*G&GPx;qP ztvhP7g?e$xRVQb#MO@<(650W?DgmiN! zN=xVG`4RK=a<_nsim_8e59H0M#OEZ2U%qzD5#ns{M^W0l0bZDfd@R7O_vgvB=Q}EZ z=wVjR)GRXBK_Du<#3dymGNr;mX#D4P#&CCbDzw+B)>ekPtgWr(#VR&C6Pu#s4TlOd z0LGvo;BCl3QUS~Zd)3M%=^hv_hJ4yFm)R_XYvw& zUgYkQ1ewn6+QVZmnn{@M;KzA3NPS~P9=m~u2W&BSk;3Q>Ame47GKaP(AzlWAV?EVwN1_^Ij%@ zsHa6W_vaZZWFaa-*mWyWxHlBhpN$!wuo1oW^6e9rqV|xja;qMPWE&UxwNEg3vn<_i!I_Ls4Walilp*Y|C*u z!PlT9b-pom)ZDPZw$fGA$TQ*Q`jW!j^rijl>FzqCC5+31h&NKma~5}~wv;4!Uio`{ z%r&fLPW<@LX8NM4aGefRm+5b}l2tu!M9vYj<91s5m{Yd=gmCC$d?uR>4?S(+tuNs9 zZ{NE0!q6b&Y01VX1+lRbo8$_+@z+Ou2m515#=@ANpHPPdoB$NYaHW-P8Wj&8JW$I( z9DettJsgX2Fdxoeud?uEEh_iYwq9@dVJnYCR5%MctR5^bS!7lnm4Y)9J8ZV8%b@sW zQ|H7b#GQpnB#f)}ure;KBXcndM$UuAA}+RM0Z_<*vr+xoS}R;dBW`n_i$?Q9XDB=(h)b9=DJA|@!vXzpiy zQ_~PwS(-}zb{i@kG4JBOP|cz- ziqQ9WNA?UvS!5Nl_}A$-OlY^!w`ETo2MHHbwVrq$KBMxYPsu)Oa&VE#>rz_l#KeDT6Juv|#0(7wGe*Bs(Mdnme!RAL-IA*3 zYWL)~>Ei5*_bjdZr?Pg;R~XV)G_~w0CcS57XPrg3)x4=cGP`AK6=sICRlpFaA|sW zb^ry%6u$!YK9OHf!m~UrIeAcSKNf}H@msdA(f84}=dm0FWAGD=8Sh|nYPEBEsz9II zX&KqBI+R@TP+QeectlH#ba=-+ddzQ02we#dEi|ZX0X62vPG@nnli_{-*Oe{L-RwWj z))y{JK5E6!6WQN)TbempwIP>WV6drU?ja-4=Fc1Wi?1X~3`L|}rd1fKJoM!|a-lnx z*Z}lsGnQLXX}P>_arIl-vJnIE>(Rm?rPiAaJ7X5-4cT^VWqGmoToSjqRP2oGZ~3%; z<&n^q`1Q$eK99aD5>U#^7_(F>mPJ0p)5L8VPI&wF_C{fo2Ub6t5(UJ}Hr}PBWm-Fm z&s=I13-UN~I=$_0u1wU;Av(OjNc zLu*|uZ3=n9+7Ex7-fhnyBCg8xBrxjJ)hkrDo_DJps@cmUqP~vkreU^c7S+iaFQthhY&vd6WOIGp_$nRn7nQL4nvyT{S2|fxz7`;=iX`26CSI<;&qx z<5y3|{?RJoi7KWmTT(s9{43B&(L?*8m|29=hUE;mSIyWt{+mw;DO=75YVfHvT>L_q zJpE*P_Rk~Y#pJP=R42&+vlR5G`piX5ZUwecTc+vPzfvkVDUtya>$kfbJuji%aI<Z}$CwA2*)3>_m-#=!Vd{W8s z@BLie@$$*|1#SJX=7AmA0ikuba~^j)d}_9*c10cm&D<2i4iy~zJAXdvNOWTU>U383iQF!eAJa;#$XBwZ{(bCq>1#Y&<5sqjFO?Aq&!;4A zjR!K{yzQ!6&b8*9PB*$Qd=RBTO)cc(rO3{5+JI;Yu}v zl5Bm?;l?Gg)F0I=+|=J4#IEs75E!-)Ea2_*wh_}G`yA2qiE zb$+*1QpL9>3<3hRBKr&9%O#*h{}I_l`$MUgONs*coGc zkKZb4m>xS`?od15{L#I5_nXO)4!?e>*R&t1NqS^RIm__=> z_zHBv`^Ru=isui-%jGTe8ZH&8Au_3Fc)#ceDG{OFnCR$0c{FMJ!Ru+XK6OToqmk&rJoPLk11Rrzv6SR0sC~>N1HyQ9GE@wAATz*ae*v3`D|6{q zR-oa-Uif|2@u2&7rQ9o4K3>+JRioZVY>xJSJI{8O!rrCTM&apxS3%vUz4j5Mr_U@@ zIju<02zxR!!HUsRY9WW(nmXphWsTYozE`@sx@3Ys`1lVMv5&0S`*;Crg}L?`>C50Ae68`p|Jo;*XCdf>N8 zB4bmF>+6}3ozs{jW<5~e*gVO;?@2_7UhLsp%T4cI@03>24}JBt+{g-nScP)RvL!#T z3U&iCp@+NGJD4QY*cuwxQ^*=FQt?|3<}W~U2erJ_G2Ad{k(e`!zW}qZPc)grDM-_wC_@SewJZP zr+Zix!3e*s3G>oGop1kcJ3)*kW?pA)KWM5i!YMngOy%v+N~PJfS(Ko|(V_nsZZih= zk&ms}B86oI2AS$zuZxIqHBuWE?8ABKhOkE)%IzDhS@XrNWpPbj9v-f0I)A zb?a$=uaxTZ0YpR+(Kqk<`1JK5UV|{MxNE{yHoxIXU+_=k2x=8Ks^Eb_^pkN4X8Gw zLhS5g`c95of8*vE0-YyA)Xnv=SN~jQH%@Tp@`FEr+-v#IK!;8keqzJHl;mW->z;{so@PTbGoS6tdD%n!od6HhT7+Nyg^JhF?KJ zb~XneUufkYl=1p_1OGVGu(0HwX_Tt6E?Y<9~+@Y1@c}^I+jl>QZh8Q>%eZiF5jO!J5`5ALPRCF%6$+suC2PDed?n}TypbllH_p6rdd`xF57vD{T=FGv-n!`-LHXK zQVkWM;i`UK&5@jW`pNPmr4G2Yc>h-6&1RyT9t^i{Cnc_2gYshx>S&-6xzDLTik+YG z-^VOa(vk_;%zh<9xGIWM@X43Xt-5Fym{)*GV;%i5hR*>pzyxvFf}NO{n5wz{vzSHY zAr~(%CJl9T6WKPJGgW&UAOCUg0e0yp>TqeSMo4XT97g)B;Q`_Cx{dQkCXrtwCWbU$ zvM=)@B{zsTq<|;eY!fSTY6=lTm)}L|V!IUl!D;26-&yV1jQ1A}=XToId)p?q*?jk{ z`$=6e=zrV)RaEdF%+@>XikGaZt5ct%GB4c=F$2z5yJWIg%abH)tM~h{P0;F{IbL{6 zs!(04y%}|FbM`FF3TG%MgLONMA=_XqdAYf6QT#bej_0T z8$-?3($Z2}dpNI6w9IwS+dw9ikcvNB9gWB{Y{^^{FjbIaWnyY>WA3j+x|o`Nt;p3X zS~a+IG*UFi`2y~|_B$nlH3lgV;2rdOF_fpq${eyPawVEb;T@E#Yh?ArWuh+bm2FKE zqIE}Mx=G8=fIsOrVsHm_qpz+>9`a|&DPb0lNA&ut)GvR^?^m&~0OToC$t=_)S4%fr zLlG1r#+?bHhTCql3(5WkXei-|PcIlo50o0DSKMZ1?wYW4p844*!asGK7U1sxT9Mes z2R|N2B;0@dZgr#-=E#8V`L(p+!1H8m!{9^g`VbNQcXEKgx+Jz?S>eptlg`b|ocy@! zHnLT)iHzV_Eav*=m&rXbfC)KTPmTdqZYQp6Khqawb|s)#U-*!nk8fwS4Bf#0dA)zi zf7Ggu8Ze@D>9FkMsk;QCy~Vv>!-`Ibfu8;% zwIDY?fAMnC_EH}XLIs`mdJS2T=|HaOo8jSMTGRn2J^g#m<4?ouwQ}cK{8)7Hl;7vi zpRM@{UiG{JFmt?J+x1tXgMw^9d3^V8@@gq97>Bn7BL3h3&9J{N{q>;Ff8!=kwu=&z zlb5_$|3U9VhCueHCfm!Pc8`YOFHziZ9>byRC^-%jSaV(sJAaDpH*J77o?z3C|C;>* z7617AxtOZ~ut?ERe(4VBS{=x%t9j@Nu%C^Kt8>L3;6HM8*h$xI+s@h9xnw4SM`$HH zJ!{okGW4_a_OSU5Af%Tq(VGJxRy8nC)mGfMUtud=bI;qyklT)qpYsMq@f>qj@fX;U z#|k|IV3Tt;eAuhB3rz*cuKk*xdl~oeC|-McHO)BBE+`)E$7os0L0kjHsntSa=&%Fs zlnm5Y3!0qXp7EvFPN=q;*8j;Sw)N$_r+={-C`=4YKKS}lbG=x@f9Sz&HYhF*E`y0b zQ3zdps0+;WuED)~-%92%LOa85=<@y1-E}m_@qUEYkv|wLQ9vDyOShk>Lb&kWQdZ^T zk!T7^O1@ZJNuMrCM_l|TGtOx*w<)W?3U|+H4{B9n+uc{87EDh+v)wnQoo8?M?A|?? zCCQK1h$t!dV?w2HQ!(mJ!qJl(BV~4Fm_d_LJE1NPrr^D~+$Oey__p(8tl06lmx?UL zqJutjo9<>%3)vQLheS9m_pfiZRdKxf{cLWl@2u~EEI!UXW2p~nHg3oQ2ZAU1gN0@w zX4#|Tn($$#L2j*+FsrYQp`L+k*us~5f6*k%=aHl1Zepmml67c=dHMGR+u7;qVL{WM z%^G>oCsCA~h!mahNse)n6c6V$xb{MrP zJJvfMV204z`9|xlQDw)ft=+W%lisf+0cES@cduW6{pNRUU9(}}K7|D=4S@L>_#^2I z@NH;NF|EvRMp#rjVHc7?BOAh$=XQu?R8Hc+do4DPS}mcQv@aWTnyXNXsKhQV1>E%T zeD^LNivINkp4A}f?c!?W`N%R58x5A{ldtf->bRQ zNG!BUAx1<_E`S^)CL-V7x;s>8PAU5QX<4BeaIbBmbHkH!X`tTGwyK#ywl0pu-al2% z(P_W@S;%m8?&|Fz*(Xn=U0n}+`3}mY{AqG>I0ps}V~@ zOBfWFVh3yb4RT4wYzH=#UgbMS1XHyYIt`mF>LAKGvYH77ZQ$caDHa;NA*@=UTid9z zsAA@$v?wwk0mX?sXk;a&q{v7~Ayov4g|RO3P!1S-`u#kpuYjmI8079fDSA-S{{cl4 zusvOL#+@J~zZ$k}dy(z0QT=Z}!S88=AxlQcI$sj$1 z_0-9eg%%3?hyG%shg*5)S`)a;Qth+UB)4meq>)NtqipKWmA-f-B$=}h$!6F=vkfeH zB%9%SW3BI}WxVwt5dKYHn2v(;f5|d2hX*I-0RVLQT@CI56N2E|z@}_|EEfXT*~m5(<7|sQn!kA|)b(3< zhG82GyD%=28kxtVAa5QW>AE))Dze*t^E@fb9hVeHf`*-!T3~)KP4h;50){b2`?1P+ z-J>?x-Baf9F@@-%iw+ zK%ra55qg3=FVcpEg*go`mf8v&&UCO#h>Q0F3O*@h2O1>hWaw0>+HA!!Q!bfy7OzJ+ z43DNL#!vDj$Bgc6bqQ5r2A5)xqH!-8T+kK!i|Lt6ZefwbECMA1-%cE|rbn{#rgelc zZKo-yRw|?o4$+J3O{W+}wb3%mQ&Us3(lHJxdH3C-zddk%NVzDKwF>DH?)9^-4zi9$ zl)9plib{~z@>o^X^w!*SXlQYG@Zj)eOL)&4|KC{o_2A08Ns~Hn(V@nq*_2mrKAFJ4 zKw+VrBs)@U{3$L-ab_h}uoyV0Zf zfp&y3-4nth0u_&d+dv%gzp z$LHjaPAgOeM??sj?s^rN^aX40b$?P2r1Aqb&4^{S?>+`yq<*y3)ds`IPEYyA$Hzyz zPOhU6c5Wpc+FV{NuRvm#&O08sJk;<6~c8Q4LI@f@12 zfM!h6quMrVSu98ltk68g)Wy)Vw9?3NVQSO`ox>gh@<7rob~n7(A)VF>Gm~N6Z{ED= zF##`>hU@?VZKK=bv&Wp<&*i7be+SbP&NDieERdh7rta#47$lrWNKU-gk6N7yS-3J> zVsfy%PS**=`Yr{u_TrPPw_O$CfEjil4OLwY@#9>nzWxz9+OVY50sT_!9C+jkRVL;i zKXp-g3Rzl3cYV}F59;GD3GcSMfC_Vwe{;6=Y5)ur=JH&c$w;Z{P@$RlG~k8&skj=^ z{pHQ_a#tb&03-%NX)0Q?&C&You%`#li@0ogd3zHFtWS-x1`AHLy+0qyuB(W70WLur z^Xg)XY>Y})5%UygNV3qRuXn{>Y=3xD3Tb&Q7(4$&S~aWZu3<|dgXpEQ?Ovq_wvydR zpi3_YEYk1%o`rjIba+Tv0zxX5f}}PL!w+6{Q(;H@v<6K$UgKP9t|i#5sd6PHP6kbo z_Gp3LCx!phW1iMLZH&gu%nU1{JYl)l1zm#f)vFfUU$)sdke6?Tju(ZPqkZt=(!tHb zk zp$Y!{dEUAN)^cUSlh%1TM{1d?=7Z?(v5pr(Nf95=IavS**_1xXnt==vI>^l1uixOz zQ8e%iao$}pv$D$JvD~oA$)U>?Va+i0QWNJrJaiZch6XC|^N<90L5EX)eLa(baP}Or zP*kfxo*{L*Y)_IKZL|!ft{6fbvpS-6fABfFum(lFdKJA>_{g7Tgch}|_zSl{pI=IM zuXWZJYn9xmPNR-fEwe43gz_!K0Kz>y6Qf)1R^v^gxdb8Ifap(sXw3zR2-oSj9*F1W z`jKNATUtm0{vH3fkt&1V8zckTrx<8SNi}mjr(QuLtw~m8;OEbGj(ZXzP=YiQYT-0A zy(t~*H_fiXJ9DWfXb@YK}?@ZnNC?DyT4n*f-ReNeu~P5uabIJ z(*jFb4|mH$v{(7?D?aGcGz65_hp^d(U`WaR=!vx1Smhzqi+6zcalc;zasjMdS*^73*DfjwcOv%&|<#oqX*PnREIO?)YMhrz)? z?;e-M(ZQr^84&f36MJ)hF7MobJRpMBvyzG02!GYu)|-l|_719%ct6X`1ny%`zdWHH z=-^WJ_|t8R@*~YBPudrIOjb+gDy@}S4Gm}-5mzWk)$C2g9g9cSpndD=EA{)|_i0^s zj|gZ>wb`JjB*g(fW1Jjyn+}SD^`2LLJ^AYxp*TES$ZSCVfUo6W=CZQ*735>$35xL^ zpnx+~VPj!oVPlgQw_h3635(~Em(C@_EDyLC^-MfUG#LZZCEcB6PBnrFhBA+UE|Ne|@_-apCsMphw z0`n0;7dgyCLajkHwsqqQwMqlX?8I+zbLT@_i$PJPFgDQwx3jI|08KvtfO0Cbon#hR z2u=h?Jgl%C;39&4x@Exqqty69UZ&x*8iw0!V0kjSoeZNP`s+`lArsjF#SE}8K_i2? z66am?pck`}M%QB7{^`?x)R^nd8*xXN{CtRPpf8+yN?&9qlVgZ=5ZY|c)oSCPx^OJA z_3ayb3;oi3W47^LP)9M$*gx~TE*MKF7)RdD$jDfCkq)%emy%@-kA+A)JUpD7>zE-6 zEl6{|za{YD1F#Rsk(DkNf~0D?dg$PKxJf273rK5fYOaURHZ+i3AZMXFPkNw1H7f+D z@aT}>OME=vxC0&|fWK|r%9 zEc4XFbsk4U$heAM09ey97Y&+@<8QMl0oi#8P`Ca4{bj4A`U|-RHTRzmsj4658T!-s zi((wWmG_=Q&AvYG1!RMFI z1V->s3h%m>$!ZP~>iTD?I}2UEKJMG6D<^Lr5*;mSJ-tHW>A>2AJ=_svt8|=qn!AV{ zulAQl49&$jARatG5<##)k0MV&_5tnIJ^<{&?O2rW&8F_>{H_OCE^^GfH+E@?L6QR+ zO2ujqU}uhApEz9VNhgE0X!!mCc;mjT?8l)M8lJ_lTp>wuao2+m&pvIWY7@wQ!IgV6 zv!V7^a=;FuYzB}{CL~f6S?ZPls%NoeE_wlILdcR}nwNUiaW*3beUal0WF#bqbHVBo z2{v=BQ?-5qc_w|ZX`q#5DYFbypsuSZ4e)Rk0Ds>3ws4*%dFQpCQ~o24Qx~J4W8Z!@ z?5338=e0dU$cM6<-i3x96g`EM5&Fgx3j98N*qg83VXv4D+}+(xNvQ`Z1(;tW$d{Jasrk&miljOCm!+T#J(e1y*&VvNaoy zfY$AEObqR{YrB}@9MCx1+uEu?!U+bk*&#(s6yO`dD;Kl+9?uqTv_$eOH88|DZ*@ok^-hc2nh1;lw~0WmY?I$LRLi;na?fx;|HrB9ps}2c zsDx#mUlbJSRv`mx_<=BP%5gp1=7Sdh%*w?y?Dmq_QGYx=U&+X79|9GxLW$(7Wau9P zPq)xD$3k?LkkAcR;ozrgidh!GIqZmFtl|4V>S$1tdvnod?bj#7*!|fwOhEz)D&trK z4Td8>m!&F;+YEfnPSYJA#IE~D?n-*hG6R)=4&wJRl<2gr7YvTGkgRACXbc=){c^mj z(7gm-0y0#DLY0&?M+z+EwTa<&s&FImE<2w;J42(yF=?d$^pmTh<{V|{;6cTR0jvq5<3e|yA0?3Ig zSFf&w0`!6&^5-;v%VXU<2*P{N^t%6@fELvHOeI{5j0^Dl@<;Qil{-r`B9 zRDKE!bXEDyC*$Egk#SYWvneKLkM$k&rF{QM#p5O6ia;0VxTQZcwBIM5F|y zrAxX?L%lMGqitBq zm%l8#{&mL)o>CV|M0`ZV6Xfc@{{``!pe2yP@avoFKBzaddzoRurmy`yFVp>tAVn(z zfew?lay1s`4JmT+m5GP#6z1KbT_vI8b4(}r3VVi#1;5{4tGxR_G(;xSd zmH|#hK|?!O9gq=U1nUmtw%dIFblO*m{X^fKKq-F;$<8jz-&gC`{9m5?-yPWhdmOC) z-+vm$!EJ9q{nql7zIZx7+y-A!{xwSa9q=*~rPX#b?^qt~2n zL?i#m;biUVdOV=6i$_W-00R7I$x!*nkCPAnSrxZ0SH(&^KN=cZ&?6h0Eoj68 z=>n~W&Dx7PkiYfGfp(m+lJ4HU#f6?!6=mhY7sId_>9hX3mqpZ#e0(50sIz!5=_M?9 z`7?nj79AN8!D-Wg_~(NNdDVX{NMBrZ5rudzrUws7$K|*uoQ+`Ep*1YWJ*i<08lL{F zzVv@uYY3ZczGTvF+mh>g-aV5BZ=^^TuL0Fd!->9sb`zWDI}Z`A z%iYPU=(I3j(4Y>=|6`bO+3t%YxY7;Mj*gCY+%T9OXzgCW1}QsLUhwSIuE)vxo?{_A z2Cv;x?|)s+?$aS9plN!pD`_AwO<;G(KC^FxkJJgc+P{1SfL^bjFidt3OWh%`ex@nk z{AbzOIWN#cK?6U{EWoAeJJ<-yQdbZM6|N$wHAvCpSq-kl|0g29nn|5w)-L<0r%`23 zSNl(Rb9mn*)pGg4@c6&yJ&BoP`Jd?N&GNsnSO4?R-c>1?U%n*WssEmBclh!jLL{Ol z%j?3EirsGTQ*73||Akll9~x#uR&M5(?#>#eosa)vp=7YjXy4CyZt~AA-H^q2=gyb! z349vp{~r*G{>5qjH)-iz)v#G!>AqQ>gg9NZ#O1t9DM`~c-Ol=EWg0m41b%PG$hL`d zHC)v}Xa(Zah>9lr8KD1ZcN~5+c0otq21B*4aVN^A1Rw@HD#%gXw3 z?DC!N$7o_jzVcdt+^M-)fSmi!Co|b1YvlGGN;nj}C^dM0bQ$s=WPC6%wpM{TR1AM^ zvX6XF0sr{t=f9C_{`X+5s12gxoeFy4+ax4n_y7FQr_{Dch*D+H2EPb#$?-gMu1YcC z1iYgBaXrX8mnvuqDz@9IH_wG#|5{CyKpHO%YnpLh|J_mts&L4A$#Z^AQ~I3jt=*@B z&OoB)e(T86r;WAZ>?7i{of6^mXikIp`csPgA_gpLO@}uM2=XH`70vjN{DX2SMJoeIEvaPI8`?G!>K53FDj4s#$ zkxe-T6W2}iErIyEQ*3MpXHg3VSV4!1&1*>gqOBd_6fW~K22K8Zn^P=;f>01_Kmv8V zTdV+0sZc`R**1oP;NSp2r6sEOH-yg*n}ElYo|XokL@-rx;vL}yAg26QZ=IOGZTbGD z*RRx2LC3ieZu`w14{d4b<4Jq$6@W+PLWQ|355LrzCSLMqU_geY2p_Cwkysx(L3SV+ zOd9k4{TJt+S+M_*qVSk68*RIoJ4m-uU~pNaenC>{KC%rW$WfN|!M%xtsqf9r z56rr!ff<_sY!ahT!J^AXko)n-eM-v4CMk^im2?skPRq;)fUf(7biH)LzlRVo9;#UA zzO2RLJUSvs*wGD95IXvHlY0^p1L1%l(Dqwc?qQKTwo-1Ays6-R*tU@g@M&}{*Xlry z)A{rcKpEi>Oy_|%=-ILXjR-#Ht*4d9wNP|h6jVDxBOYYgTaw6685n=6OG+F}rolQ) zdiUkUOtx!_MocZVn~#5_hK@U){IEMYV4kMT=n$@$e0QT%JA`> zuB-lUY7S>*!1H782lcJ7H7kG&0ef1*^jB=pTYJax;Lvm1X9ZtC>h9f^IZ0-8)y>z>Pw3+7 z4ifWF5K9escYOsEX(zY1v*s+>ck{NjS~AD_+jMe?R@ws3i}YTb=8? zAl6O@0JEeATwIVw04uBXdGj_NbduHvYfrj_&nziwAQK16J^-Nc`XkE(^T0RmPW>Gw zE8vUCw%VNlDz(%ZQ|-_mg@lZDy4$ByrIk#tuIeS!H1`d->W+#(fuA3h1YIRu4b{sU2bl-;jI}# zS9_KpEM@>800F|_4x)hoh=`e~tIhqmVY{_%5_g4#y-p9E#6N?;k)|Ewrtnr|6QhB| za|e)p&lTfn%vxu&=g-?9d#Hlg1d-09wbg0T!4&vqe=)^UQ>Z1LwY*E+mjCv>IpBv~ zm#{@WCkC|;bG~y<-^y+5&@o+6-4?;76spjG+m#c|{_Jwav#tu=f&Bm{fhojS>xt@( zkzy$eLGWx7UAnnD0YhR1;ax`@6h8o{A2xg01AyTEXzu{S4(Nj!UHj*;dk=o$f+MM+t*tUCrc|Pk z2bZOWev!9wHV{IfZz*6;U=fj6oH?EcVP~q?^kB=N3CtB=)GaKckyl($fKiwAfbF+{ znS%QL@1XQ`-Ch5^oC=PPf?>QuLg&+s!Lt(wzaA5W0sT$)RHSBoJ$E*5WMqU2Is;mw zx<@W91IyuW*YYY_2UJ>#C7vw?$Ak)=4>ySVsO4&a_+=(EAOaGn0(U7_dM+-bk%LBa$Tj=r!E1A~k>4i53U49n7_0Uz-qNnNUtzZ#&O4ZNQuv*k$XvbN3zGm= z3l@;%j`P|%tv|A>o>+?a(kuTp0kk5$Rh|WFtElmHUjqG#`42L$eSCt@Z)`+TCMQ!V z3n!n0G?k2RmkOH=qx9MD573jwrk1h?p!RUfV84G9TBV;eGA`yQF3g6%DB14JyKPpt zBs3a8x7G{p58g9|Oc`-tk%kj<1N%#A;pFqID}!~Bg2nAHVEZjCE`q0&=VGv?9%-Ge zLiKAO2$Zht!!LP9Mj)?EG>?T>1v^V$*mEr^ucilfZ+XRqO+p#1!=S~=+$nmUDWgLccLhQrex_MpwGHSkV5h~ks4)P^8%GU>Ld z>)zT77?o@IJ-Gz0bKldN8W+1IFa>)7@a4>pF-c4CT?>Gh1x%8_0#o+s({7K0DFRX) z;7;770;7^!!n==5B)^~C8s`Qd8|YPm5luv{ed~ubGCupvBxdZRUt^oP%q?&!wK@e* zV!RChUN3iC3XV5;+#?we-ab-N>VY>H>?JNLkJ97%dL8>^{hw5S4`+8@Aa)u10h`mf z*A#M12I6*m8=u+7PIUB$D!HqO{$Ml;S5^Um(;g}EGzLV!TuZH7-mnx!9WFjO4HfQv zIp)%pX4AyN%WWHRKioVP(zfjZb^Qsja)hUBpZg7dZ@)7-^7YF-NBhko&PAWGiY2c0 zq@KWTV8M9ouKavAf1ix+6Oee=UW6=cL;bjA%Erb+>n0i@`s>N(3hc*$Yz8JcF=WV=$L;hmWHKAe|W{h;^_a>Rw7ms|1T*V z{#A&~B;9BmND}=DaSXVDb{8JEhAqy)$#QRfpo#To42P-v{>l>7WxN5Tm)5pgV!r8? z5U9Y|&tUMTyYj16vxPiPhTFkpso12`^k3UA;a!OFd2XmDSubmF=W?v&iL!qqu$SAN?=zrUxk0j%GO zLtt{%iZ-E=m!D(+o8o9G5ax@*<8%f{$t8onzDILYo=(sO*I|X&QKz=goIjlPGL9Z4 zsU6&(UxKX{vtG?zzN&=Ubm-y0#8g?$Z$L8ebC?Z!Z6y!bU?yl*+R_NZ6Dcyd z0~1%@{kL!J>3VUOY~s1w6Z_prbv-uQZ&tuW$YXoKtnuXzKnoS_U@Quw_I7g}`UW%h zd=hu9+(t7q67~}vBWpeKDs&Y>Tu;{uF1Y7HiNFghRiC`pN_!Ouuka$isQP^md!;{X zE&v#bw@5m#!fKgTG2Wbg8&6!G#ieW$aoL-MXcPy$y4eRO`x#z`GyWj{fE~XpVWLsA zkqQS7&jUP3imEUDl}d;7JW{{!Z$y8vJ2)J;$V}#4Xi@oIV$|BJRm=j@iT5!+LHj zFvoMB@9}2=SLn_9i@J*WcO_)72T&D3RfES674&1je*^F<1-ZvJF)_(u4W;-7k$cP+ z7O8%+lb-@V8NS}cz`&d4j2mf%CDGq|HAZEOJTA@kjMbsFX}{WU@Kf8U&AK;5rp}%( z-s@Co4i=yX1jsWqjE{T{z_QB@Ia4gs^8Fi?@ynUrf=cl6`h5BbECX=@9 ztk~vbWgXO^LiT+j3pR>&FkJt4_xXo6@SrKs zEl$@yu!dX$!uZL_9)Go3N#ScpU{XKa;Ed6wz};nfeS(>K1pKti$qHEupJ zx@YVZBjC~oO?u@rD}Eb$k-)SFL(cnzJ*TWGHj;`jKRpb8gaM6Y# z=~P*9g!Dx1Jb!(`<) zq6>+sl7D8;!6X~{0J^x;IDX4$S^8XTGJmJGU zpDpehzVUe)M(fYd{}l;5?AFtE*9A{1zEZFJ1)+LZ`2jIMam~KvtT4W+`){_k!_9vf z!hn(e2YE#N`HBZ3J(p4z_;J93Pt{4C{)OQu$x|V2CP`xXz}5ginQs4G3Fb}QaBBMJ zFWyxFmtU#U?DgkYgkm&^o5g0kmemTxOphBW#LL&5J3of5Df&cGo&JS$DWdT%zpkP_ z+O~LGRD6)9BdPw$9%%+!bkA@VK4m8PSCc8}mjS9hS;~)B)9R^8L&QG^{(3~k0}$`? zTwm20vq*wWHOm6hykjN(*#D^qEir(vi> z7|@GZQPGb74vZP7|xFSe6lY*&%1d;Aro!=bUOmwuF&Z>&bnz*14p7VXK^KE+uK9 z0~&cu)z2zJ1fM?(J^h-$N}a>h(^3;G!(G-(Z9!;An|hBp=Vo7SW?{-+ddXGy=SYZC z6r^Q7@gNi8?5SXh3G{~+ytZyI-_PmbPGiyy%w&QLM!2K27}6prr6bGASTTP>?xcThTf}6wUW!w`X}0 zvNUa&TVw+o#(_#cA*y~K=sDFa@|d#ZjUtCLlw!WWRdf9Ggkf!~!_t8y2P1Enjl{y7 zNzGVtP;s<(fK*eAgzB%SN2j(JEj_F%OaT;^-po>`w(qTgFI9}Y4GaJh41n)eaecP~ z6HSpIHY5`LCTQDSmLrvE?>P5Mywf4V59*1&GB`!WMobI;K+=u2L7SBlOI{syru_rt ziiC8hR6;s;cw3`;^#UV0W^x;DXi;5%saRpjqGhP1# zvCKD{uwp?1nNn(Uj)rLP+PZk`aGi+f)LLLwUb}Mp@^7)qLkYadh^-fJ<=bgTG*K5A zlDa{y?3Z~GB9o{M-b%z4#hW*)IL+cu>WR=(nQQkVaPrpF!r{BU!=)@b>Q6zRVajJhfJV;jX#>jlp@fSlsdjHe#K zNQ8^KGxk~k(mVGzaYoCJf7p8bobG_I<0=GdEH_-^-?BF z`FP=eWpu(_>S0%%9?6YV%(Uq*_50K9w-DZmghK8bvb7(zUy$wZbm21i6L{_V0L|xV z9;BDL)l%ip=Q=%RvG^U@xw_TN+}!10SvXRJ zm#0-uujvWo4CZJKI=WU*UYqVDC~pHF&D{%0^qO%w#`Uf*S{h(K z6Ui%|Ap&!nqy?wL8DYKxbMUATIu9X<>0x+pfrt>MON$ z6bK)nWlhd%lXR&sXl`!K)31MLjWWGdGWf?KrXH04)*)q!%%4Xiwr2%(;@^HJmv3w= zMMGp>Zk1G|`n8yMDWHFSxGFYn(yDgBA&ViVo z9*%U#Oa2hB&c9|Iqj_lhey`W0KoomPe`MT4V?r&9KYvDx<9-ns6cid1q%K`*G3BV; zRtDz+bXPgV0V?e6?G3&5Jnibbbv+m)MkzaI3~VS^Fs>Vz)IT5yWf#x5j>8Ec1QijC8ai zQP$Pl;5CNVj8IyjH0u`eu23~Cx9MiDgsMfZK|tBZS4fC0H0VSCAT~OuAh2l5tDdLx z!0x+j-rk!oVXuXO=+dax@bu4VRxH&+fbPOh515E7+LcValJ{V`^V~lmAOKV-PT(Hf z)3dk!K&hukUC*WY2X;9SrOLn8R6cEdz5eNwvW2pWiVWF(divGYj0E?c5N=R9&iZ%U zMd@D+ z!Rro*1a4idY4|2--BDaW>AlPd{phsb&|PZJMLN1;TP_eHOi*wpM8{dMEInHiemSKUW@{9QS`NgLgERwS5KngiEkNu*2EP>0Cj zdWzH$&BAAh1_d}3BHCT^H*RrzZwiARE)mfTvu(Lq0_cNJ0PsCBy?>cvlx$&r#Z3~o z*i4&djnL4FDP?5v9gNC8#xP66$Yc7eIr>1%0(eT^^_kDV@lsQBa5DDmVg8kXtC=`v zJ)mialMm{4dzUfEMyH%EJj$mWrPS2YDIBi|zb#O?CX)DQif*BUv^zcDmySpLo6Qs6 zcexm1C2D`AY0pt0@+9qp|NBiSudjpA&9!UG~3_?=+pB0t^po8q;>5jUd zho(i0fVs5Rs3SIAb$YIX@R9xQax^osYmb8P`TUCzDuiw{t=RLK2<`e6!QY0PbP(%F zN?92sN|kLs8ead??e&fo1+XPk7bw^saC8=4{U^wc;rJgJeA?>oz+v^=Qym&^2QyG8 zymz`#alD!JeNe9>quqQC1=QJr;L|_vAh>0Ij*yMxI|ERj&MBl`1**fkt*6vftuv)M zzuK^R+H$SfH1k59qa@u-E4}x}MnF;J60^G8C;=$>Z?MF@zcvDB6>^o2oeh5ECScTf zA0MvrTn^MIiRCgDX_Ys!n2iaU{fAt;Sa0@Jad}cGPLOs-5$d>IEHIY=ydeDrt3~@*IqF@aS6^J>_ zc)TWSf`10vbqT7|%>fUC+w#z2-irFtcM^a|K=|05e$~WUMlVvnx&I^R@!g0lrX0Sb z2nG7Q(rjx)EZrq(3SI#%24ft5$RVy56{$&!i#zLC=YxNEJT5l5l4D2D0(FANVx{(r z%2M^sNk8@%l}CfXKiuwZXSSM1-!qqsn{;lH3l-j-xcMqYfs}(_zNR%nd z&mh6%hD@Ipv69>AYkHlI2fh%J2c|`G$bQf`l5)hNkLWA=W68|<*IRqQAyTK%urk0> zVL}Mhsr?cCK(zrxn^CJ`8E{1gxA|}1{OSa(Xxbjh%kPI<@0uIcDiA^EZM0TByAUE+ zx&fzk?`Kw??ptG{1!9f9x;K7#3fJ@>HzeIre=1_km;B5PnS_RyR8sue=L;P-hhyn< zD0aWIS7cNH4SOJK|B49j`h3u(jn^R>7%~4{^0N5*`TiQNq-Nl#?vI_LkjMhar25x! zJ?wD%D`TcVu8K(tKFEF&*5A)Lb(WKr3I%=rvAQPH@qI%yrCEVwT;|FG25N?%8}g6k zI^-u7{X;eeIawQsl*$g|iwc6(&tMvAk z1w9&h(DDH4S$O7PGX8t4v|F`KQv+3gUbx2B^nKK$@zZJ#d_&mf@|e8HF&%<8=`o}t z?L-)wuw*QLd0!@W#L1=j9UI(;27N4Vp>#nv$0_?cxn`F8mm5Ow{D-S;`GtUwyN?tt z>~H(r5-?-Q)vuq_^8_ZZyjoC+@=x!4&&@!b7eXA}p3I4fm{PTpGo1~#og3XMxHrWZ zbGD^a{E|!er&cCmi8atknqTrpPSJJ@&a_eqUtqp>TG|>EoQy}x6K7l~(4-@M_0D!v zJdv23*92adRScrp111y8+&&~%Kn(q+j7j`6+4Ky~LQ}*BFSRbR$lL#Vglb1E6RXrs| zPb(ReF2Qfodm@#fko-1L)gX{vd`*lY0?Nd*SbU~Y#gto#P!bJaE2u~y%7BzUi75}m z;d3FCVe8Cya-ps!ula5h)gtVwZy4%%p+g#Jp%|fRQO+1?m=p_&Mv+A&0rBOHtdR>n zep!q%3}O+qd8LC|WJ2%R-`;SB3KiQ*)88;bt3)kDJTOgy$gfC1izo%|*hWSouqXo5 zkJr*LrDRGqw7}brH48$q}>Q6)~ z2BRWso|Ovij)}v4+RjT0avn=##%I=^5r*KoeF#(_v7n`qZZppvOz-QLeyA&&ZZ3_T zsEt6>iy%h5M#>x0lLexjFf$`(ZgC{d$#1%j`bJ0J6mcSSQBYegV-ogSOKh5%K)I(y zXJuaR!JNp?y1MD@N2MaIAMR%kGm4a-t=sCSzeED-BQj!KINw0NqPoGBpt3ZrG@x&R z_9u%iDqn=Md~`BKpUONJ7!U{Rh<(%jED`jv&7QW;fKSJ7#l{(q4oPlNnSXh;+V<8W zLz>u{ugQ8RI)(!g<^qO|X4C?631fN74EqlI4GDAX>p295nrfbEo=-KB3qWjck zJPJHg%Z%91dK#5pIT{I)lM&;6D&%jskMW~y#BQwAbZImYZ4TLUX3Tjs z7VC4)0=3wj`i zEy3*tliNI3eohA@t)Eq<+~pIZ;$o;^oyse%c>T#G=E#7pk*Kxzcn+HY2Q-r3-I;>$WC&`PofheC#Fz6e*Nvo9zx2 zr1?+%Gak9U75GKf{_dE*P@E`TOg5v>p1z55{AyHn_r`CHQ9D}qd>y)o%DJE_T{C(lNIoh%h4CwO$(&Ngz@jQk4f+QbB`IP-%aLyB~diV+ZjUk zZjTHpERf{*P$P33ETB{x>5O2zasRG_EcgaW(pj`QEjHWD-&zPQj19D6#R-?I>BXO} znLKGP^XqfyRoEP^&8Rv2DFU2;cIETfNGks1mKRC{5d_|9YD!@@l@wvTaHJ&<^fMSl38B}E(;5%I{#+;U^!PNS?4Q{lT{Iz+?8?^I`DauOP< z*^c|=bWIfG50~kFawE3|K8;OJG`-IC&8?OI-*WJV`uTh8G@bn}gZ9eTvi=Lq?7FJ) zNKF2olxqdn^>;r@P$z_e7|mP7&)5{0X$=%u-urWfg~;7{q$y%6$MTNVvVFGI@yP~h zgZKOGN-S1)m#}{uUI~AXCH2T#ExjI9F!W^%t(c~SuOyy|4WVC_;Q2Y>FQYf(mpjU6 z%j_gRVp`#v$O((_+W=dh8cs<+O2Z>)(>2Z5FD+e_9AYS)^t2DIf9I=tx=y-Dsz~PQ z9#F66u568^MTF@jn!J*&g^rmQoPM32e!L6!oK*}3c7Tj)R_4C|rakvTlw1_qiMXw? zIrtgS7oN^gzVYi@XzjWY@RqJv;%Gze1G_BEXx!tw7-E5GvR<`x0^ftL8`I}xwjr4{ zDKe{6>zv2UePs>VI{d=7(*qp|Z@qC)Be8I!%KO}4-Qf+6~o<5Bw#(U+AQ^v=@)djVLVc0xi z-+vSN-OI`duK~KgFX%zR^qt=L#?CJ16^|5UWgnfP6g()G_xuW1pMH|Y6eJH#Q9zl_ z+d1zx1=temp^L=%&D`fritqgTDYs#Hm_5Uc@ccwk$T%RaIVi)Fw#RQKBTT^~_&zhS zpJvEyQb5=kn`Sy*5S$(yg}_A{TGN{iqpkvo1dBpHy^j!=`(A|sH4B*nUEao&Vf?&f zOjiF zV7VXGZAfnwIF&x#ojqR2iqWK^VTSsI4Piwr&A5r`9BJUnZB$V&FL?=`Wy_v4expVp z-eSX@V@CIN|9T&l;kIA~Ds@;TjZS{;3v`Tcd6+8uU751KUn%Ob;@>3~OqZU>__l50 zt^-@|krgab+Kc2@ek*je!0ya({Y{6xiJ5OeJn50o?X-+gbiyEUT!S9Q4xE1Fel$P; zWI>#;|L0JbKIdif?fFe1@dy?BB@Y=U9lG?d>G&o(F>@L7c5M~G(nqyi8wUltssm(l z(e3mb;&=eL^3lbmZ%(2 z4T)oDN98_t5N)??IfuV-WtR2t9 z)g$AbYZgimqFy)I5~$K)6=3vXwFmuvX-r6^6~Aszi|5InX?r57J&H%H*ZiG6tu&g$ zMpS?R}k6gCDtpAt^pQ$G=P`{ieuXQuaMF@?^ce?h+? zZ6#fIn*GD1l_QFoFZ&=O>szm0jX&h$OvcA++#)SMkgPtYFEG>dJGNNlctkpLqm{HW zJwPPsw6;nKni@jOGz~qNjQf03E)EEt6hOYb!CY|%&I_Jb^RQRD2M}({CdVZ4&R`3L zN55BtH|Pv`Nb^-nmJpx#O3Ic|5Z)J0QA;R7Lz+0h^+t`^^C_H~LBFdMr#qqO#VyCd&+oPo`(UEV30TBapli4p z{z3%lkl)H&0&ouRsXNQF^|BdF-Q21|{ulgGhkIqdTwfU`Vsd3ps)iGPX0+q`o-tF7F`-kOCU%!ff z21eIdc?S3${?C5u0dPwG>8F12685;1pFe?O|1^5Wo_Ln4Bw87^Zc42c`ixmsKO!t5 zUB_CE;k0k;y39`Ukz>Y{6KYDye0=XTV{Vfc>Q)(Nq|a}RxP0|k+rEv*=Ofl`ZR;y> z+r%__14WGSg%EX*qO`@r0ONPvUv8EMy%IT7E`2vzig3$F$tcv*lbJ&IZ)at9d2@-^ z@K21%BhN3}vJz@#YG7{_PjT zx<(ULX!+vS=9#n6>Df&b)}@mi0@NW^|JUa z;{bfNKoMk-cs4lb1xU!zIvh|@KMrrZ&J3;@`W^!h_P0Sm^Nhv)q<(YV7p%Kv#LKKE zOjzK(>8^V65U?oud&)M4EdEUf0aE7WGh31$l>sZDs**ORz{pUkoa^|L5be^MeC@KCz}6n+g7Scx+RfFK637TM|PpC#A)IHrz2L zH0IXG}wy=gDneR^b$lXqv@)*CY5>@)4V)mOoQ45ahf}3xXzqPBd{`5v{ zq^)!A522$b`d;qls%A`oFqvDgnLP!#o>=RaXRjuQu~0&GE(0 zT*JfiFwXqr`Pn242 zrG3wYvN4D|1s) zl9soxbj$lwMsa*0=13wt?#5WA-e4z_SDm?SWU3*qp+Z~i81GlGnf=M$uD z8p_SLNfT12oJ2iG>{}tsf1As6#WZW0DH)egGYF$+L)MCc7j11AF!!ykues|fpGZw@ zR*1UEHr?;=2qjA|J+0D7I2Dkx$qabI^;|h3ZUX}y-jdmY zBy`olW9bjbcN@aG;8`2QCN(rG=ivOoAl2t*Zq_~{zz4DEd3)-Fuc}-lRM%K}rQDm| zH>2Bat7|{JZsLp#F#KcqC{Lti(K9}E1#x;6$qeci|MqV3xr-709oE+D?Q^dwyI;y~ zdy{>FeS#-fn!el!pheQW{hlyH68Aw{%1iw_&-+iu4RMAlZp^;Td>kA&`#s=JCLpd9Nhj>Y;Aapi6EcqDp@feG26XqLvDcPFF% zfZL*7u4Xo;rkZ2(s@S0Mm_c(;uK@emnWzwjgpI~;adVreu3SI*ckk|6`Z%5(&z-po z^{C<{u^e|L=DN?wES6q-9q`~mr=vwiFP9q?zQqqS@efJOKUczT=W6&<4y^Fsqr66Z z)9N9uC5aaIqPmzQrr8degiqsB*3-(Kv9X=ip_=2l#KYnBjH;@tiv@k5(^6m&0>9Ry z@dh($cTdmnxx~}u9Q~73^}6Fo7SENP`=4xHYl`^H(E4?B0ion~hCTls^kQw*!PH~d&i|9ooZrHScv+-J2TTXwrSdecc*k|vW`48O=6?J- zmaMU-?)-4O`<3$$72KeK0Y^QK=a!MpRYu;iPlKFK37 zU_(1PxZfLHH&6D$t0it~H)@B)*;-$JYCTm;TYKu_)q&SON8$uDkd&0tdvsz6K14mG zsbHhm?w1Tz)W`q$#ft0@xxU)&w_SqvPDBZ#p;hJH_3p2Z_E-o-j;qVr$j4aNr1E?u z_;v{UX&>>DJ2`s0MaT!^BW2be=1)cBi3`UD6T3Y|i&F;pgBR3>BSbqWi>i-hNnDv^sCc2Hs_8HqdawefU_! zr#k6c`(SdmdARelM?w3%IVyo_I|)XxNc}RdPfSc8qwOo4T^{U;04Kp1*+qD@OUW|w z@;0)abOeW9=_+KXvNy*Xh8o`G{i#v(jBPEWJ!WG~`*gQ5SgtT#LuFm51IVbD^Z zJmMK+e$Cr$kCiG86f;Vc+ZsM*^a>r)-}=tl%P!{8YE9$ASGCoKi}`8iH=dw2yp_=( zck1-@$4&CRV`lI`Hr%0?$iF>JQo`o_?c7{m((bpa6GYt)AB}8X!)&?9Q0eE+D{{^7 zJ*V6?cwrm2N<`m3#qwTgkFH-5+$A1zUB!BR<615XDKtK^+|Wo!{^3 z=lFn?wZdZPS4P*v7(=;2DV8Yv6YVcf7j+pCyyu@-Vd!C)hlOPbIkqFTw2BO{@--*Q z4VwI<$X({mvc5vVyrKDlXPc2*MD;EX%007w>XPd%Gpq;%9aa6-?cTDhIU{Gs35Fu= zh7T6Jg`AJBn?F`_O-C?I439?FJ|AN7T>M-tT1aSx@%AczOjJJZ?VJR&1=V!Y?$!i7 zoUig}8_!;sez0a_#9PW`pvB7*rym^DBcf1^EXtL%so>kPpOzWBp1#RKBYH#ap;nj= zi8o$oj&zy;`^V+g&Rr&^^|1|t8}j#%lQxELD#iGFp4@4a=FGpI9Nzl9;#-8(Pn)~f zr8`R|Z_sI4kfDCf-%&vm?YBWIu_{I<-W~}y#uj-tTm0*8&Uv_E+^m8(IKQJ*dfdOJ)c?;RQ76fY{0_i8ly=$mGh=kM637DP-iG+8| z7F$Dlq>eDKUZscz1Q5v*-+AkrA(5&Yy13jJtd4~6d-uyGW0Q45HJ}mY&T&k@^9;5l zdX99Z2~MfPo*c8q3ZIWYttTXgWWGS+<9L%PA92sl`TFNZL_kAN2ahQ7l>uSe>z|1b z0f$f5c&Of@8eqxQy+t^8s$-)J4p3bG`MNlI-YpY@)qnXP|*F#4#7xE3xg zA9J=m>r2j?9RXEl9QG5<>?m>!j@zn>jQDqxjue}pqb9oq4TvMUc#6GJ43VC%Z@hlJI$ln|^(*hM zl+Bj~mwMb;w+h#5Fb?&QFvxtM^7-Bb!a%-#_0%&*;1vAapvV^<$P40tAl$exv}49-z_ zEMudQqa?KF&E-#tSU8E0Ci@g0@nL{-2?J3vg1?|T8$aPlubmK_h}lNNA5((+`>8Ut z&qm(1AU>Z&|LMBS2{QAdgI@kOQieu*O07})&^V4 zzU{FFeV4Gg6TyKS<@-LD$Q#{9%s7s8R{Gs1vJi2;cbLR|i7FablD?x%K+fpXXcMv3 zc*}FSUoybaOB4>G#bYOh_cQ?z8N?NTAMPQO=!!P_`CYw=8EB>0w*XdkpgewP2M1yXGgPP}u z<6ZyWEb7-rD?7{%+S>Qyu#P#IW?p@!NkU;T7;!DSRUO`nnr2v&+TLnn$6qE%qFOos zSy@fMMbSIoS?NZj{Z#MQI>9+@t_=JGC5#WqF4ug@>`BQ`nqPUWoEx7Xifhnm|K>rg z$eW1pTX(FgE}WPr6S3ppXg5aGU$iaFk;VJgx*-mIA3{dYw`I)eSW$XMG?y4B9|t>1 z=CNRMo+MC^#BD^-2hkB|$zLoVcp+&$diCWMrkTMA-!+W~i|S3bmfn;damjyzCk7EI zX~k(#yXgxGGP1L2G>bF#Xr0q5#fFf*qy4hQhvU(UB zfp@r7`{pFk?VS<4oF8%;q>oIk@id0tVZLtbernre_`>}zV>I=3?W%kTw10L?`A zYm}**OV9C?1w9QYuZpI=M8%llq2JQ{g&RJrls%8?3ASXwscy}%9rF}CaMMj>ilK3`RV-X9lHl&GyHscqDUt7!G zino~vBnhUY%CdqooOZF>1z(?ixP_B-q&T#8+tL|6}#c1 zA^y}F`T!ftce?4{n7u)4XrMIrzWQrLUq0`v-dH3mBcDGHtO5^gBE*Yd7)|jM|Y?wS94fp*3TCTNxBG%ILI) zOzD-@6H$Y0Kd?0S52Nm9a7Ce^6}7AJWIbVxLCW)BiH#fU{UsNSv~};hgn+SKb0Eb% z$&#r`wY67@nHj)f=f z_@tfI@11GKEgcO{!bOGt55C?ysOqrm8b0))8>A$qOS)T9q`SMNL%Lg1S{kGq4$|En z(jh9{AYI=Nyx-@!=bLw4|6?4ObFSFeUTd$tHVq?@|CvuZ-n!^?LR|*Nw>saCzuFai zOs_ZYzHuePBVetzsj~@g`m5{rIqB8f84XqILjBzCAClqIt=UHEBBN_Sf~ubD@ZHYn zL=pL9#+~??c#N<7GhRHTK#PgE!sGp?251hto$CuOiS&peCORdG{dKv zTz)Fx&xM#F(so&U)_kDe$3IINx(vcBcQrE|9I6LmR#+Czibr|FDiG5k9>0I@uIbNL z@kH=a@B|-P3KuWFN@n;VC-(|*vYo}EKPxT{RxfeMw(r;Qxpn{IecQ1FWaVTMZHG2C zBlVp)B@gVKSXg&$!!eTs2Q?jU0bvlA(rmCITyFKAl^89oDEFivIl#UsqauF9i=ou) zG8K6V$$%MRgp2IQ2EQpTo^x3J+Wb07*EgQz{IiJo0WrH*&vv1$hTet zwUUKX;EUSH`d^;&YF762@xJ*<+nH;ge>VJqKL0+4uQ3g}KF*j8##0-++k>KfmM`Za zq6WAPAhlC#Cjm4uiE>2U`6eD>399haHwe>K{)s6v7}h%Xh$DMeJ&QDaWgvBI8QRQZ_v?gw%qB`iEEP79!tH-3GC$gLv<@4^`fqni!0 zRLMn-GJ?yX|Jy$q58)i0xjJz-N7ehpnKaf{)mI+A{*5NG(5o&{2uZTs(v=0e8UcyY zTG!#yRq*fT3OgkbhkvzdFp}Nn_NYIeI;Vzde<~%VI$Pm`EC;vEH#f!#;3OP)=&I3& zm1@B0k44J!*Fl#nSr88!#l?&SREY)#rJux62FW00y*W*Gj<8kr|8jJD3BD5&EsulKK2s%lgBSd&k}C&S}T} zNEk3BQyo-cS3!FJ6YvSU-VmOQs;v%B>Los$`sxCy_Oj3e_>6Gc!2HT+!`<&H+7)N? z-Hzz}{9v7GVLzJkMA?wUk};6j1aiL=`iF^9ARnfB$34@%v68)V*W@^7eX9t>XB)e7 zXSEg=MS9UNJOnoi-T~$JZt7oS(C$5?EdG?v1sG8NMxq0!=U6QXevR%EKaMlPU%D#v z0z+vdLBp)jLTU4$g#{R65i_qq$tz=p1#5rOkVdRv6fK8VO3{^r9)+dGiiQVIQWbJ@ zee3B5GAa`}^|;Tw>(8L#C9d5MDG`!|%KUu(`Q_od)oiX8&XN|m`I89J)>-cF?>9eo z1^`F<-m!ribBdQ2{<`aSCU#TAw$N3R#IN6^cMI4Gw!S??>kdGF4y>rd19w#i;OK~c zu1)nuQ%kY#oj!MBWpoTxGya(078S)*UAsDtsg3}hNLW%NZtPtmGzX%URrWS%SG+7- zVGwlvD`>vZ0F+XpZ?j|mpFB3L7GzAs<2^~^sv&GX5}WA z8{H5K|DiMbDMwMNHFwJB``Er>L6aF!~TJqo`#iUx-aOz+Q=pW#iP~Mze z?>;J`U;cQ3n#k(4{hlnP6|icoQYNE4pK0C%bd91m!?;abB_t%}Nd{XY10md+4f?-s z(Aaxc%zv){-l&Gt-tQ2<3k~iy50k&&D;hR4k3F|hxpkjn%GQh~-ct>l*FBwW#I{}z z&kOCB*TD`kRCyfwJ#PE8@AR?oZ7rCn1H%*+ZJ3|7uiBmx@O95rX=t!=wk@yCi`X_d za+}$5LU2Uv!h2OnIhiWN)P~jX4N*9d<*E%5p$<*!YA#E+G7j{d)-)cSt%)h#3Vz~c z)Cm6leid70Io(A>qsZdTOc%$%Uzf{=EeQWQVA8A8E&Hw+2rJTm^SR%`chD}TILmZ8 zn~S7`hNAK1^ej=Ck(;?*e1l6J)D#eKftAucHI=u%q*9XW36*rDgo0$L8x}Ch0-!$^I+}B31?iC`mu(~EDMVTu}5bAHd)}Nz~ ze1N0KyeL7Pq7WUieq`XN-`+a1@alyL6P+e{>u)K`AdDAyG7ai~j$njq#__!Z&MEZy!3}bIF~+x)}KRA%smyawq9euNF=ZHB}|MD1Sq5 zzx~T@Q#b?tzF4qMDtftYfw}@}$a?n-cQa(wVpxJ=m`KK~Zl-9y)-rxSa_-Wj7UNj2 zmgmz#nnD#fo&rW{Cxb@CY#16-nlOo6a=0c+<=7Apiw6`t6B9JK);MN%)NY>;iHG(N zn@G+JfWDT5*e;&cm(BwlX5JIMb652eFgRc&{VRjy^c{xAggf4#h=U~lUYo?K(c^-E zZkfAKRHCd~k36y5lexzB!(i+W9^;D>P1gxg!q)-la|ghv-L;aA^bdyBNHTW;zbsA4 z+Y-TKQz;n>HC8Ii=TFv;e#U(tgoAiQ3&NyA8z=6H$H^92ysoYxhoGf1?7Of~DVo?- z5h~XZnGf0G__XC7KwG(%?@$!l{o_VuVpffp<#z#|xP!y}u}#2nM9Al)-PmzrQrdAn z>k-*N5iABJSB-*D6tSO}9%XaC zB~yuAox8j!@1h6ygx<%mh|M{5U|A;|91{@}Yb~UHfSAEBbQv|}6)D*74!cT>1drWB zL~O)Qttwp5s|-|vy{qBRAte0W;@_9{GdAjmHx_u}$>bQlq2|@cZRZ058{%@aJ{k|q zlMdUYkId%v~XiuNCkg3YY_oR5b|&e@xp4BJA653*1}hhfD*-)+Q8i5H9B( zzlB8W7ON_t1iILwm4zCp(T!YpReHXko)(Hq!z50Nu7>q*0B!(;sDm^a$&Kx^HOM8` z+(D1-ozloa+ZHL7U{pjyFjn##TOxm8@@wHuWKwtSK=ulU$re_E&&GFW9J7h3;A%Fu z1Jm00bYjn}($Tmi86;!*@*=+|dA_6ESqso`+2DdvI)*iCqUC$~3eTZvn+UogZ=gRa3WWa;hM|$N zfj3OYcusS3WmuvAdIN)GoS$tBYidq+29!(wHdOgun2q=Fz zR#(|26R`}Tn5Z=r`hOWUd8g9Rt=Ihu!^n}rV4tj3GQ@JU%gC?u{$kMYN5!}#|1@CBsFhSBh5Yb`8geQ`Ti_t)c&>jD*!!Mm2%Sd6 zO2x7?U+39Wwrwr37@Q}hw3^-u0p&2^mffNWueA^r9bk=)k00iN386I}L%(8u?(;#( z%sRJe6TbcBMF51N|3Xbco&S=9=kl^*5}%s^nI>Rg_O*ReqvQ4hSo-}%FCl>3L>D+Q z{Cll;?5*+F5Ky;G{Z{bvT=UBVM>W)9gv-QpV_9QouCi@`PWlIoD-H{9Zh&u^hg0oI zxQ@6y*Hr+sbY9+z0=4uDgUaJ9(Ul?I6wIFn%+D=h1!3Sse&B=Y{P4}ZYzWwwqUjHi zH-7~f;;Cr6WSbrNm41|uhzFg2-G-1p8I0l4$vB8O^X9B3b5&=x3DTwv)dHx~*mNZe z;t5?2$02c{t9kmplvv&Wl73E?38O4OfM_9DaUtfXe;Ol4Cy<{3DEG5ALOmHRT~2p3 zGXe*qKf&bZy&fi$h~IbJb>rcy4hk@9U4yk$ciOLBDmYn^whIm`GBnv7d~8TL4ZxRU z@fjl0f9hvN5q=7p0A>RK_DjdWxN+qYU5AYj?p4(`M8K!gLb9Uh>S*z<3*CFLyZ~70 z52suk!9LHD>e^tJ% z7k!2CNtYLY48P+Z9TQc~!OCmil6Tb2Ui3kC6{^E_R#(*hP{EtZoPm^SXd{K`U5gCM zB`)O^l(c^;JjAN0t25t+0O|qRmNZ*MM&i?7T3BKT)ms=jnJ(5J>|HfSu@ON=H9G~$ z>)&$-N(gIe`;S!Mnf708P7 z@?g>alL4kfKbK`0?W!TtQw783O_iC_&31N=*RMeK-U2|G&-n|kLcv|~`0I*vV-%)+ z872$}J8sw8`^kr-)6=zW0rxZBsQT%T{U0>Ox`(pXfTZ>^$iqT|qbDadHp_J@@~2{9 zLgIKYKOcihzPf;@BG&K+s@4d{#=;*T3cIJ{ktfAOEVH+9a#YfI3lCd_uN7i_errph z?GQqxhj&7I?&K|(4F~;-KNR_{3SMns69!Me%O{WUWdyP=idurSH%ii)qkOY(nM}j1LY+A;AAfcgPsGVtblT*(u^q`{FDwOui;dJ@ zRnMX6Hx}8;&i!=*jdqT8OwO5mw3njDEuPctavI=e85gEVUxAy_D`v09!UhB_uCR^2 zOn`=^;o!!PKoCJ)JGolh> ze2CU$H`QdmyK&@RHZGbL-5rFpr0X(-{8mYuALuwG8DYL1*<%y>G3ZNfFV8KCEK?3g zYTJ%~d{7yUMrs~RmTd!!q8KldMhb*K$MmN8c(~qfz8I1+i?`2*7p5=mn5p8+`ZV>6 zWR>s42GAndLA}v5`ewwN4x!qqZU>{q8A`%XN*#CzV9q31zd57qbt+&Zcm`-E+dau? zvjSd2Z}1x%8hkdQvRn4{%GAqsPbZ#^eXy~cRGV+Jed#mP0mJk5jxV)}v;vnq`9;}| zw}8!`7hrh@wt^)A7_ft4Ky$rT`ErPfpI5v@J37MkRYHC6Z);rmn+Q!CPNT)=@Tmh8 zSO3*ED!Nah{njU=;|_J>yE=syd-|7zR73=#^}@T`AY-AmAE-HpslVAqG~BZOMyKb~ z=l9U3l3OMtpi|*rh=8ljLklBS&df^fOSt(C@R2@3`eNB~SAv@lhC;A_J`sIP|&%JJr146AVFTsOU?XcY6X z)y8@@uH>Bq`0Bsi_yWEU8q4$9Aj4ILDxRx!dnkumCO7&XYstuWR+eOI4bqx;j>S+6 zw0vpFJ0%kC3ZE=lY5!!p^p}~7;D2=?6tO-{xF09sWLHi~NR(|kBuT1KLJRUYPA|A* z@O`dI)FqZUK*@vOXj*|u-Xl&X|CWqBH07fe=o=KRF;tj|iGb~d)_yPBA2EK^Bjo@( zadvi(prV7dVV%!_%G7K4#=(POmPO^2T>fcj{oQSQwce0uFS+^;HbgD}Z2s0qenlKn@wc!tY|=_aep* z)JfGamyn|-oorUbCR+1z`+VA!(rhmKRa656TAF2-;b`6KXQR7B5Dxl*9Mdk*`dRO6 z^+3n2bxXtNYLZc^km$azF4R97>s<^DTFYAO9uQAsDo<&+lh6)EDs|fqKBdrC9Y7#O zp7{7z#}%2m(?FH8)fuy9`n{XxSJ``Mx2rE<2;x=HfoB3B(Og5C8DQXH2yT@Cn=1Pk z`lJKZrAV6A8l~e-W(FPQ>ZIeln~2eAT%)G?xTG%$I6*FC)a>yU65X=Bn41A#vXuQR zJsW36)VJJhah3fE3=`D)*ypA`c>rDo_7wPl2hq{0UY!pcO!JWqcRW@FgrqO(VHjn&MzvZ}{{ol|*kyVl)ryuF)% zadd~z&HB4omX3q7ovy2=ZNGd3d!G>eXDw9Ob7p`y)8c0qzeQ|5 zgBeZcDN@s~03R6c`(;33HlTX6<~S3J?Bzz|nJiE!b3<2Y3)RQ53CJ6fDQISpIzI@y zewV^|ZCu1|;ddr?3PDQ%h&xvKeu{x*e)Mc8RI)(@p0M%X=5th86y4u{_gehTyt*$T z)tP^-@>+n*Hp7;GZc%NigZpemZlGoX9e3K315l}EU+nUpADma-eQd2;CL+mP4OXlT z%sTYPgQka7+PS$owOX#2S$|UU(l#C{_cW779ta`(eOj#?vlv%iEGiEUK|@59{qkJ@ z0(K9mA+&6ojT~FEx!8d+BF$tYO0r3+jAxJB@N4WIi>j zMsiHLtk?c(50Z6sd|F$pd(5l0w_oSQFaNZ--dHKVaFnXE)A~3dV11Rd#%^S7 z*|+96W*NUWdaeM(M2s)enm#5j-*Lb>aJscu=NZI~!vPR+Og*Ryo}MAk<-f z{p}604KS4M-uvTtXdG1@b+AG_R3^Yq{>oUZ*|OJ9I?&Qxtu1ck;87$X`rPQ+%iq%9 z`0+^74;r-Fj0WdB$m~_#y@>d;ZtIVl!WH1(~d@2e+NeaVlIgSpc^m|rLc`QWn|h>bja+Q1HlaSJ!~F_mz1ObX_7grIfT8&eb2iQ;n4p_2A zljX@CbP2D$P6U%H7Qft}Cb;!y%C?x)aF)W6p5nSw(B1ZK>I&b*OpX?{E1;ePR0Fv@ z8&oWB82eBd_(?(zp)W8|)*`v8Jo+ij4PirSQTr zb24Il+#ju{2rMqX-VjgAT1gv|&?h7(j>CrBKd!H|Zz8N`EPdKXZ=Y}e2*8I^d(I#n zYUi-*>!XXP55mrXBWXk@@L)-p-;~~09)gB@!~uD=KncEr#j(BbVy)8{kj(^D*v!+& zwIoq%;8Q~JEw1XkehupYykG*4V=M}X-Xr@4oVXu+UKNm`{^~dTB16%~$cqyLLpHaz z`xzLoDw)_OxAjIOCDM&PNefc?-Os>D2_10=AOsMnYBqW!0CsTo4vJb!Fe}?VJ60K|rE7dg07#?>%d07whhlBqfPJEP>3f!DGO9TDdvatb+fErr`OQDuA_pQJvxqdWeQdIWyU|OzUV(j7xsQS0Kmp2 z@?0|;AKzU`fY{=Ic_Hr_iJpEwQEabrDJbc%MQhQmBoWdwI-5fAT)_Wk5)48vDT}k4e#vC zLcjhPcb`iW;Oyv<>e_C1Q?t|L}==G0YVu8w$`W0bw;7P zrfx^#vo;X4E&+)Qi@wtt|C-mHaC_DM?94WCli9`6%4Nmy)$5LpGG8H$L@2vH?8Tp; znm`P>@ur-Mh2OVXcdeFdSoEfm17^PSmj}aYAnp0e?1fuX-}#u)THG+-3`|heF5Xp9 z9zX%^U^rDr_o)@y%3&#X^EpA?rjgz+I9J^ySKDf$xzM_j*%nn|;$?ag#=lMaKaWm2 zT4CCI1hMDa!hs41RwakUgA^X;QOho$vggR4p}K459>>Zq@Au{?g=czE_P}n*?gB!W zf4-F*F8f}$m1G6X3>_~y-Yx6%Z!4DnJ<{=eP1nb)Van(`j^BQ>z+FXmu*#mD_O*KY zcE1k0VFtSwCFWN=Q2>>);ZSb5xrn=}q*Uwasf5Or_YzU5Q`d(#O!Fk`XA*fWDFwlE zffzP+&eK*Mso4|6fh)m@nd1KNGJ)_gRGt&JQQ{<7S`dmxFAIR1fB)nJia5$T`w2|l zSg_3V!W1c0W=2QHyE=B&S)y-e)~E;da|uJvLRePa=c|tHdOKV)o%-3=?&23I0oND) z8WWqp3lrN#usgJ{pDv>GA*D{FHe(;y7F!CQR<_@G;R~NrX2-a@$nJ=!FjAkjKrA#W zp(Y_8A9^8UYuBkRx(sRQbr=-6S}^IsJA(UPkJ!i4A8iK^iy$QKdDWRmGugN{`=ILk zY5Xd$KC_~SnXoP5vB-fQr^O`O4F`Gfa?C1-Y;EzPmB@FpeWN$sLcwby%zgEKMzC>x z>1qX8Yk_0epPFvI{g+cZ0lc8=_QxW2hR3tMsR4Lkyb00u>gsG93dT#!drls5EvYHE z%n@I96;V>qNpI&Ps8tODOiX{h|gUBX1`i=+Vp>f|~{XhY-&*6N^$6k;9r3COO&D~eJS5l7w4)nq(|c!B6mZ$ABx6tayx+sFo_x7kG1W^(m{s~tFG zx%Ay5W*U{d0;j4Zp}?3Jo*Gx@{d5yP1wMH`h;lBjoQH|Y>wc_NK@5tiRh8ES(5#S~ zQxkp15a5CN4B6kx&OGTaTN-Fpd>epp++uOkZcTQb_~g?wjm)g?*O&3S$LI+ zctJvZydn`U<@MxBmGNR`AdlD8nmm_h+|+!043v~ihdq?O0+5Roe&5?3%f{7?)|>Am z`W>_jTQ-pce*h0*CcX#8#{||1674CR?v#yADGv zSUf|Dc)g}?$6wE1qXc%{`63(kAwPXPOuaD5br@w}22f4QW9|ImQLC!jleZ{+%+_$S@TYkwacyANw6=eZsUt(Chf!FR&e)nF$&6uA2SyS~X zGnuPQ#ECX@;k@HK|4{g*>%7D3cU6_A&q%rn+lad6sYhO!#h=slqLjZhUU=IOd#@u- z?v>M{#;>>IevgM?>n+#36Cq7i&p7(!R1s*ug_8Im?ZdMo5h|Bj^y_-V??;8Fu|aMWP`EZscJo82iHFJ0O%Yq{2=>Ohd`ESUhwSLS zm)J!e+d(amW9bWk@}C-cF!t5kP@nd_vlp&A>~C9Cvti_(1Kv?Jmivrfo$VW8N9ahO zFfLa-ojJyjJ1+YyTK8ex=mj0t1wnv}PUv!sWxsl9-tq70I*_S^wN0M~@d}{v`#mPQ zR((GJ_UoXH^y#N_hsVQ7K6+!h?nAGiuk)=Cpv%|LJ) zUNy~z~Bkss3(%96H~o)^7}C zEmDb1I~{(_$J~wUR}tu>?wc9f>J>ga$k_|7=L)yuZ4TG*VOk*{`06$ho;E*!hN1-y z@$T~a_djMdOMj5j6g~}j`MUnt4>C5IuoGTCLANLM`ZWbW@tY>^j{|e>CIoE$)~s*4 ze}swCZ~mqA^q6)hbXv7`{i+=eI#Yf6$y*)Xp>~hUluKvv) zId7lIykFtwLsXzYr#OK1Hze%?e=@l(^p-Q{td&Ig4%1(-ah3ScVOfVI*4-@y z9>La{hFR#O>PeNk441{@bdnO?4)}28oc_yePH;BxCxHJxQ`^b(ePt$y>*)&BIV=Bu z+^zya);bps&DD}(@-J-L|wg{_mca1>mq zaxdtJ>Y3b(5NL%)b%KqeL*U@F_S6pAOR2L%#*JN`Hr}#SA(%w97Ng~vwWY*>wCvPd zpb9!X#eeRRJ?^+0S7Ej^ftWP^G_9pF(_|byKcOpJAYEwL#eQUWrNbtsitOoowcw^sfy3<5fokS&1Pec@kNIpC~0ZJiZ3yV2S)^+JMAGAS%#AD z@mFo55@iw2@p904$!g%GISyJ_71+<;sb~L=hFa@THLuyjV2NE`KE2q<}@~L|ET(OF(7V* zRGFY)+euED6WnDWb)Ey5iOnQ@i07!G20lQW$$r~TgYsGU5j4$6c$LW`0~VjNeBX-% zr9FX3L<5?bf7{sZOa=QkC{-pdbNCt=FUN#AB#yB95S}py1N3{)#Y_FAs`2lEA&G=C zPV6*#jt>f48Et^@zcq4xZqB#Z=l|b+tNjfCdH58TtJN9sbh-Ie#+-vt^3drrbHc(< zmqXT7jv^y62rfa)GISX5rYdA4%O9wEl&y@)q)@AV+Wu_nHfQd!W``J9+nJV3l%HpNBm>nE-S_~_(jSE ze9+J>F)KV+iu0@X=WLoE8yj0g&-H?-amBNkM0ft76JhPi@9EC(3a~_-()o6SUJ@~Z zDrzHPw}~f2i1}6p26v4%?-p#zFI9_BCde;NTQ~$Vr6Xh)mI34N6H9Yb>v5N>;?;YG zW7X3!;`KNIDH|oLa}RWTzUPC8O`I7gbzo4yBD|fbzobs{I2g@%48xEi3yl9&ADS%b zO8~`K+~*UoL_^nJz!Q8@ng=9=n^m zeGoJ@N=7cd8xliJ70|izojTZG*&7y=^BvwM*6Teh3z{{a%qjyQqe9Loc`^m8K@zf%@8~E|@PdPB5 z?lu-s@T5J}FflE%g6GSRmaC0=fYBXJf0+ZH&jqyVAWDKnS71eLpeB1N(Uw28Sn)1c z(%F_dxOU528az!rR;N@ppbyr$a}%gJ$qEny0T_2(oRUx+N#w0`o|3fjCVLR!bYDEE z&|0_*Bk;+jW{HzYBPPg7T3mW5G+u&7xtQ=9PGlp+LiVJ80l>Z|S zP6roiVG!LcK66F^%{beHPE9LP!nZZQW7i!ng!Lc3akukkPmmNw8B*}1U$1~!#ijPP zyQRvw$ZfyEG%rb39l_W^P2@i^zm=+q4yBSNvmVB;77qyT!#nbi5u9F z6DH3w85ZiAJk^Nv7dAWvZDrdD6=slt!btOWKT70otIJBx0tmr{kM1{)HE?2n^?-~k zVp|b&>qiGX{;`lRr86|@Wt{#;6&Uvod6A0Ngphjfmbnh`iAIO|C|Dr4i2^UpqOT*JJm&m zoBp>LKtWv~;4fhHLAPk7^YRFn!;Ogyp^j-7RRgdi?Ir zI-*`P6av$q_VOD=egi$D;hiXO;gUOFl*xwusi&&JXcaMxfk9Dbb|dNV?yw@GnLVf;2O_|WK3$EpdjJmkGijo3h{KaofNH>Q0H3YU2W z_pgi-09>f+6^#11(LX$&hX@R*F(TkMg}?zP;R()6QAls>qSB|N*@MUl3$`%76YoU$ z7nt1DvE?KQnX>oeXW@EnkEn1G6_Sn3@?5+on@cB38nDB(iks_28PTr>jT!o0ZLF$TRv2CC=IJi9ztv6)$5J^u6cz#&l_fRem#z?F`xkBn z>@1O&#E?WsdnaL`)r9M*Eh$7t4UH+xQ7QaE@EY&Glp|wgTmAL)QLVlIYz!gr55t8`2komUWCM!YnuPM!IKkXpNunxVkNEBj5GhK z*vGXu%Jvq`hk(?v#?bsRAEyj4rw3=m5CfSF=|#KzPq_kXIYypn!rc#r%E~U0sl0q^ z=F~@FW5`iVf^iTgMIo|`)m|kI9>}5=ku%1yHVMP8_Uz57f)lGXRV=mh#;?PqHT}h* zU;aZ`CqZnNSMv8xa+PSpTd4FVrM@LRoIDIWaMPqFdL$pSH6A;QzzD?{&h=8M^O{6C z(XAcwGKFxkITmU}gGupDRTL%9?2D!hzGo(ao%%zm=9@kvFq|ArJhY^Lbphof78OSb z`JF7Se_8_`1_rcpT>S!8HHWHnfH9n9s4;~oEVYpqo(y7Gmn=L|fHA6$MhGV!R$zf$ z4|SYa4n`<3*4sqM0@T_saaa)lS+F=#z2bZAx=?>ZXc@$jK%8#%@&*)KZ))?HkB?w7 zfbUM?jtOHm>Bo2+Wb(x>*?qo9HQXz zEobvIPSV{pR9?l&u;yr+$co>iNF&{(g_`8BUwd#ea{fLl|9hE%ll`1nlN(noo-fuA znVbu-1tfqMzoa_1mFte!rZ!!I_HH`rbF>M~GpNz9+} zN@A=`+OiY5p2;i|Mma}xwwie*CPYyjMxAmT9#P#pIO<#A_Jpp`dugct(41umq|D=g117s;LtE-Am?MFqD5=y9&EXTtk|nsh%oE;|cOfvCzf(-lx9`w`9WupUM3E=P z@HR({)DIC!AOnRBPC4jVlxlK*!apCNn}f#e!Rb^O$VjY26UCj6*!;f8sG{eHf?lwW~XQ=9KN~h6(Flk3I_Z~$Pb=2QHL5$m!V<3-q zwvwFghZq)2dYTOjd~TYzft=E@#VbW}Zq~paEMkxHzvNZPx4xVrK(G|ZLK8PyMtVs_ z1emJ95D<7&X$6GlyDQ9gjKw3H2iN&S;Ydqi8S9YMb+F5HS^NMrdqqFvW{80~VMAD_ zA2Ntz6Dc?x^+q0)hVpOM5T17}JO}plem8m|U>9HB zq0JXqpDaGd@Gd7ORYE)+153;&7~T#I#)$tP`01GmZe$$6Poa{95*Q1pq&F1nd=sO? zW>p8P#t{kS6)BDi=TD9p^CuPOZH95Me-n=4o7vamR%DTm7!JYGJbdJ^*tp)z3}|^8 zMp&?P3-QGG6q^`thtuVt=*h#Piz70qzC*v2qhf?a&=YRP3HG%ILc>sXLC7?eS46+k z!bS=SRQQDWV_LaG$mATvD9n)agdJ-T$rHlp)SccB7cclXVf;kbv*q|4)CY|vrCDCZ z^G6&{=kG>|I3EA`sN@V!f-y2w;0-?iG5bDJB>%k>Ete4`HJV2GQkPe~<3F+Pzhek8 zSC73Ob0i<1&^;j}5oaf2kpEE5pcjyOx={U=E#RJdB%=43-F1Gl8n&Z-8jFNM#fDnyI z``s;wEr$R!?~46v33h(hI^J0xo&Kk%y_KyDc`%Y%F&&q@CJknTbom%bRvr^&Kk`?W z{R2~)&)=i)1qa@A`?Yo0DJ?Tju!%BMq`LWB7zBzLx#_jzRcIl1mi9U26|g%Z=DZ1k zZi@NID>(z2vK=_YU(b^72Y0@etFU;zFK}G{=}oW%6ETsQOf?fGZw^5<-pYP#0Z4qz z>Akd^rQ|DXkn-#)y;!v|$H~@w4G*|;v=)NLUsE)s`JJ_S#yJh%jCTbuueVO$@)NNs71_NCI@yb={I7y6JcJ_)I= z4(Ib0r$4*CPpMfV6V%Tyoa66`2G*YT>bIS3nyo|hAkxHjvk8HmFeqcy+X=@em9%t= z33#A6#+oo1oLj#M@t&5XUBP;@%6l?IOp}94^yf>4FMi%KHD)d zG1;qsX8@C-?h+=5-P6_844Cq5=btE>0#7D*aUA5-~ez@;0H||UT`bW z9^i5=2C})1{3^-A7}2HMxIb5e8OVjYScW&Bo&(o~z90LuI#*P7SFy(xO;Sx7s-nyP zD}!M^6D3XL?H~Ng<&GjnBnhr}pmF}bhf9`W*n`(diKly6DSBVL?+j?*FoS^BRFerM zhtY4fSn;4X>zWl|Eb|0tkrlX>k6@?6CFA_p5u7vpu9*#X2H$s0VekE{kgX${}S?S)S=6+GeNLCw|#h>1^KPr>%M(3FY^6>B_ z*kE#p0zm)$0u>xo9ha<%++E!tdiM37Zs$8rfr+pB&9+uHI?Hkfw+Zg84)<%1ORAoZWmQF!VBgYd&V62(15en zV9XD|bWZ69?LL;ENu?sAuVAY0_~}u4JHeVZ1zJxt3)wOSTo<_)RMSyCa=bMAIl0sD zQk~-IpGoQJyZGG5|1<358*#g-LozhuoYlpQxsLW#Il`ahE|3Ya26GF&Ft) zxkXz!xplWoL7{^bXmqy3f<6+2jKfb*1A5Ta-&It-A13F1{`tWbl+yse=vq7C2R z{G-Ml)GxKegz#~gbo1M>Ef#?q;~0ihu1Nw2#xq$|M^o%=O=zgYS3doB;Fxw;TEf4+ zCdf$MXq>iXZwV%)7-RQYF_MQ~1kqc@Ki+SxY-49%U!$(KKNbnMSy@{0WQ={0E41|b zr!>E+|Gz2Cqimm*=AjfA1poRC(_sLa{zcOik}s%{oM2J{aB9-an)1+vNBYR6UrL6X zT{48_-Eo8wkt&x<4bmT+F<~ynBu2?2=xhIV{~g0}1gy}!`E@%5MuBIsz*c6)1G8gng1R(6%Ya&RKF#ug+(lrj_40x z4rf!FAgy5%Z(%N?uvHOEHebO4qfIB7d34uXN8_+v3}bQ71ZrW19Nt|-a^d30~UBzkb0Gp02_&>6V zAa<)tPD?ptZ4HfvO7wT&0*>!So88pcPz-QonD&NZA|aq1Fs!9|F2_qxFR>aUKtOH| zCxL)YXHu_&DS%2>_~#I2`~OgeGv1F#0&9N~CK=S#{{);qfY#~)Ps;mz6bm8yxrj+j zl)OCuq$1~&{|;-9y!oCa(&IgRI{hZA|NA$+qflBQqhxRGhtBQCBLufSblyT02eT7C zL=1srcC)8htP}g#)c_K;@5-;u zZPMke+#NTDKTRZE$v>5~P`@0Sq>Qvi$HrXC;De0u@R9g}!<(GVL?$?fs7=IV7`QQA z7{{P@w3l5CM=WJ@XsRFs&M4Kc;TULg7(pD)ltNk{kdAUO*nc_>Sv{u^M_0aeD{Wau z9>P~X0!3ox$vRowu@GV?JQ+#EPKNnvv=j4s$`#-}0djYP)?_O0U6s#aQnFc7WsB!U zdM3a7$F=+3w*$l(AByzm1$PUuN&ReR4)VD^-roq{_v{0cjd{8Ftmh^H&n39Hz!!-! zy!edalEqlceA`h2zOI8WMkuKLvBBPU<@;$~6if5pX}O4#s0{m?wX62|>l7+hl^hSZ z#5##+9rg77=JtSOvFT*G2IX7ylF!OOV`ae(~M%U*(PYF(C!3x;^krN-4 z6$Iaer=>x?mH(nQOC3t{H~ozp*Sij)viA3tVs=_U2hri;D!TpJ#iZf!`jzV&u!xuB zfqa1r#f*6r?XVL27|`APT@#D|<8GC5QEh*?tPztv2-1y0en(Tz4=VtPHJIumYHhSv_ zD9#4-&?v#BbBy*fxh_=uQMW)bqasaIS-CBD!@0u_^G@hX;E!-cbSPRlc$o;1AMWL7 z@-L!BVzU*XDQtkG@iEHaR)F32{x|9IQUh|Qd;7zog74n%(S`rWz3+w{-g(8;c?-`OBJ=s&*W8T_EWb7FrE4c=sn}U#6?t; z^@8HBqw2Gj4Mkd{lE>L**hcJ1mtmjBg~fAzms7KO^gvUk-CRBccZPrf%TTB@B-i{0 zK|%1dS(Ir_9=`i96E5fk`cQKw10w+`+`?R!(K-deiRb_0>#Kv>?7poZf&~i2i@Up1 z+=>*6yHngL?i6V#1yZcIySr1I;!bgQC|;bRU;4hkdq0^w-%S3`zR{)~n=$>IdY7TphaxUpN-`W)o$XhQ;RHu9om7jG&8o^$#7Uz( zv|Hy`u5eUgE#EhY#SqsmE)SI)I&3Hf^l^ukp%Ytldc#NWIfP+m%s z+BOiI7h6V-Ij-C_{gV~_m>kedhG+7jBds293vIVMgHr(g+~sI|5A&>7__jd#m5t8XJI;K)y3p<|INb+zy=^E zzMIV|qD;`IyKR;}J!$T^G&g#l8G5b?#H4zixMsei5q+wTf=$!!zHU83FU;_f$3&P5 zxVRHKX}aL3eA}a^j@g~;o}j0$!Q$#GqlEjzdo1&d4)>uTHaEb}=M4uaY-^aFjkNm( zs(~r6ojJ9d93HihU1j>(E;sN5h9m1Mj0b+UoE6SR+}LD$SE2V)`QCBWR2x;I z&iORS>x3(rd8=Jc?z@UaP6$L?FjCPok}>mLgaru5!h@X^i8SJyo84L^;_G8=BgWr# zD=}E8xEgVl(O*V&+$8dNdEO}CFw_zjllC(sAbae7kJ7(vA#S`wG@g%RrktAFb*06^ z3CwsrP{V{TaaII7px{Y6RaLzz8^q>>m!G*VjSJ2(1)=v>Y-#r7bu)(m)7^)72y1hC z-|Qhdiaqk&Z*;Cw``rn^OLaM1el>y>{WqckQB`1FZx0Q!iiErdG6W*6*bUtVS3;2+g?|1y(x!DpcA5 zyzV@qH%B;=mpUW`ORH|PmkS+B+Zg!KHk!Z?nXJ4UgoYz9`Rl2VP+57q>z?DHT6m(1 zQJph?C9Sg^h+3#L6n}WJeljDwmAx&eWSfa>L5=|+a($cMfQTfIgV(}*F)l_p#`2<7 zZJly7RIcF8!T|nqO9MhAfEsN{azn$kk|fVu+5wW~VJ7lA=p&OC^l89YKC|)F8b^?xsG05rnw2x<-+Q3?vxq@wX zq!TbMnq*Jazc&6Gz`AyoiA&l4cM(o7nceu|XT5%-{h9x>$mwI@JGSOL9Tug41gitB z`|Fd4k;(g;(|}*u$Z$ssZF>(FV@qvzo>VbjkFd$t7T=FIt2eD5u1hbkSQ~0tC(VMo zbEHM8o1D@&!|{d-PaB$+E?DeVhQ=tz)At^5Q1~OOXbROlMy*4$X>*6RFK=$-gks!= zxiLnrt}nemI``H{+mdlMtsIAV3EqF|$6+nizq|idorF_MSAYcVows=Rr7FKyw>oDr zti4d=xh3|({G)T(uwsg02#@D0(>Fk}+DdLxLaLEu zfW`P&#R&-`;dsgW++hNOQpGK$xxyuPbF4#ny*Xpj-fE?HLhzdv*C)}M+S}dX|fqF#!qSb+AELe6#FmgCl~*W z9ek^s_T0>mw!rcY_wms`VLBPwW-9GMnd|O}Gw`mEJ3(X%+E^$47WV&h7FSfv;xRA2 z_;JcO`k(LT;5czg}B7{0scy*rt-pt9*V zg;8u|YJK>uT=#HoP_F(d{%EFtZB;~rM{sU9uXXHFfDF~T%TkC96y?#I$wBqudtLNH5O zABVC{wY1#x4fS_XcMMxR8r|v#uY`HC$S-lj+Y>SKgBu-|FoAcH&ixs1%8MWAzI{B; z?hg(Ji92+?WoMV)?99k+Ye9nJcOboXE>R<3_?1Db?~&;GaVJ(((q^t=#b`p4F|pBs zI79T?H5AV|Y_3e|rD;)V3reX@p(d_onV-xuI5LALXGNrf$5nTw3+o7#xR< zgR`Z+gxDB`Yue&5I`DKt_>M+@JF?~4=Ma169L744UtCxaj{d48MPIhBuk-qnR>ZW` z$|GLHbFQMxub5f;_g=uqy*$=bRY4I!!R&Zmf1mtsLLzG`^>&%$Zuk*@9G3cCij7TI z>s>)36|Ek8E2SWi`G! znwrVKn`Ab%Uw8QZ@0GO`<&ZMY|38pUgg#59bn11z&>0haw}2qy*V57!IgSAdwB(pe zhI5F)=LmG+gnmqWDzo&G&r?IDmdx->xo;f*s{EJ)C0E!VrL#D!ZcCOXB;^V;mD`!_ z`ZGNE`%^JOSY#P6*%Rbv_hES8y?|OKT-^Ci+6S9x1^0om`L^p<#f_T#q%L z?-zX_k8w)Gju@vn>L1J!k(BNJBL!3M6=FC5NvWw0iG0ONoR<6<1gMGc|I%z~N3*8N zM?tfdLI`z`;M`YXR#fAAe}$0aV=^N~5}Iuz`CoKQ)_er0_Wyw+z377zVVBSUIoEzS z17lAxQ~L>{APKn4CHKy_N&gUV|1I;5pPO&>@}kZ6X2dFO?P2#dOh@1WzvDJUNBBDa zu)<8#V4Vdnd;z15n|b#2v8i>p-jZJb9&#|Itu@ljH`26GI9idRB`0fhp2xAo7s-h_-NbDQ*^)rK3 z5)VM2H@X(lIuths_42lzL|@A!5B$D}Ch`M*1{DwwBqtO0(-0_(BxNk7eW4WN>i1?& zgeR@S|9u&sEI>psk#eX=B8uAp(L&2w&lPK*;0*b4>CD=LCNW!s$pt{d?OWRIqIkI> z_D}!@3*(8~{cJ9eLpcp>fj4XG|EV?n8v&4~;3fgo68{<5`Z)-b2CMw|SZe&}bC>Yn z1g3vF;W7U5P)u%lwp|!beu9bHN=J!3?vIaL;Gv9!`zz~z>z;3UX4}!ZoIJ&abOwP$ zYI7s+QLslw^m5r?#N6NZxC67W?~drUOnE9XZQ>|6v?Xb9kS&JXuw!Izq3#}bdeFUQ zT2>i4{#0CATI2@ho>~;uHt+E1yCr__d% zfX(-xW%4m0(OfYV+odmm!Mi$+WeuDRPU{7CGu zEJpIw>*6eq0^nu78XcKUKo}i??icJpJ{eT=Rh#s~-+MlO1jHwW@&E^v>|~wSM;}$> z&v}42kh~?nUcz~?=dUyi`$Ks!C`7f)I-b$L-6dH8{9B7%P35A zPq1FSptCivej!lXqb7f-VwFHBIgs3o)LtUh%Tx}hfM++Dv@*{vcu0nUWA>3Iw=&Y=(Nq-F-KIrxvLIVP#~pBaHj821C18EAN!XdgxEN@Q}A3E$fW@ zd=IzY)9ZI&u|N0GC5KlL&qUMZ=_EAN){>V`90$m*|+qQ0sie1c>)qy_V)JE#%?m5Xqx7ajn)N?usEV`7D|!Tu1-% zFwoLb0~ConK?Kl+3pVSpyYZl)TUQ(>JIHAf0U*T&!_4gxUc1k<#46QW(ZK*F6D!en z;B3kD_N=NNL1&)Re}Z;`6cogn#NvULfC7T4sT8Lh@P$AD4N3d>=cJaY zN?iyh%DeZ0*@$m&u(%nx5;Z!QQIX(?0B3hJU~(8MN1HNGVnks^4pX)ggKD?Pii%sd zpCbvjvUZwx@6o|XUwB+E>y41W2q5w4M)N^fs!J#ZgBC4*rL*Gwb2mxea)qytSCIm% zgrqH4A6$sls#kU!ux>I4*1ll$ptNd$>!_7AIwHU465TWNg3P^MBvu~zzVxV{N72wKVLo%O#> zb=`!wm?e_0rKSu4CRX-wADZb?iHqG>loTHce6m^3euP?W-c? zd^OGV`A>`sBSecxJUiz_7xahJRfk1Jg;$?_#sGPZm0`Q&V{!8yI}PWX;?MPn)wIZ> z@JS3#Lx#Vdf|KNme~DFndP_+Kw}_#tjl_e++&l9u^9pJYCZ zDqC*jZ*K5!8ir>1%CSu6oGyco7Ww-OtTo3AlW;&+jIfcM&y%VK-g{+axQO?Y^cdR8 zMF=l%S~KG7k+NQhd;)#r1YZ@|C**}|`(Mcqur8E1GSmCMNbu`1n}Ne`j5zCTaL}vm zF)iR7-;ZLq`Jng?Sb!9PmzWXMsqf>nFu%;kDfE5$Lc)Bvh_v~#&=i=MG*yh-%Q%?N zSpMB9!76ll+2_>D+JduVK)Z+?2cLi)_|tV>uSJj6xm>Y{U+Y{KbruM>Fj_3JO^9;8 zQm;Kg1vh|uO}&cpnd3FPlkaQcwRQp5ybMxJ&)oz>Oa()G?(y8evx;QNbeL}iqTC_Jvj4Bh%U zc~y7uM5eT~y5(yR9f4!qc!NnhMF=0Ps7Oxgz!#VR1w-(BkTqATazOnKqhD5Ea>h<^ z4#KKAv?Q;BOEBZ#okueV+~|_x1ajL6P6cD^Mry`Ow9@_Z)$2Q{P$C`aEgI zq7^-oE3%6vzORb_tV8Ny)ye}0gzB!jk*{w444~=k`Zd7GZ&U*x%$c1rg>)55uq!FuCuax|%lYUN9DS%n_A;aT!bf zUF7-`uC3@RHXG2o&2DN%_S%!GJYzvR3jF*~a=B4x@}j~^v-WpntN&8&?NMqikVl(S zo*y2mSipJN5CKZ#T6$bbaI_;_7R@OA5~+ofl{+(ZU*9O^ZR}RBA0bo*PdyZqQlBs( z6^CJ=9Whd{ZEe!-+}DnOO)@7^=fHATEqrp^^g%3;!dzf~rfqZc)>YXVsLSs?8jR~> z)-SJE!w>@cBGT$C!4tt*$+%|nISSwB$$LJXQ<6@E#G>A+fOt5+m2khL%@O(3n{GO5 zBbfzsvfo>m0--Xk1cr4u(sU&bpCj5^zQ9Bb62({k8lNk z;a)-^t6WOgcRq7((bm)WtyLs)I3E(Fm$SS0^AJ6NB9PEvv! z!tv^Vqg&V()xMX;178NAFYGAgQOVpAG0 zBNYO?INWS@7VE$5pDW(q4$$U>-~#37t5q)!{@{y4iUa?sL<+i^FA9q4f1&FjyN%Q+WJVM#ZO32A5h(_L%YUs-j7 zR?A364$L9+NoO{&TM&z!pKF?%W51b~@9{WeLK{GhR=^b5ZNIaOxA@h?vXmkCNY*A7aKeCkt~mM_e%*L z_f;NHs>5|GRlme*oQJ3(e@RnUssj*G7*q@ZJ>UAn8(vKJ+Gma$EM z4S2Nv&rmSKG*D$07kQdu@+j)DuwfMQCI0hnA3=hlEP^URsLUIfIz>@5A%$S%nS6EmOs>3(OWCR^Ce^iE?%M2CcNFvv~~V8GNRqxw@n90WPEX{rv0k=eH=w#c18*1 zc8QVQ@anpIV!^7bp}Q%4S=FgO*K$>NhVj@vPp z&?ENf;Im`eY$u+b>!5nS4&6uLaP75H9#6`Qn@E9!;;X8fE>JaZ1%iG*KZ(vv(TUvz z^!9s4w>9^AFX0OeZ1Z8o>CsB`F&UOj6F9(FNtf1|O}6?{18zT&`)#EflM@h_ zTdq|a_>Q_`h+IbNI>4HU(l|Ig$p|lDS2;hC&cMpbWU#aNYf=n*6eaz=x87AIQUkaV zVY79Ya(8gZnE7E`fiaU5ra^)=$JRc=i~w1Ez|w}W$@nBN;8+|k*KhD)Vd z-J*Hxm_y5IK%CIibGuPz_R?J-ui=&Vk(!m4nmJO$gt0L1>CV7&kp-)RrgRvT~1bd#>?umelj_C^GyVCc?c{FZH;Ou zLtJlFUolG>8~}iLY=X^iOWDPi4P3WIkkWD&BZy-Wi=K z2E+?KZ_mHc|FjY7mj6<6?0)kWZ){5_cudpbO?$0rnERaB)91a)w#UzF?1CPXTS7CP zMXNR1S9QbcbBmweLN=gDTW!kFgsBCK6{;cT-%RqK3{n$3B689hl)duRe&v~k#Bc$X z1P^XShZVB$%qGaSMldNMB`C$KcbHzv<^%=pSmF(w0ka8yNR!u#6#s}bF8#W zS*(4#@k!jn{^q%@K9u+nnm#?PL@T|zRw;tLgnD8)lP&_@aTxxl-C zO8NBWF3}7AmeHA9S`en!L70TzG9{4KyxJTP(cxh1HS+V#(3#Z4d&>bNnBqe?V4aW8 zZ=?Z&E6WP%)4#a9E6qV^=fqQamw&)g!)wQ7uO~!&;Md8?!NI{|-Tv9HVg)+a z75BN1u=}b5#vfU6f37{UNCfjmDFhSU|BhZVLBb7P3L9I zK7k^@$8U%H4Igf+A5E1bF8y~jB{|?26g5nfZ#_RSR{AUL4b;8zqxN-)&}wk6v|qYf ze~QWec_@~8AMv_e8INg1An@5$U67%8`=^HNhw~WY(?8o%3F_CoEjNJIdcXcy+XG}H z9S7M1|I=(k)Uz60!nUQd%f0CH>l>Zn=WayITOaMDvBdM|yS4Z&<6Q`zCJ8h8Q3|U1 zby}QnH?7^x$;jSk+sE#Y(gOQQr~3~o&R+cziK9K@AOC#Lf8*=&!dO`>5EqzOvcR8r z9yFe`^Zt1ju1qN&h3_q$aJ^Hl-ZOsE;1@iraar_w(1DOMc1|ZHoj};>R^lb}pf)k$ ziOu}!D(i?CcKG{k$98;y z6*(ky<-(5%)dsJv;NMp|&>qpzsPt zVWO2$y*fxI&GhMcIT1VrAL2~jX&u?&sgKzC`331OQ~>YyK>N>UVe{uJl-tF=q1YG7 zB*ZKWFIi78eM8+nQ-8M|n2(9gwEZzs#;lzkse%m9?Z@$6mt$zm1;`b8!It@f?3%g# zW3qi;C%8DAN&K$g!joMC4CqOSi=Fb^6!^Akq!}P5 ziin-vA0NaxJkhUBoQpNai@NFF?XG!`i+25qI>j3z17Nf~N=?7^G4aK?pH__HPCqUO zJeN)(%o1Vj{u~#pzMS2w7p)fJf7ZA$oZF4mcl3r;h~0L5Zch3i6@`Ah8+TzB6>0ZX z5vl6+z5YCpTrnPSVaQr03BHiA{U?bEvhwdJv5at7>S(=c7!TOESbOMuJtp-0kow`N z*+NsS^na9Rm08m;WonD$C2bREXm6!mc-bNBJA~(p2rQeOJQNe*{`{zlhJ2 zn846?#deUw))pZqj_-0)oK^mKUZin;JVBe2o^JlG^`X{SP0rG2$uRNcB+}}75>bHK!lPZ&tI%d`*Yjv0t`H^q$ zY5HeT)a7`&bL`i=e#c$(&KEDfhLdT>rGjJSv9sghjkeyA99$m2spu5N_k+K+tgkWO zYaOJj`;F`s3=C=CgTQ{I7cC76NB(~1k;d79r*}^{`DuH2Ry>u&E9o6KR!hTM@geM% z1h#OX_X4H?k;wY^>7E8ptMai|>ggfQCx%dVk+_gTLGAN)uDzio2G{TL`szIVV~&gd zLxd-ym_F}%na7lc8<_pp-d()5chkDjjaag<3T^V`AuU>7$*(YecIvN<@)W&G?`9s4 zy7ADlP+q&sTAO36Xkz$tXjuKIFVm7x@VrHT@RePmcgroYoT!Dg@Dvd=2LIex3zb-V&*TQkcKxMepxk^VOOPL zks?v(sQMml*2lMo_oqY(?Z0(by@Ftes*wi$Eq%R$Z}0Cg-|Nh~%`2gkHKA625@ zmlC1M^WyE?!L^;^a>HehbT6w}2?i zngp1j09U2Wo*7sy-rJ3d7RPkAalBE=4(&G>N_4l=V>xUPd+rG7_xKDL-3LQxtF7K% zH4I8Y$ri|<+Zx7VCuDDdB!>Oq8ll?FH;ESZD3rhYJ>!)P?K*xf>^J&5j$rI>IBYD? ze_!ipduZ3Tgoyv_m5RYLd#>`?ODrM(@Gw`N-*I>d?%w>ivwd=WyBwehz+&F3@|!x* z??0?milM%lmznNq7w4{9H=-LI_ro~DuXIaa>6158Ha_GTAsScB{)a9#K#-2krPz(h zCr!Ta`gkpI9M85vVa-@xmjRc|_i}P-od0pzb-eBFAVBzLxub~i;{Vp-jf#XGi&Z`E z*EalBik^HIFnjW87Vg7R!{ffI4P(S&Uq<)WdIzkysJKijdh&=2ddum6v*-9u?8QpD zcYpzyQicM7s^hdU%Ck|3xnrTZW$<*@5@*;K?d3Td?>Fv_>p6S^fuJJyoEaAU{DgRm zOhr_3!*7C?J|kg@`*(U*OeaN{0SE-lm|NTH`!vbG|N8L>FBV;sRpYgTbY@ zCh(r6p8pSj|M7UaKd2^MD?X`ILB2=)`A2H)VWx?Ry!Z2Au$@c~1Gf9==H^j(DTBj% zrEO|EHTyo9(_3w!ghi$oiivq#$6Pr4zewpm-=Tz}h7o^i^oXvCS-fye(wFQIJvbrU zPKYs`FL36=bjZ$L9vy2w=o~f#qoE5DY5T3FCoz=;;Cqo8>7xSquT}yb6HMD;<5-vK zgX#3(p#pSn^Zq|y0%8u;2=`9OA-I529uVm8JKY5D4`QtJ^^2S5hbSJZXinv3jaR9P zK8KT%?i$LTwW6}d_NdV774;3922J{`tLFH#&@ZW#Q$aIw8I%?9bl10Mw2)un2etOj72GC9@$rPf&LET)aKyi3z!wU@HmC%F! zM#s(jpkYS+ctWrVH0D;JKamiE)2s$>*fs?MGM^pYX5cK|m(57dC^4;pqtbAsL-WN; zwz*Nyyl3{WZWaD4d>FS$9$cuQ2xNf=Xv_yubh!W&G6EV2BvqQ1I1^w>NJZNAb{>6( z-*RtnuVdrQDfz|tn%#({dOGb@<6@o7MH#;FTSd8<%v4j4FX7=iar;+3Wk!%iMnnSO z2O~eGWRb}Crd31YQ15Sig&fTa4THg-#}z7^Si)A~L=W1HY|YOu=zd=QhQ6)#?Rs~cHen#vARu0}5eB!h zU(jkR;V)z|fBPjO@p`@wslC;f>fVoVfNKW~C8u#5R3WC7Q_(l{Ph-{G>uAg#HOGNB za6o02V^)qhv1}ZGR-dCT==PdpID1AuUN)p%ob(u&;2EX^;>TrNx`XGeGyBS?j(IQ4 z!t->#s`Y$Xk82YEvKZC}MCY82H%r*xvW=G>aJG_*r-XL6dIzBZB~12gMuJM)PTY0ErX-xO=KFplYk!$`198MyH1 z;z6AoJ++Eoz)~s~s1|@Yo;(;C(6j`AK5*qOF0tl5B>VaBLwQ}g!MFF^a!;y8A#xTo z@I5H53dUQ6+t?zaOpk8P9fL6t*JT`R9<~yrt(NL)*+;XvC@$wcs>suBQ2-fDBpm8HyBBqQHSZD^KsG4VFLTbCINPKeBgk+n3|7o z)-jRKaZ$rJyR`H$mOKFn9JPJ)8YAgjT&onql6)D573?Zb4Nt2{ zfT&9SuUdK?idyk{*U!nY!vg?NTuaUC^!ao(%yf<3;+^-vGui6LHjsV1We9c_lxrP) zcC+idB39-$$XUBev^*XKcMG}KISwC_qt!hUd|jV~jrcXXNo>3{w4+bcP*VFZWOWoVHR!q9tC-aE55b>4Crm z!z{M=?(aW{El}aa1Qsp+u}fQFNknc&B4CW4-w41)ULnXJ)%I~)+Q>3$|8YY8o{ck^ zc|_0CP%cK`Jf#An>JTXFVX&_`g|vXyaH&o!ZG(q>v56Az?ME#QrgYQA!^c<5b(GFqtNimT7Jp26hFsckDU3APqTom6{=8`pn$!2=a})PtkS*+MF~5+BpBCZSU4E6e()9J3)vNR8=FM(d0 zyC1KLOY(du{El{6wm24w8hO25CZO6q1PM#zo}ZA`-BjZ0zsc>u!PwT?KNfs_bymI* z-@Ci3{lWd35C9^}6j6U|C|WS-miS2;w4hxM3{RXsQ%`aa@E*H0&oIEj*Q4^kynaf4 z#Y-8UTSieDtM>gS>Y!3w_>)079WjR~rw-w#OKL=sO7tt}PtGBPdWw>!<-GG;{U`vy zL=v~xyf!2LStN-V#393vr~RF>)-Isq4KcSlGwdDyX4rI7cd~A zd303Ho1h1XTXuee{yqGdlHhDUX%i?WYEqyKm~xu${VIaHd90K-2#L9R2zHbZC`JcG z;RBnyQ+z1K&-i!5;l$y9`O#R?x-_bVkiB+d#2D!EbEVpL%WnbvGziyGPfsY}e*JblEwPTvRNHD46J={E30<22Q z^rbEMvb8C=gRJ><;Ifpio6}=)F$F@_!PbARNI9LLk_A8+Zf`{YniNhfT1D0}kpN?) zue4moclgGV`yCV?w|hxJ?Y=T~m~|}ca3O>snL$53a;lR7i$5IYKTj!O5C^Mt3WZU@ z)L6lOW^TLsY z{gF1A*LqOM8oN%N*QEb*X*=l}`s>xI_Zz{m&yu(-coRiB< zjYv=_E)$s>idR*&e_9dgWb!QX{$-9R6^U)sa~J`02fY*7KXP(?h0kuk1yhWqik)@_ zeX_9FQ7=^TeyFB5*M0I>okM;}GB7w;%=n>RuU|Py#dZ9ww1S8&oC?_9*=@VHZqdmE zXEzLTBJ*VbyFKaFk+Ba37+}Z}4#S$k_$j8D!B_ZY^AXYb#+zhEjy!IV;!L}F^Z(py zYFb9$-S*XV6Uw#hoSkEoN+Y0Opi#;ksiPh(kGE&@WRoJciR^4_TE#ul(U|>HXE=06 zOD!0HWXtD|x09j&e7T$@+CSIq;>(fLtVpQpd%$OlHuXA4etI>ifTKOFs0X!{$zk^; zuYZFg5-+{$-*sj;&Hw0?+_3yi?f@xF6^B>(`2N90e*NAQLDI z&kzXPr5j*+7(+5cE^02SnU$qCJp>a;ih=}rrch!$?emsHARHy^S^b)sNZ*1~rL!TO z$+-X}0)GZIh!RjRi4@`J>vXO`7(-8(iL>c_k0)be)`i_2Gfd8c8JLpGL#-o2>2YY| z*9OpKsrK(C-8GL;7?+SP;$adx^z*t%lj^0QsdZ`aq22=AEb_Y83oCRW0K;S9Fff9@#006UDKbV>X zfbR~(8mm?ZWWy88#Dm~LP{0Hlz1USVjLkx=h;aCp*7)RoGPRBxsr{7=57|+2E`@@4 zZsZAMGtp4Px%j$|Azo;frLTzAo=ek?aTS6|30cI40YY|DKa}aTQ*m-)0cfA)t?;e- znXK^l9)cehL%cIy6Ma2%c779zPAcMaS*FV#N#@TwODS3OH5bhZ^(7=__n`Cw&BOCr z1t-G{jX*O=vM7gN<`RS{Nzi`*F@xa4lA7QmJlrrJ59bZ(lg`t^Vz)5Y2uex=508)Z z#m`E3EFjn-U!LY|nw2oMY4}DgWl;W}|N3Ue-ouHG9}yXL@aZAZ_*NZFu6vQN**BpC z8hUz>v+XT5Ha3rzwt(lPfF~pMfKnJdc--eKWI9g6-&^4C0*}o)0S0xaUucr(zfqlE z9BdW3Y7@Ux3{S@{;E)M~(`2wfC_(Px0;2JTxFwS$!Rj=0x-_ow^(?jB1}4qh3sw+8 zKG=DC83|XN%(l?_3z_MgZbfVTq8X&Zynoa4A}F_S`*bBtGl(r- zq~!)Svr{ zF;tnrtss0xb`A-^2uXUA7ByUf01*{|zwZp{)ES|HnJkW?DJ4yZN*#9w#X+o3X-vfp zq6TRe7XiR^SB(NqNG`7J30(gRG=u^*)gT~7BF0OX5*6`)9~GeIinIzA_cq$KkCl>^ z28B#TpBtlpYjRHG{@v*e(GHS-BQ?~iWbZ*YtWW?IJQ3A4%x^6+p_2Xbb<_L(># z0N)3{A)yk)fGt7MI)ckQ&!}!5&FH#}6!#k@Y4AlVpRTpLh?FL55On}G7Y&Tu$*HuC z7y~9!DIO`2$N!ct$29;|?e}&PM_89u%7+WW92<*EnaYB4cJudzk&J($2ri<6Jy+;0 z*Efp-1_%iAWeRawIKGC$4p_@H7D3IdOHe7d{!=}tE~q%>Jt7_!TR;`6nRp;_B)k$J zA+1qD_lZ_~H=eyqnYI&wM-ptv6YAK0a z$E0Q(|GTvg6HQpeWVX&?IsAr2NILmKZeAIz)U1p^*Pw0Q>Xkr z3Lu12wq-y7a2)7(W_O*Fn20Y*SFyI#bQ17a90jK4Frj|c&>D&7>&5~>)%ske;JPow z!2o6F7f_sfpfdnfjl^bhf-sW&hOMH6gGs%FLpOF5NyrRJ4OIo91;R%LHAX4R*~qzr z(lq9n1=Lw1YfbZfhIVVMhDu)G$YMznSVYps!O4<{VLPQ!Y!R5Oe|c51Mb}BfI|h~= z)1ZLsE4e`f;yByCpK+Xwbm8tc={OZ!m%O$@@alKBfNC0N)dmGVDpZY$(#F$vlF;k= zU!}gBJ+hz31E>K6si%Ah zF$ZGS1hd3{SL2T6(;MUo7FU^Dj;OKh+-rUYO%oZT?m@{bL{2V`_$W&LOeC?jB$Des?jt?X%?n6^`t|JEa@NW-g0Td1=?5tCPFvrQ5tAbe$IL0`}i5^biCNc#a+JN zeX^3v#62~P@#nNzQ$-C2~(1XT{-8LsXw$Ah@ASoDs!&0{x7Oj#EnlyN#dS}RWM70!RWt1wsV+<2n>~8z|=Vb3#S=p)v4Y*%RL9Z{!$>U4S zn%Qu-A4Y0>7z_I#8lzZnSIVynYq~ciB&g_?bj+6fLMU1Dt5)S+<1c8{3OjD1d^?k95p;f#zzQf5g2}x0AH9g z09D*x74s26)%OfsYJ?qM#KDH%uFvyN+c`ZXy~{RL#EmmTtS%F{B(L}*RtZ)@?2H=0^?ZGu)cMyB(PLQdikUBgL1?> zv#6$?UM>Su_lROId?JV{s!RGA*!V5$Q%1DyHPGO`S3g8t4!|n5Z5lt*E4y=3sSSDM-S` zPAdf3*3QKZ4?w+}Z9Oq2d*kP<;W`BvE;l22f8{sUJ};@nr|Xghpc3$hdK}+Omu;N- zdpP^PAo%D$Haq&YJl=sH*)4Tf=)Lt|7GdYB zmt$LPy%VwKdW1z<4sTOs{GZYnS8^@Ot=uwOSC#x3)%d-(5%hP#Gg zm7JGxoD`j^Wnms8jV->nRaw7HBsPA4euN^2pr8D-GH8TnR#qjfWR@&??8-xd-61r+ z6$8+~9H-zc1}-hIZCH|(C44l_+DN$w_%hh7<9MvIv_J3hkKI^K8^#3qcqx}mm(9^@l=h@`-3R}@MV?fy#?_CR5 zIp?l+!^oZd>i)YCFQ$M~Hdm96H%lk-_pY??6cE5nk6i4Xoa$7IX7hJnDVfZNli@y8 zmDHISHret~AxrT!*-W9^)l&Sp!7E~6VVmBcopyb<=tNp>+v20=(av-CeP|vA3&D>q zzRQoDU7p6px}{fVI~unBYOSJ-tJEchq5_oWBRwaLD|pX8JR?C8bCKn5G9vG-22vy=Dt&nP zXgFRln_f?xue@^lB{4tE=C!Yy)}srSFSymG?%mtDEn~m=U8iOeNKJZe#2Gxvk4*e(*LNLn!F7KST*~wevcmh?5z6f{`BHkZTP5?#eGr; zGeP`K`<=mP$#VL$dy9qb&_R4c&O@o#Bb)#6LFt}f`PI3=?~`GFa_>G%4w66H$F2o) z{E40&PZno|DPYA0Jw)^|xRry4(64A@zW%Ef$15Mcw}qX;AE-3@zAYFU8o7kMJ}Qql z5HX=K&IAzOB>%Z=peJ(?W)pGm_MA{jtXL@>Q`lL4OlU#HIB^!9{a>8DRajNu7cRW^ zCPWZvNl9s>yHlh=O1eSm?vfB`r5i-LyGxLcjdXXzraRB__dnk!@qQYR{{h{{NpbbJP`5P3 zs+1(kPog*ofcdV1VGas2oL&(YR?KLs>AH~$-Hc=FRd`BTmjmao0<3^x2bSTa(+@2M z_(vC%pDz*qS78Ydka(5ti9StGLNxW(NhdkHmhefWy^&uueiOpf|JHK%+oxRU8E`V# zhLP?bJDjCtaHkm|SVISG@Bc8C}8PE}udO4>)zT!*>~Rxoq5T40(+aqw(ncaLVOn;KhBvRT!x6eKwJ8 z_tvbtYbhz9FT&uu5)W3oadnaIBLC1P=}o_2x8>5)R=CYx34!Pk4vV#) z=U1y~TX0o=^on;IA}>vJ8<~nkx1I62U6%^E6d>*OeUO=0yxQJR18d+5pR->=<$|hr zJ%PJc8W=wChbQwTbRa+j-x)pwR}xn9(sY#w7Uug)&D6p`RXabddU|=7by@A_o_gxE z*x59#DC*Vw0@=Ty`B3EYCPb}MG=O` z*lRKom__zbkUCJU5pGL}S?ifXHsBF{>^*{HG4M3smAdKudAt)kx!&{Q;FkQp(;JB~xEc_)Iov>%t;N-7isT&zaKX!aP{(*UP zJXZ-R6EDV@dJaFBE714xsot$!ES~T)V1E!EeJgxvJ#zUr_|9!|`41HXzsZA$LfTL3 z+P!-yzr2Y(Ms!K?%Ut-kG)KEju#|xndiRxv&}!9F#Se&tG@Wa+PCbg%XBnA;zx+Bb z%^pS8+~CSot(MG;n{iotb0qvwzv?&1_?RU z%2#Nk_R1r&j)C#ve9fa)Q{CLGL0XcJRNz_2OP_TKAIEIt>Wpj4m*$yR;swH6Nr4D@ z6b$KEV`17nwbk{C+hsCy>5(o0qnoSi@A4v5IeIu5vQ?a3Bz2>53)J?D((~q_Zt&${ zi@tT_M@Lw(cD1YwR4@+{r!ye|dfCLtiMalvNUnq~j+C%h%aJpJ4GrM_k~gCOF%K_P zyIW`*3Ooed32g-YG@pa(5W)2N6wKREK z!+Y)hgdWCBF$1HUZPCyGW?Gs_h8ML{mk4!lG~h3M)0szPYC%)Mjkl4CIyJ#0aj1IT{!^x;0cF0D?vP=8}-(KGhY}e_j3_ z*}&!c7td?W(WK06>@oHA)k%0BeW70&XAbopMk9m!!5{wTJENhoAdoKP(2_o>lz1TZ zQ~YrtkddtQL{ef#t(7``k#e%JE49p>5G-t+6&JDtRL@lGB7SSKAoV_JL=A#GN*d&Ru1ade3QzRK3QU8 zm+SkORnuGUJ-uu>a~$F*|0s(ZGct7euS{;w$n1u`D^J<)FcPDZ-nL%+etE?J)A!*M zV-ohIJHORIy*wnioFdT)7Iy1RsE%Z%9WT{sP!-J*KB=L2O9-H1z|opd63Td%Vs4I> zxw?TAsv^wdtN-hrwYj!4zm<>g27m` z!`RF0Guq>MTU zC?r?JR>X>-v~PP)zB2rpqESsn4Eyj<*6kqK%@&z5UKHBF5&oLVb!y14P#hlT-8{vH z88Uf`KjO1+-g#>^dn3!;(8V8(MU$0ku`_D)_peZf`@M`9=GJhg+e*i8kcGrhigp7l z%SM0fM-dbk?HH(F9|)JXbIy*&j{3Fm`k#ya>M^(0RrPlF1BU{ald8IZGWh%RLDTP6 zFCEc&W%5^~$E^CSMeKC^EFm+69^(gWi5`6n(J0?b-}48KfL>icuur|%CPX0==`VI` zS4C^HHX^6p_JaT`??vqvM?JaB2L|b9>KRQJF1X}cJTGLl9<0W7`ZdtXr*wbF4GHjF z_*q{5;Iq?F92YL>oyuk}zow>VGDo3k_8MtY?%INMZtbxymMFvMsl_zcc-T?BHS zy5dbQ(;gDCCT}qa^#vfW`HdWB3r(=V5xATUDRt%xQzCJAzPmSBt+arFcKq;+A}B>eNEx%5EHQCJ!f8^- z$5HW>c{*L^+zwDi_Qt&d6HiHvk^=Dn`#tI}T-+W`sEYrIs5_}-hU)W<6M2;m=D-}* zA^<5X;w0!;5JeD+S2?tUZstt|V}uH&DsqHF5atLQ6{1S9=&wR{wL&w(H^FSKG_-R5 z>!QOrD&!Qt3s?K4)L)~H=Pof&=$Pm_%%?mIp-ox?19FMXdJKbAOoQFsQv9Va0YO2* z3-pKG$#%b?2aE-~%8yOX&llS5GJlS-nhz0(H#BB?$Hc|mU*kk$5OFHUFo!EOVmW zSG}Yz!td!Np$NU#89#uTrgxA05}lOe>Tbyvf4(D6N$EAtY*Owv7BtX9xlfZN{K<8Eq78Sm(>qu zVxg-`0=RoNzr+53)9 z6q=2Q!5i?US7+ze-R4*>iVkx43>w6MshyVJV!a5#SPTdgTrr}Vlz4sCilg@rv@!|E zT-V0KF05rgwOx#BtAKA*v@mBud>uypoxK?h%*latFkA)LFi5=Qy0kuwxu=N z3~<+CN!~2nBv90&h*O8{$%678wp1Poi~!*s;jbWesY=!?Fx^KXRp?nftDznQ9tF~k z#eL=(si6S!`HYepNxu|5Uh;|~lB!XvpvnIQOfOiYh#5KCi5nYaee9LVQosj?aVVSucPu884&Q_O+FWN=GdzZXfr z!s#LCMUWQV5Tjy^4Ey!s0J~boF!l>uC&3%jL0XQuLEX=fVIMy#KV@C3WACA`LVO^) zdU^)FoAE5|*B?}Hfh6#(o|*}@=EcW7t8)1i&fW6%$0GXV%tSlxR7h4<7CHANBCxTw z5k)M(O)DUsKQ456Z4!d<+7~`Ky-!BT%d1SQB_QK-dvoKO(KB8c09QL<&;BNehWh-X zfG{+=udJ{4og5QK(9oWjwN~tPlpRh-a?w)b+B|3itU0t0;Am~Cdl7Fz z@3k4KpAP?dZvBN=3&2QEV*f}t_wUPwb=$6=t&2^;d zj`n-@uZ~Wk-TU&%31}$C?Si!o@$u&*!V5Ni?{kZ)bT~#bogDu*@P>qh7(6B%Ow)qy zKQvb@KOLWhjleDAu7jVbAukc-Zkm^&qJD%Jl>Vt*0?M{h%T^N-9=Ez{r zrBQ#VA32#wML2R|EIQAO$4MxwGSAcKA-x#?Hv0Aj;NIh@&(*2VsCmf!DM{|5n`dX~ z?{LPrR}L?rx@jG`OX{PE%B6L`i+?>G8JJhQtK3mrdkt%X3W)b-hwvd9E4t z^kDhIh4i5GVuexB5SNindFft()|=d9&yt9#7y@(7iCLZx_odYH~UvAK@G9A(6Fcx{#@}QVb$;aoBd#QL{`q|Z$ zwuwU`AGPl6k5%1GfHeyfJ^h~iP1MWG1qV3k>IRu|g_~yJZ`X8Zot~|W#*?}SJ6Kt=;k3krbESQC!&QaXhywZtesnz;x@&>K|}j==GvL!JvW5z(7+~M3dI>67Dw@LxC|F? zJDh3tsy7MMC{BM`ywA_@E&@N4GKCu(J%(ptF4KC`)fVS19%t)oYrc=07UC!-*N0z~ z1q*EqLTBudN+>EZT@E((eY7D z`(GBTNn=al*Y)gqot+iLw&rnMw0AFnDiDOEqy$i%mffjpytNp}eTvL+Qr_9kT}IM# zT12v$yy(%HJS3GF^aFrs($;SU4B^FhF2S`WL)sb|jPI-t%Ss<5q~{dg!FGg0gxw!n zq>V0ms_D7se_t7BHa5KQ+)eL9@anW}>iVGZ;YW%$)|dYn8>BWoa?q#xj=*V%cwXha zmF>emC4;NfkAe|BE4reI#{CF0n)p~*wNRqSIX=laGi21#jPykRDRq;H)CvB0*7wB_4*_C`p^1U^>_ zK8Fk;uiJ}#0l!DVNR4Xuzm!A5R1-^D@CaJ=@=io&FRt^_XzJLLnf#+keFBidobkxK z@YqN$X+)QI-X|qYZ!p%{PycZ8SHdM>rnt!8e`jrvaIsl%RjqkM7(w(lMWjigiOX%e zZp*fVAfB2stmNlB9;%`u*afI&U>Xp4g+4{7H8w$5bv*cLxeoxG)5g=WbP+O@b6co4YM|e9$qOx6c6p7D#n}(M?h8Nt7)RAzYI9{zjRu zf}=inqnK8h1{}g~76wH{O3r9qP49q6cXY)gyz^aFf6}LtE%n>4XB@I44>Sul{$r`PZuc^R_+{x zxi>@-_(4X13{vX)%H@!#HkN<@?&Ph2tv|Kp^`HnZ7ohI(S6Sihr88RrT}k#q4neGj zVW2i{xRPX)j79!}7n-Yn?p_oDjyG=#0&OIqFbiW~gWz_WK$~9MKi@wj!Zv@)0tZ`1 zDbLf&@~!ja$Lls8a}P-=H?U??LEt>jl25c2aNkWWfE6Dmqs*nCvfvjW7GWRB>{H5sW4!ly?1Lc9hVUX zKRZ_K31}I*u##0udri1__OllhPaVO>gcf~D%EQK0`=vaHDu2OZGLgFc;~vkaB;iMJ z_Fi{7YC0=DygVMjWIuf8WhS-yyOlw+{->SK0XA;c;|Q^Mj{?(7Go$sG&7q3W_@nmc zw=DGuWH~V#*tjt#N6W()XECOkkgNk|rnV)}!w4~oz|OFeu)yVR2p^GBpr;1yVJJ#9 zWtJ*$kD-0o@3{qj1*r_sISrAn;cWecmDeP{nPo7!ya~{qm!83AA(Q+4hFu&kk;n{L zrUHWx@(uwO^#S#-vsI9^UDE!HUA1K5oJv7yWv3dWY-?Gew-s6M#>gZzbgdS;CyDrDxDqZOZ4!V zwq9}>vq^}FF)rcnRy4m{W@2T$kL>6z_b?ils9SjT#ch|W7fGP_oq zUhl3Pq9ZO}vu^Y)xIwZ6SDo8wi}Jg7gdR?c77jWCy}T9#-r7yqjXF#VAR&W4t#Ip- zTv(H|9USm5*`CM{DWpN<^}?X~U*rY17v)n_O*}m>@-nFn9h-VWia(z%N*~IXu_07h z`d%k-+eWhN;=BZ(~~d3-Q80$ zoqzMBH{-k6&Af*J8LvG#Ep2{lNa#PyY?HeNqYDi?O%_Y4(b0%mRm)Yp#U4|1)4p#M zK29RbXJ@%6C-mLh<*qC4hEq^ES)|J5RVhhlt4Vkjo*^97+lCNwi%#Obwm*^zZL2zU zvuoZuLjoxfw?@yJ#Vi&fj~4UzSidYb9@WbEz}}_rwV%_g{rrXLApmYFIuI89`jpsP zeJScKsOD_@ga~_6+1(}B*2{;cU(LE0_?A0fRcP)Y(dM%)KeSv;T0}O^{%{j=UxDMJ zC-3@@`SfUL8NFq6A)$8b-8!sal5uAP!=LrGt7S%5pr&i>bMAMDrSd58?vu|ws2eou z@Tfe08j}E9APrWa$A5cH@{;d%j#c6d+np(vexgRF(~yk9eJkkK^dO)Xtn(Ql{dqB?3JONwc?OSCXO|Kg^P3~V!h>F#|A_LfBFWAj8T zNB0k2R(2m9*FJSr{O}N{<9!w~U|y|I{>;Cj`wZwvNrYn&>N$ThC=Vg!FwMDnNwNlh z?Ri?zT2;k)nPknLA{S^ zDCM{yz^e>;pUh$n==@plOcHaD?$Xe<#s#qKYMvg1x)YIN~n;QR`3A0Uth8@tl4 zP8u9hROXBXHbXQj!O+})dWagdU@}cnVFLQ`z_5}d_0OA7zC+ADCrMmUYD`+Zzn0(h zjLZdQN(@1iN5~4wyL`%MlKC_v+E7V5&fOtb^Vp=$BykG%?@E0MHtgF)X7L)=4&gy8 z5YQKRe0)5oq^hc#%6zo7Wyz-bv^Q` zt$9}In6kZLX3yYw^Kw?TTN(mNlezQnFFu>kX(f6@+JhMb5!NGlEXA{yx4TJ$+3=;x>G??BY~WyRzg` z1AJ&mQACSJq1%xje7X4}$%L~Bnd?}1ddWY^&W>VQZMkv!{}1g@zpW(H;K?T5Ai!)}m$cUnnF}fFP;rE` zdl}YVP*9Nvn8`Ae;E%?si zIXbc6-7v_JPJ__3b*fHOs;gj z2-aJO!HzE{qb>5jeQ7_06j7G7W)gBMd@H|nXwxWA50SoqhK|wXYCV@S8P;uGTmbkF zUHEb2ei5;a_T%d<^-_a9DTuT>i@`UyYTjHKO&8@g;E^pEWY{xo72<==l`!SYcBwB|?rR^B~WJ8(ZZSW7ebz6=Sl zl)L&Ph4S;V$5I`!13W%xxV}(GkeG30ws;wx@yW&*V}wGli)L|Zdo@2+^AQCA z3&HF3JLdS@n04t+yQW2zo?5GV+xi9iWQCpsd4P`3V?n^&KK=C={G`h;iB)s8OF(2jeuSgqTuyt zpp(c$j(Pw8@8|;-!ebT27mZ!Scn!Muw#zuSEv|`mUii#{{^2MaRM19SNK5;(?ISU7 z-B3jZNl4q>w0Vu;DL%ynLriQen0jbxXegN6dwej#UK8ka#|I6(|A3e^=#V>Mc&#Dz z`ca~cJtw!p6|RwOcMXgFUO7$7{vl9Wsc*Kf@Nq5!Lud;ZQ~5_sO!azuOe`(n-#;nB z6!+HL$FfT4Nh~{7?l|c=ccAcUZ+DbB9(}03&|O>xuWmJ2JB23S4HC(d=b=WcbthVWXR}S)W!?v-}Uy;Tz_2 z;dPB-m;0dS#5@}9s(LPy_A0m#au%MW^!k%}EUUllXYb$u^fY z(NlHn<>xFq@D?M9?+lFYUx3F#JRO`hM*Pl;Og%ew6cAPZpNYkyl7aF)qMf)q^Hm>d zaLCnQ9>a9mDk$x8ex&&{vD1~=g5xqB2-ccehI6jLz+Qbamn#JNVvU@K2QQO5nC_Ds zC>U?T=RDUIh8)c_-W|KFTe0kVb`5LkaM!$fH6&cG#izrwX}vhnncioPGi7Sw^z(}F z|Ajoh9~@W%1R_SAZLN1;qi3}Po)qykG!8S2rwp27Lhkr6$OhG3rz~>G9*~(lx;;i< zTsKV}lYN%Ls%-xkI~c-Bj)=ngW!pWfP+c;gW0y)jtP>X%6#=@kJwhlSrrllWk^Kt7 z``xUfKTA1}PFZN4ogy26N~;MTLsfCJUZint+@W(@i=g}*ENp1_bX&8_r36l2QR4uz zP5y6z4-XC_KTEemeW{39=zY00M}b2Vp8h1K+yKk^SQLGW_?e zsWJT@Ej-j+zgo@A-l6R`A%19X6@0|yRtr+bNoj*M(1qpuOiDf*#q3yOu)d9v+ zoF*m}3JMHSkvcmZ4BD^}xaR4efgT$~Uf|txBvjyh$T|l!*mnA#1OX5rD`GRjwMK`A zGH4Vp z#GB46UDRF8)y-3!>_3ebu>HgKn`_49MSHGixcZo~CeaA~h2$(3(V2LuocD`L7;RTY z%PXr=(ij=q*R@_(-@-x{M1!-|a_z zK7B8EB`Bc_rzyOsf(26E2>&DjR6;@7c`ea_)pgjX)i1&Jg(TCLM@_ITG@NX?b1;(DV)bFySq+de(Ey|aE;?POuYgk!EQh0u2ckt=Hn9{?pb% zV)cSzf?1hd5)uzkLXbrPf6M|dFC>8V9ZKOv7siLynml2VV?f388v}T zW6_s&CJN6w-?ArB@Z*O6zt_eR3%LePo26c6y9n~HBIkQJ27bmv{VjWeEFO{OS7_1D zj_;bwat~)$8CS5GvoY1EPH_JSTIR1k9`ywQ``DxY=EnZC*`ETi=Y#-O9v=Peeo+71 z20D28^0W3^{R1AS!o{WYzi5~6U7-iI&a=Cz``Ni4<~F)Kjw71<22aD|hktrPF)gFE z7Ayq+Zw!4;xjsM)#l<=-7M!kVVbA>4(DJ8RUIYXaN`lGtY=k6#o%ai7b*Fs999^yI zJ3@ehgcV(yQ?Q&WYn4~PWFxkG8?5wnpLd$BUU z#QV$q#D*l(qf$*Gq2$w~z4}HZN@-|5G=NJe>WT}{U{V74R9Og}C~Rz&KZg{PIstzy zabAGS|Es-X5LE=9@eluj4mtp`0;mNQJkO^hXE&xcG#lzE*dQ406kQPo6xA6&qM2zF zyi9RH#2j?GvdkUGf1548YolHA$hHN)Jte;<=4Qw6NKl$f3M|RDLk>ough|L zFX`aEgA*l@RvbKK&0FEYX$AbpON@G74PKv}%Ym;PNDh__^tSHM*d& z@H-m*d6tP!$~Ss-g3oDdD=l(Y@fcO?SQYDMP&PB-7k*rH@M6|@c%kL;RMPu=97FAp zbcPj6T;bD}Pmi3O+)?A5e(!q9Y4KCRBQrcXKNI3#GQ`x204`wFH*W*`$D;QK6t`wr z;2F{pyNN9V)m1}dG3m}2D_^BgMzqTaL^qxTGk7$N@+$u9$8NM}(S05XXi4@|0Yz6NapxarNve2NlR|S&e|o%!7v8s zx!%CxI9~B8hjff=ldh^USk~u1v@)13pg$L3amAIp+pjNPx=VvFD)GW!O+EDGAN4*| z0ARNq`CiDepfVkF^`&?afk^_7*|KlBH8UT=^a%e&gIz4+K#gaca$MXUig7Et#)Og37V{EIDh3+> zG+O(BKAbP>9#QmRlpIodEn(#h+-8|fmN$*)sM|{BW869}U=3vElm9ocB3wBS^AX#^ zTFC3NdQWaxDi|<)uY}Zj;d6g8bCbz)jWZy|(yEt%OU7y)G}3DTKg?)#iR~G8+E}=e zX@4*tfVGZFY{Qqz9J`*!fy5x#iSnR!0K8?5s`d@Hd>75al@yQmdn;B6qic)j{w^qC$Zy)B41)e^Z_Tq)r-%_Rr_y6^qKMBR;EHbzVBesQo)f@{n}2#-fD@t*L0%&=L<7)3ijkZ3a)zQj4c(oR>; zxy5VGTMM*7q6jKt1KxeHA|~7kMNk(|WN-(2^n&qDTYfNq`%M8ksy~fRJlvuN zCtXkd@Q^z&fAukwHXmYDxN z-S0Uv=fw-0MIm(@X@1Q(x%o>?J`YPTXHASyT-O}?2ai{;H@z7~zTsC^6OQR{tiOzI zP@C6mPkSmWf(YLa$&7f0?<2tQj3&Y71}LMF0MgoKt`?ENW5xoP4-!6lFJO%wiwEX- z37#KQQsZG_^=-$~`%+t7KZ~$rjK9e#b#lP^Tsi)%LJ#ux zvOV2QyT#0WCNGln>}{XV$FtWF~CJt8V|LNYnQ}=va$!wFH?yGl4;JP zH5R>6%X7X{70Q097>^y-VCDl`~STCa#JL9M-n`q&@L?`uJpZzaRTgX0-w$u6eI_67T zm-iC)+j4R#!jZEa_X)4b!v z3~+N`HH?6maMI&5xz>q@v1<{+Z~!Qv{whop%=Phe{IBTEP_Kw;G&brC%2~0{wsgep znP$&*h0}+5nX2uEny4jwqhkl7D2d-$6GvIaN~f-`8-rb7i?xgOPvkT_@d1LZrWrd2 z0h3E@LBRzaRm2MC*wEY6ENPqn%vFSp$Rrm<{5+c-R_Qe(|NCFv#ii&L8@!a=`+sADw&+IO|4~swKai&!=bBY%D z_3oBA?{^{uo(G`a5mtq8{3T}D>|l!u7>sl)lqD+gZyhYd?M=a}1O^9O8Ld%aKi%GOYe*P#dIy7xMbIimO?lUCz`35V-N zvTrl}>^yAqmRk~iGM-8%Xw)^uub5jjdhrt8Q?zwXO6aAhT?_SB*yzv$YNjTagcLyl z0OnZ5nJ;ou-3*EoOzYfDhL18g&eD-ydV|whg8qXtgw0UF*gL^{H7QTag={+#G`%KQ zvg0AS-Tf!-%}p?x_rhnLiea`C&n(cQ-G-TdXts{thI*Y6DT9w%*O6u=sFqCTRZ)VQ$jkj5xGmML9A0zbzthbC^Gi7 zcjqwkz?C)DYm*iycSVSbX3N!Q2b`N{ehh6k zRnyt()PVg1VmYLB0sFLYDNE2f`st`SSJ}_#4=XISw}J7MPNn|ef}7}9@%$gYM-4PS zy(&+{*W^wB@z?@(qaT5vR9SgPU^7}AA+sT;+xV?B{!-FvHzf7aS0*k&l z(;hWDe2d4@ax^of9zD2*(RbU|`x?yP`HnNFr`F4`2}R$@gZ1CTJ_F5Rp?+k!Y*=MS z!W56q)6U01h31*-(oIXQr6U8^jebdv)o%^*h(a*j$R?M4MBT)4DZ^sN>&Bh8{eq)9 zo882h#WHvzFEc!1CmFuP_9<$9vhY(ad4DhwTD^UNf zS+G+l0NoNC6ym9;s|i1btJ-#lP0?YIehf|zhf#dab>81H_Lc^_{Jp#eN@dD>^1@qdz+>5D!Jo6tTL)A(`MC$j06o?W>e zV&$Qp;Ris~Fno3Agcfebx4psBcQ-D2y*Y~2uA~L}HFhIe(5wbRo}D7xHa9gMy9(eS zmH7o#7?Y*i*TUl1wivQ~uFdz`Lvn?rBO#9rEEa7_7z#h6?w5yCMwvU8br|?ER5lOF zOOKlVmTCrRY%?4PO11k;8ff5Ryq-<|CDX6E)xPESMk;ith-=UkE;b*!KB=&C_b``8 zing;gtdWL!dBB{DJ>QH*qjcP|jtmQ-X|xu$Hj9fQ&Y{oWyYk~98YrzQy)90BxMRFL zDktEZnJsU=+mqsRVOZVxaT+V#F{?w2SH{Rtx0%Pos(Mz1C&lR8(t+cozG$cWc>k-z zN_%Df$~|hAO0Y$~sE-8#=nty~vlI4CfzTC!j;aG}ur_f?Bq*;{ljURPZF2vyYv9;v zkavG;9Gm5~X>MX01tvZOA5E`xj?RhsjjzI^Rr@m<9TXl;x9%4XN>f30bzG=A^Uqv! z04HUoto1nxPgKRzWg3To4b1++3ZvnzuF23_E5j~|)=7?|^QCwi>lxeOZ{>aLr51j9dQ9b*kfe7TN=!=j&*r- zTA>YCjU`6Pz-l~;h+ab!cu%|bmta0x8Y&)-{nSX14YZron<$kzh26anyY-CQ9l_^2 zeYSHO=X>ltQI4f0HE>}g1RyFfkraLObE7d;C}VJ=NFpF=`C;;CiPWI|K;%hebEDE2 zAYdJ}dE9?&w<)Wc?O()6TU_`Phh0_^#@~!BV~jSX^FcMDHySHbd3xIpo>%n0NIzpkDI6Z-klGS$>gA zEjG@$iii;)rykzDbSSg))lsHRcstK1XnXOOFII1U#8;)#RrO|00TXMJ(<~xfmb!%B zQlz4J6|2|lCGo2LFC155xwq1CsYUY5TAvRX8>Hl%415-zg3Z2$-S7Qyt8FI&(ZAX= z1Vd4j#w0{eh`ke3%#dV4epQUF!s-rn-X!;>n#{lc0O$XrvxBV7B7wC_S&7c*gd|zk_JzT04zbvKo4=|*py{Qjx=UuhbEdJxcCsDxS;IxJ9SQwl7 zm3`}|d-K&mjJTKdrx2;r-oZ5Uw~U!QT{oqfur1C&pBpc`3&*v%L$S5kWp%9=+e68s z)OChhs~)hYyY9yAw`U`X9zR+aW0f)$6ErJ~>**C7cX~o{-yl!auj~kzlLY7&O{YQbv z**l+tl8smNWy}kQI0-g)#TJqF4wQBxtEpNAB#~S%_wxtoEOvJ%1sujOV{1L@%SG1o zH2T}_YOT-JnYGkAVT@=7zJHFQ9GLyA3!(nRWiG=*mEHNXz{(=6w_|wD(Nn?k6&_jZ zAO~}oE&Bk^OYAV*bUORka*h=05m>B&oBUE;b&I01*VW$D>y0Gc#g3@gT)1((3YiD+ zH)A#@6&_9q%Z#kSc=^PDXce6S69crF{oc)*Lzx|!2zI5+hyC++NnVfxdfW|x6=&YNUmd3L?Zyso~Gv#?_ua8gr>j8O!e za`;3SVT*3jk<f%3{+r2kK`@@_Ko8B{|ytHpmYs=PU8A!|MY4rUpN15E4nB_NpMC)x4}Hdw8Z{<5}rxiq{X9i|q+Yk2PTtH(Ks(3m@+fU10c2lKqKrx=V^b^8J8(1y?+& zh&q>f(zro!7+~1r<13UcHe78?rRDo^sh&2IZ6WRlk9(B#mJq zJmY<0t)=bn0d`PFQ*J%{#$>5hF1VFxU`Q;ab~TOlJ(OUD+Eks6>K$M7K`~#tZL}O` zJJFA5d`U-8`a;#OqT-KMm%e9*lV4?QI2n^?AP-uT zW*ZZtKOb5+sn6)s@cZ<4Z(0<&)M@b(#+jK13_|CyglfhQSH7N)30`^ZN~pH_+}Akq zd{kXSg{(B4JW9q~J{nad6Frt?(cB#q?)5gd@AnafplDn5KUSdSFirT z1$)y*HdZYedAG_`G6P$vp(r7^bxM{K$VWg|QQ|b&!_()?W;|l%OraelLiJ`(s}c79 zUVG~Qz4jk%$Q_e*3io4a1@Yo7l>@vt&Sx{{!=d1IK1D>z(01>?txASJOPx1bUC0?P zDt_Pi=%W{Sug=U*DHAp#5u1d@6Fo)nW;On3P(6s*cl@Y&xu|8~I#iR7P0SEDDlMtf zm=pF}+FrCfbwY&^k_ovbv{%1!ru44J$PjiI$$|Kl7LRDKJm!8eiWe#W+b*&QFQt9Z z)%{c3yZf`1TC+~p?O@DpZp)O7fozDy*EL1SwozFHS+7ebmvG5jRuIdA9dr0H9SK+w zoE0FSfLBJNSuMlt5jy_JKo+xSYr7URp88GciWZuSJ=HURFJ`oA(w7(_y*gPGu_hDT zQvLaj%&x-x4LAiflc4^fWGtmW7@vtTjq~rIv58JSKBNO3#|OLW<2&)cFVR~b3Sdr| zi9pBLGOWMIZdup;r%{#M)w=+2+!v!tigOiX8@w$KB5N)J?ri}ur16P_D*HHu7 zoWJJ@?f3>CT{8;Ryj(RG1?S#!_oo=-MUbv;t%_^dmDrawJ!)V54V=&lu1e+5{HVwW z4i%T$f@?Mwt*q+kgD~!OwD(5#Mijc>iz>oolqS?BY z=H>IrU!maCzMjaFoylpFk*i4qhWp04Rh3ENX*|F`YirYqCHv=lPdKgB(fi>?A8L@D z(%z16782s9dYpJJk^WFJ@9z5U_=32&J+eZ3b(2MI&Sw}L8@ZQ+@|z#Lhu|#F|2UUF z#?;W70bG(c(wvVlW6wRsKdCI9wESF2Hd*Rj0!q(5c{JTMAs64J`|s~h z>br6p;+vcAyl<)uWa}nqbz`+h{O%JQnPBdJYx8Gz+7``b`sTk?J87{(0iC+NdQLB$ z#-HVwU_*WfTfk&_+dp&22(B^AqG0y_RQI3UpvfM*VU%j-0GLf}b2c$;zW%ldz45ZW z9ANy>D%72Xa?;E7wWo*0?S#_Dvw6!RwbWIXFvxA%Qf(nmPhH}6|MuN3r9{x$2d|3E z+v!$RT6>dcUZ0U%`9m}`#z4?S$1N^H-Eyn9JB-uXo&g^Y4;WVTsU6^GXMjDxc*^{} zZX9g%k#b%!7?jgN{M7*pir=%dd;qKAcQ4rCNc#bM{+k^LdD+r872sogp69E8XGiDB z?Fxz!lL(@+0aWesK!4;dD7U`f zAtY2nDU~unkd*EaMHHo^q)|$`W26P-00IgM(t^_6F~AVQh_rMLNaxT43^Q{#c+UI2 z_ulVY>#n=*x@WmKF!Rha``P>7@%xVoo`y#y@B9pCy$BGV(yIv0p7@y{bzxkwpmCzx zlKU;0EEO%*JA+-v88e9*#!`NKQ1gddRE{|wDKT+4Z4J%!s<6$VuOb%O!hLGmHjDMe z&O_9Bn&r(o%}=%7bq8OYW$u|1 z(O8m!H09TM!QFEgzMb;8N)us7N|Cx$dW#MbB`lU>0XJ&2KJRB>H2B@;*6A53q!182 zbkaYS5cWi8G9i;~#;xv2TtK63g$Hnaoa}Cxm6%ywh4{dEM&K|6ky(nRjJzyXg9^eg zGrzE&kHG}c&U5#e7`2#F4>IxZlo{!)UxfH57%7+Kq4cWVTP4Kq=XZ3Kx%O7G<)4Q{ zZQi-f1PQRqhD1^dJIvk1oF+@sRig+hLMJ`~r(%`%k5j>}`Fr68E!~7IznkZ6y7pCL zcr3{kYBA;k#%3GRd)LdlAoBSnDN(T-PxDDqZ=omWGw&{DrISW$4Nud>>fL*Gl+5;7 zP-JT&zRiWEqr@7XY65|9*!DC(w3ryn&0!v!k7#}6odYVu!NCoRzdZx%wGsOB-P(3E zCiR_q^U2EZ*uJXY$v3~@=kq?zwCqh=!KelOd~3e=Px9nYPMQG2uZNwlTjy<4QbeQ| z#G?d_=ZOQEJ82YTMl+bJ+9@km(b7jc{=90sIE{dzs6Qd}RtT9TkiBG;6lan5xZ|B_ zWyVYH*Dli(QtmD&)L+ln(krRCc~^ad;fwP#*N7@Da;|2ZiXFla7T2zkY2Nm-7w6(& zOHx_TvEq*$;=FU-LXZej)FHMA$8mi>uXJ{(Dw%0iL9^8|E`}E|N1=qY}s`-ov+tohzuP$WM|N^ zZ*3H*f9$|BmekZ!C|g|ZQrhdC6@cMNOiF5&0tf``oCnNpDocC+$yDb?$P`Cx@Uf;v6JeZu{`dJtFqU$18}m zgUzW>y1!0O)NM?--_Ym>)EZ2k&qLLHT(dN~!xO=xGB0tHX zx}?OKN(H^Y@4b0sbw;Y->m@{{T-PoNg#UL~w~(3D)w);x3L2R^dwV{!M|x-beI+3K z(bvgyrT_%@9fVY#fDA&~6hQs^Ipm$-^>+daWDtlMB$)a-=)WR)CxIgkrp}qB14TrX z;sAM&0Ale@oMmV|5TZox^xc{ECkU#VHZggVngXy~`G91Jp9$q0Lz>TNAT5^=QK!ha zkSN!4gaAU4V0-Xq(Iz3}Yr(c@Z}O{si9yPPb!+PO9cS8jZB4`L_&kx5p?t{ZnN z*l7KedqJN6$0u}lLESaL)M9UzEaIUyW$?2|^6M5|`)O=f!fV}Lc!?*ucBk*W?!oUj z4NaC$15=u)*dR@yg4d@jZC5C}>)lfTnhKd`pslH`wX(8WbE`wJ_^)rJw}Q@M0Gp@H z)vvqo>+x#%weH5AD?IHH%`fY(@Q_4ozbuJ==jr8@!k(L(tMajUz;*5Y>UYlnsxaw` zOF>>iL9)c|CCF*tLVj_BwD0&+W$O+5h{*5^7ZjU4IY^aHz+_%aPPO`}6XbRCe@9~h+OmG1baO>UN=O+1i`Bnl%LKk0#5kUgMxt43^bqHT- z%fD=5Y6gJ&gXF_`cf&qJkjD{;SPMTV_`G_V_{oDPqZU*C-#=Y~w^fYv6vzfCbqGqH zIT1g(6ExoJ@>G$}qQoj`o4u}#m;9jX6FXBn!|T)I8g3|~Xt3m$9o6q1RSk1{(S7)f zbS-CBlx{sl)J$QfX1nEeHZ$GrF9ttNbKE?fJ)}K6oO}3xI2N$oFcrR*23;KU!yZT0 zSq?_VI`}MYc&>g7i&ksm`jgdV??%S*blqQMO2TW*_Ioaw0of1A`c$lp3u@?Rfz?TI~Z$!^9 z=(^S<;4ofs1ZM4Y^!)twpA$yx?w(2EoCQ!w{$yqUn65M4|KP~5-E^S68w#yep`9+b zQiJ>XF7>8m_uJ6(>wmv89e3sQ&dWQsUs4T7qXhoj=@RR?zy<{x^GSwLRFk`l%kA$1 z-T13f9mC{<(hzYBmH6T!0R)owh>vg6Y7QarPH_0N=|8=ejIpMLAxHB zNmX_$XucvA$QG(y#a*WxikCqUCBGp$d&s|ksOO&g$~WwIz>3FH{418b$B3bm-Vt+{x;@_d)enfFsaF=PoetocJ|=yrU`UQy=_Zi3RF4 zi@re5tM7%xZ*FWcRG02B3y!V~Wb+=q=r}preM`YOysf`OL?vCag*g{N&!1;qy&vy3 zW6BDhpB>8AEj-y6`2@#GzGw-iWJOJRA}e2QXS6+`@BJ*$AR}t&W??{kpe1EqGOA)9 zJ*Bn&mGD4=;7bZxqcrF|b45^igQlCRcN165GZx>yOS-xvp{#!2ZAu4u)+eeRL04UD z?7#*7dZ+mx8bDD|vKH`kLi)1RP&lIF`1ntrhhFjgCXGHvE{GU3(%*4y*ghql!27@M z$ss~Wng38XkwYr6Lfup%*=xngaX#`=g~#{)&j$wMz5% zSRK3*+cEg!H?z2tx|>@x2aEqR>R{;Z68O6hG&J&$OZ`hhjSaK`9xs;pOA|W$k`; z+5}Clt(wIn)i6sR=WYE$(e@n9@cQf23QyZT4z$k$iFMvPk6HXV>3WvOplNCJxJHou z2za_L3ZxrfUZQA+0s&6cJJ33*qkYxH$5|)7iI0?uMX$_D0P?DG9GF0wngfysC1@lb z&YJ`ZA3l2IMR<1>Ru}1&XT=Jeiizn)jIDcthMGwLBG-E10MPiu2M>7+j?Es!Y$h14 z*##{~*_0$CT&0pdocZ~Q+g;Mg+Z^|jK?vO2W>`p zR6Ag=56`MRHpV^B`Lu%%^|d(2t8VRUl_u%KePEkeFInj@Ig}f9(c#R4QRDa8rtjnt zDao5$RaKSLpk3-UIs87SruZ;8`kK24#L%@nXA0)wS!H_bCiw5xNTI<hDz(Yx-G^=dn*>*zi1$8e=;6rDLg{Sg2t_KFl{2TJuf`mBkr>;w8X?`d!g&9P@30CZm%qsM}`;M z;E6xuZ06cF~SqFgUgAYB1HER02uvjdspI6p(GMh@t zn>WjR-3j=GM~@ezoJuH}5L5UjtYS#p(a|~PTy`1-<7Djbo)jq$R1wQ3b^phtlsfrC ze9vo|+S<-Rj`vn#lafYC=ej#O!otI86*Z`XK_|DRl~pzD$-5%ch*hm-kCId_56v~( zky9c2lC`qRV_d0?(njfT_HzYP8pGy$)W+age^jT;o+=5oS&B-bl0IzmH^8-;O5Lyj zsuV5jzWUABq#s(8Yg}wn>T_h3)@yN5)P6EKJ{};;$T-c&qox}c{n5N;C15th!TuOD zy?K})S&B?4YCK+5Vo8AR%;!?co#X^HxG24260jTX0|k$a4#~ujQV!MRsEGV>^X4}p zfWFUNpvRS%cW}7M%|c^RQ%eEMMfo~209<@COb>JyP7u)Gjb@brjgFO8Zs!bWNhSh= z+8k^!tABX#e>q3%XpW8f`KLf*;~JMuey*)){0?EC9>+l@y zvv}9PU;2M$7@UpC`Nx>Bp*wYp|M}~5F<`jtW=%S$yGQZm#PC)V&~*9Id>#_2#K5?6fy3uY9X+t>~(_Qb z$8?uq>fsc0Nh?LwGuI;~EltjL_{m0tD%lNYaZvgOOiats_#BPw_@U2nx`XU1zm2zF zztZ049s`P}ezj!m)}U(Tw%D(OSAAasd7t8Rw6spP5hl6^OyiE+8(S*ZOv)(au@`?3CAI0Z z(}A#MI9vx{WRsKA{`e`N)b4U{EFG_LfL`H{xf(#&zIbfL=g*%x(tPSOGH%{2d17dI zlB=2RSi5i=T#0HlDDlNaB?b*oli!#J-vL84lJ>ytQ_Mt+=m=5`0~nBAD)KH-c4cLW z>_H?H^-HO+G=D#ONIhnAVxr0(S!!mL@-x?;Qb0hU+)~C$)ZhRmSK_u()=AHNN|XAZ zh7oFOYsd$IKi_GM+2uix7n6!vrM;X6vUq!XRN(*!aWL0&%4b)ldeTM6%nftE{3MPi zGAs;wFqVDc{Em!_jH`=_9L~!DnBi+^876Pr5|Hx-=d0nJCZfbD<$o9a^tS>m*ZsBLzPGabO$u`I+}s=xAXr*V;#k|K1EV@hO31FQw#Xce-UKUz`6Fy7->@N7o*M@IT!v^$#!~+VrZDGs8PR?Wl-At4$L2zpK4Hyeu$jB zGC#Uo*fso}yZRth7eH)bNBmr60idnKn$N4BWrqHtcnq>3mP75=8aIe)l$s%QicYZg ztn@0nghSB4ShcyetGPdJ$7CL40KNMC`yP>LSlDB4^d=Pr#Z^J`tvu~~f|;zO+w8Y* z>+uW&4Kup&Oke-Cs;WcxoG<18y*XtIh&K5B;9$iR3=P6M(bq)EfIjT)EiNcnN5MxX zoe_olg$H1BPvLZmN2H>zFfmPjSB04FE!)C8Q4jCPcx`O~eVLk?T0Q-GAcnmYV*2BK zvw(oF%I)$D&QG7TAx`~E0DsP%_AR|giBidA=z{Hncl>v=JMF;cAN zS)@=?!rJdit#2I`F&Zx`8HQIVhfprbXc2FV`;B0@h;Q@lZkF_4VJfsg#1r95*`tZs z07Vf@N%logp=)6<->qg0Ab@J;xvaI~v>NMy#Y?vy+D+BTaB-EX27+#K0C0)|^kez> z@#E*uM;-&8cm4wcjCA@P(fjh{OGs09_r{o2TJ>|D2zuVT30+h&!e6a=Q;Qo8TsDZ^ zHd2Cvg9mvWUrrn&B%Oahp!tA1NeqoB%DuOjL}h?HOwS7=+~?*H7tisl2ishVNG-_A zt4r=bmAN_EM!Rha{T;Pogiu&DE9N99F&mGqb_f2NnEkk*-Dn9GgANUGPmw-qPY_}) zo!Bt(J349#EDcvs)bLp=^xW{k0LE~|?$hkQ$KqlJaV1^O-&@T@i@9VOpKESrn=lkcI?)nf%<6Yf(7({cMvgR!6Em22&hj8ZRJ zYDmGnt_HNMdj62ezB>N+;e%k4K03HV(^HK;VU6q6Y@4rsnM8`%DaGcyx%y2L)E(~12zdV2+OGPIa1Cay2iu=x=JS|@*R<~a`^h>XOix# z%+1ZskQosD?3J^Pd^iV4iiVc9!e%HfT2^wP^jkCYFfxqiNnl`L1U>f4fHe@vi-(87 ziG`re(Cpdxt@O2x>eMiWtSHx zAD{8pe!w5uE3HFv26A#p$tRqdDuy50F5&p3f#@xy%kp&Xv`H0B>CfA}l>GjEpDA)C zT)5{`wHGWWY1Pl}X?cBJtNLz*pJxt^!)2g&EFZyJtoD({uuSYH=*ng0uzS&It`LwD4@cbkJq&ykQw-hMS;QyCa& zw6n8w;rw|f$ESLFV<3(Ud7qN9vAH>&yn9CaHg&MEJysIP%V%o z5G^i{A2d)5Nw2S;y!4^jv~T5F!%dZSHVKJ@rCR5?_HWr%1%^l78|(I_rtuXO7n8b4 zAc~5Lywaqx9p5<5Ljc5E$lJHc($JrFRZkOK7|os*4llda1q1|u*-lwhx_GX8<6a%pW z)epy?22Q*Tq|OYs%Dl4R0f!e;j0T-o1~^i7t-^RZfl`DWjN7)fwnj5cO;_6L2CNo^ z%tddEd!=#&52CzW3n`f$J23TrA^%=+%fUnJiA_TK>!t>qv!ZFruw=kPpH zah#6fn+)*~WSm)y2)}W2d+DyX&t0BaATkw8VQn`sH z1x&Cw>@71b?cg46t$LM&NZQe`a)k1lu+v~pz7^Pv(zpQXI<{xLdd)WYc9W_14&4s_ zA`}Xi@$Gay|Il~+$4SEY){NP^Po6c&)P(JS<0(9FRn)L~#vHXbdCs>c``b6Wv9ij= zTr-GEq@|_C>N+vR@7Nmp=#i6`7aHhT9+SqhgCos6!yVTdaZ1RWH-ung_9qqWZ!14-paOoj8P6xk}RxuOE|JetvjGCVME2v7~U*=aLK2QacNt@`(u3HckVrN z=M*O0sZI5Pv>)9^^^ILOOjJRh$}|Zs>veAdw9-0k&D>-4mlhK}n9tLOL%nK%k;W+I zaD1{`3&$NBn4JS5fmgz(DW7!^Vubk|g#*Df;Q+HhHe$Qw+`3g0b8)3iLdPPDv%MD? zwCDh9199^}Ln~h!Krh-)R5kdmcSl!Oem%{wsppTQSIZgdI{fkWKp1;g*-roi#rftz zq?oZm)jCK1&~Y;um~sTU(_wmlj~#rjp%98fh-weQ+a=V+r^*9Bh~(R z9D`dMI{CPiodQ-WD59+k*B+rN!7c93<>@VKZpwNe6o^fGb$%#nkrh%Xv~p-hGiWug z7~cEaRz$&jLM^e(snXEn9;s~HR;yrAH~pnc8qc2nN~Vg)Lb4s%yYl5+c5!h5VU`!j zMxq$DDVI(aL=-caxyQn?DcyU45H&ZK^7-@NXw}$Q?fthGCA_xOEiAP0IP9-qzZiM4 zIKw%^yOECp+;E)-#Z-;6tE%eet>~@-nP3SqG5*`P-!7p+HfCW#TTgE&#?{H)T_aa3 zhD}jPiJd)j*-i3s8TaYCD~Dlf4h}eww*z)3e`i@*T3Y`ryPmPPz(mq}DQb{dL#$>& zYw}9d@#a@;L&Im7TZf~ia});@MUUo^agImlLiFHLgEJg1G{s}wEISLqJ)Mb;*z9$W z2|!&$0bt@KAYcp(wMb3~2i7A8t z3~uLwM4_cv#Rz&P5Q_jLMXC~|~rg0sbM&9*LKX{De$ zTHQF{cM!^BnTw1ts9%{+xVX61JzyDqi$2c{$CWwn+>roCb%0O1o!R*KWVyK+A;4R( z>iTRcnq*&<)jmznz@U zZ5}<^BBDA`%e)-TBw-_JU_-JS_wi$@EVC!l*VBMU2T`&RmmHMADTb6Do0{U4gJ0+4 zV}ZOrc;|OGdli_Tz_+^=DJmo+BziCyL^Tc2Vd)gpKZ-2bt$`XpmFlo}Iw{dJp)85h zrpPZw!aYDg9T)%1GAXY_5A!KFkpJ>f%{)p@P9_KT$91cKIe|YJo55oZB5gK?`10a| zxTgmFmo+p#sDY`j18Q;;FXXt+ng{ucfvasjz+zX91!11^QI4SZ`%fk(XJ2^fe(cf_ zh&!-Idp)9Ub8I}?!Jrs`2g{VdxdRkBi@?jnpP%4j8gHq8RocFK`0#e`?&-duHyc0+ z%&54)e8hhn9Rd;W0PoFOOq_v(-&~|vDc8TEKZBwatg`F5*{P6#jR{ZFgIbE!VO~4n zpAlRa5Xdz%Pb+oy7<}(c>;@|!_!Cn)&?}@@&Q)C^7C$YU0ynC>$}p&6f9-To4Trpkg;nErR%tfEBGJyLv)4}V9DgyBmK%&>JzaxH;gkx+`SoWQYt#60wSQmo zPIW2Rlljk`>{V<%HE*@F5?mMKXC)(F|HUp?@7X%+iz+(!%lRKdiPBDQTRbu{L)KpS5{zv-FY>8>6M% z+(H*hSV1L=E|?7jNE))}B66a&RluBwP3E5IsbeKCYhq^ynb-y?LYz>3-2^qh1yfcs%r_lST+ zR6ZZd?vLLci8t}RG$nM6pA?9t%V$+v`9L=>@0i5ltKBDRw&zGFnR5DH$sTSIrNj;- zOR#2tV}pZ@Z)}uRli7DuRXqT!PlFyOm?5G^z!n$$Sg_>$?$$Sv2g&x zk5W=n{$TjF%_o~4C015hpXCIrRFL?{XC^&Q75%*Q@)jkx?S#!&jJAibcz~B4~!KB*WX;=u`}K6$?AYgA`SPk{W208g5`lJ zyWU=2mfm%ax$8!+f*87WmkDCjMXQ>oW=p+@|Y~06MOS ziYwsRS*PV9*yebJ^#H%WGa7_9_>Iz@KpWB3aNlKCDiJX;3q16QaoTBYAs#!Akn>&m z#CywNKU;1Jzh2G=w0&w^+%R|=yUD}kB`64p6y@Y_^74+Ayl9=d9XY;;Q=#y)Joq3t zjYd!~ik=+x`jZ6w3=jWv00qxWTb2g=Jw|#(9Yzn!VSbC^s`%oEz7a~SzIMR9@^8fR z7Zw(Ru-aAkq+14mM3-tfgJ{Eh88`*;8`s4yzk>v;@@ToknV?>KA3pCabl-g{ndnZ1V=ytSe66jdM7rcN*B;5v&W?q3^Zixbbo-bzvsS~>>y*vAlHi*IbMUfqvm!7a7QrlH2E{7gHCdAn6w&1#4r9fY2oyvb^R z2=Q7Rvy#JYM;m43f>ciL^oiF~d)e1tJ#L_t+WMqeVK8sV7eG?<5ve1pZFlz|CG*kYn>s{bZbR#@?? ziLRq2oSgLrL+Fu-6i zxt$MG#fH#!jNDe^>S`Wd`gl3Vu>we2*ygdGn9qGG`L|i^L2{rw%Zw9%qou- z+$4SHLLCi3B7j27P)N(3UDqwHFWV1dJ!t|Gd}joX!*+0_5(hlESqgmC=6x{`bka$}P&k|fKip8@p~o-q z`w7?%udDg|reRJ=!EWGJb>T&Mu2}tk!;>J24PnO_^ZJ-t*)o*nL-H2{z{aLo3Mk)(7 z7`Q%5Dvo{wRQ`KGU=)C(@0z~=7QhHZ(d@jotLR8OA_3cR$)du`tNqiJMGbZ?vdQ> zTBmwWbm~n(OYIsGZ5$?~xt#g%%l9`CMh6Pq0eEwxUo(0iAsC^`G3uY{Z~~ zI1FT#KmqjG)6F-t97U6y~z&~QGz?nFruqxi(q)U@k-6kg|n;>?W za@hDWF3!-WgMD|Y7q%a#7LCN6oSd*?4?|Ht2s}jI!eT+J@hEbl(PskaZYS9@2Oyn> zoTzV3uhvETg~lupcAR7_y?%ZpptO-DY+hu<5If5#_q%RW&F}cDN|LCEsOWF`v#m?{ z`7m{mS;B`6lmAHg^`4by*n{8WRE8HIARXSg-6}Tigr(r9xs|TIyqE;k+|j}-Vbt;j zYuEz^%ujo{t8GgCxbq1ZYZwrJa%@isI3p2N>8^m(QBSxxqDxQ6ACu%QB?XJ)GqN-n977D`x^Z4< z***mjqJC|3#Rq(oDJLxxetol`yhk67`(@yGRFSm;7;h8if1|@i_*%nJmVs)BY9!K6 zVcAL+v!W%5-D;(pBR*}012PYA0*6N@Z}r2QvnW55H-E$4uM!jInN}7FkdwQ{n3O$q zsHOGsMSN-JsKvU7$5q%nqjtWuXRB*#O0wdI-->c`tp^z>rC{9L{0$4kU{=h^qMPJb z>(@6w)NIzR5tssd6-WT9Vr-N9yHd@(xz=%3%1}c@ib(m(*_M!EV1WNvQfqb9m3~@+ z8r`d_C=**9-xJ2lDcW?}>vVCPzoRk)o8Lp`mTB7S=5* z|23*Z1N~6{Sa9-iK93XOXa_6|ZK2aNX&T_Tfo*deQr6PujDsl^7Gn zjA%4Nmd=fOu1iUNC?VPN3Xh18+e=>q@o`#<#V$RiD5kM$M^KNjOBfiC!3k`su?AbJ zsLQ7gRo@+l`NzzV2VXTHSMci&_(rT8Y|W~S$H=*DA&50i##_{^zPcLy&C~wmz&mvb zIvvMrkoI~tH^~vl)o?%kqr$EG^ta*=qMC+CRFa#t5+9Eg5byd#gHb! z?g=>7zUSyMYP`RK6_oVBkp4?j)h0*n+^oll`{Jx;l-U;+Ot4Ho>DpTi^n-2?s3QJ= zm)`l|?__@Vwz1ONl)=iXs%h|5V`&IUn72FTK)2eFGyv2qpzAR*kgd0!#o~0wzxwgrIM}JpZr4Rg31vlLCwycAl-xI&N|0kpdK67R@0tv4* zJHlypJ^ac))miBS#AoW`^fR`>uJ22TftmehzyFr)>6#%XUyBf>|9(Rh2>rf2cP!m; zJQ65md9oDAlWSfVg-+Gb=|`9M0tsFPXBA&)25d)n5GB%2FarfIK8f+b=U@|L{% zwHuF*$&GL3{+1Zwn>xg7G!tU$sd$lipV)%1cpsmkSh&xavcv_xyj)|A7Ku`!D!Ek* zMmLo(AS8Zpu&_woXJ^=dL+wb7lL$Bz&x^4MJdM?U}%{5un{mzLs7*U9y%yrDo zpN$lePp0qYXW!8fQ1D%QZy&= zqxxI>Kks`J%$%T$2XEPAjSvT9B=jF(Wf*+j7R=a7a-+5iOyS@S#JyNn`*DUug2TTL6WzJYs+qb>gM*^SxVA0N=UHk@tVak z2Zgd5UK5|=b!EkLL}*>_nj0hSg}*o|hmR$OB|tyjYvV_GtzU=yC1?cQKbh)fiqp2< z!1KI5$>xs~8Eh-hShx@&inm7(_ONqNb3Gf`$+8Jjti03%MKq6=Acg|!ck-Z&_>vT6 zOl9mUU1q}Peq*Fm8|h_&8BNL0mo4~`#_dm|A{>|hKCd@75^1F7_uQ^-D>c$!C#S-A zF-DWQuWXJ)N|HM)<)v6g%un3zFTd)Rg6BCak-F*`E52%v`MpksNwxj)ormlFn3Znj z=H~N*c8QLji*(i%(tXY)V$-S5+^i4Aw3~f+V@ufesM%g1T`Ar?$d$Kmee7-(@P0M3 z?P%!3lp3osbjXl5=kTWf3w!bYgj_w1<5e@#9WI3rzrL{O76z+@-H~r(aa7r_Vq-AYV&HitbXf<8hpGl6SgIs3YNvxfX7%fS zd2f-j$G12m0nCrM;Z6rVE5;~#Ee}~|r|nF4#?7gp5_lA=3A59(jU89kwcbov+Q0W^J9u1ok-!N^DQQ_=tEi-^?YRMm)Ck7saDZ;M@x-g zp|a`0<>@Kx@|*;eV~AFE+-|Yl*TP2cfiz=g>3|2<=hlnYY2F;Y{vz)<-XF$#TG^w@ z2XvgUuQTQIH*?>k#L2Qdf7!@Jk_cbiO3!8J%UO8Crn*`lCXkUYE_X>%KeaUu?o7FK zy`#k+zsI%f)qT~1ds;eLeT%2qSqZUTZV8q#ZC77u1AV+7ewjDNrQN{8vl4}(rxTcp z75F{eC1ge2L;Se!R${>uou3ZlL(P;2RqLB4DD3p7G`ak0_OV7d%-jQ4lugN7pCdYD zdyTw2`_AmRLxuDsvhRsBAIfGXUGpw8ucT0I;1+GL*~N*x*27isr4J~_7_Cz9$pn;M z@}?+dU3RFiLTpV4WxP&X|{wt|}$JFzFMm0N~tqRF`A0Vo?Pkbjrhp^8zdD!i$ z$`M2X&HYvovPa)u7#JK_1v*93KpuHmKui%|NtaSg_T!3^vq`=M@r$7R7PmrJCGJzN z44~_GB8QICi7`WbG!R+>8-6@ZX^E9qx(eaRR zE^&ACRMTuxmdbS9y^z-mq{Xu2Wzv8njT;l95b8UmkoW~za(gm)Vn_RMb6r4pH zmakPhoyeUaTZ$rW90t}CmG$PH^SL-(zJTh%#__? zlNYz`dup$1+`Ft0(nx`JShH3>)s61mK96bGwfB^SZ@$;^Y!@|L6yze0;mot~Ui?c_!P2mbX>7=PnZlUmoJmCpahm z{OUwcP3oFJdwDA%B-f!;zzE?cgOIAvbf3U)q*WH}sF+Aj{1o>Xr)RsTrRe{FhVI6c z**CM>5cR-kABcC{9@8;*cJ5uPS|OxFIoG? z43nUK8Ymmc$^J3*#8Fblzkwk9iSKk{dW>Ob|-@^@4uvBSc zi0;sxcdZBp+i-wGVEFUJ%x8zzsw$i~Kcs#qy1@Wf8&4(KXMpygnqJS3W?9FNaRhGM z3w+q<^){Ml>~jU)t*;|)E}(I8_POn4NKDEK1MBEHi0mc4ocFA@6%-7zWsi(LazK-1 zrk78!0Tht(mc1%%*|bN3l*MW#{Eo_2CN7w|fZHvRYMFK{oHj2Zgu}G_k%&Yqj3U1%SY(>I3D>rG=IKI*78uu&4Wh5@=+<9qq=th?Xq-3q* ze#~vjw-+Ef;{*Y5Q%1ZnSeX%~e=Lx%bz*$QVa2UDAv4*eXc9JY((SMtbM@Ep)ty4d z0e+l&d`3hUQ4e&ZE3Y*afD1^>6}3tO4nCznR&Flpc5$aKgqPR?T`7}c9u8l^K~liF`mJk1M9H~q`*wEn)mtPU^4t*WG6@dFZpupPwdY*$d^O5UW-X01&Q=Q z*ZTE2wG+GD=L72@a8TN%k>17ps4|YWx$^2KvP)#M-^$8%W^nhl*n%$;&OB#Jq7$0`ty|7UubF78AwLCpnK7e|$4D1z^ z-+scZ@9pbmNzD# zFXx17Si;^j1qC_VV1>f5E9H3?!$jhdW02)&0wS z_Y}#FMwM#S-nb#Xhu<#u_FnkR;(65vcO*=3h%Emm*C2h5v9adYNSr0ocn$qzzG$P} zn<)l@WqC_Lj*b>&iL$43OYZ@#+2_8BK_Om6Ynf1DO5W=g*z4< zcTn63ZJycr4tTZcNNApdw^!^zAlGQ|^XP1tjTa~|O^u$MV)aOi`L$r0K zE5D~;0e(qiU&%26ksx-GaH~`HB6oa0YaWX~#-n`$lMv}+%Pr&8!qgfH^?xKbqSr|T z>Fu$PgC)CeO8C6OTy-UY@QiHucTm@+%uqOFCooMb^zM_0Nx@Q@y(6Jb(jx*&);7qe zi(ey$MzhzLj&&)zjj3kdM}$#zRlmzWWSg7r|;?|zt9>CI}yxMX$Cq>vyl$4)=HMIf&oV61iH32kGILM&(3MRF(? zK>&ANrg1FRxp+UjVKJrH{8~)yU8Ee9gqpBqno+v{X6@6^W|+#f?Kb8h5iewbIgmtV zr>ZckmSF`@zR~PR!~Drg8COI?qlQ#Xh5Y2G9Z?fQsu~hDK^$SKbE22*Y;l^>-6J7vEf0?tv49ujzBsJGkM(FJE;PY(u(7oAcjEh7X>NC3>auqkj zgGa6wKH*xpzy&&V7n_OEVO!hm<6ZAZtp(E_8TR1odv7->2JR)E$WPMUf%Yp zSl*Lm&0KVkW@E)q^wy0vrHL+dmj+(P(e`F-hCX;~Mu@W8PV>?DM$&+Zc&qN0UveAe zjdgdhi<0}kuAg*aQ=Yv#j>u$!fY0Yj8o0B_*hI;*H51wO%+NAld4PFgC1U*GzX9#eV_Wu z&5p!GKezhZDDRU>pGc;^yfJ3$My~VGGAT^%y)3GCApUih#t`TXX0rA?#)LC7g`t`gU(&pVi^Y z>^JmAe59HE(tSrVW@WE5FHw;Y(m|Ld_sHO#G`!<$rD!pB#*07Z8zX|yC?QPr&#y|5 zjFormG|la&DC`OxG=F=88ckPzhutT?6g-f=NY0+@+DDfxeLoqlm8yAXdO!LiWt;h- zh|Oo87*>_=2d`raINuPw5;ppuW8GAK(sFWmB{|%z6mnY*qOPZR6zS+U2jX%b%YErD z_|aE<&`;rrdknJ&@sY-{{%)lQGYiVD;m~A92T!>MLpaoo%bEz1Y{1v(pGvQh^JvB- zbR+v3bJ~Mzu>~W)QAyc<5z_|79b2bA)E8REQ|b|$Y9?VKbR+$Zu7*#nuiUoscz$xw znUEB>%6n%x=Ag=B=UuA~?US3AjBPyQY01QR2hfQ6V!LaH;v07lnfa3-i_nGNy*>L< z7aMUeNg&e_21lL8rtJ&l5mu~6O9ZwC)g!hpkQ(pMqy9FVQdOM3uFr#__mt-3V-Y<7~ zE4!DBKAbRR|4CF6u=;gU$)z0MwS zqnYzcxZ*f+I$skJ0<-@zUKEo|@w43`yPb|$Qaw+G1Oz#xL38L=N8}?(rva0|IALWd zdBTA^3eD zKjQJ|Gb$M-Mb``%fr6n{Kp3z~b!{0A0Lq{c88p9caI(I8cj9b&G5Q}w>g;F)5EWRV za^;*xFFJx+{L-PJ{ivOcJp; z+rijt&3u9lu>xR)A8OqcAKDE*D^p;>rw+JE&)p3$q@oOQM-fDQi%1U@QQ_>ydY|^Y zYnlE=U7=+cDsRihfkwgfw zz58iKfeeU~#HmAJg|wg^6Rzu@+F4(lLJ0QB;1znzDAcKtdj$AVq>(_aXlXEpittnt z+85=^$90U@hY%e$UmXz96U_KGpm7fgEc%Nk&_m7}?`Be@w>*XIL5h`!hTH5c_9sJ* z7}YVb+_8t^n&*BF2-R_JM%tSG_Ovi-eM-R zjC6>@`vZ#a#ZC3n$GKjk+A1deD&9b2soM?Zgd;SC*n0O3`qQ6gC?2{io5vZwB3s89 z0ouzb4>z;%`_YSUp@2sdGJx84J)5Yrfg@@-RJaH3JIoyT)ac9Z%>s?zeG4c#IfFW*gcoW+l!LCB2adhyJf2TJYUcH+{=vedtWK}x5K7l*+Pt@hSg>uJI z$hSTMmu%4xS=g@4L1z}B;300D zh$A2rdDzlp6*eZO zoF<=|GWz~lkV!k8m+w6%?O zBc0v(b0;eyCAHm{L-6zVPhmSP^PjgSCKoQ4x%?_1;plKAbVHiseAi4UIiE%Wn54t_ zY^f;>%u@|2VfCK3ROjY*jZl?gA!v}c=Y634mcyp}WATXy5ZBJe4L%RgoM2CE95skj zy?7Txb-tdAKjZY;ahp_^NS{h9Ij;#)pwBm_-ltw}>yC#k0XoNCm-DK-U)UG|utO5N4zr94gjH;U%gUyHL;wKATbXk2jZw!C$>F;# zjs3rG$deVQISg_7pb{eD>Bh`BQPqHaQAV=C$ZtD$*{E2EDkvPM-(CGl(gulxy%VxI z4Ta>R;AQj+p+JUIJ~V+Yxa9nt4P$9LQd)_4T0s@0e3h+p<*0Pf4(KZ2uA-^x-V8~0 zm3y~0;LD5150!r2O4~2Aej7W3N8KLizVz^ewlkQgz1qGgx`NnGuAA03_yW$ zXd}gQYk`)g8juZucFztE=K3U$E=>Uip;$BPfxtk~Ub3LC#FYH9#Z(BFOdlPn-MJRb zNBWuv1#8Zkx~W+z4fWaHoQn$E$6@BUX+V$^7-$@xW3>og%}qN;z$kuehS!W{+A<39 z52ui(rV7Bn9H9Du5V>ajvCqYebVD45DrMvXB?c*2VC`p0QD%C1eQ@-M9jhf&f`6GN zqk1PxTSYPJuvw4A zEYz5cJ?A|!P?qNyS0P0x8UqTdfN?k4DU6AS2)>VH z$bc5leUUOLuCAg;zg$kn@nM%5fPd@A@c~U7fUDw_r}viz_?z87|Byv2lWQGrorL&T z1UsRjwDgCR6)l!gAZM^3e&zt6k}>*P#~+(U!`Mg}F#81D0_1u~MIDXgTNP5qe@q}d z3&1(CGrJ>7?-u&Er5o$>+)9&sM_^TEZCJC`BaYF0jMI1|xZAj##;v&StM+VdI&sbF#7CwV=7NMiw>gsB@ zu5G`1F|S-VP+1cFu+jt7ov(J{AQ|Dp{^ky*ShqNFNWdOlXGqHj%AyCW+QRc)0`-Ji z02W0y7X{UBv_q296l@3-ECxafgZ-4<6bT%Ze0R2*h4p5L#{?wRF~Es!yS%}Lf<(BF z5FW_yQ63`1_lCNTS~JVgPMk1p4Qf-uM54~DBBI6kB-|iEgE#)dLn(ouKJGE(w9V?S zUp}`MJU+*YAU&40i$v27n|j8nhqboZBjDB>4h4QQtUjFr<|0%fN~^BI%C= zoA|ES(`xB6M`y4sE>bj?(}rn8Mespj>z5JP=66+X^3%c?(=SOQ!4(UN?vk2UIha(8 zxSC_OQ**2seIh5W0zJ!Tf2mkV$pz+t?Dt?cDS zC+zw`38=tAMN(KMJ56zsH3+x~U?OTE%);0Ua1mGl(a;bKgwd1FLn28IQJ4ziFuiP^ z4AX+iH^$XnBdRb+RFqhMh~{qw5)iA}W0u6U~P4M>7#)oXn z-*V|C-eC4O^A3=rEwg_^2sE7Nz;fFryVmfj%aenlraFKE*n=Fxf`9yU;+2PmbB18IT%iBA)oJ^cIG za+)X+V0bq89LH0}qSt~o=P=*ZH6!KSv7YQ!*duBA!;u9Ijix^X^A{WFQEXe=U4v!>QWz|g)wXC1 z`1VL5#~^)YQdnTU9}W2@d0>+a-|ubIcRkp_fUzg34j=H&VS7gx^+_Oql#c$ZwgDBH z)$N|9(ymepjj_&}AG2GCVXF$uPqR2&|6DCrvOi~STf^CqPS4z@h~|gsCmnn;3IJn9 zeq{&L9LTSIXF=NV%yyE?63$PW^R^a}PT&Ch!SpS*VJ(*puEi)X*C>(2B*Rs{^w!_( zx5PEAA+8Oull|n*t4EqyIg)vo8|V6CaKsC~LzIsnar`0b2x@(( z;KjLPilXz#00rPK1ut8)QTM`pln})0oe#4?)*@2AW1=7H|N*L!%q8v#YG$mb$zq>fyb&QI5-k5`iv>f4DDQSONK0SuV zk&iYGZkzEprcGQ@6F^s6PPV4`b8iG=l85!B4YwU7 z;;3KbL6*SS#rYFPr>}cWTrH8?p>FD*KSfZhhr3V&1v=O7ir(N6zt+56?kM zniuj3#G(geFs4Y+(CmqOpzZlb`x==}Tn2T9GAVEzm#sbQXR|EhyF5n( z+#&+u5r8|M5uLSb@yvm|(F&L*(4uE|=C3k-5fUw<`IIkYo!7#6)`<@9KmuxuxO-c+ zJOV*b>i@;G5NKkD%_jUs)ukaM=qe}v-BvlC=Y&ZyE(%oqtbBIWOv9aQm*(MK#QHJ0!sQPlT z$T9$M1LER^RzX5&SxSBNYxw>u8O-@o^11PK2R3Dp&a$@{DhnUpna#$#Q3ZED8ndvu zJBl(u-`8M2lmlSri*`A)XF9WK2o&+?)N5gM0y@}+rz}K2R;6n6)x@jDIt$~Jxq@Bzr z{j&@HFGoVp=-xDQuhZmyRNl)K*bYV;2KZLLJ2|*3y(td58dbV>PopQo z!W8}qHS77elbvAylk}=Eev9A__@}kDS*j|~bl=M;eLZ`81UBl&+1f!FK4QQyxz|#9_d3?hXVW7NAHvL2e;4Rq|D$VU8VoNU1mKonM8+>(*6c z>8xFa^DpWR6rEe);`u@yG2lvJ=V%~M0T}*N#kR^tCBc6iY&1LZHGBpaRI9J#Gi^Ty zlrjxmQVB$3 zBOt!=i7QgtfTpu^$C5K27Rhv`fgmV^XHM+ZM%ja}M!#|)8Aa zsiDRR;&-#Y>Nh8Ig5@1*mX;Rw##UoC@&tYc1fX2@%eRL1kSM&)lFnxKnvs|H zy6WXOzrNlp&}?^!FV^h^Ix6O$YGn{|{_;}?g!23+=o8F1^Rg7Kd|#C-K6_}P*W97LL`Laa|mlN}&#O)rjCdlbO z2H1$XAH)0IN40->I*Td&4QirQ__FB;gBzEI9drKGC~X3NGF3O#r7ymh#7i#9^G64k zOFTY{6Cc`Lk3m00liio)db_DLf&aZRi+A`Wwd(Y0lHMGPM-@ZjcL0phkpPx<@xE)~R;PVv= z*+{JQfyCwG_n%o?bvVe6qtV87Oufi`(1!Vgm<3$9sNzm`PbiitI;?SU@DBv2@j8*@ zpKr}myI;@-pD?aft=^^>7F#8)qLE)a$>Rk;mtkw2q|$6%u}JC=l!UE{EJ5GXbLBIT zU%673AEvvr(CZD#D&h;TD2&MZz&=~6=jG}#!5WS(LY1{wA(lQwZ4W*&5u0O^{tz0-rL>X%$4WQy02W6AKVCno^HGH2#Klp4Qp4wjIq$R&x z_A$|eD|jYf&BZso>zc$RaWa08LFc0qR>Wan6SRuf=)tA{aJL8#P3{+Us?&V5WHq+& zj9j0xhioU(`VQ9$J5VDNV%IKgr;-g3DSdaOa+Zn3k+4^XQ^|xq2X`9jaUT>oBBMT+ zGx9@zB;7XKRL`KGWbn~OJj|Oq*Bk(!yNV@e%->KwSoo#0V_Q?=Ze{$cIj0m#+#z?P zMYt@f+m|O%43}x|UNe!Sb-aZ-x}HawGF#buK9owz5Y-Y75kYoEcvz$Yi{z_#a2F8? z6ztIb_~Vf}*LT2abCl8_`0GBg-z`u3oWTEn4cPbS_Z^g_ z#(J-rtlWIw%i8UGe}w~0&xE@4W3(kL&MmDF?0{%S6(oYA0=2cZ`4+kGH3fx;sDYOK zq`K0NDSnsItjaYdBd~IlnIFdQY~rrU6(&xX4*w$2%^z+_N@2+>E1x@gP4MNNdYSLj z%k#M4j(&A3(h3qdbV{)mh$`c?xMiKW; z)>|2~L2fQQP2*L69a)4p%{)F1sVpsMasl!xli44}?-%qj+BWAJ>D!|47iduh9ob$F z+6L%O5j*xG8l6=<)xj{MLg$ZF33VMV;}*%grF+xm)+ZU7ZPio`X*3lTmCuYCDGMVe z)M6VPx!E7|C?AGb&9qWt=~sDpU;}E2XXbM?EB@-%^&I|H82%zoot#LW>SL&EUY&*# z_S9hWM&u-3RnEXDo36qlnYQI>#Zy<`5`oH4FzUyTlwh9;GkF>0H2C~#6=?s!_%z=6 z;$1C@l?KLN=UG1e#eYtyeKrK_6hwPPoz1rF+bNJ@H^Za$w8;MOk6J`PQdnwSa@PfV z)eUhXmZs=G%b~qeRo2vy-|sl6{Cz9_fzpd zmnWEi1&9mhp20gd_dG(sq%Ni!O@FbqCA&t?ohNp^cNwdf3>`EPseACmzP&gQHNur09QqmhB4z?8sRHN!ljdy-W&i@9%IUDxTE_-dDV>m<|Y$k*3|K)QAr znRO}}*%3(n;1Xe!)u^hDp5$YQ*w+@AH07!||5)OSzMR;Kf?_*5TX#(LY++ys(!r#R z>)g=9Q=c}zzJ7ZnkboQ{bh8YPz5>Kg1?%deH9NOjFH};FlSi$i0JId&vhFfn^QL>4-e<-WxQXnhIWGBSItxb zgwMY`OgE!B5y77~xy{$p6bKmK_!L5nb!KBvG#NKh9)q*hsncEg*H?87zjQa{W>!9t z67s$=EU)>(G>$))@ySHd@oinYozXgp)x65?MlWkG-uvmRU-!O;H)1q-tD7jRBMo9> zuM4UsP)lrjl)vwX&BrqWRcoU$Z$>-#Xq;~ZBTjN3Jok5e5e#dUd{0Aqy+*?PCKqtwNSo^%o?>BLv5c|~k7G$T!Hiq3!)`}0i?D^N`=fOl-=P_eyqXuKh z{~A78&^$yYIZ~C^bq)H>*K3WWZW2J7AD9-*hJipIS?~NO@mKrJ#{Z6oo@+qSKAV6F zb_seIHcvsuXoBOmvQcP?5oy3JyXMs==zMsXE3InG>=o8!%Tr%F&cp9IO#ly;f_?Ae zv#ct3Y&Zgzf3GScWmP?CfMl}OJi!VSvh7X=(JyaLwk+kzj>C8BaqQAmjns8NP{ksb zK(9!<6;0((igfp*-CGJz+NJG>9BkL<7$AOBrx13q_}HXbr%Fl4)J)nB<#R+e*e3ao zkn9grFD7EVjvzjT?*`#^2hGI}lQXn9wYcJi<;q6k`^iPzPbfHlzJKYaj_ax&_w6UD z;x@EBy{?FY?caKl*FLzh;Wlvu>_rF)Vc^|SaI69~@MWlC$047lF;A5Zk6?k}H<`lc zh;h`3FD4oZ5xZxNqfl>Bx5v>j=l7BrdJ8J4GmLy$mKeqZih6^5zHnQFrZ@2e&R6x3 zk`h=Eg1XzVeJ&xP&pW*qTwjFz>IXgQN$?}7xD(7HxRLMaeimrw3GsXpd=Zb3P0&&u zRVU?rqxu)1Ad2aews3pAJ$_v_5KA)q6UoF%{&aV=+(5Vu+Gao_Nhvp3a|bZ!#RCq# z;0Xf}$#t=)*6Z}t0?q4YY26T@$?n&~W!~#n9GG?4DRjC)@^U#+I60{dc2L(*@3!1Y z@F|5kOe0#z_{o;EsA5Rpom)|xT)^jYATcvw4tH07bd;bDf^3s1D~)<*ZNcbCwyb^J;*8 zb>*?6Om2M?O}(6LnuStzoKS8XR2{X=sTpAu*O1@Er)mXT)j)$>?}Dl@EnH*}ojQuzDL**ET>gCZxOocQ`Rw?Sql9T#g#_kr= zBMA^*+FH`H`JOF5t{zi@0(63re>b3yRhrZd$-aDwpIO+XMI|F^hHGT*n_Rjhf2pz3 zv46smEk8cXSHa3S->YzU&inV3L2GsxXf90q(y=+TzP^q)ebVJMeCvDGPtMKF4Q7xV zK0jy!pECB2f4}hVr)!2|2o^gGZPVTch5d5{9Z>g;%)5i`{uYP+AtQ9rixEFEj~y|7 z{sV3bwa-Gf7n^d<&V{I~+ttG^DQ#qF()MpFsW!Cbo7g2)6CvVmfh-lHGEEaqHgfK>ZYA?Lf792{~Sy1)T=wLd*4SvL< zoWLeu&8~F(B$Ti6OMf!fZ|swY$F_`@57A_`_uWkms=VWoyt~=Gq!c_;^voXXbWLKk zKs-c51z0IfT*rxmb0Yo5h?x{bWy25z>v9mO+TwC0ax)v#P^W| zSJ0CXIQrt+4_V3iRJk`6F;T=B2+8MH5WO+~UFwGkPmvA1FOER|9#b!=7j$i}Gt1C6 zaZ%GAxJ!#x0Nj7N-$*Bf@1ALf-Wo#M+(Vw~n(wObyuW-5FX6;kp!<$s#MzG{T2P|tZ7)@gHO?ZY_)U)@&YMjOYH52DKz$5Z$6-QHp8S)|oEVLmI*$DZ z5o$&h9NH<#IlgTZ__9o5zk{1bo|7IT_Nsww%er_Cl+n3>&Q6n?Fwm0v@mJULkKJ1W*Qll;xLCul`3Hf(Slt>V~-G1645pNzuuGtgI?d_+j9&e>IlZ zkauX##TC*nse+`M~<^=77!PsA`;_>9;$wO}S51!bzpZK_l~z8y0C^f&(3Yz@~` z?us>!OPdTP5+E9bmb_8Bd`H92iFZZaVHpqfM1y>v%?5g3GKc5Loer!^BB%S%makp% zZ)>C$va$;s@4~IJne}mCgH1I9R2Q`gO;JHsva&VbvI8Bv%+L2ZO^3U@oYuH#$_24P z=B$_4ZhPPa3i0RMiVWWlbi|qem=du-?w{K0>b|n`Ov5kfyQRSZ-~?NKSs`|@jZ0+2 zUJYp+eP;ZDW4+>S-7^nUVz1-LBrMZxk;EbRx~rQ|sab9 zUlZk?h?I#nFosg3=kmIKE$mLxV?ijeDBOHF7hXvufK7sKBPvK{=WLhI32rC@Wk1<{f>8<2FwXG#_ccwC*Cax2IXG|tPlmc4Be@cPh3&E`-Yq6rE)&3B4%>#!MTK_ zqH(JC`unOhWvbvXd}H0PTPC@#aaTRHzrM zp9j~0Nys_V8I&Zpgak;#+cN5$-!`JDETr}eo3am)T918t^Hq@E1oAk$h_BMfV*4-R z7%#V4l_(52QrOkMwA9jSC_n(DHSve%(~U=SYXjLT|^US7Qy6(r}7?kNjH1HS{&$ zTxxT{L86z9GZ=#iIV^cxYe~zw;}JCY&&UV;2g(OH4#N^o%fxjLcV)TV7!R6c13J9T zB%<$M$_>X;Hb(wNUIxnfp;{*Lw$hT@Afj!GSMqf$fT!3Ny|SK0ZE_xS;P!4`J$&Xb zuwnF9H8|GewV{w?j@Z%pP0uE0!T<*tAigIkk;r+UhPLw_WVy6j2|)P342U0LUnM=w z=yx4vH*l!oS7`VV`K#+^xtWvQk!8N&8$x7B(M;0D3vX~=Q1pn%yrIz$M{a3y|nP)iHx_q+uiS~3JHG7#lCZ(rhn-)jp ze^btFa<2NqebXNYi?12=>e);3q&EzH4ErS(YuhSh zR&l?ozZRLJy|t1~i8vNtFU+4olIN@hP zm_PE2e(wHmz#652>p#Wv)l#>En)4&7Ww&7bitsy7@gM`!t?(}BFF!F}v{Qn(cDd1| zduE7tBejB%aWv|R_t1`nj{?*Tx7h{QuNA_ExP&aDX@5NAKC@wOv6W*U{C(D%n+!>c zklBMp+!jtH;>HUuRo-APN~lnp;83tVWE@TJ5SkM6Q@uzMlSgT{-Ef!HvXM)P_;H(% zUJ0>7GfjYZrc%TKE~FZ(hA)-BJ_MIw%pj&biU%QI*5hTc@8!(_{ITqrX&*Els zcnqi-Gnk`Pkc%u!Nl`7gG=SmQbLZ6*R-E5S(-Z#)&IMW*G$rE&TWM!sQ|o+GBXE;^ zH@=Akr-dPDiIR_55AKuho$_TBC<;3%C9&c$VM(^Im`lrcDQ>B=isAU@A zjr)&y9$2L)IxbPWw0l{$UL%3wY=z%7U)9);HYM)C z0-h8eFjbCom=%T+LM3U_%*RZwuiaZaJmyck{640wsq|1;KTrxQz@auBR6u2<0bT@9d}fp8VaT`nE0R_Bn$QSuDa5QpGy$JO$gd=4*Ee^5yx1 zP;YKKdj$kaZ_Zx{(py)*a!);LyGJ`si!b_E>C9?h{F9jzOjy`NyLDBF03e6sJq|9E zAc_j?cLTMOGW}?(bK7JV6GxvXq8X`%+OR(=wSDZ@Hq<6)(kR2zU?mx-b*Gx__tjOW zXmmx7Xe&YC9aR`ht9dW_f+uoNXazmDcfga+lc7p$qN!bGgzCp`cQI-TleRN^3?C}} z;CI)2HPt^=3p6rnj2oH2<_|Ax#PT`#ze|cR;;3ZnsZtnlpft1hGd$xX$q${B6s@m) zA8F>kai9>pkcyPow({DE9u_(wo}q)r$9ys$UX3+xzRZDg(AXwzd0-zl6{)_}AsR!? zDV(2>+#Bss*+n8E$qzXrfcWp^n|OTN3H+(Wgz2cvK1^IIo|;+{sKdQo##I7Ac7Jyj4co8!GXHEVy+a_rl~=10mvGak7Ya-zf=aVuj2IXX=yn zq&YyIgNzNxQKlg~Z0?jNL!2>k`KoNu;ZwxGZBnO`Df`4-)*q0%SuiBO$gQJK_pw$V z^?=%}Hd(+kexcN{Kd`PMURAhU(^#i}nA*qrN2Nsyvdw;+`JyoR z86H?pyo16?CIiY)p1tbEoCth_1srx3f_Km>yVdYLPOVR~01xvB`mAQCS*+j&==tiD zPv!OSi?Nk#5wHK@;x0}+;;%vketzh`_ zn)*$p=Z~^ar7#-MSY5jR@PAMJ4x{9E_M&{p^HPU!Exn1yo2X6UVxI zs09bLoKHYJ_ow$E2lJu9I9279+Uvhxq7k>37RWwenx*f%>J)qQZ7A6}tp#?pNh%R< zF|ZL)Use{od+K~QK^E853g#(%F;9PZ0yrRmQHE4CAd^_w5-f3d*b(=S>fJn!32r63=K z39JT;!sQoJrnqJaE=RSK0&=%i1*HnZ`t<^3*!{-Kb8`{V_%|A_Gx1-yRV1$eGRr`< z*E|y<4@Ka^y9lZn!2>f|f`vNlp$q;~#m(9{Y6^Fxd@#SeeJQxJs&En}&T8{gcOs5E z`xWeasH6UdK0}>G?U$gC5wPUxYJ-gB^>?@E&6;;hh~Td6fUY|rNrSKrfYEGAO- zCNUmO78CsA<0`f9(J*XDt^Uz;LNw<)6NEaGqe2) z%113pgeBZWUL9^}4Y+X;UmT9x{J0|2Ty7mdmoLh+sX4!X3Fl)Q6o5V47gs#Zs2I{h zoH~`*vdP38IacT)06>X4Trqu9`yAzTGdXn5n0Sb!O!UOhB1wRXB)hVfu{#IWsZ?XD zAP7(_eX4l%4@et~DulW+@JeqYoH=)Y0t1FTwj$^r$uoGI7Qsj{u8e5ARWK|&i_2|l zM7CsK=RZpl1z}t$u96_g7(35xXsLn9n1H}z2h7tU;w;s|cC_}C5GwKNzjg-YIvR|h zg*Kpi^rqkc_NjX*VY`X$#x$TwRpusygPK7r!y-K-m5nLvY+3EHZ#CA@7fNlzYm=Oi zI2<%^lO+MBJ~EFdDW)dNaQ=Pw<$2J$;r1fTir4P4>}7=kVLn&7y8Ij`?ylUh@DC+V zerYvKnA}kp%IAJs2q}1eO<&n?^Lz%{TIZP}&_?~6Y)A0m?=J0T^?b?lv}qit%n~X& z<%#rhdR!@U%_+rLBIa($c#Q$NAH#v{c8BI#G=W9|hcRS0i@3QN(txf;Jx^3vM+e)c zPsc9sgiR3kgX@FmW!Xn zC;L_+J%K#8NLDhsP@BHH!+C4Q(A<0UE%wfXc@PEpt8XSZ9GNPi?b9aGqm}SvVuo#f zEqp7AW$N*#528PI^ee8($+-N^W;dQyi3&+R5R%PUQEj7UW)v|^@pf6C+Bg@mDYn7W zYONY1^pbIlMxdZuVkzKcTXZU|CI#*fnv)e-oNQuZslE+35|( zz1G~ycIO`@+?QN0X&kwtFEY$S?hejd-9KGIbkH<#w>(?V;&-D7UoLG-?YSF%pOSOs zu3N)9SCEfen`9<3^>U=|MmsjYSgdb)UFSE{JeKh?MQpeia&sma8T}T2)*s)jkXG6+ zYs$d?`s-Z3Y}_@#febZ%eIXxcxyB- z@iCV$7V#^fL`|3DNQvscr|^Dac|lHP()KGJt`z_V=7qQDVu!A1&D_Ao5QM_-`OaBPn9|ASQB*VFG3-kaqL}IXQ@cZT`~5I z7ViAfW*DMBj0$<;_6jziIJd64LcW*NLnqcB{*XeMb&+l0qJ{?_o1pqa z&GGl`J2)7hnKhoXa8(*q(x+iR)!S)7141qx?_?Y+Ijfw7{BOtV=rKdCZ1yAy_B*gv zs)=@Dmd)3{$T3vwz9N`q;{-c>!C$blm|%*C1e#Re{F$&Z)VypQmeo%sxR*0AapIgU ztC&BJ3oO~&vl8M17e*M_HJ#_TYBh=0iNiy5rRkiPHiXGf|BIq}{DXShDfFX%9T_9s`Ja9!2 zF=0|wyw_r1`(s>3NvMQq25B@}hi%G1mZ7)KxXJsaJ_4UJN#<_odw@|ug|AhR8T7kl zj4Ugs>oPq(jISc20VPB4gt3Z(6z$!kF$lhBH5T%(dTq$o*cilV(gEk zlKgGKW_4&(e2)V>G0JDodt&w(ZJh^;ZA?#|`HPXo#d+@xH2*aaH4O2;)uVJyv_}i3 zwnIQ5f&X8}_CJ9<*s%o!`(edS*36oQx(zud#Mb5&DZPImPh4M{*W}`LX}(iGXBY9SEgEd+aq6c#1F2nQ8m3SL>^)n)QxOOFY zzM*DCW4}c?ptg%m(^^^B41JQa)>=jTa(Zp8Fz6GrKH+$-7Nz%li}hQ|#}&KoeJY>+ zN?w2+t!Z3nyTAF!vxo4X%L2o3LSzzszPe=z*W|OIyNKDDrM>$pcLdE`VVHyLck|q< zD|AObW*h6Kmm&H#Y}+S-gMW($6CSwX^*DWb&uq5$H%6^bi}3AY%9M`n&+icBfFg+Q zZ)JebVEYkVzb}Oo1bopp?X3i6b_@n!95CCnphKs=5xjCiQ~zUL$rv@U|K~UkE!qkc z5V(pS4D@7$ZsQt~d>AOizez9+E#+k1Ih+P(=5Qx)aiyR!Er?b~d)|e>{w&`z zs?!&h-j}oQ!_ZUPok4@6GRRQxEj8({6|p?f7%$* z^{2o3?21@M3qp%LAw?+F;YDJA9U5b=!}u!H{_U=^YWkO~Ivv0CKWThnT^FKapz5&Y z5WBag^S9UqcoXS2%uUHvLYipetJ!*QiEMhF5_U-;&tjnzx+RScf(g5d+7>xc#9H7p}wdcawir?Bz)k(bw0< zFM_t_1RV^MWD%W*J}?gw39YeQpUi!@NUHhy>?2HclDMRn-N~-hzV%eF zU*+bXIyX^`Jg8p4ZI}$IlsA@~%-(t?b$qql^4I+bM5GcVD}NjN z)Jg&fZj({!r^uEoi9{Qn8{s!|rw|0O#+WLV#I>w~80Fc*?WM1;2EW(uo-N%vda90& zr79*|V8iJZ`);c}C@7B&olzMYC`Un#$$=beL>NiAd2dl4@LUdRIl)y+-+xDZk3ES# zt7ARlEm!nGUGpHKp|1;Y9+5?B_FVqvVGy7h%9K=T<0ts%`1l#TLCxoMO33$WoBU-z zK{hKZ>#eBcmYxj1n(z{T2uu7fva_A%&2x_E>%)B4X*6_vFhuayz6ne-75wm@t4{QV zp@nrA<)99f43wZw=6u$QKmd%y{wUYwt2988<;2UrxbhH!)GCElQrb=oXJ#7`VUprj zJ{HN1H~_*-HG86w&kyOdoy_x42Bag9Z_GHrC##$zPWtGX6enr`eB@^fwkcQ>Z$?7z zJm1vgo?7;5=0NIr5!8=%=P-U5J7FUml7#)#G5XvJDLsxYyY^bS8+zuuB%`HsAw0%L z!8g=!>ms>(FPL>Is{srj!tCu4(dKF2DB62Jkaqp{rd<<*3@xo6dPs#GpKDKeXgNxS zJr*0%k+0gmoS#p`z2^G5wqNIdLH(vZN+2Iozd}M{>)^wPXeljv1Kx#;ajb%3rJ$XS znwvC;+15OJtb{SX`L|_opx>7&;#q9oG;}E?Vwo_7(4=?hhU|T&nCT04-~M|f;0fIj z!S8DF<(F(|Ba6xIU$rpj%#mo$V^n14kZ*=nx$V?$KV&p4sU{ztnn5Ae%RAmSg=mM{ zg-u>Qz0V^x^DiM-&qN%y2zLm89F@Fz`VVcsw|^AjPn7FAC`OSJb78octC^_V&pz42 zX{%EJJr%8UsM@g^$fQ>w%s|5>yp{*4!Wf4GE9JbnVRIM+lQO$@4w=c_t)eOIDOcxXI?KnX* zBonVepX@@_KDs8oYVCej?bZ38ZO!X5sw}kW5jvsZkrZu0KnF#HMay=eVUX>Li&ssv zc~^E$QUprY9u2>s;0l-#`u+J8yzueW`=E`u`gI1?@A=Sh*mDO48)2h$s65(+os>v5j&gayl26^*YbjgkCP0eA?Md9s828zjRo~ z;OSh;Bc(vy50?R5dOXNoE|*=i=yIx3u+=VJv(9tyPlqMre*hyrWOy5=A#rG9$#J;` zl@uH>{B4;TCUx67>%AcW2)WgaRx#jOq#`E(%7ouc8+j02LNa;X^bf@Ln+Un{+dU0mC4_Xiq=NI4pGuxcO>oFjPL7+w*Uh2_=^3Z2(!|dX**|4j5>s@u! zRh{*Au(u@VWKs~`6|ugxhiVWgeN5X3FLviVAIGcYtHJakb$aO3~@rV>1Va-CM9wIp2bB{|(7!C!n^tN<(hw5s8kE z8)sbnQ0tgFogwt)>b~i3ChYic;oGuxly0Naz6qXP+^EQXLrt!i`3mji_bhAzDt2YM z@9VEn8x;3;$e$HcI~{Hi+s%1lhhe90UrT zv?(6NghUawp<(3~sD(HC&%nCsF=sf@ILSjo3t19 z(Wk8Dub%^Tf#vJop$9w8{zpZ7(3L=%ZeQG9+^~~&!*9VF57tE~yC6JDB`4(oqg}R# zN_wS4s)QG%>1bsrB8b1CpWs4X3gOkPoWC^^As&K|LN)x758p}b<6O6>$%zfoE+Oji z`V(UvU2kBQiD=q4hLUR*sitMjO9gl{aoHg5)E(fHpnmF*5Cj9}fGvg;ac1%J7gsY7 zmHGy9ts?8SoLe?~<5eO@fxBY?{})MD9TipgwJ-1@r65R%lyrl1haioB2n-$4Al)5; zbayvM4vpj>NH<8s(9I0pG2i^wx7Pf5@2op(?m1`gXFoxFBY@z~Tid{Wwp%h@eD9;i z7;*X5TV|(+&x57d#$F~>I@>q(HdAV)s-ooA%P;s(w!*n#TMkol zqrB_gb|mVgbCAu#(wEAR&X^kRCCx&U{~@R3+*Gb^+OMpj0S=$wSlBa~OB8$2y-?Y` zb4_QLwE4N-xW;xq`kuw8ZA6EeeWeG7K?$MkppX(B5KqtTIn5ArhUAsQoIcsD`KGuTg>&^sVCtoPOi!{pR#MtaIm*8A;LW(Y+C$GReK)_(JbRg@``JXKYsQ+Gj~f`8!wbWxBX^NX@m9^+Jm&QJs+0-alx9# z&i-qpc%phL&h*mpu$k>BQ9?BD=cmej+^oy`N-8?&UBwkMQWO% z<5uKZ-dFDS_4@17h6=fpL327c=Fj9~K1374B6~kZVw*y}wf**PIIj1O%DSy`2v{nm zEy-=PeHADuZpfU*7kP-md2ZQDA09>{DdLXxobN`9e7iUc$8|v&60|SDZ#+4|Cog4~ zo%HoX9F@gW%y=B}TIz5>zkt{0Q=c-k_(v;|OoeUQGhUzX4SYrN;kW-o1Y$9Z><4Po z2Rs96S`Pwgz5-0K*kcBUh>D+g)F#=eBswTL#35EXU6V^&Fk9z6Py|uvH>I?JxBmp% zPuexs+`GTf4Qg#^(tVJ_l59vIofK2(s)pto34H|GKCrnm4!lgw;7{j2;k30?)u`7= z$bbJS4{9?8CZJjsr4!@N-Aokhc+m(86eWrfdD`(q>28cLDx;>#(BY`gOk4JL()hsE z>{|LyWD1_{jNCxmoa=bT`*jgx;F#8x6`iPL_J^?JKe2{d+`nG9@=9)zz5r5lM*dJm zaU^xTJ_yj14ihL-5BaWn#ey6x$EBp`XY87>`^$FPQrx1uO5mwOCN?ALd0O zM?-Y&hxrxT9RBJ2i2W=#)JKPj^c+98Aip;$>)~ZO{1LweS*}Ssk%ReFkN^WxX2IJ+ zKAC(>cQ6vDav>imi^iL3_H)b(tDatP$w$Y!3lm5Q-ISilAd=}xIcn^l^xmYViYXHU z=w4yo%Nt~zHmHW4qy9V2@^6pxER$y zd>ZLHCvhx-=QE!Tc37}S3q1Ph5IIp1-#pijC+5IHa5vqK<{+Xf;SrJDY0q2x1KBx} zH7HcPEFJsW|Ce-f>b)JzVnY&MXh1WTNJ@#d9sG=J#=_Q;pW34khcg?Is0F;LZ{0T- z6E^&F7^WY60#x!ED^34YsNwP6%4Bj)d~Gd&*zh23S!11W|b7g zFxQ3CM7+Lh)blC;AGfvpG=;^ zs>hc_tETPJeYN)A+K+>O#L#CGzTVaT&ytpaBEuXsPI=W5LclV`=kkMsKd;D1xR75Z zzgvKnG;b&KjfJ{Wrsud13FFdNq+ja#0>e=KrfXaR$VtD#SN}GF2irEz4kLw=P4uSC z-0?hHPtqddI$E0Di>SaUSL;jRgT9Eips1sfHklS$(tTiz)_+RNKJc8a`_GkDyI%~f zYxMOAZ51fXay&)<-x!0S)}TAPxb8A--BHX6?rN)OMJGu>>Ym@1qsgI26HdcrXN;s! zHkN8cm;E-0Q%8o0MwkSRkcsE|C`@^{55a zS$2yK6HEjnI3dlHFMxnGqb!jjCd?VcGp|uT05q_MTpOm6>ngW)3V_grj~PuQB3>x44FTQG zFNmpM9)75L?;uIrjAMS+Gq6?>u(A4V6@P4d=}zHp-_^hObwK|J+!P_eNa$gGbUr(i^xim14QighpV9*0y^Z5Q46aosPB%%vO=R-XJ4T{wKcH#)$w zlo9R22&hGl*1zvp6a36!{ZlaPxJ8C`()tNJcoTd1>fsvA-7DyHJ9VX9ytA)kZ-W;Q zeh}tYKS+~o1iF4ss$~d4pzpnVE=)t)2S!}KziU6yB~vpbeuK2u0jXF#o` z`Eht6kIw`LBdfLa+f%L|WXXiX#;R-me#b_wM%Pe1P2uq&P}8=w<>@^1{`2QO{dU)F zoINA8i&D;7w|vObkFf59QLm3{S0UkT+8n7c1xd0l6$utB1GGf|U!zp%4- zVw7m5nl{Gy_WE``hyF-C-*^z3;iHmb*}x}9A`3P!cwVX*i*8Dr4b(qgn&4joks3_Z zp-uKRoO3{15EZFENtJ%SbUr)on03(eJR1P1p2{Xi^MoR69ggP2iI#;Zy`@8~lpAEb zFo-U|0XglpjAk4A(p0tGd|R+XkKLgX4o>??6H-b}zwZ71^Kv`Kz-gswn8bbWTi`#} zOn7@aq-!zDfI0N((y`s+_pHxEpZcKOR{4rUT%!+9WJo{m9I2@cK6Nf7f&C2OG<2(# zGJI1KEB5%CH@#P5XIPV~*A9A5?h8%{I@f-NUw4y4TYdQNCKY@}mm5c(dPyGZ<(GU& z0oVRpkbjow%C0P`EBxib)L1ja8`Do3#T8gKP$1SIG#=>&medxF$|5qd{qjfg*B zxxA%sekYvPz#tx;4vS-Pubqlr`7h?b&cC-3&s+$=!gB2o$i=yWC>APA$d36X`|WeG zx?i#x);*8dtE_uB^)H|Bn%h|S6alrjrK?zT{|?xHrRMt5y9JjSnTCPn&uD26@<> z9TSvV>Fs&eE;GA}A2@)2sS)Kbk8NEqq%Ms|m|Pg_wvjt6#=iEvfnZqfe_+<4#iwba zJs>}P+i2POO)2Z2$in{sSIrOo)hHB7=Zi#A3b_l=tuLt560qpHK-n!)EjOr6Xb;)4z5D(HY5eyN>zGk`%lUw%g7^b1#E?PW<{;$U4HqmOm-DX8Pq@zhL zsMZ%uC;#~&?Dc4Vv1oUFr80kVQ98$uz~|Wt`QHMm`(B?P|IZGZ)~sJ zQ^-6N?Gn1l23@y1JlHrOk^*k_Pd!}q!~e7TqW!i5(}WExAYkrxh*2sA2KPWDUcc~* zxAKc}>7N!AU7`sIHBn@CINAs~4V2AlcP3q#0wT(EM8}jaoKg1o+!q|Qi%=y^KFM3$ z2D6k`Ti$+0;$bXF&nYa3HCfuMMoOi#VJWUG4!b=ToX_*-|5WT)3i!8{c(wOne^0+S z2Hr9&)H7$DzN03_po+h}BvZ{m7EY=|hsYYzr}#s~FO)^)CAqulb9D62BEkdruwX@_ zER0~7{!>jW=ZR|7%XZE=AL`lPW?mZ;0xd87cQ;248}kX6aUuv{qARwg*%WaU8oq@I zwR3BY46C-{mt&T4_7G=Gc5w0t%l#YFw=OF1H3tBHgCz&kwyu&C3lri_kYV{3_pd4_F!A=@q}l!-b=ZnI{mCX)o4zpusJ>%>{x#`NiKz8dNI{&0Rh zMggUjtD>rzGXL{vq{EbvwANN;>-aDs-kvOac3984`~A0v?d&-L{OpsQ?%7BuyF!4* zk$rgHRTq6Z{H3K@XQ6WZud0ZQ^u>+_o`0kd%Y8u*35b$tz(E4-t3;MvkPPm3n{%1Q zo=i1pw0xnM+eVD#Yi!l$ee@X%q|^0$UfB}q$z~k*8;6n`S!GS`o>0ey<4LIm1eq%G zF&+N>8k?_v3&dH~;q8R<$d=dnFq`CcC4uovvRqPsgqB9fd2zHJdRtTc6{tg2o&LzQ z0g9O%4`_5@hF7`$*5vMPhArz@@@#Dr1@L(1UBSxJpS@Frafmr8Udg?Zb=-J6o%tT4 ze*3(w7u-nhS`42BSjHzGY0T(D)RMp`u&bs0QI$G@MxM(aeHzO#~$ zz?K&#XOh`6vRV!g(R0Ui-8~4f3u#h0nb>kO_OziteOgL=qMdX_Zn8;1{Yy1s1Bi$L zyeglYp4{E-T+3K9k#=M%iw30e>_*QZ%D_K0z%;9~N^<2X4VJdn0e_wlSE1j0M+uCw zCh94-d~%Co{gD&)4N&7{Wl@lt8CL<2{}p6^T6n_UC+n*n8J@p4rQdD*gI4Djh&|KR zs{_=r*^qV_0O~MT`C`XAm+B3_Sw=&@Up&#Hk?(<= zJc3Qz7KhX}io%{7AVqYDj-%8Ts^itGzki-{a>XDQGP64lnY5MahUT}EyQM;wn&RiZ zB%;eB@L8BJFmoWVpI!nsd+*KRu2me(0XeLNRPCv=CW z`L5i4{m`V$6muMosv%n;S3!8wqM2cd!^xokY={V6pG8gesh%D6uw{F9h|}?8xFEHWsBQ;&EX83WJbffmr*2pQ$O8b0AADtO1swvb{TJ# z&Zb2-8cr_lmUdQdesek7BJZb*vtU)U<&G&yCq`XH*9pOZs5E|kj@XTLikHuUR;;%Rs4yjAV0YXiXZITY|%30ZV zkcFjLzx=S7e+()>-(ec9yBs1pZCu0ni<|IgXw7d7VBWt>U{-*y?G0NNawJF1WB*+Yq~<#@F07b*Hdfq=AT`0rIX43&D)h-*u- zLC=7O*Q3=hY0W^5KDSf*to-ySfDDMIDtrZ_1b$P#mO_$}(7HkJ&y+{WNPL@466)OS zedfIL^JL&iG4y9FHSOF|AJi@3xd>vZcy6VK*M7lSeq(^|`DlK$zgEc8-xIVEl@Ax* zeA-<*P=%}-ff$Y*oF%S_5v@wwd7|l1|H)M?2Q*3UUJJrVpw^e2P?EY~L7M57#T^b?n!?uyFI>FBzj9 z+kIy`0ky9i21`s@{nT{UD)BQ4$~_+S)6WZdiZqY;{AyL!K(&3W+XS0-I~$M9gc67F zmJ@N3YX6a2ysf^oYk)szv#rA}?pR=RuH(YCF|gyJ?gxqQZS*G}7X5dVsLp#Eo~mEJ z{R!pE!TYX5v@Iffrw_?$TrA~3NhCB95Lh7MoRYHnV!*4mzC{`3QS2`E+jK~CL{~Ty zWW)n$p}#_IGbr7gBbGM)tu1_R{d#+mkw^(nemhq#Vmo%vm)9hTWckA$d( z6E#}?h*2`XavaBLrh>*hp{&QI@pxqKARZCR!VOC;%g(_1v)>%pUH5|KQtSc`0e?K4 z6EpDE#!9>W5gL?XJ2Ju#GaxsQq39$D_-V zqHd4gu<_5h|Gqd4`fck$x!6@s0_^7MU6pd?+Lgeda~c;l<7io##76usbBDt*khOQV zO6(oKo2})1{56a78Mse6Y<8V^?5O-(OUzY4iygtpB&0$*CjZb@W%bbU-nxDm#RX>- z5xo?;$yVobRimaT&%}lHQ7$}ECKSWSW)5{2d62HGrehM{is0U~m44-iOg43t8stCSWA;Ldt{+ux}x|8R3So?l*#~~ZGWcc35VR5x-r(Akbx=5ZH>Gd1%PtSur zNg@D|$|~Vu(Kf$=j8sDg!)35%iY&9WNQ%2?I!y&{YTHUBqq9se?rF>-TAW}aBx3FZ z4Y6YrtZ6k>U*Ic=i;FNn$Dq@oz$r}V%hnr^s(X$Lte#d+Z!bqL=Xi*4BHBJ+8vr!& zzD&23Eh{e}|Ez4&((7wMK675O4Y8xus2Q#XUwf0G zFIo(zx-Gisbcm(E`J`p;yJBJr**b2!RfaCyzk2_<8X@y=zici}?KDYcno%A_mG<0` z5Md=ICYt+nSv#zs3mMls_5Z%|%}xsf|y;9zWy%%mv>zBOoVvw~Q=8zBjn_ zXK&1lX0>-j(%}Cj7J*xesJ$jeBIsvHP(qAAtHA3^KT|&#^lw?sGz2lfvi8!FGu4B_ zNvRMOscLn}$lVfL+0AKEgNJ)5{LtYC5upM~NWOev>h4sk{R?32!Li#EDUfWYBIija zRXSS}{}%oIE;)H!tyrH60}!01)=CLyUp-FoQ}GCf1av+R`yG!wubHowvxICQfRXeL6RPscF4`x?d{- zt2^iSA&2JJwEr%`*^u&kYidWa*GvV;oaJwR2w#-&Er>_x(6j}Rh#$1)%n*LJLb%H861dgTq6%e zmJgjgPK4uF_}G2{{!c*U2vqSjpfYS6tAz4C!GaS`nofi#YWlp(vjMt4w5PJUsu2eT zxM#Wb>GHjM9oyLMwu4qa4Dv6q;aPe6~FI z{&ZN+*0RQ)_ThjlqxPU&mT=g~3N5UvZiaQ}4b-)i1#|l*jubglQ6l|WVTKVBhSno8 z4&u};ICeM_KbJ+M1tdNG)9m6zFnEnD`$pLm|HK6g^u2FSH4XfP%9}dMA(d|MI`NW0 z$8vN8Zwe{VgPrYagmWHKij%To1V*cmcQFoOOS#T);4T7}M+|pc8Xlz;gkLt|$}ctS z)M)>%KQ_jl<$Um0eA(~&^&Q(B)7$90dmI_VoePw1qnWS#LPS!^9s5Vn``>Nuyfl?{2ugefTQYxm4 zuM?hUhizs|ll5RmXeQgQNDZdPMCq$4mXleEYl%ZxD({0Nd$Of^ySKj7x?gAKk%R6` zTTAG0WUn|-2T(^^xa#{Cc?^tTDPwQq!1rKQE ze@p*5E*ZT#diD2N{C?frvJ3RR<&oJi{uX4jv|AA7p`>|t@(ArS2s1s49bGEzPw(Sz zM2<<}Wq6Q+a89;(|KGF!1?E9)6hkhx$pLJ>{SN@Z-$csO+v8_@h5G~Hp5_$;`SGdS zjpzAYE5r7q{Rm3j8A5c71N^$}6~mX`wUXa}3Hu{tG)N?07Z~ONVI@Z}%Q^_U;jD zC_c7j9wzk2445kqvUi2p)>exACx_?R)Ks#Ei_d8yE2VT>BAJNJx{n&aZ0m?ZdooI< zM{8?~B@GdAv;{(;p|c5T&&}=m!r4YdNXWW`Sgoqjw1ji66QQ<=WM&ytEGKgTxvN)*0xh76U2K3$s3a+af%{Ni^;;`dE(*wTaJ zk?6O3mhAybF#uS7g#}=yz0iQL4ND>O646O!|LUsy{LZV?&V*Ha*%lg7pS&7Mr4-ifp`$H~6$D_>{im+r(zf;chDEP) zP53E!jS7@VuQS$6sC4c7oCwbm;VBy(&DiVM^CDYmqJSdw$y<-*z%C5qZFUMr*Bsc3 zFora&OZZx6^Au-IOv}kZLT&gw!{J0Z^eoFwLRcdE;xC-A)1j<^vlnHZWI21p)-1SS zpf`_|4|1-!)uUtqei(7*glVv`w{L#6B)}?Jz9?I(b$oEaAjvkMSghTN;76QCj>Z`M z?p7Aj)z&mzZD;K(&iq@bWHDRAwDx!lO_?8yOOwm}{h$f=rpJi{BOdSW3?E{`+`02O zA#LLGc2~R>Nc3J#QEC-q=GBp2M97_21B2`>G^|a)IaC0l)1VJbhfv z_n2Rs>`%LqpvEm3?Y{N!C9ipSv?aLW_jYfkyJ)is3KkbK2tIWD9GluQo{O>wwWbYaz^bqAc-U*Qtoaf?A<(=LN z2mO!}Qo&1G$a4L9;v)Fj|EQZ$Wt=s<&*0U;qNPTa=SYXEtriaRnZX#l7Ybmzd~o>9 zljR8R-Bs}2@QVRqfJH*1M9gmgf{}lx^+u@M&P8N+bovB|=}8Q3fETar-zLdGTujXL zF5{5jucLnu{-t{*m5?Aeg*G7~acjvSYTa#T45GDz?I>9cq07ya@VAfb4Q4!tcl6^D zPdRO@O(57FAP54)Upzcc)7gI;&8?k6&#;FJohYzj{;`8OU&;47a#A4i3-4=sv3IMa z{<}2h2j35Z_Ur)dhDE&wuiM_z>M#(IX)sE`2LCYddb+#O3-l92oRo5L)*HDbO zQ_9nBf~5Fw-%kbtetkAqb@SOC2Bm0{qS5>(RC|BiYje6zY-mlL=P~9v*&@SsTz1BJ z^S&}SU3&t^(M8H%uKs-rBOzgh@uF|)iLWg_i@#px0On4vNhT7XuOr(bDbVMWv&Efh z9$I zi&MTKYv+2K?yaY@- zCuoXz=RBU;#2*j5$N+naZ5@+#zn>pSzxrO~_SUd@={-(J-+BIW!0HL&*CLb-2pEfz ztF4Jt(yEwx?Y(Q&6F=}iiR7Z9Bu~QT>7l(x{6~N61}i>pW8FQAx(*u!=|@p~Z|;sZ z?Q>tQX)!qsx}iw#9iM5|9;MS32-ySg--HW9v~hZ#cj_V`~|f@Kc$6V z1WLm?x^(#|zNGWZ@5#^vzcF$Bl~nRMH`@5~i;(WKe39M}g5RPFxXpDgX-u@ah%$u0 z%=8$N)KctBLo5|~>NOGe9@V>EQ2L8Yc3w$^?ds4$=et1KPXwht!=~te1QKP8_F+zC zEh$QG@%6$7izEA3q{O;otiionZ@63EkP7$2uD_t+Mn!Blo#IQqk49Nni(R|=mgft` zcj_g-N&J34%a1V6;^cIPCMuZgJH1yj8a?O8N;@=j$lUeQP95I%{cWDB_g#LOzPb|n zYuxRq6OQLDw1$_o#i4NO4y#b;>!?v)oI3;P_0Xl+0{Ok!R+&z6!~ ztF>0qX7t_!9Wp7^%k6ttHMxuqbMx%V?C7$0XhAd5FZHwRT($0PCuW-ev@-rn{|!S5 zwF^l2tGZIxX+1h{^dcsJ-($vw^|(QV+wF@wBt3*ky)a1vwqfMici++w^N_oEF*e)( z=lgCY;wktGL09!4-q2vlevN0>z($&ZwW#+b`>zQg{=&F>rrc$+@dnE4Gyg_N8a1j% zZ;$0j_V#v|Xc&p>c$C~N;s!WSbk!<4WjMZ_#;Q6w=L>Fj z^${4Idfsa4l@4CQv=_LO{3W>*`j8pzkaOfr-S*wdx`}CasE2NG8iu$z+7%)BWkBq6 zoR0_K9lLQ6=;zy74k-{lnZ)_nREPbGn;RSvxF=Oec%Rw}sF zrlV%{rI~bFC3R|V(iIwjspLrNh zM7$(cQw26NQ`~n)xy0Lt2R+q@WM@szPf-N6B1@mcS9k4l(%*~!`&5`Oo(H1tT#>~& zya>p(PJZW!B=E#DO%I-bbCPAY=DSNXYFKi=0VHSU#Cbwo^}0?KKK;y|09VZNd+-3r zu}iyM?tQl*cx+Sbvknl?CF*Z_j69%WtA_2&fFy8OyPme3gJ^xfl2~Sh*t*U-N)a+Y z&%5!G5$@{H&nzhdEluYMGZH4QFO$`SS0ON;y)eY@0i87=-@!}QBs`!=imUGCTJZkP zPY=pxWYGHIa;w^a(*YK*(L>R8H{~}{lS$_7b%PSeZ{bDbAbxZ4s>CIUWO}sqg3lm$ zqANQx$MC5K%s(Ev34$*x6COOd44rQdmd&}|kdJ!uv-7-`-M_-{(BNQU&Uv%;px9t} zXMQy#Lo(*fE^)KK&!xJURO&FYLjm%7d;k-U!}ii-4Zk}fj;baDzzsF!AOh?P>?9CB zx&HhZu%7MQy1cRMqdi{9E5lj zTqnGKK0B%g0`c|LnA?@BnA}rAVK){F1>_DxUsNTvWpOsm?4vuN8+tESxj{O~$+@E2 zPd8-57k6Dv>_~n9)DTM`o63HW8?YL0*baj8fhm)DgYmELMa=xjPn0e$SQB=TB?&u=NI07KiNJZ%$sOmA}ko6=mbpI4EL&vWam zO^QieZHUFLBl?Qq0G0h1T=y?cJjRUNV_5&~2L^s64E~5ohg<3Rr&0t!O5jw5fX8j8 zExnVg6TidLUl(wUQO*@g_z*X6*#cUn^5wpNEEVT#u1m5}%)5eJ|7aBJ^S|We$~zA; zbT(W#4&!w-J2q4jzzCGmtxdIehb_JX2;~$$R+0V~=LK{0cP{o49ES6{)!*^`B~{>n z57(wOd!4;D)L`{HgcW$cZE?RqF^z#ohyRRc__5XNA@R=Z)ayZ#l@-GG5&-2E@VUjh zc-x6}&>@eBbKeb5KkAwh3nlc1;Iw8b?JzS!#149yXhcWR=&2m3vSPfc8#C##%hQVN z%}Pl^vmrKsIG4yEx;oGN%;=9QJ z8lF_lE&zEpbyb zn3p@^cl=_jr24T%6}i=yi1f%zi7)P}iA22}d}olgSic5=C5q!^p40i8-e_ZY!Gde@ z<74T92d>?QbZIDM%@yjw=AK+xB8!k!a(~kniP1NA^4z82VN)xL2hWzrGlw#x-N-s9 z;UGM_uToLo`?3#%GIZ)cI0^p)@GOb&JxWstP7$kF7=d!nB155qll($lk)&ToD;Y4B z4^I|wYP6G^g|eDzv{^iZhya*D<1)-i;4B6*Rf4#3uw2alC*;; zP0~+3T$XiGqPE26IbPtSMWp(!(VE!eVFaF3c|`KMn&&{e2O(1*jciJQ(?6EDoZS=m z`yTBN_U|Ao@D)K&Yv;;A9qhqFWQ=xo!N`jFI1fz{8aB~shAJr)nv8RzpKnMg1zE5s z`Mb7ua-C>nByi&0ytoqbKGRiYj zTxK5*KQ#Z$@Vuyn0r0!mc{x2^z)1TUmzuC?9;E%aNKt{M&(BdX4uJ4z(oWTi@s-@C zZ1UlA$g!I^2%O%PShlYI+<7%ukPQT`9Xled6Yh6FW5quUvElB29|cv~H!Fm9Ds97F z7QBn|jN89DouAK8eh&zi1y_|FBkaDFPN3&MxW6L(;1~p~PyO&K%0w*hqW)&V&l3^b z{&4p6>RM7jcmCszx%M!=6H%A%&o4Id^{?#(yj*fq4sUrlGl1IGumHcDyKC>OIWN!8 zQHV;4Fe)Z0AO4%85!wm92kf6G*=1cTyAm_Ud!i@+`jwYL;#+Q(QI5g4FIcadOk8i! z6MWo-ebkj{H!r|CU(n&g1})4>3o^6n>xmRcTXbs~On9LJ0ui+}TKYrU3&(BrhtPM_9ELs^)A>ngN856r~C z@B>2O$N^3WXj}wiZ5bI5-$CrI`!t7f*rE3v-bbQt3hIaTUdl3D=sx;pVrT!TNdU3h z`KN!@_mJv;{I2y9CmvCJkLyi!S-&@M64KRe19&&)BX7I}y+AcI=jc@_}?&t9QjT}jQ`G7*v2Vv7K`Z`@9ct!<*^lP#4mJ6PCBQ={`C4CBI;X^2r0)C7@kymK zg4|2eKW|9>9FJ8n@>)H-xtE13Z5SFbBIb4an<=lS%$NFA4!IMOZb3#ZT4@RmMYoUG zd=>GyStkc25-Zy)`rr_v%cN>|CBtlkkN)n~+q3Qg4v}z$hnCT(N1OIe&M_dLc>tUh z0|W}c44joYh2ijiMrDws&42y4dX+jseH5|NXQm{87Pw6EOJd0krMpeV+c304V$0t> zrCCCnN^HM`{A?Ac2dSWK->nq!KInZAMJbdYa3W&VyzHCpZxPU@Nd1LN+n+$aq4gCA z96-kGx~KJ#Fq9x)8xHUn@rQ4e032$D*f?BBiZKM!0_&xVhq=5Cd^&EPZ4+mBuQ4Z4 zP|BFzqHLi8Om7H2UJ|-Ik-gH93N=>EE5Hj7kRFW3znDK6!He#EzLHx+;Y#MdoH{9M zzsG2oxT|!#_ibez>q0~<%;v$Sh z(}~PMw(*mFEd_Ipyw&@Ftpvj2?npZOqn#3`=^WCsv|T$ch@#CAX&Ew1k@8i+wBVr- z4T^=T)-P^d4MvIs3a*y}Z!kZ4;oBeV3Pla{VBSA2%0TgVWX!s!pX3EG#^c)1J^1eM z{idY|?LZ4PwFaKnm5AxNe+guS>hHA(H?EG5`GUvk6bise) zyP%|C4EaCGMT{djEn{<(&1R|kn6csuEmYW=gX3(hG6ZSmBhs z+5KdVJhv1)G7*PdK6?cbHKO}tPQeAQQDELlrmv~q)2g9ll8P8*HKviiQZsaPTbgho z!9NaUN-gaKUj52xI4zcyw8h-{OQ+}f7qe>?Q_MKSx}UN7_-#3Dju|QSyY7M_2SEx` zxj^>cv5xNEWX1u)#7|k~@T<5TI`pt9S05){5{o!m_?lRO7ckZw?XX_ba(??VZk7ujcz+p(ebl>B8kez7Z>S0$Nk|M1(t zOJvN&XLT;&1sw!>fGPwJ%q7gT@-q0@)ny;@AxKKnV=2_3 zss($=PhG|Yo%@HOnC|%|!p`|8^B^#})tzRX>!F+`3cv@x-n{=TZaw7P;cq@e(^(3u=@<} zvGFo^xMi+FbgVsWLAyvosO;+3r9y{?+zM&&90dUZttVplM)Q}|48G;F63D&# z@u0ub?$Qr2h*y&eTH0TV)i0M_V#5WTh;|1`B#ud;M0tYS6BG42GUx4-6U1t`vV7q~u2!C7adqPj{UgyW&kmIAPe1dF)ikhdTzWqB_&Q}s5&wO%?@F3S2^ODk+0rK!COGG zD8@ub^OF@-(r+PBbNuYbxs$}zC@QvxjzhKf2h$v<8) zztn4y@@Ae)GxBiw^dgnXmcQMhQ!>D0B>toFSCSk}mEok?_HuAY4zvIDw^o6Hf$BGa zr+d=;SGwX^da>@my5XFirVZI-6h{k1|=Zhtpsu z%@}Kxqb=mK;#WpJVLjW!Vqo3#J-!wEu$`jG{h~Exx^nrc=ZWW?)Z32*y~Qpxq@BhE+H6;On zKbtuh|MKiyu%)&?_(R$qx{b*GfaZp5m-pvBayUw?E(u^RChhu6n;LX<*4!@gV*p5g zTudO(WgEGZ;d+GhGtcL)2^0OR08nI{9~amF*oWaYZxY-KpYYk6VpK-H4^&45^XzA1ysmVgTz`?qGSwAb`S= z`vN|43NLff^fP{2C3lk+(MdQ9~{zc8TQM%Q^Tt;^3X%7=wepAEYFUy&}om z<&8Jk)3v(Y{zfqPpho)g@~)nz4Oq?D-I4KhzAFm?0m59vm(Z|}h1z}t$bp?UwT-nYVE2X0+2ABV7<{}J-ajw!z(S8co=8D1sL zjn4n^#B!U%{#ho=!n0PrDl&XWPOjLvCRr z%M%Fu7{8^gYcGN9O0m12pww=I11A=*0c!697B`QJ-}sY$sF&eFAMlzRkX~RhIa?kq z6Ja&HXn{z6uA(`BdBo%p1;aSVz)9(3FEaFdli?whXvwd6tTe46SbcW(l~>&&aUmgv}(q{TS*wi`&mKxcwLP2vbN( z5Y;vM!q+*ISpoBn8mkg=5ykC08bmvBlJsq1O=1VXc>u7evn^a>3zg?^-J;3YW7ny< zGdO?ld|KM|D*431SnQ`ROdzWvsd7rkuqvHal8oQ6cvT}14N0H-0{e=#?PNk*tlIoE z_*vE}>*RAPKtZ35nw(^sb#qgrSvt8cUkSe!y^ut%fckp3Rz|D5}5@pFMA(zqlKCY#veSu zeyRwsze&vPUnF`_Ie~tyd~Dz*nMtJ_MlW1d1+cb~# z7*>xAYApV+Bo4vzsM!ap(3C52A_A<;dOR=Xu%M!yS(tr4Azl@!L@Br=DhHyxC|uVR z3At^b&3Ly*XS4|C%;8Bjat8ezkn(i6z?A!bZ05ppR=+r1)8FOb!fzz1GGd?^;=x`j#y*0B{6@1&W_GQvk=TUQWOe_cS5tkwqvc}TPtp(mm`=5yRMKE_RQqV zKY&vRPj<;$Rq}$~RGNcVYn`9wW5{YY>b3n3s#E8eT0XHZr00^tTv}WxV-;)v z^8_~9i$$)wxwF*4vZOaC)s=%8?x|#3r!i}LxNetCyH68>|Hsr-KSbF?>vv(1C4{9x z>F(|Z>F$tD0Z}@nLAo13x}`z7JEdE?1*E(0`rZ4(oj+iA-kCEepYt4}mlczYGaluI zFP?Aq_t7gHgfF5`B`)=+F*<%`BU zecv*-IqW<|!M}C|Tm{=Cc9&15Exw%SwG-msk9m7n&t_+?zxqE4GRZ*oL;a37TgB7T z=fST#-z{T2T76ZhWQ!~a_ed3%SYo1tqov7@nrhC&zU{^jV&&Joo67q+o536I?@??BZgd_$}xQnzsiSYopRiFF=DzfbJjm}?sgO>gYmboj#vClDq zQp+abtr5;Gia6S19)Tu4XZMjMaVY|ViZ{VX)neOC5Hbx8Id}uCsTV5ThfUHA&%afl zar{x1K^4luI;<+mj$zJ@?J@T#J3~lw(O8LCf)wr;#D+`-?8iB_EqfIzvw4T3^aL<6=_*x3NaQ(x1Xk>=;9TMf zm+WuHz1}fWv~o4KcWv)z+hoq7I6B}-{o?S^SR8EkVV=YK6&xT;5LWLrr?9B^dJAb} zRkjUXnp`sQ(T>_P&hdzyrVw7=yBfXZnX;#-iMfZ z3ll#yWRl?(f)>oXG0B6^6mwJrcF@0he+_vnE)_*tKyYaM7jf|yA^Fos&g-wXmQCbY z1=jolBo;Lkb4k&06cXVM^uSkMX-y;75dA^+fG;(zTabj?zVJlT-10R;_^-F-jD@7P z9k$GY_A~`RRmv0!7k+tabT}`$F7s3*Rmj0PKOA{1l4;9HrN;KC^p-~sg)Ooa?EQ&)x$pqOSGS9daZ$4lNp4)yNv@6Eg~MHt7K)DQvAv zU=1pP2123TDqm;yIq)N)0Ae5kUZ8?jNe)2_`w!v?judMgRROGaw}83HnmW*kq>7ug#f6WeW74Pa5xgr|`9i)i#e+i7msNEVa6`PPJe zxO6@e)=NG9U`+WKvAj`7)DYCIynqV`+UONA3`^%uKDBp<$KBjN+i23!m`Cg#T|Qwd z@bkuC5F$D!7i!9H4=n!G3|3Xj*V$J^F+fu)fOr=$vBZrm20EVHMc zq9WS|EsAs;uZEMOd}7$1Qb#Pf7;d=_3@Q#gM)nYk1|v+Jn+tse5?=W|j4r2^TpxOA z0i3%}rLVU>reY&N$Q;{pUPf!ir)J)h3mK=8p(d|ugr*SfA9^r%{**ip;1GU#=YcfR~`pf2l*LOY?7b3*b zf*bq>xs~3qSbL?&8VK!Wv*zo@zmK-J>Nx4x^k@i*9IzD_KmcZB^26AHP^@%| z){HX_jk@%8aMy#-8oY*_438O5wQ`}P9z33=UvUU*T6+$f)4ZydiEHrG7?^m60OzA| z-x%GA^N#WgBGu$$;OSt3qoAYSL~y%0itaDtuErlpOlW)w2z3K(^@_V|LIj{SRSC0jU0@; z?;pVNwF?5p#K-6tLoUR;SEW3)&hArIhl&@3ZQ*3Q;4G8==7PNgW2h0ck}FvSd8paU zEDK8eadShEIQMDG&r}9ZgTB++9iY?BsfpqB$|h8u6@o$5i)EU1B4VD#6NrjK@fwO3 zN=}AUJN6S@Ee+4B^28{|8YA*#%o5s3v~ddmMPBkW)BaYwNnh%evipTF;`rk6-7gXO zSu|B&mZKKk${WEDv2qEYxN%VDryTnvN*9i6M2?pN_uTIss1rjAQuCg})xvl&9mY%J z0^G3COpRGl(r&lU{NvUK=%UB_^Sjs3A88jhVS=CaRw7yAEdcjH&Wp|v#Ssxxbo2$^ zsd`ZGLd{8zFv14X^<$)yHp!D>0@$XLa^S4i~j%X0%11Eoj znUBK{)S=yE&nzi-;)2&l3Wcn{_}-}=P|5ZbgA>sDk(VBYQ;Hzu6*opcoW1xkP4Hmb(gb*VQq$z6cbqq)jq$$%Xf>hxEb{lbYMtZumNn zOtwr$n72Cxqb8TOs$XSML+3DDd2RE@ipbeOrtOrKE-U5j+L5Q^nm>~AS^LF1FQUug z&jCn4U%0+}Xpafr)y=IBYMfihJK|8G_O+3_!{`=`xSI!Jz}BHH;?<&BRwW&Of92ww zbY9%c$Tib)lc;(rm373P7w?-p-ItIP2mx+qUj0>+`DUh2d>kLgDu?_dKI?jSK((t}3heOs|f8_^_g8Yc@`mw%OqRm8_3Wc8TUTm#i{tcay z&?U@q?s$MT!76gJr`!Rjxm&zX@nsR~cGrV+Y$R2`@Wt^-#UXeTzi0v5D{nw&uNil% z#ftnq_Vc+AFbE%FW`OPL7tQZ?n`ga?plqri zh=jMfRsDy1e&ufrRw6w>T=i?Grl#)q4Y^QWQQ3 zuyR?6s`wDFu=T)0u)!5wmo;e`nM`+})WHIIdOhylb9hK>$05#uy|enfa7QggQuB)e zH7`v@cPz8!sM~r5dY&Vr0a2xr72ti5Wkv+{O5am;jXS^)3kf6o75nIVyL=_C)rD++ zu2ODad}xZO@$f#Tv5>;HbNYGwp~ZsCZ`%A$U$X$NJyS^)>_j;v`sd9%bd$@#9Z-Pl z7%|&ui|ORRCk9mWRK}OpU+|sO^A9qd@up=V7aqFLUsDkQ^-!4Awv@9F%?K!WF#v9* zsJ-((!=~FKr{*(S2HeW=YbsNMPI2Gy@V!K(GW0bn#pmI_jqe2+x*jQw$+OKtsUh8v zwm7#GsUDm4E)1AhLG5$@K}^h!_`&DgF(F^~FH@1l0dZqSHZ)2|#2@Ln&JX_le2O`! z+gs6d^P1lr2q5rqaBzj#coJly?xNnzDk@o^&eST(?-+1^8ij22(hre^y>*f?`$bNM zUa7UUKQTY$g5a>>(m|cl6a5R$KL#d;kkNpZbi7s!egzJOTd;3Sfl*N*aIde|v~u$D5hZ&0CC}c&3p! zU?5||e|v%@?FQK}wCI)JXXZ>NDJA?0ki>2SfV-@THyRw2IK1U~U_>-I*Hz|%DP(kpK`fIAfSY~;B{LATy7 zUykz)Sw4^j%0celz5F1~uI0+Ar0hjtTS(uotgjP|N8f$yPU-_)vmyhYW1Ig{<`T&&W1DC8tQo@UT@WxJj%h|)wT>?u=l=?q z5T*mV%q2uA=FwNXVJ8j;r-YBComCWYG*d}hv^=N`)Shq5j!C8Ink1y*_92|zV%)nR zegN!^ixp1%@ULb4S1#S7dTJDC@%jGUGwi0xVK?niTvpb2UQ(LOsQZ}OBCL12%{1S> z6a4nGC?xZFfCF9dw3AMcBODB)(j(`^3w7aumFGCSFt-H%?JGG}1YZ1ylB!qM$iUOg zlqR->C?YsLjgYVSt#R$-O3luQUCUK6i}(IWkZ(jpgs;e!5aa@>fOFMAmkThs}XLCTmz+vN?b=li}7mqo&N zGb$&0@({8jJ%f2V2Uv+=EkidwQSLwJQ=9FsInd{yfr&{c19;WKk53+ z)}Yu5AkEc0V)>KA{RL6@)*t=(Z;{B$!hi_(Qv^Yz0X&?NLrppY#gkt`X>YOC``>d4PcX~HN7RMDTjC={ z3PGtw1g)}Y;=t5I=}DN5+aGn`EI;=VU2MF%}~zrO#wIs%Q}MR zJp4C8O|6cW>-}m)T)^)!6$|QhQj6sE*?4oONq)|lK4i^y@o58QpM-G%(*C3I5$roS z&6fAmCkk$3p}$eUfAT1BBYtZc4P$fI_2*Wbyq%fR$RO9u`A85OdC#AitdvBaWnQkY zEf*9EIQWy-ajB&Z(Rjzvh)bq2$y<%3pNEH^tCyR>cXG10SVsn-mbSM)ySuWt%q3|0 zj-|&FsBWuQC4D7FloWpDh0N#a&N|cX{Xl(t;UMjXr*GfIHLw2!6YbJNDb6=fcjLbF z407zLtryd7iZ8>dg9}NPsbpD>g`JXpVd~|BVvEY7H4pr5U0EqI=`{qba&mG?i)cn# zTKu{#a`s&q=2GZFhC_b{`*A?{y(b!1_-HxEs*Jsk!zFw%06u9NhD}#-=+{@>@Y#?g z$I0l)uQmE)jnK`J;5aY{peBvZ25o(ylm(V)u~ZGOYZ&Xu^eJzx6L;9c|4mkgI|a!# zO^C@rZ2fT^U4aBG)D`?9pu+sG2k0W`&#OSFZSOZyjqW=`1sgsF%!x2nJaJs{6$o?Q zU!ebE0a^F^xOE;64S*Bcij~71iIx5quHM8Rq{|;*l|Onj_M>DuWXSpRr5ONUR_JUW zwB9AFIv|13EzrJjO)+9PEeU^#qkjqk#%IXQt=v4H-hF@n-02sehwS8A9+W}^oQIbfoQSo zVNWIfFbapj@!&R>S<4EDHG>?&i{xiq=C8 zx7E9S0mbPl7mDwrK7Zbkfc&WBaeX&nQ>r>2M0)QO)Lf(pTf)6Q%81|?A^+z8t<

