From 4273d3cfb8327724eec51a1c7f34daef2a8c30d7 Mon Sep 17 00:00:00 2001 From: David Blacka Date: Sun, 19 Apr 2009 13:56:34 -0400 Subject: [PATCH] work in progress -- doesn't all compile yet, but it is starting to take shape --- .gitignore | 3 + build.xml | 334 +++++++++ lib/dnsjava-2.0.6-vrsn-2.jar | Bin 0 -> 280491 bytes src/se/rfc/unbound/CaptiveValidator.java | 716 +++++++++++++++++++ src/se/rfc/unbound/DnsSecVerifier.java | 499 +++++++++++++ src/se/rfc/unbound/NSEC3ValUtils.java | 868 +++++++++++++++++++++++ src/se/rfc/unbound/SMessage.java | 398 +++++++++++ src/se/rfc/unbound/SRRset.java | 169 +++++ src/se/rfc/unbound/SecurityStatus.java | 112 +++ src/se/rfc/unbound/TrustAnchorStore.java | 90 +++ src/se/rfc/unbound/Util.java | 149 ++++ src/se/rfc/unbound/ValUtils.java | 719 +++++++++++++++++++ 12 files changed, 4057 insertions(+) create mode 100644 .gitignore create mode 100644 build.xml create mode 100644 lib/dnsjava-2.0.6-vrsn-2.jar create mode 100644 src/se/rfc/unbound/CaptiveValidator.java create mode 100644 src/se/rfc/unbound/DnsSecVerifier.java create mode 100644 src/se/rfc/unbound/NSEC3ValUtils.java create mode 100644 src/se/rfc/unbound/SMessage.java create mode 100644 src/se/rfc/unbound/SRRset.java create mode 100644 src/se/rfc/unbound/SecurityStatus.java create mode 100644 src/se/rfc/unbound/TrustAnchorStore.java create mode 100644 src/se/rfc/unbound/Util.java create mode 100644 src/se/rfc/unbound/ValUtils.java diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6e094aa --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +build +.classpath +.project diff --git a/build.xml b/build.xml new file mode 100644 index 0000000..6e20357 --- /dev/null +++ b/build.xml @@ -0,0 +1,334 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/lib/dnsjava-2.0.6-vrsn-2.jar b/lib/dnsjava-2.0.6-vrsn-2.jar new file mode 100644 index 0000000000000000000000000000000000000000..85a506e6793c45a0618d9c2c5403c8a47ddcfd60 GIT binary patch literal 280491 zcmZs?W3VW}wxzpl+qP}nwr$(CZQHhO+qS)zcklCV$L+q+FQXKZ<40C}k+Wva9H}4; z3<3r4pEf5g#r6L^{O=3ozq_ociXg3|oEW{r|CT`j%>I+zZC%ra{Ohj%ccT2?GFd@6 zNik7n6*^fl)7VD1AqE(cKN26|F$^45+%6Yt8C)(vjoB*^1!J{G3YGrxb}6KEJDpqVYcJo)FVtb=oU1kkGOYTdnoL9qYB+I(s)`7*9mqC{jmY zaK9F_32T{1j)O)14zZ?XbFwt_I}h;wt+Dk!(AsEVs#?#0|7XyolWlHs|CW44E8*(XTSPB)yuIHSc-MzDOn$x}GGN&u|$Gg7-oY&{( z`Q>Nt&)?ts=UHidem@j}Se4F&fa|74RDIVYFLb+sSUS8m&PP_)4$1LZIu6HN`CSfOza=&wj8Dt+E3)&cZvD&B*j>JL#_2)cBnoy>P*%l_ zZC7(=3mrN>bHd85z=W(lvo}@-wI88z2Gbk}@XpQ5D3GLP&^D%~)DcSQut=ozd?}3B zNVcTGZ5T;TSyV~5FkS}ae3Zg;jJacQ$#EC?JaP6s(iJa?o6eu#dkq}CS zg;dDT*hG#6oiLld60C?_i+z;wB1A!mrPtQ!qi-Noz=0FluF6JgP%N1}E^-$&g3M1L z3nO^oLVy{swJu~G0aEyCAy2pMl_}b$5OyWakISZ@qXm0N za=EZ^$zHMq^?S&sj=^`?LAAPv%!)DN!6uU~>foj%O_&7NAeoFK2Wl8;N|aXGi3MHe zI-5yzB!}0PSum{`(Lq##I5RbtQRTwY3_IcWvpi6LYcUviLN&}!Ti;)CS^}?mr26+% zn^)1~_l99pkFL^X$z`*0`57OydrS}9KeQ3FuT^_!>sXboRaEaUpA7P4rQ6u5{!Uic zzG|g;AggShvp&H67Nqen;qJY41o9uw&%`5ldYR9WogvYvX80HS_Xf_bWyHC|exv#q zN1k-mO#0I$?kQ*W)(2?0@B%Mm6(9$J{l>w=d;{Yzd5ge_5tp^k4DdhFbi`^xw0A~C4*lf)QN}zh?w{(r=CyQ+A}p6G8J0tq3`?2pBurJZ zB!EyBNN)h!9N1W%;1?&IwVp{EsYflmX!SPTm-FuyndujrA)u z-|1RL#M@h4aZ{mZOYq3+6*JTDu|YOJNa(RlL3;#7i#e8-eEJD`nixgja7?I{(Dl@Y z89A1At$`Sg+z1a)7G*L*<5AstRG;stXM*h0(~O`3OBnK&6Oq_v?eI|4G0VnR%Jh^$s>&T?BEBOpU?-?F)n$tCN zTwx=oh0>l|YYoiEnR&4i8RfgM zN@t?EpB5=LbJ}Q9LYiQAbqqE=)_1j9r%bEG%jx6im&J$)5lVeM{OFQTg+=FbF&)v_ z_}=fz0JpZ};R}3wUA;{X$y|?kHQ16_BG~dPzX+6eQe!4YqdtAKN6lWJ4ZctI*0I`f zE#@5w7cef;r#*ImV44vTTC$E6;7Rg`ELrHcQ%0glqL@Lu zT{)E!xa3FeMcCZDA%{AiP}}xutRixkVTW_ar5Ih}C#p*_9)@rp=|pgNRZMFNu5Bd? zD*9n`nw7F6BhX5DrZ;y#ZOMU-tTiF)ilAkqd%y;d)U}WwJJik{-=IpZ12-9^X>^z3 z%<;wTgz7kBk1QqBtZtIni%omnRMrpbn_Wz8`z%#0j~D+=h+3K)@wb(%Qhrah#aN;? zR%c2DxvOzcklaN$*Jt4#GS7lQJkassD2U9N*6haoz+^_W@*%kiwOU=_z5( znRAIj#W11F8|RV)->`AVbeCcu?(tFro(hhDU!NmD>Kkx{lwsWX#ZU^K3~7dtm%?l{ zoys0CIwF;_L&8i~1)(2$)e^d@FZ$hbs#a6I(5Ok4Z~Vr{xLP)CwbgEREriy4gdaS0aN~XxTN&Y)iH1Wsp z0X2jj(xUxU;OC!BJes^5^@SSyaOj>ghNG_o{%Om{2X2M)b#OfuGy~$@3{%6;MJP@@ zZ;N${a?RkcUx}pJCe=Fu&58untpNV;=pI0lWaO`Pq`DO{7cQcqoJyKdOr zx3e}G?#?CCq5#kq+BMbMo0oWK^qi^E=+** zsk9wBZAQ?vT|#Y!%{zhAr*b-^+>Wg`W3El`+NTJ0>Bb#`dLywxt%==F4B*O)dC~?rF8Ox?*UX6BTtzIvWESg4HN2u{l>Zo-mqa zt0=AK50&GuH;+pEE5s3Dp5Pl&%YR;pw0_|<4bN2rGyvM(%53s_3J_ung zb(5ix*xCqL8_Wsp39JoMi1-c-3}#X*J>EkTs$b`R8-9r2IAR6AbRV(LnEAqQ9212K z=1@!hDbGS#m*2hQSf9ZpI{E~E$}gEvy>QGge4+CN<?jF@yp2qi6)fe6iL z0%N1GAsUF+NYF?^2DMvfFWp{C*YJzvn%k8<#feNhU$?N9rK-K{8bUJn@`xW^EU&FL z*$)^?$%^ZPY$aVOsE;W27bA@#F4m+_T=TW?QWBs3@8cq(DKX^;u!FEvmd!OJX@V zkE8{P{|&$|m1BDhx)_?1%bCgPZT9E(=M;4S&q>lkL#3g_U^5^N6}Vbsxv`G8*f`j* zW4ITle%&|hQYqNoLobR!pM--@31pB^_~}Y8%$>-^TJgts8Xi+4Q4somhoD*9r;^Z9 zd8JZ^+o=>AkGaN_f3iO{x)VycXrT%^Ol30lsAjhYs(+>$kI}7C^;j?Tt8R*zsc_C1 zAXqa+=^Zp4Jdj{4B5vv?Ik;m#Ekv`_UZ-`-Pd2Bk%GX4prTQiVLwHIADGU<1n2e^x z)h260DDCVc#kk?~jF-;-`Fu63V)5dQ-E}j~=|C2{MZuonJB|XK4r6K4Uwj;jH%cxU zh8Rx!qrd~iYIABKJ|@P`l<|`$M%hl;MaDDeP13v@{Oslh!5Pgvf_q+q=dGF?g0)KQ z1}hmQo2twLs#)O=N4QIgs{r2$|MX>&N_t9H1i#@$``j!%F7;BRVP8CSMxm~3(d+IJ z@c*1<(9&Xf|33to{~v;7ivI{|uU4@}(Y}`vMG&DxMXmPPZ>uUFsU@`>m_ybE!TSZ^ zlg_n023-iv&E?GG@HT(F{XRhz1jLfC%us76G*}3Tj}0KDxz=1vTxpnM*f`TqU%TcT zHmw}k=A{$OphLn%q6jvOC(!UuJg9}((N^`_e-Z*yGg%zgVw*sZq+=!RM{=cFf7Q7R z1BadNkbks0ITjBka9FK@4omza*y5^=`b%2xHL_7^7VC|A*G&~a5yBM@2xF!wb%^iD z0|CM)=Az;jjx+L;MlwU`TfAfQ!RmNa^`_Eqp}on-7=wr`i9sdbSCqj=#Gc@aibcKc%=fX(K<%irYfTd zQbu_97-lJPjqXF?FHO0y60Xt}!EZ?5J{LQ`ON|71*e2ebVU!zdDbxuJWJHJ(=n0388^uKp+7UngDJV!9|D37LgDDk{k>r z$P7s^A)AxgjMi>x{aGu;uwJZUZ8HK*2Z*1+p6fL4J_q%Cxg-XUyzp3W1oK}eIol-*eP_Gey*sv_e1@~UW4UDS z**@r&d76ISCOduD1#|!S!26Ah@3(&H?HND#lA$`-_47*YC!hUUx?%Ommn41%48~`% zMByiy9R_pHW(m7bD-+N9;o~!SBHp<^7C-&Sh-?M-{qEq&e^}&)`R$WTHeDx|%^H$F zeSm+r#E(z?5a#2%DTX)s4(I%a`8zSr&-Ow7t&Go4eb4{=IDh(~1IIs4FY#P7NDuiw z-SmyV)N^#KKlQAN|5s|mdse>n+ZuV+9>#CCMD#n1#a`+;ZO}fuC1oFx$dB5Dmo(rW z>pPFfpWMTbKEOX=4GT`@(%0ZYUzRKRFIn_2UGLw-PXCD=e$$VC zg(U^Ozhn`7NH~AlK8%0kS@5Se$eWIoHN8RVqe={El%WWwNbBt`Jpsyl$abq?FrOvo z>5LKrG3i1{{}Um{v^ksYa>%WYJ_2%Ve^g0BaajOCS1G zWK(s^CO00*c1z2;BjRup_h6J~RhmoKv5nD_BY=(glvO9AkY!wpxFo#@g=Y~fI)jY! zSe`?hc9*y{vy@>}X|d@ME<%UKiG*p{F8%xfVzr27D}gEi(>_&V2Xe?}FZo(w+KQ}T zRn3=(tvXq#VO+xs)v{a^YS}IsTg9@NeXVK>v1GiYYMEEOlJnHeC7s)1a*QjSPfdea z3@zEDmMLVDSr9F=KwC!3*)XZBmY}bAgl*X_NnP{gTeE!Pt)4403Xh5i+=tmzy9?*o zRe~tpC!4O6=XF)o_4_>zpO!N_z>J}f8%?Niq-!DD-9!ikG-`i6qMmr{|#UA?2?nM77IT!?w>2ti)+{$dvO`HG<3OcUDp?;>nd{PD|N5Xp*wj zg3GX&6HT1tW>LI*SaGZ~)$*l8jA;i>^f2tBCeRi&O6rPjjY%4*dKyuQL#K~o57$@^ zMO5~31>0?gS%|*iGTJ2{=3>W+DnDcbmj=D%G=Vt*)C=}kj%;HS-&9!efZ^iJw9k$s z(=4~y#I&``1%sB+rWnptow^j#L(x-n2w@>GmgSA!UaH>DBxt&blK^rWIh%Z~c@{%@ zi`WK-zXsP!h$0=R=mP32m=XoiVuLr|;!qw$his{d56NO>Y(XX}U?zg%&dwx=mQpg^ z+l88%l4-fzt&~;ftT#QKf@A?6SjUWKXB83at;SRsf~_IJzHBL*5S;*%_v80W7fqm) ze;a(EicrnO@;oMoN1{YpXmd9D=;%sh=A0-t<0p$(VMy)ozmglTIhRfZ&x zv=Q;5!{Kdn%Cw3oLEEZgt3n-5)YAk#fwvOtF5gv z%YNCTS%v*Hmds{n;5At6BC0_1lT&GLHc>5OJz8u*!sgV*m#A?8Vi^8xAcP&L7{4@INFhmP?Xblw*#VjH-6Ktfy(?^SMg@F*4-Ats#3Xs{!gEbd({ciBB zCts`>rlv=bN2=HBHX&8M`DqbF_-v`FM#;ZLHZ7$T3lnHG7BgqIGFu=9bN7}Bw=!nDQ2fny;DGL?tN z%c3j;8vKqF98X5Fa^5ClMD#E*CES!S7`Z8KY$@m| zDr;r*vz#jGWm1qt0)8(4toA5h8F;x@B`ZL1z~hm3n$DX}cz3;TA6D5r&V*ak!9FRtvJyuG>VEvnHRB zG9V$aBqJrhd}Ie5eH25Xo6qa$C@nPMqLb#)OobRnnyCL)zKtsv(S>F@2xhN>e=orz zmUgj2J3hx*4u$i^kF_JGOZ!#_r zTv8(-<}Xc;m2rt}6+U`iK`$VS9%kI=QAM(c7kT*BwXB3bQ54jdn--Rw?eN%m(f(2= zdN29R?S=k?&%}sMMf$I2THQ5yg#9s%wm)#dWMC}^aYL@0AXigL zf=AtW@#h762X{F+GA=_#^D4VYu)A|Ysl9UBus0Z0ljA3?^iIKD>b_2p;fRBAxS00U z*0p`KbV&U0pnnrvR^IMfl24+O=9Y?Mm^B)>VMl=<$(fSE=_(QJB}PG8o{LQpc=vd=)wElP~Sr zNYCg|sV*@#zhy-kNNEEl~XKtw?5mG3KhwEF`(&1>Lib?Gmev%fk!=G8we z@UQaHKhk1+D5QGh*RZdNrN6K;I@7KWYQiEehG)joKjOYbC4N?w#B@zMHFX#z?9$A7 zC%Vz?Pi)hrI(2?}4;2y?ojV01r-&D7cERd%AzMn*r>>Z3)8t4lvWUsMM^Dj%rqPxg zi>6w2IO(C@FN=tXbwg|;k;|D7cCBP#BNl}_dc=~Nnbfj*r&wi4TjHCG?JTl?4hF~{ zJ~qp43CNd0)2b1`uc(}0&AHB+jcZP!A~3`t`iU2ZpA^%mAu2n>y2mu?j09QK5I&Xz zyIbNbF@gML_P=Cuq{1yUDn{@qHR&CnZKhe}4o

zhk22~Rj3|0>q(Qeu;j~fOHHITrLFfIxQVdlN{O^lZ59%6i_Ru)DWogun6ITrZxaDg z*6hRe?XL4}Y5`>Qn^aRwH{kRdRjg&G2sE2n4BIR0rzov1RTNb0GU;qj?V!l5k0T@C zawKU>U7aZ7Y@{y>14Fo4ys_CskyjHcv3KZ3yidO48d3zoQebQc=MjB?!hM~=Q-m5d zyLD9MW|}CVvj&9|2GJ;o>Fnq9(69SPAeS_f*&9B=s1RbnJqKd^G!!yGx0&lrh3}I~ zi?T$hicGbLKiZYEQ*Iok-m**&4-^?9iK~V^B_5^u!K!S;FeDysn_6^=w2zf?9LbLy zX&ADRAKP9IXJ^&YzHmwz%EdTHzd$*xnQp>w(zr>*4>_raZbCbU)ag^{xagH3j2cJ>jyipLQ|?%_9$C zwBi>cyw@fK6)ZJR+QyEvxwn{?GB{E8^EKI_;W#0yW697(wTNjAxp82Sr*5r^``#h? zHRGt1n=BU9Zc=(|HsPquOxM!`Nj{4wSKajJTT4xLw?wC{tF5nWrZuim+{9p$l*?Lz zr5&tFbwimJbeFK~7A3CN>U1>wJy6ApC3BIuP#wFu-4KQXN1Fw$(&*$k$hx7@l@!GZ z^jE@t78NGI(U!lDtZ_C3M-zVwggb%>Z?0Mjp=vlTKjX&4ICjqB)H*dUkBpU~T_>cv zbf>Z1R5C}_l7B0kd^s*5yi`zWHL`rg){6rx%n)nvEJd#0SeiETn+dk+{o3RjEbR-c z6-R?h_zTv~WJl*?$VML1ubL7%SpzGS`z8I!pD)mPN=Hr%T3Mxrp1HpMEe|Z`b?@Gt z7x;^n8L?_;Gk3>hMKK|Sv2bj`baNjzQ~3xxk%byQ@^!(mZ+yMfUuObn1A{h9TYG3C z?(Jd0v#(w& zuUp$dx5`^4)Gxd)%^%svmJQOKl78t76G-cBrH`CWqqoy0UahUg;G?>InFh2$&*=?N zC!jdE!o=~SSvsMN&>Ks0X_X>TrxoxMnKR|bkiyJ4*RVW5#g-rag_sXkKFhkvxTOz_ zOucYQSV)R70gXYeJie`ie!DsB85%r@99G+B1I3=De z;S#Nzf?E}q@m6{%Y9?KBKS!8m9&KfF88G!$@L740VgMFo!vC)-WmR`c%I4&*v~MtG zj<{G5yOU`9WJqrf)E^dCs(#5Xa#E=H!qpoHeU<%W4fle!w}1EN7jA2Rshh-q&pEGu zd7jZkY7jEPe`MQffC}@L)b4^%bxpR;&I#RXA?A|Io*mPhb%?+4)d+DB;43c|~a0^`YP0wU;h5ti^6 zf&RXf5mvA`JW9B)pgwzSPiU`>*k1BaM#4TO<)!!#hYdap6N?M(CEO=rdeS#!`}CA| z(C?6Ox1|sH#e#&(vMh4fg{+M143n!4I_}U439sswbTamf2z+YTOjCG8MS2-ahj#^y z1zv#@dhVuZH-KK@V6}~q>{nv(U|-6fjHnB^p%~O4hS^u!Xnb!tKln z_-?2wrVo=3P_o1?K<>nfB;sZ6$O}lQ(65yD8p_z~4bkQ0CgmP&mJD-zcKwKd1=@L(?urAPRkBBan zy!Pa#^y)=?*cDo`s4*Zf+yipskw%ulu_fJ>Crf6U66NYL3Rn1)C9+ zWJOmJn>De2P}IP!#V7Xbx&QL` zN%5|Z;NQUv{BF5rI3nLW}kkM+=)WI33IDc$ODs9hpNlJG!vt~e zlv@JfW9rHV%H?vw0?}{^vt|tjU@_VGGWpqQ8^ta+l5@BV?ct;DWLnGPb zm$9Prp{_(9mVTd!vV!tzQIGwp>)- zK)VpKE2oWLbq4`;f${o~SG`(Dy2kbi1Ro&$YG8c;AsqN?1p-STc^3&UND@dL+Ud06 zX~n0ntb% z>aM(}OR$`+Sb|?Nk>mPd)7v2Iu1vWwd0mM59t`91<=U*s4}vQXs0YV{GVr_FB=SJW zb~2V(joLI;;6Il+L%v6gxf!#3G5fVFzZe17p}7x#?>%P&=r!Qj*B)5$)g!IE2t-~2FRD*F#y~eD@ zOW9M)1W>_3JV-Xe$S2LIvo!kAn1*ik-BZ{PU_0(h6;V%9c3P+cP5-=AmcHwW_+UJH z(A=zf&A<8{pD_-wEU6cS67Pm5F}n-*;RZ3h2`hdRZvd)`#4Q0{mZ-c?oqS@lE(ux< z$}xTLf8I!RBPiTRe*mIhSawCj9iYN5{k+8Tg}EdD(4Ju?l%i{lJ`w_RK4em}<8CAU}H1ZFSL7Fb)fj)ASp* zePEqrxgw2SK^Ev&wYcZPg9WZfcf7)OpC6=Uj}+*H2-GF(#b7;Q>b}99>%{=}gyTQc zl|wxOnOaZ)6;nJkB+(6vCuO4EhFaBn8^foapaOan)ue! zJfGa^lG@YgCgCZh_*U}>zo?L%dMfz=WEcFNAad|sfO%L%XLi=;&B56e!EPh(ic==I z*k3FB*kjhXKZG^?0v-4Q0REuY{>8@$QmRHaWFe_&HVI+YgI<7%)8&Cu!6*8jGD}c! zQcOEDQx441*g;FY+1S8*-!6J(uH|T!nX|K2c+ z=Gnqb+i=r1-7@xIwx`TpyrI|c9p^kTJ~mWOp*@~@-4n-K&24@wwkP=6{HdCTfVi0W z4_vQaZc0^z7j6pU6yhw*; zeU#Oz{S^xnlsMLv*f}&oOn}82V;Xk!g;+3<%I z{ISiGx+jkD4_UZ9y3847?g%j_WXz6TDS)ykf8Ys8E#(1s$)9=k(1s1~N3){>+waar ze<*d(Q-37-C8IywKBT+@eEHECjvo;7k2r7ciO~2TMu3q0ItqEP^!7;JEA#XLs~5TVHBm)6aPnY6U+F+Er) z+XU5Ha{~TeM)A`Vr{bTi@2YQ~)kBqR88VxPk+2rlb5A9t%+*u_RP8jW=a{As^XYZ5 z3>K-J_PUTJZVFTe*u4nb6Z}0x+$~niqlya?Ii3^0k69* z^C`Tn);)pzNK~QjIPZNSphJy6EXW&MRy(6*L91auxL6zPtQ#jiq2UUfFFW=Co;_i> zyT`VKWIux26ESxV$#T%=kJm03$-W@si>EuCb%AYPip2>A8h50&EARgB>5505Fm4lw zRDNM_Uoh^0jrs=l%5q;Y+^a;jgg<(g(z34x$d#pjS=5@CvU;akNRaLpT<7$m^Ldcz z3SbYw<9|9rvG5W;_u#Vw(e*R2Jb7`jz})|pA=~!~BbMuXg<%i&O24x`s+eof3!KaW zSH%>Iw=jJms(F1d%g6w%+$}Zc63Y8Fiu2`l$qmdz#JF@)%{<~HksYM;t5q)lO89!s zT}X0jUqkBIE6|7a1bvSsbTm^BqZzx@4zEz!r*$l2=d5Z|X%RY-u=5<%xGSr7Ptre{ zrqlFghU2?OIGxONzayh4WxwDPF*~GHjbJx6t&=$GQ!Ge$-J=TTb17uapiIcLN4pEF z9}!Y+Y1~oMP@FUzH1t4pO&RnNc221VKP~0upvef{d@U-q7XEnZsI3yfYgb1FgMzx? zZ(oKWEGwYN(8rrWUA--{zlBA)Dd)B$gmpS;i=mhbpyyXWpl|_|aXb+XERv&wK=HIs zJ|R{(8HniIp&UsEmHBgfLcOyq+7NWu>!L0!$Ojsw6L`q`a;pGvF)~>{&b&_g)Po(} zsI0z!dQBiZ+^7o-?|}R9QLXS%Pbl1p$9E2vHNdXKxepTG3LUmB`TT)a;=Ld6xi1C# zEnD$ptMJ8b0lg2|+8^CF~tMGHLfW9y7{m$o=(k~uAeBw9ub%FZc?EWtJ zejR?1&oL?A5x(1l&-VooAJm>Z(yQ<(epm=Uw9GdL`wbHQAsP1se^8x&mg^HyA1K}z z=|9u{D9`l!hsyyW7!jkRjDr_L6#?uW?7b5#Y!QwaCL+p=$2^@4Xss6{M(R>;=`lxl z3u5PKKC<=E(;yF@+q>hP?p9cKf^?4Z#F;ZeE`{4b0L^5jCYB04DRWL+!%B=F_}pk_ z_yYN}j&0aSWSYA*pY8x>g!6GZbmA1Ng`Dn6{gvRumy>*ayWSp7#936?`vPw=w=jEu zF|*n+T*Vl;q5l2~=QY@9{?-I+H?^oZ>1a&kr|ydTM{;YP9~>_~+}IOP@k}{#{Nz*{y7TxpOgWe8gA@b|Z%ET|?Y3p|#zz;X1FE-(wEa*&|;2l?1BlGv606`|Z z1s^+;(58e>EiFeinPN37*GKRS%(8silWUR&jlbj%-UDEW|31C++_b@*bTyn8+w=_j zlc-#W4v1B$iZcX9Kl;<#(hsa4iJJGdL-Rg+{kx+6gfgYx17MngXXkI!qrn6PG?w7| zY_P^_0?GosvYjWF(d}|#jf~oD6R}MvvOyt$V1AsJ9p!_*F@0sIh_%(1>O6j1f3wT6 zeY~z9{Z2fX+)IG2RQoz;Lmh!h*&orl_jf)DcUIc6QjS>2i`B!-B3p^Sb*t=y(GNVh z#7{fNBPy8pg4D-PJrK-KJOLJ8AZOkS*OL-kah-n&=>H;{J<{tW@|P@rBc?w1AB6CU zK6!+k2~}6A64I&-U%H$Ya-9~TPRUxQrV~vSu$>m8oV6SJl|wCvPL)Kf!rcyT=*94c zG~%fWfIs|V?B%PymDgq)CY2w4xZ~2Q6Vz??0_0AkUnkFs$MlEvL%>D|oRge&IfCkz zyG{esMiP4Vz|2=V#1x@|mAHVV{OTNRT^gvlFsgF&hBFz{>g@Q?A5<4ITV}{=n_cym_G(oO}}6D7NUSyF}_HFyPg zMQYf!7;*EuyacnQ;B}e!cneRrqy5- zi}wy6t&eIzC3@kC*O5> zp6Yb$Rd+2>(|?oymu53M#%wwA1twPryFycYzW5z8A+bt|X;lTQtZWg&l}A=(*|I4s zvN=Pxc~#P-h$~R&N+hfNY=P1WkH&Ya=&6;(2-!H7%!aGXbr(E~{d(8k z_ysVBa|u#I#n-zQ35wnOZ8t7=rUd)5dZLbpCDZQ6da?Nc`pe}QH|DMfc`^3AiOX?V z3~7r&E;5(Mt-b{XHT_*7df}T9+&+KRM&VqcP%9u2w7Jk|06^lVRY|jIVeydCYoB9< ztbP-_uV;m9cH?Er=t5SNaVxClBUCAs` zr4~6`LdUCW8{eS~AGZt5xGJH)l2+s|H$Wao(M*zpj7x>OpU1Nv3-*6b$_&0b67F_u zl7m2ZB2khA1|>XTBI}_pOTNcp+pAPb^0#zc5^nhEIp))E#{UBSPmfK0s_e7_2mrtk z_|;~11gB}AYqA;E))hXXZnh+97ZM1MdW;5x?H(k|^Rhx7WT z`OlX1J@fDJ{=OSvPfRR>7X#vuYES9WErW?ngdtOewNW457_3aFBOZHj2kF^1&}2lr zdyt1ZO_R}Mp2svOBkmY(5B?a8nd%IvBYO!=sJN{?zY4Pizr&beSI3t3^| zNmd)XWja1)T}Ysao2>r&a+)3bQZrsVl(FVGZ3%mt%(T@0#B5n}Ycf%r$u9+w$?EQ0o-xG;$%$GCej7DlZ8DLX+cT7f})mNUeB6^PwJd4sVW|%oFNvR4nmp zD(ty0xQpH@;|tM66JC`j8`DT&@|Q!u$O^LZdC*>Ru!c~P$!^A9An{-(p+9Tn`O8C% z%0i&S*_+qgdTeZ7$cdEet~);-RrfOED_xVQ~k;mij z6sH}lRAxUm6ltF_=j@-Ca$i~3t?k$Nk8%)y#dHXeKgJYLb)#a_KP9gKKPD4Kj-6wi zQ_X4~;YipCZyibF$_9Gjt2hQ0t1%CV>Kx%9>8f(moL<)CZLHN-YzOu;c;5-80V zLbXO62%r{5-jQGMwnT(5G6%X39GU| z3uyX9ff4fx&;+Ll>isC_v05gV;Z+BoT7Xjw+w__H3@P|jv6~r0? z8zG>VCqlA6<`-q=f1;TlZ=mD{tdh+|B3s z7d8pCY@^r%Lh76qA7Fo?+XL>m;Y%8&zyf2uST}{D)V;fYM4?J1XoFRM-+P4ug)@Yx zM@CrvOgaP3Jx_J;B<{d|NA#8OphT)HeuCsmnqFXTjdk}4AHx+vC%)ObeB)(Y^lc@h z5ZxVo3pJTnSYtOTl9s6~dd5#@Ji+K@GpT-jDWoD&0iyN9k*aGvP)P61!W^BXk^B{8 z!aw7X+-slk$-3@7p=QD-8kzt0{?Eh6?2 z^TBrf_rLv{002FD;{Ri(=Dz?1VDDu9-YJ>VPt7z^MC0k|9N@;b^Uky zkKy|N=tSg{|62AzU`_n#2w|IrGvDVZAEJDL1feDqbbR>xjP-33M> zP8o#2Y%tB%YQrWX!Ny!Ktuy8Z#33I-u`!lmkermjI%zCL#EoU(uuW$3dumPUB7DojrfhNyJIE>K@8T6&ivx|v(x*>Gv@cFzyAk#KyhUVW1uKX z2!mE5WwI3^iHULhqvKzML{UuW9+kr2Zp0d+ z?ZFr_KmFnK^wHDlEjcnp)rT;qM-zT8>d{XePaip&X8M$Z&_@;5Po7*Keh2HLT(+OQ z*gpE;rs}IE=rO^LKAWnzR6(J@1hq}QB0@)bk<(dEe{C`4xP-wc{^+q)p^9G~;w~!i zF0w&iqSkEIkjc-@k(0k76@HV?OuNicT*$)cC?a4`o5P0UBA1!Ys7Y%I^VOV3>qN?> zIDa`p-DNY?(}&?$mm%8RJ@GPmPfDcT_Uy8!$Cy)j>q>OCNW-vTvdPGmeJ`AjG5@yw z!0f)Djhmp%r@lf3vUbfO3dJgSYV)0=OE;6v{_@VYKlUHfs^Y3kHgH>I^yo14OMzeB znyNRH>(>KlvJ=6pl<#>yELU?HOEONYjfzsQtjt}<)m4z;ZnH#1!Lc24?DQFKn9&aF zr4b6h&&!fWeZ&%Kw`aT_~4b4Q!0JinJv@Dk)T zL|&n+Dn7K*!l*_^J4sr!s>*Il@^8A2fn z#KIU1$XILAXMK2_4Lv#N{1HJ-=U;Qc5NG)Y;a_ElXoPN8MX{u+~BH?^j&-vk+4X z@yj^^%TGjpjCFU=j^#&={*C9KaLJ95bM2o}%Ke@k#c%C_esB2>{abbD+f#T*msiZ< zM=LQXhaRXYXI{p3xOKdr&UBo_W_6d9*v;rH^yF;qX+pB@ofUL_Xud~xMcUlK)jHuL z{jMJ1y)$0Fvvaq{bII1N%*WQZJKP`S^`ni=9cX*uNw`iJtoYV~xV@$>$<4^0H3<=8 z$A19DqIP#-W!x41wypM2XRC!sT9lp{bBZ9?-H4cI$S;|Noz-}xvv3>L*h$`HTfR51 z)c3gchFnEYi;3oZ(r~}K-PWJ5Y*9c(|7R%mWwydLsF^*{GvY6<3zh4N!l&?iPyOBS z!|hhtBI2FwwhIiTAHks*m(B*tzJQScUo5vyv25hxSw}4f_&cy=K!3B=huQT}g=kjX zm)Z0o_suU9c2JNpPU(l*I~>`1LC<-XZ_GTKdn5Mv#|jUy56*Bxzx;v7&jX{@wB7}u z*4f&^r`__$ZuVUG)%nNiDEamIU&(HSed9@$694@`R*M1@C~nU0UNFQP>L@VPK0Mu8F~^!w_<>P%=I;S`&Zv$if| z_r~WsRV>V3?l??k4qTp@QF(Rl{n;?%Q5qsRz86tAs3E7SOqBZMj;0fwSpf+ zqZq`eba%O~l;a+6lyO>)abJLUyth)RmCIlB?jd_Y3)h6bT-oi2a-!bW8?S=Fdjzy@ z@?`N0IgCnO!F*1=@x3xBzKTsh6Nta-4gNn1wo7ujb%b|Gsu-<=Li@_(zA=_0T;UZi zDGtUY&JhpDAbcVLUxuPRe4(bjEX!fz1Sy6c<rL3p<&5}?*=CktZvzxaB`z{YN+qNpUZQD*Ns2$t3 zZ994C*XP~aefpgDW3S(PeQV;IbB;0Qs^4Lno5I^678ubos+PjxHORiTy{P(LstME$ z4an~2zn2?gSacQ(px?f+Lwx&&`=9BRpP&EV60Fj@>Z%d4&&CXkH7bvh96*q|VpYH% zI)B0(W2Jt(hlArs{db=tYn9D3l1!%l?aL3G4``3*o@h={-^Z96w@p@U&ic6rrZ)G> z&Phk!?7JM_&o^iw111GYZTVJmIG9R*Z+f`wb(+5e00qUo(sbBSvmeK*^a!Q$OMt3RZiqam8Sz2c`oQ-qzJf<9BRw%?7}8`{-68msk~&eH3a z)c&B-qTTY2Q*kjhY&37FHc`Frc)i9c1=w^1$*J)08Ff=Rj5b``SYa8tb2nq<`YR5$ zoQyMfB6}_ZwBy%}41DN?;oe!UUvU{;i>%R1K2ZScRno$}pSNO5KFUm+(}ZU;vSujl z`n&CUF1l7S7a=e6l6Ilb8v6u!q0rw;0C6(W5bTX^H+fFx#>aS@p`r(QcMd$XiO^>c z|GWFH*ZxMjO52Y@EzZeQyqsq~mvVTUTpG!-e67PEJ*~H&i#=+Mv0X-1H;SI0fYIhZ?S1;)Q!*@|o+-@$5JohU4wc0x+5GKK<~Un5Y&V*~O#sAIk!) zYff3uU}^SPc;FYDr^AA8Q}YLc%VeMa%3aCzvbdnrz>*koM6cIp)^DCPTeBY7#*+-M z6OL|=cRX($iF7@FK;+Ugcle2ew`1aN*ZFh9zOu<(C5c>~En;^0;aA$Cc$IVuWaaJ@ zPT1)rcXRhvcJ^?h)%ZFpO1W^%Y>y_HWUEa~YH@7zGQdIp{)6q7ZtuYZ!B-PU>^h z@HGk|@w{=DOg(bTUF!IJvykq1C2P``NYyc3;-Zg?(y0P2A}`8z$d_!5h++#YHE?AN zf~z&qe?zARJ&kP}(7FfZ2hrYwgmo%LzF`hecE;x%?uS$(|D!%&#z6_{ilu%?(GMETC9Dfv{NC>l<)sMqiew}H z4t!(?$-fqr%tuJWfIxqMa}SBwI#yIDN?sg^R4!+C4Z}s*qs9RFkI`7rwD$nL)&Pn@ zhlES~1;;v?{8^qVq&8hef6*LdBl@0eS&bzkJD$ixoHA8hiufs}a}ryxy|xX5mPG5c z)U~UTEFGryh{Tyf^7V#gcLy$!JhUj*`wVP%8r60idx1!XKJt9m ztP%K=xH%Z>Nle7D@0mWze;X-G@#SAgKL5C!b7d(gUw#qoroW;B-hV~}5k(<^e+>!F z3evW-eDK~Gw4Bv>-Hk=&8WI|22}_U*$D1?~Vi0KDgfx;@Qq&`}!&C6g*HZV8}H^3`AvvfV(^>gigFP*LyDEE1(LX>Bm9|enqV>Kba$?J)ah4Tk8$@K<}kd-iF*$*q) znlwt7?c#v`P~E{3nu)0C7!o%UUFwENz0GXqv{b;y_{AI*K7cC2hGcpI`HT_+d@Zjb zA1J(5G}}QEtEvco(Vb4rOWGWH%q#aqCwwhQ^7&Ea<((`WLGs4IOQKn@dU7^jd4J%r zOfgTX;vPQ2OMIgaiZyqiSMI{sM7}E$6+}!`0f(w`#aBmNnID~BzW_l=S;5a$W|>uP z9P$Y`ry%sPfPj# zsI;8-wu?Lf000z#>jH3b0nms5s<+-|^7oWl#xj*e06c@=a&qVP-tv(Z9Vc1#kQ6l8#mnYK8JV5Y|ltAt5Zl)?R^kM6TE(Q8vF;J;cd~d>pKgF;N+q zt!8rCA!y>H?a!r4BX<>DsUMbfq9e2P^DdK|&49foj1W>;EI-Mvv4{lX7GUiiR?8r60ogV8|;0T-9{ z_+=<$NyoubuyVW|G0RJiMTg?em9m42$2*s=|v9(sc9=m8mG3h>rgsmFg9D`%%4x zRV<&~Na0?(4U^lXV6qoxt$s~R0DYnUw|A(ng)3Mm$ljXYrcwz`Mia|L6t4Q$bhHmR z1y%@X!OpoEBKlK`3%SP<5e0|Hd(6mu-~OaKN~9NN3MVebVi%pxWtg1L>gi>&Ey++W z&C>4h`~5(uJiHCGGBWV@KnXQwp!&_& zQ+gWSE2IN`>u@5lQCf`(DOuTOCu$xV@bb}BOJ-iL{uTj_6=l3(x2l6U;n23jGfxarknuZB8Em|4F0X~U=8_rcg*!$F8X!W(-3=}<4IFEVL1VIzhOyWh*}2-c13wz*tI>o^~6`VaGE5_8oVzwyh*cqsrtZK z--1~$KhehG2}%d9S{^NlO)cp57DWlQCOmc|`3h0;f{KP-d2fODFl!y0mP92`-noW{ zViB(0Gbl~LDhoc!MhOg*fo&P)-*a%#1<KQrj2ZXONL zqGbt0RJaQeEf_{pr9Jb!(YHuJ^i^Q?%{_z!`7jMbJ8B!_VmDl9 z@({$Im!LaSUQJ(7#VKe)tRgBt{kIlbjt==nip%>6i?BhDaIK9te2;d;sanElEl>*ah&^KEvn3ze&N zp~uRK!7dAiWq8X2lr>S0(Z{?y1}lPnov=4U!j91%f+)i>5^-zMejjow`r(q{+ zk0f$AL-=5plVNI#! zZ_uMNA%+!v2qa)oSY@ufR2+x~YLQC#=dG%VYfFozKJi$6frGhD8VUp3bOS0(;X?hg zVyZNSM2B#Y6c~=eFaHDQ67YkLpaUV(6bNLYWGJ_R6RR&-CGKAVk4+3xpD|<#B9=ti zp`zlfPBMi}Nzh0o(itMOmDA%+HtMx3**g1$1;{4UVos!*S?u!qh4os0E@*LU?YU5w zAOhT3JW@N7_aBi(;M}ZK7%GU0; zqp)UHh>9oCE2YqkQZYQ*smTNLAfsHqkA*6)WBO}10Dpe=aP^i+(_F5?+>99lZN-c` zIAlk=B4@e#L#=0ysxQ5{Tp8&INy~!Jk4Es^y26`CMFvQqDQzSxt&rf}Dz|Q!4}-=r z+wdJjnko1Yw%&2=)0iWuE~rBP34M5~KChC`ME1I}`rQb`R$GlFO}-^{+FLNxNG`5o z%`y4;FGYO%X{ETOy8_FO2VLTf0}88L3+eRmJ#J52%Skpu8cM)KrF2o2j03;WOcV2T z{~^D(pW!x$;>uKc&weCgf{bb4Bmuq=;jz#PsH!Xj*Ec!`kjb98Qnap}f&DjMEF;ng;IC zQjBqBKD^tKRgCb^cBA9;bPenz4LNvI0&}5V>xp#t^9#ZlI0_d)Pe<8Qnb$qKj^MLQ zxM;bj@yL9E1Q;4ciQk`|TSCCK6W6&@sH4<77c_Jf8dFesN+D7}kG_+icG|aV(LaAO z*$O-@_)mkYE=)Kcd9IuXnbj1b_Xn>KE2Fg_#JMc2MSdz4xNn{ivGe`tj5}sH8FjLa z&3efjaq9!~DH;p*3P2VQGnzcmUC^5F%IFjk6aMaXzbfxU$|-E7f4Z0uVOPnM%c@6n z!2gjEv%A*&!>*+=jdNSQ9%rM<{V)ZF!}iZ1b=k|sGrB9EDGzhs?`3?kPtFDv7`M^Tjn+NFVe-a`GS% zfeBaWSea}+te!Y&e^vgPZ)z!OCKiLKML+OSL+LpBQo~iU$f|5pB<}z&lB#DX`-2*E zgNH8wu|OoNR0R9AK?^662HQ`u)G-`acD8GNtq#@l%KJmTgqk~Bha0`&3ddt*tD1wV zpJ76}Fl)2_(TtFKY`Z!7L!-J*O*DpjMn@wAg4okZwx?Ir>&a^?eXAkcP<^$+9K5pt9gE58ems8rSfWkK2jE1>Zk zB<_UCnUr~Y$9G!8!#h~I4(=JdWQd41bzLmz$+ z=y@}IpvkAD8DQg)dgv}1`1qS>@xS_r;932WQk~w33j9Q416`a7Sln?i8Dwtt zJ2yH1>muL`HG+)Q+!tLlr%d zFS|_6RJ7T(We*V@zf(bxe-uw=@#h_xWLNycOt_I-^1SfrTsow9@=QE7N6hg|e|xp= z?Tg(uX9y74FVvCR_-$aDut>QZE(bj8?~?BK+li{hq&W4U4{B4IMkh-)r__VZhD&A8 z#-q@0S!yTH8wMT#Z>o=k1xuOKWVrq#_mzO6Vw4~}2L#~C7W_r^qn8)u z!)H)W&Qxj_LQ`;0FH`6g(8=84>A_j4BEcCt?tHXxFe_Fb_OTl(Bzf{QL#J0)fKgDN zfe?m9q=W+L}f8KTty6qCe6p3Om z#q6?h@srEm^fAtDkzaVFQ%*YEVe9lky9J!Dx=&-8+Q%s$2_uEf8y;pO{6vMx(8nn zklZ<(IFWdw7Cq3}EhYdaw!KXoOlPwt*)(LUeL+Lw#8%`*a6}ViIOJ*cQ(-lU?`{P3 z*&lp_%7g_$p1icS7P4`x-JVy^2v!N;EqZue$|WBYN-Ua5YbLGrlvt@JXy`=XOd#k6 zb$@mIfW6w-VEWSEJ=YApwsu(OGy}G?L0r-gZVpQM)P_@@y5AGk=Nn~(*kqL-Ye2Lu zGxzO%Ko6rTG}GiiKhLL+9H_3wKq*;DcKNLJj;>p1YX2QwbwQWB7G2bGv~)BLzE9d{^ z`}4u6>wz&D9Ej)NB{kjX9J0r$!x3^ekf$K$i4gC<8iEmD|K0VN?t^x=J^k%FZ(3kO zh%KKukZ3n&*@(qVzVqvoir(!E0r1lavHXKcw=VlDvpo3XkZk%a-u#zoe8l{YQWKXK+8 z{cH@!E8sTAaBX_8gDMFN&3i!-dQ*bKlSHFjiEphMgn#5?!qq$rI{~8Cu2lQ1r{UHN zkld-D&!i6_c9`LxKmNTf6Y9A)zxvgdf%$?KVEt#A^RG=wZxwAommg&I zn;GT`0s@QaX^fAV4U@~S*__9JKi{8OeNKeU3q^0r6W=&$2_Il6ilF{S)c)oETq2xzAqH(buQ z{P~!;?K83^b(RsAG;6gj^K_^+KI+w-S{dZ7B#IqZ@2sD3X$Jg%xJc`@ZapWhc}%-x zuI&dEt&LGv>^<+B`*EXCs!{PYO85cAJo2flQCv13%Ne_DZ6Nw)A5BP?)YhyzL@&mn z%={Le4oUYUI$9CbDzhY8{Af~@Ejf5~-OPAc9IH|GZaT(eYm_UbDZ^<9!2q25@-Ys> z^p;@J06)R71NAj4BWM_B5tJ$KPbl)WI&XrQrj|a+%j$VhWgdg}xqMBqyn_YF1r0q< z8)?Bf&Fz$NVB(RapKUveU&8s*=mz0v)8D4IW0_2)X-rnVMoUa{&o1q_thnL&7De+| z&0=)UV$ES@72}8`lE;B&7kOd1$N=iY@YkXH>{iuIjj6q%(!k0kxeKcw`>3aW$i?IK z!xh!T6o>}O43Qr9aLAg^XT^P0?w~M(wMKukEgdH?Iwii&be&dR)r$R8gl(Rb2oIDH z9c5|L{-UU%&`%cn5j?sPd5kk!nLZ2SuR@K6jU+gQb$g8TAPwHgrW=qa8PHV4MtOvYq0Zx=Uk7W_SrHKpzn5yQp4$Gx)vb( z26fZ?0Brq&3mPuLp!Nd+@Kdmy_#uCWFma6w50a=NLaY+;9hcL_#b0}CHi^JAlm;|VtXaDT z3H3J1~2jdApa3gU7?@#SaI ztgPOyPz?&Mt@{lB=3at(T)>%WioGRZMA;flvfS}bt*(UO59w|w&RsG+)QzAQhx&>r zXDf6$IhxKO;}`Ua5sumrjCkM;mNhiW)V8#~Y;GZY*VnLn7%AzJR9N?z(Nk%4x4YBvuz)}1c>}n>D{*u=62_>EFvCn@Q*8BqQ%i)I7Zu_c46B4v0wEx%o82>Zq%z{R122z{XmahlL9@$;rTlGZE9}K+F{q zkOJK?$ns_6r``GGs3Rx{ge|FlKCwrzf-o;`OtrWX@WzaKqM zxVry+yy<8`(s_OwM*2pweF^Ak9Rzl^%EECvt=aPRa_gKWo@zU|0fEbIQ$U+D`dYMC zE#Pnh#{(AI@0yW@n&ItSY}}daS~Oi&xoA-*YzFw)F;KU;h{3&Ad-l5{Hmh9Bn4xVf zj_j+Q41mRcl&$-8#crq{qum@I#Ab4DLi{Z~J9bL1B8SY-c}b_+0I=aH+UPbDZFBy* zgFius?kYd=IzBqZxg&p9`FoY|^-CE@zOdfVni7MdaQs5O7y(uRHT;9S+Jqz+SHsS5 z>payKRJ86uL0g%bl%AR;7l!4iOI3K$Dq#iU8o8~svk>Aa!Evh=XGVGxNj3uda=L^o zi?texEK&MF6Sa9dPE@gB+L+Y$PR{s=zGV5daJ|!&p%*blg7`Bl4TGZH;fb_e)v>%} z9Iu0$u-joV{*o!kr}*V+_v?vPVUPyG44J|Bg?uw=e<%&ITJi`Ntos$kPqw0+oi(vu)yRL-ZYRKB zt+q6%a81u)PO8PTNvj~{ne~Osfp$lnnfgs4yC9`lB-y_aNy*1 z#DT|JV*K@=xUYPI5Fu39nc$9AygGH0Jf6jwrb!%fsEV}D-^7mJG>V7ygGMv2gg zjS>O}33@_+;5P8gLaS8z2nyc{XWxZZuUh8Wa+mDB%?neq&~EnRr!Z_1{sUnm$gc_KQs;X9L zaKUKI!eVLQP*@VyS1nyDMM^s@(e6;w_G^qK zlpo`XfQPKFD}M&0zHZP~4D3-N8NYz0Xo0zw(toBF9;YNu_;@-NG@;Y(KEk4hup0JX zt+t7_r0sA~q0x}8Hvlm(Nl1vrh+#x0)teuElT1O*)CPt&w;~Bf34V2y$g$EyF>l* zu6U9aos;H<#mhSFR~qKdHrWTx7K1VCTSpuh>MVlTFq^eZlf1U3{fFCfP$A3EFbg)U zaSM$LC-Ncl>}0;KF-&&{hk{pL#>aR^`z>7uJ=C$H9D>9rU=wQ2%isvHlZSetkch%L zC;6m)j(AymXPSd^7ZiMUyzlbLll`r`Px`3YBBjoo{PSYXoNP=i?>X*@BhfyN`OKg>_{w zX036%gg5EX!fYK$e75zn{^-T|gcIqG767^>P5`oaFkyNLkVew`Dtj1j9T=6xeh@tp zJn3pzJrY^pF(j!`CnLVA+?hJs<1Mp3+M;hb5bj*3C1Owp4u@)L^z5m4II3UL5#OOE=|s?5s8%n|p{PMz-6Y(Vzkm@f0Hg#w zLPdhQG~F8?*75vxPE)yCmW|80R^rsqX`x4q_4LM~c_LFIO8C^F8_`RncB<k8bc}o=+u)b@ zOTeB|AZo3m$09mQ0>mEMUyW^=>!P~wht|0`UySiw73d^`Y}Y<)?Mb&xraXgm1G(^4 z!-I13*oHd&zRqh-YjVZx&0DPG`2eK$D8~y#n7T-rr4|5V`ddd*3C<*rrA=;X%;x?r zDnEo1=`q(Q(NTImmCiyE^3uvy74atp39kLs-gp65`)wJ~aA0<(xu*Q2J+d#${7foG zx@wF*dKAM)c-a7Yv|-o*TRsMn4Zgq>UoRFt9#Snll0AZNqn1oK1c@PRael;5NvM19 zoO-?&HT|a4SPSBQ#?U#7L}!H71xX4Hm@Vn{s-z9#3N+*wbqm{t>< zfaW)dHE7B7_mABT42{w?#TjVt;Ed{Wr<|#L{mz;5bSct}nDpPcS3-DwR}w8Imrq3X zh!Ya7d@U^}*!fUxMZ&K~cM0J#I2M%e8=w~Zke=H5x%V#_Klh(jnaA@9jsO z&Q9(Y13R7e&i7yZOhdhrxcA?4Hvj(Y!gP)rh|>k4!D1z8zCs^UZvX5CtBhv(u#fE9OdSf|kb zx4swp=`|S3mbg`)y;jhn9dq_!)gt;v&Fw+PQr~69xYc&X6@GQE=n@52t9;@v2|W~R zghut?7AietOSt+HNxFT8S^v2K_(eYPYQMx9xk{d7Wj8lLfTu7jXP?L#EsK6hD`v#BvQX%#}A-9a8Gl5_?@+P(fm*(zVE=6Kl@{eAoq!NHJ%ajhgrg&ts0fuQt z>KNKEcN&b0MN(*pJ-xj_41#CaJd{F)0V_g=2wq|Y&J&2SS!uCI3W6Z3ML$cW5+sL; zmGSq~fx=E5Fy$E!^J}%rov}gRw<9O0Gtj-Q0aH`Io?PW2vbiRJd9^Wt1_MH@&4@vx_hKpVi|O}gLU_IU!{;l#P} zo=T6abyM??jVbvj&+_$$%F09Zk(895y#5HXhpj4PYC2m_1m_-MO=rd@pXKoi`i>*& za;Iurg8uxLqndn};`=EpFB(`nzpHTq4>%GN^h$3R%g(Xfwcg=We@-R{2|7sAzgbs9 zYT#36I>LNk7!8k=Y%4+|9F;v4HWtHbb^590@siwGiW#}t?*25cU*1IirXaFyZ){?+1C@lF`2-W7QaA7_2ef@L2ll#TV_8f*O}?R{q%)F{$cTs3TgN;riE;>4rTl)C`LbafZzGHO46S}a= z+EP^wRz*eD;~F6B2&Xr(AsDZZm1OylE2WJR9{R2$i!`O)tTa2H?N+wa_?;Gq2Uc`` z9_b!#ZKC`>n45b6i~$dfK8lGqPqndnkQu>Tf?E1yK79fLyrLX=aXna0R?6tCd0^J4 zqFuwtzTb%Vvit?yg}5!Ns%5*p&iMwlVP_2idr%rC%g0~LaxnNWCJa{(R}Ni{>^SNc z%yc|j(s;CsgUMnIg@9K>Iq=zI!(S7J+jc*@aybP*8wD8>Lgw3iPn2_cv&pp)$Hvok+pEhjlt(Iib(=)8phF z`rQTFGVAY!a|v`Qk)d`xnJb-YNUaC8Ifo}zWVgqoP}vv$;e-$*+qZ>Qv8=&)OEE{L zvW=xg-I1_4+(Qo5963VqfY{D&fW&kw01yiE967P#Kc0axN z{BN4@E)^pdFkdjWPVlc4TmR7!5)@WY`Y-&Eps|CKxrw=fx<>fg2KY!FbH8gux@&6T96^)k)b)sMtw!e+LjH!PIPYqM3pONDE?~f`+}Tr zz^l`%q*aY|u&&pXw3{9bUZmK5qtPe!voX?`3MvCLNIlReiB=E$0TTsrbxT?h!Zjv- zca@oRl*C3nO=_=_uWKMjKpq$Wm3Q%@h5e3ZGV7>*!T2>to+^3GUPlynmXQ&GE#K|| zTg89XGqv~85x_I54HAtMULX_t)g8`LO>w1_wfBSX4Dci&pWD++oxy7{6{BA$P<`G@ zDkB^X|Jl&+@SLwdznc@_;l3<|U96MXMRx9Sp!$Rxju#YOq1#PP;`3Z^nCm$hD8GR^ zD3_-6SfEaGnZBbs@QjfE3=-a6WgNM!I#e0HQ}%N~o`M;a*BM};MA_hV*83cDs*Y78 zUZi})i**n|*=)#U_M0fAPt;~@8EdrWusrsv<(g;*c=k27Hk>`Q%))2=F11^Ly>rMn zx@$RZww}mGD3=HLAzy_C#%W38Emg|*ai zSg$Hz;m9t@G>OD|)w^iKN<&|NhvgkWDRY{6e0)q+A;7|(Chb=UT6+!Cd@T{PZ|7QJ~y^LT7quU5!)zq96EK8 zup)ERw*iB)u(mvh^$tL0u@If^IBmWcne)KDK4>X^KgtAhmP>x`}cP*FGy)n@bjyu#l6moqBuv+c7*_r+5)_)UhU3=UoBE#U2~{QvsZKmEvCV&}pF&|H04SxD)6Qiu}K{KAr4H~Gma-Um$X{&=m!dwFU54C48i zIIE=^-Qt;C^PK2B%=DbN%yhi;`PdJ^16>M=Q5XU$Zx_jds-|MVdIq*}4tFossvh_U zvV@`QOw-4RXB=2BAGcYWb9X+*hq{-`N!4pT5OuNIiKKK7;pw#=P#w@ z^w)o%YXtNk+mGTg58_l8{^;m9#%A=^d@`d)$gDqpDE>Z~Gm?eXfb>?**4(zj#oL=j4(K#!A8Td`f%%KBS ztc(HcI!Bz*o_`SSWK6c)w0!QghYJZo4HY{rw}>3RJtx1mIyWFela>6L$ugPFKIl~9 zP{jN_y-gcg@2p^hU{-9-aL*EI7t!fnM%Uhffy)OLX;GI3KRHBR;$XWp*=goAlbi!1 zGhHQDWM@pNSdc;z2~XnaGK}B16dj^*x(#4Fx()Lt2GMSM6xyTyA?4tR{=w zvzG0E;`nwG*KwB^=nNWD9X(aR;O#)2l2#j|7^w)Ft%h6L2%^`V??