From da05446a18463d5527157e33787e38627e8f7f06 Mon Sep 17 00:00:00 2001 From: David Lee Date: Mon, 13 Nov 2017 16:59:01 +0000 Subject: [PATCH 01/25] First draft --- docs/source/design/float/design.md | 132 +++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 docs/source/design/float/design.md diff --git a/docs/source/design/float/design.md b/docs/source/design/float/design.md new file mode 100644 index 0000000000..755d6174fb --- /dev/null +++ b/docs/source/design/float/design.md @@ -0,0 +1,132 @@ +![Corda](https://www.corda.net/wp-content/uploads/2016/11/fg005_corda_b.png) + +# Float Design + +============================================ +DOCUMENT MANAGEMENT +============================================ + +## Document Control + +* Title: Float Design +* Date: 13th November 2018 +* Author: Matthew Nesbit +* Distribution: Design Review Board, Product Management, Services - Technical (Consulting), Platform Delivery +* Corda target version: Enterprise + +## Document Sign-off + +* Author: David Lee +* Reviewers(s): TBD +* Final approver(s): TBD + +## Document History + +============================================ +HIGH LEVEL DESIGN +============================================ + +## Overview + +The role of the 'float' is to meet the requirements of organisations that will not allow direct incoming connections to their node, but would rather host a proxy component in a DMZ to achieve this. As such it needs to meet the requirements of modern DMZ security rules, which essentially assume that the entire machine in the DMZ may become compromised. At the same time, we expect that the Float can interoperate with directly connected nodes, possibly even those using open source Corda. + +### Background + +Typical modern DMZ rules are: +1. There shall be a firewall between the internet and the DMZ machine and a further firewall between the DMZ and the internal network. Only identified IP's and ports are permitted to access the DMZ box. This include intra-DMZ communications. +2. The DMZ box is typically multi-homed with a network card facing towards the institutional firewall and one facing the internet. (There is usually a further hidden management interface card accessed via a jump box for managing the box and shipping audit trail information). This requires that our software can bind listening ports to the correct network card not just to 0.0.0.0. +3. It is best practice to allow no connections to be initiated by the DMZ box towards the internal network. Communications should be initiated by the internal network to form a bidirectional channel with the proxy process. +4. It is usually required that no business data is persisted on the DMZ box. +5. An audit log of all connection events is almost always required to track breaches. Ideally some latency information is also tracked to deal with connectivity issues. +6. The processes on the DMZ box typically run as local accounts with no relationship to the internal permission systems, or ability to enumerate the internal network. +7. Communications in the DMZ should be modern TLS, often with local only certificates/keys that are of no value outside of the predefined links. +8. It is common to terminate the TLS on the firewall which has an associated HSM for the private keys. This means that we do not necessarily have the certificates of the connection, but hopefully for now we can insist on receiving the connection directly onto the float proxy, although we have to ask how we might access an HSM. +9. It is usually assumed that there is an HA/load balancing pair (or more) of proxies for resilience. Often the firewalls are also combined with hardware load balancer functionality. +10. Ideally any business data passing through the proxy should be separately encrypted, so that no data is in the clear of the program memory if the DMZ box is compromised. I doubt we can finish end-to-end session encryption by March, but we should define our AMQP packet structure to be forward compatible with a switching flag so that we can leave encryption till later. + +## Scope + +* Goals +* Non-goals (eg. out of scope) +* Reference(s) to similar or related work + +## Timeline + +This design document outlines a range of topologies which will be enabled through progressive enhancements from the short to long term. + +On the timescales available for the current production pilot deployments we clearly do not have time to reach the ideal of a highly fault tolerant, horizontally scaled Corda. + +Instead, I suggest that we can only achieve the simplest state of a standby Corda installation only by January 5th and even this is contingent on other enterprise features, such as external database and network map stabilisation being completed on this timescale, plus any issues raised by testing. + +For the March 31st timeline, I hope that we can achieve a more fully automatic node failover state, with the Artemis broker running as a cluster too. I include a diagram of a fully scaled Corda for completeness and so that I can discuss what work is re-usable/throw away. + +## Requirements + +* A node running Corda Enterprise should be Highly Available and resilient to component failures +* Corda must enable effective recovery in the event of an unplanned outage + +## Proposed Solution + +### Bridge Control Protocol +My proposal is to make the bridge control as stateless as possible. Thus, nodes and bridges restarting must re-request/broadcast information to each other. The messages should be sent to a 'bridge.control' address in Artemis and be sent as non-persistent messages with a non-durable queue, each message should contain a duplicate message ID, which is also re-used as the correlation id in replies. The scenarios are: + +#### On bridge start-up, or reconnection to Artemis +1. The bridge process should subscribe to the 'bridge.control'. +2. The bridge should start sending QueueQuery messages which will contain a unique message id and an identifier for the bridge sending the message. +3. The bridge should continue to send these until at least one node replies with a matched QueueSnapshot message. +4. The QueueSnapshot message replies from the nodes contains a correlationId field set to the unique id of the QueueQuery query, or the correlation id is null. The message payload is a list of inbox queue info items and a list of outbound queue info items. Each queue info item is a tuple of Legal X500 Name (as expected upon the destination TLS certificates) and the queue name which should have the form of "internal.peers."+hash key of legal identity (using the same algorithm as we use in the db to make the string). Note this queue name is a change from the current logic, but will be more portable to length constrained topics and allow multiple inboxes on the same broker. +5. The bridge should process the QueueSnapshot, initiating links to the outgoing targets. It should also add expected inboxes to its in-bound permission list. +6. When an outgoing link is successfully formed the remote client certificate should be checked against the expected X500 name. Assuming the link is valid the bridge should subscribe to the related queue and start trying to forward the messages. + +#### On node start-up, or reconnection to Artemis +1. The node should subscribe to 'bridge.control'. +2. The node should enumerate the queues and identify which are have well known identities in the network map cache. The appropriate information about its own inboxes and any known outgoing queues should be compiled into an unsolicited QueueSnapshot message with a null correlation id. This should be broadcasted to update any bridges that are running. +3. If any QueueQuery messages arrive these should be responded to with specific QueueSnapshot messages with the correlation id set. + +#### On network map updates +1. On receipt of any network map cache updates the information should be evaluated to see if any addition queues can now be mapped to a bridge. At this point a BridgeRequest packet should be sent which will contain the legal X500Name and queue name of the new update. + +#### On flow message to Peer +1. If a message is to be sent to a peer the code should (as it does now) check for queue existence in its cache and then on the broker. If it does exist it simply sends the message. +2. If the queue is not listed in its cache it should block until the queue is created (this should be safe versus race conditions with other nodes). +3. Once the queue is created the original message and subsequent messages can now be sent. +4. In parallel a BridgeRequest packet should be sent to activate a new connection outwards. This will contain the contain the legal X500Name and queue name of the new queue. +5. Future QueueSnapshot requests should be responded to with the new queue included in the list. + +#### Behaviour with a Float portion in the DMZ +1. With the Float in the DMZ there are potentially two options, either the float can initiate outgoing bridges, or we make it a listener only. After some discussion, it seems that there have been requests to separate in inbound and outbound paths, so for now I model the float as a listener only. The internal portion of the bridge being allowed to initiate through the firewall (possibly via a SOCKS proxy). +2. On initial connection of the inbound bridge connection the Float should authenticate to the best of its ability the origin of the link. If this is a direct termination of the TLS connection then the client certificate must go back to the Corda trust root. Also, the X500 name of the certificate should be recorded and appended to any forwarded messages to the internal systems. +3. If the connection to the Float is not direct, then the AMQP should be configured to run a SASL challenge response to revalidate the origin. The most likely SASL mechanism for this is using https://tools.ietf.org/html/rfc3163 as this allows reuse of our PKI certificates in the challenge response. This should allow us to confirm the client identity. Potentially we could forward some bridge control messages to cover the SASL exchange to the internal Bridge Controller. This would allow us to keep the private keys internal to the organisation, so we may also require a SASLAuth message type as part of the bridge control protocol. +4. The float should restrict acceptable AMQP topics to the name space appropriate for inbound messages only i.e. there should be no way to tunnel messages to bridge control, or RPC topics on the bus. +5. On receipt of a message from the external network the Float should append a header to link the source channel's X500 name, then create a Delivery for forwarding the message inwards. +6. The internal Bridge Control Manager process should validate the message further to ensure that it is targeted at a legitimate inbox (i.e. not an outbound queue) and then forward to the bus. Once delivered to the broker the Delivery acknowledgements should be cascaded back. +7. The Float on receiving Delivery notification from the internal side should acknowledge back the correlated original Delivery. +8. The Float should protect against excessive inbound messages by AMQP flow control and refusing to accept excessive unacknowledged deliveries. +9. The Float should only expose its inbound server socket when activated by a valid AMQP link from the Bridge Control Manager to allow for a simple HA pool of DMZ Float processes. We cannot run the Floats hot-hot as this would invalidate our message ordering guarantees. + + +## Alternative Options + +List any alternative solutions that may be viable but not recommended. + +## Final recommendation + +Proposed solution (if more than one option presented) +Proceed direct to implementation +Proceed to Technical Design stage +Proposed Platform Technical team(s) to implement design (if not already decided) + +============================================ +IMPLEMENTATION PLAN +============================================ + +# Proposed Incremental Steps Towards a Float +1. First, I would like to more explicitly split the RPC and P2P MessagingService instances inside the Node. They can keep the same interface, but this would let us develop P2P and RPC at different rates if required. +2. The current in-node design with Artemis Core bridges should first be replaced with an equivalent piece of code that initiates send only bridges using an in-house wrapper over the proton-j library. Thus, the current Artemis message objects will be picked up from existing queues using the CORE protocol via an abstraction interface to allow later pluggable replacement. The specific subscribed queues are controlled as before and bridges started by the existing code path. The only difference is the bridges will be the new AMQP client code. The remote Artemis broker should accept transferred packets directly onto its own inbox queue and acknowledge receipt via standard AMQP Delivery notifications. This in turn will be acknowledged back to the Artemis Subscriber to permanently remove the message from the source Artemis queue. The headers for deduplication, address names, etc will need to be mapped to the AMQP messages and we will have to take care about the message payload. This should be an envelope that is capable in the future of being end-to-end encrypted. Where possible we should stay close to the current Artemis mappings. +3. We need to define a bridge control protocol, so that we can have an out of process float/bridge. The current process is that on message send the node checks the target address to see if the target queue already exists. If the queue doesn't exist it creates a new queue which includes an encoding of the PublicKey in its name. This is picked up by a wrapper around the Artemis Server which is also hosted inside the node and can ask the network map cache for a translation to a target host and port. This in turn allows a new bridge to be provisioned. At node restart the re-population of the network map cache is followed to re-create the bridges to any unsent queues/messages. +4. My proposal for a bridge control protocol is partly influenced by the fact that AMQP does not have a built-in mechanism for queue creation/deletion/enumeration. Also, the flows cannot progress until they are sure that there is an accepting queue. Finally, if one runs a local broker it should be fine to run multiple nodes without any bridge processes. Therefore, I will leave the queue creation as the node's responsibility. Initially we can continue to use the existing CORE protocol for this. The requirement to initiate a bridge will change from being implicit signalling via server queue detection to being an explicit pub-sub message that requests bridge formation. This doesn't need durability, or acknowledgements, because when a bridge process starts it should request a refresh of the required bridge list. The typical create bridge messages should contain: 1. The queue name (ideally with the sha256 of the PublicKey, not the whole PublicKey as that may not work on brokers with queue name length constraints). 2. The expected X500Name for the remote TLS certificate. 3. The list of host and ports to attempt connection to. See separate section for more info. +5. Once we have the bridge protocol in place and a bridge out of process the broker can move out of process too, which is a requirement for clustering anyway. We can then start work on floating the bridge and making our broker pluggable. +a. At this point the bridge connection to the local queues should be upgraded to also be AMQP client, rather than CORE protocol, which will give the ability for the P2P bridges to work with other broker products. +b. An independent task is to look at making the Bridge process HA, probably using a similar hot-warm mastering solution as the node, or atomix.io. The inactive node should track the control messages, but obviously doesn't initiate any bridges. +c. Another potentially parallel piece of development is to start to build a float, which is essentially just splitting the bridge in two and putting in an intermediate hop AMQP/TLS link. The thin proxy in the DMZ zone should be as stateless as possible in this. +d. Finally, the node should use AMQP to talk to its local broker cluster, but this will have to remain partly tied to Artemis, as queue creation will require sending management messages to the Artemis core, but we should be able to abstract this. Bridge Management Protocol. From 9c411e7dc204ef512198c00905532aa583cb657c Mon Sep 17 00:00:00 2001 From: David Lee Date: Mon, 13 Nov 2017 17:01:26 +0000 Subject: [PATCH 02/25] Added challenges --- docs/source/design/float/design.md | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/docs/source/design/float/design.md b/docs/source/design/float/design.md index 755d6174fb..e48e50c63f 100644 --- a/docs/source/design/float/design.md +++ b/docs/source/design/float/design.md @@ -52,19 +52,8 @@ Typical modern DMZ rules are: ## Timeline -This design document outlines a range of topologies which will be enabled through progressive enhancements from the short to long term. - -On the timescales available for the current production pilot deployments we clearly do not have time to reach the ideal of a highly fault tolerant, horizontally scaled Corda. - -Instead, I suggest that we can only achieve the simplest state of a standby Corda installation only by January 5th and even this is contingent on other enterprise features, such as external database and network map stabilisation being completed on this timescale, plus any issues raised by testing. - -For the March 31st timeline, I hope that we can achieve a more fully automatic node failover state, with the Artemis broker running as a cluster too. I include a diagram of a fully scaled Corda for completeness and so that I can discuss what work is re-usable/throw away. - ## Requirements -* A node running Corda Enterprise should be Highly Available and resilient to component failures -* Corda must enable effective recovery in the event of an unplanned outage - ## Proposed Solution ### Bridge Control Protocol @@ -104,6 +93,12 @@ My proposal is to make the bridge control as stateless as possible. Thus, nodes 8. The Float should protect against excessive inbound messages by AMQP flow control and refusing to accept excessive unacknowledged deliveries. 9. The Float should only expose its inbound server socket when activated by a valid AMQP link from the Bridge Control Manager to allow for a simple HA pool of DMZ Float processes. We cannot run the Floats hot-hot as this would invalidate our message ordering guarantees. +### Challenges and Unanswered Questions + +The main uncertainty for the Float design is key management for the private key portion of the TLS certificate. This is likely to reside inside an HSM and it is unlikely to be accessible from the DMZ servers. It may be possible to tunnel the PrivateKey signing step to the internal Bridge Control Manager, but this makes things complicated. However, it is common for this to be configured inside the firewall, although we will have to see our non-standard PKI interacts with a typical firewall.zt + +The other uncertainty is if/how we should provide end-to-end encryption of the business data. I think it is inevitable that this will be desired, so we should allow for it in our wire format. However, to properly implement this with session keys and properly authenticated encryption is a significant design task. (At minimum, we would probably use some form of Ephemeral-Static Diffie Hellman against the remote Legal Identity to create the session secret and then AES-GCM, or similar AEAD for the message data. The AMQP headers would also need to be protected in this process, along with careful choice of IV to prevent any collisions.) + ## Alternative Options From 84a7be666484a0d8009e1345142e0321abb84414 Mon Sep 17 00:00:00 2001 From: David Lee Date: Mon, 13 Nov 2017 17:15:09 +0000 Subject: [PATCH 03/25] Added pics and descriptions --- .../source/design/float/current-p2p-state.png | Bin 0 -> 121494 bytes docs/source/design/float/design.md | 59 +++++++++++++++++- docs/source/design/float/full-float.png | Bin 0 -> 166024 bytes .../design/float/in-process-amqp-bridging.png | Bin 0 -> 64812 bytes .../out-of-proc-artemis-broker-bridges.png | Bin 0 -> 129278 bytes 5 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 docs/source/design/float/current-p2p-state.png create mode 100644 docs/source/design/float/full-float.png create mode 100644 docs/source/design/float/in-process-amqp-bridging.png create mode 100644 docs/source/design/float/out-of-proc-artemis-broker-bridges.png diff --git a/docs/source/design/float/current-p2p-state.png b/docs/source/design/float/current-p2p-state.png new file mode 100644 index 0000000000000000000000000000000000000000..e33da2890fb689bb298d5a1f2374ffab9f4e1970 GIT binary patch literal 121494 zcmcHgXH=8T7d{GO15reZLXc+YQiRZvrt}g(1O%i*=v{hOX+c7-p#((%={@uw0--~s z_YTr~CnwMEzs|efZ)dHu*7=aTWoGU@d(X_h_jT=wc(1Pbq1Ox<6l$GQ@5D*Z3 zCm^^>`H+x+;7*v@Pb~hAJ8mBoWe7?J=r-{;_pRTly(1tfk9mA;_5goR?4qRaMnFK? z@!#)Gm-8P80Rb*YS?-;-xAAr+Q7WBo5>gRxj}SaiwqlcP^9_Vth403#yhSRhe)@K2 zdIWr?q<$aX7{bbZ%`L{w-L?YZ6IQ~`GGmY#t&ns&@M-+7b!lgv%!AAiI_rp%-HW;P zi(Drik8y3?S-(L^5p@=B73RXgI1fi#ca{)<>n+?Nw0m_AgQVG0Lz;`Ou&rdVO_!!g zY){LodBp^)b_J$8l!B3^BJ>PIozR6&0j5qZaHGK-&O|LGJ%cuV0Ayr0<+$YMEE1YU z&edy7e6f}*j%sVFHLG9+=1q654@7$u|`L8w=_7#D6o)w*L z$ybvlEGpf1v|A;ZNngi3*ZhN`>@>}xJY>Vls)_IiV2{}-&)%+BM;hB-M%uD!%1|-) z<11%phj1&rU|j*QLO>(%>flgPll$I1-mE@PvUp%z93v|6*z(OY?Gwlbm1d) zSJm;3;>Xkc{#=va*Fpwo{T`Ek%-;{?^7$hxWT5OE)lX}33 zJLT+s6TnWV5s9osb|QFO=msT6jj~X?X|6Fz3v_%VGDYdLKa*wW>q^1!%+ODmRKfIl zsbjrSRgDOYabg~IX597l&Or_&UA>zYY`<*Ubu0u75}VAWLG@;fEzV)ai0tSbK2Z`e zi&8r+e$8!2Ra#g)2qZ`9=lVc5xm;az_Vuu;YAn&Q@7RnNn&N*}vI6J3P@)7#JxLWu zFQKnpU#HV-dX8_GYSfXzAt8M@wHVEfFa!mE#1fV3`>Hm1u_+6t&(@i;^1!V*vYgmG z_-m5rP!)lV5D8AmMRy*{w7RW0utj1Lk?PRd^DZuC@mt3d8MaW(ws(q0r5m)P?HPbN zt`MC_L{jp1#<>6t8j5mLkgSt$NN)U0=;#1MsV`j1*p-U*1dZ6IXu0uK^ocJjAhi4m z4(Xtwp4VL_GknG`aS2m0gkAGr?%mnbK>D*8DH9gkY2Tb>WH6%(gWH33n zAU4Ph)od<8AQ?ZO^R-ku_RUM4Dfa6cjIs-Af3z>hMCj5__Caa`nprUiaX za8i@HYvx-Kp}wbWBRP2g@3Zjh4ms9|1Gd0>=DClrMZ(RQ)F`!41iYXk7B`7uKHIwn zK@lOC``2DKY?JLZYB(w)gZ8tz7epyGd4I7EYe^08KhOJnQe_xSFKy_yU(6ZR2PA$_ z;_`L^zln?PuHv4Vlxtb{b8R*K7ECs$^HF9^+)FTyObYXru3e5;slOxg-!3bcHFC5BUj8f_tjl6ITgbVRC3Q1o68Dyo;+VWV zyZ#v)+lFIL@>|56?B`=n?J>frmUJiV_JcPc97Havulj@4Hc4`Iy@MFC+N}Y}ZUj({u)ncyJ1D+bRwnQrogovr`29qvVK-%V6F{m1cj-`7 zBO~?MBo#5~5i%R3O(#|~lFFiKz|`V08{tRQuVN%6rWF*J|H;oNpC5Ne_5L}QQY-02 zCz>^S=JNp0nA2q7|4W&G~HJOWyB})}WLh>l=>a zN4LwaxqFI!7v}<)LU%VD;%r^=l#YLf&rEZ?eO>99!)6$K)a@~K^br*!b9SxSLio4& z1je)7c$O7uxM)yBgfig;ZZm{r(F?nG!c{9U%0l zQ$E|`$;5K&PbEADPk4f%?Q{kW2kzH<5gzRR5yq0edO=GU!|U8`KV;D%mINknM0$&C ze!YeMSz~^`5a%F={`S6oxSlfeVcZVx;%}=eB%qmCTPo+~4{MS3aDjr~#6I2B<`9{} z=X&s3TcyQ^FJvkN=WWz-exO^}Jd`r^t#R6}r^p8_E*Pls&YGkKA6@RRt_*}yQEPZ)gy{pihiV&~V z*=qaIU0>sws6Z^HKwS4+v1#9c`MLgBrnj-;nf>egj??nrn#XpsL+E~m%zXb<6QCHE zQ@b&X;sC~Qt=ctZsd356|5wvz<_9r1aWrRd+AQk(uMmlB*riH}{Lz6TJ?jej>K}-B z!EvSDtHf9$_4;mq(~5p3x(Q7+Rn% znlcQ0ED(jQA?gd++$gpM(SRZS_t#x)W4}qmCx+GHQe zn#$kkc{}BNAH!m(M$V|By_wDU|GwT5&_62;nK4O>ReW~Q%_K)$_jaYfCPSW_lK&{M zI`aR>$4_DuqLI2Uu76pXdC(=V+#QG;6al3Zoi&duRgxseUPV$I#{Mve=Bs~wR7?#| zEo$uhDh%+H$-VdRDB(_^MB#V7Npa#gFWyYu{XgPmcPml>Rl1pbF7Y}m>ekjMe8>s` zq6z-*LkOA7Ltw}TC9V3V&8;I)j{KGGiy)0}=J#Le{43a|F#n5pVEjN$tA@!XnWFw$ zjy%)(J<%B1g6anK{;@z^M4@z=#rwI6qo=DXH;0D@Q8pD{PuLN(nMZ?Qowci`>|fpQ zi1oKSwR3hOVQS$1F@1CQr5`=iPI5BQq=d1t9gf}FIYtRe_py3Dnkq=%w}qyP5la(;v$SUNj#o6>**G z7vtK+jjWWVrU2;M<*u=i-rsi_Zha~;h02HM&c)Wwr^Z(f!mIxvD2X~%j`|>1l-Q(P zW-yNL;4{L~Hw1Hly0XS%*eDLF!9P6w6`tZR)NVK6|Zp`8>eD3A)u9HPG|*C;;Oo)zzymhQv758 zj7<|Y?Vk6*GbhTk{c%Vn5*}#zNjVW3*(Rhm2n|*xV;?DIA6G@T>ut&zYUA7N&X%M5 zCC9Bm#kvGwH3wBdSeG^-4QcP0ochZ#AD_Y8nO?I`zbgYxzA>|W@Z6w7E}~YFFew)6 z${e!WF29nD@!arcx;3nzzkkLTz)HH?nFoF<5C@g+xw9OD@f_Np-V8i{hW&FwZ?Y)| z#=acnDqI=9nA2Y|4g8|0%1b(PE-P<)w^#Dio*3 zK(W&q+v;rU>ry2Ga@~UTTFdTcIS|QDQD8$3K4JN$il)uTBF?vRiO_A}jg)!kX1IgT ze2u^?_msiFEZD5QIbl=Em5+&D_p(hq!SO|!T)4_uRIwZr!-I65iH?qBC5=7xP@zr~ul$?C2pC_$3JGM8}ZQEkblWbVD}rn%a`a^)5CRVt_! z4P@b0CoK9FgJdnHaHU#QlYBY(dHc8MgwUP}a_8-iSEb*XpTj9ZhZ{rgVMkY2^WWno z(c1gTuL9Hv(c;Av2Qn3w?GH+1NXnin<6=DLDOqy`)c%r-n((i({#6fHddfPj zky@*`n_eHm1qSw0fGmbHQ`n~izqQcZ#t7azUznku$k#ckJNO0)>VO5-7so^qO=xlp5FJry_fQ#;HCfVlZIp+1!z8 zJWuUld=m8QcjU5KF-7^fv6i+uvVAc1wnNbNk*(*v{(JHHf(<_p%IXf|O`_S44gu34 zg&q-`^I)^wJ3bNT^J-eIe0Ozu`fuWSlC-?=qcp>E>6{k42^$ofmSbY0Bphs&ayB1{ zY^)_eweRk^uY|g`+H+PbPqFt$9qW3Z7zt-i~SS@Q;FRjbU)<|Y@w`iq1w_->Hlo8_ld$XBMgX~u9v|}&C;9&<4 zLfA;hRL5>ErOLE66Xe#qpl8hFDM5~HJP8$@c&?8N78|@YYS@iPwN|vG-K%7bh0>(n zHLf5Qlb8&PNS&t>zL-Iw{7$XgBq=cSPVFP1d$bP|^7r8_sV*Xcj`fuhZvF_rgT3D^ z>7AXJ7H%9PZc!|XLXOOHiq8Sh4=jRx-6ey;_E=_9m^pP*Lv;zge!5M zr)JgVkchmRZDT{PL#N#8&9Ee2#O$Y~kFn5;Cs%TQewArUs>TstYulgcN@6{j)XC|& zbnKofk0%yJMVpKq&&ZD}f8&88rUNYVKjo22CVb8zzp!cUXOhrOnU`CMe^i{b8n9sad+l6Q+)2r9s>9KotAGh(+26%I zQ$}y$QPGK@dKHvaXo`G=pX7EGpu;g!`R$69D zsztc&T2|)81$;+@Lw5@|SOq|^4^KAv9HiV&IW10^a5)TBJ!|A9*R|hc1v4S^3=J*D z#rtnHw9|dPEv-K~1}F(+rONfG=A4mAt%BHg7rSx=dlBmdn}Xy5pe0K1dFD04?$K4Q zU_X=iyq9-Lc$#o}_ryM9i{;(#{nCP=G`6Ya8D>kf0s>s#nFQ0sEKR5;}J9pI8`G%cTf$CJA?fXdI`S-2W*vUJ@_4>}m%|q3!hysTo|0?RrZN(I; zt=qC>&9veGJKx^d3}gJcR(90%0ow?Bjs7tlmZHyD%xZk$PFz_s-bXJE3Y;A~;!RI0 zzVWwnBC7oSI+It&zO)?0c!3RcnDh#ENz0$yaW2C-!ey2#@>P~cw~)KdeF8~O(g&bv zaeXog`)S5qHag`=59*{pim~ugoTLXn%d5k=YZ-7wt`c7qvf0(tqh#YAYwkJBMy_(n0J_wKu6w;QN+0%tX&_sNiRyt|geV&qxrOZ;oj3~Dv773VGq5=d;LC(G-%Zj=_xwF= zpqqx|am}A<)uk0~(lfW5u|N-*Y)ru)JM&34ka@BI27LQ<^W}SAd``3#-kYgwgpcHB9nt{W0LM zxdujOQJ0o%|42=DizN7W!&Y%``e1!A>zd79>Le?Cm=oj#6s#)++sCe#a>cHOn~_d4}af2xUZv?_sOUcyhT;${w3H z2&$rHerbrVn=$^5_rN{d={RT!hmUlehLH7h=-B%tu&e;H^q|?AC9nC)8jTX6p&JAm zhUaO0fVLqi?}AO&+-AIkrt{Aj^Y^E4q>SZT5H zQ;r+OVJdG=McykDp$FCcY3Rsz;_`yk9HbaiYl9^@);zf2YwYOV4DEBixyc8^jRcAA;g7RSQ=u;2r%{wJ2)}Hgadt zi*KFP0u9-&BRMJo2%$oiq)&yrnKICKKbES#~$1|QVJKrS;;<6 z;nI{2_EIa)f;-bp^65o9MtlKO5xOj`j$9Gi|AYmyMGtFw8peTk<6YI2T2zn=Ek{$B z#)>+GJF~hpU_FEi}W(g)g z`mfNk6Kp)SVkuSd(vF&D`L(SjY}4j_ba3G}FZOBUeRX>IHF1n^6uwXTJcxrQ;4XBV zPFpTy`mu&GQhu!wG7a;Dxk?{Ss?+FOz}O{J6jJK~FL>tOJ@$X|F8bGn%^qioQ#SjF zvzk;3FMaKK5v?{;mh>+V%xOI)dCzq~{PVW(1&)*Rm?9|t)t;0kjHuTRgr;NWk?eP; zBYM=+r8cvL88+_QQG3RQO!Z6~Y1vzXTzyQ)5}%cuI=oqjKNL9O%ZPPoF@Mu4*Swt7 zloheBnB6q|Wj$Vz%fe7#*wr%!Z(Xp+&6c8{-!ggbhWD#$9lVy8u30B<`6k~0EW)I| zQcGNig8puPV%uZAc!IrIUO;`toU&uaRDE!n4vLHL0Q7N@Xf5?K;nclrX*Fs%!iM6; z>~9q4f!NZ0=0^+;OeK&`ucZ`fmq^(BFI?Du&3WT|--F!;F8gAwHxrp)fJJM>9Y)OJ z!75de*TGrQlOF<+(DpXBI4|JQU{fRBIR`fPN~Z*>I$Q%~Uh1-r&Q} zsLYWP&_IR0ZNU7BXUr#9(O^}4WeO;l)0wqf<)u5=`z@W}x4~i07XvcSvqOXf-(MEt zDUViw+il9Q@%j+yTBc4~HBWW#%O%D$DElojf5fI`L4EzO0}xz!&VOiXMVnjvN(S0xfglEwX}e0h%fHA9$XZ9h?OO`xju7?5gFbh zFNMNRMsvwbY6DEPE`3QCnU_tU<%Y9*ck!;1V@`$eFm9=$BB^iO(yS;Es{tatW_V6u z^3X8I;?TS8Om^>YscJZl?@M1H(oEIH1gJ)FmkXWMdudKC_wl zj&?bP-Jok-{*+HsvEoMDSuuepl?m%q0P5NF4 z4VGk%m{Q7dDd>DJ3~C4CmJE{zFF!YrTX^rPAVo*5}dJ;>Xl392rLv!^(6@57Q;DU#v`? zMFhi-djTR>jI%>X5b3)3X-Zeh&7I#h3}%zkQlzgtq{koOX12hPM92^W=IhZW$rvRE zFU|FfxvPC^%-8{^2yR9ieEn47*)3z7h$AeZZ&pJM!Iwdqz%$e!zyfYuKu=^{1;LfB zTLVOArVW-Bj9p0Yt)B0>TwnMNV)){NX)RnjHph?beeS#zL@(kF&fi^`iave)etB`H z=qD&w>|Q%!bwC6kf3Hn;4*lNLZBWbmo#pXxE4QLdv2t*KZr*vyDVv}w#x`d$NNPwf z_tq$3&{5)12wJp{nvUvyx9=^aJHge3=5Jc!(!z(d-=zd)WUA0St$h;2@iuyHJ??2# z`TBEX>{&VFah4i#AO}O`t+-gbF$Cza#f)L$)Tr(jXt*Hg_fLZGgoO+6lv3!$lT3R3 zRyI^rx$L`p*FN*2lb`8D(6=om2@YTVUxYsx+4~+4grH76mpqR58u58Ts^|S=>Ha)$ z@cbz$06!J@O3$p-tYvTWaKa;?K~LE#>h&C{zA73cS__g?>j^whc>+-lg8`37Mw-UI z2+aUGJZitbie8Dmxkp7kUQ{W8dJTeF9Tq;%B z!!Aq~gzh~n;7|f3{vG@}ZoD$ABjh3d(D^fO&*&6#WTrjubn@(z|LZ~&t!9C6yIn$@ zMMti);%Gf>jZwTUgb>dsz|Am%DfoavZ_KZ3cCWg3D$i+jf0a2rCsqlqWHA*>AKu&wMy1&HoqHW$kej|A{d;?jrD35rm3b3@ z*ri#H^L_GICxyhQr=X2kKi_M7T#&NWCJT(kE@T#>K=)Dt3{6MsTfmv5rW_=km;S+{9w#k@M^Rv0wRsUV#(EQt8d> z4V=cHQPp-QKI97YUO8%MuJyF?J8tYr3LQ^g_f*L0e81lmTqArMGvHV-zZX{FouhSg3AblVFcIGpvpFCf*sjvvV^%T5il?UOlA ztcZC-2AKz6Ha^>`{Ba>i;J;QT3h?-Gw;&C8ne{5$LMz?wW*Z^|CUk@~bpR;c2m-`f z?MKgHB9`YxT62x@ql*PtVT*zf9XEmq;Gxuwn}Z~{`n4Iqhuvd%{`Xtv-}2FZ0{0d} zMQh!0Z=;wVD77%)vG;wkAHV^^*O43ehr|HzyU4zq{3cr)Ji5nsLOG;81r z_^d?jx7tBC+7;-CWC$y>g;|kGuPgKw!X*3S!hM11^R&hy+kIV90lM7=H(n5-GY54f z>AF$>MoyYP#0gF`!_kvB9UTX*HLVfdP@o9)&Tqdo0-G0H1R!jUv^SzH%Z(5%4?|C_TXfzNv+mQ4C zo_=@2e-@-Vd~B~1b)#mTruypFUao9g!Xg#CD`j9IAkS!Dr`bYA#n4eJSm(cAe;!!U zENd?8_gCB0cK)n9s?sR7BD8{y5AgghoV`@2hyQ9N=>_l#t&$L|0-64cEfQl%_UJyU zOsVLC?t#!%p^9%@bpykIus z3p0ZS0EU0Sau3N~CBn+dqJjM77VD96;fmEhQ7YX{35*_PQ|C!L@1CYk=6lWe>l5@CZZ%A904 zQNgdQ`uk?)6&3#RaAA&bAobGizq}Bbd>r0kWq$1VRZ1tP)VQNZcJ6dzC)O#}KZhsF ziTqcuPu6X`t(d-YPu>KHZjM>lYaC-M$y?|ssy1v8PYPviS7t!ckg#$ABYo40ez5=4 zu%Huc$G=M3CjZ0PE1KyXN{c>$3r#v$pg@N0A)mntL(5Z>!}9SyG|DIW+5L~y7F6t6 z0X!KsX`2EamPBxDhOk$z$I1&v;X9S<*zo7#;0?`vKThliGbS!uWM>o0w;;VIp znd+zJMyrp5_5PJw3jn zWlVH%9O(2FMZnxY8)Ki2QW_=;?(Zx2!zDTR-q96{{x?Y2%hyEXl z@#d1GvB(pghEfUAko{|AMY-TjRe1N~XR`+k`#I!CfWLg{%>aCfaZ|OiKmiU5a1u^& zd10g?$%n*lOn}Bh6M_$E3toQ8=3j7Rn|dB(uR^OVg03>VZ9}bBOuZD(DMe4f)9jDk z@@wAFSeSeqnzUPjkC<^aQB~0{uczDi?TsI$fT-jZ(0b74<}d$~^Tk|c9ksR^&;MjG z4+Z=IdFFCS`t;yO7YPxK1rQzgp*qlvVmriD7%lUR=D#O!jLHs-WrFm-BH^qSeHBje zEX9o zD(Sz+C^G$^k&DPxyL(UUE@XgmlqyN}Q?O7n5Y|oHB<(()UW4K_YaX##7upmi{6D~z zv1vy<5^LaDIp?C9Yh~Y}`pwVvIP$eY+E|5Q{#E_3UwKJI<>p~*vTMNU2KKeVOzpw3 z3tSbbK!q0{MWK)O{+xRn!Xm0UXK3~ylt_0#`{x78RX%zA+2!VhHeWHNz z1vhsKki-pH;HkagP)mW#dGs&KGLxB z0epCBoaGRzR}HZw4BY+>nf^}AKFz&B?)eL!MKyp&)qY}xV_M)+WJIBW$KP$BH;7w= zgMn)vBwgM+%9?GO+c?vqQdD~K_CM$?`L{su4Y&rMouw;a7KQ3D%VUE-0v^YBd- z%CPg*+^n>b@v9_Emr5P*HZsD#2xNp$m6LM#<_6xz8B}>a=M}6@7kdbL^sJw(WnS*m ztHkoM4zrhVd|QbZN1U5GmJ)duU3qe<>CIP1j?n+dIR?FxsWa z_+l~(R%v_0ZWDHwI45i0p_ApAwa2DQ<21!1%9Z&D3>2c zH)=IPl0$OlROWO_c}ZqRK9r#rT~V)RI#+Dt{af3}5=OLNoi>6)L zgU>nD2XCU;DE5NEiQg7+@jF@ZJXvn-evP7dHU5L-G@0?+*S{oH_aAe&!b6-BatsS$ zsa49xtyHqxp|&DLq+x*bOn|wB>7c4j$>EFFL8MvAND)=!LfCn9t^xWT5FL|kNhni9 zg&z)o?LR?*!2jQ9cs5Dq<{ZEBLgf2tI(nEaZ#lNAUPtdyfSU}TDb&+Pxq{vc0_`-Gcr|(JRbg2Xf)i@$K*>D<^LpoR z2IS%dL9*m~-y^gF9nCr4?<jUK z=gjNFB1FA@694+kcW3@ibBiQtG%H?GUhmyOz6)-vML$vQ$|%76XoQUC!T-= z5+u3*S11@SVb#mq*zoh2*~O|>{0E)yDR7V=mzizPv==0T>ic${Dk_@XO%~a-Usn(R zw>Oo$FNsIhF3T;{ib+7{D;LX9l7odfAOp`BtHIi#RnPDcnN}nrLl?r)&Jz0d0^RkT z#vJG?_di8Mx+;X}K^gF+{~tB^|6j$s^;+7N+k-cOSysXuJxeBFCC!CU{#C4-KJ_ll z`%CvPMvc_Om;b$@h%iR)qSJe1pp1)V=}vhX#dC`&zs@cu>dY!~LcEzOKNaNarh@_< zDt1Egsh>>P9zcyfbo!+1s^^bFk7kqeT3BGpCUV$VSihy1QQ>$EgY1UTnEhw^!u%-j zzlSl>aN)Gq(Wez+l9RbUKKN!t*rv0weSjJZD17Zm+||XBMn3qo1|t55Z~DpLdExM! zP9K{Ao8h{@sB1$@!m?T*sq8fZ!dPO@zh zyB+YQd}&5`*jVDh-cz+-=Fr8*7-2OoS^q5vm+Z{_TsMm;qygN?&bPq!*|||gfK0`M zwNTGg1nGbhazSfUl6Nw2@R={Fl<&fNrttKf}`d|7)F5jWA0_y zWDe6a-ab7_}NeonT3ULY9Pf0i0at{!X2bD9a^#+GQ(M>^H>dBm>YN|mv+L!&fl>GIcw{FWml38^sWei zV{m5z3660WNaE#m^pk^3FyuuRpJtTNal5<#ehpBVB%5!OdpZ>Z=Qys&BBH4p#2RYz zp}6Bz903DeZFm?~tf-aHj828tT%_XntJbRkIXam4pUoLjKymkdv;G%8(IVDS-+)$@ z^%A6f*EYpJ9=E%xW?@%M&$VABB33v#k{xbGDElQ>mJd zAaXuCTl}c(?kamIjYfuL&B$d5#?fT#!m~;)mBu^e-04T#m6of^!cclF!Ur;BVIa+tv3Js|UTA{eOMA9rd$>0lzIo+`Beg&)L(e%9vtp9+ zL8io%_qu7vH|D>cZOp@1-td8FRHel*63L#t)v9^#{k!V=j}347$1~dYfH=&1N>o*_&*-c>$MOY8 zl5<%Ri$>A}3!~Oq4Z>+)e+XA_{O%!0tECL-AiF1N!%;x=L#=&{<%Esn1Q)8p!1jhv zr?7xShq(2VKC}Mj8lN>#mIHmufKYbR>hCO8Y{cErJ~AAA@tnX+N0lV0!hVY^har;F zG$snz?1s--^9f6Z#y{v_SOc>dTJ^Xp4IO_@7X&GCE)dt{b&@^K{ct}zboA#>5vnj* z*+$cL=A&0@=eW(i3zCmG`$M-y>(+Gv)}tk|N5_vR zlt`(oGLlaX|}Tppbrrz_@#0hqU4C8P4l(Qv=(fbfX*%|hzX&2Rsd2Hdv0*s}6c z+e3q1J3>KhcnSvZRwz7RlkS4NP=u%I?B8R{^?l+4sjy@SJ3jGue`Jf*1z$!*$dLY? zk6YL2Q%Xjc-Y~K)8Hg@F%Y3%@A%XYrlH@W7wZd}-J1yZyIaS@%cfp}856_LHWM3XR z1n0dg!DLXXr+S`0K?ObfX}pyrFa5+-I=9U*`L-jITlQL+a=l9==Ev@uiHXHIZ|o#g?ho72iTC!JFk{k#R}TxfFStWP$mTNL7%2;-LitYU2?y3wJY;uq z<5|Qs{u|_O5`ugX^IggMa*voS>)npP^VjXa?(s7QA#9bP*NnUz)rY5Td*V+S&-VsH zzumPUd@2yC(4A#3D(zh}q|X&&b*4JQuJtokxnD!X5!rfnE;TwL;Z?AA2&e*{CI!#D zjg#VIgLMA{p7tfyt)>r00NIY%rB)@~&d#p`E}ReY>6_l~S3fVEGh*F)iDUp9Se2N{x$?+zb*=G|Dbw34J86u9vU z$K6w6hMup6MjQ(q_zMW40;AiR_hxZ5v=*)VesmLXhga^04L6xuWTJRp+=X73q3MPB z9OEEq>iZns0mc)k1sUw}Jt(7`ZRQ#7$*G%!DfA3vLaU z|74$$c(XCUWmA)*fr7^NZzIH4+%QzT)+)41$J+6?;x}Gb0%jxURX|c;+@;&YtXE|k z5p*+3SAP4?|BU#9Cc|QV7U|vV{a4BsjL(~jcT)sIh6 z-4$Ec;Q(+H_(LB8%vT=s4P=oxM33nH9JTF+@&hZA&T+fQhH_TTl_T4NgV+|=@Q^j_bk(5g-!h&nW zkxVz+M&;)#SpT)?e{4ODFHaYJpJo9y=4 zeTG|=D(dhiK8>$K(p_|;41^>qwR^E%pEI^(1Y}A4$By13hzGukKi@2{Z7HEOw{zIY zd)Ke;&C5U<<8!3%&CSv)<~BoSv4FWcv#kbq$$^QFz8E7zUJ1Qu|>OR!*{($b|6xlNQ zA&F7u(i}|CxJLk8EMcC8vxyl@hjH$ZYcX$zzVp&<6ppzi16Y*CDUaI`oYl+KCRjp= z&_MQaXFY`Dwaq`&pr2ot!j2C4T&{y%4YYvvYQ_@kr|%8!MnWk*N4HiMgPAA_PG#B zzev*Q%7e$EsmRbsFKD6Mud%>_mx`Tg96T`E_>BL3?)m^-_h(;2um5%^?G)e3NtplK zio_E6I_sZ(DENEi%lw*V$%B2b@yNaUwhrRO1ZpqiHfJ9qj$ZB~O=8=A>0StFh=!Xr?nu(g+LQKZOO?nT8x)vcv8oUI*BYCS}hyGG{u6(7Rl{ zGj5hM2{%kPGlg#2AA4va%JJbGH)+B4jI$l`)Da7!70x7=Z~mNfpnjBlh9}5+eLv#& z6JRqrebExt%_+xw$ZGQH`9v!(_v!`YEH-PK=DlQvmH9NXP=9gt%nIe-9%7iARay4; zR!V4EG|~Qkm;;SxQ_cX}G?GU_hdZaIk(aI+b(}mqe1<0oUDrG^qG+kl78z8N2={E% ze5|A-OGMhGmOHX3sK#e5=VGqi@;^jQCH}WzN%C3dC-pJhnQ`8n{r4ng(dXHWF^$^YkSa9gBVT-6<&+eSB50f#eqHp72c)ch(SCB=%?d9rL(f-$?i$j-MT%-P!KUT;a(TW9y^ ztDzDX2TppqIYy$C0%15Wy$z1UFUiXH-j)?DF8O`~a4Rqz^O6Ka4?EAC3r=*sCe0L> z6_8|`^j&A?pDU}hP9Ao&gvzFVOtfE%D$mvB8M*?*M8Gm7pnhj_w;}qp#98tT>JaMssf|N3jWEf>XPY{t%n2B7^Jf;7>zk4GPo%g_sc_l+PpW<}j)5_CZ z$v0qMQAwY$rxq$L;w_B6^llm<9j*&f_lL!IeH%Ed!2olGp>v$O?DZ<7*L8#z7ku3o z9&mZY)^fBr0{m_*`h3Soe&XP-y^*0$H<|S!+?{H5GVM%d00mYdiI_gq_)jChMC&x#nU{RqUsy^n+@%=?h&ZAVOSU#- zq6aslyxfi@(yn$#lbVCFkLZRytY4@GU$NH+?m}AFRrIh1UN}tY=D7et!<-ZBWO(|N zTZhsN`YJJT-BUioc6Q7ydvCfDx;vc};aGa?C1e{WImH(GEEO?r8JZosQ8#_$$9^Uz zRzr4jEf{>cb59r%_#}<4ai7Bc?0Hic*&~tD2LG9=N(i)=;6#8DZj#ni;vB-do(G?K zNf0*SSL(N>ls_f@v1&BTrbWy-x$xuvmcQSMB#>q&4g%S2c%>ieZ}Rz(^@NJR8xSg* zHdc^`#b7UQ;b3~6oXcT2VIq9ahu1voB_sgPFs&o>Y@oA0j?(jK7Tlm>r8LR1wPxQs z5*#n#AGlV0$e49npV0e+Qj>Jlc0!m9uPE^_a8UTg1Mj(*=+lyRT&Y*BT9?jg9QE3) zcU-PaOzPP`+!l$JXvi~J@YkTJR_ssF6ocF)rRfA>)M8?MA=){T(K~E;}cpYnyGz8wH-AE z{{G_BI_ge666ql8nzOTY+p#H44y_i5x?*d4D1wT%oKPKI+sbO<;(S*RM4zXw`|$`Y zXr4R?OXUIU*sZHMPr@%Uw$s*=IgeCFd6A4X8magViyb;TJyEo5L+H6A zmEOVgTAF}F;HmXPGo7Ehw6j_VF7vwKLf`|6ucHV}h$H%$1RE5GGZ{W7$7HT511^pF2)A(j>N|f=*U~TUi}s(*9fQXS_PJiLuPtgC9NR+#aP^**hQOED0Sksh2oIaji%+ zf$yjwqUHHRV^iE&&_q^-t;9HN#%udbp1i+>C}f8ro5uT`(eoyUST1+n)7T2_sZr4o z5^(E?Pj#WjISYL5(q6iYM`L)mg;GAd&rVLI5NqfR1jgcUg(L^pBlqw8U%b6}Ak_c% zKmP8mqO!%<2T4Y62>UXzV9LovM-f=C)?PIn3OfLFJXqP6SD6+*_Z6h_o;jD z=idAI{Qmy^Wz0NZ%kwD1f7UmaDHBXuxE-=cyILW3b2j5T|v&pQSa^6C7m%W+$R=o-$;@ zh8p8AN0}*ipND)`OP-Bv*px!oC+qw~HK9-OmKcXxJkg*{`xUtvUAOCRISaqNz{mvGG5>!7V9;$gUglynrH?gJT**+L-bXjS zV!tr6U2T6vZ;CDyMLQKUgVRvWR5ser;jUy`k3oDa``dT$TmH{43mr&s^2h{Ew5ZR+ z8?oSbdCkYFTwtap5{*U)V|DO0kKeMJtSJY0mGSB3pjDBAtz{`KE+PSJ&huGfda$z0pv&?9+NwC)Ie6EG?R$v7>LcXkAz?<3`MLC zlHHM~IW6x+_`mcFzn{p) zlC)^Fv?t33BoNEsB~RMt{5yw3JU9e&P+l%b8Q;<<8xNx9RuUfiTFzE(rXkI<$FR|uLC#U6$+H~c>79l`E{ExTOAvCB z>r>6WiB*oJkrBXZiJ26SQ3_FrW#-KG1iP4qI9PZp zLG=Z(-g|xsMNX6T`6AfnN`M{(p=Hj5bV~y99+fG0xY0;b!$w}Tb-nKrY*GzG`>v`Q zVrjBS%yDXBSRM!nO5%OK&&kJTJ=dSr%e6(Hv5%yp-D8$d;Pj~CaY$Dqt=dZ=_j`f54_#@5?h~+!Ijx5UD64+X}gF%qc ztC67mN01$z_e0p;(#W(~OO*na>)#A}%zzRA;^)!+)GKkki_A@KQT{56)4FYYBW<*M zD&@p5y#{i~J}6$Y~LgSixLyEX0@`H$s zri==*$^6Tuq9>IeUoJ)5b!S@)G4Jr6^3HGzVyjOI-Om8d;I{A|>ry`H{M1XnJVM$0 zbD>neS@oUH(fs$8&J!eLVR1LobseOv-tKEwh4X^Q>r*OvOfl49zrx=Kf3;G z(f|Ix4Xp()dsb9WKXXCIPX1)YT!IAH>3iT66>?d(cKF*8S$euQ1&aKQMVMx+-(L4; zS?!|#P!i8Z8+dMK$-Y=M+G&ca@MV9LqPq#?uZ)Y%KL zjB&B1X4da#NP z%tiE6=L7Ve((Ri-tM}02tM$tuwj2}yyj-)%4V#T6v;BZ;nl5rO_Y|(MRiDd$`fhQV zmb5EHU7Uo%KZgVBNN+td>Zsh6L}5qw@5`rb9DcCK<4#`*sNCZf+DuRV>qbsOY82r&Wve&39P9e|AF zTsmBG_748_y;O~(Hx=X@aCG;!79&6M4fq&9e|dhmrGs;k*52yjp-vmy`DOW#6)V^A zdi@tX_VDF5xIE?4fVtvxq>^SBfMsVaR~dxoD9a1kUIC5IefjxqZUS+gLz%!r5uk(E zDZF|t!fh*FG!N{N@wPTPkJK691+__TmobqD}Vk1y*BqXADZ2f2STEbUFXIi3J_OdqkSbSD7MN%RXgtTn68kdr% z$$kurfR*cD;q|Shuc&dWIm$sYz()w1WQyo=o@kSXp6oiTW?t-ylir}S`?I~>`u*G? zI!cSt$^rg+2FIRBh#b-omG2@f9IeWGSo)s!U<}GD?N`KE5#;B?Ju90CP)uN;uL2MY z=qTxRpuPak76Nch;II6H|JDXza-eb0`5HiuMBo81AE2RZH~;^=w7ox&7mT{VMcTLm z@ERqIG2{J*;tc5TUw0+SKaFD)?L>05MSj_m6gTT~`X`l0q zack|!?jC&Tx=AvLR7+XQEg)o8y4 zeaNlfs=jrW-5lhr{HmD(K5vPx6p7Udk@GbY_H1*jqC#iI1er~hC2(hTnlu+GL{G81 z{JE1(_et0uOk20E7ic<$i6#5K@Z=*-nJVA%1i%r;&Ih1X_|^mLQW&@n?|@chf0}IepDM-JucR4&5*Z^|`DqjU>?BhStWqDg6UKq!2Gw7UMuZKMqG5D5ksv3YrY|EFMcztl8a8JoB9$|W{t5=V7l*1;e*((`VInXw!lLP+ymV* zLmZHfzxi_Tad{r)7#eh?`4W8r`;0MIH>eOKr=?(SVGYLj_yIe0iRC)+{!N##3&iPO zWa*~sW>z4G{VW&X()j%~h2AUH=T4Y|2E<0RKX2m}AvtssP&Ae&RnPTBp1Y0lqU&1(1BVuQ3j9w#JWw=tl_-B%?&>I=_KLOzd$&s zB7;4zVuqe<*4Pj;Iga#QX0^AOk??3S08eR`ujl#FNPCQ)DLXZ*CtoCn$wV#c>J%0p zy}ju@2Z_EM)(kG=6KmsICl$v@y|aP^e3wIRS-+E%WEIC{zn&?kym?I=m(GrAP^QZNU&m( zNNz*Q?dW3U9=_xm$&n{XZABHSM5c2wKv4s1)Or3X9nZ0DtXK9I$*v+*e3XBW zl|7U=N!xY?endx3&zXEe?^$=HHf_4hDNM%3(-|7k&h9J4cpba+KYEz_M`5#H|EGS> zLENI!W>|g*QJ*U;&|H>`=(L%h`zURa*uei8ZD0uhB^6*hz_7&sWjCN<&wUSfU`L8X zI1{!9v`%3Xibxd2Qu3AahQQkXHNrgSHuOigU;9dzN}wwz@`&Bu~sgVt)lY^ZY|A?(^d#e$OBHijPqHFC^zu+^VJ}t`68Z zX7uZ-tY0odIer`)`%pG6F)8|WmQ>=rJ2{bmd_g+a#4Rd1au0iBYrDlZyKdb*YgqwR z%z;VO)^i`K6^LC*m&!FvoAnjPDW-OdJ|Smx1Ezmp48N)gtLLY#=oJF!iY%8DZn2bssH`{Ru z*6V=TZRR?AyLqW!P?2}((muV1>-LTJSx^jBJX4E3{H1-@}Dj5%l5g@&%A3^iz-BSTgC65;e) zVS1FF^byDJbzB2PS;N>5_A$TpU`bHC90;O`VbpaTHs*=tT@iSzWZ~R&B`|8yvUH zR}#-e9^&8eNCKx%p*Q<@9mNSBSC7z`J!C@7`+gfgT3{T((g`F##En=Xuymx*K%SYm^rU}e#KJSTPulwJ^}F7+I9Sl{A1ceTuoiAtiiPD{X85wzk?u8Se`KM z&C@`nl)g1xd3jpFOPF28KPF6^Xb_s+e9ZBz|(a$UBgwP3FANF3-yE=*Dm zPm%WB8M_uAx?!E=z2)7f09zQm4u%ie_{vG}{UDlLbh>h(r^srdd#gdgD~qX@7ndGm z&qbTX@Kn7l<;3*II0h9j;0m!^x`#LCGZKC>baUe-tH%D?z#qp~DOJo|cJ(YN)R4nP z1Y4CO7hd8HuYfE2XFY@F_M?@J#G6mqKj%~$e9;XHbo_W@hxWwKrr#&!GQI9`v{=6? zAaMxAuEI<2q?^K$Du1|qTAs))UMQeGI_;!iMENPbeJHmJZA)#d{b&}pEG4_Ie0Ak% z(~}OoyV&y>)SD(2lFt{!afkV$81&ya4Jd6mvb9K}uHlWdLwBXE7t8fha3)u4m%UYh zNB)$#E0|0FedpumaapKgT!nC?gxNC0Y>Zw)c~GO};bW3rzM|6ym+pWW;nXRt&1~ty zlUqGsDTvzKa~ja}>T-h)+d3`GJ?R@Px%nGGcjV6UBqcL%!g0GZZDA5N<6RGG+0O*Z z{aWUlEv7LJ;VASwBgBT6{ZS1JST= zsSz{Tg2i5Nd1m_91D?96%w~2AG|xnCeUua9sZJD}<%;`$*Y~Z?1jFYRN*do(e2X*> zSiEUKFbDmxYL33_=>%BI7**zNB1p-6xdD3I5NrlbACvZS*{(eb$(1A* zcp|F}xw;5xn8emq)?1nm7(QnU6J6J6dGu!j9hf^6O=QeY6)Prr=S#=C+r2#A25LrPme=!US z_hb`~zEQREP~X0b9lNh1v{-aY6J6*}E|rBoyh4BVC2}@kHVRI3|Sz;)56rmj{>y zyYUrTj$t}RG8Y#UEsW^>k*^ncVFTls6~Xc4V$^BcM+GFxwmPzzlq;LEeV^m}0ln}c z2MoPcVsc06$!GgreT}1ifgXC-U_!$0bl)&SQf`h$r@Gjz+<-$TIA1#CiR%&e$3H%p zVWWBoq0*IokH+`Tum#-a`}thm5g|cb@ZFZn@`Sfkq2k)%1OBOx#SrwO8c)5`DfffqdK_4tlxx({B9w;)TjV7U&TDqxtBCeTzrxHpLnr81P ztZgd82_rmThAH{;B+YJRa)gSa!@d=#nI_)6#Y!?*Mk5EIwhV$rx|Isg-bkCd`SRs@ zLVm3V5=GuwJ`kk=l{1-9LlyI)s}gO~AZwA*`AMVCW4E&I%O+XjFUsCWA4uCjp2FPt zz9A7wH!FHrr=M6&L^T{O(ZcP&Np?ItaPN-D7Aghe6xFpCb#&c_MA~oNm2H z?-T6mMAthNZV$<(DRFpE#H4v1XZLvfMfmWU2W;S1prJ1l?^|EibWQDmT_=h%ghr!M zJ&KjO?kalrjr+DmpEA5JU#3lv5#b_N#5bUvv&X!ch%y+WUoT|}6U?pD)6Pyf=pjv1 z-FAPV@VYr=C;q}oZPF$8$+JVt*|`yuoODy&Ag;`qh1N?gJlh!$Ut^NpwRi?E?K1un zq2RqaB(cickl^8Wbmj0uLXu9*q~ON=*!KxZi%sxRP03cQl~=NuEE47XWg97u6L<{&XIn2&#hWo)f!&nJYszq3*&`Fu9b+~^ zvE#!Fxk(~q%fIhWi&6+y5`$d;x`Z%bT_l1Xmc*d1Bp{>xdtQ#V4cSzkCtMo%i7nm} zw3QU<-Iipo9&p0H&u-H0M|#?AdU0tB*1Qms15*GNLE-4&L57dR7GNXlAzpW{mx#Ls#j z=r`t_y$#JF@|b{|de`d#FZghr3s#WMM7%$f3!Cs6>St0M8qAPt3g}~O@f)~cg-()Z zQP66#*WtpTCF4&>h`$)zcK*=8<#AV9l0TC{`01F>9dg=?Qbcrw|Ml9q1jn$@*{IIgR$UE+8FqVW#*G5Bv-@8)K4+fk&4ckhF> z27e)Wv3APBR-s=XVy+QPXKLP`J)aS;(x8;PJpZ+qM?k@rI+;B1PK&EYkX++3DfK0W z?y5$sWr*OtsGhpiM0sN3Eu@C!@Hp+L#3Vy{-+J+t?+vXl- zyy3EG-KxYos7m0*s0|e4tu0Rcz#$%b#WUZ@z3mvdb zwkqW|C3?q9kk=~O{Y4{UlA}-*QLPcNM$+d;a_D_DF4OYBkOGdIt7BU=^E<`?L&}%v zKFqT&@>%k5l!HcW>usCQFdp)YCbspyl3Z^<@Oa?FE5c7iD+}ie+?f1PW45s+b0`m5hwfu)%${X zHv%)b4foos$&p*sv&I)`-fV>UKdGY7+la~BYJje1`oK(Xol)*h-?zb_w?jvbC$44A zXE;*TjfH7+o)%}8zZkn_VO8HOv3-04x}c&T?R=)kYMP}_zM^Vaf91WFnxeq1^n_rUz>SDT0ZTu6VmM~dy5gY2_8 z0}&BuL{bw~H#5Vs7{Z%1_Qv?@?>E;VUR|{ALCcS0$n?Uvh7Jf<6yEn8UJ~8BK~B{IKjGO%z{yYnJLcPC5}7-?Pxo{v z%5`j^$r~-8WJraodCND6t#w_Un8xX!W|F-~eQpfekzUO@)X_h25n^WCWELs*g*g8=?1|B82b%N?@?T&^u~sH~ie%?L!s_J|?-+z$*7T<_$a$KBFQgQe#tD zVR(bQhh`*`;Sxg;bovYs;rJp5k{a8!!jO@ZoyAniH8-NcCE{8uSl_RpTCaCgiYoB& z*ia2f`N#Y3MP9@4r7QClMYqN{MT1=)MZ*R*F->GO2+!u+AH33CA0=@2^;@ep;VLY% z8Ap0$Zaq~dOu!!zp)kH z{rOG6CF8}m6{LMo0H-k%*34WU)M|9p#^EC8A?Oy zoyP@$@`n__OLI5uC7MF*qM7dd(n~AS(X`&jktIOCNju7gwamDMg)xk!3E=fze;qtj5LabTpFdRyOFiu7+0`IB^=f*6Q;qM>)(Ij(MB)}siyzykh3?!5DI zE&L=C+e%8dYvdMk3_E;*NV_O0uZDnYdj}0%p4u0*p>V|0OHO%gGy54yUl?5k$sYxu z;k`@U<3ksnkFEJdwI@u;*5Ei36%>iVr7F>e1jd)^Wa70(euRnR*Nh(41L}yA-`;^E z?tY@{5D9wQXyT`7?rYq|E_&!;4b-=~pk&7pu7w@%%knd2qdqD7-K8&*igVEWokCfE zDZUPqv!sQn*CtF}$sDch>2R1$o{4#9dC0es7A84!^AgP+&)Ywy$2O6b!IqOoU60|? zJy@ZZg&Bm#b-58-@(01f@%9h)Y;{rGI!FPU`nhEtV@{ib+z3d^F|zmi@@ssBQ6HQJDSS+A$R{PyR2uKF#pYrkj#6e|zjh`u z#&rfLw^6epTcd|Q@%&JJw?4fa5gKLfHK#eG%_2=#Z)8-6Nt!o0PfJY1y%l^o#5e-h zyXBDJ$I^2n!YKh#cbI*t8{#Hc$*#t;0oR3~xK~f?J=k%{WZz~gy|Pbnmb|-&2e9Y>=e#n7y!(3d~^YQ^@h3gGI%1H{*Cwq%5C4NuQzm++W0$cHf zF0cD@Zj|?Mb7qp^cUeEYY4x()jPQ}Wzs)Ya;!NVsc)1s~v|nc1cY4gmq9&;3Is>Wb zQ%9(1RDWhlzOPL=C#~)OmX{(TBCJWAH|V_vktBqrdT^rb=8D+%CgsD-NB9j6lb)>J zu>6&;L{~VAT%GlmDj*b0X^Y63_|TcA0Gs!+c1fDZ5;v}ucx1I&YNMXKZ1@RQVgJr{ zj{Oe$$-DH)g+rlB$*rmA%1d5y@6!iXHFu=TOw%$QigvSe=#Qg>B8B8-Q+FR)u+apb z*{8ntVbvPrT3~p*zF8Li5!=O-5}TU}M{tPY2hy8Rw~BI}YyU8o-Jlj=xx0VO;?Vv^ zm#g~wN9^~jn`)UyUU22kpi9Q*dW7Fif3}#%pW1UFkNxg*=))CkTkkj< zb~pf-Dk~VER!~4 z|Nfg2MH0$a1}yH?x0w2rD{4jk@oq#?uMYTlE8gCs(fjaBSHIaXtzaqVSlIWv1-+-P zclU!0BVF9_xKE1xe#XZ8vN%Nc?bbT4`e+UcuVFz7qO&EWAA)oj9=I~)QfWY|j#<^W`9jP{?bzPG|Xu1W=I)eBh7COh8^!ZwP z=h#)SVZJkSp5CNEzo2e#`%RG=zMn)>ylOt5?i5yI(Iu^AH0HRiWd$GrVk!wORvmgw z6k@H1Ak|&^#Fs#8&)oVF{qaL8-6)lQMis`nH$u`0i18A>aVDUjHz zon(GGygXZdb4=X1z~`51CRrKBUZ=G7r=JXcU+Dnz#E^`be>i=Lpk5Ncx=;c;<%yao zUmQ_nJzjPdT*;*rtJ(vJ_*9lZ>f3l*dakVd#g_}yxBjFGXO&4W6df^`rN+1$Wh{c? zKTmDS&%SCddmC6RMhdf;xe z*P)m!grHlmOf|OvRd@Q2XyW=0?Q5R%m6$X$4C=ehWGIxky{9pYPn+p=UU5rHDG+!q zi&egdn@?^D$J}|DS!v7A2TBSpSRZYx#uE8pcldN9%{2->N4!`YS<^B)Pa>o?zE_6` zc6nZo`Z(U9?v?B6W1y@cf{z z&4^F^=h!FCVaX@G;uCXQP;@|`ux#z`uYt+juik6FqJE@*W1SkG+;J;{DZ*s228+6? z3K6xjxlm0)wIQxpZRM2a`W@I><3?XATs`Vr$zH|_Nc16(by zg%)?|G-FN`JnR?wZ-3{+?7bQI+27!(~TqlEDYlc;jGaN$v+)~PByTd?5eFB-K%#U{LN`}pjMcimhp`X z`R01CLm|Fk)N@^()%WUru$JpXqMuz{?y2c|X(Rf2DGWtVlL_Cd3l@2hT|cvusk-tG z{G~A8O%}xgMmCe3G-vn-kNNc5I&s<(iCV6*8jmHIHL$15J36`gj#pFT^>+D|HTnb7 zHH3CpVfrI31E-F2;Wn$6=2IpH@s}9= zT1Xy6QMU$sr)qc=G_ZJBU?#Wpi`Msog@@4mKqH|J4_IO2+3H(V$fq`z}PkMd< zkh6+=cqg<4Hw!Houa!#C@o_3YlXWi7n)Li3AhDmCF?zaB{9=TeA+&elDEwfJsq=8m zv0Wj&53i$L4h{3!_gPV^{+2;F=^IFQIWvNZ`LtQ3cLrEJ$FrrxI)N0UM$V^gi-i6O zffW_SO`fLZY>_5dK$;;azR#Y0%I5Legg(CU6aUs<6Z z%cirJYgc`+tlogx2T2Knh#!CAUZ(K|8PQ-^?mp`)Gi5RE;5Na7LWzZ^e+e*IJX(VE zeWFFKQUkDv#3PMPQRR8kD55yS3*;9vRk(}pLz)&7(Vv7f$_lH0AR9ks^3)KQL;!PZ z&bW?fZ>#xj2m`UDf#e@tg{j^?t|WS4sLI<|q4KB$wf8@`-xbGt^YI$_eq=ax4J*B| z=Ct8adb-f~oTz?}XEU{ph#ntYm-VANzlD6CGBNWzYm-QC-qW2hV_4(#&U9yIJU@J) z6rq8-zECtxiXZBC^dU%s-CIlD>Vt`^``(cg(deQ5$v5nClrqc1e?_!m51qYFZdu$iYP(=< zVSd@l_zi#InzBS~K5Zk)vb!Z{M<%85*f`xcSUGFc&AFg9uQgyA)2hVn%o|1;xD*?|N9_$bshqWh=@s56qn^Eh+mW-&n!?B zlISy_#=uuE+jh5Ybm`QM6>d={ttr|zPD4^PwsM#JufTD8$vL#&+EjOlLC#oqq6(8f zhCytPb~Q4`7gVsKW%vjdyy<$Pc`2upLaU6J{LzznB2c!ay0<74FlWx@z*@>LRdlgR zvSKB(1HX2pWTO$8lk#!sU~Lz{uCLn$Ee_;5KAQ(c(Ne?voOh=0y;2z>ob8%_E&nN) z*{^PQ>=#}QNhPYc?+_0M=tj(m-yIse8uQ}L*JdY&MT4_TBRk>;%WyY|q>Lx|ftlzy zX!#tkNz?&IY`2)bqT2m4!vgP_XAwu+MYb?kG(Pe@&0>FZctn2fsDm~*^V51t`SE*7 zs^97W!@=a_B6tZ|g3HXu&9m!@Ah4WhYE;;ibYMLX(P*4f zv3^bWV`>r+A#pR)MVu$SaZ!#F{l;0s{H)yRW$RAv9f{?K)l_B2-dgP03y@OpV0qux zn%@Isnjl6~ClEA<3cj>76TNnIwt=n*6;j!HS9QwRLfpnivx&=fN&I2PPh^EEi1rS} z6<_0A`B;CGoR4>f+EpGW-duP$wV;FfLYnDz5~Uq#=iA+VA{iCy1(!; zcrNm!IifRSp?5p=m6q;)AqU+Kiz&;_c;O4=HH)d_+_{e*&Zc;fb3|D^-O7yVSMPK% zJ5)*&$&f*k5mLiee%NGhzp{c#yItK`_OcwG~HHOCIDbH2r;;8*=QDNKurVJrGoLDrAyw|Xa~{k z?i}615?dwR?`ecxgP1y?y*&3&VU2}eIj4!gSJXym`Y-EV@LvB2G9sg#%6;)|Re_@k zU0W$*W$EkClXU=pS?>DU+Sk+N=ahXx{K3^?7VlNeMbWh91yTE%jqtXIC4@t7B$kZSCvJ>iED5-b+ z@swcAJe!w%R2uEwD7NOq`>;i*=GbL+(AB6YilBJ9-D?+#h~1i0%$HfN#r3XMxji_s zlwcJvah)`(|5g8-u$aK)dg2GnGa{3E(bCrS)OkHDPC2}cHFHc~Ch_WPd1Rqt@;%d3#n+*UL5@8HW6$DR9qU$Y5#M$z@75ba0Bj72EcqYY$$&tKZ<6w?7Ji9Re$@-Vd!C24K8ZcPP6f9 zpzfpnLM@-Jq__5NgQcq^wn;^#KlqvJgl#hy9ZxQ|VS8$W%iK}i>S0%RCe+8ld2NY| z)2M7|HhxX&>#DSBPKbCjpffY(XHW2XN#LFxr}wusXCDuh`S?o>7ISb!7w({?<-$c* zT7rKhK!PjjQqBPD=(Iu1McnQkQP`$;cstk}_y<_MVyBS{RL|)9!Nul_{w9~S;FD?n#ksx&)&Q+3ALFN;C8>>el1zk89Nc`rRIBy*ZxF%iRaA-z zd`3ldR;kVb<6ODhRGjg%(Anc}?$4wZ<^NjzxHNrFlF9FK2n)rkR|oqR+Q+ZHz9GMa z?UDt%C*77ugI4vvToFSS=gN@{jg2Qb#9eh3)yxDavGu5o* zlVwJR_mNdsp6+@vX`F<^z1bANogCacrdF^(k#%nXVhWdgnW|0ho~!emQ0qvKs%Q0= z%{cOO6Dxj9rAio;;xc0}`>WndBlb2c6$zGf6Ovy&v=leK62%kGv11PIERnBn5mcZ{ zM9q$2%%Jkejx?z$^nHbXb&fl_()msc@q|_1^b3Z^6W>hMFK(MwH@p3UQZ#Yp4h~hu zB(S93!+nklmZ>Z8v)TI;8m0ROl4&}YHY59^$ASA96UI$qTA%tK5X@rIJ^%oXkO8X` zEu#OxsSUXN9#wY!Ei~Azj~)~$()efVbF?TafLZ+~n$uoYt>MMDTpU~B&G3b!0n*A z&j27t&(RG!D9gvD!&0#IwtHf?UzT<%GyX5koRz9gd3`(@`w3%&+zM-CJg<{w$ipdA z9?h8Z+>E%ifU{;T>mT>xzGCZ7#mYjn7D@gGuKI5{-}N2@u0N1lrF2KJ#OP0k`p=Q5 z^&`#{A$26+P&Wzm!Ld9w7TYBxTZVMM7-v9l-5ulcFP8AIDT7Subsl4Gv=OOA>c(+|o{*ar1lOMk|3N#n4( zV<4rXq);Ku?+`5H}nSQ%~ZS6f|lf;|I9eGW;-?L%BmYIHc>UP%v z9_d;N02cV?E7D|{i1O@!|AW|#NYFTWr&?2#bdgiJ)o;rX)V(?zZncQL+%1rhew?uI zD^uB3{{Iuw3!s$YJ&=GCQax_tHZ-i`%Z{M->$mHtBt zSk3v!_s>9t=H`FrY9;fjG&$TIZx+7#2Za1jAmvo#+gnQFBdx+zP(vF@OOPTU5jFxU z2sEUoF{!>B#`F>HeTJK;u}t?qI@bGrn0)Y{|kZ z`&DR1cyl=PH)n=3-pOLRA&b3f8Ow!~@w2HkJqQ99b;oD`3W!wJNh!Qo)4hfo#_Q$K zr^mRTo?>8Zm$x*=MT>hS5D>uuC`UaE=bVWw#dts3;KFoMs~2B=zyGvb`)Tg>^(Fud z#-873ob8-w;rZau3bi!MiuEGIMu1YJbTeLE&IRk{bBsXIdZu{mB0WP8ZQwF%zZ~% zeGS;g+}akbLyaz|7vCAs=8@5OV>wl0HQtgg>W&r@9^pEgB`M+eFi(9nW_3j5mm2Rg zTUIsKR6#(yIs7U#x{Jj#5QnEEW@au zz2_sSU3(kMxA`|9g?iM7?)YbrfwecFX$Ak0eyr<`8uX#`F}!aQ9^+`HQ4=={HPH?6 z=a#EMZqdNf?)w^z2%LS&vunRM=x_ug8K8v3Y=@8pOZsX#Hf>m~l@~W@z@znigXh`G zh6+-IV+}IuR&?8;a8h(Q9i3q_R`E2?C}ovAOjaC+jcZLg=gDPi7v2;N{#Qj^{I;Ay?^fL9=M&m#Sj)7F@g(#_WXqjmJf2KgDll>hdxrgg}M05csid%dYA0-82e6@c6l zL3k&@ud<4iG)SM*Xycb>;P8@xfVhDpU8Je~YQUMo%LKXfQ;7&jA7w!~6zc&I7ieD}sO)mH(dA8eb3F6m| ztvlK{jtkXv{KjPomm|Sr`;bEaOQ8@FxG7!(zmPpsN0|8D@`Exe&(F(J2;X%a^wB{| z=&1< zHo;%oFqlGent2b)2#kcYy>QI8pE=%*AemLp&{(Y#o-jLl0v!wg!4>3yJ}}yS;|Rc8 zJCmXwC!D9jNCEj<^%mPZW$qRJf6STuoPN^7-Y#>jQk_#ttvLpKTEY<*_m2XP9Qt?- z9^JTp^)bFbeo^9&Jfd$Cc*x~}maBi=s+Je+uT^k-3K$V7f9!7k-_DkFoXa)Wl94sT z_qW1Cy3bDllK($#AT8i&rN1fc-J2_#OLDSb0Z{&f|MWFkbD4u8K6vcu4cO9iQ8RmP zG>@%~&)D_%j>r-XP=N7x>*L)|$PzWjKs4MwJx|Y(kCl;F@$#QOG5^DvhsF3wckQ0S z(bvd{Oc_#y9RyJ8ksvEDa_cNt2$8nKP|Tbdy=^P1S7^h*l@B!TlZfRVzI$MgJBf#M zPh|wQ_V2#6bgT_^&O9G^z6~?axKL+o0i|Wfo~?8U(WU$U`NB8nGI^AC&fr5-iM}RE zw<>F{EDk0i|Av|zgfH8JO75+&Gz#O>{vX#1(e+T`VC88r&3w`|Ys&*gCy)XvG1F<~ zLg+5S0t$&tBM zR9LfDeMab3EA+T{nGt48a0Q^H^p7udFp-~D@Mh|9e`SkTft#F16!`JNzUWo*xF_k>wqO4&D5~Yphh#To8$WZm7g05=|3K(R` zQ|M_spgd;%@f3iE8Id;b^&?lPQ0vn`x0)-l66g7QkO=%bA1{)UI}AECTGBT7-C`uy07hk^W{>VmUwyLcV z{0|6-;DwIhwYuC1pMGOFYySBa8}^r(r~NbQLzi{E9N`L6z&rO?wD8=e57H2?Go^?uoBwnYo_rN5t_y4i? zo>5JGYoo7-(hXHb2~9NgE)pPs0v0rY2qL{#=|w_Eq=Y7@NDp0zC{2nWz4s2%d(WR5 zKsw}3-1|NIJ!jl|znyW$xZ{2^jJmN+IhSfQ-!GqUGI*e7;5KypYbp8vE+u=TNazehtoc9a*k#wN#^JBd8Ez+Av1gj| zU7&dt`Payk3pOjBXJB<((*dc{!sDJr{)*)&c?O;-FSpE}5~J%O+e=66YDFc}cPea) z_R5~+RctgmUw`&HNj3$OEiEpAP?hv)scMftT5Pj>3`S^F_R;oKd@;cuynT-~01G@k z-J#Qc_`=CDUDvA8x$wpD{`nFq5dGcOfBo@9=l$FU-ai(c6`rc!I#a-GF(3VJLn@{9 z&DY~5o!8Y$4R|HR!7z+|oAr6uv+o1Hld!A@L(<2}w%?d**HZRIBS#2%Dlh*58gjVX zriO_A?Ze@3_mmBM=iI~4Jwq(*zwW}DmU13La!yn7$HmUXDX^Hi?an=mTv;m>udb)3 z^p9bjV<%REg(;EZ5tvWD9mb*ked><_6T}U?Rx?T zR3Z}Iq*nAtT!E90>jSbU$vw#wl^-*Q`!(6)cJ3;%c#omdGey^qEjY0;w31CiVny@P zONPGQ>*V8`8_Ib0mK5hoit9gpi_le6fOHl0pAyp9-=nlpspTuHO;DXeaYY z(P{^d?&xn)8!h;f7P}fn_l|Da&r7a|52v8iT{qi%8rr%~=W{T?bPV$IUHCVgC3vTS zQnCj1H%1l}%EHK=!IbwL)-^cv8ms48vbQ+Kt1gAp0@V1*80LTscM+$Bwf$|~XFuq#ey0I1L`H9W-W1Op`0qFTD;2mJp(fhgnq-?tjX;8fW1 zJq3cT|26I2=4;qR@Xt@h+Pk-+T4Ag1=Mt|U&g&FPPzIgt0h*UF#-G$MD(dHL{_Gm$ z|7zctR2FOF?tXm!4gJ@SeFr96*IzMZEcVwKZTtpWH$mI(f72KL01qAdR|IO%|NBND zlk@+08&yW^!K18OHvrNH_P6Oe4m4m&@ES#KTJVHUPEV_U5eWtl5PheR2-KF6#vRas z7OR_CJ`VC~r6f2VSheRmn5PR5Dw@3FwcqSmV3KDxcf9;BlmO_zT`H5#@+xR*l#!H_ z7^2=VDHnmbHp;*@7O6q&{zUU`4}3&;QnHC!=&ga!o5^I>_JqPY)f6R z#6YHFfrW=-XpQYr814_a%FyPQow$SG`BiuIZ02sB@*uz(uCO|VCeH62kY*9UL>Y?& zeJH7CmJX=wpx;MN`tp&|+1Va>L)YT$lI8%}fRU7A%4|*&_tXP?9Zj%8B2b-IDpVq( zUwm^Kp*r#|oG7DdsOMPXwdZI}Htr~^_`$YyiIZ}THK^-8HDXBO!;a*;Pg>ebh>JQx z%3`+&+f48l3(yxrWa68Lo0eb$mcjE@5ZS!9h0g+ARfmQZlX-cw_b=Ytlgwg@t9LF= zFO2lAD&^*Tq*bka4$rRQF|474TBIUgrN79j%4jTb(;hWf2e z2ta@iW~9Bv)El98B1bRQ?2c${Z1Q=1q(xVqOb)r{-LSBnVp{G|NT3{8gvo9mSkRW# zfkNS0Zl402FLHX}zT65!Mcw>V8O&&7be1Jg=ul!oS@==kCc1~V+yCNQ)byC)kr5Oq zVO2J8YDlH_wFY=Is%-S_j?m=e2hQ}xAs;u(zt8(Q6=9la33*sgHY__KC)JBvxk zbkpZ^S^>uZDVS;s;@95|MD+yl0wXndjfQur4(&5+3K~8?9ODL%zZ&lKx8UG% z-TQdOvW43xGQ_T3tIXds5}+1-W#xmG3hw5z05L4XBN^cMCL2>+c|kU8hEZnOU?3(e zr^3rRxvM)FevVDmH4^5hHa`c*kF;=SxgO_3$qwFe_bB=nXVa2$%y+!0{BXVIO+orEOUL>+Bx-NGSs#)^v!! zrz0r*3%mNLu0m{;Fz3EN6OJ}5-RMXJMg~K9_bFcoJcS|CVcYPIM1}J;+IGh z6o2R&jWzgP$n#TMYZm8kz5=GWI(0oxuuBZi8_d54q&XJ^oOJ)BjCbPs7a6h9Ec)y! zqTXOmh%(+2G*7DAfrxeZlSu9*T}z7r*HLod?|u%sW)kH73zS0UyZj0Ybu@TIfOQl*H~Uz_MJK35=Q3M<#DIb$h&=kT$EI*N5?49UumE?Ct#ZznqevH8fql>}IB14(55 ze?D0Xl01&dd*Y%tcN{4qL9mkKfS5}*4fY1<#ab%8@xN02ivkj-(2$NiiYp{ZF=ro$+UY4W?olWSl;2Tl1^L|*V_7v^bP91GAJ-w7O$M~fsp@2ie?@2P1@oZ6`YQvh@z z38T!bI-QUJTX3*aG;cVl#_ytAns6Y~JJ#W?`fGEdT|tXm3Dndcm~0pTKE(>n=v!Be zvEdp`_ZU=QkNHM!2vDHV;4bPQ94;dpZqh^)%Gvq$HLNP}|w;!+HCLVtH55c0Ft#f{hBLJVcHE%R7RA zZ&LYx(R%-H%Ig14=WWmpnJ>)(jcTUIzy#EzDpWuQc`czE1r)Asx@fuu3^dc**|jIA z>X5OUhKB-Pz!DeadWv|*d*MOt_xt7>~=9LWWAYxss#1)0;Am2 zU~{d0uNsJC#qbinEUEUu3LVdXph7{2DwScrZN> zd@oLmjzg8@hbTBmN9{lcuu9kCr!2}7aTzd~ma`6|gKrdTMvz$N+nq#=77Z(5;;y&{Llj#Mziy6?9*vXG?rmQ{m z0O76>mjh??bF43u$QN;>0#QJ>CIW57e>>a&GvvR5m z6@tvDr2V}r5J~bHDi#HQsj-pK9F%w2r$LhDRuey;J!Y+H=nhGa|C?Auln*KupU7~~ zcCSSuH@4;&2(O^Jptq>#4*pBi8^4&jQ9yV6gi`|%FkF`N{EP^eQ7A|^EN}838R>+r zGld`j{@VUN(B*xqs91RiQ$ca}8~#qU6+oeZrUWxoM4;rrCG|>KfGUF8r`ybd*i!^* zg@IUlu52g-78G*6M4bO^iR9QXn(V~fZzLopq%va}6G~RHKxrVQ z`u+6-bqBkzSYOi3u{WWFk2Xc15+qUS`~tn71G#<105$SgPACBKh1~v^>E=2!uYuh; zcpQ#ly7qIop^y2tqx5|gSNJuTRfhSvXu37NZPq7I-O;*TB6z!%7(#A0T= z@!@XggYBd9YYkdHE62vhPXU9}&LZ850$8;!DSL{)7?&}Nd|`7Lh)U;wNiaaFfFT+2 z7ouhf~oO>w$U%${Fd|augvgag&&3hkF=IsAD5TJQ+)6}Dgn|Jfm z?QFMlbau+W7Y)Eu4v4ez6O#EAU!?uHLw{pgN$J0@Q?7O>Fgc`U+CE3eDt=O@Vz#)I zJ2g2d2-K1CZYRjAD}zRT=-jipRGRc!M7KiLXeT?#jf^>ff077oXu>9K3Qoqr!tCiIRF%ryxDgv9!MyQTV+V+Czok3WvK~3cAOc|VJe*Twtdms5%_~` z8MP_sb>1c)*oORWkW@1&WUm}+;C{fbR5=WAbn{C8dKFN40>O*VrD_tnO|9JN(?>z= z6TYe-C5nk)x>m!}4kA`P-Gwr7~XJ7o)|E=X$SS1NtK} zlHC=3V1Tq2OQKyD!?HF%p#uN?SM>s+Br7zV>Yf&J%|xP^mpFQhw=XkpSJDO>=M)Xz zYL34d6}%^zF^qa}wp|M6!fM{dGGQ6f2Xk<)BQj;y!13}BviHg6?Q>JGZqdEVnoJv( zfC@s`_`)6bD!x0^|0903h>&QbYIy)ot_xwL@t1Fcrg*=5W?K!qzFy)u5@4xLrl|oH zivzhFcMW+q$r*=voNxkv=Cv*Yv_6J2(Jg3ju#iRAYBFWjS}AwNIep~chLP1Ux6JUu z;czBwyI?rpKZc}tyPoVTw$Dd^}{__nMUS1;jz%-Ky$`)T!io?RT{Nt21 zjos_0@CFf6sof)iYU}a`P>|M27zk1GD!`e*L}EMOY)9>)N(u||8C4_MW+{0HD+ix! zi~|?rmKMg$Ei~j5KztUTgE9+v*#d)o$Q}%4XHswJro?@|a^za~f_tVY+JWrtq z3Gi1yNVTaei+Z;gj|R{$+@KP(GJTisJHs#^5H$0)|D|NW58B3^0-CpKCwrh7IHm0$ z{Up~=M}6ig!4RBepZ>%PFVN#X;}LEVv>!KhgEThv@)+})hBAH_v}{I{Sa_*Zd>Ozm zBY_d_-_DoJAB8M^0#7411XLlLpj70_fkgc-j!wuwV;suQX|A zonrf(6^nY1LC5>G%+ew4)g4C*%)ev>fT6jdGD*-k%d7^JknSHsdM6+4l7>_0`O67u zGtgkZg|sHSx;lp9Vi@Gs<4`xqt(HLZbxx@=wuJ#r|J-X(A$H}1N?hgJ?&SoDrdbhv zmz3>Qx=n`}xw~0q;#_XM4>y=$$)ZnDQ5*sjL%VDP4agobyabOVS6u(gyy48N3WRer zs^^u$4|s1tRM`8p{-_i3me`BD%Z1ubTne6N4~MnZOjhoPbk7_{gLR+O@nr@((O!4)PJ?0iov653F z>_I6=?Zp`0`YH8OU9*67s8|BtG#kLNVfu5xyBsuXc8Hl^n6;U!j_>Lj2!!}Q+nOYv zGaO_NnO^8!tOi!xyrLTcIQH`V*fMc1l2$O$Lu2B}{AR$LQ-`?hREd6t**{7!`?fm2 z4HwLZ73%YNprd9Ef~qg|8Gm$@i`JLQ`%@2C>LpO0xhhHqyc3>!*xcs#9FdY}tinsH zY5wSfva7pFh0}K@e)zag(@k72wYSk~1&VXY(W|Y-$5yjDh2+xLn0ZtjoZbpd$;8v0 zdmZDBp&_v{Jrunjd0rW^2PZ;Z&^bOgU-c0iQM@;dYMpd9XbUdft$=@}?C9BR_9@{< z6w>sb)})yv5gHlcxH)tG#lX}32={>$C4$kr#Dw4l%rYiSQRFSE_RGuIM0mGFilx)Y zzTJx?$tFf6^PBstFFsy`zg!c&hjs?UQCp|8u15E6qx;!z?lt7#?7Yng+*v0?@khk2 zTtS7~UtKSOd2zbaPz$+H3(>N+88AjYG^5Z<|9ZIY%1zRD6Q~p`PDt2BonjrnNkizy z022~k{h1#=+%4j;9sv|uzwz<{&3^a3QgNAq;kKgSq`TR+@}8sXj~W5is4&rX1REc| z^-H|h5O1N?qRBL`K4=x@ZrIT~i&e>4+8pD2JqMM(N$x2RS@hk@_G;OiVRN1Y(G2?= z<~E|~g(=>BOp!u(sMMR_0f#F*lUgj{ibmXzzajfDTxadv-9a(z;lG)bT$HX*Hckq( zeO~$llW4A*oy2Cddw%84q0OuyZRy`u%yS66G5u^`Bmzxud|}eUn@S`FKcpLeC575( zxHaDT-bXLi;3W{Cp%~E@7-Uzm&XA{I zU1{i;VVN&cb&YDmXh|<$yen?XJe}=f6KT~I(+Q9Bkh{nGhFd=$s;7(6(pSl^+>u+n zzDU09y}hK589a|#nWY!1LmYimkMGXItsI+%f*NuQenX#ibdb2DWDVck3z#=r6-h<%AkEOevLi>tUpUFF=a-pdX1+6-r$s;8xP*7sO^8Plu%=b$R14_;V`GW@H z{OQByUITlOhC4jkX*b|@Px^H~p1YqcekLRtH@gZYZa!0TG3iV&dj>>TIZMp1&H|ZE)gph{N^O)0x0K2gwFblLZ`{;$qK@ zSf|kZi!G?{At97KqQZEVTs}U+<4yK<;wieaPk@$S#l9rHA#Ap2_5x)r0y?EFlC1C8 zw7h!Ja-004M!f$Q1D6E!0L{T|dTE`wuU%;3JXkt-MvQTJrca{+;V1*C6(v|AUz22< znn=<73c$m{V#W}mE6-K0>f+~NSwZjj(mAT8y_M`N-9W-9gCTqT19fvjF z$tTeWR6|%8%MnvS#n?|Zb9`t(kjxmdf|mF5_vpLObX(ZvSJq-!$jXY?14^>}Zc`yD zTxy`iYQ-rH!8h(al17V}%W)eJ6y~OhGAo2$sfo7B9dYr9_y~K#)YzA^x%aH9eFQ_+~HS()w2e^wko8~mv@@(b~bl$o9B>D2F6|fAkfz}M705|O%UEXG74Y$UB9i1 z90SwI?i`E3wqN;h6nz&ZVl+u(ByCzSK#7`pi!+$;6O3-cfW#f>x%jfQ_xD}ivo8)G-nWBZ#6xD_^lw$Ng?L7QJxijUX64s64b$p6QkqxCHXksHFTN=A=MlE zg|LYZZbuT?Pq1Lsy9<(xJ?IPcc_#m?j1g|ouO7`Eyy%mAki#mU7IdC>ZDhNl!J-_Q z^f>V*%>1XhmlF$>s*&DO`g1t;U<}q=G83mynH1|F!f0+hj)) z=&l`V^}E5y=NHa~UbN1)cNeNwCUC+A@_d+RuIIEZk)qxsjTJ4;DaQ5q%=&=PC{
    |s~ZY|b?ywDaFr1N7U*MGB3I(^wG^@2iA4wtfU2_@2XmO3OvKko9j zCjIiB*wyp;iC{!}c**1DQEs~-@0*;#8nxr`4slviJ{9EHke9^CM#iuiePD24d>V~X z@9)~sM>E&l>(hB_(UTB2@@D9y+u3WUTqTnD)UEojgTKp5y~#;sYve-;TQx3}-{||p znq@>UU4+0gVqNb15m!5S+lx|~7B};*R{Qb%P0e{RL@P(Trl)C%WK&nIdwq!U6dCNa zK6nTT@7xrYZfZPqJ%4@WIicKgb&cm%c%1>QtmSx1d{s$y{QNi|ApcF1f}!{B$R{xd zzjLcC%Ih1YgX;6!k51TJnAH+i;uj^FFkfJ(USp(?Nnlyq)@*7^LSgklwvTB&d_T+% zV+4YN7=mg&t}p3ZIx)X30VgghcSmKO>0_oe8Ow(xOlP!RhUfCSlWx( zkgWZL;P3EihQ_!S|6~nhT)%xwDX4u;9LQDcEUT7HWZdKg8M%X->i1or)_9ls=tsWf zUD0wW2$_AsYwL?|cvR2L!T>VC;nru?(9X+%TNdJ`yds|En%WenO~J14gFW{Xt4n$1 zGySPi#pE$+?7=#$C#4sw^w2OfX^t`m*l4aCu$PlqbBgz2Yf(bczWwe zr$Upd_^uT7=Kh}`PywU{vTrCP!_BV`ZG%b~)EZ`=&zN5O?HVW6CVVaZV1_Y@)n$$m z?amoCK5$F%L2;DEPyHlgj8x3e9Y@iHoqVwpsU_DB40YUg7D!=bQsrAEV;e%7!oq{g zSF#GTgLNkrR`)BAjJ_})&orz4#`Y@=B-%|)w?+v1m^se4C(g4@Z0aPvZ}P}?=MP=~ zVHh~ogZ!Y$Ac6>AjhXD<=mD7zcZmqu%I~9OLAk=S%zwp8n zofQXH_U%Fj;Pv+NsC1ue0WyXjZ=e&D+fnH)m&^N{B0+XNH;wK)eGB~L)MY$#d#w%z zeUPjowL8bKBkREBu#iw^QycuoUtaV2wU(>c1bkVyGJT4L-^h@!`PaFCLL zXJ<}2>P7$|4Dt5z@VMU(wtRrl1CC$(O7KNb(N;|TW`S>JNKCGs!~nyYOf%`g-1U0A zD`g10nSp0q>!!d7KRdxzk{j~#%XRF*8Ek_+9}N3a?WQMn7+cK}l5H?_IE#RZLy;Pq z!gzO#zlOW1=!6xHgog#!-|4-@_bcCyad2(m5_jzw%NMN)lS6dJ5KNVSNeHw zA>Q%t`yfFyPyLJIy3|9@jx^z%m+n#5<_6{rRUD{Kzf2D^0qw5j51O=4Bg*S4F$2h4 zBQO(=sB&^l5Y>rRrAItf#xo<~ue$*bg27U&{5EBb;Nj1Z_y}CC{4QV9fm2BnJ21UQS6HS78zc+WX394(~iJ1-T%Nd<$fC>~)EF%Ae zV^UJNLGx3{^n3be7!JMuZyjak7&D$mOMK@3#myiJc9{l?@$6unc-LIdQy^h5X7+w8 zcX2V2+S_idwYu!;2zX8jbSc^)9=8P_xeDYCC=o$o9wq;_TO{v(pkX9TiP{@G^{Tl6 zungPAnpwJ_B|Cnv$dHSuYH31v*9rP;>W#lt!fZi34Q9@vnk668?!+gn-*EF^2XrOs@o?75+n!_t!jmx1{mnXLEq+|3_R&DZ?bw<-?# z>e*c!NO1a(cv+T(3S6FHz2y)NL4VN)dJ~`WHBl6!2!q3iU-353yAwD~rU&*DPF6=KUM@cmm^X>fF zssbuuII%w(;!}e>x|pVheANu1ig%twoiUdOziU~g;mN9e#vfsDkmLA#fPd(uM;T*m z*#eG)+=I^)qI;_PmmglMf;Z`pq`u@0vyZ>mSa-+A(pc4-jX=3W5nfCPdcMAtZFRKB zkYZvSl4_?3wn$*e{+{Z}Y<0ZvyMw1b%2Ut0oY3*R_pRY3wYc`|z^5lN?{NWo-$NN2yZKLLL=Lms+1Vv|yKfZG2o2*B7;jO*j z5fiy93op`6u^*rYQZgQXnAf8J@jfoNsv|l>ff^Z;W%!K z2&&PUb|QypYp((ROPV~g>7F|sZhsZJ^3G>LnEkYjWk&}g0f9vONj8NurAD)Ve*DDz z=WRNwM6gpJgEq*c#^~C*;6V3;s>LytSjKX0w44k2$&egtJtD+)n}M|DLyv0Fqt*B5 zw#G`ckGa=(wLJVxZktnGzCjvtW#wX>_DaIE{ zo+|X<1m%{D6aINZaMiJ64rkk^k0?>1KRdGnmLmz!Nridlx0r*ryiQKfQ<^!rr`h^! zK6{{JXaB%^MG0)o19%g|Oc|>-b386CG$TWaVd#nf0&y+{Mr(^1W4!+RHrgM4Zkw$x?5AI(@5U=1viywj+zv&~U0xLLR{aRArd+ESS0^OPs|e(^Z87-d zk83V{o!N1}=eK-K!%c1J7NOzByeFIjY?#xX7TV}bpELYW4TSk$&fUz9l6hMWC(o2C z`2Ytq4$F;&Oe3$u*T~%TBOPr%kM0QK+Pj z!8>zpCV|>Au9WAGE+o^xN3wqj%+bGy5Zpkc8c*q57yqIy`9{yp<)(I#gi(;2kGXW(~TKVj0LP z?UF4SOTRyMHHC30=5oyrt?vdPD#OHU*} z|1fBekv@d8bL4F&`ljawlmAUQ*kLQ2QBRbQ%=l|-YeLD4k(=;q(=iAMoDboca&k?4 zn;lMP`r&QH2Z0aISCnK)q3{@2qHfQdb!2!gL7@w|{ZRQYihDbTm7FP*DZKIThuyZJ z@Scjci~c=3^+a-B_q>wV!~uxKZH|NlNQs5ZxP;B#I1w${%aJsg@Lv3%7~<6CKIX?~ zf;BCkWL|ZRVtSZoDwXn-mmf(Y)w;F>mKZJ`c74&B63pdF6J8dr>i@3RIdb2pXn&Bs z+R(;*NJXVypRrC6;u-rT$#{y^QCj!r#g;TJZEKR@dBT2Z&5j+k9vomEjaJbDZiWwB zGiq(}epD5YE6D~HQfGZX=5N(xpWHUM)1}JBaptlrw9f(Ae<}#t*)vZ_poX=6bweNa z)kdFG;!mQJ`Ha3Bj&YN$IgC_&V&PBPJ$W(^xg5q!ZcF3NdeuMpB-rf%@AbvEu0WzT zW)z6fK8|p@R8~bv85^#cSwEHb@R}zz+#YugfnkPmziBP4ELFK_PK~8&on zyM5hZsj&YNKB2OAHr|I1^62nmtVHD;Vy!A)OK#W1^~DRNbygGP zkPhf9qyAo^M3WI>mgS(br3zrFn;F{M*u91~qebp}++l2I(l_@P((l#j?^v+&twbma zQbO;ew?(hAuzR6T?&x(B*=MVS1>G(Eom7iDR;(D#NQ>BC#Y5b+j9yAKX@$QAG)vlO zQbxH;S1KsY{ED9X#ao1_z5RH{*zkk<&tR$uTYc-7F=|lrJcL1{p#mbWX{gS9i?FzD z2Vi?f^`w}j0*z2A5#$1#X0`-G+2y}7roQauy!13|Oey@qkVFbqsI|vx&iv#=Sx=6| zQ{5ITD$0EZhk;4YLzzIXt@v+xpb!+o)KW?FAPed<6rJbg(7JN!!C)SuW;%2~^TPBW zfj%oYaoonzAk>rSD>F7O#+YJ&>+ZK&6j&DA*fYUY2j=QkP=YCj!&zL}VA%0a_CB~l z#jz~s9xEZMNB9w&KJcdd?D6lOVnHI!ia+i8CB4VAIE)v1 zw@dW)R0+LB(3SnxDyJR>A6AQW6g9uyf>amOd@JOUBu>BnJ0u6(?#q|o_-%)%R5%8nySn99**Pf)XI6|!To zK#^pO8iLvw!ZjF}8c zFtI_WNP&#BsI5>z8-h?F5f4`bp{LOv(tti8xMS`JUXhKgzxId5Ck(ZJXMHEnJ#q%( zG^Ox%V=dr0%b#Y-4fG}u3%~3Iodc{Of1xVUS#h5DYj|)JL-%qlX7}4;EL854%is9u zoK}eq_KkE?$ZsgHV0v%asOZD7U5VZfk&o+Hh(5%N!y`|8)kqfH@q98iw+wCzl)nDG zTygqka@DMf9@MsjX393`ue`8K-nV&e8#zSuMge*^zlQ9a(L5PE^S-4lCCUR-WE3t- zbgGvdCZ85|X+M(qS+h#B@?4w9^JM&o8$Y_9L3_WeA=gp*yqW;M!S6rY8NeA={w6fU z9$s)expGt0(q4nB-6@p0*%I4AEHRGKN<`q~mr?hfk!SO%xPRx>=!;V9#U z1qQGY+g+Im&}@opXi?dApHgK(nm?F8^eE&OM1cx$IQ`EHMrA9xy%eb6qSxC+Gev`R zQLc<8gAg25IjgdxDtk4kJ{qX{ctY%WrCidLxJq8rIZo~hzc9m|RYu%F!O654^=!D==|+@_JAUg0PeD8*D#-QEU0BBxFbPXd>W$RgjVahK2_4CHMYqQ z@?{3?{ddU%%w%r9>fd}njr^V+DRzgI%Jz+@rbt_oaXZDxGR=}wnwbdYrU0|tGeKwd zw^HG`m^p+40(_;7vovS1e`Qzkr{Cj!o6-C-my9-P>kwDnqbcrhvbEo#`cBnh)A;zN z$CK*0E(FW?3Q^0JnO(YH(F53;cY z+~C-Zs?Tm>)7nI*?37t`R*v(;seBqDKwmd z-fLP%2#lH##vmTgxI5kPZhi_uup8uqmW zPAr_YKLgul{-IfO`cq{v9GMm>yx%BJAu5v{GQu<`)DwGATJL__^ppIB-y_k{al6)H z5=}Cgpm#3U8cl4tT7S@^8RXJ_jZM`ZLvp^T=!E>t@>`o2v3Xa1>PXO(^$c zx;;4oJbQj-T&QY3Sqt})r%Y#%@PUz!d>vv9*RqKxhqdv_wIog{QN{Wdt98EdE_~9? z>Z6qW>VN?1nKycv0v$e8BI|D_VRi&YPt5JPm-H)t(|WGTe{?WC#K=-^gzUEYX#U*a z=+Mt=en6R$FYBp&e<#&zVfEOA-kr3wm};TTt40SKhgx<1xg}esvBFTaDWA=S4&+|} zo4nsB?eQ!2&ewxUz{(*ay!CG1QTL(WQ*11=JE*DLzQj3|B7qZ^o}g}(Y7jx3Jue!? zGNZx=^lB38sy>K6m)ZZ5j>}S_{;3o15x837FYfx0L^s(E)Oen}ZNKarq>roL`6KZT z!R!`Ed-Bkb?%ou~bE}0aKJ937jGt7K!V{mk4$u`)e*2&^5JH|PNAdhZBR+iwSzo8+ zNc!FrkBrg2e#;$>f5}_!7^+CakbYoL{OF_B;pV)4J+g$}OO9i6uPQRGxQ0w}0S_Km^Rtt5nHbi>yC7tiDX+MVOw zi=cODuXg0c*G!s+o42-wJg7cgOUO)lfGieMz8ltnc%^XCloj<@Z3SB^|NUVNbP42% zj>~6TnJKo(*C_NVxJ}KQ7Qq_T5?!G@umYztduE}!L4v$K?FL-cXLAyyf%l^f!i0Z- z^8f_Yr5XOF4XEeg-P<;L>0!2HQJjarBp|mpXNglz>AA(1A1Iv*zU;$k#N)gN zh%bJ1yt-c*(&?r;QgNf{I~e1c^2V#xkF}^lfzWfUS@|Nw23vbAZuwo&Q=jE6WMPb9 zJp_Oj#>U=+)=lfdvufxM1ROSl@khmWJA7QRndso+`ut%Ed+t2~lT1Y~ch=?UQ(1I! z{8_gZCY|#l4viom-{5bX2s?fbKRto*u#K5L#LS)Z&O$yE-;Of+z)edV9F9ocy}MG| zu*kAQXZR#pt+QipU#;j7O#Yo==cA$_iIpL4^NSSv`ce>l*$mKeTb;_`)Rig*0^jHl z^Z}o3k$zb!7wPXhf1Tt8M+yu2vCOZrBxCWcg`Sa%+ML;g88eS&{V%?NYkXG&)mGR^ zIEFMjb(g|;?e-!uOfo(8DnxYiE+5z8kDFi=2q*P`%+={)vZWG6w97mLarEaYXKSb< zwv5Z|atR}AYhrnPZ2>)&@yYxF)zsTw^7Tdu?Xn-aBQHHzo?Cs0l`UmLkFU#2wsS94 zZ*_bP$e;_0G2*HI^*FzhEbU?hXtn=n&HxBeB%@d{QjFFaIx=v}o8sM+*}K;J&#W}v z$gN$!Dz+vvuwBA3a=hoF>dSn4U)HVb_ny}0+t~*RnngjCtrdfB zo>sUoH?ngM+rz8OhK;jd=u~cU=>Ky2PJE9qPs?P#z?@Zkwgmtgu(1f{j2`$c9u+I4 z)H}@cqso~U;^$f8amO;suUt)g{fYi=Z~3!+rpUn@>nP3UHyA{3hudn;mbIG$qk?!I zR&-W+Td_%f#3Y0HKv}%^`CD((#HN! z>t-tzfimo8>D1JgkJvHBsnjyV58;)&p44efiU+>9n6_%v_@zyqh_T!&Cug}EZ+1Jd zyzhHrc>dS}ijJTzph4^8O#VFmhdwN9eNYn%mOv5Gu^x%aJQ*haGi%@w= zOZ6`(jf!FGVQvyu$XhP@FT-!l=}NZi+rl z#|}FGbEkWCYOY({du2e@V?zX6)}LxklRJ1*4FNxY2eLh1F_#o&>LkO_BJebJ8r`p`Kut^B00ea&U9#3U&gnI;g`9Gm60v&)y1CJv z56*1df1b_vubqUobN;rkIOise{InHz`CP%QW)pF6GH=NrW5TEKBmUbUi|?ffd>gY= zv(k?8cGUJ-L`w|Md)Cj(O9m2vFje#&I#+&O11*si7tgGzKNi+1}0BZwxJY8cEJ{FUe7f;<(LjHa=NuM^az-!N|QymkdEfW$aezUf4ps znH*w<0IRrc>ZnxFV+v4eZrb70xSS?8_o-iHWlO2;-KS5B-aiHN(T@k$P741-iQ63Q zi47;YZKN-f5B5ufy4=q2E`syyljoXtBqiOmRBKjo$L!KXk7Tt(f0)0=%o(d)I-ZVD zL+Vn`%f7ysfe;$KK1sLZ7L`3ZwsOjL>g8S4z5AL7$s;drt&KX=Gg|Zlo=8+&M3g+z zJ)_puT(BTse`#Ji(k#AVMtoc6SdYaY)bHbn_Id1BGDZ4lwnWrSScp-f)Y5wc1WS{+cDC~h29UZ1?!Yn|{c&}&*|i*Z7J)Z$=8Ve1 z2ilwN6D^I6;v-tykIc1f!QHIVT$$&TDK;Ad7C9Og(V(Y0gS2_$Po=Htx zUv};CO^N-;Wl$KZT;$aZh$Y*)>w0cVDqngb> zST)S3cX@H9{ymFXjx1J{mrUbBFRyPT+kKSW9X!;@lf|7p#9ZYitGUrqruBUcU@+!P zGp|9AJ&P;0o_W$aLu0B=q3bdzmO@;Ib=2fl=TOH_>59=j?|F6Air$zTzK@%zoNpZo zvDH=mHbjVYD|8)j9Wq}Fbuv3Eab+Ir>1gcsZkhXMbKWzXU?&|htw!8ZOb!lz=6p}N zaEh25A;j!U{_`*_>bLfK>wNdGhfeL9y7EwY_a6R-pkltD zN3#E|-ydzyIrvrL6GHI=!|5I@h=)Tk&VkdJY_l!n{4-m>d}A#BkzM-Lh}Ho8UR~Vp zPB)vmNn)-$CgLuu|7=w4C!XCk)%Zf&9iXko-{my}Zx*dxd z{USN?>zat%dZo$!&#Ig=X0etG zO+W5RQG@S<$F)_Gqaz8+^j#la$I|q$jEVJcbY2=4nL_vHd(+1v2F9p{I3OwFMg~fx z+LPB0sjup>isQ8y1cU?DVfpFCk(r@ShWUQnGke+qLU1+t;z%I+NH!QOgsU=tJ4;Qw@$a&h~A^k&~tw>FWHW&lc9$7@iVyk}PgD(UN`56JzgE?y0I%XT$FwCkOgR+|_E9)tb+MB@;nv=)vpX}T2a^Z%!_cG}b zGP3pR;*Q}KfZsUQ7$DP~sN}-Ah)6k3ZcCc`11pzwj;N{yfMTbi`2n0DtM z8C(4Ei{mjNs0rBTSv`=w!x+!89@}l+kliPYN>Oh$=ZW~Lu%+$)tnEKe=?~m(r#WcRP{@9pI6j_L^;@)Q@4>{4N-j06afZayIW>x<( zbn@4yOl!rM-05S)w8`q8=fwW-S;Z&lQP0gsTu3rC`#auIxzaqUWcD?icHQva%sZRWXCq`-e>~wRkxdk(CqBV5UX zrJ7=DrsBC@qPA+Ji;`T=A|LTm{a@_8c{J4T|36%*C_<4XBq?QI#xlqfq9PPolZ*_q zj9pO0s^+tQ%iy2Y{G_$s(Xj}J$a&LSP@4QXh1{`&r z>QB(}W#)xQp-=Xzj2~WukHH+d@>nPZmW*z_4)C%+(b?9Cc56yD*9qB}F?c}gtJKku zC*EHke@HUlDjaG6?J?O~xco$dPZEUMm0iSF7*T1KQ|$Kmff>yYvgp+>V!s3;CD(oS zi94(e2sAgP{3w;Yat$vGRwO$U-PJ)x8_FXOYRZ>x8MoJv z#IO<4y5OUpY}V1nyFSds@7H?XvZ!X@u=9@8o^#2A=1j%&Wo@LmUD%A&E^KpgSFol? z#pR=eWRx_T8Ga2;8+ItH*}!huo5Gp(O|Pm*6Ss<|ezBChrVk0SmVenH?^@_5r4|;t z`mt+uKBhTR4%sma|Ljv-y8hs30_E%oJ6)1bL7RPwFWVF88>@}Hk-NmssQKA$rmmCESH5fFdmQ}GQQJC+*WohePW`tc0w;8Y zZg8hCISJx&FejSVfem3?))|*@L4UX=4uy#_Q#?1crKxl_D&iJAp4DKIEB!jL+9@*#}0nSLw}W zr~PV}kfHqJd8f9gBIV1uF4*p7J|p@>lkRsTA_p84W_aQ$>B@+8W9#d!q7XVmuaT-@|z3YC-mY%$wM^m}jNM+h#BDZ5%s|HNaz*oT1L4i1;Z@^y6MRG znpOb}aZo7^cFh-SZ3U1m9VDkX>>lb}{rV^adR)=)Yx(36ib(2%B#xB8xn%Y)+Z_Qx z#~BC5In;|n#I86ieF*qTe1HTr>XU&5x>gZ9dM z9OAaSjh{>;tZVM9H+@xoZFO>-sn{V#c(=JucJHCOI$i7$>n{?r(+q2}M6-A5x_+XQ znxX@9yJ?;pI}zNZqn*^0Z;_ZV1(*6~s!u52NB#14C$LtAE@#Wc-#qx*&bzkY{j25_ zjeGf9MYA2ZWKYq~7qhdS;Xm~*d@EZ#IVwN);Bwxe?HF&z`Mgdn6AyATonzwsBcfEC zPOa-A?k)UooQ~=>%`l#H$!mlvaO8`PY9tK{K@>?ZI^A!T`yrMcv)5^~J`eNI0o=YX zXI=vTGgY?KW39+uZ?`su_lZFi>IL$w-J@$xPmbmEZ#ArBE?%1@iffn5LK7#K8t~WP zf*j9i*Fm>WoNLGK+|LAQVb>9>4P&Icd|K-Jl(~VoIH<(4NRMe-T%E7^rpoU7T^p&{ zv@a@U9Vsw?dpNc}9SX5f&vxsosIIpX#&9LKhii56XVCMahaD=_WLGFrXjamX!q7ec zJqeN2cQ&n2njvIKW@kvUnk*+*lzEkv{TV*D%x|7A~p-8i%DzQR4M|~jB2~@ zR>EK85NGXh$vX|8^2{;waAhedl{k*AuZ1rf4p=nvhx9TRdw$F1Ai;>Ha_MRC#BUhd z_Tl?E*px||C68M^u1-M<$*L`Rhhd~;gV`ZeMwGVBQj%#=R4p;cJ>TQ0W}3iGELhGI7}++h0=8UyL~PG(3XM2 zRu0H~=Iv z%OqLmJH0-bqTroO2$~A|*^6KgkqI`XxQsr)Jl~`H=(KYKv2We=bJ+Zq3vEEg8SA-m z`vpHJsG=NWSZnh(xqg&gA766DY}%P1rM^C|r^&9#=`kL`L+Vh{MBGUKVXLq=#s>20 zy0bFVj4AUfVa=#*JzB+s==I?FJC_3GYrm{-JfZHnn);Y1CF6I)Zc@8qVi4PFy7s<8 zBhx`@m**Vq1NvMOskyDyc!1dgkI+O|?@5afo79wyJd5qGYjyZo|Lc44&gG9!`0}7v z%p)(;BJ#hMY&nIh_kFMmD#6F~xETW$yWYtQ3@z$7DLfCnNRo0w%6|71M*}PGJ=L=h zQsQ=cWdx|zPo+1uS~nugrRv+p30I7I zfcaswuUfQ~?D$pu%Y&q- zixIc)7jBRL$~R-5Yj+38$n`r4h@S-=kVUx z#uG(C0CrN%3%dN4e20puTbyNZO;Hc*q1L{^aQ*%Dd5Nh$%AU|~J?;hWL)p!egaj== zOd7#Kb#a&1va@Anoo&Ap$s*lEgcp)Puuksn;~2KQEgYe z@q^os}todsj%+Qy(^p9 zKeSnnhS=5%>4nU)f2RF*>ZQ>$R&RaY^nK|5c#+PH`$VZ1vy&Dgn6blZDTJYY|2Fpp)n?Yw)eZuelP)?TF!4JPS}C%d*{ zYE$CrVqE(+bj;-W>`l;}uQC2j8RNR!wO8)d$L8lFN5BCdmM`2QJO=9#vU~jDP*8MG z%H-}5-{(^4xwIIMTH2Rk%fNAxDHC5?86%E?N>S&E0eC!AEJ+G%!XV7 z>^U8HfwRa}8SwpGSv~8+tExexDW5-S-JE%*AYv3Q21sIz+uvXP4)0Z_nA^$87w-w&83Cz_Tooes&lwp_ZGn$y4U) zH_k2?`wBw{O0B8(^lqa*BOyHxZ1%QjDcW97 zRJyl$h00O!2Tk$@RVpk5-j}cXnIJ3k*r!4+Aa~&WIRNzcEOG>I;)Zod@^H7$8p;@) ziA>q^J7ayZag8t_hW-#t#~A7W&+2ce-~jEVblBhUYc@#f3#>rFl&@Vd~ZyWRr8hCQWr#4i7Q-id0lX zWnqNo{TmH9*zWsB-%~mVpFA=96=2Ec@G-T?z=SJOE4}YU@FF%oSF6*uK9kN1Ztl{% zQjr;_d<@uHnP)e*Z>XQRV!J|B%bdAzYo>b}?SDxoVu(ifuHjaDb;-R!{qQyPHu{a~ z*YKWR-p|TQF{$sDK9c4D6pC>p>d`acJWE;;ciquitPpz9|`C$E*%;#eTB%1eRI&WNQMCF&4{l5|6wk`3eLe(|WuU z?VPh1K`xGFj#Oq&j=|t@nLvA)GlJibfrX-VNy>gkS~-EOs`C(ktvan7!ZRoCbuwkm zkz-fNIh3PKTZM!Dn=56DQ(nRp%AuAWFJ0D_d}DD}&)H>gtl<k?($eVy`HSlFIhD*5zNn7_&j{d!oCmv+A1&s$&GVV{F~UGk$} z?FZL$y(dn^3IywQik|ta>;Pw0~10R8M7IJ9PB*txE~KEHiBH;?c~kJ7Qz-WAVdnU3QlVu6vJ&D% zi%qP-bZjqKaW}4HA~FhLGpCEpoYgnKQaYq~(gf&4*uMWT?;6=Imh*ujYdtypp65?S zLIWve3q@-0lF-837&(l}`qAmxKkJYt)gr8u%~`E%{H@Zm&#cxYd0K}$b-O)?L5T}Kj~NquAqnOo770DDLQ?+hxC?L?^)ro(3lxpYdmwB(AEtt*dI52?h|dN8xS#d_qi`C9-9i}P4U%?FB0M5gvu!C zMH`am!iLNHM|ru)0~ytCT0Xh>#diqeP2_4ceo8YO%}2S68vN}5ye~_ zNR)2M5 zuYOcw2TXsZc9&hZqt_T)USy~9}#HMOpkbic{g(+0U+*`9XZ`OJG%0|aY{FM z@%g0_*j7V)TmH7!HLTTXjp|@x`QD1V8^yvq+s?VJw+Yf|OrWQc$&<_~X61qT*=vbdZ>{Vf+SpSy>e80}#ldLQ2EVqU<>mBgX zJN?9jW!n10wyeT)o6}HzsrkR!571YAF2^~T0iA^3w0lGw1!n>d+3v01PmZ-S?< z(0iF`o4F^4jLni(Lk4}YRKvbloHjiettpURN%^Gsttx?axOD1G^y>Fr=0U!n50O+t z-yOyf--jX;5(zb!(#kz_skTY>`1};+dm(9hPuPqtX@AnW5=0HRhnJ*$5LxiA=EfbL z7C#oEW-MnhyjZ5(27p;u_q0spyo7}7lDCvGaw)M3fxYug`xQ&mclNZQYFO0+(^@{$ zf*YeNafgrBpSEcE(QZS5aeH;wJa?9O1t;njoyH z9>?1RbKKIDDBZn@0oxBbomOT^{;%<(pm;I+X1hN$-nS=SYv=kkvC$2vN7O_HG-hd5kcB#4mnRZ|GUKFMK6KC(WxDg713cP1~HeDJR zEVJAp?%NWJQ8En=IrFb<@yY5lw;Naa+7^H=rM^c`e&uyNABlI-Z4>bgiK`JWa}G6o zO5E}(9I?s8J5&5QETjjZ%IZvS#Ml%3F6Xrur*~lUs(YY9ks{8WFR*Zdb0ciS+JaV` zIyo>a3*8X?-b+CC(%!>>pAzk#ek3Y(ZQRUeuTM8Kyqk4T9jUC(c?`dz`>SqU zNGz7ucFICR^Ll`f=o~}4mRQ)-0JE^=2hxrVA^6zw*ILB~vUCRi5N=v^;J~?8o_E4O5!}Nhs6}+Y`+mtj9adh8^X$(ee||Bb~pVrfklt zZsnN^jI<;?r$KY`d zVpgscy%02b+h^M7r7B4<{!T$%D^sq#tWklxLQQ1qWXXd~X_|K`xAtE%ba3*qnTKZC zSzaqLJ{^X4iY%I?^eT)IR4_)(gjbamdYv1%IlP!F_@R! zRBTyg+@iVqBbqnP4S4Y&^5WFd)w^Z%Ff_yYf-n_LL~8W1<+zaX$b^oAGtlu1=T$F0 z766n&v4GO{l2X<{G4Cp_Jm_x}IV>m$Pl`-|u?)+5g)Hr8NO6EzP$4j$jmhxXp1^+v z0OwMEgLuM0+RMEbP0?`Mv|5`YU3f;K{iVE03D9>f4AkqZkS%V2FQIc84AKQk$qVny zFjDjwSyWH4wDa17F#g!@U)29}F9Wd@CM9uz31S0I*cbNkDp>ja{;=KU|GNi<+e@P{ z$epJ1R+#0)A>LqH>wy5VoQ0CjbZhb(0CL5wb>0;r7vVn!4*}rbd7vKF>XHJYLl6?Q zuubQ+9EGQqTYXXGGQ2&KRezU;b99GgbhuzdExCTakl^k6ZS65G7MBHm_i3>tu^ZF1 znVw3XO@Mah-8QMZQqH7%E%BQ}Ouye1@;@)ZMVwYgA+vMZ@Oy-ZbaKzu^fvv_ze<+m zRpb2zW<&c%H`CjLH4s~?Rg)W{;F)BSHR@%`^eoMn`@KCwF7zj_!C%T@AYzYwoO88z z?;PaOw|DXi>G_G0Lp|KdJe-eB%WPZii{wT11sX~ZQ6|%j74QT;-6*jsUq7Y;Bl&+Q z3Q$)yfdgDr3tn5>$2Y@i=+=!!hSY7fAaSsnJR2$B#oWz4*p7i7XZF6k#lc`aIJ*yA zg!BtA{mjDr&7m{pAXG!WpfG$BtWNL;rShI|B04_CNPxVs;bwe|HMe5_fNGW`SUP*} z9pI@tqZm{8b>R^70`sB*c>4l*RUB-SIa=8^*eE6Ox?U+Q5Wn+bAz^D_UCf`0CWoAS#g!?7x9dy zCZsAp{iK6ltCF?mJuOjhf#j(B!0WK`sAO#>>0#$20VuHEyI&$^WCx^f-l?}Io#7lR zKI~a@+w2Aide#VohaZ~C!`sO^Sg@M2gE?zNmmb+yP*kEp#)|EFaJz8|D_ zL;C%A00a$rgWZL^*nL0-jU=B%(DCr^aW}ZHiO3c4*%-2$#hl$>&Hk|2v~-@5!>@UC zA)hi{qhxK3DYOJIA%M9F;5VtclECBs9wz!MR{l2L$QVJrBH0Y6*E$%MN8!F8{B&Qy zf`T&GjQ~sg=YJh>b&4D(JuqdTtbm`M(Hig*qIP14dnMr|OI~;YVfu><{A&f0NB@V} z2((9a8Cc^jz$>>hwOg|Lc3(w?G_2$y&5gIc5q(?I^{nlo`zkK#MY__T4jIUYVUSN( zt&b#h?SG$lJKj7tHDT-JE|UK?hWpJJpcW@bhBF}VM@W0)J6tP(S3grj_(lJvP8`sLxx<7 zlM_qS2!8daV_%~NJZrzeqr4J|yyLSPivRM~XEn^NdOXHdhs3)DH%NgE+Tk@VcMmk-43_ zUYgC$6LxfbmrE>73`o*6Kk{}4Z4vkY^ID^Qm zJT?<1Vl}{P#o{AloV2UEVkO;tbUAlQ3X}GTs84f*%semu?pg&q`;&3Jeyf<}$OCEg zYks}M*$jQnalk4D0i@+)o&UTT>}~-dcU}uVY>?DTsZ&0f6#=`@gDjx9x_`rEGx?`X zeudrF6n&~bBaHu?<~h9AX?9Cg zB_63=G3ow?>xTq4XRmIQ*@bdqY@ZB-AEL=}F9#Nn2$Dtl-1&BH{cnbN&) z4;Kg0ou>BjIO)i*1Wa?=#OKlTU2Q;2yY~T3Y*%u zVxtPPPQe9*WHG0vX{=J7`%~{V*F@N^!)Cgx8Kmfhjyn5k5m@Jk6uZWT{Jxh2K)C-0B{00EmSj!#JPbpx|qlh2gB!L zo9U7_^NVeOv!_F7yQyxu#Q{*;P9-^x?)SwZT&h42Z>%>|N_{sfP6CQLMWpovz}s?iC~hXdic5*SC#)n4H0k8-@y= zseVniyqO9x(4LGZ_Z==vgOV5KSY>ZDd3qr?mSqdKKlM zZ`#d21e7??I{Z`z*EYk)k01k0acBg!<4u`Y;rgfy%@JPT2-YA-FonMuzQe-my5+u4N@647Ot~L74_0#E&}8#E zDm{7k5GtS6)r%knA7Km$|^wEAlVHz?~hI1&Uzi9DH_T@Ff(wL zFZ11u0@liYVevlYaM1E_raAD1QMDfiZVxb3y-KW#j{femsE`a^kWRMLiD;Yo;xuas z@BuBgd@;%Y>@Zt1s!o1CfI{$H83V1)QybyM%dJ{!jZSC6M~a1!>lRv~$lEpBy@wGy z&vCQQNJZ7zI3dV*gDrj<(;>RPDJ(*rI_Z^Ma^pjyl;)}e#)|d15xYEF(TR|qaqq1?he30Oxs><&03$V!e*X3p{2XZ}`=3IZS^lO+$XUhuvBBG5p}IP`u^PFcQ%sNk}p_Nsxar zo;@|gjkP{RmX%hNB}ZDPz;?=Uc{U_TD07;QcFsDDwM=u@*r*!OtMe(-TZQ+K-fp#`QQ&I8p^V9)J`Ht zdv3|mS3d(c9+lYZJw%9>e_J#(!HBGXEu36F%voiUcL~^hu2U8ENy54frU3i@Gqesl zx)nA{>otaozQ~jz)Sb{njn4GFl01r#iPZ(uU#3L)VKEKxJk&9V%jc+%LJ@ zDO3UO>a;w5VihT@@+^Vvty!uUg#tqohABAXnfs=M#2jh{*G*<<`)0E25 z9Y}nqP$mVT1;|!$A{?4x)Tywf_;DHF&skKRw-1@i?mrpk6l%8IoIWD1pR~GYABJ(q zQLqPS*34J3`XToP)OSf$da{Mos;uu*WSdGUj-fwn*!aF-JuTY6*?6omKw=#` z6rrCu@mv{_H~7$0_i0Mc70?N$mBBJ`;)_?qJjnh!CFMip$bAN?k7EhM{=_&k zFJ!-%#b_uZa-^@fq)M8zHEaPm+8bZOmpR!Fo?Tg4%1}fJMh3^cVBul+)gF z9S3LDH-u=2<&8kIF{oKJuJ|6`#=+m*{@k?(Q3AGvHd4q9xPi7GLDCxNZqJA~vITrC zNs(VyWU&358Fc&yWy1LC%CTgOK?g#bmgH6O9E9F;zrcuBWAl8N1Onfe)0_D?w1A!_X z8k^HSZtd|O1&p9ae>8g$00L>T1I!