`0290U)^nIz{R7vd=2vKB-j z7vGzf&;+m^^JsF<_Z4>rz^0juESiZ3HG!Z4-lcjnl25% zWfK5EJ*lxcK4b)6O@UE$yTLjQu8Ia*&SFZtw3(?9y{hjj9^8P;3@(P?cYcKV%Y1+a z#{Ph_Ow~ataAAI~o&^%c&zr`X#WH0mV9-1Q^4=mukYV;Tf^)v$i|{DsvG6 zzA?lxxKKn+!q?BT(|R=Dh2F23{V_p{lGYeRJvw!Wqz|hVPx^rIrRc;U@~rI(7Er-+ zSx__8`vAus@gbbKXOq|(^& z_;-p-Q5>=e^DpgteYOv(OQvwibi=UFnR#5^;dw;=*eI_Wb#DawOX*45!54!_P0VvN z%@d};d)3Ylm`2SgG5F*mOM24X6f_J7EPVV_ViEA zPipsmaHe6opD+7UNZBB(YYGh5cd!`zF#2H~EOE*!wg3E?Tb_JY;`inkT{2+(Q?O4? z1(x4a;%C>40j9Tr7VYp0Hq|?PkB z${!Eq->FF@YD%a4^FoTMCy*e7Z0tR>Q?y~?x?g-Xml5%szB)lSE@#>!6`j1{XD-32 z^l?lTOX8TXvX8Dw~yaf&*cg~FWrTX<+@z2J)h{&^D?r*o&WO_;J%T}H@ zZld|aXd&e)i8p~1$N@y{9b+ye4Iwk}G}-=BuaNZw?Ig~!zn%@)KCmqj-_Aw7^O)FN^=6eCTJF@B*{A$U}YF5)<>B`H=k zokWVXp@2Zq%Uk&C!b_7}OaRT<_M05Kl|LLx`&MVsCVma01nM_!CWBgW-Jgr_fMS0~5c$lPjx2p1$W>Szb?XU%a2L=G*TN ze*2H(G3s5{U`H6AI>G85HI4Yy{=MM*0`f>L`Vtg4Kn^LD zNmjtyt{_*6^}uAaGI>!UHF%<+nI1`>Ie}IjDbf}F_t)_CjGPH}$!hS6fv|7>@0Q7{ z1B)puj+enc_NQ9)XBwMivt>H5!#!8!7ej z)1sT{95%wO$I(GRmS2@DZLhx6-1<;EeWXq7yhShM>&hZDyu}N`|cqtU^)1!aF9)do&+Egt~`!_`9v?F)4Vp+kGqhDG*~@(g?442ttzY9CbK@ zagO`$#e=_1A-Qt0c7O;GIH0nQBZnm|LF=$F#1hl6RL_Wg^?Oz3iP@{@w=~-dnpiS_ zZ=O(`>q5>k!))!B?LJKP++SOcFKu~Z-=o&J-8&a4kE_8>^k5*+ zZg#DI5Lb{uO9oNjHnVCcA5iVfF8xRu6zJJ_C3hmwExHby){{g2LjB!$$VGZd88eTi zf9ty-Ph=Q_M1=B*nf9?3O4c&fEw?uAflg8=1*XKPror!dJWY|Vi zmvV%qWi00BV%d6LRM5?xE%}bk$wlUy(p)bPItdxG$O*4OIw>Zn>6&Gm&I#on3bz?%NG?{)y4?W>;zpXheW1&vJw8dsf@SKSH z5oe8!MWeUAz{9@?pYB)g!2{A<-eX6Dcq`v}&I_4IK zglGQ?%!dVa`Pm6;BG;8A^4vbu{Foel(k?x>(R|QlmJVrWV@#$ZAWOLD3s;k+M0!U@ zZ9Rr|dx=u5^Zs;g+o=@$YE0+y#gUJ|I4PG~)x(MRGV;?CcUH>~YcubX&}Cxs@Hs+r zA$+*;<)}jcTmGH9_-PuQlgoW25zp-(&*Uk0#S+b%XRiIO?yD5)W;|ZCwl@KipS}NH zdQtbHM}%koEMLj=jmoKX$%q-qMJ(=+Q}s^0az0=Rp4^;{dX80HN(v8&PT4Mki4LI|NoUs!-~-^EXpa&|LfR2zza*^|PrqV`}mvQw4WeGTIZN=?~q zQUFLaTPA5hNwGTEFDapLUv$9=b#|KTy0vJgrnrO|eTK8!cgamLQ-wYeU(qGI$Csj+ zZuP{;5PIJX+}UzkqMUUs{<2Xtpk{EgxPx9?C=^4u)SDNbI0Lh`%3^~*M@{2hHT64q z@IH7kCjYA`jHlEgp5J{Q1FgptUZv{%oo{*+mIHNm{_)=6+^LH4coj1EfkKzGBVtvB~WqFMJ)N#z; z^z4G(v)mceie8HzAK!vF+RmxMpDXPu+FAV{Y9WA}EDLEKQ4tCC(+7Gm3N>UaS~&rh ztH^GD{hX*+Kn{jvP`X4x`N>S1_b$4@3%y|>4r9UnO582_Hh)i@5fF$crU?Qx$#h6X zvqV{w4Orf?!GZW;hr6EdM63ud>NG@Med;DCk z-n(HYXYatxXZY<)lZqk|qSSzegE|Auq`qQorn|Qz&=R_fqG!tt=BeYo4Zz?hIBo`y zh}#Fu@@(kTS>V+1!jb$y?l+e? z|25)IBMWA#L-<#amczF#i99DlY&i ze7DaGfxj%aO5@DxNq5LTQ%JxQLe zJ^J#e(7OZG#x9)2KIqGxPNT=)QStXp`?bn_NQ}izLwQ>7mej@c{*@33MIeDdTz{i} zys^z+HyEtMRmCT$%+9gZ7deE-bM=+oOxIjc+AdO8;As#m>-$1lKC-PhbtTu-?;0aM)KVThUAk5Shqtyg*DG}CZ?O8uImK-KJxNo-74zVR#JS0LC*kRTPvU={XidtQH2#3MjKV$CiVL>ZU{ zdtT!j5GiqJzka_3MI+W_o(!vtEQGE5RzlAn|2-e@GreMq9-`G`4F0I@U5`20Xw1&` zN;n4<8;M90dB+N}^XbnR>u`21WRyPTx?W+3vPVKtma+_~iz?THQv_#EMbpbwr*dKC za^hFpD=JxwUo>HhKiisy|g|Q^<=9Mq2rL>7!pO zW+MLkUeI)=sF0w^vV)|R#gl?!4W<0L`iAPig!E}&3>YtvT^kYv#wC2BWk287P((4I z+`!6s|H<%*%f$kZXio`}9CW${MnMZJ7H5^^FLU;6=PmK`4iF<(8RWm+=D+bIiCKGz zURQ}Q1!xn!!k8|6d!)sAp}4SanJw3EY%)E&nk5fAN} z-_6hTbJjp%49|^#8#wTTtw~V;PU218)KIh^GnEd&8JU=t7gxjFuSJgxv`Wsm@cE89 zk+3R?gwnvsLm<4Gu!I}dD{*quUo-b91;TM-XN}}USG=1gvoM-TJoNj{uw#FGfbE!_ z3_%tWa((pUH(x)dU*{hQ!&`j1bdt&;E;3}ZXAMd+eVvEvCQUm6XVNGR`i&lp31I|D z;qbe79mvi-!rq6u7M4#ASsrF`-R6)uD7lqj1P;=H za=w#b4q;nfXPM)Vdd65mW!6CBK>V$CXboYllt>Bcs)m#(hZ2UGk}-%X7vMJpy)g?q zqYLw!o6T1c4;jZTRdBD#NB0sZh{OeX&)Qt=pWwWHU@gmQUC}mVURNF$2(tP!RH;*@ zW>c~iWP+K?E>%E>N-PZ-wFjjYM>b8#!1OAEx{Yv!9EL8kVu)PmAI%Re?T3L}AT8R4 zfoqg*8Qk>f1%-j7uON)vK?#vGrI;Y&|B5=S{BYS3)f8W|uaG)o&_d_mgnGz&7*RS` z7oHFcm72WWQcQfxroD@`e&sO!p8)$`9EOQ$cU?(-nN&!6dWBinL|lBX8lg+&Ksfhx zCwf&s?t{vcnC$qebm0oKfYI8H65xpLaL zI2&c001QFRcX)v~e%5Sk3ZY(bM;_34f*SxTE(2kc;~3Jf`Vs1voFBWV7jAo5{w8Y> z>76kJ&cAD>h6BX#wuPRT{K*kD+S&)+*y@IyIQ0JkAg)SUd)*rJ`(LX<>p`fTpt zqyrCDcUCjLAu2onWEgWy3pGx^zF<58qErpk_JFX~B3B_H$pn)v(749@cE;l(Mycvo z(|A)%Tz8|Ncsw;(D| z)G{j1mDe>d|3P>Z5=H%l*#bGu`EnWA%qX%gXwARdd*=*GGab()#qBa{8Dc{wXfPuo z0o`d9Bv~rzq5HE9RHsFjR6PBdc!^HoO8Ulm^wM57L>)oQUF;Uo6}XDm`+b5Ul`(MFrMO+;YQEkjtPYHyYxX^D7V34EOeEvOqyO-C5K@jN~j_q@SU=_*g2Nh>k zVoN4)lU`KVRX6J*lP6nifHj6hhCwD^<|n&L{U83$7&Q}eb3ACm5CEub919_z6w$leeOCBtxL$~1UzV6hkLAc0_qv1}R(+(@ zaeFCL(+ym6&3Ofw5bZFkCVy+fm?##3dlStK$4@L3837wLC2V$elK@YS5s3V5DDJ{L zBfyxl5g;qH+QZxv-pUMA{-%;Uh!OMN920Eyi8Ez&OH6&UB8$Mbkqje4P45jRNa#R_ zri@}f#NB<+TQfPEL1<^UDzG@xGc)VED7aQBRen&T@6?nrL-a6s=!ZhSie*$WJ64&a z7)^~S1#XFaU<^M)h5|Mxf`6?^8#zHnOmzS9yEySgzH|2r0(Fo$G9ESnzBRLY0*^#a z|9gy~VyQdoo&i3~@%c`|1?>m_6bc6knxEf|NZ7OGqVLbYpT|%RoIoJfY+-a`q_ZAd zOHpq$2rn_SdW8{_5p?DqtnMjKD%$ZQy-w%3SJ4E3Sks@1?b*8xHRy=P_i za@@QWlMKI|Ne_frkw5(EN+{3&Xft&-g^w{q(!*dfdZGA5Md1>kcme}HHCiSx#H+Q>^{3tNK^s9yLZVw0@IJ97$#UIoDGibM_T4cupos#n#n;ZC%R!vcZZTd^5=tc zwxDeN-x~q-GID6Pvb|j*nSrYAThMx=;STLkN0G)h9?`E0syW}OZ9+wiauZxEo^9HdZ z{HXc2m{T|WU;YW3dieUkFXI|ZWENI#_j;d!315=?kNu3-1qr*8r=b}G8UT>ylPv`q zggoZ{`928_%nr{T5{xAmqZg^9Y@fLri19PzmOhsIscYd)7G=~bbiV$kg`tN&9ESYH zT6!x>2KOG2g!V>Xx%@30`w^bpr?Z*vC{}=V0BbI8+Dch~sM5Ld-O$V*fhdMtJrP;j zXe2%?7yPQAq>i5}}by zLl|Z3pOrI!sJP*8A}$XiO6H4I=@sVA8#-4#`u+QZ#1lFe-C3a)vE-~0gzle0KA76{4 zB>yjTN^gchFi+B9!NWAuaRvyTJR1gmuz(pnMalSB2>_NhrO`m3TEhmtkISxcXP-3; zBPENKFpuemH9L*$$~@>T{zZlZPFgh{cFexShb~1!;U0F)8`92KRT?h|D5(FJvR6!H%s&eo{x?`VNV*|9#c{S2_fHO6J`BvdO=o% z^a0JzFCdUC4_Y=pCiwD-#J^z7A+Sp_ax|h4o=8<*~m#_ftav*E;wjt;ocv|_z`~$ zM#2hmaHEfhk~227%cho>4uxe@jWseL;1d25L^D#Dyr`prA<7(eA^w%Q1R^G_iDk_i zP0W9cL7)NAe>(0DvZ+Ebd!UOsAGuwGyVdY_fI+L&4xdi`8+p^8qDVeO6A6g z3dA+~g$sHQ>k*^5oY>bIv z#iVopq}*#Pkwj6E^>g_+)=;iW-*UMuI)y|n8MZCH8)~MSyB|G zV(by}hn~HZP!o}ek#rp&hN|L8ij5W|5r2cczu+h_hh2S|D1rm?x|Wt5C1ky(()5y{ zcoOl><0J#{FnQ-0nL9Z<96n{j``F>zj|m48DnK-_wx_RS(|ITDXY_kcF(7PkBSY}9 zPNLDM|AzwRaKNl(o;Fc8fDJUB20=^*001@W+nB}?Aw`%|f0J8ouUKFxd61yUK;Kzm zMq+4pkTT8EfmpJ5Vyf`Zg6GchfR@AS;59B+LG3E->w$1TDVU3C5dKzR@j!AIVPy8k zhoY^+WxMq#4Rbt=Dfm7A*>psp4dw(#b0I!cUjmP z&eQHo4r4mtkdg^58o#w8EmF!lrC;KAo6Z!o9dXkJt`SelQ{}21N5Ac6k$+`T0bO?W zK&{Kqwc^^#ETkMboaHaz-g@4a5-oMqAb+!!$+@v&N=X)|&q9+GN*M?l62FB>9#LKi zQaqhoK3!;?Hf4s|(uGqAcE-YyOwlr0JoFVz(?kaO(Q)}_N*=HzRv?#rdG8PIvhw&L zM0hK^4*HbMiadt}OXOhr15bsRb8&|eRng*a*oorUzK{nLJ!db}N}ADpH}H8Bo7h}Q z`3U|>?hnXP2X8rO63cIw(@_mUWML#=Ip_v>&9EHbx#5R!ZR`zL=4ADz&)u5v<>4rf z1DEg$CBKj~AcxePrHm>JHgG*204P*d6;9cN2v@zEo=@j7Z_UxML`ic35Nl7rkc!?I zFd8fAf;q+Gp~73w5`?S})iM3c{e!8C;A47O%1{GV4g^19{xEj|G zk^T)0D$5pw$QE!^-Wi>myV%iEo>bkAvs5HYU+MxHf3O~6P;$MeErj;x=4huFf-5Vm89q%EwN%DC!{Nk*xu_1|w5C^a$~mH<*a zw{;9A-fu#mujM7fJvd?X$4gjKBjIKdf^+3`XJH^_XGyPYzP(Lu!K;pZb@( zqACVeCBq}1v3l}wEp{cqR+?c-n}X1;5(&;Zyg;RaVjBhQ1A#z==a2c61c{5pqaA{Ga{4@a@9pDfQ{hUYEvvF9q#$AYNsdTlr=7ELYAfW;yd&3WUe#+l|pu~emIw}`) z2z3qVb+^pUz2?fAXH6DiJ6LN)Fr8ro=eO^QD;PkP>&ZzYv8EAgT^DlYxP~Z6-1JJE z|5)zA3R1qZpVWIA+_q{p5MRJrfQGm1*i4y-f5_f-p4+U)Smfl|hr?I;gQuZ`w!M+E zx{;=(g|WJob5&ausWh<(MhCF(-uQXOg93Sr81LBFppvnvrs=^VW|zQeIG!Qqr$OK; z-wm7Az?`1;jIXhpmc>|ktHnwU!!{W878F%|aL?C|_Lk(WjjTamA61xz^k;o+ z16HvkO<1(?KGJh4`$!&ZM2qQm!3vGL#vI$UTCs(~H1cQv&-R1+*@$O^ye;o`JRR;E zZ=9iN6ygc-$n^ln#^zXsCZT=eiJ&_^=5Npdc7ZbOU*)ZZl|MBN>Z*>Dr+ULT+5)VE z>rS1ogtDkLw6t1JvQ}?0PJ9H4!(p6yiFEbrq@qggu@e{DBWs22H=}%Wa{K9riEawV z!fa6XQSxjIQsqYez`|KwA|};z-e=xpNO-$s(^Y!6MxpXhG|0rJ&jooo=s|d3?C41ka-)a@KPyU)0h7!o!yUl;v zAn{>G2Dl3Hh5CSXMD(hXAOtN_^>>6zF{CZDvg3sx`sgvg+F*{ za^gxU8h8_+DVL_`wS4)4@ybuq<$M?ZS(Ptc-z)9>t8%~H%L%NTvy6uUcV=*pG48j= zg272>=MV&r5sV0oJ&_`r_*eNOdWve}X6a(<3F-fh+ zqh6nRWw6ggR!&KfI{%_cU{O&>9evO!S&hI~+C)Gx!#Ea6t3h9Vo0JL+DsMAb-t>f|7f*i z_TGLy8an~W#tK%|tiCBI_r{n=!_-r`sPEFVkz2mv0F3zz*u!FGsV*IDDHgZAJ1HT$*^N@BZ&^9{ia^uB;k*bGjlsn7@$VlP-we}iR ziHHbUO}5B=m_ZfH9w7aHsB5uLuvj5C^oI+4vMBKbp#8%xDt95&s63fPM_lQ9u*>dO znx602A=u&@~B&cX!m*}-ay21sq^Rf#ASyS*Y`u+lr26{NS zXn#>ZA9W;a7%xI>H0o$D>q+w8-gxXW3(>9FB9Wp23b%}*e$4ueZ`d>1k#GXKafUc-x|FBUn)L5T1*| zMYZ9v@Bdn#C9hOA3t3V;9L(~hJn6UbU?)uSGASZ`!F?hZ@wRBZmwIC6#WY~PhuD1ryLkM9<{>U|r1KJVoqI$Fy27K8m{iVL%? z;Qh7=BgMoYW83z3DpC;qKn$nx3!AMg?{AYGNGRy?Q%D}D6wUjE`n}#U)vsj68WN+A zzsV_aNMzHFGaGPC%>CmvOgL~(H0= zvi^AUJM-_Dzp|s29y`C=DL1C7mrWEdNT_tPW_7uJCCZm=#$4G|d7~#FO}43E_^eu4 zS<{qw^vnm{DnJuTZr4CeCz{fq^34_2ncl0(x2c{`Lk3q{L4B^}saj@NS5tw_lKONk z(~(PrGVa()46tUP4IC+6DvP}?M>bH$+>tEO`&@Zg5Z%NTW0eQBh*m&_G0$#R$3utH zANWcg9693T;>E19G*hIVOxoB_YVrDT$t5Ur)pi?w=rMkfJYvm{H~A#P>N|M}L*~b= z7Zo2ezi|I&OmI1?vTbc*#iYy*9O~SUb5%8VJz5(BW)yqm%tQ-#7?cIDY^Mx}ATnUe zZ%U-1%)GDCx-cdjG!i%Hv=@G#E&hbY3fg~2xck2+v+p9$zt6@w6SrwX6vAoV6w4*K zsVE~}Y&N|Moc?w_`P+96BXror7&aVyKB)y$SK=T)h zS;3louK^bewSP3|gUL_WFcx=A6f&Tgne6Z;(yMn2yTh64i-UaD=J(+Y>PNqMX^YoTuO%FB9&lj z*q~#t7;L3TH@x_%aC&m$K1L#6IKd7!j3d5+v+}+-LMwskC@7FK_qiOie(#Vybl2!B?V~U;o3>Rfk2@ecd~Bm&AZ{NOvRM z($YvvOLxP7vIpma-0r*wCRbazR8_x(NJf51HR+{2vNd!N15I&0e;>2g;EZF_`W zb4@vj)r-C{4Rwum27^c>HM3wPE}BhgH#{4)^Sy$y@>h#tGeHICkKX!YNJIM!kLeBi z*!3ddLH)9UgwXMpb68USSP5ZHK~DY6Kc=3Wm z>bRp7s4CpA>~6E@n(q4o)848&O*gnAp0@r3R@Q>m)A{Noof~)1aw8=nljS)%qGZ&##vFvhrtb{U zEG0Cq{X^Q&06g>&heJahe8ZH%WA`T(Kv%`n`{GKXFjqR7DLV~{OGPP<=4J=pBAH;} z-m)QN;J?NvpjWA*1|{|uL#s5tzs!}2(@NHBqUWP1APQ zD`zWCYx+z7<$K>5b2lHpK3S<+U!Snmetb5fV!^~Bkx1ct z6M_vU4MpYaUj;?$?xS|23_okxM41(1TJcdoC@4EZ^cJ-jIWz`EX#{wO9JpfQt=HQ8 zr(QJSK~#+{FE?YL`#=1_LuM4uQ4+ze2bdxN#%G5{4S3oN!+N! zr-j#hd;-vwtm7OoQ?p3XXXN$#MHar-=Rj)Zts)#f>D{)8(|Z5$xb!qu^mp%o-VYWD z07QqICWURIXb|^ao=v< z6KInt+5!K6kE&b8_1zNHMnWGoM=IM)J*T?&AA>se4?dh%se-kUHT9`N($Cm+uFbjJ zE_~HhfrA?OR+HxPly9>9R=w*>_^y19lj+Luhv;xC_dLGXJFQWNm{807OUw`k*f%DM zKWK0D&@dS;lBV7Z9VTTRow%K>cOX?Hzu*3SimoN8^#{y*T7R~_G`t>Qc;3h!VQ;6O zoPH;_?5bO7=ky%M`+9e-rS7LEe5XQB(aC@vG7y^vbE1k|h-l}%`kpmBIx#Bf*f5i1 zh&QQVUui{I+kfuk?!J|)+Rt!!w1NSiWj__sRpZw$8}(uvdnHYgO)>#|6#D$kwBhE< zI(gr=-5LXY&dWT>t^GgFTjE6t27GwUPVL3>!$$_)-+A45)MnKISKL;C9r_TCH-X++ zPR=`%i#v|{bJC>=4RRf>zpN@JRTqA$3&Wv~_C_%UG$T4G#1qX>WHW8?yNLcesSM%1 zm!JOW-TSWsOF8EHzV`PDRr$1=(3cl&rZtv_3=wS33Is6;eaNA$@et@~Y? zgwvAqIVAgDuNCxD#ik|rKCvFs@Pr}Pb~T><)6*ZyLE5jj8LjrA4=xx%ytq zFR6gmKn%1>TPkII7xIrK&y7yciSXlaJY6W)siu#)GKsP>EA<-5r0SpK;QE+)jrx_( z)!833Wv5b=bcQqu{OYK2Bt}?Sf7(;JQEAYvq>X%`*C zU#OQ8Yi!X!`6az8CF*B3KJcF<5(S2nh+HE*>pYr2PEJlxl9^Gi7>e|%-7t1(wYK!@ z*3T?oT4qdY; z5xl8PSN5}vPErWX24&M{)M8Lvqu^i8Z_08$_ZvN}=n?u=5;z!L&6e%xY}Ud$pL=yv zwdj3aeKe1!GjP{6CbHx%lE!QQlWPD2b0$e4Txfn74HfuEC7o)0XsY!muS6H53Rp@& zdvEz}csL#)&!vSSifHy7=l~|fUQcl~h-Zd+^&cM!2b}m%3Qdn1t?h%(ur_e;;xf4V zN|(`$F~d>}xGW(8zULda2cT_wR>8)kmOl2&xF>g}&1&4oL>Ud2d2e1lP|mS2+%hF${xp_QK(|( zhC(Di70<9El1Fa4h1UM9GD>a0>SJj(Dxef6>PvzXr&gz!{MSN)k)KD&;$h{HNK}qx zL$IGq)t$6NBv^@htrAk$-sA0p-j=bOAlY&*G599eJq7?A_XaW!4}a3 zu~@O0e8(~0w1u2fqbGadamNdoVFHi%@Zv(A;yPd4c^MU(wms;6qO&w~Uvrm`k~OzH z-QIswRqhoj1}~dx;8o~+tAE?=lbD;7=AkqC=_|<$fHT2dBUM>BI^DYnddz>*20=;v z+ck|8O6RBHiL}dTrxNw~+Yt$VwCw1UAD@5qG@eep6F3=nMY%sZYv#AW0tAfsK2G}t zto_57+GmPlVTfc!1Pql47c)^6&IVFB1wbNw{Z4|Tj*yf|8+V=4XbDCB^&WF+-et_A z0-PR9V1kzi4jRF{j1#5uXLRh_SWRfLR0l9J^P6{TUBU(k7X+;!+%R zIe%!qns4~dyhEN$NIaXU^iV>G0=pqVGT6Hdb>GR2s4t+n12RKz_ zzMOUw0&e*--rp1G)a2OVVbKGd8ylG|0#V@HAVc4q4f?h33m4D1sCejZ1&ui4sXN;P zoBl4gT#qM;-D{IC_vN{3exeXy00pe<6_4|=7ss*EV|vu|)bd)g9P3MPzHfe8Q%9>a3()4IDWyD9eZp;jwG}=<#Qpb)_=u*<=_5>t+*-c-sHT z0uiByVAy$?JJ@_g1pobvGRNXaEM%=5P=0lOB>>7n$&OLeH^`>f_G7sXMcU?J8+GG^0pSZ7jyEI-PZ4qYEQZq+~}BOduxNRG95uQBz2*+vOkk$>-TNrek^MUOFkV ztaiFGos=g_+}4Fwk%dg(bc%fi$JdrIa}Duv3WHU1Va2TA5^Ta(%aR+Mb93>^y_ zpsIvR*LrL5htz&=Oq`oe$ZF5Iv9DpOC}I*tHZx!_8~rq!AkSg|qQA~(t1N}hIodje znW@oi!X>MURZ8DJoavY@v)9ILd%Q8b4EMNDCziX^KI}34>`td=xIFjEy{-tyNl21t z*+}Po-s$PE%WiHdyug`ANG78!BTR zvUcYTlbJ=yB+?)@rgFBgC+0E^1j9!k=EqO`GdGv;^l8|3>yvax)JbxC{+3HfP*H7e z-r4_E5}!(dDB4-|`}Fg_qc7#7OJr$y=&!d!Z6aG%^ze+ebpqb$j~z;lE$=JYGe@zK zOvd;utdqR9id{fmSVvcz5a7U*72Lq z6X7hc!OV8t`kL?fNf1c!u+n9}w61vJ+Am{mrzOcU)blF<%_9~wT~*O8a8$^52XwMn z4e|d|hP?Z{4p^hPvk|zVJwq8EIM(6)8c-K3wxUgq2@-yriSlGsA4MVHs?Ou`-0$x( zJ1d738aN^Og%GG2RCRlON3>@0qb`^_APj=u#h-XQSq9_obci_d3REOppwc2~!T{X) zaKsEr1h}j8a3-nQ@7&tn?x+O@yTO0DYpMxjL%~~{&C&sn`U9^=H5>$Ve2;i{%l^DV z+bU-5Ub`Dd!7lLxNz8{+|I;71@JJUWydG6wR5b$5iu?J+mTyb-wzm$rum6>_^>uvL zL+iB;WH#i|Z*mH)FN}nUo6%=#vC;jkvS_yw1b~pDjOL2uiLJe74;RpwzFui@MOq6n z)V+u?{zH?uT$FJ@Saq{a$hoxMMJ+d>pCroNNW4^1Yaw_Z2qT&q@J;sz=4;2^+D_i#*8shxclV{oDDRr23#M^&;anh*8cK@mo=*M2s4L=soAjmP&0E5pm{griZ=s?PZYv%U}j<`lV;)KD~&zlZU)R~QJ*&w6gR zwTuM%Tdmk!igFy`(4AX+7U5BEg!e1TIl9zj0SC!bmAg?k`TaMw+185 z+=JZOn<-w*PC`7jrtx7$bQFi>L+!DFJdo=IKDk=4x6QqwI<0L z|?|X}m+?adVFJDe|h3^|kxv2HldwGp6mmJzH{=Ks?Of3Qo z@r+6MN-T8@u*{H1mQ*~Q{U)lgIg|cwEYO|*Nt7wY{cgvvWi2NY<<$8qu8s8bFE#to zPvkfHy)D7|J}>T?7K`=(C2X{~g_P=h#IT|0t-qPuHI>Me13Sw2`=1p&zg*TYwJya< z7*S~saD>df%}(ZV<6Y5qId8twKD>JPyuHA3b+C+;LtyqW-6fH7-<;+?}XTK=KyH zHfcOg`%W4G8`WnONhMPz8`Db8AevM_JEVnPqURn$;xBpda}n5352z^DwF9YJ@2)qpIm zM9f%UB^6HuQHD9K;};|YUvYi}4_G6ikIPe1h0w4(-BIVDerHgFz)65tR{oc$Xt^6Q zR{bXWzbHtOEV`Iv?XIblBzy47+BMMQR*a=l6ZQg5|NQQAlQRxJ-Y3WEEn!b;UB00e z4?O#@`D02m8uW15k2xzRvJGvo6w)wk?`!_+h6wyX;>#56%x?s3%m>FE$r}z!wvs{*&wE(eFZ27=VjMcAHqr4~9kOh}onKiR^WI%%5oE z`z&>H9E^ZbX;m_XT}wA z?7>|1X?s3G@|<9?(H7hvJ*)0Pc}UffB3W#tZdZPDkopBp)t@D&a=Ltl-93Md>Cu1F z``^w}fXqa(mn+JCMD@o`xjl@Gsn(G|`y*Ym#Z2Ja=&|$T>M>>@gI{_LXw09jY;k)e z;1;OMEaJJ}&R)`N0rvVNA5eiFDOV8T7V?DEv@wH_0U7(TmkrRLg2|h|dvzPnec^El zwPFbA-@#6#(|Pmr^3tQ3I@D~VY4HMm$#)LYk$YohJ2*-&t*_==Q$Y(6*NGp+b)hoL zVhMH6M*z^yV+Z70_uV}5_+%64ex0!hyBYk>*(rd?Gz+xl@i*H>bK9MI|NODXq7~B| zF#1zaD-uq;r-+o~O(clPAC^`yE0!&<+>LkE7sgL`+ly3U$LtO3v!>rXf1Dq+Z%9Ws zOj6V0T=o72(#)L!*x7}1&6US2)hn9RTvjFz(q0wPwMQvPb!@h`elk%Zg zR`~W^G@jP1Ovi+Y@wm5f#5tHX8j6yA#F9_dU{F-G^xTM#Sye7ysVs2u?ORz2O6mi- zti^@qNOV;VJot;l`8|an4E0XConly7Zy~_aF_rZG*j+f&7oCRdmZVF*yXk~{HPimm z!E?bx9n7VTgV5{})@C&gJeglI`H|bonYNmOM)-zBrGMnony%KEUgLf4IqAwGnq4)} z_t-e;6-%bmNuXCfRd7TEL7pY7<@5o5TIx%H^3(KI*=(GCpCW7a!)kubn&EtzN$0Qj z?eo>))fsd#EfV9^xJ8hlD_27qA)gASacq#0ngKXUFThiw4!&q~=mFrQ_c4_ET1K3x z#6Ms}ISr55AXk)^*ovyWr*_G{K`yR46n2|6d{Sl9=CUdWDmfPB9wSWLK-P!8>)Il6 z>XX9Qsjv2+Y3v7}BUG^pZ*p*VZaE@uIdOF|@YJ6*FY$v4KX5m_xO&zc1bgZ|) zJw#r<6vZarm8tS*1k*X{_ED*mj2!Yo_>fG|vb9FHy@0vZzB}t>=!0_UPN19i9|GK; z2jYjX1WO05U9H$2-F(NIT1R4!?El#s-scbObxE67P=~fi5R!`4ArO5&MH=XTT&zZ? z`|%276Cp6Un#G)V1-Pu9pc*zgH@Ph3K@{lFHR3r;YPwKFGeo2*26=kP7ipBa1fv{z zQ-yH!@q(4&eyX{{=0P7<-zA?_00zQoRqx+hzZvuwjDV5H|Nmv*SIa3>OkX-CX~EPA zQMSm^Mtuix$RgB+&|+Z#erFa?F1;d}ZsZp)J8DwX(D!-JWEG!A6nVaeLP;1_ZWU${ zdQ8;6;CSEj zZ%&NC&@~Bfa{RNctco-a?>I=}W9{eVCXN&*I0zg2x~Df3srdYR__Op{c#a6WeaoO) z;i=Duy=>F(WyxR>pU%0(hC*aq;jlD+&hsC?VNT%RlPinDTM<3*NC$cYrwQr3kG7ki zx~(Z-^Ekm1B<~c{TO+Dcis)?wuOnv{$(^E9MP=0<^)``9Wp-kMoEZN%SyPC<`kC^lHTD!M)(?(oal5RiyvLVO}%2QuI z|3I?^`vl`$qS^~Lhu_F<(sD7#71*GqxL%09?_Hzf*3GJOlD~T%IBSmBPRGAi6F&}g zm5F)x<#6j5nGq;6qI8_!Or&@A#$}B9JIceana8;975;Yk<@UK`u0C5M%_(c8iav2k ztdzxV<{)3SV##A`6m-qcVyR@NskFNs#JlV7xb)VVoP{4UT=NTLC!jn zP#5Z$-rU6Y*6bw!HmmpsZ30304goA**=V{*|uPV9k zKlA1j^-8)IOcBQp+gtnk9L3um`I!zJEkW)oq_7pFvvpjhqz*OUE69*PWFf#}Rxv@i zt3HE#j6c@x8%JgZXe9(fFAXOzBVgl8#-3Q0rrziejGKvR===OSw7TIDK>)%&XzNuA z+18g81-?{B1;&I~9*f@X{(6<^+*!}R+)#9~6ILIH(mD95FquwU$VfI$5_u^*5}LTb z90bbHEEp38PY(Czs?*;Zr^&-_m+`Sxl(H@8rgb!@7nkG|V4(rfcLw7iW;M#6K(8}W z@%uvjF#dbqT#`}C&yBY88>X~oBgQD!<+Vo!U{B!}EhC~xLS{~gC5ZUI1HaT(G6qXg zv_aM9*DxzGy9Z>T$fd09fE8QSASaJBikR{7d9(nqgVM@FCHpVXI`GV# zG_{hsu&Hqg<|6b@YlDqzA`05F**lDvcpLvT11JCn7cZl0ci%K}*$9+Qta_0{FOkm; zV=2f)_^st<(*0>PyZ3HS!k!v3zwV*$Oj{4s9xeg3-x$a{^h{AI*f#mSUU0RCRND5R4wOV zI>X?$AAE9_AUsua+#j?nXA-wc;e@5x-x>N-9Yir z-`Vcnd$(Mh26nJk?NsQXEAMEe;}Fm^)<1S#Z0&=61$Ld-EA+X21unugaO$3DnGR(K zX1VG}X(K0jR%Z0*>BtFZCfI7jyyQ&d^#*aq%dr_47V6a4AUmToT?#gQYcQ2^|Q2=zf%ii$Q*)Yhr_k5vv;Qr>)*tG zN$=7|t>E?JGZ1K|sRU!g^&li$x*+h#rnstfGD}$W%`}T!iie_rigguMIEc@8XJNmb zudL}b_9Eh_Vf5`9SD@OD-QgUR{O7LPWw^#qN~`kico9c~6TdCCWxfJc=JlGOKczT| zm&Z@n1t#9aS8I<|7x&rQ7zEF|*_#x1Dn9GtFD|Y{`ROm`f`{F6#8xcd#*7P=FGE`I zfv0ZQ(a@np<%i)i#B9*K^ixh%3>x`3;IyW(bDG5kQImR`Zp?a*4`TD_&E6KcY%C)m z)M!>NLl6PuR{Dn4PG*)=AMf0{}I$a7>#mSo%bc_iNe@3PJ>0btK+QibD zy{ODKIB=-LKDcqzfg8oG1Upf>^faz`nrgsmH-A1gE}zd%_^5SdZ=7$FWxKjL}Bm8?U$W{x^DqccjnpjpF}*QiYphvMDtc(gLRaIzeF=k4ZJ%vBGn2Rq zDYeN5o|EXorgtKBRcNx2*Kr{*wxnlAYYk+)bN_?!A9|c2Zl0T;wdi(-D}GPbE^WpM zwx+J=l`>|o=@|R_gHd=Ioh`OfxHAiXi`wa;U3yr^+FV*y&{ls$z1FZZv+R|#jT%d? zDC#_?ir)FWIX6hAlLq#hH{HnOhw`k3ye|eaXvenRJY~rg*8VL8S3m5LPtrBK>vng+ z?%tES*<$%v=^7Dh$%tPmmb44RT0zy2XFcQa_&0!{S42YW4_*E zNe~Ul(ieKb8an=T9N^#cbY*$#GRi}jT9dZqi>0r^Un^2Rz$wN4cKVqVWQfkcY4cSc zAZbP3>|nVSHhi1jkxVF^KDDcAKF<|QbQGLqHiNB%lN;#X-nckwf%==0@2+5z0WU7G zcQkqgt^c*V+cfodb3+hxJt$jy+Qjt~FbPuE2`E0akgbd)csYFq9%L<84J+X~z{587qm$}pH@xAt+C$A} zpBQ7c?1xI_iRF8)|KxWG(JaEg=b7P)#zzAud+oFoV0xGPZS;t0h>pCJH9JGSbWD8z z!|Z0YARJV>0g~2zonok+NQA%f=TZIW5D;2sLU#?Nh&P*1Q^4uZMaUTU;lyJTibI zoi@jcA;*5cfHScf1Cb{-1d7?<{5rX9A16DP5ta3+`%jPoO_}kJ?+D&-ALM^Y(^VLj zXrNHyjbGc21jEB%Y&nN__rb&kfL>B!+_B5xfUmedLT#u8;^DT-zVlW~y>F{mNuSpi z;r+GQfpNgB_u-r*V3O?2vON)PEp#|w?Vv@Gr%91!{WLVT$dlPR#rgH}ZeS=?EgI61 zsozs6Z1*}={k=(co7^wvy>!)lU>vjb&&yTixp^37bo{aX-{OCBdCj z9Hsw$wA>yi#&}$3_RKeCv`gS|zrk#R79M62{mCcB@5M1z==px`U3>alF9&_)R3TDf zZR64GgNcR))ON4Blqt8RL-f?(QHh_!zIq{LLq@Z_7Xd4G_O9+R&3bDLZ9Ydg@{{`S zFAAj2aXw6l&3a6wb+2>_zW3DHU)1DtIvd7c;UGj6uzMY)P{Ft<8{D(|sg*;ZY{~_x zXt*3uvQ2VfKY$iRzIkw`A&4o2i}Pe^U2GTO{ywTwjPC|7QuERw=V*N0d!D&%MDsJ# zo#ETC0dvF50YTS3`BQ6i9IE;R^;>=z{+ITIGG+piKvBQzjsM{~8OVV{KsKW?=Vp6na++g%I zr^OZFMV9y=4I*RQrn&V$<_qk2#_5HWW z%sQoPSTTU6xD7$Uv?D_AW|c`Yf7NmCn%f@rrwQ{hmY}@8>i81%saJ1)%1p+ibG&)L z0Crq{MrOsWjkr=v)^WFrc`hB6Dmp4y_U=sb?sAg&6gKVzH4?rrfaALJFuXrO?;aZs z_#&hFTK3KNqc-b!q^>^MU}Ol4!=>Psh=5MNIox>stJ}+7sYTYc%<`cHb;e#qz7MJv zx=-#Y*HFe6|IxKPtA_w8)QU!zkkMF8OFtGjx7lBGapdH&8A|w91@EZS_b7ZtN<)=y z0=@pil-b7gN3LR9Kj_Mz_78azT$-#azjsP8nkVL+=e>HAnZw@cyARs^d_L{&KV+;y zDZcaWjb&$W=phPU)l$a>0zIWqs0x*tjD;S2v?TVPVV9xdRrEV?*9e+nKm#I@2}_Do zM#iieQWuxg?T=N&W%)Ij4j)5(AeqHH&KSd^$kd;uD#<{}+4+}F35@5n2>uRA6Q?7R z#hEA^t_n|dtPtX#xP)#rr`rkLpT#=>bKG&lBqA2Tz=1=_%DY^=s)wNbpz1D* zw=Uj*m{_oik>}di2?KW4gg&wgvwWhTl9|D)K?WO3aDZVq57aDw^_mR6%b#DKG;HN{ zPv&9IwQ}&-SGWzNKk zPF64R^;eZ14I|;Fit-!R;}v(_eEw@BQEqa3X`CwMF+**=;P%_TRro^vOO@YpLOy{H zH%?R!cGN$+ume2VvQ!wqzx?rZXe+qDsVLr6y(X3$J=FhDInDe2ybqa<|6D%BiFZ+suu-(!2^sJNbQ>?w=LeHld?* zLkxUR-LS5H4e-$Xfzk}8tPxpkM4S6CZoT}{G@cuGgy)XNx0C_jnC6VTs>VOL(#<|R zRfukyoeNVRL-f9r&zdBQ&C0WjwAu+hx;(|KS*&8Ys=%gTRYLd>p?0)v&`bzEK-jbF z;M_YJoW0EhrTGL|@J~Ie(c5Z1N@^bz4?!LZ?hX$1gr_xEm6{APNaj$ObydFoLea8k z%EiDmbfC0JPgJ4pq)ePNDyA#A4pjp<#F-Vu3n`lir-y3R*D=TGt#k0TSnQ{qQC@MJ z5tt|*&&OHrvkVP#Y(vP*e_s1ts-sqT<6suNK3Y^4hnGS?2{dHRfpF$9nRBsdgt3ck zDaAWjwzlf(T2`U#<;yV*Jzsj_A&=R-TpeyXeY4c`x;Z{-7fW9Bg?o+gcR%vHC|TWb z>Qz%*ZZrlm*~|Ts^9lg;xN?m#=1+ZJ=~gvXK^GR9b9|iHjHGBw(RRN(WdCjSHYt4p zOC>^-$g^5bjyr3aC@k7hG*NVU0x#Ml`&a6q%ctonnR;>c&{_TP|h$)zZ4o;l(5>bbmXGvJ$iEXurD zfGt-&s3T*zb*O$908|ZZ*I6`Uq!~_uF1(>P6{okc$DD;}n{gU5&*=&xwr(Q4`18I; zj}6+hqC9%j_TW?bv{w;IJK+Cs3?7X z+qLHE8(c7W76V@a3BLT=Ui{^@|E4EYHhX#h$~o#_WzO*Pp$9Z1Xp6uH&6({ly$z3k zx$l-4?W9qZO zE_W|CA|_fWhCVx#*;W9!I}f~mJZ2A(ZW`dZZ)FJnr2#H6 zoc@4qA=FID^<4i?n$Po}7yar+i#9%dZ(YMNqBk}f+LE6+NL%dJ-d#2N9$#u6J-jSj z_K#fr`1A!wU#}aUBRzWbhCl2h*({|8>u0V>v6~MbNXkhw)Nxy(+w;_OOi&ta8r>?V zmDTnL7!~KjCp2`z3Qq?4$f*dj46pOXQM>;4f69OFnc}Hy_TzC}5R$t8wh6h}Ef3&4 zLrSk*7oYObVKA8zA5rCFhX~`LKurl5Hkp#^_c_jlW&~@mLL$ioxmb!N-emWyhzCQ= zLolY-|IrDC0>O|bh)`ce?u;}-zX_732)h$?$Ihogj$^|h9V4S0!OM zxFw#LBD-o#4fO$9Gx3pEXAN1rgNl68n}$EuMOT_1zTUVRS#blqu60Ep%0g-vw=PVs zc*fr8FSYRrw2fI*zVcoQ?X*JYO&l1uo`o73zTleJQTtf>Zx(u~>Ris#p7QEI67VD!$(tS9qGw6X4b zdFo-NUg&wd`#{b?gO3N*F}r;H%A6s94PVSkXV6WgoOqzOQ&+ag;y5q# zc}CPWXRf;448k&&ZotN4kdo`;j^RvQQ0@YvZ`FJE58nR%$h!J z-dIhW)Z?--;d!rP2oOPH0_*ll9ybe=om3A!atb}-8t zqh3ZG9jh3hPd11M$+wW+dyDGrl>coE_}q~l@cXg&Cjek3T3dW|dJM*m(vXAzgDuv= zTwl4KSF?Z9|G0|x%%wLP%GjIah3EJf__(1Q_*7FO=Cd^%_+)e&qcwRi(P~CXB-7yN zZ7%GxuBp17b!=bl)@~TU0{x1^l&4iFapznA01mT$xs(f6xmhNNK{lw5#X!D&`eUVy zfh_g%@N0vtG(-yVc_q7L=yLL{dxO17=E?CXX&P64qiNmm{JQ6*F}Lpv2r=31V<*nb zyyPR%VKEd!o}2P}j8!I`!HDRmvcuPCySER4SDO?_aGTMb%0mIWOKY}{j>e;yp}>9) z<9tE&k&6Q|I^il}6_tLH#T3u}n>L)`?*p6K8>{%V*oP060r{L{>>Zh@Txpi?h#9?I z7C!rNqU>VE2=;LDq=q;(b?Hd(C0Zm5RZa1x&H`lD)Gw2KWXKs1q%gWwJf`4&7_o`D zo;DI9z(EN}2SrzReps$eUAu4jCr!dOq!T3<3=xu;`+z4&Ip-Y%L730@hc&T!+;!63 zo1Q!`A&71LNzX}FR~xK#e>(NmFLJT{&zOy$OH83J|3(5uz0TIxO@8&!h0`|pCQ8%* z!4m2!`ZHjz*GP5l-P1jj*8cJ}R5e;oB?UPaVU6k1PL0-)iJKG8?``{6p^Uwrhz90u zcZ&v;mXVxKOs|R<7Vwp?>Sq1tDHoM(58wQ-ickI3+0piIFg7+U21~WYK6waih_u{k zWEkC-4w?LyWZ$fUt`(NQ28Q>*wj~Y2MR{NORh)*U5aYWu9_r>+|zAT|AQ21H&A-Lg5yYpa-uz&$g%RSQByMH}Dwy z{A-TMKixNMjjsp|IKQFo%`uR4<;U8TS^u=Zvza=E+8q+fNmJ@nypz$)XI-zs5 za05#};s&C_uqaNS*U9wLh<~FfmzBMqnDbIkMaY$;?R;zRkUo9$FVb0AwZ+BmDGljo zF7+}6N@daf_41PQJ2i*3437mPVLvSORPjK{yWCqp;S2_vEpI?T%&XJFxLn?cg%<+Q zv$fRMpU19x))?%sybR4*EohRX7&ADZw!DP7z(Nd*S6#P`dUuvS7Jt5n51z=a*cjpS zZZMQ!C&lwtA;Bbzp*1qFD>Cz2J#4vTKE>oL$U1TtZn58U8@L;>ox?<2S<>FfJ@4Q~ zMmkyhHCix#w^i8a&XQiH#zBZbbj6lP+D zJ0_+OUEE#NFSUO)w=2RVCszV_=1l54%(3(YAwTgza|1`8!p(1nglVM|!jtz=O&q=! z=!7g_A@(ZYokz+xuFis?wI^nqvcIBB$U5P z3)-Yz!|*f@(z-`xf#VPc8UcNU^1u617I*|csBt0qxE&jF)AVR z_Ta<2vF(gdWC^POTVlG&@0v6ob#u6RxrtV9dpEaKRfOAFzWP!J7bT9NpOr3Te*eTT}Z^I;w5swy_MtX$Bygg zndppt+FT(Z<%pYQKDj1`w_o0AG4j7|0twDHJ~gSAX*bq*eu4LHS=Fe?5U-|BD6qrw zw}-myMa++oPsfI0nG7qrpE{*WUi8~rd6Q7CW5{_+KSc%0Nuif4<<_(}x#};WBeU;? zIbRm&|KO}tuGrvUbvFz7%CFj%qD5nAW973EHpANBz~aBt0bcgN007SD4xT@vQx6C0 zUKWwei~MO2KzWQ*;2J$^sC6lS=A34iVpH(=o9IJEWovVwp+-~1aQuvYCAl{iaFYcc z;QzgFNA}b{ddnqg9pF0OSao~%tM2Q>1Wp`cfWW+c&C0%Oov^=&H2+8FWq#I0?D8xZ z-jS$FfF}O7@<`%WE&DJkv6^;%d|xAa;w%lg4W^)mIUQOg_)hfh6##^r_Fk91%L_NS zS!89l9cp!%8{c%yoCQqGE=gcD^i939{FbWMH)&co&Cay%NVyz}ZA4t!x?7q?bCV%C zzR;EmJj3KerVg{s!@-Q>l_#mqM#RsN)! zz@o58&c7m|dn-e9xKtl!`8s3r{pD@RveCy;vv>R$6 zW6|{@>WHy_m!wpaCwUBqB80z-Np0;Q`3-`|MD;H7t>EgL=U%KuEJ1hI7=s;&@zkV- z^>rA{@D+@&2fU)sw)L)hetX`)sY62=%27Klsg5N8UrX1p&cTfX2SWnQ##muR+?c>5 z%XQw(=i^5Qq6>%t8$>w>n!~IVY>R}#VJZ|`VTFzr#<+DCF7UOnidlu7?gOum;)g@R?a+hH?@fGx`~0dnFH7Zj)z6h}=Q1%NvBn_zH< zKskCjBs%~OI9UiyFatFdz(G<7GAmHzH^YF6JGgy(Q;Nch0^K21+a#00&@1bBYW8z=Z$EV%0o^BNg#JY~&SZ4}enupa2jH4A*Ep3{o{D zQbcoYY>1{~2~`J`0tA8>jq?$F9o`gUyR;9d5Bd>>gTn-avj;|Hf?!6T0)YYolmH5p zQkroa!dY|80hfaT<#w{uzf{KH0<0efGw%M!3b~0m@g`1gN9qhbtc#qdISbr(I!y))4sv2ZoDm5NW~$C3&C!uU96f}MD^4tl z@IK>I0?9zMqaX~WH>xDOvka4&lzRA%A0C5>1Ki$j6fOIbd<>di0VRe%_u#Tnpm2P) zuv8i-(jb7ljs}nMSpo_t4#gc52!X;2>*XwHVwh>;zeK$6`9}OAw23ZP)dh4%;Ph<& z4T8ubAv#pxM$0upNY&OkXyRw2I+*xo&m-`nqTq%}J2|Kk1f+vjiunvB?fMgK?`LjH*Y+p(q{v6$L2;Z++P52jUnd)_d+}^bd}s0Cy=e{+Lkk zHnMIss)gS(t{&6`iu?H@G*%wqkmHDEuxJsq8x{-Z?Ddicpi&=adec&4sT;| zM5sBlZZMe8IBI;LkkChzq*8LVlp74LQe;x>uuiW_mti<`iZ~fa7<3z#n<4EG*9Hrh z=T?Yw=CdV?Glbz)lq^Th&o|)_#Q?Xj(+)}!HpeBdpe@W)38Q~43uBil**91N;hw51 zI&c&NX&p_D0}I78LMnla?Ij`)hK8(ri5rOn{00ABgN)gQtU=dl{B-AHv|+$DciVPL zCV{W0pzwTm7+5`Q?1^hacJ+AU4W0}P+P|fU^uK}qf>PM*XlK*>d6o>p^~OR5eIpU6 zKPw};pKMUmdvJ>Dps63&qX3GO63=-MYa<1|csUPHmqrP!qw5eM^r-rXFIDC`nMY7=HmOKP zm@t{X|Nh6I|5dmmRgU*MCI{54QST=r`Vc(mKdYCL+E80x|AAl`g(`&SYZMA69F&to z9Ki&Nfoc=tyknP0HEKc%kHr}!DD{^|QV=bIss~=HxF4r42om8e?t-ly!YG696~#MOco~!LdN7Wu zNO{~?7)lN|LI@`sN>wgbq`I9pHq{%-857};(S6c1Kft6V-Nlrdu>|*qWZV54m{m!- zV8o^vG(8L^pE=2B0UU8&`T@8}Hyjiv%fnRV9x6-iSZWLy7(oZ;^Bhom$`uo8$S9b( zsHqbO4wDbq zE)i5Y_vF(>Cfe9EX{AW;;?~t8g2NcNw$KzTQpvCwM6^aw=u67Qp=JWBk|5UpC2#rx zJ8gyrhVJ_fK0b8_5o!?ugFy+Zl1@9p*c4ZjxE>}q@7OMtbA8172;D9XPYn``BIYbD zrQXyd;brgJakYOPTMz#Px*;1EsQ+pDE0gG6FZ65e^dv9|?+#gcSTO7hVSk z+)FlNkO~saVInLfh@$g zc8c4LffgQN@CeTvj#A@e2}8|+gF}c8miX_<ZAZcbK3X0^I-}(? zER|M2GsRO9y$*q=p)e7CLqc#V6%wK~9MS0|-U0mx`~MtOWQ`F2O_sRtj0IvDV?xTu z^G4-MptK<6{T)Bx#xzP{(l~2o{fw)$&XcHcPxXVN!^<3MP~ihbk<^evh>aXYkZk+{ zzK~0_EJ%6vv&PITlSS?#hK}I_Rwsm4BXYEp?r+qih7Slt zsK3BrxF!UZsNSp(%jF457in@ij&;e=N|MNAjD`@?%unOIhniSokCJv4z+t>5A+W^c z2%2(BYZoc>87IAkD)}OT z{i)ruad2Ssp*uV{_;AN;AWZ(!Mf3~+vt@cuRxigdw_uMFq~2t==7ifS{4b?bHDc{V2TBS=i84Sn1&R@jD z(ylyr;&OtR*5ARAY~zmuIh=;#c&4cX8kA_gbfwYC@Yemx-pMKbo3JT~-Enoi@$zLM zdY6Xy<)k&1k$(9d366Qqn>2whTDb&Yis_$!To|hmhuW%8h&aUbp8F6;3U%Ja1ZYeJw0%SBlX=IQw zu&~0hDB|yItxJazWep9FJ37{@(cllimn+s+EH;_{?+3Q~#h_0`apoVN&Dj2-S^XVO zt>H^w**p*F-moCx4i$&-6ew5|w~ny63dHq&87lYi(vg&{XE6`@k?@T{hJgEtXU`9T zM~(8bQidu-NlyCnKHSzIuDF^W-|0~hL?eMl*L_@?)|?*I+9U$#Ojh`Q5iyqv`SxlD zq!>~ONfp!okF2wbimMIQ^hScaySqbh4-gg1ZFQ;O_3O!QCOaPygr4 znw#k>dI77~?!D`)s<)o13Yw1et_M9iCZa^hVO()qCGtkQJ$|LjwZkMmBR{-$%GVXm z?{Nym?`<$?w!X0boZ16n*M0X*G$WD*2_XA)E$c#p%cekQC>p;)hr`5#s+oKkDQi@>;yf}{tORK9g^pO%2V=a|vpomn{onela3i{Lkse@`UsR;W;GEI|!=1R6i!CJID)T1hT znoI72j4sUg>Gm!&6b(X(wsHc4bGuy?a`o1)6JyjHoF$uTA{-5nV}!q+T@Q6#KYYZp zyB!atgocJzaR2$A3jtqI^C0^NW9HcY^E)bd9ik=oOOx*n&zK-BGo(Z+IT<**m(;V} z)`KVEMH&W(@yv@Ze&!kdV1^3v?{il>4hlvAM8u~1e=xE zMv#jrJ)VOAK@kONc7o(T%#K=4ssYdbg8z&lU(VVl*E#JW7FYp|06QlL?lhjvCpn9p zo)#PJkD?62QkoWo!KXi(eKAoWP3bK4iPi6{SE-qU&e#iSh$?rjod|bG=0Fb z+1K3xTmz5mfs_iD|Gho`T~!R*5~D5~p4ZkpY~?*Yw7AI+o@|}w#gOdN@gw_YY`0y)&?a=Ko#Te?P#3XKp7N<3My+cQZjgufwBQ#rbB_*gQsFALXvdl<8DOttb*cQDHqh0Dj0T2OJ04m1SY+>b;-h;-ma^5TO0!dF zoK_@Pt|CNMQXErvJyj3@V(Vp2%^!%OtJ+6Y+WCEoeAZklMwTvAst7-_(66zk9R!{gs$j3S4AFh8vADUkbIU4a+!?{`yFQ2j zY?)R)4HEP-TeRCQYbV)tKQkw(lQ9!LHTAS+`FuHW^|tKOl}hIFT-uz|ojJiYsWLL1 z)UzEJjLiv^Z%(-I+3hrfjdRxqu|Pn|jr;t!H6Hi@MFKSY{+c@?<+>2V)J>o2bd zSv#Jjal)zrGP_LL0k0YyWb9CERpzJ`QTB$(a6I=8DJB{N`+~WZ;QRY8;Lgl_z55`Z z=kFW_NsO$E;nm*bAgnq~z;RyPZmFWnQ0O9&TZP_Kf~zYcr*&n*S$pwp8d9P9<_s38 zY~x?ewH9B{yTL*Q<4v`F61Q6*6uMm@;!PNyNsYJHx3VBK-6YPh)Lbl{;eu`sucKML zT9$3wl&7=ta=8Mk%BT2Nv6-Ib)s7$CZ@#rRXQv(4f2eSpmn~|KLo9>3)h?!$S2Z=7 zjS8!uLefD7^V=%z3m1Q?u3}KDk44zIU4+dI52~CvFH61<1w9+BBnq#hbBf^Fv?p@| zpd0Z@V!L}juf{7y!3@Q4$wN!SHiasEJ#H_WIE3=W$NzhHGGU{MC9+Tc10Rw#s&1Ey zp7@9J=~3+coJFIbv8UmV*+L=H4YTl(W^Yh&+34ZqXM>>Jfo>2Ca3pv5Wx8hzH2SCs zt4CMA1xRcu3+7_iptFsCKmlZ}_3AKqyebXyJ(|5eaZ*IgilXIArxLcGtY?m0rl5y= z6(al#qCl#0J1V(;M`Ee&2$J+wJgLH>t+F+wRd}VK*`46`t))$&0XA`}YJZw2hp@n} z7?4Ev2mC=v0n@z>fnaAZBvZCNkx^bpzx$f;29WVV+chvMbVC>s#fE1S7NWr}*!bvC z?&`&Bg*UDuo0=l)a}~m7EOI25hq*Nm+yClqGCq6*!8yEV0@k82kpp%*BrpR#b`{2T&vOEnFak7v!_$QswR z6`W_?L2)TpW$Smv`WIRW>UY)lZH#AjAFobY1?Dd=8aeI-cKHJBr@shUWkfX^pQpN3 zaL;17tV{oX$av1(TiP`sg8rVRN0=FK#zjTbuxdk$kgHezyCWg_5Zs!)xj*2c^++6ee7hLu4AVHNg3&{+zP243cuo!CPx0&uqt;Ac= zs0yndo(1ZB6(gx2ms0*CgrCLj(}ySMrms@XrZA-FCV$$~I%v1WAJc!?4FPzLjdh@) zA*fta{CSc@lFR01WZn11oIf7z6y)W6QA=~Vy_u<|;&Bt*(8-_DH2Txl?qgMep!VBa zum2aoUW1=O{h8yZ&3Tsmq%tA<^6&~gSKd7d@kE0{LqYz4f$}*O%()PM>sz4JhR17t z`Cs*g6M;7w)ENiYcoSTJo$JSVJ7=iDH<-_h(*O4)8b^Q@1>x}b^|mz)p|h3aZ$yKJ z6CKzPkVM6`{)l>KUV7WGpjrgcO>Huj~s|yAjuwLPt!~dQ?jtWETl4!mx5Dp zJX2_>{K#-I{1qfKy5VeDv0=O#>N~$|Rj>@7G9S>#sXzQhDm}^?5<_wXv~B2AdyE5# z6h^LX;%}o}z%-pEVa^Ym8TR`pw|1;f)s|u)8kCu00hZcX^5vW1eNI)I4g$GqYHR`p z6l;RA&X`?eVBlVYImg(q?%rCk?_m`>;nC3N<)m5}Na9(7fU;}&rDXq{Xf4B9>Tpj) zvT-+p{6Z>_mMRU^J(_W%Yw99S`wlaeCM3iiYn{-(Un!hDv`{`~o}R<@1g2*=8f;A)!WNi8GSF}0(mn$th~Z94{oR4m0k0QK|0n_UO5nWRvkhn)faH0 zX})J^DuKH|@Z?D4dp&hDR?-YLnMiPOmD<( z#EXXn9#AK>qZ`-n4j&#Ki19!9{Yy@0aOLt~AfhD390A4TI47-G@+3BVRF(hqZ0KVw z?oGSLZG`}ShQ)tvUua=G!`&bugE|q&d~>1YtyuHrk+caF1Q23r?NLL`k-*#KdsP%$ zc`3+-M=YyeeV@YZ7A}L)!+9{%(%~%{-$z^BQBF^+^eJtLgP;1gS0`|7qw9IRTxceq z3P|Mg9BQLjgacEEV28h9+I;!`LgH~m9<-GtR4x3p_X}5u1R`IQw^?6^pIH|&u3_V< z>THo75e0xIm@~Wc`!0?_&b>C}Pws(E&mxZG5T#3i@%@ZDtg4O(Vj>U#n!CXcW!*nB z*c=vAgv@C=*vl&aB?2ZrAc-!zJ7INre)r(ZY9MWzktITXibXIDt2b93yP8BoKq3;B zmOYagc8ou56c&6pI|wGRCqNfmKBLmoh2|R-)A!oNMv<05ZwOS$M2}cHlkbNrR)ArH z>0ieB)InF-8t$O07Oaul1`TMnDKIgyf-7LNyIYvW?l=BlARJ5Hf)TT24i_I9(Z#-I zkhT2QBwO*giJv(2xn*{Vao( z>* zAiI%CwO-~wJOY)PA5M8DZ=dbeN6a5w&39I-6l{23By&chZQHBA#y!n>dR#n?HqJPB z3dU(m^2SLz<~=oIlPe~LMR1~SLdiDd!5Uvln5cLxvc@?`oHHhnx=oQF8%&%`@oc4Ai{KQz^g z`1YuoVM2F)JeH)-s&A-%cB9xTb@}mwl0OHVfQ}wzlKj z@{aM`DhDYODq5sNwAP$6AK|-I4Mvi;!#|{ls4PY~vcU=PLgP@hM&#mZFme(BgHAwL zY;n$8IgfdE)x(kWWjuP2(rFd{ja=0C(@!!--6KB%O<%j4XU~jt{ilXYB4$C*<5^Jl z!o=F%zOTFaQ0P)sOXYTN-ZoFCD;TZOcnR-u@v-h3!DapXZ)M`ecQuAj(7`4D_uv4$ z+c~lPi;ve%Bdaa`InvXqV7Ovy#f+y%IOog%X7s%cfZex|P~qDiaIv{O#PIc$=i_Os zClLI)`7m)%X&;bgq12=rZmZKl-*bTG0MVIyvzex`uiWAB67rfyB6ummngl8O;M!#l z>JI-BWmj4M;nzb+f@dE#MoT_kTd#T~K7j@$=?B^ZaKuFe^^Ec1v4|mSeyhVgNRvKR zJ~zX7OhOT)IqMMElT8PB1s0L$LP&+kXH2m$z>|mC`yhj!i6`iE;+QgF4Fh5zYM>)e z<=O(!N5JmTFON)s3BB~g@c0IIIL&x)O`~MgNB8~9aotDqQ~5~9zNWus4qK}xq_%l$ zl(kke%pAcGfhRK)E!aY_`-gvb**I|;-VEo<4^wev$fBUqj%Bn51l%Dtc-oBE!vNs0 zVu}Y9%CG$IMfuM=5@xfWMfys14AOb2?5K7CfV^V-UB>Wd2lM@*h0k?3Ec0}mf18e6NNs}n=%5;KcbRlDIO%?BJb-mDxnWwsTfld4?|5%{2^?W}2LexAJ_fK9z>@x||w$LVt zZ+igiOWfr~UC-pvs)f=Y>`Gy!18=UXKQW+h4RdpcE88ms)YlNszrUCLyV(#mlTd7) z^#JdZ6F*Rxuh(BZLe_7rGt$%$?FN+d?>}a~_36 zJE|=+$QlIEZE%T#+#eS2>2I9)iC;XmPe7y*2cQbgZKfKaF78!fxSP4j!+qbb9991S zJ8u>l(dxD~dID)%cQ@0+_nsr^{4Zraeys~V3MoEUY{GZn%hm^0T=|0i_ysZ_c zv4FpaD;=YYJKMU(+S9CV?>@JiI==@AGYNALx;V=eu(Au)E9OgZ*uPY^Vm zMKkP?_#=Nq(0uQh?>G@+j1gXAuUn;gvEG@+EJp0&h?XDZ7jN?Yak@cDl94LNA&3R* zH!Yfp@%*og#I~d5BFi8rJhr&0!&mL@gkAvaf3yJ5w#U$Da+3K}wruenVE^joxmMN~ zi7^d?aYQhq9+^TR4Lj(%H{Dyuq-UCptAe{@5)4($oZ!d@57-pV!XO6x{>hwZ!9)gB zE60^c-U&wGXxhUmg3KWRtPn~^5L7)O zaNw%jB1Z-QlHGA}0m;K2y@B3@S1~BF*=EO#sy5N3$hxwuEo}H#Dw>H}GM(6LAj|)R zs^tGz<{=LqojTRc0+h^2rvs6wPs;6KdZsQJI)mhLCut@rcnfG^EEC&kHc+c!Pey2{ zzY*?w!S;pRxZr&<4YO9}eeJsXnGf&`BHr~$p*J;{d+E!bu9E7I^uWN5^|DyNF0bXD4V55#XeB{n67ai9VbQXBRL zvQA9#F(nrqFTqfONtN$6FR&1zJ^y4{w&hyq05SMz*n|rPskI64m{Gj5$o`=sE$ve+ z<6Q3wXN}6aYN`PInL&+emN6<-p@LADot8kfwdW1BV*T@Q6k4=gwWdXZNxqA_zx;Wj zJZnoGINkz3mcV;79(6w2?oTm2NV@^3pRSKTT#pR~`;b3(Ik>{&?MP%mGb zKfH@)iG79sReq?wG!zGVwl?UVo;%o9VwO7ebM@?yoQV3wESwPvq3|?TB)1 zsDOpza8ypN=-)39Sm-1;n+U)>dXb1LItszny7#B3qB=e zqE(P=`H&k_85J$M!W&KXYu1A5OQgLCn>)N3>JEnHj1-915f%FmG2y_(U?!O6#60~4 z6Hy3^{DXpK24>^AO%(q8hJA@1p$d}yy3Y>4(-W9X@T;)#4mx%tMow|@U<&RO>)2ah zBsdq%9AlUv{AN?zeceJUio$L?VjK5kp5FF{%9b0QLN?QF$pgsy0i+^EX)O$M8(fEC zt=b%?279a3=su0#lSrj;KX%m9z^%?WC)sl5p3$fT3@4EFbw*4=15LK^{)Q!$Wxa`749AUD`%5dUykd)g)+ZxVfDG!6V2<(SAW@?q8$&QK@3}I2nv~>0N`xe|{^v z#{noP;aywS4-%xNLain4D;>YzN&uo$cmcgoeq=^MR+(;jjF=;fHWkfxh#9OzcyLa^ zu5B(AO${-phA7R($8*5d;*`SX2s<2PUoU3N+UWkh#U{v?hH? zUtdJ3pJLmhDxpqFqJM3ECm~fDB2~%ZHps}QLIJ*Dygzhfl4C&lbrHQTO{I80>c1~` zT#F;9i%C8{9i0O9DW?aULHb_Po-eLLzSsJfSzm}^+7glPQF&FJiTiX? z8A(i;wr0n6vU@M@5bUj@K3=>z9}P^U_rcBbT~HH?n-Qs>A9CUc)rM|4QY1glxm z)%}ldc_}=e$iBF!PWaOZv#4lVS=mXJC3A;ijB#^7e*4BV#Rd;cukG`$2}3zUHD@ve zL`TK*y7^;&h2jOXET6NUWamGbWKcskKP^v^gW|VgEGt1wE1B|0pNolBn|?_yZ56HJ zf|bqa;M6_W6gVPC0Hp>E_Z6i};n98(^Vw2_5t%#;K)3&gf`H{~i{rIY z=e%CTuaee${^(zbU7WsUsss4+jC{l~GI_J#vy5bhadm<)3`TloB@O8w64!Xcr|grc zlf-1`TvNV4mW^6jXF8+_QAh;Ma&-ASI69)#U?qL#RpVUd=WLU(=DI)ml!TA1=MtLF z7%WsmwTCfMPA)$koPH9SXdJmFSex-L3FtPeZ!F_B=qvn$yUj2RnlA0{_6rwB3ILAjTM5g zXi~R;q+8+a)!VhfeRz7>rVBFEo;|)T?Wd>vo%f8Vr^Mi=8-yV>w-VJO}o^D z&50M&BWJ8zApVfD`Nn1EgNDecO}kx8)+PGRHB|dT@2{UW?Y{*pKd%q70$ail zm1|Sg`wV-|%BMQfQZXH1+;}uYR@<&@VOEkMbCl-p#rjf-XcjZ?@U8vOrL|*;+k$Pi z@LmIc-&g6S!Fc2|g9^SegpeDBca_-H8lR_YBPnok{kN9q{X0b*lO03aQMhe=<;I03 z>2%;B3=8jT#7_KMe8R&O&)tj1WcHa&vijd4TjEI+2;hL7-GV0Jlb=7Pai2L&*!PQ@ zzb9K~AH2^6RPx@HJD-bZ4?o2BX?=0s3vMd?L3U0L<~&K)ovYUCzeaFLuQzPij1^u* zL(CvRXI}Pq=g8R%QcK`S_8tH#+R8@`CYdW!cs%7}(J_gu?|kzw0*l65q!>3!UJk`S zR9P42Bd`VbqGLbhq;rvhW5Ba&yJ(S4v5MBd4o3OUo?jgJ$`W0SuvIWX>yU%jt8iuSMBD%ywAgM9wYO7M->;Q zJYD&kkS!>Y9VXO=T6uOa_X6!%RN;IOtaVW*p3fx=>VGe0A;jv4r-5ZL7EDc1RdaO# z&F0pyfgP0MzSpL{V?2CfdVY|-eJZuo+337y5sgKU92`6w4xaIqZOrye_fai!RIgR_ zwhrD9r12MI)0DM_t~UQaxenT7Lf`3jgzjfVd6}v5cdyC$Gesnm>Y?RFhqSO(KnLHJLRdjMQ#12tp z+SzLtzy7gKAQ!AQjEB&2)If-Vub?1Tqf{q8BsEkWm-R_y*#a~^nZ)@oV6wh@SR#*b zoH|#vgjmY>M>5VA0t8e8hvKOvUc4UxCqvj~Kjh4ecPR<>GHWxQoH(&{R6*8px6qME zpbra>DrPNasp9rqv#Mr-RoC}FNYz56_(F!~ttDk&MGd~Za^6Ng#gaI0xje{!w|*Fq zxvlV_nNzd8Ne;^nBXoz#em`R)3yXW?k@QuhPPVCOh$h_bz`SG|q%e_jE}zOsCLfz8 zm3vJX9~Ox-OEVAf6c)PbBzFF@(7=oxI`*+P%=6xUZ{^E(JC(!W=}U*U)0`*&x*F4Z z16;|xc8A}#>#d=er@jauKmi4GF`Co(1GT?dmm4zv&8udDU@T#0L%wly_a3C!4fKXS-!o%%oR)+ z>A6~L1+01+wm;0lZu&Y-AkX3-w-8rz#&XUVmc>+vR9&*_6Gp|Qj{ay{wB2Yo_criy z`|3=r5z*=V4yH^_x}v>ztFLoN5@QC2>m}R?<_aXE?s_C2%3Lwd4??>lI}9(AP8k^W z;V-)KtmCI~UJp88E$AL{a&~7@Q%Z1BK{F?!vK7@&CYni7x$mdVHqf>A8ui@ajv$&_2Yn$sw-x2EN-QU)# zV&;4M-&pP^dE|M8e+yX5o5~kvuDo{cridQ9FF_(h#`(C`S2OT{wPVG{CDf*L9TVVX z{%ZcwaKiY45$ejz^Ir0{wBK$ZY|MD`$ol(b(v%g=Oj`3*=4pu4cNvQXO2)f5R%R|){=d>S$h#~)W|*hUMK)DLGN#O9y%CLFSQq`Ub4TLzl;x8c!Up-{7NqLch9 zhm>-0>%u!Y7BXZ;BUcHr?dh~I)j0;W{V$kMYky5tVSdBPm`=atBJXmUpt!5$<`6L*gGmmYFC!x_R6Rs>Q8 zn{9Pc&UicC$o}Q8Na>Mhd6=9h-IH{P{>Ko} zZorn`n1JAsToM8k@A!>MZYnd&D^?A)CL{!htD*8>@~8?Po^-A~-Jy;=9(J5GKDKD< zYpr`fuKY6cbOSyWlVQJgYcTM6+^_rADG(2hY;-w*l6@U)Xx`p8nJ+n$0oQEhi9mbc9p{BfI#LHr}8ZUn1dqFVgU~+KnHUr z5B}&viY$qPKNHw?qIf-a`=a0ZQ4f=$*~2K^+ZbT1H4%}l{AC5kKfGUYeRc1ie2Lz+Q$j?F2>WA_&@&6x0wnQ(`+k&E-wTEBb;|r19e`m8 z#@LCZrI@l4R)FnE)KA6)t> zjF47q=fo#f0FTf~d$m0Lz`9~W-$**I#u(GtFCvZkVEEYnmBlJX3v?6OKjvt^cb!z4 zVnW3mW190gH4X64ly8EwWK2;j&t0Ja+tGMfR4X_HT}VjC(}pQ zHX`pg?gDEC!;9fh92+|)aMW6Hz?rmWsCgaPDi#*M(fFr^PkB* za^OhS6Jl$A>j|7D{@q%hXX1Kod`s$`#VbtR1-jL25uJj=zYrF#w*77Dm-Y%)y{R@9 zX|Wi_{?~{Ik%gX*UnGp{jSVQrBOUOK|4bYgGa&*mJWCi}VibAs+PiaAKA)?CT;7cK zo_ci!n=Pubh-N{3MIvD~a#sYJrAqqAz^Z!7_3?1Fr(lzHL-i)+`Um)L06!7Bmt}^+ zQl%={*;~{>-xZ3b&7;5VtS-FMJe?Pll2-Gz_LV(qhUP&uG#tRRleqkkj>9e1@73+@ zUk^KdT$2JVsPM;`M#9U~pTNcWWSyG}FQ@gb<7;rOe2g9%aaivn>Jx^lc?OB4a7VHE z{-m~DG$RLCYFy7*bGki_F`>I*`BD3g)4HmcsP$@bdLJin59ElEA*7~b&0(?hp-+!k!U;5Im^sDaJ~b@PQYhG zlzKXAVlq~X^r`o7d6qun>R%oiA*`Sw48WEPiGiPw$YYv~D7b^9Zf*0$e|$bIe!#?( zGoy(YKJVLIZ@_qiJE!Th7d$*UF3&O>4OtJ6h!yWwjNd~wGHZ3v$P$BC{ZLYO?|Nj?tMZZsJ+Nej8Jy&(W8z9*cmVj|~-v;KZm_aoy|QpRGC4J0adO*jj5B*1C_S zkM%zn!?9DZ2j~6Q*#6q3Dz#GQ#4ENybMF0Q7p}9xYmLEGD$@J=p3;rYg;%31RMW|T zUAtcJ*gb6wr08&%rQBHdf{o#eANOqhvA&f~i%53C3#;`hf!{VxN1ji~J@-;{&Q({n znk}>+aSU?xfSEh$%gkf-hJgdvk?+S) z!(-yl%emaGw2dFQ+nX^byROYHwsm%obN*dET-jFLmr-ECdpAeQ*NK1q8n?k<&2aN^ z4ZLHgV4@puO zM*_eE@*KRyuky^SB9nt;iNHWUDKp1DiT5e!$dO?)GbXCs8?c}sl9`SN&{4oC`ZQ3| z)=K`iDEN(<^kTmvxKv1%fsod*ifC-zU-2Vv`2lD9!mRUrRvU?&it-bb0{SNaQWb<@ zs49^nAg~2WrWP7Zg&6QWq{n*=aBhHOgE9^YAyyd#aMFXOK`jyZQCo~O$`XFSmk8>i zVYU(aT-MK>KNBVEkJFe_o^eLY8Y2R)}k{LI}*|G=_)P~A=c3y<--1f5e9&k ztd){AA5r@PubUL=HU8~mH+vJR`Zi5ZZ#rksieq8W4e0&97 z=pU=Gh%m>`1d|`}r*MFU9O_BDOdfdE`-qKj;@+YId*~z9$3{Y%4~`E`6-L;1_E`4V zLyBBhSk|HYrEd$Y5)Zw%(U1y3*|9VI*+>2&ryp&0F(Qk_C|yastqXrxI5O$1bUVYt znRHc}!D2W`+pw{Xy(^a0y`EmhO<(>$T+umc$OsYx&sP{Rdou%Me!kRjn(L zq7}y>>1&;}%+uKamL^D+!NkJFlpXj{#Uxb7b}w|@JL^whBSeb@a`P9O-rwnMl^o!L zD~!+yn$+yP4c0EEY!L1xtrn96-f%}2C|4g(xJ(5|^;~~=xsqf@#$SHUYc8BXZLoE3 z#zri88f@(jjx#xg=-$?F@wHVsop9D6wf+1M26R8Sr8f!HdYF;#GjAlM(?fQci4SaC zl3of3d)yx1981Fhc!l3{CeA(u{bWeLRu!nytzQ;YzO(!&d~5VbLN%sZDc;kIkWI`I z153Khs14a}RgM$q$aU|E4q?Rx$KRnrxkM~jnHyp< zXgsZB$H+0wc{r|vPZsPH!JE{GB9di*9Rq{y>7wop2UMO#{tWU<5ft5t6E;2Zl(~m>TYkp~7VsuePQ&5ipMWiN zDa3IvPVTR`-wEEQ(~46=!Lf{E_i-+At^UHTz3808-@E2Q$OV1Lqg6Qr0ssVp>&9eD z4)Dvar5Fi>zyo8KQTB*5=6u~S(-gF!-#&5bfClJB7yKc&XRxVq@oV%~pIWaodyw91 z(=L>CZT+h17^OvxyOAt>QgA|k;1I#IL4T?*Q9#(n*O^A}2TzzF02j(H;lCw>6Nbkq z+PM~y0+7eKzm}Eo^rRmQ2DH($Kq$sYrAIr;F(tV&WPqQLRb<>=zE4KDS;2;8k`i|_ zaMzTF|Cb89Zx!-+HZJcZmHkf~rPOWr2g&{B!^v5my?7CnvIr$h62e7 z&b952D6h|UPnAW^O6a`Vl&wGM+$kh?z$x$fw%#WG$BOR02>$ze4aqX5z*Wxk$3q3I zllhB=G#7C7;{&!!_x%rRlJ8knw{3U?(0%L3z`PDO{D9%;gaN7h{NG3{PRJmRQ5^9 zrs~i8XklQup9={4Gz+lJ;PweRJenC^EN;&A;<>-INl6L>SV}gzo4bG6e4Q@i@wI2- z&L-hyM*+ZSj*abp469xFnx;}+V?`_T(2wMKe!Hh}GlhXnEX(uOe^>Tr;14|aF>iiz z#Z}*2WV1^8*ZibHi2C+#94r(4c=38#VN_4H_BL72-Av|g)#x%GC<;~Aum84YtEIH4 zYV__o2gRuHdLd>(x8Wk|ZNi%!UK&6F_?;!pva89TmRchNrA zTEDM&8Be&m24R4yU@YPZA)JP&p0QuIC0}BMy*th1S6181c%DX1hs?i@O{OPjH5?cc zl4gD#VQK4ke&B36tH@}GJcMQ4S&dH0>(P8qfbhfQ6{imM^}gs

6Yu!0fqgZA%A4 z9T1W#J4cMs#6Tstx7iyFzYf0E$|jzP4Q=>iXE5Fr^2u03(GD_b%a~=a8=R5|@@-rn zh^`MtJi5umnYE`=G(K%}52&?2tmy2H(r~E^PU@xIjqMA(1A9>h@urJSf*zSav6d4& zMHz=B)9!2?7cNb2NL#WMwbY?o9#i?E2++i$*da|wxLAyu?bFC7^C=SKBo_cZQ9%F{ za)UzzfiGF=ZZLvmleMQ)>_SBMt)OG3jj@wKZtESZK&WWleiI z_~;uqZSS+@pEXC~kU=_ld>I9-=oyAR5Fm`{vz;JRaB!=FamRQLA>w}luaG|T^O#W3pMSr=yFRdMI*z6&~du2MmI;1%9<$xfXn& z00rUj)TO+=lZM7;42uzXiMus>aiDm+PzDQ%UnW$LqS`u{1*T3+NmVi}wN)GQ12@0Y zdo_Wr!WHc4CB%^W8UE5*g^bocxbV9YC_`@?LQ}5FNNy6uR11}q*S>Ir;HV>NjatW( zNQ3${zCZ^My-)Bl*(2+ek3&&~x*d|9vwf_48K2u2ta3;pCJv)$$rAGTI8C&+WrRzX z(`E_%)AY7_16S$2rKGIXQx@#1`g`kf1v6YDY`2O(w+D>d_}H!eG3Up~tEW?#sA3uO~ zaAF#P&vaG(JURBdM|MDRi2^Qafxln_hJ^ir9lqb|j4FWgZ3@Qq@#$*}{1o0DNn#pO~%k4Kq0Uh0J5bV%lN}RGZP3}}rg7&tYHYyrQ z96Ui=3BiSMaZ%PpJMxg}kl1me-OXMphA7bd;%60<(UVvExx-u20U-t`hLAyD{>1V~ zrjj>ypCJUhd<3DB=&?f*Y`5#{oAdj+SNw^>N-_mR&C~4%1ar|r$>oA#es~$&MKhmR zv9TH(TfUO{LTOSa1@A+hHvD@C^08@F$QXU*NY9K@aVVblbhi46JPLn=!Chtc1v_=C zr>cTcR<(8c7tIsazBDIM*HKT1q#K0zcL;AG%;}RDL^*$-D-ax*D3g>1-Tj_>^mQXA&H7Z5-mgEszrmM z@C>1gs_unn)EQQjH|Q?;p>bj=lAL7yDxQn=eYfWxw{6v>T63Nr3=~)Y)oOa$UQ9Dc zQf<3<{MT4S%;oszLP8mwR-(HfsbG?B2cEs(gh5M@A=RoszXKKtun8F(!TCthi^j9M zn}&5OFT^@H?g2NG91pJ6!q{#8`C6d}KG((G;!n7IzKhlhNKv*j631_ss#Spu>hoKI zez5~^2a zNl4PU%V1xOJbm4)7b@@IzRbyUonHQ!90HGIR$r_rKN1m!0cQUEF1L2^HB?9vcY!Os z%kDJxFKe6y4;Slxeo5D{Eram;hqGxvBtcWf5EJ>gE(W6zTryhJIVoFur19tj&`2Us zbC6MT2$yCu61`U;KmtZ-}l}% z5drUmhV1maIi^O_l%pzpq@1iH0bwvmP8-C%q0Jxw4P5bfG`EPzR)Abv z@qy8-mgo_OVt>kdLk zVQ%;Yn;bbzfY|kr&6V=Y0rEQlS4U>}JKHLoABH@HE?u5B5)Y>T=#^x8?ibogE<30w zNZq`3Wa2uE(mMT9sH#Ozk6%q%+1gWB3&mz^+7M-Pg@u{uCz@1C(_XkCXecLiy(-9b zD4(KFLltbx0oc<>D!EY*EEE;^Mp5jIxqqXGrKgmS^?Y51w8 zPON1--}d>jHBce*Tu89?BBsb4#i}Lm{=bePG?FNdN_rjX5lzuH;f@}?eT!B7H!z(+ zNI;);i&Uzwf&fJ5X!{!6WQYjruN-7NIqDzSdN`doN~t>{?&ea5l8t&DcD~n2+8M^w z4)ksweIe?+L2b$q^xXFR_bQ1T+`KJ*3jT+{V^tmLWb*pNh|90rjjVPVToAbyyG!eH zR4x6E)ejd>2ivYb-jXcSD2^1XPvLi;*XlgvwJx{gRe9%JDQcF}6?=)O8%Na&+eGR{ zUi)>9;gG+__rB3WuGDuL6_Wzo8(j`-FB+F`+dsLu4s}Z&uCAUs-k^%X9y?~$dA~y{ zbWX{+2r~fQHHlFWFYBk3I8&TuXQ}#BLeHFkI+qV%?}qIe&apvAa2XEXRFSFnceY}E z$wB2D44$k0vgA)-=QO%^Tf2BpYExg5v^02xH3 z1Vtph3m*EsHXSx3#>-n4ZQx&LR-prmztVrh0b5sVJD4Nebv^lB;kB}ILmY`UbJceq z<(cc3<3c0?B**^?p|Vk0Xz_f zL>u-+dAp*o7;Duuk=t#sRSbv=w+i)fF9P@EZS_otyl5mZwh=a|lX_M;g6Uscj{;{x z#uILJw{qQD6%I^o?u!!qQzVQ)NKx*>Lq-@NwXevs4GmnQ*^E~Lf$={`zq7d7a3WVC zk|=PO1t97&R;q~u%qMPmTa(*wL-jV5%T9c=S0)k;kcd4%SlUq1w<-9a@K8{S)o zDl4YWNpMEjH^Ucd^(MAL02rWkI#}39Z!mrFv1h{6FirU;O6kx*N_xpa2Hjm{!N7pH zgvHjI$ZlKOrUM~Rmw=|fuEWQ=Y@$N=wl>m3qYJVgxYCuZ2V3VWOOqK+Pp?AuB1s0Q z4-oZB{mmRgfqF!Nh%yKYf#rnajJ+KC{l&3od#*$f`e@dnE$=ThGo|s`Z^(2w&FNBo z6Fmp`R4(}K3eDzEu%W!8a-lmdg1Iwa1N%9}MzWqGqF?E9Fh09Rr&#rnQ)Z;sZLzWV zx`Qr2V+~Z0L1-)lGjvRo0Z>pze22&Yn~J$M7I<1bcotKqWUI z%;7Rcv}>IzcG^~=HM+qq#v~zPvC~(Bu>7=>AY8uhdr0Tc8`^}Ny#^O=q$Y-Gn)CJK z3<1aZ9{Xh`ioFn!00g3k59zd8lw_6zr0YVRG;&E_l9<+(*szk;Yw|He)8*q8LBBC@ zRc*h1omA<#uPIK{`ZPzl`PlQviF3}^2nlidAgQqfOkAq8xclYWSMnSx4<>PW(t1z= zxka2p#!NvG9mkZX;8e@!28!`6Dn7=H|NcIO=LG<*ugllUT6g|=E{d)8JkCKi+tFHK zA6wI$IH_HBdj?a-c8^!B!S&zVRYs1U$o`8XTY@dzidX%m7OZ4ULqQKC3F6E43ODkk zIxnlPv224Ek9{@*A}up}n1oFll^zNOz7U;j;Ac{@Eg;m_(FM#rlrJTMl^AA)t*WkK z>Z#U)9(cE+bO#!@aGgJ;x^YjQ?{mn(eET>7$PZi!w?XT3Ht`(`lj+W;R+koM%WF&T zZHP1zqjV)dC>7E#AGcOPzV%@ET`4l0TR21U;jQ_t-|-OFTjdn%=khQ?ks~_L%#aye zW+HPGZ;+!RBhjBX>v0+R;lzgD`X~ls$h7&;)3Bxx+Q5__s&mw`zkt58=VEO{6{ic-?}Weo{jiP_@I$sg=>$6!zk z$H&CbU==4eX-Ep#lRc%m6c319Bga2Ip{ye5D|T2czr zCAL>KmAuG28WA=$0s}so%Ux;;mzG&tsxHFQvLf!>h&!8bkdhJ}kd7%2kt|bBI)8ir zKP;VPR90QIg%6E1(p}OZ64IS2-3=<;-SyHUB~sEQ-QC^YozmSMFZX=+-oFfDFktUJ z*Ia8pt8!bC7zi0xAcfxW*+pJ$uqje_UXJ7;>FV#)g_Nojtc}@>tElRHdn-O-ByMUJ z^+Svo1`c9Oz{+ZX~UbPslL+qu&=}b$k8j!$XL2oS}siV z0x0dNuII)T=wVgG%#Gi$jZ$XH{#9d1(G*=?QDOPDaJPlC7?&<@nN1AeQA?U+w zFfOv$C~gAM2gZud1XE*jz#0Hqt*tse4NW@gb^+j%I3`Bxsx{Nmdz#2_0em{k5&bg(R zVA{IDIXeW8Jnl}$^{IVT5#86X*jhf+{!Dsh3E7O=i6gyCp6{Mt539Y&O=WJo)+-(?i;XuAQT_aW5zEOF1#k`5 zePGG7)*F6TqsF4U=IBswwT_~BHp%{9z=(|YQe1N4&i5tc@FTR3b(Wc1!?wY1XDr%| z!Rj)~8Q$=rzI#w94~(aIL3h%8MEEN&pz&aTBR6}I$IrdR*GMWW+e2djBgPWkP_}<; zwVFCW=J%g%%4cTTOM`MbGY-CPv$hQFTbT9rD{4G`Nk1e&&91`PCr@EWK=k?3Snue2 z@ZUQG$>; zTNubDu1ahf_LZn)K>A1buq}6EIbz9z!BnkfbxRr2FTqpX(IpLkBP?_;ZbgU37@5fp zORG(7EYALY_i$kLGtHjY8Ja;g(b ziV@lH+mn}s>eSw)(D$F%G72T}@x>0r?7Cl=e#hS>A#}R(umtHU+(J=ra%8O@Y-FNX zWQ~mFxyxPmlG%!ID?dMR#G9BHGxGveT)k_)YR~}KA>*%n{%9l%d za{MfaK?OEvC~p^STv!h>fv^AgZus zwc$z{!QM)m@{%Nw^4=qxqTiak{68!O4vQ65;CBqet{PT(4p_X@RH0zDU}iqBL`r;p znGGhjFpnc(r@stwy&;-fC#iaa4tygwRF;tq#Gb~Llgy4PLqOo#k^~2#vdE`oKAHle z-n=Jv=i4H7jfHhbrJd<+A(r#%)=hpp{{73-F~>1x{K;-=aH1B0{f1{{)>mG|X>B@Y z>c!>uBEA)DI&=F}k7}M+DYA(0KO_Q1*bzM_QYKNUrvJK--yg1+85|%$XcS#i*E6cq z$b@ms7j#T6C-sp+uVe|5g6PIS^zFDu5#xec_{iC^<{t+#FS|b%-03({Y1o@F(dSE< z+ZPm>a5}l@&$H9cMA)0oWcra55H+kzNChakF~8zgeP&HjTED+D@=yQtK9^j4nq!iR zdsX|MKZ`>CtVuwM|Rbkg{pDS3H;`oT={; z^0P^c=P;V^a^LRt6C@=1Ja8-3f+C9{CT|g@)VG^NooQpsm@>n^c6{b(Rp7pz8i$$q zF+RdIgofs`TQAocMv9C=Fk2dgn=61Xg0I9RY%{?mbfeTYm!=oNl5vxz)?_R3`%`+9 zS==JBIheW+s&>ZcJU&_%B5uH%t45^%4q)Ml$;y*Bb#;GUMzgZ$F;d>08KlA4Dg>Xo zZ_^wB1@HXMj6osffsNqoEhx0!kuoPqGLB06k(F1aDH9aUTBK_gb7eV;~!cycN(1OOnwXGt+NI)T4(D*9@grkhK$ukID?9cFs+ z#UAnOz(ym1*yzg&a-cB*h|AyAGQ0ZnQ&&MIUuv~@U3luk)DJqIlo%UY_SSbQAjj6I z7i^Eg0y1H^6pC+95=n?iRp`p(5vwhA^fl4qG_yG>DkMMX8rme~}LMX?WsgB(vcoGb#N{@bqfj!SwL0Ci$fi?YL1k!H==beLh>Qn)w zX`xIpg1iAecu_`N)N||r4-HAIE~y9B@E?K^A50TXJN=0&01}T?_xGSjO&Q_XQOw1x zm-H^EI-o<`?cE;_I-;BpFP_-lKwM|9zWvYCLPnNWl5ykmtb_Rmc$9sX;nt-CYo_X* zx0=h_qu882`uol&twiLgY>`N74CXfB;E7%Niajw*Jd>FUdGL1pi$G&!3{Slf^E>D| zH{DB2hKTqdJjq075l~&wq4lIDC{p{PAZ*0;tcK%r#$&T)I#f-bt4`$`ckQ zT7C~as0z{ZwE-t)wi>fIaR%+{&KAt?vi?nok^+d!a6h&{&WciXSRy z?hdK2fPr^$-)z!*Qqu7xF9K~e_k&i{rU7g5+j&sE^*2uPdu>JipZS7dt znz`VwBAp%ZXltnK@IN0__xpJX^Czp3zGWM~Lo9di9Z;fP*Zb{*efTCt=Cf24co;4AY#pSKt9jnYY2R7_Q~U{CFdn2*V2287})Bf}8Fo#UZP#@iR?< zK9fnI2NtWRwL6S0y^$nLCJ}hVDU{@(Oj*>o43DJSeJw2`4(I`cBv(47ON*Q_5ydT9 z+J=8Qq7?s<3L^l#R5GFj)F~4vgVRZ(guSqX9vEO{ZH$ARDEkvEXq-NF?JAF`!+ifm z(|+*5nQ5S9J8p^-w;vg+pVx`{LIyA6xxT}QEGa!XieGHg-M@Kj!poJf{*TQMz99GQ zbHmHzhZ zM4E0TMMYu#Tc4$c77WCEu@rKR{u70_4y)rSHk=xgteXn}5iy&;u>y=G<>6KH_?LGz zR1jwT`18Ur-T+^oz6fo!97adGp<{_3f3fYUvoD3Ak@L@@O(R61{Hsk&6|UQOc*g{2iVU zgy%vO-1-YnUxctZ!1bdI&EZ0<ik(eOL$9L!}_1HiW%PkgjhtuFgUN4{a^V`g3wq_Q!Wkofo8Rj!jJwxDz^k*J!O(_@u@vFszhf zMw*5&Hv7gJ1_yW1|Alz;NJzdUegtg>2U(l?60lmr*{ui7Ow5dwOCzulGpk@jgp9SW zF$?tG67c)ox!Dm|g4`TzIa!p%C=(C%yMXU($~84~i|}AXms-{M3sW|J5izPi_(vVC zk{B72=0tef8i$UyCBlL9!2nQ9w%JQ(yt z4VCpA>5{Q+0{$Xf>L5YXc%N3*$^VE%7bMID1$>v1k|bqX5@N(N7UYaU%e5h2)HkIN z79b~+eY9NN(*NfpVw)dpwB&BsW5`31&(<6~pcTc}$`GavpCT(K#c}YdZ#U-ZNzr7U zWyaWcJHkZ%p`v&u=BF`0$)CXR&cG&}kCoTf!M1t*irfkRB6F`!q!0=V2p+d?#X@Dk z5V#@h>)%8-oIppxepD@ai=Q%#g)Wh9GALgbEVnu0t zMV#!lzaE|A7l%`1nU=of5YS|z$DhAN0frA8tVWXW#tL1>r%P0CDNtKTd*;{?+IQ}@Jw zcJ6qpQ~5oC9&Ape=O9{q;TGI)6ncFK+Z(ge7Uz20xr|OcKkd~J9Y1V|TMmYJ^blV0 zxPL(WSeUZiu=#ehKr5H)%-;Hu^Gx%k3hjpjBDg=-kM>4CaPWa!YEJH3(lu{4+Q3wm zg5V}!&o|i>H}sWZ0EnA}J!O-v=3u&B99TW(sKPe=^g$j*$ghew;-|jD)z=^2;gKg8 zlIrN?jEa@rkc9afW#hXb2xAKV2`+LwFG7uI zUhzh$IzQ?#%AD0s6(T#sE_;7YZ{Gbdv38UrH=SZnmu5{!hyowB6SYi2EJA4dEJD(r z``APoB}p-7x7_=890oF)erpQoL*dW0nUK?wYpyRY$V&DfPK%vv8p?NOWc9C(4Ua^G zALq96fsJ6h7NH4Y;Ujh=asi^_XvbLinr^eHs?{UAwPu`rKViVIW(=}K6*+E z1TMx=4YZi!%xsI#b6>My|1C@kna*v3jGOSMw5X4Gt9-=e~YWo9ajg{`ZF|qvS_BSa>D3e#0SG>7D>oben@`+ zr=DtSY@LSNbnYbAabbMg@8;saz(u>W+Axf1vjoCy7>u71|ucEut+j?u#Su4Vn4SxzTGf_5*h#nhP&!=eY6d zEKGyB^sag1dT|qnQF`$})3YUhtjhjCp`bbB|`jXbnCqB zCuJZtQIEf_!(n>b^+S&S9wMach+QTQi(mj5^CAY>yFnw_)W$eE+Oa%>sS64`i@ZdD zabjwe3B~PN<6xU~j^zY0?K0<2)h=R{B#0&J*IW}c@)Y!LTRK%FX&8uc(RLF783x(>jFuy1hK>Y!M` z9ZVnCai?qvc3ojR^>S4vF}=SdqimRobLK=?g-641$D0|xgY06DPl(g6UI}DucT%Op ze&d|_q>wD7_e{PG$)9H7MZWX;B3^)+c=scwGa(IxH_EkoN5?G|N6N(rcSEovycvrHT#Sj1!yRN5Dph;u45-z@uT|qKRDoj=djN@HuU( z0;C|d*C!D)$O$qtwg~FOpzn@(-f>ZxZQT}uS@^`cW{;Revg~9%NwZv|Lzcb!L)_U#6B|jd?f`|zn9RfUMHFwr(B^9}0 z!eDK98w2gM8UJ0#A7h+w$&x{(rCoKZY7u) z!PzVirpqb$GS-~{!`wr*fbo~^0nD|}we;qX2Lr=0D)gGnth@3(Z+LO$!CglaqAcb4 zYbQ(4>9G80+VK)qott;qHsVyW?<|B3!%>D#y42fD_8E5V@5>&ZSJ(gb0YI+GG;w-q7_B@- z?5F#W@RdgEsC=HNdPOX=HuLlnG525pJ>{t!Kg0Zd>gNJxT_#cV2 zlBd8*B=Q>(y`gyCX;+!B-)LrGk6eo$HLKXqQW#&^ka z8V;7D0Gv&|?&vU*D5N8UvSkBC7WuTdYOsBt4dFy=71N53ncWf=rzcAW|GJ%$5FVkF z{^TjIul@L`RyyIFTAGv^5fyV(`2KIUcBp1l6m6=nl=BbEO~?Lon_HLJ?~Tl-axzta zx<4e5Z#3hGy#DJc*BFXCvS!W~5_9f*^M`z@7R@5sc7louKMZX zGqmJD@GnY|c#hf7pQI{9L@ARZ)>phPw1wx0cTBvWu^Bk8>ZtxG;9JSDzAb($4ZgX^ zz-TLVK$e!P{(kN-j3UG!xd|V})I1NC_(+bY18c$rJCD>p_yD?#l~%UH=<6II}>zqhW;(t3QtP@Nslzj>>^F~wtk2*-9SKswgHN{@-DA` zPG9^DWS0RE@P9K84^ujA)e{g114fL8lcEW)7u%QG&-zbfr#JZjNgkK8DeFy5Bteqr zq?!vFg0ijk3kxiF3x~VwyN-(8hTrq0D3SSkd9pWdRlWI`F*L4fl9&p16JX!JozFMY zo__4sw_+~6n=4`7f5-(ugb zOjd$hjp=UZGwZ)BEh8bnY1ix=f^NsOh6U=9S!w;ecxy=b3Dfh;99Pr3=s3nM@&y+N zxv3G&0%;j*LbVZ>- zzLLoM{B0esIaSw$#kR7%7@x_txsF*Y{qTDX5}^EV7o(Jw78P6b1kHDWM9p@| z8u|`l!M5!k5M`zxf@!0iLlY6s;%QbWlni>@%A`N*o9&*R50DOX4~Yw_gnY)tj;mx7 zel0|YihH(bl5u&0&@dT^Kd=^x>ALwfWvUvc_I1f@)749lGfPfMWu>uG8!4$NYd=I&w{MU=p&?T(+XpQ_7pE}_h37*stB#9Ro`-H$X!Blz z94s-up}`V#-M&rH%QR!#@=5%_uO4P{WK#@&OJkuGbF)8N*Z^{eRjkwB{4Tb=LRTC$ zdeTr@36(HQfG_@F!Q9Zsm)1zEa|*)$J;cG56i3k2n)&%%G;5Sg;NiYNVXR1+yQ?Tk zLWEw&Ifp_JsPFWM$|CmJar=Jj7iepq61z!RL?u#8)5ZOH#|S%DIaGH1^S&yeP}NBE z*A7gpAOt%*VuM!S?n7=sLd{vxUCHMe>aQTCdXWniL$pzH5v9sX=^n2l+*6dMXLp5e z086~%r&JE{H2kluj?aNv-(iGddqztk@294^oIxZs?6*GJC4rG$m`E6skqNP8x!%(* zR$kCZyT}>RS#huAa8Q8JKZc0}BS3=={W%tl)NioB87%}ZaKwV-*+j=4!m22WWBlWj zBlWz@4x2%kWs0M3k16stk+$($@ye&JF(wVb{6eOh})Ucby8FHj{;)c7%ap73dv7`=0nV&opv-CG6>U zj9k{Y%CKf=_bu3W1;2K%rXx~Po+z7ogm#-TsCfz-^DoHqRLve{z@g)0z;C+X=j(Uv ze~f;lcm{XEJ$vpDoZ_r+F;s$~629+P6ninh2#J4q6t4mk4W)+zs(VF2m&>a>Ynw|L zz!`Jn6G7HGe)?VSLW-Zj<*Gy>4rlSTxbYcr-P@~FO*fus9*|dw0|;y0W;MjP3pgBy zO*jD)IT&q(t8P~Nh*A9q3u=@n_SW~i_eSf)UV>+o?!2qMEIyBcw0Gqy#C{*3+o3*~ z-$i+Nxl2`&ZC!1Au0s2x1zp~=$500~GM`LV24&pEy=j9B%fa!iP%e7H5Ld-@Xl#7D&#EhyQ^o6wD~fPC8FU!^yNsl?&=8CNNy>U#0+{kS{4{srjoLW#rYWz;9k`9%f808jp0oC zl6CESXX7Vw`$Ak*;!D1v4yU0k0_!W`n%3XAviVj43ZudtHQU!(14^#WB}-ES=&VQ zkBEO>s_x^${`~&GDUUyaHy_}mQ zO@!IwSuohy*kr0^^`?1k24*t<^grV%h!=2@rJ$H^)K~>T=s=HnEk~1VuUaU+#5#;k ziSxs_19f?^G+mj6g?t=B5EXW6!XPKvAOk{`j9V@Z{-;9=8lo{e8jD_9Gn{a(h_EPH zx$iaKbZ;gOAgiq4Aq{`Cuf~tI;FAcKuBRq&?1d;R6A)6Y6KnHPrYy&3hz#Z>5P_N`SX)Lc6@ z-`B~+nJX*rIz?Z%o$pqwc;&v}wRN5B>0tyuOU%f1@13* z`473Lki)swqa3tiI!S@e#Vqt@JU8XFDb$6&7j}FVMEJvQW%GfY>3Dzb1A>!(=LwL3bC7 z?C91X@+&D;w-#T(TDcUUw0H~l-(b#Vf{tf(bLGPHGEG}C4H8F&OBA*^D9Fb&U6m=VKo|SZx>Zeb8Oz2Wyt=6$M!bFKu2KXd;+Ew@#)C3+w3p(C=J;va4p4T`|e)}|F7kAu#;ti3cS7sIEW$7<_aYa9bBGCU+_Fp1)uS1JU`_OC zw>_E5JY7-VT1RNa*EKWNWBKQEauQr)huQ&b;NmAm_&+Hrg`#NVBi;jA@7LV1B4pJ? z$7eKfq}jU=3HhgkrF5hhIt-$UFa0im7=j~e2ynpSFC(b#4+$s6Ol+eLLR|<#s3?lY z#2Z3QP`xl*Qf3+|ycNgp!8ZEvn%}2}E%^r56`^Pp!k$U^t>Dt#hhaf^w!HM}{f7E3VXepSs?0&>WsA$Q$7@^%Vaz3L5TP-^iNK2r6Hur@Jf-u%ksuPD>sSrMBt z0A#BnJ0dvgkEPS++{m@Ve?vF=Rv8Z>cD@6Cuf-Q|ZeFhOsL*T<)qmDmg;FLd?XSjP z@AWEL7Wb}~<@$aRN4%{oaG?>(3IB46Ft)1>s~;n$!pzn4EA_i6_v_IbP4^4E^d2K0 zCnHn6$9CjhIs8{48ELr;oJHEALW@8xx)_0jpXl+--0C1J8ns=Dbmf7fuDrE+Qrj{* zidG<O>ERK0zp;u7%AkNojua^^LoRU|rgyXds#pVL_6KPa{)cQw%#o)L|xyF^6)#>Jlt*jwwqTcdGzua~y*tA#*UC76bvz5pipqrUet3;N^+!fTj70nxDH=N*D{E>WM-o0fEcnqND`^Hj zJ@XyUA!#`XG`I^-a-4Gr^GO;$h6`F3dFo6g_4#JY>vdAEce|i($fg8cdd4$r=@sF9 znm0Q{jn>Rq+mt9pjn6{kr)4sX_3D%jwSC;|(-gqeO{nb`xli>sQ7pV*c1m1rya-;v z@vXhzSB*CVHimmc4R~%@4Hxb?falRE5ufpUD+9F#XlVZWGyg*ZCxzil+u(ew^L`$Z ztjw~nPhjBlB}MwngrC5}G7mu+nUATONowj4bYb7-&Q|cgcT*EaR5ZOzP(U;NWh#_H z=xOG%jhPPE7#MwOhwe=8&bK?<=gmj?T=}{sAMtN7soF_XF}?#D3hhq_xZA3Z%cJ(Q z1boldNZOAO*!+egX`TYu#*Li1hopGQnMi6A(bn%za>@la#?YoG3OFx~ZzQj6=N)_` zqnkE08c_h$wW$b!hw*l3?`OYf$&+`0x8+uNyW^poVw{44b;J%xWM!a0f`ksq5VYw(#yaIg2Hb|ao@Ks>z!$x_ zF1z=>cPo7n5BXUbqx1?`s|a(S$ia$= z?F{R|Ktg5vF+PeEbY1q;xG9(&4L&Nxqnc@v8Yjggw#+6Eofs_ zP~nSFa!?)YkBgCPNdE{ub-uu&G!cK>Lo|U-qVK;{7yeUp#eYLojH1PC2BX$| z-UhFeJt)Vjg+nG(m4d66n)*aI@1Gmo?RQauHc6Zbos)%>_FCkuv#DD)$pX592ijZ~ zDaGecW$hW|9Dpe{)?bXx2MsIkriEk({?qT8CEY5->va4l9li$iL{%?hEN5x2TGVf% z1aywQb8-7+iJBK_5lf5ILEu_cor6wM`+GSQj}LDrg!gIngi@0PGGe{&dg|o_V(kcD zZ#NvSYKDFd{qnFpG+`6@tuNf@D}RdMatpnxZokOk6aj#p*`XN|Bj$W=JMR-bwx>># znsSPE<^e=}O(xql^l#7F@54kmbhYhFu`zP5joWYI(Wn1RK;3pCS6w91ja2vs!hl9*xAP6JtrKn&VTvyj2M+ELOuLuG?$}bV|prv zU^Lz5awRDzoKsT{O@5aycd#A!`mE;hvEW*ZaCDA4 znXR&3zJ1Y0c&h;gpu>z7zUhr+YrI+7e`EJpR!sgnGoOzU6*Y=c%7$A$ZunsT5T;n} zckuP%t5UtqfW9~P`4)K7T!1%Fc6-|ft4X4h!rFz<3wq7x5a*wBU5CENXBX!`R? zhS2`}ebGt`J@Yuw5q9WAq5HC}k+0WV&bKruYKk{!DCle?Zz;3Ia;&bkzNY})Z=+b) zlWVbhU0$m{kNJz^yRjnkYW`0GI5&S-AmBM`FTckER#d$^#LO}T9<1`$n%OuXk|z^= zT({aVSzo&6t;Xrsh+u&cuW+L)qld`|fiu_+xE-19_V)Jc0WmiWV2o6N$7zQbh&ZLt z@w8oy^LYsAs`aaMf8vR5k$aNU-kWu6-CS3E-6*GcWV6eF`T`9W`%Os0GUFb_IAiXm z`=b;B^^Ge0?%l!wVfxtm^{QsuGm@S2RaA*YR27B(%lui&^XYs<+w$wiV6KYDp%ua2i<}&!Q$I|I{0Dx3y)^H7IZO+|EV4aiU9wI-e}A^S-n* zsUSeMX7}1H?nz)a9zw@`p>UY`ikhp<7aPfI?scw*)klVpB70B|be?v*O)t9CNkhSV z)h$b7eY?lac8^P!>eK7`$d*l!v)8*_<_q*-D+NhJ+d&amS3P%nFQ%_PMWV?PT#n`FRLs%pE2UcUl z{Jc){GbTEl05vOd4A(sk@2<5&Okb>L%@Hnd3m&`-4C-)2MFvJLsdOfMZH;=8bqTXG zv_%zz$(B)kK)_g(MhQ3bxLTM3US_#Vn(VOJnX(=Zk&AGc2oC(nP$+(BU00D~j}4tbcMaVVWQ*>hHPEQ&Kz9(Kt@eVTxx zQixXyIWj%8T66pT@@@He(=_t6<{lI(YI=KlOa>y^C$Ef0-G*r zGwW7`n6L6|`@C*^UqZ6(s^dIvtg z2$Os^is9%zg%v+y*liF1fwI-;NdqG!`B3bbXm~Np zY~V304}5T0TF6S~^kdcAF0QIC#G=hYBm*UcDXAONKE zQ5P+5K@C;%>(=acwRLgRG5sciqj=GJjm&_siNo){n&b|qgMg>)wkj)SewPPk1H9gH zcJg8B-UKmw;DyFBp9Zi*7RHDe+}j_28?Nzv=k;|g&Eu(!!oBKIE~fd6tuXv9tad!u z@448C;;A`a0N6;6d}`0KAJzPcNmed2fAcOyPX#ZYVr(k8de=_!^)Q?S(|f$99%KaR zRCy2p9DFi0ZB%|Y0^kzPq{lARS~CMK=T^1e!QT+?Z(C49frmAgCXuEyq*I-zY&IyL zU+)CD0)>#<>EexbCjulZ%-bSYk9F1&XRPP(KJ2j2%qrhX&u?@y(vr`$etM`t>o~RdGId z*|?#{oFRvwi{gd9RI4MVkh}cpWyabo&6)4%>%-HmfJpnpPBVAgHCu7Ui~rymU)-wS z-Xj6Ddqfvzg6Mk&PDNl3mYx6q($TpyV+v()D&hgoKkX67| zIx9eq_DXFh>DBd82&gEU?@v<({y6q2*1UJ&Es-{nEEZBLyoVi-Y^k|t@S2B|Nua}U z{$50lq!ncqzMXXu2W%`SwDm_~BDXzgaHERUQrOMRyHp&N7`i+$0;9DU7$_rre-g;q zTrZ=4xOTE-?tBZl$008;)O ztmTS@N|BLS4-&gQNr^-UPd_%kNtUDd&Wg5hF{q5jo1F+>Gli|H9_W`vII;GCN7b|6 z!Zf^#6&0ety1s0R1w$oi*~&oZ8DWjy`7g{wRQE(*8_rWv_DK%oV$Q0BYNK+VT;R4U z|2+^O0c6LF3sIM64`z|=D7!C7NCWl@g&09FrJvDJz$2`%`HZ)C%W7u|Cje}JxVrq8 zqU!t7KJxN(#|E_n?t2c++KsN&f%C`b`l!;#Mr}Mw-l6oNiJ`$rmPT6ev1sNYzu%p- zn`v9qV}k3@6mczytW!29o%@+i6}Zk1O)Dq&IH+oG>g;8+^}fmNUIze=p_jYBv&WF< zkJDp4(PQ4PnqQ)y&#zM!6XRn^x>WR73Hls?3OnE3;@N(vU;gX4%&m_I(6HZPw99Qa z>aVJWaOQr~NOGwuqT%rt7@Hxu<5LCfrB18v#$F#-Bf08tYaIth3mcE}G9D};?e{}6 z6yx|D|8!#JNShm6hVSe36RpH#qYJuXj>Xz{O{zMP8ZO{+K)uM6;v!+mO`JSnSn2q% z$J6$_IO=t_`n-fG*9LujR{yu&X0ch@Zhuanb5=lLj9L27%l=VCuTYMHNWi{(M2Nzh zVSljJ@|$2Nd{V%XrhDIicj*_TNVu1&qpHU%~;OsMtSNFkD zTkYdddf_`3U+Sx`7Z+6VehrRjKwE-`^=lssfF_T7o0i0Mc-d^aek+6Ow|Yxv+SV3l zIBHTg7Sqr6G#%W|F7iBIJKkcs-3y%eU7Yd8Exvww7_?DbDl&BO-uc;_6@HfVI{mj> zN_iYt-y`#<-E=c;CG5*@&T9Lq5T$Nj8CxJe=DTD8XeW=jk#HUN6v$ zw5Q5?jCO~^DhEI*YO1Zpds}LJcK6l#pC4RDY`j??LH}yRmieCf&4GF=wE4=^ zv{1hdD7ZWueeGQ@U%QaJabJ$1c$pnvt9|SxhhvuQofX{UI8JCxfWA$}CFDLXU!7$*&;t{&hGp9CNnev0K&dy;E-Fi~dd#4GIwVF5#xwan?lBBvp@* zgqm05xz^z$N+fmAZYYH=blXqhy6i0DK0Oz)`Pu!Xu^gA8)#bTXcCBb|UZ!?Xs{W8) zn?BY_O*vTW_eVb?xk#X6IMi?f(W~&Qi&luBmFS&1;$hPXlR-1f0DVQd#v`7qNM0*1$1zK{~90n0O!*#}#i#MX|z~XnPZNp7us$!G=3EIH= zhLw#W9g5E#RVU^R0B}mht8#z9s>}F5(mn{yTqbaDqwehlnfh+c2iV6A2bzi2;C$e7 zprN_@(Z@m%AKv;yY_CEoZj)CbU&I_OS!(IaKjm>N5t~M9#FJw+*d`O1AWZ0OAH&l5 zc{D8}`t&D%6d!sWcr!CP8b)L=Dc){s~y!^YtkNl zQ*xw;exrUBr8$*?TPpV`adVx|?iWTt#!$aN>W0vL6h-7pZT)y>GnwK2G*Dc|+OlCd zFZ`-^a$QdPsE8R)-fsIi)XslbIkxU|)#LVZa!EhpC!#C_CH7rJe<=2u{ACjF(3%$C3ct-}{&)-}Nam zdw>?tPVFJgqTAJW@%TeA^1af-KB#0wGzFZNh3Z*GgfEPq)-LxCa%iR>a&fG9eCJUU z6m7TDhbhX_pTYH2WF;rB%Tpqu`^LtEyRZN*T@?~}%9Hy+S-a(^3vt>_!et6yyi0Y$!)Z?Rq10chq9O8NyO{TRR3HfGSFYt zZ|HrBI24wqfNwj7< z9K^%Vq755As_68gdxt7C?MpW#{SJR`y!rX0Y0a5CRgO+|lJ&`5*!?tTey0r7n=rum ztb)A2RzFSWn#OvPw(%xrhdz^1mTOf@KV?pT(LF1hVxh zulE^O6b&Yu0>TUI%Ee8)6{x^_`l%#%v79l!vdh#78q>b5K|O*xU_=G{XErDPxum#qJhf47yB{u zsZe@{eQj6@`OReD(mVP02b|6Am7+S{zl8~?jK5Z`4fU$`ICH=Gc9o&dXm_r&Fo6n98Tno@K!HGxk0?>qQVZ9h@#{#_JAH1oiFV2i9iB)rhSG~sXfcQm*q z($bEbPAB_iDdc5^VW6WUEp>*5%P^xfF4x{$`tOdL@*Oa+)Sq=Hbo?W zO$r+sVKY?!1!5W!v$?jGIW}FG($>ia=^um;fWx zRrNp}`D6-Yufn$$CbcQX==<;a?Z2M7tiOPbZujo-*A=!u87r3|y0)!18j=l1su^uB zx65n?bCvii4MGzio{o3*{Pu_@J{9S#c)i)@M?EXSJ37dN(I-KMOCId(6tllC*gKL% z;;hcATaXR0<^8pK=bzjD6kYvVHZuEqR`^=GkKo|;znHn!!_cDSWa>IFQ;n}8m z2f_{&9%rzvK_4&d9%f_DR=1~O%>v(AlIW#6_eB|Fj5KkAYiToBpEFd~K;l$K_}Znf z+hd8_7^${iDQ=%r*&go8TcG4s{y!N8Nj&a@&1Wez|Zac<4#1Gk9?W_>PCvf zhrU>Ey-@P9!jMJyymu3BPsGAXC5OM!Lp?mTMYXuXp-L6T1EvCuQm_>1Ij-Q6sdZs(S}^|z{<-bq}m@7oOgR=k4jqXwyVG8e}ZWrT~< z$nqAO^}97gZ^NoS#j2(Pi7($P!a9pq${Wa(Zv;Mf zEV@52)ZGh0AjV!17)4Nzj+})Gw?uFfUM_mTD%`=au=_#0C$Nu|K64VO9Mb&{%Xv;g zt_3HkX-4j+;LTgQs?}4Y?^`;s;-dTyP4HjpajCA|BB1Nve_Nf8hr*ywwOuOz9{omo zAaIKWLsc;rhP7;^W;aFFpTHf(Tk z+16`#96F!z5-oC-(RSpr?s0$qPqxWF?>ObQ{%UZkoD*{F{DlCp+)2*LIc0os$#Aud_QXS1{?N^Ih+T&8Oeshp#x(Q!r7mIy}hvU>EHhla=rKN&F*@ z9Ud?$BOR0y*7AKWdX6D5#&|hi5s;oaj~VHdNO}27aoCQ@!|5!ZNAHvC&QFZJpuXUcD7y^c0N0@@l*4vh3^}n4kT)^8 zZNsPY=WBw8nBh6TdTld2)b{!QFn@&N^>&5cK(8UjhfXRgcHkHa{!qvB>(0W>9un}F zs6>wPsy?kAD1UUU;(ld2%6Lk=8GpIvY`;Z9^}CsurSK|w-ZqNQ-)-%Uo#m9sM^Vt& z390IE^tk;1>qtbZsehGB^YosA`MoBc`g9aLggP-QA)`&$FIYU)m5!WE#6=(a6G=Au z^XBF1Ac9lvQrV)h>bF|srV`yb0RDbvFS&Ok?c-Kz2p(0Ao4FF}=h4L( zjQh{`=leZbF;3%U1l(6CYGvVfxtsH7|HIQa23PhyUEiBzqKR!!Y}@w4wmq3(V%xTD z+sP!E*tTu^y}y4w_3kh?=28(;XFdn(^_%#3vg1!>EudD);OEF1 z;rzQV^re19-7cT)xJ>n?n|-{+d)NJaDsyeVs4@pX`=9A(+a!e3@*SzU_&+fN?BN*; z8(agW&Nvdl>EqDztC?gnt3> zEtnexpRd!4&GZ$m+E?}QTE`wyrq}tq8eDE?D+$k~NufPa`7+`2VXyz0BEb8$M1#*# zLV1vxa^vvb@ZmoX(0tEiZ*07WFYp-sbq#t-t~|bYwjL(?UWU&+aZJ&OI2{x)iOG7Y zQ(&3fF>!Fwh|d{rwFL$HEvgm~oR8#5Sx z3(od8MG9vre#byKKNPn}<2nBcA?t^Xsu&^zM`Gk@tE{RJ&=bXnw;bn3-*>3L@Cg6_ zTI>YDU$!yR#qh&CIC6td70;yWh=1CI!%JrX@#7WRbC>ZQoc2Y^FuFuwEG*cbuv@9u zz8aBqbzsD$!@uDf8J@q{20$|c^BeUO{VZvcwRrvxEU&4ld5ACi%Fn&NzIJSV{LcAw zVj*#wSXjd2dlhZdsa`rmaaX0?mKZ??EzLQ23ew*MECXs2$#4 z;{2gFog-5#k*?$5d4MQi_c^+6~VI6z?`n+tcP z=S%iupD^d+Uw+HG!^<*Fh~6#g+m{@|Z=a_5?uw6=qb;8y0T}{rPzfU~Wy||g|7_QE zdP13AD;*B->3Q==nAv?GBJ*`!y+Y{yay?<6^gq!|pR!_Ud_5 zm0im3;|9WhcnqLHQ6GPN9IUsJ2Obd0${VMys%lpRR4LR-c|}dCam{`aIpY63E7`>L z*5NNvuO8{~9WBHo32DUqs@khR_d{l5Ef)W>Jg6qjdhv6;@L7vH&#O_-c>_tWrrK^C z);4_3>f#Eq&i+UV-#5#W-7HIbueeL8c|E&Kuh4PcUM<7yd{?w=V!n{4Urf=~6U_~= zu$au^Qx$l7IBobrpHrR_Mc~lx?b0lC8GU+eu27jpcbl^C8>^w^RrKPeq+-f_JFATD zP_14$WVrj{ZYvX1k}X-vW`b%&H>Y_~RqqJ8S^uk?5R-(mr4D(>BO27sZC@{vX{Dr0 zKvgyR5YbaOU)KJIER}E+{zNz)=vC>C$LrJ(y~unJopYyF&~sUv5L79lr?Ym3n4DAU z_&}%J0ub!lH-(iqWL4LznB<-dG5s<=D4DabDV335$m3Q;ZAD#MY&*AVPNrL&?Kb^5 zdp(*G{fA0@RWJ7tH;P)P7>AO=;%*J;bX3xz*yTCyF;`{(UbXcqSCqarH9R!L&b|nB zop;vt^8y8cM8~5Vej1NNVwGsPN(#x!Tz|>{zIv|R5;zyZTaVl$OBAUE%PKLbQYX@D zrrILj#3yQkM8|DONBs=|A0^2QY)%{W7qUQO5_NDQi42>Ag&E>(+cEjwYdVkfZmYx-kCu0ADC3@PQA>|$&kETMGB4T?P6kf$?4z_tr z$~16r@jD7L3cSGimgVQw8XwOd!4IP0qe_BYQ-M`{D5JS!2#Ed{6?{>wg3t&B3^v|_ zVy=r>uNenE(%i))NgfgU8A_-Nx2}Ng9)T~O*;l3q6R*$P@xG2d4fv^f`3>fqi(#6n=8t!cm%kOk z`nRhy>iWri*F_UG3p7pVu@&qpVyp0@J{m9cX|MS_vwFO*f0{Pty}Mn^{@8}1l|%Xu zh*3zSO^6@f+@ALZz1}9W@SjA2^3PvOLn)hVZ;u(@mo~cGe5BRwk0(ZMYcrJPC-dTQ zlu1Fq-F~KdfWi_ZyU#&DU-g1(+qNM`4`0^rz5E1%LG~8*Vsc(Tn&q~)LnVzpw4)xF%?`MX4-`Ov|4syIJaW0Y7ONhQqI7cFjtA;=_j18imrjf~1lT0&MO4YfqKO z@=G3$4Pkohk4ZV1ZqJ zpotTZW;4r6JK};ujga?)=wOVEOu4w@2cc5t{-=3uL-0IUegLw;IJgSvp>R0}?bWm9 zv|4&FcCJDEKc;B&!F#kY4Hb6`jG_*d`kwkuvo)@1E%Ec2beIcdqKKz%7DSw}?ub}a zifq>q*h){8$kf2(=0+Yt)cB}aZ^&=dS{N}?h!dHMEur`~hL(S_99KCC7xX|kdE@(to_imBF2@%Z3ih{y}s?YMXR!XM@Rdrn>xyulG!GvM);Y6i1tQ5LP10f+8J%{5^ zak_6kW9(Jm^)U<^3ar9Wq)ywiz$l?0xeb9FNcPn`crA6X7}> zEu88|v>KcaY3uIYYxDw62po63W9qjzLqd$q3bVBsil0;0CvjuL5(b?YHT;N(vIoPT zFg@1+K}-0m!xoU4N115@EC~DgA#{Dk-(U0~-LuA&56V`+-)de*Rcq4k)J#6AULVYN z)_b^JGr;x6m*~b;^TyX3Wg`jG{taA9Y5u|YnL7$5XoW@5K9y$I9-Ww+jFv-~;DU-N zN1d$2p~6HU;7*+|&1v(nG;;3TS6h9hCT-IM0d3B-L(xC6JyRO4aJ=4h|6FwpZMxve zd*gPVTD9J$asvSj(;+bvygumUn@JSzK5kpf-~;+DgdgVZxMthsX{iAcjs@6RZX?HX z3Q?JoT)2Qg)dFd0v-DTfa~IFidpvV*B{kBUc5cY}tE%Pdgoo5BHJ#jbFQe)q(Ri)z zd87qzqt^AA0*I zO7JMN%&A8W`>Z6>BHSsi$xce|_>M>SPLG?uNjMmJa47!USH;+fleO*I95ar`ALHqc z7?^jvzS*N=ecTk-V9Qu}WxCqV0~dI@yYhaT>h4gXKDrBvii#rqy2*j?#kKF;>G^ol z_Z*J-;Jh=a%6pupWYKgVjvJr*4-&v3$jq!H3!bgz3t&6Fey&rze~Fv1Xvfx*MmQB|-BP}Y_uC-@Pq7wE zYDzLYWIdmSgXauwVO?~LsdFd&GGGbgO#q> zFtobG*EubqmmH7RVOl}27@saGZ?_Gyo?&WWWuC^)hy9eP>7;QynT^ZyI=80^QMbUo zpQ`*=(zF7*j0u3p?Jy1H?&BMblvTIUdw{{=v%79A3BAc&ul|n!pP6l%?ihQ%h>*NCBGOmTYYdt0&}`)$LZJgqt%JCb0B` z`$;S`ua4fYH#M&CLRU@+PZcK>hL6w66sM+$kRsZ)x4$HLyqzeY;y;$8ZwHf*nG?_}?m?J3U99vQG%ch!7q_7d5`=zT0Fk&-QK z$$Z#(Mqyv2W|foqbzSj2UJb_!m9xZj_Ifmz^W+oym0nDYwTR_ zHGB{Hkv_baK{1|rQZ({vb@6(MO7RNkH99^5VrY2WKksS3R=w@?eSe2!At7oH2Mt43 z!dFuOCD((uj^~DFOI?ng>^k=mGZnNIgScjTu@h}ES)A<`d_^)Go2=P{UCr| z5X$WdeFnvy8_xQuaxT*^q(4&CDd9GL4QJVVysi0sEP3<2-VGB9Xi>sN#l+N9R`za} zrA$>T@vxws!i3peQjwto2>QScD3K-el&%T#3SWz@ee{ zFF%%g(5q9gci-=p+L8`tPpQ0KgH}$h+zwcC)VQ2a?@uQ0I<_6N6JCEqi#v&9U`{RQ z)?8ps-oBr_@E&wUX6vU)jGh++l(46##CFa*eXRGlnQET$-qo^j2`AiT&>h{gxO;o& zkqv@RCb5;r%*^*C(U{##OIZ1U0qUN%sA3AU%Lbc|VM`j-w0I73F1x;-+Co?~{uxcO zPK+&1sZP>4#LU?f0D=u8S-1}l5joWtOWAw)88pKPg1@m=ZR1T%O)Zhl5OfhM>&GRz z;jgO#L;hYgbu<^kRJx@lr}b*`|9-W>Zw}yJlW4zOEHKAaoeRn0_T&ETzM0v;P{nzy zCnhMuTCbwzGP6-rZu>>+j&1+TyNr@=q0;?lbGwpWw*9ytwsRU(lQPZ6)kPLopNyDC z?Zsfbk5Q4g)Oxw8puL;|-^2dH(iS5#bNqyv{`)Q_->>`SqD>MrjIJyde?|*?#QASM zlB>Mx^zam%upPAyH~?zn zW5DW}rbr@K#d}bjrDr$dt4IB_Y%Ft0tmM=zgr&i{Vfd6H`910PrgU?ra*|- zbi+czMbAM>Fr`4T_@a|5;LJ0i?v24Z$K&jtj?`)ywI}_x?CE9oJ$AIm{$}9BoPKe% z`UpY9Fd^bZLai=&sSW3Ho;u>{dH*MFzPp3U?(NR`x_^pU^xG&yE7t)}&;7ecw3;>+ znsen*Bkp3j?72x9d<~)kKK9(y?#ipuRg3!X(>ip7DP;u)fv@xL*&QmID#7I^?a{N; zMf|p6)Ywy124lbq_dONcY@x{zi`KFTuB@r@acs@wgXagUpO&gAci&26<>iH2V%!u2 z9_|UhW(duhFEcjpgO8_bx*oO6G<9|H$C);U%+&*YOt0~s7?R4?T#1p0P%h&qX685( zl5~``u{FLY+_R*aSmpkrIqf_3S1=9$iEadJhhBah#WwV9OCW<9)P?5Abf0$zmFzkg zb7$sl2juk{FythOLW%tgvWW6nk45R*6xW?`;VhgyZ`h8(B5lk!rEdic>rEk910r`! zmMN2~KHexdvWbL^43jb9!NGznL6VCu8F>E^+wkylf_Mgf?E(xM810_$*E9ilQXj`# zi=VWWVk^UI>^027WJIB24)>D`RvGP-l#lS1O(7Vr>7G9?>k#B8&9FVS+1V9 z_b19J?h&HCEyFk%H(k1C=z30kcfD!m1e^^8DF*QQoHe(r*r7oX7nXnfsD+pH7Y0dl zRPg1(8rtU@5=TJyIuBh-gYBB7W_x3|ZJ&{^Q@mCn+zq>e@P*3B1&0!>iR{~3z3wZtJ#R~8%$f<^8$_BMS*{`1kIqppE$7u^w$cvo zW{|Qe2pqU=(jmWUAG2#;+4zhtZ>RbA(%E0=+Iqi#W5`QMa&gi#9VsbK;f$khKYX=I zTQk3vP`}hz$~gM{;9QfsH~z=VM)wKLV5QVHR^f>2=;-j!`(erZAxq$4Qjh=eT7ojn5$OxxoH1c{LdEyWfipN<}ego!XezHpn*-tx*|vK+2e?t zM_!klgx@R}3dM6-83WWloNZ(MM|CkA+;7l=5DJKpf*;dTi^vT{Sv}Wk%e7l=e1#7w z%wJS!57;Y7Qm@H@aJ_B#+4#(1RwRXWSuN3Jj7I&bR^BLr6@5Z2QC8)va_z&EF5R)|nz=#s5igA|!q#B3&4RINC1?Cif~Z2Ycj^5W?uR_4cFS$`db zR$PjJfiBH|{!D(-yCcUUc4L9_Rll0nD$TCdq9{2b_jeOlJ*HOzH*_N+zF$4pxd!@l z?nU!lweC&o&T$(W`tazdK`6S|YdAAVvPQ(i{rpu4QXwhe6Bl0WXhw0+zgePR=2JO+xY=zz%C;Z+-N+rUuBocNAbxsn;>9ns(jvR*Sns{4!dWS8 zE0gvYUU&SZZQX&qBU`u14$v#?m8Q9#X}s7DV%hR*+ds*Lx3h`{A)8xF=x-^Z5>(=K zfe`k*TPCc_fsk`pbroIo+qNcm%(E)6g`a$l2pP33w}}EeKUJ&Yi_PnIQq0!N3X)h= zgtIygssH?v+NV~Ncu+)ck9??aIjuIm{Bz|c!108t&75n!e=zdd0olEG)WCH+BJ;Va zcTleE$_;Npc#nUk&zVzEv&7-(je%A<&*9G9twmPcZsVpdbU(N8{{GJ6bDDM7lfZw- z_xg`ChW{2CP+3{|{%_3(0Gm`m7!Z-3#ZAJM}YMRz*=(i07+S<<(qog_$-7A5&fG`EU8SF>HC5mp7?%C_koDKvuy-csFDPOf~6iHr=KD2!W*=h*T#AUGhGQT%x$JdoQSj=Aag9k{8!|Lj2ecwp$wk@ubnmQr(z8AM5 z+Jt42EvMs9J4F9i{;TJ>{mE`9i^{<(`#-Xln$NSF)rOC>u3oVCr{C5K^qUr9<<&=O zro$-H$1FF!-iZ?xvS~DWR(K=opGau$ttfn|WnA5J=!~HD9y#s;0AoU$&TUKY{=