>i2kkT(bC9}eb zZ#2D;Q~Dm5sj^OwR8r{*mdjHQpXG^pohtOTjD<}}c#Fw5^M`gV16K}T4=VkmDxCDn zR?sp^FDlo1q0$X95p+++(=bMfsTTVoD>sZaE0ZW>s~o#)kI^a_il?1D z=j;NiZBTr7oBn{L#(}=CQmnA3iz~KFQmL)C@Aoiu4V)J5n}kTX63Rm{)bJk7BV$7^rI?a z%fboDMiX`N2H3c!Cwx&cy8eha?r@y__RqQzBNX*f1>Y3@c!Bx=+_Y0ZVGX;gUa?;9 z;vmg<7POJ3yHDEb^u|1*Fn38(461KyrF6pVzssGWM&EDehj?S($A5d7`uTi5=qL8< zAu*cm0?zEJC35bm{1OD^O+BOP_S7xr8|@%Ip}jnDzuMBMD?*S_ZCS3#_l`YhrD0kA zbJ&O_%R&LI)&$O@Svf#zp9s4ea{OMY9Ei#~NnqI=t!N z1t((9Boz{1C?y5^SYn6W!dQ>Hu!vKLIGWGvS6Axsg{tPSfN$fPB9EKg#Tw+C)jWQ( z-%e2Opy4_Uo~&i{z6V*EFtjxN<89xr|4w~uix_7++;eJHJ!Pc^Y>p-QB^k6aKGm(N z*lXDuKB*6_yW-N(z2TE^e`C5ZtC`q7RPLD({WrqCtB_`MqR0r1fR4%k4s;FUVON{2 zEuR--wZHu158`YNln;7EW~Isplge_W@!a-{Oz9Fe6IWSL@ZK{TiI zlchLk-nhAwgG|E7R?7bU4Sa$-!f?&M0LA}7mFQe5`#$zXm5BczsS<)R{L;ezI+cu4 zu$G;bL-x67wlS{sN3z?M4yMIGFQxYiK)2@uNn_Lx?2B<-AMehIkam|9 zrvG7pU9b!Z2E12F^(Ehx9XIqU@+Y$J$vSZNBr`mZcay z{d3J9z*V)4fr_E?7Iq@(TPQ?|?h7Z39F~{;9xcjrVErL*!#Xq1rPco)w;CgOV(zjR z>u>ZMkSFZh3G%LXhiDqhP_OmEfU}ifs$x*I|DfRc*M<7#bx0S|Q`V@z$ zujuwJSbv7pd#~rci-v4_k(Oo-IYK7;Lgs0Z#9F8{tlF zv?%#B`xsVZ063S(v>NP)Mxw1kOyx=qndx%%VQCTchj0J++KzF6#xwZ8UzoD|Lv|j& z3_k`KKefc;JY*UtI+FrLB6$?N0u z3b)0Ad9v>L`#Wq3C7I!R?s<501xGdg5h#yD0I9!U6M7>jKeEv(O!=$@_RMso=UwC0 zkGLf~I1U2#t*qGCbUasgx1oezf6;Q&?*kI`tB2dY>jv@YQ>(}j#Toa^DUOWSV-gH) z=OBBg+W&4o5Y_pJY#Pu-3pWpnTAP>dF%8AX$?!*nq4$*-ke-Dxt%lX_)kSj%st3a~ z@AB@ItYMk(AH^AH?`TF5o=6R02N$Iwm(NCrh^w9f+)0D)oG4AxOSk?&;y9An0B7tI z^v`{*=_=o<`S4r`Jbt>Zl%V0j1uz$IEjwzoi{17{;t%|DpLqD01W_dduJ z%$3dNU=GPRa@z$C!CN${=-dr(pv7mXGeM?AxC-Qb{U>12m)*iveR z`9$1dNf;~h{Y6cq6W3+Qyi>(25WUEa$LRGX4#qZE>TVHNbc12Sy7Ds@6-64u{8iB9 z>%iKlZlI|-S#MC8AED>CynbkV|GdYuwJlCO537%gXeIjVsC=_1mvm0CXABCxXN8fW zHcj#OU*g9z2;-IEDjb)*?Mbaf9 z@VWDe{Q4W+MsDZH~-j-xd6LHU#q`W4fKqrZNG?Kb?i+6$;Xe4|KV9p%dYOo z&Dud8OW6qcu-X5u-Z^qUUL~Q)0s2?dk|`nv9Pyq%Wtmj7nw0hNm2>8DiIe+ctO*dk z?rHT}ts$BbcGZRjk?OqaPP2N>7Yw4(dt0b`xy=6yWAtx-v0_T}&pEK2E+?>ql2L-N zKghIGEkAo|2Q8VwCuFn)3}G*0@4Tz_#^$iU8y-Q@?*{ECMsIA1>P%tWJzD853{p!W zV+#LCh5MnIcj?g%k|t1h-}BL3eP?Cc!mvhcLbZgTmKwUY;`<==5}BbH;Jq1#Rb6j= zv=}bYTpJo3FUDz~P4GUZw}>=hic3s0pD&2l#&G$X+Rta|&7|J-x?p2~ zNzPj&%~LXEjNBHkpEs|9L|h)J3jd+&gjG74OO>Pzkb3|($@1PT*^6FH`ROLmWHYj{ znt&UmLnD>!Tt8Fbaj=Ab8BQ>{nE4$Go}NcEA%O7QLIBiVO;SqBX%!4Y@q@zp`R>W07{Q4gi`;HHER15I<^?-bgGaTyEr0? zW}%(bZ0#O~9Sz`M-0w@m@5>6$5CdZT913<)JSC9TbnYl5)e2)x^gCyvY!M*g>1>F_DKiy>pbqq;B8$M?>s_%Zp^Y)6p`3t=*BGi@5T6A2elVryH3JGLn;}@+5 z%POLzL~x5@rx^WZM778bkTf?wHRKx*YsoD z#R4+FI`kuN|826qb8nzK^5v61zQQ{G|KgkfMgX&xX?N(MgV*vi^m7Xo70&=kC;QaX z8<1Au6DA#tLLjt?v0}KgB!BwG6F$5wT&`vB+0x$P7;`v@1N`G&~t}jZAO)xUhUe0zbAZJhqWoeqNP3FxtMdhn6$7!cnYb6i?WhGu9G^4mswK zb3#eV*7>$}B;u{f&Y`GcKess-(-7&kC#9}HPFD`v$f#ca_kmPmiT<6G91KjOv;yaf z7vkFhS|F^1lbU(ns#6et!49+^E+FsazvZ^NqgapIuOKDWA@Lnw3fvq$N^4yOr zjE>uK*3PLWDC4qGNm?(&oSuDG8IvMpg_O1>&m8ZEkB7_5xBJN&-*2fx{XmSdKDtP( z__f5nueIEIDiSR)WBNK0&;Xm=S-LsermpoXLzm+_^%;o^I2Qa(O*ovC8BSy5Gug#T>Rl_ zwnZvp(MmNDM~8hQJ2-U7nuF$=fKg`s+Qy02NutQBzY@rX+Vxjs_dAUTmOfg>vVWZqahmL#T;W*2G^rS;v!)@D?P!_pHf_4jxu-Ah4?B< zsk%Dp<0uLwUBSfS!+o!*1}H&MNl80B7UApS$FUXr~pxn9UX3NcHO(LYEq|AY{5fKgw zqKK3iO3=!e;B}An@d(tBd+*5hk-))c&oBz+c?*4E5fOL-yJC)L@1V9A%mIL7fWX=; zI*UEjBOQ=gdW*-=1Nijw8WrsXM{N&?bHqTfQB0ah#JG@1WC=kgZi1&Y!{&@ntlbTE zD?Rl=L7c^--qo2UQNM>snCTw8HEZL5P=riTyG(xt`pB4P*>%eRI#k;m5(?W>`c9WX zBy~r6lt&7Ibv_OJE2Dop>wP3@q>$Bm~5Ow^%S8+i+kSBnX8~sEXx$xw75& z#nuRD$j}{?Ztoh+ie?MTRoVZCv3Cy6?A^A7)3I&awr#Ux^NnrWwr$(!BpsU_+qOFS z@~d;|o_)T(>(;G$SG|9)IoC7wj5$V?uE2Xs%C+B>S4Qxd=s3bv*K@Da4BxZgG~Wb{ z-sfk;rYLJfAM7kQKHg4{M|9W&!OFGn@%4HegW&NEk#9FH%@ikK92WnY*wa_YA6SQ; z1+B4jV`m)b&?$u##l)--Q8w{NF{sLkax@IfyPcN;=OK20jXxJTzd(mfMa9X2k$^}} za#=oUD`B2TI`j0`p+y0Yc&1iR9Na7?zi6gbMg|cm3y3rDOyW^H(9986W8?Hr$B*nA zcdW@IJs*D@_g>bfVlLq$^wD(`;O4+%oNh)zB0bdn)9%%{BhjF=QG<#B3a}GQdW<#k z(;V6SxB~8NEHZeEEz5~HVH$~8k`x?q#1WO#B{r=&MqcDY3H#4GE88sm%l>B zAi>2w*EVtGLo&oCqbRh%J;slw@epjU zux`y@?~ldSiQ({SzH7(fT~nq>)afXW5M!BN5#`Z2QtH%bL8wj*Y{j!6c0;=-e9YgQ zJaP~djh(kLHIkbYUk|F_O>S9-QAk2>=jgNwjnMMeK)Lb;bVt(f(F7aoJ zt&XK>t>Z_CCDoS$dwEDuV`p(9un?OvcgjDM+SEM&RrCI$?hrUTy$9d3=^^LiIgfZ_ zsH(#8^XKD&CbGHRY~-_*v}(2yCk96IOda7_yP4F)x3QAH=Hoiwg4m)$w7oKQbbkW* zK!lh}qd}I506Y$NTvkgq1+^lb?&evY3-oNqUkJm@2&&K`%TLzZH4_NaJJYr^JH;6P za?z{?_3oC72>y9L8o(FnDjetuY|jCR=Yq#c)V29Cd0bazm`n7`hGVXCMp(hEKfU!` z%WT5qGIpH%Sj#mA_$N8Mh*}8} zIONkD4RnA~r+``y`o{NgWa?nXfspWH9U;n1BX1K6hoy-btxiZjJ~&=FtsYBri|69Y zVV>A$G(H*BWfE#H0sUm3E#&>v)M{hnsa-^t=y;{4xjBYR5KVdk)2mES(@N3;T%|P_ z(PWvGRm4mn4vCqzY4)~(>|boNNU|dnKj}{4#+QjmkzYvVP}x&=zOyn|;r^>*;4#63 zc>{UOF(`*)0Y3kWT>C4-GJ8%@TY$#K1U8aMvt9=`ZYHX&rI;j~(RzB?{>T@0DwyP# z(dB+OqZ26gh8y0P%}80HpvMhRS>SN(SvaYUn)}Z`Uf6PYP+iBGruR3sj?BOcg;Eet z{gF3kk~Z3R7m~uRQEjaw#8gW4NXtotbXcRj8-_J@90p;jK711WYfA}3jqMM2g8&|j zdNu7u2{)%-V`#0OYB+kYsUzGEprmuUJiM8!a1k;=`@q9{dp1TfW)r>)@l5@MPS%#@ z^kpU2l9O%;@a`Q?-geB%8-CWJo}Rvn)7geWN8g%av>@af?EKnS1&I?olkYuTt;Vl+ z;WmYGa zbEH40yk$sXEPyA`Czz4g7+`;jR20&7EEmI^5=-XM@gN7{$o3|1WIVv~S>2iSjvZvZ zlIxuQMS)1V+6PX5Kxh|BvfI_p5Pv3C!iXAp9quH{VA9;YP zp1oZvNSJF~+SO?GDBiD>dm~YuRDdCzxoH9yFu%KRd^-LR7Fej~OCIoo-Lkri`bZpL z$ohc3*;fylurh)yb=q!eVt#Q++BSe>)!2eNbK8{jjoM~EWqI2;aC^~9@|Dnk;&CJJ zv%2ddK4W<4@l|DcSMHf1=-+|ANZu8NkR*`x4AEnI6@eTkxMkRVYt%Q%Zs%AG7SH^k z`P9f%kj4L%I*^z7VWmUXnRLbc%2D_*WB>T#^!aONJM)9b7oCU{NI!kpIlk1q)Q)gb zW$tCD^VKJIF3f&TYr|lXFKFi$g|U73JMZwlNQZ#+g$L5kqH89dN#TVhn~D!OlRCD1 zGr48eERLo=d0mSBWKMIpAx6@p5u2ydJWr;r3ZevSnu;oFB`GjWi<^4G9L<0x6D4Ag zG?gIoVQpEirQChfy~IQGu|%Kyni!0xnMma^FLD<8!de0#ypAP`N{-tS48|IME1I}L z3q=^NEv$}A-M~B*<4Elbzb6~;Tjw|X)lTO-SLV_wv{eL`Qp#|Kk%Qe2-=~Md$M0Ev zf|x9Um|uFP@DwC%`KrZEX;M}<%HsE2ci$eeBa)26$Ms4H)!Qc zzvx=FWzUaGyncoc;9vImDstsq&Ve7}hNY@QGkaq=| z!z6E+1|M3%(Og1`<$7J%vlsS4^J_HLbn0fSM)`9=z$c%&!GL79l$&!pD_hwMxCc@n z4|`w?;Tw7!=5gj*+vmsF;iST)Mz%%68oazrVDC!2@;eGhY99yT9D%(nr0o(>yJU|1 z5#gT`wH5&&{A0eOOP6<)*h=<*JsZubTtQyeOF7MsfLItCF;A%_ag3M{mQ3n*LN$i- zc#nMCp(GGCU*gWJTYBtxVgM~U9g#u9*p$0Ln%7Sw@mALr;V2&4er0wS&FcwKVdU5n z3#tEeAHLJBP;gfFq$8<2Bo`v^3WBwaz-mjcnPjv$h%!#xh&S^0yajfgZtYN3!U6Ku z14^f~pJ`oj)tpK`O|cbW3XU?NpNmO^QS}Y3+LqjwV@nP!!258pHL1@V0}LC+sdH>Y zz9Y^A(w+c)OW3y)O?X2=>;Z_~R}n_hh^6@a#FMU{5)S&@#_!15i_-#A!LFk#>(0{y z;$iL5zf9(y*@ikS&A$By>aSh1i|gM`mZ3X7rdwjKF=(5rir>OvLD)D?inbmpFn@nd z`)og5abf>%WZk+0|JHG#rohC#)9lS*4Xkjc0i)F)U6A^O19!Xfs!9q~g$__h zUjyAiy3@$*IoP#HHK)KEn)Q(P5Cd?;BxmG%QN$?EcKU8d4WF`NUe*y_Q}n;9q>t7a zs`d?-zC@GH9kb^2=5xQ%Es>b(`*)B%Kv)(F%ws(WG$-~JvcI8_o#LG3+nsv9v3yME z@2Gr+dcC{t+#|#sJKE>QYSXR0`a84n0rSFLFlFF_{noReSh4HT8sr<@Iyuqz3~ZS1 z8EK|3er|t4rdPBZ(L!ML2cBt2TEdLF##WAvV>&-N4SggP!2SO~>7c5-eyf^ApPT z6FL7HSbE{N0n^A!HIvlJB+>#e@rttoz^;Z%o`k|uBH_`rquU*fyFTj_g;w??mqD~| z7^m_pSG1__*UqCi?11m7LtfqtoI;c|w~CLC(aZ#r+)zYOwf^ zT*pPhz(onsMUd$$02iV>(&gEI2faB-MqUYr@jpZ|v%He*l4nq>ElHA_o^yFr)8+D0t(LakTvLS@uQt|t8`Ju*8U4b_;B3_;9JI& zaU;s{BXf-OMUMCiDjnHo_Fzj+WORqr+({Hb_so{NA^ELRa%=Q_(7oMFRwesw znUXFGW#eIc>*KECEOBE- z#kC?euJeuNiC@dUaqZEbZ^6VaaH8z0%-+wBVQX_BYF0Nq_RGi3wVs2~d!33wq)B1Q zaB3p#A_$;Q9mGS}$i=kjWc$l7GKs&|t;>?o8Y8d)L;8GbmkXf~f;-Q{da#v0r=)?! z_NXcqATiT`66#Z+U51?}$0N|v>T}3lirH{)u-#_Zmm7}nnzDvxS#WYJSi~x_F_aa# zgITjk!?=^>j52YjXjA=iINNdMj!ObOr2YUKm<+qwb@EJfeadgk)hkS6^E}6U;BEd% z5lv58B^8qkQQM|gbX>B#^HTgoP;}50Yn<^F3a1L67ai5YYX+sV*w;vO|KzJ*uRqc1Y8SzHnWvLc1e-;_Vr*7#^3{E zk6Ise#GWbT?px3$Z5FjR`RK;fnfD7)QCEKAl>$4HYb{)Bp0T;O&OnCyu6fq#p))p! z4jVfnXbKw};jSD77xVY%h%gTL3Y)tMkcVEtAud%$mk!;tO*abN9fTXjz{(*g-@sM^ z)}#>fEhQeAs}eRVM?#-)XGoWYr?D8~N<&9hEc_{r-Rq8ki0?#ST6d0jC!#*1P8q+I z+ZR%5*mxkD7k=gnTv3SC@W_C$Awk3oC+UiBdg$ z4Kh)%yZQa@^-|3jPt8Sc+E_$t5r)gs40g?dc0KNi0vuB3-oK~3An_gxCd54@0NtKu z{%82i7Mmb*{p05*-FdmJHHjOOA)_qqa{snpL$*cGy+P!+IpOGTyW(3h;SLDit3J-y z+i@o!K(+^i;nVAgWQb5NN}b6BMR|Ao%@J)2cpGBt?OFKyIn7ad`J3HQdV3V7YQB+M z`G^TF8Xb$=JN^9h1zz_ymuu+_VU_Z*x4ine>)U@)KPuNj*856QkrX05oPED zq8k%~18UQ^w41rZ+P+nW$^P{lqEBT_Y{WEKXMD4)^}a+mh~X038?dtD zx-7ZP`l^Wx?6i=pefF+;{WsQY{aunim___}!2ore0>5=hTkE{G_Gt~Bxs?F#RGI%z z>4`WcrBz|vvYuogQJtQS3<=z|)AeIGnnBeN^ zEZ!&{(GcATu=fvm?rn)9fBostV$%xgdoDp&;VY!?%Bcmz6Ea0R&J?LtmsAVkMO?Tu zLMySkCFKHecnag((Ezv9iq1B(dusU)Z$Q}~cS#W>TlbhU1HOH{&HB+o$rt%#85i83d;$mYh2Zqc>XVzs484#Y>@ZnL{FsuI-XO&05 z)+W^g%W;sCOIXOlrKWcy`OH(=hd~GH(Waz0SsJj;Rik~J&&WDib(F&i?q9mf#C4Mc z@<@EQH9>wYzw_Le=}oz2%qhrQ&c{Q&Dqas1>#bp>n6mXGaAhwN=II}$B^E9Zo9H&T z(4@2g>nf)@7^ux@Ce=`7w56FEY22f?+!AeSyuUNuNBhALXRl39fazV3D9=3LB0}Wm z`z0SD5kGOLNE8;S!!|r%gjbJ2WPkyq2R182mAXDS=6SEf2aQ%ZdO|}w2MI>jLDw4SI9;A^ z3qbdEgM;6FTucU)K_nG<%~72jEZU%MRHB-c&=zT#UHk zlA%<{fo}7`{+K+aRGTSIpqAZNWmzgeWL2x_CySkzZAm<;#AGXH*Q#7Qb#93)q!y}D zOI)r*)ve|}k#5PXRX1M{vBbMnJ)TWE)A7{Gk?>md^c2fcxUPUXT{$y))3V9`Dv!BP zNptM&jFu>$=n&Q&SUMZw)zlqxIiuFAu02v&Wb0PeoiMLDe+6!dVED;#Lv|+KD{FH^ zvq;@5zB$fON#|X)HvU|>?jF|}w5{rPr+#MpNptjBakYEBNJxdhxILZ{ZXICe(WB76ChW@*7P#Z$cI=S*ePBFq_e zi~451o~rhu%$e;YHD_-qT3yxgBF-7#W9ge>PYJ)eT~*x@&zbgP?VJ4HUx&(d9Uo^t z>bYj9;Z58GDin$-ev zQfF5pm;6%4^dX~b^7B1LY#2J9v3e0&{-Rq~F~X_O2*rPe*aBmlSE!SIE_|J#O`I5* zUxAwlxn6TsF1>><9fvbF+C{vygC217uH3f&WD97v44{cvk{!4XGDBcwlL4 zj;lKY^$>4_Warv(s~&^e4c2Zm^NW--j8^%sQ=DL*=35mz0T)rs7_j`s^Xk0ETc_DZ zNy^aq3SNDc%d=bEVpXpjOyT1At1Zq@XShB#dhm$n{+ES^VYAk*_>oL)(*!w*7Esd{ipV}t3dF)c>R5$mIoFgf*&HEhWT?>m4Z%UDNfWDSeJ9>g~ z#pm0L*l}+fb>4Nc;HdU%_n{B==~AUl{G{lvGx8Hpg#6MB|2Dl&lfwm&YR~-8vCLu|%ZAnJa3J#9b4X zG`&_BG9%E|xdmTt(hV=c%z(Sz4%~;p{|0ddz`=pⅇU|zG+{-Z>|3S*HzYl|HJhf zqb8$*BZ2q{4rn1nzeizABofiWygr`y2Xa$|DAM z?_vV_Y)Ma(8G5n51~Me>C`mxTqVExa+%`*|w=J!~29UA`0E}gub3ciAu#zBVve_(j z(J-RdSY?lCF>9(#(Z&YSX8|Xr9(m;RM7cCrxOaW38w<%3(b`O(qJu zjXT`m4psv+Z{H_Q-RGH0E|CKDU?>-HFJzo*-xL(P^%#{Tb#nEP_#9J>VGvMuadZ$^abjJI z?56U{XpaU3lI9>bVhnP=I(wTEAZLxW`g;Z3bJl9-yH54C+Tr1y8{i;WWsDb_?uS3A z@5}6X*aILF_q15X)}3<8)hmvlud>CDPZcJ_-mJWS zw`7{o`1pYA(9_C#eHuD{o=W7`MmYIm3+AJW_{8LKkT5&7xMMj#Bc_JRG)?D*w`?MOJ+bMCWx zgs8HhBm>6H4;Fq!4H8v?>U$^dU@g43rbH7sFq1$akPZ+e9atz0%5h1>NEvNp~pZ8ww0<1r;WgaKN9Z z+_r)*6k;MEB-V!E{6W!8192mi`l3EsFDw25n7^wQcQDR`H_F}=W=W5Mp=|0;NAl*- zs|a~Dgq(!ELg6c84Jp;Y#D$|QMl3!-=&~3bBB=VL9YE!D!cJ_{%aBSrq;Hf0ag5tB zzpD4shu(dmnLg~N=JUocUMM~RGA@l0@i#O+uT787 zrD4{tOCkP{$C>4{i=z_3YKaSs!J=qO?(<(*k4C;Rg4k6U_gUZ3=pQW7f50Kx+1UR> z@d2>2{eLCd{&D=V5m>mmw>SC0`=4pHPyaW~Ht8dEXf!NrG%Rnfhew6jG*`s%aK*47 zicsmvw}4~G`8$Pa33(bLv*aFYpwJHsAQTW#Mi3&9_>o`z&__xg1CUv5^={LG60{B1CY>WKMn~B*vJ9_*VR3Ic_M*f!|;_p720O6Xz z7Yw9;ArQ}ccUDY>aww<)kkI#5TN9~2iLIFKv@m9=-2m5SG)`10(Y57(eG@^r^-mDEX}1#Op3_yN z0X{e0an!EfiJl(_Cb$eq6&92tAZp-@i`X>3bK3T<)~d%8HK~k8ACIZABPBaw&9?Kv zYui(9n}2Z}{s|XwfH_}fR5ULCye|SB@xOF#Rf7&5^gm z#u|zXu-9>A2xKqtF6k$0Bua8-WWBZW8_3&yzhI+4UO^y_^+L2r+rY;m8`X3J3G5^)I=V$J%7k0y1W>~n9&m%&ytKL}WaE|*Zu zrtvb-zyMIQOSKc*Xd)$_`-pYcoAI^C6EVrp|7xYc$GOmEX$_xlktIbf+f zdjt0P@ypAr$ba9aMliub6`wIuAI}JiW;}*~oQXtU7ndI?ak= zDMzrSTFu^l#JHf~l%K4!HiT40U|Y+pY&oFVdq zs?C2F3&g-{>)!Yqao+UMNa!;%sdwT4pGdOm_wGsknG3*)R)vCyw-t?*cwrBJ@x=5h z!sLpq%y0(EmGg0I-}iyj4cIeQL|0SoJ^8JX7Vqx7RL!QDv%9}5kci(BiXV@tHmLc< zan^Fs>cc_DCuiZ(3-XanF?P0d(5Lt33C^Do%!t;%!L#hm30JxLv%N8~WuL=J0pp7YhvshFaMIU{z0{4IrS0#6W2|@8_7= zt%YoF+Bi76KJ!>DDZVz6<~Pad#7Vk?SJ~9Gmi;+$sqAT&k^8oT$oi>!b@EjHxw{QT za%7(vU1t)=uSTq3zP}A5d{{^rY^I9h|>ZpmNRV zW9+#GSSFiD9-aE8DPnmE>!PYpx)VJ^H!)_NtSjs%hm5dfaAEYpX^qJ~$*UTyE>Zp` zqW|NeGX({9yKfI^eS7HNA-$p^)`m__r2q9NXKQL>XA3a?@7S(9CjUzjl`pPBk(v@1 zo^#({w8m@Ef{>haDSfe?;SowfCM%ifBNc~@{sTy0++AO$kd*eK@Hxk8hU?k+6XFb=Au0Ys->n zaSSWhhKp_j16d)nK}h`pi#ev#`0<^C{@SCq9;>7G4mQLcYAKcW|z}*e|b^l z?W(!*H)31YhA;WLw2E0oENxf-8$JmSdH$#oO5UIF&1?8D!F|5}8}f@&5|N+DpyF)T9+ zk)RG5omh5Ki`*%iEH7A^X?)8eTG??zW5n=-f$p6Z;z`QO|J$EP^TJ@e9+k5EcSD!i zmcf?Y53w(G5!kG8h=UFWim*~BARbzx{PF0(a!7v!#jZ1bvtbtr{x1^s_V+%%m#cS$gYjFZDcyI7((>ms)gZ>>LSRKMw0k}6?+a%f1sl# zeoLcAGTcyjKh8lgs1-<8K5WJjKUud2r>C7>E% z8Vs8v1g|ICN7IWsj0sMMjdh7NM6z>=c8rGMm}VMa8en% z%3NlO0{bb;o`kwX7Q~Rsg=m{2#9aG~DV0W3a-uoVcxgeL6r~sSC!ahk)wrWB95Z7^ zrOLg-g88A8Zsc1c24ix(SFavQX~9&a?cQ@3`4;WO4S~*5U~#_J!N?My5ngT|WJ!#5 zE?cu%f2l@8KEg1*{vpA)Qo?4FO3VqLma}Z{h4{c+aPqdj65coNc0SAOZ%pW8$&V;hA%~bd#JX^>Lti#V^@~uNEaYM|X5dU|tPnoHz)Kw=Wanp#qoD>H=rU6lpc!{uyiv6f`Le1v{| ztCGFIuu1A`zg%D6=hQu#}G;P<}|L(-S{vG6|!0p>qxUWm&6{MW@xA2lm=6m`_iK@u!sK{3GrjOL#r z_2AYmtuMeou%ZpXgi31g5{aTivA8oRUn*@b-*0)|3JBI(pgYgB{;neYRnpx&HiPAi z?)*8;_dM-!(KXZia_#5$7cL*6kJKJ$Wv@L~5UzF!IF600qhLQjdy;L|yLdm|nm=`l zf*XFqQ)RLYDm@(|2_;FP|5spoVEQoU1?ZZ++$0@dn<*W6J*WgPM}Vm}`EL}J$ibCa zUN-hsKd04pMrJmj1-}8Jx$B63unvwOo6TPgwJg z3k1na>~*4cb+P)zQR!)|C!0n*iHr+(j|GmBx8!f^qMd&GXS3J3(v1#v`f&8LvM*|7Vo`9|{;X%oAhP@V2& zI*AQ$lDz#12ctSFk!r352fVCElLt6u*2C1EY&Od%>a40a9%^sW1o661-MZOw@7|;# z-D*+?L_4wu>Mf#M_$a9YidZkHjj)6v5GI6#n0+PWyosZRbcXn)S$sKPWc@vw!VBbM zDO`PuTew~{7UU5(DepLf#22MWg_n%`7*9fM*UG)tEGF_Qqs3XQzn0MsyP7j}S{>`^ z?+S=omQ`l3N`l?UPKiWwXXfGN86Ik6rM$n{BUqZxw1aZZYi$c!srMpFYq4V)PCa*; z1f#FgTZBh+^jfpKc@>STYOBupkORKhc5@i^soq^1k~27DQUiC@x0Ssj{j>}9R5WN9 zn#V4>yoFK=i(=!YoVp!83xsoxKGPwKNSt_7Je@pQpC=a)BJ$F4Ei`9X&`*XEIQ2k#ARE_ zD|~uZ{QQ)A^^C7;c;ylL#NNj)HtK9Ev9)_vDYS@aSrQQOhV$$!DWH3TjbLN_Zfk5D z4%th19@tpzfG$m->NP;zYOLM-ZRV{PCDP|VpmAUh;BKz>+JP72P!3AOJ+602EmJ5q zmS_}Kqo@>KqG%K_lRdBZLCnU{Xls>=cs9FYZGf}RT?ceDvrIN`kq=y#b~s^j`dwSM zrjB%JJyd;EhAZv6nEX|Oy)u3AR#R7g zW+7A_>82QEWg-|!IxNN9gX-KPM;k_i8h^0u?A$puD}i7B*?P#EU1_jtZ8Lr5<~B3k z#$4kV%eA@}u-JCq_<+qB*B{A+<0?tW$0M->;bD|t#E77p@X*;)C70YGy>`qfQ^~UE z#@!G#Kcb|kEQxCn)_4Vd)|TvWLKf&SThN2Fk;`}NP{=6fpe?-jo2zwf0c~@+FxhvBg+n>qm%NSx3zk(#+dQ-_Aix%MOIk#wAU~$3}P6Yeosk^sy=q5bVSy zZe@THoI}%3PWohf9c^?uxqV%u_jB_fCk%SS6WmD}Zi#EY!>m;t){n+-CiX`6G8Las zl)+~7sR&X?l87M9O23$<~#Yu6)%jhK_L$Ts7e%jf#0h5XRz zl%dbUXw&3Ni)ei6t(cYFCA^kFC6w}e7=hxCF$0-U!-jE!m$}}-EA)Me>x>?+^A^_! zJu@kXAs+D>o1D36^dn`Kw1%lo-|F$zP9UHs6%VTo-z9h1b=WS>!C{b15Y|sBvi2gIU)7gh+4gSu(O5eHn-zC|< zCETTK?OpzRT{%TaT|Wm zf>8CiFF_P)e6GTLPGs}6ascMg8tZduzH<8Sx5v$YbGjzX23D~MIK3RNdiw5p`kbx~ zpZ)Opi3>rTNyIN7#91zjRjlu<<(oW`rbJdG9zcTl{|UG*Da`}7m&Cy zO75A~gjBj6$i*>Eh`pMSI#CNIkVDial+(zdb?}oYHJGZ9r99j-m6FRlD(NkU&xz08 zh__fPaXNia%UIGz-pom%W3t5L3h_`n3*?s3k66#Mxz)uxqT_|F!Ff7mf^}=; zMI4%$TD*Q5!8^FPp&CvQe{k2r;qZ|S%D6a3%_Ixa^{}*CTe3;)L6r~ja-CLfre~VG zUwsR@#)dg*yen^%)26C5&%DZT98E@h zaY{?A_Rc8#O)6q`iBq@e+<{w|D`E{NE>$$bGqB02tr=LDhXv&^zvu<>d92OFv%}H~ zCY{nj8`=yEPVHj^w>rW5Tj4^Uuif#oecBM(zHA4qU2`wXu}}AkgRU1UaW-hPp4k^G z9OC9uZCOhBsYY24s#aN1skf-VNDZ1QKn=PH@b=T-q2E;nv^7Y0bP;y)a7qi)!q za|md-2J+npk_m&TA1}l-xCs@NbX|EITdcP@m4K2v%UZ8&b>FjQy&=K^5n%_B46v%M zou#gga~TAU4A+mai!;0}Be{=A*A9477FH2bBVA|Dimp?cFka?P@BGnl4oCtb<_>+} z8g<15D7+{?dsMtDnwG^gMPY18xv#326-Bsgq;vX#+hkei$BIJmt=-dK>V-XF(C=Rc zI*bbtyF9o$N1hPRniGwqG4@5iw3NXP5v9H6k9cpGZc&r&4(uP|U-2UZxr|qG~EXQ-;iehi{$lyIzJ^226Ny-u5E2EQmeMEY*k2bZJHz zl6|0l%!v<>RERoPoQw0du~-rSU5c1=2MN7N+Q;KLr-@M5KGPH$YMwY?>KUNash_f? zt!xYKF_lv$nC~r7x;HD?b0%v^In%n4AsQ)k^$PjsZG2};?{=d z|IHpBqSz%rD2SLnH4))38f32gqYwyM7NHO-0u_lYJYRA)zsX6Oo_jj+lF&B_IwBBZ zrwH*ph#0Q0eKV^gV{^gVx5p2NQ)FEXUmM;P_X2qwp~&$0w$n=?pTA%&LN*aPNj_L_ zoVTAf+u@l!i4hb@8e_ctAu(QnI~Nf;$ATKFC4kwn-5c7(n*w-B)(J60SV6R!`9lVM zzC#*vI2WDeN^ctz%dJ@wdF;jjahT zftpJ<+Ym&X>zMYZ=|NGkuaH#N_F zJN~z=>%O1=Fl_r*dn-EHIolcAS^xL2O;Ju}P!KhHrCAO~<^AwkPE`@%ch?@-Ps&v4 zpV0Umr^+hJx~rsn+jpeyHxMsHLuutZVmI}6TUi_|T^H{o=Q#ex*6#MRZVhKfF^U2N z3gkiYf+E5+tlU$<)1|_P^M)ORkqe>}f3ODr2&5xd7Gy{XdnH?NO%o6U?8J)GPh(_h z7gbk_)BDCOUGs{Af48t@M8pukh}4w8rAVrbW%VR9-0x6HCqutb4R_#fY>uw3{<(@f z58jcJwKeugK&{x^t}F_1N9D)1=+vON_#la!rIHOm_Qcl_gTXQnuIYm4wmPOSJS2?CI;AkO)6&q-Axzn*Ux`ciATAr&~@A4q5f9C6n5j9=#W-7Sk0&cQRwYRzj8QD6B z7!~c$ly{8A8cjXy%BVM8n$`}ax(^m7k3vtiEVsFEZ*sMr?RyT|VjG)owbM^HLaa!-(M!?vZKw&O>!lUNg>hSrBZ*6awN$bW}0C3{MV zQ4zs|Zh3!`r)C6Sx*`jAQJZX~Pl2zb-AM%W|I97ubXj0Y(=jjG>qwoN$j~D^pOyh= z3rKOS%(MieTQIdII4y-wJJf`lvS2;WDJEsM-j-T==9tS&Z$*g0DmS|w=b53JUW$%eh9^H-$dHhqE3W7k5A z5X5+oF#)Q%#b&K_DY@38K6Xpa+KpNB)1Xy*Q~W!qrQ}Piq;JC!OuYh7<=a34uH-M= z@e}dT^NMefdv44>Hg>R|5UzK~)qCjtwJ{&zqIX>-UO}X*x<;))+2asDY9##jl6{Md zW+L)8TR&&QiKMX=6yT^|r8S6^diX;qJT7JR^?0 zKVaT;ppqj!aLJ=J(8Q{U=|t|c3f*%}2iY+Ux(VzUzomFmiw!?45(z^<(p2IR3M12% zm3@g`0AbAg?fhbBXMe=z2Jxf#ydt8Pzvmg+AqxFe;=Toe%?ox|cS}0V93(u7Kgjz9 zH;M8=a)ob<1mo*|+Iny6F1BHw88YKDDhRTeJpe*ZIvQMV3GF?(5Y}6!VE?DiHeUIM zj*(+sd~7`W4O*}GgZ}>|ra1MY~2HiYqf4%87!?*1={W?9h{q@lTn~(Ps6b=)XBtXRo6M66yGK@ti z8*VQJG7uAW&>r%5$XgGVgs7YP2nH$Hm^F|oI_yRZu`cXJ9Mqv9rC*FmHo4&CS;PC3 zNESQ+p13Gqw#~*zD8Q~;Awa-xibnAbE%^9xLj0)kgI*w!t!Wwt8o1&!ha@{z6H7$s z&|sN06xt~%)JHyV(t(2CqU3QS+}3=!tqaTEtkJpAW45tuy;k1LsiSpYWN`1xd0-49 zn?7^Wyl!qj4|yx-G|&d8l%#L0n3m7Dn886FPSW|ylusfSq?Ze*nf_rI025Y% z>2!d#7L_lw-Ekjg68-4zA(4$Glo8{0Zjt>6ZvwrF#&wx#nqaSF&+=NxuEQ@c+($59 zeKe;RY~+OQ4X*U}`x_aPX`)Vb1ywB9AZqZ)`;f1W9+w%K?8qoAkLz-FDN}@^-$>7fcc^rx+;vh7=+Na60v`5O!0k~LPwMXHIP!(+{u zW|Fd|^J=O22BHbW)j++dqV$nmvu+|<9C8y%VvS4P{MY578Aw~qokcW~wR;>FC$UPx zwd2i;-8MSYS|J`Tdbr{ZI9`RTaW+c0VhFF#Swk~si_T0XtTac>ws;{_;WazCx!G*< z8`LZJ9*!#U28IwT@=zrmG%aV<=K_-`7x9k@BC(IfpGy@>uFd6|Ft!I3K%p2%c*e1K z)FC;ocZ;z!x)xWT{7payKceFuXc2ThR#wkolk82!jgNYA@8bb7qH=Z48ms0aB zBEky1ZUCQNH&(q~kRSBdd=%3}Tj|`Oig9qO(U`6Ip&ILl84vz=l4I)S=sXd{lK&rF z=NO%9lx*wl*tTuk*|C!y+qP}nwr$(CZQI=8O`kq@-0suo{`kgte}ALaT2=MTs);={ z#PJ&|$l*^!nIyS}9d=ww#@|7!gz0=?rj;~**jlN5#taZIfM> zNbB}=KI2>V(^_%SzpZlZ@`z%gcfKIw46Syb*;elWjtb!5v9$!q+d^%*>qB9pB0`7R z?CV0qNfdeASuw1n?78|^CvLn>4MR6b;(UGY;^%}roW(05k|}Rq?Lwcg8Xq9GI)Ht0 zW$hY5=KdxNho%kUDF60Oo^oUhtr{G32}MTRf`Jnh+@I~)pmV+^D!wwlQ&zPmW80;t z9IZkWRqeEv*af*i*OT#R+ZajaQtodbG1v+?F@m^I9S73<>so*bMnTT!!o|IeRygbX z7Px!M!x}C$Tp`rn2&~lDPfCjbiqKC{Ju~~ThIqH=G5RzqBgY-WbLZH)4`Bg#M4^Rx z#3a#TKmrNwaewxh87Xo8JDwL%2demP?zNaikq=QD=t5k(1eHuK2wK>N{;LczwGeFK z$cT7A!(TokxfKJ7CQk&4x~@Z&+$!;K1Q1C`LUHeIBPY{?m5X$swidz7-J^k+i$>d7 zy|h^0IodV!rag2Ekbx9_V)=JuP&FF=cZ>wXC5U{R2&GNju#^85dEUa++}ZP~qk^h1 z=fouwpNWQKxN^;$f5jTH!4q4#+{<*8l4E?`YCBoplg#E-5_-BS^DgPgi&{C{=qD=4 zCjrYn0@AykICV2x#1(5fp?Aops$~mBMxzMm+&aEr*amsKG`wl1s^DSH-SWw5Al)mV zkJ`MpG_EqzMvb^cX_$1W1gW&8u#)*Bd348X*L@s(zs*w%EuH>DL;rWOQM&@7%xVC5 z2Rx*V>-Dxn()?QcWI5m2GEKb(P}Kxd1r!NPkg4*XP29{`%;0yJ-gp0v&fo6O;p#4p z{*r}*g|GzL9JIUm36s?$1v2|LdS>#RhGnuDwF@n{N&!mqu&2%$oh&{{fOAb>e4n^C zE#F^mH%C7Il5qcnZZ|Roc+vjkf}1~&#(!?r`zde~gawKDElq6f%^Xdw{yQI3Fq1`+ zL*}X3=uG~lmk3D-87?7L8II*InT3i$BfO!$Vj9d?CKzls4?E8G$?t6|E|DL`*ZZ1) z+|@F`C}5D#?Qre(((RJs#>d+24Q7iwgCw>ugZ(*+6iPTDDbrUus8#IHiQc)Hz&`4# zvtK(HJID}*5Y{=^IcOG^IEVoP1&Iqj7+y5#`CRWy58VFLzVRrvQjt1cj#8`<^qZV( zgqj$BI+;;wK**tenwcC5770%Wb0xvVtl?xxkW^v(WUf`;sH2@qn?1LZoYr6(?`Do%vJnRhKrx zpPyyenC%9v8K_n;H|=R(iYuqi04B4Kn9UkUr+7^Ae~liZ(wwDQl4+Za?7Lz8tfh6U)Yhk|s2xaze8Q)geGd7uP^p`G>zrP8f==TnOyJbmn(2!BZ`J9Sk zLuY-Hh!kSQYm~UNX=ERhG&7COwq}Eh@>%1ks>TIT)UgH2rTMVkxlI+xw)?P#o`YGK zEEDHrS~HyEI2zI8Z2aStlO8-60|39+3_u7t9M~mMpy01}^1V7=9w~Oj+8Cs4@YRAq zGN5OQ{)Jy2k@P6FBM>vdmknaKiGLa5g#}BppbU#3KzhdRoI+)-Rw6#oH}>&K&6K>r zH2anM*{k);nO+Iq9Ik`S5dzAb6&Ap*M>DV z#=Z;nUthkk@@1P;9dX9d0#9psKg^nBqZ;8&W)W!|5yH&NW%botWRa^z$mBOp61G#9 zJI0W!W=yW)-`mHdPg4aDm-inbX_HpeW zb&c;3UGxlKaiKejScJMYeLz*fksS5;AX_6}|0O~D$9d}*ymsgOsk>Hx614wCm+)Wb z?Y~c%^1BYQ67n}}2YtuH@4(7dUhoM>c!8nOUTWNUbb%|vbVbhI#%LNYW~PaO`pU}2 zdpR>BI`<5-VjkrxS+BP;ytgKw{I9T64`UTAU9-QoHykJ19=JOW*KH3cJ$&Dwx-j0b zdMLqy=za+OQ?Bx*t$#d%7>!oRE)@hw1ki=+;kRdAT0*HYh7Dagfw7_?RhktJti*!o zqajcd7-h$5`2tOZ%A$TOmHtGY+;&2P34$L4!D|mn3g95(&`sP*fYuL~MuN8N=DEcjDNntvR3bqQatj9}IIFWA!5)RiZ|C%c{bIO~ zksYlOx_v!ODy7A80Fxx^Xsj%PXcYg9CvA1rP2os))QCrrM@=V`H*OSVKo|_N4dnR$ zc9~}gR%kXs(u{J$4vR9LcVwG0m%j1^^a)`RIFsfvo>R;dMgnTL zg3LjA+v*|})Z8>!yBi)OV2U%nyo?&->oOyuCNkc%-Bf)EfJ`?(zB!j{GoWa3ng(oX zxrm;l{CcfStiZ3|mAkf`Z1o=paU>_7eua(;B`^RXeNue9To`#8PP8D! z?9dum)|xF3ap0K6APN=v0&k zltszAatj`fFymP^dkfONc$;*}Rj~I1MvzRDJPY=)r!8Jl(U?6$A}DFiUUB(Cr|?)l z0vm%TUgd^RU{r=8!aY|+`O{MN1G6L9o?)(-g43SMJ-Jklm~(8mEqZYg*fzh)7zze3 z*(?nPJANRYA4E1&bB&d;-J;_}&_XMNXioZCt)J3BkcAQw;g(6p-PhNTgZT1Adiru$ zaaF!JtYtPfQ_)1?%HlDyWy!U~x}=GusZ=I&k*{RE;$$S*kj7p4MExeihEzMo(sulm zr1+9sMVDuHV$@WV^K1buj~R(HD>KLh+O;I&P(JsI(wpCvq0~uNFrwJ7wqaj!?{day zznb_dTBu&PyZKH9SJ!ai1%HnuZP$pR<^ySo{-M1zeFBEb`AP7(TAIb%TN6!(UguQv z6NTt{qEQFp>#nE5_JiC3OMrY0`g)1x0N3cV$^dKMlm5zhT<`-cFkpf>qVj#4_RtAs zAh`LTpHVj%ZLvyH9lj8o(Y+hOoz#IEf*#fo9no%z5FOdCYwYf{4<3#W(EFF;Tbe@+ zleHHILyLSvB$B916t}tyTEVtMt2Ui%b6NIqFn04a7*oLxH2e+e=i8G+RNLzcjVuv< zOy0ClGs*+a#H=M|Kt`|yaHU*V=85Ds@9@*WYGwb2U33_K;KF8J+-rUFBm6B zNcPcN-0KC+5Yo`3(&^@CTeu@*a64pvj8E>ga|g50I9V;`~Ec#wJnp*|QOxmz@P zoO>DJ-l@1_KTzN{XM6r5>B}pL%sby+;u7jDAx+hqg_e5s{4W6VA1@9h`4_$1Pj<)o zzXM2xf7kwKC?KoAe;NB_8DStJz|WHZ3`#`U4GA%;71$%-`0Hv0x{6QMa#0sdK&NFX zb)M*7xAeq?a1;MngsLWua36{m-9N4E?K4U&WnS}^boAUfzNmeD-qiH`!XBm*zZ^2c zQHc-Tt4CKsTBRFq5~0N-vHcwxGxQ?~k~k!*R~4Tmpp)ePsl(imjnra?=In^VSjSd_ zGawR$Xi4|_k*p}fWcMcIlSyXf=4xqNtW9^{O5L8Ntl!!>%K5RDXSw&=j(Y6_Fe()5 zE=JWBW(8)5M8ViRjrfZ5?6x2LNp|djKr=AUE9K<`^LLT2?01ow2P?{hSCx*Vb8I!q z*u{GkcOrw|5NdQSR(bbYpAC)drk_iy+7MmT$vQig((61$FKrumRc*&HImx(tQq{5@ zB#I_a4QZLuJ4{b_dSXd3@^Pf5wrU>+FQlH9*sD9Pq?a;(li z5;HU@bn3?q<D%EgcNN-{*HQ)y^aFdG}54bTZS6nU_@|8AyCTmCxK&EkT&% z&~{s)C?>bgpKef(-)8mV-g{j{2W!!x@0|;2F>d|tN6MQ9wktomG@@LdkH11abW7JL zarbhD6S?&X^LTmir1VpuG&!!UuQCO`perL9(n&6DX}kbQ7(3nYEARMm4U3x5Ut!0pgHy{OS?YCGU{%1`uT^1&7&1zd%%2x9bexEE2!MOe9^3pprf> zp^~N~|GO=m9A^)bA#eX!{H{_bZK`06Hmzh9YUvhj9|DMOm~UW8;7Hczk;+&wtyu5W z-o@_sBKAW3Vu{LJl#SNAv)CxS#b4b9uL)snHI4o$PJFM?gn-#M0-YTFG%bJgc$}rj8=xn}4ME z>bT@o{*AJoZI~j8SS6uyqz>pN;R%={%fy6q%qd*B^S2D%t)aUD23;VV_%8PJeS$b! zTAuU0_;pMASQje8U(5wj5Ui#?XTw|Izt%9;)m}^yaeWDKqwX~JB=>zXb%;y5BahW3 zQb9QDIL^kht8qL_!OUecmHSESF3u@Uog-~+GqC@q1ycEu))ZH`tuQED4hs(v1z~sm z{FNk=wm(v!@=m<3|FI?;TIR77=SP(6^D{X6pHd)UD_cjmf4z;J_6j7LM zc@<0Vd5C?fd-zp+u{o~z-S$foDDBsQqIg+x-&IA-=Y@*;m03y+#8SO}A11jHQS1(U z9nm+S24tKhQsM^rsGXCh{5H7ffo1)9nNlb@Q{*-miW*Hv+yfUryg(1MvNRNe3J;sV zLH&(oP8IBTQXG!%4DwF8vr})Ga12mDkk1k%zkxvioL0^;S*D7BpEY_!^y!6o&vQR2 z(N~ClAYNg+$D`j*LDk+g*463*yxHOywbzIMXy#>gSMRG!dCQn;QGEtJ?EyZwAory2 zrl5YX%r`-Q2lXA?hx}M18!KwUV^kLiyuhrVIC{Hp)05LY2PbEdG+PZi=j#hxqOwY7 zy+v*eij6PZl1;xdTgPgR6&+lW?yo`p%&A0`SrMh~na;px$T94l;US{&?1wo zZvN&U&h)s0`E$m)gTiKq6&z?qN=Fm8tK6^CowtHJ_}jNBJis3yA!2P^sS z@DEw3ZHDbxL%*Oa@;*M(6l|D`vS7DVz-{!`KTc&8cUwJV8$?VS1kWDR0#z^(vtf7K zU^K5VR{k;xRSu--WC^y-Th;%=ik&c97F_#xI(OyxI(x1eT%0X4TCWLOWz-#*avO`^ z;bi#O8ivO@W3y6RjhTD>MN`iOgE7dx&Q2E_v)yP_s|%xdu@_kI@K)$g@vVz!Twp^t zGJ{{GGUu{sh|mH?D~>jj-@XFlczoF&pgrb1d&wT}F$;GuqM&oV1@s+FIU2DRBA&S` zaC*ri=F$l!rE9((%*A2VnW<|y<-nznr*7&OjdzPzFBh(0H;5?KaJUo-|uIWDtY^JshQ z6nZ|w8u=E_5^n+W8=?=r$evd)ogu)n*biZ9>D?4h@|%&@B888MR>Z@Kp241Cqr(Cp z;X@-%Odf$tCV|Jg#&aTChyD?a@o+fl~{8+NF-U4Wv)FJ|o#IpzJ z6+n&^AHaW)#ZCO_#Ciw-fGR`)0J{HgEXo@>*jPFn*%SZQhm+&aQ0_nb9#JY*s){QJ z-f$i+H}#qbVG)3GDkKopIr;n%tjqW!lmf^Fzoh#6wRN4=hPER7#nWTfQ=6Abqr!&D zo0#KLOA(033HYO`NY6~(o=T(*Hb$C#-U?7qu{98M-D)7(s^GY3R- zdYGVd!ST50Vf4VD9f|eGoXbuV8zqI!2$S_&G~F~|Wk>hKIXtClxr_GA#B<^@O^z-v z>{p3GY>4^$94Md1V@{54r8zt$t)Hygnq`Mvun#X&GH=RV`DuGf_dO`JC3FIHLu zZ~F>(m8T2EQsyY?b;LR&Bb&E_WJ*zKy;;nLfvh6fj&OgbiKZw9>5Q&7fOPu?NW**t z1L{b-2%+lYc$!D+r*^=qExVA7niYJxS;T`5uFz-P80_Bx2sqt}!zP|xGG{aX=A|bH zcS`VU1vySpgoNBmV-M;z@*P;BVFV(@MSi%#!(dN#Pixv3Q~~vIzU3^b+gE#OZn-ps zRon(xo+>~Z_uE)@l&q&fO48$xz&_FMz2)d*<1q)|eR*9HDT4h<^eSF&PAN1_Xq{L+ z3zT2(+Q%<}1Bk1e8?IR_y50_pKNBizsM9hpn zwnho&;cxVJwpM+3cMToXFmQ`>PG8=YcBJ$0`iP39^!CsZxhG-}^)R3>D{0Q%B7Gsa6h^fx4kTlkw&i&7H`g|X6|4IPOAgH3 zI&gdl4A9+GAiNUO7wks$nKo0v&qnp9>n=ENg$h2e%>SN7yC&MaTn3B5q18x!+0@7| zEb>TC2NzYAlZ*R(XN6@uJ?NdtolJz4XwzcN*^4F0;$I;^09TWIc_~g?nki0Kg;0Vj zUP8*8_OlfwsvH@O=3Rgi<&IL=4o@-}+;B^|hj6=B-wa=_`N&j9lTF*FFl(z>OD0%E zAK&yfy+ir08y>Q>k=yxo&1m&7E$R*m5r{SG?-SLo^EeS3EAyp{X4yOywqms<$2qTN zeW(gv=Y?BrZZW+8%Jvc~H_e?;g9hI9qm&#JtB1yx3^t8zLoOLzVVRTrF`ER9(2XeF zKq7i3kNnKaZq%*N{t=aRd0sFOJabrH>9uZx?>dc)#I3c$%PCSVlp@P+Qlk#mvvhJJ z6IP0MMp3M*YC)2br(L5NHdDg3k*yN~dpi8Q@vIy^@Ce-s6;M6tUXs<<9z05wtF2O( zoB&SE{9CHIvc?ou4mcl1@(yHZ6_+}COnkKvX!SHly?P#1Ek|4auJ;QR3?l_5RITm)2~ z0SH6L9dKH)ed=g`^VcZ;0<2zMNAvyXD0AActu>E_o(m6~FRm8}x=W=tm3umSt7|1t zNx~Ng?cq*q;;}W7$qw|rR())hL?*uBG#@)~D02n0Y|&-mg$qJdLC}KgKI2KfP7Mr} z*A3Ho@ZcDI)Dcd7Raxkk`bFHlWdriyl#trAR;!ZY9A&`9hJfVtx}Zi_J&DW1b6R`O zIxH>M)cOse5Oxm%FB)*ayg-Lajr5-l<57l4AltOp0 zo9T6FuUX6>ENt7>mX*_)_uV0|@NNO&b|S?3Bo{e-r8=dmR9w;F2s1>R;kPRH1QU5C z$9ek)+?j((vSNZ-e{G}!=}mte%OT%yVL-6vW$>=4jlc;9bS3n`62zcnXXlBM^PIe;DJtFEJHrQ4XHv4^FVfP#+q9)kTa_&8YG2_P@wn| zO|Yb?6oO&{XDJcJa>E$jVdtXgOI!pNW?j-hIgZ&KO!#p5LYNUBaaMEqqsSF2Q(z%! zw~l!XP0f(0;0BcuHVaL~93uqc97L9xG&sax*T+ywlVfo&WQ3i2gx74kcL0!_KG+^L zHg0yCX9SfaM6w>yQYF%0NA)zHzj)0N=R=~1562)JC`{9j7S|%2(2PMIG;?-X zle{`T`sJCWEL#h(t$V*yc%)!yRFbycvYIM$xBGN=n|UN-!}N5LddYvem&5775ct_S z2Wx=N^RaLUY}3U1^2cf?cT+plI%mc1i-XBX5v!e`Ir70x?mruClV>&Klw z!FCrZE|M<-<252RswZ6PLwYj+OCRBjcKjBu4&s{`>W+6CiOMw{bJ9Z}>jkoYPW^1g zj5Uz4y8cpRJh8zv&7O3_mwT0K@>S4S(AL(90=gM(5#|3| ziu~X7@1HqelB$LamI}&Ow4r!2bDaU1^Zuxe149_`NV2Cmx%2sO3bB$tm)T+A>d|~1 zw_M^VkqNW?C7>B(UgIpFRV%VOEli>d)P zfHWTOjVJ&e@N6I*@GYVC{t6cNJ0YCT{hra+GbEhO@g5boXHtlYn`=~vMx^^hNX=h_ z!4Y^e zJ3pENH6D}seh`*~l}*Du(cJ0XtB7>|eT@;iiU{+>TE@9M$7yV2aKrlZ&CqnYr$P~O zrogl`>C|$)`N>%+qA7RtdG~bG&AeL>cZ{j&ILiT7^%c^GhlX^9qG@B(A~Ws`MJ6;w zqN$r@{U|pIX>gC>1`*13=8Wl|22MiQ=^cr}!bxMB11eYkKF_#%aA*)g?E--gDcQUb zO$i1_Ml+8VeK@t4Fw&rkY+U5`tGv91ZqAXXt3ob`B7bC*Spl39^PNdc-*Jm_Qk>Le zgPOC7G&${71O85DBQJ}4a*D~}{ZM2&VS6LC?3tQi2IIZEJWXH{e>769FIfSNIR+_q z%t+RrerB(K`y_*8VGhZSJ9-ilfd+jtwMkdl>)672eQ$JZ0J{$bx^qyEP0iz4zu1h$ z8aKv10qMMNW-_tojOU(s&0FU0$ud2GiKE3tR`lw68E}<{^uEJ#2}kQ#YMi2Y^v6A} z#6u}#_LfRA5E&H%MUvo4HR%)A6r<6!wF&k3ivm^yFYSze3jlIr#K$Ah}6b z1+P3KtRP-hN>X1OlT1mGNyhR(xA_>1rp+gBuNJ^Hk!W|5C_m5d(9PEEeX#?zCc8^u zy%S3iX0XMthcUa<7@t&IH*4}EgP}M+*n(?85}p>$({dQC(k~i4NBYARh~^~}kA&P% zzT$S*=)&8`?YPBi68^NG>js88tf^A_Q{njj+zNJ9?TWS*?2f!bGzE{_snCZrfRNeB z^Jj)Ae7Hj%Ku+(Ai*V7wd!P2}!}2NJGIbX0p1cP6>+JswUf(tMUO(}lX4;{~|L)M7 zXJK;J?#VZ)Ig>SXDBdcJn3gmtxMMP^uu76Ha=6w{Pd`(p%$e)dGi_JXTt_Nbwg-Wb zSTe4zhcpp!D7{CJ`_`>jxG5BH4AuDbZ)hbY<6_E6O4PR2AI-lDpEA-Nz^+=>3`-_c zVK35HQPngr^rkRi8D>FgY6e2AoS7WIL;>fqHAbbWtQ85#%9}DlW4SEynDU;L_Pv(v zumu1!!_D^yh0=Q~qKtE(#Q0nI7B^Gsd7Y231aWm*)bgv<43s?X{Z^``_np^#J89mF z`RxqiBcodTo1ae-#n292^pv9YRLtM*D;V<)Y*IvdH==bXBm+z(@D`Y6=?m29Wf$+} z1IT?drpd|M77Of}h<Isv`*NT?mG-KVYCgqM$z{;n7WGp0R zpXe|M_I?Y%EtDp^iFz}N!JJ4`e9SpWXs2 ztqCb6RGHBX&0Q!~YCQ~L&N>6JPTGuy$!L)=$RtUM!#M4p^6H?%a_6nMk=~B6DDrJb zauE(*FBAy&94yQ|v^2ynG`owCkm4pzNW&`Mi*=3{+F+1B(Y-pUjw9YUUr&F~P`OTN zm-VpI3MGp616R6F$8wpI(v4CHQf}FTJ-+IwZFU)6YOiHx(S4 z2#^R1k=-iDcUm=~_hRv-^CP9`J+x#^K}3&kCWD7Hr1@F-t#KeA19$(9j4TGp6qyX6 z*hF!VB!