$r7ZmPhqZiv>JU_sAr^^e*UcQTk?n3FZ;tCU$Zu(+ctY1HUzK| z_eYm{-~zMqT9Qa#Yu5tSMeSJ9Q%Ncn&T>hEb9pRj;*WhCi^L(1Nz(7h)B%U{MLxc-|JgE5y!;>2AuvVTCI^KNL3)5I%Qy|$gI*SfuJ0HRW zG7>71Y1Q$J%Aa+8wR5#upSDzvI2jifc!o^;otUMyNc_oYH;b;!DcMSM0#RG z@1fnLvAi95co$`3#;$|AfD|J>CwS2+P#LvlI?ltsU?q283>_4+$fbQd%4Za=`R7eBrPMPILB#3utw zNZGHo5GZ>raRaH75Uk^oNf4DnOgrXMM!TlIxatn*noA%jnv zT~`>VZbNRLea5zrT@r$WoS>w)lYzBjdk?2t;9w)0JQ#90eexSPd<-?5QhI!JN#-N= zGPI#O8VXN}b_2SKFKi(5&Yz%wiCQu3C*%6yD~wTztHg_4#Y6JWYF0ChI+oSF0_=CZ z+X@WR@xK3Q(a->U*G=q}pbPtvBSW5dRBq~KYqvN$`&_YRA5+H|M8blzwwxd#Bp-!6 z&2O$K0#F7W^BO18q(cZH+@e&01B0Rdh)}K?>+LD0oCTc)1xkM)c(hYsjxBu=KWTpq zRN6L|Qez@TsZ(bQ5($l8kiVQ!VIc4Smr%)ARUD2E>#dN+At)K2^y@+py;7OhKkSj_ zjgG*O+i5b}@y?WqABK7;9?U)f&IelX!|$VJ^oLXb=7q+2EMm#7)9VZ~*LwYgfUo@R zwSTuXfAiXM9UAjwK97?>Kaw8t{Wn%9-~|$JuE8Id!E5(^?seuU{x_By>KMwUf4yPu z$E!rI0lzJ_|HifXn|XtQ+ceB6d21y95S8BgAC89SI+zUsm0$n zZG{2(nJa!S!2h?#5JLVmIPNEreJSotWO-vLAhU6Sy~n~1t|FhbLbd<2E1*1HOOpW1;*OC_p7 z=8#mP&I0NnxPjli*W-z9KDv zN&Z=6z3-w7a1Vkdr1{g4lZK;x3^@KX_i`>u>rSL z|F(NpqG86f5LVv6z(m2@fe!%%v79zd>E=IwfftUq{oq}n^Z*!;zpr310$E_vCTT@? zeqRng4CH}F1mzSCi17PgG=jJX9wF@Je{Y~~Y?BAR#--)qS$kcQ;6LNgoJAsuPh0qP z{_RFy;9NP~_x<6&{fnED(b6G}U$1S8AYXp((2QSflylP@8`LjQuhW zTYbi~=GNyGmRWU3dS{&LzMRoN6H%g}Fh}EL3vktzLi$OGAT+%qjeJ9J+gbFLahrR^ z+)AdFB%^EV>TE}!LKt~47D;ftEfFu59iHM=+g>edRvW}ofafVwj5q8x{Jw&x6g^*o zzvkL8!(;ClibOAT(#cIweq<-#eSv&d!POXL;9QE)DA~&d2^CVnV!K6KniLJ37A!n} zuDCq;e9~>@HGhZq$`6JP{Ta|Yw&}<3PU3;|XUJ~l|K)jENB?~<23q~@RsYhAjHV5y zbb%~|$r&zeyvtP}E%?nFLEZW!R^f)KLmlwg)4$z<;4|p#zSvcz24?Ot_iS11M zZ!IK!NYR@Q!-7xW-I_CTDcPUl1Dw-uexN2(37%dp@XEU&~ztT|@H2`@t;v9NO<;9wiFuuCx%k zBJxHRK;FNEM!_op#(kA+qW(g-mpU-kJ z3~y*65T&vhRWv52pRlVt!uuE`G<+sRT8czG^tm4n%6KA*K-GkYhL1m(!qHoQm%yNv zw}T0e1a(l5io@6{wgF}d5gAb=0l31B-uu{)B=}Ghq+WOl$;y|1sP}wWWKd^syIxfF z=)>9xM$32*9%{EGLU6vLHh!>0u&eB9q>+vdUu1^yMEF4IjZ^FswwY_V+f`$=>qF7Y zF~rgv&Y=T#<4EchPuUfL7R-5mg-*s?OGC;nk}Q$|;%9E+3!5EZHX^4ElVd=|I8S_v z3E`~)r$k>-{tOqc8zb}CxZyCiNu0cN(0`T=1ZJ~?+E4?wa{2R;__9M0;{^FE5ZcJ}au5x6UNQ>}*Fz#B9GO zg?~ETGK0(3D&%kItD*=+Nk!?g;2rC6TOa!UR6(U9NCq1nP8l^VmYvT6F<0RvNXV9q zaczdqjZ(8UO`D2Txe5@6syLZfsh!xy)W)_u&MK$}Urs4z;nlqOq+?@d6Mfb!9fsWT z^91|@b87(RI%p#_?df~gjzvW5v7v(NQewR7FhkF6aPWTqbDn`5FCML2m$ZqJb+ae? z(HFulh)`~Ka!pombJ}#^ix(8Q!6v8}r)rVZDX6WjfA-LK zowmr~CXm}Ld0K6eZ#%y;wp-Td+%OXGvnvy+6CBEjENr*}!ib$IQ))9(gxdOg=w|GT_pql@=Z0Pui4a+}YkvM?aYr2da$bUb z6-cRG@38QN?Y$gn(iqlUZQc5wENa&~SW+`P0tz15g*k?6*QG$Hm;VCq@aN75JK4pd zXl@>dU{FTXAD1tcdZ^JK0Sc1N-D{XlomASL21!l#V{8q`&Uw|-F;Rsi+b`V{W&2H- zD&Jzt+I?BKR!z*lVYU{C89n(e`vLC+skX{R(1W7J$HeR^mun_B)D*_MzD%@%{Fn#)cDbs>Ac!Tuh zK|?HKuEG=A&E$prstVzYht=v?J}sYD64?YbIgCupnL$eG==y+thqr6(UdkRHkQx*( ze(NGi;sAex%-{-+|B)5{58VHcw(&>l0PFeto`1y5|GD*FLh}ER>Hkl=>B%x;7IXjR zA6?g=;PBKV7jB5}lL4}dOIB^kDlmF*6TahF3}MJ(I2;YHRlaz)&G=ux0xdTUU+ox3 zjUG^G_(#VqV2qTC(H7|bsk9nD_x7)P`ZDfC82aovvd&IcS78>HGY#I|Qu?hrkx!Y% zmESrW__2xp(*O5AUHcS;!(#1iTy>aUdTdE>o7kJH$^gxfJiBu z_l;nevQ8czU@^CuC%Jx49`tq2a8Oz;#M*NXE@Mvi?f%@8H&ZpLO*`T9ysX7=bEE2& zA-}y@v+MqH-V?9atn+J9DB04C&euX|s?)rG22t_4eVxhL`YPj8HkVL!dho>XZ%fQ@L&%@mHGLz`?iDqfDt#y4GPz{m3H4)K?WKiB-%>O@ zK>WhPh9Fq?$ET{EPf{vi%~mFN_VaNc8?7)JY_dru#8==O8!sRo`s1dsNvo0&l?STd zE-=O`UFR9SEqr`(yO%^tWvvUIqKVP=&c!KUX)SLaBiS@>diO2K3;f-l&Z$MzX!d}y z5_U?_RWv;H+b<Ar>2&J0drHAl4wC6A5IkCRBTP%bwnR{OP>u>qbns4bb;!HV)abGlpFkW6<7?N9NH=5Rbh75kOvtQ1 zOvjND(Z%cL@NG$({;=e|dPuDlcv4ODox*q}~%#BBD^I0{W@*D|T5>rrU z|8oX)isSJ<%>r1&pM%80bA>UitWrC?A$+HuB)-!;yTqtsej)TN7OH7A4pCOrNDBRa zLa%7X6hp7$)6khT`V})la&(5!_;Ez<96`aAMC(NmFB}yrcp=_HnqF!lN~<5>P1IwC zqysic2W#nT?Ql-5+Gz{;#HQI2GS(2)JpFF*CF`L_<@k5_$gp3p-?dZdC3R(za6%9f zb}iv-wl$OaZ5Vh*=dF|bc?qLE8h=*4%cok1k^7x*cleY@tP^S?Ht8mRR}a>4r~_hb z&a~zPNs$rS&xU6z?p%SWz&awj+IBC(5%d<)TMyyskeV=7N0NhR4F(f+mN`@^*~BV% zorN-Q;Tgn}BC0flLMe0Slz_-ZOV<+Cf&1dr#%59sp@`hEr_C;x@b*&FTt3otEh;Z* zy_}FFPLZifKMCp}mnKAtf!5nfZOq7>bV+lLNiX+DMW%2dKP)drrNm&Lw3?-=zi z1Y*|g%g!7|jlMzM4d8O=s~R^lMWqM6`4U8^J8`F(L#6R&;WWa_uBMO+v+F5$P?U*( z`5gHuPDUjo*aIiu#eczO^a&RRp5;T-C;0~iaDUUj*9pJL5eQS!X0N27KBxHT>EPue zIy0$LD-#Xa!Cc&rp0Z=j{+SQ+hm9b|tpeemUtE>mXw$qLv`j<@zKf9U#s*Gq!Z)hn zE3=fSj8ndT1c`M^m9VF2avcd_vxti}&Ayr18ud3@;nIa+XJ;Fozh1P$D~TQRtNHOU zvGzHO2LB8c;}%4LeLV^-{>yfs{@v_fpvEMU0ZJ44gQnzcddz)P(oK0ZiCD^-^&vo8 z;|PUm{MoWMPo4^0kmHV(k3DhflFVf1q?Qz$XVRd`NZu_Ci*z}7YWQU)=1`NT%~2hR zTqE5qhgI+&8rO4MR%$R%+K9#Eo5BPnmOdlBc1PPwMgQ=}u|J(AAj+JJqBv zW9c*@mU+!=A60R$P(#^Ej6`;{_;pLh${)Tq&E-!tl+o`U|4w_Q$0ai%El21=H${0& z=KB@+)_Dkfj^6r(Da=Gh_gd`5`bcWD0z@|O#Hl3**I-r{U!h)%qWit1?1YWgvDSjd z)jf|VP%&s3GMM1o4zRe@zT}7pw}dVCCs!ZZ9uZV-=6*pauL8V&hiLzGY5!JbGeR#D;$$q3lW39GMCIMeNB3i6K(* z+rmG%`%}lY!TO5Sy+afwgh6Q|Y3uwD&egn(vKy_pMh;9N$6eBZ>30#Ld|d6F9~Jev zOND1`s}zo#Ygw+mGIxrEzu*^azzH*kN~d*_0(&&f{n0Ph_uV04*9%`Im!G6$H}cD+ z@zRtB4o)&j#mNc|Itb<&D|YVu&O(S04p_m1HT`Nr3JJRrhzzZ`}4K5oRNPK#lzi3ebJ7*o{ z&VCxbQ&(HV9ui%fgjT;z@%hx$WsLQ{JS5%^OT#HoJ50}QmaKiwG?2M{^6tpoLwHCg?a-Rhh4abk;l) zLG}>&rf)LN;DlN zC6utwo@yy$RucWm=#>Op^+-LU);4R{j6)}`Ez%g@h8%Yuxw(~G0RP2 zM)W9$>x>jFU!yJAY_k*78IH2OkpINf@Z|DimV6_W%CGJE&Cjp0woo^IFraEe>tOc>W8j$N<5V97)T>oHl=&Zx z)5&(zgwRnYc`f(8nlP%gS3%-O?M|%ILm1D`TD)9=H~LKMbe)r~)ud5#uy%om8edvj-ntvraf`TjyfdWQV z?>Hw56aSRkg@CX;NV1Om=JP2pSt0<5Oshyhv#DQ0WU)5t6H8bn*{pga3D}Yq^b3}a zr1~$IZDsmd&s9ISq^{(Om|Z7p-3Y~w5-Wjmjq4}9&2j@_#@@d8L%WlgD^0W6xa|a; z?MA3!C_;ey()#I!!ElT4jril%ic?PG0}*D0=~n%xs0OIoSIvW(bE#Al+XkCh#jP@tm2l1_`JGJE zAN$MDNVQC4mpXXkdhX2Md_EOeRxelnF|S5%{xQE~!1o;4<{1Z5APWOcFjo~f@X-x;*zfDf zq$J;Jj=K#}}P ze-@+b6!@N_CGV)e*OOiNHN>Q0)h@=H6u$fR6a%?-e1_(jK$JIymE0)AHUq_zy!UgD^a8p)&A%0{zZ+Z z?$W*`2e<-+n1^G=teEwm`Sq|rL9Ttt9!>;V;}@T(CTUBiemln1qzE?7zeo$4chACc zV(XtZ*X*2ujJ0I3-V8%45vEO(O&o%E_yXxi0omxui+4K=ye)Z=x#A<$k`H>9oKarM zKHtK(SFfOqlLeVBbdY|8o5Kx(yWWIM>VMX_soPNtMU6eQ-(q26i4rGP;S?~cSbN*} zCQGclgS8Kl24Xa}#zuU@O57t{A=csSuu8PzUMNHFVTHuHA4?r@u9rV7lSrj!8)_CGqP=Oc$y7 z6G|Rabs7IJi+g6wXe$n$S$XFRo#i|;eA@z8hjzj1O@~lUEiv_D*CzDg8`pEo?a$e+ zn?NEr72s|n)QKX*R9rcnh{~WFRF*4yIo zmX#ntG<_1^yTkr6AC+(NGAv=onWX!5VwMb5+r~q5K(IAEkNkKOOdiwilCy>yBIoKKuYL{Ac24q zq%CwPBgtGua84As8Q^06y+904^*8V7pf8+W|GCse zBD^|{z?dKuM7ek8S_WR&);P7<&d(xYJys^UX)g7U-Y;%HIqS1}HdinexmcF!3H{_} zJhJ;?aK5!n3|V<;k_hK^(XHppsVmHUi`&fy&YW)gvbKg4`&>~Lb#Er%#}WT)MgL+) zOP7``?DiTdoC{!D+8s;QcGF&z*m9s zia()vV)m+6n%#Tx3^V<5v^(i%F7Jd=@vfrZLER!M2pGmteNoP&4y=v_n;0l-`!6Xy z_$dV+ygDO6@IA8uvCI1bzVZbA z|5x-b34zZ1@){sK_#DRpFaNWH+?O3yNAQV48|I7TVRg#eO>=ko+cTU*kHETaSsk!{Hpz*iRM>l!~j^ks!KPN?qTTeBOqKZ4`i>=7rOVT2*vwE z=DwKH9GGO#?2u#3S0weY_D1e@i&lnPQ`q3Q4to}Ey~8B7-_gbL|6FIpyl}B7s*O_W zlx!X)xR*;m25q9gGNOD_sDc-h92ZWP7X_LhUxdxopqdkI_lWZ-So?a zVB^;E|g)v$+gMEgt3s^$^_C|K{mG-#sjYkiG;F zzx<}t{|_!e+$yGSVWjiwYW{|jueQFZ4*;wq6u@-CMmRuB0 z1bFC>`lr8nCNb?HiP}Oegl?&Rz!>kt9HABc07H|{)6GQ={(MXKEfztTQI^z$S+`Z)2jC==4R9pR%9 ztp;)zvF$)Tlv(>z#_lfXlTLzrNAMr^Qkm*N^dQ+@D5eTy6u|bb<)Y=?rVDOB#lm3) zs((NSa~!&>G^DuG+nXL>h5SNY!bL%>V`1v0pWh zdE-w1BGN62UR2J8fm|GcE9!DP=yuxl>}cUox< zBsoM+3Q$z)6?4x66)UWz0QlZ+aucfI%f`-d5e-~o$V4p0UL{bBndQw7@4Ea;Z&E=~ zi&y28yo5X5ANJ-v{o&cj{*$9V1a7vNg1N(o5V4XWM5KM)R~iftHOdPbCqP-XpOamA zb#C^ zVo7#*!~fqC!eeU~()=(6(%WeywxvHWu(PQIuc;_-?NOukwf{&X`m3#!crs1MK9kV9 zf3dXv?cr!(FeZVz1p0Ruu#^z!1e)+}+Y zYra`u=wa5|+`Aqv-P(wTau<2@U_&rHY8u=viZl)6L%RCp+qnx*IrSWm83rcV zOL=q_c|V=r=jFR=qJB&Ew1eQ-vIIR7xXo>JG1BFSH+(e3Y4=W&@>0{@whu>9oHLI4 zXH0Iv{hom6M*VS@R)FI3{dHqrT^r;fw% z65pC(83xkxByxvC4<o8=cr90Qp*eY~AHJ}p_O}P|gWDAa<91LJI zMDS0SPoo@KP#3-vuU<)7D03u$;~<&80x=D=@evWBlb-@3OGmc0>zEn4H4N~7VvQKo z@~|y`+WHO5m1cW#XQVeq(BWT#hBdV3;xfGbKB-?&Yh+(_lU_nHiAiH$XU2$hKQIWCRnK>2CqaNPv7hJn^P+3dZu)fkk^nt>aBvPoYva19 zhrs)VKI8fCq{JvwHy%##*yDuvKZ=xz4kvg(`>B#ZhsY%le z3n?hZww|NKz!Zb$;a6@sCN4s`#X}cmr4#z2J+C@FS>!2Fa-Wd4HHQ798jYrF&FHf3 z#Ts=*3G>Bq1jNdBiL!Mx*CtrDU%`PybN6%I?|-f=TA_O63ocC9zCfAJFk$h9U0D19 zC!Zt9x9%yMxVgWlqX45stlOQeUVUIb^rP9dyDs%TC+PGUhx)2H85$sYp*?1vIHa`1 zs!;^T+*E@B`5I&QV>NX8xxv{)tIt}K=5m&Q&txph9D3jizqK+?JEEDLd7nkp`za)? zcg(t$hkJZ3oV~8xmhKPyvq)1~o+kp@s)F>frgZXZZf^ZC?;%{6Ii@tI!E^uEs>&rV zC9OyGH&%LcMKx{``Nb;F10?s`dMJGcSje>cI0;i+DafWh`ydhh#?cj%n6%3POxuA0 zxT54UOV?CQo@h_Z#2cI9>{o1Sgm;9+)+1AU!M!j zs*2FCo2e{)hc_3JaPzYj4PXpb6;swZcPg#lqSH$l`Rg;Ft92RhSH&L@PG?NzL~rP^ zx0YFb5DI8HX=f3M?wS5xn~Wm9-qDecZD#4b+7$B;?-V_MSleWK4vUr$9y5GQ^QP44 z%qN|Ja4D39(vkY~NZRkIC-%9P*^dq{ooVcjbg>h{}#GJ1?`i;EUq67{I zOyWZKqQO5d!lP}Usp!e-hxg(g8$!+QOHRsg61t&)cqduld&WhVG5meQV9BF`Wnv_a za>9i#ReFB$76Gf$msIuKEp>QLomO}6$akRub@Cb@*_P&@X3Y7oY?k{rFxZ7UH9`~9 z##wHiSRIJ5LKZ(dZgKR>%9%7glYB9B_*WH*_(Mg2<}ejA=tShd73ZEf6u6lz44U4Q zEw+*40rhCmf!+~lLL<21dT6zBGvvSP9fY-QYR3VkG$6)?QAt1jGZ_vSo-p+PIY!Ku z?W0>QC4y=>B}#;$U9|vv@VBQW0rl3w<`3G6hZwvX^};w}JB*($Ztk(CQfW&^gU+}; zlIWKOHv8(|m>s~WWK=nnhR1qD$|WX=gzE_v1smgo=K)#%>=UX)Wd#?*yJ0yKb0oC9 zUCsaSHfA7_1dc@G7|?_PBwAcY512`Y?}PI1`HQI|7*IWRAMg%DmSV^k>iFL*ybq&l zW3Ok9w7r3-noB>7O^V#%t1hx@pRpWmTIqWD^=aqM7^vHh)TQgq-#$pr5Y9GHTBPxQ zQJ)ZrRyHo8n7aC7HZ1$L`WBFw6%_V3JNO0GqKI)V&3luBdk^9%_cw15{V^ z&thD;ituIdkQxHtweH~eH7Z~#W?KPlINwA}68f3lUDdWepMTwSaZ&Zt(5dG!!VNga-cOrrjo^3Rr4Jx2%Cp;=&+;|e&`CzZW(HKL0fo#b_68mOZ3h>JFKHL_HvO{;UXp-p3XdO<$9m!!Y#==@I}FiaEE-=kV^0|O)35_vL5P3>Rkdooea9M1{Kzs2s zzB8Ses6#8Odw5*Y%}YYJ7`+CYF6yo&Mx0rBdEca7gN1R$`{joeg?#q2MDjCNsV-=! zgLx@4Wkr49z2vK(?uqDdqb9OOD84KGB1^21f2Wo!OBxat;Q-!OcSk}YVL6xSXm;y~ zAc2@LB~g01f5LzFQv{S}fp;N%P6N+EJx}Y`>baWGJ_q0#vm+Yi3@aiSTj@JS*&q{#f_1govmk_%x$~3tQ#k2fDu(^$_lo8zW3m?M%Wo{RaxSe(m zE7!=uS zWkeH!s+2@#)fbNT{c{>XH;&-;?fC`&SViTxRb(@QDgIfwl?5V9!_MM|AlZhy=O*>@ zt`0|<(8ba_OWI-zrk=~{dCC{i(gm?yUO>=nVAZ$0J#a%9I%sp14NpD~4PaRK81J z;J8?dh+9A!)VZE%&obrd>>m9UiQQj+hXi`4#NY6aKhGXA9EoOVpA0k>9Rd&J%v9Olnjb)FG~nu6_I4pKAX3u9IDjMU2O- zDg*2-V+KRtRU?E$a3mz**mbhE54P84;80#M;)bF9njHb`KY9ZYac|SXUil6%&44DS z)ui+=fq~P_aM1M*Au-I@#7RjYoa6eH?Pntg0q|(Odqt-%NN8#?2M6x2N||Pqxlojw z;^fW0HC$WY?@Jgn?XJi0_ww9t!vjRH^k^1WV-_CEFG@U6))QBv1wyZml8kDiaRiC= zj8;@IhUrJ&UI+;&R}$iCw&16ER23~L@c17UHXz;plW&)*9JsL`0(vj#r7c++ruVq&!U>u&C6r*1u!4dc?5Dw=)fKe|_9BNv^S z(6ZV{{zqS9Ftoe;?uCv8UaQ&SH3bLZSu_A8^PA(1)aL{$cY9voSk_l>U)g3cO9~NB{*+t9g~%P90Nh%;6F0?0aGu#63f`* zvZsM?WstS`KnHUUSJF35*~QHxIxB8T*unW`Z##mk15WlOTsZ_urx| zFd)2zje-GIwz7tk>*>~qLBcQj()p7~0*8m)y&k*^dOaDHAI^$l88D&?sZ$y!-GGNX z5y_o1I(fuG2P88KQ)q@7vE<*wV(Qk#2giCu=ynWG;zhZMmy zyf1F49o{`ApXQ3{z!`Q+iHnGPyEDLd9{rt2xf#1J<}!AtUlPYqDP*P6vn*kXIJ?!j ziXCnP;t9cSZ+aexdhLBZOK`e6lvaQt z!vpIegA(#G+2V;y?99M9^3qbgt(88t`n6n9Y5==^f1+l#DD|3f zY&$UQ-_&xZtn6K2374+UlSsY5@&57LQ3FJb@&fYYQRdro&6zbS;_@LLNP^x>XyhUt zbn@{lNQU32R0Dfo^{2p!I z@%u2Ju$<^T9YZyXuLvSI+ui}t)&v4ZWs{?eRE3=J52E|f_yB#$@&l?M-fH_}3t51d5XawMo5w7(TR3v9_xT>tg<#xM)^^IAI$+3({5wAQolovM~v!&;7OQ*Xh_ z{|d^^e$@`oU(zp|Fi<|o7M^SUQ?N7gA79Ky;?-=9)@kXWZ0?k(E>o5bK=Itih;gu z#X!fhpaHiDP7n!kh=vt@!oS^(c6yBq^Gsp zdf*dMPnfF1*ee~z=1A8Hw&&`HD}R1h?Z^{%zHkW%AG}g1wcVB+PAmAY=X%i9x8{v} z;jDw|NVwD(18{-EMh&>8%4jy`lDKUmv`;8)7HP0Uxrd5eY-nsFM8t^r@WCls2UsFu zp@t({*RiK|l2#T3gQ}foK^CV)F=RFI^Hh05>HK@hIZ<}yEOl?3sPGu#M6SLy=eTe4 z5M%!FaS5b^d-r(JdJIN$ntK#z25%AR63G7imguqPH48mBJ%o+;4WSmoR(?I!b7%2yPWK;*0G%?so!3a$!EF2WNeP;CoBBF-$ zSr)pU-$8W`JX0acYcaBd*;Cqj?J)Ckcx?P5cwq7*#CF)3-UOyINhrSAd6~P_Z5bwD zy9K28I}YX2QWj*v0ppmYTdk!3J@4#JVeq$~SvNmsg_ zVFv_>uJ>xESwhxbFco|o&y-&V! zt}3HViK%-oBKy~u3=F8Nss8t7HD-Sz&*w41A0Pt;tVv@LMFz(edDbIxK>T38G|L?) z;?y(DC{*Jb4L7a*S%-1M7H31b!{NPwg%EjS9YBV9Xia-5Cc!u8K|Ony7aRAYF9Q-T z5P8<0rVjZ2Mdx%2{nJ!w%Mgaquzqu;?~2fdnwdPe?hN4<|Bolt=h}xhQ2dAwqowIj z#w)&HLD6BrdRuDH+-qPa?j0F|?^R0$D5sr%Z6|)Plnp@MDZ$d{h+4NOiNF!9;!5zF zyPZTs&*GUY+d-L-As%d&%9(b)5cg4_`v<6{M)mf?o~G7xK9&#*ujl96eXCYs!m0q< zx~g6FR*iJ0kd7oeXQp@x=@4!&dICD8&X)8jF?NHxSV)6AccD_eVt>!(a9d`yKdy7< z$#%-GsDA(o!a_X?&CYiAY-vr-6Em2{#XZ%qySLud&wj8OzT!m$H(ydaoBj}k_G*ij zY@wJ>w4#tIuSSmGj;EA zV_a_z4hg+^IhsS3`O)a;t~|{Gq||^*M#^r4*3fzUHvUX3*hFtB1p^`y^z_(QYjO+R zkavYhbjoP~BKmxkgIXpcOVz1r{dWwG{B`bMspzc#Gfp~ z=f?(YY;3|a&N#9gGI$=MQ~_TJgoByD+tpsw`S`DQF^>EEd{ zs`sxSzxa^+W@~A?fYKDwFjX_ae~C^MAt%D$-d`kxWN}0l+g+7@zMnTz`JBu3K?0S^ zQ-6cxGa~SRqIi*;f?f(KKblmac z=AaOdQTQKsn6(Lz8XZ&Y~j}`o9!q@3xJgbGe>EYQz$d6-I%+BfazN`H1UZzqBJCPx#@-^+ZZ z`6Xt2r^D%k6-n%CJ$INpg>GWlvN+qOt?1f z7vYD<h+wvHlnYVe$n}W^vA!32xr!J?L;Q>1o?P6bPk_^&eUXbDp zrzzYs@5>RTK5Et2p3x;6*U*xHgJyLdw}G;Mc$>t!rIRRb#llhbOv~|!c7mY)?!9^q z;zJ9sS7>B}E_r~kQ}Aq|YWF&v)^-%8rPiZqcBTO7Zq{xJh+|_-!vvSHt6|yM>?btJ zIX7$d zUn03Q#^qYrpHQFi-m5zNV*n=Yc4i)%=p)d!Sh4eBX@3PNw_t~vjcziU4YksCZJS^m zcigG3l%+JYi%OXur)+FV1arpxlGu?Q4dq8(J5Id}Qw}kFwmT4T@tVyC@LKWNDqT%< z=1Zt&Ej#(ZWdO#-yFngS8lyu~(3%Fff4gA+UZp^k-&q={Rzcvt8@XS&kaAu4ofJ)W z0lltQzZc+S(k`I88@_>7PzsNyO?khtDbGNyHG^&Gu&fViUXeA5PEV@mj6(ObUx=nP z2TOr2OWR(%gs5Td(x8a)oToW%Ii4kYQEZJuW0;n%g--Tg#LaA0%Y8i)zCOc8+J0f1 zEv$iQRb85-&Cl+9b$ibM)|2zdC{@K<8HJ^c$ayIkG|pw^?gTAr2jom$qumyH;PWTs z$!ous9ye+kWFo0PHjN~w5n4IugGauk0l7h6f@7PFn41#-Dk9L~!|YPB3y2fS6s^DM zQG4BB=LDlurkZf+a@d|<41_0y_D_btvZCg%2S$j6AFw!mL#dY(c3y57@KujTXh%h> zKR|f?plS{VBz_85ZIPTGvjhoyZ3XYcq=rVnY1!Fr-#w{@kU;<+po|AHrC)iOteg4C zVxYw(3+?FlYzTWU+)`e|Q=+C>fVIf4LI~+mfS`~Aaw?a0<49vUsNdc*QpKsKj}AD2 za0s(Dg10qvNmA7@P(gCXHJsx6gvdpK@vK96ZfjxdQ_whVMtZ0e!>3tgc<5 z_96zT=?z;PL&yHv;_OS$ZEq?&eXI0)TDakO;yoI@FTeGc!Z!Szy(q^QPj+p!jWtkS zVG?Jw61IAi@^hAD6W(#QbHcjfUPHEr{)v;ugGC{{EY|U!qryHc3F>V?A3@R+U^P4bG!_LABoE(*uDk9D?(| z+~zsU8G08rd+KE1u`53Dc8uM7Dysnye;4HyO%n5Bzfk;$Nk@Q;e`Ge;&EUP2x^QHG zY{4tztO88eYGv;*^xb*<6|WlA&*o!?z7c>yq{+!_Btio)t^D?@AO;`t#5M1;vz==W zd4J$oLg}nyd@=f7cYUSJQGC1owJ87Cw4cm^Q^L9SA7GpSuaSWP*0W9Kec$Fj1{8+9 z@g6l}BJ0-@1u|RK59mM6vlW^%O8lrsTa;DeOFI;|D^Blo%kDjjn5;$HzT_36Kt(AV zX^`og!Eql<;Kfu93@*>l$fm_+#9KMi09%i{x}6Z%Hq~WoQIcg)*9n)Z#XAtj-c_~8 zv5spu&MAG@wgfNFfB24s=B|`+oZayV(akc2m2Y()_Pt9B2zpJkR%GW&i(A(oX8C4D z1de*PHfku{Td+Q#NC=zU;FY7CMl0c6VNpNn*n#FqoZgoow_zUi;ft3rW$FhF_Aexg z8@YsCqLa-+W9?Ev-E-812XGoM+5@Ui3Nl@>$z}PkqTIUkWV&|O@{Rd|`RoYjN3Su6KfKYNi^9_B8^3Ukkzeys=?mS$t9Vl5m$u17x8 z08Wrw_x$csgc91Sn5`K)bn%^P<`3HsO^)!<3CBH4uUJMbaJ5_p#Tss=3R_9P&i6`x z9(#%00qip$uE2}4CyRVJp|hFq`Rah8iR#^^U#H``mGRs1o;UayO=P)SM~QT3fp94| z2GDEOI82!$a^@-9_-_ko14{lL)=aS~rIRK8Flq!@hHEed_%m=@;8ORL&vz2i+G4ylNPIb)oO8NE-s_e;$US<0GX z5i7ZSyB(^k6uy!hI9I`23Y?Mc`uDVZ_k${3QOXP#WN4E+ozVI5(JTdc&FkA$U&pv! z0V93}5e?rL3$~+hhLtuB*ME|83naJ$0!Co@Ssv>xZJCf-ZSn)qLAae}lj6?zcOI+f z<8JaJfJ)e$%V8VGmhePN9k!V2l@myGMpMUj)*i)-x%WzwNxv`uy1<)xqh!qFK-oj( z{AEmYi2*NA1V<@!QmJ`DJ!SySh`%6UzoCeEq!0kW$k`Nf zH!K%IUZp<-t2P}00(yCt6arf>qHUb_2fg+HNMX+u=F?~&tzX8n@ZP^=#$MVF!o@DN zxM{7k-4gTJOxhQ~CX`YJwLY!_7VTX1Qn{tOt{1P;cV_OMFWKiujB5f8U!8miSQwLzmVR&zfEMz^lTxq8(eXaP) z_@v2f34YXaaV7CNd3AthdOBxv{H7?G)D$M>{J8%8ZBCr*wiC?v*2T#36QrU)ZesZK zp%JV{q(`LV6de~)_K1|=J92LP_?{%FJ6%`nTt5%ta)9Dk>MypifN!5v@36Nslv{*} z@Qb9*u<9liuCgtDTq7<{zq1+wEs5#Pc3dGeTD`5nTH+!(zYXEI_`4%F*q8XI9(ExH zlaA*@s@9|roM!mQNTI~M$3y%p=dArDF5=C^0o(cZ!=>!5u*%YICw8H5t@9jV?>7LU;QbR6*}n&%XFem|{nj(Yyn^ABI*a3;7yiWmHxHL-7GdVdYuso3~s< zpGMu$81L8Ltjy;+lUAGKi_(J9R?j~Rv#4J)&)xNq=+3OHvCiz-Uub?-Y~I8c-q=^S zIPD~t#5})AHo#U`f3>2wzPT{jMRSyM#y?dh-^F4EU!^>1Fq^d>7nn%mLgrfgXp}V{ zUNVUe8A*h`O-8YhRmH!%8uIj5G>Pgo`=!x7id1TedeG?#7fly$;_FKGQ=jo=O>o|u zOgyXt)@zsPoHfN`hFwa;OWS0PvgE&+=y?Uk?akVCQ$ua&{a?nG>9gbFxf!C=Y=uT| z;W@--4o}m#jFch3cMPAO7E%o1mrt78T;>qSJ=gn#p7#5mYDLSy8?7;)Nc816zfKey zCRDVp>ZdMq+r()!-5n#Sev};i*SaM4TZR^~CtNK#jt6Q)x!Zu%MoYVKsvneiiPl2q zi0Wqws~)*p%&-6H+^y`Jg)+4VS8EDtonPHVPgUE-JM+bT)FkYahcXN%hPVV?Ch|>> zg>M*`|L}h81YDnJVW#9uaC?$2!5!#$qEKI3Atlngmc2lQ3M@v(%T9;5C zm&8A+nKai{aijFtoRCqH+)pagcZ8<0`r%>K5@4UBch(R}9KDy$R{WARBjM)##?>+h z?cQy6bqg~aD?0*elSZ>c&>4{}EHoj@tEE^|>*cZPRHn2nUUdCHtS!;u6RvjdTk4w8 zdo207PU_E63SuQM^VD%AWp-kC{Y|FT0`IU+>sG(h0|z z@JL3YYaCLAu?zS;N})P%+2t{XkX8ua@6yye(eGl{HO1AMd{Dg7DzIQvD6K)i%X;ne zw!)4@&sf~6L}4%hnc8^C+F@SRmp*FfX2f6)2)kbL#M4hdmpLx7X-Xm~bLkajj2oQ`;U;+&QRu|pK*JWPQ)pUG9#ZNKYcS0F`PLxK*2#WcV5J^JvmIkly1*Pyvg zrbt7FgdT0a3D(k=TL{2<<=BO*M4o;ONe@epHSw3}`c&cfOM%WzlKWiyRgrLlr6=9MC&3&p&**WjN#ZOkGr-WkR&^BUi^MmPl{~v&9 z8q4~P9=ChQdO&AIa0w-u%$7pNcPs6$eNH2R4C+M^&`TX`$s$#juUJ{(o%G>A=%$qq zVhh5>S!_Hzc6i6soqisqPCMYw27;>I-)n@RU#hEYsg3()TNiAY0~P#|jr4|=l-#WD zBT06Z`}EF`m75@EQDxenD~DO!jrRm`s&5uF!TUi6SDlO&Ay_Mh;%q9@;iE!~{*%b_ zd~4gbh|{dcE*`kg;=)~5#7}u8!zKrUb_Y>!nQRFt;uA3)iacm6f*dy?Q#lc{!?fty zTGz3S6I_V~!ozd)&SjlHL6%D>qs7re8RVDy9XT+5o`uH!sno0}-xDE8>UR(*&} zP`4e_M11K!79368d*bIg2|Q+syZRhO!db;X`d413kB;GExHviZ(+kLqp!4M)3W=75 zEAQ9!>a#CvO+@RNoh+PhyBSO33syu6O_)HqdRR2n$!Z(?AD@p^-3OqV&M}w-7a(I> zyTba`7V3dy^s^~df;(o#Aa8 z^8P()^9O&w7M-V7Zk~dd8sR*`s!7kcQa@k@H%kt)sMs6?`bDSLt+ep$C zPc(^vRHrmr0vB;JV!1wZta;G+=XuY&yq4vq5OD%EJ_-9ug{^_z0CAZ9Qn<*~S(Ww? z-hQ+%){_97oIU}JxL!H9gfb0OGVYh>87PZz)zGTLYYdY^ysq_K$G>n46XyI0^H`(e zSf*wCrZP=IbZ13a4b^l`Ky};#*M+o)XZpYJ;0pj^tvbvUea-ATKoDo`_5^BCuy+9< z;(RHCwPtdsI7yHU?|u4*pc@%Vsm*VQyNNVtVsNN0Mi<>fc1M{y`{80-h=B!b%)w*MSbXj>c(_QlAUHm-_^k~Ch!RgLg zf)t0z_dHgS8xs8dd<#N=Q8auBm)s(h^tr@j=qV3KC4KCUbVi}ykX=PVafJzdG+ZlB zLJfXX!5N!PUw8`Qjuerkcmu|tA`>!*tm~itUF-Z}&&7kwx1ev&t;e4kc!DJ@ch(Y1 zw2EnlUOQ?$wUb&v)v`}?1zJXZu!cRaM2V+&%l3-Wj&Mx5R?gFiC$j@i%MV;d_m=Y- z#pmU2z%c&Liz}L+=(b~Zb)5|>fSR%n6hdyzQ#0A9Q@A@_w$RAyQEE85h8#)NsVJ%+ z9KaoY5Jk^VYt`3ETPl>eo_%3cXNx^q!th;4z9};r6iU-ntY} zQ^5Fu5@Z0HKYli7gerJkey3Pp{F51G`F0C4&fYKU2mz;A?iw4B$%oh!DY z>bmy~ri6|3$5w>X2VElEYos%1rE#Y)m44=&vldEy;n$?1T`z%blrKsEG)1l?!|V6e z!ddsP28ANo?kECh|Icpk^m0}cc$yZTaF$IOJh2hsVK^19B0PO?FDRSdu6(3ZlRM7; zray04!P;z@FD*5?{%(^TdxA@^f2zQwdc@IYY3Pnt2NImVvzIP0dr9pFYF~V3X?D%v z-a?CJRKvW#SN@H$^Ii&zj$LL|&o%Cl&{62teTk*>%d^H8todZQ1N}$k3O7%jemS((V}!8b>nyF~8-3v-#H-#2(S!RU4@f;iNw%$y;LlQzB`^D2v1c#mmy@4ahLK}UzVRKxB?8P*mW-M`3GLI6%p9yRtK; z=P0tx;Aw)3{)YSK-G@uK8SkUpZ-$4**q$&a>LVh`+O~jZ;A)LOJ?O8>aDg_l9*MK& zP&?38-u~1l-O((k)VF?W`1>ZTH-5DPhA7eHEI(oKfyD!jQm$8e zgK3|&nA(~x@d$7YPsaT!)t#t4nXL)r_?Ud6#atMhRjMWZErD8sa|c;)9hK@cKH)H= z5vU!JO>a{YcY`X$w8K1I#flq$+R0tiTC2r9S(X_nWcLEKSz-ngKI88Q^p9#}A_=2! zKStu$Dux&RpWil64rV!lPe1^JJl`BVnfx~Xz(X~<(*@bKRe>_k8LZo}4|CDW8PrZ4 zT(~F&Iba9J#pZaikMpFyVU?Hj25jNy6=hxfwhpp3*4|0RJ|2Lc7;DGxN+lRhCZf!> z7(^nXZ`dKdSnWK(2vHC2IduR^Ej$Kp0T!y!}j^Q+M!*t#kiG!(ju!iZ+OGg6eYL0KU?&Op@pqG>ukUT z|A2X@?LCGE$a4qUE&l?tT8#5Y15yz5F2IJ6He>wyRYqmGAD^|);}=?MXE5&1D(>Ee z9VF7jyKXg?CML;!Jns6Wm*idBa=vuVG$)OA$F<)9?XmFKv_NkrcR%W|;^+tUjUf6F zE?r?O_OYbAG1q7^$6wUwSK0*$c=vfHtIr(u#rk%di#3spKV5GEfubjnPk^-NM=12< z9*X-xH8!ccS*ZAhU0hGe^or0ou{&J7Plfpx3;a4Z=7ZdxjXmy<1INj*Oc!UMh%vqA zzToDoDz{&ux%-7}R!hGx&7C{@2UCdMT&*(~m>cWJUh0*ot5vfnrV&`&-uwsA#^U*f z3ulAnXS{J=W4mj)4Y1N+)umr|?uZt^=4Boqm^p{4E?z>NNkuMSeKFhrm~+$2lVR{` z6lqOlJ}T)Zz}*0J=YGGVO=g*Unfi;N@8KH#F_m`%WVq8l(?X__gxMUU=qvdH6|Ls1 z3SZXq7f;3%mS+Ub$QW)eXz#jH_9J%vhtpj~Ui3Z`qE(4ranz+ekWSFP%n=8iKA*n2 z5+#6reb-ooR{Yj`$=7%!Y<0;@667Mq<}6~syZ>qXT2ofrky`rHa%UNnvdA?ZRiMok zm=ebP_WIL4X}QwHE|o#Dg@roweBaw;`wM$)JVN=YeohD^kW-ugs?hUJ1uD2+mn}^*NVVx{ zBG>Q0=-V5Sytmrvn22!F_-uU=^^!OiuD3}N4?l;kaH~V_9vehnR&j$X4gbEOfG z&Xt_?{D2}u2b$_kIhX0GodMJNh|aQLp`bHLcOhuc;jSy~oJ{L+;1~JIc&lix!ZcfW<*Vd(h~C0{-$pDC^7t!Up&=%!X%RsS097!RtfSopLP z^lVeI&$1v%m>WbiVf}c630GP*9k+7jgMsoB3MTmK2ULi7OIM&l6XBO4nf^)Oocy=D zC+ELP70*Zey|!u3{$)`Ug>JDj(K$;}`PTga@t`*C{e9q1B9z=$N^TAGWXUhzg}d)C zvz1c+P}y6cbiJZ@0;9?zU>u&y0Lzqm3b&jr^nBIL~9z8 z!R&447HLQqMz!7ccqt-vOj{F1?ldPZx)i-@a!FJ;8HxM4jv4MtbYCvOisbg(UY4Xd zruG%^_A4&x%)pfu`p-XYS#zfCpe3U@%NS1-$Q)!7X>gWTaTZm9)p0Soq6%KiT9>?i zEUv4V0d#sA0z~7K$Fp~Ub@KWm(5vjn0^Wk{Aa6e{XdT2;9wbmaxm24!6qAtDc`=0? z`Z$5Po6RkM{6n_;y*cd=5`y%wW!br`PLf3z5mbA>K1$~)JCAij-&npn_<{ep zBx~;$OzN}&0pvS=ani+VuG6SSm|K#SLRyiH(UgdVt`SQuKnnsqg!9IO{M>8%uMCoirJMj0~&K}2))hO;V9=LAkHEk1%QI2 zFxP_)ou=UdDA@QpOL*&o)>D?Go|bzGifu3n#^ib-YA|MAV%0lkD3-RiSS@(-Zy|&etostJR2LV-<^?_w`;xaQyTg` z1H}T0+mpDbt@vE96RS}s60X8SD>uWo8^XB>20@M7L4WjlAo|O^Zwb zC)W?sNqw<&o>}&S#*c31k90T&r)R59^TBF6al}4L8p`!8}W|KN@ zA{WB6)_@*mazBvZg`X|#qzpgjB&g(i`!A}$Qf3NCi^_GmXW)&?-TKVlvMhE|{Ke@a zRaR231@t>e?4WLO%>lB)(EMu2-$w@Ujz{fhZm^AgCPzF<5{H=rNCD<#SV4doyo?8|G6+`t2jNmF{Eh$5g$(Xfvo5YALZhQ%D zJ6hW2`R6*?5Nf%aW>OKe*?r>bV>8(5^eSLor#GzH~$XMk}Q~?Tn~St5lb78jf{E~_9$8_;aqGD!jrYd z7dI_q22*@DF>KI;75ec=^m6fE!()!Y;_PS~`*xU{-__?qG$DJxI$WOOBtcitBsnOr zz)2f7bUr?vC)w3C*%-s5YJR1&@oR_N`m3fYX&403O*)1ZF@EJ@-+9ys8CTa}INNKd zSDO~VzScG&YL^lXD1~i0b8y8ML(yRlqsjD^FD(DueMLCt@a=g20Ej2m@n^h8pVYlP zY@M+OV$(rvq4B0=K#VdCUtCoyiVr%+Q8+Pn_EfgYB8l9l^MI?>j#T8H!2FXMuTx?< z8vOq;_Lp%{MQzwOY@ndDAl)G#UDB-}T?$AF$N-YVkV7fbFrajgFr<_;NJ%3#k^>SW zIrPv&^K7r{y5IZ5`+Ru5@?&7nT5GR;?sXo=@#iZ7+fBc$2lioHxXV)C(Z%0PvO?l2 zieM6;yb0z4`Wa`SMXROdDvQe&Aj`4u;3o!O=TBdt<8`=Pe?M+wvU4Yp`MP(I<&x?^ zYYbQm`wZNO54DTgYrep8U_}4Pm%QioLXi0~W2x6;7iMB?N@kGRgF4+oas*5%LivD2 zzwk*cXxN;TF~i|j_f0pc3fV!U)sjs2b>c~1g6dx_cFMb*<~205?d09&{wx-mz<9VV zFi$0VTVri5-`g;&WA-8YuvO@idyt!N$Y>;w{4pI`%jRWSQBE4iSYNJwo{t_&3T;s) z(28t5b-zBf+3&s68j9oC1`1*i<}a$}0TL!iiA>o~k;4+Q*Fnb#z>qUtya!FFblQ(< zajPn@ob<`JR1W{m?2?dWs`OEa#O9F3jL7^-^5VltkMc;mon9dr*hr8vk9x;97}QOx z1Q`{nq9Od@c0eH&ZzE5$1H?BzasSo#@u7a{lmlLW$;2T!k=f#&ut#qC+ozrP`9(_h zwuP2k@FL$J&q|&rJRz#-uLfaO>|VSqWU-TprEVUNx8nW5N@)1NzP`S{juKw@D;I&fmc+C3Ihqwg#OVUu19FL}?kDO(h0gR|-p4#F7 zXj#SM2XjDK7~$m*`+-zNdigFH;QAuMO5YYy70=t}`DhiQD|s2aIa>Zf_0d1g^SQX1 za3=|SEZJ{hN_`L=tRFSI?*xFujb3Q65XAk|+7r0mJ$^`<06b7db7{blA6T}QR6jY? z7Zu^#iO&jCv)UcoKpAkR+}>n+vc<5-G$SD@O(03M+i{i=3P}U*BPwM+{-dm;a3Qfh zEI!bQW^7xmpw8u7#2kOp1Ktj$$woimD|;n`L?|MIjF9wm@@i))L)F1 zs?T3v{8NgGBth*R4Z0jQVs+)J_H9|)*brhcwHiExLO=T_ZEJ|{{e0R^--d{|(4dDs z`6Yzi0cpNfjy#-Ze!cjis?3xh0*DgoX+g`Me)^9zD>}8hn-HdJ)z_-3kU&lMgV_Ea zWb6E?FjKwyFjbfp&$OjJD<+C(gT1}OEuM9)*N0P{tCeR5IDn9|gRtEybmS znQM>K-mYaXVf{{b8Yd~-VpTe zpJzL}6D#EKIC2ki2Pgjf@_`3T)!kpzEAw{%iuDcge0LFNe$AW8Wd<7JrhsBAy2npk z#))kw$muRTn7Y+e)3!hstU7dn93WC%ID^j1!IQt1^AcnuA6qfl&$bSl^KaQD0#1>} z5z}h6K&*`9y5}5zkjgZIhKBqTNj^hniFP2R2K*6;#rU#w?DKV%Hx%qIH^Fc`;z8OM zcZT`o^X&h54{~4Qsrb5Q6L1`f6mmTX|MauTB;xL8G2?rBzHzt z@!z#}(!JaWWV*NmzbUgi(&A>4+DtNI+#5p%+ByG&b(hdh51G5>f&8wicp%udci+ z^sWGI%b8z=$rZHlRS?Bi&i9Rro9dfzxeFLTaiZ?FN@?w?E;OgLz;r{mX1*%`I8FM2I4?zxR965bqD9*WlE0;{L{AE003y#j3FMkcX4{RRlf?B(;Z_6OgW~z> z>sgu2+&P?7^kKowF#wjTb}oUI&-@w{|7WUTdu&^<390Tma03LP8lrCWydx*3Lc1Ay zErAzvFbB#8*DjQ6RpIwTmeQ@3@l68i)fmy6X-$R-!fqq{b6Zf$fP1G0#)i$7KU{e2bay8wAENF4?-xC1&=-m`U_q#0!3zE&&2M;|S+-HsX!B5#tpt&{4(WSo?eyIL7 z)3$)zAM3i-^;$ml-XIyExcawo01DJmm)x`ixsvTZ?i%WO#etvrMccZEa@Ny!Yu;-! z?ZEFQaRAZHA+%k12hKD1*;(jMl5U4n1r*S#P#o}|h0l}@)6k8EdA5lYjymP0DY9UB zFp4a$;?(eecNA5)o9s2k9bw{MX{q(}^3di+y`iL+6XJWAQL*)MjjOoxVbNiljTEMz z0XIkqTd`V-VG=Qf>kKcTs{dyK%xWX(*%7I}x-_%ndRki3lb(1`kY4#NW);qSxmk(a zx!J~D$thGFHg2zN8lqg~m#@#FAg)oxvA*=g{_}UM!wj*h{6h>W>D&quX5TKmwttKQ zWEax;APory_fgJ%LI9{#lqM)*$QPX7X5#trcox~NUN7nOXFA0K;uI(Ij|p{b<0fQ1 zsPHml)_;F=ZpzS&euw3L4p-|oZv()>vNC~e=QIJpqck)Bxh6=uaJ=5JISCF3c@|m%trY7Z8w-X#9miyoX4D0x8 z0%-|Q=JCsCpi^E=2CF_!4{Msvmn4DqQTo%B_F>5mG`rEFS?s%=XVxS-ja_-H2&)XU7`bw4dg@(8DA<0;;ql(&l=*> z2I*>QR~6*!rR2dmK0v~LxDvN_8Y<3j!?%}+b6WjY8s<=`#wrb5kvN>ToMYJ!6!NF4 zz>%U^x^M(@ABellJHnCjYSjWHi*U;*2rTMZAR7lVJ;$h2_>^RCLw{ApvT9)m?^N-9 zEqga@7FiXB+a8mfiCfJ>k#XpC`-ysCuj~isX`wagAyOq)%MCsmv~_ zjJebqF@!(6Wx3l=D-?!^Zl^7#Hc5oO-=u|$BS@rdrgS@g&_0UBr~aqgRD96$fa8Sw z$?r^nT1VuU&98IgR%mht2A(G_6?(Z52Vg`&Nl~n8*}@Hv*|!GEf2gDBwkIOB67dK9 zP@a><)VkK0fM4{VMY)&n`z)-91WwwPLFqNFfcO;>;Wk1n52oY zrTA5ioDPAGo;~IG!3*Tcj)cwW%64H1V!KUnH3NZBWB+V(+<*XpoF?s0pWIjQ3OMlgo=0P( z;$8ogHf-n7@DI=3tFo6WP>?G>!`~QVH z*7kTO)y4d3&liXEAC#+db?L&N9d3PH^lI+2m$9)jXU4L7l}2R9%@V<5rCHAZ_<`U; zh+I_ho0l26MHhfCxC2O2`&`2Z^!na3TsbuW{LV9TM-Ze?=+N=vCIZ-va7{L=yy-T_ zb^icy47|g#@7@8kO%OL~KCp#xZ7J0AGpT=-%_QTEyKMOs`S8v2l&Aq8=NrwMf`K|j z!GR1}?pBdg%;%65n zRrYW2iDMA;`$Se3 zcmXS$n`!Z$Z8A2=u*l}oYKKgk-`v9=X$EcOGzC;0SP}d=?s56T^NO_k;yitZS*^GI zV*Pw6^3y|fTjo6aO;Z#j3fN@V<~lf^ukX%T35G6RcKf)c^J@jq9N??~1{wZljG;bt z^o?A*AI7{;@7gmE{5%P+Av#MUw;ym3o+S87OKUX2^Fi9IeXXQdap1TB-KG%Q^eqPRe*uj46n!eSXcv-Apn_MYc zRmH$9$8X$v=SZj?7wvYExJ^6JK2rcxu2<&ZwaR#NTyIme9ESpKJ+%!pa$HW~w|;Ku z>aka7$ZYSoNVh=T;2^mH@YmQD1NQmC^a4U@x4=vf{)EeR#pc)>f^edTmK4)7pdnGb zBk%J9TBQ{g6S7azy)nZ<_G=g8nXqN_pmTj2p8)0ZSHtVmb5O4zvm=%Af`3aoAR6c* zUz3>}zC~h3(-#+>6SwJFFwhebhy9L`dKFUjU+uj3`F|{K)oG2IEdm#BMej7VORyK~ zsIbL_>95J7iOAG=L40aLQJ+krSON>vvGKyej2*i;RB&II&5|0POkkiW`{^)_GxQ*P zD>_(4K!V+U0GFF-2jNl%S3X#FjTDw`w*X?A5jr{<2@(k*r>qk@WMNWNNcyVASs^}& zvygKY3Hqmh@A|f}7Nd3cJPKFvw&lCujD&uentfIR(AWcPX~ctVB;Zg91Lh z=?5}}>t1G`4T7>t(LzHCt6jJux+*i|=`$F}m+;x-M8E&|1TmhIN5SN&f zS49JxrXG)kyG2X9Qr;tK7oNCl>Ch|voO5m7;wjDir!TdQRGWAKyvmXIpP$I01=B|V zvUby(jCVUDkw`WM=@>uepFEuZr0}PjQgu@O) zoy`Nqc8&u<|BV%i$Wo$?PM?j~+S*{~A>zvBPeH9kua?gk9M_~T9U;lXEjV0jX`%R* znLMwrvv`aI29v&>1fRLE&(2bSXn#mFcp+WLiFTy_O;tUeonLHl)mIgb_^7AUEk_ftfoLD$zAow7XH;BX7f`KM4o z5u$?@Br1gL@Ih`f>UT7h@}r|fXDLI^-Tfs-tkC%%Yn6qS4gL`hIf*ZGoKVo~ODS@e zJeb)}2q|vytZuZ+`LW!5*Hv0+%^Sq0&;V;p%OYLZBI-;b;8_;pBtV+b**?B(PSCi_ zJc}nO7(VkV4u6Xtkj{!6(3~BHAC4^KzOlSB2KRs1(09p{sib>-Dqp@viutiLJ6qii zdERNsL1|q1Hg4>EDXi*ZD9#xE=`(1xKaAb%TYPzC)5qg2H|JS~C_Q_}^Wp8$BJWKi zF|y!Fp`5!Lrs(`|3wl3}8ppo&cYQ?)F$5s&uUS%=pcAVZuAJbEMdhl3LAX&oT!+j- z(4%Lga#aFpAfNMvXJjPUkncwItm=dWn@uX!jtM)h3sn~0B0ISZsscggfH=gCLD7Nu z^So9Ts~+TIW_31o?gdxJHYm_sz>=b_bT4v*R$d!&8{!01=z2_cxt^Lez|pmQcopd$ zSw5qclNBHJ`GVTlrbR2O#H=Gb;x_8^wx_-1;S0m!9gXLOU-oMd*nEXbXGf4l{VVyI zgX#Ef)1bF!`xZ_4xN^Xf%ZjM1ke4*(wgN`GGj4_@D;{QSnT2jyelOFfp!&?1o=!FY zYpU{oaN6Sbk3|BJiN{+(&Z>K|B<$%z6P&YTd#q>!RCHJIT?JvpYws5QS;&y&eG-YY z+4kfBbo+bNuaV2Pxq3t1i6Fi{+CBw$GH!FvxR}`_`lHjIXMKKgR!Es42mX<^8_*O? z@oC>*-!FRGu`czprr*qy=oKI)c((st?M{IB9u%7J{j$jN%u{rVoFU&>GYda`lqJ&T zJ8;Y9K8j$GIh@pA>-Enx=w&l_boV@t_M`mQYgMTZ`JhVxu;hQ~Et)c}7nMuS_#7Ym zC5c1pkbgO|t7`d}2HHT*_15azZPVYgAF#m7`cxDEpd)j3SR0vxI^m^tTPt4QzF#pf z&XmQwAAjPWq`mC3koI05_;G-OpV1}OFD-DXO=uQOI$;=)_Lnr1+!+^`F?n1JIjstu z1?4^PGOOQDyYJ-pmq+WwcRk#ga)qSIP&vN%~FcOXsQx={DYmKb7Jx0;x z)G#WA))M17GR|3V??b?h!lV2?rLkg11n;GU{*CR5(ZC$@=?=a;VC45-A?`467=4qFHzLV4WtB zsgH*bSO;YVyKRktnT6ndI1dMtD5o*E|{=(G%hGC2S%>WL$bqTDUvACDI= zwyD}JgX7A~)-%*K#|A2st&@U5s?vqo;X>tlT2c|g(TZ9NUu72s``&{Her82Lmax!_ z6Cjo3AMqg~D@7SxFLYMm5H#jupOHNYRJieLd;vX{ozF94%M@0P(w98LKDb{_AJ!l9 zJx4ZO$S-orJ&sl(d8&oxH!ceb%>l#ifVDYBw9{Crs7rx;GP%_GtgdOe26Ch$ir_TU zBoQ!D6Ac>(o3UB-nTete?@j9)TV9>){rpDC4ULi$UhYO#3(99qWYy*P{=Jo%~#!g1z`9mDH*^N!uRS7-K~aSvqFO3pc0hwZ_)U)zK@AIrHL|+e}~}s3o8iI4@Zl z!G@SfEBqXRL=~K2GfuecxB9hSDcE3gi%KjE3sOi5HsN_KbjjqC%kak(BRfn%rf{^c z{Cu8M9eO3++|hgYr$PGLDcMNFdbDTj?LI3Et_Cs#X&*Zf;eUYn#dy`)JbPjf+h+A@1aQhf{MXAT%DK^mgV>;-Z@5BcA}`W<>V{<3$+&uz+C=EAhOP+=t| zIhB2y-NP;#ePi4l?!ydSy0@~3wbv|qHfPrSIas7%Bh~%p%vTy%YhsNliQ1YWS;{LS2P)R*%P)C?w_V4UYrM6Oo;v>mjDblFgyU#?%KNjs?Y+_H z+&pIM!J<5JT8+sYt@qps{3G%q{<-GgeM(qe%(?3iR<68Wj@HzA$u5r? zob`WC^#;1Nx4mlhu8|HFB}000w;>m?aq#dDzS>9Evlr&N=whM~-R-}=MF-|H(v;Es zj0(ro>_ymg{*eG=#Rinutc{6LiQ;ksDF!cKw8Oh!dW$<;{K_Y)^Wy8_gHw9h$e@OE1 zgWiRL_E^`FvAa&ffG77vDjGaS%O)Te@>5<{m_PM_c_<6zIDOOyk1mO)sz5`_`kF|T zVG-oTl=HZ&7EEmY^PcdB1!qZSqImI}5xS%|Xc1dxQ@aS1wj1e*^>pwUMTCTFrNnaE zgLgo9xD$Q_%*l}~I=f2w_@2@It9LuyIv19e4jm@{$;DctOG*aLL;~Y%2AX}(;#r?m z=Ttvi;Qk^_#jgFG@em~rWKITX&Y;4$H>UPU(d)gb(11$n!CDj6@ zT5I~0EL_U^rK>+8)Df&%B{alud{zWki zrL2j|$rmfmCE^;Egj?N3saqBhJ!EbFK5|%3e^JGNAYtg$;~^!VGg0g6b5}^wCnaqt z$||VR8}n5*Ao1RIJ08(Yt8u9BrEV%|_w|YvV zaZ45f>)NkZip~_&Gvv{JmPzU@^edvlZjJcVZyoR$sEvVVnXJ`GPi1t>xU57R65Q3Y zc9!ULEGdNBQ5Gg{DK`9Tc0k`=pH8CKhG6P==A8K|d{3V7{e5TT`s@6Au+AkF?z^bY zhMYh@t`g*DH-$G=C)%RB{KRwY*n6uAe_qRwsS(jz9`arK)rsWT$t;;k{Ikd}c>$aw z6%EZ?N#iVe3A3`HRl=e^UQao$!vpM%X2q+st&f$L2Xn)&{p6xxJ;h zX_maeLbL0!uxP~0IUIO;42n=Bhv%}e-}Y@efK|Pu;dRrXgP!XzCpOeTu)vnm2Fm|D zP3ZKxLg@IJrqApc-MKV1|>3rvOk7Pu8V(9x0FtXp2Ys z2$>eQ2s|92E<^^d5Vq4-PKfpF`rT!-DSTC>F+eQ$dYrJQh>a3UJ6nBtK6H9S0^Of9 zei7>opOr8!ZnN3h$BeQ3?Zc1PebEJub4IthfyR$Y$vs4>azWWc!sGEss-mFx8+)R` zy+@(7{z3B@wn*gws8g+V>||e7kV#x_j%M-os2E3rqU z$8mKRr`oL%7pHfp+PEGGP_tQO*fCjz?m-$;&X-=#XeSdB_}9m2_}VO#3O67-GC@rC zXP1A5e5I>YoPdiVDn6>7@h+=E`|@@J>Rf^;X3f*JIz|7mq0tT<03|KPwBd(iC% zGq#f$k?kEQirJA4azxSAc?KJSPu9+shT55Jkf^rDRxncL9KqL9X6IKuyFR$}?hXB~ zo?b4l8xY4(8)P`^Lqp-}l9rK*<38`QK~>FFjQ;&m$**lcc=uZAZNEh-AL|0mS_@mh zT?!(83#)k^!iPPI>`!xyC&)@n{X) zXO*vlL|TBM=x??nNEFCm!1_nX zHNGeV8g%la##QoffPLeW5Gw5|w@dx>s0}$Wf^UMRj{j?CeY(Y_l;o-?=K*L&c$x{` zRufmHx>u+I>MTH{bWhvi2_?G?>m4=|kxS5{iNgfo-~E_|TlSa5&|{QuHCk_`(22dw zn=9gb@-yqzZZp`$9~P3703^N1OoSB+vV^!3|N8x^fUk zLL2vhv9#QVjmc?&$fgN!aZS&?X5ihOjdtTjAdG36l_3JtAywkB1S$bJhC{Tp--&iQEoO>Z^+fi1$du1klQh|||VteK#2!pB5 zq$Q9iQQQPQSuvMCU)}?gsnNdqc(Hm`%PTN?_Q50ll6*}eTt;=hERCPTH?fkt>sRIQ zX0w2FM9>{%N{M5_fX;wPJr1+*ROjd6!+XMG`|m`@>gO+MBXF}3aZlXDyB}@pfmq`_ zT*GNeWJEsStk3+qh6_94{3HP+aR~eOW!q*y6^=OA4F$FEe;piT)Dchby z;EfC|isze?9#ab@>sBXavEUh(ROnj{uvC54U2?bIeg$%(^jkYbk_!1*w&ml!`)Ho< zN{~XhYg{T^EQjk#ozyK~Iq>5JkkoixD^#vO8SB}B&DC;{xUXb-c*%|1_v4}GMqdvS z?Zcsj*k`Nsz%z2XltL$dF8~Ph^NbE%VlC3nZLCtWtNhgtT@z?Bu)}R4+Wm)jcCXzl zDixH4Rr*r~NCzIS;~u}ZQPva`SFl`UtCo%gZm z-EEIi-k+&QTkSON`+aBgFvHF9niU6#nw7E58Pb{o@!HVe4!Hr+a$HqHJ995*&yTN1 zEBL=%mN5w`bW~u8QWATkE?nfsPgLBW-bmM!h@ho^Od%wHjHF-s9$M?wEEly-FU)94 z_T_S2ySvs39W&3kG-D&u>?-}t9^*#$4-Uz+wrPwp8lqN;lIj_{5}W$w%+Mb*3_a}2 z$;-}HlOV%Ip@qmY_DrAo$%8SU<+IPVB^Y>(N-hmh-^a5(tkxCSOqXv;VV&w){O}8R z5)??e7-2cMScP%PT;&>E_P#QTBOVO~Q#&(ADn=O`^`Ov@F z1=t!K4-^NT+JCt%sK?*%iiU0OXGc4;XFkRMBjcBojU)9QwjMmY&xc-d$%IeWw=?q3 z3E@MH0d}rg_B5DL4q6_2UT)?(ID(FgLv;^v0Lrp|E~8=9Ui$^Q)gGHLRyX!Bz?1KU z=-KRZ@td_%@A^Gnu*t=?*dla%c{%!5T#gEst)u1ifq^@97 z3qB;i?M@Dp>X}OAX~v$Jzr-6?RA9y`@c}A8arv#ktGA#%L~AgyQd36aS(l?d(4XbM z$x*1^8EQwh=_mRJBF27t-bK(C^?8JCGLuKvEKlkR6zadot_QBaW-YMxsMh0K4m@TO zJ$X1sN@Jbhwqf&+_3oghiewB?81i2M+?~kV*bJJ-4C)?E=fmRkKODl}!TGvLf+E*zH zx9$ZzCxkxcychi-L8OdrHdJ|E2^3%`={jxe%Su2{!;I>z#lN!Qe9%ME=NCi!F{rJl zl`NL}QFMtR3)PdJlszuFU~u+75ZkF5L7a2V=luW`I3OV)4`nJZZ(9Zey^zCely;PK zq$7QS-kWkQDlN_XTVO;5jT>J>8dFdA`%GeS9XbQ}%5BG((sFW16d%L z;*#pE45nfdutc}>^W?_QR3VBHA6EJRW1riYll-&VTSJ3!G%;{RQgvw^j-A;NhMoz> zD7V9*PLB|uXc{_skS{uy)wf6OD3ASi-=PcH0uS#pjH;hh7PaR)OtfEZ!Htx2ONi+5 ziLJgHoa9BY-cm%;DTB?%t@lLi)|#_k=|~{5NDoyR@SX*H)_aRr5eSSJ`=fn<&kFkz z%3Wy3UK>EkyZT`7I)R#8q^p`0rZ;p%I=6g>QE=@)Cbq0Tde%L;Xz8(TmK}1J84&BT zUxc09Dk9!gS=TyP;+Jh~q*5E{mRQS;*txa;lH5+pUGPi7wFiY@VpR7lntgH#s*vi> z9$`@GsJhbrAP4>h`s{etZRCIv4*Xk)e6`tlu`8Zy|N5G8x2KsJ%rORK~*!tu} z(Sop9+Cn1#>zlJiOyEQWYSS!!iQ`#-12Slae-g98^-cU^qvYX2#QmjLTzsnBmWKly z%|KCGQrDL))9^zt_r+gXU}6zH2fUD;fr50KRX(UQin`%NL+H{dY+Se63-yN1{G{6$ zNjQ4(ES(%D5Y8oG8E7|wXv9|rSLo?DdpSD>wrl0eI^rOHpn&L>#`m6w zv^XSXY0)3KZShJwUR5sdUAK#!ddvlCvS1_b4kJLGV;$1W;x|%&qpP>vB6m-2xFBZV zURD3e6Ij3L-M%xH+vW=ZIv@oH5kTPq)F_p8SCv(=hjPHr{_PjlTL%SboJJX77 zLWg`)nLC`65wQ%f13iOm`YLxUni2wpf0V@5P(}Sd3D(Br)1oNeq&spQa?OzXCck|> z!%okI&{$aS9p81sQk|_p2PyE#9??oc52{jJ6{=s2kAJj;AV2 zSYw3syFRU~sl9kp`0A=>(}31qGS5sddWSA!M1L;U9DF|UM{oI;@_t6A!1Ix*fAwDq zNO^yAf1r62aJIlAYn7{#HIpDooG!!QaTZFH8qHs6(Vlcnh1~A;U|B41U~|*l<)rZ0 zqrl{h#Li+G(P~k>oLI`AEij-xG-i19c*T#GS)uLZl==59F3%jJ)o0sHE^V*Q)^oYc z6=$x>YrAqP1+>~(D2R_O&IXhU=3}ybp4wdTKqN+}**>1)fMQThE|Qe{y4uVu`d;W# zQ=l*Y7CNaL+q>?&T0Sat+#@3Qidsbw;B~v`lZ2^my(iTnH&HBm0N^l)j@I^a7aQ;2 zkr> z4zp&4xo!De`8r%#xWi+LVj5(T0M-eA07KntG>U&i_7{}1ve(9gixMSgz!nG1h9q-S z$_UULX0J7CoEJtraeSxAO-sv-5!erR2NwI$9w(fo(@Xl&r6JU2;V$V2yR2la!Sne@ z>3cA~rOy#k3SPxPyL{hgx`V4rZ7Jx|Vs#F%>8W(Tr-t5U7hy}#Q}t4A22jt(vIpM@ zOA|r<;v+7%z3hN8L{xK=1?XABJ|}i7C>C?1>G-X;eu_eW>GQKhi^W{DmJT<9b{i%q z0JNY;q)6JuGW3$si~Rd*+g!2Fg|T$qXL}T~a#4rA%O8yp{N(n^-JHn%3hz4`eR_YA z)XO)ClCC0s^Zh9=O2&zE)0{BrT*Pwo4=-O*TO}Sm90a8E`&+<`(xTg9T$IUg#9e6F zTPG6W{V#h^e<&!{a$RL-nJWTKdO#>FKQitpe`}McC3E373}PS;X=&8evFNy>r2FDY ziFo+8wHs6L<y2C%(E&$pEO0WXGe=B{n*15`q|IlJg=3ATZ zD9aPOUS6xW4mL8+l5OP0%+U!1J%H+HK)V_c#CaUv0iOku?tI4wX905e$a}zhFp73F zYrEdUXGnMZ z6sN+b|6Sy&5#i(*W|Bq^7ZBp`DttBn3ldFA?z-LO=Q3{*a602ff5I}?=C=dJSlC|# zF8|dwBwabrD`%Wd36%6{tYFNg>4;v4-4|nKgv(Da6fmzwPqu@e8DSy@qMlbRZMP>p zQzw>B>zc{w=}A{U!=-DlwuXaCAM{M}_QuIU1b{75!+c`c<*EHnkl7S6TVd`&O%pRR*sMTjkoj7eF z>?v`p$}fBNz9HG}u_YNJdGpj6vE%T&Ax*id2HYblg=lMBU|ll89_Cs$LR!<~-zECp z1DlY+V(&QnZrw5bfQf%twnVtnz*S4`)55CJi3QV0LAEM4h}pjZWs?4L?l2XmlVnAC zVuZ#@{A$DBficFxbSL#(#n~)SsqGT6z3eX4+t~X}S*ZG^R!ZMPNe{a-m1Lh@E9A*4M=vc8{=;Ds*6U7PA!DUKMGw!u!^{Yr0L!g1; z(-m-i8;^(Jec&t~U0%zBqwBn5NtG>edYcSYT_WB!OaW(o`!e%0+c%PbZYdew`6$V( zZkVCxwx4@RpfMc({*mH$aoHmJkGbA=i+6rjHO2v(=-=!*k87`!wrpvG42D;j7Qhzp zA4Q{*dm@X5#8-L${5LI^gs@vqHP*!BPY8M`^jxGL#eOW-Oh31+0YOF$iV(X$Py4qGXXKb&W&@0R0u5J<4d(1qNfVpeUWFMF3eohz^&BCK@d zO3>R1Xyaa+MEItPm5E-kbL@?buFIBu6zj8=stW%;@*5CC-p54h5w$Y5d)rWoB`h~) zKkRXic{zCTc=jWt-4jj0?^J_e7rk@wG1UR^PRu|(V8MgTi!~~3clsRoB(<*`j}JEr z@Tqg3!ir!V9nSb=Fdh^#LCLh049fA9=K|Y@=sG_JUS@~K6UfJd@X~vzK{wq;b4JXD zK^`0rAAd8(lZ!Tn#cJ(l@@gSXO>gd2%~nQO7Xf0bN`AQZpVphQbKjyTW8wjW3SYP0ejjy%rvxt23byWab#7KG@SsX3J8H_W;Y+wsv3P{1p= zT(bzSf?Qwp>tm3FmENRk({_;X%J zKC`qEm4BS!lG4^wf>^TI1Ww{%^Yknq0LqVm)W$?LBe`dsbjt)(7ka;cZu!@&yCQGsK>No-FzCojQBb`r{$1{p-+K+ZEP9RB(Q-s(_>9BH{@)V@B-C zdKPz+fKwP>D9sM8!uW1x?7trql5?>}Zl0wu2ic*5EqnvUIuEuU10^!eyjUG7OSB~h zkiu~NVm9(_uQJT_^$b{h+l;gN1G(Dj?`_5GT0}C0xK&-Inx-2La^)KqiXHwFy%kM2 zAH)D%OIOcJv2d~sF0-ubmeq(Yzh@~(?>9NwXgJ0J1xZfkq~2~{bRxzXQbd<>p$5y& za(X|UI<0m@AiN45j_BRRXKLM2@~(*CYqwx()2;Ifvplg2ks{Z>3$r;JuDj2b+zKW5 z>{CNuWcBvqx+`bqbqW@}b-240mlII7s?VzedNlC4hQEF1GGhKhjU;v$PNIJ;@ETp~ zy_Jr7juCk6vyw3+gJlUZyPmdQy+BVnH!sf1tb{_Z<-HqLu?Kx=h?cfN*%XXCnYOwf zH#6LugM6V%A4*1DdJ?zY_Qa6h2HKXjCBh$OBiY|pbTTX@alRJ1`ecJS&?hZZ){p6& zWTRfM#e9+R#a9-7_q4=2cTWlNJ`xaQxz?j_hP)oxGR4(O(=;3B!khf(+zP4~hqk60rEy5l-sl$Ytqj+D_j z4$%d}&^05lFy4bWrT8We;JqIk4|1k(n}hw_=|KHXV+)lg-Rk$*hbk`eMEm{xzIn@;4d!FCAHcMQk)ZrW^Ng zJZ>RCj79Oe+p{@dV!}@AA{F+lB}5DB0^3wIldyp08UURik2$<)@ZoaznD9F9qgWxk zt@KKE%C^fQtu zgs9!%kEPxj`_ek&kZBg^XNvTZ9+RSfjC@*meC;3*eH;e!d=l>LS!RLMEEUw*jJdVp zU;et5SsP6OMHlyL$6wV)F9bv3wdZnH7c7B(DppJmUKTHAD@7_No0^L>kVP7ZBV42N z(P4?8;07Vd@DVLyJjhWld2XCP+H3ALW@z$IZpN8@XZ?6E2O|ZGHb}n8cxHODu;rUI zTH;%4ewW~=rtAV~X{FHq6l10xTp`%7E~Q=+I-;TACSLmTaNp!=d&BGfaZNccu`opk zCknMZt|=HiqB)UX0M+KmmyTa$wDl)5C5~d{&gUhr3{)UuHYV-V_2(9XS4&Yr_v8?1@+@0Sq-v|Ceq!&`5q%&aO&oo)_HL$Q+A)}~lduuKI*mRBHLY`>q z;`$d=8gy!gBlR@uhBWY$XP17z;)4uLjcc-Z=GkYBNL>8ig1Li|My^u%{!~&JxkyhO zcNsTG7Q>zN%R(B>iIFb}ZTw?Xx5e{_JW;m}An!SY z3U``aJzMr9PTpk8>5i8{TL1WiOeu@lBQ4sm?>_F9#;SBvt(9o*!)M+eYOK&x6bB?R#H<-~ZagF&i9hr8X)BgsJXw#b5}dZH6dc?Bhi* zJ)pBVlhTydsC@0IXLxU}Y}m;A7L|d1mch(ts$OWeSasYo%b}qu<(5hL2spa6q}w2> zu+t1ve_yD?zUF$wi4~5yCPk3Dluy0sAMN+iRw{+_ z4tsnRtgbbUCrbzxt2Q@`+`g};EGl}}~D*1`F>0>P5? zn!3cW{Q#b5aXa5qOpK@ChSn`c;1*gwM?On$PERH$8Bx5Plg}<4jbBLSlh$JtjLv?0 z4| zkg379P>JkqmysN|WyMwLW3gMe(s2LAS=xxQNN3h}JaC}H*ZT6~^~Y?;F+=bF9qUAr z&l^|GpJQxp-4aq5KF*_Q{g_A7gy6n^>(;oEe(c@J{XEIzqqnBOM)yokqFd*2eM+jduK z5EmRV&9MIupKRsUdHj?;*y3RxuZ6-jYW$gZ>wnh1KBewg?i@IG^zB;G@u{?E1jc}f&NSF`>?g;%hpd=YQo zjZxuS0r(R)pPzNBNfdKt8OdAgG|d-aq}l%Fto)IW+hvCW=gsp7$xp{c%}TNc0}cQC z>bN#z(`(zM%5|3Le^bRs+0%dbg|LU3KGD~L&b|IG1sbQEeepNjr*#;vnA;!nB=I$Y zM2@DQqmnkSS^7Z~)NjQ4NMC(eAXs)G7R zFS2v1f>6x7S>NANRL+Ve@s2($dIXcUyi6dW{NHV{fJpHDorkJ>EpH<=5Hj=P|8E#n zUQ{i=aPzo26?7%bf%7d4R%`g?nav-hCNR68&VSk5YK_lpR5{15Uzj~4ao<4*3J42S$ zd{SE0V}7yycW@->8|G2Rd4tAT{)V<^;f(%y>5S)7F0+SN`N4rhZwUs$lhm@dCCguv zIQOTEUzfw$fhT285otr?9I3)zqlUTHM|rsnBOSA5bTR)=dtd&LRND6MEY(bA)?{d! z*^HTp5L3BtWQ9&@8t&pkYVL`-=K@w{7NkxVSZ)}k=7zc9u2W`al!_ZEE>AAuZn&T# z==W$d@B7R=&-Xug&o2s`dpY-gEuZVUKIa^euA%U!s5xWxPA!MXqkl@#x%J6qP<^IV zYc8w>{j2VOY$kbk+=EzoM6~;G2jkADab*gGRxseZv_hAz&zfmTDXROIX9Bji;gWpB z*`R~lb4~=Rd7yr`u_5# zr{J~+x`EhLyW^V!#ctVn-&SG+T_wj9FLb>~a@zaGmK5tvnvREu*L^W&vN3G%4i^8F zph)rp{mv5^>|r%t`WsA7cXw;&mOTWl#7aXjltNim)wxTR5fd}p^$(NT#tI>hbmswj zuZv$A3JRS$)sh6Cmh1P7={<2xby=D-D|*dq3YUgxUdtSD$O;BlUh7{1o@e;4I@%6; z2fteMA!Ag!wi0U@pN0_}RRGr$DC{3sLI^!n?!F`1`qvl-?e~0nXyfB2x`Iu{ z(FV6_X-YCQbI+eEhLYj}2H^iUT@TWi*Hnf2H;4Me!c?BuLlZ{XuSn7}*hleXsO|o8*nkP8?7j*@H5qDL|dLw$_gdMiWV~}LCzSBA;&Y+1ib;n zWml`m%f$oyweYLG4~4}?(wyXjKem4NNhA-Ce0ZSSz(IxpEG=joCkD=6Qc0f^&q*$T zC6!+edxqo{w`}eJ412W#dMO52iIATF>%MY^IOMf;AN0>%KO%Y1V9l!r{XbHZNNj)q zD#O8_<{ysB(E~o}Nc)!i2C2V4AcEYFow%rks43iB9@c*eS_6roC@J?EFd>Tg?%g-0 zk!PMepQzOPc&qOrsQGKRts>Z&+)IEn6cZCC)kZF|vVE6$wjR9m7o2jBWpdy3s3tk$ zhY|v!7Z!&Wh>D50D*P}F{3Zkt=gcN(EIG`BCk=h{8fboIe%twpflehrPwe0+zdPqR zXTo$Ny{0QPrY2W~53CeZw3oEPpO-8ZT3}d}Jb|$?@n&8Ycm{AneXx0rln`9=#)xFp`VxHA_WL#f3s zojf4@%|j}9&RN!B#-TIzoSi-R-gYP3;w$D%dtfHlI`G!jcwk<_B8sI{N$Ch50&XG= z9M&vH$B$)l9X*-XQCHXOL^Q2^hfIjFbr@He}oRh~yX-_d{jE zk3oT@_d^gmNdU|e>+so4XNntXy#D=#{6R{XwFu!eT%I#3t0X6j&_eA|QBPLX4PY zuESCp3xHuZM+lS=TUt`BiwKr`T|FlgX{$^e86VyJ_V*eJ5+S!ejV)9Fw5|c5jW=wC zs+IlfBX7h)hqPM6RJnf=z;xl|$=?;W&l^p z-1g$y+~(K2&DgUgHH-CP!T|)Ln=$oKr$uttL3R?>1wTi>C!@&MT zOjK~I_@?EaS7i^8QGs<|&S5VFJQAi>`u5};3Sgd!DZEs8f1`c_TN#`LL|7)RL^P;b zdC$B-H*Z9<_&2<+a%HGIG4{%Wnj_L@XRv-{2EL^(gUx z40&BBE~sm!uDp!a-~#(U-Jcg%xT z`mbh8$19Fc(E+5q>pU$^S(RXc(GNmsJ{Q%E#UWH80ZOGqbfuAdU|<%bo97!&60S}Y zZPn)icbx2}93kkQ3`-qTVk;5v2o{BXU58v%KuFCC`de zHZWhJnJ>wCGNltTwvnQX`p)iHOyk?LsJh}rsb-Z*%b38v z;&=eA{4wW|ueA9{s(yk;mmVq^sgsj~#LB}3S#qyabPn`cAL;Mxcspo`MFzSD`pouN zR50g4gcJM&{r8{uTKAe?TF)*Dj|y}ae!RkqR-+KyW-aj8wVNJ9=4;{Rl3;}S_?%m>V_BmnJX|Q=0@FXDqDai8hp1@{S3ad zJgR6bBLVFCU+UO3N!4OJL%!J1ck|Kcp{}-)B|U=j#>dG}(jGbhDF;*Ltde+LAZPA( zpo4GwjS{FmrxM&6QnLGaXmJCYs&~yGiNDkdUx^J}+ z1VejVD6Z_K#IsS{`AotadkY7Q|q`$`(DYZ^-#HcRRvPD%V=3mUJz+FKI@^ ze%$kFb*$nO&wO9wv%|09a_t@Dl!FD!maPT#?<7VLB;hsSZIEF#d|j%ROf_ZN;yySG zP>K@{btxWxbbS`@RihSOm~hthO1|PTE_KaT$}ffr-|e%xbdpJdrRM$1-n1-Fs#*4F zJ`TzE!XPXhB8w@PSsSJpvrYrE^$VgsemG}LJH?3XhsaxAYL>z6RPVxDRBpPM7M!xJ zeCk69l`HPO1%s&B{>Did$|1<(e+-iGZ|VUJ@<|~5hCK4^J~!ja+~i+i{Wdz9h%i)O?)1dT{5_qx3RQy5YW|tk zqH(CHAbKKHhfSRZe<F zzr~jj+`2bsv3^+O%w|p4;SL#>2jn@FV|-7@EhFRY&>@`uO^g>y;2=m}%S0;WwH-?D zjD&=S*4At&kwel#({zgK$ivt}2ZS0i`NC!*=a-P=*$)^aY**y_oLSqCo>$L2`9Y#vmYpGfp{W>^3pOCiT zgWWY|xlr#DjAfWa-TStRVfnC!#% z{YyDDGjrz=I=EFi2~qv8Y71u^LyMC?@_bX^!`E<4KaRw}_soZ%pLg?j|IA0se$SG0 zLTo&gJC9+VT3>Wmf_JWmI(>Toz}*Qh=zb?2ra4op+d17ojBsCB8|AI@{R9zD=08WF zp#2oT#%vsAh&UOQ?Tjk?))KKUIP7D*?%=Gse&{KuN4uaxlHK4)yOic5f6=0d!)8no zwN!8_h8{(LZLlfuZ^Q35q@-+OSt4I+KNIBm8VF|hw9hwZH*0b605N9;?rnIsy)_(` zTIxvIky=4Lc(A!&(+?eRa2WE+W&v9PtuV7=fL-!-7$J-K^^s6HXy3PXNo81;hoI1G zrB86`%@sughxPVK{m%X*&Gz4)Qtdrn3>6d^(fk}cyBsIH+>1r+-(+ni^v+~%%9+4R4V>y=3lYfjvKEa9_Fr^;{YHTFoxoK^Ex^bgY!PYS`dPm7r9w;ZR{ zj2mU*wx&eLCVxhqvfb~$mkuMDT zmEo&5%_xFI@Kjox*R`5!=M1s?@U>&{!(a&){p=ObYIM}=OisW90NkPqXQJq?2}jzn zj(KQAQ{L;cz>VH&sx-lk6%o+&N4PB4H|qkv7JhzG z*wT-6uC!UoE{wM?Ee~LO=t!KeRhd;UJC8oD88ZhICjK1&w$_3{@~`cl0vmz2iL)n!3P7 z>8=r8-D0xffp_G4h}cq9KWZ}Xm9B1P8e7Pf6> zb`}Sl^U8k>tDoo}mxo$r9Mv1*y~1d_EcGiDgqO?ym^e8}qS~tg53iM(5{^w;i#{k4 zZ1zswxX1sd>j8|Q-V+*$=h!aw<#O2E2L@hCeb4++K6&tO^0a#KNTwRWHanj$n&cwM z23~5f>^X%koo#s_9DhptE#BNL7i^xJ*~_0O$)WkGm!j8SPkP%)5slD(Y2`7_o~%dR zkK+}`?^fKoLJQx%;bih|9i{=k~BXUitS)RDPHJ1S|jJ=&68 z{v9u`CYYKZtk>(UjVsO37dlNUkur%QV^7T&1N zOCh+S9z6fae1(!z4L0acZga_M|4CG**)_4cS^A7Se^Eq2jz8l&3M@@^`vZK&3i*>j zozKvFI9>FCo{-ne9#CgG97u6|TjV_zQ$)jgE<%sgBocz1Ge0;&1<~v%WSN^<3_VAY z5PHJ5-lCB#)cxQO`tbZ@k7acJ-*OQbfthD%>sGySI3;7#1Zqq`!pa`$^;XFHC$xun!;-g^-6#FK{;*X@ER5T=Iqz3NZgIT zQW*EE&AQ0b>2Fda8EXTi48~F7h&7M`q)VL-fUkX$epg(xP<7>GO*~MAWBmxqsCD3; z#~Nf9DsL6S#Qu^dS%OYKBSeWEi~8drb)wtu_JggN#=uvLgOJ9rKR8 z5qF0-yq6eB+DflJff{lDTepi$Cd?5QP^ouGyyK))v(=@AmW}+wuPHr0jM_BSN?ruH z^MP8XHPe%s3$^I|HUvl(|66+DDHuB+NQT>oc~E1QluRqr{nlcUuQ*E@C6keEs2z%0tm;*I3z z8NyB~$Ggn}mU@#)x`kXH!#JiEuUuq0Z1wNAdnVkW0eDnSqLJYyF`L9iha|3lZkHX8 zCojSt;tYL%{^!acFn@91e#t4?Njzs#hN%cG%Ap#tsFV5g<#p%9e-boq>cSu?>dCV_ za^X7qM9Fg*6Um_h@J2O~v*yW+h31`u$w3=mM6;<2zhwV1CQGER{KBk;~O(Hq`@jzq@4<0gZSZS*aiCYs#a1Ogz8Y(k{fll|z& zgmh|^A`qA~jK%9_96jJib-#m;nx$D6ZffBwDm`(pm3hxCm5;;PgwP?g zgYuDwA-gPPoAdH62E5Q41cvym_Xl;@6r@8K**mq^l8M?)oqtq6@&3yGr_1LMrN)THFT~^kAf!_}|l%Pr(fwMVM?}0oOeq8Rx5;+H2Kiq<}@` zU3-XBx@k10(be6BDf3nfV1Rok$_k)0jYOESW9npjvd-|ccaBedP{LzGlW#=}Pdmld zf%yg|G~>AU^_zaA29P127L((=6R1^XYCVe_XrzHP2r=B*<_^V_Kex6~lPIU>TJ2EN zZKH;UMgZN1v`?lyR4ZNmMD~O{40VafkTnE|L(}Q&cIa~9S#iww{fNIIyK|^I%>?MW zE;9)h>4JA>S!eika!qMv*2kuVzo+J?!Nis~uaovn3Lx?7v*lO|*4r{@!j+9eB)g}k zZ+Z%N+SGL2!^xYXC!l7kn_HR^&IwTtFju^NuR7=48oSIq3zYd%fV^o;#YTwo4~-Sk z&vW3$moZY!8M&gh1JFqW>-GK_1Iz5E{ML6_K;pvLxXj2KH?B+$!DYZ*m`mXoXN%#| z9`c?SR(_NXENo9%s*&|691kdewm!NwCS1LqO=Xsg`r1=N)Z{W{NSVy-|$w$!}jrm$Ge2IA*k=5ZxAg zbcV4NvyzP}t^*a|80?F2?N&>(EO1*&;)j9ZRe%hndOi#{YgM5qg8EcgNDrp;`Zr(&JDxtm8griE>iDA{%JDT4vy8GHoJ!4y zCz)y0(*NOu)d?dfRHW`m&WTfl`iPs9>7?{WP?rfX;pUci{ky;3I#*T72=JGcKg9$% zjH5HAqkaY|Tnj*11E`w-9tUWUL+ClwUHWfcc+0s5cjw!r@ul80Pu)@hYNr2vp4#+l zpWo`s!;f5xo!ASMGwe&N?11V0!wvbMqI1VrZvU>oM%%6x1rKZ$eaE*7BT3k3?D!q` zlUquvxaRc5lgHlOKH2Vqs-*)T-FyyGO5QSS5rn zUv?e1N41}y1qx(m-=1HJIR>DCtgdaeCUzM}D6|>6e#lXDhDXO9c+HlEDArrbgl`KH zP~}qC#tvdoF{x(l$Twelqjd2?Y>Q;mr%$dTx;|xlnZ?cod_DcfjvLe}@qwPSq%h%^ zL38!GAl5ba1`xp807ew+Nc-O*=crv8Mk|5&tX(FCOC)5P#-O5u9%lP8{?^;|z2L@t zyi;p&OoP;U%ArieR%v>x2$`k%b?8671srbtqn(v{fAFR#0C4HFDfle>!F^lb#U?I( z9r}gXC8>79-0PT#-$z?gQVNzOw`wxxpmz2DoLXknKqxIKP^bkI7;(Wb0CoqUQeroT zx=X>ww~Mm3_jRT{1!p!9rWuG{i7B?u*GTtpGIWkn{%_}OO;b!P_+~AhISR;W<3_5s zwG6ONe;qnSP7)R&wGTkXUhUFDwJuVkq0dfB85dZDxyXGg> zShj4U%Kfk1Z~b)n=gETG?ZLt?e%OkQpxy3&oh~M3f95a(k5_q~M9OCo02Y_qaU}{#Rrrw3FV{x1 z#(w(iH^A%!_(8)&6NlMEx{Yg{_w~nrYkF(rCS1XGFI8L~ktp-Gi+X!uBUdt9II&Du zzyO>j%J0x2_Lnb)qg+j_8c5mne+Lj->^l@7r#q1M{MST-;c#bTB8PQPJot_mOf0dZ)3%+6Smf7$K}^iMz^SNlqwh~03I3|SVrLxxt~A?U956S~ zt+4>y1X7Gh^REM3jsO2NNunqC-oy zG!v!uEqCDgxG@3iLhJT~j&B=LV8!}VKTua+zbsI=v|yw~T6pZy`>gWw>Ah|AQ^6t}tl!UZMity*UD7RkDInriilFk4ewc z#*(nt>fSn+3Pi!41TI#pnJ(Qxcakq#FT}C(?$_bh-pI-F>!Q1yUuHy|x6kKugN}6eIXDM#X6jz4aSBsuR(Z|0ex#_FiDv5V^0OK+M}ugD~P{TdYSP zL)xtb4D?*P^#v#5-dV9Yky_gMM~|}9F5}IYj8U&#$(XVSpZkhMiAKi*0`uLyGRKl; ztz>mv{JY*QhHDNSm4!&$H{kG^hBFO>3B2jP()J~cFrg{gMw(QQrucL1>|CxhGdY#B zB4?IdM4nY%{R>MUncdscfs7^fyk?T?h7Ls zfd5d$dr*1^NcW~>F0awZHgsofG1qu$)gtC1e~mZ?-Q^wtP<;U+L4$PowZ*2Hh`J8m zG@?t;j{i_83lW<32wE)U55qWq3w?M|EfVDNuwiY+O zrEk`c%Y|u>ZG7QoAd3%xoj}6z#u463h4o(l#%3P1r&Vcmo1O*KNL`M|uG5MZYm+r2 zP562(iFWHi9XrN8a3~>Rp`$mA9Pz0vnaJ02y}t6a`Q^ky(4~NnqxE#H>$AyYRHQ2V zYSd-zyPAE#!;TI%d#$?1>*B9pXdSLRroT2bVL+Gmub3XRS)js?6LXI_N^#sbo{^Wg z^7NHIZ3J(wz8(3JcuRqwRDAWgDuHN-%agm0^IH?hH!^00*M{Ge7%NLBSpC=#Eouwk z7d4t!M)?5K$eb)PC4Gs&hR*Oe5_Dt6zOP_|+JqhY4~ZbsPMY14f7P6ZbGu6#jxa*4 zx5b7|x6g!brWUP-w~hqLPWo{ittS1Zox8EXs(OUQ@bxyH2Z$2iJ5Ctsyu3=i!h7_5DI|8aWv-)_0uoKMwvOPm@F5Sz+Y_bzgEVKf zbR5z_%@VnmQHxX!u3i{~7E8x$S^>8;j1&$I1feH`l<+1%UbVo!D5GCfjW5ZN_t|J= zaNV&Lbn2?FqX+MG>N-0ge1z={J&|#`h8i=v+!$Ekh_88HP}DOLh782K5Ir^D7l3Zq z5Fq+A>XaSolD6o0$#%6p%cJw8TVEp3wobtxMk@w!a&-1IzlL`(?NLE(;tMuER<*4$ zqL^BBwbF}I+Ew%h(KGs1PdUnRVLBiAzYb$NhaFLSUWo&nx zxCIH`|1N4w|4Ym?05M|`kIV~r%OdVzH+W}-xP`({VDT7Lq|+nG2AFWFEyS>;9TfmC za|QMMeCD)qW95Ah=1@8KL*qCOc+3Z~7hS$p;%m%rZuac&!nD zWj$!}!4xz1=K+fQ*xm;SV~$|5zdgWaR zSi-40wO)6{%BAvRdsiCa9FLYa8!@9B@uZ#w_;NXKsl_4nVHj`n#=WB~>o| zZx%G#+l934b%;nZcZJE?7O_AfW2h*Bx-h*aM6VH zMYzxb8r&=dHIJmr>vt|21u#PKuI(%m@ML86hVZ3}A^~$Utgt?8eg?5}$Ea07w3_@$ z6-{1BMAR7VD0GhT!<-6=s@+fXI>k^?vcu66aP1*r_hn#}>Z6@d4i zaea^uFCO0DT8{U}TmUKj8YS=IUfeW4@YFwCC${4B!)91DsXr)c?noc@m^QE=FFN`* z`@VXAu`_;UHd3ZOm&+%vyW*OwYh`iM4E6M*`1tAg%^5*S^G4zMdCNXWm&)0eLrUg)wS1o4tj5mcz#BBnMvYUTK(Y3mM`6(-y0*dlba8I61q z!@1^S?a(}McMVg8+kM1!x+fGf+I}-95vyYy=z4kVXQhBKMOFC6qS>{$!69T6ql>7~ zPpQo0PZj$;!WN=lxAwdt?W7yL%)9SGEB$z+C4r7vd_zewk*P8irHwChHrkg*iYtN6 zS{nt2l!`UN1Ya~m8f%$`bsKZs7MB2cB+-xK1n}ArlM2Opzf||*C+l64Tw7j8Q_GER|%7WAc{?E=#w7dKnN!V3|B$uNp&P<`Ul&?;kDenXyte zh73@R{G=P=GQ=aD-VNB)zFCOPt4a{Sw#}Qab_pqwJAcs8{~fZ#Xr5d@(H9x56ypY& z2n#{%DCWOwkkEyz?BL0nxXk9YBG<3gv!uQ2Lv#T=3olv5JaHNz2lGE0n@h1Bk7ouW zYM%cqNe`V;O=309J2s9cd$`P&^GIn>eN}^Z%ZkNy_^8kL<*HY9(zhP0D;0dWYjsGU zi47=Td7zK6sr7!>uD&H_m-;rJ{*RnxK(<3RvB7PsKJat@pW))rb~^w6zWBfO_!?sW zpEv-z@ZZ$K5;YJ5&|>Az10kGH8VFFgqg4Imqm1F@kvE&W_I8`i-S#(mx7GRr()>LA I?B!ek4=D6o@Bjb+ literal 0 HcmV?d00001 diff --git a/docs/source/design/float/design.md b/docs/source/design/float/design.md index e48e50c63f..5e2443750e 100644 --- a/docs/source/design/float/design.md +++ b/docs/source/design/float/design.md @@ -50,7 +50,7 @@ Typical modern DMZ rules are: * Non-goals (eg. out of scope) * Reference(s) to similar or related work -## Timeline +## Timeline ## Requirements @@ -93,6 +93,63 @@ My proposal is to make the bridge control as stateless as possible. Thus, nodes 8. The Float should protect against excessive inbound messages by AMQP flow control and refusing to accept excessive unacknowledged deliveries. 9. The Float should only expose its inbound server socket when activated by a valid AMQP link from the Bridge Control Manager to allow for a simple HA pool of DMZ Float processes. We cannot run the Floats hot-hot as this would invalidate our message ordering guarantees. +### Float evolution + +#### Current P2P State +![Current P2P State](./current-p2p-state.png) + +1. Flow has message for existing peer. +2. Check queue for existence. Finds it exists and submits and continues after acknowledgement. +3. Pre-existing core bridge picks up message and transfers over TLS socket to inbox of destination node. +4. Flow receives message from peer and acknowledged consumption on bus when the flow has checkpointed this progress. +5. Flow has message for new peer. +6. Flow needs to create a queue as this is a new peer. The name encodes the identity of the intended recipient. +7. When the queue creation has completed the node sends the message to the queue. +8. The hosted artemis server in the node has a queue creation hook which is called. +9. The queue name is used to lookup the remote connection details and a new bridge is registered. +10. The client certificate of the peer is compared to the expected legal identity X500 Name. If this is ok message flow is as for a pre-existing link step 3. + +#### In-Process AMQP Bridging +![In-Process AMQP Bridging](./in-process-amqp-bridging.png) + +1. In this phase of evolution we hook the same bridge creation code as before and use the same in-process data access to network map cache. +2. However, we now implement AMQP sender clients using proton-j and netty for TLS layer and connection retry. +3. This will also involve formalising the AMQP packet format of the Corda P2P protocol. +4. Once a bridge makes a successful link to a remote nodes Artemis broker it will subscribe to the associated local queue. +5. The messages will be picked up from the local broker via an Artemis CORE consumer for simplicity of initial implementation. +6. The queue consumer should be implemented with a simple generic interface as faade, to allow future replacement. +7. The message will be sent across the AMQP protocol directly to the remote Artemis broker. +8. Once acknowledgement of receipt is given with an AMQP Delivery notification the queue consumption will be acknowledged. +9. This will remove the original item from the source queue. +10. If delivery fails due to link loss the subscriber should be closed until a new link is established to ensure messages are not consumed. +11. If delivery fails for other reasons there should be some for of periodic retry over the AMQP link. +12. For authentication checks the client cert returned from the remote server will be checked and the link dropped if it doesnt match expectations. + +#### Out of process Artemis Broker and Bridges +![Out of process Artemis Broker and Bridges](./out-of-proc-artemis-broker-bridges.png) + +1. Move the Artemis broker and bridge formation logic out of the node. This requires formalising the bridge creation requests, but allows clustered brokers, standardised AMQP usage and ultimately pluggable brokers. +2. We should implement a netty socket server on the bridge and forward authenticated packets to the local Artemis broker inbound queues. An AMQP server socket is required for the float, although it should be transparent whether a NodeInfo refers to a bridge socket address, or an Artemis broker. +3. The queue names should use the sha-256 of the PublicKey not the full key. Also, the name should be used for in and out queues, so that multiple distinct nodes can coexist on the same broker. This will simplify development as developers just run a background broker and shouldnt need to restart it. +4. To export the network map information and to initiate bridges a non-durable bridge control protocol will be needed (in blue). Essentially the messages declare the local queue names and target TLS link information. For in-bound messages only messages for known inbox targets will be acknowledged. +5. It should not be hard to make the bridges active-passive HA as they contain no persisted message state and simple RPC can resync the state of the bridge. +6. Queue creation will remain with the node as this must use non-AMQP mechanisms and because flows should be able to queue sent messages even if the bridge is temporarily down. +7. In parallel work can start to upgrade the local links to Artemis (i.e. the node-Artemis link and the Bridge Manager-Artemis link) to be AMQP clients as much as possible. + +#### Full Float Implementation +![Full Float Implementation](./full-float.png) + +1. The float implementation should be built upon the AMQP Bridge Manager code and should not be mandatory i.e. there should be interop with older nodes, even those using direct AMQP from bridges in the node. +2. The link between the internal AMQP Bridge Manager and the DMZ Float process should be a single AMQP\TLS connection, which can contain multiple logical AMQP links. This link should be initiated at the socket level by the Bridge Manager towards the DMZ. +3. The DMZ float only needs to receive incoming connections initiated remote peers. No state will be serialized, although suitably protected logs will be recorded of all float activities. +4. The main role of the DMZ float is to forward incoming AMQP link packets from authenticated TLS links to the AMQP Bridge Manager then echo back the final delivery acknowledgements once the Bridge Manager has successfully inserted the messages. The bridge manager is responsible for rejecting inbound packets on queues that are not local inboxes e.g. no way of cheating messages onto management topics, or faking outgoing messages. +5. Outgoing bridge formation and message sending should probably come directly from the internal Bridge Manager, possibly via a SOCKS 4/5 proxy, which is easy enough to enable in netty, or directly through the corporate firewall. It could be initiated from the float, but this just seems insecure. +6. There is probably a need for end-to-end encryption of the payload, but that is for as later phase. At this point a header field indicating plaintext/encrypted payload should be sufficient. +7. I have open questions about the management of the private key for the float certificate if the TLS terminated is directly onto the proxy. This is presumably stored in an HSM, but I am unclear on whether this would be allowed. +8. If instead TLS terminates onto the external firewall, with self-signed certs for TLS in the DMZ this is more standard, but breaks our authentication checks. One solution for authentication checks might be to enable AMQP SASL checks e.g. using https://tools.ietf.org/html/rfc3163 to run challenge response against the nodes legal identity certificates, but it needs discussion. +9. HA should be built in from the start and should be easy as the bridge manager can choose which float to make active. Only fully connected DMZ floats should activate their listening port. + + ### Challenges and Unanswered Questions The main uncertainty for the Float design is key management for the private key portion of the TLS certificate. This is likely to reside inside an HSM and it is unlikely to be accessible from the DMZ servers. It may be possible to tunnel the PrivateKey signing step to the internal Bridge Control Manager, but this makes things complicated. However, it is common for this to be configured inside the firewall, although we will have to see our non-standard PKI interacts with a typical firewall.zt diff --git a/docs/source/design/float/full-float.png b/docs/source/design/float/full-float.png new file mode 100644 index 0000000000000000000000000000000000000000..bd7e67698090b0e0741b45e5e8404e9b02897e4a GIT binary patch literal 166024 zcmZU)byU;eA3tt@D5-QK0@B?f2m+Jt?j9xGrKGfk2&06-DCyBT>2{3n?g5h0-`D%| zJ-^@io%8!+a5nC?bMNIo@1vg4>Z%|-Y)b4$j~?MEe3aFE^a#uL(WA#c&z}K5U(izB z0e^Vxp$U?CR541u3p~NFlU9*_^r$)!=hgxfc>comqk+exNBCX;Js$VD6k9)f^iZfE zE3NHodXSBkzA!NvsdAM4Cjf^==I%pn+XzgLnep5E*PaK?Fd|Z!7fdhO#NU5@RB>kN zbX0+3?$6(*_Y_7^RgDZ;V$WW!(1jq+G8S(n$NaQy<)O%rV%LZ7F0&-@K^Ylk&$o(Y z(*F93oKW@MNY(BA3*gad$Av|#{Wae!=39_6YC4;U^_Jm@x76j~WE;Xl*>roF7R_U6 zRV`yFVWMv{+$X>U6XO# zx)HA{@^F95d-c{FJNN6zvE7i2DH%G7E|`3{&~8L<8h1B*3Ne;hV zLWY@BbqHbuY&+qXpUD+b2pn+Jk_^88M?cNnCSJ^HxCHz5&UM;X#)SQRA&O0!ql?y+2_dFt%(VNJ&!=6hd(_jXiynJC#c z$G)Hu{hf=hEh2|#s!gf&z}=Fj#|0~nX?(70?W?&BDYGRn>{{H)XYB5OeL;`0_u_43 zm|xLX^BBYFz9Qf248=(3^Q4O@er^G8T9(s@T{WB2x zQ~u#qi-ibruJ)}Th1%zR4UnK^t1pl;(!IceCA@4q&)@vLr!_r}=<$AeYO@k*P6;Xm z8yfyZeGw-3pmZ*1sRv=A`{e2=C3;dIYyxMF$!PI$w!*qg^X+$femMYJk2QxxKVYC( z*y`x_lFduAXqBB!abVjqoaiw~5joc!QMd0KR*Ec)h$@l%rOZT|e2^Ku)^=o#Tw?1% zyK4#I*<%jD+nK)XJ|taVlaj+dBnr@t3pSF7+v`?7!-GX(qImp~_%C4JXZ%~g&LrJC zk%>rReck2N#3!Ba%SB%p5`(Z%reTXow4fic7kVAnIy`zo!%`2oh^%cB-_;0&aYNra zV;^I}d3OTQhle>l1zCEPSD9QFplWpYb8vs;_s|lRl6UA5OUIj9QT~s=zP(cQerkl6 zvu%`%X@rf3{MhBEa|x+#in$; zXOvg=Z)Xmy&*HR|`c53iix6OKiv0XG6eqfm!7}v&W`9Qu2MwPTW0!(N+zJ`mt-H4{y>{Dk`Int18B?2Z8Y zhe)38aisHEa4V6%c->JAk>C`z#k=lARjiCru5lU8y?tIXF|&RAGqM^Xa7%6)Gqo=B z{^RE4{jXJ1UfOkgb4FuND&A-0#!R~B1+FAdbDdgAI-ka)HMmrtpQ-mtq+P1Q&y9av`CG0f&ER_T?>`@eKp=9j z=PESaw&V|vY3?97SJW=1gV~?eSnq_H#Cs=s@a8DiDCillYuBublUucjGl6$8D_ObU zIKNUm2)61|V8G@stWmuSv%eAcii}dy>5-fF@4-PByTeqo9bhL^ID7V)^1{ajsG`k; zFQ)6okEQS^1^SJ7;-OUS!er?F>*++A*<)@$bQC?qv%^l{-F>4{r#ToiNrv^XHiKV( zzC2rvO_Tpw@bvAmtF`UwZ-%uv4Veq5Qy$BNdVeW>J$-3?waK}(oEdzq?XM2c5AhSK zvfaPrG_gfHFL8urgUFR}Fv*cU;Xt;;p;fOr^qt?C42?Wt=_;ip(A zPs8}-rU)s=PODEWQ|4*;(am5bJjj$q(oR0!D4N(99?MblHTr95NeQosq%r)&^z@o< z=pP+&%Ba~^*VNC3Xokn{#F{A07b!=U@hKZ9$`wO$H~VG}b1nN7Ev+U#i<9%NU3gj= z%8Je&MZ)4@!=iT99q0LS0lHyDc*3%*8I=0){UZ-vKKli(G%i!Iz5J24uS|qKkT{Rq zFCU}AVbtFG1zdBNO99-_MgRTsr2X2uxw*OibBp%-!ykjphzTfc@YrHsV$gpCsG)c<)a)Wo7ImR%r z;xE?!-Xq|e^o;6sQMKprS;9^Gzkd`g%s;$M!-KVDwmVyqb%*u@mc+zPZHG|Afb6rqfH1cG0pI`1K`rvTf&+|a zEV;B7*!1Et-GEgoald^>$Yi?aL*NQtnHe2cHn6kM7(Fmoe{1Y z%O67K&w$BTaB_YU}T^+C0Hi?qFID<1L_VqnOu@t8ki6-{v z6{!E)qq9te6fXR%6QbD!e;w@ZG{?5qVtuxZg&OQ>2RBFr4hG&)(JdAQ?=ZUj&@#KY zZt%P}UyblpaOLrOoTSZ(=<~*`;(Q*0i^&MBIpkfdEbad1*YU5rX?zQg_?S}-2%L21})#GG4cgIWbX z=E~QQi&7jnxzx{kh}nkAK&0*#)A|Iq`w72$ew<8AgyG9Gs_4J>jrz;RwL+?-(1NIJ zJU+eRc~rnhcjQ#P=K`w1X0S$31@v8DCD+qx?TvpL*u2?IUbR)-7b3IMe)N&6yl+-UH$Eo{1@Dmywkour zD*$H9%6Q?(i)LNX`0jOqB1^2$(D00C2SaI{2PPL!iygC%%YDb0W9_{-iIU;o7tj3X z7wV<4qzBZ? z7bByquG%7QI(*dlQC+JnQUcy2{ph9CD%K-ps< zE%_JsT-}u6ka9@@$aI}9_#fg1V1&v|3ja=qxZCVeu#Bt9j{CVxemm7tQuM#S>mxTs zYPpAP=TkwyF%8V%h8CY=FA9H{@i#dmDdmfyObBH7HuvFn zdqS?|H#WO34p-yP|1m}!ou-vgoK`Hlz(1LMHi~<&N5=3fpr98ypxlvrn3NX{c9TY;y-H`F_9r5_Cm{cPzyKf^|H{{BqXTBb7=18qpoF9bM;550$Z^hzUrb)(D}wYLz7Mi@oiZPL-5%QNFfKW_ zN3LaLxgbZSwjftF(ED*dnZOv1yBquFlUejyjDL3KujJ3-}AH!R?HBSp_gxGKNZYRTlVeGfnM#R z$()-x!cNKe@@14aA*=SVf4bP@xFFu>k6~X)@7DeW-l}uPB z<%TY!qFcbI$#hO)1wr&HO9h96ot{Ak@o)H1C-l^(MBT|7scave4e=fFIAWmP0HrMJ zK{|37VjEydO{$~BzLD>qG5L=1k_rPT34;!_H+q@Nmij0ldL_0hGE z`L_eGysfhRnoVEvS(0|u{HK--)|Z@hle$Kj067GxTWFKnN|CHia>&Vd?sJ*v1T2YA zV@MiKdQh9`u&S&cTO;^f-^K$8qxz`E-jc>y!g4T?dh<*x9y_|(L#CdrTqp}1>PY)n zfLtQ$Bl`;zt~o#t8Od5%4!$YRh|G8wP~W6})V$ACYiwqA^zOLx=~g~dZ@OzQKna(+ z>DbqM^pN?v7h`hk2kB z`BUhiRl<0z*s zX>fhA6W)-bH@~rF5BmB_gHJOqHtmtulg`s7Fd5$HKC!n`RlL8RzWEo-(5CU~Y105q zkG~RkXDCG0Snv(n4u){y#EyqP!zGspG|#(coz){uO%zlrWYSYpDz>elCQ~j8b(f^o zN)-IQvye6UI4-|L_pNHyPTQ%*S&GcDR@vjl=?6@d=5M*Oo~C3|I7S*VA0ZnDPO>5- zSv?_kDmX5B0vgBg`aJC)IvR~?w6SwNc^+4`1aFU^GhPd`=g8!}B;&NRJ z4ZG>Jkppyfn12j+D{#X{7pJ+>kefvz1f17@kspt9$w3MyvT?ZLW;2FcwB1zc1BEB# zEg5>y(i^!rV=VO)tE0a2Gf_^An0@Wx2_Q-JHl;!SM-oq4i%f?Oc_sgqe8+!yaT9}Q zAxF7`^^8WL_7l%t5xEIh10WiWU`xN7FCKrbSWkxjY;Nc@^KcyUPnpMtZtE)&>(?}f z)nY7RgYikmZ~qKSFIJ8m58AT^Hvx^XWg1X85UGkijy6R@59y58WGc zcHHOp*+;j061BGODpFyfio~Zdc?g=HX+O;ov8}YB1PR57_{-kCif=fwzqZ6mq!nr0 z9DVE&xiIBpm1bpb_LoH=vdZK&Y?1YvWkjxwOyaKp<>+@OEYTTPG@!7Wu%-E`;RQW&m09Y6^nz2%}6>bdY7EW~7 zSr%w*x9#u0W*=@wJ`Dy_zWY<4k~AHXit}%sz5)N&_i4KAe4937xQ}2$sd%}YXO|sE z!ve4Q#WxKv0-=OoblvW_yBC7F%XuZH;|RH-h%lx$aFf0WzU)^dvtw|;S%i?W+gjpTu*Rl0SjsvrF(WfHTmJfp`8aITuiMbY}Rqz}<@8D13r=^txVlyvbw`Xk3RGgAv7xAEq4 zwJWdq(nr3R+JDvTl|(c1jYX^!={`Lu!zY~qW`WIR7|*~}U!($J>(*uQJS;gux*p6l zRznm@ngL3-e`Jg4G4MRNbOcadmvGx%R-Qzewb|s!T+iq|i~QDKKH-Yos~)_}=hU8z zV^o+b3tQT;ho*}p3K#q#bXI#95YP{NzCo}0Cz8}*j)3tECFvYARM9fr} zoe#Jg4KwL%M@K#Bvxt;QZUDAH|IO*q&P_p&r+DodPVQHG4Iwna6zK|&23fhT$*;56 zDUy8rE;%D%>jj$Oqu}ez5~(UPt(%Jg>ggtZ6OZj}j%gvEKu0rpkWnw!e8}-Xv;*b* z@-OGzbYz3`uid$C_Qo9G$|mraWrJxxNs~y-7Rt{-NKN`m(>Tu}S!xZ@&V=>CH*Z{# zlH4$z)5gXoaK`vY8?!inqyrm;N;3YeDLkl0U`WomM2QnMkeUZ^iJn`C?Qx<_;j-#XNO(_v z>cBya(sEd@_dpLrB0_^fI(dz2?&XbOM}xWw%6EzCGWfjnN=Vxc>44eJvwKmePbNUd z@}jTS`D=|^yrzXiWZb-X`X(EH{Np;#Y^f=shOwRbnP7eNx4)2PLDs|kc;>@=c-hvg z@@^<61*3p^Zp_wpEblPds=85w-53s0eT#b&Q)GnXxVnQ0I901@bTAn2X~sq~MGQVC zxUL0iN0Usmex~JOx}us2s&W2V&TXsS{KDVYWX`}IE&9&QZH?|eRrMX;pS~r>Bb;5~ zn)3w|AE#JW3fe|<-)^RfgaSW_lM^w&u%g%=yzffW#VP3aNN&S3{_=T&xIC+-YQ_U$D&J0eTZZTRLJ-1g;S1m%)q=hN$~GZBSSl(eXX zbIE!cPL%HmbF4E$kF_LLNVccof`wty6G@sZ0|=DRPDQ7m@$4!Zpp2^@!#v>ch_C3fq4CTn0k&fPWzf2L z17}4NkTyrLbV%)tIxijiYcLa&6dzD)kUI)@`CCa)F8@) zCk7ulD!AoQ4#T)GjRR8UvdH6TB}qaaua^;6p(X9y2d~l1QFC#K7enOSf5z+++bcl_Uw6@Ijf&>#e{&jS!;0@;2xu4F3~_|Mg)3r|?!^iQRk6o1fONzw4x zer1P{msWAv6Q4z|9~pogp1CEsxMb`xVgnl-SK@Ytf#`zZ8C+GL&6;wbC?2)nRAh7< zHt!F6ZfE;ka5b(xIl4LOxV*m_3-Jfg-4~zrcwxx&l%XT1R^$VKX?TVP|8q!!GbP{S z0=nyj6XLMrA-Fans0*nI5f}&nhPT$&3)SXK+l@fJ&lSlq+~_!fhT?O=QH(vdIf1IU zlm61U_{8hirmAtg@iC?-T*Y3EdCboW)V(f94H`ogWmG6Q`dOrS(vPn)tqbN9nSP1n zfF|b*thr{n@hUkOX&v)U@T#`t@$~8q9jh)2&usq|auNO5L)0d&abgtEV=6gAc1H|P{)8tMy18;2y0jytnu;@MS zytG$Vnd5)g@o?wjU@8@*Wf**A#zwSvJzHxR5Oi}Pcsj({V0>J;J^a*x!LxP%q(#A-AO-#Jn~c1X4;nE9qzKlkrsUt`n2<(L-^m+TyBkoDeotY zyeqcyPo5CIiX#eZ2xYzMo&jlhebjwUhNVUIPIr&-?K3SEx9*_O=?A;CTOP|`2373s zpSc8D3JJOoWD(sj-<$I5OpgbhgO0qx^ zQ9CD#>1upuaz3U|s7f&qqqcVo`rol$Cq^HI*-JJ`&K&}ewXUbsgW7pz>P8&ncfvv) z_^^ogM#eM=a1qe_holFj=$x7rrS zo8H*4K2lx5e=H$OPV`51iO1Yqv+EFm)7@*EQ<{pDe24eidP& zkQWN4ai)eGORu*4z=k%j@*5AWtCBPz}b=p#R zgzzyR1f0YL8_^h`O3&;c9N?zi-o@SE4hT2_B}zCYdJm;0g*Ww2;_S}{+rjIG<>2{Y zyU@E1z^osU$SBPp2eDZvHUmQD$Sn{s*`e_m=CzfiIgv`Jw6~WkJPc>`CZbfpb&nCl zPm0ZNdz(&5DW0OOxkimnLQF(IDu{w(rqi}42BcZ7sJ6?cd1Z^krfnfD)2@u$E#VH{*>A*}q%r{kE&oMy*1-gl z|IF8wb3*R@TyFpU-8whB+tahfhJq3=Bp+@)Qrr|SCPf_eZ8L0!-DfOzga1+r2nqrv zS*#DJrpOjxeKqmpv}3KmuOUK*)ghLzKuVFtC0a%PEl2Gw20opSvB>M}kJhU!x`vP1 zfcmX<)6h%lm|g;WSd<^pTjh^5dg7RcGLfa6^)tT@S`I_R+VAd}kCKWc`A<)Rb>O&i z)vV#r!lS>5asn4gSpyoCB!g>T*=d_|$h$n91WewnfYA~o7Wo%>;~e;h3Y_;&KL$ZP z?r_TQIowoVUwN1p-Es)&=xm4#BKJ~c9?Zo+aT28q+5$aq)Y8Rr!!5<;qIyIua!8>i zIG~}3k6J0Pf-Yn-e~JYjb`YM3;iqq_urg2LL1ewRr)PSmSNiFgl+@H}MdMn`QsF=M2_vBF8+MH4 zZf{hm`{*8$miX>M{|FFOl!EYkz-`#q`bpeSvhRrL2d_#?=h4=`DuTf6E&?g1si@0nt3q&&?Z^;yq*dqk zc^<=X(?ftDpg2CZKG_%uguUzv7?eTnJT^s)$2*+uw)`L8GNtD2chJh>FE)1cgy$Lk?zruwa zCRmOD5lMk_y)kO>G(mVhY8D~2etL#d%QPMpI+4;XhnBz0cb|1Prf5*|;IlHMBYH~v zlOOYg4!?+DFkR`?=z}R3q*O(C9JCpUE#>Jmky&Wnts}p8epWAO_zCwSB3XwH{aw#= z_rHt*Ac=V|dQEeU^lSV%xE^56#ZZz21OqS-qk+UVEcx%75AdIo>jaw5!R>7+&Z$5^ zvO!~Uuzvp2yiKN1$j$t6s3@KDyIp4L-l!=ozUYn4X_*tA#H3 zq*vmkRoHD!Hsq@1XxMY3KgmAxbTh;=K`7*RSCB}Bhyfwk_32y9G)AJcRa2(x~qJXR{Wm%uo(fL)K9X4Q!B-g8+?WUWl?WN?WoR+NKk? z#Tm(A9n(9!0|q=j0>Yx#l@#;7>+xZFAz#ifh+PXr-d%Ipj}{zc({L0pt-(w2z#WG` zY5Gyx-gU{IT6S~U@!-7W72;a;a6R483INwJ4y`>^WQ-J$uBo(7o|4pxD3z|-NLHeZ z0zGhy%wp(fd(YX!;EU~>WVspTW9J?h|+|_uJ7)8Ljigh6V=OEzs3+8n6hqma6gAd17$;1A{z;$LfO(7tmab7Q3w{p1 za4U08&Yy#d5*doz(Yx%=2&W0x#K?j_{>VSViq9Y{s7vdB>SGEjFF1RweVfrq=kGZ4 zQa^zmL=L|uW}8% zYu58>%~PQ9>%Dp>#rO~GQt%5dnUad;z0xH@B@T#k#B`y43d5ub5x zyn_xl4V#j}G`=J0b2Et(JeLfc5Z1@!kss};s9R-NJ6JaKML|ZsA{D7n=rFY{mQ)^K zGKj{v__T7^CayDnc2AXZeEorNe6~`EIwGj*IO^;Rr|Qz1DC= z)1YKHk>HMs>190F9@4_wuHOB@y@(u2hnDkr3I-^4jg~~@<8g=U>$rVf$c}3ivd1sxlV{Fnm$9~gR^*6 z9xgJ;4}Xm*BE{UdyUR?mw_>6a>M*b9h7Q3-E_8nq?bnMVD|^~0_)6&o(>vTYI;E8p zDI`}K!sKxwAgBAT$_k_W^Mo(3^sANCx*`G!9hc-mI`P(fQJBcw*6I!Cgi!raYdpig znQ&#i)4%C&8g*p&Z2@GJZrY3XVNt^5lfu5%cV3{xotDtn=?#8K2kQrPWLznK&)8<| zR*T1HDr#ZbPp+w-x;(+A+H{;R?jJ``Y=Ra3jeQUiwtek~HFO&S+5X`-MZ**c#dLPC zc}K9JK|s3)7UX^LC9zdXLRNuQ59QXZ`?#Aen?KZiC0o9JtIsA?QyIsb2%z1CYL}ms zjOWTc@$T@dTz!CEo}I37>izzW^JGFalilR(rFNGYEGGf}N05jbG2nhS}8~h}$CjbcWQGCk8s)PnBfplNRUZc)k>miOoH95C3qnk*BhqF?V z$gHZ`L`W6PJ!!d6rO&_i&u83iaP9Vr`JkJQYd)mvi4%xwk}N$Diut6_vqcX>D~n^l zn5I>j9pjosh0ZU{+8w^Y&U-@+fS7UWvBn8^3o_n*S#8M!9&fkXnoe@4VvRAi^Mp4W zf<^E(+|Zl~ve17uKW*G4Vn|EdUvHflkEsKE!(S!(@Ti=B-8bfjJ~n2bHZCJ> zz|jX1O2eXa2UXc``$({qhER&YsA#qjClZ_C!OED2cwil! z_awphxoyo0vr3GspS@L$l7@xa2|{{6?RrxnN;@Hb(PZjqv+E3y-LmoSNHG| z=iPr4a`Udnee{S@_Z4bqOxG)NDLoJRqzB%CW7;uL)#6^pM_-WLx-%rUJk1-&c$u%b%&7GPdlHJRSa! zGt)nfW9^oXLB{K9yjxpHcY#~2{RE#rCBNKOM2dV=R_3`wD;sdOB-DEfv*NKi$}j{5 zp6~qm2&$i`_ax*pJD}z!Ii=>&IxjAHlDvWV_P|R8Dtq}Y8G{g}$8Q7# zw+rOrpY{#9P38&Ke-Sg(q?MQE_h9Oj32DI%ERh&m>P3_h z<=`&CoV>ZPyaOy8j$9UtYt1gd8MF-cMO!c@P4Fc`ky<<)&nfDIZvL=g zlVzc-q6dhGo|a*0y^VzE`ps+ewta#OR33Id}ILe^@g5gZtiaBXgA+f-6H)9xrBCn*V5&asrv` z_Tpa~29E}MOIG*!giT~!Sc!@lsBGYM{zsGCSJrz_;K*Oke=c5H@7ZDAqL1Ls6)4-| zfmZE7)gRr2=kd6~4P_r;fmo&FhSu%#!gwNF;RjC%z)dn!We$(%UXt-__eW|9(QJpY z%y)&&e*AAQ`ybL9cN@KT8kaAq_~=bOzjUzo3zcANP8YPk$l}GAyej-sw`IhEHfaFnXSA zJO|CY{!aBIvyGWcOUQpmFAAC$2PzgfXg*%ZE@hwumtearROz|RN0X5@hAd#8qRZeqr=5knd zqwfyjkEQ6_#0W3A$w2*XdN=-AUj=)wh_cGrXR#&FfhBLG&!3}+eDid?gm2T5B+!ne z<$}8m#;6s+EMaU0Y6K+OGYG!hKZSHh+pB9Q7hARDLi~~MmxY&=@J(REl&@J*{Mu8% zyD4Ed5q{-tXX)v8hSWXSk%MFt>yh_P$h_lVW5@VjED`KzM=@`0etphJVSV_Vn#sn!53kTKe#mtg~e5USEDAoqy#F?o6_}Kk+;Da1B zB`?9*EULUJ!N8q3%Jcx-R4ihUt<%u+E<+CrA*4)PBP5CeMf&~Pk5V7j>sxT$@=c~xm26|fRpfuM$p7~j+oQ;A?HW=4N4s+mG=H~iDwrr5@FtFc`-VmOFBAmp`Mj8^3|heao1Tj&B9_r zhW2%@dQY*15@Yx4d`NR=D)Fy>itqkEV?U~S*2H3^V zkrvVl9vnX+ig9vjY~Q`ePjU6;iT}MM84aGIF5@r8+(Yw!^u7viM3TV0>+E&4M(AQggGoeYrT zEZKSn#v9^^ZcLROb4E#_ERT+}Ii4PM9cYIV6PnW~kSB|@da`l`KvD{Kev?_2r59Gr zV3Iq@V`=ey)4*emiQ#f4_ga;rQ6_P?-i_$jcD!|alANQG&9Oi5+UkRUeZcLkq%a21 zmv|udWmqdsiJSaJaMQVZ>~@w`WgzPSm@MtEA1m_>AQPo;{ueS;270$V)>(>FGPg`T zk#bAF3~Gn{gXnUvc8hX{1Kv+}73Bu+1>K+<7PAga1JIk!fKOz54~VNSB*7my_YEF-+7jhhg704qC=Y62|+6SLpXDId z?I(NIWPnyy+X`5D6d;&G(iLE#E)7?<95&lFk1MiM$PL=%0XbRQ|0GaYRIAYgq6DI^1gf z<5qnv%Wi6eOkY~%I8txNrcB;E-itVzkUj1K`uLc{46@jN!nDgZe?TDBoo&h<;_Sr> zmpwb;8|}SqM-sg0l*$8CBh_JhrJ>7R#KFEb?+u3 z;PvY#GleU%^>FOsN`(hA>sRUI@k?Tz+&}`=3-a0xkKA-2@g&`EIK35|#p;6LGK1tJ zz3(!TMGR827Z*xZb!iqa=3QK1ug#Ww2J&S|vN#;b5=6Ji`6IgU#fOzO!s}DY%gXpw z$*K5llS`aj4WD!B4d8Bn#d))*$ zLu1O!DiG_bN}x5#)(>c@6GR1F%=XO#?MlOr%vr9Xvqf*j3?|f57vH3DTQJ8`PBvo0 zh?)LGS(p1M9hy6D^*pXhT~VC7p<#}6*t)c*dmCg2 zxBzyAnpqq-y^;)1h~JU=t8JLdJLcSna7VME5yTT;D%g5&h_}vf+OO1O_UK5#E2j3-MEjF0``R&bFm45ue8-el<^gK1_tF==qBrbY4H z+c|Hl!;`hdiceDUX=M($hCTndYq2+>)3OGO}LGgdJk?!KNy9fcIL@bnMGApEMPkH%qc&fOapws>-w4)I2TsyI!BFKKT8o1`>?59*z>V@A0m2s;wk{RW0B_ zSXi#nFRSi>`+2=LER;5kuA97exQd4Gb09-~y#Cu!Le$+Py_C8tvyvs=h}XC1#ZY_J zRf{C7x)^D-Cm@@ZEGL3Oa#in?#nC|3tX~axW+1n)G5G=DG+Oi0bVa9N_BJo=j=^d= zl9Zp2e;CsDiL3-OGUNM!cnMW_h!fp@ifOY@iAcsN*)%4Jl__uJTkmp9=*Jxm^$a9C zefYj`kMQ*1t&d8w28H=?z3igjb!3E!$a1hsEbQ=r%q3Ve;>YEXr1Jy1))($ak zA*nQXr_|rSc+|X0eIjO{J@58ZEx26;MmABWYTaUOIM_4L&JI)Y7cofIeiY62KGRjh z62cQ1PAoDT)kBy9@0leG+BMXT!SyvsPa_-m&^|LC6V zb-r#kN0YxazgeDXtyhgkaWa#inuxR-Z#KtWwuH6zQ}0uMgH>4%ZT$b>)rn_KoV37E ziQ}h-q1#vvs_%hPRLo@`Xc{f@Q$L?rzJG#AXz+O}lc|CCTlkk@P%;0=MnRCd0LuP5 zu@~2D=U?RVH-TCsE>+V0!j?S!@xMPd-=w6}A)27gT}|6K(ee_}4Km;l2R3wHNkr5cW zOKNCj2!U|`=@KMFq#Kl$6p)Y(0Z|Z<92h|90cip0l#X}L{oc>>y+6Jmdcfg0b6wZ$ zz4lt?I?r>Z-RpFTazAQ(UxEy{(-*xO0@c3u&S8q?*A>fYn;=^Bwnb2STa;U3h=*WBYkkYukhWNy0&2`}bIMqb?o10FNcL(ZX%}boM zV7oZ#k7bCI&(|v6O2Bqyg|zp*zft}%GQy|6AO_?rfwtJ*B@oU}n3>HCAGcThCDkzQnm|`raFZp>_3FrSjs_INANf5C)^8(tzbfRv8RJm+y z&z3r|Jh3i6xHhnON%K!a$lc#&Wwar3(f#3=I&Hel#8_JgSi1Mdl9i;7nuGynf=jtO|+&h2pn7hgMtstg%G?R* znPPH8mOa=n@|~vy3%Cz{JfK$VEDvquPBXfvmVM&n?p^~L&M7Z0j+Zm8E%vM1g08z? z>ii-6LDP27*!VaDRQV7yDiU|+XN%`Ut$H40g4iGT3x1pgk~JtFm-R_p=TwnVs8=Qj z(iyAmvM#)GweMw9+^-ilV;X(RT&jdJ@4D@yT~}2-YrfpEk69p-#F+NdDO_iZkr?Iu!948klg0r5M)+4|u-X;puCXengRTt5UC=$!Ab z3+DU!T$cOZ-u_e;?ta;iVu?b=k31zp~hqyQgL;i9>7fBqa zr&61eIIcM4nwJntkBj-=x9oZJibg0(5_#KAsWo6gJmJ$S;v@U_k}|M1%%WD&1LDh> z-ORo;)DXmeoY;JXC2u-l?e(9IwOr6bj{z~>z12+E(c@qpXY;MDZUk!Kj^VOlG=2pr z6Tt_ki)i@_3a3YDSFM)qRP!egqcThCb&|*$N8bG$z7F@A7Sh6Z<4U)Z zHA?!_-`i)cmsy%T1Izht4`!*v@(@V#Eh{9&s*trdgc>p+P5XNRvR@mUlJzfZ6|H7c zMcKagg3CiK0RckNfXmXH6L5jU^1C76QTW_MYrt)`vs{$*7IZwoiOWrHGaj@uF+Zn@_j3;D02@h59j_@&xq~$OHki2kpx0;g1#9?IwKUdh)$#tjtH_jF>UV=u@T8}Yb9i7hB(a7L?s{Rk0VmZUwm~56F~*fyvD6=Y=MgOAD)-v(w`}AGxf=C zD262X)%nRg-c@}&2M3`zC-Bfkd&P=@R&N6Ppl(>t<^=3mZ;OEQI^Fj@sObAPg?m_` zcsH3b^A}mVfq0r>FNM_hYadqc*mEY?S52axs|H&@yh#3JM;B5$1Nc6t?^g1n1?)4| z?_6x(Z~-Ns%6UnmIWUO9?pFq!mmV&}%Q7wO0nuYFvZW6`nYIFCHM9QPtv99t&*QH& zForNUxhl}SueUe(ui-Tte@5eS_T=QV{8;Rk30OhFbvv0JL!~zMBJ_!Sa7}jbInj2e z8?|&}N`D*(A8M^JDE~Ibxe}B}@2h4(-`41EPZysTbLR8u(TE{SuJXnc>hq)|7FFvzTatrXAYRQaGj@mw?JxhInX z;+{v|(rcfMnX1~vbx7w>wFL6CPLpOBGw(X>w*%DwmgG@!@0j6SI8zGq_}9K0Y|H=xJL zJv=sc!z24}=JH}p_}@g7VOH5~ubL7xE^Y%Yd%7;P6)QR|*!wzRQK$+pq0Co_eMrRY z{5iLw{kBG$58*Oz_(U2!Af5sCL(_>32txO=fxU>dF?AmqMbn!9VQ>p;+CyuSoZ2qC z37Q`my5vIG_5CjbH*OFP@kG2_npPx$B4dS3XdxO`478P!q30_MkO)z#tjbKH&&bh)0Thrzuh$!C|~pb zs$!T$udc4fJk6t^O)l;0;4lA_(9kRJHEro{RU*D7Yr>O%fOpbz%>2~Tcxf!$EvYGt z12VyQ)DLKNI5F;;%BIxTN{-!Hw)gkB|36{My=`k*9kVp!u=oKSZRM8Ls~*?jHH$Q**&({XPU;x+?ik zrrJeLGh2|O`X^*W>i*Ck+j;+6zZJ8(&0S+94g5$*R?y-p6ZbyGHD?N@{Jtnx`?>kO z24rMzm`;q$y+Yp3FO)^-6;aP5w)Eb){WXi73*W!&Hcx#1yj9iI_hMK^lU^&AgsR%z{EjrO3wzSZzTOyP#y_V($8r38sUy{(cn*k+PdTN z%I~^|Lv97%pdep*i4dC$u@qpc2VC`wAuI@u|7>s(N+R~$)9bT8oeEE1Ca zETxU*`A_-QOxtU<-mE)CeoXPhJmW@mES>#Z~$g^@6JR1KRJ07&3I-Og%RfDxWuU%iMVj zu!I*#G?PN6SJ7&($YW7v#c%sQ5z1wivDx0PD&oJM@(c42;W=JqWz$sLl=Lt&lT3|z zv-$AJ7TB{p*}khEEz521MFkFw>)-83dG_>#IneEc7&0@K`-!EWrRr57B_f36hH!1O z1t4(Qydy@XG)&m@*WMyvS$8aJ$K`PU`3z7uEX~DHmu$M*CnZIG#~azNJii?7(95Rz zFw3-T)K8`#YpOi}_s-BusILRjs4Wy9Yu`WlB9_((%7HSiTu}bY7+6Oa9-{Y28H=B- z@QAMnoVmY8c)3(RKUKkfu)A;^MHngmdQ7Pg$p|?Nwu8^2)tRQXUx>1 z*?Wu%$)wJ1DM{l!q%A_biHS)%+1IsV5mU0s0?OI^nfzxa%AS93S?NC7D(FBUM!_WJ{z-o@&>$hlR;&Zi;R92Zsi5_5M!QLG zzELY_DKhI0^^A@4K7{J@hShm^8Yj`a?vlo%2LZ<#qBn|W(Yk>QB+1qFoH{=_NlYE9 zL*GGqsoxY*JrgLDO&Zg|)+csc#cX=>SA5QM8$6tPk;5p{?$-rqqn)`A<&UQ zd%~Oq%^BgI)m@N@Vu6tI82540a@#+n0hu&N1qLZJo>y-;e$qA~oehulsM%K@#1_B# z^WzCo7$^CG?P(^h<_vjZlc?E!;&rF08BWXh*t=^BCWC|G$P&>VWX#300!l=RqrP;c zW?TGUza<8H`1j8!VnyJ6krX%_qG|rfec=I@mxtRIoegqWxmsFm0+&@-mY~Es`X={X zMdD)tOvBCe*Y_MC{GUdI<1fEd6bv!{6n@oVX)bYF5;=@a3Nm!$Vh+vn!7Ks035q3O z0iK_aE&dI$hKV0D1(@-F^9hym zH1g;ln1l-|3%SPxKgwFtp0wR^_%fKY5tMzyyciA1NOH`GW)%JRahw%p1?kt^uc=eVxWN!WS^Fmr} zZwK1(XWe4cw>?p%Xz^`$nLrYftD($#_a^B9ef~Rr(~=**IxdL|)iVhv9-?N+0q^gD6N~iS)RS5e|Hxp@DWG;|mpV{XE|kI9cIb7f z&UVI9*Ch+QN4H&Wj9Zelzkb8+62_p_qa?S*Z$n-5YzSIs+J*ehgjeXLc$7iHWAhwRGfp-3!?rF|SZ z+b_!Ghp?Obsn_~RRm%_js(B#2WUd|oaN4`HVNHuXcVAI#Er+R3yZ2EvB{PURIKf9v zDtPV=Vs@t=8&fGHmzj5^F0`HIr?cgn^>u`9lkU3>z8r`kIf=DXFRBaNdqYQNU@`uS zmiolJ_xAb{NSz`*YkJ<2wYzF0Xukn$m zgxCj3#WfZ8P#>RNm z0Oq&jx3(8G2;BKJ%D_=f{d5lR2 zOL(P}Ug=Zye(Uf#EM3J%tW_e^H-j7mGW6lRT8uLj4cDP+$t3=X26=N0#rf!-HZcl% zu}3T29Jq@sY2KpMYnV1me{EkQqKNk!}^^!2?wNw6E7I|)et(QuW%{SF)e!Hy8UF=YSx zMy%e!hE1$TO$V1Pq;#Ko;@f#tX&LSB5^0yEGI5&|;1iT?=c1Zb#(L-FKXaEG9?5MH zR2-QJ_oXH%KAs1OnPp3b#$J{lQENRr-%`1qN_Y@gReOyKhlRN601mGv%@IjMAh;gfk9Eat~11hL!A_Ak6ecB&6!f1=1Y|G^^$Cx+}J@dQ~+ zhMfd_;#t0>KzdbTL7E&pgQ#;E5L(;C^`7Q*LZWy?jb^Dut84<`p&m6j#pk6G$cKA^ zQf+K`REucFwUR#%GlQLWWlIuXN~b+x(sUybMtV#+P;w|fzngk$@GVgL*i~DwoZxw} z5zW4-ZP2=P2+R$tu70j0Wo%B@Fy1LC zV^#L`g0iwG9PZ^&mL%cC5TSa!y7Ep*>>X4`CPkiP|!-Ue{iZE#~DY z^H*IDj^p{?>O6<_w|>J&LNcUT6hWX+Y^C{ufU`KIM<*I`l>+ySha^|+6K=WPqPTZV zAjp<#^`P-hKW5(S(Hpt<^o#{b3gWn7!ODl<+tde_W;r|lwB1xvj{-}x-~)orRmnuk zycL7@wy=4U45f8P5B&%BDA{-;cV~!C>W@sP9e-(AP1HMJEYmOzU=q9AXKf{=750TC zXwZ!m70QzEv{#2!)=${KRj0F!-5dKu=6D?vy+@?JIfq8Zm6CoPt8R-)JU=DVZ@v?J zv8vAb2aVyo&Qt{=gx51B`ALkP&~VHgSyh&!fkc;CrlXjAQx-RESGdO_n+l06OK99> z0k0%|0v}E&n3tvpv-@3VmHTPjyTaFFM~#HYB$0eeIyP|Qp57JUa z=3ldXzEx+5DOwp^4sPsW|AUqnx_m?O6Ko|=jTrGoJx_F1WG#_E_6^f;(?c>y*C`l_ z-PyAe7aJC&(#9@~LD?AkBG|6l=U&=U6dcoKwd^GzK1bT}7`P3;tw_@4eYB3|T~?{y zGus%}*A~&wv_7hHXX+c2l2dA?vt9|?#vWPKi(cRcf(v$U&!GeP9&l!jp=f9|2*q*N zgLsP*xiHrjH(iT|pMg3f>xZD`$4p0=4<0o!IfOJ)9f%|a38dcL!QrSMP~lG!?dRVd zVei^dKZB^i&Onl;v#yy=4$=Awz$3HDI3xvF&sC5aiBB`3l*ir~vZjp&ZxZXiCao`_ zW;^>Nc88yIMhP2yO&ob1I9y-H`ytU^A}!&`Tkfsxo&M0z^E}75AK&Dg9BmH*T^u>{ z-jG}-CF(N18~vD+*R82Z-^9gZ6A3fdS1%l`_2&9IZpBygL)kfjwKKxQn;7Y>%mE9gL?H~tClw@u^=+d-S_y-iYyPO zZvXIRsQ`07hA1M~T*pzj(A}8i7c_wsTx?|Zfacy3mN&b$Zx$`G9m!p3md78hKKaj| z-jPXWHYym+1nx>KSsVpVc*wdVucqMmWJZS_tPfE zDcT5>vY>_Kx&-oXyFNqm`Z{8)7n^G0@%1hobFgy#!Hex|^UrKL^ViRDyYrc4%1$0# z1D@p@0XOM-!84-myfO6c!6UarXeRVcYcWb}HQPM(2gY~NVGcMthy6OYBBuCAdkE8z z*~e_I3>=6JV^ow!=z1{RZs{gf-)<8()ELCLlrlj~U;IeoS~cMwrW>+1oy^D|rJo4O zp#jmEw&zpjSqNieLP4Um!uqoSI4twAa_#lYX6e3!x0STr^>oo36)t2DjqeOZp2Z-0J0buXt_fFe)V4n-U=%4c6Y7$c~3>*HRrwogjv*i zs-iouUu8oOW{Oea(*Ju?(L0alLn0UPgA#iKt{(xKh99Chra~>i#jF)SpT6)8J8Z-L z4WSp8K;GprNQjY?9>J(o>kDd)sX9s`)5Y3AZ;3*&r()N(l*q7#Hr%5IHcXLaob(jz zje+G!Mp>U1&tHPJ%^$F(-^XdT+45m9yE<|oT;TZrky~3jf-*q@S3K-HvWey`>le3X z{Gv)gv?_99O&N%UxJe zkoZu~yx4B@tfrz`I=P}8FtS@6sf_^};;ZG~4GwMpl*+`=jUYP~T?8FOsik6C%7Rj{ zfG6pusY(p2n7&Hkr$q7UEF1mMfWr{GyvkfVrPqnXw6^{Wcu1DxXJOWmS|Tpb8q3Fj zuNI-tpRzob3w&J?_1pwzFkB^?QSt(qS+dTI3D;#LnXIB6GA3s#95&O&i$HS;d1!Cm z+unOB(s0=vzud>QmD6N38NGMtz+&sncU}8sXQ{)==cfAVg%9$BtXb5kth&gqO8p;8ErR2U!ef&;tvYeOVZ$ zu+bQRq+z{N01|xK;b={aot!DCTsd7|C|cXR-P^EIZ;XK3<;8umG$CVQ(c~wWM)GAp zM~rHkN~p}C9m1ZkH=nM!_!^t{9$n2tyTDy&>`f*Qsl(5dobvDB4f7{>YH##y~t^cs19cjU&RkZ0e9K698|QhFkN zz!*JnGcc4@*JPz`i7t^Pse9_Q4pppgTM*;HQtaBEYEmtTDeFFh^o~1_G}~T(8ebY3 zH8qyKfM)Kx{90e&G5Ec;^8Vd^r-0FoQMmQoMB%~OyBo;MTCpE>tLYLg6CZtk3zU^Q zZ3stpoQlR@{`9Kh!JTxfO>RDX4)wGm6GIkymQza&J}As|^jOv|>w*cD-;ux=%vUHr$?XG`|LT3Z6_54b#VUt#GD)pSx37SrtgGh@Z;iLYXmiJ*_I&aI`VQv zm#Zj8?