  • A9<-KLi8rJweiJ<7kBTrMbsI8FJzR>g)dJXgCNL8$gRBb z%?l{9gst^&w%7wOh^N)907gjV^;d@CIu(dQ!5~nVp0BS1X`+?$PcjrKN|`ZrA0RPn zm<7}04>s`fzI>q3HWsX-4N41Y`Lv_60ovc?M&|SiD4!o-w#yKrv)eo{w9sJw2!x7c ztx`}rbXox^ee20j?^3WTftC>oX@L+KxKxY_H43K#_seWxmNT}6(HPa=iUk7Jn|X8n zvhYP58b7or>OUHp4LwueL0@!!0F0;?Ac;@Fjg>8XRVQy*SNrYne_kQc25eQjIb>T< z)bP#gDxSa%>Bl$f`E_95AoKYtj4GzSWs#@p_%QWS{r(}P@+K2Qy|Q_QOk0%B2$%j; zY48Ivl|@m3{y4{@?RYFJDm#FtM^6nQ9 z<=FW%8Bwc2@2LfwG8r^2XzPLH;oPw;0;n4wUa=8=jz%IQ*p|&uy@+uFjy1Jo_F4>Qn?w+(yeMF;)!eCn7 zM;cggH_3wzg{+yf3SfRoi8&Bao-jH#J;O?hMkS-*-bv>+!1A%B@ zr-h+{vA&lN;elw*J984lqgGENIMW`wB!@oQiwQYC&05{8(zaSZ!ou#TkGM98)@4lx zJPs?&A$R0mB%P~`@r7#XK_1+ZFCqt9W-6=y*H4n)gZHMbT9)+O|6my387a`HsX^}|BY0MRJ3sj&myH>b zQPe;0EjokSoomva`mjqSx%^gzp>fO9=Rwiz(&FHRZew$FcJ+^o6J}44d)D|qB3F>p zRNb*^VokW-7l%V-(h^HkHYrQOmvGp`pY5 z|9OX!DKmh`Q$jMsTJ5yL!qd=-8G=stjd1xv30TuuAxa3IzkyKr%4%^!q;?C;!DtY} zY7{I$%jq2yD)NpsOA0C7e&V0BII@6FCcWkOJ^8WaA@XH5i-6#(C(m;@UwguoxKC2tKGKJ6uGkM^a(8H%2dk%kp99)}O5#$@z>t6hRYLEJe*SFGth zR@J!r2+$xJy5|!3hyt!%VXf3Rg1;h2iQ)&H4&eTM zkn?g;%d`QCj26HKP8graDm$$Vutuj$Y|2uY3^8a;EK)9gVH5*MHJB?xFfbx=QQ{ zBB%g$x&H{5E6JQDf+F)}$J09xKr$SU-Y~>F>*_#4*6I#jfoNRVjF%I|M&-o#~oYhuy`>xd8eJ(wO25)Nrg5#tx%Z6ssFVE-d zo+3*dKZ6g|)I4wip=Z$LC8SBwJ@^#{=Q37w%}9Af8ZuUmQkbIHR}-`962$9ya|Zk^ z7~{4d1tv50zl&8%S~@Xku5@4aNp%Nb0|W7lo+vb88?sy`DqxnUGin7zXcH$W&=kRZ zgf32_q9JAJtikU|e}jc=g#A{{0Ga^0ZTrAtui?t%EpNZ!yLet;wfqvQZ7%5AMhQ%V za2gn2u&p}w-;PanjD~ZkI7K26)ZSty%hzqEcF{}wz3VcS#t2!QU5-RF)Hm!#Ba=i) z7eqxnTXeT+tL z1poVCC%BZGydxWBv?*iSBb#p3{zhXxquuTC;r+I{a)^|h0&LNsES}hR|Ax(R##8To zNVE03<=XvaJcs}KeZc&p_d$jZveCl4rdSnPO0l`!$A?ihMJsFx-+?)`D&i=hq>!r; zR#NZ^np5?!0T8n7H>5y;S9SrCEp_v|6m*>>Qv_us5hoZpj(=l36D-eEOl*G$bnaZd z?}Qk-u%DO~5*~T-ST4+Zpz<)BR%kW-O)&)l(PB}sHmi~{^TzBCSv(K+S>*9w+;wCp z`6qV?f1I*K@gm!p>pJ$Rcs3ki2z{^j?TtFtRd>)Y7-$aa~^}s=Y zT@pRjd4B0W6L8mXII1&Y)p7-MJogZUo886?AqXxgMqSX9M_nX0UBF32nQuRY|{ zN314Llh%XBRIrA@PQLU;=9Q^TYGc7}BJ5Whjdv2Os?(GD;t~5*14E|m7=`_4h7P{G z2xH2rDbjK!hU>m1$;~_le;RF;Mnl1(gcx$EmS>U);KCioV#eu28+?F~Sv;ZSc?B6u zA}}A#tF)z>1}P%+zAcf07@9G6yB8|krS1dOD67vzmx{X&I|zE9KR|Yu^}8?E|?|s_9$os~mENt%|Ix zWvdv&eqnFLuwT{+Ko|=f%caFfRi~f^R3wmO>|mj2{MAM{($IY&_@z8=b5^Hi-$h9h z3}v+b23-Hsm1;08n1$~l(viEp;RC(rZhC?7Sfkd(j}?e}J@u;nux8|AK5FujQ0*qj z`=EFzXG;^lQzb&Bw%?yY^qI~_Ih$`QF}x1h6lIbN4;xxNAc5|sY+QyY23uC!8s;U( z%n0}agiHulmzHt%vmYk37pcIH<6C8YZLjxuZ&|Btu5* zm9D#Rp;>z+1}z0xQ6z+P?;oIN_eDwv@nDM^h|wDpvH$i) zz!?q`OKUI^13_VyeznOTl8!FRXAqiN(tx9ypvx9RUd-XIFLR_6G=PW_GJ;mNbpe9a zL0D2V)-qy}9QG7Chq!rHzvYDLq`F1eR1yt&ic4@ggd+}Rom}x3bTpmz1>b{sAYcxw z{=&Xf5~r-WZ9ZfT1I4fbCqOU@)6`%Y)?b7~EL+S4=6GbZTmt0glNL77Q9E|4Z7Nr) zTN%q6YKUqVKuzbl?{^C?GIhj1dUh>ZieEdO>dtGpBp09w+X`jU+O_*+dVRh3(}z_j zPjKiM7HI&rs6}g$mvsDp$^^*Kb)A>Xgn0eIv1z)CATKKag8!Io8<&1H^l7}#!*BO{ z(|>8wS_$x5UaQ4KZ<1vFgTR&R`WTMDZOqE#@Zn2_5*yc|#bJ}nD)y#ks2PwWq#khF zdKqveIhRB#h=FnZTZPL&a4fm(8>aUV_|>YUn&OSDf3SEKy$Ch*Sw9TGA2rn)e)-qG zilo3-k7d+(&O?~leppITrN)IPQbsZ8CTT_*#YCsV@_{mONj%KTOS!P*_J7F(<?`R#1leg5)>^f;YT@qMvUMKOgLGscchc23OFeU z4T!6>dFM%ap^(G z?CpX889FPuda1374rC5?=}m1E|X ztLpE=EOD{sT4Os-xzVH;iHx>aHm<__8S^;Ydg?3c`TnJGOH+N7$nXvP_3uYX&gbk% zb%ZxOR%MD{?x`lkFoMG2&e2ro@%WI@N&bdk==Bdg&aQb= ztKqaSv+IQy+my_|UQ6W}s;3+XgnU7hxn3|5LQIhNzEFQU5P%ojJ3rvN!K-Pw5M{wu z!y^9xbXS6VlDXpqeZN6=$C6&&k_5`}sIE$*FcSw!0)aw`LoNTg02Uz}m17qeXY#lL zBcyN|jFQ3ayt=yk87mxEprmSf_B`sU80b9b20^M|D%W*4kw z`4!-^De7JOb~O4Z@c@MpFUKucJ$c0>+=8!;LDClVZb9w+CAfxjP^aEhZI z1&F()S0+LS&IN@JaS(PCQKAKBVFHbk=vAmkiu2x=`}WjY@j)nxmVBHu@Wo0_Dy}pI zi)+TpT*oAf8yXo1l?Me8^4Ba}vk@%+`g9fod7sIi*ZP}0Fa%Xk87pNC9!~=dogIRB z0()Hn%Ims-&;nUGIkVXYM8;@C7M?e7xFa$-HZP9?4$cUSi&dmx_K<cW>IZ5BQYsF+Y^81& z7DmUvV*VQH|5~L@e$q(Mfgm=j+SjeDSQ^V#ulr)u?VO2W&K-;}ifhgbaB3T(Z_`3k zg<=RH4Om1(LbHng}0-(J{()#Cf)&}5KcM_#iGC5QZ2H(K#9JB3xun7^7S^No| zx%;xX?1|iCjYu60+2g!Pc+n5_kaNbF?lYE=>`RAr3Tx3XvZEXmpD&cRM7GaLh!*r8 zhcCQ+M43L34P%7H6H{qn%1z)U?1u;sI{#<9CS_~30)%9}Z>ubQ;h3pyf?*2YjnY1@ zZf1dot3r_T&(=!nF{JaiWHOC*Ku=9-3R@ZZL zhJnWs9DzYXXHbx429homTbXZpm}Tnlw;CwEOr4(Bcn-S%{wUq$5#XzR6XI*RlOi3G zjI<_YzV?j}3JJ_yg2;_c0)@@PX8;obr z{Ym=!hfoGNaipFosMyFN^2r?5GJv-Ihe1mJh(`#j&ym2}qx20Iv6{JBkU2jO-*klP zexfKN#R@uWJ<@7JN48A(b*~+$se#j53uPQ}bqfNr%d~&@-cg0#|h9JFxp* zP?uMNdBT{ia=G{|bx;HX5S@<>>D+&Hiei9_1}^;_Hb4j(=?7!hw^Tvwmep-LVj>#= z1iPlrm6VNK^S=i%G$l}dogHw)|1kbhk9s(2r>6 z@C|osD3=FR#?DgqZRs}?>T8aIZidcV$c|^rtpfSS*sw6Ksa*hltVXKqH_yHrYoQtU z;f6cYY7*l#TQGOTvO~9nI>!-0BD8b8xf>4!zUwE2W$)zyt5*h`MpUL;U>;k$VmdG@=$wPAW@FYFaqfF?sXZ%7AS5A%s37nC zxNQq#F7Dd(x1dIqg;V1MDI zL*JjJ#D*SP=@izz`&c17xuHTb01geoG^+<9b?{oOV{OI)@#zrKo>2-~dHHdIPPuaaIj|+h(gg?@^ey&%OT*a0m>J+qc0_^7tXP28zVIP@6*r&|?Th^=;=2JA_u6rP ztw%yZ1rvYgl$uK@Cq%Yk(#wE*{&a+ZSQ*?3jVpk3!bR1hgzd|PToNYIV2Aemm$|*~ zB8v%QQ4_!QF{~pAsx%c2!=y3Zy7KnGfrV;Dcj6QII*FKLiV>*8)bR~ z&H~8Zn2d*3Y|&h@DFG2n_SP*?2O=-l`Azph%W?$PKsbaCWU2tEh?0B2~RDg%IbP5eZgd-ynk5_%m2i9c5&xXrQ9=kT-T(Dv~e+LCE`af<^EW5^vU^2O^lfY)5z$mc zLyeA(TGd#2S^PHMDz-$!MX9&zC&v`awNK>uZp*$W#~+rwVu<&`5`G1a#W@K;ll>A14IdNWy2f zxfHx47n}Bf4Lk9LTWEK!k$=_u;|$;bZYPN7k{tO}t>*}Y+)^fD7HNJ}b)Hk2J^ zbhwJpnBfygs!ab6yF~=y?4VW&_5OUk+p}b#ZPUXDDcB-$<0{ZnfizzZ6lQc;VH%lp zGvtdRs-ZTEE2Db<*dH+m%cMAAk-+>*#UZSXW?UF>3UBb0oO&G|w%m1Wr|$lc1dA`x z8`#hsZAP}7Qihlpb%2I~WOYYt3uI`gHU%J=C^s^Kw?CXR48j}N0pZk!5n9VPc6Ui-93h-YSG^Wvi_e9KKhn5PI)9g&Nac<{a zC>k6>0SjRLi96$;kopX#1v_PUD_uck_xI;&7`vbDo$q?WM=fhYx9tskYV^g*H;M zAF+c3()VL4ESWQQTM@!qPP-j*0pZ=?(_>#-{;q*c2^$ei1l(x6V@{ngfRrV}0ClOx zD)5z*i+Cj?RGuv~7W_TeJ`z$81i#pYV3nNLx0yi5#oCvVbR$>6o9+c){xzQ+tsfRw z4QC-l9LAE1?~os-5l2K0M+A!pJj^}E1%?VQxL^G`HbN6QiQ0}SqVdhH3v$gAZbFcW zrzV2;CI}f-I%V%rRMZGWiu>gOs%MmRqC!h$kOZQb3UXu}BqlPE!{tEhr$VqAkmR(d zP;h{f8M~A8AZ#>~aNU<>66TI?%mlZKpg1yOj!BK z07Rbd_F@28TLLv9p=IMSIp?EB;EmAdP{3>Hto!bIXW(R5q6M7Af&zutiD)mN1*S`h z6B;>Iv)v|CoXCuT6@dY)Zp6Sy>xF?XUf4oaQj2qoWs^HX6Ef=KEZicF37LJRt9_og zT-;8{5{40)DAbp0ycmJzSuv+CV1qs?bUn$B5n8F$x(AsQj1?>cnhwSyKogo}5==0c zNKz0SM(DdVXE%;H31l8IP_5Lcw#|UI!z?>dXnI@&87gVT$5%Lzl1O?L2@e9K8ABw9 z7HRZD18Z*6xqlk0tYjY}2-#S8b{jMI?RS(f7%di{rA0kFlXTK?Jz!DL#`rrpx6vdy zf56R;hw%t-SAXD!ye$UAx*d!n82S|A$x}WiahPu?k&&^n#2VSv1Km=au^^;ROlXp- zzA3x~NW6+>Q8=6ybi#4l-@p;=vn!UpYgb{so_jX)EFfcD z(DS+dtVTwF09dqSGHOR}3fPi7bq<(#(*#ihIE^yZNH+>G;FDEO#o+Xl@`_ zc&_nnjY7{}jEV=qU}Pn$rFnt9a$*NM=;(~Obk+-?kOK-jDONT%jY{+xU-alQ#s$Wp zJxE6kxz%R|wi+a>dn&eqH87$_4|46*dXU6S&zuJO{c=u;%D_d4!XObxvCKq_4H>0b z$_Os__Lxf;FtP8D9OHkJ#SKw4d&yBU>;!4Z5IYU=F1X_~L?Ivv9O^QV@#sonVTzrv zDGb3xZCYn3^R)4cgPES$VgtGV=(Y{f`a{xhPy@w(?!4sf>|)0#<$;+9sYw>I<_j+@ zR?ENp`vQpk;*&}2!_W{CzHGst$^G!hNBSWe5xbajiPyjRrvea8sDbh;Awp4TZK99q zq7e$k=)|JoT}5=N3u~h?O(3h=dxVJYN)nSiF8M-++8i2$M%_K#BQUAzX?yfyfTD$V zJ>38HoY_x=RS^F8-&!E}S)%Rqd@bZ7g1O$ig*}H_UTHRL4(N@OHDdvBxXnLDb;o2c zG8{C}M_<}T+Nzh*?~B*dWqjufl()$+GAR>7!v2+U?F7+Bg4pJc>uD3`&;MG>Ip+%A z@X+n)InO5N=jTHSCYJViO!{+znIqfwek=2_*_O8>o^dj<|D3olp(*a9YB?O29|!dA zy#q+6b|Xr!)<=EnJ zXO5>14u`sK{M9)duX43i8(7}F?qQSO1JgMZt&gf@J?2)*Gj7=(*cWP9cH?+bY`M$| z`MJv_$|qGO$EMIh(~lQ-w%3IubTmR{`YnPR652*&xjO8fAR}6R+~wOQM${+|hc|B8 z7TuC)%uAS+x7}+ou&13l8C@N0sLi_mB4aKZ{P_b7fr##39HlzM9G^Be$UlktqO~)9 z-xqcYvFJeFBk*4Jcj=$Ioukbt6%Wf^LjkKWZevthF?-gB@!M~CfBOco!_3KI9v-Fy zRan5|%iFr+P^8R|Ye{{=gY0+}DA_G3JtSYXFH;gt_6`;RqSP1ixKVmI{Eyqt(~zBolY#Rfk;o~cgXKEBre|UN5LZc$hjY3K z`vaj;$O%FA74%;(r@Q%GoqJZjsjTdqy9(3DZ=P@V0(>g|4>ZgfA?~?cD^jQVZ&m1) zJv>D1#2Mag{g3EA)rjwKyKhOAjXesb56cTN^?;d-0R(l+nk64$9s+xj2Q|OWXZ^vR z4$^+!4LG%_ESFHj&Rdy!WuwOQ^jB5ia8sTfWPYfQqJKo{>FKt~E~KQWWBmAJ9O<7O z&4+T&;l}f!b~=?`D3Xnl97}WrEAtok-?+b z$k_XCC*r2z(JA~UXOm~U7jtR9w`vvx`D1oUnfmELJlfHcR`f{43?4$wNz+erEAQU~ z04MRBEP;%^%E?pdvhttF(lVdETPL;AXUd_@`RJygp2R8@@=6*O75R=*x-8J<_% zIdi>-1bBSZ3VcqT-X@M1ugo7_58J^n%NDlnL8NHz{qdUNMrbM)IVc6&%xp)5MAf)6 zyiYZwFHmpxK@m;nYFp7kyv-j?A6%BI>@qsgx=x$yQ4-8tI?Qx#X>P4W>#Y3OwO*B; zvm|asGuUKt#WoeGGd9ojpFtnEYjSQCo?O|ZOHT~hEQ8CI$vSziY zIL(i8?T?5@Un9n3L|5QU@W-nYlh?>ML(_4MnCM%JflMtdQ|Q`LI@hir_D-|LrfDii?x7lI+gUS6p#%@%okX2>thbif95E z0e-D6Y2Olu#rKwoHg0zSQN9O#t0-;%^uZrAl<82b+}8;eL>VXz(AA!WOpS|Fl2QLDs24&bIiAA%2sg?7 z?TIEBJld!yL>r_C^}oVX5}|iL!;p)d^x&SAcqFDg*qm& zO&>A17}j(zG*)sMnh6TJQvXCF2hr7#u&^+4zluVVA57UD7NlBkesm$gSnvl1SkX@o zTE{^m5S(soYXkuSqW%eog2AxF3Z{K4EcHn3_e~zMf`xV8jhgv`_@Mws+Y24&PqOy1 zIyh3KSoiY>3Rn&f&oEyQvuspIV?&Xb4y1J&oh`)v9i{NH<}|}Gy%gS!tse9Q5iCj6 zHkJ!5XZ^j6o9p%THygBZEBpVuj6wI({(lqJU4n?LJeREv!vV;|ruGuj9V2*Y!HD^E@wCbaXGPIx7r{D8uI|88s=< zW@wasXo{C~OlVHDjMBP*xt`;mr@#Emj)F3uU@+R_IXd1O29GgpR&{UF_6)#%tGRyL zPTrdCwd{^IkKlLX^yWMK-65KGKW#K7b}6OLpQnQY7pL`WnCBI2Jx@KvZtc&W-hX&~ z#LT{}bJ$%<|JUDL;-8?KZfY(P^g-MloEGGRe1ltfc_{98yQBH2B`MjX6ny(mLO6l6 zbo!1~=>W?ZeiUN49OByeefp|8B7E!(79y0%rz_G)rwjdJF-Ry_au?(SSUqXG61T)B zv-ZOgJGm}CS9CEzE-;xQfqXW=V8MJ4*Ju9VrA|JeZOQK6Cs#1arw zbT=OoDC7%5r^B*nVa=)<)CW`Hk`HpdzP6b`xkdCkkwj|<9)~vx5o31z$Pq}4pO0O7 zg@QWIue`qmEdF@I7?0K&P+XwvEz`L!5)`P5g$4t&m1=p;7KY^Y(cbj={Sm4Rsi|*sLK-*0|qw zqLME9HdPvRQJS2fan#bxCk?sHwiCtFx!^pP%*gzEVUPPqIk<4>0vN=Somqm4gEPdw zlFT&)2K1^?ZPVg`ol4LaqB&afkpvwgGhM;b!3zVO1Sw1SF*rcJ9$%jm+W2M*Fe-db& z-O&7aOrW|jI8E7cu8wFo>?m!rz;JB68vE0<~v{ zRomL#R8Rx;@>|7FRu<^KBMmh3B$RBWOyO*gVyj+fB0_Tubn#TIF!rt$iYBi5lCB+r zFg6y7XB6B&I1^HUQ9bt8IRyK{5m<(0u2@$WhuS^1mq|p84KG8q4ud1=N>=~lUbJ+j zNlg0FE>C-ytSXetm@#ASAzbcFz64MR)cFn(lR}g>)w~*GlAaE-EOz>w!z{+~#WT6m zsW2}Y{{8g?(KqQbKC>D!IZQBWm~Mf+mlxe$X_8MTfZahDP1Ee94=s8HL_kW9{1W4%Hxrlq+B!bC3r@BDz7&?7EIZcf707T}^$tYRAv2 zpHtiZQ+-YSt@QtiD&qubU=}7=DB6jVmW>Z0yqg}^c7S2+H;IDoOC z%aH_4Y1PplesZeR%sD=hCnzFh%7fcg1)e3*m{p7+g;+z{3?c1-G{b)V@c zP%8wz6y5GG4|>cOHTkz!WFR4;DRbcxCjdYI;IJCkVqj2#Yf1fXqIZ(~xYQ#vJ=e#F z1dY{5E7DjzW(732nR5DK_EX8XBdP>xB1~n#2AzrN$I)L?xyGjO0{r2dF9%4h1MDz{ zPFdka0ASKFzB9O)gCgbBqH#}F?p;-cx%v6SfAtrjCS*Lw<)4^=V)S(-dv#u=f90aZ zN3MMF#UPg0x(N(ix(uci3raT&Z@S;le;tJtZ>k%xyE{Mjf&iB*JvgZYJ2+<4x!TCM zPd|0C2f2)V%EFRKCio)A#YpXQ9Joq}ao6Jls{^}v+c$lbHuM5?d1d_YH-+%~=VDaS z>~bOagxuUCKKiUnPi;5;1PNVl1k-ATnX+$WF%yNrc05=@kvIrGMxX|`>witsHC0t* zo}6TSuq}rZkkaIbTm&+-<`mK4XX^;C%2AHhNw_K9M;Zi#L^{ASkUmOs66#ctL7?T8 zyi4l56$J#x452U@i-JfN00wE?>eT(xf%9v?*qnl=mIw91zqdABJQ?QsSHK#l6X|gD zAd6_L!=9C!l(EP`n`3-TC*NeX`3I^4DoVIv*KKIDSAa=33KNAGH|xyCq7qIN^#k)NEXeS*ekBA-` zirz1pKN)KoXOYHGU58q`vQJ5>Ec(U^7x@1IGBrbWHt8=SP7i)BE4KfdUcuKXZepMit+DZE8OIBK0Tf$HvLY360wK z9D4d>glWx<)l=bvi0>cbgLSs}FmjXdH35)cmX!X`nK9vMycDebE?nq)yE zcUHtb9XMx^6D@}M2)JBguNaQ-8ak%KK9=5?ip?;9`Es7n9`|a~p9^MWIVA(N`?~3t z-hHg8Q-bAh761e?DZa$MBqdm8QOFJEC{PC+p5O+aQ+v?6B9#v{ciAvSQ^w*P$)-YIo$MUhNmCc~g zpK6IW!Y?vqbfHiPVr6b(e0%<25w{QUwz~D6Bv~76SQFAGUi0R6>*MhEV@heq@ewES zr^~0GK7D%l*Z!+*<;PUV!JjVP-@n67mxI52#4Vbb=Tw>-d0tBnTx9y^!M&$b^mso_ zJ#6W0ruU=s0q?Pbg2Kv?(*b~Rp`8?a5c;01rxA{D&j~QzdA|eYjl{HOoK2S8`_W+- zm68vgI>ygcPH8dd2S8bK&D_4W)4IpbHM-HUQOXh)-|QA+o@}tB8H$1V ze6yq(8-%4)}KdWu|x!A(SQ?UiM@hJMJes=0jkB+;+sX3cxv(8CWqFW$WSmO1mJYT!WG_s=R%1e)rWlp7p>#hB9eCJTxvEO09N-`LmJaJ zYS}i3j$}+$UwjZBb+{)>cC-94!Kb7T%8{VU(yn$)f(F^Xl`g$bhIHG(#doe`SiLK> zN9#MiV-eG+exhPU1LWY$(T%$oz}r{WZ2T6krL-)0Fv&_S*Z2PD0T2I|0cqj`+T~^5 zm6*Q!9h#EH#sn$=@TsSkaG_JXZN^WFxQXGbz?#q7jy}chd?yLVUTK!S< z&~N^%_L@X$YFgv@@P{6nQ!A-?p~b%+^M9`7JEr_JUiFKAj?=CNf3PFlL6k>~+#9`Z zd;If##MocI&5y^i6B84sZ~laN3CUi*{A2&|d5g`IHy%^Pu&u31o`q!k?nOlc2c3*N zwV{m!b!O*h9zF;~J|9x1UXN4>cq}$_$A^;N;iD~>Y11CYaQ^lp!gQDYSEW-)t;rYz zl?JUlJMNQ;IQvy&Q|289fEj>#-WG)llDuMkcGRKv4&KMF!!hnUSU}!7)9>@~Q8V$7 z>6B7PaQWEn3_#=3H-Gl(bZCKvv#hWog_S%Vt-C!{8vC16pdr{-jY!DtW8yh?$kg{5 z@zNl>$AI)iF?fkkkn@L=!2Cnz)I*PZa&5tRfWR-&{SG(crAkPzD%kl`PJ21*g&!rr z{dw>F0;gfm^xrVx(Lekv9|KwHTT$W}Gkk$5qt=?j3azg^`N8polFwg8JqnsS)|ZPPc#vMV zb`OPR6{B8uYJII^;yhjAn2@dPam@^bdZCRgzKSM2?3 z9y379fd)?ebdu@Ru`OL;o6u*sWd;)r+oYdfa+##laW3Z|HUymAEH&opo&!1 z(T3|CseUYP|9BP_$NJg(okLGq<#MbM8k=&IttO*aBa1&ZD=RQJ0kmzNI`3DT^zfgKip6km>- z05!zaJnJo@Lqmi0C0?_<5DAjl`S#t*pkT4cZ2!uuNnAUU50ZkRE6OF$vw!;Z{2C8= z|Ez`Jt5gN`3vn!n-)B;1XItujTG|de7SBHZPuSSYcISW9zAk}JE03pm0RL}#_+`QK zsixa+GK|g88Ga6`8mSuTu}`ccg;*UOIFJ_73UrWq=`zo7CLopatg|p5aJ2F|Q!y`< zm_7QGsY?T$Qg>CuAH?>I2rib6azqJ*=)o|3oi@@uaKl2eORI{GP5IVJbeegOu)n$cv1VoXx6c?cv+4(9}s)9{B2 zAh=ee38N`$-&Lr&{{|JAK;Kn0vQ);tKTJ^YrhPCZ`0~ER_n?fR#xvRd}R7aYl zE0UIfUG3hhRF1h7N*p~`d;1bpdPVi%z%kSJSP)%9%1WHD;o&|6t_nE1%mmMa0`hIo zM{B}AiQD;-#*3|24z&Rx-;3jaf4sVKn!yzDJvjVS72&hR^Y}{G&#XPc|9G19waE2| z+V7)?vl+WzGr_;7Rc_q4(H1`PYwz^z-Mv3s_Z~<5{zxK`9{=fkOo^_xI^JRvrJ?T5g7C_@ni&f zT>`-u2I&>NECeL=*b}%!bv1m^IK^9rK#E$_FXn;io4revj4zsRv#VQRyNDz09b+HI zzi8r%;=mwQOFM^d0*s#m9Fq~?pV>Fd)&-=+&5+-uiR;`#Sd8;Y0r}uh^^E#rAfM8! z$uerU^FRt=C zMkz8xQPXAA#79Fhj7Yo5@8&C9PJ_!^83Zqb%-lDm<52-XvMzJqVod41%O>2%Sn3vo zDsr>lg@Giu?0>3yx)gSGk?F5;oSYS=g3|u!W05;qf)#UDgAdN02Iv3L{h51861abb ztds`S*4KX#@csh>glurFG>HGI7!?51dy0BY#!v-Fy+8ngc*)#w>HO3~m`JbI1t2wW zL@uJt?c68I&Iv-#u>2qsu*N6zbGv^(TZiS^?u&@D5K~Z@;79prKKgROC>%F6%z&qc z`cWYLd}p%UI7R2$fg`1IYZ1RPE5x8O{}CsGF7M$5%|{w|bFjf(=z`(iyFAx%W#9fH zYHdCS+mK*z3?`q0wxy0L(l`*Iq@3KMk+5dZ78Z>I6sPfo^>tDx|Lk?(j1sWm#_(&5 zc5jn>Kx?Vdlcem|q8zoBBx-Q9b`OOaHmh5qnI?=RD_|W&KR|aN-X{s9|ef zmo=hsGjd8o_R$KN>k?48oeDu2ZfqjH>(LiqP?{*9^5-obk(A&mP@q!O=%jxq9XF+* z?vWX^ZU+^E_h9GnpqAsu)zXABg^GGLs%ybxF%^?@_We8?02S`On@G?x)s*4&$Pj8d z0IBoTJ1WfBm>=ct{yG*E6BD|BlRu%$5~KyT)+~=ogu;97csm93S}lI~AqrYg4hVCB z#cA>6jkEGkFTxegSY);(S%Zj{YIMAx@xI+%Z|< zvryL%>Y9_uw6=8JStFD-J|>IG|BV6s&4yItFjE$Ap&ql2V#mFm6$QNFq-}}mlmiGU zQck@<2*Bu4L)VZI1frX^G`P>DkoM^*NDhd?YmiD|_cI&%I$HFL5U(hEc%cTLRFaw3 zyk6X$i;TW*E#tNCCfS+;Y(+l)G)QvVF$NP7FBizf#GNyzaq??VP2tib_aS&zP>O2I zV$yeh0p{W_f>CRL>hTF4*1(if(SlU4XY5xjb0oyoWK>!?|5iWw=NPl9m-_o`*0ut4 zzHPPwLbf9LgtWt!q>p11cHUd+caaH=0#fQ z-TI*w!+?s2vx|3_ne8(kxi4`@J-t2JFPX?J{S<;p)i8mw^RqGw4obNBSjTpjP%?&0 z26C;8cjnB=Eh(HGY%$Q@eVuOjp9O8Pp&hRIUaD zpp%90YFGrCAOiPL$2-^2>L#0$8VqZdwyqINYi;QaDKy+1x@ILgF+42VFNS_8dp41iQ@xkt;(Q2|X8aD3k z(~+xdpO=Wt{?k2Z9>$&+D9t7UBv;eW9=a^{+0L*N0Sp*@i{9F&F0!XPrn6gl`6jg> zSOPKx&vpg)*G`4GHr<{OX*<;S1=Q(&cXDz;9Eze6#AsxJ(LZAxk`%%PsRiAlVs8M! zs-M2SnVhybBg9>BlWCa{)-RqUJ^hA=f#2TD?~XI^w#wucp`d(_fe)2eu;#h^&@xpZ z?jrLzL(bA`%H~mmE6$Qyzzvnp#S|!RE%21aaYwV;oO`BP&5Or|ZmWx6WOYUojw&6h zq>WPnc99t(<3-TSaPy+Zdd^Tw%7y=uF93iTX{%;P^jSTI0@7^<;k@T_jlr>T=Yofa z7bS1j!3VIjmo9VjMgh^KN2urfvlPRde%`&zK-V=jD|L}0T0ELDj~}dOtl6V|kn|pH zEFqEWYO2}uXT7WG25SkC{i99dnl#nBk_b?e5HXg}{aQLX2208EHI*|Imtlc{?sgNj zA)$K;KT1j$!DMw|R&Gfd0outh=(OAs!=hM6Hq@E%(+4NQgOPyjS>d#F#{>3!c4zxG z+3z;+aT5>?AO9hlB0q>531dxS^qC^0r4-4PE~0{SzlRg($+FSCH~Wyz_T#O>Rz&^R zdtSyV#$XL$j&W51r3Iz6$@gqJ;#FNaPULRJe}sGU=WN9#zn$u4M7Pc3pC^0GtB=Bc ztZUOXxE@b<+)z|!-Hi(LDog^+9bPqKl$|+)Q-hU}Y9i2k}L^=wRn;%O<8SD1s&*l9q`lU}=74f=4oA#zhCO?M|Vn(#x|B{PT0Cni6c-pL7&S?>dbr zzBEk@lQD2`2JNqqG0BHWr`rnU5aTUX&3jCQzoXU2hxz}^L+-)dV#5Nd!QfV;qq% zR|Y2%>~nb-J?671f?5B7DpsP4FAua9a)u^>FoxIWC2VwSJ6Y^=EJK)YaeJVMDx*5R zgn)^Bg3(P;lulDie3q4%F~OuZgD|^HPSvjrd#rC|c&3)w)AhEr5T-pu9sEU5^W0jU z3P|6L^I8FKC%5R#XiM6~^32SyjvjmAs@T*=a{69YnYI;Vx>((L>{8nuPnSj&=YKa5 z$(ZOpOwr0;bm^Sz7D_4X(x8z2K6d^r<;R9kH2~n>a`|RyUf8b@rsJ7Vc3J|#&H7L&4S#Q~0qS{G%x}8||hI8HFdfEI@UdGSC^o#l8 zy-PFBVKQ5{40WECEFMfe=^`dvy`in{h<4%*9&6~)4+vh?^Q4ZknntHcO<-`Y*T0xU>`G3|74_iJK8e` zE_px1;_4lb_-C5Ww11UX#EYz|W$0Z3rnWfw=UoPfT>J9i-Nyv=b&)cCrkNyzMvxmxtXk`JGR#w%Sv(b>x4( zoVT z;U%Q1j40=eRA=P9N~nKv;%98gyW(M}=;bUGFhJmw2^v+D9(-IfQyhkRqh`v zbokh(oD{@(ddHn?qGlzf_-x?ir=@R~K0a@emHqWhX=z3HH?}yNJPBs)q~mG$6|ALI zPs@A@|3%-VG<~D9MGuA^(X5i81?R3YohZo z4|$xYJ{8nC^q}HNh^q*1sA%pr|EO2SH{~L@Z^+Uu^?lWP_c`{-T0Dz8BVhCW)|6DW zP1uXpUBb)N%QA1E5kBlP;pS2jlKcLQH(F%K?)v;H!rL$UeJB0fW1sX2uYc=vNF z=>76@9}Kv*T>aw3ixK}{4z~R&H!Lq|jCFbJ;!5(b=gdr4FWsDcfn1(5CmYB4dAh{r zEQE)Ll-<0Pv-N)K*m(T%YKlj;wkzq-wf)tr7I0qgyALV0R;uwN#?ldQB)4Wri%{n%zPJd#a8Qb%Cpn$5%O!G~U7&K}0|tAClJAaE02>fa(vq)cdh@-$c6SsSYv zI|#mXL6CmyUG@_YpzzbDC;ox&Wy7v_Jv$(oRa|YhS@%1Q6Dw0~l6~hOWNBd~(XG8` zXS0zdn{F*xlSi{9Q}OB@*QHP9E`}<1!%CHEwyL~l`bH*)9k0)1zq?d3+@ek1tUnkm z`YojA8!#Dmu{Tt?Ivfu4Bb58h`U64 zO1nkSY$0(Q6Zw+E4nB7@oKOB=B(VS8rZjIe`=4AjEq)%ALu|h5P@ABqt#b9zr@dKd z=5a!1Q-O7qX}E+z^l@KVm!Ndv(wru^z&;Wwlo$#3@fLgrW}~EcCu_0s7Sz@LxrW{> z*h+dt!XVKs>5&G34n}Pxx}<|U+N z-byFw^@<$m!Z5q`=;J1iqw*;HlFQG~h9X2v`WZ!{`AuiH4!4OE183sK)xuhIA40_} z2D&H_a+!B7V5c5`viZw;K;A+NnrQP4tills2)KVMSuG>lV5qtNbKCz>%iazg;0azK zTl1=3T-t<5gNse8i!qXF4ju7kqU;lVNKq3@Jl3T#N&^L)$b!p>PGJ8uxLrq)Vlbw? zM9YTHU85%GK&aWL=iUrmy~;NIU(v{ZZO@@jac6d;r^&GlH&g{@Q^ApcVy_HRH=yj~ zL)v733`Nupy1AM1RYD1=TRdECyd%RvIu4pPl*78AYS)Rew}2w&E!Gn4gqWykpSq-X z7K{|rR?!E9#oWlF7tM)NaofLKlTnv}lBtE^J=9ucQ>$l*sRbapXrsppAC%eY1sq>i zHH%Q=?neHt_*up$D8e%9Qw8eMR@2BsX1JAby0fPzheBtL!_Pi6?Q`^yxyRGA?6L)* zh5%KrM#+IWL=4$D;IH)N-@#V-Rlh-qpE)xd)Bp`qOg6m6ZmMYMBoO(Q+1Zaqqu-t) zdR;f^YE%-R5?T;Rq_P0qO=LkpllL>;Pxxy}E0F)Ifgqh0j2qC~9rb)1*LHP$+xi_W zzbhymsO`gts?~1ShjGuTeTTi&CsK96Eb1J%ZIwPV(u4=>3Q8{rvKaVW4x5-rQHUn; zQGBihG8mvC>&d+Da53L+suTH$I0K!EyQW4Qf(fPda>BA0&TCjSYh~@gKNlaZ6cW}*rN#R25pNCc$THY2 zj9&|Nx-=#!Wo{lVrLz1FHQ---OMtSBFQlZC|5~eHTLtc}@3o1}C{alxt`J-lWdn;P zr*{?e?ccjxf1RE5zm^+@~-< z!=s;Ci&}YE7%XBHkn|xOr#`xrL11jx1s3aWT3Qu3QkR446qADS93(FYX^mPso3a#E zkXEKE09Hc{wO}lgv%c(8!=45N{$E? zCu`TL==G0rGEqGmjvgn8z22qTd;nMb&t0+COIp{ZnwFr*gsMONe0m13ZXsPPLDPyt zA3@ujYmV5yx78E2quO|0!XU>S{k@uMKWOY_%DCE33J0(}+6N1!gyYbZ6p=}+^~rYL zq_Uq)Lj-z9ril`h%F!?7vq`ZCim0fPQm3pnSix;rC5gkdiIuz{`cu?`2C_sgC2S}d z|M2H91`Gm~LjU2iRLtTMgdH)k8NN}T<_9%_c^01Nv4b<%WsNblqLahAE}x=&Y9t0$JI z)OEGMu;LHgf}8ay(~kQrj&EIip9DD2D)@U*=eiBP;z(Vj4nSzwW zKrqZ0B8FtxGu*7FP$J_7M^j9>UH;V6eu3qTna@ zePPi0?d?ngGyFOJen*(K`m-pNuK3mhK20KD)n-%PPX5n=8V!)~=ATmm@Qy zpRY)4jwhoAv)$$rWABbye?{#p?HXPA(?rmUHmnPI}L=%$kh%R`s7tOKrT z=ZD_{-q8!Vr)QWY`8Ix`3y2zeVS&Y-_7lugLu~#eL4{DZsM=q&`H5E;E$Wu=Fu_MG zd2PgYl(Q71zBwuZysLjTB}@P6)nq#t7+I~YQHNrCqsyv#beO8}D#G!RA(1vJ42-n_~1BzHh_igx~^zWMu}M4rw&uJS<>Ct;MWT;avOVj2KfoOnGJs{E*g zS}2yY#7(dTb8Wf}M`1xu$NQsD6ZocJ;G5PcMBZ#ACQ4Roy#xYbh7SmB=SgcCM^T!_ z&tL~*Y38lno@d~1*|V$v{3+pdYp&ih#@H$e+H~g*f>6?$p9>Oe2lLb9qxcpGk|#&5l8g0&VMVQks{~v>kkRE#n#RtKXbxYZ6(tgucMt85Y$r589Trr|%kjw#S`lPw~F~IX9 z!w#2(C^<9X;|Y5fwAsCLD1IFJiub!93RVNGEw~mzcM(V;zZM)q5)|l(hA-L3T(D^c znER<9P;xqOcf>!x_cWcSQZr#Zt#H$MFuYljOKAD>>C9MPe`TJIjy^MGYqQq;D;`Q* zC>L2sBl_P!>0I-a=f+QUpNfOw)z^cWypLDftA@kh8nVq?~}#H)}RJ za02`G6E_fp6Mf{*X*LnsIZMcR6py)C!cm98H%Bt`k*fhspcMw1in6Rm4I*2pJH-N6pLE%WV=32^Juotkoj? zVAJXK9j#xCpAJ6W_Fmi+Dnk;Rx^hmB9`!`fLlaq&pmZ|2QdKD^sgGV`=?`aK{Nr-) zuRWD~1t=p@g$iTQknrz40cV(yN40<(Njya8XxcsYYU=)Hy|srI^fIIMGDsrAxw{ET zT9odw?R-kC0+a;m<(dP0LLx1GLs&bn48ok2k92OO%}TuG|Jg9k!w$&tarx5+<)l^h z-J!Kg7A5g&2)Q-}M-_OMxxVb|9Hn?j3&HQ2T1fR-$nIFcK=FJ~y+v30mm=NDnFOOt z7%&*#m#^s_I7Ob*rF+c7#=_;@5+eesyg*@9{CV;ZP|^yV7!zW>F_<|SlMPVO_Be5U zb>)*F^$=Nu5+%{y_SpdKEq=!JBtAIJgg4kGMw$ht!BTnujfmORf#Q%?c z$wv6Ge$f}w2u?I5HZ*vQ9eg$v;WKMCHnl7fN$M+n>0P%P9)KY|_M7Z?&lH+Brx%tc z;*1+kHVx%=p9Q=P*Vl7ES82mA%W@o-1FAD$&A|H`%vuoBB5$ZgX5m8 zPMq+&ToX=~nOficakd!q?`?d~%=MKwHTG>|r1OMIHFUyEkDtSumi(hb#=8h41NHraJ$FRiZ-S{zU-7!CYn;9`*(ymHMAuCI6@UL* zU+@=CuOAL z-q)BBZSZAbgY!cH<>RS8%B;9BtG`K)KQt)`UHV}hyeXb-Jz(XbOMDT#>6A|Yp-Q@F5?A) z#tX7|ZpLoD#p~ZyIl0x@!orK?4}3Mb^p###zIK8FGvpPB&nnCM)dnv@rxx7Og^&eB z{LSazdYGMC6@^6Qml*cVe$*IIX!?UtF_m(oP1@$NueL1I1)YN`{I#InhKDkP^J?xw z9qr5UYb5Nx_6HEeV|Rg%Qk=q*NzIt+LaV4vv}C|OLiJSYK(NZ?-b z0fFVtl?|ihIK(p9i{k9l9G5YJV!D8#rhyZhtEByCDX>{y7Bb8fl>jwO3d_3$(VP+omdLwo1p8tBsf1y^v0m`kOhVcgp;XJqVvqm7m09Sr zRA4nNH^mcy*~GYu9UkXeRB@&K@yjO3CZX^4% zY%}_^)H)49L|D5N?49GJ8)pPkqbW*}m;B@o_)&2+r9W;{qKJ&~FUTmc16Fm2M()s# zwQrC07xL6R@3nd|BZ?G2r#ZQX`dg<7DamKc8=w;eI8A|q_9^Phr@UHr; zQ#vbA8>c`l{&QG3_xg2bQvyd+6z=$0#a%*s2Li$G3!6y)uDzG|l63&s{MS@H>%Sgp z$qz+FzOy~WHQf|Rxw#jwH!JTwbVSMNUlFu!zwm^MA{>m&R4tula!MI}#>wHc?{C0cmj8$ z5)x2?K4>5N{U+Ud|Jh~qVx%F9>E!2pw;QV$OR{GeaTr&9Z+R}->$hff-jdVk|5`hpWoU?D;2~0lg||y99|$Y=KhM}qy9XqF z-sBT8V@lVmRj2Kc1H~89Kugk;2mlcvo8k&c2QA4jjEn{HJc@T9v_FJ?C%Rk^B5Ftr zc`v{jH%1(lGOUYqWsghMS+e%Xbkg&ilH6qa+~@0Yg1-^|%$?H29$+T>p!SJ92;x6F z%5@dVr#Kw0{oEOnhxB!X&Qy-h&0N-k*xo}txAI-I=F-MFpcSjYaZixNVLYgeLv%G2 zm$mh9SOmX7FTfhq^zws%VCB2>#&-hNQ6T2iEFbSBCb>q$#^#>ay&o2qg8!}V;sK(2 z1k5W-((Y&5LP+Hqy`4BXo|Ud>xJ$H`HB(s&>3ez?X*=v&cpJmk^)hI_nyLIEU)=O= zIEu(}d^fHZrX^AfrjV^%MdYL zyx7DgAa}|sOF}YIIzpYNqCZ|!P?azkX>`!PvEQ##Q0Dsc=RxheH=F+h+b3_T0H+_==yXot(@0rHMxgmJ z$N1dyw1*?oPvVC95K2m5Mp{#EiNtxi*oi+@lV-033 za|Y3z_)5O?R~2x}y8BFy%TE1)=kIydOvDNLcyO&k*?G?)7zSiil+b+(qDyvMV~KmPzQjX4D-!7qcuH} zq#>yoG4ec;I|&}QBFPHu+#?52WX<@+92j-lAD!Ojt&;znWAn+;Mx{Qz+PcJ= zQ~{y*uRl9?XRk8pQ}}*d>#$IdIa0GJwE;#6I3|Fu+?+zN-N?GipGV2Z#)e^-7Da3T zF7RVbHq{zK+;5PllN|p7mE2^YC5odS^upb%U1*&?n+5^R;Wy+y99;If*z!Y%-+fdn z{!3r*xTozkQ~0=Kt_@80g}_3>F^xpN5*{}oc+F`F5PkJ&dJ?HE3yP`_c`5kB7+VtO zO203(E}<`zju71EnHAkTNQtok4JcefCQ3D{y+Ndxl>6&_>REx0iyR%#=KGo7(`xgs zGEt9BP(NZ(|DBoB5d&5K6Dt);s!@jknqPm&w)SpkgYEyEuJC?y9<-?c9|VRRAEFQ1pV;?V=#Gu<8 zG@jTXez8kK7ylfW*n|?TxGw?0HwB20hOTb;R3~V(lE=DM-R=ZUH`bV5qD!O?nc$%{ zWXh_gZ9^Nxq}w}FVtm&W|3SO)LkmzO1YJpD877D*r*w`J8D?9_YOFDD2(; zlOX8NpS|VaP?oQMXbw+pCL0V-OQKEDA};!G;}8i3mRdk9kh2tr9fufLM3aLtu0Eb? z`mxM){5-2j{i&_zyyUXm0y6lG`U?jBjr?-lVp+{r4~^~qrQp*aOTW}khsfgxmq=go zRvZPNbtVf8`1R`3sU*3(g*3(>IVW?MsK?wN-3N}=L2j?pC|E0PQc8&`I-y@e1WxX5 zV72q?EjpxsTRYY(eNIIk$*Pv2=G>`bJsNjM+*!*7;yxx|e%QR!Z*UcG^u130M#5 z9qNm@avZ93bQa`!uo3k&B+ccKI*tAJz(9vQr~1`PJ+QIb-DI9r!_%(!-+MVJ=DaM4 zs1iq(jN8ahq|&`JDG|updGj`49%#j zDh#pBcwi>}diK-X8?1Cxu%gTUFM^5|@MLWy08o1&u2E$V;s5N8>fNCGUOeaI0ekqZ zkUMu=TwSvkPuSn=KU)Y=57rx^zlUb4$bw{K&2TqC$HC2PrPz) z40+)}k8U+=e9S)JSDNdl4t|%%T@75o2AgT0TD@m<_If4Ov-9R|7V1oZZtPHtLA>h% z&y!ewCuz)!{VsQ1NtZHCTPJ5cY&kvrNIs6+yY)s#UC#n`+qmYUH^%i(S7PK^bj6}ApFKDXCX8#w))$qNke zu0II+;8t&5cZ{jcQ;z2Lo+U4^jLaoae$hwZ7X!NJO# zv6$S)4~jNEZO5Jg|1PamD|u-Rq@=DMx!V>fc(w-Z$pj9|-MGPv9g>O-xW#iDvFh3 zFa2GIbXv8x`-2h*&ax9Ar@c31Sdk6Odd zhI*~HB@X`FgmW((LTxdXf3~1S8qqVatuUq~S7xy{9E$^sPVP&RO;;kbeiP2lnukT7rxn>N#xte>rX)#OU<%hqHfr>%fQUVnfgX0|Fas1^_ z+NrW4k?+ZF4lPe5gD$5I_w@X_^D~w0Id9mR!_2dp{iTj}{Dh-J+Wq^dId)<4_hxrn z19!Bs(^eg4)(B2Hym1<0YwXW2v(vV~o!OzW8`mr0nL~x?&PWcN_OpzCzB1oFEKv0R z9M1Z5Sx{J*-d{QJv-7k3_e6&tCbeAB&W_@b=pjY#l`p5Kc1@w%D(5s%llHrT6$V9D zJV@X)@%5w6&z}dFBWB;4*5tdhArhIVtF7bZewgCAY8<8BiQgX@s|ekrQ!BhMfcLX2 z+yS{4JmHYAdRTB9bU3DP=NjTVmp=_@NTZEb15Wv{l`u1A?7>&E25dxU#?wIQ$J8EY>x7~ zp0W^ID2N<#tml3T3D_(uy0hgWq;qfbSoFS9NvQTcw&UI{>7-C?!L5(L*9WRN4F^(J zn|^``OT~Gs;?~0<=k2~)-mM3t&Q%-_G>?@0>!E6-G~@(nGC%)w@Z3GlI01yP?dSeB zT!_N;%x_oHm0EZY3Pf;12=x_}hq(7p;f~mdsD!bi^O6riY*-?F8V$R(!7q_1u-MW7!r*>8Fsmv`) zTibBj`|}SAi|*Vi?yV|*nmxF310_}(nW6KeCB-!Kb_aQ7O-MFawZdTPf?@=N<^Lk> zt%Krvwlz>;>s#HSyXKRGjq0(km8g@sN^^%(ZH&Z0#-H{aJj{u&>qV z_6+wq&|M#k{6_aGkO!B>xNBxDCW_|vQ3x(JcVz6>wQKEE=^T&G&OFX`R5>Ksw~AP8 zXAUFmVl4mEf2-7lrXD(cwZu(y?_qTJl#Njc6Y14f&tF{(!fwK_Y47HAc4oMcjKLjiHVTXaihk~SVWct#;Ztf z9-av+6&XQi@zs`RF9Y0ODXYGtkbSre9IMZ}w0BEf4{s+m;)5O`KfHTW^t$~^I~u{m z`+ts4ul}*G|N58+*8KeUzrYWl;-x)Uh<}b>ZwKN2w(`$M*01o!Jz`nI;hDlW7bBrO zE_NfyO?FdqFaZn)>&WyjhAtHqs#{Ca;fXzu#l({;DD za(lcOpVuw!HpRF^vzJ|eZmhTBU^{kNg;E2b)^_amOo|+F&#|v&{tR~A2q@x>1w(;>Y;DCf%L|+S?$d?TtgK^uP?67 zwkI5S;;c<8uV(gR$bn#xlXEykB(j)kQI!mD$m)?{bag9IqY#HQIi9DqVrvLbIQ}6M zVX@T6kxrH+6>)Z|_B=gR#-`Kg?CP@qLB?h|`$IZ;dbz!kK3cp<{ZR8mi#4CNX9EYD z)vR5~D~q_TL^jK-iz~OYsoCT8ffiR8&#Za^NNnFA{<7E|G!hPU1Qb56)RvY=oGCZFT2fWqN% zvvOs>?bkUr#zOYvs4uY!Y8ZiljE94bAA7`{m65y}H{Sr5s#-%Irh9srl+)3&ZOd%y zxf`IJiZ`pVfvsjfo=u0}a~yEC+N8>cP6@fX9QWs)_Z!Yxt>$TBd(6i2?6+3LM5JuS z@^pB48)NA-hmDzCYzeBLj!0z|hn`oU=3F|tCiB`lT$Zguqq`SnPWU|cuMTsF*+Uje z^}cI59zIEImu!=)TUOK!v>ztSgqo=)aq;{7^q#2JoG_=Au6qJTTB7=if?Z&u1490x zT8u;4y-RT$1!3ia%`@=8D{F5ZZEVy^bx*5Hm(6@8+*YGm1xJ7GQh!G!EQ%9DK}AIc zYf6DxiMdPT>g>#7I(i^_6OKqU%zcPS)+L`U>27u4I_GMKii~W3L58onP#WpB);k5% zFrDU4yWY4V+|A8^7UC?F7=0O;fl%H%r!F>$3VZ8T4wTd_OlswUI9|PrgYfxzEugF& zFUSxO5F9ryro+yCQHYqU#UkI*H=IQ900m&*tI%7)rB6P70|F#P)%@QzJW9qAaSnAw zQ))>L2)RpYF`p4~H?XL8LzI^**>}&h_A6-?b8lnVjKBQ+XlQ6?V>28{5vmAP{Lpf^ zHKq;8P@bt;Xj*tjtVzSz1ulMkdU|WwcGM;RwnKJ)%8aTwEa4roa=-mG$x)9v-IGZd3r?*>{01kf<>B{k}u zs7OgkDJa%gx*~!8DN9Z<14>X~^1u3^XKD5kv;r$XOTWrwXcx(S_LNerj_9of3z;vso2JNb!VsG#Ez?|GK#Eg!L3~X z_W}BHd&vD(PqF1fEstY=eZc3K1 zIvy^)t`*4WGv>Tprzhb4{Q1Du>-_ib`v_`rzWal0B@+^E%i zT;Zy`b9>zd#>d;+`|5PNQ00<#V5C2pYxfXdX_gGXNE;ooh}B{`2#;my=JF*d9rjt) z>?zDtuQDFuW@bJ)wVd)!EH@o9{VsEwralh^lA>@L7 zh(O)pyO;}D6|`IFES1lZp3-yj+SP?ODUN&b_i@*!|LSH^MWHvZp1 z%^R0HRP=W~uabmU7Z-22Z-d5c(j+G6T$j$+dymaT86$#@1Ib9cL>c9R$-FQP46@2G zD8eyM@?d_rKL}rlM1(s${Fx4SAgh1Z$HAA`Sp;D|8YMaUQ1pu|MQ=}Uwx5EdjwXQ`uAb}7uW)h?kdFMvbAmpmKKWvZsOoO;uZAdXNk~W*JnGEvZfZJ#TS!UQgP$fb z85I<>F+5bF<7L&PskCBxdv$7UYg-=pI+&QR$ZCPNGiJ$9LPceAfbaeb^n@Dp(w-%Nhbds1$|g>9@bhCp>4)=Z|g|iQ?SmWQsET}xmV>oRSc{{}`t$jy; z`$+Z@KTV2-fGH!OlBz>KMgD4B{dUEMqXBWhSJXC16=|K#zkJET%8Xg-vQSWTK)_2WKMP<_BeXd?<3RBAWyfheTy5GYX zKvs^Aoo!Rs_X$c8F_lW$BWT^-CX~q(4sH*^J>3|}JUBS0bKLhh>Y@o*hDUPBQ7$F| z{>$a%WhfEPc;CED9POj|JUFY$t~TyD=arCwnR1s+jE=cY=%)7Q(oacS-9&+qqVvvQ0!R&TyNJGQT)iAcq| zfiffIK?1QG0!ME?u`=a8bZw@{IZ)X_K|v!qGFJ09b+9x%UN>Xl&b^f;XmUQbDlN5k zNo1_2vs`G@t4KoclB00+?-hW`eOt|5v*m2_xp+n$5$WOK0g<)-^Xq+snbdh5QtNXr za!3PXxyS7lq$v+6^W^rtBReNYxro4Kb9nV7HeLJg6FXa5?HZdgAgqE%kvcdHy;a?d zkKiWN4)M}X@e%^Za0+J{%`3%w%aLpMO+JFG+AeMyoe|>bjcL=1nAK>rTt8f&i@nnh8!IP=WGJ2Q&4C}lK2l=QYkjht@C9U+ zqp5PEf2KsL;e}IYTZ(ibPkK@fiNy5~mZPGh<2i5&L2T}RcR9N^r@c^V<_J`X!+wax zT4lB&kj1}&V z<{l2a?jz&9)3q}+T+2!AcUca`nagT!Zgx4PWdn z=NlE?S?&l$cC_$Nz)yL9D8b)zGaVkUoWbgXJV6l%tr$q*8JP)m!nD+M3i~byDQlTO zN#f{&K~$^sIvz~C-QKMA!JlT^_5LQC)qu|EjKme;V7$%MoS_luhyCr^X4RFV$`Ppq zX4cs$Ljfv$}bn z?M&%nK3_93`HlY`!>ANZsxCgVnr|%WIr@MYA0JjTgUJLjl6{}b61>q9!E_m{jz54d;+X-XS%7a}&3>bo= zoxjr1r!cm~OWw^uR;y2WFKFX`w=8tN&)3=A4avxsN>nJ)P{oPv8XK#$Sw#aH#oPP- zAw?jScowc!xW;aIv~u6IdZesnQtp0@GPnC9I~%bn83fH%v+SnVXN0)8@!IZ{e(TPT zj;K~v`<_+`L#O} zIBwL6iBx6f#0~C9R8mq>OpGK02>!*@RsD(FX{N}lvhs5OjrL%CmpaPtQ;_*9Nx?n( zqECh9Fy-R;QoU!kAlx^yn^-f)B`1aBk4Lj|e+wDFRxWANWZ}4M{A@H^Zlv84LyJYH z!EG}9)X}kOV`DsDsc>9#iB`F>HVQ>%%?Ws9Vhw1buI@hQk42o3D!qn5dJzvo%)!L_EHHmA=6b%Vk;;74sMPt4+vPhIM72`Sw3$yV8=c^OkO#Emg zp&lN02`u@3qJ>KMmVLl00IoJ6=ShQDBrjS@*$@}JCQxjo!a*TH=C29oT>kuelqnMW zY9M$th>ZT6Kb$Eg#<{5z81&EsghlMCR@hh`L`LeeD~9@9BM)IUz85QFTa4~!7uI|d z0xV#b5e_cO-N6vC;xO6cj}q<`ds{Vu?klH2WmNY7CT-M+&u`B=C6a; z*Ox-@O_Fa%jG5`^iiFn6osdVC{213?Cr(#h3`ml!_br&b@WfP8s#n44&Hfg!&e6Jn zvi3B(R7!P`!tIPSD?e3oWm=xQi_KBq@ZODy+a_~D&ALZ2Fteg_QLL}tA;8rM4(_L+ z(i6Mz!hsk-$(tEBH?1X5yZId4w!mY%Hv8q#6OYT)iH^|J`a|K~q0El{6dpF)wIC2E z%EA=-Q~Az;&&%n2Gz#Q+z4y`_K!q-t-_p|fffApcokby>CgygUoS0x^Qw~o})oyU9 z931@UtAkV(lbY(eJ-%zu)0oU=)&Hm2i`DXG{s4!F$E83HrlFzXm+OA5402v&pBI;a z61_j{u;S&N2Ob!NDxm3OeN`&H<-&mzQj`7NjZa)04h028w76oWsbYimZMV+PUNvI1 zw^KHYEm^>>TTUJ{d`Qn#DooH4jz|0ufQ=pd|HVzUF zPBrTsJa12zq!K+|DGkmOAfGE%SlY^kd$>EK^7XP=m}v2jrxB z^!N7e3}s#)F5hp`u@q>>*WBuO@=@z#^iEZZ{$oDUM1jG`*Wmcw)zvkndNwREcD_5K zJxe|G*}W|HgIUED)MjOQpPOn?@eHhlXEKrvVouMEK@wTnaNxF-$ zzpirmg{uEhs+BNm>p^GmycANCSw%1Ny#{tw5_*$^xD$|rth5by<74&IJ{a2u3(t%R zenp$*Y;~!_?lf2tR1O-Q!sY0(-tP&9sNSGwJes;GQk=ZbVHd!6uhEnFJW2TYtOiot zU9^>93bt!*cmxD?mq*c{KVQiL_x$$mdJRatW`oOEYwPiE|5q;RW|Jjf59Xe|#46OR z+Zu(*gGU(Tf`!!6B84eS@K7m zS)<8RQ36^asITH)xv4l_ti3=XlS0516BZxOq1S#wBH-(I%~GG@A453X&egEJyg8Z<)l-VvJp8ubB-VeDcpFgLM_<+oE$3DlQ8LqPaEQ z5)2hl!k>vX)RS8Z&hjYced{s8jqzhoi7YSUlx`L@uayrGsSCPBJsOdA;_gzA(|NcA zOcx3MZ^{ORp0gGcJ(=6z!{-5l_!tsp!xBwvgM2u?&Z?6hIB&Ux-%DA2vMFFf)Grz>e~D!*`6l)$vI+)wb*j;;XR-VEy)-U$Vy)tjAc;a9`u~D7z#rF+ zgqoBgti{+T)VqX?H2iySPqfDm2nO;ww3551Mp!g_-?9lrCKfF+a*%iAJ8Km#a-@sc zewp1}i7TZ?P-3)w80UW-pB#fwn|1OqRjN|U61kWv9g{s7L$p7><$M?6rbQam+W5-<#bRPJL64sr+8n>94a|APF0PUi@VAK*MuCMvx|a z(6krL+Bt!n>Opu9S0L8Y(eBnF!w=oeAf zs-@HRn};T%*bG#pScc(f84=5Wf*s0)k;6Rp~Q=B3gcd}3Py7HLkNZ7BO zSxHj74GnyC*j?s-Y2;HSx}*yF{&|znD#nD=YE95n_V=bfLVGu@zL`S*wq7>8iA6gO z_&hhrUlZBZw@BV;Xd8bq#C6c_kCv|qol}8i5QN~>!8h)XNzT9(c8qyhAFq{-r0jQQ zXMQdz5QHgIS9i+RAb`fc$fXVC9v?@`!Cq0Ql?t(dtw!PC#3SR!MkAkhc!_hiS?P3K1;{V0QQ;HE=)N%0CA|Fgfy| zmIp@4IyusIbGNrv56wH8QoNL&(G|4f;RAwJ2De2V?7yEeGRF^+LVve;*{>mDg@5ar zI7o^m4x~W-4_HVL6oyr`?|WA!>v$V0^3vPIK9IWpb$plIfj0)180lpB=(PHVwBF>SF}ERZ zi~&x_#r>sy!LFQ8>neJr|SV6=<1u%lB)GMf9o<-UIT+i7} z9<Ooar{(u)oQiHOVRTq zEAU=cAe`H>x3dxrvg`G-r?4fiE~PDctxvFo@#C>ouVT=?if$K%S~|L1kN!?PLk zIFb|`8+&^r)fefH@Wcr_OpcChoKx0?wk2J_MR@ z`*c%mWb}pRhDYdNCyKiSYpwo4ne_cJyFzI^a`f=utA=~Y#d2p*CkRBRPrl~dqp$k2 zRV*1>BDr4SfD2cpX@v7=OqzN8l={=Jhz{tveu^crDneITqMcMGa#0g%4kXq^x#(zn0&TkhG zguh6zQ_JudjT3F6=O~R1cQv`m57S25CW~~sC>4x~?xs4v{2`JMMJA{JTxwv=!9jSN z>EF{F?#pcia1gX8jOAZ(Y)VRVl54$AD6DC*VwxT|+#L@{`kxcw;OdlqOFRz_@ohe? zcNj!!crk}*w@J%*s)^L7Q#xH~c3-!hy1_csiOA3Ym|ZyP>iYWO8xWvrs6Ll|O7Z4n zAx3T%JvaBwg64gN#WmvN_V5q+1QDWS_j^}HgK6*o=3G)IArlN^l;#!3HsO-)v4d9{ zvhR>ainW`N@h7Zi8tqRL6am+i0>Z{t<>`1!dQ+vheg+sQ=lct(2CC^83t19IyAz&s zCp|f-?g8fBy3T;gvO7~H0w)kJl7J~N6rg@~bab`3PCU~vjben>tUCX#+->hU0prI$ zKGvxCPtl)PQ!xclR>{EB#4Gpx!*KQCgNyY6vQ7x>U1sHW;+5a{I-(gMweYx}&X&4& zMCU7SkHVN7c2sFf+Ap24)ptIN1LAmG0`ezla23?@|98GeG!N06y=s!jyxo&5A(o!#J+UH7w{ znk!_yn}gPNd_Y`j@?7ZXFzOj^vMICm6SXp%CLBX5=5W92$P^CU8ccT=7Z+zA=FAd?4l6(j$$%Y*4FU*cT^6QphA{-G%izisH^8resSX!^Xlg9%C)Z; z8teA%?&(km@h*UN>#US#8(hy<{3C<$8fMep--0a2b;H>H#o;TEw3U&R{zqqybmYB!z1mv0o zpvs0g30#i-zurH|S1e2j`>dfZ$>9cvjhnm5s?;M8wI!6W_-LbWu-bY#o{0~a#YJJp zVHd>6Cx4os)M(tb<2T48bAvun)JYT$bzaPP<`TY8rM>V4uJjF?%QKVE*@=nsNSSO3 ziiKFwNn+2duLkiTdIh*XJIE(bmOg!*_q?AGNgBe)t(K`6HP94SocI(xm!f{?2VE~O zul689Ff;h9=!+2(0wAz}Fuc@fmF*r0-MqE7Mc5~;vqsepW zxBtnB-66ZAO%1hmOSfa zkSZc%b_#21@+|aI!=~2&aG*w4sCYe|Mnt!*3H*Z@ONfgj>hCWS#Z7 z#HM;ql{;#8NE3ot7*ze?bBxaC0R32^IkGqNXt`@ULn9-$dr37QAG$eG73%as@>!gd z4M4kRs;x)YkJlG!Y;#n67(VoDr7O;A^SI1R04B2V)*PphIN4#L|MvipBBe-`9O&;- zEz^eun!W#}zM3nT*Gyi({REERhn#kNx^~$r%s-s1*F=!D7DX+!?e^gI{5uNa+YB(n z0fqC*?rg_wqKJZwjM?<{RF>I#s>e;dA0SA$T>#klJ4%)LRGDIajQUS=Y8x}Pz66%j zlM{_no7IN8^ZsO>*yQNlx3Pi55rdd>Vo(6qq;eUh0Q3r-#bTQI%`eZxj5a_VV|P5$ zxIWuWtTG1p2XZEty{#=p#?B7SE9tks3=30JiNX5f zCeX8`<AS zfYJflKzw|>aH!yZTr9nM5jFsBFS7z;k?4`-JuWXN06MK%W0PexK$M=I4hVuDj7ivg zpzP`u#+FVMiEQ_lPGq%QAL>ay_D$)To6nwZvlVGK4b|8h9eQsNCN?!Sb+-E~u+7yv zS`DV%MOejv<-&X=74*>5varBI3oJx)g{COEi7A?o|g7@$tRFjy`oojy{yR{R*oxR=S*uz&$vSzhKbS-SV5Bqu)| z&g!Y%=96$27WDApkpeU?K=w+>%7#FpYW#S?JO-9~%>v)wO5)tt=Jx=-2l`#AFndm- zv<34~5GAcrRDv_yx6V#sz4jojqrPDt*Ru-qF|Z5rCgggI%Mdag=r$KE_0$2`IQ%TEGu+=x9d_ylOgD+TIx7M|P%Xt~d(M6d~rW2Ky`3+3gP33mw1H z6ULvL?vy3PV>K5Q1X=aY-d+M07k$7^6$!@UaPCH^wZeW^3j-qMR{AG!zQMI;)ke{y zk>MCX)>KqfRt=|0tKI1=t!C0GM_&gkn{z8FDjtZA?hV_6=>kB%0QSxXJo484^#EV? z_(Sg2=Owo5dC2A%a2q$qLAeQfPnp9x{D-IdT~CIMchHBzFGx)*Ioa7&jL}&u)f|38 z3QWh83e~WvHPC^S>k7dvf5dab?IK$4?FqhqO)&aHYy<$k80b9-ZW*Hcamb`iop0Fe zP2j$jCn4kvWwJywO%syzqUEYVT-}cQ*b=IYc}+oCs^>k>asiTlI$!+FZ-6QCXc4-kaBC(-zsZeR!Fn3<3-Fx3wyk02LX@}$5-Y)fnQ0z8KK`{XJMYXx%2%A!S5 zUpCW|GQdxWE7da{Lo8OH0!E_4|J(xLPa?WL^N==Eap5}KuGO`*{y1I%n1aW}(D&Wx z22jp4T|LRJGqgEk1a!=Fmc;t~byL&X?p$n2N~z)LmRcp`t#s1G%BFm)R84hth3Ob) zy%IY*SV*HUfupCb?KCo;2~S9vPOW<5YZ(af_ z_=oh1i_FbcS}>yNMq*vbZBxy}kU?n*WtGXLk8 z<3G$U71=hzb)??7j};~KLjlQ%h{;g0PI>0;@R}HyKYB(I-$!p#l6H1>tQuAE(9sXi zW~?&N=w=2PYb!c;@u5mAWt|vZ-yrX(scq+Hoq^+_db7IpC+$yC58XO0{6NE7=ovIp$NNRl>T>2L6Y1I`*(d5Ze8!A z62}LS|F@X_vj+ZW$L?S-Q&LixvIqE;qCTWSl+Z8#;u}vX9%D+vH0#dTBpOrr?vF28 z4?B^cLfIwL9>ej&EV+@X$+j$l+=TwFwi&DF^!lTknAYs3}y{|S)! zpXpS>8`o$6azO`hAi7pZ z)@TqB6E~TRylrh?jf#o_oRRkS_Otzm-@6bVZE4Zf z)eXD;&u>r)1O+}nrzcXNd=1jL!^y;0Sa0nD-$Ha?md7W6IFgZ(!RfGrgO4Bh^*`MQ zN1*8M!Y?8u1UMtr)$9!pD~qk)Uk!oNz29>@(2n-^i#78;QZ6kmt=Kp#D7^kh0{&k0 zOD0tIiJiVa8Tux2<9oq!UWrp$w`1!rb0FTiM|KClSgQld##q;E{0y+`FbwMQ+h-;ZO6!iB^ z{@nzC(#^nW9#P_-cJ0SOC0BJaRBNajA9 z2Qe75H&m!JFZo~!SKZXb70y{wz_+ijuOBtFH#Oag?okG+-Tm@tRgMcu;3YOKs3Q4# zw!Eci_S13>dKW!7I0))~Hu^W`3%@($xZsb1dmiZTmzHky++1pFxIUYcX$)0?vM5n4 z(Nr6#Yw+;vD-n>tz$h$(#?W$I#L%kuCh+7}o80KP_X3H=tij7e9zUIk;nURA?9*^= z3&7<1xnE(DtDaBy^)VJmGxGc6r41x;yu!r9BqX#r!E##d#%ypzH5C#Od8ys;f>H{@ zpNx^Q?AB}-kVH3kb|fDV9O`i_;ShrKTdJ4O$(WvWfl%w}Bvjk-q|5=7gjR(TXjdu8P1zNC7AH`d&3-bmIGy3J)mng*Mk(GgiH=W zl5a^f&O1T@qM;p603XGD164%4&|m94I7pc0kd~GPF#a6CIoyXkYy2lF?f5&_F&^e#Ng>N1d z;E-i$)676x3LlTbcc9qkPmou9{Ph^_3lEqtCz~TV*8n&J>S}UQ#pgqMUFX7rXN&g> zL7+W;OuSH|i*?+YluiGb#Osbnk!CkqpqdG~X{OR_eR)~$P#8jrZ@)GBBHo`Ls`Q3~ zgM(J1qC~ASPdK*mL@wAT5K9_|?|m^GIv_eee0t9JB4}%}^hxWWvbKljTh-qTK@4BJ zU7SCuUVw6=%hUl-V!~26C7sL#V@X);iHRLkOv`sUjWr!F00}NydFm3HnY+p}@?J52 z!QmV$V%^Ep?QxPK^KLbvr1&cHd<9gr_>jKZ_j28BWxJ4BwT~8*0##OXKQ${<8tBqr zKBECFfJ_V)e(Ki&)z#I&XFA^Q`DvKGzsZa~bBFnkj z20jms7i>V|FzPHh>A!spt6l)b3u$MLYapT;FVJ$`pP%~^76zz!tfr%Weo$qA-K;e1 zH>&IOkE_JoI$d>4XU79f>+aIilgI61aA2UxY@)wmVWY2%2Hk#RPzQLxz(CNi(#YkH zEzsTX&3)ZJ;=W%-JQ>p3zxcO)Y_8mn_ofDT3q9XsJO@OiL1Q zV|OPTcfq3Y&uQ^XmC%jWXlI~fPXx2|%3Z>u3`@-mz4&a`c1qG)PYfNlW-kk?u3n6Q zNMDLQCavm&=~g+UD#+Ap?9{ou_@~rDZhW~RsCNqTE7Gp>*c>*P@u?l##&G#7Wpg?b z7q`IP{rK@?W5ZZS0a+6$Jncre8ZByDz}U01vjcq}K7jnS^0^|xdvWpZaoU)b8$j4Z zK|~Zb1o{h8lretibfOM%1W;%a?+$~&@7Gr-E$6E_%+_|)s}MOY?Y3sSW@dVl^o*w~ zR9Cx6T22;Q54Gv;wg8I;@Kf(@SAbJ!HCHQDXV{}u*i9CztEY#6Ou+0k_y-IOiD7q4 z+aloFHiy!stgpMV0<_V)pr987TK7LM&!w6yv9JLCT(4@INaTB|noD0o4<2l{k>vecU+wU5Vo$-6`W5-!MM88lc%XohKRIA2yM2Xq)G>o&X?6?V@! zrxU;}kok5!RaN7sF^5MOk(4_@ahcI_E~^T5hc({F2LWm}vvCEL<6>HMbL=hs-CFN- zW!Z;0+YlaeaE<7r+x+cWAT~V_t2tP8^*1n&lBZ@dJ*&6Z=b<4XSdHHb=%qkK>UY!* zVqUwAr8Wt{*CSlnD%!=GIS!#IJbt2Ca^z$LRwHkx%UYkKqIv>+92o!e^K(5_RuFUp zYk7UPCm|~Oi^Haq-*lE;d~fZoByeL>Ykj=Lv#vICQu%J}SRYCRSuHXgcP{EWpBN95 ziE}kB-H$MZ+8K=|odyP*?YX-1_8=nC z-cfhdUV!bP5_8VNY;(?bwE?h~7Z})6ZUoDbPPu#70*F`YeUNH++oCc|?hC^qsIlU5 z+}p4`9!zibf=3-yFN`XFTzGv>{1gG9lxBNzaR`vDTfd{?7cDO?QrVqCGJgE{4OMKR z>FjF#zMRNPd(oyv_2$bj!veYAnA2Y-%1V8NkSs6S@hU3_%CWL8&2d zBUQO8Knh{x{*Fz|X~%J-I8o?slFkx<16K7z>gT1^zkZ2-{Te-8;m>Qk)_dce3RpOQ z^f^@C_$U+=Bsba}M$8Y(Q^>5YufN=%_s`YrNXll@=F?7ZRxVVcASd6XbwpKyk`YE z*xlLbbaNpK{5y2eDMK5@gAT<%!6x$`Det&ETFSK3yEU?;*Yrs$%yU+RG)gU}$P0+x zFj7DMXMV8;eD3j9L{`7sW!(MKf^%4N^6cpa(CA8W^NsFx^E3AaM6~0D62|FZqhPpe z^2%$5d1>f*hCvEMkxd@S8cVN2W%yrCYmfO8AG} z0|OU7`GMe`oLq6^;uQvlZa@5be>_E*f+MNFzgQdRD4@UMC-1NC-)|Z*2?*rlSaiU& zn>@b!IW+t(`6#oC*9%WbN8Pn0&L@1_-Fk5BIl}ryDaYLcQ((Nxi_xV3m(PA>L4tfRCtcoZCBU}{uF?xUy&Rc z@^02Oy@DI%G+;DNI4!Mng)4R2vo&cgpkz8-03q=D6qqf57nlwHdJl@P??HLdrp7aR z;Hzjhc`QfbGCddqotxj2bEVT+nlHbXGe-(SoKH3ufp$Sa#bb0C-3Z2S1P&@T7K{1h z8+IJh!dUl<+fz{b%z+5e#W4h=Kw7m5P%iZR`N2L=PrtrC8|c-lb=m|P$G{b{Q=bkb zCwh8&$sjQX+S_UOjn^Q>0?MESKxMIORl&iSgW=J^L9TM~UcnSoW~TZ}+p~Q>K!Bt5 zR#K%Z^DFPBty@8h|0K>q71J{a6ckW-^`7@%e~@t>01%s-n-lvE`IF3Sik#EVu<-l9 z2Zwhj7DTP`l&`@?z2NxCXX6|6lP&Ybw2Mki@=24}2cxe*ZGfSeE87JQoxqIiNmXBy z$--$;Qc}I!)KPKco!kWu?$mRy_grzHFv}zdgn9t5ORxIYEB01Wg}Wk92_$5y_U61d zFD@>Y8Vk9osH~?)QGI^?$&rx+KCX*|3;uC3`xLIYm)P{CIoBu70{iFsv2@7-`3mUS$BLKaQ{ezoI>9A= zF#{qWtvW-^QqsYrNX`HnCvo(y;+vp@YBP`%)iX9;1*Y62Ry=DM6hgns z2IfLakgkXh%V-S%U>-9!uBxZG&ujzO&F0D^P{LniM@8z^ND|11@^9O!T01!G4VC{v zbpl0v+%6}%QIF^0|1DjbZ2VrxibVuRU>S&(lQM$^Xta1Bn>~`eTjTB8z{sW7~F2Z4_>^YFrMh`|9R8) zgN}|4j4*9IU)cJkRpVXz&0QzNF44cd{FHdCx6`dr;VpIha&A$ z#}c?uyt}f(Y>}_VkwGx%^$>P+W3J?Is8J+bd+?C`9$F z1}8G(a@zSZ_%0{a*iuL(8Lx@bv(_T&Gvc-~a1V6sg&?CAiwO={WB~3nIWw;*af_5F zJKYUSTU*wKcDi0i(1^t>s6??GrL^gtl>PekD^hC^@x2GA!1Os@M_0>g?}hXS{4;g@ zY~*MJ+DO7h=bbXE7~DY)N+Omnw%^0zb;UofO*#TI&Jggi;gRvsWL;d^0R|w^*bGV| zv!$*Nu1?pzZfk05Sxu((fBT^?+?O1B-Y2f??S+^-ik|PyU)!DK_|m&BI(r;vFI4Ok z$W-Ls*9k)6-z_hLLZQXwvt2G$t1Dz@6!I4UiQv@lMANwfc+p6g(;z> zH4j!ldx=Fe+V6b5>*1F#r)P+6bgJ&qMZ(w|_4k>FiZo|_{o>bg0dcpuQ4TAz+5>|6 zDQD*=0&}`od7+c5D>5#l3fJv5aiUb=dF_Kp0VoS?fW;Pq=J20G^zkFDHt$<{I5a zK&UixyMQrX`o~=rsZ}zbGs`&;tEB_jF>2+43RNAirR)rEZGhTA6`?qJcc5aUzo%zp zZh95OPnxxWTj35do%y+YWYE)d2L0^dpahKuMp0xbw0`?-l zV6f>lR1H;$v>I$q!E$9^;5;D#e!0PEP(nj2Yt~wWSTx8hL7+fzp?+-FC+KfMrVx+V z^M{>->HpKlbq6(>ZE-+iAQEYYUIa$KK z3r*0ToSQop7W|_39Y}ft_qLOzqfZLk4|-W-@ed8MJIm}bAe^q*NU+F{JanUK0Czm#!B$#}>1eZ8r z>W3$pnPctkN^){fcq%y3aN!Sr-dw&sW$yzW1i>gyKSVK{OGic9a>2`($Rk&!%X`Th z6&?Tj_f{8Y7c$c$Zz#BSx@7(lP=E5}7vmt&!&^Yz9C2lGmvG4N+-Ez!t}I>iYc6}k`-v{Prh zil4|MBv7e|n^LR%azBK8?lb<)FlcrGAd)8WH{-k%U{US9j~R``<4-lLY$KVzMe#+h z?F?+sjpec5fjB|+12SA@SBB+ZGXQALn=EmRN4W)6CDjaA1D>&KTU1}f?w%G_k>>#I5KRo@$8gBYX#3}1iyrYLDahtY3W~Nq2SS3 zUIp_s8!SjNTD!WmowWjbXd|1gS-OGlp#1O~FN{AYW9?SI0;BrKXV9u_L9B)?mK0cqNRvLC~{z=hlvi-icWP`skqR<^oQz)3TVVN z>{ykkTQWf{JO0Q)-J!}r*|drW;{X>DW3WQiy!qX`xmm>vxc6qb!`CKRwIidO<6#~h zOTDo$DU-)O($q8u)KZ%2jvX_&4u;BD_7xx3v*C5jncTR#hpnE_i7YQKySdqBX!{-j zpe>#VkG?2+poe?@K5g)T@&nos0;<6BpfmqMZv@GGe*qLqwd-B_^&4PlgqFW(iO6g9 zb(IF&971OR;5tVHYQgo^+7>VX0gD6v-rn;-8uChNo9~RnVaO1zPIEytVT51J13q*u zx8qd)c>Kyqja)$ELmjc?qex`kHlsxHOlVKn7%fa%w(Y4z1&QEkhabT4;#AV|;v!32 z{|Mg{OZI|?7m6|pg$_$}%Fxe8sx8ABvkko-{Va(VqM_f-+-fa_{?|NeZ)`Xi1R~`+Qu)s)HB2?-O8viX(u+V> zvS_&K6x1vz;MJLxj6Cl5yfjhQ30{(xohmO*DJ@TS5p+DEyVYPDO^q&o?AVikFr!Ag zy&?pt$v@@p?3#O|p%Vt@Cd_Z57eK$G=*6Aw?RHN~kQ0PmpU?~1Sb(BEP=+J-n_GPf zl2CX|v+WQ8`~;}a?!LYX=Qp>uJJJPN*=o1s?R`JAkp<-~SHEtI(OGYYU(5#}WUS0I zcS#HN@y8(DC!#EBM+lc;AM@;WLIScm5D+DZZ_=-fVa2erE0ukcB1M|W0m?FRa^vmo znI!il7GJqkvI&gNQ2T?H7&Wk7pbbQ;P$YBC=X!n@r5vr43GwLnv23iD{-daV_{(TP zTNl#rMttVPUEhQ2Q}qkAYM`OvSCNB^MiKYo03)V;*c5%ER-XujOrED^(F65%B6?>aE5RiXdamU<7aoMnOVr`1?2+&Qg|5t*^mtd}x zd5dmdX8LM3>_rPV|4DiE6QQHDcDH9ldAKpSFg&JCaHm(N{%w z`7v#2di*3jg2rXjh#fL3m9=6&cy>GrQ+yD;H#83kq=b>byvIShwXoGe6)3d6tuK^{ zNjAxTT=eilHec~1+wH{5h{*f4oQG?$$^+>%TN@@aiaT#DrTa`0>M1&-;HEo?nU$q1 zE9HSFq(3~L#mpb*Mcd4Zq>kc^OXKPqu^gCh%P+RN4Ze-JL>Fzmrt0yxdHrH8jZE>8 z^itx5aBi7Y{ujPx2oR>f`M=U|;m~1@#ibdip@Qr9Y)LFPx*GR4#GlV4 literal 0 HcmV?d00001 diff --git a/static/img/encrypted-alert.png b/static/img/encrypted-alert.png new file mode 100644 index 0000000000000000000000000000000000000000..d5e3e40bc26dcca27387a6c75891b70f4443bd04 GIT binary patch literal 50962 zcmc$`1ymi~vhPc9cXuafaF^ij?rwpFyN6)G-6dE^2=1=IU4pwi1b1$e@7w$CGtSv} zob&D*?~#n8S9h;Y_w1TAfAz1bd{$DBM1seM2Ll5`l9m!v0Rsc~1_OIj01FQ6>78*Y z0{()u6qXkT1FMWdcr=CrK9ibCsmOzYc~OIb1q6YC-2=M<_Q1egnZdvgjKIKnQ^CM+ z95S1f`GEt_CbE)ZU@xz~zO)u40DIue; z4Ys2C$pg41n6#L%n#aOXmbo6LK2Ap{vUMD0Y&^2KOcR!_Eei{a5;H0yDvK~06qK?u z;*o-qh`Dr+h6=u>O4BOJMa#uebu$}ZHACUe%Vzh<_DP!a7|+epe)r7O6aoAv1gL z9gwYC>W;gnqN1Wkx~B*NNfnG(f%^voOZ~K7hF+x#C5*~ff%9k26PT9co7b&9l#XzO zKf4gVegCfAX5uO@kE8=ru>lSi&>1mk#rTC&f2DP(&fSGL@A{6y+S*#b(M#Xy{4nXq zY;8@=LFYz*jkiCjH#6ngb zgpw*X+odfk3PvIjM~~|8 znp%!%#~LcZx*wjLAR`EYK$})ZRtK%7ma?)#B&Zm8c-kwA^^y369X&l%)YLmi{Of~- zR<^q;$5yK8zaQ@+c9QFgKP;d^y1Kds6ABqygM{2N2j-n8L`Oq>e0+3t(wp5*QrWzB zDq}I`?u%koiWG7R3)yA{d)M!yGQzZDG3eAnnw+lElcFF9jd*w(9lY0LNDjGd@h!Ri zB0qk9;Eh>W(6QygMb4vdPmz+5Iho(icsxMTcb`%Z(ePx?+Lsu5Ux>s0E+4P1wbl0~ zyA?X*EA=KL#aO1eggl2EY@pUQPE)!P$We-Bw;lcfOH)e9!7yMoxpXBfD@*MKUI;5L zBg1`n=Bl~g-sj=@X?nk(jCbef&#j0FWqUSh)gn13-O3$Ly~n%ixU_xyBimB<gZ7gN(2<^$S6c#_dD}e-`RzQ1@GOj=4MN6co`2*7?8qfamsjU z+9^!giXOjPs?K-EYu7X9t5sB_=I-t1H;&ufu9{1xf26!?8+rzNdTC&Ox68IXMOSXn z+UP^e%k~tNR0xG`M8Ik5rr)r3^&@5AvtxWbx@4e8#kLW5SlQ!Bckk@b& z&ida-X=@7#wqe-~3Hsl`a|!x5^!@x9mXe~Wq%=M>MRE6w-j?hy8;Kp*3h;#)?#-BV zWpHrt41P}A^SSZm<*Xb-2kL{&qSCZ@)nz2WO`Wy+cX!5qs^kRP!t&dyZhR1CNSclfmB3F0I|c5%BU}H?^YuA;4k@(82BPE#}rX1H&-MQZt8718&{( z^)=_oA^+guP*PG-Y^dc-i2;lEN#JTbfrDUzn~{IV^HV67?ImDKm0h6uDNDyWC+J^C zqN*V>o;7wZ`Gx+_QV$Jm6L0l*+jxyuKYmX5>geReKCs>o7 ziQDdzB&n!~@{Jyj0Rj;maq=bq;ab3QWC7{(yPP+Mk6BBt&O<+^5iKoERS^JCIWsT^ z=z{b;@QT{~)PcJ@UG?wp?8L@}3?Na8BLms{RJhE zT1{pXlT;A_L|}4YqjV6joH9-lfc1xA0-ggB#vfRrY5Y4-|6-u$^NEjZgmhXui)>H2 zquW11u9IFq`u;+wKxBqxhQ%d1>oF9!C;q-&^7ix%_ABCnfuYDp4GZxgm2JKv<$t)g zsti8vA3_4t+uCJ)(H$LxH+uhi64*VVg9hH~M!+*z%Qo8UmM9`4fxvC|ZqSXW6!%|b z#eBIJQJbv7T6Izt`$o%ATKjv7z5c-CZC!r8sDw=KyhT@)r>uvk2N^6K6Fme}r+;OG#?8o3K0xDLvO3iIS33%3}<;r3~-6OzXa2S<94lHWu!bh;3C zkFv>eXDJDq;n&2e)S8-+Q8(P}U1yWN1c08|XcQ#zCroga8K@#KJsypI=AOk(R{7!+ z+djQOBhFsQ>QRp|ihgH zf#xQ(tNq~UK&QoVAJV2zbX}O+`Esz-rbLcW-;${#S&nOC-wwQ#Nd7r5N_JNv3shkL zmX7@T$Ng;M+y#~peb;qP2X_BYDY!xinY3Z+FhjwqWA5!!xbyO|()oiEDglwIZzWqw zb8*(us$aPkdhMk%!IxV!Xb0#UM+|xOY&~4%ujYSDK=nXbexmqH7s-YhH%`U-IjoM& zMN-@R4n1aD)}nbqcL50p?IH7mO;UkEU~yr=3El}M2YymX`DT7k0CVPN8x&tb zT9|Z5r|9&)*aeyMm#D*J|Q(3_R?59zYI3||)+xi_?gl{*JIlt8+^{5-sIiG(iqd&|!C z+&tVBR5yN}9keg*oA&fL5AI`=l~CwJv*zs{bV;Vx$W|#yP`aRb>amE^y!$eFS3s^4}KF4Yw-2Kz2+4TkxwDoio@ybE|QIJ zN+>l)wW~?*u4VViVg5W|o@Yqz)aM=1o%aN^q6p&_WRDsjKsL2bm94HjAwz@n1NG=0 z9v-;84l>l%FP}xxLc7ch%^Z01xadzh4Ey9|WH~3ff=J(9={J4M?yNCqix`rj{3$6{ zlUCvO`@@`B`P3@E-`(X*nhp1=;KIbb=ayQ<>;8jHGk(%sbV zLS%ifmF3&^>K{KgEXAjPIa8ZPRdCSos%U&P?CyjjAV|t}LU8srm&W{fja_Fvu|BlJ zgoZ(6psMTpya44b%SU}_j!UPOE9-)ORh5OUVsUU^c!Jn`^84f z7vm0a*n3nNJ;n$>i@xbE{v~GJ=mAa#4zl&jx zh3&c++%>El?TrgjV@al92~kwFn`Ta04qB@lV<_#$!QvcA1tLClN0;4RqW0n+J}Ae? zE52G{QjkS+bIq0KRZiHwJ7=2g16D$k*ERNF6`u#_00Cay0EN{=g#APu!f(9 z_pjsVr{dDec9gFhbx%wRlA5*e7R#%k$M=|1b)xm@=;(NvO0$1#BkclWUHc338%1QR({n6!Nv%z@NN?jT7R-o|@Wph-m0 z)zQ^iT!<}KuT>{*<|0}3Ml_ueC!no^(uxl@Xp^qusQ*aXKQp|ueF*8%(-XE%Q50xi zP#~RFpq-$9Ps0y=bOkG%P1(b^pIqTZ?!iRbo_+YO@>Lb_Q9ECPH6L0a&UfY-Vgq6A;v;~3m&^=1{Z zq1Tt9?}s=oIHt~Gl7n4@A62_MduM75&RL!4>&rN^&33lie@)JbXh{`tC5vI~IXe`U zHQ7DZ7R@`R{hrM}_-1p;y*3ooHJ2+w&?H8K=6sAB1{)Fo-oC384xlX#`<&QlkWyR)Bn%%PqbvF&>{I0;ha8}WwBaeWnx;|~ne z0I4P>BbHZjZkA%GCNwuUSDJF4pMCFcgAvUWksXwMprM1_!L4s7F*|HKCKn;+qA33i zAJGw29A50gXK7|>VP=^fiCmOdgXdGT5>45oG|3|(P=(mElpeD#|0wKxXWN?t8BdiOEzR#45<3OA-3_v- zx7B?(WilGy&qtDv!T@Ea_M0Lyjt?;;KHd4sgQB`y;G~8g%1L^y_Dz3Q1T_Q&HT*0N zruRWUX+d?0&T1V)5r$dAy%Ao@=dsz*&Ctpc#FfA!tfn5hDe5riz zjiBpcqWWyCcomoz*idlmDm$aZnI|pLqTtH+d~kdMOf~$Bbe%;VU}DsOR-?5OEKL9$ zbidHKI+yP{?Oi3xA`&kY?<|VhFFrKV3K^Hu23JO!VCdC38(OWfVY9uCKcDO$QpU0G zZFr}*m`<; zJgNEk_;mQvA4^c|$ND5J{f0lB?!}^~)Ns^mH;&6|DW%T9GBn1d#LgQJ3|mXtutYwK zEy4}N$VQ`l=2g})Ag3m`ur)er^N4CGAykk>N7qtUbv=@^lA(t4Bc5Gyc-%=MHpw%Q z!-ZtToDfMV^Qn{i#@TW=kIXga}*5k)L0V~xfo~;nEX#%+Vt!Z#*y6Ju8jmkwO?uj zQZnzHw7LCz`8CqAP7D_RYf8L5W)r(PAHT-{(NN~(_6+)K4C^<4`C13PnWgFhIWzq$ zBwHXY^BUf7H?gp?N2319ggg&;RhF?7|DFdaP7go640U%?Fp>%M_)VVQ$u>4Nbh36Z z8yf$lbiNCPE5aBImHWi0QtTGV@Dq}YWO)T+i=<-2f9L1E6on2VMR=iE9C*wWt<0Dc z^jel`*mO zHd@^aq^K$?hdzmVL0_GgrRMBLlq`)FA2B>im-Z8Z{FjVbIx0`9`a9Xs2&D3|?}FYO zOA8okof zv+txxSgtuyE20jc%~f{- zr5a3i^`lD;+B|%B8sI1>DBZ7*d@SVnc0-99qzTo1ct}mU zVhI-nB_(+A9A$FCs z`}V}`K3<2z97nt~+)xX;bATUvm(eUH=i(s`y1KK$Ibu9c9ZxZSs}c&?DLp;prX!X1 z{V=78?Pvz#3bp!z1WBi@izFfF97VZ^Ee-|EA~#!!eT3U+{TShv;zN<(WYDk&wYn)$iN1v=fVCMO?+ zCa<9CoDf#Q3@Q8|f^xLfAgZQSP}%s#w7|-XS7!kx=;%hTRvHM#8cHaESVLA;R>7yKYHM2i9V<43hdgEupsk}F=!zEMAq1r zD|kLQe|++yp=|LM52=_jZvd}XsN~sQ08-dtdS+%8?hL^s5>tMx)TVXId`rVlAH+W} zJmmkQuripr6YA4GVH{D))$JsNfV_VDTC3>W=3H%C0NO6Tj^Y(rcF=tkgmFJ8KI}F0 zPA5vi^FRI`-EM-Q_~Mdj|}@f#~jSxVj}7vSxDzU?WdZh`iJoX zlEYG++fZHY%LzDimf*tpbl4Ve6A()0LV2YHR|&P3e=l`R<$7c7`Eu2b%jg@4n~a(g zi<+WU>kvHFnS~=VI+4s`!2{tC`9OLyk;!pUDqo^Nf|!p8@S(*$;Zo8KMSE+0YeUQ2 zi`JLcU`9ycAN9@c15(zuAAlhC>Go=>&X>@f?X!R`F=%s>{(a zb-;pz@O6w2-;v?4dvPauXZS|Dk38mGrXb1djIx`n#ltpGF~IlaIoKG%y)n0Wn8vX) z_yI&mx68N9`PKQ~YTn*nvgo@Kg|z3@;@Wh+BN;Kt!B|m!7H&v^VgJZ`u+TS_{f$)9 z#l=k{mOeU%?|XjkNKhAUt`ryL_*Q-}Hn8xN=pOjpUH?kWNTC}@Iwm?MY4_9FY()nD z@+n#1tdDZy5zrsz?obIt1w@6$^yg-CCnUmWM)k1ssK}@$eE0Fip3{4Npc~L^d|nr? z*5l#k9@URH2|dFN@J`y_`8o|#4h02iYNy}k#8(%nC#Wa4G%;wrdG6}d;sdP3dF6(W z$uC(M5wZ#rexsN;IJ;?9d=$VKE=Ja8bAgc6`Sb@8@0BEk{vc1YKgIohaCi>ZWc;Mv zMN0SBrb%RCS+?WAZ!%>XnIYMqVm~91BA0Q><5H3iDXP0SNAAzAeQaHJ`bw^&k!c;J zb)7Sk5SD|Wf+z0twGs1$Cfr2M9d#m4Iw8qEs&lCKjRpahwzlgyg4Abkuun!!*Bc}} zE&|KwvOg$^z?eY0bGx{|5L8!L(8A8Z%TL8t`|O_eCre` z>v3~X%u^<~1U5P4jOWDk+Hxqn8pm3>p;Mdfa{cB+kGF?O!=q)-630b;AjPjl3ASk; zDU>bUV4%|a1&{`Y)^%aM>)d;RP zP8u3u5Pyl6y8+dINEGZ6X6=va3Wmr6eYXE)W@iW-Ky)HS;EfGg4cn7`$ME% z@7~BGZ|Jb|%#tkelX&L_>M=2rZPpp#J&t~_Ct2-TX-$q72PQ*8Tzs~bfbsrP&snqn z-gV!c-Dz&~Y)CHIL@R&IpLoIE&Kg+&2Rr96ulTEsgo;<(P}d#Xj`DNy>qylieE49) zyuuSKX(X=?+M7=pur6P7SJ1}SwRO>bM@>E$B)k`bDzS&2E+)1(0iLaLTs3%Jv8PI# zM(cXz>Qr^!|KPRua(;FuB`c*^nN#EQtYXJx2gt#hJ-93bde6pP`$6YqQ-EtICZa%K z=^T-)zk$4ivAxLQapav0!|o0tj>Jnv72~!PsNmAnHtG~jYA+@MxN7# ztE{W(?c{Ie==nQ7Y6xdI^VDqnEftxz*7>H`v~;9f2!T$cYgE$r!oy)GF{&@EO9=9# zK(qx&lrX;F9O@ixTRzKet9|aD>a&86|E)Ut{%{q=el&jpGCc%QUU=HYS1r!(-(u_I z>S$S64?&7Tg&RL6aZvR=SNeOda&?(=8DRP#;}96=tNLDla1nOwoL`dyL_0)rN|(9Fna(FcRx}FwkB?}j%`>ZsHA4a(o|EC3x=<6pktHUl$$C66IaHv@ri8}$hrMz zf$|_=CR(1HmS^vBqIuWO(a8ZdDZs*too9$&b2yuSX#P4U9SdcXWZBQ@MvvL`X?iuP zy;SdLRX|qqaP@_rDLsVyVKZe_lD@15@sQ8bK0M+{^)X&g{Cc4oiM9-n(6Qvpw>2}P zZ*`@Dqemgs4ohMQK?J`8!NFfp7N8e-qVZy+#jtuY!V~`%@MefsV0_fE)U6K7l&<~@ z;W8~YcPee@o0#x_SGcr}n7ru;=R3QhqbZ~!*e4J{O}uByib=6ws7f;>M9RYE4$XuE z+1PYj^?@skRF{(a2sU%ZI6DJE8Z5>#-lBqKYG>?be0H23r;UFK)M|-k*Z~3yr=!URCE; zU+k9W7*7=alSYG?CjLRA3L4RW^vj<|kCLA_BYyW$=Dw~6a$BN7bKbLjynMKBqOY2r zS5B}Bt4htU8cCU<58thU;0?F;EF%*0-3!PiWl_*1;55@K`Suae&1G{ZP$7RkmC4J< z!!P)132T&99qh)b_C<>kE;l;D={N#9_mlS(ed;UEiIxc3!rm#>X#oE>5E>Vv zm!zDi8HCb4exDDjFK>PSV_m89ztk{EVei%Tx4o_0&rZ4ljf??puX)0lxCs=n>{a_-NcI&7r~2KagSa_`)nO^pYfq{S8=* zrHrMRhmPu?q`s4pz8m7rjV+NW5>UY$wvjZp*B$l1%o21UsV-YaN;$^b!6hz>4*}M-3%?Da3o$2lr5?=5sl2 z%}=ou-`EN1Z1oSR-ci&$9e&u9wlH|sWsG7B3KsiU(X>M53qV3m2Tg#mY0+m6;AnAv zS?gxNI}CVJ0KxXqv&4pLO-acaWXj6&9^N&4DBov~IDYVz>&3Iz-Q)pyo#ab;kK9kn z(O1g}I$!^MVT^o1P3k`}%S0V#&_mVUkuLU@qNnctX|0oBYuWwqQRz*;%<|#n&Wo|H7MV`--*8egQJwx!~_m$^kCT z{=wC0IMySP5zP@o`j&!^je_sO%!PXrV;9Pl{UeZT`I!N@j6hUKX;~@n29VLH(p;|8 zACVX1crFzmS4h@N!5azjU~_}fAF-dof|nX^hXe@I6H)3*m#aX>?acu|yv@nZLEad_ z^cu^4G_c4$8auW5U_-bg|6XUs|A|>bmV_dN>L(TDPbv*Yy>(}Y-QZYfEAv_HelWsK z!7y)j%Ml+Nj2}}l-ETjc&J?5pfx`Avzx}DzJEnKnLfBUJ#t{<=DgUB#n#cyY|Dt^; zUpaZErYNlZ{=K&JYI9a`@%lKG!;?BB6KZOgD2hAzY8~V(>%8+&Vj9{W5ZAh0$LqDXYH`$phU5oLL1aO8|-o!kE}475S$UG?X@*-cg7}?E>o}*^{*Kj zDkLq~n5dDBu6KjSbMQ`g4lIt6^r2Bhvz?0OxwTVB8X3Q5F20WBe&~w@I~2ux`mfRS z>;xq})8@ur%&=YQceRL)$^z)w>Gp2n-^rr5r9!=K+IDUpEx7oT$1xWFM_qKe(v&|Y zLefZG{#PYiE^Qj+t*4%I_wNi%udvVIEXJrcs3HjZP3IHTaRZpnkH;<`kwq;aHozvz zj!)BhX;$zn06(sd1e0+XH9>?x9}xniQHrT+<*q(Ig*OxkXy}J6Rv*qzMDdI9&t~88 z7y^OZ@4XEHeipswYLk=nJLS%}4>I|99|UW1kpD1b04l_7a^Ffx!y04ED{$hPT<+5* zw_zZEfcc|#{%i96zn36i`hf^sCxEOMOps`r;IFiPK(6GfKsSW!Nd(s+Qb)M#piHaJ zq0CNSJrNNRs|xEVCr0v!Zr4yZg0PaK_Q3blu<4STg(m#Fxbuu9&bjo(Nn~BA_hFZ7 zSfyr>*)CN1)>8B^j*R*|9ImywmWtFxt$~J8X8%lMFGx+?bJeqlW+Ox>`YEfcQc=*h z_M5Li;$3K&yES=(?1kDQTD=*mBBmE+s41ufCcL^P8za{1$55AtL=P2fvSNKgu<2j4 zS=^5U(--g~-4)i+!gg4x5hsU8`?CLM;Av!r67v56cn%~yh<^8Lb2`MQSCySjL%_9z z-T$o0YW{O73(?AH>EETUUxPgVf6JBs7jh_R`cN3%a4{(mPyJ6Y^Ce6?AxSk79#8^} z&rn_eRsst_mZ`z8+SaXOy=B>U$ZpXIANw3%GsU#biK9*rmTlWWq1?oW4UFZA3(^IGA@Us$dy9pn27wYc0 zs|nKIXEIs5&8ZbuAkg`LTjC6}`&-{M*e<9s14L=qK$X?Pi{Iz+x}46D`MFczyRmG! zAk3uL+!q|LrIWT`W9qzv0VP((nd+lUB1AxJDOsrFB%?yJ6H73)HzvR)dcK$)iyj@# zY4-~e `f>Bgn~;LpifoJZIg-1xK^3M z@6y7}DD?e<>Kae{P6u;wVfhXt*Z!HlTp9)%qg`{Ej#`iPG@=7)qz@cdNLPTU!HbU; zubW!`VI7{G=YOZKAL&7^rPacg%z(YG{+FzH--*!gN+IqkK0~Z>!(oN}@E^%Btgpwz z$T)TisdS}gO0%I&!=!;*0_L{lJhy@ZS>syttd${;z-!){c4o79fi7k_ zBj!|~w`U;utIz_V=yt?2T%OCvmo_3n3fEb1zB8oh__fbsa@+si2#?lUh1ziTDLgkK$7&`nin6k!Rym?5CWLv50b%qsJ5PF{^kQyeP z`Daz%?#9^deubasymEax^44%!zmFWBl_bJJA6G1M0SE-_+aswK&psw4@`9EPGA(89xrlq1r6c6R~Q z1^*;GP|khVh|RAdF1U6Ae|Hx*%p`0eZ29`5toux}2HTYJb~|7D$hpgVPzd(sJb)T? z#9R!^f~ntn`~O$b@k~|we`|}`4n>O?@~n9%=9fZ>;Sp_qzjdG8?U2&+ch<=g#`uk^E~(j1n}q1LVg~z^Yd`RK&AOvYGnv3D~0FXt>5gdxy4tk zr?+d{+icA2$qA~!h7AZrOG`UAC}jgGR8GEIw2vyGB@`N>FH+Z(dZ~L zAVY4mO(;kS;^3roa+?M#%RD|lMj;{P2>ITgZ&PfSLqb9V-4G*veUi;sBH+Ja$hzN5 zB8f+ild}UAe)&-R=EGC2s4y_0bX;pxB)C@LzNi_h%7urN3#Mp4tgB&u{X zq3;G4dOPT|s;rD(2TydF86wsGJ+ypVUS8F6s^e!k$6xC0KYOT3Y>#wxbtC*RUvs?3 zI{wM2Stkmga&z}*%X22DR%+^M&Mr`~3y)pWpha zntqCnt@!-i6DYSaIB~yiKRP<%bWdzsG+asq`E^oQg^u9zNW+ zW&;@=+Nj6Z;|2S?u`-v8@#-otc!(4hpKtVbs_!U z0*q5N>(maTR@a>Wd432Stk2UqoTyXz#wU@skgp0}Ix^9l=6&Oc_dIk zH9*3rBB2Q1-)qJ) z-Ch0`SjI|;eZLbJi_M=ah4)u(e`nKBVf`S(AS+bJF+H2~VyAD*o*?EEbAl=20Q#b6997KB;NwfC~c#+4l$~YroPk zxv;PSoUC(TBk<%XARrJ7)wpj>tFNz*+QS6(i$#EdAS1i2(~1Mh&MrHCgM`*To|l)` zC{3c*B3y>f*4Fm4y7~+;Dj`8tM`maA*oMtwbbD>Qp87H;_WR- zb+trcR7wg8U2SDS=NTU|vh|&vuYr$C?x(EHynOzTZ*gsmE`N)<$;z^kkhDja30|+$ zLJ9*$BSCHPy z0)%d*pU7|_3ExtVZ@+(IsIRDby4-&%H#C!ZLO?jj#8O|w(o~jitYFTm)iycnW+q_X zHNmAa|5X%oT3=iH;czb_UAyyvDqW}P0AI)6fJ#GC6Al)3Z|^{rn0jz zVdjm&$2Q-Gysu?YlHvX1~ShNe}Tx>Y)R zjUTiU=x@OIbcloZU`q@sjGxZi?mwH7jM-^8L7D$V=!l4dataFvCz}5|FV7^A&qnRM zv7td%caap9m7^MH6R`tg43f_K+p0w3Gp@Ukr6J*!ZnU5M;LWbcUNqi_dR4Ny*jeX%Q{4nss+y zVd0ZLlzE`zD>(QrS|MRl#ZVNLT}JtCJ^`j=1pO09$UIm~#6($FL7V{>2ZspiWHnUx{Gu&}jeUJ{)5h9bSpzTY z<;7V96%uGAVdvuNCds6h3(?eLpPsJG7V@2&8wV3svVgWexST&5EGj6uzZ`(L6;t*) zAn?3XMvS5^XNDJ)RMAuW_T@`h>qZ_32h{Q@{Ee>T{QP_$UOFA^4}Smaincc7z%S9! z(X-_k=^5#O^8D2NJd#m>$F>{4LJ5?>zL3B8;Jwr|Hm2p|7y@oPsn+-LqR%Sc)5GKH z66x(O4N#{lQ&(G?oQ(NWR-VHP!miqwOjsT59-5k5LLA!K-UgZofk-W#@aWmMZ=TH< zm`31%BKP;u7TBEcHnI^vPeThUc`anHm?F_|D{k+STtB!!&Aub)>5+VoY6d#Iy*i}1 z9VV8AL`M=~uMkCJq&!n3-&sielHd9S(zstNapC0TRIXg-<-MQbME>ol_`#;Qxv5D) zN~%g&Nm5c01VXZ@{<#LjN3iC?vM_<$vLu2!4Xov-2qLKLwy9ttS?k-Obg&VATR*-P z@A|xuQ&A zzYaK=jl%U=q(s)rv=0w!YgcJhk$r%B|Kud(EgkdJAYicZ$?=SDZ+DjsCt0idudte4 z-TrdBB5=yHzF|u8y@jA^3Jpy7=;&yqi;4s<+;ee0A9S0iq>he;j*eT&M>Iee=AmN$ zDE0{z=}4)706mBr4db}Aps1+mYg2gQIecSwpY-siFq5ojkZm+)(r{iKReq=lCGOx8O+Yk$=~9S(3Y$y z?d*&}F8Tg_Y%VK$yb92)>Ad^yxn5l4e0NOd)>+e%1_lPkM;y<)Sv2sC2eGEOIA|eq zo~lPETfp}{Ph6Y-i;1~84IN!?XD1mYrLBbplp)=Zd+`u^Y$Hoc98^?xX7*=si6}-i zH02)ULHlafw*(WE6pg6|gwaz$v=owqz%uRZ?HQSA(i5P^%A@!Z8?|8QUF@_2qsMBQbF zg^4*i#Wg-N;s3x1asQIw(@zrgU;xMdaZWhQ&^YpSK&{RvM1rmOrnnWe%f5YMAbs0E zI!gBTt(leCeRUQ1v!<~zKr`Wa@lM9V#8bqlFO3~^<5h3!BD}kI6;Bx%Kva~4+&nx0 zCk+pm;y!NyM5CXT1(<{KU4MUnVoXj>Ow4M3KfBPo&~rn1`6$3q&%KQnX!CutHMXXw zq#Opuii~!9jUCQzY;1^ym34b_b9Z-_i`#R%_6>}_NL&*a!OWNFnEB|p5{I`oA<3PKn)-HhF-%^%Oyh#hD$(R9B#UAn0q$sxJ)CnAXaj3{eG4l`YFtO1^y2_4@OqgtlpgcU z&1as<%^PyjjX5kem+dS|4Z3vl<+ttIy|uM z{;3%WQy>>P7Rw3x`ndk!uC24+1@saFosJ_T@>D(I{R0E(2gN5ROt66;p1t2I_HX*~ z;%GrFqve`Ih%iYsN6V&+wQ~<%ucb+z`*2c5|fk_AV5d_nm`2caLuZNnwhl0|P}|YdNG|j@)0-giUX!vbxgT z(o&fz$0bfvNzUVr@J>fh%?NZDmT5^|NU5v6*xigax7ZV+@$%*)Bi;Gd+GnHJaODzW zaIjcru-Fmvh8!`z*%L-cit1CdyIopp`uby1<@ez9bY71k3gFB~eFq1JZ#GshMh9?Q z@9qDJjUM$G^xM9|91M&NL4Dn`gnmZCeZA_Q;#o@%_Bc*}=|Af<6ztv@z5a&;U|?Y; z7RC`p1Ox=Sl9GIof48x9ume5)6?~L5y%af}e>(63$U=5M=AVV;^YMqqE*SN^ez{}Z z)T*?W8KPoi2NSz>&_`2AXJ&q$ikh5XLUg3pj1Y&022xnP)^%*PVCVU*o$Uu~9E>zG z^D+UQ!qV0!X{W)yQ%@v$d2*3JjS$lj#LImdiEA&^TTjm$kelRdRdFfdTrKXo>WZ(F z+)#08ISv+f9S5FeUil}M$=;o08fp7BY)np04g|!_StXTBD|70OvCumG%Uv8a2SJfQVR5(>B$^3_jTr9N1FFlaVP4*SwkzR=|TE*|KB zK&;_lc7l`>J7Sc_qJj+^r!;*lJ$qtxzUn{pSy5V-**q{a(af6a?)(!?_wB9AwA#1? zzVm6^*4a7%&Ikr>@9Nz2BP$2n&Psmmg{81>~aAzUZj3lamN{;)OKa74Nud*^jtP6a~yWZ}WgEE@`ovEKV3@YZcWO zzN1N3`us`^26?EvJ6XDcF~fx355*Mi2YY)Zx9YAh<|?A9Q*x5JumL;~m8R&r;5x5z zI>ucr+_;3yVsu=vmWihs_2l!7Zf6XM`F6gU`8^{i^xFQHsEA#>{SOiFaE=w#5pW3d z_4Na^bRndB)~o{y9+_F+;~Kuf(!hj9{)C;|%W*p2k*mSM!CK$iN+c!|^pD4&eSqjL z^%(O+JE!UluzC%OTo$?z6JNMRnK@T4tCVnOHJ;yMK_ zrT2!SBNM}bp<*}^`ZNEzwv<~_vr7zn3lu~{|L)px|aPa;63Q&??6%`y7 zYorcZ{**F6M3jZtMNY4)rzR$P2bAqt#ZUM}XZl##ff$*}eNxYgH#C!;JWSc|Nkc1N)sa*lc%LC&`y zWxRi?hckL^P0{7Sv-v~%fO-UDZ@?9cw}Gragtz(n?+<^+jbQp)jsN+xl$nj_ScFLr zFF%)>oD%j*0HSWg&DC8<#v|#8(Q^A}pW>$&8SKW+M!G_i1TXRCNTV15q$C}Wq=Q`@=?{?R`u zNe?K{&4sn<4s*;}7S6Kt@3>HUrONqzib*M|U3M@#jl1#F)6rGffL%>X=5*I?5A2dI zuI{rlFVWr!Zky6etnl*CJXV!xfX@MJY!Cyb6|;ZboVycQeBsqF09`&E+{foCO1@h> zXrhY1XLlM`p2J%;KNp?z3E~%n1v&M1N+TE)zt@ssMZ>~^mZvfGmh0%~nAMA3tK!`6 zQJgBa2o;nFERH0RsTHwF>vM~aa6=DNr%1!$y6U<(&ZiU1f`Vh_W&KDwtmqVbZaW)W znYN}Z^S$8D>9NT?UWxo6XEXz}rX0U$O_AkU6}Y+QyuG|Cws*0T$jMSQ^~foBz)cHQ z5&UjJS|fc!5W=zFV#mc~**RlJKjRR;yIFOzl}FT$Uw#&e)gE?{BS&Wr4E@u7_PtI+74*XB z__Aj1B&(az)@v1+^QSl%nhrsmAcoKDWO8@u(Qj@B(B#r`+EzY$Tbo<08Cl4Aa;|DA zJ{;s*P92x_h>IWiy|lfYCzYkcLkjQOExXsTV&GtXx3}`S*v5j;_7Wz>v*U~knwj*{UmDLqeKP5dMC z`Y%Lpg2*_!ekmboKT}gy1*!LI?xveV({i48v`5F+Xhmf!HO%9h@gxHyJ?gqI59S|2 z0&Cd24JULWYu8d@unB4u$=9c`<^QB!BhkWLL=of#b*zBqv#^Ao+lrxC9v*I&UuwYG zlL8ck9dTH1XX2rPLDgtS3Q+`wq?;k&p`{BOu?meEb=kq*|<2aA=e7Q$BHIgjX%(Ki(1~ItqnXh(drzR0~3Ot*W zMw4w9@yhqwdBe7x7xRY0!&|m^4!!Y<)E8!Udui6XZ@{!8`OQ0)^7{Bw^3M6g>Sjti z1-j>N9TEm-W*Pb+$*eQ)dq2?AW@P&%Okij9%%BCwU9pAt1TOL$3UNu$H zVnxbc$V5*$ci0#f%4)EzIqp}G){5iZ$J@N)FBEs0j7uclyCn16KgZzg-SR-Miyw18 zKG;HHDf3Rj>_h3`MP)IXQI9^F$4@%Rr7XY+2q-sw1LfMLR^8j#ZMA*iv_s&osOOzu zTepe(i6p4x-H)43qrX5%n>$FO7oYCButz#bjpE?;*_*#(&YH#6>PtWPKH@jg^sDij z(1NPi^~}LRecp2f@W<;h_$}*nL7lzLdOwF>*|hHAq44`BS=Q^NgMd2ijN2XzJ?k_fWp77j6OT=}D z&j%54Z2aI#=1FJ5*Y)onwWdFvY?{w8DQYF+FPK?ywnkeYS%#yYhqsndz|+31 zaCL!uZY(2!^Rl7Z3!i`)so|~X2e^Or_PakEH;b8NZ>`(qrR_!A5$joc`leHBTN`(K z-pY|RB~@KvGO}f%4zncg?P%oT*P=el%%a>vYb+&{w&_N#PPUFFSzG+6c1KGGm?Mf# ztcTLXQ%SFy9Vg;2X8r3beh~GYR&K+7Ey17vye{>}AsGr!2m(U%GO& z_k3Lwd~#9`q((T6_L3ex@G3jc_EE*u7XE?co9Q?H8EHVz!F|J#{}t;^;pQbvYb)cH zkH-Bg{a(fH*Y&M)MRuUKN4cpnTy)>jzh@Kdysx$S3M0Gej^?C8$(H?nW!>5(?+oA8 z-+I!yFJ+a`c(w?AJMBGu1||d5wm8Qq+WC%~tKX zH1g$a`+ac^S>RGq0AfGP3v?HgzJfbt$%Qn|Xhp zfdwmhuKjpe)9=ro_Pw5yRQ%sr26C!_q9wMwxCT`?_%TOsQ6r#7$=ZB zeWkJ%XLc08(TAgM1F zBOK8GDli~yB;Wa6blw3v_TYz4A0~!gP`*S$B5@_Cu5xXv{_f=1mAUV_3XP{VTiuB% zBaK|ye;G8SHh7=+wYeo=<>TKl@&lctPO@vWhq_zfX!l`zViR(*8~t?w;=(SYZXN3E z?pw>@;VgQRcJ1@|szaZm+S=M`<5Yiq|4|&l)A^7u%0!p%+Z~s|PjkN3Qsj9mn_SM! z@#f~{9^{EIyU}HIs!Y4$Qv_N-AJ!K2l5yQ>4Y`H z2qu;F2=QUMtgE5KSUvS+U%X+LgZ{XXEJZV!-)(vfCG<kiK+is-;!y;I15wIfKb75_~=J1GMcHsF9^*j zy?)E!P>Wwg%Du}dYcJ=|?|3BTH+m_^tFb{;;`gx_sz@QD<7JM&Q}@R6$Yf?_oTcv5 zAEFN44J`*>G{KDH`a@r2Rkgnq^J;WIvg_0L`JGbh&~a_=IRj_0HDnRT&&#AI%iHtP zP1`#8T9?opgi#a@SxZWfTYGcPOI*99AT^`##UNWZHQ(aywHp|NLn1-d!*bDjA!}RX zHJjv}s0x*pX5~7FI#GYjCB>cN;@-lK~^rz+h7S?}C&Mfr%Cyw3f(eBw*A`92^ zg9?3~pNCq)+Mt0O-kF}V+HBD#%`pB_yJ+kx%&ru|7Apol(|=}5oM|0q_7pxrs=#so&-@9*4ibr}<5LbNmh05{$bvkdY`AVh^WLvG z+B99=uELwh8ptT%1Ouj+>F;ned(zck58$^cj=7lJo*SkzZbKlW)V`rm56pvV?=S2D#E=b5MN7Aqzgq^axh$19&ik);az1cK6fe%`bGu zNFHd?5kky5%xlz~d)TmvOSSFCkBH@i^Tkg>jPHw_oo8l9jIAyynZ~>U<^(Ul;EPw4 zUY}IcLgXU1K2fxHTE9Z;`N2coROn2f;HE@*RGdS3cVL55m3-BgyMvkrHuEj37?M!1 zIx$ySM_gGLdpPzfmH0asZ4R7-kik=X7pv>m>L(d;a<@G@c(5w_tMP`pJ9YW1AT>#g zPnK`CWgHp}pLx3AT#R0+)=!y< zIX;h=K9Zv(=lvhOg%sWCyAbLfVz}t&^zb_4f>M1ihy4F>>KF_SFAx96{0cr2iT^Nk zr-Xj4{j@E!-+-%1s+QWgV%Snqaf|Ar@z|}}9gZ*0Sm^(JKubpUF*h}=ereR&V*QZ| zjKl*~gmS9ywfy5Zc|?USY3dQ5<@2LCy7kQp%i@i@H!RoB&mSlrsY*kC=FZ*JDFPWU z^N91@)ZgsqpmKRiFXkq%h%s8P1yql=)UflQ(O+q6@NO1~qh7DpTB3e7eQy*(<7Rr^ z`jVDUkl0G7msfm#{*xCkyt=LV%FnB~T)Q8CgJsGNQ?bPV?F~<0yDXt3p?-M~9Zki|WfPQR5o-?^SC?RA~|bGt>@(wn}j znA*7bKl|GJ9e&s)Y!u^V>)No>{#$o6V0GQq@4U>L_!3{xjPV!mWzN|d^z|orpVVm& zPJFOmPWI;VLJQ5FzQ-^WZZj{Nv|zUqNay49B=zhcy0HuV1B`+S$;ebVJEn;P`EyIq{=kt6ID5F1Js|3b7lK#gSE}laVp{ zI6l}pov#HHaMNowwJ^`r*pTZOSF3~1q!l$LZ-_B>(hL;8nS1P}$nx&(o3}}cl&74G zqDQ5wUCuo`f9Q3=@83)F%{q0rgCo4=i-LLa3>xEUJ58eWMfe71KKyR|t?}cktRkP7 zc)-)=g9Vm5c7^}tIbTt^sXAKsZTTTJ=O$xv8}m2r&05?1WiVeF&saW* zuE&H0RaUN}qbFR1Tc@+BNnV|M_+Px~RH_G-F0s8FIA_+-#N%AEUiZ1|F#ADqy~p0( z(+UgiTUdAS^=S@D8YC3hGSiU;F$OcT?6QhZ&y!M+s%Qoof!VUIE#$ zi8-IEADE!=nV$I2UFv9Xr5NGedio8SF`^7%&!uxMho>-9qP11zkf*oWKD8u`0@@S1 zNhIo$uIwkbcO2Tp>`px;F(53|9AOlmnK&7HI@NJzs;c23wfP=Gi*is) zM~BnmT%aM9Nzm0G4vr&p5je9MIn8TI7Y&u~7oeY{)VHTTlpTa@S2tts9z zy|QYpWJSDZ2p+4hac!R%)>2a8whJV2ntMLlEMi{cevQ!)BkS?0SEHo91cKHzzPVn_ zXp=`*R~NbPzP?=B7R<_>nX#1gB{lovP_i{XVCJVD!v@C-IUpYFEW*Mv9{MnatIe8( zNvx>?D3uSkK@ae+5L9nYsW_iC1JGre3a8Za53p+`unuB^9oY7KAvIF;JFnQZ%1vp z9~Er#^NtPq{1}C&$J^H20n^JCF1t^j5cKwbq>y^Ni8;|tgEH?X#p2O%u|sjXKN_37 zw{33=^Wkr3`tEj5Q_|GogI zPSCrgJV+8LD#G>->gdZUi-q;`ah^MJ2P4&#v;W_Phvn~t!b4i=EAos&2486n6hz`y z_9TiNDQo<`?mYK+CVxWqiiLM}NP>Il$LfiV8+AUq za_ft}Y2|avOqP|hvF7LF*xIkRVqg6Ba>l`G2WFwW(aHRJ(ZsJwqTdNM&ck#p_%!$p^d=e zcwv8Od@NVUaS28F)b!_$i=X_p934;HJ*IE2Jtq2`QOvP7+HP~n0>g_ijkr7I?GEYI zYn%c#DWxNp#ptY;pe4*x~T3w5CMoW#aufR*=7-iV4A2f5>0OxnyW7 ziXSp|)0eM*{BV?2@Zhhpg9~0l?$m0~MmWumto;0U-N7TsJwg4-|DQ5LPQAyk%`2h? zZCJyLvK}WsKB|*vo8qUjdogx*DY2`ORUwFBYGP(?Vuo#oCKD5*H9a@>_?LJg z#gNTo|HoYjPvSs_NS5oKjmKy{^oqAp(&GLmt~WfSrJm^bWQWShB2CXHPe!e#wri5% zK`)DIH#c2yfrE*OX;dLO+m|NpUeB9RG8fHe8eV$!~O%J1-Yus5lYP!uCf6)M;A1zZx-X z`uv(rnX$34)5M@^x1Tn-n}>9%YXjj-PS{M1*yRoP^k-ybyx+4t{&@NL4T+@Xo}J_-CTuO!qHovfzRa4t@-rQwQG&>Q!ie;IC${j z{7B0*`;(^ndYHXA5OWGt)Zt4tu(WgB7*}FquU*k#~J9ezG zv9ZFJNmBi?vT|Q{x0a^n%a<=DYPcf5rAxz*k>n%6_S&*Nb8;oq)i=XSC_IMdaqWW`eHH z%6OkmO)e`7X5%Nf^(@wZp($N_>1JP+Z`MotN;=EOa}%QihAiVlVgPiZ(=sg$&6OKB za;-;ikh?jrEb!@+Q|#Fj*p_8F@avbSmsdr3ISAX>SY26})%x0MczF2o{J4dg8FDOt zmO-wL%gkWIWN(GLo12)+8sqNWmiU?dV&s>7pW$|^sWGg4PmO}?PI2@K{3^3sx@1wF(E_Ssp zLgd%4U-I(uX?peCM~_OJN>)vixpIYHNXWLk_yHCeWAy(_Ecf&b3k$n@_pZIIt$?7Q zmg!7qzJtX;9j3|lqt@u}KRrF|F#CHCiG-{#qiVkWtmh7f-Me>Z=i~?q2t>!ku#(#^ z&yCKFw&~u!ot>S1`}XZji64v}is8FL%KQ>W|)>LTLe;$XYOcQG+BOmvU`O~b;X zaqU{>?W$cyO2OPWzcw^9eET*%JBwazcLsKakf#9wBrYa~hTj?+j5mU&vR9wsR#tEZDdQ<%fffL zxU)?|Mn(p+y$8K-PsW$?lSsfG5+z{p982}#17E+nTTpUcxG?c>pZ>aArW1ErGcqt38XbL-&T}LE2%KSq4Kap|?{h4NE?>V+Pa>hDq-5Hem*c#8>XB4W zU*Bo-K62JAJ-xjZek@cHUtXLvU07U1eB85V&xH#YsF+VTx3+GRAnaJ|GMuGTA|f2e zj=8zJvnz&Ip6zvp@$UQg-HUhc+>yy3x3ab#>-cC>A1R8h+8li=&vvq>%o`VTYHI4~ zQ|fFp?3iF44H;6AJGCL*C0>%d$&M&5ztx{p|DgTA+xz^D8?9KL)zwwJ!$*lYDb%3~ z&TA{e@9S}ep1I(u$AABL$0F{GVbn8|lb@)yO-(Nzcy>hX@|7!?&(9h_%;}S@&8=8@ zJ2f`;knVPw(>{CoWh5j%6%}dXrR$@_y%-vL9w)HCmibH8$mN{8{2FG_^E@w$+Erw3c_nh3^++t#|3!W6p zC+%^(^hsv%G&js6u$60T_aG9Pwr6V@8(&x^t{yNOVt!CG_dGE0@H08Aggyhjh0mdD!yOpA#4#IG}9M)dxo zvva|_cN}@vh(w5<^5@S>Qh)#Y73Z9IIhZ?Hqp-kv)m~qJFig-8`$I8Y=z~^?=i>B0 ziO4z2Sy^w6Up-Q)s*89bc-(E4Cr#QP(yBejs?q`AU!U2aPQ~wq{aMRP=p2jZ-o3`9=JjH%B=*-o1S* zZx_G!)7%LmvH$`PvhWUzj-sl z%S-Qjf)W`eqwB>>n3#)A$tEhgisv308nU;y$7E*C^i)^ZGsebf&%S5b`2G8(2eVcF z?5is)_kM}>5vS_0@891wGUC`<{sbQ@JzW52-?J{-us$Rt1TkQ=Gr#TocV!KY^-u0( z&E}Q2k4M+z9s)<_1-kob-S#6^j)-i%prC*((f;E{;PdBGI7aB+;?XFe-@BJjV2iOj zA07LyUAqvg1Gp%9C8VTE%gcXZ7f%R_Zp5-^&E zeA(sgkptV-Y}Xd2+57WKj*eLME)(@RcHq9qLbkPHwc z*f}|UTwaERMZoVju(Ek1q#%ZS5A zQ7`lL2?tvbiQE30H#=%;6>N8V^xXINPXon0m=rQ`aL)G4%EQrQA0G<*y+DrEuYdRl2WJ7NFjJ0-EKgLV1qAHwx0VQ>R|=m$YB_fGPL=t2 z#1~pKGc(+i0e7Mp@pk0J*_)Y~Lb$zaYKoEkH*zhHTCb~RnOq3r{nXhh#>PgfYQjo> zBSrI5+=Ul#k7AY95W$&5tQA6dVa0QDT6HI*3JMHFM8YA=tEhu_FFQq|Pd z#IWEiSFYT>`+IG5Ihae0be-em$$20Nq#GgW(Y7o<1-A92S;LGpMaImmQd-#w%^ElQwMeO!*;r;uIT3SMd zmxY9ciVW<_efDD2J$ZVLZ)y;d$aG#`bE*b#x@TpDeQBhxuWw*bRabYb(0SEu%XZ$L z$6Lj<&kQ3(i`q^Uefo6&8s$Shfot!tclY;WkN&{@5-weGRZlLf#3EmOabkzsMch{a zwoyQp)YRjr2Z+9u3mUhkJ1x(xF3oO_v{}$=(bzNK9=^_a`Ou+5GacsWT9=c1SXj7T z9moN|k(Zx8-kI;+@$>WN9d0j?M}q?be3(V;ap0O)yD23kBqkzv);1+;=+#F8A{06< zPT@Ul-TLU9Kbvt|CjQOD!~`)Jr9#B1jNDxNg^6x}&UnQLZ4-Uv`NPEyFa6mrynXYg zCC|=6RW!Ll4Xv$uB~nMix&*y;_J;Hbn3%}-4knrxYW=R)wShoRn?;*SqUR! z=yK~;Bz)WLZnRXmhE$Z4Yg7H((OMN9-BbKv zd$)qeMsyXubwgZx0bApwh{%gMnZ~6hdvdp~^X~g24SHp9)sQh47Z;0*iz}UpWeScX z0e$$;-PILxT(=tAGG+Gky{;m>Ekq3&U&b7r3QEuT+YRLz2H)abU5OkVmJyeqFq}MK zbK<@b%h{Cs@}!axNWGmOZT#khcMwS;DLjjetea4bVl9o9_V)4dNoeFHcdLsMXQ8H^ z==wxlJzcavGL(3f9!*WSH*H3c^a&AsPQYGf|^^LpHdH%7=3@oxHumrg|O$x5ziaDSZWzPBqv;yltD za)E@@4rf}f8y>q)5E1Dw);~7X(fQT{QuAf=7}?%%piWsCnX#5MvJmYF_?PMS?tQc> zV^)L`pQ`TJKr`JTiN&81g32pPnm!LrM3j*C6(dg@=;@ubpV7Cnn$@id%6DGPb@91$ z`EshkH@0lH;Easf2oam5iYd+y45Wy#NG}MXU@?fs7o)^pub3JbyorotF1djA3|v5b zxF`DrtJ~YdQ^^NkpAW9Btp)tR_ayb4;`B&`%D=cyLZ^xkn^%Hk?keAiD?b&lqwZ4F zZ&_plL>uI?dFKKk3UD;Uf`e9es)0YhT+g`s12FGdGPW`>=zUMIX7AnG{dYw!#1>d= zb`>ufjzlRSmUAm-iWTbHMqPX2uENaCXe(yjo%gS{7 zs{;`R_t4R;Pjr`j(5V29la9}NwQ3zNOzCQ{PUp+{cV zhKFNZO{^_ZCS&vzX4AE7(%W@CMe}|{M2E(31#)ynSsA)-X3VS8v$AkwAK-7tU$vni z<3i`9W;~0E&Y~NBLYQes+Yy3`%VqfrxeNI}N$M72#mX}>Gd<}#I>T?t%k z-;bzsTTAOzY^;D;k5p{96_|>?KJNPU2CT=+OZLhYn%4=yMGX7)y-i5iZ`uIZc=!;i zx|_Q3%xi0F$QodG$f-!9cpLP+5B3it%p(8+CA%Ab`sw(ye z_@3=N<7dt&F(-2?s~?Sx%z}4!hkyAnYhYs1S>W`spr8P$AuH=-iG`uQb15?q7dYJg zn!F=Nj@+}ruk^oqrch?eI^X&LnqHWU`A4dF~81UM8 zPzDhc@Nwe>2?lj$ni|H$8-tk(mv4^qP=R9WBe1B!3*S{{m8o_(G zF){7K2YmiJiYl>}xQ!dy3HTGV6?qnKLr&N?At3?5TfNXZLh1m_tIWdY9+z*Jn@`OS zH+}p16=*8N-~Cm+t0wrs(9pR9&p@#a*3XM{f)g`|JGTR_g3y2t)z#MCHu(sAo_<*M z$fzV1kOLR+>({SH>|^8OF4Mm*7&+mJRo_y-Di!4gN{EkG@*?VNf!Rn=ho^77c{b?V7Dg&oR#q2xmcxe+hbEDqr$Zylu16kx zEUFHbrDO{ zx?S>d^;gs%kBIh9XIt7tP`iAKl*abO`|ba-Fh-K#H=78Pze4D<1w_KVTx_0dv0D4bP5Bjm1mx`8OOn5I%O;4lSvRgqyfcc@X z%Kw94Jyl>65f+X(WmR2TO5)dRJ<_an^XBOAFb5ac&Fj~*As+zyfj{BaYmf-Q5H&P@ z78Ml{7`$$OPmi{Mu>KNFAaTt5_bZSfsa*;%{=*^I7vt?Y{09zf zZV{2Kd8hx^)_yJAuhRId1TGY$)h(o?iV>#*Q;X>pzrAYNbkQ-oKxMB(&g+i_m+yD5 zSW}TmfNE8$K1fYX1rjWg{Rw6Q6+n6N^Dbd`G9Vxxo@7w9yu7@Wl$7G)v(*Ra(|fr% zIDr0!SFOuROUXx_DoRUNfE(w>IuNYDRG=ReHF_zq9Td?zDC=9A#w8%WYab6_3$ntG zA3xAYC-Y>VRaeob1*xEqAD59WyA52ua4bNGYhRqac;SLEg7@6q9Ksnj31T&d_nxKR zO;1lQaS1I!FJJDTi+%Y{TuGSs4|%ceqYm^#8$Tt*w-&_aH{9AvwE8;qR4$$@P%VJ` zu7_~nH8kx0nxa4b4DDM29-f|Kz*i90Dz6gxuFh%$N`10jt zo8p0IIPFJxOtdt=Y3^p?T#NUwyv{BP3<9T^$VB$(&Yq`>2m;`n|Y+&-AgP#VKQ;z5!LOt(uDOCeu72c?*U*pQckhOE?@@*%h-@WtJs)tr! zZ)bo0#GdCcIOS|S%GL=PFq2#6lW5_YF2>!^Vyu43;H_{*bKTy7Fbo6t( zb$(tRG#DGCPpBlg=s2Fz-n3dXQAnya!8|X*!hq}mFuIwHDV!iR%#XIoviVotHa~O5 zH7$+bB8ZTfw$pMpryG2Ojs$}ilvscS%7tCKM_cIL`l~2gLpgJQuzSy*2cDh~=J2j1 zsMC#FQgKSt)6=nOzkmO}x;)RLmPsK=8MfAJ{srwt*)Hp1y4%ATqwS+-Wz&dd^3Yu? z=Db4xrr(#Sq6At7M9Y&nz9ZSI{3{CprbzjnePkg>6WF(4P>dqhMm0fP^wT><3cG)r zI6JQ;s%2%G{-l(63b`rAVxa3vztl8;Sfu`<#QF0a(6w`Na^Ao9>3%Y(&_|}C(o|Yn z>gnl;TdiS9kY0GMr?@_H^u0rNc5*Q)-W_}YA$L}Kfz*jiLT(YUhLT}zW1|ygjF0QS zUmqeIqIZm}U)<>uMRFtIh1pl9_mHm6R||BY2mkl*Fe|y+#Yz6#AUjY8QNw_i_Wb#C z1R03QrOd%0ASor?%A`0MXbHJxCdH6iX{7mFl8`vyJ-TuLwtnnrXzmYEe zT*isetLck!0)?--2L`g7SCEY4)?fZ+^rbBk$eUcb54^!zIorbWao46v+{h zt^I=zSwH_y&Z_@Lr=INzzI0c+>eQBFU(-AhsmVx4PTNip)!UsVa;1ihDtGas?3mnU ziW^`FP`#x-nr@mZ(V#RR*nQnh)jcMr7pvqY)nJM{pVhmrOav2OQ!k<>9=);KmPr7^ z-})9eshSCsxr1Iv7FBP!fYtZ`pY>)-b2BxzVo~Pt2Gd3p?s!cZr^Hlb(M{_J| zOswBM<0&sENsqvVyWU|m2#%|Bvx$a|me%BCuWa8i$Uc-zFYWKxw7-Xj_>7w~Gc*0! zFSfR{JYg2Sar35AOR6r8&REv|*a%MOV8C178XARnl1-gP?Kp z!EHeRku7vhOcYhW2PG7KnSrMLJTx>E!7?;-uln~;gIraEb0-4VM7bVC%}`;AwB_m#$Sv&a9HWll6TUItRFJ~<>@0w2JwtYG5FbOs&DJJ zIcPY;Aapm6VUckN`+S*<(v0czf(yDHY?+e9QyU7bD8P030Nw&t@JUXwY60T zY+l>9{gi~{@9D{2b&AadcgP-;Y-Z0DOsDJumZ5?N*C@2LAEX%qr^pd;IlQTXi9 zW5U9V*gc@FTeog)o`S2)n2sGzx_~_~`m~$x?_?Ks1_y&bR~Doc|UseC_bM3k?|;4cKV+aUwHt?Th1MQ><%O0!UxPg)swjl2k{;9N-x0p5XL4HUYcz`!QtWR%F3nbg$ef6|E;K0@}SRNXRfYJ5u^v7D0;H?SYb>{;-BKw z#5qB7w?DaS$?9ltZ%jhMbzBf?>ivfgZyDeV0c<+N&QA08>EuMWBzP3| z){&z}XXBXs90dyb8JqT#%+k|2KclujJ)eVpZDVP9 zyKZeFqZ|)K@&QCbZNN2Wa@P|Y8=HAtf|8++C&{;M1Ac_P8FmLCqdl~=muVedG4X_H zTt5$41$zup9LnwXrXx(pMmqD=BqRvsIn+%cKmjR(zUjUy#NaA05+Ja&ySS%&WWN_H z{3rK@u0>C_H(5_lOwjY+QLwjPLZ#{Jw{Hl4U2nsruvf($7gBO_Pf=0TCn&{GG76nh zCCAW=vA!yQ+usevMP#K=f?%wORTq1d*&FQl%VxxEhk3$9wv^jBWu#)y<4#8$U}py_ z6wPh=(X}RYm_I-=-X0#Pz3p|RP`P%^Q$0ii`_N_Y-q7%HMx6h%Q>X+$ zYyh90@TmbMt*P-=VADhSS4xUk&jqdlkTTonryUo*R8;7pR!GlK*2p4$XxAgD1D{@a z4)sq$K=6u-y93OQTep`J&ht`BW!0O6glxTfW@2LZSI;H(6D}xt55680MuKibn|!ba zMFg}5?EBb?ASykF1;;_*yV8Q2Cl!vErj(jMK|#!X;JpKik-dWhKOGg^3H0ltJFlr* z5E02-JtrlhjO&f+8v^>|L*zMg8yj2%r@4{6{VjAG7Rp5?2X%MGQ}f5>hfpGbdEh(l z2ak~cH0Zx@9O0^FbN#HEWB*A-2+=V4`iJ708XyvEyw@*Z7Qs^B=Lmv`P0`C344QcV z{(aORvdwz21wzu+R~DynW8@YP5L9#8+bLL%@EWtMTU^_I^(Qd!>RAhAd>*Kkk(qJU_y5^$67u3Xh9Tp=lRJb5x}{AXd-#-{s2eTwG` zQmZw9V7F6HD4aiUc=s+Ax1-Qy9U5v#rX;4vU;~Hp>*4%o>ekSDPWl9$v^RAT_&78? zT#`ita`1Oy=`rcrC^s}w=r0p&NG)JozFTS7iq@+?e|CbYrQ^m}`jlx$uAo*i2~_`( z5c=wVe|-@MPRahTXGL{==ecTqmAt{~il>q`AL(;Q6Nx)qKGpyDG*1ML20@f{e(7rmx6C>M z2V|mO0|SU&D2AYX5cO&W^w7c97J?GtLu5WMCeo6q5Z3f$v}!IsUz;vuki{C3u8lxilXRp^YZ1db#*3K+Ix}G z-|i=A9MRjf#u1Rth9bC#)o*140QBjBZuDOs}Z6vIKD@{FK$(_wN-z?+9frT29U4@sxXT6F|a;Ed|W5M1}fG z&t4IDZ^rel5BgU@?UYkgL_T2_bIb-5z}19|9-5+toR4bz{~}+=+vINQH*aFTGa`pi z+_6!)Hw#O%9346re60HtnBp-lj8&j8=855#&A)p$uO0cHN=#6=DG5;_F%c)pFm8^b zS!p)=`v+i|d;0bjN+OCoMSOoI7CMm&m2XVjc&Wjv{_K{F4C(b9;1xtf;e7**pIFF~ zv%B6O-}uG9ZX^vG*eZW@L)z~QBKP#Ql-v`?k3$G!uA`%wJBkg0w280y_b;|C z^!9of6vlME^C@J^=M;4oHMN6fQlT%`Kl^5@A;WzAdK?~*{Cp?! zp^E|koz|?mk3Ql{21x0ey7Euu1wuR!@cCeF$UKC*#AjxTf#|3Q5N>)*d4k|2;J-tm zyN~IND2jcEeK5MTJBa+lX@KKX8VlX6BmYpUhHbHT@%{;*5JCgc#*-(Xar7p3KYjg# zhSnr&-Z_5ymTtH=_mAPr%hAq#QLtz{^7i%)3TiCzq9RNSViYz97<(m1(%gY0NV#Lj z1$p^xr_l;asI`4V6W!YC-W$`UoKsYU zV&VWB8VHV)qa&egHxhek$eoQ$QtYNMWCLVX#G&D#p->^S9)eCD{T6nWl9CchM0VT& z_ALlvYlL9+eE-*0mJ4E@EJJ61q-_wHz1#!m^grq^=?vPfudQNb;UC+%^BI(k`WGkt z9`v4-gx>|PYiY>ws!aH%=%ZE|9d*kr@10cC&*q6@RE;`vt&oTS*vi-JBqiMo3dBZx z?x*(#NIrm}1^Y@CkWOxflao_D`yOlLyl`*&G=!8}`Sw;ofSz`bl3d7K)IW{1W$~b( z3pZU~<+Fgovxc$>$;m9h7!ndF%xjHWhfa$$GVs1nOl(S2)6>y$AE0J-hpLUN761A* zl$!ldE=Hctfw2pW7ozl0!<6>_W6QeFpn^huPtWt9AaGS15I3-k1FLjgH+C~IIl-bR zXxOL@M*}A(#nL(@Qz9E$;#wQ}z%HLv_2F4jQ40(XW)ZdDt>!{eqkvbNpZZYG_obCZ z(%JOoTU|n1(o)QDW<)1qr*~2AdrqxrweW!gqrxaH36{Uy~Jf`k_rM*Y}W zBq?t`jl|~yYi&!@^UKUUp)MG97;G73(uIkMd)3vt@0sZK?bxvcR2_^7PBaF=yWc@h zuO;7l!Wj3>7p1Z2xl($%@)hmw2yH7XD=<0$1>~RKwoO*PlKx}jvK+s@ms%9m2raG-7R({lS8&kpF&_*I_LNtDR&^Uf z`IUIZ(2$Tz+oTL-Gq<}SJVF+wEV=tJ-K@BE^!R|ycO7+Dv#2Nb>c~TT6*BESjfDfu zzIyd)-y8{i3H`9?!08mrB<5A%FmHmg1O!H$^!=+4Q<0vZQQdg@2Z_mBae zgmXFZk}56&P*(@X4u6mr3tQ#u8_9oOAp z9S#mwL46J~>GkW^wY0jC!gj@ygGyKH%t; zkS`>Jx*z0Y$X*i#S^)juth4@C>w>Z}w7CpHcl3X`Q!m>?A+#d`$Msf`lD?e;D#;IUHGx z4FmHs@}ii-oX^w|4-*kjMhZ(SE1VfELkdz+{^Q5-6Kms6Iy$nb&*gRJJyt{#dLBz1 zcqVtqR-bo5>+lVc*LqM9-~!jt)GU$;PqF@(KO++15U85k{uM}D8ZJaXzvS3hkM1%> za<^agQR~o8!IGg+LPoMB!#E{WiN;4p@?iT$^^?t?c=P5XH61iS>%)N2dUfGPK}un~ zf*&bef9JO;98AejBcoq``!%|tV2jOwt%z_4#jDbZsP@VB^=YHD zJD=@m29;1K0horpOH*@y|Ks!9!y?~jFf`Z}iQoF)!oE@Lt_66XP8he&06O8_BK?oR z-c#(c6*G8ptqk!W_$`=uKn*=^`OIhp0Uj!zxb2MNMAvcess`5(b5(CgGZPc=(vwgc$DYH=c^{*+c{q04x8_p{*OCPH%ovz+I8aVK};8vQCto-`n)QBeq& zBSS;N1nWilmMCrTpCXHTEmVDhP#^?2IDABWf@1?_q^{Es?`+E@B!%*9UiC94nfD)< z4-mt3ni=|rkA$>^E&*iFZd{74caKmHK}O=?;tG8FG(^DQD=g{oM-Q=uLAw4bDuZI@ zJJ=L4|KSEA2E3FVFz8B4>lV$T#t^}$BV%uWDzMd~XIrD!-&F=jAoq#AH`DVxMt^={ zQ4#tf*@}7|p)!l|7VbOE#WmX3mky!AvqBoNuXyzMs7>D~?gYQ>3k-x$c;-wItbJ$r zrdi?1W``yKw=k)?KMG~ILQ1#l$joL>mTvv#Ovb_8m0aG?V1~@t>{qp!XnztB=cLF# zx6MxJblvDgBXaGhPLkt6vEcp2q;R7DEEWJqZ#;C63O)Bd?|qh=Hg6*$22OW1z%N>x zn_Z>p2&mn)z;)^U@jCMvUf9i0I!aGVV-U4Z&&^!|rzC_cax&o*`?s|IVE|ftH^aO_%9-*8ar*ZUA_Zx{dj!=uS9xP5?on;BDme)JCmljU{^(5E8Eg@gqj& zNtlq?fym3c`iLAA?d|I4&KW@0L%HoI6OtoFTLA?5iP3 z)#sZRG0fnyH@8#$S`eTp}SjDZU?#Hn^u59B8|09PU+O<`!9>vYk_MB-H_96TT&A#Hg zs&)77DW@e%P$aB4LTq;HR#Mx?I|Wak9RB?qDyIbX_vU8(+qVP4!(rGT`}OODZgs%W zw|Jf5b4_)G4=^Y?^YdM8d3n&&r>;&+!D9@Bksa{eFz>`fxbMhTuR*u%1Yk|2jG9os zbZKF3lmW{7kNOWP?J$78Jzl9lwfF4nco-+K%K$W3$)V_gp4ub8rOz=2IhUB27`omi4GpTS{T+zi(eK~q zX@1(w&z}a1u`MUP{ntOsZcmlkbNQ$6gZ0d#@&Kh!tdYXHZoV;w(!8St0;%fpqLA3v;cgi(rv zFjSdDEGhb_6wB*c;J)O@_Nw2y@x3aPjblfT4k0~pb5l}Kc&McQr=+%ftWdjb8;mB< zeZX>&cKUK-;QU5e6oq@d*{CR%lF{fY_P6nAY125Gu)2pTP?D41v$ig8q;cDiL~Lib z2#Xeu7G=)2ZE7q>kG_GLK>!t8sE+;HuFPMuuSOp-%tQ2SPfi8~1S~8pTv|J?p#ijW z^2iZ=G}I`xZRiu6ec~0_&=fp;O%Sf=_v`@x{?XZqb|@GzZKnFpk-N3Gx9=yvk!Oop zyH)78!NbVsZ7>v=h6ZgsdT54#X$EzScIU35`&??7sB!p!enTCm81Inw$FapPky%>W z+9WqpB_!oUb~m{G-o1MVw1!+x|2ys9)%_AZC$yv?1!Gs2Z=~R6Nanl(f};m>0Ougp zfU9z-Bn3QsHaRy3M9i)0g#{-iApvaVHQs1HOrgHSGVj-qDhIZWh|Ah(UV=J9vHzvm z7>gpLI@AuIPWKVc3H?2^&+2XdNl7Zcn}l#-KM}F>eqz~LGGIeU4PWZ1Z{gMvw_Se_ z9!ykp&e?=%Wz+w?_XN5_|4Bc8&B{9CQWP4syyf~vesL}EoDhlMcm^VBFo(U2y&G+V zxS!cyX4@IEKQpj!KZ~wBhXLA@KRt*}n7eS&W4aD0;GR37OYsaf3CuhBiq4xxh+Owq z))v$1)&7~?#b01?Oqh=uEr}oSZ(W4t#7KxVCz4-L|Lx*k|3BTOMEgq%iritnre{L3 z!|pCGLtvVbcJ$btveBhUwD3ROrRkLGN!g%ARLr6rD@qg+Pg5S!|Me&j+qu)7R+Ce$ ztv7PlS8d9iLKhw@tZfpHseuZ!vxHB3h+XM%g)Y6Sk(v6(`xxWdCloP3gy;E7y!o#iBGx z;d)cxZX$&VK8?S#YJI@5!y@B0CL=s(zcZrCAmWl!Nc;)+D4WzgH*=j`;s3qn* zEnDm9vGZ6q5=o;GO zcED@Ef-*kzto!%BL=6ea7pQ`bv`hw3E)-=eITYRs1zOjnX0-wf2j@(UjN0?;(h$2) zoIxlkDJ~A--=4S%hg=BF1152yQ9r(e|_1gzCp{uEhTW zTuo1RL`fMul8)) z%IgevC6`&Ng5QR)B*!KtMFI#nH_IJ(CIeps14GS(3ZywRYiksO?rJ0;5ml9!H&V6u z9JaI4tg2aT-{?G^Ne+Tz1m4@w|dI)Oan zya3~vz@e{uyNiNpWE6%bD|}#_^M8FpaqZHFXp@M|Pf!2e-kulytqU5_@87?nkWcW! za{x^fidbW!TGQ9BZmVh|3!h9~(#`mG4j}lT*otfjGz<1qmdUQPjBNitDT&e`IWch$ zHT7WD;(5c1(R(wKr}w=3($F9b(cjFB@9Ia)LswU4oSFqnflswL8kSxp3p@|LhrM{A z`c6+)wgT7?ZBz-ZP*fU|HFyy0xw)Ac87Z!*)1TrF_XxSC#>5;H7k7cJ9=a3Cdr$}v;!w>*Z3Ce1XSxB6q+smp z*D#Dg6^RHBN3N()AJjCO2MWWMh5CZ^ny+|6^={=sqXzoJQd4&sfG?pMI`)}S-_%qE z%|R#v9k0b!34(N@tc)HRkWaeh0s2YF$~FDo19!6k*--=rjy-we1op@em`~awrAEiG z*4^DosHb#x-nx9br@Q+DgvYheLd(&rd(5*|VnYW}C`1|*)-EN-ZbkxxL9}=jaX{JO z^nn8hnxo`Mdpy)0X!mAh% z99$t>g!c{#Gx+;AnlFy;Jf+{p#lsW){5hP*#YdlLxr8sJRBPz3LhK&y>De4rj60q9 z!^FtWu4nqI2WUGk*6kZYeMxtWMsFapto_Hs8z|aHYH`(T&unL?Df5o$f zlL7+olat52Y&G>SrrUjQT8zC2sAY?fhbDFi7%%{B{r~Fv@^~oM|L=|#S}cW#7^R|( zs6;W7mQ$S;RI+B5WF!?4V=P74J8jBNsVrfvWlLgYFBw}Xlc*v4SZDm+Q{V6JdH#5w z^GE0PDmB;K_jP}+&*#0}tk$Ncn^$36w0Yi(i44|z@L{0@609+o85deUe(W9`On>p> zNE71xZ`CA%LLBc6405i$`X-(leAL}F=rSRE{h!^$FR*ke&lPLVlhv+YKU|5-`1<$n zjR5OvilUEFqyS()Q6uW^4z7XTAS#$W0QvjO4Bi4>kwM~Gn?9Iannpc!su2SxRvTV)0~hDw5`g4Xh!}7K zlwp;_&;F)#W7QmuN$=*L@c3AlSX`$-`3DaS?iYM+FbM91WzbM(A3Yy}S$qlrQF!$L zMc)e#k2B3M;(K%~se^^~?%;R5qeqvjS8x=Fb0ytekFZC@#a<}%BRf@8^w1(=WBhQK z!b^B+Ivgs>%bzAEORZi#`|Z7`fG;K={Zps*uj)JSwAA3)E#KS@0E}85Y~9YZ07|{= z2QFnmIh%`VH$X^clcJ(`*g{AQAnc4Nw!DNs4748R*F-V~mcNOWRaL4Iqyq!D)szxk z(a_Jpr{(3bB8LhD5)3+a9FB&PvGgHx&F^XD&nBtS!|;YLiRT7Yq43)Z9Zh;BIMhU5Vdtr*^ojUT^yHHE_Z zsKu!4)!AELUJ^b90pjb%h2uSX(f2V3NJ=Vh-5L^AxV8!=3Y`1ln{6t$VZ=29XoDB< zP^QOl(Jhvit|Bc<3*cQpp1u3!%ZqpdaXGM-<+g^lRLqW$bf6djTf?s|EJkZf%UJL1 zQ<_4V`zO-$7lX))>l$)deSI*vgtO~jpr<~6;X=~0XQ)+4PoJVehs#%Te;ro4(b^5q zGw3MmeFQQFGw75yn!tU>TNLm?GczLS-%a-5>q}%z921yU8dvK!O^l5JR)-Pi5s(bP z-nys34uMU4p(=*;rY#0U;@l+PI+vla0%6C2LPe1d4&h$$|qxnN+={RSG zdhB*+0HCO=s@hi!B^4Z!nP*~AOfkdZnw?a7U0GCx0`jcL;FXSnX)yDBDGK$t_rxY1 zd?XT|lH%|o;UM@Z=*WOHjlJ1)g*)pG4Fvq?-<3i*THkuT^nM$=7dg3OZ1G+LX*QgT zHDEgW%yI|q00^EjGZT7XGJA0WUd7n8R*!&@KL{ z(+x}EjjDt5wEnvH!eXfS5}{$2x46VSix{3d7{<(@E-&@dW3wr5^53r`WS%bm!*2l6non+zS+uVtR(8Ynf4+@Cz>EDCN>V zlk#Bwrq)|k+F8OMey_(E>p=$xL7$M<-Tfdr0HHrhq0t*6)z`=Am&#w*MV=WW{>&Kg z?+Q!x)gRt_l}lSqZr=6@$EG7dYw2AVxBQ;sp^AH_^tLoPIT5lU2uu*F=R8;V&dz6mDhf|HR{C^dc&doE_#hR@andA@!o+e8)>OXy+JibO(pIX+y zpSCF~D5x4W2BjTh*THY!-sy_I{=N1Pds0FxxV&e?V+IB`5jUX#zh$YD)VTh{;$1_sQmq+4k1+eHj$1MtQyRYTnap|8o zphvqdwy;ZMSAIz5#kcuXw1&HuW+T!U&P^w{CjPjtt8%^8qv@x0Kmq76+- zQBC8WVMRb?`qh#--#6~tH=CquR48Z^M>Fsuv-((prOD&*2W#Te7!&oCbLLG!Kax+L zZko0@pHgD^Zg)rWB@~uFRa#wVUV^@gwZ4m5(!jB1qU3=3xaI5DYajoMsRqXqknk3^ zjndifhi@{L$et*$Z0D!CCF*nbXG!akR)k#HLAg~ipY1waZ~kC^GvDMmOv~P*i-m=C zU@P=&Kkf8=qZhh2S&|npQqX%4MVAfTAGwN9iTIkbn&@uX*#;wLjQL2|xRZ{<$3MLw zE+_HevNEo^r7?jV7|3nzY+a=994+j5vog~7-LM(7f+H&j8`hoP-6WDTzwzVwdlK|B zm?h$l+M9>W+x_>rS+-bGi4VZin%Oa|vqp72AZQNKZ18q;yY*`+gd- z@)p_KG8f>OH$lA?o7Jn~@yoWncVh8NR#v@x-4%Amr9tjvoMG9eERqRYY-{Q+g5tEf0pO|v&x4|*AR8{pY5=sza2G27Z%5br64k(G1V-f5+w)8G<@6{!? zcv(bA?65a~)L2f4&$Y9_8^SyUOg?CB zcg+|uyC};T#}(DKc%1Afx2Wqprk_GoZAwL-OD7VayQ=1J zof);4WfxAbrimm>`#76@niij*!&Dtnsc@ee$irzLKe1gp%npmKI}IuU**>D8iHd>j zP$*qCRI67sqqhfz{pIp2Q>A8XV(?&YKV1iZ<=e321$-qJj@dnFc_k1Q96b9?f#m+h zho2X<0fv(4#JMwUlIyVD69xM%>uW(7K!D;8*r9N7EH&eimpM%tL?FPGMp_ee+HJ^vbFkw&#yyiUNWPxhglfLR8E zL|d@p#;)#MqJL3!*MpZTw+~1^PCV8e9wNj?+gwFc!Xpl8VQqwpJXG!L*Z1T!n~4V1 zM<}NrJi+ihlBq;1HJ6}s-xpP0_s`O*4!Bs-EiiNFxe{YUOi?hXu z_5`{z2r~g?VEjUlzT%c}?Zb?NbqarxiL}(9%Mar@Mt*Ar!j7tFF6V2CwHCLIzS*k; z)7HzEp`%AOejJ_q9_f^=AcKajRio#=J*%-{;4BTB(t}z8l zGLLeJl=~OhN=A6bk_^ysMn^+iHIC6AkCh3LB1WTFGWSj?W>AEE>1WQ-{r!!%>2h0~ zwa2rwKdc&6$=SRw-P*aJBky9z#}Y(T-wqDWCYZ-6Tc*T0(+@V8C%D}C5X&BP&SVKa zmiWpF*7>J}yE>(^&AEg-&7u>ipL;G-hRY=qBQW`$0yJ@@YI7sw8JFtuaEl4Srt#?U zo_fEBNO;<@K*10yeP=CUkJ9rPvb4;6LP0_gD@v0y z)(E_!E#0$ZvO7p2#_cU#VUtLgNAZoVmn&o>^r=5wk2Z3%OPE&8GCP#tGDnUa$tTez zX|CXJK0;!Kv_^GoGH6ynMMV{x8BIBq=*R4GilIb4JMg4+I`}`AO9Dtcr#%_%u`0h@6^K~1U=Fo*Zwb4^UdEhT>Cs%WH5E-knGgAyE%A6y+Hv*i}WrP6CxgzOlPuEoF-Y6(;5RY?E4{a3QQu^<22uUnr&3T#e z+Ff0rnwtmPa$wD=xqXviLU3^O>;LnprDL=uk<4e(ERes{BdxurT|!OhUKn4?gq)m1 z#1?5Ow(Ekb-&^TV-ND9&Osi4M3FNbK@npB3F!4EOWTiCWF>iNUcFsLl$l37|o0Z&&L zm=Lw+n$o|}4I?EN*WFTSAWa0OVOBU`acMeqX=|~KQCa1NzeRk^OYSK+Q`cT(?SWziSv+Tz znxSjZlC2-DCv`P9(?jLw+06WFE65BhlT==5G=9g{?yflflm7;b)-rbFz1NH1Jv_OK znl4{?LQ?Wr^Fz}}I|O9Z4{U7rx9{3?ctQVbg<}|wt;4j`s`Q7rpQWqVkc8^vw;Fkl6-`b}E0090!?Vd~Q zQ<&f9LZ$mur0}Wj6?jez7Zj1^H=*8su&XghA~(0it8DG&;<4AQriXOr_PXv{q)SSi zUTthn>-Ui=ne9;qg_)`~vAk)~>$4xeySzzdPVn3r;?iki{;X-nY z^_714Mh4(OFyHVNRG=d6yKl#8Y~K14pRW=sLHldp-f!PSirhPq{HU5Jn4TPklm|}tzSf}6k(B>S%yh-*J(WS^q z%c%+Fa&d)qzelaqB$rs;5jVfs(Vs5=oVsP;25~PZc;L$ORW_~j(cD1dLY(?0>T{Ev zZMoZyzEx52*6rIyIEA2q0nWbq-}{trzm^&T+m|5_>g|)+{2$4biLu+98;6{QUGGpnCJFdm$bsrCgL%s(xrOhpY=DZ{DQUU+jnjM8 z_L5ioOjie5PnSh`+X}Zk8QPTN$u?pM{3KMKsGRqo6(sOh5ZUR}r*_QlSH4%9&)=H~ z6@@d(b2t`}fXCK(^p`i8f>!jMWG}RHfRaITNO$b`-OOqSJ45#aFJkoF`uRK7^L{D< zd{dp?RD+h1w#WkQ1->3l425Wq)1MALPzlhe`kF-RC-}^Dn~w=EyWL6;&fP+7pUxQ0%F5d1h_{t| z*4(zO0h|>~4E_CNpZZa4#`fHWHI;VAdZNwrQYeicvUNbv%^ z6>VHiNX?#lf4HPVA~b1Utg_gi!7#6}L<2MTgK_EarbQw(sMM-*H?#9vy9KEd$*`e8 zv^>*mW~77tfQV}Nog=zy>jv7m2KHdhIyw@pjV1=9Mpdu)#*QUF1%D;4j(_x z`Qj(sGU^+BC^aoiCG0uZCQ5=fsT~m`VH|d1zurB>eRbqJL)K%5iiEY?l_sgGe(Y69 z10Bb2VG3#Ikz>a+Aq$2_3fdF&-40*Ntws-*tSv>0@#hN-B2c)d=F_0K>h|rBP$qT{ zxM?!BCoZfxeCg5+#vyZ`U+@pH7Zp&>jXLNWKi z8V{M=^p;+6Niv|iyjF>JgN9+NTq0A`YUXZlVdqMcKwn|Q^{Y~W3E;&~&Ad)eufJSq z2y(QLP;woFhj;53Jm4(Xf{u$55PkP=S=o2EqU+>*{{tDgr%u4enqM|!Z{@+ zDGBr)LLyL2F9P$JnQ3<6SUChjAU3&*iwoZ)clTL=+8c0Hp>`QJjdEzC!b4-AKmxAtF9pJt_Pp8dYnBB*0v_tkX^FfZ^@h^^krC`dQo8Z{syH$1|t4M^EGzA{+}4@QUZ# z?K}mT?meAMa8|dsegMkS82j?Z%s*A3;Cx@hkmuu`sVOU^4A_OUIQkm&RZhiINe`0G z4QFjh|KT1#-nV16hzW;Q*UVr(f(WZ>YL?YBz{#s68%Afk_eNjCb&fnVEq+&~If+s; zQ&i=ZGj7R5vPj&MCkH%~oiU*yN0@h>h&$2!Qtik~Bkn+W3by}ze0GmvclYjYfxxT&q7~-2K;!W+SYaJZ2s_r%^SoWc;6z4 zv}eY2+_MD&2(Ze~AM)a~e%nP?xi9&|?=o-4f4`4)ltC52TI}G9)YK?d+rajLPKY|V z(iT3GN$lN!vDPvRpIahrvKW(X6z_Qzw`Vc?314?#F`ji}-28F0ncGZ!sf zxH0hG=;*YfvlU&;OGSmUHhir;QRkxNm&$5SF0Ker7jQNq?Dtt$ z&QLg-`7Yzfk?bXH{IoRfD2*%Uuv?WLI&{CgEgRN5)f+nqBl-|~Z=V~PD20E%*yY4< z*1{Eg%#1jTYZLc!j&C2%OFPMMTgXVSIBzsJ>E3hS0Homr&aP>B^#Wqu#-Nt*1N{dc zzjzz(M)eZ1Wu5Y_*LY7G-}o=_(8AWSZ^jFsCbl!=fIniVVxuqO=ZDi10sxxZu$8!z z@Hfp)RYGf`mV zpIL9|Od&US?~>r=F&9e{g0-w3=gXD9Q`30Q$=TCW{a(6Vm)Qy><6$bwd<@bFAak%A zW@na+GfXhrx3I)l#!f3n9EvHL9jSg?{;~J{HmhwXwqBxSeft_ffY~XJU06@$u*{(f zzVp(6=C{Bkmaiq>rgb`Q66YvpYzQgfZ$L6#QT-{Ktsfk(^SM86E6tcPlpVA-$+AJ5 zAZ$b!eL5>7nQocm%c~FZ`eJvEqtClgiJv-H^Nz3ghLS}4_xv5G8$ zH4nh^0Pahn}?_7D5*{EZ?RfSBtq6(sO;OqIo?Xs#py!C~K zg&cjERxe4~xl^Bd(&7)mLsfK&jEUAP8n9^b+!8jCnP!xm^EZz44~cKAg|jtfBZYsu zEF$)f=Pf)*F09~+WsR$RUmh7&zY4`ek(!EWyw!SQs}9vFjjB2N)|zugwPpO*c6oAH zK!R9t)hx3=lvVZ!ykct|Gtn;OnHmVIB`irbYDwyTYy4jD&-#NsO1N}_D!|E|K3 zVLqr6x$^L!yIA#~RoHPKFbT;be)2KoV3OeI+hl}Y5+0A}*-+ukg zW(js7n2U>f?b=sty3iB+**DPf0N8DF$^*FH;`C16GE!Der&7qjHo&>?g`?nFgr&ej zgDg$FJfXOl`{G#)!iRkV^Y~Rm5A~E8o=aZFiu(OT?&I9f8P^_FJVRwRWc;~J%W3^8 z6+r_!r~R~ zOM{m(pboi>EL*mMOj#!VP|SoNM#YT-yaOc;+>Y|{Wg`asNu;F?S)o;b?%-;t3nqTg zVNe@+uK*khxE_=fX#4l<-hH}IE8JOg6M=nGC(|+d6vxTuKnQj`p3TRHe5NBihb$c_ zx?Dq6!V*KaB(t2YkX#z)+?vguTFi}JRM5G~8LQo8TP60eS|4HcU0qHJI*qF=$Fevw zc{p`4GPZ5l@VA~=UOT5TmYep9@TkznN*;}cH-rt=GZu=rDwWW1h4h3Am zcSw1nNoF1M_@^8BX*zoMKu>~bK@z(b_+REQG6XWh=vGn$2SIDYgt%D^=J|B%0qch0 z7Io~-Gg~UZ`{!`Aoo!mX*R>U|w!Qnwx!5ICU|yHk43fk>Q00)fwF4~=jv4NN6IC>y zs2+lP0fBE{7ZJO6!al`=S}bDA;!!4KazBi)*#R0DleJ$i6b^K1lu9y5h?{KDd2IFH z4^=mB_90(1WD&&ZNn3^Xm>uOK-~Fap^KtjH&yhNWbs1Ysa>^M@ti<_MPc3tx4!rQ zZ2atWL@96gV3P+}FiFNdtGLh{0Fsj6R0<)(sgoyHt6qwA!swLc%=}wlA6BNJk4Kd| z2KOj27!q){LS_?27nPEF93Gy5nsdBat~z;9Io-JIs^=CxUC+PgKWb~en!#4V>AAYn ztK7c4JNuQ9@m!p`p-I%!p4y~=pbxQ%4v}l?8Fm+6f!i#2HncEZ7{5E!G3eFHNp~t7u0Yczqi%DMmk^B83Tmswgan?dv1Bmc(8T=z z(b^BpGdi{d9(k&n9VJdH(B-_hw{lJFlCk!K6t^gMX44MG3s31A4gRL+Es z+vW(*m%;?f7{obul9Qn=G|#zkKRFqJt<#gtFsyu_9U}qye@GpYCt3;r032N_FOMc* ztQmPDJHQd7NQq%bH!24ad3V}r;hckAqjoD@lAhSTm%Z6*^UC(`6;6Nobz3+(ldB^s z?Gm42)zTbMtFc%zM}GCKA7f9Gl47tf+(RTARZu}p|LTpU7Gs{9o%QUS-lnb|5fkHu zpx1}h;>dr})PzxmsIK1kW{pEvjHdfZy?dBPUt}|_94R29llDB|Evk$Es6&MRhZW_k z2>bG~rruZ+m>MzLg=|W?^Q=_J7ZsOEit#%HS(|kBw-?88v+W&4bH}v@?XvB$rkg*; zcyF93ESv>K&lyjr3UcVsMxb3$c_|Fbj>kmDHF))*PMn*hlki%K&yV)2o%!O`<(!#Y z{GWcDPkA7Z_Bj0L1AW23upIvv-s_hH3jYOq^v_-s&oz(V;uKyh=_wJ3cF;JmtffkHN`0VXv;zx;AQL4Mv+=zBOd;CT6Yw8>q!Ys%vc%E)#8nD?k zUR^SOBelo~b?LZIKiP0b@~WnqkhQ5|wY1HZ?L`w-{jR#JQ@5U2xWy?sT&qE>k^9cL zo!8t{hu5m#*zZjYd2t7psHmuZPL=uGbTgc92LUhLyb0|Kxh?xPg)%u&GAAP|+X*o* zEYjd@Mp=q&&N857d7$-FFdC6Z;b~#K+AHjsy{zw56-w`d004R>004l5008;`004mK004C`008P>0026e000+ooVrmw0000L zP)t-s|Ns90%>V!Z0OjT7%>V!Z{{UQE|3WKO#Q*>R0b)x>L;#2d9Y_EG8m37^K~#9! z?Ok1#qbd-ta5D33PH&(NJLoeT@F5GhFa17G+5Zx*Qq&)!QDaX`S|-y$1jLWBz%NAs zaD*cqVR2{<2oBg^AY3ku{2hXKx+tzq4dzpG!2W=sHg)it?%!z&_I%=ieRJ619_)v- zuY$eTBn11Vk2jYb>EoReNs&wX&{+TzZ<3xlU|$Yw8* zG7rPveVr~0@1>V?g54&vQsMXk`xda9Pd80TYUE_oMVE8@fPE9#PfZ2>kvJe&7DCj& z?+<&Z-~I$Lvuj$_ko1LUfl~dATj2NS)Oa@$fQ(b|8MPVG&gmm9s zOXxU9klKcH7hO~B9Z8<$jamjf0?OG5*aN1VCV!Vg_pYZTK>nu*QxY|P7VAaOG`9{r zD(ppSkiz*K+B?d5!asq1hP0!FJ;^qv7IV8%B&Yib?2@t)c9?{HAngGv(ypl?H@lAn zFv6yHBz^IqmT|BXCNW2PRS-I8`imyD(0?d{#ZZ)t=#*fTOo#yUq&-B_06@81h}vbY zZ81GizCDru0_s_Kj)XL05=40WPh_dif-JBH zAeCrgSMW^={VQ}k@^$6vL7o+kM1Phlvh87kMY&Kk?F{DOlawqG>Cpo&2rSq!DfYk@ zBg{9J_Wsh0ZS2KdV7KY$K~>oK1P+E&EC(}^b=Q&@MJ*|Yln5qK+90q~25NAUXN8@H z6{#f1h~r@o`KJ2YFJNbF2>F!Mwkho9(~Sjg*}M0!w_~w z1?}UI#L^BXC@nW22Nrti2oMp-1%uJ~uJ`kE0o%hK(1DMPfABqmM#*4?9gCq0y;d2* zK1h`MyQ}qD+UN%_64WW^Vb6)wRJpEGhFDQD0nFWn3haV_6yJI#(_bH1(UBhOAHa}t z$U~|bPxD~Z@LU%_X1tU_Q}kl4V#isVNY`b-0~ijerfp#7MKZyT+-2shR6@!*6oYK) zWgco%n+@#Leh7Rj>e%`a>@`@*Ib^6zD_y*qD7>as1I52l*v(t&tj6AjpxOG0@j+?& z8KL>{2&@w22br+a4*EKjO6U5TdER2T_d zo{$@9M>8SsPuZ&@zvJ`VTWXNI@bhzOiz|*SXH=EYYnX10vZ35&e)ZOwywnE%6$Z^) zM!_o%9#xLY(IjBU++1Jl#SvcmJ*X&dnE~lR%3#?Kt7Hn;g%S+8C61EC0k1d>JAxyW z@)aXk*bS}@_H|SkH55acAqlI(9s<{gf)yBP&zy<9AvD8hQ5-`Bb~JR{H0)X%%loiR8XORKCd2P)VCL>!~oRE8q}zmi8d9qlX=z zI6BMyLIH-UV}eU=Q;N$BAb^bBnT12HL8fHE=mBZG&=;Yk-B5>J&nph+@por!6Kq&k zGI!=vcV}Jm^3A9LS6yzRIM0PPeM_AeCf@t<1oFZ9<7PGBs>|Ii{-{`(@MoiNP+?19 z|GfN>zX$C94t4_WvqbWPBbUpE?Uau(*q2aYeVD0LQ27WM6Ln|(4W7VWsq?Br75hdx)y6LSU9p4U)t* z!_cJM4T1Hf<>+EyvMZD?5mm~rfL(M5#d~;7q{sH-gJk}rhq;sYkIyXm{bBcaDHR4V zi-R)igUsR3zD8N=od{$@CH{`+O=4=5bIKcEVN(J$_*qgD%6X zfwhnf#*$Y`5fov->;-F?#+Bq|gbM6T*(onKLD`MN{=ujg5rI8@K0j!frBj{oFQvj@ z9tUNWj8!St1UdxUcS4Spu%ov=weunww1c5uE$?k5r-VImY8YUQbDK~yGNk_DA@vUr zshrY5{pa&D>G^(u{g9k#V)L<-3WIqZl&wTmx2WQrj`E9`GEM=r;bP{^z|EkjhG>e& z<7tOfDjSVW8hDP5$*zjw8P+H}2m8FY)Q`_UV=q)$$=sV=ji1MP8Q&+&fBpab7(aD+ zh#Xi%VI9GR=Eoy&z`p;`!u8sA-}Kj?;c$lYwU%DMzSb(N9#D(l&uqedE7?7u-US2Z zS&=p==PusLxgw{)zS=6RM4P^?&CFP4!Wjlu-;%!9(24PV*slq8xC8rYtFStl-m>Tp z?C@f+7t(&c_8rlEuGbvz|8~-TZVCLpn>ao9S~`5lDvY@!;lV;2mG-;KB+WE_=ej)u z&O+Yy@R~>ud)tz#X?vKvE^5!Ybbr`C3(W&oVa9q&$T6$ii_AE=Oj4H@?OeTk)zOWu z=hovdu%|~O$-Kf&DUVo%38Cb;sj4)3-*>#)ksn=0(<(LTbkVv?49sGWECcak^mgXGv8Y#X_O4U z3hcl`D)5jBSDLqXQ1?pyOap7%O3s!_KVTIW0$4)HaNM=b^Oi|c`p(1fU8&ML=aCK* zB{LS53mqQx42Sc0&*TZ@b|LIuQ1=p=ACJHR`_zN9;K_RWD(qRXzp}3|_1?pd!Vrub zpO}AsrMuAS@eW{rX-MDHgHMBf9Tm0{Utzh8QGe(5uuCH9HTIxo znw3=8E_{WdE{`H|CsRP|v`SXch|Q8J(mlZbn!dtx{Y%J(YQZmujQn_tS(;KIdw`ua z-;4PQv&Lq8DYq`qJg;OW72=Lye^Fmy&e&`mc4JzmXZHX*7DE@#qQYz$dVprfA0G{XS)RI2#7Hr%WEJ78aJ6($WTEWzZpXbg6FuQaPb zc*RYa4f}-WF_U2^?O}j(xL5NxDVdd4VO3vYGhx>+2fJJ%tDkkA$MSlOymAwC`xs^+ zJbf2yPRXhZBsYeALtkO~nxo57#4lXT+MZXVde~#K<%?!{<4VtCYIGxO;x*B;;k=!oIbyuyWpR>Q@Tg&fAS{$Dy>Z@jM3EJsJqx zmVX6v>n^ca)H!2;!(q_hB@}&#Qt4j#}U|f;>7;vN&7CG*uOgL!TqL;mOF~-0S$NN#Qx=B_dJrNWQ8z< z0bgW(rvP}06Z;p3z3`glNDLY<8TNfSv400?SMI{Swi{w)cTVhIU$-ldZ!2Lu?o9qfOUk$u+Omyv%h5@uy3Vg?plQfGc%NZ9*^)S?Dwp~kl7f3 zp$X&>*212Jebg!}xc8vE((?fCLD=tGg<%Q%yO1N#gq<-Sw+agb*pEr%W3bP&3bWfz z@k+xZJRxXT(CBwFnE@`B=5(o~m)S2fuBtx#TL5ye-Cj8{yAN&I z)&E(&T=tQxDb7y0sU|5!kyJ_x@>SaNm8+7<`7gQXtvb~_HQx^V$wV4WX`1fnw(YSp5^#j!0xsN0EIF6E^ck{0qkceVW-Nk zYt|%vgpel(#d)&^g`J}LnCqwO=4+Ui;swvQc)Qo6hT zL2vjrdx+MD)Q64zh_ut8jr3P<8j|^R{U)gt5`_Mcic>#QMc1nU(5lCN^7GHyKwzgt z*0-dkle##QNRm{xvO(gk*^up7&|kK7&U zgA3oI4|@(A6Y z^Dx))xR(`93j=9)#Yx&l>*R=xwp4lE+93}cZK2y$Ak!E1#g?$28mH1v1K5)q5!f48 z0Q>pO_rtJT#GqA&+h=gFU#~`0&w$+*moeADE^41Dzh3j^0xStruy3N{3GIwwBT9x- z%80<8yNQNbI+aF;8ti9*z4fqrY1biDk9i#I{rqQ5Qrmw-W-?yhx&Cu2Pn`YmOs1vH z9b_ic-hq7s;QJA?$wMmekP1Ac0uQO2(q)CyDd~CYCeGR98D?cjJ+~}}NuSD4cs4_x z9a3eEooC?5)&IH8Ifp~4owv)(oQt>A0KT025bXI947j}tFzn~T8_j!=Zv?)Y|oFJazNzGpcV%r4L|9T=}KW)J$&yF-6g;^RNl z<;xVMmj0}VBMD*jz_%Z#>iTD}4{f&s+O-nHo3uNC*X{tvZpXlGJ+tGo+n3RyoB6^9qz$C0azH6S}1-v(xPBbhjAT(&(|`dWW;uh7Y{P*184Qgd6s&Pl9h=X z$Gn~qyw|nB8@Na7o;PTI$r;V%jNkiQA^OC?zmJQYi-ru|OIXpoC%V2@-EP3=)hr1C zzpgMl!wCR>9U}NOkJejVv4BXO;N;ps@>^?~I9TU6T| z5ij2=*A)grDu7Lt(z52!TH4v_`x8E@I3n%V zZ&I;~LEIhe0ialHi#!x!)ICJd_>!{z1IJ)Tv$m1_cWHhz&~a5k*GQrcDCn>5VaK_! z;|_GY^%JNDi`fktR=^MCGEcYU6TyzpJ}y2(QGBe~ksNqYDCib22!*qH=cZoVIZ_Qan_ahv-dC7CWtTbv`@^?G zD*ELl&P&+fa!-Rj>VsWGCf-sj8y;8NkE0nzw@k*-%4&JhmLh?1jo<5A>dMZ-@2z2G z^~aKgBP^4;H=@E`33jMZVY;2-$n!qNhOJT+KNR+gb9*xOABTO64Le|;4|~mFF5+F- zXG;5l{iKp{R2X~Rff^MS!zddzB)(=+TWBizQLsBIEU0d;Qeo3?c3ZOfSR;%vbTg}mh|(Y&+VZ>M+lU%8MqNed&e*Qqd2SFY2pS;KUP z^R-v_!ymi!5XntpU((J8V6ReP7%L*D7FpeQ@Y^QJuiJ?yLvOFO&L4iUp=51a#-tU* z6F&b)je}hs?L~ECclBHAU|-NqNW>tZR7kKC#&S3io-rycLRGhWLd!)1*m0geeAmv}wv68N3kui=&C9Thahi_ZrV-29$*{}d zm3v_TJHnKbadu%t*pr8;M983dxKzyOl+>VpI9K_@AHa?tc2P2(SPK>|X`Z$=Ta?Mg zhePVUc2XO7k6mA3IJPu1H&(V~ zvkdgDTO3hIZsfFM+S$0qQ-FAZ6lpOh%A?hI*>u%dTqppWj?7^w}q!31Dx0BOL z=WG@#jlq4qrB1YS;#cPH3zL}O{NlK}ihp~XJ8$O^UNpRxA?UXST=ZB~8F)15c(b36)U2PVBa)Hz{LahQQ>kx$wio77v z7=vk^{Nb}d4R-XKEn0&LS?YM7adLFMl1{oZZny-=kj?RV%N3spyJ3^mb_>A0zTIJ* zI46-*Ogd%Q1A<-87?{fnXx{XHB<#p>vE3TN&UtE#6UxSsnP9go<8(zN|4x%D4F~KA zv`{LUxr`Hn-8fQ6C%YhVLdiUFx#F`zuxt|gA+<*7R2e6`aU@YgWHvT12GcynZjZ+V za`jX5Q12fIu6=5baD-Qs&;5w*3MXK&ZUWeBMGydfaO8_ zk?a3c*em-y<~JNCGr`!~fS+b#UAi`gecB0F5W_Qk4cLcPVfig)0(Nh*R);+-?t}{L zXlgQ-sTyUKbli@$%&4z0F)0WSI04h2)JL3v3G7ez z1GWfu3x0^+%bBw^|@RwB6837En-;*Bbpd%>sr0ow}p^cW9dk6>X(SO7c1 zVkcl|jECpIjxVCyy;Yb#q`}%#xro4y#Eb=FOPK8pQwDwfA8-OD-8$w3YykVN8J?wBPI`2}Cn)En;vm|`b379UQ9B~2`K&{2_seZs_!M=8ZBuuW6ET)$T z%T`LF|J~K>^@;ECmikba;f&sdHE%EnrFMjGk=Wf+VK3wif5A;boeHbI<%x=zONA}z zI2=iMA!qoDV6RePxCIp!mfZg|>@VRAe-Z3eD(nvI^Qf?}MEokSqp8+hW4F%mS16f+ z3KQ5Lp~8w~7jN$je+BH{L50yO!pC{Aq2Al4GyFBMgX3gy3o1-4l+39&c80$#>xXwg`mZm@e>sw~(IJ0nDUSTU{p~*R z`)`q6WWV(}bA}>Psr@a4_t%%dF+SJBB|v@UoRqoy`$b7#T7;qPBR7q7klqT|C8vcQ z80{kRPS2FPkr}X4+SgbA>E!%NVE?5uKLxvg3QE|2|DA^YZN$BVy>_lsFCFr?1b$BY z($Ci~g`Ljcl0Km#x8HxcY+nm>aY(gkI`CotEZkBLQA!bcCvm6y=;gMHk<$3}Usl&n z+ItAUzP=pnKzb&_-ktsOvfW4i=131I0h>G2wm?z0_%pa4)`p+ zq&XN#mi8W{D(qk~)7c)sB-$4L6uS}lw{-OTW?)Z!K>3qw--Z$G+;@T<7W!Qgb zfxA_e4AgY{Eqz(oQ(yeGu;0MJF5N``hLQKv?IrAkAvKA6If3kT(U$|9XEH3$NxSC= z zrN<{>&Vz4$rhxMQPO83$ypgb*A+?{9{3nsoX~Sc0skgyQT_%UOu~(>f4D;VoHwnLQ z6Q}xU} bzA^j{5>J~yk>`IL00000NkvXXu0mjfo3Ex9 literal 0 HcmV?d00001 diff --git a/static/img/jackline2.png b/static/img/jackline2.png new file mode 100644 index 0000000000000000000000000000000000000000..283e3a82a61b28dcfd7b7972f160a8e140868697 GIT binary patch literal 12551 zcmZ8|by%Ct5-;vSik0A`#flYom*5bzI4u_3U5dA8C|2Bp7cEk}Xz@bOqQwamcPU)H z@0@$?^W6F8eY3lHGP^T7^Bc)WEe$0A9uN-&1qGlCmWQCApu-hmWVQe0*$gZy$SlnX4Il8hJ$dvWc_*^n&_URY@Mr20zdW1%<~_ zSzbohci|vMJ*}vf@V!Fzp4dyV!67_PLh8YM3a#YatKIkj{l$>(rUys4_qVv^Y0k@B zcyXv9U_nDL3fB`E`MaPg?X81NQ)psV6V8!afp?GY0X$OCwNMM ziL@1d>U^ip8lS1?jms26xaf>WFmdIvaJWz-QMs^{Zsox)%;&BxZ)QiVbq7o=_#30; zRy@CbWas0G>tAR7&8wRT3TjUqaN6np#{OpBgWXs7hd{GB2*H=y@*XDD8#%0HsdUTf zK9xIy2ETVv#KVL%Zo3a%@LaYJHG0w;`GZm{%~as&ZaR_the66EqMX8rAV!JgV6(Wj zmnwC=Uy^dm-*yZo1q&f&<7 z>`sW`gY0R=_9UFQZ4$S2-bVgz`HNUXUkB4yHzl0^fF9Y-?SezHg(3f*4^4S2DCn7` z5{8lR>Z@#8I>LjV9slT9&|i(UHx6dP+^p@-%kPokF4gg2=vp8V^2SwC46&16K{>vl zy=Gy)nX3d}cqfB5HS+Q8ScaLgFybg#u1?xzd84OW!$t|tFBV+FJIOTls_$u<-5XA% z16gyO{rYZb6bLUFm7#WR97vKhQ--o16yC=uim^u-(9q3GZ58ggjslfhN#WRKIne`= za^7#s$>*6;1rj{5KV_Hz9dBNFj5@;kRkw+tj5%B#BA=qJNvI85r(5(tUB`$oVA znXz{#lJZ=C{$f-~D#e$!p|KeO>fc)+o-G7J0?Ad@fsSe$KP^ zvp7+vRhb5vDCciedIAJ2GaA&eh*1srFV%6GY3z`NHuz z6~5vE8Oi|`pyrLpu%;`gX)J%xNJ+RLhayl`{@DlhiH0yoH2I~t^W3OM5Lg{$4nM?S zF!(B9GOu*&X93}}hBdVU{}Enh@_xhXDE>V&-TwDLB&-Yv()7KEmi7Q@@}0QKfp>zj zFLJa~5opKV2z%AHW}EdJoh=t`FKV#1hpd!;@XnLMmdYX^tB6xpaC=|KZ4Iy6pK^#x zD-md*nb(ar$sKca@_oH5BSUd*dyUKt)RH2H;0Dyd=yWHd&SXw?8eqAv;0VisSpcAS zBnYY%CG?_IMynZidW_TPWKbe0_kf*b_G!|INkWsULyOoml8ggU!M!!BFbOfE!c|b9 z!zvMpPWhoHj%Cw(R|DGW2SQDHWvKZPa;mC21ox?6g->gMH>&t>8RUz~QUWFfq6Ggw=rWg}HD1Ri%|Ef!~t0$in!^D(&g$qLPqxDDd?-`dV7NS?tMSUrT zVb{G;#eV(uN~xXS{SrHe?agiENm9xu0QxL}|uEc>|E9QeoNHl!2tALH3!Tz_9Ke7T5ouF1`t*x`JPjY?LblR>i4bW@bizDeXEnp=H!RP!qoZr+<$r_#zXaE9(He5|zV!ZrbnQA=X@R-+&Y+PU9HtVrx??Vnex&-XuX%Mz(2NJJ(%jRAS?Oj|JC#tTH@Je$+OH>;nI0^>@Isaagh zFB*QPGf23c+wZpeme88YVQ&i_Z1&umfoN-ryJ|`jsDWe5c2PlU}SYVM)kl-qdSI0(4@@tHsx&4kZ4PGiJ zX|r$o*gN*`Lg{ST`$&wG>FoWZHwUe`H4X22GX`*Sng+{Bu5~v$`cz={5uY16?V+{A#m{VhQr` zWiNBa1ItCZ(RKql|K*0EN}1erF*@1pHEn;kLi)cBAZF0Y`SCJ7LVPrn=EOZ9)-R=} zgC=ZlGaWUDmW5Jj$I=N~f$A5AUmre8yqv;UExkVB=k~7SH6VXc3=Ua;ha=TJk)O31 zbW)hr7dHi`CmSK#_}vHfMDS%g*aMm0)6b@m3L}1eXm0)2rzA{o(RmouIw2Gb-~1 zjd{ABZ~JUyB6RGe^|!lC1BALX*E6 zZl5JpHzZ#rjZa_efd#@FTz^)seLpL9=l~X)^-oEf2_WV?qryD-r8(hBA8f9lr+>v1 zr7Idr(7$CDQZ+%h8cTe;`$J$(Khp7}MOG)VyrnF9w$ErFazAOdET+bu)QLpSYt-Sb zK)I~fxr6vfpvVbsk|$Q*#E%>Joe{T2(#cQ_emAh*;o`On=r%`jC^t(w_N zt$_`Ex9Z-34KSXkasVBW-`etP$?f5OKBkGUkxjXEVY);-%_d)EZf{ktc#xagrcrim zpsgZRr8X)yZjEa?r!#xQxM|3kf*Dm7-5)_1T_Qp>bxkkFqo}8nuKAb0C!mS0<%j?x z7Sm#O!(jxjc?lV8#`&VOP~Z2p4k-D1CO=x~7mUWk9OK8^?{j;qiHHpTBsu`XfwUZ{ zT8S6$)^q`{su{UOtUp-8f1t5R*_crqRU|wN6O$wM-*R?r%)rb998c_FSGezt;Uso+ zbhPF*{a>$=M$@#Tme5ndI%@_q+_XsMM0_P9R>gL`NF|+uYL@N*Q^9o!G*{bl#Rl(W zMfUu!eOY`PdBGY8g|Rd)X0U%`to4BJY44&ClPSwzI?dt!q}G2B%BdB2Y_ofRUuxl*6dqEb zuzg#AI*;a%=)k;YWoh-}xt$G87Y0%?`aWSgNsF3IMcmAq+n+B_@IcXpgritXMADc(w@_My=|67DKXxXJuh01P4a{nh&};(IEvvdKr9@{yH)c1ZbO z1gz$ywacSP*;V%6k?E@| zwL}W+L2RISQ!BINUqCoF9@4m#&1~Q;63f@mBYqhbQV3gPox+2sxMip4rOdIyUE-$W zj|pM=LC7q~h`sOhEaDrq?_quHHW0j80_!A`V@{7|+*;EP{y=5$7t1K{6%6?GzT^%; zi86=y0is=HIX-6XviDU5n-5@~xrerD$`~d1nyUKb7jq>{|10EwkAU_cnBn&VF=htn z7sJfcSp*>bYOqEQ)B^;_z(E>L+~6Z$0e)ELQ)C2s(%A`Vm0dHl^~JRlg}+Dbmp*12 zr(n2GJCGw^NW%Q~R8eQM>nuWDKxpTb=N~`hdp9V^UIuzH{Z3{8Xpfl2mo2A+^EXMI zGTQS=hlEJMnyC5o&N`+1f0i7W0sQ*zn887PZA6^^#0LM5Pq68e+(1bQEpx&;#wsxx zkFD@OnHBeIZy!%7mOu!M6W4Jv7yJeq%aIbdzY2nx>RbV`K#$lw($0qOtv;xYY!66q z9tv`8)W~1t75sH&oeVJ65Pp*P)%bS~wEVm{E``<94uJk8X~4K=#w!H;QF#_(?cb=b z5kk*ebg}m7LZ8YuJ%@qw4kEzRT3VcN{xPZP4x-em2^SY1CVEW?q{|3CT@OO)Fh~sE zVbHZ9db$&Aloq!2!V`UcD*pcyA0bi#ZVPQB3&>tK<#ggBecdhd`DiJl?&o+2o@3pr zYUz!lHPv{t>JKdRQZnT^?(XGR?ep@galr=`_Tv|K_!LBY-5AMsWgjTzDgmx<+M-@w zdC$YqEsG8#w)9_4ha5bI;+)X549OM8pX1kg1;wlO?nuXsTtOL@E4Mlr<69{k`STS; zCj_wHxxDAN-~rl1*mXH~F+RjOU_b}02YMK*>3rfNp*~F?>If)HFzdWGfGhZN;%$rN zCGOyzBIi+0t(AxyV$1JnI=_ps%g$K< zH(EKkD{^>NzDEoIO&eeI#R?QZU$Sq_4Ng+d>z!l*karpzhhI$RdD|7tfp5qB3jV12 z)p$nKHUE@jTugt4fEUlpS5)J(+(9B!(y?b~gSJ4I*f2uzOlnOYz&?+FAq}nlKC6@K zV#<$ZORWuQD&m;6;%-~INLj%ThEE9xfYuL7!+<{3fY%7|Pp=f)ZwSsl=MW8-CcVNi zHUt1rV>|?-EmS)V;M7)Y_}$0-1GrL1KPmq4pfwFCEaZA6p}CP*uuSs$u*dZeSkG~> z&Qh=u~SZuu^DqEqM9nuag$e#jDF@ zQP%^)^32Y;U`&}6`zEty!d5i~V`{rJ&WNjl=ThU^>={LY$?ze)&~1@jGg-fr=mZA<#9M?{ zgB7PZJVRl)K^p|%%^4z%4JEIU9-b;eMghZu8R^a^O_k?B0>PMJp5RMgJT@^RR^Fjf z2B+a_{5L=2i)7=cH3s&@Mp8ZTA!YZz#75)QscEwD4WC7FU3Cq^r&B%AA=AN_v#}_~ zL2UNDl`t%K8!a;cYD#!_eo~BqoHR@#=#B1f!M834!!O0FT$ZOq=`0E{{=bqQFyM;HlZ^K~|FMRm z|M;zXDfs?7f$3+fT%+{EKblsfJ%heP#T>DB`G-9FYyZ!jFd_$JN?#e;0i1V>bMy&* znI&aU4PuXYuE$95tgwJ2x_iqbsXAeXff0yxHdE!Rv?o>an z6&87v@#KYmQ6mt@xh>@X+%s+Y2=Lc0oZ9H0C-!!#OLeZkTB#8-UAy^-97Y%O>M}X@ zBsr#yd~@RSyMM?kgeH6jZDcyDR99VhzfP3mef>p9r`!@m8klD_>Dzakrj zWS0%%=UCw!07H1}LSH8+=q6G#*8V5@0 z=m7yXfOO=~u~`i^R}zxB2xaDRcAgpyLE^s6{CY_+xGwwSZ{EE?en`UK5x!eFT8eA! zC?78@JYrHCkT_X6{T}f;_>w5rlN>yGn6)AX#JRS>V`CetNPO3>swwF7KBnwa>BOzljVn9&jo`W>A@GL#Kgnt?y<)CKD$w zhmFI-wQ=qxE{dsnwd~+DYcgI!q8H)H6E=$Nf;cZG>V`>NCbEdxuH^*BJxv7X>~-VZ zabo!g+hV0DKSwKl`ZU&;uEi$!?TuO!{?g2cxvh8gy_8{GQY!y5g-?JM z2FrczK`-$R8T})h=aaO%mtv~Qe%&b9Mlw8DTYj9em}PBqzSr^GzAA9_t=-x(Y<#8A z>sI)Acxy@#^GDx3VblJQUL?DZuf)-(4s1HfGSE{Db9G=PG5_tt@N?_L=U+tqnF~gd z?g?ZL^b{63q?DLdP_36E(u>C?!wh;lr(pCFE7k>YfvnL^>|)V-bz~4la&%GIq}XiV?Lap}clQ zqdT5I^yO|9eCls)AN^PwOeqXKDrVRp85bf8W+9*D@KV<>t3&{B)I*RH&CH*-Fnvja zHYL%ybbS%FKYygIcnT_hoEQJPVz@IFB;YRgsz@sIE}pn($RU=wVR{blp7+^A2Vg;^ z_xYACE$2xfTae17Y9o-DL}p_*#r*S3H;b~px?a%fV56MApo0KppBr`I%<^rYLrrWB z)eA2WMXpWvbqk^BJWz~R^O^_D6BF%##D3wp>egL-T_7jE+3L+eFW-8TU_z&K$|&@= zNZ=q8+&og>T*{>x@gEfaZya(Ns~cj+Py?JU#cquoA!SIdiM{ThWi2zm#{4TeYJCJw zTCLw_d(mM-Y2MSyp@ete(rw*DR=q82*B z#{jUNkBCas5It%6L&C--9rJ`+VJcPv8^MKzH1Bs%{kY%?*YZ6!Z(rDi@VM0MNdHr` z`ETCw34A}*u=OAM?G5bf{Rr zBr2iQCh=U!w?s!<=S$;;0!Ohc4R^i+n6oe*Wy@itztJL3q&-Bo`PIB}JAPr{a%U+x zk9O;RlY%D>OD9bcN8Ew6LrQ6En3xhRDbb3v{#~mppu%%EY-# zbDRPdEgO=oO0FAL3!L!D!#HQ%P8QxqcTXR)wX0XP@?i9Pg`nEwy~*!qdjo&^PAPE` zua#xuQCCiAVPr}ZIU(;i6t>JDN`@S; z!Q`kk>TFJF{CVC_Y367F>KCP!h#1okKpTL`touahC7&aXzYO!>Q+L9AgLnipz8{9`uJdOxxs7aIcZ5r$SJE+$3-Joep6!MU z8vx5V)p8Z6Qy$6fmN)zf5HO(E`2|~&N@1drDpjqbztAiBGTZw7`PVaAVcArI@Q!(U zh*rgiCgoap--)xHdFhIB@P3^)VBk1LMH6J2M~>FaL>?Wj2j%t-+BmTZBE!SSW66IG0!K=)87H8UGW0|AWNRgP3wM_G>zsUH!1&d>(&gLe4hK zq&36IN_TGSe5nskX~32?)m;KFH%>9YEIYU1xd}KcsggtpWXr?rFjU+8W9ePZaL=bD zF*aMLWMDT`h$mb#!qd6hTJdaFr5rrwR8Re= zCUoutg|1$7fR?EcQ&5iJsirBwIFf9p+V<<*vi_=I4x-2KTA#T_WSKx_H4&U;eVed1 z5wIn2Vi**ql(lYlvUz7^f4!@Tdpb8(_HeuUIPmyLykHIm^r>ffn_QcloRvxsR{@Q! z@5jc(I7_vs1|*!Fgt)Tt;6bw;-}3Pi@i#Q(GaD*c`OsKWlRHi`xvGYQ%vU5*k^N?U zcy}y%3+6(KMYDe`72?1fnUBR=U%q$wPSr@Ij;T})Q^2z3q+gUTilrVnUCkpe(=hEA z1gu4!6spwI-jRcE%q1Hb4m31D9hlduqkDM`+eDW4tB(W-E8n(ELLrNqq|>^+yWfO} zMMm8W9sbr*G-y%WAssb%1NwEgWLc>f!Xz=4l_7DJ&k28|R{ul4_x6pdOC=RFJVC)f z^B^{jfpbJ!zw|npWZL?WQP0}{jR$X3I!6zY%N7rT@TY2AV5x{kd}wZUzJ z%W@129?HL4{l7%?zdF!|?{kf#mR|KJu<(&#ugB$HWqlEM8b@#aU1+pJU9xB^vwQ!N zwKfQMO-@uOoXnCp^!*!p3P#gs0mMgUtGbnYp9+FPE0eIEpxpIOhUMA*&72nxRaSp6 zV}xQA?iW$@)KbV)X`;`oBr}QIQg%Zf2x$b&3bzYmxJIbxKNTRfJ+xV#H|>xnQo84U zfF(rc7hbz3>^xtjC?l8?CyR%1x!$uwgks^9Jl4{-eZK>z*+L_g^JM&Ba^wy|gIg0w zceyGGazUDx@nOT2@$sKG4I{P_p+KIX${KV_O2*CD%y4D>yznXuKJ5498Jf82Jt$8d z06Iq$()|kq>+ZtXEn_sH?9w84Q%h#N$KL)naWfrU)Spum1|Z= zeb8+rwFZ~L!W1$)$<(1hts}`Y0G{?)U_>)eJA+rx^@g~3#=!>-WvE&MpdkaXbPl^)?(bUa4=yEJN)|M=>Gli zxT8Qjs!bA_&lf@Ck1|G3D0=xW_50WAoN((jyt2mWy`XlU)S4~hl{GIf+AvQ6ZXwWkzQPPibwRsm(We6IFD#?R#1WzX0oIC8#=S|#uTpCF z;=;AlEwk6BqIY%gqs|1aIIc|@PR03dNrbCtbeFT*^%)C>Srn)?A%CV|VF`Fw4Nrs2 zCMA+x3P+tn&7ZxonTdbabh)$d|5pLKJJEbRW}k4?bxeu|IoqQdeg4YI@C3{I5o};O z9;0~M`jiv@5B+Kmbc7sJTZyye+{zU4=^rh`L|Xo8tV~zjSBjK75&Jy#7tO>jM6=N_ z>!^M<*QIVvr@9*+3@a+xF7ha#%z93-nsM>R(D2(&&*Z=%IfN*e11!o5`!>baSpKuh zUmjB$gHZ1#>DTUYL*PM^gxwFP^xyZG)i)o2FEz@^avfQ5=Gl>O~{@sO~7dCW1( zC-6Hwv56fdlw!zbn z8a9Un04=@TnV!tK`q9aY#2bN| zsvyr=Y89Iy1Er7TH)Z=?%H(vp1%NY>Rr3Mhq*2zm5D{Wc-=dQc9A-XTb(g}HvYrPQ zdG_UZa;gQP{L-Z5IbB2u$$rdgnc-g0kek6pF&}tnXi_w&yfej7X-%4ZxKsD}x+!O> z97B(qxr!uud?&vP-ryl17RLUwm}l;Sv9|k%2>j|6(kbmN*}}I@JMWT$P)8iIIs;2= z3%``2q8TQdP@Qb6sWbP>10xqmTz;cAD%y7d-5*%C&b(r#{0?v3C>vg zJBVKsKEG7~K-@%XgDFw$Xj!h^Ve00KYXy>e0UxZvQgW_mxmR?&QVwQR2iiSqGA6#W zm0WadXPbQcw<6$^ci?8zZCkyIO|aCy)8RUQtmV~BlsMz3*#FR{XusigkH#tA)+sYU z_}^m(<+cq31=Vbi?8NHpqJ>{C#yECR-3}v_HyVWTOWS?@s>SGcI)E1OeCSPH_`MRY zmLw*lSExY)FPfv2ogBEa(W(RJ-S+6eSmIdCB(HE8K z#cK{A-Pf(ZC>jNmMjwm2|E!d$F1dYPMe^y@Jp+EQdz=zm^k1%%Pi=TQJfxeX9h5|W83?UCFqK}ijE%g?hUlu z{z&T@{e3RloD8)m$RMaZ11*||EE;8+d*GsOQ1yMM(N=(uw0bg&NFLr(F9Es>-i#7r zhJX>I5I=ocj0qv=7h0!a<4*!|Dtw-VkjA51^eoH9u;H6q2C>71`7oWS8$R;i@u)Eh zi1J1A6UfDr*~6Q99Rsw$FVWRA$Cx5dr}R|MY?&gJ;f0t$w&|MTBZmI8w6N(ZMLZr6 zaRg=UvvNIztw6haP1FJ-AZzOC*^2@~;U{3qnj&RKjEzn>snyrhJA6!tVln>95i;-% z>ibItL|z%+co>)~cjzZDy(*q!i5Hd|;-WDd`n zk)e+6w}2&KLJ8+zA6xRZs1_H6+=(qXXk6?=rbhGE%`CFsyJk2|3za?EY{nAy$Mhyh(; z+s%aZjF82l7_dwL$&t7agY}Rh2$^9$53q{P6xe`Gg5uo#riyBd(EdLB_}qh+wH|dU zs=B;5zLRV_QS#CzFz=i#x)E*C2Z&VmKG6H2y1$;gtW2xVYd&ROI$cl#+$cXU4b}wf z*?2vls=r!T%FsuhI{VPVrLLb7pTjt1$6P5tCvESEsJ5f)m_QJKUlKNhTd-2!w||`t zqkeM9Jbn|Qtt+2P0;Irq6@I=`%8oD81nkwsf>j;|wLH+uXCUhK6v*>Q>ZtU?bX?9V zY&pH0y^?VE58ZP!I}S+#nxPGDX#j?*(0yKbEitqUi!H~uhFAc$*CBf5KmzH^mSFm~ zV2Ui}&XHMY1~%@hQi5`PKd{lq%t`ctGdlC+DlRB?lZw-a7l>Zd3Yf5zw5*~|+<#tT zf#2w%!wb}aiu_6S883T{6MQvqld|LZR%h*nAxr`SmCe}059!v!27sl>p-Jd>U64Qx z(0#0fE=IG{exhxsWbuaw(hT12p~26!6=}4mt~yKH_CPwj)PnOLm848}3L7q84r+fY zbUs)OGU0R4>nADH0W-y72Gj9H4bfL50zc0oc+n#lMyxB8-30Z~n~?L|MI;s1xHB3a zLRg4|Z#|f+){uXudLeL;R*rQFxEDKy(k<%Cj`YwlJVL#KL6bjT2A9f_81P(BeV z)KU~3bI*5)D;b>L_f!gqHMwe6fnnt+v?<15A+Ifi=}aSe1MNS@2p#gqlBEaEC+2?= z=7+7nK*+H0DGfPE%Z$DbIUm921FKtMr6+>6E(9RsZn}&BPR_BPD#~5a_ho(fUybk* z&Lt5~`>$2|!tMN?;LxCv_bzf^XqF%tTt;6ybLn?4`SkK0&HAo_TQq(Vu|}J zlioV~#ga_$EH^-3aTsKLDv`4yAvIXp%HpANcxfCbzUmO%+M!5nyUm#`evG|%uG7t| z;5;?kO+un6d%W0o;Jj3UhB!$n0umKNQ@NB9T9CA3YTc!8Bm3<0J04|ptJxp4bWb5i zN@y7DZBAyVto`urm%~VP{eoS5xTuw+>{LcKEu9T)J&euu#UsY_M;7-my7&gJaJ1S; zPgoym{oPoaJ{Z5o$;bB^1MansYtfsvT>q3N_$QnTb2t62<-oQy3Gwl*jq+KkL@h71 zuT7;fgdVo-swS)VBg9Jt!rA58K&2VwfEqFJrR07y0Qdpd@MW&F@+mRm^Hf3%F7)-f zx*T-*T+5lm!{guU>+AK>4{d)R=Qy4+ zPwA$pL7J!OlMMDMBJK9*AXBOm^a#-BE!TG0e==M-zX~; z`QNd;nKMpIpOrSc6G{twJnDKJkoqAva8N%N;`pFse{_=P)5(3UG0_}Ri41}-eb%mA zcj?h(3S!X?u+>wW6`1*?%Xb6@GlEik-l10COF-y_itC|gcjjNEL%uc0=ePf$DB2E+ zhHDHZfZ%b5_I=XrZAHCMTq? z?tz`>V-qYPq$!Dce^LI{91V9e>@3Wu1RrojhPe7AxS8t6EJJOkvl_s^LyovANgJp? zdb>Rqc2!I-Yc!QLZ|akHiZgunxeJDNoWhgv%@Uz%B>ES9jD~n#vJv^ksOy0{xH(}h- z-glGt<9VzZPA~ + stdlib.a/home/hannes/.opam/4.03.0/lib/ocaml/stdlib.a (1588982) + sexplib.a/home/hannes/.opam/4.03.0/lib/sexplib/sexplib.a (673124) + lwt-unix.a/home/hannes/.opam/4.03.0/lib/lwt/lwt-unix.a (657552) + liblwt-unix_stubs.a/home/hannes/.opam/4.03.0/lib/lwt/liblwt-unix_stubs.a (515632) + libasmrun.a/home/hannes/.opam/4.03.0/lib/ocaml/libasmrun.a (433626) + lwt.a/home/hannes/.opam/4.03.0/lib/lwt/lwt.a (331998) + cmdliner.a/home/hannes/.opam/4.03.0/lib/cmdliner/cmdliner.a (276850) + astring.a/home/hannes/.opam/4.03.0/lib/astring/astring.a (246538) + libunix.a/home/hannes/.opam/4.03.0/lib/ocaml/libunix.a (207120) + ipaddr.a/home/hannes/.opam/4.03.0/lib/ipaddr/ipaddr.a (202720) + unix.a/home/hannes/.opam/4.03.0/lib/ocaml/unix.a (143632) + camlstartup800193.o/tmp/camlstartup800193.o (117440) + ocplib_endian.a/home/hannes/.opam/4.03.0/lib/ocplib-endian/ocplib_endian.a (93778) + fmt.a/home/hannes/.opam/4.03.0/lib/fmt/fmt.a (88008) + cstruct.a/home/hannes/.opam/4.03.0/lib/cstruct/cstruct.a (70122) + lwt-log.a/home/hannes/.opam/4.03.0/lib/lwt/lwt-log.a (69738) + bigstring.a/home/hannes/.opam/4.03.0/lib/ocplib-endian/bigstring.a (47622) + logs.a/home/hannes/.opam/4.03.0/lib/logs/logs.a (46250) + libbigarray.a/home/hannes/.opam/4.03.0/lib/ocaml/libbigarray.a (32488) + bigarray.a/home/hannes/.opam/4.03.0/lib/ocaml/bigarray.a (30248) + mirage_logs.a/home/hannes/.opam/4.03.0/lib/mirage-logs/mirage_logs.a (24602) + mirage-runtime.a/home/hannes/.opam/4.03.0/lib/mirage/mirage-runtime.a (21882) + functoria-runtime.a/home/hannes/.opam/4.03.0/lib/functoria/functoria-runtime.a (15698) + OS.a/home/hannes/.opam/4.03.0/lib/mirage-unix/OS.a (15004) + main.omain.o (14624) + io_page.a/home/hannes/.opam/4.03.0/lib/io-page/io_page.a (13424) + mirage_console_unix.a/home/hannes/.opam/4.03.0/lib/mirage-console/mirage_console_unix.a (12746) + mProf.a/home/hannes/.opam/4.03.0/lib/mirage-profile/mProf.a (11358) + libcstruct_stubs.a/home/hannes/.opam/4.03.0/lib/cstruct/libcstruct_stubs.a (9468) + libio_page_unix_stubs.a/home/hannes/.opam/4.03.0/lib/io-page/libio_page_unix_stubs.a (7530) + key_gen.okey_gen.o (7256) + lwt_cstruct.a/home/hannes/.opam/4.03.0/lib/cstruct/lwt_cstruct.a (6696) + unikernel.ounikernel.o (5032) + mirage-clock.a/home/hannes/.opam/4.03.0/lib/mirage-clock-unix/mirage-clock.a (3330) + std_exit.o/home/hannes/.opam/4.03.0/lib/ocaml/std_exit.o (2984) + io_page_unix.a/home/hannes/.opam/4.03.0/lib/io-page/io_page_unix.a (2046) + result.a/home/hannes/.opam/4.03.0/lib/result/result.a (1950) + mirage-console.a/home/hannes/.opam/4.03.0/lib/mirage-console/mirage-console.a (1870) + diff --git a/static/img/mirage-console-xen-bytes-full.svg b/static/img/mirage-console-xen-bytes-full.svg new file mode 100644 index 0000000..1f5f87b --- /dev/null +++ b/static/img/mirage-console-xen-bytes-full.svg @@ -0,0 +1,55 @@ + + libgcc.a/usr/lib/gcc/x86_64-linux-gnu/4.8/libgcc.a (3027014) + stdlib.a/home/hannes/.opam/4.02.3/lib/ocaml/stdlib.a (1400328) + sexplib.a/home/hannes/.opam/4.02.3/lib/sexplib/sexplib.a (665768) + libopenlibm.a/home/hannes/.opam/4.02.3/lib/libopenlibm.a (629620) + libxenasmrun.a/home/hannes/.opam/4.02.3/lib/pkgconfig/../../lib/mirage-xen-ocaml/libxenasmrun.a (343920) + libasmrun.a/home/hannes/.opam/4.02.3/lib/ocaml/libasmrun.a (331260) + lwt.a/home/hannes/.opam/4.02.3/lib/lwt/lwt.a (328130) + cmdliner.a/home/hannes/.opam/4.02.3/lib/cmdliner/cmdliner.a (277042) + libminios.a/home/hannes/.opam/4.02.3/lib/pkgconfig/../../lib/minios-xen/libminios.a (271372) + astring.a/home/hannes/.opam/4.02.3/lib/astring/astring.a (243240) + re.a/home/hannes/.opam/4.02.3/lib/re/re.a (233148) + ipaddr.a/home/hannes/.opam/4.02.3/lib/ipaddr/ipaddr.a (198636) + camlstartup873580.o/tmp/camlstartup873580.o (121544) + xenstore.a/home/hannes/.opam/4.02.3/lib/xenstore/xenstore.a (119916) + ocplib_endian.a/home/hannes/.opam/4.02.3/lib/ocplib-endian/ocplib_endian.a (99350) + fmt.a/home/hannes/.opam/4.02.3/lib/fmt/fmt.a (86522) + OS.a/home/hannes/.opam/4.02.3/lib/mirage-xen/OS.a (77252) + cstruct.a/home/hannes/.opam/4.02.3/lib/cstruct/cstruct.a (68448) + xenstore_client_lwt.a/home/hannes/.opam/4.02.3/lib/xenstore/xenstore_client_lwt.a (62488) + libxenposix.a/home/hannes/.opam/4.02.3/lib/pkgconfig/../../lib/mirage-xen-posix/libxenposix.a (61286) + mirage_console_xen.a/home/hannes/.opam/4.02.3/lib/mirage-console/mirage_console_xen.a (51346) + bigstring.a/home/hannes/.opam/4.02.3/lib/ocplib-endian/bigstring.a (50380) + logs.a/home/hannes/.opam/4.02.3/lib/logs/logs.a (44770) + libxencamlbindings.a/home/hannes/.opam/4.02.3/lib/pkgconfig/../../lib/mirage-xen/libxencamlbindings.a (43158) + xen_gnt.a/home/hannes/.opam/4.02.3/lib/xen-gnt/xen_gnt.a (42476) + libx86_64.a/home/hannes/.opam/4.02.3/lib/pkgconfig/../../lib/minios-xen/libx86_64.a (41790) + shared_memory_ring.a/home/hannes/.opam/4.02.3/lib/shared-memory-ring/shared_memory_ring.a (41024) + re_str.a/home/hannes/.opam/4.02.3/lib/re/re_str.a (37994) + libxenotherlibs.a/home/hannes/.opam/4.02.3/lib/pkgconfig/../../lib/mirage-xen-ocaml/libxenotherlibs.a (37666) + mirage_console_proto.a/home/hannes/.opam/4.02.3/lib/mirage-console/mirage_console_proto.a (32550) + libbigarray.a/home/hannes/.opam/4.02.3/lib/ocaml/libbigarray.a (27760) + bigarray.a/home/hannes/.opam/4.02.3/lib/ocaml/bigarray.a (26228) + mirage_logs.a/home/hannes/.opam/4.02.3/lib/mirage-logs/mirage_logs.a (24604) + xen_evtchn.a/home/hannes/.opam/4.02.3/lib/xen-evtchn/xen_evtchn.a (22362) + mirage-runtime.a/home/hannes/.opam/4.02.3/lib/mirage/mirage-runtime.a (22140) + lwt_shared_memory_ring.a/home/hannes/.opam/4.02.3/lib/shared-memory-ring/lwt_shared_memory_ring.a (21432) + re_emacs.a/home/hannes/.opam/4.02.3/lib/re/re_emacs.a (20354) + xenstore_ring.a/home/hannes/.opam/4.02.3/lib/shared-memory-ring/xenstore_ring.a (19818) + console_ring.a/home/hannes/.opam/4.02.3/lib/shared-memory-ring/console_ring.a (19722) + mirage-bootvar.a/home/hannes/.opam/4.02.3/lib/mirage-bootvar/mirage-bootvar.a (16280) + functoria-runtime.a/home/hannes/.opam/4.02.3/lib/functoria/functoria-runtime.a (15444) + main.omain.o (14112) + io_page.a/home/hannes/.opam/4.02.3/lib/io-page/io_page.a (13208) + libcstruct_stubs.a/home/hannes/.opam/4.02.3/lib/cstruct/libcstruct_stubs.a (12016) + mProf.a/home/hannes/.opam/4.02.3/lib/mirage-profile/mProf.a (11084) + libio_page_xen_stubs.a/home/hannes/.opam/4.02.3/lib/io-page/libio_page_xen_stubs.a (8430) + libshared_memory_ring_stubs.a/home/hannes/.opam/4.02.3/lib/shared-memory-ring/libshared_memory_ring_stubs.a (8220) + key_gen.okey_gen.o (7184) + mirage-clock.a/home/hannes/.opam/4.02.3/lib/mirage-clock-xen/mirage-clock.a (6476) + unikernel.ounikernel.o (3592) + std_exit.o/home/hannes/.opam/4.02.3/lib/ocaml/std_exit.o (2944) + result.a/home/hannes/.opam/4.02.3/lib/result/result.a (1852) + mirage-console.a/home/hannes/.opam/4.02.3/lib/mirage-console/mirage-console.a (1778) + diff --git a/static/img/mirage-console-xen.svg b/static/img/mirage-console-xen.svg new file mode 100644 index 0000000..b39bfb7 --- /dev/null +++ b/static/img/mirage-console-xen.svg @@ -0,0 +1,669 @@ + + + + + + +mirage-console-xen + + +xenstore.client + +xenstore.client +1.3.0 + + +xenstore + +xenstore +1.3.0 + + +xenstore.client->xenstore + + + + +lwt + +lwt +2.5.2 + + +xenstore.client->lwt + + + + +cstruct.ppx + +cstruct.ppx +1.7.0 + + +xenstore->cstruct.ppx + + + + +cstruct + +cstruct +1.9.0 + + +xenstore->cstruct + + + + +xen-gnt + +xen-gnt +2.2.1 + + +unix + +unix + + +xen-gnt->unix + + + + +mirage-profile + +mirage-profile +0.6.1 + + +xen-gnt->mirage-profile + + + + +xen-gnt->lwt + + + + +io-page + +io-page +1.6.0 + + +xen-gnt->io-page + + + + +bigarray + +bigarray + + +xen-gnt->bigarray + + + + +xen-evtchn + +xen-evtchn +1.0.6 + + +xen-evtchn->unix + + + + +xen-evtchn->lwt + + + + +xen-evtchn->bigarray + + + + +shared-memory-ring.xenstore + +shared-memory-ring.xenstore +1.3.0 + + +shared-memory-ring + +shared-memory-ring +1.3.0 + + +shared-memory-ring.xenstore->shared-memory-ring + + + + +shared-memory-ring.lwt + +shared-memory-ring.lwt +1.3.0 + + +shared-memory-ring.lwt->shared-memory-ring + + + + +shared-memory-ring.lwt->mirage-profile + + + + +shared-memory-ring.lwt->lwt + + + + +shared-memory-ring.console + +shared-memory-ring.console +1.3.0 + + +shared-memory-ring.console->shared-memory-ring + + + + +shared-memory-ring.console->cstruct.ppx + + + + +shared-memory-ring.console->cstruct + + + + +shared-memory-ring->cstruct + + + + +sexplib + +sexplib +113.33.03 + + +sexplib->bigarray + + + + +result + +result +1.0 + + +re.str + +re.str +1.5.0 + + +re.emacs + +re.emacs +1.5.0 + + +re.str->re.emacs + + + + +re + +re +1.5.0 + + +re.str->re + + + + +re.emacs->re + + + + +bytes + +bytes + + +re->bytes + + + + +ocplib-endian.bigstring + +ocplib-endian.bigstring +0.8 + + +ocplib-endian.bigstring->bytes + + + + +ocplib-endian.bigstring->bigarray + + + + +ocplib-endian + +ocplib-endian +0.8 + + +ocplib-endian->bytes + + + + +mirage.runtime + +mirage.runtime +2.9.0 + + +logs + +logs +0.5.0 + + +mirage.runtime->logs + + + + +ipaddr + +ipaddr +2.7.0 + + +mirage.runtime->ipaddr + + + + +functoria.runtime + +functoria.runtime +1.1.0 + + +mirage.runtime->functoria.runtime + + + + +astring + +astring +0.8.1 + + +mirage.runtime->astring + + + + +mirage-xen + +mirage-xen +2.6.0 + + +mirage-xen->xenstore.client + + + + +mirage-xen->xen-gnt + + + + +mirage-xen->xen-evtchn + + + + +mirage-xen->shared-memory-ring.xenstore + + + + +mirage-xen->shared-memory-ring.lwt + + + + +mirage-xen->shared-memory-ring.console + + + + +mirage-xen->shared-memory-ring + + + + +mirage-types + +mirage-types +2.8.0 + + +mirage-xen->mirage-types + + + + +mirage-xen->mirage-profile + + + + +mirage-clock-xen + +mirage-clock-xen +1.0.0 + + +mirage-xen->mirage-clock-xen + + + + +mirage-xen->lwt + + + + +mirage-xen->io-page + + + + +mirage-xen->cstruct + + + + +mirage-types.lwt + +mirage-types.lwt +2.8.0 + + +mirage-profile->ocplib-endian.bigstring + + + + +mirage-profile->lwt + + + + +mirage-profile->cstruct.ppx + + + + +mirage-profile->cstruct + + + + +mirage-logs + +mirage-logs +0.2 + + +mirage-logs->mirage-types + + + + +mirage-logs->mirage-profile + + + + +mirage-logs->lwt + + + + +mirage-logs->logs + + + + +mirage-console.xen + +mirage-console.xen +2.1.3 + + +mirage-console.xen->xen-gnt + + + + +mirage-console.xen->xen-evtchn + + + + +mirage-console.xen->mirage-xen + + + + +mirage-console.xen->mirage-types + + + + +mirage-console.proto + +mirage-console.proto +2.1.3 + + +mirage-console.xen->mirage-console.proto + + + + +mirage-console.xen->lwt + + + + +mirage-console.xen->io-page + + + + +mirage-console.proto->xenstore + + + + +mirage-console + +mirage-console +2.1.3 + + +mirage-console.proto->mirage-console + + + + +mirage-console->mirage-types.lwt + + + + +mirage-console->mirage-types + + + + +mirage-console->lwt + + + + +mirage-bootvar + +mirage-bootvar +0.3.1 + + +mirage-bootvar->re.str + + + + +mirage-bootvar->re + + + + +mirage-bootvar->mirage-xen + + + + +mirage-bootvar->lwt + + + + +lwt->bytes + + + + +logs->result + + + + +ipaddr->sexplib + + + + +ipaddr->bytes + + + + +io-page->cstruct + + + + +io-page->bytes + + + + +fmt + +fmt +0.7.1 + + +functoria.runtime->fmt + + + + +cmdliner + +cmdliner +0.9.8 + + +functoria.runtime->cmdliner + + + + +cstruct.ppx->cstruct + + + + +cstruct->sexplib + + + + +cstruct->ocplib-endian.bigstring + + + + +cstruct->ocplib-endian + + + + +cstruct->bytes + + + + +cstruct->bigarray + + + + +bigarray->unix + + + + +astring->bytes + + + + + diff --git a/static/img/mirage-console.svg b/static/img/mirage-console.svg new file mode 100644 index 0000000..7c79d9b --- /dev/null +++ b/static/img/mirage-console.svg @@ -0,0 +1,407 @@ + + + + + + +mirage-console + + +unix + +unix + + +sexplib + +sexplib +113.33.00+4.03 + + +bigarray + +bigarray + + +sexplib->bigarray + + + + +result + +result +1.0 + + +ocplib-endian.bigstring + +ocplib-endian.bigstring +0.8 + + +bytes + +bytes + + +ocplib-endian.bigstring->bytes + + + + +ocplib-endian.bigstring->bigarray + + + + +ocplib-endian + +ocplib-endian +0.8 + + +ocplib-endian->bytes + + + + +mirage.runtime + +mirage.runtime +2.9.0 + + +logs + +logs +0.5.0 + + +mirage.runtime->logs + + + + +ipaddr + +ipaddr +2.7.0 + + +mirage.runtime->ipaddr + + + + +functoria.runtime + +functoria.runtime +1.1.0 + + +mirage.runtime->functoria.runtime + + + + +astring + +astring +0.8.1 + + +mirage.runtime->astring + + + + +mirage-unix + +mirage-unix +2.6.0 + + +mirage-clock-unix + +mirage-clock-unix +1.0.0 + + +mirage-unix->mirage-clock-unix + + + + +lwt.unix + +lwt.unix +2.5.2 + + +mirage-unix->lwt.unix + + + + +lwt + +lwt +2.5.2 + + +mirage-unix->lwt + + + + +io-page.unix + +io-page.unix +1.6.0 + + +mirage-unix->io-page.unix + + + + +io-page + +io-page +1.6.0 + + +mirage-unix->io-page + + + + +cstruct + +cstruct +2.1.0 + + +mirage-unix->cstruct + + + + +mirage-types.lwt + +mirage-types.lwt +2.8.0 + + +mirage-types + +mirage-types +2.8.0 + + +mirage-console.unix + +mirage-console.unix +2.1.3 + + +mirage-console.unix->mirage-unix + + + + +mirage-console.unix->mirage-types + + + + +mirage-console + +mirage-console +2.1.3 + + +mirage-console.unix->mirage-console + + + + +mirage-console.unix->lwt.unix + + + + +mirage-console.unix->lwt + + + + +cstruct.lwt + +cstruct.lwt +2.1.0 + + +mirage-console.unix->cstruct.lwt + + + + +mirage-console->mirage-types.lwt + + + + +mirage-console->mirage-types + + + + +mirage-console->lwt + + + + +mirage-clock-unix->unix + + + + +lwt.unix->unix + + + + +lwt.log + +lwt.log +2.5.2 + + +lwt.unix->lwt.log + + + + +lwt.unix->lwt + + + + +lwt.unix->bigarray + + + + +lwt.log->lwt + + + + +lwt->bytes + + + + +logs->result + + + + +ipaddr->sexplib + + + + +ipaddr->bytes + + + + +io-page.unix->bigarray + + + + +io-page->cstruct + + + + +io-page->bytes + + + + +fmt + +fmt +0.7.1 + + +functoria.runtime->fmt + + + + +cmdliner + +cmdliner +0.9.8 + + +functoria.runtime->cmdliner + + + + +cstruct.lwt->lwt.unix + + + + +cstruct.lwt->cstruct + + + + +cstruct->sexplib + + + + +cstruct->ocplib-endian.bigstring + + + + +cstruct->ocplib-endian + + + + +cstruct->bytes + + + + +cstruct->bigarray + + + + +bigarray->unix + + + + +astring->bytes + + + + + diff --git a/static/img/performance-nqsbio.png b/static/img/performance-nqsbio.png new file mode 100644 index 0000000000000000000000000000000000000000..cc5e8db88c4676629b4d1719d868a8f3f320f258 GIT binary patch literal 310097 zcmYIw2RzjOAHQ!U$xe|7QDm3BM`VWVO=M;7?MPV($)0CquQ+=qB%6%0&p!L?eeVCh z`u+d^j~>_Ex%+(HpV#}fU(cuT*D7*Ew;$Zb!NDO?ke5-%!NCi}!MP!L>l%2+szUoN z`0s|5l(G~KPDM1qr713WP5)M2T^R?*hY1HK@FNb+Ie05@4F|{l84k|I8ypkjFhI=)YhzL8o3r6ZU2NJnH1}lgTVY_> z?QC7riZ_&7vvA|rueUPSa)NM6!gyomMA*NNZZ|Wh&MK#SV{UbPF^5fF+xm&RSlClw z(%6~tW%hM(aSgo%uK2%WUi6L6$3xVFxJo{jW8~^u% zIP=OfGV$^8?;SJYo9QGeHDiS%RPP<*zow0*y*2t>`u{$M^W%C1>;Hchc<>*-_1~9) zO3C!M5~YQvd)^rjD9_jou3e+qaoK^E67^OpC9vb0_diie_->c!&0`pnXca?0v^n5A z{2BJ3I_KlZkDFzUJ3Ec23}N?;-!Y8wiWc++L>uEfn~6I@-%le;O_~qaM?4>QeZ+;x zgqW5!A5Z=06(8-Kz zw5?G4GjZF(q9U86Uy&bf64?}{2t0^P6>!YpefQNit4nwQ4{qc+TV~YQXXy%ov>e2~ z$(bss7V_RVkERt%i}pR*aKAj=J0FlI{YYu-)zQPLrVla&?`!`3BbWphp52lH(os2c}y z;Bkt%1QhHAMMd2A2@jBiiSmyl{b3J8Jhp~&ZK(`6X^jNOmtO!Re5gK}WN zz-5|9ZzZ*W!y)1k+Au_Ut|^&PhbMZcmFHAml1umdo33+;ONd1KUG=5Er>n3U%n%(EDEdM$bE8hd%xrNe zOPYjMw9a}sJ8z8epFW9%n5K1W!>^yLfOYrx^qgN^pf;!dz$QThuFiZ>&6M}}m#|kn6vu-1K%Bg;|#U`x~RP#xO?E-jt z*`&mqA1*dG{+JA^ zBEn$V&5u7+Ropjy@TWlR;C0+N`)e52Rpg9`*8*+(E` z@6C_EL=#B8QX=QvN=f<0qx2X|X@=KgcyW2l6h`~+t~=?G-B?%%rQ_t{;(GeD?&^Fq zogg+gw$^Uaj61o;Zt`nd8qIH&4d0?Mo8sc)@TX#8vqCo2;HJtR`2y{3Kp#(2YfZ_f zr_1IPmX_L&t^%_L#;arEU+szC9BNjd!5ZIV;84FZTBy-4p?u;VLP%BVd$M!>zzmrF z+pef1SbcHiHBldHYin=s`h(h^IkJ&cFso=+Z!fRYN{imlvP%o?p?HM%=MBBKtKqbw zUPE^Lc;X4AZSG}2jYfr(Ee}dywwe!c2u2olLTeEL7<39y zARxg=*`*I8;(~S)-(N;h@D-&gC@4(V*z+X60#;OG>mThB^6}$cN=ml7x8d5igR{SV zd;Iuu2l8Fb8;sq))>cJcx48@Yg;CD1SN^(K*@@)w`hgDuW;GbcqOt5!Z^+qtwwmg> zJvF9|QlhoZ%gsGnAL%-)3&33Ak|M?FjHNUCO-VsX} zHkY+sO)fhuIcNT8RGtqQ*qBECcz>OMfPj&a@j6%Og~dc)|7LM64&}I~n?x}Fx3BA> z{r}C@IwJb|`fzkqO!fz2poqEsl?YE`p5>O>R(x~va2alw<=_3O0s^O;>!ur{g`Noi z6L5n!3GdV23BNY^_~}#mT=iMV#r8NcE)V5DgHBc&N93XGlKBl0^req{rW{gLGgev zM5|aE_v?Ud9NZ+JxuQMtI+uDPr;*3j#6rdQmMq*&|`KR6wICBZ~p@y~f8o8?Ig8pg0 z07CR|NSZaiC|9hZ zM9!?@hdzQkHXn^MeGa@@%Zb)5Go&ITGp*1yBoOP-)7GvrZ4c>=Wp322ThB`!FE!B7 z)?Pi}O)VGFa5{CH|M4COL$g$S)2)FS>i5TYE-9g54p{TAS_GuA274UOdLo*^R|iIX z9sT_Le0+q-I80hDfiuO&$B&$qe)a0}AijaI*Fx}r*Kf}FY?hWi0bzyXN&^S#XuH%E zZPMa*w!hMAB%xtl$OHjv1sgaEd?dJ>daimi=IX)(a<&3iC~>g`iCW0*-l>w6g(EYMrj>KfV)r|2YE#gBdWK{~Z48 z~=Lh&{9u3>$Tg)C<_ylCHOSv0)f%r__pkFmi;mUxEpTQ z)jnDK`(80KBZWkH6KU&k5H!3GR;y1(b9aLA{r+4>@$ZY5pI@Q^FpbCz-xn`lU_A>R z5#rufkAU_|J^pcvf#Ou%Z=i4%f2KsTG|~aL9i(BeBnIf#|5v!H`Vj4NaZV9 zv-89C_E3_+!9i73)mmM4;?N~gBNWvCcoJA`{>b{F4-kC-rjybn4JEL!x71a;MGW=X zC{&1Lq9VK*t<=(q@DQCF?=af~+oDruSZ~((38XUu9xj9u$}{<@P~&Ew`YE%C@20NE z0e_I+>69D$SERJ(z|UCxc*fw()a+LNAY<|4SZ)~v&daa!)4c%nQDT?yk^PR^z&XF; z*1Pj9FQT3P!C`-gxdKIp?i*Dq`HdjTcxRZ@*d<@+gb`JW&`btfp!^#BKI$Jjz2Zx=lNf^kNKr}=4r^12z zrV#Q8C4T6!GxM%mA3V|5(i$tU2X4p5#|P2kZ-k`&JpewB>`NYD&{Ohk_B}anAxrMf zk`BE|OmknJ8rK1s8w(2yIMWpnx6z2_t|;ok`c}_z6cx{EH#3x-jja)6ed8s1BkK8= zU_+uob_debomj$APg#(ih(Rt-rAfp_70ZZ8^z`&J@>PK2FCMcosxa#m19@@AYM^nW zhrPM^a$ho!UP3ybtu}~_4epzq6YuyDz>>>b&TS%P$*HK4LFi6M@W?1T0Wq@`nEK5R zSsvH`OHbcEFUkW~h-@ZIUm?NA-!m>7vvGBCnMwQ@60*9ok{%6n3NUC~ z{KV!aZ1fI$6sqLg+Kr9DJ7f-jQ9Cw)7&mZZcDXwiq;}l?=ZC=GYw75;9#7d)wg@%( zrbB-Ugq~o12~dotR*L=lL2UHT3Z->fNim|bf+C!K5@9X<*G2m+ZB~cTIxZ1UGN-F; z1srDTfKk}b)D1h-;?<2Yt154gb853MzHr+Jb)bp&V9g|$UNR1fYso+ZZ3=SOgpR!}5eOWqh-a(y@d(gy?*@vGA% zsSh{1%_~n&PbGWuw2QIP1>`W*n(;-NMP!V!eNc&jfi$6`Qjlz*{6Gw3l#9}2jSmkG zm$*88o5R|{oZ5f96fL0w6-TE!UZwiE^r!G)lMj`ASCbKk+HyVEYP#o~_e#8ux`u|q zMu$#`uJh5D4ybN?R(j&!mtao8x6y|qkz)M>uI}cRmN#*6OZBTig@I_7H?lq>CkZ?W z$ce=Fe=`m+oU!E7-y)#o^xG)Rhny~iT4i`!F8mDU5P!^1+AmrFEOGA_HBjsWAc~9D zx$8n-1~g~-Mt~fDd+qOm4OI9i*Jf+%Q`wYP2QJtu zq8^HzCx6Npnn8?%JUsa54YZ(Zv#0iScscAh({&}pG}SoWV$C~ z8qnm3v@q!EuC=m6^FZTn|H6Ufd(YG#n6$H*{4TEhmwtmAu(bXePy;1GbMXG85NTEp zrXJN3Tv7x;_)AbsA5U89cjv=tiu;YVwa~~se`%{GvU%lO=o$T?0DSDC6ODb=!DeiM z{FC0G+7ST(ISoh%_Cft|1@iKvwc+amkN%eBb$w?|90nj=sd1Rq*U*5uZ;pFxPn{uV zd{f}(;xxn$g*8b(0xw;c@Oxz+q?z9`Gk;j~-sHw}3#|RMpQ&DW`ATkcuS)G@0|*VO zX@VdnhywctbmY8{G{2{(htGB#M5)4D6<9-q4=9PtglslNs(~}!o`iMT@gtE)kpR!> zOW%%2I*GX@hfj|lJ;JKZ%a_3?^#<$-SeM7mY&VbJ0t{t)wh@jA*T+v{YS`S@K( zM=lW0<#;eD>Auy;!Tr1k@j%HD^6PG;ulQi$E@-9rMP(N!=p|F4H>}8rSeeRJf z6+g(uj18~gj`~j;p8@|{R#NgU5M-O+DZhR3-r#_QyD;N!sruL0gjQEXFuUnU4Z~j- z5IC+#`Z1v)=AjBq2&4nR^#*_hOkmFIy7Fh9pon18Bq-#(+gt86CV|t)2UMd6qR}c5 z3{pH51=vOuI06q!^YWN@c@J}<#b0RQ7|I0E-}vg!lntCNUXuS!9E{BWJ{hPqVZm)& zas*}StxVjmU;6ya?%->vN`&G~iD%ay{5u);ae#n~3@n|=Zn6ryV9tpO&gFlV*#G~` zzh_R5o`L!Tdx-+2wvm=eg5B_bm8>(|9k&Sb>*G-zi*S$&wM2P_f_oUK*V@_ zAU4H+qLHNS&e<;!eE0+{O5X6mu+ z6`4`6kyq#oE?uXEywFv_GEgyr%1kCMIT@7T9vR4cw_k!R$;`~`oBBIFy~+32@hV}k zRPW3Kw-nH7*`13X41SLqdaIzs*Hv0O*I?P7Qd!CE1_9R!WFpPF&8bB$cX;N}Nx{&t z@M*5JJ`KsDOh;St@|X%MrdrU$0G1_0XE-l?vOXf0GkkeG?I^g5jk9 zkCM#_+u9v2&=dNueRPhFJ$F}RWiR&Gi!dR{=qp66G5UC>39S@$6ub`CU7q@ILUqQ1 zS*ndn7WUZPOZ%BGe$G-`_fsn)I`PtV&|N33hpm3SUiA{iqg#Bw(b-5@I&-|)Fne@w z&I%Mk2_Kk$5w7(->s!6v75nz*23!8ceRE?{VZ>$H;Hvdq`US8*VqNH*j&aG&M_1TIZ~J|J1+zf-7~p-^+#8ln?Y9SAQ!&@=eH3yVBMb zc^#?ZmvK>`mb0<3QDZ;NZ#_g`Z+Ha?@5K#pH#knhRyV3-S?KnDh_w5tByKu#wRF-{?{t2ebp=0^mu}?R6C5HKVJ?~Q zaT=fLL<>J@hG4$otNOi0h$DQQ_S;eZp7Z8W?QNLadN|lmt@KX*(>Zv)5zk@pI{8ij zGN5e5rOwfl1My6wJIERwU_?66cJYuZvfJR=U+xp^^6UYRxWd-=Ursn8(({|u@6=gt& z=*=@hoo5dsZK_kkK(gxEP9y*VP+WYxg_TueTwGfI2#u(h6Uf~^-D3lJFTdCBd_0>@ z!+<<%{G3xekz5pwvqV3WYUUO!VPnZT4pf~t=4iy(Caddxucnaoj+2!uAa||OF9n$x zi2VedMA$t|biFf#F=(kDFf)Q3?E3QL3nm`EiVRq6r?c5$M_e_pAXKTv4BX0z@l^*d zhU?FyW94e)!|~jes6+~;ePv{p=e;FtX?t0{&N4PVzoiR%v3kyCvs6>FOQbusrX%-Bv8D|`Oiorqj@Ri+uE~=F!CF1n4ZW7=G$rq?>%oqkq#w= zz6%E?6fIsSvySW~Wrgkk_9~&*ugtDx5L2yt{?h{ z^;VXBVF8sqC|&tew|5uXfyZ~}{QT*Y%fQhqnWpljuIe*TMyRF>-yK z`7^M#QJst*T}-}EOHhV@rl&o>0Z1 zo3(!kd&=}G`UD&GtW$n48+@O%+ffZAp=$x@An;^SOL?l$oq%b_ma|`P zU1PhyjoI|}_J+$Bk7?`Zh$N==uY$fbI6&e*9kxib{02*2r-(jGzto3xv*b#!!6 zZqs?Q-uzvydh{vn(K_rab*IoRqg?fcY^+W?!6h3GeuSqLF5P4^{|X-I1d})Qjg4$o z!igN6P#4iw2yu_^FPQ56x8A^iUjFGRKKG1K=o~4d`ZG`4L{fD$-`(Z-Fh{$GdS-lK zzLr+>Y=w?mT(5!uIco=o>TH?ya_+63azQQ^W@7i!N(tfX_K9tb)@xx954w`(+#WVs z_q$8tvJG>~EI+%lXlL7u+VE+77;7Zoor<;h3ONItRJg`a@j)@oa>(IoG3~{hy&M6P zdqp}++t}4}K8{-Iv*hV=ZuZ4^_O4}TXM-MmxJ)+ap*2u|>Js>9Ro3_h$Bg*+G0;8? zev$S1Dd=Iu#>7a;y#4h#{PX8H`N!&oRUjajmAFN)v9N%dL4^F{4bVsjm8h%fV20R- z4Ps{Y<$K~;-~D$5*D53gs_uFc$%u%s>!i+6bZzz zdA@$#CU>TJd5!>ahS>L3o#CW#rsF!x$6q15ludjO&mVLRINR9_(1*PpJFfDmAmc*# zqZv^F(Vp1i#hM9PTYB&g)CFL8@}#$N=R+K5^NNF3F4%yF!fwC$NWDPE?gJi42Dim0 z9qtkIo1cHO3FqSF9kqmkz8tjGV8I@=B0$3p7(F`| z7vj6=2Uk<5xc~i-dQcqyTYkY8P&`CG6wwA7s}pnb0$S}Rp3?qzJHRYW$mh^nR#p~F zgT6eH*55de#;QpoPG0-66=z?}wI;{E-D62x%h|?5Ke`~(Bv4w<0qr^8EH7}ve%5;A ze<^n0IM5KPAbL=f*iTjAS7SW~j{R&f^?!ezxf6aJ4rAuuH#w=;i?F}^-!Xvq_}}|~ zU(YuQ^5D5Cy4>0Lo8te7*2w2Ej6U)aWBpqM{)q1BQFM8diShB3`6-0kabnu|* z2LX5_BpW;^u-^S(q4z$_LN7t+LL$WU{!PB?;Jl?o?P;zjaX?JGuAyPjEPPT4@V2Bu z+p|~d>UZkz49U2iFAwK!_fiQ=Ka3KFO==qHXjs)ulz4>xI3T`5ivJ#y@$@@8^WyzN z-R!ttO`Cc{CUWOAp0Bb;;OvrY74O>hQNdx*1qR7W?6}VUz3(Nv%|KLI7Oda0m^Z1X zn9u_+7tB?SI;Y9A%esG{^GNOAaT*;T8y_E!Pt>toiT@;cd;Hyze!MQb z?0u}@67P2m4!sJ40?B3ezw^1KPkN(qR!z^yNL!objzWX`4h=2sFH*)^P4u@0?!9iE zhsrR-aDP_Mdh;TwD9UN~tTWf*-me`ak*+Qof@^~!GzG7%*=wT>M9E%$43Q0%GhbPK_)0`Qr#K>< za7i%1LQfM51gLrk1e!|^0k#}ilgol{Ek#O0EMES-L)VDM?>A1ox<&1@TKo_L4e{K< z{M#IcBmJZC?Z*9r$4uOWp4wnBf&4^!JZTdD?lIn0@mdPiC;;raC5C#mZf_7hb`Oz|Is*My>^tHI?Zse@0c1_J1${|dfTGlzUgba2}4c(L*m z?QFx-6_*U8TDX(=t)R@fUXY0Toys>D7hB%HDe)L6RA9}mJs!jR|1Rxr<0kX-;DwZP z@~fh-Pq#Yl)#sb;+<3$)YFMg{q>SGc6{g1Ct^(NRAgO;>d%YwJMCS<8JBUz{Bc}bh zHmQ(LQdY#?s+(%Ee?w|*NZfmN)jr0wjh&6akF;w|uh%dd4iWs14_hiy;x1a%{rIPe zwj*_9LqYU$3Dhq>1o7&-vx!ori{Iz)SsyMK%aW1;+wu!ynTq~t4>PGFx`#zHP^v|A z42HR6sr@@a@t?XIRkI6EiwizQMbR^41+N{paa0%ge5#~CSba#*yT_p$o5;%WDf|x%OEsIE_zPzY;`TE z4*a8LM))oNCW9;8{IC$OW3oA$?sG`5cU)-;2 zKuPiW(fuKrP~zMpx@T)cS-eoyP4Wj1G>vR4^z5%e>TZJt*vrlD!CpKvY4(ZSTn8y+ zykaLVo0Y8WD!@U|iTh2oG&i1X&x)CK+=CkhNXyFR9gH>ZG~`!iFCw9ko`If;W?N*W zfQk|Lsk69P2Ht&bTo?2|FXjN zVRXD$f-fo-`4H7Ak?$Lw5w5^OBC#)TZy$M5!S68R)wxSX7Bf8CaB{hGfkMYkZqoH% ztmPaRKK%N1TI}eMN4vOFD``+1)8v}yAk~%y@q9Ueheu4aHc{A1Y0`J1F@L^MLxfHh zvZWxK6+ems!4^b_wc|oh(&0Wm*rnr>JI=z9c|F!Yjh3)pfe8N@gee=0t(M!p4-A#W z(@uu_lB4g$c-C#wnq~<5+e}r7#D1ObWPYsN{8k?faoNKBFTXC?tP z^-rs|um0Jcy-|*=q=r^Ci*CM!kP2x*OMuKFs&x~ie~et$V3v)hJ(^fj6;2#X<`ED> zpEd+w^lBZpW7_4A187Oog6yWaFxDO=wjQNsPd?9`(0rBjxk~S)26tQd)j>Ioa6sCN zW*GhcL>$a8u0SglbGa1l@9PPyTma$Ib)kDQiM7AJrA>5wb* zcP}+{^=#Rk7XOW^>3o$D>rn-Ta0zzfW z+vpSI^6IL?bc1($h&z}&c-R}8e5p5W|CP#wST_Ea>WKYCSGT z4R^iqFaIa_huGGSOkB%y`UrFMxyhJW^^UU0c%gsew~vAn#kjbk50xZnC@5rQ+}+)~ zSqgE_gk(mGJrQ&Px^XEfiZbi#T@Fy6t~s&Bv`wA3#M2oqlsFoqd)aIo+a?_%1V5bU zI2yfpuYvjR10~lv|C1-dVTwvhawgtKZPzbEqsFQY2IXkI*HWC{=H%oU5p1%-y3QOB zHIwxN6>qy78~uwmn}}&AD5Okq~7JYa((DE+5Fp8 zX>E7O9v^1aSBGrFqk~+XS>@iTnC^e^8~q+w{-797hR;U0W6PCdj+%~+4s-suhHI#_ zEq3IsH828&WA#mkkh%dNORO>=J=KRuXh4hE#Or7?82d<;^hNEQU$eo9u|4N)`^NvJ zt#A-uv!?ETgF6wz=hNfFw4KD$1@}Ub837AR(W_*`u7j=5oEM1(R=|dIMMIsKoWx$G z@a_du8m9<2a*~N*enylT9j(owmsG|5fzMa$?E!#=Cnt>OGf03ev=lo&opx+a{_@3X z_?gcpw(#j{1B7^;_KQ=#aS+W_llEaXinuOu*IRwiFpFdV2{7H6|t|fa3yv zPR%rFf2;?iJu<;6Vn~z71^Q=pc34>02?DAtqbhplW~w&a2tzN_NU`@cTu| zKItfgug~SPA^$SrOG~U|Ih&X|26^cG%~x}xzvwt^9{fi(HacFU$r}73BQ^B`bbezE z=FtEk7I3;?$l$ZrnP}9zNx%(e=-mKOq+P15n&Nex41GS0GU2+k?EKW4W}sZR69NL8 zxYv+mx{A(g-P2(?DB&8Sy#HmEJ>~y0hilFFS?vo2B}L=wRcX4TRg7YL9dEa%tEu_U zi_~(;H@>8tpDw}DdaVZh%(v?H9%YHQ{0O+*({tW)mJTJNd%oWj!x++-00z8U0T?5A znSa-2IaJVRR31encI=H3^Ngl)J*pDPXMW6t2ta&@Wl}zzGoP7wKC+XRkrcN-K8+f{ zEb;*PK66|9LdIB5BW&mO;>FLm(fxL#>mn~@WY{kbPM#({kXhY z1{Jj4m4xpzXLzx*3j6#XVhf4BKU*GPQlYzL2;x!l*RPk;s8&1O)(Ta`fBxshx~&fF zj;$QZDk>f==cBQzU{*^9T&jZnt7NbCNCvVKfO*XF=lY*l9LIGde<4N6PO+JnjwegF zMR|w9ucGI{0}4HT^)UWMyZE>`hnW^DT@0;y;kOnOvIcBqJtBYcc^<4b(9&j0`Idpg zA$JwyqR+=zNsW*rgw&bW~y$&$i`TKc%81B4^gj6hz&WY z2eCDjbw8)i<>jIh7wAWb%bIKNKny%e2G!(Apek9I{*3^a*vzS%X zwIy$XMd5Hh1C?UYzd9^p0O2_wL@!9==OCrvVf+r7VMJQ|<0Uic5o%0Kq@1@lvtwa? zFPs>BP5&PF+Q#|gzq(&HvGMS~{)47jhe0mZY5(1cBsJ-HZkC{X))Njd3kOgag_3F zTV9HY$sNfvlyzTszp(Sx#CRX!hqk~JaI!#x>tLZA|I!QsoPh8y+3Q`4?6+S zuoB8qMObryd0N(|8{j&IuK`Zt77i_dY z7v|4wG)fBx>}qsNwebc;!onCj@!@Z9EMxtP2`1I}7M zb{R5ES=_I!Zu(3UZlk5xtdbMgElAeIO-QyEH2+=1rf;=}^{ufpaK5(){wQ{sxv_&Y z1uDh2zYn*i22BU-i4FA?E@u>xpghZ}E2;dWOMZ_wjr3l3WyW=0!H|WH5*haK;xW;| zM6Cy^7WdYxi+10Xp7en44He0BG4a-^KpZGoH+~9!U!SiGX0svWgN&=$#KUJ@l~1x} zIUUp@?audcMUS)4@NJZGcr)wLG!3+k@jbGozu7nBTc!?$Iz{hl*Eh3@#}l8Z|heB9XK}n5=t(=CWQ^XX|7SjUDD;}XKiZw<8-L0 zz0)m??Z9w84ptv4_2r7xMxwuF6|rs)wM;!Aw<#p5*0&AZJqr@@o{#fAq`6Cbcz#mu z`EZEOUT#WB!=&hG89hT|Kg0~v9WnRRBlO|Al_ORSrx-d06LpKLZ-zm+?nj?`M}O}+ z%On};swUloHIDP)RgGEpvOZOaicn{{r#vnF-Iy&VY>ZX8bxy34fjIF7kdvCaVch~k z>qBVdE@XW-%b!s;l87K$hNC)5`$O-iejC?-^WP%TX^J98ealvsmx#}y2*_!5qwzug zgQ`1!m+}8J~HqrW?ImJJ)VZ1JYudr34-}THKH#os!S&d&b`7 zOw;xJRp!D-R#p3ds5GI*g9zxwNbnk~B5PPd_O};wMRHvB{eNAbp~LDx`o(grYC=K+ zt)P?S<2%Z!{H0?QNBiN>EGgx*>%tt{PVsG$GJDPy&d$#LT%lu@Yyz5|3d%O~(odxc zpHB)25w>^y`gQy9sLtW<-7kk4LeFE=?l>!{@PIaP3?LNbAb>f$n$ETC2KyR}R%yT0 z8y6WRzwsVlDZ`5%5V?^d5uo7x{`aIE zA8{qVjEq@%SaVSc>r?iE$E}aSV`Wuk?t|Q#%-ta?6H>KWJd}>iOaA)H|Fl_p`5lsQ z5vMke9aDsiG4gsLu|3O*xqsdi6qS@z>GuWwPy)HG?o1Vl3RVdQ*g!C;EFD+hI{-u8 zG!jkLF)T5GoP5Nlab$&D0-A4oss0H{Er1&eV8UAmX9)jR!6#2%mcz-_KpPrxKptv1 z`tH8J&}7w$-K?sbA*FiIQ9(3Q8B3PLC>OoFx_l>Q%nalmMO;Cvx=f<-uELD4w>FJR zt761BnbicRgQ^}L9-vxLP{1bx@L2clDL!#=+9P<6LH|SPL(qdr7f)Xx)bPqsRZ%&A zGq9C#>8%{W7~jsxK?0&Jw@bdIoqFGfoC*`@4Q=W>;hJTy3;FaJguSvS-W1VipZ=aF zR%j?G>HD;=o~)Uz$tqMf9LvQBy0Ue5=^-uO4Ekr!!k}J=Mv??tb#hE76>}y!#)P3>Tk`T_c%1@Y@28rwm3ZaUfIy=--0=)O# zyN3W03g$+o8zle_v_1*5$~oH9Fw~rB@fWcg?^|%XyG&_#%6%*7i<<7$X>C9=z_=Vd zkmMmen05^KDEE;Z@H|?@FZyEpXR>^2_NGx3r3S6f`8g8+$_XJaGqO`RdsNiEV4c;# zz)qwtlea%XRJx}=%+lV_u;~@kkwl#?=?&L(@7Z&r zlNm9z-yu!7Op&_nJ;kvuiS5hfd?T$fOSqD7_0|Flnu$1E+<)WanB~Z(TV#(Eb{nl% zNF_ehCPYGkbTGT^Bp3jAiJZC(_HpCW)9k($3FJ@N&{V{2uM9#&ZGO&Jxh>S?tX*8Kksoyx z8pFfRme}3H%KB4U+OO;fK@?uXXBOVowDp$8ITQaaB$tDJKX)D4^SUF0y!v&+A`tT) zUPN0i-_WwZ|H~h{1ZAMDtVlTzYU~4JdOd5C|+>|fD`~mJ*)sQ&cOWY z;sixPK+rB2MWAZEp{*FNUOXn8LoP)M5Nt!)trrC5I>b_5ONrGNu-ozKduJED9hG+4 z9xCS*Z!4Zx5Vn7#6G@0kj{ic6c+;n266{1%`xd#QDvs_mFCvS0sb9*^%?;+5q-y5o z9jhD$iJ0b}mat;Yo=`fU?*W(=jyuu^k4cAnT!zKPW( zllwS+*yJH()G4^DI2KD+at1k*V)#>NF*_AZKAh)2sWrB$>y@2*z~fj}-@`Uo-yKo|fT3BVdNpcOBB57_PewP@&OuOK7DgA8{< z31EXgwRf~?Ku;97^chWscUP4-iFmwZSb!&ap!ir2m2|KKl4*frcxW%%i9q~ z@M?>YA6}ogtlQqx=H})C?Bf!E-EHihUTYp>V7gf+vvT)t`DE3!U4<}ITa${d=(C)v z<-Xs%j(8CO;6WpQ{(v2qe+;nT4*;4( zQStUvnRm)**^YQ*`gEKrB`+?=truCthev3Ef_s$-=|@o(dhmXA(7Q-rN52FN1JrP2 zSWizcc(nrPlY~V0LI#8_8A;#f3brE72u5wHRq~O7+6*y*G*O_-grw^J#;x`pObVq) zTasEcfiCn*@JZ1pWT{hcms@Ubjfbm!ddE_ff2?_Dm~Gab{O95LSH)kb^6eXUsurex zC^6g$(kv|_exqEd&v7gA{Ns=lmDil}g?;S|A9~;iL`q(}IJc}UuTx{_PWY?RVM|JF zA=uzvOamWOb*#`rMpMiF%64f_`Jyts05HIqRcQgiYsmV+^V|5qrump5EnkMY80-UU zaQ6;YHW<19e*f|Spo;+(xD`x+%PVlDFKMi)86n4wt-pQ^X5%P*jZKdQ1+L!~&3+Rg zZ#!F8pcJ#Jk{jgTPEgvn*jTRYdo~>PS|e9=fm4xxp`#-jgLnI za>sLa@_V44cyF@Y5s@W*Q-tPNl1+v_#57KErB9CTNj8`v*bbi{yvyAOn|T0pHDa`g zo>W@X^likpoxQSsCDT*QU%`rc47cN*88cdZ&r%PPdlV&nZ`~$oI9g{>X6we_|12h4 z^7~TZVc!?{pSOqyd*g+Jw2DfOi0O}N)90ximaa?Z21+FFDZ(Gi#2HyTiSs4(r5;$N$|XT3ouJD?V-Zo@@_($ItC*_$%>;-vxw}4zl?+;fn5W-Q?)G| zpoWJBACXE3)W(oW)XrqE>QPtHaO#4k(5k1~mYj3HnWjzT4HNrltU2%t|JNxd_0V z1kkFcM}vM%^Iw1{z?QiHl)Okjth=wz5N4^YrO_b06}T=i4~Xs} zZ1=l5L!z1vR6vppken@mkp}3Vq%mVQ{#zAYApA2|=w5aJiWorI5BOXF%rKTQ16Zzr zU`h$l))~G#&O1(6klJcr#q@S9K=}Z^%9A_cRyk>C)67mY@6}{0Y>QTkH1AdNK1gst zHmh_+Li8ioW;#Qf&)vOH!TD|38p_b+8QMIz&FfL`(ERsuz{mq!UL&ShvKaNkt-0pL z%?#=w`Vxa$2LN^f+-X3-!4l#Qwu`H(+{TKufFEA<7Ju@@0?>06bH9dVfR)>pH+ulc zu58X8ppdP2L$;@?eUG;)blCx=@&UhHl4~uXE9KXv= zd|`VLB>j#1os5?Z+`-6AI8u^#{Z}|12@NYdYgH15b}@$-dg47AFO-;SrT{H+VP#}b zL7i~%QV`%{L6F8?=>%v6=%!!( zqAus(e*7?~9eKgj{w!H9+1uM2056vWk&itI+vTz4*78+|frbX-7u1E3Fii`R)7xkA zF7gAui4QTqx8)=UO69adE#CeQ}0! zaF>8a?9zEphZIZK1M}-TFlb4Al^01Z&~VMVwl{pRyE_@sV7uNj=r{Wug%D8#`W7Ii zxB?;_0B#0{%>j-hpk2}ky8&9i$WC2*H5B-A2w>L$wj&oOCj`)f4e{52z^wpZOU4aM zLR$bW83H*zT}^eQ6>>2LaAO%aKcdOn=+r*Ezh z!8fNZ0(i2ZprFM?vlA(rCr_R*#j>!n_F!tdySu^0Yyz-47(#X~y6$*a0|Fsnz#;(A z&ZYhm#7^LL`cL!%E7z?NiW^3 zwo3<$MvVVnr(eAxfLEO~<{{SSA9|#gmX(Es{WA1lIo*RhvDfZyIs%362(JS)NNxJI zMkaqwH%=?P1dB;H!Y?(S~fi?$r`4&Ijz9>{O2U~n+QFo_GK^B z_hIX$@HKS1Y*cLV;#VOldBta*ulJiI*+*vPUdWV`H%@GyFOwH{S8XmuhXRa(ZS@aN z>Nobc9$&(a5p{KfV14t-ngE2&Z#UxwHyU|hFi2EZu2~c&pP$g|HTYeiWoo(M`a)SV zRqc*$k*{T}(RXLXmq&c?8-vLjdRmhO*XSV*g{NmgoL6Ab1yaFPz-9(o2e9BJ`qiwW zqF5#{aO)VLX`&w0&P%`2MLdNuZG3b`&D_cgAVreG z@>DU7cBi3qkUBu~1(48nw+4WWI0S^43?3^L|DzA`)R{-pm!D7TrNW?O5{wY>k?HH@ z!Bjju#^2vyp>t`m;#eAgd^qTsKwMm0R8$-c4eiK%i|9{9#WIjj?%?-2_a!Gghnea{ zS=77M-qT}`Y-W$Xhbl+q9xnPva$xx2hD(r6K7INWVD}>;E&!Rw5DyIXGF(@HY<3$q%MM}#jhnpo0F~|@Ir-Ae z0Vorrzu(W?<{lfr9h9k-PW6ee$|O1q?UNRL9kfTPGc)Ibupjc-#PNi1a&le)(TD%$ zgKPLZ01h?iVWEM*LAL)OG7nrFL@JjSyd3~424H_MT$JI3TzVlX?PLxo-bM@6-izo2 zAV6nKfrRPL8*q+R5QcdG7;t|64MPJ!kQi;gN)sGDll2GQ1|a^gxKWRT=x4-_22xV= zW5P68<7w%<;#gOzL{Mdgg%y)qrlwgYoTp8=B&Bf*agXuUS*}ErEN&B}&#>q}zC|Og z)A?>reyxi8?FeC`5&NC$(FGb}-!9^9RHNgsAY2omQ^S_98K2&}aQKD0dv)4agY__p zh{w*?ZgUdxQ^`h;ZtaMAwNR&l^OM!oa`It7IjiuAkFK~0;3SeGzdBFt#27-tbQxgM z@?&8Q8!}yl{0tkJ_wuzSNp$o(XwuX7l<95WFZBck4UFo(3}$5rx*t+Ic@8*@1E4ID zaJAg2u^-S`X=_8~G^(^X{~5QRw&OSW@EM!JV!Cm^^LO2={RwT?Q=JqTAP$hrOQ6i4S9WI@#40S!{OkZJ z(!LIOp3Q(QIER}Alworg1$?1ZLxtfLaIt_oJ9%~pY~mD@4(Y{z`O7OqxE|e(%#m3-h;_~ zDE|pAdglsd1xXm;=Dhd#|KaQ{qpJGes8It&y1N@mN$HYKNol0J zOIks?!2{CLap-PTz(aR;NSAcOUHJ3=j&a`)_rpD74?P@UpM5sZTI+e{Gv{2^<&ESo zKzANDeB9y{J7th50p*IvCwCrV)L=#)TsYA}waZkGjvvRwvqp*WWTj;MA)Q7|f6F{GS5aJ07FM52bdVNJsIkM$a3VR+vLEQl(sY@N^zzFSJ z5wU}xqkVP*5qQ%F3{K8FH;y3;x$+G0(lq;-q1q*i^3uf|ljC2lNWE+{kdXQR)OaX1 zh!%x_sB;~aZQP>I|CKphV6`TSoARcw=C^@&`1D-io9(pGJZ9aC)9rEVQ@;7HZ10Xy z;Q>{n&igW~=Du`t$7M8saXQnd$#X*%>qg-WcI<5%8ES~%G;hbL=26ype3K+t-9hXo zPK~~bF8zxQo{_20YX3BykMiouP z3O%-(63-r(p$1Mr0Gj!rz;Pb{lhR&`t_+|W0viqov!t!Lxwmd^wa$vs9Fbj>z601G zLE8y_NYDb%!BlVeMUKZ8wHo>mxu7lrJ@H(4&=u;?$6k zJ~OE1R`#nWgYMf?Y`0TvZy=vA!U=-l(v@TtkG}dCpu=U1Mt$wq2-KahTC6N8DoQ<= z1ddUq=bK$!U4Unp6ru>0EU?D$(VaUc#>P4V#jU4ssgjF}3jkQ1ovuKB(v)z%J-!2` zTs$~KAkGIF+B-1mJw$Fq1oFn)%`0&U2~!gj9y(Is1oh=_{K`c|FL=@W+)fB$!6ID@ z?5u}bf2CcW?GX_YdIBbRTpT84SXdYUQ65}cfG+~Dn*e#wZO4!za{K4tV5P6GmVpY- ziDh`p<-ya5k!`v1!{G|ZLHW&Ft2CMR+qNCOGnAS-J8&AoG{H|;FTwTqAbln-unQ+53vI%%B-k;m)F|Rk$?xq^zgVJuG=>RKM zp0>rZr({8xLS9z3QoEShiDiJ_Ws)~U*(#~g>Y0?V>G)0BJGlLzbb;vV6fi#QQCc zk(!34KSS8>?&fmf(nq(-p&7&;@X!j047Z#~;!~wDg|~I8qFZ3hzs&d$to$q_a6J zegFO2q(Rs26+XAk)Doc)H+bb?MFRN?5-KVSGxLKnM%ux94X8S8ybN_57+oM=Y-&9M z?4%8l&8G@@RO+%AG`W>rm%U*1h`gG$tsTqF%bW8$5CoY|q-?HJhRl#v&BXXPsH!6B z>+!>Lm%mp2D4X!Xm1o95iPaE3J2?FF=M`qx`vP{-1!3ycmZNY#)wq@DG@i>*1@E>f z8D@1}?v$GPf)LZ`sVU7*pKsw&*^z-Bor;e(*>oDzARENazKWTxyt}FS_gB_s=)*+z ztu;=$(F2!5Z=zozkBT`@#fp5fHx#F2V|{^2S@U%@O`TzV*PonXMSR7ZaWo#zDw97; z3Yh?Zq()9_#!z_Yv&$YPugUxHK|>f|sx98wk8g85-goO8f2WWk6lwok;RO*>=(yED zUmy8OB@#6K=6yeamkA~qeI0W}M;bWhKTr`wR=#D)`naoPN9 z@NrRL;jjg#Y%V)L|MgaWh8uI+T7nL#-;Lu2u{$Vg>#Z-Jq6s*F^~@L8qJWYL7ER^{ zMAv=*bD7kk1W+V5{2|B6h6uT@%YI`ZqC z3}Y~k{#qY?n!st&6$4^4x!-I9FNjnr6!_XXf{}w7oDHB-K!|o_kylW7a8^qbHcJBL zb1)$e4vy88mDEM@2H~?+Ky>>GybAy{(`j_5swBA9$ot)OQt!3nN(Uek0zU*`pfgo- z2c)dPlFqbh`T+^LnMN4!0TeR4haM9!dqRJ}&`*9Mu~rAQ!95z{w1POTTqw&Wl<>MS z98VR>PdXKfGsVk3otNXd+Xgld52gTq$Pao~+u2%B-`aDhC}a=2Yz`UreBp5K0Fd^p z_E*5`M-SLyNK1EpWiw9grBh130k9FXcC~bghJj-z4)F63iuMKRG2qXDFrTxkX}tTT z$3i%5gcd<>Wz7WE{=>5t4E&D)q`bTMOqymv}40iYD#ILK}&WsL1cZ< z(w0}ywSidF)%C-^t-I$p^BtBLrp4`5B(P~I_3*s~$=z(T>COp%e$53oF=j=5bFmub zh+;jZ>uBq4k<~G1p>RrQGfna6L81XDW2)UUvD;f&Q-eOxD zY*kWMOuwBG=rhrmW)pu{%v2lqn)Od_HeSxwR*lVD;w~kL*p~T6W@-|!^<1xKuz!q0i)wv!DKoghztW%P3 ztUSP;ZMpYD^_`nNUa>OEOt};-M0cF3X252gKF6sLr1673b(CcT7y6 z*0HOI{(m}D2Z3iBei1S*w9{jfBzu@1B3;903+%swofnUf-*Ew5YpGu22i6UqVUEET z^7w8r(}zei#A>K%B+GBye14m&0({A)ZEB|vn%69Tcj;!Z?@VnV1@JrNArj#ns{Asf zD@+aPQlWFmdNF}Xo#zs~UD9FqdZFbJ7$!l6rCHKNrL+9W(exzh=}-(EvBG(5`i8b zb(TsBuk1`5sGkbsF-x!9mJi8%7laRt!vU8@rKEPUSZa3B35zQBt*Ru+>t=+(S^HLx zBNBIclzQQm9V>;gkvHE6g1*QG_L~X1u1s}f!Kf&+W@u>Pd^q{2TMgN}UDgx{xj9y^?K4a$0=*D|ubr;`aT512yaZ z35Ix&p^u;Cb`|!ArN~Y%K@W|~B32j?)UGHC;?K0-K(+eTyF&f|@G>~W%32=0|4;0T z(&1aJpoUk%>&rZ`{dU%it@8ldDN}j5ZDk$uHN~#cvF|He+x?-Gp)y5#x!7%8OX&ek z)BHlAaWLBYz@aeOqrqci& zKWG}XXFh>77d(=@PB-nV^y}V#x~dwq>ReH150Xv)Q0&v>7Fhxqn2#Ij51oNu8UTX< zkO!9K4Zk9kNA-OazOBXDKnVyk3_YjAst|4XP)%YITyILoGB2yF`zr^YUC^z5f`Ho8 zX1GAde%$C{F&W~K_+(V2jf^^r_Qtnd;{6@U$6i&WR-ec9pyE6}Nf8y+1h)(xsQCE! zwrB5si~%5OWvx4`8Cj@JxxSyueY)Va&z%&(ZLMloZOb-Uqh>M(H{dWW)35jKy9g=4 z@WJUjmiFGyt2~jC*~1nps5lMn}Y?)Us}oW${&UE?5RGnTQ}z-alcuG%-XBA+`hWd`+5iD%0g$_2UH zV^)t!uto;cA82dUT7YLzq4Crr4Nx+fuF7~yGC7%MX=n`nJc9~rOZ9YJjGw+2{f0ID zOoGOAJuFp1D|omYaC7m2$7G@0>kK~yKG*$P$N8e<|HzAkB0GV|Ck=m3t^DuQE!v{d zwi2oiJl#22LV9s%8GQ@xztv!0Gy~-^mx6!`!*Dz=lhjjB7xeH~>R5nWy}Vi$s*<}s z>o>Ia4#&1>{E;>t28{CQ9*7Mf*$uk5#I)r4I8g}btR-u-pZ7Z`OTDbbH1xYm-@w`f zTtXc&*h8lVugsu(E^dZ0fo$BAfY#Y}kHYpqgZ&n1#ES}9!um_1ee`ES7O*zIex#*L zFpXcKG@=Xugj2iO6qZC;F@H``z8V!4h;)azNzDv!oWM~Z2Qo~)a4sfIj&ELJYLu2~ z`49BlNByu0X^}~!zhc@)A1r9VjF5tkSaP`W)F`&VSk}f1-ayxozKjz)QC-WH8=e&% z&}BgrrzEaZGBD_wB~O%Xjrm`SF0=pY)CAT6#e2Fvv7GIMgiga8NW*S6D9#DDJ{7)1Ym zV7B(4XJEipP|$7nqV;L8@`Eq}{3WTyaQ;3)CJeNRo`Jnb?5OB#D3SZas)ifL%JJvgjIXiNG*&Ba{tU0C)b4XmjB!@| zRF^fiaZ$@h?GANx6xG&?(PwU`Cg z>%vD2dj=K)T|wDw6^}O08<+J)g;}@Vg$;8w%Gd%urcOx`qij?bo z7CB>`WWVC!=G4kTHK$>aq%@{Rl%&2sU{`z2;Rb#G8YzLWQtkMcQ7cosGUT8<`HveI z6GIyR;xUm`^aZ{3gvQaBQ3X8{Cl4>hg4cIe3`@@KmAJ~M!BJnC6Ryr;(D682M1X?F zYs*zTI`Km~Xzk)Tre6Q-sGo9^L7?~{O3G+%wsCah=L%JZ8f8<>($H})=WK8HU6O>w zVXnCC^2WHGXqrMOzN4%GuUNwXK35AeT+H2DD;s$=d3iO@RjeV*3LZ}C0v%YC9$(GD z90eCQtqM!xi|1pMsdT&FD5P zdnWXAo^7u~&JY_#sICKhe)Jl)rzF#{pkcP=uMpD+F{R`e8hE|X_Nf))s1en(8HV)F zo@LlUG`848$v*@0!(7;kH3u%5i^WwWsZFI7ir!MLoK&DHQ0usbF$q= zIrK0r9klp;jtcH^W`>AKR6=_+n8-G)FvQZzk6nRL{J$vUBd5Lze&5TUA{yB0594o?$Ji*ij$REIaA;+SMa zSl}Q9NpYy#zTjKiEBiCFNbTH7%jCt!MGARgAF)pM#Z^>-tCsg9*aRhd-X~zepF|=t z8e#J(4hN_PvK#T@khqSi{qZm3<;4%GR<`jba}+m^WiP;ZO&Pbt(-1WpUe!fG3hqdOcBZ|)M z?4(e0Pvgg%pb!$R?4j_e|JYm0!_-k`+7A{P@!}{sFT3LEY+K)!T|Gtq8kNM-VXb^9 zCbs=K?3cJqN2_y(RW7>#&sW2*kEDKJ#RBAcN@%UoFjwU94m(3MH8;G8HVteNRki`uq5_A6~2o35M4t8`MfeI`7`*`*-}MQM$a{}O+h zI)NSGsko?Ps`x}lp-n`f_r88g1^P6QKYZjy__toleO99k4Slh?tt28xz4B)$hJ|D% zRQ#R>kv9qn39)f?J#;TVzGKC+Dh4=N;U-Q@q$R7AO|J zM9FL0F?Q!cB~~=Jf-S<2M9u8FO*&O*7LQwvC9h9JXErv{e(aVJ=s3rqJ4q~P*Hj!U zZWtg);EdHZF^^^VLQ^;IfH~6XP|?z%!qr}$e!a0LW(#SLv44%rYvbB_+#5tGbw}Z~ zjM238odzt%L$rp7f7j%Xa-ZcHLPNuTi=RHfWa@ps<(eIYEac13ZdS#c_&GQzqRqd`0NiLay<_epA`B@!abbv6+ID~EMKiFw4k~e8t({D2CBJ0 zt23+qD}C$%#t`Ir_VB4%=G)C`?FQZT3T+9~@r9?Beq~x4t#2uDpY5Esc)E}X+Bir{ zmv>nUStqF#sa&R%WW8z1(Vyp&2zo7$Td9&MEhD?6IiYdS$JA>zUNqbu?6N;J;Duh- zzD&=;%%AFOH2A5yuQ)YgH?@(E14D);ZnGc+bx+k3Z10i##w$`10!g_)Pj=OD+jTN4 zm=6quyCf#n*Vbrt+!-KgI)66x*vi@}((X04%_AylYwAkp2kW?&QL|8CO6NgQ3*%P+~@^Lbv6na-F^KgYo;o-&d;>YOgqMFSuS2@ zEMBgMe$#%j5uD4qZ=0!jVn-#NjGp1-&LW}l&rO1~8o=rQ8@HciGreFz@+4<;__=f>?wYgbaz7 zUu(0nind)e6y5AvVMnU+1DPjSp%oQYHQLliso7fSaKd#cYA+$Tp69z?W(JHK`t3G6 z^ciC7S=GAMx)B^HV?&q{uH5M3WoPN=^aQQGo-1H`q`R+&-0N1*(v^L`r3oKTj)la> zLaMwDepF-!(RILxdE#1E=G2E_g*Hg9^* zu!dw?9AM z9Vz^wVB_Xx>5)5sXaG#~SH%2JbOm2i6uUMd7`}~}*l6wsGsF0}kXhjv^@dl?yuBF6LFx)Jt~)||BD)j%3qTmpsK<3N}d3gA&y<}#+-->R-52_f;Se>vKV=wIUYM8buEM`wH zTgWovkHnBu7kW-RNpP{NSKGJ8EhRXv>oiB9%4S4>mAc6#g$R>|q;e;hbUE=9i;E-6 z86_QP)wZijL6D{Bz2vWpbFZbxksO`mkbMh46^4|RO$#p~B zKzMlQncy=i)4*%uq1fe2#D-`%Ye+?7b#qoL70}^kv_nxOjV-m3&Ygk`O+en58L(oM zC7{n28w>Hh$x)*`lookN0IV`n-xsl6Hv44AGeky*5e`9{x+Yyl+E@%~9CxAsF#H@k zaF1w6@q^I7oxHfPgqej|kW5b^&+zArBRg~NhqQ$GpXPQ|8zkk2Zhl_$y$+kJ^-CSk zQ9B%{F(*@mqP7`E#My(Mv@%4$#^sCX^zZ+9pJ<2MWtcmW;Dh?vdN*GRb)X@KD~C!j zY&rk?Xbh>FYMVB_>rIG- zv+TUS&qAV_k#;H)pa5LYz5X~{o#}a5@AN%(!)ZuBu!eao;>3Us9$$~*Z2ve)1V8sX zq&)To-TvOO;&%s>6<-atoX|0peD@FNmD%}T<_}eg9{P7uSB|}KRd3FWd5wKkv(`K> zCPvhJ@GYYm-$Ma+_zFpPQA>BO&y2Bq_4NieVTxKw8D7mmf|Z&%RauAQN7iSW?TY;e z90R|de0VKPG9D9thWlILf6o=kRSOFIpt!c{z++|I=c-Yqn4OTy|I|rEEEU$n-PF=J zBQ7rLnFf;sy?oZTA+9Id6p6vXS6{ic(LejIU`Ai>0<*K87M1RGzVKm9+auX)V0tuF z&;?ct^CZIvv@RjU^2*h;xhw(->D>G~8xljisV95RV|g zal*w5UxwaaBtH%a0pL2=>5P^#rN7qs;M3gAlkm>%R_}|Y#|VdP#FHXVt~$C$uhB@l zndvDh1LgBZEn9YiLyWR0!9i$qUU?L@vcf(viEq1zFPdlO;+X0_dx*-wWAhqvh!VxW zzGqT`W8>;CuOQU)$zlDmmUZAZW-!B-V~=1tjgBtPh~3>jHe4)w2CO2vi*2J;hQWst zGD&A1o47w|ZUQ1}{ib=a0>{i(XE36jSv|>jfbx(2*!p_#p{nrX^j;6awJWEgE}^Gz z|3hZvKFKqTTMCSR;!bJFsb=D5Ed%-Q4^hl}udbc}X2vpPgb6RYZzQO#&CNZIZq;S- z>#LfIAQkBJRD8lGoez-_*!WnhSxgAwKpT*NgKzi5oO&y4NQhnK} zdau8M*Zs=&(`IPG=ba`5Sizjb%ztLG{+kf_*GimId?Bzzcx6}kHdgveDt?(-4?)mj zYn`D(j1UFOuWJXlCgb~0)!W<7M@yI$AIAQOwlun0mgj1e&O5BQ;9^uDXHQzvWSRNU z1MAOc5)!CV-`uycWbl&`)HemIem_x4uv&QgeRliFO!W8oCF^8VQSzp=&sCj(U==8} zD-)olD33fU!k|@Tl*@pqxKzv~W*OA7gsz&f{EFyVCeD1&AIv2A21`2M;ryin*29?z zd+1bUN?lNb6(iT;6vNSgDAhGGI{CllX+|IcC{h9?capGyNbjF0;AP={_?%Y1)Id%!!x?k4W&W2ZJ>GBMGXMsPEw~ zX8vQOu#keh+A}pXw@JmqeW)Wb9u7w7aPLro; zZpYoM#$%F`_i5=~?&CrdS9?eEd#_H)1-<(;LVD&s;#HfNq$_Su-sYXNwy)0}2*jCPr0kvxr{jo6R}@jn62F|M0tN*JVQra4hupn>k;F z#?QL#fgRI0CbhO_=gg{Z%TJ_hTda-9!=sM zH_z{ik)bKvi=)P@I1f`P6t0>YVOAY|eXT8TZFBAoJlx~fb!x?s@CgrvAq)&$LelMQSulapDVg)l z<@wT51{wPMy9y1C>Bv}m7&^WL?7ft@FW*!cl1EQK^Jl6X89I);bmhbhMLdgrzP_gx z+sprC9z|xnn0*WelL<~kzC>-3aM+vB>^so5Vc|2Xo8Y94?u(J`sV1XARan!EVnHb} zxr>xEUDP$TbB+(z#a=izuKv(6Ue~TMqJsDBIm;CnWdFGjDY*##e+cQ&`ZM^gH~!wp zGTb`FydHryuInUT=U}e`_x;UPN$+1)qXRA1leP=Lj{PM|&e9d8)Kpb9)plFObKid0 zC=3NsfSatiZChoZNlxNJK0*{8bM zT~e=QO>SN`MX-!~;4@vrQGcGzfj008c(#C|(AKF*hiRfnHrv{6U*uK9L2R$TNOKw- zBE3{`==*U)rd|))%90u}_4EMYI-Y@waoBwg4v8}yofCyjDy=`#w^U>{>dA7^L&`To z_VgCaqYf7tc2k1a>q0&y*Lq{x>J_(m^{rLkbxO%dOLp5D1&U?{-Jc41Deu@6URixN zw@mQ}k!`J7$pjEAAFC$b}i8o4>{x>0HWBEgRoo31NH#Ll8J&w8`ETpOS zqc?Jkv)FGt3iq1MY!_OgJr*aVZF8AEPJ?!Olt0@A>agJo#o1j%$eM2Z-kRpB#Ny+% zU&yxdVGTXT4K?P4h;^s)&mVVrBn#LbiVSXtO&57hrCm(PiMe(ij-tNBb>Bx z=jrKTWWudtRA9ml1-DB)ibu9;VL zs}!0XovuRkPqp;5)K$IA-g39IFK1Gygl-TIjgJElo3paT%IqIM0nnvtZ3k{{m<(CF z>=*g8Sh^pJYW>O5+|?xch=;mTOWiiuJ&ODT-S0U%UYYO9SU|Ij1QucjoiSCOR~4aa zV06$2Xi1<$huF4X4QveAB!$Hm;al~-!eRY}m&yK^#ra=mTJ7PP#?2$WQ8Bda0OWiL z35om}r2IZto1yWc2o(c57)SnZ-)c6S!uC;g2C4bl#R9kp$vmc#XS6p`I~DmN`83Op z^?|S5+HagGoBRGY@`R98qpS|fGPRn1eRJ;FT{lY1P;o2B$VUIxgzZf0O2#R~?zQmA z5O0m%U}+j08P)DpettzBVoKt#%PmPbFEd_44zkiL4W5sx0 z@=PO#agwdub=3T|`|iSlch4*Na(&^uZRG`o&5=s>?C#&XfSVE&^jxmRPE1opI~|ge zk(S~o)EL%IanU?VPG>ZRk;)xb!tvr%VWO|xU%sCf6&=3QnX(X={hHwxgdTD`#W1btonh-&&LCN3G>N2=2+pz-Bl!~e2H&PNFRJ#9&<%I=LuE&8}NrZM!HYgZp<2at89AGP$|!l_F=w0 zYoxM|c(KYv`T-=7&Tx+Y@Nc=~h{>!L++BkY|Z^O5c1A5tW`DsS~=`V&x6%o8=(KU@lwJkc9;Cxm!K zsgDjVp*cBy76r7Fh2q3`B+DE!w#D2H>!EgzW>oeJYqq%hOs8zifqecu4mINOW~>56 zWhED^N+m;VnS0{OdJW&;6e-PH;EN{{j%i?frgllz3E6+5bVuG-2uXIl%0V_dMw><) z*&U~89a%)CQpeb_uEdq&N`lUwy#U(_f9xgxuY2*xHbn!f(PcUi$~8AWk;Dis(p7pU z+SSiGSL4^%LeMIDtLWh^CfKZOtrv>Bhbc7?n>fOGlq!6MjA1|AItY@i!h&G9A6 zz{ap`WOed-0Rpc)MJ858w=|_qp05w&kzdGN~RE0+8WbmY=fuXpr z_|Y?sg^yi;O{i2Ux|BU>>{ zt*CP0Ai|sGL)0RUqhDe|JU?KW5}1;B?Xr-#CGpa{)VfIoaq7|Z2J>%}Uom>U(Z*wVh8$^9n-V%-1Lq-yqea#BsOC7-{mFZ2n1kzFVYUwlfR$+Cbei z)#u&0`DtYAT9cs$oXuoIB4c|^Nqa%-0yL}yadEM6$fV^CMzfoASxyIXf}g_|deW~L z8y|sPrNRftKqZWdgn|HCDM+Wp)C0%f9um2QwG&C%iLxD_Ymr*U&-n}X>+^GX{tr^* zB?h|M2}xB7`gDIkH<72J0vQreqm(^ZlH#u7c4`P1buLwNL*{poz$9EA$3Sha+oyP zq3_jy2-%5QFgf8Pd4wbU^@yK&^}k89wjjjeppYY^OVgG?;5D$O^EOmIWc4csd;U4p zNBWrIhlNME44~{~R#p~`*^;7Rz@BYYi+T=T=6S#y=;*v#a^r!hU|`{FRef*p2;}0b z8Gvb|>`ir#!jw``5hmb0=B3!U87kkMvoxU+_w_P5tdoObFJ^P1P8Hm}w$TUo)T$+i6~pa@oH!=m#tHiui{ z2Q%lK8ko3g*})NGw&FoS*EUq+SE!bZj>Wj*?M*pqHKrZO_kF^h=fX-Ag_YANqI{Yj zn{1VepSL=enC`FzmC-1NL9*zmj_ea2F?Ugyqlrxw0pbAmCqtQ1)0OK`|9GAXfdBM6 zMacJejiE&A;KBW{!vHW0vIOemrw^9;GwlDnjofL9J8As5aG9k8x@)dPf>oVyv3njn z0zrlWCw!seyDiSD3MIoAi-Jp_4KgTD^ME|^Y}kDQ4e&Cs{k4NSWZ0;tfmN%`RY%tw zY{_@nbJ z0&cz@V?*1t%b{4~MJ9a}P2IWQ&nsv58ZMtL-rvl=TfB`)G>`^1{?fS`fuEmW5^Ivw zC(q3MTp7v3?v{NfwF{fjj+9U!*0bS0;`J)_@-4>?zwZ^oifxyb*gC`7DOUGTAgi;f zLxeO$1+;0&)8IdtQVy*f{)do>%;J*bW~q46euEZ8;HaxNqYrH=2N{CZAKQrxVUr#`-~^#QhoPtWqu8AiyrrXUqj1PfklYAbfVS=#;W|u{BDf63>@cd;CF$ z2~#2{SdXoKF{qy(Kop*?2XXjhI~9rwwtJ!R1eQ|K4NBjXGj`|Z7>t9-%Z8^#`SiTy zt6{(v)M}?MrS71Jdpv^RsZ~Y*m~S7+h>NOuNDSJgK^P>K6pX<>eHjB&HRnq|+P8Q; zo~_|P1X$5yRVdJqP>fQ1;3cZ238e?-;Xi%ghom~ZGKt({MwG#IToHkZ>R4X@jsQ5q zbfs(|0dRvT9^hwOruq}Q2C~Z4V%h5*^DP;iu}NHi@75&Ak~9ZUfUdB`>OVS?MZ151 z{}_Y8Yqa7b26v){U9xue;n-#N!ZG6p01a|#%-Y;5Bw`R^7N2r0y4dRJIm#sM6zbBB zZdEUwUsY+^5==Mj^Sj9KyEUr@yS$kze}&(Y2*2f8!KS>>>ychoz`ncSSJ2qFZX#(0+CpyKp`K|` zraS$S$^8j)H$Q<1b8+)cd_D&lcsRI;jf;fJxoYBL90JYC+kNYpbp(w>y+)W}N_;kE z?6?S5ni^Q$p{B^HN{t}vwd(nxN??$*TF|u&4JVn|q#8Z~4?2olpLYPX`& zRDZ#kz#%UPq5b3E&jfe{07hpIF6*i#Li~K?_Rxm4MfzVx@-<}D?Ldi<=iDqn{7YI& zVl2+)*mnU|VntznHI;2PDsgqlvWrITbzI!Yk=`|G`q_-LqMfgXV*1WYm}9Q#8uV^{ zvqD?%VSKn`tbRE@3a{OpfxU{5dXgLhCt9w_)ErO-<;c(Aab0oAgCS~7H}Jb1IRAO9 zFc}k{(q;-vUr{0RnC;v3v@V`8nE`egW{Lw9@%c?IvM6Xs>d-Hs6cMzxuh3@3wN|hN z-4|0y4Mhz_J4v_nipH5+-)Kb*Xvw$osU}}SXnpm`<{?)9bU>~)J)hZYY(9T1ULR!E zNe&|dsyO!DX~`v9lR88TPVf8M*MdztLF4xXOHWM zK+02Jt)`)YDfwRu_z`Cq`3s<02bdu^5~m8sHI8Z^8`c}R@$cCX#ML}|KIwzsakzZ1 z{P(&ah!x;Vq5q2o_b)vD`{w^mk^BGs&A=Dxf6q9iS$1!a7Flt#v@jdh^(jm2FnTpABS%3A1H6tcUmg_^Tbht#(}3f>qbh z;cgbWWMaLPJ?Ka0#Pby784YM=cgTx>o8ByqtY39R4SuwRP7mqZ?u)&F)-=$zdl}DK zb5-M(R@VNP_yEQvO2Ds21Lri7^*xVR#%iA1LMw)>hSvW-Z{~YcP!oWQk!+9rIHO_B z_A`n0O?FKK6kKS~On8VUr&fv;$D|ikHNulO)ac+trM#OqU9k99hH(-G5LnHkFWZ32 zof)E`jnSzR)oC0WGO>kr|Jf);am-_P%minPK>zgqKgI=!54KZ*=bQx9Ch=?*m2%5r zPd^^JIR0B;9&r*1Rn!enh_%;b(zXxvaZea^iPrTap(spfyl@!+mr(-UWw+<~mzyNN z$apjh_hT_>aAh{{=m#%np8!(|g#Al0nW3B zZQLw&R@=`qOs=-*yo+qv@~w_CH%3@sp0v0PGHCLU1xO-7TIX!Erh zM~g1$dhe`LVyTcYQgQCJXq%116;hZ(9v+glGL!4JCne6F zw8Gxp`h<7`cG1!^m$Lh0((2etwn?#N@!nU5<9raV9EvOK_{PJLJW#;zAhMo&P}N;< z)TA^BYv%Xnz@uw(M*FgG(oZ5Hr;ER#yK&ZBeg7cppKz3-7Y7+w?e(|LrR%j(Lpe`# z4;Hnp*?X{ypmg(c;?w!4i8vdXcY@FUd{W@48^4=9nWN>;A0IG}1=0|4>e!wkH>^Jrr!D_EgdG;hs;YG_5*&!+I8Av z4TJk;PTlesa8E{_Q^g#^{Tt?l(S_!Z;;uKGKfzHZP$W5#8-@7j9#kTE9R;8Rh z_Q~;ywKB(WV(_~PaEMg@IYSXn`{DJS;HqpVU^B3)S$JH=0 z)Ll)T80Q`zvWG5G$pN>eFJ2vE*e^&%^WiIu`THBX7Wil!{Fyq_H9UL4;*m|^8_U6onzmA%Gd;uom$8~7 zH3xrm$S#D>XDrGY<`Q=oPR{RzK1>*u(qu&#!|xL$_BqY@uhFq+y6U-K_kmm0fVcH~ zc^-V;ZSbE4lvjYkaH)W(H1z{suakJS{m%B_!iSiUeZM>7NsWw_!==^|D2>Xrl-zlE z2PP%vhdVH(jE}2DH(h=Tbr&Ld%W7n?m;gaqICJfJExhU2&xWkEBX2LnT}Zz1MTqBS zT*(&+G1NiNqFJPg`}TG(SjdX&``z3U&a%&8C2`%=BT^ z=Eq@vzW02usq`oz=Y-y_viS?75=RRV=sWL=t z5AAi^m+dC*6jjn_p^4w&oH6Gn2flH;<4OZtNiWU4)?Zh>yJgP^S-7^dcCdi!joaL{ z4CRdjMD$QPc6FlHr5DRfQ8mvR@{4hu9W2!DF@zREo-{^n+ZQh0o!^CJ2-9WN;g%wW zhq;&B-@;h!bPuy-voo$&6%*FBXK%{Lg!F61r0!F>clJbPDtP;Uw;gaXT>bHducya& z0oS44ewWg>H<(m4u9+}ZRcH=>Z{UUS1feg94521{Yw5|S|4qOieo+oWYoTzT@F_9m zFxh0psWDT8`)zst&Ide)t><;pDG zjh{bLRgo6bE}d*-UA(;}27}sswe(XHeYPF8rcscb6n*X{`qI->G2>^E#ILH_swR76 z%BZ2Y^48$2RT&MPHH^^CX6IXW;O}wJ5KX9qQ!2<4PlX3Yi)7v-Zp5v zGF|5XIW4N?p#@81@!t3yD~Q%|^Q`?9i5IdFZGTyyZU}a%b~t2dy&zae(j>*I-Vp~ob&#a)gWDeTAmK5pkF6saB z-uHf={ptM*^P5@gy3RPxJUSgz`UdCJ8etgxv*~^wE3|sc^)9>QAv6bz_4a4=@`ZH7 zu05}%{v5f>@cLc+W_hvQI;cFYQzItGBz`?isaPk4wRI1y{E`AK*0$Fk0tP9> z)3W(H+py4Ozo)Aj)zanPjAdet&=h!%U7gM5=^T~H4+WHi?wCX7(a({LYoqP%;iW7_ zN>q2tcX_Ik@dj(&gJVPfSEF`&wu`nkC(4J5cNa!^@w4$c$rL`9D(oqKw3t6f@rJ6~ zF5`J*Ny9=#W{EV8^WN(xpVxW&Kh$X){tmM|TfY8dj*1*CkbK@zS+j{u1WX%!dfv#i zuFyl=pAEj_AUqYtLKgC>JqKiXT9r&>?uKXiWqlG;_kTxNV*0%9MMP2+df5#cUr&!;F6fbX z1pscugzxl-AmI1Su2V$wHDwoJmSFw)HkuQ*XwG=`K6?(=lh^K}Z?>N)T@vtJ{#SjW zA>FGBet_SKJz5_8kPlW1Jh?fJSibRT;~|=JT}i^x%cgc+ZwrVerXZTHR$6ZF2Byo8 zxJ~c9FBYBn>-QHTB0Vaf>IAvF0S4_Cb0RlKR^ktb}=Y&jfrJ*r=SShqZB*?yY@cz;#FQ9{A88(`I6fq z7++Z?;n>@8b#T(9C_Pg6>Uq6$?{1B5X8ZfC`Cs2YWclLKQVahnpMBe5u}=`t=4Lz=ApMDD{cmtg;8Q1#j8r$Eb%9U!j}0`KKt}jD zpzhsc?M46cJ%5AYlc8nnj$cEUQdzrQ9RkoiR|?;F^xqLE2h3a{66UeIF4(`~q+BfX zG!?P2pt4U5iII$-B4Naes!@kCb;l>{H8&>}rU8bY7j-WM3O$6hd_OjUW7=Zx>$Ts) zjBFc`Wa|Xs)RM*3KN`JHnz^Zax|8ek$k5yN(3{$HIkJ1XX2WhyVlg2j*B!%j^bFgfz$JRBQ}3? zxArDO&#RJuqZ}cyeAg=Xk}iS0mzb5P>h0M_8cdF%Hy3MG-=Hr@*+x1w1fpARkm%S3 z#CECTRb+sbYc%--zc(J~nG|4W;{!j~`&4Ox4sHQV6Xq@dMENJDu7@%I#D#AqZ|U$p zMYg^Bvp&kFMm@Lw?J&mk&6}-0UkeutmwuDQTYOKh%+ukB2YKbV!DsX}S>-e6L>d|< z;r-zWM?O9WG1ureN&a^iw}Drq!eUVcG3y=rLZ1nFyBMvVF{`_1e;EEEGpOh6H7P_h zP-HDCimHFcqMFy6wWhmZOspVt6L zOTU~~4V8e#-#eNJ+hma}D>h6_McGFktm;TqxSl&}`R=Z~Gx=Uk{MBmzc4S`<^ju(f z@-`-YXy!|6a>KT$c1SIL`gYtbUN%K(nA=uQ^O;uu6GjgI{vGjjEuAKUJ{5diL1jZSG1%~wE;;fC ziF)6!tS;`0BFQ`74+MbFuzmEZboy^MzU2(>%vq^Zt9dR%7)wUd$4*6qJ~MmRpc2le z7fD}Wor0z)vP$%jB(-&_r@bch>^>)QSP6ArR>M@9&)46^)_Z8q{`uPNF|pX5mCER@ zN1H==wzrZ8y={v?cm3+wUi8kk!{~?GOzW}TOl8`vv~j!g>FP_C2G8R@p^Rj>t+-3I z_N0fuH6H3>i>i2D@5SJ;akb(Ly|4h+7n5vSx3wF@bG#_;TH|35LF6oKZ})-Ya8ZLF zWqD+~&4kYCi7w6}JYy1WY+lxJV|X_UE7jox+aaCf9HsPKabq>;XCx6Nd_uA%s1G; za@Yj{-oKAc>n(;J)ElDPj?~^9$8Be%XIutsz~3kPJst2X3`){Qm_4hr(A1ly8vH&+ zy%oD~T6jFxSw{ZheWQKYcL<8ir;tz>Z<~CwubR#s86qc&@T@^uiD%Av2ywfsa29=e zCw#kB_Rv_J>3w#h>oxHH_GUk2%prF8*m&w}X>CNWS&C1VM(S*X^Y88E`7C!qTq|9h zf0U2)N^ywX#}Kqc5_a9{;z%il_ItDfQ_;Xv(ZM|DnU5^`t=1+l)-EEa>AwgOB(oQn zu^G{_m$Mrn?hn~Zkc@==oxOZbGYUE8jdjZwVe{$77SLwTb19uCO9Ad2@GHQsd;~VW)X;? z4ii@}1eoz0bQ^8V+P1R%*{79F^=kW)9M8gC1a}L$Vi8w|VW2Q)=yAdqduj?V+eGmM z{)oax&b1#YA4H!Z!nZx~4=JNLO@Y@llV(L%08gPTwHzy=IqN^-d?@FzDB5anDxV|P zS|u|#Sbv5zu-0do+HnM2_i8{L)Q4|Sw-j{1twePnxYt27h zowcMHC3@H0k%?orwg)z#i%pNm73A@t*rPdTw=wknnj>TJ>s#5v&G_G|XbzdbcYI)> zV!?uMI9}75D zhkDm_?oU{!{5K^-2rc0hB}ZkAC08ntKHUCurId+4q$pYh(jrJk+f-J zjuF)$iMUyVKK&&lS$VL$TgO6a`qi-qsyMix(=;`-|2B|knJ zBTVebTcGJaKElE_(Tn&H@q9F$^U!py}MGZ=>gCC;4#&AaSl{i|HppQ~ARjgKpi9(~g=qj5$w?2Yqtr2mDP1O&a4mX0zLIi}zwwMaHo zDoGiy=b#$D8%CO%hQsU zZ8HDcqk|mJ5288k)f?sl2nM5<30e-!VVx>?0>IR&95jEap{F7E!~Rx7$73s@#7$I^ zi2Jc&ldVbu;$o?j>lH>@o?%5(EJ+cF*KXPKX@-=WuA6$PiTHknDJbNl(zw?}b!IlF za50}!*@7?~QZkFC8~V?-U|6n*TDldDcI|H&1x?j^ zL=ZR^{9iK_ebGteWg9P#LRwR)I2yOxekMc9K9)@PW&2wsG)$%gjwF%1iNk!2RI1-G z{aY>N?PwCiPO@MGR zIrV@1OT9U7d%2U*6ZQk6kqh{M)7gE4O;vE6yeIO2-q(|hHJeUqlJ07VU zI0U{5lPijks}~?2lSapsH21r$p!2Q3k!Tux6yVDKaeE9*j#-)9v}p-fDjqTcGDOhq z`7nCv3S!f(!pH^0s)e7c-F-8frhF%dOyu+DssSl#&NJ(gLve5Ub56YvqqE`>5g&2) zXJ7w4?cV&{;TyOBBliWvv}<&(mnZv=mfLOpUgVEzF?3^ji%H$(lo7pQgp2PPM`L z?eypVFI1TLKA5>W^Qxm5rTco^nka6U>F$xZBrIiZSKA_M14HML3O z&W9UVj(6XAyf1SQ5v_M(4w72>m{Pg$69+ly?mF>LLAbpq-ZS)|u^cuJ1~`tnjZP0x2`CtL1#b4sc@^JGw+j2Oj=D;R*WL>;I5ZUl5UX zYqj4kqL(cnCW_}KwW>Kl0>VJ>B)aPp==Bk=qTVcPyY!L}+skw2sHrwUq@ zqIV64X25#{M~c*0VLcrxer@z*wf4t^L8!0$gMC@`)Tp}$DKeqk&KqJ0KcnFgo6s6# zL9&-GNgn9#r}8=)EARV+v)CS0ka}8U+nrswgB1DpNJ3n6?$IQ11H8_!l6XLsFD#91 zWM{lJaH8gGADYjI-iv*3b>%)ZY?oi|0`XTq9$v*%R4dImonV5P3O+nWYj8_BrV*Ru z2(IM55!oeT#cF&v2XJ9u|8e^^V;nKw?H83&9P#4MY5%_7m}z_D+na}ar4oWdw#?D) zgvU#|y);}f>ZPF@5)HJN(bWGru^;#A*GIqGRRSNy#4q{H9)i0^HbI~gd`7!YhRs?n zV;TIL1@%@KE2z=YsLAWG9`F!r-i5Laoz-nfRB!69e|D6B>TS0>K@aDirrBa21Zim> z_cqUS#?)G=yR z$KMlD!aO}0+_u$onX)t5Wztwx6Q`WCaT}u$;lIx;J{^ZLGhV$v>ox?`NsU^0CVcnZ z==`S^gE{-JZ=ppNk8QhOQhtr)$jkaY^wzJ-SUegZKXz+u(~%ov2GQg0?WQXz1yW^o?RLY0gfjB;Z6Pdi*)x zdX`H~8kK)cab4;qIAA85a+> z{0Dq~6FEa20dCiOB`;A8#Ksb8R#MZ%&n?OIBnd$>VQ6YEmf!(DPg~`){bZGrou)0+ zN6@P>jfylX98*+ZMEXBWz}smeLue>s(1%bAYu&GFr*)Nh-@rM3v&b^D(UQN=RoKfZ zB$J-)6H#XWX&j@6wcmM9&^-=!EFgDl_EiGW(%Bm=`{smqqxvBef|B#9&gJa1Jj zL;W(J?(A+RhsQ-5b~>mzkuU8qc*{Gx{pD3x1jhAYWEAF;3*hZ%91Fx!RYjg-u9!Bi z-o0n$ygA*U7pRGSktxc|1OHQZj$N+?j02cF3ry!3EdHFtX8N(6+qm7f>`dq7Vw2C| z{kK#9XN^1Mk193UBI(LRE&ItF`|>Dgm4>47gkfY^=;&?-o=3l{4fRGBT0R8aMt;9= zZhmP~i#tzF>y7$*ZyJua1LHg4Y7{B8XTPi*O`ff`c4^Kw7;PctQKFqJWU6pXc}kCFt>Sy`|W}cN3xa zsyDvBK^2?fve=}X=>h6HSqgLTy12-}S}ps56g>I|>!Ax*0IUkEL7fY&vgzBNo@4UiRkS?A<6s9750QY4PQXP)T=C6jvtZ|2^FBYo z&jLL&9IgQgw(H%yEX#}Hnn_kJP8p+jG!i|1u%hSA653$! zf9gA2%J`9Mjd00V%o6DEl!yqx(WT-rEJFt+fe7$K`NqrPwtXsiS=em*ZM!gxA=O3R z@knU09UKA2YK4D8=bSJltu`|@22f0f=Z=8WO&5gJ4yFyPIPy6TTy`v<=Xj;o9zxac zyTz$q0=+9+w*UJ2T&HX?tew@gD3;}n4M~`^eA-b${9@2BSF_h8+rZ0ur8>BU;thIq z=65p{&VAh}EgRY7M+R)D4}6MYa(6*4@Io9!aI|Q0Ij;sdn82L@S*00X$C*K%FDW!p zVzNr#k8hR$%u2?p&%c}Wdp4XcsLfO z-u7R%?wlhgWB7|XNXj<{6|sxAKyt7|*REW<=Cb!^FG_g3Q`DLeC>Q;<+PNfdC1g2*}!U0OI6iY z8X0%tsUT$YH4nb4y~F3cVYOUcHd&e!QIbLv37n9}?%h(zvPUwfUUJ`uH7vo{C+k=T zk+jRt6RKWZHfEWZ(*&240<*U6236HQBf_Sfx9$_T^U1qu{dQ;3+&JW{Op)f=Fu@>8 z&UuxLx?Jrv7q*6G3CZKpH@8&}cV?SxdVJT1z{}7W-{Xszc}TKdrQ@z_^?5t_;+X#@RR@4O`02>K5DC-BkHG72pc8^x?3I0w zSE!_E!xJv(_B;bbB^D@t$+^XYT1O7o__>cN)8Ea&I>b5I)zRd&i?j*N4k3uF z5foM47rJf#X2t>x*M}6Kh7w`PJ&$>%h{zfMA;RvdPbMtNV71XQBy^_IPPHynzLfD* z3?yE4Fl5v^*dV?hYQ**Nqxn|9^zze>?V#&ursvUKFKRk`9xv`~x?%c`GwsK5r>5id zj9AnZ&n{3?4B8GCPiM(_#F4(fyIcJ!``J)T+|TTK82TPG{NMpyw=Ba`-y(beik1!i z6kS2cq*gX3rqye&({o?ddy_rU5mBn4{495i6d?#Nq`-vfgDDxYPJUKVf=-S@Ba}QeP2UA9t;9ok(Uh;4#y#8cp7rm|Bq%GV4i4epm>dsabi1+hD zEuzr<{Ob}JPMFfyM~`t0DxJ^$)Nm;@2eNQ}7X&%3DcV|fbW})w&4Y2abJW0YMR2EE z8E?5?rw?gHq^hE2VcXK$3~9}q$hC1;oX04lCE&IZeemhoi?>#QSWE~K>-&f#(4w&6 zAF(}GiB$2UM~uE$M#%-DRiW`)doU#$z5$W2kBE{EL_)>M3Ua~3utQWJAJQdCHg_{^ z`4Kk5Lr7xM*U{E7+~&?hn1$I!@#}PJ!lKdn|0IAm@MQpV*#myZyS2kCk?@O<{0_S_ z-PH2h+f(t|1Sw2E!0-6BZ+S}z{%QShIA^o4X#8#Fo;CnPOF}y5I4s?j;oBTEXX>Zp zWkd;)si+LkX@*t=H@n34;~Avwqjhu=KQyqp;Alf)0FSmXMHpFYnEM%yL?{?(yQ3XB zx$aK4b{SWAV7~-e$&(EM-d^F%&^9oc7W+iKTN)+al_~9)S)}&^c4vN#Rp7~LBE*7y zpw{nt=CXHrEJc|qc6+}5c<@6MtgIY}pfFaBRqS?(Jsu*Whf9f@%JKwQ+arWr?M3U~ zj}$L&;pCS;Vem}M{_?^u=tW#nk4x&&W-KB)%GtU|Bo zVx8KaFhNkn_nIcJJy1~R5`Fx6?)!oWiX#eZ*%O<@=-3L|I#>Z|lY{XKkse*<>;%ylw7c zE+8mLii`Ee$K5S6%S|4RqY-baI*4VazY=UGvuOQ#rma2IlNVdx+&dF&(x(y z==q6We|nV)AI$EBmuc_C8v8ii**#?KZ*Tc+*y?PMF<>DR2qY0NPSm~!7g2^{cWiH7m7E&H?KNQ zBvi(TE*d_qimorh-+qJ3z$|S=b7cF&q6fFf7*FR6tngg{9cUKLldDgxtg|BjzoJhe zh;Kk@!p!!8)|Df)f0T7wZ@;IjLz;To_u;ImRFj-dvsSSRSf_x;vSK{EWwr+|+lrUR zsKN|x^j~w`vX`}=)L@H}02aP>o_oFc;)PP%i}DGSbMK`3vAn_K`0pK}V5)+SoOX!N z+sl@;`!)1vIVCEP>H|j_OJ^3!*s2aPAo_JRZWKgpNa(v&6mJ;7$Qm9anmAElb{&M+ z&2nb>wB6z2&2>S0q>R_vRl2rZM+}ec>*YB!?J3=$VEHolZ$P6@Yx>i&itx#z) z;fbBA?ouAHN>qp!JaP5V@XFL+7!L3E7Tu3;{XMSSaQ^Q(Bk#}?2G=sGhP<{>W1B6T zEPNPjyRM^Yr0VB$TrBvoPt8S&r;c?p-f5f#dk5{uHr;pdu-+UW_>TGtm{^8I!Kh}- zT)&`m`l=g_8J>@Got#W{N*AE!j}RiPYmX=hk)i1Q7Vdc*std?97m)Y(Clo`3u%Kf;aIHa%EW2)K(t6t`M+z!VUXBiPL)N z+QVjKj2O%|R$pox2${aF?nhtiIQfkD2D>tFc0>so95;B3X&TcDxgiJ@<)XMz1`-_F zLgDQOZhF3;$rILTT)+`IS{>U*REicUimO?RN9tMu0|7<2kD|hnetk;l5+(dComM$8 zIs!g|HUz&@lQx7Rh3N|!1<^n*XHR9tN2UzxVSWT=@POodeu<73@G@C1+m-6kX9yXj zY=fX6=Q$6N_dIdDWqq#p=x|gX37&t2)_C3vQ9(fXIrYU^A20;Y#>k1Q`ZOL zHs(*!>y=)4Hu=_3FUBC}yvgFIL6mpy&k!g$v~$ykT$~Mzw;s35>6$g@UT)9DF(&y; z;=(Bu2CAn!+shqP&cIvT;-d5gKNLmKm!Uc#Na2Vexu6t&SCNoTTBq+zqrY((UL0nQ zNU%`-@3Y{_9R>F-Z8kN&qx8uR1uXPlqqBSg4330MkUe(UUZ49KN&94?brTK+P|UL> zbi@vs$Bp~Svh4`0j)Yg<<>|Kq&DlUrXw=w+;*beKV)z}lO9u=YgB!12YAZHo&au>r zC(cNI6sWPF{J)G0b?pZx?h`^m#t^IOK4~CM6HP&&(GIe=Fccu!%HkUxr6@E1G{(yw zyAOc@w<3rfjFNN5SU_ZhM(tub%Y@iEd@4mUSaE5C(P41!-DM&!p~G+sQ)O06s<6hD z6d@Ymnn-^rI|eYcI9ZwT#JSbG@T25$GS7Ot{kK4fPCrDe`(z1DR_XSVSm{K98UeutmAZg7(F84k_8)h%|rNq{GAKN%ovs}61-AWNdW=_!*QV@ z3|1MNqp}bHWn& zRwVQU{o2gg#A#%0{mpOLt_?5G834@Mjla@Rnnbn>~j;$ zuxAXDlu7gYQmRR~z$?>BtvpG?g8}iN6?%vMlb_a4>35@(sqpC8^>xYB_yJ=C?0-%l zo!*mnz705L(FT^4;Cn~)&s%1JLRiQr0IpbhWG4t1Wh4>&VW-~t;$|^dYjZpX8!K2B z?Wp7WFN=r|5povA%|hHV-cdT$o}4_W0Tlc+_FGSL-SybLu` zYRic{O^HDZXP`hDiD1J$G*0Wq4H~{Jk;@TQU}hQo8(5(_frH(OW*Fs`b9HyJ1fV!Q zIX@plq`@3J{%ZvFQPcoGqbN~H{Q*E?otx3joJw(84L6b-9ac6UjJT;VvVevLuQ%qz zc>*CD(Vh6(fB`p9KkH_oSI=j(mg%+NV?z3bZt*5SH4YchH3QHX5+q@`b&Ogg`iz38 zh9u4`DASbz#S58~AQ)=N38rxYQoi&n?sUW#ub@JVYca}Vw$iGw{x zyMJQ+kgQ&+o(B*j&Qs<#0&GU+y-{&-adfg#xRm^rz=pdESGzCohwilTdeB4P0kllM z*GKNIu6Fa^5BH`kIIZSnlAZsSJm_Rvg<6Vna18hN1FIJtQP6Q$G+mp$0Gh&yBBd`c zM97GU@^mXI^lFv>8p+$seUX|NZT%n4tJ!aSiAhKR%3=|l2?j~R%JT()oe`iU3jg>K z3Wp_lGtXjUVSynq1vj^ggSoo-2D|OnfeR@h++OMk479hmpR2VfQBH$*2Ri+?vnPfS z8QB{31XVQRH!4H>+&ZeUQbs*j!sD221k0?}7N!if=$9wmM6Fp{xsg!4&~3u=zL{^h ziMT;55`T|xJ~z>U`$M;BoV~JwP~Q|%(WT*PI8)87h~v`|VtSE!;n$E5K3Srx^uuXc zEx+xv4na_nkaM(@-Gvk()PpAJ$R*EtmwR}b43~WrG*jXyxxoF>8(kzGB6Ugs4Bm@0 z5tO_Xvxa+*@p7FC6b$^|eqQ%~Pv`2a?rv@l=juv;)Bi_wjYweL)dMK3>rxfR(x8`Y zl>GL80iw5beurkq#paU}=h?ax&0E!4NuK3g$xz_(8trBs0s2^=p9*>@rB$q~-x2W8 z^NHjOl~65krzUMa`lBwIlx4(Va1%hX3s8_d00-9{j>o?&=J(h6bgegn;AOx+cFWco zfOH7hYk0TT`x%gA!^*KTGJV3ZD#J$AEaA((7)s!NEJw2c`SoZ(6%Da=>XM=&TCl0p z8OW>L3h7a(f;*+@0f&)6;mEe5t*CAmthI*Rl1dd*k&)DpVt61lNNkDk$Oe?^gNAmK zqX|!_rjYB|c81|LI_f1lkh-C_vGWwK`#VW?WV~$i$hwMVpIO8!GfL1iL5sBjW4n=* z^sBm1<)eAAGP84#ZdeJKFsT<;lPpB#MKX)y5CxGi>4G-k(U{q)Pi>N-w>w?uc+58M z=fQl|KBcS0;V0;DeMc)>JH*amwBFC%0WLj?Bo6j|Ik+!_wA`4)6qpx<2*3>%2#5{3 z6kt0W!vJ2=u<&r;45x3qN!fKl&mpkLl$6;xT4|1)!i+2t&p!;Q-jzm8#GPN?buTO| z0OF0YQq%FMcv%Us=ptd_;{z-?-Q5Km1#$puZ+FIQ_@%xGusY?&<7@*V8}$qzXQY>p zbvrcxxQl-QG}-`B7(ifdHT(GYyR#qkL-1_f@F8~A6o*WPoD0Y;m$z8bdO_L z0T3SmmVyNWr6Sk0AbYaRw-EnKASA|%Wr>xt@d9dt2>3r7crrm-LwVLrn}cs6yz#5k z7>|@-$!HrtX8!mK*M zzA5Vg!-~cPz@K(jz|!lGbV02&~>snTDy7DE6L)QRX*c!T7Zk|%)T>bIX^ zEex8Wrr9==#I6TQ6&Ar zv~w$|P|bvBLg$Ou1T>lS2#|g_R9AZl@boKrAD1EpQ3~r(!;+Aaas?xW+ze-sK^Om8 z7p;PpQVllD^EraYOb`b;TK4Qyo$?Zb{ctFR0nEgTu+SVuMOZfr^Wic*S9w*W0f|?0 z@%TO~MUNcR73qayP7-gX%=v^GNBUV=HDTBsR7*|CDL>JrUfWuzoT5zslSR@gL__g2 zOlGcs80h3PYZPK8*gLU;u)=#OX-obvDDW#J-~LvBN2h9wF}$QKgK6_=St=G6vPy5P zR!fE;p|d*dlH@OpCXNUtNQWXT5fcx?(+Z~;*IhRLVZ%%T6n+$_4g}~!?xaSL{7B|4Y*51ZZ zF{D|{iCBIA`eS0K6vl+bq-81lSP0*pdZic%b-Uz%hNz;c;qlT5s(!;0lG&ie1fuVR zpp?@%*tyON#pG@>5iJBqwI6FtOmYp!3|RrIDD1@g#?N}`wJ-`KY9Qd$ijUr2 zDGt{CIE&?#1S&{Wh7`5(kERM07ig$ijaH^B!I9vo1*i##1u-5;$RBdi1~2OEa#$^H zFc2kCQ#gyp)xzp=?6f0QdMZ%aLv64d>+GXa;pSU&xM3p_5JgBVU{ewj<9P@HwL8oM zxWxHCqzxsqqRwkMc!1H`b$b-e`R~a)a=UJ<3$I)5D%9;lpQx}{wWF;^)QNt z*b#PYz>F!CNf^dO&}4A0GOUy(!BCxNJC!h!;s#OL?E^TpaTI0nV?+ONq^Y6>D+$Z# zf6sg&LO6&p4U<^OCCeil$)JPtDl$oA^{uqpBq{ewSA-0-FaR-D3D7hITrphntzqv& zLTCwDwn1bo@e|M_E6_k}uEXzJGZ(fpz=Z%Y;+7hOMd^j`|6oa@Ys^L6-h|e|mW^r~ zK6e;4!hWr08PaEq&6LAAm_`{B7+g=R8!F(ZGV#%UXEWtM%`U^>)T5D_vhG`oe#ffd zrU#P&zpR@Egst&Lcfb|Qn&vLAHQY1$e#!t^ytZ2QF@j7qMbUBRM?aFIEzt9NNAB+K z30UxuMtC%A@=)25hfo9ocuT!uiBzQ9!#n`K@V|R)eX$Dg)VBHE!28I*V=Wl{aDE3O z=Q46WB@PY_2I*G5C3^9~fn+LGE5Z*VUgN z0isgD>B4Y4N{^lKycBLzMfk?i5kC8nQ+dNG>OP(4!SC18>&8tp0Ov8%J;1`5mzU?H z3HzUrcMiGX-7jlTx}172zSZlfrs!IxEFSR~%)tT$bTL&H5hJ2rUQ2yx2g=szOpIQ# zGL7s9qiB}_pnL$dsLiT;n%*grHhIzNb~4WL1xjYhu>ZRtEvA;4GUeHL9L0BSQJE!0 z2wV=a^IgI3&$T3A2q}nce+6UbCd;uS+>&ELSITX9BdbdIq1_xYVf_?#v^Gm zHBE$uF7tcIM}nih^WQee*qW?POb-cSipn6dovTKJdz*{ID~-<{LUvz%*_kjOT;XE= zUIj_R#TTK#^kPRWG>n%&BhVu6m!r_)`!XZSV4L8RHk$d&>c~!?Gi~}X+Of2he>r@@ zN2KolEu-_68^niMS*Z$}YGEo?M}4rDbwrN-r*VSzShZ3ykCLUUh*Gm7|KccSM(|g# zLTp+vW;Kvx;Xv&-l&#RMO6E3oyr~0VCXdzVJ;3b?pnJnYg?Kgb2Y}u^e5OAT;OG2I z#!10voA}Eb)%j>aXnXhia9)6g#TwxHwi?TJSZ;5-)Z?)n{<~LE12C@DnRSKeRv7?E z=Huhz6SbjDD$4@d&t&J@W2Q|m7Qk9~!Pp9;rnAmq6s@XYfZW>YPrVIb=K*e_p>XQ~VV1fcb1DalT!+NcQ-R}6frzW{q9Ag8HEbpMmP z8X%hrsU1vh-eu$@LW`>|q1gOotgCBIv9qQq^xp3|=aB&g(kEoxtxQA62vMXizWP*$ zTraa>&mQ&#mO3YcLlK$;r!>9P22nz(QMykZu@D|>hxe&0HR>y(%{Nw81pa_8KcS%# z#Og_WX8m^r$Kr#aCYJhVg?dy5KJgokCssVZ0Xl^7l&~*XvJ@vn8V|?FJd5-OQH6ZI zB-Tm#OyY7Y`cASwaWHBmm6uo=Y*&4RxFm$4AO=-VD;#R6p|X;zK|5+@^3s8nEL5?0 ziXTZnS0^~N!~Hb@?*Nm-*o@V4#!}QCCc35E9xt7V#5z?-a}wPP$}+>3#s{}d-xRT4 zA7}P;v2>XYKSx9*vz=eW*Vf#%Wy~HewtlyJICG>gp0b`8rAxEF9Kvu~l2V~(5}Ihv z#)#Lew8_-ro*YmpT(!G=r7yca()^YRf*G71@u`!6or!bkb|Vn~#dC2VSVU~rw*P}e zx(Edlb10!RuxG{U@1b&qR4WpkcJ5F)xyw~uztUw&Ml-%hfX~clHNPMf1i-9Hk-c6L--(Z;BH-V1!T5t+bMn-=h z4wZ9N#azSl0)G+o*X((_hqRp+tg8GS$)Hb>NeL)a&VGus@UmI04$jnpBgMh2Q6od> zUaHk4=D`sVT)F3vKj;?&SI+qKP6B=H(km@UhW^ZU zwOWG?9hL@Tqo&Y!9jHa`+oy;QMkm27jt0Lmk?p{2_T28tYm>h|jE;>ee2ISX{LlLh z?Vsnb{X; z9DH$mzO72mYS1c!nBX^k_`BHJz@FkSdNY~rkD-t6I9F=>i2U*KkN@yH*G-_Ln`k1Z z01+QF4fyMLIwtN1xd{vn$MrPfZ8Lc~o}28ABIVXEuYc$?=j}4n4)}sl2xW@c5o}cr z(x`3D(s#g5d)LU*lCvC540N6^fnrKgom1*gJkUFh9Y)DBf(zAA`B4yYnO0M{h3`~M zzY25X8`n`Rtypx|Q( zy6Sf~Z&!pwu2z>44gsHbt7fo18~ESAL2PIy)@w#V-qFi^mL2H!_3`GsE zm6tF~IX;@OSIL<3r_yIpic++5;oHhXi(1^DtQyulMv%Rc^0lPrm`*HdC3;J2kC$@F znKyT_1)+V)<2wtW`?{NJi=3D>h6II`GC69_DLPE&yDdJ@^8Jtdp5D6_f}CR!=ik9? zB4Sy$zbF-%{uP>R;^lFwtofOQt7<2izXXW-?DU>n0eg-8*C~Rqlgi(UHF;hq|FW*! z(d&f@)J4ZA1cZyM%2gef8v8NsbK?*}5mk??2#FDnmBA8nIm2Vuq` zg|c>6Ga;fvQ-NWZq_}udB(-Nwxyo!5cn})rsO6b?HXx8k9;f8tP?>Apd%2}^FN!qA znq39nl1>VNiDG2288XtR1)ymJ;ab>ugd2_2cG2UBDoO`VuvCC(EUIBtxkP!SwDcka z#2K-*>vY2vKPP*gmIGKZ&2^r9ruX@Yr}vh+<)ae8s=C$)+ z`DX}78S6wW)0w(WU0Dh(yAc$~MUz0{5ivg@D6cKv;vOej(ik=WCo`=e&hhtuP*3y| zSI^cHIHUXw14$bhrjK=)LTksy$t0WcunE746nM$XZ0c$6{{f7+N>uxXxrGA9ALR`# z+rLzTFzVF7ATrdNeTs6qM2SC=lfzG$;B%#0>X5f+N7|VUwM7vY?SQ=3Wib{o&Bt-Rvmd$@l!9K?UVrN}i-vX<7Cg>#zKe-Uy@o29SC@oosh^&chGuRq+V?p8j5-o8RG2wEpIx zo;H?3w938v={3gHQDjsU%iHl5=(+BDvGl*Fi1(SL(St1+b+sOxr>s6gOZaEr~~ zEY5^p^S5pfI^PUbY_I*u&Nhai@5uuBl#&^1T21QOpL8l*QNG^KbH|{gR81QS)F7Ac z=*glJ6R$nJaXr{?np|91kdL`hXI#08`TXEhA8#?)$Jz4uC*T!?&i?A+OBqbS$;iLN zGor2}*8jHm=L?L{R-S{0V$S)&&S`e?J5Q(gkThL~g@$+gT_;xW>WTxEdF1?)1*#48 zt3#IeMtswGo!o)RzJjNNlwfm4MNZSY|0utjQETAZn*Z@nSx&}$u|K42I^VdqM)rBP zbu3n{s`f!1_ibgxfe#IaS7;tb-W%gf7UF^O6&Gtau5X&%ylyWL>3D|x4{hsby*MC_ zqcNa?9004CycV}d{t^ArcRLqlBpvrZFeN_0i)NmhNF^9M2K5}5I$X{J02$#nZT`*p zH3k9u)9OBZ^#-H6`)9E#z-e+hW~FM>VmlWtg!BESAdmCTfKN<1QLHOV92D-0{`h#( zYScDoCe4tBrpz}^818!c{H*x z&i1r+=<04ttgK8GE?;51@(_e3!V4clBRR*$ zDeV!ir~|=Y@pcBpF*P)~m;tQw|55eUVNr!$-!>hRibaEzv?AR|gMf60GDu5zi%PdJ zba!{Bs$)`79LU-g^#-n!sL3QiV-vI zw0WwP=tYRokTAYRkK0|t){yYv`3mn?oh)L0Z~G_}6L)-%hX~3xY_BKPrtq6^uO+{k zh`(Ta2(!2u8=rI9=5)UM4&2qfiy&3{P*$DlKQ9c2wy+rB`Fahz9jG4af~!PN@)Tai zMiRC;Zlra~$6<(VQFtM56A_typwO*1t1z$HQl)Y2?pKc>o0ks}ExS0G7$)Jd!EVo! zQATn{T^Jp+dQ_%2+1eajRW+$8<-f9WFChFQWD}P3qVfs#O%`JsxA_!`Xc0Ggt(BhF z*{li5_Qee>&C`q{q4jwPeKy*Y4VB5MlVpj8ZlOLol*$ApDd+Ot=Ij3eZ;V-^oFX$cS4V1ETj4~?-B4|s$jra>i__W!R& zdKpTF)t_B&=#hot}^@k&fxLw!?Il5F}ceOum47&YBMIR?wPVD>_hH*tQcJ5Ao13F;VAgcI=9`LU;ik&DpD)LPq(Z)q?3EP#Y@It z&I7>LLkGHCOwgjuE!~#NBZOB|$P0GrN4%HAi{<5!Jqo(NShPtrjMrAgJvuwzA1yRY zW@|J^ae0zX9^acj9AcFp>QFOa5dM0fqXF|6 z4`;mnr6y9}JM>2*W%*lhin?nXh`8(C_1&k1>T#hxzKb# zTygRS%1NnvJb5Z)yjr^G$1IFkwh_Ejz`sJ1akLWbn=**xlk)5g7h0n$rrlOd+#!o-uc=7Y`(mP1Kg7fz0jDvu#vb7$RfF!zL~K}eazO- zJ!*^wvbq*;Ve1yMkyP5;9P1`ARK;x4a}jbMYll?#K~feU38B^Cxp8WuO+`$t)#iTP zs18q-l_D!zZf=&v9Pf3)2O&r??bix=q!#&%*85FK!^y7M$*)X-p8KN~ir;gw?;78w z+H;+ly}Z04C`9J+?beF-O}>kA_Ac&v%AmJctOKXr(q)jO>*`R+~@1`3k!e0{V$(s6&DIdONhQ_Nnv*lgo=@W&xC zzSB^xNN4gDXUomOo+k2#)RS(Q{1s~%-W>ju8G&Qlh(zNF2w+R6|klRXh; z^->E%YCtSUlKaJCeZ9UqGmb>UWi5vF84!X6@z_458wGt{tcL10cv6U#=+q$Vwb&Dj z#uiSp07|lV*cz`$TR&Q$H=^0FtQ2&3x;pI_II9}IJtxIV|4b+1zCK7gjigqP3EBCX z^=PJHi%Q*eB{Qwn;ICJKib<{Y%$s@_BUde~0Tqjy)yS(|w)?EBg}D`KC4cl0VO58JaZcdHgRIlpif0=fpl^VU>-cF?#7te+;8Xo#8;{*;gP|5ctKqhO}Kjv0sMZdEjS^nht(a;%{Exz7twt zPLKUfCHwo776%7AC-PjYk@ebK4`;@WknnVCa{?9`?cd(GNl5&CXJeCgcYOvI z&7vO!(tO8{aVAL3R7in=Sarjsy=O=u-#>ve;i-bL%@`G~*pL&S^sEiwhyw$UO(jEO zkB^VD(*&`-2ki6`Dxd8S1FbIy!j13h)NGMz`-yP?gt&ztBU#w3+UKg45_b=0d7!{J>*tlF!El+W(HZdL$9|RR zxAJ<5PWK=-?u)K9uFlB+lwo3}ibNzHuf+3nF}oa09PTHmf@;=rf{^Em$>(jLO-q4V zAs7qKt4@&kr)YIt5%g_x`O0HW5y=o?8uVGRC-foPt}1RyUckc%m)CBc5W-@3Djwj= zUqY&G$ZHcPR#wNB-r3BT4OL$cOPVglJ($kXZjmFBBJd(7m*rVBU*cZ=8jO|HWuVy7qDAfDt))EnWv^T)YQz$;HNwcOV4$)Z}^#&ZSIk7ZIg z%F0nhA{5i*27~z4DBQ)m#@Ef@6RbX8_s6T`4|ZdvS_NpCn4-NEEz1lJ`n?)!np_dT zbbNIruELQ`70C}4a}LToy!i0*l*m17WZHfrycbZC40%1&mQT7(V|YsSPv%ySNT-g4 z%1r~DKQEyK>T7VUzBar!cZaW}h&mtjrx(V@OTaf}x+xsdg4 z7d_s65>KhLq}{9W)CB>|%RTM9FB^|LF?)Nuc#G5ieeT-0d(5!aMh$*-j3Bq@(5U?B zRAkWP9(7}>bnUvH_$&n5k7Z5W@jRKBXpZOV=uhQhT$trPyomF*XR<9x1c$z5HC_rS zT_3(NUB;N(_@J;@w;3US?$u_nM?mg*+!5HOi^=lfdRJPnl~Z+o)Pk4@qKZwgM~L;@ z3q+wdKAdpACgI3T>m9y77p-%Ki@a>yIYsZTJ6}NF8&1JP7;WduuGNi-MBJYl{oZbC zs?im`kI}cYlj|R4U)}Ql;_>wf$5ctD`BE>c;WN_dvKIFZdp*7R2A|;(WFk@c zlr=WBkM*MC)=)|OG&^^h?&F*Fw~%TJqQ0}cC7;q3y9;|yz4>kj)1fpW$pASLpR8!U zWJwh*(|6xqqhR59-P~L-C%K!=X5#tAwjs!f&TeFn*UX7}C8WL&BkVJpl7hFMiEJ<^ zeWP4#d+``y)!!A7Duk27?NA$`^a+W}VhW|)Ww>CLn~CDWf0HD%JHhfV;_xkPfZj@s zF5Y@Xn?9k~YBIml>fV%sv_x%?9>#m@X!P`%d_@=}ZbLfw@r)BJz3cnR*cdz>`Ts`o z{X6;^wAi^dQ{@L!9f51a@44+un}F33ZtYWNHaT0V%_kK9b40&kKM!5x?&f|~9Vrz9 zv*i}?Hzi=md3Wj-KAhWE$s&JR9h4>DyyLxkp5r3zIYM1No_LW&4X2DCRj;>=@(E8( zy`I@pWl#tV3v#o4SUlTOE}5&YS}!ph{Ty4QCgidC6uI$Y`(h`wz;e1cG{mcf!-INs zi?Z=e%+~SWl@z=p=tHeL{AUTK7hIhX?QKDFC7%su%;~1weKMbu)#iTLC52!I&fPrU zyPz37)1B2cZ=Jinu_X;;*C$UoEe8H}_6|Gm&3J59Xa8dDbvzpNm=3p&rbVu|zmC=^ zskO>S2iS~=p0F{qnx;###H))sdGBkx;lq?Tn>wq-zZ;rMWPi85Q(>hIC(1_T)wpbL z?<7LzI_e-W{+(&{>oUR#HU%EOo zv}~c=WGmGl7#4(*qmA*JgWb(OM?;iFab?YIcqnG1m|+_HFtB z;bc({SFqQVX|Lw4(o#7O&Su6Lx_X!}<`pb8y@elo)%RS;1U!ufnoy-e5w4xJ{&hC` zBK1B{r=h&Tn?lJX{LUpxm(#I(4Qm0F9|*m+U7vB0IfrE#Gqb)aYu)Xr4l%K;p4U#N zJJpPpEW?P^qS^y~&o}P#lSx-|F5B@Rew}0)8?-InT@9&Q^4vUS+t^aH7CV7aA0dskHv!#lg?Lc~OWb@S^O` z_JJy|w%eSOr|r?u&q=t?y)k_A0FzlQKV2iFtH!!(s;otD!)K7^>(14__CTtTOH4SA z$nhDPUB!)C6~Tx2`C^DHyI&_X?cnOf&alm7xjrI^CHYE8uQ+w;vS;#zNXp!0NEzx* zS`v>Q!dB&MY5D?(AcC*@hz&`*XI|;*1=D(~`&s+j^LgGDrz>3V^SdLFvb)Oay~Z%F z{$DU=oogedc-|cACVb;wAJ5Z$x-BNHtNu_D(w#4{nSA)gCNEg_UYLfT6_NG$Bhk3684aEw4Kqru^luUp3HEZCjbLrQCIj(U z7Q=?AJlmBH)Z1$Fnf0b0h5>?Jat>NqQiC?Fw{OA5x@4f=b8z?)2iWgJWr8~BcHO@4jtz?lXm5=q^4C{ zp-*FK>}AdRD08927pXCif&#G^zTefJL*oWXTX`If*60W0O0=?+vCpSbVuRsOC7z>@ zPEED|Ab&uL6cU_x!T$X?d4DCN)tT}8JD%>RQ8C5CC}}Kzkz|dtD(&*~TvUcU1+u0N zvh$zXJi+6;)}CTb;9lFW)X(KdRsMFzziW10o=t_YXUfTa{5{6|jq5vD{#pGXE|7XC zu_YuUM|a%$Bi9^kqQQ)u^3w6NK-k7sv9||u%a%<~+;SiEe6I=~jm?*C|DPlb6X98B zEV==q#q~6w*RDjv>9bHN8Yc+N$L1V~%#y{@@4tRtg4*PK z#N2t8ERK}!QHFfpF%n&ef{sJ?Y>|Q(>1V4zf0>G8YA0q^4?e{o>1f*UHLN$TeYWtg zIxV-1ITUYfj|rB%h=_@m%Z;d!{0Dj`3UrmSMw3NcY84l5FfWg+r>PT8u1<48cuEa* zo2`B*=AHF}O8F)l?+0u1rc1x`xhtt~rZwH??YIAPi8zzJ*&_Y9HjR>5C|j!KSark2 zGvxEPTNcah9U`7rgCSdwfoEMQI5hLlYW)u&^SqZzaSuzy5P9O(?0GFHc&A-=*it=9 zd%)uA>JFZ9=l3<3f*zNLNh)u5K0(=2Y-Z@oP0Lz+PviTO=7u+lpzl*L*sr}>a8+7z zeI|En%Jg`r(`6ly`~xBY;EvWeIJSt}ax~YXMhD4avh>CIvELd;{4@&Dw|^tt`rZu* zkA(A)do~)^p>fW{m4@7m!^UY29Lh!}?A+5iP9z%igpOUmd08SC__H}2qj0`rN_p`r zgDz{<1Siw)e0}?q%+OMUhVr#`Vgdps!l%pzW1B|cH|@AGec`1HaigO}Fa5e=Tw;wT z2qQa^)9zERC+B0r1cCuS&JgC4xt^U;biCj8rh&cUaeqIYf;^GGvZgt6+f(!Ap^*;B z@j!bpuRKrk8?wK}3-%rK^jx3OybgBiwW$l!;ok;6HTmzT^Yte4KARkoYIff3#ir*G zqLc|*5Z8MjXp71(4e2xI{MurMvMn}yTgyIT;w>KFp?qmg>mdAnjFKRfL&s@AwU-Uz5BJkJZFP6rMYRu&VLp7#W_#QR#Xi+Bv@hx6 zX@RV;O#1=qWD124VjHskRgR81eFI+WCz_tIf$<34T0E;6`jM3y-f&U`;_u2)geHr` zgvhAgJ4bctHsqtwTif@i6tbl6u8-G(D7^(oPu1%vT3C*l)r!xjYZu}~FmcJOycV1f zP+6Y{6hwmD&_GHZ6`j-R*7W_gi_e}Cw~e}#|DX>+Bm^im_?ypit@e$`PFAI zq;9DJlSqf+&yL)fK6T;#xT2sk=2JA4Y>KQQ zSnwmiBtOc;8v?Wcttrxc1-FNm3f11Xm;jR`rO8qLCb`FaoywjHE%UV&MGi>ovE7@m z0AH%9#u}H3nz~ig?{2bi`py#m^G|*KU=sJo;iZw0$m3(v$-91yl676+yetYefv&7T z+*3BaSI{u?yUO&F+u26e(OeCIUX}M*<%SQCc3K=J@5Hf=?zD=M1-$y<^_>0IYpK*a zWsXy)$%4^~e-$M2{W^=b`%Kzc$oRBiNy2YawVqe#XhT?jRPR@d3$>nY41=yqtAici z(5YdQ^h_M50g^bFmj^SAlEz3UCnuM^j(ek)x3z7^AcT<)PR1z{TpS!$wLaav@lg?Z zC>s$8$!B)VK~X)c;?7xz$fEo{%IBNL|Z+fXbC{zdXk$>mTrV9z=#@`$hhzT*(ya zdH5bJn{ZAKB?*a2ek4zga2}|`-yoZc5SogfaTfI@l=%MRDbxBvZ0~q&P$HvN-_~53 z&r+R-F1Q7t-AcrN;8pJ4!=t|)<|%ISyjC&W9yhbV3B-yB3JkO!g_wuX%j#NS9wXjKvv_918IJ{=RU+cYa~0iV?Y=pF$np`C-p7JWLn>r`{tn{sz!&b$(PZ1?2Xlfh8gR@7$A+km?#patg$D+1zp_N$u@!l$wRa&`crB_d~l~ zu;DvsA%yHNZtMs8{xbGB;=m1)lb@Sze+ERyXo*`=7!NP?f<;KT=wXphn|iKszaQT8 zo$X+o{ucZX<8EFKKuH}$9#~#)pV%-@fi$m#NOf@r?ZlY$3z_~mFT;-T_ZK>xlx9{wBnPZEhgFMN6$_d>s(yQ zgzvW*Iy%I_IhAzUmVg8f=o&WlA_L=z_>;4?yX2}lIT?(?$^2{h*oK%`L;&8dVX5AA zk3y0I8rmD#o=>QanAKK7*FNL$Uu<*b22NZAHR-NQe9jrKf}xbG$M+sCXRdDA8b5U3 zkc6S$I1-r6xQ|Wjw6=n2Sa4WQ-vky#mi#jKGi0^mb<=zGjQ5L=AFqJ*qEqr*^y7%J zjSc1PQx;-dEsx8F-K8dvkhl^Cg@nUB-CFOI-H)kA*wmGMG^6pE&%SB7txVb&6{T=Z zmRK|a8%rUP+ePccUT1$S`%=BR1L1qr*glOgNUgyiXnPD^b}1}&Sz@^KP<2k@4sH3?Qz?XnpGtA`Hp56?`h)5RtP*@fnYg`yhUDI{Ca)5r(sQ&&&gW!GH-z}dBRA<>8GqsQC>c@x@KQ`#POzv{Z#T1lX>&!~nK+)ewlpEzlJOw2 zl%9K^O(MKJ&fV`@np}iQcnT%qQ{d2WwS6!E#`)FJ90<}a1;=np>m>bwGCR zW*5%Ko|R>z*LFEK)-C?C)$-bTdgx$fWw`j=a``3MR-sbcD$GGWU9@9wx|HO}8eWiH z9D}K4OnN2myysmm-kwIW!9!WBGj|R7vu6dPW@=2&@b0Y)2Y%rV>D7>M zg*;`w*?3U}z|9m7OgCxwP2@e;8A_+G@_2t0uy*ugV?~Pibm;Pw?h>sj1lcjlE;lQh zeJPe?)NK7-tdu7yDT#rJS)yOn-|&I4Mv4KwP9z5cQ+XhpPm7E!x7@l^Wr!FjD4H%- zFZKMv{zb{-8Ts|O>`2<4reECE&1Bd2zkmPMpP4G%ReXkpY(lb3{;=5Kla^a>6mgecT32_Q|Mud!x7WN;SKxXknfshPY52)kbKQ9 z2WeqfZ>y{>CB<{6@;49G)>`*_iQcjkeg6DJiOem%OJI}FIMa`Y*XM9&b`omP95`); z78|T&5SY#VQ7DWFLK7^)>*pk0h3^74ZRn8UHVwrv-q^2A&FWDg@ruO{Wh&Zuhd?yKXz_~A-R@VUf>xq+E2vHK(P|@e z0mANFIA)_Q4!0Juo<*8$)3qk!DRXu9WOduU-J_%I{OGlZQw{eC;|zEhsJ=t`O+Ng4 zA>ASmAD7x@`&=shCHT1L|GAE9l zzpi<`K#h8Pai{^z;QY612YY!S#C4B}e>j~t*Dkz3Cu_eNF_Wd41}0D4kx|nv@Q9c0 zkL9gCe7LPePV?lvT!^AXbKd=Yt&um5M=99OkIFcis!)o7OEzETQisrJcqO`od<2T= zIBoWQ%pMd22rux<(%|b z5iHj6pNL!MqjkQ+CdwDm(rw#he;Re6m!Q~(^CjLyqWQg^#Yt%ndn1YtD^tk0$E6no z3rn_w!-LnYbFSLMrPKQ~``g5KRnry%0^w_|59UDzWk(Yk7m-ed;w z-_k_%MBOKmAPD;0Kc#ynf$&%`;Z}Vvemdv~Z}D%(hys-T`%AnhSi3wd z6=o~gNFe0e;&SB%;_CtUH&u2qDtIJuwvp5*savfIA&;~py8lY*7W6SB#1${-nA4)o zSlRb?CI3065zU?EBJkyoeq1!{hR-B+T@jE7H_5D5CW5|;I#V#7^2Z%!#?Tx3l7Rj; z2~2kgDBhwN)JAc^`T|SeN7*VQbXJ_=)8o*Aj7F8rR7!qNzK))0mbQqFT7O4avjIh| z>g7Lj&$o-VCp$ghbKlnk6G6e7)6I|Bu9 z%~JKCOdx@({VlbU{ZZZ zL6{R21wJBvonWOA_SIfeUva0@tokLv(bBDB&%_4vbg=m-8+mti8H`hwUiOU)(gp9@ zyFHzmB{-7yHwk$Kj|5y|IVv^y6PsvqVtIdvFG~k4BWdeseivJ6aucoUBg-ALC!t?p zX!wO>R0$y<6r?cpy5lut^y6s8>3+Uwn1-E9zSu|B*Ya%kQJ~Tb14hOSili(z&|t{} zqAYLA9O@x`cf>M^F)WkBGKu{vHPP%^xc~9D$k$UZe#z=4qegCIzsx$%5TZRdSCi;k z3m}k-{pXO_pLSK~)ZFWT(5@|dL~2SL(3{g4wr&M zu%scH41=Z*3xha?Uy{RDx2PopPAFac|(0=xg4#pu- zlP&aYaM8!cJjo0bv%zjKre6IXXubr$_2;n2 zgm;n2jM{|&Wzqg0%6(5#)EOoF00HE=e|i@q=@6&IM7CG2;!zt9C;!clx;mxX@DwTU zH$B=xkU4uIW@Ee>PPsT#6HHRJoT|ow;V88JS`jq!lU>Ke01=*&hs&hv1&{OHu@>n@ ziVyEJIV=j7>EerDIHKZ_HWjDfBKdsPdpP)gy#Uh7QzZc#ur#d$;#kILu^BWa#TW=% zew?uY$y<>|2efEDgni;Wc7`L9FHO2}vh>Fqd#msAvo`c#=@RS9eDUkqvx0ke zULCFR~pAj9g(W2+RH8eD_(bWO+ zhchg!`co2Ze5E*t#Zc9q`HqRr{Xr-yFFp!X5k}Sdn$CJis*?Nc6?8qS{|i;A3`QT^4 zCoCc_vvoOqZ6lG4m*FGCVuSsaHY>n#uy^TC*&Ub{cq zPn0S$&|U!EFMw6kId%fD9(uoUXM|8Q+LTvBxKJ~`xD*-ucO#3$3c&|08_H}!ge+{n zcM$_(OXeEA&Jy>P7wk@AX-HM;*AZH^1h1TWzlQy`Hp5fpBu5UiCyXX3G2G%J%;@ z*p%VW#$ZV5?WrqBg89yb#4!*%2xQGICRFx6PSiSZd<1lDPzcZyQCngB{?CRaB_(#% zsjQbtYZ6Om-=>M9pO>t>;#&ZdqV+{%v>Z_GN`Ry*`TCxK;U&@LfDBVM?g@E0a+)Nd zM`gzor~1ZpAotYuxrEXz^I|n0V3_U1eQ?`kcq7;MYEJ5rc3#2?lB&JS=zJ*&^)hc@ zvOnI)SW0@kzs#FgGpXh?uZc~=+i6<3q90><2K)JsM^SNAz<|s#<}E15)w4teQ+o!a zm;WCSQPgWTZeKB!Vi!Z|+9EGHhu1JNJim5-2I6Z8iTiyC3Jl03QTo|k{EJJH53q^8 zl4xq0lHuntEUIHsjoI`R`5x3Kp|FMfePe%}&-~#51U1$ zTF?G@Lz&>${K=y)n^>kX;OQ-Kpn^0U6tn-AFp}ft&Ax({XmQ=sDmTB^mS1*0p%6q3 zvk0i&q?2CdOm-{9Z2a&MS43j56y#n9i+y2YkWHNZ8?V)yHMKg|Rkk*nu?CB?cgAhom2rj&GzDhUG zAM>)oduIbMKXhvca{aVl9qZ82g#Y^oS9ZoU3G5qzn6n-%)eVo07V8Q~ANTfeFvqcb zbcW>ClqvJM;-lEag=SMFxb3vGZ}7tMwMAn1NfbuD_y|Ue85_Hwia#Z-ZfDjF=7WaT z$@Jts^cI3TCsk)ZI4z9jc78S@Oq-n;(fJPU{;nCcv__JZ5K|+3K?iRpmf`o%K1}fA z?EpcxAItyiWO1ZIng+8SLnj{sO^RHAU>x=aHq)F6rGjN{RcCi0V!$}%X^5bG5s&{s zB|gJF$j?d~N!w?i$iwDwa_0szT7b_nmO)~dp;Jt^7F78O3h_2U&d8vqprF8STWuKd za-~O0#!YQUv%O?KK~Cr~ac;zUPQ5I9;Co<*lO zIdZiVPcXZm$`os?is0a#93K<9LTMc;${s^G;xJ&p!lgtZwv`<8kU+XYp* zlf8l&hWOlM$aeBy+=C{e*DU@9O1>|Yl_?`A*9^1lq2UKZ$-pSdh)f~2aSc;sZ1FS2+m zbQ&J2Er`qA#(NBe8Yl8K%-5U5Ghfk|(`f|*6>w8kp3;md0+{j#Gc9KzP`@`_fV}Jm zS?`MIlSrNkSfV2Y2gNxJ(I6ij; zc6CX(_g5JA0#M7=*4A{hn*&M7HzZaR6z8ManLL+al1ZjE9xGc^MzNdA}v#Uj;gw-v_H=4t`8C8*pF z4HX`scL|dwiLg~42)?NGI+viykW?h15_DMVQsCmNg#6f5deJ> zxe9%RP2(UFI2tP`it%N0rRrzk-Hv&-R*sM6=1E9Od7qBfV>nsX+K`J9q|@DZ&x>z) z3(J>H&s}LJQd)G0c+c0GYrh1%tKUCxc06KWYI%w&0D8k`6^5_NRg#mRpMSE}Gf`;J z-~dp}seIiIf0rg;%$lJ6Z@>}rud{yxHX%#YdcVn>=%5{kn#f&mcTng=x=|UeC7CfHj7PuU^<~Mo`Kgr+QF2Z#AI;We4EE9dceYj9;7g_Ckg`*dp)OL~f zzMm&hjoB}rXJoD6!>`b){*sy^^Pe(tyLDYmL%dMBj_1+MK{4`QSjnK5a#YUb)N`g( z382{FfT8NXf;D<(Ky*7TZg}Zq<8^9}bf>9yK}*{#FP%hA81hldnCHVX-n zk;lu3`)vI-GHc^1$cYjNR@Ho@w$Y9gA>%1@zu3)FN^AAHy{xxeyF8fNIy^jlQv~Yj zb*jyjTRpGAtgSPF$BFr4Xtze2xB;fyKVZfzXsL_1-U93(&#MKOOH=E6ff?=R0DAIw zkY{Nf4z*eBl1&>W{vaVLe-E_lQ>t+8M*WVQHIm9A|(K40023JuP7)2h_LrsutF!A(~jvywW z0=0sw3_kBoTAbFT-oI}aeyd!fk;donWh7m!k|lzK>)&$(;FG)G@y3!M9Rn&1So7W& zlbYaWDu$ArX24vvU+u#7BeV>oS4iXpyqGi}M1qc6?OlT%VtQ%)q@U-&C+5p=V#9Vo z8aX!wct0Nul*u~A8N>jlsZ1vajKS-RyGc#M?%v+po11V-k;P3%hMcOYAGHGlE{80J zt)2jWpi^=Q_8z8KEEE)(Cm)^wT|^kgyTvm5*qS2E!FcYCktiZ0t4h-a)kldQas?_m zSNlRw$Z_hWJ0g<%`;;%6h;DntW zALpy&1jkI7l@+kSv!v&oO_P{d)$*5n!CN}%B@(L#8*hR7E+{zF$$PV?H;|s*yVm2q zys|~$iTZplr5gGV18fB`{n;0yDN_n6v&j}E;+~KM?KnaiGr+2IoNH*1}&#!XC> z=?1Aq=)J|{Wtn!-<&U$iL~hHkDQE_Gva>tVAnSz9bM8^9cNTK8cahp{DECvkTCvJKTV8VCfNJpfd^sQm1OTeOoMLD++ z2rkR%R@)W5@h^ksU(I=kMvZ&o*fryj!brFt;k(nGf}?qCoS_3?kr=3)_Fh+Vo6ias z1OYker293;&Ca-yzkwmxdQucU5O;1qJ`Z5~o+vYX0Dw4fpzBtA25K325>G5iq{(%R zlJL${Nm9!cW9&la=${JX+w&b7I0u)1I9QGEuPdd9q{1j}6(58-Ah#b`selB3EGOhe zcq;GO$_jQm1Qw0bk?ulf2&dTkKa1!sc)Qwh!)YRvFJGFS+}5(3A1?X$(xRfFV&EB^ zFYrV~Jq9Ay*nKx9ex0kQD0)D<-g99IhnCqoj6Y+Fbm{W=KLVbua6h*eL29rBQf-!~ z%axW|EBDifnM$5gF>12=ZVo0Xr3zjzws?SDb)m{s3DECSm_KJR`hr)2j)_@j*p>>? zy$&tz7n~%6Kh8`or%QZ{9u_bC$V+I1!8K37HRXMDGsbtCPdCUBhk;Ap`m;bG%rVo( zPM41tp4bD95<}ac#i7_;R<9}|l+(Z0B7y8y>0lDl{>;sEYKae>Wz~1iuM}^-_6hhL z&OuE!Vrd)P&Yppp!KllfHW&bpb7E4h^_8vdYWBT&X{O7%IsEKshvnCRy}&zUDaMrO z4mK%2Nsb$X=s}ZeoV1h~lNQ^RQd(IA;+cw&$}%!`Bvqa)NA%MdyfO8j*R2LN`Ko!J z3*QlLf!M9GFS%T9v#d5pp$@)ZV=^gSl{%CbI^a#_H|EItskf>a`WPiV0G1t}G0v1g z_jnEk7HkmrS7aw9^uJal86Mtaql3-OwY94A=_Mb;PQbO{AUXg3!pc!N79KXX&tNv=dThMv)6__LN;(PTwM z#gyU3a9Z1!!9>77+y=2YKm#h&DA`>v2F#YhL@pdraKhAnU9gA=?=T9C2*Ja{!zS?2 z$oZ_&L&9VJKFtlyVKbJ21|?NoODn&wu1+y83lqwyN>5AMWnW6g>rJ9kG?{!YW>})J zH#qv_6%CDMiH;Mn7H_YPPy-_(>O`XA=r}pM=H}+$@bT4mIarX`GpVqo$o1h}#}0O+ zFe!3UQhBWR;^Kfvrjg;vp)ILshnM9oYY|&m>yrZPE!wVL)px4^=!h=%S~WKm3e_|- zBe5_7_(jb!1E=lXREwDcDe#8bEb?fCU9uSgp5*O*B%W<%ds|hiNqLD|XjmF$9$Jn30i$N>y7s1?N=q zm`~BgXsO74cfN0FX%U)_G4UmQ%D7+Ud3^*)1?bwU4Tk8z~`y^-2G@P_)py~z=MK4P+7M*=5QVmJxg>SN_EQ+BA5i8 zX9riZrM755KaTV4)OmWx3=gpJ=s7vjG**JD(BHS81yfcNO$*Mr*S+2P+THI1cAmSI zxjI2XAr~?c*22jN119;g^zZ{Nodfs_6}UW71j=rYJ8xKZeqoe5A52abmF>^w z+G%z8UWXL;1U{%K}y71vs~5x@iEme`79`3I; zn~t16$c!A#I^FC}Vgf?Cg<6heh|U!D?!`|f5q)5b4aTwF(}`l>y02X=l>qnNweE1R zn6AoAsbqMH@59b}DBHqZ-O>Esv|Wuw?B0|@K{enhr3kv+@6RNqdGmkgA(hC=G&q=d zyIE{uu&61Nhf1jz{$l$`HSCAF#e!kR@GkO~dqVdl)FA`P$e{D1r#3DWE=#)Cp~o4s zUk|0ezQNYAW=&$XC8P4^b*cuX|EhKF0nwvxr4=cB{Qnz|?U6y`j*o;Hg9d93kq4&| zluZ`_kX{`}=j?{1o-4nFe>{4|@4ZTEx;RhJ4kkTVYR_N1uxueulgr_FdEV8J1# zQ^g^~!ovUOZ{1F5-PWYr0n3q9zwsQHo2BYSQ{d=MA>%U}p$hQhMVfE%n1;idBLbRK z2G$s4Pca4F|2j^r#D!T@xl&Rdfhx4We_cy7aF$Qjdcl|OFb9sB?SrKN4oP5~8`N6O z0CQ4+?+>v10KE0Yu0kh;)C+QPa>A&UKN6M2fDC+Bb`MKU8q&R&)ae^FkKf02*r7>0 zcZ;X(mH5$pS!I7OkMLWU+RTlq?O5hxFytbTUl=eeo>%E8zAoLZt*S1mbr zOxa?pxWV)Kv^RqC>S(DA{PtYhCNjnkZonypJOz(a5WueofGs{Dj+|Gz+Y<%jP($yT zY*`{DrD5O{n-3%=Th(lX|2 zZG7;yq8Axv{C#?f12s&p$F<7(hgMkr5FcWg8mY{%#X@6nc(cf**UR<1-7l9_H#ZS$ zm`G=ZKBn61_TW1jUGjN@1NC>p>5^fjuZy9t4TUMw=AoyXgMs!Nr#L7Ka3oAc4CFu> z<}rT{Ww+CON?}*A7HxEV_(MH}0~X8l?1So$Ht!Mpjrr2tq7~ z`HC4s0cGI+&Ni!uPUJ3sB`4$)k?`VVhL>B~@5A13L7mF=rRy`@kXIsBf2K4_`X@?s z)uPv1y&gWuyt%o4_Ea(_|I??pYrRL_4_*)2Rf&f6g!J&ri`K;GP-D;|}` zJYO}9jNB+GU62G^Qok zHh66u7@F0~4vW@n))M1q(#hI?Co2l+MzdOQ#Kk=a2 z>2nY-XAFo!W;)P%sI7?J|F6C@FY9I7HbRm^F@^VJuaZtVDoQ6zDn|ub(YL#aZy*JoR!qjDCNEOqANU%;_!-hbWbv^P}-Jk^^Ea71R=uKYIVcL5kV z5Iezn^hl@NNDMINu>4d8hE1h`dTH0>9B5WqDQe=FGD#gqd#813EYu6t%mIRQbaeEe zjoj>d(sb0CB#iz0_itb-++OTyW=aGBb}YY0{M6k5@i-953ghAH-1ZidOjZPmiL!gzfDrIh zO6ZF8K~s)L&xBL>Sa00cW0uoJ5L&TgHIJUN{KI(v(*xD>?zt<*v@$3rYXSZ(1d=V4 zrCgvEtuCkocao2NU2z!^i$s<6Wl(1WuK9O=+?+l0m3S&ziEc|U&sK7)O26;m4~RCu z+i4fb)`2J9btI{gL)Wepyw01g1}Roj0H=1pu#mqCJ5$|0 ztm$$8l8-*mn*>ckIW1>S|7Q3P>eR?_k*8`-Deo_Mv?-=!1_jZ}Mg#JXeU)^C91<>u z`Oesx_3YhfE{Lyd=w+Jn-5pPr$XKw12aOVtoKMHG@*vMQ6DwDIMn($27up{8py_42 zcykr<|MB$}P*tv5+wfAcN$HSOI;6X$OIlj#lt18CU(Rwbzxb@j)kXaH_b@iAQ}_0d7TZ%n=|S*X zxn#FA$O0}eW!BbPL*CzhC@-H>8TOt2B$oN8o8vLBTEFRgw}X%%a;EM_Z);5l)@YOo z)C*oVj&T;J>b;c+O9w(7x0lDSG~tm#xfMNcPrILS)qn_9*W@Q~FbouENF`K0x)6$i zSaN@{Gn7t+`bD;^lG3d^D(fTN3OSfEvAx}UKUzeSYf(BNnsMvGn*6@pXFXJ9e>+q> zSFa(CdY3X1iIi>M)zVTVo<$6SO!TX5w!xSB!BQ9Yf~&4H@n1+E1B0<;Ufg1n*g19F z$dLH_=1s!y)`vDoik}7&ulUYeSMryC>e}u!a=Y&%vH0b zpPrvf-$X~!E#|Cdx%JI~ty>_*Y}2T-`fJtaU8h9Vw&=9Tbp!xn>*SfhNYh@Lz9 znX=^Lza%9Gx3bsHFb2r+g$IqJ8DnDqE5*_FX*Ia*V?AC1J=vB+JZToOjW9*B!V-gY zX9{v*y;_$6up0o_rSiEBzItXuRAJcps7`kl{u02v!GL+lYaog)hH4HBnf&_xlUy~@ z-IRBvHVxTuF8o5fS+_{CBp_ zf~vi#SicooN+YtQ6+_ggs~sWu)B_ZtbQBRf(_dyW=6m}gqejV(=#oiO!#&rdEvbot zwrBRsvg>raeAh<+tSRuSUKgj*5mAF>rk^e@E}XZf%yb0J1}k8EKd1E!^1XZakdZCn zy@iB)0x>*cv1Vjc+A;!)=lWDzJz{UGDhjn29x1Qrh!COpC*ne z*bc6b50R0l0LBMEZ*Yttxs-gJc5^7F4`Mf%vu-ekhRCo2r5CBrwp*3}@zYXVyhn-X5tdraKA8`pQg3B1~ZSphv4Tm&#`-$NEXD9A%8G!0ushB9mUpu{uN`I83@7 zrfl)>?SD0FTV{x>Qc&of9xvWP$2qJ82q@KKu)_1~GyqMHC0>?DxMQe;kdv6hO4GCL zgEJqW!)VXUvIqcNtnrx-up@R0l3$dpDrL1OKcQH-F`)hU4!a?A@=S zqnE}KQ)8N#8buSS;~Mj1{8bbtie0)e z2Z51P*I@qjC|dBhMI_!3i$I3*=fF)PCRBXk8YZuHw7~7NnyEbzygJ{*VPlnw2sQ3R z79Tfsb9Z|oO;C4x0$;9VhLnoHuuhR9zN9+C2p53BHxN27_SAMhSr5f09e2Mt9br^% zn_tgY5S%V`JBZk>w||=Kb#ck(w*NN>Qy7zKE7GXS^K1la2by)Ky9F8nMj8UHEXT>t ze^cqg?6C1m$9Y>^r-4|&@y}a>cH*PW8XCEA0Q~BX$~8>Vq#~C%-%yWd z-0djgd)+(}O~=$(;&J9=DAf2MQYymeWU4A>yY_qQTf>;ictz9)UL#d|)n`Yk-6iLf z*0|XUf~MRB@ZhnGewzM6%RSyXw_}Z5hqBjE2+pf*7Y=^CynvQiLbhXevZhy__o<{D zSHEUEZ9Y}bA$~?+b=Qc>q_gCF-%Lr(NaJ$1o88tnXf#JctnTzrz9U3z6;g+Z)*O5u zc-0;!Mg9G`b8|ZoEKk**9M^1fj1%DyU+Q;7Wl=^xksACN-%TQjDw7wgp|?8M1Vu)w zrIQdQH9@y16*Jh%0Y*|fE1Ad9bD~sFA*D7YF1Nv9ZL8F*;m^SxjTn?W3mfBf$rXP# zlHWcX6h@7I+aJ#wa--+pwd+NK+{hC8x81usZeU!E;mNFL_{J1mPxsBh)k765-V1GZp`*1^Ztoc(3X-w=SrbkAJy^PuA4wiP5n4_X&Ei7 z5Iig3_VGO1ny$o9%;{C?{_FRk%IcR*&t*${m>%U5JctN3l6m{w50nP_Nce*};ti|u zNy(_y8Lu)V21-8UtEcwFeX`VRI(9L5(Vq{-AeJuns_7jruhZ1Y>{Wv0tXF{eHyeJ! zk`G!H3aNa{RYuK7{^<A0tXL#f0LAOPQh%w7(a0Z)hPA<=>?--oD2+XGj`JdM z;uQUr`1A9&$~hcc0~GNZqw@h^_;2(V>5PNdu$pkFlOxnaa9WE;F(fLWM{#I=7P*A; zK06Y`;~tzX;U!r*-0XPtl+Tgpn|2it-Sy0VeXR@&JL^frI9SJ(QReXV)%|mjU1Eey zu^dW>Vbr~hDb~AtN64~3fa~~aXg68+&Y=?thh<_-jd`Qbmt~O`(bNLpdY~ zJY}|ZZmp{UZgm4nr9Fw(Yij$o2Bj*>(PS6k^DYHrW=lr#hB%H0(^X(G@sa|A7B>_*3ld{Cn~k8^f{iQ+z+CE z(WspD=pk+|%$bjVfF11aS|#X7ARNYLzr5TTIhMd#jF0|e5706uy*7l)?vv*BcBj40 zC`Lmz0tSf`Zu{?Uj(SZVW3H!c={ED{G1ed=OZn|#sjx#P{PJW@m^##OGid{EeC9n7 z3#{q-56}1ACmx<;`JADwHLQ;dl(KQpUN^sY(B6XLlCM>NQcg8UG4A5-f?S4-*m&()EMV1*Z>B`YD8CTUxP_s z-LIFPljRJSCANFnC2wC>*`1J6Echb>69ZoTS=1t%hOjTC^}$VC%nbEBmt^_UjSy2; z(OF#j)flE!oW>F(+-irs{$f2<3o5{w1)xRer|)em`qYgHN9WFny}gx+FE7Z}a(V`{ z_K3N5(v))^fJfMzbhcjVdIOs+-saF?)8V|VJC&ZTSAB#j2l>oy3)=c5)~rAt#7slk zkCT`)G{8=b75QDAtb{@`l;fr*t>JmWGt(j}GYjhCe08~Z>ux!%(vPOTQiw~GVi%kJ z_UhcQfdhhqP)K>sVXceV2zPsNL3ex-U1`74>G#k%k)zPqGZ+PxNhSBi44pdhaFNdZ zK*rbZ*zHi_WEC@bnI?%wsVVryA~tiC)>qH0CY?$|?`91a>3I)VI}*fDGvk^0K_;=* zUgEn8t9^=yHo9J~NpgpTB+YAdePH{Zg$g3}7Yg;YUKczyD&64;rHo?b6)l`Jif!d| z>%%O0tt|g${*KFUx*e21=H6XiyLS_p#QNSnYPl;1XLT^;Gv$R$7xs-l<`A5=_*-Ek z73tRLdwKamY`WZYuiET2go{2tgNYo|aV%N3O}^D~iA4$t!yVH)x6?%YZl-#B?YEQg z{t9>wQLC?}Wp`9(g_$x_sJP1|p8yL>k;jRLS(i9~WYV#R50JHaJzRQTx0uh=;tzZl zbxjcPyfwGn^JLuyBrDbH)Oo&HnQdjePQ6B*sew+tS+i8qjzQ3i&vf~xw+gLSe_Dea z<^9GVK`3YYd4m3BMXhKLl@d1CMRBn2?ivHAt&`O1r$kz9&Hdg5FvO zngaD=IkDi%FoLDoOsV^czbC1lcAL)B4hN8Ixt_3mlf^F%!X#w3(qtL=uGB@_j!}KE zUZ^EZ$Z<|_?;I9N$lXGB+?s+-O|&s=sRE&}j0E8WX{B6TzYLaNT-Rq3P+HUI8WcVn=V5%o&s?{(`9ZJ>*>KS)a)c^@iLO!RLL+!^rr}P|BL)<}((wfA>b5^{I=! z@tf#)u1K#@vM52~sZy-VKc?^#ola?4Bcp_KiT-IEPJN((&q>LF!CLWik<)Wi2JDq?^IRNYua#0veo39?P>Q}p1|ja zyW0(9gdEz5oW;?kHW5#lbUn5v%63w{Q9aJgFSn+tR(hw`#)`$>Fm(Vr`FD?QZACr! zfKuFeZhigX@{J3p>xB*(1J`TK0JhwmC<{@&N1=5O4XuxRbY<%01M^a&QLTR?eDCHT zh-Wx#Y92!k1czxW&fd;(wg1*f3T9@vLbXaac0fl14BAIM>DC)0Kiz!&I>+9fCWS93 zFf`O;)I{8PPjBMoyj8nfju|ARP`zb08#Dy+2LfnT%&!`K0RKn9do~A4%buNSo}Qg) zB{6P>Re4`sg7YL~Go4$+!~Ir|eqj%R6mUP*ptxv~>M1UGa(T857%Lpl)g;XZFA)~j zKKu=**A60HX zzH-q3_P1{>)C;Tm9L*Pud!*~4A5~VFJ;2(Ll^tIBqeR5(l;wVuT_DQLk{nz|slLIk zVZ5km4*5xq(!6{I4hW z*ZV4ilqlRhoC&pc1}F_2#W8O}ox3wliz>F}0mP6Lz#Luj~Ue_X~vi5h?u4JP1o%4&4K}h ziHrd>fac87sTJIN_>h$#^oQ4iKbFl)LXNQnU@XQkXaSXy7-);2OP?qtcx1bl>Cetf zVOl;c3?w5XgL6z^F_M;kDyNrX1!BBrasQBJGPb#XMB`aJw4K_hn~s+(0X}61@&5bw z?}22MS+h2gzp%Xxy5%J(*Z_O)N}+(^IIYu^ZI!9u9Kg>wQojewpWx|Xa1VTwpUJ$O z)1Fk*uK(GIe(ebV;xt;`ux9WL-(MF2rp(dCcqG_ukPoFS=>fD6bM{ce@Ihw4(13mg zyIgvQXkMf>0$4Ygz;B*U{=TC`R`4^;_H+$rRup{sYl>VFFebq@v&Hy&@}P#zyUr~C z;V`;_1$^+(4vQV1w(HM&BS;brHf*nt$9$?13V078oA2{`hzn}Kk(FuLThbSnlVkGk z4hp&BNp#R}VhY?)={3pwud0bf)yHq8dgOBnfzG7LQ#WjOoEa1^kK% zSvi6C@j4tgf#sPt7bbVkcuLjVXJ@Zq?WGme+uRT7LwT>I?7uXg2CAD-l+5d*dAcq= zE9IPW4PSgxyLs~_oZSBM8u+JJpxqfB#NTF*{9eVX%7q88gUJT{K zYOOoV+!?0=gy`2t`$_8At$lA_*!^hz>+5H+5S&B~E7&_paPd{I!3%)NvL9w;g2rth z@IlKh2Qz~r4G+BY4dOaRI+h%>AI+UL$JCHuuGs9K9ze~mM5yN z=}YJ8l(kVb?C(jlp*0QMNaLSz1E3V^)GI}$%!zh4Rwv5xrL(TBQbIKxI?T+>eL+S- zk_ss8+3_(J{mW-rJRU8t`is`L^uuJ>m!MEosMk;regpVFQZz>DryoPC{?(sIbxqxa zTF`zSeK%zM6R@;&Qu7x*W18di&6ibnS;fWMQ1%5&n{;3#=(c~ox9H;h92kv|atLzA zUo!s_t#ycngSEU>S!GL{|4^LcH*7C@7Jl#DCq=wauy~yQ0Rh)6jslMB9~M3_zD&9w zX*|`C*frV(^ZW2P^lO{aiYL79ATCbi5U`>!btw26+rx112pLsaX<2%1wj!IZz!k< zy6n7C!-nT>a^Vg92m~(M^o9m+ph%4tXc+8S85%Ca1wjEC9^lo56%^)}bZaGNVI8R* zn2vo<7Z*TZ>a~DI3RF?Rr~9J2vmAnae0=`jtnF@QIPwkHD4Qi6?T?HP+f3JP6b051u)!zL4SP`jCr`jm-{X*A-0% z3s<)wx;q@Vd70Jw@Qrc>+y?NgSDO8BcZ<~}!5HcKuyo6Rxn-40tIw(sL+O%BxBI&*d7 zGnsLn-S+ypmRxakkO&98gVo;N4iYyxJ|3@+1muCw`T4xBn~|Vij~XCa8rr@9r)a&< z7K)0B`smT4uC6Ws6U9wZZ^x5Svp3%oD_DFpA{twTS(IGe1AGSf=AyHk8ymwTBXSA~ z+e-C21)tRJjvV?+fsybz$_i1diOabwoG+Ite|K;2P`Y#ao$Rbio!y^{m(z% zLPt7T%Sk05B%~lGhw-P^OJ%2OU>hw4E^b&z$Qf7%fc@d$s-q~$$o_)p0pO*kqT-Mz zUm5%mmk}l`1q1}N|M&q*Rjht}CF9^Y1gQWZwdGVB+%^~#_`VrKYhZJ*^kRNNY$%p| zOqKAjgLhkaQGA!^$CToL{D3hbVPbABb*ZS5(jctxEiEgnp}#e+K>;T(M2m(*run{I z?nNmq9Y)&q6b&Hr5h8^@!abbgTP*_~7r>sn&ts^ZRjE)T#BrFHh!;`A2PT)>% zARypb5@dY^ygFK1T7(Z&cX+tD$?gpnD*G~z7U_g^F+Y1oO-+qJ3=a>hsHkvpaRr8i zfE>EIxXk&(-F?P|vOEtML{-)3f&%)yTt*7fR=xQ(sN#nD``^L2OB^PVF(ApRtE~-T z^%HXPW?+yzI7CE5dx3witJc;Z$naDKqM zK5;iRdK?*fdDP_R6iRAplvGqyWMpsaRg{$Uzr7U6jE;)x=Ig%mb zmORqM<8d&RkdUyq--C#-;Rz-3os6m~d~7aABj)B_Nl3KM&CLN{c;2mKd;=B;03k7r z(6yqx{K2CUBg5Qd8D=$8B27(A$%RJ!Z*Up?uKZXO6cob7_a2zVepD_d2ZV_K=I-t; zkd=9DfB(3=ID>$<-fl_yw~(2c8ESyCmR87_J3G8UI&??q(+t<}y0A;5mZs)=i|v>m z2cGHXW^x`LO%06`cqzzEj?$fJ+VbUPW2Lv+jOs4q$_*Dmw(DvbmmxbYwN$pYM=dQw z%F5%as%!*u#=pM)jil-;Elm=zU-mw2AOX=lp}#f|EBF7Y<*6tuV-BvI#U)a>oj&g4 zZmv?nW4;#Oed5K%Mff%eiHUcS@q|v_7#SH^SmXn<0Fn0f>kD07Vow=a*$-R~=_x2c zeOu;je*E}B{RJ~Uy`~l-M!5G?6`DL(1Ofx&)0>OD`nPYJK+@4j1R#1_6b(TA+t9jX z2ddxm^CuKTKc}a&fL$cBtNwu8YN!~5?M)Qe(cRtM)di>hLW4@4RyusaSAX&y%^id+ zz^V{w!DfY`q9Sv1^UAVG1OlFpo4e}k*Jo3~j{kFz7<5%y2mMBkeiqwBJ+PwmVzXlQ z!-o$~o<3DoRn3bMb`A+uc?GYJMSI_uA4(i_$eEU#_G+@)QDb}NFDDKz4*VxRRbR;N zb$%&$iO24??|iOzz0iH1%LdIg&=uhW9JH*gtg`a*^3u{57+#R) zq@|_7XXsQr+^-OJ0u|EGhz|+r28+z3T}i4fAN%QZ96i}LD01V3v^KZixYfOuDHSRH zk*Eq1-Gqb$c({%Z$zZb9C->~MUsyKqwc>#(hkC8y_i-St;9_Df{B?Q!_;FiXTT@fh zOA><6a@W0O$O~XfNO?s?Y)lNSXJio&&<)4;RifZ~@k4q`jem}GS-ui+%aNI?{O69#Kf^WsFyyYvj=%Rh*wpnZ;lr&iLS4%f!$R3=P4u zAk&ADorWy&L)min&d%O@%P14R2NK2B)73^MCIKHsw1R_!)rxhm1EAH_xR@C6i2zA) zasR}`L|A>An5YHBB-+&Wh5Puv<38({SXhQ2DsSF=Oi>kSCDtcV(y25}3x#ne%q%P- z>Mvh>5^YsZ*L&V6ONqHclh*@GK2A0^2S>-A-d@VGcvA&=`H%Ve`7lAPp+T@g>O4cz z!T^F+NQ1zp0>hEh>>;zpb0*2M1=3K~UJ=@qM`thcRD%!a(tgK=H)B3x9we*mh#W;L zLW@48*R4GU`9b(VRtaQLWC0Gakc+%N;u+BVW5-3r%F1eDVnQ5t7x9dpT?`E;W55*B zKX`f;W@ZhDs;*bHLP5&`Fu+7$8y4s1Cq_j0TD3{%3@Ie@L`OuV=j1q_AKUWs)-aCT zR}{v$fB!xwCnqm2FJ)wv*M%F|@(lzIqjrb>Hz;uJ3}G?L%E>V>Fhoa3gI<9cdmU}* zY!pJL1FY)l=to2R28x&R(A{fpVF5;fo`C`L z(IXxnp4|6Xk)$2A!rv}-u?)b?8yXuY#KpbT(n^evkB^H>+pLTp1EB{cx!mg$ge2ta ztEQXm?Ckvf{Qs@^KJVgq=O=0`SVP6XmzUQAOaUp2-%+OBcI3Yt_qEb9fzmJhXnMy! zGSYnZm5%Nrj0j^UCo9XKD~c5xTdujLP{*B#sd!lixwlK-!nDJ|IWV-R?8}#!zM;VC zHp7%QFWrW%__gD{K=Ii6;Zcryw`gv&2y-n$fKq1KSI%eZa2I|n^*g)rJ>h^H^^(s0 zQ2RrecL-tkyn~Bt@_6+D+u`2)t*RVV)dN0a5E9LB{LG0P2(T6bsJC6+Q|mm>?vK7y z9zrL+^jPWro}A2A@U6Of{&(vc@Cm0Yw(ZQurij(*ey51PvF&cVclMpy}*C>Ugb}m` zn5znksA3AX49`2CD@eVA+Z-Gnb%Mwc^6rQU*-{fget<$^X=Mf9io^KM8!R(WKEt#t z`BZ`AQomJ#frm<)T#^g2rC((ff;@AFY2hP|)MLFAY3zbs+r?5!y=**le^Bx8OmufY z6h?P;J_0psX{Q8}{ECRX@~&|BRFZSEcW=t&Ekyr7ldvE+9fV&rG)=3X_rYj^?>U!l zhIZEm5SV@C8?oJW4r>wd@%YFzNHY#!MRH%Um_>YyP>K~auC8ug%FK-FNpKW)N%i-4 z;;$3rPU`I|FVD&nRX<`2898PUecoEuH`kpZ+?6GBw6`mbfmG$fd^(a(kD5clTjR1m z+Bh*GjwDP@o}yQaH~s5ZM5OY@l4EsxdW^TFm)Cd-KW=X8la(Jq=wy#2%W`tOxm6Omz?(g5e0q9FIYIogiw$cZIw|$lN)YhxyfFMLgM1b4) z%d$K%aq^35zMY*N_}{nnAt^*68=}LyFpBNWd{cb`Cq;u z5GosFhh*f`1oHCo5SVm#hp4D4xJuLFuh7t_si`5~F@V_myas1?Qnr+eiOCv>m8K!Z z#Y}6|gQjT#&K9Poue_b5EZ11{d`q42QIh;r_?{kqR>~jVY?{{7IX!U2mcI<06Qocu zC%ZOvKa;rkAa#SD3o9!t5mb8LYfrnVQ!muNiRkJwPe`1MiV{a4rlxxa zGV{KCe1wg?^w))fVY67*$ZGme*Q-GI%ZOMKO|`a|=*Pa?s+yYYc28!8dgW(Y0*Wy) zSrG_-|Ah~sR5uaQGUE{uw|w6%%+%50Jxgl{=`I+^FglUID5JRd2;&o%b;^7o1`EPR zF~g9SZe2x1JUB3LW4Z<~F5Jz{)JrdNHnyf_{owL)a)glb-ooXALp60ki{BCb|2S$$ zxWE}YIXV3z+J|0Gz$uC|GWLL}ujh4g8$n7z0Vp9CM2h|WFG|DUC!z5_tX)P*>hJ!( zHZ(!_`}^0_)TE>kJB=cJLsP8r^%YT3iSqLk18*M3Y>=A>WR92gqk$L{UvYq=e~J2! z+=_f?Yad+Utx60g3QqZbP9FVXFA7UV-NAvafzc~5=#ZL@PU87Q){YKSu%-}}!OOKzH=f%uczY<}N3n45@tnao^L@(TrJ zbFv)YYAUzE&Cx|xwmxB^U*mh!OnspcmBP0-g@unND->qyCM)#>2dpObLB8Ty?I$OB zA+eqbCET8xYP*GS+6c6;SkSFDq@txQ@pMnhUY1~pk5^?iq17K-C1UpV(WxOG87)6O z>4}LltaVeRrIqgP(${*KdyfSfv9n&RC@!8+S7$O+6?w3#2ywgp?J9raFFN55(pA5k z4GQ}0k8%o%br(%Qr^FEc-c(=Tzo_Vr`TawS z7skeKlaiuJOAY1agGx)Eyd(2>Y`o}F)9fPVeza|7W0Ms3vO&*FqknLa7~Mu)Lc*$_ zG$heih{H_GdBz)s2t6O_Ff*94V+3He<$}oK1_A;nh@4}QglKjD)z_;Yui>-%%6gYY0c^Lh9Tr{vQ9ed-UkS&GbDo&gI)h1)(E-5K`L}PbsmYEs$U9^NyJZ4GxH)%;zLJWnk z5kA?J^0v18ZYYS3j#n9&Lw%{Z4PH7}!ROw@_kXW5`pDjQq;EczA9i086p4gUY8P z1lyN5`XuB4B0yQLm0bz{7(&}UCb4-EUtQ&I0lxz7F%vvjR9SqnkF^qO!}K1>9B|M| zWmB8vpu^n!e7!oi==KHZY^S26jQB_{err=`NpD^^+&m|OX}+08JVm~RB;nH>`lu#%ah9uviOzSHuGKrXYoT3E!FjPY{qVMjuO|K3W*at~{Gbo5OG zH4VzxAi?Igx0a?`czr!2(U~89zA9i1Xes>i)*XsD@O+}*FnN<|yqr{&}T7Pz^x za(5f!KbOHJNKO4Akq%zaQ}5VB{@sjMW{S<%wg?wj{W;%jxhg-}spgQUs!(f7j8GcfC0(`}|T<%jLJ zCm0wWx3(UvT3Wt&6B;onq3G&b#+J|lYKuTDEy*pkb^e|7r+H+E=ZoO3dMgv_k4i+n zyv)(tCjNM3Vy+4Ka@>UMe_e&H|9itbx3icuSfE8iii|8Caw!CYqefob_+DyoS6UjE zmX@gMh@$DkP;q;^(_@nxpFiI}JvBIy)BpDC(WC1(M1T^1iBnuB)r5 z66G(xeXu^&898F}RCu^|$!>rQ;e*S>LM8hmdq_~eGB!pHg+u_$J+^!E#|$lf0Uo6?!Ob&l(>VD_e7c{us??JFgv5<$0{ui=Wy%gd_b zl~snnn)FdPI^q+^At9c5)t=Y6bK~I9Dk=T`^l5u@lbu=27n#?d(rAXy5jWO0)1=+d zxFm=Q{lOrkC?g=>cr2t2uK)2pJfxrwRWy?Sly( zppY9|0uTBBq59beX1RxVp8yjS7&HuH11O-7UUZ)@96L-waI#<^&`lo&hPs+(*w=~<)(=#R}(8kA6 zbFh_WY(n2MHJycaJ)a8DCuVdb#W9<(?z6~>i~nBiRQK}gyMY)S{7t8}%Ee{+w?-U} zC)`PxHc)Loovg!CJL+rf=;)WXZ#$cswvBs~2)JG#qX?7>+Nr52+U$t(=nT(Zp}Nt> zgof6qq&O)nuLogPoE=~$KNB`uQ=+qMWtIjv`WH!rBIB>4qg;;sbk>0BmoG4&B0|hv zK0X}-3u|m}F#Gf8uMTRNuCL)Uc4feRlS;DMCn2&Ok;60%fAw*JPfzF;D^+5I#TG z@4liZt$RQjc@nLb;>F(?Ui|z&5W66g?JU>AFSECLMWs3P+e)Yd%f$OP;j-LVVR!4n z)JF1=fT&Bwu>`Y>deQdk+z0yuxQz&F1Ol+`SBQULd;Y(Fu<5wCE*jrzIPiqFi{88$ zF*rnbbtJf6zuJ9v^i)cUn~`yLWjvA7T3~cgseh2*RtV1EnWCE79Yo^-3)$>VOO|!L zPv-}vS2gul&VX1$`^g4B>*r?sgs7-APr9D6%+sv{?7KFx5?yu1;eg! zaqlv`-N$OUIGhB&OZ|ejbGHla!0`kY78Ya(VUKw^C@KAem3QRNQ*3PTv^2&ojT~Di zPXDxqSl8AfoBYHZlJLZb%<01iLwDYlGnt`CD(lV7oEAI3eTF$Chtz;hLq@G~OW>}2 z{P+b8%AU6P`b=RAL zxB=C(j#*#Q4nXe!th_2FlL2~y}c4p>F zP0e&qsH4t|jso<-3IY0{03dI*u6xE77VA*n1%MYFNu%1q46rVDcXtsH-;4~3JVt=o zbaETFPO<+Dlj%4+J13!UBm^63lcf7SXF}?PmT)^LNTwtP)EV%7-xvTk94J(=ok=Ij+^RFAzy}q&CGHyE? zG+)vx?(O$iN&FXg5osCk-g()nDP8|M?YqlYUX2hNxalpumIsnXHT3knLj?UxI* zs~&k;0O$wIo_xT77#R4W)+{S4i>3+6HTJHks-^~3O?}2~1CdYeG=$jrGZO%bKy_e- z%>T{(lMSM(%1S6WQ{3ACuUlSTPC3}BnDv^hw52Gr1>J!@j5D{Y%Q5TtH)0tw zHuI+DWvb?whcX-h$an7C0YXvkms1zt zFEDN6T~q(qn1oiKCm1gfouLMAZy6aG2dKjIetgWke{cZF+u3}}T_v4NPn&81LOMFS zJMWm`yk%LWO-xpB#gR?O@^CY`xVfbyC1DWP4a5UjLPJlFhYV#JBVpkiaAWY+P-TY7 zc0gIUG5X3Gpm9TkgB)+BxPa8y*eImL6zCavZ?JWnruBHvT=WH-fM^NnG2M;Wq4V=| zC=3HX3O<%BDM+k_V@PSUK61T2On2meF{nlB#o$~BxD4D{v6EA zpQ56OnDvoPcUDN;VRV;{&h&juO6W~aduZ1lN_Yepx<3trVQwQKrHw%y9=J>TEb&m) zZat@EVsdtLY!ySi8}>?XV_f*~hKZDVF7pmxGkAoA8K1xui?!4rqwL*aOlWsKbLQl55Zkm@TAkp`?K+ zDJkI%jD8UJba+4Dx^clzN>1*38A5swF$e4xaD!gw$IPefToV$2XL;ZI7FJSX2bT$k z15m072~p7nsOLdJMoLNwYRFGU#3t_MJVZ2Jqg`sw7f{j?*;G_gx_NEgpHNalHE5%S zQ>^oc0M|pQI#L+_WH9#N!Gm1CPoF*kIf)Ex{%80AQ&Xsa2ZV2+dqU9)F1E&XFFQ4L zb|haNUUWz%qRGIeK+|?toiKCYn6Hyd5+qU?4EE}(sY(sH!nMtR3LeDJ$jGr`**#M& z2wQCFzK}U zH5ksV;0ojo=o$)^u|Z(t{{IOlt3}cXAIOG)PyzEY1_uUgfgf{Df_>cC(^FVf1Qpdr zO-QZTLAM;ddZ1p}-MtRpBs4U%@+~(vH&i@f)KO4qsH(bpyQg~>*f*fRDH|9VK!+E+ zCsda{mO~qYEtD_LG3EkH1sy}NZZY1ou&{tH4vb4I92{{82>|+b&qVko@W7Y=Ir%c0vS4M@wsy zj!MjDYGhRQW}0U|#7ekIoPzsb<1c~z1isF)NJBC^un8mO6QeaIq7j}DT99F84J%J_ zJ-7ujBU!e}Zc_)1_mwvHopZXiuBV>>9uI?g2AJ8{qS_a3Ab=8skK6{F zueo>s1mFmHA@A7#hQU(ZQo(IO3^Fu4T$+}KNLGZ2g=0X;{Q2|e`;8&#EHp%8Yilb| znkpTOZNSRO$;rL*^#uYdD&pmT0JPJ1@o+=h3BkUHKuO-XhldKG_WKJ(3p9j&nhZIeE|wcVVBaP`@X+c_P%80{2o${kfOWM4qzF)J22!lfPb@) z^4m_D))iPUFwSV}P0x{J;Ul_W{h1(+13;?&X2 z?G$*MnVFfC(3}r85UAM(7qJXlhb?G=fkB>A=+L>q4(cH-Ee(_`trEjduzX94i`nwY z!575*_a&?(@qA)Lz4LynAq$SxwnZnd8bgb~0&U{I8L!fU})|ChME=XXC$67=?h zN)Fs7A&cR?(V0S`*Zpe_U`;`U;S1VSX8J5$p6yTMhj){qZdKd89G6s+?FR61i z1BL&GR#fkKmYJ0WCJ{VY9#U%DI?#fC|JH{{3rL>K@v;z1!ND-HiXng8`QYH1nC1zj zA$SFNy^uH93ti&5DJ&wFm^?U&|;eg3Vv5#9_F=@{EhShk(=^%gHB^RLA#puIQQ*1}67} z^<1;!&ErvhK*+3e=2llFby$kf21L?vMP!=+7j9;lc~bu3+Y2a`f-0Xg`~ZX1jz46? zh$K8LMkM)E;Ku}MXq$;7<;O?FDEpc~Y#FKt5+T`9YwQ@S8L}1lUQ5gB#E-;zs`_Gz zt~bLcK3D*3|3~4`bq=~u`Y+xO;>ADIp#ZChw9L#OR~78%-U06kKg!WVUyr5110XQ~ zFA^xywY7W*gstu)BN%5*gql-S^wB$^thQELON+1$!VCB%FDD26fD_I3y30#Rr~&LX|5K_8Qpl$4qIr08*?a2t6e+JG0xLofl&9qoI9=R5DJtKIDE zSl%?`^>t(Tl0rcb%pFU$;yWA8p!w4cqR*gRme5`T(g02r8yA}$7qlP^SPbb2L}`Lo!3p6jglS~hK3N*(t>`}njPEg3dfb)+ym1Ns(Q7jdJd zq3P`Gd_Adq0|71!aI=B3ByC1qt0XSl-`7OIT9+n4r@>4q_?BQp+Mu8eu?7+X9TSs6 zeiL2^ir~P#BGU@t0@M59R|p~4%_JieQdD$3#B>BqDNB4+Rn;{~u|5cQ5p1(wL0dx%K(-_ zw+C6WCywE>Xj6y#-j&r3Ia-~MRAzkRKv`kQI1n>#ARt^qAkfgzhBYA3ygn!+U|lU@ zuA&w~!wR0D*EwhZ?OUjCJz_n&|2Zfjn`{1%vhsB|16(E01aI890b+8+r?|AV1gJ5D zU_c38zM3T9N&cwCB$Y7$ks}ahn}9us8W0&72^|jvtgPQ5=zusG2%ZvRVn7c9H!xH0 z=?=XKzZ&8EfFlAlHpnSLf`UFLT7=@WE`wQu^6Kl?uN6`STF;f#)o1HHc@ujWX=%yd ze3BjTQVP|(m)AsuY61rc8S6OERjM%^!WKKax}rPP!?v(L_?p5pdfrLiz^x0D;(X z&Y0gUMdh5wi4GtRE)wRJgp`K-~=C*Ik)UoQLl&@T0E!HrDczQ$qy2Y{Nr&qlBbwPtW;l$4Y(8TaCE zJIP8<;*o1Q#1Unt1LR=3Aq*o93t&iRV`qO#{N32vx&bYAP=^+L6&X|NB4^wn2tYx%EAN?2qS={1Ajm?{x=Ed_wus;2{s;H$Gi>r z+N9*5qGv@nY@g#eJJOC*eaw-@>6iIAZ zX)`YZv@k=Kpu4MoC0IyF)5^<7;UNYGS;)w4IN$r8rufe-P(U{iFb_=tgk%9aNSHfr zjgcfu_M=e7c{KIdEeAS{%%xCw)VY-Vzz_g=+FU0TS}``6t@C<(wtzq;4m+B^a6k4& z0n6Zk`(GebJyml{3&b=NzkX4Bd}fa9+*qRf)Zp)@*JmLd;qIN}?m8p2UX_zRL1D+k z%M0TX2WH#da6o$@KH6t%(0#cF_c%Dl?PglMV!T~@gx_4#Dj2L$ZRaU**CZ*Q6X6r- zaSP$ImHgoCIpFs)HNblLEE@2N8uC$?BWq-7i7fhd7e?9Lx{LZkJAB5X%IWfapw7K; zbHn2!Q4_&zo$L3G8L!EDPib0OOq$d*)N7Ttjf#%Gp?%|`?h))Yz{C5s6r~*dIBs^Q zK~+hIpS|UHJNs7eh3D%ZlItg|>8A(g8=z_s2%ZN6a|($1kjJ~BlkBA;fF-a69u?dZ zP}a#7!$^S7M8fCNzhX{&ox`GcI3tI&PC&K>f#fUd7jA}3vD-dCt%4{5_;>VL8qF;`AiLgaXKp8UKTcHM(7LJeQCte)-L};VBJGUPi{X z)xL(Tj&@sm9H4Dp0Hhg!BxrQ@?cKY9SY2H`2agWv(^uqw>DT@vXacZl-Ok-ee($E)dZ#>7s4wxh0<>85r&Z;4r z8613V>EQ)%aK4(ScIMzjS6Kzx;LzFYm0tYm;GYv^NARWuU)Z2<<+}H-;W7ab=pV7q zYx08j+DU?-l3vN_(` z3K~j-J7?QLOnNcMc%?Zo`TsG7pszyW-+%Q)T`^# zuJ=Giq-AG=T1|Jy#@9G8;9zInKrm_t_WnF)3zo+Pnuw0bZv!1$uE#Y_$t!~Pjw7^$ zVqy`YwqL&dapg-%N^1O2QD(a}Eh8(_oikv1=gvfSHc7IyTu+_1VBWWHM!SZpyftB; zo=n_Fw7^cwX{PhUU} zl4&>4$`7}u*H>2qH=~@P2Qz*9{0jv69#~Pz+NscO1ehau$oo=k(c0*a7*Cah&}^|3 zc@^dVg<$q8itNf4m`ur}6AgMeY8YgGYFB+o1CEuD-;M3^uXM)2_N<<^c9MhS^XKn# za#nWcTb@3B3Nwz#sdK=`UNaagQttDsUK^Eb1Oz?lAi@i%8_lx_rHm&j(q<0qyW9-d;VQC{dp|mRpMB2vx4ysiU+Zt3wb$9_6p!b*@6UY=uj_TSL^3h$ zd-zbu0AU63bHZi6RgCVX>;hM6jQ@ z#D{X%1FGuk8||ShH~Ucfsw@9qQetnBb-dap%5>h-DT^Ure@#Zmh8OJPGXvGP=aCxg z@HcaQzIq%ha=W7*h#Ws|M(GW&U}NgZx0f!bk?%UR6FCvZM`+`1P2FaWg!U|%c)%c z`t958&EX*-z#-qax62tU|E!_`Wria)jl^z9B#T`&dx+67l!h)E86g1R>Q#-o6vHCx zIrs?xIr6eMZ{NNJhG^M~Od3DJ!`*%7VR!#R{J?~Yi*`2pr}7@$*VwhZyeuXrhRGzC z<;9W^xvLMT5`_{k@lS9(U7s4ui{YR;JYa!LEA*weuT!TMG0^-Ja$@H>!Q}Rij>&j= z8Ul9?rrN$D>s+24qA6Hgv=&ia4X)R+z=t<)%E9;h9~UaBN}G2EU!82&E<4_IUt&_x zVl41{erY%-e?Zf~^^p-Ny$^T4e~*>gxrU(JP#+^>Ku01aB|Q#x^)7~%%%x0z(P&jq z4my9{!r@7A`mLcsTglzK>4=aA=TjbXkQ1O^4RQw#JwgxsF#7;o<5#l+}}T~hE;Rb~8YTwVPsI@;iq&7t2@%e{G=)WpD-8TXZCo{^e~A>rvU7b%bV z5()e4&!04tj%H+NmzNs_1~rR5NNtVp?k=qIql2Zl*}CuHvCm>+UzgzXQDuIY6K`t5 z6I^%f4y$r+>AO>UdM6YWm6VkqB_vQ2N0M$yd6c$SU0k!$J~vpkL1sm&rdQYHIU&NC z)cQ7c&!TAbr$m1x+fmMUKDJ|8ACnb-jhz1WcBeQ>+Qi&T?%{&0EaF zKdhQAWz2k&KX-bMWw( zAk>_npC?7CKL^R*|M>K2H>O=wUt>;0WJe&X#aNgUHoawcY8n0K;o-&yqNI^_6bKAH z@@;nm^KlVD=!FZpP(=$I9x1FuSOSP!ynk)|79)G`{>L}Yj znMIbcf8C|@Xe--kH=FKTc7Ip2XMC=bsZ*O(93Hp&`m2IKq$h>v$AijY6cJG}MpoBJ zCZOm}fWP?!_OCS1P+9pkriUvRWhWR9(2#;0(owtEq2M{;{kBhSKH_otBCVMjh3uu_ z;WAvmO2^I}F(?WBj8>k3jJ5_{YDI;hNZzF%x{k#2rdV4Xe6q4sYskLKYl@*=7yfRE33S@M8V^Wa@%m#x%SUz;Ik>M1+9A z6u=31}cGSS4_}3wza+N;W1g^5jpeY+3Z+Xs=_YHHAN+UQCAWyRa@Qm)%@?f z_Mg+by37c|S!%arbWl^!9VV{&3;tl52tqAhO~2eZ@n*Hm`x%_Q>1hhVjH1c8xk8*t zsH(J%?mu3`v1wgwDdRQkTE+u}USyE|Sf8boXL$@zyYpRSrgNI9x$_<8ZeKC4;bnMgj{+0IEuR~5Oh<}KV)k{uK ze=ZYH^Rk(5(z(2+D89SPgULr-Tl@FVLD*hST7Phz50hv8tnE27VD#d{LoJ z5D)Om)ICzzwKm}P?c4eJ_R7js-G(TCB2VeYuzP8zMoXHv_Zkh2x2Wb}T~Js7`JXG- z3jAnY-52y_kn$ci-e4Qb*L|a^s)|H~64$ttBPcgm7#cprFsQfpOBA3Lp0RhAqt1^S zIN}YQk5mnOc{KbXYN^3HL|&p@6(ap#mo0$RX%xsOCx`4x+9%b6{d%dX z|H>?J=+5Qbotf#95cgG36tuCIEc9B53Sv%w1ac^#XmDcu7I_P)gJyu$l7&Qx=8rJ4RapDvEcv5R$$ZoO}=1u!HCf8C$9GAP6 z@wLU<`w#^gh?l;;74dVqPw(kywkJFi(>&v7>gj3e?A(Nu%Fs|^q-kq=;}MgK2Q6BT zVM6OG61g*)$*ojl0@aI)+78#J!JF-*nfv+BsfE3^J}ie`pk?dU%(gaP1J7ICPil@R zDsCiBX=%wAzoAu8*PvV9vpy*~`C(Sj?Q~?n=W~y|ej!UmT)33{e9!^J`r_2vXAHth z1d(}8^!9CLid!%FhS{FF&s|Cs3NJ49esP1byPJ){_T0IH3JQDCr^=;1a9}eFHN#cS z3$Cu$i^Yfh*e==Lu@~>n$Z!=F?m%{L6!aG}=n=3o@PfRBj&gWdCLk-vIy7RZT;L^D z)vCEk^~ukSuNsudh|aNj!>Yrj&Bh%_;c}%9+Bii-cBn)@N=Z#!OSH6Wf+uaQaeDXe z_c1@Emvw8BO6?``J4Fc3;vGbJegNG!F9z zcEf?|^LlvMgq#XbSc7QJ^)u|0q0y6Sv&~&^y$IsaA@LC&6Qn-)+96H47M61li1597 z&FOLb%xNQYqoe9gA8U$k+;|%)P;#R}w_s%Y_qTC+p-r*|+2`qOCqGN}(zez5`?KhM zcni!A#cBPDMWOB;JL7_G9i{y=@FEox6kUaaV*7qcTg`s!xJ*S)f%yT(InTkDAsVUr z9F)HRo4q^AdY9 z;Rz_;zBR3&Ai!lZn~R(NqM%OEVR5hJ1Fqi@Vm8Osb?UUXmMq>`n3X!@x}WTs=W_Y| z6~RG7f42r49t!A?Mv?@^E}uO+cyEu$B5PlHy|nEb8PvndFeb6(jQi}VLX+mTxV-Jf)scEXsXcfTYss|6g9iG*4EahqM!OPvM>dfVSyi_<;bT*_KpT-8PEsF@0aeocHxOf1kT+IKEHCa{8K?~$?3jhhY@ z*^azMhsydxL;E{cK2FYwdB?6|Tf5NEO>MQ01q!pWd}CuzsH&PDIdU3!{*xyTYHFJc za~V)?5ZlksUsUoy)UA-ODe%pk;PpE)GL-VW1aC8(q#!O`&WjXy&@L#7>EBTY#9Hzy zDw;Tl z^tqJ+6Q9IHz;(;LC12CihiAsW=oeq`dsb7qnUaKfVp%~^Q&Trm5 z=NG##Ury<(XzXZJ7v|+f0c<8UevG0^!Y=s@Xsykg3UK@!J4W~T@!=D{Fmfd-%Iz+2 z#FavvZ1bpL#YF$FnVKx}iU*A=RyG6K)O&MDpWbK^K09mF??$$)O$HhPxEDhLo(F|y z!sYdRv&+uT&CaUCA6_z;Sz37Q9Gp64K+}3PCdoRmsXhH+Fq>Bi%c0o!-Q9*piT)KV z;->^SlkBD~E>ERI_sstK^(aMoylu1~T|*vRh5 z4W&g2i=NARqOKXfp15SfK*J^^ZId9Lr=X;q>CZ#U#2A#5X^w9?GtYBHco#GU6K)(^!;v+ z{nbub5xldr`&&tu04GBUp3=hM zlS`^cI4O-TUd%_+(%#;FaHnI}B-ODFL5-D~4W_z+j(dir&-nHGHmh|--lXIb`cZYA z{N#9_;}(WgazaXaJTpTnM}O(T?aeDSWxuG#nO;TGF-74#z4|NpjBwtUcYDs-*vwxi z&mVDM3ihL**qxGkZh746eZRq{{z_p*r3PEuxxNCF_^NzfNnsCSMa;XdyBpeYU1%_^l}hKw_qytdx|_ z>-MhaNzLoOyeJviUpN`*xyh3w`)L{=Dy2{x|D--)f9E+$%uwCX5Hc zf#_Pjjd~hyOD`)2UVm|3zK%IZKd&XOuuzs}=O^Lwc6HAO#vsQwxB5&=C%^ys+qWbU z!blmV_sHldtOkxVRv&|(gI5Fh)-v7Hq=w&UYRX~oYEXzgg-C9Q)r%pH$cm zo?|d^{mjlP7M9wxXT@~R>*WiS{6r#F78@*HFl|RA+ z$bB%gun6?`FNVt>wZb_csu>0U%|{*X`rg@CO}oX+)Km-eYvx-Ttz7Tq+<~gIHw1BtLN6}pZyqDWADoe}h)#|ERVhg2GTwH5V z5R19_8G`V>))>w9>NQQ^9jE@nMr(rf0QMPvav7egCo=@01z~A|#LxkzIq@;_c zro5#*7FVwD-*|zYw7NwPwk`Bj$=N>{m4kJtONo9@5sPucN0 z@_SwIxL(;59%HdG*3luk0^GGjv$o2tv0M6W>FI^`o9wNwkg3$wHKu0TO*Xzyfo9Er zXd$Z3iW~pW{>JCOyA7n@xnLM=Kn$3oaDpyFawyDQe|sYQJnh$@5jPbzIJ>$ z-^rC00>2qxSVWP&?Vn>}Sa74El;P#&rOBC|Du?_0Fo}8IV7hJU1|Og1lVb%BM%rs>(DSvBQ>OaAe zg#vM%HBHT?qoijQq(=W_lfsrqpJ6T>82UPDmSXI;K;bSUBiN4`5;!m<*w$0~{5d=$ z1Q8M&y96`~wi9$yGt<*YzkR#PM=^}U2z?n`To`VP0=LnQoG4eV^uo@|@oo1Hkl z6h_jHY}!IiAq)1w6lF>a3jwKXuOkE(2L0F|psCn9>)lywn}qwdNi*O@_3DMIxiK!0 zSC%hnr_NW7#I2KmhG}yPG#|Fg5d<<)RNI6rRhY$3kp^}qhKBK^X^q3s2QNSM-3a>l zLyni!)up$S0|V;@6+9)X4-|9d+?s9UxMm?kg4d(<@(|F3;_)5+W?Ps26Lx5kYMJiq zpKlmBjIKj4j(>M|sp+}r|JAKHMsk-rquB%~3azC?K>$C;EG!=9=Zn7gs%A8g_i6&RX7&eL+?cyeHg-bmMvv2QfvU=^9c z^GQL+zx34Z-MfLVBPd<_`$hf3V&3}!K6>6)Tp)75#93q{LwX~+(O`>$Z{1=<%#@I} z)y&e;19=i$A@}3rz_$B}Vc`QOXVSH61hSVlbzFs4M4PUn`wsXSCapK0n=?%kS@7p%CAaH**VFDV868MqaV!y}EuCs8OvLiFHgw2m|;;>{r}?1hpv zhP}zj$(J{tiz>if-y=fi!67w9UlHmEl@!)t)0qhCTshibx$4>*< z6QIA%OQBJ{s$c@UhR!^`aOa(aH;J)tGwY#(Ro3Z&Cj0H0P|z~r;fv+Dluxc}MuxOF zQVGb3V>W`M2!kdfLD+`^_hopj@+IOBaM>#9HHcg=2oT2n125u+9WjNaym z%ur2rwbuFbc*4CreoZY^M@tK>bxuk{xwh7K zrMcxFK>08vpDicQL7g%fdrX4D|FGy5f}(fumS8qHp<_SOW`doce;%4cIKOnuoq^6w z5zwU-1P*)sG&DpEh44rwLsc7rlosZw?>pw%Q zLCW!~CLRV*zJOEyiQY@BcR72l{3&TFFK$wfoUBYzePY}KJGyXI;<^U73);cr*ao3U zb6lUs#)at20=EHjPPv8aFGH1$@|Ln~z~XR8z*5F9Bt%W{3J8Sb21r!U*Vjk*z`^nG z_4dbdxwc^@`XHLW|Xhk{=6!y)9xfev;LHX<~` zi^barV!Y$++oYY(g*O}~u2n{057>RpTF(<&H^b$MO9Y*QJK~%^`R1`Ug6Ur<1S6n{91rxwO3GMqG=CpwGMUv+NdW3dU>U`$2%S z0KhR_JZSdy2PbJJi@kr(&zZ%;BwT!z=3f6k@jt8bI|{Ze?Rc>wvEe%%h|S-4t@RBJ zFF)ZAv!EvqMJylRhNZHs>1ik2(|G#epB!wzU`ZSO$iNXw>eVkUTJ@EWe))10Am`T~ zbYEV;^rFYR*k2Sj&7t(8O*nvl>x<*de^cxe;2vjXI)3$F8iZxbmg~l+ic=RM)OLrR z4=)~Ztf(ymwd|>S>hwnO{_WehG zb1-2TlfprQl;oc{9kwld+nD_qm{vROynXjgwbUeYz5lzri%K11O3Anfe{|)i;#rlQ zO}&)EB1?;D9bCSYGt>m_f6;2PYe?TII~yFXlUTH#re<|zl||&v4S6_!5?Uri(Kf*z zcen)sNlJUn7wFvT!$TOs9v0@70vm<4=QK0#E>nTltGa?4w(^p$DW`+0F`3*3rSn%W zD%YqE?(69;=20uxs`TV1E_^6WNAVT~ea!D-D)#5kL6fIXEz$kR%bPQpeY``=q7(Wr zcMlJ|DRVu1eX4RW9KSTq$5??%?@;u8ZvJ4BEC{WSfq@IN7yOQ}hm7wKhhyg7`UEG9 z4|x~mZESM!_=hDG1h|mt1zFka_*W3)xrZSwJpat~0JjOs=%`2T6BVs0ymFjIM#5?A zerRYLqG6&x8=GZHO7Yy6l)NZ>%fmmkmCD0o35?~%Xtx3Ockj65^x`}GM$Vl)uMk)c z@g!mn8U{SS`kzojOI!?}uYYBj9QGG*&(865K6GT94UW>LMOO9@9 zH7$TBuDe?sY!!N?kTXr`m{7=m92)X*TaVI62fe;cp!({q~k3Cs6|9%)ZO7~Gu;J4ZFY_|kbu&pp`b|N^Q^4p z!tT15fx;!c?Vy3mgw-y`hVJfp%w!cW9i;ehU>n;O&9jXp=rVbH7pam>gt#mbfi+$j zLG8-=ZqD(HZj}-Dnx7gK)(xP#esCK!O^}XVzD%-Huc5;YzAVWiUC?2lf3^sF`YigY_`AqBb%3Qz9D%a4gR_V6()Yz z)(Uy~D&Bmq`xCmGJ@@5F-*<7(CdPfAkgdc1w|5(@Li5&b+Z>QvU}YA9x++tL+r48J zAIC(AYjr~&&MP}>*W+cEQpH^J{a48tEFu#UNqp%!xy}CM2!!iI5R8(-!5ZJI8jBAlns>}i?{D}m$o?sKP4T1IwB)mLv|=3# zHP2M-X5vWo_a2qYm&Z)-ld$OW;jLTag_iwoJ9pANIJ~55Wwkj^L^68w7442ekzU%uas_f*0nPh|0<`Cp1~mEFRB$E_sxB~c`BP5n0E6q z#@^?xy^s(jwX?aa?MY>^v!&zjpLaRSwi#Wt{~l@Z=s^_!8X{X?wak6)`!hGTb4fit z>)l)!N59@lFgm?loq(Md932z(g+84*E!acJ^&gsS$_uS4UUSy{Sn3+&R* z*qnaEv}V0}tmih4Z~9OPz(Djtnb~hSE>*sY?urG`QQ}^UcX!Z*olJcTjZ>sxbYP+U z@!_~b_o|JHv~)79dW>(1p>BzNbY&irX!O)L%-8)6=i=I2xe_<~>vH`yGNb5&%n2f2 z{CJf@P7fwAF?FLxmY6h2OCchv(FaIIj)EZmCJoih%@>vy6w#sLpxozK{v_*r9W^hD zT3xo@mn{@8w9l@VRe3V9GcvwRINRB+3F~=ZTXI!cL{KpPL=xi;)95JA0+|B`W|o(d zYilFw!_IskJG?IIKjFot9R**%`uh6=``)_lm_?ryxuxZC#s@D%L=;g-{kegdQ(B$5 z{^fC+6qx5XlOo;KkLpw9n}1MrKeEnLF8&hdHlBa;KyTxg?b{LGkrDqZME8jL|2sst z(~>P-{=|umadGoG29Y^BSDU-FRrNgw(CuGY=+CV3Yn=a0r}yO350pBv6aLc#El+AR zgf%eU+#dpT^6mZcZ2iXG{5o;2lo&5p1|Q9B>1{&tK0cTC@GJTFlx$<@K)I`<7wf%D zCo?EH%`(^*-hicqou}iO>Umf50qu&e6(TUXCC^KH|73bQ1@9rNu?+*2k zH1(>z*WnfT(sUd}>)4pU$w`@Ys%mN(j~}n=TgHvm>z&kGb!i{A^+7f|^7U&}Y;4d0 z>_Vyq!d6v9P9PE`k=_?BVDJf~1&-DFdRs@w1DFt;nfcPc`?}Y*QnTm(7+42}{O@UY zZp#9T0fa)O12x+H;1S_2tVdmt2%w}e-2tzd!XCogqzvq_W zQ|bDrzf0SlTP=pH#?c3*c8-6(x5v9LR>b~uSZ62DA4fiU&F~XRWW*5%hq&w?a3!kk zq#+}2-n`TlpR)nD^FZw3SPLu9`rgI1xykeqUQ+u_?9ln%_UehB#jIOHH;_2bww4ew zqPq68u$B$$+i%~P*=T-OKK+D`=9#C?E;T!t<4yLROp-yI zhjyApuXB8V`7ysYmKN;`GpQ$|#WJ7_Yf{4m1B+w?%*qeZ9|{eHM^8momX)}6g3e{$ zA>FTzVmW;h0G{WvOF&7zbC^o@)sp>jPW)qbc` zpjv^Fm0=K`l-T$Tn3o`s>0nHwxVRYGIubk(5F_(qgADIVJFlnuViF2j_#z1fP}mwC z_Hjae>0iWWZrC1w!RpE>hJO}ZZkm4io9m1-U{a@UB3#CU?2v@ z$E`13w8wS_{5*~RN7wcrmZL(di&WOfIpB(1%7$Ozrunq$i?sPSGU<&r-D+hIqEU|w z4BW)en4hcT=0F+Xo0<6y16l+D!IXA^>6UcbM22K_t~U&?g-t}=_<@(oI3srg8;>WeA&tj(p&%4ZVw6#%sziN1Wm2{!|W?!qY<7%uov#9he zfYi&wL&wOd9{pS5TCC(y!|P~oZ+eP#P0ySsHb;Nhl?K34NyA=CS-Gy%@vf6o)bw-| z#3Cw%5%2dB*P^0SY;DOSUy~Ez;rpdLv_B1sT<;HkEHK@f_k=~wM1DOD-iMX8caFO1 z>d!JV_B)C~q+(~Y!`wROL3lx1N5{79x0|k+T+XB08enO8AThBwC8g$~(J%F9mCH=< z`-iyA^om)uL`%6ipKep)OJBC`j|gVn^V)i6q2h6O_v=rdw7 z;;rm#J3S5CjX2ef8$&opF;VcM;hz1_Q2&0hLIQ+g2L8uKDy>t$?ASz&p;xi*<$bgK z=FJ)j2|l!OU%m`jHQDh*V`rj!M&^m2`LxnUkMfF(pHx)1^jExgo6&cl9@A){r5K!W z{>icW038`8`>W_Pwz%m27$}tD(W7f(cOW+^$j!wT8<3tL4Tx(Xz2Rb*8t?CKYYR2l zwvq<@U?&vqJ9c1RC@~{rD*)xbb;vh8NHR7_B_kji8?z8QL?d}69A-l8(`^JH?s3Rv;^VEYTUTal zc8lgK9Y5}h)W^rik&*F?u28UADjz?!;ogz0;*ZnxJ9#o%7g?p zS;M{X1pF_k-GOovYImCDvI)c3n0uI7s%4kawL-MQ&8~QAJ9*67{LH&}5S%_3qk(ET zQX$=N{r3K?PEp+QP;fMHEhYxT$F*~lCh#Q*?U9r_dp6_Y!?m)s^qH>9i=zPnRhaEA zc)FdLDN51&@&DlLKCg0iht~$x%@>AHFL?c4f2X|+0JXlV(v_)@U<0J9_7ph*8Q`T;T5*GL0TS>{%2+v9R_xsCVy z1?5l%nlsqgcIO)%6Vnxpp~>XGLsYS@6D3)uzq$dD|Ds?Unv^yk~{g-GY1X{T0~0 zno;fR@7eHi$1bj?&l|sYE-#sjStalCQ%k)S5TIKYQE23Y!o%}xo=|&U9XB5Dv)qKP zjm$xut8fj!H#qAA&iqhbUT!Wdb5Lo#j)`Gf?-yLTX4|%QN2gsQhSzrOIs%Li4{`5n z1qByAtAi&Sx zHnP@<9{UFcOOLqyys$3V4-k~3DeVv>SXA_;8*ZI3GpiD=ge=1-A$j*&6ipxFB%^$k zmVWET_Y(EfZ7uI>YublDzZcL-7#>JiOYGfu8opY5W}fq-eYY97h->dMAJo)r_Flbm z9cQxbJw3lyc$~ycLyhld*LUwWBkHxCI9Zu&-8Y6uf!o4#7>>O+50dV9Y`##8 zy6_87D0085nmhXigmWHabH{Wzg9_dcJr9p>fQ$<(=4_0ew2FwCfZK z--?p|jf)ZlNgMh%_F3%0y9qme;7uSWA_UGK{jj4~tT^MMu;LDe~VY{{8 zFCLk?ofgYWDv15zN==|(>R$g{CH1X*;Euu3(OZhN6*nmE&EmUzU|xwdBxh&0byvfx zaG@k6<#@=6#Kw3A7o(??0UTcYDV`2EY^SG39K+AcJJ$VF`BeM?RNeHSm8Pd}@KEgb z+p!r@2bNX@-dG?1%=XxI z3q{rQW@fgA4{JN~G(Y(V1mG#Y|KQa?HsSRkLXQY=rIdSl9V)dxaryG?$jHIPxt047 zT$U;-0%U}iR@%t7U@V1>Eh*VI>!vR1L>pf^-}3RJ?|PbF5Ef5=n+e|jxT|ZdHHnK0 z9CC(|LB--(gO&9zbJxKiy?qq)HG&b>CyQEYKtrA4o4`Q+?b}B^mrOg?5($vz>FNe& zhn}EihnsY?t>rp-4aB!yooQ4XHC-%b?diHJzsTwrO{!n_)%=nQ2_w+;u zU2p4c7B!yf_dP}1wY95ILOvO{IQ1nB)i{X}p%z{tu&~HrCW^U$lCnWwBwyx)s!A@C>bKYO?v-?sap1X<_Ra#Zd~f z9D^@vagTkev;ohbIu(eD}*5 z|EDb?$$qbuCCS&v$FWSMpLG7T4YB;MUUXD%Ud_m#Hu~5*`qnW#++RkNTg9K6Dv8&m z>q*(2I|q%7ezioJzn2p~)K~0wkjeu?o%KRO2dSvOMMX;h{d(U~wBd@B>wd%j3TF!0 zj7*(Js*+*RI`G`Y_uE^Ki>q{e?|G1U)~BSb|Kr3@W8G&_zSD0SvkD8!!DwG+_fHuf zhGMq#axI*)>(+U_dtWGa(0(@Sr4TKJq7wM~@<9FZuF2Vkdqv`I)U2+bM;ROYVV_3W zEVw5#pb{%?>OU-h^alvy)Qrz->m#|uaP+yHCr6LPb5Nc>a|Zhlvf55N$*(^s9Q@R} ze;CR3?B&BAQRv3b*aR3|3|pBUGCp%g&rOnNPiAgP%4XS++}xWOV%x@WPV8V&U&-Xu z?1T<0tM0NoAD;wrn>~U{eoHhvceBcPX6EH_2?~1kS12Prcb8Qwcl@RSh`Eh4Mx^l; z4=A@!3N|Nd>k?um==4vWq9z?lWbnIZUt1o>5*}=$_V)HJDw^?9l}x62__s22$@?GC z{h8JWhYn0((kk*;>RW9cNfniCt&xELFJIDZipvVDaIj}K(C;g77}YxzE9Ur>S5WZ0 zY!Gg{k%vB*WZ~uxIB0dr;=>hjOvAz{EoLotYnHiiI2EH2#W6Ce+eVFS~>=Lg%)jXDPj9WGm*8Onj2Y5u!~N<ea8>RhYz~*AL|8?{CdxHW`4E6E^ zY)#gj<)t92t-a_u$CXi0p{Ho}>XGU?%!Cm{u4))gSShq4V20J!>A8H_?@hExLQ2YW z;e7DL&TAgtZJjMGeWa241LQ7@rAa616QxsCS}8XMn46isZ8@b?+P+aI7jv8q{2Qq~ z6;f}{FZ9dOY%0iWMX&#TM@Lh$2?T=ows2me7cOLxawdr9{VPt2^>qo)+#i%&xfhg} zSe~7ILRPjUzJD`c`t{GBRgl1v5~tdT2&c7cC1xqExl7CKXF(>hFNf_~-e01_#Z>YC zebzlBGIBjRB`Iq5ifw5b!|dO(>h5Jd>=|CWK9x;;?`^fz31vU=9IHVAv zpe`_GQSswdV|4J-f^7u_wa?2o{5k+93WSX0LVrc#e`1^Y9lAoo2cAl?vzxu9ztMN` zjIQos(q{{T-`uJ zb5KO&g&NN{%PF<0(#zW?tuI(qR{QFk3XVQ|tKl@=t+Vw{c@P=E)J|uqOMT@Dobp?# zS?*&Y&p_YB`!}jO8ybv(g};A)4jXWXhA)d>ti3XLB$4e5LY{BS+Bq0Fn|v?OlI~n~Tds)bT@`kJGa2tAI`iZyDj=UU5iH?5;M$(fOj+8V=20CABy#uu){ym0w4$#Zc$#| zSAYW{&p?i4N)=o;)X(lMzVW*gN?mCGLM$>h{2$oT&lw@QfA6|U7fSR2uLDbx*uH&s z4h|~H%5tz0z40Guj7$T9Ok{Y2mZx)x9?xF;^ zVh`sUd^)g~oY&Gy_~78+Fgr{u|Ih=_B;GL6x~ZwlSl2T@J~jF_FAr90bh(i2YBIFG z#N-R~8(2?-jVzFEht8)YCH=jbgrr=QO|sF46{EM*QCVJ|1UVc&d^kDDUod%M%cbor z2ZWdw#jrjpr2Qy%lSph6tXAayeDoCC@(KQTMiv&x%e&wKTHYPHt9&aghKSgDz{-5~ zR|-)?X^}0l5sso^TJtj@iZ2`KcYiUzL~7gs9KCzPjh3Rm(S>L6%h;$4L9nv2OoipI zR+_d3?o6(O%kfT7P)eU#EM^>P>KHsrd@5I#-GS7t46}I5{(J%T3T%BK_;QWh3YAt} zt9ss^cD`;$W?cRr%Jh2*O&KCTY^+5G5vGWQpuaf}zyry43i4zGc##o@(#Xh;I%|Rb z`&;0{hPMV9GYPcnU0ft0U!(HQ@$PuR-ajL!BL{-GZ5S)=-P?ZS#eK{{L!!ZZ2hc2{ zaVVNx7iaUJ$RFiBEumNIx401Pb>fDp=oZp@7jMF0CRBP;=_zTd6hM-IKwzVBSxHG2 zaTL0mf$rVD=d8QsaZ2wg zi-1aUbb2tUL@&eww-N2YXD9QTjjVKGA_jcrP;BDptMFVZO-mc8)Di4|{B^bAHD@YmIoZE#uxjuHLILECKW%-EpI4)6|p?Ie_cOAS9&FZ=0LP zVQ5IUOVjjDOf&+%mZ9vgC>OnYr$YC+dW}9!{n3yUxq8eknsgPI0g!43$qa7Wmzp&y zCPrWt;C_EYBMd!pG)!@?ki)qC2sQh=o-~_rigeoD6qcK1cqbkA@keyWH*Z83?FjQ8 z02oEB#p!J0F+E?FsHX$42^KM_E^SxuT-0kTTr8yQR=^ z4CYPm8#mD5x9%;@133|3ci1}oZwTPm!W*Ov$tj1FjTL-fk=a{r?l1|* zukDz0B8ZI4OcI=nKZ83t;amC~_>1LlIh7D3-C>dVh?G&thnsbm0;lh-TlN3Nf(I4m z|AQi@IIw}ZmT@cx(BTLcaOtnWaJ0In^O(E)A|?ZoTaXbvYB40|z+OXdsJ{HFUNFMD zL{jbw3TB~l{S->H49z*C-n#OVt)|Tt8n9do5WL9i?eVuGKM_t1%OrzJD7~Im1^+iS_)Zb zsW{aCVFYS`hhpPK434-+#lg)3EC$2;pztt7*wNYP53}IHGL@|saFzTtE-zj8&t(o-6?!=FEGC}aU3TV1$tjT$qi`^Chp z%*~I{ViuBX-@eoSoA2DYgD?YE0&o|Iumo@hW@MB)eP;@;<75IyfhZI!4S<78VelU_ z1YmnYLTEXB?*;(K5S*7+)6_jdE2pC)$;Gwy8HBUL0A*$uOpJ{`&QFeK-`2;a!Z$n- zawhYolyuS_{wR!uwr0iWNhi2ST^emGJA63!in-3)Hh$yg3S0@dsrT<+gmii1lq-BY z_Fwdqmhhnt4R6QPZdA0+_ph#0MeFyg$I@<}{H&)_KI^2e?jb9ib+@&v#6G9OMMGb` z^^%#3gp?HXxBN@>v5Sk{QBm)If8#u8St?vDMIj4I#TxRky>5F?erYT#v@uk`=&GaR z?Pne~sL)->LJB%CFa;REYlWewux6_U_b2M3_TR_HgB@$XB1OdEE#tLZo|i{jtBWZU zshz<}PX}&>ykBQlYHN3M+jee)*(J3rf{t#$ic!f&Xth?FjJGy*CfBR(PWqKAhm@2S zWlH(^d4hNPthkYSmW~5ETmA&&*a>5B8L9@SwFK6Q zpE`AlAYcVmRa8WM+Xv=B;)ty5AWja{nBZmFwQH9Ow}!kt51f3Ro%apyq@)ak=E9nH z-<=OaP-rrxROh^dDpLY0_RN0!^yw!1D-cM~p@4i821v-o_4JQi6S8VdHk5#)FD|}c zH5kYuaavbbN5`HIDCXA%>tLY;H`hCZb64f`^q9TYCzcjj z`=o1?I_$d=>gyYby+&A+gCH$-(8uTZ{Wo07+^GGN5s$S*T;_hAqL_P=C3E(1i|nvU z?4c)VX*-EiIz8HF-Wgp?>Z_Fb(5-FR7)8lZRrc6q*_E7t72_YPcemGE8Duyb5aOUg z7ACytnX2F8J%$lZ@as_t{vJ;5%iHbp^Z(F9w%^g1u3DJ+DZ@^BSPI!tQBx+@fw1+K zz1FpwV0?;38QlY>P;l1LUdt?!=OZa^yg0H_7+YfmN#aBM6TAZSnJ|~)j)l|!_ytl6 zK+?s7P%Y?So}>m!K6 zZ|v9*&IcheXjnkl5F>6eB6sqt>#DzuBB=HSmTJig zUCpdaQ1!f(UJYiNNz8&c#Huo%{dkP9od{NE5;azEaS5XpZD?Tf+Z={Qipr_=iK{z% zF<28k*6bd9aQ`V+S=~D;$1yO`Pw=qMb;)}W}B1t=_*K1 z#z$5e=YwCR7tjJ4NJ*GlTBc|T79YD>de4gg!Y`lx@^*8b5b4gyJ;_@Z#%34y{LM>o z4G$a2FdRKf5U!%e$uIi_aLXk}W4F)W_gw#t*TadEN;vzl{`y%?j&-76=EMVVsQA=ioktD^h|p$FSy|vc_9}m)x!~j< zZI_8_Se+T!^WoP_YN%2mhC?$lqI9$mp+mK0J!Ue~GOn1J4^5AsTu%U0dEMZt*$T;y zd|lo73vXD>%qF_K#i&y?R00=wTuMB|!C$J3vi-n|rS+R==`QUYRUX90|FtdU;PSFC zk4i|-Q}YuveZj~uKt;l+fJ)Yby@oHpoS`za40*)Nf92X!B9Q09_l)5ZtQ$ZC2vwsrf+`_- z)&JbnI|AtczrB;YI63DQu;LjyOHR`1Bq|bXe2l6vs=9ZRR zLR#FVn}{6%gRy@dd@^=6#vS%(=wAU#39U*;Jn-b#%|6Ln-OLxAB~TjoSct>KG%O($ z>r=@Ix#NJHSx3sQTxpZPvwQ#k0xVn-)^#5Gad;=II0`57!5h1KN-!rctRJ2jgaKfb z{qQj|GfPm>7#i&p_^UxpxT{~#Fw<5Lm}GA zAL8NyPFfHAt^V7<$k_SoOXPU}p7b=+E9U<+|K%{r|x5?(k_eQLN*hknSmoh=`mSbLss+!tbCtUiS|z;^ok z?Smo`*2Yc~IhCh#r_<7UT_(LZZEE__zd~UyAZYn>(#`6UL&WPPO+f&6ad9(2flb<4 zy4;78O1T2qjQo6kr;qu?HO9EKwokpZu9U8+ATqKn-GB4jx9vVdQVbn)o}G-9gkb;I z@*O8EU1**jD;XKGADsT4>RsXaae~%*JYRr*A)mABeJxz%GZPY(SI29Li%;G~2~gUB z_f^lr*!Q0JUYus#mf#^>|vDJU=! zkf70n3=bt2gq#eA<U)eQCk)zo&=g>5ILV0pbx9Zu;K`gtN+lUdRqqG-sd!? zg({7%7a};IE*npB_3P}CzjObpgF{n1Te;D3-uXLsTSw5ZG8{+m;B#Zy=i%-7&J%LV z%G(_Vx}R$7JiK_p*lDyeI$$kTLCc9lv80W32ohjcIvKB)S9q3-Vq=aPc5M6KetRy5 z+Mr;hsruHh%(J7EB4ASn_7=jF_xa6jjIF9~u`(6!t{>$Nb8*FfU__Tefp5Ow)v*JT zge?mQ*7A#r08Wm$&iy$1@2mZzFf+$N>h!1W-$&DDr`E+)*N_oR%uG{H3+^{Gj5KdM z^KP+MH|c>WTV1tEyhOe-2ZrHBlqSJSX=yp>^wbF}gobJ%C@U@HOzR1Qi0u)#Aiq-8 zfs735l(%JZZS_srJEiX5jXZbzsc!lG?yg&=SE#?8)na0nfFmkNo@Q=giy$4-*L^7E zGo0wD`_c+S#NE3;+@|lZquBjWa$3q=>u2T4GaPj9Q4n{}PZh!PEIHsjl2)l#U{nzOl?+p#R`1sf=kHavzU-Tj@&a@PB zOEb|Y;~&*GC>hQ{KJ$loyj-&pLE{(=+p9`9Xl${d)XuIgp0%F&;7%-?Dzc0&3kw^) zv0f3)5#rikkmF(V@7iVU?d83_rwJlG_7B&n7L!))QC9YB$zjS%UqT`sHaC5{i$~`V z?P8+VA&3VZG|#pE;-i-}{@>8}g7D3>^@wh|o|>N%o}+UcvCFA>FJ}6d+k^Z@tHCj6 zPtU9zYxfHSz34(p?X>%L)))izjnQ}Zj?qGFYm%1LXlBjhF>^($Q(rhI>H762UgPzg z{%fhSbMz!H*9MBfoz>i6)L(jU?o<6%Ce=&Gb}cQ>pX;y%Hjk^Rzx)9iVdKbJgsT^G ziAiXo2}Q!>Age)Vf(TMaXS17IBkDxmJ(5M1q5(mTGLHNk_FOdRcV=X~h5mZHMMcy! z(m8OW-KkHWxYXT2{j@Mv(!|vK_38bb+}!;=lG!A+S#IvBiQfl)PrCK3ZlQhEJT4Kd zmYHdO`&NBq_@&vo#+ak*fyy}6dFobDRXthG>`0!!#*{rDB&)mlQZck5BOG+;C3KiKm$5CaTYi0&# zrGC!Nu4(eixaV>gH313y%!vAxvuC#i*S+oN5EH$)hIm;O|JD>TJuCxqx3%^4tFwq< zSypg$TX|}D<3@OULY3c*FO8z7&aL2W{;V?FnHPYabBf=gHDCTzpV8ettMH@C-u8kBag~|T^m%NTy`Z)a5P}h-t;7&|V9vpqUizax(Vg!UOb$9L! z+Z<{gz38cjkaxU#}SzphMM&H>b0{A|b^T35%wyGI#9v$<)@ zwUMunr3R7_IF&|x{||fb9nSUJ|8ajRNfd3XXeec7Q&9-X%1%~gXJzk^jLIfSNT`g; z4B1h(Y*`^>mW=FqKR$i@3{QkI)`>)$^9oO+azC(Q8=leWg=j-)+KAy9uF*khn zj4`j+FcX;MH*b@Tb2C1e;au&`vDG@1?0?*+^WLX%jD5Q@Pc*bB9gHT7{oV32PA9M$8^QAyvD!{xX&JyqeXJq>)UW3FM;I`LV`+F)@Q@ zlzG7qWfZ)2L0FiPd5b>+;{TN_d+U}25G1i~lD*XX6T`bTlv}TBX=&*87h!^1?81q3 zq%&b;ULQBBj|y-7FGnVE2;TVKB$16x*Oj_DL?PGpr6K5ZQst$(=RtB?Et zJG|TR--H%iSy9sg&UfI@R}5{f@-Li=eVr`mUG_p*VB7Q;!9-F#bUr@6cxv#tf*CoP zp)XUj|M>CVZKA^K&Y?F}=wTz4aAHC{^T-tr?JV6a{o`C(Y-)*dx`6oaBpf~Y%53(B zg7O-&q{+$eH=B}d0rk^NN$^zNk9s*mU#WGf^yAiKdK#!=k1kM9`jp1|F}aQqTggiMga+00eLvYMYXhK z6&0UXi5v6Mc^zdt)KgaGIA<(Gn%ECW7R@d$B_Te(z=45>^73#~LH%&@mBMdzwXe7! zJ#A~iLr0Q4U0|+Bcz9r-yZ#UVAW9B`XWit>=F3f!f=5F*y(z{2iJ%}3*-H4)`S<1! zFZj`LWHg;QMsmMKwxq)sI&B)G2S;bKvZZ_c{@+BM4GhKTiHd3)F?&6~bo%&K6;;1O z2OvPWBJ*Z?;dz;*q$z7&aq}$rqvlfNIQ4^~k?`|9&7+HvtrsYf52T30NH9 z|B)!SwS6wjeZz6a#MpG`_Jp;KDX?hPcbm2nXlT#e6^zAudU4%$s=|LC;p0Sm{oo+! zql6_Xc3qLE&Mm{gwMX$&;r6gLQ{}&#elGP5Jrfhn;9%T{7s7P~4|7ec>TG_;hDyr>xqi1IsE7VllkYgzQ z7^U0Y4cE3JCsKs%5_3S^J2QfRXLrq;o5zHn@C)tM(9z*BfA-}0^Fs&=SH4#_dAVas z{U1FRBSi?q7Wd#S|Gw41=t`BO5a+vT|5F$A0_*ATnov~?4-dHC4h#EylIalz1z%;* ztK*1I0!AV}KVJ{GBLZx@x6hmz21mBpjfaI*69IkTa^Aj(OV3N9?14a_pon-S!`$~_ zhVoz#$DK;bDrI%X8(QCxS#;)&8rSOlY88`$J-^GGu{2())YO(p&eHZ4x>KAN&+=rG zYuCy41`G~5o=D`Q5ebNX|G} z?E{;qTPQJ2BG{gj1BN4j7J8)leW`M%^bHWCozDuzD?dXlIk(E%ZiD<@xp&ok|habFQxtiQ1^FC2D6^t|F1y$ zuL`6#iM<0;7*hS;2$0rW6F-A!7lcOodG|FnlQV^h_oE}Ly7Q)Hk)L|K(bv}yEV|+0 zcJzpi8oc`p7q^-({wdtcxQX2A^~s(hw^fddPP2#pN|HiCf^Ywsy}CG68j#I@^5p3E zGSgSDHXr;zfn62cf5*&BTBfc)Z%Rp9dw)tSnHLk&OXLpZynY>@kN{2l_ke)l&+YQMQ*oI|v<5!ptpiJZOP zDkCEW*tMM_<&)%M&tYt>c1_RF@SwAC{QLJG&|3|pr`61(qohBDsZrsV=-o}bBiq{z zT-}D&*WYF6jh)S?Xt;W{MZiLEZb~6N#l#?6v#srAp#caj0SSY9On<&1`tAyBmHy_$ z(y=fWBge(iy_@OA|2efxWoP!}cxyuJdB#T%A38gJ1F&=pf#1Bv!MerX{;T}e+Zvj> zit3TeLsT*VrXs>6xCc$*v5z4k^*lyqr{u!&a@w!Ru{+%Tz;*lcM?TZ1u*X>aR;EVW zMCYx+%T9VjT%~LKRCW8)Uh?Xi+-e+z8ib1y{qJ$f{oB=6HQp0J-e^=UNEMYR_}cVuO)#mWnyfaxm-Vn*XizC?yu(`F~F{yGYRc_mf^$u$pVqY5daXG{xiX;O}uD+je** zh_XRY9ci!3%cO*(oSamo|Ku&6i;wTZEs|N`#{52)|CQQkDl5&R&lRZV7q9q8`)-GD zUe?f{{V4q6SlpKInl<>m|*l<8&~+qNkUL!D;$zaZ2)g zTRFv@|L?9W@-iapWaQYX$gThi`eO0=LF!0_#D~0mR%m*iIb&dD#TXM)xxnzpIRwhA z+B(w`nGX0gFd`cG#q)9pQJ)iyW(NG+2M_w_M5D$T*)6(9T>KMU6`bnC+bNTA~n{qsnr$KNlzP4?<_-Vbb(P6x;V_SnVaS;4h{8PLI?pFcMvFcFo zZ95DD8H7J9(u|l8zQ{p_5}eUYzM{ z;OM9k?2P>QG4XAVlL16&VPdkAK(>3g0e2MmHl3GZ^hrc9B7l~}46`0|oG7?~U33P} zA95zx+kp>%$-f`S2x&PvK5p)Fu1jaT!70E5i|WWZz-IIA9FjbIJ~=;c3slX*LUR#!ZklOz+3evu+@R*cj-H~&+&)os1DWCi>N%Aa4q%vug5*tckX zXBz$MnV_B-4RK`JR6eZzb#3uP_e(JbC2FUt4=Y;J672z7JM<_^8(OmQNzSwXCP7u%u)I9}W6?UTt5Vat+N6*Wuw@ zr%3s-26Lf&H2);BB*0C>$ijFCk`grKA$AcwOqmjcG9_Ij+pyx%L70`i*jynW0xStp zRIaW?_wL=B_Jj@OW(Q`~7-@c~tNZlcL5Rf7>A%Xsj*?{|$_JiR%pJf;z*Ay)43fy- zm|lO>VI2QMP!@J4iTjZUnf*J+%8;9e_B_N!6f=)YsSZXv}j^tV(8ER?kg@thSJ|Bwrh|H znz6Hjf=^3rAC@Smh>H@R*vs_0KfW`Nh+5n9?c5Y{S%KI{YR8WCA8%2pzI@q6|I5;1 zgob8qc=AX`&(_tU;DK}J?sYa!m0pzUi4$hMk@X|!d0*VfNaV%}>#OW=zoXSq=CZMK z($mKFz8`nj);3j0`P#8rS21iTE31>|+ZgRI*_EB3v#$~l_a~Hboibo~zyhho$Pg@m zh!(uF0|{5E$eXt>Q;u}v*XfwQz2w^iKPR__EC|3V8 zUWBVg@NmQTGR8bFcyuBP3(xa6!N`iRu^Tt&w6`Cor+0xw0l*cyz}M;N!3&@X>H;%F z_>N_Qt-)B&+B)lA*~JEd?~%|o4MP@WyUdh(W`{gA0W3gBi06>e@eC*x-`(`!1_ffW z_zZX9v@{O%m(SUrW?^P!t^4{_O+kT*hm_f`;x>}L5awoPvoFC1b4_GkVI6avIn#_v zfng0GEMMT~eS9*z%#b?AtEQ5Xmj}-#Y?$e(sauJW1h98(bMu${S;=_vTIl^#@`%pr zeHr~I4S*rc*1#(=F>yld*rQ4^+V-xln$4D)nuqd9;c1_lC&9tW-AdhC7WJNrLj;2l zMEQ!c&&|)T|4Jr*6n{7R&!0cU#e4JY+qZ8KnW&ITMD+a!NeNdoLAcaI5dH!f&_ZT=K_nTFW)z z`7PPf@U@m=v+aiK9c^t*D=Rm!cjG*|uUwhyDPC=6^eF1gw~-7^wlEoYTzK2rvkLWD zJuH%LT%~M>Oq*VauCaGAlWaTz={`N4V)n=-Hk!X@*TzAj;4K;;Nt`*r6<>oV7YSyu zhVRnk><9g$$Fmy1c%=9-^tO1RPan`udlJmryaf1LJDh zM~t|2o=<&Yv5WM6#qF6q7+Ypb+nSm%7&FG(jGR#@HC)svSK^f~UnUXV^QZu!@9?Q3 zwGc-`RRFCx7u{z?2z4RsI!rkVB+Z)e_*|NYF!uaAHZA>R-{D+H^14Pc_OId4zBTc#Xn`!^Ix_RWGp=> zFUzKp&n>IFnU3)m9FbcxHLF;B%QMvi3!on%Mw!kTzQC7n+{{OTa(?%U%x(Y z)V-Y@>goA7$CSCJ=MCO85MY;9o?X34t`KwDVP)>HlM~m@hsP+W?-&`hTkqCCO9Q0| zaB`Sg;Q_LIwJVVqe=fYr zophhz`Aw_xS68Hr3_XEx@80;KLuEXMBu7MIyepf^j{W%E`%S{XeAn*HmEp+bl@)uP zdnenJbo)!}Ok+Zuw;PQ{bLy(??Jh-q0RbS6u{X)dH%ocIAA^WB@Sgxcz@@IAZd%_X zA0tSNFb94QfGEG3A5o8yXRixm@Y>Q0HYZdB-UW^iq0>G0uUP1N_qG)D(4_N@!}a(t z;aodvm!%}CbZSfXj%lcKFqwNX+1uM2&aBW-TYH=*#N+b^=UFQz=uN?#)sh}~Yy-#w zLJI$-)JsS}qMrCaN8ErX?7lCqY)E=R>;QA4n`SnKE8^L zAUJYy&8Wni46Irtn@0J~vmYMMrtbK=3w-e0-?SbL8JBIp5h82NsK$s%*`Ub68jROL z<_Vjq3!;^9_z}aNPdx@YDg&o88aDX5$|)-Etxy$WIGK+k%gBgG&O(lNpd|JO6hqPA zT=G9rp2ePzGgiQ9R-Z0V?fUgA$)@=I5FCO4VR%{3=8kg5e~EdSgh&V$4EEJkRd1OF zB2f(GnqZ+-&GPiXeTYvW3f@@z(})sBjDqVJe#dC8`=gKO&H6RdC{V}a%y)5enxO;t zVq$Qx+-UI!P9|9HdXTxZd8$tLGG&wqq>-Qx@`1sCIBfi!HAF z$2XPS5x&@8U{?nj`pcIju_hIxj{|;`bPY{T9@)2#8)pGhS9P94>*eg?qN$;QfL6Ug z$Y@Y@fZAGRea~{7i`uaUnsbb40oN%O?hJoJxvIuayfG{v=jF3QFL8W4@cnz0hd~^J z;NFMXfp`nz?@6Y|X*zD3qjAiBKJ4{h3_e%7PpBz2zqfwnZuTo7-==->x7(wmmn0;( z+06}Zbk~aeu}KE*i#xBrO%y}cOmSbbzWkxVDNFYaS7+J!i#IrQ-Lp+2$BSLk+S}Pf zL$?dx&{S%LNgJ_Jl;EPrH2NNlVu@i^wzBbl&+g76~Q&TtT2Cxs8@vw z^#1+(JNa^R?0WOV>u$bJc@uopmR9uR*LPOz?DeJ{BkS`WS{fRPW@a`#;I@6}Ei^iP z`U-lVx`hk;r>h4VVtrUxKJB2|m~)!!Ep&2Od?qDXKtZlVdDyXmHN%meY-_IB!-(+x zfk6NWe9~Y1&FsyyMC7JrW@FOe;dWq_QQyW@i=YP-6GjvwE;KFM+7#Qm$UCdS6574~yZkAM1k z^8FLj55>jnIEI=lA%et=5OZwqZ7u;cn_E92dSDGGGqP|mYs4Po_3T5~CI?4DZ!a;? z8JU*Oi@%Soypj!*Xs9}&QjK8h=;&yiBhWN+S^v1Av;C8dJU(44dqleo{Q6a7-otOk z1>coG5QFeD2%AoyhRB(Nql4_{mJ%W2Wzw5K6prd)RYPufmNI0Etb@ZM{$MR_?Ny(g zrQQUWZvpf~qd{?k?$j2Xy9;Ia8~2i!nEvDzC~a$Ld6?T6>mqzC{y_1@c+vyY4(?`P zBp74Q&3nmQF=bWO-DHdHdsKp2+->1kUAm4cVj4!|a_*Ha=jL+EeQkeZDSW|VNcHfA zrM2mS%N&_8E|)Z~BiCVeLN(%EnUl!x_wQ{RqHOqhvVF5>z;=O{?cKY$dX&dr(8oKQ z-??-3!wgr_9c-yJHN!<(?yI?#AHTaQD>IL3+ft3`dbm0M{>J+L)$7-on)-)^F3TDU z7zwa#)zIK;eZ4)aOFyT`Nf}DF?LSNH5P~xL%9~3AxzQ_=C+mj+lAFWl-RrXOtE`(5 z?p>r~U>oksxAB{H+-KI>2aGfrqYM2L9?Qd#Si5-goVDM+L6%4>8iFu}-NF}q6`sL= z0zqT*&j?m^sBWGqtV}yQY19c7y?F!Ia5{i#qI-08`%z?u9q!coEXe+2h%A?$+em3T zRBF#>v`--^8kx`mtR-&Qq#IH18Ur9Z^6OngZ%cdjmAH9NjVjS>ta=RmEXlZG& z4UJuDuy+;yJFhO^`E46rxg6>c#Ax3-e01AEx8PV$9{ksW}-6C zVXQ7mLB`Cy{lm(&6f_^=4$)BT+<9B`Zd*s5pSOOos|Io@2?S$Hqxi`klo#?cu6=E# z{~HDw8cNH;wl+SsT|(mF#KfT@S|B9M&9#^8(}Z7~Wb!>5)w_E)wlVSP*e2zLs|Hadu&(K0Gj88m_a< z%BB_fbH72wdV*)}^UmmxAJwaZUO76-PS3?uw|gwz9Z2J_*QB=@yLOEG20Ww?^fD`m z_~p>h1e}VpHIvb0iNO7;)=5TQ{x?2X2-G`EJvJY~!I7pVeL5a(($}vgRaFm~mQ9IP z>9zqHi-Ru-q1DvXuyM{Xw0@>=#q(Rf?!TM*z=8K!S&xE(kR*)SZ6`VT;M6JpjH(Br zU4p;+gXtZVrjKOoznrYXQZT-w=J;sb2W%p^P*_>bFi`kL9wxoN_weBuc-T}_NbrGL zj_w0H-~j}#xQl=eurdEne}w@75z9M%)tT<8_9W@yDcGd@Hl;;0?p3RMl^L_1PL`3@ zIClC92tq!?m!+r&m|yI?mD!2r4;P>6+$^_>QrJ_j6J+MW{;UmkdP^(r-6nF9hNolu zzBZT9abMm;xTezw&que>{euTjzI-Kd`}U&`@~21$8C?(JbT9Zq+97XmT@V^8*U=Jo%2wmX4R3i%bJL&u_AYnyQOwUDiI4w7%}MF8 zoONeb--+NE6jVPm^c9?|H)_4ginJE`yic+{tY)fiee&IPgypi5|Jz^J!0FsUb;0=p zBjx$Z`%EZwV46A2&TeO8gAxI82^EW>!0jTd>+03PbI*fhs2P!e^CdechyC)Y<6i}&s>QRamtB}3kHkQ!yZfB& z*tLxbvf+&DY)FHqpzw!02x|eQ*WQa6FJ4>{6Z0}%h{|9fB{kz;?Ha1$TAVU6&_6q7 zOYU?0B)hPvg5~R+`MD^b9Se=r#KV@3*m3+!`6Uk9L zGySy5=>D0@tC4gzow!)a{hmHOej<^pQwCMd$&(MIg8Ra0;WZi= zOaLD#w!(iZqw5mhUBdU3`FcEzgRIAm-`ntZ=dZ8EDW1L`bU3QFyEf+h;>yCL6{s*- zkfT`+#EU;nK20|n6REz7@UhY`COv&Tg4NQf{sYE`A0E}-rIQmmetc?UeeIW7!NVGf z_dMs0`HRJ0Ll3nV+-0zjK~N*s|)X{3`rL;99aev6! zbSQkd$Ho-vDk~e7|5ys1?{}R^NPXiE-s2u({AB9}(5FzkHXHMD8v*K&I`ZQOZs^#F zU|zysSoNWvmQn~wymlHZdwFRl5h~}L96PX4)zzsZIW`h7ilydo-B=Ui@2O*!!(9Q( zF6x4lwX<_UVWEqq_ICqz>I38zU%xKk+6_hGb(!F8F1F#}Izlb1R}Kkz1fM=oiv=7d z`x@Wb-=89`##T%S2Q_M|Ok!U!e1G(p5iKwFeBj9wf|1n{SIlG63u6=nQt}++3@ZHaY*??#W>Su?5&&hn|3`_M$Kl^~m zx2y>If`X^#EJO%|kvGw3#V4s$2S2LP!p-IzCdDD85-uI9|=k2mYnw0W#;Xf<;`Z=j|(F$qoI`y`n0 zJR6%A<3$}d4tWX9h2MdZp|l0ge2w!QPo>$}WvPNQyuD9u-KuM~{m1I!ZVQXN=fax4 zZUSRmD;oaS^krCLdx)u^r7zZ+nF9K zX9nlSg>Z?%RU`Id90R@P=bP^XX?cF(J`^2w##(jn)tfJh3s%TP%2z|q=sXO6a!4bO zW5Q!I`gOwbhmxJW>-J*hN+NsZud?9QDSWY1UMpr|T&TH1V%280z4r@0PoZ}#&%n6Q z-rm%oLscX60?*<07_E)yjEPZt3r^F=pd$>&kE?J9nek`2ELOyMeZEPTC5q~yLR{GRla^MNsiGo8B_?NP zJ~!i6((IY|xjNT)QTKO$|KfV0;ynoo#>^+*zX$xbxU8&92e8SpgL?;7=F7vv#lcDc zG{U=uke?qw%X469SDCEya+Z>u-0YhMk;Fqm^a6vdUqtj~q>SP=S6Feq_*EZ8d_+p8 z@82=)Y1%o~Ag^|JI-2+t6%N(*7UpLgy`iK%ju}$^Z3*vZ-4C*jCYet9SoYQT<+5`K zc8Y3ilfOAGFQZeMHgckfDrzv|!-(O?8+FFYpoovh-=?zEFqh+Uvb3No>Qi1yl-Q7ggUG()I`D~ZF|qBYpSVbHFn{ik0F^?Z0x}5VmmdbwRa09V;WMu?pII6kBYdaqSJ!(V3ORrOH_iL0^$q+ymZt4W4^0|g~2;SyNp>AK>e3ZrX?DN66RZ|EVB*#Vb{=T1*cix3fHV(gzNUo2bonQG0W88kn& zU$y)J8sDxbMrF!>H5mig`5Jiu2v+qyOScs1&9!UiPA&lfg#Fm7s2oWD_1(@Y5SL@* zPx0{ck9cJ8^%Y@yv%0)2bpHJ6%F1ji3CFZmW!?LD!YVR8-dxUP>Xu%G=7Vh)RYD#CL$O%wIy(*;x2Yi=TqwDJYcheq6JPV24{NAzW zH=ZiZMto#eh7dESbKp}j!@*YL(e54%!2d4z#`fm?w%~sTyyak5_Wh`Oi*5J+oOckB zJc+n4hI5aN@6cVQN!UR}9vDzLF;R-yxY+LrD znun#Nwstlq5L?`%N7milSG}q9B)03}k~?O5Hn#8XpAqGYrQd~Jyl(4V6yCcy#VjT9 zs;}T+DR#(hJJM8DtqMm5xS}PM882MF`|U$BE~{qz^r9iv)sORS0*8lR>FfLAz){ug z@hrKww9FnY;x?G9xcT|Q@#8hMcWS+NvZ$nnydFWU7{G?OgooFx#JlUmHSXRBiy%y> z={m)5st34txT7~hNlA(3%gTI*?)v(A^C45ypBMr$lm>9Z$bRI=yOflNB|j#DOF+i> z)QvX@m&Ppw9Gxf>xHvQQDg&J6#zJ9Xf!>|WZh3VToz;sNG@uu0%vi+X%2=ekB;w|O ztj{n^agyuyl8B>_@g`_eu$sW^9R65*tkBc*BfL8RiYmkiijJMvp>}^0T znBfa^z|sWFT&-w5E`sO!qh`NI#K(iX(*%cx_bd!#(K2RQ9#$>VFY?ji%^++B*vkyz(AQ@kKe`@;HpkQG=*3iq z6`7NN%I;R~;_iJN^>lj5^UF4zpB0}EAkceZkWlJ4h zNil}o2;}4wzPl3>&iDSwI?QwCd~{mMnclBobKKXrNlD4^QhHB(2pByXb=ORuQd~xc zj&La{Z+Ynge2kK|bH`18S`7}0pUvJ&f`gTbGk7nJG4+8TAOvu9^bZD zX{pe&s(^qykQXMOb|~MIk`nmf5z7ZhuEhMPF1?SLt~2A|VM=?c)y-~Om(`pBbZl^{ z@>fkbpWyrfapKzNSQ=t3#6MKj$vN7Q% z8XTpLdHS?MF@$Wj&OLTw6)*xWs&5IT`(XB=RYynUZB!_*#?E*N2Z3Jj7 zeoaoI`x?O5*W3GL*&35`j59kg>j&4z2=Op8k785^59z5Q4^n_{ucfE}LNYjbTTJ`a zt5=wUsIatmcNc)#d5x@us*jV~y881TOPlnBZq{jQyo^T<9|jZ@072$+vGPik@l%*F z;6DM?G4imOwpJoynlWxkQAq`&G+nE;sp-;YRgeYqTN3$y&ZkxZg;FJzodb030xr{u z(_I4*oDIyBjN)s`mqvuhdkpWtr^X z6cG}d!})>z^tD2%q{9Ltl*7D)_j~+i};x}_VYZUY>F_DzhPOI`ySiPy4PG8bZeqP&*>%V+`DHRou zNlER#HQ@1jdw6(Vf62SvJj>T_-;SZ94h4KmOKNr1#d8J8Z{OY%qkSBq>Ysz-rg_|) z;E565{QR)0>d9qh3PMv?jq_5*-QQZc`rWt@f%7^cfg~vn2sS4ts|J>Y<_0Gu4qo5s z%I$OPl%zp+D5^jFdtT*daaVY9$k5#Ur$4o-&FGz*4~OXdN31qCq6!MEi^P8Xy3p6t z^P{i$f@aT~(S~BNJ?>koW-H!M5pI@keWzFT7Q50@Ug_U?{m&BvotzAwJ=9h$ym-6T==3fpXLn1>rzWW4RaG}-okm9^!6i{T{rF2X zb$1WFh+{~1d&O2l#`WFka(c9Jh-unR_9eV3YAu0u{nCMYPlw6cN=?;njF zGf?56OoUnkQY_gd&#{>8>kteS^8WB zyodd+UIsG8-50z|D9FgBJLHr7O&^DaDFFe)lCPc?f07GfY_i-X`#xmd59ZOKyv10Q zq_ubTiQ>t}^?a$83*V&%vOlrv#wZ*X@m)&ttaqUp_y<&B`3cExJEk`;-n>q~cYRg%CyU~xZ%gwP;~ ziJUO@+mQM|TYPx4fk7Z_;n90QcXj?QPp=EEYNXH@CNTkcDF zFe~TC;*8!7!i%&t>C4_20yL6Xsi{58IBQo=^PG_`v+Ihg>Jk1UT1rZo9+hY66YZ=&SxFcLIdjW5(xL3(fYmDhkpw<;m+su zAhXJzqUfiC#{!Bbzo^65CVW$EA7r+FIHqQeRb3P=_sd_>nV^PX1o$GT&4#ZqK;Rs*Oz5sC#~ z0=kb2sW+-swyN9X2%5kL-`tv*d9{xR=YT_G}&qak4z-YEPWv5NC8D z8+A0>w;vHMj(N*QAoz$8^GpB=^nTn%;)RJ2}Lm-hHd9FEWWZ0Cnt-^$iQEG z>sE2rY?29b$%3&3*^Zmq^J}ZB?u!jIGdFk=DPaBX#+N$1fFrCN$GIK93D)2uLPr-A z8ovKaO+1nSp4kW{9VT45eqH{`m9H(Y3hJJW`}z#OC_Dz6Lc~GsTsCBrSNCdH_30cT z(kyb_3TKL(Zg~IZ<+TMh@dzo}+xz!j-L`FV>3UEOE^S)~z)1W0CR+Bn3b^EwbK0Fb zb1(*HkE|fSP=3rGS1`!iFrmUozGAABdB=|Pw|np0xgiyFKs^2Yx$6pXPoVk;3)sxK z)#kQph=#%8!@O!~0m!AmHh~c8Nb0&T2H#3z_4IiS>uF{f!rQ-oonNw=S^l$-tiN|} z8BQINWutIEus`|u8O|F9I7&+9d=Nai{=rNCW&OMIl-ieWh9o3-Cnv)W zv5Ho_dV0gqF2FEOgm(pg;kJ2x=?cwp+hhEMn@vY=>hW-(z31XWjd$njP`h7vNBSGZ z9kcVqX65I2+d!@D~k1ytv(C|^R!C$U_Y9jl)M3O2_K_|T!RGfGtk7dUIY^$>W|ywo)Q4x>$|S+V+m_tH;IF*c4@gXt3! zBL;i{mKwiBKwpV)kn38eHv|kf%L3~n`(JcG(bEtOaghT;Y zdIvC?+e!O^A6;G7ociMJEdY?WW&fec9tSio^2oft6-FL7v~XrsLLy>y(Z=Yau<+*h zvY!zVwhfh?o$rULECmGe3=9uV^*H1M|6X{IHp+T+;bH`an|9ORbI_rD_AFQ`$lK5; zGGX%Gy+xU;sU9H$s&fKHAGXrXYCueEY-$Qg(#LCmZ=uAE46UBhp=_(6%fiJ%e?~Mq zJINGN+(JG&?fLfkp*1WHdbi1`IokLI)C(Lq`=NKw&(DgAQo_{#Yk#HW-5$aB&?|k-vI%d*H%&i090Z0f)BrcU=_D6%Rjr zxMpL+T)-ailxDud|J!6wV7^#<{IORrnQoc7m@ixR8r0b?`(3%@IXG-^cV({b#fx2v zit#3`l5yva1Zl(%H;?_>56G?IGyR>HYcKcosLSlj-35oDOy!C?ttAMQ?m)$p4T%*(lwh&MypYaQft{MmFok;;N!I1iW@4|-FXt5=~P zhdzoC3Eo3YWAscjrquhQK3knbKajle_msJoDoXZ z(z^qWG*2wWm6eU|+%YgzDFv;7jo+9I6zAlu zS4Fv1LYcR1&#$9=WC1L1$wjt^F8AH;>rw2N{Hq$p9Er>eb9Jz02n6V6_t4N>asP#m zGlUH2ciqz0_ujcIKlYBZU$RX=W_QhJT6%hqZBl~m8k(Az=KV9M~s#v_+I!?K3 zv~Ajt$Eu$oZwH_mnb$u*{ApGyDspR2E6+LIL+sCb`?c@d#V+fOP!b*fuLr)^ zJ}|bBqLjSot|cKc44SiX+{DBkDBd~jPVb;R`~cBGWMofyP4<27e047})O*VSIUT9U zuU({isHE`=VkH|>#6A7)HlXxbhK^zO*0^eI$(=inwBk<%b>_eMF+Vs9es&3(KUC;+ zLGPld2U}4%E#0AA zUXv4b>B^M{D9FK_1f7XMfO&}sD(2#{0+(i!|AX6VE=IM`#PaXy_lqp}`0>*I{rgdW zquXMii{>V@l9&Y}0sR(5ypI;VQ0&?T2Xb~OUxuz#E_!5OU}oeC{q$5t>KGp_=d|03 zY_MX*{SNuD4meYQ0gH)^b#rr*zFH}@i*XtFUVK8hxZ_h#bXzgx891GG715e5GlKw@ z^YOL!_7*qhe^mD`E_Q>+i0~pStEI2+c~fgiI}1Y?fA|?D4#t`b+m|Sr-UysM+XPS4 zmoMy`oWW~6)vAp}0RwMU|Nin9e~ga8Epv>G4S@$zSh?s7OYYG}*AdqpsN8WM!KDWc zEi$jS+J(9K`9j>>vz3ALfcF02TtG4;90OF8l&2n7cD4SaQxx7S@^78uU3&;5dNOW( zLeK+#ITQ=N>~tW&5r@CX3k5V1>PG@0ITY7yY#hEL)PL^9^PC@B}v{ZaADggg=d2=YWjef_&8OuS+0mojki zp1CFE2L(5JQLG1`;6&HZ?UR zij6_MG4mlR|DESzBPp2TxQl$2&JLhmI+sstnGmkDo$J-|b>2Y{jpzk$t8(exU}dzh(x z4137JpwpedR*PJ^%{URabJ8_S4+c(54GdU8cnBb7Po8CB$=nyiaz(9(J^S`$p*Kq+ zif~*8@OXvtzo$Nd)$PRs3=LBdhpPw9$E(d0l<2I7IFV2HRvUvGPlbR5xFK8?)BOB) zNGm`cK+$jm#eK-VDuAQ+lANjcsM_rJvGE`fAO;w-gdUvuwfSxs%Dkr-Dxs;A5w{mc z4D27NdEq{NpL_9c|&|zU&;IZnRrGZ@JjoQ2N#Q|tSC}3C1 zv+PHHI6Hd|q*+QSkVqkg>X_Lvarma76~<TV990Z(2D=A## z(y3K1I8J)Iqn-X@GcPA6^l?BijmRv{D;P}C%@w!_|!3ToIcQS*U8P zt!IJZyrOm_Dg);ZtXz=#FD*Gj`=--Qvw5T9kLu4Ps*pAdJw5SPN_bxIM_v{Y(V7qN zYy9UZ-8>9mC^m`bf>yWj2e7KWy`FDvfbT3P7YL=}*Q(E-U*_bfqB*an74!1CXqke? zkv&(3CW-(l#_xjBF@8k!R$vOCDJv_3B@@*a!4o3GG)fhgoSdA41e^=UV9qi!(nOXz zo-IWFpsy={6ImT{4F3TdJXl8PdantWyL;c7aNf@UNP)P4s9-$kLzGy<_=0_EjL6TQ zqtGd8n`xw!HYwgsvHaNWe%qXJJ++6IGkrUQ+vxDtnxtKp$NET%$XzGnNk~a?fMF<6 zF7WrfS!2dv@E+lBQ#C9yvg!s235no&z|9;T9dUgj+qpBI9UCCN%=pg>3-@9m0wcqc z$OV7jp-8js+kH@=-_X#&UUCUfG{dJ!j04pYezLaen`A6}`#c`V$mjD)qBKsoU?|4CW?56WRO7_oYk^b`Kfg?xEO-z=tP8u`+ zKIc8u)Hp#pvkd%k@~yC1#@Upqvh&iJ!Es)zufVSTS$G&ISx2K%TH^;3>q!(Sh3y zVB~uk=NLLpF)?}ncC6bWW};OeEzk(T9;T}V)I_ef z_zp17@kGgrl*Z8jbC{Gw@oi*+K=33;Ulvsn;O9?>W-{w5(!lh?CVa<%UwJ8FK`qb&Nmy_j2AfHS*Xz6N>f|1y0P^cPEiFZN-csd|6Tq+~GRL{JbyM9x z_=dZZPbXfHeEa@AavuOz{9*H4^n(7KgT&kQ=E47=zr3B@h2Jt!GO)YQ!4mZhEQ>2M z+5cTMDZY3{O+^JT;Yl1P*tJ1?-Z{Mg>NWxyc+nI>SQmD7c9@RC&5-X4CleGaW$o?6 z1U4i}4o>;wIe`KX2|dnX)VTB01LCfXsFg67gEJB)U%aE|Vlfi8Sz}8gwuuZ4U0lwu zyvyPwOZVL4MOBC&2b+CdoGvWQYHDAxhOy<8>7HQJUAi(Pdo8`Z<;`Qa$+o##8lCxi zT5{Lx(+Yc{4&ygfOliXtK>qATNx0QL55)oYALMxO(9& z9en6GuS+8TSp!=ZQPuy`UtN1T*Dw46|B8TF=L__a;X}0S7qO++I2T)T>l3N4FzV>n zli2Tj&*c^rtiZMOoYy4m-n}xU$nGV-}FNv=`jHf^Uj5VJ? z0080_i+pfSKx_?Iry!z);^S{gOYe+)L^K(>xFmJ}jg8qQY_?mb4KV(01CKCl_OACUtNEz*Dgnw`OBJ}9&QEwNH{l3LGvyn;< zRw=An5>()s#VQ~9`$=BC7Mvi+x4>ecd!Em`a?hzCbzvLdt&E4tnIEXD2(@eDHqr7@ z8ZL7bTtibX!81QpRb1Krexk0EQOKI9s!F^Kf-HmzW%}Gk^-rzVSL~LQ3B-k`OFt(t zDoRI@yOm&VaoE#l=HGp5#z%>MYel(B2M+50nR+tKYtdD^TU%T9hyWvj@TXl4waNGd zmHa;v#3jxhcp@S0JEFh1FDzNrudiy*((XDJD;9r6T1KI%HQK~n*lk3Xh7lFsv0!+n zJY6pRTjq8&q^|`{{?1NED15QmeljLjLYFn9Yl7x~+VmF>nXz%QvvaZs7THLdmV2*z ztZ_O2x=wSN_^qg5r1+;dg%f`+2r_ffE^#esh!&ud+_v@JE}A>0chm&W+k6qR30q&7 zeB?u6`sU4!unseRZnu?+q6?LyyExh2ZdN+yU-_55^P%IP*JHzVT1zxyq)d0w4CDOJ zaJtZAvjn*p>O<5*Wm6Qj%NB`JtMu2^e{5UomwaoPTAEts-T2)>-s3$j@uw-S=pq0wXv zr4ISOOE}&ofEPZnxAy_2&`}M*B)|ggv9~zJb**!4)*vYDw;8AKSjBykgy?&zGDVO@jl$Rv*$KUiumsMSiT>!+jJ;jS!E}Cr>JuXCZurj(qse4`*r8@|0we>SfFE zNpHL!-40_z4uVxH636+kC7s_HCu+G z+F-}KXgccA@hQvav2s(t^lxpmu^vlJ4fFDHi#b|b6aOYfnw)IzLQ#Iy@j)Cwb^+cV%U{#jTb&{TT->@4USuM#&8H z(O;VY;Bs6{V>&hR%CG9J-Os~3+>gj9SYi7(#mDsN4_$^1bwX$i9-5n>*kB zh6+v{UcOfZ0!#u&j=Vi`UUuu&FxYs|nrA-s#Lq`aK!68IZ^w>cu1BW8*?xr(TaW zCoWD*C{ZySprZ|JZ;yb6ay+oDmA=Nr+=4?~Rdu#0{xh1`XheDvWH7%ac!q_M76}7& zixI>0^fz4T(8G0@eD*xL?h^A?%^OdVFn3PS7z(7ps>+Ikt4kMtPu!-biOI`SnqL$c zeHB^ri;~iP|K8A!mhu=OWs^UKCypK4(gtn^VqK)Pv@$X2`MEhD?q+K0mz8zlndrq* z14YG@*jR1XeJYA&G(y%Sz>9-8?e;7*TC>tH8x2Z!He-V4>SFkr16MUQr3?)-GtRcR zwkqkklO&N)1$P-A44@adap{uh7sC@|`)H%M9nvz3iVhHN&Kak4catIs%=?tYWhSIv zH-A;zN-)0T-mRo{?V4wee%asE4swbx>JHc)c+Z~wxWMtE*%<9W6h`(oHg$ExIOK?k zcRI!0pFe-bZ5~E?!Zj5Y#IY&a9ys;Lba5M9Ab!l5z!=UM>n2L<+kd8~p+4EYK zWNXRi0X~k?VKW-1cpha?MN&Jukg<}-adS-5UiQO3hvm@G*?HfME7$$p{AnV6ych0@ zCda;+xFT|%_?G#q!V6UD5%-dVn=jadRJsxj{9&Ab&?uleRP_8Rhc*PEm!CILtgT{W z`{(^_;XE6|bze5m^ujvax1RKkLj zveGr!lJ2)A)?Qs1YgWP%)u^H2n^5-qe-?MWz0I++(`e8CrMj!><;u#)>}+>sR;)tkbKu>4xoyE0aiD?uQjXu(_yr7S*ni=k|waddf< zmK`l{N>?+oPNM2!(BTuRv+~NAO)G;%-@LJ^|F$?gwP&xiq9RwcSkz7b(h-C=BytzzCt&;THdZz;h|KvB z)^d)eb-cRzJ|+A2&cc|Qa%vn*3v6q?y;ZQnZ}6{au2rJyfM9iaWqI~`QB2X#t2ycE zyP7IY4ipwrv$GGm?3^Bm>%la}n!lyR?bC}!$ofAt z^Y1g#jp>>LOQ?!0o9mydT-enA~yq&Ar+ zG}JTS3)ay~R}j|ztN}5uVQgY*3e7=SzxLgDW9{IuN`ombE4wM5jDtVH+zpfz$O~`J z$iAckzx?^jm%z}Cn_eofLO|g5O`9G+eQNSdqi=gM+dum)%i?u!5PW{@STR(AN+}_s zH)hq4>xXLrDsA*9pf4`)mqFKsTiYwv_5`*)Bc@#@k$z&Xw|3KLGx3oTG+tT9KX}j$ zE73+yCRHD!{W6{VmYeTnhy*u(865?*g^8KDQi9F(i4(8QdIFJ*PHfjqJl^`(CZ`zv z$1=F=xvGJxAQq+1pOcB2!9_gQcKEjp%GmhSrAr6U(LJrTGy(4xj_2>6t7K8+M$#UMAGfZy0ZW*7Hm7>6Q7>KyX7V;0Jl(SeHA+uEbc8AGXUboJ1pl{#60j z$v(TbV>FTRsi~9)WXSC9BUEYm`(D@bfT2N!3m5q5=yD+JM!f@@s7c*9$&U>ogtKQQ zesZd6E$z@QQ8ZItRWJqLA{*%9_eaUFi&dv@pp{#L;T={J32Yva?9P4j_vhplR6joZ zi9pDH=^!WXt7r38iR0Y@d@Hwasla6=w8zSTSJP$2!6fT0;-)P~(I5EnM18)$KL?=h zGiTl&43)HZUVEpRlXX^3>QqfR2)+}x!{4GjJ@?hdm@^&V+e0YUI|4G`gO|Jg$^y21 zeRR6fi{-3(t8&ysW4#BYg!&I^de2@rNHh%()5`jh!(w1`Yz@&>v73$#LuiEeu`@7$ z_HJ(0iv|*u+Gq$vfeFw$Ev;$TLgoAOi8+C-Bc?IQeLktM|F2t<8wMLS=A$K3|Q@(v-9_0eK<_KP!*4jaxXRQ!hk=+Z^Gs><8gZyGEGpJxrB z;)UfPbF;mghDI%P3e!LO*RJ8v*2>PwP9hM<))*O|h~T`V@p}4un&$hNnPI~9j*b@? zK{qv?GgyI9r}W*Uvu8P@-N|Bw?uuA;4BGTEX{IS(5ZOYz&cdRM?cmAmmn&1|5(9GA z)6=UbCuKe;NnL}zTgWu7p@%>K!^XIZMgN*Hc>pK3l@V{=Ga6GJXY)(v@oCNC0=Bg@ zr7(wwABwi=9j?V{E5R)kF%NK7m@To{5MsZEU;` z3r|CAX(@euOd4a52hzX4&px=8j-~UxtEdavT9zDaY_P}_x&0)%Q3-l~dP>CtCO;-7 zZu|MctkcucuzURTFm=}k?sA|5K7K@k!sAzSabm%sGH7dQ%?)<^v*UC+%88~}g4R(P zxrvb462kz|OIW*MTaaHFU|X&(E)eSoIp}_w^sH|}I49~mRC(2RehJiQ>AYJ5HgHGs zREY)b_o~{QFXr|7l}ry~h$JQ_6|!SQ%@c+K+)HZFC&`)8N}dV0*t909p|jZ%0pNxPethX&9~fkm$lw$|LE65Q$9&ZP!V6nzb!ye}nhk_vmn*CHh;^&6ziYR@6t=r5 zcd|NCu&$&`=9c{E4KFYn%*;;W9bq6dGdJ9}_mG-y*Ja}?Pz)ujJ?>VPIMLSjNLb{O z9`)cO4EP7?QWQ>ZiR4$9hxu~!<0<{ezNTepGha#Mut{{sFLGL7YB^-ItVWRGE}xeqeOuLql@A=+&b; zsZ%b0G*J|KksFz7Qu7nR^8Hm;A~>7+lV29ZTp6sNnwvvV=wI@j!K-`n7gACN+~-uR z%tf~ntS9>bLv|TBR3RRb0#6-j81+9B?Se<<;@+=heSwXg2ul#B--z|%LwU9 zZmw}a0E@i5t!bUi;PB&9kqIOO$C(ji^3fj^<2)>k|1T-I9aEvU5#KOEq|{_zc6wB{HF8geR)!XNY;yxY<=0i`}&q{w(~-ZTmC%n3_URC|_2uc3qU4srVAkjaNQx!SG35K0hl&E_u@rU2doyzV#j1YqE>?I=G^YaaHJ!)>K!+_&07|JdpWr zg@>V_QE4%1j5EC}UT)>~SuI)#KHW@#U#p(j1d`UlN9diXUfPY5l1nf-^86CUAa^5wN_E zT+%2(@Nh8_LjW5;?)@?dSNr!Z-+FPzQdU+rdwX0BSDS@^J25u#-*@?cnJt5>jrnwV z2@L-f7T9&0mTl<5Re_mXC!at-2Z2MkFj`sU6@`tHd}2cYy+o}sAN8D8H%w&6W&7LP z89(Nz>{RMA#jL+R*ZyuQ6|ZKQLhWy-r?}gakdttJEJdw(evOyyIDd;_p`NAn@EWFb z7eXo-{`n#Wx!wMKk6iY{Wv~!YpzLU^gWOt9tNHs*=*fUgoK35g*EY!1{?D1b&DC!= zu7VSR@ghd&nVCFLV`NK1+p(~Mk?lO$KsF7xrmn682S-|BVlPA`fSBeh4oka?yJF;p z9!mhjEgv6Q7nh@z*Sp2~vz;0ePIys$vGa(KZW}7nf<| zX3Hmcw6%?N6|GGD97dmsdt6}G`=JY14&x0!lCxL)ke=nh36z(YfBLkPmjig-yQ(TA zw^^+4E?)S0EAy?x?u6yA9MF`~frf>DWn6m=@hR)t_lmUq*me12;7e@yH*H#;8iKc= z9MHy{Q1+t)S|>>$;QEL8DQYGS`mJ02VUP633L6ZPbfv8jZHz|+T{Li2F;@eSxI;%( z6;nW3{KW9Tz&i@TolBIE7Q{k4JmXXS$Y&ZHcCIS!&c~e|%`#A#+R~GfCXK7U)6y;* zUv%m(@y57f>2xz+^oh2CJ+A)p%X=c@R4sHLtE_}PSS=eSBN17+mIM<%&~P!-gYK?m z8}7(JyAZBJ2AIGJBL(g?BqSurmfM?yoIiQ_fmNIxh%{O0A4hj1t2<{krg-gF9N z&Y`g}_rZEboOl-cCV}0SEO0nsYN;hDNt8=mH+-Twz2-{#_6f#!Z{9G1$@c!eulfe5 zQAb?Gs%vU+-O2;gEZZ0YDCmBGgzgF3oKMc{I$pTT`F-<-G1AB_JI`(Qm+3X$Jx?62 z!hpUPW)M79aR*HQW&AMai{JB<_S=O*x4w?KGhwR)rlZZx%|Nk2W<|J;A6Gp?Cw>%* z;x$H~t@XQi?nG?F8?4S6EMFW$Q394A#T~si!$HsknFz%)c(qm+FXmny?Z7u@0#M0T zPXrDzv#^x4H~Mfl0oxQUba%Ly?=2eeu);po2J_8I$k|?i(A|*uMeN!aK}+83OqJBs ziyJq+C%PCyDQ@o>%`=;vLxf(_Z&xDeCpzBnp4ZLFcu28q-U+yx^rYK7xjiW{0Q zOjrtlBVH#7rG=K376#{->Ur!n2USNLjTVTm;-6x!&qxL-2Vz{GK!temVq|D26bg4r z??WpDeHRZMKmgDPU>r%lE|S++-U5?0bErK2fkvY(Af6olGEoSOM))N(WbryBmk)y5 z0(GEdO(7aS!()h##U%)sJtX!-MMX8ldKsLCEfxGthq12)oMB<7R8!WQ7`b5PgoM7W z8!O*k3ys!V2Bl{G`T@AQS((EU{h`-&pUW(+8GV6am(`do{?rroE_rYSFb+L z6yLZpS*tPAW#au^bT{$7BDSQwpIZOBBcLA70|&4Vp(}Yj1Ay{RpFcNzgMwpzZcb0> zZru+3BSP#%dk`++xb^{K8Q(Od;j@oD`pI^dDRxS_&h<+gN~V}$pDv=})~T-I#`G9A zSh)}u3{R0-Ogfr{f5l#v(8@t|M<&tO#Kcxa1JAX~ye)J%8#ee5uU{S6spaJ)ld~VC zW}DjD_Rp@9JsNWTpa3l(h@01p?og1$Z@ zWRN03+M=tl0Mlu(kNf27U=fC@?)dTJU_zIdmTpA|or)C{lIntrC2wwQzydW9TOeLI6(tZ)oXNwtg`SSuAvBLM`pJ4Jynk0D z9vgH!Rb*sL&=$(OI=TSZb)}jRtyr!2LEY3gGE0U%ckt{Gk0rcflarhI&&tUSK~shk z3L>2>5C*WlL;eNXGs51<2&g!rU2SS<`D$;C{SR#qbpoC1|-py-Cad`Hjt|cd9(?L$}iN5i!TYA?g zq=h%XC1oeUWLp)OgGTJd=p@0+{RosxgJ&`Ud*s?IF`U7MCYgZ=dcz%v8c-I5Dy6^- z`r*R|4vkD$z!0CgBSx~Sq5|9d_Kh29Fp>6`X=-g%#eA9Tp3u1qSau{Kdw{^h z%ZnJ)p8kN;RJM+y)Kt}zCy%MA-BP_38hR3PcWG(Nv94p3mtl++=X42BJiyYlH0Qv) zM<9fAHqr6P>>=`Kj7=UM(f8ya9Mg3-g5$9=`->gZfdgv^8ZR%$K*W}!3u*Y=ryugX z^CN~mCG|~B=4NL2(M)+GA(q)mMdkKmn9^V7+TzS8*bB~42YAyov(}4UbAq%23mVhh zL8q!E_C5alOzA141SN{v=GuzOxsPN$(k1hJFs5*?23LQO*)V>D7z|5H7pdidE*ReNv7wsxzo zry8$#=4$uS2jVlEg8AQHp=o1yW{0Cxi~XS^=CuP3PQxIQ|T ze5PU74zf~%Rt&4}Reyi@P^tFz*ZcR+ZQaT?eGW?i@VDaCs&Z`S8vmKk4FO^}rvGfzwb^qiyyqW(LAKo*=d(6)M z1lDW#w(s4$_uv78(nV~W_)T*e2ZE}{wpZQ0v0=Vi++E&gRkSg)Pq-vS`ND;W)Qj~X z={|qHbS@&}0`-rgl~byx?~Y`>K~FuBFU(ogs4Bb-gnQVG8U>TV0|Y4JNw%`){Dq=%b`k zq$TKqp9vgHlpr12bMvH4B+#Z>VzRJY_J&opAlg;DyeW`AO1H2YJV7Pd4Sa_VG4o~J zlZxL>b1^FF8yr>^2&HdLO%>)i_cC=TX{d>HDGwg@v29Z1u+DEmQZ>{Hn>W)g%o|%V ze%MC9e(_JN)zIFY!a_E-q0e`yh4UP^CBOM#meg*Snw7PAl*h2_xcRqKOag$l>Rxxm zh#=)iyZh>kwwJn(+IokKm=;~=xKEzv<$3&t?%>ai#{qt0x;!jhw^P=pxe+TPPpQNP zU{ufs!xq!gD}RRS4i=h`zWy`20j0BNn*n%D7{xpszFtw6xlGix*nSBFDDD1IJF>rP zw|J43HiGdZ3Xz6zyn$(H9MdCO=m^(FoVtJHB0Nf{f1@9JdwF3Z+R21c9Gd~+E6~4$ zMt;X|sY9<;x-i`G>m=tyYZW+rVI$4XJ_+?fNC->EnbQrSA<|v>?c@cNyHvq2Snj%O z#I55}{z0vws!Byp&H(r!?l2V{;V-1(4*3Z`BimWu)z|YtfA;K|4T@k0^wB(^qNLsk z@iOau6&*i+@-==)Dh?qPrcVB2$Lp4~+o3_bZTl)LG~44b8^>`C&=Lj+sD(*M*&f8* z_{t^Fl9ie|ReI+=h=x}j4q!;ntY{8t%3H%VahZCJZ5BW-i!m?^6?+W0|1@4nZuE#e zeEHKYD;gKx=BnlayQBVoiqA41Y$Q{8s(lT57d=zcxn)CfPH9XV3=zGBHx!`L|H7Flz7c~*LQ)}u$f93wPQ{u&pQM{m#wTJ1D*|4Vk` z;|)|>s;a{k`_QvzWx+9C9DDitwML?>LSj}O;d*1^c{#afTj{>qy$=oByWAuFGjRO- zCa@q0OJdwNPlZTw69R>EJVdHy!j`^BaL>o6eHN@3Dt0V%D;^-;Xcsmk!3Hl&8>TpF zzvYu>F&l+RTw@XL39HYq`NItrRI!{+C(3|n?SNB;ViPkos~sKprQ$8X|3O*-HXgJ+ zxY^j+;brjlE=`gP*|d2xuwT!iBBkLoIU*>CHi7Bz2lt;Bq0qraSk&grJ9tgt3PGv1 zh5(U$*7N7M69^hrkOK-W5OwMib(g>D^FN|YPlkNYV+X176ymp>&%65m?g2UMz<&Pa z;Squhb4L&JpZ(AxBUpIPxx3iT#^!NuE)u~Od*0qgdrw_u_c_(3;l3nh#=}fZOc?C# zB!7TOAn^vjDdC%uQ~xdMxla?mGo~i=lH_2#pi*3#Zc^4zMzMvH!QR0ECV?{tDgIK5 zKGx?I-tV`b8oe7xr1YL?KsT?6+wS}(R$ak$e~B z&$hOMZTZ&6jy=aPAU^&8*HaCxXj*c;)Q1B5xt_L_57?+vf5as_EbMVnkrRHK*SnyS zl7)BgCNp_V49o+OoY4+}Id?1*g`hL+(p=I~v|}JbUX^&qE-@bW)KA;kwh% zI60J<)}~R{^H#!jM_-`C8MrdtRz7d?_bB+8!np&eB~0vmwlT|`puFX~NxxBEo|fz1 zaxQ7Zk|DVItb}yeuS+6dkUIEyJ6O~GU>k~aJ{9)@Dn$L}Pie$?6!!cIWeFGy~tvo%`Q^q~YV@(x!cyz#AM4Z9~IdnZzBjUt6CHx+WX+8n2CehO!wwZhN7_BpfMA=!4-{dnJSV4FGl#_%n)&yP-R6;}R1S-zFh+lg}h*NFY7M zRRPaMo0r~Yt^;hTpWaCJ_DFA+lk0i)%79Reu{E|Y2irzPg$odS23);1*;kM=uktZ|~eRU5U{zrCaPJ_A8k}*3jcDH@KPmwCnYvJ++@m z2r_|GV}p7-I^Wl2&>g*(@aW(hR*tqHOvU>8e808wX=`60BTDJcsIudi`}b=_MTxdP z^-pT(8|!kQJF3x*$5UfK(CX6Hx>o1$VrgY7qhrS=yG|RJU3B$r{9pVvvjc3=t;cwq z?`&t&_ck{>$w=0H_GA7gUS?*xkMV2nSSu;rP8+e7lbi6}1ZI~|*debg0F`w6SsODO zP7k_27clS=66m3$U4Z<(ADq=9+hlF2lBlm=1=f)WUOrk=m!Xm0hRk&JD?b{dqpo!4 zM1;54J7hICmoI(R4+;um@VO+CGQ70pTV4G{JCAFR@Xqrp<8=e%WS-Wpox(f~8kuLo zzgX93)zI3ii;gi42x{D4ugzXwCy8GVz$$=7+t;r^p^6eSw(QVNMW1AOu6H{gD0_;O zbx${sB%>V-FD356e7wAwWyHgkj*k0$_N@pptwfj!Gjxj(DPy9qzk`NG&TRWWmpJsk zpm!wxE{)7?EJ|Df%`IUvl^NXT#7$;d*1gla0Cx)9a88ipx=~tF<6kdTGKUZzdK9GS zcc8QEHPg*^FCxN6ruW_LUD5Ny4V#~K6u<2LSu$`(MU)x~-`3jtn4L%SZuKqH+&X?T z93mpl?az(9<`8-j>oF-s=q7jwDSl&O2du%xUc97 zByDxO_T61-Z7x0TZijX^KKAiQqGfvzeA|%9`@P!Ik!0#&5Od8_Y0r%#<_<#J#2QFE7q-DnvV~pFOvN&a%1%gcyZ0? zgzoFL$A z8kQ%*EzLlN@w!}M%+K+78q3+~e7iB7eTT|B7Ua#@ckyjG8ya(Jz*s|P-`i@AM|n~H z3@6W@?@u_PAMJKRmb#-|`|V;?`6<8IF$twum#2AAHT@i|3Oa@4z6;g%yWYRC^|76w zjDjf6;N|p>I@{$7ua874YY6$=yRV~_GpuvwjIj9SIeQ@?t-#xCQW+qNIP{ib!GI5z zRR^$!rDaBfl%M~~`<+ z5mY_xb&`{l@0FwH%KMvA#?GnLPffmuu&%MavQJeY8rc={+c!FSeMao7yj*39;06J@ zi5~?TkidK|bPkhE5rn)Fd)9P){5La0b!zjmPKC9Lu9T45J%s@Zb>$FdWpJ+}hG-+9 z7!>yQc4F2P96((#vUC8gKM5f>yvQNcQ5YWK z2nrfmtdNaolGq$V)JJTrtsOx%L%xOY_d~Bt>-Md(HP za9A(H7KNN7jpZnwOxer^zUnlBC_uPLfKSDGkxu~Ap>a>cl|ZdYgRAx_KVtt=5?Kfl?(0-g+& z7=b{P$gQNEKar=e;A&`ir@Dr+!4*~E=%_Z17qh&`$l%Ozh?v^sd!qN;L}No(_%z{| zgJ9l+2iwB-&|NUP{FG@w@9wOvXOqA(u7Z90KiOqJ#$I}U1)qI_E0L8vVW&_s34xdQ z@z0;Tw6rdRt_R+=pA^lz-|N3*3m`PUGNR?*xNnj`&TRSF$3o z@v5rS-vHYcU{|8%UG~yNe}o_a9e)>{P)tQ4f@yDFG2zv;ckTt~mFb9Rp8b*|God(2 z(3_HSdh}x*xHp$SzOZ9vZbqr;I`#0RtgPHgGoFl;CgfO!&)-n3y z>WF5;BQ-{`0t653H8a%K?!C3+i$qBt`=_Sqb0&{YH!2W_t4Ka4`>C2emt|lM=%Wq@jPSJxmtM<99 zzvJtROU8{C)=E_~gQV(~77VPRcjDC{N*($n(20CkTYDLC zMaV4+4GBT|)?$BzuAYWl(5Jf*42+C63)2@-f$qLqaoyC<(=#AeM+rlP>r(M#_}I4Z zsFeIA&%$L6_9sJGCO-}`atAVk_@1HyIsGqHA%XBq^JoA5Ret{6%8@dYi^6#%g#X3- zN*HbXppTQ`>Ke=i05oGg4gNUvD5$3h*TLx9yH```BhQKaEz;x+?Ch^CG=c64%FEmK zBI2;`y?ZLg#(Yu!)=C{~2tvvXeW6rT;k$MQ=h&xye{TF*UtgG?pVQGaS7&n4TZN)5 zRaJm#s!Dg8>30HQVuBg!BTNybta_9g>>c8YSvlqywa6bH;LcFeT54+P#2@wdj~O05 zKp?cYZ%NzkdHvC&5mF)$}5$o7bB>r*Z8V(dTLlYc2nU6ObA)-z{z z-jl;-%E%bFcaLAW|KgD_<#-h;t|PJ;2lfXeV(yBW^;t@3koOoF7hcjZ!&m$LdlrFk z>XcfDv3x&DKWNj=lN8hl$F!1KhGU8zo9E^$x zcOMd>(fjtTTiqR5Y1?(kXCOf!3TKZ}{=>xVfvG^ex7UOA+W`SGS@<+@lIWvWRGdUL z_Gn*0_v5W4R7bVuza+=(LZ{%L;7os>o6v3p;0#9zt_p2lEb4`YI$I{@hc7hmaDGo3 z`Ty+rRb$^uAA@Od}(Elw(K4Y`v;S_y`QFJ|3L$H8sY1=GW}(Xc`-(nVG#w z2>kr%o}QuLm}2p&3lgsXS6SgE{At#OzRGJN1?lyn-LL9&caC~Vqi!23Vjyl2mnNnPw5s6r14 z`}%lpDKUh8*+un~(a|yahM~Dt832*>{3GDrBI09d>2+CIz+0bPd3o*lF4lqq{H;OQ znQ%Qe7BDJdAUhEkb^Eq4gqlp=Av6_FoHt6pe^TPqEWoW@Q!{E{5O*%3$W7b&=YpZb ztY+I1H=%oe3PiQ|^mKF&{2m{=>G7tB*V!5J{zLWQG-#&oXAU$Yu5sWjH}&(fEo#Sy!a- zOY%633x9Lbcx{*7-6kU2E_W7XtO%DN23KBAuB2t=Jba|YRSxbM2**c{mYhqw zRsSJWD&p1}LO6FTMk2P>WbJvgsYu+gU}^ZIg|`34_rvlhPliWE?rZ^r^tkrtyX@zV zzk1zy>7qUWkHkGaBzPxM1DRh_zC|b}VjsTRL#W^PZsWJKwDStkT~mEB;_1MrC;cSL zuzaAVh<}Hh=+;PVzaXo#N?7fj- z?GVS~mOuU6*dZob%Fw_!FKa;VC#kd0_U zgB~+G-cv7V<=bwtjzAofoG87UqAUwv!jr@sx6`8!V9>&IxIhbBi0_RUM?<}0&B zD?il_dz~d>BgvJ(UW+o(JN|r1ZSAf>s;J6p5xi~kmc;(x} z;!KzAFcoHMSQz*BNZjwm2GiWkwze_HcayWZ`Qr7sRb(1@gRa7!^)?i`V^c+1Wkbk%_k%aL?cLAJ+}U24bY?>b3FTj)v)-hg zN`KqfSHI__!QUjZxoyv$pUHWC=I3Eo-E6a&>(f=uSH5l!lXWE1FY>9Aw5&f=F&o|l zQDqcjllEO`9h2{uIPz-yjss1R>hyCIf9$}-Pdo3@y>2?NL@-w2%fkDW;(L_~`*na< zgLr8T;VH7Nib^I=*gB)C1j;=j0VnuEX$yIm^8E#ccf|SH#F^p0{70Fyr{3L7U%l^`=nVU;W{pLXpxqj_OeA>Gvs7M*#;$LY1O``+H1x;thx%pyD-z!D>jwz z_>-&>J~CqA;NXDZO@w9Q*J@w?Nds#L$GE{x1~$Y9YNMm0QPf_Tc#hzVaKBJ z3C7SH4sn?RLW?2K$TNtPAl#4F6Gl36zSYM|d(D3_W*oSpqZ1366mooUVRsrTnPr^n zlwzq`eT~Ia(E!H!?Klr}kUd66aQ)8eQWwf7>dm`a83$Ui#<6Jltn@??h?3of!?1f^ z;%M_dw!pctuz(sHa#-AXe~gbGBR4{i3Dx1?$cQ3z?N_gsy|xMHzyd*+3knLfZV^f$ zEwrf%?of9~ULd1HyalwV%jYJXE?&Ci3@sk+H!LBQ3MC0A?np^X3yXrga?{7h!QS2r z-Ob$GcmrH48dlKct)=vbuXKX8w4YQ?d9j;R-)JAyFX&C+eNyt^pkhaZ7XvYsYxefj zFyrl5H!(hbD=?5X)bAy@%;Jxu1@v0+1N_bHs*DbPMlRu->CH|%cb=KvNeM45SsVp# zX?56Mmo1eVw_2fqLD;Yzlz#BcASAHFWkPwK^XP9%*R~^fA~TBS3WrcABLx}E=mxBm?{W`a&u`cO?h@hMTJWn25flsq{uPQ=frI4 zQ9Hzsm_d(YZqZN+q8qB$!5`4LBDj-$9aLrCTGFEc7=b_yb1NZ!fHweSyM~vtO<|oR z4)KSIk!RG@yadFZr*8#1L1}`MdavN+J(mKJTo&&D6M0I5*)A4EXjsu7@3ZyDzl)ul zi;L?%D8eSy#cqx}I<5!Ov3l7$&i@wy+HHjnq7NO4oQw=Uvk6qK4|AyE^NYZt`j`mBtg5dks>R{}gBL-ryo zS9#mZTeoZ~{0z<(TzF`EYAt^Wsa5!@?)s2t?s$g!l?wKu=x{wDVPT@m<{HheU54i7 zRl3{@EJPv?CYllJVuJgtxg|& zcjwc^Bj+tF(!#^fxd6f9P1?!)`juy4WLgajdrJFHbRA{xC1w289wS`eD|(ecKr+P* zPfuhXYI0D$5b#h~gv&q~QAB8_K{kUKeDDl9yRwvtd3jM&kmmkH3R7xiTCOgs9K^l9Pr>Go!j1UY zd3&P{1=<)UYsevxFV@%JpRQXZ&cgB)n+&vWSe6u zWbli6^yr|;PMvKFo7Z#GV-gG~B(Qru{r%pqV_Qi_8CY1TXlU9S8a$MECvAKpHYsgf z`sT%M-lia~6LNYOX~~e|VeGAX5Z2i(hr%8wCcb68z2r~)&$zE5YWpRu?D$Th&I?f& ztsFr#u1(99_3E7Q>;A|R?-hB;vF_PS;1Lj57N}Fp=-fp1El9a>B79ns`)U>FKM>e@ zcz8g>4MZM3#`hA_mEDZGsrIb(045CoLk4&2qC^;k_lP+kLFa^%bL-E-qfnnGCoJxM zfU_8#{pwh;MJVtFTW2N`$@(8m85DRcAg#>?{$-T;ShkR7$_OFu?UzG!v-xQim1APA zpA#7a#!&`a}DeaUgSdUauO zk&cdTad8o}uM(G@12D0_Ed#;cS90Uk56v5}G5nKNr3 z5h7{|G3?9(vUOEcSWd6^BqgO4AOY-+YHCOnKL~*-^x20atDy%_iV_&b%|}yHljsx| zcR}uC2vUC0Nfx#k!Es&gM{@wEvclu!Mu1}AM8f34s2bcq^xZWx^*oS(1d|BLxQ#z| zQd7&4_aS{6s}72WH!JmwR!Mnzi#W;g3gg|-QdN~sY1(Kxc=)oTaK20RFPR?Fo-oFN z=otoyT)#RrE0mQb><5G3#)L=?SWb5bvaD)m5BC^r}KP6U#PfMVdd1wYEqu zlCPtL;T0Vsim_brDnPng>|jAGtnRK_n*O*zS7Qj!-AA2csjvSAJ!tT)5Oq0o1|ugW zrCOl5R(VtRttsN8_q`FBY6$4$J#yqzk$VxQyzzVJ>ErNoVXLzEfaL&HGdN{do%y$& z<^OT{6gQH&J00prUC^#KXpf*Uq$fW(AY3EUmXUOk=xjh~&E0J#dP+_(_p z$|CMVc<~Kw#~X@U4@E98?rJXV-@9G>rV+x)_TpC$ZpB_{PCkG z6O$22R8;@@NH#%8!jN6~YT=oK=F*@~1S&sBbqf}8Q$G~Xiy=y77xQ(ND@E(SvYCvNa7ILwX2ts$WX-E z1=}+CJGn`u!W#Ei#Di3ob195VBav1&8Wcbr*oPy<~DOTO5G5C z4xX`h7O7b69G=^JnVt(m>Ym-|P2(2_8f(otSW)ri*$?eBy%Qcz)oO4?ZQH;K;rdoO z0c$tb08lB-gJXjy5@cJ)gCh_%W6{o=P5QHgws8BMQeQv6?5r$0UL!J^%6#5ifyigt zI@9V29&7wTUSVcK#`uG%-KWhYDOT&^hi+v3)?1le&N!bf807!8KDxj&cJ3J)t7F#% zSv3dhAp`!R%b!K0er-4>O;#ydD~x{xep;KAgp0T!F+Orc5iuPW7Ft;*{+XHM=;IJ| z=KR5^tgu*c3PNW`lzp9n_dy5tkl}qt9lQJbLZhQC^z@FEN!g1`Lbr>C&LEYt*WmCl z0HpEowV?3^-}r|Qp-rU0GSB~4;Pl;yt@&Tdbhj~Ln?>miIzX%Z8BNW0)MU`eLW?-_ zey=!Uo^V;2qbV*tyV)uE9|_p#8vM9-oL7d5f&yT0>+kL*%}U~0TE<<5qLE2cw2NC~ zQ+1N>sqdXRG(@-#6BPRTUju0QeUrAL_yfEzgjIR@TSgJ|{T~B6PgcpxUrp1E zTl~J))X?eTMf}wlBYJ)p%g9P^ASeOLk0eY{KqPUaT}*ybqPV!20T(Z<_j)O^)l&G_ z9DsTMjjDW{-difG}NFB8j6pg%J;GNPcO!sQR@+NPmt=+F{FjPbhRM+OTBN?|+) ze`Qy5UxBhQJR+hC>{6U?uV(zdlwy06mXgBU-U0e_%!1Ys;4nc1rJf!`3oDW@F{T5S z8pKe%WP>kVgtQqh8eO^a17|Jtn=lVm%|~)|uGg{Y<@O=R&ySWiQ9{Sh4@TiI`rcZ5 z0T0B3f+Ce>iwwRMG|4gyln#;*U=hQ2k0eeT+@0`UyDQ}csUHGI6-0=!vA|KYYKhw} ze)$e#I(WzN7UFxO;?k-}iE(-L>V0APRbIIP{u#QXss-|gGekztHj)sVcLi`_puoqn zmY07I4Gb<>m1@)>l~5F*+{N)^rKhKN@!~~yC+hU{RL!1|YW~G)xtWhI*{QhF(w{Cn z3m^u3dWag>-=fDUkHUeSi=d2()q(MqihNEuCezc=u&)-L*!uU`ZBN`DQGA+7@Mm%~3xMVXM#^YLtC&}0M{VSW^ zhstqo0O1e~ZdivJ^pN64NAE#uHl$GKeBu{e)F)|$ou>!!ZNg?LA}ov~Qj2!Bzur1^ zMPydT#KvCM)3aWhvstp(i|-ybtdPp=%uH(=8?>bge1+rJ5sIPwGcYh9?(?y+xKb?( zH%sZT5%h3xs*95t=pfuz-#NdV?H`%WLPfQ=tXS!}o<1LY7Na;Z{vVGKe$+8Ey1TmK zWD=dOU0YfBmceIQ%cQDJ>?831J^bu($XdEIAJYyK|x}m!IOJCnU>d^TK z!>OtW;n%Nw3Fyh4LOdoBwv)Hm^szKqq2c3;n77NLpXSvse3X~~9P5SEc0hSP1?(Nz zzAt~@-k+XzTz8j-2K8=wGmo_I>KmZOD<;wsd-t^CpvtYlI&V>jSbcv-(RK?I5!8o8 z>5rZyMXkTJs+Mbr+jxtIi_exuK(h%!cD)2YQety}c!}`&GRRnTalH(as4_oKgUu8P zfk*fAIs#bPZwNEt*euZu(9OGQi7FnVnbr(lFvtUL->$5#&UcyTjoT|+=&_YY)D@J# zWgO*VTuJ?bk&*4FO(x2}Ph9djR=Dr0v-2r`f3d3}dk*ivIeYjk;X1sF@b$|ce`Ual z2x#^6#<;`M&t!W}pC%QwD$H|i=y~EyOL>-jXE5cSkvURhSm@2ogmg4D0U&}f=<1bc zGJ)aC{nVE!Ed*>QzT8Mv<Tazw)W=A@XX~+Jy(lbgM8#Bi!adUCW)agSYLE|q2 z=sLix+|GnCcjL8+r|1X2f4^*DaTK>q)Ugt}v>C|(t~zTrdQ5K(&NI9b`?~)tO0=ZR z2t^Zz(+#pjqT#Xsrd3^I2~F5&n|?6ZdDmWK^R%Yjwzsagwrw04HqgzVTWCqQAY6}% zstslisb_@3chlx?yLMH*Es5sVc9uT4nwuHZBvoAtyaP0yu>Hf1fFMHnI*Qp1vLufk zJ7a5mLZK?fwbIZ~OjM-f`~}g_u>J;~g?Y|9zVf3ZOd1CClwlB~l?yL!L3~+KAT9G& z0{M>k;lYDVL;f&L4z9Cz5L|?n0BU9e!O(E8YLlE9TxDOeQ~CR+L%KONpe$SDP9Thr z-}C=!`rmS32?R99n_C1PJr3BPot2r1y3C`>L{gH3C4`h7M^{}jrx3%+c(U6(OXynD zxW5=oZq|y5iX$T<;au7x`Xye>3gM5QJV9nL#t_lO{NcS*y6ptjrVYfNVRiLGleW92u9ouRr}ukU}8MpCn?EVOY3mQhN!IC+K1+s zjiK!C}`fau7h+#kv>mHJ>x&KQFr``2j$+4-UDrwAn8k&`fH-bcs?Sr>c5ihPRh&A^i|SEuVH5&N|d#$v!VVI4tgmg&B*#H zLge;Djc?uR`l-HtvS_77H@A_CvFDVX9i8WOWS4&(Q0LIG$i4F9$?F9(iy0bg7m=V4 z)&1)5s%US8{*+9Tt1??!6oo40x&kd@lJ>5$Nu8^wX|7=pyt zs{h^14zeQgmYP6#!Q|u@3)l>H?$|MJWqEy?1U=T^s8h2Qs7aigw|TgTwOsC)<`s@S zeW5BPFx0P_J4#?8A|&K3)@+H6K}eN_0M@dQL+v(KwgY@1Y?GO<{7_#jKv!9pp?W5` zEwkqhgscGpw1n%>J-&bcRUu-}hOKJ=>wEwHEsdW5#GaqD$|^$ymYAn#qaw=N^4o)& zzV`J^BL92rljg0b&Mz`mcRpNtC4UXsM^Rho- zyLW^b_PFK3$BWU2+AL;bMC)Q=PO(vZXYM1WCh<35)`Lh$0%3lh5)&2kR*`MA>yDrB zHa5B`$e-gnr!u?z)8|xFw71v#wFDL=wbGOag@yCWKSP-nI7kSvPK1W7v=zgoiVA^KQtM77=+)xc>aP``(}GT1&Xv?lf0F8^!^H z(V$+8(8PX;qJ1%v>j9&nKvEd1vbbzwOkzW=@v2DZgwKPhE8}-TYDr3p&!g)R@!%17 zQSnJ@M~v(G-$b$C!zYlb+iubKa}g4m^c1CnXbIiT1QqpGru|ZsR8%EN&8>omBRMqN z-BT;xAKF3nFo5R3Tgt;MAtzD<189HL@%D|3G$I=pGuuuIi0NKht=Kc^fkT$54_gjf zW5a1F)3}YP8UJ@!Ap}HTSBDY#F1HoB^XciboNW6C{#UN}ACS5Ab_3#s_^e6oi%=hk zp}rD^hr0VsT&D}*+0%x9WR` z2aAdBd&~PLjvoiWVg>rt;Es*`5B%E{c&SRNi2&>0hcgV1l9IB@+^p<~evendXI%#= z9wRfqq^^5-So5?dGRf=fk-b+e;AD1bSn=e+ty{9!5{yin;Lq8x{UL#H{z7Dbzkk~c zI?z-s@XXK=8CN|h#GbdZuDA>Je&`o(Y zX+cb2W%IvuTUY6MZ0#a=!)Hj9Xxr(Nwr9DeeXFvQbEj2Ynfr1`Mc2iT|KMO>Ft{+?2qDAs~3_TlYhOF)F-FFS+(-bP)zcTyDzXpXfmEqRz{M$XT((j;ix_1I zz!V7q#|xmdf>tJ0A5BKSi^soyZQTAGHrdcrRax_kmDabv9Eh|Ar@sQn_6v){J1Hrh z7hiOI(gKL6=WzVv$CYmnC?Y|#Q|EJ&-F^^!jzQS)AvFSI=0|rWekK*^c~A{3SFkE~ zraqd>emsJ>$g@vI!b1B91ShBd1G4f7P4BgkvxdX>>IfOd4v1m)uQVy!_4Ug>c&Vt! za^y%hDw+tXc(_gA(WfC4`_b%@aI=6@f*9U5tX3oGPA_^d>H-z*!f_Rq?!HRv>0%gt z(dDv~mLC1`<#Cr=-XU)89HZOB4RYhCno7`VwLMPDOFshwxJXIc|Ce+CQjvZC#FDwm zBlNAP$X!Qg-+93jZZO%n=?v_w)sfk0X&n+P*_;O-om8lDxWZ2#q|^19G9x(|(H3Nz z32TPdqLE1Wdq(f30e9-^*Xt8@9Cv~RE?_T9Nr@*8K*USxzP$Y2kH$AWeeXc+=anC= z^K0w+A?Zkz&7k6b;o0tUY=H>c`a65z*n(gY^xti<;BsgkUm?X#by{5VUgPL_-cO@<)4jE{tk~eKV8lkOi z>U;Zk@ds&!xQ$1>$bVf6aoBa~4RGHbb4Qb8MgE#QR&*+bvfao0_38Id8Q+<@ zW4d%lf@LMXD07B*Xie5!2iNPbJv3-p7V;WjN_Hgwj13NIXlUHZL8K883s9hwbEz4U zs(N$0B&avx>ZPWpE}m$W>QgRl}JdG$dDm2lZ+7> zWXwDz$xIo({cf%2dDi=U@7o`1TU)IauKT>s^Ei*=x9__T8cHw%ee8mCFp>wt{re}{ z?$S{DWufN@Aqf6v9Ly#Y(01T*A9chf12zU&k=tk~TfHW~O2e%OEg&QBl~6=DV( zxqlsMO0pDkVHnxn2?&tF4HcbbG}Fx#kjwLJd1(eixpNa}hsj>N^k{aVOM@BT4e0{5 zzgw^vet55~EZ_&laKgj|9+ad&bdUtl*4uDEB!~hRfA|$yTxgDWcYC7o3=Bu=w&Pl*z-btZg#ecs;WYUqoX4_2w{A#4i4EE zZGRxW59r0@oQPWEUH|7T_41*%{CBCyvKy7As3>}ov1oPU6KFWcXwQtqMmQu~xG>Ke zizeTfPoLfnOktvoO_uP%p%{zlL`LqAf8(-F*8v z>euRO1+(8H_$0$=ch|(F?f+Wp850{@f*`o<+oLh{h2_H{sDXwe%vI0;#&>`(7aAH0 zN}|CTh4EF=e1(Mnfc!ZCNz%iIk@xQX)V>o!#DkbY7hZ&4F8dJ$!SA2=3eOGH0}3?*3)5^+ZB#*qE2R3yFpB7|rxu$r($)9OOXnsNYf=X{+Am*=l)~G+OT*-n% z4YFJG^;vJqqr-JjRP@*{gz;$`7{nZU)6=g^YMIsA)2IE*mXX|d+2pLYHjJ@m^9}i# zJ8Kx$AZ<)FJ657^vNtw*TBFuOP7~78G}){ zoRPLHS?@RlHEnggm5^17pPMXD!-D}PYUu}Kw+@o!QVXVT6~k1NeisaPpP>GAww~2@ z^}6nd_VzmSI-jA-xd=@>hPO&XBfHF(_2|)GN7hRvWeG@$M0;TI;2HGyn-E8JbXelU z`y8*};EMxE0c-&_H~Kg{fO3!#n92eVIwUF@h@PFpAXUDdr+~TFlYcDIpFdB)G6qg2 zND_PTf=2l*FAtANmM%VGJp3dE(F=`1KM#9q{5cWa$^Wze)Cy8^gxXtKLG(E~(SXjP z&Fz=I7ciZGSQbJHjMXMP^Fui&umI6gfMuV}Z)I#~_-@eOM=VYX!l)8?w;-1b98gAv z09;9kqk4MLsEi5?E?mHr=3u-;kIemSuAMu}y9~N{(;_d&kbA8Y!GnoZ;%-H(k&{zE zVBo@mGZa)x-pM}kKcVtKs3Zg$m|$62S%m;YArgj5#38*@P{2ix|GHnGwb1)^;HXb&L%ID+b`|$B28t7ry_k;4e8y42P z5`9~6f&I_hDrQVg|DU(j^wV?oYf@f7U!dZ}b8GmJMZlW-Ge{|C7Z>j&Ilss$7uuB%%k(7eQEir2TxC&dVHlBJVBhjveD; zV>fTz5<7g@!onh6%GCkQ@>3MJm!5$QoS~stZ#fw!C#Q^b|Fe5LFi69Y1dkg>9xY{M zMMWR_f;OJ8Ma1tlnp5ZRGv3;k%ofs0`fEo=N$1=to(B&eAf`0j<#8$Z&XrhluQ%xW z8)#~ZV)l)x2_|R0@wKxqS4zEBenE3-CW16DI8ATccL(Fuzs5(y{rzu>c6RRvmgaY$)>cYjkp=Vr5M;8hDi(vgV@A zO*-lpH}L$Y_AsL5V|K^sIy>tG+hhohu3ft(WDgi-73VDv4-fVi%%~`|FIZTNeE*)7 zkdW~7=^-=>;d(ch!tPfA0opXqGr)$(w7^P~mX=m33JiRQ{TGkJbphkeW2(88#zN3= zTiV;h5FX0PrRQOt7|dE+#a&ANv5A$4B-xq!47_sYi@2I z#+-&DtvE>g9$cKb!*UQzueyLZU5$$*fxBq^9t7`Jc9v0>|Ykqi*lgg+@ z-E0XW%QC?xM2hhd-F^G_V+SjAn@fdb zb+7`qmkx}7umYz=+sqO8iDRR67e$Xh#_?Fz2{baxx0avpTa2h$!WM*R%;mfoSFV+z zj-{Cm$Bvzsl9H!qGZq^zc0XM6(edN^*l!OXn!55#kt)qM#}Rr~&id~fhw26<@Tu5q zBO(|FM++VZ8Zml3v!O8v_nkb7=^;p&`R~3(&R%Uyv?yg^D3y?zIk&NQpW@ZGck9n9F<$_JFl;Q!SL%Q<+>jAMZT0l224!U~tWupbFI~=>np&Sd3nS^L z0Rb;#VuqfpTb<%(QfbPw9obGxN$D3J!N_?;yYg$C&sm#E!S3#RilGrG;e@sYJssM6 zq{uK?MC4AK6j$D>tE@Y$U9Zh5Fxv9QsxnX){G2ki=jK&q8~AQ>r{-i;HRA<14{P~Q zj~a1sFK}aao0?i^Qne8`7o)1_9#JEOog{rZr?i{d#fw$Dsd@ySE*{}N(85{C&3N0A zDb9tOx(7)30>6rF6%NU(&EV(_EpM{OjKC zy?b}=+=;NqmQerb7E0XOFyiwIiTFN2ef|12O24Uvo_sgA=Lnc= zSi-p|>mtxm;oCc4s;M!3iAi2dYd1YFBO62H*ZW1L_r$)x>@3E9l-vHRM@DjT z|2M0tRnLh6$IzhQS5Kerad1$Hmr|Zv$geS3AIe^2Vfj2GCFO0)`|NBty>_kxI$q4m z>(|5jk!Mlg$78E8xtq{YZbo;k|5A?v$bN7jSNbdu=7K5(epHkm+%t2V@JQ+ail|{^ z)rFS zs^2ojMD6V^J&i}TE$FBj_oZJ>(!^0UhLx^@{CvA1a>B!t4zTdMbYa2JAnw4<&V9bV z>OX!I#>KgDYxrdda1fhVbR7EEO||mdAGg=lCFck=D4hKmvYj!dqTb3(TU&bC*3(l_ zUq3iE_jw#goVTcn>B;MU1MY4RV6RC^T)K6$on3Mk!=l1Vcjpq0*}v31<>=^QV{SPXcND%b2whkvf0XGUNy4bZ*brDBSVWM|+ zB4gmzq%+Tdz9N?P8yizm)*Uwyf&c-RV!{ViEgA*@zJQ5XT)ap|{3!>8L`7#77Q7dJ zuoF9FWqT0*Twf0tq1|0(j8r#Zq;%ufEr`o7SYRi@VAF=%4~~|Rkq4kQzdH{%Y=`pR z$A<{%D4@3JR#4fw2^SDdK-t*XaD{$*g-ZWO%({^I%V$Y_c>sGxMm>nD44IN!=o@9x zXNh+=o$M~EDMsypyFkYM`=60kh4Qk^qmSn&Y9(;3xOH31_c>SatJGdqR<1*9{4#s3v()q5c$rAV00Hc+S{wDt3~dUL?>_G-iVo`3Jwm2Eoq7K1gj#= zW{DX1q{H?kcn?r1@G=ymG*G664zM;v;on2bWMjSQRVWi%o@)SG| zj)zRc`y18;U3kSU7;0m@Q!SwxJQ(5g^Cy#$QRVbBGe5uHYGag?9wLLwKWc_5onvD* z_YXKB((CFv`1b8a7nkmu&=u^`CZ_J*=>{dgvQkrL6BWH+e`aSR6{K{IZ};wp(R$X# zJDaRHB1G2{+}!u9ENl1fQ#LnmRZnrE3EaE}Z-MhM!%opRA9SUviy{9@}eP5%kz4+pcy4L5%XVB!wLx-+C?t-LdfZ8RDHNF)OZXtsIV~+B z-Jl6lfs&U$HMzIbRx?OlWfqCTaaQ4j3L0_;s2u1yWoQXFI9_pa2@MQ1C~>=r>j2?{ zrF8o(+I*RMIXrv!QW2Y&nZ+<-gLoKuTpST!;0uQ~Bx=c|W&>T_sQi2vWQqoD7ljFR z-S=CSeR#V-dx=|(P`Ncdd;Hk=F9}Jg!;)ZpjPt>?`O9W+12%)nL`i*o@bQ4(kIF_t zvGX23PHbglG%*AQwEM^rceLPe1Hx4xO@33QxC&xiui@1K26W9*F7(7ndOA9U6-eQC zy}V@dmn5A=&%j?AN+?IB4s$z*@$>WYvY*MVEH8tlFIWnBiFP(AX7u5qK>wS#RO4Qy z6yatJIQ$druy^fxgUm7s3D@1_Uut+Q+-|%JN@&5Z*cIpFs?WDU(af5y;{FP?cV*Z zu