-~hN#Vp07x!8NzV zVKIdLLK@7LBP_%jX}hl~aCHK6OG&6lX;-9gW=o1^W4JP#b$eK!P9`+spf2S583yXf zmCOO*6;SdXLIyuD8a0^k?T=bbGo0h0)e!cahW~}<(mszari=S-7-V=&LdwC4h#3%o~c&6~&$tMM0;YdZd4KK$T2hIm@mjF^QR zvRmH2>sYdOT``eJA zH3<7vFz|F6Q4XU5k0Sn#-5hn>zM`FK!ADJXoz8Hb`X>)Ss{LV4sCrw~{wPUzrNW>O z%ABGktoU4M19yoGBqJWVlBtz}rDBv8`g#Wq-^zyDbw_Kow#mS3IifiB~i@6LQ0PM>#=i&LJU1Y z{2f29eZRl|y(L9;eQrtrqjIbH;h_I%uJ$i&Q71(UhXoO2o_k3PVY5hb3U;r+?ojEl z@q!{6id}XX^vpowVHyfLHEnD^LRq7rH-m3TrcW^w2`&TUbqsF+zVZPzHNmCbXyfZ_ zhZo-G?T(6+?~f_*qJ!e#51^eh7-np%=YedVOV@6jno64u3%|_^uxt;0L1PEWfaXfQ z_H8)OI3yvfk)0GZTH#bg(tM;6{EXoZxoZcG{JVQuEwChi*!*M`HmF4HE zf_m^l+Oq|H0tNG)r`*n#I}q;A&XvV}$8~5iN?PN`(h(8?tUyVg{tkUur9#{w1vm7u zXpTpJ0#xlk3rP(+dhpuqmlQ%+_6=yt#YlMvD3ES;OT$>F(_V2;q(6K$FpbG%18E4d zdMLB1p-+^EQ4B@~W5y|3)+@Cb?66#PS_WC&9BZv%(T z$Uil%L{9P?iD2AiMQAvP5rwYoCho7R9r2>Dde^38PIWu=pbZ<3p}V?1d0>R&vGP23 zVZKXF9NC4iWORbFH6A{{X6h^AFH5T`7p}?`qr|h>r&<^%ER+ND+9e$$b<$oequB#o z#Z`<9*~lpQ}%Y#fJ~QBjO5^Tg3; zQWsXGEnCSwLk5>>0F-P`N_$8>O)_m_TJ=1LH<~Cq`sLm0LvciR3lfv}(POyD_E|x6 zn2md@^A+>0^2+)A4T^^NJvHcKoyn&&&ErRY(UY%An0O|1~4aVcI0H^Vag` zwp>f*qU=M$P)*p)vYjsuOm>@Kr8=h)VU#3hzbTBoOpj{`)CB3ePF9MYWxF|Ky6Y-T zni?iUOF2jauTImhvnK@_%P{)gKP2{}C9sfNu${{DgN$Xll=57g(r^xb+h&d-J}pTi z5u<>(8rg*)vRF4GqARB$jw$Ckw(e|gGYfaviH@U7ZNiQY!Dh!Admm-Khfd8kny%ZT z5zvr{i_L7f%paAdO{Ex-Q3&e~GSH5B;BHD`bkUrs6MhEiGsyB^BBC*W4N+J-&nlgW zOl2&ox`)ZkeX6%D*aOr~m{pkYCbcof-j4Gcg{E_MG7{(mf&q>1_eFMIG!f@l4+xWn z(R;KQ)s^%sBJj6@$swxP>-2S~MPbKuz6}bz9m~+s%h*EU#zP^_W7509RHMRiPIF#u zRFFwWun7{Tb%OzEg$&1ZzWXzPiz|NW1CoH*J*e`iVR0$WWONj1DJ(m%;##?f#ZACO zXC}p}N;4~Ozadp87{EdqG#zZ9P{Ux*&O&h?4$8TB*ySv8zNbI!Z{nfqFJC$sH|y;D z$MjGS*K$BiAK%V3#N=3AfSggqrQFcKWCZz&^K~Ea9430li4t6tPJX4q8`FS(IT1l{ zz=VXrz8onY1q5=)FwcA*L7e!!-KI(pVuOW=wCp~mByAtclc~4_e-(1J;uUEwagv~? zPb@3$rmzo?j80`z=|D;yV}eGJyu=F%#rR&vE`&fC%2*xS61wuP?&e4XuKT7O9pPG$ zfnT$0kUc;4ma~XmC9Hz39qz29zE9Zuh;cQ7?RAL~(iO?Z4#xHww0!t`J}uG8z3;oghkR89Y}x#cOkxXm zg@MN=q9{UY^r=2b53md;*2XwQoZ~l$pnvZ*_cL{d73A^Dp;ajJL?SJaa1~AvFQD_p zs@S_g#m-TxD>Wqq{c_xUvP&~TT280<_CJ0-K2iR-{~iwm9dCEW?C!|L$O~*ZG{y*_ zXjNNwoz0cfUVMc+E?_NvwyUFf%4wklrGRjhTev$Y{n798BCr`nix+gnc*FRFq6@>K z%6q`LXzR!95fx1;(lDj<$)K0A3@kA~@3)%N$FBH*BM1{`Pu+iDk?!D7pWX)}zJ>Bx z1hIG-8;Aef8E)}NURmvMl6M8e=oa-ENBqLp`YSDM*Zo07lj1%(>9t>CIXJueF1k}5B4OqdW1GWs=bFVkHo*$pplW?!E@K3`D1 zdYL^Jn`>vQO2d%*-`ktS`&@7duQOK;MMQ+cmh{(-xZfH zaZi-+)c}Vt?r%x{D~Q^sR504XD~C725FN{@@Iuqpd3X_ly|;j1r7A7T2h0}r@(d?l ztz@%@fS`uEEx({gGj)eX$yGdyf|f>erkg|CXjb-_{WdjiYBbHw*UwJcLan*jOj@p> zy^0CvI`+(rG%WAe$;(YODjjF#Vbd1fwuXt6s?Lf$KAu%V%+NEH$^0(;_QmzM=_BBX zzP!G<<&#Q=>!|PJ0(GzRQRy!!wBOb^+xe{r!7Ji1x#bM zIS#M2PJLLkDS18DX{Sqhy~~G7^3}oG65+E>rzIW(P86zKCQ{n216~NOY4MWIW>YT3 z1apuPlln$&r=+|t=@+sH;R;>Ukt_kHDay7fV?yV!>>VjNd+G21@##X^>f!jZ{UAa}j4V*&>ge z4o{6IguSg%6z0)!LqhvsZDD}BPx$)j9FSmWv))3Yg7i7Lv%^1T@#2HkV7db6gzd8+ zc=3d@L3f6=KzkyDz(7yf3I(^^VF8`owfaH1Y7X?8BqjUp=re@xV7&5dw+m|LyLNaY z`_SKt_PxPwv)BUp76vva*+e?Z8s8KPo>z*%*M1-Xc|JD{J5- zt!_ibGWT%*c5P zZ-d_<0BUtg=SA?N-1J~_ewUKaDgT(re0x0P2o{D&6UJeg-NleK_ftA7YJ4SZeKVNO zj+y({W(-{gT=D_>107yoW9C^4JV%RPbBy}6jZJ&a`wNl$1oqJv*W!Ago1G8cx{eo+ zRwh?XPn1?mZcaxKy3?>nyE*;yN^Mavou%%@NI=&qs@ybBRel#Tj%6t8=_3Ubg`)vk z@aqz0=8+D~e!TpPTp;%O z3N-O)QZOzLYb2S7a!qONe%S}@>^ylZ^t)|oN>#jc!Hr&&cBqP0QHWNn1GzNW1B=`f+jK>2EjS@J>+#GFN$sU&k0!heyQJUE=Q z7zz2}G0OE?W*?3V`AX8&wtv5zX{!0 zT@Xy`A)50>s&p~1DI8eCcgN5qux3^F8P_l2!XMc24 z_Uhzx;~lOQC(?wh#d-43kiu`8`zeAwn#P1CZAP*oFqV6(aWqA^_Ni`2~x=K- zOZcD_3$MkWedxJJ|Jx2jQ6p<3dp$=R`+wFIMJgVS$VVvOUI|-STVsZ6mi1Ivz=%=t zmi~SD;$dRq{ZtH~~r8EreC*Ihrqi;kViG#hPp5M5MWIa?xU%G4Mw zMr-?hV-Swjs$H(vZX^%nP5&&~^h+aKs(=mj&FNh*=xg2Dn7%A%?@`?z|BhQC3>PZ$ zL0V8S!_5Ps82^Xbjp)Uk{lPAo&6B}TjBus^*UZ;CBrp{0ejsRE!&`U@p2^%4rDq2A z{$O0CTO{sEUDoKaAH6P$^ATZ~C|G&}>|J_E)@vEk4EtRr(hP+w?#SAN zceG$nz~{g+jACC?#L+neyLJ}yOwwDS5Uv?5rW#GUx-Q zs_!VoX4W^0W@ZJxMA+fxVZdkfQ>DJ+ha4O(}x zs9IGR2-ziJ(QR?6gPCN1RF)SP9jlL`qSQjysHt?OWUQlOb^Po;hTNstn3=3&|4QUn zu;__Q(k8Ix$T?SE7vEd%ISf+El7q3Giex_94nI0iMOq%ER-cqMHIX<%hI?rcTUwJU zs5b%M-8Y*tI4GHvSTn0S)FoxZ^T0d`vHN9l%2I6CXM>w%aT>9Z>CMZ`2fG7?Df^9` zs4DI(Ef;HCQ(wZKWf>FWN{*uEyGh-!rd;H;^1G9!B*jDsg%7A5hSxRMF^D*8DE*E; z-O9pDQO>RO91yConiKQ)d@8&=XC#^{H_nG2F&kDumH$jMiYlxp+%^h)6h@ft_8?|S zsV$8}qSWpcN1?jQ?*%ECz$%ancWIn9y*ba_$GTJ3l^||biV*1^0v$UW!k!V+ATDG` zdFm|Gr$~;g)2fSer#T+LKS&JcT&ytFt@Z5_pq8&gmsDhCG}T{MlCl_HqE!DwchDG~ zau@E)=OLrm8NLD>J`=quF+R>XC3b26os-GHo%FIlYdke8K#G>eH88HIq#YbvP0PY0 ztEA>_yp8~u@X#KIUcg&ausUwx@0@(s9?o`K9NvQN$n=WQT;YmkvijzdDzea|N_KEU z>FuY(=&F*d%e>_joM&~CIpHchRC8;Aa&rJp!lN-%`U>MsWxE~tRG3Jsy;^VUwly9! zWZ4Jih;KZvAS_$wONFW<@{1Kq!_af|=`JpOXU{;My^o>9Fox8`>;jd?&^R(?umUqB zTHN17GrLm67|v>0aHR+n(%D>Z@l56e%hF{W4kj+G6jv^|Dyv z81jNqQpg&A#*oQcsq?qmS}=9InrY@DwHiiP?u{i-N^$xtu+uP`ls@rVlv;cgqWeke z3>`iE<`Ov4=4z##AIq_WM}x?@?ec0WZpQpa#k}XaGqc3zt*K-05KZEvXNvJfD6MHF zIi^4PeQ8&!^5La$?kH0M8i;VSc54Lp$xFYQ;Z1<0WPkEQVUcByf-<2PZwTWpYJ9d%c;XN5#6c7(*VvR)n_U)bm`|UFp%5l=n2cV ziKwNv(63)XgChKC5(H`dd8LF{C-5$~YMZ}V>H5s~EA!UWD@)+52v>t)LiaJzS3|8@ zm+xDm2!Hd&Jz`!Y)o(~7)zZr-M+e!pU!o2}B+x_>9X8U-q)+s-TTysrvM=?sJGmMD zRi~0e7T?$zv&Z9j@Rn(+(gy%(dQKqMWCPc!A}UdT9{crPRxtnYt3x(BD`rm%tUQZ% zgZ~f=oA(6Z!@^Wae*MP5z4~lGF~@R4=-vzaKaZRD4oQU>ja@@`wnX~G=nQ%9>fia$D zv-yhZ_PJg7Soyg2WQm>$9=5n566*yxGUhRNrt`k1v;Uc%`mW08tyt7PSzMQTR6Mr# z;0Y&qzRS{W`8coTTaR;w`?7U;Q^vVU)t2J+)OvxJW^Tz{xr0l@3qcF~g2kq|rp$u1 zg?j%&gjsttoVA5{#WS&-SfcHXs@EBhI|BvMTo%Sx&}7M0_-D9s!p)4!6L;!yBIAgx zd&$eJ*~1CkUjDj2aWP{Vv0!_uIHUoSIh1F1z#l*mAo2>D+luP!fYdV;H|_406MBh{ z^Q&cIO|4U^&LZ1a`psV$13JLilhD=Tglr1LhRXLB6@byd6uA>P3iF3JwW}O` z1svJ?Z|CJQ!krThm}vQdmsb7TTBBjr5@E%_aC+ErCS>9}vkRg3Nkh#MmxX((Rzt2H z?OcGO^}(X&*jB|a`zbbs=or}!1TTk2Rs;Cv!PZk&ser9fST{*KTeUJ{xP&O4!z4B- z%xiPjSGDqCT_Q->@skg5^YTOo?P}<4b6PQ8BDieDuzP|0yGe%_9>d7&grIjzT`}My zT=348z&cxbhe;9vY^f4av-rC(Zf>`niT@~D+ZN!Fd8t(}vMT>4C?@?EY z+;{47*?v^jXA-n#rb_tE)A`}>{cQM-0-sr>uE+&#iXrF}QkSNRT$2l`N8Tco4B%6? zBp8pNHlt&Vy^HqpAd`3)Cbd8!Wzo3{Sg0LWD)6=`CSLTnr z$31W&WMWQo46JPnSS?U-54goDSS$UDx+2OgER$|;*}#WQTEUE|0vgpP5yd}Xf;ROF zLMeqYc=QmGzu447dqPnrbrn%FNj;`)rbAXt6qn1|on%6CM2B8JDA~B-EUMe4*t#^9 z{P|bGGZ*y$-f`{oe5eJjk;rNnxnqo`&5KH?nxcK6#i1O)6cupVPXAnO|OI*7n zV=5@FNpFY|EI267*e_I@WIx_imzaH6R8`_H)QM5Pg#g{NP1!IKBEfQ^- zK!*WaPt)rfctPuYtx4HN;7${cwya_Y zFRX|hvP&CG6YwEEumsr(xzGx@w{Yq4`_)@XvVpb2MfY2)8`d9f#cZj?o2*hjnjRlGX9?DrJg1MjDx|m5nB-9| zk_L5&R`I`Tf0)$QKBSl1^5SMVhhbO)z*iq57mlAgMY__QMC#`rbq7intvZyE?(x7i zwUjr2myNi|X*89TEHFw-vr`hyWaGlQqwAJysGDyWZv8GEg%i(2L~5_D8 z*VhP^)M5~OXoZ8T@`{DJn-ENgMQDR_z<1H*X&-e~^SEgcj7E*VClE>J@*TNpkyyxl zKcRO2Jdt_%4*5j$jAaM6J@NCg?^n(hgtg%`lQ!LS4 zN@qtch}foiTsa&8kN?J(E2lGt=1Si049;|VOEH?a3b9M9Q79*GCz3yo-TYm+(s8|e z4|H#Q{ALJ-6{}01AelixV9QeOE_UFgW}K>PGCd~vlVnlU9$%0xh>ia_x-;t$_JWh! z9QPKfBFkAG`O55euhp=aG$|FIt*DuL1mR(inynACG@b2=qU5PrlIo+Yh<5cMx0A~>K?IZ&XvqYr zD+SF->G;?AKbe;Q!7<|;Zh=?&UfSSL{x?j9sF9wb(f?fa15_+*H3m>VD~;Z?N9@bV zBKK5731fdm?)Qg~({T6`Nq2)H1+fw_RS73n;eZIyyYKUrEdJV!EaJ?MhM9=r0oHymV# zj zcQb%yGF=l=uiK4wJFsW6T>F7hx%PI4>7Nh-i$L$ggomZ(;l8UDYCr1ozp6mL_jl8& zv0HB|!D+{>EFHZ0GunvWDd3P6kOpS$9I<=j2A zx-uya#@&>Is*LSUydR6hq+p)9?}<5hSr28WY$D@GCVwk)!$_D#=ImY?Nda|hyN)?I zED5+~Yh36uM5~LHS2kzNc>>1j&{gmo0P^Ko!c|}@;@I~GA`yobX|;u2KZcT=o4R~P z*Tsv-l)M#IyW?l#z8U)k%mx=(f|@{*x)Q1zMlYzunuVk>)bJL0Howfb6#CseeYxXJ z45|JgYW;aCbQSxn>|f(JYsQ0>b*T5@DGkDxnzI;ZgaI*nQS^!Gr^TU#b2D7K^`5pZ zCKaQ;`K$(B80Rd5irl5n;=PnykMU_`UU`qMhW39{D5r8~_jzkR}8>5XYH z1PU3j?U=#2*|#yIhT=ec&NNUp(!~Yi2(3QUs3U0EQBwHC6i-G|*RQL^KgKObQ&$kD ztn0Kgr5+9(F~l5HRv$a7BeaJQOY+rDdAGKm8AwiM8s*%DDD@b|=dwl%3=W0tc8nqh zx(jM2!op@Q282|P2Gq?ed9%>Y3d9WR&}??xQw)+ZN9&}Ot7449(DDf00SK9Q82vZ; z0MolA^w}FMn$5v#G?G9j%H;m(IMHOnnf}vzQR|?TarXE^sDr%`+rhZdAbhq@{9Bs+ z0S;G{)Gc>A4r^4ftvmfR-d5@G$8AKK%^`F+h770+T85P4V2o2Wtl4d-0S0{BKeFbm z{iAff(QbmG2O(!nw|WSnI!<%`AGMi!xW|s7C$4Qq3upSNY39=SGJB^g9Al=w_wx#Uy|` zJNNA_+;j40JnC+*B0>byxV*xRqK1r)T=qRzBtHve)$q=^($`AFg7`ABM6MJt^} zsnc7v@(_b^Pf28CWU82OZG+KkNSZfzh5;6ti(tmW%0c`M?Xj4HOQQ&dsM8>K$9GRz zu?VpVDnRelvMb@4{O8$L+(>G8j>f`-s(Cyec#|XzG?!7K>MuLYs|9LpSEb@;`fj;^ z`Ckilywy*`F?u{`N%q=9;Da(`EG~2NRGtj2%10TNM=8eL1bt8|X%p-tD|R z)Ubp>P>ZArIbn;0tK7D2yP{Xnb&!oXa}(apA6ANO;pRzbY$wi&wU=`0$Pset`x<>Q zocDINUWH0QZHKS9dJEa@qRjPJ3b-*X*_p1+hT)d!) znzsJU__jvz=vyKhsJ7095#>(0_#oca@7|W@l~>V`Bj_XDb%F|!CuRNc4O88^GTM38lrFsd!j#GlCw zni2+F9P+ELhx5=%-tfc1FqQ*V!-n{_V}H^reC(oJ&m$#_1H18b-`2Mx%o49ubt6`k z+}{&#h1+w1o6Sn_h<#YS=hD_S`^gD|Gr08{%Jgw+im-o_TpQHA<<)k5q5pT8PCiPuHcgR=`jxbN$&LXThYx1!hAvGI1l?=+s)Su{P_}Pphrh8 zLrAV>cl3&8tINQEO{Or9r_YaD*dbziFq7*~>3~=}PTqqt^s2q~N@292qN4Am$9Bfg zzQyBjZH}HSehwOl;~KijDP;q@XUX{&>c%ogqzpSsIVL$#gpHKz;?Xy$UGe$5VJzd? zNtPLiG?f9H%V8;~b$~!c@teKlSIk$qm|$n>#sM!5X|W2#sgobOFOzE?xMC7;>DbSP zv7b(jFr~u2r7bzol}(|x3#_Bg22mBe!f(g*U?Bk32vQS7>1sv=$}eAC9dd+^}{Ck>*DW6{rNTwLqG`J$m^zIL{qZM=K z-lCd#HRxXB1}|cA$NZ5S(FRY#L#qvq4aQ@uz>O86H5EB#ji19Vy;-WNU*kcOI-!8DJq!F(-)?v&bJEqA{0bvp7PY$!npHa>D$pdPO4Q8B;FcRLUh##r!UR zSQxuBQmUyCz7S6oPu~8pn9LbI)Qyhuh&{@vsecY^f23WNe_bd0h--f=iDd^hx#R#j zv$~jboNZ8zdVDffx6iSo6F|(0t+kD*e@G0tTlh*^z3H2+Gs7HiqC(krPnUoxh zElRVuaE+`9+gofWhvud4u4PbW8D*KfBnK<++x0joK;%tO-dQiG=5!v;d!Nyh9w+?r z(yMA;eztTe8A^{Qyq!jg5$-sN)K{8mC=QKf4zk7CnLEstv*1^SLXN3l$mt>Q%pm-E z3v=|+Av;pNDyhpVLWxb+z7G7#iYNiZC?q|eBkKtjQMv6qx5rX!XPcQe`c^~!Mg+{kpl`6g%%eS zVZwOQFAv@Da80UR)!Sk&=)9D>V?ag5=CA{3llE4}dv!|1jGa5k*S{XWJFgqA3y6eAWUFCS__m4S@stmnZY~dqW3kV zOUpe^I5Pm2kPcNQlTRk4V6-7V1jf>~fd{6TPUdK$+*&VgW_0l)J96~jk}>tw^7)0o z-#F+u)_~&w_0~o79F1J`{wE~!`<=`5esePlcneVZuAzjG5cTK(KIpcawktA5{0c!w zj9RPhiLI4d^?R-3O!+Sye7Fr1SUWo0+va%tcOJ^ye`PQFaRFnRvpYM^W7KBILV_OB zB45Z3LL`Z0fg$C@U@*G0&M5?}KxdJs%XxUFe>>RT186?>WBE8(&*z3=!I0I=-{c)h z3{(W+)?q|T>II^}yl`Jarv@x<_lKZgVPyIle2i#u$b}5SI3qz|9@q33>$Np`z{|^| zr|erh61~>k+tIYqVN&lJ962CQh{<&TtNA>7PU7aVL>N_L;Qt9pi7S=D%&jzFGaA;3ylm!_q(2jfu*l|U%K5P zC@2@DMjpXJ=@j^z>mwCrS`z>fz^sc`-|)DT*J!@hu=*KMS?PVWK4NHWFR<8p)bhk_ z;`6rlCdvK06=3(n>bVWBX(u~0$djyxkIrrRFGv6WnKpBj>oobR0Ip-mr`!y-@=bE6 zjq7zY9D|+U01KBZ|9~7^=6$xtG43~;AOD34FLSU-=q?;C!F4gnoU>@R8EorDk2*3q z<4EYv4~}M+cqaXN+X$~SOhvK%w8w&*5?P;S*J;L6hLKdMeMcay*$Qg&ew%8>M`sxi zB@gfUS|A-UugQxw!li$(P5++I?iB;&s^qx_$f?2_>+K#GvcB33Q`v=IrXV~%G>h!o znM7X=9-PAq0Vob;3-tmMZk8{R31)X-V%A&Ss?*piYa(%ESZvj^ zZ9=HwKptNPXY*!(yqr)b4WEjYAMqm&-hgz-V-6_IoWn zB)Cae)lis`uHv?I^j`|-+bPkuyo!BdBG1hpl!}=YA_S6QH(7(&ZH(kqU&I8kt>ZNn zJ8RwezV{xAu3o}7O6-zUab*0Gs@TM%6FzsHHEf?mWCWD1wN`hoH0~OY59D<2-l=LRE6}qa6g>ExRT0~98{-ConYF$oBZ{~;Dajs$J%bGNumzO;XP7d6_ zG$uriP!z{yC;LstJe`1x8Ec|UUyXH_EQT19#?aEroRz7hc}!_oY$IRz9LtuPs9@Zo zYi_1cw_Pg2dMH@AL2QpT+XyZ>BkW@DD(Kor>tu-pF4MdTNMRsMaqe-N#Uw<;m#fr| zzmGgNo(*T+#X^PRVJaWkfIQTsvhp8igTV+lYX){PKSq{H zGHta(qjP{t@f#Gw?hElpm_y1?rsT3rc8;uoJY+JaGlhmOQgGIt20u3b-EMa^`{xoJ zu_#MLR>OAqcAb0e1`nEIgeobK3uAd)Bgj<7^y!CYT6GkA0>7Lw7 zHx;I`K}2X6ruX;z@Q$>DNwQVbY}et-zP9B{jc84vzvV3sN%MFR_B=m47g_1Y*907t5|xHnZcYj25#-TU~+d~F?j~_$WC%K zFuo)B?B@KWd#($Nf=9`VQu55*QFs?(ltalfdj@=xgh!e_W9yhcBT61&HocbWel8p{ z^CX2sRZ%29ktmI|4aHULz_?{jIn(U!I1xO}4^tD?nn-Zq*rci__U5|Iw_1WLRVg~D z*3SwJHe|Q*Ksj9!XMhaR-xoJ)6`(ufR7XgUAtuK&1sH+Ms>Za!?$7EvBkAOvm=`V4 z2Rd>un>BG%?F+6{QanZ_FV%o$^jGp@a1aD+S5I`WLd9aUH81{=J=UAqO3Ov{v*hY_k%3o%0Jg~nZ zDNllw|H0J^wp)dURXfU}pnmQ~oolEI%`l045_EgdrREh7WaD_BU=V+2XT^zLs?KP# zi7x*4vv#%ij*JJ4>G)|raV&@B_-UckUR6%RTU;9`C>@sJ8RVJi=IpSEp*a07b7&6e z)LSv9?`T*u+jf^Rv{I5E3~ozI*mS^`es79}t*%C|X651rs0f*_iR`>oj{I2ae7LZk*_ zN}u72VL4Rcc!&eN8{PT3XPG>vJt{FonHq7gzEv!jL%M>)4T|ox4>e@8nMg1N8$vvO zEarCrg@_+2E*oM$d}7n>I3mW%SFWNu2P(AD^zYoA`%Oz71WqU$W<(7w0=u%`YRrf@ zJ<+K>=XcH0(i-UJrR^{2+d_(P{)4n8K$|VVpJzk1eZ;sZt_dPFSt@@V&`OtKZyymN zbBlxc`VH>w(Y#irh@Rl1^gLlmh=qgiKB}X8`SR`1J#L8P&|DYUxDT&613f~Tds+QH z0n5~MTRXbBzmE0DRU*TnzW-*kas64o!LI|kL?YK^wtK6B`) z)J8Sxh|mef)09I{emS)vb^^5Xv3%9&Il898pgBO6i#=11eEJU2%bbFixFp{>7HIjeGXBeyT>2&tqrxdBT0ax%fZF$iIA0-uY}tFHs=8jMxLX-7M)jo?eV zj~Xb5(TxvL1iWS!^b}VJf2iyh8TI7GwvF{lKOs+VVM}?UH1=8l7MO&}dS;S!{;_!Z za^=$2FX7^|?g}R!pK@;J|D}_cRK<|C^?PcQsA#hn7@fGYD0q9V|C+I2Gl2~9GP#&| zS0L7bw2sW(lwlA(m;js9AuNpEmt9LyajF&BD8S!E;Sm*}W2+?HOre7OE$danEi_O_ zXxMGq4lT2fU13vd=~R6YSPBv)Y7n67OsZ`!sGC<$ESRsQOh`PCBhwVj!K%}FBTKDY zSChju*Ttls+Fq2KXAN5bjAD-RkFGKPBeHUWkOB4vlxn45!MZcx2VU z`b>s?fs{QYjd%G}=f1~DKBL)vvD{tq%(f^w>Vh#TjOWvfPbFv~Jdk8Kuu7fO|H7Z3 zXq2HRkN9BaH4z`?vWo(9BN*O9EZ-*G%w1cl@_YI>Gg|qOFooZ@5iR8#$oZcFaWMr! z>3^BrDQo;Aj`x#8Xn}e{7&G6yWIGVRCb8^ZUq@zF*bl^MTWi@LsG(YOFMF zcCDvOc^GhSo!qBHM_Jrls4ph~E`izGT)D&5P7{cQX}z0>4h=&n8o-u6Ku-v&(7nDG zJ%EFf7zpdT>Dz|Cj^rRcPz$s$Y^ceQrLx_|UC29zCZC7J(KDB5UIw>VN zm1;IL5l#kfB4tD3v?S>P$!_q$RBF_~P?H*GX0U=SCM~_ebcq#`u4jVekZG~95;MU; zU>mS=zsNhDR<>!>H<5OvGItni!p4mAVg&>+Ejx;IG@NA)KE*n5Wz(4qKFly z8B{@XI5loqW(6OoOXHGrK@`Fw;wb-)bK=TD zf`iw+Py^NGblzhPvhlSraDFe&Iifi^j@cr|qM^!cRaKr(7-hHfM@x3v4iC<;d^aal zgq<6i6mO>{GU_HIQpQek$mDqOhOKk@hPYGyrXkYiy23B=HRbFXb}Np0_5F_>YR6`S zaX2mVQYD<=LFJ zOjt6`15Kfy@)9Hco^;RS_;?_|M-nJV%VA}EjlA*M`L-q4I!5^hW}Vh1yFA-uPNMnc zGoajag=}$Z5PF@(9;6U~Y#EWrQkj)Yj;7)3TT7exQqJhb=g;$7>nx#^nc?#Gs9=MtXpDZ&Pz*U=hn{~2vFDWWfV^ku1%D9zykz9(R>m(jdO{`^y19(5Cgw|iV)t< zP-+iiML3r?^k;6tlS-@)O`LpWgK9gBNugp*mK!4Jkjb$S7`-2V>6h`bd-Zl9$$Pd4 zVdPf>^78paJ;*?ae+tYamT1OF0%zR#G963)QJ9-DrKDPbY(RKs!!@plU_{~&FXt9Z ztfvu~3o&4wG?kWpbih6IM6^kK=h~yR4Gj2eB{WIKB!j0eFeYOff#)8%2y?5LDVUjU z=KiN>6|+&|l@}6p>>ejN!VW0Hah_j9u61>4OZtOVq@s>!pDHtQR5mIm5Y=%9`3cJv zG0_k*HgIeQPT?#4o?fzy&%J~wR~LG(02iI&L6-FsyC)FMw9G0uOi2ovnq@{1<9pYH z$N%$63N)&K|Bhvr27O6?<`sZmrxYAx-+g448x`KN9Vt%>0G_u%N>_Z)sU&^OpmJd4Ch2%PAXIt;{C(UACIf1K zHWxUCx+ZqU61%3GgW}{edcy6m-i9EDb&VZNV1j;~QK|ZcD|tKocl!?`aGOvF=o^k; zyV(3)s5$U|j`RJ;ML0^iFW&aME#dILw>B6H`x+gVRx zINEeLnp}Ik1N<>K7m8-=jt(WLFc9u54P*kY8y2p{?Ew{dR$QIsFaSrP7yu2ZokN8V zQ!)!%&0a&kq_UyV-&HCaQ2N^@pH*Zy+?M1O_))s2eppSOKu=@gRHx5lPrR07H1PIO zrYCXFd9qAwZ_&g!&`kj?yn)e7Wk=;yaDK%m0{0#>2XLfCX`-sTY?*DO2F-}HHK45? zsivQph;f-@VI3K$2El7I7&Z_AxL`Pc&5;Ux&Q<2dS2we}RPd=RZ=%UnXCI*)c4Sts zK?en#K9NWa;LYdTqzWbuemq&tJCHyN~81LMEzrl=_SZ$%4`TM_@x734B7&@j+ax4>FzRK`c4<1PcQ z%>IR-4#_ROMi(g=hp2GVTtScN6Zls=;67A+93-12`fMliVVzQKzqi=V;P22 zVxijA%wqG5Q}m4!41LQ~h~hu-0Q)EdAQeqsOMNN$)N8n3v+4!rLZOSoYn;jGCJBV^BLbrr{1gTgg^h8~ZbOiS zPwnqU4ow~;%7C=9jG@O_YKRu1uH;5K+TZ%OmJ`x#lCs5j#mv7eM)rTLn47K9f0Rt? zzyGttRb#V6JR>|~5X_m!bcA~dKT%z9u1Iz(q`6AVviYe~p`2{I>8Q}la{d^hJKM|g z6o)G=hog_Z1DI~^MwomlT0{Ne)8x78e7%)^##>Nj=yG~NxB|it!a&gyb!&N6Ck{V+ zxwy#Ur%R3Awp}VA$c6^P-G&vrFf=mXQeDt4H*-|u4dvSv^t2nXw1AEBJP z2g_1$@)GfM&;OXg4>xIr(o39%c7!mD>BqjH&*RjO<=enMjDakr`NbBN^{*Cg9suk@?QI?w9`hi_d&tY6Bgt#aI!~Med2$D?Os_X%JX02 zA8{Oc9;IKcv-o_xtx^4m+7(BJXvggl#zwSM{6?<(XDIMaIoQeE)Vp66`fzBx08x zQ-D9H3XN?Hz6q{*gPclpm{6$B+n`MNitCL#K4KWS+3SBeFAiU^U`v>0m9)m8;%Thf za3GbG&;hb!xHxFzSL@DrtK^v5P|Bs}HDS;}>Nw(7GDZwxAKl?lN93yWGt)U~wRWw@ zk|wZ>I_I}r-9Vc(_~z|ivD;`Z+1hPNyaKxZW3qXFdv-iOA>JG_}~}ztN?_LmsX=B5Bch;EU9%L4TwzA@|B79fprtX|@G^ zqE)N#IeeU-H3vr>^OgO^o2%d_zEXE%c0|uQenw78ZeJ9PCy1ftp8G!7%2sDLv?UOUdXBD3Q;k+a6M63>@`utOWvK*y{qhnANIrc0()CAPo_XN4?6y%5FMDs<=V8Ou# z0_QfP>P*4Fx)cSe%xU^3pGe(#b{yBO1u&sWba^!!ey`O`QI|mQ0QQF<(rlj-fDe~v z*-r-riuPBs8%Xa_y6q5lh;BI#KTnZ9j4h>g{G*PJ*z;IXB=Fppg(1}#j;mDbn;o)?YvGuXN-&BNc zvM@tQS%6K<-|H7NgxDl2YgfHQE6AtmM#XFXjDr#0vuYY3C8DqN;9vY%KaKQ4(Hq(}0;*d6Ui zyy|A4iK##?#SOAWh~XPFswg}sn)tVPB4#KT5bkF($7NT3y{RTLb~fV=qx$V7GOl2r z1q;b(F?XR3{MBdxW^nvqUZ6`lWl}RXb;(m+J)HH469%`wzf{ll0^nzGHErflzPeh6w{_q3cKfGUFVDZ>tWxByn9E_}xU`d;xvM#ykSZhpiD6QAG^`VH-i-lIk<# zfx(Q-i@IH}aK**od5#yU8zDZlaF`0>Jao8wrDt7AYCEG4F;4(Hqqr(5TURaP)KqD~ z^Emrvf6SBNm6mbZ9vK~Ar}3`du_pj;@yG3{3rt<9PTV$KN;#9kFsRPa{cQl=O?w4q zc6Q!`JYc37yofVPaGf6dYu6x_778ZfQMt=2pdL|{(KNpvCF(q=q~n*&u09|@b(0+& zBrM`FS?pWZ^o9C@htLJkNHpM3{xE&5x?!SNS&AtqgS}3f6kjv;fI}T=NeRI4Rx^vGPyyeuF>o4A%72dv5UAM z7{NN~6my{YRuqZ@5ZZYuML!B~X+!}LxHN)Z6Gt7v_@A+x+|8Gy-uT|V68m;acfg$f zUg5e_+=FA5)+@i?h2NOC`mkmspYNI`v)Ud$+bgOfHS)eqVau{@aFer94(nh?Y?OHR zc$(YX&BsCt52l~o@I1(H9w1=vR&;)U??rb&k=v?1{%!1t7N-Yx_}!fW{qD{X{%@Pu ze>Z3TCGI=XO;J$^d#K9=^^hKV4W&sKC<$@+*Dn{MMm||%;gp{Nl3vg<=-9@l#dOi~ zPm}$4!hv+E0X#NTiD%-d5H<>S0=5!16Sfof12zoy7;8JWcVq(g&q&lr<;Vr>3v3J4 zMf>ujm@ksYZ$z?}Tv` zzB9QEL`&W3xA!qFE9iFOZMCBcSjwW(*TT~Rhhl@y^J6uf`{&c(T3yBjq-%s^30=bK znP=nK=+=#^JJkY$jcvGJVjBBDbgHd{FnklbPjn9M7}KPvqx-;MqTl=}YH4!n1?4}% z6U0YzTYw`ZB<}gk^ji}v`*JPJV3f5ay7cB69I>3WrsCLzmhK9ikJayj&eR=96FlP@ z8Ew)*O%vy!rzP8Itr@wQ^<>&Ou1_ z0!|E-gQkiROTzJj{KVr}MhUywYA^%484UHGhU=YTfzW-=eucP3aq`%5xmp9hhMd?J z>YAcC1I1RQC1Ov-+^APdv6;Tnt4Yv9xr|W>hdG-NCx<*F`qf0S(AFIVJQ$JaR6WbW zOqiRwgC$T^;6mXMwxIeSH__^NiGcCvwUZV5W~j946<-d`W(8sS&9CM`+83RO*e;C& zN0$~`7U#BT!7iw$ZEdv6I0YH>w|;c_kvz`}&4Xhu>h&lvO;>oh7Fz!x99Mt*C!VJa z{Ilk@&q!P*!L~TB_ENf3#kPE(c9{@TMgG7P1MF#Z5#gWln-xUuHO-|J3^@Tx9BepB zV6o~b0@8dtszLp2id=uESBI(>$w*yD=JQoBz@HwU`)fMF=V>&8f|U{SEz2B#-b*X|CjUe?zcBl2TmR?B>WGQ4q}vDkP2j7TZrFDpNR)#)B(VuD8EeGbd-}EdH%MTSo|0V& z?fUyW`sI*@g5M-PN$l49Ay^NX5-_rY>3=pr!=qTxARN5qdg*#JRGN&$S1Ey33msZ^ z08b9K(9i5~x|cunh#b4s$*C#S<0V2qN$0l&II)~x;*Ui?{XVx6A~3?k*0vZZ*Sp5C z<%v|3pVZ4&I=uATpx>XwDPMLtmw19-NtiljO{Kx&2RO-~;{WZ`iTkjL4zVeD;4uHd zWqU?&dkz8mG(p}*gM7=YpVuKD_Q})z$nd*^n|QOwOc6MEY5rqOnP=4;-6+IO&(sW# zW&zOPw}{n92s&y0l_bv-IVRi~jI*!^zGx3$$sA+76%00wcHP_wLBo!DvCgQ){Ad^>K6uN;2BEB7%zZ~5gMidoj_rX zF-k7Yq?nrgeSjrnR%|7sQw$_yQY=gsFt2)4A%b(qvf{4BJ8_Mzol;2lGog+91e3VI zHYz+K_h{#3c^7I8pqa69OUeB}fgDje>DKOZ#_pwVm!6u!a)q|p{jr(5X@k`9x6c(# zXPe72;OPdKJG+{7-10fvXq%83LS&iIbKH0bi5V`dmcnx|amN8Q9|2XfQY#2x8~I*< zPct?=sGR=^@~?LtzRfYvp6`q4`L_p$W~n85v;JZV{Y%$u@A&Kr#*Twv*E#)MRy~kT z=TUWU7nd%RO&-#(cS}upKMrHUcn9^-jOQDt?x@7Ulxvz6Rd7`mOJU>HwZ`6yeXc0)% zv#smOLM{_# zNCl$DuIF%iT1<6F5~4O=LUn-EPqo01FPJ|$Us3xRv%WbV(EJ0}kKqQlg14a+od#O3 z$}a^%=7C9bkrU<};(g+b26CY@AefaUMU-Q1Ht}w!R5C9O_9<6|&KQIRdtb7We?w-+ zzde zlKqpTj!GXjzzasH zfx*Wca7Baa2f8_4*k+3b{{sEjpCF&16z?CrH;Qjz5YGSoC;0Dg-|2q_S<<4(@Viu? zblULhR`|s=rWJ@`By=&Rl4KC7`BXTu_>qAa>Cng*Mh_)$A3we9otz$W+8Zq(T2Ixj zvflDmy-g5f&A{RI&uy}7vg&9|u6C|`yuX0Ei9K<;e;*=`gKhVu|AGU0Mu+-|J=Dj2 zii+Zi_y^Cy+mm8xYJVzr-xIfc1XSd~fbEYxu;Tl)`=74gJ)uO(D4g=yP|x&C4eDs% z#xMeP@=OidOQ(>yP|qfmbIfDLQrSFl66+P}#-hl@;-a8Yl~tfA@|=K}OYFl96tR3xY53DtU1R`^3yjuORN za_1p@|59nadK09@sYi9^BtANKs!A5+w+=~7PBJ!VKh=c1`^|pudGD=3g(Va=9?qF=qp3h14u_kQQkcn=aox&5{$4U)0BV#VAgL^1&6-Mamx&x)Jn>Q1dd3F-@w~L~GkS`649ZyAb2!DJHk$qdCE)zJgF}#H%rOpWkirkM<46TC+21uF*dO0 z+&Ywr>IW39U0NNdB=cA1{bXIsJP(&4R%!Qz2BwK(@boL;A6bjZL?%dW4ZA|tDLZ4QnjO7`*f?<+$d|@Z2(V3juqobx zwwMCg7AE`Sy|g#MP+darjZi@$Q?1u*yDpl~TDx*+xP+0d*Q_^gXq~*CGXVzuNt(}G zyAWud&@?K{2uv#E1L-v|&$(5rek7U!`#D?A$$Q`*D{A~NcxSi5meIW zjNK5a)HnTU1JWj8@V)B-iPGeO#O_%U*Rnb#LNX+~^7|VDc16$SkJ`-)zw>eWrB=lj z7oTB0UycKojyD1ky&w)iq$9h0vwR-|fH;o3y1Q_Gx!7*YjAYyk6K*cCe&>`J;<@`O zP(A9=6K=w`(qP_n48~Xqe<9+td=%%utvb57k-bZiy(7Km>0<$FXu1v3g z{FTuh`big39lY1x>HM$`fk#PEafDSA@CK zgxDU?)_g?d3dL5q+UNKg{x-}Yhm;-zBCcI5c>qm}#~qtxaBDI`$-bFj>vslm8-*mK zdK;%HV@I_I#VN4m^RElw7|GQ#(Dx~T@Ou%&{?7$a^R6(EX!{=p4tXJRfc*4`a!a=Dl8 zG1ZZp)z$g&!xryJGJcv&e@GA%2KWq=S@F2>_NsW#8bKy5lwgy~v;>qz#!ofqF*7&JQ3o$>e4}!azXLTgi$DLq za3k6X5dkF?2PBISUGneB=~qpPNm3+|f80W*H3}5~kiB-@=o9t2KYSAnVf*feQQqXK zir-C8G88_2HE3&irDmH7YN?>CEY+6>Pz4@zzA?8^ia|x5`~g8HPzqQI8Q5811}5kt z^yn^g(RXAGN@0g`Ctl>9QF^|br=?u;CnNFMoj@Oq;NUWe0xWqPTbX`d_=JCJK}&Qo zmX7PGf2j7yQp@^gMB^c|g!$KR$9-f-IvVE3kI(NI@c-OAC1nKu z`Qu4Yg>d~A({i)ab-1|^#f=yy!vp;UiGx67MiPw>;uXsB4AZftC5aIQ<+a4Gwk^0GyxedlXy;#f9D_lA$QJzW=udkOPT^5DO%kV>lTmaJ@IKASDq#%E zR5(83{N&HkxqYU9@)?NIDZ9sdt>EucFazm0w7#lqR6KsdeFZ*y$s6097WaOO6Za|X z5?$1OSMAeLVi)!?IK9%A{n|GBx}WY+-H~{IW?6e|6_`02MI1yd&aYf z(y(4FlMOwIou0&q-*6SpVWDho&(q3bvFhAY3N!V#qKPCDMd(d@cZd3oNL*?QP8z1U zEYO^CBy)sekC3Y?p+Ul9l(&d0X|`^x@htgm!rnRrPvriqWQ|%9BgT|HRdU-%r6&w= zZlX8^qgT*|G6lWSOeo4|XzcJqX5OW80Zfe^>MYCeHY< zaH2Ac=wxnBSi?mo={+uyxElePj2UhSJ+%Lx(Gp>UHPmd7*Xd`tqPZ0X23~Msb-nQ| z?z0oAFugI>8BGWY`aQWZ`0Y8pJaeywFyUY@1p5U-f?r|8aY?5wGI$<+}FyQ@tC-vfIIV6hI`uN_quUS!AxG zMHfEJcQ%?X+$4SKLKF*uuTsmMvQK^x;VM@_w&c6%Nl%E=x&OtsdYGAs%bgiZ?`*v7 zi@zy_hmsG2q46L&zHVxDM6VVi@{3p8D|seE6um^+x#Z{n;p-ikGYz|M&!l79?%1|% z+qP}nwr$(CI=1t~Nyo!OuqFpGim62N?Ew8vbnx? z7L1lFwo+6mLU7?elOyB=4rB~>->o~Hy3U+;0gY~25I^Uo@Ru3a3ZY)!dX+N zp@_KIwfdTdnD4hROTTnM-x+$TL{ZN}LM5batmj+G31zjj=JlX#ai7AQZu(sKl9O6t$Uo9L(tU8 z2w}JlDik1r758Zx;2d~k)P&TmNvOlTF!%^g03#JOF=Ka0<=3PPl~GNs(^(pzYEei` zqnO$fVVg@75Tv1E*%G~oeSI=c!LRhm@Rmq)?5BXTBr2h>BSIQ;66zDCa|2yD z8_8^;gJK@#nUx`bgzuO}b|DHfFHmPLGgH7Vnz5JoG&zDuzWzhOmt}!UBuj&6?mZ$T z%MvM?r9qQsVN|J67U^seFV?;^n`MDcJCWDJRBdNr#K~K=5PlARB|{*bVJ}>EElDQB ztHz!bFUlXl$O(Bb!?z91(I!`%%W{ZRn`MDQo#|aCmS6V4B8B|Bh(s@3(lK76G_pOy zEjF*roTV}Ah)5w~B};^a(*)q$*X?Fl-+|v8S5tV_YJG-h-O!@Z97GRTv}mgI)(s4| zme(!?;Of2?`f`-CuYI#MD(OGoP`dHDLuF5ot)M0VN zr|B=6W+<8`TEilySvH!c=q(qRg>qoz)I}Utq@goT!~`2}>t>xmuIBjkd2YfPQnI@c z>n4zlQm$84y~tB8&kFFvpJn;Z+nmi#orT9N*WN`(hal?Y1nS=N8G}tey@tN-ZVzqD zq;u2u1?=U)$~y$~e%Zr>4K6L!Jynv{KZ7_K2A}MLYE_zg%Sc7Ibi$3lStHmpSaCL4_?wy4I%jx>C z+yIRsfM#47ui2GjI`2)}xFV<8VK}}(&@OxxRPjEy=Rb}Lh|?zbYqTVj`4actat)LV zny&2X=~VaCs5C>i>69eZ28&$W2YD@ju|cm$f##Vv=E|S*h zx>S8lZJ_7YYi=#;Rn1YgRr&|;ozr%lB3cu81!36;XxbYbo&ZLt z)-<(hW0$rE$d#O?fxPGplTw&!osZY^ZH$%THBmR6y&{$BI7Y2UNLo9(QK*$FCH)^H zs_NdBg2jR)OU1YaBkfK1@RT{Q&Jz|K@Khk$1?`jqC)|#g#iK_O+J>*}0&JcS zM4wAUBa9>jV7wBz+rMHSugEjIGG8u~LZ3`C{kW1IU_pOvT@VL3#JF5U3v3hkq``TE zK|Mm-7A{+KJuJd2N;5LV9T&u)7UHAFOCc@e5|Kil%o+Vc_@;pA>L$csDnML_$zdz9 z&&<}(kU(5u+?*4rR+nlc2+3tpFcydu=8ws$d2t84Ewa5Gjik;yXeFC^iQ!+MSF{@WlmVc?IH&w?kVy&=og1)>R zx+nB^Ehiq)*aL)|lhkag=q7?(vhXXN+sm?3J$q0MES0aFUg1nr_l~^zFld(y2 ze8Au&#Vuh~=xPaOxu8=36lFI_aYh%2t6Ze6s43b?1nD=9OTsSfJHbs&xX%s6&^yA9 zlwE6eHu~Wqmv$` zedinlw1fSIo)Y6Bm?OH|c4pGRkm(;^ZQmqWVNgvFP&1bb-buzTk)u;lRolibP{cu0 zd(qqq(2$jfp?f~J>n>bjyDv~Kr`{HPJ}saSHlu=EXMQR15DIkoB9;AN)6wd-YKV5M}P``nT{zo69n?m1w ztH&nHe7^4)tM9&At=yc* zvql13x*NN)I%g%e$h>(1P@`Mv;w@MjuH0Og=d^VK+#S58|Z-` z0V!=5f~=CF8|{pbC<}OgbzhAw8C{W<%|i|Q8}7X%hBol<6WS{1rT;&Va;2==CLicP zKvi`AjaDOLZ*T4D@V_oWW3`}sR905_PfeMaGkK6PlLUl*fq+Vw{W3(MCB#Nau#g~x zG7yMPHjxk`dl;gjQCpy@t+lRJi_~%yJX*z0qlpMz)v~O#wyw5qZA-ICwOduYzEAz@ zzw6y>!c=)LedGJG`!LsQ{*mvj&vCa`9*4Z3Q#vuo>`@kLzR@uwh^0dpyETRnq1nk3 zZFdBXGv9WH%dO5eG3boP6Mrh*EP#%&`3egW%SwU4`6|OVJ(zzqy3rGozWHhcfp*J; zm1BJ5++2}RjcYN7a$#j@Ria5Z3vD@J-=7GdFg5?UNXMa;H;hnP?Wwf>YYLK9|n%$6qf?mdUx2#}iPgnzwme zxg*yL|9oeLg>tp?x>K)3gP~sW+?;@?@W?i+#{QHEz~qT z#$DRKEhY~=i&4@klto>-0obp8wK9AV#nL05ZEaey!||V-(@(o|{e7X{^jhuH8*A^N zK%KtzCU$P0bYjN6_j}P_7F^%`w$>+`r5$F;p2Gre@8I9=MxO2ER+p`BYwTs>H5SW4k(=M_bo|<7eNKM;O}pt_=Psmv z<86!0Z&7f~5cYy^Vb2fey72*+o1o=^i2G&Bb6_sGiO1w%DAheG0kEk<2l99>?lZ=Q`Gf31BZ%SpVYoCcr&bQv2NI z`aZN?al`bN&EAyd5J9Ex-Ys|tKkDx}B)Q{^O|tp`XK3Rb)L(#@kM54v1kPsXWXUm{ z%!VzIemB9$_k`TcGLvQy2b8kj`-A3h?(Rk_TYDIfVUBz_2+NhB45wG(z6AEewV(_) zo7JMh=c<6c=)h84m>@#!t_ur_V;Hg9B6W1pkw(eit8c@Jq)nKx_Aj9g97L+}v3+c` z%kbFLk3gb=4*C=&f;e))@&hpN)amW5v>Mys z!)m}!BiJ!DPvJy-v4EI{jyK=O04s2pY3ypb>g_sYSTtEU+H9)1`l{OWDA3AtQ(?Sgc60Ls(i8N)o zgA?WSNA|$e5kXG0t)GZGs0=PGQb`BBOS2qr#mrKTE6gA(@6pvubJ&lz%Ea?CJ znJC#RICOlCHEgcY8axcB2{>}Tg$%AB!98m0r=;uT;rAg;_liNB^f}L=k*1dCrZCwD zH4bIJ5Myu6i46IdURkVf`wQ&7KYhh@J`8aP1XBk7^hJO=lx(MVyXhP2y_SLbnXz<&SJo`k2RWon;$HfM3?jzGOK(d2_As5 ztzNuVg}Pk996TD0A>FP=fZg2$n1CJ$BrCZp=(k#V;)+Wz<mSJ8TmBhYP zcbhTJO6yXn7gdw!l2hwyGNx1MZJ{+N3M`h44%_sh{`~c}0j@QJ#K-2R1^9bwLbg`k zXquHnSh?o%d!Sg5)A(ws+=?-km_qwq{{T#;yLV5CMhI@h`5)P+W zaPm|#nv}W+v3v(@LFacV0oo*hPo1J~xciYD$6p=r_l}urN4Q_*Ty8VCCJS;hb=QHs ziYe6#QuX3R)h~^&eQ7w$Kz%Zhd)V{H@XQ&X>@v`V-vnIlz`u*3Y5@MJR zj#P94?fem3SM`aOiZ^0uN!Y0+ywo!;Za9+Y1Xp*46VW;DK$t51)+AN0OkJfb`$pj$ zqv+r6FJ7vCabBe>AHU(QT7ky+5B0cz`ZrrzW8PR$uj<`%4&rVDfGc`|+Lo1N`L2HDENnxzEO7&@Bz2qCSH2 z3$o%fvEe;~zwwS=^&8^{ryw2Q2*?yXp-bf(;U}NvM-+SDtVO75NXJGQRdup}zfh5e z%2y`8LaNNDm6A=hky?{&w2*2e3VZ3$0XJ^6ZU#ItLTKS8qMkQWKy{3QlZ{keb<8PI z7OR{}&XmW9CJkKY8v9cOw_+N{@{(m+LiIky2V_y$Po$^{l>$YD3kp?%Eb6#Zp3S<7x{@^IDWN!K8E>6){YkQ04L|B#o3p z{W?}ku1;bOb2gXAwmX8A#*)M=GiphFr{l=xS@^*Cp!#H%jtzj_+Qv?i7K7L`#^X?y zr+RQk*~xu&xftYRI~iqh7>sxL2&S}8zOkH<9{t$h&CFySuF}t(Jj%ArC1d6ceY|sM zVO~n~69Y>_BpW>;%2DDvy7;=tV##I8oB7RkU;$Gw#Y(-EQnFB^KTZ4XU|g&?d1#l< zpHot})ss_RTP3KU))pnSYm?xnjp@~(-kqs zS&GOvljDmIxumbM)Cjfi6Zs7u8!J1VJvd9Ss*Gu%P&DB|gN4L99Q{0`h!N}6q$y7j zhQEl7*u6^PR*Pl3cCg}`#?dUvP5&g9EWUj99^-cOng0?_ zl4G-p75Cb;4kR_t!XDz7lJ>$}L)c5FX|6Y6I5O+b|K; zoh4P#Xn>(lR`QV84ihw}cx037{nKPSuh}zazM{9I^+|az&LlbW-ZSgiSEbYOX~=NuqH*6yT-`%wCGI~D^_Fk`)+aE+DG`z-LTo7^&+oP z90BWieCF4YS-f}D?on0Ii!T{39gUa&pAv49=dY8`08V_C529xNnio-}{6hK?;{EZ* zmcD1an0T_-c*D<~lDiiMKQhZt-@of^3mnt^$cjTq zO>OW=w}h+S6z2mZrxuQ82uWTx5o2(QQ$hfKVIv`?dqU2~6FV+TSku6dCyzWC&Sq(mP8&G#@+x`GyA3&o zzYsqwB}PH|h79{$r#{AC&o2t-&03Q}1s`g}%o_zdb-Lt1xd`f(ho~@%Phh8_X>OS} zXcjGnQ%*Ti@rr^{iv+Ue%;>yf7RKOJ@At!Ov;z|nb%SPV%6K=yxoX1G6&1;~vuq4Z zoD9BHaneU;527Q?`i09AM(i2mn0yml5Z%13bxI;t_{s6x?1qKe;}Y$pjCgiD?L7Qd zSzS7enZ%13S=H0rf={&GM6uk?%8MQZoIQS-T>Fb%N?1QQXhR2Li{k|6?eWREp%Guy zZ>@Akx5ke%kd(iaZW#0Y0t&|^WjoL>d3*q@wj~)4M4~R52paApDj1~H=!~p@h^)9i zTqIVU#)qJrb}Sb7O+T1l({CsHJpF?C(#mJ;99Trr+2*nBOZk zvXCvwq?t!&{~>$Ks-$(WOc=iH0-pS){X=ET>8xyAcx0!*S23z%AT_@?aX6 ziKdv54&X)H>3(w~DAFSFV%>4zE$D<<?zTEOetTXoptl23GVUE^J0v*b4TL zvGfP}$^ShI^GW|UkQg2P6ZU#w_d+;JiC;8@?1B8=>8_}E$HCQ`K89Q9Njvuz+_Ims zwImO-Gy3Hc)?Jd1j#t1OuUz*~L-ejQEy&fJUXx*|Y2!J@D-!)-3Ds5l<jlm4VE zS_t^)P3h%8@ijbQY;Vnt$xPT$3O*8q-2(pma-+A?gf z(xHcRr3Ou%HtgkW&e=M`U9`r@kFF$i{_)s;Xl=(w7X z&*W>=jt`I3Rkq7~?H_nv?ABhs&Lpu?>GzG)aCy`b9!S?0%-a{dvn}}AXMfL&;e!@j zPYS0mRyZuB^e66^dRs0tu?2ryq|c_^Ji;nUdXWKF8XiBrB;eM%*&Q@86ue#}id>G8h54X1B1e@3=S77i=BL^TN~+aoE3#VOfj)jy6r z$g}|6tGeSkNu>^kGI?I&&??rs^@3ASL#gUpG!J_9L`GW61Y8wnh9)5o9)k%OcIBZk(m>LCR=_zW>!a z+OOmDQpTb*=s;fi!xS&%<5&*BC`%rFp=3{_jt}MR{wj&?Y)rm+Sze=vx_>c(_?a&< zA*t$L?Shv93a@_sdCw@HR2I+NpwFT}I!>2J;N4+|?&X2&G+`B+PL+Eg{4p(p0viNG zA5VnEdePgxP9bC1gcJqX~2^>vv&fBrX_MwA9 zDbt2iN04YvDP#|9R7cm3oV$Y49^@;x0F`O|f2JrYt>Nx7qrNDvS1agSjO3zPYC1c0 z+|aH7)eo1_e>)h=AZpVBvFlN_2uDK%u!WVCY;irCNez?P_PMaV+00z~Tz-M-fWypi zDD@}&Df*TPXOLtfrN8Iy?%D?l^$}%dosCwUGSygE*0Y9IDbSTr{7ICeyuB_EZB{po zVWo>QNV&Vx-6X;?%#m$D7PQY!TQgVK-XFhdYJxWxYU|zS@e8607Si;%Fi>#3EZDkY zpL*60pAD{!jA{KH%PdRh$7`0QI}5g#K~Ts3(59YSJG>^lL|SHQCt64JgVKC6Rr=ro z9^hC)?L$QEir##fYaBsn?p!Ml)VgBqiDT`{b3frWN8SIl`jG3+d!M1-6mq}Wb*29; zgm}w-gxr(%?MVlJ|4RWYt~00dW|LtdMx+^_A`%J zAiYk=Uk?Geut&TCO>X(bhJY~NJb;ax`M*SMbMOuf1znWkq{xchm7hqbfvPp+>Z z#ghk|+dB4hgiq^t@_w-TcewPsEuBg7H`wpq8{OCnMmG=+eUohX<>*7d#)#`K{g@-H zoYIfbd_4mQ^WkI`t~sjsg?h#LA?vY$`R9e&oMP|7-~O!(2hWN<>5+QlYm_<&Xj{Bb zy&ZI_unT}EB|5DUOu)xZvui<$j7k6#2YQ$44+A#`CmxVV=Q;({}yV7h~anewU_)Ns~I z)wCFysu=+;My8}{Ql9^;o3NxkbcAjSEYOoxL^mky3Lnj;S{qTn2Oe48Fsk5=luv?_ zno-AiHw!7J!cr;Iv_NjwD%q%%uUAS=7DcDnSShP)R>c(JNx|z@9xvLN(&&c2WvAS^ zbSH_sQ@^?7D+$C?blg&+SSnDKl&Ajo63Y}JPciZm9Rz4*%GgsVpOqXIDNm`qS2M-( zDV8l+mZs27!Maf}Z&c143YEr?Qv-CWIy!YS@#=Be_Ji)y^ymj}%El?~*BF*k^_i#( ztl>~9&&nvhf%Su67;QRM142R>J%A`+7jL+L*{AigE*Q^Y8$OUBjZ`ew$ZNAQ4nLiY zo*;GC4j0~h0UA0B?=PqYE_F=-V^lDffllDGis*{bPGq*~b5c~%b*!RV0V=ukU`j@J z|6Y@h{48~DoA=N4@$95~r@aC+!g~S?~T6H8u%tKbxlJWTxEb5Sqt|cmUR{=l_(K%61v=xilq7dqX_ zl!sP+2l$t`Pz9mgK*b zd}PKp`6p4vq6@&mtcOaS2c*KGI(U2}4?pWtCKn-_Prg{w4Et5~ay76+4-+VRCHVc% z3}+`;{rjpZjG|5(?uFg<)gIxZVXMv)0^q`=E#LSA$ycXW(-VEMd3>9SJeXX;9KT7O z`B|I3NuuF>?O@(17p2(*lNFBt%(=Mw{&Eu)gr~Ql%`}2j)vA60nzA8gh|LV?5w+N% z{t>%z3HqEz?f=H;&$-1CeG2)jtW&h3x0lhVl^beQ%piC-8Tu_AC~DNlCPfhI`LPfg z3$BOliqo9IY=QIO5!w@(wM?tzAIP$Jq*t8Mwl#;DzOe8ksy9p04r_G||DOUdL5j?n z`zL^$|1JQL{}jO1|5zt;W=AE1Ww#Whw1q4wR4kD&iFTt9L!m2Gu}Olc?m8N2n^(rt z{#hqAZ-xGsbCR(;16+x}A*uJ2$$2iv_~-TQi90}i-Lf!n7Tm5~VbBakd+aavsT|1G zuQ}z^iqA}e)^=|y1@FwT!~r9H(uI8=o~WjFrxGm7mnDG<cd0>jv zr)ma1n6HMJ-vqlXi~<2uFM?Hx4WzQlAibA|_-vqDKZoH|k*+3Ly$LAK9(sMb_fL