$}ErlT5}j?i`S-1m`|t`O6&)3W~CP%<&y)>w}f$ zIZkpaJ(VMJdYmTfz`&?U>;Go_@vZPKnY`)N3cr&3=#{We&;+t6Q2}Hnfs#;75$j%+ z5lNi-2e0n&sUVy)*rk$cgAmi9K{qTSc7aDG`zDLA7{5VMLSHfkX#YPGvQMD#uTLDg z5P9`fLKWnT()ZK2-D*z02PRruFtzK9ucAS#I-@FK@oFHu@^(D~1?4T-!5gtCF(iu^ z1@c%y^r|_@h@1=swK7<-_kRAA^2)NT2S?%oqK52ci4&7c>VxQeQm;O}LDavYwAR#j z;~vIbNT&%fYYqWwhdE!G%@E{NPH@CiJA!JXe5-cm)Jc%gDfj!;ZMKsyH{qx!q&+Tt zHUZPzrVzgm#%3OF6)&kY`5D>J468T@{i-HwrFdYT-}zBv?VS$5CUbvT1w-jBnB;elUYvaW?m3MnA=rRx(ShtXjenPDX9%ahsp}%{&SV!K0d1 zV+Y9d{`3CVDEC-; zO3#{g{xh{08~aR0mJZh%k{OFtrgD!UJBfATqbSA8rl=xHM17&p`h}Rz(wZqmHTJPE zo{cRW>Q$pNDfR6-#B}UotLggVHMD--TXv4h6VQ#;6D+LDbbZOd)b`0#?;Qi+COKZl zSf+38C0|L79M^`5^vHKx6Km(b4`@zWA=TOp6n^Gv((xnbF)dhqqi`?Q29qJNxWagu zI<1WdjzZqM^JHCd<}CqxpUqusJo{LeN5~i(oM%$Lrj*+`1`IY;HU?Xf_<;0&>jMJ< zt^`-7gPiiif}Dvv=K^m-zUDE+5Ep(K@CxAN8jX+;X~Pke5K>{jgpQk_Zoy6-K}~O{ z%u-J-NlF^Oy^@}+_As|q^Nj9WYN0`A-R;-KZ!eU@x(N9T+WHyjzj;MZg?c72;MSk{ zaO|b%As`@KEu;Csf86cb`@x*lnqwu>$crQ&EtySjL*}Un@x@CdhT#n@zgyg1@{vaI zAv?csx@w;K0#Vbh^ccCYQ<*OXv3>m9xQRWm3vz z0mk<_4|%L!QIp3FxH(yht%|nSbg=!PM&KA!1=Le!ek>;(bWI>q)(y{OUWqQmyj#6I zNlEK(;qH`L2noEfND((W(`ND5dz};Lm>-=Bj;y4}JA<+8E$}oWVP8E1snFF#5R7ot z$-XZX9lBD;x}@hKC7O%s?V5Ps8jKCXl9w8)63bnf8or86_<=?6XX?&>9=1XjG|rIP zNKiXxvKd977r24ejS=SGlXR_V>Xf=k>T2@mWT}>5;m;a6F#(j0U>%@ieu$SO2&uV* z{A=GNk9lO~S%Lm{FM(0D)!|bJ>%EjDb-)g(R&$G)2XH|IN1$zV8$98V>X+VVG}Ge5#CG3T;-AY4Ui;D4n!EF+Wys1hU~%*uf4`BPolt?WTcZzCo^W5#7f zUj$K~3iydzAATd?d`{UPGcpM+fb0^47|D@YG`oNm!P5ru{xfZw$K6EwtmP2!T0A8U z|9T_+F)I198rcl@8l_JAobF9cTW_?1zJ#s}}hQjN^IwMRUB?_k|&(e~J*Q z2|-s3K~|p({xm1LOClfAaq%W(lWTRP@#F6c0$LG_7V`sM`Aj73wq%HuVmaGnE7?eE z(sQ)#q`Q&yfo%0l_GMR*#L~oAiEQJ-T(058#f!(7`YdA_f)eF(o3gziu3Vhid%sm!!V+jks+iZUE)RAvb@d2|bhLuHHeBhjWmb@qoXX z!X7~AYAenv+jL(A-R>Vbx#C@CETcHXdMvN@*Gz?WDJTl($WHrx224AW!#-RccqRUXCXZw_ zn;FJ7muz_1c5MUr>qC&MQRi2+a8U5cW2d1;yvlx!ZdjV$`jL)bLMw)-gA`Ne zol%Pbe;2?EYfbN20&KcHU~2Sa3ouT|M#UcP;Hh2Aj#Yu8Pdj5QwFcTEacrc`%!g5| zE-6vL)U{K&38Q)`%F<~Mcsd=LL`i%b*2i#R&G@Muf@jNfhdZ5A2 zc@ENKGv4~Q|GbqM4-m^Yf89wQ**T+&LEK7yQ$8f|<9US9@ahF3cca^|BeX zlhL{!>48W5HTSMqy$qJk5OGYjcW;cs*`Y3PGux%Gj3DBvYdKV6wm}bAU`zJ$I3D?G zG5PU-yg^QZb6*qagZcqX%BLT701%yn`YA8dEx;cm8>OLdUk4JT*3*k-M8-M{Sp+@#tgNp@+ z3UIQcEyKhC}N>N++p6!>B_MbF!kFt9)@GH2I?`VpTLp>KoQFo4N z&3QhgHS4Y$fa)57HRAq#m`$JGkjQBlLQq?QjPXeHqwRHb-HMi=7;5#@)T>&=>gCA1 zh{~EDupuN2__-I9E4D zHv4d4Jex`%){E(adv9>SzGcXYk%T}*_2q`0mj=A3Yegf^c{<@D8NZuQRUa67U($=d zKq#1E<7gL%+HH@?*{;lsJ&y7Aeh=N*yeP|$TG2%v04dWSvqPDq*#$nv2OhQodF6M7ne495pQ$m9^LT^~Ma^OI{)XZO26*M+6vD)`es0%*{4M((<1L#T3_{nHZ zIp-#R8+CmSO%@HQ2rRHOyihT#y#vNseFBV`@mbn|ufP?nIX#`pC6X&;+sMpK*#*y$ z2%tReebCa>uu_-jkt_tofehg3@ zYgv6q@cc3kW1MOnRp*($wzTzhB`U=qPpiSY_|Hc|V#F@~RR%b{D!S#(ht1BvoTv?c zy0CEJvt3^s41Fy;&mZ-CsBI1P^|+RZg-}$0`KxUT^MD%aWf9Z;I^A&; zoojkiYNBojv>Y}Uo=)A)_RsbdOIhpZxsi?ha=vl?-8E&-_1d_?t?(}}oxBww2X zc>FZL;nOE9lqLY}X1E|V(P`Je$pYtC+xKOIdhMt=0tXC{9(Whs>HG?;q~48L_9XF6 z>uKD#R`NB*W_$FD+n55yPyI?=>^0a|;IVW=BOCCb4&MzF|NITMPM-{qei1@M`d5U> zBHs8DbqtofFv<%ktAr;lXK0ux_ZvRCl~L~cW`dYnG&_~7^?<6Dxa~nZ<@KXXt&VBB zNt0U!*!k#JTw%uO>?cBJ4^dA!V6?ST=vwK{piud<*@5SiQv1IwPn|6};gR=#3u$=s z-<;Aaxl0TNS}@DZ9)a(gAI0b^aW2Pi+7?fXq}4pwp)$Bt~T4q-qhKzRNBCU>tH_ zp4%4uG@T3tO(HYJ7|9WpWXIXeto4EPQ^e7er27=n=YXS6%0$tqEm3n96PuLLL4oSc z;L2(47^Tfurn`}Mzosnd8Q!wBe`Yu*&yah}pF&ef3A$ph+vX$}v)QviW~j)`-*ZU~#ZKtr z_CE_Q$OjYo0LHMPx)i&P@gax~AjaZ5F)siIEW@Xrb*{VVMlL>trv0k|2Clwo&lnWq07cP4MyRq8!W?+WJwS;aUhW|f+`q4_5fMfWfbT4 zAx(Mse%1GD9|!pE-@mW&@}59`J2Z%zsxpZBFH%Km&28>{;w~j!tuO;8Rjs22Aw;?c z&t6(#C!^kcr|h_gCkT&2!#kjpd51~UR-tTL(uco?))Nn~yUcO27v6gT9LC23Uei9d zLKN$jn-(J1GyX_Hy8rp@s+j{H`)K6s*{t-LY*ZBT)!`5-qPwo+`B&`T z433jbsDgUowEMOOK`STB>F0!A%-D(P9uT1^ja197D-M62;>k?AFPnM&cgDVt4E?iP zAE+qGdDk>^=9(k+`ILO%G;n1pGJEYkG#hLPm4^@DX(85!)uC#Bep`&qkH4GV))p=6fYf2mvPnqy%{Vhk$?PZdKwYa&XK@6h z?@;6}4}pQfG03ij{><rb_u_>A|I|2dQk3JQN zN3z(tf>b!73tWGGk1GmJr*sRWH(x`s_a3v>RM~JFV#8~z6vRRBESD!VOhQ9vhWp?;g6_&2NhZDjaRK=N+nFGFAA3{rkUHWGG-$ zd7E@>9!jHy0v`8A!c{+lPFWVTea1h~y>uajo#rtpEK0-rxkQu%7+;WDqX(?N&izBb zTe^&>b!g|YWB6w>j-ag#xUND-QbzfvF3m003QjXrhLd~7v&?czkfaa%7O^8`78aVh zd_-&O&^qD(84VwZI=h}il+!rn!=7cquYc~%XC)Xorj~Wh^-wp;simHG998so6o=$? zjrFfO4w-g9fhPYgiTFk0-fPWe>E^lE1VuDK(J<{(KUSFQoH$F|GkghA5@SzUTk7Jc z)AA(+QCX_BJzB}!^Nn5~JI&j9{Vvyi1IN3tQP`D3CLrP$$=jKk@w-B;BR0>I!}yVn#I0Mob#mMYkNR1tJVUhuA9 zG^1B|+Tx41uftA?le#S#^Bbz)B<0zr?3o+}d|%@Ai{iZ z!0RgPS*lGQ3x~8W+^j1}ob%7^xl?V}A{#7@uw}slWwJ*{`IVSw_T`Cj8Rb2rTw5@vE%Ed(l)03`k&ZrcU=k&+l24 zVZ&6;8`XrlGP@^_w6zCpVxASfP-my1mLHmdCf{j?O25`!hopQ;dURWz*M@g5ci|D~ zyDKFPdL;xpzA}T)zMn@D-Rr!~@r;j=sp47E-<78(y&ZWd;AHh0zsjWW0mV>-s$=~C zh5o~dPE?XM|10~+W8+Irs7+s+Og_(^*?05^j7>&B2 zXx1b6RKb@PVzXCdfP$-~!D68?(nUol&#F0NZ90~eV1B<}$~X#iO6&F^ZWRjF=ZrB} zu-q8M64L6(oU0X`_(x?t{gP-C5iEMbZvI)#yaBU-4;J8`ZpR5;w>|g9X!_gqHOWItKxaWfPyU(lF zIv%x)=#-7$Wl|eW8K|=g7Oc+~?>^`|THtvU*DliGMjG5*Buf4ET#)~o7rkFkP9O1D z0{Kl|(U4K0Pfw|8hkNnx#(!gaw;tA+TP5sCO^MAdp$ey!Gk+(Cu7B5=y6mr!cQ%}x zmg!gpAh0Q^VlYy#t+F3S+P<@ioO?I*!DC{^KO~cOM{b5-tn`hyD)7I~R1k3;4sewA zL?9m`6Jc4!#1)K^gIBKhI&hAjs6i_TC{c7fH;B({&u{{$6rQjL?FWJy{wI!i;TkbJ zQ*v8}fXl5c=NzVX;kecL|DBl}v1yC!;m}e}nLI?U7COz%eBm>h()TBi$0n@8bKg!K zXa>~JCMjSy`8#(a*WD`Q{szhkP82+jQkH;`(nrFc+{cojI1hTlP*F&x$6-gcQ{X5I z@Qq5-x)Cc1iFDJx7u`tGq!~jSO+wgD3u=kIbhLXqm1I&NhzW)zqgm=?FWAYTXQ->w}ir@)NdD*i{lYxpxKICtCU=x4*ry)_f9uY$zgytjiEk}~a!#MZ_)~fFtTgfwU ztWn^f&@I4#f~h$gYx~d@$j5kwxbyG3Cg?=Jd7{KDJtH^J-GGYdL?x(UuSF)!`=T1C z6t8gR8lzHfydsce!7m;c%G!7Do9JUDLnb}?OJ_OSy>AB8-wkPtX%uyxaxHh0wS2Or zDjKc3mU@azt4brhP?XWWZx)(hc|5|z8iZJ)xq{v#~tPeCK`C-%>{&Pn>#On?#KrKd$%fHuQLD#h!=lz!+ndg zywdRrak?ii?p?Wyv#jgddF7_r%SKOLNFF#ARiCDo^AdK@)%thvxS`@}nb=k0gWVI; zqzhxRBTc~!wl|c~gZy$^yzG-!pC4Ziei?ji*zdR{OvXc z)4ZAh6-mN4F&mg(k4l0(9xu}U4WwxYPZR}iV3!t7Ye(k6hOdv_-*~H| z>wBwLxw-?|%(xZxZldAp@HgwGcM8OHqgw=>`BN(c=?jX|nxQ*Ch)tM%oj-C#yIcn$ zlA8pRG`(y4H89QJFyLS#({!-&X$J5B~ZA^~|AkwdMbJ6XVmk_$8J@gJy?rwJWJUQxGqP!@j06#6EpD`(p4>=Xso+fp!T8<32*4=;LDm zl!2vPZsr@3rra*@b-jj`AEg?@Fo*XRp9T_CP$T2LYBaYdfc-XA*+&ErjInJ2T#yIC{!M&Ai_V1e>#GZrZ0?v&nE03*#W?k+`y??w8#Rfc60 z;4^>z)DpVdyO&bFs0pOM!oZ{SoPtzBs@(9Ka8+8VY+2 z6r1sds>eXRb90o_7WiE6A^-`uwi1X%|IwMbwkB;W{>IzfOmn50p`LWHdCy+mW4c=* zibGSo05cjy^Q%EM2w|m77k)zI77!;ji~1d`1E}ugaBBKw1=NBg4+}tkb0W3@EJcu637A|#=A{G>gt1+wHyMCRElOvOcCN*?o{Rr^}=kVZve(XJS=Vry#gkzXZYD`-*Bg7{3x#*x-uJWi*b4`8qg>-fCsIy6jx3pAtDwFw13rag;XNK>S%w*-$2_}n2C3;wZ55AjL z=Pyr6jhF%hmz%*HPTA=M4FS8jEkG1ynUZ&j~N%){ew2#7PSLo7j4FD7p7au4=`1y_+Nc z){_;INieEpQA=C!u1x@N#7aBnIqCzxMy+}_cyy}hzzSRx?CE_g;8wI=6A)1$7=bf& zZsY>rpHRP8TWNW@$X>wtnuUH4O}5{rIKU{&46$qhXFDG^#zsa8+H>#Q95-jm0$9BU znGJVJ2PCytgpkIjl;$=>{C&6Sh{TxQ1**l&&-iYV|{z_?w)o~u% z;HKccR^#NAwU_%pc5^~Ib^(61h}R^y>Pdl>UP)Dz$??U){wzgd=KvzqB;=C0s^#PP zMbu3JGD#86NPW_iX6#FsUrYnjV0dsX%-_?<_v>S*U7uR$a)@J(=Nmb7p*tQG*JRSF zU4+raZ~Y}p{^%QHcg4S2aZ^X&-hn>S4Dw+HcM5Rx(hb%zyEqMQcc%2yg7P&Y>mqUC z?LFd}!KaeajWG+$ub!;K4wA3jtoHR^NSb~`dXrt_lSF9b?b_iN^C4}Y;;4~r#)XD@ zR%hhoa_os|VZ)RuxsyE4iS_EDktWBNd@5QMMIFy>8g=igtx2JhFR`y;TTh1n-4l+g zqPlxVdZYLsty4Ea(M^TVx{2p~0%?801z~x#Q6*HhAsTG%-RyYjEA}D9PE)Ge>qa@3 zKYxGa2Xo1mxr5PgYoo#S0Au!~zUNTUSa=A+0>Ju2@zaAcoa$Fb`F-X>>6u#P<8$4? z?3wgz2~(w#G=Bgy^*x-FcZ_G19EDzQeo6cr&wT}Qu8t^Fe8x0Zf;U7%{R3`&I0@@=idAN92suKj1aq)(rU zpAA(JSlR(qqg%KF*cG?_>dtW$Q_~EetQk2)lApn>W5rj54WxG3slglLjnAfh4}G$p zT1B6U;YGxLFDC4YhDBaesvN2QJK+v&S)JjS-ge$P>&}oaTDznRVNCoU5ze<6D0Zr8 z5S3PL&(t-%^;@juqPD*NTjQ|#hSS}!SHQI{#+G~7JeEz;{>kkiCsBq;6dX9o7MmGh zRjS__i#doHWTZ7~#7r-#hfcfH3=Z85bh)cuFp*0Ya%-@eDf3lsuJw>q6G2$j|6%Mc zqoRDnwqFAkq`MmgDH*zk4iN+i5u{{*K?wno77!(d7C{(VK)M-88BiE{2&F?px}_W5 zYy3aYdiPp;f7qW~3!Gu*zOU=L&p3|XdDRpvbg#|fz?e+m!XV=|nLJm{6(4*{8s7nd z<4#UGgX@E#Kwwo2hiLKMM3>6E41?&#%RMs0a=_?Sas-VdpUgC|f9<3}HS`A1lXzdF zC=kAqwxx{q=kds(TNykqBl{KXUt1sri9pUM)i*Xy;g@LBKPA6||HDyDP?;$3Gn+oX zppjCz*9534a|U0_{FZ3x?_EAmXxJ96PEaQ~<&~|~SKNa$#sflx_3!4$m2;K9A`&~e zo}!Vl)r~EHErXP8Gb3cFQ3$9{;>rpZZ{oAYU%_M<4ByetT*l8RhF{#yQwZWn$zDYZLc zh`pBCdq#pM2K}~|z(JNhV>WZfRh+`Il|P3UlshotsB--pF+qm^$qO*_a{}f^akL5M zDUBQu;F>}#cZUaDx4!5$1ds-_oWAyXBek05sQFW~3e>1T-4gQ8kLQ(y#09c)(S>6}t}kS2_(4<)h^ z(#K>sYg|Ku!PX*l>{D?W3wZrEsz$W$ zrG=YdB3|mYOLAC{Kd$$~W1qOAZR8CM8a;N#?eYNtPqFB?H??{&cvKwzASkJHq>^6( z!SDC`f?4lx3Y}ZGZ;NIySr_0G!paAk52RO5soRb#&8ONA$qKQ~&sfO2*fTVREEuQO9>EH{Zh$ z&ouTwl-fx|+f$%ypgdM%Ch&qKB?=jaB7`#6)7Q)u58gsfJv1JdVH#s;ZsRF}(i!&S zx!>1!4ZOLMFYU2oE?MR2kQ<6IY~AtK9@YL_TdLEel9|ta+PZF7VGXiaGT4s_j`ird z9>_pwRB)?Tk4Jhjk(0vRebB9fp+G?0(J9lP_l z_q`m{+sfhjbK%(nN6uCEiRB@VW4%F#q{!`vAXW`DjYOO0$9PTu6aw-npBU6?1$TmR zb5OPhI$>~md+CiLl?FP!7h&9g93?T{k=mXbQ=JdpN*HN4y%X@~Tuin;(M%c~pbuXO zQ;$gCa`?sA>$jm_zKnlnm((o#DhPieaHoKbTsw%)lCNzovLvz#o+`EypZ)3)q#H#} z|AW3h7@wWtWj<1VZQQUP$*plajY}hiyGi9svd>4t8!cR6RNM;Mp`$-wId7Ld(V=_x zlS=n>t74KiIzdqWYg8F2K}xLo)PT}XwDDxM=%JTWrYOBE(!yyfFQ_t9uf3Sw%JiWDbPt`AdS1f&#iUhb~YeycX!%JlpBE+K!a zTFKP(a=e*7MTMLA9DOwiK}cL!Z$jrK2@E=63G8oGRma(09;c;Fkg%3IW$BUE5@mdO zk{Eds{I)j_<`7@_J!}kA_f6}lo?_EE)s2*xqVzxDJ#zhr(Mh$=iFn%8Gzkz3KlDB6 z-fN*J?L*UBoN9hoYvnsP_PZ!a%<|G1Xo>JPM-|;rE?h}Ng9h?D@y?{3dCDmf{*t*W z^UGw({oj_#s{|Ey_T+B2-7<)gWCVSOdpg+MnLv5I_8^e@t6oWZwlbvWt6glMEy^1A zX8S%w_Nt*!zZiWb8pWkgMbyLbUd-c)w&iRa=>p!``>fLy)})VnHDj5BgiuHXUTU^~vY5Vsj#M za^6uDabuBlU)k{zAvt>esQVoJZI~Tsd{gFYV$F0Br8{e20s*h_>g{XMm+I|n`sxHq zX(SZTZF<33m7C9dnPt~rH-6wwQhjtbOh9=Di7~}-fD%7UIksUh&O@Fw+)6(Zqn0U# zRwa)a(*ypEri+@0D6>{7Ay~PzpjW7hTlvA$m^ zOSVi!{uc<&XatkO{W4ZCLE&T#o+@@K}6E$U;W?vrVsww25-4G@R zq1vs*8u9ioXnl5gld?0ch+djia{Cl+1R3l-7ZDPMiI zPll_afaOw5ewnNYkuAg+nrNN%vAxG);i&_%9!^!ozykEuBGIYQrVlP92YUf`mjlu_tCbEH) zXrl)cHs*&}9_yz0vp}z9ZQuye612RqqaY^B3kVvGfpNXz(Eeghlvfz-?q2ccnXKbL zX~YvEM~H7F-D$KQ4dRxGYW|&?E^6h5>ODIHwuCxw7beYdMZ_(F8hMpLGKmKTv_bTw zD+s2pl1KG7tu%=Bd}uodWk<~1R^%Bgl=Snsp!q@O9QErTrGu^+Bw%hTscC)!Lmjz{ z=e%1&h(()~L}{)=>*B`<-j}Omco7PiTU#|s*zpCkWh-1}Zty30OIhltmNqF58f}%Y z^bKTZ9%J_yRcZg2JJgdf%M5Z+{1WJDh(_Y3eD+ilH#0z9gjRmEO4?Coa;{d|5yZf# z5JIO-S+vPyR*Jl@v^zM6&)^3J?H(L(+ypdH(l;cKuG1D+g8Gefzj)@#wGO^L?8n#> z0MHU$c)9MHA8)KY^C}fG)gEx4+0y^|ZtD9~QfzyeUSpyga+fCi4cSs&np4V`hfERV zoFTrfI;TGz&}TQc(qhi7KjJYwmRcMnf(O)EG;;}_Q?`M+GkB`PM8Zrcy2yGp@nU=K z!h&ekZDn-c{Z}%|afEec7`N@JBOg$J&fYrb={)Z}Lyn5Ih3G|*LuTd$)pSc3ORyk3FyhB1 z`b%}$CV$ft(?r+uAUSe|7Kb3IztTNYPNo$P_SkGd0bWJmEbZ(G)05kpahMe=Nc8p% z*q%BmmFW}5$B=`Rxt0KC66wXZv_UJ|AyKU@{>-YN&m1J#J{^A)u^g#Y)%+Q1qtB!C zf|A!`R-}pEBe~xTWHFFwG)M~BP+6&KrU>uhf260~rXdl{r8SIcHL**xZ8PTEJ7RD6 z1Pq7<3A`_{UwTMn*Pki7Uj3o`y!?VB2#O94`W=$V^}+AWTNdpNCv6UR3lw$xPs#`D zQ)84RA6yq;R0ar(%SrK7{GDYWvM>xnXu9(fbE!zcA+Lgjw5KN*(viU*R zRh|8}7bR#Y7Dr8@ogfjHnP1t&_lJ0Oy_$^ah(+5hXGbcXzHan@5|&>V>w;FMFMQ>B z?F2yBaEF=nGIj~cbalUg@tmN{KL_%sEIDmTuSMuR2qU5I$$h9n)^`yE;eQ>XMW*8GxW!5GjZ8l&M@y$5SuO@gXMZiO?_ zGSHwb5e1-bSVV`BA_)??;(F?Vq!es7Bl=!_H0c2^@M44O7J{J^_s!Sv%1U!~X&oG! zumM_ARDxLKlnmyX;ln;{HaLBarY=3lAk9sL=rG`c`p3QQ1u zSQb=!%|B?m;I{YoZsh)BJpz2;Z$kX1opz(Ts(Jo25MNp8#R2BvuA26%&V1j^A9FpIUb$+G;ExFbJUF?U^6@}ZeH_g zaQ9uWIj4U%Q6F$%mt{Z4kw8zHLUIt;SL7#tPPnxhmf@8c>C=+3{eIdl-6?I%p$t7N zmQ|jSq&PUv{uAtO=}x;J|LwG=j!iEjOw@w!4g{Q_e&fd^4=pZ;nDtK0bVM6K0FX<*(?dj%^vC_BAKz0*m3rWARf zpQSL2E`>KiD3hjr-3P+5s+mp=SA&!U_DR{Kx39Lop3b&kZjX&YE_iD<83@{YQ5k+j zGT+JN_G0>UOE2Sc*RDtUB8krW02PcN^LgbRotMhP_W4DmK?k;Y{QFDoISY)8%qGHu z%U*xBeyK{fM_+8xp|I_3taM;9tGu8qg~ zE|3Vsr^93bMV(xP;fLXd$(e#u7pJAJ-5$fQBF6ov@nA+H3?8sj2k0aw`*cghov9+} zk~=3)*PIu`ncP!q=6BX!dq=sY?gpm6^z}>KHrG^hM7qpfo$bKUrxO0Gl)$Q2aD?M%+4xBR)~p36;AvA?Re_<9U>M(KU(8z(_*SI`6&DF`U+cgk55Ky~960 zK{>4%Vr`!o>lZNh_uEO^zL{;X<61p?HUppg8B$$p43==|_>qn@1R>3ks&Dt={nC-n&{pc&2;38rwW^Oy}*b)e^1fwc>J4Vpt#^tDxhBk_>`5V3Ku&0SaZ zi}F@QxXGsEdJ4l~G_OAy>QLIXPsrH=6Q_fv3D@U-n`K9@1zpCMV)RXl_#yw()%Zj@ zI=ER5W<2Xx-SR_oZOM?AHaQ+C{meqmTN7zvM_X zxLtRu?)h40BrW!IioC8x_M;xstO&0(@AwuWncob2f1Io?-tguR^jq#`E0_XzLdv4& zX<7apudKoD)xh7Y-$>}CXST^XZw3c{%yh-RotB7Z`0G8eab3Zgc}U@thE+%YNmwzf zNLHhk?o36CgQu+@n75|Os3B%XUz~nA8oM8ttRYDxmQiOrlUp3WC9jo`#|&+NH?ecB zWoTflqoB`~k^*v^9H+fQCrwZdh{@0x7KlseqU)0T{$ln7G!19b=}B?+~uu=FwFGe_RErIwXQs-!=p zR8ehz93c6B<8QN&^G!Y@|K0XinDgT135%1e{UBiN2Q_EewDP7$YJ~g zH9Ofk(>?0x0{6Xbx^ zA@0@W*PfyzZTUbZk76eTq4!-V7Bu|&Ct2!K*v>C5|+nhv!#9^L}g7Ct~TeNpH)z; zv(fn9L~*A7x&Jgdl*QsS)1Xrg%LgPqx(cL)_%9h+sTs;w9_Ga3|Lxb-iE>f-5%8{n z8LoZrukOEr7A`{lyW=(q_07_q*P9r`C1o*#?Ua0)UybWS+~qYqjFrXXKExn%u69mY zVmAfK3#cFwj|x4|ir)On^O~RAr1Vy04DKO!<3hNadpld+<)0PNL8G`#vMYivL#@Bp zMQ^jJOW-AttCpU#vcDxSMl9#&_e+iH)c$-o?W{raT*LTCI(f?)+MKd6nqigV)7bvw zU=O-7HA2h-ANVKBMW9OHC<^JRX_#5ZXIyTO~**H4047gMyCWYiR zgQnFv$fjSQE2iY;#i9!)KEE(LM>#q9Eq&UU5p}cbU?# zf>uQ7NCWp2gWB~A+5hfc6)iyCz+-9;-p)GfL#VZVv*m<)3om@D;8p5)U)lJQL6&3Y zPz@dGeHxg!vCDE+aZWEwAwaojQSco;EtQz{%ImNE??yDKW`_orqm=y2RUJQ9K4wo0 z(hbotq)6An=ZoS*JZRH@^-`WwU6)&rR&0G;z=)^q(E2RntR_{`F~W_@oKwv?@bvnU z^oV=mcDW=7IRCYScW6*nC)H7DH9*lYS)Uud`~ES|x)jocq^A4-=AW|G^@A_^iVSiN zyUbgpT{ILD;E;0q_pa$q|44fS&7KF}zloQ=rcUDx)pexxja%=K=Se>f ziOt@+BYK~G3fw49AK8GQ1a6`3k~H~rA7drPPq2a+S{nwd=t{YxKbG=#2aqFqABTx| zTNNYMGk!Y#Wo~$BK_+$cP2O?imFOrm(}gy{jHg?vg@C%?_?PLlDCCV^r{=>Wp~&)< zT8IObxR=!Jf)@D(<0wI;g{2tQwz*=Bkj}_&)$QYgCA(~rK(c6bXsstX(D8_eL0luq zaLwp@?nP z*C&5&$9i6rl=-6Immf>&@{}bUWh1J8jg5`TwmJsSRMPXPw+gV=nlsRgd?-OK1SS>| zJbggACJ3uGp67$NpyBvk7qGLuphgbf&T;KZmNvtWa%)Z%qL^rMYdOx$GCr=VTc*Ce zDCwBWtJ_`v{ViL(%wjBL92s9_?w1X{MjwRofTX)CXBlR+{7ZD=@NT<3TuIy}i1m>fG_6K4DS&RlkvI>$JBSh$rU&Vcw@Apwh`Dk! z5?}3-t70Q)GRy={nkuC|;mtit)O-gu=&;`8V{?j70S%rzd-3h`Ig#-X2t*efX1(ug zRY~3My9$ehguY(VlL49;RgiWr=)VFNO>ypvxP3~SZi#GZT!l^;W<8w0lrE*V?dRzz zm^mGJ^q@-@6>!koxbheb;}#hi+Hi_wfsTIzrXTIJr*$j@v2zz6#3Je_Q8${y#xU!5 zLcH`OXy@ecKGMCAfU~$*QVraibi@d7i`TL=8-=Hv93-ZzRGG2%^T#R&)4Q2jP!G81 zwS|uF2lK08m5Y#qUzzJNN3KHuIvk^J1iB#{zCHQn5a6YZ6GLvV5uEdY7dTB@`gynJwX_OLfuoZq<6u^D#IMB2D?zBEw8nK5V&fDIN1gh}K!PZm=L?SvQaX8iEM6fyh>9a+v) zJ5sEMqTaB$Vm+;FLe!0^8H2u>&mrrZw!(wkj~{am$-^aR@6W5}*KDx;%f#)*jSv7OlJz1N{-apAU0nP<9m?Uz~c(n_ZxK?|BGCX#U(CtP=EwEO6ak}Z@fqcr8uS)1HI~i(Yv2Z;+JP@bWCey*fgVyVUs3%~pH&*W zcaA;rDST9sIXbq1TTcIb6~k#zw9#HIjKZ(qjl8WYe7GkuHTP!gH&AL!QTGt=q|V^v z6+b?*${(*;UdnLqNB~U+=UZH>4aEX}a|@>lkl1wrjd?oqhVR!1y#OO$nHJJbRe@cz z#|=6yWA6oH!e#$aRredu4@^;0i|2>ak{k!1+e$M0+76gO3Y`8KkiIknXPXTk)LrFq zKBxRF=(+3o-JAdgg`Sg>6Q3=dk5FRt*>z_yuKKX?;=}=k2IWD4{VBljY~JfomVx+U z$TeOcM}vV<{l%9+&{N-V@clX|a$hmm>>>`RJcReb46cFqPoU0V*vw8_3@fXEH^ZX+ zIv6-ZJnRwrVb=fL9vu<-dtu*U{XW51{jg41ZryL>onP({FCujJ z!JrJplns=v31M0)VNMV&KQ)SVHmtBJQ!~j=nqG-CP3$XwOQD1=d}fXe8PwQYB>HE@ z#!Ya8;dVdNuxays3{vv(pMH&3B3|Kb(4qDS_hhE;s2{Va&W^)c@32C;FI!NyqgnQW zM#;zpIqsqg36?#0?M=l7%Z|Og;l!TAQ!YP9ppZ6ou%| zNqE{t*X#Eoo631irhzClG9{eW@KtConjqB~*a(Hv~eMbhwTD>jZ zWc4FXFK~DJ6f4?C=ju#2h#PoS1g0!y9Ru#@Avm*R22ZVkZS61}bW=rRIu=il13z`X|%`4OyDKc-3ddNq>Q)51$8aJsUVg zbF~^7^{ze{A$=+rECuO4xVsy7H@+$!XrV-_fjVN`RLhy)B*2*h<@;=U&#tEmdr@@d zS@_Hxs=YD`k4gsX#ahA3uKxl?Q~N}Iw(r2JR-K?McUZLLioQ6C5MPC`!-9FJBbf@A z0jkp1h7{zl0!xn&)Ce2m3lE(7MJQDJ9m@%?;(1)ry1o@~>Fd1Qp9yCc~ly5enb&{@)-s0A||-d8n}#D0IP(UYjIra@aOnMsri3v`k3k>pZIzR_b8-Q|BJ>)(=5Q;P% zrwYoglniZ*p}!(b@b(`{{jq|inyE7IEfip6tygt1m1D9Z&I+~H) z%8GTSi(OmRxe0Nwt_d>G8V?)02AnpMbTvLX3KKU>u@r*+fOj6%Dnyw*vSS3ni}5Qh zL@v1dIHPiS!pHQ1TvE+z`Mf|avix~--?3$jVIeZuAC}s5DXcYgW2Bb>7K+U2db>R* z_I#n)0VXzh@O0fsDYT_Ir6@ONuBblYAmdab+FZnVY=XBIsYXVT^;8EZz^UDg`f1I$ z&tlg^mpK*Wr-3%YPXYZ<7mxYgfim4gcyIEY-_bGYR3z&;%ly;>8d!p=9795F1`-4~ zpm~V_4?OQ??Yl#PKea@)iM&dh6dV-yQU$B)frAH#vUyk`KpA>bgBVN0bnF!CaY%d; zfQO0oPb+b7`rIU6j4a|Vtk74ieMP)+&x4$wkE(g0iQKebfIGB-EE2Uf1PnrmF96cx zW6xyiwv<}ml1F7-te9iq0*piP;iP%zGgTHB??$#K#rhaFC+0epv3!w3bF=Z=enAc| zc@{g!dEf^9DGyBYr5wSz;?REdX!w%1&08A@nc(=ks|yQK%+gIUf zDq~@1F^qmReZmH%M}xOxhJJK==|AMVxL?*F4Slq*$OaDtv6bV2I8acp^BZZR2_FMv z{7uYK*oC7&HByc0Lr-F4n?WntgEhp}t?by~bXgI`f%j{mvJOH6eK_Ls+#6DYHjsImu7o*!>sSa@*fxX+f zdEN#i2i?wg-WmQTzxSPX$xsY%Z3j$~1a)^vZMuoF)^Q(Ca!#pX7Lwa-lLuy#D#XpSbqkZ_Q|?QV%A*-_ z;B-fQE>Q*ewSGn=Cq(OlhU!)-y&~dZV>3qNI}{HrD4yR(7OuJP0mk99nfxeqR@**^M+i#{fS%7D-R!~ zv1#@_kisHw#%o|KsI8$nPSxadeiD0Fj@QgX!Qo@fn4mIp@G+T+)AO;c@9v+M z&U=fOZJD?|0u>kuJBu2D(QXD)%=z&`aKm{OIX1r7%X;bD6qciHU~v~`P*WAQpA4Ns zRIqwYV~=uz^m87uL5e;^hUyasMNvE*VcdEj_MAm@W)KwNzxdhYx%Im95rzTk{2t@)N5MbSBkdL0Neclifu*-uSy% zvBh6{()mbpwa9r*IZHXtHt)AcYd<9TU@_r8Wm5!$Y7DML2`@}NW#=Sd%GkoJzcTAG zuEO382SmX^)uF&0CQ%EI} zKR)^to8hkdqvx02Gcr__V4B(A=-Y~T8&Op%vd_t}G&u7khhk-c+vQ>5;aQ3$Pz`Iu zwiYW>P(1C|rJ1{0_Q*`oXj32)om7HJ$IZ@q=v@4Zt-8iosP9=d@=f4_T3eF))~pn6Hg5^R#{jXN0N937d>MDk zbR@%a(|w%k4>einKWTwLzr1ds)t}aw9Y8u7Z1~}xW}7a%GTga>BijD&Un`7TneN@W z5I=J-+YP?gkU^PiAe4!GY>&ymULR}RxWI>#f{Y=?I5Amm(rx5Ihc*!=conykq-3>; zvM>Vu*(zlYcYtLw16P-bHvne1OTppi3I2i4<5A}(8sv!Eq8>JH8NXzIx8a0)9%-GH zdB`u^C=0Nbz46sxkYwe^+RtsN`vguwSa_bdX=;w)NR zV|@2ZD3^aMH%AN3Jz@6xC2Ha1cA7YdA~vGEfxA=bt+<3co7bkVxUyvQHaM4Y_6%K0 zRD3@SD{1X1IyAZn)jdT;b9|RNqK5@DHU66G1kSn+MG08-%lqy2;yuiwpme}$I3g0L zJQ$MvW8-v4+*5~yhPW!q`n1zGCf{jQir1JsgSAG>$>4Mj%%}GpmeiHY%Ju%!wXY&` zusJ=bbT2To+IAAqJ0~=koJQw9^tReFPQ=(d?0QKF?*W5Kq|=C4OkQJR;K-?@?h)bc zPFm;)34M*bF?Lw&;bay-6Iw19uD+Vxa5YUT4Ng8@=Y+J8O`JWAgjo7)wQD?L zbp33y(>@OIcx?{x7v*pihcxzuROB@1IJN4*s)6|`l|^5Cs;IoFc#e*11ER|TCqIoMx}MA_>>4jcq=@o`_6Alj6fz5zc9N;f29D3U1L~H%KJpM##)x@ocsSS@X8UX zd9{H30<3Nvz@O{1deqpLV6Yf>%)A=oJ2^3%AD!a}G4;jHbtBlg*4fk^b{|PPB)7R{ zuNe$TZ7yC2GD}IdNW9-NZSY^V(ZyT3jo*6laASI?M(3m=)Ak+xXUmaa+a8z0?UAUp zX|ao;ixTF7Z42Vi#@eszr;g+iS|kj6f6jK$qDRml-Q%LN=uKpA$!fA}L-L}AOXP21 zSar_s+NJF4Kfm0gIO0>rErsuSO_^~Z?FLDizj;3#;4~c+t8Stn5{)pX(L4RrK!aF3 zSUQ!Ag8ppa9h8VsC@9T2pDjm3gRVtr_TjTb>?`L2hjqE)M(<`5U|d1)xqqh82QpY# z{F6FO0R!F8hx#C)s#72q)_P@1d#b1%M-E!%sh}g*!gFY{nK&77NHw9T-74@?6hAe; zQf2ZzeT!Nds~MMi7`}4RC3o9)wc3|=$OZ9<^^^D`=7XdutzbxgW7*$B=UgO@( z8g_L{P&5zkUtN%lVimXyNjj1T<$pJZ|!2!FR?e8&!hq*I9n-DNgYPmSMpO^ zeGFb6UK)`hr085=pzsb>kFl(1ey4uhXM+6gEdDj_Qg(o@**Zp<&-jvihbHHo&3v2l z>HBvWXEPArlMRbCG2S8$ek(jD3Z5f@?7waV%y+yqd-)}rXr2RJBljjeEM|JMHqWR~ zVNF{NxT*H_ZRdt1MX?!L#o*l$@p~qu+U+%_DiWNMHYe8U{E9_S*L4(k8nV@{ zjT>!+7VL@x1{tlgob3$uSL7%$lAuhxcxzIGN%Mf_%e_+M!7tGTg)cQLkcxa4ujbzd zjZjs6uqiM4V0)7&-Bj!N;H%6r#Uq`D6^xj-9imx`wH~!Pb+lZW6s-bFl*HO%xm51U z32%k{EwMV!7du!lT2^3sBPE=`v`-W0h;f{5t8f@3_M0?-5C$EFU&+?li1<+`e{Rb1 zo5ZyS2Ri+hv0eRSMCOII-`e}!*7~gq>k(Qj$&`H#M+5e!;yr23Lt!(6>AKCax6*gs zJpofj8I0iIxMr%DSaJ4pG{xKdU2l#lK0Z_G`*PciRBooKb?vDvdV^#|Onm=DGDbn` zpp_GEw1NFQLhpE;gr_RS=&6sI>RW%~iBU*%gVJ-UgIFhUkms#jfO#$7o{cm;+&?%v zov^q}=+y$}N`S^a(XyfHuT91iVi(0H!(lt8(>tr7I*p$Fh_6t=yZ_zoy6B`dht1pWBfZ3c=}5 z&IKB;SLj@0_8yeDfrE^Lz;I%Y=p7y z3b;iD=r!Ex@7Nwe2;*NUy#*My+gF-l3D4g-W13Ix;#9FaXK%|E-{^a#E4$ba(wD8& zy=8w!oyDUc>qKxj54lj!^QN&=;1g*`>5G=QY+;w_#pIcBR~scEP$#=tNsfxP=@;dP z8L4zt{&%`PTE=@s+%s2G;PkR7(#G%oP1|TZ&F|Dd#KM81^8lVed#bmt0}1-A(0Vkz zqShPA3szoHG;K9I17AjHuRdao7cAL$m>%7?vwAvch7S~1#SL~@s7dP%zXIgLsDMO; z6dH`9q2be7yM(FxZS?jn*N8R5p0U}#IAhnIQq3j^qHbF4V<@Hm)|2s2y8t85IdPO0 z*>riGpO1*5x=toP`2Ft3%-hidK(UAq^u8vzykd{#!Ka?u%!RPWYV#JB6JpzJudd=1 z#VI0KX5TsiB|c6kT@F$&P%5(Jh6L#v9xOV7s*BnYq}n9AsgfEMy-B5l<*23)EkytR zUS8zV=a{1;hS%N_%c`nM;hG&K6fFQk%Kzuz z#tLaW)hkM1;cfOzLkhA2uQzMtc49IeVpb@UM`+#{qko7kclV`j5yC^_v0u~(J+4%J-un*SZMC%bsnd6xT$-c>aU z(0A<)6@)uE(C~}pP@%+-lkB-op$wQitihZ-S(tThm}{SUssakboBfG+hyzaTLrb7w zhkvDWkxpNUPNXS2?;WDA#%fsx^6HAzE3QPw0?zB8#O}b@KK-@3;GXw>)Zm8=sjnAD zJPpaiu3X0*$v6sYfzt{g#>}0~>ka|=A&JIT<}ZvR(|)_Id{$|2#1-~>^w4%Tlp}&Es+@)aZjm;BgQT? zJRQYmj`E<}l+K-gJL&Za(YtG*Ix=24Q69d}!#+v!8=b3HX6SeC(m}c!x4)NsSU6II z_-uLAUTgkx7mRaU#X20*KPdmuGrYNhLWxt#m#jffFSO3hPsO!GsW|U=FOTepBCetl z@z>bb6ZdBYI)dMA@wDtx!s^fAGS zT;x1$JY}I%`d@B$`vQI~=85segP#`%GNB_?+FscK)=RdFEw-3{f!QNLC<;O)dX*|m zMYLn*iW=HjF@8m^tO$9d@+K!%N@8z$_0)qx<&nL9<^qN;wC=0P&a72N-|u_sF~VVG z&xN@=!-gd^@K#%%mC%{k9TQ3D6Kw}0vU!pms}SE{?~ufHqIVdD{*VSdx=$8YC->fV zK(yPtgd;+DgtL{bDfqz^H6s{<*efeZ9FllQFB0#O-X0!=F!IL2_##Vx+zd-QS}-xw z^GzvFG`kScztaQ)ea?Q=9BC<|%!>p6OP?|=XmfIIFY~E*bq$C+vvYp;H`UGc@xj-U zCr*dOJ>OW{Ew4{Y`RBPHA^TQpygJjf$b)@44M3Vcp3_ljdu;a9_1~HU)vyYHHy{s} zQe)HiP-}k!gli`$_~yYDc)(VD@|Ef~2Tkk)bJxuzgu?H|6PUm*n^qRT4>bETQRg8{ zPcy*~`%x?psTwv0)4L7P>T{KnwP#1s16)wo@4pQFam9L1gCy3B&3(RXti|uXPp;fM zxxU3&N0Jrm_OAYPPT)nJEpwR{$Y_pYf$}FJe zAMqNnYn7m|HWL>2+)qy=S@jrrw8YEy@5*Rhc|0xSF_%0Xod#IC8*)HBGT3S~aMsaP zT=s&g#*Nj)azL!Ko9%o&H(JJmwO=fKJ=8D1!g%19UJOFqnXJNeLad^+abM}?Iir0t zPpMg-MC*y9{K?ugcM}{ZV;L$1VIYu@&Kgv9xKGJj2mV=F!#ay(<9Hu$S?FKojh;Z43^*V0kLuxIPi9`%6m671&y z#*r$A2KD`VQ%Jf)!q$1~dc`|1tdr5Gk5Rl=<02qP0A2UJB72gIBWZ-L?@c4}T)K_$ zdgf|yY49q>@udq%>QWyKQM#_Q^8@0;mMsu85;1>{b*ZOw|8!hJB>3#I{7YZle-A#x zWaP%iejNwc5k%TrmcPwiM=geh#yp*ze2CIhi0al_O;D@JgHRhTO#P zcZR^4jsBCi#bWYGsYH8eJxg7bexdvD-b7qmaO zymvqwFs%0yz#(KrK&9PQj}P+gY^VEH%m7Jfwwc`Fq#I67z+8u`{Skmnzg-E&#WBag zi^r9irI%w!7S&N@nt$#&9|kI2pwiuyr3#aHQhQaj7dz_`PYPc7zc1_)f$cS~^#{M1 zx#+1D<`Hci1TFShY{Ffk#0#*2b_}9N5mLnj0XBL9T z)HiIu-)GR+c_2V} z`aQr6dq3i0k1&sWBMV6R9*xKGpzeDp6dA`k%}9iTLmlhurPp=&c@Zs&Tz*xTU~^{#R7`_wCjYKUKPFML(PMLN1EQ zs}QU{T#k@$38MlPf|wb4pnl{S#=rGOX}&s*XyZ9Up}4=|7HupYcke2+Ws>rVuvQK@kZ_>05)uSn z5}!JB-chMxCqq1iTSE

    ?H?vRS;+Z8d?T-D_xn9(DIP2X$i&s6=&aP(pa!iZ0dKI-IByvA$L|bd8G*>Zuwvg4qdKcLLn~W^=A0YYv$3IjzDtTqQ zr@^Yeq1YxQ`#uAFhGa2YyI~67#bASBeJMH+QLDai5TWfGqK@{RMa{ zA@HMlrGnP=eegf?rNL3=4PtBV_%YlDxQ^ReE4Ul^f62?*xP!|ONI?F-ely{#$Wy{| zzzVWg5{eXE0nUkepqL(zNYKn3HF0_r z8<&jw!OQ~kBDl%3cf%jjs5t!Q_GlO#gK@cX#*UV?GI{?2t0NY-nQ`1c6Ac#daXP@; zLNlf#*d>mqv%K`z{UNUnnYzP!XtE_G!iihq;pamF(y#u(i=epA{Wt_HSvimr$RITw zApzC%049wZ(<36UFEFTaak3WRPW&0*3Sy;fTAkqMy#f;Is_y= z{BpFe7DBf4bC-@@q}ErwS$D10M*{n`e0^OfZr}x8eT4|aU9mM1 zT1iQK9<>T7*Py$xqf_v^^a_ZQl|GqDZbrzrSh@gV32n!#70Tax!kiX4;2D&2D4+L+ z#x+?020ba&NZq|3^ebY99yPyA@HgO24j*QHeGG*LBB6|F+jXF45nX$RgM_q!S+R>n zfdOZ8tW!W!K`EfN3kHt+f>v^k=h1BFEr%`*1B1Al0Ug;JT1m%1D$`(jzWSu#@^*@_ zmGWQvmyS*62U7q!(geOS;Nl8|-A||XeIg*h5lt~CWd`)EZeQujGGIUf#a-cy*-Itl zku!Nn1j#Ae{oRdFQz{E?B$d^OWT}$M&+Jl}xquhQriA$|^w9tr>NjOlO6!}_n;8*5 zBQODD0=Y{}*WyO-yNj*W5dJVZhf3xk0p<9^BEP$B5(FDxXY2kdLE30neHF;&nE2w6 zwx+KOgUT{qgClCJpZAxgV*_2g^Se?nyHFp7OU{;e8OI!>G-ZwWaC5N&UqHtRn&xT_`yybK2=1`HXIEHbN< zFwPjcU$Q_b(o?}FhJ(l+o=#uN8+Ty==5_;!e4b7L-nM-Lk520IpyPbKZ0su`@Qr?g zKFJ96T%dorv9T%>`@z#^_>UORC>z6X&QcnayQI=x6#Wo5ZeVXyk&3D+FC1-$F}xe$ zYTJhU(XkL|dR;p@dI94E&}^}faRRnaP=g@v>E?t_Q_YR?H&M(b{iQ?AM~soS3Q_rn zQ?tupF7CE@kfE%WfB5ueY+PF+nxkOs(SLHA8$Lpoy?rOFUk{whW(O2=NHkaOp=yv| z6i2Z_EH&gTgN~SI?3Kwg#bw#)I4%6MIoQfUAGr$Pl=9BEC6x|^8+}-~j%rbT-jma6 zWH~bO-20igG$d6rpg|DsZc3D{b4&83j?vTWPFESY;qEDVJaoW52SoJKpEG*!vI1^Z zXtZ{`S^VF7aPQl?2p9mrxC=yD6M&rq{4O7o<^AfDLIKL4^K?E=SD(XqxYz`4GEyPu zy<_8ygHTWTpE_*;ZHn;L^;0xoR$zKN4lI2N)H~=t`BQ9)s9m(lC77M;F;-1{+Un!q zf}WLNT%ZN8ZAWvAgE@dr6{p$s40l`1K0f zPL7c7rQ@{vJ|+YCT_6Wbw&i}4%9m!r1z&lbgKbHIjg&WEgPgiNp>O-zCT-kDf792U>_w_kQjp zmD6(MfJd05GY%>gjpNLzpYiWPuXy4g~_?37ob@Bq6r z?S|eN69yidi^GW4QJU&JWV7=#*^_bB*0)=O?sUYGIPU(=jIlYNdiDde6{cPuRiQ&R zQ#W4KkE2n(npUREWSe$2vLw^aaqlFuAQg{d%g{G3-fF`RoMA!atraD7w2VAtk^+lE zt}|41UUl0$Cm9&2PA^i)YfK#5ivnw5ITOufId1}(9KV&(nV*z}7tB<*3P?V!?)0p9 zxVUk3Y_g$|W?)1r)(~rdbfwHSd(l(X{L1&9)L|$cTf!z%y71P;w56N}Q==-awL9UekP=pDz25@<-L=tL~)q7V0NvKPLbZ zp=W8zcMIx_L;S2I0NjT&z$`r=_^oihq6^2aaYP9GDFO6+bz>+{Viq{{r*s*%9s=!P z@1@l+jukwWoAPoMM{ZfH;$8k}2Eb1}7wJI%X>oaR{teMhEIHXf0Yp(~+XRy~0Mp;V zI>Rl?KN&skWQ4$iyjh`zXCA|X^~+fWQ;+d*6nDpJ)OuyN4-UI-!XoEYUNfk#mE?Xl z1tf|;8ZH6CK=7!!o={V`Ep?g_bU=x9oY*WJ^1r7 zpgINF%2U};X0m!4sM@U6YiG-@>a`q3QD?U&-0c@Fn$XYOEud?PK?qL~p0W5Ocqe>U zh}(KcX6#SfL~bRjLUb8*|1!}S1ehBSQvVNIZy6S4*mjL72rAtSEgd4vFtmiq5E3FK zQqqHjNGmNM!_b1n45@S@4kDp+$^g#>WGM_d0bR9Z?{Jk$KLZp0(iFC$v#jLzU4#d)n-U2QrVNULe9- z_u2+Lj{wqv5SSBdWWY)D?LXwqdAp@FKVa4Q&HsU;sOXwYikJ4LKm{BeOn#D#0SCG< zZxIsKitO61_Bb$VmEYZ3omCS;Zhb#^w)M5)tkme`PCLs>2z9>vTQm<11?S^L>lm4K zM<*xoolA?buR!mchoIdu2l=X+)t|+l|GWiGVU9PduCu?s^}226eCy)8?;CpulU>>j zIg?l`z5&RMRrI;b=v%ir!&qsAkG9W~l9GnD@|NCza-t9U)XwaP`TdL@cj<6oRNj5r z@$P_~KKK(tnPLmd2lne^5R1jRd-yVtX_^)yXwBlpNQHar31-(6lBuk2Q`Q~t87NbQ zUcGcx5$0BT`F-!n)~kk-^p#NJR)q(NzwL?i-Z!xcqQ=P6m472!Yp{WSKxVX3CZ2U7-4Q;9Ybl z$qv|%PyG>^E$@%m_oo@$OK_m~?uOnNB|Y`s$iJ!dt+$(RF1z9~O{kzZI8KasKtDkp za8~vX$O>u#`XH9K9&YunzyAs&xE0w5(?l&{8gH*ele=!49=?Hm|GsrSuP?R=GX?rp zNUocb-e3rIe7loqch6_>{1)*k#XfBHG`i)|XdkvePT}vT7L{Qd+8NIRfZ`7yLoXuK zu%Luiv(``ut{#m;;0JzDzlwJWd4TxkV*NpajtWP=VvBdU zVfR?8Ft)7a&HzXC;r?>}7VVF>p8|{lQ>h26c5-8_vrj&%Xt+ZZIs({lwU6lC0k_CaGo%UFA_KNJcde1*{5}z?F{~@!fkeIiMnCV6@yvn3>2^y~y!KQ4z+IN# z9P9n699rR{z?QK8n_*iWiE|S5*`=zw`;uELt6eS1TS}VCo3_iA$9*gN`9A8Y^#t0e z^)uVC@6Y?!J!SG5|K^P{ETm0jM}Dr` zKuU!_l{)lCkjvw|auV(!LH2^(wM?s6teF|vMNC2NGwv)jyEKGrWWkgndr7iO26P4( z&bA6ibKj7?R(uC}GcKnh`x)8&hun%wHsF$de_VVHGm1bh)$mxhd)U0q)RPgtAsA}b zdMMIs80Cl$AJ4ejw}x(Tnn_b`c>elsw7Gc1JV{E(g-}}NEk=mqGxWwTb3EF}nZWfX z;sf<_vr+Ma&|X(ILRa~1cU zxRI{2X^pF=*dk2Z$1s!Q*$=ifs$DNZ&?nFC51lDcP6|E41AoGx!cPMNz{%kT z$q>|D-yf;o#Tk_`)gw89k1`150oKS`J}%j48XUR@SULkQK0D22;60hiT5=Rx0K@IN z?bJ!{gUAvPnzQ!^_=;I{gb^1|;G!W-7J!})Udfb+C%(`f= z-}VytG_6E8bIkO4XC5O=@UwTRd33PhD>DPG7BkQ}kGCE8*(K_$VQ5}p=0K8wq|68048_v_wIX8*x5D)KJ-v2lW{2E*SN-aFsNxP zKugy46MEox6gg&g4gfV^|49)#LTc-TBQZ zk+IBS<)usdr+UUkA9J^ewm0nZ0ONnQH>yR+`aSUnaD2q9e!;b^gQSV)?bcjlRJKt; z2C#07A-QMnlG|Lgl;rGI>DS+4*7ly7!kL$bfjw1pK8~JbAbvrNf%fmw^u@W<(>W}U zKHB=4z?{3Mli-7w0D*`lhb#PfLx>+UU{O$dDndX5BvK3R%W+TC(5+8(=}Q`6a|cV@ z$PMe)Jr}rF>=w@YhAeqRY6RCFXgpY!7<&6V_^-pO7d|&B-qO@wW${goUg4{J`_q@- z!zK3>dSmK~*4Fl*Z`jYfsG~mLTwMKK_J`RbrM)L|(>QK>31+RqGvH}D87bnXGY54* zX8Noa4#9&WlLqcL284^@7@xiV7@6YuR|I81yAc2e^^|oFHWx#yGXpGcs^@|}W{BBF zoN)Z{J(0mlJV(OpAa$lW|0&Y1Gc;=My)x0X^zF~;$uLwK68KWR2LY)g+>@%Sg#5e72(Btbio z0AiZTKAjmWdv7WXQIT>v(?32aK%%XYL8gSx%%=Ki%WsooZ%ELSW4jU;Rtrd4181|y zJDm7Cf#VF@iq}Kb`ku)i&J4>Lg{CrX8Nf-MLdxE=h)9Vl2mYa!m;3feo6RL;9+g}E zUb~xoJdB0+Md>^Qz*5%zZtpWs4tvmV>?SJCK!f)(EGo(MV}7h@B!wmB3sSl6~?W|iv( z@zTg7ViCUK*w;eh$Kl`p`Tmf@&DRK#E!i|2vXu-4ZTIlmE0Fc9%TOXpVyC6KKEAP> zc_kBrZIeD(Ykq6rAx$o!qQX0w%_9eVJNOR->_41MTP)&-2_9o)f0uW}s!5QWNN5jz z-Bx6I&zi4Z07j3+)2_(gyrzzODuOi|FI%9c_)pbxWqSThW5CE z=R?am>W$xG0u)5@BGp8du9G(5OXA4kxWury#F@Cvqh^7i2Lrmx?{0hjS$#^aSH=W` z!W|)47qWBdBQswNT z&_*`P`YpXT|KypD z?$>e%z8$LK+_UzjK4}W0yPhtQ`&cc}?{>{os&ny-wl~yJMAV&^lEg?PIX4`g~jg&dEXilp&vi|_{xRau3+1Xc!`8njhr`Z$(1JeB>6D;;YaSR!hSmtWPAPc^FVNYCP)%5H9& z*O`%?Fs=O3D~fn6-g{N(E{pwtMkE;Ht>6LZUzKn|O8DrIKyjMx_bC{N!=?i>A96)a z;Ie$AaAaX}2Cd%nj;ho;omTd5pZhJ#B$LfWSU=0uM#5qLJhZfqw>w?iIj<9^}xbm)=TSZ@%dyiy< zG-a0TL$d!2BEDn}8aNK6L!@7aWfS*WPwUwjOl6j>t-5zMahKA;X-mNh$N4p*dQ3f) zmd%XkC{vjTev)-#Zad?-eB1*i6La53Imo1T#S`6JJ?krZFJDq$^f`V-4}BBntkuZb z%3dZVcfa-P94clGgMUHkMJ z>&b#2m#79^Ev{r$=G_46FW;)CIYNH#u;3XjwSi4c--9kX>;h}HJ2AXVQj-xTm%w_D z%kgVCLVJ_yulxlc0rT!lG&Hj0x>7*)4e3`D^!|La5~wG|{WE?o zKL>+aeER6$l}Gs*&FJFWQzXw1 z=&0qNY*MEuntD(}V;m!W^<~)^R+hH?e{0LDe38Q+-l5LyfGxmw92wME;dKS*3(Gox zD0kXgS}e&@r%adfb-g?b#8r6rh2s*jcTEW+bbn?IMR7BN$Px)_YGa-yIfu@5EBgf8 z>fQ6AULqkjD>Q_6SIpEm$!Cq78hIexDzuvwTC(l=IS)22_!!AKz-WoXng*!h@ysgp zj|q|ch7C_&*C;U?^PSD7j`NO=hoYeUxw;>aUgXqDkL~}^UR8mxp`L&4^MjMlUvcKQ zs#n6d%yKO=Y$TX^Q2n)fUe+x8nxpxUoiA8J`Qnj?to3Q)b6)B^tlDTemp?~$Y@|g2 zS`M$9jbt!up(UVx&h=&e>*ci8$cgW3lKU*WSC`n0Z&pw zk{*^Y*~u28I2s>ZXglV5=u_-_d8J6VBhJfB$lzXLiV-s(*@W%$6`52HkJ0)-cE7pQ z=ncKL&PU|uyUBwPw}-p91Q{I0D61Tzit@D@fEHrZei6=JDZ(zmTBMnhBEoH+3aCtg zk~K&du2PYfp{cAN!qvn??uf3i5!oiMd-gXv+S5t z7<0lAzWn~`TsbKddLYU$Ui7hatvf);nQ}2b@Gt3tXOy}OUU*$Js}@Gi-D9`YBTNnd zN8|Yvru+ip#?pcReOs2NX8BJYm|6bCyo|mawPYAN-}7{A}*6W^vTU1HlMK7NM)KNSd_cYo23*o8YEf7;Pb-<346!N%~eSv zGvjyQhBf+0O|0W0uVYG%##sMaxi$Oy9CpHr^yEut|`4lr1W zDE$0CB`dH|6}=IH;vkA#F#RG=C0E*P_EWt<^hxP zg3va1@!ca$RQ@x;U~s{xhtIf#lzIEzl#%pYQy9&9Lm0j!MJ+I}pEIa`-fxDr`4E<1 zYJQ-YZ0rAwTv(}YPbMdw1!AC>nPRH>ET4@OQ6lgoXDgM@3fQ8OQHw6JHm%^D_{0|Q zR+^ngqmMXH0*>`}rgIsZ(C#nZk66$#su;gxw#xaxA1}QajxLW=H8$<1^=pC@**xKi zF@?S0FW1xCSTiBx1>O>#kY|Em{W{h|K*&Q0R3VQ-KgL3IB)%d>L>SC?n?GD=v`RMX zWJSM^q|m%u6GYPT)SH9a0>$u>J1a;d(ONU@K?N&H?lv9Stp9Uy?VMX;9T!Q=cwyvU z<9=wr7*`f2tD)?*h=(#g!i#F6JchO?v<<48doi1+K z)zH~DJHa;^IREqHE?=0l@yH}U`79xEIp5#Yaz4MxStjbvr=0*T%XnYswG_hSe6TFdvS7_PkB ztj|(1n_nJZL1$@8wpM#Q9>@6R|L^Z5LnhUbhig9LZ^rLKUB)(ccz)GVXn1I5|0K#}gSD;x@<1WmnWLYN?5|5!y)v&pcQ&;2!HmY&=(vAm$2)zYmBb<5cTE`x__Uf9K%yTACSwOrQdo7*iPB#Jd?ONka0(@)k+1De{T?2YNUzR7VRuZ{;C~{5?+(UDgr$ zM3#U5YBCuJWr^+3hYCyKnBU?4SqFxjUp4=>I?jLDVQxFf`eQujIY30`M`bYO8~y1a zA>Y}pIEJMnak9Dg#{ZtEYfj%?juD{`SK!4hL4^!mR0{trMrXqXm?!EawJN>LlAo{q zR%0J%v?NJjdwoY6l*AbVaE*`j5xz%M3xbtgE;9J_-YnF-6(u!3>7nKZTlAuQC?VM2sYuB{)xIsgw<>mUyifoOg&elfV!s?&wzMu}`H?v7Px`*xU z3=`@JMX0F1K+14rqiR#Zb2AphDL@|dUMFMIb9OyX<{hm{=-@V7E-A{}C&VTQ9B_1Z4B~BtBo0tuOpCkx6ou7XNtON>>DaS3f5%+##$TCiCVz4VTNK*DI{l zo4x48^J`eK21A=GjuT%#BWYK-{L$r@acGVP)fb-Hhpe^$0JC z_1pCND^gf`ilKHNyBc=%RE&3*O2t zgYLyT`!F%?ljm2rM;1Q&=IQ3jfX6eam`mU+(XVx%-elu4 zzMnv@xo+3hmPN&m)ZCTUb1h6ntm6dW8>vQFC0mgY+nvuh;N9no5G^Vgt5KW2+T&>C zzJ*Th=}hhasvia68gs4+)H^8yb-g_2*kxNJ?Z#By-pjSxYV+3%CyeV0T~Xvn*iMYSt6Fj6 zB+WQa4;R^}DooY?ZI3WFcRgcn9Yu}#j_knz6yRk8O42cE+_+Z}1JMLVh}ORXPljqB z+o^jN<+#1y^i=Zv}NAk!*n!f zFt>88^ZCC(I=8>KRcNPj2yQFgG)ne@LV3PDrPqbW_28{axWlsZZ~f!=T45ptZYn;Z z!x32pUG2xCW}bEKX_8!tyI(rnE0J0zt)~F4(`DM?In<)0oc1rPQues{N?GA2Z0L2w zH`N|t`e1MTca*0t)w?~yj1^L9qRNOPHqxN!ubOeIwQmSp?!#@LypE}|qTR#hy;e_N zHWxmOs=gdnB!2-jMhwU{3#h|TfkhW@@_cQs4o&J2gW36p7G>>GUMpH~A~!=aO&Eni?Y`sDr(-i|MLKC>pF zdRBM;EjG9RpcLKbMBl%8%cprV?t-EJFjw#FC0FC03VHD-*jc4m?iSxJyW0`~#3T+` z*023ByiUs8==zI17m5SPuIA%?D^R!zn80?Sg+-9~ZvPOHM*J%ivgdRCO^dGzEL~s& zB%{;^tV5l&_7-FQ(qGdbN&Q}WrSG<}dfd$IbEudxJt1Et7v)!Y64B0p?deUC&f^oqwkk-1VM6zwFHEso4(hAAApWpHqPhM`2S4% zrL2t64+NXGQp7hnSDdEV-*5px?e?DoV*>{`a)h41hg>J20g^0nO<12LT&-+UqpK}G zz6al&lBL;i_=^k?^jW8<(@FAjx_(3^sc|0^2)H^8R}aTy4cKX1w_Y&x7e0Uq%63(k zL)uis%tj@UNZd|hC*H}kIbaQr+y{~{^G}^zk=K;MD99fv9ND}t)LsLq`m613^K&tX z`18lBBfV$^9R3$COQ>VAO;d%nwd@R5OFScDoI@B zU3SKm6NB=|DJ8av)B zFoah~KPL6~b;wPDb{Z+d+WOW6G`A=1ZGfjp`JewJC0$aCxPBWrF1pk#OtMl- zrqp$)B_NK9IiJkzt{Gykm?ps*18XyaY!-uA$S0nTU64_^Z9kNB@Qt5DO0$c_76WA? zbU=Fgi`PSbM8!n{*r&~}|FMXKYtOn!meYl*g4hWcTU!iXjOXs7AhF9+N&z_9H&mGg zaL@Yuscmf4#pgfi5muVST1%Qxi$CMn&MfqRG(pvD<|&sn3kNxinc=u`aN_yCdlP=C zQONwsQXHY+m8GLR0c;|9Z_rx7SR!ccPsdQiRV%3g5Ozh?@F!YY%QIMWE? z3A-L!ZHWJeq|iYoW$BIbF=~MNu=_yWuG4?aj_hkx))+FWN&bMXU=K2yM)S}|YPIu(KHNpl)r!}(5r_dXI0%*8uw37tOcvV%^ zA0S%Ml21tl31G15)uLkESm2_|txBwfBD)F9sn&+zq3$5NjM&iBRe4qCQdpJxryx6q z;(S%K3AL?_&h)kD@ZS5tb>6HOZ3v3EQBNQ6t<`C z*Nm+CnClqXUbWeM^2($1z0VK30yJj^q)gMmq5D3lAY1Y|=>MKjuJcFny9*G+aYdbd z-t5O0dU`D1>UU(%4h-+iZ@V$rxa5CqtQZ&UJ-qbACH@IJ`Gum=hb?W9{l+S*Mhxxe zp;if8&8Hv%A*+Pdjjwv;e3zb3Whmb^);;GponX`|=Ymzz-?+SywOM&)H7TwgR=~ zSIIL$CPDYLKDnJJUpXWmQ?iB(WD7W)X#(LvsXlx+E`tI8^is+l`HKiSI9=!s3hntds>UR@>M z&?~cdPL+guhwle}bWV<}q<$kxE3KLa|0pM}Ov1^sHhwiKg&U2XW!W^}j+LLyfR zb&>sdf?^tNPl}X9XV`mq(y=e7?K9l|yNvGJ_7`=vv7^;c6DePiNKZP|1f4#{-dD1J zFuF@Z)NIC+{LxqpmL7}ki30aK7un+^7!71hA}ncuL}~)Ldb65@z*FX6>Q$kkyLIE6 zt0MnW!u`M!;kuHW>@^V{6nC~XlAGqzeA8J#sJs{wUrP05P97rjY$EXDEM)YV@0~pd z=hIcg26e|V4#0o^0SO$QF6T!}b$ynpqsESZi=7{_yYj`^= zXH9_b(tPP|av8{&7=ptuEvU@+36xNC!EtA8q5;%+SO;rUntSg`-hlUdMMqkY{4AP# z(ye05W$?VI-Pin;dDfT671OK_%d{=Oo(l`@Ss{aFYBhcJZd-git#Q?OSQcj_q_jr0 z;RH?im3bjC0i82bRs~24S`1gYkfbfr-VE3QItL^Z=f5hnb)V~>uTg3_DmIB=@J=>7 zhbPnQ%OC9NA@CPPD>wJZxQ$M|``2RJQjLlPP`-S{Y;fE#=}GA#ejQxZVw5nwnFcvZ zr|R}=K$PnB%@Z$1+_2{(3CACsg6zj85H2>6q4oz*YK*5~e7bd8q9^Zw$U*PGa_FU! z6&|5ufxMJG*I71g1KnEfvX!A>vTs_rDc*_I4}Jn9NY{XH=%q{dov%61?yx)Q0U=um z&^PjrITV*7VVfNsfqqcG!|gF719$gdV8&K6d4yiJsR0Xy-h~b;^7K&8rK#uTHAe|{ z$mx1AX=$%AQ?Q^x0kl{qQ(?~r8F<^Ox6Swsv42Q`Y23Un8GN6KZ$L)cAFeTii)3pXJ}+>Ggw_+{tXCLJ7FWrk~8Fxx(a9VT@+|##3sggth3KS#0r< zdk+Qi!pht}%))|Gg29DZ+t*r$AC;yW1>7=HRC?F!Con6a`1Rq;b;d=$-Rw7b741|K2D+oF`2^nR%B51qW zg!Liej8Iz!n6GCtq= z7{-6X68%fN)axWqcb#PT{d;&Ix9AMS0+b>Rr)~!jcpY#cyq4-*Yu{%#={50U^UEjf zLLe+ALZ!GLL@3Uq7>cp}z&yM*1CB4-@86av70dlbtWYSs7Um%Na3&}iNx09bhLBBegR8-IQN(E~; z``$S`uFDMe90?b`;#t(08PBKr1vAdX6%|z|W`(gSLwdc`5z&i℞oDw?{a%nmCM( z{>9ByBa~Ohd()_%J+2~SRsTReuV_YUqaLDZJWV>k>IDt;&K>s#E-7)%QUKVs?|eU{ z7F|HaaQ*9h$ocW!lzLWuFCq>*K5x};Q9#P?PKQKh3oi6Ta0sI;p@nXTzR*mj??$2# z%`GM>XlH6y;XTz90?t#kE>yW`Sxj+GYf~qlf|@b;!J|0ykL6E4O*^#Xtx#T*t{oO2 zUrU?CHHxqeGmi@flb}yN;Ph|Dl(mGu0)_@ppGN@U>%NF#k?NIihwK~z@uWv=3-t6! zv|yYXJ|l}5tg*6V6c8ZVj9k5nTmfN!?%nq&UMeXmt@dk<)dN#RA&9(>$0|0b#`=2^ zP;vaiT7Q6FRuW_kz|JgVlnH1_r6pQy&sepqEP*a?6K0J-P6Ku7S5{(pcaUZ+uiOMdA3KI{kdS0 zwkz-L`M&b-s2-*3jRbLoJ!h0ZAKrJqee#yG3BOb{{R+%?52OUi`I1z_k=8a)qE>g% zIa)n>${|Y&aY!eRQB0>;FVD;48^wO?Al1S^IrlP;+&c)juII=4%Dmp1!={seBzUaf zo^$nwxFEKG7_Q;UgGw4Hd9v2fS_qPEJ2rL7hu@u2OiI5SO6U-D0FuZ!OyjC*a|K^9Xu~cyrKsTuuOTfs)Q(FZ(GIBE>24mYAg)YG9ApK}3+Y8|w&SzbQ z9t!;^y9o?m<3^&aPR|cJ6l?by(bU|*o}*@?$`nDP;YnipGGt0|;bcYBDBsPR4sv(f zPG~xrpP|G{ODN9G$yeOvPh$pwGN=zxlN`Z4R1OlKumJQ_d96qoXA~u~L__V;KuFjE z)O*FXXHl13NeAB*f$Z-?UEM_VjYE(-?6WBTh>^2HTuM?hkDaIt9!wGEvS)Q3wj*t_ z2|ZziN5=Yc?Kc`ly^*U~I7q6^N{ z6NT-eMM#X{hhH4uH%sOubgJ!&A3KcW#d2a+U%CW!N@3n$b4QZ}gm{0_GY4VDy_Fr1 zGKQU7=vC;gls86Z)AA|9_)R`5e@}WWuNX+&KD#59Pp$W0PJu%y63Z)uqSi}EO*P|v zMug*=m_ubBTOeVa^)MrlKN|uLad-C$q{wXdNV&nG%|v80*|XS^bP4|`Rk8=m8^so< ze4bpeeE4^6YDj8^OBKY+ZeHNXWo+44oIVAaAX(76M=0#fx0&a>pX9+*G%YXshQJyE zqg%VmS-@p|1iQANLqZq+SO(|R0*<0vveIH;c?{Nr2u4xB1OB!#hO|)J#j|mY5c;lH zgs~9!20Ve$nfB4j5-xAw;_AL}HE{aK;;jtQvVwySC2XBGr`Z=WKJ|Jo+P5@vLsN?R z7EAf}1B30@?hDb^>ut-db{_^23fJGi(-8fJ9Vf6){VDg!v-wS?al3@S^m8Yj+bJUi z^PGbeT|~cR%Xt{5wmiQ+r__f0!XW}AoWazs{JA(^Lhc8T{Clh6{Rc9xrMN1Fz^^od zNTdd-yY+jnMi-lZoj22lxfJuxNABc`;l4AAWZmc5?h%$>oF_eWfmxS9<-f&xRzxEh znSK=2q-$=MNxAs&RB4JNy)~A^(S05huUXE@^NX3TZo!Mu#dZpouN>Hn!D^~7`Vu&C zO$7#JE!U>Mv&4BFZ)J$4>8EaSnWuOra|vedJxRp2*+8R7bv_qZHYh-7xlHs?Jw%{{ z36zjU8{Oj9jlOMQX=@UE=|?KR--Oroix7Nqg}dX^k_Yu?m);V$K`kknkWRaNIPT4T zZgYLktYxsLmD7xCO0|xL`RQ^^VxUEbpSQ$+{cvwMnc50oE3503-?vnxZu0|nr@DRD zL>_b|C^-eP!dZH;22gjuGKvaf_LG(&nNLvs(O`Q|0_Gb&c!Blo8H4h1k(Z+kF6Q{JE}{fK4IH5SOKd&ccj@^_Gu z&(o!EJx|40yfye9^cSD|{a&wddeHdCC3B79(8#pk=qaRpAG2g!% zvAmt{9_&@F>xfKpe{U?D>ztfOQlv@AsI$QqNMj)I>DPxBo3TR$8tS&lIWl;_Q#z5t z=%azoX@4%~`6xoW;Da4ygoU72V_PX>WXjT#a?O53`$tgg%P5u{h*0b3wm!B{>{IFy zwooX9be%7x{mGk8HR`2j_MMM-I}>OmmG~g2Q@AA#3t>%kxHww6Ux@Z~dVVeN-Xnn) z*|{v#KG+)VRaG=4#;FSIglMFxP$ZpZI)ih_e-!g zJZ}Vy0F`yzZxxmQ1kShm@NM(~wZX`XUOH^0 z>&{F(?yUK-Q3kiqr6KjM*fz$dp1+*-* z$`h%yUac0Ek4rhGiPcs5+~Ys?~jd`7BRuU)1H{NQT;WQKB{F5NzJck zIfZhcy+aC#x}UjjmVovUzem+q^e>CNH!8O2SbB1fQPbG|adY%xX;dV`n=BlY63g{z zJoA?jpm*dr8kBKOhyJ_cw>gx8%`NRXC@=uK@fXcE#2gP!usS)WzQe@a0u34>Bch4o zIE--7-jPL``0)>_)KTT#cNQ@aihBa-r(^b6P4{&xc&DE4O5 zmjIM`1;ko2phA&sJZ!7w;7JPy(Mj}KmuzSMa3>!MJEasOByZ)%ZJYK8d(XQ0OV5=a z)g#7n_dRF3w_eL1uBPs`V7nF;eUApkLrLznwc(wvRz^7ns7IF!wqCt|Lf%6sT_lCB zY||?ITg>FX`S)bCEHNR5A@t+@9!K%d(Z4wLdYxn)y70Q_D6B|5eOvmgnxqeJ{xD<( zMhH|VI8*GnDP0jtUn*h|0+j4$GLwaSjeoiRiG1NV3}dGKJ2>zQK?y54&zYO=6N2;= z)DV$gPD$IjmYqRM$)gh9sqEjNLg+bP@=RCZcS3p=d^WGa%(SE_-K|r7xY~plV~tX| z(W0BsN$}Y9u@X!EkBSr{MLS6m9T^<<*6M4pZRN8weIX0YL_1rrl7`xQcaBGswx<`s zTZ)5Xu9C#%!YjXO`HD*WuWK}2&$LnKU^4D`ytnP4jzo5MzpFS~WRWZ@tg$_PbM?*~ zahimm>CT9=x29G0P{R=IDPQ{?m6cQ@*?-|<{VRT-(Ij0%-z-`aVpGO-qY!ZQFfgd~ z+)89(&{c**9*@6RAs^nczI#9ucWg*`p!1Dl<5`(uMD`P*=_CS|Ygwx)x)`ILhNxi6 z*7Hh{$<95iO}fzhM;MWRqssmK>?a0w=*d-Cvd&AZje3~Ccgmea1J{&2O1nL5f$@bBLIF9TtCy6fxedN_*BaTB< z2oSe!_X)subw_4U-YVbAvOe~@7~~~~`^dk?7+)V`1@T>&$b=VG(l3YB@_td%e<~Eh zL)QvM=OQ@g(`Y>k5Z^N%(FqRPqSD~IJ~1+jE^K^1T15S5(q8ZFG_7qZt9H?=Fhhsm zWnSL^Afp=@ht!`&`HMkq)s-Rc%HpJlBFHu=+zT$1oc^o#rbxKVJk(Cu_AOeX9BHTV zZunQ!uIZW#t|d(21=))UKxL{a*!t5dx?MNOH+0@=s!>Aw7CBs-Q*g2R&ZvUL&?>yE z?KqbXSyir695?RP5}i^s$X~6x5OnqgoWc{4i)*=KDtRi#BVZMG>e6U?{J0g(na!tX z&cK(HW{s*m>4P`_0Uqv@eA*dwa{qRVo8pocSmaKOJw(bWbu3jNHUMT>fWp^4{Ip7Q z?~=lupdl5gpc>;=s1@pkWVoMzlZuXJb`>~c?BLy^T{5UTuP)9}F4;V(!{)jS=W|{7 z*cJHcC)8y8ksff)xxv0+1roj-ifQQWY#hz3k&<_j$l_$()bS8yKb6U@0&5Ts_>(3v z%OxHtZ6Ugv)WTe!E$ffHR9wcC`>s(cNV!w|@qikN3=+2$`n>?R7lZYDR~7OwH#+g= zG+x(twiYN`yt-uk@_fZ#;DJ?BDC(C7BkzW1BD+^(=m8Q+O^LeV&+EkkxSWlC{VX`r!(=02w@fKX};yP$u1er)C*y zFKP^1$*v7?HH}q9ppO{m>Ugz&F*Y}bL}^MRebIo@CCWZ9UPB^+?Ak#Kee` zGcINEdVPx&e8ES`T`$QDqYN;#iAP%4V15o11>0(sJFZ94eNo#|mQhG_?cmavbGX1`<|%Qt=&x_xeX_wO>jTC0w>?IC~qJYK{Ppnzq~TYv|c zVb7lfWxL1DqL5~f(qCwLK;dJII-1Mo*i434K@;BUHP97Dil_Bmd}|o|;?*SYbB8p~ z&c9zqpRMJ26GUx|n7owl9@6>$Zdg`ABp)L;z-@43k87TWy4pS=V6MuKz<9m0jA#?M zBJl*l*|MkUZGXGpH_H@Es!$#dvhd#BZBM;YBtuKvw_=sQO)np7M(8kkJa_HMU!%LL z?h%CUtT%^z-GstZFJVm$PUJopwUV62uY8Y$R=ikgjEb1V0~2AT$nmCIR_nbACr(w0 z5GiNV)#1s;YT=ssc;}3M4>~Jkp;~0PrHRq`cwfK>T=lkIR|zO*doBLS0){Gi((z4y z-Y2TTy5+SRX5mnofUXWrsbpcII?%9$IAHRi`=s3w%aQ3LAzyai$LUsTc!ipMQ(2<&Wx)@4cwzkGg5_q(Z935 zW8G!6$ll_Zzk~R0^*>7zm}4Tyq*Q{IuPF5Fqt*28itram`vOr=Mf5JG1st#RCQyBp z|JTV4;8{5+_uY+3J>%@8n|TVB#u>U;BMvf!wHkocPg>)J2ODx&tYkr6b+U#LS&Z~7 zI;zDVhQl~7ydk8xF=8HgHk7?PZ-tzjO&tf&vBGl)hY0zXF04?H$9^7QCz}uO2>v|* z7nw2uJ}f5AJ`(+YX1j{TT9}4!9;1@f7NrmY2#=JUQ->AAd*9HvX)?U1S27%lz`x@kctP zl7E_!UK-Tyzfm(*9j);;eUmjck7?kMHyfdyzG zkw-1B?%bfIC2EgF|B06Rz07Wn#Ii`RY25jeQ0&5z43b7lN4?U(9oY1a`gkFyRMY|} z(9pV0TH>gUn7fa{_YQa zz*$f1{SI$!qS)`-_U{CpyQ{XRV3io_thqG1sHgvd9UK0E6&~!5cS*_M3cNtzGLA2K zVCyeyT^OK27mL;eI=eejR;fmsw|7GSjpj4=2opt?7`rYUrK0!mw&iqwwJm^+dREtZ zm|1{<=ii1G3!K6U9_e&ZD$6#V%y9YmIuPxrrWnyIH!!#==xtC#d|>xmV-fZ9ZcZ6m zj6vMLJTA@-t}msz$3zNPeSqHhmtjPg?{K^Qnq`s&V1{1Fpk|hDD;XLs4HfF?^<8TM zi`jZqI>Yu6IK8v7`fWGGwZDBa<-7IW_ZhdYdVt{L%CNo`JdLda2!om0!HD5EvSSri z*>U6!Sx^;7C5T!2CBJ{v7kEBL_L*7UO>GH~6&YvE=go+#aU04EMy*Wl7oH?S%1u8F zA{gwcZ^vBU@&>(*Q`T;ehlN#wu)}j8S!_j?Lp&I-&@3)g;tu$xEf~&^f26OzxuoI( zmIY{f(5UaReY(?E*Ku}ouoXUpE8E}qIyl#RB*TjVgCX7iY`cYWYV8M*(6CPe^3@qT zr*Xgd5|H&I!%I#3H355y&1Z9W0qP%!7G4d-+CGI%bX`y-+CF=l8BWVj+%4MR2k_&V z`t|WY8DZ0mgy~)Fe3mDNQ6Ow2wh8nJVgU09y8ef79RHgB^MF}yW(PrpSlgv=+z9yt zxHg?*bE^;niR5A2X$M490+$$z@)xYpFB89)ELNsQ+si3=reFsyw6bZ49Wt8(XUT<5EOs;c7zpqo^NtcOx5th}zOe8Z_q6seLG* zSuzxyx$Ek_fVv1+h54u=tmNFk(yI?uSSnJ`#r1iF-e|#7#d1I~h!S+!GylC|ku9n@ zl{j`yHezxmRi%vO+;1HZwOEEt=I%9dDB8Wh!MjLcy@CV24S1RbtFce!bPnrd6(R)8 z>_tA8)ZYuPmrt5@t$O)1G4Fhki%{!3rf==JM~7owXgpi0OR8rhdT$hk>%SHye(|f) zzR(W20IYLJ7t`DyN$p|@G$A7UJ*j{Lyg;6_4V4Xn22KphUThu1h&DfHFijeONiogJvV}E1=v_Gn5iSSq^0Qgi&erhyLeM7 z0T@-cF$Fl>^rlOKOt0MLI#`=iBa`eMp*!RCiv3UV%*07s;g&qX z`JbG*T6G4$SsaT1Lye(q99&EFKmrar+kqmBTC;J!PscsoRpQUp@FQU2K zQ`JJk39S##4lHhH5Upimj#(IpNXF`85eeV&cm7OsIk!Xf zG=*DWNmOwF^Q9sG)AbhH z@3j!YrZfQv3=asAZv89jx5@3qaFEAQaTK?azOMmyc!Njp;$37a`96J~VKgV-gcO1f z7-SStWbS{g#bu60Fd@xSt}}OBqS^|G^zmtuqe=u~7;q=}`YR)`;UfZevVhgMXgF!f zD^%0cpBBBM{5Ji$L}0j@^`a-_H3ZMacC!UV-Yu=|1pZKsU}IZ)W0oaEKBgXi_~$)# z5l)e&3ULT@;0!(6J7~E0ZikWCzE~l7WBWg)Vk(0yE{vbi7o5GiQ%K%I6>@r=1pWaa zMeoMq&v~mypc^TdMl|~Mi|%<1K@<~QJ~mHHa2Sbv$zW9PWXt)6MxtDJX`ZF4?dcy! zNZz+}^iheu25rvOUwzkJ(Gf_B@-w<~jf!jKiOsp|SHQrTmjVPX5AhsX87D8eQ7P%Q ztXWLn4b*6J%+k~&1WhJ`-4Dsh`WJ%xY2#GbTbK_y!6vJTD)PE_e(j=oXXS;E53J^? zI`YCf`+NC?ALt6X>9e+Ik$&F}9{a2;Zb!gPMp6cAl=s2%`HM0YhR#qMh@f}2W;%D~ z6g(l(vRAIX+9F0@c7a?6_N?X8^B~UuhpV>^h_Z{?ejf`J35Svrbdb(rXbFKKq*J7% zWa#czkS-C#8B!WV2?yzPC}oiD?hfhZ+dR*E-tV0Ar~KjE_r7_y{X=Lo%b;OP*j*Em|a;Q+~@fDc8i78IID$-D`Q@?zUeMe_j1+kO>wg<(JmA z>%t!X8wBX9Cja%`4f$JU{Kdf_x_*-0dEesTMhp5V#u~}` zStf(&fFJ7|93yXvd-?uT^G*}v1N#0_^xyZqQJAG+11SfC53LT6}a$0K>aEA)4pPPTdA z06K7WpOppM0QwL@BzDa zRxD+9@;ola{yMbh6XS!272%#n<76zdx}~WE;e^sjUo_l*TZyJzyw$Hi6}5x{obfX*eEXR!Y)Wzx!~#Jgr*rB%z7xy1Nz1-C8_sr$LN_vk~1 zuui2h4<g=|(lZAbQoz@YO8`JB(WfqEK0~U}8xwD>8#7|@qOmoU<(dRw zLX-kp&W1{lR!~kLY7u8D^-FLclqdVQ4PH`fV^es^KF(B%Zpkh4_}L~Wkwpyvuc9S_ zTgKx**X9DK@V~^q1!b%oua?9_+XOJ;lX9DdMXC$Lq{y(Z;;}FS?7`~V3N#uY553iT z`90Q`M{Q=wR~&GluTF)c>~Bv+clE^FIFG50J@O5ZD3$mz_vY|#1Ik$DP_T<#R1TqU zGU1!H33{BBu1n{bM{$qE5s4celA0bz7T4dCeYNenJ>QZ3YpEqUsV&q^mXI?h@N!`M zRq)1v9O;$d7R0j25ZRl@sU7OrD41U3{YD`q#lZu+RD&oPa3kuckrg&Ey?nBxypRSh z`oW2)t@m2}TLry^Jt+-SH$CeTfnMC!Y~DWzm+$&?15u`Hsd+yq+b^(m!LQ8hr*sik z?bADjF4v;I0=mW5J;J|QMv@R^9xp2t#`s16XSq{%-evBmzL8_ii=ibJxvnr#1mC&A z@Y_;#!L&#DS4+xcHid))b%Oim$SRe;cw{mACiSn=nBOdcqJ{ZBDfKm?AoPYjmq?`` zk2f!SN&*rICnbuq69LF>+UmfF8iOK2py-&9`}A`Vk%E}QtjG2L zXPiI65!4y`o$J(4k@vzL$DFylDG=G2{!c9Md#=xHo-oolb#kQ3%wf`f`e~FX8Ona< z#;wJ;Gxm@hA3;BA`yHu-g?vfUje0s2APM1M&$Nb12hBZu`tE1E9dwX%l55ndOi{o& z_5(Q9V|Fsguu)n0p#0_G&s}Ay#Y#*6@XKc2-Fh}XBeDlLj<vp zdbMiikJC+UIf;jday+C}w8`LnTc*V-QR#K?O!>B)hL_0HB`On?=0KhLZPaHk7iy{= zm#G&gTgwsH{{G5R{)ct*yX-ov?8n0_`bKr8hRUzyND#24&+ zh>BqPch$P2k(s%qSQ_!%xXb`C0(#J{V|p!_>iZ~m`){-dAWKM`Q^C9LZkR8TJs;n&95tnh9pR#!HCVx=}zG zJdDq9gU&qk(KTt*2+-|B_E-oNms{~*1eqSV`PGVpNV1E!ZR;> zg4lbHKvr@9xV^5-q6$wcxyCN;TiQgK&pJ?+*)7U zpcLEgTo-_5vZ5rRtYb#Iv>Ky7ya!N_kG_i~s{u!SH<2xFxI zD1VOSm+HSqdX4N0fd_$BJUZuld3uL!!tKoovbSdQEhbRscGk)W!Hm8z0fDxK^h_?u z;r*gQN7#$`JWj_Vm>o05?H#C;A5(5$(^47SeSaEKW05y4_>PG6QEDT%X)Aw=mw(Q( zJmiO`mO9hNb`BXm@(>X@x9rY9ur>h%eQ$hv#Y*ymSXBD1s}Ro=Y1S%s?L<8IaM#yU z?Cd?;+4K(GMI!z|GSkLGB{}RmDd?q@- znfU3Fd+B$@k29-75;PmxQi`L54_qR#D0J%cVO)8Xjc9?n(yk=7jo*WqCjK*v$rEg= z;M5qeNu%73KmMUmh~dN!wu_jHHf#ea0r&0DnM^vVX^y>|=wVM(vpVe*@~ ztxKWpPT#Gzbh>d->^A{>{|$TgOt<}EI)S06tg%!W^40JkHE9}SdV zJrvQrbzr4``L5bN6&)!0)cNM)-#F9ubD~3*`RpgB=wqJw5y9(f z%3uabpP=KOrZgbR<-+f9Ii01GI;Cm+6P+NwQ>99_@hHj;0Kct}I^!2vp@AkXKh#RSP_*LiL#S8wQ2ZlyeHZ^VG zS&Fk{jsUCS9fiJt>4IDA3Oll#8%P*n81%BBcW-U9sU@kMrt?F+PaPoQw&|yJ@HFB~mg)^la3Q zf?iwz=6Qt5U7L^yzR%#(fNH`J*SQr214bfM)N`Flk&wP`oX^&`k6F5C(s^ZOh{!-w zY0U#$L@nR+5QbCc?pTU)zmza(AqJx!=3t*F!w^Y*M6iE zOG>uXPcE_Ve~cW|e7Dj)PXDCGByf>2_dC~!h-xapYJ_R%&Ih}f3WMjJC2KS%#K}C{ zhdU1^-*0_qFaG6zp|dyAy;lD6`Nbv22>mh9(@yfyS7+|Wz#@k|PM#q3&zsML3h5v@ z%j0^{Pi?XT!#smAQcbEoKlCme@`>5lxl$6;JPQ zN!dEl>v!NpQgpRkE??#p#!TM(AGt`$lqp)*99wQB;jp}1TVG&@uT47l{=YdyU=;9_ z!BS%B*K~nSJb6SR6|@vMopCK0WXNk(;}5#oAlvxTN1Zwno5J)h6mSc%*2qv5<1iUZ}RYrhQq2>Gt6!K>cF9WfP=9vZqb7|m?~Bq`c=Nm97-i9R*a4EgO7<6 z{cTPx?G#HzVOt4@Rm9smBR4Y#%}9zKb@Lognj-0`&$dNYGRa%;807XeIyt(9Ki^X8 zg|y+WxA7a+Th)UFujopF?L2{*e1prC>T~6n_ z%S~cunA*vy3GZyW2Mm40Z?*0(cU*9z_Lf7NVh1)&#o9j+>hLj1b)>YI*rNU_otd-( zrqQrpz^SnU#9k6|c7g;)>Poa#L1OPUJ4z;cG9Fi8+lY=F#+nz?B2eGvl5anS`}ny8 zz*6_Wn<3|koPj2D$>P6}$d>IiK3`LpSV`L&tLcy(>gX5H#zQ*M+$KL}oNWgx_jZRR z@|ZR=)EWs$lBfCVlG?o`Op%t9t^AlbrMtVdUJ``*A--)e3>k7(&-5uIT``W!?z3sV zSIj7NZIL>8Zw%R=dr)D5jKzQ>Bj_r)x$)j3D4gG=WP9$a$nZ66>2~;c2ptk9++=Z* zDqt&t^>(W{R@4`oa9rjIP8z8!Nv$fARCvyh8X=c)6^DJ|InFxFMz|)Msa&u?GUlhmVQUSvJyyeaFh_SUmDjOE*_JU<|9|5v_MGPT2t`8}9Le<1@dwxs8y z)vhT4D1(@2v~JcHVV5(-rXPoOBQ{B?dV%sBeb-qLwgm}F34?98b)|kB5#7^e9aG+P zI`IrEw;d(*)1zid(`BCLVzlm>*x7G$NmHW6N;hP)LKE+Hn!P?p@X?xzw*631S|1U& zpH6S4Y~VfmnSIxms;@Ry)IU((4ulI6K145lx(w(AnfF%vUp&LFkS_>U+fB@9d={A>iu*@OH;2_wY6m_%s6zgdPn%ztP zDK4)%5;b%fAGzzAYOQ72U-KvOj%%_S7vZHT0lf8DUVIJFyLw9`+JZ9Zxya3rZs9S` zzWwi=B{ZaeUmDB*8tZRoS;AYoK1*4nQYI4W=lCIPd_YNh|CHl@@B!9g9Gi01mL5k> z&v5`~LD&C%F#?SEVpZvB>U3Et_suDPi8WWjAFZGaGh`E^PheN6_Z>ZgHbyQSyMdU6 zzbwXKoi*Yn0lz)f(AlW?kifyo@urV@X79^ytoBQZTvCH#(=(FyCsX;pE^q9a%H;1 z!JD{iy%aXT4)5qTjrf*=C55#Q z;G8*7uYzo@!|dpCvjCyuNH=xS6;f}uDGL*|AYhf&5*D1iul_d?zXu^7 z-o7K!ny?$bcGIa2T9jeBWyT<86FIy!<1z+}=P3SDHsvD)TGk1%PluGsJjCEbwYz{@ zxf++IT)+(rnl*u;=& z;MDmHq<%8ceD+mzKfgSH>*E89kGE#zw}vRmvkHKaW|9}97H%M(Qh6vctud# zF`LpEjw(^Ai^TCDT&W-bX;4~vl*N=kZ=*%z-xucG)q9Kz#9tP(qTL6ckn1S)w^zds zKy1w#I1+GvDsk(4tS0Y}hBsVR5`dJ{i)s%>_GymTk*>lH=z0uNa}%e^Fmd0|j5rx>7;Vc-NX3g7_lc7Bx>XF%0mwr|>z zelzsg>=$6_16=Q5{vC;Ppv%GqTyR%z#SsUMa%?0>5R2`p@%WwW^=Ca2T1e0g1a7aP zKHxF&L6HGGrV;}tWLdb!A`Nvt)QigP*a6zkZ1EyPQt3&odo+6F43HssfsbpH7=vfB z6?lcS$l#{!Tvgdxly3sI1P8EGStk4wVWw_Q%bO~P2G%^;fU4ZraEBKHH<=h)>oswP*VdRM-JO&9 z%fJzf^oiHbde#Lw8WwW)<09u1)9E@A^f;8dL+S8(b_kUwq2L2eb7c9QE1tnmMub0> z7%$PJ={F=(3b$?w&9vS;WM+h8jx}*9Bb_n~@sWR;>(M9oKx#yID~yk(_thoH47 z>%E^j!BaF28AwTbcWnE3Qypdy6|O(vOO zeD{O@ca@S0V#ILbZJ3&eemdRf{c>U<^J@+kH^(0O2W;aC(`(v3@?wDWMViM<_8hTe zy>J@Rxqd~+ukRMi1;#cUiSHATM+Dp%UCozrg5A-E=k`njCld%9G}Xe{+P2V%2jkV1Ae(PqR6HQ)4}1=JJOMtkah1%P-u| zn~;y6qK~@Kh$7ff&`+m2rmB}(MHF@)4Zd>!PiXqnzmN`|OpR0`ntPikPAB@eH?L_Q z)QS1Z+=Qi1TZZ7^wvtPId@$w^1jOB~;S07rWxRct8=%771XS7K&|K3C<+$LZU`u_~22$I~&lr&Q~#n;FfK z=yfAuUBnGOP{E9RgC2RQ)>Ezyc>6Ci8fT%aEoDz%$|5!n?!$tK=dFjGh9nDPQq69MY^rzocBoW3_aoiOuk~27J+;yLv|{B+j~92j8_KiA zWLh+!0id6piJ$x=6!+f_ZRy$}6KS_ffeYphrPMM_=The1bRnw?N*-EDbflcg|DQ1u zffv?Z{;iPQZ7+~C^Qq{2ubF-)&0nMj?FUYaAW(7UJ^}#9<{l>f9H(v3`5MJlIeq;w z4Y&aC?JGGbm>@xGmiGFU5tRt4x|7wy0-fF4W(Jm8{K@EZK$=D(>q7~sNH{9SoxSV; z6}d&yH`W!%uW2W1$-2QVdu8*c zPXJ`*to=!qOQhYyK!;C7iwj-|VI_F9p^W2q4X;%B^-#;6R4mQFHO?{wf#I%n_u9~d z$X>%#f4Vc*R-%j(+4ggQq%PBai~%+N#Z&{Nk*lerEj>BRk3=gOonsbg_S2oJZl-!+ z{Pk2btl(^F33_?Lkzg&N^E={y7lO78va4a`MaLTH5 zdsoT1hp>TZE77hYl38P&6Z-oe!Adiw^S4hQq&jU40QBIzNuq8rAjbQ~tgPNL!tz>L z``dklt0`HQ%bS=~gFfODg8vC}O&YXw(2QM9H4K}?cu^>7J`bFhrkqYm&!T?y<#V|! zL#ITbUGe>lx$0q0!Oxr-=iOf=<&!JpjyBz3&Tfg(e68U7ADM z(m|EdBnK{AFf<(fLE|$D3|zsYUH;OZTxqNi@Ypt*ETlJZv8%dY;xhE ze(&H@!KHxn;{>=*Lf9GNrE(eaKU1V@aEz|7W_Gj=5Pj7q*1j01fa3IP+L>d}6VDO~ z?kfp1U{t_I!DAuope z!Mwf|QnSXVzE9A=suV;@cP)WEinp6+NNPF-%3Q~FRZ0IZbhKu`sGm(?RBshtn0)Nd zvIJb&XT4Je>4Nl^i#Xl? zV=OEKB~}SO%Xl^46opwx6PD#V)`Gigo}^+OYcT;}-YaBxn8mTXnq;Z#7wX%s+m z8^tC8*)nmktxG9YKQJA9x{z-(B-3BY!Zn413_q8GURVelje7zYtc{Dt88)I zz->Ug$eZiEG_GD4_;ZZUWk`qOh0=NF>l5t`RKNoz+eFFu+;CCtnRdkKbiT9XZ+M-V zUnAejK9+8Lvp^0st-uusgaXK$*x1!1Yb2A$)-kv%*#Zgu{4o zEFS|l-+LS(oO|35Ca(+rInS1lrr&spKV|R)Dy8UeSHRj2eAnBrz3^ks{OS5Hsp-xD zN#(4*T)P{AI@fOw3pZ^#jv;0*<2=<@uY~8@|KGqN7iXJtT`dV7iPp2s2u^uD@kjm| z@<27<1X!0B9w8Giv7#q&3eZw&w4JpzK3DybX$1~!oPHqWnJ`nLYK>u4xnEU@@Wl4$ zibtl5umG4W+>fW9late)Dr-4;2mnXilsv|7^cP(yk-osdqq6M{+R&+m+$W0B)z$ST z=v892s{X!8t^LF|znoSpJZupq@L41Kuv~M^M#xY!;W{?3fGt>#XXTmX5 zcQ0R=^I}S3Ef0a49U8Zujv#y5Abd>q}M* zmOCw%^|N#z(@crsi%(%oJOO@RdO&z)7ScX=!!^)({h7-|B;k_4tr^f$l*?qxwo^-*dii1*RC03(srS&}=n_If@`qGbw38gPCLg$@e&cMZO zL3~qC_Gd^3&K3fu5e0Sg%ugN@AmP@PMW|B}kV;d*+{MAr_7*gZ0QWKTBkpL|2o)Jg z?5P9rilb%DT;1`3^8Y-Iya29b#;&m6^F4t{h9X~oO9I1)9^^x@Osy<*ury*WKGKiE zpIeCTFydz_K}(1Wws#$@;4V*m-=k!}ElFev|uYK~A;(3y9CmJ~y} z0~4sN@aB*iew?|$0U*RIim=C@DJ`MpU)uy5ui#KBd*H@OGNYA=<5)AL@#UFCDFL_t zbU=yr!zD{V=vHl6_|yIV!=a2Glx}qIb@Hf@ylEgTmBSd7x%_jc63nCb&nl+)!>!L3 z&U-hS9vEFtzdGHEqz^PJ_T;KuEfO3zbMTE2~>pmV%;x1$0B3!++PjD$o=I^n*uk!* zL(N9{qd56&x?5a2pO!hQ^49Miu&(uf!Q#grONg6wi5)75CEs*e3uxm3uEgJfG{s3Z zuaUjDb~eq-4|pwQ`l!r!9o%F3G<1HZi>qu%f7Wp2ZI$B91fs&lpR8uD2(`2@jZUH zzC9REB~Aq7@nY}B{N1-hKU+(ZfUV>T7Fu5XKFl;{dNiZ)Wl`Ts0zPyfh@$(18_(ZD z9=hFQ&LV^hWZu2H*G{DG*?4{JcPZC~%LroFzm!G=5jCGYKsVVxYUlI-b3N=6@U*sj8TrEVeV8A>JZ_2Ce!+PGlYo5H=sBe*cXkvedUv>23I6QtDD!O8LR0w zQ}U6(#Jh8n1^TdYdjjOaz*{Z_K$6F4d5jMxx;;W1O<%v={ZL@_54__HGxJmJN;}R2 zMxBft3JpX1JuCYWcKt=!FTXD%IMdcCh?BjBXV?ZUSLXJEDdnd|U#@A~s$#BV(Fu4anic+$uCQA`=MfS~CSdL=wq98s{{vA9s*h;P{+Cbg%_-ZRZ2mU0)ub@)5b( z1HZx|P)SDg4vP%Pm}@KBO@MXI4@%2V=KECEeVK*MGA#lf8ZKc+r7=4;E_|3q9<@nn z?crUS8CKpX6bij@OV|qy%?F2;iJ`vh$FSWvlU8X&hJ{`)9WMPD6|GH^U1pA0>cg^qBL za8Y$!*(k0l@E1QeMP4heSD-^uu>2$QaZd(-|GOXqtpb+J<1N0|^dxcEhapo&xra03 zN`hUs23MwPFdWArnqOwT@ILl8c1Rg`t^Sb=ktv?1)20)-Q8|S%Jf@H-#M^#-Mzruj zYWuUijYL1lI7aJQQjhSn^i1yCW_GUB^iNrkGKgSF>xXV!717$}+aw5zYImc>ZESb> zF!KS1&`il+-GAOf8RUQ-ubbodAj>`o6nN<&e%z)n=c}O;v98|@z$vYH0CIyIpp^7U zMl0Q~Ura$2JWyu3Yps?DcOucX1IVr39o7`B=bg7YhY!`%2MmqtoRjL zfIOOC;#R;B>}Y3=KJa<0-*8@(9kBoPLh3vK7ikd8%|PjBgh5(Vl7T*6frg!Q#Tkh% z4|btE*4*Ve+g4D|Abc6ZrYVfx9ZRSofi8w!c@w>2m_4U865;HX5h@(OUFhz;b}n5n zQLU`ECx6&Z>PN8naqu`7BN@v6(AW+1I$>ZyB0F)^`%UrO0joRKMm~q^pUm_-$c&Lc zl3>BoQKCHXG3k{2j}FN2O5S3QTgLSex5)NWn#VgMQq60@+p0Ztxq+^EEDw4YaQ3XT z{=s2o$KX_8B>63@r9vqss>jzPwpzo3KQ}RNDvOFuRHuFM)(GS>aX&xzsCG>_>}7kY zXMQ`qWk@Hqe(Q_>AZU#eT|FD=;D1Nf=pX>33_I_LpYMczrdX3DZ^HF9W{2I0ejY-n ziE5L_el87Kq~*k;0GOGm5^g<^W2m5DA*CsywFwlqWQ-#B>b@=o&YN<#-{o*cm8$#u z!fU=;>O&4$zvRQkRLKUcfpRsUwd$pYrHeqsEK$wIJ)VY4-ZBaM+Jq>$FP zUZiWKub$b4Oo%)742Itbl(wH@qjcJ(*yOfGcaJ~3StR*Nb?<>)ngLG169pTHg$Zb} z`)fBls-)i5eeB(K{LQ7C`p1>(id>l#65WLW!FYK%)V#1-F2_U$k{gqx_-fbp7bZFB9}1oy`2L{t83ErnWcz2b(M^V~01?mCkE)to zTHG=Kv@v6gkuqZC(IC-dA`Ys~zZ&JDxU>{nj|!4u2g!Iw*Q9N2A|Sc>Yt(%ATn)Xqgy;T5aUgxbmza!p89)@Tg|BvgZjn`5SLb4T>hz4~ zEM(D5Lv@HWFEY%a1)x9#suu=(sAU64LsdLtCL<>dzry`z*0aMv&-v}6aF*@NC_w87|Tem^Vlt%3(VIcNaqIC?V4e^Gb^X*h9aJ9;U zE?^NRc|i!Wx++7&yH9ul$?a`|m|9uB;e49)Gpm%{nqjB;s_Mn%AwR_c}&)Z;e%Gurbr2;GSvx@)qTC*Ml9WP zT%yt3Z!m!K?RJL^4@9@u+nPM4E|&@Ht61aEj2f~KQG8be4rsNS?Mp$ImxEv3MZGti z0>&2)5d;iI#gK(Q-O`t<4qV2_ws4>#>0YW0tdS|}!i$WVy-Q4kG)M;H*kG{M5&38C z?pqdL&(<)YI*n5Cf>u%9%T1a|SvVbCy`$yjh(a2LR4w`5<4tOiy_`>K5_ervJ zgUH6Rh^kEpiQanoBWZ*=K9b60Y~{>MWz=`{)jsYR3a&PnsG_B3hwUi9{xfEJHQyM2 zvlD)kn(_1T`_QY!a0~r+PPOT-j`#xuw?mo&3kA7waB=aDC55@EmTL0wU~v4_S}}Qu zs-%&IupM+HCEQ2X872T0gZ4;Pe55S-T(a)y#CVo(G$a@}5q2DuNAN7C}ATDvcYR2^C_A0{Ad(5Wk-Jgme?gn(6ce!W6FfNdYRqSOMXzjuR z&NV|9kE`O9Rq#nk3U-;|1jslG@fBZv{g%U3&2G4 za^}ZmAtIR{m|=Z*a_WIO@1HSOZ)HR>)E0Tod(&kL#u)Q55mq~!Kxf(2b$^k;zgO48d1oap0A?$SfbFs&& zyPDuSHXp>v`13uP*~?TQUjwvqPFPn45X)>|UL?@8gyF7-%p%ms1#Tk`ib1xYm~yn! zps)(ucsEtiuHkpCWNcR7zlYh0gfT~b0Hs+e=bkW7p8Vfm{eiXF@?UVaft79fo!PC9 z93}MN*vOnmuJnjNccm&WjB)xb-xmxGkasM_aTu5Ubm`3nx`8Vz&N&T0EEbp+J>X=| zl-Co-u0?x-3)aj3|1bOkHc12*eiQfpJus2Dum|71y+PN>H~Xfak7u2M>Y5km{il?p zQb=-pRKGzUxTpdu_X}NLuDk{EvHe9ki0$$Lhi(Dig5kNVr^z?%Njii(clHU)V#y3! zxVVP%!2ba~`3~%d-6#8p1%l`IlCE~lesPcS%U9dQHb(8#S3kM%s^N#FT#t%q9Ek4W z(u^w_f}3+7rXQtrMiYko10TSXj>3|`dGFnjp?q(9r3lm@h7TJ20xqJWO(9T`7rjkh zXJzg5Tn=OpzDPR68Su@5kR1WU+%$T52Gs-VUANBlss&WV7A$So&dN+Ybu?E^1|A^~ zk`Vfz5(!lmFUyO}%0*T$0}&msJ1>_3l(R&xPk%1;Xv*cXUy~6Fo_UWm&3_*=of6J{ zo4bDhO8BkSh+`Ya?xHhgegVMRb)USaEpz)kTA^b-^loPURAxM)mM(43+yl~8h-#eT zc5F`ha;_c|eD#zHZX$6Yif3IxPULawgI> z|KHwgdq3Ja4pXBMlmoU*5q3#znO{oPsp-fUPENH!QvgngFnT1hh#k}`9T-J&8-(=l z@72mFP1=ONZ;Cd>rna8>PMfIWosTkq%*iw`fR7E2x>-uw43#1D58K9K);9;Q+Bm*hLLRcoRw$8;|ENUq)_|-bFQ>YTR48muW{8*kk3B*x7qPb%Ct zC;I<-b`cwB`V4*c$1?33aD)$D+P77!ud;^PN;kA7{tB?PO|RvIXbn;cV1Oav(w!9%G~LoQ>PL;sWravF+ShbRo@1tk&DH0D>3X#YB@K~ zAIIB&5Dh&|2J2b5ki)~#KVW9_N7Z*}7W*$=2%MXHmK;SW(_|NQRFYwFC$BfQBOd{A z*LV!&k~G51^JkFHykX`Vg3^}W-@=~Ekh9mi)+VeT@@^Jd>k=CUJbHv3)#?Y4UcbfNCgPk5j#oNC1LHQ zKSjJ=4LuCC14^fF8=wy?vaiueOurAkF@i@;X_}U2z}D&(fm%2P zc@GOgxAA?&DIC*iuKVw52A|P*WVw%2Uy~*c^{9vuJs*ps#6@9@zxU?FH%;+#m$if` zCOu|VZ8&>~x1jEpjjzP9&*U5R*qh;r_96AS#AVd?kG6^xUzhH^insIpUg~$ESV%;z z2zm`(eaRD(b3%c;gJTP49Vb5|YUStJSJ;WDlWPxOXP}UYzgq)H7reWGO|^3@vR;mW zF0MZo;hzU(+O&rpb_>doYKbtYPZ&eOA?>o4aSZ!JQnJu}$Nxz;qkw z{@S^xhxNq6xra)e`VbM*7I8!{`UEx65cX!PMU1jf`Q4FXT+$ur)K-`$_bttOk_iSq z!)A|K-Mz47gC3X6znMa0HYlf*c3+S$=F#HQ%;tOmSIkP9>u^$2CgWt*I4ZIwEj~`Y zi?43`%1n&b!`bJ2zu>2ggV2;cN$_RtnipwLVWxswByh91X%V?6u6BoZ&R}VTf3~UW z9G(B(^i z#rd~G1tWzwY*&{}FPgK_AMKpEvm0@s^TmWv?HaJ=P@$%Z0~r@nq|SX8uJl7g?6!(v zK@Eok^O%&%8{a`CIF0P2&jC=+v@w3lvmFpJ9X(wms2|Y|dOg-+5HMK$EzC zlH&7+c+{YeMP`*XQZACx9d{XOlD{1w!&k{z;)W7e^zgjgppBr9FH~^t6_Z5 zCne`Fp07}VvlRf3vK#)2;<#rAE+Y}a_r2nC7=DFESpNFM5Ho3uJ8R)04V9bqOe<_j$5d=e{kl=BeQvo@=!{7Xm#x^_21N^F!tw?98B-`eoQx;8n8AE1S>Z|S6 zx6`&Ei1}Nu=xW@Xl-|}sH1fs8QUPbIufXsk>QidD$jR|D9Bo~19I`y1qrY>0zu2;t zzs#+nn=kV;HoUw*a<&Hl-NZv$cIP!R_}TTi7ZvO15y_ymwB-Et!M57v`Z;i| zAZCFsT&Uu{QtpJ_CZrxCHGwdQ)n%BiautM9{reH6t5ZfU7;1FvZBx(Ea|a95$wMOn z)iE_pp*|k+9P~8s`_#^$%{``JI?NNSd!(cWzlW6(sr_WhSq!e$R7_`;ENr}ruJMPZ z_P|whI=@>{`&6mQWhO-z$I^!Mf}GClst3sffNV@Mlygh{EJYWpG=I2r+U)Vjy6~ef zm3!yXyBt{&Qc%}HW-3W1o<=%{uO{~5z7zK<55&i!&8JS)oIcHAVOZP;Ips-#06%z_ zurgU}#y3#Vm|9qp*{l$Mm!w;i!2|y7*Y%_E5~C~*jL?S4K986}Md*2Y=VLU_IEV)9 zk-{(5b(9HN1Z*D+S!HO(QDLMSTUB#-O#h9JY><+;g%(0PLmh!~Wq&W^>+;>doukz& z;pw-)P20}nfLa{7b{=I?jd%rf-Z{$29b_dmrEGXaoOt>8(+eed-CwaWHoV<4#2A_X zI<)g^B+lKHeyp2!;b+K!N<=II_~^7|Of52hCObh&H>|(y>EpGX5Vt|Vq|_n z=%@v(0)Gl)fPPzH(^df9aZc^BDOb+=I)_k9iLt@(lI-vKM0+|}tz3go5zrI4QigV- z0(Cn+Y9#5##7@OcYZAa~>ch;Mmh#btvdvXL|7tHsO}}*X%>msgYYK-%+N2fBhk`7l632dvmVd7j*{V@ zu6_Zg2#DqT$q68IH3gw7aDk$co7iP1Sbn2U9DjSwyS}+Hb(nAV;`Wbx&Av^KbLZWD zn{!#!q(X3b=H&?=AUHiN87@xb+y%WM1ohD$nW71D7`~vQNxMD6iymsDs zkhXp3#+9NgR2=sH^m&%>*mhqfk^&=3HW0cc$*}zLFuwxWewLRQh2^t>#D`d;nt4C` zx14c4cN|=a41ia_X!Hhx5_TXb058P5g~gwL|Cc(Q5LH?sV=Doj&26Ycy*gkBkuyQL zi7>2!J{qPweG4?-yIeSh@P6>&glv(pAWD(U6l)~Ri@?o--dViIsmZ}Pk5OMh&8mc#vodeL zTp1dydb(y-r%$(U+uhwekmUWm+-}Fsly>EOOHyf-5W)8{_n&ym?#}@>f>oMzmbM#o zoOnO-g!&hy^9ZJQ1;tk`y{TPIk?Hrbn>!}dp{lRcqxNdX&gRUICp9G!HyWxMD9RKF z;fW1`wthH8z?j_*bj(>&`fuTN6?lmofEw3X&eZ$oz}3l@fvINJMdqEntmm>BN(h;F zN-3Kd_JR^>I!UX1Z0nxrS-Jv)?#Wf#C%dTlpirxw zq2SVy7dQC=!$|~zf2L6uYW0c;gY&P7J=P!S9IQ#=6f%PnnMmY-KX4SMD2K!6T&ieSejM=5y)(0>bh1Qsohj$s3%}1N;btWljKa&Jz!jN5$_8izZXLoJpUVV ztB6@BmUY!)9`Jx9agk{L?^#HJeV(g)yX^Vh96Ivz}F%aTeCHgiI%)w=E)6}25LSz@G48PYa)KjkA5#0@PU?&S1B4Nb@2ro3X@qdP=JMMF$2}!xd36kMJGH zh=!;S19pjouXa3ekLBvLi+>?s=CQ$WxLhqVwbFS0*I-D3o6-C$;}rDRY_8J^IAvnKlfArftF$v;q7m8*r@sQE7c z*tyHAaFHw?t0j+M9OU zbs)L}W1jFE7h+|d-!v1P{w;D@>ywy5gc%Gan951=$6ILD|Z}^kg39P*g+aR zKVH@4a={p}whU0RZ6MLx)0Nsa=-`J4GNZyagDzjW<##hcdbn90cXf#a`8C6Tw}y;$ zpl4`hs99oWG(DB3e_2`DsU6(4N7HDdMS|SaF{Xy>oPc(Y6!?VB7w@NjX*o4Ou4z83 zVqJ@n7j{7w?0nTEhcU)WJop+%(*m-RicxPzG!pE8=jp*PjeL3tiXV+Slp@EKZJir* z`wvk&YvuE%l4{NCALldU*#BSIz=#rA55d<+1q!~cE zLAr+)X-NkOkq}S>rG}1?P$UFNDQS@$;@mv{=l#xl&-b3QzIE1O%>riT7yEbL``-87 z*S;=^!5xl_q?|gWK!SKKL{H1BFI4>4pZJ_Bh`=wej3fHc6R5yhS1YX7=mK7rUF z-i+soWWD6-@_sB<<0=Aps0rkECs#D#dZXSSkPwP>Xv2pgZB+7=Ns>N4E>(OBxIZ(I zPbKQlP0RAWPL2m#pxku>)a<*VN0@UHbRC86mg-!2R{e#Vk zhQR@H7Y+cyCj#=)k#sUF1JcDt0G?Xg==bgTRL&r(NU?o`|M$T&E@y;eVy7!qdC`~* zbertZp3IT3@rwW9c1AGJh<&HpXZ2#c*7;Om1+F9jtI`+wp7@IXOXckk>uBipl$K$d zVA={wi65`19I_-t>#y>Ax^SSP5~B8bf{q4j6UjIg(@-7EV)}XL&U?R>3AbVGfCC&U zfSQlGvMDYov7dszg*ok)Q?Fk=L7Xd2ZiA~7{L{*bf+$7t-KH{Jkh+Mi7&wRrxB~7I z%&*L+a4$SVF|bhZD5t(Egp;p#%`22^#3i1A@G$zrBShg46&t9BKe--#LXiI_$G#yG zT&?N8;wWm{aBfM&P|Z`!t(CU>CaVMdYGpT008e@=h z&0kZ3B)Jdq+^=3WmIkzE{hf&E6D7>VKwyBLst~s_D6$+Z7IMqPqskvjkfy=AUlM)# z(P)w0zcyANJFG8mjI6Ex>qP-PrP=JmE}^S-3|r z`v+NOmoG{HYL-gtGC_hgIS*O?GlD+nWZcP99G&$swJ|*^v$o!0crrUV>$6sP#L_l# zTeteow(+OmrO{zP((YF&%1=Evj`r~TH>i2%T18IDZ2_#2dM(YeA%q}$(%hUI_4b?2 zJ9cH|ebrQoHd`&;=~p#ep3w&%SD~p&25N?@{w1S+vB>zs=J6YX1StvC)a%m6%tDKk zFpf17=%2d_tPpiq*vn1b*&6I`Ldboybrr-K&)~~#uQcRvq>uXMu#5WU+kCiuQ0k&8 z?eM};`mm+x`vGyRJ(J-l3Sv)&^PP4N1ak(SdUS{V3kIg-Phvab`}{}WSyeE?*mw7S z?U??J>nkMGeq%53IeM-3mvvzzmS@7EmFmlmqZ-Qzs13l40mY3>(AU`{wtJD`ovxI_ zPgXen21Bb}RqZc*i7{Bwe5|*TK25!qe@OevwukojIaM={ILPp5;2UZZiJjk8#^Q^h2@I6{|p5KG|6%v%nz2IX<>Cb_?Oh z9f}n<0hd$U8WrkWc(8Ua$*&)5P<8_n!bfiF@~Y;6+7lB%a9qP=b=5Q_q;WA#CHE>92goCDJVkuJA+}7G z|3WvxoW@F!Q3S9RF>+a(e>H_m&P#oKYx>^Hb5zx)fIq*k8F|DtUPBN&MD-@T6MvMD zs}7x)dk#wT^!(Md12I7$mbKbbesee3BV3#bfjcmM!PqKzHvGj$?8QO6As6_2W+>Z^fngm#~ z3cSFk6NwZ2GeyL!#fgho(hT3bRH8=YjnS>bx33aGjImwGx9ES!!&uT0Ff{TfDFDhl z6De0M-Q1{k6<2*X!Vw((apJ3H%16_BG%_+9&?g_sabbdL!A5?Gnfoc>tdqD!B*9(( zgaahrU6#zLsH^UMeC+f0o0p6&tUfMtD3bX{>8{N^pMS!btKra^6WtbveE*g4n_vsD z%EvIm&lJ~qBYKtq(N=MggXbuER~LZ36!!Lg=zegYSq%3TQUQI2k|Ln(8q9oO0%*L_ zFBy!*%^1pmQ>Jy)Y?pu2)-JWW%JOxElX}<}ulFqc7mDT6pik8n^^k>>W;Q}eZP-PF zY4=1Z0aovpP?`|`omWC4S0Rz=7o#2XvjR%*h?$oloBrDB`E6BANN=2%ILmAN-L^bR zjnu13dPO(pki&QG&mHdVvaoOGAocwb$)2$stC>QvvNk8bEM^iSaByZ|9n@wlG2M31 z8na@Ua@T5~;-pZ4#Z*C=S<+!MkDLj!X(`qRBu)zlJ{4Hz$2Dv#u>9Z+g_*+Y%Z*E} zR ziR`A`V;z;59c*|r1#apFgG6q!CxBXU4+#u0C{st1aHV{88?)epy2RO}AlGQ_14)|H z!06!{rv_MS8pvvPE2UTG0miQj(<=Pf)L0nw_4T&Ffy`(EAr|R%hx>T>msYA!vY`8r zmuT)9yLzYJsz1HLlUG0m{U6H+-l_Weg`Dk)sicqh;Y&UPG8epIzL?p1ca+^9jXP{9 zM`Xpnm4CIC1XR@qKQ%xnUAP=oWjO3?GF3~uKUzh_Ws1b>{RQLddl%OB=a)BSg312` zbr_6B$9c-rPa!4u6RS4b^;Dx0%HPm$Eh)k|ki5IoyY{K{3R8D~?TBielp7La@OFyb zA)We;?V~I0mB(s-U>`4#>@huml-@%OUUPn&Nco)s9Qt0I4I+Hskq9!ej1O@s=9dU8 zTQf>!4}HBwim7}MLa3zn*3v84Xl)>LP6aYuhVTtGtOf9J4%!IRb#DWOdab)AGd1tc zMb^xUPa8X0_S_-8iCAK_-vXYcblo`{a&y*(8ifCbh6n$39}jNAW8+F)w%B=^?sU;g zeFxM;$3Tztx>|vlg!ju4M|7Q=xBOK9`{NJG-c(!%ry>R|E7AX2?12=fY+%pOa95L*;6A9~FR8Ih z#due&&88<)TOE#JJlTxoawoE#()*ellH}E23+yo)Dh!1Vkw8suX|`4tO0d`=9DD1O zhPbQQX8j70Th@>20SX|3;$}>g&2c=zH=|T>Lw!b<_S#zC5W1@<4L}V<{@JJl*c(3p zO73w{4?OpX!F`*38v82!R!yo=X~d$Gr)jYF+GpjwJm0kHL4yR8I~5z(^+I%DFf6e- zW%a`d)t1>fO)@nDuuKOhu0e=*EvIPic~`9n16gjFL{B;HzxN6DP@6zKDeb8~ON^la zU=9xk_`Fu&SL#4m07E`CQqK=MwGNk4;%|CH-xvFn5AeJ(|BIY3ljdb(Hn{(7v{1|65z^8SH}XpdKe#0opToP_-_<4dM=~WA(nj3XfGXszPM0 z-`qA3VU96W1-1f~>I3wwi>ijOQX4`1>yb%x8BP|4&U&j^QWe02JkU|41B24vqwR(% zx=T0u_>5cu=;Jq@M1B32LpQ^Qm}NMG&Pn&$T;aNiU;rQ;VV(j$>K3v1JJGnWE7#c( zFSN>*n^e8EJZoRyWmA}VNv1(^m446pCkLuAJyJBtL$30O*XJNBRz`47P4 z(700UVIaGy7FE`yxmSc7+ehsIRl^VJj9-lEGS_~BOzF)l9}c$LU|lbo{j&K06${t% zN{s{R6?fD{c^QNv{$tVv%DDsBs0_3^L60ifE_osUXK@aUZj1p%_p|t`dx-;Z@#XYa z!v=Bn5`1?D^gO)V02von{$~#)HQ<5Q0R6fJ{WH~UQ@zxxXBF8O5X}XJ3QP8da#;(K zG8YRabOgBEQ;&R+;9AaEs4%H0s0=`s&S0jwHY%Sqz3&cl5LU}&@JvapxPs@{_FN@^ zi4I&5OdTMs^0arO@u0l%q9XMk=$so%`Q3SzqElR>i$son-L-EqW&??ai_5pZ44^-X z9_U>YF z`B__IE(C&{TLQckE0z061lIP+JSdBMUneG4$p=`ab4*rZn)#Y!P3w_bAo>j_Tz(5Z zyjjZli0>ZG$^I1e-XoyBh+$THQGW+wEcjn%fORY}8Ga5lW)wv>K1dSm{%>}PixMB^ zPEv88^|(~~)$x0u?3xm9lk9XeG=_3tIUf~@ytrwEw6%11^G!hj<^hA(8)faZTM*0Y zK0o+r)j2MiWq$xz;ZDV~2 zU44(SlWcw3-cuuEVhp<9Emt5kn16r(vq@$+Cidm^Z3U6U9QRPZj79FzkXs9?_=k@n zUj0U|o;cw%O5rLOfP=T_kjP-lhb43LmLDnw-0!wkH8k#=GB&T`79{$$sGc7?W!%5k zl*%zx@NX=0MqV|dW|Nig)di($XFBK#! zkHvHJz=c|5;I3RGoC>G)+luG>zAr868c^GS>>rcaQOIa)5c9-W|Xr4mMGpScO15cXDEPIA4=6CDmdZuWmS)!DaMLX!`#90km#uI${LFj z_l@h?H&F>9%x80#=N6WX-~$JG4<9~!2efKTEgPDtvRm%{{onvIVARO3tzHutr9rha zXP;9Vq(8TaPo{>nzlmwzvc4PbWEm#n%!ZZz=rG)?>|%%qI%`aFY^G$<-EjY@DH*rWe~$F0`=2w%7+Qlb zLcmeS6zH>WvR<7Z9J*K(ebN@@zz1oK@~57_^%4y&e1>sj9}X7!^x%CmlGCx4t5hll zdGhTu{Iu!Jj@==j^yR7&%@cvg7Lql{9Vwj(xrjtm35Q-o`Bs~LfMB9X$ zbb`CH`b*Gv%Y|A|cyT7wd<=RT&Ce#3Fhp~1&=u%PSH&eL$**I1>^@os#qAJ{d#tX^ zP!fslT!(H$oCg(92#85*jG@^7kv(pzsrV8>&<56;3<)880~vI18RW5Iv)cPo{t29$ z69 z^x0dTL4dH}N=JVCZzrYl>jJ6xZa`8%8w3<*(17%Y`JcY;6y=NTXWg)PqKRz=i=c(- zrJYvnP`;nWmR0yvyk)paG1VIX4gTH$cuvb>Fc_{(qqb0>0(1Mc_GI)L>KPi?(J)t7 z=#xg5+awS4bp5)W)MzlYx{wC`KCMpGY>^nkR9BNgjj~o9-{FJezE460;kLx2%9M~{ zhD1+4ltsgHz77bHO#9|&xsfdstNdYlJ-2bukC-H8t0NHC8J|Sk)gCBa_$r167m<6Exj%1QR zyfzn$zlNR+z1S~A17!`4P0)jiCKYW4QVf2?4L~>IAsUE~Zzc;29R%X5#FsYQtsivwH1hWwr9BtdUaCwH-s=@%|+R+4K> zAC!y}(c_ymKOcG|CsED?+#H2N*grinPPm$2r_U^Xl}1%jMD2&}07cnCx7yA$IGl9LT>;7`>eO8{|y0A&_D5#JcwAFDcq$xbDYLrlA{YVOL)%6wManH>z!Oc2Duq1lp-FBA@=JCy8Ai1Qri?13ia;Rw*gDf0+W^jz^BC_HjU69iTZUH&-z z;ub=4C4eLnX6h;oo0fS89AQ!Y+w^b~`7sJei@>QloRBU&w_AO^sMsNNloTpozN;m? z!xK+~e9fKHz@iGBHNc5*K@NnqbEHr&T$4N6jcomB&lK9@BpUBaGb+c3(1v(D+Y345 z3C6vU-~Cu=^THw6Fi#10Mfme=_*}h zCm|B{krO>hq@EH#$-bT8fk&4RH$?4Wz*FplXUN;w)5Oc)+pn0%=`KCV@SQ&Ui8(x! zrHv@BFt4Vh9nAhzg_$-7HF6pV=W@^zyZYzY1_BrM?TuTdid`EsHjZ9Z(1DMSiMF(r z(hiwi>V4oP5f|sH@Sv=4lzX#PAY?9o0=ow%S!e|Wp`z+3apE6($%`G_7d`gqnX~QE zg<_ujSVbiR*UE7@4IgaO{H_WHljMK{%<^x!%aDaqsJ)>vUfnEi{TU+}WUq;phL_1c z$Fjjki%G-BGJHyK6^N0M0ty?2WW#qWFP#u%`fNZs{7U48vH9`>yX_%`kFW?>&L|4K zyg=V3y-8~Z^t|cTq!g6!LV#w5cAd_EwGcc{@5d z+2@HeyzRL+BQx8DbDrW`6VF6Ne!a!ch4M-wBbLVwkj%|p4V_-F@O7gpF|$I8%?3oO zrrQeX2{(|RE3|g#z;g(@?nSjNuy_IIU>aN}ETHnARPQ=p)`tXZ%sgBoL>xS}3!JRp zfUheJ_EKV~^?3Jgur%Q#nnXS44!V^F{svF-MvN^SjZQGNmesM3e=Iit^qJW&B74Y|>W^-G*TLoB;|u)Ala|*>{fenBVu>%%+Px{-T;V3;=sp4sSD1XH zhHLeR7T0v92HW%!sf1csGNC$S2$^HE$1CxU%$}^)lvJk>Umo(xDtNYG=y@+PlNz%7 z%R?5XYm=tIO@8Mx7#TxAjtQ;(ZMsr+?ScfRSZx!^gsT0#JDsKDH5m zn^splVG-IgsQ>peYl~A>J#2Jt2>e5F(y=Um=CaVEhY1ao*w`xp&%?H&tqHsDq?Mwo zWUIopje7=)-wBM)4``kTuDyzdM)m}`HF(9c`K}!l0Ijl{+0rhL-Df;{3HHCpSj>i- z46LyO-EeeG=(!WaExW)I^T4eSS%Z_TiqGB;vL-D8dE)DtW}e!9WC{ujPewAFpEjhB z-NRj&cCNouvvqioU~vX*{PjZjS+LvT9+-)&fI=S8a*-8$H3yq2O)qa*pIlL`gaZ|t zIpr(8kQpUjecD^q>B<#bCx{y}+h zwyONuM<~x`^DWRVemh~G>JkL*ixBYL=vRjM=Cup=1{5brd#+;JF3;T_ESZwC??EuBq>8`>Pq$l+%s;w4>b+tn z@ca3vWokkcu#fCssm4sKVt~+z>m_WS+w3B5Kh6f-5_64{TQivqaPqJpDdENgnu8oQZO(dgB(oU1^FM)!`O6*hH1*FK)s}$)ULA#|F5p zQ)e~}VAUjIo1f;fKEGbGCAe6>4cYsl41ZQ*b6HP0$?%uwu2KpoWp8in#2z}2MZTT6 zg&WGBIKj8ZPM5vxpO)IYaoWlc$zD9Wd#pD!s0wWuytIfYyJf%$`#sZ7M2ewLCO`zL zU9zo;9A%9{x0d$t>X+1okg|nMJxy~S24qA$>k=rn!VO9TohDr+Wmn70312FYBu`2< zk$BR=Eh5BHvy7=_W^fZw%fnyg#Ujtc*CbwZB!*0Tsb9>q9p=w=_T_y$TEniX{R+6y z+^O0W+J4nMp- z9|Z5cAx%f}Q+K zdG2O^qwx`rDh_vPycq1GazNpLBZL`G@{DO~Lv0B^t@le*Og+cDnMc2f9`|=Wc}yF_ zaYyGR>_=1)JCA4hjsa)p==)E}?v@RA;7g-2>I41Iac#Ba9&3@~aFaXz_TCAZGCj6f zbgy@~iEDx6(-R6zw`xOOTMDr}h@;vhnFSn+=2F_q;vR{Tf6a$qN3X4_f3oNZH%XRA z3#~WDT{>&KU7VIWS(()%$?feK9wxHvi;F*5^FaA9hX;88q9ej90tOhEC!Y?$W;9ik-QyZG zBK4s~@P|NsuICcIn~$=zE1I#}pR0vM!+QZok;s9w8*wrOUXr*8B=}gbRO{Y6e1Vq3 z)ov~<8hzsT^E*u*FR>m@nu{&R-mJ$`Pt!yY@$Ie8JFOyA+UQy{7c zorj{eUDP6+Iw}%m*n4=R_%}|HMcd9ie}A6^DzF`F5{D%mkBpCp@K=ZhjaswjUlr!` zJH4%Hcns@h^=h2(4xF4#Gf(-FATj1I64KQeZO>M z>&*{qIVx8t3jy(^h{M3;b44{G_xN{n7|kMtkVC>ivpnVI9IG@Y z(-$XyfoR~TiNubp4LtvSOL~s@6s~U>MJPhvT|d6~HL7Cnn-$)9;Nr>~8;}Qv!EqD^ z8|vPA*pXLJ4{dQ^kv{9k-0$QxXelsXrwmH*H=ruoBjWcg)m|wVsYO}5rb$ZnW24$6 zLhR+^OVC}!?&oldl}PRdTm*i51w!Pl-M%2c2m|7pzzQTM-j?x-*8T#PDzBr>^UlJu zC>=z0cj1yahz8c9D}j8BCZd_KV>@=c3|wd#X7HGO7t;EX5V2S7kEjEj;MNeV=7Pi; zslO>avxu@+3-2MTOx;Vmh|uPkogU?HIk_$zJzz+K4eQkG$Wd=F(kW}-LRbAX+(aBZ zh1m8pQ!umnOMY^GhgIz~ZY{Q0`8g*v*wmO1Nt3jLA~QvkhdeGvK519=?-;!OTK z-3_ohlgM}Lxb=yDI-~ZOlRCYz&ox+kXo|Ho@hr7qRmgMN5Yd!%+Ij2=a6Cqdw|nl+ z@-Oym?=ZmCQuiZr1(RADSDx=^G!ZCC3^coo+#L#Ikv91dV`WT1ig_T0zj{@pNlqCo z9rOtqv?fBFaNsJ~+6-MWmErVWmIzf1T+;YY118%ihx1n(bCZiK=P!dIpD}h5F9P~l zoAAwoQwb)2{P-#y*jAJ&Oa^)8%y zU#UgTe?-9QDU@NKudceT&_7?;XjXG1>*$2amX9XWE2;ffPCc`~0YkQ(@)hG72nhl& z4r)T1!Xz&Xg)Ug@^EN>2;YGJfUx=3KYqfe8MPY=4TWx!9|Ge)9Z|*G&VE1EV_3Yz9 z*MuAh`L(F$>$V3>j*b0lols|Z0>tPMg)Tt9RfO2!f#fPT6NZeRQ)oOEdvpJfr=lSu z7svltHW`p>ZMj{nGsH|{7q+t*0>>?^H5w?!*G)bI`1Kxb}m>hRW}JnJUe^1 zTa=oXi^aHwqxHFpB$MfO2qU#B;n}V5pN)9UdpYvGV0-RP7+P+9xsYU{tXeb|PfLz@ zku;$6iq?x3jJ{hbeyf4v{&_oWgl!llgo^BRS-8pUpwe>7W?(a57T)`DY=5XcYZ3VX zAG40fCEKkSM)B?4(TW+gGY98ZPGfhY!GDsF(=0=}xZZ!2M@37H8r>~3y_nZn7BA2r zdIGAh=_WRU9Wo}M1qZ#7H@kF0|__ z*~_9ye044XNvXk-DC4K6jRAB*FjC1O2Y+j0N8zuWirTbv*(EbHu~U#eWyRrdyMU7DBY(`4gF?7gvg6g#L6f4 z*)|Lbbe6NyXIEJhYZ*N-J}eRP(mi}ETa+1RWQ!5B?V%QiX7?Yy0+Oa9cBhUieEOD| z?E-U2MRZId_#MP3jktM+YZ_m0ZuG(5WfXBvC8kf2cdqVy+NgH@iC<6LpkBq2dQ;29 zJi=#l1JH#|R|Nv0($wWB(j1%2cF{Qnvj=kdeKS17Yea*R&owjzm%}^5O?mV!4Ky^S9D0d4N&8BOHZe%qrMy!!NvmAnJ1z&b2LW?*G^SfrGodJ-L=1~r%_S#72*i>3 zYYuEvt8jCwj>Lt?3XMA%7y(UmobSU0dbu5W}io*r>1&?gu$&;d#vDi71g0kVUtLy`Ay~Zo|Dnq77 zFQilF&XOok*MoASj@7TO-<(3SwL)q3b1G^X-3^Mjv}d@@wq6^J`0^d9&P4r^Y?FUu zMN7a;YZe3o@$g*YB;xV!0;upz3TE~;8jsr&pE6VPn^V5(uIqcQ#4Lw0LSj{o7D334 zKQcLgo<3WmN)yu~$iQ;B1fGO}UUBNYjlVflkyt7BMLbjXeg3yywN0w5+jI~4pB~lZPHU5>3f!$WM<>KcjMZf z8S9S5L1_FwduV={-;(jR0_kAfur#lky^`l1|O?L23 z%aK_FR8>%%e5oL%G69Dbn{R|!DB^tAmLj`I%&?2$0r7l-@SSQ(+?|V=H&(>nbw4+i z#Y4|`vO!v7UNWcGw(}Hyi?c{`H{C|-WVUgtEQ1Uavv8Sm>yOq)3lol2cWGd_@bK%l zP7*T0%i#jo$UJcC@jc{}n`UJ#J|ucECa(gb$mz5XmAzr@m6_r|@q?_IX@!%wUFYtT z`t_--^lpU3pByqAB&ZSTCNN}|;Jq`lYx$jI4PrYve44#nf92B3Jv>4s@7ZrBk!|_B zfAC_#hzq-%HGsz|*WBZ!<FGQG~#T_l(~4wBM3(Z1W?ntn{~fH4xlUij=Ya!2n3y<7WQG`vB~B*5R4 z9K^K!DjsJNtC?+c5@?TA)?faR8#f<*=LefteMJI96JPXO9Gq3fU<-UP?OXFdiogBj zc%3Q$8$5thWnr0m$vn0^$fMIpzk-j(@PE^9qhFOcPl&z?^3ki@!I`%G^`ZXxdLdhB z_}g!0{MHy=Qzmy24c#2qR^~sVCG^>yUYM)t*Fs#Fp6VIO!Uj2+PZ`$jZ9|`Gc-Gc} zaug=YYu^Go#Iem~*1H^qB{|Yu#CdOb{G>>+%je!&ikh(tRrSJCUytEdFergRSFRueo}TI>{_8<@A*vLvxNiy%6T?v%SQQ=dO7i zA(r&S?u9&yJ^h!X&&Q9TWXfK8*dFHM16jhU`ANe+;RpNq=P_@s7?**6 zkixMuC6Vk`^6@gcA~F`yQs<&8fETPo*tDu8k+SA8D75uTO%h6&c`5lhb~e zS|pqkz?{up03}y%6d9)6(ueUP7Kc?;b%12!vX>l# z8}3!DStmwvoyNg7kmQdeXS#R?AYLxTw%T@kRuV&hhgi?inDInrhshX2VS^`k8pMWc zMSZZumPW}rUP(*Z(vH%SFkO}ObAOO{JF2AI3zoI$OJAOu0o<~YWd+X!54QcoO)Pgi zud;~Z&*U=G6%mR-gm&fqzgMKh&E$GQv~87vUwBZ%f;)`AC1*}fPQJ}-KW7+|T{nMg zIK*DWVaV=WKX0ir#VdDTB_;Mh6ZdA;+F8}nP%N0ZOzD{BGJI+hdD{U&yj%RONyDw` zulG3+V5^~OB>t7y)t$Bf6Ayp+{-hvSCsghWMQGU~>ewSb+j^XsQ;H^V^w|7SCL8Mc zcB*=f-_A0#6>nS{ruC6@)T%m|7{8b}(eYj5NV_oAU28U0q9EzW_BUUROV>ns4HU+JT8}7nPUQl3OiLo8xow7 z!&&}{c`C+y6w2o(H=x#*Kc<+;+M)MI`WRQIx*HuPbi{Tly&kx~z^>l@vPk^gZNUWv zy*9m^1tZ+1sTBInxXW@o=H`*$N)1JpHlj_#ZucAC>TtLzsMSg(-e68I*;4U*42UFG z+28E3SmWwRmWCsh=0s3sOGa>GtAw_nY z98EU)r6Q6>`H992!f^3seA6Yp=SgTQczks(haq{q_(0OCgK;!V!sB?Yxmf<2>PvBk zbwLjY)Ru9{Jok^c_+UJ2pq+TDWIOmm6~l>h zSwC5b-`5#6Tvm>aPE|IyJXC^2GU*cFJy{>S;lS{H{fPms5KQ-OSim)scQ5+8J*D5{ z6>^Fwr49FT)QX%@vcGWjC+>+x*BGW=H#nv=95a>?LJ~VHzFHfhw9h|*?cB`w!Cwuk z(X>|%rw{2LPtE^TYB^iCGP1<}#+nv@Sy68xS_SR)a zm~8He{Wk)VW93tlMtb7cM%qGTt&AKPpMLunqndZ=42Jelg<%ciUY58Q8BZVLCo?`` zmwFe-11Z#gz#3XC{)>e8UCQ~+;GW!_^x>eKbx?j?_#xAfp#H4O6K}p_xRW*s0 zCgDk(Vi!z+-zT|AG{fPbDRz9LqUt_5RiYgZX+hXE$>kwW=~GzA^?&dz!5sgEYuUrC zFDbCe)Mu(#1_9c!7iOF^eaLoO12@*&Ts?!S`eC1Qi8FsVo(@d&%iLf)X~c@{0)z@- z8BlU{C0AgQE5OGY{oQNnUNPa%zT>Ql-Fvc@9%mc#AR-cOjAwP7La@P@yKBf7Vi*t} z9z5P46@LY20nnMCt0f*lH_{ow{v01%PT#IqQB-;2oTqj86v*9G zT3umk%w;qGDvI&oE`QG94X?-)jmsWNvC(UeGMd-pQYq0a^?77QE93M6V=Nf-B4;3I z`ssY(7pfMgTfFR0G!|v1U}ivLe9u{C~n?44*vT>SH~( zQD;?KF|m7gO)z+5*5>7{A7R&5slTy^A1vO1Ml|3{1c>ffRiEm48A+UXbV64$XXE)Q z@I#gaxG-)(d2hHj*l;)XzNn6GYQO1?F@ymhc!jY7H861g{~7g@G|(x={VgM4Ue0wV zfq!l=4|~!P5L~h50@-N34`<0AHd>po)(@%^&Z%j8$q35Z**H@Bi!4)UmfGRQEW7JH zEE>-LCvcpM$n0JObVzxT{RnxTq^HzI4zk~o7Cdn#v8kPV5*7tN?rn2FUXMb23Jr9%J;SnS=fAkD!~{GZ`@V*Ss7JNd(B@XnRwz-TWiHp3Fx-& zL_8zTbIQM=o+(RtPfXJVid<+@ZsXOnew1yq0QR(yVvIg+B+Nn# zzaEQ1iyIb>4(K2gmnkT2xNbZdx9I;gipHK=X5u_eKqjyAssDto$SG*PPvob0-$o4G zn{|ZZI^(N7;=p#6i=MS_GT-8IPj=>oQejJxSffYymi}&1^|?rwmNC#8rcA>o0);8O za_+!d98@Az=}Z&0sUYtvzPCGzO&NCWu(p-i&M}vO{E%(-$q`{SWyGcs zavVZVwHN3WSFYRT@$3oQ*Pj)@3<}-Z$?1XxQD5#QZ9QBmST5+4_Oy_G%0Q^`gzr?R zYiH66x=kfKBl`u~B${WqN7`a00SH3KbjFKgZ`Ra>CuYCe3Y_WJU<-OlS`b9D|Q zHqpHGM|A(jW&Lk1*tDRvxfCutQT#S-s_N}9{wMZQYvBkF0mUM(lYxMHrsA_8?KaFm}OZWvg=zvDu zMP^FG`w)Bi`3?W?{bP%9^x<9K4Ch-B3(lg2cigQ)469UdmOVzNq4KO2)E*oIrGDyX z%IN8*bQAc~Iz8)e-mHF&yT)t-bd;Kq!uP9HzdYr61h;n`yIg^e2S%=iK=RKnT8D2W zbLVt?SE&v+skRWe1IdG1jiLNz_A?5PQZ9qrARap_p-rMMzW-`tAO8+*do6BaX!e;E zyL(B!wqmZK@xJ50pl8+znk*OYrBtXVciEDMH**g)e}QTFc<)ymkr*-zTXJdIwaRe= zs=F%!3HJ*P6et{MsrpKlZTF6{cSjn67jm|fsc##w|C!Fu@;L!wgYt(6AF`ag*c3U` z+{kBp=YU@lX!=;?DP26uz*~%fT|$xBebNTKLNrGw{Bg9k@a*hi8_$RdInUl=QTP;t zI=&#klMXC(^I=3aHm+kol=|+ZKHUD~1|&zfc?V%=Y?*nc0S*K56A-E zJ`dxc?g%6?TEqG$Zm;efrN3p;je}X^@&Dkh{GFSJzZ1Fo&R21O&S^^K>CfDf zQd;kQ2sh3S@(StC&L3}j$&Wf!rPmSy?^-E>`c@bwj5fx7g)byE0(6ryp%EqNRX+s} zSf}zqZYGD*(lZaKFEGGI6J|(^c|oF4MpqMEum6xbl}@u)et)Lti^#GWkAvDcqbiJC zXP2!Hc7su+U6KqNCFk8=$8{Gc$gj>!lxnZlySHFo5}Tmng=awQEP9PD!a9BK20!hQ zf-!f9<%8}Ec|$lXp8B=-ZE6^l<=*8gSLzqB+}G(|AXPg~#)j*aw}FpsTv?+6+s|Hn zk2{Cm?ZQmOm9ZPHQOKQw>W*tiw+~s4e5!wzWA4}eAqn}Td}i0))4)Z}Al4XpuKz&T z!7`Kj557;+@TvRoGP`Ce-I2<6TKhh}In$$#dD@7kh2d#cxPUWmGOJg}+wibuB`9t- z8S5za(T7ymWRvZmtOh^WE}G(roeTLEvpw^v@!QPd(m&A9khhE~zlfFu;+(^$PQ(6m zpT&6Tk5CF?O;@kg&L!PB-esmvR zCT&8OHKc?!lM(s6&`RmzJHKTCn&G8&@A~e)@*@a!U_H1vOQ_PbeC}Ck>oe|Y`9R^f zqbZw!b+WR2qfdb{uEQnWXlhH1maZ3KAiLyVDh^(_X5D95nNDlhS-=~+o6#=3-WmFC*$^`!e9orr zii}pO>}6Jaj+ect|xBgv}sAE*wUfB_%qyit$8#>aI{`Lw=NX0*e zTc5{b>+M+x%}v|LeX+gnor-L~31Ab1?ay;IIzOGT+xDlv2@Uxzw=Gv0Dg1cbh0Gaw zDlDlACmBmpFA6uQ`@2IAnXl3S89TaU4zz0p!`jJ!7^i|9+gZcAl#?pn@-G2hN>G~A zaIxkFl-7{nZ~pWme1 zUsSa8k^)kf?`w)k!yEsx(&b0!8nCv+=kl&MBc<~F)VtoyY4_W$J96c6fVw7;#CoRMG8`74cCr2-EciIhqr)x)A{W3pc@iX#1!| z5IQpGSK2IOo%8jT6>&Ap;Ks5)N&53D`mAT9m%rRn;==eO=7k*QwAsl{CHtl8A#6DH+4g%(!qqrOLvaNvw202J{g#9 zp)j6p_D3Lu;;v(Ms$)4G`xGC)=!9)N{Ilo?zFkhKU_rFKSThRz7Y8VR-)L*A4iDIH4 z>?ggZ;s@<-eX+@UWQCrcKSC9;)zMkzJJ$nVCI{;TeB!iG+xVp{Lw33I8orTk`Nc(_ znEv=nMS9^4QoQ5BR{Cs$AI|tV#Izpzd*{UCF@wKLNHIn$Y2t18(vv%^q|xny;U2i` zwx|LDK~T_hc{Kx5C5>pYMF{F5`{Ik8&17vdDNO4k<;wb`ZDtBtaRbqv5-$to8j!fg&mn&2(cEuVaX9a6aUFBIJFRjzMQ^11>pT3)Mx{Ce zsljU#j7$f%)i1c@^=Mm_m}JpXdX|y^oe+o@E>`_bQT^1sCFMEYaP8r+_ICJ;XnBl^ zO0LRHP=9$;W5-6;5n^NEx#|7WcE+eR8_jZta5snw!mVe%YmMz2Tb{+(dtR1C)r9a) z_to0L5|y(M7GxOu+cR>A6BjPsoTULb(wv6$3HvbW3~t$EjMvabQpeTvnG3DH_Jb3f zppy!5VeF1L?_gL<)h7 z89fb#(;a=H7Vwmg?N55J-Di^H(?ZQ&1*V7p7gz5c4QJe~e-EQYXY^4r zbb=6N^b$SlAjKdOeRR=+2vMV#L^lW#y@eop@9lRx=Q;1Y&iTVy$y%~9bAQXd_q9L! z+TYM4N!o>vvp`iypSUE|CmH)uo3glqHHd~bfs52OI-CHF*SI+M!slH%6d5ev9sX_; z_}QwegmzBGp`B?YI(}ivP4rZdu?kP0Ad*P?d^}&6z@GB!^0U$ig}P6hLi;2&MeIq1^PA+!wcA0nfOX$^Hr9fe7Tm@t>w8 z)^7QT*z;!nq1S&{2i-GnQZE&gh{q_;Jj!j9sN06rpJ^n0UD=R z9pmK)G4rF2`-8RIzK6iKN+g^jCGE-MARK>nlkUp!n|KREa7UCOQX=>HA+Y%WOEo}b z;vrM0T)AZ6aBk^`4`kAL`DHbwe{{vowmQ3|ws_sT;Sj_GEkq3v%s+4noByItDB}gp zUgBa`wGy%fR?_+YJ&(s8Q8|1M6TO$!?v#D_qxsdJB1ZHCv?vi_TD^TXvf7aC^%?KNiA*y!hp=}$?p$nY?3v#27E_4&_CpEKqv&QN!&_H6PPO z0UZr@MfZFBbA$LF!YXZg>z0}x3qTStwBhRTN{^AGFQvvrSOu=!L+{bxw=R#uL+~sf zXfpB~U=<2!1R?}4$4kOm7yvY>8)j`qaxwGPb3T!U+a`H`_KmLFxtiS! zxz@kky@Yav&K(DYUGQw_m6&bvYe0dqlZ67}kTw*`FD^nXyf)Tv(2WJY&Uc`d7!T zmI$OFOi92JzkWO&U8>u6>N%ggrCk3vG+G8O8(9Pz9w_$r)Jin0oHzpJA&mf}R@1z>UZ7wuV&yly%pp2;lolIa+2zel0a=c}V<2$;$SV0tlQQaML%lsR zjSYxJRSE#Ca_#v7$%&PyOF87ld-=!k^mh`Z)BVjkW9&t$(+LkFg5EpzCgYP~LpU2A z(#%P0|H8A}fdmWXE^3+=(fwF}4_0(5zaZoW)TG*tUXB&!)do%x>?p2+izT3b-E>#q z`ys!@`SjV}AJrZeGnFg<;F?s#T#N!aJp=uJH)6(^ z|Btwg5yeBUo#y_Et!L-0IBJNDWzp#R!qb=jUw88+ror!V_vitWS);Hz;0XAuJUD*- zc|&sK*;pCP@Jsz(gv_l{exzN-Se5wT6OHv-o@pP1uOQ2JJe51~Z&p7Eas>m=i(3k? zjK${zwxj_Qpk>pothm#`<`uW(wgWG@A~h*pKSZwal<@v5{&25lIplu{} z8BIwlWc!5kF zJbx-bHeW=(i5>K?XJV-ef@Ve#M*VwGDsleQDmgv?FONrBi@RQz`CksVlnSHzN|c%D zsBw?DNIC_c5F_Y&8)=`R)7uxk#Yey^<=DTxj%5ZAZTQ~dBR|u(kWAKMA=f%oCmqqs zcriUaY#dIMoq`2s2!^)DNNCvOO5}l4N-`xG){`|KGFh39&b69Pc-SXR6T(*D=1vnA zrZEE*0y>12K2g$ysC5KLciH~kKLfIK(y~Rl(?{?^XPOLp>_<(Na>e(8!7u62r>rjE z)`%{|#LlMW@zylQAZK3ee{YvK;s4f>VyF}Bt&%szHKNFAVNWw-nPjHO>Ea4Bx|J|e zUf97$OFi2@cc*0E1Mb50B^6&bs^1)!6^8wIwkx(kR4XDZ$hmR{4?*Z5!@=Y?~08SP$3AG_E$4`v|u3#(;s#Vih%H8j@TevLSn|lO4>p)6q0Q4Dr_MtuxxDQBjBC=s!p5|Et$v7yzVeV~ysykO}VH z7*FnlFzkf+3QaUE#?>Lc7JgH^eFe;&qvw9wDCD&HZ^q`=^UOb`#w!^!M(`&XZ8=fm zmt{u(_yHtQ5$A=>+#r1%Y&In)FIigij+7Uff%Tx?!VHqKqn{%@IQY3DeLPH4Re)s; z`y!>kB_|IPJM&AqpiiL;h$X@1A)Fi&nf(jI|GAxm6YAl%)6^Nu*DC2~4S~d_f*IG( zksv#vttV`i>b&TSH<3fd06LHkNEcI`#^@IMS&m$bRFX}}Dc219ljvkBJ5GHoI)`b9 zfqkZ5q{F-dKe0WQI%c*08=O?GA0J=_q?Zw1Iph51veg!os@QJlQJ^&OzY95qTIqD9 zKzq&Q+(5Tn2QP(oCgALokCHa9{1 zAS<%|vQOIGiI+!}cgg!nVM^dMEO%n^0#*ztK`hgFfcN0R^nWhu;O{W@iS8UOg2>^* z++ek@aTkBwI6@@zLim5!#YA7pJ|V3Hc1D;wMHFT}X{X#nhx=6h;&n^8$fhirTL_mOj%)i_KHSz2phuS~yH~C#k*{#n$G-%pMX@E!vnNDCY-jl-{b&x#(dLFF z4hvji4Y5oda&H_~{n@tpodjfra{KdA6YwE7#Oa&(%R}@Q(EA&Y$NHl{Y0%w@Fl&j1xQ3 zqWjBS6S5|voF#G?)DYh0adn>x(l;Ulz?gze%4S@i`%X526~=HYh&apwk$7acm})(h zE*=r38p&vNU)eQb;!0tdF5fy2nQ8_Rn;@n{$e6XJeV&nR;XzVnO4xoBqC`J5b?UQV_oXpAUo zk(AClM)ZD7OgJP9TV~ba{#DUT7J%*f&zSrFd5vsC;l#cryNldz*box4>!UdU zXc#VqNh8Nm%z(+C63GzO$gcOKolnd1j9lic=2&(^&2}h=E>uV}_6y(HcqBMjC=o!! zZa9!0mEZX0+XcD{4K5on1}J!S{Ify+HUTOMCDmM}Nw;qdPYB0CfNJEOo+Ub6wxAt; znE2@BNCixZoWV}yXyg_8FITgu?)