    -dBAn|h=kaOF$nk-4jqEvBr#d_^Zd_dEqjPW?9kGVWZJwLX#RTQkxZP)qu~8j45)Onz$kqrlm<7&i7S$YMQm}(4kA4H}kET6OlopCPcR2j)Jz*Zu42o z^=zt2hKA?l<&oulrdjuVcb;X7IDSvjVs8$4-P4nCGsD3r{9hCnPBbSZg>5n*j=H%8 zXH6wb4?lg{xPQM!?IAzk?;F(NOsV6OLz1Oioyj zEAlaK**=!zoL<$ESjQ==L54Z}kel27w8YdGbt)<)i7@&sER-=3in==P@$7U?K#1y( zu_c>h!j2mb$|D%^(IX}TovrMY6x(03xADnOPk)%67D-Q!h3VI1&liM)*VZYYR0;^* zo_JfVC?#d0uacXS6W_10a&Y0VWTnEyMW={J745{Nc4`9nvZI3ou!<|r&N7#KiJX|wPzK!XHS#SdJPuM-m?`h=-o7^8<9UD2}(|#Y%TaI|V&8wOroUnHk=7Ft2X? zaNd%pW%B^DsRs3k%`X(~)r;51&2bbEuG_$x0fe$d)ruQMsXNQS7~Tp>|Wa zX^n6+vq0^O?)k*mS z0zagQ-cVT%E`x*z0(+1Y+i-I}gnpnir-&Y#?+EUYyx`5XL*z)!J;T$1&O6 zmzR=qUp`^~-r11UbXyV8kB1L`*?`#9lrt#@&EJrb=ztxp`noygh@qjR#I4L_^3MJP zJFZ`sX}o^#-Zc}Gyo7{@FJErTR}wq)Do%E-t+7$V(2$Zi%9CGPH>VJB%5Ln(GoicP zHdx-MfY*we>+9V@&m9)a!!bc^L=%=te(ER#<7M$K=-PlhpbdgWgMWc?;O0&D9zW#M zH-YWNpFVi_u+ZxBe!}PBL;X{yf)W!=k%7vPRr@YH+D=nl-4*TzckgOCIpwCNeoMZ1 zVeGwF=)Y%OfLchk99Vj;mqk&f&IRn4o$NbCs@C9(hl%jUz zc9eHz??{*ev`+XtK@FO5w2=01HQJWPiWM&Ge-|t3rYG96-4~`^XHpMHFgb>86EWMe z(6pG%wRi6sz4nfl7E!lca^mQ@bK=q^+Gm*pKQ%tjoTS~D{ZM8lCzr3LIw?s7v8Z>S z-Ml&77$ZSX&)Qpdy0M{h%E{@L_Ssw+PyK8&YB{CRoYTfjOM~IN_goR@;^%LF_dt}N zPhszV72Mg(&Ffc05{rv($|qd1njby@4(#Bei#KlwHGm{h-0<|tllAR;8jXqd>u)d3 zOrBJt`n|MWHRf3*|C#poIfJ~n8`kSZKb-dxkC9IhIbY-%V`iVp#n%;cp!dpbe`o%y z0L_|^EY1l(j+@#YBYQXAtUkC~G)EO~g}S<7r|hbKL>zuk5I%(Rak;YtPxTZ5TtQ5G z&o!I#zDlKuJDmGJ?>q2LxNJRfR_E>&@y(Ym-Cld5uYbOKbmZ`MqPe4Etnb1_t6%MW z2M_1Jc)s^?pxKENp2v?D7Zu%)jGXrFNI7*f;;yo3wWZLjoc6l<-wUrgI!YK-RII|L zTQ{K-a`*!S$1S=Y%n1AFE%$}_Jyge?U%$rbZ5M-656F9{V;V$?K&6KS1VkOYqyczy zZ9leX2c(`KIYRmaJ9IcrIdh#4j#^bwd@MDoy3^ZhjCTEMD>q>ASD1#Opxw2Bozsca zYnj~Ri%)CI(kv$^^OuN@N55Y&m~|@~ThKxDhA{W4Zf}o{DThc)Sw#g6ToD6|*wBy1 z*rb-(EYDi34uUw-){Dc^Mra=;KY7xRMp!|6Lpb7N0OkPyawvXxI>gVf5*Gv1+_lL! zmn-#!+nbv&Ly-*Q#}BYkZS@)UM*$8TA6hNPKrTrWia;(mrhG+e+UIVENGsFp5)^#{ z0|N=x5LX%I+p!y%LjM>T80hOu=CG+M^m?MLY$RFCL8{iy@^g#It&D3jNZ#_ez0Pa- zV(?(E`{rQLLnUkd>$6^OTbYyEU3uZ#S(zcKjV5+IJWEU4clF!}q=D_{yDlndGOzs> zODQgXnv*j!H$L6k8rsD=GhK_jCd@b@NoJk4S2%xu19Kqidnf1lmnz1FJHI$M^h0Vy_#pkNyUQs~Hh#y} zA>;_`xUuqk%a;t#H&$O06>r8Iu9@sU5*-qLH*+YDki=L3h#;0BEch{&Q0i$gJAC?ml5$CSL*2fM z{6e6YsL2ZrcMwF<4tHa|on_SP$P=1GXqIP}T)W6TzQp|%Bl)Jj!ZX2qIMTye>`=bg zEFC3r=7SwMaVId)J8cS$WXyzd0rZ^5Tn%D71GF}<0@aSNq$x~K!fqTwXGkQVjJB|) zrKY}QW7AdQo{tLa`Sa0GhdYV3o(}LbWer9-_{3h=g+esNXnew;l9lryMpPKW8(YIp z1>^Sqzt`GFFr*@A!jqM4Se$xrC_=XB&0;&kCof#R+Sy$sD!dJt+bz1Ref#c*a{dks zFeW4LnfYzl5-)wA%0&3tv-%g>(RH-}4mRgN*A?!6l32_i1D+-?WxewL&q)y>yT=SYZQ^W?<1bAe#DW4mLk(+1cNmoPMH< zX>HAbcFZ_0^@?V#u#3kuTlw3 z)uI+M>_^J1ziG94jTeCEGzi=TjB}GIMggZnc^EjwbfRYi|bN1~E{AFE@%hm${ z*C**Fhe9uDSy^4Za^+(ni({59ZR~q-*NDaM?d}ME(uNh_ffwP&cloQi0+x6rGg04) zh+4>N&FzANKHc{GSI}xe9p^j(xM(R<;uN$+Lv3?l)IQ*-8qrAB8qJo!jQ639gVguDo*u%ZWUW3u$5;q%SK;lXoVI`=zzY}k z-%sT%vvsFrW*R|xhw{wdf5Z6pDk=~wx9{A+wYwQUWv(#~F_TcBcur6+dl0@~Y^Fs(HsE*3DdB)Q(Ewy&X&3tXsA?o8K62ZgyqWkr?Q*Ue ztoN~QPGq3fT2SDMx#vJOL*RmR-Hf?@^(r%ce4;{j0Tw53!!Xa&CVnVXNL=$7< z%{Prkc7c(*yO@c=82P6kL`AIB;<)YFjF)C~w{jX?ub|4!*Oc)}dY1gF*g3e4+bGU!w=($eHG2hh^Hp#r26_|G^K{T zR2mwC9CJEJ_9gIkKiYFf@azE>)Vea#QVxX5uA-0EP+O~;XA=z}90r}yE8#^LyaU+8 zUcF7sX4{h!@OFjF2md=g14HPYJ0|mGAkMB`Tf`SIH8n-+V-+f@*RNk=Tn(E~;ol&A z27vCsQ@7eAOG?$Gca+|Qf!_aESLTZsraNANE`d~cdG3o5roF|drJcXGm94G5lafzV zn~7Q}xIOVvEZ5H_3$OGfjNY}=bk(t~6}msj-#sdEQPWrKc8x}#^pP&UsrmU*?=_j} zu}K&JAUO_bd#}$B-2Nhz= z8C8avGt5S7e`10Q4KKGrECivrT=!h;>gXth?P!Vn0xTaA{cxwpJg^-Y586{8JwRk| ztWGn8t|yihn#X7l=Lb-1U|jefE#;8(smTAou;0rNeH`V_p79Xnf9y+`kgoj+;RPc@LkNi)?(0KHUU`Qsl+T!Z zOGxO!%aC~d(F_^5s`AU&6~gLAm%;2>}J0)bJAxgu^q{FAW_gW!maxJdG?5$V=wdahQ(BlA5Th5 zq}Xm}X6A&e3Eb$=j?bAeNXy93hBbsp64l?d5F7oH_WAQAg@q3jJ-}}io3A9v#tdP7 zLYFgI#MTV~J(^HbsYK43&a-^X@6?Q=hlPJTZZXi)t1Gi*Gd&`t*z8z;BSv|dZ)-?S zWhEm<)p+k7Mn|KY&mrM(qiIh?D0W3kO3}OTnc6ZHZ`n46)eQ!+2m+_rr5NFS^(tMP z5$uJwY`Hr)I0(dm`)*8BR6vyp_88!1zh4D4J(9S4|9;h!uRN5euzBx-JBJJSmdkx_ zNXI}ri+VhOTpa&p{6b`OW1Kw#QwPO0^o4{MhBhBlq02UpFVjBjo!9Pb{l~-3C=f0O z`0SuN1u24|C+<_L9C_yd4HV5qUcWAnc7>wihM99B{|i0T&w?{YK+y$@6m`;GraMrc z#!r_upS2slvL&!)prD#F^NuzI6hT$Y6us{0yHFR~U zh~_U}Mnr2@&gZfXh#FHa*Pi+R@S2#JQ=DeXa3{t8pkc8kZm!A6EUc^@__49sO%K)~wrl>~G-Nl}T(k7wZ$txD?5=~8 z#eV@@AeM&{ERCN{i-r2@a^%6J3vuYVup5E*FNt1aHXwW+JvxVD2JjWIBNoXwmE0Vp zBBVjN@4{^ync?B;n1Ub+1r;G=vRMKp1Y)sDO8oVnpkf=4w21JdNU5!`KyV+Ry$4!ij zINHcbSWoRFLF(~gwucc$_&9_`(9D4O1aawq^X8TBP3fVaeeu1c%Rmq~;cYKn!r5#7 zbtvz1_*Eu-k;CWH#AbGHw`EWSgo3&Y^F~s$BC8TGB!VPiD0ch!t|u(E7tkhwA2)a@ zcp$sl{~VlHpK~*XM&jEqR1&bYfb~}|mn(vCz{X*cKJwfef`2sdPy^Q0*CSGR=s8XI zh6$EJ2HD4^0eR8!&!@KtJ8@#)5}RDE?HfKao;u(ioE0MJ{9V`D`bA94j>(&M?9jur zu(BczWpvj(t{YN&%Dl62Saki`vibLWbcYYTywO(A&=KHduojnp_W6~R zlpq()#AH_uEfXtHaqQE8(g2K8Z{g{J8?!47m@&z#cjOb=Iy*`GoNBVEP!#x|-28mh z&;myA-Os*Qy!PdoUu7SjuP(oZDCLr$w4%#P-S04K0yc;~DlC29{N9l28(rTi#bM&w zmIrPQ-vGi)uwjT=Zy;?zQ8+%4zUF(>SlZIATzJHsG4$!17SC4F8v2X+`lYp&Ulz#B z9xvFwNxD}N-UqIz+>x1#mc5ih&nSc-bq$9h}3}jQ@HHRg7tj(9X4p| z!2*IplXpQ?@LyzE*YPXoa?=8RC)|wx-l{47(Pr>c593t9(ut1m!|_fE4$eRd&)vIs zTQ)qnGG3V`6v%c{F5wK4io#`!9i`~$r8n|N#|UW0EQL3;aEJ+EorbOfLs}tdGTY2*2v*id^8`)DKI4fb$Pg^+X=`%Q5){x!+al5V2GHRrH3tD%NbW6_r&V z;x!p%#y&LjHJL4Ua#U~FA~-=YIwodecJ`;?3$`y(yKc-G-BVjKa8Q)bL-?aiyB52e6*F4{b$x)soNKD8D6tfiN?9G0Zt!#T8 zo>W0LfhUY-TH)QfRc}THyK0#10PmhXbMF{)&Fl()8CV2!y5j@?*xc;%ee2NtB@q-2 zc;oRNLu9dg{l;eIU5DO5ccqlr5~dC`fwV2LafFXhiEK)-rX|j3Xov_2U0eK_P*NgY z^Idd{St)!Ft~H2!Pz2|nDB#4IYs5CRGeKbQ-d^(^lD8~lmTrG5Kl-jueA1?+H&46W zV{(gE>o!K;OoPIQ1&nRx{_z&k@iL(;gHubdVvP&@CTVxHq~$_XkH-0)Y<8O5{9 zI0S+0)h0Aq(!h!YtA)-gx6JQ7AL!3%RSX-?-+CX_4|#ycsG{O z2P448N}RB^|Gl_KvbDsa)Ep;>BZe2yvY=pS&4qnsCQr$A&yy)^MMdFt;%`{_ae?#d zaz*nQ7KYF;iVac05|dvWr)Ily9g_>64Y%1Z3vb3}u>Ii9J>oBgHf`d-m%_LY!x6yC z$J|Rd;)Ml`?>=8HyYz3wX;ZD*hMV#Q-ZMPJ&TsEypC572wWp?{(rxdcd>`jI9-~#~ zk3(IK`qa^5*QRo8OW4*K$Sqyz({bAJy!$qyek&P?A@QmN+NL%rtm zT_RRBe(XEnexCV+tSeCw9~N@`RV~`u9?815p4QZiOrL7luEWkQ^(dQD)y<77R+V>? zlULuxwTvkFG2~m`%%NUVDF0jg^*4>RiHabKgF-hDxv%o{N5^xz^|P%$2e!4L(>Axy ztRvSN9mn?e6fz>iu(8lXVy0!c>|kW_$lT+d)?4oOd30!Mx5_69fBKZv&g$-F$;z7T zNsm0UtSkwr|5_sUlw3SkSol0HZu9W)?mWBLw#-^SqgBh#`$dmmGURYw`IWr(J3i(S z+mDk^y1%MQc!=*4%Uc&%)c`Sk1-WU`%GAJCGyq(jXZXApLU(yyYIk@b$%7P z`XSjlzfbYq{E%bY=}PJ6TVb4(^tLAC^UHi*V<8HOsNk3XiyVG#bCo(B6J)h4r{fYNCT^Ffd?NX3rM0 zx7{2>yxc$|uQ*izK^@ijD z&plX>kRb1ryB5Ok%&W#|ZQV&mG{xOV#7&`n&)~@iQYI#MG&NEQ!b!5SW~BA=3q30< zk$+)~n{Ee&3p&k559|$5(d)Cs!v{h(Kfg{+uAwoeNipPXTW(!XP0f!nO%ul%3zHYA ztXIUtrQMnB+eO^#nLZ|QYn(dut^9hmy1J_B*j?U~)z!NX1Q%efC$K-2oB(NBwpKd# zO)IjvnAVXRv$c2i^e}}Lo*w#cvymj}MGE}ut|mglV@DW`-^AvTvkf_xSjB+ zRr)YHMlzP?_%-(N5Na}&hvPmf;&Za`1= zenZq1zm&s#e0_s;OiTTyk6h5y@Y(2C8mQk33T?(Ld81Ky}G-ly>8tS6LEjJ0B^O%6N=^ zEt7=~qp99vvU5bp_F>5Ly{!$W^pups6cRs<1$nP3cf4*)Ty_|LYUB(B~1Q%*EAy@Nx0qXUYbpJim^4~)5Wbl8dV*7PY@vu)lisv7H1a&3w|x~nc-_;9|Qnp#Fq zjz!fSO9lpMH8p8`?#EldJfJ|(l%K2@^sI;vh8&*@m5ZSGvd%{`6K1s-HXj}vk`)W>4t!ccj?ta%ZKU*gKebyFsl$Y6H z2lkHA8(bPTTUj`5urIY?J>sppIK40WYQBrih zo`O-j!+W+Gx*g_YqkD6h$B!P^f8a%8%c!JeybUvRb@p>RW3BUN&P3nW%Dy_@j#a_J z?6r{^g3s@~A;DAk+@lLu+WoJh*$Kf05=#bpG(&1Y#TDVTce?Jj4gBlpF?gCx}H?fp60vb#JbmEv#@%(0P;N^iU>apj@=vcXlI59C=D|%9Q)}?3)vki!Dqp2-(=Y4OV_#F}=RWovZprd!? z?UhF#W#Y+mot4V4Ovhk)xxj_xIvSl}L+IxKJA=d8qDxFF@ zqrv(liTidX^{aeM4jI0eS?cT}#}^x8>QhtmdV6nUJcJPy#EfPRyfq4vvFc}%o(dl>@47X1i8tNMwK6~{FZcY6wzaRP#8zdyqoy!t7J=o%vwSWJ< z6m^|7Ge=KP(Oqm;$_gK*CC%1(Iy$ZtIL3ZvJ_!1n9i|7B(cB*XYLP2&5Y0D?0bm*i?`+r>@O}`7 zVD_zM66}xPc6Up|zZiGYfJrKGHn`a@U zPv~qSaN$c#OvISXYj#wfv|bf^ddj>xw{3fETyY)khiTbKn|9lfi1zPt`TtzCyTxYn zRZpTl1P532MzX<}6crV;i@yA}*QPXachgis?`yGZvRBwfa+{KgboTByO$OKFw^ohp z_|rD^3&qc!X^{UzCySKJj!8}a!^beX#I=ut!mq7O_w~85wbaE|sL~HaXlUdk5t^AL z$Fqv@wu$(;6ME4ZzGSivFLi?+KQ4b|t+%?GNJjMcqjM^~@MEYcDuIExHl4KhaDK(x zq})e&rEr>I zy#V}I_*XJQLt~ed_0wQ?CxykJ9bn`~3MLK>+{5&VA~{!~~Q1 zTu^;|>kqsA<1K*#0v#~ZxE)AS^xD#Mv6+ro90*km7+PD6c~9Dw$Mo}#8$YHbt}SFd&j!XdI$Ir_jOjU4 zTnF~-S^aT7>u4+s~;|o-jWSY-T;ZAqO$*BtoeT4CcBxMK;Az2;&@dIPjVQD~o za!5KME@RM*6Z%VQD-^7QIr2~`Vnt#o;03k`qf`lcBuV410on@~w4UU-dFggg&^e5K zV9Q~`pw9w{wg@jTFTNUfR@}5N&*lQ0hJ}4Ce{0#NrNu>{`R4UOhfV~Z6Nhc1q$D{Z zX4~;L`4PH;n0=ug8dhfpR~;atmk)O0A`kQz$&$+BiG8EL;dfDIM)LbE8;%{L@879d zXX)Oi-&{H~wog`=&Br-JRGdH;1C2CH*}|aV)teGM;_+tqh~zX|JdN1Ivef^z#>+OL zBmT6-637#4+hs~WVHlZX<_UiY4~uttTHXmPe#WH&=UyY<4bw$BIXUFP_OfJTaAxoK z>fJ)NeVc*vq@j$x;nh9{ zY&?d4-1NLjPxrVlIXt^rMRno?H6%6-rwWYBvAltHau?7NwT-q&(AmoPMo5q#*xB#h zxx;Ms;GiEF6BGAvQ<)$a*Y^<%aodOV`A08We6eq5-T2}OEjBH5_AnS&^YU?ZEZx;p3P&67XuAfYZjl3e&OsPZ<WUZIH38li5$T;7#o)JTUwqtyZ^pxwXuW9rG{;Ee0hg0wY2D9rhW0qTgJYX z-}<%_hSYoZ98%h2O*OcKY)iABFPgPSBqX3ThwUB(YQFVwR>D45YTn3dHwKr`Sk=t* zbZID}Fr6nO{ug94DJcojN9cK@9lB?a#M(aCW$^RxRJXJUOG-ZUzlmuU30*_-GCGV8 zAF}GR5JYGV2A5;s<|EbQtpxDp5po6|H{112F6?_@UXEHJ=kxt)6Ip{c&mRs$iXrz& zzqZE0Ur5ae6Y>09n|RrN$63@IQU?xLg9kt@GH%cMFdq{U8-B~4rP+J&+vtxTso9SA zDJ3I=L#CK>jlC3>uOJ+7zl3Xs+No2=8Jm}v$*c3|H!!<~G_8+u_KFh^aqJk;^l1&T z>l@*(Xu8usLr0J%7DfSRzye;GZ4d7B=7e86y5x&okvXXf?iB;c{c;jU;HvP>A)?c- zu0rtK`5s3tp*?HmyyPN6)zJ^XdQbJg`h8h_fQOE*okZU;pZ`POK~O0vxi=)l z*~VPx@DUgsfxUAa30Y5|svc<+{q|t{)vN5fe9uZ^ck%HBR8k8!oiO|VI6U)45i`%) z`AN037uN6*`N(O?A-!Mf>VDgv(mIr?d6X~yV0fbt&ShS_?17|sZn z36-|oOK)CYV8pfh>+5jG<<~Sd1;*@Er}rITqw5tzJ}-U`bR7>b~Gx9y0w z=DBm zbhfrutLwnm2Y*p?(S0Zg{{yLtto(;X{g4gL6})I?XD35igy0sh!JQ;W0%)&a;q?n? z>D>@g`mVlS6>c*X*VlWm%zeSzO7D^Z##y`nG7_VYPO7K{N#`aLoGI`kZ~ za&y-ax_WvrIKEZ$D7$fIrzD&1;F7DrqHDkS{MgLCqt+vqYVm)H=(WF!Xb%Wo|HBgT z4$2mxufQhhL{)Gyu?7B|sB0wV*AZxc|2JFo$6g#Z7^|RMSy@>}6Zd@^A19gX;ivEG zQ$Kt5tqr91r(u!p-sl%-*nEgnknmQWa=KHO^Lp1Aby*Obf{_R_8W@Z@#Ku9U_ z_FjWyH@{)=wxyN_F&epk6uRfBmNPecbpa|Ff(jcJ(Y7`=*w}t~91YXw?22s1H-UW< z>=E4S@CyTG`W|~ff{*#*=g+3rFK&4p;Nm)G)bnHXxv$6g$l;Fiqjsyy?s0Kn;-&T_ zv~25QRZhAEgYZANT3(*jVf$fnVsP*>1Y{_Vjz0{ck5fup9SEHol}!ODuJl9e{Q3Fe z(}L>iHkz6&(OoI&{GEcLPFJUJmk|)q*}W@UZZg`-Aq`tC)sVWSIhT+yOT$NvpGy9WV1Z($n}{`rnqU{LU7f3~rF-0y$u2cQpT?OwU#33pCj_f!b z2cNtL5%L|cr)EKxUn@>Z{r1v(&2t;8+dkFixsO}~?Ybcxs|)cm}Fpy1l#)b43p z%wTndZ_y1hG}HoU&j}7b?c#FSuOjM@wKgOhnuj`QKm`H^gkscgT7vax@<${NV${*| z=@T-V44_Ph9eZ|2eNz+X5oa67;o$Lu+3={7q+i9hLsnlpg2SOx*dpWyMDn(oe?n?|NrZC^E;`!4xNK_ke@Z`Ta)^Yi1Ub+vA2 zYHDg|z@!@HkZJhXfeep#Lj)YOP5An&XRY}{)opFK;1*zR_xiOiXpiP*A%1>Dg2JS1+e*&z%v88V4Z?S~&I(97R|wte~h8G&UY25IT(S-N}#N^705(4-VZFt z@IvQhA+W5N$>R$HVG5Zj)=Erl^b=&NGT)ygTa)sAbhOvPD_T(vRmIM$Cl`a79%Ks0 z=&ZMgKZ%(L$tVR)SL8z>cs3&g=L`n}Rp>=As8VqKiV$|eXQv9Tqh~b!4oSl}?Znmcx3I8O4IuX~3E3xWg@(l*(PLv0WTeMT zhXKyN8vAA2(DVmzgYUtn$PRSXf4MXr#v~@{h#CcITXOQSaqu|64FSH6RCi{Y(6Zt+ z#;FSP6|5*>;Vi%^SSycRVzS+Yjq&Jk>SM$Yo{My?zlg77Lz zK$uZNJ%RD5dBZk>;0T?Zq~_Iw5EqW)mla35P*~PSc4|7?v?4)9@mYJrDe;Kdu9uK z9M_@VFO$T6@PB(Y1u^aEZMpkD9GKE35*32q3{2r0vbVK8ee$F`tp4K_yb^@}?ah?- zf6za?j|*H|1VJ{<&CbF!opkxh$x(}wDgdh6N)HrQ=IS@5=u;#gduHZmByZgRcAZLF zK@IaiETT9jJX42zG*?edneLz5+SXH59r};ws`p=}PZ!D=sP6tZY()wT=75nLmS*K& zGC9f(LS!rN{F0uN(i`7DihlH{A+htpczs|_c{ahJ|^>(N1?S+j7Zf<})MjE2gLM9^sr2}JbM^G&}1qDtpvZgYR zpP5(CO*wtKv?O=^xzs9!!Xo#G^NxKG^4qFa< ztl%isx+>209tQ;2)T2Ao&J{!`y2qz3E!^`~Uj~)1e%{4vNxify=Q-!egSwV<#Ny0x~Jmhe+N@e+>akgge7&gDxB}&npN{KXS&>Trb(IAC{qLBs-8Z?mxjhai7 zMup~idbW#ut#z;U`#sP5zR%~K`omhE8`pKY&htEu{n+1XZiLqGIjpWk<7)@3(*XIKXyr7uEUO7M9&-c`~uG@$pgJE9KBp zN`GQm|B8+LF$75vT?RaUlZ=VAh<)EJTnkvWKo00m)11SmnB?*9wh5CPc4!DvKp$+H z!E%fHj+~r)&*ytHpoaeo1d_J{d+Ge*BF1omy+6j*waEldR+|gz*5T3x#edCl09uPP{hSQ91 zz#IrS7xo}%Rm?;b0T00s4pVwYMm6d!5Q$*{LBtkvbe)_s{rxwuax?z?ju*q~f>}<` zl8CEBbdLy0OQ*AGDR29nPR)>G_zS z2;K*EEGH)?)@XcNa9Z48(ZqdDUDl1UH96|6qP8|9sfQF56%pRBQ2OdCG$We%p4+%M#fad- zw`N}bBpacV)*fS5#lQIZIc0W4;-P`#E!V!k0yCuWEOfH|)zJ_1M9qyevf#mkCx9RH zV`mSVL&pjkqxfTXPnbNV^~waQt&T)XK<&jFp^E*)2vskHn`GjnunVABi!a;5wJ7sb z?ey7}7d;~*@N5_mg@D5#{p^FRJxYF@{XN{>@tvavMp>4il?dvSl>1!a<%7t`L`&^8 zbQy!0)>youR>BDrRq`-~{s{>QOUbqlX1IQTm>KtRRvpiNDmrWu@}WkhdoZ%F##JHt z0|cPZh2gIPdC331yHw`)z`g}}Ls*{Hr(Ggj%aHU>xS0)jtvHV~*43T!bO6;3&&siN zbT^Hu3&UE_X>3V5PhlT$x>WYVYpUQpS(@kzp${HF3`|8p^1px>p?zwPZiJzBcq-|E zgYoLO5(<3{i(1 zT1jc6#1qGZ3;L!P_NqN{04fmo5-j9UQ(1SQuEEkf+TBgPbLU3lesJ&t=8RaCG>we- zI5pCyWNDXAt=wBf0S#b({1EcG)Fo`767nv>=sHupm=dEz-4`V3Z4P566VHw#1{x6 z<*eax6SPBc{j{{Tv7aeOvip%P2H+`Bu%%)7V^>xP%o)4tj%HMF*te!)DrlLV?Cn8? zJ~s2>+xT2e%pTmos70a|(bt`fM;8e{{wHu@Vu5TSQZ(FsG$& zEE{c@ePeH*){UH$m)|hXj;{0f4N`Rf3}ukoBtJht1VxZH{55<$H^xa1!^+yMr(0xj z&~n0pj$6BFZ8ExOkI7^bqPZ>Tg_y)(#DZrgJizL$k2&rGlv=478OyU>UdW}asFU#=p#AwBPY}*! ztMh{_fFuIINO`pry2j`iFK}LpND!@-kD9T)dlS=03{vqqghhcLEvu@El=6~fkA*TC zU57n1<)|$9_(tJ$=@a;j+Zllw!VmiBdV8PY=uaw^$~oFq#u-@bD{e!GXfPn_!A zx?MO{Heio~SR!Np`{4jf2^kvFP15HhvhB&H#fDfUe z`LPlXVy4A6z#CQ@`UC{eljNvtsMOg7ylN%4jrwb9PImLi=2OE%w3IiMy_?pWewj&0 zO-%xK&Zy6NuaFI-QsvJZ<_rCe&$xcemcC1QVcN>4f~I4X`AD>&M-8#}F`0(tUGWX% zNRJNnZ=NK{6B`;XuKYZ}eF?onwD_z7BqR=F7$E8A>@;(i#cQA;UcKOwgCl&re4{Pn zFA9Qm@|RB8+1W5dF(ZDtE#v0RYQDQpZb#1#RIyk@&=Ud(t?I3(y) zx{Z;X?O5wkXTu5pyC-68+MTR>Kh>9=ad1FV$-RdaRlL47WM%Ygsn~A(<9qx4^{sIb zTW)&5{q@(0Cx;Il-aphGujx^-jh0q=>$g|`2|^4HryT6s^IJiveUkb^Q`}1-+B-kp z)X#Z(La45UOcL|YC3hHryM$uND9G|sbj-`fyNm|{+`;lG@bYSUNG=WmVMa#9BOyAQ zuBJC<$ID9O^-i6_a`>gURC9JTi=Kw&iSTG=U-@uvDR