3jXa&KEuvSj%G5r?fII_Rx2kVqog8ZZ@}6I(<8PKpu~? znj=breljhSto?=ec2O7QoPHnle$D$ZTGL?s1=qLF&o|t;H(tHE*+qOPhTod|WH2r^ zh2(18?nEQT!PadZ;b=PT76{cHfmN-m8MVy)ak0`%eu2#OZQ4w=1|L7a|EBz7RJ&ec z{HG2)blO_}e{>-BpE}UBUjApHZPwqYi?m(S+Ui=ZTWPAb5b>#wP^E0KQFkcaKe9nS zOxXZ!s(fvJ90ddO58#*LVIHfqd)OCXdilQ%w3G4q`u!jtA-U+dHe4M$LSWglHdy`E zIo$AVVA%4iMfc{vR(5YH1+Go8#ePNmriuhV+)+&JP9>U^?8t*u%A1zO=!06nd9xyE zT$XEI`QuX7eyIl+`a8XnK`+v5V`xMae?FbjKsyb2bvqBhtOxJvm=TUId@nd^E>Fo= zK-HuGIF&IiI13pZM>_9ymbl8&8dcs2>hzM-Qnbi!2w_$07DX-suQ##F zPBjtnsG5KMoo_&xKZZCjiUdoe-h-$V8%kr5g?p@v_FhLk`-~>2B3Vted=`>hKk|HY zn_639=klRVUMD!gqTUGg%rRC&*Y)#H%F2Ndt+Q6Tl)-~>ZYv9KY6|Gf1M5bS2Qp_1Kfh!+uirhUDhtIH&LH5As^;{ zv1=9>!|*n4_QDY1Sap*wLAU+T-^)>U z8Y{N@0sp5CKuY9)wfw6G-2c5Ei2t8DuvOBPNBKw6S*q8y>J|{C(HMzB04uhRvBxxC zwjeAeOG~)r=*~?cTG}z`#`H_;TNgq03*evfFw+&7wrl!F)A7E^b#{AR`Hh`{HoXqXe@28KRH^@W>L#Xwry&MV$i#(O!d z3hq?o_VOIvlsOY2VNhBjCtv($f-*Fc_gzX^xP^XSri4w?$=0d7vfdi&^DbneUbLSN#- zIzbr}x#?b!Bs0750$_!!K|Yk;G)OMO=O)P8)g1gTw;+UD$6B)~5`1k;{}(YmPD4a# z&l~AR+lgL*3y<*Imd?*T|Cik^eMH*BHemR2%T$gJ9HUEx{AQ4hCHW4>lg<5l&GM^?Ry>&z}& zmdyq|#vQS%k%isRYWLQBdx=|We3168>}PCeaz*VHjpc2-D8o`?AxA2> zACD6*XU!M%36t! ze3gxNEXx^nnr)^^g^zwhLC@EH#W-ln6)ui4@$6s(RB8#Pla*Cy@DNn+jwQciW1>t= zULj=`f8#zV`jj4G(qu!KX^*bGh7C9ky{e76chnwwZv(D^@WH{Pnc^+et6~%Xp!Q&Y zhN!rMMLT|F7V_6if7zdqgCS9L?F-V&D;5M%knX2afEr~cF%&&{g^l*Djt6@F4Y@Dz z5J%QUI6Ly+HoiH_jOb8G@0eS&jQYEa_`@k-NjuFuhoB0yC{;b8d%&m75q@9oq7A@K zOsCWVRC&R7gsl;N>xtW8`b6&@cCUj8jh{mP97gM7MaRP(y;&gVVEizD6>U3*9v*(K zT%Kl7l9)F)(<8m%EeJ8C#Y!;yMN&s%)v>ROEE4`!yHOW8OE+xC(dn)K`= zrO>QGst_qKFq%()>2BkqbDM!D8doal5D1{9hK-42BCJ2*G2Ir@BtHy^nWjM+3%m7* z5dIqR7}W0IJ^mDt3c}Shh-1#KM}z4n;u;uIWbEV^NF{cRn|=VAoR0MJv2}`jaR~LP z-v>T@oz$3S57RKx*(28?s^J#7#K4|@3sr(b#MZA39CY+|AXX?PIJ#k2Cxj7VwN&h^ z(7{QtDZ8WLpOpP>;V5W7^%S5GE>=H*7TJ#dY9_rai>csyB`Ogj^7QIB( z`L9EW{r3)`^q(DKLvHJT!Zx#V60jvHO(CQLr2?uts=mcl3fii_z=)ATMvg|Xz=(~d z<0yU9JS|JqE+8I@tMagh&}}A}-8o-&o$J0{_Uie8b`MHeQAOn|;toKa7$Ix=8>AbFRsNm|;CG z`H!g&Zg}SR#C0>cka&Mo(oU>!Q~mF)s_rwTVf6&_7XP`8HSO*=baP{CJ_9jX zSexZ7mG-QBAU#G>|mT}v}Cl7kwH^x*=pYQ`IZtMCB4-22n)+bU=fjMLWE4pe;K8SsdkpxWdhz6{uw7vJUG+ ze)_v3yP!A#$&F#C_DizHXfOvp)5xmK*5fMH&_*Y5*hHH$Gv@oV>=p&Pe07+2g(~em z#YbG7rg)b1z4;#2-EIb4*n;nPZS~*kGSfnV+)GPqkzZVb}8pScI4htT!CrK}Yu zr5{0WVV&SBi&tG*cREXT5awhFxfFc7nOuMa-K7SrT2@8XA4#jW*+l9w=>qo_pBX zi5#L=i|iqK`h=g90|c+Z^lv_5qvAe&(IpAR$M;{pM@zzrq)CyK3os*e zski)~202%fiMF{;D8;p6gA`0fK|$7-C>Ei&D3CDLNj{2(vPf~4U2?;aZ2oZ`3ZF9R zCs=j~{mC@GunDJKayMjVzD;qEzJV@$FJO_*B*oA)2_o_D?LdbqD zy?oDc?sAif)W6-ig7AF?*ZB;`+harSYjb&u zW~;Y)&c?67rR;BklkeU2o_;SS|5Ql-l!WwMj`QPG4B>Qr(r^0A54_x!A-}5Ie$Ngd z+zRvine30hMh50{dGkLU?ZMHEMgxE9eEdM}V{G=L4bZ#(sDt~({;=HYzuJTR1h@P8 zKsR0eum`xi{ICOm=0E?`&)S1{sE-~-?)(C|6!~>XBuohzk-j!kE?cPo4-H9(LAf|~ zE8Q5##u!~HBIQ~?Lk|GXG%gUPO3}(>b8f9vK~@#@5UX-!p(lKJqpMss?DoouRP8h!4OsI$T@|>J-66Nu(o!Ka2-vd3t5mX* z{R5x_61-TH{O~yQCiV48m@Xw+LB2m&BCRbF!Gky6ozi%&zHhLHinH^s9KX1Wo>Bmr1CQgoMITovmHD z0QJpGojQ8n zG9H*H;WN-HVhFt^cC_&5H8}Oo?8=&~*UolT0=Wc^QUYqE`f+YV2U=sXeiWfZ+uI05jY2jnx_6*!= zlcQ|Pah+8_m>UO$J(pCXRFid3Q^ziEMS@CzCF?vL1v^idDgM=HHO3uO)=Xa3ax(9u z(;g-EdopFk*4p5DgU|Vd0x3y@ZNeAsX8B923}+l$y~<BozgoTXhg2cS5Nn5%9?MyheYG)Uj*$W=Ygs; z8iHCyVt4I++Yn)qCMu`DS!jODOxs$vAKdPjzPYwe5Lu3QMTn?GoxF}Lb$T1#h!sCV z0Ym>tB9{E6RzBOd9ysOvloa{lFe3tOiSpq%Kwn!{lh_&rP)5UxE-C)75uc}wOgGJq z%oco@%NB+6GV6`hcBqa76_bfEBA`u1u%j9#vb|Y5X<#E@HwD2*TK?{{U@$Fi$!wC` zl-;1Q^*d)MRc_1Zz-!O!0Qva52UZsHh)H|rWjsi)Ez_Yh?03n0CA2FxD;FCqTNo6K zj;DnieNk)%X|)8`y{1y`GQ}|t2)3y}a^8^jt6p00$3rB+9gF1A)KCM1b64;N2f)C$=xU(}{jB7d((8!exw0gSEs z{gK^{@sZwlM1$Ls`qt89#O)SLOTr+2jWSp%L@4@0$}+^}1U4j9YO1k-lC|(%fu%!^ zJSN6ECozDSvR#obXB1@!i51ERWf|qLkoeh%Ah`NY8?~^u&`ueN$w*4}x#M=}WRI&` z6U=gG*VZsM+mfu3)EA#*HWQV#EUuz|bxviOLBYug*Kn**V+Jc~i*duN1L9x`2r?T0-H^ew0^^M^ z?kyC$Q}>1eAje}rrE67uFNxKD-J6KpWVQs_Mk~K8`q!Fd=;BeNbVazz)}9IpN0u8Z zoOGe*eM9LqhcYwh zI9B>CYay^16Hff2o6i7OgKa{&Qn9x(-RZ@6p2U`a?VP4hy0Ujt zqFLUFL|GHlNe*6l`DT2eJ`K{2;k&&;%FXR-ITMOksF4)f5Ot<)fZ!|u>vM3Zh zXf`~+{(jmA|7J50IO{vW0oE{56kCwd zYFjMNL8r(>nQVSzD5gX|Xruu&(hlMs{+MZ|8Eb~|=LG`tJ7~No8Uns@B-2tU@&nJo zQ;dseTUI+0jJe3iUE-!6Wz@oT)QFnya|Wf%%+P*U*RoYxoer_6nKQj|Xq(<@t^up% zhk|sp)n|-8Q(HQ!{v!{0TYliRe5rC^s4qSHwtUs`5ZBB>bz&nNp|tU-oyIh5vIa$c zNUCo)RC^JxpPl*KsE9r$zX;^b#o{6mj}JR|QUHeO0J3#ulA2~^xWs@19yIy#tA(LI zt=qC!PqEH8*>XirJ>0J>F(^HmcFDB^dN-tKmB zJ32m_u6doxIpXJyJ?had-NLW408WHV*7EddmyuR%kAfgD*ifx^4CwJz^-acPhjze9&@t;9t5b!{Nx z{T5~373|%Umi3E4x>v6mlQ)XVr;`5{!rT=#+VPi$V~>iSm9Q>N~{(V85Qu1n?d zK+7k7JPGd*?;pAUtx&tXt&t!&ED0JvAaBhh8OqwWQgsq-O}*f9wlwE-ovgc=D1yb< znisDxDN{R7X^8d9W?XS5zL4pY)%eb`E_c5YRz9}`Id2k5Z?d1?G{&>zqBXz3ZzspO zcLsv4}MIVU?CAYV<9PcaOEkdTA^u6iesNPRAc_UvP{z zuhJFuquP#%zBkA!>z*5M_3Px?U4sWuy1o_$jiVJlg(Kzg>bvt1OyNSuN=4m@&B{u6 z3w1?Z4LpuVO3W28r0$pG(bS$5k`vt`J~!lad_m#w*lCZ=4b9rQ4X&>y93JZ&JK8}< z-TWv8+vNQahsZh+n0`1d>^ATr`1r&5I&?&cETsT=x59?U9MFKJbQfj&F{~-$6T7^$9#(}Z>R0j{X-<4TR#=V-HKb5Z#=X~ zB@KQJGX2G9`m~BD%d6s8C4&^kRzZD}yIivFqw#KH@4oH*oigx67g)Jstu8phnH?XT z{zFIZ#FJ{dqM$s2X*zj>>fSzJVR|@Lp7@G8%uT#fw^mR07GL;a-P```7Se|)@5!;~ z3x*EUy}ME1b#IlIY)w|ro5wvi_&UlG;5u#+C)brlRX4FeH7vs*bxiqa@~1j9#CW0c z#m=T`-H;%Iz-85~X=vg)ESsvX$sM6%Bb4xt<+Hp|p&Pc&j&_-rmMi8%5EVKgV}Ny|mlbw?$CtGaJ2#uARV8})!b5qqmF-1Lyqt9Y zu&XbM7p3DHRTcZ-aCf){zhbA+oxl7YfBq%KuS-H1AGeAvNEV(&XX*NQDa%Z~5DON! zt<}hSO|0_7M@DhT>xqPhc0Et*%aFU;D{t5UTsXZ-i)UpQ)(%q5TQwLgi=~q-4-P{! zhSsKfKix{~o@XZYts)6KhZv?o1>LBWMkt{?%LHmJnX6?A+9oNrLr1Mp{Gw4A+o2Y; zQ9O%*Viq&axlv!sp*$zt``Cwv0%N~eBu&@}2|q3Ru0kh>{Fn(heT74`g_G9$wy0*b z-2`tp;psKdW+2{_Sg```uSB;1n{=X!M5~KbtW6>pR3pz06~+XhNoz>wI*o3FZf#nw z@tErWV(T54Gl}|c@65!uuGqG1+qP|MVkZ;Zwr$(CZF7=0Z`D(Eo^zkOtG__+uIl~Y ztJiO>@QEcxN*~7(ZK9WPTMzl_q|if7j!|Uz30;n9B}~l36Jv4R1gt~Y@UaX=>Yk*a z5h|i=$F?;kB8eF!36Jx^vR+<^LmDH(Ec|>ldVj$6siUt<=3oQNC>O^Ema0CeqHyY) zR=yg+lg1yq`s4@1Fhkd?tD>*2zg(}vPSv4{Bq!j$L~jptOUPoxz0-lY{~g&h2>nUgt)LzKIKE#F{~ z6kkiPRIuOF{k{2Az1-T5T>nS782M4_?(P=6Y*2xKps4;^{=1Bclaqnj|Kz`CX+U}> z9;NwZ+r`+K-UnmT`~Us3$DAe+CJKpw5R8DI4kFDCqMS;cK>v4gFfAOr*&U^-X}=1T zJJ-CZs8KKuBud>%YpWf1YyEnCq50a@t)-*ORm*Cl>cemQCc`ddEa=Pk7RYvh6V zXmy@JNC&@tk{2jF$GnK!KJCTP{u{oVs}2K8~8oIs3T4 zfm_Gbbd+8xM1yg1`OOed27y?qbzV$GJ4p-xZj6RPxx~3L>J~HI^xG+1KQr&4h_{>` za%n7h!q~M9#>qs3Zh#x}_@a~lFUzYt0bTrrntPpg^A)UfzOlTaRLh=~}nuiIsQbU#a`n;0qVqr#VBo@mXr2Ko}dwN~Ax3WWhmSEVF8! z=AaDPA~t-Sv&1is;L@rP8?AggV^$`%U4Hinz_E_kN`zd19)e-oqO?x&rVm_k+Ql^> zwKZyn{GHC?ZO@kC-Xz(vMP#9Fz{T|B>0BB?+&jq* z-U|v%aCDj-VEb?fzj?f+eY;M6(Bl4Nc=Of9e|CRWWf-&J+^K%Rk=|Y=S!rT!s#0%= z56?)u$1<7|W<-&xhJJz#!4byu89dwuz`2ATNR!aix!YY$PmAm6UDY?otS4Fe5hRcy zUQ3GFCzY8iO*GF=<*oM_7uGbB#Eb8*riER?F`bPG7rJ@5qb~$e3tMrfs{u`WE$Fj% zOXa4Lo&Z_EyAADc{U)d1bLU2DIo{>SZal^rlSf*-KN>!6vccF$PZmJQUp#Ivem*{$ zIwlP?XiJsbf6>dKtK!XWN6$<1+7a>eEHY8n?)b^y?1XpeoM^n;ZW&N~^frBAU zTE_-vIPF7(ck_?6k*=;@)klE~Y9#`jKhsEA5!>He%5x{&Y;2(7#;@*{Z$vRkXGX&; zrHvOK8^#*qI0&4hrOwmJi6+Z?Ami_GTu|JL|oFl36A3@j0e-KD`JRwuvv`W;r4t?Ea0i zGySV1YPr&!y&yHR;u-)ES;;{FN)J!zZ$>K3AWB7YW$v@V1pG7pBxTRL12H-m-S4G+SVJ^c@d#i zvHGX<84%TE|2Qv)zuQ}ah zmu-v-yfC7YRDvwK;2}WdVL+V(s~(U-!|LJ&-ufC+%rhwg>VOc>ojr;IC2zq?Fp@-) zcd_=LKdbz5*0C@!rCf>|i#QVLW$~Fg!U7gD$oHj^rS%yN^^%O?QZP-*BArLqE^Evx zZ&S%+L?DT-DtoRPA}h!^mwN3~m|$tYwM=lv+=(ORufRnXB7E}9?W)>n-Wca7-WWfO z&-CSDC3QWyla#q7u-1acGh4NFd`zGDZroK)Sm}ufI!Y^M%Coy;R`olnI=Kl!XKTkt zu-lAg4<2C_S|6AK1#)t`z_w(~V@VGs8yv5~VC480Gl#}@yZ-EQfnH)gPARxgmII-9 zr|iDf_vIAkV0g3njqiHBE=V6NP?zDWdEa&YZj8NQdiC|~-36~Jlv}_pj_6UTglSjW zm2^y@+}p!Wom>=h_G;ZIeE%DEUyI-^Y#MuS1m*`Ol?%f4@zzUzCtbtviqBX5fDFb* zF>5!Q0oFyMEe)8MfoV^9#&~q{#G@IHsGh6elja(5K&-$!uZKf`tP+oauLTd2w?$zRtkJee;eK^)ZOSjN@Vfb z-J%EGf$)Y}^bW90Vd-b`pl+K6F`=Cg&q6K)0gsUw2UGlAux7HR?`bOM1~CYT_?(bUxZ zrS17u*l8Gc;to>Qk*^dVRQfEU9Cyht!_mHOnfQlwL)nQ9slrCrq@#8XsR}@UQApfy z68s641>|#1$Jn&MyTQsm`uDUDQaFT#iXw_v!9|IE&D<{XjY2upLWL$1LU=#z_*f3` z@-1(A$U(4B@=+cutsb=e8!2`Z5PK^VnAaVoahKsrT4d;=l@*a4rGX=6a#W06f3zyp zpCl`0IEkWRU0uj|>Sq`Tf0Q^rX1Xy2?i{Y282wFg=n$RWKtY zZszBaBsSUy^B7B2=92P$m1V|O^Z9pf?W;JGAR|SmEJwF!(=Jr{qQEZia&+3y){eHm z)WDh26AhbP1#W`t)?eO!eNDR{u2IHg(vh$1uZt&P+w@sbS%3HYv7XXI?EGy{X!WHy zqRY)bmy3mNVo7B6RFaD6eQ;P^FX!iLQ*3cqq;Qn#|>( z4|ay&A~}}fl+IE4M5h{y`!4dTyJg!;=05@#9c{|9PTd?REK&Ga+*9H2AO<$+j%Lis zR_%uvH=|C3J?xDdl_w7!O8`D_94|nHDlq8R#OQkD@LcXk2E+BwVinZQy=wx=AuBNo zyFb(_g^xpo(NDwUHXx!SKp$Q@%(F6hb6xEYq|Il+tduJ#c=Yh*VgL9o-oJN>;WJ0* zkv7!s7Bp=0XBc|EbnAR~7$&>RIkUU4@y}1tA%Cx%|1Ub%7>c#P0cD6i;9a+{2<}h` zH{4(dwNcSLudoPouJbJ465pWa@nk&tg9{zs6(wd|tI!<|L1flfoq@v}`^AobwmlaR zQ}A#K5?#2DToW_1gJ7|c>T2g4QVGnOdgqw=^MvmU2KQi}?-uEuD^p^8o;Eee2VVuo z%D><=9z$qtOljePor|GyS_R37k}Ifsq_*FV0d);$GM1a zI&fxmlr!9BnkU?5IfTn;oYLqf9miD&pUn)J|47~`5ljjF)?yZiR14c1@)rg@*+AZv z!BktKmt^!B^6ydK+k-1qtHQPS(bjlh^+Vv>shO!`VJ_}%>B)MeR3ohtSGq)lEg1z- z!}2X~0_wfPiZel>i& z15dIqMt?MevJu%gOv0>CcN*|i-53w7-TMobJjMP>MEy$e6EfYG@5fscl@{cZE`2lWmNeBZ_H7=w0e^h>e6;`k*W@#w z@rT;%xX`Sa$lRg`uwj`|f;}H1;HdFPJI-X^p}!=hyGWeDrR=S!4)S3Rd?*cpEkE)e zQs^x-QM=6@-*I>CP3+GQWkL{-KN*5>chc0ZR+eN0E?f2yU+UC6AsA1n@nvs$ZzCr9 zkZEezd9kT{ps74SX|Ai4p6F$q9=-=|%?&pxLG^3^mfs`*nV88_@fgr*R#YS%WEYe-DAVyW!++O*Cad*Y zsRl%vruV9u*(1~flj;{OL+)-oBISG*8amh)pwj;mr^cE298mT@`z?)*P0Ck1-;*jq z(h{s@A}saiONGUU@gq2C?<@Lit8i!sWP~@fD~G^l0J1{68EkwP$cCs9p+W>!HuTYq zlK=RtGDDcA6LtKZX!)fNx1qA#qCEuv`mI>47-IQJm2_;HPxQg^ zPqZj^Xa0uzHdpBqBl$^Z$F7!O^kk>~N1Ny9Bl2M-M zhu!VlurGUHu?5=~FXImeRgn8H>-BGvJT>!!ir&++EaZO2EIsJDS5~))giA~O_G?dE zIe7uOcyR0cZf{T52VPyX19efeT2Nr&FMS2q1$W+j<3qs8^5(;@t$y$#!PKz={_h*C zu?F^iuCs9w0_$~$7E)+rjfQk#>OL-r!siz7srTdi13XfX7kSRoteN@1hMaNKaxR4M z3MR?Vp2(kM2d@l>d&7u+6W0H8aQ{lNVC4&CcKmH|NUSqdqVH_qTVilaus%6}a?C{k zt|563-IyVE3g?S>c7&}sA?1v*WAZxl)A#v&uS9B%8?X- zvrS79nL0x;J|SY6b)<6~nI@^(1}=q;OnH~26SXjsHS+;i#(=MUjl}?|`a&Mgqk6)N9*Ni(t(6urlaY{r= z$d(w?oi%}%Oa>Y)d~(+dm9qlpZv@WZPp^6Tx8IFoYz0j5%0Z}o0%wI=dTCv?m^q^VF93&p)yOJq^`;!NVR> zO`wY2M42s%Puw<``LhTvhE3bN7xmMY(+K%4PR|ajoYx#eU1tXchZV^y3g$j8cdBdh zPe-omWlT0jV9uq5GC|Lzan&**&*Nh?GI^1WWz13?Vdafbmh;65Ev#AB^QLpWHmp1W z4}qFRIu@o1ljY0_yKQ7up$i0B524C1^zD7%tNeO3d8^w42g>0lZx8WBKc;6gUZ%D9 z3X-KbRj?`?3G&q_m^oI6!ovFCtaM0_GA20(vyWfpP-rh26<@%mB0~yNGJX50lL5iq z1ORor&?X^fuHd#;(mygBLJkDkqr|*KSj1_dhD>ZGVPFmJYN+45SOZh5z>!=b z=4N-*Ffb=;Rj?kRjZ&ipI+AaiIH(pWdB_=3E0#~rS*)?FRu5%jTKvH4g6nxS`8?}} z?MfZ-xU<#yO6!WAVpfHEMmH~-$RABdu7jJRfn{+1S3gGmaof{V22Grc4h8!;w}LNGxdHW5XHWvjBX(oZlRvLomkRp;R~fMNG|bB_1O`cT*6nmck2Mk zm1RYmW2dI4#Zn!y6?3f1!TkYXhNn-9rUZ?IC#%ZPkqtg#a1|J2RQB6db`hsL4etnm zYQt@Vu*?vB zRqLyDJGzI$X-X94iC5zl=MeB0W9kk#qa%+nxauUJ3avb7YKW|&8zrUl9+R6N`-{{7 zFw8cJ?YAlu)+<4G-NP-Apr++)Ncc|32LCfM2vg0w5N?U#qlQgta0Ry~P^y!{Q;Rf*etz+41^=5t0kchXcZH zLheerd(ekpj^5N!WL^bOUUnT2id1?0Z-F---%#PkN!|+0GJF&e41|uCW zND%pu?u^>*6A*j>{S#368Z=xrGchQY@d3@DV(5(znw&MLjuy6O99^pwxen&`j<1)8 zx2uPvV{v5$pyOcyAp{Nb^^E~6MMo3uIgkqGQ@kFQ-rnwluHG431!TopI6VRKW0Zhk z?5!rw?eXL|IlL9g2TYsr?SPXZe7%*K^CIgx^?I0w+}xty>xDM{W&`Mx`_`&dXPwQ; ziziVgpkE@`f15fq%%-pgTa6Z}kLM?tM0s<3^{pARC{80y`$mzp8Vj{BZPwJO z>F(WIu88`(9MDgi0sM#3Ofyj&yWkHV4*|SXD>I`Nf3Z+tHHx+H!p#dyOt(HK3j=^I zGEC6=Nun|7aYsIKmOv$p7)TbI!?sbiY=;C#Y-y$w#B3*(7fS>Bh5SoRxz0%9-v24!?ZjqTG0xwbr zmT@pwHG__5b%lA0GHH)iq>RAMm*=ePjTYneB$|vDnk`fzWw6rQML9S%mp4BqG*+mL zM6ww%V`mM`IZ7F<K2m0m6Su{04|%ur8W8rW?AKjvKyOMQd+rXI(_CG&)WS5x>HuzrL7q96+UaO! z93?o{i?PG0qOn1#bFsFvD5;OR!dkr>d!o!SJ3B!{ zW7R@jC7`PnYIY0m$egNv5!)nonTzJL$J{&Q$(&%#zc43#2o`?;hTPF0(bk84r8&MW?Qr zsW$U?cs#qITN&>O(!~}Yb`o^i%W3;+wWK|haW(U6l>ql>eBBx#ga@EOZXgDD{s!<} zYRFxn*3)@=e#@N08=A{%eS>)u1Mf)hfT)c=m&;^n1z3eDQI9mD2b;%Ts57@DpC?;T z4KVIR;Mr1%U{i5j@VN|HjrXg>FldPh&S&okFUGPAh(gu2IyFXRKV%%OD@C~|3h)z4 z%g9bIajji8;U}#|gCyX0&W2}R*FE6NkW)7t1Z7sgWk<$_0<7JKC9 zSwK^Qp^-I8l)?V0+mt{n+nN4`A0!T>+V>`BJKO9+j}xeWmZNM}P?-98+pzAcu0g2F-)9bc5O$Eh;THXo7X3EU zXr{WYyGFLolO93@`b?&N3%xgUufG7FUDuOVDQPVnccgTJ9yiN9ls^8Ygr&dU}j6F)85&hY;Yjgu9SSN^|9muS@wHEb26F96uF zKmrf}NEAbOJLe<>YoP& z?OvgJZt4l5dTzk*j?pSHyj{N$A~)>^-{2UZh^JsOnUOn`+{ArUs|Rb;2@EspW~C!6 zh6Qk4euZgLMP}6gkoER>5)5-Dr#Zg1;x&g>OomR9(t`*vO*Q3lRaClCj9IQz;qI~G z1CuLn4ktHfHlXQvQP=XO0cWFQir=WyZJz&Bo0q4^rO>W7LAuiR>Lg|oLD;psU6!qi%upauactoNky)ja zDy1Dq+hXg#Id1>6?MQ0jw7^_QnOS+^i$t0+ZD=0cF3$gm-LV&z*!|&0qVd*bzn*}n`E1+ z26I*S#xLJqmE#%os2boV6#jOju@vQxrp-k*iZLc^a8@L%N{zoBG9MKr@8?v@%~g>l zQh18G9j|U|O9daZ{8tSngz__50b9?oruHaRZkI)~de43Z>iv~E2I5fi+zwLwpZZ$D zQr(r()hVqWAb?^~V@qCd)HDs~n_zs-DyHZ0Q_?Y4?YRY3?A zI`Enj?iabF>3a5j6BGj@QlU`J z;!~^ z-25#$ZSYbK!A7M)s@KRyjz6lG2UY4hrKbBJwgp9bMZnU&fyrMH0?d{YPz!}56fzCT z@Ae1=G*3zq<`g0njI5c` zwE0?O`epblr(!R6egDjfE^U8r3zj+rY>l0e%vO&JE#12Axxz4Xa*>C&!aKfqw$y1uuf9qVuC@HB_-EL}@R_w_Na9Qx67~kS zU04@qxAUh*!7NJCP0=hd4*Tdz2jCar?#d9SNKVmf&k}E-8GR}UyI>3cZ)KQS(hpVe zTa;_e-wQKC{M1S`J{%80xA(ZrcqAFrIxGIhe9KMh6sdX%Z^F#9SHr4T43!H4~k}ge>EX@yjDV#Q=J99$CWTO`jg^UT(wb?u#Nl0`4;AC(qyx-E zrVb%QBOc~J=V{)RB{!Q{JU33X&rOYk0t_Y;?c|Oxk1}OsWOVY2?KGOKb*5(5uy^7) zCgx!bZy;67%4jVD@9F@jAhBR}B+M)I1ZQQ&qNrnS)>f zwy^r$4p}zwBUga4iz!PP%|^RL?LG(Ef@E1UWhWO935@bb4g)%iP)~tIU=t8}fa#dP zMziVUSmR?O|1lb@C`zSQS=bb{cXaup)^gNYp?9a~xU5Mz!O&!p$zIYM>@=h~Et49s z)>^hV?=UDAa~YsGk4$9B#NRxD)MI^8L&8QGy{o%pbLk%;D(Hv9AD7kYCm(eMd+3Tn zTYZ&2o6We{x7A~%TY#?GE!g(s9u2770S@TRJ`bpygPiaW(2v0b^_(Zw@6VWZCoL*f zk!C=ZrDa%=Tt2h*W2_{0``13a|LPK`R8Z0mvR%E8o+s4@{wm)mhJn1t`@Dw?nzR3t z7fJD|4bjt^0`;?7@p>2RYI&awya@gSM{8YHms;&ev-ht5t!l(Vy^NnBWgL0JPmWu& zMjO38m6<*^ybxkx!N4+6{%Yle!``wTWmEfMEv@dpbYwDx58u_KZ;QyW zgy>|D;#q4N;EYqs^M&MEpQMP&uGNgGaWbL3uSb8HP}dhA<`17!PU2 z1k6W6G@n*U%7n#5^M9RU&>yU| zX0E_8g^qSgPPkvJNS8B2wIRuT6HRak$n=xL7zRT|<^vX@K6QUS&G%?E%Y9Hr9P;I7 z$k)PV1KDBsiR;1>Mg`O}`w?#7&_0(@8v*@?ok^?X{zv^o9L>Y-1nRvC)Sy?3zPAt-}Sb9NiTtu>4f&)MURADNX85Vm8U5f>hpgP_bt=}&1CK#*K9 zQvC1sU6SOSD-G6B3pF1pr?Y^hZ58c!s7xp=d&5z{&sGGge>Ub@*%(+`C}gk@Fe5= zg+Zj3?NIn{pGI&(`x7*;g0~+Y_$f{A$)P7Zj%9D9Wi)1tqr&R!OwfWfJ^T^zp8>(Q zoPG=?v~G!wA%TVugT!2rM2-cT5-w*jb}`~}CAUdIVou-X-%YYXu(Rafhl~I^h2Z}X zwBe;ZN=AMJ?a`kDGx2|U-6BFv@&bwiGXHyA2v&>qLs3KhBGq6_F!@bD;vXcBrg>os z929_$6hZpS*a$!mi9f4ImN8~Jzm?|fiiTAAY=Ea;rCz0}DN?bdZquZ{HmKM~w)CZN z?sjcmZ;+On4yN$q;A~7rcpIMzOi-owY~kA zrhAk#0S#+au!=FMPHKjFs$hd~h+)MS`0{U{JB9D;6=g%dD%;P(tsKKS@)|HwUsKbuhgwWE-&(8;gGvbg_ON) za)hZ6BH$eW_?=a!J>!x}<(Oki`j3IC79?P=*G)TlIK~oOtaHR>rA_~1364^Eh#}g+ z1~;{FT0@6pV#+l*$zk>3LA4eFIC=$z@Uy1WEP#7w3~KVuv1p#6tSaJsR;nHVbp`3A zd1ODRW$#B*K^D+eOiwvh;d@3C6H7G_P2EeBC-aUVeW)_j@C$|)8xE_;-`G>4=CA)& z{)4MJi!}8b0Sz+VbA<0O@1;02vl{w`t3%%)u6Od$=a>(HHXqAeFb*khq6wL+#j0XB zLDs~Y2Gz=eS)|8C75|j@!ZiogNfZfXSJtk`99otd^Jc>>Ejej_I?EmA#etD43A%k~kDoGqHJ7v_v_6M_m6;JjHU+gJk zwN$q-kIYs%^F2#FKHL(ae2JE_HG}e>VytZO-bo*GS7HJvN)7dUtYyWtN=8;EpGpkT zKG;}YzUn4d6XI?T%%hdNk=A+*V)Vd{HI^T_OiTjCv&}MA^GTAGkE3n{8> zd(B)n=)h!Zr+_A?X7Q1cl&G_0@`>|E8yT53TAwYzP~9g8bHEU$rk$FmgIr;9IrsWP zAHy%#v)Y|rX&O5lVC2S6tH{NPE!VmRkFA>nHV4Err2rTNqIT?RR(VXP{u+0(@R1G)*CNndsfe~5>W*o_ApHm z30hTh$$Etn^0Clr^0BZ}uAqTL6m~iVSz@;mPAT<&5kLy0=RxMg07u`_e^9C=oEuW= z1NdeJh0NDUx6R~D;F#M4%nBY@G5W~!t?>VxE&hantFVX9t{Sp;+=)0kE*1oDBFXkp zQaRJM8R8IIAVj5_{=*tVp$rJ%_~Ru0+@o+uh4NZ>X1LOR8(#HOu^Z zFnQ+=5`{715v@fXIa`7}GNEj2IxQ+Rk@xS$6LXOE@6NdwqD(iCq@r(H;D&x(fzWu^ zZC*#xJg&QDTvysSuKUW*<%)FqFl3u`Ew>oJUbhsm82;PE-D z9MYA-@VBKfuVibr=IfI99s}u>twEROt7G9Udp%-5>{8&1WZ`YlzT?+_CYS{ zk=$P@xZlTw?V-%?-Lic2qhfYvk3wnRaRPP=T%280fp}Pt$ewbger%^c@9>Dv{xE!# zCEtZP;|D#=?`Z-JXD49)0=~3xdlE;!%^!Qfrs4|x1bXIAzn$Nk1WX(!zb_uK0)3@Y z>arjS(_p8KQu=J4F)mG}^s{^bSb&oYYk;zd9pnazK?Y^41t&U$SKhP;nA`~_-~+Zj zdwbS{bemfWw;`A**Qu_Lgj)!#2#jaQ$=iK$XvjT#+JuouueBzAWQow)|CSEnZsoL7 z9;0Td4ZGzSYL3v{o`f!dqjh}OvN~?W(1SW|sfd$~$(=*5#Gz_>1*;Lb-Dm(RO`AgS z!nu0o4J=UY&NAB0m{F^_(WSYu#iiQLa?}b!mzlk3JWXQ zxf<3+ePw+aQ!_Gr3YLpY$mXJ%r7>7DU8{~|u<$7a+!Ml?7xyfgPbG-n|6wSqr$H)UX}d$43==LPVw|_$AcJaL>K4m?bG{ znCMA*8!P|L+>#}sqSKIzn1$4ny4XTyu62ofb;X2aqhE(Xij}N=pzdnVSb2E5kZb9O zvmucQH!d_Sr2<4QRod8AS=j2Vv|48@Wr;uUg6IuOHaTyZx(EfY9ieJ;S~ORTHxvbZ zRKCv^vsejstnB)UFCLU?qd`kEIo2KU@@&=J0wp>YDKc2E4mN(iNOaHBI;#3obN;oI zVkS=53uLd}JO)UM7_rExm(?I#vQfwAC+LCWsy7^$(T_O89GG99q^c3^FFVBtf! zhAvwK9~h81|4OPZDIts!ywC4Y;I6>WZCCGvPA*AJ^BjOPi0CiT1j39oW-c6M!X6jg z(FZcl-L*WMYBPvEkxUueL^52>2i!Y_$m0R5WB75I#1i=NTt?*5*Nu~SeGdhx0?RZ- zscB-;L5UIG22)a5fukqQ+(0iqAH7NDgfiO^@`3iekh zOL@LH>W~&bT)9t9s~_y(6I@rPh=w21cy1X)dgYaK{bE z?Xs~Uk&41LbsoLtT^PL(S>p8T9-G1}8e?v604;Mpc{LOFV`Ak{ICm}`L)umAq98sN zde~&!(ty?C&!9uXu^GL6phVZAiJ~%Y3*uu3rIS24S_9#px)38Hxe75(%O4-|Za(bD z=R}io#WmkDM?&P3G~Q;~U#g~N*a@~Jsl(BvHAgN7>cqG6)IR<7+lR27bA=#JR@jVj zBX-FXn zHjZ3brj!}x#J|py?HzjoZb$r!b1hWqzY8ZkEB&vH8~Kv>z0sqp`pT2Dn2TkNSKK?s zxZF#|I$8$`2b_C`J7l(n$e6o_4z=2p4!TG~+oTR`6TFE1raySjoGwM@gk?%iJ}X&* z0P*#njvaew5`GHx9;Q^%+e z>6it`1mr0E95)g*4G+pV@<@{XxQKSf=o^HZJ|SS|@k11U$vgZgmS% zTp{)V_;hcwtUt}_pBOvAyOb4lOcb&V34GI`%-tJ@UazzXH%D^j-Z^8Tzwo>DaN%#s zWZoIGgwXzOOC1oA`bFRwYqB#WW*}DuZl!5+P3J%9LhwbThb)vQ_m&1u+e(n9O#%2wn?K;9GAgJ9%il)VN0c)=njmfB zrPG)u^t<&pFZ=uxgFBCvbR^yK@va75vlfvIYG?j1Ct9V3@wwN$V}C;kO;@r=-sEuoPdmw zc6gYNM60f9LQ*t8Xu83K7~N{$4N8U0fLRt2L#Nc)X^*fotw5F!hJ0Lo=_}C2#F`f? zp1Dq%nGiOxmLyVZ6?98WA3xzapq_ml>)jPOnjDmgfe)kHU$)$(E>xcOatAtqp2dgH zjI9CF{n9pD;-V=%mo?ROkT{_#KONWDh5ShG z*HN{;oHtct#+AjjZt5Sibyn3Cb`q!MvWnk^6T{=*ZXl+1$v|3^Ryhpn9TbT}ljO~x z>8~n+RmEG`lD8c@R8MbI$VgVaGB+xgdwgc^?>ds@Q`ZOPLkTAfa?)qSlZ#?&gPAJf zUXP^v@`jR6Z4WEMD&RivTO9}76o`9P9>Bw<glaojBYb)4BNgE?}e({eT z_X%^x!q1uVH}4*`y#b7@noTz!pT0J`Z1Asv96cV%;Lrz;*L!dQ>1?)Xd4*ntFGBR; zU3AC9Vl(R1JeaN+@5b!nIk5W$QOZ0SWeK(gm&Ua7(qMoEbZJ#%R&(FnmHnoxx)u1A z5Z4)^IJ>CV>4Q7`LX~qo=h<)k2dG^_v@3AunEj~Ofwwoqo<=*`If8brwGSj>kwh}O zxvob@M+(W^1BFDO(F$_^zs2Og;;PC0YsLMwZrow?k`UghMV zd15GLmIw0u_BSkheeMh1-zrX3=M8DfSX0Gw+uU`j{onQcfwJO}o7(#p-CQO2JJb|z z9{+>^8}_%X3fS6^WFT)QZs;M%R4*pTzk(Z?hu&nq{AuV|?k8WshE#8w*ce-RuJ-M3asP1Yb3s#H%LV)t#=9%CFr(w8>?;Gwr$(CZQHhO+qP{Rt8Ke`b>IGD$Gv->dv-+CTRmlE zRnE-$jWIeNbKOu;#{;WWUoU;H*;}Yk^Y&ihqHSBHF$TtGoat^lv*n?Y=Zxc zuM=_#uk8~b86O>)5PL#Uq79R@1|U8Kn3Do9M+w0Cr;TlBUCZDE_6mAQ2w-8zeuZfL zANl?Zx@p|OI~aKT+`NBDcQM>XQXfJeO{Q{#%hhKScT7Pi4(g0|H|iaQn;P_)qBgkLfUmxs0F)@?r%L zys2kG=0xxs5__W=2>ixWIc0N{@-F4k!1SSY* za9P}9A6j1-hLazJBh0><6PGjne!U0z6a zOMlARs0ycBQ6aFT6Z{zKH0%IG@YQ7jlDY?=RayPVX*!PtiZf`74YJ1qPN3f1wS<@5d!^B>|huGH-nP*b3fZbuyC(j3~*IkO5a9vYg z?-ZbCP+ch-hxne-{3aOs%+MY~|9nhNjQ;_X|Mb>4$s8sBz=Xw}GEn>&NnD^OY(Tsi zuCDkT5pZYz-?%e5{*D4ENPp=AT|F^Y6m$==eslEKmMSOsPhzGV`{*rY2qOV{MnP~xXTlObbp9!aeIwEHQLqGpF+LB>l>70Oxul^iXNW{LZWcI4w% zQw*G0p4 zE3ahbt+xZCw?sjH093x@V!(=jr0C(j^yRmeLjr ztrl^xq|;Vx043C1t)Pd$MPg@m(HdE?IN0)vm1a*;WUJU@Si9hGh-P@CZPi-SEe?mJ zrJ~-avN_!w+2+P8hN7G~$4qIwobXRim^ftENVc4voNRFg>esWj7^q_5$b)m)GL>J| zDl+-c0jQd=C!xeot;|sm52}zeN{L!bB_*Z1FZ>qq z=O=~oB!9elC+ak00n`9h7C}kom)gB56TIM7Jil^*cusbyM83Nf%0L$QtVQ}_PO(*{ z6yBz&{&~98(B;4TG=hD3RhEQ*LOy-x7IGnRCrnIybd zWc0vz_uxpmb5R~`X^yWe8|hB8#K@sPbL|b_^k8{Dz&XuY)G?&7eu<|nKpCHctBP(z zQfs5ohW2=^TYg506$$ZNj#&J|=qMbb7D!t;XmKEPL6y&aHqNE|{!BQ%c~;k;);W=u z&}Fmq93UpketgtjBU`(5anx=jYrCYqs4HQD#B|^j@vyQ8-ctGHIa-4})t9a7 z6u+Lz@Xgv>I&1|v?4sO%X~AljFVdZG!69trfyCl~1l^b6>d16`f{N}(RpO3?bD-K8 zw{=c_n?Ls;%Ng2Y)*dALV0)ZyLoXd!D-e-%bF6A9Z=sNRpk%?Es~Bq_(i2FSUiKR= zY-K+t>ns#U>2@_rHV1MHix;_I<@yRF?yijGS9}yDxr&Vv^|JR=_@c0>8`hrg73+G1 zS@prC03<2zF8^nCu{LVF4aX(dzijpr(I}Nyj7?dmFw*~3a3!SY^qG@qe}t_7$|%?t zMZASDFWfVSZ6CIOuIsWpj0OFz3eb+US&gU!Vayzq4B*%|b4o&U0_;o_w@{Q9JZe`& z>kZ!JZs*rjpn!N!>hqnq6U*xL5qQ$m%f1bkvZPNXkLL1R)Px6c4}lrntqKdTpiiw2 z2;3zL_=M;}XbhzNWq~gr#oovayha#$)l&H34YXXEU@t(aS7NV`CQ{MtHz9tY@C9M> z@lS7Qlr5k`H1`dfGLm~0bASfLl>z0!nEl#Z^i+(~Ld@hXct+?z*!LTkETomIqP0cC zbw>sgx7*ajfx^YKY;xRTFj)dQAKOjx;!_=VUDc`Exdq`f!Ur?*3#0;vP!9PZ{rQfP@%b1y3%_+)O$VkebP7o z+DJVZ#^rXy^UB?OnthA2`)}{k4nRHPXVd`~_Uug%TZJ8;t_@wCgibHo;Y|^{%~0C3 zZRFm>n_7%&$ zzdy)0X4 zKxkz)IrI#Z?ertf9K5C3_He@GJ-X=cvMt-`Q#AB5mu}up-m#>P8?TL7+eR+c?Z`+y z-M*AkB}dk#vW1J8r1pyTcL}k2 zEknFCrxn_n%=l~5_C~RRz$(p~&-)bj+^!t6X6Nhr=hZC2-i)iOQ(2V?0C-e0xf$!W5j18xJjOYS&bsvaNft;R^cl7nv!J6uxlM^teYO2?2 zTHn9~17ckjVk)GB-dGj1vVHiZ zo!{V6NHr*k=jtqsGia5hR$snCuhaYZ&5mToY~Y2$vkqTbb|i|ed@&vQgMHLwBdhBP7Q)&OHejm(mwPx!`*OWWy}@A}b53_g0a5vJzPu1gX#q zd7P6Vf&f9i$Nd-U6zl47SSU}Ky#7U3tx651a&W3Ci*Gcwk@QxF_pHgMVrIcu+lg3r zbJIc!Dz8ha2G<`)BnfTduhUEO4ZoRT;!^4A!FSG58SK$ZQri9y&e(MJ$lFWzq2Vld zsWCWd>%lEj-*7yO@*D{Z%2O`jShIsM_pEJ3wg|%$NSLx2=8_A;b7`D0=`Z0~mOO7+ z_@2cVNZAUpbPBe%x!KN)6W=wmml=$*_?K-1zT1e9yi9j7=iP+<=DfKx0DFILpH>1FH+yAy^J@WZ~UQ8>Y2%7sh)~L-HN`I8Pe}?zKl1f zMbhuUzRWi)+QgPVCY9|kfFJsMxi6`)KAA5u{creBY3P6gn(E|$PbIz390*-6}%a*DQCmimag?#k8K+p z2%LI)8Lj6{r_dYS+9jFQkmV8g<)`ZzRdl&U$C24g#57VgzP;jU3%vud?*pgAlo7`A>w6biV?0#8b6lv0mA$zy1Ph z%82PdvGiYyG)PXSo%k9GQX1slnzE({@5Y!D6`tw}5C`u&;i!?a$twyJwoQ988@t~% zvDYQ<1n?#@rNlQPkJ^yZ8!@?;T#AeedOHN_qjSBFZwgu?dW?;k3DNJ&?_#WAbr`dp z@5^t|#HIN?#lyS<43(%@^_n>HKxc!P<8zwYirn3ii;ZU30xPi;!LTVgdfb=Y3fywt z_Y(*2ujFQT8#(4x=hm96A@+r|i|`quPb_Bz#kS`#3v8nbTktJUu@>k?ovaRDMSsxZ zM)icM2{0wQBh|xim%^uHM4l_)lkc0;i6;Lk_|cO+hq6qo ztH*!6qF&ey8@#`t+xk=h^hY&qQ#2Bj-+rO!x#up-D=Xm^Nh(BN{WWi!6BK&=SFpANLASqf? zE`s7C864pQz5t<(DT$e?U=&ScasC%`hmo-eY+1GmrFMnhT*NARKqs|<3d5=`eP?vY zymIh`A&9?+3HA8xYWV&VDdL5K+Eifr$QQ05Ns>jwYGwFW^h|9^I%fdOmC*&2Q9^rS z0qn3TUHlQgXvU63%*s)y#1HpUfY!DzxgAhtPu9B6U_J7v?G@q}))2GDy!Bq<7&AF+ zTlj`v^E@vL{n@cPl_8*mRW4vTSz3HVA-QF=OpdWN{f{PFA_kl4_y+y@iNS3peRPG= z?U}v!0i#gmE?aaezZYkOI#EWYfNfQWDVA4kEp0xl5|$ zK-ZEtFV*Uu7cJd)6AJT=_C|c5jv{npM|A92g19wol~n@TIE}={1={A_bt94`!Blm8 zOC2TZ64*AIYbjO=ndQnvlSh*_AA&c_GPnU{yo{}qJ=5ZrIlD%YM!BK%tY^S1k*X22nW){lO7>kZAu<(bZ08@67+6brEW8#h>CH=2)Iy$N9M89YGY6{Kr+DZ z0~G`nwSwNG7afV`PtA}Q92{$VG2wk!O?)x7eww0{pOtQ%^=?Crs=ohU5St^VL_zoO458YVUPW5^f6fCR z6&*Ju733W@8Ab_dh~UJ%h1O1D!pf_m z$Ia$-Q^^XLW7nGv$Fc^>hjoKxaJDSs?CvcY+9Jviy zDSg&-zcn91oKLd~N`vBmg*vgu7t8c7$COE?YU4qtF_bWQ>aAPFt!N>RBg@G6~5~E1>rU@XG5}YmIA@l?#{RLl`xY zO;0J)vbE>wPG&T;lhaew=?^A3SC`b=MfNBs(ALHE(dvGdF_x?cgp@sI9*?t(IPH~& zuc75pK2SHx25fJa`1EgH2pIr=QvG%pvWxi7)LeNd~f z9riwu(Nq>JYU^u_imOZk6H3e@D&q)YA@z&`9FDMV)GH}MH``{Vr`!(PWwYW*9YB6% z29?>|B5Xirxs+Q;Wa7WJ?>^dpyC{d$aQyH*d72TwNbK+(#qF;QN-s_ksEj zzfDj%e9Jxoqz?$6_K-`#2J#SUd?HT6xA{ib?E>DmBi@Gbb8mUIF^7KywX@B7)j6{| zy^qlsD%PW{uhgRX#J+r2*+mab94KGN5{XPX7y)<15^HjVayxj7T~_LzI&P=nGEN*Y zZa-EY-QyS#_824Z9%*>ueTTuGEJUZcStvEAaR{DO|0dt28xV=~sn^0`qe>-?tDt^{ zyC$EqU6pB)O&LS+*0Vj3dlrewC8%PF~NcQgak6jTzs6NP{Kbyk+BO#6S z!+%E`4f0Bd+WDnHegX;gz3Jbk-`_uv0NXA$Ws4`5ZlD$@WM005l-8=6&D{y#o@wO<>E z6_g#LnA{A+kydN$tpNhr`Vw~80+%Ir;-d%?ZIY4MrDS8`m}7~f1Wrs4AuaK&r-{!M z#C&eW&Igp$LP^yg)z1d2d$hNHG~PQZf1g@1N1~XfZs*h4p4087SKd?Y2|e%6+aG}S z7(dc_nA4*6cz&?isVI!0`tGAcY)D4rqI$$|BZ5dpAgp0)gjQ&@-@tVs6Y7b5Vte!y z_ApDJzF;g7ngHb4vHgiA+94ALZ_!W_4a zrFkAD2dTp;k1lOozQin?xeTe*;!yG3m(=OX(AkWr6BDQIn~mdpp;k64kH)S!S8Kbz z(E0H*3S5_V#b##f>;@bvHN8o#o9qlatpja}^kbz`tEsNOa<3>?86iEZeI_S4&5%f~ zqxbv7W1Km?X2?J8KjY?6CQDcS;_z=*&hwUBFd^H2ao>@lOqxXHHB+;>>!vrFLxV4I zov5VBY|>c&)eO8%aISn@2yBY@hO0KQIIqJR)S1-`sIRz=I!f*m7Gdkqs;kV^vbT`? ziec;&o@XGsuR7V36&tu&opnr-Of}>+ZBO7=7L^sYR}xfLqtjlpr+TS_YZm{C+st69 zFz!dX&8m{s6*m|Q%0qWu zIE7p5Fn)K{`ugZwFjxIT)~&8F!}f8Z##QtRUkm+tcV@tT34cYpkw>OLbqA_Ib%!oN zcl)zIcL%o=zEpDkj1U8vM9(x%8#P*^gcMo4!l1i@exDeL4tTxm4d^pcUgf2?7c}e% zg`3DT#rtan%+{~@FDyXr4p9kx`2@35*|>`_muL4187Anp+7Koy=r;7K`G`qZy%{pi zvGVmbra8@0UkzkUU(P;@Db$K4qnoq@&t2xhFrqzGgL}d|*b)`yDWO{bTqi7i4-nFb zGk%&gT#$sr$4YDI4|AtZ*HVMUEn?(~ptvBWi?})p;)XZy7ll-+)s$&6_&DeycJ6={y>grCH4uL!A1^*LmU!S5 zPmVCxr{lTSft5aLroGi9do!Twdun%B7XI=gOUKF+2LZTZS&P6Zn+Q zFku&6HiUC^WLAZt57qH^+_>iAleXH3s>wgRq6y};x!?Qp`)1hFGrGh3_*Sz(J8t63 zk+8*B_k{B7WZFjSjT!HQmw9!Ft`WEho^?onYb(mqW=)F0?#m0i3n%UN9o(!Hd^tq; z3g2b?WFUoCWKtliHZ2T$`~Kr)PU7Ed2(6JJSBLM*>I4M=*cb?7Yz8k=8i2=*xyi?F z5A4O!XD0|J6Rh;t_zE;ssWUgaba3SOw9ZKB!)X{asbNIKi?b|XjmuFM;5i7}`r`+PmnC;dp8 ze3q>w{q&+J*$@Eij6xB6zj8KZ?2S8Ii1)hgoGg*Ln28HZywzbh8OtjFQAgPJV1NDe zY|*aBOHl3{PhUuKFPJJ%U&<7Og7eAwh1I@q{ceF@4>;?GO0(E`(*Cgv6z)<_Y2UyR zY$Ps8j_v*x;T9gjj%bs?a7QYeEaK6EkmWsUc@Uu_(EfHv;RcWBfx+^*T`>SUa~q95 zq?$4aM4IW?&B+gl$rr|V66Zeq0b<%XoNcqe-(p~=KR@plhq465x+At$`V_d>jg!e8 zONbF;nXbDd4}-L;w*_~-K$B)_GH;Yr^vYPXBXJGUH+R=8pwQJ9<_c3SeC)?@P`|yyiPf&R2{kFR~iK<6=W(g+u?@0!3?STfU z-U&%sbQk-@$y7HZiROk8h@GobR$AMg3}J#Ro7=d4SyqzmP2$arqeMrC)}I7dr?{-P$$8eGHmNQl z^1Xu-t&$!YTFL3Qsbg5STVz_-4v)69+oP_dMJl<>W5>4muVm@=F{!qP9!A%^=$e$N zvK{ZfXz$S}xVs?E1&;?sG(O@qS&S{Bo*qY!^?k8o6)rzj&%C7F(~{Tn`Jce;nLMk5*ZnnDa_*m57N5l{DRhVOj0qkYNCPS8l7=tVm8|=+2SsNCri@T z6ZO}VRbyj|3(Wvgl|ZLVMi(zWi^*;Z$mBwgJG$fBs_ z1kvR-7g9_wPF7;YnFg3^bc#y3*3nJ15k(tEJ2=k8tSx*vvF@^>s0r$}R@*oi+e&N6 zvQ1958I;WE4Aa>nk}WMHo%2>>GWG-3`uP+|YwImqFKx#O)(E05al{Il4}(V$OnKZ?kvzydq-)PX40{D>XXZ2YS;uG!nN(tuW%UkXg=cT-1#8T?DRE*d5m3_bg;d&l9sU9bN5gFU@Uinq*C^=8-nTG9&U}7@`E- zfIn!F0>zuGEdr3bQr4--IoGL1m=QOt>S{oqe_7J8#+2`^)U?bzt$y=Z8en!NUUHl5 z8yQaHAHOwaLtow=3b2jODnuG>K-(C%o`NiXx;(VcCSVIW{QD zZend@hO-tK5CV`|wHhY(h15BU-N;F>b})cvtYlnU4Nb~4bspEamgfuYU0$t~@AhR# zHjU0(Yi!#5t>WR1Z)xe89N(&cT(K}$GX46pY&9d(X4Wv4HO!K0ZF;FwTGaWGuc!