^*GkFcBf=&=0Jq{hdWIxi}DTx!u_f>T>p*6w5y z$6$6;kyXeBtipoOIro+NJXsyrqt`tzY}*CmDuURaq-u~-g1=5Bq@}n|W*6$Jtde&Ehk6kORz|;P*R@3&%Q4OiRo0*_ zk(Aq28(WZ#`IjT)a`1Cx_R7uzt4TWMaLX5j*;p*%C>=fL%U-F z37&zA0(XoJO0w>6Gxm4PuzB17i^hvF^f3aCatXG;N}{HL7WwfE|E~#Do>t>u;QD+W50T!98tX@xWsjFM!XH*8R#23>k*t z2LgSg=>SsKhs~6g+$%mz6cjPjo2=7empQ()s&+I`uRhDQ$}iT@^#Skp_KjhKx?Ce`*Yh(|1rKJG%`E-1tw6EGa998}(%DLmPrh4nAIJTR{a z{8}R~((g}5`QE!v2}i+ZynP7XG1UW?#NgL%b82&KubJBCdQPsMWmO7KTP42$k1*+f z9xN9uCp%FM723w~9#{K#9#JtHhh=7(@o zL%+|B?E;QZ)!%Kf_}xppk%6t96%VM-qd*miN~_A)@X0dz1henfPz`y`!RjEw6T$p; zZW}^I>Bw6AnK_}tzXat8xyE^}hO=L^IyF0I#7c+_fR)Nj3O7yS^Ww#5eR0F7I#?a@ z%f)~yFC~|&kYUbxAf1-z=h{zFGfgju?c` zqhqYY>#@uE9WI~T|2Ir|F`&Y-!FcTTNpd9m4T3Is!>|zO6VII!rBcXuL@p>~Cq+k^ zE)Z_riB#Vj9gO4&iRCUX7h|l`AwYV4j76E|bZA?5anCsZkmbX#D%nm39y1gdGjh`` zywbw?JJ`8!(Zo}+{XSo%mk2CIqOArMkX;RddJO|R+&ntarO(nMdv4ehzeFwt_?Py; z(JJUOCr0Xj)@(1uHBHheSZ}UWI{u`1<@kxywq7EJQLM|r$S7^;z2Y1x(}SM+5V`Yz zc`LwQwS)LBH0ZH(WG*J}4?Dsfev!5J6`Dm1`@iH7RmkKqCeR487mhy5)U}o^GA#n0 z7Tv@hb9;|7t_n-<=VfgIN>QWZB%Saog?muzM#OfqSMgY#e=QR(nX2~%v9RzFWZ^zLW6rkEIdZ6I9zurWYz&E>YU$BW+kuZUk)Q{lg{g-Nh<1S^ z{c`H6W`S>9bv zg4|$Hd4+BXdqQ zvY{7w*+*kZLj`q&x$oll!YgFj8E6j;>RST>Lh+lm@R~l0Tti?{_XaJOVst%uE*Q8XBg8fExtu_v_b4fu@!K zotWaqEaiNML+A z@&}pZgR6@Z$zO$9noYl2=mboDrj^N25@Ej0hsf^5@=XIv`5rOf5^OfDZ)%$Q@@zS! zF<)N(VzcTCRpp`ZTh@T0mw@99WT&>gH-S6-7OzC3u7I=S3V2;uyVWn#iG^JH9{?r* zP=(*(8u-X)e#;qd2Iqzc%+4X~%&s!uyd4g%Ri8-|s#qm{ z_ji+z^xZ*KM3L%zN(3c3w1J$)jIRW!^t+R4mz#wP1S?1hc*Bh5b|90FG?bh|_4uQ& zR_Nxr*WWXJyHr>?0X4wC>^72yH-x5y@i}#8a@5XC8@YTe&vs}f&7U3u+nKf)mr}US zhYU8fPTai*_Ndw*5`i}GrJ4w3bMA*74#Uls8$I!nRO|{og<3G8dD9oAAg=rp+gzoR zqJO|9k?3jr#}0!qH9>!iJBmnm!QBol2Fd)^t;3LV`1h5{fw z4}LzT04TO=nZ0*qR5kwUgbjl-8<@uJ2L3#wtp?E2>r@ajyy}N-p z%$Qf0_3RhSG{_J6`hH8{WX3CV>-eHfoRZ7bmUa4a!sdNy=+%ZLIrHJgbx$1U0N??Y zcB-+@9&~T}XN1C!qa0^|l|&Pj**0WRK(k*cr1pXD)#fcnm-#rfOg( zO_MF;Jg$r{|zgW$D*A zv;RUE`9H5{nr|76fXTzVv*Gt4wz!Pb1zIr#iX1$ZO1MAEC_q1ypnDx?n=14J1$F!JnCzqb*cbXj z5vGoq$3$NU7_t^gMwmLq#?U0FL>|(V%&4`OY9!UuU<-}3f$MkdQG5`n(g^-R;b>H! z{L&-Z$Nnx#1~}uj33_4{O7Ubk0w80+9is;5P`AhKFZV-sYzwzRRVd8L3KHntpAcVH z#O0!p`NvL}xYcwpxU$#H=6=9vHGQ_4?SAW+k^Z^7WvbM?UUW}8U{Ug9(w>db2)E|x z)2GxsLFF$GR#H#qL+1saHA(GhxOG;@0{F`S!CjXHIH7i?%46;-f^Yv)clUt!5ck=1eF5uHdh>M=YU z2({yJCc3%Fn<#v20!rdA)&W zs@Ow=lVivH;lfkzzSode-%5z}xwGM)$QMJOIu6ZjGj(Zm_VKZ}HyCNPPf2}p9-eV< zIl0}1Ub27cO*wsN8mwt)9+LuArEjGF;Z#q?zyo2y^>o2)+S+}jIbt1?GgtVZANJEL|1$~Q!&ZER0KPey)= z+u|tZpEU!yO@={hTMt0I4`l@H_mUfY7Z(?2j9{zX_bh|J^WdM=*cLCGN`+MkG ztK<9xZBf90p&lHJE?bhlIU5SiAToTWQ#e^=pDs2im3QPPa zW%}21Jj{yv+4hgcZ)P|wGH7)%TG*G}HE?Srd~!fy8XNX?d&#-8Wy<@PR_4|5cM@T# zC$Y?G>>*@{)2b|Gk-YDcIqIvgEBLcA?-Z%iyIX}8r+$PY^ zm6m$&#z%vI8C~f6t$u&sb5+h`hhG?Dcjcf6Z~HYDc2QGP!;2#aAyPYX4SnnNs^$A^ znRL18JEr9(zh7FCT=K>f^qZP(|A25fmFo19<)0wj7O$qFPa5-7qyz(i50*0!L}!UZ zrTvrmMK%a3eHRBPLQfxmvOG*v7pV5h{T5hRh`sEZxtu_F{V8%REOX4Ne>tj;{AA&4 zcUNx=qZJwGg~D4{5QQE69$|4Y5V>d;z${C1PgA+@87f4oiH#h$a1GksC%l4Cb(21| zmyIWq0?Tpfqh{X#uU_v7_^+CJxBIYQSj4|A`I}lo{cC5HCM>b(9?r$fJB;DSbds-unxX3G~r4tohqj1-PxeBfH zp^4SU)?F?-kR2iIq(aN2(8W4PfsP^^%4vwhXW1qoxi;Em$`|qk`=cToN9;D#1AZ() zMk7HU`aNJ{^QP#DERqoGm0eZq5!V6As;xE)cMVxZ-A_xwFv&42%`*-p%Vmq^-}4{V z$?wq9Fy?P?) zPffv9`LlQ-J^L9lZ@pHq>P^3DaN$>5?x9|}X6gx==TF&*MZhA;X~rClA!q%TY5e6) zqFX%jD1P49P{49T_Gg5e<~Nj^QroRtN*HZ^3BLb+y5G!;x0Ar-o)HXod3pNhtynn5 zz4<5^a@M;8!Cxo%-X@T~o%rto`+fHFLD?PeSVE5pl~1Msu~os^*6tzYQr3DMU@wpU zY94xZ#FB%{hQ<9B^N-YRoJ#@_92#ZD{Ym!Ku_f`b}OaI~Fnn+t`;dFRW|hTdEa z03UFKfE{NHWwxogUQrnwG$%8;XCpfat%XEhcinZD8ZH2-o}84|ucV3VeJSM3eS#C` zB79*32vgb($YVmPuubk*Lf0@Jt1&{9Mn3c+^#J^}vxS=)6HL@(Z7~IQ*aEUqh*i9e zTB68TdYpFjA+%Z0v7os)m z1>@1w^(#`=C_X{R=qi9Iop-L)+g;o`P3H0z@vW^4OI{2-q8#t}(g_b@6NZWr+7#Ko zvKkpsw${MS*B^ubuEN87fgEfm={PnTni{mAOh>>tNOfsg4E@LlKpX&q=xsw2Iely! z73Cok=CRNBqJ%`u>evQmm6WLRtHVVx=fUq6fBn4UrR>3Q8lt{p@YU+;Qsy}UBTw(Z$B~zrB+xktgrhO|UkVlwubVhoD zy>U^I)Ior zhz1u4QhM&=lOFWBPxKKEHEteA=hkazG4t5a(sIW|5tZcXtOI{I;tP_5VhoAS;r3j2gI z$;Cr!9IJG3OfjJ7JP6_V)uxdIY6XQtyO1Yoybr)w0$iNc3xpE8^3Jd-+tvi`^Be(j zIdpaPx&Q{h3oI>dl+Sh?bq5#zOOz^{$QlG&C&JjVy@`(ytIF2@5x@W1`~DDqq<-A zowLv7Wmd4F{5aP1aSX~Q2uGjUS%PC`uedMb4^99fqPVIY?R&CK&(ALE$}B~agX9SF zTYOx&c$w3hp9!mfeFwrUITi5uaRj6jar3Z4V(Wd8&H5Gf^ZuIe^22%jH7=cekkA7X zud~O$29omZF`uA8NQJCMlVjyYFzd@Ufryw$o}zo!PR5x+E0dq9d<1E+B>^$e^o?=Z ztJKFOs&dmiS?P-BgiAOjbNpHO=rlpPRZm11RxhyucLt;>i;F}TaufSyVA^*LoP@0b zncYqYD68IpBYrh2E)gncBPNw9fUP z%}wA`mD>R~okun=K8)Z|R-&t4cJ20$#553W`?LimPv*%p&hTKi6kaTymG~!56zs!I5 zmsWJ(U3k0?VGcg_Hk8n2GG2(qhq~b;gA!2q9EgMhMy{y19`Q+4a`=5uamEP{7T4WW zh`qmXGI3F##G=JJS5ikHQD-FQ-_RRgf!b=T4gFkp8p|ZjP&`!+Ihv zov@x6XkXhaDc{kmn%2%6ZmqPx@CBT(E%%pXk+zClkPV%~d#De-gbVv%>ouZNxY_-1 ziXQEA3p@|b5ju7fZ!Xbs9i_qecxvwTBcO_=llpx!>gtCd$OrC$D|iLB75f1BM_5!f zjRDd&g<4SJ!3Xa~j6rjojG`SFi^~z_8X}H7!vYSX8=LgU6uNyyoL0&I5FF*H<~aF> zV?oCWTV5t~U(?hHl^$I~8xqv1=G5Gvl$2=Ai#_LlH*ll0pUW%pR@Ho|ZX6yr=cy5U zkkDG_#M|Dfx7nux(^`#omcLRwN+(#IW93(cyW@tS(WlUGj2Fr)Y5A+L+QUqBvjfN# zQ(WVw@d?mAicfW==LlZ3gC!IBEjy@ zd~aqr62JkYVq8>im8l~lL%D$6t_ql4ii(qFa#vSknwmu~gtjKkVq8>(kS?$lRgH=> zXK~K*>TQ8%_x(kZJU>;mQ6sheR-cvse0`S{dfZ2Wt+aq|?U!o*Ez>CIi`6R-b<+t% zGlp_qs0A)E8;PXL@?r+E>dIWX3Y+7Fva8SF)1KKB<2irPD$~B%{$shBV!l~?AJl(G zC+S!vhxe3nw-wHHV}ra`vvu&1gpueH8&hxX8IeXG6hmESOT9W)fB-Kh_+gWVoZe<^ z59j&^U%hgo#rk4>x9DWwLD)80R`@7hwME?wKuTGR!E^G!IJVOf0WANyIMbO4rMSj&L(5mW+ z=N4s3s3)2)_Bf7&D&gMgpbN}LVN<5AU7(n?iC&P^g*$qZO>1$hQ~r!VyWPd9CfwAI zN%vaIRfk;wypA7IC{H_Cz<3pc&nyF#dlVQupXnQS8^>4DC)!Nb?(kaL;wm&dK?%6W^?^HJ1KFBg z+EtqEAclg+%8QH$*9f#FMNR=og9}O%Xtkr7$%y4Zg`P@_)cS#6xT!SmD32G2 zK0kWcRA?pPXYGew;(~7buy z+vfA#XtV$x^YF`iZi~HPI^GLJFv`@#Qg3Uzx%j6^O!cJRyC0t8qrM&ios1Caeq{yA ze5=|(@7I`P@4N|NzFKpv7O&XA3lRX67!(=_=)14OUPC4#RK?0y=dEMfelM zb6Zeo*)7QP1V3%NA7@^VTa7X$F+{(@tEnhlN$gLQxU%Do zkKxiwT8@V@S~+}VVJF(P-}p*hut5-@GzFx>+-d78`y7lot#F~~2fa$vp!;p( zBw?rWD9#!sH02-x<~E_)VEE~X-^A%E(nfcxJf$azS)Qm8p5P8jnMzp$Io8I_6FxdC z7+jVtvbYn3Yy}m~45RaNxI|Cv6)#f3MUh#)(T6?gA}MZKNp={EQr|H(FA3g1z)(Bj+cj1BK-}XL1%KSBww=+z7wOg1x*GI?z+{ruW3#YNMd|`n2%*2 zWZ66lWN(-$d|LP}4w|v_aQ6A#wGFz9a69nUrmv~Eq@*lwbXa4x`#HHNNxp{ICO1^y zBi3uM;euQd=L~1LRBWv@Rc%rJ6UM~mqSXc7*Pz@8%BX6tCM;L?La;qLUyL2~&{pj? z4zgc#$BL!QNY0vHFL)mub_`)lhv+qz)PvZ;ad%KXfw79+OprZ+>G;wvm)d-w&hdpw zJ>Mm`w;--z=c5aM1}#Kd_EnGRO}nSz4&@SeOzUn?miAZyLV3EvDjCOtz3q-QhuxWC z!gB9*qCmiFd&vd9C7t|49WF%?l3hE}0`8Pq-Qs;+Ah620+m+07u|SU8joKsa3xvgv zW&L{$2w&QV=`sD(B9ERV9Vg9lmW6#KsT5=7jYTt_;7`OuQ(=xyphoE!zTg+a9$ztS zipRwzO2F$y!mK!^ej$GQ&Aq&s|j_zuj5+99YJ6D?0q zk*w1I%YBBv1UKxbwpc4xFuQH17JT=u3_?2VIahImb?~b!gq2olU>oVN#gZG%CV-1% zht^L9*v}L~LnMQ!=DULhL6~IYaaAv%Gn8N(a<3|xQI0YczehKoFXC^Z(F};EU#**6 zIyQeS8c6;=V+Xi_sE3qOeBD`upM=A3=0*$aDcK3szzaC!&wvUM`Dkz9OmPg_;lA=0 ze2p=94VCiB8%C7YNMVCwN?)6tpN8>Wm}bYHOuxA`l+OBxsUh$ylx6Uj@eA0WXfQBDae7 zrV6Wq^Mqq!IIn%RTH$7dc!8mW2Qph&;dfHOM7pKS5CxJ4+N4eN5>6?O6anfxQC-Yd~3Re z{cgZX-s_cy^OJ#>ep=$MN0$lDyGfI#8JPbhif z7h%)Q*OhLn>p$L?$7UExeO~`CV>M=Ble}uD*O8DERl%N>vPP1M8aja4C`v~1UL=(H zzmeA`#WX)9#lCni2#^b#y%bo{u}2<*bBngRyN7pTFy?d$5Ew9?fp?BQDrDLP==2mM;{h!b&bc7=%- zCjfB(9~E%?ekQbfXU#?rP53;wGgS~C^+ITOTVjWxs@Dm-l0eLY^{fgmIh6)Z`@iv2 zOl2_x6}|$#NO}oyE7{=)E`ZomwUjo#z|!xquf;TpBdd6GaCj}kSm2+1@$Q!xl*~jH znY9TFufffbftBj2@N8l=ZtCn9oJqikFh{GwPN_}{e{e_S3=Godv&&sY`x7whA4uv4 zUmuC;AB?zojj`xs$=)})KTDOF4{8`@?pT9ZSm*ZWo_hR-T0=g9K81B zF{|Rw82>WM&ufKOiwDJs*5q{6Anyb!`)6ED*jAIOL!6BIb+e6MTDDs-i82Q@=zWqbT(?EoN(UdfWzc%@Cz;}T%e)(^+yOgCiScpCUpLuUt#eBXU2c47$c6#rHJ} z`Z6!u1Z=96-kVzE()IZI*I~TUVmxeR|H^$*1Ti>vxQwHFPdPggPb+Mq8Y9C3V%Xw* z_Nic8V+PHdF)aGjsLkB3v|Y-*6Fp}g;wcrDId1NB?dmbVAb1694J0OKxJaB3(nlU6 z=fC?8A(G9n1`^&tC);qRTdNp|mXB)}k2}bu)}Efp(c39Lsm{cBGX%Yv# z4Hmju7}v-I>NGN)xqzov+b#9fh$1G(R_Ve`$^+Ppw(ERXstNXkk8QVFCp@TQil%0 zOF{&X(e&8v>WqoI*X4G05%MB%{O&mceiaM-(hU3wHPNH5J)s?QR`ESmAL`@7$jz*SnkPD&c(da!OR#qp=lr7GC??+H_B@YeX;TfRiywfL54 zyQJ6sdh3>@zl6Eb&y$7-nmZwaf32=;HWsF(vt6_`NnG()EldyEse_v4fSQ%|-+h1y z$n?1c5K_nvQV7VJ9sxX-;UgtFj%m=R%*>p0QtUpWONlpU*%}6kI1_k+(ld!k9iY{r zZxvpV9u&4oq_yGv6xn;);g7xr9=-vY(ghmbbYJur!CjywyGvNjR9mI)xXT_WKAO+` zh*u_KS9bENG(AVZK#Fd`2C*=M;?lZp(YWvm>q=t}H?Mb4P2S>o>2G&P*Lpp>WIJcr zo(MfOY`X0@{K_e*FCRbq-(5T$Vf$D(QEvf-%`@hi118;y&L41pN2*p_^+H-5j`>dP+ zIDm4SiRdF;y66|=a9>{0f~3d`G$S4~AlV?jx5NFbKvt$3mDpV2Eur-VIOYjg#Uxr9 z=IQOxHwhz{p%xBg{F&z-!wVT*e`2H<{bm?inE9?AJ)3}b(!F@1r(Nk%D%??5qNl|M z&xW;&Xx+;vM~k@)r5*cvk5vZ(^wRz8s|7cDWPXMUP>C_Z|JUPUYZDL~mJ;@#U^k?X zV8?3Y)yC6SjZBdH@h!RVa9fRO;C#_2&^yxB{pGvZfi5g9#o|J5b)Kbe+~QZtXE6Tg87xNCx#uY?y*p zc6{j*Z8|J2p0wf#omgx;oHTt!iUp9E5c!4j4==;~!=*AERE}X+0&#JdifnzC#Q`n< zz?jm9S5rSa5}DYilJ79Vr$wJf9In>WoDk;QJ>$v}%;FwguF5QV3t(|2RlsM_vn$IY z0!A)9)}qxrpJCtTUn%7Jy$Nq+s+xSF-CjzIItHYEU(l9t=$R(>Y(DN3R@`Znr|Ji} z>`!uLpzwUA{nrG_QFHj=-ecw`A(wmI>Ho###Fp^mk2U~N_ig$5_kTbxh4X)${~>+F z;A#7SJ>Be2V`jk990{=707^q&j1+G8$HCnxO}PVTBHB%PeT5E^qeeBZYe3C9{Utz- zWfF~>uOE~rV-DOHov%l3n5xd6ai;}q#7Ydcd~JB+68N+w=;fm2b#5jZi_ECHKK5)M zs6j6W1^&-YRhZH zSu&&~WIXb!_TiUp4SoFw(@O+yXJM1(K%#%1`(8m$&QMM{V+-NTXIKkQ#e=^1`CdeV znDgs!Z8^HwH82r_#$};}kh;vnw6ObiitHtphB^QL*}X+b!GxS0OP%?f0P>%uoL08a zgnf$RP>k=u>3}0IPxcd6^ctw=%YaOe2biv}c0%3Dn)Wpg01kz_Wmx&~^|F=W7>vrB$p=E0b5}4T_0l-SI1gMrqQ$qd9P`0}eFc`+3g+l)D3BZFV zcF2BKp4H_zm7Mj~Ke**rOg|yGCH_7={GrO?lUSvA87qjql76dr%M5-SqoFDW^n;J+ zPU{t*?BC1x&tCVPd&qO`R-dSPk5Plw`Gc0HEBVw}QqO~&@mx!2x+8ny__n(`Fx<7`WA5-;${J&p%@xq>wrxiS1<}u>J|vCy4cj z=jvHu3=RdB*V&kH3K|Idty=fwtktpK;?upLy+2JkdOj6ucQx|=u387W{e2W-RjYn~uR4?ja|A9Bz?J;s%HEoR>NtNHDR=a6?>>x?;B&{8as)(B zGaE{1@)jz=ZXT3)Q>KJ++2`iAn2xCAbj4$RX4QfRyZj zszPrr=2w6jUk>lQamjHVaP&bxv+x{R&)4}0WpG~3SZCto0yN!cuof_P;6~~~V0_rj z2p-Gg(T1b_Y8iMc3B~}CRB3k$#QNrXg~8mYoKm5J?F=i4NZjxE6A`8X~!1w;^zsez4k_|G+KY9k#*ntt}S?kr` z5N(h(n=p)-OU3Kr;$p`Gi>alF3Y*LW?LpVonRFQ+r^VS=eq*a-UsC@(7Ho!emA=m- z={G4BzNrVY2y6D=UuYe@qNAfT(PZ#TT)f8hnE^QSXJ7)}RBF?AJWBV#)gXBQf66@I z0-#WTxt1>J*Ftp*xP%JE1_rkHF51~OKh5{s9(b*6>0@n{6ku!v7B0zOcIQJgR1vJ8 zpVz0|iV{HmGKNi2VQ)Jvmu$vo+(J9OFn9*Yj*)XsFVTLD&;DnB&@3`WotG=cBSslT zqC>c1(ev7u^9ni@=2>Vri1B`Sq)e6k9V~98VM!UC?lh!x76gaPZ%T)u$E5BJm z8Q2Wx%^0;d_l_A$CmCx)cUn^dbpEUnwxeRHb3F2HM?$CV{mW07z&A^ogy`89WiM=yn2DAzw-{kq@rREExQ+9|BVB`rWJ3 z{`Dwc{-Id8rG|9m_Fg3{GJL>=vpYGphvTEUyv>zRx2Q#7W#tGqOMcq)zjn~^jF%2! z=_26g+xK5o+q*-!_w23M;L;5YzFC7iH2fLFz-+L4=6o+V za*sWc9Ag)JezG%vZWem}D;xXe+uS+|#t*2H3_ugXI8Jaram~E+3dV+6Eg7No1$eWR z9{KG8le32JwGH}$=+(WVcYrA{5+Z%!reh>^DZPMscH7ACp?WiGXwaEW*#gODxQX&0n;X2eP>>%a;Gso(e5Z>bMWd1a3#t4nMol<%q#$@B_$=|3w*n=zFqkdw-~6j;#LDt{a6LLrW4uw1(Lk|(E<_z zMn28lkE*Gz9yR@BTU=u*h05Q*72+0iG!(P-H9nFvRC9(87Qm)sHLT4 zZj$^$_K*<)_&z^|`%(qIYPs zp{!7#S%}Z}$Q!VzGZ$C^rq|RqqYsFY)AU#DB2g9A>;9r>l>$Bk-5=*V))UjzuoDuB z$YR%vc#Oe3Ne8&I1ot+>0N8tp*3KA~SQcKhBJQcVO(jF$QC5td#~*1J{-0Fo&WP}N zE3l*QHK!Z3n2Dyv{ixpu>?5?@qQd%&t-#b?a=G|BQ3{t zbQUmYsA@>zLdq)Ku8JIWPl++^W&W3|HJ#9P3{4}b%G>sy=sb9n+G2ywQ4&DG1G!}q zws45!wUg&<{~uRx85Z>ycm2*Vgh)4tgdpABp&}j9jHJZSAxOh8h(RMgG$J4%9Yd#t zzyN|sBM8#nF~s@tzn|ya=Q=Os9hY9??7hFS)@Nm?nqs~)-TZW^?8GIm9e#Y7xR)52 zY9}rsQ6Jh2;>^X1ZyArnfrHu+L5l1wseFr7R@BU@-RvHu%=ao;-g9CiPCEjyUe0r6 zfMo&cT+VdBR@o2`Pq%)B3&S9|lv=Q?rrJSOZ$w>ZMD5%6TY;6UJ#^P*qzcTQ(3X6C zzxy%PMEU}YVYRWMZ!8(vG$IEGi~4=F7jo+bB!9h8v%BEJg zBB*&E(=~Vb#O)xPLtNLawzm(4HDOi?`!XOyb_S1Z!T3&Pq=*!j-_T7i$w8qw-XG;J zx*XNXYAi0s(!uF~r^a{Yo3X^4M;OFaD&)eq+SQtVYN1xdDlo9U)#;D3E3ZWtT5Q`p(Q;b z5@|DZ^E1GbQ`=r2Y77+Gl_JbT2zf;Wr%>Jv;-!)b`H5QX!xx}))dyOOB=ISL6_OAr zgG1>7J69P*WOH-#p$BMP)kq+I5-fX_5&mRs*oQs2nCeBigLnrK8S>8$6J{K%k2|1o zx$EO!Twm5nJMa{-NnbJP3QPj7x}W5nXlcJxe9hK>2^tSORF88cmL_zRD6qbTzS?%r z{U-796nNe}^FDz!^1)hw3J9#;AtiC|S*ge%2nOZ=b!|ij51c|y5j;Eiiv9MXQ;Jdw z2<)OqdTD1!*+ua_>Rc7fD-6^+CFob0zqcucNuu2cbHs zDGi<3y_1o)w_3{}Lbv1c@>nSmKWqOA z6@#?Pf#`#8GAn?K6(}j%`l$Cq0NICh`*;7pJ3OSb;CFbO)#X7S7i>Inb|U-9m4avY zJhi?4j9FF_XV&aIe_{%Tg`PY#js242A9s`(!Ll3vs$SCK_;0C5ALPZ3Hb-3H&`SsY zCifCL_@M2P!{Arg#9GwQ;p2@68I~EDU^b6T@xGgac@J~u1muYt`zg)r;?7pn)Bjt3 zh<4Y=+mPqeYOnbxj{s8!t1fnH_Qr(BpU&C7hzi-%U|xAk%^kD>i_IvVHGJ#U!SGV~ zowv&On+)J7V$SGknaEbtfk!p8ZV?5Czn%VrnUNo^dR2%N3Ur#^Lf$>8H z8Yy!V79MYYT42LEcu|#eNQZWN47Wi0vIJ1BcGWMOd(eV++I zm?7K(v1&)lp}rjy?JHkDe89!y_I!xQq|O7>Jmf+I@7TC$f8sZw3i-~t=&i&JW1yD= zEM`)8Qwl(QZ{bmZN(b*XY4MPMR(hof4DDf|103NChLq?31Qk={Kb&^9u}e?zvE$vf zklNiS%RrwDd~Ey7*UHY<`mwD0iCz(QQ{p;Jhj$$zxJ!xLeyqMxpRUHG9o2JVgE8T_ zd@yXhhfTsPMb@nJfGKcWX!W--dwQJ0#aMK}u8qj{YX531hrFo1!euY7MLIM9$ok1> z1k~s=ASg?CnS;Hi%OjSi)+5G!VgzhV$GAY^u3EV(Z0wj7(eg_>-NhhRVZn@Yq^ia{ zUOO9?aloWFA1<0LyKq3L)H=P@oe|lr4xF3$vR&+&=qTN1De%q_&F%)H78A{Xa$D&o zw~8$lRuh(*9-ni-p86_@HhFqfCA3>|x`bY=v&z+h(B3t!K*jXsD8ENqLfSe$u|qww zOg9>6Ioy$`Up*2LuY?34h9q}WLwg`J=EfYYb^qrGi742$2@BoEd3uAwsT+w5MTV!D zwWPXRrNp*cpv8p(Q=y`1oK#3THNqDV6k7%nVFQ~}0wuw@oY2-X9!cXA2pF*Jgk_+L zkdz!jzUk-MRm}{e%Hj8MK*MCejD>zVppbi?qH^x(^DAFGCV+hm2M^aiM-9zux30>v z6g;nv;w~-%7b;C8+`Ofv%O6?lLPvAsLK+l99}@E2_Ji2(;k*Ab$^N-a`2|lFY9K)F!4(X( zuK-mB!D@!Yy%x*f|78HzF<0lzS)~+NbnxcIBu>z(s?HWHRK+6^ zE@PXX@|iv}j?ReLQ*1$42uM+C0o19~QcY5Hw5jF$CmZ-RSG5V0d(o8;t`!r)w|NQTJvV^v7z?)pGhpc%U*HiC24w^CW9MDbhg^9dm)NV)@t*8C-{ z_Bo7U=Ihwk@P(b^CA)}_L`LzP?r2&TRp=ROcbbnj@IUkO)3s^;I*!w%c zP}KVm#0Bhuc#WK?apT1Q`6!E@xdessAqxKyK-z!rJin~~M`+tdZvrd1rIPRy*a||Z z=T7ZS37DNg#UPG6jf;9JQX*13Y}}>*Rv4Hc5E&7Ff?Y>gYpc|ffhcpMu9vAuQUK1&?1xyingTChHu??iE>YYB9MkLu)S^!bMG-O%3M;|#YoNTKV z;CF2)S;+4A@ouHdAzmaTWf_pUzYW{8`HnBpO&}*>Z zKiTTpaX|Oudm-^D!A>|H!f9{E5$r)IS)QqZ>Mf-~v&`U(ep4D5Q+Ay zk2o?3h|)x-!v=8wxWn5q@$Ax9vPXaWI#$sWtQ4clE(6vmIR@q}YS-}7u76o?Fdxi- zaazfXyIs>~zdwH)+!ly9jfM?}&7XBP%wzczlW9 zYs2+Qk?B|Vy${wwVw2bTRA&O%1_v#D(&S0c(rwS&@p`a-k4|OPJ&|nyz;`_wZbuD*RpN!t^4~Rxm z37F#Z_Jw+wTw`%0+s$x&ICQK7iyP{j_hPm=;|HfcE|X(JYgcJf4@83ww600w4ur<5YIF@u$(Z5b9=yQzI^OvR?i`UT$8 z=2@k3pv8#=C4SGA+ zHs#2B*k(78wT1cDIO$DK7`W8I(WhQJbd?()K8st6Q{I=#1%JZnuFc`NAKR3s)af5e zFj}biR9=Nh+4u5Q5}=`2r2hHishBf}&hf45ee>@2P~~li;=|&!dFv2R3CJ#=2lwB! z_llgnj@B#Ylxv`X5#=K*K?vwIkiUvH(NV0yQQJvdD98c@o|_|>xpJm`_UyqK`I2@E z4fUgZDc@h?l!Axn7B~vT5ota@Ez}(qs@%4D5KV!N08M0ZSu!9_44{kktRYU6%mWk> z)${w=rIDA7N^tuJ-rDJ&Aa;*G4+9T^Bv_)<$cX&D4wpB> zMZL2eGyd3s1##N2iX*gro&`?4PwD|#ve>jIg70@>Uc*v-j&Y}ER!}92 zLz!`(lc;;RZNK257l`iBFDf!ygYvbr|85x2;=%{upIh}6Qa+jXKEkR{C{)?oZhlEZ zwRPtvxZ-TqUBRBbOM+lEL!j-Y^)CF9m7?{A&ucA_DSe}cCXH>-ND6}i*ewMRw~db? zj+Psds8{;b5ZhL+D6dDTFdJ2MNA|${#3gC{|NG2HbFzOqZ25<$?O(p_z-@!O%-!=W zt9`~;SkSrWNQlkcPZ{v@5(Rb&=7{%mUmx9=Brnjuw?J&VKBEzp^ zBn`QkPKBU($kO3%_dQ{gdUhcjHlu9{VO^n)!R{dU+b&7$zNlqoBY|FpZAtvCuI@Lu zBdzW4=?1N)v-*iu@~POOfAIDSLrG3WFwJrY^KI5+ur^kC&1e&*yw;tgK;gtO-%pYm z0B2>8mOK;;pWPHsn<`?Px2WaKu0KrH`}6PkHn#c63Oayg;qR>(SoHY|4z1D zs`bH*I|EW->|-tYzQsIHe6lS1z{k;Q2wy{(zV1+KZ(j!paIwwYFV1kuGUb_pkjNoS^IYdeWS|v)fVfQsdm1XStD?uJ145l9 zznVJ-U=$@TWJkAq42;5m-j%$RCnlluokD;U$NWv!xmSRh4mL;cFp~0ZjKYO;1GP$TVR{1?}W0FRH%Xa!qxOa>n7fzW4@qmmbfrjn-8OJWq|E^rP5v77yQ zDm09DQzRiaVVz5FFhKvUPjV5x`Z#;omg3)X^3ld|Q8w#gMEaBGM6RisFFqsn)pbZVXWO+d^ra{14Ho z>Q}@kx^(yKJjIu#qv-^3yI$i==~+a)j?%omcN#&DK9n8K6-hh~Z8?i<-RiweWWfOJ zj3eDD8nlm5bTV0tE2}?Lo`NvkS_=>DIgesaeG|QVoCbKK17TQCjf;UL@$w7%$TZas zKk`}N4&s$~6>qE*;Cye9$>Jb_7Df67A1y+g5Z`BBw3$_s)c|{0wW53)5LNW2A|D zh+Yr;T><33chl`1OQndT}2{mc=iz_~zl8ALEw=t1+hecCRLg7&t{Z zq}=ZOM8n85zBfiKI$5R_pwf!)jUPMDKZ{sVA9xHv=yqc8ii0K|0Qxy|NL8UjQMDbl zBFYvhHA*Afb){|1ii(sSh z$T`vf_S?yuqvbR%#0_5G_j;8iSU`e)=TfI;qABAXUfwJVL>Om+p$hSr*MC1U`LIv# zyI1_sRD9r+7p4}qQ4+F>oD4KZ*~z;ophFxaQ{;WMz|1_kFh01MD1*t z<=9Z2hyRr5K@Q-$(MxiXhVp;AxAG5i{}`vPBQcnp>XyRC+tZ$`6d5JAksQp*XZLKJ%OMrHk;!sy3#KUhug}cv?D(V zlTh-57n~Hp16{)~(wa|@Z((Zx<&`HGMh59o+Co#+2>5^Cux6v%x8cn-Bb2mRoUR`^ zBwMD{?^ZPE1xAOa$3&1H-k2C2`MbD9N;uV*U{d3Ky@bZ)Vysau~(GQg5Pz+B2~rjmJq^dr|)0!U6$E z(RaMS2xK7dnf!jb-7cH9isl4Xhi3@h!!`I^I=7)uE>+TziZj*^6(9;=nhdxN z`)aMJHX_;uS>1yt&4LyJVPmxwLwN-}S~RamT1dUqLTmDWe5I~tqGazm1a@h&8{u|1 zHSgIvT%K$7*NrwM_ySk#R}M%`Ra1gB$7T)taS{`9$MV-LN4(JI5M^f#3w|bs@^7>Z zO}u*a*(UPRw9M?iAW*oAn$i=4^Y+hi?+%yF2jG&A@QR}+Pa!q)#qj!L%=F^u-_P-v zKbxs+x>89h@DJwl2V(tV?er?OT2le}T{ODe3c(r7H&UP!E(lU>|8d0AhvT3w$~rO$ z=_zK`R_Q3E8W}}M;xh0RZG{62q%sqMY6r5;F84~{qQvzo?sJ|M4olBxXHQQonr;vO zMFyD~e~ELYSDz3(ut#QyRut=tR87|ezb#Dw5GQs4+K`^VC*nUC5EMj1r-LN&l$bU+aV?+2+)vP`=)i-KKT#&tY>IG^% z%PJ+fcOlw!x{3=G6pMumiXRNBZe$pI;IK_#O;fs*11{^%c_bOX^slkrV9`a%~ z1I;^;Nq_u(BHHfPnpL@05;3;C@Pu0p+%xA1E@@!d!Av2>{%!18_PZ)WnQU|&IVoED z=UG8h$P*xq__ga&TjT;Pk9^YSW(T)MR)1_Q@pM7p7dz%HoHpAkthM2*^=#wb!659r z9L^aQu&TZ$JHtw1w8F@IGboNGv)P@K`H5StXP*+*F{}?f07bw!3J@u>A)jA=)1F+suvz2r)ISf31l$-CP|h& z;raIMTL?48KUFojzco27nU9_&$8o;!cg}5L9_k-T9ol~AJUBsTMj`(^MJ6hkl3pJ+ zmGVmGMC|Z-Z(vJfZ_R61di=v~E0_rPQnp!NMSt`4gU&A+76KJ~!RGKaQ%vil;Tx_CPGM=$mcyI8Kcbb|N^Fqw zu!y9e(Q}+m@=sQB%Pvocg5rcdT;>~qq*@*x& zODvZer;Ee@c>rV9>0$~_p7I5(o@=qSPYnM?c*Pv0z(d28FPUdZD1sYc5H2a5&@Z$g zHTv%$xq+=w2`trOje&enE;k}60!vfxRT?r-bU64D7cG_(@r*WCg}!j)yP59>eQ9%v zoL3gMe6=e=r+!N3SPE&yekq9R2Tt-eaT+&ZQF?`{`LdM*j7U<{N`fc){s>gvmNk?M zU%a1eWb)84VF?6NMEH?ZI_=?{6Nj3Zsq`zodcrfp<03FSi3eky##R`uGEsKX9$d)@IXzoxf)G&W*3;xv2e+|x}N0TH%@b37CkWVmE* zSePziA1ehg+lIo)SThYSEy#2+GtL!hs*kPzgR22*2evD}JaI-mSPN{2?#m-N|mbQIE3V2#Q0BK$1og$$0tK#`ZG0ZH`7EEn5M zc_(aN2AtJl%F1{;&hy$(_R%gX@4tg~OhNR;MDxIfK;_M5NL9z?)k9PFc3QU}V?e0k z>BOtz?X$~Ab#~3CI=t@Pa-Ei`am1Ep7RJKvl`fe5^c(Fr%zMTP6MOcM?ko0+M{o_) zwe&Qe7v5x&fwASng4*xXg;{mDp{{8_lgqE#NTI*q@Fr?wmKaQoTkL>aNBd$o&{H#R zxo)#L*0SDH6B+_t!>1DayN0JQZf}`ed4xkY_-RL>BF`vR#dW>2^Nfa!s@~|i)-=3& zeyDnH)o465`^M6E=HIV>wEb)JcK(TY3bfL5&6a`jQy-6u-2}I&`?6JKKyK`a;coz` znrE13vsP$PUDUm4(@8K&@{Ep_qx!vrF~M>JT!@xn9hNmGc6_CzWvoX;VMnlNXZi`p z24woj1|gcLN(aEANVDz8#rpk7UBlMq-Z+mv8kW0!#bQZkS)lD2xJClNd^zC)<`ByW z?P{!hiKp?`9VkD%f?rgw*$-+#2EAtpbg8BI_&ixn?X&ja4e|Kw9_z0Q?ke|Tla!Of z16fr%p2_5<$uh6^uxQylDMj!<9M^*MdU+d-$m!I5l!dv4FR=Z>)r>XT-N0OvoWhzQ zRiQ);&=*ZXZYoGUZEClsZ2sN{9;@;+>S*g-b19BSU{u;ZqtQJj7>}A0`P9?Fcj1IZJ7JwmujQc zT{VQAKviYUYXS_y@3dloBK%?4G%AmnFISw@nV+~jJsZF00mnP*1Bz3+Oa3)?d!XM2 znA?X+gU02;L=_=!AO46=|2HEV7_UIrr)Nuk%R_BvxVJf$H*InQD9!WkZ>~7GL$%c9 zZ>PKToV#6u&&~4~J}OMOM|nE+1eifh#{~4~8Mk7Pd?A}tL@ad$REP5i!)LRFJ?1jf z(tbg}Sy%Tr?+*)OoEtHf&W{;z9`s4HlhxHVK8y@nWBSddcc0{e`DJ}%`dBLNXGRA}J8x~E$R`qSOV@O(={CvxIF zby6I0u%5iM-*7wsLh_SlCJ>Bgvnxk=^ScDme&KbpUD9LV>sTiH zH=ztl^hB!LOI^#S57y7Po!*Y8IvL(>MNI&eue9NW{o&$F0uL(*le+EOFPocrOhhFl z3@jMepq1|h1bNJ!oJWHmgV7yd#UYDgcDiN1O+Q&O zfZZNJC8qk>k#%{lq(iFMuF{{P+GGJ%@^u$N5HpH-sG4q~rzl*hhRqUIF^r8(2B}Pv z!Kyx#k52<>x<4jB#B_$pe+Ti~h*~WEs8;3r;T^9^huRCVj(txR4DkR9_BG91)^Ae) ztqT@5sobD1f;e9a)kjsS=&HB5>E9FRB0wfLj*ISPmfHDvZLd#9VfT;PHMSq}s|Q53 z_VA1h6Y2Vuzk;d7E=15{_y*QoT$YNz?xq7YkY0~~9#Os1#RuDLNp@BC(cA3fTBQXM z-M9VxN<_jJ%TS>;%4^m{vHh>si(J7tdyvzHU5}w<>2B|s2LraExdMM%zQ%QD?mc{V z`H(218!7ta&%8b9Og}Dt$CTgKk==Wa=)2B|{)A~&1 z#Q<%(lTn!-`79OI7{5tnM?|!FwXNFH@4b_LjvQnZf76d{YoQ}Rq0VM;0?>84^mvdv zR@}?~4IJ9?8xKbzS>vtwBiN>rC;nV;{_4n}0=<#<7aFO}=lc`N9oWBlk}FWi3NOcIXn zOJi9|>7thMH*c>j65mc6?XVQ`7XjbUSXDbhBvv^Xa~{%!>(t8SqcRQfUs(Xd`cpjy zaxRF6Pn7sb11@uHQfEhx%UftK8Tg*kbF$+8lYUp`N3K!w9lHeeenhnQANpx*U&~_> zlHP$@PiL67x+E#%O_W|Yrhb>CDyEV`xmgW+78?`n+bT46@>*YqXWKED5N`+rWRkF> zd;5QZ6${)dO$k)D(I@>#5q~4cF-q2#i5ayd5$+QB6z$XO{OdB}TB)02R1r>=pTAZ( z!D2&EobrndV6j|px&qW3+1>`h(LkkG&t1XMFzIxJ4u~t5!LfRyMlhIoCr%zK5uPf) z{`MUdmntWNaFi|&O~|0p#n-iT<{unf7byA$A`0j(Vx(C1TB zzy(+2LAH&M0kuUHSWG7g81IU zG8w@xcQqNLg)Wn%=I#{3RG!tuGzkD#BC8x#HiX?tI*nWiwgOveIaMQVHn+i%)AD)` zu^{2KpWR2O0djYR-r!z`P6xrNOGYx%lVu7?bw(Hu+_@Xd2x8_sf0;WJI~^RBy_wQ4ul*d9fuCu{+Y zJ@B@Ew+H-Mh9`d&pSu=SwTK_j<$lBpDGm_7Iy$^eCKomBvQl?6_QxlBy{?h64PrVGP8Y?}TzDkQ5D(;JTCcp5cL{nZ zD8xlP&0bIU^-&~^qJ}}i+vz`#*yl()RZ8p-6p#x!D1e|}SUQJFs*j6rc+>T<1RMkQ zf#|uM1ohNl>l&gCx*{E^Cxj2##CRM#)XFq!6}W1O>7WUMm?U5&w#P?X5K_Z#owSu! z7xSRbs5qc{y}rL|KNNZNu^$A_yZZ2U8Y|)d^WA)a4tTEQs%G~+_Or<^@6W17wH~D_ z=x5*BtrsI^6kI+6{#+mtfJF=A_qp*nbc5YM%6yboqt z`WXA>#O*3<_5?A6ezp$K6YK>8e+J;310RsO!_C{3)ogot;jnV}_qpRAnn!=XE~F>F z{EmvfAV4$KGYr%myVEyuve|)K(m; zcDy9dBspXPh{@G77KG<7G=6XWZ%BbLW7xE~Q#^*~=nGR>vwKl>fv5>x+((;(LXXmo zN;rgZ`E$X4olx<8BaPIGH)9kzuQ8Nf!@%uzpx-8{ky0TXX-%MW7iQzx&$jxOfM2kA z2StBI1boUkcf75K;hlN}un1VAUeJ3}ypjw^sxF19AQn5B-mkFn|o{jryK7;J4FS@$l@IRsP1pXOqEie@(99$5f9N zF3&0shz;_A!q6A?+3uUxVJ{BiB(EOFfJNWFoL$ z-*bhK*|VafMorBm#z9Y#pFV6zEq0Jv8FJ@tvrRmT>x%z)7zgd&eKGNvJ>VEBRP5n; zysj!#msorq4P*hej1oPWUu~IHb76&rayF8;8>)%{Uc21L%Q=uALh>hIezza3_<1JF zA+M(Sp~D4h%2rR%)GF`ubcRN93G4r~zJCZ|lP^XONN!nP{07v&E@=-Ud-ga>oTdvx zLcR|L3fmE(+pbS%SAk4`Rww|_`0Z3TGkIs(@dupVx1qoX}TkD7hKEh!p2u< zJlN{jg$H~Trc;*yygkcj-8j%lpYGd#wt1;f^ytEj0py$aO5<3sh*xk@!;y6Sa4qzr zt1nQ?p20cfwKZG&aja1k&fTRY&Er`B6UmRQwH&9*ZPp8dX+29uIs~xT&g%(o2{ep)JBQ-smq<=4`vutXCshQ^g-T+jT|J?xXe-lynlzYt?qs4~q^*pGU z@jX8>-49rTaDKD$0Z`gvK;&A@#rbj^MFr5gB)>XmQgdnE=7&Ie09fVSIG%%(3^><&(Tlum$7U?Fx0DDx9|jk-IC zUw|1xG6d|tO9QcNu}WDZ^XG>;D+rAW8Odf4k|o|8-?Q*=v=I_xx1{l9Ltei>XFdpC z^0zK0`#-mbwqS;42kmBqHU$Y)^Ix9Z!eO4Z=(p3yJ$`~1g4`h`>OHuAag*t6Lyc(w9W8Eb~;6@aNO_V~VAT{5Ng6&~J)j!S5Wxgj_VhW4hGi|7OUuOFm z7pRvNXr!k92Ym;)Qb5K)wh$2!5ezWKE(U0H^A=wUlD))>tiit{I0W1sh-%(TF}-}f zkl!R|mR<>MiUmM$g=!}!p;mY#|Bl9t#f}@&l5caJ+VHJon|+C(XMFJA<J&ceAYjS}HEw-%Be4oOI#|=V z`$}Z#%K$jCI1`=Bm><}{b;o#jOY%m6P3J7QZFAatF+vEyaMciXX^}Di6 zst%nOo{PM82iGXwqu@fLOkbmM!}*GEleWA|?Tfy?on|?pe4RW+01I0p=}u+8@zLmX z@!a7oWal^uoBqgc$dB`D=_>zrt>xd|mmctePPY;D#Oa%O{AKO~i6wpi|Nmz&?x{!T zUORf5R?pFH^I##<9oG_*Lic)*Qp9m{61GuoSeENE(c(T-Y~1Shwu)U}IKL+oK1+GD zk-G5x(^IS(ueD(@z)vUI_dOFZfvy6ARn3+!n?&iNjtNrx9grbdhAZrD9tNnW79Ri6 z^)@K(*gm9MNK2`27v(U!ERo91>(BK0ow2%;MnJw-j$0L#S|&Q=UZ$-ht9O}w_wEcD zJAF1WJYB)6$sfInLV|I5U~fhCb)3r0dv?!+?`#KgcQsIoQjCcn*#a}Ha)Jcy#>r3f z3yGMcxM@8dCgtI8VvBr zi^RmlMEH7E0EWJA?+1rm!9pNQ3kq>pf=dNo^-qpH;XSFrZZdbj92RELb>J7YbGHtpPF9B-qN9 z*(w_1&L^)=__MA83NgQEdGB&H1gfM*uK+QMTClM9{Np~L z6>`OKeGF^$%UU@91_WLn2?`DRE4S1jFMC>g_eAcE}2!&Q~{DwEe9a8%u zH^P3Dba)x)WNvqzz7DooqPhN50s`KQ-_U~>d3WR(;62ml0g|=T#hpK2j6APEJ*B7* ztAcs`tbDz?*+imcGx%-Qw;khZ)Umz)_xn&q$hETgvYRNw}FUWz7weptV!m*nF-{*-2ezE36i` z561RH+iu>M)@wg_;hmL`FN|wIR*XaI;VdH*wui1Ari20S*$F4`V?~khCn|MdDstq| z49j7^EA35^tKi@{1F2+UQgl1TWMm*caz(nXfR;8EoGoU3DmEG*5lQ#0dg)v&BJ^uT z_%(v8Zwp&!*;F9vnkB`7q{9Pl-!k>oBzEwX^{I#zk`p%8B>x!Jl6+E?XYR`1rl%>B z&$!lW&C~lkmJGrQ3Q>BuQX^`Os_Z_w^c1q`PK}VVHz=`PYErfgu57Rfia^S<(pYbw zs0jrh_E@v`A5*?I{~D5S=^syH@E(}p{$IMq-Er3wB)AVAVD$a_SbrO0H&0BGW_5b& zUIukfR7h9YLuFj7e<3jz$cK1_P2XkT1)WaYNBFi)0?+|#)SRaV-r_t!C2`H=-rtyY zZ}(=gilD~X1wRDPNb4dQ? zJv8-A&uKIeH8uV54lm-r6u}{U*_OP}WQ7{i3Cgy4b;cC};l7xKr=GRuCR}#}J~WQq zV7l4I1I%-@M?n2k2k%o>ISQHRXVeI6xyZ!$&M$cZ0P|hcq9I_lYww4@VgX~a*Z(cY z$_%#vgr?!Miy_~ zI@fK;E}HPAx!t}m3k^TcJ5R>s-~vDnRzm;wk-3Ulu6XlK%bbuk;5cvr#! z3Cl}F`Ja9vH@p9MuWu7R#NYd)*=rs^kF*OR-x)Yqyj4Fv+ds@#}mJ$#8F~UOHgiSOS{ zfJ;I(eQ*YT72Q|*-zxVm{UG1Ur?Y-=h=MOC{i8*u>uv}m z*39m?!?QZ_G1FZ=HaZ>ZwaT87&3|GV`fk2DZ9S!3S zLV&aqbbud3St5b_oUgDjB5@BE9N>xY!IRZO3U*>+f$`c79xxBww|YKcJOMtx1TZUe z7j0TNEkI=`1Bwp`?A$&-Sk9vCRJa_CLyy2uMb-k5-d50{j}8N_sOjE2dT`kbx=+2; zca|Gu&ecDTVfX31Lx}~Okf8leyd5mzJT2cDM~<~X0LJCjTkO|Rbv=CDO-3wxdk_~gcNvVz*u%0=`!Wb{Hnui5 zGgX~ahUB|^7G4vY02ot|tOdWVvigS(O@sW+$S`8*A8I*60f$gHu%;jJp2#_QAmdXC zfke=va;i|66l|3NB zdElb7xva9?#qLab%G@)V_xMhvZ7bC73*@-Sw7;5_Tv+kF*u9J20y4By&L^B= z9*7N0-vUinDkOLA@^Y&p3m>nPWCt*Q-{{CJUj0RWC2%kr2D& zbh%sa)aj7L8umqqb=lwt6f#UDR^nr({GVe6q2WxAe&^K<{G7BN4UrtPTs^yz#{ix2 zyn|V#1cQ(J$RqHs_td@nk?SBp=z(R?N+xvtzMlmaY8UP3M`VS=InReH`e`-AptfVq zU;r0jov7)cnZ?5<(@N@<(d-&_nVK6w$Oa>sX-;G@(_P}rAPdd`uaMxv{dL7MOT9(m zUiD2ItH<$B@q%j8plr@6-)^RG#~MXVkZjnIQtSyXV8z3M3y{i;JaR;;itT>WixAHR zB3&J3kK;8x7tPrCT1q^WZU?;ZR~IrxG}#MyJ94_``6fP|sx2t`ywmEL=j&DM&)!cy zcK~RYcgQyByWy4n0E3iRx~tBsWE8|*!eydz>DHXhyVJy{?c~D?O6LOWwS?RA4l4?9SzH9 zN7}aq0?~{z@o8=cX(=hxYm#2kclr;!^+z4sY8+Yr6uVr3(u&Aq&?jM)rpVODX!RRebe_P=_8aLA_(rC$ebanl;*J1?((#xcYeBs0kjHTt2T*w ziP7R(iqp}%Sjs;D45(YCzjM2fDa3^s09UO|y^fZ@y*dKmRXy^B=HO8goNHiwBudgM zI(uA^ZG|=3AQ0W7G{WfhhiCOd&1SnYHh*JJdjI3Ll@y|S`6#9SII_s#YqPFc5 zGAJMdLkb9jGzbIIsiJguk3*LTNVgbt$Iyy|w1j}tI&?{QNH-1*LwpKt82o)$i`Uy~toxZ8A~hE$^)F5xD+OD<5IvoI&+&OPDiABj1QyKFkImBkcj}#*G`Pzlh#UGlU?`Z__{J-=)JGD==MNSD z7i~Akrn-3tfQVi(8Bb&$5y>h;(n_v*scdA>S_1jX=5opMvWFmwrgFk6O?2Q3P^i@E zhjas>U#(MNKp!I~_V_8UCLlh~4!Bg_TgpUsG8LBL!?vPfE zjEvX^Dsd$}v*6vl&Q7bsSuqYasCM0LICh_WTDZ6mR15&V_BF(tl zZMqg=gV~b9iZ59YJ8v$=n~+73*{Wi?s;zp@Iuht!f0r2tWVc2 zP$GHS-qpZj$4oD>6-iA+=A_DSq+vx)y?ZoUd9ey=HN@-AxX;`1iz(mt-j#Gtfqdqb zyrBj5(?-KXS~RXiwKd)*%6IJ|K@!H7jGh}1&1SYVl22XIq%RcT1{g~yC@%#_h50~A zIfhyA**)}n4QdI-$Sb&CUFcE7tdW05vIA-6It}@Ma;t$|Sw+{J61xyf!I$`pl@`jK zvWK5tZFut^k5F;sr&vv32{;9Pc?zc)h-l`;V#AD{W%}%(-@O81dwr`OQ;s!4Un@Q@ z=#w2PR$1!kB&G;ht1e^=Bh1Qs1G~T|%5@oz5_iP=azhFS9?Hquz^{l8qE8Gi8Lm#+ zg|PV2;FQ#7;PIR~%>Z1q%EJ@S!)ssKQ({q6P&(FnDS)wPV6m@%wfzhVr-8mI^CJqk zHw_^A*car@`?hQW7}e^QQXd{Gtv={qRrS)lkGEjArPEF%mB8xOS!vTIFV10Ze$c#>%V8T$a3 z;KrJO7KaI6w-~zayUl9Dt)3%YXCA93EjQ5Z3$yBaqdX-rqgsU7_WgUjteoes%70Fr zleCB0Q$xkOTXUH5UMo65r#j#2)=VZ?^&BdZF*9A zHz%M~q-qqn@G$AxI1yM~jC^k4c2jNO&> zso2?Om(Br7;;7#&4WCk%S@vsy2e8k}@QN004_Cm?nPTPt4*vC)e`?S;P7-?DFn&$C z1PPFAC7Zz0;_85Z`>w@xGUDjmya1LpE7jkbaNfpR71UP-E} zBtN;IfsZ2#4RYCSu%Aru*Eod361(akBS$2+X+j8D8UdxiPa~IQ_s1N0$-pp%;pVpRw*hGnepmUUa@O z`1S+L8AxZfY$+g`wl#}fZLvx~-+P3)gQ-wX;`*OGkA!0E+FvUvSQG7#faLN~C?4_19o^_o{Y(_t}6*i1loj3M5{?s;%`mcc8zFhRRC{96KGdvbm(g$Dg&l* z8gVQ|8)ug_?of?)dkv9-;jgLs+cr-Q5G22p#URD9n@6?z@+JAYT^TotC3+J9`P_J* z4eLHtxHNQ*C$A6gqy^d_@S$}?;1(Bx)htHv?H3Ep=b&)e_lg4fu-{HZ9~Pi6*OXvC zZpZZ3B{ks_yD2%$dX{oR_Qc!BO&aq*IR>lgYmubo>mhzED6TVhyL$I!|Bn_e!3d_V zsqUYjHr`dhb(ycx)@|NhNVlK)O-Co8$0~;6^s+5~W*yr4$j@KCeF^N5>+vO$uIYBvSS4O&zrSY8`IbCIEN;U%oqz zy24}C4d*^N)OS@w-3{}XzX+MyD!;rti_o_RVIs;FFXFoSVIc7(oUJk(XL34hlX5-8 zj8fq7ACdCsJT(+Csb{5xtp`*l0p*Y% z@v&0%Ynee2rUX6k%t-`99k9n(X%T_j;FiVvv-Is>^$3J+QZ(=OkH;+n(`BH3NC+k;v( zz_}_D{2lGWh{I!2XaIeLkhr>#_JqSLzQJ=#c!#G~hqj23%mx~+d)V;hS7)=-y46hH zd+SD7kwWiMd3=?-=5~DjNEkD^uu$L(-dD5I^}z~RNINHVEU_P(0u)YM7oB(c+`$vt zF8Tbk2~^sJJJ(Je0$5;|0Is=V3OfzbExZK`HcL5O^}UW6rG-ramqF3SOK^0wjH8L~ ztqrI+77UztfjGmmAEb`o6Un%gZE0Dehng{H~hh||{?3dBwQmgQfE9B@+#75^H&63|NOXLHRKc=v(`vgSl zMWldNud8;WviadgcN_sd`(6RkwZXu_et;Fa+Hl<%y_|fi?572^J!9?53fn5|iJZ{@ zIf>`SoTF!-O_*8DFZ6nH3dLK$e-Z5FPa*0S82eTKk<%EgDh1lM9O~$wZ9z8s;-3ng zStTrdi=HO(I9^^WvQGx`%9ILI-OEaa#Da@F09E{Yf=kA)?scx0|KRG%dZ=qJo7qDc zV0dO2)Ox-{xz63>c_09u93k5C_b>-B@a5b@YqLiK|-hHG9@tE!_!Nl^y-=Nb#*?g^P>+`PE z*JJ`gw?AAU=pEP?pch9pfQ)aKwZfk&I)`d}fmjkm*wG1~KTNI{?oh-FNRdDV>u`B3 zGiTOF_aQ8Jx@Kkjb=kYY`wN+(Jv7n+5RRbbjgn1K!qsq)THOzni?cW0GvH~wh1@#SWE@W|2n*s1!aF?VB~Mb2 z3Hi*eor9S;%zYI5UV*Y6AmyB5eaOJ$+Yj;HrS}few6!CqoQsaFw-Fn1WCcf&$is#6 z8;x6>EBEpniouCui0VS{f~Wm0Kh5ym&NdUvrRo9`EHL^ACFmes&MA$8;iks*A*F)( z@g_)Ur0+qsJTfcrIjn*NMiLQ*$afUA>V;hW zBrL3_JkB^^32(L7S}U$?uYFvvt*pzG*acQgFmsjkrrbGzNE=vyzc}2rpf7fKct=mj zkMfJ1l(_x~|JTFA`-^IX&)eU1b!81cPM8ISJebtd2{f#-$n~=OY3#Zyz>t#Ex!;=( zYMMApF6eGyMaexZs}lKO1@FbDt+LpB&2168X|1w22i4fZI#jkOC2p^Y zo&qF4(;}An^DU3djNOHCs8_FB(2vfX(K&`dP zYdlW$I{xg`Lq(XBvdmTG?r1#{++1uVO+NLQAd>_88z_`03dGj}!_Ee8#hwl744i4k z_ry;AJs(H@?EuqQwAzQJ15JE1OTNz4gEzA+;G=3)FgrUCC1-S=gdBeFo80tyL3^8o z&*wd|zn?rg{M$^S_V-vozZ<-;g_SwqLkv>8n(nedrZs=uhXO@SO?i}gir~U3gZg6% zFJh+irfVv4>t@w`e#S2Za>hkh9HxwoX43;(GQ(7*ltX6f_6E6j%>R5G%oKM*=Mu>J za4h9G6L?7eT{354*-DR*!*#oa26HB{zde|!O0aajr!n-KI5e7M4}44c0z8zUk_g*; zj?O|!=>zyBsfY#<&ref%nF;R7nQOGKQ>=iWCTY0CIn;St#S z!}6%%KeKv7Zzbi6C(N{UEv!;_S-Tp6nV=TGRz=zChNgFsw!QrI4%DSz^v7Wc@vZ`o z_um7Zt7xQ@RLak*mf`f!=hY9AgY$fKWyiDmN8 zyrpJsR3{3AV`+h(ZJq!Q<6FS|yLe@$`VrnLlY>S@1(mg-k)G5Lz@-cPn!&`W`(|%hmi=_PWL4nvg9?`l4e=l8G2U zv<@?=a-|aa;>>kk{J2=gz;4bit9TE(y(EApLze;6iq)`t7^rip&3e)rC(9 zbj4yT=YCDt?B`_Pzn%7AR`;K>4}4mML#g5c1vHZG)uI>G9K>HEn*{s04J(+?rG+1Y z4Qi?>ubypX>h#H^zj>tdywLk?Rog8Q@w{Q#ji39U?|e|@wNq!G>TX5n_HC*x@Oa+G z2Pe1`W8Wz1ufKK$)bFg_pIl}^2O%1}y|E3lNaKkU$KpC~TlFvFk;;5W$4O^mDpShzKvOH?o=$(;)n#ey_gS#rC8z{_nQIZJ}O zEHsZty1MrWrjefBea@2IGH8p)j8DlimIR%jS03FN zJ@PY~VS&J73MG=Wo7l;;K6^8pc6^$KAK}6TEdcS2x_TcQO;ldOL+Fb)J{-Qz%#45& ztw(ufEwjWkfNqD6vhKS4jMz19>%4jE-oh9vIehy8!QjMbh!fS+EpyqQ(hph1N*ffw zS#XL96LOg#*60*kP?m9fKrQ}xCPo2^8hX_+nytC~M51z<8`4AOnBfqS*iX;9Vt5sM zB3}-+K2U$`DYgI)tKxg*M}U;ofUQ{|LC|LSl8Xk!z7yMuJ^xp&77#oG`kB=~{Y-VZ zAVbPN*4BHI@cN9pzbxF{(n)_bd+eUA7y8wX*RZ70CD?$~Y%UnupDxZO6@B)QJo;_hoD)9Zy!TND{ z6D8Dn!c;r`&BRgSZ9XMViyg0MGJ#py2DLMLM(@%xC@00jse_ngwJ8ZK=C}(*x47I7jRngneQQ=*8RXFIsR`otn2J zM8kV})S3jl_t<|3MS~z9jxFkO5!s$%mqB`gn*=x33)UlfkS5$#N%e|4HcW$Cj_9-n zW3Yy{<+*U2W%9HVZ2%Nx?>oSwx?zLWhZ8Kc_>L}QZvG^8RI6l16~DE)+88Vody{?$ zR{b3Qbw!1DY2XM|T?Tp-&{Gjz3zB&dn@fMDx&w8a)*CTF#6h-6))X@kvML+6DCObo zJM&VuAN6xLV*Y*2;K?pr`k$heQ^(HlXqjw(_(ZMu+2_2JsjQRVJ()Eq-{ToO8%#+p zTOk$DV6ZZ;*sQQ#yTUZgB{jfLzbgeDoXlkpGH6SijCCn$DLNP>+ik)KAp&1UW=6;g z8{VG*dcKR*poJ2Y?sm{b>F-^X1I7hL`bPGuaKvQYx^=&`vUNhyb`#VmX@nd|M>A7C zj9$53PEuaq?hs0>Q{;M9g$W^Inx_fKG5`LtI7$nf7DvqXpg?;nB z$zRAqCKLFYpXimgIFut@Bd%8WzQ1b;IHNzii=uu5^kqLr*ueR4eDAQ^f<5ZM-aVbk zgimSCBkTkMJA_tpG&__~^F3Eo2hLHvdL%pRjI~~{K^p}U`M7H#3Mus`8gV?%e5K1b z)#y&)Iwz*2+`CiMn)4RFZIG=F1JB!aFxdZdL3OEDy)Lf(0NuYK zJ||csB{dY`=a-q%^vY{trc{IX`iRi2sTbQ}kf~5`dL#`Cu0Edu=H?>K*UMx*ak`#R z*lIwvJzj+bM2(je+POh5Fu$7_*EPu&b{?=u(LSNXPjSatO{ z_2BaM@ZXV;?pF4+ZcG82tig9qj7D_>dC!k$Goo0E4~J5$t`md6&2Q%BbN48Zg!krw zLiu%f%7Vo!0UD%bbK-E<6WQ+N%9ktL3m>$MejN7v)cb*|Lbh7T$Rxu_tG z-^}#nNDaYtrVTz?Sx%I@8jr~*O%|wmp{zHqm73~#$^U-V(}Ed%$Bgd6Tb2&^P-CDbiR7c(q;z@jbG6?18q$=ic+KQ=&49Fsy%9SGC0*5{*2Z^Hz)A~ zm$xxLDPIW=g9yb`JWYJ^A^l|Mti|U1Qr&WY3;-1ID*D9)J0NR3z~KLEvZee_p>z9( zZ1ZT&P{CSjwi@P2cLj&(>Y^rT^ohF8(4W?)sWk@O$l`AWJ2C$>0nGyMs3dMPOVf;_ zM6Z?Q{_F5)@qvHGh1t`;v;wQ)ETL-O%5bnNO<^aGy%(>->OLPi0ORd(x(pTLqbaX1 z$b-HDR0BO$Sj+uJT#HXfCWF?L(I>q;t+Iz`KRe70)5~3qQRpf6oO9X_KO*mZGPs=@ z8iv?CMgxV2U4V4^g*5C{uTu(9juY=rM4+F8Fec1x`bl~zwfTKJn}`#8m@WOj#ss9Y zO5li)qi1aSoobjRdFU=BG;w71)V$T}H&lzJ4zEMZq{l;S>I$qp|5Rj`-g;GK=>gI? zcB|~SK7;sv@=lP-gAo8Hc|)fj*2o@QUaec66;kN;?EDQ9b32hU3-w)Q%H#p7iicQy z6A(hL{r!3X|H)HoH&G!nDZ;5O+Lu6-Ve@m3wl(%d#i#u_hBEg~LVGk(>jJ}jL@)GB zY@SqTvUu+0g}whc8zpbta)v&+?WHRxU%FG55K_{@X8$Zm-`A6Iw4P62^krk!2fWtu zw&*tlZH@LiX~R_A8ygHaveC@p=4f7=^1QNTWB^aMx7q0C-08heFpva@1=@v~CCgm8 zDc7xzZ?|201iuON?8i$9hf|ilW^$zBHhhuv&?xa_>6lZ7uRD+vH;5>tq5%sz7w(#p z`n$+Dcp?%do8Chjz;r3EEZZrxV8Ij@<(9%}btF|VGD~%bvc|)y*A=SKSq7$Uafz(M zK7@YX-3!Bh`H^Cqcz??+8fo*yw~QLz?n8(Ix$Vf~(}=NB(g2oBZq|z54}$}mn5}4J zhtIXr`}Xe$;u=s@2XDXlJN+>J%QHArx5b<~?N{b?XlQ0J886f|g5MVRnn$tiYVTZ~ zZ9xif!3$JUxt9-@*(%zZ&qgg{bTVFm2hqzm^i_uBX z+XP64pMS@yWT&S0(c>F+IMWuoqs5nI95|s~Wh?7kyl!u>qtzn+OJ0;%X=zR?9KUI; z)V}=vPh2wznW)XzqO%acs_qr(qrYk*DD>4XR;#Ih{l3tFA$UBYRCso7GOFaB`WcC zOG*XiC=h8sV1oV@Rg%z5CwheaNtINMbbqD@6{zx&m9(T_$2`=~&-DEL2|s!f0V$IU znSm$Gg@moLOq-gBL}_Fok3>y-;NN^Cu`0*Hq@h~*-QxOvo+w+y{0=_C&NEi*VIo%L zR@rxiU8whGUV{}G*!*2;nI$znrIxK@CPj=d%yG(N&=rEnhHQtpPYhTu`{Gm{JiS1r z&(TNngPl`AwvJf|r#=3r@>%(l*f$e96n^-a_Yq{uB9lrH)Vy7XCsa*-r6*dju^?r( z!7th~9HoDhxtH!GV$2gcH^FAu#pQ;LG%+@w6>*shTdleId_kC0bc&5Kpjt%Cc@-r` z{|(>jS1@f&-16<4ZK+agdKa1N9(|aVc~@yZOJ-ByKlc|I*0k>NZsrg2qMH^TrovI%>inIy`@ct2t!=`eYW6_0D7ykakZGDmY`E?`d$r@Z_QsjV@cy@Y^1%pJ~1X@>I9 zf6h0mUpHr~(!_mN#7pv2#S93cHxMe3xy)t)K{n=EuYQk9S0`(ZznK6c4$efsU@M!j zlNOz=gj{vN_wzm_jGoY0UIk~N-8c&)Mm=gDzcn@~0D_40!812c!;L+`m;x}u`Ic_Q zdHj<^9(1F%np+eDCip6uIAG*$5vzpa+e)ex2ZEa(QNp{=S^wvgbYD z9ZcTb#L#jbbkQ$6^27W0Y6~yK?f+Yd?rL@03-ta8e#tMMlqqgK2eo_2Nso5O+j65CGHAs@D@27Y!DePQFNq&PkrKB#*_^w%wbat(|t zgwi@@s)&680H3Jat2|Q!DUVeqZ`kJYQpBfL2`o@A5h5+?qqbRsv0~BmUX9%>z$=L* zm98}$cObAk5Rgx{%KbYd6iipkdt}FtU%s|DhPribJ5`t-VT}9r^L!fOQd}i7s!EK5 z*Oe}kUi8XB&wM87{2;dV*j@($IqSUS0Jb1DurhJSIBP9Hq{hah>KSY2>u>rDeb|FE zY9y|=wF>qgr>|C-?9|jIFZpT~R6G<@c*uHPrhY2Ls`O(*SB@DLo#Fc=s*TH-HgP|) zcykMN*X)+AU=_}|HoUqv+g65g^xVs)1EmlopN`+5`;Pf`0P%C$ji)+`x_Ahcv3C%` z8kz$F*|u2)l!J!lP|W28#&v)8`KLYSXM2}R*CONI#3iWCN^nVo^v}&IdhTFXvivd? zs*qg0^h2RWY5o=sT?q+&pbwdJd2)4wZl)lhS1s%_dMda)&+=2(O7gFAN~>4ZoR8*D zZ$FJ~GqNyBj^VG(so<#BI<&BEwh%-*)<5;PhkfPOpBU!G^h=)n>7a*kNd@eVuVuYw zTD)S!yyRBbtG0a&?;y053#`Jc>^;O}9HDq|ujre~xp!4hGjdzx%}c1f@2R7w-789? z@w3t2KXv7iVvWF;$7kM@m-B!;OOeroe7NPJK}FUW($b91k*LF|ffI9{CR26#`q-H< zqoV%Oa6LpX=&vi*0875)keCcbvCSG)h)|=3(8BGBofF4SMi)6yB>dZ!XW2AqcB`kd zzRxzYzkEmbEHU068iT1;FJ9LCek@|NGeXQ6DfCit;yp@^Uq=l*?4PkIusEiRTmssz zf{eebgL)hH^ROecSVC1$pR5Y$v6L)1&LYf!;IP%;brxDg6Koao(dCL&hox=>k-7U48!qI`eHGZ6cD4v zuqv8uj^ZOdE5wY6PCj1z^_d9STH{7q`glFxunBl;BVEPD>$@AVcMDL8lU&^lTLS zjHi(hY3`@b>tpIN^T4pb;pNNtHi}m$u{h3I)joOF$wwEw9EJsw)KnOrHVH5EMmUVF1V74`C8DoQM8oQQR+eL3f{NWVBNJRjE>K;Pbk zFq!Y-_E72xWl+!^_;P8xagl^)v2~k~ga}3RhCLE-Yda~fA2p_nz~XnUf|=DQ+dj`-iRU61uc@0Hfhd6n+cW)xGCSL=Y2r~>|)Dh=lmmC zE@Y%254lt?{V&Bs59ORB(hW;K3jFX=BHa12g8Bz7{>Ms>7-_c3S7tfCR zxhgVU!#}G$4J+Jrxwr63hljSayf*2AwXyU0B_x~o99XWt#rd5RP8>1gB$_Xud@GiE zU!Lc>GzVR}n(Nq2=bCe66vpZ4+SIb}VS{kCx%iIR4p(HL_kMFZ1Ftdz(OHjr9RoFJ}qsKyt0R>iqVz>bDy?c-KXn?e6{ zOY+5F*X~d>wKiHY)PX!HwIfp8-#jGlS;@`)Y^bgF@YbW+-z!(l{z^UGt`VmuHKI{i zMoE~E@tUj-buf5U)qq60<+j0D5m(s5w!-ObDYB}0%t=|%f>xqeoz#H>8sI#3!Ax?9 z=Ufr@BwbB5RzM?YKS=?)Q%+oJG+bv@fxC(yPgzSjFosS~DR!E7o6UzXZYKz}yTu(k z15XCRIM9{cMmE*6Z}&*nXDJjFbk0R$ zn@(GJ_t=1u@=8yHzdC@A@~WB8Dx6v613q}1pJMgs5B;jh)B}}~o;OeTce1b4cg2n{ zUp_o)*^*+Ds__390yp}Y)bdPdcLRDV{ z8%%iUy@#CSueb$Glv!Mv+zW|pc&JZf#yusr8Mrnc!9WrpWFRB<)o65``IO$bimv;1 zhFf$Lp4C{q*rY+omz;&%nTuwJtIL%SEo-$g4r4_uPub!W&z4^mpWgL3w~(H`TS#{- zG-X0(FV;@g6L)EF*(=5}Yd3;DuyPUp8SPwADuAoQBZtBM^MAhrffE*-_f8g)T-02Y zopVk}^6O;}mkt$yVd0M6H@bNN(T5DcA$=^Glm4Kqs^L)zy#~NAU`4I*&fjgXkc5gt z9B{o2fdfHeNI;|;3#MV8gI@NhLdqRbHNW){B&>-GGC1N`mok9BgLmtg#o}*;K&V*@ z18v|QQ_gZdIJA|{{ZnAV8D*g{+2#VnOy}KLIp#q+lHodDpjJVL0M|`+sDTp#`L1=_ zs5~ov1c~=nJ7nV6zdghJnYc59N7SA6TUa-K-*-GnR3JLZkAe&J%|*R2sLr||SnDM3 zG9+!;!f>bKp^MX^!K`Jxyf<99z*j5PStQbc%btpvP2gvu$4yfTCC zX-qf0+QxB-C1uL!e8Z{Z5q61mAy;Pqcu}Y=N-9iltb8rpJ^?X88qQwk3LlxI1hpq5 z#7XSEMYSjRrOEB>XkkV$|1lZvS&~A!nr!w-5tNf?XVu*vp;_K;!62J+Cc7@yS;MCo zxx073IVYc7j+P3K$()y1F3qZA*Pk>jl8foKfUPgkfINR2=nmcfWV8QB6Vh$nwkA<{&EWQ6hbN4QV_9Wrw_Ox6U?v{p z8d0H{s~Jm!HHdATl)4+X7^iR(Uin6pdLH0Hu*GF1>^aXRt9zD)jZMRsl**f zX7blSx%l=cFV;NqKMtM$n=}()pCR_IUwiGYk#d9doE0=p*Cc2Q?Lfm&AG-Yp4O%*6 zSH&84AWf1R?VF`n%ZB!4Di<2rn){E5P*6)n0%^@NoW%<4*A>7C7lWT2cN7<7>y&C( zChwWiODImSwok<0FvS5Tg`_8_RXfK$Q(`>?JwVVm=+e>T~6 z<`gtKJbwxxqCWU&X5&>B*!5TyzHa8mL|ojwf%8$!AX+v9uhM~bN?r_6of5+0bk{=G z&oGLCul0?A6n?~~%pLaf_#pP%XzrE=H>!ih>I0`r)rIVO^0)%2vEr+OX65%B!mDGW z;gkapX}B*xj~{=Zl9R;iVd^u1vqC9D9BSGpZ(D7)Ds#h`L`a8}PvCLEH6~a(UKz^R zIVm{|@TU3)FF|WTETv>^QADnjJf?HM7U1c4h6}7NW>!*V#Ves7Kwo0=Ry<;@vh!85 zTaP3q%C#ZG26r5%Z)&mMT?;?f|9#^OPj$RujdJy$$@%U6b&M#nY!43hwOrfT>K3#~ zvPybbYap~8xxj|T zu02s@#yEPQXiq=ZwSxYnpHBNlH}QFzJ29$F%6Wd>34PfEj?^lAqmKr~s>Bk}T?_K( ztog)9rB(_RW{Xp^?pK`oW#%WDp^iROT1b#lKmj`7SWrdWZKY|s3J(b6)woL z38gg}Df8Ccd{)2=*Ol^ltdZTwGxcEZ%IPbAqs(Z44ybM{Yd0d@tyl7KDmy~&vWAI_ zR@Ga4q086zb@^IYp!N-43?Sj3;j)!ceW4atuJ%hT-ly85_2_cS=(~*Z+pne5Gq56b zd(%X$-B#29*R5W??d9~+rsL$<-c(kYlWQZbBcwz1lj98p+PPJS2cMk6lFg9vKi!bR zV~#1fP>TQe(|cDZ+Yc|KCJMHSqcQ16$|{~GCs#M*POM+8e_FT~H)$sufpbIrGr$3E z)N9(uVw*!eCzTf4e?VDqV?x3m8z!{jl(BK~He9rVc(1XDJn<92(}3C~iN%+(5DolL z*D9kPh|S8sF9_Q;*9^pY-vIDMEUCofw@)fI-v#AjJ*&H;&x@Jv@bj>4=0-F}txEUF z`3FxX43{m{I8oy2VkygzUplpL_ur@UX%^O?cAxVCVej7Gt7y6AxxZ4$cUcG0YZE-zStG+ZY$g{%k5o6}`L=GhV$t%Uzx3-f2O= zYEnf*s8iq_V^gFoX2C>s9AiLRsZ&t@uZ&qH>JcN&>y^8K=(VPLmU?!QoAqr{da~A* zol^Rf#TwTtUXdXr;dvWIisX>??|47ZbF#LD@O4(E37-M z=9ae5ZNrPxTdP3A!9N>$u`T`eMZ?1VUbYW~Z5dP{f;!mAWBiWHyy2hCqY0h?Hr?Np zu#?j5XMZVgr+rPSEq&nm^kg>hw*+;Pk-l z=fFuUICKlV8OT$=+UVRd!1P^$v&8e@#Nl>Fsic0k**zW5ZP>h#-HXAu@cN_QJ@8WB zVdS_f&+L8n?RGr#Nam*$XvWP{&mx^qkNYo#$n8Z$sUzFpESr1mznSvKWxe1gaTL`Y zJvBaZ?fjkGPpBQW-Q?jgtrpG&N|a}`A37RueU%C=t5UF}W33Q9J0A_wU*s69?&FGG zWGIf%>vHb4_{s#r=&myz5(|$Dikgc%^7#GLrwKM|n+SCtF_1@~%5DKFpT`cSux&@d zWC|tc9Tu|3a+hNKNdo)v)cW&8uS6bz@~74?UPc6#3ukw#O-H+w$>%`VC4vH{%`3S# zjAL;U);J(_4LIs_Opw>~=_gZMOyyXQG+@Eq_S158C^%>cg|g#v8wiA`@jTxN!X_uG zFdV;maN`8W)D^Nu!p!bz~A7i zlkxp}aCeFUY|9c&0$y)I8I(Qe&p-9XOj2~nnOF{5PQhY;Y^G7oon?MU-Tux4Hs}TJ zs;rPEO=Xm9{hsk{2^N=8wS%kSg}j$S^8sR2@=6BC&e0iBx0~xD0vd7O^8wX#8vRnL4 zU9*$X^x&W>h)DUZ{OCUJeoowW*eXRC_0tXyz}_D7gfLG&9BFn2Mdbl*pk^R9sl4p1 zAD?_dVsoIrjPWSLNyo0baN_3urgmhW4p>=WY)ompSoh1QJYEkHcd;TZXWYr>m|5RR ze4W|7s~D-#M?cBa9^WZmj32KpqBddGRE#HM27kEg1Ev!{?yzB?A)CUnY_uEOAY~6& z09f;4?xuDM4m0VMa2(N(VQ2TQ6O#88dZ!{~EjI5nFppyNbyPvaBT)}5G#l##vgtP$ z41)BB9$l8etDl1Z1E*n5ohOnspiMiuSh062E%x*+_k))E=!ymX#ditej7IW8-NHE> znQoz7<|I->k2OJi(IMO#rx`nTNJyn>OxA|P;2AlP*EEC@K+uO*aEC3Ednn&aHJNJT zmaNyU)K8qSKsF>7Q*L}qB(M=+v412Ta#z@N^eaEPRqi+^h|sL`$%+QEcsCL(qz4%) z>6mPS5xXwn0Kht!aER-Rb8}{MO)z$MIA1lfg$qm^8hn-W^Qex#Xg>UKc%Oy8V5y*> z*XMjH?^iyLfLE}4k5A6arpGQ|@+<}?l| z`IL;9p3q{cKHy*d7KvQee?_OW9%{1B z0(H4|=Ra#C=$Oss`(jsil9$?yzl)<}p@6#QX9f(!yjOV=n=}|V{&vCdz0m59(!2eH zMDx%B`A99M_k-BiPKI}-;0=nQ_$_z9+mB-^|2~j8X9Plt-Fq%IG?J~hrUIw5QFtrn zmgOj^RpWBYDwKO6RhGbOFd37Q@MqgZE#wk!JQk6DQ@yF>)jZE`Y*)rDVSmOC+VjnF z*?;wU+r({MvBU>2&PuYzz%1XJe8mwp+H9$Zn0W0~e~$Ks1#v9JkGr-D76YwSG=ti8 zW1+9tJ2ze!Ij2WcP3?Ydz=U8Q$@UIDkIS{dKftLty*Jh0AS1LHu)>A3WKbVVUeiZi z5MUA}zgh@?yrYoVrJrb=ekc7iZ+J?KZ0g<)klM8#yd z$qEa`42vnTLf~MIlfZzoN7I~#=C=Y1)2T>*$mO;|a9YFd9wr%9tXm(~-q8Z8B&Uv8 z7e1dob07ApGSmIsM`Qk2KZLzgr5oxrWlaDp%+#LUFFC7rkJRhK9*BoGf+{G zNvd5~d`%E4yH;KmK^y(L@di#5heCX5iWoh?mw*y1A*D{yBtjQ%1`T_ZRH|c=(R&am zL&zlXMUpV*Fzhi+_Ir6hWdaLu!A~gQM>=Ru*vCb87-{%0gyl`rK7y;>#kGg5^`7>Nf=(k3MU3gwk0Z^3G3!gZM}GIM|?u&U(xC_*|*S9hnCF1#9l z9_G{NnOQ&yE!iyzdrl}0R4N*HCe!{)b%GX@XjK*)x)Y~bCPpg z39%R*V;y*f_x{lw$FaoIrxfOn84Xc3MOnple_|LeZRj=Wa8>VZ=+VEG0=0vYDn&N{uWFzFk4e@O?5Ez0%TfbL$EkTP(6JrM=6486op}YgIfsT+%U)L|>7j5{c{YLo=@2tV}&`4Sf_oRkzzGtE5`|*3sXGi<3shrv) zBOv>ZU#izy+|VbJUAS~&sI_SokMuCS(ogy`T&O0ydiND<8&4kdhPqbuIrO-Jo@1}T zsdv@J%sRx?E4sL=v_thND}HJ0jDZ<)UzFWSv)yPRlcb@Dlkq<*%Stk^ViZ$_G-@*x zJDfcvvH#&x29)eP-R0{=_mM&eTHCg<8hOXlyA26e^0XOI?~p+GQ_0r7G_ zksF8!m5nd?w!cZO_lYG0v>oBZxC1-?lAvI@o4u6DelG5fTY*D1inb za0D{L->@5a&>OU+cyCmCgUMu>FcXw)rxZ^n+tEE{`&n9!9rgn-`Eh-e9f&&)qY7al zbK+KIVGUBpq{8k@zBY6Ijtr^sKt-@Efp4fzbt*ilY&yA*+y^6go}({-y_Chy@e_@S z-q$-0RiI-CDd54#!H#)3b&~({%8i-@X_=mwu-`2s)@@@;&bWLJ`m#jr_*t07TRO1$ zN0%=qtlN*uUh4Cr6CY}TlU5c!)9qtCt~AOUoN2t1);5(=H&@jEulqD5dY$#93hy{E z!Dyp`#mV({_NPp){Esr*XGPg0K>JEZD8T8vwbXnmWkzCk=s;%Ooa$)3s9goD?OQmLY|Ej;)Rruo? z8FB3%b9C$Y?J;&ocJcTFXL|_{dRFkvc~;N2wX<(D>dg(M`WqOJy!Hg*=4Y8=bb{ZK zcxa6aSlCSd8KwU%ZeTDb6X&|SHJv<5UT9}90_m#$(TZJ#$y zJzr$18rJRry{cdmQ~k_)7F=O!=vB50u}M0(C7MEd@s6WLQ)J(R-D60BozyU3o~J>8`pHO&8J zYND2mSGgM+`dma;LQz7_x5SgMJgfGY=}Bmd3Y?9RKd|!KCBeNP^0$l1t7VHHX8UA&u2b1h&aQnxYCIt1|Frhy z;ZU}1+?FWWmzjuCVk|Rah(_5GF|wCsvW>x@?6QSHl$~s2>=DY6ZLDQWhA=3l?E8|M z5M^w`clW%{`+V>B{Qb=_#~k+`GxvSXb^WgMI@jNsqN!*I!dpE~NO%IK=cR0{lB1t{v} zS1hk36})(*1tt$Ohs*wA(k%6|37Du-Sck)-Ulp!4pa33y@k+R+aVmG%KBq{vsfw*0 ztS}FnN~h%U`p#rhn`DXVVKPw9Q05NQqM6ztfmD-|npt~Mh5GV@5nCabot5dD4+6z& z5{U|JJn@PzPjqDsfsdg4_pUG>m&#^lDopTsTbm#EY{2~Zag`bDV~nv@i!Bg9h!2PE z9(_eS_QwRv+#U-~IZ(01H(#>&5YT17hBIybxrM$@kx;UU>k^JE%hHz^-$6Iso%}gh zRg+nWf5czggOZBgh%tPeHs1u8eAZ&JizFTB zegwk5-wjQ*XH;JfVmn~G@p9+K0;vLu-a84OnWKg^tAAa>h^WzjVEc3)NQK#W&^~%G zV`k;`fub+hST~h)#Alf-aAK#=TR^m1Q<~@&%zvfsn3Wr@lnH zSQcq&hM@+PaB(5MPGKLTw-V{?=%n0!fNOFI>XsNzaQ?O;T)V{<@}$9!>(n%Ec{I-*cxuM%DJ} zws5GiTi^LIE(?jb%gb=NRd}gVjD72O!-LnssC*f~JKvuap8(y-;`!erR+<4vr%OlN zCG_#jvRX`Ou_3P9VbclLX0xcL#;~CoqQYXr%;D*2yc?ap}$(Dl4xn`cTg;JKB}5ylSF zbiInslCYnZ`;d#npw~^|E&|;gTzWb(Ram@+{8~LG9KZfloU=}3t3nEjm>;=O&X2nk9fZpb8MD9c*b`NFp<$apiv9mkC}8laS-l_}rjX%_K&5~cE8*QW zEJL>doyTg2A|S9N_ZT7d@7tPsT&mQJecPL=7V~~dd1b3V6*_t7n@l*&j}cL!scM;? z1NM6#K-EdJDTrN;01Adn3(ha-$;xea6^65uH4Q9D$;)SeWJ5uXbbTVHvVH8TInAaV zxTs|@@AZC`unuN-AN{~Es+wHmbj)7g7Sz+N>f=cYpsL4JjhDl3-qt_{w!rxB9ZGSz z9XRLTvb~Qj%SdnE4h{c08l_QF0xEuMo9df2jis3dy;=?W{Mw+bS^X03c>5BpF6)?l`p}G~|*`T{(9BLR{dR2GgSC$Uq zX)eIOz;^uWg{;q4OVjuw)vfU?PnnwT&~({!9AyXAsj})B656a-f$!*z11-35#AG8+ z?uiOV6$|Y`mzY;|-#h)oM_n6dJOcE`Z8{Wd(cq{3Z5NoFRG}ck@7UgY%{;)2a-J}o zyhZYHYXkCZG~`yG#+U|axlz6Q(#G?87psRJ3JC&KAP(9;H8_n*(0Hfo!?LM~2Wpu0 zNY_DMkyw{dS16=x?8cj|z{1MR4fZ0eEqz%&XbZI`xJTc<;xxQA?ubFFmR7ei2o29{ zzFvt9kNIV%skfzq+sD=3P&gZgqVs6upCAZ<@OYl$K>0fVXoeLoS+{OXAf{udEo z4RBrnCtnWZMJw#frk;4K!A#sO0-%K)L-JMX3+B4IMmqV;+NegLzOl_fAZO%fi1sIc zo!5(}+Zh0Jo|1Qo^byjz9;v!=K7_%TKxaDqJe48q+5_gVyRZ*_nxhkN?#j?lv5*m^ zelabj{0k@Z?!2)QUrn0qNo$L+?^N1KAoz+{L%w(UuiCGgJNxT_&lfjNmgf8Z^jTBB?*s=D}g((CALJ@p=( z>b7QbQpNhwv6R5Xn7Gx5UUUcT>@;r&w#Od%Bbl7h|YSVeu-8w*RX zISIdrKxBLs|CvLp`{+E^y8c=v7fcTY!T!X@t_xb-275qt) z0W3MKR&KHg^AYkR>p_t|oM3qOvIiswhWEHxK@9B*yGM zQ2|5&x2`M8FJC1LXtoNFO(OWibZIVwE{6tU>g?PiLY|3Sfn@y znaRYT#IIfg$X#FstpFC6oDNau;UE5&egv9F`#ys){5WBRk|-P!v1H*j{yM=;4Q!}X zqs^YEp|(MJKgfLKtX5tVMkZ96{MPx~Y~O=gjWn6&_XWuE#kKnZVals6xHI|kZ=XCs zSSaAoO@)pbha(CvB?V*4v;1TdyVs=zu6+0fB>HacMhxPh;2jugif}|lvuKZ4ZXsy>bb~h z8EUH{U3yF|TOE<@o=E?TGptV>>CQgUIBg1LMuwl%^v{*pzCrXn(!M0vFQW08-4|u> zh<|qOP~SwBci@Jov~dd^XupNAh2G?2Nj^7k$c-zv^lrn9>)6VOLdV8Eyv1Q6O@%Y@~QplWs;g$7Z|-=tmbzT>ullfepE)d!1RKa$zyA><8aejJl04()9N zd9b*y^%tNt6UYrAZ|*beKCNa-^yMYhopf3rO4^IcsXo^Sp~W#+ zczG!X4*l%}haye3EXawZIxz78J<&o^Pr^V^oN_eEN;EyILs-&9J?DrU+k;_)vWGB0 zgO&kY9W1qXh|I+2xNKTaSej3>VWd?^RZGv+3@j-L77>%YePh(x*nOwx{A8_)s~^ydfq0Fy;63 z;QISub}`8yQ+Is{aJhu0q|un+YgoRr9=v~nUX7F36VL(!+Q7@%7uU?nXF84`QL0lI zKS&%3)Y8y28$NPpHD239?vx@2-^bKSC)?%8SVeC?2rq#CR4IEY2Qq0DxOW+pQ@D?dw)j6;;!ns=&> z@<|o{T3WBvlepi^wHRL%yWoyA!T)p^8~A3wFodej9cyb@e$_7A|NItKC_SyGcWB5a zHrV}08HLvqi9;nYR>@2=Hl2tN^V*$UZ+y^=fNzsq_L;)q>AxD zOoM71suyFn(DSonUxhU5i_CSruN_|K9a1Z9XM0ehbly(b4R7rf&ic(QATYo*kZy%r8C6p@rUJdvQXTZd}SO3DhSR6|KF=MJv z>QwLB-c1J+Bfe0%IR$U%5UsfP^QkDJ2N#?k#Vp&P7%v z=+BgjznuBGoh}&K>c3Pnvu6F96crCouQ=%R*seSrz7S-n6uQz3CNcuEEV{}BJjhK3 zJCk`JvFq1)2(*RT*cx6eS-jqRzV{M()(@$X+@OL=txNt3S}CLo2&eUlo8MHEDY|WV zp&Xd#U@`(nKt8bC{I=M%xXx1EtYB9)c3F%}hkf*l>Jw3v3B!sZ-_`=pDpi7EuZ~-h zz1{B{Zk8{`JB&K6Oy?Y&vxB@_NkvY4bW@6fcHKLmE64+3+gptJ{WAETjl7(_rlGrJ+ zEmKI_#b(G{NPuCj!fIor9BE^T#nxZpvR=-lZB7!~ z1sol!?89iCJN|QsIicz-VR1@KH<_1gMy}N1e}8B=9HJKaMkf{)E4>kHMX3HYBi&oW z60u+kqu*I|@b5Gsv*ny(OR0sS1qd#eS-L^xyR_Id!VS z>!9}K+cPW+HDat93zJ# z1=Ik0%HAK$vG@Na!Kw*AobBQJiIHRMYWn&QoU-|;0%(tLro`bsr4CS zy@F-zz-}@TFh?@kT-Sp6tYk2YZ9B9;XHVCJ7L?ZGFCM%;Bzjy7A<`^0w^K~FP?Pb- zXFJ}$L|V&Z_w0zLEqT)MF>6)06b?HG^3daVcKwKZ`_~bq3nmU%BQ7sItcgm|<{cb> zfL5Z~^#XFpviM7M0KA8*|3Kj`aLgtu4iZ%0b|s8VODLp2+|tNQ&JurZqn}sTaPT;4 zIY}&{KRy{pg6%iHG~`!*9!9&X(cGVRH3| z?fD#;2}N(@glpgxunoPBi-MEZU`WJrKV|Zv0I@tJh!>Zb1o>x9p(Ag8`rY@o?8H$8 zQ;|M4og|NnSDk@Ri|GGsj>nFF)CC_4vR_>dLFM8YUN+)a?P9e9SCn{KIYs}qm}C#f zO&+Qgb}R}{b5=Tfg(!IOvapC|*O~8siWuNhD_QW#v3qTWr;VD+vfpgls=8}XE52)H zqC0U7eu2u!!bnrQ$sg|l9EgC%0Z3pMRZsWdzatmc_KIdmKCCfuOA@iovWZ(g&v=kN z=>KDsdkJvt|XC}JPspZ!wstmrkY(Ha-^l|w2_`qpim&Ms!LzV6P z?t=RH+La4BU2Sb$ty3hXtxB*N=mwZ=Z=|8Ad{#k>}mi>xz&~WMb zZg;)5eXL2};h&rGln3SHc@Exa^tmpVAJp0g*~NC^ISs{J*+1M%=SE(y{v%($=M_nk zD1(be?oUKZi$9C9-MvF@cuh!u{}{6^<<5V;?Mt`AB#Bbbk`#_IwQ@z1HJ0;P><7sd z%V-RK$uvm1N-aOp5YRx7O=0mNhgF6MMSn30eUOQqd0LG*gs*1u)c#JDE?6vO*;o>r z0PiN)5tTE|`gvlll&UkrMI}P68H+CHi(o{)XPR!*#$T_=8%h z2~r1FZBpVH?Qs;AcZYr5@$wXuYTwB5L<0*<{g->5x0^2~L)e+5prKZ28>qpWJ=aZ# zPI!>MH)?Y%(r4;NZ$$4$7Tf;m`m|RbH!Ug&L;A=RQQ+-T#2<-~jSY9O9~Z*r)q6=g z0S952v=oN{Ui3M{)!O@7tr99jwtPE*C7(*MzQ+yy&+q;}eU7h$F&-XgyA-sQH;#*> P171ii1IZSYH~Ig){x5<5V+l0!-bTL}|LUcu zr4K+r1R^1$prWB;U}9n8;NsyE5E2oSkdl#8P*PFT(9+Q}FfuW}V_{`u=iubx=Hcbz z7kDoyBrGB-CN3cC$FHWq^zQrLCi@r~l!c>DPJef19r1P29&gocGjL`Fr&#Ky%ZBqk-Nq^6~3WM*aO zYCcR`i91)=9bpB_Kwc3ZV0rex37O-aAG;$(S6VGpRSmi zflhM8_W%agZZ-x66`r}O4=L|7f8OF0v#Vrm__LI;+(Yi|4vo)KP5buIMqlV!8~0s& z4$p!%CQgX}uqprg)T&c#B0eEn7%XekGsvch z3hj(+qaYd12AMDBzR+UegPfD92MX#KAXpsMj<8j`@>8x@g@GF(c?cw0qq6#*WCnXz z4ab(~q!#6({Wc^&?vmsLBcd-RK1+QEsVM|4rDse3iL8&_@ml{WZTxWZpkQk@?W2Lc z33Iwd*Jql!O^|W&GFw(=e409n&wFPIQT6a^l>Huh;T~ltVflJ@Hc}Z+K$1#yII;bg z0ap))1kP*DS&}K4`vn$$qO`m;gasK2e3yLsfemcNf~|lOGn9#x5W{*_=y7S{(v1`; zyf|s@wiOBf@Q>2GKCUvWR8jW2Y2a{Yo}^>@fp=uz2t=;J3by38SX?zv9&fwCD>NAV zL`9UT{>ekK5X*+R(A}22K`IO3({+gHP+9&4!Y*@m^Q{4l_F)!~l=Q7fjiufuxXQds5yNLI^epuQXKq8`QGoP~fDoPpX~B#5 zhgC+l4oB&xDQ{{^K#%OwqO6OMhc-8%tYkZpP4c+N1F1!}iiEZ0n(>-CW_aD~3JO>4 zDDE%sVRuYl^|&wmHieu!H;{)WAp8fH!K^ewd!s7e7b*#l&nGiF+}4&^rnzJa1{)%` zSW+gUzF*XFA#HtysFIw)ykVixs7DyC9QX_vIgLLv%^~ibhXay}@?HuL{qGpJ$jQ{I z`5@dhxA)BIs^9?$FS0V}@?RmGv+pr8JV4guNa*n^ni%=|rSawEL!4e$O;c~*A?kQJ zawkM&;Z@i-EzG4tEUF}|Gd;}vpETQ25p|EsQ8)>dg)%mXu03Gfmfjns9SYQE_Mo?;vuql+fovn2J-YQHt6B8R{kzm zqgSXi)$MYg({1Cjr4^$K8(kPhOQ01dI}Bh_z4bB z!R4lBGj=IL#WGVhi4Gu2^#oVRa^fsU^LQ+pL!3v>4VvT_YSSdaa3KMuTJ&^G#sGs< z11C_;1dL?(PI!rbTVFyOGn~c02|HK!5reTf(J)E&`{tnD z=Rz7g3+lLL=9k+xjd=0Y2bU4RZtl62^Eg6Hn7yWVf5|t$jr!)PVjS;@~ zX6a1?6n(IT|3YhLWWAANVKZZ9#pJ>)FU2+fqi~T?sS?pg{Dp`zZ?HqISf>l=O8oaj zlFFTh(+Dh)s#xW`i#|((+M2r;QMjFH&aJ*Q*3{1|rxRL_yN?c#*k=84`)xDS1v|a- z{q>k}y`l-(X`74bAw$g z0-ZD|G;xcnHSdhM5x`mF*?-1VL;qk?f)d-x6efh@-5A}>UeoT`;-uXrcl6I-ZmA5e zzG6*7GV2I0Sl2QiQ3{S^gPu6jG6BF)MkGj+(Kd;C`el}b@AA`se`!U+$DkPgdtHI#QiHH&PQ9RZTm zmq=l9sJVW?P^f^*!%^c^yM)_x5_SJhM*$ObyIhn18=M$Bny_$`>rN-hYi`308^5XF zau@r8u*!QYtLAScp;oAiZ!_9E44xZoRN2U8uj9&U?v1~Z`FhEbsuh7n|7)qzWc# z_diLMAbW87jJr`LwjB@C=Gfk7VOnj}`Re57+FORj@U89*wrvmXq^ZvDIzBmFtSLCw z{Fk%26R9f%@HoIWcxLObW=?8H&s0vpckr`*_Y~*e@8xse{Tg`$*AXWCJ!00-N?(Y{L+|a?=XWcoU>GE_KTvW zW7`hErO-oT23LSsA-!)Yns?uIda7uPG9={kWPBq%-}?v{sIW?UJhYfH;MhFPQU1 z5-xnLLQRIuXh#G~zyEiDJ5DKOe1w68VyOQnBfYbM4t@exagk@@j3FjBZz?}-=Y33Q z=vpVXK*EYrLw-~~>HtStp6?j_Nr;fWbOyWd=97X;9Op{nT-q|7RsxFlb6n<&5hI*v zk7+%{0t(HYHLai5M}6NmK1nf_+-=R9@fVsJ(Zc zr!^9>8!k3{zt$f8Z<+J`i^}IVuBHXVCOT}MFb!IV6NPtIXW0}&&1ybdDF?WxeT4}M z?D&{wD?8T4bPDbVakK7GluwU;kM8wPDTJ)mnl_RrU7GE_k#8^b{^Mf%1%&dU7}wA` zu=~%~I#S$8$ddEv;pB{-W9PZuMk)^d`h7O&d;U;zMI0VE?>fLD*r(9A3QgfYhcf!p z{p5EL;c{3?IyFKRA|6IeSKj#?i?q&*3W$x3%(Gp`+=vW#qwl*v4sV+1cNW*26#Ei! z{ojQC@;46%!?Z@$aT(=7VyBet&9i(AVtaRE<{n86F})|?-iX2fLvXAZmnR5$OrHGJ zl;}F@+Dr50X3cvbgpx!=w*O^2oD!`18@q~fK}R^>!m0Mplfrc*7oWG```r#oZvsIZ zd0mruVNL^Qd=f2!)Z57YITTddV|HqN+NAk!y~j^T(p{S38Ij*2J1kkO-22trR{GzwhILb(1MAk->JI+3y7|njWA;s9 z2mM2cP;9P{k(|?#U$1ja7Jk8avmzCLmeZHn9j2y(qP498`~({}pzKUfmiPWoIs1D= zFe=>YSLaMOc!2j3QxpQ|wHD%)tq>x)HZ;<|dSbwy@ZrO2kpZGH0+R;sM|&>a5S=Qk z9kz}oX7lb{9v4k77Elg+K-$IpR3ULTTLHdt3pZFOKESqKP;d@j)Q!O}<;bsRI;vh6 z!+j|M{{n75zkYq2I(S($y2C@0nNd2(D`ob{Y?&cfcK#F59qH9^5Vv!h{RF-%F7h z4l68ZIBLJ|(VoHYi#2@zppIAD9pZW;EYRzIS>0E=+J+_Mp3E5bvcjmyGFuO|Od@{D zY!2DKL$avh*D4G7rZy&2XDWu1l=|6u%diS=&D>1(@Wj!(6s=2#eY%Ogg}`+ITq}W| zIJK@aJlaC-{`d-g1WKbA>f%{w3XObS$D}Z4sVsqVcg&lXNmsc)R%882TiiEp6H-e3 zfFdO1tc^rMh+;n=`LhXmcktvtN?;Nf_6(7w2UC-+`nNqTlZPfg>g+IhvMCsX-%#c1 zgaS`&LHQWUmK>L`QYI?F0+bF!Fp>&ZG1FX+-L!v2TB1)(D7LuI%8u%_69dfNZQyGN zr@TkmDB_~pMm=Zzxaz6K1e&9mjzaSvA*30C7V%Ad)-XXWt*7>phg&l2K}1DCbgkS|%n-IAl|^Nx%&|Vk zuXHt>{n&>L&7MDG|wGE0VPG)74z)Rf;{(-{y$sm!d2d^7x4d-vQ2GZfG3O zd__VGb|(r6XtK%hB#}ckvHfU;ca3lxM?(QO_B{SeE$5Jix$8?lP#`EmU6R!gM*-qL zdnrZ&WSofT50Y)BeMXj71;>62N;02)KmyJ1$brJe5=3JbzqSpilz{j?sx}QPp3gF{ z^w%i})CGv0(s>Kyh6sENASOFxs}sD`228s4s`W@&^_xcDAuMU579dGLIwnM~h_Cv1 zNPwGLDcCh~dCe?Ab6@efQKVzjYXQdHm=6EkS|aVKhS$SS$=g!9nv58{bBCv7NLGth8tmQzVOc}U-%~>=O3E?tb~#ia9x4}q8(z% z)N$NfwqY#uf6E(r>kh>OL2iql>gEz69`u5DmDw8}d;8hhm8sk4x>nvj zU$W}6C&{d1Ms1dVgv@5W~Cq+kfEwirL zBpusu*R}wBl99hvX7`KkoYpTT9$OZ5!hUHrHMX*}NbTW{ez1LJsiXQTQ3T8f#z_z-O1pKwc_8N~3McKrCieO8bhK916QE zJtB%tr@3|)KAxs*sEx>P5^KkO_*BAtKTU0}d&=@N?y6~D4IL})hlM9Jg#eIblZ9@>7?zvXGcJI!07m+XyN)?4@1^YN zD~l;Nk&kBfE|8|b=k^Z}@89^7)@_({kIQbn83{_F1yH)^W{Wb3t@>-ECp?F8k znqG~25-BM&1c^|{>C}^)iotVku4h>phjdn+L{g?z>wx1bzMzP%e%_KczkS*xN5uIL ziT72Sy5rMd=}db6i8S@+T$+)8%oVT)`jF^i-&)S96i%FGv7_jpfL zR<5i8b&U~aH=Zrb2Tq1(QGG7T&6k}0^k>>#)Qb^)$|mL)xr}~vycAQwrPfghC2f@3 zqQ6!N?v7hqqD}-qr~H)5fpu-a+pp6^+-*~$m#RmLseO;m$!-!Uk>M3}U7~Ds-}h+- z?%6TqcuKjuys-oJi8BvaPU@l9PN*EfML}(q0zoS!gcRyXU%Nw77`iKWog#T1NH-Q zlhL1#al0B)ZA{f#=U7GpDM4FfE2@J7;2oY6#}p0)eqP@4%@unGCEBjSzFb_X@<)qU z3|i2cp$EO`90t9zTDzV{aA8^%b7ESYr9tqX(4)v*Z^RPnr)xUeHNcvrm%%ox^P0i9 zJ$torzDjgRvs{|wfQypAC8bAWTuKh;<_{Al@a8(B=-aB3Mf)<&75h@WZf|Ys-lr{t z82waxfw7*k9@RwtI_4j9JrG-oTMP{7MRC+xa9@v5M0h)oi;+d@&Hd*rlc4f7MDn9gv~Zjtt8#RN|JCnzk)SE zZ=ihCJ-tn@)e*X~68vKxNB25b@`3QmK5iuZc73;MtN6+}^&y~J6zc6+-@nn(<)9*@t*m zUh_YuynV~h44ZS)=N;hx3xbNU@+azr-2Mh*anerz4(>Ys{bkw%@!@xH6F0qZ86szD z^>29(-_|qs^gw-~F$fza<#S@XIwAVSe#TmTeXS-_+ql~FBCWgQTIKMFg>y)bWedsA z8ZNr8Kd`#)(4J9@u>!fyo*zD0tE>o9Hho=ho)X?mBb4zulrn{2&=-d(7j8S_V%uzf zGPpIG{uL559iV9Pv^=GCm&Fo-G3nparwrTHTFG1*`87)TzVyc z;q^Tf6wZFTzWo7B1-GB7+r;^#w89tBEkWV=Pq=IEQUZOB>X75hHK%>O|600r#=@<&&tZdRn1rGhpBrSC zgfp%>o_~iIo#r*T&p?cw52_T+$Hs5w?lMSk)l#wuXmMz=N;cZdkYIY}8}#XcAno)( zYvtud6x&T3CI0#gXBynGYo?sN>;JCDPFJQ%WBMDIi0$L%>3L(0RO!62D5`W_cfl1*ZUYLx(doC} z9AX#+XLPYYFQAy=G+ZFYCNV2L8{=eW<9&d$dw+nBMef;xbVJhUeknazKYvUSCkVdV zw~>o&xe#jiqB42@+>2C%{Z>NNxoehN7It}CO>u#^Bke7waf1`);Y}CT!Gezf_!!o5 zt$)w+VkbhI8MM!zdxmyjb8^5A1cg|E-@`j$fGw2GLoWA5iQf+Z9J2bB3qL>0nn8(< zAid?RsOK+|d^LJ2!rJ5_a{e3BckRMmXX^w3fVK4j!>)MwJJ>UM&tZ;*s5XVn>+3v; zgsCK9R3M?a?%(kg2n35MBM?*(gCjiG7#j7@Cpw$-$FdKdv-CB|M5vR*satoZL{sT0HbB2h>*~;78}APU*81UL#Sdvrn10LCGCuG;~Z`40vj({(`brS z#kAE}rUJhTx28Se_d)GoccsL#`U`UBZ8`&4rpzH#?CK$IE2*sUhq`v9NrgD0Sh-j{;AnR;&$`joZ$R?WeL51aH|(c!3K+d$gV%7$2Y_n< z?o*~@m>zn4H_($6-`}i(S16S6aeklQ{AG`dNYx62dPrykA@RJT?@GG8O$xQ|LMTni zvzlwEuR{$gD+;?C?6l9&QG5Q23A`2SE48#G)W`gMmk`f6byp4onTBYSh=vLe+krZU z(yV%J(T)hn1I<^m!0~6#?o1#X?Om)WzSEN!6lbSs-yitD6cweZFfXxTHcauonN-Bu z#nfwk%|u>HkS!Av&V1L+mk%6GBHoUpP~PM;o}Gj+VJPLj_92KN@7++Gk3y4*=1={xr&>{8IVHBq zmW8cpqUJwAcRUynVMUJE5~CA|%ZsTBD~kjzwa=6$KK6uH0F4QD;FT_;$xyKNoV{-G z;wdGz<)7ZhBNsH==ci1cHHebGqR7&v6!`h?DsKIV^e}&TGPXybQeKQ6fnqK{f6?~U z<+U<|WZjQ?%l7QV41Ctu#s5opN%tmK2}`wysJ`BcpY*tO)CTpd>Y()|mIn!&r&{Ho z!H!&y>r;wc@H)#kmv0OC_QR?rXL%K;Ke1QhWf$OCsfPx^%hF@Feo5{dLrc;95O5mB zcyf7Q8Zh(NQ#1Q(k*1xafTN!sHWz)&Jj8pKPI>u1N6gVWk)9PuEk)z2re`usV@$%* zsY(A=svkD?pm4>@X^QXsx5IR-nmMyEy-;$x(0o(8Pntn8_A}|8n8c4uOQ+8?@i#JU z=<~B_5CyU72*~nJv&}Gs!fke+QxxUo!$;MHJ6ja5Sgs!}%{+JGjRN1W@>DYK%tmrn zV}V8N62Y|ynISkOYd9{B%TW3Zm#wGHWKuPfMZG)2Qxi<3Un45Qt%wEP<>IEE%h&Bz z?^hbVP-@25hYQKoKY#gebQv-cGv{y`ogp;Zw2pIt7;Lv`AV6Gm_OjjwY2D^2kcm6Z z16AP~qd2fVFOnDeF^))mKB?vzXo9$}w9@EYJ?xrXY#2pQ4@M$e1^4x*_eyH(-q4%k zAw~~E%&!s6;)DpYmLYQ=@3y*kpu~Un2Pj#J{DtS7b|am!S?g!xtos3!Ge9%5vniVm`1Lr1;nDSAS;xlN*)p zkVU=SZtou)GmiQG6- z-bX^~&5OOc@PxqHb)H8So(nlfF~Ppp?;_F0lDk8-DgYmeK5nxTJ3;@;+wx136m6(2f#B?!KPX0~QVm&RT*vn0Wm9 z9rYht(h-3Dvt0zd6c3{8S`?2BMpu0PL~P1?mGr@!(w>iqu0 z3ZM=3_)%t}LD4*n`k4Y0pSvY_%Yw7@DL36x6YI?-IAyl_5?{-5Noya?S}t0FxwZNX zs+J(O0OKg1HeJa2r)GINS6ndyBdE)aWl&g4Fm)m#(NV4VxU`(H$dM-UpRa9UII+PH zyfgJjOFiU`uz%E%{pGg@vy1WSk=NL7uD8cA$?)31ZX;`aX_?T)0W{AnSt)+Je~#KO zmQRhvOH9-EYS$PD{Qf(XI`QzKDR40_xtNDK=GP|G%(h3n7T&rgX1UhQm;1+0*Saqq zy5@CMG?igf{Wh^`7by}zfymxHoWQLgxWt$8Mjkx=~vZi6U?`(wc{`E=Rc3 zuL}Qm5&_YWk?mh zOrN%V?vMwHg*)>3{WZg|E2f<<@0R1k$`S;5yF`8OnLGmehX*?7i>yV-d%a)27b8+? z1u4xBxsbB*utH{kNoiAqta@2@Pw}qB!UN~4#ZV7ffp?2P-Ag8V{g1S%=uZ9diuPNq zN_#tZ-fdJYx32K$dr-`OqA3qO#w0Hy!;0$ae`q$P?zprhAL#>SqCe1B7^*&aF_9WY z$}+PeOy)I*tVn;kB~zmO+cRPg=!foa+DoIXjXK9TObwWiZtXJy#=nHRd$9D$2@Pp#yMEd+=1K!%4TM8C!pxycR7vX(tv1?A$v9xhD4zrxJ6j7XY<5SV!)h#MjHdDAC zsV&-b8|#Cjc366~W>`)n$%qETy7i)7D^5GRJv(@K;>3*O-AO7zo1ha|mtWQWx4B(q z-w3YGwo*?Y(cqjlqpJ+TU&?5i(x=u>?5*AtfAj(C9{4Xvp z!fvzr;W4W$XdwF!U7(hP{-FXdms z^bS^A=|8Y4YYq=Q(Jmp2Sr6!nf?G-V90lcR1klO53)bebWi3p^oN(1DVk6k{I{)Rf znPqRav+!JgANiVqE*uyy+XWYX$FnyV-~Li1X_uj}uqbsGHv~0GcX!@0`paB6SEv{w zYvF}eB9-sUdxn|QB-RU&gI**);$W0yevE02H0Q$z^d5&kTBQfEv_|}r&OVjTfq!*w zs>fG+%<^RLk{o(TsDH^z!{QvXP4zu>tOS0RJF999WU)4a$|iX*8?6wO`v{Kn$z;s)~t3C5jK_@-Pj~yI~p&y1}1jjDGm^=*l)oLKsKyP_xt3)6B z&Rf{>J8OfpTx*7|i^w+$Jm0IO|0q1KR@IUIHp(cZlSLBsXT7IM={_WRTKCbQ zqUmU5KU7PSo=T_9CQQ7!U4^z_wZyiXfP!N4*NQwf+7%g3df+U!e?dIvjF4GujZLa zE4vk>uFgw39AsUhN;Z!^^YEQG1YzB)v7lT^;>W?dCYGk_3tlnS&;n;*R?@pU0|v{J z3gBh18q$z@+$^Us`BK)fFp)&m=SyHl5K#DA1=dY%*&+68>@~h^g!?>f?d0{Z2XM`I zh(s4YiJix7yM{HJSEEDY*9r$g$=f|LNM@2Wh-#)1Cmwve=22N}=5%$?vk`SYA zGuCS`JX0hQ?}LIs1wu+3uTx>@eGr-_L@yO{4{TF=Kg9HuJlu9K)b^K7&FAX?H9tt% zwJ9K8Fe?b#rVp>>LX}%a+wxVAJ=9Y(G}~NSbjiSO&E`>9pp|iE3@TrgROc#YX4|pt zwWqRtGLz|K1CrjXGKEXlJ~ouv^r18TbE+FPg=2@H64Afa0Ca$sl<2g^dJYCcs5|@! zY47g@X^c_2=%_PXVC<>MY>+WoMIQDXBCh^LLq18Op99FhVv}>mppVyjv$X+ylEkL$ z2f=FPqhDeUJ}CYKOvlLFD~gYWxGK)fC$$@t6i#CQcZ8<~egEp1=BWJ^a~bH;ywJ0l zHTo#R*8_-telHd0A*HjT6W{we@WWVf&J$;(pqk9)r)loE8}W@ivy_afVZm6DXPS@6 z53;gK*jKe~_PHe6$T6=GQ~gKMaFAAZpfz(v;JzKH^=iMQ-%=LFRxRSWiLLGC(suWX z?3JZPVH)b_0Hl_nF>qIDc~Lh#&@8f{wxL#V4B}pTT6KCNmL8Z9Sgm`Pkhj2v_v&ra10wh(%?F68p?KFfK#cpS}rCzYx5_r^>*m01x`D z&Xq@op#Z~a97_T=GxHdPTfULU$pLlx2xUch!Rm$;O|tlWxu#*eni+f`aJCnxE_Z0m<%zk!Kva?K*a>$2ecak}ZQ zzCk$YSxO%~%&3kjg2vsu8PsRJ?EaR0_kEMEKICR?BiVYUr|hT4R_IIv8$ErmZ7Jb@ z>7>JA2PV1xc*9y2c)Ww_gBJ4a#}<5fER52^v#D!5;(^8eh%4JBuG86TcxDnrOZ8Z| z8O=lgdsmjEr?#Umu>0wfn`zwYx$^Qwd^Se)jT+jsSh#!Hrs3%c9)D@Y=?OnoYi&wa zeXYX(OY{v_DeH3w7UeU^fV2&3CV~rf-34(v(3xCZa!}??=PkJ39OXGfuR~(^2uN=| zwXMa62DXp;cQ6CuC?76=V-v-OydkfvuO*wWrZ4t{^Q$m;U3ae5p>q)ff_6P?n|jX4eu~9YWVA ztQeo_zUqw+D~Hm}+Z-{JD_{p%VMue%WP4GDLjzJv{H{xkK0Yf9hH*Yz&p>jAu` zzUF~)P(iQ;9$oz3LPj%Po=Yx0I!xz9QZ}dj{5>Q0f-&H_>O};mXG0B#p5gS9roN$; zV?ja?T0+_?t2qM6)4wbS$JIuF%L7S12w^M12!X}{elMe6{~eB3f!ql8^qdQ*qLlE* zwYbp#9zfHhod@3x17AliDWU7PA(rZL@gDnB3)Kgc9w3o55gNPs&nu<@o*Y3xIX^-C zGf_)08^B?I5!0i?f6AtRD6OQVZ3a!e&rbkZME{T@u0_Lyb!@X(wL6IfQvJm+ptuaD zAu5n26FR4ZeHL&^1sC&aix>KoAT8~rc!h_}q=65H zu?AuPJ^D~FSB?W(7$HTs|CFp(ZY_y6a^E8wM{J+H=Ej75zFxCJ5FxeDBf4go6c{kJ z1XLZZjz2~(>^zPnT3Hbda?o?bH7FmJuEdS8)5n8?~ulSRWt+% z2H#lUDZ|*6>D$hFME>EF-sZh$g{_p_a_Bq-V(UCLD;^sZ-9A$k-8#n2)yf<%rgpxB zGHU%C;#pqJAsJUA5my-Xg za7+37U#^-MZaFUOaBaVVOD1%O1Al=4>#WP{Gm39Kc2-2l+o}|+J~nF4F&4xuXbGb{ z1dQnZj4 z-AL=u5xf*w+FMHX+5WG7=S0|k{E5qdrb%A?dVn>2s>6j?|KoS9cv~s%uUud?p73=F zxBT(F;2Zf&18SC0r1H&0fPacH<96vsmh65Hsy&fglL(HN)NDyBNE#U{3?m&30;YqV zb)Se?VGxx6e=b#wVRt)!y*t}JK+P(~g0a=0^*1ZW_XCAS4V46$6qVTtAn3Q&YZ)}R zy{*Eokrz4!%4&<=)8=|?nQ_nMM#Y%#Uc>pzl$JC&i0N31ner3X-v;P`ljQ#2``y~atAknc-9N7IPrQEgTuJX&*7HcvQkJ(~=;}GX^EOFLrfw7a zTvap>?FD$@4(~B-cM&JdR*^VZgTfK=izCRefCJB+Ovu61(`?(~_x&JbF^s>>& zpl>;-+QVsG=jWqnB#&x2ZT!4RS?m&!Shch2osexZvfNWi(gEZ#tFIkV@OScT1zryY zSUJAcxBhnDu$U00!@S3nZMOBui%?lNDr&{0-wtE*Z5;XM`2HJ*oW69HZC1E-3We`k z!!{VE)g@|ixm0mhdfd*l7kH@Qn4-&?2hqU+FXPfYq2M5SMGf3xxzJEK?r272^glc# z43vTlFff+z-~Ko`nWyfbgA=>=#iC}B2eP->8$4VEA)FHSB*(&}g~2bb(?P{lcEP2^ zUgTMWDWMP7)93UHySU;hhq5fTD*QHCSO89PHefx!`Fkd}cL;pS5B>?a{tI@AHivrA z$|B8icE(Br%%!bY_Ah=gC01kT2%J!Ny0vY z+*_k|;QUcwpig1#Ni#03mrGbKzPf$|4}Zo=^ydOdOLUZTKfO3XMvHgx60n z5DR5WH8ZX1>TlLf89?kC+Kimb?D0Rb>?rGyR{JCLd9eHY>c7E^Th25NTC0vsAx{}u z#jQT%&>bXHZbm{GTbhtm?;9Fb33yg1hN9K}`_D5OW&3ML zzO;zppTd|?B)bxHvaerVmhcL|z?pMewOS8(gfga|SjY6}x0t}X{q9kRJvEQT+KuPV zD6>6^fLx@&d$Fs_L7!1f7+X!ib?q%a{R{8OqD&IOaw5z%lGTteRLJ#ls%(=`BAo9x zW_k70TSm5x7se)jiBr%a+8xr_nOENO>!j8^a|Z3j5QR&{4fbc8fWmSnlDehO7%C>5 zgc0VWU^$)Y(XWEl$jK!hMqwH)vVgIL>VERAb!HegM`Z)E0%RP<*~1qByX^zg{x}jT zPk|#b68m6#M}mh<_m>I9COc(AZ(WzAC} zTf;^~_XuL&H7Jb_e{k=d(%Fh4O}cGzcn&<=5Yq3)=$w7ou@sQFrF>}cuWi%}x zv|&8<(~0^NI5Qy^J1WU2&e42W;-F>6o*b3VpY6&47dWU}9jgHbonpBp^T>@~9?^%Sx9nN;mrSCw)Dl301 z?7j0NXbNiSXI35H{w3RRAV&VlSp)fbiz{Q_IG+{vS)>AFco)Ek2CHG}pY=JXGrz)D z=49MG#tSH6mB@;FxPeo7!Uive68c&5Oc>BMB*zo{x8in(?;uTJ%hCDjo~N@;6bTNC z$&Kk_{-4o|BuOQ>K;Jn}MCep`60&{~_pzWbl!B9h^Jm~ZLlf+NNva$)>~;#%?HL#^ z>!`lU_^I)fAnEb1`S6>sjcdUOrMLN((eb_4Z9&h6zGAoWnCdg-$_VhGIcMj;UTwGi z1P{X%Ip}`rsGYG``|0dRt6M<@2z2^<@bU~`W*o~5ZO-Bl8hGc>AuZbBC-IRjHH0(Y z9;OA=^X~t~ckJ@G~7l0ud@Q=`f@%gngqa5&g8=8 zs5Nj3os54XX3~Jt+$WB;sb87)e!Z?B_kU`>Zwt3PDo36j_N$@b82h)C>r ziY;eF5)ph+)_6S)0rmF8Jtz~a+_!=3?|5=#=~Dvk)is>b)bV`buLfD1Vj@xBn$*$s|6t&f@-0|RD0ww8u3$G(;Yy^+usL2osYJuiaX~!3Q zhIN|Ru#o{WOyt!#E!4lY<`i!mks@g&Capu5)3%`JPp8V{$FQ(g&d-I1wts7>SZH8h z*IEOPvo_|$2eF}ZKFQyy3t)FzR**iHM|RDiF|fcQ$j! z`*0X+T}p4}CY!Bb(4)IXefaA9t03qJ*yg?~3PCB^z~;w|Xb0*lcpEx?$2Y3_SlOx^qNs~8lfnIi%NQjZ^ab{?O*sF&aFr{e9L{lDX8MPpd?}E-o!_$2E%4NE8A`3LyHTG6=CNqwO-gO<4YdthymKh2Se9~j&r~{ z3cI3$f8riol2n5hYVx>iBgg}x#Ra?voWG3GFG-30xpRNUN?~`?@5rj-F}a@zv(Q2* za9*@)h7%tWsbL2*Uq4~OydMwbgYP#GSmoT06&)6aH?tdw>Q5G7XRbpNrVolFtZ`&u z%~QNOuso|Syb`^gY0N2dDo5+xpTI@s!<4t#7(; z*bI6TD`M{&d+i!Q*$IQ)L^51>MUqhKTSpq!{dPs2MotP&!8?yBUMEzIlIXj^zgEo% zAe;H|EiV1%ul%!of3sd{Q7Qg)%B2HFUul-)O4hYVHQx0x=s(5}Hx&wB;~ZoblRaI1 zDy6EWXa!HN*j$`><^^HlC&oDdH*n+|lT_?s8ItgXoXxn1ylehMoc(6uV}7-mvrtLb zz&`P_XHcw0l?2DhJxTfCO;oTrDg1)FQU#8H@+$j0G`(GH(JOtu_`^hHK@a*8K9!dX zJpPfrP=~}*VGu=0733GhlEWuCB8c|-{2pp>8T#Xd2jRDQOhk_iRPsMUXd=T&X#{(9=U zib+bQKpMf}iNfn$R8e33wWrBx=Ns91*DTkg$Il-k#)54K3#9P3g=()--5Ay3}wN#KX^@htaJ5w)#G!>t{*t&7M!bsMk!!M}X>IjTeK$ zXxd_iJL=%)ZQp6B2fl#U5`#jA}%;LiQ;_&ybxo@#J}&9bCqJP5SG4T5$4jbG#ONz|=X4Co8T+ zMo`V4R$ANDvG)`6wF0%?FWl?on$S(TB-eH->Y1$6aS7|brzUohE5Aa!KM&o{EXKDd zDYPN|YZrwD&Kv|kH$MkLITWCCOrNA@5BI7r_-PhzpQ~%0TdBn1fzN;G7r#eCoUfBG z&*xvx?wYEr4`lw8P}|T+R}Wg{C*4f*%vA0XaK)8bx@(Y38Bo;E@JJL205*E)0}l;P zT1D=jNd#dvIP|ZSvyNB#V}6n+%g=`3Y~R*TwV2Bh;MMB$&Ol&*oVn>*lA#tULGN;{xT_Ahb7)~w)*8^yB<*f} zRDzF2fwYa_O1M^);TpE5jEz0Bh(2bGk%M{wi`HvrjQH$^BU+&;g>>8dJCX4`X+{0= z@)_66irr6IWFO}ZeVeAFU#*%m(ZXL7qP$3^BdRXv(;amqYZLrzRV+FxTo1BW^aeR! zYg}kiz_l$Jn3!J}?)XR{Ms_}DJ7lUS|`^`wE)frwc z#%hb#1NA)6_5+W~d<0=islVhK`Z33z5(-fxmPj+oEA^wk6rDP|hnIt8rAhCNK5!fU z2L1cy8qZYaI5yV4tHAK$D&Y$Wt?bj+cbVXSc`lQ|oPf9PE$Y9UIPD=fz8TDgU2vaU z+0j*IX&orzuhYH2dHD#3`p5t**5Xlci4<{E*N_+oQ70zVZr`s z|9r?Hg+GBJ^NIPhQT}`fTy))Zc6{?Gm)%mB+=s0|a7lgRz4f=Cg+H{ymO9Fwr2TTn zD_-dyw&^$UJPyM<-GS=EpNrjVjbq`_TH;S%$l_i+TMjlgv**JklAB*6nE8hIReSdm zf8YK;be&~bl-<|%X_OR{?(SB)8>FNqrKMYX0O{`T7AZlx1|+4s1cpxOp$2B=o%{Yj z@!>h%uQONdy>_j=&fi{FRVeQ<3)x$XYLKkY)mEm)OhovA-0VW);D?cx`&TCT)bdlV zFLx$6i^XE?`p?j)={J5e6LC`3d#nzN)XCz%%E|$~MpWg|b$9kwqIke!P2IejIuuB` z^h{sL0M+jIr`suTDi)I`(`wuG#bNb%Y84LQ38M*74&q?CJ< zfbbGFiY<1u;~Tu-u-WY=zLE+{@*|GP8eaVX-z7iN22SQJ%l`Rg*ewMytHCM35r7XS zpRdIZRyBB+@AE%yo!p!$9KP?Bg3OC|8vN}Jgz5!yR_z3LubgD{$;?}SEA4ot_$JYt z)QAG{CK9o(p)1%oJPD#3wzx85{^D_<&m@b9g?w&yGK9AMWk1&JriC757O)^enH(Y(Z?A*}mL$DqdNg7I_ zI=ud)`}{7o5A^45^aW!HAO|}dGqQN;P2sDH;H(pguj652%TTAka;tskKe7cZYjDXd zcF8YmC)95zFM^GwCFj(2?UgBv&{$WetVeP2eU6J!>@_&Xd6>?oMoMSUz5U15)K^fc z^uwxX)`LjIT^GWCzX|0y{(~lb+_-2P7*0W29$l6EQSVe${!~6Oz80rZVIKM?vB0P=+7})$YUCZL*A?_aXiKTnPYb*Iyc?D0yL4`qYhQ(@OLErR zs&_e0?zljB9h&+vi6b(&0|_??#X4lSNSgro4qRFFRjHdhLP?+WX*069YOW8f6N5{S z`yS;J(+R=?@B2x>GY+@YWVmF-D!BOFzfs?2^wfl9E`Qpw4GG(8)XX#Xa*{B!uoa#g zux?1kgn>vw%Q6RO>$(c|sbacsSP0-c$1paVa4eJS9)kf>LU1Ft=S zIE$`d?8^J7+U!4p=ncE>d{YfeWM-M>ca6cjYZRlQVxL5kl1T^8Huj!C_>_V0uDJ)8 z56nKK%<4#pE#*bsFCMY2uZ{BG8@J2tafAY9tHB(zu5IKGLI+PE;{vu+4&xrFu?Sp8 z{5Akw%*TNk^<%pROqSr;ZEs-{j`3FMN|IcXwgn6R#2C!%^f92%CS<*!k(l&kCdtwD zdmiX(%5(3Xzh0 z^J0hQ&N%;JkPAoHJI@Y|9xP7odoIQStsFqbEVPF}Io_a@y2Jg(9t9ItfN(#v2X<=^ z?1z&q(AfoTGgroCPHC?wIQ!Ns_)^IFK<=r?Jmg&zYMI0AYcf*bnkMRd%tD-{51Z$o zwqoq~9sisT^#&gu$3DV*p3;JR6TxD4o3Lp7go|Kg9yCj40Q@v;W8+e7>%(l3&V-%? z6h`tz>#jd_SqV7Ad-pZbDm{5D7F#G*-k@x;!rxeaZTPjmfd!9f27qhEd4ogl<;Zf1 zd(2QXLH&^VdP$!8I{dK>=S8X_P=h`auHJ$O8daG8Bg@4o9t+w3Up?gC$UHG(gw0(z zhRii^sRB{{iO^S=8>a)%Re=r22!-SS1m#y2c{-6W!5m3y+UWo*1w?qik1Yivw&O&m z#_E0~)ITAY&lAQIG1ox*@l@!KbAYWF%k@v_|AH**azE!toXu2|}web-)@U-n@SU*%~&T%&OF;xiQS zLJx*&v-OUIp7;jo-9os_)~;Yk9D=9|C7=f!_b}>p+(|c#V}sx=-r#YX`OE37UY%=l zX~)4&)b725!R-s;clrNSBYg-u)etK`+(8fs`NS6=d8@0bc zErlh!hR)OL0#R3AZCZ>hf78Rip3qcHOP^$DX4D0GkzJ$$K!NgER}boj<8m@&*VeJ! zA7A1izZ%o-XoEb8M5aYa=r!4^{`33b@iGX!xk!+z2JB7LRQ~7M ze{4wr1VDdaO5fn`=MHnsH1OPEJp9NonZNu1QBVBmwujrNZ&Ib|cBo=kCk)qQ7ebI&E zO-;Y5{4)t)+x~R~+*@h-?|R&{2gLhHSOM53HJ2GYL#8=!^p4UNej2%%Gi0Mi+_j5P z>;A3R!|f>*6ti#5)?D#qdkL6K&G9Q1vHf-Pr0P5TxEI>E^9Jg#*nnhsdv%B*)b37> za;g5X`?}h^y_cYvOK3dy^?!{iLWAH8-qczcyTyMMtOQ)+Ca4OmmpeAtcKTn7RjTdG zASi+oa2`Lx7E}m+Kn=kUVE&ili+pU*pzNo7V?=+?s{N*TL|H)<^{hEr`-?^>?a}K6 zpu&}r+jt>hUpwWi)_>>&Ld4yS2>Jk_I=+dSb7hw~7E&k$=c)ep-;^`1ikLV_Q~5e3 zS96F9yWlLSjW<{7WLk{)oVPVKUmv;}O!(3^*DhK3aDy!Uoz=gRSxXOK!ZYa*g0>43 zVm3r8Mb`SsK#c5FcWBY<;mOrn?q1mqKW%ng^!&zN?2g{2YEVKylDT;%hppw&z2%G- z$=lI+D{g7IgxeOLlGEkk->!V!-ZM2?A26tg!ZpL8Y?R zx?)E>+aUfXo``MYCmzWH$rO5WTlAsEoa^~7g+0z^io#7OMn zW;h3~m8ahR+on%V7Klk*)Ip7`weAKvhujo*scFi4x{u})AYlVu%M8`@%K~p&x>Llo zEuV($eJMPVaEx(h^aTR1v>IulvV(tWK{a*A9;E?%3!!)dN4|j0}@0Ga-q?>oaIpJ9c@Q34Gb^nopB?w2%Yl^MaF7<7_^T_1s_$+r~4dWIi1%kXAV z1bm}ILl0x+F6Xape2feNSxr<;Ad_@dPFq>vD<2A9M#SRankRf1zNC_3ZFsaiAWc^7WPk)j zf+7%W045D)c9hmQ(v11Iz)NVR{Ftk0Hr@;@qW%R$nrcicDhMNaF)As$H%xN9kunO= z?wSZWPrW^U z5B=5HWb96HW!n)0MIyRk^yh5l7*Afsx4n2ja(X4?DEXsgr-3B@^f+x`>>Igth+aAA z|7QkqYXv;+7o(WB=%0h^tTow46=3lq#T{<95>R-3ZffdRe{4Wc!hOu5ioK_DYvb<|6}`Crg2TKDB@a{La#{s3tiT7=vN zcHUc&h2wZkq>z>$)1lTQG&_{=t%>GroYxeI*dHZh2-n%tL{T3Sud?s3j{sCkPrU$= z;?;7O9XErLfB2YNu}-_VwC0Dcp2Yc^sb6eTDCK!?S8=y$ni7~>Lf6woQ6AJ7bEfkh zSejB1U$W)+l(Oe4Z%K;;cpkm^!RO5}26 z)U7oF!EN_wE4sr)_=b*gakpJ}U{~xfQKz5Y9!`e?7#>zvUOHlG=Q!Zo)bjiUln~WV zmIMtT*3R4qZ|`yaI@pTq!bP6$tEI}D=o0e~6ipzZm`OOI!MT@Qb*uF2aw9T%PqMIj zQ`VH*YC%)BP!#aI;(#}TD`GArD#Pai&w~RT>7|L~RAzYMt3h-~StchT83>cr0sdS^ zFa5B|sWg{>pi)W}M`0--c7x+AS~D$6+K_kG%vIl!l6q&r#w#IaTKKbCnEa^#D56Fm z@WrBJg$5%6%f}IYYN!Pwu@Wc6VUb%M?DmOo6FocHR|NGhCGyOvaG%n>uLDX0Ch7JX zfm_CZ`eeH>Jl_eiG{gSoa%vC@^>bs5c|A^K$&0uXAB6x zgCSmy_Mf4VPYzcFs>sfrEZ(s@R6Ou505tP+DOS;p4JRR;WsrH}Wx_pwZ8C(*Q%7F+`&N4UF6kh( zV@w}9q%Khb0V2&Qj1m|l+=>NBeTNQ~{zt#FqCO_^KhRO9kJJ$XNZ};YFyzX8DpNe` z=}r(tnw~KJHhJPE!MTb-@ zI1hbm%)#umnTFPpHEM!U8>l69Yh6yVo{o%dnbabmyax%wH2ot6(Ia#s=ivfC>mB!F zR#kv>tG?-jB0-ou5rON!af^w9a&7|>y=sr|CB}BCsYCjI+}X_$?I1%c$ktUGG2gzU zb=cIBD;%(Z);k^kK6X6*F>!>>>)eOWL7Q~&kT>sM3z{#tQU|`HNeMeoqWj^1)+aH@ z;5BI78-GzuU^?t2sbT4j7t`^a*NN`L<3gyeecHw@RbJ21!@4-6pkJj}wiTh$dv$7{ z#L-nv`jHz=Lraoe0PiD~ce2M+Ig?kIoB0F5{FPDGXq9Hs{52A2cCCNrnX<3yMaR+8 z#&TF8kkBL@epqJW>w5*Y#w4z#i%ZC9A(5%#AdOMeI}h!g1-#p{%{njmgbIFEb3FOjaU7KN0YHk>4fbllpKel|qm57VZN06s7ZTwXP|5jW2 z>|Z(gM0^~7L#e)y$hXOKd&Knn*w{@0C77@#{pOA?cjC;s(e&bA;~M7=gntCW z<=%=@ADAGUU#J;qE2H@&FaPpwK0uJ44f8kY zvBZyZC7~^VX{Jzs#h;;5<)oNmEpY3%v#`x;x1XtvI@2r6?7udfX|5^j=Xe6&5V@OT za5aiXO-*j}+=Y)!50nnxQVM~CF_(-;yICyFg_96sTLS@7}dU0k6N%Q1uS5^jqkIUDBTC)~` z#qj9jp*-a8sGs=k6S}}@d(Y%sH~wDt;*33eZoB%(yFQl0W<_PTseQE@!0^M%Iu;^s z_B>jbkZ?>83%2$3))<+1vp8E@Z`Yl{+IMtO*poAZB4+6|Bal=0erjB{SI2 zs($~bRGjvN(((oVWsMco6bGM%VNO7sojk?Sp@@OI>f!|y4^6_E>L~ENvjFgW z8$0~qtd+yk3fQ)uAFOD+Ct}tC@HWG(GLaPOY+ZVi`E&(4daxjKqc&KIsoD{`(tYT^ zLACVe^=|@Hk=+K6T_J~PqR~H^wI}%Uuc^N+rh}f)6J&`>cofDAf6Jr|y!J{D4t%$b zx5Eha-!FhBjZUs@!m(#zQ!#F^Rg`(LJcH?0 zo`?s{zs(IiM_X#`QTYkb6gKarhdUu37Nwz1J0I2&U0sOWdQrrk^vmy}LH*0m0GjC{ zq+<9=uQE9DRbFZ4S~8OzleChfQz}6{&l})a#`8Z-j6jSjjq$-*rv``nBr}$C)!4h_ z(FT5ZQxcB<_a-u#k%ovLz%q!ZBLd+=R+~fF z$n>g_18$y-hZE}W2e^;T4_^9`K_S-E?lG}=`oj0yzRoe`z|?MYt`TR6G26RkqhiLy z3ESgQPexgwWR7*8jMwJz&(>VEISK)X2w?IDi4Yf0;#k$BORh9w1;~r&;BOu40AKX}wz4y$ zJdpSe)ZuDZDnNH4WwSos8_%mE^H4eW`KRV^ciqTEN2H}wf$+Z$bb{dyDB#!c){n1E zSa!YvTJDC!eaJqX(rZ*?$D@3RO>d5vc~< zj4=Fl?Nc@T(dMm7dSpxw!!c`40tn&ncn60>5lxj|Z9qT=g>l!EiN|eFvU7i=OKMB| zhX>}6k}Wxa(20AF#*j1J(bjs(1MvgZQD|gc8(i@jS-fR@G{Ki6B+#Wor}7FF&trfE z_eNv_!CkJzQK)qEiRh_wfqDi%<6UhP1MK41HEmKpC*QDc8FHJ@OaLB6ld;j1)*kO1hORX0e!o%9D*fKrmgx zH0kYPX83cf6$HBXX20T9)2t0RvN8*qI_e>#uiMQ-xOpj2^>u{0;#QeT)DQN)llR5J zokf5U)iH&}%+Ca#bnJG-PPB;;(w;zx|0%NoWQrt!f_5J6#jR`r_Eui=FGxah{?+ZZ+dbE1R#0_2&&^!Qk4CZdH-Jw`?{Xe#ktY z(>z!k5{`!NXrm_{lduPgfysPA;*q@eLtj_pqqYv>>Xk;zqg3r>A zA}~v%uu2f_`i*}8{;ZSbns0ABema0^z-)a*J6P!cb6iE{@AwbEDAEoYD`qiifa{jR;{11UQ)EeI&EMECd?2&b&QA zT|$*-2wm#=M5$72kJjAt;b1qqph{^okV1BniRXMF02npXAQlxTQ8Lc@g4gopMXmip z18pdTi>{2DNbC0;<(D1itT(z}Un%k*-y;XFF*#mH82p-@Qf|GAx9+H8-+ZCQ^cUZe z!_|m^8frUSk1O}8^DfwN$mKos`kSau%UJ*C+O?rAZZNjMSN6r>1{G!O8g1MA@mPu} z*-*PDSWa-D`>M(FiBKbCGFsvkvkV?W^QWli>f$8N?3HTat#uIJ_bIhWxZ?I7a~eTq8 zIrh-b4RJ}Z;jDD!abeKDI5a~JTd>f;hV;mI>DOb+YQ#!cqTxUtTibxZWl7mcY zfvvhPM_?(7%YQ$<&`Q8s`qPB`tdD+9j3oR+jWP^k8c@wBd7@)x-)+Yu^j0~*?X`4n zS%9xst z2SyH_hV*W)n7VZztj_4T?IU}tD~|hG3`GC}95y)0LUWQBtQkmGmxibK=aiW3bb6%M z*j3FI*B7>OepEFcMr3i`lqa;Dt)+8^L`bpjc4|7}9Jd2Fww>9U#HomP{`PWhvi)^7 zM^N`eASi@nUF;g#{zsL&Wc{ zH>Xe<&-FJ7E!7ItQ&p%f!paU-z=-eGfG{B+rqNXv9`AbvK5swtQJuo;aVkT1oh~1W z-FJu6e}{cd$QyL(O~+pr+}ZC+pa8mN#)%o+6aKUd%UYRCr{}AJYSk+P{4J>$qF=tl zH%(TC_KF84iaQ@FJukKCC6pd0s~B`{3$l26&NQ?HIu5~e<@vu<;0#WG zi=&A#LVr5SozeM_hmu1s6tk+shFVX+VB5XXeuYWA5oRsbCX-i9Y4Mji7p@NIs|`}> zsxdM6WC^n&kSEDGpiL5SE$#>!p@0K=g`sY>2yklLpzZ|oa$uL}bjbH3 zF=y&+n@?NqngzAQtSs8yOC_>YfD`INn$mDl*{$B?s)H{_Bz=aOwNQt?K0XGXnSf--|gJbVp<~`d_K*S$~7o1?nNU+#b zHcnplWf~6Y%f(1=X3N)Ru;Afk0J3TRXI&885yUn#K0M6Tvf)`FrHQdUe&hgDVQublO=W6xR>EQ^Eyf@ z+C~1<9c0JeFSHPTw0I^Z=^`_tZR>%O@|~Eb0bDZ?3jhSAxs--J1`yfa_qw+r;MIGQ z&LrbzrwIvd=3bgm3GYkf(ooADZhF5ZNHiQ>I&x%(wjCzX_t6TStzZxMcgHz_weTl^ zq#?9Mr(-PN>CcqBOZTKWGBeN{B?xnFws0_(4!gOGR|(AEzU;MZB9G{DqI>16p7#&bmg;KNi;1y}96w~dfbdK9bKLwV^Y?(as zj+2R(NDy^ZJH6igOQ+!$MxK-m>eYKO0y;{0yOmbE#f|Hg9(ajI&7NWZ)wk`YYGNO`$4JDn2F?ZME>givgA9J>2U1gPf2TSkStb8zIVU7JKl#Zmp5ilhSnH=v z`)~ZuWJdTc_AD@GuyJUxpo`_=g$cpUkZ(wFd*eN=q3igBR0Qkrv~|61RN(_3rv%!M z8wMkxH<7JJ7$20p)7c)eziZWMppB}=lp(%3z{0e(!2H=u3G;o{ufr@PLA8*2W%S9k z3t6GMUdFG4!_gaH4k8Pj5PZ$CU358G&32Obb~JJQ<5eM60&#zE3SYpVM;F`Fbg|k! zzS)?kj*?HGUkhs-))K1v)!-&$VE+Wn&t>ErqIJL`*hYrjcH4mAmf2Tao#RFbb<<&B z$>@jOE_tYov9jRR%z3ytD_eidKrYN8Nb&9>=1_W-TSLv1`#|JrBgj>mTK(a~Ow z^d$hclsPi#fG2n4LZs0V_B2mgkQ`nY$zVKhIH7A;+XtW+{bpoATd~$RmUs!=jH1r| zhOS~fypoYhp0~4*Z3)(wmtbooaaU}REn4&#mW20w7MPlS&FZ=ib6$UdUXpz)muW70)aO0Nq2NzF6ZM>DXvGMz83S!cEjzg zFOx9VA1zfOO=@6b2Iiw{RSg&%l>|$MYd^T>iFqAWFg=bJp{BnmXoZ(fXj1L^v?Qta zi>_MS;+gJg@g8U0=)YHd4{gF`uAJD?{pL1UMI{N`BsW`#s#yQABO71s3^V0H<$HD& zRvK^)xUx}nOuB6vrEx!kHkjt8y_e?eVe|3gwHlM+N&LVt4uNJ-TZ-PKyO)T zHh4VDImygvp@I0lL~Ac?RtoVS?*~vLo!d_e@b3Ki+qjFJ>O(MxW3W>J$Z+3A2*w5O z%JHDM^nehx@XG>+M13Z4B!kwGU|EINBusQc%hU(lv3Hzx&f`zB(>f%0b(LkD4sXQX zGt`2B?H4(fAcD3kwF1$N_ub{6peMZ2ZQBRB)N6Vt_ndymmi=!2PYcyLQT-XW&7^3i z3IuzHN&zjRRxZlJzi2uMG9~jx695xXgM6I4r1}0ev{&|g#)|bZ4<9O@vwXkxoMxy) zf{KqJSUpq#SjV;dR~>UYJ2B2jNe^rM~}k7y*<(WaJ^-KK*9Mc}}LMWRx% zk=*cuUtBP@JEa{8>u=+PZ!OI;$x^Al&;##Fe)i8xrKj{^z3^QvgBl*#25jArdmi%9YT^2NL1#BI2^* zMAA9nGGbO;_fxj0d;YU69FLpBFOnK-zsq27bYNNr}n_DoTPRFh5^+Hs9Wyj)nS2=QCn6 zKjQt3o!U^0z^U4tFFk+8HD_vrKZK{I0kwjPhBz|bv@>s!qzj->op}4Sdow%V$SCfJ zl#}ej-JC6^LA_x>Ik?jCs*j#ZQPX&4^#R4%?Q{6P?+h_Q3TH|^m>V%ZTF(1&Mcb?m ztYYJO{L5N9ci_IVsKogefg-oXwifS+emYZ|K34zm<#+i_wb=i~UEISh4w9^JrkbpfW*Owi-H<(76JnrizSD)+5H~!8? zd+rh>nnF*0hzD!g&!o2IBUdvLW=gdp8}>FNOYJy8Etz`bNizl}+h&wR+-tDEAO}t( zzm(NTy-=weQ?gv*d3L$g9+Cy>RJm8gw61Cc*E6`sYC#I%aH()Uqbr-%rBCYfJQ5g2 z6?^rHx};p_Kb+9)^0zyDHwbb{()=Wyr6%$tG&AH1UFn7LOGY-z&Fk7Wr2W?<%jD?U zRDJH>K7yW~b-^nb-oMtL_q($;AGnifpOKZ~V&Y!gj%_5jZZCiUWaSlIONJ+HLcvV{ zC2=x=v{-i@2U-28Uy+CRgTJksW4>k^-afGmJ##I&A_cTk2Ux6QJ#24&^kpFbZk*6a zxGRg|02KycEVbqStX+Fu(@4$<7CSS$Sik&aRb-|MYnf@FCIN3Z`l$fXdAagCMXZpP zDry(od%cJh+^j*>X^4}tN2^o<(leMwP)~U;palX|9fw#(E3J(OMMm7;J zT(k+l^3sH#&4;~LR#Tx|y1~ovusmubMc|UQbFSqj)588sh}=ql=L_ePV(yim@cSh-Jd(kqt$zzvG7QZqunJQ4>g*5So3f5_lnz|g;2Hm3+6}WsTa^u*1vdG z!ycCGh+`wqwrroUp#W&95|eOXxlhsya}KDa@w^bd+R<_vzqS}R=ebf+GtJbA*aPKb zCR>owUxWbMVC*x-yiuxKbXpWvh(jInaqD_XGKt~3Z$lE~VLE=@3sRIxvjOWqV|3;v zLBNWIB8j7suLBC!RLR5~p|(TYyLa;y5fO0SY<^R1;08_*0E_SM&t0v1J&; zF$x5qLWXJCB3)qyw@k{&oknE+)GkCHx34Ic*ba2TU&>GQSICz13F=iAbz4ly2(0k4 z8&sZ~#Rp%4rr-P7k@DvYuna^#;xEW`S%9&(ByCrujRGZ{%A;$Gq7vSE6OQrvleTd~ zo4>cNnP<*#k}WY$($3&7;a1J@zIDXd?0)`CYO|dCmaa;YkL4|eU}~Ptq7wJC;qiU@ z0mWNHjSmQ?m~kqwTjD7w--2nHZpy^wiM9IKr4oz$Wd2Bax^7Jq=sL7_yRB>t@zMt_ zX+e*U$mF&pH-eS?$H)*3JN)j9c+^w)yLo5)fUa$@o9A%gnBCscO95{CE|v?i2Tw#K z>*jsrh8f1duLB%!3L+6t)^#SHr-<6(#u-;fu`Kt5qIA$xHWnZg67iU29rEy<|4k(( zDC)5Mls{E_S7ShN?iPO=)9V{PS&lvi{y4aYBn6B`bElnH`1N45BBBR}6x_Xc==3Iy<82=hfU&R<1gPhmx(V-4af|>Y`22 zqfbLKJSO=JsDz1mf$%&LPfN|+K>jaKSE8w<!ncaTGw0}1XVjPz-u1r_@R)$-SbAcmkbEY7R6^iuysY5eUA684#)9bv%ZcpA zIRd^B-yQYW%uozYLE!VxSc5J*6Q$n6SHH?BU`TDByKk+annt$$Mp{d$p`ZmE9DTApg zLP4X7@5SV=LEX)T*SNs5&=s30my$c35>V1OnV12vsE-JFjrC92@TWH0vt0-O>`YZ= zqNS3e2o9-7`i!XMJice}puQUeR)pEF9#HPnpU_ge5|61XNhCS#^?ZG}tr>8on+#6> zl>qF)?|oT$vowZh>Jk@5N-5$n5k0)58N2FMO!3A8a%jOblpMuj&5DP&txD!W7WRvH ze#msV!y{h@>sEVzYwDr7AssIGd zh-oGZBhoD(6-9p#XGBC_PwvBB3?70x)5|cc7}hIkQujf>fgXHe9^r`NfITxpVp4|j z6@XQAgEYEd*OZHypK*WJ-D1x-;AFUGeX4iK2o+w5?s^Sr5$f z>(JLJvmg_CQ=hhL7zJz=%osdLqe*iNm!+9_GWU0@eY zFdS6>z&=D&9Bl_Zcfd6G_Lhr9-Wr<9toZkpV<)YsG|7kTuW?I>spu`FkcfHWvhZ7rE9vYvLXc%@MGz(*1 z9kWjv7@ZmbU8~|d-)L4P-)2HT*X>q*YRj<#y1Jg50^gTE5V0n30;q>fVk@e@H5|&I za477)o)=C<9GA6d#;#tsI@;rF8rO)A8;`0yV=Gi(;XM8{@MiqMZHngrCxM?_bH3pRMa8R@M#iYO2b|zgrJJw z_?&zyYSasfWOKQ`&lcH^vR$tjp@;wFotkSXzFrQiQnP3@qTqh_(s$b)8(B#%$3_s^ zz_n|OVrgK6&$Rs)MzdeSSDxM)ux)|_s9IwuZ)CU!mChY@A#^rVoy}^BWtsGyeCGyx zu!YD?l6X`ZBH8Avu33LKg^;>}V|+Q4=81K5Bv-8;3hAFE?}IB6Ae^f2~W*5!u1KE+-yuxqfN) z>8RZ)1I8PPe`4_Pg;V92veLHe90TbtPMi=}=~w$ZOL&eK&0gmcrs) zqy${Q+-J7*GXD-O@}|Fe`nc;1rwjg-oAp}5Hma8!UsV)(ZM^o-=#y-`P-K$G0#>T! zpJsR*Dw7+%qe$en^8PIhp*bd*(die^$to0rqdKR>d|lD+HlXBn-K6()pKpTCid$t& z2k4e6{~Y~(fV#Qj@NW0ESE@4`@d+p&Y$b2M5sh_52IzHEuhVIfEw{65s$pCT2BJ6Q zKn4c-R+J7b35!9e5l799Cqi<*ajnkB$d9*{;|()!rFw@^$mZ`M&1XrKx^uF?=U64H zG3yzL=96so__kV8W`Gn6nz(g(-f=+YN*vD!oAtRE73MW1;s6H<9|qr#q#jQ#SjVHS zOKiE6gXtYE|H!G`(g4yhBQj(|ewN4p4$^o2lj`;)?)cc@K4`{ZYVCeI^U%7%_5E%V zvgqj;Ad}==-1Vsd8}+mED%=P3t7SBSeH;LESYK|DpA0Q%SFwcqTTjoNO`4B4 z9>3gi{1O=_q{PB|Jl!4*K+fn#NkeAd?;`)`4{D%*PqpCYRHr|CoqX-fL2sRZpEYDY z*G0q_Lg4iYSI(z*6i+@k@xl~JUjqNEbIu}6tpw$_@9;pK)y;3$$L@W)<+LPQh2P(} z?X^V;HqnuS2{KHnN_GH5yx)!5>FiBRl9 zC6G#m27`jWt}_o^V#9ESfA_UMGhw9=npcDRnwEKMX>Ga*inJ|72(AG7zC4#S&wB|Y z5AvRg>oAc(Yf|c)uc0N3bRmhezS@`)xTJc+3-J3SiQ+CtrxH!z&5pn+49MWq?~%&j zBf%G+G}z-Ze3#Y<{Y;7`(Fz!FeluSrpN}T-@pR>tBwt(E23#2|{*$}qPfXq(g7105 zz`%_$_HGs4hJ(`~ef1}oGxoSx*k5)52k$;2|67!g-?LmAK+{YOfBZ{7%hRZzOPFN3 z09n_Y&TDINxL$~=QI{L_BeP{R-nVkoJWoY`9|!=K^-2q$W|J5iOw&?kIR@^!kN=YYX=g%KpSnm6o#?FRF zJCHp{9UK%G5Flgx?ex2c#cZZhxU2JLCAKr)S+ci6dwpt`fm}m2qi6-@x`N+iRJ^^& z%K$!Thas~*+X-T#pS_7TnK%N2a89;HkQ^n$ei?nIRE4Ucjn6IiIW_NP%4(h)zVC!oP29Wq+jWq|2;bg28$ zmC5>i*xHtNmyx0xY6WZCeWu_Ig$|Z+i&Vtu#p=Y$zvlHJKMeQA+{5aJm{#H1^+7R# z{@w2L=H(1laC8ZwRq9rIZ1f7iv^HBM*lOkOqEa36yf39JPmrny#Z(0T?xMT)_Qk;g zbAB+)hOG}jPp~ZNT$^^^+ty^W**;1z9(kFzxi5FVaGY4Ss)I7{9=8St1UqIzgAX;b zAd`KL>A{6yFDxMEN8oV-N!^w{w&6$^A*Im0t%V0^{6##19OdhgVyBSns|BSQjT4+p z8A|scmB%{muxH49qVYyoCVA<}?XuQJb@ZeYM#>&2|o73zMkqjdaSlM)LX z^yW+9pEPITJ{#IiZr&^J(ufzEVM2-B<8T^7E z#KEUTh%1`FsHe0MenCBnif~S4(hJXz86fc9Vkvf88()z44+T;1fk-x8n^UxC?AWOP z#Ot5%tzxL|=dxX4K4EzEZ}^;M@b6m#rWsIF5Gvx+l~vP8btfWm!<66!vvo#esLO%N zxh*1y!s-+(((WbU2J}X(A%)oTW5LM)Yzsl*ATUra`*ruF?^aC3Ru~+ukgVZY=rc$X zj50PJ3ppH}K@Co8{mO%}Bajr5+y|sdO`gV}?s(BNg-+dfplb#oZJ!o)48E1g=m8YCLoH(;Ou2hkJ`JP|zIOO=VQzqkq+I+8LRY%*oDLa2x} zfVR(UCCRBu7dl zhi(R>LsAK)TP22W7&@gphi-;uh#7dt|L=F!de2$weLtNq`@`&K_OqXR-}kliy7q5q znGws6)YWgTDGofsBwnfsjOLBI_SJ(+ofEw0?