    TQL~2UM_ea+<;6MHtg~r|mp9rlpkYJF5z9 z659s$faOlyJf-fuc!OQN-E-GtJ0X%0R*u2j*l5P`?AIxe9S-LWv34J=TSWYSFmrNN z=Y6J}E5VUgu!9pSy19WYs$tT>1720Q*Yc;@ndbF~k+ih5_&20)>I%EZO2>BTi&gKB zU_sMCs9hxJKtjY*r%siWmexke>+^hcLuAv3jsh>_u^xHxdLR-(4mZY_fOXCcTrK%jf~O$Hri3vxqXCbv0SyVEZdGH zEG55%fS{lq7#^8<{77o?p`vFKGcS5XT$*_UZs!?(NMsJ`EutOg)~z=dD!>vj4GhTW z^_zdt9e}og{XC_jQuqD)3ixB(X&AsbbZu8~D=7D^@>O)!xw5>-^Bwh` zT2sQ9_Q649SO7;sq5@19i{8_|Ekv>{%c{xW&yPI180*Y`fbKGv29iWo6%|H85diP_ z;*@sUx|K*Il906Oz%U6ZDY7Ef;p|t&@>9V~f!k?us-J1!8KnCB6;7SkhZDx}aRH0g z(u!Cy__OHeF$(&=#hE|35g@Ai`g(jWcpCl-Kt9%#5<^(V>U?i%nrM6*2JjXppa-+q z`^|piDm%=D*g;9q&9T3Evt_?la@`sZOs>;#$rIPnALA_( z{XP#SFNV{{O>G%asCC)TTvCew(c0XcY1icqg=1u8qwuz!vjAxKUbOrVn>tsB=mK%W zh;J)&w9&3Y5@d&#ui(i@Sa^=@86!l#JoesHOREKZRPop`o%hx|wr!)F9?YF6ka7F{ zJSvJ4cT^AAzyzx5{A^e+7lQFYPq^mj_;8Y{NnWvvGTNc{^Xi}i$sNW4b(->1A@H@g zw>OYZW_GrOh)Cjv1UhLh!?l;wO8Se7i^#@-yqdoLe#`Y5CiB84v4Mv_eTu{seq#5H z8-%$dx&`^E-VFRZYM~*XJ$rU5BVz-+0#tKAHatL(64|@sSP3PdGYqgi^x>X@P;L={szyA(Aku4N>*hlhvZ zvH(;;=#aOkqoa$6h@ffXO_G6EL|DaiFWcz1(p(hf56$H7f0YO)dA6377bq$ycrN@# zmgV(pK1fQ%9J1->J--L*yDkPtsIMcy-f1Q%-GC;+xFTqK$&j3`Qd78yUw*FM#h%Is zvIs^*-Ps`uWL*FW)mH(_GbY8Ss#*!dd49KaM08MZv59rp+_ec{97O$t{A<`ucl-*8 zT9`}EzyP$}{YK+u)erGv_t+&uv|JybLsL!EG%#^-#XNob5!-X;&Snewo1WK=RuxZS zpWmmY?GQHh&B&O>qIy6hGB>9tKytE$at!k@$oFtYnj2|F3MwkvRA}3U#$`0DtgKK> zpvM4crOPUtMzxN zF00`zPaV9E^w&?@N4(M0%n5OZ@(Nz=Q336$w5*v3s)GmL;tbmB zU%xUkotab@Qsu&+I9B^rM@U#07+u`);{4LA)tvE0>)g~Ozy~x)#}XH(r@Vcuqpy!n zzNHCzpp4)M7++rqG=tOUTh>)yAG*8j@})~r@?IWbdsr()YvyqUA}_cK50A<*%g3@) zui+a(DB%^6;}0|!Ofpb8`G?K;u6wzjaM-SM?AI?k)V+`ZS4!OVpsVPgig3{c(Y&}{a}LTs3KhmjM=L$^okv+5)d?T< zZf)b@s*U_|d{F9#ry>s*#V4kNTq^zSRYaxS)KA~kF){|ooRGx~{&YYOc|Rx+5Rovf zRa8fW+yU5e0HdEVBo-p8dbrThaFa~V#qkH{L8!nnK!5OsptCeTaj#P#si3fs6e;ES ztE;!MXrqTwJkdgc~xk6wY@Ub6&$#@vSHf#Z2 ztD-*Rh*rs&!)bz(BA@+X=A_+P8|PnM6>&O`tW4jcgmg`%y zl?FyZ8}N##*@1>o@`woS4^|As2BLcH+O?&{!I+koi0Ragrd&n=j=4g+L*gY#pJY=$ zw@ZzUk8`rHeD2&`^+8W*6#)xcn)snZ)kQ^ysJK8i#6@#5DFJANBF7lyTf4g(dJLk^ z6Miibl-azZkXS=BA#1oeW3#ifkCylX-M`Q-|!NEjdgvjABZ#7n|bXw ze6z5yFc$6I>(@f!;!w?>%D4)Mrj>YhkFgG)Depi-tJ73!s;2 zaxTIwHhzZe-6<(gKNXvVk4-ha2}#O0H&r0;zvjbgt1f#j&v8oFa#USfyzWY7NuS)A z{rJr8X}Go8HK+bWK*d2?!4U@78s5L{hd`32;rq9cc5Q9Jigq$Hf6{fj(J$p8e@;(+ zSI;q?zh^;H3O#UQpq~@h76+#XYqKyKX>1IFo}A@(zKDY};=B=7`RS^HT<1L3KW4K8 zVTM)*4jC(U?Z8v|iz9pW=~>U6Yn0}cv^T7H!0QwpAG>%Yeyt&H_wyy`xSHDE=juJ5 z$39?@8;K_enb^e3o1{j>B_tAVVzcqp^CmNlE3S}6%VXH)GP2zGx^-M#@&ZD~xpSA^ zUJcV>z*{}9ex_4)gvRd`zlT1B>_#f|d$`@7Arr2a$#&DV}d@Z71o9R1rGhw;! zc)#5!_j4udR8*)A{%s7-mbCMTQ_rVO(G#hk&f|EZObd=Ve)8!>F?GuWDa;B@%d7KU z)3S3}-HfN1qfvkGRLXI$PY%j-x;MO2a#9kPsddTr@i~TNfp$)QxZsulD=}oZI~qk4 zaGjwNd>6=d;9@?!3#N%UqJs57m+X`CB%3e ze}%C8{#yT6h$v)54nl{!Mk1mJ-Yi1G7}*JAcSKWOxI>DE)C=T&QCAm5PSa2Tph5`E zBI)Wh-kJr@ssPM{M?oGUckj7x~~##KVW*3W>yxF+o{+;UsDW^=R1-SX$6Q zluSWfu>u#QXrp}S<5P;zCs}bORd#TONg_JX#le;}l%6o%Q9`%@lm@ZmS8G-!^sOb0 z)N7Z?&Ik_J!$Z2&8=edB-_XkHZS1(|)vI@Q$~~=>iFBW%VT@x}g}>Kf_NeCZbaNWykrd9zLDDps7FU5gHc|p!_Fsvo9v&1oeM% z1|2u-3eJwg^|>TK;RcFuKne~?`(47qX$ZhrwyQKqNd;_ScY&)w(hh3|2b?+!?vx9t zdFk!t)1dhP&q&)+kUF+Kn5QtM!Ui*Oaz@1=LLVYOaESBD~?_6ELFa~P1w6v7(F`J%|G1?Gc38Rvv0##()-prj8nZPOU ze%{BMvEpFk&e^>@JeoQ>rSJ7XvXSAzhrgOa)^oe12V_=cjl-u*wyLWHMc40s(h(0VhL|0NQ zHW0#{DgWeKo`^QtA-m9ys!0inY{;EyvsoxP78h@!2QZ>mH+0!LXLNy4rUu#G_<1kM z)qppE^pVS_U;B^r&G4*R0f$WhG5UK_ zjMCKYUYpBtKlBJUR^Gh0apMM_4fPILVC9?7GTHpiLp%+t0k=V^uB3V0u65BxW8JM1 ze;GiA#1h~`F(ljFiT1E}KQhOfNmXj;X0@i&q?)Jf0XAb6xIg zZWWmAS{x@pgd|Ob#nH#e7xl2Ulzb))Hx(rY7K z6aNR;9ysNKdI&JCjEoEee5_qY>=I2TUIPdY4)5Gkk1dve6Am32X7mn~u;cOXZywI@y0=aM@Cv02HK-n^ zBoJ`&qQop1mmG8sv`$>Ss5EuTbhvTF-}u;ZUfwyaBY*y|F;at>O$8+G`0-2c7_WV| zvb8<4LHW<`%Pv?5DyR_SmGjA{{o=*O1E&c`S}O;|w*K?`J*V5-p8d^1ynYnASFZ0L z3UH?0>i>Vs$C>kFqz|Ysc8_cM*@>HoNw;sGil>QQRk(9|V{Kc~c8+a#Ik#G(C73E8h9$ii!PwK+W5CwCDOOS^XNXhIJxbEzpKB#mGyD9DaE;?k_n> z(Id5p_6};{Bo0}Uv^_A#_DorHrQ7381R?Y9;TuE$JS~mtV2#0cQQPy#ipSOzKIv4| zNFE$4jQ@w?Fp`l{ZN&V+*b@Am{>~0W9`o;iYTI5@R93&M{;Kd~_kk6w;l{?s@riG_ z?$ZNe_J5yneP2iRd}oKu<}F(ooW)EEFa>nRo|J43yYpLcjF zy=HH8Mp-bXF5&;bL6@R;|Aj3dMGCJ!Q}+40k;iqP5(d32W~wd!entahs)(hfx%uy; zuZ4Tb*&i(SE~A4lO-)QF$xDx~$AnEf$Hb5C5VRQk`{0SEAL%L`k7v1N{-flDRiH zhmkS_dI$~*+O2;^3FvhTHFauwdP8GlR(d)OHMQIFoQ-&M{e7n81VAka2q?aQs+#-p z<4y%{j(iJuS_*Q}#<`a#cKo@p(uI0+)U^R6FDxygn&$_yM?f(UV6LA$8AOnwiI3xKU-HS{8@ zA=~dY_TIbQH#WA?UA$p#6e@+DuI|OO-8d1TPd8GIv*{*!OMti5d@2ij{CI!zfyERs zJZlpZ=l-vc5jgZvn%mGY1-eC1>A*YwEEDC7w{G1M5f!bhtc1AabL$rVgrd1TYs2&) z3Y?(-LGn3y`t+fL2d}RzOg=yA^T^`)gKMs?UAeAyAUwy9m*L^bSO*1NN?y?Z4Gg*< zO2925jfHFyApWye+)y$>Fhi~>zOD_L%dh6NV?2zw0feBY_EhYoG~LSh^Y}cxbhiuF z{^eWKr#{Q+5)FGGzAXYrxJnx-)B?;wkjr{?|n$wc!<7Q$IA zEn#`XrG*>Ab8~Yz*vS9Vb4V6>gWA|3C{jP6rS6Bm35i@yO>O;#4XUcD5mSh;UJJi( zzPk*34i4@c1)uTdiwfxFv16qGkvJ!tGB%91hVD^5p{&eQ@fbKAcbd|U`fLO~hy15u zep7uF)!3sWBiwhkv$GEl45S;t-FI|!w4|U0g&jmH!}U(%M_^^#c-oYa0joqI{P4&K zfB?vy3h893g3!rws)K8(E1&Kv@GCe>V=A5)AKw?O`j;=}*zME>z8R{+-VWuoEsIAB zx*V8}G)`~ZuZMyPfP^s(fMW14hRiN-dBh7m%?1LhjwZ$F3xFO zXm~co?NI9PJiYdIyzNSJqegK<8!rAtMsm!JqDl!YPAygU2p__fBUCy^NBjc$fbc26 z56InSCMM*~h99A#f|^cev`<>PwXzaj?R#Ov5BHvi&hkn~hHwK9V`*WbrK#z5{d$a~ z!>#=i;^L@@%)tCMlvyK#e2bD6Iu1qOR{%xr_tx$>c+lriK?=_Pl9-(84NKG3Zbh*G zS&&UdHNu0iuySu)^*AgfWGEjacm2oLuOryr^&;1i#X@*wGBtxJ0vu$V<_6^o+{^ld z$l4dxz4AGe0sZ@ISBw^eo@wB$0)|&tSChX5`OW^`(r;YN3uT;w6oXVX-T`;ZEq^P= z!w^sghx3OL3LrAvn*i6K7)NzXzWcQQ7wQB2{O#{;o&^L1K*qr{0@zv!*@_p;{A&H+ z)mez#GjUSeV-$=}Utb_p1qR23S$hz5plF0@2o_j0T;w5>bbvt|Z{(BIN*x^W zd22vIE4@C+weKs-%KD+IP|Kh^g8i`dcE`)p;0f3!5aLHFJdm3qkVCoIcE1H_MG;}) zlV{FcZaCxMkcQh<(^@-ZJbQfDiJIO$pShmI?v^Y;1%>=LG2bFp9&A- zJXE(*6ATQ^<~iJxbIp z6{T)ZI$1rh+3xuEON=Jt5*kIhDl!9NbeH8ey{tEf?kGWmj+BHE5qywDj(7 znHY1sn5EG89C-t1A$S3BZ_sC^Y!WseWi$i=B)WPaeuNF38=<%r5*`t88hX8ez?sue zIxU-NJcj*NFQm?(s+>dC?f&XVyDs^Gr&MpQt$XoEKGELE>8d;~LO?xBZ=|869c_FY zkopZ;7(78`SZ`}6hJcD7tFFQW)mZ6?KD?XDhn_vrv$QlceHxU$myFahvd@u*@`*}NY_Rm{XcN?R?(@aO&0(0PrdY&>g{>y+1X~RFc^PID+oF*wHrS*bA(@Rh=1Rz9YQr02RYKi@;Pfop9O!p0q7uGe|YEH7Opj0M^pZ!JVXxA-A4uW zN5eT6ryzMo%DPWM!y(*2a7ofki-mpBj6Z*jt9iK63xS$phAEq4{O}t&=g0i{j6qis zk09+Jk&FL=fbP)`d6on;bC+G>u&{81@Rg0%MGoOsGn8nkFo06{FC4n@FSZ-QAjbd) zE)EX$jnLDQIj_4=Hr2p-!KRWD63h$@>rfyHp$NBuA{M_v1?Ax6MB)J@fe3b&bakuD zIKEDlOtfXEfTEx(A{#R`gM!X&=dM|Te#I_kejj&Vqoef!u?A|Qbk3f=A%t6^3}$9# zxO|68N#u(lO`Hy4(lsxchI@IUUBIda(f0?*5IZ~K@9v{Ls)F3|n*ZkJA($f(6IxKZ zqv@}AKk$^R*=6_VE6z)$T{cPaCO{j68+dm{gII(~lyM6oP!ew7%F;cBH9p3mK*4k3 z=`-9lA+Mc=JJOurl@LW#Q#L-Iuzv+6u{0O=;>FQ@MBVs&&tG*(l*Spw zG;rd0IW3?%zsL7~QJnKEY}8joLvPtTw7%Id!o2zE2^wQfpRHo&T_oi+sCoM)=otcc zzFBxU;_4fisZpSZ7h01Z5aga#6Q9|$ZCgNGjLx==jq6F?`nQ>VX-%p4R;Toh6nu|< zQz@o8y5(qHVCna(Y`6Rwr{hrC>$#&~GL%^E~F^VmCu6u@(FYg%M zmxrw{ahh`Nu90P~)2FZwt;b1&fKX@G?su2<{5ZFX@)7TApQ&6|&U;m!uV^^9J&{+` z4DVY!Mo`n-zWJ3uZII8=ZxlsTQbvx?{dbvvGO`p|ym5okcyZ768ooW-tFN@rZx!%! zaVse?6cX1};n@7tpZ3BAmFCE}*4=-90>Ou|XX)R6f`+-liB#E(ukssGk6*@FIPuV< zzSr+!u1d=})9BEUdxma&jS_s9IA>{mEGxKX8E@K8X1?5tTjy_nD)t!GiRp&3ouzoz z+ahp&t5}bac!cMTqnjL788(|eV%XdefG}G)omorsBp_$pub5>A2Hiqfges+IYb$c9wv_hucnb@Ho!wz-Ju)ayE~V*3+2ig$Sd!_CT6$*ZNxezFl<|9)X* z(GdsM{WkLtx802b=b@o6!Lv>tR1Q$n?PAmD?&)VGHIr}dS<kdgb%xp3X#8vHSG_^jzUh3=eN@Jmq#|b>T=I zfucc~#xy{te4V7&{S1!1+uOG^h4@lgpZQ31C}&Jo__W(!b36(~LIC&?8Y;1Oi>9bp z=cs&!Hr+U9{J8hMYK5Nk;s1CB3jTax0y&ql?MoUcZYt@V40&>@^XCdwUPSeD1Mo>M zIS*gHuyfYdNdW;=q$QdxWDSwYLk%Zr-{-P2V0+b9iY6xH>jh+j{N_#2;ce{f%P9Cn z=LRsR<0np>ig|uN`AK+qpb%V>5OHgN-4-ogC~aj&QwWedJnp2F8C_)z%E|ByDab~GgndS@^DTwDUGl*#&P1K;U+N00XvQL{B#tt(UmAp#S=}9O?f4WBYutn4 z?R$Qc=7qQHZgax=;XRZYrE+;U7B?^#QUMXYTLYeC}sXw*}P`ggE?o-@j$0axLU>^+|oX8ZdiQ^cMM-qREJu(=LlyAs6j3ts(S%;g$p~3Z<=sDzm;8bAn2aC;%5 z@rkp@{e$znx#gg;Ks!5op+?^S6m zPrkV6`4v~pU^~Eb^DtugN30d{y*s6y_+r;UBcP;^+n4}rk}La*08F;gX|}t(S$eJU zgPq@vV^Fb%KOpY;O(D(gEEHRg?DC>8`hR@Ac|2C>|37})_nj;yOR|TgD6*F|$r6=9 zk&;A<(#U>WO15MvS&C#C6iTIVBWsdULS>htvS#;vo@(Yj@AkGAf0K6F#78rcfPB-Rq5QLLnafU z&n_F^$V}P18-EHAaTLn4r2|T~4|7J%(G8?~-h%JiSce9>Y@%O7>ja$)u*;>T`ELjB z3LH1^hhOsLlRwTb4ak-Rx%2OAPbLY79ug=1w0oT^|};S1Og>o;WLL~p)I&0JULD?Q_wZQKJ~jbD4RgMi3R z?70Q5>i(S7oc!a4vadY+=vMOQOf%fy?>H-&`l57Hw~A`^0sHPNaatvGLLknx+}jJ& zZ{DOP0b#xit^}IaJL##Vfdekvw}+IJK;)9UO?=nUqr)hCVT`#{xB-e&?4(j_*8(OW z3|QD#!G21rEi3i<b(Zs+yUp zm^YlVDS1aV!>MOxE1}TOB`J`xv!Z!b>Vjh}o%@XIzE0A zEGr>vG72@n(q=XJOB`W%nUD7dW@3C=Gyg-7HUP~NnehG>Bt}`Nyj-3$N+N-X`X|8G zG76L2ez;_@ymr~yCCA07z{_;ItGZf3Q8DUI1Uwvfa1a%}1?KumSsAb~q#?++q>=VRvYx@PTMAubL=cPX%h# zbm@(=3LJ5Os3En&8355wQ>s>~%nzJ@6BCc2Mm&9O{VcH<2!M-^j~p6GoD70L`V&5Y zavEP?*ngf}+0nlC{V$M=yVXN=YR`G>PvqxDEcAUrmGd(*K)TmPUyhC5|n z%j9C~i|2hZMGT^^n2^klckkAxV&f1H66ydnhublDZT%^2RuVq=!Ovke2gwt%dx=)1 zssl%^g@uKrX<|j$^flhD9X+piKlgGVuJW$Vm4NK@o(l_$zaFUR5mD9^;Vj<4O!UK7 zgbyvGoeOi17341+MyoJ=XH;Dn_CfyzX}Yx{A19n(?Th*rnH7j->VH z{vm#8gBIRYK=F>V4S2e(6X7VqOvxw*?;m}27&@-c?0!x|qIR~|6B6Fy?Z(S%4^SnU zKtTF&j2hQfzHd>NNt68QG5AV>Oz)_)F-1we5}2PCNm7NA{!%qrgF+iL*`qt=@SbfY zZc5D*_MFP^21)e2_gUB&`nA3~c#00}91Wz;>F}L8!5^OrF%OJ#C`+1~n&jo=9-kUw zKgC9frJ8&wUFynMe7B#5hSm}g9)RLTqFI8uS}lCL_SVSr&bJVl3bwohGz;rbbPAZr zCa7%!1F4IJowq;jUV9}?SaXzGBQ0PYSaLs85l@%>MrVd@J(|sqG1Q__$$>g^9_i-_ zziy9U$(!z-L$xgb(Ssq<-%G69-}Z4?@_$`!3~{-5h1PG}*!KE0L2v_)k>EDkwJWB) zyd3;AzRJtB=7TBF$uqDDAm1V_H}{x}3qMq(gXPLBp%MRXW19Cr8e14WyZ@2p5mBOV z;j?}o_IKkV`yZC~X-MXSYxa`)_X{`lDqJ|GtvcoQ&4%W!bc{>me+4|;9yn^87lNs<)poY^#k^be)IyBRR zWC5kj+qb7by{y89LYzw5wh>WpcMmZ{|Iv{L><)IgHcmmiWv*TybB+h7{as}>bKZaj zfiB=XXgmsq0xTFs?e;Ak0~0&iuwZtdKR*Wv8tPjjqXX^1w|7MhyUbiQdLz|Ocg@r$ zIV`cPRD_-zh&zfrblh{yA7RD1jMsD%h2-5!Thto=T{^|kD}$zzqr6+v0`DXv-J%h0GwwdA48ycLK=Mc63fMPjCQat@xNd63qZ%VGFQ zS*gkwFJGSe{@uJZin>2?6rm^FLPFP2tKb-geP_jrP4GJh-}oP06f%0Q=7U(=j29P8 zEPjdjh-j||o(19FH^~7Q@7{>%y<`o4C5I=-VZbN)vkJAJ>;?eqYO`IngvDj zrYQvEn}@{)ki>6xAOX$1*f`tURG^`V=gL3uWD87X3JPBVJ|9sZPhdr2B-a4-_>~vu ztkkeMRbAfjb!IK$LWIK`wbw2Cf+vuV5uVv|-@yZoL7AWC^%>+D@Ns;WKku)5b8cC- z&W%Y^gPop#4INu><$E-I8R@&UUw#k~xg#QyC^RyJN3CMILp%m)H9|X94~Q^me%DD{ zCh<&%GIH&H%=_#Lq>r(Y9PWScQ5d|R*&p5(6Y!Dh1B0rPAFnPGI=T(Lx+@)LWmxYq z#f5C3e16NTVt#lv+DQHKm2H)k0XNccdTEbpd_Ml}-T;!NtZ(d-=qz`o!o}1W>d-iP zsKV!Q^hg|qS6{DXrs}nWB}w5lE1RX9v@~I28S5qM?sV|1AahU_7!nJ$CgtnP_kTJ! z{(y!@UK2dc;qU)#h!01>lzCn26w zI!DqR!*-sVX;KgpvVG%;7`Npdr(rA)HQdJeGhh;%Htx0EJR%?jQykFsgpkK~39jSE zZFpP*MC~ep zbi2c?g_Qul1Pv7~QCpf~C}6t7_Y|Hut?4L^0UWd%*~*1#-4q7LB^uLq5pjLnQQc~u zMt0M}neO{I0!zmXs=m!+sWyoS#BoXrBy;h1)SXIZ*8E&UrvLe@qZjvDTVK6$Wuo&$ z`59y}?$VN%Z>p`8l9T&_Ti4WPTzui)z(QwcVRD>s%7D|n&APOJute?v;`&BzTmeAe z16fvCYVsc+nX}H!K4l8JiI!3k%Fax2Uq8{DSeU zN24D+I160?u}fQ9PtAWTf93!Bz|mGtLJ8Bxd>Jw_6#Ode_5q)EeS5p6!O~KWDWt2? zS9d2vHM8YZ)e-={3_nk?>$GA~jLWmNdjurnKIg{l6_%D` zVe9v~eUaGd{}87O2&|mWne$`Ef<1~ z_NN6v0|QzMRUP4n-I<~fNQiYhm<6}zH7{lUT!&)~&w<-YnhmJI=IJDDSMlDr+0J-p z6*vw@1A&Mrmjg_kSz5}LLAq-SeR)Z>{Y@gh-pz($PCSDg3e}v0TJFhQOFZ>*8(+h3 z07`ioK@Dh7Dk`+6PLE@SzznH0F$gV02+4Qtvim@EOiOvX`WABNQA zV_VkV4J#208$^nbl~r8uD&kR6$l7>6n0qd0jMhc?kiRRF$HeH^;)eMX9Xz{fYObtc zl?`PH@1x1;ZPoAoYmX(LU1h9tzkZhWxf792kkCehb6fy zHlHO)+PinJnAjt~BKP>?6bUwT_F_Jo4Z(9{}*RXp)pP7|y6@5y{4?(3+QyHMTyPT7Lj zI|6y`%?*r4)IG7fWOUFO27)lVWOW(Go9FZ8tJN>~$*RK;1Oz#Si8tHlJlwMpT z`j$%%V{40^>LOnfQ6^CDg8@OH8l)76H>29ceg*1v71L3$oTlDT@E0xwyo-s{1{t|K z-_9GJ`e5PHK9Hbm0CoW-NnT34e%34oI}c9}90%%tk)07Y1yi1&0sME^vnLrPX=Cgj$HwVB9eZb=VP z^81Un5h1F^$y6&X3#Ky0$T>94aucziY~?mws2)_X*Sf{X`0YdQ<&}tCm{^D3l4r;)9trR2Oe*VGa(^SAFWp9c zg;+&DL@eTF!c>P+Xtpy(29e>LXcn;x!-YpkDP-q%;Sj(J4a<5_N=iyVfDWGK1GjhM zfN+b253uD5wKX)F;7#1pnH*2YNF zU#*cAjrHV@A2u`kAxgV`wK;97ve4iO?RhBu^JutuF=zK*d`*dI$)eM`UnDM(Vt9JE zrbU%q@|NAEtMtK?Z?7f9j`Fwo+@U9MKI3)zJ!c7hB=&V`wWdq>3}W((Lae$5oSI>4 z@$q1m5j)$!vcknKES>Zzy;~t#ftTbLY^1%^SoO_N=Z8nFVBPlWIOwdXu` zJ@;A8+Eu)U$O5OMQh@@-wkATYyur+Ko`2H^&(ZG@G&6e-NQCFYtq$3U1Cp=UgjCG; zHN_x58Jj8WD9?e9n5W=Dpr1J^2Let9#KeQ@eD|yN@{Y;_SmA&UZ#XVhp;}qub)ZxrOR`DPr7k z6loyVTTV_+SvhtcKfN%3otTT)Nq%Zy`gFf=7HY|diREc3RGSx`qlh@p`gcYt&r>l^ z=zEk;xbeH$fidYnRHHi=roE1ajX|K{Yqf&NEOJq zLC2Yv5?u*EjdkUwkx&uecIfM2HHL;0X)77_;eLJ3*pU5DzBESwKCKh6IR%bPT#r-w z{<`S`cC7q?^g%5>6nOkbQml~Ig~T8qVfjyqtfo6Wx=21+!u)}f`$hQoW^qo}@*HH$ zjbd5PyFzu72ruy&MDs+rdIp$c^na)?dsRN8QyAH~H#u5!ZF;=Vvo)zpe5@{chwF>q zzI?fB>!MW&`0SJLkpcUK7j6!Ygx0amz6+(uT$_7BF*e42qLj#wf{*n-D}h9sme{#x zkKn0kQ*quck{p&it5lQL0Y<@f{25fUXVY0e6dY4n2&imoc$OF&85|cGPlagdTR8rG zTiY++6blMWk1w2=@Px9J(jC#JSUI|Q?KFHU5X36(xz~?ni8dMR8Ilz=5j@M23OI^z zXFaUZ-}c`Ry!z(@S34?wl}x6a*duV-boK4+vhL9Pe8yvT@Qjbq{jcY&og?DtEnfQ3 z8!{jTuu%RYPUcFlxmWmgE%DL2;veM7&xAwnWE5Xj`eNArvOmLNb=O zl?a{G2%18_`Oya%84}Y{CEdXr6i`b{h!Y)QjfdC~B}QQdA5bgW*&v7(78an(O*%*X$vriJhLkz32m1>>16byRbmk0o z)u1l0DhTT|K43{>bIKWQ_!&a)= z&8(3Z2_DdLId@kyw$QiwIR8OAhsq_jvyRO7-w_`@g6kXmbpcSj!lBG zypMNe^AUk$vo>ArS}QiA>Wdtrw0n3+QId;r&dzC&V=7@!tj#ZLni6g)7={;W?#^E5HF^@jd zrJ{@7LB`X88Mp7AcPoz$^rg(jgaNs@u5whIJ6wW0+)%=`HG^s5(fYu?Be-v^1w4B| z(}DS3Yjtw*z}~%caOwc5WeIXn#%qvP99Hq|96O&tGP{^rdr~atmK9qWS>!9;Xy%5$}s3Q2@)Q(?WP{z^(9sAo zgeDc|nb(;!ZJ1h8RJ5g^Pv1k16XA9qv;|OTBijM<+{XK1q6|i;qY8MH01r6<*6;QPJk) zrS56G500}DoKn~oL>xTxWx^y-!pX_M7?|Hin!IwVjO6Q4<$A^6_s7`SLvU;ehyXfW z_T)+BgB%Dhk&^^Qb|+#_hVr^Ue-=XKAcjuJyJzQAH|yZBF&&+`5#ivm9&e|lzz8e9 zE<;dc&wc*;`|YGx0%tSdMhYnC(dBdWthl_PNu+tzTP*2nB3g0t&HehHk3icFqc;vyLX%!| zyneY1UWUMjE}yB{BUbbgEj8eRMCQXlwk2xBXC;ABQlW zM1pc-*ESR3uND{g+0TxHW?md`RBRdoNCwDy)rwg{m_3-G;`h5pAT(UMG`}25u9?4% z0K!f8-x9A9Q{KbqFs(Zg>6f!tlDP=^7&)UB%tD4Myd)I``Lk$C)r{(I4p`XsmORtt`PtIAaoVsF_Qq@8J!Xaau^+-pHt|^q+VAb_? zg(ru#hQEAyTv`f;Zd^h_qwQ0~pF{gRQyNSc6Wr!~Qz!B@@=)znB z&Et1X>rOGc@I(L6XWiYe%^XNyWN+!^(H9g_N|hOYhI#(RkfdSdpw%cxerm?}sy7OD zeukA>+Sum8oz= zydx1&oSdpFKG@vwk}%fp6(9m50N8lr?ZvC_@Y9S+7~Gq zfweMz=i+mvU+_gL+WFB|ZLxMTNMEgSt{Wkt8Ad$EkB`E@DYE$_?fzyzADM@f$_-6T zao+srQHK^4ZJ766P0kt2pz6ok z%ixJLDW`o#A{pH^($}#PrM>*hcgMS3$|6pp?zH^-ZOd6YY5#LY;xA?+6qlBynZ8K4 zhi17QKaO-{8-O5t_nt?N6$IR;Hy`v7Gp1F10uf$Qlj$P~QBem7uNPL@7MT=K7Ji}M z5-jR^VLZLh+!M$@tgj1)pNua3TLsl1Auhux)I?l^q)5M*dq(^L{c@J};NsK_hq#P| z9?SfT8bceN&djel5gMmeJtQZHmWv!5YzGgol$61oIrr}TmQ&5Av;u#Lp@d|Kz)%1l zDn0vpBy^M5Y9337Ms-ip=!qgs1I8e1r;&5!KPsK z&8JFq^z=7(z5_7+{o!u?YBP}N*!ux*Wc>K(iS6A(EoIn~J(&5`UW zspkH2vDuF&*%$dac0$IseM@P5*^e{~ido)@n5kzhh^gC)VeJ!M4g^1?3@~pj{C>`7&xxCYqv~GahITgv4i>$Nc`Mh@32AfE-@o(#n^$3PP*_oLb?c>1 zXY=%Y5>sg%(wu))yaz8vMiMT)%X(9WS3>;J{a*Zx z3P^>qP4YiVbz<{tE7xZ>HtY$pqUfI*+{Z~kB};29%ypSnVZRMDk~!kw={bhXKsPtH z)2B~kacpw$y3@iQZ&=xASoxYnLPddU<3Vxp>o;#u9AQS2nkd!$A<>XLTD`fj&dQ4$ zWYpHUUkLQ3^GFNM7>Ne{JR6M{ zPaRtf$HumDW{E{R$rXqj{`m3jTUF#7z-b2y6%HVL=J@C!m6*VUn855OKC`V|T|V%T zHFa{s8rt-_mb_RWMix-+R*>1WRT=IKZsjv(rWfp&Pw?c6PYoQh7M%aZgy3yy{r0S>x!LRN*@Qc+ zlx@rhBn5770=9>tX|pHo+Ea`B#X=UuF67+5Wtz-H5zPETI4IDOL+1(T4B_JXhuLs@ zExf>`?fH2D21yzTcSNjWN`78Jd+Q%?QAkNife*)q2>?2J-H_=z{n;Gr++R*e?A*Yf zpT*sBBvZ$(pcf3j+SndCkk##T($$X%UT0`f9qNuZ)jS?2v>T>{|McMvJ^D9V);TV21#go^?!j3ml*p5cpP<2(v~x_ zF-4kgaG`a6eh{=$B*n|2kN0h4w?;zv3t)X{_K0XBJZF@J5Y@H0;i!2;e+K$lpuOc7 zD~E-kq-1_rXTVN!ppl9M;DoUFU>R-`e~J1ni2`*ZOi|Oolo8Tn2T&LWyQ`C4FlK_U z&qH?Oi<5$tfcDaIF3*I=r-+7;gIH~nuAFi3~GuIP9K?*Vq-Ddqt53UneQfD5UY51 zka9j{+|uJ|eY@080+#nu4Q{}LqM}#uGoLv_1kb~Q8?2HM&Rb^cortUj9WSp<^9c4z zI9j08o~lu84iVfLui%;_-sD|R5k>R^k{u)?N|(PilqjHW>f^rYp(oy=?fq*V+NR{L zwA%H7-OcW89BI5&@l9)EiW6bvE4bZ5VSX8?L(lbHN6-e`vA|8)L#be4=~T?O%k9n+ z*ytJ;EKOWS1f%Km_wR2Mv5+g5@FILV#oczoz*Z|ZP^01P*E zW|_aDEgC{S=zg_>t0hXm8+0?C{8s4ZK)Y_={tQ$PUBU5;zqhK2XEOP}w<-j+;>NU? z6l7)&fVTpz@8rAIo}Ki4Vxke=)W$~8jVw$|jtwshb@L{SltOs`}aHwl-^oSHeGv16iA{WqsaSoL<0J6NRhQYVHMHA1a)A&1=Pls6M;g zq1MMZI{{b@epq{YGsyuu48ldWX%jmuD?}5{#8oeuD6%St`E#5kHsF`D&xWPsMHr_Q z$@D+14LX@Pvs)hu(+e&<>IwRN{8%5tvXJqKj{1$gGw;LaCUcB){mPn~W8PLEkyAv} z+nLbB zt}_RyOiKl1j->f$vaB{>T)sMHAh58j&D_M!kCCExSKsxi_<)v-fL!XBI2)VObp(3? zOyTC@+J&@CQ!7uo-1jmfgdyUHs3~@QjUG?sLJjY1p#veu?B9>Pj-R=+rNE=-ApWTE zTIuMvd5&OB`gHnt| zX%iK{#&h<{5-$UFKxsCkP#x2Cy^3K63*j=;XTIx7Zrvw7h71!w4=Y%1sBfD5?EKC} zD$38?`rMsJS%{IQ;;`P{&}1V!Zm$$!-E%G`fWG1MX|O~Sy0!lzOE1IdU8khv*5L17YDq721mFZ*cTn8+^_{{z8^=Dz z!E%ycOCJmWhpa7XKpb1V!_*JN{YcGA4Xjnq_Blijp*NP`zWoC#c}$xic5kSiKy3lK zA%4AddGxI>xdrX?K=d=$vU#pyVRKrH3nhC}hFdIT%1kL7ns-vXUTbOQG|M@6AJp#- z`Y&SCfBNPke>Vr$%q@LqbCb#?!?>VO=J?o&tFj9=^v^Cft9l<1o%z8u1lmG*>bRR* z`vWsX$xY61`4FkzR zyuslEa(~{sRYhULR{t)S{zz%MPe(LaOgA)Z3#d0v)xZ|*q^_$^L()0Tq&D2h<~U@DLG*4i}Nepa}|C#^+Qxv=Yuxe3)0XTY!DsfYq8 z6Bw2W0?w4qtW=COMOutXPoHcC$U!M=B@lAz70(#rYmM<>?Pk*cdMSD+gcj$Yq+yb} z*3k3oQfW_)EZ>bkApYGT{9<~1=~8rHC^M%x`}iNLOMPXV^irmo23Ja{aK3p7VCHal z2-s{0O%NxGUCTqy+fe+`)4hsMxFJlX?%hr+6z1^!AcIie3cdBch zoP4Rkqx}mBk6?)=;>a*ttD+(e4FRG0EwBO((WCXI)r59Qde{2b+yJ97J|l}H)+<`B z(mR)}#Npi`g;et+qItLA#9dfi1W%1Gq&B^il4<#U8IS&B(K6)~V&wU~31#c^3e_3> zUHcOMFnQ-Mjeh3qRud|x97Y!M;|sz!7iW$~+E1N`)X1dSf8a|oGW{{YGUwry$vZZq z`aSN&BH4Egji|lDRb8GJi0-dBIED%fCb%ecdTYCN)JMQt^t7~~;vo!&z8ix| zFb?}G=Bh4-4W@bv=Kh!N(2xqDm-_JS95j6l3=Gz#R$HGB;j-ci z&-4R9{8(}<;d5^``kccB2)IDZg#<=Kdy8f1JA0^BddMY0DWn`5dgE$*JUty!KWI|1X+84x~_ri=P#2Zdd5*?AT+^i1*-}UTK zSZCJ02awF+!*B%?GkcL!=uBp}qUpNKGZ^+IYQZSIx>}#g>rH{Zh@jv@)XWgEV-gzq z#p>vLLB~?9e3`!*c+Ut+nR31rvG{Ia(H9wa<9`;>#X`?cY&_Ci9S(IX1`!bmEk<(H z@lv|ax3cJ2S-l1)q{i=H&A9bNogU5I@jbRF{R0C@*RM~6yF9-%x(P=a$^XJW+n@a1 z){aPJ3wn20wzBN@0wBe}B9%#I>5j~t)uk)f98Fx4ul0A51RM^(lO%W@YJZ1LT-R%e zESzEaLOqZkFmet|LwyA;aqRtCGnlrjhvt2c)~}F@T33PcoE3c)$XY`To-*v$_i5?h z9^yk*_K}z3X2%Nu{H|zV;+ql^O5ZzJRH*Ut)vH4<7}EM=h|QXoR9KjG@1F9s+qyla z*T;!PbNXSKLm@FQ^600l6kqF&U2ODND+d2J+u=woM^hy5_a+BUVwpIO)s9kQ4~CeG z%+yP4>V~deG50ngH8d?v6ccxl-@zSD#Ny!J{JLgsI5v^%-dzztyf z0>RQjG(@ECyQRKjznN@_K7@&l?dsF5QM0f(*ll5FUI_|XE>LRSZz0OC`ke1fPbf&y zjI1n^C6-gXgHiv`p!{XqC9*3}=+8a~i@V_(rnP%XIxaqb_kW}<&E?8A(w>WVOG>VW zXaODAlc<&POjt%8d9N^mA_O0bDSU^j4FQ99LdN!O9iN_#HOVd-6lVBHS5*k_7zrZg;eX~JHiSx$(Pd+Q|N1p!F5-?#A=c94#z(`^> znVy;?(2k6hl+;vv^b#HH`G%E$TG6r`(j)SkhlVg)1j9x8zIO&yAV`knfRJoh>@6dgPA>d5gvf_$o4B@+`1mB&BAn4#L5i5kjF*&AodQp zWy)E@9Nw=X{+kcZp87wvI}2U$G00Eha3exquU@qVnOpL%vV@~kuI4$&uHedVoJuxg)M@RT_GjQdMwmq~FABA9L@z~n_l6OlI5x$6Y(+#zYJ`DqO z*InQ(Jgs?Zi;ROXX0(9tfq>NY>7>PPk^lNOH5CtRfUtjrUA}Bh_Qck2tnf2CP5d_I zui#7QwEu-N;~T`F8sh8VO_&uiCgqfa1hKKTjYAZqS8XNeya-^dBNU4`AbH3CX z!6Rw9YC=2x{98HoEIe1xhhIs^5xYPcw|`3fU6jikvb|zP70>XP&v`nTuj5dmSvY$= z*IEvbQaV7p3&oI8<$K-^$7;$;kJ0GBFETV|uLRH=m*VeVs_=RlJbTM0nXJ=0^F!TV zTgltlNIJ#G??R3DHrLhW^x{U$2kQ)!N>^ts7jiL>)K2z?K_QZ#?+%p{grs$w&EAPn zM1!F5`aU*>M;3nnz8C%ony$e6Q7gXor};c?nYG&&e*kUFubNG!^t!J4c;O~_^^ETG zfj#cyE!t*kLit+C*-cvA<4c_3MI^&jd&eQY$F&GbuXgdf@TWJOQje!>pkZvFz&Mwb z9mk;7!BSzE_As#w!T?CIoIgg(m-j0TDAf^jv9T}D<6y*5l@D|YR=y+iZK8QzOwBGO zJe^87Bv^a5gSTM*dYiMg)^PQkXRp|0N>h|duj{iz%yNqf0`Xc;UDm5n8x$lWUwn8} ztVN=(>|f)YcCK(~?$LxXW##HDW^h(vV)+?8=Z`E?y?yEUTXEQ^J=g!GN;C)wWKb-_ zto6LUKF0g%8j7Zj%twXOnn4}sD1!X>Ev3I6vrKVNNQq3b9v(C6S4j?N7+wa~Fi5kl zm*8`;GfdX4pP>=uG$n733+}C)`|_nZclo*V#coe0vDggJkOjJ+FX@X67e8o3EXfAw z(PI+0!MvqA$l(4D}lxu-tf2;{3BA`v3X8R>CgWEPEqZ!Y!q}{nW$~ z(RLEQbY;C9`MX*mr;!Dxo_uBZ`3%v-2$X3O%bGjbf>3tizmxtScbmS5Cg@gAhZx=4D)M6^(H3p;<0M;8dSgA}4Kc!p^&`;+GV%QN zj!?*Av4Ms;cglI0>EG(jb0|fz!<2_?(Y0)lX3#?si`qO1?=t#8l#9@Xk7;xTXHuEZ zZIa9LN}ov5nk+mV1@BS_G^G_{?)ngAU>{2qrd`F>hzGt}p=$?q0DZ4n3^(6DE@4$* zc;aa%3DQM|F9ih~3p^adxOF*=_@)wc#Y9t*m#QRHC%H?0!UefVZ7(F2985Lmr$@4H z-FgK@2cRS=NlE4d=aYiYrJUV{jD;D=x$^N}~$S7|gY;OSx%-co6zl zexsi_0uwQe2%FW+Xx?MmZNFW&x|66iglHXa{wK&X*5t&FCqvineNdYktysGAbigOg z+su09wy5*vdv~>Cr;6rKd6DgU>$R{@U6@t|t7J(aM~={@T0_Bh5z7OXqk*$}cmW!A z>iZOqGdqSFc6m&s3w4m4vxGXfxuyine$3ymK79-|c=(Bf@ce-=$GHi4zP#PNygbD5 zIRA+$u$X5Ej}B&X`;7H&3nm1dCgmL7AIiKj4*XWP z(OwR{YCcj0(#5<_4B)InBz>JbA@M`D1KJ6EN1(RH$&*_!!bV?QP}64yHd(w4@UeY_ zgBW21pk&vK5Vhj9Ys%ee5IU$F@8Dg`KhqV-Q>MU}GJE$8R|=QP?z1j=CtvwYgqYEKuXh>AUX$(m173?q*gWiRjSmbb^e8z?KlibJ*x zS61D%z&8H0|F~thv=oj~kmUHk?5Ur0$zF)tf7RN0+cZi1#i-7a-(ho@oj21x2uVDq zf+150VM*ZqQG7>dn?J{LfkQkIIp4rJz?R@Ueun5sMr(sCkKbt@4~B;kxB)za5uZEA z$FPXV0tO8%r0DC{5eS-i<;o#^N7|kH!GF1TO?%*p{5vi0ApIHt`xwb9T4d63XV;o= z{a(m3hK9}#H1H)IW&RWG4JKhl2&=~%R%MnmueOJDfp*?zt%;(7N(NGfXl8xSX2en$zxtV>Bt7h`dUGl125MyDJ7?2XzL}vYcWiP{;9k!Zx^7jYsx7hU< zFF9p*8jx|X;Z|o{WAgQG4xTt01i@!~tlnd7UDIEW#s`QGCgI)!`qA~Of?={4;#E=w z{wKqYc0F@}#~2=b`31V3Iddj6-Ky2#iN2_vlA)m6W2NksKGA>XiMJ=m3QBT#<_`Y8 znomexDcvu62y2~oDClBGrqf046Z{HTI}w%WpGXxb*xI=rm2{fD5wDv7>YxpMFzf=V z7&TLzjq?rSuG7$!;{60Op)b^I?4c?5a58q(9s(9H8BJ5(+i@BnYObkjz`cBT>qURR z(;MErr~WB@WiqVy_b0;Y9xnfcc~nVOTG~A9JmRTF+wb0rii(=_B)NCBs6J139(*b4_LNF#_{_Xp8w?( zN{l^sD}R#+YC8*G*$9po3jXiJ_>fv{e&(^q zsMWs59&F4j6Wzj<64T1OzI}L)V0Q3hEBN_8K0H-hQ$zM{c?aSa7XStdIv~7}7(W0{ z1*1BK)G2M+)coQ_f}sQ~yl?_I3RGnXDV+0NbMiVLUQ0+||H$%0teDeRmECl~CQIxt zv!j%Z-QRVZpC|=lZ(|M8>2m#hZwn9O*nL23gfo1lyQY=iEm2!>YWtR7oco zkwnfIlaQT#)WziiVy15s1r7vBN=iyC2z@OoLd2bJ)JMDsf7(5aU3}zJ&plZcybzk$ zeTK@@c;|Pqyle9R2=Dm|39^>^>m=E@ru~?(=Zl)ydzQz4t2qSAx z+?%h{*2hp+eck=vSdi3;Sn@H3=%7g%CY@vGC`f*W@2EWPi07+~rlp_o>Bua6vawgH ziCz4o$HYa$#~!tpC~6avJi-hEj((+!bVWfdwY;KG0}@HrThGTW?}V}&wFk^dySB;! zvRFTH^5|{=b?)-3V z90B3+CrZ7yH6WTPFmi+6jL;T#?W64?h?Vj3=t-m$AF7RnH6p-o5y=u$-w0mTrharh z!UBIkF-vJbF?<*n8O|>8eZF72Hp70A^6iWE{5Q0KX72u+3%u(}{OMuALbeWU^@2h| zkt|aPo~)#zudF5?8viAM-uj~9;N4OPi11FZt=#1FP>+PzWqlzHgBNvjH?TI4MF0Ca%OY31*`2D z@gMwdc=*C1kKCAd1)zW79MX*g8~lGlegH)Ma=be1ls8^0?LAGZRNns%K4P9Q_ERZ=s$s$pavZ z8DLGQLcb@gT6L7`R&QeE7y2|Zl6>u2!@@LLeIOl2)Ef+izT%uH#$#OX(gr%P0|Q^M z(NlTV>CVxPgy1&qz2+dR=5E{(P|4}pk=&vh>@elraY+t4YVn#YSU+?mhxKAU zkuYg9u2xj`+)e*fQiMU9{b1Nt8-knD$DFX)d;&=FFe5`c0x2OCNIC0v z_Ng-)H`k?mxb$sqe6)s7M(d?l{{)+A0f{tHUj-D7%mat0W8XH-W=i+5LN(G!PQ5NX z&dR_;y|SA(zXR2>^EoaV!-Fxf%vd}IHUos)DGgb{%h1d-OMFh86|keCIzv=&FVbNV z$LMhQaQxM)b#`<-^;d{un!Wx4p5^#9!D>3n_Z=h09); zPgc&lfgA9b*$e48H?Vzs#v`tFtKU+x-z5hxr;N4D0Tv{AWifK1~N6?kgn6BCFJfH(@? zZ2XMwd|fIBSY&5EYB>fHGNU1qFiP-f?gYpTr$3r?VtPPGuKjfwl750 z?Sp+Dt6v@yGf};3sGFep5su(7m3YO}3qUj&LG>zoMB&*qQ+U^rX$J)(%B zVNgpY%{E^(s+cHjr*@l!#Z!hc+9QR!jrH}z=z2%q;z@2+SKq+3@2L-we~mBaud4>- zT_!OZT;;@v->(& z@;kJjR=!}{qH=_xEsq$&=h0nJkX_DM%sP8=YQ&z}#JZ)QsJ!I8V-+E9nW+I=V~d| z-e(_0?4&UeUZE_CmzC>qEyB*FrKOQrhd5vaP$H-u8;D~Z=#I(}#tDWW0ai=q8Yxpo z?{-OBc$>)eezZ0F7wKO!nMVnou2#A}yk(=fB9GSuSkl(+6DUIZD=6#bji zV)o0|SYSVFkf>Fv$Hjk9%Dx=(r@sQ_!#2N^YKo-g>0ta~VBz(eZF@M2o_>WmU4NDm zQ({3}vIzDe%#xHzT~7Y4nHLi{(*~0X(fY<1f?O4hjn$trDOfO;u-pLQ9MtX1_5&gD zIp3LpCXLt}^`UmzEKmDsjvDgH-x*bc2X<`RM#d~vfIfwJztC-8SPcG0ZhY)gMT2(- zGHm`G6tDJh6?12%)50Eg#F_lxn5b2A58#wWRy1a{-ss1RfSFW)5kZIn>AdRwQrJ(O zdLe)fSxf(wNl*P`znvCXjZa^`V5-YJCM69{uWjx><2w6J}qAqM$EPx^P_(aY1vyQQiJPVxCw#yFxM7o2ZPDJ1dEIfw3qE zLMQS@;$=`vIAC^8WbUNI^4e$_!7Zncz@&h3^jZAt?pDl(@I*WYm;~wa{V1(}UY2w~ zMT$p{=lFMJfl1>;Ep8v_tELx_utXk(9nD)E{3|;%Gp7BZ8T>WH3IArhttbTi?<%K4 zzuC?y!Y_D{As2~jjrS7*+7L;~ay)oyjg0zddgASX{b&&D&woF6l1Ro`+IO^l!9Tb( zK3_GIK+Q?=he*)qwZkysjYdG3cds0;DSwXb`K=ln$b_%+eUCA$r`BQS+%eflPn93a zZIwmb{%oqa*?)TTu_HK6GSh90=WZ3+r6UIXY*%{CI|Zt-p<<#%Uu<1Q{0?~7bOxHC z0~@q&md$qJ!n1x!i)sA|Fc=G1+Hr_0lsSV19VB;<^XxSj4I9|q4^)mLVLGMnAW#K> zd)y8Ts#;{GV^765Y8gg9*n_^W0U9=Ev*`Wj2TbY|oaut0z?taS$$i^BC+>SW(Os!+}N07hyqS<)ZhtlKgdPikmYA8MdQ5tE$<`W; z;gzdaFg;`bs-g;Khz$=(u$o&+!bEIx$97t=BN0vr(ll4H z7)A9=7NF*bQ|<7H^S;Mns%`ekuFR0V-5H4OebQEiEm_OI&iZL+3NgDNCcogcpA{D4fj_q(W|S`gd?+effdL5B)lSHCQa*9kVzuac;3jAl zPEEfhD#YaE(`U|L=*u$Lg<-A5v04#)JUAB6nd;9okwC_aV5}4BZdjpLZgee%5lhn( z(^);eyas*z*!^Pmo?kvgnFZ_*y5FfBJAvl;Nk-2&w%n*=47aghQK0^JitmB#93%%b zXB4)W$$+ps?nWr*kv<%%qy;b>n_nqWM-=V*hmiXA;f=*Cj{lNPJ9-^FbSM>Jc|iGr zMPtN`<5Ha|ZRyd9>4XKN8i-K_cCN@)5Q&ReM(7_5z!+fzbtk?9VhmvyZphm9NyDi# z_p@*CyYPQSY}xfq_{Yv>n;(0V_YgW4INmTZ2&e-8y1l{qA|fIXoqH_(Tk28@uHI<* zGmzP(r6pKKY#>NTj72apgfOrmpjN}QPdQ}HK6?5S5y)2_y&M&_jHJ`e%cuXX-5#_- zyXG_XnXhWU_Pih`rw8=gm{JN1AZ7EZ!_cPs^p+tQ0rkh5>|2{u`HQ|h)Fqac4yU2X@P97^wGk_T+V}r%(rj1h)``7eQ#eHU3%>~!$6;+Kx|l@ z-tctJBN0b0*z|Hz7~<-8YEsBo&`8}l+iPR!qOx}(jru7nZmU{C+>Lv9*_!T7b z4^QaK&aebYP{z%lKFRrNfG*_DO}v_pv-KcEEC7v}g>7wOXQeQT7HXi@AD(HnW5Yy` z_&pJxXk;bJBaKU^cVucc7H;A6J(+UHTwn+fsIX9J;18a=laf+fp#pOf{ysi#YIdIT z<-c-Qbjshc>=t>;Zi?ft*K!AuztS3F4weM?5&ZGfkQlQIZ(%$}%pk;S%RG@4r}@0} z|Fw1H@ldW|d#ETU6rl*6>X0o$iHWHkNOzS}wH_x-*+)Y71?w#+h>XqQdD=TVfU*2v z-7M9l3wK1X0+IUbWgAcPNvkv(oKMgNYdKB>9&6RB$9L4#&WJMqUxE8G4+I@Wyb6uG zw)f|QEdJSebVptuYAFECkQ5DOZ{_PUs{*t=KaJrRJb@0+N5HbHI$?S#(LMY6m9|4jPZOXi{2TM59)C?ODYFOb|v)c0IWUwsRvW+iGB<-qEq!&x4K&IG+IFavGX0)yY-?NI4YCScbsi z$z8E~7HP?V&L51jAbQ{{kp;B7b$xM-DQo!SDkB$`*H@%HuYUHwI%LzLz{7SWB$bQ5 z_Vs^91CN*7`MsTy%ucphS(ewug5TM1FAE^F#+uas4EiSqvnK5BnLDMcqt#mA-3NK% zZeNx0~Ay7tfk26Xr!r&zK*ENKx80o)GE z*FJvig(d>9kq(#y+G4BUTA5(fa63@MNIy`rtnB!)!sYmH4GbE>525IWSs%-7t!pMK zKtl$MGX|%(|5U*J;rE*nJw!RnGA~;&rvqV$|DXVxY&>)fXI<{VxRQ_0m(qa$STC7G zBYAF>tgGEQ7M0u2KtE}uN*?YPu9&Y+4#z4^hyF{Bkz@heLzksF>wSz{(IV7;AZz^t zuh0BS%@zIGRA9y8SoblbLXfsJ)jV)|dTI=hr$%zIOX9x_;oq1AMrhXtxI-Q%l_E;a zG`N;rfejH03!}|;fwEO?d^ZwvCy6NjLF87~Kc@&JTBmu~M&P4vgzw?g z>2sHiG+tyfg$lq{@A_F-11ZW~d zX5wOQ?vO_=YecX0w=*dt7)ZF6dBf3+1v0@rthQeE1u2)&Dx==#d*(Q5nGXFguN@QV zvu^j=icKt<-i}p#$C|%hhujuR*^}>9pW4}#A*ek1*fu1x)c3Metc`3cy5PDN--Rw5 zS(nvBTnEqS;nV-ZR zX2v>jpn}$9ls#;G)c1G;v9IEYHdsF1ANWBo4i2g(I7+kF*g|-^hqW*@{U)*~&!I-< zK^&U%C>*9}>D!mHl?wV6_;6@9u5b*+9TYv8@P`la`ApUu^?d$^YTeh&eCljq2(;90 za-jw{pJk~962$ma{lkF0XI14`RNNhB1mx4#ra#SacCjFyej7y@g?-vc&abG@G_-d! zH2kni3fvORG7e(q$={Ub|G_B!{5gu8LCN1{TUXkL#*nR0nXUxLD$FBts!~#M5+pBLUqkyZ^Dhtj3*zb- z*8CMg#t+BSlcQY}Cf~ZvR|qNk_lUMyCPv`2r+srx2 z*%iB%)NX~@2-~%Bhdu1rosGWRzYOA4@O6EB%?!4cWs|L7vgD0bAtm<`^sLz_yKFWk zOKoBL^Ux2~Dd9EG?81LE{=mL6Nh);h&09h3?C>&6ynl6mPsaPsw#1QMOAu7oK{V{0 z)Vool#dEZm7asmjyW~J`dB$5usqmHA!R!tNXZNn;UU-M6&e>DRPvVT<$~=Q)M05%% zO{dNF#T|gB{r1Cni|+qpG72y53KF|8Dpb|OaXn^q6qM8Eou}4S5D(e8-Pfn|iP>{l zr|EbqReXH>Srh5==b+S7bYtU=giQHh32;o83Y%VKNlJ0+FmmlZ!W`n6>%LBd&$crk z2yfAdk{C;i6xvReZ!(X5eMQX^W$~eA7#8a-p4Q`Tt(ZspZTeQZA9NHliZxJj7xSSn z%I7mH!Ki{>TyGBIRG>%1UWM zavQK|aH6V|GI!j>q|@{<4%Iuw(~-u+#|}+%ZFw&JYw_vqY`f-SaTD3xQsJ8(QX_@L zA&+jO`M|(6WuJ}x>2~HtuFM?mbuQtuu+VFt%Z%jeA>UW8Ife9@>nm}2<$4ZzWDR_s z$_9g0ohJr(M#cc%>CUzss!2wdam5!c_N3+-q_~c5)ugN2x{AxoF2!;}wxli)YEg#e z9XaUOW&(B?*;!?iIn237q4BE9wOl7nGCf{?wnP@u=GrZ-tw~zZb)+5nbwbd3EEUqh zy$r6hnN!PlEI=zJd;7ZPO%?4!VNgCa zJWYPVb8B&GtTC37eX$1V)mco=V+Q4Wf+|P1n+SZFxqCHF+ZJfZo?ABUFLcW^k=uLv z6XW9e@s{i%~T`PBBXocsM$sUcSJ$~(&XzQxG6DW|TkpV`U!>~FeQQkzJn zg4SPVoLzR`GpH|qMxj4O%cF9#vsn>GDwquz8kUyoHe*k(P>TsQ{ib2&zEk2hBd}Ij zp<4BFh(=IFFEH}atuM6&S`3X0^E}5s!u(j!x~R`ILwJR@MT?`aEtI0y9a=>O1!Um- zQ*xz1gqX=AaSNjYH#EGc6R4ukD3aHB--6{i?u9=#xCG^TaWjxDB8%M1(d%i(vfOKv za@?B_0_!48?KEGNdTw_VNG+$OiQ)bv+A1}hiW+gP*e(oMr|bRZ@6TL&6kH~%7Fa#q z(;Rm|{FUf4)nMsUzq;VRBntO4CVv_qBi_{$MPgT%x?H;X>XjU8qz zZ7-P@@!aFE-SJLSl4@DfCGh8BYbF3hkn{cNJ^(6QJs=%Y$#YccfZ^d?IW+Kr4H4vv z`$GNo#`~hS`0tZ5Ib&n8(UKUp$GLg3D13spY#RcPHv> z(M3j5a-gs8hMt~#^@b-{*HPEypx&OCjTV1)AAUtpAF+!^qQM8(wJo9QeQ#BF4%2t}dO4JISYR0$kF5{Ao50?4WQByW{M*bBgqhl>=-2xQc10Yd>q_@v0=_yQX@GyM!ulX}{aI#}v= zy?!z(w=XF@se8|F+Gd-c&yTk3AJN^Jx-+71=#JvrF(+08UJ*PNGwtp_4J_BRwKa?u z`&_0UW7u>|h%C* z^in-u#pF}Dr^1!3q_n)e!z)+x^xh3>G_>LXsrZg5%*(^Bh%s@h>qEj?s;ZVft+pc6 zUY}92BMiG@KD=37{w0pM3^hYL%`U#MB8@+_b718EjVh9A(5gwV3ZW z81|4LrqIh8aoUY1^W?4+1VDg{qMVMD7}4~nBiW_jt;GyCObiBl*qb`~b6h89m2$X+ zJND`?ZoNqIbF~k*26TrFAxgnDHv3cmP%TPM)x=^p!Ufjzg>l)=ZG~0gCpoiJ3<)S+ zpYE?tWMO2XiJ8fMIw%7cVYlsb9#8kwf`(pydpir_1dlx)k3Y2hx-~7tu_gAfqHFo& z3>$4$Kp>(YJ$LoOjhq~r3+`s(e_hY9C|`qz<8iZ!K}#d)1tB4-2&mEHT#-%ZKvcF6 z3n=u}`V_s(Rqr44b>2MP=;P&Fm;di!buC3D)SE-S`!B+6)Sr}W8%T*_ze&#bD^5$cwg9g7tl9!fRWi?!||TH`uu zm;3MfQJs)C!?{GK`#$|fxD%dQRJ{}!5RhY9rWQDkhnA$QHGk;Kl!vEJi;I+Mw3g&)C;ojm&*VXH@+u^g*1knrVdTZfogEH0I4d_7)6aAp$yk_|fT8M> za?PuMCTngV<>A4y_O+#{Y{bDGEw0MZuVyAPEOs>V&mqU^!X8CtYD@G2yj zJxO>)SaBFfOMZLU)2rteY3V5tR^|Zk(2y~G*(Cu8Sb{-{0oU3wRjm<<4~KV{!hHk+ z;^7|pj`zk=JF4h`dN|CYfYDO?b|NP81isL268Dy9QZk9^Pc`O3Twa+tYhEFTO!e6IS_vJ*Wk^UInk^K41OIH|Pp^Anzc`O&R(Q>y-bQOKNb~;Q zeC!0X|4Bbu#qU0d4-6M{JtFUcFJM|}H3)H;iB*H?t(33fmz2tVv}&XNkaA#L>aVTs z!BK0Ay_fGLca{}Ru2v3rD=Twxt-&1Quur!3KdKyi&k_5^9GNz@hh~Yu^L*~@6b`{;PA)jMdJ2JUlg)33KH@=C^b0Dlemd*C?%U7GtE5~kCFzv30$vN;j{ z%!-pccdNp5+#T4MKVQt2w4&_p8cCZ=oR#?bn!nA)$dVHQ;E3a1_LhTDgW~0W=vVFGc4>yS4yvv8$}T1)>KqDZ8pMJ<*}u4V-01?!WxZjSF7Fmej#m#5m* zb?||kqb2ShSzFI|KHBW4JLaGd#$Tuh4?)L OTv{5sf971ZdHg>neMck! literal 0 HcmV?d00001 diff --git a/static/img/tcp-frame-server.png b/static/img/tcp-frame-server.png new file mode 100644 index 0000000000000000000000000000000000000000..c2595ed5e8e4d546f5a33b93654c1740fc639e47 GIT binary patch literal 76195 zcmZ_01yq$?)GmsFAV`Bqmw=Me4N7-Nx3si$gEWYANlQtWba!`mcX#j2z6-zq+;hf_ z?HC()bFDS&dFEWxV0l?F6eN5kI5;>I331`iaB$C_!NEPnKzs_0B)q?p2S1*he3JPD z2Uix34AFxJf0G)Bf0luRbESfV`|bw^cLxrA-+_a3_y7mD_XQ4)`xhJ>?ziMR1zvFC zg}#)SFdXdh-|xnpXmI4EwWz2a`1$w(Be?LdLDY{29lw1tfrCT%4&KHIx1{Ln44w%m zA^b_ndF~*^NexSVy2X0uCFz)8G^!7&&zLaXcQpmA{khWBIqkw3_yc$aEeHC-y80^R z10Q(#QauDEVe~Ag-M8NIXHcg4^G(VGvX|*;%j@ebTnk)wN448aTy{BHl4g?RkHdh2 z+cEx0$VW`}*2uzabkQ!fBAldY$*8n3!J@-q?8mcotBn{hUDiL%w%wIbv#s!^!33KHa4e6 z6y1(3cTYc>x9Cqo{yN`|=L~zPHzarFlhI5yGL!AVK6VF_2Z{bZob_6XIKE>$!Q=YP zGcqz#YBpHs=NFEc4!#Pe3eCTMUD1q^qcR+uw{30flxb2LtrfM5UW#jgp$m?{Fa(vA zmAwN|>%$4>tJ8{#8porIXmz`q_FN}B@E0cvO9tV(PqC;-UcDkuBcfF8geq>l!;DWY z9%TgsML@-`TXM2IO{0R;nH5#Vsr2kFJJ?qghDD&<dzA174~IH`wZ3s3wqth6c(nW=rF_Yx_bq1B3NbENX2nvAH=O%Y};A zPJIXO73cdaXcx-AiFKND zC)PsR3kWkPkoALG)HNZRSTj@8GRyrxri#=={AUEU%8UlOE)T4oV`eQMrZH4Y{MTYT zb8wQBU}KwJ0kvT*ZB&$-1XOavJ!)mPu_@5s4^_|N>960@(o#$dtvNQ`)xW~W$M>AC z;`O-lvF1E=KrSH&Zs_K~*EF~x|3R6tWl%ml4|SZG<3S;0y|_paIKgMj!xhY>EE>Mv zkqH~iL$HHGr+~1e6Z2s^9bV{Gdm4Cncti`N+(0L)t@AiabQ>Mk=cYF{mgQ29ve?4I zJnyD&BhZfZ`MTYl8MV&dk)JJ){VuVeV?Gy5VVJ zJZxd8SDIC~%`kLTMaA*6E)VF{Vdx0$a+CmtpKJ=M%l#45zj=r+*i}hherD92({e8+ zp3$JUNTb?n{cm>2`ciY9`)NtdP54gpY{*26a8q>1aB5?X^D3mCgE0Vw$R}{HFSfvB zIPn%TyPh+OfscRT>n+xE8Bvo`@=*NTAK3dl_x9itP3J}N4Zfz)8T@u!3BPm8rgduB z&8@9Pw0e(im3N*7iPp{)rI#*F*0wPWEWe(8L?(0BpBo)r8XX0KETcM`cRI41uai(z z6jD?)xStxVK3>?*Vq0$H`6wqBFPS}*#1q*1X@0)sM%QAM5mt(9cU8%9&1SV_ zNNQ?v)aP*eBo2F4lCj-ABcsg?6$wd+*El$_F)?Q5=7)=ond&J#PphuSM$RUWMpKd)L(I<*{%`DJ{6@vHfMbIq9}<2i9p+D{NPC2_yfZC*Me1ZU2|;wihl;}ZSc%Yc)pvT&`eDp z`djYr@8i6F?J$-&J~>&2LZggImQ`FF0PCQZvOPZ&3&RgQCMO%k(Wz9Fmsi^?w~Za{ z>+0&Ns5mwe94c0?Ume)R%3v$5s(Rg|Eia#2QZk+OvHMg{L80u&U*=k6YB`7_@C=#F zDLb=@rt?!W?E$D{)4d!P{2sEr-&RKAv$B5tko1el$}%huz^Db{W`J{a5>-|`W7>aPo4 zNa2NqczvT?ZK_Pq&Q3^3n5?fh?Y>x@G*9XK}c9+GV}Iu%*jp{c_M;Y4b=yZ2wVj}8u!fBfiMbh~mwC;6+!rrY%PaIW!q zuacm^T_r-Z((LkXVuJPHloRQ$ng{r-a}T%gH$imp@bLJtiShBxM*EIhvRQ#yat2?jq65`@?nh)lVvc>7%t%;M(j^2_*T4fi< z&5V}k$hmoW%BrePcClbPdb_~ots+lqxfBIOMeT;KWY@U(HMd5qPpP8W45kQQ zhg9m%jyYbZOIS-G`3q)$zPz*#e1+$JedVC6jAL7{u&53Ea_?Y23p;z8?xD_K=hcZc z6BQMemp38-jc$%dvvyxLOU!rdFa4L!NqB#fPLCJe#jK#$W(N}l|2PfpimOk&&XjKx zy*V=qaXOmg=`!$%iHVs$P%kSh5kW4WI{yG?&+(2BHD~s6pNAR15?s2o-GfTF;g4+T zrgiC?y3vYpblP~(8!|sWxFCN`juJF`+t;O~nd9gzEOyWL!vHR+V5+}9U}SiROiHRY z8GgW^SZE=G8)*{vMh5s~4wH!JFgQAAa&od3%}KMo4}tJ0+~I%d#j>xVR_A=n)tdzF zw=bMi_dh_h)AaE_`1A2v1nDJ=tt(7oIv3vgMgB{fXOB4PyZkE$8|&Vq&z3N~@u}bD z6Hj@cP5S+L(oc5qOT5$ANJLlttsA?Teyf7yl{UfJFwUBgG z05aR*e#0$?qCJl)alE$0Hu!rkB z)nncG*!aE6G0n}!G0Sh~XbIamTd)RuV^j6_{2eEg?S@R@seHt@tb1a+XqG7SCB5aw z(#f))Q#*zVoP>t8Z&{k($%Paj^4UFLhfA#4@_5Q0tw!~njh+3?^dfY-yHi(pNwAgM zOb-+Cywph_Q&d-jk~@FQ{T1v1>+5y=Qf`dy|2lZKO+`_yRxL63t-OC_^X1d7Z)ule?egdO) zi9lScS)AQoz`>Og{goQ4H*fuMJKt^k`#V&o+QP!ZKZ#u*HN}qcknLG3H9cz_`~AYw z?mf5%bq_z}a=np08BSH4rq|9~P|U8$x;coo+jqPnUOv~1 zE`2b9M(N24-I`I+B*ezEO`Eh1NU+4Y(obcXXPKBlUfUMVO6NAE>n)-#>l)L|c#)$= zqwmgoLB2?+?~;7VshnVAwky9T5y&Mi`QW+1nQX|SGN`rchaVy@Jr z+%`P5Jut{5L9{8DH*#~|$?C%xOP&1zqcYB9)L4`NLz-^0T{}sjEOLRa8X6)2OZPBz z=`Gfp`3r@wWUD3CL4C-yxKb<_@cE^8nrtT{u++08Ru8LBOIm60b~!^jwOv$C`5O%{2? z(bhuSJE&hCa65joX^q}yvUA^pVL11Foc`_KZC1VQ$3S>*x3-g3v7<5e`7?LoTvPv4 zGvow`?BaU#e0_m$$IRaJ{d-H4BHc#S26tFpZ_{X*+<6GnAGw>_+01Y8yjR`9wc}e5 z=5b9qF;!8Gu7TX^GCr}SNpwP6CH1_V>6qCXKk?ypTsg?J)%f&ibYvtO8|!Sj&Gw{Q z`cvZg`Jw)5n0mc)Wn*Ouugua?m(?J7T1YiRwV5Wmdg{sMddU(k>u%!M=dnclLEXl9 zFX_9tKAw7fq!t5OoL4!d#)z02M0gp-ElsgLpv6Q*YJlG)flBmP{cL>s}8{ zJx;qVr@pXSyHMfq>;i|5@t!iBRHzu2v^MX$xfwG{DgDRMyo4tj;%&f99TXe}qg zC1pj;cGYlFhDKZ*e#fhuhfKn)67^r25z`hfQmXrQFbEf9TcIkG2-a}NQM(*;fpx1p z<4ATUAh9^m6On z<>y>hSUk~99+lNq?XbO(<<5DDC1rzF;y|?wtI%zyBmbNK}y&#b$skDZlR#gpZ z_|=#0N97)uH<9b)#S30oSNh{f%kzLXoHdu|Iul)AS;+Ua_v?Mej1n6r?%ptAfJ7!F zIY2K2s)uyEuwY@DlNC0K;m2IAYmnYsfnmN{*bPbiaMaExM1KKKbWG>H&Z4i?pBU=H z4qE+!eHe1g*7<-_iS!q46wkqUEz>%5ChOHiKpvFCwK5ahBFn%E&3UX*O z%z?Z49Sj^K@bYU4_M)(;!R$=m|E(vJA~D4x#L^Nt)^X!t6@(p3KjYXfXu+ zv&x?OV4;~Z3`@Ofb9&Gw_|$4#bna)VLlQeP1CwWepA7j9?$oo4&Y#~S{8SJEa}$D| zDyz-$pF9W%()8`*o4thxWI}+_L#NqbJxK2;mnHhfNCXjdDuRp&pbu&a0!q6=0*U#MMG(cLKsXCRPO*xb5;z=$8q?sd12HBpjr zyQ(1Fac5*csWdU6Jn0@^?DmG@E^9sVyU<CoiHLIN zu9O#q$h}y7uz}K4DG`=ZYZ`vuS#U6N_U;W2Tny_lGTfqJBZu)5y)FYs*8E zrDO3HGB%t_l5By88h5MlCHm$=Zt}uMAFDBd=t;9ipg~0Pza8vuUY3^9S!R43>T%iw z?1_ZKU|G8uW8&_j`dkPhrAT%w>X0k9D@)v<4y$>3X{LPl>20qEh)RI4Zr+4npGF!J4H0`HD;<_Ye#G1JZQ03DX8ko0l8(R7kgXw z^!BYfRr+m;nZC3Ns0vU~=tUd7cZNDe3e-_`jC)s+v<}nwa+a!D!3}LjWN54(0 zPpH^Q6rt>Vl!>m=neY6t52siJXJIbg@u*PV=3+V@OM2nL!DT)B#la}c#f3nhBwrFl zSwm7%S8Uj6R%1Gk;@hhAwyg6j655`1g$7C)6d8Z!V@pVV_33d~ia_h)2jCTgF2LA| z)EmqO*OX_5%Tc9BaPzRxL!%GOj=C>a=J zB0er^ZF=fz*yRIa`dvUkAXB&_{BhS%4R<0pZa8!nfXC>w#J!6Jh?Wqake|G#-nkSZ z`Yu_ZVEQ-Cr;Ad`iVA~_G$YfaLWrBVIJpJ6KemS1p6ufeUGN`}Q^$hy% zh@_@V4i$dDtxe5=+e{r2=Xk;{dpn-=sYkW8@ued!$(PIN2+)mACKq%rWn(^|` z(docSc&37qMe7ABPwg@1_4`4$!;EgmR3#PFsmW=hEkj~%mzuO%oU5GUgk=hS^7vux zu|nG>${c6uxdv-ZGg18du$0(%oNvz6JkxGW4dI=u)d{uMZ=!e9Yc1KR28Q~%JeW30 zMw;UXbtOHunjD89rmiD-?Z*P1U;h3&##|!dC*s}D!7G}3EgYwraEEAxuHVH46b2ST5wSX6MU9ZBS2inB*LeP?=a#{a%4O z@7~dTnJ#;DTz_r2_I}VUl^y^pF!@SU#&R$xYq+VNT?S9=D(~r8*C8T5%xE#nq$G_+ zeV~q;J*0Cl{pJ|{uEHj|n)syMYOBjjLapppRhoavW1(ps0XYO&s$bGq7J;K6O&pEO zp3QZjzyt*)bTE#PX@Ku!V-*;sXUqfVjoV02I{A{P(PXJojPl0DhAr}$BheCtZ9V#A zytqIl%-<3h^8+jmK+LT)YuQ{Tm0}LY@($8c~)3htWj&E?5U8N|6{I4kHS-%RC1VlY@MsE z-Q+$oxxpefl_snz%nLqkdVG{pfI*i>43$7ZMWN}k&Tf)VBxV%A?mz;U!# zciv-#8t8kQAP)OnqKo?Ac|(2tJ`^Q1#F!p?L;FcoDkTMdW?nJZ$kb}dik<##DmtYA z+EfMtAf-r%_b9_x**jvRfDe&qH!Yvaz;ko{-1EXsYj!xl(^$6jDHLh`5-F!mG(Rvv z*lI=qSg&?~Y$TlJOry(gvPgbke)lkpp-1)M$?wYl>I`3bUd*Ee>I|`Q*IY8iK+fx%-d`!HpkPJMZH+iL}UWYI&a7{ZDNJBN_hwEuFt$ zUV(wZ{9)Wn)BPQdtHYeUJW4V$b#3iSzQg&PaGT4^OZ-F)54u8od;9FHw*>|HO| zuR>ld&gSt_yWa|1 zp+$Pyx=6Kzu1-l9)~@hVPs?qT8S_zm8Th)tv$bi=@yPiif6-g8`NxK2CkP|HA$J?N zSJSxMFZumj4a|XQRp@M*QUBn~y+noSS%a7Q(6q6HL~oPIR2P*o7y-!5kP2`xof_y^ zg&`_q(PU_pl$<_t>e|ggb}OvGl%pr|OK(Vj{6IAqs8Z0?9X3=lF*bhN(OiP#psn`X zAMwmcK)tIgSqX`>XV5}~ z8dMUz(+>lamWD1avy1c7>U6JTB@a#bS|%+wpeOSUiAnaUqXxX?T`R=*OhjQT96dG9@FEQpDTS==t>A?_xM%dCLav zF3UE%8#W)`GZ%ROEXFhp!Dk1A0$x907fi(Wil(N)q(Z4F(3V8}scpHJH*bWq#Fkr5 zx-MzysIbVCR8;V>ur{~YkpvV@=Y+D-w3hJE)fp0pT`)S%8&WaIjcYax>#_V)OuTtp zG>AU{eP3$uRF6mtMDH6O_PD2-Y8#XMnGk`vv%9C;WZwjG-(*Uf;}Ho7sR;>T=!v`z zTje?7AxOyRg829vzJWDbXpMAT3b~o1QC+bS5%%BgnVFAd(tqF7Tt7>BvCgHawDFAR z-WzD3kx@3tU@^SE^+u11igF~}DYX6)gigsqad=sPd-FEonz0`!kLhf6T4CYBy;BL8 zuo$AkJ8W};`6XiyLqo&za%P>TpuB`aCX62}Jx1O%M@9h)xE8TiE&-ywiV zMnN&&1hsIzQUazNe1F1D$tCd|7Scbwm>hPN98sM5$pH2$t~HEEhyqQjM{t@2IEN_4?s(ISHGd(Ewe4eC@V=Ekd4WaTT=$n;kItOn@&B-ir)A+KLu)DFTIa4#m{>=5=WrM>xi7Z98%gKi$0X)1U ze#B-)P0jJ?zOG)EH*vVAr4GMGzj9bZgg$*eL9Yg$ZMiA9(`j^c6a}q*u(-&R@{mxslV1$+lH?2UOW)4BaF8-M(QHhEyKm-#)6?@dcXkMI zZojwYzE0PfolQv8m|IAQ`18lnQAM=8o03T9?dIm@{Z)Bye?R4ExWAFWIe#2usz`hc zL|$ILbkD@sNU-fr_owI4kbThOJUeVwRz4I1^ zoel2hf2|T5i^DaWFeAssm7kj08l4*m4xF7Kp@#Vq5+ZaqIZIaXgo+Yy+uy8rqnVpO zZ0j&arvALB_%tL0CT#Q}-|a&FuM^>0N=gxZ;H1f2_CFccBJyubm8V*-;f?BxesmTp zDE~Miy@vG0)HES6QNu4H`g~*tSI*qb3~23qbzgWUv4;9ACl`vsUY?e+`YH6jT8?BL zl%~eV$3?@=oS}PMf;}xGH>=S4A||BD7dJ(;>grq$+>1+k5r6+8^=7;G6HIqZ9E|$9 zNxyhTcCjT>*yN4zkTYF2T=slzyt~G8>e<7&?ECf6CG@dr4trZ- z*ZVEy*CCS@E=`wxeSIGeEmI+vA@e5+p`oFpa^$R)717bn5hU?Jw@Xq4`1t68V`F2c zdGEnYBW`j^VlTlmcXo=*s9hZFVvRx=MFpJrAP^^=277-^X7jBJIGAMvUoV6ZrsYHXq zsG_YclG$r_?2{5us}Q03>+akFLLGR1+&~#hHC!b2yx&II{ZJV3vhuH9`7C$iMIx^s zsdFQ6G%rvIrPJjrDjdMh5r07i1qFJ#9%=ywjO~XTqIr206&n&R6)7od9-inP0igTt z>ndun>V;wLUx)MTxY(~nMW9JWs3b>q9`nXcl=CcDd!s_VotB1{GJ{0~u!$3`Q&x6% z6_uEECrt-?dq!Q}aFoHxN#*0ErbMQYgM`>8j;PDypKH1+|Bhj%4~&nEjgF1secAsm zRhokld;#Xy?12@seXIh#vlE!>HUH0y*q%pjw%sKo+76$)if;VEh^quh#S;KvDmKIp`b}=4&HlN%P>c-2ii4?NYUGlJ_yhzPyVu_| zmudiX$j}czJ7e~X@bS?v-&Cjj)8IpXH4y6KL(V??QBc`ovXN)H%%rwPj~Q>lHIa`Y zNt>38%zK$6J|?DP`5V<*t8YCkjpad2nkP1{9u9Vu4p8|`oJ~V;73Lx(o%+g{0mv+^HpFf|8%dZ@8onvA0YiM5c zU}C>}|Gu}{5R`YQsElQYg!sKAgYHk_H2IAW{1}5tkde;z_V#daaPHNwySLE1uyJQ+ z(ICH0yn78tzMiQ}K|?}*1jSq*3AH12@&+sV0!91!0DVR9mUT4d_h%F4x>$Sc8~RvY>9;V&LCl7!3?hlBg^ zK(P6Vb(Nv?Q{=$WprXn$rgqD}`*&IQV1IvQISBxdSkb)^(b465({W8dA`Tj7UqJ*10w|?wb7Ya zTjNYfM<*S4vXE^i@*7<>0Vj@JrCOGpu#)pdZ09eGu{2^zg^SGTdc{YG=>Q4<>gxr= z!@OQCigkdcGaN->V!je}FgA8I?C|g#0iosaFr~{)HZHSoveeAh_HQb$r+C%^h+j1| z)iPUG&Drj;k&zC-Oh0{!?9~6`CFce^szi*#+Le%z!Q8Ncwh_WoCe2qPA^Dv`XWa|}c#--`=Yb*{Y#J*$~( zzcu~_%YNMMneH0Ei}XFn9oCkD)955B&c<8sk|$o$rpnk}!mqR@_) zIZ+9DP0#H8M9Kfq znA${En`*+O07c+*{+TA8J*GxyEP8is!t}H#0Z1wd!e$e3UYe7&8N3&p61#iAOGiP0 zLe}^DlaRlwMr86Z$$H`4Ww(y{=B3=)b~qawo2+jD&HGEka&v(OFWSUM!{iVa5!tlp zd4I+n6EWW1q6lcCHgRGD95&c&nXnEg{zVa@+$yLASS7Zc!4 zV@OK!85tTPy!zHN06|54@|~*XzjF!6$%SR>o*=Ld4E3QOMgmH$#i}lyss3M8xG&37 z%IYkY3(j8eUDmO|8T`>>=^GGUoD=o(vf?oM6#;j~_Yf|M$AfU+hop?}I54h!xXAwf zUB?*l^1sVHBI_K^xt;(0@qH+0I59M15xYH75V7cTkxE`jarSzGEUH(z#;u?<_a= z>FG=JX>08IxjzXJN&OKzjrJ{z|4!Mzv#=;cBU+$#tdwCP8^=_ zf)3KsfA@RL))^V>zo(We0nY#X^}praX@l@kzrCR@&{Kc*_zXCWB=&xeEObE-{#(X; z;{V%Zi5^-t!12z(!QzDT-$f}g0~gjAhn%(-&VCUwJ@^0JYVY`k-W3k6Be*QjzbsFL z00M4CM}8D4sWI5$$+T-Z`$7P`RRi^LUuF=NxbLI>$bVMEY<=7X0rqKfJb38iH=+G| z>BnuO+z_5BoBb_^*6TC%^JAxiY;-~7*SFtE{u{adH_qe=Yu%Hy$33Bcas35v)1(o} zux;<&JZ$@is1)k%8yFiSJse^?!~R0TS-M-%)9%pI z*570mWtsy%_vcTXpP!+F!{l{^HK0tB)6?c(%`VGI$3{nEqoN9n^Y0$`F2}oX?(Vn& zNH1#4EG}+JCanAu5Sx;6`*66Qh#&VgCA9jk;h`1QSIrydz`j z<$S9n7zFBRi*b93YVi2?>%`@vyKR1|+RK#u{P8KWEb z>S*7H_?g%Aeih93oSprxuP!N9qoawP8+QE;j@++Si*T}TAw-esw45Q5y?ps{dNq@u zs=86wbrerBr_t)X->iso4#BtH?{m!M@A)<$Gg;kG_Il>v)dBq_VQw>cw&19Cw{A zra=BU+m3x`wY83i%pHJ(g_ag>Ntcn4k%L2h&bQ=$ii^WGeqSF!V9yl6eI>elX$I&C1DXa=FY%Pk%yoG2UTnz1+36Wk}%%_>##$GOp|4XBiY^68S_e zQ;b`6W#z>o&);?2+8UyD6&0*x4<4ef`0C;k5P+{x$a2{HxM^&Sxsyhq(V=Y(LnY*B!c7TNz3e*e(HkctjgA zbJf8qGRBNGUPzOSU@m~$qJ&Dn!({i@U6{=SyBn5WF$!gQYo!0fySDnv<#D?1kE+cz{?iblf#z7YYkmE&Xzn*MU7|ZMKwpNTD>wW*w+6j_v)gGw z7!l)k)}!N>)3FX;nCr;QOzt1qVgA=t&&7&jS80Y`z2*`pN2Gp5;I2fmg?gxYM~fM*RsPwzwbRWSvq zXXdyx=4YZp-?Pq*q_=0L2~SK-AUX#DQ86b-zmC4WyOc7BUi$Tco=sh|9yeA}1Q9Rk zLiT=Yz>hvMjVoxpJm)V!&xM5+3VNS9GEcVLtsvl**U`O(%(~64R$mRzV2)kDgl4u*adqmZ{7jKgGeSre^^-f(^$Kez?wdoL~k{;T4fSQ%RjsJ zYO^A$q)xMW$J_`?N0ndtp}DCE@Z5vhaq7XaKz&nPy?g)2vRyA|{OQ&t@W}kj4+48g^~@fP3Au)y0O9TU6BBJCt9Tdy@RY-*9dgaNf^j+ddH9RyLOW zf)fT%uDw5g_GCdm zk98q+Z;u9F<^gtSsANC@stTV!e|{_Z|3lKPr*IlhsWc!T)TI*}1hZQh+t7jgLd*v4 z3mMtvzOSG5gZh99QBj>lb40uXP(LVzhuKMjRDKO9*bOA41fU16kj_A%6HpBUp zKejo%E0zlT*X8i?Wcxgf4_27!+dF)n{kzUbBw}78HQ&w2r1G z?G2ghg}ki|fx4!m-F}w<8?R~v;Ju)X0XEtHVzOfp6c-b_KI=RO8-}LNfujZ6P8X)k zlR)iCI6VS;g9h#DN9L&t`=|PUTbEGG$p`oy>OyRjQc?X){j+jkk zK)|2x6g(~s!L(NJ)=uf9*19MtMZo$jKNvgQdbWO1x>izIb)f2X?y>YL-<}S*bAA8* zeIYlpX$pwuOavWBvgYWm4kS^9^dfY6Ijgyib$OiW1 zeqM`6w*plOkZK-dV-@>(M#^Zdug|WxHgQn+GZ5{_)+wCHfO==20Hntx#l-=~0J(1( z28On~4_9wW{QUd?N-1hIuu;Ic{wj4L{^R>ke7+`CMm|$KJTNE+2NYmZfC;B@w;Xk^ z!Xn^?&3QOE6--%aVgUt?iA(h92k?bpZy#ZX>m+Oxu;0|wC;s~jLL1v4jpeqxCj~y@ z;*t_l(^Kp$Ylc}lP;<1FkP)m3ejFWe2zID&#-@3+fTsSy?eLuH0zEQwPrCV@(Z?aWN2J z+!U0QMZbUV>`Xw`H-s-GrDSZrearZ4%8EbOY7_Cj=q1#@0iYN{emlV;sCs7(Q)JjP z1T+$+#MUnjZs&b7H3Qz$9lzWKQ~FmTZmbdQ+c9ZoVg&l7r`OeYpwpf|a(VaVqKk*~;Sb6JEV$Wx4J zzNmJPS5~n6Y5{hFipxq$KUjBcYwA2lLO!RKOBkK$0inI97wW%Jq6-qgn_HW#vzv$e z@xCw6GDkPwV_q-N0Pwn0OSi~OiTf+1FvlhlNS3`Xxnz$zk$ZG-L6Qu6OkPmeDz zP|}+#N`WLu`ew&l0U`M2Wq`jU`Gz0~A1_I?qRl`~o7kK{6Gf&-4DHB46Ah?l@o&scaXDO&KP`f4GGCSN#chQEECb()|T*&gG^g0;0ZGYd0sFQvPw!Tm=hA9E->+Ww+>cWB9j$L4ljsga z#Z+)-CR0_No{|j!JPnB|+U4%TR6s!Bn@D%}@-pmVcbx8Z!M-v*2S@e3ay~NLx)Aaz ztm9%LPZ1Cc`mgYlhHh=?#MBfqkE6xS$!eq9H9H4K8ql`$?cw>BXCbfY zxxcNzJ=kpzrAWom?LJMHCibJZptAzCo5G?Z_~|a7#%^ux?f2Km))o)}64a(|t3KuB z<)AcOUVfe}6`vT(v0q1ZHZUMfLPDacsR`Poz_1a}diYcCw+53o`{Om$)j@3nPcc74R}BaE70uKRw5M0* z$jHcL6`5-KzFt)JhjVP{QR!O5^4ka{;?ejRz5Yg*HnWNMy{t1yF~PPUal#=-B8AC0K6q;IUcjh^18( zk2wIZ0usT%z>tuT@Pa{|K)d5uwp6_(PZ$9Q137ud=4ot4p5( zd33k4jo!Gpxa*@uDG3QK=aZF6^Xa+5^B>i*@Zlz{>#fVn0xT@&X&$Oz18*g_Aei5lv8+J#+H_rz{G$u*2ur(drS<1 z{Qr|DPpGJptGCnhJWtrqKy2NU!2 z^MSMv7wc6;MEn=5-Jy`%^X=Jklk3Cz>6Vr+1HYKS`u4-Nq0d!Yr-8nkHh<)#NsvQT}z*vQ9@@{!d7b5>}=E4T|GDsGeK0g;D4qPu+M^yFl<9eRHa>RDjb z5|ffhxNJApIzuupd77@G_f7BrM{L2>Jv}`O3k$V&+xh~GS~XvcjEpQT8;$zo=H@hP zVdqtuYO>G$mLH|5-sD~j%2Qtz7lNp}w`I?*f$rU&ZG!2A5^~v|Zw>zX09YKDx@yT| znE_-&xSdZ(tE+P4(!gvlFZZYAQh70C(1Q66+giMzO&6+T5fJn{kr^%BrSiG4b8^lA zMPpz%0;2@mO|Wi96#q!4kM9DB|1B>k;B&Pvf7ssN_D9B*P364>PwVaN1)6aK|LMz@ zFA55ynPTCe;R| zbM_V+2gmg5S5~fPpdPj=kdl&87X3U@OHHT2`BUa7Sd~{OC_u!(YN=O#ECciln#}5* zjvXBxt*UgLCLJe6M&8lUVXuE<((eeGnNf@Kq%J-^+#SyW%0z)Tob=HUO#z0Z=f3iv zSUSq(52e!O6S1X0P)T3Lm}S&}S^h8k!6R`zm|5N4rl!0+F4zZJ4?b$VU}1%49I>Tf z!E!F<6il$Dhkb(}B-y^t?WLS@Al&^m3Eub9ZN_k+HF;hzPw_%?XgWSU9mI*cIwYaV7-hmB?o9d4I?O z^zG9{M7%W@=!W{WMXy;!>Zhcn1PoYwqpeHA)YMd1805C7n>?YeK-qxK9WKE)ER}5|@$T^Mp9Ny59B0(n{gbfOJg{&yIOBn~?dBuv5HcG-dS`j*VZFz_qlX6+7(`M+0=;(K z#Nr~66t>^v5{FEAXbuFyS6Z4&md4adi81}_3~}nJ$4l@7xeDZoEc_qYI?gjNekKTk7opwL}H_j z{0zkz5FsHUApwDA;KW1FRkbsTfPb7X(G_3{!vrB2s4Drc(;EJAz$-lR6<&s0&X50` zwjPF~JLwM-y?M~q{HTuX?CgAe(9`v9X(~GqNysmF$nQn=n~OO3(POF4o^c_d5hrun z=tny()U1C}R4k9}qO?U^Cc=^e%x`RB;^&VaW?#R4t=cG5FP|#b4jHU!^n!VUu#rI& zsTIC*6%?={Mh+WLvK$x2@*1ms$y1fp$1i>Sefa8bb zLPbTz{&b1K^!~%cgUN8}U|%0*D~!c>z!`GG1&ZL`2%k%ANXUYwPQ(g=$Q8ThbVFAw6gf<*5sH zX$`JD{mA{m;eY_&PM-jP<F)7xlq~YR97&JC9 zG_;tjc3rs)t|!*0AK(P zDwWG_3j|AGYQSY|tS7B>Yu7s-g2+6a%oQCU-)&sJzP{er&>;KCH9m#zhhun z0^ll3BD!Ziu9~RRc5SPCt_yf%KN(-={htWq08?;S&VlB9kd+kY_W>`U@Y@dje@W3YRxfk2p+oz}Fg?k_41;DfYyX=rHd;YIiXZ_Ca{QmFfe4I`P@Av(FpXa`>`?{|C ze$vINC70!!C;TW7iLj3Mh}sMw8X)a}vO96&1V`w;m!3~o>HMfmZK<@YHfr}ocmW$P zPuB7w+anL1zPmZ^<`84!!_pbzRvai!5&g9lDS!4 zASAil6YFTU&>mq0Od4O46iG(Tw&qNR9i%->e~0VIFWrsw?CoE2-9Ywujl1g0mE#RF z6uFJp+OCnw5zA2<=Q%wBa75tdn{28tM{QoH{_*z|P0aMichDI#IF1&!J}xDwcxjuO z9=922V3+n!Zy6R6F*iA)R~-l#(j_6`vLu54^L~3io_b?rBb!)ucJ@qjhHjZBHA<+Q zyu5i}cob&e3{F+IscheTx45_%H~qKYN>J$4$4La#096T@HftFg8X^E18s;En1qaj7 zP7#TYBe$HLP0h>z;ndaD_Z+u>)8>j*hZuPFzJ$|^DdOX;g{i}b4?_k#<~+xr9UYx+ ztv$`|&a0N&IXs-4mNqs#>^%5!-=w2=<9-wjZX2n;l~QE^7jFKzqNAf@YC4Q6 zsYXeR)=BLs?ZVm`ufSXo)AS&ma|*@8WHEn8Mqb>V%C7}As7XnRmtm`1i~ z1jWJ;0Rc|=Xd@jRYhYENsu&TgZXggZ!>^BV->lO1l%Lnq>U?lmmyMmh7#`r+4p)pR zIHdmi%7(o3g|gDpJ8o|4*RQ9ir^i>fJ9kDqiWM&LeQ4cx;J_f#h?JC62q$q2k4cq% zGa?u62Rj=ZQg!+Ywv5$12Op3f=_KfkXlV23JQIqT?T{^AZp~$WuX8s=hO4{KYxXV)u#VFGc`5!kt0W>rKO#f zxeoAc!`d_rrbI<^X~QatJO`kvTZ=PC`T4gWG1y$>zdguFW~nTPxu)gM%J7Uo2Jt+- zeVYWA0KAIPA;cJ&`u&<_g6;K>Z`pqSdnHB@Prc`aX>67mTFranfDORI2$w3JjOir)_jXArfvZr*Gv^xm7asBgj&r5hsN zbz|dmGBVRYzL?-v^|}lh0m9`j@L~4UZ3>zqvG3j8FP-PDfnS}^DQ+poC!tzVcp6NlMzO^9nGLl#<%IQ}Aiuq`@@SO-oG;Ww@A_n6Au?%xOA5T6U@O%1SD_ z{scd+JC`*z<02ve;LQyU`{iwnS??KIO=~7#P#5jq|19%3U(VdVeH*X`CSpF7mx(R> zh5sn=wz06hUv9z*-LZ2gl9fi0bA*~i9t$mIZg>X-Xrcl@43!zC{AZE&m0jull@qAf z8{$vT%*=rFE-&AZ&(Cm5f)=~f+}s>bgCZUkTV7rsRD*k+u2dfQACtiH_wG>vIU4X) zpB-l6mPaLnEdR63q8MXGauQWg<6qa-&cGFc0m}tNcg)(|31w7~5lQ+6>IXR{+ z!4VNP2ANo-5d8vLGM#2e?Z&>fw6vhoYHMjh{b3Fy$uA$b&83SMpTRJksF4t#oUEp($VrIy zImp6~eweB0>5W@f?eC1EJR>cw5F`pSftmzU>5>f^^AW*44)HW>Tf z`~5o}Fh$f=WTr|^9!u;yvd;>s(#_hCld3*`v<3wTu+V~H*jpSZc+S}#;D~C|rkYUt z(E7T%qeqU=7Zgx*22ge7R7#FZ%nX;JGy%T=fAIJ<&(cPvW)YP?OSb0H2Bj-k)bef3 zBqb${jenpbfWta3oWFN%&HCU@K;l8}{QB;l>EOr50B6l7$9j4`6}zq?8-XM&aQF#g ztF@|1dc(5d&Jh&g-@kvyJPLAha@@2Ei>bZte^y?64~0xg4?yWpD_#*05FoakxImXa zbQI4*m}m{Sf;mAgj^47rs=hN`HztBnt42f+v+}z2@kua9$pL;hj*a_r zG%a;>iLbmQJv?Yt>t!C0_*jiM`sI-#f*0ss`Q$#l^z2%;X$h|-Edj`D5$J)IfZMn{ z-gO!{K0VUBJs0RvalkHAUeDjXdk10+>s-Ql?gE~$UfuE z*f%)nz3eEsayqrGzWYZp5el%K zoEues@#GY=Xt_FM5csXt1WX!}Q6T7KJ{#*OjuW-`dF<1s^F~f=Y)CJO5Yt|kqr2^n+iqM z=;<&uuq{ekMivaYuLx^1EXjO1aQO+6FS^2-P#o#&k9;eP5~J_-c&hF$&Pxk+7Wl$c zNDO>1LN=Ja%5PmDBajR=5i?MRn46ETEH8qImlPRA>7bON>cI>Mq5J8H90eGn$33x466F7tgLwQx5DcbdJqz0UA` zG;6>{>%|JfnKNXBv!IOwON&<)Ou)z?4z-wO-@RK25K+^Sz-7!t+c}i*Zv~2C5IvVX zB!H$*pE45@C9hun0+|D_jp@`XG@OIn+>D2m;U@+OB!2w3^Q~JMI=||d$|o@!CUz0_ zgJ@oSdE&qU8RcUiy1d>x+1uX_3rht9Ei9}gEo}&3&>YgkF-^zK!f#gtU}jH1q zE=v)@2>HQuQszL=Y+&|&;+FF(Y(06L%$(1PMlGjFa_-$n*KX_@$j>}2?Fi#|alB-muP_r8gySrgR0 zGST*syaa%;yx6 z#<$N<{~*iS=XAoArRr7k%k2~PlX_$Q^_|*Y^j-&VNApHeS{c-jUT_rksCuoZpKo0F zn%s9`;bCIp>6A==$-oq|3zz6Ji&&O6Taj9k1vY%l8JO2FF7uW?De(NovV@EC{kYXf z*^QDHtzLwFkzKz&Xjg*YSASvgtCub*Xt;#M$ESICBq!<_W@suKLppI@c04RD{^+%8 zFk#1&_=y*J^OkaTykqsUkW?z4%F7JnrfwIE9`N2 zW+3%omx_wNv9ZBYk?_~a9uVYR51-hwi#cV-Yj0}v;6BjeBeg5_@vD;3(#~QsKMK02E`Eqj z=VsgqvE-CNYwNM|=k1)A_FHp)=GEePZ)`MoMWbkDd9gb(@=@Y>yPL)Z8U=yj!LNmE zo(A0^Tvh-2Ga=!Yw|6&lp6Ek~p<~g5^|5AIS!zF5#PgglJ1@~){^YivyrHjmQaO3O zxA&(w@%;106Sdmw>S8J_XvwXZ?e4{X`x+e`7M+o9`^?O!+CX5ew|Dccsr{v2zsjbE z%7|Xi|H)i)`Ni|Q;*MFR?@aSUuk!8W$$M#SLMT;u{n}-Z1h3%XV+Iy!XC8kSh!B&w z6}hrB&&%q@ z4Jj!}N6B4#ymCWAjwnj^+uCN&5sRpBU|~TOj}xMzulEgoyv(a6BBJ%?Lz?FK=HZye zMw69mM;9(h-E}1pghB=rpV&6mQ07-AsO8dt8TmdpcZj^~lFWhfni?sU9jx1wR9_!E zv0^48b5%X&YJF_f!c0tZl4oe#le9fSajRH&FZM`itj=XLRT{{QeRHPQpcCgu zxhd_|>WZSR(8hQfM@LWc&2M=3dJS{wELH{7I?Zb6oBJ=@C@Q&%IOkFz zw#;@q^uEo7tA&F0>9_1fgzjv*sm8V_GrYuggi?A4td@r&uDr1HVdf=ajM@IUIqtqf}%&|#mX}h9%!jw z9cWOsC1G9SvG?hQT{AB_u;Q&F9=wN;Ie=dflIPpFV_ zYH69wW!tH+QzROT%{B2!SY}I))3oSl=fl1GJZPR@H&R~hD*N(Ib}J!jaYlW4G{(Ly zoPuq&{e8{+Kv%rXV>Wk?`VQY}t}p!TSLQ5d`cS#Ch<|8Emugdw_;J(HQe_=g*=5&Q zqBxfa5P&fM=+UE#KA-mbdMzzIrDYdzSr}Z`bV*MHX|lAr$kMSUgC`QxV~tfn3GT#8FeKWWACi;G;VYWakY7WQ=0jZgHvK5?s5U47Pd z{*G7NCf1LqIWXBEJTS0cr^3m;+{s?=$o6$=%fF>9bHqlx9Wz!|Ue1kamZFbxSXM|V z-e)PYo63W&)XIC9i+lB&^(5}_*0z>D)N5LE~OjSdb<0s`-;cS_RA`d_T?a!yPAHs0kHMZ%Ozb|_3JwAHcd%acn# zRSq4#TQa9nn6POR*$!dJpRUqIb|XVg`n>8tZuV3TR0Uv*YL!-zkxd2%-x~WGlJDFy z(3ny;G2tvmP&QBXxl8V?c2fLKxr|urug8WUyO8*>Gb7)rRY5}L;{LYop2PFF_?O## zH&6%QpQlUCpQ*;Dxq@8xQ&>^YQN%0g>)#omHFoZ-eYE84boJ_KGBUBNUnmaeB@CW9 z61$lP1q`T19$7aU0v9v$7KUv!gn+x$RUVMtbaoX-MvZklQmm%OsPpaI!kUG5TK4vS z5O}8{d~#AlF!EVK_uiY+ZE7vg_Se6B>Fx^)NL{rkPh#Z7O|>5_R2l9QXPI>p|$xaB>(tud~5y1T9TEX~q} zh1 zxg@k$7qDknclU|#aEsBlS!uJ8!uIxqZX2WabARWL7?N-%Zi$T5LLWPxBR8h=?b?-A z3#?B~**J?`V^Naqsfn=YC{Smbb8oXtV0lODrN7_gSAbi+^CQ)Im=439dfx`+V4 zwkq5B>DtQox)sP7AB>(|y;@{tg^X-4o#pI&lHzMkP09Cq&Z!?a#l)^1s->FDyLEft zY0#LG_2iUfW1l?soI5XEUQx(*;DBys)Dopw9lN{HrAu=m^IhiVziAfD72JwaQ+c+R z=hnM#EXCTs5=vfXpN|Ut@hqr}ji**JFKcSVF222;wk-Lyrlv1b`R?%*+He=P)sO)u z#wG1b>JIaR3ky-XujOh3z((aC+kYkB%L9RZWqDzKcBtu1moqOP^|^DA%iR@z+GSop z&g&(muW+P=?^PJPSNX2LK73|W{JuQX1^$vzZ!{5j5)3LTzaEANw}8N-SFhw47?}4QZ*I>?yL12Z0cmMwtUbMi zr*rvkZgR@oV|U;~ncwrtkBmS!R%_G{E4Rk6JeHE4#9PE1MeE0 zlgfui?Ts>Rxh54lZ?9ViV}RGax4Id!+Ze*9N0*Bd6IH|^ofHUKiy(G`4Ptda?lj%H zJpa?c>T~3(+cs3(P=P1AErl&ck3)fx3kz$yyLs>c`{hc57ixv)Qr8v7ruJK=>KpL7 z{*=n1^*kGpzHqd!_vHiGWCer6+u3F}+R4?KL_`!F-=y#JB<>E4XI#z!LaRdP{p9OL zf%L;)7=ky^Y6sMsNL+Nl-REOquzmhKMTyUv?j9g7OO?mH9Y@qWC{g`(Pj<2J4%bnwX^!jy+=XDwa`=f->{=TbVtb_#l ze+*rntMl7L3T!s5(D>=+@_7913T~~8M%Ow1yu2J1FN*Z+6`o`B)lF$FvIb_S%c6pV zGoWcEYkEp;s;x7d>v%w4;)2`t^ZIp!JI2YL$yS9cE}?mOvoDk~Dk|PBEZl$l_VKDm zpwTql(j%W#TH1IOl^tKc3|Cf8{rKT$W%d5Y4~{;>lC%zYzl|kBJ`(1o%Oq6Z?cxHH zs8e@D)tQ^hK1-fj9xpj1m(udcx9LM(WJHT&RbgbrF%4>X-i z-XlS-d`(!)oZ{OaG1dG4kOA5n8v5$YnMEsdGBwFee2kF~_PXQCJ0Cx}LwspwMrTu= zt1f)6lN1+sZ}6D1$zPnUn*PBs`n@tngQmuNieeYnh>2ls&po5#Dtg90n0G}fUcK7Z zKyyuPcn7mzXq>iI=VI4sZMiLs)I7e1C2cX)67;${{Qbnt^mG1aS0ab2i3y!}@A4JP zMP!}1=^@X6^=-+?<<^dL{k2C)tz8-(9v$mYa9GG<^2<(gU9H`*qqk3Kb}&=ou$7Li zZ$V=3$(z##{huNWPXDH9K|9DAOg~7Oo~;2GSe(x9-r%lLnEst<9XpxFgCO>0I=Y!# zD{7annY2EtQapGtXnN0feyx_Fro2On?4GAx>K~}BTFlJc&?r)y`MyQE-GU9h?oBQU zlgKzPYHCuP7lra(UQ&@FkK$xV(P&;)VJ|TkG#zado*QcN$jEr*=cjt*xu^g8iV`=O zxAZLsG>TsxXDRo9B)hTLIbv~gUw%dglb_HjC8pw=XG`_O3-QrhQ<4RlrVDL?dpNIN zDd0Ik*|+1cyRn_=hQQGKpC5m?YhrwY`50aPkuxWFU$w7}d>Q@5$+@yeg7bc8&DpaL z_H*+J9Ibe-cf-&3ZOd?+j*h^N&2q=`4lFE)rKHdjH25_3x-ZeudqXQE z-}*s5qnzP`{p5>?9R#EH5Uw4Y?|KA(3|k#NXqNd>b+*gxOQF;5t%g3K3?Jz0NGp$w zJ@c!MlU#`~GZL8}{FL>a`*n1?B~OYWyY$Y3+`$8^gGq$>5nK89`l-L!-FbS1R_>Pd zjLrC+GbeUyr>PSw&!0CA9dlUrq|SIG-R32zOYP-R7$+gY$Geq&x|WT@_tugTtkdZxxfGb5X3e*Q9_c1d{K?_|#VvorHmElO4!nw7J1 z;-j4;No6x0v%YM+rC-}0er1*4n<^^8Tw;MXyRYFQ)YO)wSz;t7)o$J>zS+W{OjPV1 zo+mZA=FN1m-+g6em-AXH;7O;C?d+%Sko?&Sxz@jlZ(Ssf_@g*p8(@S6y`rqsoLAs0 zu;@5}wpjEr!kZ=kfS;9{`}z9UcPICNDQ<6fhPe}cAv_;AdCMTKL2R~X5DEfs;|#GH zZQtNhU?_yiLMv;<_$aZsZpbt8l&yv<6%s6{-Gks6&Y!=Qu2lj*jp!3Qhyk8ukf`Q| z(uyIbXCXP*3O_3(;H}j#K>n{31>>hd51*jG7Cba?o@J0UZuG2)ty156(Rn6%kQ`WfLL? zhb>);o7^GRRGBB7UucbA8$n7jHa32tm}0EB0-L8wrorIA0H!2?svT>6br8%d8w>Gv zv2DW@(c_T;#T8#O$HZ#Se_MvuBf)$62&M(mR(Xw#Ra_mG_AR0+?^Lj&gFwYB=1 z>e&JB=GErnH_KwVu5`;~0&%ZJv+)dqf-Z`^qlA~Q3^u_NCt^#q@DL6hJ$e&L5k>r+ zJEY>`;>o^PGA=Gfds{be-W+)rOXUy`kHdKbef@|B547wa2?`2A8H~K@&wzkF4Z+>c zjv7K(qr8Swc?Iaoa9(v3!57x`ZO3}7Gr*@M3Puy%6@d%CFSL2aLP&0}Ucqz5KeKcX zpF&ZQaV9A_`4Eyv{Hk;bQHwFd{#zk5JTqHBo(>(i$FJ(x!SQ8nOkUSx%Z6;@j%Llqw-4D%I z#-TYmcA&FEYGh?(RB#J9HM5L@@OKa)VFW-+a#B)~(F}cy3|yx2%F5d<7WU22f0BE$ z;V`9l``52HQKAjRaC3BET3Q-JV9B+mWBF-oL<3Q4jFYgye8$8?L99|ZJRse%xx@4U zSsYw1R2&J>n9;GZfKUmDIw{w3&=@7{yB)Hdufg={!cZEPqjH}0W8A3x{QQ_0W?rIS zBiE|Oab`GAr{W$uUA+w?f?|5{ShPT>LaWeON~bx7hwi#G;Ta#V4T`nOZx2P~lCL}djE#SeVJ9P=DudVGn%Mt5hUR>DoxAE{rnuRR%HFkaQVjq*_-ckJxO0;% z@h=+45DO`;Y2J}~G(Gy&3E~YLzdWBCTN|@|T=|)x@{Ymd2;QD~Bx(Hi>H!`eGgwDp zp$!fS%E-zpfE$IdAKe$3bYG-Nl@ zst=oZa`JJ|+s~hKC%^He-h+P86#N;2fQbpwntbcT_b1-bv$^r{@euvOFz({jD?cBf zvQ?Xj?lYG!U&aQ3_kU{2=ED?}XFiPrG>N#$CqWB!FVVtO*HcR&p`nlC<4+~*Y3qZO zgPs6LUC=apXKt)sb)PAXIIJrLe{g1gcz8Ivtm*P@|GI3-{~cu(CAb7#mgdm7=iUI` z9s=?ts&=&a!nTdzs!hfz7unm_2bU2nx>mi_LAaMMWHjzLxmy&K*1?I71a?JDZFq1n z4}!Ux3k()eso==PI@hTQ-j^^q`}1dQeSN^%s~#p=3JRl{+&gc&EYo*g;#i<1AaUVW zV^M%%-C~ip;vz6YcR~k&*Wx1rvjFy4mT|Ww3{o!*1W#hYTKQ!XCu#4y$#B8Mzzm z&-Sy=Q&Y{^nAFhz=yL8HRrd1qkP-q5KP#&ODr8ev)hAI0@f-W;mJxuj1}e`R{_3=rcQiAK2q*XNap z3#U%4i;?fQ6uH73Dt0C$Fz^i(`js7=oZ6b3FFd<)^CqPAc~8k*-n%E-SxSYz6}yg& zj;5lIbC0UvGNL_1{bmdt4Gsxmm*Dkw<$rp`7)~|3@q3+&vs1eHnEXR!WO%-e_b3d} zp=DhdVbj;!+c~+kL^^cd3ODwAwz2y$M(AVYX)>jEG{;8Bo^3O zCVt?KX_39FtApbX%|w{d05eilyL!Tf{n25C4JXW6vw%-@Z*Zf@LT&{D6f{002~)9y z2hU?&>xJ-B^Z%6v@(iZw3)vg3R|QY0s=m(1pk>93*)vx-d3fqtT8531`V-vPLnNy>$9 zN!KuJKuhakY;0^nf%An6H2(&zCnkZuetgXr4n24C#tob{_9hfubUimWH>{@+iE+Zq z35Q7z?-)ty7EDS+=7Rm;;kS(=KsV-v=8B!jVLRD+`v#06aMmy|F*!LpcGtEd+aE!#g=fLa+J!x5ugxZ=5G{f% zV1;dk?E`C3tcVps(6zFnV#_X}&8veye%#|SB(6get*kbx6j1N%ZN@OPY;hByLPd=!?}ZI4|w0AhO4#s2W&*$O5WTD zPCE=N1>M zs;Z7`_dOrZ`}oO|_p##nErovocz_W!O2Q%nDDYqjaS#)^&~Sir#!zI!dERjb3qw_P zX9p(Q(x*@%5!6~SH-z^>!WB%lISQ%g!LBiX; zb>n&3R&p~lOcFR`x~pSv20bfqO9fn@c;Ul%JFD&574_i3_9a6bn=JGa{DGB!TkFKc zse-<~n}wocVq=S}dZb`nT}ne=3tH3K2T5tsNI8iywCB&iNJ&9E6;gJ2FFd7avoXrT zk1esr3TeU2fwoDMzUa!phOlUSk3+}ct%%0DL%|9&$pLQe?nX}Fcl0WBVBN#jj(8Y% z;?`@co=S#;iYI@spqcm6x56+4YdtCe*qC7+=jGwK1r)ZFwsGrjw30;l`pRZHyn!DA zh`a$mJw4oVqv9R|mS|Zo(RG-0JtQHa8^IzY$x`xBO}=Se7_1d0SQbG3hWh#y%M?d~ zVrs*9q9k043W={}T;mz})+e$NFY){E-Y=d$J*1qj1;5@n)mo+#j2Dl4P$|?I|JBy$ zrX_LSQo}rLE&ZpF8T~UN8*|t@orzEG&FxpeV8q`JO8S2hdVZl8IiK}SV2B{P9MG_Z-}?A*AIcy8dGrp!)C+ir zufP%y7m0ggL|(eaeca=0lqt;10s?op>@v{R{RzSW>*|Q%`z3fk+ns3Iy7I~P~~@bD7Cz$obz?k^=J zU1&9h>1f{vdPYXuxp8f{C6SF$NKn#qg2vcOZ27bu`(~!6mzaKzBu<8N$)T#6)hi)3QKN zlC!(GdB~%jKwRsKXU|epU){?m`cN`K7{LjqqS68&^EL0rMpm2da&Lrz&AWtT;UhzD z8a%8ho7`B4$A@O|#q6cO=jHW4^rmrU1?Z^xXSe=?pP7V%6qP_Pe0X?{u(q~ko0atf z*c0nvR5oxsZewPyE3759FSh5=)6k?N6oaWkqzJ)rD(ZRGeJHpvQU_UZ?%s3B8(O7o z!&Vj5f6_7z=JjyFD{E*J!H*4^0%Vi6S)mhjUr!){*uo}g)PQFs>IV^^HZ0;LHPC8ameCPua|0}f)5ZmVM;UNy=ajQ+}4 z&2ar~(av&}W5HAZ1V)Up6JL+y`MDA?St~BCepaEGhXv@IkB`sJZuZTalXT*s)Bme4Ghu}8uM zDWT*sag8(-+1!z>1_J_sg=Gjps ztA_Q62DfJ()9Vpn)9b| zBadn?#x#b7DPFs_Yu7H!vh)s}ot#t!m|Z)q@&hbykzW)NJ$ExR$DlnsERm0RH43uA z5ebs3w;2B?sQ+JyWNnOFE7LQ7iv(20Xo8Q6!v=uf6^ffWC3IabNuWj1ogQ`@k4{cDrLqlR(Z%EuRDsj&Y={8D9$LeE1 zZ!h(0t#91GXNrp1-Cd_HvfJONih*i$_WOk!aplN-<_-??3KGjWMiPR~KC2$OwHCZDN?VlYaOJzA;PuKI-MyA*!Z$P~aOr-2dJ$Gh zU~icF!H|=965rq?(>ByLZVW>RTonuO7yU ziI$e&_sDZeNkqxOR70RTw$C*?Au(E{6`3m-KXWurH%K z3`YI$F=rZCLyEEhbNZ068pfR)&tcB)KSZ zIcl$Pm|oipotTzLNMhWGv9+}AcVTu@PQcprTXq3J<%g-(ic z#vS=2)RlWqIB&O#Nq0~p+4sSXhHA?eOdZIS~=DJol8g$V=M4zUgl$gx` zjYT%=mG!hcWaS+kj)k7*(o~uftlAk&`K3sahc$?I>9e8Q2px|M^RXA0UmdZ>zTaf2tb)o;4w20LWm_5MDIB zCw2z0xHtThHJo)hWbCsyRbtlA34UlPQ!^hk?~7lL%c1T8da!%gqa7>9)epFMiFa4&FLx>2@9!DNo#forOyVa4$!&b%emRT#1xOFMtsci&u!pcwC*p7{Io1$}J3y)mj?Ls~ zC2hi1hN$)NBazhwCawEXas?Bj-T`ZUOq4NWbjO9y%?Gr{^-jDQ%0fVa5P{OVC!eBQ zugLnykxYQxipok9(muQ6ptr%rjZ6*xNL_syE_BwW^~3(5-gSA)7tH*;RkD*5=*#OxIe!?A)9lnopgj#DW; z$fQV3D`^}2MqLw~)2D{7XW9kf@MI*wj1jQX=ph1!3jo^O(xOe+>6eW)j79+68-&f| zx)=x3>uBly?Ac)a>EY@poj?;LGLomRc%omg!{8L!Bt1LAS!cQORxyDTH#4W&zQOqoD@e7uw^?zPrON4@#i*&`$8~uG2rRo;nx2*wNa$faaI>BpJ>S znWRtG1y!Y_$j8bK{;J?fW4|Mm-_s||ohGoAmmvz^nP{r3t6#fTtHqBA7uC}zi%q=6 zv6z_Q{ zb_l(z(2Sa;O;R-tIPfCO!>_2UpQg{^iRSN=nwI(;IN?gBb0^pgbp9He9`ZJ>R*dDKS**i6YUVQfFj5Yom2yMI@-g{8N?2)tn2iE z8>&$lC+sW7^RZ~z>BaKDTQOKU$XqtOK4w`-T7KT%UPNRai70LQ=yoDJBl#NsKAf^- zn>fkIVyKEVO#ECMh<|-@_Ft%n>p8MslY1J-nRgpK62b@safm`gd&M`Y7H^sogRcSN zSGMg_l9T<9#rxgI(?BQRF45x0F4)Q}`uWsrhN*_%@fuCh%-Mq;R3tVUq77dUQ+d2J z`jEgG9A@O!I5Iq5Xz+NvK`#xHv#|M2^*SFt{x6OU{_SRpeb|s9qN0%z5w8kguzq{Z zZD3#k?*noii4qBkrfB000upX#{%+0&an{!ced-qLlKwJdyxgRDOmjI($ZT?a+$$h} zZ%t(6J9G$O!ZGUVJd__$WNuG3me<}taC!7w;U*Unk|LXA*#V?-uwp4`Y5j~sf`Y@} z3froy&%)mTu8KJQ#TiOIMuwGSW7Q7#;T+!{rFqhCWC1=t*v`IK4`>C0B%CctTVsWh z+={7c&!GGzeS!nx&QO2M>%C2<<1b+Gn`7wA<4foa1>&2ywL0IwXX8ds7IDYz+qVNN zhp8c&E_e?oUf3_Ox|9j5TU@+~W+uoQAa%W$2cd2PR3S4QR7`%Oq{fwjCN?yM{umrY zCfi6xcJ!Fq3wa6jjH}4WnSFVFmGrFxu}c_~1A5L7m;v;leKHWw2UPC_$ZWn-E*D)n zq@dlij@1TYF9rZWiNu&SR6CO^gwMCoh7Rv@#t1&PGKfh7>Z$zfVLR{w7^cG zignP|j*pFHDLM~t#M&?;{2IDEC#clKu`HaNoP2!L*O-~z26Aze@nM>0z(++f2O-e@ zO*OS#w)j@i^(v&CT9W1ai#R>W)Mw9dzRBEOWNOZ;Ay_GaqCY2#Q^X@5{<+y49K_dmLjNsu+oY2$_!g@$WRp@14Kq2AD^~lO&Wbd!3syf#>qJpU6p`f$J3Tj z(t^eTKa3YL!Cd4_X(iX%`q@mrUV!!C`Hx4Bux|Ct1pWaJ*Gb16`c~W#CYAF7CX z3#G5y83L`Kv*&;}J_~?fj=g$KkY-+0%rXgJ6W^h$FDkioI7NvToUvq}W-+FvOwv6Gh zY(oE=G>ud1usR1EEx@?$7eMEOl$ia*)4VEaeM%7NiUq7VvGb8}3GAe^=FZMn5$&tQ z-}`cd?%y%hnNhyxuW_LM@j}_@wL7k1to0=kJz<U#efoEnpc2kg0g@Z9xIpHh-@3t|1RUoaN-(NR z!R@Qy%b*i8+GXUX7^q+e?Ao4>0gE!AA_#Piip0 zSRqI}zyotPs3oiPGn7$p<6D$2Ulzmsk5tT|dyghyMa69Nr8oQV_d3!{jCf;lp@icG zlk(%oU3d4uA=-wrx>j#5!$Azez|`~s8{!nNi5*UKPG_C{&%|_|D&4|afX*EBUO&6? z90XxX$_PGEZk)jNMsjl`(fOg)`)0-gHgAawaXsTY_^Z!Dpnl{Zj(T!EujGsSW zv2=Ra@k+NCG`-LB=f*d0zPf$-Fo_M@-_eoK>c{;j4!;@f-E)lLM>Z*mU@a07vEpN7 zBu~BV!o^tW&n$+qEOJpo6ALtLBnqT4;eP=olg0l9l)h**p6*yrQZyc$LGo~)yQk;R z(6YUoNw%jmt|>VrUzw`iRjJgJ){#t!k&uY~b^6Dj#wkomB?2he5JgXMes0w~$Y@!! zFe8vwyI5Qc-HOGuqQTa?ersFgh`#ssfT3R;mzO2Uz%Y6|SI4T?-B#A(-;NdSxt00H z-U-ThUMV0byvC1W+RZ>BOcUGa=m_x_pfGMS+q>&+m>h%W#R%y^C&O|ch^7a-?2$AzR^+$A1St5_I|T=D9nA_< z9@el_0K0RC8XFoi?b#DhgO(8t4ip4r7ZgNEbx)3CYV@nvzI`4TMv|skllB?e@1L5@ ze<khuA(-JS z6i`@{Zbo@5Ag@Np#5hFVZIa+v;pm1;1+@L-(ld}e5U6^s2-}3vFOQKRx%I>W(ysD8{#U&G`OYs=fP{@vk@nkOiqH6L}7Vs_j?R0C5}lm zD?@BREI<8nv-ZCLJlP_Lp9Zq7h;=g@hd5_vXZK(NFSvX}bI{%Hxv}G3_wKnbp$Lf)M~>Vr^Abu=X7@WBdWTR*BZQ z(3UjUvr96cMb4ZYS4Rx3%gN^ahf|qohC6M( zJm(J}14P*@B(&;o@;Bt>?ULX~+aj|eh$Z;QMolbR`&%F(KzLR!yNygPFWMa@fA{5u z66Ohh{{}n_uh)YI4>)J&Q83hwjEqct?)dht2-18VA!a{)_cXP)M3mVq^v`uY?*C-Z z)Scz*t(~g7vZb3{zUFmDlxPvXKqF@j>xcsCfQ=(q2Au4npn!3kKs>v*N<;sfjfS#E zLqMTC)RsdW6Zb{({VY7NrbPY>fdOt~NSaY~*)Lx{PfM#ZsKCBPG1Y7;6eRSEa^tGU z5ghz^(b2neT%4uNj|ugCle`hK1@n}q*5BRmgTp*C5O#okssz2m}s56* zACDSP2tP-lfGNghe$r!%7r(d|LOVv@g#-sjeo1@wEFv`2!wk9)W*o7(BZ}0$dk59R z*v#xJC?0^3nZZxeL=TA%{M!nfwNNNx_CfckIkdZ8Wc>DpiAm5pAhMcmag~|2bc0;P zgXC3b*aR`=Q?nF|ETbON=)#YI0ScXB<uXQVbVy})@Zyam)*}XBs<4agL ztMFD~fTGaiv_Ej>;=%$WCK+$rmW)CKWz_>`WHV%qI2ZxI%;uQ2HTLS-{SMbyR{lj? ztTBA|pbHRDS@}U+9LQ?Nf`ahyChYhd*4C)8i8BI|_ux=tbST3hz^T<*&IAPy>4V%Y zC^YnyLEX+%wk1m{e}k8NaIO5)LC9-ied_i~egjuav3eU;LV339$zZh8g1s zDk9{9=X>|nEZ6Lc`^z!oi-?%RA^&8Jl>@qDICjE&m{zHH^udHPhFd__w|jJioWw?^ zb!Ai;LKYlT0jtilqcNxsvx!C+%;|z6fZ`x9kY@Dq&Pq(B1>mhZ*uR3afQalOwgDWf zU>MO{pgoz8z{VY_3g?-kBG?F^hCDl0RJq9a=^=tH7wvypBv5E!e2!YN3v&ntxWJIp zFlYnjdf3O|K|ywQV^!5gu~BIE@X`ezWr%J0wL*>QmUGFhsxfUai<+OQTvFV>UOut4GRqoQVLOuje}MH+i_6J zScK4k$u==k%xT>tLMZU*K%sT5vfTvnO;9dGF!fP#tFowl+~-r|JmA^C0f znnlhRuU>_J_O94Ak_HX0zR~T!Pe2qI?^DUZz#uXEajhkT9St!pNXm%um?QUwLEV>V zPS_zJ8Az#x)55&}0-Kvw{ukIJbJ@m@MEfn1{WCK!;+}tqlna!KO6lYN^9o-*BTX`8baya_o(th5bv-u@fUQG zeRn7R`&YA6xmZ=hVMFHD%IA$@=U{F@_XJo{Fd!Zt6+mX=WLw}a(1)Z0)4Q?pPCB}e z4uxwTSe^~v-CrL<=K|)oK(*Qreu0|0{@pv!XrhGuzucB^1cHG@mc^v!TvX7x#8Hd` zu{IB7pQ6_Rc1)lP6nBVrxb2mz|D=~>mH+07Bx1EwQ?O3{iLXZ0%XPRs2x!H9jYS@M z4hI?e1O!y|LNx)eg>(aTNJM0N+@UTFfx?>CiO$o4EiY66h!2BTMD&6@i{cx<)^y7Z zJ_NBRqd8q0yB&?Z@E$?k-k$dyY64_ZC_r!ll4{a^g~t~1oBcIRD1!qs&|{hl>D#i5ikFQG(Zl!^4&E zV9-1VWQ9fxzJV}&o|A1KW=uZ(JnB}~g@OS_M;(0(2Lr6NpT)y_^1-M%8_)C)r+on< z(YJyi#MCZdWX-lr5kEX^Y8q9d)oF_{MQ~r~wxK-tvU%n}C(hHgrsOdnfi9DfogD@_ zPqQextP7_!z z6Q@g#tJI=L@jugeRz?OC&5~L$Eoeyy9O|0M^!MM&iw>%b(48^43z!}@BZoq-B?EJF z7OX}lCMED6yLTT-&HoLTMzWUzR!i0Y>bTDRFE;c8nx~ z7V%5~F0Q1fPmMsb%dI?LOQ(&dq8{x3mM#&J=iwd%?~CJ@m%(hq9)w|{cho|`1ffy} z=ZQgjpsp=3!FGME- zq+n1=&6==77+t@90I^O_&!+D!gR>o@&nuk@D$$tK=g%Dn8d%lj6FpBa4NwQg6a)@P zZ=fbYyTZcU9NfEjp`ww+O3iQn%i&*a=r_NzEuGPM1Uf^Hr3f4y=r=|i6duI{08Hc; z`oASRmCKjQmYZ~|{9z2|3~ABh`{qbH&x1M(aS2fwp%VWO_kq5Bp4i;A;nbme%8O`v z)JU)P{A4U_L}CtW5r$U!b{rZaRm05#p96?^w~`Fs-TL5<)O4%F<=d|#RhPJE6&|r; zl-08ry6~g3&%M-X<44&8#EtesjIV?z?pf{U7Z_#>-#uoc-r*#^vFL$7%2#CItnqe7 zjvj?1(vhJn9sVpFo6CcMvY%Y=FutupCWw?NYaO;FUg~KYmY0cEx;4H7|AqtwPG#*6 ze>1+G*&IPL`#gc?H#-^I+kC_d4E+~M&x6p1gN+uiPjr-JOK*+{#QjzdW*t5#)4*RV%3 z_i}W5$2Vql20~c_JQ(s$5=Si!LlD&Eo`Hc}blFLw^#YZ50Su71(MRN^A&Wy7K}`cw z&mL&%@Wd9x2(q)|AicXqCWeOL5fPLm#KEFS{Y1Miw6k5ioVv>?hbN7&c0mlIhcywn zIx$fX&F;~Mu3bc*IL>nLCH+6f-UA%#z6~G0H8rh@WG7n4$jD48Nkm2{BMMnX*&}6! zkS#N#ArZ1iB`alRkL;D~z5nO!dEWQ^z3=h9|KIOEp2PDT9&Y#d`~7^b&vl*Gd7c*^ z?VcR6(-_(S#x+KxAqi%XiHjDo;kjFX6weL427p>DU+|?W{Ir+JBA@_FR}sT9DEDKQ zb)w}n0F~_E%I!_g5=?%YZf0Ru?d?}Ooz`I_#SVY?+d8JvL?&_#$Pv`kTIqMLC@NC2 z?KIM8yJw*uG$lnNrty^7} zmTU=+&`ZG46pY0V2`%sujQP;|iItMT1gR0>>dl)VbUj%y#0Nl`ju&)71Mwmns89K@ zb-^it4FSG_VTZ0n>gA-spdfTi!(5~#55sm2f4-}WoR;=!b2>6;w9StP*@AmW#22oo zK1yD^5A;EVaPcLKlT5C$xaWuH)MApO?)6l$TR%8MY~J;;HJIg%QLkaE2# z6hlA-ZPLHi*YhzmI~N{eWHh^b_o=Z~o}~|}*$TbBHU!R;7I^HrG{EmRh101 zYagG{y5m@XXe6K7;qQ|8;R81k#iK{1!N#3T0d9&M4vhC+De*zLG`~zsGslV)q?1FD zkd}rW5<(!LQ$8_qFVlTDwio!KU>&3TBw5Esl#s$cHuan&_GElWcUzvW{iP=a0^X6> ztsfeSxs0?F&mRPL3>l&MNsI0;7EuUDWGX7?pt^E`Y14z}11Z?$%e#VPj*ydjF9{Vf z5*tI~nz%&|=`D;*`5Bau0+;NS%=a=zoY^9(vpw@uR0|0>sLQ`Wj{?e?Jp6ImUtvp0vUx=oml2V`q6D-(>gEih+Jr?Af z1zQYGv%sE#tB6?)>}Gj@XE#58F>`fg1w#7|mFd46C0)=P1;T^Jk?P@54p17CD3HeF z@_EW6pc7>e-sWW|2;*SbcL_BIlK5-aEU^2DnErRGGQVR2dpo-!700rV8%K7hqNT;y zf>|_LsoKtHNTDqn8{3WO5LyM@rvxh{R)Qaq!3XH_+R=Rr3|okcSyre0y(QF;MWy56r0#5ZBO z`8<05l7^Lm<1cnS;40+H70!W8|cL^IPvo{{2m@rJHPD zr?3{KcuZx^bRZ=c(IqYr5=H50BA&+xUeE2{V03DV7iU`4I|= zDk_PuUz2LwVtO7OU1U(p0yqa!K9DM~T{i{0jtvJW8%!ZT1Tl%qQwl%}{uflJ$XLCn z{(3k6UsWy`+5|t9??+*DChMnN{-4 zDUdA$g@iEC1ncR-#fz|y{vIhztwFYN^H*My@x;nUuT38`wq6IJaQxf*c23Wn+P~!k+dFcxTCL+ovRxf z?(ffi`x~(cgk~M@guRd}YG9cbSqvY4(j7Z$>*`p@NfAXLjc(?og%JU;kTmE`K!lK5 z|A~!<5_rNIw!02ce`hkV?GnmxpKb}k{xw6^jzj}-9p^p5F#O)c$e8`nYU%FgM)<@A zLp_RyKKKI7yv(?Hb;2_(5q@a@Kv6{K!r2a`)7H@HymrtJ0CVC|;CrvQE@CXe7~T`P zA70tng0|f_L~%Ia=HYdKni@PG5(0XDsNiTGBFG`?>xQCg1q(h(faUXEC%o>TAu+Zd{!1Mc3;D9K*ka7=SP$@q3Tshs@c06 z2jTAB@#9!WPK#4pTiyc@P*p9nB-(T%A4HP~uZH@1$c3xb-6UgcRv&c>WahQEJ|Wf_ z7*7D^HpmlbNZqN5fcbmn^_av&;*2IdZJcPsigIMqfS5o>lAGDsqXPO8@6T)9xM2+a z!NZY8I786-5G!pux)n%ean11rI34h~U6Sl9>74`~i@QyD1Q1Y!!MD8R>sNfxVRL}4 z$l6dR&ZEbUlikvolRXA95MuIt4OP`1u z1MY_Iv=^b=zXLTQRJ4g@-6RAo8Jv#jG><9%0`&m83ADUnS5!pZlE6R=RV$ejw>g%6 z6$<0C15rjgG>WB<1crj*Y=YvjA-O7sw-T?VB@uxXi}_$b=q>~Tb_sf8*iBHPLj3jz zdNq{pG=}7aPoF+@0Zjq^tH-klf$mJ6ISu5>SVi24X9y4-MabnFLDGEq|u)n|L2&GO|;s zA8qaIFxVjr+_S_)G+hfS-@+GXSA`1=BjsIVW59*@_*_SiYG0|uQHn~oJhU+s>>dmn zl}R|Te?NvcI-j!>bh-s!eSI{h0SOvo92k-(Oz=eii$Fku2Z)F{paP66!0~gC08UPR z_QOEr_B<<$C(Fbbc>#eYxGTX|DNf|C;2a+kO$FI9(jCOu3z_&;Y7TW5W8Q-oxX7+X zS)p&G4n7;!GKh7!i9=I}ZjuR&MiU_1V>JN81&#C6w{ygk_3r}L)nU7M$bm^Y4R zCcm}K-(845fDKUiNtTqDNRXG0@A|)db4HELCG(}7+1;)bhAR0ccK3Ppt;>B694>RY zlM`?Gg2z?HsJs`9+>(38*ZSSHY`3}mjENLgRSVsLgT7oM-l>EB1dNoBC!=qV0PMDx zo>&_=jtE+}jJWp=4sxkyNF&~0JR#h#z{z-|^To|@VB3|bhzKI>mc^eaCD+r-FlypF z9`sa!f%w5UhdT!DfZnjVxfzQJ@X~WxHe!nnoP<7i z9vxa(B`5BZY>&eb-O#_fssOB!Zli7~Y1~XqbDS@We{;z+>m0+dLeq{j2z?+CqCE!r zd7nJ$6ZpcT2FH;>Y+}8I=Y23r4^)PJ%;$ze&LuKVMyw?2+i5P@6MnW!fbb?Q?GYS& zz**vYh5?1Ez{<>-_G0AZo@1O!nk76)(^WP~_YIH)42j1l*KT-*(22CDQ)>wNeK zVUXdR%^RiPxGa=!P=czwyYBo>)%U(8y7@d16>;0V z2v}&rF&NCD0qQ!I8~&IhWH}5yr;Z(~C@$88%n2nOmOP}EKmzZ@Kf={(1>w$$IxGd= zAAWe@KTlX=QKb5i7mHzD83e&d{I&9}Kc`irX79=GldL*^&^=AF9SoxHf`Qa zL8LKzZA2gh4**=L)kA%KfpDZbdP!CmVum{+TqjVg*kk$-G|oU)hb!yjBCSwfAzi`~ z!VAYOAlBx=^Tl9R!j&H<9z55;r$r)nXNrud$43pl1QE^Asx2BI2Yywn}v-9&=Sy_Ye8_{DMYeCTgQ6n~ICRSE(z+4>m zxk^$%Gu#*lE;2w_&T5Z>%3>Ql7N|)c8zU_Q*m}4P*#!)=%fVLUpYsI&7&KyuxLR=2 zN4vX$*8|9o5_fubUy~pKYqm5HG=?o-M#2E-i2{fb6%{sWwe|Jw(DzG9egWj7rs`St z`VKN9m@S1k_8!261EnT{UZ+nZX#a>1`iUuSA0$AHz$piJ0bt{G2@$`}0;R|G3D*8( zUnTBsNBxDg0}fcpIKR+E{-(|Y51h}R&&tU?bG-kh@i3+dBq-*I=!V#4i*hme>dSI( z-Li!|Co~j#RXZ^#4$ zg}6@O^uUII%NlY8DV9mJB%0UGlJ4FOUjlY^Tm?oh0lZo=#k^_!`-SOrzZcLI_9-OT zm<|i@BriADT#;d;Y^bZ8I70RNqE#8ZBM<=9`q7_^61L)e&Wa$NSkyDQfGp&KXLxuk z(1h!=U6a;*VKjP_3718i2TQu|Wvu_&Ov|H3>M8Y7K>p&z?U<-;Kpd=@cBNC|9GnNV zwAOKOBNGM51N0-biek~GB3qLZPDxASiMxT1m^BUlH5l&vz(i!(fTepos_uRA=n;XN z`vcP3dp!cC-2D6l@u8`y_w@DI+0Bs|pq-5r8337wg(xw|9=tviCkqET;*30alyE@! zWoT%Fzz5uygn)Aiw-37kG2~r{1{GBRN>d(9F-+nZgxDC@hQRjXMIHcuDbu@mZBay^ z2d<=)feM~;Ry*1Xdl!YG-pQf|!-{5R!>RA9d|y0D*vLgv0L~TL5HL*kITLm`eSG*$U!R2x);?^ROf4>+9$^ z{~gI+tXWujUx>pfDz59P5~$+P|EZ~&09wUI%kdwOfb4cqw}{7R&hxDQ_XMI5m^DToHhBsU% zu_Vf`T``!#=K}r$pBJoYtS8{{jrH}~fn|FQiKq4qojt6cgq@Z`o9aGhXs!$HTy+=Q z;~27)=achiVhQgc2|&Q4BX-e7oWV244(8EC5=)%4o|7LmFE=4u`aN>!k=PBB&6>PS zMY~UhqRi9l+SK%Nqwd)(t)~#Q*qaoqia3>(hRkej70buBN1D0in!6 zyVf-vkSK50#uGHPp(7A+;!mINP4DDa>nyeK<;TR7pJvHRnFQpDf=7;QEggLHY>=TJ)bhAK!_0U=;c26K)HWE{NM~QbccqLoDWm2I8L6#$%ip7gaQ)hd!%IIluMV{^b8CZ z7N_+~WrwhZkoTu5IC10bL`LJ7Ks$>0Wo2bV&iMKB2^kqge4TIr-0c=<0uYv zL?lx0V?Gbm$vOZ^?#Y?=@S2hhbIHqsL&n3wBwy`PWBRoBUN-7}d=wD|fSplcVV>n^ z45A?m{9KBa5_?{jOFlsn2Or$pfM91JLg?MJ1^0<)*!mHd++0)-{PW+F0v#j;R37=r zFA?@HU-pt?8Mc%+eK3ce7$D##A<^dUq%AWjAUH!#7`bhW*;H5cg+ zKn=9x(foTD=JqovJ!~z|G98B9!K;ER&Sh!oQ*K+j?zpP*L1hY!?@LgN zPM#D285-qiS*fKcH;O+E>@>L*Zv`%uQ$02@GjSyQs*SB`f4eqz)~Ruvwrbi|hFt5^CsYf<2#>;Z7?U0(Y~@5TvER#rVE ziylPv4%ii-0i)iarldr%{?(GA)dt8lN@jb=1d!bzIV!TAeC#N#q*M=p8*v8&Ry?X_ z$I6;=2A@7; zY`|jR@ zoW@uSNC@zPwFZ(C^v2Gf@Rfe*<>ha3Jm@$l=QCpz4S=FqFet8NW;2+}H2uhB5Ow+a zEn#|tkxHO_qD2L#Vi-)|*T5#o}mRDhs z9%etC$L+ww&`Q&*z##>46b{1S%?DaNN-b4ku9uT@umz{;%S!y@!G5HPe6-2`E7!Tc zhD~o~W(IUYgh8H_(ySx5q+((p4NW$PhZlAbGp9?)oKi*IEH#mYCK?^b)benslL2@9 zOwltIwwVSz#9JLk9v+F0{&VAEf#obxX1t4%GQcv2T{02a$+s!?JYG7&m>JFeyQFdV zAM3I8RfCwXyx|NPwz0ETeBy@zb;k4;5@WN0{Wq7T$_{QIN$9lTo^2<-+&w%GZ6@A#-wfarmKyt{bsM=sS z5qA&W4IFyEBEWHLmZ_;qN=z)B@!0a4W1rG-gd;5zU;V}A=}*1_>*?MFAc*sMJU*BX7d z$%p_>UEVLCwS8`F@;z1C&T#G$W*^2!1E#x)ZuvFaq4 zv_s~nr$M6HLrSXsoC^cjA-2XlB_teyPcrB)`H@!WZ$PmQoj-CpyfHM65`F)c)(wY4 zvQJEHWs6Qt%*=qA=z#17;KFJ*JA*_zRk9{2f`sG31asV~!Kl}jc~qz1TjIUa(=C8G zz=_%YB0lvf($$E-zD&*bQVXXM;>JfkLp%sTh6EqfxVh$bLCunIcr*ouiHaiMTXUdr zme?k?+BZhyb3r5fUM$*IX>cRU2Zo+mRFoGHiN*i_1cNa6rXVsVCnKvzh29*DOa^Qn zu;VF7T|luXlG-o-cPJ!3GUNggj5k4KM0W(C5J~)b7eprXR?sFzVMZLTXx@Z}287<9 z^^t%$u%vf4^A1evgZc_;sM+W<9riX`X56@&xMB&3n98{XonIHV-<~w{|1N{{Y)%1g z0cX#4<3PT-bTCfS_^j8Ua~*NYG&CJcGaCXI>&=yI* z{k#4R5)0kPn8#1pw@9*!j|XIq)vV+*X4Q}X@}$!>Eb0Cb$5A#+Ot)6jSpF0j5n#T8 zY6yMJR&=nz1CBkH{Zcqs~*9Jhv< zoTeJ7+NWAAm9|H_rJy^&E0&SzR1`CL`KPT_M4Scr;iAKEvJmsa=(Mer#&`Y zH|%t#d|z~TWu>(#By_wph=t|4iEfaEVAV{bMnq4~oa4eL6@B^8ZwK(6I9XO?+?ZBL zS|4xC*t+YwYYlI~xFxCk)wVV=pf?76(nCAT&7`$e8Xp=NHIld}{~{|3D?WUY0WkfC zg2+q1UL;Np3dKV1hOD@)wblH3;UmcwfCd3+X}^OH(8DUYv~=2i_o8d@jFP72&?|XY zrMJ+G75V%7KHJNFalhi51HKH(`~rt-uQs&j!=x)WBjas?>(S$99!_*=Q&GJPr6DjC z#p*OI&sTq|Jn`bi!-RNA*(>^Q-;lV8&}-hhubLvsK69x(Z7n{4ih}t^l+S_a54UeS z_4lzVt7KYQ-j$aAPS2wk7aN;>mHM!mm=8DZQb|u$In+Id-hm`g&uwCncy#-_p4ypl{ePotk3mjp60)P?G;Wtr!dOb+8!VO$w`A~Wu45P+WFHcWpJ^{vs zh5MT3=I@>qhq!Hf!7i^dJYpumud<)InmHir_HAaQ^9iJzhCgQCmXTnGw3*NPRBv=> zk40IY6^5Vb#9esPHJRY!lh;`k{UXA?D9O3Mv#zd%mNvCvNyz&c#Wij18`OT!uh7$v zkNjSfy_|H{bj_&#=#cCM+SXR7En5Ub=EW4wpU(nLdHis|b+sI(BMCJnu9GQazkja> z2hQlQePv{9X>DbxAZO32$SkrOOnQ}7^-1EUq@?WCny1p)@OA>&*dp!H<%pqpGnp@H`Xo$7qka2$sRt`)x9-E zOY7IMo6_*x^x)3!?w9a9#lBm+F&AdYlsMk=UNbTvP%7KOZZOX(AX+>GxPYE1r!Mzi zUT-QPq3sw98yFbx;%X8UIOjt{5gf3YaNX~D+DgNT`0r_|DI(VtX?%BMe8^G%BH{a=BX0)h>Ukf@XHBHisDC}M2NprO)uJE*g<{yK%H?6dPDMNPYQLc>i{gtmF9)9Ob)A@a8|~FLT@p>xyB{sLo-G`EYyWhsVh))*7nTC~ z#N)>Yrly*blg+3PObrZ@JaEw2sw<*H*LgkVD&1aNnqJ>(t2TowJ_A3(5P$f#s#s zEF$5N^s1U`?Vp*Q24tD(I8X6X`7>5m>;TZ|kz*6~qOEram8Oz1_gk6w?`CWkry8^G z=PD|Cd_B!wd+l=4r;-H6s))FOfe;`SX^NE(9*(!QZo{aG+L}|XRi^8&?a{{Pryje3>p6*OH%UX~HEXSkZ_RsQHF&Gk|uL9@7PHR&THPyw`6=%fB5rG&Uaj zbJEbbeQ_)@DfbMa%f=?hC8jHt$e?bo$+Z(;;!S^Z=!ALtiwO@lNa{~^^3QSkkLo-+SruO!FjKC=g#tEeaA&A-TYfd zWLft;?vNGrY%dnKC+W?di0<~dP^?o*<`%tuW_GKIhz@P%^)i#a+eN)6pPJZDk*g9O zS$+J-+uJ)I9?ny-y?gTZl`AphU67A5G7<}6$lE==ymUj}nVPET984#F7Wx9STBUdH zFyZ5iAN->~H6`c6AS$J(C?};i?m?kYQXFg-X8Gd`)8E`EN_88a>1xomu-8tXGyPtU&nc-nkljh1dli8CTc5GfE$t#Soh>IcA z@{;Ad(c;YXzSMIjVC&7W%@odus-nY6TuWaYn|?;EHmHm7t;f0 zGS&`pJLX4aWMuo*&~APb|4l|}DE5t~h~aiZHeAelr9`z>JSn1$N4xp|v1hmMSqcgb z2)Kof8-C`DW>fw5%W{_2R0n@lZys9uva_g^ieV<*N8UU8i-DDIVBq0_fhcwLcM2U@ z6F9hG8C?}krASV7!su>YV4&V=!0+l$l+=_jtE=`ayg4&JR$EEBvU2vSR03^9d8%lM z{~zOn6#mF64vI3Em@zI5|7;a7GcVV>q|=?M5SMG8`e^M2Lt1TPOT`n5cvsg;930=Q z?VGE=o*x)2(e-}(I5Th`fiO%)Ivo(8IyCH~Z}Z)x){8oB|2~#dU)9py$`|2tPAl0H zC0=>_{LdvNUtv(fNzT258vo}@WnaF`bQh;;=J-Bq)HH5O$j?z*)whA0Pofs#Tyx20 z4I#40Pt>P++>;qoM=FJ|R=sTngZ{CP-)Z{CgebCP0r>-&YxZo#vpT+&7>Byh< z=l=KeQYT^~BN?_=pFPn#nQ-OG4C4^Zsz9XFRCT#Dj8sibZl64P|E>4n?hMY3NFKLJc07z8K2Rc~)WB{3;Qp4)Y-LKGBiIpHo} zUoF{M*w{3lV`ym$5jfo<=5Uvj%WQ!+eAvc8*yn)e^&v#iI#%nmpG)T~`}zZW-kXk2 zK6(>zL-KZiMD!0vEd?DJCZ@KgLWjdyA4v%BsrS`HAM{Om?UC}j**~a6ki6!=No< z`ThI&36@QSt08`*+^3a&o^B%0R8}~zZBfrV>gBorG(StzTPV1Wjn#4<7Igf&`K5bf zffj?o%4`9+BGWoc~Spq6+VIG zgjaSe`CiTgSy9h42%iR*mdangq%U^2xV6$?*7==L)Lcc`2RG#uC}^^WL>Bn<=XcSz zwe3ec$<<}&(S4ok+dN(KMKrJ8vr`FPcCsT!&^i!pFc(v@L;YVHrfV+uQ*!k7##z_t zNf&|ZWe53I4JIqj-5{BvmNKP2Ah*0IV;KF(Jzoqa6u~b-f-+c-P_fCi`v-j-FLn