~f|*XW zh=EM~4F|;3PyJmwQ zHOL!osCmvGo-J>Vih~TBL0hj1=hK$fEsL-=ij5>o8ETs(??Iwf4w>+eGlE{Eo-H$&(6f0OB~oJ6-l55>H|lk z`jAOTj?rb_U)X%NMQCSIyq*!drkzJf%gBo-xV1G%0p&Ef&A_X}KV1HlT+*OihB;h; z7ztoMb?yN|asepP8A!pJ@mrToW8HC=CAJiHVoR2!LMR^l$C8sJ&uI|e+wQzTwriR$sK z%_K>Io@*|BWICwpFY$UR2q&pxdq{AjU~IZD|2VnGkz7O&wDl^c?SWodBWFqC^&Ii- zKUvM<$lwrK^jw{Yyx&-xaKN~n>`~&rv}t*aGLa=qgl)pw;3bGS6E&%ej?K44ap!Zq z=Aj}K)zikzbfN?QgvVMt-d9C*>*-mt7c+<(Ke;orRxMuWB(ct4UDCnWrmVt5VH^| zC^)Uv62l|1k!Mg{nJX568VwgvdRrm7ZIueFm!me2g505TyInrd(Y^s z&o|B0j!fTIgie@y*&#=r4HIa_4h(>Kj0;|{NHc`SUF@VEp$tEQ7PTUs3)h2xNOYA12 zfJ5?O@mx0Gl!RMI4yYhla)^A8QxsSTpVs!P3;Lw{0&t3iY(R_>q*GY1LS|7pO%Xz# z(1=4=Qcw{`yFm{e&%z)ayDDmzXoJ%dBC^+sX<$L`iRE4n1gbqZF<6fvlon? zD=IU{(@MzMiD(f?WZT&6z*9CcF^Sk?7mqdaZQCP{u&ae==@upuTPR<|DKdZ3;nFKj zuq3v3JCEII$Cy84cl^5ov5oUO59U)W}%KyY{Y6b zj&1Xs)8?hoQCl46O`p@?bF>_n%q{9c;^-FtFemRIwa~7l> zsD)ja->zU3!H{PsOlCJqW|t0*J*qJ`uvJ{ekhVlo3aj%pO#zZ6bl5nqUyjcgp@i0T z5o=K3G^Q04Pdtj-#10x%m;cf8koI%5S}BX{gM8MY*uDbt4$30IJTE2=szR@{$YSiDq<_ttJe8`pNa1VY zNTN7@7n^LS6&>LY3)6B-?>(0-IAz8NFzq-~E(S}Pj5!-P;rT?;o;V9K^MXe-f`HB9 z1gZWII{}Y;?brP|V*xBz0bH*9qbU-g8Wo^O6`)vSzU413vA;xc>_=;ETDTaERE2py zCCP-+oIFczqp}D@!p6`+%V{;$7}Xn?JC2yaeIkUIiH1C^xSPh*BOAIa2XZle@pfMh zT((qH%fC#oWA}VN|NnsVk1MSPNYKxn44_jhu#4-!Hy;e!9h3zT3>W<`kaJ0&z{rVHoLb zA~7BXWfGRua?Huk5wGV}_4cYgbsN0zy$`}TW$&5oDht(yl&6Ig9MXA@tfs^msN+DQk`-o+ptE~Tzu(`jslA>%Zfh1=3`{KzO3kvcDleCQCx2P4)Ph^UmnAdj z0G@bY$NI9i6kR^@&+xPrsMWt^$i+3he1ur&ynoHuLQAmnA{DOusJaADQ91o!V%~O6 z?Y4+9I0>&->JQ+l&vGF|0g3 z%IJ_{#O%TVPUy3OuwE7fAAF&J-C!s`e^5V_C`xx;t?zP^B( zet-q`(*Qnyia|fUlC$PdNtj9;8M&>om^Csfd58YfoDi_jj?ZHx7snBopyvObBF7$CdxPDa z;&1;(bcd1M^Y$jg1uQD$7G@uyqC1lr-?L^D!_hw%z<4EUY~2LxKBmqUzS52|Yfj@l z@f_o-J)nZb!CLOK`{3Cg6(3_4`Q_sQ0B635eiQ(8sdS^#Q|qq{t}XEWtsonl8kxv# zG%)X#bo{$mK%ZCW5rpWSD?po@5o95{8U>Rz1K5b`0cVo5V`y}C6n|ZoduMe7jR&)l zYthdXms@a=Dv#a;n_nKtkt_G!?JsIi6LTDbyg$N$Ev@>Qc+pc;_&I|8wSJ<{sX2hI z7A~hWgP(n}T{vQ*G+pwDd!|nBp5&8Aftuqfp~WO%;7dxLYz8Da!O`VzA0REeIL5{w ze>uMYyitTco|P9WH~vMz3RReqrwO*tXJiDYIg$1o3$-r=FyQ>W0Fu8Nc)?GQ(|72B z0xiKn@e?WGtIfYmC;_Gjlk(dUR5tqC!H@R+8JWuH72f$J3zhv%u8f0I^vOqnakjd~G$J5jHXJ z1x(F_AiYb@k(ppz*8&gs1=wj5Fg8^mHt#B?)gvkI^{LU zTd*NDg#^l!5x(*%XNmyYfs#D%Vg&w>I39lbJc#NPe~PPp?fkpq1v^jki%%zp#LE5k z{Db<$1$ZTu{9V=V9Pqap^tU3cArS-x(<$PxnoiA?DR`@Pqa>Gc!%xs8t8qWvgb}2) z+YEDzIZ@~pbrAfZgbSCeWo`1oLyz5k+ z+%7PF`>M|BlT+{sB9cL5@H9u@i;!n!NdBB8olXRaQ|S< z?B^+=`0+Qrp>4Dw8_DmgZ_f_ClUyTj)lKA9j?(U6ybsq|NAsAHRoDrRvN7*F8X1ur zRs_dMf?zio(?Ldr3l_?fJeONlCXa#E(f}A&0MOCCT?NhEmtV~I3;kJ0^3ZtBs5Oiu zms@dFDk-}$Nvv$>=~VVO&=r?KNf2TN6z<+|lrue5^}a>+0*%&3S@b&CJH*FJO#9&% z`4Yn%!CN2!rzZGLH|6I{vyxuPlvT5U)vWC(7hx(_aZ*xzoTpWu^kTu|DLP(asPUgI z`pG<*D`m(FDXcy^R#4u{$h@AZZr>B`e8GAKy;LE#E<~l1jM^(GTOy%P-=iXeEWrII zzhccKPxdXaVx6`$Bz{U9Qz44;N=6kU@Ju@StbL?{N3hZaZJ&a3Jtb^$p^_A?UgwBi zAADW@5C$6`@U>n5*UhC+pn)Y7sw$0Zqb(~dZ<-f$oRrWr=BSbf4|%`Mv)lzN)?I0b zet{(5gIJz+ERUC0^6k>8uhchL%FFrLNPSu}OcYch%I`v1E<07g$tm?L{xYLrGP||a z5TuJ~u|Tl9%~-|P^2UUYvK=!XP^H384ug%lDhUiWPPE^06YiOS44FKNa#Dx4Zp4i& zt_j1@@_w`uKWovVTuxKGut^AM9_6%4E7~ZEBv9KchB1R2!f42hl)`{7l>%q+!u4x( z4|efXox{o;3fzOKCV~U#!Gc1MbC>ctRI1c-nX<<4jW0>S%mt@7q5ShqM$zhd;jpRS zdBZDFGtR8~x+KY++n#4yK(QyMw4i)dHep_R9oE(H<@CCw&b)S8Cddr+Lgi@!Haxq>5D+~bpQtSa+x)`s~k@3C83@^+jwSr-mvMTP_WUO4PEzzyXxLH$O zJZ-r=gP7*1u9+}JOS0e!Y=4^&Pv%|4YKZzRiz+Y8u3yt^Imcy@c{txK@+PJ6Mc;7( zXr`&I*bwrNSmvnCiPRRJib!B90GJd?B|)oVHy3T^t*DWm$F(-9uGcOI-v#I#S=MnRX0Y~OiE~j;crgU%4Ia+ibz;;cl*oi>eNkK}RYOJJbB1(tqHK|yQi~QiW zl)%yF6D)}@+~j`Q;I8RMikR}vA{zl|rmydtL~jAB{|Vx-h~euh`@Pn7la7g+Y&dBy zm>?E}QXi_v`y@&tf%ojO$D!>QaeVlrIc9w^3nqCPLT8+^HJ4EYaFHoobBkFWmdA#> zB3rK_I|oZIiFcf#;~t6lGhH(l4SawiF(F-~FQZ}sDe{VCQ*3wsb!QQw5?{WRdaEilUh-X$|hc0sq-#3@&vwhw7n3juqpoTnRSIx!FM6W^6=hMoi zyb^8(H$R&XpYlyh%GQW5RpMuf@F~d-mc(DG%2~2%8^%rsjpWGnXht8UF+b&1+u;g) z$rXD);Nyf@@_&bFUC%>!y0m80#5IBU0or8%(5_aj!8cJcUh>tSw5H!4wBIomvbpZ) z=!fVUW+&OqZv4RuAnUCqorp7S&h|W%KD*Xz9t{enr0a!~|0@O?X<{muP)Ip)w{1mA zl)&zB7GX>HW+p$XAkPJFCc?&S2iUz(EC+~!%@|)K{?kxAB3(AW@);Ym&T{p*r}Las z7^y~V%;K_NDd4B_L>D;qo+yMd%xUq6gB{0WZ(ySrir*vZp{1=t*bB_{o>r&SC+@^z zudHN~Z{G4640*{{ye)qxCWH}*4o0n2ViXrPt&YVc7v)fb{uUfz;l;NrRJ1(2gz4*=mO zD6(1aM0hnpgCu4;b5ne4xfqSVqJoHp`uM)JlXiqtVeKXwSS!<^(yjqVvT?T3KHt)h zR7gQEtQ6jlub{fxw$!A#kd&%Me;9J}LN-Ck^P~27ES4zf>4|TCsSY5nuQX!Qu3Y+) zMrO@dOl9-dBKC!VX7!stW)tt+^qS~G)DP_BW|?>P;#@M*;?jb1Wy8~PiFJ!ite;D6 zeRCrRWy7{hT{MnPVg9sut8rIjQb0>?uQ_Tu)&9)Fkux^G{xP&qa)mMiDzEGU6xm|y za~bUhr%FhbkJty}mm%_`U=cn`H7==*Ity~5B!S!s!2talkAYqjDsrYnx%40(^Kq`o zl|$(9H$5XV&%G(b?1{g4BJ32!%Q)<$*&u4Y`;!}PguDclTb$^ex(Bua_F1U2LW7L^ z8eqmO_T;hZHt7G)$H!YD!m6ug*S}=?`SMht;UAhWHl@b~=YBtgvPfB)|0lrvlOpB( zm{Nr=#EdYP7Mx-WFTvC~Ir}`*3s_(X>l{e=J8jDad+xN7bydjr%IV0GNXUl?vuK=PS5t*zUtsP0>Aay2Ez8-Xd5W$~))S_ux*mVrMay#7 zC-4X1#TwcYRJxy_UggmS)H^ryh7|Mb08p*+O}vQsLkDFmrg=~03lDf+ z)e0F4UCPqG7c(w#4lBO04#ADMB-y(^CVU~wc3tD>#W@7Wx@n6<*s3?jqU`m4>Vxku zV%KCiW;-;UyWW8(oF%8`whnJX?LEiPJCWvYTM(P_yZ=A{8oR1EoR}1ZRsiGr@>@B2fiGq|9+{koa?mMQs5O zo)%Z000@VR#Hrx~`ZETtP%n1Pmg{`d%O+{Lul@c9Gx;BKw&u3D68o2&UH-kv|JSav zvYnl@ovoROyOD{#vxS}Qf2HY!$je9pDIoKxiPcz0HX(1SG}8x>np?D=8?lJzuYXv? zosY27&)R6=&4YJYHoe{~WZqmT_FO$ET;i}kmo0G^d-a1~hfzM^ z&@ih|kL=(RqyZh6B9N9+NYf^VO8(_+Uf-C(#hg}|5+t0pKAEQWn6XLrfA;OUWXb?Z zfB*n0f63JU+tN|)*S*uk$j;H2Snhv}?yraEe;8%o8`jO5Wt(J(N#wCCS0lwc5QP(7 zXro4BgHgZ;0*3R>De_g*o32JinVMR!cZ4`UC&{}>(I+1%i2zA-Q>V00-MEc-f%EN%@FldOWOM6gNvIZki zQX%WUQG6BaHP}kxv*&-B4sp6|f@9J{uJ14VK3Sh!rdtG2t9R5(8%#c0XGBJX?9HFZ zJ69mBr;Oz;YscTIMlYY)S0SONZZUB-TMp4^TQo)QmZvOj+M$=W)!NyRgstO!}K>H=a7ct7;!4qhY^tw=9Huf zM(H1HHa7P5{XPeWNs%zzD0k816w1cdmFXfO$rok>I|=vM1}_&J=#73<%v)mHkmv`U z`%G@UjF3k0HA1#MTRZu?Pf1 zP4nt%qIA!|X}1QR{7%NObqrHynMJLU_K0P`CxxJjj-?S~lU`6AKK!-M|5O)`Jd}mw z5h+mO8C_YO`2@)e1={D@16p*xNKpSJ)qqr>HnqnBCsBwBNh~L|T&NUnaTUT*{{}pt zfiR}w5UzZJi6B6>;Z7WrEl4cZAwnnocU%oZ0ZkKXvO+#nZXLY|&mN}rq;^IV#B!AI z@jr}W|AU7JkA-bHf&&2D!~bs(En$h?9jE{ZnLJ$qWpdkj%)^*AwU)(z*&+Tu}=SJ;s zy~W1fiq@;g(u}?izV%Meh1~-uJP2ugkw@cA9grD(DW9MXzGY0)O`gn&9R5FSodc6# zU9zsrwr$(CZQJNlmu=g&ZQHhO+v=*Wy7k355i{q`L}ctguve_id{*ZB(ogLD)p-rS zTooObR{TVwpS+U-UH+m9_}Ow3`m0v9tGdVGgTH?Vj_bRmu)}>)a$N;R96zl!a}t$4 zsmTf3QTN>pEGOHV&BEL%OHON*i|O!MO4(As=_1BO7P62oGuqATjoZ!r;i@UQDXHi)9CrKy zhg+9W6B6Pk-9Ns!R^S%EAAAxnI?w3HWSm*v^HjK0Mr!d8l&GS15lTZ|%0q`elSX_{ zfkeDIama^gpH&^h%N6J1R!FI50Pu~pUT-h2I)<#BQBT2?#H6b%JibE*XUT+R>ypgX zB11w8Z-VPf-6v&Jt=ekRC@v&0Ho;K1e9+Ix8_fTwlf z*I_u(mI4{=ee~1%q1?hoMv6lP)TbulDXjI7E=_diTh(EZzxsV1j^}h=uKhwEC8pe= z^RH>Eu2K6bNkwY%QW$H2QUz_NEJlWCLSSa5tYJ=AX?|RT_ScY@N3fkCZJz9A;~Lie zkq{g6B`0G_t2A$7(n*Zki#CHjo327b!+Q|sJGw8SC}W||aoGS&Y|Gg9W_dX&j{TRk3qT!hhud4Xu|832=HHOF=We@wraFvw@LmRa=$lSD ztapT8mV44`rhCL*RfovHs~{P^`@1l%^WNB!V8I?`bWkC)7Z%_W}ZE6lCB>P!yYkKBCZg>0MYFdvmiHDfv&U9yOx zqgbr#*TuMJF{UL+J5u=_WV+JDklK`ssvdaQXFGK9>dwYD3oy*0Bp0U}m(Fi9DZGyh ztQHzecE^a?+C!TIqxre%&5KSBYJN>DypGmUHsZpbjDOkfOs+*ycb?po6`F=!25slm zCzU1L&BvubWCexRmAW*SrcRkqKBjfxbyd5Q0YVyn*&7eO;AVl_&8=DV5yQzUFv1Qm zFRB-Fun(<3TYA?YjgND;7@L3Z_1uW)^Lu`}xh%;Qhb{-+ihi}cb)k2}`D?#(Hpb{P zSZ6L+O3?1%b7OL5N;v;s;Ye+s5#Sar0C9DsQJ;eIiZ9&9?c+UD!WYi8ul03Dm7mmm zqsrO_M3Oj7c-*S&xH?(@GR!Q`YZo zAp*o`Espbw9AT@~8ra)CF(I2n>YvKn)hesGGnlzap;!h|t|V$hj;fT@r&aRVvHLn% zMDy+t)xyR~Uk-1{TsDJ^s#x%1|5c&XHNuTW5d#)c=zn05$8kZ8=Dgk0v8_U0A|j$| z$!PNdDWYX*^(+UrLFC^ekw=SUu_^c}l@vp%Md{+wEPKdIpD#to7l?ImZNI^>yhA!z z(n7jewu$g7dm!Mk4By%oX4+t%lZL9l@BVTXYLFQUS2JYP%x$C&1>P7FXCu8(FV!Um zoPyT$&LcT`axN%)Vnl6eJTt%R0;=mm2>;LdGH?-S<#rbMo#}2WZPqY%cXf#&Rd&`yWijmZ(uVe%5h$i^0?*i=KL(7)U;B-I z!2!nwxQ-feKz;wO;qrZI670%52S znupNgVR2kdv#GzmVuHMaVT^}T@A%}U6D1@l=n0*qP8>Dz4TZ}Xo#1e>^!lLk)qc5w zKVwg9U`>|%K4np(GhMWW(2Ap~BfE3A}3r-@yQ0z5!qr`g{@oNpBaf8R#hTiyNrT-s$1)^cO_p;RY*WjDj)xcRXtW`R@>6{C(IHb33!9&pvDD%J;K z=CSzHXY4u#pCNS{8cQ-8UwnWOM5LSA9HKZlFb}xu zY^dc!L=aJ^X_08z+ML6DNiS*)7KJC4td-tLeiCvin>meu-{s@DB8yS4xSU-1c)o0I zu7AG0KXdzu9vxzgIKV*Nj3V{}^QjfMQS2jDR(kQI)Qvb~$C4w7Y49a8&>1QXBn72Y zuobwGA#id`p~ip&QO)(9uffVUb~l)@MkAO83e;YBG9U#-6w92~jg^JY-RMbfKim!k z!M!%7E5#^^5L|REW>?H3V9avc(r#Czr6kYXpe=H@D7soJ>l06OSZ3}h`zsJ>qCwap z2^$dDZH(A9>M?F5sMU`Z9O3FVPGndy@v(<=w~__pcOv-A&QA7Y=U8p9`p*YtOyOIR zYi%rCX?2`sjtizOeM7!Z@O^ubSdta=uXn~3J8yH*^XWNd)Yw|5>!|9-`TA2b)f|RI zY3d}#3rdYRPAT_qj|$pD%z!zW*-nfRiKj!g8`UVxn3`Je2S?eIG3gy7_er$QfP#G| zb*gi+ImPM~nz@k{ie`vtah|zXNzYRC3U?X0acfOhv0t*B1ldK#+w8Lbh^&9ZM0$mc zh3-uMmgP0pobfE2cv|&BU8qoSWwu&>`d5@h3myU-z#? z$hqiS3^M1sQyp^u)0G=^#&~8HqmWUw$19sHnDwWI{qK{tP9H7TaUWo7JOQRKQn}*; zlKW%!6DDt>O%R{%9=+=w=~li&nlJjJ?przA06zVl`u737LOl(-FZ#EC#=ibOHj%iL z-4V<@{aL<2Ag~R88Il#T9MhH-?-nI|>D&DS<-4gh8If1OjF07y4{+k;U&k z#h1l7G0I04)11PN6H7d5mU!5VQ8ss61>b<2SZ<9!p#N(3{#iy6WF{kB`#IJ&kN^PK z|K(`^(?UD`Zx5}itB$OWvYlv>h7eLqL17e;w~Wwd(X58ZPZdDqzZRfTrA5AvBqj`I zPKNSBHt_!}EVJvm#ktT9b*QQ5p8fI__LbiBwi`hp*+}JfoXu){<^0I=kVZ#;8pN#~9%Y`@rJB{KqkRKxJfz>i3meK5qb*T; zd}YMw?dU<4t$S}%dW5+Bd$@qQi}ZnGg2G<~O0-f%V)m^@mugO4zd6E`@X;v;lIz^X zQn1Q$j*KOUM_<@g_8_@T^W4&xTqndzMram2__zU1ey*3eJy&eSwIZgwr&N!Ql7zRH zWhMIL|#? zizlAGv*o*Bg_Z3vX}b%f)pT_#kH6G3D%|+YbP!!CXDg?sX`H!_o>OOO?pbd?{X7qb z-;O926d5Rz3`&FP9&#qV?p}p%_9%r8KVMw%ED8f0+~{WWiS1Xu`2)6*NMqqYGw5=p!ZsA$75$GPo^i;!`F_No?DN`%A5+q zm+q=2V$HXZ@MFTUEN6`Zllz5^y%d(T(R6M#%xk~N_B+GUlzB16I3y=*v>xYac`X)K zA~LdbAy>llwQNtKeGlqQ*>U~xv}X)&q84RiN@TOK2Ibv@kMy?>a%>}YO1A3#%$qL- zkxpD`x%ca&$T&JEr|3NDW}b;HDiyy8Q67y2Tibb^jY6`dgSB zY>V!?(BZPk*^ebgE26ges{u!SaLN9d0nvjA^hwiI(JeAm})Zl}AB0P`w}CRo}V z0T;tifE;rmOTs5KOnu)YM<`;A@f!-JR|pMVc~>pdFA$rjOYP0is2O+hG)qs*j;)8K@jYRd#Zrc}6L^mP~uy+Z>F{$U!*8^wE0 zoT0xNLR=NWItHawed_=m`F_uLVyNxJLAV(4&LRWYssU&#uskIF#3J`?U_6STr`~9O zyO4eG>V3_r&3nCtkH_3?&_k$0x>fzWI>X&VjOBYiv!ze`2^%M~9tPm|{xo~7| z;_PX6Di*@$t^lEPs0>et=v~py9G?$aQFO--6!TQw6GxiLRg_X|13Yw&EW%9z#$KY% zXA*JYa)h&GaH5>vcA-u@9Fy}lIEGM(nZMAt?03xy0l93-D=9$dumkP zKl%T4A^t-cB^0)Knt$k`*bo2u&+W|r&%DN2X;W%Y0D*V2lXXRl-lkcvf=G2f>`e_( z5iv<=7_EQQreP_GC7vWAx0oIc$^D^;8`|TSJaGe4XTE zA@vwH^H#7gJ)R5)&smGtGQl(lyRKY7OdC_EsDY>HH$_hf6wh=P zcsO9CJUeRzVUP`6m`JV4+$1o$2#xT}k~m3O#&VOC(pO;amGc(_2rs~XtjrJ96K0$B z@YuM#;i|_CAP9fq?>2Om89*+=Q1^1e4*tqKn7i5G7;p}z3&s7NDs~mBFZhPLR0Oqr zq^51-2A6%lI|0FY0Ut+_bWTl9s2+u<1mhqoQJg)Gr+?|sixg&%wgbtZ?k{9lEZ+w) z><~?a&0>eFy`n@Prt^&8jd3>n_e>u2Z`7Q|TrINP7^l^xX0Zz0h+{q8!7kNNE##Df z`8dC2sEUMYt`rlCA&&x=zhrK9KgvVcpE7}Ej^)U-FXLCpaKZLtgwCiDX|?lz15y9{ zZ_=g@p0u9?X!WBGhVvf@P(kD0mvMgE_UsYuootm~naq_sB) zKxynQtRzC5HcZHH$!J&XzL0xA@@q_mQ>%{Q@5I};PUWx|U~~s2x=(jJ@jh-k}P_2ncgd)RYJl{c9|LAVso* z!@1%bHaeME_+>UuwZ4eulw+rxnU;4Nb;#9U6;d)^4+}fp+RfvbrSGKUS+2Cv{Fl|L zbu9a+Ahj_9JLPt)qh%e3$K{39i5*3A-NWLPhksV68kAdO$J^)>s3SUtm1AZ5M6B?) z8G3`_rlKcQr*tIy#A(C|pCK!#V7wDe9R6IDmBXIfO-~Fj)A4C_U&2+T|7{y6EOPYwYFBB?WmnT*=J?SUN%`4y!>+_rZcxFI z%qn*~YUj8)@)bvF<)$qmvaReC>rRK@k;L|iogAr@I2=NBcA_?o8W4x&kibp7aH7rK z)8SHA5XVIIZ~$){`4dNy4_wQ#n5<)u8ezkEPjO-FP+~Of_!8y9b~+lbc#dFN|9cFNc^QzHX1Pk;o%`inM*gr0|5SXxA07_oielextatn zJ+e-n)q;?nGq?%5F>O+Z*z2vu=SpRvJuqkAmt*L!rcPq4$rsd!%a24 z{xdG&%YCa_^KF4Hrwzgam80jGGW^yF)6Hq=N^^NviEj82V%vA$?ZMk7*LLy%k6f4R zd15DzeQy713`;UKK2;utYDvc7H(($Z`w}F}VUf^ZcxsLP@Xau=_;V9KfTFbsF8^=M z7T*zudggW8)I1FC9U@=IXS7ij8jqwMr!)>>i+5OwI_$kJ`2ljXTlBDU^PB#8>Ry&y zG5ym^EKUJuvUU5?1K9oQobtGc{3ooI{-6Zu?&W;4C7$pV3CY|q(*w8?Jfb?3e97^T zIZ_*3hm3DwC^4)<6Vj3@`QO1j;iNLn6w+-G)Y5AUsKUrk=xt~jsz(x3x}uo^JOl05 zPlPkjBgP*fV6omG96BF=uqZBlHkUQ(UukE}DRjH=Yu$Rz;Ri38|G zzdgDlB9)rWvZ&mnNox;@l%EcmRUJ5F6zSJT|6)fZ@_Eg4j(jP9Ld&e;oulVKtd$d! zypLT+o-g6gRi3TMkkhNqw^LdbM${x)DOXpX@udvq899cu^^nwPIvtYL{zcWlMx*C< z4M-`+5+k$;*$J>u*&)m^AEIE#Dce7bf3UR4i_oLQ(TaB3GH&>2YV^7QRi#2DD_>+3 zplDSo2MlPh_Ji4jyGdY!eVm$GW2pMl4%|y6#u78$w-%|JU!%Q@?}v`>H#5E~9NVi+ zUOnjjzZopf!HMqaCwnda;PwB!(UktLcc)sk5|%m!Z{!4!ZbF#f0tu}pR%9gX$`d&x zn@s^@KT(NPQ%Nth?HJaYX-e_o6XYL`YnjSyu0`-OVP}sUT@f=);KAYnP z>8shHhvq)($~DD27nsWJ-!Ujfl`)%CxU5w!olR<+l*>^unrd-(Q^a=Dgi~q=y7ktR zo_PiZb#;{n4$GVjs5&)TEt;3ESS8x*ST;FD6>^Ifw^%i#HQ=F%JJgk>26S=eAL}ja zPFuhy5v?+ImG%~FyaQ0sf_s=(hJ;m16Jl$YYw0xGC89#$(=GGHs#3v4Jhie`fknEm z+s<5`DbiER23%iMF0HrY0*Lde1f_%l`FQxO(>3OtF7l$;(+==3vk3F9JgW`bP$>cT zmorw2Ek2Cf(3P=IYx!HjwnxWpYSJoVWX`8F${D=8EIw>fHiNdwpNkD)D+nk7u6WP- zJxTpYIFl#oG7ZL#m=L6rD&8X0jPdKYd)skvw$Hrtd418UrHjtfda>73y$CYoSw0ZU zj=nRM7U7^1CoSn>TX-M|kX=^lVjO$&y**C>CMqtf1J_xRZl@Uh<>IZf<)zH5idw;nz2 zC!U(I$u%3jEPjtC& zk+2a}Ym3NBNH>{CX%$coyaJ~7_M5XvuBlp(20a}O^ zGrqk{hu^FbbEGvuw&vkGL{_SjEbyY|kijA(NZq6WhOhLDXyFf#{z9s6vuTz1zdJVm z0|1Wb3b~(t>fN%R8w3A8>K`Q~Wl8aWFM*1cb?uM@QFwu`=xCaTH>$5%d=x4de)YXY z+yh3NLH2`Wkd?>}G7VdzwP=Qv+^e5QlKjs@FSqiN)ZMtG+3A+&Y`f#_^wlfAeh;8q zgg70|6=&NmQ6R6)6}MZT0e>oTxgLXw75FGjd+N9XgSFFdAOU` zlydoXFmvh7B;}wSxukgXq<_@mNTqG>{N?i?J1-*XdEK}I2IRBLZ!)4`g>qaPN8kBB z&BYR_v7*e@p@yA~BlK>@B_yD2NYkd=I>kJe={{sZm@R6IW$%V4kCe`RLRfxEjQMPV z$fW2*sKO8TZXzxT6Y=322M;zAEhkgPdizW75cA>lE*dLdD4?v0tZKr|JW`!@_26EL-$;w{!Qp*6Tguc{R0k=(o zRYrF?_h0GdpO;%>8n=AUA6oSJWA}vlUk;3;snh@PB4>4XH;r{IPU4v>w zbAxPA?#0FK`T2DQ{UL3*tb4 zFy=7GZ`R{JX)6n5X4akYYh z{rWO$#7OlrL%UK-ODQCc2J!?cN`h!zl{jQe5?Y;sm_If^^RS4vndr(WE~GqS5@WRxdNQD^)c?;pPA?jIu z=_W(wGam6YKO3}zexjM>=B{)KkkRGJ$P>!&w!`L%#kpl%nnN-3dNvo5yLQ2{jM(8e zR6xI1&HC5Klbfq*M&d#Y3G+!9(^A3bK8I2^3%{I`?Cwl<$XvJCh_xa^Eu_9x0X-%o zn+RzyU*$_=knA9swF-mxlC>^V`E4p4`a)d@SJiwS+9gXB`dk1Rthv2h|53egKiITQ z-O8Wna~MlE#8Xyl@m2$L7B2vMSp9xc&_}WC>e%5ZTVA!)tD8&4gOfkrh=uIDYQ^U- za89IADg-$Uz`Pxp>!@{q)V8{c2t)8-Q$??(-82VLy9RWQDpNvg4^&}m!-e&c=lrAb zx@z`eA)m}JuzF(bEZ)d^NJnk3TnH=nW$(S=)ArjBd2Cso7sni28;&&yGN3ScyH9*x zbiXFt?`&Xq`(0VRc4M_fWxf+G2f&88QNjA-bAixh`||l`Ht|)KUR(Wk&dGDWLY){RLI^gXiWn= za$axfAgHx^f9sAH*;*>RPiofmMDk3JKA3mW&otO3R*+E2^c^g zxpEPVG9&nKT4W`H0I*$i6IK^~v{ytp+2#CC~@>xif!tu$^_pYquzXHTMXr!ATrG-6s1`IDEURH!_d4o3l?7EqyJ z4W*RZ93Ygz8P0i1nm_&yruk6v1QF?>@$SUpVt!(jAk*8Tyc7^lVGMDZ+h~fNLee02 zUE!E6LU8pKPF=^hNNcxFxPb=Iy?woM48c5%usPT_%dY8ms(8>@e; zPcviA=_pZS+%SP@h}XcvxG{gb)UiN@^rq(H8;#=cZx?#i@{Yf*DzBLpTTvp%8))x} zU?z7})`MzSpYWth?n`n9Gv6cZ&Sjp-a&9n-?wXa-I+K5W4ZaSM}KdaJ7*;6z`3l>={e8Oc92l(P$zY$x((yv)%h6u)J z71X0mS^SF1a^bM}k?i{aVepYVS61NX2CaVg$zQ!WFQ!?i&Sq zF`V;kP*GdW{ALj;`189WF)cEMy%Bk(Z#rT%f3n6cdRsduPKzt*VV+<+<>ISq<=#Zb zlO`~tc&rYUwuFeZT4K8JOhhd-ih{~~=x{iDhUY;36jA-CaRp7^@<)ol-t#schjrGp zJUu~ia8^cp`gvs%;EIW^oN#K=*_cCmCo_IG+n!kb>q6%v^>N}hUBbtw=JV41X!01E zhxm3Zh2Dcr{A;@F;WM`{W!FgE&}U`iB&Mfi+xMCQO{c-k%w#?0gsj_Ur(mabo$A(P zJciqxN69 znqkGl8fNd(>W&hVp>;+;3!XDZq_t#uYPq7abgU>!rcNRCQZWnPqY6kby{lwgjbVnq z)z27-UBA$f-hfXpV`UC=+fKfxZj*X{C;v@8f5*DH&ML z4IMJ@IEM@~35*%GzwAU);K=vmaRx7x`hm`qFd-ih{Fa@?Xbm%9ao~j`z3Zw6BR;eK zp8k7q?2=K1jL3(z2gO#VPK_J3D+ISiDV;DkLhr|z6Lp0PxB+9O;ejRT^pBU=ghnn{ zq;YN)GT5Ux$xeg>2%Vx8Q zICBIsri_Q?m}t_*1yZz>O-%6}FIXfG=n7rNlL?iAe!LGBND#qferCCaIowNd6i$Ux zic?*Lwv(1GfQFbXx`uyt96qwvan$WtcRKMm=dgZzKRXg%HAW>QKT)Sl>-PD|#pblf zJROUai+#)jKj}p^uxr^$PK}F5bNIb_bTsRdGdT8TTlG8}+nj)&b|wn-FRRGkQmbq( zXd&Mb52ZRIkn7U~*yrP&=|{ZLzrMi!?}35ab$BNDVdDEg%C!Hb#Q(Q(hh*8` zn<@yS-xa1G>l{Pw`T4SM5KVrGDIBo0#UwWN#_f#H;&Hf%MY#>tTu>3RrsS+i)aEn1 zj=`8vf!x5r?u*<~DstT%3Am7!-SqXZU|{HZFhv&go_bKMVa&X6U?ueoZtFkF{K+xmJHES4i*~9|=#h;#S7jU(a|qj_+r7p)h60 z`WX4R73CdA*~3|Loq+4Pd}UnDG!wb zf0Etn_$>}S0`duWA?&q=&Eg$60{UdWdHL-U_8{!JhNA;_iFh&grH0XizwsW(_|+oN z;~!Z2u^#C7)gsk`aKti1I|+;{5lCm41=~ffk1F7`(~0&l=omwjVj<@MPiP!(0^$q2 z2BME;t`44cUl0orOdAx=`@?=D)``+RkQ& z)6-iIoKR=@`a+C{#f0S#d4m(z33Ja|m@zK=03MPYGY6BHtAb+?QkLN3?xSdw@gSlZ z1z(Ds9sdKm{6eVuDqV5C+7@$b56r($=F?C68N&UB3-%>| z>s#R8J6BX{+mYSzMgOmBptBU?`1A?Lw&`Y&y zHSKG&*Xf>@<(KZB)obU*@5gO!*N}0TmfO_bt=rCBhaSf-^S`z|53#3mi1VPIwD8+w zsCXG;iOzhh!fZJQ`;To4gUZK>!^^f%j?p|bsiQ3JOA`suJZG}2?jfO2Z9=E%cvL7- zhF@W!QtyRatL<(np;B%wUHTNv&vZG&^p4IstvQkfn=P$zn|(G-@7;7pTnCBtW#H2AKGN_DxLKX^EDfO zq17gja-r9zx&%hjzuuvCDIV>T5DTKaLJ(yWxs^tC^57gyGcD3~({hFCb}b7>y0^@z zdsslKx3!6H=($%VB_j&bUF2uFCq{mlm}Ev8x$7Js zR2FxO;jKdLuC~8Du}4&>q|xh{3y zp>0qZGmf2szwAmK$Af$cNt4nltiRdF#{ID^-2kzH455n@{S1aI<6|sJ)WodVNw9=@1N(xZ ztZ|lw9TS8MYtZ3vVTw>nxdCb~)*M2d-}1E+qfo`WHXj&Yuwr3eciLb;LvwqQ$6HSd z<36fxHdxZ$E=tkSDGV7%TVkKA>kyV6}oKSJ{CAQ?yxUq5 z51MpFT495Gg@tEQzm+lrQgqP%l+1B^x*mBJC(-=Ni&}o2oMN4NMF|NR+ft4sEZqv8 zZhBZS@wNuAy8JMyF^bnorgq|_4rFEJF!vBL6FcjR-40HKVI{GdhOHu7N8wVDn_I$G z*xNi_Hxmk^KCIUIl;RL=N?!TEFRpyXWMX&~hTj0Q(D5)>r~ z1`>ejfkP(C!1=12pqPODy`=szG|MFu{*1&*>6!>*2`;M01ce1ucL(0X5pAp(@UF2= zC#ckFZ1fFs@k#A@<7K2-LULXROIk_Vt-fwUoYG|qKG!jU>cc2c@scAZ##9L<%uUt& zYru3~$;6Q`nm;;%9kWjol|cI#FVwYZIagBv-**wTV$p`TDzbX!@+?SFC2N%CD7YsPgouC|cQdhNelUMLo6KyWh$^YI9bmGApZ zt<&_(oy}*)dfG*&hO1XF%%`Ut&h!Cinygm0X7CzSo~oi=M!AGjgNnhXnD;Wsn!29| zc#n>~yK>8kke6}{h`M-5mS}j5c=6}n^HSmO4YTo=-x<$i9u{n#?CHG&Y+n~}AKpl| z&yPpn!&33`y~F&>7xb1}NG$okn9Uccr0B0pf%SX>d}dKN9FyM`9}H-6j9`*oh*t2= zMULlC!_q(SkI1_}G5M~FN6+jv1UP__gAyMBiMKu88=nwZ61rCqh~(YRAw7`R$)vr> zl;tOl0rXgvU;}Os^?WjX=&fQr-!cD0rpnFbrS|mYK0YWijE?%@^HWQIN%=lL_*opa z$z&mnjGTmF<_YLOJrH!C6sNwE;5|j~=sho7K7oNuQ16pi(DRWrz&uFpcH-v+K;KkAjC)llkQO+l zhZetee^>RHp4888jqhVqaeH?bn6!gPWtD_xShO)1ju4;-r~^y6koAOk3OQ`EbRJ;n znXvPCr!5QI$+u&Wy@(BRc_Fmz8$wEGJ@7XG`sf6jpDvM&R!B`g?|Op%6N`9~lOopj z$;#-@A7&)gFw9Qx9jv$bei`t0Q_m-~f8ofN^o{7dB!%_$DX1fmmm2vlDG9YP^2NP9 zPF#2b(du-xZDrG1p&$L$c ztLNp8dBTBMQb~DA1wJ+sfB2my0ncOzJ%;HB5^zpq%FQ-64#5 zZ54c0rFmqmDfeSWDG|14Ytq~Np^oMqk%)RlDc6Rr_wG$0&!qB3x-nXNl=IMR`xZId zd|fY%(@Y~`kIWShv=wK;DMeW7$2P-kG?&uemuL&Q_8MYDxIkXJ6{QSWTxEm!(mNCr zv&cbj8Ao!=wmb_x)WwJ)DT2jW6ZOGxT}Y<0SgBK;yGsi!kL9fypvhR$+ zDeVu}y#yq5daGfj7#_5~CY0~R^)2XP{*8jQe+R$@xl)=fNwjToY<%RE5*%W_sA$m! z_Y|5l;>JDFrb?tii53X`GEwz7y8TZtCMJ_RqD`w+r0bxPO~MxvBi4EERM9Wl1TJ4& z?}w*m0-5=mkr^8gOC4@DesUqW@Dk^mW^Gj|pYYdd9f5Nqbc}O^PsBs@8PY*DIh(*$ z^&Rp-CAvO0uWQMEkpg~peD6x`3J1)qjgn%YO)lE!i$*?gk}(a)DmoO0D`<})AB?}AvlF;b{ABwC`wPMA+! zSRpN78@kfWmb`TxIBhzD)lKnq#d$&|^$G3U{}#BYXV(*48|RHrC?r&1Jzx%$<=aZS z+Gu&y<=B-xh2N>|-x93CProgBM8XZtJyw;9pe5w_dZN)@( zg~Pty4l)H%Nr!WeS0GTbmaDu3Jc1S3FxzrT3R<%2;MWu0uflfYUu zkmus67-8d<>Xnd0jxQqL(VTNB=w|U%L2=!dN}YH!SQG$?2QP>+Hw#ECJ8(ZBBABGz5W|MM0~~q|tvzREmwe zY?t$KyNNoDSv@79iX=c1KXIU9%E5kc)5}m z{6+(>2|pRVdmszydrifRp3R_}>hrrrh3Sy_t%K7t=UjF9%R2b^=P$_UWVhTDDOXs( zj5F@IOItR9l|B$T>h)C$O4emhJTSu_r5%jmvPQ@XZ$(hBkR$r^gxbL<4EJ${Wuj)?x~7T} zl+^EY)<72GU~7M^M{J6>*1hlEg{;D%gMuNEwcrZDxB0tQCYU*nQ{F7%uUZ!ClWOZkM!itBa}0vob%L7J~0nL=fKvK$;>x z%P8)&W*`LzEEe($;td3odJgt{sJ{iV8irTqhc5&K*=9vj?5C_w7}3jIHGGq=NxWGG zvE8h-a8Fq%8@Ar2wl5p+0Yxk`btq zI&Nf>qLg@y9ao=jp2@+-EYsL`aHYlwze=Fnh9$Ft-T@b1+F>z6FwMFHy|@!yVzGn3 zdR0PXswV6dAC;fRTzz$L#Kb7_0XRXO5qs=u5!En7_)Dg+D9R-)W62?`p{c~8pMZ8t zICvbCl?*?%s7MDeF3cRTYn>&7zUW>@9@!mE^b~iHb{4Nd94gh1q>XsqgR!%^NmtJJjR$@`=sT1u|rpgZRw- zJoAZ`IP2G>svJoUj3ip~#>qOCwX;iZ_n##~Ea=({&9;4j_A6NNvF^zkalSXxcf6=v zELnUWD$t#SX3=T#^5Y*>Izug>=BAZR8)rD}>_sw4*|4kXmviPzo!?hwv#M_Wf?7c* z1A|WWv->9-ps-7F8%!ChLHJVMiaKQ2=`KPo3N-bz7S@Wr(c zo8AmzY@1!gC~?Zc&p;nMfrMoncBzV0YsJC|GdL_@mYSCmfXi-DnX`LrLR~pHUH(oz zSzBH45$?#z_Hi@&a277a*`tINC(|s6otAi^=R`O8!#ILj;Y!%Af|HwPP%(<&qn6y{ zXH++(*zVlhGu&r-JCL&avY~HS9#OT$rSBeC2iRwzJ@I;nKQCTA!9CNRXSzMfJ+t_Q zxew%Lt9kF-J%L{%xhCYh<9a=j(r>nWp|`3j4Vdnm(3Nj35sK;rrSQa{l5qTaBTn@| zBt@;m!0tc`3yd0(GshBgNatHR5h%|TSEh^`_yn@+mXIso62*yZ8cVVBj#@4)7^Qzf z#wYJ~9hjeXZT{RYENmZ@Q)aP9Osa2UO;j3CZL1zL`+qze`3Cz39tk=Q3Q|>5ZV^=e z$|;uie$fWE4BqcxX5h8tj}~J#@703w{z!=Qe(@|8#glY#UC(>owj5o_+RuxYKpOJg z%Y#o$eHF@%RiL~r9Pi3Cy94ZqgI9va4=~0nnf|1(IULPz5I+O+39#KK&u^L4pfqNx zVH<=p!?#i0i%8t5CLmq@NXMMCQ@*JHtjHzi#U4)KWHeKd7g@7b$(ecSSxE&tm_$Q?n4 zUqmfextSzxtL%P(cl>fX&MWm|lLXjle>-I85WJP-Q{v5!S~+7YN=I?DP@8s1Ky`n~ zu*Y5&*DFQ(Nfv$Bx>ulI3gv_S#|s?r6^a^SB<~P^G5MRhQ_`-ozzZR~eiW3flo5Nvw-ac2s0To{N`q1!yhdsW;N=2? zfvzN2Rp$c0-vpoHEn~kgWbUjrbz?mZ>NC7QtQEAYn9q0gXT8%N91)o9IOx!NgG==* zw;Yn$KBoxIrYCFs#i%jEXjcCUDk2V*Sp(W(u*KUmUojHbqT{GQK}KzdZ+#SVV)oA5 ziM6Ylj(7N#6V{T>sKn{uMYuhx51wGHeYDJ6u0*}~E#&6aw|C3Uq>ZONppt&z% zDiKc8Ea!>b#)h+TlX@cR$nQ`g=620Swo~5h`gV^av$}V6l`^5D+cE`MBK0%}wSMYO zLfuzDCaQFL^QyPs(}V6%nXTFe~fT0D+nu*Q`+U)JwJLy zH+W8Kc~yS-{bC?XSRe2*8M#`;(%6(mtEk0grMtFfSU?x6?!R9AU2hX8^od8@AuVYS zO=c6TT4fU2Le5&$(<>f$+r-chiv2n7$9l<^7 zq+PVQIx%k_Obw)xaYgH?Y$sF=mDNtRG;K&SWiwC8hwdsHP(rCfepQZ_R}-eTq(C)0 zJHc&?|3A9kflIJv%hpb3rES}`ZQHK2ZL89@ZQHhO+cxUU_xAZlpWA)z7(4zzMC={0 z*P8R0>mC=Lf#4PK{@&qZ1xQP&aV$EeKu!ZGhdp|vd==6#(O{fBz4vAp^dj(k1;a^# zBhA~7np#l%ud=C@DL>ZrW$po+CLgEy`PBjUV+5@!#y08)OX}!LElnal153qi4pIDN z!a_@hUu$B#)>u(1hUUS>X`sGoZ|+Oryl|AS_C|f)L+oskOZl`pnM$@V8&XG>r9Ak0 zLRV$LFmRn^4eli(J7uN)$45KyCc%tQiNvwn7OC!22jkH+9ox(D-5J% zZauP|{qKeC$S=dT75OlRTDzO$BI9$|Tq&t-I8lSY-y z@x#hNogvyW zny>R43>FQ%@-L@O@pA9Y)ZYr|S?6ZD`6pl};B+kT(_({mjDr^F*`m^Sh4(AY;(CK~ z%Uku=SN0%&zU-n=ij!I8bbyA8(nwpxFI5r1;+L{OAE9gCf6K-Dr%hc$VnR^;)27D$ zX;V}DZ(*Uam4TDFi?Qraa?t;PJ4GpO$ZpW1e@jcP2ix#d7}In1*X`vRzhuSggPSWZ zNl@Y2pCKbfYL`gj3|d|li%YKqU*;8m$hSrwJCb}rZxGq+1n-M(|GId8YbNp#9c~wJk^vAh zR%9Q@-|0MNRq`_h1kjE2d2^2@yd}Od`=G zm{m@kV<&rluPb{N4H`V5+5j38HZu1M$k0nD zqC47Jxfm;(IT#!K{+A0`SxV`LHT7*1&+0vhDnQ-{dI4;;FrS-G>$K@t4LSX5!Fzq% zoDK;|dL8z9^Ib}tNob@mn6DS_$nClaUmq%AjN>Hx#C5uD?1qoe7jU(=0(ssoRTwgc z*qwT;oY?Y*n#~afX@#URW=Xm%vxs4s1J3=~A8QF>u)<*hG2__m`jUx*D`Jz zzjs=@iyo|%i*<{VGFtj$A>1<}2=GGb7sp$!pYy3@xHlZXqDSaFOl!$VQX4}hkw`}2 ze$nTS2_zJbX;8@?sAe|jvKJIhBI)EVsBw<`Il02qcX0-ps*cLtxFAA*j%N_OR3ADl zgxeQ(R5n78pjP#v;Pa?L*_)RDOiIHymJ5D#+ zTaaHiH;1q~Pe3tJx4;8ZX~ebtFojtHXQW&l;U%sW$T=yzDsG!pDos>b07nJ1NjRAC zks68m9XPg8ke4xnDTJ=6{to=#fpY)I-;Im+kC=ZxIv78D@IPo{jQ`L6bNH8_Ikrz0 zhyhu|)?Ob#L;?8`PXD0R)EIdR1etI!xWm9JEitkxZ5sZS1KwN4wRm-3+2NWWG*T5wPUSH5)|IO1fsG*{9h#(2`G)GtWG}j9$D*^+Nsc zu>s+%)kim9CU`{egd&EgkokNzj4F-U{tk>8$*cvOGot%MTBK2oV>ZuQ2dSQfDYsCZ z!Lk!{8JhpK%XxMr1mU@}%WLEXosdU^5GL9Q5Q zHl~ABK8!MPgjCuv&u<_u)WS&Mzan!qx4p0VltV7HO?VA;l(Lw?`-0U&geUK`Pps&eyC0@2h_^)fXv58Io_l&Dh)z{AO&{=>oQA;EhRD3v?OkL0?+)-kZ#!er zKp!9C54w*C0D$oS^|m_*+1i+xoBr3FN2x*RV;v>=$i=e|xm%4mWD2**jkE}j3M9q? zkAMYUVapm~N9V2{sE1KwNXT9`<|Ssxle57TSxas_2^x&etxG8VO0>?Ej|SQj98DI4 zs|Ia0mNGvh{pj))t-lz9HNtN>AxujE?Z7PWxM|q-XpK zsqK>{BYB~O^J`1$Z|)4Y`kP$T_lgwKX$)sp;s=FxYUkvoA2pY=i+gEeLuYF%%kpo< zl~p3w8d1GvcC7*`X4X#SX%5a4i_DS-ayk|JZf!3Iir#H*%@e`4n79e`s1fta757eA zxL)Jz-J>vWi4wf=f!|Rjr;SnvW%W~yR@u``hm1-G8oK32gi)rJ+LuL~v~#VCQfPK* z+T+gE0MObL8K`I4Boim6P9>W&@L_G3Ib{#r3#Er(Vq| zDff(7J_IjEoIC{!4V+(yvOpBN1ZJ5;Tq+lx^AjxE6%TC=d@~cyUfsiJZWQAphL&BY zHnAh3S!!b!OAZ=DS~W|p68(gEN6ylkn~~ORM)t)45$7#nE#MXXeWS_c#lqCcYxU>` zVHthumSXJ4a`Y&=%6L)MW#?4= z#RgV~JYql>vavGDfp(cE#gK5<&%tE8_<^2EvO62~;O z>;1=6aIBfq?$3n~8tOV68!)ucHnE2zYk1c&p>2N+3*KAFajLS6WkBP0AmR}8?m;v+ zu~1m0nxN#+noT*83GS79_%*0Y+l^fPh>U6!27==)KovES_V@A^`?oM!Uoo;5Uk)ZSsKmBuEG0ElH=M4lTI|*%{yUeWMEw7iEo^% zH%>&7c%Y19`DeVc5Xc0Bj~U`wrC~|VVX-17IvA8gkr%&0SWmkTpqCaus4%dvedC7>}Te^(wVe^J1|xWOgsJ4 z9QLD_Oo9nE&p*qv3qlO|oBP)pf(cbxc<9awYfvU^n)X7%uQA&J6eeOXIV%{0og^;R zP$o2Ar75p=4P9nYw1dd{jMPsXfytNv}O-$5M_FKB8!V z{q9nQVWni?WEC>nnmEd_b#-MjX(iRQGF0#sCl9BcWKfW{iV$gFDwCaV{9!+Y@q)&N zfqt@I2IIpof{+b;J7w`pt}OXK6Z-F!e})3O92fy)yEi4H#}Dsz@#^l0;Kq$bCU@EO zPe8g1XID;-6M^gpb2m;+0lP6`*DqK{|UEb1Itv)Qh= zh4%4mTHeZT!#;-K+Dp8Is5%Dr44RR;Vt56wexP(CLZoC5nX^cxI{TT=pDZ5}bEZL- zle=+`MJ$Y$?LMmn*5s@CE$?#tzFoo=u5K3L3M5$dj9PWCvb*6VFct^_2EbQM3sc3m z1yU(;0s*^1+ko2dy6cT~z0!hyr_>o@Mu;p`jw}Ts3hA?&wfETCy?6tQvSoH_Sv{@T zG&qVH)jHBT$bkOF+_Ac)iC4#_f4zXtutj0Tf`@Z97#KHm6+GC0?#{a5HcSYHzMa)PQ(XG%>1-#<`J*8x2$Qh^Z6xJL&G;z3ZEpKcYOD;8wT}(b7e4`|v zuC$>Hm>;;_WTre$Gl+9h)h!c%V1GdP(nV~&u|LnJMsd^63pILi*_xhj)>pH%KKL1L1O9&1rLKJCUFh547T06cB zV#baYmJj3#cmYK$PEm&%ei2bYIaHEcGAs;$(3`CF= znwy@hOdf8nif&x9J_TbN@k2HT^u4zTL4NclvK_`cSTO?yx;e&Wg`)I)9)Gz4brnkv z#3;d3#V}VU_xCqeSVTU!Vjj9aM7GA!2|s~l7~i_#dC6bQW0j{R7 zFzvmhXGomdk6K!6Ygi{GAuP3;^o^qTR~1h6%HCPaVK1FRrIX+0>&kPiCEs=XCS2?Z zx;t#_3x(#%1h25DcN$$ujswn4UOA&)cI5N?D&r2hWunsYM9a2EUf+tCk{#7)fxU6} zT;M~nci|qZ37?De>{Bak5w|wgt^kR#5()-0xN5dQfjO;A5mVWpV*?XjmU)fFY#=8F znqn7C!7O!m4w@3IS`TO^lsQl*qN@dhf36%vX|hJzba7VNP-F$0#o0 zZyx45fG9peBuy~0d|O368QK9~KAE$UGD5B?fvLdbXfn2HDnMJ9$*SP86Ge_JaH5Mu z3Z*I;E8yQw5!Q=d@0?rZ06jFui%7B4{au`aBnzSHiY|U8*!gKu-iNTQ&naq!Ua@(` zgdW_K{tOLPN>T>IfNWW+dsCR5S}`p$z3w=6+W_0lz%x*1*cJ-KGl3LIvkqKa{${`A*f zxle&+(rG$noGGkNE+Lj z3;|4Ca6RSOcGGZD1)6n}oV&uz26QXoC8~~^<&76(yLm@4tKqd}!WC^o$ih-4WA1Q53@GH2`U}(n7X+`}-ZQz~*r* zeYM-xv3C;hK6$R)T$eNe<4V&ejT!q}`8MwqnBbKh!KCULOkw#L+3^AhGoSj9kA<$G zD>Fe9hnkZN9QG?>EYrU-bV!TrS@%pN(`Z|y1v2<8z_I#zUkFfD8C z2IymvwA(WeaLDqcYx|Jp*>%M$ZbCfQ_H5D$eq*h)iC-$IZXvlQsfk=>Fjg&LWR)2J z_bxdfx_r82%Jmmx?6K=9Ctd^i;?@+$TOb3N%b&SoMq0_)Ju7kh%TA0dRKyw1&j)Du z6=^b?z`p&BQ;`jHlwIuc4*KgB`h2ZnQJ@Fpaz=rTCkDO?U{nv}&Ic5;E2#X5@y{(J z&|gbV@xKBw^R~H1D&k!sX$OxvkDOg{WT!&d2Y3q^wWqF+6koVSH*nz=EBJ8_${c)u z@L83*DWN!@DeA@O{D_y$Fus2E2=>S&iSZ5p5|C3>iF{uI+|5;D<`1=dS>SR)*X7#V zvGu={6Uc;ArvjM>sF@+xY$N#T6K|!)kd;kpmesiX(PC5I>MjL$0^hkNorRDja}ME6 z6y}ozhQsCV4@6Sl=2@26vGjHe{3ACdh zR$9h5gRrPz=ZpbUc8;K)7fcp0Q)*Pec3W#?z%apzp`FGcB;X4t-r_NFCH??fz_}#^ zT6ryVp&hcL9lrBW3Pl=e=e?T$;(PdX4?k^|-YG+3v^UXD+_|-`Yp00m+Kl!1QRXhD z^CTKYJZHT(_#zjW{yKb#!@YgVY9EP#tr}=jyFV#b{7dfJ44)0lAG$HmK$ZZz#?UB+ zYAsId&_}wik?Kho2Dtv$vd(vOzX8gza;Uwjb>9&!hnpaxtMun@l*5}WhwjN!WJwSZ z&RrAv_IZvOn}7L0-Te_1@^YlI*UYzX?ko3A>k*fnF(T)% zjIAFgouTNp?S0OxPNy$$0b9KC!I;_GpYQO)H;^Cpk{RF^4#XoIa>$JQ%wGwtGh${0 zl33P`RROj7glZEsoe>Qutd29@<-FtJxU#&}awRugHhflgk3Mx$@5O zf-@Rishc~HcfYSkgqV_^TjBRevN?(DNt^8c0(VNeLv!uH1$Wq)T_$%@x?_z_ASTP! zAg$I!t+q(6w#<&!0MFL=nqA87;FJ5U*zJjjSApyqxCfwb2D(F`&Ob5y0|~RY%r%Fm zZRt4&nD`E?^csMfs`vJjS-qQBo!G6F0HRcHI+I;7AEDY6^EWt{Qh0gn;&f-g=SV6o zsc<`0@d@BDI^?k(3ZzJ#l1VULZTd}#QC9k@Rgm$3hsgzhc*6``aB`x6UWt$H9bMw? z@1@G-!WK`xJ()G*xmEgk6@w$p345gZ)VgM|c_l~a9p-^}Blkay zMM&nog7Ot{+cBk%w1)sa-T;Q;6TXmb!ECXfrIc=j7j!Z#RF#!xq7DyPn8Q})oowf zC`vr8Vg?~@M^pTOpNi~?v5xnfaZHw}m>@))wZ|vN&H>Cx;93-TGn7XOFh{gTXKdvhm(|}Sb3_*>d8t`k(XdBXHceb9 z5vh5n{J!Je%yI;8Ivf`RaZSi*NtouEZ#*h){K6EwHBWX6)vBioBq3pM)oWUjRkmGR z$N5Oy?rTyLx^F_hY(O~`UK1+?r#|Nq=Xx$dEnSGV1z8J@9GQb)U(6TfQteih_r~*Z zB};CHFR3hOme7zSY@!%fzXx82X^_jUh}FQGe%v|-7W8rQATnOY-T(}|LkRV~Az0@y zOOc!N1*>MND+dYF4rl98!tZ+X{qOSAKgB+>Mu*SQpRyCpPr;A)|5<*LHg|L~wlV%! z(a$<|LUNEFUc}aT|2J+oYarK3!5^NFHO}h%evnO9Lj+H=_M#4?;|=XsK%c}_2wwVD za!A;dn4Jx@XrcAV72nNOtI_m!Ej*wYleF9UkTAh?-2hz6aN(A zc1Rm9%s_t%aX-{E-2X5WF2)Xy#xe$W|EjsG>L?+pq5H5>Td4=~9}dLeS1hva>15cK}!aG9RxZTBtyJ(}b z;d$CCq5JL!SL0XX69_QSc>8Q$C(I&Ftd3*||mbSC8v(2ldCH%feJF<=Yq-K(ZW4@h)K=8)#nX*_{cd0&gaIG4gdl{f08xNI+s6Jig!)9%MOLIWmQ69jT6HMyW6)O%u1z^dscdoJinGU!NS&$` zvVe4?2yK)buAyaY4WZMA!wgpb_I#skoP_$=nAR?3(r$gRxum#Qh*1fk2fD?TDvknG zEo*%5(%7H)y&xC~3iDPu~sCu-G zre;oZUDLr=dK_bri|pb=e&52g)0_*%<~sPv%Xt5mXs2+{tyS>(XllSy@2a!6j3&9G)CMmiPE02G!_u8lMr>TMc27;viCDrOKB(t@J- z%XyLdO95DyFgB@+3V92L z<+;mElyUaRSi3|yo=uYLraWhHzBVvhhbqTlYqyAsnp{8p_STgMR2p=t7<65^5tnzMmLbtBi)4D#1> zo;iP<63=*x*px(U$|7&fVrdFpP<2CQxiwTGbqTX8T@C_TKzx97g{?jZ!&>E9bKiIT zDfC|MamD$_7SjcMWP;f($%UmTrj0`NfzU-H1?cpGv&AVy*X3R|6xSRyGsZJI^TAded8mhsze{B@B>Rt;>Zd?D19iTze+GU!e` z*U?)