@-6}QCh65)NYzNPbzvofBbe%ZM(f^ z1zJ}gUh_LJKk#`%plZmjF1W!EI zx3_j4JV?sDh0Xp7en#a&bz}Z__yNKHFly9e0}G*y(*F=`ihCgwz@&dnB2>zi{tfgWB9Qtxx6fereH`B<4(61C7)TlQds00p zpo+E1$|Vkzy%s>O!m2)f%;3)<%N=GM`Xys37FacNe7=aSpwOq#nD93Rt}tdWRLuj%-H|(I=_L4M-)&5ZC2##j965*=B=JEC5qtsU-V9f zL;?@C$tS7!3GTO?-*qslP>u1ISc)GL(d6uy6@5h=VPtc-%Z9F*qpwi;$8?DQtIInS zQ9F2@cZGy+zNc@djrY-wUDPi(y5bfpv46><=BJwA4!Vn*f{Z%MReh-|c*{p*9O{h6 zpGktSSyELol-}Hs3x9y*`pr*_TVbxQQYhUhcN9~2kEmGne^H7FE*E~K^{PNz_!Hh7 zcul#EXPqr~J%}hn*gu|eRFT}qZt(uOrEa1?|D=Vywk?Dj{QbO&spDCcVC$`8jBs!3 zBl>U~1%POHRl(@FY@@T>%f2k`H%XVq81m%aQ-|awpIpkvlW!9&3DZ@&{spDks}Me@Kai(Be8{?LL|Y1=ypPCi$69tDAEqnGedX{b zf#2(bgT(Z$zx@=V<$_W^8-1@{pYWxbU(&QvhYXeyjvJ=12D)duFuid_8f+OQifC zvv~iUy$UjCc@JU1tg{oi7q^|k`7om|41Ewmh!V6lD);^Qj!Wq~?%EgqY0#c8f4i$o z|IH5R47ZizB*NR~Q*(M9G*EU?1GR8k3b;PyKY(XK8)o)RQsQtGmC!grkFcH=k)TAuL@GRb#z(zI{32yiYaV!?>KRc zwg77UQJ1Y$0ir8?wg;d2*z_gw2MGB*?=lUhWlq+R97kS-HiM8GDnnLAU%xznBZp`< z9hD&-d%R9bp!l(?bB`J%Dp>xbNq{<=a&{Ku>U_vo35$`u@Bz>AHHZflm^`%MukNL4 zLnLD4T>=uvfD{=J^7oLyNp1%Qq*?KiQKfEzGg7ems)e5FMy2%5xr}0I|L*ZUrILXz z9L0R;QrCtA;K&yfqHcr>a2ZkmfTYO-%qiWr$}jSO=Z60clozrP=NCiL@`tmw^u*#_ zSYG+K{B^v70Glap+^6f@l^}D`6rx*dueG6R%!%W#Uyn3^FZ?i`&2pnw zMeZ@Lj`^LQnD%O-&g#wK|Dd<|6O!s-L{=`ePkM`Sp86j0=Go9wWLyJc%N2bOzW4p= z;Vew`U%067{t5Z5OpEbxtKe+oLfNFr-%>>*$bFLcD{u4(+6J>)&ZzqFxT1lmXRz}m zZ4E}hVEE&Z=*ewm+SxLEM|kRwg>1Mo3JQ6VmLS`tozaQ3MknF#OueHlch*B{87^tu^4lY{phyy9gS#B!wa?JlxtEEE0=RZ_? z+WoS6e>%6wW|K*8jN4`BJ_6p>3fLfuBFFLft*4SxqJN4owz&-V6=JAVNfJSRGbWuc zXUfbLqz}Ik7Vna}*$)}2-hX&uV_cPXapzdev^1sz-)Lci^+BPM%b4bI`9#et!Q`MrGnT{Ofh0DE#9ecJqR{pirw(apsM+An4`XFK`kY)%MSaY zl;2Qc#E3xM`;NdmLjp<=D!M}d69{6)seDLYkbD5P8 zpUuGdOf-120x~6<>#1bSrc31pF0wPa&oCEPMw1~;{vO^hG6v<_um9w3esV8MLn`*K z1%yvD4c@jSQL4yU#GkmY){*3^wCB=3GFo}^GnS05>8dYE=K^Qz1$gVT#oC-0BjN6Y zoGja%RAkjDN(E)Yn&@jpPu#yiQSSXSGas7zuREaFjQ@XU`=32+NIDI($ilDnDKLA& zjy59?N-`m-;i5!I8l|D2gyJxx$dqiTqv5*26ToP>J)z{Bi*$MvkCW+tWIx_BXsgsI zU_9J2NPLXO^dW3rphLaNK^5PpLMB&frQ%Kx<3kwzjoXkG+|M+e2wVP)$*2*4dP*9V zqJ$fkz%r*zIj9sR!2mPJ^)~&RqACF|(QM)Rn-;wKcBjW`M*26^em>#?xvddFSe;m( z{7KP!r&p%Qdbr99KS-gAh{tWiU76=Qu+q%c>}K?YmyCX6w;7>AbLDiJ;BN2W{S;%I zV$v9Eq@KSuC)-?gOuF|#_9k-v z`ldJ<{D0Jo!wz4>-woGd$dLDJQ07WNlR&DaDW$=!{wM7sKN6qVclE@h0W#A>dfg+$Q zUhWs%dI=0X{t41M{WjGqlen)`b9edh>^Pth!+z8=2a`=5zPLHRXFggP{Zn7PWW;Q z_=-e~3C8Ixc1_S*xPMtepPcj_esIrb_KT(KF*ta`Fp%_~Wj}AR?YiX9svA=BxM0s0 zo#(f4RBI>lW4T{ALG#2|2m#;3=KK~%wp14dhg|;Muvse6m+?uQ6YO1;awfEFj;p9` z&@%SDk{F)YJH46E0VF7{Pw&(qQMB>^gj%#ZPw`ohxjTK!sjYROX`%&F|Hzps<=sTWFTROh3=xZIQ-xmK2e-A#-JD!@5 zUYlfH0w2E?Pm3jSW1!i3E|sHoF;T1i2m`JdoBY=!6fBm3u*(KDObk7ZweYh?Gyx1Q ztYvi#QCb^(XK@-%YooSw!&7gFU|v%r6D=NeS=_y<&l;iPCnJOo8tR5_kXwv!7r#Hf{eIHAA-bOMBuuWK%$ly~;OsgK~#ty>JnW>Q{Z`t7a`6=O;gYmuMHL zzdQoX8a6`xhg_mbe!E>tCAr2#VD*y|CgYp4yikIu=}X$MsRiGk!6Y0Z;m(kRbLO~{ zL>N4Mx7i4X1HLsb+p*!-LO; zY*fotGM)2)m@S{^KO<*$EsaV5dg3@eJL-bLUC}FzPWyGrs3ZL0i>r)gqVAg~dlf8o zFwzgyPQ$|L4Nzd0XEAB>hYwREK(ZIDT5eaU*n|7}dtXPsI>D;^e!4eM`+W3L#T9Iv!qJ6=OSb9w{Mgen)3gSd$=a9U8`+FYi~3AP=tgo(|Bq>I#>4 z8MJkdP{~KUU_0oWFaCqo-unm$|iECr6H& z^#!K&C*btb#|P~D-jot|c%1_hu*+ znK&?4Cf7WtSU@0u32fP5esO%3s8!&*9rnRBla+hE8K4(i^rl0@-cF$rrBUDIOs>tk zTIULhl0^*&fT`Q;Xfm<09n5}4tiOsHJm z61em67AX17S164m%`Ztp>$`yi*gZddZ`{JKWAieVGGvx(IhH#s& zYjR&}4|4W-)2g&!28{qkrBm1}yktE8U9}Y>2?Sr3V(`PDLL*czX`L|Xd!ir1%$y{Z zEmmAj8jXbHiZ6+X7N(BiKNV+NLEaPH!mF2EAG_oD`#xyPaCe=4g*#oilE0g0g{LcN z`^rq53@p_IuESlK-TCgl=v4=DI={F=29csNDqavEz%14BrFuWBfm%amyHQ*-R5t`= z8^$meMyB!=_Q&$&azbltLue`H$7|-1fz!DJ+v*g&>JgVzxZgE{@cX^_cZb*rp68F& zo$mW32tp4Bq3jhB>o!K4WS&ui66Bl1i`tC;)^!QFEkarUY5$U(m zJivxwp-Hna=WED_k-zh83atUi=P$8MlDFn-vn;e|d!8?iXuV*^t^Sl)2en-w5+Ba4 zFGQJKjgd{9&M;(n`H`qp;GZ_)51=RItV*tEN?t5g8FSy(yxmD@RWw#0&$Z)cJU3#F zCqvry)o@LXFmsk}ev-RuuEd%n2ZS^_&1;e#OhqNbQ0c z{zd~+-SLn#dM%Vo6&!|Ik;JJD4JB$pVz&HI7glZedk9s%zB6Ce@HQV2U$5sI$LUAH zo*nf!Bm35ATP_eU(f8gABYpi}+2<>OZ-2_dNxAwtd~qza0oDbr(n z8XI?c^ksf?mr&vPG(W1@g8?MP?WsQe*oB3AnPN?EFy9_FTh=j28i+qNIL=0da!uuE zbtMYu`fvK!dlRe7_zmlx%5h}Va8J9wBZedE;tz9;w4aXZ=Y-{}g$9aCHm;}(W~N2U zdv-P)&7KvK{o~WxHFss6+C}8u*SIz2?ia!D7P!9NA(_sgqqSD~j(A*13d}S8`jLjd z*i_n8Yn4y@aMfS^>45w2TnJ8T)<1^X3@sS5b$C7WyOu^lk50(W6XF9im({v;jHu_N z$@E_0{u;=HpW5*);$LU=goxCe3ti>P^|;M_+XQ+-$VWej5#YDbBJwKc=p*}(yx%{r z9`mN1{f*>;)lj*5Oq(BrzrJ>6Z`Ha(DwdodM)lYyK9?)htnCi!mFNSWf*5GvcOzx? zfu%++L|)Mpzlcy_`=7w@gy^{FNs@=sW+}E=?}5yHufJZF%xFEu32MieC;1g{yK2D7M?Kp$okDXuqbIt75SOoBI_2kje{rEtsRJeya9Jc` zolpgxPES4wT8|z4ZnnH#25nHb)_TbJg~mh~I}{^YqY^7`_&yaJHIv7ty5Yy=zE&CTt_6c8xG5s5g&3no8pa0^+UvOHjxa0J*@*7-zV_=`ARB*=$ zdVjxgFtYaYEN=b3;h^v#$bNOaYT7JtFiZXjBa|@_R*#*f^rG^VyN&6XmFB;Y4uxvw z(vO#p1<8F|MGhI^%^Klmz$+AfDn0q%h19<<`uv|J3;qXh)&61)hj->O7^-PP9}@Q! zHCp~b>ynHs8s`d$?#@BAkjoTuMwqVnkygQ*g=-Z;K6Mv}9zH$SAhW?r4)LLNmXo8e z@VbSg%~gAZ*80mVNjs+A$_V{j3+j;aw7x!%5KPUAznUxF2`saE33&?|Gtj1iD zR*?F05e?!ICT!KIP6gQ+7fESKm6hVDPd_emT5im5Xw>f7oywGM#2gfQGs=Fxw|Ase z$lMs$+?!i9^3qo z4>5O$O=i;ofHaOuQbuhQ8gP4Up6=$)DHx;e61G@K?`nHO%+gQH@qkzCx46ZpKA@FF zUIhQBIc$cJ;_ggzV+F(OR10>QAKW$}sJz7cu{NVa+@}f3KN;Lc6*@Wb$-WRh``+~t zWK9226GmAUZA&m}W@zMZVh|JS-pAAM^w^QcHBRw%R_IGRs5f`;GSeACHU&}l?iX5M zR{k>QTzF@_5gI=7)m&bM4hi(mZ^P|Fg;iAd3;5lYvWexNHg;{?4YSog9u_pO;JazO z?n+HNV8unlR@@WF?D|!!=z>wqA}J337t|a^;6B}8QHdi?vS+a$d4~9%1F(GGr5e6; z?8Nh69LLhJ{3$VD=w`67T=M4FvcK-+s=fvNj0@k_{oId?arxLlgGTZd4Zv~K{+>^U zM!b#8SWxoUG8iV7@wmq;R3+Y6^i8SqBqagGCwn!Z3EP!vs54~fS15oRBd1y$6Apd^VIwgSYwBkEJ6wu$qo3xWVQc1);bvYms zY7w#oE=MyizHnjUl~>DU7H%JE zd>6$i3BQ}MHA#)m0EV|N_(Qm5>oTt!ahZ)9HtkK1N>9&V^=FBFW!@rBNn?)jiq+9jtWME#Lr(rYuYQU_uS(q^QV%%2Oh8sGTPAD-SUO}_q-HR^DQK=!bc5_E ztf{a4Mn+Vi7HFRK$kiMuiCX zzRx-;8Nm;v#>pthg%gkU8vy;4)DZa8!)GL0FhAV*gaiL#woUc|^x4{WTzu2NEv>R6 zd6a$_?(n$-P<@97WBgmXeL%xWeXkd!k;JajC7N*T@R3GBPO7UO{Gc(7T-Nc~LwN35Tx6R>&)C$?NTbI$3_>P(Ha8{}kL8Q~zJ z{zplA7}*)B$zN;5FSB8bH0;uYv<@k4+Qj)Lf9h&EqVD&L=+zN8kU*+*l zyZZZ|b`h72l!LlO#zXr8zy0L3^R`zViN@l&O{`?H57GJ5V8D%x+dKp{ZXVzttG7}T z$2PqB2-~z?25zJiykjN{O=TV8Smv(DO`6^Jr%Hm6`ie^;7Z+GzryNH(&K% zU^mm6Ieu`3jICp@V~)?LGy!%IPqlPsrkX?M-Z36jHUi>a*WX48?Z#O&0a!h-;WilA zZA6qNH;Cphv1(yAY4N}{Y^P&=iwCRbn+cSeZ58Mg6qmCm#_n2I`>hUxN&rT*2}my$ z_TC}9;CJjUbnv6=+r3xyt`W9C9LHvb;y$c7CBl5)eP4;FFQR1{fgP%F_JhO!@o95z6|-uPgiYH3_kkg6{3F2CB~5WiqP z=BN#U{1HL(V=TNIZpIycIoR;zq2CeJWPH2+On-|Dc2($}mSKX?XBEd*HUMHt)#M!J z8UTYQ8FKz-)HQv{x_0E@5I2W{?C3y)jm#dQ^Hgy6#B&5{?YXVIfvfW^d2@&YA&Z!u z$y;$GjW_Pw7#m{Db+>U{2%j~^!)weo`{(H~)WN_kT5|@q!oFGqitAmGxQ&Gx_9iW`qN~W};t` ztkq-1e_9&|2TVq{i)XY~jiWw2WVd{6MUUT*M^AD`6oCkQ{)UR+Q@ru_YOkMxv#THK3mlf`dx00-dNiUSp%{wC9Am%-7Be_$hIfw^nsPLWE`J& z{nn^Brw&I<%SPzclN$E)^7cq2dE&ehUfB-h)I!uko5PUdGX;3jMN76WIv)~N5sp# z)Zf$Ck?ctm_=E>;i1l>th4eG&cksJo*|ilujjpI~a({XYTdo##CD9QlxDfLI5?Cd2 zdpby`Qb($aHDFijSqvF_*8t_$J4X+=R9PfOAUy>@AGH)t z@M3Y;!)XS!S3nCaMr{U=rzkvFaB22mNmMpKabr#tgKkNIpIF|(jzP%!^&VNe3>BxT zJdB)GvDOF&3E}|j2sBE44==CDgF>-5;+fh`nmcGspuK2{M zk+uX}^s`Zkc|_QSO!0{p=ZfB2J|^pWJ*M$?oDjGD&LD%b54<>Du*WX3C#4Wk2>;5L8SH7tNw~9` zo!8xr%_-{oPVmpnS>eN{WCaQoww2K;!tzHUs}tPyg-mwqmmeP`bDNMZzn_S!-T!~MA+ z_Z>r=P%X|b!XiB-@d3}E+vrxH5z5nvYyu15Zqm#|@QYXn{IOLkYR%0H%&_qjgQ3o9 z4|(HFsQXec0UvDUdb0d-4!f}UoU*?!t-fG3$Y(Ktm%vZhCbr_!`z#n4dBy`sUWyon zf8|ENyv!s`JCNQbm}U5QoxsN}{$##q=B}UkuT+n<_IR>Zi>=;2IeQv$wS4UK#ebrE zxt>PBxy-Z;>0MiwZc}c1{ga^V2Yb58tTaIN2+mF5fS1JU_U*dZAV{7Ekpn zdA~cf{C3=`mIRhL$$Dl+wp7`wJYXh^2egPwEbZD4B8`%&mcVAmu)VDfy+Y3im-G>N zM7>*gy+BNYE=T1Ki0)`d@uWib6#jb63vxFkTStCfgHu-57Q)Bt8(kAj*@hbBi}-ki z;jgRBct-g3ZxnW~gYr8oEh(}sG@Ma#jEp63@?ult0|B@@p5M({-~24*%8^i*bAf2y zFglHvjq-lhPO>@%K?1`~kHi3k^)9`?O3oir7yB4`-OdJ;Jz=xUL*NNGWfteLNy4lJ zGo$AUM-fkR(^bsHP_P=i+*6EoSUeMr`cilyGKZ zboAi^ym`HmtU(hXgm~Nx9X7x&Sf;vN?_ga~dV;WeijBR@wkRl*Seuw@upn#GMPy{_ zyqCkuQIO4kP%ha@L~*ZSofeTDIc=r(!_m9B1|2p_0r&T4j$QH)-9LLFK3@^-MM29= zP`_E!@FaJMJKyd6tmTyPXqQZOq(WicN3U9Vg=0e$`)o%dJ-BAw10N zxxnb&$DDVsgYzOZACKMiq)JW(S>z4u8Uo7eQeli>?X!tGH4(h_HoS=&FolWU|i>c`71Er7Qaw4<}b z z7r#Zz-SFb+Xhp14+t-=d&tPUA@CtH2;Bi&`5AXFq*93=~7F4c~&7hDxMa+WHgmEOtOBJ;<{BdIIo)Ty*wi?<9uwOc#dhqQ8?8vHvv*(*V!rtv60$P(y zO~2v&>O<}?w@zFaYruQ^B#INeS{p1aX2WkR1qC!}?l@f^kCJMzXO~#T0=`nFN}VOM z3tszEwp3R^Oq90@G$xN5b0cJFra+S=HD!U#ZlA2WE2xl&E%(b-E`E-DqLakoWos>h!7nnop~<`dS7gg5+b+Rx#%myse|Z#lZ>&*sa< zH>-$=QQ3sQK(qe!DkpvAFk+`0 zRyMRfn8DLNyYdF4tQ>Qo#c4ejY_JZ3;580#KFN$9nPhn-n_{xHaFx+=JGOCfP~>H& z-44QDxQOoHf0g<@^{2mnfd$o`_olwf+**m-16+YQ&_G|gc?zZ2*KfAdH*7%a(ZBa; zp$N5A5M1C2IT}6Whvz+Eov4_su@(x3gDIiKYGIG(d5cxQuD%eupj{2zz6qwz8END5 z+;;R~g25*z{RW3thw{$P)KW!^+k_M>#)<+ofC!#i%MkiFB15~wdyVwRF1Z=vhFuqx~c2{5L}+ z^&lpteygiW8Dyi()6R7W zgX!z)4w4+gt`=q+dTVir(9tVj5NTCXHuuQLYZ4U}Sk8MxzKhtTRu6H}uk|3eZ`QKj zr&d?nY=0L$AAAXIeZW7{xpK7Eg>ZQU1Hnjr2CdlH=X)CJ{;xxD??6cG0a_@;=<`Fw zmcjM?)p7)_^XJm?38w2CpX*yeRy5C_7p`oi+4^)?mttgQ6J!w>@b=dTUJ)*u;_wXd zrit@&#k@w5s4Uv<&p=2)``aXnkgk`?cKxreRrZ|`bbDiw-J{UFN85rPX|-!&L5REN zdPTb&diW2s_$Kl!Y&V=~-aVFCIzQ8u;(tX4@`Z3Y?>J#E>>>l*BL zkS~7{o*~bOb~nyCz0{yhh1frFaSi6HIVkmWdaQ~;B|eYk;6>@Z^6YirQE(XM6I(SC zZgXq>v|k-HN2Dw=nFr)T-y2F<{E%K-!+Ty8cdeU}aS>)1+_KGu!(>m9LvdQwrZjc& z!vFm2&b7z>QazGdJI`NBr>p$AUDWwE;_LATM`28w$yEi+$yF`OQs`S}`XXCbgQAyW zXHql3qx8fjY6LlWa~ue50DkA^ z4ewqZ7sCS>CkpM=hQCJyo+w~N*7R~`-jsWXn6D}_u#ta>*tw=Yl4|GDmf>%}uv#Ny zLRsOE;rw=s$F}~y!?N!M=OF3!>nOrU1?tf~BvmqXdj?b6f~GCg)sDp?Fm7>XU1kxX zp*Kk0Csy_c^>?!5hd|RLU3=nNVn1zbeQ#BgO~JF^YR3azFZDQk?uOK5bEdMVF*9Ay zGPt>w8kyA2U`asPOEGohoi$o+I6$(`T=Kg9wMqX|y_SUjn8KOZYvuP4z>4O<_r`XL z(3DAW2J%a2JxC1twIgw+u-{8(H#MHX;-0GMRhLETs(SYC125o+k((@i#8*w-qj9cnk^ARvLIpilEW=LBmssyJb}ZS}C93cH&;|d-uG+ zh#XDGNJYF;j>V3){(7qC$qHz&i4ZIquHy8E!fL)je_mZ9@QcDv1~6d7R|V7zI)z`1XXo6#yk)dq2uN;z4_RL4u+X@4$?Thj2QMHQr* z1K8k<)>H^nSDkgcEmS2+z52$H-=~!s!SlWv8~H<|q_^Js*4m1ed>5~IhCSHh zF4OyH`sNcGPJ(-yuMO!LUsqy9f?{SF?PF^LiEZ-bAsZGeh61)TrG_!|o%5tH-ZahU zC3f`PAAszaC9~35Z-&XB->voAH#)Ct+5K|^7BTZz^NC5clU;zXR$(#c^%iZ&#YV%{ z=xG9Uax(q1#mmJjk9Bbg#@8_16K)xKJ0iJoX4C8#kP>w-EpJK!DFz;Usn^UOtz?WIv$eA)C*HwPsmf*G#W(mhf`NtV-d z$nc!XpV>>c0cjM=+rLwClOc)=qT7j~Rdz^V#kR~81!`++tIty2FfO{1Z0;JV=0(t2 zawk|a8x&?ZS4fXczBV5WDRi$Ndwo{#v{u$s-!%}`V9Y-eCf|R6|MP9_$T^Ml6!P3D zeJ8%ge!0MC-hY^eY3x(t@68;L)}3GFX46u9dm%*MCp6K~w%y8vcP;>%zS5HqQn;4Ou|0uaYlH8%yg1GL5WMkZQbs>&EbpWnG<&u?!dhLv(&=ag&R7-pZXmA7wB8dR(li9cQNBQ(V6YHz?6&jb9(NkwH~W#`?Ciq3_520P~LW~Yyg4?&j} zi0^9};K}>^x~bqG59RgTA1VXTg| zwD*@}wY}5ug(%awK()%K&^kSwABaO1zMuF|N)PHcE>}g=EZ}PzGXeL?-jN-E^)uzz zm=axzAvb@8kAc<&h<$d0z5L#ND=kQPYarM^bBpw*?65$1L^S3+k9eXQVZ;Inu`6~q ztYov4x-=7hWr8p-yYQUB7O2L1v{Q4Cw<+oKin@Iae-cbFUkKn>C0&*8oGiA^Wn5>G z8UpKVl6~+0zD(qc&Z+!;A3Gg{ROeim>z#N?x(hl*V=Q@#DBs_+w{YrYFej3u1c?sn zVc}&aVy>L^AeiZno#tWzgP^2e#tql%PLC@-eQ5FLlgPtE=D(51#4$-{q)DkOcxM3d z4W2ftR)joA*otOHh?OpTZRFkI_d$vXYG9i6KiC2o=jTd&TjK;nJ`Q_&ihwSAKT|)~ z{!(t$lkal~AC;Ad^h_jvW=6ieflV<(X?T>+Z-x&oTbI5<2Nk}=cRe|4dh35StGI&u z(d9eUt8e9^DSasFG%QA3rU@Gi@a!I zB}{GOCf;vVB((B@&P>ZyD*QP3_Koe@cR}eA2{fpyudO0L@(7I?m`KLdm`<2zqtoPb zYoP}mvdkL_=aJod{W-;j(9v%o9H6r48?;I0S3c-mzL()3tg8M5Py8-d^YcmG3@%>t z{lv$Dw%CHhw*to7lEGp*1-tsro!rS9?KjyyOv|{c6Qf03dU!wwFrrlyk_UfGv1QOpGppCyXLQ-7e z5dvqkj!VRjSiT-jy_v&`TWJ0SQiM3mN)WM)f+6<_h0KF0by&TFcbW&kx6!YUfhgyO`Dh z_xFB%j-G*K$Zg0GR^2K=nC7qud)}q+OHf+%jnZ7SjL%SqOTc;2Id?jo5 zl-PieBhr)697&P7YXgL4OMRz(Fuy|^Zlu-<`+Pmw(5$KJ`V>U!m3NZzX^kV<(7tqCvhLIelg7oM=|!$A z$qF~5Xk^9FM1g{NPt|~EAyme3cH;XcBoEL9+8ZQ=W@g%!b52+5nDNC(;|C~ttTb#@ z;5d6;2TAI>`5s}-i(PCoXHM6GV~iFF>^^>>5SeVlw&0>Q47s?d;8WXASskf?BWLz8)m&cy+aMBU(t)y41%B-wNdFcCh@c<^bih zn%amfR_kFQ1VzIHR;%3~s5Szt#d=`#XB zns?!j`;LMK?XP$}JQS8P6F!Veq*|CO(CA)3Epu1>PF9O1p6XqMrDH8$1%z}Jkcn|f zG5L9~wgY@`&0M*?4?S03FcLO?ds3O6zWDk4xin3$<}|Q%meyqLGz**MV?vR{8oaMMa{J9bAq#N_5sETr`$zz?ayk`2*ppialk`w#02N{#$=kCUyE#e?W;kl(`#dIkLz}Phfw;v_T!U#3E-+|Wrx&& zK|Ug$+Qf{=F)2giM5^kzh|D)}W&F)ayU2_Vc0g2+-i5udfH`#wGy*5ddm_ML5+AfET_H?-~3=uS=_qQH4=QYOxBVq~0domYHmxQbZot{Gq| z$^`{R+DiUf5$p(EzeF`=7RKeJ=7(L%27T%+YEOiSzp$%!WmSw;E>t|rnT*r~YfYH5 z?R6`9-dn|it?mlTyLhIK7p}`KAcLV+LroW zZK1C4CCG$j!*}QRSJCOv-^UnmWj)mgU_+|t>IZ(Bk#$l5WLwgUhgbYh%xdIrW;>wn zVB}&u?B^KTDoqgVvWGxOr&vxtHc#^4`SahO*w1Tz5K+&C-7^{N*)L#o-I~4O`aMev zqoC^&agLJ;V*j$K?QDvqG8}yactF2So%eXw9#N7`Y7{@o;Oi%0o=Fa9#40WH&>eRY z4n3X{FP46f{x&673r8`I!dFnfE$qFPDa1K7y2&-oJM9N3HoQ~z)-r`k_X)8_Ft|f% z+j%b~5YO3k=4j=KAzf>%30Ec#tVTqukHuCD`eRI{WXD;d_PrAL(w>(mu9^6atF8V; zI^w%da5TDY$*+wm?10*%wSvd3|jEB~U?L1O+zYHo9K^Mt&oQoF* zl46?F)1|l`?0;0!p+Bco64}G8-0-V5AGA~+ewlt!#xl!UtxWYkyCp7iX9jC$m+O>a z8EkhO7E@57JjKfOn}C<<@lvC!!Fmz>SHsnJ@O=r~uKU`jMBqXU_gK|+o{NSgqb@+t zmwX9*oOQ?~OoV}UE@Q#f@s8o?khdni;X&vG#|@ri%5GzS{d%C-5kt?lR?wqzVjFR6 z7OS&gg1^@a&$xnBP3+z1m--x^Bdv3)dSycHCLFsI@K#9ivNkQJF4NB{@#i^Dh)C9X z<>Vn{h2|F-9jtD7(5DYXHs$zEk(3SY`G;HAwo03iK$j=#^$k1x7uI`a$~)gOqg8wZ z5+cH*8`IHNY0vpBKVnzqK~+fC&^)pa=1{lv6}IZ!uL(WaBPqVweG*we7NGQ^a`mE+ zNY@YBa=i}COu!5S5eDp*eY__-Jc-eUu&?id6&hl{%HBN1a6(Rm5z0}oVzupD{2swC z1SVzmVojsu8I5V1w9bt>iKfoT18C{opI3oKf$09Q;LCL9&&O53KrP%pn`u=6KP;Qm zWrZ3>tvDoCYG&6C`#Z$D2M9v2jkoKUbV7rxa9ezIMxo-fD9XJ>Ha+f6CIp1iBpG$O z;OBS;_nF?WKy=b)XwvSn(*CoUfeuB|5GY~1Fc1pUjyj-MnY`VSv)g?VF@0hDN2e(~ zi(z%P4+45831Btkld8%YA4Js*@hLq6$0c#;%rJJ3E&ug_` zbQ-eX2>i&SZ|!~7W*H_eETHh|$KdD2XKF)|>w%U*X< z#q(yba3Wq`ig9=(N<3h`ha_40pVlh3MKpmG$P(f#&tDvGUYL$5NBsB!(rHlFuST9Z z{@j$m6_i1|)(tV{%6=XOwR(X_fjrn9#)mY!Ef#N2HnGc~e-ab(IP`L#s*bkm+|sEc z!@YX#^U|%IkK7^CgvQ326vi6PFXtoOgd(}7VC{|*~ z%cUXkRYcvc~uY|1~d;@=}v$ zs7V1-TXy6t80pATo=pbCBDj47vp6X>J;9^xdK790X2|FF+ATHH1F1pitL>=6M@$>d z7qig0`0fPs@zK9YJV|(2V%TPTVSM#0!Q;3B6rnvjqT>Hn;WbggG#Dc^J;{$TvJ_$| zPR_pv$1znQ5D27|#D#uyac829!v}ZWaM7sz2Jt9N0@`gmEYa2I%_cXU!vsvedc+`d zBq`_!7$CJPuU_5uL=HBGGa+OD;1ASK2I!q}haE6!Ri{3iY(&<9lXi)ev+6+Rh-w#| z^{mwisaO!PC4|c017}&ml+Laf&HricFQeLuo<2~RLXo0{7AOwIO3_lZxH}YgQd){b zkYWXbOK~mkR=mYMxVw9TTOqiF1aA6&WIgX%?}z*GCSP*)IXQdpnLWRmEi)r#zbzkC zo)3}c`qn^-EqGNnV6_;{-Tbg7q*cuJ$CHyv>w$8zFUKjK%#9pl6q&9H z?SIPPBR$^_@{(Gg7e{}B>7~oXbXBhliTQKuoWp+Ct36?c5^g!+C z;IisOynBkRb60z5C*UXw7$?mVGV1w6Q*NpN zM({V!<$eK=TkyYA{q{ivVV8bqa!GIPCn=`}4lywo26e&LBD4 z=dG^EGZbeFBhcYm&v$GyBJ#f5iGB7C^nZDz>~{9}X0`CKIvXi}Eq+bIYXt0);6x@V zm-Hc?|LH5K_T}G44aAX+rvuikx(AJ!Aakml-Q?-Srt|!KNFP*2gLr?DyX*|#ajTKs zIYszAW!Go@GZ{T$3bXSx8pBq0{U2fUDrOH#-&`2s11vY+F!_3U3rLP za7SLZdq2{ybMbGM`3E@DZHjNfGvxV>^kE?CR{GB}KCh%dgq|-gzhZ1BJ*{JnFHQ4RKy)c1 z8xB<-;K6hZ1_4(r<9S25nctJqkIJEThRo3e&)OAfqqt3gf5q|v1?x;~7j)=ACfoQ| zkAlrh_!-e`{`i!!MVOLl?WfNG+Dko9g$qaBl){DXq0G>j(_*5I=QC$HI~M*2tZ>tK zl0`it(o}{g9T$cTIFHLs=~tu+hB}w!R`Jx}P>bB;g%9kO;wh_`0lx9puYFz(Glz3l z>fuLwoxRjMe^EtkPJApkBYSTpS!_|vK!YTsI&Sd$BvC_olt^iqd56G*^T$T#36e|C zX-n&f49`tcVej2Z=h~Ek>;NHYh+_E%4&={pW$00AazgjaA4c`)4X5a81n#BrmMEuO zUH6zz0|U)u&hofWO)a^;p;{yha?`jsnhRX{Yz!_(1$~=E@bx#9qfy*u-r!(ylX;OE zcqWmN3i?-MJJe(nK6k`phwfONZWgkwd&{2U8m3>YIBQ1zJ{F--@RRX^Q4?@05YJb8 z@vULNOS%+th@t4>ex=b#(SZ1U*R;l&`kj~o2K*kV8(teJ@r#Xd5UuEE|*lk4`roM3q*G8@DBuj5wY^(Tf_DJb~Z+)_xp9@m` zSY{a*WqtN}5uFvMc%x);#3>y>Z^@IHJ5+(%%KGGbyp&gHrA?#R9P=fGX0=)PiGb?K zS~1hZmxFvm@ZJW#8zekJ8M&+w%E=MB1hOUeQ)*k{EM zhi@;;iI^t1j~4J8k+rsSW&EyZV*Lk=%fit4200o?yz)-mD+F*IglvGpy5(F@}0Hmu%V!`_a?AX|+*tY$EfvPDvgeKyPHUimY~Fo7yEj z$c|Xi7(Vpd$|XNw(cHfgS{!9S9zdEMx4>p`k07UzzsC{0U+fV9j>{>R(*PqDBTW%Gd-o?17gOCPz({^!}FW+bFg z)#pu*Qf-6HYbdpylia+sA@xIKjy0nYjA0rx8uxoAZH?W@%U}t?>s)?EjFW9bhH^Y6o$e_pJjTy zqfw8e5e#dTMxKO#2iE&a8O+r1lxEk`W<7f!q26V9DCYa4&PiX5I=u{b@_j{6@HzMj zAGO8+dX-(==tKMn)!bk|4KH?X9ShT+q^$dpeid0;&HmKdz>q4XoQR}kgFGX=@p9qK zX1`dyzB`o?`sd;*Z0m)H-geCK^dk$_yRvz8Aw^fycBkb#(EtldCqO#2Bnyp0V$Q%L zrI(Br^YUGrEk75~;$gKwB1C_xE(J^@)2rt`qtbHYN$=?3f#*F@Bwf!~Sn)iEHM%U1 z;dj)f0^4OPwI!in$VC510YRdapi-&3uOGSX368<(Uh&sq3WzT;vbv3N zRMbq3&uQ+&m)CfG-F$;SR&fv{5w<)8j9sI*I@MptnNrRGNi z+wYo?r%)`=yJcF@&ENNEA~yBXR83cQdaVP6V_dC*z?G)&7O^eejuSd{2RD??kY&Rr zx9)?+6Mi|TLs}`IbI2DTMCVUJTK;||9-{x12(rB;V!mAb$;@dYrsTE>PD zP$H%m9Af>#^Cc~bU&Z92=c8pkU3`_5>X^+q1p4FaGNpey2ygx`-}kiInOz4iW0pmJ zVy2kyQm+edvF`R55Z8V|E`J3hlL(lmTpx&>!hMEf$r%{M~SBnIvslbXDy*Q$A{?CB+r(8%|)eaQtNr{w>-EDZa|JAa6DGh z1oB$5A!JmZR+LA}Fr96(7~u2co?fykuooyJe4QbOn;l}$=ISDLh3vUAf1A0|$-Wk% z^~e9FaOS3P`OYL?7hI~|+TgIZ-)60|GHk+`kT5mAx2wUp-)3(z+J@g(FWkNc)%zrU zzK(dGXg2R~8G-etDwKhrAG@+{uwJT)#Rtw?@S!}hrg<1N-!r>h<&&w zaoE>wR*2wRp%)euY1n2bMRv;@MFMl4$7JBYX9oV{W?cQ5(|b})Os-;Sy;;e^25B0< zpXTl@|5H5B$#1?FD1iJt3O{}p%5&bSXynpz(R|LANog#>65X>RQ&2r)SeoqEExB5O zlpL^ilJ_pl2Y?tN1l~zF(fE}u`Y|g-`8jsktj3j+WOdf-%U&hEZo1YvD`BH@lCgTV zsz+fnnGcAv0j6j?f2Z`Nu|^AAHVfEjsVx|`pgM;46~WAIb4yEj!-l*yIWi;Sy&mFM zSASWP9`YoQ_k3_vnO#21)47-p*ZCkGC}w2bx!eyT78Kzj5y^}B92X2)OCKc5#APPY#q zWu%|XZ)KiSxaVA|C9WXoyJlyVVTj7_ZdPU`y@spI9 ztJ{Di=gc5s6G?~uU*dGcQ`$=nZ(C6 zju9>LcW$wnch!XH_GiWF-zMMVU`I-0 zzhz_aPHcCj075{<>W!ZwJU=m%kczMfbfF>Ik%gaVBNGW)xn-VVV~IW~E}R2amhk)# zkYZJ^U4TK8aJr)3mXYRkx*dn7D|O!urNJ9ctB^-@wuvOu3qUZ`qH4h;ntBd+QS$i% zp&_i8sS;EU2}|SS?+>wAsP=V9`dyxHq{=JUKyRB$J+=^a*(&vs3jC^`9(r)pX!Q{{ zjV3kp+hru1;LPzS;CSc3zJB!*&8a5Ufd%4>PYA<`U*mnZ^;GpQts9$+%tm{o4o}O+ z;#5IM#@~GkDvV)<+dMjp6@p<$(;X=FW8!|C(!Hc;WVZeyzL@Cu@Q1Z zjluqM=t!O#6--K*Debzv3^033vFf(&DTE5j>5hCI`LroO`^yLo{rgaYDoH5WfEx=A zX%hxa@B=3+gbn87@A)Ctz+Vy^eUcCs?PObFSMxkOZq^f*p@6Sg9u8-&Gdt>d)~Z_$ zx=LRUay5#y>8Des0tjWPCo9W=L+4t@);Bimyp{r=iDj_qvF2IN0tw^rt}>MWSh|1N z<5=5l1Fn2ixkxzJC(nz(?&5AwONf$4sKI8g=EF0<`ufwe>bUr?#cag>V2i+4sO?$SUIh5i>L{SdReI1ErW|uz=oVOD& zM;O3=M@SthZ4EeO>Gx@LyItj(XjTsCAwD@haA^;+M&e$cm+pH+&2?_SM8#2&YJ> zPxAPx#%tRT<_IA;6bu^qfvT@vJ0!M;CfVF6>KELC3dAFng9;LInESb1(Kc$5_X{5e zyzeFLwvT%mDoQ_pJJH@P1A6GVe;jgT*zGUHc5MKcfO`^cM=uKgT{;L~I6Y7mCJOea8v@KM+0 z`{5k0(+TbAIl)>*0t1rdFzD~6^mw-RVj}1&%%{6kDZ8a#_Ihd;vvbpDpKgf4!L5P1 zbC-aNJyX|m!saXaUvlxHI_2+-b|I8MZd4Y=7F3M^LYjTMzx$WYS?cZgXg}0&KKY4X zZ~yVqs@}aA;MNoXkd8s97oOyN zR9CEJk3AXkP4yuV7|7ho_lIh?xB$cfZG4Mf)iL8M^h!F zCqqQG$TU{W)xrP_r=N#)tb3P2ZAjaTV>`qAINoxKY4;*{v6jMz%k-B*HZ*hb-dS=% zq4->h7{Sv6dbqF_6?cm#%le&p`06@mfG;h7(H`P1d|on=@?lZW`VmabX20i4Cukfh z52zP<=eA@N9fj$^`9kcs50QaG%+u6tqtxx{1&@b#Mv-~0G;2tyx@LQnYI{BpvaG-? zZlAn-CJ%PocVr?OJ6_MV5F<{-mDuU3Rz9SA=upWphbI~uPnmNz_*}REl5QSQ=f|CR z2J*Yy6?|q|AVI+3@%iG&27?fH>cSth+jyCmBh|tx$i|sRcubov{R-ty;U7WGgDBIl zM4G3Zlg)HbpcAIIDj_(9o*b!NEPa+Ko_HjNkEwsly~>D2M1an~`4I(#Ie%4%_W8YD z?~#FLR5g#*DaR>WI)CP@^&iAB!a3dEXEzA&Qo&LxxbkyVCA)oitMdY>R!Id6W_ajg za71`0MHO>rp1^(32I|&C)3=ZfHNb*mThLs&R)>@6g?34)wXu6posYhF(Fmcbtxf?f zFma%<8X)=ycyH9F(=wh4nj5SDX}^18Rz72va6-*JjoWl~eQbe0vb%4+#WK#Saq{|w zRfNNb7lcF_nTt}`H>#%Uo|%iIVxD4awHV9W8%uyf!G(gN!LFGtp~s5kU+IluVSB_? zSk+|^+!#Amwb0C~Q!Nf)ArQ9Zyy^eCA)>3dmX_7DnIcy#CTfAs9dQY`6@LRB8riDI z`siGG1`?#46ZyO0oK#Jhblpk4hhcH#A+)p6oP&4IVCyvBbMXf36Jy&3**HzAD*9+m zRamMOBXn@!{9Ry3F+@M}S%4L5o7Eeb?M{AT*mj2yyQ9z$e|9;wNK|_mDkX5e=*C7D zr%m6HAZ&JPb%yu**xACm91D&X@~0Rs`Ryqa9H|r-cb-4GiHBHSclS0OTt(yz+;i@* z_*w-ldmYnh2Te4qf>ps33~qfKdV4x|_YqMN}Bx zp_pc+v!Sys4I3)z#F-aCKuO!f&IR8TH+X*=qQtZgS3(bfT8{if<^15I+zihTdHe7`0 zHx3OCCnb-Slg=YniD#-m7%p%Z*SzkH-d3Pq&5t#Hrde@EP4l{gx8f-Oxq&{;jsx%! zx8btkIPgX85w^j?Nb!KLr&91YgIyw#@5>D@54;1wKILi?V)QJP!wIKj5;*)ab zbJARGQC<{BvqdF%y)X1roCCsSDq1R4q8N!5^{;{>3H3}pN+$aclIR$Q^utyRUJm*Z zUSHKWAec;?n!O6?Dj%DbCA#Z71PXdjaTe$1#r5Q=9UM_!vZsi)5i1mQD`s1gV7&F{6K>3ep zcN}l|pj2(M;#2;)_(HF!?ksInlr*|pNqB8%VfdMppJv+m$i{V@V8FFGnd|6Lk4IJp z#a;f%1{t$DwmU}gDPIRsRmLS|Ro>P4c}pE!4pwwMyk`1#RyUYqBN`K}r{E*H*S-*Y z`OpRl$x-g0k*CCT*?o5^(=?_d@hkEN_p;=o<_Fs*@yW6yFF~o9x?v>GhZ&%hz2b1> zpEYcsV0x|dc7GdzhWQ}Iu4i~ns`MN%8@m+M&(cc@oj%4Z>km#Z$g!~!Ht-uy*?mumRih@*fWh#GbPC2?KIjRucnuLXT=ZlwSK3IRX)2{AQ(0Jg z(?mI*_@TvZl)1}7F*`#1`S-unhLI`K^TzY&|IXg!14QDmX)>oveahcE>G#0#aFP8I zMXaq)<+Lq!dX6Vi$L>lQyB2-cC{eC+Hm;=@z3;s&kx!rGe1Ih%`d-4i)> zFP6qn9W}2@1kp}jC3u3lZ__K!Je`WD`o#JootbMw-EL0SS~)PACgvo|vbqGn)IjX# z;GgeYe+QQ*J>q3IRc5hlcYB->(B;fLIS&T)df1>7woI>Wg4mjD^YQ_SHYW7iN!5C^ z`H)Yht8QB7^5#G&W?P)wk6N7*T9h9RSk{4P`>YZh$HI0i3@m=8)=1NQX>bj6@9(YdkKmk*m9{IL`8PrFG2GtX>LkQUql4RVFzZz zR<6%2F$FvN;*`-kEvoGw*$RN`oQs;c_lP7weK%;uvaGavtpvMz{6*`zdZMv@dA6U_ zib)5^yDs4W8z^}IO>xv7nJ~5ozq+>y)meC5M-qH3RgqmS_+ChOT3+<#*qCp>V1n#lb{U?Gk4zXn+=63_>! zw{wc(7Rv4g6DD}GI#XyND8-Z&Up_r}>w#Ydg_r6o-o9Q<;^Mue{YyS7Dzzr=vkQZW z1JIp(nH+ixPKn8~L_BtC(;7U%E6})fP$X^2^v(gB0oZu*8xG@F3R{&uf6eZ&4HcJ= zWVp5cv>T-?){aLYW7aKY2$phA@_qfsWNsABaD%U2%wDNH^&xe%CjV{JTM$?!`Q0uV zPBRdKV0j9q`&XF}-zKr`Uz&k-_I6J&_O@~S9p{N}YH=Wxx3Bc7Y zIiB9SZC0-6w7A~bwk8986h%|W{SC@XZ;7uqVdGh?XPjCNXP~{v>a9RsIWX0RkeD2O zB|uC?u^7|VMk)}B;bj#N`^=W&Jf2FMFFh48DL-?0m#z<`1*2OLo7)uQ{^R5{oOxCp z`=-8P@*&X^>`DT7rhuq_O3i0P5F0LdF*^AYcEbtYbuHP4f_`lvEvo(~99**K2{DzE z!1SxHH4pF-OuY_6{c_!`^$p~*!c4Zu;np3iIZ5r`dq~efngM3OLhtw`O{cAET@?B_ zCdpQ=51hu=7>gF8Y4kae?7=r_9O;aL9+ zSQg}b3))RRmqe8zc%LM*$j^A2^U*@4ZGM}?=Bv#NjN~@L?=FzMzycjfW_Xq=`d~ak zlt7d$1;;3`nfT#rQuCrTpA^tet^cuvxsRK9Zk|`9Bn{_MWH{brEHo*$iRt%+m!!Ta zN$&!aPg=1mN6*xQY<=r8rqN=0>OFf*_|#oeYoyvogn-gEute z_f@&X@i>J~L53M-8jyy`7EW!9dqc=lHx?AgdMc zCw>mNf`o~O*kzRZCRy)20d0(gN2?HKii>a0C;ASafr+}SR!{yR!;+mF)sGKhP=)zG zVndVC7}+t$>6OxLhwzhtNPo6C)v!OqcM;$+(E^(n%&t8SiPC-p3E9w`gT_5815F%K zCpEqPdtVLQ`NZj0=ea2nAUv^<#wO}_=MUok3*6H%T&+xXw~j$yMFrRODFvJNjq{8{ z`Um12hdemy(-!lJSLLT4jeB_rivj%q4vBJi_I!IQ?i&bBZ1t2H{`yv2t_^~q+C=L} zkV)R_OBj#2A+x;YI>k~j1E=hi53$psqB;JtuTUybRo1L@6Dc@ z{reLFM;CT3!5gcDA3<|Z3Djr<#K1~y^#Zu`h2Um7(+W2t{0d(~+|w$& z`~x8@~!_zw$KtOtZ~u!M=rZjSQiw`Hy`@V>{9-^cBq}Z&bheaG zaXKkyJ6C9WXfu=xA^(LGn#iNzQNATkll=Gzo_J0aH zQJ#dIml;Z_APV$UP#Wkx`V6-W+6<7z9OZBN3H}v6hNB9`NBto!_#lPB{~+Z+knx`v zCJ)jQmBk?x?f=6saft*GL}?8fY>%p*E9~Di7GceBGrs@thWi61Vf;zld)99;FqH_- z&#_(6F5hHadb46{GXe`=*at!_ktw^elzt+4Bg-o#Jia$ob zNt*?}$Wn^7L~Z1$kk5a$0H7li zANMGqqeS) z5l@|8LHro~3f~mP$-JPtu)9 zyxi>B9oYCPqU)9sHH!A>Rl(AzAr`fYk_psZI4R15_0zUIs^|mGO!f0(02ZSls%TOQ zwQ`KA=~Xjo$c7T0dtcdI^L!Ntr;QpvaS_O{h?dv}89-E2BSQ2^Iq2(%x?b zl7C%5*xI(-lAq{M&;8#QC#y?apVwZ0^R}Kn#`-1`K17rHGYs;8$#<||PhirT$`cEb zVRmQD1d&cgLq>RnOCjec&wpOlykBdGZOdsug$JY@71(I>d!h#C{Ec3fqhizx%lka8 zR08m+*}dV#M^T~iKXfs=JmSpYGa^|{v}eC!xBYD8FjK^{&TF%F^Ufajb!~|cP?B9F zyKTXFw9M!4Bd)T7*d{eJFg9Ls3Lv{oH%y*9vR^C6mj+|G{cUlDb$>#h*qv<|`#Ewy zk~rDE8a&X~sZ6P_cPL4?3~v5v+AcbFTyZ=+Y5H%&g_g%P{MJsQ2IZIfi&!Z--;-Tq zq~oTmsL?GY&`ac+x1>~ari{=O<2_JcMEgAAL;UP7)rlYJMkyqy2Iy+->w_CiW6`(q zpB&wM+&cXouxi$E2i4lcC;@1aW>N}}6&?K0GCexlvx(3y5M9#^Lyb7&e>8sX08iFX zKz8>fo(fb0W*lmW*0WDw8_H@r7SS4SL@&;lwJDB6BX@7@L(syDpLlo-n_j%u*?ITW zD@({(g|PkfT|w>nm($*vFJvWvb~2)k&vNIMxKrGR7%-!FnkmIo*-9a#dSK@ktEff? zw#RFz6mdz_&`FcG?-NM>c9!k-Z_wWBm5)QJZDU7`ot8@jGubB(P6b?V+ot!Z+D^}x zjcJ5?bT@lkfbA3MpuqXppa0 zG=A&EE&$_aJ}GEKBb*yq93Qj8l=>|e{tAzFcU;AV`U^U~GVYiEEHWD%8e_oM6n~A$ zLW1npcHE!6Ec0~1)VO0nNF;qiwj@}ti%qN7VMDZj5kTNOJU9MBw_iV6Zwl3vH`2t| zSfB4SfixRqe;c8yGuL<}sX;*KXF$~G*KUq=9Kn5xw!3ACG(QkLWs8aHi?#MCt$&@1 zrxv{_#iL7fL~b_A+$sy68ENi$_f-K6>*$7uHw{w*cQecEbds8X%NR^uMA*fFn1&gj z>!9kRP`3@=8AJ&)=RfgQ{0^5>^EEH&k}Ly+Y4}v2`Fku%C?j8Iz=kR{@5AqRXnUSA zCZheGQm}5m#P=Yn{OSDyIZWo#TCC5212S+H5!C_zT2x>CE0^^dASi>2+_l-xlzjX| zZ4*occWxy11?xgtm-%#<_pTx-&9L=*I&{Fk7zZK5=)d=q;Bsr=!f&#bV2LtM@?uIV zaKJhi4rhGkgn~vsDKDMxG~BfNc(*lNn^Dj0C&e81+ZxjG@Q)e4Zf<+Lkd%T>Q6+vn z*?isia-zM@LjL$X_60irLTSwZ?pX_5j#RyS_lLPGSRf#$In99D0Q|zUr=_z`StFPI zkcvisOwPRkN1RW^B{3((O{W8(3uc=ckT{d?-3YB9+WwhE8F_z>zH=4?_cNr ztes6U>Ek-r!dvxn)qXP_lu(Hn8$Y4^CcI533P#Tw$oMBcY5zC1kAw1 zs_;Ngy%_@EWH3=s>e%%UdZ!n-c~@drj2HfZ2t2yxt}R@2yFdia_j=#32$S+*lEo7n zX@8x}gJTrIBMIqo2XaLiP;1OKP4`L!yFg_G$ci3W^-QVU2FMYzz->#8{+vI|-Wgu$ zN-99LsbYA~`QuRV>50K6QXKZ_`=OuSxyWUts>jCcX&;>5DKH~T(KhwUQQAy&;|-u- z@bS5s;#wp_9f0KRi$7KF!5eCsKDnM^q>)B1u2(R=cc{#y6p%i%k ztx9`g%X}MenA?q|RP&xmi9p3A-&J`vobGuY)PqAcdO^b$$m(@wmy;*Hf$;c+!hoGo`TN55{RM9 zHGI>ce;VF;9>^std|jTFIs0EfDE^n-|G%1cV88JJveit=%6H*c4Ecb^YHJ1x{`ZRi zKz5vjJXm7mQ57r^@IOT;oy~x%M&1!+7v=@=AaPL!BaaK?KWGa+&_}8Hpm-`&(LOy` z8{Dr=!_N_yDu(ca^Jo5@O@@rRqoAP$^Pep+#D%RC3v+6 zVx}&{Z;2zrR@k>4sPm^zsiEh81+QVh@rvRd2c5XjspDBmzeO55Cn9IRv9Hv^AVm9% z)pQCOC0VczN>D#py!>Y=B+$TVZZKHR8OS(P9wA2_Izp;js+>ea9Que!4DZ|+-cj|v$79f(qjDiJ&a)hh zJ%Qs;ToDjz-aV!T{txfs>?dJ$*11ytT4{%F@Vc89o{kaqj1nVsg_V%f?KvkL(RY%T ztx)99%xyF|n6)BzuU5Kh3f8M=Jpepc?S)L=|3T=Q2a}C(y-^5qK1z{wk;b|{okp!5 zgrcQWl6Npy7VXvkn@IeZjf3heR?erk+>0fIxXq7hw$|rRK#8MT2Ar7X5KXW&hK}W@~Hpx)AVTuPg=>LNJ)P zfvauKg6Chpx(KQKFK{Jr!uw`zmukM2r+*tKeLL6ob%e}IR_*X;W{vk&2k-M|q!Fib zJVt(ZCDo+30qVHlX|v@L&zZ2`0l9Wip*$xSzw+j+wM`(UAk=;A%uMBdTb_O`W_0eG zx3et_DU{4ciL-B18fyQU=l{*LBFJMpN(>(<|NkRK_a!?@^1BA3|6|hqzXgM1hP#Ut ziJXZ|`{`-}1+9Mo^PfIGFPLU_3!3Ju2?#{ZSw0GC2X)={{6mz7m%OC_tpCCi)CEdV z@o7-3?z+`RSyDXTa8NUcEe#YXbxks$?nOzU)ESmc*uQ)K^Y9F}A_WSjuzAY>Kl4yC d5TedUG+aA45lF!J zUhaJE_dfRzxWC;WW}fHF*|X2y`>egzyWV&0NS)WJ&k3jr9z1yPTwP5G^56j;*@FiU zZJy#{zl|);sN2M>rk|NA`b zaW1xg@ZcV$t|YJTZN8g{-@>M9aR2HvV^kh{P30p3W>agDM@c^C!>mjWk3t`DL{Kxu z4>mgss6QQGtO08vW(B`zN+mFEe4+_<*AmD*B@a1}YW0>u7qffVJ`WDiMr!~ry zVi_I^lsKCOW^96i_kCYUbP<$|Dc5Nk&?Afk-(9`&QDE49%yrY3z95^A;Z3bLL?Zu?4XVAW9Yc_Y^`$~YDNU5I3fsMwC=&%&uA*lKz zAV0nBqvJHn`*+o>{D$(-n`$ZJz7#EbJArM8MjGWMMWh>P{snoG+mXc?4<;E;u-C%d zYf11B|DXm+Mc7vk&6+A&dLu(acy_B;{kRcu zbsQJ!Os+BdWmfAyCR(VM|c_RJMW=oteDk^lFl<~{=NC5+oraF~NtWtT?H5B4;hQr!HEvLIka z-+^>-{yqtvnDwBBYQTZO&IMM2eZ7S1XRTts`Orv5-*1t!cR*lUCY~sjfl*dX!}ziE zOc*qeBX0{_0BwmSSv#?D`4dR?ZbYsgwA;>*_UG3c9k5HbC(H6v02$Z}l*$LPLGl$u zy1xC%y}`p@NYdStj2MvyJbU~j0xV`gLcFUeV{t@CCgT)DUpx^FxL$OIcs#E&nvG^v zJ1eW)=+vw_PMeEE$ji)|2f-(f~xXKvRy53PFMSY ztYW0AQJQMe9D#|H0Svu6J1)S;3W{T$W{Q-F^TKc|my>aoH(pzrA2(?+ok)+$yV*7DBAp=$}~d>QWtvCs~qOnR?YJvs8>yKhatV_~TzVVH&i) zf17f-Ndx4E%tx_2I%C%d;YL91@neLn&dXWu7xpSXD)9y5J$^pt{mVjBH~C%=n1fPz znv_EL!=2D2>^L;YgcyV{Xf2RDz@)aDtut`)A)u;AFr0Hd}*M3u<}krUueZ=O$mi94MSL;QEyf7|{K64He%ZOs2ftmlz0V zC&IG|=~A1?G6ASi@y;(Qm0pBGO;l!m(g@6o`s;{UWv`M%eLl>dJygd2CFP8+Nsol^ ztL5eqlSGk|N1D4Ab@yzGmTMDY|H$&HD>hBt;O}FPL0xD8?x(kPMR>Lw0{+hr8Kc)0 zC4U;6TG6p3P|lAo_>CD!{`@f%+p+L-M|-g?=$^a|BYTj4{#M5QCu;q)9Iuh?_+s}# zesc@hi?+^&PC$~gtp3eh?RM0wT&m59M$1Ve{Nza2O_P@awY4>M;;U1`$v<8>)?)TA zCU|ZWnoncjYAh{`_g~Gn1FFZrL=EHF z2YjrcktDnGmvMV>(sGgqbra@Ihb)rVMuGM9o`b*Mo;kJ(y!$5OJkzRC;}n#+e)>!^ zy{#`+c5=bb8b0xRNR|R5ROc+P-{qZso8mh{iJN4vFtHjoH@s#cXC;AFSet>d6;}sP zcApZaHS1Yz>X4P${wk3lc|fKWou4yrD*N_vC`WfDWi#gvFK-C7);IfIhNY62U8}ZtB(xE(uT(e-ZvsdjFMOP;iLSAFnw^R#iZ=@V%PYUf&hmh7 zQWbgsj}2V|;^jpA#e{d6cm{!NdR|PkR)gOLK7x=|{#jdFZFaoAi{a$vX1FSXdgyzxk71vJhLe4 z@?JrHq<%lKh?&!6!Q_cSXe(DtTLByJN29_eNXcYfrvYCj9!3}i{)wI z>Kec^fO@=z+s*ThwzotYKUq|hWh6MmZ3EaxX0267^Kp~M6UTa~mbD^PsPEgf+@n>D ztuDG=rMhr+{6^VGD|c&M5$d02+vnNpBqVvv_LQzQ#^9e7W(AvbV?;`r9lF(%evCw$ z)XA>=;=0NSY=7LW=BUT2!l9)W%_>9u^P(i!KNi1p-yaEy|45IpR_!J3DNBMLHrlJl`*%G9!G}DQiY$rEt#q`idtx?vexVx-7#V(T3^1 zQffJ+T8I%RrP|Ys*|;bWP=7XcMcqGkj7vs$T@QpA#i)onvzz<$c$fT*Z%tWOt8u>VyRxKSA>gagkH1GAXoe+mE(A zvPWyCRb1KaAW3{o1y%_XWKSAv8G0<#D^$yW?8p~~rvaQhJidzKWP)(8Jmg3HS*mKk zuqE4P`r;^NG>Xs=Oq_|(rIBRS6 z7g#|0!ZuYc0t-kZ1T|T^Dim3}9_Fm>vKDJZL_3OC9)$z*b9Vn6GlR59p(fYMi1%~& zBqKS%a=?H*JB_D&%l*vK)z*(k0c5`QtN#*T&-VDk zL+%-m{y@ROGwE zI!F5dD&Ur3YHc#^7>cr?iasfCcXLG_xx6DCD^Qgn8fKOG^Vl_6PvJ2sGegPOtkDlv zU0z_{JoU1AjB{J28nIsEE2UG>W^wpfto!;ffvu? zDS%8XDk(98d!u)S7uP&EG1srjVmpVPGtB8;s=2+EwU-Q4OXBCheBI+d(LhIHawP_&9Lhe}ct^ zRD_xLeFnqf_g|J7%xlH*B5A6_AVfTc77|Cm#-8D(T;N-ncQzDMN(#MFkTKy}f`$Zm z)&K7|nbuo4$q)6b)?5~YW&Jh|X~d}pHS#Fak!y(~@<5?NC^wzSm^}$tSLbD=W6dkm zfkwk>fcxnY-(H$f*h=W;SdLNaeEMhs51>sZ6Hkzb13^!20K(Vh@cmeac)9$mt==p3 z;*^6%*Q}XR=p_TX#_lr1jX8RH@Y&2-ra_W7z3{l(qdJi1ivn`? zrs1NRAGESw%H;m~(f55p0XEO$U;HEq3Wu5`zvwZsRQ%%_xL-@?pl0vt5l8P}v$9_} zJ6GqZEx7D0{V|hnZ7F;aS+7O)G&L~G&Md6;r5YLY&J4fLH~d?f)BS!OT*$c@y#08A zh1dz=5rZtqR=J6R&catEexBlyTWTX!3S`-M3&Gx01Y{+FORQmWjSi9>;alO~D$CsM zLx)Ft_A5m{Le6BAl2rzOH)1-P!g|+af7Op6bO-+k3wOU~;i;g7xZ+ausT4F&=yoad!`7=ZOu3Zj-tvvmW@20M`qimL;2YrUVv)HE zAoTm@&D!|bMEMYl!SRM4uHy~|OT=(_^tZqgc)m;p#(B9ef{W*cr4GEi4>3(pp(T_&N+Z}YM5zmRAr$Rvg}xMAj4 zBsf2^{9~);%kba7?#U&oCn(W#2QSF=9rvn{uEhQf-xm(SI8|?*OpiP9Iv(ODv^pvd zkXQOYm+}UmYpLS~-;Z%6W_`@Eu~wcKUi?88Wx>a+@{L4Wd`E5DRE*GuTvDrKr-rrE zp01uyGG%7|%!IJ}S1%c~zTR-U)8fTf?mK<972QFWF=Bh(aPA7tFtrF_ci){s>f|vq z@lT7xwY-7jeYS7ASb?fz3vLI~8Ux{ra|>Q$KIOdJl{Q(Tl71iCYQDE*IZFP^(5SU} zlK(owD8L01WyIalPWzV(>gD4&L5#$F^P5(__BxF%Fl(!G#LzV;7kM3weyioRgrqrU zCU=_D;%_$HH2Y~Uc!@H^zepLD`Yuj0%01k`NaM6p;I>#_jRpPp3uC4M7zk!m*4=MM zn~mu`9=W^Gbep^am*F-45!P5YWArtym}m<7_m4%p-{52dyM~XL3MmG~?!IdXhCkA9 z!RCpbvc_-B&1whlDi)G|xT#0X%0J0W{=pmWNtfXYRPt5)JI1snj!B5)toy@=9@T)M zzV7SvEPuzT_I9s!2*LG%#&gMPTg;6dltcT9y+Wlz!7^7E{*h5>w;y_sdlXo+W-T)C zb$MJ^W1EvIXT}WR& zK8!*ir9uM~U6gSojv+h6iQV&2>$Na8oiHfs`D$H5MK zlPvd|Nkg_+B06rpmTG6 zpBEe{RQ|=D@3z>MRUx1yI({Sf<>O5f+H`w1V3Z>cj}-_!2(o@uKOCCg8AAJxE1=~n zdTkO4`Y>=3SkNP-XzO!(S7$f6$P!?e_(EIadi;4UPC(yhu=xA##W`c2%tK{C&u`_~ zjyC7oCXE4Zrq5K;UNm15E!I38=8P5>)Y~;Sx7qz&J*L7!v1E(@87uhziCvuY!@Jq1 z2;D#O-5~EcDp*&XseRfQ;I-s;?E{1J59isD-B_rvu8^Q>@Jm!2AK_?>a95B*4;S`+ zH+$ZUBVU@^UL(Vu{rY`y0=(oqSjm_fF1<9X4!4$6^qxtREIM=)FA>r|`5i$>iIR{0 zC!>TWzApkIiB**q5MqqP69-GU`wt}%?fxaBmIbaI(VPP}=Zg<%{d7Y=TH@#p^xm5Y zq_hU%b~85l)`?hlsBq=_ZOp~=aHCOO1!T;T@s=Cv5tGF=+}yqiFNC`olG(EPFT?Qj zvvLC{ch8;yp^4HD8etbCGxGQpGf$O=(s6Mr9_r0o6G0ye0iKp4WU&DzEIR0V8OxH8Wg%9twK z--OY!XU||v{ip!KZC@b)yT&dnS0G1WYtl?*2RK_OzLdC)rGKI>*$nm#(KWLN6bUAV zu^7_?{ljhA-ge#)AG$Q94BAJXI&Wb@Sx_hlr%vFuPVV z^RWqzIi6N=lx!SBzhR_u(#Dn ztAofn&-a1_v3~Hrsz(;rKf(HnCzqqplKa&t{F6=`kID6P9Z?3exK>yarD-8Pb~>36 zU$hxcv|F6%2X!pv5A$r#KKx;5)4uyo$;sOvnhw_Oxjeq`YsoRjZC8rio?tYV%DWPJ zipvUzzTl$I1%z72{htNr|9|>1@^BvgiQ+KRB3&Q?VjY6CID!wo5^%gB{N27by4GzF z4F(Y<7HPsnYUiFP3oISq zN%EZ)fA#r6yGDdsK;=;DN(#U~vrAAtf(i91ZarvINo4k^2 z#KV{`vB!!+_F^((ZN^u}{N?n$0s)zQY(9LUB`$isiWhfks{Xct0=~}|yf&f8Mai9r z)^-~50XDKqfKNCCrYX4Fqp1Q~oL1Vjc(2zQiAlSmrHMXiBD7L(`M|E&y;+eilhWc+ zgx|Sz$+Q710rsb8{k zjkxMxYOGHY@|NDbUxR~`!Ol4kGpHDnQdB&$&e~-G1FoY=pijJ+3Kti*e><*v$6XCh zf;ZvWAH$OO@K zTWVRh$rkRWKX`v$p@--azAUJ`rA&czHLYhExE$V(c~6>G7xNXj-|7DC+Dotbkpa|t zl4J<;i$d8eH}u>B0kHu|K zRA)S?TKmv?;a+D*i~x+xSH^tbHJdaMm!YpdxRub^=9Mh!F~Wol2R}(#DH~d*1Jb^F zrnU=07?0ObUdum^DkaO^Z?(g#%(FWMVG3S1oehi#xi zP_Tg9oUR-ZNbWkSJgS*OqXAs=I7n-5_H%SG*WzR>+qmb@ck7r{yos3H=(0J0ut&19 z-lU8GO_m0djqQ{Cbwup3TkxmAx{nMuM%7%Qw&+MzWZ9fhVf#CB4GUPV#N^j3i|D_zLy8_`LAU zJTqNHP!9Bnz~uS@cbISN`t&&DNZQ^{;+E32-RGp`TGM~-#g*p^0OQoC&@-vuYqLNx z&atntyrF5?{To1ToSp3B@i5f21I|6uaEXL;U)Xg~6Vg-VFEUcYXH;OFqGy$T2DcJ0 zvF)U7(k{EzDXq0_F0)6qyV+0&)-|{8@cWm5uMwH+y++v)qOy(1RdF85#Qaa_mm;-k*X+Z=p0X_=G@^VXzoXFV7G-rk3O9}NO@>uuR zVP1m}istc`!Y}E$1nPFo3Jwavx6={ebM2mk0f-i7yA{%}W;dEzEN$vkxrYG!Zbru@5o{E{iRe z$t2lm)N(cTve7~bV=>R!FON1t6H1%!6~6YJv*?=VHpowW;#VB#*Uq<%&0g8>W&(*r z+0p9QrYe+5phP4{QEz@y?8EItUT%h(@n!xnNCuHU@3gMSs62tASW6a3d(VuqgMi5b_VZ zz%+geU#-B|GB|c@%J|i2&qHPW@~r_d-F)0r7CO3OBHBikKCwl#6lCMlZ#`+G;V%a^ zJ-IXeFj<&7DiXWS%BBMoyZb!+1&7SBUu=0I{gK58t${`_XkIeyhbh>NuXgJ&69UuF@=J59BsSQ?m zqfo=4$!wdkENDnpyg4ZGVsgLx;8TuUuV8}im&tPtMK8Na(%gGOuteHxQ-7}%;0N{! zpj5H32s(~h@M)lNjl9~Daw*{O?X*|-HS6)zfjzsjN6F|R_16(%hRq&Lwu)lDP`p}# z3VSz$b0R=+)6?Ghx8|wlAjnWL69+N5MnE(524Usz>&^C|Yiv;is3kus6#>a$eU=aC zduyvcr+{nbnPrkt7p(yL)KXcfJOA=}E2{g0nE$T~#mHR^VA$nSc6xknZu##s5E*0n zs*Rb{cjMO4uz-f?XPMcpPVuqw#cpGnp;d3Uspei^Q_|8_ZOtO;kpCL$ibX7pyKQbu z$~0-!vmC^Wmcx$3VQYf`$ z=8g>-0!tab+C3(S46JnUQ?K*%Ns1h8EPlkM`H~`sFF$~q#n4RRMwEC}AJ#Qe4t^u{ zL1EUX5ENWAZ+gvSK#$)3{-G35^x6xvY}Yfzc%xTM%NFSJSp*)F4645{`AoFsL0>1R zniY8LL@3x@3}5N(O@kI@FFmP!jgzwFDtHWbJ-^(1S6y3kb@SSJ@76H>gFwb_Eh`tph@+5@*6zY5sV&(O*q(9?oAf=*ZqwWCos^ z;}ZO5FZ-jS?uqk<<;;xtnT7e+ni&Q2om_e)056_O499@vhAvE%AjF ztT@icxx*))e}4O=QiATQ``1hLBPX(}(>gj*2M2e<>B%ql(2@_-}?O8d+zSx z?S~2gciUwVYMlk?<>-Y;NH7TS^u?QcVw1F=HTBX9VI=y>TC~jhN3FlHAm(u`xTroW zrm*dM%^9g4EPAkNuWMa#Hma6%HQdRy`-#z*4tODX%GUji*0+ML{+pF&W`O#crH7$m z?edfa=Z=YOAUrR?9Udb3kEe3KZRl>`Tg&YU&WzbyZQ75D-Q5buCZ>5jxQTZ2nOTNb zd+kofIbwKNW)ob!r^#d*2@I9Iv8r}ZkYKPFjji!)F@e57rIJre4uogDzcdxm`h6z2 z7$}OsGA~havU}rYdv#JUkAY44rGFKzjwSV1v8eSo5j*iHvdzBk-DUW^0q!P zjco$^$8haUUjLEY&4qJN_U!LP(*YR@$ECoHIs9|q-S&4PD9`75g|jXyp1YNw$^*n^ z-?|d^4}2=|;=7i6Epr}_j^b}NobL1g7af{zVAH&NzaY5ey1Gki`|bVd=2>pQ-&XD0 zKiy~2JO2P`RL9={hcet9`R{A>C5oay0`HnG&WB;ml92m>ZCl zCJ*nvtjT5y61~SU{Zs!tuu^cwb8&|s&spm_$m>!^B<{V}b^0Y~wyy8kR{DkwM3NZA!!2q$uUHRU}xxU_a4Lh9O?pSHexE!JUXsnMB z>{aHEy8&fm9aMib7D*0JCj&E&hdX^G@UnZ$0~K!xN+_lR5!BE0>579%be;<83IyQc zufFIC>y%I_jtW-c$Tb_*z6{fl%^aHGS4H{@XUXH0*=%<>dOLkdK}j3JH`TTMD@dA5<<)r57ZqV&x9WnV z7KWo3U1VyEjK}X^$nN@8dXz=EMgL9svm$I_ZSQ{mO}gr7YzB4?nbIF^Y85|BI|(Sy znFvc>9-<*hg9IuS4`XdF8nvR@UaDH&Odp(-hbxyFm7|}nZA+(c-cYQNwU>rCgy0nu<>=}a@%X)kJ|c_`?dE; z|1pyPxTbOVN5HO|i!3Hfg?oNP7W_|o^7>3Ca@$lQ%S*M2Du30w(k`(>98wLsO99${ zYJF!Gu1A)*D7j9FehLj>e9LATNf13h&nI66NJZuE_qV^I&0Gqw&u>1D;I()X)jxjJ z?yzxMRB`O72%H7$7TM6KDv8Z;N!g~xw@0(+P5Ur7 z2^c9>X$5mTgWhBzeE4}!r{7KQRoKSz)eYi`%esy<8>B1Jr)sghzg*~%@FTLjDrQV2 zG}Q-zgQrPJ3trMF&&4c1mMA!}70PF4SFEK=6b#%-6X zLMP|Z+8RdLY;ZXFw-|##<0{Ih&qE~zhluabk=$V2W9ibRY;h=E;AP|iRI_N(Txj`t$nCrWd#@Bz7@g-WM4qC=Lb3QM2um`7asiv6Ixs;scJ$>dI5Zxc=gCkaA)0tE z=)?TT2P$5(qwn78aM>p7z>+pcVC&@qJSgu>s5sXl_qslZvf~6?=C+vTGL(dS&GW_x z%k_|9%ci2WO2;l=BC%ZH;MaprDQ|#B{xSS87mCbFFu2mvzv{-;xoL8QBELjO+vWBj zMP_p&w8l>KKxyhIa7n~V@&OZ64CKbCx~157`cM#ELm=DdBQoau#A7M(Y^dX0#Hq$s zlL6p$oxavi_|}?REWznOYidVh7h^sx|XiQ|VfqY#-@`OPh}gwQQy=j0qvZH(Tm9(!BU)EED?t z2?X|z9pP_Ei(}34Hr!bSoUq)R3hoW^if$H8p`ba<_mvSZx4f^Nj zLlAN^=3^p~N1(PGfCPn|=Qt}QEjsZcGzbWnT&s1Hrn7!H>p;nKFCasD%t*c8;mh36cPfn6Wa~5F3zyEpVjl zQK%fK^lv0YKai7%T;p!w^8rjWCh8d$RtZMEJ}dXNh%^6-qgnO)g0k;mOP>d&W*0p> zgIs=q@ZbPFN{a`CG2yIKDQ3)`hJbwZODdW->fepb4bwb~Q$Jw$IQN2DWN+IWMDUkA! z0TmHIsG!T-9P2&|cFthX5_kCPL9Mxmt>o~$qxo24?*K z_O=Bud4=)(xC7ewlrSHFJe9IO>UbNJWd~B;5aDiai$Bz8>l>*Lf!riPXTKsRWd(io zxGyLEYh4O>XT%lSck~_l52>HV(L8K|7D(md6&B|qM%0kQSKd(!hzu6oA^Xzp`wWd> z_c~mv=5Ehk&?{4?_E$M=`^iX2Gje07su@ZCa zXi>lb$KAx*H86X4nrHJ8eRQtrO`m7|q?RB0HtTKp5?=FKWIVF|>)GO`2y=X6(8!19_*^XB|W15FCYKZmiwO=#QRag~jp z_Gq>3z(L)n=`C}tx0TZ%wHJY!b)MqQFt+R00`j0d_meiSv==H=k$3fTANEK}$ENs>Z?bIj#6ru`<7a)VXq_$cG`DNf zq%t~O%RIo!q0sdBG1m&cnjcbnq4&avhRl(poM?uD(DaL2S-#~=OR9F~)Eru=B~Anu zPUhI2RmCX1QJxLzmT%js%J%wu*$BlidZ}Sg9E8mm6!my}ft9#s$(#v~cYYS~zphPV+>NtT~r~%L>gy_=@0>1)}@O{Y20u z@wvZz9U`dKIJlKj$yc@UU0TIDwxme$I{Ci6Aes66AXBQL534sa^sgG1Qha&C+Gck1 zrut;Ql(Gn-dHe>XyuTyv<1&w-(3q0jGIjifVQ$VY6n#QlwyF!85pIOk)j7^TBrDyJ z!w-#XPRFB}*a%c2Llr;vRjKwjt!B+FBDltA!Q=1hjI#{6`rZb06qF=7Ya~Nh+pm;> z+bcWI&=9Ir0V(3nrp(BNMf^JvX9)GHOMn#2+C z-5YS(@NYMngSL_TmU*|%!s?lc^w2~O(2`WH_tAMWJ@5wHlj|b-f9VY)WwQas%s1WwOajsKW?b=nVwG-|Npky0z_Ut zk&H1HgFY9-`@CCgYs^4sfSsFcUL-{6p}QtLVsddUInS#M0nv|C8u4P9m z^G=Y>4|?Rb>?zIZIbFeBvj>S!xHwW>qXo=k4+-viqEI@^jE;H*{V5kJ*77LAqvym5 zQyv$F?s5P4TZ~$d{cJw^WT<`ai0WW`2ATifVpCm!cu<`6e#uNrhdPYJ1apdV< zY!c==5^-d4k*50Pboc=v*hl(cxn`&2D*Ez^{)sJU>CeiKlj*w3i&OPO(iv~r5|^77m5{m z`vS}H5N*G{lCYq9d&&uEx8cmi1)G;CP?INYeFC^Xc*iOx{wRHPD1e|BdZ@{9*Z(bF zfuZ=#sN&vhy4JMOTJlzW1M+EIa^g=yWy}>a$wk{@@VquvGovpAKPqrE7wp|pzBAR?>6pVZnj6C+%*;z&V1heEfSRaIP{M;nTD(R0iw7_6STtkLX-YJ1_451 zqeb8h^2hg|20FE0ib}N-IIMp(k4R#DT@rTNAzMligUyfvn95YGV~aMEqaXoLaluQX zM99FC&fs|HP17QWz6Vta1XcsE>(Al#$ihd70dX6%eGFhiD@9X}9N~F$&1oDeKf*8T z(%=HGLYllnSV*ter4%Vm2BzyA{b2Yz+StQ4>eqbZI>SLShzh#rj#`VeDwwQQJuKRp zI#?uLxc*e<`F#dT5KG%s*v7!#oZ=d9j<-qh!7ad^Moh+o{itBCRL3Cy;WmA4U`QBA zKvA1xM^g*VK#oTICNtTc-n!Uf5}GvYEtj~A@{*0&^*gXH{nB0+%a^U@%ZNbm*zp-u z+&K(FOBVWPM2cOx$vfga)w_sZn+DY@9>GicM|3t`PSw3hP>RR2IirmOanJ_^xp=;q z>k(eNB63Kn&mHwkD$2fChax+~*LIc26WfS=vipb39cSO_5vcX-EPSLZq88B6$(BsG z!)x*SKDT<3En(zzYC2KfI`rqATL#=rb-ol%`z7Tk5N7IHWlY+3XZ9KMu{3~Pxs?~h zGRHh||IZxqr1UNdbo1^D=XkJe_F_qf^qS9BoUSogcZqA*n8RY34YR6spL<^#|55e@ zgP656v*`fnI44T^nBM1N{uHtN5*-UV(;8OC9=$udCDRG4MyR!i)Z zQX5FZscl{f1%>1A{PY%BPVEeo?NFil5VqN99Xz?5ymG5m1#}JWnK(oOy&(ze%etkl zFtHf8_-*fmCQIZ4WFw%4>zRk-L-CwqE9tGw$pFrpet=;8AiC)skc9J;ipV_L z<`&@d3Q}b!tL)R7*yyK0qWrglx-@@HnIoK1z-Umbe# zo-CEfwpa=HMYLv~kIhH4$d+@)QD?+?-cD(H?24RYvpabL1TJs}dxFuv>JGUZXuJS!6~+_2E3!Rs zHJe7nDKdqcy3m?ePB#4ISEpp_tJjbKN(-h2w`$1h$dP;Zm!=Of@)8ptAGM`^IeR;}qNTfSZQ|uTr>%Nc2j-Wq$xoP-SvQHA8ZW**b1!*_8Qa8r@ONQCT7^K> z;46oPItYOdZpCl<7>pTT6V$y5DFo{x^3;;^N^kp8^-x=qt5zULL)ZyDmT@&9A(m>Z zzdQKL6?&q?)HK-i5ekBEYh10}0PMHSj6h%KanXXmxl&$sFE2SuJ7ClQCbKR{1j~P+fXM33eYuBw#2~Z?$$D%a#+uzEa z870pHbJXkMBH)DaYJq$K9UlEM`@avfR3Ayzcho@1Us_Ad8P&mSShya7kHe<$;t9dm zQVx3LS*3$YZ^#E-%%~yJkB8iLGD-=iCH6j3ckf`Z2(pUNq(7PF-0!N`_jg<|#>(u} z&VU;irh6{nwEZoV%@iS?52&UUB8bQ`*;Fv$&}`#fF`X)E!P}b{_d4t8hcJO3ajb#G z$JEXLdzi4(9BxJ6Xb2`*H_@H`o%aMg_nS=`UE}^_k9EOqdilLz0+<~A-|L#v=^P%q z<7|OvALF+tv^@8v6W5tu$=>1E1y|z-{>8C>A_cg?3YU%?4S4_)TaFr$UdURyj(-Xh zs#r)|!}?q>Nz~wPMFOC$vI26#z>G|FKF$G?TZ4|;39Ud*J7?3fu1DgS`7N$W&i0ux zebCVuBsuH{gstXlX_!*HlOhvpoU0X0 zg^fm~I~Uvh@dlKdans<#H9;Al#&??>|r8(pPwR3L(Ml$&f!MQH;k8NSSv)T z-(pu_Dp4N3qCfldzJ?QHY_3%%fK6j}6Aja~{7zCzci=u*g?i8@NvP!ilv|V;WFuGy zW(AGEMoOaCt7x^wRx?}8_~0uJ5JQ8~vpzsTrvZIVejZ0f!Ri}Wpc@c(H9rBedp3Q` zICHGRj^^j@y&bH80NQHKab(@L8=bq|c;PEIg8M?KeLRC1AGc~QMXM{^B$OeDhr6;+ zux^kg7tqticrF+Lf#=6kXYOS90=u;rcE8=b-q`V;J|AO-udJ2WV@q_zCg9oJIolEj zL~uFly?O@%Qgm+4nNu`F%R{wKs@<$k*RLuNR{K_NXi7niLTkm6gm zxw{z9I`T&W^qNA;Bz>bhp${j z6rop~_8nV={}XDl;Z;rLuUWhvs#i6P&pPS-X4|{!j0On6%jaSsu*%VDRqRhq^YwIz z0(QdmbHn;NB5N~ZZXd`;uKLx%wk>GHRV2s0W5l9tH+ZT??9w|FpW=Nf#?~&?mb6iFfJO4?8jx9ZT)Wm=0sh0>1Tq zP}C~9{+f*~ikF}D@I`-m(SIdM6t$o5i0z=&r|nMC$_$*~XJJMqyj-@{9(@c$gr$?|!C0j@CJ z(eCR80_W3T#pC*ImOs0bJqJp|@RZNlcQlq5v6lMM>w)`=Io;p`s<`&7YoU_+EMqEhU$w+D)#kB9D_Kcf0?5GhPlc-O)PWc^Wo1zm(!vKOe1v>by8{*uzyNsZfL_k<35xXHe? zV_%EztKg*F9X6RJFXZTkXAL)g3$PDnV-F-Z852nB(Zz8gI!D(eLjM4$|Q;bSWJo5&|PbOGu|QiZG-wgboNuHw@iKcXvojmo%ab-SHki&l}J4{SUrB zcwNYK4riZz_TFo)d)@0^E1S!-xVvN~3z>{^qp>6K(GxREM|omwnsuE?|zEkUtxD!8Q=!5Zc@T+bMt4Q zf~h@C%wd<#^j3;W&>h>k0w5^LM7JNr7MR>`TS?{~h2_`dXl@l18BXi!Hh|fM zV8}W+s$qDk)-*O%77E&9X0=~f|6^_Ywan6WpG z1=+cEY5+m#SG5_-8>CF}kLt5iq5Nm-rGkGxjd7e%4kTn(oc?IcwECK$fnwuksHZqz zPRYfg}tUyTkG2XY8t8anfoMV<*>GbE95z=D2OOZ7T9trD2vD~*p zfje7?M6dJqYS)LAs(*$W+g=F&@N{(CH_1=eke8B=Fgc~FZeGKcds(L4iQP!OJ}SoUFD?l&~Tx<69h21Kn~2z z&k?JRRX>R&lQzv&Q+5RQpzC@NngI|4_`;~AyJetVGt3QBb#=cvvfVLkKIR`T!(uv~ z+;g|C=d|4fm>O4A%ZsWP?mK7t_p)nGm2{eM-!O?h8$|8V$7`*QI?QDSI_pyI_Ryi$ z`L^^_6tefS0{NAxNy5&2b;|7jxKyRp5+M61QeE{py`O0m!Y?#biSiH9<0}Wuh`?`( z(;}%~QdxFnqO`Pb*W~OkG zhSee?B8YuLTWeF@0niRZC)m5}>KZRjp{&;E-PubsB z`exC0G(4#)R}`-1!V8ODq0SKzTz#1i@;yItTgdvb(I#HOlWl$L4XZYgI#daSw zc)!es(tgZAU13oPP>fMee%_e_TpPNYAyKFu-kvSWah!0G7N(Xll3tQI! z3Ty@+U^X9izHHaSvAk7SRtFaC!OJDk*Eu7^Iaf%p2>!Bf)=HEcvfVzwF4_ z=~LMe(lhh#O!s`eBUk$cZ=NT9#oVD6QDAR67Lk2VnM*x$(MwztV*3**ib+3kr@2&I^^j) zYQ{s{PkSxpxBY)I>Nn~Te5+j$^I9kzo}-vnRc^Ah21*|~czf3WIUxzI#Q(tQ6O4$%YX- zy^baO1&8p@Ewt6B=iEnA4mfV%b-sFZHohUd<+mGL?NQkSWBCo2)V%{!f}6|pLsNqH z4`tX5=U!3AL}%QlMVqE%ewX%{em@><#1-4>3WjwbMw${7L`HYzT-F!8C8T7ol-5G| zFy1c(J^w{{t09B$#q{#Zrwp4x+A!h0xJ@`2N|Ts3d+RpWsz8&Y=iP6mLq45l6=)Y- zlWcPef=vvDt5ovg;}z3G{*Q!?W6pfTz>aJ5+0$lAJ@-v%vSp)6 zlE_UwJJGC%!k^~b6EQZ=Y>vM$Ia}2jRuPc@-83r_e9K^>^_#32$gQ`R<6iGCPuYz7 z?@%dACh6ePwwSjMGHRAh!fG-x9}NuAiOpYkqFwi=Z6c*geT5|)^(c43Rp&^q#RnQo z9)9_7E4`xJvsm+JIlf3b<@;iskq*;VY?q5p*q_p2D8T>}?Pw~GhclVo{>r2ku$NGQhlx%6`@2~>_!tC0eLbsm}>!I}&PRtbw5s!w4|SIQ~qX}VjQQ}>^$1VqbpqYb+r`;Jce@#1WY zQ!=~K#&cQ}LL2pnu#8vA=g;CXqeSjo^#L*rI!N^VO-~^x#KFeYX1MJ`Zx48TpeLNG zYbdp9@O245*Y%2BI-U$lotKDS0aFL6SCY0h_&AE+RANd0B+pjdj@&z0mu;!Y2Zg9P z19~C5ozg@AL($PCH<%;^PDR_S(aaE=`NpV{+U1Reor3pn;EKGP`*N&XW!VSX7;VS1 z1J9lfCI5NkJi3^V5ge6#+q8y=8FB>9+{U1C^H`{{Dii>A%>XZuUrc}=Rr*EFvJ$bWd3vePuszB~2q< z{#5L=mU>ML)lx$6FVY>G;#S%uBPWn0FdanwsO7KZBh?4lc{jmOJ%ngRw8&%+oA=9Y zPsN%izJ?bCGh&$j=MY=Z%Abhh_C_ zm%N`1g`=8Vn3TTzV`J_=B|tGaqBB8$HgnT#*}cm|04O3=^46y};6CL?o^;7HlFO^O zopbNt5DR^P(sJ)^6?hNT{q0^5oT7S(Qs6KfjbWbbJ5*86?mY=kfE&MHH`U@}Zi&tg zav0bc;2NnZ%&q~+&^0!xPcUNri4SL<_$Z<(fObR|Mat=*LdO$1IM@0REX zhVyaDfsTUp(vmIaGt!c)K;15+dEhZnUXp%JY7$Lx{DuPtTM?@d0?mp(g#XVDSEM@jO0LUME*XE==_4h6Yh`E`HLz%|Dy)^9 z4FPsf<^N;)h|mChz*%x7XIvmZcMGg2Vt}@15B&VUDSSh?0BNw=j-xALCQ>)|Z>nrq z>}&X^g@{axN%n@#h;5~AOGbQuvsRDO>&rjs8XiRP^w^nJqeq%s3yfgNTeGo`JZ3?# zZ?pA`c@Uy5M(Y<~lnkGDJDkWroxuc(+qQ)-%a8x$QIP2)l{7vOl5tDn?gFv93vdI_ zVC-==;4b_NGT?&Hu*o3iKw}8rx_dxEy+YRj?1quF+F$gdHqIL$u{BPwVGfLK-5Inwc$f!zI&?zAdEwX+Z7kZ1~EO(AoZXq zo?l)1x#LBnT_)EUm1X-%i_XAgV#i{jDVRSyu%Z=7>CFC8>ukHKKj;* zMD64|A5NfS^}bAQ(8_bz$7V6)!_2VGgK&tWscaiV!j%^Ne1PpvGP{nj$z_$wu1Vw* z)P<4s>X`?`h`-LSuV(tupri?u1UE2617_$Lsr`T~4Jr(oQYbM!xED2?6fvZD>o1~p zaTrmWKCKw_H_Egzh+s$O=cG$*>~P#!+K{eR-eo8Oj>5hwq_h`FUC$6J9Sc;~9wbb_ z&07d*xCU-yeLAJO#jQ=C%L$O;rsf}eNR564|* zGZB{jm7PK!P^Nu~;l)3|O&K3X?jqv)G7pTq1yvRk@B}|f#Y!1zG-qEkKL^D~`w!Ph zB*&Tcu8w)@e^aAD)d+3tAeLQ0ONq-Vd#P1Mmq*114hSn7!}JgP|0ZQ-PER1x&-N`e zhS$6sLFPUAmIBbzsYcIazTV#^liMLq z!GcsyBdU{(lfOQbyiZR|I)Kz|cJZMfG`?1(A7q>d{%gxfDe~D=tCnP_=lCh;ULBi^ z$#D%Zs2JJpYjxd^dh~-tUDtrbr|}~!=co-fM`2Nbe>A*&I9aUnq~>raLvolAj(Z0D z$+IAWZ4H3rR9x9qN6`J*Ix=VxD2{%sbAfdb(b9{YbFj%kxH?#`lxpBisnh#84GaAJ zY~}Huey}xfRm3RuBE4_?0O0NdlrG$ z`C?&gC;kW*4|E^rp|R1T=}XHSQ8sAGk`Td093N;-_Tpsw-hN;m5|X8?`W`waW~9ZA zMXMZ=?f#8GK0bZ#G+Dwu8V!Z2M7Y5pL0Rn8uv2&B5qu9XsU8sK)S?l+!HW@i!o*$S zNybnl$Ik*rOcc8A*LH61#y2_7RGD;taOTfViY(45YvYgTLdksev=Fi6_?jay>UEHo zxu@)?Y?n)ng4S#XK4=z@UadG>U?#PMj~vDFvs+@(pAs=pp08`y|7+04JPskz!8+~W>5{q`p{@mpoeX=#c z`gn{tK4KS}QdAy_DBkVT*|CqG@YaUkti)UO&4%oJ5jDVSomjW!J%t-j%Z$I8$NqlDajkZ42f5+^tAZd(g!T6Q?D*rbp&3I zHd~q7BK>-LY*iGI`D!jK6uzXDxWel=5ZCQnUsy>ZUd7}YK=FLKHZ_kN_Uz>}ipNuU zFua*|S^|0Ct?2V@UkKmV;h;=nI-U>o7|92+LjF8UFn_hs7cl6M8vp7Fm?m(PyD;Eh zEjbf=^uW87!4w;_IPlggK%)fhduyw$(~E!jW%`n9G&$xblbmeXCMj2 zn>5cuYPol_7>j3XV+Iw%$vn0Iwsw7A!{Ku8c~Rf7ijTF6y%6i30qmiL5kGb33s98e zPLz54=5|78hjG^Op!b59zU{C{R0`rpqzSRyKA`R$hbPFVsC}@^pI5#UG&8$5(bO=P zOG8Tk&`=PSPRbsIv%p8>r!Uz#!&JA97|SI8Ep`bujl@oS(X< zF+J@=U_LURfo6Qs1gG8ajp$H$tTJIK?mnjL?kU&=kzjmU$J2C65Cu zGyBh-;K$2|(4erdL;F}!OT)+n=eFnU$*uWax4pjKNVuYiu?r>$oB(*1bJg$c4tfxL9Xemg zq``WZ6;%=`&VWd&ZBI3{T=lB3kK)i+`-}44+%t4&b|!!VMXl<)W3?4^c;A8+cpR&NvLpOISHEI&l>$a^sv6r@BLV1< z7C z2W`C6(=-T?GV`A!a+aG%GrD(QCP8J}TFq&2UIqLhjIUkr8pF=c@yF)otcAaSw<`pK z*5bXe`Tq5=$l#I!($QYk{gW?<*+B~I$bs(;9Rwh+q~a>P>}E;8hk2yH*c(_pa>LYUKH;-X7Gc*B+{io+6nou7pOAw+`|rJ)m-hv|HC+A8}k za;6cRZP2WP)}E&b1YKj=Go#wpPTw7{a5ASW_0!@=2gxi84&DCrU(=6iOU;Vrg6uRlw%HO>WKVhPE-OZ_p1JyUJRH&00|afT}8P)9l&7W;<~8(;W}LMm~=mKu(R z(riY2yYCKBSEby(C!}6G2K~j5cV~%5mh1+29v;vtpn3O@;MNck*ZJE9;!6L}CWP4u z=F4;RswH-VgU?6QXy&%Bh2G|+5A*4noDhhA(iwv*VXWRXc-mG4eW*ddOb7QtC*8y7 zP?D_8X%_wXHxBV=0iQ)riQrx4t)-6zlnd>AB->v<6;8-=iGL=KK&~pTX04k5Ywo*? z=oIAUONA^Xy3ns&1Ot0Cyam^KqlQqq2oz2C&#NwXtov1zBcxaw!OuHW?z#$7r^ML)q4*1W# z!8{z%X!u$=#N7JQKS_X=w^P&@nhKnxTWr56`;dT!lBX(dN^ z_X!z`l=HJna=lc=7HA08JWbVm+iK9t#Hq1PF zf-q0dQrAjgRBXv|4O{n2cL~rYNH-0^AeD5}ZlYVvppnDIML$wbF-=s~#jW?q7LP$J zq&l28!9#JuYAI-F=H~;fTNcNWrZJ8osgJ?C6iiF3q+^FnmG8?+{3&fB`jdGRe%xw6 znyUo6a+%h{HQ)FxcBBU}pM&qJQ{XtLS+`9a-%wv|TQZEy?dgC2673kDou5A|oR z`zYDww|73gl?gsO01x-v_ymE@35HumA1yxj=;}bs)~EK5=kug-U|kQ?Ol2vzOHiW< zK(BhBCH(XgFs%NS1V_VfyiUyoJ=qVysKs72oD#-Tt9MIL!l2Q2(U-m9UfJ8}T=nQL zJgS$v8k1^)v(gC>-T5E8?{zl#Q+XcP?dl?EV%`+3K4)|+R4f0_F~^vxYManXgEFt3 z7*pH2FQxvz@rsey*R*}VKongS5qhtS4H?lMEnxrtPd*d%)739&(Q06n*GCt+{q%bv zUyGm&P!Qf}FVMOnltM*QBl!u+>kLLD7Yc6D*ZWdPu0aFYcPJo|1BqbQ^^rM4V|i_83d*@8ezk=58ofC)4F*Ij2HZ%5c49_+HViHPL@<6CANYHW=zk({oc)du6991I6Jop6^(7QUH5Pv z%llEliwYe({>aJy)eVXM;*XZYTi4Rzb1;QQsyQt&F)_u3=v5Xj$IE3b9p*g(lassD zjqp|t*%l4LRnSJyJ>p}Z=#BRfpVC#D84`ENnF;zZXZ%U{FVAe%L%1?R;0)heGO0fG zWfGN~UeAvF5s|;#OKzMaM_7KL7gg(p4H9EjQ2rkpZJB+AObLz4|5i^$bAf_~iE;oR%^iId`2bLI>a=q7haAs>eab z*1maIOn)Nm%9|*cm%XvDPfPUj8HWh(W>Eo-)z)dtF!BS|wV^v?-fs4@c;p5Bc^l7J ziI;T0z}+rfLtK62cH{poeH3$e{lJP~e!jM+{yycj>V5B28MZxIi%b<#tj(ga=e0S% z>xEQDTzUkv$1R=(`Xwbk`C7vweN*#YF zo-2VbU%cb!KVYh^p&ks9Na5$T<5e?@NbqSo|Zc}XJD%m_3W~c;0*BRsg zv#38KC1QD8q}j-fPGfI?TJx3D znmypyljCUt;4kHTH#~0;*88J--Z$Y{ew#V;y;!YaFV2U^{g#4Qz71isC!n^iK#)>= z*vm|U%h7QO6^7qSEXA*h7`u!`YO(w5BmAFin%twf`2L70^ud?5KHt3TV@z*{f$e;p z9?w^|p+d~pNnteEOZLy!Etu()j0eK9svj6Y)#s!m0`m9IXCQw$ZAH7_N13VQqyk(? zgPFZmqBZjGwc7e?RwZxMxnf+Gb!TN*yO9wgLTvbcqREZe~NPgq0lw#5o zBK*umi6ABN6SbK*fArQSuVu6uVbhDo%X1owMuJe<$%KvIXNqq#O>zO7lQG7Fi8ZTZ zJAe}B_@R3}mzxCA@`I0*eOi4-ue5{>!9DBLTI&uuQ2>B84q%UX0L(VUej9TrLgkVWJ)GJ6pVSmJk zY(0D|=QGUySs?CvE46g>4A&r2>O>AdqEts_x?e>kgu6Zy8uFi%V^ZHE#vc$5zq&8O z_k=rBJqP|M^JOdPYEdj>^FyN#Lqba#z4dw|@sDBM77^4Xf5)d`qfV5dC?Q? z7m)Sjohfemc4&o>d87M|z(kg>vSs!5M~2~RQcd6Gc6cbkfC)daC$q9JhGrq-d9&k!g6Wzo`~_^ zC6!!Ghq?t`j8>M>u3V({7=MwM?mXhzqelo@go}s7l7rUlOWw;%oUt1Dzw(cvO|gE9 zt@n5a*e(FiJ<8YcfaN3C1U2eEZhJqS)Nq$~!cLC=KK_=h-oaCX3zB4=eY4o}XBKGyn^XT9MZ#e%dlhj!_2bc4Q)A7V~+v~gu zO_gf<*K|P>@HLv1xs_DBgeVH{9^Z3$>b`fOmkWd9N&6IJTBQ4#lV3D@KhEN#_$2YZ z#<$Oj5X)V(ITv%lH!KpEsCjNRi0Mr9?!k8lak@tSzEnbbM>-Ggtjvh)hq`&$UT#0O z%W}!ZYySMwemt>Dtb0a*Ob5E6!t>4ESn63QSu_LYYof=`cc}Y4Zd&WR9Sy5eY8mE< z$qIq@-%}ynm{Sx+8`PYMt8f7u6~v7B{6mk+`T7`#1`_tGbDCW<-Q6tcauRg^gfx5RHXv^-)R;purANL7vzy`hwlf6l;8o%rSeV|h)W4gtBOV7k{w4V(2 zsY(bd@bRyV8SH#;6Wg<%U6Ccf2809|wNn=MpBscrC=|1I)E1mOK z6tbf=P>(NyLooWRSg~8W2p-q8EZYNOt*u|wsLmK)sU|#(2XJWKOc+IY-NP`;Eaq0? zCPzuUplFPfd79CT*XHUDk#54-(W=iQp*CF0hyAA3a-It}(FaLNyR_RlisaCm9(3rt z4ew*zY4=jqhsphfUue}crR1#;$db{?d%UW(GTJrq_g&GxeBQEM%NU;F%V87ax!-Pp z^eVJ}C7<)SADavLUTBq#xghnK5A;kukDhgLBBS@ViA-=8nCMFboxlswJbqq`68b5A zAnVgUQB7qz$jZYj8zwh$^C^8jT~8B0pzPajzXwFzGdL~sA007(0Q2vDX^z<>$b`mT#tBZ*s574@Xf|?zE<} z@aF8jxlz+{{{31XG#60~+`hPZEW@|7oU)%UA@a;?2MI>K#LWyn70a=JT5=T^`RK1l zL=7P@-P?FV6CUDk+;N{^^}`<{E60+(0*;he@Uys4n$WWn+HnUp?D=+n6kdW^l*lsm zxTD!T#&U5cH0?{C2Y|3fIZ4WWKjfN#uA0gO{jrrdvTFA^VG3vxr~3g5VxFH0IQ&c` zcg=v_ut|1m3cdW>a`e98q{%9?!3(;RTjPD}$H`qx>r-Sg-C^kfVDC05Xn9dqb58uI z%UqscpqB#|slUn+CLd#`Do{GXUMqyN`tYwgeOF$UWHl$l5grqRyoWkSU$;I7__1j_ z$=*)mRUbC{FCL3Ebu=5@vL5hsC-1HEwhIht31zwtVNQwh^3jSngZu|i+Td9h>bDAi zaD8cF1!SFR_d;c!|7ZITv#wZ?2dyxVoh|%b^qq-mXgZE_^RTtor|H@Dc!C|$KL`6W z2Ad@g)19NQp%fDELaS4sSf2j3EREo`Rw$_Zlg8tCbIx87XS zz#6JwQ8xft+acWl^B^Ft-3I>8b8cc9JhgenZ4lga#5_;$a^xht?_s#b=@^3~s^@8w zq(CDhWd4gaheaXGf%o2@bjr3<$%p>MoxQ{WGkn$vP(jlH6#83UORorIgf681U%O~U zzE2UfVjTK+!EWjHCT**v==u^6RQGA-xyu?{bXZ5*6G_Ye8aJkeL6vvxbH2t4+00k| zY?wXT!6vN2{6xz9umI1(4fLdrwg558DsDZZOEQbUC;tQ2wxL1UU-l0Ynt2KXot2vH ztuV8XOP#tne@`(0`3KsE+`-Tznf#!^eM?pG#mkh$8Vm<%Ni zjS9Vv&&ewIRRLSTaz>V zY!C^q;8m;j}nu+P~9@dB^tXUEY z3;yXyuAue7`ppxA$qN|g=tjz=D7QkJtV+C*{p9{O3oEuseXv*JB2$wa+cr+Mn^HYH(eSLc;hy`$&?$i4H+oP$WtX zN1@h5(5+XNQO<6Z)&tMRx-?+bW6xN?B=#4Cs!=f6vIb1M{wEz0$G`KQ?yCWU+NBHc z3>TKR=`JYd0{uQ{hL{qE7(>-bE?octH-wlLHL8+FoA^`A6I7yx+GZ#GN|BzH=6`&y z`JjxmM1mmFzy~tQ={lk2$;~aKH<&9trhP(4xwIguCEroQsjroQ&dnk3%&hy}+xEf( zfL;B(?tA=0rGIC5*ZY{c5}%-zDnKF1Wben2fsNMuR8~oB_~asxIAHOMCE49x0y@() zr%)U$w;HEAEt*`ad$(dgZV<>i%VVd*@io88-aNW_r%E$+(}i#{HJ&~;ix8>LdK;FM zCM^1#R48ZraF0$kQW>VmQ1PNgM4g^BFW&t6WJXW4mM507s4EIKVxRe7HOcEcK|c;9 zAwa`Gw?0KoU!8bSga!#jKQelp~-`tmu5;Swku+TW6vqK9J6p1t&G>e+Qcvy15e{EQQcI`O z&cdM%%}1_IgOyA-Mrn9#Bp-NB%;H6q7RKej@=8>p`wsWMO=*#QqmWmk(~|2?KMG-? zMsa{O7%i_YXY?GFmlJ!0#+YM1+OcqlcqUojo~mql^2+YVLS}>M8AHn+tZ5}DHNMzR zUe(x=)z*o>5u{ij*IaX+6{!P+1GdTCbm9S**p8)Jgw0D^RR;0k-j=##SZ`h zEog8#mDMbuk(M7}NBx_y&zKa~^@d6b#46G%-9mM0f8WKI0zubS2s@MR`F^_lEFW3h z@`k?1yzmJsME<{ji91LLfb8V$p+e4*Fk-oMICBjdQCIjz8>|t?%-jOq4bG_K1WbsM zXcCg`S7HhYUm3=;@Z#Y376NUh!1;^TSYq?H-T;|K4p*KG{83<9GsJtidX{d)iw36j4RB^3(tOrTQX-ERbx z(=Lvm`kSnL`S^A2SKfZfslCmC1QAHcp6`K|UNYkwhcm64$T~)2L@m* z`lSrThhSXtbJlm9y;z!}0rz{Wn%r3wjpw1NN@&h|+_m%va&>%W&Uulw5XrsostaOB52T9L*=P%GNPwqD)6hRZ*xYFQOK+pwx$vYB ztw`&%YintXV5%rchl==&Nz9vTj`I*b+(m#ocffMAqaK2&*B8#eIcz20%SLVPFRfOh zUw&$Aa`i2uc{cUxkG|F?dcjaRP zy!ng1z~(&AA}oR};&xPTP^u0VITabqY4n;{j-#AU8watHd1x#Tr1$dHHUH#`6I>71 zLQ=T_jPj^^i$aAjG6u7*EzRGr>pL?01g*@PG4x^V-^c|j^w49JIam|J9f z_VVwVvLW9Yg@2+`mf|)yLUQ04+XI`Lq5XQEK(Ku-ptM>U=ENX2>8MaC*~Clqj7Yrr zgV7DbI{)Z)b!Pm-+3F)gBOiv-;!SRfm5AH(or}$r(_r|E%+{=H1O3Y{k5l^?N>~5v z$_VsHoNYtE2Nm)y?2Pi%3R>L1uhaK-^kah2ONa0}fso~bI$qK+x|KYxCU-TlsECp( z)pMkDvmFfrXHM}jOK1J5L7KJ%T`(ESDtNLl?&G_(aH!*`*vp$jGjGE%&2{t@UWejN zeX4Z#t*S={=5&tCHw}OIPw98m%D`sJY*5xY4^O^I6Z69Al0w4bSjE%=5}V~CJ#kk; zK-=-B6552UU4o79pBNUY=yZ@Ed0Gj{s{Zs_+A6dN=ZF}4exlh2JBeDiwF2?sdh65! zdOf`)AG``&ToP`)iuYbGS|$tBd^z)zoGG9aVJM&BOoWXUC5QagvSkS2w&A&XFmY7( z5yq_=BRb-E)2i!-(Y}V}0+=&wdRhc%<@DW)FMUyOmXHpcnW!s0@r~ngf&jU&1;Rdd zbNbPCTS~8)r0<&rej1xw`n545d6Hmc$E|h=rA`ae|Yo-;OAK0 z)!<*S*vSDXGL!OvZK=4@YcfMaTd_F95hA@WOEGwxsQOXWp8VX@w_F-dum1{@ucl7` z)W71CihI`|t?GVxl)U}ZbcicJ9;0Jf;!i{K=k_tJG8n~;kHx$ZeH66-7p%aOK1V9v>ZUKt$f!IW zCq*)NTrCUf(hmQNWg!-`$p@lr9=36uMXfia1AztdeKkhXYwl;_;LA_D?~;!4+$sP* zuUUG7+p#0cm`|d`R3QJpd^bVr!@*MBZq_3Z)-S%J76uy^1K=evR0D`$8yB#vAeel- zC9#D+4~T(qKLc|%atJByGRcU6ysKGh~ zCc!NEl06n3-;UxpUh|jzCxJ(l^1K#?mF3&^0iOg)O@elfTLptzyNJu!>*5JXgVQ!s;_{0iy7$I*=#?G0K1`lWdQv7`p-R~lh#HTvX zcDVeu6;2y%ax)hWD81@`m4v9^Mf#jh2@uex#30?~>rU-;c(swg34ng_oJ&oPHi#I% zv5g>L+})Oq^4Q^i0G$VD4yLuRIGgMC&vSS)1V){*I6D>Vp|Go7r0o(S$Wz;&uX;1l zz2H$=_rA=g2+&dYumuzu=1r?2cMtyfL}7`az8hSoQ7F3;9sgHSbbG4qcT|O~;Ph02CB` z#vv4b_X+>^RA>j80wIC2CyCVWto38h-FdgZ)9Qaq!=FhMs8RnB5eGKVNRWlda5?tb zL=?lV-#3al9ZZ|~nfP$?**0)$f3e|81xm70qv%>rdv8B#YdgxhdtzF-Kc%| z48dmxmOLJSct149+7pQ4Dy9E?gjjsbg-nlh!2D>Y$ax0bCIT^qeu|q~^jJy2Q^h1B zmZchon%8`*?d_KNoq=FtHS{=5a-AT~{;lrcglOM4i1y&}a@Esh<U!Eou#D(&$CPAmeU~`^IJ*pe~$r?pK|Bnb+^T@u0LERNZl|)c%c;nzjKSPP7H@^ zEq>}uOWJKnMz0rLeH!W4aQtB=z{~Fl{d8)0mQUBDb>YGwYXZGlFA>zim<{}tCxIME z_mz|_^_QhAqIrAae|Z?@&4#`D*4G=t?f*_!+s3ihmjnzmBELg_*#hk5_B0m$c|e=KZw;tP^M9>gG4!tzx+`|s z1U5{<5}Y3h6%?dzQJ5aO{pFc_5=Mgo`tAJ%D+e%CV0%cP{G0x;_0_VoDeA{`v)9(? zzj;TNWNK9Gj|w^*#76n2uXG*BaxuMd*2c=l8={6c+L?~si@v+F4WGQ4uU%yMg&BDf zzphg+>i$xzN}XOytgg<~V9A!%e9~MJ5=@k?He0%A3i+jXx9^gIGT5_qegL&3UKMZK zGq%}pB|uyKIh*+YnS68?x|c3|&j3@L`jr|begYJ%?~PFx)}XzD?{5*yac+8@YjO%2 z8a7{^b&vJyX_NU}*~A$VuMX8f6HV#{i1O`jWI30-t+s1;8;6FxA3IK$Nt>=W@B+wz z#kU7+dUXSn;ZNi)01RaKxfxfX(_YL?d%qW6esqoFKmD#8bv{tBmx2XQj}G)hNK%V; zW#8VFJXng8o>~uDLH_(ak2vvMbXr>C?RVR3bn7U&wLbaxR%(w%dq_g%?c4L+LpC0U zI)ySl!1|k+2^zBa_p|~;5W71>lrQp)*yb29HEII#5BTBK3J>fiy6Vp$?R-9xKLfOx zEOjUUx;yA*$fnN=pn@fzVyC2S6WW)`90)GuV()uZG`OsZ7yO$2CGNtlclu`54O;lE z{8%3@UUmI9#G%(C23-;gLsETWb9Ss1s?0L-j4`!|`#n2(U)3vyIIe<&!5W_o|4wp_h=C}anBn}w}n_aw^4eLzaVDkYFBU;l6RoBHas`0zX5fJ|U^eJl4B zxQ+BOWY5HecrjriIOp6r0n&PoZ~SQy@z3MwVLs8(6At3&;@uL~oKqvc#rhlPaRsP%Ym2L6(Sd;I4}0KsJF zkO}z5|9Ar6mBaV9CuU;X$I}-NCP4oV7?2YJNWQa6Xz%*&I30ZKa|a+5yd<4U_kO5w z={&>VgY9~J4d`>>u@D+Ozqt!Xc9n9WS<|7gsb@lC;F8*a1!sj}X@AJxmq=gyrcQD# zA2U%%>4QYn;%^(&H~yaG8O=*6e~97Lq1qo{aAyI6)gqu{vT$&#EFhmLYmD_Bi1+?b zxtdj}4)LWUei|PAdRKU%`}u7EAKVja(FVF+h+H#wPy~m0`kFYaLk$;?T=zpw+Jz_8 zw;{Ak%CI%E5B8Dr>oom`Zqhy{mXh8j-FIl+EBCJ&I$qe$TLU8?z%PL?l>v{kVRtC{ ziEpJm;Qn1)J~=DxLx5NRBB^RyAbwc)%18x4Owm628!`QC;s9dyV=LqQyHsYE(!5MN z(A_)(R0vFR`9;T-7F$uLp`y(x;YE)()saQ}_J>QNbCDqq-C;cYA7HsVm&C^@dq=KqQ0VOy}J68c$8-Y1Z4fLfN9RRk@C6`dAIWro+#jXv%NZoQ66 zF!WEIzXy!Xd}r(^=o6%wUoKJWsl|gQgqUO}SsN;u<2gz!p z`%lT%h=xeiNJ%4m(>k0MTX-P}}%lF(Y7{Eg&FHZ|nreKTuaD2P@8h=!7&-fBtk zaOKDM=KklSx$nq0A}N9&<^{F)Zqv#9(pL7T`1e?o+xX!*JfrL- zUzp;g_MCy{HIH0g;ZxCTK1$Jw$)};~07Q=$i6HM=22A*W8Fi+JBK7*jlP959i3@;4 zNDguFySDRmpkz52@=OTGF!k4~0c=0+W^(&pd08DRI0Ozz8gb9DmzK#2Q}dGQdj!2h z!+zau6rcF`DfDZ@a@T##s$j2A2pwS&x@gNxTN)^dsN9>`AN3ZaO&%Y3=fE0m%<%d6 zho$7`nJaDQ*q_bfdfHk!%`c;(7<|x;oetZm3bR(Bo#O6$pc9N-zHZe_qrHd}D5MBN zn&${ME$5kjfp^9!1ly6^Ke0ztW3Vv@>mUgxcJ+YKm{jqJq|y0a|EvU)_j~ttCaB>P};R|7h8;nELR$ zzjg$k5SL98mkQ-q!G*38EQ%O+eSgwL$}>NP#*hUuN|wHU)Y{Ko3gxlqL7@ij-1rA0 zf&riYSkEWH^FQW`TK8u;_ggH-8E;(06p1t6w&6DUzAKWt_Y1dw4#_NAC?c3&U}WL) z2CVx3T;;EUP=8@o43KY0dSE2EGbyAr0SkIyV9aLitaoOmROlW&)q5)#XW(e07&8nFJ<)r7Y8$&%XPM zE(3~bwvyz5`LDaXhJ5$Tf7V_t&Y#py=0%d7EVcuAgIJVr?%D3DWIOa&brjc9woX9# z-usJ^o$>!H{X=%QPRgMT zZq27)zMe;Yh*tvk%j-?XKW-KZkJu$gokXpE0=-JWOv`;YFEethA`;stAW4`AFQ(Hc$W-vqXewEU^NDJOT~mD?)kgstqAD^9w&KTz}Ai z51II$;qsXHz?C8HL~7N{cNC^=HhAs*_DXhG2jIB>N2{ss9se9W@_;sX5;3XaQow3! zq({8n|n?GIa?^qmi zta%1Dc~bk~@0pu>-njP%pa_a{vTGW(TbCRP8?IU8C+~9w6od+MGH%!APCxCK;$&j3 z`=T?#b=}ch*YtP%m&pU?z4^DBRM35`y#I-|o-mC(s{!r?gRIh`%E7L7I7Iaxxk(W< z=dhga-yCKf1!EB5!K4FeLhnFjocx`G<*o#MXxkTr=4AIk`bh0&)>LqcuP2{CJy4}k z+hj0&2O@s;1So(-y5|APMJq}tENj4*mAWmI`Pm4F4BozFsHg6-`G-*epkft5O%Yp# zKhfAPapf6qRJEB2zjv#|-?~!pp6cvg0yW$BQDF$H$U)3XjpjElt7C&M?%Y}PXmaIp z0?T6sO3yx-jRXw}OrH5nrmPhu{6vQKTKi++ zT7fTh=F|}oVjoK1E;qCa11+-Vx$8wHJN7;)Fki6ZP{fjLY7a#+FxU7C$vP?!#hkjP zR6i0B1Xrc1)vGdEp3|2l@Lq<(4YD*0;SMA*ZVY}*muf5{=ZP{v>C{83iEt8B<9{EI z;KJf)NmM1z_Kg^;>MEdT0DwyW`|=bAw6s=-uUeA7C+`l;`u6DLG6E!;ph~hMLj0Iw z_k&yR-1!dO%ovu9>y)C?8_i5bZ2G{IE7-RkR_n}rY|Y(GtI6FK+Ox*)0tYq=*~?t- zEyR%*`bj(U)PF1Uf#DIoHTikBz?HEr_llmzu*Uay@NBcRRzARtTn+>;{VB#=tazbk`8UIfr480Dl;p2H1Hww+?Xhm3MQ=d$7OYr1obi1doy7?s#B zO~>tFojQIP1Aja@iR!gM9b3T01s;r)#c+%vR&T#)UiQQk!t0JEl7{z6-e|=abbj4! z@`uL4PGEJw&Vk_n5b{K2clwuQ^n{>Kd+s zISJZNgr4gJcqrO=1%@*TZ)e=Bn5%VYpyWnv&$Wfe#guA<>IznjQ9fqm6BE?U6n_`F zDW5HUL7h_r@kU+Q(F*?%(DAwbwe^#=Ux)JQXt#JM{>uDSGDWG?#x(c8|a(R=9pt zzu3R2=`eUOs&IStVS__}lWsl<^yn$F!1I>?q@Vd8u>T))zYq_2Y@pk?>&?G5;tarv?*Du7=id*Y75P7ZKjt4p zsX6!mJP+5TKBJceCugZiw%*^x$iBv#*fuH{UR>os@LqSH?Vv2wsgpv`; z>!_#eFivcIV$AAA!Nk73+vsxc5-M54O!^TD9CqJkU0Qw4a+F3ICIJL zjF`}J^NhW7OV{bWlpQ@Tc{m zx|_#j>JF^?7WJL}#2p=pp`u04j;&J`pDDsmFeckBM94*3cxj&SUMHJ@i8XqnkCbgU zr0Uy-?(EUF(HZEB{vs&APWm}L7wZ8r3!OgmiOu)fx0aj$2gt4aYFpxxa*rtQr9I7S zC{CGOgvS4F{*x`)h0hrK)kk29o<`d*l2)Aju%I7L zc40@`64h`crden3I`k`{-PwV)+1BGIlb$2Z>Q3YuBPaP6=zv3-r7nMNO5kd4)ZR0W zZ!wZtf7$hxIPc6;o~Sp2Xs}?G+Plqlgh$%*lG={mzc>_G$6j(PH zl0iKM{bL7z99eFJzY_p<@57BWEiUws7Ki8aa69_Vgw3R|Qb6B>F#Lx*ze*I0+lEUs zNZu)k&rIA5@xIoFQfrf5mw@u@Qf9K2Vut)ZsBKwKR*#xUvPc=wkiaNbH~bshLkimK zo--p&Ise;dv=>3R4|MD@ITL%2$wd;$a>&k;y^G_oge(@Lp8xfnKSKFvVV+KK zp40^fhp91a_0Vs2k^7v>Zgg2DI=XNkjt3(sSt7}CPwkx_1?_`}ZV@Do?7+U8+=;&D zq)ix8a^oRw+s)a=Ys-m0qnoJ&g&yd`l7NUwOk_D=PBJSXz;(K;lP4&kd5^c`&o!*M z=2lZ=uB!UOOp9vVXT&UX>%fv*aa=K=o<#f7-a`mcN z4*@#Ig({zv-@*fXoQ>Xl*HnuFTnZVHZPUl+C?pfh#Az^~1PLBE5T`;-B(E^KL+j)< zNcPRnoCBa(oLSQ6$TS_9h_ zQ_>Hf6&AL!@#V*o=|-lB2Yk~kyo!#4w5ca!k{y|~>vZ|JG;KOUTzB|h$C`+0DZLF^MwhftDKB-l|Y=)dtP1_lE30ZIn`M%9o(+d)-ZPOtga9MVIh_x?qei#v@nOAHEu<}M}q}yWLcd|;MDdx7tDr6HaVuzKaR#YNMzGBL% zGNVd+^atnNs|iY-r-}l=7Vi-gOeku=YJ*a*9(A}6><80SaUPt6mnHz}6I)LOs!W$p zYv+`$sU3h*uzZ?+i&BJdD7mjzGnHxx)BBv(B4y*YkJI(1_S+89Nar!B1tej1UzP6a za;eK{XmxUnJx0mYaneYS0bO0>jNk9Am2arP_sT>j;;d|2?3QbynE^cCQ%;By7mRXkxo^$iS9@@U=@oUXOu%wO3|`t8zz#}PIHbNt*@q*b z)MEN`TGDeRpA7cTqNMI{3$#NiSrj2?)zw9N+4FnxACASwhIH+NQ&BmLXiRuldjRx64Yt5Ua^1To0z=RQTU_aD`e-pKw%vBTx7FjL zWSD=1k%ElyBqS)cxK}2VfV)q_{)Ec5Nr|uzL54BC_L(|AI4ZyESkGH2xJGB6FgRlH zpV3ueV-J^1V=+qSBI6cnOSod^rJpObAh&m~OFF-gdM?aIE3h4472=D0C2!fm7wE(? zW&K{FfV-erfq8(Grc{@1`X@%IB^)o<($OB&|V=n4~Ixx!yR#6sa0 znYxY&^O_W-`BHRIJUvB!93^oIohtxQ4nYb1Bc`|eU*E8;smigJ4z=6=a}w6G}_G}JLa4LeN11vMEMfsBVz(+D3vwP^VX&9ZX2b%U%O?lB9VVc zbe3V6lOHdy^O$R~Ykw+~ig(NauP-2Z62_m+5>Jm_xmSdcAA4Nfxlx?$0!4{5!(=tOvTNTGQ5k|7a9}X&iL>DBk@WCXwy5-dIgEh~`WPCVJIJe@~ zZ-&{#?JU{OSE)AC$^XT|K+0w~u%G?k6onf2l@LYxFF9ey^aA3A+<9!7{8pTRNK@3< z4AAx0jr^Bu{mWNq{{OfB|10qSY6Yw&k(@oa7if5c$(vIO7>U8o2@|4Vrz zU?bVM1^4df3bX%t%fL7dADZHH&-#&8Lk4x@3J=VFz3c77#yn<4dSQOepPl_FGT&XV z-$wgE-NgAv*3E3qVnpCL!2UlA?L%;L&7qh)=u+S`_9^z+53{j; z#ble`XlWXV)(Buhd&WXlHV+ul#)vcApuOf7;s45H(HurxfwbODZ23mEpq8l1`luE7TUX>t->P@ZA#t+8k0hVoj_BJ^ z0ZOkY!_&kzdgmW`fIRUN=K>Jd{fWYU3j>}fLm5HSBS-$8rXp*<-9q~5&ZyCD3X&Z_ z+$?M0uZzUVg6DzE|DPNe4AUFXjdYQNpx+G_L(nI}%c1XF*sfa!?*T>U4*SCg{vLJ9 zkFdIjkQ82eUXwVL;C3~+&?Wi3*4l8=r@>3v4|1sNH*KBY4cBMyn@!QRnL7b%Im*G6 zwV!+Pd0K^J^R?5HO_O#haj`;r;z2H3?mILcu09?)HYE2ky1?Dm!eJOYKaM z_BT^G)gNkFVx2R-lm`u6p3Z>67Nv;ekZk6qJRpZdcTKc-16= z&Frk>>4!{5Ia8Q;Ct^Dv{e+a?A6Fcvo1qQ0)%)ty zf3$BZn^jApJ>S}cJU)rGUiJfhx^l4L6zyU{iwUv^4ZFBD!s&){P)K__ej7l~)_~>L zZGV}Qv(@h=fj~sbOir-kHN_Vv_h7O}>Ra|sjt=|RBr6jd>0Z2iV!413kT9L)EsI=| zmm3GL&~!kcOM()}`RaxJ-C2HV3n!kdf8HeH;! z%TM(G*H_Fc#m0(FaOOLvVm>1cy87aseplK#o4m;++89TczQ{Z(Vk`d~n%yQrnV9P@ zLc^JNyYI* zL=6B>_K75}H!o=3YT<#nb9FmQ=oDv~YspGgRu*$EQ7j{VE$Hhb7EuU-M)2-H>z_Nl zw^7HeplC?L%){y6W#$jfC+l5$cXE<5E-_?79KTgReK;AAdOZAwm?H}7CyW5A4PRM; z5?V7aUy|JbifYeMLxmk|bOiYGs>2+M5;s@PYKHM5o5vqt`3#3rO*EP^Kbm=mY8?GA zgspIvJmgK`{WcnAF*b@^`z9KUJFwh8kvAvULUiO^ukiqJbZZB>`=JYKhnE>$?`LmK zpO8cDAqOD8_;upePJ%k_;Ck0pNWRZct3q?l!o(b;xF~gT6dZ|o#i)@6k00^7g(+bD+M!C{BtrOJ}fMozNBi54YxV>yCIOQ|bXDb)Zhc~=% zns#i&Q@R<$^OcSTB@L2x;r?j%X5r38&pB44nh zrCf~kYqg1g=<^pPS(=9(Th9mGi4% zfJ&oM42!Nn#7-NoJ2nU4fWD+keC=d+pndaMa{sR{k^K;~dB>{Cc`>k93&ap~^I!(U zm_fjD^_@1R32_#F15Qt1mJ!C8JOyFPiF;4A;QzC3gVYm?dTz(eB)9jsPi% zR+9ygZ-<~T+3xb6oA+83JMMqcHQr)~@)x4ZHw?t9W79Ug!e2J@nh(TW_h_A zb>56Gkv2BhW^tz&vws-jBa6(u3#M$kA~z!VxnpR@t?%)ygV1J}^1AcA1XNe#BCOlZ znzP~IgXCePDMEhmEJUqwm-=O#vkCP8NtnBeXPD>cqiSBPj@JSkS3S4TG2DPhXGZ>k z@Jz9#%odxv6{q=~XrZPN@BEPD1(sYAp?yoX_KLB9)c12`k+j$jOVZNH4xT-=%UZH+ zjWpeeh?g@$K?Tj$Xw{spi}l9^zGQXJXMio||9MFtj12N@8)b5QQiBMpoa<&g8bifk zpN0q3)gj{U`qgnAm@{4hU@eh5Sf5%YJ4OOJUeHsLuEaYT)R%jx-Y2ARu9ty_V_4sO zSaU8ogj{2wCZ4yR|4@pbb{l1ityyZlv;};qUJeNT(#}~`pN`(H@zDz%6-Q1QN0dQM>Ub_OtGgQihDhJ>ScV=~C|tduc;u z$U@lzD62MOlq~Mj*r{;D;8rlc_@$xKJSnjqLgOK90y@fIJ4Bw%)F{FTie=nKv|+i8 zZ)0Rl^(*nXyz$AE_R>}Gq7`C5&j8)H-Z6Crt2l3+;T5RwupLj#cJgDOfdE_|CEPJ{_TO`|v>FG+JI= zJTa-wt#Jf4@(~-$vGJp{uk5v4Y|)nU!VkG{3*y8=w$-OYq~5YJ-gqky+xcsy9it=Q3hV*}2l zQKwXexK3kAlVDNgHbj#r3BCtCrYR7bso~v+dKjyb&VL;0*Q_#zWAIN<)HihcJ z zSkTg7WOaP2HY{SCw}xCFQ`xx48qGF=A8DcXL1%y8ZPZkef3nn-oH4j{>v9UY)?)X@ zkiDLe+!~}66?|i5LiF8;xUQ&iHZYdS@Wo#t8gwM@DD&Ll1q1rp-;tt>gB$=`3?<5R zDpg55nPLJ@C zpQ-}t|BpfGec||xe0l1AE}$99g+nde@3+!CbRF~KFuU4;U1r$8H^{tY3KhbAUlvsb zZ#fn7ikfy3k@JFyC#CNfbsuYhB zIIxGs`%AYKN^BQ^2;#?-qbX~$yQAFpxyjQdSzLM=zDTrd(yq2jF&GDabI!KaK9~tW zqqjBJBE&(@z9LI4mC9#J4RaK(*kU-c(Dhkq6Kt!*e*zzR|GEE#JCp2>JFoW+zR6xt zfs(v@!L^nSfS26eoHt|0USL8u@&?X)mhgD0cb}BcvAK@SWJ{;m4oXHNAXOr^CZ1$+ zKL>(#EKs6!>|T`J9$`Xz-Qa_^_38lYp_9RR^hy2&mR*!QsAca!Dy{%gN!~r5AywEDL!ioI4n$iRitf*o6}n+8ZqTlloggGmovF=@_r857U{R%tV_$9jf?Q+9^%+lY4Il}J44GABv}IJk zZN6mLeva`3y*32!Gy}GCkR~JEPu|j>h3sL6Y8^olLk~a$kVo5BQ{x-oW*UjPX7$K&%Pb#osXDwc|1zz4lWxAJ^mcT8Z5 zlpHX_Oe@mJ5Sb^Iu|-*_ebOczrqXp~&Qdenkm5eF<#h4@A=D+>pq$ngHEJ=~MB*$) zG`HNB6c81wObS-FQWLpze%g*55H;oeUSM>Gy!$l+8r=CPUFIQ*eSugIEJ!mb3|H|R zH7Kl%$-b+(KrIr{$hq@Wrz>2%{G*0Ry4ybt7ucXrV>>vgK8 zU2jx4hzq-8;?5- z=r!ZZjP8^#547=3nglg3|6E>%9g{p`x~MGVz`RssaAf4@IE+-Iu;Co~oD!5gt!C== zgdWVzBYBWNVE>)V%*39vm{L6bLiuKR2S|G4mh~MWAC#|1*hB0{3DW$3RWwwC7|;?g zcb^b=cNLc8ShGzarbp#8m(SZIKPhgJ^e5)%GNAot)n2j%?FHpbyiBc{a07}J18=3g zd58A=LqqDUfTp8-NZHRLt$++H>3RM@#ruz~Jm!8p3&_%lbl=S)uN+}gzwg^;Z-Xmu zS?7I%4AJ7|YJAjjup9>iTe~YqMzmDw94jHVa#{h@1jbb|aJ_@RYH`FQBE-1Pxv8F% zFy9Hu2g(S9r*b@F>XltbO})ShH5uTq#%sRESYedp!;=`DFx6I>L{RK;Bzp`^@>98| zfFZ5BsaqwUycQ;~4Y+1Xu6!r!sj`EYCG{hiLKw~+Ro`AgwMhahBuctDOXoIuXotkV z$q2kXMl%>HF1AR;XB~zZzw+1J5sPMXEorDE|2^|)r#TXxc(Tv(9TuIVQ1sp+o+6qi zFN0A=n!rrlni0 zuk>84IrRorvyst8y*>)Z67N4^k@pGC>Uh7m88j`B@kV)=t+XFrS8`L8ItM>6H~7Z( zdy*A>8U4H30MDuCJ50P@;8dq@{4D6B^*sH^sY>t;JAW;+q8)r2c~TtIA1_8Ykkn`v z^IFyazMdh&+W6a!WPpy~X=G=Kf97b$o^|rYKW&fZF6hA>DT9~`sl=;=u!&aAe8Ro3 zlg(vFaNza5Dm{&XTLzaI@+=iM8hRyeR8U=FYr_yzk`r=+>6JtaBTIUT7rB@rWG`Ef zF z{S+0*?;KmWXgy2h__*ASQ%_NOI1D6f%Q^e(%wSsQ4r{tvTaF{(_e1n`tIv$88Wp%s9Y;Kb$|g{D?&q((I<|Dn zDBd5iggO6ZQmWu#Z)HzKYzdE65*UL_6;I^{6TZFW2LUe@dXSU+A`rn^}KSELe`;Ayz^`|Dw`0mRzOfR$K_+1(p6}bibK73u4WZ&x*k! z<3;&1riL<>lkO3MpU^5|vx6xPr|zC(m&F#rErOFXh)j1KPMqvkVRDl5)Kt07W6h%X zjV^&hMj|v-;&z1vh_(~Cd(9922yN7K_DQ&^)kNMcv^wgv6fN|^p=QvCt(dX$%cw3W z)K;e&Cp+W?LF8JDilE(}gMr}h&FkWqAm;pVd+6^p!;c4d#6S58T9)d+XNO>Zwrb3s z$_&hXVEvl?$Xz5h`6PGcMtFZK7oyZt?46Y22|+_ko0ym_zzorgzelo85N=nO$OVyg#CXdX=h zAqOequC^j-znqT~6vg#|G7Q{U`F3JdhT%Uz(RE=J02Uu>L(mk!-+#f-gpI8io1`o) zS-n&212ijIzxi4is_FD=x%+e2!{;uBP{F*CL>>!|&wommh`Nd=rsblnjzw%9jEyFZ zA6+fQ_5f(DWut#mBminiTXBlAVS2yY0h>nfYe{dYQjf8b%MMaDndA=#XSrhnr?%|u zmd-zcA0CkhYx!$M`N;ADI^&NxrGr9UJF*;m_UGrkC$WCgnB0CjqwIcEuF=DqZ*eLd z{*mRnc;rgwDnf{bhaan*sU$XzY9g=$4AsH;R<=*pX+wZBXZ5lA;~9Mm%VMuo*8pbD zSK_lCEwLa~_>FMc?qiipTbCn?&F4cQP5UZSwc<8>gE=TClg>i5aP5{A^g7vMm;keZh12Qznb1KM6N1%ya#SiqcI%vqG<_gF>@b zU$leKVIq`lQcU=s*{ebKtOu_#Q%GCJoQ9%V>22Hd<0m$8QSz#99!3t%Tpb}A-wPD# zt$z9Y9%KZix8_Dz7gV_ERMtM@EI&G3wyrMP%KBxNvP^lqMEl}o?uCpb<<-ZK2b4zL zXIH()sG?kjovPiG7WS(Xh5H4ecY2w=ZQoGK`kFFvKSrE5GLYZw)pvpMngvC}skwGG z?v&-03lAXEu2eouJH$#!?zd@9kCLX9sGOHSyeU0QChPc7cv5v1z_8Kb*mv*7Sv|#O zTovP#_~0iSu`&c5Ildu%NBw_Q7UY2xV2Q`2jKAzT!1N-OSS@Ls(S&GaM}(O11u;4N zriR4k29DwG0=SmanH@QR{1zVlipaLd$jA>Xn%#ySkxBzBPzUb4_XCe>&SiI#7b?Ho z>G`%*Bwz9ADHme6Cl+4@nzuB^^Z=E9p2p4g@m`9@Y5QT zk`LL~tqQzCn!ZuP4K5AVyY3ExgpzwxoA+EhmG?@e9uF3(aGVYo?N<8s5rE|q7Vah``H4~IJzL(q&nDWq;5;}M~ z{d4*SB6y)}H%FahLV5>v^diw!J;w&E&6`#w+zw@8r1_6&iT&@RP&R_RtX6x{MW^`7 z5f%wiU)7VS$o6Q93hZ}q0k*s4DjwxvcxuaTxIdD66YzcZy=#YSgw^xgDIqt}fZ2Q* zISxh8@NhQd$*W6^tXAC^FlctJy;*>Co>pa(GD9~Sq`pDG?{^hHK@_WnPG~)Q8(tRz zAf?=J36AT_=2KvZsl%(M0Ov)Z{|t@Mhhp8c_ohlN+I`=@Xv7Z8HRQ@F-<;*Sxc+$0 zl=Eh{i@O;PjH^;v2?iFMRwPi7sQKl4m6bU34P^|+Vtb`i(RXzfj%Zzm3Ggrd4+}os zza-%J0t1mbi%N9hZht_tVES;{dxG`I|IY=W-N2Dgb6#Nb$CguX;F;uN{Y(Fjb7f-whp8B(1}C-MtKL(XU@EKvLCAH$;XtNw2KrNtTkl879ucrrHD zs>(SK;5kWfpaPCrn>GMw=4p3dhHzf-O=TJ7%$MVjBYQ?OPHJ=B0?fvu5uQv?thX*) z+FIfMtrG!9r*Gaa`m@YC@~pV8wifSS2nR{x)`fwZ6XbZl5hzFhD|>YoGoUv!$Mhmo z?LLA(Hp%{Wmyb{U%kDVbU7~pzvSy6>1cWoyHv}qFmB|r;8)iwfz>rZzJOX1*5Q6*e z`TjDl`=Cl#Fo=6;_3%`g79=0)s8?PXKCKU~1LgNJ)M|5EUu)D5(JmXw<7p7n#oRwZ zYCOC#ETV#9)jCFntR(xTz7WEl;J9yzUUn8~7t|%9IABzQPV=cRZLl^=41dKa>8Gl{ zGc9-Ovx9o0E}Cn|PULIIZ zwdK>v*8%2AaUDayNO)+Jt)P!bPvmAR zyh<<^Svq&e{xCF0rU#gsoe9LmxVLLqO@stP+XQy+MW)<1DL70B`BTuDx^U(BQ4+$U zo=GZXS2;Z|rHN^L7z@SyX$Zo$~Hs0^Olpx=hy!TeiJW)R9 z6(f3RFEx~=yjx{Sv|2s~PJ?FRC2AI3Y!!2B$DaDo7HF^V05WAa%`$X)2pUgc)G)mC z=^^`}>~)Xir$3NbR`;pp!<+X2YDmW*CFaqwK!6wPd$yu}kpy1=tpmc*|)fn1wy>u5MFA1T}`I9`<}abkUC1WvZUxEkn# zt=fL`os5Fh>;M-x9+00f+zOtZRd^PU(8^MZIE^BkDSE-cj`_j7q|zlpq}XB6G!}NC zywQ!z$$C?OQ;)#s52ig1E!AS6j2ENf0njy4kq;!OkS<%WhZZG~r&IU#_O??p4<{5t!s~%_&@K98^vU#|?WqiOQx;r31m?Q34yvK@+;H9> zB&a@L^`zh>@X>BX4PkUKN{jfaU4`oCF|Lh!z;rn{q?vMYLg_&a?mobk<6;nK6n>+1 zo9UuT-hQ6GI|}41J=t2WK|@p*h1utm+>dClU))Q$N{oud&-_7)Dxcga zEcd)>OPG7^=6&f0(t2HkA!XFZVcG@fMwM_&+1jGl58V6PXKz@GoO{KW19%KJ0!CBH zm-12qwt&k0f2#gd$V(Ag&}vX;#82@iiN z3L!p-jDX#XrO({LMbDv#h*RD3Y`H_Pp+H5^ROb7&(03D&ARAtnU>9s>8F2D5ab_B3AwvP-~eRx`vx*tqgVfMY{B0t$lSy0 zq9G)w*7#E%-qVyt4{e!x&fmO=?Y9=$t;h+EE8AFx3K6O5iavPVzNoH=&FDGVlSKI$ z@G(1G`NVJ6@}P0=TW1ftFN&EJWg_lunrBjG*^EOCvM1sO1D~noqskbe-}SP-f=!AZ zRYdt!{1S14Vttd1R;nh9)2et3;MIqnp${U|%|8-^VS3e8>Qz5-O22bWz9=jPNW$;0 zS^>(*Kk@||lo}eYP%op$nb%WI=D0E9kT~^`hJ~v+%FkFR3EWgKP1igx#Y4$r!#Ux( z(8`bMK`MIMEmL&{0usq;1Am}&R=6q1X;UA?)jsT53IeD&4~ckp zBfBM{OUj8k0Fu8r5I9Txg}Pa@l}F#{L~4@2+3wU3E65$__iQacEz1GgNx5Q7aT)cx4{Q^H*W0cOBJ z()~?Hd2Q6*Ma0Rtb5`r{H`71As041S=(Lw%{q&dP?opoaUK-Qu5e1VwMl1eQncwh- zYaxeeRzN+bRQx*~-znS3;Ja1H8V^K%j-5@9=R&TDhqXp7Xu$AeaK|(iw~b>VUaDy2Qqw6?6mcSpcNo_e*0aN zxV(1Ef3w8GePnr3eA3MT6)1r_O|-j^Zri_d+2)a!&MQcXoere(qfAq5wbdu263_me zm&JZbn^ki1R-;ASb5p4!SjX{LeZlFs(Cg*DlLFuNC(NEKo(}HZL>PbS8QYj|3{Glx z(9N0qBu9u*s#E@a-%?6<=k?Lj-xV`vX$bn#IOg`ymk;MwerHB@3uR8>j;@C6X^h5B z(4sHM-apE3{)Bt20G8j5!8mT*lOGe%%K0$RLli!x&3yk)(41vbiybT~r9Ar~4 zS_`iaEYrxfGvOsF#~5#aDE4_%rw*0T1CKoHfV5s`@@>I1J@7yqmXuN$X!D5Y87*`6 ze!V9-a)S;%Y?QDeSe1)5W}{rnzLtIMedDSVUrMZ79q9|}@xUf1fl3Vgjum58!U4hx z@ZhSut!v9*azjXIQ|C#=AyU9$S7wg(>_uw7<>LTj_35vwS>5*+1$3~gEF^$^)~etp zu)^z;vNKvwH9AAN*u+8@-l_jM&LHLu;<-$vyW=lvVhrYjM1s@53iv#RV)5LCm&j|4 zbBCGGua6SL+S2xv3;=|<>QdWNdv={+GD7xK1G(h_g(usIM&iLdK_z%CVC$lK=r*r- z`vO((JNIB0ArBPjQ&2~hjGo^{dE=w^iL1NEHKCUSw5%uZONQ77CbIUfmksOuBRv_> zeqW}fNzMyjKUC^42&OzYGI&vP(9QH0LDR(AWy!*2sy&*nZc?|)Wq>Q)lq)z)c!_-s zP|zrJG&l+&IxOb{F`i<|+!y@((TZKfG`3INHdfmp_G(JH%NEqfHX); zcXxL)G}6-D(%lR--{o`P&wAf)ee3&g)|$1h6Fbh?zx~_$q%Oa``}8r{d16a-9aFRk zV4B%MdOoZtHT0X{Kff%N{0MwdqLhB$qR-@%?6p6e&UuhXWK_WmQ)HAfB=i;bfT9f6 zd?c#T{2%ydFEB}J_`V+r5#6?&2`#49gc)DNf~YtB<&!laja(>9nDTtu0fZMEAU3)| zOfeA@m(=)+JP~$(-tn|8(0OS=VU&abT%-mQ9;6xU$cz_|fvHIN^^yv+r0s)r%9jkI zCqaBBxzoJ(*#4YWv&+2_IUfeRSecUE8l`$gg>~~8y!W>bgv0AO)CVF5I$BI(W-nSHxa$y%B zxk#8alQbgfPu?6BGO~=8KncGW3KaTShZA$YlnV)oj8eVyQu6sK{1_aF*7w`_=XC*3 zwj9KFXw_)Mb6v1BM&aJT0q(geI69NkU|1@8v6Qd#CQ@!!C}>oppWf!QgggbAHj9ZW z$~b7zERYT4?LGCSJdv-#2?(JyMtgg0Q(N~Dhl4z94UOLntWu%QSr@E+MCXx-J_vEFZ;K z^=2Ai>%SFHZ1}J}Np}8*l#$SfWLP36f-pAR67x+%K+(?(Nvx32ZsEwNS;ECTvJysB zY=#ez!v!5QD`*>%Ej}w@avejss18KGukG^gaM69uNG+$iDj=;d%q`^;jn)&F@FI4+ z&968fo0%da*+lt7m@yd8;x^#W{iz*s_U1txtr0KpOxP<2hvZ*sA5h4!X0DX{B{s4z z^$A&yZ_?658XNcbA)1$~ehQ5qy-`4g!;zx&>pXohXorc4&vB+LBqS7mq6RcLymodM zH>rGqV!136ZJ)8^ikrRPav z_fDQmW6p$>La^LiSe&8t3C1#(Hj+G0m5`rsdp+tC#Zc4&-79$O40w&duq1G`6YmFu zGCnnCt!9W&`r}ZqRmvJ|To1k^{sI6Pfd-s^1Rn}-;x4?t#aN}kN&ZCR;I>~b08hEL z1e$_+Ze>+NH{0bjj2;TL7}0LS{ATddD&IVWzaB9O#>JS!6v-ugcV)Wyl~341$i`Rw ztMf#jeDo1onBL2J@g`(^nBgfEsLEs=Cz1VAVfo$oQuFOMM&p*R%hJtm#q{YOM|a$D zaWk9VTo|+pn~=9*49Ce| z>UBcCqtQlrfAOH&arJ+0VtZ+34xW~=6nPciq3oku%%KcjQsebV2b#g()gL1k*?RR* zqB%h%!ICk#|L)0OsJw;^gvA}c;5r@U{`Xl855(iM231bI5}-tx7#sDyF3ldF36Xiy zqi&Qq#8N8yQT0Mvs`b5(E+ZQ;v^Bfl>F#J?P0m{A;ll!P&40+uhK2uz-+vjR&q#w& z$jSSd57qc{o2%-YycQlknO_(v@CjFZXZ`W!oSS=%yQd0cS>jvg(aNx|JzDl>Q4N3r zA@a$^0tuBbI|;Qz`CHEIZO(f%E3-{MmQ+8SQA09{~udWc6QVr21| zSPA_Sm|!^R@8V<_>>-ESPg$jN9x@hQ1n<1sQnGk9L2ep!M?L!%JGY!Hx2C$~YBv>d z*k)F%|L=xnbAbHGLbN#kHh_fY3B~|b87SLwGFCBY8n&~@kO4Y?jL_iKN`p5dV9gYl zRT?G1cu2jt{3jTAwYd)Y+3x;?cGD^C(q`@T!L0j^c2AxHP{E@6Ig5$tpB#ZMBWbV< zmRWW0PMDZD(ET&)dKn?PIFI@TkO+$I4=f=`Px2j=*&412v(=SZ|+q$#(Q^CNNn+QE+C53f@u14!Vpy6rlUn4VCu$3p&ukG9a(*eORwVs zA&OOTG3~n_?SaB||GY%pbB)bP5f$M9(-}x5GHmOXq|MQj$z1;dBwu{)EcahecJN5NQlWYkL5)SkWKv8 zDnfL@%j16M9A1gro;~B_!P)D`(WBcPm23*M&%;-Mw#PtM({jrd`;38MOAwg`{%5R< z9yFOxh9)gds#n<~5`M*iP<%SYl|HHgNGlRq8g}+~_beJ#pr}CM%@i;*Yt78&7Ef*9 zjUE^ycgMeT`w7s!WfI;6w$NKjQlRWSS+|Vz+_C&0-hTx;kjwA$ibaz?{X~;Ez<;hA zV3v-L8R)^%?l&yNnW-#w7tH7q6kPWTq05d-2iTfcEA7l4&?L6+YGNgnJbpXDK>Ea% z0OaG*_iZ}!H`^X@bDpcY5U?f)S^c$$A_M94R9!tA2<`A(t?%x$(d)9Jn=(l?b&R?B z@rdm3IhYrM$f=}6a1y(l-Jq}^9$=XAX}$KdOMt`0H{cAW*k=rqWz!=UNtBg0`nCe} zow+6^Xm=Ouqm6mmhq6ueU#32Bhr~TzH1Lo!z zD=BE=QWIm60Lkh5DTn1RX{rP?MpFZ@V3}%ok}qAf4LNy?b#iEDF0U#@(*8^s(6705 zD!Liy3zb$H&w-&OAWLi8lXFD&h4y*2?5Fkg1bJ@cGiPk1OE!Az)s_XBU$i!cxuNv4 z@yd}AN&ibz^Z|EXq6t*s^$~MP)DY9mu#Q3X!9Q)$r&xpi9U!Gy&33DPBLnmKx;yZ+2X%S6 zk|;KdbVNoQ5te-O+}X((q{@b`_TC|;`>|L=UqVvIIw~*1nm+6w0K4WLw;>TKpu4( zaP_E6K2brH*HZ#6gi;iL!Q&xupfsA34Fros>+2mN3;yJEFakW_VnorF=RU$;)@Z)c zL%!4+2#Hgk9vul!_`DVGWB!Y?jGy^Pj~(yfUROD+dm%9;9<5I*nsc%4_32@c-A{+l zM=5A`<3QcWhwBmn9_7c`Kd7!YMhO8?zb@;(2)bHEySgn8yC1$Q_bP3!vU0opO(Lr< z=+G)_eYisPSWg~fFfT9)PJ;sXUEP}{K0GU*8IlWg$&wc*#lcZ78y1!xKq=F|S!Pva z+UITB=(SeA5DAMj$bd*9S@;kN^rkz;V0Q0|Ynhw$k@sds(-MTzt+f%^zwCHhPFIEQ zX%g+C&mS5w`Xse2MAS=t8z-H%I}9=+m;N+au08BgDlqNltWEe7N&)Rc=#fT+Ow5Ov zUIbt0d48j$;Fm$|N_2Eq#MH6`>P>!@=b^OQ+J;L8-z`u6#pNQE9(^?}#>>+;=|2O{ zDo5yP0^SuL`m0gMfSr*!$HP}UB7%JVyQh`!&(`FTfsXBLxm*qBgZC{lhr_1lkG-d5 zioKR#!3DqVhE|N*8wI*N- zB$jWhK3`FGkeb*D^2OfyV56=!pX={d@zzd%OymEMe5ztLy{UXc7M##0jFA#bBnKHCqiCwK!>OsVn06GC}N?lfh@Wh1e|BX zjW1m#kMz4{h`9+Y@b0Y7zTB`cmQ5OH3k<0rd{<)n!7|Gz^32Dsod%sEsT48OJ8Pb6b3Q!FK~NoiqZLET9l8y&SoCz`2pz zwZMU3{nhc6Tkk%4x|g!eV(&;S?TVD6S$_T1N~*nzwGstqWE&+da8V%%`=4F?dnx8P zwo(_4HeguP??%7HhQsM#-_GRdNJXf0eQgsldch_&YU&O6gsrf5&vq*w80o$tudp^| zW328;Jq?34ypF#Nc5A@crbRILc9PxkqKVwl(Y3QKd>fgUTj}s(1GpNCS^d$o`8*l1 z7n^jG+GY~=W?PQ9m`i?2H^m$v#JrymxU~A-IUYk`$*)0|+_npz^TB2}GuEH@$(3To z`W?Ztp+@O*iogravZ4-3WB`y=^>j6K7vPYg~N zuqu?C6NzWrR&*@(=?!y6O5jO9ozHzhoWfC9?h(#21y@3ZB9-PRTCXF7@v%TV1%L6K zCHX}1s~UNcV`kkSPm@o>Ih*&T7|2ENUZYwZhv&>`sR&$9qDSI?M#6ZFoV<+PYv}YT z>2zM371g)n0wl5XKH;SPaXZ$bcg54ad@t64>)btkTY#gfsp-LUg?Ia!h+{f8{0VCM z*`)^+WlJp<=*{sgt|2+>e0xomVjc#mQk6v#0xA zZ$7m88rc%r{}rdCrs?Ct_X952X*+?o{#KDl{#G8s>}p^OhU4KDFaKJV+x~SRH5(He z&y~#st34WMD&4wlxb;@b%5^8X2QUYG| zT|$^huuS#>b=39munh14`4Ip8wPFv}Kpz)C)HrY|1oKKToqF zMqT5Xq|o6p!MHpTIbZ38+YK?qw?7yl+B`|Ypzn9kCwpfVJ(8fqvfPRP@8&wb9(x8! z;M#Cr{)!%$*zr-MlR9cE$!p@i{;6!;aXe#NKAJnznUQtJfg}U-dB@h52+}F-ROBp#;MX zOVNT)?;Vhxcs~AqBk^tTr;US@kHE_D(y$2<9EXFjzXI=ttSQ9TW^p0(Fqf#pHj>n6 zxf&g0N=yce$37FTX4~PC=uR|{_s1{e!hDAhz7^}jm9bqS3-j%kB|D9@MG0OcNc!bE z?UjPhS!?i{`ng*peJZKLSD2NL*yNe4@HoSVDShe?1tEGs_4LxksBc`v&sV~Q*TsiB ziAhq5;}sVTkO~-qz3JMjN9H>mAPICIx@wsc!#;*CE+*OaMBCkS zTxZNBkrSDb@$=A}vyn_GGNHyxt?8i}=q&_VnFZ8YPH6q9RzCHqmJtv3h*tvK(-cz@ zmU^Pj$ADHs!dJob`Y0%}=Sn2@I}>(_O~s;Z=a{gmE$JHGHVz+3@DQXgsQHy`WKfq} zqmqS(86_2zco*+ks*e~Q4z4)V-uQ?zOm5gfufQV(e4^L;(6o9X|GjC00yUWDbEar8 zQeqysoySM4OovB(siDKxTAWyz=KP7<2`f6!GMEfCGnx9iBfs1MJ8dQF+uPmfU-mLS zKk_pFiW6Dbn1=6YF)O6?+51sOUvr*W>5Cq^#VqF+bYui}HbG1G}{ zBPH^Z=~S4y5|NO&QEM?e=2qt}pe_^g87qd(?fa}8h*Zcff7ejFo*tEij~FWM*~VFS zQWv~IG3Z%;8x%{-ZLFYeb3q&e8b^7{W8vf=DXc|ax&7efLfo1?{k-)XSmOK>;>8)Dti3r z`^I&Dlly$0hNEL)@4XD~s=t2C5lDT?&XHz~SSGM+=clOC#F#m+YI|8S^IwaX_;SM$ zBc5#~qn?IF&V7R|c^Au7dg_S}E@~{4FwCpc$CGMJ1yxN0JFfSVz2q>|^DVaiY5*q4 zGh#h(kLaDjOZJAxMCyQ*pSD{Zh;tJ9-OW-2TapzhhgB$(WdqV?-FCg{(Pn%y7q9ni zv}>~saRd2wq)J>y?q#IGL~A}`98NC)fuM?=Kr6I#Mrzky`0w{_ZIfz?m+6gPk)j9f zZ(YA`qdL8%sJEuqWa%e8(Eln-^TT1BA#?*ZwkH}{@*5EtDcrUhTI=hcf&y%`?Mit| zyYBlmd@{Nep@-1uWikj7o!4l^P3rc0!&DnG!;pAJQbWZX4KHId`K|kD1nG6!cN6i7 zQ0jr}mvM42%%`5v)`o+O`_p3vj;>=>;y6YM164|Q*FT0VeFSOA8ZN1wE7g{9|I9N@ zPQ6i@9n_a>-r=l$-EhjwWZlI_vnZS7r~z}5X4x;}{js@6ZuE8#`-V;oR4kR{BNp}R zbK@;0T`_Zvx!#t2Ym{TI=xaXNuDLB9(QGos@usfo2fUlJM>NeqCZn@!ID1kVJA>@F zvl=Ppa79N{DB4Ot)}-j?gOpEk!ZdHGpL&&N*z~=XfdOXF2uP2dlI`Xm`N+#dWTU)|NrEAd}pfVf>-)S~i5l@sM-swqWo2lyNaM8C2~DM^LL|d@CYcWj4Nh`#=?sz*FpjFt zP2Uzrt!DbX=V=a4cQpDl$&}f9$aRfkY~XWnXTFBl!l^FD*1+ITV5IX%S@GFR`|me(1n>Ki`bJd*4F=52^h0 zbR99ueD`~OA47?cj9shfJxfVS-k|iFi60HWwk~l5da^O)*llumg-^HDj&o$PlLID5 zoGr^Kj#alG{N9{EIJ4%46J%Pvxv9yVR-k*I5;K!;!$(ox@&-Is*C26aMsS} zOifDxhJ8|CkkbbEAntsFy_~49rlZGzQeGwgT&JcfCr2unR6bzrMKq~V zysj7Ua>YoV;EpHfe3UEqD&K@FHSdn6?5duF%O>-sYg?|BUP6k>o4*a-6J@7dfBj4e zNY0oLTr}SQql;16e|Mm44kvbgVQ9Cp7pa?tgmF-aY2=-iSt$+b_OKB)y^twz)2x9X z3u0?X-s|pLqsutrSwAN8nin>j{xTRIKg!(kW;RZTrt0V3J}dSr=e$#>{Cd~@IrnN$ z-*tDcR7s2-7+nll;CH~Pu%T4pX)E@$q10mtq1%S{*+~+-as}i4NpScxllAdiaMebu zQFcO?6)9`y8_@@Pwvny8t_;PE-DImK%19zqTL>O`JjvBm6C}LXN`%R+U zn3u&-RL;*@ZQwkZe|KMG4dJM#S^3xvjJd1&;U=W@Ry4+Z|B_cBH<~SC)@@`MbD>zy z5=!VR9Gxl0iAZ&+t9|SZm6G(xCVN(~n15>OQiBCrv8p5XVNAlC2z4HRwyarkn)5dM z;KxWo+fn;Pcu(Nb=0c(+1GAZ*{_|{Vg`DcludQCHK|@1I5hl>uWqDvE@p*`DY4b+lQ^jB%FX>`D?2zl1=?0nn@C z+C6HHbxYg<9h8_MBq(=KiZMvHMA~{|JjSku=X8US4!0Y(n-k2Vt|Z^P1SsKLr`M&g zMF5#l5R0d3wtmdibYEAm&~J1bb}-$Qlw6Vd`OQ3d!Zp~e?j??*7?84b@67Vp zd7w1xC62mB^Q^7JuwnYz`jN3IS6;2jW-zXL=C+#6?6zp(^z}~<>^YYqpYHV0q3Ope zM|Ux&zq^1Oe6@OH1tsKNE#PR&qh_Ng92_*avV}i~D zeY#Uvb&P4Ct>mqz0@X0{$L6ifMEbpDh6d+-YyQW@p}V)Z$;b7NWoWY8?wWw6V9-sb zyWTdwxTn`31eZM}1mohM1b2xD>p#jzCgA-FAbHCbHW`nr=sU!Xu&kIk*x7>ZBgHh6 za3Ws5b>?