    ++v=GD0{Gq9y?{Rk|Q(+fu zJv-X-Sx@y)kex5j8`^RCE-e%ag7HL9ay8Wi*KvY%%K zP5^gtds0GZ?AzSwSN`o^G(_l5@oFsoRyMqLjos%$$|j!9Bv*6YXFD<$KGU?cG*S!y zdge>}5uq|DMeC5o4vrVH{6lwJhmjVc zC~2pnQZ6Z(_og}Pw0B!KGK?$3!+Vb(x1awnd(ydWWK)(S!%!2oqffL!@9uENjDsx^rWF-N-QATHEifcHW0Phmo>xrT z?Oebp#;U3;nvp*8>^V+Pfn7VtCTE5B6;alRlNa*NE>7Qn`t+Tz(|v31Z=HqbH%OJf z0^?)EI=*7~oblgv{4WhJ1|ErpWU;UIW0fIA94EDDXN*!4lGMUD4TpyWgF>>TG!C7i zTH0P`B-PfI9yC8tLi+wZ*`htyV-RzvYX>fy!LC6+i zoFVJ8O331gJ)s(tLZsepa-Imtm+xpI8GrVV%HBEbpJn_)1bH+x>Y{6xHW7bRg6U5x zt$y_-Zo0iqjdQv?C_;Bk9t_>K@r!lteO9v*S8v&$>@{U`^8TCx@aNm7KD zH-Pivvy#>L%et7qBFRb#ZUcN9AW(c<{vUjY+64<69lnnsys2>Ut)DU+dH$DB@)H=r za7Aitv_yXseb`j?4SL&rd}o319Qp)+oxl?jaa^JChl$<)fxz$HB?i{=f6@$R#5?{^ zhU5I~?0FaH6l^@)=K?r=Jbitg=ErWr&PGS48{I65Zcw3tHS@p>gqIi6WXz2Sok{-^ zBuX=TYlP7ht-RC^A7aN_TUu%ZcsHJx;~vXD?a6WaUl+{EsyhC7MTtA?K6S&}j->G? ziCab&_=vJjP;ymORGiHOa6Ih#?{tHoL7-I~ZUgRxM#l0V8cP89b=666aZik)46W%0 zln)I5X5+IHb~V3U2N+E$$jPB2i>)<)u`pongoN`~ulj8xLPX^fy_d%>_Br)w4Xxdr z>4>NvXOmr6fBv0{t-0Uc(S2n{g+1)Y0pa7dR6_N0)24L+UDC>z{6NOg_}b7G+|*Q3 zipL*s-;YKQI0CWjAaU$(A*ZH()mhL(vNR0tA_&v|qu}S|-Z*zI4o$1eqBmNeC~#%2 zbsvE4mC|zyLBjMYJWz>~O0>u}psXNrJThCs`mcI|gil}f7HW$zm+rCg<+-zLtT3Jh zE4S0c&=6B)635d9E&)YdLu#9L6FsaDw6I*HSZb+?K_rx`s%n^bM5BG^5SZTOFm2fA z@8<~r(*C$TPqV|R>HEKF19mR&CT=N5?g{G;ysy?6#D6V)e^WGR&7E<}!EZ-PTif<6 zTlO6|fL1D4H~{^d+jJeaSN!~GfvzR`V)!OFD6y5q@hfQJ!(F+q?s<6l8Hc3@a#dp1 z6J2QMn1}NJ)o}-VWMOd;#CkFcVBpOELZ}~>9eOu6p~6)a9f~n@AgIX8$N-rJ6%J4- z%-Ht-Ikj<*W&!dIR!4ynOmlmQiRui%HZ-`=H%f?)hbHS>Ty0gfxUYgEx>wk5AgF=w zke-!AO}R8VunsOQ7|`Q?{+v8Fot z8S;R0F6fS-(*qC`(!^{S@`6)NA@nm(o6h!01H-T1B|5LY1Wu&00+lA#i*-m$l(2|N4Tw-!A~5SQe2dw)4C#7ii- z{ranUUzc?w|H19q@L6!nL}Md_s6YiJhP<5(Jo=JznY~KN+s|43S` zFEe;BZvyCn+sBsubz;p>v0ZtPZM&F{u2<*jT_2v_6KuC00b^aUX8f<4y%bU6C9*kl zVF&3<`70-vnl2BNM#3({0p4LUde*I!+9UF2r}y2zf?omKJo zAL1(rHX|h=+!Lg8PY~k5N+Uj^FNX@k%(`$@|M)z+ukI}BpS0}yTJe)WkQ8Ag`|Ia; zYMhN~@z#znlZBOV)^q(Ks&KR(5s%ky-bI_}2Q%KbI@GvXxnvu>NO5OF{I7%8yNK&U z^RM+Vl{eYzX}I9P^!FkNnatc8l&#>bnX)b}MYa-%~#l%X-y9l$I{ToY^&6p<^DiK#VH^^WxR1~9t zmKPSZ%V9qbp+8)$ZYnFEXQhOdE-f9MEGs4V%)PB67=OP=WAN02 zRJF05J;5QLYB??EWAdxnP+9}Itn^cL3RIN)-mx~Y7p~ImUrtN-xQB4+c0^cGF%8Sv z%%@7!ldPxNjywt2d7M&j@3LKm%q6C4Lp;xWqJEnEa33z0mZ`t?+DzO&$6UNHs;=Co zAT+TjY-T=|;r+^!ZhgX|x6i+nt-KujDtaOBXVRyND|?KEmwiRsTPsooFD6lE%@JY6 zxrufsyRhx-ncS`0fyf78x%lHB`h{msYZg6B$%>jUTd0;o+!>AjEa`KVNIgPz}2 zv+thAzyuqUx=sAucl-NP?e}`jxz221r8JD|46fO1w`0pD^@9Vl@OWZjW$lAL88H$E z5~hkE7{hqMfXJgdNK0F2Jt=wV(i=oPxX*!X;N|0U{zSD2eW-28Si^Luefeg>$tXj{ z$UsZ6bspVDEDD*-m+u1nj?wA z&4NwCT{AyK>qcVS`>Da6gL-#$@7~#KIl5)*mX-XQhi_>vWDB!UikpS>r2Y2U&eeGO z>g@#9c6yH0{F|8!d8IjCsk8Gz45q732K4(K@PZ1E(7mAyBgI<3Yg zzK<=4OMkB9)bE)8#`zA{P|H4BZvN9rPn9}<)v766v*MpRrueJkPT!(%wOHSN{?l27 z)g1ZO^Ev51UUPD&2^K$-HO!};f67_gq*O3vX8({Qr=TD%H`uDoEl$DQ2jiu$ zDyvwB1+}enn&f}gm(SvgcdDzc{a{*L`tF?-;Ss)!@EiXb(q5+uw~;&gFAZ%LOnY|c zczIPKo8&ib_xQd8`xuG!t-!&9%x6isRNd1l2D4GT-s7VQckb8;wn>RPs5MFW2R(oA zkZziV_mD<)f5Axnk&=-^uU$J&FtQ~U*oJt;7NyKgbTMW+Ca%ZyH7yI~f3yp+tV(4R zy`gouYe@O-we+l{Cxd)#ycF_FH4Jb)%NLT4r_qfATnL$;iJSY$5lI39+{ z0dn*Y_X}LC4D>eMZNmkt4udZ7j<(xhLhY)x=Burq+IUn)nQBR|>otvuR!5c8T1AU` zwSBacuaV;)Z|2pP)Z@WGRt5qLdEbJb`Ii89w+%YO@IAtc^7WuQeH=r`;zX(iTS7xr z8wyuLtB=N4?+grVTA(kie}UseStc_%4Hl@7cHt?+6;&b+EoA0%n znSboIwJ#cZ7PkgjlPJ!zo2t~;lMpyNyo7tkOD?h1Tg*Kui|+8Wko#SdBl^yE;kLY0 zPr$i)rG0OWDms&-ql<$7h}q;_wh1Yn-r6_T%s57MkoT0~rTZ3#P4-$?IXdsA7g_nz z%_?RW>%hF~7Zd4hJk6jI%FDcwEXTuir2RVviV|l{`hhxc0QnTEH54IWFoKk$m3^-p zHdwXarriR!I5x5-{cz_>w`9OFI&ag`5|FI&BRY5RfzZh2!j^iJz)t3i_I%Vb~Jl`F;))#-I zgI(S9y2#9Cla7^ogA6S6GG{^+huR`f?F>7vZ0>J;g=$@x91+ba{&+20(m5crr8l|L(Z zY?R84uFbmiW)#)ozE6#rb8pqnd)j=vxsR=jyZS8ttbf;-X<1X$Eh1)@>%hF3en7T- zBdOPcrA)c0y?y?hH^7uM0*)4e0Bb3*3&3aap33j;HV&8=(7kki&q#Eu@R=gj z=T+xRHCxj&t!7@6_pjvND6daEZCCx=sjy-8WA?4k_h%gT9eV$2@?-p_bDkff-0+Wk z`kvlTefd1rF3tmAILiEfX`FvsWY4u$r^#7J`1PySv$*@zKi5rRvGU42Q~mQ-IudKV z0!s%RZ;_F$^<9nt%PDK_c3m--UGs15TE;Iar%oJ8SseMjneZs)(W8%H-A{!A{4HWD z>_{>+PqLisGcZiE>=eRPAOF`?!=x3ggeTkf&~o3B!aQq8Xigp;O z!B{7I=>#G8b5@AjULUys-36MHWM?Xl?p7O_G;4oBru8&jqb-n>$CRpU;6UKqV+P?} zz5Nz!9S(E92jW;uI~U0)f7#{<`Tah&Skiyy?l&*}*65wS-S#vuUs2n*c2ZZR`dB|# z*XU$oKiofH;AtXX^VViQs;FvBy{@+94Y$Wo?|?@>{nJE5ntLOReB#r)7<$}K2s5%{ z#Nw&ZmB{Ab>S>v|-~L=uY32%?%@A#03edX$OohvI^z6@#yVKnpWIq3U5%0M)kw8;p zaO)+@9`S2>d^U_d+J;kez0`#(a}tS>wmnpB?WM#RtQS)pu_Grh54s#oJC1+-TKeWq z(9A~5lg16EP_IBzO|-8qpLc<+@&jmfyr)FEddI8}pYb%TTV5(=MG%|yx2<>NM@rqq~?s?bv>Z@afrpi~aq#pH?QBiOP&=*k#ZD+sQtWwEpt`_~MCq zPu(oeYbK_KKNeN6&jmB{Q!p>==jh4orQKUp0gl=f{&g}HeIBiw`nxLI)kIG$eJ(f_ zKP)Q^r)^fFai4i8$)DOvU6=KDS*B(12SQ_?wKgG<%;aQctxm$H27Y4d{kZG*sev0x zCucV6Nd!bJc(sY8-Z#-w`^FTUOQnO>nE16_-GYC@e$o*Rm{8M^oEOk=Chw=6de#i6h3fisJB68RvMOb#+#W^ zFG>0#g}ma2&ZP@KpTsim+5fUV|4py#%<0?ltc9x2IXivr!h#MTJ~k%Q(P$s~%sXC6 z)OBgDION29??`P?#pk8gO$i@t#!9a)y=OT)kXob~@^eQ)jQa`kxZ#6ulLz#4#lA>f zlak6#OB6dc+8fy%@?*$xAX9{~cPAm{ZTtjx(QAQO?fQ^0MLD(|H8UQbPp#$B>5blU zv2&&td|V@rd<4Wz|F0m}gX&d@Pt|RwSq5Bv^A2Y^*{YLeIbQggZk_1xK(Tf4b@S4;<7Y2? zGkKZ7m>8YIQJs=4x%QNr%Ft|l=n9ax1gpBxt_D%xNR4QSdNbX-)gD@bMq;E$-l(GzTJQtGfc^SHHs6XEsy zBU+0B-F4N^`83bUomtkX_;7;EPg!npziPYVoR5}m_AFVJZE5IG%1*JHmlFwuokgnj zIrg2MZTk;Xfu3p-5x00zf*@e@vO(&^wH^7*Bl9`zredb1hNI`!Q%9Q|mJ1FhQEc0# z-%QmX@Ad8NTJ91-?eybg?+KNz(aMheJ;NA+5Xq;m*!pT(;R6aX*a@BPcjf&v!?&&b z{P~@Qs%~ZRr`~`1RxCia{TQWE(0B5=uFT!`^j%30(kuh;p)nQoEd3e(7?qd`5e!^@RziGHR80 z)`@gBH4`!WFwT~YuSd>sj~0ipykGfgVQW3jo5Zk0dV=+6%uz03yR?S4i`V8Kd{m+{ zvcbMQ!b$a@UYWI|L?Wv@zr*e#a`x^U)j6-57v*}NG+C4D#eaJ%O-5CRAF{3~)`&=7 zy6Dej!B!rk`KY+T(Y8w5c==)H-XGGmTL=b*CRF<=2Gr#Dzlkbj<~reHJif5(mh_~* zt|dSzsPBckI3^Cul#`%+5w7e8niF0jgu z+GfresUb>Zp1IF4MehWoPE5|dN^aK6uUQ(j3aOn8$6Gm*2L74$-@NtimCn0YpR?aF zv0GiYl_Mi_yp!ZEXLoUMUZyUmy!o{x|#L~&E(vj z*Q_aif&KoouGO-;Dt(ugqrJWpw>+@8H`FW)J#U)gbxbJU>H0i0G#gMA{J?d}F^gU7FHIgKJeWO6CuB~v z-Jlsqrw~Vq@+kJz;A zw|F%{H{YIVCqL5NDBk|NCDZr-WyZIi=IQJjKT;Wg)JxF)?&hzmU6~dXau|JVcw9pFtf@Aw$ogj9HYS=3%HE9vH@8IgvDsyuAjhS0mbTr!W9hu!efhTX zN0Fh8TWlddwuhiy_B7||6i-QiLl(o4`DEe=b*%ToT(!coWPN&&#jEm4neKanrAui+ zPHXDsEcXt=rm3SEXODTbpydcp!$5Fjgjs@}^-X&Q_u?yA>DsF&H-*zB7u0~jbU!G0 zZQ~Yiw_2OwMtjHbMuAqn#;5Tg=a~EoA8VPZ&36kn{_IqzGrFs-uS56cxpZuWQw4Ba z4nXJ`58dlRnzH{=Hp;2AO{nMoU5upu+NfYiU8ru*m!__UvxL)a8jk+-uxz6{u4`uP9&Y))l)Ly?Dn* zf5~Bw>4=w(lhvQIOVn&eSm08Q_=H{OVJ^xhbixRq~)hju|xA$aG=?T+*k*^$# zy?Z`iz1&dQK%yq#Gv*F}1@+O&3o?IsO(w4|Qv=FXX6wwZc1yR0<`> z)37i#D4pQa47)%tuU+AESGcnJYp;v^6gzWl)LzNhVRI1E;eP(wy6U!vP2yRhFKtk_ zn~C-53{Bq4^t@EDFxc4Jy0pzkZ8+!JyVZi5EskT41?;jLIy+}}?_0m_b1H(j<;+Y^ z!AcJg{lg$}>T0HIhw@gwQVcFB|F_aY*jtt~PZJ=x<+F=6nVb2tW=k@oE$nKRsKYz6 z8=f#7W$GFnrKOnuQr7VScgKh;(_HLX`U-7Ic92CEHrwEoaEZXw@p-`-yLEyvY(RHt5CVs=Jj{f}B!*M0K~J=OC4t?IiiGWa@d z|J)VG+jDcBjVpxf{B0}iNV1qFFT=etmC>;V;>tP6T;Z$jt;IU)l15s4XAyd165pjR z_a!^65A=kbDf;u-t7Po%M`+)KzZpW(j z_r?1z*>N@7OUX(#xBaNClVa?WxO-==rTn_yV;PMrHr>00MSad%EBHSi55ggN>|hJQ zVekHA5p4nXEsUYdr?pq3YA&pg(lK0Kk0Q5FttN6J7T24!!R-du;|cS20%psKT2DwI z4TX0OGEpbYmaw$>^>3NC0w?RyuKwTm_9Ck>)2IMX7BeRHBF7 z@3w^=O8#ZxmXwk^Rmt#2P^u4UqCMlsJR!}8*M229I+h$N_&X!Nux!q?*FBDeb^|S9 zI-Fx$eUNVNySaN&<9rNiPflvTSq@sBL}~#g&F|Mq*+S|pVSCg?;{LzNz5=SsZtZrX zARs6x4Fb|2(k*OCB%~DSM!LI8kdQ9vR7zTM(;%DfmhSHExQowozWd#K&VR?ad+gyD zGGq(yyWX|tGoSg)8SQ_iNJ+!Lc!Iei^+k#r1Yq2UfD{58T->a*G~k;Rc6Z@KuFkfu zK{Ma`^XKB@y$4WdCc2`1UbldKSsBiiWrcD}ffd`ro{8@Mw&{V}ekw@ge=^n`(IjvZ z>g)TGvbU#Um2tH36NnIHe#3(fwXlw1QB=O&puy6O*cfaW^XRlEV{U$~qNd`+q`fz& zo4`M*IwpekBiqrT)~2+k0W`_};EAPx%zQ=tba5(!*(ILCrOkJL@Jn0Fmt7mC6aJ8P z|A-;#IS$ZL5t@W`eHFs>hXAjjcwpnWg>f1n4otlbDz}SF%k>^Y=G2#l zKm%qiuQ)e{R{nQngHi;)C&PHpuNS}(mPg&=$$@KA5-RYRjuNNT*Ix$x0*D}pYyz=> zeqdT^dUjUeub|WzENJa~EvvHlJHhvw4kvnf3WwP{=T%GLe-q`ls%k=BZ`iilLY@)Y zEf^S6p+eHc!+EflB$*oLb195Yer}K|yIeGQ5+s3TAW8VQvJOqM6X<7Y!mLnANcsxK|&WWJO`7HoAdD}p}o7&8MYC{u_yVNXwW3{ zr!#IZbAHT=eEz>scVI%b^fx@Zke+Fnf58nxhN0lus;PAgvxfb}8mGGKqNxND>0<7l zD;12;DNiX@5#R=rjjqqv_}WKI71t5A&{h{h@DA=Ov9VbVWdgswl582p>WSm5O#P7~ ze{163061>ROsy(L3ea?bi-SN!c#QRIP$2K*G!K7|fDiy71O!tyIF2nfn*k>~VdFex zv50L8m;e%XYbk<({{Nz)@vAK^20nZ5)zxd$(i%bbtt52nY00Q=w-r>vng!(g{R;E} z>)8hFZG=D$9X&XXDsPx0u%HgOtzulR4IZhm!(F0ac=O`YQ8`*x4(76tFXE#zd00^# zJP~SifgG6PwUCO8Y8hK81-j>WSU3b(>Ge)o*Png3+=BDsz6Kwofz)$MUtdIpFNm|w zALL3)ocD-ehy@9TobqbwQu6X5%9ibE(vk+`mQ1#4S{B=FpUiKY*22`+t^c5Gt4Z&> zD~8uF5utYZgd}OK_2`HZ=J0W{ugU{ly3d&%lVMuib}K=_W&jJ@3`T;tX5nKd5B{lA z*JC%(Zen@=1VCw)_Yr=#HO5X{YOGH2wU+08rmHF76RpJCs%;) z-T#P_j$B!S^;#zE_2c6Yi3#UVExDiVq;7XPUfXV7dRh*C<0y;!(N4M(sw;Jb0AVV% z=@sF7GxMHZ?7W zwIR@cukAC}li3?B;w5v|-sStDpdILtpM*w1&_uSkqwLvio6z&?(6Q8}UP!6Y!AGzf zb(3Q9XygU=SB#giJ?_E6;`x5N5nb3+i>M=um4UYPD{PsVOK@(wCIySnSAtv zHC`h>)m-pIiEB2Q^Vt&7py-O>FS*g{UwKohc|H~~6m~)Rf5}U1*z2ZZ#Nhw``Vbi4 z*T)o5AEKN&*N8UP?pZr7_3XY7X}Wooa@*Qa_as?fLy{z)vcamF`1)sE;^G<6=g0ybd`SCBRE>wbv1(INk z3-Kod62`0PAAwQ;k$?^s5aS_mY-NAF$dJMV^Vhl#)p7w+mB6lCE|Oa1--6N6kyegn zM~4pME?cUyr?Z-Z_n30?zC|i2XXUY=Fuh>4Dq;a5li=M5Yn;BRR#b1_VokY=Y^{;h z@RUzH{}z;l>o0-%zdve{m4yXwYGeoqb8!KV#lXl1gpWOZ^auwF3*HYea1Uln!r`zt zq)62qhmk<$^wW7?=c-FTpsoDzp1Qp*ekEXCtU*vhqQjj(*Y6 z2?-M|L};My5gnhQQycR_0$K}ElMY9^%1nQBFIPZ|ab^_upEW?RTUDr<>)FWeS*DoQ z2m8Kt6q65VVA$+V+~OnYI(j60yNv|M8XC34WgPw_Gw4D`P%ywR2#}BDO*7y+Q(r)k z<=9I5L|e(R%rs_JH>%Dlx2z4q$%PbD=JgdBEjz11un;vKMN6J8aPQL~dN(Ga0uBD|$GA}_s0mWy%>*-^EIPk@N31VziLP-EijL#u;s$oF}5mb{VSSR@>3m+W( zEZ1Duq6`4t)}r^l$*iH`;VQ&7AZ@K6L7-gn{{KYMC-Zw)^V*=IK6I*jl@#Ix8pZ+Q zFaMKl=NtP&uWL;Y<7c#gPBE@Xr&de6cBi;7wXV7+G%@n)Devd`SP~0R&G0*0hyiRs zE@Uv8Q4AUdm>vHqd+GWNW!n2Q_xdqoIS>{Sw69< zAZr&doUwi2e?JeJw8|SIHfm;wUJCZzHCvLpy(x?n?nPFe?z+_?f`+Ls1-?UE8gNKw zTs)AuLiKvi+`udPFXq0TRR?Hq0g%DBfd~TC{a==zHbzEkz$5DCu^qB0+iOzCHnw?? zbz#l&p0ykm^3$zX4+4pwp!LFA6vCjf5k>indPl3Xid_%7;Y<(iebX`;Ntbcq2ii0m z6VDmwEOhc~Zq(p$0K$Lmn6#*;tEs7Qd7{g&QF1CJVoa5jS-w46`5W+t zwd0566s|2vbnVr;8!wti4wIWje4YE*;4=$r(Vha!cwDfG0VRnoBxv1==i^1>M4;ZA zMnmJS>H00McD=WJ34yFe|3ZU3O9nMjZuk(OkWP{e07s33aUxYh_{0HP{XHvmaLjF8 zb4vMx`wW;cZdi;>0l=2XBu8_qbY*A%Q;_Q@zDZ6>?Fi9zY*-pYjiO{$Z5IQ|85~NV zofazf#z)b>PhdMEDag&l+@RfV7_@Xne0-D*MO+>STZ^j7O-+ekj(5Fm?X}$o)zrlJQO(WItU?6HJH~IVk81pC;|1Ru zK*oWcx!grh8jg-aZ+XH<&61QJprJmb?do=3U zd@{XbVC~R;vW8_c0(= zwq@PTZZyxNWkJJO;|*ES&tN#=zN9SES!&+ddgMQgBK^zXj16-wqbdI?fToywdh{?F zE{GeBf|>i(E0^(Y?DPNbH)yUk)V;pQcFU^zuFC2=AhU$P?*lgJ1Xb0V?nnY-b5p!0 zxF37u`ygW1TNgu%9LdYTLmW!!RFA(MeXoPG5H(8!O+%o70I|4NN6807$_)qr}& zen`c_VhuE@?b{6OJdnn|z9K-zegEDBOse4U`)U|4pyeQ)-nzbUpXqI|WY#nwp{&(d zVErX7rXeM-7Z-W~j(4Ew*-Jx~4)p{0z14GWwalSuGE9>ZOD~fO>={W@hJdS624JH4 z;d@Xz`-<-+b5U{7C&H-Z|Kk0vu64-M-^q(q7J5w#j%HCZ)qLE+PT9Vr@yX>C!xN$7 zCVtmOSyJ^J*B@B< zB_#uk4wFPF+vOuREJbK^8s2@%LYD6Bc=nP45bv&4QYe$v^6v!aMi-X`;Kx6^1YFN$ z?lIw3y5at_@PSc-UTy7@#;uWxzqbS z-r*Y&UYB^_?+=7S0?VY_j{g2ma~0r*D3MZL&F|n>nA1V#^c8!{Q}=gQj8GxU3#?w6 zk?ShP6~EjzP8J^p8RRGNBKcqTrGiH!ErgBxnMHLn(&lB{R4W_I`rz<~87Y^Tg8q5r zLBh>=X!y;8e;NANoJ|Qb-8W<hC4lAgl6JekJgMEFwpBIc@A zcB1^|M!+`aUcY`gBMVWkyZ!CO z?0m&5H#^7yuh^nsnCH?q+gK3U)ZJ{L#=kXBaavD-<<%8ZJ!?~98|YWe<8sFL1Mel_ z*RRpg(12;%)%EpVxc#z`l^V%^5iPwQMPGHW7OHUZGs)u_j|*e&2TGvA{2bZ0mrgV% z`nIM-FqdYLH+g93G2S~iWRt>9wpTV-7t)_UcHJ`tMA(1&FQB z8}>m&qL(-huoMt&sTaX*Nn-8o9??MuOZiQ1kW*yfbp^Ak>vgWRZ^cI=+229C+apDD zI>|LNu<$%lQrcs0bh|iUfAi%Fh-{!&D!j}6%gh8>6rEjNHIR2YhpTHMo*2@tB@-VPl7SCM{T@k^eB6oDyXAgr&ru`j5O$rt{533vaf zYm3&Ju#FF{K^DTtKaGn4N2Gu2^80^JfhArWC+_Mh=D0N9|Fs4pgn2BElCbk7 znFE-9Q*~TfQ4i<M!=Pml+AopZU5z69pIH$uNJ-P5* z49qhnYS?H|aQ)SFe|Fwk|09YIGMFE9-@fpy&zNKJwCL{@9F6Rb?*|#GK-c-{C55G_ zX$`P?{gb>1&V)H2{RA=YAXt|g69sfJPY({7`r+o%xKgE6hg%~+ht_T(WK4w-OOFoq z@Mj$8lK)#tgz+z#P>9=A{hsRx*j_-FhNV#1$ORG6s+3w)x{NitF{sWX)pcQIaV19a z@urbZzU0>^=eTgu*q2E zn=+xMPG6AGT>*w?NV1reNT;G176`d^XrkU}Yi~-2>&}MLa_HC$!^Sk#S{B;B-d`>@O zO`fC#D09P8XlXR$6^{Xx*uH@!b^X;NE$+)tSYmo+0Dq&`aQ9YeL~%P}Tt&h`6M=&Z z;pe^Y;4>KqHXUZH_3Pn53Y)hv)uG)gmZ(2$X1#l@-n15Ng zYC|T$U3v#1rz7j1kByHPsFXfeEK_Wg92v4F`VDf z+>6b@L-L%tx!t3JHijb;-4X7daxe0Xwl<(G0x7?q}L#C%26f6NQ7bS&W zy;5escOlr+U{0j5R4# zKz~xR!9*SC;deD?80a)-1sSe1&zV`aM{3kbj-)^dJwCCuOEjPr)P;jGSok<*EFP0| zGDz*e)OipH`y~r??SDw4Ec{1h0VfTxN#0#tccTf$Dp0FLa3J1~sn)6@Z8(+EGc?Q& ztqx2~r-EXA%xl1#%hlv-V_Sj=17pp#`Fx>%L)>Uh<~?2OnOt1Vb}H=(kfms1+SmS zeB8y`n#zsi8ug+R8~#kQt3rK2!CN@CSX;1^*KJp!dVgO11%Vx-|6%w8?+%k zu{$jx93!hgz5j04P}Cq2bl9V1`)XEB3Yu?73#5<3nFLa6kH_9g9xtSDIEEpsPnEWU zzbqBtr-bO40=15^95gdViU$v8a`^>SuyP{7MI~$jx^*GP;lRew1aL= zEq-gU(e`m(YxE)T3snp4Rj)HtXkQ028Ll#=$zc#Bpz*#9WHI2o)1WTYSt6GnN;5$)6uL!7_L5aSD#lZD4 ze~rOx(+of_sPj0l{AVTRTl|SOfrMNr>qmazq{HgZI-uveA`C76-?iUupK|x->k)fB zz4Xj-X?YR+nx9E!l+YA#q=Fx({Uo%(vhtNOV=`1iL83k<6D*FlqvM&X!9KCdS4@`s z=;u%{KMBT#H$F=JvlApY@~=*i4F^X#2&;-uOtk&suLj8LgBCoE4ddOlD@}=4cm%G- zeX1l!Wn~o_m51o@&JQ4l%^jum%l*Z}&ow24IZZr5d-4A{b}^_l zbEB%xBBhkI5tn_Wm*n(n7 zn4834i{04^CU?JF{L zGNwn^=WnS~NS)NHgp{_9bxeN?RJH2V&2=}Q3fle;?N|36>+NSB z7$|-4*MESr3VrCk7T?f~P!kb4^smi90Ss*bQA|q-VxH0ohyveA+5xBd|2N+8=UA|j-@G^s2D^o)a2 zG45|`LT9JM)ucd+OZ=Ube1=ySc6>m}O&rcpH0r_pff;9G} z3NZ7`C@cgbY=0=H-k*RoDBN~txvIVPh^g>U{ShbMt0!ZfVxlzW%SleL!Nm$(Q{El~p0* z0(`PYJ$Gx27Dr)9hF-5DVNqu8@aW8Y#WyZVNg#YpXE;d8Se4&3GB=VhvzUNaddv4j zc=7)deT4$6?1byux>9Gdjq%Q^4`ApNOiSCek07H0ZJ3|A+CvB!QncO9z5&~QmF%+` z`*;&uNz-1~Aaq)pouq13NmHXsLdRnSjW_;jb<$Q-%d4+P5M1$@TQs<xn9f^{oMKiZNm!-%@I1@d>lz!urlG*Om7I zXlo++<_C=+kc3YV89DX0nldtS!uKH0FV0Z;`2wj!vkTQnEsO*OMorfzytZDU_=p*? ztKJ3Wp?sc3xaVbs_U!f9a_gLX8^n|vBw#Qly-JKZ_?}e)I&@FIJftXSWmH)KmHRKn z_Yx}OV=Rg#tUfAudK0fyArM&Xu$PS2gsPnC1(A2Y)Zr#<+j0mwtX$rBH=GYw(UCQH z-^$7I@c}O!`}QX<5Rw&s(nZla>pS(4iHb?;*3?LRr!XX zQ~}qU&GIkaDEbM0lUs`{35?85uwjko(~q>>?`o^^t~_zJ)m_f0M}7Edr!HdB^vd?& zh*VOEd=i9eJjTjqU73c4!1@lNvU^YH{f`We$$rjzu!tQi&@+eXUO(dQe1tNSm8lj6 zGdz%D;?3oa)$R?u@TC44`PGKUsV^ES#bI=`Brq^p-bBp3F8}-Y>9hUVRaf=LGjL7< z6I0Vvdm)2gkC60)Q6N7#UE+4{*F`Q2D#0G(R7mtAT6;HrFArf@F3+HL#OvP$=}NCW z=MP39o_dbAUavh8Igbp!6JySK-ZW*dtawFm2s??YIsT~FdAEjqbFat{MQTymQ}Z|odtJZAJ;XeEWwtTMedf>%Xg;7RA(R?h`*Z~rVQ z@bxcmGg*meM@L%~nQj*CT zSw-%T_w;s@mlMq9{VK>b=If?C8Ml?GrpilacKb3v2Be(UoLFZIwoY^l&$1@3jJA0V zw$7wI5I_hJ)I`dWkdcLD-1b{+MDe&X{Un1LY)Bded#F^KWyYW5vmLTX#umI}WE5K3 zM-4dS!+k`|`7uAbAk`CyQ64EdY^)KiZ(y)-5JAoTCV%zAfur`#Z!aguG@9Br_Rw$k zo`fL|b93_%=`Y1XOVFWqJ~wZ0*qvkBvg+M9dJVjfoi2fu{E(!m=yWnCya1%K_`ff- zL?+0>I)<-p46so0(l~bGqj`)F*Q|aV>%W$?ibXi2z^Zn-m{KPU$HiRB|Dk>H`@QOf zruxf)(TaD%2Mg=AQf;L@K3jpj%WoI#l9PEiBo(an5D>_|i|6fh6C^2LQJqp;Yo#KN zmR6qSM9~a5(qRMrpE%Pbv;D@BVc!Dx5zZ=q^WMfl!_7&Y0Ib3OK#ORLEV#I1XBySg z!gvPE^EMQ8oukFNxy95vM_=t;(}MXca6P}c!9_iR>G;{I>|&|_U;rn7?zdsLjN9VH zygYF`C*NO>@&}&Ln_OlK8+KYY0xQdI;?e=LFhfUM+n_@`SmfZK$7T}$KFJWb-{`gF z%tKk{2$x-%vpU{+i4LYF3i9G*4U!tu(-aM%$0hrs()WP}(@TDP; zgu1>iZ8;l?iwQy+I_%tB)h4&8?6VEru%4djY-;|Z`Y_>dBpW}WsrJ?wlRA@zjvY5N zVXZaM{gsO-NMNlXu`J3HK!@xVq-l?A*sr9whT`)WWbT4>r|ME{`rC41LY9@CHF<%3 z(OlIn6YY zq$;>V2#h(&H>WRWHf6LLfGG`=N-bu3_d46Es9Go+DTjmMJLbrn-o%EzUvMKAuie?M zR@HG20B5FneY; zQrn%YH`I@S6U;MHbI1KboHAS;bMCSSA9)WnYpq%huDC&1g0pjz!EK1;OcvPz2m#cW ztOJw{NF9!0I_&7ZDc%_YMgr8YUV+#N5c%Td%Fx-}x$w&s7(=xi8O>ENlp0o%@VF#( z@Ku~_t`QWAvQn5$cX19A5fb))tSKlk7kl^f{712FYp8(j3E$ACQQjHdXKl=1s%uGklGBm5-!8o`|7+ugo*QtvswkOs-9-on#t8y@NWu#er z+RA~K9$Q>NK`+2cCTAb=JtN~wT-?vJG;Py7ZONd!w`m?Gg#6=2@NNXo zsBnM?GUSkqC(HNKol(h{E-Y0{e0=-aswI&!GoCk(vb=g|uxO?>Ah0q%_7DN`)8+UA zi3FHlrqHwsD9Fk2;k$g*e96zhf6!98Zuucw*7o2;re=FGn$j?@tNl(=akJdLBj8n^dO_XYB&f zl6L2v$1Ld}Ac_a9kp`!TPD+u|RE|gj@BmhPV+1JyxRbX@d>VTNbKvK7OmD(^8daH# z)==BV9jX%^d#Yc#6!(56mTByOF$`Ewxkg;D9xu~BdSnmAT1~kK6BBOsRGM}s zrV8GNMq}M3b#`6a&>Wmh|Jd6~O7fIRX*K#FlMqn;fw`%OUS>CpEdMuaMWJp!zZ!;J zgF`ShHp&`xF(C-SftUR1Ho*AF`vJz=Vv?|{ACVN|q^TF{XZ=wh6ta!`j?D5HvN*pe z)=J~rPSIMhgypp@D6{o97N`LSwTNxx+Zh73R$&mI`1b8a-y>73s2kFHGBP1h4?FRB z?0@%_f5GAOTZV%}LGN_BPm2U*;R_PjrNLyosHjWOZB`tOtjeQCP1g)quuib@&ROK; zeox*~8CTBbsjrBbzzj?PyT;9?GYITH#=RekgODsH!RiICGGN71bGmaM(i&14iHYaA zxAz1BGS`?{Se(CQBX4>cjbLLxy$gKJA$vraQNpE%cXmB@W!we|_UT`)1+A(dMKtt= zr-{APz+9A`UIsyGRGrIqYei$SVc*r_oOYixQ=`%IEz&fQygpM!@8qi8*mqOHv(a1k zgrY4jKCH@h_vXZ0E$&rKalpB6P;7 zGY#!3U=FLo5>1=Mk+v!OY()-prr4o|0-~4CD7SqfS3tIzKo= zw$w%0EJyFLAN$9Bo|N{Os*F~ml(XjMd6LiTU0z^*5ZEoiIx!KkuK%nN;mHAV$3B`5 zy5VqaKD{f>0IP#@&;~cb3txW84%B>-XYAs>_18D>HsHSHesNV*pMnmCfUvI`WIb;n zO^Yo+?D+kjdu&Qzv{T>w&Q~KEkL>opa`9FSSq#~J9t{d;_gz4IWTv)K*gWMAc z1o(jn3qMnvSuR%8Wr)H`y$=CN!mGWf>UAc*E8%4HiiP8KrpOR&U?+k>IyL{BwvF&X zuthc(qiW*8sFYj7!qE-BccT--Yg=N@=^|p?zGV@jRt{Jqunp^e*+!XNZxb!wM4OUTdaRD|*Jr0~#moK``7c_^)VtL$kq&$b*z#s;C4$-V7oQ)$0G?UUCz zOsD246>wWPioBJJ6#f?aOur*KSLnqHKpx5w^Wmol1Er~|%LCQ6HDcYtK{hErj9rh- zhag#G_V6BLX=$Z5d9`EAe9R#?GExqtTHNIX21E{qX*~r_e8f-(zN7wu;Nbl0OJQXV zpZC%f>ECXX&VodNLoKDnObG)A6~dK))ma%u6e7b0haCpIplQcLo$H|;vMh)=Ack?goD@Z5Oe5`)y< z-tH%`AP=&-=ynFv=6y(qPiU0YLNW)8@*e)S<><8Lu>Sr-8~|jHxcLAAjPwSG@Cu}P zjHzd6R%-~CF0IgY3J4Q6U8?W4P%LvJX}T9LCWeQDGcrIhBwyKLSefa!zDTxm%7>5r z`EZ&q!o1-BdVjefYf&MvZYN~vbvm~Y%R_c7kon;x~e03I3 zSI6KUn@6``zsa?{vQl1NzP##rJX>qu={ZZPGbxL|iHaeR0m77_&5n77q=M}*1A^UID5R;T!Y`+){Z5+LO z=rUc${az)|0Pt{et0H{Dva!ptYt0>6)t%&V)~*G>BY63TT`jM0VyX2iBL%baR8_6^ zYE3n8Ay(aEf$}vweBI<9N=kM>-eq7aqGc)?Bd&E!D8+I}{K$?)oF((CO^C!?-tcR> zxuY%m{FJ?05wU3B^3q1|=vR2KUkcRm8;H-z$k3ZSNxr+iJY=Y-0rp;Mu{$%iI?X7~ zF)BU@F)^8`0!3(3oz*K34w~)kag2x8_8Cd?HkPn~&mlVdNW?ef4*10TdYJ8tIAB(>a*;y&kgH z7tL`+v-SFQuAWy#@OBGTmsau8Cu8mp#sx3n83B)pZjLT53ItVDI>wE2!R;Jd=4rO+ zUR!6Io}8RaPR=S+uK&u2hmHA+RRlhAeEWIsK%c*KrJE*-2=m%##Lnuc+ImgJ(WRrg zc>&!2F+}{dx)D5)AtBPBLTh|XXF!d&tz@G8n6eQYc~N_Qr_1~GiL`wR9VO+F zf0)w4uA!;AIq0Z$u=!~!m!pHVb;nWsPW#ErQ&Oh$?;Qj}^g}Z<_0~hU4I!Jz7$iR8 z;Go=}t;K-|7Tp`7ZM&bZb+NBeWd>@0HVs1rNR~`|txb#E7UyzCeB3J}n3YY-I!0Pm z=x#ZDtt!drwQ1*cjRT_Dq%~ONNJ!`UlJ3e4z5V*U3;4I;kyi`Kdnp_y8(0eR;ch>& zGM51#qt)`p6o#a%5~dHmSsE`zJ|X_jDQ6W7c@~K{4*~JrDs`id(=S%E%>HB^p7iyl zCG**@Y)>AQ8s4l&m0n&IH%+-Mfg9AmPj8O<5HvKHTT]/gm,function(e){return I[e]})}function t(e){return e.nodeName.toLowerCase()}function r(e,n){var t=e&&e.exec(n);return t&&0===t.index}function a(e){return k.test(e)}function i(e){var n,t,r,i,o=e.className+" ";if(o+=e.parentNode?e.parentNode.className:"",t=B.exec(o))return R(t[1])?t[1]:"no-highlight";for(o=o.split(/\s+/),n=0,r=o.length;r>n;n++)if(i=o[n],a(i)||R(i))return i}function o(e,n){var t,r={};for(t in e)r[t]=e[t];if(n)for(t in n)r[t]=n[t];return r}function u(e){var n=[];return function r(e,a){for(var i=e.firstChild;i;i=i.nextSibling)3===i.nodeType?a+=i.nodeValue.length:1===i.nodeType&&(n.push({event:"start",offset:a,node:i}),a=r(i,a),t(i).match(/br|hr|img|input/)||n.push({event:"stop",offset:a,node:i}));return a}(e,0),n}function c(e,r,a){function i(){return e.length&&r.length?e[0].offset!==r[0].offset?e[0].offset"}function u(e){l+=""}function c(e){("start"===e.event?o:u)(e.node)}for(var s=0,l="",f=[];e.length||r.length;){var g=i();if(l+=n(a.substr(s,g[0].offset-s)),s=g[0].offset,g===e){f.reverse().forEach(u);do c(g.splice(0,1)[0]),g=i();while(g===e&&g.length&&g[0].offset===s);f.reverse().forEach(o)}else"start"===g[0].event?f.push(g[0].node):f.pop(),c(g.splice(0,1)[0])}return l+n(a.substr(s))}function s(e){function n(e){return e&&e.source||e}function t(t,r){return new RegExp(n(t),"m"+(e.cI?"i":"")+(r?"g":""))}function r(a,i){if(!a.compiled){if(a.compiled=!0,a.k=a.k||a.bK,a.k){var u={},c=function(n,t){e.cI&&(t=t.toLowerCase()),t.split(" ").forEach(function(e){var t=e.split("|");u[t[0]]=[n,t[1]?Number(t[1]):1]})};"string"==typeof a.k?c("keyword",a.k):E(a.k).forEach(function(e){c(e,a.k[e])}),a.k=u}a.lR=t(a.l||/\w+/,!0),i&&(a.bK&&(a.b="\\b("+a.bK.split(" ").join("|")+")\\b"),a.b||(a.b=/\B|\b/),a.bR=t(a.b),a.e||a.eW||(a.e=/\B|\b/),a.e&&(a.eR=t(a.e)),a.tE=n(a.e)||"",a.eW&&i.tE&&(a.tE+=(a.e?"|":"")+i.tE)),a.i&&(a.iR=t(a.i)),null==a.r&&(a.r=1),a.c||(a.c=[]);var s=[];a.c.forEach(function(e){e.v?e.v.forEach(function(n){s.push(o(e,n))}):s.push("self"===e?a:e)}),a.c=s,a.c.forEach(function(e){r(e,a)}),a.starts&&r(a.starts,i);var l=a.c.map(function(e){return e.bK?"\\.?("+e.b+")\\.?":e.b}).concat([a.tE,a.i]).map(n).filter(Boolean);a.t=l.length?t(l.join("|"),!0):{exec:function(){return null}}}}r(e)}function l(e,t,a,i){function o(e,n){var t,a;for(t=0,a=n.c.length;a>t;t++)if(r(n.c[t].bR,e))return n.c[t]}function u(e,n){if(r(e.eR,n)){for(;e.endsParent&&e.parent;)e=e.parent;return e}return e.eW?u(e.parent,n):void 0}function c(e,n){return!a&&r(n.iR,e)}function g(e,n){var t=N.cI?n[0].toLowerCase():n[0];return e.k.hasOwnProperty(t)&&e.k[t]}function h(e,n,t,r){var a=r?"":y.classPrefix,i='',i+n+o}function p(){var e,t,r,a;if(!E.k)return n(B);for(a="",t=0,E.lR.lastIndex=0,r=E.lR.exec(B);r;)a+=n(B.substr(t,r.index-t)),e=g(E,r),e?(M+=e[1],a+=h(e[0],n(r[0]))):a+=n(r[0]),t=E.lR.lastIndex,r=E.lR.exec(B);return a+n(B.substr(t))}function d(){var e="string"==typeof E.sL;if(e&&!x[E.sL])return n(B);var t=e?l(E.sL,B,!0,L[E.sL]):f(B,E.sL.length?E.sL:void 0);return E.r>0&&(M+=t.r),e&&(L[E.sL]=t.top),h(t.language,t.value,!1,!0)}function b(){k+=null!=E.sL?d():p(),B=""}function v(e){k+=e.cN?h(e.cN,"",!0):"",E=Object.create(e,{parent:{value:E}})}function m(e,n){if(B+=e,null==n)return b(),0;var t=o(n,E);if(t)return t.skip?B+=n:(t.eB&&(B+=n),b(),t.rB||t.eB||(B=n)),v(t,n),t.rB?0:n.length;var r=u(E,n);if(r){var a=E;a.skip?B+=n:(a.rE||a.eE||(B+=n),b(),a.eE&&(B=n));do E.cN&&(k+=C),E.skip||(M+=E.r),E=E.parent;while(E!==r.parent);return r.starts&&v(r.starts,""),a.rE?0:n.length}if(c(n,E))throw new Error('Illegal lexeme "'+n+'" for mode "'+(E.cN||"")+'"');return B+=n,n.length||1}var N=R(e);if(!N)throw new Error('Unknown language: "'+e+'"');s(N);var w,E=i||N,L={},k="";for(w=E;w!==N;w=w.parent)w.cN&&(k=h(w.cN,"",!0)+k);var B="",M=0;try{for(var I,j,O=0;;){if(E.t.lastIndex=O,I=E.t.exec(t),!I)break;j=m(t.substr(O,I.index-O),I[0]),O=I.index+j}for(m(t.substr(O)),w=E;w.parent;w=w.parent)w.cN&&(k+=C);return{r:M,value:k,language:e,top:E}}catch(T){if(T.message&&-1!==T.message.indexOf("Illegal"))return{r:0,value:n(t)};throw T}}function f(e,t){t=t||y.languages||E(x);var r={r:0,value:n(e)},a=r;return t.filter(R).forEach(function(n){var t=l(n,e,!1);t.language=n,t.r>a.r&&(a=t),t.r>r.r&&(a=r,r=t)}),a.language&&(r.second_best=a),r}function g(e){return y.tabReplace||y.useBR?e.replace(M,function(e,n){return y.useBR&&"\n"===e?"
    ":y.tabReplace?n.replace(/\t/g,y.tabReplace):void 0}):e}function h(e,n,t){var r=n?L[n]:t,a=[e.trim()];return e.match(/\bhljs\b/)||a.push("hljs"),-1===e.indexOf(r)&&a.push(r),a.join(" ").trim()}function p(e){var n,t,r,o,s,p=i(e);a(p)||(y.useBR?(n=document.createElementNS("http://www.w3.org/1999/xhtml","div"),n.innerHTML=e.innerHTML.replace(/\n/g,"").replace(//g,"\n")):n=e,s=n.textContent,r=p?l(p,s,!0):f(s),t=u(n),t.length&&(o=document.createElementNS("http://www.w3.org/1999/xhtml","div"),o.innerHTML=r.value,r.value=c(t,u(o),s)),r.value=g(r.value),e.innerHTML=r.value,e.className=h(e.className,p,r.language),e.result={language:r.language,re:r.r},r.second_best&&(e.second_best={language:r.second_best.language,re:r.second_best.r}))}function d(e){y=o(y,e)}function b(){if(!b.called){b.called=!0;var e=document.querySelectorAll("pre code");w.forEach.call(e,p)}}function v(){addEventListener("DOMContentLoaded",b,!1),addEventListener("load",b,!1)}function m(n,t){var r=x[n]=t(e);r.aliases&&r.aliases.forEach(function(e){L[e]=n})}function N(){return E(x)}function R(e){return e=(e||"").toLowerCase(),x[e]||x[L[e]]}var w=[],E=Object.keys,x={},L={},k=/^(no-?highlight|plain|text)$/i,B=/\blang(?:uage)?-([\w-]+)\b/i,M=/((^(<[^>]+>|\t|)+|(?:\n)))/gm,C="    ",y={classPrefix:"hljs-",tabReplace:null,useBR:!1,languages:void 0},I={"&":"&","<":"<",">":">"};return e.highlight=l,e.highlightAuto=f,e.fixMarkup=g,e.highlightBlock=p,e.configure=d,e.initHighlighting=b,e.initHighlightingOnLoad=v,e.registerLanguage=m,e.listLanguages=N,e.getLanguage=R,e.inherit=o,e.IR="[a-zA-Z]\\w*",e.UIR="[a-zA-Z_]\\w*",e.NR="\\b\\d+(\\.\\d+)?",e.CNR="(-?)(\\b0[xX][a-fA-F0-9]+|(\\b\\d+(\\.\\d*)?|\\.\\d+)([eE][-+]?\\d+)?)",e.BNR="\\b(0b[01]+)",e.RSR="!|!=|!==|%|%=|&|&&|&=|\\*|\\*=|\\+|\\+=|,|-|-=|/=|/|:|;|<<|<<=|<=|<|===|==|=|>>>=|>>=|>=|>>>|>>|>|\\?|\\[|\\{|\\(|\\^|\\^=|\\||\\|=|\\|\\||~",e.BE={b:"\\\\[\\s\\S]",r:0},e.ASM={cN:"string",b:"'",e:"'",i:"\\n",c:[e.BE]},e.QSM={cN:"string",b:'"',e:'"',i:"\\n",c:[e.BE]},e.PWM={b:/\b(a|an|the|are|I'm|isn't|don't|doesn't|won't|but|just|should|pretty|simply|enough|gonna|going|wtf|so|such|will|you|your|like)\b/},e.C=function(n,t,r){var a=e.inherit({cN:"comment",b:n,e:t,c:[]},r||{});return a.c.push(e.PWM),a.c.push({cN:"doctag",b:"(?:TODO|FIXME|NOTE|BUG|XXX):",r:0}),a},e.CLCM=e.C("//","$"),e.CBCM=e.C("/\\*","\\*/"),e.HCM=e.C("#","$"),e.NM={cN:"number",b:e.NR,r:0},e.CNM={cN:"number",b:e.CNR,r:0},e.BNM={cN:"number",b:e.BNR,r:0},e.CSSNM={cN:"number",b:e.NR+"(%|em|ex|ch|rem|vw|vh|vmin|vmax|cm|mm|in|pt|pc|px|deg|grad|rad|turn|s|ms|Hz|kHz|dpi|dpcm|dppx)?",r:0},e.RM={cN:"regexp",b:/\//,e:/\/[gimuy]*/,i:/\n/,c:[e.BE,{b:/\[/,e:/\]/,r:0,c:[e.BE]}]},e.TM={cN:"title",b:e.IR,r:0},e.UTM={cN:"title",b:e.UIR,r:0},e.METHOD_GUARD={b:"\\.\\s*"+e.UIR,r:0},e});hljs.registerLanguage("bash",function(e){var t={cN:"variable",v:[{b:/\$[\w\d#@][\w\d_]*/},{b:/\$\{(.*?)}/}]},s={cN:"string",b:/"/,e:/"/,c:[e.BE,t,{cN:"variable",b:/\$\(/,e:/\)/,c:[e.BE]}]},a={cN:"string",b:/'/,e:/'/};return{aliases:["sh","zsh"],l:/-?[a-z\._]+/,k:{keyword:"if then else elif fi for while in do done case esac function",literal:"true false",built_in:"break cd continue eval exec exit export getopts hash pwd readonly return shift test times trap umask unset alias bind builtin caller command declare echo enable help let local logout mapfile printf read readarray source type typeset ulimit unalias set shopt autoload bg bindkey bye cap chdir clone comparguments compcall compctl compdescribe compfiles compgroups compquote comptags comptry compvalues dirs disable disown echotc echoti emulate fc fg float functions getcap getln history integer jobs kill limit log noglob popd print pushd pushln rehash sched setcap setopt stat suspend ttyctl unfunction unhash unlimit unsetopt vared wait whence where which zcompile zformat zftp zle zmodload zparseopts zprof zpty zregexparse zsocket zstyle ztcp",_:"-ne -eq -lt -gt -f -d -e -s -l -a"},c:[{cN:"meta",b:/^#![^\n]+sh\s*$/,r:10},{cN:"function",b:/\w[\w\d_]*\s*\(\s*\)\s*\{/,rB:!0,c:[e.inherit(e.TM,{b:/\w[\w\d_]*/})],r:0},e.HCM,s,a,t]}});hljs.registerLanguage("ocaml",function(e){return{aliases:["ml"],k:{keyword:"and as assert asr begin class constraint do done downto else end exception external for fun function functor if in include inherit! inherit initializer land lazy let lor lsl lsr lxor match method!|10 method mod module mutable new object of open! open or private rec sig struct then to try type val! val virtual when while with parser value",built_in:"array bool bytes char exn|5 float int int32 int64 list lazy_t|5 nativeint|5 string unit in_channel out_channel ref",literal:"true false"},i:/\/\/|>>/,l:"[a-z_]\\w*!?",c:[{cN:"literal",b:"\\[(\\|\\|)?\\]|\\(\\)",r:0},e.C("\\(\\*","\\*\\)",{c:["self"]}),{cN:"symbol",b:"'[A-Za-z_](?!')[\\w']*"},{cN:"type",b:"`[A-Z][\\w']*"},{cN:"type",b:"\\b[A-Z][\\w']*",r:0},{b:"[a-z_]\\w*'[\\w']*",r:0},e.inherit(e.ASM,{cN:"string",r:0}),e.inherit(e.QSM,{i:null}),{cN:"number",b:"\\b(0[xX][a-fA-F0-9_]+[Lln]?|0[oO][0-7_]+[Lln]?|0[bB][01_]+[Lln]?|[0-9][0-9_]*([Lln]|(\\.[0-9_]*)?([eE][-+]?[0-9_]+)?)?)",r:0},{b:/[-=]>/}]}}); \ No newline at end of file diff --git a/tags/UI b/tags/UI new file mode 100644 index 0000000..bc415db --- /dev/null +++ b/tags/UI @@ -0,0 +1,3 @@ + +full stack engineer

    Jackline, a secure terminal-based XMPP client

    Written by hannes

    implement it once to know you can do it. implement it a second time and you get readable code. implementing it a third time from scratch may lead to useful libraries.