*4Bpa%X~t6Dq8W_Rp-?9;b=fW{7e2$?f>teQjLH;v)4~$*{A#~xva^dcJ@kdIW-IWJan2$epSJ@43%*N6XMXI@)JZ^)h^)P5Q zr8Bpl1LD@UEUS-MeQs;Z)HRo0%x28cOt*adgrn6dOlUG*eb?cS1P8^TZsl5&B3 zB*uPe%Tf!eq7N*%r(q;ziyJGe7BJyD!Dkv%@oAbf^Su6cH^%GA5}GF%E*20?CGXAj zIaImzDx#}c`eiY8O_;ZFKw_+)(XIP{#YMDiN-WV7#YiC zmSljKH7{}lc$OPw+T0zpfy9eOG)ajo=U_&i)*ep}mGi9Zux;(al+SU66jP+qRieeC z*gQWq(_l}(OddBc1l8J3>WKt<8b2uD`&JSqb@@5g=b;p1*M6;QiLu!Zud}mp&y~~N z{IXy&BUNe%=^7T&SL4JQU$0i1m80V_{+57eNBer>SkHqgYK z*06*6Bi9ylbzZkEVMcXq#)SVn*w}Hder$|ag4~a=3LB!*w19<$KDC(%Bc#o}MYxoi zK!F$;>vh0a)WHu}{Nt)!K5<~KaR5q(D&uMZSF{Pbh3sQr2HuY3E1zK$NznO3+$J6HIZZzePs4Zfj6#&SYN_qnpU#s{TXAYepEnn(>ZN zyXxSB)CWJEFL6%{-6WH2SlGrlxi3Ak@$!=8&S z@B>xizFOz^KH6(h*op9++G|tvjzy{td>teQiGwfv#rGcr9ACye)6bznz2FD7&#gf| zyMi#^eZ4`&tXEr%Z=po+5JabdDajFE(1yPfh?pp(*&}}`gxt-*d{Nqq(=@|WC6yZe zs*}<*IkFj8bVBg+mMQ72EWm6So6Hl1n{1_w3}g=VtVa~hi*Kz!#kiNyugIUFVIGPt zeB+IA8#|Qgs3NXfjKE293J94dh=@c`OV!TX<2UDsSs2?E3ly7=?k20<2=#`f`}B1W z_F3Yy1e+^p+o#30T3p}I45NHs3jNJD&Xrn{sLIQFHJjpT_)C)qqPrNfnqeOx((-ZI zw|cKEjHNRO(zUOQ>K#@wu^SVd+{$u#7p>_|k+DpJc~HAqx=Y-so8UOqG|nP*pgkL^ zWmanK5UH~=v{E8%^AF6J(to#DCaF!D$id7X;mj2Z4UQM7NG@KGX19Vpk|z(^H8dwKy^+tJ1Do)$iY!9PzeQ}ok{iHlTf(BR?Fx-Cs=_L!DT$LI<7L__dA zRhPhX-Ot=1bM#Wv?UdwV3>Z$@>ur!0N{Zb8avgW7mrrJxMPp~1Upo8KKe(bfP-yQg zAZB@;*ywRtkY9E%n1-AFad+T(7*QoDJ{c<}R0@}N-O&ixZ>=#bTE|gyGk$uLE2r%7 zf}!4beI@m=SHs7*MJV&@6t>ttp7sh}oD3D8QfqhY=$LU8pYjT4pTQq`iS~8}SBsj@ z;YbM<%gZ8F2*|>oKyk!%v1fh&a^q;{uvFg8Qd@3TumN))v-|xWklsr!Sw7)NUIlRs z|4S_;=5|ruy(v48H$a~~UPL6<76dHJe1x87(;F1H_*Yxgf~Y(O>{KbM zV=700#-4nsiwA6jm^?~#6}G@rYSP8h)d@o8Q0d@XY81)mX^-DQuzGZa9mKgkDCRHi z)Lr3Uy^5E8jE|14e$^4Kw!Kbwy-%{Gxcx;G7I1*n3X3d-k|@qJeX!(`{R-9O5PyD# zh`a(Kw2%T~w0U^EUut-K?BPvPu5x@ktfzZQ&>{6qyp~abdX(R&dvwGuwtvKfHsB?- zMMnj_T=Jd5B-$fs9p#piiM^$O>u+QzQ1N?RM!@k}Mi-PQy{I%08`@=k1X_}kFi}0x zg%!rjsna1&P%WA5K|(7A_00u#sbcff11lrFZIUYg-LahL5%-(?=i7ShX{4U%+)I#i zLesidPvn!(>%FP1ugETQVZS)@ za|RRzio_|IlOZtUiZrNQ^UN{+e9(~n_o$As-@~Bm#^{}#=(uT_WIU6}crK0Pwg)AXADjTGD z$W&!brtYydlSGvE8iV6zjX`~$CSmfLB6S<+uSKWWlg_c1DboA6RD`=z%)y(B@x7}F zOQP9n349O;TQ!UH;0|g--Sh@%ooF~#7>1q^$)G~ZypiU(1P^Tt&T$T=vxGm18GM6A zd1bwFNVAQ`Jg1|i;pGT|1(ts4`9Bs8i|5`vF^i70Fqn8H1?nEDy-{*?kB6we$#jnk zN%sdhNGPmz&J=hx)Z9O@A38ofD&Za#bdQI6CsB2cx4cpA>|Q)j*UY%SQuf62%c@r2 zZ+oTG+*jBa#5gpmz2V{+@3KfYcHSc$jvLKZjWa|{Y+-8OEN^?X99PQ^B@KZ!9|O8- zaM+LKw`*Uhl+t)kRKQGA5)FL_ zL5aFHiSfvCD8#BcsZh%=Wn;{fl<3jedO-cmZV)K@xWoE{MWF-u@1N&?$_R_N6V|ss zC4~GRq2m8W#Q#rVrs97CGZPJIXgZeR&e5uhExm?b{X`pr^a*8<7D@~-R{jGpGXU)F z2bg*MFJR_>MZ%D|o%Z*42X@dptga06fWKf|nmQ0JIfi&$>;~oC65>FFOl4>O`L^Ol zUSq%`JzP64LXeYnBW>!kLtO;t_(?@FM+Hw2N+a%@_{K*Ms@VxApAxkWQKVkX*h~9^ zEL7lJ+pj$jR+S{46C=WP8Dh}l`a{d4SBeMH4tp-gsaDE%k!C~chu*kAUwkK*eElcA zu&G8_uykTq_$+vI@Q)XF*qAI6Mn)+O?ToP~gk=Q_eXC^j5dSa|4Rx2Cl5_SL1dFv? z6BAJhnD&%Yz@~X9aiCMO$bQmdK_zXdOQEBh{(!;i*NDFJE1=L;8%(|=gL=@Hdn_( zzN%9!-_r;v9vGAis4p}@mG-Xzv8G|&2AicToDnK_o32Zh&L|GZ9;$ggJU3`KG13dM zgeg7Mqk<62V-h^AR-08`XL&Z5k5z&k<5^mQja)DhoIvh%l0chT7npS--L>3|#JBS% ztyY;YrcDNCmj5X)Gx&>olMMy{Fa-M_w~Cy=zf&)~RnHueRp9^1RA=dgz$e!R`4Q|U zO^Tudlh>DmfXGCK#m6S$kDD+_fIT}fM);wHx47+k?}#O-sG3vw$5ZyaM#-tZ4fPD) zuh^Qf888}DJUjRJ)OhM>7vrG32nm5Huu#0rL%^n>7m(2yN>pbS`Gs7xqX-jl$Q zgYecIVPfEpVB*Y9_wzQxpy+06_INt>^%$aAhelrE8# zU48R9&(4cmlyBBAVqrERgK|+2TBtl)UF!t1<`){QE5^2T2^on#;w*8q%A($g9wORq zhDrhw=@@NuH7~t6$30;3luF>%V=zOj%9AwccMxqra+ll>EYfD>OD=N1_BIIQGMcea z$Fj5d-FoAfM8%QtNX=>8Hh?rziJfJ8aSpp#sk5z~Tb`aaNM~U(`GQdT^&E19`wc2JQdKnV+MsmA=(ueGEWxZuecmqPGKx^h$ zWd_OxQMD0T35ylPIvx#9OZc<-1cb9559J$-AVH5~ASkZ#iQNNsI`3x|gzeN$T-%J!Q_CM|Wou4eUFqh~WPHa0Q24O}+N@ zQpALek59@3E;wZ<8MG3fTh|~zK5cu@jo!X(#k@%}lQ1U_ZT@mP6+!v*71Msl$!nI$ z*&*#_b;@;)C9(r2$3kU$hh-lv$@VtY&J0j4;FdiX7|UdGI}V?PUM;tcUYb=ae3A+G zP9wYJO^aN$PRoTdr>DEQ-r8Uq&Dzc3gH@(^9oxb(bl0DnzAr(-u2B~iHP05SST>(W@@{wB zlbb)Vdw)yyrLFZ;3x}^`y$0cn`)8!+D^189uymXO(eKvhTT?E<@oPdgGMHlW4XHWZ z9Gj;z)*KtP#xy-vdUnUrB5{^^(Fejty`?6uR#plFY_2xUZP3CxsQWe~*SGPmP8!p9 z<3*hIKks@#?_r?t?KL%bcO5+5RdFw>ipdNKG%^=#y261Nw%QwR5He`+3#k*ky0%7Ox%nbAPE9_FY`q9p6^|{_KBgQ!V|ceDP$QD6fzG9 z%h|_5Of~N7wC&^LP!6yAc-K+HX9@(mW=(a6&xOV!#D5__cr8j#8$b^%h*jL>ccKrX3=bwm3g!+}0|ZHo!J-(8W;)QeAn5)ZDz$96iT7&oZ{A(58_^)arx{lhW# z#27ouNm!1p*)KMw*BM=3QA^$tEj?xJF`ge86(6d$J0u@?4E4JrI}T#K|9VE2l22xN zcHBh1<-io?!X_jQ=S7iO5kqab2ZQi-vk>;VCB0x3IYWdh`wQIAS=$(g?IA<$QN>>I zJ`_45MqWSMkaq|pa_IecVh8Y22lZ<0K$Tv>nV=v~^!TVazmK)R7qv0=r2067b^{&r z(HTvdInj%;VJJKD#*HE?%C*&$Sbbp0b6{0`*p=HjO1(&x-{eajq~za<zqaYnQ z*f>Wea;%_+wQ5q?VePQK7n*-8ANu@~W+=e})1?QrQuD7)lfV6U`K+#9;ghR*6JM|~ zLF+LA81AHoA@Mk(JQw2#-L_vA%|Cq0Z`&D|0-L}+p_v4+>9!NekRl5jg*Ro@3Q|TH zpFI{>*ege$v8rz5ZsQ2`pKQ4wvBU8&!70Da$_az>5bUYE;`<>EQi<*kVdv4kxG%o;zw)JtF5$evi&Td@s;Bczb8fe_a2#j;hI|Jyqp*Xj2%2kA7YVbeZK! zV^gJ@rg+F(`F_wdL}5%>8zwg@u4jw@&97?>A`&F(o>_NUDb`48HvOId2%6Ef)nM{* z2l>C({e|t*=;j9vXbtrrFEom(|Gw@~s!&QuKjaxK{Iwt&3ut^^_eE5;<=0Z>i1qLp zc}P_FaPL)_`k#L9rkTGBY0XS5?3@dDvv^BqZ96u=AyG;u_gftwTO(~R*%`Ml zd~|<->@a(N+kr$-P#eeg=5teDuv5ahE^wQIl z-Z_K4+(lulLKZ;Rz%RPL@|HS5?!0;rHsh&DdRjgt@PjXcA z>}*o6eb=j$-^sX4Q)xA!Ot>C$c&uSrvBSU+;pC;Ds-a%hpQxepO&vlNfxD!^!%AnL z)>>s`Wk&|8WzwKV*rP#~OGSYykF!+#@bv}cjo?gJetZ2bzOk<696lbo{OmGxl_7d*{DZnyLuGrIwL)n z>zYtr%ARl4&#D{F5N_RuhqWBOWmUpJaKuh{tHd7wm5 z@syPbebJ&1lV#*7-R-g?v{eDmD7$_&v*Tgv5jsPm?wZI@l5zYYjLDnZ=@)_E$LSCCXfKf(1@M~) zKm#zAZ>|43^%5=ZOUNY0e$}bS!zD&#kkPZ&HVl(wuUzJ5eEjuv{@8|#FY%BHXW+VPNA%}m) z|F$zKDT#~zD~X3#z{=Ft!Q9Er`d^k8c`Yd*0p#!KmByctnP*fKbvWxA5&UrCKfy@d zGu467kzDj0qP`U+xuHJ%e3YCWBCm*#4zxSgArE(N&#=3YVk(DqYQq8;p+TSOPQRG( z7u#9GkuXS*%vC98G!5IyggK9Y6=C6=9VXX3zXi#ku9p!mhH@$vEHTPoD}aT>9nXf$ zOBXJjeFLM$w?#uFMW<<$B)rA%!sLs$Rma&^rgCCwvOVMgTSx9-LFoPI_#RLXUY3#b z)maHDucbmO@0K;fvMiqn_KL?XU!^V(VSf|D1}`Mt88tiJ0f#~%4O-3-#U={9#5BwE zBYY)a8-_D9vaY#Jl=AK0G8#OQ-Hbr1$xV?~JkT8PwYIW<>IN+>NW0_G*fK`NP8_}} z@E=F}zYnFea7j$ee=Z|GgYyeGQ3$@G%pINj^z)8z}mKGG|S zqlM~1eTj(KcX%AYuOv7kC8PUGDM*mcIBQDSOoyT%+*0uCmH2l@$}~yd1r?F$M2WZw z9O1n5yALK5PPlZ^2b>jh4CP65oaAp^_{=f}#)rmH$Fa{@xrRaSu*BtSGt^cAdW@Z| z3HGUDv5HZWKG=C<)QLJuD9;{hQ>Z&??8-cAgP7XCdT1pRK^4Ign;T{XMxq0JO6>eF zOJw?gz|t#ewk>L3m8o)!o6=e<2iLj1fxA?bowKVTVRvtxRKc8PE3Vlp*2Gels?VG2 z{Gb1aX{*?X2k4)OSk)h`$p21=`M25qukGvo6O#8&Oe~ThDF(QJFtV3{3T6O{X2p`I zwYxY(5kF|2A)ahJK_n^D+3$RPyyqVum9HRQqos<|Qqw!|dqI2qj7+3`W@1z8$u`$X z-3;$XKi}W)CpJH**R@`R%G1|=erPI()~rDYj>_WJN)iUr=V1zYFw)4`==SDA8ct!U};{QPrs z+`8lRtq9vb=}N!twwJd4Fz!)!wB^c$8|S_Lx5|~a4?#{3TUBfuwA#U+xCzS{ z*0`7Jj11A_ez%n!cp~xbiXrjsQHY^GfiOop2fH6HRq$4D4&Nj2G{A@xy6P0e9`7X8lK zqjuHMjA~|kz+T52x6ZT_)XDDe(4Hy=o=^4r{7t_G>65d4PxFRY*D*8q;7R^%CFWI+ zBIm!SP4%tzPGUa7lmL7Zo#hejW>Whie*;CFEieO33P-ZYnuIZz)8`gtlWJDz0hvM{ z1h=|veB6;=J|&bAY2A3>26uuIV9)9qkMY|T5KSWPGN@3u2`L@Xf=u|Vyr1M9YQCcp zkt05BbAVT1rIDiU7;6^{;p80wYr+6vg(C_Ja@CGW0BiM^zaD8V)#ivfUtw3cWmN!4 zKayX8Vs4E}tsF|^je)Q55QS={$qtJRSQuqVDLP5@L*#X(H!z!)(c91a z(3Em|q7IHq#^fuwGvFUJ*4M{_y&3CB>BOq5FMjo6ciIFiOOAU2K@$V4j*pQOwIjq-;lt-HCz09ifHLC#t^tLWDPp z{r|D`j$N9B-Ii`vWu;lEO53*mq;1=_ZQHhO+qP}n&Xeys`;6V)yT^zR@dNINweGd% zye79Li1H~_J(?*U>xQ0`syi;J=`@epO3YN}@ zitt`m@tYe1mcD@~CW_?X%!=R&gUL#SjJ?!Hg_Fd+O^{a1?tObs{-dC8qtK;A(-1N#$JB6EzxH1`t|Q=HCM6C0oJ+uJ`kAuK6K@e$(M5DqdCi@K2?@{?`y zWHrJ{9IZ-ca?f%E2#R1Rg1)Mrx}If?bDRPd73I9DERU2$;2`o=S*Ry_shRXT#0u_HTBc>}16P>6x& zu|m#6OXa)74_LCsON}Nm>{Z8$o4(Gv2p&`&kMXg2C&l=Ji;pt0dT*xjxK-J@G7qkxirTm``fsX1 zEnZQ4v(pSW&Bwdl>E+#EnFmB|_l6m{f@*n(Eh6W!MTsi;gDS;|BePUtNSZ{`+>-5l z_fDmQ(k0TTONx(DZmZqr4A09PiE)5zsTRFpk!C`*_ zvxeTD3Bqcb;D>H~GJF6QSk&br;Pum|-0zPVth=r!AKs^Fw0~*z<^{#4$c+xuybaJ| z`IqtyCScZmj)=O8!ZM&EX(W-xw~)KCh3YZ~ar(dMyq@-P0#ndKSF}j2A4h5LI^m+` zHB%1XS^p64S0VlD_Lj)p@(kGYs8%WRN)P2=myNLjKbZ2Lb_^GGz&#IG}6yq3B^m*BS8Thc4k>CNKw*w^(jQP zv()`LiJLv;q3=nYOtX_b?Y-K!ghDa8sL5ViM^X&kX6t#Qmxk47BO1?5W_gF|RRDUp z+`4O3se7pz6L1>QNn$SGAdHuwbz08f0nk$AUYdq$K?%)^f23Umc2zbUQzai}$s}R39S;7|o1cx}JmyiYr`St5q zaD5GaYo5o3V-YSL+(4)iJxmad0Ro8~2;y64c^6;P7uwr2C1F6F^jWY}BmTow{69Qy zar6EKe^x_uo|0#xMGANMmuok`0oKAxRn_fg)&%r{wsWij%1O?-gFed%v(?wE6`2QX zM}Mfz@`3e#*PZ|Dp4AMdtcZVVPA$y;wHY^bkTbNmv9|jEg@J)e=k|z-NZ*@`lUDst ze2^e&y>dwNMF;|}jmReHK!J>dMN~967V(xVaaLkZz*LYW$l5Q1(o-j-9yUV3w*X!; ze1e7N2!=25sN*e*IigLSV)tt<=jqqYZLVYI>!WLLZ#Qrq4({81Gzl@0F_G6@UnMY} zBA581N!6{Bj?^TZDQT`(qYoJuo_a_aT9^1l+VS^$1Us*aAhO=LnB-b{q2h>`04T2p zJ-H#lt?65%ES6-04zhhJv}Cp?WC&%ng4>tbmyugmU<|zyoC)-zLiDA8v{7>=0d#1) z4*>&%7H`riOCh{l#Qglw6I2#1=r0jQ6s`pxW=4EWGgLFM{m*_`E0@ubgb1}e$p|=D zA;eJseLC)af|?H7sSzzk)HS_T4R%hJQe*mE5zfC-CQBtoQwVsK$s(xsr56!p@%aW5 zhjv9qbS{;zs*!C8W~I=+D-CXZFvbc5SlFoZ z=-1e_?+unDO&rNJnHQv)AJ8qU*+r6|E>+%8RGS+jDoL@-L7R`5s=^McUd<*?toYrK z)V*rRag^MPv9N{JL=Kak^p8VhjiUn4vPvYpsWY=@p()st7mUJ9aG4)}VR zI;Lm#v@k(%cKVSiF_~0vsrNjV%!W88Uu^t;JUchngkJ|i}Z`ezPC}-xS z@g%)I!A`2<_1?XW^K`|Ot>zOO{BHGBQHGuT}HfzbL4 zm@%)OKlXhDQhxfyaN7~?qRHmRwB<&}<^!xp(f8}~H!KpT4%o3Q@R#OFpZ|InucmtZ zwfO>%&#^(y5q3v(+u9X^-LvLPQm#4#W=KyssV5TL95<{k0c<`nK(F-)-@vt%%8v&z zpD*kl98xyDkL~X1g9qe@f0tA?u){|a7*EEa{Tt57qXQrOq z^#MVO2YI_M7!!4L7df2L&WBFG>26!i||g+)XE{?11lzC3hZcPlR* zG~)?A_ypZbyC!!qW_M7w24*OehA@Z*0*NJozn&x~y@yQ*q93DkPFOP|Ro0Z%vK78n z1hgK7(Vs=(|GZp<#n}kQmgjn$h0!Yst(xaE+9ec~slQG9npX)zBbi0kb+|hME2syz z_xF-Uu?QUGFQ_37%C3Fm{*6tUoB9QH2=d#3-j_y{S6dg^DhG`P>$q-St0L8cnwGj` z-+^9?P3I7EMy>o`tr3Jd6!Jm0<7BTWySg;5X{i8NOJ2rMIrA7ShG3H{`M$Tq!1$rd z+wb+;@0CQA9WqKSh8B&B0j~MTJ+6BHtjvdj6VW+)vYIM*6>V^f9H_!XSZDQ}QbCIY zLX=w5ztYLY>zlx&c@Rla&zd%4u|5r$lys4#)h2c+?`45=uzdTYuaV;+Di;3LBNgoBt$pcCH zh=Z^p@R-9;u&NSz!9JOaq0IwQeu%iT2mgdaDOck%V8BhGkVp#)15k=BK-A_@#C{9F z7R1*`0E)*Qj7*B_osy{M=TfQV*QOd~CcLlQ;|x{tJ^G&yJImj%KBu3u?WdWxU*;){ zLrs2l=g9|nT@XHQcj&Re%t$-D!M&AodJ*$%JIzizzDd8)WP0&+Ck$6JzBNjLel~l2 zMMe#C+}$_dy<|>&YGHp9M1L=yz)`>DOBp^y307eaYFAk<6*G8s37Z0ycGPE_oSbh}*+*fX&cE}v-(KeB5N!cc4BqAIt$^3yLZmmrB$qDHQSn~Jf@$>sdWAm+61}6j`n(3tA&lhXf;nZa(R~zU{oib zV=uP(XPwcP-lC4pg>LP1ixSyv=HWloDKS*GXs*WG{CIJ4wz1GZ;8j#gkss@V4=-u~ z5fCh?A|{?Br;LdH&WQGLde*!te2=mKKbwdhK z!U^(+B1;%9#w$;4|9(^wddGEfQzzAPf`+@G*XQ!p)Rm7J#8CfT8}rdbg0&}JbQc6}YYOY&z~GtJP#*+hrdqNo7{=J^LZBccNo^LFOXXD_3HzC17=xR{r;l^q14@%Zr^ zok3zntYp|O)Ni27nB=3h=w*18^Hw;_kV8}M#bdB~SUF``;gJqo(iB?I8-X90@0K3d z%7MxIAWnCgJ%Bqa^RtUkdjIqipR&P6vNC}hL=^L5u()FBmyibq4(^-f)pkCi^*BOO z5Shfj(gqxz%K!+MKIO)VnIs?JJc--x@2=gwn+h7$yQYqC^3i-tg`1y}_f1s=q7EW95Qp zC1tDRPw^%?)4hbEthSH=8LUfTTQ-!BGZW44; zau}Lj3}?=zy_e-q5_Efl1G+8#ia(EX#-+IT*H)qJ%nmm*%+@5SK>eLE2ksrV|I_@h z-mc-CU<2ilXLJXdBiLD8f2-Vn3HzbUGq~VMuZ3=v?;9U9(E`sQMi!)19Pr>bk2o}L z#UYQ!F5g|3zUJ`HxZWaWTcAsk+6uL+(-?R(en1CR*&hlp$Mx zL{5tvFZ8(=pI$K4GUF$_Ovop2 zr|AvJ>o0$;{AHLgBp#C+Ig#F0fl?pQjwf722?22Y z{H_;l%nVQ-{I&_H$~vxHs7I#P34i|)p8Dxv`q_)~XkyxPh7%+r7^$_$MDGbEA5VTiD_RNd@$mSV%opD#M^qsuk{`^QPF_7{>1-O!&_yte(?LTO2 zrR9c7JQh9rL zlK29RR&NX}rQ3eZsDG^G8&qo6P|A_%%Rrq2usYeoPz#L5uVy-`z7c?c1rV47C=AOb z^Pt3!;XfrB+0v9)5enL-3mcwn*>Bk)%pxs{*^~Y;CVvi!MG&+pZ!1xhxHCIaoQzzT zBzGlwG=3r%j5Xztoe0t(4yZCkP(F}jx2%PC&Md1z=_V1Y>td8HqbS9yYqy`dn?s6V zDN64gRWV&hs)vOU+eU}ZUobSjb73i3Q!N_AsTm$Om_ae^%(IIqJMZ-{T@?3Is*R_cy70n|5SpQc3+X1Y*~vvhYlb|R#LL}zh;bU%Fio;LGl+T?7M z491!-6iQVku2(>mgGzR>ta|1d-%&~=@?*k+tBa8Y@Jliq7s{4d9g!$*8w{;IUwZgv z1bEFpd5#Cv&FDL?+C?{7*o_Nv>cE1dW!?(lGQXaruVCog4{+)*?Q_(_$ZU;c)Mz-j zgg@>gyY5$4^|hoEsFdnRv`7%BoI+IyY{;onHjmI+?x6&*7_dB{(AY75WR2GMY#@d> zr+`)78>erW-uP1&{|bYbPk_Fg!-dhsBzUct!R$sv>kht!lk7mpY1ls5Tzp4)k8D!w zoK+}isru_Ood-8BJjd!BL!Ar};b=O);GC5Ht7|h{nNep=1Y%&1{=+ z+SHD?v;+ol2{N~4##KewDlEby>Gn?AY9>9O@RY`2@UVnTgO*=fY_cXwbgl2AB`Ciz z&u33-mUG(RGj?hwq9u|%hma;5`O=nvGD~lkOWX!mZeG)dlID?d1qS($D?LN9m~F0p z`s-v`g=_QcjckIQ_CBZXAjNW2?{SzZFAp6%|8#%t1kxJ$LZgxpZHXMi8#DX_?~PH& zZ_%f@!fvTUU|y;qH*BGR2YAS|zvYy{rnJ#j*6lvL!0>z)!c-Fx2wP@W*DXcJ!iRZc zYz=L!H;+FqjH0g7V)s#o%u>naa4D-{+i1pikfdmOj)3_NvVu&8yKK_e5%FLv!&fn3 zh}`cOZbc>fXrXRNuAZ2tr!$nQhNii&Gh#Xp9_;V%`AxOwZ)l3iM%VeXtY z!jW!TSOxlUM$%A5($cl9n_iq3a&ZYG#<`OSXPR*LG+&$!S1N|N5c3jNPuo4dN{jNk z3S6A{Cr{K{*xx$^Bu**$X&Ke(Vvh)FHf7h01_TmKD3*zfO3I3qOUH=VXQWB=e{4`W ze^AIkrZM=o5*u2~+rg)5$2K6gLf4mJTY_xYjNREAm ztB0nTE={u7ma!w_DJBX_KLs)WY))uVcaWk-0{M#Eg9o79IO&dP-?s;&1r|io8P)c- zMmQ-gCz)SA;hIsjz$PV21zW=oW3BGG4W%dRd5x-hXeu)2M}KVEhJH;*B{7$0>#fXZ zm}hS@Sq^`P9(UlFCTh*QT0NWSfSuqSzcjy`_=|#)Y0k_#hbO;&3>m}6MhUHvFIBEY z$S#P(rv+&RKrX2T+-9gyEeS-U$9&FtT4QqSszSo#tRx$k6j6Ti3w*Y@C*OL%4NTC^zz;}*q`({EcVIKI2UCreNVBYU#X8w%3v-_#2>>gOl4ko(*V zHpX@+vNj+czkmbonG_ot+;A5E#?lE0#rV$-I_nnqU0eea59jzC1Cgj%o!@Wd^!SDk zRz*DrOZQDz^1wU_v6D>_8BN~FbE%#F$LhFhNv}o`rEC&_RwF5AWn)&NsM;d+wo)~z zg+oRWQyjdnIU$W$bbR~O#YJ)H$m|KJeS{1fF;^bHCR<5ulPJbuX>wW`mHl}dW3^M$ zipyM4H_ijk@gn5E#F;>X!76{P$=o0g49%pobBs;HD*EUB26n?2P~9vH6t^{lgE|Y# zIl*5bXNw>UcB_GxHmSz^P z;V#51^~uXOg&V!ew@y#Ce$_j`Dz+)*NV!))woADjFYKQn4V*A;p1`enw;D)+%6OV! zqta^jGe_8O#C1a;uflXZ0#;YNh4Gy8fktF%dIqz1q)J{G?od7t?ggQks?R{j9IWzK zHK&$u6c2M#4za2J-rkbl`b3a4AfB2pb_GSvqqlEpXJ?+i%uno2T_PC6Ci20{w?m|o zrgnRmj#-Fa%xoP|_X-z|gryv!T#{3=bDZhv8BQnWaScSG>Rc?iS6ao2E@@#?GS=3T zmY$oamWXz)f4eSoWaF$J%tYHtzy35hB#dsL-x04w+ZAx?no@l!ENA{M)+<*T)?AD ztK%IIp0bM4InH(yuvo>xuB7Is+(erQLC)eE%+E<((=f?#cEY(uAtci20~togD(Ti> zp8Mk`NAkRwNELwp2F@Z>?;Ec5FDM*Pxux<)$kk2S{X_=!E>I~+Y+JLkTlobR@#!_aE1C~QOLRtg!4S7 z*%2w^(th_yTw_9~$0YP!GImB_s?DSKuGW^@e3FgZ4&B`BU4+xKY(9Ja9d1_Hv?oM> z>AXjLlJ8yU?O#2NcAn=wY*pT%T-uVWe-mI!LiR^ix(vmrBfRAI80W-?OznyA_y4hJ zree2zdi@bL4g74IDgWn!%GAo(!Vq9>X=7(-Z*OSuA3Xkla{+$H_&;gx@LcNcwq{_( z0SF>#GyJ&)Qh}}l^!y?C0%fF}1!jd^mKlm|BeewDGOv_`0z}v^K-`dY?Jx>r@&QEC z6H^&%-1Ym}-Cf^6H<<6tVk@#ox9Cc@14GnVY9}fy`lOu+wG-NOsF|Jmp!c|FP(fze zLwYh2!uVW!`62X;UI=$5DaCS`$D#~8@o0eJ>;lAZ55oKrZw}Nq0Gc$uZH$C*=?Fa? z_D!ivKf_9Fn zIpYIYfl>e{$NU^%ZTbKA2>tH|=SRf# zL)nMtYNnDj4VQ+@%Xy(LMc>XFB=JMxVAV&%`ZN$>U{XUM7R7oj_ZBfm!pyt{d&$R~ z?hNG`M_4W zp9|*x_h64Lho<|gMm>m7de%1GRwespm92NHp@_96F3)j`l#4j7dZsIRO#1U0^wy?> zhI?ysli54Pky&z~t-|zb?DqzWtsvl>tv#Xd-d`i;QtxC_*xYhm?Sp$hXV7b}%r!Fc^FvXH?4+J$EY553clPHi*zI<&cZfi6yNk z%j3KXtUK#`x^#DzYSI{@zDN=-i~ylbk{tpM?yi?aW2oHaLxYu16_s-bafZ9>pKI(_URl7rAUbn@TO1;_@Wk2TtPU-B%%iS3s^u2`LqZ+AE8x|93dC%r92wpcJ)ZRIV`p|4K+3CV2r9wAPEx{Br=`1Jb!!O zB%ntz(EjrOn5_pVpu|Z2e1(@k>)Zcn9aaFy04z)mt^P}(ny6$hk8zCbg>oszPsyx< zt5icLb)kl*Ne}ack}pyIy@t%!7%8#>6r8QF5|i5ZN2;32B!zH<*$E` z1hjTvs~Dp`Z4jOZm7gvfH%>peR@~ya-A7mj^@y2*Ks_C-e%+)X9W@4lUnr^>9a*qE zzNHW?768~tZ$zK@H$~889U4C$_jKsea()c~>DXNCE)m+1p-Rkd9&|W8rQi(=$Zmd- zA^R|LNody+pA=W1EueSFYn~qT$aolZXK4N@B)&Za*_2c<;krwl=Bq_z*4hVVJR z8fY;_pP|qelTMdWb!)p$iW1$zZP+SX)0qJsc~DfBWO#sl@f0}0KgL7xHpjKKlt^up zXdj}%IM9)VdWr%F8_d70h*y-Mo2$$rw^oUtQb@KmPA*|)=AqMFiD_O)3)j4~WSS*cY zMms#W%BX3L6o56+soRW5vL4?R>L{yDIBu%6(OMrz$QL2?B>9{H=N0WUdB_iQcU0}e zbfERBv$NkY>wZH~uy+Mo3*SUVk=V)%GrUAaUGHgPZTGvgchU6!DscD!;#s&Q=qS#K zOH!v^E7CuCp`#{SX%dBX)EJU>_)vJL-Z6$e)5IIg;Itc#;zmZ^IfnJ^pdN%Du|l*mI}Vf{XcQi zmF8CKY=-eMiZ)n=C0?QtP9E#eiP?WoVfP(%MTe*xY{o}nad}&JUVmm4q-(%Xirtpl z`AP9a7L8_kZrwC3B9e`cG7eKZSl!2r7lR!U(dokdS35@gLa0!mRB}xo{t>GZbvbdH zOBT&VS*pbgcfb~CHPqW%l+4A9F$SinV(P8BOPOB5*dQ|_TVLAunxGSs@h9h`XxcuSch1F)k|uSMXS&^J&B(3H$lo0!li3ST9nwlQyJU?;5@SG zftH&;v2&42y#1Wqz9IWYkp-A7ENl&%av>ivF*G=+vb1!Hv88uS_mpS#z+h$T7xox@ z2c=7k?XsvFMeJt{OPmiXh}-zbtTU*F|*JL52=V z4uJXTbFo@!w*$r}S%VlWi(+k!X{tza?IY%oh0&A|^;h^tjV=bMk17J$-ES1H<}$Q* zE#l%LSBm}r^UzozaJ(n}Yrj*^QoK8ek6Sr!B372o_r%09fg`$J7SL|bFjbC!Hox6@ z97ns1F1b|LH!JZ(c06q?8bbLTRf=ECh>dogRiAmFR(*_JDh<#yje^I8q4~Pm0Th=TPhh# z(XOuk6kxzvE1YcW;H{y~H_wrsZ&XZcuMxmPa<~O3_&E9|AgbCb+K>K;ao~RO9?j%Z zo2onTJx-1BQrKraqvg$;l6ezMdQ%0>GP+}s7-s8g@&BM7K)@Ly#29Auj{LdwG7E*e z_(s2xdIi?{_(>6aX8NiB0%;aeXcq5<$@VkT7$(aKH2EwOj}gP6j-5Eh&I7tTdY3$a z=?=XxpTE)*_NI4`xe}Ljpet=FpVhbIc+t(VBB7Cze80rq5#sl|3Z@ezAijQOync*0 zcSr|2ZATxnA{Htmn))J@R6kGz#l@aXQmRTW%3jj4DYLNmoiA}1K$Uct?8;6-l4v2ZWa;upcWzlv*d zROKt}v3)h+FG`{W5p9>#?u{K##1ysiYv9OB@j3Q)h;wO37(bj0XK5bG_BY4*tIAJy&Jq_ zL{as1X`{fMtPnr&p-GM2yaGvKq=W|le&MHEsJ^)d?FykmO9`YIzo4M!tk^FHo!T*H zPjhTI3pq2HukG(yzKsOxGSw+8^adR6R`@MptE{=MDrNck-F&E6G7qaKNY&`|*7CZ5dGwsRdmEMlF9k{~!vVre>J zE%|6x>jq)q)Z~w*aGeavi^3pZ23HU$ZN^{}ryPcb;Ni#W``ZpL$uP#85zXeIhglAb zvT=Uba8=~)@Diw!HE$D_S5VZMOB*Nyl$9GA3FagiBufp}8so08Dd-ITAy7t69GQrV zGunw4bb1N{f@z@`6B?WxnJyy6%3`iA!Wna#8E|faBh@jP-24P#HTV z`cvrHw7zOT64i=+w7B3VKr+x~_Q4xv^}O$9`&5-b3mgfCzUUa2a7^T`4?!U*4W-G_ z3vOX-fLS~!3Ui?ttGdH9<;}>(dayK(2Vx8AywynP!tS3^LzZ6-Usn2;EonU50Z9MP z!fB(1IHgmo6z6Dx+G*ozCc6d6{;*~7*7ej_EF)b-TM;^!DBCUf?NW>aMl)l22}J;c zQe8Fmc%?G9L-CLydQAQReY-P>E+u<%XHv>Ucik=JcRkmGfX?KuSB01Q7=H+nZ4sw7?hE+iI7ZBmQ5Lg z>=zI!bwRkXT!y~tJvK1kVzOss@k4NxBxWAJvFFs+gKA1!AqD`WOEUVF{3#9wM72i3 z7?QvI(xAVkq#nPbk@!FW5NGvQGg3+wm1(}GsC&{LLaSIgR(r-s{tzk__tb&9nQcL) z!EXFQw|B_vdw4V@IzqM)g3MAo1S~*<5E`cXf4i&>T;GHVtdhd)C?ZzxIwA(!u=;GL zy8xsXp}$&R!4R$YsEUjnD_7jrgZhcTLe?ceAd-Pyh6md10(tgnh`+*~Q%=1m1^X!v zjX4$nU1pGqJ5hZ{A#PH$$)cY(>j!fvJg+D)bb5G*FLV<+I4)c%o)=gYWg{gzR6kf# zS3nInxj9#>R-Wm#FZkHej3*Hok5t&MG-6;5>%}513n(T|bP6T!EMAC0FTJuJbPBQ9 z>lGgsTtZy9l%~d;%@&wHmzp_{tc_y2?JnDkRrK<4jK)w-vt)R3E=Vt@nDC5yes&bS zWR$X;Ofc*D<@4iRyM|s?r6u!*Wq8lVIc)dLVu8 ztem4^Nlc*7vq|+g3}YaAJje|v@;F}WNrs9~*c8{2Ebt|3V-sHOMcPctzt9h3CQ}PE zx?>VRst!C~>UgBm5WZhpZ?zg%Z?^9wu-^2wlXKFrG+mvi$vuMXY-64vYtHcmS&4@U_;6Z{if8Q z56hFOX(@AoCi({tu4uaeQ1pc&g#n3Vdqb^i2Vy|Vpet689OqXY0!auiW35hk_ykR` zvk2e=I)?86>3Bo<-JH==NurYup@Qg(unlUPxsu(Y&hSJhl9qN!VgX|21cbwvn&O%@lT@baeibuo*IRQLPvtV;YgMu0dktD9|`m$VC@aG2jsMkx_1SwNB)cQjP<;HIs9M zIWIyV?0~K%rL{Kg%JM*pz}J+B(USb686oJi20VCjmBb~I;3dV6E}?ViPlWL3H>tfJPJ>J+_7vpb_8C0k0-c80L{bjSZm` z9kPa+BvJJINWSw~lDkR^Q<+n$D566JnxZ$_(Xh?FYoWJ+b%_)yrq}8HS6r1D#{_Pk z7uVm=y}uXE$fkd5CsMzJ4VVD4BC*hd;T2$(l?bm?nw-eDLLkQ+bm$7!6zI<~8pm;{ zT*FH^M$rVKj1-kiUC!2}X&bmo>~QuZhId@UZH(_ORmg4(U49o~98Ib$9C2+>WU{k%)I5k2k#G`-K)5hd@z#vb{61OGKzZ5%3Mi1MiMV{h}H6)Rg1sr~En zjtAJgG&c5l%N0t-#4+3~{|KqJTT^abDE~;Qt`i3;rbv%=Pndou$GKIcz9)} zFQQ0x-}D+%c3n|!?JNJtxSl^|jVCDou(m6_gcdL9Lr-5vS0qELFs#NL*#VS^6;V$@ zFO`nrP8MBjBz7g+ecVAW)$;^F)xRUReumwChIM#ae|z{wevxN4)6~&)3`{-KXMa@J z0C$W9Pnma2U|i%_*D-VrPTevSe8bwhuvB})N^97qta=Bxz0lr&OC>h_pup)#W9~V|WsZB;^mp#MN>vu9}i9X`FSftGxv* zUXA$#Wck+pAWIY&{Ve0mbKw;*6%;TtWy={#BG~<-7^X@XzJ#~eJDKrXd!{a)JFh*j zudm&&*F6s>kBNaQ2E@_#TJR!}Pn2r`{ZbpG{gUV(EvhT+1}%c1fPSF3y7W06z2>ln zAhs61AU-ro*);+=cP0Z`LV!|`Mv7~HoqIWIogf!Y5GD-BMf{se%Z*(8x(W0NM(TTB1?67QVGMDlOSn;WjKJLm4|Q23h_oq)4WRNbFQvx}boD zNqJJz$L-HJ+tQdDv0$(eUm_~ngI2>l+X&E4ADU@`Qa$5ZtuS@A?XeOC^?;NTGK+=0)VPk7msvk8KV z+UdvrM^AY$ouV4F$ZSoe(u6C)@q&d zWNX8VyHlV_hh*|Gi5EGkK>33135|U#{N3>?1ciUoVlij$r_1aacJRQ23mYPFsOU4p zGQYvbGPi9FlRkSv!k(Lr3|90|8#cB{0Av$cV-4GA3=^=H?aO*74IkgQB1fOPXsk$s zzeDkR%1-cv(VUtfpNVG7+!}Hg?){8M!v11uBTmh`gdrXhppP6%B2S;ZuuGM(7V0DE zYrth=;)stu!YmhZ7)8Q*q9{iDs@7xVzozZ4Y@z-KDY-BN8x ztGq=e0!k1R_R$E^qpZCFxJbfmG#ek>kf|75%lRBhf0RWp`+Mx zXPbol@0R0q)z+rSQqh03cMsU%*o}fMF*Xu=`)tN+RJdiX4^fO5FvL7%SqPx4gBeQ5 zhK-%c7*-Q03|H5Tc3ikuv4&79in__Ko)Kx5vnktKH%3rY$>U*vgef4=s?|@sd=uMGCoMv*ac(VkQ`h zboI%+OZGn!VR}fC@#VQ&&o)x6Ih?JiCOvLj8Ezw2hV(hAVQY)BkB?SNWh!hjyH-?R z-u3lwGJW?XedocW0Fkf5f5Vs}2|VVQ>Z67O!GAj-KxXo%2-(s_?$V2&Z)xwL z4I`h}d_$zoj`GEcJKC}$NU&5r`Q0}2`c6FwVT8}T>3!;hlQoCP<6-v`LloDB4%_@i zt`rksi*m95>!!X#dGwGyw9%x)hzcWtBs3`bTdOr?I>sKrk(QTOmjwi-1H?+hDP0E~WUA9g?p*L>t z25%qcH$3)J#fRDGnoO?oK_0<4ub|EcdsYWnu#W+W+AIZ1asmn1Q4{qLXiCj z)(>GT-Qc_>f`8-u@3m8lj7Uof9tdb27YGRT|5`i$KUZO<3WSTsqT^SzkvoH%8fVfF z_P*d2?~+Iol|BX(SPT_S-JxP#C{+ztQdU84J{ldm?G7u(|i}>&10&M1^6W?&^lOWp962;)+6Mmd-1RxufwOi z{-zU`uDkk#2Ylz6>O)5RYow1S;0FI|woe?z%VL)V#jDIGTlK{isC$Nk2JA)*94hgE z=*1A|8>uhQWwEcCpEcYYc1N4P#9sTW{OU_G*?XCzTgm7*7%-y}HnTSwT1dRZ3cL}X&bk<2~n56o)_gmbEVxCPw z@JNkbI-9AXb)wn8mk0{DjubZ>To*NAZ-7d&wqodOB zv)8hc0?x_d3MF8@I#m0gwZxFTXXJoH!5cMlLZx(ZP~EM9lQk#X#f^mxJ99Iob1eB! zNK|6EMo3~Yd5M{{@f&(HwiID}WaT;sdh;+C=G?;>3||eem<)SVL{GD=^m!4?@6#I~ zIq3)_I*=@vI_aHj(FZnwDt0t03%FR@Qmj&Tyyc|7dGZC(*qZ~KEcqHDneqEgk1okP z8c&9U!lZ*UXDdsV=m{IxgV8%8ARgrE!em{*_tPA)RN#r84`4|b8P?mjR0_`rnK4CJ z_X+H0BCGMdRXBJmbvJAfq6dYnLMv-`Y~p0h$#7u7x^@X|gm{Yds3QOFB!XgWH~T|Z zNYCApaO>fMG7Hb4BC|4_mPw*J!-z1ha~OQ6(%Ut8WQ*8wNkYHQFsZkknvv;{mRwT` z=(Q^5$UG$*<9H5>Ge!iK63(MJd;llc{OVu*V;z?-mV#~MAxILlvmLd2v160O;s+Rr zG7e@yk~w)mlOGvr4lXT^A1x@YZy>uQOr2uScIn#M&Ekex`to&oK4>RDmB}ZLJ4z|z zA5%AB*tC**c!c`hW+|;Lt#)eBo%BcB!-jU0QjINsIF@>KN9c5y*tsy~2F$9STPYd9=1qDQ8qJ^dv-iAvq*u2kfXk}QdWNZ6HU#TF1o zZ-lt1ACN?mn>q+#N;kP}KIiTzPfMw`dY?jpG_SUvIk7k?BkaaHe`z6MQVByISV&$I ziHBJmJ8Ou#ygHJ%JjBF`5Cdh|Dq?2p=bM$t3~Cbqi***wLfITU2jGP(Ql&(d@1#m~ zc-tFIlGwiSi627|%hpj-Kl@1^n3b0&9bx9i6>r%oi9C0F1+sz`$&6Gd8tRzbR#r7% zF*XZ|P_-;o*0oLq<(vFgv;|p=A2A`2*TO0AWQ@cp(dJEBn0y!(x?mGQK71P=uFx zwN7>Icimu8C2Of%!+Krh!j14t2-Uh_FcpVwaOCvvv}5aZl4jj{66|S%VYCCijS3`e zad645mMTgNg{5orMgG^hnp(5fit;>$G@)uI@c%>DJ4M;nZP~hOg}K7E?T8h&ZQHhO z+qP}nwr$&vxbbJ^JtuSLF6BJTS;~CuWA@QeTdVb}+fJee3DGFj(~OM&&8job%Q_J2 zr_8?IWI3|kNF*hzGF__DOwEbtvvw<3ef4J3O!Zl2>xaI7Zx=Z(<(WX@JG~ze`5qXH zrTG5W#!GDs5}N8VJ?Uzz#?*BENeV<%4z*b{@>>Q^E~(BU0ul+EVwhfUc-K6`3c2?+ zUb4+(&jB?nW3Iwts^`b~q#DP@m0UOlvLMN>h^67^t%?ysGTc_dQhxhiG`=eROi!DPdNh1({y zYB5oKXg%axFsSE&2qb51=k9sW zgAJc9UDETL#Nc{@$#b(r5#}oc34_f9;>=UQ9z-1(Y0=Bz&Hhv<^#V5w48xgdoT;VN z$g2QVt|4pn4GH|)e*UWR<`xv@miY3;eTQmknBqEOwR?4aEH5Ub7MO*y%*aIdw#V`K zfx6WKal>HtfTVO2bd(%o>gRNsGaa^5P{A+uhfEI@)cm`6Pp-X>mS#H0KW=y@`=vn2 zw;SA79x=xQE%$f=j>x-QWlYN)pmx&=SE)lfyI+kTVbP>{I9i zExyI;ySsl@l%By3@Lq&=xIx;fF;+FlJc=7Rs4}uf)h=K$vc))2ElxvcRxMCrg&L@*B2Zd+8b?> zlAoPP=M_*p!OJb%z+?N754%kIWuG5*cmn&G@UpT>47*M6l<&$O&yC*BY)Uf5q-3U5 z3|uUTU=#FCvVyOL9`7!l5}GQ2}iou_YfG6hOd$x!t=lSvyN%+ zT7D)=htF2-BKDOn5ZrLY*B?1F8fkv=m#_tzm3d(zO={g61-a@|>PFzE_^S<=7%0~i zk{-52=Uo@uwwr{MyX^nE#yqOzH_>6N5@KG;3qG=oxIvLm0fBgPfAQ2WOY%df0+w%- z$<@ktfJ8c*Og&4=;M2y>(z}wAUu2HZGor-A>aEZxl?N;2j6$lt0S1mSg&-G=3R5OCs9Pdf2;B%Z!Zz6mNiu7 z{mBVYc=a#s;IhwKwl0KfmOOpj@>@<6j%l_Ym;D0USGZ+f2t1C`(Q?0NxUL5ql6t?M zG}X*kyZ=B_;0$_w*UKtOX(l@|M<4V9Ma%&}Lk)D(;d|Nk{dHB)96h`4Ot;A;S-oW$ z5YZxWizg2a&;sQh0wYg2Te^r;c_2w_Ms$B&#G1J4E^~{De1$QXXS8h_khcX#Y4s#( zuQNpl^tvVDyvr3-uFUU*h{6Qg*H~O*kl4NEjUrb5IdA20uB9?x;FZXI=7~Oz&5t!Y zm{wU*xNs&Nor8z&g3gfVODaAw2ghhvY&~&h3Y7nQ6ZvMOSiqV(Ty6d)Nl(2Oj&j-V zz)!U+t*k~*$B`DkqQdpsvRsUym%O6Gwh^nbOdOhTfEYyD%RWtCNm?qV?$$45A54ik z87KJAb;FE0`3NH4S)4Z~!*}bi@|;zXB8_Z$qD){8+@|tnbkeX;jSyob=Q}ghGpNcXj@}4&1mrE)y>oyT=AcrBUJG{^r%MFd7t8x_@(PAj{SbGroPAL4 zv!dGzng_ggKj#Zu)V`|R2S{ypfBXwE-ge*p%ikXd@($6J){wI;GR@BN3%1tqv)~Q? z?Y^*FC`utZ&8WnO%F!N)9h?_=`7J{$CU>&rOQ6N@cpYfL6YLW0<)XB^xmT{}D4yq3T#(f(Y!#L}+3 z$N8{@*Tu%52+Yk>IW^4L<4?kFEKY$_{=(azrT*hvV2>c$bTv#{q8#ea7fNTOgNf-z zjWBE?PpXOfGrfoLwN+>W7v*|phM?Ty}MdH*uTI>jz&`$C4JT>xy+D@3ib5b zh(?Ex`%;bMbnJ^`{2TNe;oZ1IiF;ici0XDkBW2;PDWJ*{q&$1PJRSQGF^W5eNG_^D z{!N+tFXI|X{gZYXhQz^VdW4&II$VpL2=;5&M-A0$#jKYYZ8+si=x1iXSuwga#h5Ws*##}BFJGh|e3$&xL_0_t znyQrJ(@SY8hLsvQqOJ@WVc7@S<#U&3rmx6&+Mq zcGWd$YV6laFK6n6Y8f|>o#b;IH;UMHsr3D#e!dLHyJtw4?~rJS+}Y|x6*>Q+(NLu zK_8UDsraJj_iCutYG8gH2D2!rRlJmkO4UGT9nP~jid1bLH<9u_D{BbK0c<-@#^M+4 zRNYkh;vcsu*t;EiZk;-hg!G04w7iCparvWIYnj`OE*hE}iL z)>PWT8fyDNEyN73o%YXS*7YTasB?3_L?;=hF557dZD(+asRuEx#QAjB&}ZA2)y}x(*mP%_BVc`JH!T z*|F6DdK6gA7FdoG6z%`q&jQP3BBk^a;~Lb^IMO1k0}?u+*P7WM+a6@mZIQw~3Pa^s za06(;1?hD2-zgOT==hYMQJ1JcB)O=6-|g@(#FC$G2N%RcBrlRx1EXL(3uJgOSXH;) znsAU_ctS)`u#uuz6?i`$8mTzZx|&t!dIT_?9ywE4au1Lk6Yq z8`)QJs2B(3oG_Hf`anKQ;XWP0qMbPtHuFuugf#j~RA{lyT95PKo;&_W7nC#xi~deU zD9%nW{l~~a^eqD5G%Abnjw&EG(+vY4H_GNc{4mYJBF_Er0L^U%)b#j`Ula-x;`*o- zw7uG#mGz~JF@9==<=UK5`{0%H8B>Z@-nOauLs5nmbZ*k-6IZ*_jJVA3(?LgpaZUU3 zY|bDP5W_-!CvWn5o@OMYRD0-_z?jrfddX>v)!Jdk(;Mbg;m^%HpgHP!neuW5b|vPj zXtN?oU~H9sW&5<{(#be3&PKd#T*_(1itmY4x942kfN_EbtgVyEYgnn6;?jwsL8p4Z z(do*mjRX4LED5>fXfe&~LkrvbDIU3tyQ`dTN*l>L48lXvS$S@Xwn1-N96re?Z>KGN z!{PfWV5ctU=I_^#JfOc;CkvTa0qVH}Iy%(o(2;<3Hi%{t)#<07Am66MgF5CK282!{ zBl90eRzNNM%(0Ufq*=#y%jqPOH4f%jy|rYNq4}(>{Q`JUtmZA4Uq}W)K1!12Ln3vi z$~4x}(VL9HWHL8ImkQRFN@_G)Y=@(PB$57{oMWkjlz$1`Pv_3hmt|OqVq5t#MLVCs z8_}`bt@Ikv71k1{RFpJ1&O0qT%mA6h3#|r~&jaR=>LXXr5)I9pe4t%5|CX0~)~&Jq z4N` zKSy3al)h*5d!UbagLkC(9Fx_1v=2B!rDRwQGJBW}5{1re*Qug;#zzPe!(frHUkJA5 zW+5RY-IC4Aa@X)dy(K`IF+ox)q~v3$&#HUp1lF5cWQ z;bW=q`Uah%r(1!tBWnBp6;8E-SKLE6?dL(Dr0pQbfxv(lozJdr}7 znn~Qgl*c%%<<{qzv8Bq>XWKum#jLG$9u^||C_=wxj3lSexS>Aks%|qPeppIm6dTn> zZop|(0A}@?|5L$e?0%Yl8?sojIt5eAJjvr#ERbyabEDSq5z})NCGQpCg9cY^K6@(L zquoKRsA+zRrQC{W*-+g)B08Vx!$lI>sF+3^Ln~{T!t}VDp*<(5eF1bc;cD{0g5o1D z`M`x0Ka(9An%?j81AwKh2H;^XHd(|svGlMYFRq#%`98Xq>0@5_Sb}=LOyopjl8}KZ zetMw;ui1KR5+kuAqWeJHWMx8;$~e+q^Z~yCB|$AizZ706KQ%v5u?J-)?`xwSLEUbM zqJ+wLhzRkrC1mdy@&ZM=hS}~3oyK}{^*h}S`PhX~De9YA!voIOq@|$D0I?7yN4T5? zeb%Oi4=2#|H$&b}BZA88%|uuZe1c$qJ-I|9lwi4$2G8pYU=r?#EtAAX5Cndcj|ml? z)_8~#)~y+#T6$Q?S`PFWM!8~CVt~u*k8o*#2u|XB|nc+HSni4HSo6} zHSjOq#yF@HGa}ZQ^|jhaFK|C4QFd00FfBe8;R}4D`^#Fm3D%{a+B|AlaKS$cAQx?N zY>w8QO~e&!8EqBzMm^qH5(N&sAKx91ND~! z^byz_lAri)ouKS35HrtCZ>9u(=c%Qdn9y01{mF<{+C`2&N!q&~iepG>1JxpiywQOu z5jwl&z(~#Fz;L5w2mUj<`SO|PCwg~b#H`mx1PYwUmxr!CWUTh!ixtNhYI?KDIng?^ zPbw_*euL}%+317C*?wq{-a<`w5+mH>5f9NiqbW%t#t}P1q3-8(V0KT;1AR=d{xfek zb9=G^f;N8=5iEt^1uSWy!K#<|kBMiYoN&HwY0SvIhyo zm=xTE9IU3!IPmKB5)WTqZfa#Ff3E`DwU7K(Zz3|oNMm-8uoSOfm$520ZWgjKH?X`6 zQfW~Frh3E}O|(W{JX{Sg*WXni%2LVle!Lrvsg{|8tH3Nyoxd=pZ3UTEpIVsGrzem& zjyy3;ey+_!sMy~mtl+HZA}lY-CLzPro5mT`$`AmF?%(&$@OMFezrj3rK?J=)|FehQ zSf!7OvrGHsOYnkn)$eViU_NMD2?%4-=^`V(8_uFanQhI$~-vSXm`;kcsKC*O(VG0G6 zd*3{RZ*6#myyLZ_`qt-q(lC&@`^3Csd6`AQgyYQo;w?y13-!rxn?^gRFfXD}@Blpb zNmo=+q8z)o5}_rBS_TbF@DG-@q8eI?|1?(VygpJPK}on`oP^TxNv>4{a$Pvw2C==W z70w=|uV(K?ZIRNQ-C1mF;r{thYC9ZWRP{ak9mvrh1jQA(`;O$sfH$;KUEKLCvg@ZM z*FM(WW4po1^9t2HwTLHp@G1_dXpOyUFFR5+ z4SwX74u12 zS|;7uO&C$xQKJEM*-=UwscnkQt*T?NDys|hs29)qpC;T&Y9`!AKS9VsG#w)LDTQEa$q9%UR(B4?pya+_Z>Lg93OA$zc_0+ zSAyrQ&Rp~j4Fv`J08xTCS^VqcI!}7VT~r0<06XD_xuYARM4YP3B3$uFZWFcC69h8L;ktL$-kE9T$v+l4GyG4|3n(pJ+5wia}<-)CA#*wvvy3$d6tGBR^6y z@}{G!mXoivdRFn430b-B4$X>V#B(XiamWwEY4Nr6e4G1gb(F4j;#CGH9L2NX_Z%%5 zS&jaD4ls7ds7eepWDQ%{dy#i_;N><&$*6IhOA7RE6|77yq~9LU!W_O zkw6F?HzX3AQrjCAdu`()pSWFybmR;iQ6e7wsyS(*E4+khO}4irHg`RTGA08cyIl0k z)W&V42`sV<>Q%2YygK)%qmBzZXDRU4a7!{)_zZ@jbhMpNXU3eWnhU-eO5L_$!Fxk8y2K_7JLvAQD;Z*IKF>V*380VGnZ5O$i`9)g*5(?6@ zTw#1(@b)Vm+M|o|C8UmeO)l*B?S5*eL?#VMtE$-maRJoZR6V=ua=X2Y&Q`J@v<#RYH z$IjLd?S+OS!