=r1mX*9cRT1dS1D}Y-#9tyiLJI_Z$T?fmd#m@SDowrk-}@aX)H|8%o9vd zV1Q4zUM4jgz~>)A>*P6U{E)XcWtS3+S z7?W`^#A>${Gzhqq(syZn~{KZ=4F;kDUtU0Ek8CcWWU~PJAbHvBk-v&sI+gjK$lqP z-0lXH@NQ~(5}4n!QT0(^u_XVly)w?XTQtpK8V8bYH`h({6Ofp2X4TD~X_&r_r(y3o z@r&rea!A13!P#^v?BT@Ns0;H?+stkAvMOsxI@~%jI7p<>&30cW3P-^Fef57n)@(N@ zLw}f9a1I>Q^K8<5 z@Ypx7;<@mj(n#=fcHB338`yRdQqSY|xPKYO?=%Bk8LWP*w+tBQH0-zaao#uY;i-oN z0LqmKD1zz*2t0moWpsBWG(2?p7)1p3now^^M+uW#UjqnZ(wSc$hAs}q$x0(ca{)-E z-NwkufA#udB6m-ymbm;214~=8yt=?b-K9?HN70YM>#A!n*zGpVDdC~cYuJ#-`2H^k zjz%iT>0~(0zwLZFe&!`1aEJPattRj5SsoV-hK<&Ey=ZQkq7MxtT#wLTl`D^T6JF7y zMe(Tl<>s>?EDDQt`)OM%TCKKsN9k6x%KTNevp#)2+eydOv$wOv=ZEiVFD3J^Q>}cv z3+D!L-zvvpcnYZl4Lyr$U5FNX#fSR%i&e`!vujQMs{9K;vpxbrI?F-;fz!)o+wI)q z=umo;VE-?NwiCJYg;({9>fii_$0tHI=ZSix4kvmB1_~7cCt_ghet4W$&-}iicEGde z%wKWBerl@Y#gD#J=kw015S_`}+3$z?9J#rDHN+i{OdILFp2p@8KYY8p>Y0fSRLS@K zIDNVgoA=3$SQ_e6SIRX)$OZKGc_ACkg&QPC&(VU#Q_kSMwyGV~rL_ee7YF*mu%5;} zf}6+61*i8dryt{i$ukzu*yMe^Gu+pCHLfcHuh48Los;+}sl~qIca0p(@Dum4BF_`w zva;!n3oTvkx+Cl>3y!SLOvMa!rF`Mz?#cLiHTO}&pTN?dVBvKKSGaXj+vr)*F^5)} zV7;pLEuFAR7p$0Ru}D>$w^CkBKcg6RB6ja{WtG^ItQSeVBfXhdqKYp8B(K9Q#4%I!7JTbd_WXp_H@=@!LVz zg0*Mb-SD|Jemg zRHB=yy-ux`9#yD_>nY5rPRF5tNb?YSl^jpydKXX`kF+!yq+oe5h z3Z(yaNI-@j$bnuJG#X8$n{iGQw>qooUTBhnCXo!(F>Wf*a?*uF9&ZX1{bx zh)wCsv-3?)UGL5E>*5*me#Y~ak)(Ib+^D>KEj1UU_x$G@+P!rVJcrUiRB4Niqf_>! z88toPxWsB1gc>}tP!zGvf7QQ@|IbcHdsb$CU6{S;{LsxRbksUQf5gXx4T=zW_@RUt z8QBJLG^KG?oZkn-ops&~F(Z;wLx5j}8Wk?8`}=kOwLh3JjT$9VRj;OBVs}>{r<2RPoDaBG-K=2xrCTs)u?{0_4(!b!mIWT?SZHpMCLQy8F({=zn{vrgB#T}XlIi7CU$jr9 z%vn0A$F#4u=RDiyZ#t2tXk{B)Ja?vZHAw1?+=7_p93I03twzI)w%(~ThaP$$2E#WR zrp5WUdr0Q0M(YHf!~h3ps@cVSuA*t3r-8br3C6z8EBe1Ha zNvs%HO2dD(xB|Xm!C`!R4{h|gG3vn!x-i1EweqkVx$T)Z_M+pyT8L1#AwjtA^Ff(r{%%qfU_f{Mv%c#oj*|tI1=Iq_Dg1L#kb^rN zOivAnyP-7|j;FSiVA;{5`Ko^HSp)6+VI}^(P{w`otvIT|YuiZlt8pk=u4Pwn$V6Rh ztcdB%dcfKGZgTxm+gxv|ySlKhL2Ge6g;$Tv3n4ST!N-+{tv3`&!dbDo#lyu(DAI>X zVf^pPqBqT$mjhWPzTuPmDD&}<$j)9eFjB*Y&v+!5EHrrLF`IkgFW-9+b?lnyTA=iL z1J_Jj4jXOk@RST*}Dcp$vwR-0%PANSfj+*cBd@0n zXboMo7ByWX^KabKrtPc~{f~8sf(SY6n~&%J?z&0lNzN7wiW1E8DKvrCf`Om>A=jN6 z7ep?D@ZSNV?XB?Uz1)u7{TH~vEhH&~F1=@9-AQ8^9fY@_>`ud+`+^btA=1UgmCZuU zJK;px(;9ZS7cke;CmUbXmtcLFERxGcx@y)a?)9s6s{Qs6z_m4;xJu`^)9v7987~L` znf9GZVtqq2HauieC5^gr4t7%8c1_POK~nGGw?m8i*^l{-DTn#C6uN?IEcx4Ihk*^5 zH8oS73sXDg|K38`BqGs?f3@mugiG%MhzpIN^_*SLCHGOwg_(O{+PrGVY=vc^hbC=g zb$m|EO}a8E>)82Q4moR7QzMm$nrOqibVTlV9uKG8sIXXU_e_>rN2glBBNZm*))lMS{cdw`ZU-J3$+ucTsTyC1valnEYF>% z3?#VDgrJyneOsj}TCh{Y4-{al*`^zlubujhSJBg1t-jr#u5(7UMB@nr7i?1v+g6X^ zR0jyEk%NXmgQXF7iHN(U!f_f!6i2|{{{9<&x?zAI!`cqTbtB#}iYTJzZdl+>3zj)-&HU-wXle?A7>hwCo_-TLwC}skaw(d!IMZP+1O!G&6c* zNnmb&c2$lz%EM4}kKZ><4RvTw*Vhx1pQBOO?rmP(nfrFTutTxrb!1n%r~8yl^rf~p zru!bYwzu&rL^dJHAI2i`g-`wFyGlOXYVBte5r&itZso2NQFXb-#5n~(K_Rhw5x?F& zm!LfVX+0HUPtsa^sigAv{uX8~A+*q&-@h8hOt8`QtgCi$F$Q)w#1SWYA^7J>G0Rf9 zd@CmpRI5wdBRGuy-6H)({C7`xz?cyA@`a_iLn@1PHVjaVFQLc8=ek-OjRcF1k2t~@*oHFwcL<1Bg%RmL~!(VaM$}UATds@ z&sVB0ZHcxdu^*ayc@JkF0&zB{z`dS<*3A|8sA1T7_Mz~yl)klU>DY?g1e7qL`eV5d zt=(vxh_d~T-hZRstaxe#2k}MvN|k@yEt9g@=g4JdY?}>kvo@>V9h*=j5jvJ`4DKj=7^G@6k4?L@GJ4ssGz+#Ni&Sr~TR#2N8^ z9#z8r{AoS(7=yHN#FC=6n5Sbti zNEQnvc#cD{>^;wU9RAf8X4Tbd_#MvGMwBg29TDQmh$ECy zo7p5EJHP8;c#7JBX=cG`334G2#Q@2{r09~8!w0hsix~se>NYB|{QMP1`zvg(=J_=t z;BJsrA{X5tmt);XfHt=@zoLSiA8QZ! z5Vy#+Ehf`E%O1Q1=8OJgcj9>P!HxcuhGSVW4Kj^Gk9W=f6fF*xc_uTVK574H{|caP ze7`(ezNvwvIPX~Z2-6%-1|}ou6iX&sT>0lLC<)UU(8gfmX$i0 z$vq9MU^|pXicu6yVqP%Eu3qw4-PB1!aIfAunc-#^`TOp8OdR|HV-?LPf?Ko_J7V;iaoOP@ zpdZ)UMu(`PnJ3PMyV6FZz`@z>E2b+rQNcnqXqz+_ffgLWzTxsSDU3aze8m+e>m#ND zvvGpIE5u0eYSQ7@r<3py+qb3!xU_Ga^&(wHr&qx8de=$c_*e6dC>h3L*eEbgc#YyY z5ti+aRx^u)A0ZZPQWO31Yn#`4Rn&geQF#d??!)L$TGd`>s|EHGrxCOX)tnZ>6F=M} z^yWWYX|Q6gQ04LJuf$-{S7o3GpKJ^Xc>ftC9emi@n>s#fe>fBPfs-j;K*GTG^&RE zNoPi0SicQ8X8&*X@7g^ZpCC^k7bcR%0x8J0?9wa%KbE}b&5uUE;~4SGzM_bS+|f3y zU*BQhE%{JK9WRkGzjMe?BlZ+rVse=EHh4dQjh1+6ApcY?yz4Na^G8xp*I-H^6&sdo z0NGO%==6NYcdjsaqq>b?JQu2&I z#{if?9HU?!B{(&$*tY#V`U=}E@>i|ZOrUL`ntJ3fj_+AmhdyFyAIrFgoua8FB9iSU zt{2MdVRDjEZ1~`SYr@wo*b=8KB191e8mYR?DBIp{=$s0&O?1d{4B?N09zCJdkzz>4 zy}U+i$2@4^+sDB2*KWF|v5+lm*lhrCz~~t8rF#Nugs8!u?|=Gqqa~iE(%a0kq%Sq? zIYWmAJ-apSOIT2|%gqa@*>wI5c>R64@Bg~dNs_(GXAnx*y3Fr!-PMR3-6z`-cdKg7 zkH-)RF|v^4nsEmruIEh{AO-mNYW>D0oE`*civ(z z+h)C9b#q@*rUfYUH4fji0>1lqbbxYsiYi?7KD?&%06RiuubYwr)knFp&pUBWp$cmpVL z5V}*@?{Cs?1i4{#!0BE4foqdLDY5DH1!^z_|Nctjsj0OIhypc(A^83ElEC^OmdJ`z z1JDBibo?)`pkIm_j7H_Lfo$Cz&#-(}*% zppPpvzD~_H{KhGt#Ufl1f7`wtAW8H>L83R7q~NTYo@ZC9HyqwgROUMj>-SBav!;H^ z$BLw)Fgn!vpvGFVeZ`}|-}H9I=PRu~Vi|BMsHEwa{iiadV5DIpGGPwX%XsR};5)F> zGbxg%QtFWj+fTp9Pj+q(y#m;_A&8MYB ze2(G!zXS0NajS4au5Ig{aSV2XMGPyMANUK*HEF|N9j4;ywUSPDyL_iR`J?C&L0U;z z3+kkPZo>N=G*EqbYz)lehx-@US0CGDYx<+;St9a!9jTCzoO8lfz>jJc3$Ks$LGM5H zNO3XE&;!IOQQ-8d_@xo4%5-?U->G@n)zi3S$=~Cwf4*g3ro%KNvi(gTFm~m=WLa32 zMr~j9AAw@h5t8&SZ)(y6-|fg_3`+Q2xzPyTu)OWhPo&66X1B*CZv9tF7$bZV$P_wB z)m1{bPXf%4I?B>n-UdN{$AX^0gmE%q1Rn2hNOgi!0(>6b89HnU3C$j;iz?@>2Ab^@g)EWXOcjivvNRY}UeZMuKgqK*52aIw}W zogJWm17J4CDx`030NxIJfc?4vFuR-936)5mYAECw>hd{D2*3zju|SX*k~FP?)fKI7 z`)NoI08P18e%WYDW%&0fqmdKV&unoxQZV+Y9VsxG&5IV&VHr|Rf_^X^IJiT9^}#@G{)4;# zOXWCO=P6xbA^GsnE3}qT$rZNmQ7m{X&ORUGdS-fOWE7JdjamrUv{7xWS_tl`I`61t z`yA*wsDkMIwpSv&?~Wh9WVH$3Fc$Qvv}{!kPi4v9HkVN9zz?5=^JH5I_QE;r8P^Co zvLHYXuc4!~yj?UPhA z-#i19(64O^g@6FBL+{IK%7DUVEWgE~r)@U2WlTPfMwxXYjK->#x+%ZB={*Y|^qQ~B z4&#P*6oX$4Ur{g=nFHcR2Qq^+z<-r37gPF;d^5KVcpS0wAH|1tl=6Qwel>$Jra3H| zDOby@dE7nEhZe%M8gCySu9Ah?eY^EdXWYZM+fAhnZAm)RZzi~nN0 zRx#aDhkaK+^SK)tEy~A6v%Qr*&}%&H_|tXwUVr~6*>bV18311GcQh(j^1d8a>`FQ2 z0cd4hseIx3>Op;Fl?y#%P?<2>`nf~lZFXOrb15#Ld`dACDq8rdI;)c7Lq{34?GxNL z<%{@4mAkWF%h&Ap8DBMR`WsP#*-u?(WG?JbC(?e`M^HzN35Yr>1cfK)oQmUtuyT_| zG2Yx7RQYyGU8;}|%~(Je1G|jlcYcm#@MyTd=^#W@M z*{6G7k~~M(+%Xc~^U|>CXFdKa>)Bbajc_A^H}1U&*D^ucdaKbn-sU^;JJ~i{vFF3< z!jYtYL9V#|JHdsiSk5(k4T2o?Um#a|pJ?2SfaRWzm*X)q2V{#M`%X1(*WWjnCwR>y z;5m0$ToPSrq{lnNHZ<;b^c^-H0SN704L)r~PNV(K3en)8P$hNjn;*SDQj>kU*D`>V z;U5Nx7BjxwMpFOg8jn8{nSe<;Su{_mHw(F+P7PJ56|tk z5hCa$ewf!YaK>d}KIL>ESR!9^yXa&9WDIW_9-f8Me6WBZW#J#{M&f_UHoTD1{bK*g zWpn8Qylwv&4*@M_@fP%WSP! zCNxu<3jU7D`Zo*JhygNoes8}q@*WYPTUJ{jtXJlC1Bg+UIVMh-zDcm<>-!GCNL>w! z8lbM_kGRB7h=E(F#@1-t@>VoUap1#?bHE*)Rw5qJCi9I*=qxjyM^T}JyexZnVn36& z^Y8Z7kh}K!ib3+EbeD(TaJ;%*zlF3CjsE-_jOzi$GnY#OpkXexyakF08lF66YXAo% zr1ay~3iIIwwXIv78?uZNxlT>RE&Rkucs+W65hAcYIk=CP#1CZYJ>k79m76Z?{&`2)sc%Y9%7!#kS}`dkMl}Cr>5o75=7tv z_h>;m>!n(~Xv^r8isALeGnTvotZS1J0V4qIA<`0MLq`r4;_BL6Q^O1sBYDt2Gb;!< zW!soF{ieu@9P>$=Z9mIMSH>l zYq0r?3!V{zI|B}Dn@OZ=1Bsk9TmBDw?-|$B_O**5poAU>(pw+~6c9q_y+af!>Xsr> zf&@^cD!rG`J3^3N6m+YAsDN}52)%C*LArzU@Lejv5T*bzT(wDRO4!H@ANjC|8vHv2WQfmZF0mq3fX}}5~?L%DErRWF!!xnUcnF?MLHIy^4h`!J<;`hVd(xPHl= zmQT0<7@90S`Om5RRkpp)Zxw<2sLiaSkzaX?v3ClrU!A)5z86W0&=KL7SeJwC&v7}V z9QjxOQ`gTxIo8qO^sKhR!ct(~jyl%xS4-!Qy@+OEdZF(EC5WcdZB&bB&*+z1|69Zf z{5j0vJph$Mg*;I}7qVWNZWfK5A?Xw7``X@&^-B0harI=2$*2VbybHs9(7E|RQAgQh z(0OJbr`=|RILJ3~!UDsQ9i=&sLC(zVnh#P&=cmS)0_DC4jt7w!OuF!nX0IHC7fw9e zAwJP~yzR?wv*fdL<@$@^HjjRr;5;m^M8>bdVY+wtlC7T7xUSDAv~waTv0P~ z7$3(lO^Tf@fWoj%SWqP-z{|`1gHPq9c7davR@|`2je9(UR+|dQriaq>dE4M{bzYk* zlC=6|_R1~-(MSeX0hf+)oC^mD_aaF?A{ytB(A!8nERd$>vmbL%JdngB)|oK=&UQaF zmIIUq#-QwpJAI+HyU#FzhYyf?i_e4YJG|>Kq95>jn&=BK%=3abf5=Q8U|rHlGubTV zKhrN?5$;g?a!d|Zu$g)~eHlKy6v8kSVmoS)4|#JPdfiJHIcpK{l56HH+TzDl3O}s) zUG=kRBq^lNU=%1uqD>{gs(O?#bEG)*IrlKfA<*XyR|LOe6Yr!edoVF3nfi4gNwa!J zpH%J9JXBWFMIjFudWIGQA!IOwCODrA_1Bz*#E2^#-%unbbnTst{{O_9o`jBz>Re5vlR#G5>Dl<*BRadO*E%Q(WkA(-9vy9!MP1W zI~{BV)U&kvW~r;UKB6(MIUJGEpl6I*^nz zqs;L4K=sN%in{P#&>ji?xm42&AX6MuNb%HkJxNj#3cz81?)7#l2Ix+Y7x|&!udkw- zAM)+Y6kbRlV!c{5cb$vqKyc^2QgyvBXw|H%{^0tK5Czd#Yl?x&oGC~C@j`l!79rSEMXJ$80lA9}0|3Np^7koCBsbgJ zr5xR;{zq|!;Z>Fo1m=H%{w+Zna%N?4#e;#mD)+W;h$xTAzzDFrWdkDJe{v&n@2wgw zHRnzKY54MXt%HY7Tdo}+J5QlGqTWB}o277P9 zs4YU#D}76~R{}Zm@Dz|Dm zc`wImJrBFF&zW^6w~*Q>HlET8S%vT)>AtvI6G( z&};71)&z~@+^ZmBZ%F);#Y>U}b?ha8qrPaE=p{q-cIVw^%GZlLnQUYO9snEGWbcv0 zfJJ#z-Mi%h@PJT3s7iO_dvMQo+np6!7Rhe&$p(7>;0Od#n_r6T*A*V{8`F*{zZ(dhaTLh{4Cqo)@M=~G-i8nM!hGD15udrUTAjd zUIGswiY#8o%puw2PI6_e91gvTXs^F}%0EM6F6OYR@IT+__IL{1Tj9w3d%_FWBHFxy z+xh>P0M|!hdd?Y!WCGHPoZl7D2l4DC{I7igZWB=`Xd2UKnysYp4XafO!1kD%Cc4r< z0}W<_(N)RcxJRQuZW8kxXbfF`XK)2*FocKeKo9gBR%e&F=~9z`#y5?tT|gsF(kVtJI~9v5hYJWb(Da{GUZ>eKaDGzn#JIN66qK2 z&l#f(^nu2s!nnskqg@afakSh0H%v+YefWU}Cp9pJ>xtc?|MP(Uc^G$|>M!iDbBkRY z=x?q6>R|tql+Jje^seDM40^+|FT4D!fSx;<=WV5@biz`C=fKVQ!=4iFYg)xQBaF3uUd!%Yc1wo z$d>eTXX1|36OFY%P@Tit!tWaBVz5?Ba4JqT5{zyXMj&Pk4B50mi0l7;q{_qKbilo+ zV`G5}#*|qhyNLuHXe2m2{NE2h?SC&fO!@!qa(HF)1Y@78t9KB4%wHevy{j`l@*=@) zfBM@=FE5QZOBE2&OC%5ig%PHpA$kJz2(lQRaRDyTL(jX<<-sw6hdKMQ`OleT7QRi5 z8afn!g&sdf3ta}&Vrn9K-8*+c#6vR1Dn6^qmfC#-|8(@N(87-@{;M;h^at8~9}y>C zCKSTmKgQb#f6M|4sRN@@f)ymLQJ>OXR_gOlYhkXxNspx%&m+9DIr;uwKDe*8aBf7u zZ_CWOmlCQM^Pi5vH1l+S{@Ul<@AN0~uq@ax{%yx}QX6ZrtR30W6#c8`dC$Y%Es<&0 z4x|u4G+PFN=zsb8 zT!RWR@3D&ZVq_%v*wzUx6m?1S$J5^LaJ}M*4H9NOy4&OL359ec1lxlWb_g@_5Wh@0a9Et20dpXbJx;%u;xz@JBr{Js4QGm2`KKS`fJ z_I(O(Nz%xfy=JU-OT_!tcGKzD`h++q1bLGGUb;SPH z(|cgK_TlH$FNi3Ng>2v(BOz;|Qv&k3iyXd2$Z=PRogwT57c`dOvm=iwQV)CdtiwkD zQC~k%&bk6+g|sVVQzKFjcZ@KOud43Mhi<9DYr2$m5;WdtmeoGtMbEQfHsfv8rRys! zxbt&@OD4*xznI3yswBHf+lQ#^&h18+s_*_Z>*IeWm-I~od1!!nYMBy%Ipwkei^Y%iQF+B zu+yZxc-(PTJGg#HoD=b9FuLk-F`b`(COk9k|EqUcF!-pDE021oO@W}p{p6I8fX%Lu zU-(vaLBw5)eY~b?So+=}B;y#R@-u-PtC@@m1EXCY--Lf+G;TTTUbnzBw#gZ&oaJ#% z(k4E;+c|Pi5Zm2F@4&lHdUZ?|rNC20YvJ0qZ&kaW>|$! z_mEDrO`Sbk!_d^I1?;d2duUXEDCL6#dJ!qniM`(DJo; z8-Kl;Or(t1$<3vzQrLIn9!09$CT5#*m{tVvX}njv8fYZFnyetl|C#?=boSw%S4ltc zHja;vgZ%BVGa)VFT|Uh6*p$H>Y2NJZ72Ht(Y&DG;);ciWqoFu+uheoV`Gn;)aW>7Mmqbv z_Sm@@I~1dRJN1K!$5l+{;)&n47EXOCq#2UgUEQ9TFobW;`QMpEuN> zwX9#qG#De+IV^uGG@LAoPUKhMm2X>T`y^sv;_>Y|2e<9hC9{vo zQ!!uO^!=`rya~Tc94tw1_(D`1`NwdL3#;g@3-pzfhL60e6*@|d=4xv@ z0*zQ9ih7<0#GI(+cF~dJk6FAD1NI__q2%bm3kLc~u)VMsB9%IY-oq?=|Hmt48s?&; zw!B5w%g;bY@T9Aa!|vR8%D71OpZOE=2iK8wt(;iq7iB!r>D}}SA-u9=t;BZpd@dK| zA|lZ^0Pk*1EyVWqzIbCw1}*@{HJ-9i7-ei8S{572wkj#VFa-*qhjG9BB@aY}sHDmo z;4nQ0ytbwTdt3#zncXj*_}Kf!WZ4Dfr0f&UonT~A?CzSZuL!7+Mu>?HWk&i4Fc}_w z&O^eHoRWZTixxIPHFX~8mIy}wib1Q02_WOC5QWg;aIQ65nGER4O9H;nJQ`MVLW|g} zo=q3bk7~WSzjhOul-_K&6}`N8PPdQfQaCgNft&~Na%T$K%@Mmoeo+;Ag15x_zyz%^ z$IjeJei3sZqF#X7GPjPm4hVkVymDxO(RuyQ*TFKZZbX*_B*N z`wn8Ax;tNkUQaCgY# z&oy~c$rTmk`$+0zeSBg}%g?ss^g`X3(yI;(jXH{%!PHhzov(i)jg~dX)n-ms%W1qI z`ve7o#V%Rt8WX3s0i9nmW4b$Q9w94HF1Ryt>^eC+^tE(Is3T)*+Fj@ zx3PVy2=nmCc}-i44ifrLxXhGzXNzXOLxX8w{+HUm`(0-G)yw&>v*grXYvauc(7;RF z^u))1F+&+T29*iA-KCtlDim5gGX=!(P#FZvrMVB7BZ{N@u;KKyqo1K}^QzaoA_(Wy zzsg14clHnx^T7~BHEzk*cXG6?V}1+Fqy*mKb`da*SmR|HNE&EENO@9*i=1eKKmlrs zp!g#RD~^vgfdU9mC70wY)~H~5$~dsmbi0mQXRM$=+*V$pyu6yqfJ(@SAb-gaaOB9* zxe)wr0g}@4ZXI359mD$BU%spaY=%Itwxx?futNXY@a?1pp^H}D;KmdfoO1F-ScZSQ zeW?s0Rl2}4G0^Gm!kuU)8LJ30IW<}Gh#c~3m#pCv!&^yNr#IGsMd{~G{<*2zhF=S3 zAr4n&?PN5(kl#}I#;y^>K7RSR%Qlu%=EmmN);KU)q1J6okRHJj&E}ZCF?;$2@)_-p z^(g)x@+yV~7QP&3)Xx2Y?k0SAWY&Nk7RuQn1qHdHnB-Fg_b8QBm_9Nal`!k-UDmif zuQ#Ab$!fXkcnwY|;qET?mO{<7V>?x4(Muf88sq-RiEFg~ZAdEDcy{=Au`8CsI~rh< z*NS4iA}5UPI-7OO9$Gy`TdxRue+yb3J*T>Q?W)q`Mh6(T04oBcp94!3j}?>_Kb++1 z;@7E9F)=JsG_1%*j8cu&|48xYV85e>0Rhnqo)l5!7Fnuw-A=KCGMMRv8V(G2f3W=N zbDWV~W6qTBNxcBGRAizyN#lSXY25t8+R$-$Q-+m`KPE!NV>^g*$q1B!!?^)~&DNl{ za_+W>um^8)?IK#Jade)nr4$>Be;*A-tqkG6uH*?sByZI5?1({~(Z$*Wnvu6y8*lnb z@d~PG)vvLz9vB+tAX9bZRgn|H|0GNsCdJ1tN^({S(qb8}xoLkaeB`tH zrW~QE$y=!K+-bF`9&;6F-DYAn%jLAqBA&+LG$0V{<7n%u#u*%k7i^G&?>1yyN#u5} z)C`=t2`?#=b+F29et}4x5+BipX=+pIg%`ayj;m==mUL&bd#`8sJd*1d&rDUt)|o?2 z#zU*-_XM3n!-J!=>Esxn3^879akxKKjQ25cq6XJw3CDGJSD7caIT;^NCh%*0*_~e6 z;(eaoJ%6TBg*zFWer0k$Kh_za>uIQ_F5(xm>HsD9c3K%yTk878(^-apzD;Q=nDV`K zu2fp+I)UuoKhj~YC;FI=)xvHq!tF5tTwn6p?~x%&^c<@_0tPV1_4q|^G~>T6nH`iVafnmRWhc$H~wYe zD#ltQ3ZJeD1uyFIW3HZT}^kbitfo3|~fXf6_x28)*F} zOclKdI$tDJ6*Be)-8M$Db}zDM`Co-h7!AAojcUuV@$0F|7$Oi?JQAUnZv&jcql|zR zv;^6TS`bD}6qfZ2A1efSDxBu~y-pVl(O9_lkt%jws+sk-_#$8JlG->j@pT(Zp40cl zzYlCHyg`3p}Qj~3?)f}E%P@H6FZTUz*W7v`KN*Nx*? zbdWO>S;~W85na#b&D|JO5+G)6?2eNl#ly2FCWbKZ7QgTPTQKgk?}7aMbk0cuoM@rJ z8|@X>_2R$Q#>+P{Isemn2;+J?d#0djKC7@2#6|xVc79r9i(|SWA56RuFS*J;6O9&{ z1^c2QC6f(gi1zo=c;%TdkSlyxnG$^}%`6eh$<|$hDt-c8j)W4H0o;MT{Nk$WO5^4# zby(5>vti?gmQ4*>$b@u{WJf`}{aigJj zF)1gCxO`4uB4?82O{GRZp5>o)oZ7Zw2V2{6{C@M2i%PPsJn$4Pz3HMy_D8Hu$$1#@ zvZ0}DOc5>z23LCDL$0*9uuUoSC}0zI=E`Rd&ZwDXB-N+kMAQD`w?4X+i^Y`1I-P7{Y=FiD zjL<3xA?-{0X?B}sLd<5fPTV@bu%2x5ZQr(f^IRBC>A{ZXnJn5CQO%i9Q#9*-KK<7~ z9(JCMs5jB=+3nxon%ozSSqi!~&5gx@2r0pL5Ib*+a3C2SO_Rj{|4Y)auL2@|cA1c# zyGcgxtNmg zwrwKiL*LUuJEF7hFn(f#XdCzs{grcb$u;3w;_f(86LUy}X=P+1gO=#$a(8!ww}DDw zkgnfN&%RBJv{Ad`EHX#wlFy{3$}gDkb3`uKgf3Ypcino{94zOY$SLv@jpIm-OFSDs z5t3kuKI%SbTOja18KVuSvSk15#@Woh{GwYptq))yW(0{EVR-^c7IoY zi4->*J_8250C?Y+^?z67K7XuOV6;?f)|GPxiJ`X;kaVNbQVnc`GcMY$LMg0SGi`89 z`k-KugJQn4f}}?&?yOF&GkW|v+<3>#04OM{Vk9(k_EUvKkbNozL%#`xrO)-_yY|9D zUlppV=#5<)`iK5V9A<~#AdG#ip;2Y8EnrC0S*SJ=wD#Os2#Tcr2b|{l`H6#o$S1*Y z*cDpprm`2$Km(Qy0{I-2JDiq(3IFzVK?y&I+5ZohCRM9)7$6j8)%-XjuKV{@{r0hZYv&e^$s899xXGMs%Q%1&ObIO!)N#1~#eT{K; z6{G)k?950`tbP39%h5IX-b1HBSR|4bjRv(bSD794mbGg$k>%^!w&Xea_=f$PpdFC4 zL5jkhQ+UY_DS<|}9M6_D3T~@Pao6`04aCK)GapXI>s@EV8mYfabIzhuyq0`q++XKD zqv3OE;4Ny^wY-@Nee_nOZDG+%enf+X{@87KP}AN>WBKtrCV$tjViEWtG_RXwL++JV zm(WfP9|lG316H;rB02emS^n_R?}PrOj?Kyc1p&cYhIBws4zS7QCxEBd0;SRdz!3PI z4-CG<^Dn;)WP<;pnRl@Na?9C*0HX^f`0M{?I|AtGyZ_S6LT>-(^8Yh*|7Y3!PbQ;R zjO%PO>v|mY<8~iBFFN~LUXG!hxN@({FyLnYU&_vU?;Hkod^Ov}{J^9dMRLHPNPr4u zKaMkvmI1XBHl!_*y+3gc3|JZ*sgEakSs-pJnPrQM)ej~(CSHi}{cpq|LccHnj!Lz{ zxKO%-Ge^$$d(|G7;o}G{l4qL5a9#J~4RKS$QK_V{7oNB*INVNwP zQH8t-{}{zGtkZOChRpx+1qQdS*+#`o59Y=SApz$z1jtp&NLK`cjYZwo+YR|gwi>X> z3Hq6^b9NOYFU`Xi8+#1z$&aOZwIL4jKvz{n$dxPi`Ma9;4V^*p5gNi$;784k?r4p&yW=>O;4ZXmX$kQ^-PkKfE029SW@ zlow!4N{D(Dfo%yh7mX7y%mq6rwGaHr5;dPJ_#>FG`AWnD`@m;wUNtF&$MVSF06BWX zU~TloK<}wv+rYQi6O~0G^Od?fe|$368{9IXxY+;30rB(1Rg9JX`ZbKa%-Yo@&0mKX z&U%!O5~53b!FH#?XtHz<+IPiH9y$?CWcC>OiQZU8V{x#Cuyi%h4gWF_^OKx)`oW`QG8Bd)lD6 zVA$Es&$oMr3(o`J0LSQVwa(9+cfEfscMEIb+Zlb| zkAG&S#KvCdmre0qE-LqZJu!sAYy9`=TGKOZsGf-L<9rqBSE+OGf6tsbS_rk()B9Zx z6=V7t(-&T!Gemcg1Z3%HnHYehwlsGl{93?AdY9Y4w9-08X;cwXPY|h&E*;`s>b7-< z=4YQQ#N~Dynp+bdk1bdX3g`5K#|=I;POmp%5HXMvUe_$@s}kFaj{f0OqwhKBFre$| zG9@CGph-1AfonfNMLG;U2?6>rbG6SPQZ4*4m4zf^38+9bVXaYaw zkz{YatM^AP;zbSSXG4vEto<1Y=a2`Z*VXCPZmG)H#9*V$@V z>_`;E<8m?6$ApNVn^t>&Og0cCK9A!f?gb#Th%xrz_SeZCLu^B;S^fTM^Xj zSz(KujOV>{Nn%a>y}z!;N5XoH){W5#fxyuUDRo>=M*6n@F63^Mb3P;4l+Q`viX+bgNA%1 zjK<)xu`n+Mfy~q`d*zKnsAjD|a6qI*=SHtLZd+Bzi94nwR~}UvU0q01JIx?+Tk_U{ zE<-o(KVH&Hw~p>2DLWay?gkLzRbSmzjRCTVPM|t_wZ+PBtjyW z7J{W*fBMN%vtNlty>!f{oZrGz%pG+HbPlAFzS=j7R^T=*03RyVaBKxNJ?p5}6;~El zI6txk4^&Kz#u+^8xWQ1d`24Q82dF5A!|8pUv(PP($X1i@>p<<|l8s z?kRkxx=@;8Zj#1_N1MDEG>9RyM2%>0E(Q@KSG?6)O$-@p;hKo|-a(9ByQ8^4O$ zr%}8f_`oxIG!?C2Sc;1o>5_5{k-^VRq@nG?@1p0oQgI60AYWg7KN_$br;?-?B9gF^ z(`&$+4l<;7-?`FQsG`Uw621#eQ9q!VNM~?p(^Y*i&Sq&zqK_2z-?F1VX_m#meY4qS zw^KI*eg&GXkFpCrV%!&Q)6X?oP!#SWxSPV3zssY<4sMG%r%A16{c8Mbsh@BZ%hh;j zuobm+{1oGoqfy|s_l;XW(+=0RgO!eaPm>B-tD-YAdFSd5GJj`0gwfVIZj)Eq$C(v|Ve8-3 zRH-MjY?xVfgDX~!!;-0aA?WLg(wx%qWRxw`U|X3r=4bD-QIz50qrJ0q3Oa~7jKQLR zunKh|w5@BQp~?xr`N)u=fM*q@?wIeDX$Sk+R?2VzsGYnK>RvIf&?D7`drgnHe;=LW zgcBVYF8Qk?K>!PiS0ep z+_UlG9W|4g2X@*3?%+xZGRoMmz1}#eC*_rR$@{|IWp;p8;qCq_t;nM-7K>6L9Wfjs z2@^60cFhbnh88`+T!^rR<;(Ly{ZTsdi7i^?KG_0^&jPfyBq7cq?Hy5ZD$%ShSp}nD z?Yj2C`S)Zk;hyW-3!fr>r|&v4+0D>&IIac->r>WGnzD(Cu;7mP+APK0JrWgz4^|TW zv`QL`DD7zN(l&-|lNO4?^iKn@pB;W$)2>1Dg##6v*dQpyRqxCCVP zCn=ASd}PX3-;_B4QoZze#r3Y0N+{n8iJtA~G^~rhx!#doo-gh`K_{Q*(9DKiAZ zN9Y4)2`wk4id-_-YB#ybD-!0wo`iG=Wln^!ccOiPIGaIJa&qH~3ltZS%4MY780s{4 zhc!HN(}h{HDu;atPXQ?Xd?-okD9-Rp;ZJn*lGH!=n1KesFL=8c(;lOeplg+PmIP3% zECwk?e_Q5KedOvYF%onUoOcf?&*4fFb&b&wid}?UdMckNVBniND|noqk+QW&n|R%y z1!_RKUBAmypcK(Or|pO+yFFZ4W##A}GxAAV&iMUN)i)=ay^dXJUf~v)CgePSCv2_z z5C;ENC!ldR-n!;ADZk8_QQP2mT3{=RIr`0OwL^jcadb_pG(WV%c)@Zvur{bYVPpQO zr~3Sfd^xVujrLu7@a;xa+DnphZgQmnB6UWJTCnFS2Gt1hEpWmupq)kGLMFoAJJy56 zX*)M)gS9{92;TU>!El)5!;P2;AbAa}1a&uo%IEnxrp!J<$(BEwMhfRBP_6_*Z5cH= zW*|hzQ)ER=VM<+6*+6aQ{ejq)dlQI9O`fgm(NdXCEx+s^)Kc57L!j?=G@cJ6x(rea z#zMGnn_iUBrZZgat`oL>y}w7V8KY&epx`W;dY^f#KXutL2j+!VkUVA55$vunwQI2d zE}3Yq@PNRRBzxc}hl5&sHhB!J!$h^;u8BIPVeRxQ3z?Rz35{z%!hE&4jD&A=uNs-~ z4~Isd7;(M2Uv@8ZE+Dcgl!ua~d4DI$PMU9%`9)+%GSo7vndnoTKU@FKqDI@s({)<= zWu&jAJtKE^ir~^z+uUDo>9^&NRGSPdw71fIm%f=Yrwz~s(XFbf+vwz&=knb*EX^k* zqx^5yGTnSaBpaxsg;XcZ`%g09a)W~dXNe|;1hW^WNwv@q2xj6sBUb~_fnl;;a&h8~ z2h-Ngk*(wzXo~8Xc;pq+2GWsSql_mYPlX`+oDy0Lu52v979Y*45@`x)gei5`4-+T@ z1N`S%@q?9#(v<2cr^1ZV;1QM(|7>p*5GL>3fbaCO=0F}o2K@bW{17oM>tOBF+p~W3 z_J#-*7(9ucKuFG>!@uCp?*6lB!Qfv7O>aZVc>gHuLL8otNikY@3C}q@MNqYJuXRTs zl8TLV0}ar$a;^=E zf%GRIKL56@1`fP*sfamtp~D0A#k!5_fS}lg2dC*$M>IsweXTU@%Nu5jjm=wmU|6~i ztI{~`3JjzE>g;tm^lluYq*CFmd044o2xHNqydhCoYCX#*7~?9>AwVmH{W5O_R{e3! zz^}ht8D(4gh{sahOR_?04Gz^1!oq}N)zbn-U!shFkPRoLVI^$Aa;QK-%`^s`OBz>ArNYs?e)# zUK(jJyG1l+@+NQ6c^9~z$_L&+J4Cx8Lat!K zD#17RFRi%;8v!fmkeMY#DcODl3#^{#MWvD5jDgW;*b&-*_qSDCUIIa&(SdhW9{U&w z%QKDwP;FU0ycb2|euAiA-?lV=*#a zPuHg&!u!l92s-nu+|H$p>IMzBgCeCS`rM}pJfO&Fjc}|03T4($Q!rB@d{PLdQZuzW z4e>A4jJM3u3mXEm7EtF(4N!EVCk6bVTwW?ZhNslXxx9@e{ zvztn`1_i+19M>kq%_-7MZ!QwE2>YQ^O?ovkoK zEra@bw27W^DwZlQSbt@cZpBE%^5ebBU0O1lN!r_wAF`R@LF#Bz0a{bbACL*v)ryEtk<#k<+Q%epn4 zY5=HE`id$7up^5k7OBW$NR&TL>RK!3S5d-B%fwQU@G=OB&~UrcP0f0RiMZM-rW&fH z;L0k{xc7wn3IHk7Veq?Ztg~s$ZEqJWU=xE+gwaE*PzNh!}5&7D0 zu4*ZTWf)v2a9fo!L4>}XXF$qcQOjvK_t`YJ@*P8%-O4Yve(MVSr)!$@o`h##yN-Wv zJ0PMr#on|LL9k0j|hAH~fm#$5Gt)^V{rE<3-e*1l?*D2rBa`AzUU zXI-(8Szq`L6*4D8G-oNTFWXE{<8l$&WGsvZf`L~>9EO^=jb$qXE*juvf0s@(vy zIGcBDFOWY&SSB@3yObjY%-L`5il0-i3YPHF(2Y!Gq zXv`b%(-dU>NiC^_HE(XBFAe9a-0HnqzQt?@#R1F_?{Exur+_SVdQn+z@g1Dy-{0dI z$aBif%}YpJi=CO!v;HDb*gKocZTJdjASPvvN&8fl>Qw6KGfdE-6kzRAF`;H~PT3}0G+KdI$&|&_arm~>4Z;v-y6qFiTZChft{xrA=Ug;baiG*X(JzuC zZXpwgQ>DJqkhLde@J@q^Db*22y5?Lf9j;4f8$5HH)0_-eb!K^ z;$N0t;iF5I^vl^eQsl|%%ag*{t%cBpyZ1};i`DExsEIIkExY{4@PQHSd3Yekxo>rz za$nax`gu4hp@?=u@`SmadRmjfs&i%4Z1uBLb}J%XW0udDTM0x={FZ{1+1}SC6xMho zG}pk++djpfxhFKn#afAFrcWj4ihu3e-VPFndv2h(O+!qr-9P?pku4E{C(5L4QZc<{ zZq;3@QBaI`T4dA(v*DpV6d~2_`{4ttB`1~t+6B65#IA15Wt^p^AA!a*hB3& z50Y$8#7hvNB3Z!n*{bKWE%L#NsHZsc5z`M79@Keo^_;;|!=3W(69fG40h%ps+iA<| zUl5F5g&xK$5~C}8bFcgdb+cb(fVOq$e+?F*q`4VPU8@>h6RmkrA8ym=0${l)fppHG z4P;IiS`{;q&Z7q&Dwp)y<7R^A6yGq}J#3iCu(wkI!#2b+smdbv=fk^tF@DYB|C=Oj34xNGGy zM&I8s16<+!v`JP6T8J^>`o-~`y8}9bf32Er>ZkeUP!BNgvv1!WPN~e0$X}eVowv3< zlFrx&OeTYwOOi#`Ml4L!zr@pOZ{cglM>VIIHy@faZ>yvV+80=bV1F32lZ28zv+bp_CLt4Qsm!RHS)~A*>I2S_o$`5Pr@`np1@!J+!Fk&SHj}~KO7~OL2i~v; zp6~Uc?fxzWwut~|kISG@xS4bhjs7~Dixs^3%5ztqp`s~LHo?Z|#$-A}mHPUfarz91TJLpQKYz8Y_tBGOr*S+!Cc$&^(Q99j-R5pB zR4@wzoqKXA=5wmd(H>C-o5iHoYov5jeIq>aMun!`{J=m(B1&90tE;%#B8 z{Hu{N99#3S{O0y9s;MHF9GK4`iAzoix^+X$tdMA` zM3tBsg?v{As7f&Akzwg2yLwVxI4+*AE`2xdyB_T3H);ANk#dv zk0K<X$wOWXobZWu*C6d)ZG1N6uwELws{`*>oryqi5=70c~z$})8AsVRaD zGO}dIdqu@@G!GBHRhLD5s_>?9&jqZ-Ab_P1_KVY4iCyzpzz@&QFbKitBdYUcO4?;F ziH;XO!8V6#XrjZd%PjtAu?+VNb);I&T1oJs$StiBuJg3T1QH}p!ufHME07ZrOvnrd zb_r{&)W(%aqqM|^vJLDSyH)}}we`H34%yvc(nAw3-)*u(G3Q=wp&2x%YP8HIMaMGa zfj}IjcP5$~+*1=$N<|hI-LENmg#reJ8!W`@E}pk4LGb^mDnwNmy5+a}!0<7*VBnpx z*9iS#WS7U5YT`40midnB@QxIF!GZp-olld1e1Vc{w}DC$!-U89|H0OKN5l2DecuVA zMJK`NWeh^X7|})kae^^roO}nZ5okTHwrh=riwoYm-|~39oJO0yJ~Zt`Ipm{g6%Xms_w7}y_c>85LiE56SAaxDTm&UW zW-qidh0Ie=NR%)c`;MWUb_m|=Pl;SkXt2_GkYne3U-xV6wn=NPkecyv9I!{>pFP$p z3Ttxs9&w=^7f&D++RfGY0~dF`9xTlb))z^bJ`rhFPZ3XS}D*JJQU=akwYLr_Gx=dd7z z2mo=W(O7k(4~UUM^SnY)B^eZ1d+Prn8d#)n%gl!#&wPJ9;4wNH5Jeo?tr}|3%lW(e zo5Y9MrQ2cb%5u%`0RJ9KVJ-Ziiz@l16v*;=o+>*xB_DZ&8K)~}=Tx~Br{>k{D_XY& z@&`gfCqb_0Gy|oS2)+vNBYi9enC7KQo|o!EOvh^cqM_H_V3i*9fI!jI2TCnz$?n!K z@}%y2H*5&Fb}O#st#Tb3L@xkbM-~d?|Z=F5iiecd10`p!Yj`Y z+Rq7X;H%eQm$Xq-`g3qjhVCt^wz5A|Ir`J$K^NW?DV%m#kMOYlgGuiM)G?x^XFI^? zt8k9~<+8e_m8>lyXj#X;sP&ZcK8e^+ z&Kt_AGJOvQH(nPNGP%B5~Al6NhxEvAqZW{6l+Bykvw{-ND8VDJskW4cfVGuy>xOtq5XMi zmtQMPqSk#-zC~iq`>^xQOty}x9fQCZCh3vZ2>T@! zeH@>G7xGBvyHrb1t547baEc`vM+K)boYyPRwS)ws{6rTi6SJmHjh!H^TbyFeLfMd8 zy<+Y~PFULhZS1y_MDTm%Ol@~+_iy$0TI7&R%G{I;49OAkFN*Dl(Ub8V02Ac z1**eUn#|z-=x6M?15|0(0)u9RKA@x)&yB?^m7 z0s{={O1Ab5W-4HGCN1qC_NuvrwKr{F7+-BEWZg=SD&O3)O*-SX$(slO$Kqm$YUY~& z_my*%o3=*u{#%eWc8Bt-R65*=!()k28yo{A69XOqMYg~b9&F>S(dCWAI{6iP@H+sz zsdV;<^Ahj}=_es z|GcfM*SvifU~A>oxn}tJ^B+Iv&xeZvvu8=0P+-!pN=5%JyY)FRr5v&PC|8Q`gc~5! zfE@&q?;Y^bGX64H)14nMRpYUIDj6}sa`XY;{MRBqf!f51*25kaXq;URBMGjh_tgG( zm*PWW;8&BvWjz|!@HY$QRRh#=2@tv6Z!;(4O5q`dX#Hg|gxu>w72NE_J)IbUvlzr5?U zA+@&~jD4nzh_t6^&$1PVcguH*`_9Xu1C?RyE(>qD(8s0X((4|Wd!HU!au30KBdxG5 z?+w4UQ;((eYIJ@Zm$-|x<3ypDutz=W8retSGVzRAXZX=v6+le>|BfA8iRpl}aJD?@ z?UVL1asZP&E!O=9v*OYxE@f>I84Y3BrP0n1f5+HUog}ND`6^&cqV|@0rR(`kv~G?b z$tPCB_E{4fg<>g=MFs^5w@kpjYsr&J87{W?M^1W&#Paqq``AGp9e&Y zFQUa!O;@(#4MyB)2bs9bLCcEusPHRkG8oXMa_^kqTE%nEpfU*M<1ZHR66!x{{=`;a zi|AzTnYP!^mk8hAJ<}ygoYxALw@cKZ0a}6gAEWqfY20D$y!?{%LTASq@S^;Twg1?L zYn=W`@N^2L&}@yacvrcX&6okSp*{BGJKph70>1S``2vI@rJ`Rdh4?7l>w{4jizrPv z^b9uQ^LEsaGa=S&&3erwwrm#x#HaDA=I9Th1G=6WJ9;k4lew0k@p?+!?f2?9frEW; z%ZAIVk)zl9;`627)CCy5Fti;q=N(P)%IXHTROJicgZuEW^UsY zzsSQs^(FocacJxxJZ3!RHglh=vSL0&Dz-X~#a-X!hqi6^42)qk+EX2{uVXEdM2Q#w z%^7Okf=XUCIl+UAhI-kGAYb$9p}_mGpr9%*g5sh#)`mUt+cm$NeVL0?@o^6K>2ETf zIZ>K}LOErYk;RRM!IZlJaFPwbQp+pAA4=Z%_z2z^bCz*(M^FWt*Htp(l42G;>k||L zgh+TNwD>Xo$?i#>Iig8w-|G$ZW|_zDX7MM+C0Ay+D$+O)JAhRQcSBQiG3Rehyl>NF zEG&1)hbW2m{lFso&b!h6UM$q)uK^h95d9Q#thU{hYo(FVa&|u0_9pGB8o2U;LNa z2iDI>vwcjAPgO=tB;=tFotoA!Bj}QSWbZ6(nrTiz^D+Aoi|muNrE7J&50Q4q=K9?-LA)D$kbowL@G;JD<3af zB|MrV>tdS|XV0-6e=1%K-2P@~H5unW!M2>VJ5@5nK>&D~&jxG`!=3|!cQ$_~5qt}u z!jgQht!@rcm!Ar*db|Zk4c$k3NpU=$^90IyoI;$c6`c6j*u9h2+uqMRu0?JVzvN7y%2LT_WDAP9zazc;Tl`3Pf& zPkVP$H+*uz?Z1njpxJ>5QpH5d*x8)H&u=zUK;8UJ3Suyr4)8yHUnch3$>9POd0ytI z=-PBN;@|Pn2sPEpXLW1#tlUWi;Q?*Kh(s&$eS}cd_bM@}yLXfAwd;Otp*%m1TgB;5 z@c}P9`=ZcNC4vZvA!Y8WeYZ52>$T4(>(826$i3S8*HYDwRkB!{x#xO6zZVMZjddf( zdoZ+(!(mii;35%z`et)2VQ62;dkO~WmCd#a#*$r${rBzwLVA~};>kAOHY>x!xplJP zgZ&=sGbzds@m;}IQBfvIP$>Tr@63;^aAnH9lq)dNql^KSmAF$R93`$notI}Mw0$PK z4A645DbvhJRtWoVoqMY4Ww{w8ic;*_2XKfxJJ4Nf+YT({3IAEhNQb+rCVy1P`rNxi zi`hQE01$@U{L6gzDf;u~g(SO6-Xpyt~5JKVPXV@!_{W&6|2^Xx>0@4ojWY*B7inHC!E@WIz+t zB9|x@#Y_&tX(@Ws_l|joS1HvsN_h5Uw-BoJUG?QznX4`8Xe=~eZ+g&D6`F6kS8iu9 zmJihk)Y7rx?le1NvaCBw5a^v>PMpindgTYSbwT0w)|r(0R>d&9GAsIjV^_e3C!&Ze&F7Z27LbZ816}09_x|Y2 zRPijY8l;Tv4fpXj0*OX7)^!MTMHs#s)#w$;q20+^#5x+~QB^!emoN#SV_8*)j_IK< zOw}@To_^bNEVGJ<8bU`N+IJ%22U^{`78_t3fG+9;`qfHrr$n)-=WIf+Hjgv!_J>M? z5d%WXFnR^qWqwf@zfd))#b(H|KiD79rgeL8yS^VfpI+nzGt41Hy|5R?dVrG zQmcMkIy|n8h#2SL52{t}5@bIJje@Z4v9Zxf45 zIIBwAA-q0K`6V#TN?=ltRVcw|S%cSJ<>(LxJnPvHqy%nxPqMJ%1mh^Sh?i~PVXsbOUS{~xzY^ow_N*i+%Nb?^Q2 z7+(kJm9=ARJ0USq+AiE!j$`yNO!rG8zMNb%Rj@XJQ#25P3yA&S8z59Zce(Hl@Dt^E zbW})%>?V2EM<>&tat_+Mkex0UzWt)PER;Y-k4w5X0_A^6|`u6nb}`A1FI_Qu($qUJqaH{0W^^B?-P{q`z#6mGjlwk1b;z z1)fJtrjF^B(bIf1?nvq&)0ZhLR#l250m<^^42!aqx_x&95|`x%T4;A-EmLL^-yiLu zK^^vl@JyjahT;`fWWS;?q@C?r#HL#oXfsbBLaSMB2hq%~`b0>J$+sAZyx}_xNFaPf zO@m*BPt)Kcc7u^u@JI5x^rP?aFyafb-IM+_%BQZyqJ6h=yrSJbDZ;Q%s}L7QAfaYU zVFm-bB#C?XOifb4n2&*Jg6P1>)G) zZ4KiE=Gp@9vs3=qno!IoV;rtKuJF%AXPq@*!d#}F6%-WB)K?MMIhM6gCa8zAho4|M zYpL__WM%^4&+X2nu19xk5w+_-cs&;n6bwb76c=tS-htg-?%FXVMAXN}WE_)gdoZ(d~l2>3~@lK zf1EY0t?EeI)_{^ANgzGoc2zqr+E!KqbyNXO92H^RR+e-!Xx zU)2&It1S*{&UZtNidfH_DF`fqQZQciR6DZK$gwc@W#S;aXn5Nl-Zsbx(uManKe^!2 z^7%}4WA6O;2UpS^vLn)gOiWsXBB>ecR>?BS3R&(Vadn=F8R&p6fi-oPzyeF3O2F+} z8Ei3C`)YKAJyRxTpY|_b>!zdQ+=3mFQ}_6a?@eKb4I1O{51>%SG*NpEIrWWgn=&>x z6>h(Bctz8BHu4l0rGGLnZ^Jgjb1;|$_yE~}<(nT)DdrsrNFzWHNd9xH_EQKtoc0Zz z>K^B#j z$e3P8+&=$RLz>xTRem#7zMwE2SwrD(7s{(_E#2FGS%jZjKm*moQOJey^^6!q@Q)@H z3KV6Gy~24<8SQHiyQEX&X_8cBA}E9lt1*P}J?;;_-f|*D^?G0z^D;Sd&IGAwTLbEn zMNxvB6k9;sRt$J*NW9sY%ZDsp;X|K6N@L3BDNIr4!HKg`#B!Ee$gz)?h=2l>wjw;W z4wMD?JXl1515<&0g$o3+_E#F~@`)>-JkIRVftw7kli8u$-+sy71N@V$YP#&VZIWJT z-}I9Pp#LT#)8Z@1S{p)AT|t~YISqQeeKj-PoHA2TYIWf~t-unluBso8Cx+er1!MF%t?-!NARsp z#%8|_994V9W2kLYW{>QXBX?Q)pau~c?Ql=hqwL);&v4Y!wiTj)O7fK`P(tsw6x7QS zVvLU7&!Y5$JgAqrdF5hSg7<37`_?m!*tej->j!LvTORimgd6IPzyL46(3Izt*Tc7( zF*46I8+96Xly#}FBL#Qf4yDhK0@Ulwfl$INlH0bt_15gu@T6V&PK%kT<&5`w+Uwd0 zxzUlVX*H2oQUR&>lvMuSuQ;T$3@tW!=2$prTs#O-G{+6Qt~^mF_AxfW`u3Xg*40sx zpzH-d83T%0xM9K!eSvDmy`GM9YBE70yR!7!Xn}7LS5}#f|2@gISMf>9{AdGM(z@=P zZ13fVBsLr$?Md_A8i4uuTLvA6Off*uI~^Esd$)JN12U`Nc{W6m2Ibv{l)3h?(`l*9 zlwhlj)}Q%`Sc};|vWjPU7AXs(KSLyA93l+&|Y1~iXyRh?b`IIIC?4J{lVqB_cVn)1y-&#M4&bV1LlYBq79Pv zhz8zaypl6mhV7jI$Lpmnp{8C{iY2(tc+>r1`3|)mAmGW6m(jF%89 z61_&qS7y34JUfXobS(>sybDSL&3CAnsBX_CzhBv}|Ao=w)#iN%sw<$B)=u0J^PsLP z)XGo(p{r9r_$y;MWN#S*%TWd`NLaeTU@!ZSrXThYxMD)g8FH{`oxO`DS=0$4!WJAu z_yY_TVGtOB5~ic*l^b0!XIRbirA63L*Rr>&);;$_pY$&cpNszp?y70MPu!RR>%61r zlk1{U4cntx4*lQ=eyD4M-~T00Jwz=fjcN#qj4~T7IAT#Ajkq^Q z6Kn9BcG6n^*GX1XEwkdXm;j>+Zk2&aKGhK7rhO$8_sUUbK7$fNz2LFs&f z8G?AXpP$cVwNq3@VUk2Y7%(9rnj7s>3nFc-hqHh+*(; z(@#|3$j7%m%i&#Wgx?BZQ2ZrVaJOx*Aa?ykgsLr+n#oIa3y&ChxGu8~L<*aKW#EC! zw>o!N_Vse8pI%XDk`^!=28%5lVbTU5U04Z!U_(qqNf^RDf((WpR8XIc%|&uUHmZdI z4G~E_2&Yd9NK6^bbPJdYgy_RqauvYqDX+OdFEO=dKy6{69>x*9d`u0%{Awc4tMwzb&bMcXl3 z#p3xxUu8xX(70H|EenXexmWr&FV#50#zD3LorXf0>L*CC-K1@JtpU}hg))pBD*^3L zg|)X3zT^Ta97j}!#7VEm)+5~o8Kne(0|R|N_1ayuHzgzT`3W3UBUZC5Sw{Ma#F)D(T~|WIO?4y;AFCBP(r$ z?O$YU!}AidYLb`4a3l>J6}m5}^oFv~Bs5SgUlQ+H1Uu&5|CGPA zQ13C}K#gzYPn$sDy&N zH`UWpgR_-Vf2as|0Z@NOeqt`*-ufF&eXU}zlb2#p`C;d29Y)pZh&HVAPE{7UT^@dl zb|Yl^4l!r5p^;`FnNy{B55!b_+Fvyp;dvoV;87x5ce6 z+djX$a)h;m*X@5hGX~tHQ&zwA%_wjR45PkE!IF)8*Ri6C)W;9ZhSZDPvpJMz(LsTP zhKBLYt-Xi>PAx~7>Rv=~{pw4C&%u2skIGY8XWs~*9o1s^C3!B&lXsg*)5sHh;Kx2m z;s0(drp=8-{rp>L$t|0a|zFdQyk*af?9wTW`n>LNQ z4nIP!_2vCYCl{W|t7J+%-h81eH&~fne^IHqUSC;M*SRD9Ioa_#f_e2t&MDK|q(TVIIR|;K*;C)`QYC!K^LZKjaBsGY92`g# zbY&y=H0S+mkARNb6){>|3Tfpk2c>UVws($zatz6hz9@I!ZV=p%RR zzk+##1)nKMAr$lTG;tsyRdEBtfRXZaE=N29&*;*xE)ZC8tUH*3 zWL+<*zhn`@=aM4do8N^@b0mKzD%IjJqx51y@h1M_?IO@pXM%_dN!WTL%rD_Vk<3I~ z2)alR#Xq_Mg7@9>S0;kr_eJL706KAIe1D{lO`Y`g!XKluhHR++Yu$4p)cuxoW+k2= zZdnE>r~a(x>FG8HjTP9)QE?FR-t5#KtZ~Rf=}tsM<5*J0yZp!w&mSFK#45;~SB^<SfHsc-JZamAk|{m$#072MEMhK2fDt z?&QE(T5(}db{xyH9Jui7u7LF`dzv|Ad4Ldhrb0u#dhtXNB9nikf$w&k7q)Wys3rFq z4WmLmE3hD|6e|Qdd*`0BmszCo(fl%Ka|SevGm{AN}WEg3q??hJTcSNmF)6mzgmEZiHuT`)P83u!|11X(+Y9v&aI-sQCuFoQAK zI*Y}>l}O@l*~=)WJF^Dke>!Y#tyj6m?o^lE3X&d*7c`5oyEzF2E4zlbc`SjQC=fi_ z$MeT<8s3RDig*e`DW&lK!Rd)apa2d5`l6!YfB0RXGn%i!Z5OZoR3vj98Uq1Hgn3P5 zi{6%OyYkt%1Z8S&e+W>0lRQXjSB?F% z3tk?3<&|)^LdAc zznGcxsy=w0&6yn_GW9O}QF5se3&XsR?k7G&}$H| zKqutLWRW7s{lG<36d)lCe()W;W*M{YZXBsP?sjk~AbO1ru_U>QrL8X%v{77OZ;FkH zasUQ^iqu2G_soiNYE~C;oAa{HXp`#0#SEjD*HdJVx*(BJ`)t+yv1uNP%i7a4fZYj!;R$Skr7coEK=IgI+q zS(%~tk>+Y4D*7N0!uQz#ugk-J;b;eKT#FryyWMOydMhh~k&hT-;YWnWVo&h6NZr=zw{^RG9A0L+N(%~bg@2wNejVLe z_IEl3wkw@cCs{kQ{n)8S=YT+qil(!Es@!X&cs?^_7UuaZ5rQ(J_#`LXsN^|!bd*&> z`%k0-3>Ll~me3|87HcZu*s&+kZ2r!h4X}~?&-VqePCjCfp|&gEjaI zpX`c3=Q>V8PyV%0)r2dn@n(be28neh;@|82-WXrQN6!P!N_{h3thgm+)k@HC+Zp^% z7FJJJ_~zea7ROC?_j}Vr-z-MLFjXbBZrwoY;ZdvGrbAfupRdx~4K4}2PjS^3!#mV6 zC5z5u{%fr4YIC1}NX}NHgY(vuK5D-Oy3YQCi=Rj(V_1EhEx%YYUU}HL!OhAZ)jY;*Vs^2?v7q z2!-CFmdW`tJdHXG8v6K$dTDvRq~j+G78y}XaUv5c-zOsV>1F;X%5;mifm9Vo);`9z z8uPLcp%WP;^~?I1n>+B*>p}x0A7+R>S6wFMx%M-g4^!Xf$OJGz|6%5O33Sqh=F-a6 zcP1IWIA$oH`Eqnq9|@G5rFP!pcHvv{0z*+d2S47PK|5bS35N_&4 zZ~gg!3*cYb`GSt^;oZIZ!HHqnEht+kdn-==yvaY;S;l&$)X7)o?^o)l`we4^ z`HuL<;Gb*@u_wi1eUEcrdt>^)N>KkdP!lc&)fi@E1+r7a2j^bpnN2+tzV)oaRdciR zrRnLx|AYy(%+#Z4(l7ksOAoj~Yc;tUarbmVq2Joy)qUO3j!hoTt_NG7Ev92k+c_2Sh|0<_D-bnOrKUf0ZuD`*CofHpS(jfiFG6Yob}|Oq+|2+ zQh)(2i->nH`a9|-(X-9lTX;!#cIsIh6!&*`DCIG6H+FBhY) zs!ylex2jfhzB?=YdyOGkW+DQbHZ04mCiLCAi6fbqJvsV01cf(+9Y7jbzh#Yl6ZpnXz(RqbR#>==)lREiQf9Z&(f~o zzh_CmH*n$o>dWrpTWJo;*&@HEB_Ek+=`?Epn-xVVF8x%hMt^?D#p?5r73Do30A^VN z9`4jDuUa)NH@e~68>y4bR)INYMJw9_S)2?yJhmG8cbUHYJw4pk%*-;*O3SCMgS+r+ z?!QF~yJMD}#flYCTJGF*(f`}h{{NVc`c`bfXM)9~>i{BVaWN=U2vlBX!N`B`sTPtL$GgnafY+Cth-YyN?J%XQ|} zJeb|#ueQPg*Pt@oyL0vV6d(}mXLAP@`{g8zR3^=VBl_(NAhSBq^;5YU4QB{C0gg_^6s4&={1#ypifN^A(gbn4H zRE@Iau<8rAj={polYv@;W{SiK1*x1vgFF-P&hjU_N7qGv^00J?;%vH7MvhXjfSp?oubdI^N7v)x`G2Sdm#9sX zl6XJ7Emg>KV$B#hRrX{7nw^(cZO-;5u~h=4R&%Y`*BUsirqU)p*ZiAUP_=PUQBTh; zeH?C-zI-vH{6*^Dv+590gV}_A#Y{z#Sub#)y&Nwx!2n(m@$Q+uXG5FN0Bt2~p4&-s zeFVprhUvKAu{r$MR=A_~;kNJe<6fuszn31fwkK+iNW40G2ZA@6L7tox6}d5JVD zjJY?^$uka2fV=+_>L`5%KyJq%IF=h2?5gjMB`DcSJHe9NZHoBfFa6M7GMNuYvM|p* zHzf+6R+tr5)g5|;8EyK7xoxU*h;|=kynA=F{Qc?Q+aGJAUWa&jNCpqz@6nmLSKRTS zw^X;BW)PkfZcdQ$yE~uqoC3$#S*mbH$pZ(_56Q2K?R!NcD?QUe|a z(3pAvftJa7XCeFilNqAUxai#9*Yl(o?r!m(k?vI%+%@=b&&JoMaNN09(Tg>~Y5NJf zL1La$=3VvYF+E+yiP*`hh@Q4*NA8N6?_7yJdy`-BX+r<8?w`C)>u8XfU(|3}4+F-I zwVAR~J>SyCUt13yaSEun=JJYU$dErz^Y9sw#>~0^x4RPhBGWwVAJ?*qR&1m?kSi_L z_dUz-+ryw2s=dm3+2t4eQ?Zu_%W8<^Xn5EEDh5 z^hW<)0K}^gaHdtNR!*zOY9CLtfvEd0%~U!^F9NuLNgSTqUK+!QNv;nZ`)UB7HGC%K zkj~L9@0DIIJ|dXz{+D{F{=Q1tza`@X*y{h+%PAWejou#y-tbHAlTA@?VzI25v){5D zSdMfHNKQk+XNyO&bxxFlfr@-IFWV}Foz2m0zZ~&F?QVfb>TuJ?qg*LGT;i8L^nm;R;oGR{NcpwB!o2p3x_m-qOYVO#lK0^Vr zKe_%Es9$j|?1sD%LlBJtaXSz7e6r(r_lz5D6Ms65Hu5w4zQ* z^M_u~%z^j%Q3cbkFh-t7lzgaqdkt{XZRn@=Z+wxr9ovatPcI@PTHOv3GphgCMZ5nj zz5zV!?Z5p7)UfUP<2~!if$TqlG=)KfIPzmu4tjU^0*_SM|{LA&@Y*AF{%@iTDU@8vPq9RHqjdHr;R z+85u-45m6xW>Qh$>xlFOBv?FM0Zc5Q@k;9^kgEe6^lA9lN6k_|?7ki2G)DA#)+A>q zM>7IkP)x9%M>(mOZUqPn_*p2q|4xShKd|!${zy5n1G!0Ec{A;WGG^L5;9{7l_5whw zJ&Mj6Wa<~Q*E#geyq!x*iSwvx`AUmS<0=Y3LzHU*FV^913+7%0IuC@*-Z2Xy>zc@r z_#<89>pxw=ltkWLapIv45Eyz3AOnD>VF)1X28dbg&K@gT_eD=hL-WQGx~@L~(-A1F zr8Ip!jF+bF)%W~R!*u72tp|@+*6g-teui{65$;dmiT=R(d5NgF zeYmiD^jh@OrQ#~{olx9#y+q~yKN($J30ra=sPkVkRdN%Z|1_ltz+8zE&XxLxNbaIh za&4emd7QLCaAet6kwMKp=p8#`{d+ce{^JFWp4J?ok9@4&D`<8Q<4((uY=yah|eDEIGE?Z>EmifP3m`?R|%@z(8rT{UB0Q#2(f zmestusi9Z8LXYMDX$_K89P06DWf%zR4ZahqOhH3fX(9mL;xVpaoD!11MK9drtRNVF zbhy+&`gfqjTZr58Ftn}kCv80!P&}gA`qql{-=N393Xe=*m$EXZpYZsMl@&h3rXe50HT$MVQ0tU(W9t6g_ciSUFF*Z8j-`yF9ZhHFdTMz#k^{)LBY2vj}#M&jwb2IfHym-&ZbhXd&q7~^oOU#fi zFcU-1c7G!R&8dvIYTv`$uAEaN(B7Vf+44HN32o*>FP!-l(aGre%8ap`QJRu^y`i$C#IMSAcXblwyyFi+}n1CGVDV-b6hk6fh%iS9RnlQ{pJ{&=X-} zZF}@WrJ|DW_Tx)gxYv$?lS@p^(6#tY8la-=d&$!~#u6{1+;S`-EXrlfyE+Oa1K^HURorCh63=^HVMcG{z4Zz>DNEW!w2hdSZudsF3~73j(Y z#8>9*aVI@syWSWor*^O5Rw_G3Q8y=(mOYxNH&Wgp zD48}4sCwBb0E20icsBe6Rtvixg zuhLq!4!U>&3&KJJ#+94q!FQ|fBEa1tsVGpcR^J%wW%=DLZ9EOQm0&kvj13%o!4RX# zD~?QguB7Tq1gY+PnaAuV(NU0<9Q#A(IDH3Jrcl-l#FW^2=wU(fPmGq@9qos|(!upi z!6b1#8ofaE(d*7$xR#VtU7-m(q-buo|-W&Pay!`iy9SOz=LjeTfe>V!ih@SwU zACE$zb_({Kl%ARVk$d*%&eP9gkI?r-31Vsg@BkGOp2(MXS9`!JOfM3ET+yW-W7hdGY0T9id#n5FFDh8ogO|Z*$hY&Oa=ij# z{*8^3@3sJ8T^h~zkgablDBWg5M$aX2=40hYyn_subqTil7^4>Xp;EHJmU1yL%Q*b| z+_CKPwy}h%HB|79w=`lF%lV`St`pO{UAf-_ZSd^*(>rwR8S9 zqqyDUi~}Cw*W@~wqBzN|fpZ(VI}^RCscTbz$2X+?%=JUMm!d9DXMpcM6d@YN>7*3J%UE}XGMDmLtE7(@tqooMLTzrR23F~Jd^eM;o)Ksb zf#2hoA1I5K-zO8JJa&isUtM#~Q6<7F!jf=u12o17%c+an!Hh~{ExpgH78}|brnkA+ zvcqve9Mzsamp+Ly@mX@~1Jgtq72)$#liJ()_LYdKstX?2yjLXZ*aJv}Wq^PUAxdfV z?>-(}vC~o;;S2wuxKrIR`I&SsFBpuHFcYdMes=;73%V=7oi?vI@Ii9_W0g4HJ|~J2 zd8s5t?CG!c0H9KzqYQRIdu1nQY3f;Ui>8k6W41SuvO-@NsRAWXe}XWsfixw0#OoJ1 zNomPBte@PP2pVD^ygX=>cnm6Jpsmu#}T4B7W{c~@xq`aOY6Dqo)Zd~mi37A#i$TwfcQri+609)wZ zLG$ff?pyP9vOo*9ePK2nc&i?S>TWOJmv+t{Swj5IJyvL9{8@5p>QyGqo*T1gys90b zGZ^INb5(s3yH+t4C!ctRS38~N_AF5F86&g$=LuQq&`Bu(sv68*Z#tmErLRXybe5cV z#hxfN`{|+DBkGn+li%;EkXbP2O>i0behzOqsP?PYw{jK@JfcUNi8FmI**3W&kQd!J zUHl%15TNS3+eN_?TUVc(LWf)Dox2iis{4vgTA|4?8Ohxh)&K{5*A0Z1#Wo^PBd^P< z6T+`xyEwP3Ql&3V-M+jIFvg(Q8dtaU2Uoho@^~^B#j(7N5hT274~<&rM}Q1S4`~6W z(3#wR%gA3hf&@2yANj-A)bWA9tjZQYLn+Y+j@62IdAtG$^0s8f{auNt>6u}K3mBl- zcV_HP28}TI^J0ZZ3NHv`hdRX8x`GW&8XCV)!?d72nxHVYh&I%0iDVb)#kI2~`LMXw zX!J3`|4156++zrZb@6XeU05Y7dbAR8aCi|C}3y2@qY(1{%;lQ@3UpWP7PzX?sFNUBWT^0*Zxb~)WztU?8Nn%_{kA;s z{Br`^?F1}oCs{3yZ85I!Tw-q|V>- z>yZsIy(m;2j06Bvu`^F{MrJBDMFzD3-Fp{_uV%+vcpPOm1ez2^lNac4uhmJy9WM3C z%6Df7y+mS*-7Vk%v^(5#nyh*YD*%aijz_4vuT^cUV#EX)W4V2@bF0JC3R@bTRQzAj(Tj|1cgivNJ)!g}L@@4PVk05(p6fofIc z-h8$v!SEem-PdnlFMM)=|R{y=o6=MA>J#ES#gs)YVXP zEB`%t4Q%T(6r-cE!{t5-{-nQ(t&IYe1FztedfK;Qvw zXDJ6HCnhY&Z3WY`J%#X^YuW36`Oy)3waI`Utu+_gWN3+(R&=5Y-z+2fEuh*h=agfZ z1NVJjpt_qJ%8Pq2W;EIQf5>|8a5%rHZSQifqFE{B+X1) z3K*GP7rkSbVEp#?#8v`GTmpQu*?2%#em-PVj7hP0oI*H&?!258a1~Ix8=u|ih}PJl z>bIrT2isph8l03B;rnT({vZeh|0bGP&;+0o?!aw0vuS}ex!SCb4{r038qb{H&A;zRi}#VhLCD$@5v~Qg zbnsAX^R_01=xshw;=a~-&vY4FwRO)8%i^Y56Xc&?fDXx7cY6>D&5QKLaWON`Q>VuP zb8(;&-pzOND;&sF093UJrn^f)S0k-BsyG>!TQ+S?)1*_d6O`zs69aG?IRL4mNr;-P z?(mMHn9t&{pif@(Tz2DpQU_+)+mMOAtS7t6Ox5_as5Ff)49)uAmIEoyXQWjj?%gOW z#ar?UDoIxOZ4||NHK0`HYD&KT1r_3vP$ALIENMM+4R08Z@ z#Sk%LGz6^0LWNL#s4klQJGoEZ00;xYz{hdZ&;A=|dwi`nqd+VHIw)OhXMjjhoV*} z<7!uE(SfoZWq=N4BiXCVF~8*HrvZL=Er@`XmddoQ&O&@fmWQ%q3BoHP%!F&`=idk{ z8hL$lUGYxE>6=z}Tw-qnSbc~t#@3oo+M#8#JV8Mw*3#;@9w~{J&>x*~fOfHolRRJ2 z;+W1C^q}BXCLpcEJb=zf~8=r}fLzPyY?>`^e2QcJi#FXGgzs*63pg$o|i@ zgC>~pFuKi!Oje4q`InPF@rB3y1uj6rB7%5LH!0NzvbUZ95vZvjfaw^%y5-s93}^Td z*-S`lv}m^aRZ|2Kz&lx=6Me@E**}SQ%N`cQZRoq0*t>LM{yg8)MdluaZ5qNi9@H5( zb;;zfAQC}9!50SWts1umP(uQBXnwq>I}hIj6n2M!gt))BqpUiHKWBeNmJhk!?0Jg; z;QLST?K@id#ck*x#;FHEvF6{wv?tYQ-#N4#e|x7_49dPoql4@W4U*)!EWAABLivOT zWw5Y3WU}L>c>urFsNubH#$@nGp3C}417YCM8?dS5Xy33qvo}pS?v8x=Jd?k>Ak;vz zx*6`<7PwTT!vps(G@+XWxic=RM!>>^`EjsPaA7DnD{<6NigN$NjiSof``UKqg9x=<~UmmmVN4CHr@S-q_clX^X^p+NCyN ztvUL5N}zKRS}Icfd8*FCK`b^&I_5r2U&c!({p`tSFGjzjWmV2=u>^MLi$Z%6L*8_p zNK;e+#4-s@fB*)|YC-xxD$3_^hr6lbKpD-n8bnmG<1J7A_)YCM+L23e)C*q4;iJ}N zXkKjk2#?df!kS&#`L$LK3l%%LCUYItw*M+!eLDF1BYh*4k>#ZAAXZ)ne;u!FKqU2-*#|MuqQ9Zz z<*rR0Ig}f{MsA%sMSuuc4k*Z_{^Nvq(6560W8N92J4PQW{boayvG#>5!}*m{8lB{p z{(}|j{jDZT8-SQSsgYHj)_;=g!{)nw9AJ1a^~Ss{FfqC~aQWD`Et@p)DFcKuT!QE& z(ADyV+TN}HPbC<@@|{6_u7th;eSZL8qBpx{tjY{<1p}R$$)Qb=ruW|!o+*8#WC6z3 zpr&EpK(*ruv01&PFz;ZBXh^foS{#XyY(mrR>33REpa}8}#!w%&pDRR|$M{fZuG8*? z%@mUcz{)eXVp7s}Po*$)TEgkYmSPKcTH9By%dzJQDl#?)IBddzjzchc)IEOWS>enu zDy@~X5j{A(ybitY{M`0uyu zEM(|>{0iK`D?`c>>GJqbEx#XOwTUfS$j1_mN*KWtC>ZUf)|#vsWnb{G&9jBRw-TOj zNCUf@XZOme7EJjY5b%uBhPoA8NFJoF1owrw#$2Ta2%j?N<9)>GYfXM2yBs!NdAXKo zf*A-@hy?ZVy0h!h@Jg{V<(DY{4Rh7BnI`8RXvuj?o2wUqlce)?eZ4~+1A^`W9~);> zDkPETt|lND@vgYwJVR|ew=o+?@mNA`i#5t<-j{J1>RY`38L+psDjAqR=_RAefviDL z%h2(e3pW>-O+mbPjlclM0RQQD0iIhwXkhuKUcbXlC~D8L3y7S>IfJo_~EtBQZ1n9Va)&;LA$$eP=`BNlp{0xl7ptU6d%b$WaU;whOBLz5S^C zT`){Qk$2QL$LF)U#b$3 zzpky%Of$TjK%QIb*V(!a)OO!ER(g-UhX4-(Y9V#xuJ0U5+7+eJ49 zaBbRN%icjq$mCC%(?|fVzmg41y!IZVS9Cat-X44&3nYHAv$ohI~l-7R$=l<_j$VCyop`MAbiH+7FP2)4|Ib zwB)or^&XsQAcoRETc3#m`oZ6d2&Su>Ncc}!sa6>8EcY6^`j2Cu6|NJ|Xqz;d?G($L z0(c=XaXr%11;|2W!tPfxxHraf7}1=-wFB@YLZNJ#{zo|^oOPzu%^q8mA^l@*&(;eE zL;6?7Ejc1t?P2ATxpnCvpZ{`0mj$JuMItcyCoZF_NXeQ1eQ!|>KCy}`Cqr_BR1el@ zX#`?8eNX^H!n9^)X@u5=+0c4|J!u6l_Ng)mM4Vg>_#>0oi&dQreL*_D_G~=aCS`AJ zJ~BYw1IsFF7T6y6{eIi;J7fSON!43FJu^p_9(N0y;*7@{vytoDue+Mo6aTCO(4e8T zv6b#gjjkC$b{d9*FX=e!QH)B#boX=l(mah)|HB$$UrN&5c+AeOX}36ACCmGkvI{=%-UNsSN?<9%B=?2hd%>EbxR z-F(FWW%^-z3n_B|TwnMnGgaK=?NXcnMh%!DCLgTTC>Qj7G6a+d^!q|Uw>4&tM-m(E%)*TSTmy<~ zkw&c00H6)2iltM7`vmw%!+O&m)^_or)lgdJAoKbG`;^CwWc1p+W$PgT4Nld20I76m z`6NTj1W-dHQinrVs;AA7%tq_Dp^~??)A5#J7@4SK8H=qyE4#-<04k!$B@XoUKAg!v zkv>ZQV}JGqIQKZCfZmBrSO=`)?P6Ocf3*=$imqa7*#Dd|LL@R^SrG6ELHj~Ma+9B% zKy9x4{J!FZtx{=^8NKK=Z+`CzMr&m0s{r1dRn~aEC+dU;rgjV}1{$Z{tTmNsN{UDx zfj{4cy7&hxh95F?ceq<@CF9XG0(d81d^ys4FA24HoA+H$GZrwji+eM}i+QZ}`FkVq z9=0!DOwj>FQHb+tWc$_O%K1D;K0;W!*E^o##8VRXm~md>fiiE&dHU^!;L|jAvLGx4v zf6+K+?fgCPKh)X2Sm4dLYy+75EIz_{Gd}(pa9X(W;?axwAX;)W!?hK7FaP@6bDnCh zEbyNTT{)fiZ3c57PvV&kFos-2ZKCh5E33$*D>Z4r91NNVwn&wQ-%TY}{M=%(oX%&4 zL!#<|>bKCqw<(=(cygU{$?IYQ_F{NZ{wM zb<1OAqQ11iZof`v3?^Vv#s{^3>;@ItrL|-vBk}G0ZHFHrH;}Yrm$jZvHPibWaOlI_ z-GGMa*0dWP@QaA#btmeJqifSz$!GBj@*FIr$^#0oUA>BfM8HlARBgb!RMxtBHM9Eg z9?$f&?}|kop8uM(V}fJ@9*re2+U@UG!pdjs2IX~%IE0!%-b(pQQ0V@(QjSD=2|NRi z-<;bfZfOJCTU%XwQJc?L`Jm2Fkqt?k^Ym_3a0#!|3cDqqSM&QTJAQ-WixvL3!zH0% z!4`bnNqQ#%^Ip~G`ohz5BfB(~bi9T;4;#t(`IEO>aFf?j)c$kXJN2YbQf=+d>5)rCIcbvubT%}EcqH~zsF-38QgncaR2xsEZmlx3-SdPzEN#10dbox2_LbP1M6}UDzGBq@v0R?uDf( zp9RbKtkV&&=Y)iDLue_!!Y=E4bG2{Z0!NtfyJp4S{lWklE|d@W2gDCZ2C9T=K|JqM zvbDK%x6HreW0+3kSVU`?XZLK~m_WevBtb!{*mHc6@qd-c zU4wz>V+I_vL?BKw%m6MltWBh#)m65X-{c+FI}Jzf7kP$?%$RZti@5`2w$%pp$8!z< zS?KWLvtA-So5O2Azt!=NvOFzT>9;KuC(M>z4gdw8XXdm4Xz8vi>cT`ev%;Ys_HJ-f zX+Mu)_<+JPn@d`A!i~P!Jn-%lkY^6u=gI~u!M#-X#!3k6Krm2YQUz3UL#$(gS32Jy z1kmL`h9}X$Yxt6#4bregH@*{b%q`F_zOe)yYHUdhuNy8O41^Xj@JvaDDZ>R?lz^Qe z7}>cLuL*jM{;IFHaI&ztpc+=e_BJI&(6Mv~IXv}JCQ=+YR$O?CPG%XDP+)?}*QWxFjax(6n4ukFH@>ir(F{flmT6303Nj#5htr}KANi|Zu)k}N+ z7|aJ!JcloC<@=wwjR|^!wR|>0d%{*wtj3mY`#}DEQYv&8(zfuXGXHjJG!;TJu zaDu%|-l=NqSAAHs*{fuj<>@c=WW-*(%~m@* zuYMfBOWcocsV@8+y?g+S*nao%9|;3fbpgO4{$&h`Nn!pB0v@dnaAxkExPxp{GMzqm z+0&0LF&_o(x<{JQscZs%8`&~1vPggY6I945n0MK@tf%;ssds}WCYjb2dixtxl!5e2 z2Oppkrel#6;K-d%(Uvl`g(j7BdTdjNB*DE*c7W*b;tk1E#=`roY5y@)|5`9U50Bd4 zi_+q2YkpvA;1jQ)j{dZ^@D;S;t955CPuW7A=0cqwn{MT+q}2L4(u?OSYoXI!Jwwj$ zjrWvS4JFf&`(xM5xZ7wlmAY>}?e)C60h2(IFV@hWsRu0UQ(0hrRYPC0I0^?|4UMmF zqlJKh(`#TlEyGwl=M{H*faU%i!tAI>MMa}J;*6E}ZhSpip_Y`OJEexI?Lu(>=H`6s zc!jBGgG|w={3!qkYT^M*7;pbwmC>z}8(xs*#TqMB{VU1lI%Uz5vqzSeUJlcZCoclg zQe90m8o0?bUW2(l{&vyfz((s8$CYh}%njfRA7Y=Oog~`=ThR7%C@}yUNcH7*(mqp@ z3_iD;Xel93O-b1xfcC0^3$;AQ?S_bx-ILco@1i|vC75tJw(?TD8B*=ciEyd5L?D2~ z!^GZeyf4RaaM1x~>_5n`o{R{6JHFn9nz@E^B$Y<;yA2RnbJOBbHj-JA<+Qq>viHVk zQ)z202Bs57oPXZKoQf@Z#D4I$oQm!zI~>4)RMnJJ`L7cR#{hv%dBQWd5%pA3)87&- z7rL2-S0VEQmB;>d@6-N&3ryPZ4wwS;NqMJ^u}YpZ6hywd9f&UuXp%HGxSl8)Tghp7 zZ)m{=&C}xIZVOr+8lKuC$FBHwg3v@D#>Q@t=kwyYbUA6pH?wN2rtfoJ@dUVSUxw66 z$nBZXiHe}_?UEI;7K#y78=`1dthayf>Fc@Grjr~J zApe{q6owNrT{!GG=VKG_vla2{*e*0TEWEIAYS`YigiQJG1<61pE3Hfay2tDt>KSY1 zRDJR0>7;QFaYN9W<0cH4*$bnSbG5hc|*Uc;7))7^^kh~yazHM;s>GS=rvXs4(3)bI>A$hne$4r zfmT%ui+V;i9DW^0in+00QENy>EfKdEv+M%5QD}4)>La@#$;W zz8@!S`xS7N`Mj_zfExCvzKeB6uu{-(F|?dad?p4(w<~g)EcHYo%jI2wCAw<>0I$RF`VE>t7osnZU3kzH0aKgYx>75(Jmnh)5pHY5WOSk)bAQV1gBCX^ zfr)_en3xT1iOWX*O1mCk29X}9kInM()4UmXn=7Tk1^>T`)TAD+uvhP5(_ZnkIj#;# zOl|x`#$>}I%njI+$h>Ob8?VQ)W_iep)pJ~NRm`65j!|UnVa!crvbRgu#_mGS0M;77 z*{(*;dIjAAg)#b|3p%A02V@;|#nCm{iq?Ow$LZs&5C4@I`UV_Y?oi%L27rnr#wyMT zb{kB2ko&%GmqS`;9Z_fV%wQMurt1&rec0~uw8tCH1|C`U-O8B-ddi| z21OYzmz}F}aXUD0&qQ{{nEG?!hdW@l|I`=e6M_s)_pFi^PjHh9bCyT`weNII7mizI z2k!BfcdZV!G>NdA&byDHgmZcvL|R1fI&bSU1KOU~sL&Ncd4`PL_uVa~R9ByHH{#b1 z2W6)jf?2JvyuJ;;k{FAKn)E(B!GY1$_n%W@$+_W3YO!T`HEeiIB>*~lW~7{)rjE43 zV}`q;o>^G4hN?!_^aG748)2ERYgSk6c4q>AR6&2g^;xDJFEsWeC+&!-8MTG~@|cp{ zZ3L)nqLbIrFn-r(ZZ`F#<V!FbmlQBtHebrKklUXw?m{0R4r(dY>YBgP9d0J5>A$aN$KX zn@IAs>{O(_n`&#!iyUSR`}8KEVxQSf+Sua*39;P1?AW{cKD>)hY%4Uz9&#PH+Z>m< zoI+$z6q`#$(>{NuaBej9d;^h7D#c?QSwxpk^ku&NDVkM~=w7_Ic+xtox@}VYb4cX& zZWx_y9iPY6Z}g^COvRr5#*Q!YB}==(t{oJ)D$=L)7m-OXFI8?9|G z!ssorTpDTMYX3pibI#bt-ipL`s&CUjzhr0eTpvJsNbVoFDhx?y?zj%*S!)5uhi8S1Nss0!x$}L1 zgXVI$V@Sv5NVA*#axYJ!&bK|D;vU;icm=S>zNau>q+Px|IKL zTc(Uu9<>yiTay?6CFXN<4&8;TQT9i>=jo9~`(B3_4cDt;6tm;S-1S6{JF~>z_Jm03 zd&UUFXdE5TrhJk^shrQJ9Nl0BPh$%`ahhAl^sDFjp{PC2^UEJ)dr;_aYtBsBaF}|e z{Ylgu1}1Q)+b^NWTIp`E`|Z6kb9ng3sML++*4jMB@DbtG8{g3t8a}$V6{mvMp&gT! zqoXJ?e-;BH9aRBgx|<_Y(GXYDi{ICK!&M-Et^RA4=>w&z)qFKsK%a04BVXS#v_+RT zLGjxCES4*Er(L0cd9rayT(^L!0Gc-zqe?!Q8Co8Vi$7GhkUi94w zi7ade^ES*9Qso@14d^nkc>1h&Ixvi|tX`Y;kt&2Ao?Ou0h@^o$H$_@cpEV8nQS*2U zxRnJJWTL0krSIU^5e@xJ&(Mq%4ep~nJ$SDI>Ugig2uPnISER>?H$8f7B-GNgQ z-e(8oB;)JRT&dj-5wL&BbUv|MiyS>Zij?_o>zE!^{ffpr@4VGr>sH?`NZ#|pBd#-Q zcu6{Y(y(6L&ugwNdVdqjWhtxHWA@QS(`RB_6{ge0l{ZuFd20rkC1Q@)E}eSMbrsgW z*GfIV;oDhXx3c1I*Zx({k3&-r_}rx@J_EC2JeRPoOGK3zx2qFtuSZ~+q3Da_3#USA zOL1MZbXeGB#vZ5F8n)1!hB?phwlNKjEQB>Hg^JvKmTsm*4j?ySM_U2oK$z^;R8Cf} z^UE5!NoUariM2;mTrsa;nGx z%M;u+D&whlTy=T*##%`m!BGS_8j0FnxVY>r?W((3(B)6nq~H9^zAx0WS8phCgX05_ ze&|8rhJf)FeKZOxXjwvm1oPwoS1|ZHfsE)mg^)0Z5bybii>1F87RO8j&El9xt~5Fb zNY5ETpKnKHO-TQv>iyD7&jha1MH1z2XXnWn(V03&U~VU4HN^>s-?gu5jc^y{qO$1T zx|DYG;80e~qV>38oiaNiXeyqftVYVa(!PazHHA)wIuf5`Yzy0}x4GD2R^`x8F0y!J z`PvG=M6F|DNMBmw0ku@VswJs-&ZMbc5C3#@lKFfVdkk(ZKLY?sia`WTN_Y>_Q8(27 zb@^6vxlPsJnWO~`5exHAeYx*Lk-vucQ(FAMRsFA9u21f~v$=x|@ z#oZWC)~QXekdJ<&VhIngz_8eqJ+%2>3@{b#dYwfzRXg)^5yqlYovVr~mLD~*{x{$rop8jdZMaRE;{>xbiE4z9Wy71?RZ z1J)&J6T7dMWA2v2-&P1}MNB-gzUi#}k7(ihG{1>6SSBwMtsMNn%uNHu<;F0G3P zHZw;>!b!hDpet=S>0{ISG~C(2yXcT3fgg8|4>nD8F9N2%QtJRKL6gSF^5QeM#{$y{ zSg0hA%>frbTBj@Y54^rc6S`soB?}J_zOl3UWmLvh57+ytV;?i|f=G%}zW@44v;p|> z&{b?J%lRcN{+{&jznujNJ8yc|nx|s*An8$-~hZ7?B~_Q?pdV>u2%&qmB#|UTat)8$_!%+5?ML zIdi{XTkTB=@f9Z0KVN5E|7RBC!4g`uTod>!s@R?l3(k=0d+|ot=7hw?XAn@J+q6QHq9}ir zm_ws?k)Yp)rO-=GHOb1W(j7l2gNi&6-~7tVr?Oq*ZkJ;3eUsn%2#xFf9R`sPq52H? zy9_=h)iPz{i9~|)1krWdyZ6L$HlR~C#n0{rXIf@mx@p)c z6pdGg$*XCm9{wObGg@ic_Q7y7XVqY?|5tj>C~ygYT;aHbb(^6Xj(F@V?0f}Ca^m0Jc#jpnidJeX#ujJA@#t^&HdL@1!Wu` zx2_?zKUwM!kj?Wul!f+?>Ar-S+v`lGYEYEN+BezUzxVnknbjdnQN2!AhU_S(3{)y7 zmhMI9iR}AqXCusoaY)~R3Ny={pdsG=AW08xGTH*;HZ8P+-HLlrN!{EwlT3FNPZ&fM zGFJnv5N9r6m+44A!gV$Asm|y3*W(*a{Gj>C_3J06nZKG$MOmH{4Du_=M!!imbW;oR zHmaISe|{^%BdkZ+oeIfNGpjV`s7&rY=^Tp-nFT^Eyi#~5hjD`UsM6gC|5-k7FUn{qTCc@|^X6r^D@m#?<6%ZAeH@ErTMPr;q> zFstCu;F)xeK(7u91YZZ@y>2cX(I) zB(jbP#udqkD$(_O-zoS#`4SXHs`2LMvx-@Oe)-$#^NZ@3O}QqN`D&uOMu7-7Rz`~i zh8w4GY!r<%MQPA}x*YRab@~3BvL_-COhXHeH9BlMi~b?-L+bfVlt}v zK1rUdAy6i$C)`T13jrr%qC7rZHdV?;T2J|x$u+b-Auy5>Q(d>#&w;LOhU@wKIz2cq5v@Y>8seeL4Dahyx{@!W1O&`I2hw0s#_sc zXk_9dF}d+{Uo)Ufa&awiAwk9SeQ3yD|7;P|H=&SmLwHS`FPr2 zkq{-5$^!A`bs7&?ON+8A7^Y`Fgt&qLUs6kBW@*<5JQR_`7`oqGwLDluv@>`{lB2?B zJE2zLZ3_16$2L_`;l^Bo;~gN*F7H=L>!I@u=N?s|F{f`|Fysx9@mmDd>)9%w;ZQ#} zL?9*ML}G93q0DCjyyT-#qQ;f`I6G`tz4n z5G!q(B|Oir-HvA`3@onM1YwV%CHOfnarCJ|yJCnlk~+-sfgoW@!ep^)ge?~*5xg1| zK7Ekp&{|UxPsEMCu0YkOWM6c^zUX2UTpNA8;Rh{wM4B8bO>@o-);Vt-<{>M6yeH`9 zk{0k|N8?2)Km+}t;36XJwq$XUBL&L=|7&_X_qhVNCf4DUHO$-WyN$rh9^%d6t|#)- zo(<$Z-e3P^I?o+TsGEHaSJwt|7wnWM*blboylfF76z>1Kwpze0a#k4ckgO7fx;pC7%UaX5K2WUL*& zx@*iC`bi}%hf&bxRSG%I%c+PXJi-YlGFjdXMeetcAU%tb$%r8`KN-AS-dBnzrG)U}21-&}*~NaE-9y976M;-8LwHh}KF0)vd?nl<)~j zTJPDg?)I={_ncS0b}W#mQ3Leo>}NI-hxkzuE=E{YwM{7?)j*DJ&sKiF$k)%>v))0e z(Uw)-G-8X+fg1$tH;W`00zy7C^wh?z=RaVbU&xc#SMYnRG$YSnqn;p60V$v%R2Ud1 z7&DIgK~kskw)ZhqLmtD2v%~<#HdKA`=v7I+6A8MVd=dNhM}akQH9gEX$CFLXs3^8x zKWguiHX*q0Rh4Ok7As;Lq>cX=y#LwU8(OyyXHl2Dl%6`5cDT>SKShK`ykJ_zr`sUz zw8;n@4Vb&0&+Eed0{G>~|MAO!A7ZP!-%K5r$nYy*4#V;A$(_`buwTD(gCA|4aKW$x zzY_)g@t|-2cak2j{`kp1)-F#AX*}(YWsoHm;>8DwlZlmotKQUP3@9dM(*PYjhPabeVU*K(M^kEg_3WRpaN&a@B;AY8Bd1Y%a!B>76D{yi z9T0>Y$7hUAS`eF^GfOyY`e_clkQ(1@Sw^niTeihE#Mm3&`UceWYE=2-7)X`lS|0|DbnugrQsc3#g)tp#ZG+A~mTf>$puO>egy!NhYZkf-Ep_ zDu9LMXSyn@fEU&2+3r%wJ?4#qy8yz&A2xZJmWdIGsDM=RgOQ}B7NQTDIBrBP&;6x5 zBe-W`FrfS)CCXs=HhCIFi4PkdR{F){i$kK|7!`>~woXqByS%ZK4#<1gwF$4MMA6sN7I8X1IKqaM(OYWQ0la-^plLNTOC+HdvC4c&yX!zfe`H%VEkhOF_(p)y zgKBSi7!meg*-Jc1Ah99_4E2h{;X%KvM2W03n8M-DuehXYoq zO$GQ4L5l`KqsIO=M`G66ymmItdrO@b9&EAu5K`|{PH4ex9A2we@R=TRmGWe z)lQe5MzhGBrBvp^S<-+zbVVwhqAFphng$JN*39nKkN)w-$2qWn2C%~9XuVJ7^K(=y z3szlvF$~tz^y*9Qf;&ovHs>^9Df2v*)c=GZum`OYGi#6A52KI2!$e{p^so#$p660K zN2LcildgUe`olk*iSB&b{0@(`V)|ShjF_Aj7Ieu@xO2#dNvxz;#qy_~2K)V@e*o}7 zyk+?lfoAvxZj|fl!cO!bzZO_Ht+aJj$odvA zaDm5|`_Jn&uH}Q_XH^;K&+@>a@m5%!e<=sE<2SD_&7Z>lPM^O{Kp=3t$Prpj{U%=t z(IT{45~l3$3H&+jhg+1|KE7%6fkb&F2*kMj@VXQfrn8|Jkvb4NlNumo)bH^^pk)I( zz9;$Wd_CR|l#Vi|pNX%Yoe-Pwy4irzEGBLlx~k#CX40{OcL>iZV1EMrFO;-8U5bc^ zngsLag(XW^uVxRy;O&>&nv`MmjJ}1_f1VBt#~xDSP@Y`YtYoDe!Ora$UUlxKVl8@(|Az6p(UbbCC*w;l{{aSXc+&!9MuCJ6wNMiSqU`aQc^{j zMgP}x4$=Or++^EXBe=rd^9!zpfMo6o7l-@SEsEs%O@H%X$+M|HY*ifWX`*6a;W$wM zhNmQC{Y!N-e=UnC^sacfemy%6@-_uoUE+uN^C91=*6ujp4f`QQv2iCj?I{~QnV7Y` z3IWX5fDsd_;R*BMehz#09YkWdR-BNi$+3Tp1B^DTLwzr3U0q=wxE#7tgQbX)n)Qcy z+r-Dt@oTx-%PPC@D`Hm>AEllT#4y(}q>mVpmE<%LU{wkHuo5ANcYAXy%+}4fJ#Aov zXnHl{TwfSd-cV8Ycxvc7X-pqnFbQ|%mx$@u8&X46$Q;&w2X*50!kwgdDq*SqHylT7 z0){}=@bFqGdE|!Al-RFGcQ}Nkn(k4{?gij8Cz|jI%-%%Z4pBUKVMT%d>(~ANN*%EI$Hx6SM9W@c* zPm>1(qo9sw9bW(tFEk=NGvj1My!3S}XZ(`_7N#%J#Fe4I;fL5RL0DhJOqADm(I5on z^_U`92Oso^8zhO08VO$|e#eV`G>+p-O@I;_P#hGZ2?NQ$DebZE;ll6xieNLWq3w}S zzf6ssUW!sUUDf|ZGvvBawnhW9kr=4qJ0Ka&Ng^D5T~F8-PLz6b=)Z!$4N%KFS5Sdr zo9a5}NiPS&`m2~kfibWcrwxegX1UNh^Q^1dZV%d4%8w{bk>Um6N4Qg2##U>NjWhLr zDw`R^yuzXg%D6t*($Vr-sK>+a)8(I=ul(ha0AZ=tKmlFZML^B6G1GO#D#NeB!n`Qi zTH*t)QA;GNt)41yK4D>A5dQXLfiR;YTKX?T>Nztw;P_Q-jHd4NB8U8h5oMUl1Unvi zSh3mbwJtWd;J#XiPra_&cw?*?(j+Xe`90R$7g-Ll&e$CYEx=g}&}q=THH1IvfdEd- z5gK*N>N^54fRaTrXwQ`V-T7=zNZ1Pobu|@vqu+!+VI*>)W%$%HzyOHsA;kHo_#P!A zzrSF-6Cu^=I6ndUC|81@G!cBlqceGXA_iN?$89TgMy`{hU$5Bk>z>7?X$Yox#rre- z2C;K7>(Z0u-P1%1guyQ0E+S{c2pEF_9`HDM|5$QgO~`;oh7Y@nW8xRu2P`>!yE^*% zz%Ks<#5^AVbP^?Cx7$f=aDH_`(wU~ltU7k%E?lehsIMKk$p=RkY*rb7M5NO-Gehb& zx|tGU;!lK6c5&c^Nj6+b-dg0IPrOY6EXO`8?*C(dc$b!aF)|ao=W89MW zltu-~oa0tnyVGRdvEtcnG%X?dONgGU@GvbN94ldK7jYeR9C9W3YvGE=3|x0Hz$N7q zZ%k*(MK_`Bua{?ZL+g#J_hJQU4A{S7%-c-tML`qMaeZ|?k8`)iG6kPeuOV?miD;LT zcGALOVTUpX%Kd6-6a@+p)t?tv-CYpI(M{IEzZB!rIp3TjMIW1e6cvsw8NQ_5b5Fd!W|~`YndiAEJ0YqU(V^`1+(u2o?bs~B{+Sw@$f)kr7Ap6&~5*vG(@1pn6O7! z=*+AwPBQu6%jR|>VrB0Oc&wZc!#y14i2!OMSTp$AZYNQ~*bgOp=pTE|*`%|uFpgz& z$fIScx|V)yeUJSkq~vobzIxE@Zlg}6T%mUb8BVvu727}M>i_Ht+@(^4k#1WLLZE(XZ#=lqm0l7PdCj>L_vqp~1lY-oZmdS4u++7g9v;WIAq##G zQojq+vK-2Hikv3Yf8+k(%Oe?Fc7g|LlQq{=%2 zNUp1YX2bZ?xG*RSH;skG#^x8G(nr6&RAyxw#m35iP^1P_np<^n2!(^1OcojnYQG=} zd+rM2*NqBtRg}*fG=br|%+*VuDi zM$3FGxHB91?<@Vko{?QB<7g*jU#mfruKS6KrY>QX+AQ(|b~d}kvpL)|ii;Eh44p+t zn8Iy8e=c3CT-2Ttu5Ba~JEr41abkT&bL`tuoG*e#j~rf14W2!CWN^tH!e-U!!N}}J za0Z!vv`0V~lti~BZ`aWV=3%-BfwjsYHB|sxk|kmYV^C&!ZmSFs^#ZxR5MEL4zSUA( zz;o;wlI(DsSddrZHs&!25q||d2xvf~4o=Imq93VuK`g+)eXT^Phe66msYsJ@ht?=| zIJsFjP2vCWCy0-k`L|PI6_~TR-LUcgcyg`ix)FVoi{JM-Z7=&UXk$6Lj`lw4f!Vf zGCtku3X2eaE25APU!8E3Ft#!O2=W9WoH#a0{)K{l&6(}^f}m>!6dn>6Uh{83=oQ}N z!`ukJFuF%fe2+W0w#4Lrboumn-u%e4F?ge0y}X9dzmX?J{+Ib9GqpErYleqv*rC6}-#B6MQuQz5K`yiZsWPG1#e$8` zi%qhg;_;bDWlrGD{OHPt<`DB=e5C5hy{(tiew0Uha-4oWQC}IUHPw^zgk5EPh7n6G zJDHtzsP9BBDauI&iw-5IIn}O$M@Zk!y{BHRCqXayqN6u3tl$jicPm|ihy~q(R^m*m z*B@kGR3p_l^r|2K6h%(M)SI@UYbpc?miYZuahdlp@@Pe#m`N+EC<^qo$F6t5ne#9Yo+0l-v!+lf3yH;OQqGg$|D#SJoECF) zsKOVrWHoPBQDGUGjIK6u_U-|9CTbrA(|q}(IK&=xC%BqSu%H(B8&bMKLqbG$A8b9% z{*I)e6z8ie6t>|&m$Vf4?!DWL5?9Z%6XUQgFsL6MCWBlq6d+}E2?wbVSx3Wq`QPv|UH3u0vqw~) zzS(5%&ryBgk1oi`+GXDUKn`%g`-vrnmVu z&QyUVYu^&(@uryXdssCUm`7L3Zu*nB-3}j4 z`L+%V3vJWC_i(q#h*FTL?Xt2ATWC`X8LB3!>%i_1Rmq2NM2tCCn>5J=8e-T>q-?o_cnv%v9uS^KRFC|CHHPh0 z+YY#8`r9xI{mTA)zH`3CIn{5SsJQ=Qz%={pOHLHJi;?r~tAPoyGhL8bJ@5Xv$n%z7 z7nQ^@`B`Y*YH}x@a9SR`%Mfq#ajcScHqRYDvAEKq z7Sh3i<(ZAS@H=kt29jN5J4^gO-CYM$lUuhw3IazF6GD}MbmWk?+>`|OlC6gn@m>r zUVHELJnPweZ4Q?cBBqLH1rGk1WNL_^vsxb8am0wfiA~>@g(m)6frDCb5smUOlDxOC z>ASl>VBY))Eg&AMpmhmZ9kP2$;pT4U+N0OBm5>gV9=_d=xQ30zu2S=GL4xR?&y8T! zEC6=P#(|dbE<()*Y0P}PP!5?nr_y`4Fz;CWedUds-DISL2J8E2k+PcIE9v*d3;a$l zHq92$>`<_zLqzRYi&>Gz*wF?%0=z3v{f6;@cl zKzRPa$h_n|(g1nPpFLNl5$j0z6IG+bC(_rIy`bui;$SD!pw8QBTqpyh||R6%P`z4rCya93vl8C?ZNQ7NktOW<5Xey=8Xp8 ze(3^w%=G2K>#wbwn*{4u5>$|#Og1w78VsEaU|4?5@2lH}b#|qStl!h3dG(xDA&vY0&;BO~_y{jx7*HRs|e95MxwwX#4zbacMc z{7Oe#NkId5d9GrHWwyCfLslMzcew5DWVHMlO@wsXmeY@rQt9s{5VU8twC{jLDvQMA4W?aE`Jww}#K~5<2&?6xB7Qaqh(Ie7hCfE zeI%?2xgvn5Z?iPb=AUI>FkC%EmB?w|khw`>X(3qezU5gQ40=l9vH_w$`Norr+wthJ z%NLGv->GfXdp;|YVUiM;6V7gKOX{d@=s117=HB2vIUE679QJM5UyFw2JU^?|CvPw= zw3$*xbWKdu3~KD)?p%x=O)qj&&h{NbhNm?|wN-kozWbD7(~93=w1KPdRi==cXZV&^ zymQ|^#Y2Xex+@(|&SF+HI05m>U*+|uZg)uuFR zvsJIv6QN^l-Pbc8An`c;nBL|p`{^08A6MTyOqH+KG?GmTzxE$65i|J%$^5|xpd5FSuoA!{yBYS2Qt@!KDNtdmpZ;CFbZ{))wy9y(#}S>?iq63fDVrx`&>8wNeS{+QjsgYSe zK~Udu^}V&?Pm*U#CW2zUIB(drrv>aF#P^y6%}60zuVoeL6P(pX2^%Up3oJ z<0-Z3$gYj2zEyHM*&HuaZERS-a19N9bgZZ%Z0)~sPV4mK-l%ND4#*ac)owNV5&fG= zb0|{!MVzHie^%U+TO+=eu$F)aQxxav z*s)?fOb}>qql2Gp=xT^W&bWQrN;|{a*O2!pqoss;Z>`_@?rcQ0weKrA&4|Fyh{0c3 z!D3ewr%PAqCR<+yJJ0aASWvhT`X?Vw37s`s4Jc=I*pfH&bWeMw8A`@NaYDLw;SRQ> z7wMvPim9gM66>W5w@9%v8Mr)jzm8|Mi`n*tgijI}oQf~#F{-1)q2t8qpy9^Ff0=%9 zIdG7U^Zl3m$&UPn`90HaKJ@jv2S(MAJA=HcJ4ZFJ>cY3HAsgG*@2tMnbsWyeo*AsxH>g`qvT2BW~~z?u7>s%&E`!{t|a}AG-X&g>~E@irkVck%HvAbXTQ8bH{R2j^%6pa?Ul#O89k1-!7(Qh!4 zs&L{=V9R5!gt}+$G$m2_QzfKf1|zrvRz{#;joHFM=7P{`bs>C)M~+%n#L}h{R)gmGH31$6bg>RM?y3mR){iJ-A`;zoW+V# zE(}?L$_~LJa(+&AFv`~4HN*skkG7AJ=gK|34iiDkvoU_1%Kj*Yns34hK#5ZBMTsD9 zZn(4Sf#@guB4UtR+GeJfcR-Wp0A7Z(^uL9VoTV!CiJ{+$3r4d~2{Q@Au_a*(g8UJq zDfKxRqdK-INz}XwHaOu^l#v;(D-6H$k~`rLxGoa!E{-ay`6+WBks$%jXBBn5X^gB1 zuD$ihOBq1{X-ei+m+EZwlH2+cPr5hd5P8yfp^Dp;s3LYlz$Wv8(8Mx_4ukRYPp8g_$K5j68-0^FC*x+%>ao;{df3I$(@9HO?TF$z$1M{3 zVrr5ngQpO-@AeCnbDA+r`Spr&IKRb=olKevH)ZYd9o>4Lu!#F1CMRy?izNP3-97}3 z>K7v-9Doi>nv3CunXtoXmMb@~v&mDFw^J6$NqC_s7LQ;2C}bz(kY_fF8fhgnbc9k( zEFI+QQCx#1Q*R?kxq6~z)5G-uvNubYP)(+{1Q4TAt-1sf3{^#ToO49>D(@d$mN{Cn zhjPMlbAv!x*bdW{;8dPhYCaXT2TsQCOwitwlsdk;b3cO+qtuHsK^IP;t{Mvdk%LY} zScu&hxGxvkL%dKFNHeLLXwKqEOAZOWUcIV;Em?hKp(DJdg$)I>cRngoI_^cnPIP39 zO2)NGV~i0p=0?9J5J06X$QXp7oL(dL{e z!g};bWI2C=9;0+%>ZpqNss}L}rIN|H$ zSw-q!(lMZ7EK-90BfKpt8aJS;RP6du^RXyWypC{=&zU4gIRhlp>KCJzmVY<4ZA$L< z80EZv7Q3K(3$=Ko^!ObrKO(P9Ivhy1${YK&p6+~!armbP z>VT(R-KX#rd7m5qfvXy3SpP@?`IsbN4iypZi37^HZhzx1yC)G{OQ`Nk2WD6$O8qlS z1h&Dh62O=r0ZwNU@kHhyPNN!Q=SF~9sPWQ-=jYf#Q6_RS+9CzbgQN%}7&bqp<7|7HZG6G8Yg@Cuu~DW+MBysc92WEQ$7##HS)udI5+;`+^yO6KquMmCcjqO zgFG$ki7_@mof2`C@T)1IV>3EF^Hy{b(*H4b^<3w9QOLF_&{HwWG5BKK9lyA<IU4W*aa(7zN=MtaKWH9Mv+&_pY|%{M&nGsbf`nNSxbEI9VxdA>jWk_ zRAGnlft_4kqc7g@al;<5Xuu2Au0efHt5qca(rvHJ?*t&7VaU5^ePtPcX^=V>qBiN{ zmpA{jJkQ^==aPfiUbMGif=Lw1)x5V`>WLilVeNj6d^>-%%5_uZ*lUZALlw-%h1lGN zd~7AV{TrBtA*+GBdd<2a1{~;G%rQj9EUykEO#RezK`C(+RTFIm%5iMS{@d4|vv9T+ z`L~k|9%77?G&b*OZ43i)ea1eeSG9GwgvC>rwODTP>>b3&I9A4^J?YRv1Mkb>!q31B zDPmpcUf|RFvpCJ9GT!gW*qVdvRxoPwv8ec{FT~jJi++>ysi#hy3wsc`R5jezCZM*i z8XV++FXbfO1U34Q+ktIcFCYx$qqjU{*N?_ecv3=i?TF-BqUai4muM8$LE#y9Im37v zt`ePF4XHh$$0X&SKf|#45H088dg0r}ok{bCWK8cn!J&;Ix$FPaf?#4=g-qtq$G)ho z29t4IT{OnlyH#@3rRH?noSRGn(4&}N)MOVl2g3fRXU=PxGsAm~{Zfqs#pfUEV}$Pu zu$fE{C*j2}0t7rQ9pg@!DitrysCLV<_3U`mv zwj0P0P-uFrWZ6mYf_Q{ghE;VCZ-*438p?ce(yLI~S1XL@d>e;5mn5d&Cv)PO=^fwc z`$NcEg1-?TuRT%1F^Px^%Ro;Q7=TsompTJ8L`tVWicw;{L><-;ghZwpHw}go(_k*& zE;+zO6w=V9qHb1)E-Tkjo2)88>j14_=DpXUjNmz*@V)F}acWV73K)TPmL;_+hi*UI z_B9d(w5}7XOkl9p(3$qljL_$3V}0-bXnWPT60`hid>l0qc0iJvH5!urbk^;w5xvVF1#!a?zqUIk zbOpWrK_KMgsH|j>;qsdh*{Sr1S7_P5m!Kd{an`T! z%yay%NaiCvmNytvmY7(A6g!)-K#VFpb}XI6XhQXhspwfKG}D{^)+N>$TinbCKrqgS z6QrMuL(V&w*DX#BF@iN8UzQKHqqJ8PC$fmJ&s+c}l-9To=?$fSw`GyjOg)<%<|1nt%t}?ktngjSv7l*w-pTK>(Si4HO*Wva=ikiVR{3Y{NBQkDf~`_ z^NERD4d=8nNY*c4SVAX=DB(`=N!_+b9Di;`={k=NY`po>Z5|KQJT-nY6&TEB)Z#*G z(_mu6Ddl%Tst42ig+U(gnr6wt`9(^aU|j>i{WPebP|9lyV2`nMTy5&FC-p)OA0u6~ zE${i0Ne-Z@qjSpB^gzh{hk7}Id}Jv}wbXB(z%yaYcr~5nCn@(^ZD%?x(3ctEM88>5 zUbo*~P1?PXz*JL4_*oL?9+#c3(|EeKTl4a^{1IAbcbH~NII*Y-`pieFz{wxaraUm#V$^9L|0UR-yEK1oRPR?si%s?MIFbQ)9lsPSagju=T|Vc+l1MllZ088)?C;dgxA-#rTVVL-5#m$AM%vikC^sQ&^}WCr5^ literal 0 HcmV?d00001 From 3960d16b74cbbcbce53a8e4f979a2f0dade6265a Mon Sep 17 00:00:00 2001 From: Matthew Nesbit Date: Mon, 13 Nov 2017 17:28:47 +0000 Subject: [PATCH 04/25] Update design.md --- docs/source/design/float/design.md | 145 +++++++++++++++-------------- 1 file changed, 75 insertions(+), 70 deletions(-) diff --git a/docs/source/design/float/design.md b/docs/source/design/float/design.md index 5e2443750e..af7b9b72bd 100644 --- a/docs/source/design/float/design.md +++ b/docs/source/design/float/design.md @@ -2,7 +2,7 @@ # Float Design -============================================ +-------------------------------------------- DOCUMENT MANAGEMENT ============================================ @@ -22,7 +22,7 @@ DOCUMENT MANAGEMENT ## Document History -============================================ +-------------------------------------------- HIGH LEVEL DESIGN ============================================ @@ -51,11 +51,75 @@ Typical modern DMZ rules are: * Reference(s) to similar or related work ## Timeline +The proposed timeline is that we agree a model and deployment diagrams to be sent to Finestra before teh end of November. We would not expect to have implemented this until March\April 2018. ## Requirements ## Proposed Solution +### Float evolution + +#### Current P2P State +![Current P2P State](./current-p2p-state.png) + +1. Flow has message for existing peer. +2. Check queue for existence. Finds it exists and submits and continues after acknowledgement. +3. Pre-existing core bridge picks up message and transfers over TLS socket to inbox of destination node. +4. Flow receives message from peer and acknowledged consumption on bus when the flow has checkpointed this progress. +5. Flow has message for new peer. +6. Flow needs to create a queue as this is a new peer. The name encodes the identity of the intended recipient. +7. When the queue creation has completed the node sends the message to the queue. +8. The hosted artemis server in the node has a queue creation hook which is called. +9. The queue name is used to lookup the remote connection details and a new bridge is registered. +10. The client certificate of the peer is compared to the expected legal identity X500 Name. If this is ok message flow is as for a pre-existing link step 3. + +#### In-Process AMQP Bridging +![In-Process AMQP Bridging](./in-process-amqp-bridging.png) + +1. In this phase of evolution we hook the same bridge creation code as before and use the same in-process data access to network map cache. +2. However, we now implement AMQP sender clients using proton-j and netty for TLS layer and connection retry. +3. This will also involve formalising the AMQP packet format of the Corda P2P protocol. +4. Once a bridge makes a successful link to a remote node’s Artemis broker it will subscribe to the associated local queue. +5. The messages will be picked up from the local broker via an Artemis CORE consumer for simplicity of initial implementation. +6. The queue consumer should be implemented with a simple generic interface as façade, to allow future replacement. +7. The message will be sent across the AMQP protocol directly to the remote Artemis broker. +8. Once acknowledgement of receipt is given with an AMQP Delivery notification the queue consumption will be acknowledged. +9. This will remove the original item from the source queue. +10. If delivery fails due to link loss the subscriber should be closed until a new link is established to ensure messages are not consumed. +11. If delivery fails for other reasons there should be some for of periodic retry over the AMQP link. +12. For authentication checks the client cert returned from the remote server will be checked and the link dropped if it doesn’t match expectations. + +#### Out of process Artemis Broker and Bridges +![Out of process Artemis Broker and Bridges](./out-of-proc-artemis-broker-bridges.png) + +1. Move the Artemis broker and bridge formation logic out of the node. This requires formalising the bridge creation requests, but allows clustered brokers, standardised AMQP usage and ultimately pluggable brokers. +2. We should implement a netty socket server on the bridge and forward authenticated packets to the local Artemis broker inbound queues. An AMQP server socket is required for the float, although it should be transparent whether a NodeInfo refers to a bridge socket address, or an Artemis broker. +3. The queue names should use the sha-256 of the PublicKey not the full key. Also, the name should be used for in and out queues, so that multiple distinct nodes can coexist on the same broker. This will simplify development as developers just run a background broker and shouldn’t need to restart it. +4. To export the network map information and to initiate bridges a non-durable bridge control protocol will be needed (in blue). Essentially the messages declare the local queue names and target TLS link information. For in-bound messages only messages for known inbox targets will be acknowledged. +5. It should not be hard to make the bridges active-passive HA as they contain no persisted message state and simple RPC can resync the state of the bridge. +6. Queue creation will remain with the node as this must use non-AMQP mechanisms and because flows should be able to queue sent messages even if the bridge is temporarily down. +7. In parallel work can start to upgrade the local links to Artemis (i.e. the node-Artemis link and the Bridge Manager-Artemis link) to be AMQP clients as much as possible. + +#### Full Float Implementation +![Full Float Implementation](./full-float.png) + +1. The float implementation should be built upon the AMQP Bridge Manager code and should not be mandatory i.e. there should be interop with older nodes, even those using direct AMQP from bridges in the node. +2. The link between the internal AMQP Bridge Manager and the DMZ Float process should be a single AMQP\TLS connection, which can contain multiple logical AMQP links. This link should be initiated at the socket level by the Bridge Manager towards the DMZ. +3. The DMZ float only needs to receive incoming connections initiated remote peers. No state will be serialized, although suitably protected logs will be recorded of all float activities. +4. The main role of the DMZ float is to forward incoming AMQP link packets from authenticated TLS links to the AMQP Bridge Manager then echo back the final delivery acknowledgements once the Bridge Manager has successfully inserted the messages. The bridge manager is responsible for rejecting inbound packets on queues that are not local inboxes e.g. no way of cheating messages onto management topics, or faking outgoing messages. +5. Outgoing bridge formation and message sending should probably come directly from the internal Bridge Manager, possibly via a SOCKS 4/5 proxy, which is easy enough to enable in netty, or directly through the corporate firewall. It could be initiated from the float, but this just seems insecure. +6. There is probably a need for end-to-end encryption of the payload, but that is for as later phase. At this point a header field indicating plaintext/encrypted payload should be sufficient. +7. I have open questions about the management of the private key for the float certificate if the TLS terminated is directly onto the proxy. This is presumably stored in an HSM, but I am unclear on whether this would be allowed. +8. If instead TLS terminates onto the external firewall, with self-signed certs for TLS in the DMZ this is more standard, but breaks our authentication checks. One solution for authentication checks might be to enable AMQP SASL checks e.g. using https://tools.ietf.org/html/rfc3163 to run challenge response against the node’s legal identity certificates, but it needs discussion. +9. HA should be built in from the start and should be easy as the bridge manager can choose which float to make active. Only fully connected DMZ floats should activate their listening port. + + +### Challenges and Unanswered Questions + +The main uncertainty for the Float design is key management for the private key portion of the TLS certificate. This is likely to reside inside an HSM and it is unlikely to be accessible from the DMZ servers. It may be possible to tunnel the PrivateKey signing step to the internal Bridge Control Manager, but this makes things complicated. However, it is common for this to be configured inside the firewall, although we will have to see our non-standard PKI interacts with a typical firewall.zt + +The other uncertainty is if/how we should provide end-to-end encryption of the business data. I think it is inevitable that this will be desired, so we should allow for it in our wire format. However, to properly implement this with session keys and properly authenticated encryption is a significant design task. (At minimum, we would probably use some form of Ephemeral-Static Diffie Hellman against the remote Legal Identity to create the session secret and then AES-GCM, or similar AEAD for the message data. The AMQP headers would also need to be protected in this process, along with careful choice of IV to prevent any collisions.) + ### Bridge Control Protocol My proposal is to make the bridge control as stateless as possible. Thus, nodes and bridges restarting must re-request/broadcast information to each other. The messages should be sent to a 'bridge.control' address in Artemis and be sent as non-persistent messages with a non-durable queue, each message should contain a duplicate message ID, which is also re-used as the correlation id in replies. The scenarios are: @@ -93,68 +157,6 @@ My proposal is to make the bridge control as stateless as possible. Thus, nodes 8. The Float should protect against excessive inbound messages by AMQP flow control and refusing to accept excessive unacknowledged deliveries. 9. The Float should only expose its inbound server socket when activated by a valid AMQP link from the Bridge Control Manager to allow for a simple HA pool of DMZ Float processes. We cannot run the Floats hot-hot as this would invalidate our message ordering guarantees. -### Float evolution - -#### Current P2P State -![Current P2P State](./current-p2p-state.png) - -1. Flow has message for existing peer. -2. Check queue for existence. Finds it exists and submits and continues after acknowledgement. -3. Pre-existing core bridge picks up message and transfers over TLS socket to inbox of destination node. -4. Flow receives message from peer and acknowledged consumption on bus when the flow has checkpointed this progress. -5. Flow has message for new peer. -6. Flow needs to create a queue as this is a new peer. The name encodes the identity of the intended recipient. -7. When the queue creation has completed the node sends the message to the queue. -8. The hosted artemis server in the node has a queue creation hook which is called. -9. The queue name is used to lookup the remote connection details and a new bridge is registered. -10. The client certificate of the peer is compared to the expected legal identity X500 Name. If this is ok message flow is as for a pre-existing link step 3. - -#### In-Process AMQP Bridging -![In-Process AMQP Bridging](./in-process-amqp-bridging.png) - -1. In this phase of evolution we hook the same bridge creation code as before and use the same in-process data access to network map cache. -2. However, we now implement AMQP sender clients using proton-j and netty for TLS layer and connection retry. -3. This will also involve formalising the AMQP packet format of the Corda P2P protocol. -4. Once a bridge makes a successful link to a remote nodes Artemis broker it will subscribe to the associated local queue. -5. The messages will be picked up from the local broker via an Artemis CORE consumer for simplicity of initial implementation. -6. The queue consumer should be implemented with a simple generic interface as faade, to allow future replacement. -7. The message will be sent across the AMQP protocol directly to the remote Artemis broker. -8. Once acknowledgement of receipt is given with an AMQP Delivery notification the queue consumption will be acknowledged. -9. This will remove the original item from the source queue. -10. If delivery fails due to link loss the subscriber should be closed until a new link is established to ensure messages are not consumed. -11. If delivery fails for other reasons there should be some for of periodic retry over the AMQP link. -12. For authentication checks the client cert returned from the remote server will be checked and the link dropped if it doesnt match expectations. - -#### Out of process Artemis Broker and Bridges -![Out of process Artemis Broker and Bridges](./out-of-proc-artemis-broker-bridges.png) - -1. Move the Artemis broker and bridge formation logic out of the node. This requires formalising the bridge creation requests, but allows clustered brokers, standardised AMQP usage and ultimately pluggable brokers. -2. We should implement a netty socket server on the bridge and forward authenticated packets to the local Artemis broker inbound queues. An AMQP server socket is required for the float, although it should be transparent whether a NodeInfo refers to a bridge socket address, or an Artemis broker. -3. The queue names should use the sha-256 of the PublicKey not the full key. Also, the name should be used for in and out queues, so that multiple distinct nodes can coexist on the same broker. This will simplify development as developers just run a background broker and shouldnt need to restart it. -4. To export the network map information and to initiate bridges a non-durable bridge control protocol will be needed (in blue). Essentially the messages declare the local queue names and target TLS link information. For in-bound messages only messages for known inbox targets will be acknowledged. -5. It should not be hard to make the bridges active-passive HA as they contain no persisted message state and simple RPC can resync the state of the bridge. -6. Queue creation will remain with the node as this must use non-AMQP mechanisms and because flows should be able to queue sent messages even if the bridge is temporarily down. -7. In parallel work can start to upgrade the local links to Artemis (i.e. the node-Artemis link and the Bridge Manager-Artemis link) to be AMQP clients as much as possible. - -#### Full Float Implementation -![Full Float Implementation](./full-float.png) - -1. The float implementation should be built upon the AMQP Bridge Manager code and should not be mandatory i.e. there should be interop with older nodes, even those using direct AMQP from bridges in the node. -2. The link between the internal AMQP Bridge Manager and the DMZ Float process should be a single AMQP\TLS connection, which can contain multiple logical AMQP links. This link should be initiated at the socket level by the Bridge Manager towards the DMZ. -3. The DMZ float only needs to receive incoming connections initiated remote peers. No state will be serialized, although suitably protected logs will be recorded of all float activities. -4. The main role of the DMZ float is to forward incoming AMQP link packets from authenticated TLS links to the AMQP Bridge Manager then echo back the final delivery acknowledgements once the Bridge Manager has successfully inserted the messages. The bridge manager is responsible for rejecting inbound packets on queues that are not local inboxes e.g. no way of cheating messages onto management topics, or faking outgoing messages. -5. Outgoing bridge formation and message sending should probably come directly from the internal Bridge Manager, possibly via a SOCKS 4/5 proxy, which is easy enough to enable in netty, or directly through the corporate firewall. It could be initiated from the float, but this just seems insecure. -6. There is probably a need for end-to-end encryption of the payload, but that is for as later phase. At this point a header field indicating plaintext/encrypted payload should be sufficient. -7. I have open questions about the management of the private key for the float certificate if the TLS terminated is directly onto the proxy. This is presumably stored in an HSM, but I am unclear on whether this would be allowed. -8. If instead TLS terminates onto the external firewall, with self-signed certs for TLS in the DMZ this is more standard, but breaks our authentication checks. One solution for authentication checks might be to enable AMQP SASL checks e.g. using https://tools.ietf.org/html/rfc3163 to run challenge response against the nodes legal identity certificates, but it needs discussion. -9. HA should be built in from the start and should be easy as the bridge manager can choose which float to make active. Only fully connected DMZ floats should activate their listening port. - - -### Challenges and Unanswered Questions - -The main uncertainty for the Float design is key management for the private key portion of the TLS certificate. This is likely to reside inside an HSM and it is unlikely to be accessible from the DMZ servers. It may be possible to tunnel the PrivateKey signing step to the internal Bridge Control Manager, but this makes things complicated. However, it is common for this to be configured inside the firewall, although we will have to see our non-standard PKI interacts with a typical firewall.zt - -The other uncertainty is if/how we should provide end-to-end encryption of the business data. I think it is inevitable that this will be desired, so we should allow for it in our wire format. However, to properly implement this with session keys and properly authenticated encryption is a significant design task. (At minimum, we would probably use some form of Ephemeral-Static Diffie Hellman against the remote Legal Identity to create the session secret and then AES-GCM, or similar AEAD for the message data. The AMQP headers would also need to be protected in this process, along with careful choice of IV to prevent any collisions.) ## Alternative Options @@ -168,7 +170,7 @@ Proceed direct to implementation Proceed to Technical Design stage Proposed Platform Technical team(s) to implement design (if not already decided) -============================================ +-------------------------------------------- IMPLEMENTATION PLAN ============================================ @@ -176,9 +178,12 @@ IMPLEMENTATION PLAN 1. First, I would like to more explicitly split the RPC and P2P MessagingService instances inside the Node. They can keep the same interface, but this would let us develop P2P and RPC at different rates if required. 