    +

    \ No newline at end of file diff --git a/tags/background b/tags/background new file mode 100644 index 0000000..6dd0491 --- /dev/null +++ b/tags/background @@ -0,0 +1,6 @@ + +full stack engineer

    Counting Bytes

    Written by hannes

    looking into dependencies and their sizes

    +

    Configuration DSL step-by-step

    Written by hannes

    how to actually configure the system

    +

    Why OCaml

    Written by hannes

    a gentle introduction into OCaml

    +

    About

    Written by hannes

    introduction (myself, this site)

    +

    \ No newline at end of file diff --git a/tags/bitcoin b/tags/bitcoin new file mode 100644 index 0000000..2a0a0d2 --- /dev/null +++ b/tags/bitcoin @@ -0,0 +1,3 @@ + +full stack engineer

    The Bitcoin Piñata - no candy for you

    Written by hannes

    More than three years ago we launched our Bitcoin Piñata as a transparent security bait. It is still up and running!

    +

    \ No newline at end of file diff --git a/tags/deployment b/tags/deployment new file mode 100644 index 0000000..3d44f25 --- /dev/null +++ b/tags/deployment @@ -0,0 +1,8 @@ + +full stack engineer

    Mirroring the opam repository and all tarballs

    Written by hannes

    Re-developing an opam cache from scratch, as a MirageOS unikernel

    +

    All your metrics belong to influx

    Written by hannes

    How to monitor your MirageOS unikernel with albatross and monitoring-experiments

    +

    Deploying binary MirageOS unikernels

    Written by hannes

    Finally, we provide reproducible binary MirageOS unikernels together with packages to reproduce them and setup your own builder

    +

    Deploying authoritative OCaml-DNS servers as MirageOS unikernels

    Written by hannes

    A tutorial how to deploy authoritative name servers, let's encrypt, and updating entries from unix services.

    +

    Summer 2019

    Written by hannes

    Bringing MirageOS into production, take IV monitoring, CalDAV, DNS

    +

    Albatross - provisioning, deploying, managing, and monitoring virtual machines

    Written by hannes

    all we need is X.509

    +

    \ No newline at end of file diff --git a/tags/future b/tags/future new file mode 100644 index 0000000..768b449 --- /dev/null +++ b/tags/future @@ -0,0 +1,3 @@ + +full stack engineer

    Minimising the virtual machine monitor

    Written by hannes

    MirageOS solo5 multiboot native on bhyve

    +

    \ No newline at end of file diff --git a/tags/http b/tags/http new file mode 100644 index 0000000..0472ed9 --- /dev/null +++ b/tags/http @@ -0,0 +1,3 @@ + +full stack engineer

    Fitting the things together

    Written by hannes

    building a simple website

    +

    \ No newline at end of file diff --git a/tags/logging b/tags/logging new file mode 100644 index 0000000..4ae91a1 --- /dev/null +++ b/tags/logging @@ -0,0 +1,3 @@ + +full stack engineer

    Exfiltrating log data using syslog

    Written by hannes

    sometimes preservation of data is useful

    +

    \ No newline at end of file diff --git a/tags/mirageos b/tags/mirageos new file mode 100644 index 0000000..2a501b9 --- /dev/null +++ b/tags/mirageos @@ -0,0 +1,23 @@ + +full stack engineer

    Mirroring the opam repository and all tarballs

    Written by hannes

    Re-developing an opam cache from scratch, as a MirageOS unikernel

    +

    All your metrics belong to influx

    Written by hannes

    How to monitor your MirageOS unikernel with albatross and monitoring-experiments

    +

    Deploying binary MirageOS unikernels

    Written by hannes

    Finally, we provide reproducible binary MirageOS unikernels together with packages to reproduce them and setup your own builder

    +

    Cryptography updates in OCaml and MirageOS

    Written by hannes

    Elliptic curves (ECDSA/ECDH) are supported in a maintainable and secure way.

    +

    The road ahead for MirageOS in 2021

    Written by hannes

    Home office, MirageOS unikernels, 2020 recap, 2021 tbd

    +

    Traceroute

    Written by hannes

    A MirageOS unikernel which traces the path between itself and a remote host.

    +

    Deploying authoritative OCaml-DNS servers as MirageOS unikernels

    Written by hannes

    A tutorial how to deploy authoritative name servers, let's encrypt, and updating entries from unix services.

    +

    Reproducible MirageOS unikernel builds

    Written by hannes

    MirageOS unikernels are reproducible :)

    +

    X509 0.7

    Written by hannes

    Five years since ocaml-x509 initial release, it has been reworked and used more widely

    +

    Summer 2019

    Written by hannes

    Bringing MirageOS into production, take IV monitoring, CalDAV, DNS

    +

    The Bitcoin Piñata - no candy for you

    Written by hannes

    More than three years ago we launched our Bitcoin Piñata as a transparent security bait. It is still up and running!

    +

    My 2018 contains robur and starts with re-engineering DNS

    Written by hannes

    New year brings new possibilities and a new environment. I've been working on the most Widely deployed key-value store, the domain name system. Primary and secondary name services are available, including dynamic updates, notify, and tsig authentication.

    +

    Albatross - provisioning, deploying, managing, and monitoring virtual machines

    Written by hannes

    all we need is X.509

    +

    Exfiltrating log data using syslog

    Written by hannes

    sometimes preservation of data is useful

    +

    Re-engineering ARP

    Written by hannes

    If you want it as you like, you've to do it yourself

    +

    Minimising the virtual machine monitor

    Written by hannes

    MirageOS solo5 multiboot native on bhyve

    +

    Counting Bytes

    Written by hannes

    looking into dependencies and their sizes

    +

    Configuration DSL step-by-step

    Written by hannes

    how to actually configure the system

    +

    Catch the bug, walking through the stack

    Written by hannes

    10BTC could've been yours

    +

    Fitting the things together

    Written by hannes

    building a simple website

    +

    Operating systems

    Written by hannes

    Operating systems and MirageOS

    +

    \ No newline at end of file diff --git a/tags/monitoring b/tags/monitoring new file mode 100644 index 0000000..dae7490 --- /dev/null +++ b/tags/monitoring @@ -0,0 +1,4 @@ + +full stack engineer

    All your metrics belong to influx

    Written by hannes

    How to monitor your MirageOS unikernel with albatross and monitoring-experiments

    +

    Summer 2019

    Written by hannes

    Bringing MirageOS into production, take IV monitoring, CalDAV, DNS

    +

    \ No newline at end of file diff --git a/tags/myself b/tags/myself new file mode 100644 index 0000000..e838f15 --- /dev/null +++ b/tags/myself @@ -0,0 +1,3 @@ + +full stack engineer

    About

    Written by hannes

    introduction (myself, this site)

    +

    \ No newline at end of file diff --git a/tags/opam b/tags/opam new file mode 100644 index 0000000..947c6e8 --- /dev/null +++ b/tags/opam @@ -0,0 +1,3 @@ + +full stack engineer

    Mirroring the opam repository and all tarballs

    Written by hannes

    Re-developing an opam cache from scratch, as a MirageOS unikernel

    +

    \ No newline at end of file diff --git a/tags/operating system b/tags/operating system new file mode 100644 index 0000000..1b7a6b0 --- /dev/null +++ b/tags/operating system @@ -0,0 +1,3 @@ + +full stack engineer

    Operating systems

    Written by hannes

    Operating systems and MirageOS

    +

    \ No newline at end of file diff --git a/tags/overview b/tags/overview new file mode 100644 index 0000000..3f49c41 --- /dev/null +++ b/tags/overview @@ -0,0 +1,6 @@ + +full stack engineer

    Conex, establish trust in community repositories

    Written by hannes

    Conex is a library to verify and attest package release integrity and authenticity through the use of cryptographic signatures.

    +

    Why OCaml

    Written by hannes

    a gentle introduction into OCaml

    +

    Operating systems

    Written by hannes

    Operating systems and MirageOS

    +

    About

    Written by hannes

    introduction (myself, this site)

    +

    \ No newline at end of file diff --git a/tags/package signing b/tags/package signing new file mode 100644 index 0000000..2dc2230 --- /dev/null +++ b/tags/package signing @@ -0,0 +1,6 @@ + +full stack engineer

    Reproducible MirageOS unikernel builds

    Written by hannes

    MirageOS unikernels are reproducible :)

    +

    Summer 2019

    Written by hannes

    Bringing MirageOS into production, take IV monitoring, CalDAV, DNS

    +

    Conex, establish trust in community repositories

    Written by hannes

    Conex is a library to verify and attest package release integrity and authenticity through the use of cryptographic signatures.

    +

    Who maintains package X?

    Written by hannes

    We describe why manual gathering of metadata is out of date, and version control systems are awesome.

    +

    \ No newline at end of file diff --git a/tags/protocol b/tags/protocol new file mode 100644 index 0000000..23984a8 --- /dev/null +++ b/tags/protocol @@ -0,0 +1,8 @@ + +full stack engineer

    Traceroute

    Written by hannes

    A MirageOS unikernel which traces the path between itself and a remote host.

    +

    Deploying authoritative OCaml-DNS servers as MirageOS unikernels

    Written by hannes

    A tutorial how to deploy authoritative name servers, let's encrypt, and updating entries from unix services.

    +

    My 2018 contains robur and starts with re-engineering DNS

    Written by hannes

    New year brings new possibilities and a new environment. I've been working on the most Widely deployed key-value store, the domain name system. Primary and secondary name services are available, including dynamic updates, notify, and tsig authentication.

    +

    Exfiltrating log data using syslog

    Written by hannes

    sometimes preservation of data is useful

    +

    Re-engineering ARP

    Written by hannes

    If you want it as you like, you've to do it yourself

    +

    Fitting the things together

    Written by hannes

    building a simple website

    +

    \ No newline at end of file diff --git a/tags/provisioning b/tags/provisioning new file mode 100644 index 0000000..5c492c0 --- /dev/null +++ b/tags/provisioning @@ -0,0 +1,3 @@ + +full stack engineer

    Albatross - provisioning, deploying, managing, and monitoring virtual machines

    Written by hannes

    all we need is X.509

    +

    \ No newline at end of file diff --git a/tags/security b/tags/security new file mode 100644 index 0000000..7858dc1 --- /dev/null +++ b/tags/security @@ -0,0 +1,12 @@ + +full stack engineer

    Cryptography updates in OCaml and MirageOS

    Written by hannes

    Elliptic curves (ECDSA/ECDH) are supported in a maintainable and secure way.

    +

    Reproducible MirageOS unikernel builds

    Written by hannes

    MirageOS unikernels are reproducible :)

    +

    X509 0.7

    Written by hannes

    Five years since ocaml-x509 initial release, it has been reworked and used more widely

    +

    Summer 2019

    Written by hannes

    Bringing MirageOS into production, take IV monitoring, CalDAV, DNS

    +

    The Bitcoin Piñata - no candy for you

    Written by hannes

    More than three years ago we launched our Bitcoin Piñata as a transparent security bait. It is still up and running!

    +

    Conex, establish trust in community repositories

    Written by hannes

    Conex is a library to verify and attest package release integrity and authenticity through the use of cryptographic signatures.

    +

    Who maintains package X?

    Written by hannes

    We describe why manual gathering of metadata is out of date, and version control systems are awesome.

    +

    Jackline, a secure terminal-based XMPP client

    Written by hannes

    implement it once to know you can do it. implement it a second time and you get readable code. implementing it a third time from scratch may lead to useful libraries.

    +

    Minimising the virtual machine monitor

    Written by hannes

    MirageOS solo5 multiboot native on bhyve

    +

    Catch the bug, walking through the stack

    Written by hannes

    10BTC could've been yours

    +

    \ No newline at end of file diff --git a/tags/tls b/tags/tls new file mode 100644 index 0000000..3d19540 --- /dev/null +++ b/tags/tls @@ -0,0 +1,6 @@ + +full stack engineer

    Cryptography updates in OCaml and MirageOS

    Written by hannes

    Elliptic curves (ECDSA/ECDH) are supported in a maintainable and secure way.

    +

    X509 0.7

    Written by hannes

    Five years since ocaml-x509 initial release, it has been reworked and used more widely