+{PW9#OT>9{;T_ZAZ@ z7|y=aFZkK3L=Ld9@3w)^onktu7KenvG57{^0nMX}h~1}X9ifz4xlRc4F9F%t*D?Lq zAAaBAALvjkHpU5djNi2U8OF?eG=9V*#aq7G;F-8Mip*Yo+)RnZnKA*jxB+`|JHE`xjegjUQU%5t+u9llO8a3km;I-Kn2A?UC5z`3qU zY1U%=7UsGrk?7GLlhzde6%aI%-=zOe!pH~%l{F75*6u3K@3H1okvb>0baymi;Y)!v zZ#6}k!N940lsFjUy;`)MWxA{`p*g)4$ai*|y1KCO+A3OaGW(w8+g6EYKbkgTP^3T^ zi~!w^ks5NHXn19YrZ;g6VHE3|=Gom-NCwT%&RR7s17IrHTm2WJs6Hi4(StT<=-2b2 ze{nBtro<`3FUeHTM8}7_B5SdfRj~zvN8h83W2#}V-aBIS z!rZ)fwyq+)3Q8tawBg#02899q+IQ!>!5fFKH zq1aY3c??9_A=T?5?c(EEij-ka$N{}Z%?mz$Yp!~uvVhLE`ME^KY*qUA@N;gyuaj*= zG{%{Ahxq7;6wJh;=%_t89C8ZIk=YWtI#g+a@mqSPqjn!WWCpc!xN+izdD#vc+^LOm zQl&DmBsAtH6|%)Ha9<7{n?1}ol60?0zWgi}KRH`JK0fpx&6@7U^TP+axQheCD+B|? zD*(q_q-%bV;Ra#i%w@4h`j!FwAtovt<0Vi)bCAaIW2~q876Y(5(Wkqg0K_Yr8`TBc zpVCy{5Va+A8TtdRSww%X2O|ZE#GGvjdSfUks48eO!fm7Lt0B?8(<2dcUD9yMBG+MC zlLpuyit*}CdsBG=0M%W}*_1^EhdxD{qBPFz@ zpc{os*Lgzxwe`WpB}!|%E%!m@Z3R*MwzXgTX8nZ68Wn3-V)YR`y3B~X6DhJiz8N&= z$TT}sYl&us8?-hPB$3go-r|Ez2b}r$G_!Qe0V&iaFP#}yo$=1z0bf5c8eMWS6-jkh z2KvBet*Ovwk1I;!k_ZwfJ0qRgRhqEwk}M|iP_KP1p?C4dw6^4dh8wUjUDQf(3;lp< zn04g!%?w*ZIwqrT%5;d@MkE|pWZiEex}j!FDaAkB!tEg~nCM&W)$9#XMQOpP+dMRC zF)~`%IiRXk?y<9Qn2K5YE+|oC=ctuYx6K(5*aNmhaV9W{`KF>nX1iGk0^$N+VNL8N zT{FF^FO|9MAsQkAe{;-Lgddw+OB=!t_qzbeUNz`qB4E;$`=F8N41uTE0vKgLFwn>O3AJ$f z3ZtniTV$3j3>|75vuhbqz_mt3IXWz%kPae7k(!VwknR7DaQQ`m-4g;zyZ1YSWoy#l z;KJP|P6^&4kX_GFC6Q2r`Ue5)w9Uh;tyvuS8cTluUFy4*kIBh1$r&OAa$@)h6IaO( zg@+sOupX`?fnWIx>(37M(7ubGjWk)LnG4PKHNmnWkN0lc35_ObiMx>lG-ow#T^PTg z=>xKxxf_oM2V(}9EV#KyM`PP7Ox6m4-w8pA0&WN$005*;OsG@cj5ziim`wn#9FSu| z4l&pvP!ZV2=nfmEA#}k9UKaY^R>U49RzboLT81K$$Ud1Gv!(cz>4cKlC)>0rQPEY- zbsyW4lsK{2OR+F{9S&A$i5JedQIIfyv+Xtd)3oxlem|CIYPHo@CM&iJ73m0`BuSM<~nHQWddSGlb!L4#lBw z`bxzkxpexcJLoJcFAHm0Z=}zD`qg&d_cZcUMutecN-eWFCFXBd4Zy9+Gt0O&O2v4B z70U5A7=;B<6BP2gD!Hwx2ILY#(@+#Zmqz5#lg3|%$gK-Gf@4hIJcl>XYT*ULerXZG z@VOA@p7ao7^w`)^0n0Wvj`!P-D1G^TVJChx-`#W9ib8G38*5%(2YdmE$mOU*D;``W zHj%ZnDde+saWVRLl^qIl!LZ8r&t+o6@qF5#MSn)amf(0DO?9g>C~0I59dlGI&K!YynK;kRSd;$>RJSMd7)P$X zIL8JYqf=o1fkW#52OLuBKj4s={{e^8;k&hqi_dkgZkzTGWm>SQw5BXwkgz&LgXp)x zZru{j1yRt5-jhj88^N2d@f>bZaMMl&460OTy8aI$Ge#NtIQ@qVDT>LScFgpcv*PuvyGKW!wmyI`CuV95DIL4C z_17#w#_h5Fu}-w}uc_mg_%&LVd1sK3hb`d$Y2Sk>4{X7NArmp zJrK@s_Y8~XL(>E&8a@aWW)%vB&f*&GNaEq5J_$43$5TV`uiY?R5IQGt6w*%94NJ7` z;|KWpim$oLnGXfYv)p;J(p*uNr*B`Ps->eu5m0+9P&zWd%#8JXei`8!{JK*?Rq6GR!aV{QW1z43 zt%~{I)`@?rQmu{iWJy131nkdopWuHhDF0_v|1rM*99g0KrZs{v?004N)deQFMkshn zG$W8rM6altiO9xHENa>wkZiEXjURP#Wc`7i@zoTp%QZjImmfrE7oMUgEj%oE!4q8Q z@E5P5@pTo-!oaR?aOUc2=Ii9tgf;iq{gw2ue3g-1+^%>%{9rE$15;{~RPfp)D32Tdvc$?enkcBDil zXtRRRLwRMAEJ#9er7zn^1X(zV)M7{#Z@H_j=9SM~Keau4s16B;y-1e|tt!UJA?0p4 zKo}f3)6t5-#J*{A6K(v4Lu#1hENZ>Nf*NwXY=WAR+&9@}Y;#vfcr+gS8I3sHo?XkS zva@Y$vov;^56S`3P{xylLzhJbbG6b%(dFA!=JmM*es|Go5$R*(SJ3`o)#-4NK{I@M zK2#uQ25Ma-NmKWbr!M^g)cipfGsj;sUFUZH;6_hgdH8gFxd{2Opm`@rFU=9#$Dyoa zqK2S&)Fm4rU}#s&Ia;57DE@WTW6E%5=<~953u~M8YRj~aL&)JJ8+79mRmH0cso*vI zN=2M%@N9Rg{sV&}XK$|lt}+!omRj-_cGi+z;xhq-uoZ336(^4_yKTr164296#rf5k z(Zblurc1|lR|{#16l0bqV+=5>_utJ)I5zPmPA%spCnTtq$j!>AV}qF*tD@N{M!{`5 zd**MwpAWqV0z_vtgoP!81xRf9P4S)y6>2-b9}=5lD2cXk74@uRypRI02}%hB?}$g) z>QaPhkZm%g8fc+NXc1rLSO`Xf4TwauDLI6v-3_j+cwfsEVrC9uWLCsU51VDk#7hy1 zM+qeFNW|uGPXsZ0u*!7FM3_+f1WOO3lm`4Ze@Ou&!II@Ycnc$OQgjNPJ>&l34kjOw zEpSX)a#hoBI5Gw2T%Wba>MXv;M(=da-g-|`yF)jXd-H;S*m=3?!FGP5c79V{cl^Uk zV2!{&w8y18X6I~k$H3BTw}R7OK{KHk9-y)b4iBS#Y}_627= z2Bh^xV)BYwiI}e$HS1-`o6~iEjspNp&n- zfPC~6$TJ!PF_VaVBPR44_N zhS)ZS_>4crs<1G(%jWS;8yT9O7PF(*S2qxi;-tGc7uSUPklzOLg&~P4&iGIMRKzhd zp^?um|1>M7^|bv|E4R1j`)?hDXNHu1Md)P*Qc^Kn&PWWoZHfMbwt{{iqWLAJjk%iM z97h4vyC$8HMXg)r4X4)SrgPaHmrGEn(vunR@N}rxG@OP@uYOz2_ff0Ot$S_AX;%^e zv9X11x7pl~3}Pe>2M!Xqft!^KRXT8mOozlLv<0khpOndEOzDd!HfXqu+aL`4$MlWO zV_$-AVJSts!WGmL({8f1*nM{>p~ZWFn*BRk#02@Q!AcfY3BV%tC<>0PSX^pbT^+?B z3w42Y4#eqi3!7d_$@N^VXLnwC4tv7U3sfEcBJ`AD)u6(8!}U%jaUc-88fZ4lK-lI2 z+jQPla?}=oCbSOo9jH3=D>{{LZaDs3g}M`A8W-5GZaMg(4xTXQ_CEHU$W(bL#$EKe zqEzLHGw!_85ga#Edsoad?;;rjTAQ7pe*OxX8R@Ewj(;5T+Y0MR)l z^H0=?w?Bu6;P8jP7c}Aq&VH3<2nlHs(eb0=!_?fwM%e@q z-Ko@e`x$CP_)@6gv58q|_L2V<7nf5AoiMD3BwZ~)J1uxbdON0*Ab0W#Q^)8JkTnl9 zO1gu%D{u^(%#DET`4=2cJ-3`){|~DmgYe&;HUIxT}r5otbBN!3GBH>tWHlD97Ihs;&;Vy0VRmsTW zg~}OjHZE3Hu3I)Yt><0jH??anmsPH}nHzo|w>w*11%$SAFKSpK2F7rRK-RI zV-d%urfEOS%;aZtH#i7nobp9{^2IxLQ%x4lO1|$6EgmW00fXecc%ChMC`vANYZXZf z>*RnI*T9cI?K25VHikHtqe&hewR4@gvkQ~~>flf}n7F;w$T~h0_u$AzacPnJTfRYy zmO1RL^{1?MqC>+n5_}(>X8G+!uIm1dk7jw?CN>$x-8D3tW*@|r^6`cq$8!G=yK6%j zYvbe)iL1*`+3iIPXOr~4TwsITwc^PxK6?2^jix&Obx}*}dfzBjo8aD@b7L=GbAw#S z;{FCi)#Cn6h(`N(R}y>cV%LdSZ!SGwmS77JoCsdXZ*&`b-BO^x8TGc2Uvr3u9y6T2 zbrFASQ;2W_CND`dw==g*gmg{4nH3F2*c~Ia?ip$*t`Fb*GRRTl7r(1ytqDF_7;$qD zzQ0h?3ZG^3NX+h$<$3!0vei~gnQ3K(iHfOKeN$zptLFWhWL+FE_Oj*bOqbK-)Z}G) z+Im%zAWD3(DZe=dnBkexTpz5ul^?|L+223JZ*2UU?dkb|{-Qe!e4jnZ%&3=LI>T?gV_3GMK;r#CLNm! zk4oVLOhToKPEk;eA9bXo;fB4YxK{GW;Kg||nn^I}@^ZbPG>LsKkakU2TH!ItEfq7! z6)b^G*-n{)Kq9INR&cEWVCbyGB?|f=mV3(l)_eP*k{xSZyh%;p3ugz~3t7`NI>3za zU)qg4D!YE;SKiVKkOo~|QrT3nnt)&bmFTr3kMU1Ls307VM35~0VK<#g$R2I7B3wp_ z_$DI+A-FkFVqZZEOLCOAweJh@^vVJP*R*y>N~uuyy1 z1@GO$zL?fsl_{+Exp&e9)DO8NS&pCrW%oc`Q8N^>T-|{jbID0EBJ$Sgwd7Ig8KP|; zt>|=&$CQVKH0;01?dHw{J^;y^hGnPrMpy|)!Nygyh|m*i#@r}neuZ4ko<^T)WpYWs zJHGiv1f3XVc8So6zYcFv=+;UWzn@5_6d6vHvu#Ryldm$Mhoe(CzQxsi(O(*q*Y9p; zFe-(jVD4~ubWUMC$jADK$?QpJA}n|)6azX`2V2ja8lum;f@00S3b|<%SL+IRi$()( zad^E2%*EYOG z&+6@Q%|L)}^hS%nuA-k1=B84@H@px%^EteIfB}yo-|gjZru8wqO(gfkl0^`(2Y!RbKr@kn?*xJC5Do_ym4hY+6x>B4ZIh!1MCDbS5TGcc$Rwj}Z zkt}7A4KA34#*-+th9p_a370jH#Aor&n7BB$135rX+mG;MWozmKABv-%ET1aPRfm=> zqQ~5(KK}eUHQpFVb1Y@g83_jEe+N5FqexYpNetloi_%h$Zjf3rv9~G-NS7$1r#axa z_s=Uztj(W6jSyS^HZEeo8hF;utC~OCre76yw204&Lv~#(;N433ty%;_ktXR*8da^z z{aV1B|=4LJM(L)X1d_l@~A zlT%9P#`q|dUbLlMbEK`n!g$)Zfbp5+hEwy@ZE)$WnpytKx*^B~d*H&=PCwYh-6o;s z4R{Wl@RQLLYcW4z5uQV`D$4Acv{hQxiS``P^=MpxVcuuL{NqMTKu=ry+M=ajlCZSolrcDs1qAz!3 z!5OJd8L1D7ZcuVx5?<83@6)x>T8nWnzYJqP?CLmN;_8G;JOoX7w`dbp>nX+{Jc4yy zCdPzJlzd^ zy6VyuGV)F=v<*;`3=2s!Px+=E+(>R=u4n-3J<+tZ=@Q;(Rf?`jWP4O>~UPDRKtjl2$vqP**LW zFvCC3q>z+6Sg7QTH(oJGk0{@6wT3v%2Xc%v7;OTAJh)Uv#uYeG`IjZT-Pip}33^d0 znem%{SUdhXHp%(#)ePM-1Xvh8qU6-Fve+^Xis+1PHY(>-VdVV~2*n&bG7l9K%%a?c zEW2$Z^3A$v+{WM5wdY@OWxcERH75-^wUDty!<}S>h>wh7*b5d{@mCT9R)Z-{~r=fcZtRVhF# zEz)wmqtFXsx9eb2+IXbfx$thuVyB!NLD~dY-u#XaTvWN+bBPb^W<@YDP22)&U!0pF zICwM}#k6}aFy;->^(WX)vz`}1`dN~}E8@be!C8A6Z2hhek0b2KZ` z*7pi-+2JSr)Vmg0Q>`5S_pZb!_GHPs->Vu^i5%hPtUckh>QP)?MAQ3<9^lo-uN|Q% zHlWJ4Qh)3M%5P28`kQYHUqnjx+g0LA2a zs+c}1XQ1DN*#n~xdd0o?>*;S4SDb9c)Iq^Z53NIlW`gXIMsCBycsChwJ03Ej3(7i8 zVBNcG;B~Cmeg-^mFanQR)kVAH!IGf~99MXkufhC=g9+eK-nr%t!s!6asm%jje~8xP zv6ko~`;;=*WI*1?Kp$DJAxhw?VRiTu2aTO^H5on(>;xB0@>?~}xTHw)f-*9a(MkV; zd#$uF{-`(F&Am&ZF|M#F63*Y;{`kgY;%bYGq<3oOIVw-O3s&XIw=_7pjCGn+ylqM3k~!dZ?cL$e9X(~ zmUQ)u_!|<EbE5gGLar-W z&LOFb_)Z{)&-dR>0N>va)5a(4V%OyFZOXaY9)h;n`MAZ}&&so+X)y>ckOy%&-yp!P z4iQc%zqk{P>M=6^&WruB0r{0A*QHd%16-R`o#P?ROIDkkkfXU-{eo!VbLZI(y{T)s zNzZUD<|Yh@YrR-@DRC_-i3vGUsn{o?s8FUTZAV8l(ZO9)zo}g5!>h|^Up@ACk}FoO zou@(ZyIDbeOb|eb*%8@*S$BGpBqk1Hczz#WCA2}Xz*Jl(eOxCQgnS`MuC@v4kA~EJ z<9MlM- zZz;WeaZ0H4LWHcc`lWc?92G_5zQ`hI@)E>&qij^uZ>e zK&bWP#0ULF+?Lx^x(W}~u$33#H}D3L;a7RcW4`jNoqdmh2=GIJbEky(3#h|`3&F?B z+Q-Yrhs*I2Yk)W6+-uy2O-Rq+oNKC?XQh*NoVTr~@406SBhP+>$IfH?x2~vaiuz~O zV9!v{Z_~9!IDu{kByYi&rftsH~wxj@^SE=n2G^xa%B>Y18pbSmb&4IHX6JeDJKEj z%#0xmQEV2wP230HgGMzxm#~L#`qJ^!+&7GhkQh!M67<5XLiyf`7v4htgr5A!b!*sz z7ARZpi7}iF(RN=b|5s}Kr_w0YL8_YkBQ=8m^kEYHZ>iDM#*k3q=S$Mc(9+tU^z|N?M#V!5fT9LWMHToB5Zkr5LpSiN@T7Sz} zgQC#p|8}wl*|61*!lpWpW#qQ&ta%i6sUKVg$u^M2Q?d~CuQ6)KPkb5-tp5$Iu;eJe zGfcl`Yf{ZK-D+xOw?=D3FJ9dB+gEz{%rjMe>lQOH=UPJNL zcAVx!EHsNLJ=rMM|e*6r!X#Y>z5;$x29Sc|RwAMwE#%qY~(D zE-B7!_;o0^oY|)SLqlWnD!j{(E%f_*d<$rJ9!J!0G# z~DR5=ULE@evH#aw4LI`aD)BJ?uuJf;`<39X;A-n&t4;yJC1~gael>+awaL zKR&RGR&JpXOhr!2MnTc6bcdR+yik1gJ@QMHpcPEUv`8;;FonvuEU`pok^UC-^I{B& zVet&ZN1QjDNy%F!??e3kxk?z0jhi4Dgb`w}jo;?z6QwMpHKPYsY$6ed^zsWBXEs!t zC35-!Kn;OsTD5f+ck1J)3R~zYg=v{PcEIfCmHeV0{{V{fcng&r`y>lI z7mzl{ob%e~{CDONdviKE)*E)$7?M@R1q|(URF9_(b#okXisuvhf6iuQ0CG%qo@C*V}fsgvRU5DjSt570oNv%odxL+QKQ+Z!(yjcj68jJ+xiE zx4$`2POA@s0%Whwo519whb( zdg?2oxqx-?3-I{ENnE4I_j`O8m^xl&;7-(coG3#7 zHK7NANJ8hep(mbD!ss=kC!Q#w#zSd`48Ew=Luv;CoI$k<_eKG{UbTyqmV6g1i3VJQ zOqXk18K_BArRPr3x15mD=rye;B|u-bi`u3!KrG1`!XjCw->$fa2_ArQ8y+=zrsvMm z*PMv4)0HZ9f+8y!tj+ydLM+w<1)}1*eYRW@Cuve0-;5eFRoO2#|S)~1sc|+Er3C# z4JZq5mof?4SDnzpFqP~^0{poC0fOWI+%|FAoZQHhO+qP}nwryJ@Y}?9k zWGF)wv-YmqbFQ_j4#ow12cx&%+lxnfNR*~@pqW%>a*_NF2XadT4!J{hNR`GJB#-() zD@|(O6UojXll;yHlD&xr#Un5zTN4ekM`5Uz1_0F~F?3B6-ODi;o!rAQ8cq7A)K-)} z4YEgLXa{E&-6Jx@TQd&HqcQ}%L2lm^h+h1THGdb?T4rR`o$SyyBv6ECRd)mN`Xcg) zpdkMX2tt^e8<}^)f@lNjdL5w{?;k{+K?rK}$}uW6J2loC9tg}-L4RXbVXz?X#bfi# z3DUF%q#7$tPt8zGQ$mj*X>2SF=_(hY-km{&q(Zaqkoe77Xb|fxj4&jYGDD2^#Yw8{ zDE4-?=4nD^9HUfe(@)k!s&0ExQZ4G!CLB3kFd|jKRZpGGI`$ys$k*$vHwe8|Y8NPC zPnKWYkBTI}tJ5243c3ip--W8Qv8|ez@ntvVzctVm55mf%(u^g*lriH-HE|ov?Qw+6 z80IUcP@LHh(9(`NQ%}XZQz2R63iQjF61i&IxpPHCsj8JHpX{O$^^G*Ejpea8^??re# zSyX8$Z4WH3bWnxI?IOsH24R1zk9B1iQ*)0i!sgm8#HCrd=V)f<9cOVoC9_NLFT03s zWoc}2QK=&Bm+fE|<1XvVH*x1#h+_!a4R4;0S$K-GEa>4i+Sauu`Wr*MkpdS_NnZdW zcyne5SbHJ459BV9(w)J9p&fngy=gEnZ)DtvP#oaG&+y_}UES)7R(bC895_-xobV`P zBQNQ!e$PLW66a!fZ5gpT=0(upJ;>b5hBGJhB|wI^V@b?c99DOzJe{^_s59+m?k73> za=@0qJ7D8o3{&4>V7Yzgq}yopa;?tnjW;Q@!q<;f`*^VG9Ss*d1j5IkkXmhjd(N<+ zho|3_i(L#`-*a6)+!-(=MZrO^sBwZ?Ed~Y+13zPB#KrRPh)EYIJ4@#PwaNuLa4}Tv zX;^T&p69EnheOcP!yPrQ>4j?)WB$(9uNGEsQQ%gA49EG~nC=*UYN6_$0ik!C>t*GZ z#iRASMCc8lA;=u8z|yb`Wjy(}|5Tt>I3$ffJVvM%4)cEO5aG~wtdMw935RI#&!0#7 zgTH~D;o3NQLA~IdCi=H2ytfK)t{;y$TvdPZ`w2E@afn*FIbBpx9nZ&i-xnMG>N$E* zxl~%+#Q^pdfA^2kpYeZsFPguX!>w?%Y}lxt;5q$mTIjiYrFMXJR0u0FYS1z>fo z5S`#^H)N^T#x|2&)XHSbINLZgH|?~Pw6)Ays;Sco)XL!7SYaEKsQK+}CT1gcSs$gq zc35^6RNa~bf6%)x?7In%;M97XK+Ok)9vQR9(1rha9UuyLq|9~RQ6J)hX^+HXepnv@ zVEuw#C4>EiKT-z!N&PnW_YnDw?`|XWSzqBt<}g2a?xDfH6JJGxzePTh2I-OejqdUz ze<-W;BlVac>W6Eve!;J@!QWy%OZ)xE{ib*P5qoT}xQFhrU*z}wFkkHV-eBM1ufDce{2udttTJ9p$;Mi2UXzTg++7fhdk zdeHEUIvLP&rghmXMvh>PB?G}LR*q;5ES`{c^E-t@LojpXGmISR8W=pe9P>MfL!V%A zqkfzl05CRn3 z1!%sm$@`!jibq9qr`u8|M}D2R_y#UoIo4=s2gHC{^u2}Dko1d$+>j}`V~m_p8lH$* z=DQ+BSMMG|8iw%rGOgEJ2;VCT%x`|s)?m3oq?+ZYxusiH6_5B_>*CMT3qEQ8C!fUS zIo`jW>ijPkXMUeoOLM>LSmL~jw_j>$q*ZNv6W;Q4$3f1wla#$G#RjAqHf+* za-!h~j_KIKs6NtU$d4s%VwA--8T`V8ZcVI3(`?9yDQ-Hk|8VQn~ z=#ar)S~)?pAwGh#omNoSazMpYw>B>88VjHMt7^$rs+t{!7t6_y<~&7BR>OJn%Do8v~qGX%Mgn9p`f@i&%FU@X|=4l3?>&KLa-=?Ux_hPyB!j^5P8 zM^gZhc67eploLn&`@F-63|G0Xz<9FOg{Lz=j$D4R@z|6rtw$P=NWTxfIlx~M`$)Xm z!B=Mbgj^FW?}+IWW_{qi4b<&`?GxBOknVx+6DmKj_KM^ad^^zI0qxek-2h-kdF~P$ z;!}sba#t0|uSSCF$U@X%6j>8<>7)~D|1I{X<7NnE4Q|?nH-4xUxwkH!acU)eF*jCt zd-U8{eP6*H70#L6u+5wEw8J>#_l?lWZqV?~7Q>t`bezMU_*OTx_0>ronxExuB*ccx z_9y80?Y}wI#(&}$)Z9ULxw+t8t1hYevq80pOa{lF3t@9@9H{cINx|hyKU=rkX{EnCD zT<7QAvu)nv`u^`%{Y29b@%}PwzXVo!xKQC-HaRC;#k+a^!x})W|XgLwWh6_ zjt)12KP$B9;s#X>c+c_0tcXdwIixMxIjg-o?N$W{;9T09#v>;>hKq`y$R3?#a6!0>I=4I{+sW48g-Ry9nLsm}zgJpcOxi!AGYtw(sv)vxh$Tn^Qe zb$))YEe847$9%5Rz3KFGYMGe{YsFvORb0!$@3Ek*yLy1`W@FIHf&(iejoG8k=dueX zk=QpK;p;C>Iq_+S610hoEd6Ouag@D!HO}UA+n=qA6(TIY+Vb!kHUGTO1979wx-%{p z_U3lZOx5~RZ5sg`zqgol`$+;AnEfuATdeg!(*k&P*c1coa{w!DH`p_Sv~a5%t?Cii zGb~32t3!bBEV)+)*d#|$P7O#MOrMy zudo9NE1})+dTW*N_sN)6twKt+Y*miwQ}3)8iKrLT-v{Oe{ZO!-_L-!lg|)HaWx_h@ zu0WFu*mlct(XV`qVSILK)GgWxavd92zw_J12)b|kzmv0pwxHjsc@RUl_4Tp-nSYXR zLE5q;VzeyZJPP=-HPZUAF~8be2*~hEP>{i$j3k?(GL2s~LpgWN*`m2N5JI7WG z;lnzxom3bIkI1u@Xu>ylbl%6kgsC`hv{C&9Lw2-9wap+%acIHJZ9f$NGgt%gKB@E{*E#vlu`@Ehe8Je@uO z=0(r2N!lLBCGwCrOC!P{or8tMQ^sX_8BjK&voG7omPsu#j{Tt9u|?z~2rw)Or63jk zt}xJvHO9u7;;2Qim5NkV$CFM)cT|fdjH6;*bB^8-mSU$k_OTb(KfuOTA$PSV&-94g zV(Mmm{w^}o*-tuuV5qZIl7A8{Cn&OYh{Cp49>4)S)2Efqx$x{PBpJSmePsGD%ow%~ z)fYckkJmCK`u&2u5l8RQWk+9#qXOkU_2}DDa073|%6EX0*1+NymUs@sQThjd`PC6P zKQ$pVVdozN7F~?toT@JE)My&ij$sY{J^VMj@W0k#OKew^em^U*>7V23zZ>vXMg9Xa z7pu16tgMRjWtVhn*4f6QyVQ^}LuN@x(6kODlrABKUZ9Xh<&~^6S$ZMc(@9$!1s(BF zU_Z^kb;MlHaTF5Auu6{qq5grte47&@Js@^2GxxyV|LEKQwEgk+Qs4h;J=|W{Vn_pG zD*>(u`Zm-73KR86$cHNgQYLCe<)0-&ynM(5npwz+7zG~sFzCbG8jfCyw)Bw;Q&e>! zi(wsz+oRxr>Z)E9EPP19BpJ_*#-j+y!+J1aP}fji3C-{daXrnwaVcSlW`9rQ$SOCaF##6Ig3|f;4;%!}@Bk8f1z^6A?jmCkwDu7|FIuzKmh@fQT>(>*2kJS3u8V?Dyk$f znl4!%Gg>el|KP+F1MP(s+?guOJWR@EUM!Q4Y0eJnJ&(?fqMjcoxshth_>3mtcgTOE$&gvbk zoizton)7?~iiiScFZ64*M-vb?nOIP~= z=tDl68f4egH!I2?TZz8Zmi!Dyo8=6=YIg0+D3+dU%t5L38Vp+cZCPz|cTo{BIomveUvdp^AH+Q@ zD$>f+ioJsG84q*W(aMRI}}P2y}{ZBdr_jtT&8Mxi0HO zv)ADC1e(YyLjlFUDtgE&^QTl^qTSY)Rh@>hcj7ODthqgc3q^Av1u>-)sBn9l)JKWS zy)n_33Plm={vh0q+z>eZnSm4RWE%X`n=_09cm|>Xw7cUn<(kf4msDt+nx(D^uPkiZE0QBn%YWWOjMyVXuu*LZ*fv0!Hn@*nl*?|6j z*hFRlaSl4>U3W~HbxeYn_yP!B|1=t@8oV}QiHY~9GSXa!8c;PU@q0Vj^|Pvf1Q{&a+~++_aD&P z?~ps>7G1xX=O?+nUg0me@1=o)E&#S_FYXtsiwIXS)n|NFyoDM2jQr9Fi@#sVjzGx; z-?>f3%F@u^i!x(w4fc18N5QU~Q=hm;RkKx-7U`H5s9>jP!_MJ(Kh$f(OV zk@%qRWYuy0O(UNr0!%&eHM6zW@RVqsq92r>dMv5gB)9>);#Z$mrU5Ax{|@HyI|8MP zXkP5!t<(QHxcL|9cJ6=l46YyM#{Y0|%Sr!xa>`f5`d>N*ud-H~E;NO~FTq;)2KW+C z)CD3bPYj}8!&4CXZCjGK7VZ-+Q^WeDkwFV0{qMyw?rpBpZKGsc+}`-+H=HkR{og*{ zkOa|dTrMW8GM5kp)y7cqL@r)9W5~Em9#z}STzLnbVK~AK793#02K00DoYXW2(~K@8 zN!%z}4beG;=BgS#wQ7_Oou(+0#}~S-vc)~d5{0|ivjvZWDwttvwwjYUC?cIXnmSw4 zHub$5`(?DzF6t#CxlcoU?6_frB8%x4r58$c(%lbo5<$3fuZ!oJjd0d-a;+E$Xo9+F zf(p{)Wc)56wyLbtNa&U4RDWc}p{hp`o{sD{z_*d`JEz}(ti?jt=xe!Zd9qDQifKh9 zU03(uhDbY1zpV@ML)O{jVq`WNq%ynGomdvF7I0-55>p7#E=o<{w z;YjP%Bm=hVE_;XTS}prD=LTeuKKU6~#FiRtr01a&p6M1gTC5k3r-W(++u83RN2#Ld zT$o{WnozLxL>R*tDC!8LUZ8%DQ$!o}nBi(XH=^#XM>tQlM3+Q{r7QLf`Ji~xSZKr; zK~9nAcas{OJCmaRz#(?De}!qhiyEFMZBv}etQdqwAS z*u!d`=wX)_$Or2?LmNf*`fTxHbeJfW{Aomi>z{X#FudA_`y6onOI;wUTD2%y96lzH zhsR|)&eT-6%(-sP1>%s}$F2JVdR%aC$rG^mRmk_#u}6_tY>Nu@C%F5<(!I zZj^Or%M>a~4 zG3WAg^vISJe>hm|p3M{-^}D5tPk4lWgJg&EB&g&v5}ibv-~vdTBFzqhD=xeQcsL|F z`3?F%6%yA$Anfa(|A`;+KmTC;H|E@Y33>E>Zs>iqoMi`GFV?GpSqQv&grQ(8yrE$% zG^6ye9S;#gMf#Cu$Y;UVZbWOZ4qVYz-yq7S~ zbwKd2a3H%5o|s2xzI+!?jEDn4P%zLzk1_l@XP}4qE~W(TRde&ka#-DUC7tuQmhAgy zW{oBVLSr&6#3GOuGYvc@N zyOUh=?gV4gs8vy`!10Ek%8DFmzGH}3U0f z$7_`DFWaNR7}l%JHyy$ta?mtT0sXHg_WrfWjc}TBi~?;frGUV+ zs^M0gr5WdK);M7^AjrL?8hdK%2_NoNht=tMnXNp0N2XP>Y)~!jDLTJLF_L*pzZ%f;&s1|i8J|AJ(*Mg$8j7UKl-B-1t@+Wksc^EYD0>)GmYTmg#D) zsgIk9W2D^R)fMbC^lg|~GX<%e)2nKA-IC7(PVCyI{nFf>-w&He(A?G315)KgC;?kx z%uR%jwl5wl9n1QoxF@etK8jRXiw9`|Y($^3pak}iA**=~55l8b$m@tMJxz4J+Q(U7LAB`CKi3rkwkM>;a6{o~Y@f`jTbR;RX5 z30870E+Ns?Gwu9_r=`BYY(!EGD3IqUm{^kxflPwTiZY8LI7C!&)PML@+%Y+5N7!Kc z%YfQ4eNgQ!aOE|imZ(9y9)irGALZ1n$*kIocq2gi4?3>+4u)A;aor#dQJz4pdc{+R z?ATOAsZTj1tH@lYSQ9J8Bj57R{+y0Ni+VZ}k8I8^UDD_e_xZ$mym6R}RnB~Dy&|@* zP%&GaCLd03#6tZfB;g3ExQ^opFI?VEu#uBZwGr& zd&&cA6W?Ek#23RUqOf6Prerl4LnyM0d)B~@zKjIy#3{F*%E#We0)4>@`K3Pm?AJa^ z=#}K-wijqx9bYXCmNg+g%718nrz-&_HNK8+x>7@aE z-^!f|w?{*aP6w~7odZ-9?t|)}s5$sco$_T0gIrY{2b7#7nAt+^?PPO)lU5eGd{JY= zs)y61(8%ktO5NoYuX7Uc<>SLkRQ{?ZcQbl0vQf2=xa)_FJGYIRCc`$i%WuZo_Frg@ zfyfbTob2Z_ETnI0cYZjh8w7)244p`zbhT3ary zezo`weT7>1_d;z>mZhmV?MiHzRCCSFkDgPQy(4^q;r7c*$>$Q)C|AkJmtLCrtLB$? zd>8!5Cs+OEv{fyy7h9R(tLhV&>z7>lmeF3>sY1LV{0xn*vcnz4!K#FhEh^19(r@}3 zFVxLZ38_kzZC_Ip&#i+hz$}p$%ybWSP8O1tl0MbUvTq!dl!3Sdz=65i%7Hd z!4}61|2EeALFpiSCvlV`m#3^sDsG3gpdbm6Xu64zXi794r3lxoVw)pdlBy*gIi4TqNQtSaedJ(D@uQ>r>v=jF~~40@7C=dzf#hxtp7-eV_8n z=YDnI_(LB^ZDWt1cF=?H-=wF519>DI5k|sKO&NN6h8!urd50V^#sN6<_BkdUV~#ig zka6Ukd50M%9255}0Lr)}9CMDm1CA-jpCa?PGmgA7kH8}yKr{}$W6$(G6ab#nZ{(f| z5YOp1bdLr2jl+NPiV2wG^c%dFj?;Ji;0j;|dZiWiX3CpoY9J9-@3~yY4qL)tpOl>v zw>E0>CCN?Q9^1#pyq^cmr_oD1C^sOy1mT7l-=~cHV_3A3icF@BVR9Zb$~3COqbCz@ zWF{Wdjf@5Ux=9WwqQiqt!kC8<5q+q?OClM9eZ&g z!kGN>x6T-%47t;!Fk{*y&<~3_|IUFo78BntwlnzeNpYx=5fSzdEigBxkfqdA{OIzR zh$-ulFp_aomJJ&nryTO6j4Lvdp0bb514Jz16l&`#%1ReGn>psDT+NWN{16{geZp%+v(grZeLQOhF zi&4rXDpF;Ib>cYOT3T)3ZQL(A{8*C}MVRA)GZmX2>$Ovq7EPDoF?ZuL%T#@HJnBr@ z6yi19noAjG3OoT@2|U)qsKJ&~IoN}~OIF@lCf58`{=+-p`RZN*^ODohP3sik+p|ks zp%Q+xT4Jp=)K2TS=*y91qK?_RTVd!6(jN9eb`QDd-kzB6zFS=oPM&_AyKa>E^u_QW zz#o1^{*ocxGAl(J)4xkQu9S*p^RSAlvwZ?H98L)=ljJ^aHd!~HvNo?g7SUOXnMY}% zpLL-%+FI7IRw~|eD9>sU=~rbmb$*XAUeNG!?pLgxS|B^&NIiw2^;mQvLY+!D_}txQ zZ5JxH9;+0$*`S?w$etY>KlR)cT1urg&WC9YAmUShwr$@DlWF|DB2nC?x@yWQWtzpM zuwgEm!^H|loo3BW)JA+(rOh<8P2L>jT8!9eW;G_b`3~h;$u6z8!RPL!6sKFgpay30 z)3S=fP+n<05jzdwf=ksJfb3}mdZiZr{^r(#+4<&!DJ}(0qqNRz!UDApi$IQTms7a~ zBB!Fn4_DZ+Dv8DHUM#t`#=kS-MJW~!Mzax{I=Lj2t~1`Z+Bjw=BR{d20EMGqrT@l9 zHRkl6KjoYQ;iJcD~G-&o!VXUxaz z7e11Y^A|ssj`J5jnvd74zBnI#v-IbEfX(pBe}T@}lk`hI(kJ;#K4wqYFMLcvOso+* za%1+=R-Ra!1pk>jHV2F)8vuIh^wab4^cv9j67=C};aBs$br_NsKQi&h?!@1GN_c)@TiP4Yy-|*k|0PsC~-KSCZ-I-{_{gt!1f&TU9 z=Nyp(kSz-aydK`G*sZ>3f^Wn^&F3U{(GJjDBI?i`8p}a9aE%&@0xr~tMdFGI5Tb;Q zB8uf2RTMO7l$S`oQD~7TQE1VqQC*`_qP#|_M1*S8T12Z9T2y~gXpyZ^pQ2o&(xUxD zsYkp-sYgYl)FRy}v}oznTEu#k74thp7PK5Ii(HKa6#Lf;EPB@~EW$fv7Ub^fL=_Pg zQINAyMn?;ZLOOI7BGzjtNZTkTBiyO6P_-kED~)$``D0~WKGC|)YyK>9UKD%#LGC;W zcAcpo*m()=3e&fGUx>Qk_wwA7gMa<BXc_e|}qi6?du7)RHDe=s(9ieQ6Eztxr+n~%f^m0teB zre)7NNS@q}Z?FmVe{#hBpJ}OV>g4v*4EFz+2t9L@e@uk8otc^2ki%|<>xg0k7z8lY z6#*DY)6>B=$EIc?Bd=th$({+ZJtkmQl&UJ*4Xtgh(QPYqZ7XebsM@ugGiujH+M8Xs z?|lR}QggnYnVnjHEx*R!edm17ww-5n`6hVr_nf#1O&G845|jhklV%uZg)a?zUaj1Q zLBNnhbB>9Q?+gpcqU$MP%A(F#z?Lv^Mh(D%GhwtaaApk9f;V7J892fQb-*4mT9`8C z41NWN!t}tPF0?OWf?*j(J2%dDk80w%g2*-S~k+e7{97y79ucF9s zFrtmW#t>i3PPB6}k#=~{guTg&FzGw%!7x6hD zNL#{Jyj zC{xT_MgFIBB7*r|jOAQ+q9IL!j4Q-2*#b_9V3XFNStIMR%63q~OPyx^L_vw;+2T6V zq^DaK1IA?pig*x@+@W6M$Y3bE`jmw?l*X)%HX*X+V!=e{h4cPz!)bCly&jDV7$Bss zR)N1sA5dkoh$e@Mzw5r`Fk!Ty(TdMWJ|)q!IRPYAd);(xVtv zW2g(=hZ7F-XVcCI+GvYJ*dcr&#%-Ed4N7Efo=O!8lP%ZhtxX$k0wVU%XEQp4_N8iu zJu7OvRQVCOd25@ozdk})ZlV?lsqMw6I`x`U7`&P-4hnyId)=@}r5jjQQ{QQ|TdKK` z6Ub=u*`>c~47ZGS)8uEing!#tD}^X|wY?%huAC+&kL;}T%3H(Quzw2& zGEL19g}=c^o~ZQRZ_~Bz2Lfr6c!Kz~b0;UUc)bdhq%yD5B>a{Y*rG$!kvU`DlH!3+Zl2nE5;Kk`+QmSyN%(ikKt1XrN@5hRgD59$zx_!sXYP!i>-J9W3 zq^f_=U;!y}(8{?NJ!eh@jM@^aHa2?=a;PHC(ZQDH)+}WX#Hc;Kp2iaCsJ6E#8~gG} zO}ayiyz3=NmfpF`+Zc1dGj>Lm3g@Nh0#q1u#3Bd|)CIYVu*&z>?m`KHpcm4vAD zXQNc7y=q&|vvnywoy!6fFYlIZoq_d^nZM>}|1p`q>x_N2V^tXAL5agsaW zaS}WrdT@T`gPo!6VwI0`3f5jf( zQ+ahdrbhWfduT`ff_q4X(hvR64ebyA@D243@M#_57x_vY;uq@^JFrglFS?UY^e?+} z9bcpN0e*;u`o?)93wBD`43-yovzz+3~{@@PvkM}7b z@)!6j9&#t#tG(kL_g8wI8~0aytsj4(`d~lqr~ZIH28Q}Ze$$8g#(v`qy%qNpH~>$? zS9&!(7Dw?zd1DO47xxo7AWzI!dbK<@NAW{@;|$Fg_Y*uoPt;d>H9b~G@k4!M4b>O- z6Fy*1gs1vIdms$m6Y~>4a8KM*e)Tuqk`<&tdjf&Qd#y8sU&-r zT#_|NF1<2TF2NcupK3*yPo_$pPq*UZm!bmw3R8*pkg4S98Lblix}em0uc<_P&|IoD zb|%ppgipL8#iw4y>XWBp?OCnD$EQ!luTP*FK%YW2-mBz#C#vN7z*fo9r&0Cf6RD!u zr&1N`lc|#Z>Qu@0h^l0J0FX*OrY>cAbyRwKI4YI8M=oJ{qpJM-YE{YP6RYz1AyP@x zr&eYAK~m|oO|BYPpKQhbB5nE@pn{5*VwKP?-J0w!;R<$}Vuij|vN^M+zM|nowx^J6 zey<>Vb8wKwlPzxbfP+^%;p|yM_VN(R>WLS>cKoJOKLPDgL`HwC%j$`ETQ}j`Q%**I zO1^e1*jGsgf3K_%l?;D)EEsbB>KhOf@-D%=EnhYmYy!t4vbk^Q#KR->aYq3;Y+M44 zM-Ij#*fyB_+Wt-XvG&FCCGQue12vaKz0c{y$|GMFjy_&{N7RX|NAxl@b^OaCln1mv zNqwL70j?)5{1vtbb~nU~1A=*<)*@860cJOh^$yNupt}KaH+bfbFXQglSLQo{+mLtz zIA55r0|wo2^^p{m18k`Svg;sj3*1fFlS2U80P!;HoFbV0yx41imjy4bp!gCQS7uyE z^Et((sFox^0UuYIT|utX_dR8O{i5&N9Q3p-ct zwn%&d*agftWwwNV9_=q0Zx&uzvko5D){4wohuNaB4)nRsTBA$el(_aiANJ9GPB3`P!YC?n$2j z7B&F_h7d#~M>arU5e?D;Dhf^nNn!wkk~70gPM0|yWv5Tj7^SsS)v;n%RJ2G`vyFx# zj0k!U(zU5BU6p#7sq=rD+jPE>*$tTx@$2vD&T*dOJ$s+!WIrDH*5d&)ApAN4gm$Qo z+WJ9kPeyNjVvOKY-7Gt#$dlCEY~Wmnvot}zT0e`xqE*& za>+2E*fia!7WWLxmJ(B~wTK(3wbw8qr{vfuDC9BaoW;`<9Z+OoSI{iGtfGZPlUVQZ ziV3^ADyjQu@g^|jNTl*lI>)h!vWu>2jFO-+l~foymmQ<%G7SRHL6c_fPs>@AVQge5oOC`yBM?O<`al3o1ww2oYvht z%eat0zP=kxe&BU3c8}LVS(r!ysXtiY?Hl)&!hrv+b&Xo{x`a5g1X%g?slWj_$ zN7#S^tJ7FsZFQ;c9?ExK9V?mR?4kq@JBMCp-o&)>I)|pZ>gY&T2i2fjg(UH2ZCSfc z4I)>a1kJBM=^)WiCW6fP!aZt{Xc#{IY2x--6Vnv$O_QZa)AS{6pvfS-MNYBFH;$#E zK%CRSOsoz zo*yKz4BKp0;!jt*aIgI#2e{pM4u1`f<3E(QsZ6H8Su?>oOHrcm4vGL+^C0v5kGnxClJ01<|Z<5p^~N6Efxo%g)ug6sdEeTv!n) zPdvBN7aB?9z&9P%k~{hEx*REH0c(m|5H2P2b{)Db^~1%pC3*>B6_K`?NUvz3u-_=J zsgbv*cu`YL_ai`&X^8b`avWexJKKe{r=SYHzvlxSLP`Q7%lorev?~aq6Q;gYx)JNk z>m({g?N$DhiBT8_s|VFq7MWRqqoPRNEMrU_W|j2_=rZz^B?{9&c@F-pqoq-71a zuDT|J@tuK3@Rp$`kDTFv!Uwx*d3Zi9Jb0Hd1wV*iNA<@%AFDSeEzFK0q?my-anJmykXdV1X~DmT8N`+#A6nL zIg6@pRIm{UUXM^^VT-h$r>hecvJp#PCmPliFQgGeP)Dl5;=To1iY3z_4Za@3N`m6F z7K3gaYzC_##qb=9c|DHdR4iRlTQpawBf{O?K(12`cOV1TV-J}?VTBE>jw{M4$ZIOA z*+ssaCI(SUUGWCqm9nM3JOky4CO>G#ed-ICQ?3N-nfStuC*b&|D6@m`plY2BcX-XlJE6KBv343Wi}t$i^f8y1@iID_~VqR!w7Va_@woR3mq^P?po zgP0;EhXh(RqB4s@5iUfE4vjD^gjSr7p=n{a?9tNLp!aqN>%{A_@KH9=wM?D+i`ydQ zanXo!&-A1$SCekzZ3lF|Vg5P>>IeUgNW5R|NMA<=4aDro&1OLSt3UD>FG*MUsC7LD z{Ec$cI6)qn!yNgQBK|zbHsb2JWs&cXt0MWPe?M09}%A0 zMl>R^_Pk(DY2^S?57Oo2=`> z_l$G%C@Jcs(Wc7yFsw14AZA5X^mrfy*3hu#>JT#qQFT%W-FtO^2Ghl;5X9fkMghTu z9P;K7%J#~p&Y=-H%L64Dbb%fZfYXSLcn|UvwxdD*JU(wdp4*v0K73pie=@vW@wXci z>ZXx*{CLN{EU}f!NiW~OK$4RnQQ=~s=wk($Q|O*W_Y-DirTHPtD(QZYndXnwCscd6 z9=x}VaQSOKt<`wA6pIU}CI=~;I-2`qx^y3y?|K^lhyDfsJmCh$&>;^fdIO_mAbDp% zwsdLQv(8IW+p_i;Ya%&03GzmJfgY?EFjb{abA~p?j92n!JI^xPIk6XC#nF(K&iHQz ze)B_Cp$k`)DE5lqJ(6!9XqTf~9V$J-Gw-xENaP6Ux1F3`lm{KT5lWE_5hXF&j^Wsf z;C~qjimwX%9!Vut!Ro=ud73iH=9+aY97JkyUNUkqycl-X9)qZRti z$Rfi-?fmDcpk|zS?_Hquqja=ThR*nBv09v*TmSKR(a)3#zax$K++q&_vj(6 zec~m1vbXfnz$qR@k5dH>0gYoTn8b`~;L`KnySw`u<{(*4A~sH^bt2RDj8TEw7%>`@ zTILQtA{X_->8ZWjh22W1a7nhtT0iOkiEr64M@p(Oq_EC~KJ!WMeR;{9(EtAU%N^kCQAiw{jU~l})KO^+ zhd*Vh2cV@H?-uoR(?m`VpI?%p5bs`6(P6J02F1wiI*G(faw|GaY zLGD!#)~^^d;y3hZSVqmPXi36W2hZvP{@L)tsWfA$kO=|@2t&ERoA)(e`=h?=C0mND z=;C9$)gT79A-76^9~z9S?G{pY;B}`eEE)7+`piJe0`@p&BfP6{vVY$mEV**Yl; zMHO3lsyF^w8-^*DpSPED6GXKkVp^|m;vdqVq|RX%ZTC~Gntom?4-CvDr=ME)n)lXStx(gDU}WA(ZiKo4IH0khmtdXO1t%VTbPn3ozv zY-qGaor1=_|3~Z~BtBohVoQtt)ABhYi}oa{`=-z^k-ZF6Vm?bZ*EBuEY!nBTAMLwJ z%DJgw=k&D9A<~rQhVYitih_8H$^zAqU^cmM>Aqfk&`>|)BVl=4AjLhnV&kqlaijbV z8^22TD8-_h6)~C{Nz4YkUACV}iz<2Wp!F;;2*5#h$Cd?xQfKF^N`ec)gQxS*^GBA1v2063;pmQe=J;(+dP6@b;a2j{tI;m z?}(s$4p4P^rvOQ^2eJEw33z`cFyW1pj05Ry`ZI$hgq<@ap**vxW6@?5LH^VEwxHLu zun=uKrVd$vxQ|y$8nIjvqW}<4Y4eE?%0!aN zj^avFkqnR&VJ-02$2@%e5C$OV0fG98dZ zdZ))40@jM$Lzt)c44kkhBn*LXi%S|P4W?AMw?mTGin^yR(W45_LO!yvx8VwIiA@+F z#i$;c4ac;%5om8EPibND#2Dg%vUrsmIKi-nWb!m)?>5mS_FJBeWH%`u@75M8@|s}u zTH&P5J(|cCjqT0OKwrs_n3DZ*$1*3&kkszdsP_~gaBHCgAfSfpu;KV&mc6yjIV4Jf zm3}p9pI^qom@koPjpREUSohtPQ1475dJH>T`pEsU$;WXeV5iB=bh%Lj>|kg%Fq&vc zNM<#bK_OeqvU@Pr+kCWatA;@K$r}}4^)x<=?*luX-;5w?lj4j%%A!pziZ|TVTn&gG6a2-RY#V7neQkc(XpGg=UrENCf>{zO3*-8*4dkkR4h}ilAmM z8V1sZS?Vk`xazqchSmS(AU6d2%+;;ce6_yluy~TgJz0Ka+z4gx& zL&M%%r}CrK%AEWlH}*}g;0QU?tYsFHlPlV+JRo)=eaS($5YD#5Te>0zYDD#kri(~K zytl@-Bfjk}uLSYzBZF7rMb}~{x&7s`rPggM<^1>YzQu8aS7k^a7M2i9$( zJ+x9VdPm}x{PJPIF&JUcm#upkM!a-aq2JP>@0tNiu<3?;i+v(-f|iCQ9&Wt@n?fAF zQf7KFCId6wboB)nti{tRy;!BL4Rk!}65e%bjK)$I&8$LG+ju~;q2kwe`%2MrFsbpS zvUnM;Pqaqcnnxfs)!}cw*faK5Z?yHynPLdlW}6u19ASBf8=)V(p{pLnb=C?L-^VVz zWB$gZiodpr>vKWtW1#k&$^R5Pgs=yY2N|;!n=xC5hDWcNm-R0{guZ*mH5@YnpPn}; zBI**749CpY$9?m7Sd%nr?XH4?R+hvcrWkpMRKp2_!@K~b9uv^+M{m0Ox7Nvjg5%oy zym`w{N5KyH|B1WwPh9+0Jj~MgLCLG8efvC29|i~Z!W9$gxgy;kLKpcd;PHt|f@I(^ znMtM*CD1v>=P@GcEb-K-RCSzJSM8eDwGThZ^9PB|sZ?!Ld$m?~RLwYf)m$`axGa@d zecxaRv)jm^cc zMZWF(3b?;w<|`^D4)^(5H4pNsfFU&KUH74Y5^Kg!)rWF`Y+LG;A z7v3y3hI$dgfqnit4<}SXk*9p_R3s0c?!SsZCDAiTEBVwmNju?W7X(A;q*gRhp`6O> z9w=&(Qp&P?eyN~sF{hUWbK!Kw&|?XfuSo+tDx$qvC~8HMq>@&Z)ADL$L9Smf9YX17 z)Smx0y`Cc4N&pm*-c+=>aq7(NK8%^i=K( zsM@Fqmp)irK!~VH;c_x9?SETXqjeejQatZfczY9L^h^}*CA2~fh80eXn3z@4esS)i zxUE7c@D@EN$Hl?5iYR*%{zMcdSGKKY??RO|>tZsOu$424Y<);q$BbmsQ z5EFx0ff<CGg+u7_V)8MDmDv$LZ~gY8^&uqGUXo=mH|c& z2)9Mp__D>Q0Z?E{owUiUJ4;b6huE~l=oI>uq}hv^Ipb6H1`P@Y&vjy%#Wu#89#k70Jz)2CTS?F82CnoskB{3YuJX>*1ilo|Di%Pa{; z#>-2n6As(2ax7knGgZ%wOm(Z&OcUj21`?@s(K%CLIFV1!!;EP`6Uo$wT3S>_RTZ?Q z+0}#-jjK4=e%BoJo|#AEssr}pd`{Tv z^wai9^;Dy6Fzx%Ff+pr{TbM0Zs`-hMkCu>ThE$ou=#aR5qSS`;miR#dC|}^XD3f$Q zo}Q8$&d29;S@o?wYOk1^`eQI=C&S63auoT}vP2Ga+Zm^_gYS=ui~TLPROCh_#5H{( zYFQctB+#TWBFUnuHG}~JX_keg**!Pro@=z&$&TYRDE{OMok0a`#(Q+pvrm(EbJJi+ zDKn={ud&1(cfQ0PhZsu`Gm_ZG4yf=-qJI_cpk9m!12FpFt1jU?Zo<{(iMLR)do!r8 z`T_bL?Nm2$CN4`jHCn}aCvjC}G#SuwLy1|7K!ZWg?%yy99fP}$YwZBgHHOxKlvkRP zwMbVqTQ!MYxvlRebR?}~z5Ij5$q>(?poJ9#7YUSCGNK!dE+R}J;pT+m>WE0VQL=|q zsLz(P86%pYQDk-tiMUZ=z_~jNzP`uV#LQ^#C3y9X>Vvrl!rRS>Mjp$7G zj60{}@z+emB}&Uck4PfIVn|ZeE5p^|_efwssm368retILS$dTaCU2)yxGT7356t1~cGDQBZj#xF+Q zuhIkbRn2+&v95yTV^A-TMIZ(mtrg*{c3Z_ov~X=?)OtY5qjefw9ko|j7GxE=)yl<( zVUgMeYnILxD#2}P?0MOo*aHLr86XZ2;$XO5SpC|ed0D&qth0$lB<$}D@Ed|RL)^) zWBKlid@ccscf%fc!QS~igBVY1m}Fn#P9{VJxZ&6@s|QadFt2f`|9Z_FL61Nk(F6eR z`~B&4NC*uLo#P+b?}CCe%@t#?4gA_cgEz|@j_~OW(>FfvP&=JxiL`(t?=Bl;gH(+j z6_eL^hc(Xqg1V(d-yNp3uz{IAU7&EwKFJo5cB~bXVmVDPXjb~#*D&msN&mf;!hV~w3(9%?M>Ry8BXhPRL0mN42{LJ1U z|GuxSvr-OUu3zL&$@bE{+-$$jI;+^kbe=Y=VyE+ZT|lzZFX(18m|t04=r(z+Izr%& zzu1B2f?MocIAOzUd%voFACXtPy+yJ_<~R2_pg54b1uD#NLe_N8*mz)SQv-BAUWp0{go#lWkqGKT++OUWiI2p%hLODLJ-2Vde$2!~co#wd57 zM{duwug(j^Bv-^NG9TH1s#k7SVmFkpHX&=9-i~&OeYd}V<^14|(+)lZX)!?c8@BbTH0^11%WkYLon*>IzRJyB>rq zYhdegf41M?x#{cJhkT%~g7NM>TsLS!4-Jb+Z@ji)FPh9LD#LT?eUf_+tz+Q;%FHrR zQdd8O_^gyOKv7WC=|D?>x@&i`>63@+9Y*2qZ<{muu)n_f*2Mn4oPK%9(4hEe!upbo ze#Vth=z+^E8tEwcw%DaJgUJ$kYW3wEH}&w;e_`3ZN$*9@>VY|9&;*$<^L@jmm~yP7Z9b24{NHE>mt4nWjgGeDfBq)KemLF5*#9a!{lw zb6dTz+cczAp)ay!!G$l|0RIFqX#?XnZO|pr(L99toIPN)RI&@{A&dJ$C+lSZlmvmd zZs~K&k~95~f)WgR%c=j$oplYH8ijgV>mx+?71;F3sJIld+W$gXw&@J-7z(+yKkT&6 z%+}&?qCueSsIxo^k}%43I5$aki<5u$XKk*g{GyBf(gXXFqhpNi+q3JMT?5TF{t*h= zO1JUN&h^Mq(197#-)>GiQxcAcTv(1uO(9to)Z{QaeGg67Hu-nE<=-%IAMot_2jrZ@iIkoiQb1ib?~foKK>ynD(3=FCH1VS z;i;E1Z@Go|%zQQw8{`#j%Wn15fWc2eFKzrMcv6VEqw|dcQnE1I2`_TV9)5WO%QD$q zi<-HW-#jk1ZBzniK&wL?Ww(`T5c5dCQyFECM?Df&f}4j18ZAkLi%Qy6AsGYmap914 z_HF6XTcw?OnB4PHjRmvhR^fdqbFR5@3S`8s@f)pSO_4o=+i0B*mGK}TdP=2%Z_^;t zvil2TSIwqiEDq`-toS~&4%#7#K60dM81p`uJ6ew=m>b__nog+@8z1uW$ciaI&>dj` zt68;mQAKC{JP&>m1F;V4wENvng-2fILH;kcA+dxJ^0*N*#UX;yn8xC0k!d_i<0wbt zxO?!5(JCS4EMZDP$__$3y11FJMzh?z<{ihH$dwH%#&vEf9j+%^1BO)4P40sxF&AfW#liCMY^r`0t+pslHc5&vM(ly+HOD>#EKG9Wi zj(8w@A}5J`*!M?A?^3nQcl|?%Roz6V-imYuQnx$NbV-?9K_`StaJRoWz0JdNvkf;` zI*PyC<|yILTw~EhqR8!Go~1$13{kN!n;fgT!N!=OZmbu_n$!qa=Gvb1J2rc3w?noN z46d(-0KyjP{@SU5*h<0dsxW$!;!*rUyiQoj~& zhU1P}y@qW@pB%w-;<@b4+=JYWX)93JB&y#VhmC3;>bHp|k8Kz=bqZ<}YO;)T9znFJ zavbrr>Bxv_$&3TIwLpz~9L9F4S|`7c?Im_9Z(Zgt)BA6)k6DTmMV^9rs!6;QHv zWN4q7obCVZ*t10ZWh6!3Wch-#w?0xAs`u%pvVD>keYpl(J70*1`?TMO>iV?g^LWe2 zHLgyMxFtNj^4rq?l5zgE9z5ok)2?Sy$MEaeQ|n@J0ZR&}qbdWCa&m6)jM}c6yhlhvE?TNLF`_ zIAoMA@kg6uT`*k0Pe8QMEZ?N!Rm6WPbow{gFV|;#-%n9pEii{Hni6@U%ONlKU2m^Z zYy=fk+lm~3i1ld0(k^h1wu1Xk+?Xys4x!Rg7CJBTctI=~WHo0&4AxD^PghElYZyy> z0^U9{N|SB$;yg1}%5G-6x+AFXyR>$6gW5zKYv_N-pH)a}-FY^SyFhNdog-{Pwf9i~ z9>W03e;Il|klrH!?4z20ACb!I^SDR{ACXkHQQ?