2. The current in-node design with Artemis Core bridges should first be replaced with an equivalent piece of code that initiates send only bridges using an in-house wrapper over the proton-j library. Thus, the current Artemis message objects will be picked up from existing queues using the CORE protocol via an abstraction interface to allow later pluggable replacement. The specific subscribed queues are controlled as before and bridges started by the existing code path. The only difference is the bridges will be the new AMQP client code. The remote Artemis broker should accept transferred packets directly onto its own inbox queue and acknowledge receipt via standard AMQP Delivery notifications. This in turn will be acknowledged back to the Artemis Subscriber to permanently remove the message from the source Artemis queue. The headers for deduplication, address names, etc will need to be mapped to the AMQP messages and we will have to take care about the message payload. This should be an envelope that is capable in the future of being end-to-end encrypted. Where possible we should stay close to the current Artemis mappings. 3. We need to define a bridge control protocol, so that we can have an out of process float/bridge. The current process is that on message send the node checks the target address to see if the target queue already exists. If the queue doesn't exist it creates a new queue which includes an encoding of the PublicKey in its name. This is picked up by a wrapper around the Artemis Server which is also hosted inside the node and can ask the network map cache for a translation to a target host and port. This in turn allows a new bridge to be provisioned. At node restart the re-population of the network map cache is followed to re-create the bridges to any unsent queues/messages. -4. My proposal for a bridge control protocol is partly influenced by the fact that AMQP does not have a built-in mechanism for queue creation/deletion/enumeration. Also, the flows cannot progress until they are sure that there is an accepting queue. Finally, if one runs a local broker it should be fine to run multiple nodes without any bridge processes. Therefore, I will leave the queue creation as the node's responsibility. Initially we can continue to use the existing CORE protocol for this. The requirement to initiate a bridge will change from being implicit signalling via server queue detection to being an explicit pub-sub message that requests bridge formation. This doesn't need durability, or acknowledgements, because when a bridge process starts it should request a refresh of the required bridge list. The typical create bridge messages should contain: 1. The queue name (ideally with the sha256 of the PublicKey, not the whole PublicKey as that may not work on brokers with queue name length constraints). 2. The expected X500Name for the remote TLS certificate. 3. The list of host and ports to attempt connection to. See separate section for more info. +4. My proposal for a bridge control protocol is partly influenced by the fact that AMQP does not have a built-in mechanism for queue creation/deletion/enumeration. Also, the flows cannot progress until they are sure that there is an accepting queue. Finally, if one runs a local broker it should be fine to run multiple nodes without any bridge processes. Therefore, I will leave the queue creation as the node's responsibility. Initially we can continue to use the existing CORE protocol for this. The requirement to initiate a bridge will change from being implicit signalling via server queue detection to being an explicit pub-sub message that requests bridge formation. This doesn't need durability, or acknowledgements, because when a bridge process starts it should request a refresh of the required bridge list. The typical create bridge messages should contain: + 1. The queue name (ideally with the sha256 of the PublicKey, not the whole PublicKey as that may not work on brokers with queue name length constraints). + 2. The expected X500Name for the remote TLS certificate. + 3. The list of host and ports to attempt connection to. See separate section for more info. 5. Once we have the bridge protocol in place and a bridge out of process the broker can move out of process too, which is a requirement for clustering anyway. We can then start work on floating the bridge and making our broker pluggable. -a. At this point the bridge connection to the local queues should be upgraded to also be AMQP client, rather than CORE protocol, which will give the ability for the P2P bridges to work with other broker products. -b. An independent task is to look at making the Bridge process HA, probably using a similar hot-warm mastering solution as the node, or atomix.io. The inactive node should track the control messages, but obviously doesn't initiate any bridges. -c. Another potentially parallel piece of development is to start to build a float, which is essentially just splitting the bridge in two and putting in an intermediate hop AMQP/TLS link. The thin proxy in the DMZ zone should be as stateless as possible in this. -d. Finally, the node should use AMQP to talk to its local broker cluster, but this will have to remain partly tied to Artemis, as queue creation will require sending management messages to the Artemis core, but we should be able to abstract this. Bridge Management Protocol. + a. At this point the bridge connection to the local queues should be upgraded to also be AMQP client, rather than CORE protocol, which will give the ability for the P2P bridges to work with other broker products. + b. An independent task is to look at making the Bridge process HA, probably using a similar hot-warm mastering solution as the node, or atomix.io. The inactive node should track the control messages, but obviously doesn't initiate any bridges. + c. Another potentially parallel piece of development is to start to build a float, which is essentially just splitting the bridge in two and putting in an intermediate hop AMQP/TLS link. The thin proxy in the DMZ zone should be as stateless as possible in this. + d. Finally, the node should use AMQP to talk to its local broker cluster, but this will have to remain partly tied to Artemis, as queue creation will require sending management messages to the Artemis core, but we should be able to abstract this. Bridge Management Protocol. From 17bc6a50c03bbf9486cd7f268c7a0c08be0a2732 Mon Sep 17 00:00:00 2001 From: David Lee Date: Mon, 13 Nov 2017 17:31:32 +0000 Subject: [PATCH 05/25] Indented --- docs/source/design/float/design.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/source/design/float/design.md b/docs/source/design/float/design.md index af7b9b72bd..c8f48fd477 100644 --- a/docs/source/design/float/design.md +++ b/docs/source/design/float/design.md @@ -183,7 +183,7 @@ IMPLEMENTATION PLAN 2. The expected X500Name for the remote TLS certificate. 3. The list of host and ports to attempt connection to. See separate section for more info. 5. Once we have the bridge protocol in place and a bridge out of process the broker can move out of process too, which is a requirement for clustering anyway. We can then start work on floating the bridge and making our broker pluggable. - a. At this point the bridge connection to the local queues should be upgraded to also be AMQP client, rather than CORE protocol, which will give the ability for the P2P bridges to work with other broker products. - b. An independent task is to look at making the Bridge process HA, probably using a similar hot-warm mastering solution as the node, or atomix.io. The inactive node should track the control messages, but obviously doesn't initiate any bridges. - c. Another potentially parallel piece of development is to start to build a float, which is essentially just splitting the bridge in two and putting in an intermediate hop AMQP/TLS link. The thin proxy in the DMZ zone should be as stateless as possible in this. - d. Finally, the node should use AMQP to talk to its local broker cluster, but this will have to remain partly tied to Artemis, as queue creation will require sending management messages to the Artemis core, but we should be able to abstract this. Bridge Management Protocol. + 1. At this point the bridge connection to the local queues should be upgraded to also be AMQP client, rather than CORE protocol, which will give the ability for the P2P bridges to work with other broker products. + 2. An independent task is to look at making the Bridge process HA, probably using a similar hot-warm mastering solution as the node, or atomix.io. The inactive node should track the control messages, but obviously doesn't initiate any bridges. + 3. Another potentially parallel piece of development is to start to build a float, which is essentially just splitting the bridge in two and putting in an intermediate hop AMQP/TLS link. The thin proxy in the DMZ zone should be as stateless as possible in this. + 4. Finally, the node should use AMQP to talk to its local broker cluster, but this will have to remain partly tied to Artemis, as queue creation will require sending management messages to the Artemis core, but we should be able to abstract this. Bridge Management Protocol. From ec72acc6993e698ccb2befb2344f82e0b09ac322 Mon Sep 17 00:00:00 2001 From: Matthew Nesbit Date: Mon, 13 Nov 2017 17:59:21 +0000 Subject: [PATCH 06/25] Update design.md --- docs/source/design/float/design.md | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/docs/source/design/float/design.md b/docs/source/design/float/design.md index c8f48fd477..40cc5a6d49 100644 --- a/docs/source/design/float/design.md +++ b/docs/source/design/float/design.md @@ -51,7 +51,7 @@ Typical modern DMZ rules are: * Reference(s) to similar or related work ## Timeline -The proposed timeline is that we agree a model and deployment diagrams to be sent to Finestra before teh end of November. We would not expect to have implemented this until March\April 2018. +The proposed timeline is that we agree a model and deployment diagrams to be sent to Finestra before the end of November. We would not expect to have implemented this until March\April 2018. ## Requirements @@ -79,7 +79,7 @@ The proposed timeline is that we agree a model and deployment diagrams to be sen 1. In this phase of evolution we hook the same bridge creation code as before and use the same in-process data access to network map cache. 2. However, we now implement AMQP sender clients using proton-j and netty for TLS layer and connection retry. 3. This will also involve formalising the AMQP packet format of the Corda P2P protocol. -4. Once a bridge makes a successful link to a remote node’s Artemis broker it will subscribe to the associated local queue. +4. Once a bridge makes a successful link to a remote node's Artemis broker it will subscribe to the associated local queue. 5. The messages will be picked up from the local broker via an Artemis CORE consumer for simplicity of initial implementation. 6. The queue consumer should be implemented with a simple generic interface as façade, to allow future replacement. 7. The message will be sent across the AMQP protocol directly to the remote Artemis broker. @@ -87,14 +87,14 @@ The proposed timeline is that we agree a model and deployment diagrams to be sen 9. This will remove the original item from the source queue. 10. If delivery fails due to link loss the subscriber should be closed until a new link is established to ensure messages are not consumed. 11. If delivery fails for other reasons there should be some for of periodic retry over the AMQP link. -12. For authentication checks the client cert returned from the remote server will be checked and the link dropped if it doesn’t match expectations. +12. For authentication checks the client cert returned from the remote server will be checked and the link dropped if it doesn't match expectations. #### Out of process Artemis Broker and Bridges ![Out of process Artemis Broker and Bridges](./out-of-proc-artemis-broker-bridges.png) 1. Move the Artemis broker and bridge formation logic out of the node. This requires formalising the bridge creation requests, but allows clustered brokers, standardised AMQP usage and ultimately pluggable brokers. 2. We should implement a netty socket server on the bridge and forward authenticated packets to the local Artemis broker inbound queues. An AMQP server socket is required for the float, although it should be transparent whether a NodeInfo refers to a bridge socket address, or an Artemis broker. -3. The queue names should use the sha-256 of the PublicKey not the full key. Also, the name should be used for in and out queues, so that multiple distinct nodes can coexist on the same broker. This will simplify development as developers just run a background broker and shouldn’t need to restart it. +3. The queue names should use the sha-256 of the PublicKey not the full key. Also, the name should be used for in and out queues, so that multiple distinct nodes can coexist on the same broker. This will simplify development as developers just run a background broker and shouldn't need to restart it. 4. To export the network map information and to initiate bridges a non-durable bridge control protocol will be needed (in blue). Essentially the messages declare the local queue names and target TLS link information. For in-bound messages only messages for known inbox targets will be acknowledged. 5. It should not be hard to make the bridges active-passive HA as they contain no persisted message state and simple RPC can resync the state of the bridge. 6. Queue creation will remain with the node as this must use non-AMQP mechanisms and because flows should be able to queue sent messages even if the bridge is temporarily down. @@ -110,10 +110,9 @@ The proposed timeline is that we agree a model and deployment diagrams to be sen 5. Outgoing bridge formation and message sending should probably come directly from the internal Bridge Manager, possibly via a SOCKS 4/5 proxy, which is easy enough to enable in netty, or directly through the corporate firewall. It could be initiated from the float, but this just seems insecure. 6. There is probably a need for end-to-end encryption of the payload, but that is for as later phase. At this point a header field indicating plaintext/encrypted payload should be sufficient. 7. I have open questions about the management of the private key for the float certificate if the TLS terminated is directly onto the proxy. This is presumably stored in an HSM, but I am unclear on whether this would be allowed. -8. If instead TLS terminates onto the external firewall, with self-signed certs for TLS in the DMZ this is more standard, but breaks our authentication checks. One solution for authentication checks might be to enable AMQP SASL checks e.g. using https://tools.ietf.org/html/rfc3163 to run challenge response against the node’s legal identity certificates, but it needs discussion. +8. If instead TLS terminates onto the external firewall, with self-signed certs for TLS in the DMZ this is more standard, but breaks our authentication checks. One solution for authentication checks might be to enable AMQP SASL checks e.g. using https://tools.ietf.org/html/rfc3163 to run challenge response against the node's legal identity certificates, but it needs discussion. 9. HA should be built in from the start and should be easy as the bridge manager can choose which float to make active. Only fully connected DMZ floats should activate their listening port. - ### Challenges and Unanswered Questions The main uncertainty for the Float design is key management for the private key portion of the TLS certificate. This is likely to reside inside an HSM and it is unlikely to be accessible from the DMZ servers. It may be possible to tunnel the PrivateKey signing step to the internal Bridge Control Manager, but this makes things complicated. However, it is common for this to be configured inside the firewall, although we will have to see our non-standard PKI interacts with a typical firewall.zt @@ -161,7 +160,14 @@ My proposal is to make the bridge control as stateless as possible. Thus, nodes ## Alternative Options -List any alternative solutions that may be viable but not recommended. +### An Alternative Design Idea Using Direct P2P Communication +I do also have a completely different model of what to do instead of the float/AMQP work, but whilst I don’t think this is likely to be accepted, I do think it has a lot of merits and may be surprisingly fast to implement, at least for small semi-private networks. + +Essentially, I would discard the Artemis server/AMQP support for peer-to-peer communications. Instead I would write an implementation of our MessagingService which takes direct responsibility for message retries and stores the pending messages into our own DB. The wire level of this service would be built on top of a fully encrypted MIX network which would not require a fully connected graph, but rather send messages on randomly selected paths over the dynamically managed network graph topology. + +For packet format I would use the ![SPHINX packet format](http://www0.cs.ucl.ac.uk/staff/G.Danezis/papers/sphinx-eprint.pdf) although with the body encryption updated to a modern AEAD scheme as in https://www.cs.ru.nl/~bmennink/pubs/16cans.pdf . In this scheme, nodes would be identified in the overlay network solely by Curve25519 public key addresses and floats would be dumb nodes that only run the MIX network code and don’t act as message sources, or sinks. Intermediate traffic would not be readable except by the intended waypoint and only the final node can read the payload. + +The point to point links would be standard TLS and the network certificates would be whatever is acceptable to the host institutions e.g. standard Verisign certs. It is assumed institutions would select partners to connect to that they trust and permission them individually in their firewalls. Inside the MIX network the nodes would be connected mostly in a static way and use standard HELLO packets to determine the liveness of neighbour routes, then use tunnelled gossip to distribute the signed/versioned Link topology messages. The nodes will be allowed to advertise a Public IP as well, so some dynamic links and publicly visible nodes would exist. The network map addresses would then be mappings from Legal Identity to these overlay network addresses, not to physical network locations. ## Final recommendation From 6d1dd7372aa24544f90e94a457aae423b822ab32 Mon Sep 17 00:00:00 2001 From: Matthew Nesbit Date: Mon, 13 Nov 2017 18:12:13 +0000 Subject: [PATCH 07/25] Update design.md --- docs/source/design/float/design.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/design/float/design.md b/docs/source/design/float/design.md index 40cc5a6d49..75fcc74965 100644 --- a/docs/source/design/float/design.md +++ b/docs/source/design/float/design.md @@ -9,7 +9,7 @@ DOCUMENT MANAGEMENT ## Document Control * Title: Float Design -* Date: 13th November 2018 +* Date: 13th November 2017 * Author: Matthew Nesbit * Distribution: Design Review Board, Product Management, Services - Technical (Consulting), Platform Delivery * Corda target version: Enterprise From 916add39b2e2eb7958a2df1fb29b716e489ee102 Mon Sep 17 00:00:00 2001 From: David Lee Date: Tue, 14 Nov 2017 16:11:29 +0000 Subject: [PATCH 08/25] Structure & flow changes discussed with Mark Oldfield --- docs/source/design/float/design.md | 110 ++++++++++++++--------------- 1 file changed, 54 insertions(+), 56 deletions(-) diff --git a/docs/source/design/float/design.md b/docs/source/design/float/design.md index 75fcc74965..219200fbc7 100644 --- a/docs/source/design/float/design.md +++ b/docs/source/design/float/design.md @@ -22,9 +22,7 @@ DOCUMENT MANAGEMENT ## Document History --------------------------------------------- -HIGH LEVEL DESIGN -============================================ +# HIGH LEVEL DESIGN ## Overview @@ -32,6 +30,8 @@ The role of the 'float' is to meet the requirements of organisations that will n ### Background + +-- Below to be refactored into requirements Typical modern DMZ rules are: 1. There shall be a firewall between the internet and the DMZ machine and a further firewall between the DMZ and the internal network. Only identified IP's and ports are permitted to access the DMZ box. This include intra-DMZ communications. 2. The DMZ box is typically multi-homed with a network card facing towards the institutional firewall and one facing the internet. (There is usually a further hidden management interface card accessed via a jump box for managing the box and shipping audit trail information). This requires that our software can bind listening ports to the correct network card not just to 0.0.0.0. @@ -44,21 +44,6 @@ Typical modern DMZ rules are: 9. It is usually assumed that there is an HA/load balancing pair (or more) of proxies for resilience. Often the firewalls are also combined with hardware load balancer functionality. 10. Ideally any business data passing through the proxy should be separately encrypted, so that no data is in the clear of the program memory if the DMZ box is compromised. I doubt we can finish end-to-end session encryption by March, but we should define our AMQP packet structure to be forward compatible with a switching flag so that we can leave encryption till later. -## Scope - -* Goals -* Non-goals (eg. out of scope) -* Reference(s) to similar or related work - -## Timeline -The proposed timeline is that we agree a model and deployment diagrams to be sent to Finestra before the end of November. We would not expect to have implemented this until March\April 2018. - -## Requirements - -## Proposed Solution - -### Float evolution - #### Current P2P State ![Current P2P State](./current-p2p-state.png) @@ -73,34 +58,26 @@ The proposed timeline is that we agree a model and deployment diagrams to be sen 9. The queue name is used to lookup the remote connection details and a new bridge is registered. 10. The client certificate of the peer is compared to the expected legal identity X500 Name. If this is ok message flow is as for a pre-existing link step 3. -#### In-Process AMQP Bridging -![In-Process AMQP Bridging](./in-process-amqp-bridging.png) +## Scope -1. In this phase of evolution we hook the same bridge creation code as before and use the same in-process data access to network map cache. -2. However, we now implement AMQP sender clients using proton-j and netty for TLS layer and connection retry. -3. This will also involve formalising the AMQP packet format of the Corda P2P protocol. -4. Once a bridge makes a successful link to a remote node's Artemis broker it will subscribe to the associated local queue. -5. The messages will be picked up from the local broker via an Artemis CORE consumer for simplicity of initial implementation. -6. The queue consumer should be implemented with a simple generic interface as façade, to allow future replacement. -7. The message will be sent across the AMQP protocol directly to the remote Artemis broker. -8. Once acknowledgement of receipt is given with an AMQP Delivery notification the queue consumption will be acknowledged. -9. This will remove the original item from the source queue. -10. If delivery fails due to link loss the subscriber should be closed until a new link is established to ensure messages are not consumed. -11. If delivery fails for other reasons there should be some for of periodic retry over the AMQP link. -12. For authentication checks the client cert returned from the remote server will be checked and the link dropped if it doesn't match expectations. +* Goals: Allow connection to a corda node wihout requiring direct incoming connections from external participants. +* Non-goals (eg. out of scope) +* Reference(s) to similar or related work -#### Out of process Artemis Broker and Bridges -![Out of process Artemis Broker and Bridges](./out-of-proc-artemis-broker-bridges.png) +## Timeline +For delivery by end Q1 2018. -1. Move the Artemis broker and bridge formation logic out of the node. This requires formalising the bridge creation requests, but allows clustered brokers, standardised AMQP usage and ultimately pluggable brokers. -2. We should implement a netty socket server on the bridge and forward authenticated packets to the local Artemis broker inbound queues. An AMQP server socket is required for the float, although it should be transparent whether a NodeInfo refers to a bridge socket address, or an Artemis broker. -3. The queue names should use the sha-256 of the PublicKey not the full key. Also, the name should be used for in and out queues, so that multiple distinct nodes can coexist on the same broker. This will simplify development as developers just run a background broker and shouldn't need to restart it. -4. To export the network map information and to initiate bridges a non-durable bridge control protocol will be needed (in blue). Essentially the messages declare the local queue names and target TLS link information. For in-bound messages only messages for known inbox targets will be acknowledged. -5. It should not be hard to make the bridges active-passive HA as they contain no persisted message state and simple RPC can resync the state of the bridge. -6. Queue creation will remain with the node as this must use non-AMQP mechanisms and because flows should be able to queue sent messages even if the bridge is temporarily down. -7. In parallel work can start to upgrade the local links to Artemis (i.e. the node-Artemis link and the Bridge Manager-Artemis link) to be AMQP clients as much as possible. +## Requirements +Nick Arini to provide documented requirements. + +## Design Decisions +1. AMQP vs. custom P2p - see Alternatives section below +2. SSL termination (firewall vs. float) +3. End-to-end encryption +4. Prioritisation of pluggable broker support + +## Target Solution -#### Full Float Implementation ![Full Float Implementation](./full-float.png) 1. The float implementation should be built upon the AMQP Bridge Manager code and should not be mandatory i.e. there should be interop with older nodes, even those using direct AMQP from bridges in the node. @@ -113,12 +90,6 @@ The proposed timeline is that we agree a model and deployment diagrams to be sen 8. If instead TLS terminates onto the external firewall, with self-signed certs for TLS in the DMZ this is more standard, but breaks our authentication checks. One solution for authentication checks might be to enable AMQP SASL checks e.g. using https://tools.ietf.org/html/rfc3163 to run challenge response against the node's legal identity certificates, but it needs discussion. 9. HA should be built in from the start and should be easy as the bridge manager can choose which float to make active. Only fully connected DMZ floats should activate their listening port. -### Challenges and Unanswered Questions - -The main uncertainty for the Float design is key management for the private key portion of the TLS certificate. This is likely to reside inside an HSM and it is unlikely to be accessible from the DMZ servers. It may be possible to tunnel the PrivateKey signing step to the internal Bridge Control Manager, but this makes things complicated. However, it is common for this to be configured inside the firewall, although we will have to see our non-standard PKI interacts with a typical firewall.zt - -The other uncertainty is if/how we should provide end-to-end encryption of the business data. I think it is inevitable that this will be desired, so we should allow for it in our wire format. However, to properly implement this with session keys and properly authenticated encryption is a significant design task. (At minimum, we would probably use some form of Ephemeral-Static Diffie Hellman against the remote Legal Identity to create the session secret and then AES-GCM, or similar AEAD for the message data. The AMQP headers would also need to be protected in this process, along with careful choice of IV to prevent any collisions.) - ### Bridge Control Protocol My proposal is to make the bridge control as stateless as possible. Thus, nodes and bridges restarting must re-request/broadcast information to each other. The messages should be sent to a 'bridge.control' address in Artemis and be sent as non-persistent messages with a non-durable queue, each message should contain a duplicate message ID, which is also re-used as the correlation id in replies. The scenarios are: @@ -156,10 +127,7 @@ My proposal is to make the bridge control as stateless as possible. Thus, nodes 8. The Float should protect against excessive inbound messages by AMQP flow control and refusing to accept excessive unacknowledged deliveries. 9. The Float should only expose its inbound server socket when activated by a valid AMQP link from the Bridge Control Manager to allow for a simple HA pool of DMZ Float processes. We cannot run the Floats hot-hot as this would invalidate our message ordering guarantees. - - -## Alternative Options - +## Alternative options considered ### An Alternative Design Idea Using Direct P2P Communication I do also have a completely different model of what to do instead of the float/AMQP work, but whilst I don’t think this is likely to be accepted, I do think it has a lot of merits and may be surprisingly fast to implement, at least for small semi-private networks. @@ -176,11 +144,9 @@ Proceed direct to implementation Proceed to Technical Design stage Proposed Platform Technical team(s) to implement design (if not already decided) --------------------------------------------- -IMPLEMENTATION PLAN -============================================ +# IMPLEMENTATION PLAN -# Proposed Incremental Steps Towards a Float +## Proposed Incremental Steps Towards a Float 1. First, I would like to more explicitly split the RPC and P2P MessagingService instances inside the Node. They can keep the same interface, but this would let us develop P2P and RPC at different rates if required. 2. The current in-node design with Artemis Core bridges should first be replaced with an equivalent piece of code that initiates send only bridges using an in-house wrapper over the proton-j library. Thus, the current Artemis message objects will be picked up from existing queues using the CORE protocol via an abstraction interface to allow later pluggable replacement. The specific subscribed queues are controlled as before and bridges started by the existing code path. The only difference is the bridges will be the new AMQP client code. The remote Artemis broker should accept transferred packets directly onto its own inbox queue and acknowledge receipt via standard AMQP Delivery notifications. This in turn will be acknowledged back to the Artemis Subscriber to permanently remove the message from the source Artemis queue. The headers for deduplication, address names, etc will need to be mapped to the AMQP messages and we will have to take care about the message payload. This should be an envelope that is capable in the future of being end-to-end encrypted. Where possible we should stay close to the current Artemis mappings. 3. We need to define a bridge control protocol, so that we can have an out of process float/bridge. The current process is that on message send the node checks the target address to see if the target queue already exists. If the queue doesn't exist it creates a new queue which includes an encoding of the PublicKey in its name. This is picked up by a wrapper around the Artemis Server which is also hosted inside the node and can ask the network map cache for a translation to a target host and port. This in turn allows a new bridge to be provisioned. At node restart the re-population of the network map cache is followed to re-create the bridges to any unsent queues/messages. @@ -193,3 +159,35 @@ IMPLEMENTATION PLAN 2. An independent task is to look at making the Bridge process HA, probably using a similar hot-warm mastering solution as the node, or atomix.io. The inactive node should track the control messages, but obviously doesn't initiate any bridges. 3. Another potentially parallel piece of development is to start to build a float, which is essentially just splitting the bridge in two and putting in an intermediate hop AMQP/TLS link. The thin proxy in the DMZ zone should be as stateless as possible in this. 4. Finally, the node should use AMQP to talk to its local broker cluster, but this will have to remain partly tied to Artemis, as queue creation will require sending management messages to the Artemis core, but we should be able to abstract this. Bridge Management Protocol. + +## Float evolution + +### In-Process AMQP Bridging +![In-Process AMQP Bridging](./in-process-amqp-bridging.png) + +1. In this phase of evolution we hook the same bridge creation code as before and use the same in-process data access to network map cache. +2. However, we now implement AMQP sender clients using proton-j and netty for TLS layer and connection retry. +3. This will also involve formalising the AMQP packet format of the Corda P2P protocol. +4. Once a bridge makes a successful link to a remote node's Artemis broker it will subscribe to the associated local queue. +5. The messages will be picked up from the local broker via an Artemis CORE consumer for simplicity of initial implementation. +6. The queue consumer should be implemented with a simple generic interface as façade, to allow future replacement. +7. The message will be sent across the AMQP protocol directly to the remote Artemis broker. +8. Once acknowledgement of receipt is given with an AMQP Delivery notification the queue consumption will be acknowledged. +9. This will remove the original item from the source queue. +10. If delivery fails due to link loss the subscriber should be closed until a new link is established to ensure messages are not consumed. +11. If delivery fails for other reasons there should be some for of periodic retry over the AMQP link. +12. For authentication checks the client cert returned from the remote server will be checked and the link dropped if it doesn't match expectations. + +### Out of process Artemis Broker and Bridges +![Out of process Artemis Broker and Bridges](./out-of-proc-artemis-broker-bridges.png) + +1. Move the Artemis broker and bridge formation logic out of the node. This requires formalising the bridge creation requests, but allows clustered brokers, standardised AMQP usage and ultimately pluggable brokers. +2. We should implement a netty socket server on the bridge and forward authenticated packets to the local Artemis broker inbound queues. An AMQP server socket is required for the float, although it should be transparent whether a NodeInfo refers to a bridge socket address, or an Artemis broker. +3. The queue names should use the sha-256 of the PublicKey not the full key. Also, the name should be used for in and out queues, so that multiple distinct nodes can coexist on the same broker. This will simplify development as developers just run a background broker and shouldn't need to restart it. +4. To export the network map information and to initiate bridges a non-durable bridge control protocol will be needed (in blue). Essentially the messages declare the local queue names and target TLS link information. For in-bound messages only messages for known inbox targets will be acknowledged. +5. It should not be hard to make the bridges active-passive HA as they contain no persisted message state and simple RPC can resync the state of the bridge. +6. Queue creation will remain with the node as this must use non-AMQP mechanisms and because flows should be able to queue sent messages even if the bridge is temporarily down. +7. In parallel work can start to upgrade the local links to Artemis (i.e. the node-Artemis link and the Bridge Manager-Artemis link) to be AMQP clients as much as possible. + +### Full float implementation +As described in the 'Target Solution' section, above. From 414be6531dfb1ea8dd30fe4e9ed808701bba6957 Mon Sep 17 00:00:00 2001 From: David Lee Date: Tue, 14 Nov 2017 16:37:02 +0000 Subject: [PATCH 09/25] Additional amendments based on restructuring with Mark O --- docs/source/design/float/design.md | 68 ++++++++++++++---------------- 1 file changed, 32 insertions(+), 36 deletions(-) diff --git a/docs/source/design/float/design.md b/docs/source/design/float/design.md index 219200fbc7..5e421c703b 100644 --- a/docs/source/design/float/design.md +++ b/docs/source/design/float/design.md @@ -30,20 +30,6 @@ The role of the 'float' is to meet the requirements of organisations that will n ### Background - --- Below to be refactored into requirements -Typical modern DMZ rules are: -1. There shall be a firewall between the internet and the DMZ machine and a further firewall between the DMZ and the internal network. Only identified IP's and ports are permitted to access the DMZ box. This include intra-DMZ communications. -2. The DMZ box is typically multi-homed with a network card facing towards the institutional firewall and one facing the internet. (There is usually a further hidden management interface card accessed via a jump box for managing the box and shipping audit trail information). This requires that our software can bind listening ports to the correct network card not just to 0.0.0.0. -3. It is best practice to allow no connections to be initiated by the DMZ box towards the internal network. Communications should be initiated by the internal network to form a bidirectional channel with the proxy process. -4. It is usually required that no business data is persisted on the DMZ box. -5. An audit log of all connection events is almost always required to track breaches. Ideally some latency information is also tracked to deal with connectivity issues. -6. The processes on the DMZ box typically run as local accounts with no relationship to the internal permission systems, or ability to enumerate the internal network. -7. Communications in the DMZ should be modern TLS, often with local only certificates/keys that are of no value outside of the predefined links. -8. It is common to terminate the TLS on the firewall which has an associated HSM for the private keys. This means that we do not necessarily have the certificates of the connection, but hopefully for now we can insist on receiving the connection directly onto the float proxy, although we have to ask how we might access an HSM. -9. It is usually assumed that there is an HA/load balancing pair (or more) of proxies for resilience. Often the firewalls are also combined with hardware load balancer functionality. -10. Ideally any business data passing through the proxy should be separately encrypted, so that no data is in the clear of the program memory if the DMZ box is compromised. I doubt we can finish end-to-end session encryption by March, but we should define our AMQP packet structure to be forward compatible with a switching flag so that we can leave encryption till later. - #### Current P2P State ![Current P2P State](./current-p2p-state.png) @@ -68,7 +54,18 @@ Typical modern DMZ rules are: For delivery by end Q1 2018. ## Requirements -Nick Arini to provide documented requirements. +Allow connectivity in compliance with DMZ constraints commonly imposed by modern financial institutions; namely: +1. There shall be a firewall between the internet and the DMZ machine and a further firewall between the DMZ and the internal network. Only identified IP's and ports are permitted to access the DMZ box. This include intra-DMZ communications. +2. The DMZ box is typically multi-homed with a network card facing towards the institutional firewall and one facing the internet. (There is usually a further hidden management interface card accessed via a jump box for managing the box and shipping audit trail information). This requires that our software can bind listening ports to the correct network card not just to 0.0.0.0. +3. It is best practice to allow no connections to be initiated by the DMZ box towards the internal network. Communications should be initiated by the internal network to form a bidirectional channel with the proxy process. +4. It is usually required that no business data is persisted on the DMZ box. +5. An audit log of all connection events is almost always required to track breaches. Ideally some latency information is also tracked to deal with connectivity issues. +6. The processes on the DMZ box typically run as local accounts with no relationship to the internal permission systems, or ability to enumerate the internal network. +7. Communications in the DMZ should be modern TLS, often with local only certificates/keys that are of no value outside of the predefined links. +8. It is common to terminate the TLS on the firewall which has an associated HSM for the private keys. This means that we do not necessarily have the certificates of the connection, but hopefully for now we can insist on receiving the connection directly onto the float proxy, although we have to ask how we might access an HSM. +9. It is usually assumed that there is an HA/load balancing pair (or more) of proxies for resilience. Often the firewalls are also combined with hardware load balancer functionality. +10. Ideally any business data passing through the proxy should be separately encrypted, so that no data is in the clear of the program memory if the DMZ box is compromised. I doubt we can finish end-to-end session encryption by March, but we should define our AMQP packet structure to be forward compatible with a switching flag so that we can leave encryption till later. + ## Design Decisions 1. AMQP vs. custom P2p - see Alternatives section below @@ -80,18 +77,19 @@ Nick Arini to provide documented requirements. ![Full Float Implementation](./full-float.png) -1. The float implementation should be built upon the AMQP Bridge Manager code and should not be mandatory i.e. there should be interop with older nodes, even those using direct AMQP from bridges in the node. -2. The link between the internal AMQP Bridge Manager and the DMZ Float process should be a single AMQP\TLS connection, which can contain multiple logical AMQP links. This link should be initiated at the socket level by the Bridge Manager towards the DMZ. -3. The DMZ float only needs to receive incoming connections initiated remote peers. No state will be serialized, although suitably protected logs will be recorded of all float activities. -4. The main role of the DMZ float is to forward incoming AMQP link packets from authenticated TLS links to the AMQP Bridge Manager then echo back the final delivery acknowledgements once the Bridge Manager has successfully inserted the messages. The bridge manager is responsible for rejecting inbound packets on queues that are not local inboxes e.g. no way of cheating messages onto management topics, or faking outgoing messages. -5. Outgoing bridge formation and message sending should probably come directly from the internal Bridge Manager, possibly via a SOCKS 4/5 proxy, which is easy enough to enable in netty, or directly through the corporate firewall. It could be initiated from the float, but this just seems insecure. -6. There is probably a need for end-to-end encryption of the payload, but that is for as later phase. At this point a header field indicating plaintext/encrypted payload should be sufficient. -7. I have open questions about the management of the private key for the float certificate if the TLS terminated is directly onto the proxy. This is presumably stored in an HSM, but I am unclear on whether this would be allowed. -8. If instead TLS terminates onto the external firewall, with self-signed certs for TLS in the DMZ this is more standard, but breaks our authentication checks. One solution for authentication checks might be to enable AMQP SASL checks e.g. using https://tools.ietf.org/html/rfc3163 to run challenge response against the node's legal identity certificates, but it needs discussion. -9. HA should be built in from the start and should be easy as the bridge manager can choose which float to make active. Only fully connected DMZ floats should activate their listening port. +1. The float is a listener only and does not enable outgoing bridges (see Design Decisions, above). The internal portion of the bridge is allowed to initiate through the firewall (possibly via a SOCKS proxy). +2. Implementation is based on the AMQP Bridge Manager code. +3. The float is not mandatory; interoperability with older nodes, even those using direct AMQP from bridges in the node, is supported. +4. The link between the internal AMQP Bridge Manager and the DMZ Float process is a single AMQP/TLS connection, which can contain multiple logical AMQP links. This link is initiated at the socket level by the Bridge Manager towards the DMZ. +5. The DMZ float only needs to receive incoming connections initiated remote peers. No state will be serialized, although suitably protected logs will be recorded of all float activities. +6. The main role of the DMZ float is to forward incoming AMQP link packets from authenticated TLS links to the AMQP Bridge Manager then echoes back the final delivery acknowledgements once the Bridge Manager has successfully inserted the messages. The bridge manager is responsible for rejecting inbound packets on queues that are not local inboxes e.g. no way of cheating messages onto management topics, or faking outgoing messages. +7. Outgoing bridge formation and message sending come directly from the internal Bridge Manager (possibly via a SOCKS 4/5 proxy, which is easy enough to enable in netty, or directly through the corporate firewall. It could be initiated from the float, but this just seems insecure.) +8. End-to-end encryption of the payload is not delivered through this design (see Design Decisions, above). For current purposes, a header field indicating plaintext/encrypted payload is employed as a placeholder. +9. HA is enabled (this should be easy as the bridge manager can choose which float to make active). Only fully connected DMZ floats should activate their listening port. + ### Bridge Control Protocol -My proposal is to make the bridge control as stateless as possible. Thus, nodes and bridges restarting must re-request/broadcast information to each other. The messages should be sent to a 'bridge.control' address in Artemis and be sent as non-persistent messages with a non-durable queue, each message should contain a duplicate message ID, which is also re-used as the correlation id in replies. The scenarios are: +The bridge control is designed to be as stateless as possible. Thus, nodes and bridges restarting must re-request/broadcast information to each other. The messages should be sent to a 'bridge.control' address in Artemis and be sent as non-persistent messages with a non-durable queue. Each message should contain a duplicate message ID, which is also re-used as the correlation id in replies. The scenarios are: #### On bridge start-up, or reconnection to Artemis 1. The bridge process should subscribe to the 'bridge.control'. @@ -116,19 +114,17 @@ My proposal is to make the bridge control as stateless as possible. Thus, nodes 4. In parallel a BridgeRequest packet should be sent to activate a new connection outwards. This will contain the contain the legal X500Name and queue name of the new queue. 5. Future QueueSnapshot requests should be responded to with the new queue included in the list. -#### Behaviour with a Float portion in the DMZ -1. With the Float in the DMZ there are potentially two options, either the float can initiate outgoing bridges, or we make it a listener only. After some discussion, it seems that there have been requests to separate in inbound and outbound paths, so for now I model the float as a listener only. The internal portion of the bridge being allowed to initiate through the firewall (possibly via a SOCKS proxy). -2. On initial connection of the inbound bridge connection the Float should authenticate to the best of its ability the origin of the link. If this is a direct termination of the TLS connection then the client certificate must go back to the Corda trust root. Also, the X500 name of the certificate should be recorded and appended to any forwarded messages to the internal systems. -3. If the connection to the Float is not direct, then the AMQP should be configured to run a SASL challenge response to revalidate the origin. The most likely SASL mechanism for this is using https://tools.ietf.org/html/rfc3163 as this allows reuse of our PKI certificates in the challenge response. This should allow us to confirm the client identity. Potentially we could forward some bridge control messages to cover the SASL exchange to the internal Bridge Controller. This would allow us to keep the private keys internal to the organisation, so we may also require a SASLAuth message type as part of the bridge control protocol. -4. The float should restrict acceptable AMQP topics to the name space appropriate for inbound messages only i.e. there should be no way to tunnel messages to bridge control, or RPC topics on the bus. -5. On receipt of a message from the external network the Float should append a header to link the source channel's X500 name, then create a Delivery for forwarding the message inwards. -6. The internal Bridge Control Manager process should validate the message further to ensure that it is targeted at a legitimate inbox (i.e. not an outbound queue) and then forward to the bus. Once delivered to the broker the Delivery acknowledgements should be cascaded back. -7. The Float on receiving Delivery notification from the internal side should acknowledge back the correlated original Delivery. -8. The Float should protect against excessive inbound messages by AMQP flow control and refusing to accept excessive unacknowledged deliveries. -9. The Float should only expose its inbound server socket when activated by a valid AMQP link from the Bridge Control Manager to allow for a simple HA pool of DMZ Float processes. We cannot run the Floats hot-hot as this would invalidate our message ordering guarantees. +### Behaviour with a Float portion in the DMZ +1. On initial connection of an inbound bridge, AMQP is configured to run a SASL challenge response to (re-)validate the origin and confirm the client identity. (The most likely SASL mechanism for this is using https://tools.ietf.org/html/rfc3163 as this allows reuse of our PKI certificates in the challenge response. Potentially we could forward some bridge control messages to cover the SASL exchange to the internal Bridge Controller. This would allow us to keep the private keys internal to the organisation, so we may also require a SASLAuth message type as part of the bridge control protocol.) +2. The float restricts acceptable AMQP topics to the name space appropriate for inbound messages only. Hence, there should be no way to tunnel messages to bridge control, or RPC topics on the bus. +3. On receipt of a message from the external network, the Float should append a header to link the source channel's X500 name, then create a Delivery for forwarding the message inwards. +4. The internal Bridge Control Manager process validates the message further to ensure that it is targeted at a legitimate inbox (i.e. not an outbound queue) and then forwards it to the bus. Once delivered to the broker, the Delivery acknowledgements are cascaded back. +5. On receiving Delivery notification from the internal side, the Float acknowledges back the correlated original Delivery. +6. The Float should protect against excessive inbound messages by AMQP flow control and refusing to accept excessive unacknowledged deliveries. +7. The Float only exposes its inbound server socket when activated by a valid AMQP link from the Bridge Control Manager to allow for a simple HA pool of DMZ Float processes. (Floats cannot run hot-hot as this would invalidate Corda's message ordering guarantees.) ## Alternative options considered -### An Alternative Design Idea Using Direct P2P Communication +### 1. Using Direct P2P Communication I do also have a completely different model of what to do instead of the float/AMQP work, but whilst I don’t think this is likely to be accepted, I do think it has a lot of merits and may be surprisingly fast to implement, at least for small semi-private networks. Essentially, I would discard the Artemis server/AMQP support for peer-to-peer communications. Instead I would write an implementation of our MessagingService which takes direct responsibility for message retries and stores the pending messages into our own DB. The wire level of this service would be built on top of a fully encrypted MIX network which would not require a fully connected graph, but rather send messages on randomly selected paths over the dynamically managed network graph topology. From 4abe176af539f57ac785ab6522bf1a856739a3d7 Mon Sep 17 00:00:00 2001 From: David Lee Date: Tue, 14 Nov 2017 16:45:48 +0000 Subject: [PATCH 10/25] Update design.md --- docs/source/design/float/design.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/docs/source/design/float/design.md b/docs/source/design/float/design.md index 5e421c703b..40c981697f 100644 --- a/docs/source/design/float/design.md +++ b/docs/source/design/float/design.md @@ -55,16 +55,17 @@ For delivery by end Q1 2018. ## Requirements Allow connectivity in compliance with DMZ constraints commonly imposed by modern financial institutions; namely: -1. There shall be a firewall between the internet and the DMZ machine and a further firewall between the DMZ and the internal network. Only identified IP's and ports are permitted to access the DMZ box. This include intra-DMZ communications. -2. The DMZ box is typically multi-homed with a network card facing towards the institutional firewall and one facing the internet. (There is usually a further hidden management interface card accessed via a jump box for managing the box and shipping audit trail information). This requires that our software can bind listening ports to the correct network card not just to 0.0.0.0. -3. It is best practice to allow no connections to be initiated by the DMZ box towards the internal network. Communications should be initiated by the internal network to form a bidirectional channel with the proxy process. -4. It is usually required that no business data is persisted on the DMZ box. -5. An audit log of all connection events is almost always required to track breaches. Ideally some latency information is also tracked to deal with connectivity issues. -6. The processes on the DMZ box typically run as local accounts with no relationship to the internal permission systems, or ability to enumerate the internal network. -7. Communications in the DMZ should be modern TLS, often with local only certificates/keys that are of no value outside of the predefined links. -8. It is common to terminate the TLS on the firewall which has an associated HSM for the private keys. This means that we do not necessarily have the certificates of the connection, but hopefully for now we can insist on receiving the connection directly onto the float proxy, although we have to ask how we might access an HSM. +1. Firewalls required between the internet and any device in the DMZ, and between the DMZ and the internal network. +2. Only identified IPs and ports are permitted to access devices in the DMZ; this include communications between devices colocated in the DMZ. +2. Any DMZ machine is typically multi-homed, with separate network cards handling traffic through the institutional firewall vs. to the Internet. (There is usually a further hidden management interface card accessed via a jump box for managing the box and shipping audit trail information). This requires that our software can bind listening ports to the correct network card not just to 0.0.0.0. +3. No connections to be initiated by DMZ devices towards the internal network. Communications should be initiated from the internal network to form a bidirectional channel with the proxy process. +4. No business data should be persisted on the DMZ box. +5. An audit log of all connection events is required to track breaches. Latency information should also be tracked to facilitate management of connectivity issues. +6. Processes on DMZ devices run as local accounts with no relationship to internal permission systems, or ability to enumerate devices on the internal network. +7. Communications in the DMZ should yse modern TLS, often with local-only certificates/keys that hold no value outside of use in predefined links. +8. TLS is commonly terminated on the firewall which has an associated HSM for the private keys. This means that we do not necessarily have the certificates of the connection, but hopefully for now we can insist on receiving the connection directly onto the float proxy, although we have to ask how we might access an HSM. 9. It is usually assumed that there is an HA/load balancing pair (or more) of proxies for resilience. Often the firewalls are also combined with hardware load balancer functionality. -10. Ideally any business data passing through the proxy should be separately encrypted, so that no data is in the clear of the program memory if the DMZ box is compromised. I doubt we can finish end-to-end session encryption by March, but we should define our AMQP packet structure to be forward compatible with a switching flag so that we can leave encryption till later. +10. Any business data passing through the proxy should be separately encrypted, so that no data is in the clear of the program memory if the DMZ box is compromised. I doubt we can finish end-to-end session encryption by March, but we should define our AMQP packet structure to be forward compatible with a switching flag so that we can leave encryption till later. ## Design Decisions From 4e5a9e924e273892b5665eeb251de8ffa1812b32 Mon Sep 17 00:00:00 2001 From: David Lee Date: Tue, 14 Nov 2017 16:48:35 +0000 Subject: [PATCH 11/25] Removed point --- docs/source/design/float/design.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/source/design/float/design.md b/docs/source/design/float/design.md index 40c981697f..108159e1be 100644 --- a/docs/source/design/float/design.md +++ b/docs/source/design/float/design.md @@ -65,8 +65,7 @@ Allow connectivity in compliance with DMZ constraints commonly imposed by modern 7. Communications in the DMZ should yse modern TLS, often with local-only certificates/keys that hold no value outside of use in predefined links. 8. TLS is commonly terminated on the firewall which has an associated HSM for the private keys. This means that we do not necessarily have the certificates of the connection, but hopefully for now we can insist on receiving the connection directly onto the float proxy, although we have to ask how we might access an HSM. 9. It is usually assumed that there is an HA/load balancing pair (or more) of proxies for resilience. Often the firewalls are also combined with hardware load balancer functionality. -10. Any business data passing through the proxy should be separately encrypted, so that no data is in the clear of the program memory if the DMZ box is compromised. I doubt we can finish end-to-end session encryption by March, but we should define our AMQP packet structure to be forward compatible with a switching flag so that we can leave encryption till later. - +10. Any business data passing through the proxy should be separately encrypted, so that no data is in the clear of the program memory if the DMZ box is compromised. ## Design Decisions 1. AMQP vs. custom P2p - see Alternatives section below From 5c62f9b24387eb20297cfbd2e52f219b129587a7 Mon Sep 17 00:00:00 2001 From: David Lee Date: Tue, 14 Nov 2017 19:26:42 +0000 Subject: [PATCH 12/25] Wording updates --- docs/source/design/float/design.md | 94 +++++++++++++++++------------- 1 file changed, 54 insertions(+), 40 deletions(-) diff --git a/docs/source/design/float/design.md b/docs/source/design/float/design.md index 108159e1be..34073ccef5 100644 --- a/docs/source/design/float/design.md +++ b/docs/source/design/float/design.md @@ -30,25 +30,35 @@ The role of the 'float' is to meet the requirements of organisations that will n ### Background -#### Current P2P State +#### Current state of peer-to-peer messaging in Corda + +The diagram below illustrates the current mechanism for peer-to-peer messaging between Corda nodes. + ![Current P2P State](./current-p2p-state.png) -1. Flow has message for existing peer. -2. Check queue for existence. Finds it exists and submits and continues after acknowledgement. -3. Pre-existing core bridge picks up message and transfers over TLS socket to inbox of destination node. -4. Flow receives message from peer and acknowledged consumption on bus when the flow has checkpointed this progress. -5. Flow has message for new peer. -6. Flow needs to create a queue as this is a new peer. The name encodes the identity of the intended recipient. -7. When the queue creation has completed the node sends the message to the queue. -8. The hosted artemis server in the node has a queue creation hook which is called. -9. The queue name is used to lookup the remote connection details and a new bridge is registered. -10. The client certificate of the peer is compared to the expected legal identity X500 Name. If this is ok message flow is as for a pre-existing link step 3. +When a flow running on a Corda node triggers a requirement to send a message to a peer node, it first checks for pre-existence of an applicable message queue for that peer. + +**If the relevant queue exists:** + +1. The node submits the message to the queue and continues after receiving acknowledgement. +2. The Core Bridge picks up the message and transfers it via a TLS socket to the inbox of the destination node. +3. A flow on the recipient receives message from peer and acknowledged consumption on bus when the flow has checkpointed this progress. + +**If the queue does not exist (messaging a new peer):** + +1. The flow triggers creation of a new queue with a name encoding the identity of the intended recipient. +2. When the queue creation has completed the node sends the message to the queue. +3. The hosted Artemis server within the node has a queue creation hook which is called. +4. The queue name is used to lookup the remote connection details and a new bridge is registered. +5. The client certificate of the peer is compared to the expected legal identity X500 Name. If this is OK, message flow proceeds as for a pre-existing queue (above). ## Scope -* Goals: Allow connection to a corda node wihout requiring direct incoming connections from external participants. -* Non-goals (eg. out of scope) -* Reference(s) to similar or related work +* Goals: + * Allow connection to a Corda node wihout requiring direct incoming connections from external participants. + * Allow connections to a Corda node without requiring the node itself to have a public IP address. Separate TLS connection handling from the MQ broker. +* Non-goals (out of scope): + * Support for MQ brokers other than Apache Artemis ## Timeline For delivery by end Q1 2018. @@ -57,15 +67,15 @@ For delivery by end Q1 2018. Allow connectivity in compliance with DMZ constraints commonly imposed by modern financial institutions; namely: 1. Firewalls required between the internet and any device in the DMZ, and between the DMZ and the internal network. 2. Only identified IPs and ports are permitted to access devices in the DMZ; this include communications between devices colocated in the DMZ. -2. Any DMZ machine is typically multi-homed, with separate network cards handling traffic through the institutional firewall vs. to the Internet. (There is usually a further hidden management interface card accessed via a jump box for managing the box and shipping audit trail information). This requires that our software can bind listening ports to the correct network card not just to 0.0.0.0. -3. No connections to be initiated by DMZ devices towards the internal network. Communications should be initiated from the internal network to form a bidirectional channel with the proxy process. -4. No business data should be persisted on the DMZ box. -5. An audit log of all connection events is required to track breaches. Latency information should also be tracked to facilitate management of connectivity issues. -6. Processes on DMZ devices run as local accounts with no relationship to internal permission systems, or ability to enumerate devices on the internal network. -7. Communications in the DMZ should yse modern TLS, often with local-only certificates/keys that hold no value outside of use in predefined links. -8. TLS is commonly terminated on the firewall which has an associated HSM for the private keys. This means that we do not necessarily have the certificates of the connection, but hopefully for now we can insist on receiving the connection directly onto the float proxy, although we have to ask how we might access an HSM. -9. It is usually assumed that there is an HA/load balancing pair (or more) of proxies for resilience. Often the firewalls are also combined with hardware load balancer functionality. -10. Any business data passing through the proxy should be separately encrypted, so that no data is in the clear of the program memory if the DMZ box is compromised. +3. Any DMZ machine is typically multi-homed, with separate network cards handling traffic through the institutional firewall vs. to the Internet. (There is usually a further hidden management interface card accessed via a jump box for managing the box and shipping audit trail information). This requires that our software can bind listening ports to the correct network card not just to 0.0.0.0. +4. No connections to be initiated by DMZ devices towards the internal network. Communications should be initiated from the internal network to form a bidirectional channel with the proxy process. +5. No business data should be persisted on the DMZ box. +6. An audit log of all connection events is required to track breaches. Latency information should also be tracked to facilitate management of connectivity issues. +7. Processes on DMZ devices run as local accounts with no relationship to internal permission systems, or ability to enumerate devices on the internal network. +8. Communications in the DMZ should yse modern TLS, often with local-only certificates/keys that hold no value outside of use in predefined links. +9. TLS is commonly terminated on the firewall which has an associated HSM for the private keys. This means that we do not necessarily have the certificates of the connection, but hopefully for now we can insist on receiving the connection directly onto the float proxy, although we have to ask how we might access an HSM. +10. It is usually assumed that there is an HA/load balancing pair (or more) of proxies for resilience. Often the firewalls are also combined with hardware load balancer functionality. +11. Any business data passing through the proxy should be separately encrypted, so that no data is in the clear of the program memory if the DMZ box is compromised. ## Design Decisions 1. AMQP vs. custom P2p - see Alternatives section below @@ -75,21 +85,28 @@ Allow connectivity in compliance with DMZ constraints commonly imposed by modern ## Target Solution +The proposed solution introduces a reverse proxy component ("**float**") which may be sited in the DMZ, as illustrated in the diagram below. + ![Full Float Implementation](./full-float.png) -1. The float is a listener only and does not enable outgoing bridges (see Design Decisions, above). The internal portion of the bridge is allowed to initiate through the firewall (possibly via a SOCKS proxy). -2. Implementation is based on the AMQP Bridge Manager code. -3. The float is not mandatory; interoperability with older nodes, even those using direct AMQP from bridges in the node, is supported. -4. The link between the internal AMQP Bridge Manager and the DMZ Float process is a single AMQP/TLS connection, which can contain multiple logical AMQP links. This link is initiated at the socket level by the Bridge Manager towards the DMZ. -5. The DMZ float only needs to receive incoming connections initiated remote peers. No state will be serialized, although suitably protected logs will be recorded of all float activities. -6. The main role of the DMZ float is to forward incoming AMQP link packets from authenticated TLS links to the AMQP Bridge Manager then echoes back the final delivery acknowledgements once the Bridge Manager has successfully inserted the messages. The bridge manager is responsible for rejecting inbound packets on queues that are not local inboxes e.g. no way of cheating messages onto management topics, or faking outgoing messages. -7. Outgoing bridge formation and message sending come directly from the internal Bridge Manager (possibly via a SOCKS 4/5 proxy, which is easy enough to enable in netty, or directly through the corporate firewall. It could be initiated from the float, but this just seems insecure.) -8. End-to-end encryption of the payload is not delivered through this design (see Design Decisions, above). For current purposes, a header field indicating plaintext/encrypted payload is employed as a placeholder. -9. HA is enabled (this should be easy as the bridge manager can choose which float to make active). Only fully connected DMZ floats should activate their listening port. +The main role of the float is to forward incoming AMQP link packets from authenticated TLS links to the AMQP Bridge Manager, then echo back final delivery acknowledgements once the Bridge Manager has successfully inserted the messages. The Bridge Manager is responsible for rejecting inbound packets on queues that are not local inboxes to prevent e.g. 