    +

    Summer 2019

    Written by hannes

    Bringing MirageOS into production, take IV monitoring, CalDAV, DNS

    +

    Fitting the things together

    Written by hannes

    building a simple website

    +

    \ No newline at end of file

    N|q?Sj*inF9-^;$BO<0% zRAk>6JTCH(5rrB~r2C)pK}rlh7Dx3YBu<|{FFN3EXJw|L)wut66gUK5;j6l3H*a2C z7dQx&;q=sLeFNUkf@IuDL8+;k>FIL+5EIUvP3lfHodxd>C|HqQ5ccqKA2sW*sQDKE zj1`g3>y5U;n)u6mC4+5=yi|`dxxoKRluC88e@jj8hI>9gJYSb=iaPnbfFOOf6BI#V zPgK#o>E(5im$%f>A@gBNjsraS*fC17bp#Xl-bg4%cVNSO%HG67Hx^+qVS=Kwq$)^IUA|rGC@GejQVU_;!DL`9H z?5d+9gNKK^r6n58KHIKNU-XnN+}YFsYWvHKjLr9M!{Tj zu)I9WJ23WGI0{QotHa{rQRoQ$m47V z?bD~@6F)Pn!>BLwy!hd|K8kC=jP7O+D*I`=*!8P-$>_MfS3e9+m{VLWzOe}t5E!t@ ziIedSFtMnD*@p^=L%_ z`8q_hYXW`w`LkYny4k$2>4cdhAKyAC2HEZG&W1Cw)0KM<_6Kd>&i%E+kwt3e;e#D_ z0(g&2y)j%qtEIJ2$5BwQa!B|Hv%;Q(VL{ufDwBlx?^_6|OFx@sXM28HR#rh-`H`*_C<#n$`^!Q^C^k?lbIp(B|e+ZK|ruJ-k*Sl1UF@mDnUQsm_9e-u8H z<`kE3@uapnOG)ZB;-r>*SV#!-QEfpXAr|7KX8nFPHel>O8I$taw9bS)S(-8Ya-kKFTHrNAz<$IcmS z8ls!Z8~k^1sC}ruzP>mdq92(%4GT-R|MM1HdIBn3hvz~l%DtH#$M^X6*zP!gK8FlG z$RZN~aJQP@oS$F3M@HPbLxGa@YwklS)0>h+cX`MQEF{}QI@@R&7%~t{$hiA+g)X4N ziuYd8(jI2ZHXx+2R0n*LKEVp?iLS2f@#BxX3T&z?5*|w$L^a-h^S@N6jr;%Kq);or z^M6jEmSbley=%7~5Lp5O=gj?Hz0%(7oA7L`b$?(0L2UL_*_*ZhK+pKq1Dr3P!>LW0 zjUT%U@|$9SMv2LW)sa>XwrlGMoEEk)TwjEvE5RQ@VuwBRn8ltV%W$wpF*jQW#!P}J z>!TCR?z|dY4u&4BdDWKmbDuu7UCj#x@;WtD+s$p(%lZ!pj#LRS%ZP}u(cHF*kQ8TT z!GRhbN;-(rzi`HE^ZS4!Afu%F&ZRS**A$}9o12qu*dQQyGs&Yi7#^#H#M>|>n|F(c^>;KCFvV^4SadB`s zO4oWUW>OR04HXwGzuymHxbA?Rc%U!T)vcYitD;;PT)usrL5xglwTHO5hB?^3b#%N= zPj|(FrV-Kc7rbq8nwO|J+BZ%W6J|Xx11qzh3!0K2oYRpU_8v(EltEu`^T7!4pMR_Hpn)QU&VF@&nk{v{}_$S%zVQp`|<42)7rs)R2Kgzf6T2Fm?dUqvos`ZC&i35gUSX~*ni=6evi41!mC?a4^B?)EHS^{7|#i|XcD`}p`m zB6JQ}KRID(`7_s9-fO9+s4it;Vc@7Ujkx$;C${H#RxW| z&2Y7o{ng(x@BaiREP5gUe>5~oy^l$0QK#tsFWstCs$Cdrq9Kmn{JEY^^+-sd@Kg64 zW6LRYddH%?>1b*DI*M9a=Fnpyg(!F~i>1+Hx-t*q4Qg=+dN5_u2V_r??>=R`w>JT^ zv7pISamfP*%JH{WmKT>N?o?5r%M};5pPv39a)6lMAR7_WYK)#1r7FF^f95)H zG+A_+E@w`iI<_FEsK|k(6vCiiT?L~(Jw=)8c1b?{t7;=bvT?~B9H(2_64<&_lr|0y zG#wSY$lA3qAMob&-1eM>8_cFP^{o=AfaPT3bo~ z@bwJ}lY_g1l(uNTy1+3JL;P#F<@>*Gb}hVTJC_(k^jm#iVytZ}x#;^r(QuMmtu z;StyLyr8<2!a~2YBa`@mm0Q|WYoqVpr4>E0)r$7g`96qv9z1x@q@kg7JWLgH`o5O3 z(;r=lXZNX_YEMe=C0mtIGZKYut`3@-BS9QN=o6xvQ++b`J?5CG==Zp|7|!FbQbiww zZMM81$fM0KzI4#uxI5hvn^rUrkHUk{)1#dp=jUvf{-}l+Uu&HTI-|ujGg?4}nI$BK z12s{|$EF}fNsRnhii5|R$v=H-?#J~DLZ_nRY)Uq z{Q^$|dHM4gTtWS*B;4e>5#4)vl`F`+8-*rL^%Q9zMeT=~1_^Zr=|G{z-nDm1P~W?w zor{r$?C#1snOE!%5}R)TW&()D0JO2cV}Q`8$G!VR(gQD@g9$oX=5X~LbGxQwx=ha` za2Vsgg~ibV%foHhQ1J$(b$p(AWi>Tan>LYL6XWCA$g;7wKcwi0;RujWLqC4V`9)fa z>YjvFO&7}1ti@ap9wLZ~ zAJdEPrT;xoU@88ep$N|rq@b6H57}N)QhQ(RG?4qI81zWjW7&1)sYJ*>h-=}I1~r%6 zCiv9Oo#PBT%YP}XgVoRgZKK-eGj+{pe5rPs6=Gu`ev^6DIfy~@*@JmMMuE$zVb3ND z_&G>9?)SSGNPmE&;GuvdrTR@*`hj14&eMKT=>@(v9a&-^Lhq!&JG=V;WneX;*tipDj%N@(@{g!2>T6w+rKnFq}ZIcOW4|$ z`P{yP2ay%xxuk@>kvVj0{$J{hOThDz-6Yn|zoNeV5#$pLt$-X`u;71HL-(gIbH9sG zPp=*Gp3!F)aOlAij9FE#OAne>WP&8A^~D)YSd{>;Kc;PgmT zTiesD3<;K9k80Z%f*emf3r|-^ilfiSXA~BFKI~yuWu#kk@i(tKbREE(Zs&?n z?(KV@=oPG39zQPZPDQ$JM%VpaBeQ3E`X}1FWsVjWHM!1?Wf|VYJ6A_Md&6g%cQPoq z<<2%@O*G64cka6dxCr!OjP{onX9nSQnH^m;%snEjt$mmyI?T~nPHv_;a?|C@w1FnV z)^|CnZ-T~{j8KuB>DEy}AGE25!r;gd5fK?Xa1M(H&Tx>pV$cD35k^r`wR4_9NCd{Y zAM%TWtK-*Yo}-H0Z3!$%HWbRZTd*=95yipp%@8{Z{Hi2@<y`}2Abp-_l@z-#{QMV{U)I44G7lF{tP4>z|S?hzP+hZ_?i0nyXa+CZEIJ_%8YfYDuf2anIytM9PWyn8nXMxV;@ zFu*d=#LB|OC1tJEw?0|zO|jQI-}rqy4aX!Klh|CQ%r z%ETm86Xk62`@bT0+r(r^_;Olj=1&~}vSa#WH8mebM()yt%T#u1y8nK9=;O!WTg%AF zVfgXV$S^eYaAM+Te-emR_U6WWJK3gJmdOVUxVaPi`Z^_s7J9mn}Edy5!25%@k zQ#f6+9lI5A)BIsJVr~qf1PDYnQM<#CvD$^%T^e|2&{{=MigMxnka-MU-Y`U!kzh|`6}=UO<_ zRCFvXtC%@L=c_0$KTci!T542io^vvAYkXGLES6&=nh~rV9I|q9A8TvJnmwraov)tJ z%HTS%rDs**k7y-`MOh&w+T%m%|jIxw%wqe+&!?>nbbLWIq*< zWyuZ~z0xq=8y^r531FYB>|na37(89{^gjy=_Y>0E+Tho>M+nxhUtb8@YqTOaEGhoC zHvz?}qU7$>M#Fqhwjyt3y!7hj%S#WqBj7oFm;D{lZdb7_dNxDdwQc)igXU@4_Qu8! zOHKb!T7@7!mv}eRa2a4ZxOxOmn9yPQ62xkh%E)sx3cC26ot$z>Y(zD~HIR zcvpBeban09`#vLFcg+EfqB<+&X5v}z>oZeURwle5-=UfX<5lbQX@WpZ-qx*Ku`Uq= zraVXvdzAw{CeA${m5>W57P<1P+%^L4YoR!O-5lu@UR4 zsvd0FvSUB3E&@fAmA9F@85sB>87n(8>r7VG85Dg~Thv-IM*0JpGMC=59z594D1Y7) z7un~7N5y5_9e^4lRRD<@Y~}C%rvBYRu!fYwH+PLMooX zxsy}n_tbB2bZng+m16y%rzeG=1Y|0uIAP^fQdhUJv^+M2vhvy3F7WA>PgmGkVZGMW-0my0jc%o)T!_ra zZgs^2;(crL?YBST>A<1PTqR3=b{=c?N$l4$GA|0&es^#MI2PUz2pobCAB9jRcCH8h zB_>FV#iogOb5R0r4oV56QPedz^YQRB047Er>mN0aX8yW~mH-5rkCoWBPm^>&dwxbrV)sQ`41~AD$Zr+VCDqw}1e@^3PtG-y16`xS(Q>i^FwO2hn ztuXXOsKPOWvYB0YcD@hVBS>X1S%H3QY<#?Dn|fgF_bIfbkpqpF(npWdlC-?R-i#!5 zlr<>&1Oe5w7X5}y9w^Dw8RKf(T;r_IANra&tyh*h8l%{(e$BXI{g+9X4n68q@cxr&M-iMYb= zm@qR?wY~a@@?(+luM_=sVPPCjzn-ioPM&$FlWKz8I0h#tdYlOTw(ig?=nU4H1{HbZ zjr#NFt3VyuOMT+Z=_%_kX8Z(U-2A2-DhUxWLoOaGxlF^f7m10m-=Ufc(xpcC4)+bF zULQqEwb@f)!wSlJOk`L?| z0n1W23NEhTB*7%8MzWk#$qA4`H$s%*SfQn~5%IOi1u-aqcq&X-pZUH~5DI(@Y6JwEeSH3q4r2@S8hYG}3vsu; zt?cr;6=SBV5uBoA6Mso8QnJ2P=d`NTJ@>1VuBxgIJ$*9yj8GI4m!$vYS`kDcU}kTjqx06^-{JCQH=Hz4`~jtB6a?=b z6I5-jf>)26sryGTFl&icw_Eq(*da+~G~L@SUgOGnZ`PPVpPIUTuiCI?S-NGj_Ul7$ z-)gQS^xr>noVOo9%3m2T$Un!9HSOK|VLlx`E?))HxOnBaLNlOR95!2I>}+i{HNE0l zv^JXa_(rAUe@nq#Zns2?bhK7tB{k--eQ1WPjCxty+rQ(xjU&hZQ3~!fvxTl!qwBJ3 zb>z_)i<$xU#!r@qb6)@St*-8*(p$g&?y)mF74Lo9TcDl@<==aI&bRUL?M25V_LuEC zuy?XYR_`L0WlwSZe@U?IJf*Ch&1YnundN+sA^KO(xhieW)!x#lb8}ObmEW40s-Mfg z#GHqc@^rTE$d6XVg9ptwZ;q-uD*PT9-s(@O+uOtf0y4zKT|KP+r=+-mp8q7pv7?5V zAFsWT-rd~|fuje_RJ^t#Pk8hlP8IC!7mr4$f+jK;;j+fLz4*D+*}R1UrI4# zmoMw=IaAgKSy*VqiT-2%U#PMAip$*;RU#xyYuTuLsM024}Iia9Hf{y#@ zj}{48Sw}3>{}#);0|Ml~lw~Gyzm;WEZu#q3yEbAoqFisTac@(QlAOf}FsE1lGs!qQ z9R}FpVb2-A4DcU-0@^@M&f(ZZU5-s3c007SSOm=}6W2&xeiIONdZJk+aOC@U36F(_ z^78lsx|PDAEoa>d6xbr`xSgm!(6NNy`yGH|gRQJkI;2o~`_9c}$y-So*tS099B@P6 z2lv9$7|wkNV(7bi96DWH?XV)_GVYo868a~p)3vMZP&{} zqHKQtO&}EdoBoNf!^zXx*#NpEND0r-Q$f7IEoyhYEa@Q)U6^-iZ`i@*sS&E%4aVn% z4sjPYwfPww1}XzC*1ey?g;QJHQ#T zvyUFhl+)1Yt7TKX{PQ^hmt(c8A5B+Yyp>HXYeJOdmbuxkshpgdb>xiU1GwwGtu`JJ z)TE=KiK&BWw>Qcw_=t77Ov0U^kzVK`5XxL^yx#ErBdthC7!$jA;#xrSC=L?RpsbVr%`8+2#1 z@qY3~@f*~K5RT3+__D;c>JtpeN_)P*SX6)x%!JZ4$QDxi$#LtgA;6SR3P5r^tX7Ig zRNh`>`Iy=t1)2>0Na2IuQh+j>Vzl4LmkY2*=9A}3Sp+ioJAMAtDam#)Flqs*OHewd zty`#gz{A3_j*U$f?V^`2j~NTk#cMJl%fFRo1=KTG&xgKmK;*zX9rW3?jjVTj3U0lr8t#jGzd-Dk! z!~X{BZnQNRRhPEb1J9|l(d2?k)ZRejoi~%id=3;nohs9?XeFinjkWhrX#^t}AzI@* z9UaHY2rDbsg5}7b+YR0^)!WejF*QA&^tuMQ*T5Y19brm}zWRC4dmpgY76$6+0JoWSjG4VZd zB5JuuQNdj4483m=fg6Btf7}znQo9c~b#Ox<`0df--FI1%vn*;%ntli>zCVB7@$fDK z#let!#l=zX&>o-EUZMT)pRu%*@HGd^`bp<+g;^h!4L>V2E$wDbNl8f{aP|CfjnS72 zY|nyGps~>r=_TkwTHDwRJ}>LUX#RCT27E*ZNXq_0=Qk&saXk>T{wjh2vGs5ZaKTX3 zW1r%EYXMu{u%@i6zGTs4ZY9k+S@<$DAdQ9xtGq;}HM;{W3bR43r8ut|N3A zf8N6bIJ7Gfkv`Y2qc;GZRs^qV_z^T5;P?g>@wzEX<_hCwg%R`s(4dDaZTXQ=Am;E+ zRUid)c1m(_A+QNGB(F}|N1P--f94hx40-%yesT~Iw;w)#zJ$>Lo*URz5HgL06D&aF zBNiFMLiQQJiONdKp9k(KLkICXAp!3J7Z!XajDr$Qu@Cp2;2;Jw6}!i~Rv&!~8`~->E+Q^P{HaQlf~Px)?AztH z&doVb+w?8d-JkiOySV z&OM>;Jq_}$JGPVg^!#woPDq%Z=yzsgtHD=jVp8&>HORr$W^e<=FU+7Bccb#jm~Kr< z%JHQb?Z}V3^YumDkhb1zNt$GwrL66S0f~RC_(~Nk40`lJE zOd9by@;<ZwCbN>DJcKQSHQufu`3lU;0kJwa0-C z(G`O}U|gV&%4N&#YFKy-rWYYhQ|AKF$J7azxK zrH)?3V}yepj`=D|N(6y8bR3{?(iX=a4a!by)#uNNZ{JR~WnAi>lxRz8M(Z&-DGA{f ztdKzNu00a%xQ0Np5*?ZXbHDf?t@wWhL^Dfl{)r1QmLmOGwn9{)HX@F@shB!%2Cpv$ru~Op*cYia@R~1p15&u{N1GD+(Qd^sw zNppI_8|R*?2tmJ^ThHH1kI1wO@{9h<2x#qB+G7jr5)OTgy*`1Hg`~&iPuJ6ve9y}m zYbg&Eo`dF#{+u)=w(tDY4jHUl=hOuj2+O+AM+|@r)$gS)CixhJCt81GgLW z>V3Qr>vR8MbMD|Sj5RvH)XUa4gvuWbw_rn-E|_K;2qop)NSH<|uA$kP5ww`ARRM^| zMgFv~Rm$lz58>H;kP(-lBDez}&G7yNjG1zC(xQ4NG~*G1iff2}iX>l2{JXO8sg&25lP7Vt zrfzR9-G885M>o*KF)usYKt|?n#>@Bb6JNYIcKrB!N3MyitkAi0Yy-Sx>kvx%AXMbc zFZ252zvFQil=fyhIBSNld;CcE04>*uz|DVGM+$#wX=yp+5Vwc)n6Rgi;TgdlOQL-~ zee?*bMNwiC1|@&bMs}GR+E!`}>?yb;vNtJ@<;!!~JOS~UklsTRtM>S2`r`b&<)urY zIR>hubv;dZ!!j+XhY?ITFFHSj_t&rbL?J|qE-YQKuU_3G1xA-M9!0S9E7kR2TN2VB zxhS#$l$itbHed+^_#QXa`D%|`X=rS1J%GG`{*YgPi;yNrb{xo|ud?F(33o7^X**rgaLCKzhxc|8QS^NR+ zJvYu7;$n;K-?4*N$zUtly8Zi=Dx>9Xd2Sb`FV940~AKJCBZZ zcW(mEZzRZj$ByZ3+s1$W($>{|AFZKbk1%rWllM=ZyuXIP((k%3wW)Fi4Q3GD1$RbW zydbBz@6si1s@;3r|B(GIYM7cr;G%gt6inQv;}B$8Q10Cq^673}p^2O6S*=EXtCo|Q zg1p<{7HVwz^#CGuAKFalJLrBd|9}n=@Zi{yllxs$Zb7IDZZC}^w|Fmo^1pWN7+jN+ z?dj=!YBgs+#9I%@usLpB(z$vH6=Pp)D}K0~s(OZDfS?3KP~>E~p&- zWKjff6NRK5u!jEBx4XB=?+ppEL8b}>m!0(RgV zj`u_fZ{BT)mUA2HF2ZPrJt#alxL9qgMu#d~o<+t4@dsYLghy#;2rNS_!W*!33{tE+ zavX z{*J7cdwvoEET8mezt?x4n=GOLn9YuMjeh^$bB<~)-JPG!Jd?dg|2e;OJ5=2;wQ`4k zh^ZDZzCi|tt>D6<&p>?zw?$12^}M#e{#?^*{Q(7IQ`3_6Eam=w-pELaWTS^!nVx;5 zBjq1?D0bHJ>Nk7`5!(uVyTI(&T7(t&<$D?!8g~8|iYqrKyYlvJSQrnG+D-{fcPIH@2NAaVV`27BIp`wnt*lMy0U_I6aM4bD$yW5Ai8|NdA@0f~CPFKIx+_4GTJ zD@&d4Ln2%ZNnm#b@BK)~zUw_B}t$4pHrI5}&+hz>ar`ZP1M8eYGAFQcO#3z!l4`y-CpcY2xy zqBf)V6~o`3XQn$C^N0Vk-rO#5lW`hVFnk*6S*l}I2FRNcFOskdMkR^s~?n#^B=KE+H=D?!N94bJR!Z6*; zY|q;ZWI0rA$Jm3Agv0@@ALKb!Gz&?c{2(HOdJI3U{YW<0fDlq&?#RhNoZOg4UoQ^8 zI0B&cg|zAGRzKvw7MY|XeTf9bjB3Mp1AG{ua`2(Kab7qwdP@Q-p{-lC0OuKX?;aJ^ zV+@h8yR>z7RyXwj`sE3^0&ud{hM1tRi-?3PMDrTtglZi~q`zQr!R_5^!%q9_$PO+p z-pV8<_fliqoa0N^m7b!AyJG{xE3(}97z%CgW5aQr+ub*a4Is5s~5KG_2bGe_6e{`~J0{pcp}mR{_ktHqb5bkFljy ziR1HK@j0@6YCi{ueBi`lI+w`RZ}}d{_gK^)1Z{hpb;c<3E+Kp-Ce4-+YJci%Hoc4}#8Ao21+ z&xi3VgJQ>(Z<9QBqo=iJ6gW72)6L2c@7Up@)p!nlx|G~pC_2u8idVLED)==^+7Bs|qRV}3jz`4{3v z%=Fbj)6M)Mf>3G0paKWwXLoNyx(YWu{PBEd`=pL|aTH*FN`gGVD1!SJq$37NO4zMuF)T) z-GFlMPRg4IT*a(!L1-8;tR%fpb6O9^NH}n>T8virnpCfndlyIw)~i1BR}-c14Q{`G zF!X17F!zCC-C~pGfz1!f9`yP##v2@elVYtLd_`W2F<$Ovu(d%#{J`AO%3RBQb@h3b z?3rozsUd;Mr?Z0|>J!5fqv~KM(DR%z1@xx!(WN(sW7P?kG(+OgjMcEpLu6YbXnS=2@C`z$HwNXI)Q5>9`ww*avMBd;A# z8E)m9i9hW|zRmsnA9rx`nNlrj}N) z_IJex`lnCJG8H_tW$AyvYsZcZlakFy>cFdFr~&*OsucIx4(Hd0yW`|HuJ3zix9xH} zmrdu=`=?I_9@eLnhp08Z&i&cvpsJ-6uO2lcDH(I4IywxjLOb(4av?m0vkX-x3Cm`AAFs*Cz>tk?5-+CVf@;eYLb`zgG6L+m zNHNEYke-2p<2YE&lu(FG7B9MWCqFAI>$B9`Aq)0XQbaqD(@8>**PXV;XSOTLmjBAzITpj#=tYls0WqGkGhUZ16d_F*q$P$H?pb#dCJG z^^;!{&pb%$}@m>(8Wmu%>+**;zQ$yu7r^3Tj}^~2jQrRHq~f zg&Y2K7S1G6pjwegBs)kHj2FydkJ)r1Dh( zSnTp#yo@Nb!@GW>yap2yt)UkTHx}9PzprCs$qDEb(J(g)!79dYT<8sP9Rz1QhIw=N4YXW0Z=Jv@O0jvfE9U5+5NW!glv;$vVPtrC ztu*RmzJjGMkldl617d3@=1TYwcoC9-(%-)V6&m7NVlp+;spFM`NnvsA>6Y6W7+^_{ zdhnpXr-w}^kf#_eNTcDk&kh2ivWVs}&`l(B+RK+h=9PZ;oPfIZJ=^uN>CLNGGer!R zU&OgubVPsB=7&De@?4s$k5=3VeNjiwgXkE!eadI^#Xo(N+b8C#Yi>TDpp_b{uCA@Q zXtaO$q0vox`sQ6b(<3F^Qu@N5h)3kuMXR-Ea$OnF_rL4@efXkGaEg`A-TeH4>?_vu z^Nq(J8rIhux3)4UY5yD)PRoDV{Q7az*KAor`r`4^S`nWgmO2bQ^PEp}b8(4`>f+_) z{m#N#2GI=<5Ant`M#&wUg&1LF@MOoeY>fd*^Nsyq+6wpS2w*3F@M-Eii_C+k(IAFEF^>ppy%8e z8v!5F>evS=jkk@^>WkQV`xn}aFrwt_IgUFUYN)h|*~v+uMYOe+3y&n?Ug5 zvPdEe#^cjn1_)L$jzQ_ZM|m$NC$OM7&|HYMO5-}?wb1Thq@|5XOiWBp?rPZmant9A zT^{ii-FRzk;*+zpHtm@|0i4FRwR_jD1f`e39uIYM*#*DExSURTYu|RjJzi}$opN!= zz7l+#y{i0sH!3L~IJp1n>_{@E3K8qborb!MX2*NkOZI&mjPk=}z0`c7q#^x^q2Ufp z(`aL3A0E^*fBy32*R15g*gsl;tELsAsZ(i{z3aa|V*#yaZj>gr(nDJm!J z2Kfv;bjMFrX2k~N z#)Ag~+csD9*aCY^;{Riz#$&TGRj-cKVA+^WV+SoQ#I+YMTsUmQc%$DdWigoI8H995 zMVYhk!Tz+-M(BVMwB;Wc4ra{YuAr*^vp!c`j2+`-V#???j!j94i9E`p`naj9{)+Ue zQ)gH(Q)Z@PD$s11k;+B(&ggC_AzkpsA<- zZlsisHaB_O3f~3#)yTKR{W98-EBs&x2P$S}lm^I_9m75ey%>Us9Y&fi10L+LF!emM zU!yC&EXnLCzA;z?u!vmA*4J^NwS3;thW!?IYlShtCsf)vWyLSkT*4zHCwI&6!NZ4H z7+YZjM}{8kRsJ4~TGh91Hy+e^*brQzpq0j0o)|MDqk+iu>1#SDgf=eI12uMT2Wc%2;KjAyzzN%jBJq&ub@D-LqXi`+ebX0w3O1@*B=XxSrTUwbEvJW zyM5=*rSbNp@vC{r&24FGd!zIA6S_Ku-m}|29P=S#62HnXEZp4D@gBx35bc7yPQ=&a zNyHFMA7A#aE_!aop!sFvSx$ODZ>^P;Z`&rip5YwA^-bCV{*PWMnHm_V=^Lo^4dSYE^S(|@9z4J; zNFYdvi;2lGUQ6%n&>C;sPcJhODG==Mzwk*xGDP{IQS!BG*WSGOMf$gizgHYKM)?lXZfJ_e^4n4Tf4LXu&6#<(1w8vxf84YlGY)A|hvpwSsv=^SD@9 z3rk8kj~sC-59Y)N^1l~;Ry5eLoJ+^y^bX5=4TefsL>IaT4Y!e2Y^_`z{DDNnb{Zw+ zg*0K2t7D6AFXTFo&~4uiq@5RlnFXsWdf`z;#v7dlupxTZK0Ah&4c2?GVQrEB4(^G` zNi@6^V+*Kk7Zq|WwYOh_{78zArT+4EyJ+o=Qxg#=9b*t zV2|luY`FuyIt2wDrG(g6=ee8yjagOfV6bGO`6LECDQWf3^SfW zD(;oJvEB*$z_dd?X@{J1_~pe?RX>B^7bxbwNYI8fiT}A>P+X`AigJlCgO z7qB}yPIph&1&Fp`Bf^&n4k^YDAJAe!(g1hfl~>n&4mj$pEkp_w%B*y>e=zJim?iq* zIKoN(ZIMxPSFx2;$DPy%{hDzi-aHPWg{AFMO30efAm27SO z<_Xyy>)!Y7^JzmX^;qGs3~KDSovE2r6$$|cJuNNvd$_)J9HH2|fB!!27HE3G41hf? zZ1a7fV9#T}$6*7orR&nH&(@BkbB7KYj!9VbFt7*Qb;bDT%M;rJ6i8}aDAF-lM_l-h zJv+D+o0g7bESgYwD@6b7DkymM3Tbt&buZ)r&S8PQWod_e(2v}Pw#UL8{`xPC%QXgX zeR=QJPS00ipwIs5#4=Lat;51x5ARC#$o0_D`VgZWt8bt#<$kuXe=|{7p5|{Dl<7b*~drL!C?x)Wblk`rcq?h&COMhI8*{C4C-f6PzZ>v zL}799H(W;?w1OX$Vq^1T@!W~bNPaTj3`U&MB9A&(Wcxks(|S=Aaz*UzSqjeNM}ijB zNJfJOw(l#WLQ{sxy^`Tz-L$isJFM=VE!Tib!3;8j&CHg#sW*DKWs<*Uu{M8hY_2Jo z==m$3s10}6Ma21d6u4kX0#@@1h4mJNcLeDmJJofJDf{NpXQw9n`}#0?L!^lb_E8N% z#Ayrw5ew-y=23J55n_%BxSEdQsSV=jX`}s$VYK}OQ3!f1TB-Xgqm6(1Q(t<%2O%B! zu-K8(TCH?iZ}63ubLc!|=j3jAN;R{VfRwnP&utGoo`NC4Z8D}Cs|Pl+Y~d^+B3olw|_sn&*i9Pt;gM_*z^gM zVAKnI&zz(MZCR-oYF^ZT-|3-%|9Jm2!rIfSxBm5yy+P}zX#32(_-762FOaH?Tj(F# z3>+nW5x0A`G5-F~LsFZu+5G;$ans#u8|#{H)C?x;W+Y5k*nCl2mCPN;XeurBs~OBP z43Ud6L>@hOsXXKLcgISbi|Oii^?%l_QRC7%L9v4&BKblF2kD(iZ#R^96RV9X1wtZI zV05dDl8SO=y}fKhA{TvwXc9mbKE7m(`w%av?(FQGm6nF(7hd!GS_Z1Bckz{9sDJ>a z)oR9QgFj z)TLiYi$9-{DZe!;NWVsnm-GSi7`<-&{w98ZzU_s?;ft^E;(Pb(0eD7)jqO}dv9G=T z-j#I(TFxQC!P;;1BhbEJWTYejGIK?{0#*!IT2aQC?Vw>|;-$Nzdg26`H!!DlA7Otp zH#4*P`fi(?j8&Im(rcHZQk*DoUh#TF7Zw@{BP2!FUjJl^e|$k3pWD!oJquFRKR8R0 z^Dr=I82zk|tw9q61WlM?vG{SsGD7H$0suXILK^-PQlL(elwHsNVC=o)vFzLU@spNP z(U6i=sB8%t84a?_%qS!)qhW?b(Nf4Id+%8yR7#>Gl~5=Y$`-Qs_`OfvPxpO4&-eR% z{rqvi?#FZEx~}s)KgV&r*8zLjq-Eky98l&Al!yovxt$Rdh$`_6=MZ_%pUV)>F3lN~ z$QVK5^ZK;~#_Q6%=nnzvqv8J$A<8QywUt1)r*4+s5X^tHF56W+S_cMXKm#Kr6n;TM z4$=xBTFCnD`TiXOcY*iMtm`t?aVYeCd&+pIV8VCcyv4%?;0g}s&qKE3U%QXeRLIrD zr_V@q_w*#Er1%=)*YLr_c2WbbVz3@qW?~PS2dq=|TQ_a8fCe8dG9Kt9oUy9_-MVtx zqzYr!y4Z+iPSSm*jLLTL_q*t@gU3`ea_6|7b+JJPwLqT;}~W#(~zuzcI^8n zKucJS4lB+kM#fvLUjsu!R}d!(9W@>V;J4qy!Y`cnLgpX|F#$H=BvMv>i)MoA1q4)R z!Z12veWd+3%h@jvaPxl0aH!pS0qI5v5CUCdjE=a@gS;11ZnM77YI$UhBk&kz|1 zz*0ja4(G0+*o9=#5{L~?A4>hZ0n{@Aae3>Oimh!Qa%>JYWg(4+g#|YiU)Bj*+Jf3d zvG%UOtmwC%Sao^!>{*!h(mUQ*$8VO5W(BN>1@zXTMP?NgSH$4M@@snPREHpIMM)^1 zCAxm(Glv@ce{s`IGOJjp_eE~G{@dPo_w8*ik{XL%m8kW39wb1iFgH3$YA>*7*2yYs;8G`BFNdqmwz9AH|tsM-)#||ozlB_Dp5BOKnRXUzV@O9f~6DC zKu@Oe9LOC88?OvT+gIyMgNJR667&V^5))l6%*k}c=OrH<&ep*42 z+jZ4-b?fP5XX6mujW(={Cuc0nq{5VA$MwN8L950yU5ju~k2*GFA@Tw6m4JROr+~mf&!>svIF)9BBkc4?i{~T4!iX0@)2PVcq`|6nRA?OWOC6k@ zmlNp>8l+#5u3k}Dx%b;s7gN)O%a^H~Hj6-jGXM}lyH#f$WFUjT=#fGgFO-ZXj*w#! zvd2#FlShvr8i6f{*wF4;N)2t0Vud$z5h ztp4E@u3LU#X0*7$fH_xx`Ep_4tAxayb-EE*oeN9iG%9<6kSACn<*+D8|grCSrgZ2h-BRC?m1Rxp#uat63zq)t8__sVlHUt9+QJ z3Ktr7V4v$2ik<7E_#@o-8Z6Q&K|#2q<=x>xJ#B8z#aE48(0Br1z@vC7(u+FvYNJ=z zzpnKzf;ML#CEwl6?Y>b_V@b(n$=3$fCsq|4y$$#Qhpy!I?WPEi$4OWE3bBF6vB_4F zK2hX025Y$asZ&8gK^&Ivp8a(S1=)VbodLj^g_+sMv*=FWG1_rzuohiF4M}$~AOh?f zVUu!J4Qob%IDiL@04$_BaNq!8f=!Ho0UC?kAN^*ku7)S4FfuSadHNLk+4o_)6Cr<6 zzKA;sldzhqDl;=PCUwD@uz$nsrK7|49{|19*Iz$=eEa+~uUeRqj!v<2|2<^;JbEZ~ zAlXo#MOBGA-Uy)+&fV3gdUI~69CCC_xn8ahr(b>66OE&TSjP4)BxHr>41ZxxpkS7H zneWd{n^v4SabzdwMjFA}H!EU9e?GffRub#^T+^_LhWJ_kP3HV|E)kKNm1~Qf`DqE( zeQ#o=CMZv)*xFvpe=Uv`6b%^MwM740ph2iM#%_SIrye#yUr?J>5pmeY<|iOI?4c__ zxj}9##3KMg4e;avp=_$IW`FMhcQr7gEnBx@y3l%TyuY_%tGz{aQQ|&1VXXX3% zX_0m!r~Nd>06Ua7H#b*Ss%4E+CK`j*5xGxaS>c45wR z?HaYlXH#dV92glV8tcYJqa+v^j@KQq-*m5bjNNs|>ya*VXXnHA4!j+Fr)oMYc%CS6 zC_(oYh=PWr{r4ESLp^GjQ{bEFn#(xYMEz>o88DvQq48+Au&)_4{yekHYXA@z_ObfE z-1(ww1PcizoO)}s-K0GqpeGnz^QFN2TZ@Y+!|V_Ht?4aM?zq>`!BsWcUzQVc9d5_N zh%Z@iR^S$Kl%yE-qT(XNXbgwI6Yxr@tbn&~ObgxFoHL3g3KHVtI607ta|wVYPNb9! z2Pda*4^AG0f)&ZX$V$O6dx+`ahX|+U@-8=5iJf~!?meB^;<*s1Jsluxgavpy8YN0f z+y#$h*Rw<`CA+(x7#{Z*5V&9QF0;^KXDFwV$~)N@8UB=2v;B{{Wfv|Ul4jjI@albd z*YI$Ly**D>)>?lS_gTbP{`kRkxI8gb(DG<*pv?Sg7TxEj-Q9g5FD2!2;koJ2 zhYbx3@JXtLox@yVseM^S<})3$;zqIg(Vki#pS_}@YdmKI`&!Q(V!uPN{Q7u<%Ru|v zUjL{GkU(X`q0F+|6h;zF4UNDjPo}{0$d91( z4ny_?y96Ya&xNG%W22X6w?GPb87|w{s+~&05)!V+f2uS*1@I0{B9yt6xhTbN|titzpQoE+e9xM@_ zJZERukKW1?Jdwn$L-he`aX>4st3CT+_3DzuZ0czB7O*(}FU!Bc*t@oL=L?I6r$r)g zct(BeHl9Z}M7EkTxQAFtRtj|!oq%0a0qV~gE30m3fDMuce^U>%1QZzd_Vxsb>T(=M z{@Bw+bEVRPZi_JI?%jcfHp__Li2Xowf7<;IwoSUO-PP*B!DEQB)QpNTDzpp;@?8a% ztKpLaB9)Hx^{tMP=5?LU6PI*zixg8Ox*K&4UUI)QdtNBG{EcE$W1;)Pd?6uZrda;< zD^Etql`AeMPkvZR^*5nFODj!;?Xgsx7%(7AtQ)a6QQ7)?(2k;owAe_)7LS?rFfjoB z435y!bxAwMkp2@d94dY^uc#3#5fQ$Z(rn<1 zu03sw+C>^5lqi}9pSm(6vqbg!hfzU zS>ZK5=aiYzOS`IBRBTwvS^Jo-#Xe*~oijlu#CowN-T4ky);TGcO~yXCy7^Z&>eJ27 z?~RUf(>M{bhsm@uh>tu(xCI3T1q5P1gMy|*^&&aQ$BH;W;sY*IS^3agDH1bJ|AmW9d3XPxS%Tk_vTA7PoqIEgt0^_BJ-K-PI-Q@>?#aGQk543IJo&Bxp$R+u!;`cR2r|uaM_rW|QBc zK2%~U+~d96Nl}$AExT*YmX9~fOgTB9ofNYAR(Sff)q{594<^+~MP*6Zy(yG@R`iyX z5M5j-&c3*;nmdipECQ0w<*#NE>Bdw7^92mjeV?;qx8GWdk=j}e?d9ThI~rVrL~w3y zEGL0{8EV(aruc&^dbxH4af`|+(J!5HBHQ>_Pj}i9Iq)gT$@w5%bac2*T5xemhR)2ZcF`4dwH%Dc z3P&aeQMI8a5N};WOZQkrZ57RkeDuf_H#Ns$R?7R4k^zy^_28Gt&#SgpMm#_biUJjo znCUfLbRXCWRiHsA_~4s;JkOMTyDeJ(s>Z7H6}Rx@%WF<}ybu=ly_{`DdYaJe+}ZT> z-PhOr{QB%kP=1EIsCx~yoU7|xMNp8%d-2#iM}-`%QZ4w}0$gbcFYKSe0f3VQ3^52o zPRqbu!yM>N=qYq(58N;a{KEg?)j<5tot8F_+8^E>+;aH2`Ows?PNuF$gg;o4!Kqn6 zOHRBfXfODmJSZ-FGGAD~2N;VIplje&Mqu7BOXGA!JL9w0VE}&#y}5_S98R10`I)od zxp4R%fh6^uIEqn%e1$Tjs8w|wT4adC?;}_jz6u^5$$=AXK|AI5 zo_Ut=apwOBRm%pSvHEi6<+Z1{V`pc3gLcMJVNF}-Jwpk|Y`VMOPfqUjrIRndRLCNg zarT>Ac0$7Q!oqE0VuqJ4+1b_Q<>gMhv0i`4%bm_Ia6eio{z%scrgiJ8k~-JzK%L>^ zRBCK!fLQ(J2Ls^#7z0n}>V|}dGP1G?Sh6xWf_8xB8!sHkt6I3Qe4oy8?~?E5WW>E| zg*S^>9mPt@!8?8ySvflbMbA4*`n~+_E3IobsHP@`2)W^29rQaGOPoWQgI5KV8B!!1 z`@U#=*sjrjcquLgC);vx+d*MryM8*%8P9jkMb?yByqZiSir~t}+8JCaf?ZV934SJM zvk=}>+CmLvq`|hJd&o0Z^Ece37m0QXTZ6HsNnVOX%FAvs0wox}@C+$Oh?fn3#t7?# zG-r^o@(seL@W{v`5h6;HvRi(`U`IX)rjKxmk&B`hVX#>do5W?uI*$$cA0%I)pF&fy zr>B~lUw-}=BsWN!l!XbcHyNFd@l$6zsF-o013xTPK|F}j(W9tuumi~7q67=*o={X& zMBoG+2H^$=i6- zR<^cz`T0%`4jX8e+IMQ~M+wF|0!n82u%UQ%_|}(9JTM5YVvE`jKb{u(bo3J4C^|dt zpX}LSX`cMZ{GBvUz+ldH@0N#ME*%}r($f4)euP(vw-m(8WU=|zy>j$=g}B7n?0{78 z%j;}=own?C;w%fTx@*48?lci8I*#iWCOyuftS$+}(W!S}1I1!W>4>(9yNvLC35E ztH*fH%u`@A5)Pe5V=Fh-m$ePy{ro~{0#&Uto6IQB{YX~%a;$Di+fg#|5ING%}Z#j-uAmSl~YF}~Y0373cBEjV0u7Ys+ zPY@@g;sQ6hD6;_44^f~bLU9?ty!HoLdcp++IHnV{$=ERB=;BiK=8c!<+1`yZYiVgW z00`JsV*>;c<0qoQcUXq*a;m_?Kz>e0Um*0j>wdrbXnoS(eCn4v7-VB8tA`dM%pl|d0DS#qO@ozdM zv>AsGo|Dh@^(hHe#5w35L1-Xyts*uNY$V`oWNE0}^T4yJEeMid%zfMza`?{oc%$io zp?fCb<#BV!KYKRvn$_qQ0;Fb9Q4!)IU~qtbZB_al=uBxp1rC}k3W-Q^JKFIZ zJrz4`u6&;@okLLU9c6@TEFJd8*u%NwAqHDDEe~gn19>`Xa|xhgsllseM$H+nki)sm zWa$;v*}uO8TqsUQgZxc3#xElLs=6@AKzrgh9Zl~sqA~>Y8B{C{4GqTy_R7jG0Nk16 zWkU<3dzEAdVG0Gsj7O;H!Ab9|eb7m0#~|BF-}P0&mF0g3<`0`RdPPW#6Bf6b$;qQP zk&Md2V+}r!T(XDlXWgBho3?IkLJ3M4KcJ(7wx|(QwlyuX8(qGaE+ZZzglA0SP{sJs z&>Jz5>*?uRfBaa#bt`V@^%9A@v5XcvJG{_ejrp`B7!Udt-c~4V07a6GQBq0@wtX$2 zSA@kW_pK{9956E$RWWKF{+hYY@L2$UTY~2Ju*Lf@Dgq7pd1q%C1mxl7?^t~anuNhi z-5bRs?aa-w((%X7pDM}N<&M7QhOf*L$c1-1Thd1g@`g>-*_fzcar#? z(mPH2xi?I%HToe@f)%dEI0MZ3`SZn+KKSePgZ;+d6M*l9-4TrL#$I_NdpTRAC>p0!J|i(IeI|xV8gW4#0KB+QWGJcc)Q)u{iA5WU<2C;7F{Q2jo-j(^D^vjNGlhK zcwan+y`)IbpPHOR>=3|wk{$*9Oxy_%$8y+G49;3xfQu09yLZ>%Z&^#!&cVZKvomuX z|JSdUVp%aUBoZ{geY=X>OzMd$2;c#D1VFAgjSrBv1aPJ)MQ!UzUo*K8X#FrJKq0tO zCl^``Ea}CJCFE^ZJUcrJI2wEqM8k7)a{w*Y5NK$C0IL~i$~E}j{Opq` zQ=IzPaJtLYc%ue+cq5Yq=OC~>B?@P-V(KUP5k~;-Fr384@1Iw4HZ6)1+B`fjmWbpi z++)}qjivzVC;k4DIeNGprI|hR#(N$LnmUu1z%7Av%v`PI$ZZ^OTh205p)QRXra0*R=?Z8uU z9`-1GF5q1xYc$^o%@k(cPiQ2Ki`WBkh0E9@HuDG^W)$2Atd;af`aBx{jgo*&+jPn1=QN(pxUMn z%kI$A+FvxGR08tk(KWckC#~U&?KrsNBhiw{si|FEU6!`C7ooW(Yf{_D6i6h9GL=fr&Hl#wCv!5$dWpFRH$BX}kbvSSC$)@l%YbYLf(TLx3t54k zZCEp*65@bI48@#P{9GL9f!uMNEO=t^QGsoub%$sR0uB*}PE}-arh9whN`fn`S&~~e zy|9n} zuJT-vGn?|BLx1i3tAjKinYdPqoEl9&Ywzk^q;_rEgqhxb=xW>01&D5VxVfjsJ{w0m zZi}sgFQ_s_EmCGb2a<)!O)xccPZm13weHBVKgRAbph zE{hvlZRInc2ob>ac>hzpj1(h0L9%KnqGD%X7yF5>iL6Yiv4V81bnAgj&5QRG`Lj@( zUMGp?me&Hc3&Tc@h`)*wzIf_~_#b9EP3OBB4XJQi{LjgM79lEW#04ShdqosfC8m2PTt`;)aUaRT1}%OH#pzRs;h-y@=|6N zHdAzT%(D`!*tmGTLo~sxLkpe}O24!wX?W$8$BsP|tVyjcY!9uko#mIm#I=+P`E7Xx z1LIFDo|Ki#1&R)?w8%(HyY}+?yi0Q=|I;vY{&z=){TDgK)k|<}f3bB2Nrr<8&lOECBrD12c*Y;a~a>cPM=QJo|nHhA8MSX+WXZTBEo!| zvmOf`kE6c@!l{7%y^9NGs;(>p1{*t%H)UK0Ms@V>@$hEOjD5}o$003URph3_ZKHJY zoB(I2PrLXrY@9VLxLs+14v7_o>eKt$|MEIeL$*KM^`Xe@%zQbVE)&1H-nnw@^E9%s zbm83lXg%?7!$sn#_b*(0gv#!-s%FQSa&kpkGn0L@Rj%arR2TmIu#O4!$9(4ZLO|pA zGJNLeTU%HdqprB?Xp$;!(6nTsb2QcEM|E`k{Qa9r_8C;WDsV({5?4|}(}!C06%8}C zMi&)%n3*MIt>?^cd}tYfDh8c14Ez~MNlS^FH*eaC89IK-F=I`~agQ!UUJElIg`$aB z2=rC@U67&R$9UkafY_Wx%6VfEr?~he=866LVUU(b;0zGv5CaYTMre9J;Ia@pz5HlMJm9NnON;|sh z<*PTNaC)N^!LJ2WfKu4s73(>Gx`G=Ms>x?XMNl>IHm+Aud54ByGXU9`@PT3J@~tx8 zfPmETT}L@1R}h%^@T#pp-~Wd60a6cfdsedv87=~irHDhRzxS}_qvl$g$N8=!E&KNu z4403Wcwdw))@W?Z7#<1Y%+fo5;zYFT?BuI!%P*;`CvO+j$VPN*Vs^IcKonr5v5(20 zMMU&KPUkirq&&Fjs(O8GZ>ZqY(9q9QQ{T{)hD3~bJ8XNx`Ra8zXGN^%{1fP`ATq-I zfEGH|B4u_~q5d;uq@NW`)WLNf&*bHCXsCF3 zc(C(XAKL|HjrDOAfCv9Mxh)_mV^J2 zk$#HClQKmLz@dMEs^>fnV2aK$Mj7NFuj0{tBtO>`~uP6mc+AtAZH zjTCQI%2_VDDE^z1(R8?UPQVPrl;|D!KiJr^qXHEnHdpfb&=HD!}_8%2FVHNfcrkr}yY8}f-# zBCp->;IJRoFmP1(V>OIex=ZEe?ecCrE%RafVBGkOmeyeh&1Ufj2f_0MurZGHO+{}v zCsl`Rbm%$SHqp0vsvt(+3XKf3O{L#np=*Mn1LdQ(Xoi5YX{N+`1unpI7?`p$5h#VP zWz_ra?Q`K~WH@fIIE|13&Y;7Tn>Q;Enm0p=(`ez9f-nvb%o!9FgbNLHcOwtT88{Q_ z9b~nz%z?m1tj$9Ve0aRfq6sK5&(R~b9ew#`sB|Gtt}sR&zaMx1zJ{7#`Wtqw zDGBELwX=XA`aaPs@p@qQho9)9hl`*1ajYg^%R z#9*a&k61==lLhb4p?xZf7Y_Ebb)CCFas3aSGCu$54v3Yjg39gQFWTy+CZwL9IeuX%D^98y&CiP z)lMs$oS8vb20nL<;sabecEBoO0RbAEs^OwGn}RJdbzq>rDB}s(EBAiF2S*E`&A7Dd zSx@a<6lXjlWlppYq345o6}?}_ia4q`+>$^QNrw<-4q$K$OiYqU+CaIOgLVp>q4jjr z+2Y?LkA|fj?UCpdR)j+0jKLnDs+yV{JhHfJQjL)E1Q>$xo}w_>5+6u&UA~5iv;#wZ z4$uZoq92o}FFOr|GyRzBzGm1WzUq|V@LEvIiI4P&QoU|B&hiLUEDG9awq4Ta9Vwp1CCJu zA#VL)mF84$W*LZ;ss(&40xcOPSQzcbw%sEWC6bcPiAUi>_#Mg(VR>&)4~}|0U5SKHpmS-kdI7TL z#fO=dl_XPA50NBTdn~Kcg)Ebc3;H0PTza%2a0y#lSTJqfI)UdMOGrpN!D_i%^~s8C z3>AX;m8J=adsLLIM@BLy20Xfdm>%Nl?K$0C82qXF#V!92w*x#mA{IU--$pggnf=Wm zS^R7<{#^aw+qE?=@7_tkD!KEBOwa=5fe&bD_c7~7c815DoDRCVHGF@0Bt`9~V5*LS zLSuhpdSAoH;J2r*k#}jnAbAkNd4mW-P=rL-P@W3WD<4QXSo7~LUjK~6g#=xOZM z2&%k`XbJ-ZeGh4@LI}QFyNU6$dRTR;gC!OWEv(7u475&U)W7%*1EOppZiSSjiXPju^3=aw0dal?-6G8|C%F~d;P;^@dm{K z-N7leOB;5mBA_g{z!lwPVhtEe@WZ63oQ0+B$B)Oy1-whXfTcp=fno+XEv}=WKH~K? zaP%WME^Wqj^;R(mz4uSv+@0>k{qeB;u!`M7J&0CcKXVPWd@nA0&SZsP_Qb?v!#t}m zm66%Db^)lceEZH!#tv9j#R|r>{5DW5+>iKDQ0f1!<4Dv6`wvmK61wt~Je2gP$E^R` zQK6pszeHE+gYAo~Q{v)PG_`4kau+=c2o;QDx$3bte&G@O8j{k|EJnKr!@{yKyghz0 z7QMUeE1v(Q)Hq*)BxxNbsR(s->Eao6XO~b2bze-6})m9;i zbROdc(ydyvX6{;Xo5-BYH5x_+d?%Z!*@wR3Rfj#9EUX?aIX3Xk(E1u87tn|4>gZ^= zKo9FIuxr;KHsndW7r^p5`!F6+i{jGKEbV7*CfmP#i+2E_$zPb}uU{=#y2B&uT_PkR zavW0`+&5{qFhyZJ!Z-z}Ko$fNAVfIW(q;~00S=mBJ8a(pa|aL%r5jCt&@*M-rb9o` z3gff~U~De5xp;m$6Cz@)m;j1kWE7K`X@mVrwf+wpY)?v#>E%XMHGTT0Lo_2DX|-F$ zY_Sudr~Y13Z(Sx@x|bFYSFGM#jq?dfK*r`lr+Jh3rfUtgl@_;oI6c-lzOWy1x3~G*0?svwv#bK@B7u zaVc4!_`fqzJH}M9$d3Uq7Mxzd=V@L(#^??i3%blOk<;tzSjiPtJ+OpeF&d}=rDQ7` z8!fv{^;}zMHvLRDD^6266?Q_Dda4K393=kpi{5fTgxhn1dQj%CRj0-w+&csve^y{@Q$3a6o|32htI3uuwi z6eG&xRof8F6?%)v#St)$Is*NZEQl-&XsDW)vOw{{Nu6U+$;7kMPa()Hm^0l;EllXL zdMZ$e(2x*nSU3ubillFqL2K5C*pb=igHsp3pUSb9IeP?DYE*Qz{DKK!Uc|$_FwFsH z{m8CKfeXT2jTRUVk_z;Ba$?^0hVDww_k8gCf|Jh(9+YYO*0olgLAP$v5^3q_U=o#{ zN5Fi7wgcg5hV{(#pp-5<{fpvLSy1h+FM8lQu@zZvNc4qg%n^qa^4Ap}?End+m_nvhKwE`A5e9_7i=t30g8Csl zUuBlEYN+_oW&>*k-v9_#FHEa`-N%hJCV5doaSrzOwzjr_NddMIFFt*80F+N4VvBEz z3)>lRqyUv$;#FMidGzR=*jV&4{JSn1J=pGa58W`HbpStbX$JngaktNyxh)Oo0({fg zoKq_T$`b|f_ti{HOz=x^Mx0a0PeMzL#u%s)lmj&q!F%F0XMW4C$qv8FCbWFbl+P^RS?;l8G08a0*Y+fqz%J~^miS(ae5@PZfe*f2Zj%LDQ zH68L>&6IC61?+2dhp+MDKaMinJsZ#7`w_n2{mxJ~dm%EB)bcL=Y`owGz#pIET}zM< zuo*g(n!A8f9yatrOmSnA4N_yie;)$zPk+<>QiaAo`H0V&Cxpbr{BPcz8ub9^sXZ%4 z5$x@zR6VyJWM};A^`YEIpxit+#|>jz^8%Z#2-p|atL=lz7n{`ZfbQqKFwrkR6tVFm z14Q;fs73B`{rTZ-wW~LKDF~l`@)d4dSiKZIf*Vbq{%wjPpwqBGn~c;>aJYSawgeV> zVSh;(wwDQh^;40a>_8sJS{CKtHjE`*T`LHPuEWVq$W_uExkt3?i;#+2Kxbt7z>=9w}v4vrEnjtRKdf4Bx2&lVzUqWy8J0*aA_h>uj1U$U{<;W|qf=Mwc>nGl z-gOM_a1<70W#7SJNK(McW6w^y69)VdJe9Q@0rVK!Gbh#0la{P;(vsB}6BQi%mk}%{ z;ZPHYzEor-8s0~cAUu64HKx8U(v(10Cf4yH5eg9p`1hbX)||q$_18eB0jK`nd@-kx zkjqM?ByP(${&TY(h+R#Z=g6rPMHKiEO2$s!s=v)rP{-fHaoGT;1cqhs&UA>?e~zVf z_^1K`0vNx!|Aeva&K)^v=X2*CdoEm(moEc_N_L#@+xq&T1}Qq*A~QL0->f&s?1Uzo z3xG1KVxPN?q&$B71#wjvd7#S-i}{b|>zo-m0ssQZB(aUW> zv1G9)0_u7={ZMuOx+*va-&R%OyH7E2+uaepmf%F?m62hMKc~e=7p)%P>uUgY*12;+ z#M0%V zWd8FyEGMsn_H8{R4||tUFwZYVJ|eWr;o&O@+;mI4AfKlu@>@vbFN{|S$5uX)UE&3p z93MDtd8C*D=MjqL!SHv;x`^VWl)NYi;Jv79cTomm%(GJJUEjagz}k2+?3Z_%u15Yl z>wv81w_xLu8Y{YgU;RQqjEcMXwCtm}SpM6%W#$*JhkbpdO2BvHF1PH`f4bQJC5q6# z_AfgZ9=i2L;@BmR4_Dt|H^QiJg5&9cKMc3MKL5H*XZ?#qlik6 zJZHT^EBB=Of%f)Sra8b+%==#x`%@|%0eykKh{#G}>3$kEhzuHDy=uov zf++-XPNj|+%+N3Q0{9X}W^!;vh6)eRoEmRYyh7v}MTdo1nV872ELQ`WEQKP=a6xBj z9ZwB?!FG?-LiPo5cq;Kk;{KhSyrAFkN`Yh1n02?2Ux1z_sZ+!3dD7cO*e>vs1x9et z4I*Msl)wK4dgZmmPT$7z9R)AOR`?@A~Gn~5H?{^iSqjtn=~Wqy0{ zf?ZfR7wU))C+oqM^4NH{q1%-mB#N` zes2S5op5+~@AwmY90_b+PtTklyzopbRUMGw?DWrUwIZ~NU!OSa6cHK4N5ZdzDsg7~ zfSt9wOo{+1aIP(#f$Z1!2TIXL(&Ceq2s$GP_aejWab0V=KTS+^ zD2bTw3Hn-lvuR%-pZ&n~hFbIb?fHA3ez7=y;}`9pZotED5c-6_KMMK-_oyLZ)J=WU zkk22SO6DMCXa7P^QG9>h%V6)s>lnFTc$E^2Fe9)V2lokYbeC?f^L0^BW03VY5aua z789Y4@Y5Vq+zOd3Iw+%{8k4zA?0OD;g-H*g4O2zuy8k4RQk(oXBR1 z>eJa5C~(MH1M|NIJpmX1o*{4w5WQgg*~&F*k~P=MBfKJ*7iS*O$DFe*&!KDJF~a|3 z_EP|Sx*;V`yCU`@P6Z{(KF|4QLh>JOa2sV^@d#x;xLfVsBXb*aPJsG|baFwL0vXhg zsx^Nu05=UN|8TrPfJPuMK<)1l7WVl|_=!fUbYsn+Kx8F?iN;Y1aWH~#<>d{iJyes5 z?nzq&0*vODFP9LAAV9-l2|;~tZv=%xO#t}Zg0u?gcE04BVq@&s=%~*TL{vyP?9d?t zdZ0Pv&u64?Q~Cqz1gAJces?<=(xwMF%W?HF6RA_o5Dx;w$&8DXUp+))Tq+^3tszv12bc<({LCqP(f*Wp9;e78;{ zo1DO9_ne=y1pB%$F`{Am3Uda&LIh42Xlf?3w(b(oU}JvSc{;rjSH{%J>W!H&MAC>5 zsAwD7$gK0{!<#EdLoaHKj|6)J;rAA^{lcyaa{6~ukrJak&_F`}f97ItQMxg0+u~Hc z7`OvZJU&N705}#x+e2Xe?78#jZ~FP2$Td?kF<~b_XO%ZJOkr08WC@`Uo$^3bqoPh~ z5A#56V12Cbw?uPWCZj3&5jJMi`RiedEz4weV!GvtN(9v($MxOhL({>RSV*xG9Hy&LdKRZ~-B zV*|faNZEbO2lo*(blt}XJib2P32{@9^S}Wh-&Mtf#XwiB(*Lx(^$pX@O*OgskRw36 zWRF99_3|YK{o0FK+r`S_p@MVZ?@%2XB)EquE=%<(mr+budt6LdI0Fr{a~+CB?Ur&< znz42%45^FS%44TRn20Rn;(2^X;LjlYLKi%Uyl8{FsQ7r0!L6mGQjYn-e?&@;b8^sE zf#b?`+ZM9DfmOdfK<__2ho;u`UAuSZ{Dv8@ZX9xijVZtYARaUdJ3LAO01LM-GaH3&xK+@l+NM*eOyEv;l*A1XwTcRfPk+Ru0qivT5BZ#fub`X3 z7nKR}b`yFMIF=JAgSbxjf0XNypBDG~+}97}^Gy1onI<>Hde^Qk{}%=jD7pLP z$B*_n2FZ{a$Z!1FWCb#JLA-)+0@_$*Bl*-%I9XtrMvuQ=)W}-!l_qBsN2c-c;rIV> zkv~$>dWiUT$X=NIUYiMn<4!wtSq?I!2cW9K7Z~;GK;Z{)15Y5(XNZ4F3gP_4qJkfI zdhsm0m3$fR%BAHkIPLf^AS3;Jh~zudW1^9@>yQPA*6Q((z4x_~e)--$IfA1VJqPIlWv?tgJ=HwuBU0w!aUp zy=?c|b)6}PLS1r3h9nY`YBs#@2<6MirxL&Y*WDw!GZ3v4t>tW#!{={RfM8!{+4oT(Tcqr+>xg9yRQh!TD_0;7bGPh&H#e)s*4E33uZ7bbTqCz zkS72Ct8W0B<;C7a#j6lqxjar|&zy_148mes54EkI7Iq&p zzR&Wfxint(EOg_a+Z;a;uM0=vsM@-s36_6+yL*Hb)=BQ#tUo`whYIED!O54nl8;c` zU%yt!$zY&6rxFqr5g`dD0bm>REiWF3FMYC=Sg>!(etm(gjwJSr5()$)UyWuUoMKK|9ygQ z+eYeF*AG-jK_7$8b+Ok6vAlQBo(%)bqfzJ?@}D{PH{z5|&qTQ|x-{nojRB7ycQ_?9 z6k@=A=&Ye#L{iYC<-yD^VtQhcEPn!S8aYp11MUuVPNRQaQSZxNtC;Sg^+GR)dNY;g z^11lk$$$7v#wR9HhrfaXgKSrAjhxn1{BF{1Z8W@MhIPx9p8o!CSbKytH3nYYH$36n z>1oXJR}hzwV1rkDD>w@$4vZymQIvHZP&F_>8VaPySCNT=f3FQ@e`3JNNJLh`ag1EM zoQDswAHcVE?CY~l%KqD~a#mot{XR+VTU)=M9+y;ikVoIOJ(OdN2l^ohp&#P7Pv8&b zJM8#;qu`1^_rBsr^5M`hl=*|&FZnO1{#zWHtlEJ$P+x-w^e#LH3m@tbx`oGpQ)=%5 zk;ko$=^CvOV2)DR6*h`zy#K%&o5Ykx>;9njH&S??2a-Dp&Y^+pQQJT*r#So`N>xU&l! zf^`hq7dA;pL~qfR6S)9lWtT=dV1PYi>6cf+qG- z5aJ=UdG*Q1M^*oH2_uqv1_q57k$ZE5=o@Zt&U+B`Kb=80Mt%Uq$O6n*g(GO$yCi|p zp`n|;zBm%B(6K(A zbxxT`Xl6r)gs&A|aK$R|AGUwKk?$Y3AAmrOJ^h#-0b3zjP)Sj765Ih-vG=FvVFL{KVB2SBi?>mIcP=TZYLnyv7&jr z1);Y7hG<4Mm@KzimF)DOp4TLBWBhVq<6gr=H=@4kL>G@#g}`BS~BP=n<@5 z62io^;{=yz)rxn4I=P#3>^ZwsN=Ui9hcKto`lTAWMwhy?9|q>^br>F5MlC~7$^B@3 zBS+j(UY&gA#M3VU%)4!d55XCncJfvHZ&|s{g{3R3cl<8!QV71VwAA9RO&vp8CmQH( zguinE*AWU=wdTEl1?#QhWjcj5LT<-jqDtevwcExpSZtCR92>(zsJz@<>)tKZC_k}# z&l;f(CUY!P3sXYy43U~5=z)46IZ67U_1tseIo7ulxP_aGJ&lJb++c|S%6&x~jY{x7 zbOS)0s>1hlp~@i&F|g4>zVV>6j)q3K`1$Q)7myf;aS3D}I5@^@E|EFW7b_z~(J1HT zF(ZAwSL=P}c0emaXzbB|Ix~>*c8Lyejt$taR(SwLr~&Q$gUDx$}qS z!BYdbF1ZKJtxEiz&KFDk14=Pq4k*XmuC1h0QEtmUCydc!j>6vs!o+}wn-`@cwEipjTb%Kl#_f)Q{hS4uMDw^zH&-4Ya3yg>E3YqBTE-Dk|!5tW64PT12i|kk4*mJ zc*Utih|C}-fM8m~ByN_yZS}FUonC>fH_;MSavzx_mZn~7uf6ltjopi$hGwk5r|!aQ zANj2D6IN@O<36p_7+l9cb=SBwzHMZXQT_L|x{jdr&^M4E?AY=T=Nl&!< z$0vTX{@2G z#wUL=PXkvlUGWP0!V`wp!*{8d;{7FkXOEcDGyh;{PF3M~tnSXm6N5ZgH_~*kIleZi zf?&^RSv4F(8`I3-*gtXRarCtaU!LfdiLWz_XuEWSKYt3g%HVk`n(uT`hV6OGW|5VH z4EdWD|MXANyQ*p{=KjKq3SvhUs0t9J2%Zd5bf6h%3qC>AfO%x1=hIFUOm=p5LBXoJ zy5K?{>?lRu0Cqs0CSzm$pR-%w0s%s101Cdt{(EfGbC75VH2lH7=pa(!qNiz1JmQIL z_~W^1h7o>S9~Nem96v?%^w*t_xjZhXmU}DlaMzp~Xf`Z%cvKj{bnvDEQ|wNY(fG>UZ4TncL)MRUH#l5ZpDT;|q{Q=JCO%{xQR{p<_v(iSXEG+fyRSzC zJNYr@OQJ{ZGz16(rVBv;!Z_1W#{iKdEcdUxRfsvnk!FbWga5b?IGvQ_oMNU|YnU=xDpMXRAzepk5R^^Oc4WMEeh_(@DZlVTl)jM?^D^e@s?E z3kb>+S{edgqSW;Cn;f^vTaZ)d)>4~geo1bI2@^*Z4kmh49F=jBnW_lZ*}1kaY2DKO z^qfjq5wM0gRN5nEzTla?i;360;N(HE8fwkBS4Z6p$DDuOtTPlds;{Zy#@5f3XF$yh!H0dZy|1Kuh*Pgp$|RiI1(R z6a8i1vXNQJT}F6(d1zC&m7R3i)O7`cP<9$gKj+r&^EwQ{Q!$@bkB;f9TBzCe2XEc` zXn>AOiSojodJ&iRxP>cg@E%TL=yTxU#sija_W?<^WNHcAlki-o?E_u~kpsXMh_MNz zaK5p4Naa;xf)=a-aNXOGMMfmx;368p$uLwCXh1FZ!drd0$QAa>?86_Y#`2#PMA$hq zPkMNrXG^WA*M1z%sdVb#L86s*srG2NdMfQ?`!(qjm*KUpU#eoP#E#utvxI2Y)wVD* zryFQ`H0RQfH(>X^vY_uqVAZBK5lf0V>$U8FQN z{q`t&sE{}9%|gSt?g_vv%(4h03cye$WR5UMg7i@UZ&V54*ul?V31oT2mc>&zW7A`I z)-{Th+DU)*ZXYkYCO(9uya)lCQ z>HcS#_Y4aJgmwxZ2`^(BDOwY)zF}~gqh$2Ewz~RyrY)o0UvpkI`M&ijKf)^G78Nzz z_alEZ{~AAkNlE;Q#>QEf*_R2FkIs^k%fF4Tyh2ctYOI#-Z)e>3FT{d0!N>BsM zC1M7%tb89mnt;89KzH(&?NZbNLAAG#9=;n4=Yt1d3Y~1)WG8I-1O$v8n3Q095Sa7! zwl*z&eeP%NZA~EFbdbo=YxIL??dTZuT$u1Qelr{++P(&QDdMw^>;&BWr(FH5s5;JW|3^y?C8zJj@NuQiYT#qQRWp z>?FR|tzft%G*~1Y!_~ zNt_&DHzLBrU0YvJ5qbr-`XDVZFrLuTa=?U^l#~RR>XEiP(g+abPp%1p(`yQL6Zj!x zxd^rX>|>mUyne;_!h~k|%K`@vPv6U8Dk0fV#M6&ZS!XeS5E%Qve5%_pA96L|0;_i`#nEJ33 zL5Gfu@+v?HtIOFd0_N8fe#^@w_G!wU5~8WRU)M*q!*YSf$%*w{+sLwos4`U)%`aP= zR+OG!>nvLp0R;TQKyO_{#PUr+@*Gwz`8G2@qZ&3ud5Y&b%*0APVr!oBJUrgF`di^u z>9~bfDi6fb!6F`1!AbK&r`bj(pk*E#rJlMZ)>x_T2vSHq-}}?}*;~_eAtg=r)RNL_ zN7~U7d0#v+v&&!|!x&aaxFPE>K@j`Oyxq=W85U+{coB)m7(+3*K_0pXig3s#kA|~J zyS4xL@ez^?Yny(AxlpwNU4%4CWcO~YKZTe^hCpl;8mcUV{I|&VtRST^?%*&WcS)db z!KH?t8FV^)C*(qVp=rMQ7i z2CuNNJ+=bF?h1(u6o~71m96D-?~|_ce|lciTO$}*Jk!g@e}4Xj+oJXqYyCFIs41z`daBtkY?#hdQ6kSpV$tsY4jm}J==dJchdcDxF;5dW$Kn07_z~V z8)v;vOi*ATKl5jggoA*uD74dE+9zlk=d%TJW^;X`#fNH<#if0Xf%iUMnWK|*^qr&Z z`R^#WmABQpk%cQAAv^GGa46hHJbMZ7*oO73u{XXz>q{!2x(=GbNDeV^0yk6)NKXP< z7Z;=15f&Nge&NDC*WsmyOzn&>+#dF>v`H7(ymf2&t5+h4SJ{l6uxb%V3{2_YJ34eU zhv!}DfpM zQFGeP=#^40SgT_>E8h0@ruOs{PfoMV{fzS0y}tMCTl*2;TPn@Zv8<}XQ!VvVUQ@xn zj7y;-(@wf)&V2a!d4hGv-Qs&cw5cA=$9Ascq~hE^|Nl|<)^Sy>-TvrAkdhLmQvs2d zkPblw2?-HUkdRIhl}-sM=@O7ex>H)EM39h>2I-LQzGLa$=l9-o&b^=e?-gXjcCpr6 zb3SuCBfhcB63SQ@c6t5mSazet^Z* z1%ojdl|X|5Flp(XC8yx~#jNmd9pDV`3*Za43lI`US*xS|*?d4j70p09ZW|0<1CA9FMNxjPa6JG_6H!hKP+ydO1u%7hDn2fSir(;=9ItzM2C29Z0ljT%USR3Rhio9tg@tjUc`!Z&4O=i@1nU0rbcjuL z_0p!u{-k7m(nQwRdxXLX6+rfVs1NL2@EFtA&j_LV={#1g#fanP#$aWIKi5eU{!Z{` zXD2+*Pzkw_Q46?~y?)K#aF)nUIWOk0-g9=6bTVFN(6m(j{EESta6CLI=Cr%5|6GhN zdwY4L_A&d=f8h#Chh7GOotLuV-C~E-@otn^jG_Djhp4~gA@2FskffqFgu6#IF9W) zo4JFQN=j;8_*V5N$GMPmXl)jZ6bhcLvz5!As8^f5xqNAN>HuFS;su3s*z{275+kOs zl6!7xB%Ky`=H-$q?&T-r(=Zq| zBcQ|%cggifVKZv5{{SBm){h?S{m>*ZdG-v7#_>M0@CkBmfQ?c~xVcD4eSvhXysWHA z2Os7X*dScT!I2LM#{aXxYuqrc(Ae>0I(D1&+bORbCY_-u0`jMS4BA9NdvM##=GFE# zztuaWyFB;JF##aSfP-y^z+)$q+^VkwEt!(r>;c`9nm}d!(JoW1t5#-yKC6?OoSco5 z(_*5SA}cE%2ZxbT7aBN8UVP&uCVFVUns=p~GpGEaHsir5LiF@BQ)!k&zF$juos+#I zmR@i26T!*Rvbfum^pup*bWSL^%^!b6r$kX&potJ07ItN)AD}qrz|lNvz1RgLydrkM z^(!ZFykRxx{a;UsUn$O)0WO8W@-6pVX|P*~gIo-*g*QqKA7$23R`&j;g}R*`KLW%N z5W<*(IU?CeImhm&u`yTJW}ul3{aG}R-@ktY0|!K+el#{Rh>2;xa|9>>>_LMy_FR6J zrX*w29mb`;_*8RKQ&O(Oiaa4R70=rE!Jl@wgSHIq@Fe~JAyhm7#Nj;0*kjT z43j{P3Kj`4jMG1SkmZ0jQRCPcCvuw^%W8b9H+_ZwuU%i>`U=;XS4|KUO z6C}?Km6sM!Io~(%xfYb%I?-Nx`I75QA+&=M#ocyCqXwxKxpaBRU#VqOKeN}*S{6y` zAvtM%h@Yh1Y!sPW$?%BPJ3#oc#>l5>fr{m;$=n~`Yt~nj_GB}A!6Z*uvL?7}t-AZ* z$%9YKR8$z6!etdSra{ytxfc!MlAP#xnLO#+NXe03f_{X*;hq6O24^rhF;^{mh}Uwq zy8)2V7081i&4O$N`Sj~~{n2U-6e%bVQSdQ?^9!L2-2?U(Fpvgd>XLFW?0azaQ4X{K znMk!K!$4_@{Ic$ZC;%db9WZqU{DjiURn`nhs30w$hm4DZogH+bnsuTq;~%|&Fp2W> z11xE}PWbS>VtEid8amxo(3>nb5f?`2YPA-)|>f-d;8u)6$ zpSveN)BZUA#RvysAOP7_fffU5$C|@xmAm)3ZRBg(9D zzs%waQgb4aF)w#lF(=GAEtj?(pRmSE%pV?|1T8XN$tOIT;8_l z0lQvZ4QNKxf`Ue6sHWndKBbnWW!~{!uucAJbSEG*>(|dTWDmH5O6Zq#yMLBR6p=(X zwKOFca@l{K{C#X&gfu3Ke_$(@jf$;(8NLQ5iCGBPNN=X`edmvJq1BCT-W(}AS=yCQaKd7W{Y_x;Zn^C#Ieo@-A<*T)<#X_`6x|h{9IyLU+P|VvKZmGNZ4_bjDPz zveggbo2tyDZDfKS4-!@eL&uwj2K(_$o@W8QR z{R?E902l$fyQ+_>KjhZOKr8{(*bfy?!G90#9#I%)K`II|O*@|}Z~&n9x^)`F`%w5- zsKH7ohki?j%E9Z_);{^{VHN?Cy6k2E-DJY^!;TIWS1ZQVf+P#$r^umtUt?CiXZmYF{q%+t?5 zLemCxSOVuR>g1-SscUL#=$^SzG`MMhNJ}elVDPc^|KMKqNL%|R2m^b2SNZ#|HM9ir zh7TJFiJ^*>5-3&-Q|(H@B53I~IqMvVCSE|n&Z1PoZXp-mH2}?6*g#ACni_%6u1f0z`QlG#Q~b$E`>jF66cxyzvy*c8`$N$DFX-dK)H$|HlI6KPUtdJRlB)fDlTI zCh#X@fD)J8b%T_Yly&d|>_Yju1qH!zVIh1^zhICC8bQ*asfqhfFFFXs?m<--C|gVx zhgly>ZxH9x-&NdDPZxX84k9iA&|fdtWGn>c-U~ZBQZYubbN>m2akIXVuyBCe83K=tRW4+Cmn0654RF*`IF4x||Cv?Eg!$Icb`^#e{@B%7A6`-k8a7Ay}cqX`$acSU>|~Z z5A5?Y!PF_88z?bnfY$xY*V2Ie4D9C5Cz$aKL!%!BG=}ykR6;QL27j?n0|RydAA)-Y z`~#|;c36EIAv}U5z4X7IE z5kLrgz%1F$We7zY92X!rK%&3}u&DR$eN~b;VazAGLHk+qw$H9XBb!Ka|g)xz~T7WNX5scr8nE#C5^sG;Awm2Wd+&>>@3+Nz~b513|#rC zRB0fyldrX=_OMSwL!ha}xP7U_)S~LiYL-eG)Sv!m_4MA#7AV$4TXXYy1Q0dpiDRN5 z&Wa?TK2s8lHUhjTKzi`7v9k&aqT@b84YaKn1UWJ!OHkqi@lx4WQWX+^fM+V6*C9#C z&Ao6&@KiN3U4;d9F$@prnHAYU%KeOc3@yggVLiF z+)km_AZ%&`mj$@D8RAce(?u4UPNx}wibimJ+)Wt4=@eD7KK{@vZW}p)&4Y)Oit0Ek&$}wj-BFa zd){w>^LK|F3l(XdpU-YKQudor@AP%Pd8-m}Gqd1ERd6t$()pmKmFnjgkK7I z2aRr)IC{~O{5MqyqlA~B7_7G*0+=+_u&PHOvkJE#P%GoWhCns__O@Q{UuBxg57#)FODO|V<5=t!PfA7otN#b?M$*@BQjvFg08i*4INn4H> zx6W=dD~bx4blzQRxE4r?U*otHmA?`OVje#8BB}shneS>4HE20_jV|Kgh>zy+KXo3` zUMMD7f?f}=(<=uB1yVKn|0XZ7?q#K_^0Xs-vEqn zz&64BvX9_=kI2;k{v9Cefr@@sULKK@uweonh!ah%squz?cI- z^9%Q}vopRWO~Cbh5308)wjZHvPnEoa0z_*fupIZnvf8QyWxGw3>re|gXe_I@Y0D$j@ zQaD-@*hesFIRyQgzqIWvUV)}>V50PBf@$me;2c1NK>aQ)BV%r)MuHip^KVupmwn?O zUw=2$*O8M{!-eo&OThF1*k{+^i?Moi@p>Z98@@%f?!kPJ3RU7_U+_IL0g3&BwLDxl77~nTs)@l#|N&#q198L>Rk7M>)bfvN!!B% z!O4;fKLXZ-d$nW0guWN~+95N#EMq>0QSM6K%;MA>|M5=RjX?Qse_oNCAceog`ZmYo{eaea$r^%J zu9rT<$w}%6+s_!P^>XL5o@3L!Ca_EW<+$Kd-Sv3g(C#U3Ie-|70A~^My+fgGy;uJ@K<5BrNflE7a1t;U0GQbr51tS z4H97$6+J@-O|Q`nf`ZCz7{Rc+UGjV~g&@&FX&TCl_4Ho6!1P2YYP@xQq?MQJ5xUQ$ltr`{n41 z83xRgJz)+=dn$?RF>){boF40?TeT7!UUFp4a@`(?qdkFTVt85RzVshgT63m80@MEz zBhaPTbY-kK&_zDYUoc-7;J=jtcBynX;_i6m>>l+yOIq*VohZ=4D<8d{n4ozlC zG{_BA)E{bdWY(vY`JZM+{wVpNpl{e2HL8m2c6%581mA0Fn|ud%XC z^#A!c*4*4>!5w&DpUsjGaGJeu-Fl$Q2pZOU+2;@#iknsss=oG^xd7MA&1Isw1uex| z!PNA+n{|sl3^($z{z31goMja{V3pZ4gj6RYoFSQG75Q~L*GWibFPU%^VG%gQMH@qs zb7DU+J3DV-UY2rkd-V9&&Gqf_@-je53dibsv#fPtY_9qviO_`5F)kXDu{J+Tk8t7a z>Jdp&*V<58O?BMx&{wubOhP9ORf8Y7WI>8u-`ZGMICu>R9pA@gj1^ctmCeQtB#8;l z>d+6@mHu7HD0Y70@5DbJqw6mM4j^3HVOsWPx7Mp_*UEHYYoafKC_#!*hL|A;LwyOhrS0uBD*RdjIq8(ealrc^X0z zgF`vj*~ns|Uo0)lw|~RjSrIAHo#=b}7I3fChll)2<^!apTqPw#=vYNqczWEAi|yB* z)Y!`3FBc1GW%karM{sT(7rtDh3%qtND%QdMEf$eSO$2MMhK@?9NVQ+zkxCB_#n%3NT7;F`O{BzO5b9KHbW64c>@GU2bP*n^o?I zs3YMC5Uz73yktEdsH&<4JXblnjyEmRtjK);^gnsVAbZYBk{Mg-6Itjj9&$X|5cvcJ zd<2k2rhKn&0X_;a5C=ZLlm9>urRV@Uhk|3kn-X4IqZsTEWS8Yx*sip0w~iTaaODb4 z?vWz!-TU2>mQ!6_^l>oRxw4f->E+f|myC9PPR_I3506!~WYT&H#%h}lS;b`Ue|Lsn zQW@Xoux;b&7~gPNn?vkSMv#*hNB-!~LW^a=Lv3LJK0dp(jGtd;#T}z_n)IkeTmc(( zA3#F_APfs z8WmL)m#z^ZA2(@eOO%>gx`&JE!*jNj1KR9-imc|d-=_J_238CBL@A7`w50o@4*Hf?y3A z%7}9-JRR|{TqO%-gmROzN)#Xe`(aCq^9EtBt})L-*~s3in1WlAehG$)q_&kdLyVTX zPEVDA48Tq7tjepG7k>`ekiV+7tFiNkQN{5QtuB4{X+b`Zd==oO7e2j)Sd}1b_sw~0 zPVJeFtAWAN*4q>>%v{!7L*oX0R_-cMTAW*HJ%aDwG_@)XyYJD2aG9oMobqw3{Hi;W zlT$E?<_T#9pdOqI*WF{sA8E|lUA!-J=3}B7>h^9F&sbGSRz3qv+e5;*le_pdiPL|S zS+;RdOsT)il;<0}x~l=YZA^X0+f;Z%C7YE`IDgvp`5hjyWo^V%6yJ#H{Fl=tV zyJ`l^)3c<`bJuyGzI)<#5zGJ!^QS}8J;oZ`3u(uMcHXzLbp7Db5gdH<^M&Ai zTEVUW{{wY(bkFo&)53|`#ezbO%?gE2WRcMgvoES%3D+Ht)i@KnZMSR7OzZLI#fXC;iKI+aUHB_!lQIC-?EhXz1Iva93QCX_hIylH#(3**uWKk2xR|_r zTF)Zuw>+}gSPaSQY^6Lp^^CH~ybEwGRP=8=REvDgIMLr1E#cmo+&hw$Q_sTwwS69F z2QQa|UQy$XtE;qJ-EhB|W|A*K<>h{NgaB zn~)9Evaru=9hm3jxVN@KWFn1;W-Wb$gzoPb^90^a>sg{&!tuP<{#B1VcCGS;zzK#) z4mTr`AU%Bn!+^%ph65E^u*?6$fG&1fXyx0^GFM3{1s-NnS0(}fHS8&aFWn%*z!(Z} zt`B*52*5k@;6G4@L`B{UzZ}YlbT9H@-Ujqw{jFp;K0}`KjIwDx_vj&3BYv@#)y*jWwP)xqv>ZAkaex0p-$*_&i2|MJZZ-b!M zur`{KmLFvCKVmPQY`Ck_p0NAA-e6c7+--9+b)@SDw}@_qPuyDbQ)h`p!P^$cwyUcJ zg*#%!?`OI?gDC55p}+UZ@@M34hA5>=!D^Y)TYs`N5uJBxg+uVQ6_4Rh?r5&YM}6+^ zBKvzsN#&z~Cg7h7_0Jd0^O(thg6BUE_~XOy2NC@5qs&SE-QxfG#XeT(2mkwU)T6T0 z{x{L7KS%J-mp@F*|NDWQ`~TH}oJly_(~#c%c^*0b&B=1^2ff~vr)1aZucxM7$9+WZ zhda0v=ZAY0+inVgmKB~4aIuL4UQ2qty3R6IJVEDmw2D>J9!@;Jx4+*p9$Uo=d;GYi-i3xBMsjz)RnFm5KO213X z%J>5FLEI7A$iQNKXLnhU7W+SzYXS@oYeaEy{DErJ69Y%p@m?q*K3)qNv_e7@2=MAm zI^KQ${#^_N?fL&Wsw}UkNOgN} ze?N#%%s{gQTr@-IBnS|Aao~#QA|QA6vUt) zbOU54=piF|APxk>v3J6@=1xw+#RH%}3|$@o;%#Fx2=tf@vSgFY^C;_#OTq;rGJ72Cn~{U30Sk9)3C3ul#lX$(oPL%KqM| z&qxezNVxHTWtLLrfZqP+P?ma#-R>0Y(0`i1()zRaV5dZXz9RTv7Y+3S<^LaE?)kqW zJChzkV`B4I+f41zoZ_YiJ{-Weg9V^$p@;d;PNZj5ZVwBoECwb@#TCPW-~Wgcdn>a+ z!BNfxg9J#N3hK}B2w&G1$EuV2RHzwq~r z=6eINNa{{9bgnDVJv%`;2_`#9d}cr1;8OuK9hn3HOZZF@v;jy`3h=D8tQLU93+frh z{JC0*O^UYZI=%o9!#j~DMH?M>{_52+ zK)V5sA?|hzFeq#U+{R%7QSWwg2a+YTELRC_?%*j=oV3F@8)&XDY9NZ80})vmQa~sdL8Ss3U5 zh&U%ZyT{zZB|Rv{tX3i@ME>#PAwcwiSOPp1$Xq#u{Z)uUtvK5ks57(z7Dh0&gUd!p zKwxa*XdL?$TGW7VzI37wTohn?0V@;(r4b9xU3UXXdq|5)OM&!U10n*lH ze9Wwt|C}Yf5DS>A0#p^w?)KJJW8md~6E3N&i0Mz)Zgmi;Oaov8O3(Z61&cS%0Zj}z zWMI;8h392#ijsT%%lY8aQeN)hEm#@|Jp%(e0(wDa?GS0v5rzBr(dfm+X%UR`=K(zc zByzM{_wHdMhkI*lKwze!sRIFd2$Lm3cx5o=fsPW$(m;#h9^(TGN)te2fe9{5qJYds zp5G0mFhHJQuknnKp76kWtpkgS!a{4%#}Atrdn70K4FYymRTTtlkU9MPd>PgV+%L?= zVQn+UD@qX{<|LD%4CaNP!ivztR8dJOWRUJqPe2UzNB~j5q3{R@*h4yk(xUitdY%wA zPJ`;^)l)7uwm)Y^IUaj`&+N12xVUxE;y| z7a9}b`f{+b)qqto$WcJ23#F;R12W!>jNTO;a2Xk{UIkY{VbI~x*9OH4pi;w3eE$;4 zqA|1omINNQ1?Wxzl%5>WrLf8YD@A7<2ps&DrY54-ipBr{0i{vYod$@k6MG?>=X_Nh zhep>g2f(NUpm~sPy*uv%=RwJ`9W>m46p3G<7zuKu6rh!qoek&cWMX!#@AUc0muJTZ zr7#*|4~~>d>28ROhG=)Xg;i*H>G zgA<||+w6Bw?g9rgIZ8=md7oCngO-MF`bwb?$axDA{7tlRm2-x#2Hmb*aTKg;JnPUlLpQfm zI4BS$;unALrk!svsipPqZ}gM1Khew_e=20?_tAVDA@a~i921e_O0gRgz*G6>gb&<6 z#;&2tB#X;DRXG`PQW<)xWeQf0#kk@|M3j~~Lv|3}qHSxNF* zn0c1%Wn$y!kdrNKF3DXex=19o5~OggU&Vskb69TB1yUQ9j`HfDpl+vdDGTQDtP7>L)w`Z)GghS0}&HOhwDF`mMq>X>0L% z7AiOEvTFEm2U%4= z^OZ^HmWUU?qrTyhz*M<9IK~vb;8(}NMW_@J7^R`UI%Lso$r-DV@nFccfrOMaE?tP5 zNoZ$z?*2&&Q5=t+`+XSv+_L574Ew=8x(zddFsqt&d1E&%5Tf5&&yG`n5puB9v_(qn>5&dwQg$H21a?=Pvk3pXs&-Sdm}t_-QEvW!2x zalXOW?dyK*&=kT4o2Sgl3F8J4nYs1}nX|bzO*s^O=Sjlb440A?kPYv5a|5@pMJzT7 z;_L8?bL!}2ZNc&_z~&W6 z9C1@qi_aUk_Kt7o5EfaSSsMe;pWE3nMn?k4w}(`j5f8Z!5E;O`>TYYx;Xxe-%Sx?1 zkJa@X3))6%Br8llQWWe0H~2XdNnJ5L($gcAQgkT_I@=q0ZF8WB$pBjLs@kexnR1zk z{PNzkjPn!ICbQJmYPaE0{*g=Or45qGUl{{G2tRpGed{XPMfZa<|G44dy^Aq^ak7lK zjrW^G1*!Kr?7piovueA^ba*w&1#&#LtZq9moN=DW{P2gk`xS1M*u~L^)?vGszekG+ z7bY5R#t)XB-EtI~ROHsxRlv^Er`Aq%yJE;_Q-HNghdUq>r8k~C%lOKGY z@%%D1H_%J((Wofun~(4rKYvB_?sJbm{N;J~`LlS(B;2um6*s)RuE0g>yY{_vQm<4~ zZ6@SIwzEE}zljGX83ddsKfbB<{(#S@)}VNP+mh9{i`m&`;7QQIdgWOe zRM3n~O%Gdge~(w4bX09MY`O21t!jWGqu}B3b`@LcUNyUrmg%=dO(218>bzt3&n3+t5fylXAUjBoTy1(zl;kL6ze^;(s-l@;Dz1MfC z$WPo}1G&g z^>zMQv!r~Ht&QG!uUX8K&aSSn`)#L*FO>xy935%J9W@_3k-8d|^^g^&_x>Biii(`{ zuMr8pJ-2YF6v$ct>{bqu7EM{!kVoZ5tm73KkX^W@t|Yu6da#zlo=C71LU&!2bn z$BP+nn-cqP&o2KYd$!snB<8&29k_gfBfrh_+_|&ggZ*JvKc;F-$0&r+BwxFoTKmVa zuw)CofA42T>f7da#GC8=X2{=EW4a}Hc4q3Wf6x&%W%U?$Bw23&`tWKWj11Gox83@?nDgFay1s{2`7L$DpT{Uyn6R)~MbS^V4W#=A z`VQ)Ll5#U!tKSdVjntTw(7`SK`Gr>=0X3r(E7J!i-3HgQ!xfPg;xuhjEq-fkT&KO+ zWdVJTD=Fe5mCtMhU*z3)BJh#o=If>tFjfE$fc&jq&C^2NO|*$=^!nDV=P%VCs-t`C z3f^@S*V(`1LAu%~;XL&R#JqaBhtp%Pej*Shy zf^}EG-q{>9%!cK-yAai<;fd7kEVA}!laZa5%Tu! z-29r@Z5dx|4=`2roZ5)UMAI7zZx-&&aH@C0MfFwT?i{mH5*jjXB%h%azqGg$@Q#U@*?y^G z2&7RLo^#X$s)xqd?-_zp`k#efn&tiJ_nk7fgU?NDPa!*#S`3>~|G zgK`9#Y24lwx(e&D;TcKp-$5M<3Q5=4*)ahKq-c%I_ud_=j_bplKJBFnp!v@L%6(9@UcH^od2%d)5R^<{#S=+Vfz zw0^9g6!B_rQeWOQ^>OoQHtJr;^d@%Qe~gg~<6*)lu5OmoUz*ip7Th;*5H@2o1#;o% zK4blI%A7eJk20 z;oBUJkNwX(ccFjk2?`vbG!+uxy`uh*g2%L{erxEUx$L`H5Y1GPTVj8dNqtf(S_(m? z$ZeB3yaY_2#6lhCVwa;82YE8CVQYg62*mR;GybrlkM6;K0i+i%UTd*9k0^1itv&q( z)xN{JOJmiob3Cz6)HS0+-}QCSWQNNc65xV9%$twy8PA`Geq}^pjo!K{_3eI|@^!ZR z(KauhkK4K_YpH5Ic_4M-LH3Th5|CKj{WrhC@A9UdN&_G`B-sR=A{ za&70H?Jl(Srl#s64%71zRyq7CkF+$HuhV}85{aAJXD{Cn(+d(WZCKdZF+AouIp;Dm z?tE3!zP~fP6YtpIj_$D>7y}WBDOCf6$qObvM#Y15Ysb{%Zw9T}Rc>|3(Dz6bf5|PN zeK$~A?4`{CTaSsa~vUVqpB6^qLXV(u>2mnp{W?XSgU7ZvG!^p30 z384A!;!+nUdi_mZ7{zR{0hex_^mZ2P-_bSp#hljWH7i7}wA^{9b@$QsD0ugBzR%XY zf1p1Z35hG=1?QEO-hHmf9`52&WAz{!Ug7O_4UoM}kqhum6tkA>GFxYmnsR$&H2N`D z;MwKV#b{?cfv}kkGOmNT;p#5#wkc0=U}xWM}e> zv-<8ZE0yB7Vpk`YN1DAT-H5fIQ)}9TYlIwLBbn*!6(wVE;RFREn1l zh8voP5T(HY&C74c+8BuMv$|vZOdJlxYHiz7{IJ&Y&9J5yi$#c_4{t-iOjecO6JI9j z3lygldQYdUqQx=CaMHSv$>Yh3J_-f-xeO6)orJVEEwqVaf6Sb`R8X*Varx4@qJ_{4 z2!!~Fqkjt7-;eC;J3To<`?TV`cL5hSzS8X4Ub$sU0!-LT5D9mqyCjJ6>)}b#7&)tP zF>9zIBTP8o9KOWFr$&$s3F5@6dUg)0sYO!`N9-%8{awc3-RIX7)W0DI`lYyE9fpXpN3OTy$DhYCEL+HUTS_s7DFO%7MvYo;zmC&awau zCd5@`GGQ37_)=rof!)z@=V{z%t*GSZ!_d^C&~9=0KumlB#1-RcW^T4*yxPM9(N3r; z6Go$#Xqa5n@sRwyW@Kb|xEI5u1M`LZy@{J&zIzRALZ$|GOpcBX@wV@NS4srRJxcQ9 zl)2@Rv^yK!j0#?PPQz;x`09o#o%%H^J-ls(B?F8>684>KN=XfRCU27i0^|t0G-wkG z?=gm_dw<-GWN8nI(XO(q+Xydob(!nzIXc{lU&W(I5^z)N@8?($!gH6r4m!>g97BRt z?(^XS@A>RJB5(Le73Am3fA4UnU5~oAm^^E@{`_T0!LMzvpM)#?wI`HRl<^8|k;Kc> zj^une40WiusIQJAnPzK%9}UStjF_f7*@x`=|#v(@b32$IWK01fA3 zx|x5U|4vgR72cy(%VJXb_OBo9rb+$pPzv8MThwP@i}$)yRaAs+Bf@y~s+5cVxm#|M zpPS`1s0ansl|#8$ugV=W2A?+dG_bR>5?{Os)c13U%0(5;gl?RvOv+3Brf}nb?d;re zoNm=W_(&(w@|JdbdU?cwG_cXI;UqrK8U%kso=iJgm)*TJw0ba77UIRxItA=+B`|@IWceai3sRt(xJ~#6J7J@cU*`+IT zKRptb!snAiZTsIuN2-N?H8j^A>wX=cNXHPbC2MWP#zY0gCwi*R^ zUTi+5wl%wJqVU>~!N=d@aBR@kD zY_o044If-Oz?Z|_%*narXNJSg?RfB6!mSD2qwJOLFuLBh@uJ)DWy++`Pp8j#oe9$) zWPh*rxfb@dZ@3z4ZJ_PD84%EXfecWQKUK0Bi9uU6TH|3~$w}l31O^B1@^g9b$ZoWT zcnh-vl=SImQFH;NLaAuFWe%KM2AEh-DlFgN_VQ9ewJxBP;O>~bY z@|@t{*WBN(k_YXpk01BnE~;9O)n7p9#9b35y4Ft{eP@kGcwc2)bSLKIV2cV3rT?Oa z5FO4gi=v~?9}yyY^(m4IKMNDm&+}c&=_wIF=tV>_+jNN_C95-|GCBd@e+qWbz6q@~}IbF#4LoOxnw;mxII zWc2q95Kwm~?K*_JofrZIJC4KylfGYN*-u36YOsoy>h1irfd)g7El)WgVb-WSSD}eC z_Nw}JiZbF6AD9bsF1Zf_MXu-y#{tFe?n77PZbyU@Cso&Hf#MV2gtDv(HxKKfmgFM~ zI;ngAZgp=iKzS zyUlQDX{iRo*|`GtWx~5YGI!qPYqIpoTxVkobYR5%C3762EmEO!eTGZ7-tnk!;yNY< zrb_n1QZ=?a-aasYFm3!;x3M)pH#J;h#z00kzx;Ej!GB}dvDB*l8t~huLOvI|*3K_2 zu8h{>BlT`ab1T!m6yvuwiJ+DQ<-091uEpwG?<;FAf9K^JEOj=qveMSmEAl+n8#V58n4yKjC4P;#0q1x+vAKl-+8ue;KK8Xo-d~vW-enee7(>(7c z60;;OR*Qp(j{EAqc)D{jDM7b(boZMT+e-qT*)O~ko$Js1t0Q(hZTHv43|d!9nL`r9 z9N#|0tN!kIbXe@Tg@@SoRbN|6ny4c@h>8U)Nq(k)yxarNJ6A6@P%_S(ajvgB=Vmq)87OJ`l< z7OAAHB*>RW2BGVbGc$c9KX{Pmj*FZE&$}zvo^~Jl66vFYC()m!sfoucI7|X1Y7^vW zNXKOIM7+A;^PK5@`Z5!O{qZH zoBOgvE3+|$6Q&`@ALfr*Cia5d(|GUVW8>jsMYs zk7GlU8i?HEVAF8NFK`yD$Ge>#aN{{~9_fk{|PB(pY9qxGI;eRwS9JM=ZeuY$&Eak zOc5pKJ7cmhlkCUz*;kXaLVV*hQ%gL5vD=+i$QVtZ3Qf-!zD;UCCO0BX;`#GFC`p2) zMveX1Q&}@JO{Y@#-&$H4fb4x*rYCOWE`N^LUn&QPn%OK+88$O9S)Q^MR}@qL(Z8OS z7$@r?Agzq8z62Led@=2X;gN2GyTuEVigVq6QgjSdejXexzyNzHGipzzdG{IZ-DgQ% zc{U!wxWGHts+{Wx+|JODTGxrMa`GS&>T--hA}}|dSgzpJYTuQRKk_XJ@2ZqVYL}S$ zt5@tuM_dX6m&Bvft`p{z>YU-RWm_mXOa_&1pH$Vmxq*Tj?7@v+7~Jid$&Zhkmhm zGMMlACxo=}`w7;zwb6+Tjipwp6WrAb#(VQlCr3L_^N^54btTrE`*bm_xddh1;BDFu0iriP3W??$SM7=rYJ8E$zwhs7nR!!=}JE*Rc6bM5vo z#t%NEh%(jpXMWzk@$*?;D{0J1UK8%!vHZ3bt8XEzxyCC9!^t?RMQfhz(Mf_DE6!3? zX5s#%!jW_)sz&F9xr&+4D*=a2rLQp{U*heUeD1mk(B#z=99W*Q@dYJfGoOqdoy%qt z$41a5w_~@W)bQ6vUS%lJh#2>ccqBthW#qY%dVK!j=8o1vOy?$p*IZ6$ulXwL4}B?+ zhCqt?Oz6wQE|o1Vr?gK#ubv*wLteEjzfk~ja=;kfT4ZXP z)5H(YhEaM;Fzuzy4TfcM`{lJm;cLj)%39J!XVp!Pw$`5(qwjiNyzuh&@j;set|!3M zAUj(T#TRr8&)B`pf$Kwjk#?h_Ick^sqVep?aJX~aA@1m#y)F}_g#CoGqn3OTU;=g< zl~0~hARh&Vz8Vs522&e_%QqTw}U9 z+cyM*qyug&5itL}MwXkCH(YKnQCbD#-NS^K_QsLG1P%gfLA|-{>|*e1+5kai(85rF zB66u*Nx||-$cjd}(LuK-DzeIG`0jOcz-G?@d;SV8uON{*G`{&zyMH-7^aUv~;=pxb z+7RY&Y?OCk_ro zDo$=2nmcsk=YP$sMPFZkZvRQW^S!8|;q&7iEN8o-WHa(OAskjLjc2eg<;NiVmY?n{ck+1rZY>MhGu zUe-KS)KXP#G>)t?SUTvvX3MT~)mzz@#dK#{2|#P*Rn^s+#IfEh-E!Y)J=2Va4JWa^ zIs7?>d^Ag7LmXg(A=1N#>iX!XKj}FRajuvn?oxh47T`hVbN>9OsOaEjj^2_hf|{6X zYJaEB7cCslMz5`(Qd}7j6cl9r#x{H$Gb$!?!FLkaV0MtP0g6Wo%GNg^QB?E!+PdKt zOIgddg4`VX3sfoi>-sRMCSfhF2-eh6?Jae)9(&`rMms}0j{65JC?*5xr$VZp$Y1zi zQ*gB~tG_o6b-r2>S`Y=bHg*Lgd>B@GQ&3w$PDrGW1D!X2afhVKmj(((%-0T`3E z^`2eOD&d%nA@WwPq2x0qnk1tB`~0Ya=ZaC#;vn{zn#5y@siAo6r}JhKNnW)ZL6=iF zZL+^Dtu5fl#LYPoPed-9$jL{B)ASuWxt%E>ng}JYU^VW4JU{BqW@)nobvOTI!bxR4 zUPA9CpI&QO4_U_+QTj9LuKxBRfPz{~RmM?;hNeKRtz|AATUy|`?^h2Dj~#Mlh127Lw;J$x4t$3{qJggt>wCb3IYcY)R{0R+?RZdd~zy0Pe>>bcpj{+ z2#4vc)`EYoIH$eK`r5~$iH@~BKQ#pf4lbS>9R*FVF>^8RO&X38n9CnBTjCrjemT{pP{Rk-d_GyB@iqx~64z*=0F$B`oiU0oDB?oQ9QXGQd{3bm2)ou_i= zA<-R^59kche`9|#&Z7bTXQ$6Z7(U=S61CVtEI1rIi1?X%=GMyn*@}c&b`M)^8*$q7xJ)ugZ58yiLWXm6Sj70XN(&jV)!I;$haKlQq$h{k$6(I@ATq@ zdTVlAYEIZ}_pg9=<50VA`t1|6t)}tMKOnoya^L>Ixyosbl<0d-?UGJjRBTg*-!kDp zhiKdG7w${z_n2rOs=m+^5t&prifF|ui5sm9;%x&K#TN%^($|DBBf~H+v`;D(lwUx5 zYlaQ&=;l@I&+oDb$t!lUPw=R@M->oaYPT)N#&wicr>KHzCNaK>^- zimBY5Q(k{-%5p~gxSv!yA0XIEr)4O}N!q=?_{S#BwydZmi| z{MDQ{AZ{6P{ChbjCf1^sKeC-RLYYEnuujE6UVE!D`Ex+$xPbf4kN6-H9pNGU?+MB; zm9B`qQdKoDcmu&EE8I{dWpYaDx21(ZBDf{0mmgMT?b(AhL$7SvFv5ve--|4B3Tb7Q zi`{z<1=#&nl;!1h0*9V8d9V_?^vN2a|5jF3nx8vOX1zfWsz>4Wz8~WfJ+!+CYj9sD z1$6T@;cw=+u#1*60>bm989Rt*W_nu9sPOh~E4P|s3E?$o;$&Whz~T>p?_KelAY+b` zs5Cf?Pp=)I)|0$Bmls%r&T%r_#zg7O7u%>E#wXn9;H5*4I)ZEr`9MF`;rF-g$a%Ral2IgE*DH&e{4f6*~sgMV14?1_k z4+tY8$qlx9?}dJs>$7oNLP0_w()(j##n-roi~AhCw~fujK+v%l9p;8*Xx7;#tg>O` zmX=bvRvi`6zbbxVpky(LXkV0I8_RUZ-KD2@URsvXGp2tf>pDaAGdb?dUEx6y?asXv z328HO{;UDE4@0;7o}qoo=W)Z4#R&K{J2w}%KF)fNMIru6zUvPKz32WtRT!`Uq!YfJ zZ|kp`dQ+m08yXoYA!8?IBx`}Crf%`)XMl1J>d(qDXSmYiDjWm1WQGBc?P*-nQGG75{+XA8OB$w@OfYV*Tr$C1X>GS97S zyz4WEkuysinH`hm^k>v+>8%u!J8tz%J5R`&Uk>%>)E?F=EUJmZ%|C&W?%Mj|Xh&Ra ziT&;c!e2)iFgM=S1JP`S3nDBC8hUAX6SZ;UdsG7iLi>zbustl)d=E7~LE z3kL7T9Z^ICHy?`&!qW8K^{_X)YvGvU#Vs{OO;ru~#L$Kb2}jSmKlB5y6)!hC`GI!? z3)$}Le-F7Pe?R}*k;QPM=7-{p%Xq)-T^)^fO-cM#!G7@X#l=^{p@xRvdb&B#aThxW z0=Vzb*9eoapUU=4uHe6&8qi6#CZylG-FtL4b{AbwdvUzSAs9GsJz`+G0Ng`a}el672<-pT#z6YQFk zNd*P#vvXF>LQfvIwiXnf%9c_|Qo@aKkFb!f(Dwe7sCqLI&zb}5_*YjYo0(*_y?Sc( z@`zal{iU8ElV=}-fm)$e>JoA4^dp5g54D3ntA{8uOrvVO_g(+KA7R47o@C~ zw(UMDlke4kzCLRfPfBQ99Tp&jEtT*RAARJkC5o1==P!SRL+%UG7I&YO5*|)A62IrobW3`CBLG_E>>WA_fVLPh@T zhD}}FsSw~$U$gP*aI9MPQC{$s}nUJID>==c$Q%& zK{qb=R>;K0*1QwW9ndo{`6gH8BXspdpjUx}{i&LroL%*-FD$l$_Hmt<8}|G%FkOjm z5OI|hUGOIzp{>T5><5QDw%kC(cS(>I#talsOcp{`r&1m=)=n#wEukwULwf_3&ifwq zs1^d&F7>BB$cUwx@3J^pIg@NM7sm&I%k^@g$4{~gi4vn>+LIlW(29PbOd`uBeessAAP z%y+_LGs>OlL|c`_9mi!O8xbcJy{{;3@Mn+a+H@f1V8xuzdltSlwj61B9 zYN85TYZV7%7d$py0;m^1zkCSx08iL$D_iyTaoI3v6l3izg@(prA@C-~WMZ5PXC85I zten>~&|a6+&5fHH9cq$|Hx2fB_VgL0keP|jpNhr;@P_vGJ_di-E1qB=si45NVuO^r zuXLo}Yy_5u=*FW#v#KCoX(CI`wtuH8n|d`<380}BBdkKu5 z|K6$l(9!w!%f~m7ti>0rr{(KscMCr258^a3q+b_vEvg&K?Jp<WY z1t)Y{*Ryf1LrsE$jhANb_jLZf7k2JrxBa^weI(=HV`KB%3m?>&xKmf9bp#y8^RY)K zhrBO6I+*ZS;pWslek{&lD(kwt%Zot%uM!+2l@$+`?(pcxaG4+F`u>jQNG+>;gMo~Z z^u%U%N;OA9Ss159RuuY*31#XDly&dM^# z0IK>yxNp3B-)Ihzf2rZxv()j7Q2)Bm=!4hn0 zVR|v3V3+#gu{f7g@{sToE*BT$dCJpvnFIg>AL?h~P9i$Fz=w?O&w}1ImOB*0SC0(!`da#Jwki0Z;rfMWPRq>`JPi#EBgRMowY*C zK=Fy%_=%q!ms*NGceD2^)5NC3nRvB8rwGCmM<}uCxg###vA)DSI=nZlU(Z0-aQ4*q zWNQMi&IAiQZK`)SotLH_S7M(N4jL-Sd1ZZ&c;dq?Y%pG90MQ&S+eGs{rkO#_P-+p_1xja^%K|R7Ve~L|8=)maPYIKgt;w z8!sIjug?^dQM)?y4|W-z%TrWP z!hEqc-S5PP_AokZ8&t5{&;Dn(-y-g$hXX4=fZQyRwOxU1SXA63=_WAzhf3)Gr?4A3 zM$P)x%<`6Rp{NZ;eGkgX*TFi>q?!&JpK-;35)JYjt#bu#LK6EwiEfAJ09GmHcI+)- z|F)jt9&;h$IbKu!riP>IQ1u;7izIE-7f@vhMC`}kr{Bjw(lUaeo)tae>-|DGECumX z@vmMy!KS!|OerYjxSc|FDB|fQ))mj@cDR`&E@0C5aE)HV-9-7!!0>rb_g2*pYmYDC z4~OWSGiAG-d>V#25taC(lgR=$@#hs1OX8W=X7qNigWI$ zoen9UQap7KzP1$nQprQYScusFjP7Dgm)*QIPpLn2-Z`Iff7~#D_`QU9m(A=*?!o#0 z;6{Q>A*5J{Vp1@QNNJ7+KqHIM0G#PAEFq2;A0_-HTCR)>b2l6Gi@&In)F3xVl?@2R zGVneAGB#9VriPa?55WC0WUsrew^_LSGqI1k-pu@`h)>c1_usHGyQ?I;M{?v`1SI6f zRQ4%vJBC|CGmf!wU9UUElf~@WS#&zuNo9HO`0rzV{e60OKz_n4L5<3c1hSo5V9T-8b$GS=;M2e; zlZ9BV5@fc%1BVJ`H?zXcC2)=<_yS6R-!QGB$_0#8=YX~`cSe46u2ggIi)3{TU zJcy^acT!G@VA(=4y`hmnFS_k<7FmvdpyK1F@DOH7NA0fpX;hMkYGB_Gicb z{?~@DEWciEY>gNzb1B&>|FCLimnx@S;jSs7^XXk>T_es)#psm70Kf5cDG$$G2m}za zJN1r=TC7CFLVh|fk*7Bc^7JTL1HR0G7=&p za(u^~VNO&xH}>dJowxk5C7=)V64O%?SDD@Y@gh-7OfNZEOxWGZ?L1S8+=gL@gbT>K zGm~FbHcF0(NROEx_Bz+x#K1t~2TL<}?Fs)36FgL{eg9PAOkHw#4PLzfW(fg7O%r!QOTB1(t>tC|gNl2Kt9hZpC*J4W| z2W<59hc%C*y1s5qR2(ore8|q!w$z9Nme|R0()6*wXIWb!**dF$XFek&JgzuHA9;QH zS?OsFa`rIb*zebTXY9hxFh3tnU3;J1XjC3H_dp0(BnXa;wzs!MG0VSrak4cdfqV)J zqkTryri~y%LYA&>6UfhZM?2A+x3^fQPaF=2Sy4~V^l9#RjiUpH7Z>5{`F`S9nRv5ahP4~VpNJgJ3Y#1rKpa3Cl)C+eLMdFE|uW4 z)$H$Up>vH=kyCWRFqs*AKl=WBVj@h-?i<8#&-|a1z}u2^^168wMQ74=(l~dHIgbf9~bl5^PWH0*w>1O zYbF{7qo&@QpuYd}b&P?d!q_6;ol{Y<{%D7piTMLIiOpc`c}`+Za&ld`QEDq_Xm|HW zSbh$~ZcNt@0}tH{my-4w$OS?0oAxCw4IhEOM=Mr$wmg&5PK=CHmXzG8`xS7!gPrn? z);u!{W%5&emb9?yPG3gFbP1lf^SgPpFDEVGGHRcG)UZAF(D$D|mHr`WIQR~8PlWcm zoo|Hp1a(Nu?N1mN z?p_LXX&ZhmVcFW)G99duaofi&r7Pk@Oq7`_8@x0~6cXFP#=#pI!KmI#RV9;%6oSTHn%ugW4UTf=EY%iCf-$ty)@hCZwQKzLYtCzHXC4EXpFG8{(1$p`3&=1XO+0x$K+LMAKZA&fiCsZn zr&}8N->{LVwB11|97L~zF+4vAQOOEA%2c*KV6?Qo;##?aT~yeF z6H2rKx~y1jjpIAawqtq6A@6TB=7tfevj>>pV=i75Gj_|(Z19Pv=Ti@!LGx65Vy1Il zIj1|>%&%}W1bI0WqI*SeNDnnMpAh40&uwLvcqZQE;A13nEWh%_>=H+z7*=al!n#FM z5T$128&xl|p1Ncj(68c^L|UGn0_=G@AE<4i#R3ZkHtsZ~GfanKE-ser>?cx@nOqzN zKp=olImCYFC@>GQl7BqS}o+KCUCdcC^?oqwo9- z`Dum8Wkf=rDd7qeg2qeVzkjxeL5|Wscc81!yvA14z*xX}6KKZ+zxu-6iI}mx{-HIw zk2T|>5*3?~@%i(#5Mu@q=A0|vzy-Lkt-1Z~P!bXOV} zzo_epQP;KO)a}Ehhyoxx?xD1D7O9}~8<07P=uG|y{eJBl^lHUv%qNP?LGO-iE_Qw8 z03qIbB1uFE2y5RKnJURevlm%v{{RI1bmC}Bc$&*>SiH^fRx~M>D^G!MU+z@Bi>w^1 zJBtcUBl%uy<1)0#($mY2n4ftjYKhRjZIhm)`X_nj_Cn9ZtF?|AW>QcNBfncZEacbM zW_Dm~u3enYENsYWpD*n!l%c<=;LI;Zp`n!WodJEaatWiO25%D|P?G2iVIVE^m z-!42+8X7>^!Nkm@ksz3nl@;h8B;>q$c=G80`BP%4jr?wHNA(;X6+k|H{`|VW-ZK9j zH2g?f_74=~ec2s~FSYG8-rfygG4Ny)d3$u&uKT@N{Y}t!m9XD@aI>*9SScYQLdd}P zv#00n5SGw{gbuSuyEC4Vk&!)}?AitPt@AQ!YHIUFMqtoqyNgr4b#hfqlc2&?^jLaaow!Q zr5Zd@2=K%4$M7uNBo(gr|K=pS_&nn6QOcT zRro^~sS}M+)!i^VpQTP36SFhVnwIs$`fw+7*$0a_J^cq*l3GpG`79ImEwslrl~*#;vu@Lppi7^&fgJzOuf`MfUM~zxoD!zarAen8xxp zM(?*H8giSRk}UOAgD)YgRw-A4p|QtZM*fqAJpDjpLn9;Ji5lUF-MzyE4+>geUP(-CJ&&gOd9Ot`nCQNvyU{OgzhAm9y-Ob)Q3d(8t4 zQQ__l8WHJH#(cl_V}3k$_qXZ;mZMM^iN41`RMzvN_>DWK2{ToOs@Y?z8 zuE96`pPRTBcGtluf%8lMoKm=NzVKV@3qJfjj>lEoa5x)+KsbkT4Svhn?Ny1RS3<)>xd z{0GbZPX*aRHk%bz5Fs2fGn@U7=d%AXe_6VX7BV^eLnrSUNJRs_%Q@PPPoJ1qVA!wB z8Ln)U^YGs7Pd%o}R!7qwH{~+Ez9xa5UXLLxoPPvQ;$C1TdY$oSnJtmyXe`_fo~4=< z)7re)WmQNDw2u9lMKsM}GFPV!EkZ#S*`SU;Z)A+Dem6IFMG}&b6EeI~qu>EB6{188 z^K6L&j!BHHU~_WAI>Ww5tOaq#+V-ky!@&kiXTpyk=>&6QLSA0`n(q$3Xa9&!2+8Yg zNw0-S+$H4p?b~@6` z60&JkU%ir-{}WSW>QeXPoBZ8aZu9M}eO#vti#h*rab2%Ai(x4UQHBN7<0{Uc`3}_KK}{`grtbQwH0M$;z&@ZgHyg^sf+7X z96S4JpaA}CJZYT2-&PFoSQ*%?IDiF<<(YC8dy1kIeJD7W931zp9BhnJp`!^!=K8rmu39-+U0qY8wR%{1>i@*byLzv87T* zu9HnP=PLBhSa=TWPY%EjW35NRx1S_4D|5WYg?O`n0t)nEzJkz>O>(vs1#{mV z?ukFtkAiu4m^AZg@A4c@1VoauzED#u)?et*_0VhZJ~>zik}BPO8el&DxSInmGoq{K zn9ry9rJe zTusXM8Ou2kyB^+VteB_jx4bFZ^&`5W@Li#!qu819v9C9_ldARQ5~=QV7pXkPA4iqr zh2C=}&!n3;&Axjt`}VSEL&M?_>#K`p;~#nDB|W!Na!)637IE6YotVarA-nElic^UG z%&%h%Zt&cZUg=f3R{H1vSV|}1 zFa{$li_uCyE-BT=h7coIFY)oVmTVl4^<4T*@brPm0gOz%hlAW|btfofu_bS2XdkA1 zYvx*AMn7{h8O02^IPdG!J4&0G-^Vz9FX*8meX>o8|KGe%PtUt^ive~ExS0{amU?F#_i<$2i zWR7#YLj?e@?(ggw-eNZ@IA=)`Wx-tI4g!)RS8?&z#vlq#`^>;Ba~T=t0y|adp6ZP@ z2&n>p|FPW}%p{h~ndetNU@w{$wdkC6sW(VzX{}G^9|wO*&fnG&7|m=QiO3aUMSe3g zrH22>r(bI7F?ld;8%g%sD=F{V*^I~hjmU8Q4GHFYhOo{z5u27ojKdnX&CGYvJ;^Lk zGWHkW-v`h{jN*?|m;_(`omQ^mGd>|saS$x|| zA8OSINN*@C0!H9-%I{|7dcUr{c!882Zq!7wXb1TR(T6r)vfmPG^Yl-+Y&muc7CQ1e zCO?IS_QbQ@xqY|P8vVnkPx8X5L%oHCjg0xK9;lg3;TCK({9aR;{0HlRop@|eN+BjP zMCi!Nf!>CuCVp~3e@hC?B%)i%4-GD=&&arXh2KV$DCd0sd^|D$(hsewL)c@Pb*ZTj zcTR3zVJ80UE)anxR%m35Pln3#y@d~YR^GxXDznP3&T zc3rPI$rE0kbnJiw&c*ct+`&QUH6cIaD;$a~#`J9e&~tM~I+oe5k-jg=yPQ1B?a>f^ zO+OvnzyE@m{kw87lj-_Xnli#8=W66xw+|N1*$IO8siA13(wb1ZaJo$e4Hs21$? zTdK%0+0QQK5qq?##_byIO)0(Jj>y@%@*Sc--1eE)=3?wj)eEwSEi70^M@b`3;N#*# zr^g!<=vc(88l{eJ?an}ovbeO;qb1~YJV6}i($R5ne!+;G`J44mOd1Ak#3`3|tf4ED zi=`3jaU*B^q3RkDTZ!a51u^Gk?T1NTLFVkkbBDM2QiO)GDl0$N5X-q+-$O8Wr^y+Hm6n#-*xGFH@+b1x#k8-Dzp;U) z@}>D;O%5yK{r)}I?@4fxdueC42T2m-LA@T4)i!I_K0Sr=b>uCQv*V+H$LLL>v8Zs~ zlaZ3Du%BskEw6ndmneAB8NuvcUHx;hF|z&mf{zBPzOg^z7kit<)>04KX1YY$hgLZz z;um`4SRHZ}d^azNS6~`a;h+w#B=~f5hK6A1Kzw5s6%noxfei7L?P8GbLYl)pI=bk% zII*w?u0M53$VXMh#Aui~1KWMT?S=kQf zn!aVudBc>Hw)?L{$@cNv*YI|6F0(x-MoREV*u_Oe5X8jmJt%q&zZv8A?9P15<5_B7 zuD?X+^jFcp%+y?afF*Kq*e$MN95MV`klr~~cJ!*$;YI>I%N-Z*IBbHKq$~_)cbH@C zoJO|K@paivr%&&-FvL|k58qR!y6174&0z1=D`_xCEE#Z>!N>sBGt(P0OW^*}LMovH zob|u4`Qxt4n`YYHZh3{(>WgJON1T_&Tk+-T6AhkAH-uwJ-(0QIc;H_CrC(x5ZFU$E zdCEG**E?&DMRPc)tC$Vt)5TeQ8l}3rb>|5-!#nHx4|pd8iI;UFsN$KlEd)BP#((sD zPx=7r#?NaEWEXc5s&j#B3&%H1EPwxV?%wAw-}FMX%H`!qhT;wl$@F)>d(v6Z-q9Qq z5+eEZDS`~S=Lb^ZcFjkbvoZ3kgRFy%jo@5BF!}tGhhesA3H_ZJPEA`pq9vp3}sUhq+&`6P$9z+T3c9^m7Z8`js8bceP|P z$3@0S3KQ!oCe|uP*VpjG(R^{)Cvje4=*az32L>5+#~i=$)-O4Q+l@6kR(R*d9>2&X zbx|aB-<~nfmtuI-_k)3AZwPx0@vkyA%$A1gwhnAYqrB;7p*LZle!#(jb#Wn42*z+W ztr6|)-QDnj#CUsaYhAd=^C~N97A}jqmhh4DqwnBw1WKwl%ILl`Fn(E`sE|{7@iF-pG;k{f;(T~WL@}?V#z!?@!*WMj!0cRFv5}Yi37_SzKg?1Ot^z3Yy@+V>IY4O&W z_0uC;O6H zPKA||%LWQ%3W>gmMD<2!WHYmH@h8V+9Z{lzVEJ0@W*Gs|UwTJO$R^Lx#O3Ls~K`&2JJDGjnPg>E-LC1_kBivH6I>S{L-u-#^GdSvylb2*qt?9%o!j07Nxl zmlt_1@O$dZn&^lZhH`A|!rWQ4{n>EXJvH&NiCFH1j=1n;#_*`H(i6F-2g7|U9S7^% zJ6QNQHb>jxuy6^x@8Tnsm0FtBHbqrW!ydusj0`U-`jtHfrRt^6t;L zhfbMsa7KoyjLe?k!U-Y0v`MYx#-Y$hfYYV!{B2!!r<0lmtiP7m&TB~A6W$RpvG}yf zu}~~w)oF3P_jAXiJ2{kX3=N06UMWX)!s9Y#?L_*NV@BC6e`yMBs8nyo3eGuHJTTZT_35r3VB1 zN}>w2TX8cGq;=lXA4)iVNzV5!uhNP$Fi}E(xO}+*PwYE?So2i-8cuC=*)OB^CWVme zmX_t>8O)1c_#BUjh=>Mqw1MzlI9N1t5XfpT3{P9bLH#4xy35>@2ZnKfyH4>fS+U%5 z34DHQf7sm5+Z=Z{sTmlWV!7Re7Rd8N)$UQV;Hqtnn!)I~dfC`m7B8=Ty7KoY)5=~p z21AqYfy4S}mFN8Wa179i8zD)6)-|wa3WjyWFy%*HBzo&Na_+ zSMHnUc-%7?wzobuGS}Sm)(d@lNIXsdZ};$z$7aO8KE7wnr>CbK4jaGmB81(y!(vBT zlc%Q@zCMZ0QtOL8AlZnk7##w(I74tEru#(@CiFG=MBI>aP$i5cSESD~OdUNQbUG&j z>y7|Ec2=*XVwwIw(L!!#<#vz4!k~iC)0^qwP4J-FretNida zvkB>_|9&()jF#roD(;0g8g#DCkM~v*3U<~i9H37)*-6p6F6h#qqs}^}e4mG?tZsi+d6Mw0pW@TlSla!nzo+KtFY;A8Z5HvU#9#Jx#THrb z-@8`}y<89u{B5*){F083Mkc41Tddao=UNXoMjU#YmsWY3%+*WO)+X?f5{rpc<}az~ zufa1G1ZLmm5(HLta=vD?I`?1uv`yq$h?xd)N z1xvjJAqkO^sw%tXzDhYw!`?blX!3JeEhLt`i=K6ra)YE?u; z0VpIBK~}TB`|4VX2sv#ZT+ zbu*uia9gtGK!20=x?eE|42DFo_hx>$tEuxPq>JXuNxhH)L&2-}BUd~hV-Z)w>j(Kd z&Q0l>=={vQ-tY-7@q27VSv1K>hS^BooqKG4()8d**9nY-*Q{!1L?Hb=l#&Vxu6)hozAwl*UROS$ve zeS}H9Jk0&=41*lVlAWBLul$5yzu34Uy(1gMN?=1pL&J6N7za^#r6<;=R%CM%8KmUf z-C4*vJ#`&zJn{j(rte``7awW|lI*Z)u3Byum8n4ULbSd=_ zgSls5Be3;`8!IF;Z*&l7=!sKTLUeVth1@Ew&IQgW%*8Y`UOFB+Ni=;-6n0n}Z_nI@ zVdi{%44WYsl@qgQ^(GqMrK5YLZ;pdN58v>(IVMLdP}}BmDek>GHxE?EZ~x5rYJq7w z%57F|JjBL!2f6e(cYk}?%DBz0{;G_E$*8%d<%(xciJX|mXvv>WYkKuFj33)38Y(?&q89yRu`9 zlW%-0TOE2s>grM%AKW93Vv5Fvgsxw|4$Tf_R_(^nck-cs=?ZITpwFsOqBq4acoInA zGC#@-UXpU;!q6#+%DhagNn&YP*<(baT4~Fsl#PfGUtfR3Gc64hIX&LX;EZi;=|D&9 zWMtGHzIe6xM|k8I4Pj?zH@7qSi!6_o23Bce0tMM{!Cf`pGyZDJ-vN>xm|`*<_%&(;v1`9)6<>jo}bCI0%rpGIocMNnCMY7 z^cu0M_5h^)wj1xCsvfM4i;75 zlt{fi-))|OmPo7H$)@=2URqqUE1>0K(8|%yQp?j@A1w=7=;Tf~VdOBK^gO3Yrh#l~ z^YB_~#yejDn(w>2aI8GfstV0Dl4!U}F5bez!Z&DWPT*!J*?bSwmF)xX3<6&?$?=@8 z95QmWnoNlyhfo4z6-&{YVw3T$`n1|g_XC}#;~pJv^ge?@Z~Uj>$5Gj~yUGifHa zgO(yj5gKqa(9kp3U0GoL7l|u0YO>(t1wY0twW5}Z0b&GV=r6%M{;}%N$XMgoub1c6 z71Y$6`?tsy+>cj>Jc`Y>cJ_RXj5>te_CI=g=~=v9WKeuL*=vYdPF<$NW>f*$gaxS7Dx@|O-65gvif^EHwUw>Q)O@3r z9Ed{UL3(4{*1mdSbu`~x&~^84>T46=@$Uo>uq9>J$lp;v%f6Ol>WzQ$-?cy<>j6Ij z>)4ofc|}1D3(T@!l8;==+@ta_`_FBnJZB%g^))7$piIeEG0l(YF9$ovKr&?&mBobx zhr`W~(|4|yu5B*+Dom>R{~%ByIjjy^)A)Q+b&4gtfj?UKYG!wd4^EbxeSHAc1_cIk za&p|6Po-tx)=Gh9Fm~%(i@3Yq&R6c)u~_Inch@ja2G_XXBvuC@3!k3PoRVmawZ!mm zKYzVd46gB{l?DW!>y0dN!X8u8DWz1_@WNb5{mAAymzwJw_crJ3R518;{dSQA89M^^v>xvvjI*+jyw6G@oG` zA5jD}AJ#p@J6@0HAIP3K1p75Syp5o>5n!q)N5@?GnQsVQ`kLhyW6ntFo26+83!xHl z{Fw|LSFC_i0S^{>h!QbgnA=NFFMkG>`mTNHbBs#(Som*^h_-&v6E6zMKR?{6KiM+{8v-;eqQjG;reBTlavHL-K`Lf{ zzPycO(KEG#FF_H}h99tnG>mDp1-(^ZOEIL^GZHoDn8GdVe! z=XL^#Fm?5HN;z6GH=wK0RX--k!o|hI;|Q$|rfUixrj}*U5t?IcB;4mEGI{-WQT0sM z!ChO90tow<{q~LM%~SU1O334#`~pb>8w^2I8+{qX^_t0wHa~}tcfJQFB??pI7K3QD z?nN6eqzUZeEZoDP;CsC~n9|sI%k2r~9{J@iMBRIxRjayC*nn(*Ew(lEy9f<*o2SYG zurA{*y6|U&I1)I0gWI3cr)NC=B~IAmzYXdY4~EqGy1E3PgYu=fm(L z6S*!eqe`>hGzFGy);NptI9~nK=4+u{`i(HA`FI8iTQyD(l6%%h2twzYGD9WmDoEE3q!M;-{``xSH0Js9&*D?jJ>Mxh6RCvs z8h{7Z6hu;=jBodGD#OX|Drd!bp~qf9o0Iy`)*{%1q~{1bKrzU?_{k_W6*9vDBAL2+ zqZ(>!;hnc9;xBgUp+`gW;kBJ#UTP;{H~5_zNVdfUpo1RDrHnj@>regPuawEEkF1#N zNjqz0ba^t$EBB|;gJmo%26J`cu*%KJ8R+j1MNoq{+GC&PWm4#t&-w=XQP46p!7TZ8 z;kz(9D=+^NQhsTlnUsBMa3pAJ^h}j;7^CKS{y9{!F}Sk>N(?}Bq83dI!?$>O_gHJ( z&eGF*tun*MPfvx$$H5dH!M}x{YtxtR?fnn(DKhe4Yd^I}#cN+zWxQ0(+45{6TeX6o ziz}jf6Z%_`tlI8p%YB{NH7dl(`|AS#sFg-19VpRZw+^j3?g|%b{L;|Wq?e5wbd2=%K}EeH-QEU?I4B5s4JhYm#6NVp9-!ZF8O@T`RQI2R zme;IhThbrw+ojB$dm)gn4?<5Y$MVB3)k@F`-x$Br@KCr$=hdsfFmq@uD$?D3fkRpM zAZ!%szhjTFd9&-HBFJ4_KYy0CxN)p)Uah97Iac3OKhdczWqK_@tQUumvI+zHd-j z0B!>_7#=Ve_QF5w<>^C}SZD_k0Z?#(Ex_g7{!h$TQPr*B#5SYH6^6N54nYayWd#fU zS(+ey!BEp(4W@#)avHciauQ?9|vr!+xfirJ-kRPnke3MxBCLAg95IMLCaIwgKfyqvu5 zJh@l@MMhrRE+riibh5wi47HG_Jbx%SV~PSOZES1~JEvy3*(+C90k@+9V>ySl;gC=G zcu0l)TB+><3p4@jj@wA=IQRPIGk&~W{wfj7-p%pt_}P?d>OcmuoTRm+s#A1f;jWgH zl-dyh#+h0B8^yT@vT}BEv2t~43KE^mocGdweSf2@psp%ozPUp!;J)3kKUoVX9rO(> z&Wr=HvM3N9KE4EghoDGcR=Mo{4ngJO`f=|b>Kr<7Dx7*!WpIwk z+~~M4a92mm2oW<}a>uQ@qAYt@T@5bI-5~n&^vabKx?eDkkKgZXn(bR{S7htnd6P@k z)UKXObe3p4yO_}BgDQz2o`|Hl=*y=`*{RjGP5a=rEJ+JawLDJ8Zy>F~YmO}QT{+d? z0*v^Hs}Uhp-);{aH~G9QgP+?@2YhH-mlCjhz?wumyk^{3a;4vNZK8$>admSwp?mZJ zhmo1N%AvCi;vp#4*Ac7EqjA9a{mR-}MwAp3LTUvbL99uYYJrS$^yhnFpQn>Iec=!0 z@h{Sk|BS^ynKJ3l9wX{kQo1;Iq2^}*{wE`t>WLrmN=U?_VpLXDflaF=@0iky94cjp zjcPX-c|)bTk7O;@e+3Yy$|W`$`RrzElr;U`Hapj8FjoF)A7Ah0jS>6sEm_v1CvYj@TE;+5o~Uz7%`Lrk z8;bngG~dL;iTbrUGT{rj<{GD&$k<4!HnnmCzpTK(fQ*c;Zn}*2HlRsEqRzUoqlmh) zjAEbF`RP5iP`N|_r@>k+31wpBBN6kPT>jaG4P&$XD+u}On#u-J{|p%E4uj+8KrLuh z&O|)*C4zKvo(RI2pL)j8BY{UbJ3n7un$LOKF>JT8F>Y^TYlr3ud%xWZ_n*!{Y^;pT zOw6OruKiCG1t@a|s;c1FYinz#`26{(vEkm{h;neG1y_GRyk9^ozlMnkcmu@^@{h*f zIqE;)gQ<**!V5(-&&^F=*cW|&`|go(cN>A*_nohgDOtzrYTS1Ax794nq-jEYRT~QA z|8Mqu;myF0L{rD2;AtiRj0LqgSO79g?@O_B>n`w3I_mN3Ixoa4z`?c65jMt<`(l% zaCUBl94W0zD`5Q#T2KGOg;|H&+}5F4LGzX7WS1bu*u-&gTxc`v0^*(gR2d^+Lu}d! z0xdK6XCR*8^z^$cl)_H=rKP`ndI%A8T=J(kveojgBdfvW%^l4h9nHm-_wCzquiL)h zKzQC9S}EDvE7=#vd!e4)x4CvL3iDk#_c2+AcWJ4^+qcm7+PAki%XV+5b>Ez(V-xd~cYaAN}k zKQ0c?eP(6)53@euE-gFH^PcAnP&iiW&8@1IXF7Q5(ut!>I6Id|6c;zQgrj?`FA<2D zzx#bn)xyl|OHSwfeLqP*>!@9#QkpuoY$h<=N>C|Kk;FcVvAT&{pmFk5U83oW#R=ac_oA_hK*?!1JymSadEmS9Dn0?;Ak zQ%Hhn?`HG4N=GCiC7w3YAbku{l z?iT+G@oIaWmX`Jd-&60`=sIG7V$cSW}Xc;i2Vi~5dyOVXEJ^H||LLWykej{0nmrKdbGUUtnNtiB9bwf;+`#Cos}JfA+PR=1ak8XET|+{ogB|IgtSJyCdv#wwe@WkfjgrD|i2+_3&@L@4eX4B9RnLIWPBv^E>GK$1{hA;^vJ!Bv z;f@zIy>pLF11o0^@H=Dy<$*=*Iexf++cuAo(74Tnkbr1Bk&rh&wf8V_NbT17Bj4Zw zM$obW$_3yd&6Bp&j~_om_M24eQwBPEQLy5JOqi6DXLNMmAvEK5Z@=27n_`o5b7O_> zs0h!P4b8L5>FzNxzIFe8!>z5Pq(t>xVR5D3xk>d}r2?fry^M=~&3f>Eczf%(D%Y-EbP5U*`HD z!Ct~%fh_+Us7hCDQi7V=nY+T(d2eM@{|bV>ZQ_yLjBmZ!4ccX79p-dP6x4~-M*`W8 zb-W(N3MY{CPAF5T&&|vcal3sV?GCwLX}um)_-^OWT3_Vema(~cj3?^FLHY#(ASiv% zTTwT`3Jgj)w&lM3$m8$7R=r|WrngY`bI{be#%tDH&iPhn3+CJL8Ge?3^a&>6ciD-I z1oLTBkDkz%-eO7Y`_rYI>_`G?#J^*ssxEjQz9a#RX*czIdwNLnOZaun+x6liaW3*1 zi$ZRIVMwXNgSBU|h3^Uj!`Kif&Wq$1{d1n*?@&)GYav$5_jP2t3G)$ z*8Pk30h8fSE4~8>rhsn|U&d2}G|tf-#M1M~pPi;?M33%57~AkAFbAV$4nzqOYd?sJ zz18ovmH-wid2XZ1!otbT{{Fy70NBs*_+TPR_-Z26?$kYGy$ehc0}RT3k3FyEwJ-P5 z0sxRp4E>w#??r>R4TOWM7=vBRk3dZTuR!&VeWz9J@}5q zKYyZ*k9Zkh&x7HV?DrGcegGCbIyi8c4=qe+*1Vd2icl=INX&>{`tEh(!WXhT-Ovzd z)w(ic#ZZ*S#jQhh9|^BhPh(?AM!C^SBokFj1czdlrHjA3fKXC}79!xQ{W=8TtaPQZ z2{p=Ix;u^26N+F;EF=+XD0zY)U<<#6hl+p=pFR@8n$vjyd4U{?&q5co7L(|ZI_8Y~ zZei={>NZNn@0_!2c~+l|SkDu6voJ%(9%my2=>c@7H*0FVoe~J5<=})zhciF1lkNdJ zd;fmgaKbZkGs%E>z}rBGqo!a_<#(BcL_Jk9fn2K_j%Tr*-JISWIr(>{Jf=QW^ty9j z^IWs(W{7L6v0diJZU|0&|C5ZApX8CItn~Z!#l|Lb^kukk%fN-Ztzz18sqATuFai-m&)5=|6q)HO6}?9HpiB63Eo%Ii(^ z@8Iqc#kwF6Z1ua0nE?pIBWI4z{Q*viLb~H7Utb{LW-FG#kj&-47xShwUMKAyputN^ z@(K#0R^?UN$97t_c9I;XDy`-6v{k#?As@o~y89uA6$Nq4a?}3F6T~N8Q)N*j8pKWf zq?x%Ra{7z8T+A;nrjd8jEolrxotuPcjyCyMj4>lP(N>*+5X7%(nw^sZzu|;hY8T!Jyws1U!pIm-v#>xQl`w#qWJjqW9VaI zVm{zk3Si4KvE z0f|^^nQx4n-?^4;C-Lu;U;8`8APixZFQ-bA9gUsPZ#? zpQ-_%FFa5ALtM9z)W5jlntc@r&Cww?*W)`G0SG6OmjjOXm!E~gSq{C0H-A2dc5JIvil5jf zXxoWCrD067I9gExH9=(|CW~OG_sV$5__xW2n;-uo51(AjrT!rgBbt8w`WzrX9njDdkKDam1B5#wdfsd%Ibzn;Vt?$}Jt`c6{# z>PDId#J_%hMuvI}z&%(c0C>$k6{M@4VSAgR=Q6_%POwt&eXaUTK|Z3Y))D4dR7)O0Yk;ab1&P2Gz zDji!O(-e}-rzY1D)6)lM#^z40$%aQnunaru4JT1wK&;VypWaWlJ){%L%CnAMI6VqG z9ItOmv&XC=r{MLBOtHmam*U{Y6EJ>TiE#;m6Shf2bQ>yfTRFCI4&Wr4hc*T-cR#y| zcp2K*iHqzpc2cF^8qMa?lNORHNr+EBR8%#o;bpl0GiyDn_oW=#e0xc5Arav2uTY(n zEZ_wCKyFWWcTr)HgnSNbBsU)SJ!qZ(LKT30f^u{O>A5#=9B(a7L)wp_xyFBK0TCTi z^5IIe#}^UvyN-^IVWGDfRV&l@+oeTCyBdZF5I~;=N)e#l1T{`27qPs*gEOI|vrTCT zmxzH3V)Vgb78PO^=JN8(>#8XQ>hrnk3cxVZZVWO#olj^_OfdA~$C`TfE)8Q5os@6o znF|u&rn9T7$cXKm^Sc|}(QzRZ6tW2gG{aKtwA?YfTj0cSrt8^p;)hMGs;Z{Hv=l_d zCMuy8Cya~)S6JV|^G&Hnh)vhg162*J_B*nzw_D1$-)rjI^u`$?vcZc(18VwDX z5#&z8^y67DF|Uq(e}0vz$6)c9c~mRipc`6E7t09TZE2>R`yAd?0Sh=?%)1W;3)jBQ zEt+k5)$Z+vK~!WdSTgtc%0N^TZ~`2U9cuPA6Q%FV7E)mlJ$fwu63oV!xKrJr3?QDK zo`#o@!0V1~<4E$$_GAWDCUPk$Da4&e7I$TU=7oarK__i%Zi8pBwZ$imD}pjtZ4pN? zlmCDVfqYMVmt`Ekza=b*)mvDI<*|#sKVGHZzMq>5UF-Uw=_PRH7Wc`px3mpBwq{&C zni4iKAwmFC7V%iZ7L6L!=QL3;92Yn1oY_b5$3>x8bmPK5Bd@9F4?T*I!!#!+{gv7^ zJslghsPTZQkvo@lwKVkfy>URzn*7rrLWm=yqP%>3x+7}-bHXnjvtK#Wf9LJCIUT-v zbMnL!g(+q@AOaf3FF=m@8rlQ>oZ;;2Cr>Kq>D0^1E_uXM90S`9>6~YM^V?_CVs=zi zG=e&4sJ`BHpQ^i-1fkdeq6vGMtc|hPny75d|MUl1+El*#Iv@0kkPm$0#*K@8?p6`0 zURBGFAEW=3-Wy|EuHr(LyFPlnkNA|4!lmmk50|>8^aiwBqGF<{QZXq>SxAWWa~<<{ zBy3B2*(wPjip9jn#v?{U&8Y;P`proW3TzEW{Jb>oN+5Xa^_zVCegdFxg^7M>! z*gHAIMDt81a(`dvDHMEsKzcah%s{sL>e!zB|0{2}Js#6KDy$?McI4!S z7IAU;)}Br#cJ>r$U_sS?kO3l(%uWE?)t9z4GLINEs`Isv_ZovqkUS##Gg}mL^3~7& zMGSsua-G)LI6$pJDvk@1AFQ|g=%*Ud5VweK!z>#YVyqDx8yh24#tIu1np%DTofj+? zdR*mbz1FG(OF1lc73Y`V#8i}^JsifZ0+I8^-jt=4)zs{4mCYtrK-?=u-yw{GG225h zx8QY#QJ%3;#yaPC!oycc$Eg+dcu2=%K5ywb*yGbus2CV9Z{2|+;S%EP^(9#}4->NTVI^nIH@2!Fp3?LbO?Cgk#PCaR> z!^LRC%tF%A?@MiSGBZOIUcBM|Mo0csoL@qdDdJ2QU|G0N1-&sKryB_YcJKh-)ON4{ zpx}I>+4MPt4i^GQ9d;(ZEwbnnjL@>YljSJA7o|2)xCj(1v%yLcF|mLUPYPImgQ_pZ zN9^@I>%EG|5FkZNq@TYsc)B08ds?*2%Fh=MICWRzcFM+{o=I(W!r$5}9J^|m}pp3kU4S8-f{MNl>PB@G(~Bgg&wKw|k^cn?EMUec`X zSBzxDSM^uL3<1ZcT1n+8RFs^9lM9_C=Hpu9206gnuD$S4GUA6OUmBy4T-I|?<74y{ z7G`KI#SQ|<^t|cl=yEh_+Un~K^NdT@3CAUi%!P%$0PFqXjSl(oyW5!Dk(?fn8oK@$FjI+fD6OCXKH%bs(nO50)Yn}r ztMr$b+M+o_M3cQ;PM+Vk0=nrZ7$gVyI5+YSN6AGdBrrnEx0F14QIux~0D`9jA1H7u z=zVVnorZ_+Sc7qKqTP$%V&RI@C2$r0qy0k*x+UOC%0_h@)+Q>H;V>)W9L(ABywx zQ7-IF>-3(09oIb1gX*EDR@!g z9&10gr(w}=Rje_~PD*;AD=e(@vInpV5XEnpz<8x#;?4y-)$;=H`VAhfY&-2X1AJtH z3Ks+K?^$W^#?-9Xv0!oG%^+Js_TOJw^c2Xg>;m?3^77vEcmP;+>pd`+ev=I>M&7?p z)H7ghUvSm|=K5HXxV1@WFxgJ61-g_o5y=8BTCG6|G%q`T5LXyjXG}m|Z6c6Q!JM>+5A>VIgF-&{R?y9NZ4V0QyYT^-U2DdEJwW zS_BmFfg&LV*7=tn3#jtkzxyd8LsZSWD?*BNvYq;F-pT(U81T(zR4(lp>3JzH&(6lS z+Z9F&u29Cg`U(*q;ql^hBLFzpcQMJq z$nRtFY&@`}fR9B_XBYDP9w_xCr5{_2k5$2C0GWlpLH^g#ua`gB52K^xEZgMQo8_fZ zP;g&U)gVnM9Zl z$>N>85XsVnmG>{^r*Nre8+(D>hQ_O|yz$vv#g{I*;ipzupUuZLOFztYJ;*FB{Fp2j z{%C+0EF!^RWM^k9Kd)HbL`SGq`BnZ2Boo6NuwZWCS3I|ZjC$TrxvO4YS8^EDU);Y9 zwiLVlS=D?|;&!&KGKz{F4qtozgT|_4zOtUIN9`{yg4$mLHH+6xxw(u9eCm(f)nB}L zb043_;1(j*o(B&fcWarMqfgr{ z)d$8tW_zc^zX6gp-<#+NgZJNF=@d3iC#xKkn2)Ke!}h)?i1Kd|f+Q*hGVlIdw^u+7 zfs02h@s9Hf0&8lDUrUSp$M?%ujyo{EJrQqD;Ao#OvbPa>8HsBF(kUNva?sa%x)cQVuv;ck5{KX;yw^?Lf`_r^nL*fMGbY7TpqN*bmxGM747*rgVXz(L3zZe(agwpH z9A;65Z}fulHN=Z0RXX{_w{c%6Hn+B-b5yS(%+^Q>zk|IQvd6Szdrv#KZR5+_UIj4upq_ee9jJfz1$VP!;g-@?O%M zsC_MzSeA~DAmVa)M9a-h%RSuo?X??DD-r})eX1#w@C|UryK|p{-gNwa;JebaFlzBq z%N9fLpthgdjeh^rMJ(+Y6goa>v3xI3N%W9bLWBfhpj7Sf;%2)2Co;3?v&bajG8)D=(F) z4n93WW>l*@I6W@$&E0@8|BY+cuxWww%cx;Sbo}>Y3Z6Gb#-0legDE&<}auz+`tnZ?m?x=U~p@zs$gp zgWT7b!0&qV^kfk%G{7Y0heWqJ{HmCkD4?9)qo!mse*8aBLSs@r>)rAVM6{=MzkT~A z)cpW#?jLEazRl#oM`ZXfp$4SUeL+G*AiBqCSr_inNj{ktG|pw zPc1Yw30M%5Hd+_EVQ`E=%B0o#-AlXi-7A^r7bCS_ge5`5+$io-8inE;0q5#A<*v@( zFUzr^?Y6eI^5Rw)8XNu}xw9vSEtbeZ^XH@GwzTvN#XyZE6@A`xOyLs@ zG(i9iS<|eyQzWimzivI(+S?t&qSN$Vf{=rK&;S^>OUv!V4=wH%ps=#A$;ry8RqFVq zG~9zQFktf(IC3ejPzQv^vKrTjMTLRe&ukiYMjzpt9xhu zFBeL=?zSF&RCRZ%R05mxUY*~PM7)#UZ0k~DXF?{w)xp&kS7$ahsyqWG&MRJdG}EMf zF83(tdG&)xvUzB^2@yR|;ZKq!Ckpy0)iAqX@_6@7+%rQlOJKckbr|u`JpOfJ;w2c1 zSC3}N#)gNZBf4CZeItZ=2+4Yq|54rmQ{^TeU@3nZQ5M`2kc1&L!Ts^==JX{9xVOGh zOo&5VWcI`R@CGiDhp(?eiJ{c*diMA`l%^dToz1Xi0lgN&1I0xpE$!{~^AbtGko%Q4 z8lj%CvHgSx+Gai;sfLIMCX<>fL=!arwjR521NpIJn|pAV?xSey5~2mi$v0jw{Q3d} zZCsq8p}un*5JSrg2nf6sx;H)FK8lM=cm0|IgBqvZ%EI=1J7GV+p#2=wva~cb{sI0l zabr>v3t(^2YLADEqWt`PLXMp6-8IuPdvhbB)0WQ9PgzEWJxa{QT14ktqmU6G&W+?z zS`P1~H(=!woz9bHHyisH`QD! zXujoAM1SUXJEh=Ab|C$A{R2%012k60FGoj5#dbdMiVO1dO&8Bz{xqp*ZI0^Q)-X@t zoc^91pcJJ9jDRc*NPe#EJChz;=Lv}87CwKg31WLhtyMb-tP0g*E+N!XcIB3yk-{$i zO6$Yal#~zd59oiLji*vboIjqEaC+J>!fCxT-zp*|weQ+p*;(>+v=kiy{ac+-JpkwX zD#~5$^<*ozmi!?f+-6sg#RZAXQs$YL53G`W_LhTrnP=;9_G_bMi!(N7BZJ#uZ?d;H zR$y;_p=$X@+Egy#Y^50it%4n8>ZiNEE&e2dWM)0LfZ0Bc;*qst@`v4VU3~q&2%0V* zS>a}ORM;LDXJjl@I-(%%8OWgcym?az)Wa_`w=bHYaxYvR3q-9E3kw+fZFUJOyOfnd z@A*p5r^>={EROlnKq#RG4X3!rWL9Ne7nK4~t9jv8?xR=voRsAIF~6&8tm?|vw)=&N z$3N`qZUs?M<#KZ^Ei9QX_gaqzvNv>%krWD4IlJedSCSvO9vTBEs|K%%}FL|8#x3uL1Phz=`{``5kt~-6A5e?U=%37X{ zwe@hZ>2bXn9^r|uZ`8-BDM0q)cx?T}sW5;+wmMV<8hJHcqw5z$vGnxxI<22Sf3BQ- zBAcF<>O;FvPrtf9hqg+&s*k&)b{~pt%V4d%1Ulu9ue$RdX~dxg$ks}JHQ0JidGDS9 zCu$*D-T*^@mG^FkZ-AdhwaqmI)PftER(X7IV*O({;_TK2+&boJ8-B%Hnn($e1qywJ zT;_=@=nz?1ca{a$eqgBpyh>5PSOggvy zA02=}fD7?lik@3FA3(PDvFk=gM#Tr+*kn63du!Y|eqRES4?-R%-In=4BPU&lEZpwx zA3tkC9gkM0{$7jG;W~S6fYy^-qLIP2AT;S*&2Q>?udmRGexSN9_u%Joqg7eud%F5M zq?&b~{jpywtt)G-_ugT|46er(u3v^M3Pz1QtwVnt96DOdigLHfJC_U)h%)W9iGw12 zjD7yINA`OzN5?kgLq*2@->=-5b9A6nDlhz$`$=M%JqQLAwl?>Yh`H?@7*uDVo;u0oSJeu|K{HE1w=7sy1Mm3LCS>&WXgv^%H<|t!rRr^X}QpmI5x(X zLmTpO44;s&v7y1Ax`D^v($aF$;t_0VD$51s62o>~SojU+47PH8DH1X4M~9Npteo7` zDssYMuBIdYzP^vRo%>Ae_sg=~&klq6&or@;N8hWnf2X~5HJ;bGSm)BbH`>uvx7`;xHan< zW|ixpAk>$q01%AC{r)vkDa2=Dq1*^3Ar<|N>=k_t0k#9`ylSs1Iz({H{J6>K7 z(Uf@s-F>X!8Z@>*y#7mTz@T{t%0xV`62^%9QW#F3=$+bay|e zl8D~8jpO(H_HsyMlcv&pA*C`qNjph(H!uMnTk0LtaQiNhXwf|tBGp-2Tl-^ldM|FcHK(Jaqh4LToQn&d0acX(=cg4fZEOmmpMhQJ z_3LjL=k5kVWoV^9lk6QE1IMkoZ3l^8F=j)B>2DMot>VK>MGQ|V$CSE?YnTny?n>zC zJ)Ld{q;*S9OiYXqzy&ng(Ae0KK~-_hQmKowj{?h%+2yFv5b$yrlCROO(k6q2KfAtv zY@g>~HY{}bK#gg7W^Igi`2I5DKHi!K3gSK9$hS+<*c0q%nwI=ADC7f2-9`pYH1FQq}}gjxPs4 zvZi`?_py}JI;aS`^;*<|!R?f5t?2^=4r9LM z=kb9&ZG{|Vr3(2~2%Oo*V`z`p)IS7+xa0rQNC6RWGdx?3}a zJ3Amc*jYI=t|zpZZ;L~EefQyAI9C(9nf-jrF4ZSIw8J0emcN<{DC0dZ&~51hs0QME znbyBqeeG!(AZ&G$CEB(>v$wrA_p9|B{iG$uS|7hpTX8Om+Fkt#Wp-$fuE+kO|uhJXC?@ZkCVd;b2^ z>NVw~-yhRR$jRXZN~=AfrTy%F$@5vtucVhW!g6wKyjReWfe}7|4jb0rkM}n&f4cPd zCy2)kx8TD6*Q4w)g5Y1DAZCy-$S(i&>3c@>2!g^%gF+mv&g1){H4@*o3a=v&Jy%PS ze}BVcbsLq8!B(ccQLR@M^-0~NR9x~#1|g(vpCcoeY`n+MXJ3jDF+_2Om~oIvg*jw= z*}f6QiTw=soaj87*dN?F5OSW}f4#1mq`|wZDW`=(jBLN;SbxdI$31r?iv9kgxuK!K z^5g(4xAb&%)yiEQPs?{n`P}Z3qx(#=8;8fm5o5vvbZ9nmAF?UCbR{Jue)ZOusg#hQ z5iUWgudAn1?QmwY)sx<;?)Txr4KXo8Oxhb_Eu_h$HRrO~J@{vj={4e54Sr1aW9xz8 zmh8Qm_im&a+5!aG4_5brS^1b85QtAke-77sUSe9d&4mKrsO-Mu{=)|t`Co8|IP_YB z;<%v-H0qa+X18sIdYnosNSb2-^}R(@HpvTAW+cHSVB>5I9Om*noNkq$ z?^pGxjU`2>GW7S_PDOR==V(+Ey9_exQc}uz=Y4LB<+o>`;yOxDt8iN$hWtte1&*!n zS9-Z@g*biCtRJ}^?VLLA3%v1!(qJB@bKX8)x%sjM-yv+(wX>8Qs))~M zgzTynPP=ov%g}XaDSYJ%32dKtW>B^{9V!yTqaY?GZXwRWLd8gE-?!K=y@T(#sP)CC z0yUxi86I4Gf8P^2U)3on4J(!iY2|XUmiJcU8yc90CBzAzJ&O=>*U}_3dUWlTwR~BgDr?BVcWEOB0M}W1pQPWihg;C^jV`Zroq%_Gz4!h+>y3%#;`| z{^5;QU^2#Y_n`$i#;Kb9tZ9M8p%6B^*cB6*Hio#0N8FsYD+5e)bUd2NeHzXuAPLjb z*2Z?6Oo~X=AM~_a>MIAaA{+RPa` zpUaNj`6(-&=Hq0UtOqpUV45nHygENS9d!owZKi^esQ++Qlz6;f4g(xEa8~k&i*rR? z-owGq(Jd=4Wi>S6>iPB!-cNUm9z$E(f-VA~`5M7`ajn(vr$spyc-_FwQ7!X#O#hM< z8zPGp(c0DqB(_&l5%jx9yMFh1Ppj_F%81|GrihmaRkTxJ(;Tij7d2lG1ta3nP@GKp z@R;$oHnTzhS-2j7Yh&!vw|7(&VbD*r9tNaaA)DQ$UKkF;N{9tkdWnI7zu?0<+D+xk z15+0lb+@xM-ik1}m$-~dL<#R}D@|Y=yz&He@X?Wxp%KtH&$lH+vuSfyfviA+o*rBr zVUuEI5jctY=I+zWDL6nJet(!GF>FBf96fJmY!Gz zl$Z|N6_xCdl&wi=Con&NVm~9pmd~Z>UJ{pW&(@aJV7D$U*uOk`_Dn&6nqdtsgnaXo zXRouLzA1e+kZtw2&rDs)4s8jSyoveAoF3e|Dm1)4Mj23yjD)P$9__l+lMZxgv*BWT z{_}J1XG1lcLR7r)^LFy>R)?^h{dql`3JtrdC8HlXZhZ+R&6julTJCblJXSm&)4W%G zP@12c8@W2ym!-r4gIjWlhtTUPVr9d|#)>lSbkHNs(KR$Q@~^=wEGq0!x_FZpTjIr= z9Bc8lNv~-8k{7W$oZ1euSiRO*N9v`Z`+WX6Zvd?0;$lutN%m_dxI^&eOG?t_C4|Qnq>hU>gUF9Kxw|}g?b?&5 zf$8+07zIk#g9usd_ErYLwaqsu2v-UNjhD~$h}D&s*Oj+wu{-q&Dr!M$OWz#5N_;&Z zEHEQkQ7nP)ZaVVBCn{bp_P&a7W81>MzptySuPb_fjX~6X=U}tcaym3DbZ2)5*O?wS zne-}GE>Jl`|GlPLIpr6PkZ}1^7(Zl{xPPz6YX!_Akl2U6pXsBk{TQw4E=dh z68Wk71Xc#BE@kpaY%EAAz01qR!s!mp@A&wXwMS(pr>7^UFY?)&340q4e#0gqVITh? z2uWU$5m4P&83HCx78iH!pDJNy%F?14_NqWG%a9V*mT7I; zq>6* zurWi89W*E}EnRBA54xAk{6UiXx+a?M)u4d}bUAm!!cl{uW!9q=HQ0CY`HOIH+pE0n zRJI=zm#rkr;?92#6W*5N$45?RV#)XJQPo$ucptJL9v7vyPGep48yAoF4In_J6b@P* zwkjJT6ZBqKUQFPz%^*-kf4+kz*oswFQ2|XV>}7Dmo!3q{ZEnHMNciVEMtocy$q7XQEp|d3Uw7;l?ED~#P65)*B@IRf4=Sar%hM>)E#Msv9Uy~ z0=8jbV|I4sCP@^#m|OboLM+7Nz&C%2x!>RLe#w-)YST1wN>v`qy1&_8>fA{ zomBj>V8P+&{FRxR{me~r(HJF*)|O7FD|yl)z4s>0=P?&IV)PpH#$3Fb*_*mSbZ4Ar zqv#i>22+^zcbV+LQ)u(Bkmw7wQ@VCyigqHdHS4BZhf4U18k<$F&iZ7)`GL_}36)ZY z+*lMTv!CyeNe72gnBm9z?!mlDFEAL;43UVkawA)~4!a8U8F^i+lD>Zj&Dp?!V&gUJ z$SN!f*{2N+UF7oPay$`gEY{o5!nq7vJ7D8ck7;QX?9$j~k*2BCFpmbEC@;mf>eqi2 z;KTf|SgX7neSgVrf>MqCB${{!nfL}YQP_XVdmX77Ti1&Ubyl;g5O2`Wo+TN_CjKGW z-HorqC2_`3p{~vqyPcMA1_cSRYSmc~62`cln)ofW^OsaRZtsCh8{J}la?aS@g8?Q9 ziNNHR@Hj5p@(WZehFuaoJ)7m(`6xwSk$3WIA;gL#<6!x^X?TED9(UVsL9QwF4ILR~ z)%C-ZZBqYo;zJFRi_87s?A0~6)8H{^-1qerjvZ!aTIXj93PzA5SGy-vYxOqUnGQ2A z3VIJ59%Kc;Di|ERzp12euHOi|O2O#JyLUG^4vxSkm!E}&f`fWqO9#xZwKHA$nJu?D zEG=76pt{@IskA~ICPM*&l_NU#J?NC-4d`|q@{Hx{wvh0Y zlG@G}X9i@Zeex6e%n!xD#)Mnzj|C4852(&t;yoQs>EZe5yR8sMXNwKTAu(=W@$-eov_1FKJ4Z!G5UF5KKKB4>rCj zlaj);F8nNveFKi#J%PWvv&VY`kr~fNb(3Cv6Xmj9**I9l)~hfKxj=a}i(z_Wpr_XW z2Ml5u?j^xG72OxyN1BOjCx^)rdED3H8IhVFPGWW z)D%W5|Ikl1MV!g7Ck^VR;^NZ^+hv;OO55!|weyqi>MC2*m>>X-N!G04@H`6N{@^h3 zqTGI&&#LD+Ep6t+`wlg3yPd^R{nh~{dX*wB=e-f=gJ>M+u@21!CTa{rU=k^~y6SG$ zo8j$FpvXnbL`WQ-?(ZgQ$N3=dc9schk-0f9G%O8)1R{iDLaeSstgfft@Lo=`HEQ4x z`!`Ek*sN%p@|qlMw6Uw*#=#jK8BvtXx^51wYTC~~{n-JDlAL4HnKjWn&wo9T+FcHXri4K~e@4w}t71myYkdGJI?+qB z4`3%mb?@HH?Ccd36v*pg_5&MW^-3KPE350W!S}7f`Te-`MEhdQ|FC z-wf4p^IjlaAZ+-3e{C!8t9J0pxNwcI?5o_vRLm@mjg2)l#__xLdE8DSMSiyY0#$QM zYwKO8Ntfp4=JHcp9!IbI$9sQ$Ql!-yiqV^qSzKMYKmI`GUeL8YXk4C4+jEGhzSJCvXkWaKc*f_*B-DAQazgLH;{&d` zM!&+m(2rZ=1K4OJ;#kI*~q!Qu6_epg#cD-s(JBvsNc3C=!0=lccN&FgXbv#ycHGgraeuO z?bG=9_H)ZL z`j!_AoE@F~yTZbZ=XK_1X6F|d7qit@=|$UHTMfWTp}yV6izoc)1C`X88ut(?2?u|F zp?j1L=v$PgbY9-xP7KNybNlS<*)og7`>y+tnN;NYG_@p=``${_dCik@7$n=Q4();{9d2dcO2soP?6Vm5sz9kn)^p+xiUajx z5kiaBbLGws4iH>;09zi1*_r+MF+fZp=1?vcNsephz_Xka*L?g~T)dSOym=CskP}ce z5(@Lcbt55khk=}YO2^?~H7yPJMO3bUqhji}qo7>o0rY*mA84$lf3AT4pz2gAOX#@U z8dxJ5iEpFEJ z?hkjo(_4;&q`?>ErNk#FFG&QhUhK0_$+b;U2h7~gx5P@(!JYWj&jhs)1FJNZ8 zg!nY~58gNEc6hSg(OdkmkMAOyr5A#@u9?q2dp(dHB2O3 z`|CAd{P~#V?^pBt@BSUe{NGiWhP})@bSE<6?@rLk`kO7=#;>7Aunt+aroKPC-Bm~x zgcJ>XiqZ8y71fMzNpkcrBJ5#$++r0vuG3dZ+R5JRhm)=Gt58UB0hYKvADSV%QR00$ zpHr3DnrhTcAf9IPrN}%UeDb@rWFx%gZVS*|hK$f(xNehR!IL40V?#f6qv%Y7=u95& z4@Zw4c_oJi1_n+aY|^U~w>CGI+Z=8kfkM~i&hTbo=qPX=ewWuq>NOWg4Azl%#*mIAQ|Mt3MKZ(~!8X)zmC zy|8toaj^SViSfbW?Q5K0#(kC|-#;}LtvID%(?naOgI0y}U!`TEs07au zot9qa?wPGyvnQS56;SmRKz8QtGt{N|1VHgSxW`ngrKrpFnjs3F3K1B#FquH z>txBuX_^@vl_G_O>SXElSI`LOERJ>-A->D&GV1xsb~^yQH!*JL9~FKO`JC@5QR$Uz zdl^b()xw3NA{bge<>KP<_qQ%nRp|HAmrN*gTOHccZ2{2YOBJ!=Q)nhUgs%RLaaBDP z?Xv6Tkk8Ph1lkX8V4!YsOeA|y5QE=YT^)~6*FY%jx#hMn&B4S>HCEYO^qH=Q|gYYZr4k33$1j8oQ9n+y=V({^W3KNU4*||5P*5mOqI&s50 zVr^Yrxwxkvex`j4oLf6T4P7DlDW5Ag&(J0*31YOHH*R1Il<)SF)Bv$&U|>KwxA zQHj0A;fC0<@4us@N%`7O1I_x213yn6jJY0dI8;99PRWl|#2JGnS32a+TDrk&q&H>) zTq9bA94&R42ek7up(FfJadF96S-&gL-DPYUrz2;X>(<*QgWT@*?im`XI|W5*i>q-! zE&TW~AG#s8;^J9crE(iXEv**-d$z@KyBqbr6DeFBcTX;{2i-bUpxd9wJk4P&4HYQh z$Qu0o(8$pw1lLW=XJ>qrm5@*?aJcd%QD;Z@jvb59|wA+@xsYF2u3a!w8qD!HXZ zI(tbY{Ns1jj!dpp;WD}rk|qF(>fCOoixXBahTBMe?;&Fhq+U-4fFd;LAUk2zD1i-d zT6m6S_WL#u4Gz+) zru?yfC}5LNi$5IRG@mXiDx~SMq2vuq&;TG%51gjOD&x-yI=*Wa$EZMO19MQ{H1K-< zU5m?QF4gQDY{4Oz9Iem^$Btw-J*pGIrUsLRO~F2zb-9R|T~E>)RKxS9A=}&Av|XuF z^mN%2g};GOvE93vi|jpU+-?FpFYexI`crBD0dU?|MPM$zu#XebW*ja7ew}e&Yb58k zWDl{-)OG}8Gza6gb?6#++&4eM{XtINhSfRo#M9WJBqb$zaXDh7z(~^oa=n{P{=!Dt z02^g(&Zeehlau;7Q>=)Lj4X2mwYI0Az|qd?@b~5n!Nwq1_{Gbm?`QQKz7$I5Qp&)J z%c!n)D_iVhcs)x49*I04BQ6h=nC~@~XVfUZnLs9YckFu?7dacfgw%OW5caH;Tf|7F zJ)@o+F6>!=y}q2hXddoj{wL_@*|~m^mp4fQpKEk=e0+8M7+8Y7@$>{#+ju*izFjK; z#`b1?tx->(dh?L9OVgPsTfg=3`L(~%(RcBPUuRm^akvw52B;w@ydTg$SX^GD-&0m~ z<9+oCeENozmEpNPGAg{-EGk;Y$$5Bqh-PaWL8nA6dcHx{4G`DV{0{+}ai>4;+~;^C z7n^#ZJ6Y{bVfQVtmVtI0*t}o11bU@0;Z5`Kw7Ryb(nIW;gv5TCweTY98+1Cg%DTF` zw~f1-u6iC1( z`s4{2HT7{PxZ9HOOfh6LVLXU(YU+maEU!g8jX^pUk?4bK*}w* z=O%yn+{SU7oTNrRr=eCGq6}UBez@&cO$dXAYNu1997So8jHk-az+3I#kW|WcvXTD| z)XF(fz>#`h$5aB7upP0APF$GahR1*WqOJMP4ywbkB_-}#GEaKQ$gwOesGk+}rhV94 z?zc2RZTK8{=kS#5$&)9O5a~#tm6fqS!9*<5{DOo%GU74gzFR>7o3YW{`aGb+>*iKF zr4j89-BA!}d!df1-~aT1hz*Izn3&WrFVAN^YhL*(kwb_f05Y40Jo}v1?Q#4*mar24 z3+hC;AamQVD3-Vp4^7gFiHhFja(Le;%L6R*ngo6VDDY;`{;m(-i|5>MEHUjzr$5y$oLiHE8ne%*-dujLgbPo*hQb3&5u7`rk0` z@9+K3%F^FI>tAE}_e&D0u_iatDDW+~2XDb1ej35w6>n0qXX5N#-cB*%8*IckiXuPz?R$>phaM#x_xmw0 z0D%N-m!~20S3Y~I?c}}4MRoe)2aIhefef=g#%ApDR)9>bytP*@liPMF6gXguix9Gb ztEZz=*U-Qv8Ckm$=Fpz?Auq4c*)a3To#htB#AY^^?MHW$-iIX*f6x$%3pva>kZYnQ zXC_w6RL2$`MX&sl>BTRt@o5~|hkvH=0QJ^?ZYK}--0f1=p&ko!A}!p0d+pL|_tENA z)r#US6OIzNQv&UQiib(zJv=b5v#c*BD^F~nhq6O67W~QEY9D2Aafnt?%}_rB_0E@y`r!T`)NVqBC; zF6X%@zXzorD{RaCxz{Uv4SE(jKYYNmvbG+tk$Q*X-y-=DCmy8@kvB0AW8r3oeJqC7`5Iw8a_@7iY)Csm*vj*LxTl9UZz>) z-4*STdD_awMz(t^Wnr|GH&gdkvr%szK*vY%`>;_x;C#IUmV&cW_mZO3@hqi+^mB9;SQY&KGyGwI1!K5ZGB5m1of=>@sEy+^`xdykxWFp5 zwy|+JIbg!9a@%drN>_UI3J4eu{&`Z`65Sowf z*Z6ucLO7+}_?rJCOEr=o8PRjOnTO#O+Fx@l$LH=JGPM(_Ec=fY%4Ts(ii`JlcjK5` zQ7#4nl_RQhaz(AJH_0<(Q{j{`IG39wC#SOY^!9ceA1w76QwdKYqhu~)wTt%z`$8-P z7%!)1mAJRm|LD^bFJTwqSJS2JpSO& z6x`T|=&;su8`V|MsRsYW0~#`+qKDZH$u}AQt@|2|+TGWO5%$K<5B28vlj!G-?%6W? zO^M)=r6wQV-GUQS(-X!+F&o<|$E6ffn%x6yAe87;@cCiD%+d2T4f=H`ouK4*7V0Ly ze}CuBokv69m()nSk|^0&pir4HJ&mU43`}YGO;@`PFi~Z?F&<{2p$VIHNC-RWQ!aE| zfhO+CUQBkTAH`8r-FHi}VejG`2vRvaN^d@`oBG_kVaQHpng_^m+k$+}a61}WMl&6) z&m3BOy3j`9tGxj?XZ&Bi3+n&uo87}Z9&1Y#2*8EoRN`^|_yiW(TlY9xK{EJ9=d2(X zFYjN>r~Bwejo;g;`3}DOBlG|2yizHn;kdjOl9kVi1-Mc~d@9V=aVjn)-Gb3ZFf<7| z)QSq(IjM8_Qim1O(}_sCwXYtFMzQftO5Hg8Cc2`CV^@~gG z!2x@~rY^IU62oY!wXpYBk1Y?+*YR^7#~(Y}lY~-3>VlXZ<3={y^^=yjBqYHoYwk~} zi!CO&@mZi5OFBb>=m)@QXvf~g!UCHXa_6Y4GiXbV-(3LU*SU1{7T^I2PO{^t90YQn zbBo)_+lazHuN_LHJu(){@de1h4Ga!ne0+Rg1VsDQ!&III@y#5~mhfyCnJOnE6Y}k| zLay4aTZl5#8{9np=7W_{LT~B%N31)O;C>7^EAZ^XxgH^O>&CGRUzr_XBw+UD7(eHR zleDz77t0OSJootLNzdcsfxk&~@Trtu>6zSO!=z$yoo!`GpUBMLZ^D0k+4xlcGjwLp=3hXmobkujvRaUv zdvaqc(Isv&iVhi8ffHf|7Y0DCYs^$3#HxpQQJn8MpPuWfcRwmz`|X0!MaoZ7JT6Tr zIL|)4_$2e>$GX&tf}=|RV`q52JG{_%>6dlj{Mmg>#UJ*~gf3Y*xz207VUSHf#C+s1 z{qUXyj8I9VvAFtuH*@~O@PGa#wSRwhAM&~;GUhkgIu zKC+=fu32W)E`tV|c=T6LNP+I71rCq+chlEYVr_5qMt7<9jykNJEP;GtX^&% zE6zj8hsh%ciq={wCvHckAVxSjIpwO?D3@u?j5zOkr=>>?B)3H9O4r;_DS&RF`-e8O zk#YuPK0ZE}=y7^bIJaqh*C){$ER%0ZMCS(zBT7o-VUBSutCaKJN|oi*D>m^2*utR_ zGnW{QPEIuhz`a4G)UEbtZ^5ek+Z9vhW2etq5urA|FLAoocx*)l-!UYQgey;rT)BQq z3H_KcbjnZPJq`Dr!JP{!0c1Lrho%$^;m={F+(5o{s@Pon3$JhJnCRK6WzU65;j#ME z)cpK0mM_x)L?sZTd}MOuzoJ%Qdj`b-EXL%U4#@>dipsuc-l?I@lGgms zv$I#g1$U3dZn$_U9th}t_>xo=XZt! z`o3H>6;L6CLP(VD=hsy@hw}1JQAx_17Zj%&-VB{|tWwq3oV4{Zayb4pz|FYnF4eDnjPs~`|?_5M69?>oP7HWVD`m3fhz5aQPYQ((3>H)&}{ zkFr$yQ*4ciT|Yh>J2^f^1&0<2D*ORzf<{>NyHmtz=pTIpJR20yoGy*6Ep1iM+4jq% z=)C}a82C0jHnQc^VX>ul1C0+fIJ|D*m1Co$TM}zE20ozl2_cqn+uUxNJ0FSS@^Qv$ zeyrjP-j}*Z*!A`N*o-D0>~yF?t0{_4nj7+`iBJNRPnNi$GV%LCr7uIkM$Mc!~=j? z&d3=KvxPRS+CZTJz!sPhHftSrcp~ zL)A}xaC#PZl-rt*Rz9SpgcK~Z?cp}q+M?7bZxU@NqEzryeyL|=iDS2?g7i5xlRcb| z50#4o$4DpBZzH4YMpRO^fl*7o9OYLa$92ofd=)eBZDOaI-k)@`O8;+htukj-tryTsf6>sO7!^D z_t4#JeJ9x+v+efC^=i$LSD-7}uYnkwtDa6qW>%=@D{Q+k{AHji9pYS?niIc4;X615 zNi|Gpwl*SSRR&bfdNtGg5`j;r?7KIOc(P&>7eA{uk3aVj2L{|3)kTiY7Q zQPdK-2qkb5ltxghA6sY2L)?t2*e^Me5Z5o6Rai=18jD7&4r=mg`j?{oVJ7tUXKSfC z{en$=!Z%SAFe8ZHh zuH<_P%H>5)ywG)Z69bb!&d!TAZA1>E5oS^2$Zd3CJaiN zp!`nzce!h?=#Y_hm+NSaDJC2WN^MER~h9kYU5)T>p9j<^+jLNa(9W zuU?RCC{rPKc4lU0WrzvR(8k8E_4Rta8FJ_ge&E4LeV^hB|0eh5YG`a*C6_XVX!b7l z!e$C4OFzJ8Wvxi3OCcg8M(My98GI|f|4u0&+6zGGKJP@3oZFei+y^_!(V?C^p3y9@LKx0$yg&1 z3rxdMkHD_f(_21Ed0}m?#&AmyPI^yW9a^^~eOANG_t1^U-&C(6-X1Fnvr{!(=vqWZ z#(M-Zg7vS=#z2cp7`3f}s$1C?D8niow^GWiN8;-_bfq`9Hf7~RFr?FD1RhdTN5Juq zycUs@<4?+`#Z|bB^|kjIR1L>N`_ewJyM{rhCqV>WwY8t&t+fU>8ff+LYHde(10)JU za4<%>Sb&D6)NJ_c*L`zO4B|skUTC}~sXtW@uX>_Lc>mGU%{n1i@4y!{QeuiNQ=$r< zx37JNHF7QB9;TzCt*K(*^3l)rlQtx@(# ztKKN_H7=c%jzWR$U0st0ei6$H1?b3@;oetnVTm#TJ>AzM@kx3eG-rV~I#QpqwaAdk z=ONl!u=N>{4+7>2w&+|XntCHFt0R$DwMNJx0v*LwG1wlXe@jkge` z{dNB(CbQkOF^$T&G552R`ZqC25l&7-dmD>OOMa_i;y*g?Qn$;>mcykmuKf;EClqI@ z%1vV!<%~(gS4oMONc878&*+a9QrGNm{}c%*O`jS_E~@VoyyVtQj{e!lKYjQk^mwo~ zLdf{kXx!^M*e*SP^+$*}8=dU9xdTae9gH?>O}^jZW5GlPkkO=f@4j^N@C3kH71NNA z(2y`c+%^R81RRrM$ChyY{0>klnT%&e2?%&_1N04^O7fJ`!ql?~7<_wp2*KOcRU+fP z!~K0|=)eHDV8uKME&LZVZW4dBDQ}`;Ab5JXUxvYFcW$ri!zjTJ#l_j}0{e9HfpXnC z?+J*M0jmWbcUYZTA%jwKTE-XpsdhvS#2giomReV{Z$7A^lO73|L@=p=f;q9_Al4dv z?nOY9a0Ae^tJ9v@S1ulakZMSDnD(`%RoG|tNp_X<^kBj|9~Bu%N>08wKi~S6Xbuv1p8@BWbjcwig+UdPrf`8MKrD zK*s5KtjMNPta`}__E*Bq#V`&E3g_*)KF+ARKO3UY_>+lCSx+R9~qnuDgQ?C%Z3a8K`|Ug1}PXG%`O!TugJ zgU|qW%G6)s;=L^8ehCfcj{T^6n|EhBzy=;i8zAyC)OI0ZaNMel=hcnQ{%%gkMKt9p){QF9 zNFpnH`!QGr<2$V5>Gp;Xtj8*05lR#PWkE?JPQv356%~!1VHCN4JAol#5@3NZkZ`9r z&^qF405Wsdwgj%5#ovF*4$q9Z#SwL%p1d(K2f+bkj{~>G^Y6d(BmQ0v{rDfpe_3VV zFQ$JL^s>t0;z(GD;#3eVW0|yFhIf|B8f&S2s!Nf)N%{gmRl?dUCs_I@a!_aj9J8 zTnq`Ci(wlys$ai;Q`0Wz(xwd-GTY}rmonA=5B6*GGKTY}FU4vANqh?8h7u;;`D1OWuzj@MAGQ>bpa82OY>r33ivf9SGx7E> zjg6h!4f02Blo*ov&wPDF7|Azfe3OzUL1TeF1s|u&{PMD@5%u4^*zrQtwsRlmiQ*ez z|26R9>fXE6VLMw(-N#!#IjC#=BaZ9ir(MY+2W)Zk78K#R4*Tm*z{ZWLMj~9vc>*d} zT>+dUkURO43}X0Y>Gx{#2=B;wI%L;VQbPP{tf6>@(Yh}%gklj!tpQ~KLe(iC58Bz; zL7X6J7iK~}WMG7!cq|ra0o}6?{kcA1)$EK{Ddljm;GEU8;o{Bu4HI%cdaj*LZrPt*3=EwevsQzh>1ha zvh5)8et38j#4dinxAJ@GW+cT2 ztBDI!Uat7BOx(@0=3}EyP$<8_X24I%jwxL|oQnrpg7uq?sJQs9MSRPs1}e@yRz;Ot z*c_FGVwlj`U}9nlN6lRRa2e9xNIxxoYeAl#U%HZ8Dl0MQs3FJ)y~N0s<>dg_O~57u zY$@WrhK7boq34$V00%}XtpPR8G^b{ro@b);LbsB$#gM3Ia|2pnU956ni%#Ln4A)cV8Bb!4pklPmO)SnuuH()aqY`F zNj6s4J;ma1+5gPvH#s%MspqO%t)&aY*_Fhz3eHa}Bj#TVs57jZwv;`Dt4?R+rNfiZ zS*WhArc3E?02L-AI3fm+bm37^Pk3z?d)nIC&K)yF+eMHMb8@-~vPIi_L6?tDcbxg7 z%+w~W1n<9hYJUGQxlVM_%A1EbsTlPo;ce;IL0OF`Z&HdH(VOKgmR;H#gM)+c9@s)@ zsi?$3SvYaAu{ou#Ayw%2AlCQaGYbY*{kU;1uyuwuA(SC{bf7^oAV5Y3T| zmAssue#Y>jXcsdgGL&%e@4AGuJNS*&fM9rTqse=#sN3)mic5>1H(RdVxK|`XLp#&F z_|5~TB_(dyCs3J=R@%yh-Z?rhgK%r%2+Z@;?}*C>M|64!iH`vwOBnJfE_0(Gq$_eY zyJVz_BH&C~c()v^nd$3tEc6n{ainhwrJ5~F3JI;fPHvb12R%^uqfEb3N6_?+K%^8F zCi0^*Ff#Jl1Z((rb%LLtKgotbTYFX@6u()|z<@M^k%)+oO>Iy~h_c1%I(j;4^~J<* zJdc=62W|EnC#YiGX=oTsJ3oWR!=tJOoLejd-@LC#6QH8*ibpV;LBs7|xeb&gT5W&f zYxDwmLV}fh9?1!XA>EY+TYww1JR1v(z574V9%Ko)->BkOU+kSkj^M$0u#gd??g}5T zH%!xECz`ZM7dMq259H$FPJGG0jC7Bq5=Oo8@YF&GiJcuYY!Dj@tNdGwhytWg1@wXC zU|=BF#O&j5XK4wG9OI)$ip5sRr0#-(dHqRzEG&cY1#ucmeX8c!G6N}#b(+ozHq3`T zeSKYheVeKuB-v{APnJ(W+H#fJox3}eUcd1Hi?A8Vf2Zt)a@B<)@ zbjNOx&xCNW|Gbb+Pr7{_LNtye=4>W!rKW177WY4J_;l3tf@fnn8G}kStsjOS7wYp- zkkPfUzznOk#okPyZon5Pha3*;_d_%QW&>%Nn>cKZpo*-jRm8J6E`sF-M18&nUKo`E zVW1tAOUlWNWLrW}66D2#Pdt1*-?tJxWH3^U!0IEq$3QDfg3fV%Z#{L^-#$aUaZE?P zC@v}ab%r7$7)4|Zb8T+zZ1RgAAT>buJsv33KRx3=nWa|z3YP#Vn)d+1zd3nX%I!=n zX0)E3MJV;%b_RCH0O|k7Rd>LO7KWpLRdjx)f%e8us zVsl%y$kv$aAxDSxL{hhYyGyC9JjvLjy4R-{fpYNMFU2C5Y$Gi#(wpbv19U`TGtXJ_ zz(DU@E?)#*UIbNgN@A)Y$^A>JQh$|A%$8o_8G{0NA@7gfFD;Un0|Fu8q(xd@I%=U8t1L#B-bP#_zg_^QhdxvLU zpLf%BF8=z<>u%oq*UybYE^|L?fi!vu+CV}QOrNjM6OxW15>K#U(L?(sod|wS3$lbQ zy4yXkzVo2<(?9m^0|(yS$o`y#5%ul82(4X&VpE3V>aYBmIPy)(B*|+gTjU5=Xx`7FT>yH&k(a`4H zDcd{9+g+&}JMfbNNhl^cIbOS**!NTf;!T!AQuf%w^#RKq-o`ZiPDF3)aJI;FI6UdI zecnAQ#XLU-iqFsA@rCc`kbh8n4ic{ckB*lc$tzP*LQPWgKH&oa(%TrWv!v_4Ki8^G z5_Z$%Ae$r7Wp|9n)5t9`>qXiEhQ#MClr}Xr%MUuUqQ_3$v&rq$??;2U-%*pMw>@_spR#1Vf;PKAMniLBs(W^DQLqJNUK(Q1hD`*3g?2_)xR zp7im~Wmw#=+sP>X56aGIS9Hy6<0n$sTK%gKvB~PG10$4PiSnApT&iHrEvMl~8dkg2 z*S@|PYAS|z^6rR=#hbzX8J8}0_^)txf)|1EVUv28D-+aF$QAx5_AsB?<~yElaja3SgEOz z#65PM1@C=J#6uZ*X{{PAj`+2SRZAM$&8{zkx9o3m#CNFI6dflk{?+ZDLH1sawgP&z z{{H^pLa7AZ==o(t2evrUkss6)>(F{JtU`^1x9fjqq?9GCnNG{v-GK}3(a%LGkX>&? z-{-&0ILV{%^SjK8gYS_yj(Xh_2PwikEiI3E?ZriO8O?ky#n!1lY5A;}&=dO8sTTzd zHvffA(lTq_U9tk{SjreCIPsPkm&a;qoZ+tKv?DAg1fpw56J2L-vS#h8OIL2>6&9{N z9Z{FHYfbBfBGu9cXRJa34>y2GcTjdW)7sY3u%BMBEX<3VZKXm)J40Prt7N0(cQ7F(*hlPe&TM4hm|L^f9{QlY8oZm^E(#I$AnlCQoUBZ}TLP zA5i`xBfyIn(N@#!tZSre!93d8`FqG*EOWB3th=RK0=NM2cRV!rz_Fz zB8FZ?XJ4q;9zbv_B}jc1)gO`$1*4Y!{Xv{-a(`>6BTpsl~B68f}lEiTR@Q8|Dq+c zs%DU6!biF3>j-}6VLdNhaIgDrB5?M}XLYN0a1d}Nnh+VD)&CA&{-}DiD(D#74IBeS z<*Xl|uh5DCd-i!6+GT?@xFZ-5KzEDLP3_1zS&!I z9Lb$1SyTn>gz>;Y4%efSyn@BA`R^c}9}*WGo|39zrJY@U>R#GOTqCmDTM+>simmQS zK15=*P(UI=rXy+c%Bw5zasPa~e-cGNnUPO#iLh&$>FPdOd&x&a{081?Vw3i?pfS78 zkN5hA(dytyUm+^WbK3j{nGig^LNwrGEiXeOL^SgDy?YPiaIu_RKzTTHauVSmnYeI) zMO}#Zi7Y$?PB9`9k{*<_Z7L;fey)sW!ylAj3e4TRn+|L|mtI7F4Zxv_$oxo<7|5(T zNgkM>7#JaelQS;Ec-`;u<;S5K?-L|h8Rta%Qn$CvOM0Yb!&a`7QjpESn3K6Vrk-B4 z0v%u!{da-^yN9*4wX@C+29TdNHtyJqw5MfzUFBwYAo8!E!C8Q>TN9B8p&NF!S4Blh zcsP9h2qiRES@>Wonl@TYho0o{T=qJ@94`Ig!}@=pFt{l{J#O)#ZUP0_OX*6qH(FTQ z2T4U$QB}S;X;X5Hw9Q^W1m7jbuTIe+s$RJdhENr!7Zy15R}XiVy1TmUmWKy2^(Bbe z|JI_Xc8ne#tvdSsVq*LnKcFm_EX^4Y&2@4);U`OCh7uEA@It<8;n~NUZ|AFV=$|!< z)m7TEX{!+!+X&4uU*F30^$-vD6S-ASk;;!oJUPEsk5B)@U_opBz}MRMA5qb!tv>kj za-*PG8uucjVM0XmL**dC+l!NF$>_=Vx`Oj0biNl}5|f>1t=O_ceWQS&~7u@e0$b>~1ttv2{GHc;Ot;l6F1scY&J^s(){QS^}L6pYVYfbE`X0UQWUy#-FWO ztaFu}TROSKp8Z4wUHE3RcA!S>a$YX2pYZ%-0did&ZiZd+h4q5=v$f0mz$#I@v2Fo2C1&Im7!lrvg*Tg{Vz@x7ppd=VlP=@5yPTYwt01cw z85D$!jlIOId9iR$OjUINAIKso-BD_syd(&hFHTBIX+4fAI92cuw>q++Kg@11 zenF(%Bt4Vq8i$>zjEwd|fiBp-sYodex>MeC?{6d*guRjQk&YDHzJ>V_1;G<1X;RCh zKzK#P9=E2n1!7VY5_)x+Trn~3iq?q z*4Ebm0fP+ky9WR4-4i%>UvmHE#r(MJagB{pc8)p;=b5##6aVl~-G}{`0ZK~GwSEJl zn#Z#yvg0!%ba_e*O>=WbdnpuvJ(JhhAfTia)wE7bW!94x z1i(jE3~cA+Z}~vO@a-b`OME2BCiOZh+>(*^4jGU)4qT`uI#^51`9{iCW)_;}wp!GY zMdVO!wask-^mPLw9ciqk@DibRBCL5+nN~jDJ{+i>a{;h@$;{8b3r!`n{{Ysp352?u zG^Xy;Q?0J~j%*b?VD)T0V!3}m!Ohin7b%R9SR^($E!au`+7-{P{mL#jWF1jDM)(L{ zrda67uboPjh+Ih#i)M3Je>MPgfyAh&yKrE4mIp$-LF$K`ayV~TdKznNe)7{V!f9+A{qqLd*E$BIr>BYHs4{SlAytx`xw8lpAii*6vY;ju4-HNC(GT}A@ zP8-LU15yq8iWa~Q8HLta71)}A)z$Y5!}N?x!~)zTl`aRq1KurADZ^=92H_u#6^6Nh z%S+)@ctg$!nfb{{of5@eqZkwvWE)1-xEg0~BZ$VyEqoe3_#?=?1t0!hm*x2l)P|#> zT|8z33nwQm z5$Dy@({n%Dv5(Lwf3yJFnXsU!j=$|e7tuMU%j8GugPJ&oIXr_9_i!^=WU4;E{a}*_ znZdAY+JyIajEgyqX}QvP+@AYcJzO+@VBLJ;s<1hKJ`_7e7=-cD6cZ6ENy z23yMTAEz-&NEtps_WzqGiKYRlEf#`8>3u6{kwngF+5Fawo|GvP`!MsDDASIaqGJbNPPAF4&G7+4Pfb|hUf0_Hjhl7s&Gc6+_(kqNM zmDZR!O-(~7g={KhbWF@bd(xIj%FO2kpjJQoMJv=R3!1gAiAoYCj_U}Xgp^Vluk<(>uouV2!Hc*&ZDL|lM@alVL;?vCJvXeV z$WUiuNFubpN=(!Qli2=U-;#exNZK1F=;^{qp`mCS#}3BsbG33sRZtt&3Lx1p9Q*mC z8~S0$gJo{{o^m>k(x)KUp8WD(aP9tI)q%8vTFcv?Ydv{L^yRs#Cu+>r7Og`wIhz?x z&7**=<=wey1y3?_-`_9(7L>Qlb1f_^j45X?_ObSCdUxtvTYRbGmfmcA?}+nm*6uDW z>ooBV#zvzy;2E5W^Z7&l0Rs8ut9T)iB=qz)`4JI0{{A`s?ON2iU%%e&q}mwjrGWTV zEd0t;NoZO&OhiQwX5OhM?(_hCq^*P@92qnx4I6~Qh%W1;`mX-WBAmG zM$bN~8^P{`*JgEDNvc@_1EZ|0%z1B>j-DQv76eHkuEJ1@z#nnzf&$Parl+TMj#M}s zHvCn=OSPN@e4xnrJ3#8VDA%jQhm@H2;e%qK$Kf-Ms>iB_$7NhRYE=n&j~*M!(l>B&JjT`JpwfRBuf%;)LJYJbw5 zs7+E??0)T>K}4lo1f%SGih2OT4%$P3y+Lxl&gJu)+l5R25KlS1{W)TdF6s*d+6UFG z`Zt`IXr#S4*-2T)WqIS>sU5tZJK_<&Ndb2Ng+G#4%Y=m}b`SN@opNeIr~RSQ?B>d- zgE0^H0h`s=Po!7Jk@Xke%QgsZ5(pKJp*0-Go@KZ14%v~O8=@F~`^6Ia$WMwE2)j{o zjBBvDmJ1Ct?wxd}BHdSAFH1;B@Xzqg@D)}*biSPPTv8AR1wlyh1nX0`b!T7pZ^ip; z9iD#T@sD3fNhzHRJ4n#8{x@MKot#2{Zq~|&0PPy;Sk;tO85jpzwK`PKx9EKtU#KZ5 zVK=5qb^c6BKHcq2;9pqkG~{0s;W&l;^b7&rlD*>8ik|W@(KKhpJ845X>Ir$t!Nvq=p2akM->D=ec^8$_n%pr^Y8t~kd2F6fR@(R zYYf>NkN=#XnVB~K&N0H_xeNiK-+o~$-_DoF(ygRRsB|r-wld8zK_^;QL@|O z@8Zb);>P6xGq91cLT7Hrzyli1zzn(r`Vj-_|HlZ;5&icFP0fL}XA%~Z;j!1ya$mLz zs+6p3Px;NIcur?3w+ZgVN7PJA95fS)VVR(7G`F^^B z!HpeLY6h7CyWZw7{SMennBx^1Pd5gQRM^IhPuIC!N68cx5(?7X3NOcifIt+TUe?%n zh4q|2f_iR|y;xZTZi zs98BIUScgVg_RPm#;9est-@}p#2`^WTe%omzDcPNOTQXy+VZHlI1h$F6-tPSDJ@M+ zEmgqih7Gu3@xD(;cx1Nx;SKf)xz%;u%wP>;>$2fQ9xuo;v71C*icslv&k=U+4_(rh z?*rFv&1ceIfci)tzJXAOXz#QqtR?tA!anvQC^N!RfPfF zFpWAQXk%1=q?|EZg>K=}mE+a9x%j}y$iT??xj9aYaV~IA0ZZQ(QW~>uD!?Q@p5W0_ zH(P}UysE02F}H$v6r1kZ=_S^)0q7gUquO|n6T&-hX&tT7O`t~&JQVer71!;?poQ)f zI-kGO>yw*tNB#-YlsX|!!&w(a7Z#)u+uPfLct6%~3lBCM z+{;p+x>GC@PfwZ4niPN}kCKikHEFNzzR)8bh@a_s08U?sW($ zUi$UXX!p5>r&U|>y$kI7GvI0b9{^8J73}7}p2Hs|$zb0N?xe0wJPs?MKKxy&>1oDw ztu4O^Bh=PL0S=&E1t3dMQL|(%p^2NAI59bmb`MpIx7w{5wVoB~YG!}znof6ZKB_0m za=g=%%fpS02454N?DE_z2S1V`+h5h8Q1zg`I~*q8;HK$gaOQET76&KetH$ISR_DDv zP*XHszov|N%*txK5&Q*Q;bi2^mbStnQbgEoBWFis0}Rqu$Q#tRZwF=iiG%GU07Ah4HO>DW5X!givY*I^jxxKvYqmnJo3K%agRqgZ z^2wp}8n3vB2n1em3r+R)nQZHeUe@vAD^C^femp(lFeWc``;zeBEGK<)AtX0`Y$Nct zVYZs@{wPS;Fh=QiCk%gqaRyW><=ckK-IyI3vePK<<@k6@PL2Q<6K41pxcskh5cRs; z{~ArPrYdCs9ysvbf%z`P3*nz*?UI=4INXq$;ia(s98E=tQ<+58M&?fuVw9cRCWcB= z#A7FyDx}1D1oj(YVBfvf*i;yLaHFd{Yxwyxk8Bd;LPTR|PGA5)@lh*mAJc!SnN_U{2hp>^ z+Ml8<4`wg`mc3$RzV@e(%#zDKut~sl4#1vs)TxtGImoDBGgKYM{*kwzv99NEJ5I<> zCc>re?&^W4TWGk3j7hE;&q&@B32y~3wRHo`G&O04+Oi>40wD-qSyk26uE9xm{6UqP z>cja?g1L^EIcSO@!=#>t>822vDxmo|ZT3tfp(q1r`Y;M6QfbT9LwHlDRWt8129`HcX@X3Vahni&Y!2291 zwL1?R>YGT{7rIN$0i2F>kCisyc2+3#uxd(8F&|cb%7x=f&9A0s_9^SxV&V%p)dYP!t8Wylx0A2*i1GrVx zNtfj1S&UX5h+t65OUa#ZT-7vEj!q-GdE=(=NU%mY$gS=N`%P0oNE`ZQ19aORpxhDm zQRlZ1Vo=JJ6+KWUA9Am~|M<(tuL)P&g29@i^9S~B^F@|E3E}TPS^=rVoUM9f%x10M z!1e`UiU%w#%53cP+xq~(0?0pnrAWkM;NYCI0%A%{95IeefN}zp4CrZTr#Bp4U11=4 zS){uZ4)_^>i}LfFKeU(UX<%aG(BWLT^Z<;;h>l{~ve>)BrsI7^>`uJF_0=QUFCsEB z5*TyDdSZQ$_8oW!&5wUqvV_pvYt%=aQ0oH%TrpJ4#C^^Wse@wVFDMA#=3PV;qL?Q;)Ahm*cVLlSp9W2v!}xH+5tA}V)FJx)l%zg>@-L4Oqop9L3- zT-b0ZM@?N_9rFJk)uRx>^(G~q{|dp(sH(0mU6^@nT$dK4UH^KeJF`Dc>Kz&y8hDBE z*xin&H=sQ4wYoX~q2F=}6i41t3&7BGT)+l?}^$ICR1`-t*c15 zASi1II<_E)IQJ{Uw#-Pg*y@X~?~O)?Y+X4%n1kycKqmTs8fW0ge)ccgS1XYQv-@a= z{X1B(6mm7%(2rz198ORwM72IihlyY(B^UUZjOD8dmF?!JRfxW}#G^kiO8$o;n}Jue z6B?=v<7eZ(p4PFBnsda{&rr?Y(Jax|ma4ISB9~$+Kj(uR=KusFiKqsmpVBuB-I!Tj ztu`HEw=X@pWDbK0 zzSFrv@UE4ELNM+1f0~u~m9zX_d;M$r!1>d^jx8Wnx>PQ*H);T2On6`f_?-^bAD20G z(-}SIzigE+?4JrMnkjDwPs;$Btj;DGEyTINh_$(3lG~TK4QOlF81A z*y4G+70{c<4|(@3lgxpbYZu5HxoReEt&f_g5e?QIE8(}scVhM)$!0FiJUykf26N>{ zg>~)Lco@d_4DNnu2}RQ{U-oxE%1cKs@%i&4w|B(REQbb=kAiQy0W$5U-9GK@%MWuq zSO%L$y}@#xmtp2&9ecy?-%~3YM6L0^CA|7B^O2{1NE3WjsEYkjBKq;uG`z9&b`#HP6TfDJdkp}Vtlbyq~cG)hK=zLe{T zt8Js!^@i5zjSCt`TXT5jI|&7k)-DHT=kC&Y!yJimXPbrPCaRiUKGtJz09!-<9HKI} zrJ%%%$W@1XdZN;Fs;=McF3%Mdsh*Le(zRjNh~UpNR&Q?HG+|L@Vq~z)!xrVe^$sub zyi1V5)Ee&&y;gW zBpBd;@))O`)BWn5yLTVSHLaBvBqmlDPVL8MNB8GsZ*T4_xn6yaPp$R?x!yF(+&_sXR$S4+TS|`R7KOl*&3mdu_259z21_x4%^-y4wu$)R9pL@ z_K|eM1%|{n&{c*0EBprEkr7J_u)9Z=AY^=Lg zhZFJ1YFj#0-vmGhy_;7ScTP&L;NIk*QWuhv>O6Yg>b!?%a&!1}VyeMcRj>nhq~0G3 zrkKaR4KA?Wt1g@)Aks7LPbnTr7>iLku9K5&JYJuGF7~~OJzYIL`9RYiM6KogfLSjmN&Tr_A>DGp_?SkxM%27L|G*et zJcs+L!N}_3PE4yv3{u}gJZIC9%Z+WU!(5fZwecV^6%gr;zkchn`S9XicZ3K=tB8=; zR%8w7V+J`srJ1?#hxPurpISAP?3x0P{R=+1TR%Ii*Ql^%cYYA;?Y7d_TcAYOZ%9Wm z`U3WsyDzS`TAyie+Au{0+}v-jZc@n|48U-$dIb|yM=LlD!UCv~PXngTwazb!4UE9#J*5k)Aq27UC;w$d2;{BRLrH?kls|^Ya402IPpX z1tncMmIe6g+_j%?Y}?+vd4r|M9NTjBd0MD{Nnd;nqea=|`fCg1Urng6TcvkvZCofE*;_eOVT;vGp?V`{ z?T0SHj$Vd<>lZ#;X`3o5CtPfN3wOVwX0$mg=`k#$#$oZXB@O2DRLF@`NlSOv(FwjC3s=d&ulgv> zi8vr0EOdA*Pu#D#A@t$c<<{1m@YMv?QlseDBg2mLrAsVl!)3bNetU6l=4)?Ht|Gm; z!zjD0;!?Msc!c!(!yVQ8{V)9SSPw1MH(q!JJfg~Z8_=7_IKTQ?wulP6~{4j0&x`d+y?;B)%Y5uxyv&> z$m)XI(L0bYP)da}`L@b}W;}Q0vL|%JVL7zLW_p9eC|l)L1HOx(O~9P=A093(FyJs~MV6%0 zZ$;$FA7nWnF?x7Isi#W(`m9VBk;)5uXWXNMr6xcLFDf&JaiG|_l#0)j?9T4jt^Ygm~36>!nEtDs?tufKaojXgVkr9s{ zmt~NXS2^t(41Df#H%{QXUun7JpXl+VFhy??bz?)Dzc*LGJUjO+d&u5h4DH`^Q_;fZ1b4kxcdq%`gG)zCi;M4*Q}AxG zF})VX}XF} zR0O51GCiHWE$-O2_dyVwteqElBJkXN#0N!;g2Jt~aUQvL-{myr;csifGTsIw^Guuij(dtuP&%;8{tk3J-5vsJ5Uf-0tc=i=m)W@9af?3tWb^vB zYgYm7UbXg&G#P(us35s6pUGBtu7ft7P@znh+~Ey+{7Z#3SfcT`nF}Iz;=2324aTCd z37ksKkT}Dr)XSuyt0>|Z@12$`hseNCETWLpe3X!_q6Dn#CzClxw{Y8|7~YkAktl9v z+YZ-_xY4vjYCcA6a=Nva>^DoTQuMSt{Mr8gOJVd}nbdZ{tE@hFcWLRJrXQhd6U;Ty zy(N|~H|a9yxpuWP$IeuxBa*%J?5P(d7msPISx#7y7dDMGI$!HdR6agi9yuGjP+?ej znrEO#6+pNAH79mx*s#3u2|hc2wVWyN40M$S?;>)lF+<^^wSQ{~c7 zX8GjUS4H(CN#PHbKZwUZ2rxi=(IR(0ki>T9@NzsNJp*bunOP({7W zj(~3Kg=07Iu`(OJG>}j#Wh+Xuz2{*cmlO)H3S_C6K2AUVBe>rC$qMCjcT7!;Xzh1z z5L-T5F}KzebKcnO4b;@er`CviY%6`{=Bn8KbvUbud9F##d7vPo81DD&S%yMuqc^c< zn2lGTo7H>^%@81+@s|o`!EBGw?j5$8iQYN!x-nL@Ha_lALdZCBmaJcc;HH+J9CjJG zEt+PgXM>>Oxm`yzqY}&j*Aj1ukA7$oU-i-WAmU6NoBpF+Q_=yoMuXVfMdED669dR{jg0XMJ#Js)Bj0qSRV!cJhu=6p`DLC{AoXBd`R@ns+_w!G5pX+uJ;jdT+ z%-H*?a^8ZQgNcIHX)6HQuFQ5sa*Dh-u(p*ecFeujl9lotH4aZp`N$LXQRZxT+e0^D zaUpicL&^~8paatZ>8?=I#pd?-85*G+H}?LuAQwZqVt!PM$$Nvl{%s5szqc*fVJ|N#b&RJD+-n!x#;jX2bKtos}ww zGRpX4^<8gvXPdDP2OUL_{w%T?Yg2LFou_K9G^aBYO_!S;Cg>O~HOVr>mX2Of{*aE#7uO6Rp5KOu9*Uvud(x?t$l+jNwggWT+=OlO= z+#cgkY+g5fCXzE&FJ>{~wOKjL{=_42?gAV2rug!MI%?qC|%v6}a&g32W z0Y~Z=KUZg(?32&ezcp&^@)kL-{g&dHu64dVlaC^X#d5Z22dfr`r|&b!yP&97&2@yS zJlA%}-CeYm#XBxst_h9n<8YP;9u{=DEl`#$9{ZTpZ8;5gstgRK^kdf7n=~K@&wpv> zy?v9e{mjg)=}?(76bPzR4WLBTNwP`=l&vCGeY0;0tPJQ%?a#$Q5|EP0*AFn8)UefD ztAI*w#)8@DrY-yI2L>7j-RgeIR2qU&1|Od_dWO>@#*lfsCD>1Pty)CY7&LvOA*c_) zJ)mK2FyD#?0&n=izGM8xn4usmg>@k@YV5rjdYbHa%3j{TU-Xz?3?2(Birc>i$<*PB zDe6vvXUfR_^3#YrE6V7|ZJeU}84hfP*)Pv}fC2d;0)Ab8>R@ziPS? zXeiq@Tz#KZNQz3fpOQ%9YwX!lQ`uEwEFt@3E!oHNseW6ZME0>1SqD=X8jPt38QGT% z8C%T|F$}X9GykLh@0>Yv-Z{@XGv|HhdY|{Y@B6y%OYoP6>d^$?$nFWH{!ka?J!6I5 zj=F`xI5pPfQVYF;e^j2IGuL&9U?b&RzuVr1#2bTQud+pW9UiJ@VL`pBiz0!vlalh2 zGcmR}C!V7yCY7Tc%*95HoyyuDi;Cjg^M3u93XkK{`E^UUvcC%mG>7{U_khK@iUH5a zsC!DZ@GLH5;$y;VC0+53(4kRrtJ4rCt$`bD~K-Lx;dTd5oL%78!+hu}`$ty5|| zRa8YHC}$dHCDixnWs()4JY7*h2o5+Vvg+Df+cX-2MA@DQ$YigDnGed+8D0}tCMFo4VL za(sf(TFoj%nmIhrwi&#+*M5;7ZnmZ)O2fUNHnZ<2ol(|}RCAB*l!@`)Kb<_ZZ*F#q>32}8HU|C?;86FetFJp1>cSb$sRL2~UK|#Ph*Sk?tRG)L zV`gM#-w+u5&XYXB_(>ry%Mun=R8K4}w&TN1VW3n{!j*>5+S{G=ku=v>%FToEZeXT( zi?%91DTQ;onB+6llHbgL*f&8nHQ`t6CZ}s7 z&~_?fuvg*SHom526QxOm4ZnWr|51hGpw5I#3*P|QeKvOMY0PHQ%?QSlNH8O|{f$y` zeFr8?NDNd-L$@r_D-!qD`8$G*(OS$}Ozc~s0~RD|rN8$>8T18JM?XIhlq&SWIKw@8 zopXsHVn>hag|F4S#c#ss^zjF@n;CV@u3I1f9!%q=1p|5{r zKpGlp770^)0V17LzG7f{{qMvq-)@vRTA$f!cdwuU{@UdDF4-2vAQMm2 zzP^ZVmzTlu@wv>Dm6->+w2s1Sj;T1`z3UCcWcVo5i;@y!n2K{Ngd&xX3Z-_P?|gIe z^XJ@Kn}^*;xM}*wiG@MNTa#|Ae7W?#N4w9*a6f?94=37Fc$RP7tEW&L08khJkUQ2p z=%sF*y&Bp03xXhGN>AX9H#>7qlLIM@hfR&8mOXNtYS+EO&C<}LP%%PBlH~_9gM&M4 zdXF>uesN|!Y+xxTVb)63)#>!+a{sIj$CrfsPq{kWi++On_hJk(iICBSpS^w?+e>-$!N&GYTA zLM1f)>>3a*%cP90iC`0NQX91s%mK=9Udhvmap_1;1m6u_s;4b=LuJ$Sc%4`& zP5BDw{*x>yCMK3ZmC(Z$Bmj}0jg$Wr#j-G{9t(T&1_}pc@X6Ibf|K_yS}8Oo3_ePU z{~U~Rad&?=rP;lkgGN4)+MkHTCr=Y`VGFY#O^+43x&E9YWECI-0}C@7_CbVgKKD+uOlxbn@Z+P}0aDbIu;5rsAu&ADXB% z;0)aZFU742k9P9nMwO4q_ z06AK3&#_-og<{Ap*q{u{-}#FBDE$r4r$!tzY2CO-TeC)g|LkRss_piQDp>^EK=;Vq z+tkE++8fLoJpXBJOD6J(j7WY;3#V`Dk0lo4r!Z-;(aHKshPVX0#?kprSZYJVD5{YL zVm+44+$eIn zKA@;>?lH|R;mig0K$Z47=&6){I?}Dd9iy?!0Op8mdy0J?@ODHLz z{qv6Im*}o{AWb>d5~XnAd*Yrf9|Ynr&-vA>9ak^CTs5N7@?x^kZl}s#HJKGGXoU=e z=fYy;2$)1eV<+qAaL27uG1sN^PprwVKiYm4%g<$@5{hK>^uy+D`T8(xU%ZEK5{=gHD%nF=d9ni-|R~zLkSQHdcbz8wEQ&dz0 zLSz5^Upig|ka3}$FR5F+@vATbeW|kwBFA3yv=c6J%dEbw>N&jnrZ}#wq-=%hC9{S9 zV=$rb`q{7t^bJ(w_a29O@0_u!yU(rDtv99j9ae!H+6Q_x%D;RA%t() z*vHK?-)d;+#Z2B{_+b(L=Mfiq_L0#Q^gcemYmZW{5oe~}VWv$-G3DtH4XLb%UT2&q zzCB=d`(ow${~o7ma=7FzoY2H?#~USIeJWb&*g6Gs&m`MmtjFpjhsA#Z+|;HOIiS38 ze`;%_6gzkewE%$-s$^Wbd90u6)|;}AS1(V~M1giaIiq$>30L(GFwTuzS1rl2#`gKs;ztt4*0Hc^x1OS+S(!%2rRGp z@6vMR9NiNV;CG7KIJnaH9Pw6YPoc-Y^{MX4nL3zR8sP|&KSq5RZyBR@DLIgeSbbUi z9>LG_rYECLwd<)s(#A>V2a=NZCg&Ep7*1+(GUav+Uj)}qE!&_C4ifz4ad*${`lZJN zWW5+uQJfO8Q|Q`N4j=_eSZBlc$^QC$>(BK=m;S#3$^CWk`)z(EMn*xh(m%iZm;S-{ MiUq9Z(w&F@15K5=c>n+a literal 0 HcmV?d00001 diff --git a/static/img/pinata-bytes.svg b/static/img/pinata-bytes.svg new file mode 100644 index 0000000..9b7ed49 --- /dev/null +++ b/static/img/pinata-bytes.svg @@ -0,0 +1,95 @@ + + libgcc.a/usr/lib/gcc/x86_64-linux-gnu/4.8/libgcc.a (3027014) + stdlib.a/home/hannes/.opam/4.02.3/lib/ocaml/stdlib.a (1400328) + libgmp-xen.a/home/hannes/.opam/4.02.3/lib/gmp-xen/libgmp-xen.a (1357772) + tls.a/home/hannes/.opam/4.02.3/lib/tls/tls.a (1012386) + sexplib.a/home/hannes/.opam/4.02.3/lib/sexplib/sexplib.a (665768) + libopenlibm.a/home/hannes/.opam/4.02.3/lib/libopenlibm.a (629620) + tyxml.a/home/hannes/.opam/4.02.3/lib/tyxml/tyxml.a (587802) + nocrypto.a/home/hannes/.opam/4.02.3/lib/nocrypto/nocrypto.a (431132) + x509.a/home/hannes/.opam/4.02.3/lib/x509/x509.a (403540) + libxenasmrun.a/home/hannes/.opam/4.02.3/lib/pkgconfig/../../lib/mirage-xen-ocaml/libxenasmrun.a (343920) + libasmrun.a/home/hannes/.opam/4.02.3/lib/ocaml/libasmrun.a (331260) + lwt.a/home/hannes/.opam/4.02.3/lib/lwt/lwt.a (328130) + tcp.a/home/hannes/.opam/4.02.3/lib/tcpip/tcp.a (315660) + libnocrypto_stubs.a/home/hannes/.opam/4.02.3/lib/nocrypto/libnocrypto_stubs.a (301090) + libnocrypto_xen_stubs.a/home/hannes/.opam/4.02.3/lib/nocrypto/libnocrypto_xen_stubs.a (288802) + libnocrypto_xen_stubs.a/home/hannes/.opam/4.02.3/lib/nocrypto/libnocrypto_xen_stubs.a (288802) + asn1-combinators.a/home/hannes/.opam/4.02.3/lib/asn1-combinators/asn1-combinators.a (279054) + cmdliner.a/home/hannes/.opam/4.02.3/lib/cmdliner/cmdliner.a (277042) + libminios.a/home/hannes/.opam/4.02.3/lib/minios-xen/libminios.a (271372) + astring.a/home/hannes/.opam/4.02.3/lib/astring/astring.a (243240) + re.a/home/hannes/.opam/4.02.3/lib/re/re.a (233148) + ipv6.a/home/hannes/.opam/4.02.3/lib/tcpip/ipv6.a (199486) + ipaddr.a/home/hannes/.opam/4.02.3/lib/ipaddr/ipaddr.a (198636) + tcpip.a/home/hannes/.opam/4.02.3/lib/tcpip/tcpip.a (193400) + camlstartupb4b590.o/tmp/camlstartupb4b590.o (193160) + dhcpv4.a/home/hannes/.opam/4.02.3/lib/tcpip/dhcpv4.a (134406) + mirage-net-xen.a/home/hannes/.opam/4.02.3/lib/mirage-net-xen/mirage-net-xen.a (131968) + xenstore.a/home/hannes/.opam/4.02.3/lib/xenstore/xenstore.a (119916) + ocplib_endian.a/home/hannes/.opam/4.02.3/lib/ocplib-endian/ocplib_endian.a (99350) + uutf.a/home/hannes/.opam/4.02.3/lib/uutf/uutf.a (91822) + ptime.a/home/hannes/.opam/4.02.3/lib/ptime/ptime.a (89482) + zarith.a/home/hannes/.opam/4.02.3/lib/zarith/zarith.a (87638) + fmt.a/home/hannes/.opam/4.02.3/lib/fmt/fmt.a (86522) + OS.a/home/hannes/.opam/4.02.3/lib/mirage-xen/OS.a (77252) + str.a/home/hannes/.opam/4.02.3/lib/ocaml/str.a (76790) + libzarith.a/home/hannes/.opam/4.02.3/lib/zarith/libzarith.a (74428) + cstruct.a/home/hannes/.opam/4.02.3/lib/cstruct/cstruct.a (68448) + xenstore_client_lwt.a/home/hannes/.opam/4.02.3/lib/xenstore/xenstore_client_lwt.a (62488) + libxenposix.a/home/hannes/.opam/4.02.3/lib/pkgconfig/../../lib/mirage-xen-posix/libxenposix.a (61286) + arpv4.a/home/hannes/.opam/4.02.3/lib/tcpip/arpv4.a (58494) + libzarith-xen.a/home/hannes/.opam/4.02.3/lib/zarith/libzarith-xen.a (53452) + mirage_console_xen.a/home/hannes/.opam/4.02.3/lib/mirage-console/mirage_console_xen.a (51346) + bigstring.a/home/hannes/.opam/4.02.3/lib/ocplib-endian/bigstring.a (50380) + main.omain.o (45272) + logs.a/home/hannes/.opam/4.02.3/lib/logs/logs.a (44770) + libxencamlbindings.a/home/hannes/.opam/4.02.3/lib/pkgconfig/../../lib/mirage-xen/libxencamlbindings.a (43158) + xen_gnt.a/home/hannes/.opam/4.02.3/lib/xen-gnt/xen_gnt.a (42476) + icmpv4.a/home/hannes/.opam/4.02.3/lib/tcpip/icmpv4.a (41882) + libx86_64.a/home/hannes/.opam/4.02.3/lib/minios-xen/libx86_64.a (41790) + shared_memory_ring.a/home/hannes/.opam/4.02.3/lib/shared-memory-ring/shared_memory_ring.a (41024) + page.opage.o (40744) + unikernel.ounikernel.o (38344) + re_str.a/home/hannes/.opam/4.02.3/lib/re/re_str.a (37994) + libxenotherlibs.a/home/hannes/.opam/4.02.3/lib/pkgconfig/../../lib/mirage-xen-ocaml/libxenotherlibs.a (37666) + tls-mirage.a/home/hannes/.opam/4.02.3/lib/tls/tls-mirage.a (34816) + tcpip-stack-direct.a/home/hannes/.opam/4.02.3/lib/tcpip/tcpip-stack-direct.a (33808) + mirage_console_proto.a/home/hannes/.opam/4.02.3/lib/mirage-console/mirage_console_proto.a (32550) + libbigarray.a/home/hannes/.opam/4.02.3/lib/ocaml/libbigarray.a (27760) + ipv4.a/home/hannes/.opam/4.02.3/lib/tcpip/ipv4.a (26902) + bigarray.a/home/hannes/.opam/4.02.3/lib/ocaml/bigarray.a (26228) + logger.ologger.o (24376) + xen_evtchn.a/home/hannes/.opam/4.02.3/lib/xen-evtchn/xen_evtchn.a (22362) + mirage-runtime.a/home/hannes/.opam/4.02.3/lib/mirage/mirage-runtime.a (22140) + lwt_shared_memory_ring.a/home/hannes/.opam/4.02.3/lib/shared-memory-ring/lwt_shared_memory_ring.a (21432) + re_emacs.a/home/hannes/.opam/4.02.3/lib/re/re_emacs.a (20354) + xenstore_ring.a/home/hannes/.opam/4.02.3/lib/shared-memory-ring/xenstore_ring.a (19818) + console_ring.a/home/hannes/.opam/4.02.3/lib/shared-memory-ring/console_ring.a (19722) + mirage-bootvar.a/home/hannes/.opam/4.02.3/lib/mirage-bootvar/mirage-bootvar.a (16280) + libtcpip_stubs.a/home/hannes/.opam/4.02.3/lib/tcpip/libtcpip_stubs.a (16256) + key_gen.okey_gen.o (15832) + functoria-runtime.a/home/hannes/.opam/4.02.3/lib/functoria/functoria-runtime.a (15444) + static1.ostatic1.o (14512) + libtcpip_xen_stubs.a/home/hannes/.opam/4.02.3/lib/tcpip/libtcpip_xen_stubs.a (14500) + mirage-entropy-xen.a/home/hannes/.opam/4.02.3/lib/mirage-entropy-xen/mirage-entropy-xen.a (13398) + io_page.a/home/hannes/.opam/4.02.3/lib/io-page/io_page.a (13208) + libcstruct_stubs.a/home/hannes/.opam/4.02.3/lib/cstruct/libcstruct_stubs.a (12016) + mProf.a/home/hannes/.opam/4.02.3/lib/mirage-profile/mProf.a (11084) + libio_page_unix_stubs.a/home/hannes/.opam/4.02.3/lib/io-page/libio_page_unix_stubs.a (10930) + udp.a/home/hannes/.opam/4.02.3/lib/tcpip/udp.a (9112) + libcamlstr.a/home/hannes/.opam/4.02.3/lib/ocaml/libcamlstr.a (8938) + test.otest.o (8760) + libio_page_xen_stubs.a/home/hannes/.opam/4.02.3/lib/io-page/libio_page_xen_stubs.a (8430) + libshared_memory_ring_stubs.a/home/hannes/.opam/4.02.3/lib/shared-memory-ring/libshared_memory_ring_stubs.a (8220) + nocrypto_xen.a/home/hannes/.opam/4.02.3/lib/nocrypto/nocrypto_xen.a (7938) + ethif.a/home/hannes/.opam/4.02.3/lib/tcpip/ethif.a (7776) + libmirage-entropy-xen_stubs.a/home/hannes/.opam/4.02.3/lib/mirage-entropy-xen/libmirage-entropy-xen_stubs.a (7704) + libmirage-entropy-xen_stubs.a/home/hannes/.opam/4.02.3/lib/mirage-entropy-xen/libmirage-entropy-xen_stubs.a (7704) + mirage-clock.a/home/hannes/.opam/4.02.3/lib/mirage-clock-xen/mirage-clock.a (6476) + tcpv4_plus.otcpv4_plus.o (4984) + std_exit.o/home/hannes/.opam/4.02.3/lib/ocaml/std_exit.o (2944) + io_page_unix.a/home/hannes/.opam/4.02.3/lib/io-page/io_page_unix.a (1934) + result.a/home/hannes/.opam/4.02.3/lib/result/result.a (1852) + mirage-console.a/home/hannes/.opam/4.02.3/lib/mirage-console/mirage-console.a (1778) + diff --git a/static/img/pinata-deps.svg b/static/img/pinata-deps.svg new file mode 100644 index 0000000..495faa9 --- /dev/null +++ b/static/img/pinata-deps.svg @@ -0,0 +1,1341 @@ + + + + + + +pinata + + +zarith + +zarith +1.4 + + +xenstore.client + +xenstore.client +1.3.0 + + +xenstore + +xenstore +1.3.0 + + +xenstore.client->xenstore + + + + +lwt + +lwt +2.5.2 + + +xenstore.client->lwt + + + + +cstruct.ppx + +cstruct.ppx +1.7.0 + + +xenstore->cstruct.ppx + + + + +cstruct + +cstruct +1.9.0 + + +xenstore->cstruct + + + + +xen-gnt + +xen-gnt +2.2.1 + + +unix + +unix + + +xen-gnt->unix + + + + +mirage-profile + +mirage-profile +0.6.1 + + +xen-gnt->mirage-profile + + + + +xen-gnt->lwt + + + + +io-page + +io-page +1.6.0 + + +xen-gnt->io-page + + + + +bigarray + +bigarray + + +xen-gnt->bigarray + + + + +xen-evtchn + +xen-evtchn +1.0.6 + + +xen-evtchn->unix + + + + +xen-evtchn->lwt + + + + +xen-evtchn->bigarray + + + + +x509 + +x509 +0.5.2 + + +sexplib + +sexplib +113.33.03 + + +x509->sexplib + + + + +nocrypto + +nocrypto +0.5.3 + + +x509->nocrypto + + + + +x509->cstruct + + + + +bytes + +bytes + + +x509->bytes + + + + +asn1-combinators + +asn1-combinators +0.1.2 + + +x509->asn1-combinators + + + + +uutf + +uutf +0.9.4 + + +tyxml + +tyxml +3.6.0 + + +tyxml->uutf + + + + +str + +str + + +tyxml->str + + + + +tls.mirage + +tls.mirage +0.7.1 + + +tls.mirage->x509 + + + + +tls + +tls +0.7.1 + + +tls.mirage->tls + + + + +mirage-types + +mirage-types +2.8.0 + + +tls.mirage->mirage-types + + + + +tls.mirage->lwt + + + + +ipaddr + +ipaddr +2.7.0 + + +tls.mirage->ipaddr + + + + +tls->x509 + + + + +tls->sexplib + + + + +result + +result +1.0 + + +tls->result + + + + +tls->nocrypto + + + + +tls->cstruct + + + + +tcpip.udp + +tcpip.udp +2.8.0 + + +tcpip + +tcpip +2.8.0 + + +tcpip.udp->tcpip + + + + +tcpip.udp->mirage-types + + + + +tcpip.udp->lwt + + + + +tcpip.udp->ipaddr + + + + +tcpip.udp->io-page + + + + +tcpip.udp->cstruct + + + + +tcpip.tcp + +tcpip.tcp +2.8.0 + + +tcpip.ipv6 + +tcpip.ipv6 +2.8.0 + + +tcpip.tcp->tcpip.ipv6 + + + + +tcpip.ipv4 + +tcpip.ipv4 +2.8.0 + + +tcpip.tcp->tcpip.ipv4 + + + + +tcpip.tcp->tcpip + + + + +tcpip.tcp->mirage-types + + + + +tcpip.tcp->mirage-profile + + + + +tcpip.tcp->lwt + + + + +tcpip.tcp->ipaddr + + + + +tcpip.tcp->io-page + + + + +tcpip.tcp->cstruct.ppx + + + + +tcpip.tcp->cstruct + + + + +tcpip.stack-direct + +tcpip.stack-direct +2.8.0 + + +tcpip.stack-direct->tcpip.udp + + + + +tcpip.stack-direct->tcpip.tcp + + + + +tcpip.icmpv4 + +tcpip.icmpv4 +2.8.0 + + +tcpip.stack-direct->tcpip.icmpv4 + + + + +tcpip.ethif + +tcpip.ethif +2.8.0 + + +tcpip.stack-direct->tcpip.ethif + + + + +tcpip.dhcpv4 + +tcpip.dhcpv4 +2.8.0 + + +tcpip.stack-direct->tcpip.dhcpv4 + + + + +tcpip.arpv4 + +tcpip.arpv4 +2.8.0 + + +tcpip.stack-direct->tcpip.arpv4 + + + + +tcpip.stack-direct->mirage-types + + + + +tcpip.stack-direct->lwt + + + + +tcpip.stack-direct->ipaddr + + + + +tcpip.stack-direct->io-page + + + + +tcpip.stack-direct->cstruct + + + + +tcpip.ipv6->tcpip + + + + +tcpip.ipv6->mirage-types + + + + +tcpip.ipv6->lwt + + + + +tcpip.ipv6->ipaddr + + + + +tcpip.ipv6->io-page + + + + +tcpip.ipv6->cstruct + + + + +tcpip.ipv4->tcpip + + + + +tcpip.ipv4->mirage-types + + + + +tcpip.ipv4->lwt + + + + +tcpip.ipv4->ipaddr + + + + +tcpip.ipv4->io-page + + + + +tcpip.ipv4->cstruct + + + + +tcpip.icmpv4->tcpip + + + + +tcpip.icmpv4->result + + + + +tcpip.icmpv4->mirage-types + + + + +tcpip.icmpv4->lwt + + + + +tcpip.icmpv4->ipaddr + + + + +tcpip.icmpv4->io-page + + + + +tcpip.icmpv4->cstruct + + + + +tcpip.ethif->tcpip + + + + +tcpip.ethif->mirage-types + + + + +tcpip.ethif->lwt + + + + +tcpip.ethif->ipaddr + + + + +tcpip.ethif->io-page + + + + +tcpip.ethif->cstruct + + + + +tcpip.dhcpv4->tcpip.udp + + + + +tcpip.dhcpv4->mirage-types + + + + +tcpip.dhcpv4->lwt + + + + +tcpip.dhcpv4->ipaddr + + + + +tcpip.dhcpv4->io-page + + + + +tcpip.dhcpv4->cstruct.ppx + + + + +tcpip.dhcpv4->cstruct + + + + +tcpip.dhcpv4->bytes + + + + +tcpip.arpv4->tcpip + + + + +tcpip.arpv4->mirage-types + + + + +tcpip.arpv4->lwt + + + + +tcpip.arpv4->ipaddr + + + + +tcpip.arpv4->io-page + + + + +tcpip.arpv4->cstruct.ppx + + + + +tcpip.arpv4->cstruct + + + + +tcpip->mirage-types + + + + +tcpip->mirage-profile + + + + +tcpip->ipaddr + + + + +tcpip->io-page + + + + +tcpip->cstruct.ppx + + + + +tcpip->cstruct + + + + +tcpip->bytes + + + + +shared-memory-ring.xenstore + +shared-memory-ring.xenstore +1.3.0 + + +shared-memory-ring + +shared-memory-ring +1.3.0 + + +shared-memory-ring.xenstore->shared-memory-ring + + + + +shared-memory-ring.lwt + +shared-memory-ring.lwt +1.3.0 + + +shared-memory-ring.lwt->shared-memory-ring + + + + +shared-memory-ring.lwt->mirage-profile + + + + +shared-memory-ring.lwt->lwt + + + + +shared-memory-ring.console + +shared-memory-ring.console +1.3.0 + + +shared-memory-ring.console->shared-memory-ring + + + + +shared-memory-ring.console->cstruct.ppx + + + + +shared-memory-ring.console->cstruct + + + + +shared-memory-ring->cstruct + + + + +sexplib->bigarray + + + + +re.str + +re.str +1.5.0 + + +re.emacs + +re.emacs +1.5.0 + + +re.str->re.emacs + + + + +re + +re +1.5.0 + + +re.str->re + + + + +re.emacs->re + + + + +re->bytes + + + + +ptime + +ptime +0.8.0 + + +ptime->result + + + + +ocplib-endian.bigstring + +ocplib-endian.bigstring +0.8 + + +ocplib-endian.bigstring->bytes + + + + +ocplib-endian.bigstring->bigarray + + + + +ocplib-endian + +ocplib-endian +0.8 + + +ocplib-endian->bytes + + + + +nocrypto.xen + +nocrypto.xen +0.5.3 + + +nocrypto.xen->nocrypto + + + + +mirage-entropy-xen + +mirage-entropy-xen +0.3.0 + + +nocrypto.xen->mirage-entropy-xen + + + + +nocrypto.xen->lwt + + + + +nocrypto->zarith + + + + +nocrypto->sexplib + + + + +nocrypto->cstruct + + + + +mirage.runtime + +mirage.runtime +2.9.0 + + +logs + +logs +0.5.0 + + +mirage.runtime->logs + + + + +mirage.runtime->ipaddr + + + + +functoria.runtime + +functoria.runtime +1.1.0 + + +mirage.runtime->functoria.runtime + + + + +astring + +astring +0.8.1 + + +mirage.runtime->astring + + + + +mirage-xen + +mirage-xen +2.6.0 + + +mirage-xen->xenstore.client + + + + +mirage-xen->xen-gnt + + + + +mirage-xen->xen-evtchn + + + + +mirage-xen->shared-memory-ring.xenstore + + + + +mirage-xen->shared-memory-ring.lwt + + + + +mirage-xen->shared-memory-ring.console + + + + +mirage-xen->shared-memory-ring + + + + +mirage-xen->mirage-types + + + + +mirage-xen->mirage-profile + + + + +mirage-clock-xen + +mirage-clock-xen +1.0.0 + + +mirage-xen->mirage-clock-xen + + + + +mirage-xen->lwt + + + + +mirage-xen->io-page + + + + +mirage-xen->cstruct + + + + +mirage-types.lwt + +mirage-types.lwt +2.8.0 + + +mirage-profile->ocplib-endian.bigstring + + + + +mirage-profile->lwt + + + + +mirage-profile->cstruct.ppx + + + + +mirage-profile->cstruct + + + + +mirage-net-xen + +mirage-net-xen +1.4.2 + + +mirage-net-xen->xen-gnt + + + + +mirage-net-xen->xen-evtchn + + + + +mirage-net-xen->mirage-xen + + + + +mirage-net-xen->mirage-profile + + + + +mirage-net-xen->lwt + + + + +mirage-net-xen->ipaddr + + + + +mirage-net-xen->cstruct + + + + +mirage-entropy-xen->mirage-xen + + + + +mirage-entropy-xen->lwt + + + + +mirage-entropy-xen->cstruct + + + + +mirage-console.xen + +mirage-console.xen +2.1.3 + + +mirage-console.xen->xen-gnt + + + + +mirage-console.xen->xen-evtchn + + + + +mirage-console.xen->mirage-xen + + + + +mirage-console.xen->mirage-types + + + + +mirage-console.proto + +mirage-console.proto +2.1.3 + + +mirage-console.xen->mirage-console.proto + + + + +mirage-console.xen->lwt + + + + +mirage-console.xen->io-page + + + + +mirage-console.proto->xenstore + + + + +mirage-console + +mirage-console +2.1.3 + + +mirage-console.proto->mirage-console + + + + +mirage-console->mirage-types.lwt + + + + +mirage-console->mirage-types + + + + +mirage-console->lwt + + + + +mirage-bootvar + +mirage-bootvar +0.3.1 + + +mirage-bootvar->re.str + + + + +mirage-bootvar->re + + + + +mirage-bootvar->mirage-xen + + + + +mirage-bootvar->lwt + + + + +lwt->bytes + + + + +logs->result + + + + +ipaddr->sexplib + + + + +ipaddr->bytes + + + + +io-page.unix + +io-page.unix +1.6.0 + + +io-page.unix->bigarray + + + + +io-page->cstruct + + + + +io-page->bytes + + + + +fmt + +fmt +0.7.1 + + +functoria.runtime->fmt + + + + +cmdliner + +cmdliner +0.9.8 + + +functoria.runtime->cmdliner + + + + +cstruct.ppx->cstruct + + + + +cstruct->sexplib + + + + +cstruct->ocplib-endian.bigstring + + + + +cstruct->ocplib-endian + + + + +cstruct->bytes + + + + +cstruct->bigarray + + + + +bigarray->unix + + + + +astring->bytes + + + + +asn1-combinators->zarith + + + + +asn1-combinators->cstruct + + + + + diff --git a/static/img/pinata_access_20180403.png b/static/img/pinata_access_20180403.png new file mode 100644 index 0000000000000000000000000000000000000000..bbae86bbd681ca38c33cb9b983afdf5ed9e6f5bb GIT binary patch literal 6370 zcmcgwXIK+kx6TZSCPXkuFJb^iO6VXUDnn5ZN)rgZ#DgHcNLPd*ijAUN1q1|Qp$I4l zQj|7|Sg0bRbOJ~bq>EyK+zEc?eC6Knp8MP%H_s$9d+k-;cdfPeo+lU0O%HN$ig02u z7%rpV3@tDi5XN8tCY}S8fSW1r(1DJ*vDJPSi-k%U3Reo0>g(&bZQG`+tDBvjJv21b(9rO1dhtr*l?_gV6)1T^ zz;AXz7!3C__7_N&=N83a1Wk+#^{m2g%w#&GlobhJLc}7*dQ>7-+cjA{VmL!}uV*r! z5~K$UJ&OX1c)pM^fNQQ(shfTuQ3Jr8cf10gTo|xK`jEPk`2z z)X`zv4BL~uiANWrIV~6Ub}Gx*_p-}t;nw0pjM`Lp;G7zR8d`&Q`JsT*?YR? z4z}-;GlZ^7pHtg?HA*C<*7@GdtoLdZ6b<~h6>&82bn*3gAy^rD0Hc^&ASy-6 zs2s0lW%9sO zdaC@CltUny=CKy0+c&n=#t^oS8G?*3^y8IU3vE_@BPCj%u zTsClza8UfcUWS1A>YNrHe@cB6_aYJgo}KiKOm=L{Gbl+3iXaXj$MOa3`tGCjQw);AnpoIw-e0e#*j#F=$zs7`1b+D& zJKR6>A+a@gaKAP-8!@YmrdqnN4C}66N)6h}ofcK!x9{Q{wrH_*>VA}@i)s1ciyUI( z8!qscs7sAC>fWd1jG(>~bKvPYI-f+*hg5bD%nN;Fm(q~p{a4h^?klIwK z24T-;*m8EeoUci*aaKQr$7?Pq(#$F&6@-9cX=|LA(z&guOhvGyj0JeherU(bbM37l0#4XQU8MU?RD{|V_8SXE#FFtNa$m!K` zb-$M9fPC@01HV55o<1rZ>D#3SzH2z%Q{}P*G6wZXW(u5x2E5Uv>??mqU~7b zTG8Oa-y4DBGLrWu`~Z`~?<-HvNj(^W)yOo`gV6UuEBwIbZSbj}$5XxSVSz`be1@Ta#X|NPEA{%caYUwX}6>2R>XQ+6g(ZZRmVw?U~Av zIvrsMDZE&AFnatez%%c)c9JN>3374(XHap(4fqB}6Fmqaljgm|--A)9TY=&Y>r;B` zGLkYL4e)~Sl3GHk;^YR==z$8%upZRW`jiNE6Ds>Ayrw-uC;UTw!h%1>XfEU7H`$6C~ysqabIKRS4!LP`m2H1EI z^oxOyK#0QRg+#hK@bN;F&>Jk@+jZoBcZ`kKrvR6WHv-#mf9R8xIq_9E@Bjc*LWs;C zQRohVN3KYdD@XnX!h51nq~#=GT`l$@ct80fe0ikPG%ZDnM#6`0`UiObjOw4G+#!|N z3THsb!9N(sO=oX3MELIzR+`&6B$=FlhtA`KfItqfhAG?i{-RBQ86AHAFE`^-I9WKj z>n^e{29~tm^-anQ$|x-~!-bZ7E+aEF#@M#B|rfhb#GJ2m{l@Wj-~i3_@H1 zF<$eFe6I&N{hsRFDu*-umU<&aw1r>D;ln9#J%zcVY`n7nf4DG2 zn-m!1p5TVPiOKc71q%MEBtQdSm9W>VqOz8k4(lp0o5pdDxQwOx*{o&(?AxD3@c5`a z;2ktzKkybj!J|5_4xHJ2YucuZTFkpyN-RdedahzoU3N2?V`J0hjN4nFV9T zIoPhxXm9knd>lXQ01Ro)C=sjDR{Ah&rSO-9nCkC9eGMLM3!qGLH)P@?n)x*M2d zTnJTBQ6*Be1x02xecRJ77MEr>{# z!U%tlbF8JL^n!x~(5sF#-x=D(Yraz-Nv4F6D2&W#M`ZPkJUF{_8#G-`vW3bO8Tt?r zC8^Ah&rc%L0?S~p6zh1nzK3f`9xNES4x{EX#C(IBqV5{aA!KG9Ot(iia@y7u^8uDI z@E`>nzZpDPX2EHDmXJ>}KLg`ew&EvS56Lj}5lb@D2w1)P2wiFGa0)vQ-!fj9$Dpb-G#On?Nb zSbyp`!M28=wL_uhgY7IO_aYa-5Be@#cX_`v%DO+Tu25!_xo(h`3y{CnZ%wnfNcRLNv#9x5%9;IUrl(B=#`OLTSncw5oI>sZ* ztSP(gDABt!Bc7>31-EPFd`0Ljm!9=yvy+DGS4MD4Krum4D zlr5BO1s!(|&49gJpjdb*S%M5I_MrKAVS$XCf#uK)B*9+$?ziE!+_cEFg<9B4nsyXR zajb}iV|OxkOEA(X?7RkG0Ul-92iRb{wIaCjK0KD9EH65y8zwwH7A5x4*WW`VSo9S5fX#6C4q@wxeQRY$u;$nq+ikfhQD!G*O z;x@nb3i!6xPORAR?_e)=Ds9RHTGm5GuECGJcN-uo9H1mk28~r|Ij*$V2i=DSn+LJM zi$#R|mPaj)P;uBXDm2%icyp+dD%$!bhRAUWID@x)DdN)_11ap^SBWdXT9t6C5R6OYso z^NZjwQ%^;95%Q05di2(DuP>y}?$Y2seI&u4WX+Sib~H{0#r=UeDb_0xkejyn>53HN zy9^_pkZ+AcyQtuZ_)gk_5%QE^>q8LwmZzQQc$Un(iZ$*4-9vh!)g1a_d0++B$~8Ukk%(?C)lA}U7!bz=B=2N6yvTwThqp7F)}(0*ddTnne53J${&nz| zyzQrBihK=>4Q3x1H_Ff+kV?8qB_&|uetG$u-9Zqx#t4ZXVZZ%IlEK{d-a{D~=|NcI zOLd&PGJ(uZ*X_kLo&yOGK6 z_LoK1pING9I<_5wD&KX)N*I^ZBxov}9%IeM+g-7yOo>|lSD{z=VtI^Pu@8sMDwJ^Q zE(Q)6QzpoWH{h#LM4TkJ$tzhwfi_R@D-`zoBT8PDO`a1ig$275Y%JFj{H{lY2(BT% z33B~wE`lZV)19(o?@QA^=2jCYvg}-kaKUn$562lnW5?wC!)S`%jG=OQMmpANyn3AQ zfoNMq^dPE$Q(HB8OBkZ=WjI4*NWk2ji0(MoxBS5q$6oh;Ivv3qgWhU@iu5QpaBhvB4c=8Yk)X{{Lx0xpKt) zL0zB9JJ;bEUKhxQI0xuDJ81}1OhcUe$;UhB~l-S4yPVy+@ z@RRT2*kCK2vBm)Scv+GS^Pb>en_SP@cmr2ZBT~9Fh!r~>BC4tQRsLk}N7oSzPan7V zccua>NmX-C&cRE)%hpqMw(_Fdysr~ZEssq&OsWm>UX64gulJl9vafKQs2rFg`^sI!?5?*7s>VGZaA06~(H~+QD^V=;hc&(w| zu<-|}n)s@I_CufhuLn+0QF9A$n+`W87$W)TX)eX1Eca`w=@L9|Zn07+Nrnv3KP5WW z_ouf<5lhdO2la=yZv68S!HOwgrRbn(jGI#kRs1pQ*=_FT;FE@JZM!r?Nk73mCL!jXUDyW_~Rys9aywp#XiC*x~ae2Sz*qS$otC- z93d*sx^h%G(|TO0!}H+tqrB~fEPG$ycJIiF&@4u4sI5|Qr{G)BvD5iX=A!Ad%9mk# z>UbMx&Q($wb@;pOkukBBQ-|*+2-Ie~d~6faeG)FmYvr65_QNaUhmLYhjpf3l$e4v# z!OCreYhS)Z7<|nR{+#o3T-!GzEORz~f%lWR{;uZE>@NF=YMpt*h=~!=rP#)>TUD!4 z^VTuX%jZ{jX1>cJO?Q5K{z;^-eOKhQ*}kbA`C%1d)qD0Xq(9~v+~R0G_y|ovVq;it zRqcEQF<60S9=UioBrHf{**mfQ%hw6pXLTrze?<6@HB~b;bd=YC0Db z7PnrUGYqUAo)M@Dlut}m`Lp}};X(1(kDW>wNhYy7<<(O-Z-i*ezHfZP<$vKb7@8Ad z^Lse;ma3A)r}~ZD0l0?4uEmer(sR}P<22lIqum(Zx<9u7$k*#(tzM__;)BjU-|NTx z(}Di8--h8M<+oew$yfNVOz2IlAKIH0KsF!o}w=@_ECQQOXG3_{^tRFrCYza6(pJN+ zX`>h1WaF~fn5wF(%*;$VIl0l%(dz1IH#avUBctBg#e{|g!8Vl^2st;w;#?pA@YV0U zV2Mh6QUD-y?S!fE8DiSpuyabTt|WLtgU^5Vdi;UCPy4n!J5K-{!n_HYg!K_pxhaPx z$LO&d69ZYu)xR$=JLvhDxz>(_nVCLb10xfomPV2k*A<<~w>`nE_w>^z2R7Ip)?J@^ zeIBJtC|K<_b($vjZw=YU!h=R7y=Ovhdwkud3Qe5nOnhbgWU0@`^+0CoAH}jGGh8um zCSn=Jy+5T=w1d~r6^EL-g4TNXGoAA!HImn_DPMP;p3H!yke?92Fy1$NEJm1&6sBwO^4>x8Q@W!9c{h->I<_27l{o$y&WG7 zRWq0DRbnn=Bn5x-XYFuriUNflA1&dQ4x!%~FfAce<>g#Og zgMsbE2^nqd@Eknd=j7{`Fus6Tz5N9$wI z{rfW>2fE4K{wP$P-*B0Do_p!F>_m&2+i?1Pcij?Lr}ytd+j37`^($w{(B>2h?KnYw ztGO6|qnKBN{EIJl1IhLAYtDmVSH?GBjdBRwepV>r$^6BQ6VULu*UOo0jXZ`)_W^{N zn1qA-mT@?@+!y~fpW!6dOkV^Q;V`sq-Z1(bui_FE}4`301y~_rHfq0L0!k_pkfey*XtX z;PR}s+IFPBkkG~M*{#|jfPdQWx|iM-S89q5qP2z5_TA2!@SC4d{@XQZ^xT!iV3v*` zOHy(>xG*NJ^h129Y3RbPPDh_G@7|QYP9`<_@;^r9(GDPEd}ZxK`BOKtt8e;m7cV%p zbpkd^>nFmxert;23(u+!Ahubm!`k$OQTBG|ub}18IYwjag80q822K?E!`5|F+*KPl zZAY0gIhgzRsX+Rao0t>^_vJwdTD?${ZUnEd&wy%bap)JJe?$rVdVT3%%(yLR<%3m@ z1WzzuhH!ntmmBSs10!u8Y9gQ1&rux~z<5~0KQ&iYN_1}iaMOj?!yf_@Yp=>mJwYDC z)*js66wYt)Cb`FZ9u8w*$C_?{@k~$c{iis%(Z>uqKg;bl62MSm5Jz%Z2vFlr7%~5~qFBA1i_o=A+PN0+=Xh`^_Lsd5|XK zzco?7X<-QD8U#=8_Zky2999w_$Ma*a(lXbZt7r5$z74E(7#4Nq>>8a&P**br#fndX z!AGT0nK`E<#O3MH16nwtP+zBgyfNspqhT|rFt|xc5&5EnH^Kgcsp@JOCSUi}9{w(j zAHL%JI(Lw|5$4iNzru$kTI+F$+eZP1mkSL)0IZ9%5qHOM?yqfIUC4GY@5|aK;{Z*g zd%#4ff=*A^+Yeq{oDnFdd)0E15$<_fEEhH{^7yi{(LDqF*1=$z2;u?0cot%4o_LbN zi$ZgRb;JYMSqCx_bs8D@?7ty@^CTfrSnfFi%!~RW6gnG?X`b$u$30?NMFXelO3Lv1 zZB8!%%&Ix4=+a+Pf!&{`$1aG{tRe{fSaE7)V_Z%vXm6Z z(#LINvZ$)aD~Z=AnVOgJM-cEs^R2LmN+(poFm=P{0OGk08h_Q3uiz>_T)$L$Lxjh+ z?`z=-R=cUk6bFAgp8z`4*GOkN<{+!7TT36c}0aN zW(cM3MoyxpC~PE(5cIsLt5Kf5iB|DXIXmEpB#PBmR=)f-2@KnI1P{+mu- z7X`+$xy@IP{_;^v5!$@}%ivt?EtZv%-yt|nkwFve+6hIqD9hW6Bs$by$d;!&3+8*n z;50eLi^o{{4S{wq9XL&Z@%Sv3UV-NGQijvG7%{zj=z8e5D?D(TKI68gJl#jA-BS-v zQ)7g@!_a*M+xN@CX&8pbJ9&DGfXaRiI8Bt{vbcvni?%W2gq^1l6x>nFU6eidO~EOJ zw8%qneLV*5#Uy{hruvPG)$t_~unfa03>h4Lk|XLg{gB-r#+_97a0sUR(&da$7KU*! z)K7wycc=wbqs=E%HD*md~}e`i@v98$}S@E!=)Q#?L~ zEeo;VTXyvJCQ>mCcMksY!i#vrpX_!+cJez)={D>OzuK0-n1PD{j=@V7-arVGzt6eo z;25!_y&H&6!F7RjYl_xJAxa;)RuzA?CpRv3k?YM}iq_h~BVGP)-hRc49NyX1B781( zoDnMGSCXA%ZrhT5WapGO1@zAoe8fvL!0X zIc@`+T6J5xsKVZ!)eH98J{J?MCB&`CPl52#g{SunkQHt)P0MLg_1CqlP&rOhg|e9Y z4K)h^p^*e{A9GOa$0-$Ds#^G2k2(`VLC|YH3nD@;yn#BscwXmY=);q_4j8gi8 z!A+CE<_`BIQ3i+4O-{|oMNBXVUG#6&?+GX69x!_iZrLe3OC`z=3~!khF&hmK_kmc} zMx6Kr@j%@6wkiDW_{D9kAlo<2QAj!CI-sw@5>g zzPRRVbSxu}=$^(kbc?B}f3zJDB{XtdK_Nso!2oYgL}a8xZe-dKi_!)AXe^ufCGY`7 zYeb|ejjJe)>qXU(n`YGAjJ6ONq@pqLxhpr!LxI+y5&g~LmaStd78aH1xOMa*}HZOY(WLYZDQ${ zYMsY(P-^#?A!W*ND-4a-KNcVhjUd;KgQMJ35_(LZVIL0yMuO*OiSl%NNp^w z>aa10sGXIRL*q{o%_iQv!_J!jywg*wB(Y@4@$Hd+wYig$-@(h>oDuJo?=vME9kSsu zH;noYNsBkXH?4gmRxKRH=h(ylo4_tP$}@tak!A?rp}NNE-xW!_dXLhlB$&9nVDUon z=F#f-lTevf`rV^ADA|eZF0lJ~`XG)`9Cc|D9(4E>FMmx<6g!`}t3iFT9Z_O1cLOa? zQ!jLR4Fp#ky{Q{r_D(6f^)&nBUYdNNP2m#Q&Uqs}QuKVZW1cN|wzySRwSk*@%=hYs z)*ckq$Tw&X2zQVzsUU#0K78j~v~UcOyZZT(Sxj#el|HCmvay*wP#rZU^i0Bq&$~5! zcY^Jr9{Ljc8VK(bLAog77)Ln-lDKV&2F6Wh(2A4jz`csWby7$tIrPMaxFoGi)7hAyor5!5Kf8tw2nf{L!7SsS3Gck@Ez2v zq$*p*0r&e(AcAtElBBlXuTLM1|MmzrQ0|5JWSMH&Uj&2eKl_98)yi|;0zMxapo>2lXZxKd>QZz2omL^nk~b@p-=E8=f|%a^1-Y-!qqp2j=VBrN=^$j?(`i z{#WmzXb$mR57bLX%j4jOq5$p!MfhI&vmHf~kSxqSnFjTV$0>`J77#_Leh9y8f5{lU zySKW(dc*?cu7?Y|O{H$7o=+aU?N+J;^DjM27xD2vvK4TBc954^Q)9s< z{{XuaJJ~62y_~Qp44sW)&K-wa;XtILFia4C8fgJST_H@=?Ek6YMGVmdf4V&cDzNY^ zFZ9^5gXH-ad6ezGy>$Obfc$?zLW-fbcq2yxR$_#hm(o-AQSJgMc{(<)==CF+(a)Ug z3;)Z(-I-=Kp>4epJ=RJ+LbGt@W>HUo!)O@ald`4mhh|KNDN;7WY{2px*&6;m0!5%7 z6e7pT-Qi9ELc8WScf+cNt-%Tm{X+#eK}>_crYuo?&McGv7+CqKoqZ)Ga{?xBm=Vbt zvNWBo{rfyd)X#NlD1BGeF0U(+Z{v_GCZbA{24BOvGy&!L)VrAzL2Y)y3Lwz`t6yhu3<_KGw!643-nzzLt0}8euAq zWlPNXlDbf#km^z?!#2rSwapG9DP-rgIHl3d&#rU{bT0hIbLoe?b7i?D+nkj*88*-D zJeEl_{tDeir!1YG3y`)nwvXsdWNL4w8nw^Qdb{YCituP9`%ct`r4HtX2W~fAW(unX zLw1Yo@~@=4T=Jb+BC?VgvS0R8N9%lxx69$u$=?R)gHhqpT-cRGa=9mCT%e~lZg|vx z;;$zRl-p>Cfrg%t1M6ddm~(8)6a*pT;pKB>s)5ecU$-8$Kws{_T0y%(aZmFTqPmB6 zZRyAR{rwG@tKHwL-ZqK^Iu{dIm#&HWll*-|^Zop$Q}lR;4U}Z7o>uGih?2^tjQVR( zD_c|pqY7g7^>izu6t;Wltn$#McdQ+v((_c4_j%9lE z*BCc3W!P>RO|9+iY@v{| zqw4$A8wc`}$zk3NL%k~hgw!Z4=FwWR8%he_`5*AVF1lo(+jZD?ck!%{C8#zdV9+Ts z&T5?!2{m@BOM;9E!4j5QxJspO*)3*GVQ#*h^~HfxF-PaL6evG_bY_e3CH0X8-pl#+$(3?k>iX?feugF$c4@ zy*^F2#tOs@l9X$fbh1<`9Lr(}!rx~GUNwK-fAi`oZE4b(;#CKoJ*cY-`gr@hRBNxd p_S=7Djmnfv!DRSr{s+eQ3HC@aZ{|>%mivzCgqe+L{xSUR{{V)E%+mk> literal 0 HcmV?d00001 diff --git a/static/img/tcp-frame-client.png b/static/img/tcp-frame-client.png new file mode 100644 index 0000000000000000000000000000000000000000..8abe1a2a667c500a811c61226c6126698ac3cfb3 GIT binary patch literal 84602 zcmY)V1ymeuv;>NF2oM4Z79>EB;7)LN_ux8MaCdhN?hxGF-6goYYjAh>*Z(=^u6J+4 ztZAL@`FeNlUA1e1f69n{hR22n0N}H@n2k?TjtkrXt0yTc1ibzC zm)TYj3$FQSB_d)6p282DM+2UCF?#-6>1fSw1OOkr!LzXeYYKkO;AaBjLi~!(OUG$O zs$V2Ay^Uglk8LW#a!o8~=qOb`VbCk}-s32Tv}NgGw&?WxW|HfPDt5w3$i0I>>x~eL zCvD3kTaUci9S%5-@%Jvg;?c5XNaD8J9Z6#6Y^kXk&~%~$eE0~E;c_9)*jL^_+5aqw zxlPGrv2NP~k4Q)J+Qv{968#mERz6~nlJ)szakn^0xcpHhp%~A9iNrpbM4;>n%Hmxf z5kyR;n^LRQ0{l^P_7($lK1`KfUj37fkd}Q`7I|LxM|h(XUtU9RQ2;?H}7xdu)1nTpSwEIr=L&syCCps+HfF9jdLBIVcpu;TfJxFfo9e z_3&`yd04r=B&~sijWbzMT^;Aw&Y4hpVd;VMBH-V^l`!5=&HRLO^P;8Mm62VV%VeS;6%bH!@DjAF|{@GPUh{qljPnd2}> zleVG0{B&!NZoZ4CxLD&zM>@pJL)1)xG~8~*=^oCsvm+!sCdSj_snz4IUA!YOtHDnY z+rYx*?$wV@O&bO3@7R)U($gmH6Ji*iK~7OtyU89c(7EYi={To+_e<{s(zhS;vpbu! zX81gwo1Z6;b&-v?Bl7iKg!76+;Q6AupByU|8`WfF%5#tV*MGVA@T@=1ebZyuSGz=b zjUx%gY=65qIVx`pS2R_58AH5v#Ij;s*KcQJVGtk+vf<5PJzKjNa!tR?t}ZU_O>TCf z=0_G1m$L~=JK1!xyTj*sRB@nJLXYqGaS8?S7>(qqw}Rt{b`uIRFM6IOciYq4;aK7-3rZm=KhwTiMlRO1)YwIVDp zJYnI0hZ@7%$NtLf>O)OqRYw`bqmGZVB=Wb4n7jG{Ko=h*^y^mY= zwY6fzsKzWt7PgM-xdecBU~}@*v&&=JH6C}c9X2C&0kzK%0uw_5e>NUhZB0Gx{p*YU z`NL%hJhfZ)P|f0T*O_o)Ib?k3HPE3k>Y1EQMM>!(dp)V!5Q!d3QB_g#cI!hz{KWO| z0pkyDE!mrTOt)~QEquf80TDGd7W(Q=?2pvHjSd}#6MK7l$#`VDisQ}`F!!&@;ywcV zlWoi4zd4^N((E0e#)D?&X5Rtrp2O^p9LT^q>D4MRnW()lXJ*Fa=(5w~2$CM&_#cLc z?L{43^{C+;<@uSF;ASWNH?7j$g%*#aqJMS|FaZz_Cr9mnyEUsSxfcRDXUGfRpzKUd z3+ZfAO4f@MJasn~qYxA+E$-?^%~&lAeta!NHZd`ITW#mzbdP*G>8FG<`((m^$mEnl znwR)OE?Q$?;6+7CaWFahZ+QMVs*;Kg<^o~Qp_DAWu8?Lxv3=rp+u}m~ zH}W?W<47tCGYO5y!P1S2Rp5Ba$&h4Xd@SUo=Hc=tWjc-Q0)JVL0`Ly7GYZmb+HH47 z_cAPfpMvIJeEquBzq5wp0)axH-bum1LV%5J>T>H|zB@CL&ItJ>dwsQOK-FEoey!OE z>{);3H)`|yfY@kv_B!!BKO`h1&%oe*H$EXjy~*>Jr6-TfDvY{TW^|S5Oe+{D#UVq1 zN>pG}^aQsMs%d48H^`F$d`fCf?O8s&JIeYqjv1dz5?$G4zpk%lQYGKBAC;t+N2I2v zX8Za^B+MmNEE+%NklCbN+q>O8iwYeI{ODThYuy*M z8?n@5ksLQR?093?*n6(~7qeUHf$0JANq&7Ivp5@yXwj;Fe1eLGWQS+{Bm-|19EN{y z57wO&Yevxgxp{dW^-twXl?Re@^8t2yIv;TtI=mLbQ)Zc&HxKk@S`z!+8#2F$&Qog_ zmz0f4dVPKRBV&}?Ha3B5sk%+pk!c+<9Ck1kI|`d3CMmgPWT`d5%k9eb+e08{QZKzH zw16ujItBTPEkdNApDTj#coMfi-NW_fdUexocR@F!u0$~|-Wm}z1|NNgV@Vwr($d2f zJpWVWXs%AuL=rQV=!`da${3SYySIol;lCSOA~K2q1(>ThJa+HV(M?SS6eUL`Se;(Q z#5`o&dZ3=Q8Mr;y?3uHe{Y_Pi?Pq@ns8Y}Mk83~P9IUPvo(0KfxHKd!nmaDk;V>4+ zlAx-qqF~u??tgrHA9QggHc09xQ z@0;XsyFcfOHdum5*=W2>;THg@$`oF4g~v@-MpOb-JSOUm=N?S z;?^e#RyvqnU*@8~yuG9@i9s_mIJ|t~1eZ1&ucCZtYPPox?rZO0KXH^0uQYpy*E?a% z1n`Z-vK7$h*lZI5Cg}q^wkXgWwi?#xh>1t-dgy6u_MXA{)@g4Q;Vsl{DeI#F|3+J!Ucw(G#KjHt z+qcG_U$+WkrWiD+B%e)bHJhOTKEh}&%&~@V^v`QKUwuZSV-qV%a|`pbvI-0TBx-vT zMg7&kbjRUGhK&uL=7eSm`th>gT`+FR2syDRMS-qrs8g0#yuW{tJbL0xScdZ--N^Jx zp+kR-bhBfFhVtp&7#I+1VAHHk;YZuvDe+f@2M&yp1Cf|DTHFuP-0uA7v^GBz4$>(U zNTp_GmzHLiayd-h=f))h-q&HDKDcqJslg{n)z?&wQQdoWSX3vU-YhqOs5OZbD;@ZK z4V~rNn%6y>!zQ$vTGkj}kz#Rrxy;oyDP3yB9(}Igm|6N+`rHKdTk}$()r@w(8`yA`R9wMpNqXBWeeO?k+v;izqCh1@#q0wshV{Fn=>n??t)w$vCKTHpk;ZOgPTgehUcCTF z3;mpDTyrwEGOz0ki(TK$V8wcSFJ^p(_7B&%a1hZ_Q&;}T)x!h?lvzbotlJ)&mkuy6 z+_KE=w;9nUrrdLxl(s>Jh82S*Z-d8U)w!54!KWZp$VGVPpU-;`X-+K6iFY!}SbvvC z+|FCE1D7rQ>f0Ey;$Bac`EWmd~|NSl3dDRqEX9n{+gChp_MQ8mVV+?6^7 z8D)&xTF*mIsbh?@I(-H#UL4AdUcLCZ1Q-ZhF9n1^ciyUTJcG4w>~>>|Y@eM$IUJgj zZeoCm1EQlQM0m0A*8^s~BLflfZ`EEr&W7YFCQ5J*nB$+j18~)br~qKU@eRy9#fOK1 zfv_lL#F?j1G<3+N*t!=xW{y+CiFTTXsh|Ja3vc{CPs=&Oi;`?N9zKu9ZXPk08;`@3 zKW!T4^#1j+6?-d*A_%+jvr66w$?HW$g{AH>QEV>HY`P=zYDx}oa>u0y3Sh*dE<{dg z8Qhmb>iW-++f!>W1t9qxIR*R~9fn(9)$Vs2?N9o$n`+Yf!p7*xxt=N*xuhi=u^AsP z!_VKnJaJ1)n6&(r(K+a{J5lcWmUv(XF0(?%h}K(WT4{Z)ly zm}q<>ChMnZxviB$DRXy~&+QIS!$LG^8+WEnrQ1d|fD=+opw@D}G`EgTqCZ~3O)a2D z5}SY*K(*!Y9^S!7Oh`xg{KRMq?Pkc?xnrxl5>Si#&WFF!>@A{GjShT5`3O!vxO+hT z@7(84ZOCxoY%Nu;lL=iWI!GFzp-jxeU{kX2#lQk(;@kgjrhxN(=DjvF^6%YVKme9Yte*d3iRdn_P{+E0BWMTeywkSv8=ZWR5jP{dKv!_J32S)Go zE4QSVapMZ!kt0tFhu2nGse4@MiF}SuUF<1(ltIQU96S7W3Mq%S5p_0@VsqE6%2}Kb&g(|SXe08<2?<M#UwmRw1Cnft- z)B1gyj`|>pT#gPEbYg*FD_T?h(At944~R?=jUG;qwG_|6i4~fRET2B{q{wMG8b`EA<#tN;D(NP3e_drEnE zL~U&?c#ppHM`rTwZ12)S>TN3zDt$-=+Y(9(i;Fkan9t2ClO6{C=6BbhE%fR$z+g88 z*F8*+XLPW2b@f#iMCY~=e!nQn&fYv$E2kV93YN{dz;t~WVwN;(X@7y0PTGCkk;L$v z{i&(BCnUVS+IYH4f?0J-`3;os;rYcpfcXBJ%u=PJl#(*}ng zu~9rcxpjL&Nm;xy#I^>1dSsRkVlZDPse<+fVo74nCIn<{j;eB4Nci-3d>5noyv?rgZWZnQ4s}21vxqS zi2I#qYV3QUbI|5Er6DOGAfQ#->2zU9TsBf5iyDNgm!L=*<5vO$1HzTXWQDDaPMtSnzMFq%XhNM zxT&e?u{6%Cj28RJM4h_P5h)a?jowg2M#gFIqK7CY`ubi1iV~Ze77^E10q+*4oZGWy zheP{+wM7aH3~R^BTU0Sn#l@7pBqShrxm3y6^EEKwy{FPrS0^=vQBsV12sn>@IDPSX z{|ZVlrA0+B0CKR8BqM@oeqC+FdVvyz50EN4u1L@)}*MUuE5XR%2&p7eAn*qwBEkt&XQk zuwhF*KDGk!vrMbz)%>4$w7L*Mfh-;`iuL2dMeNX!ga(UMZSB|K*rwdvT9fU zW2)3osR2^LS=GS{x*R3#a5c*@e0l1tRc`DvLk6Fyt3MIrsH_aiXE=3pzuUY>vMO+ zMkcxrag&sg0RKIlPI{ZoLc1>wBxyBU?O&gJ!88Nwcd=`+J7qvMnNg@%+}heo9U!l$ z*lKd6{F?J>b;A8b8s>y*te?~F;p;oDP&Cuk)itWo&=9QxrZ9Y+l}KI;$J3Rf47v4v zHzezbt|Dx!{flc&cb5GXR63`%X@k>rNp3ETq)*u7Y88%YJC0{-ewUZ<7@!kzE@-ZgX?LJ7%vm ze=wDn4i7-s<#xV*YoXW`9PN`$?b54C{f5iMje)>aeKuynlhTmJW2X#(jCx#j^+#?k zby3kmnpH6BEN4^(UE=``Fmn$_Yd-FLww`6bVbJr`)D-b@MUk>!BgdPG^n-Z-D2nFv1?F zu0ssRvgC^-+qi6qYgggCWBD_Ob-#;r7_a^RgMQRx>blH+6@ybQMOpOgj__p?A_5e? znqTHK$v7SDtt!LVAPS@n=3xth$ijM^geaire*D}^wcG6W4oL6gBG^!=7MFN3H<)!a z*hqw1GBZMY{t&HE(M?yO({E0M7-aV%;;g&jBpO8Dk@FgLYi{W?zu~DXde69$Ul!E9 z4mU-|D)f}{l*nqWL3RGY*;+$!BSY(jTjcUfZ_1X3QAKD?!j|{yk{~q8Q8hZq2{v#mBV#|~I zYUr99pZ;Sb^*fG2&YW=!HZfOcddUCFTBdeOAsuznJB&$Tt*NE!z1Tml1^#QFa62d5 zf5mM|hZ@?|V#I z)vzn4?&dmq`EywK?YqEkgQ_O;XvFV?LQqqb<9oL3)U-88s;KY2*F&U5RTn}$j`6KG zns;DJii;oaDMCj#u8$Y(DvOemlap&}nE>yR0U3Sg6QZZRX4^N z^47-YxrESDO;?zP*jQFgca9xMpF*_QB+7BbzOivQ7=jIIux<$HnduN>c4S(Iz(1I8EnJ`^vwpe6^kcB?U;g+48 z4_3GpROrm)3s3BSst&uh+Wv&H=oZ@{N&q+3D@F@s1`k^|ePc`$S9rZZshEh1(QxW` ztYMRa{!Re*56asb1u@YN=qVrWl7nE>2jE9kR*sI3t0*g5o?fZqPjr~Gv@|v@OiY|R zMYhxUua#D?ljQMANl8849L;Z&fvgwzeuY-pn$O*MuzKW^Jb5~QH*8~L zwZCFv737ngt+wn<=KRT%OneBmT4evVKIr|$($453BVwSx|M6Pe)9cIA2PC{!yS)f8 zuL`ZU!`)rdq-N_z3Oe~G>>F8W>9sZ^r`YBZyA&cR$S#fgnoas`LToJOf!F=O5c820 z7cY;+{!$8ES6knj%j;nu$GrFxEhLqGfQV}=By@18kX41n>T0!4@VLneBG|onm1R=F z5SW}yZJQ#T^%L4KN4|(3la{2z-GIZmv&*FhZF{??1T%5?Mf0ZzFZ-LMu7$1|cj%~` za@3@JbRFw#6<#43k+cA^P#8chzf7+-0xBe6t_I~108lbOXJ(!~UHz0RCU3D?x;T4a z#F%)3lQff`SNb`9MFu z(?)l#3&WbXeXXkm&-_+mr;oYpw_P#jy|Ne!sYz1?b*ldyALF0tUHY0|?*-G}q4y!7 zqoaex$~yoKR+YD?xcHU!bIAKOf}4#kOxRd%%M~`}|9TyQg56vFk?U=4^Ai)^5y2uN zBK7t4wzjq}k2lk^v*D4EZ|4`18EbF9bA3AH85kLlj*i{|mzS5|b~6tO-yl3v@W~0( zYHl^2%yv3k1H*&1WAl_mDuj=Eis)MT&>ud@&^@V*#hv z{k6gLEq6=9({B`yBb+3o(^kpxa+^wQrU@Z61*Hf+f|;4=A*h!#gZYOmj2JydfUO44tY9ken0P zwDI`Ctc*4+b5o5-%Mx6f@=w@a`hOwpP3uIDw(Q^3O!AOEBPGA}=v5yu!KMx6%3;-t zfbW@dN%oX}qr0lNfBx=-tk;>82A)a?N|w}gmYA>!|TxVR=RK|fg zk|M*w`KIF23*_b~8yd!ld3AY^jBx0CjPer^x^CPJ#Z!UzPuPz(5=37rmGUrr-nHId zVQFcLl}4NB=x8-jp^8KZEZQ7 zUblIkE&bEV&);)PXZ@U!{^PdQ+(!2&+%&t@ z7AFn|iGhx*nwqnfrs*Lyx(ZrO$K#%2N%IjRvyy03`?R=Pwmph+>_heEV3NE5`p8pR z>r|Q|`3beNa^^Lh3Nk#~s@B+h+lS*KIl1VXJ}?=y*w_{y#Ne11<$uz2p`vjvzo}B_ zN5to7HoXbCIhqrb4F2K3=|-z4sxoYT-r02)Koo=|?Gjzz>(p^J_Zf{LDKSVQ$KqnO zq9{w(fS!w&&Z@BJW6CHZ2Y$0@QIHt3-jBufAk+`nj4Q_m7o-I&50cUbFGz?%RCJP4 zirK24@Fyx7{w7=n50hSRqr#D$87j>)F?{_5%3_3adPF*E50S0DU23#;)g2xPh)tT; zIU>n~%Yxc&zTJff3J|>Bl@CCz-1R7RWJ}7?9=+jN7U%GitNpTD|H;>aZ;s*Dt6#19i6v;bEI*;1fdlnj@L=9hOdL5e46J-G0bH6O4BS-y zoht|MGqX$~66-c>yea|6 zaKtn>={xZ|sMLAo<(3=1y{~fOA2dtfpBCJ^G_AB??rbx?P6U+j*U%_yd*SVywjb^e z=ZxhK)Ak)_Fz9V;M5UR{pYb+&O~YD2@h`wU7gaDA$~cV;50{lxygfg}HZA^3EUKt~ zJY8@D0L#cO1YNXJy%X-Rq%`T6D>#bx}>LOn7iqk%KDn+bsf$;*x{FW9=bZJ{&060 zS!N6OGfK`XXwqWKKdP{YDk~+{=!{|gz*SC;zx;+_@!OnF5W;*UcSXqzI?!ntH*a9I zZ5!h7`H`w5GB&@EzK}V*ZXKZ}V%l@%=YD+b@s zR$J)X@uKA>Ke}<93W;#9)NMN|Ue}ckTZ#(PX;wDo=Zk=}Y@(?A_sGTg+ooWqwJ*b7_&IIc-$V z004mOiULiIFq%A?pX|u2zT3F}`MH%$yn;;1-Vw`abi>+Ms@^9(Fd_f3541RLViFR`y?J%r`}KDb%O~9U6<%!FSjJSF4maHa1=# z&C_vnzlgfPyw>nZOFZ13;Dq*K)9VSTt0#wsA|xAKY=Ut{_qu4M-5wSZ0m56e?M_HZ zNl9?9xS^q8XdY9LL|!$UKN9}hcoL(N?fJru2&c1L$lcw*aNFzHJ5NtfJEImjird5y z*X2UmvaIrU^M@%1AZNOI@%R@RA{>_MWL^iDUJ)>gW39Y=H@~FC52f zPp0So;!94>S%e)nCYFoS=KV)7X(usRy4%~=Uin{K?T+7Q)nLQ5DLO|lmyWi(Y3H`# znR4uF$gueR9TBqbB z!os-BUtCX~H)@L{k&|vHs0}gk1p&MryrQ>kQw($_iT)y@ZTH4-SyE0mHyNzf z#)nCJdwVY~Er3kwTDF@lWdW$gtU9*uRT4 zj|S#Qr7QWgjOJDs>o=dP?ZK|l7m}Jamf}#cs$6jiX^4$9gkIT``{ebxMql^m&!24n zoc5oa5ai^XPDCR=!gFxi?Ut6PRD|Ji@9vHseIb)UMC3WzWVl+YqskGDY;(Oi48vl~ z&d$c5Rb5$FASb%^BSC{Vm`@1TaKGyi^Dr>v_`yn-IH>RblwiS7$?J=(D%E$cD`;!m zF=@;MRyiIowBxbz#l^+Yw7p%d^Zn0V-EG(DKBnNdjO|NlF0PBz_6!ka&@I zxSb_k37N5Dp{5NQ+QEGy#R0s_-J;OIpaJa!Lx<}9;(ec))IEsmYO4dgb>Gtx3IlK` zQD||4`nJMKb-5Dm^3JaYy=4!M%WOifBqeZwKLVSZCJ}Talg{2ueh@bogMd?W)E7>V z0RCWh-N_Htbi8oJuTBZw)e24xBQ@*x8-IOt&I+#XB3HJ*mF81+g%_Kdc-mxGz4p&G zX)+s>8PIY@XsXt%j0nX?3lkQ-7lJ2X@Xmw=fE5vMWVlpK^fXK6ok$aOdcBo97=Vka z`LUYIJ!17yBsaBNck++J;tZyrYna#rvfIm5!~u7MTTsvYBKXPuFQQJPu zo`u_?hUV1D^Sm}5n?|Jfga!n{xiIqyIKRL6We=HMtTEcz@zN^Xcw2$Cx4FE(*lKY+ zd1NjLuqaK5>(XcV{K=Cx1$2pB-rZG{l)MMP;)?b)vAG!}J%NXZrW=wbP_cuENF8+s zM{~WHyQTXzayq3PR@k1*-_7$+N^w}rm&2X= z;_c^|qUq-sq;jn`7KY0)5WZY$v^KJSlDBKHny)s|k=(>59c23Yy2JV<#a>zPb?^ug z(v$7s`28h76@N_QXu3OU&YZ36%6mPMgrnyBj###L%_zIKrPy0}wUygmVP5hV?%v zRYzOF%Q$%YK-+B@zmooR3(^QrysT5#w~DT@>b zmHTzu8;kwU6mzov`*a>S-w8J6%c1Swa*ar>wGD15Q2Y{>NdDMp-&yny0BCWolc+KL zWJaUqj)h8oqZ3`XQ@5w7qBeJWQhh11(osbAu0<0l|E0YBW9q|ArNry?Kg-*!i&d5P z;umK*HN@HWEii1*{O;RU!3>+;Kv%0ap6kmqQU=eL8LriCkBuef5`Q#8f@^sbrt8Ojw$>vg2&5%+t5iWoR#{zLTvD>t3yJIO z zg#Ji4D{7Fl!E)iSg%^yn#eY6v6Yvu(BP(5y7%@YV6k&8>K}q8CrIN7Aj!e}iEua&Y zwB~HbO+lC_LkudDF;hSGGk2gXj@cZs2a z%NcJkQoFV|s_};m4ut4c2DS@T%VvA(R_xeKLuMmBTXH4bB4@l9Z9~(qomGXi={a{9 zjSYR>o^QcVW?aX&8SM=R*N0^3L84_iUJ?+9+CVVw$ARscf*A1-IKWsT?guXbFe$l> zq}S`cIe2NqJiNkIdkaEoasYre4$u%Gk;lR^V;9U3_V`KekUuqHy%)sx0)kaJC zPDF$TG%YRA%l?cKd}65dOhTt2%QG+G)g~Sk{;c*63!!i%Uqs|JO&%3xYP>O&0M6H3 zjA<|JLHrB3*8BG)btv%asU3xwsj{z+YG=u_RH31grz_!`vZ+7TOhymmyAV)XN8mkX zg6_zpqcBrlf--{|;Jhe4!T!45p9HOn{?Mgn4{#mo_6LknAbP?^^ ztoXuQW%Tri@9PHhIQTIiefD%VOc-5R_!DF(=nsLK7^~6Jf=D%gPWSqI)4CjASV#^s z)9bU`%*nE%&~xi1P1rUI!LyEZ+7HCpzY`24_+T`;YMq1Nww35MV=L5a?^xJ=!D1ZD+Ct)-oDeIYq~yhv8p zE{WLx`OP>KR%eEcO%pM3dZ4&SH*P}p2EMqNaJ13GYP7YM-eOCs|MM@pvtVnDqp!|v zwu4jjqKKk25RS+5j*LX=DqeSD*P_JLtoIF=-ypVDvlRWzGGw!}an=nHkK#mi-)ji9 z_|=sHiRq*XB~kQ|p{Jl$6EJ9Lb*+Wh!?Hd>aik}q~J0)QfxORLp@#gg^~5w*C1efJ4Qh(^S}1g?a3-hjGh2@ z3iUS3-rT><&1!Qsgz*PRlkLv_WR8TyCf83z1r1L9fr*ikJ3ndI<-nB9p8r6L!j6Z_ z-MYie>(|Ck!(M5F3#49at#aA{pYG8Tr`5~l@;T^B3`kHgb7-?Wv*=X`cQES!`#CpS zHewDAz21;`R!hw!b~{UP6;ssKQNDlR83E+Z2mL?~g}Lw~%+O}hIRZ4awi-IQb<;fC|zz5f&ADJn7rs+_ty z$9MX*xuIg_ydR6#F^|+P=mw;rN=s48ou$N36sQ8Egi}K0Xz!30H8DcF^=!V{8xr}g z4m@B*Hc7!M8MIdZPHAh1c@LgsOsqhW2<=d>KhhoqxsH-q7|k`;!U>^iO?#sw5X^ zKIngYO792>d%^b5H`>Ja@Fl$8FQ?k-Mu|Fbv&1MqO?;(sM|p(z!2F8acJACw8T7?g zKR`m6CtP9pojEiB{q9?*2ppUM-;^Zb0aJdvCNE)P3?!PqWS@*2~H> z^0mq}GOXWssm15KxWqU2uQO9q^8EZ+gFW*@L+}7HK0X}@i7)~3!~&f@1^LueT<-RE z00L%8`f&ih(|AhY2cA#XHConGn+YC4t@F#dv{YK7vbWCtyhn9x2A9qop&yX&S882| zMIb`KvYFMbhi-D;0Risr*c%c_9q1eo>d9GCb65Sowc0QU5FH$i2&3y!_R~jC7ROCZAcSo^_ z8U2Pepuz|6ef=b&<*D`7-Zr(~y1dz9wU=#Mm9Ea%$lODbjT>XKgKhpI*HN!({>!!o}(P<0hwJ?bdLdnPI}jbY(%h z9owU(R4=l&6)&>RZ|&onw0?uozu`j7oP8c0n}dg*a+yB$~4swU}2?rv*8N9ZnF zvRi$1Gcmj02GR25_n&Id<2*?8G;3swcOFDq}GOUc+{!fS`iWL-buJiyZ59} zJ^=D5k|}MWLYTX|U6^Sb9w9^-mK+V9;}t9|DC5;tRAh-MV)#B2^70Kd>#Gz5xNFu- zc((Y~QpO6#k{MG(+g}+MX#$O!eE(48G?EUbbZUUuzj_Qwu%<5+?kggs6L4!W_Xepn(0s^ESIH2?3l zw=+@A33oZcX{G=^+YiC*@bK_PgK zM9aWnYh%MtN09?+BE3)Oz)v~3$<59lZ3$c3OVIbVy1EL{)CBELbERtCUM)_b7P3FP z%WO91>L1 zVX2Tj-cGzbTX(XxRmVH@G`~%%T+Z?&Eg(DQ!ZLcZ zP$g(KZ^`CBsWTL3(jSSxT5BSyI0LybY*WOx7>;POy|fi+dmS7fH>y#alAlsnUjhh( zh1U=4T|N0d!ML8*?pSQLI~yy*5e{kBq)h}n9w?+7WxsoOO(}+d6ni0K&Az`z$0Vbt6a%`D>p0a#%(vZ!12b)46n11bDKx3;K_~_A|vw@dq(0hFn%v5 z8X-9OxR|!k_$#w4T#xY4e9(Y33N7I6P4J~piim}>pR0wlqobK+YGOj{?ZS_ih9)4r zv{IEC)=xYOS#h@ZYrMgwt3X?JLE-nKDN%gdM7P@w7N&r|*(b?1Ux3aX>vxI6yOl16 zZqKLKZyIRj?rYVR>lb729{vp)vhi7Cuo_T!r59goWcelh`ig{&;>^7RwK7TOrKO7{ zP3MT7Xz}uwwupILGs);Rc>@dG*ql<)$3Wp=&v)#%Q>iy?S!wB?l#~)MRL#uXc81W` z=0^7`o-hW|7&VgczjEoE^DXBCbEfnyx zND(!d7_@4+Q;=g>G3+%pal7AJ$6U+=N1Cgr-r#vT8*gpXwA>w^dXIx4I=r)o*;-)5 z;p|Z%iPVs^N19>JW969Tv@&xIYBS7V=FTD)NK7F@K7u)u&HFf@`H5BD%%9y`Ku(|j z<0n|9KaB{lyhm*Z+f3{P|L%QZLP3VbVK(=S%UN%=+DyZ6nIAfQ{QGwaqhX^~qxIUT z#p`MdtI^0GqQ25Zi9E}-rbvPBcLxTlKmUyDRe{b*CMITW1AW`3m3J?XXy};J#>BjcOLV&PGV=ua#=*YM&FX>aw$|o9khL%+f;80&Dt9cTm3?g9dWa?wlSI6SF?) z%`D0Nbc@3Hh>E(=A-w7n>cCQ+Qc_+?}VN+IndfDHVzWnalKYit5x4YW;{ zP`}?m{VmV|Gfrn3eKvBGW#jg;yTzxOZItst8PH`U`zaVGzL&1qW5Qmy560Hnd_ zIMwk;^Vrd7I^JnoraZM(_I|@HxQ;je;cZ%iG^J{H_fIuG3Efo2DAU9lg@$a*5w(&6 zADP`BDbk>BXh2Nz9Xq>kww@7fTLd3NlzbJsp&2HGz1w0p@?L?3i}Ayowr`(-of@x7 z;X7}j$4RIajX$56XF_z;cTCIfak5YNmUBB8n@O354;dpdgn%!gw18-pb7$+lU7ATk znqj@%z5w#}pDN?KuKMlW*D54T6XQaU$LGbB74YXTme2PWpr%X#Hr=VH1if}ZiRL;> z3+UV%&v3grj?n($Me&7H3Jw85;pfl&xiXx`l86XIE6bOi;lz{WhNFW6bWF@IaL~~b z{0D1W8S_|Jv0&UgkcnqzV-<`lqtjE&o@G#u&DRf@06t7PQrd zMIQ47m+5l_8&Rj`Q-o%8wt4rgLI;%e$3RyXb{G($D9cg@QBCWbsIxWI)pN6nk5Td3 z-P&09Mm3PJUDu}V76TCe4kuRpj%YvFXJaSdzn;pYs?bJC;dZl>lA0-1L&(my4CXk> zlP^kfJSCBoykk06{uwoHSOb$T5g$_MwF>rdl(SV|Avb zhgbn5t=XB)G~|fm=X}6YwH@q9E&hav;1Y+mukp$ zvzyNitBiAtK03(F6g@FP(y1zn7Q^RMWsH6j~yQ?!mKvJ{Mcx0&0IfjkvEF5_NF_!f$slsZ=8q- z1tOw~mL?j|;&Zstgix-<&HAhFd0@co^i=W`?39_!wU(%i%cgN0t+k!oY~_z?|0A6$ zy)z#mA&j2Lahvbzf=Zf@TYMI?BW4 zy^MLQ^|a4TwJUbfVj?+Hi%XZpd<62jA0G^Eis7qe5S24(F2{IjDJ!0Z_>dWrsHO9N z&fLW3=3Uh=w3r&#ESl3}1U0}WQp7r*-pGoJ<8k(lxs8Urc#6)IsZJFn-d7;l9o7pd zOHjO;{g&H9fuKvNQiJvgF8!P48_-TNkf!wtiY}hg?y(&yWZE2#W-oa2%VasM&4}7> zly85fQqarjRzAE@oSy!R}*2NUoO@-tS~AGcEdERt$)N0>N6x+t+y+IK8u6|&)4Usm>AUmjL1wY;32*Q zgz=ZJ-Tf|Cd&0uPqx9}+gd|3B8=I;!e!?Hb-9AV^6_cQ?`vDj|(1-5^MJw}?o0 zcXxM#ba#W&-QDpmZ|`&7^PK0LZ+zn$FM~fA`;R>~*IvK1<~6T5=i+1C8cAhMpAx|y zdDjL9of)A?1)Jg7YKXBxO@kKKzOk{nxn+cKJ4Lfl$jNdNUsiSpaxE=&~6Uk;9$!?2S`=wR)AQ9aa@1u4o+i2GBq?Lj_Acl-fZ=HwiW&s=+Y`Npx+2H zbpA-~?#E(E%#k8+tZsN^bqQo0Kd~Y{Y`O&p`|p`d$cph+4;Nw;^+)E7!$Lni_FeC- z!7o=cH*Pf;@6-bjR`#j8J~3sBb14$r4i(7vRKYYrmswAb8v1KsIjCZAIB73)?AciP zN^z1ig31VB{Y*06$@17xYOnWA#xTM(G%x{oQ2)l@JfT1%zr(>-U*8dt06x%}G#Q3% zCh^8l$t2S36gnIcuimw_dDPqKu&DU^KTm1V8{a;g>~F%w!`<200bu7VaWcXNA+OWL zV8Z1iHZBArM*hKE=XlBU-n#`kkT^9h%!-c1s!#ia4)>~z{GBgq_Kv?b7{>3w!bWuJ zl+}UeVsM!S=j^1-BL4#$tB~|_Z@@hN!Yq(RsKg#Omvn?c>QrXlmVJ=ZgQRx(PA z*lv8whl3|fj66bL*;EC2Iy@cY zXX^wC3JT{NgLp@`UUku}r9Q1bAzGwlWB|!eOiZY&t9OMEg%p>)eOd~Px_~LUL34q; z22Z`KYhxvbT;}waZd7<&TrXV~PGb6Q zzJS9O&T9M9VSgnolIt9`$5X5!U)x7){>SOVpBmzF3Oz!O6$`u$#az6yf*t~fo&J*~ zBnAe9@py#pRzGWT+})pXnxDbL!zc1N&7JRJ@$o5&yjy%>H`U;{uopCM?=jRj`d+EG zZ%Dt4i;fQqh`uNzdUeYIQw#YbOwMSV;B@oT`;w@|&?p}(O2Lvl@!IC|b0X*Uo-ter zJx)9`BoS?>*EK_SI({_9JI1&?&cZZCG^Al71{0iY9H4$mQHXmT1fSBgvx|#UQ;8WE zD2{9U5$Yek`^ z*s|>c)5DdOm6*9AO=ko5wV7`WekR|p8$2eCZ!d`k;#fCLE@}vWHB>2wCM4k1J3J=w zI#3oXliV%(`uc+H!F;YVuk*K>P}80+`e*XAx`7sgM+qFK7Q!Pt3ZKwEX-9FuD{2}V zd(JJBk*XT(ZnPI)!^6`<;~taFHIrVo0?GSKy&ayeF6qyonBI$sc6J&VR=eRL!`ZR1 z^EMmwjaI8GZQlI=v2eII_Ecy(ao7Et=YUOah`rbuOno8>fBS4^ z7rw$cEKcWWAxAx1U`398Vx_!&x5aUgStN3_zHim=IG9CaF#OG z5godn6SXJvqLYU1D^Cp|oi-((eJv}kp&<(eI5H;fDIkb(`Sq7Ax#3>JL4N}TJfL@s_NLU!w4Y`pl1}&BNPJ>X)lmXW#JV-N zdi6|S1-B^-&g3Q14PxU%9EK^X}aE*-WtAU#_Pe`(@jST`kJnC(Uf4J$pTuFy^0mzrVLX^}`K!}2JMI?ZQk4E4& zIBMl=duI2p+vw4~d1Y%0yfis#)zw0?wTMSc>#S$=)t|cIMMlMI+gn=7h)!MRI4R2d zl$Sp3fBCZCl8S>3GaTba5Y3rH?#lCJl79KDDFpZ$maOY+d79GF(wdvo(#pbGwJo{v zp~9%i7#QfN=$OFRiHeGhjO^|+u5Km4<4>$2ULct*odwWvP}hbFpK*y45*8jE9u^IF zBfyG&kd%_dEw5Uy_o~j!B~?-?GD*N}bwLZfe6!?Fa{TSk)##9GOhmR>$w-L9t5=(O z77;e0Roj(eu!rHg(V>I&cww%A(dyMyVNCnR5oLp5PKy*~#L$K%S5>9|v^TSRw9(4- z^1km;)ox9-Q7tiS5)Nk-#JcZmPaj_Ly^CZM$R z^+k}7*yR>~PMc@B_V<2N7_W7`2BN23(6}btBPDR#d{)NZ&{CR?Lq)CG7)*lafp~n- z_?A;vhDt2_*zN8zH#U1DFFN?>ea<5`(+6?H~R zk%C&X&Vti>26RG6oqPRUm(Es(>rI;2&Ygcd^nITpHc7udBsy_q`E9r-ZbA5CQh^>T z{xO2^m(8W&?N`d*CKxfbc0HCC&oQM!w6&4p7cde#?z;~(_4v!v6S&q0@%I^`sACn+NcNY8$MCf}J#$Ds)@RCg`@ zI}8Bk`@baygds*nMV(^R1AoSff!FWM09!-nyK$_1hS2E}R?%7ByX=c=va}CI0Y78N zDFxKln!ib8Ew9}Lyk)X|-*dQSF=9cYyeGJH*ksQBGa=3E$L9(lAHCfeRD=8g$1V7~ z|MRD2jJT1;lwqx{g*Et!#e&nzs~n3{4}e8dAzy$AR`9VsV~-&4CLuO9-o=qYQbOiB z0qJYKkB)4{6R&|TX-k1Ehuls&5w7&B7XN*V@bK}z16JGEP9BRCfSjhN7oQ~Da-uDy z|By{-QC3mC8@#U(DjRngUhTGOED0g%-aq^06{Yf{T|~m)A9w=>lGkq%rcyZN&#!Wr z5No8Bo2`S2gJs??(SUv!bhnX_F;q}8D6B*`ob%9jXtYr``)Wf)zPvK4NhMkh6XLRm zOq?K{VY`_B7BJM@YaS5$#9(nZw~3TSlX{tWGZ@jz^h%j`mORzX}QKcq}*X^-eM%usCahKdc^d9B?wFi z{^0)bah$VIYre_^3otVPD?RgJj$!g%;xv!=XyMM9Ea+kN%{xd(mJ9+(7!W9C}qF?!C~K4;I^+`&yy0$;@uV;LLs z#5&zHebN5=XSXL52-3s7gBtaw>)PWwPo=**GpNWZD0nkH%khNnv!GB_Rh_Rkm2kaL z*S0~B&#pUB=0P}%)?#neu40MS!9nbrGUJt&8uUS~faAj(D6osDe+nU=WQ1Zj`mkcb z&-LgH2iF9Uaf543iAD{W&#+%_ujR3-sA!S3fnXN9)$z^Y9GPbi*^|K`vW?hiXS56; zETkI-fuFFmBN+u*%H{g!RF`r86oFxKC_);OW~SzI{!8);l8DX~r0y2>&q7k1X0yo; zJM2NCCT^?EV$w}^r^Zv84v;Ubo^SGuwt-hM#N{qGGxO}SY8g150d0AFuGL`g6_azj zdlpHjgQaEA2=h3E(c5lR|(E}Rs6$HHfNX*lyG!l2oMsh-Gf^I$)r@s=G5 zPv-0Xn7Vuf+GA|%HPf3T7CIn_VXYu}7o2Pu?*0#FdsSssRkis=oek#>XVJyMFW$3r z-jCE6HFY*Xf@{D3bD_?L>TGwuCeAP!OfO6qo9jO2$Vf=|<4u>iTv2bJ7#?Q4yQ{~s z{nh+yy2CcMYJbb^_8vS;9p*n75;(vZK0W2%UFaTKc;Iy~N?YBPB}eTCs(e~nAU3=> zSeQ*8NaC%w9~;kjPmO>z;PSXk7LWZBhuL-uFd>DhsimLK{X24GkG+@JLSJ7OWfm3= zI7}}rw-3N@)Pyd4jgn5SxyxUM>6V1Sy)f5{3>kKo{{1sJD1awy=5TB%H$lY8^+=&@ zPF@GziDq2AsE{5u0dZwFNRY?j;G6rwm`F=ypdGrY(0(RXe5Mk0Xkj5CX#O_DJs&s(g#V?Yvt z-23-48Sfk*uQfHBK{^DHsWdR6+iVWq<@KAvL4Qrt2?5asAjzZCLLCPOhc@baat824 z4l#XuG|mhTw%62r5PZabIN)e>U)?BO-nhE?+uW_r$SFW#)!sGOJB%K$EQGCCs9s^3 zw`sN8{`}^L&R>UST-d456sl=m35hA)IS(k!-z8ZM5%B@W#fyu#964@^Cu)H#0WD=339~_OQ#%$p7|*U&!W8(AT(J z5=O=-0XaT!U3>9;U&hTWH&eW!E6Pv0e~OV%Y}Oej-MrFsA6iT^v7kP zk5?ha%Yz~|n*;GJBT1KbelfQXPan{!WPw*YkYIJa?h1utD{+<;9{THa_&SXDB2vA* zMw9V1(fd4oNq!+ACX3l>FVPGWLqlbi;Iqrckj2_&-kNLE1^b%;6+1h25P5J-q`qn} z+IAfjBp(xJlPkaTfoXWL=R5zyHqc3VzXd^zPHR1=VGeDR6Y|IBMC^TYCcXZLA|k&9 zcl<7^%gvTMw$ng|O+sWe-_Y$aocy#ux@2l%Lb+CZ!OMsF%9=<1u>C`}--+@pw6o-` zeChS4@pR{H;9m#U`EDK=FhZ{|7?hH6CrN%wAx{HCbgUs>~E$_gegoxO^FM zMfa`6uf_RN&YSc07?fRmv%qG@ci2RXv<%4y%V=vvGZpiK48{xZ7w4!-!?Zwi^H&NL zQX_hBH5W_=)(}FIu0`GxBF3-aOYS**m!N5Dv`fch>HT{_fGDiL4Cmm_N;+~g0z>G( zzT0mUyaiQgVyy;GQwjchJ5)3}x?M$yFIb6xXIw2k|Gf&fed(1eq3g~L3tHJ+kf`6v+$U^K-k!@(Py4 z=FeryjTMa>$vL^XY?h&U#pYBj-XGLHCPiP6GF__K^bS&tY@bPDd3}rdLXjgP4V|10 ztY(0y*d41%0K0>m#;;ok3qjYOH7q)&l2`64@(X_0GId4o$dP*W{QdG&HitBN^qvQa zGEnzO%DTPDkQ0dt(PvJKM(Z^Ymd2VVZi6!odPA;nNq>K=QRZZG6cDBK9-Gb3SCh(( zB~D#UE#jDm;dU2mfy5NEpgB$8c6YPJLK6fb30hBJ8X6}q_zUWojqQp|E?bynzyw5# z>0!$&D$>v}9uP;}u%|hM_J%U02#^cPnwpx1Mn&LpjZDnh+YYoF(#wK?JZpT;?e<#` zEcF4fkWrD5(o#Op5fi16iCFDj-@GXnLn{@o%Jus(W5i(#?ftgSg*$c*b}U{OW2O%O?GygqG*9QxleXNZsY&{1>oNIS<|Zz$YI(pCX;zs(Zy z_+E*Y<2zJwa)p=d6>06gdJ@)StZObl5b0x`jypa2{;T!#Aqy+Z;^$N?FjzhE;lpsdFSb58ArfpvS9`n5zCAX% zqFwE8s((m(zuuGrXEx4WZ*`-YT++sJ54;Pi_Te45aCbDY6; z(3=4tk^NBBUVl_6QW7JNmzQUR$U%^wmPSLtprE31O-aVjNd^21#J4)`B%*m~q;G}8(z$(fI>+%%H(ex(Zi+}$r+tg5}@y_wbD-~&RXj1P1Lv;yvq zF)1-mAtRHMbTo|de4Qe4azNRu?PT^uvgHA`0Nn7N+y|z(o!mSxtxC1pf^2TJ|r1K?@kh=hA#il2Od-wFsQy z+V1Lb*b3XOG5l~~Ate)<8kt}tV386LIhPjYiIWkZ~Mx3R*;KEo+WNBb5XjCna30X9%c|7AT{_MuuhOK0K|BE??+IfY_r9` zTCYyJFJqH(Pv+{%KI8KC!~4CcAf3vnELNe`VJ ziWfL6b!BBwsM?1E;x@>vtt&jP9mkS==hVua-FCy|@vNRGsi=Sq)8^{zdazbDM)}#A z3`&|q2!+#FTPi2kKwFtkQsJXB{0=1@j5{C@CM`;b?YSVT{L0GM{&gsbgrtA1dU0VQ zelR}dN5Gl^64E*3%Ro)ZEglLQXS{8T$04J$(WXdW#ptK*v@|6|!ft`rf{h-R_CJ2K zqB$gM;W)!Xw`qSoHUH(p=Zp;!l?ETtlVs@VdrFG(a0GSw5&~^0Bd+&U@aKM1Rk07J zP)Wt}5l}7l_JjsKi#-YnOqU3aq-4_KBjW0@4QzK*QK81e~GP_gq}LG9dY zF?|Xkrj0w}V+Id3nJ+jKSgaHf%jlPD_glO!<@X+3kWzga#%j*!A`F=6Vd=Rkpy^UtV68Gj3R8 zp^>4J_|%#U{|hn5e(rl7_6-G>Z%yq2>mf`|9zJ~RTc>VTv(!eC6Zl{+H0FvkGIBC9 zID7QqJW!0>nZGHS&wFO2C2MZd>5w4864UGnGxT+blhNc(h;lo5&&3ayF(WTIe@CJkd_t1K+sZ*~O(_N%*VFOWay z?@t>h1{wxjfuCrb9I@r){%@uaO2$53qaRZM(2?1zD(q(n1+r{8F$Y0^YsmMbBX{wO zQptzWhaZn2(?X?vX1t|r^pA4ii=9D|4fwQ_*`Edb`Yh?c!vuFiS7SuG(x;%ZYnXa1 zA%GOpzYhPhF|{>?xqbn++jDjnkV8U+=7)=`n$gYm#CNOdWx;d}p?K9Ow$E`Aj|0d` zBz@saPD8_UpOfNobLF1t9h9Dq7A6Lcr)s=?-|P&!&Gof48jQXrl8xVW@{$!2YHD^@ z6804r1A9a$$p(gsihtoA*h{#%br+tHgk>5|h++m%l%#44{48fk+?*b8W+-|G1R-&V z%Ysh;33|4E>I0G?0py**moYON+zdGs^Z*s>xj7M6Rs9^<+6*U)o%D~IN4-;(( zz<_3pjEDgWpKv$?@SYgMg=uBGSND;H{?hud`^bO z#scPztZ{F%<&3<&udQSW{Yi+rb)nQG-ntH{k!rzoWZyVJj_Y&({Qoae;@#h1U zfebP-SR_JSKJC!JfnfttUg0g1chK>;IW_)enbquK`9TZ%&CDExnL3=&ow`8DA`n~` zlI`L6hzZf=oCD_fvikgRsypef0+P=gpos%vSu(Pd(}(^{M3Tq?c}(HogGwW#qJ&;R zFNT+lX~iQEFwZ){LWr3-H_r=VR%Th5Nv2G<;M5wJk&uv#m_F7!a7H>tki7AvdZ^Zf z1|XLpWzmF8T!p*NYBjM$qv?v14e9V49uT@d@hDg))U2mr2rznwaMc|iO()67gmKj2^)FGl~$XN#JUl#-!r)Dr{E#t)VU`1 z#3HGqH}0`%Nq#FX@(fF1G78)^pv0*BnY9g8QixvKat)48(m0cYkQeJk!c}c!xw?|1 zLG`Irj5sR<0zz)Ozsiy~JE|&ZWThAC>Tpk6_?JX`_T0crKg(3a;1c~!n&<5lJPXmr-TJP*F3TcklgAj@u?a=U~@ORLF^frdX$ zG-ua%H?RtKmBS6$TM7gnC5+ZoU+*8CFEBgp32Tx@qnu($O2{s_*)GQ2Q}J$ZRe41a zcZ#$u5hPSZ582trv)P8m)#r<GhnyvzM1wC_Yuq$ViL2Y|{4l(F%XD z+BM6|pj=U#;9dj6Xl|Tu47}2| zGchp7UaHwz7s8^kH;D{CYJOmI=)9}@Xb@Chs_;?K?Qwmz7a?bukZ-VGJZHScwV%hb zuf!olQ=p&oE^M@tU84}5p2KCxx`tWt;#T%%`I}}~7m*yE#>DY^zEa~kKDP_&n(fsb zWE}1M^un8rmF~KN%>c=Orx*BG!$Xp8(G_+0q@IqtmvSU-Tr><$m&{MBunOQ7Sm??e zDnP4J18;YJ9{tf&li!g>YAZ-q=8V^E>!QvQEsWY##$pl4&H2JAfg>j>DMy4`8X2Fv zmzMM@yFQ=irmC>fbWrASIAmk}1x(OhnS;h?<$#>Dio@cStUrIJjrZuRamF4~3V98xa=!)g<4Y9IwTA z2?k%MaNjW;&ino94m5@J#dY?^?^ZRnmFpHd{*iAKfSFrVQe{hcezPpeyeE}0PM>7f zHoRb|$;QsihwQdX)Qm!vMRCa8{5bFs;XGIWmP2?~$ihc?Iq`_pst5A%tYQ*l{)s*1 z)W>~H7nd%IPR`z5y)xwF6RpFl>Q0h8@uA3RCK|oIZ%z@<<`RPK?YOKjlmnQG(Q^HI ztY2jIB5;;lmqQ>KqI1yS66x>d`t-^qJR)JgCF1Jq1Vk)+*EaMW7bW%7XZD-Kkn~vI znY^KlhCE2O^tX?!@4h4Bk|wW5e255i#G3DuMgOEY6-ny#>-|6F_M5FU< zezWFg*k>};i;%~S!r~$cG4Z2$=hOhr&G3^kuN-6|J{!Z+lOScEPe!Eq_$~o*&F?M> zH5);%PWR~I`54zOPx}&5YE(DeW)~ooZ;d@1SOxdrm zRzqF|F^+MGX2}`3de$}OyLL_~ymKIoCKcD&4*6Y{qXSF4Exd33>~j!EGM{WIjt&x} z6vzC2O(pUC6`d=QfMcJQk{T5^gOh)RjSEk236Pi=Tt1VzPFZkCm&{?j6QrS`4#H-+ z>lqTlD)u=+GubhQVtQ6`sXCv&w!y7WQ$DX`!Opft!oZMGQqW>Hnf>mVxs7^O7+r3? z@KimcWZr3%$APtb*~GrE;uT(AW-jo3&(_p=lsuG86Y6zjc51qel*Ej7H6>V%%_Gwz zshN_Iw3f$a8vBDN(I)a4y>J%aT$$iS@K~&-7G{1>lw&-~X`bqGD+(H<3RG|DHrUc; zwFsGneC2m8oUd~4x-#+#lJ1E9a>&=lSueIabA0;5p0(@f!CSo{HuR2-@|anZsx6nM z8D^oosn=J$#ert5R`zlKfw%J&mruL6W0>!EwOt*>V;Vnv4j$Qry3W^#_FiQi$1oR>*u zK^;Q%dkTIj729k1x$`@)cesY)K!|A=xF0?jer<#Tp%otuI=||J$L&u6yiGGO|4{&$ zCi3~e3o!n>0H4ftFJ3Lno!;uDG7#-wMJxpo=HVEDU#hn8~b%r z^QVuSU)^(1Ktx4I6=9GKoT9W^=g?=v0FxjjEX`GvWEyumuQ#gn!_I>cJOcw zZB;kA9TplmWUS%?AI=yK)ui6;h1U@>JjaT)@n6+TaZ_vF_{=Ln4tIZb;agTLjF+(AVKf?XcG!o}A-~td=+bJZey0>>L2cpHRvr4iGv0D$ z4S_N^c~PS~OMjGOyGwh=gk%XS*3UpuWW5STSmtuFxmHFZH+Bx7w>o{^U`KJbkriH! z1{)D}eVo({TYF1SsGQM#Tg!R(2)U>W$XyM|4PxBk>I%s#+rF4oJ33VOG>Jjy)*9a_ zo7_D)HO-Md6^w-uF<@&+3BMyrWQ1e6&$B>!Y=rLkMEVp-Yv_D+flI`u`2 z^LH+y?fW;Gmialq@3b!>5mIz$8-1n75zl&W^dCuDL##xRe3b)suZaE2qWH?!j10^)ruG?}XxX zIgU<~;RX~1424`L&j8_Ji=Br>`@+^Vik1L)7MX8W2y|R)b1NO|eI!FYw1>?fD|4@j zPApOXVp~a%5jew5-L|~(#DC{&u3ctGGu2m~za+TYApKvg`W(*)++UXuz)9LGnoxvF z_^09gph zx&aaaIWF~ziVEo`R%?}no+y5wqNp1OkJrH$n3E-Zf+IKH$>IA7O6}7h2E=t5jqA;u zPF=IDcI^?SpNIj$K>%)o{3h5-BEJ4vJL&_`S<-z^;_t2V$e!`5foNCkfRQb$#c?x9 zSVY!3B#7vi+3S(ZyuV}@8l)p5%P1;lpXf04?041Cyq-?G(7I($<6OFDOjOLx|2HSVqN*s~PFJrniUoc>wF}%N&X@o?fP$34JVG6YJP(42u** zEf8Kd3uYqf*Hvbq$RGBNXRLnn4Rr?hPgAzqfax*t!rD=_#Q@z~io5YwNrZXM_pa|s zaV1`iDeWjtP%kk*MH+gPvUQigl#x!jbf#ZP=~hD|xL#9He}>Z3k}rZSCE6PjUTXkv zqd0(Y!ArI#`HlyUK$ol++!oVM!%;%m*s*i*e~_NV15bj{Mc!q&n&rgEh7x*qE?Bok-!K)~0R)5ZM*eVNkD!`Jli(k<`J(b3l zD;upjSQOZNJmoKWFhKU`zqQxBWF|{^VrZpoO>VePsnAX<$Ctnv!xXrF{kthO(yu>) zMb%7o{691#KT!b_A}%XAIBU`ybtBHK%p+WzYEZU5AwnGQ89yaF1~+VyeM6e6@Dtop`5C0V6V8N7$H4bbhtadz$0#5sADt?-6q;V;k*f$M}^ZMIwWc zYy0v_1s}_DUv$pdrAUP7(^(aVKzaM)(d?&AeG2}1`%8_QCZ&+%HoS|^XGM``7%fH5 zgeTGIJOV1+$$F8kN;sEARzja-Zy6NOR6pI5D$JQBeGXF z>VX;wj+?!&4O5Hq#=q}e(`0m%Z~a{Ic^r$*!kXtrc7_H)a3a6xrptB3YiQ%IG|%3| zH};XyQ6WH%n0F)cj@P;&P!@@M1y`55Tpjjn5m9yoR+qtq$nNuoxpG>~XrB`JxF+;0d*Gl3-=S~HKIBrjytKWa zn#H3Kl#uzJxN&cL*y}~y!a8ixJ&#y1XQvk;R;0~8aH207kL|3xZt=|BZOaY&(GawA zL6S{!4IPWFiKr3ow?7BDKYk`aL54&8>)x+}(;K(%gKW2;Kj0YO(`p%>sWc^Po++p) z+1a%tG`cwLB$%vHfTw|XS3_y^b+(^6w6%91YGw5~()gH4scgN+AbL$W8}ZomrB%;$ zaByLxB|;(#3JfpsBBLT9kcQxW7)UNP%{1rK6NtNfq{Uo|UCS`x`eSnofuzj5r$Rb5 z2bNesw8hwm^cyLYF%cHu87OZy-%P~dtdr=JJzug)XHbfYk$OpFUU$3K#u zqj>?scyxQn^W#I#W%AZoUcZM_UMibz&k-3fibgHr^Z$yN$)_hKp*4{;56>T`dHX-; z)s!q48;%I6s)}kUdCccahdl5zTcpW77Qja*+9jKu+3_-|Zklg!xef-~VSXk9pWz9_ zy4;$*iXHN0u%8nOl5d>9uKyAO*|jf9VRoO>{uDvksncu3TPlGuxuLwI*6bwdx5=8G z9ia0sjJ#h%bYtSr@VeyXH`C(>EnKBeTAFgrmj^+RFCO(cAP!T{-SzU~6Q#ElGuzgv zXohfiS}(QdEE{%HGdB>DEsLasRs{0p{8hnKq%g9N*8?~l2XEi2%JuO=(`k_VO9r@L z+gc<)Fz>FmRUK@sie6N45c1hmI|oz1u1CG(I`x!8E&jF;HX?qaY)%LbsJ=H_tI= zta~`cw$g5?W!KzLdj{9cDPFsmq(4-tp+tSZ8SUQrz}WYim=*H6gpmK^V&-pLo!v4Z zwy!^f4hfA9i;fSoCtV|#g>t@x`mU3Uhj$a~h*}ComD7Q`|I+pffEh2wF6-;vu#~nXN>nmja3S@4K70|CcCaNN8A?&a17lF%|~JH)d&!**WTwD{;g2nKk&xJU7*1Dt4>j;|xTIkrXS@2gY*&s}D$Eg`w2X8D z&IiIR3!=(xE$eOp;=URz(_Y}#m;c-cJc(?)IaJP2Fwy~_=#SFW08XK%4JRmw zI@J)D?S|#eyi(9aS0(4R&(n~h#4V^RbMB+XZ$HAu?X{zPEo>4u&l0|XyHgpwDTw<2 zOt7z@)GYoWC9pE*^I<~Jbem%^K!SDK%ApTb2qGKqmj|}Fz5}_p0~z09M-|(?Yc8ub zu6|*c(Dt0%h3O1;Wa328lnLPuSWWKC5WG$j04PpVPGQ;M=14iAtWl_R>kkg1q9m&=Yy= zYy0So_x$~I{V2&idIrq->=y>*v0!<=wb10TJ02Kw($wAZOKFk5W~WPpK_;aM8x9}; z__kQCg1_@Eww!D(}Kq*;ftCJc7@oE8L~Is2m#OKqZ9_E z1{yaUw|4DBMKl^*$iRudGNwzwkOaecn!q>R{}IAK@GiJxFj$MUc`!i@QBojyy-Zai z70eEB{^}>%r~~z1(8G*48Snm?IWuLNEEj$^`=I#2`6TP86kx7x#O&<&dhfW-vFl`s z=MsjnJ}Rpa$R(r5^G`3rRPoubN(jo|^IM6+C&sVD#{0DI9Y3gDUUKXOx!)hHx7Tan zWiTylo0v7ux#=IRp9+)eRGu4x=6_2alkVPNJ7v*grh%JE5M<9jcir*R3d-%iWK>5P zWav?le}5LgyS(=b9ugWE-6*)Et*Ha1gH!(A{nH0$8-nCFz4w6qiHwS|;=*^m1`F=~ z$+Hx`5O8!L)@ZiqCDDsu`c~QELx>qDii*B*gU42KBqDsegZ`UHS3 z26~KCnK@6$4D*Vdnh$g6mH?)&b@avKUf%Bp zFULe*f#Pub-};;6AHPaEguuZc|LG57uBf76M}H-}5|FdCAq`HT7$)WX{6bQid+%eM zFlY%09eS^&+G4RJz=F~HY%1Nlh|9h1$;+(F+=<^Aa=tmJz~Y|eIYI`$uF=s69L_$g z<^a4$6WvEuOHmXsU++797buEl#D{@b7|$W@5p{jDvu`54-3zW0R8li2oW!o#wsCAg z^6wkmQUgTxmGj|JlPPw$kCQ(|7S*9Z{UM-4lWfoCTE*R^w~)9z`eu#BvZL@O71;aw z`en5ED(rnO{rI~}SH>T{c)e7JYW0D#W2-!A#@a*SqGqBJ99n=kD1EI`In+M(6ABWl z6)EV@={nuZm|XFzioMGExpm01q#q9Kp5ROYrQ6)|>-=2uYrCmO|KTCR-LMbrMyxSI z2dA^Yx=Sy8n24qikLBd#s|jf07)jov(+^tBiIHC`W2$X7Gy|r+pNcU*FJD1k5gK$5 zn+*apg6}`vAgr>I!be87DZ{o}Ysm42=f#sHcdn-EP|2w zNt+Rs+Oq{YTb}#=n!=|!ceDj`ZqXK3k}CzT+@y&IUEFrNfAi^q$L|q;^Xd0Tvl-*v zvKj#Vi>REx>kP3`8U`Pqpmej=alK10qz0Skq_=`gbF1@MCo;2g?N|34)4^A*Djys4 zot<5VoS8=FBQz7<%CLw+(ytcz1^F3T{eAsYduPb}m}76Bl2hFz3E1AMbNPv#UHlr! zF(9fjviT+t|GQsgFs6Q=3MkdZljfuuw}GC|kel7cNrW68X{*xf>#p$JnJu+Ti!M2xuA?_ofj(?Dzubw4CB)KLUS`~?7t7;Mc>V{4`|{CWRu6n>rhII%)UOOW8Gx15wA^9BdCe*FgXV- zA%L~RP_K(V{W1f+in58j*N7&AVP9>a3+8PT#{tlPbA2D(rFiw=`+u2&56b$V6ueDZ zQz!KznTsNmW?oTV)ML|+#{nJMsJX8mKb!MQrkyfpho`6IrxhtO$*;`#M?^|&#GSTV zKl-2~bAM}Y)+AO2j~J>#JGj?4;lkp4(fRdtO9`EYq3L^Yi#cSEr`iE9_p}my=RtO6 z#vVFsn-*kpt>rV>>jDVV49H2C-#@eNOmfZ~7DAt6wHq9P#j=d4QRcVnKj)_!!Kl0( zPb9~%X1puC`eZ|n$9H(XtiMw`%@z%-HrqrEPN&W&O^&ENCT zXZjRT<^I;5f@w^%>?yCT?+H`VyapTj6`#Tl{a#LLf)BoPzek?k!_Q_0vDJ$KtMB#p2=et6jqs9Ubi=V&nI7LQ@cFWXx5L=u~yvH+euedS;^}H1I5L z8BWk0^c+P((?c3gG~Z#r7mY^ez(?cDu}ck#Ne+tfqFRT0V7L%nW&>6t&tj}wHAEC$ z>vQG>%ie4@l4nNUE3*kwWlTv4$>0{8fMyqke=_>yxh=U2W9h$@v4{SH8cKmO&w08(_eAHd}Mu7G|@x8$Iu-#kw05=$E{)tjj)ea@GuS zXR^{dJm+K212?COg8R)~H=9gWF>-n#U-Z=!-3A9gzrq1C4o{soSQg)%2TwcD9{$PY z-}!ySr@Gyn|N6X_sc+HB@she(zkREh*Telc+v%H0!t?p~aWzP{7~KG$$A;^Ezd+RZ z(_F$?yXQLt8C#?A>K|kH1wo}iZxY>kbI!tp>)Kdb7~8A+GUg=_zeBo~1sU_&r)?(V zfJ*B3AD*w)roW!<3=f$EGmn}cG|rMzH6;L#X=&(mUg5+MEjpPhk6A&fJ%ctm`>}K0 zCi%mfP!5m4gRi4|V#fA%hvDinzs%S_s#$w*g=%=!c-JJ3{i>&wo(a;&#!OF`gL+G={Ovec5~$51=s;7_SSH(44sI+ z>Z|Ns69)@0FLHd?X={rn;!@lHyRg5%x_jx3!m{51n3xTFO&gY3f;5h(eS1Ad}yu6~R z!-=eG*02}umZBk;(hLh%WcjSrJ#)Xly z)Jlb>#V5k)Q~nCC&b9RexKT-bJ0yy+`uAR;{{nydWgfa;eDL}aUsV~$8EEUV%)g6t zi+V88kfOnR-J&F~@9|(bWSEAzsv)A7dXyTITQ;IK`&q@WPAgVR+x;J|zftMuqvlOO z2auaT*_7qxm7c4#&iJPcWa{8ZplnmwUGCxM%To=i2FD@$>8Xi6njU^a+qTc&2LB5p zeOb9}h~Cerx~XGi{si(PJTN2khiF@P1?a0p6!eeMUK1b{H6FqMmcOsRH>ARW$Ms_C z?D*rfbFreF;=SDQ>d(nj69?yKd)&eLPackCRzCl0dH(Bo0bI=W_q;FqO{u!l1lUcT z(Jipt|2w-+dR>i8IP(Bkh&ts+@d5qOJHhs!K(&_Rd6QX(<#Kh4=!$_aOhF4lY8CVC)PNdBuR#FqjG zq3{Wualy8}e=Fl&9R4+ZQyoR~YzH*fQ=iVW)MCKR zZ85`IJPvcFkROqqtN?^Do0bB_aBHfXY*k33rJ90DR!P;db4e9AE#N#~O&Oo54o`x( zLC7sFal#;cGa9}-Q+jprka6vL^h<$q3>Ene0M3ZW`PQtt0@Sexxz?w31ID-5Bn=Xd zDmW9dq@@u{scl)ArOa)vawFY zV%d{ZIDEx2sw7{0sT$zS5v>Oz?`M!pS<8}*Yi8zI8EFWmJ0iV^r3nj%`g&I$`*bT1 z{GZu3Q?gmMqaA)b>h^plquWCbB5{wH8~4$0Ix2-B`eM-X<~(e$yTyQ z_DuG6|Bkyp&+q#@-`Df?$LG^>d%v&iyw3ADj`O_EbD;N5_)OcNZB2y8sGI!}L(Q!r z9DfUB`iO#tLOTo`GqM*a;?BR3wLl%mUF9uoqThr88sykreri5nEpE!2Wi!^Y{&p>< zX+jhyf*zX~VMBg$6X+ea20whG99ziZ|%=_d|pqWi7b%|Lw=6M;f|W=Euhh zpQ*NAzebE|VspOad|Lc2ba`Ll*8faEFs0}wEx8==HW@muzDgH4rI0_b6m~|BKuBk9 z8GoD2#x`^R$&>n~#;*64-(D_kC)|ik(midngl2A{-x}%^ z6_8XJ`anl`o|BmqaMYFm9BS37#WOQf^H+b{+IV3ZQmg}Xro9oW2fX;+@s(+$=Onp} z@$Z|dGVHrL+AtNfSc#;-HK#1?PT|nfpFDXgnLAA>2@prO#XR`()BY15>)Qg(`v&g= z9RHmse7+u#@#5x-qN;q488xqm@;^MpmS#;(SPGU#OP1V=Q5ZHKt;=%M(5HEFb$2LQ zIV9iU4d6efKVEPxYx&g7=!dtv2S|E$-2X!CSL7P$%GZz6hYT>*Z>=@;N6=80ad6-PGKkAHc5K>~#S|3Uc`8szG3A$>*OTPzsI`oM*8j*1xZIcL zKCsaHSmiW7PwUgxmJcmn*XOn^ye&HI4?#q$uw415erJg%59#A1e7=Ck(hwEwZ0|K( zlq?jJv&m0oVtv{*(R9A4JM3HR+K!2?iO-h6%i5HyireE`&HRB zhmnJ4i52NKxpvL{Z&&tX%I#Ql!EwWZ|4lB|c8Zrdq}LW4!r9)Tb^?eZq%;@#*mZ=Q zGm#EMRX=C4Q`p|zwXkcTr`j1MRZpq9kez2IyeUm}z~lEmnU6bw zgMi#$zVqFZU!sxP>m#cFQ_R6CT+ZajlMQX6@_9&@yZgDz&`(%S-uKSG%O}#;J9y@> zl-!hz7fOrsViQXyW`3p}zOqPcxY(qo;{Mf?M3k4Vu5h2eX*1LjafjaS$r8WvxAN9I zv-pnK#2ys-Az*4>+$*rZv$EPpqHsPuL-LoF>_ih1Mki!*4yt`v5Nk3>x9;ef zrF#GVhfel_p$R6jA#FgWFU)=06iZ75x;|>7+~ifFt(`@-=NcnT#Ck%G%lwHiv$SRL zWzyQxw7LUVdbZB_=*TPI`1ioqcd@ zOeo^WF2jnTlXv78o$^v&AGxH}SoNvODkPvl-;8hs*_y!=|2UIZqTy;b&WD~c{0KG` zID7tVN!pQzF+4fkN1k7Wjw!}$F3b;k?%@9vGKG)*Pa%^f!?}M|2!D1s&fm0+kL&GC z{}A@wo*s@9j5#G*-8UiXhLx1+n-t&&J+&NRF=bI5ynbLm--{g_rgt|G+A-ki&QYbr zT_ZO+DU#TX?rKP$=D$<@ER&AZ^k0$!Z;!g`2IYACu6ofYqwZcAw5-jZ;$pDFb5S-_ zWxI`BYugoZlCJ2#=LjyMIqRle=SA(lY9x3%a-F8b^Uc4j=oDp_pot%UbjuWtSwKtg zYWA-Qn`ZXarJt1n&bfzA801Z7^!!_zq9-iaple_$c*_qOvjdM0Th-*Dff5`0e4*2% ztl!l1HO1-wAyt{8_3FR6h%4Qne!a|lM3*(Jq`YzPXYALnU$Z*dSLw#kaigF2Fn#`S zFLK5FR8z5`h;4hml*Jf@IZZ`uVxot@kXmp{_s*I>e=A(q$-Jwm*o9xLOmJNdx$wR( z$e3#ns=ps@Vqi<{zTSp|;BkV~~FxOw*YuM*WSOzvd% z|68=bo*`h{TM40v&AUmHTq-^HI`OZNn(*aO{}Priw&BkYpjdCAVL0?pvH$Ll5bA)- zeT*`Yk7wTJ6}%4L2xKBE$F{La2wd{*DY(S@_k9^Lu>>MOJEMObD3Ufx3ASL8g* zm#&KBj%7)XGi?=iY#v(tm({Fw2Xg60*jnqB$WOdTyXnK$kJgI^*zW#7mXyiELQMPW zOlf4hC*j6}^aGjlR2A& z+ij9gxQxV6Rd4z8!*8tnyhb&j<=02@)fb5v6EeLx(V73Ej9kYyB_Z1C{XIT-5Z8QK z6(!$PxKbSDKM}tFz=0#VWX{_+@yX_wbJQ2dVoX|rgfBTXbs6?Tk_F>v5v2h!NbEN^@mL{I-m_y zMNB`_KEgd0A$NUlvbX$2z)Cf>-HB!crE$U2$5L>m?oPpdx*D`RY`f@v<;oR9!|wMs zZEL2>Xgne(By|5&ydu%3XpMVvjl0_`ADu|@9eVxIcSxw5R@T6LG?XDAK|N+86;+|z zQ`q;azQAi4yqeY%anv}>@8*Ewz9IiV*9WZ)Qf9h(BDwOdqr~Z-dC?* z4}A&UW8Q=Ag{37WZYQ=&+CP8#l&xFF&swCdD1Exbk2WeQ${^2e5>LV@?bC(4(g{wN9$j^mR?XGf4K!qgn_N3rP+f|rS|O$II_!W zxPfxDF8}&`UY;y1ZE#&(9W0qZz(`|G4i1bH+kdqK)4&efv@$a=)W6e_&^LB=h9#$< z@3)-y$^x3tVHPl7#041>Rro?+ywILLVhs7XIxLw(XySm>eE` zO3%Qq;+KaG9m;hcMU~r`U75ed*gQ_$8+jNNC1>@6Uo3EBco_Zphlhp;gx41>3%ytC zTv)$knAIl3K*ySe>FMeB?|*|~YJxiNtIEp!nsOq?ye6;-68EP05# zt}Asa_<-^k7uKw^D|5I#h*|6{EiLc3I7n08!q&~H5BI6lZ5JZ!Q-3&l-+-i*VLC}w zGT?FerZIj;YBU>fz&OvBJSa*#N7czIDS+U?z;S?D**H z=;WkZ;0bddgJ(t$t91muTo=4TN`AhVm7*Za>91v92m1TP&1yKDJQ=*t_Ih?PRsbGRTt8F zipaDnv=2_^T(MnOPmeMDaNUy?-qoJv`3bld>*x^Col~O*=g&8=?V;@wJf*6-xSVo- z3hVW5IMeTAtO{^sQw((1D7499vC%uT6$atPi3 zQ?s&ct|{KuZ|k<>Nrs^4(QzswlzZ(+;b^um};yRsB0VgFDi4n9%&#EH4#Zz$7& zJ)l9@0~H?OmD8I^_?Z)33WpAz{_;X;JJE_(N^?BKE@tm|NLRs|H*av%0#;*ZR~0oh z<}nE4^XJbc_X1XyBtAs8>8hjeL;U&r5wR|tvkTrY-o2|f5Ev7*X)>Tlv45h{z73PN zFKK9?O(-QL<$}b@S<{-x52n>maZES*ghogI8W`}8QIM7OL>Pa0;x5gWE&X=)V2x$v zUh!3lx*ZT0-pNt)_57=wGT3rp6IA(Gm z9)z1a79I3UdVU}_E37SCfwMT~zga8In9}iu#tr-FfQ}_#h{f-|{p`sU%{OOd6sJ~0 zesuvZ%?^K4?xf>n&FL-a>LS)eO2K^!V%yZ!%~FQB2aZ{g5M%DleQRuV9{uqS-TcwB zpN^K6NmgJZ{Z5V@JIGzvO;@J4-Z|y%`b?W}HDy-+!?oi-KOS^^$9j09B*|%Zr1AIf z-!n64g*t6OTy<{Ev>5XVWfCzROk?X$lwE^1;!}#pQiaP{oaP8wP4)Qc_X`ZSD?s##FtEFerm1y|2`Y zQQvHGfL}k)4SoUUT2N4c78J&{Z5s$KsJ za~fXqsqhtlwMF2(h?bVd#>XMF+ur=hpYac2ZFVz?UpRa)G36NC5}fzyWI2}w9|g6r zZvjK`tNIO8bo^TBadXMJPP%oI=c9Tl_ns11vMg)AuxoXUV%y^>Y2q51j_(=Dc^-TI z#LVmYx7)l_MYml##L4RP+k2KVedg)2XWxo2(*a+T7h5ao8w~vT^JfmDFqr&R9NXl9 z9`N`|yp*n*@*tDjFOgyE*2fQ46%(86$A71!47kVVUB^nYBXUYa2V|AxgL|ZB`q*8j zF4?|qPfL8$w{I63-wIxO$Moizy#09Hv(wwrv&g#RqqvyZBY(x!Z7eMB0mf%^z7~2k zO6KUTmN}H{2>xzW%sX6|c*!a)B-Zdy4}bY3^a1qW!VV`4lh)PM#XuCd-p_a0f^JC9 zgpPP({Iac~q2b%hXy<4(Fg*OhW7e{mLoHN=nS-Of!0S3YJG;7iEhc?iP7eZq*|fcP zwzoG_MWmKDD)AktekLO=?cwGI+tW5puC1xD{r2ka)Xjd20K-VD>k876k~tqfL`gZG zs9-QMGWyxw-Tmv=+Gt8)I!D*Y4rSOhz~y~^nx?V7=N~tix91sm{%Cr0VV{nUj;pJy zMUKp`oL=t$(H|qr+Gj@Uj82{MZ+e}|p&@EorE>aoN4iNRERd0r@x-0&FSf=i@*W{$ z_o=Dd_wK2mI@OB513pVQ{cLYh4aPS6Z{C4c#%>sx8763eHrFScKk-z>EG)Pg7#Ivc z7#bS#UR~15vHyvfdwp)K0zvlug-e&jZCW$YF`V~hc^BOqNh0T}qF8L3%Nky- ztxVU3aALuw!3!TB`jqbTJK=;Ari%UkZLh4X48(Qp*fBdhI~SU6Ye7PHU&X@>8#mj# zxR{3LMAlzEfm2}9n0V>gVH-t7MI6ESLzV1k4@er%?t%;a_R)D1yL)oOhpQaN+HTGU z->~hOA;C`^3!oDRZ2tZ|Gc$9gKgvUPh4B*rQaw5viS1dI}A*59Ol$_m$CNL z&a&j~2r?%cdQA15EDzy~S3MIcIoW$p0XPdyFSNC^FjV$ro7Q`4Etuiz>Z(!wlOHhs z_KuG6@$o{^+VzN+2iIJ-j+a!or99`7aUPlJt6=Ik+hk*7qodOnLk2AE@$iv|4Z?`8n9x=IR9wX2VLc9{exWxf7Z>qo z38j3(S0fk0Rqp5aBv;KK4e>Gt0qkSX{Dsz6#-RD|$mr<&NMmJ94cTabntI11YZg?F z)i|sgJ&K7D^tt=69y1a(S4O}C)FUO+Osm=4FLET*M9byEFwjzbcBtNmcZ52%v_)W@ z`|`G#mq0~^-24dubPw;}ht@Jb&vn?k8HgCPskF4T<(R;&>9)qV8f}>tS8QzH`$zF& zY5kz>#!I|1GCE80BAQZ{3%h9~QkZ`XMrZ(wiInc%zyD;jTWHxnA>WdN8p*p}=Zo}l z*DO9-eXGU@8r7cbdhf-nuqRL6TQ(jL7vDyx0~-Mh1)(Gm5Sg36O38sq;iQU6>ihSX z8|aFN`=yc!rUWH05VZB9vlU#NrDfu~cjMi~J{#7r-`>90>^k=3qs6zqm`TZ7E@XBu z&wI7Cq@)L!A4N!k)kC97Xo8Pl+17!t3 zjQ7?p=OZqB5?Pm$n0U?Jeru2tK6!F_dbA}YAwNGK6Ci?f_K6FwBbe4klO5s7hkI=x zbs(N%RUb`+319gvB*UG0EnHz}F@ku+ews!vhNyo?Gxa&V84ph!5XFuiJHT1+&P+i{ zo}Ys^%irvM&6@w~nn0#zlSjlXNM1rhc_;f6qAr?wiBK)T6;@PNKVA!Z{CFFK%*e}) zTi6g1_Q7by#hr1O@qrB!Tw!(-Ae|uOkGqmrcJ7ezh*zIG&~8>+S$SntM_W7bm3-=_<3u3|l34+Q*Y)ey2}R%><#*Z3?-1orsi|>5I|8`k=jX=>`W&)HS0>eE z(-*QcaddRV_yp2S%{v?WUT4Zq}Cg%lPLy(?EljXzPFnGIqoXMc5I14y@@A@wOTd8d%-RQ1bMYbv#;JUoR{zy|l78T~Sd12Q72`#oh0c zA0aE?Bo-|Hl7ScjM_LFsf_XJltK43T8!p#WZ5(U#ke?PM{v3E*vLriwN?l!$hld9O z(w;rN5DEd@fBpJZ@|kv?vqtHM-d+bdzy18Hq_6VqPmHttqB zBGEU9G`_hsfd1ayyVYO6CZe@+Rn;9#*!ge|v$faO90#gC5J}#^rWlDaBQBLR{t@$P z^gfEo$mD{0Dku<#8{*YQ2n3ALn4X@76NjEBcJIy|>$dlYxNTEcc8FVk$7y)@@F5@| zka!j*0daA0`9@()96wWy)2n$c%}BXV#W_`U5lQ2{z2C5U@N6nETn`mUJdU?6ey+us zTg*SeaLc45{$Y2HCb}fO^;2^Phsytw|lH_gmPe;o} zoZK0zl1Y}Fb+T(BM3oT*AC1XG;sD&q{q@!LKyG7~_p(j#ElPKHcW{KGxgzdUR|!QB zA;3lfF3Eh!NblDB(k`wD9hdkNea9yo2=d-5)C5C;D}3KUpE#fkgF7M&U$}4q&|{|b zI5ZmD_MAz(!c{mus7ykLlSY$TS(c4oA0LF&h*PKo8Fg)SIYm3`_97M{N>)w|W4^t- zyjn84Qs+Prr{}wf^HWnG`mo$-ym!PD&IL@;6_FGl3w`Q-!3HK4i5l;tO@qt{BtWcA zAQpRjd*B18yl|)x=qUPX@j)bzXE;+6Gc$DP-@IMOaBXFgS_Y4OCopiRBX=Id3FCWx zM(JOIbNdDaB)obBZ!vq6Ttq|}7#P5bfc2XQD4vcGAwL*a=SNeMT~l%g zHr%(`PKc~W;m^l3?Cd7s$?xCaN;tASH!de92Pz?BUiTb2Yr3;xe^nv}2S*-EFi5Fn zVUJ<-U?dGfz-2%le`FWH!_Yr1?&L#&57=@fG2pAp+~I@ru?rMu#@j!La&z~5e{&%# zj9Wlc>DR<_Mf26ASseGWGKUM73O{3H7$Ca4ljpl=u8Xdv!`XWx+LHKE!ouk|BvY?e zJg~Fxh)>*Dq27OSWPkH7hA6JramT~-jg8e$oO`2^I(o^e@Y$)=~9ypN2)~)2VV|CtRp@u7`)U&bl6hUMKkuOJ_V2ZNjeNqw z!f?iegDXKx7oXFgT0$-9TXg4O%(<_HZ~^hH1xYtu#lOV znL3r8fKXmsTnrsQJ1uQ;X68z-{`>KO-Ev8yX-w#mS~Kqvf5&gZXG?QT5-8{T;O zEYcq=&!V5cARp7{vXRWANR1l)Oj_*w9Gt#E(|wPl4qkMsusCZjQ9VY!p_VmTffzk) zl3|&QS+WRgc#BQ%g@Cd#Lg|psdtg}p-MfuG1u_h=x--@uj3`M>6$(|EX)+-4?%P-X zXS$*=-wyzDD+`M#S$7cxACM48