'cheating' messages onto management topics, faking outgoing messages etc. +The float is linked to the internal AMQP Bridge Manager via a single AMQP/TLS connection, which can contain multiple logical AMQP links. This link is initiated at the socket level by the Bridge Manager towards the float. -### Bridge Control Protocol -The bridge control is designed to be as stateless as possible. Thus, nodes and bridges restarting must re-request/broadcast information to each other. The messages should be sent to a 'bridge.control' address in Artemis and be sent as non-persistent messages with a non-durable queue. Each message should contain a duplicate message ID, which is also re-used as the correlation id in replies. The scenarios are: +The float is a **listener only** and does not enable outgoing bridges (see Design Decisions, above). Outgoing bridge formation and message sending come directly from the internal Bridge Manager (possibly via a SOCKS 4/5 proxy, which is easy enough to enable in netty, or directly through the corporate firewall. Initiating from the float gives rise to security concerns.) + +The float is **not mandatory**; interoperability with older nodes, even those using direct AMQP from bridges in the node, is supported. + +**No state will be serialized on the float**, although suitably protected logs will be recorded of all float activities. + +**End-to-end encryption** of the payload is not delivered through this design (see Design Decisions, above). For current purposes, a header field indicating plaintext/encrypted payload is employed as a placeholder. + +**HA** is enabled (this should be easy as the bridge manager can choose which float to make active). Only fully connected DMZ floats should activate their listening port. + +Implementation of the float is expected to be based on existing AMQP Bridge Manager code - see Implementation Plan, below, for expected work stages. + +### Bridge control protocol +The bridge control is designed to be as stateless as possible. Thus, nodes and bridges restarting must re-request/broadcast information to each other. Messages are sent to a 'bridge.control' address in Artemis as non-persistent messages with a non-durable queue. Each message should contain a duplicate message ID, which is also re-used as the correlation id in replies. Relevant scenarios are described below: #### On bridge start-up, or reconnection to Artemis 1. The bridge process should subscribe to the 'bridge.control'. @@ -135,10 +152,7 @@ The point to point links would be standard TLS and the network certificates woul ## Final recommendation -Proposed solution (if more than one option presented) -Proceed direct to implementation -Proceed to Technical Design stage -Proposed Platform Technical team(s) to implement design (if not already decided) +Implement the Target Solution described above according to the implementation plan described below. # IMPLEMENTATION PLAN @@ -148,14 +162,14 @@ Proposed Platform Technical team(s) to implement design (if not already decided) 3. We need to define a bridge control protocol, so that we can have an out of process float/bridge. The current process is that on message send the node checks the target address to see if the target queue already exists. If the queue doesn't exist it creates a new queue which includes an encoding of the PublicKey in its name. This is picked up by a wrapper around the Artemis Server which is also hosted inside the node and can ask the network map cache for a translation to a target host and port. This in turn allows a new bridge to be provisioned. At node restart the re-population of the network map cache is followed to re-create the bridges to any unsent queues/messages. 4. My proposal for a bridge control protocol is partly influenced by the fact that AMQP does not have a built-in mechanism for queue creation/deletion/enumeration. Also, the flows cannot progress until they are sure that there is an accepting queue. Finally, if one runs a local broker it should be fine to run multiple nodes without any bridge processes. Therefore, I will leave the queue creation as the node's responsibility. Initially we can continue to use the existing CORE protocol for this. The requirement to initiate a bridge will change from being implicit signalling via server queue detection to being an explicit pub-sub message that requests bridge formation. This doesn't need durability, or acknowledgements, because when a bridge process starts it should request a refresh of the required bridge list. The typical create bridge messages should contain: 1. The queue name (ideally with the sha256 of the PublicKey, not the whole PublicKey as that may not work on brokers with queue name length constraints). - 2. The expected X500Name for the remote TLS certificate. + 2. The expected X500Name for the remote TLS certificate. 3. The list of host and ports to attempt connection to. See separate section for more info. 5. Once we have the bridge protocol in place and a bridge out of process the broker can move out of process too, which is a requirement for clustering anyway. We can then start work on floating the bridge and making our broker pluggable. 1. At this point the bridge connection to the local queues should be upgraded to also be AMQP client, rather than CORE protocol, which will give the ability for the P2P bridges to work with other broker products. 2. An independent task is to look at making the Bridge process HA, probably using a similar hot-warm mastering solution as the node, or atomix.io. The inactive node should track the control messages, but obviously doesn't initiate any bridges. 3. Another potentially parallel piece of development is to start to build a float, which is essentially just splitting the bridge in two and putting in an intermediate hop AMQP/TLS link. The thin proxy in the DMZ zone should be as stateless as possible in this. 4. Finally, the node should use AMQP to talk to its local broker cluster, but this will have to remain partly tied to Artemis, as queue creation will require sending management messages to the Artemis core, but we should be able to abstract this. Bridge Management Protocol. - + ## Float evolution ### In-Process AMQP Bridging From 5b4667ad9bcaf0d21a6508685baf231ead16eb04 Mon Sep 17 00:00:00 2001 From: David Lee Date: Wed, 15 Nov 2017 10:05:04 +0000 Subject: [PATCH 13/25] added decision doc on p2p protocol --- .../design/float/decisions/ssl-termination.md | 63 +++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 docs/source/design/float/decisions/ssl-termination.md diff --git a/docs/source/design/float/decisions/ssl-termination.md b/docs/source/design/float/decisions/ssl-termination.md new file mode 100644 index 0000000000..ef15a4a5b8 --- /dev/null +++ b/docs/source/design/float/decisions/ssl-termination.md @@ -0,0 +1,63 @@ +![Corda](https://www.corda.net/wp-content/uploads/2016/11/fg005_corda_b.png) + +-------------------------------------------- +Design Decision: P2P Messaging Protocol +============================================ + +## Background / Context + +Corda requires messages to be exchanged between nodes via a well-defined protocol. + +Determining this protocol is a critical upstream dependency for the design of key messaging components including the [float](../design.md). + + + +## Options Analysis + +### 1. Use AMQP + +Under this option, P2P messaging will follow the [Advanced Message Queuing Protocol](https://www.amqp.org/). + +#### Advantages + +1. As we have described in our marketing materials. +2. Well-defined standard. +3. Supportfor packet level flow control and explicit delivery acknowledgement. +4. Will allow eventual swap out of Artemis for other brokers. + +#### Disadvantages + +1. AMQP is a complex protocol with many layered state machines, for which it may prove hard to verify security properties. +2. No support for secure MAC in packets frames. +3. No defined encryption mode beyond creating custom payloadencryption and custom headers. +4. No standardised support for queue creation/enumeration, ordeletion. +5. Use of broker durable queues and autonomousbridge transfers does not align with checkpoint timing, so that independentreplication of the DB and Artemis data risks causing problems. (Writing to the DB doesn’t work currently and is probably also slow). + +### 2. Develop & implement a custom protocol + +Under this option, P2P messaging will follow a custom protocol designed and implemented by the development team. + +#### Advantages + +1. Can be defined with very small message surface area that isamenable to security analysis. +2. Packet formats can follow best practice cryptography from thestart and be matched to Corda’s needs. +3. Doesn’t require ‘Complete Graph’ structure for network if we haveintermediate routing. +4. More closely aligns checkpointing and message delivery handling atthe application level. + +#### Disadvantages + +1. Inconsistent with previous design statements published to external stakeholders. +2. Effort implications - starting from scratch +3. Technical complexity in developing a P2P protocols which is attack tolerant. + + + +## Recommendation and justification + +Proceed with Option 1 + + + +## Decision taken + +Decision still required. \ No newline at end of file From cf22e221130ec5e18b777dfa866b188d2822d2e3 Mon Sep 17 00:00:00 2001 From: David Lee Date: Wed, 15 Nov 2017 10:06:15 +0000 Subject: [PATCH 14/25] Added link --- docs/source/design/float/design.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/source/design/float/design.md b/docs/source/design/float/design.md index 34073ccef5..1bf85eba64 100644 --- a/docs/source/design/float/design.md +++ b/docs/source/design/float/design.md @@ -78,8 +78,8 @@ Allow connectivity in compliance with DMZ constraints commonly imposed by modern 11. Any business data passing through the proxy should be separately encrypted, so that no data is in the clear of the program memory if the DMZ box is compromised. ## Design Decisions -1. AMQP vs. custom P2p - see Alternatives section below -2. SSL termination (firewall vs. float) +1. AMQP vs. custom P2P - see Alternatives section below +2. [SSL termination (firewall vs. float)](./decisions/ssl-termination.md) 3. End-to-end encryption 4. Prioritisation of pluggable broker support From 38352d5175f1962d675ce4e292e332935d774b8e Mon Sep 17 00:00:00 2001 From: David Lee Date: Wed, 15 Nov 2017 11:50:19 +0000 Subject: [PATCH 15/25] Added ssl-termination options doc --- .../design/float/decisions/p2p-protocol.md | 69 ++++++++++++++ .../design/float/decisions/ssl-termination.md | 90 +++++++++++++------ 2 files changed, 134 insertions(+), 25 deletions(-) create mode 100644 docs/source/design/float/decisions/p2p-protocol.md diff --git a/docs/source/design/float/decisions/p2p-protocol.md b/docs/source/design/float/decisions/p2p-protocol.md new file mode 100644 index 0000000000..7f690eb0fe --- /dev/null +++ b/docs/source/design/float/decisions/p2p-protocol.md @@ -0,0 +1,69 @@ +![Corda](https://www.corda.net/wp-content/uploads/2016/11/fg005_corda_b.png) + +-------------------------------------------- +Design Decision: P2P Messaging Protocol +============================================ + +## Background / Context + +Corda requires messages to be exchanged between nodes via a well-defined protocol. + +Determining this protocol is a critical upstream dependency for the design of key messaging components including the [float](../design.md). + + + +## Options Analysis + +### 1. Use AMQP + +Under this option, P2P messaging will follow the [Advanced Message Queuing Protocol](https://www.amqp.org/). + +#### Advantages + +1. As we have described in our marketing materials. +2. Well-defined standard. +3. Supportfor packet level flow control and explicit delivery acknowledgement. +4. Will allow eventual swap out of Artemis for other brokers. + +#### Disadvantages + +1. AMQP is a complex protocol with many layered state machines, for which it may prove hard to verify security properties. +2. No support for secure MAC in packets frames. +3. No defined encryption mode beyond creating custom payloadencryption and custom headers. +4. No standardised support for queue creation/enumeration, ordeletion. +5. Use of broker durable queues and autonomousbridge transfers does not align with checkpoint timing, so that independentreplication of the DB and Artemis data risks causing problems. (Writing to the DB doesn’t work currently and is probably also slow). + +### 2. Develop a custom protocol + +This option would discard existing Artemis server/AMQP support for peer-to-peer communications in favour of a custom implementation of the Corda MessagingService, which takes direct responsibility for message retries and stores the pending messages into the node's database. The wire level of this service would be built on top of a fully encrypted MIX network which would not require a fully connected graph, but rather send messages on randomly selected paths over the dynamically managed network graph topology. + +Packet format would likely use the ![SPHINX packet format](http://www0.cs.ucl.ac.uk/staff/G.Danezis/papers/sphinx-eprint.pdf) although with the body encryption updated to a modern AEAD scheme as in https://www.cs.ru.nl/~bmennink/pubs/16cans.pdf . In this scheme, nodes would be identified in the overlay network solely by Curve25519 public key addresses and floats would be dumb nodes that only run the MIX network code and don’t act as message sources, or sinks. Intermediate traffic would not be readable except by the intended waypoint and only the final node can read the payload. + +Point to point links would be standard TLS and the network certificates would be whatever is acceptable to the host institutions e.g. standard Verisign certs. It is assumed institutions would select partners to connect to that they trust and permission them individually in their firewalls. Inside the MIX network the nodes would be connected mostly in a static way and use standard HELLO packets to determine the liveness of neighbour routes, then use tunnelled gossip to distribute the signed/versioned Link topology messages. Nodes will also be allowed to advertise a public IP, so some dynamic links and publicly visible nodes would exist. Network map addresses would then be mappings from Legal Identity to these overlay network addresses, not to physical network locations. + +#### Advantages + +1. Can be defined with very small message surface area that is amenable to security analysis. +2. Packet formats can follow best practice cryptography from thestart and be matched to Corda’s needs. +3. Doesn’t require ‘Complete Graph’ structure for network if we haveintermediate routing. +4. More closely aligns checkpointing and message delivery handling at the application level. + +#### Disadvantages + +1. Inconsistent with previous design statements published to external stakeholders. +2. Effort implications - starting from scratch +3. Technical complexity in developing a P2P protocols which is attack tolerant. + + + + + +## Recommendation and justification + +Proceed with Option 1 + + + +## Decision taken + +Decision still required. \ No newline at end of file diff --git a/docs/source/design/float/decisions/ssl-termination.md b/docs/source/design/float/decisions/ssl-termination.md index ef15a4a5b8..71d43a5f1f 100644 --- a/docs/source/design/float/decisions/ssl-termination.md +++ b/docs/source/design/float/decisions/ssl-termination.md @@ -1,60 +1,100 @@ ![Corda](https://www.corda.net/wp-content/uploads/2016/11/fg005_corda_b.png) -------------------------------------------- -Design Decision: P2P Messaging Protocol +Design Decision: TLS termination point ============================================ ## Background / Context -Corda requires messages to be exchanged between nodes via a well-defined protocol. - -Determining this protocol is a critical upstream dependency for the design of key messaging components including the [float](../design.md). +Design of the [float](../design.md) is critically influenced by the decision of where TLS connections to the node should be terminated. ## Options Analysis -### 1. Use AMQP +### 1. Terminate TLS on Firewall + -Under this option, P2P messaging will follow the [Advanced Message Queuing Protocol](https://www.amqp.org/). #### Advantages -1. As we have described in our marketing materials. -2. Well-defined standard. -3. Supportfor packet level flow control and explicit delivery acknowledgement. -4. Will allow eventual swap out of Artemis for other brokers. +1. Common practice for DMZ web solutions, often with an HSM associated with the Firewall and should be familiar for banks to setup. +2. Doesn’t expose our private key in the less trusted DMZ context. +3. Bugs in the firewall TLS engine will be patched frequently. +4. The DMZ float server would only require a self-signed certificate/private key to enable secure communications, so theft of this key has no impact beyond the compromised machine. #### Disadvantages -1. AMQP is a complex protocol with many layered state machines, for which it may prove hard to verify security properties. -2. No support for secure MAC in packets frames. -3. No defined encryption mode beyond creating custom payloadencryption and custom headers. -4. No standardised support for queue creation/enumeration, ordeletion. -5. Use of broker durable queues and autonomousbridge transfers does not align with checkpoint timing, so that independentreplication of the DB and Artemis data risks causing problems. (Writing to the DB doesn’t work currently and is probably also slow). +1. May limit cryptography options to RSA, and prevent checking of X500 names (only the root certificate checked) - Corda certificates are not totally standard; +2. Doesn’t allow identification of the message source. +3. May require additional work and SASL support code to validate theultimate origin of connections in the float. -### 2. Develop & implement a custom protocol +#### Variant option 1a: Include SASL connection checking -Under this option, P2P messaging will follow a custom protocol designed and implemented by the development team. +##### Advantages + +1. Maintain authentication support +2. Can authenticate against keys held internallye.g. Legal Identity not just TLS + +##### Disadvantages + +1. More work than the do-nothing approach + +2. More protocol to design for sending across the inner firewall. + + ​ + +### 2. Direct TLS Termination onto Float #### Advantages -1. Can be defined with very small message surface area that isamenable to security analysis. -2. Packet formats can follow best practice cryptography from thestart and be matched to Corda’s needs. -3. Doesn’t require ‘Complete Graph’ structure for network if we haveintermediate routing. -4. More closely aligns checkpointing and message delivery handling atthe application level. +1. Validate our PKI certificates directly ourselves. +2. Allow messages to be reliably tagged with source. #### Disadvantages -1. Inconsistent with previous design statements published to external stakeholders. -2. Effort implications - starting from scratch -3. Technical complexity in developing a P2P protocols which is attack tolerant. +1. We don’t currently use the identity to check incoming packets,only for connection authentication anyway. +2. Management of Private Key a challenge requiring extra work and security implications. Options for this are presented below. +#### Variant Option 2a: Float TLS certificate via direct HSM +##### Advantages + +1. Key can’t be stolen (only access to signing operations) +2. Audit trail of signings. + +##### Disadvantages + +1. Accessing HSM from DMZ probably not allowed. +2. Breaks the inbound-connection-only rule of modern DMZ. + +#### Variant Option 2b: Tunnel signing requests to bridge manager + +##### Advantages + +1. No new connections involved from Float box. +2. No access to actual private key from DMZ. + +##### Disadvantages + +1. Requires implementation of a message protocol, in addition to a key provider that can be passed to the standard SSLEngine, but proxies signing requests. + +#### Variant Option 2c: Store key on local file system + +##### Advantages + +1. Simple with minimal extra code required. +2. Delegates access control to bank’s own systems. +3. Risks losing only the TLS private key, which caneasily be revoked. This isn’t the legal identity key at all. + +##### Disadvantages + +1. Risks losing the TLS private key +2. Probably not allowed. ## Recommendation and justification -Proceed with Option 1 +Proceed with Variant option 1a: Include SASL connection checking From f86b952c8a9b6d08846c9306934fab0df1887bdf Mon Sep 17 00:00:00 2001 From: David Lee Date: Wed, 15 Nov 2017 11:50:51 +0000 Subject: [PATCH 16/25] Added link --- docs/source/design/float/design.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/design/float/design.md b/docs/source/design/float/design.md index 1bf85eba64..37091599e1 100644 --- a/docs/source/design/float/design.md +++ b/docs/source/design/float/design.md @@ -78,7 +78,7 @@ Allow connectivity in compliance with DMZ constraints commonly imposed by modern 11. Any business data passing through the proxy should be separately encrypted, so that no data is in the clear of the program memory if the DMZ box is compromised. ## Design Decisions -1. AMQP vs. custom P2P - see Alternatives section below +1. [AMQP vs. custom P2P](./devisions/p2p-protocol.md) 2. [SSL termination (firewall vs. float)](./decisions/ssl-termination.md) 3. End-to-end encryption 4. Prioritisation of pluggable broker support From f3ded28bef72a0175da4219bcacab1df335b3607 Mon Sep 17 00:00:00 2001 From: David Lee Date: Wed, 15 Nov 2017 12:49:27 +0000 Subject: [PATCH 17/25] Added extra design decision info --- .../design/float/decisions/e2e-encryption.md | 56 ++++++++++++++++ .../float/decisions/pluggable-broker.md | 67 +++++++++++++++++++ .../design/float/decisions/ssl-termination.md | 2 +- docs/source/design/float/design.md | 23 ++----- 4 files changed, 131 insertions(+), 17 deletions(-) create mode 100644 docs/source/design/float/decisions/e2e-encryption.md create mode 100644 docs/source/design/float/decisions/pluggable-broker.md diff --git a/docs/source/design/float/decisions/e2e-encryption.md b/docs/source/design/float/decisions/e2e-encryption.md new file mode 100644 index 0000000000..cecc8af96f --- /dev/null +++ b/docs/source/design/float/decisions/e2e-encryption.md @@ -0,0 +1,56 @@ +![Corda](https://www.corda.net/wp-content/uploads/2016/11/fg005_corda_b.png) + +-------------------------------------------- +Design Decision: End-to-end encryption +============================================ + +## Background / Context + +End-to-end encryption is a desirable potential design feature for the [float](../design.md). + + + +## Options Analysis + +### 1. No end-to-end encryption + +#### Advantages + +1. Least effort +2. Easier to fault find and manage + +#### Disadvantages + +1. With no placeholder, it is very hard to add support later and maintainwire stability. +2. May not get past security reviews of Float. + +### 2. Placeholder only + +#### Advantages + +1. Allows wire stability when we have agreed an encrypted approach +2. Shows that we are serious about security, even if this isn’tavailable yet. +3. Allows later encrypted version to be an enterprise feature thatcan interoperate with OS versions. + +#### Disadvantages + +1. Doesn’t actually provide E2E, or define what an encrypted payloadlooks like. +2. Doesn’t address any crypto features that target protecting the AMQP headers. + +### 3. Implement end-to-end encryption + +1. Will protect the sensitive data fully. + +#### Disadvantages + +1. Lots of work. +2. Difficult to get right. +3. Re-inventing TLS. + +## Recommendation and justification + +Proceed with Option 2: Placeholder + +## Decision taken + +Decision still required. \ No newline at end of file diff --git a/docs/source/design/float/decisions/pluggable-broker.md b/docs/source/design/float/decisions/pluggable-broker.md new file mode 100644 index 0000000000..dd8f47886b --- /dev/null +++ b/docs/source/design/float/decisions/pluggable-broker.md @@ -0,0 +1,67 @@ +![Corda](https://www.corda.net/wp-content/uploads/2016/11/fg005_corda_b.png) + +-------------------------------------------- +Design Decision: Pluggable Broker prioritisation +============================================ + +## Background / Context + +A decision on when to prioritise implementation of a pluggable broker has implications for delivery of key messaging components including the [float](../design.md). + + + +## Options Analysis + +### 1. Deliver pluggable brokers now + +#### Advantages + +1. Meshes with business opportunities from HPE and Solace Systems. +2. Would allow us to interface to existing Bank middleware. +3. Would allow us to switch away from Artemis if we need higherperformance. +4. Makes our AMQP story stronger. + +#### Disadvantages + +1. More up-front work. +2. Might slow us down on other priorities. + +### 2. Defer development of pluggable brokers until later + +#### Advantages + +1. Still gets us where we want to go, just later. +2. Work can be progressed as resource is available, rather than right now. + +#### Disadvantages + +1. Have to take care that we have sufficient abstractions that thingslike CORE connections can be replaced later. +2. Leaves HPE and Solace hanging even longer. + + +### 3. Never enable pluggable brokers + +#### Advantages + +1. What we already have. + +#### Disadvantages + +1. Ties us to ArtemisMQ development speed. + +2. Not good for our relationship with HPE and Solace. + +3. Probably limits our maximum messaging performance longer term. + + ​ + + +## Recommendation and justification + +Proceed with Option 2 (defer development of pluggable brokers until later) + + + +## Decision taken + +Decision still required. \ No newline at end of file diff --git a/docs/source/design/float/decisions/ssl-termination.md b/docs/source/design/float/decisions/ssl-termination.md index 71d43a5f1f..594d670b3d 100644 --- a/docs/source/design/float/decisions/ssl-termination.md +++ b/docs/source/design/float/decisions/ssl-termination.md @@ -94,7 +94,7 @@ Design of the [float](../design.md) is critically influenced by the decision of ## Recommendation and justification -Proceed with Variant option 1a: Include SASL connection checking +Proceed with Variant option 1a: Terminate on firewall; include SASL connection checking diff --git a/docs/source/design/float/design.md b/docs/source/design/float/design.md index 37091599e1..e69c32faa4 100644 --- a/docs/source/design/float/design.md +++ b/docs/source/design/float/design.md @@ -78,10 +78,13 @@ Allow connectivity in compliance with DMZ constraints commonly imposed by modern 11. Any business data passing through the proxy should be separately encrypted, so that no data is in the clear of the program memory if the DMZ box is compromised. ## Design Decisions -1. [AMQP vs. custom P2P](./devisions/p2p-protocol.md) -2. [SSL termination (firewall vs. float)](./decisions/ssl-termination.md) -3. End-to-end encryption -4. Prioritisation of pluggable broker support + +The following design decisions are assumed by this design: + +1. [AMQP vs. custom P2P](./decisions/p2p-protocol.md): Use AMQP +2. [SSL termination (firewall vs. float)](./decisions/ssl-termination.md): Terminate on firewall; include SASL connection checking +3. [End-to-end encryption](./decisions/e2e-encryption.md): Include placeholder only +4. [Prioritisation of pluggable broker support](./decisions/pluggable-broker): Defer pluggable brokers until later ## Target Solution @@ -140,19 +143,7 @@ The bridge control is designed to be as stateless as possible. Thus, nodes and b 6. The Float should protect against excessive inbound messages by AMQP flow control and refusing to accept excessive unacknowledged deliveries. 7. The Float only exposes its inbound server socket when activated by a valid AMQP link from the Bridge Control Manager to allow for a simple HA pool of DMZ Float processes. (Floats cannot run hot-hot as this would invalidate Corda's message ordering guarantees.) -## Alternative options considered -### 1. Using Direct P2P Communication -I do also have a completely different model of what to do instead of the float/AMQP work, but whilst I don’t think this is likely to be accepted, I do think it has a lot of merits and may be surprisingly fast to implement, at least for small semi-private networks. -Essentially, I would discard the Artemis server/AMQP support for peer-to-peer communications. Instead I would write an implementation of our MessagingService which takes direct responsibility for message retries and stores the pending messages into our own DB. The wire level of this service would be built on top of a fully encrypted MIX network which would not require a fully connected graph, but rather send messages on randomly selected paths over the dynamically managed network graph topology. - -For packet format I would use the ![SPHINX packet format](http://www0.cs.ucl.ac.uk/staff/G.Danezis/papers/sphinx-eprint.pdf) although with the body encryption updated to a modern AEAD scheme as in https://www.cs.ru.nl/~bmennink/pubs/16cans.pdf . In this scheme, nodes would be identified in the overlay network solely by Curve25519 public key addresses and floats would be dumb nodes that only run the MIX network code and don’t act as message sources, or sinks. Intermediate traffic would not be readable except by the intended waypoint and only the final node can read the payload. - -The point to point links would be standard TLS and the network certificates would be whatever is acceptable to the host institutions e.g. standard Verisign certs. It is assumed institutions would select partners to connect to that they trust and permission them individually in their firewalls. Inside the MIX network the nodes would be connected mostly in a static way and use standard HELLO packets to determine the liveness of neighbour routes, then use tunnelled gossip to distribute the signed/versioned Link topology messages. The nodes will be allowed to advertise a Public IP as well, so some dynamic links and publicly visible nodes would exist. The network map addresses would then be mappings from Legal Identity to these overlay network addresses, not to physical network locations. - -## Final recommendation - -Implement the Target Solution described above according to the implementation plan described below. # IMPLEMENTATION PLAN From 829262c86881965d85480210d1c126c90906c522 Mon Sep 17 00:00:00 2001 From: David Lee Date: Wed, 15 Nov 2017 13:05:06 +0000 Subject: [PATCH 18/25] Update --- docs/source/design/float/design.md | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/docs/source/design/float/design.md b/docs/source/design/float/design.md index e69c32faa4..52255b521c 100644 --- a/docs/source/design/float/design.md +++ b/docs/source/design/float/design.md @@ -65,17 +65,19 @@ For delivery by end Q1 2018. ## Requirements Allow connectivity in compliance with DMZ constraints commonly imposed by modern financial institutions; namely: -1. Firewalls required between the internet and any device in the DMZ, and between the DMZ and the internal network. -2. Only identified IPs and ports are permitted to access devices in the DMZ; this include communications between devices colocated in the DMZ. -3. Any DMZ machine is typically multi-homed, with separate network cards handling traffic through the institutional firewall vs. to the Internet. (There is usually a further hidden management interface card accessed via a jump box for managing the box and shipping audit trail information). This requires that our software can bind listening ports to the correct network card not just to 0.0.0.0. -4. No connections to be initiated by DMZ devices towards the internal network. Communications should be initiated from the internal network to form a bidirectional channel with the proxy process. -5. No business data should be persisted on the DMZ box. -6. An audit log of all connection events is required to track breaches. Latency information should also be tracked to facilitate management of connectivity issues. -7. Processes on DMZ devices run as local accounts with no relationship to internal permission systems, or ability to enumerate devices on the internal network. -8. Communications in the DMZ should yse modern TLS, often with local-only certificates/keys that hold no value outside of use in predefined links. -9. TLS is commonly terminated on the firewall which has an associated HSM for the private keys. This means that we do not necessarily have the certificates of the connection, but hopefully for now we can insist on receiving the connection directly onto the float proxy, although we have to ask how we might access an HSM. -10. It is usually assumed that there is an HA/load balancing pair (or more) of proxies for resilience. Often the firewalls are also combined with hardware load balancer functionality. -11. Any business data passing through the proxy should be separately encrypted, so that no data is in the clear of the program memory if the DMZ box is compromised. +1. Firewalls required between the internet and any device in the DMZ, and between the DMZ and the internal network +2. Data passing from the internet and the internal network via the DMZ should pass through a clear protocol break in the DMZ. +3. Only identified IPs and ports are permitted to access devices in the DMZ; this include communications between devices colocated in the DMZ. +4. Only a limited number of ports are opened in the firewall (<5) to make firewall operation manageable. These ports must change slowly. +5. Any DMZ machine is typically multi-homed, with separate network cards handling traffic through the institutional firewall vs. to the Internet. (There is usually a further hidden management interface card accessed via a jump box for managing the box and shipping audit trail information). This requires that our software can bind listening ports to the correct network card not just to 0.0.0.0. +6. No connections to be initiated by DMZ devices towards the internal network. Communications should be initiated from the internal network to form a bidirectional channel with the proxy process. +7. No business data should be persisted on the DMZ box. +8. An audit log of all connection events is required to track breaches. Latency information should also be tracked to facilitate management of connectivity issues. +9. Processes on DMZ devices run as local accounts with no relationship to internal permission systems, or ability to enumerate devices on the internal network. +10. Communications in the DMZ should yse modern TLS, often with local-only certificates/keys that hold no value outside of use in predefined links. +11. Where TLS is required to terminate on the firewall, provide a suitably secure key management mechanism (e.g. an HSM). +12. Any proxy in the DMZ should be subject to the same HA requirements as the devices it is servicing +13. Any business data passing through the proxy should be separately encrypted, so that no data is in the clear of the program memory if the DMZ box is compromised. ## Design Decisions @@ -84,7 +86,7 @@ The following design decisions are assumed by this design: 1. [AMQP vs. custom P2P](./decisions/p2p-protocol.md): Use AMQP 2. [SSL termination (firewall vs. float)](./decisions/ssl-termination.md): Terminate on firewall; include SASL connection checking 3. [End-to-end encryption](./decisions/e2e-encryption.md): Include placeholder only -4. [Prioritisation of pluggable broker support](./decisions/pluggable-broker): Defer pluggable brokers until later +4. [Prioritisation of pluggable broker support](./decisions/pluggable-broker.md): Defer pluggable brokers until later ## Target Solution From 1636a4bb0c48dfb48628d6a21c93aca689d3360c Mon Sep 17 00:00:00 2001 From: Matthew Nesbit Date: Wed, 15 Nov 2017 13:53:03 +0000 Subject: [PATCH 19/25] Update p2p-protocol.md --- docs/source/design/float/decisions/p2p-protocol.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/source/design/float/decisions/p2p-protocol.md b/docs/source/design/float/decisions/p2p-protocol.md index 7f690eb0fe..f3cb3129bd 100644 --- a/docs/source/design/float/decisions/p2p-protocol.md +++ b/docs/source/design/float/decisions/p2p-protocol.md @@ -29,23 +29,23 @@ Under this option, P2P messaging will follow the [Advanced Message Queuing Proto 1. AMQP is a complex protocol with many layered state machines, for which it may prove hard to verify security properties. 2. No support for secure MAC in packets frames. -3. No defined encryption mode beyond creating custom payloadencryption and custom headers. -4. No standardised support for queue creation/enumeration, ordeletion. -5. Use of broker durable queues and autonomousbridge transfers does not align with checkpoint timing, so that independentreplication of the DB and Artemis data risks causing problems. (Writing to the DB doesn’t work currently and is probably also slow). +3. No defined encryption mode beyond creating custom payload encryption and custom headers. +4. No standardised support for queue creation/enumeration, or deletion. +5. Use of broker durable queues and autonomousbridge transfers does not align with checkpoint timing, so that independent replication of the DB and Artemis data risks causing problems. (Writing to the DB doesn’t work currently and is probably also slow). ### 2. Develop a custom protocol This option would discard existing Artemis server/AMQP support for peer-to-peer communications in favour of a custom implementation of the Corda MessagingService, which takes direct responsibility for message retries and stores the pending messages into the node's database. The wire level of this service would be built on top of a fully encrypted MIX network which would not require a fully connected graph, but rather send messages on randomly selected paths over the dynamically managed network graph topology. -Packet format would likely use the ![SPHINX packet format](http://www0.cs.ucl.ac.uk/staff/G.Danezis/papers/sphinx-eprint.pdf) although with the body encryption updated to a modern AEAD scheme as in https://www.cs.ru.nl/~bmennink/pubs/16cans.pdf . In this scheme, nodes would be identified in the overlay network solely by Curve25519 public key addresses and floats would be dumb nodes that only run the MIX network code and don’t act as message sources, or sinks. Intermediate traffic would not be readable except by the intended waypoint and only the final node can read the payload. +Packet format would likely use the ![SPHINX packet format](http://www0.cs.ucl.ac.uk/staff/G.Danezis/papers/sphinx-eprint.pdf) although with the body encryption updated to a modern AEAD scheme as in https://www.cs.ru.nl/~bmennink/pubs/16cans.pdf . In this scheme, nodes would be identified in the overlay network solely by Curve25519 public key addresses and floats would be dumb nodes that only run the MIX network code and don't act as message sources, or sinks. Intermediate traffic would not be readable except by the intended waypoint and only the final node can read the payload. Point to point links would be standard TLS and the network certificates would be whatever is acceptable to the host institutions e.g. standard Verisign certs. It is assumed institutions would select partners to connect to that they trust and permission them individually in their firewalls. Inside the MIX network the nodes would be connected mostly in a static way and use standard HELLO packets to determine the liveness of neighbour routes, then use tunnelled gossip to distribute the signed/versioned Link topology messages. Nodes will also be allowed to advertise a public IP, so some dynamic links and publicly visible nodes would exist. Network map addresses would then be mappings from Legal Identity to these overlay network addresses, not to physical network locations. #### Advantages 1. Can be defined with very small message surface area that is amenable to security analysis. -2. Packet formats can follow best practice cryptography from thestart and be matched to Corda’s needs. -3. Doesn’t require ‘Complete Graph’ structure for network if we haveintermediate routing. +2. Packet formats can follow best practice cryptography from the start and be matched to Corda’s needs. +3. Doesn’t require ‘Complete Graph’ structure for network if we have intermediate routing. 4. More closely aligns checkpointing and message delivery handling at the application level. #### Disadvantages @@ -66,4 +66,4 @@ Proceed with Option 1 ## Decision taken -Decision still required. \ No newline at end of file +Decision still required. From f15f57e83dcea751f93b54b01db3c7d929d38fc6 Mon Sep 17 00:00:00 2001 From: Matthew Nesbit Date: Wed, 15 Nov 2017 13:56:18 +0000 Subject: [PATCH 20/25] Update ssl-termination.md --- .../design/float/decisions/ssl-termination.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/source/design/float/decisions/ssl-termination.md b/docs/source/design/float/decisions/ssl-termination.md index 594d670b3d..ca5d740649 100644 --- a/docs/source/design/float/decisions/ssl-termination.md +++ b/docs/source/design/float/decisions/ssl-termination.md @@ -25,16 +25,16 @@ Design of the [float](../design.md) is critically influenced by the decision of #### Disadvantages -1. May limit cryptography options to RSA, and prevent checking of X500 names (only the root certificate checked) - Corda certificates are not totally standard; +1. May limit cryptography options to RSA, and prevent checking of X500 names (only the root certificate checked) - Corda certificates are not totally standard. 2. Doesn’t allow identification of the message source. -3. May require additional work and SASL support code to validate theultimate origin of connections in the float. +3. May require additional work and SASL support code to validate the ultimate origin of connections in the float. #### Variant option 1a: Include SASL connection checking ##### Advantages 1. Maintain authentication support -2. Can authenticate against keys held internallye.g. Legal Identity not just TLS +2. Can authenticate against keys held internally e.g. Legal Identity not just TLS. ##### Disadvantages @@ -53,7 +53,7 @@ Design of the [float](../design.md) is critically influenced by the decision of #### Disadvantages -1. We don’t currently use the identity to check incoming packets,only for connection authentication anyway. +1. We don’t currently use the identity to check incoming packets, only for connection authentication anyway. 2. Management of Private Key a challenge requiring extra work and security implications. Options for this are presented below. #### Variant Option 2a: Float TLS certificate via direct HSM @@ -85,19 +85,19 @@ Design of the [float](../design.md) is critically influenced by the decision of 1. Simple with minimal extra code required. 2. Delegates access control to bank’s own systems. -3. Risks losing only the TLS private key, which caneasily be revoked. This isn’t the legal identity key at all. +3. Risks losing only the TLS private key, which can easily be revoked. This isn’t the legal identity key at all. ##### Disadvantages -1. Risks losing the TLS private key +1. Risks losing the TLS private key. 2. Probably not allowed. ## Recommendation and justification -Proceed with Variant option 1a: Terminate on firewall; include SASL connection checking +Proceed with Variant option 1a: Terminate on firewall; include SASL connection checking. ## Decision taken -Decision still required. \ No newline at end of file +Decision still required. From ca30f22cfccf62109071dc56c2cf944947ca3d3d Mon Sep 17 00:00:00 2001 From: Matthew Nesbit Date: Wed, 15 Nov 2017 13:57:41 +0000 Subject: [PATCH 21/25] Update e2e-encryption.md --- docs/source/design/float/decisions/e2e-encryption.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/source/design/float/decisions/e2e-encryption.md b/docs/source/design/float/decisions/e2e-encryption.md index cecc8af96f..0cf51847de 100644 --- a/docs/source/design/float/decisions/e2e-encryption.md +++ b/docs/source/design/float/decisions/e2e-encryption.md @@ -21,7 +21,7 @@ End-to-end encryption is a desirable potential design feature for the [float](.. #### Disadvantages -1. With no placeholder, it is very hard to add support later and maintainwire stability. +1. With no placeholder, it is very hard to add support later and maintain wire stability. 2. May not get past security reviews of Float. ### 2. Placeholder only @@ -29,8 +29,8 @@ End-to-end encryption is a desirable potential design feature for the [float](.. #### Advantages 1. Allows wire stability when we have agreed an encrypted approach -2. Shows that we are serious about security, even if this isn’tavailable yet. -3. Allows later encrypted version to be an enterprise feature thatcan interoperate with OS versions. +2. Shows that we are serious about security, even if this isn’t available yet. +3. Allows later encrypted version to be an enterprise feature that can interoperate with OS versions. #### Disadvantages @@ -53,4 +53,4 @@ Proceed with Option 2: Placeholder ## Decision taken -Decision still required. \ No newline at end of file +Decision still required. From 4aa7247edac062686596a31dfae66089b299ec01 Mon Sep 17 00:00:00 2001 From: Matthew Nesbit Date: Wed, 15 Nov 2017 13:58:26 +0000 Subject: [PATCH 22/25] Update pluggable-broker.md --- docs/source/design/float/decisions/pluggable-broker.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/docs/source/design/float/decisions/pluggable-broker.md b/docs/source/design/float/decisions/pluggable-broker.md index dd8f47886b..e747dfd68e 100644 --- a/docs/source/design/float/decisions/pluggable-broker.md +++ b/docs/source/design/float/decisions/pluggable-broker.md @@ -18,7 +18,7 @@ A decision on when to prioritise implementation of a pluggable broker has implic 1. Meshes with business opportunities from HPE and Solace Systems. 2. Would allow us to interface to existing Bank middleware. -3. Would allow us to switch away from Artemis if we need higherperformance. +3. Would allow us to switch away from Artemis if we need higher performance. 4. Makes our AMQP story stronger. #### Disadvantages @@ -35,7 +35,7 @@ A decision on when to prioritise implementation of a pluggable broker has implic #### Disadvantages -1. Have to take care that we have sufficient abstractions that thingslike CORE connections can be replaced later. +1. Have to take care that we have sufficient abstractions that things like CORE connections can be replaced later. 2. Leaves HPE and Solace hanging even longer. @@ -53,8 +53,6 @@ A decision on when to prioritise implementation of a pluggable broker has implic 3. Probably limits our maximum messaging performance longer term. - ​ - ## Recommendation and justification @@ -64,4 +62,4 @@ Proceed with Option 2 (defer development of pluggable brokers until later) ## Decision taken -Decision still required. \ No newline at end of file +Decision still required. From 9497f34698c9437602450dd3ac93b21e7b77ebce Mon Sep 17 00:00:00 2001 From: David Lee Date: Fri, 17 Nov 2017 14:10:21 +0000 Subject: [PATCH 23/25] Added meeting minutes --- .../float/decisions/drb-meeting-20171116.md | 155 ++++++++++++++++++ .../design/float/decisions/e2e-encryption.md | 2 +- .../design/float/decisions/p2p-protocol.md | 2 +- .../float/decisions/pluggable-broker.md | 2 +- .../design/float/decisions/ssl-termination.md | 2 +- 5 files changed, 159 insertions(+), 4 deletions(-) create mode 100644 docs/source/design/float/decisions/drb-meeting-20171116.md diff --git a/docs/source/design/float/decisions/drb-meeting-20171116.md b/docs/source/design/float/decisions/drb-meeting-20171116.md new file mode 100644 index 0000000000..27d07c63ac --- /dev/null +++ b/docs/source/design/float/decisions/drb-meeting-20171116.md @@ -0,0 +1,155 @@ +![Corda](https://www.corda.net/wp-content/uploads/2016/11/fg005_corda_b.png) + +-------------------------------------------- +Design Review Board Meeting Minutes +============================================ + +**Date / Time:** 16/11/2017, 14:00 + + + +## Attendees + +- Mark Oldfield (MO) +- Matthew Nesbit (MN) +- Richard Gendal Brown (RGB) +- James Carlyle (JC) +- Mike Hearn (MH) +- Jose Coll (JoC) +- Rick Parker (RP) +- Andrey Bozhko (AB) +- Dave Hudson (DH) +- Nick Arini (NA) +- Ben Abineri (BA) +- Jonathan Sartin (JS) +- David Lee (DL) + + + +## **Minutes** + +MO opened the meeting, outlining the agenda and meeting review process, and clarifying that consensus on each design decision would be sought from RGB, JC and MH. + +MO set out ground rules for the meeting. RGB asked everyone to confirm they had read both documents; all present confirmed. + +MN outlined the motivation for a Float as responding to organisation’s expectation for a‘fire break’ protocol termination in the DMZ where manipulation and operation can be checked and monitored. + +The meetingwas briefly interrupted by technical difficulties with the GoToMeetingconferencing system. + +MN continued to outline how the design was constrained by expected DMZ rules and influenced by currently perceived client expectations – e.g. making the float unidirectional. He gave a prelude to certain design decisions e.g. the use ofAMQP from the outset. + +MN went onto describe the target solution in detail, covering the handling of both inbound and outbound connections. He highlighted implicit overlaps with the HA design – clustering support, queue names etc., and clarified that the local broker was not required to use AMQP. + +### [TLS termination](./ssl-termination.md) + +JC questioned where the TLS connection would terminate. MN outlined the pros and cons of termination on firewall vs. float, highlighting the consequence of float termination that access by the float to the to the private key was required, and that mechanisms may be needed to store that key securely. + +MH contended that the need to propagate TLS headers etc. through to the node (for reinforcing identity checks etc.) implied a need to terminate on the float. MN agreed but noted that in practice the current node design did not make much use of that feature. + +JCquestioned how users would provision a TLS cert on a firewall – MN confirmedusers would be able to do this themselves and were typically familiar withdoing so. + +RGB highlighted the distinction between the signing key for the TLS vs. identity certificates, and that this needed to be made clear to users. MN agreed that TLS private keys could be argued to be less critical from a security perspective, particularly when revocation was enabled. + +MH noted potential to issue sub-certs with key usage flags as an additional mitigating feature. + +RGB queried at what point in the flow a message would be regarded as trusted. MN set an expectation that the float would apply basic checks (e.g. stopping a connection talking on other topics etc.) but that subsequent sanitisation should happen in internal trusted portion. + +RGB questioned whether the TLS key on the float could be re-used on the bridge to enable wrapped messages to be forwarded in an encrypted form – session migration. MH and MN maintained TLS forwarding could not work in that way, and this would not allow the ‘fire break’ requirement to inspect packets. + +RGB concluded the bridge must effectively trust the firewall or bridge on the origin of incoming messages. MN raised the possibility of SASL verification,but noted objections by MH (clumsy because of multiple handshakes etc.). + +JC queried whether SASL would allow passing of identity and hence termination at the firewall;MN confirmed this. + +MH contented that the TLS implementation was specific to Corda in several ways which may challenge implementation using firewalls, and that typical firewalls(using old OpenSSL etc.) were probably not more secure than R3’s own solutions. RGB pointed out that the design was ultimately driven by client perception ofsecurity (MN: “security theatre”) rather than objective assessment. MH added that implementations would be firewall-specific and not all devices would support forwarding, support for AMQP etc. + +RGB proposed messaging to clients that the option existed to terminate on the firewall if it supported the relevant requirements. + +MN re-raised the question of key management. RGB asked about the risk implied from the threat of a compromised float. MN said an attacker who compromised a float could establish TLS connections in the name of the compromised party, and couldinspect and alter packets including readable busness data (assuming AMQP serialisation). MH gave an example of a MITM attack where an attacker could swap in their own single-use key allowing them to gain control of (e.g.) a cash asset; the TLS layer is the only current protection against that. + +RGB queried whether messages could be signed by senders. MN raised potential threat of traffic analysis, and stated E2E encryption was definitely possible but not for March-April. + +MH viewed the use-case for extra encryption as the consumer/SME market, where users would want to upload/download messages from a mailbox without needing to trust it –not the target market yet. MH maintained TLS really strong and that assuming compromise of float was not conceptually different from compromise of another device e.g. the firewall. MN confirmed that use of an HSM would generally require signing on the HSM device for every session; MH observed this could bea bottleneck in the scenario of a restored node seeking to re-establish a large number of connections. It was observed that the float would still need access to a key provisioning access to the HSM, so this did not materially improve the security in a compromised float scenario. + +MH advised against offering clients support for their own firewall since it would likely require R3 effort to test support and help with customisations. + +MN described option 2b to tunnel through to the internal trusted portion of the float over a connection initiated from inside the internal network; this would require a bit more code. + +MH advocated option 2c - just to accept risk and store on file system – on the basis of time constraints, maintaining that TLS handshakes are complicated to code and hard to proxy. MH suggested upgrading to 2b or 2a later if needed. MH described how keys were managed at Google. + +**DECISION CONFIRMED**: Accept option 2c - Terminate on float, leave keys on file system (RGB, JC, MH agreed) + +### [E2E encryption](./e2e-encryption.md) + +DH proposed that E2E encryption would be much better but conceded the time limitations and agreed that the threat scenario of a compromised DMZ device was the same under the proposed options. MN agreed. + +MN argued for a placeholder vs. ignoring or scheduling work to build e2e encryption now. MH agreed, seeking more detailed proposals on what the placeholder was and how it would be used. + +MH queried whether e2e encryption would be done at the app level rather than the AMQP level, raising questions what would happen on non-supporting nodes etc. + +MN highlighted the link to AMQP serialisation work being done. + +**DECISION CONFIRMED:** Add placeholder, subject to more detailed design proposal (RGB, JC, MH agreed) + +### **[AMQP vs. custom protocol](./p2p-protocol.md) ** + +MN described alternative options involving onion-routing etc. + +JoC questioned whether this would also allow support for load balancing; MN advised this would be too much change in direction in practice. + +MH outlined his original reasoning for AMQP (lots of e.g. manageability features, not allof which would be needed at the outset but possibly in future) vs. other options e.g. MQTT. + +MO questioned whether the broker would imply performance limitations. + +RGB argued there were two separate concerns: Carrying messages from float to bridge and then bridge to node, with separate design options. + +JC proposed the decision could be deferred until later. MN pointed out changing the protocol would compromise wire stability. + +MH advocated sticking with AMQP for now and implementing a custom protocol later with suitable backwards-compatibility features when needed. + +RGB queried whether full AMQP implementation should be done in this phase. MN provided explanation. + +**DECISION CONFIRMED:** Continue to use AMQP (RGB, JC, MH agreed) + +### [Pluggable broker prioritisation](./pluggable-broker.md) + +MN outlined arguments for deferring pluggable brokers, whilst describing how he’d go about implementing the functionality. MH agreed with prioritisation for later. + +JC queried whether broker providers could be asked to deliver the feature. AB mentioned that Solace seemed keen on working with R3 and could possibly be utilised. MH was sceptical, arguing that R3 resource would still be needed to support. + +JoC noted a distinction in scope for P2P and/or RPC. + +There was discussion of replacing the core protocol with JMS + plugins. RGB drew focus tothe question of when to do so, rather than how. + +AB noted Solace have functionality with conceptual similarities to the float, and questioned to what degree the float could be considered non-core technology. MH argued the nature of Corda as a P2P network made the float pretty core to avoiding dedicated network infrastructure. + +**DECISION CONFIRMED:** Defer support for pluggable brokers until later, except in the event that a requirement to do so emerges from higher priority float / HA work. (RGB, JC, MH agreed) + +### **Inbound only vs. inbound & outbound connections** + +DL sought confirmation that the group was happy with the float to act as a Listener only.MN repeated the explanation of how outbound connections would be initiated through a SOCKS 4/5 proxy. No objections were raised. + +### Overall design and implementation plan + +MH requested more detailed proposals going forward on: + +1) To what degree logs from different components need to be integrated (consensus wasno requirement at this stage) + +2) Bridge control protocols. + +3) Scalability of hashing network map entries to a queue names + +4) Node admins' user experience – MH argued for documenting this in advance to validate design + +5) Behaviour following termination of a remote node (retry frequency, back-off etc.)? + +6) Impact on standalone nodes (no float)? + +JC noted an R3 obligation with Microsoft to support AMQP-compliant Azure messaging,. MN confirmed support for pluggable brokers should cover that. + +JC argued for documentation of procedures to be the next step as it is needed for the Project Agent Pilot phase. MH proposed sharing the advance documentation. + +JoC questioned whether the Bridge Manager locked the design to Artemis? MO highlighted the transitional elements of the design. + +RGB questioned the rationale for moving the broker out of the node. MN provided clarification. + +**DECISION CONFIRMED**: Design to proceed as discussed (RGB, JC, MH agreed) \ No newline at end of file diff --git a/docs/source/design/float/decisions/e2e-encryption.md b/docs/source/design/float/decisions/e2e-encryption.md index 0cf51847de..9677c57fcd 100644 --- a/docs/source/design/float/decisions/e2e-encryption.md +++ b/docs/source/design/float/decisions/e2e-encryption.md @@ -53,4 +53,4 @@ Proceed with Option 2: Placeholder ## Decision taken -Decision still required. +[DNB Meeting, 16/11/2017](./drb-meeting-20171116.md): Proceed with Option 2 - Add placeholder, subject to more detailed design proposal (RGB, JC, MH agreed) diff --git a/docs/source/design/float/decisions/p2p-protocol.md b/docs/source/design/float/decisions/p2p-protocol.md index f3cb3129bd..fb0f2bc6e9 100644 --- a/docs/source/design/float/decisions/p2p-protocol.md +++ b/docs/source/design/float/decisions/p2p-protocol.md @@ -66,4 +66,4 @@ Proceed with Option 1 ## Decision taken -Decision still required. +[DNB Meeting, 16/11/2017](./drb-meeting-20171116.md): Proceed with Option 1 - Continue to use AMQP (RGB, JC, MH agreed) diff --git a/docs/source/design/float/decisions/pluggable-broker.md b/docs/source/design/float/decisions/pluggable-broker.md index e747dfd68e..9ecd8039be 100644 --- a/docs/source/design/float/decisions/pluggable-broker.md +++ b/docs/source/design/float/decisions/pluggable-broker.md @@ -62,4 +62,4 @@ Proceed with Option 2 (defer development of pluggable brokers until later) ## Decision taken -Decision still required. +[DNB Meeting, 16/11/2017](./drb-meeting-20171116.md): Proceed with Option 2- Defer support for pluggable brokers until later, except in the event that a requirement to do so emerges from higher priority float / HA work. (RGB, JC, MH agreed) diff --git a/docs/source/design/float/decisions/ssl-termination.md b/docs/source/design/float/decisions/ssl-termination.md index ca5d740649..f67dcde3da 100644 --- a/docs/source/design/float/decisions/ssl-termination.md +++ b/docs/source/design/float/decisions/ssl-termination.md @@ -100,4 +100,4 @@ Proceed with Variant option 1a: Terminate on firewall; include SASL connection c ## Decision taken -Decision still required. +[DNB Meeting, 16/11/2017](./drb-meeting-20171116.md): Proceed with Option 2c - Terminate on float, leave keys on file system (RGB, JC, MH agreed) From 218a432f89d85da27cabb35efe31ce2076b3f3bc Mon Sep 17 00:00:00 2001 From: David Lee Date: Fri, 17 Nov 2017 15:17:55 +0000 Subject: [PATCH 24/25] Updated --- docs/source/design/float/decisions/drb-meeting-20171116.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/source/design/float/decisions/drb-meeting-20171116.md b/docs/source/design/float/decisions/drb-meeting-20171116.md index 27d07c63ac..0aa6742adf 100644 --- a/docs/source/design/float/decisions/drb-meeting-20171116.md +++ b/docs/source/design/float/decisions/drb-meeting-20171116.md @@ -72,11 +72,11 @@ MH viewed the use-case for extra encryption as the consumer/SME market, where us MH advised against offering clients support for their own firewall since it would likely require R3 effort to test support and help with customisations. -MN described option 2b to tunnel through to the internal trusted portion of the float over a connection initiated from inside the internal network; this would require a bit more code. +MN described option 2b to tunnel through to the internal trusted portion of the float over a connection initiated from inside the internal network in order for the key to be loaded into memory at run-time; this would require a bit more code. MH advocated option 2c - just to accept risk and store on file system – on the basis of time constraints, maintaining that TLS handshakes are complicated to code and hard to proxy. MH suggested upgrading to 2b or 2a later if needed. MH described how keys were managed at Google. -**DECISION CONFIRMED**: Accept option 2c - Terminate on float, leave keys on file system (RGB, JC, MH agreed) +**DECISION CONFIRMED**: Accept option 2b - Terminate on float, inject key from internal portion of the float (RGB, JC, MH agreed) ### [E2E encryption](./e2e-encryption.md) @@ -152,4 +152,4 @@ JoC questioned whether the Bridge Manager locked the design to Artemis? MO highl RGB questioned the rationale for moving the broker out of the node. MN provided clarification. -**DECISION CONFIRMED**: Design to proceed as discussed (RGB, JC, MH agreed) \ No newline at end of file +**DECISION CONFIRMED**: Design to proceed as discussed (RGB, JC, MH agreed) From d9dd6c9693a335e5fdc9681c3f313abce5a5fddb Mon Sep 17 00:00:00 2001 From: David Lee Date: Fri, 17 Nov 2017 15:18:36 +0000 Subject: [PATCH 25/25] Updated --- docs/source/design/float/decisions/ssl-termination.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/design/float/decisions/ssl-termination.md b/docs/source/design/float/decisions/ssl-termination.md index f67dcde3da..59b66fcb99 100644 --- a/docs/source/design/float/decisions/ssl-termination.md +++ b/docs/source/design/float/decisions/ssl-termination.md @@ -100,4 +100,4 @@ Proceed with Variant option 1a: Terminate on firewall; include SASL connection c ## Decision taken -[DNB Meeting, 16/11/2017](./drb-meeting-20171116.md): Proceed with Option 2c - Terminate on float, leave keys on file system (RGB, JC, MH agreed) +[DNB Meeting, 16/11/2017](./drb-meeting-20171116.md): Proceed with option 2b - Terminate on float, inject key from internal portion of the float (RGB, JC, MH agreed)