$tNlrEdML9{rY$GHCjmm=Gm;}B! z^uGh|ea7E<2ZeHphV~dQ++tS7pR7@Ru)yj|!{}T5bLkX2`09{WsoU;#O>M)+j;2b9DHOlSrMNPf%on&FRQGw*EoZq#p>)vF6ISk|hp zX019-O-)C+=@mRAL|5OQSN5D~nS2ur+0Bef>aJj~^ps;48}yt^3K_Jn9<)oy@9hWm zD+gn&Fi|-t8FW+ta%wNk9hDE#d-qH+Gp@wX2;>+h$4#|qF)AY!ESf#w|w1&I1g`>}WBJGgBv~cWYVd3B< z8_d`EaML`KAJn@lN`GCZlv;il(fLc!v0QJbNS&W)JH_8tfuUTDA*9t*>M}JXp$b%0 z?H1a8d|T&?@1YA^nu_GKKG&sY z?aW?Y18zF!3R(;9-Uv)f81k@k=9XH}n@n~8$81~wo7>fLBk%Al>1z&w7^HVmDn=P3 zFZ01nEv`n0>xodNFl6YR#=Vp7nC`!&i~kY(s<@G8{z=7;|C~R1-!B_`6Ixe&GfPWa zAsI#5f5bi|dp&ChkxXyOnk zcpOOsGj1a7SIMcXZLLM#S^iPJbZHJ{)jfXR zI(IfgX2himg1?v`Jm?;bFB00GoF-%H~1r7`${ zqH3|50wSoQVb$eQFK|>Mn30s#uV+(5fo<6ml|{fs=8Tc^ze->Kncgq#za-f|)4K3; z68%4?SKRtPtgF2uxgmb+z=L*PTS$uGEQP5mwYdWb3g-w^&RFy!!6!hR3r?4)xO_tp zRI4mK2Lj&Ejy>YF>(I|SOt`xSz8^{C8MD5X=dK| zL#JWtn9Lh(c66nZ8HwbEL8yIRAhJ?rSAxd+3(#3LHk@I{D6k-7g2rW(H%#E#$#3B_ z6&0v9j$M)VS042y(s;Ih>^v$HG3O=}W6isI$HlBlx{7X(Y= zWuOOb-MQOem~vhgwm}~k7?5TZ9+Pk&!Xi*FP{EdKYg_OGz>L`V6o!4 z3Bqk$qi<3Rr0hlgMqD9Yn9C4c|5BF&9SY`~804pedfxB8bp-qD#)hJle$9&lpmcc& zds+MXK40#FU%f_h$$kGDf#{$0M`a1a>i)?UeEuvx!T)Fd|F!Z(8sMIZOHI5c&*(g2 zsZ?+RhH8Oy;2B^Vd_I0!j*<<8$rnq3uCH00P=T6sh#g?9O(q$~G6fWkB^ZZhJ!qeX ztheA;c!=4mVuXI1b$Qk zow2tApKYSY}=`dwEVQZC2)jixDnooh0lq_T) z=tCALQ%J5bY+US{DCAw3p3rU#%wi~WzJ)kbeg5&$N)DJoxm|MBImkb{bjUA@8>Xde z0xXbJB(->&uXM8IYt=Z}eG*_f-GzpM87t~{wvNTLZgd#zlSi#O!0N+Em=Zy^La?(! z$+NTrw5?ZGcqIV(^Kl}K?hwqHH{KLDb%%wdG|b2fMUR2J z=1Osl>Zg|i=y4M&9PP}M&BWD>+`timL_bdg1?N&}ku;AXS9ggq`v3U{5zYp92RaHhUa_MY!8*O9V*GjWW*ZQ}FAGK55k~}xUEwEi!Q0t(v z)*q)VTC~c$w-o~`U?4cCcdx$q_4QDi5RjCrAD=>LupfLwlHRvFxACQ~?^epM`nLc8 zZX|3DW?$lYW$Cb^x2jq>sNh1!c%pzd=(_dqi~BdYv&7Ai@a$jhVA(rdnc z8LC=-SXO^XN+iUADQ)*s7PlRMuVFEuOd?b*KRLW$c_ygO8yk zJ$j?zp*b{2AkswO{Bs?ECW8$8S7QOeAcGV=Cz)215r%O79Hp*YXaXS4vqn@gRGlTw`9w_M#t)4f z#De`5ctZSx?9IG+=^RnLMI71r#&JD?-T=FhFFAR*7GJKeZ1%J7)*3O|=jF}M6E zalFIihfCnHOds~~J=Ae7dhl&FU%p}xp=>)zEd|QbU*M}m?h!mdklT@;N=gt~RI9{p zr}Q#Fowb_INs1%HNJn#lg8u;d9^WZ|&yO%ix|tgi%OKFM3k7lrpAneZk5kTFARp7~ zH%WoU&cbp&$Cm13;AtSYPK*N3Q=@aOrvjCsGA(jCoD?fe0sS&5nNkP8I81P#LD=47 z(mK3nxZ40c@I+C2g!HTw4uRj=Q8bPEi`XN87Ga5!BAVYJO^oeQQbbph%SC-3e@FvU zw&4uFtV3V4%n)ju;iJ!1Nfy~eCUb<(Rlv;6{B|D6B)CyXmC~eSLokJ`O@s}+LUV&y zlN=xVYzVMpJ^&{ykT9O)gJRp^S38(5J}6Z#KpZ~->FZ9VC|)%`<+}vqu^1stn_lIQ z_Du~JHKMe77T&rwe6kuU3Zxz$lj(Pw>6#wUN;wb(-^0U;2ToGaK{Nu19Q8cU6Qxlq zUa;jDBH}W)<-DDDH?vka7v-2R+!K2Y(H(C#2zvtY%L!e=jIMNLK$74o3bR)RLXO`> zrPyr{fve7T6%mL<@7ycOy7&rXi(raI??$Cvy5QZEb79s1JrwKOcR2n_Exb5G7SO+D z{uGWIe<}fkTXIJHflCJcDPZIVGN_+kHtHID52CJ@WNTX0!V|iyeD2CIB&%lWm7^Qy z{IXybo`BVKQOd=DD^IuX0q7xtGmG+x~PZ;)Aq#sk^Vy0fPX%QeoxNIYE69b!}@Egs|7<@EWtm5Zju*CpmAt!Phrk%6TXo=bH#BT`Z##UBk5z7q z-@@jSuUGrDa4MTqG?Z&&##msbgJ!}JRtTf&XLk$4o1#jDFwLXTH3!VoP)p>^w(yt@ z1tlWFNh}Gwd)>w*FFIQhC*dW%Ujf`wrL^hl<34YCoqohAL?kWbptK1s(IqXf0>Tvh zOD3FH`qy3TQ*DVVk(dAQ8r>7$PFGM6PI)8jObMY$WQRCtSE;B>fT=Nrsa+X2Vg9b- z{B?EIs;-ueK2<1+Qn^6*TsAGANdrYyB;Q|3Qu*j^LM$=9 zsRSpIbN{i9+jeMS@{#ElD66{06f}aD<2T8jVUaQDABue)eZ`(8OXP?10UkXFR|NJVkm|_qw0@-2goy~N%QevUBInKizSa%nA@Qq zCKQi3>Au~@KTuP3;~07n9x4=$RSmqQ$3HYCYb4WjW8R?2AF^KM$SUY1RF-!1AIY?o zW7d_Q$gq`rHcsVn%5jui&gE0fx`)_Ya{Nxb4ZeKm3Yz6V1&4XU5teS`y#PeWF8cNe zQ>Ta+MTF8@vQ{&si&g3`m1kq}vH9*L_c7{c9nV9$mGKU47e%fhV1S*lP)&ZVhczXU zw|2TUtJJ$cTvi!UniIa$oS#se6N^G3yGA_6H3VpxC(}>OiEA`<_;5nAono&`pzBCd z8o7tG%=6hqHzjTAI8Yj00hi4&g~zl4xxGsfz|t;D*j`a>N4ug${Hn!WUvn z5oCrUY=$#riqEXTZk1oun5Hs|;#37;|7%$I{fs`+7W}}U;XDvfJqjm8OxpYr6KtbW z1T>eY0wZkS(%cb_qCpVNRRqmnCo-+q#96_)$pz2rgb5Y7MR7X2u+}Pk*m)?56sCeK z0R!Axg|N>`p*2T{w)KK<$DhZ=6mgBABy<0&aPvGr?~2J(3lw@gp?EsWw+nuAtB}m? zfHWb|{*3%@)lU{%7PDnanQ6*V&D(2u8(#PmJ>airCAdyV%c#~SzuOsWJL!=~G!eFF zeDpx8JcTn?J5<|}J_&;prv1CK8h zM7$IdQ5u;XU~Op}*m}80e>Al;5-nO}7Id@axT-M7F_#7CQ3>SU6%xLw_+O3q?&QK6 z;xmh2xc1We&KxLUDLz`#s%_D+IGO8##MnQ~T){_MOA~vMpbIcQ%NKh)a}~pT=9S@Z zM@Ks%pURGC<@tgv$cMTZrzoYH=L9?XpD++_*&qw@L0qiScxMxCj~>XGXlSdfT2tS&hF&o$G4@GB2h2&Ls97%Y13rz5{e5gO}K3GJrT`QF&4-@A>NMIe}BC z!zM(0l)SCuQ^N9|9q>TpR}Wz@VCXeG8+LaH%R`zLMpZC^kZ1HTd}W|FPF)R5tqSI} z14BZOY-wodL+xGZppUpP1_V!mre*aE>-$0x_4b^M=)p78B0gCWsOl!*USaCM<*B$OWhE+9G4;+Yv-3;7Bk6${moC=g}|aerd`#?C)ee zRx=d6oO=CkfH9q0QhOQ0er(WYvd5LaC_ICEhl;br%-YXh6Dc8B%U&00ST7~oN-v2E zC{e_p5tIK|CAzD7^b4OLd5apV?Nx+|pO#72)?SoxfN_2?{3$daPZK&~k|QQ!!h8pf zH}+z2zw?A`b!P2@*>u=2%UAQVS7gTR$MEkkgFbBd1D`&hmYehB3&)u`9@_O1&OVaY`0>+eCPy(L8wMe+ZW*_b)knm-zba|C z^)KC$HOY`eq{=ZC7hVw9!TLSj+pZx~DGujcdcj=;rb-!_P}vsGgThadjxX4*NnN$x z7SX9Q@VdpL)=AYYAGHxFoFCXdv2rE|-?(t5Q0?h;2NhrSe`->0%Q~}6?u@jiQW~Z?U8!~bwkYRxhFBk# zJTY|#I^Nv7Lu__I-AG&RqCVJm20`oIsdoBv?yEkCbG!F8-ZZUQj2^N`V0Vl##$M7% z93sppc1$St-la?Keisve)S98+&?`R>7B7JviC7K75=?(VzYS4jr-q`Uq1(+g#`B0A z=@X=wp?|{0SD>?26v>|Y>~)oSf12H6H)sS=`G?0Lz$8evvy|K5ORni4qk!xh)h>e( zwF#th!i(XQ0C>iN+ymG@m#2RXse&CSuH22JtMPhU!51BXHQ%b;(%isuhTBy4IQC(i5}Xn z%#P2vwc5Uzs&kx0VP6x`EKz@`3?V0l)lsJ)RRY=yp0Wc?Cu0pOxM)}QU^EedT?pUot!c3E6bqNpy8iyfsb-S7@kx}%WD-cjWF_6vWD zVG7d?LG0##c$H?`%_;T&mZE&6))=^v!|sv9eB}+T@izp6*+3Nnn$mm$>#s=F5uTe@MPm-^%j*wN$*Gj>JB&iL zzKxuCYpu2gCA!ZsajbUf0cr&8cUm^3{g8_eWZQTlEe9FERc-l5`LmeRW`Qquq94oe zBv}!KLc&9J%W;AT@(iqE{=zg6MUcN*ia5xr!LwkB-V!J{3z(X(jObq+Q=?yLcpA}4 z%TmsenM;|^B6LwQeQ9Z~gth9QIcjIHk>!mmVP>8-uu#p9LxU||^mg_&QfeMX`2<;E z>Rk+ak__|tKEu_Hn_{al` ztEf=m=<6vbkiHW?{COUOjsa4Qiy6JHV$L5cEv4`_izi*5%w8^APBK58hj_og-cWr3 zl%N_7R{1Eq6{Z%*M4%$|rAAu)z(^J+RyeYSp?t}cemMF z!6%*}b%gsI4A<3zID;0&hEim?XUYw?^w)A8xXr8(h)d5qn?_o!)E~3_D{ixUqZW+F zA}EB9k<^1JlWpQg@4*a`lyWaT)9SR=#%i!!S$sAd%q$d*>l03n#*96t4bK>&dYcmB z8$?ttJC*aj@ONeuCkn$WnVVIzuP(n29Z3ics^y+7+4q2kTnb~aD>_LyY!?P&UdIM! za;x@+-eEyNoDQW{a}}{ot{T&+r7Qg(Z?tV&fYV#OtL5VFb1MoBwgLm7v1_Cc>&Ry@ z3@0?NHNqv?uh+%goRsS&_9;wMZGW|&gU^#_At@;`-9d6;6C?7B1GdQgX%h3hp=x?&tHfwM*sc5}%#N{ci zo1}Mj%9!>S{S;^l5#@cuj}A>ne6>r6IH$hJ&QG0o$-W|S1XpXVf@CX@I*ui;pWXmJ&?+BIo4z682+Yz^z8s^cr zv3;PPbZKpD44Ifxb+%*9yUI61o$4@!=R7p}11G4(8zpsH$>245!(^NFv7XEGg?;Fm zq4hrY3{WuAI)N@eeL95b=@0&R*L(q+$Q>Xfgyj-Cw~9KzO)xO%R1o4SZFZ2^&G$`7 zaIKi&C%n$m`-EG2qUb4tim@at=WxUT4`MP&)YxNp1zl|p>r_OX9Sst{ljl^{(nVQ4 zGH@qG&>nKZc{Ys5WvYn7g!A<41GF%uLL2rK+toG&zLY`2L|+MGgbrRd42}4Oo&j@& zDT#7Qm_Yxqr15lfPcD~OLd%7kG)-}BAXm-!mTa~%f8?Zj8dN@5KCl92 znW3UIUEPgQiL!+~n#?m2gs4%@6gMo(K=_3#SDl$xg%qIzF>EPp&|C3Ha|7&~M|BQ=5VscLUl16U-if&0tXEKQLNMF~EX$ld4h7>l*kP3f_ zRQZK-`B0Nr|0H0D{rpPNCH7gT$v}I-=n5f{hY|7k!Wwb87?Y`)V|Z^m%)A|YnsmHO z-|+JK0Eqorf#gLX$o9bB9fG^wBSx*^QbV{~hlB@*-M;;#eo;GK=Y&;htvm0-Xh|Sg z7PbssHMC_l)UIYh?{7nVi}0i%ckj?!EHV~UE}WFf_ECmbrj70D?+u3nSWqkdF24iI@k&pi8^H%=G7V1BMsp`q{;V_zl^%B!k+INn`p zvDwUDVpl0osMyx7lPn{tQAA+$456T?tkG`V=*C(#@6j~1VLD5(V2)T-iLt0mhw!PZ zD|i^!GQwoh0gaIu!51JQt^4_``BN3vVyFlZVoMZXf;h0`vEmhOW%uEcQYh_>BvQ zR#KRT&2jU^UN-7!N_{8@qK?}Pcf8ILFwtSv&k5#GV2WWkNiPM%h88?mp@b_zS}tG! z{;k*~5|WQQ7QWu7hAd4V77f-zJ70B;ZPI!qB3L!odqT)Mb8;N#R5C>?-5p}2%oW-c z1=pp@i*~(`fb?2>rU&V{-53!FO3#0fub#8#pYVLQ%C2?^C_vBS12cl2Sr^3E+MO{d zO7vN*>3hfq3>(klHxf8V#gV;B{>MC_F|{nn6ug*4c!K|wsoz;Y%=!8#{L}YBlQn7s zC?`G7D>(o=T@R$eYjj%YUP||#adPbtIOFoR!=tRuLP<0Q<4obis=U`dEzCkHZz57* zkbm;1d(xHlMD+p6?-6)#pPj3%)u;6L4S(j#c3&2ZC#c=`E%RwLaFmt+&BFDcM~WvV zE}{gY6?%W@eim>^J$N&!IYLPSi)7?lg$<)Q*=&ru;}+8&4H@u1?*c5c4%>WwTGZ2j zAgz@D_g%nG5rU$y;D3g+C;bqjw3Ly*tQi<>jPK_g6N<7L$^8Q3lbGb11F5$J7aCdU z)y`Sc+{AIRCIi#N&4A$HlL+weJBfqGWNnhupu|cX|2w^!r)goZuk*O}MohOAe{Qz>1$-lB!cLugk9zDrW*`q_Z?`OOaYI%&^q z-g7c0>9v)qqiBuLA&0JZCuV3BpD`zKyQI*i2R3K86gB7W0KjuO=C`X{G4B1ogEv>C zXeZjkelG3-8_`t3JXZ4Y14#Gokb$=+d<^DmJZ_0W2&!)KjcTErKsqV#ilPn{Jf*D1 zoih5)?hxbsXF9I#2y3USiWKk35G%B&WUTi_#Et7+r{4|6YqsAFB~l^6z*r)(x=9of zaySPKv=t;XbjhXZ!rxiB3jY%=PUDhk)zO-=D|y?hP*JM51_PCo+dnl)r!Y?q&dkJBx3>Ku=8 zabhkYvHjr8?3!;a)=S6IDs0)IjS#sXRRk@jEcE-KK_K8IM55&h4fPmJ3FJX-Bbi+R zj9O;X%r!2JCBTd&t8AN?O#_1&AV}fQl%>u=yOH*Z5^8!u^;l2ny~1A3RP{WG5U{It z-cvw%QvDXP>S1ye*``)DHCaQUA)BV0Zq5=iyitI_xOc;CPJd!QyIr}M6Kf5SatPs~ zpN60eC&P2)5-Y)iK(VkZ9Gp&@mcMoDIH@p^B}$e`{@k95Qx5G?Zp2I8lhA~2w4BGz zEYa0jf;mF3w@3pz7FKvg^{;RKE*vV6QdqS+Zv16|jzhuDEYyDarAEe_8B0ipQ$u3n z6@^@Ikgq-My7XMjoLGNAA4ayHJCWerv!)GPdX*t>&_D-&3?)Vzr{w5Hl$rav?2 z?np720o1{gh_(A|X>fzd<%!*rS+lyqGilsEH^;Z1!d)S;h?sP*Gbdu9C6->o6} zB1vGOVXi}#NAwwqAc+q(&O_Rl{`g&!{!02~w7=uJ)axVlf%;8Y3_Va*h+Ri<;FYu? zAkQgKq6!n2={neJL84=lNnupZm1IMaVxKVeL^;!%xz<@$F(rqih(10c*==E^*)Ums zY0ha}XyjRZUjdjP0U^ySik#M}GNr6$@98JnGW*$eS7;?U#**6rl+pu!+=fL~t4E_!x{61J&%eZZDT|JW>1I_~9Kv^bdf_?TQLlFtf3A+4*s{7L zk;;wng4pW`a0*Hk>?i%V^*AxaA1Z3CgTw9QJ>IF99gEY^QZ>3qFMj?`m|4l5y^Ikn zoIT|h8m|+k7dBeeZ`w(ExZ6J&Zc(B^5XUbM!cV7v0x(Dh-LIp^8X=n6TiDz&sTL@@ zZRiu45ssPBEHlM4F)BCjn-w38#pTlA%2JMzZpVL>UkNq~`QSkoC_;Pgz2cqKwjU^I zBy`XmA}a{DaGRPX#Z_jWV(cyOt2HBllQ*~zMYCEVWxHXkxHl`13M(T|NNxJO37) zh?~KoYq`c#+R{6;;tBl_-F1(3a9bU9h9UN~Z>@zBRtsdcGc11jgV_GcEuW1T-JL;x zvhSk)iMDxhffHP@2gl{+iX~!l06)3H7_wJ{zH>Y+czbfNKm1paY;<5Kfn{QE&V7pw ze5kbFQ>g%l^uc5w!K#PGYM_p`3r9-|$eL-7dR2;gXwwV4`Ee% zrQP!_TR7@~PE(72MUn2pzj{QTEtoxl4sc!SH#u7pM272Y(fUVyV|?Trgq70S_QtLA zb+QiZHvfZz*g7YCeleGuEIXgGJrPH`+ap1ccBxUw3=#nxn?Y)eDK6kVxYA_+?J0)n zo!@5-Zw<_$ZDS-U$8Tb`gvm_l(i1piNf1MD6g&arL$oRM)~VXrl0BA!9lwo8fam)$ z)*Tm^QHxetK9z`tbJ9(+*XZ6VnAloDGQDyYETJ<$ta+NA8Y*MgARR5LgKoAr8hDh-g!mgx*fbTEp}4C(Cl2yCZ2InNMUx^u7XWe9~$!yu|D&ahd#ET3eE9lIS3 zWF}oOLqHc@CR1=dlQ`g72!(Tex=L4y?Hm_yB#r3Py6lfqMU)nANSidor`wg zdjn#KEN|N2im)55N<}R;;l(U6`Y=vWV_@<1A13WGY!5{ajvQ5;nJY*5)Al)uX}#VPJpgYVeQEF5edDbKfTS$-%|Yp1YzPW}xJVi?O)gjRm{ z^PiAIcK9BC%*^Ryhf#0IYfFAVxk7PBd1^IZFd1`ZtwJm`0qVV2%R;~RslZ)t18t0SR zcw^IXmU|=ABt2{l-xHD?_CWY9y>V<8tS}Wt-+6 zLk~~=7$CEM43NzKM;)uc_s?FBNWsj?*3wAu=d+%@o|VIY^nU-cL$*7bsR6)Cd{T$1 zD%<_8#y|vN8UV#->X@$Dr#Ea5TCMc+0SSu=gZ=vDgLFI9U?y2VbYshNG{N?~)ta`g z^3(UN2v!6`;3(4ti3~ACY5a5(!{srgP?kA)Tihtyz}Mk>q1{TO*2*J-XDN2?gIZ?0oC zZkzb%N0*FcBM4t)?8$b$HTrqAs5B#C|9TF!gF#^uxvyiLHUmwk8W{3XFftZa6X{>?*=RuGi;!V`<4JZJQM@q{CAr z2A{fcL#=URAK!*K4xGVQ)> zc$8#xR1ZEtf;vysFp6KEd5f&0CiYLLT53XukhiD^wWc65ImH>QF{LB&mwECm5jlIX6JH8k;e zw2qyeJt2%jTtFp9)lIsNjb5&3gd91RB?mdg3ZubyPq2i6P>Zt6`j9%fMT$UjV^;sw zTmu}qWko)~Pa~6!=m0+>M6A6ph=4kniC?lAjhv5xXX6aw-vZ(lik3I9dN~k7NLOP#AMV3t%chHoHpO{&Uxhhs(vTEm6^3D{3EDvo>Nwa`k zzyZNa>+SXv^uM1%#Pw2RuOHQ24(xyP`Ty5bs9@@u{~swIQHmNim_le=2G{P` z!(?O-g^l2eC}&ai&P}Z6HQECFIdE(|fKs9HBNHIx`7$ATL+1Gk z16UFJC|K7c9nc{3&-zZ(;6xu?(@5 zj7~AtQ|>rO`3%;a9O%?xl4r?JDgZI@K-(Vxk(Zk#L_a zZAF|oZR*m*Tr)>gy_NJUkVzOwyZoz{ltpabh&`E2m1G{g|JKy#Yt)hBFb$usPK7}c zEp}mcQ0~-js>!I;p#I!9d+iLnuOu;kW{XuObb6mRE(qvwXY;eF%oD8o`P)H-{Oz%mtBGv6V!=L(WWFl zMZIAx0$>H{GM(mNIZqDT>QV}??lK{6KVcNkDoUJeGsArq?D);|BuS1rmD#hq)g_!` zw5cW@opA_NFdi&rPXP7`l8z#2l0l(;KGAjRV8Jx3Y8>kl5x$tzxQW?t>?)83q?y*` z))8v#o%-Qyi$=u?>`j?nG-thO(A+zn^f6a3n^1_9X#asfAfqkHvFv+nDFU`^OXwTK zPL^?lm2E>50rmiT`mPWK^)9k7VyY?b6{f35zJaYoXhv3L-XM@JD54&2F3*=oU{R;( zio}U}0_9lw9>^YR^C!Kd$a372yIi2&7+hDB}h$>@6%{l)J10%aNu3tyJz#&eTX4;Fw^d`6o9XSj7f!ay`Pr<*Zn z;2v#&QCc5{tm7vt53@vWZwg{+2WTwjh1ol@{v~mGp9^Z2TW189)*pI|)bo#4qz!^f z!iaNifkPcyDtiqj&=__{Exz$%lEDkAP89Xr+F(cU{Ncxgj#(8}1 ztkOzULMQ7oDYAS)RU)JrTi&R4u#bZlikA5ScRD8^CK~{Y$fX6`^|o&x(-(z5V0UiW zVu;Wq|DkoZ5C@Q9l|}7LWA83wD?_fiIZ>Nx=-k%$e8!f08Y;(lhFcKpBwUJGwj+$4 z=HU29oFC`V4Mt9~n`Zxci*&HHedpjKc1I9 zBYOOnEdwvqZ;1{HaC7gcPb|_>u?uagk?AHXs1_0HD621fEs*Ietpm0CdzTt$Xdfu z-5M$1z=^zqxJ%dq!DK8oY1+#*;`OzphV~Sgr6kJBy`+BJc(w@?=lKx3=U7k4=FM&ll&A30w`wUT>7+@~YbNA$`z`5KFC9%k2taI<9lt-oJ&s30yGKk1iddi7ZFk1d#{=#}F2%@y8xw|eshLp$+^IIWA4 z+)FE6C445Ro2-xJM#}6Tzg6>C?P-ScT<>uSoZH5Dsq*V~*uCETt*4y)#h31rc$5S6 zQ6Kuu1%Kv2{Sg88rGnaZ-B$tnHQ8eUaW%5F4)X{ts1aZVarpT>a23N8IZRKA@w1N7 zWjKVzFwcP;Ue}(E@d*I3e(8cEYwJ9ea4U&gvbY}eXT?Llptvvn%XJPb69bodzIiwp zQIqUcCTajdME|s9qCVnjBJ8EGujxzC{qOF9EoYo*C=`x$Dx*m8-0g&8|JRAE47po( z+LYn*HP4Zq z*-MwaUX&)rdSEpIDsk|A^nmbpOS6>ekyo5}82uui4-)r0$ zU=o9BCP8t`u<*nvC{Cx9IV(Kws*SWl?BdaAnBttIF$(3ex~i-yQ#MAHxTF-dCw-km zcusaC*@k<+CKQ#EVKx8rV<7h`ZG3k2NMW*kfe#ISG06)i;p`~50}(YV1|l2$uzkU4 zP+YpUFV$Ul2$g*!fB4Oxw(7PR-AHY)NF$R7O2qUZz03d|NQ&q% zNAiR*;(27NMjs<7wY`I26RzuTMERA86miljk@efgwry0qyYj zrGNy1<(w*chmMM|iiwi}>$Woi0&`eHd|SY7(Pp?~*>xU?0&Ms7p_E2?w7;s6x9WzA zYN%zx6Q+Z33TbzHfmly_r}y~uB^^T)5{lE>QJ@c>N(m0>7RY1NE0@s5&gBNn2MU%T zSd08WIc_5$Fst26+!WKupG%!AZINv5bg{%>rSY!h&XcBPF*(cmnH9zB<2UZh~BcAHyRe2kI%H~-#9Uf20> zT}E}r$&OsxKr}tRWB_sbW$VstqgY!+J}^ECrhi;gLKH+@?k$jDga&TgZ@hzRr^ z*(x}AtX$ieK?Gu~tFN!;Px=k<5+Ph#*_fHbvOEi>3;6wnxH=T@Y@k61yMI!3O8Ffv z@!B+$wGyL&3#+HQfA}Sv=2jAK%!y}H%`TbB)Ufcvf6O}D|7HUFj2b^g=4zsA`ocY( z#fSp#kJ{bZO3tQT#thJ_5-gas>b13LAzoP8+QKvk7h3oD^eZl2%I0k;W5IxGcwhJL zO)fT-VO*KpSZdJJIYQ#ud<2ECTw0FscGi8taR_V_kt0chWG$XC_bON^N;Zb5HsIFXJ`IQ*cD0vWE|u1@v)!3FB&89>IhkK9>Qr~p#&;C4r{_*)6bXv)7LGN%or7I% zYmDXG13%xLi7mO9)}a;o79qWxw>xzi@Gk}4KlujO{kUKpx>%+`Nl-zK|4?*pw1TDV zV8J3Jorv?ePd)z0&-Ze5r#FaJAY{nWRtMf1nv6KySVK-OB1u*wXpM|JzyQ?Sr$Hd@trG*o>B1P#zzFLAH`I?05 zo%Wch=Cv*3B$a>p>`8SKj+ps6Bb=Dz-cgtfY-N2p zR@oo-)IX3kVj2MiS|U0nuGTMh0j{WZb(9^zK|ULsjvQ>4wQFOhdgMF~Z?Wi_w-osh zlG1fsoqqFF9@_Op7`QTswG~qCvEYBAti0l`sNaGw^Ga+ z8(ow;a{BWYeZsGaFJz9ItKq+s|Mf!tIO_`C>qU2^$q&@hlOkrqP0Zr+Nc+SJrPjJ86%-5g7=$9C=S8zi^i8DPfHe@zG=QKEvpx|OM~-M zx#Z||wC|FJm{+;{N4wZ)=x$#Z*{`DXTeW!TA(dAxS*-LBn^I>OOwc1ax`EVEtPNYf zFaOD$BnINYei|YXbX(SDOt| zuG-Of=bmNhPN`U(XI64|AiCUg!15aZ0*)uv`Z|+kVrSxdI|t!n$-r zmN>~{?cpex1mj;NN@|L-c*44%+AiZj7erZH7e=W5!rDb0WzbH4G7f980z!65u^Z1% z`^)*DZO`66@YY3)J{_UcTWxL|&ZwjP0Q|Pez7HOwqv1DP*;n9hgwri0j*Ay{KkoYB zj)Oz(hGpc&Io^t9HqF@tJDFG9eI&L(4pmd3fJW5r4*seiB(hsZRbaKjpsHnIphF?o zU68DSVSZlJ8aO00OIhz3I^mtdc0p&{fL{Cvd(YkG>&_{y^ZsY@oi5!u*|;;6A>tsI z;X%LE#N|A&(zS~!1ATn9@IEi9!Q5#Jsr!IoT3&>!a1n@_Qm#a77vTd4vfzj>8V~~e z$=$d{!jvtdoV}PMdP)yjgxG!30G8d7?-**y6bkEcj@`@oG;)m|Oo_&UR>AsU5{t6Q z54~}Te^}#urgPk1xNbL^{uqpP`A-tMe>$9c@QT&~%#Ks^xMLe>*{*`%d4k|EMAnPh zg$XxXsEot4N$PjD!PYzF?JL%;YxdQ*TiXZf$&5~6gm)OIH^7hoxNSfs^jn3gZTJ*W zj@|Eo6^tQJ%7nQ!f*S6&9^+P|J~Rbx)-1}EIAAAH_`?`q@Sg0^Sip z)UHj)r5^8rZR=NIjv34g28df+%9%uDXv(R*&T-=%MDGWv(l<$UqRp-UE3@A#jL`R0 zd?6b@?N%JsJteJp8pq#4wZTYz;z@UHDCIfJyb295h6%;zSkMBvYZFCvxQ@QG7Q^Q0 zS4#Hj{23fZ;~F*Nc2`!Ln4gsq=|tDO6^sxvQb;8F+|? zlK}Ps!v}mTTlB0v3AWK9MhT$?FG@^bk&*dHtrCiku6tFDT`Nu+Vhht!BF>QP5-;i~ zzvW|h(5w{rQ{BZCyomO?h<0j1@(4`BT8j1+C-lxbQC-iV=~Ils^_Smc$F(M<#r6zx z_6Q|?Y!_KsBF~EwUJ)%$a8#xIu8Ek3=E%%tixW=Tj1~Hh6^$zu;&vhGAsk7tHu9LZ zl1loDRs%rg;`?sl-bzvzL=h2!>Yf551JxB}{eF zT<)r1v5~+As72OO^3J=@_B6?#YXlv#hXAs5)8|?JUoi!$({J_l2wa#WQ%l@=*ZYGM z1(9BCS;p8ZJbwY&ZnpostcSb)`|UuE(gWiSj@{J4drAwem1vQ zH(D!{ES(irI@|_bBk9dU53mo4>s=_tYtM7c3C;;N*%a--dG3PU2!zSZQDPR+10H9; zZ`^Y{bMAht`v7+z8t$I_S` z*-*N|%7ILLmhJ-XdLZ=MgFLJ_De_&-*5T5*gaU@B_Rm8qeN3c*-K(YQmr1^q zD|-eUz5`V*jrSr!$&cHUtki~UI|{4hoc8pZVIiFh6F|;N$9?C()qk(#JoGHOZ4IiM zAgyepAFHfv=J;l4?qhepOLW+s%Wc|k1+c-00>Lf(l}B7o$jk_y}?*wco73Vf9#`N>k2$$b7v4~rdLF)KX@XRA0O3d z@gjb;q;8G7y88IHX#|5A-BbFHEs+QM*Duol|GY{;Ooa9yLh!$=*GVcGE{IAwitzl*TSMm!MMH|kG9|?+wq$SpRRlY>ZT^g-Y61!^ z$*06n<9>i}pSO>rYMr@|TsBBys#g7Fb9iEVzxd3uxvoDxDDmm~gyBV`{-YYb^(%ST z*AyoFDAp8)q6JsPkTaJz_(~+lpGY183M(m2IX8bBc0R_y8){_ag|0LgR1LlL*PW{@ zA2uZj$O=R_8p5RAEL4QC;E(_xWgj>Q>^?k5%pM(j%s4Aq@Amu}vQ5PGc@iEmQDD(j()>-VL(3ggYLj{8rR1G;ePgM1p}sfUj=I6LivgAA znb{`I@MvR~G_`_u))f=g_lGVh5%YF?F|PRnjpEp0&`#%Wwb+`viOh34`0d$5+Ih8p z0&%Avv{i0^hWqb5ie>62qlrRUlop^@J2`)4IR*b=`gnw+l+|sEpHzHtTCqrCzSOkx zh1IR|Go|xa&)_PQpz%a!^dSFiW@g+Ca@n8_Ul)$s3M%~ZlT}AXy@U`(t5+8gkz4=D>3dRhAXuw387Ue z3DyV;0a+*AHiVnpP>PkqaUxIeGA6`TWekzU-*$wf-sDH7D0W1u5KW|uN8PvtKM*-L zRdGz&(qjp>R9F?jJwfzl*%vA)Ja7My5EDKt_giJMYF4BH5PhP{3L^2PWCLKPk?p1miK=hAuaChTz>o}Ud#;xcUiMK! z4G0Jf^}Gn|W9PiBSUF}!Wj%{hSwDfL+e2+B^z*{KI24iy>El^4im_vl3W~KL$nha` z##nn(q|9Pvb|k`83PB%xgk+#ZlrSn^P+?SW;jcg3(csG*Y4XU{yZ!Fx4{G*VEEQGv*0w`j3swW_O>*L-Y}%90eIv-CaX}{3dE|4p z;Mt=4#IA(*9VxP2vuYayO*q_5&^L3w{D}2t`OyrIs>8T7d4>?pdR#jXz(}K~;IvB8 zGCjAfozR(&?6%C&z34)|%Y3#;A7n5iP4i8xz|kYaKx>v+H(XF6+GK zbZ@tIlPGUx2<@fnLO%7S-!4|VNaEvrF8Ir$&{PG#t?#r0);P93K=M+n7qm3@Un{>8 zsf7jV8tsF>MxOl&yPN=lt^Ja={EF=B= z{f`4#T+dlgTF=Tz!N}g(%-~=21Lb!OEERO`kj@EuD16JhKk+32B*1Tkta2 zklkK2Vxx-smTJI+phN8Bf)u8`tbwzG5snTIh>;=TDTQs-1c0<C(0x`+E^6>ps3jI`+I*Rw4kZu0VP_kUE z2<^H?K;#RcM!FHEvHVRl9CDDfIMM@&GO-+ggc`?Wxg*Zgm6@VOD{gF*$hcm|5Dbq_ zMVWHV0X$R#*%gr-f51_K6LpNF_?=zrz&OijsIFhAn2Io!N|%H>SD(dnw;yaUW@kjd z^IL`QJoa*e2(@^^liSUiC;rj47DSUiW88bA~)NdJch8k7n5@I^G89AyDzJ8tR z46NLsNGkARaED<@+8lUD3EZA%%87 z@OBhVy+c9k{a<1nHm9n6&>$h-=lFBCgdLSTwVV7!Yf=_lBN?qvF+?*Q?B0w^QY$t5QdHW@ z!|$p`SxV=ur!OGhWqT^@-cj2%4_AXl!@?}O-GkSTAKJ#ZT`~4i8w%huQd)3o)tU|5 zcC98E{G;la3=vhN5FK%@#Z6TY35!=5=A;*j$ht|Do?sYt&ZBo9<<6hYel8aKe|KTl zqgR;6!3wwZ)m{`P1oO)^vR}@$^Q&&A!p#a2pP9|GVfpfxJP4YB0|g}iT2414m|@(T z%AM(C-w~lz6eCq$Z4<=92Pb4nVQx_-p`uC%Z((QFqCKJaBQsIT1}|m( z{e*OyDY-~IVb4A(bt^DuSU+oW5*XNgE|=DP#dwSZYqp--Tv^KMIsicJ7mgdva=z#* zPP!6wLd0Iw33azeW58;nuVvzepQg6xhs~z;b|X9Ci^XN`6s_~&;Tb)H+j-evAHt8u zU15f~&r#uc2e>+vnobJ&b?6jLkm=R#fGlpZGhG@1x&((69=rl0(r+o!cC~lvREnrI zJ3@Y@(CcaovS!6t$nV!xgLNXYf(kp>x7;6&#cce;k6dPdk{l4IFcmMebAt9rnN5}d z4mEY$hIn$>7Sf1CApzV>V;VS6m#xCyQJ>agd=}JDfz#nHWDphh!Fy($A{?h_k7)5n zo$X7TH{=RZZUP^&1%5o?MP!FB5Vlf0`SW<14+tyoH@|Sius|pULc->NL#FQW+n)l& zGhG?CV6(nqBgO))hvJ2DJCXDS25L{?ffhRIoqywzw%ZT{*(0!BaSgYpV1ojgOA7XL zAk*0Amr3ah6Rt~g#RBT_4XaPa4XD+4$G{Ce7ZJJ`W?aAp2K)_=Gklr&^P{C+3747x*0@Bu2_iir)$=xz?O?o=;72UT}mVs6b^6t{x)kI?e8pyDtPI*XW=(&OuHY zGN}Aw){H~#UPY;W1Y=v|dZg)rj22(a)P9bUdwlX8lw}p!4M{b`2!0Yg-ojvfC>tJr2H8kuGp&1VQEAf2$a#q1~snL-9pBW_AxyKTR{{`*M&M*ZZv;YWY){?Q*8 z|JV2Sf4-lBMh*t{X14#yRg2%Yz~F-$?ye|tVUvr#1}n+YLk(*1pK z%Zb`<-QwkXy!QnzGL-tEkmjvEBTqJEYKBmz7PTeX3GBQCE!IiGZ~WU zF!D#bjh zSlL+jJl%On1Zc7qc}i5L`0Qe!`84)4fVZ8Kay8Bkmw-&4fY_wW@K3oT8dgOtFn0Ylz=Kypjs^c2C|N_Is^l~R z4}0V*g>rw7U)}j4By4%I6>2esLr_oih4Aj&;U3az)3(yNq4BK>!Ar}I7Ok!0OQTk> z-!;^pYM)0`X1uu0aW!bLGk9>;T1SJre^r7*@r zygRL`?M}k|z+%DSftZlt4i}YNud0$PWcg&E0@s@lm3w)&eK*XHtDokG&ft0+g4)uV ziXACD+ob9qfp|g1&y1xHAQ8R~-kadfO#<=5jU?EM%p+p58!@|413_T|iu-Fl-cNH~-*kKM_Z9vy^2Ac*%s9{*dv7?X z0dhxFf*`%>x#B{bn9iMt1E%Ov(eei(0!OW1G?ltnr~{W&(v)ngOAVySY(MN z$K1_!0cKg~f?hdM_#kcXy_s z=+R@SaY}aJMIMQJ(*hh|5Av0Y2A-r<(p8^_x^3;&vVX)QK&3Nu9h;MoFwqivl!iX( z0Kwo-=knG!fFfuDtT(buOs*0!1|1}@zK*eFJF^G8l6j7+&dZhVk;Kac(K6tX-vj_7 zYKW%u=bxPlGs zi~u|0p@k|Vl7NE3LR(Z{@?Ytq|M02ByR#m@{XB>oKaC~c|L1bk*K;tUWB%v$=B22m zfN6x}&D@>=trtfVP=rux9tUR%k;wZhDuDpU2;J167>>IcNNo8-hRu+Y=saOH$g(SD z$yaedg>H65#7f&8YJcPTK;OH+nsZdwAg#alm~z{`=bUCU`C;3>?xXbxd7=+xq|Vv0 zMgA)0PlXZakF+&rnh4_}CQuo$XNq(y6rwD^#}vjy5j2#`^dj0Ih91Y@Ub+bj)Lko0 zD-Z+MYV{cMB9vn$FB&L6S52CW3~Y+jDr*%U)M6NON@zBz3_mO;8VRUn0v8|JGHl>7 zQJV1dD$!+UiQ->H(siEwQ;i-?{4t-qXRW~m?!~rFM(hl!+?qLZq=M+QOumc&A_Gb$ zP<1&kae}@fI;>4B(Rn={rySO1mGm>qCo8w)$u+uFJ5q>+ThV3JO=#R6uDuX^%d?o` zh`zNgx>7!;=94lA$=#(I-g1-v)Y(e?l^}{~rcYH(d4V!nZn26?Fv7HqujS`hXCN!y zQ*OIj=+l%I&!o9;bfnaNg)}K7;aIkKJpf{-GmQQq9{N@72#$>^GCV{hMMPRcJzc`E z8YG0xra2!s3<0ZCB`{plLLF;!qWaT0vp8+^rAM#(pHG}ShDT02{@ss`hW4!5hxFU} z441B1Tb6kN;iCxhFrGcMP}*S5bi)|iv8U{R<+i0PL^cVA#zN*@K4W!`O-D@&0I9C{Np znkgI2Z)mOFE#7ij+zvp1vxZoINdY+jf`72}iO~K9VOW(}i}@Qu;c;>p!0h{=n$Yz87L-54l+Cmp4G*&vU+@U#?kT=CrwDq7 zD{{|kfzkx@$6^QbSlL}c+a`ruTMKO|Zpe3Xx6n{WX1~Qm# zZ<*MNUWWGj=5JLVXy5XIqGRe{7It*>_X~%*43r+7QeJh!*}r zH+`e9w;q+4*?UV}e11^Fd>#?J0shbEXRogU>UC`=EoT%Xw; z`6X5ZI0iXD58e6YXt&8P?Se)S(+OLJq~9R_60iQ5j8hg0VU7m*>zCh;a`k`R8w~XS zac`(V+A1!he@Q=eJss&Y`yn$E!Qq;wRYNIV8X6`?#R9$iM^gCU9`>CF7``6?S3(~QRm0UH69!QP}aUa zfWzi3X8ttR=tTl*<$7QZ_AGj;O}1&W>&?ckyUSPRDJtD%xliG$%Kaok8k5SZTYv_3 z$QN=DTrD1>lh7t2#YsXMvdQW{Oy#*bgy<^o?mpHh2RVH3VU`ggz?|L7Ldj{dm%&U< zXSv6QxQ#GU30u_HTVC0FHYfoMk?tJm97JA_r|M#4!Hyp0q(ewsfR7_lBvAYCCfmTm zX(Zpss7kDBXbk9VL*7BMuqs9fP@6`vEUX{rnB`m1VA<)r1b1ENq^&@NqP@93k0ad_ zv{s|E^xWaNF~8CzE70dsD+*8(drzO52(zZ-J1B5?yYe)UfljS^mch<8|KRyqGi3{ zHabhAK<{jF;NX$qqY?7Jvh0{pI`^Joir{waZS(Zz&XB&Ly@)02L~7oFb%Bt}Aq9_{ zp;*)Y$Z;@%EAIiAgolpF8)yE=%x+CCxRwm-T-wH@5OLJ@r{rNF>IpXG9Q<`u7-}c1Z+>NwcbV539pE% zv56GQtgXIY1WM#TU)_y{dv0LcL!kj0KiTEiJMA!CA^Q`vug$hMfYPFoH0-KjN|Eyq zhdVp(uA{wwq}kE>VbRv(>B%}L9#-cb5(DO0_4YzwhHeSLs&|HAw3AeF9P$`P4SWdf zz7~3?iKf;M_Ky*cC(O!wdzk|zJC5*zbz+Iv-0rEGlLOxoh{wgRDCut70$6S&!0%KB zQ2*@iS6N_vsGoTU?2~Lc-k^9>a3sHyfh#X2OJ+J+Z((;(`Jrm3s!oL&O1wwgin#L= zH!GD#)>t=CtJlA;G(Xm@K&=vv&!=&l!_8ca3eW9MB#yV9z8G>B$v1{jhl&1VBX&yG z8ERqX2@+tPBmI_KRzbZocPVe?O0p88iOH&}p`o_Q^wv{8Z7{FMAd=WAbJ$z$X%A+f z(_^kd6th~H$|y$2gK^pnuA4k-J9iB;6!?>*G!{$LPbN0kH8=XjUDB-dN4&YANxV05 zfW6;~N~I#8!qNb*za^07j@;YU^p7B11itK~8q7Cp z{?Xr7P>nipBaONs3V$T34TXGGeVqkB1#(NW7jR9kEjmgEBN z^PS+o0sei2BUB@9@Kt)MAQ;1BHXsi`nnTBc?&Jd8W7Bu)zMvozQofJJ{p6nTZ?82d zb8?4lHOhwAu}$BE)3?91W$L+q{Q?+#b|`-nJPz} zG7axk)skxhsLY%^PvEl7DCfyNr2@I@@ItyrdK>7%Cb5&MI|tw&0@Tywf=znMWUI5V z<&{2yKw&&vh@08vn?!Mfk`DRKqS6K^^L&m&<0LRNUX|B&IuEuipJDY~+#%X3xnA!4 zxsW@6SquE?1wRpy{p)Pl1cP6_QE#dLxzE>(_H_}UV9T5oqdz33>F7xhB!+aW1{rbd zq6+gWnHFQ$9T{Ycoc^L2#e~J8N9CN0+-yL2)n|-#aDGfy_XbY?Y+*XgaWb$y6C~3U zLwEs)YL^*Q`bSVQk$@V-UNbT&AB8OG)I0l$4D!xBTQ@?2mVt2Be3ze)7`pMnfsi=s zxGN~*Pa5Z^Q_v`XTxy81xV0MMzzTm(aw*|bh8i8rw3>t#%$*RETyqadPAM-Y71Y|_ z{x?Z2a0I|lK(cSNJM%_`o0_&e3n!JRT_(@9KM=t)NAo}hsja;h6Pv|~G6r2T&t}>N zNc9K&xA2;$^N=0#IKpzqQdd7)pz_0wtB5e>k-H4juMct)Y2tnSYHKSJrth&Ke8mUa zBs<*9gFwKqcr@R%{hc}ZID)VOIwfxlh9y>Ve6$B3b$qdNpo@d@Yog^Na&sh2i4hzg zXsLrxHb3tD;?AkudkKQ|l4g^4M%9;&J11iL?}xvdLpr?p$v&8J#~8P0gh!!t`B9SE zC9(kQk@B42Jkj}pGWX=uHQCu*72^TqCGkMk8Jt}_9v|@+w~MR$(2ckcv9n5dDsf5U zjqqNA`ZdD##k3O&YCp?Q!@r-5{JEsOv5yyZ@N>G{QKE@g%57T?Swxeqw)TT)^qn~A zdzruFUedLk2IKjtp^?B~qy0Wiq3WmU>s!GLn_E|`u19e+CPik+kZj0#!rU4$!p5{J zG)gYj3-mV(tnXuMHmWd&&s{eK@)cp?Yc{yEBAK?863(4C4XNgp4BVtvr&wI6a;9$E zAZWz&R_P}0RO{9qPN&4N_{vzX<~x)3Kod4(?M*u~Rd@ijuy7d%bA=2^lM)I>l$!cy zI$Jr(T%b}!mt-}(f+Nt%qquXbl+Hgre%eP8A%h-5C-=ss=HU{|#bWijB2i<8Rzqcr z@at0Mg9*YUE|%YA~C@nQmb8x&^?MWjj(QFa+=aj zX>^+F$0I(395wUi){B{a6s5rQyy_XQxG5b1_`V0@;{&(oo$n58s;mPP81mdxYy+!W?8jMDpEZO7df+g(9 zswCqk?9FDy_kPv-5sAjepo#6G{89h@!|Ss_kQ>0h=n|^~CItCV@_R0y&-bZ9=uYl= zgP545R`d4;hl}ymMjC^O^W&$iU}F4(MJ&hN(v{vXx@Qz4Tf zQE7qkAO=S440o-rHuFA6Ju7aGGj==c_us(eTKU?&bRiZqlya2Locf3+4^jVamiR=x zn54ReCg~L+i@LVdrp$ZeHr+7YqDVE-^k}LlsiKRc%kaReuy_XC>Y_`2d~Zj4c5SCi ze&Xz>xt;%4*;#;9wR8_35Cug-I;FdnmXPl55F`%W9J&M*1e8Wvx&=i6B?RdbkQ9*+ zP*Olb5hT7j_Zs(bfcO7x-Nf@Szq4k|T5HzKo;{OLV`yu{Y3jQ+Zf%iMk$d(4caJ;G z$uT9kJEOLaw}baCh>h;IB2WR@WTCqc-?-EF0vAtUPc{emV zlwCs~J&Wj4@N@1EY9k5iJJR@)Oj&QbJf-h!;i_YV=WG?e9{Cue*7_Oep_EH{6pGBa z9>(;Ahmv0UbXD$WhQhw&Fz=-sRA&=^2EED>j(Cg^I++YKp6N_g9F$?$Sd#r3?DGM+HPxk@s1A73Xk^X95a%;DX- z&*3esb^_jW+#|M@MiCVk-zP+P>liSnk~|qNM-P>7c^odyb$`-5I3P4F+qQ?pvUE(V zEa=iQmREGxhtX_~dLHEO$Wd9L%N(nI(L3{aU-IVAhFYo>j1m?otv0(vL4kd|DRGH0NPZ>m_0unu8cpFo z808$ilsX#y!-fm@?j~59*E(UWn!JiJ3Q|eu^u7_JvpRLvBJhn^A={K(+b8iU&VI*^ zD+Ej0r3^;R*i{vF-9@|&>>-bdpN)A~aLB)C=9Xr{WU+CydsY0k!YY3~?67~}i86t@ zHU5Sv!zV~7_i(+(`{?Gbn-mHZ#fei>Pk#RR@)E-#{|VMU7RrlvG2M+HpJND_PRV?{ zcHWO4IWRVQjoP;T-lF_!A5ObIjSWrsmECnAGcOF)*#i4c&L90hd0&Y&A&It9t(uA* z+&}Xpd|8ZS+l2VL(AC~2!yLOZ{p|;PL8Xpz=|5;`+dj_sY!hE?%ST)1rQPOM{2pQT z{cByMQ#sMk(Hio$6R$ z+YjMIq({_BEPdOWjGJX_js6dDP`&yZ&(YQ6ilE$?`%2oM<8FU#MQmt7^~&19+T`|R zJNn_pM$zzKx`2V%C&8p~<=Ulwc;V30+7-`!?m@3xyx8MZNFJGz#aHcA`02|fai}sMPpj+(23e6m z9;d(<#yK~aU+SLE+yfwFl zYO#4};&LLZT8O)oMb&v8N6A<|MHd@R555n3LGLQ?ldZGQ+T4jTC3}|kkcTYRe0lDD zwy>e=`B1f+z7cX8gS_p@@{K_~g!NtDNX3lSX0I?>ou|wWncCRgy40Z3(9W86OIHwE zcb%v%gj2w3>SIa;iIW_Km*!HVp~f9o@-?oK7kS9|d8T#CkV>TsRj$FP343qs68Ue` zRNTcIjXt;Fjvfl$ygB%!oYwVNbekdaFl&Z#QePS;^v=p9JjRvwd;Bi!bx!f$cAkd5 zzpuXWye4p#X$t4cO8YByfpru3c_kadZ)$E}K6(V~Ktg@Oe6%&h%fj8k`S*mhvOSqJ z{y|${tw&W0_e3<0yIcyx;}zTj<(VpZgL~;!xz8?WsNsByt$Y>9KQ?Ols!Re~klICR z=9X4Vk%Yv|kVdC8)wes>XS!nWi0E3fbXDS=MpS4jb+CTU^`x%(uJ!Qu9jr7^W}qZB zuMmfD6?`bVGyiJHMlR{hnVmYt?_>h|%b0|y#yyVb z=^`*a8EZ|RQ83neSkZp?ZeNf9d7$9?q*^J-=13{*QWt_UGWz3A<0od4nyiocAtd7i(XUHL+njZ%L_OCB_L|IAHxf!p zcACa8X(o~L$gWLmcLX&8du8aHQBN$CZ-`zlkS{#D=t&0+C-8J9aq&}U)c=2Qse638-U)2?Yd;W;A>q| zJZ`u!^38L-@%AL2==31|K)vvrFZ|nI%iBJ5Ag9-lSh&k@$#v{2*E;@q4N~E*oCXRV#FJ-$k^_Z%E0B zrtA`JazB(I$$R&Viin>n3*r7qNG%oLB>UwR0$uM1&C@Ac>%xk41C1Zet)uqjg;m_c zJw{YB_9=gRED}Vya$>uKX?;pF+>N9vp9(n2Zg)(leMZ>_PG=*YE7=EA|LoKNlZ6+8-=G2Ha0fR#xZyX3 zN07zD0&TIM=rf!40%k6ikCcsw2aSR(h<<48)!W= z(7G6d_PqLtaLZoQcJ@H1nE#`2mjBh2`~57eX0D58z3ZFoc`|wIS=r8~<4c#8$S8d2 zaLoU{_QBq3;q@zDvgON6git&pJ)8}5Uw*rGQ&~;=1STszx!YCl%AuPkRKkqdFY*P4 zlX|9*b;TC~IWYvA-bi`T<(mX;h^xco@pEp^&TxGFmMrS<8-kcw`#!-!&(fd;+l~*P3AHI%Hoc;L^J?~~ z^_#-fO(UZs>XxW--WIK!m!^Uk9vFY5$8&N9TL@!+Cx~^{Fi3th(CSN}nz+f?zHH7I z>1CbkG+@SNLo2dc|J$bjeY&BadSlRw3JHl{6bb1fsDrz+g(>v+Vp?!0sMheX*nDql za$=(Ft?RdLy+*oVDtBEixD6*-1P29|5LrFcBK9KPRa46*nnI@4pW!I02D2gI3P>)c z7$ajN90qokWiN+HD+4BmHun4cofzVx^%}4P>O9w~Kj;0Ug-Q3ut=0LHcL`Ud zNsD+t$e1PkHY3HySgn8AZof_i%fM;loZ#|Bl1Zj0Z zJ!tt%g!)GJG-6Ymr=LIzk}?(#)l|zfjm7= z9}(Eb`EzHUpN%|w5X<#6oN)Q_DPgr%RSc6NBPR|D#RNUs=*ldv64g9%d z7}s!h$2X2u%H;6UIc)v#A0EQ^sYZ*sU0RnTR@Kkl(KOcFalW!akpSwimZ*?zl^TN_*R8;^EbkJFRO-<2^ zMSr5u+q(=+>YT!lV8oMOc;6sYM}1*mko_wOO8ap3Qx+1w#-tKaRac0Sed3slf}4Yb zz~wT19IRpM4@Ghs_BrjTaWNs>pF5p}ylheG6bY4hbI9}9c_9`)>goJ%-`s4CrSnT2=Dho`MSUF?bEXQpUKxs{)P2Iq6X zwLsbDOXOIqw%=lE?utA!Q>H;l!rMu8{_-}`u4y@LQ*vEOK=UFkZdm2{$CVj`FZ_(> zl<1B7r;>><8QZm5i*-ZelCKK;lw6doGNDAas=r6f-*0S45F@2w$CLGdi^tkA@`5D~0z&wJ*`Kw({5U zmgCty&Cth7C3Hk*taLQH%6sM@WmH~;O8Wj|5Ar_xo4xn%p~erC^{rU{i1eSfa~|7x zb_2pDNIOFAFduO9sl-f90pCNp=7DsvCxXc&;u}}uCwgyF)7G&*+B4-9=biMbjLfI- ze`z}zW)r6%bWe`wYiM?u`?SEz4V~L|UshGAptkK>BQi~x*&|G85@aR`1N@ibGh*%)y9q9d6FzI3W0^;POirj7wvRgQ)Y)v+YR2U zj8d|@?Jo%!QmC4Y7T>9Vw&=EtG7cr3b=c*{eldK$c<2ekSh14wvqecE>ypl`a%IZS z*}g538T}gAKF_&c;$4;U zMCI8qiZ-O=uI(ihMWVNt_Sr5~5q_`@OEKS+Q19(*TGHUf%UnjvmowLt6mV~Ry6C_A zTBm!6yurY+M04mugV3-}L6Q7x;Q`8LZlUHST~^@|DlfFNdoc>C{^7T(WCksiIk`$m@E-8bo1Zww1VP z?deqJn=XFBR1=@hVW%qQt(_kp8WmPgsVAk7u;++-q>fhiL0EoFxO1+xPU>Z8S=9St z^(`|w;ukwimpN8^I!izDkcWQ|)_1yPPL2MgTwAMk@50REARlcb@yT4mO2VgA-Ylxm zy+h`xaw#U-v@!C(Gmti!KDN~<*|RO}LBo$E-fAYHOcnB`FYtdDnkoH2!1L9YO7UB+ z=QR87mBQZz}*BawV>pf@*kz+Xh$ccwYlG@pm-Peo#L@g1sJ&s&*>vW+WcxL_yd z3A1%2?Bqn3?+oq?UTKq~@#8qo+2Wb~E}Q*9*S&A>FmP~>=~xv#$G-i@$adfM`NtXZ zppVs6V>C~%sir%XU<}>mdr=%=?-Moott7(1J*)=*(m?~=^@bX@Gtsf16;P^bjBW&3 z=Y5;IXI{eE`k+r!_q}jR`+~3L2i$ze6)J~Ke0SbxP1J%OCE^vc)-y|_`9WeyfjFXP z`t`1;u@1$rUXvFk>FRy?Dk8j08MCra0mr-M9>Hq}$A!CR_|LGK2My`UXNtz7KfV~6 zlc^O-YuC(MRikplsibs?uA!z;hu;G?YC!%%5MSPdt&p?*dPsOOW42`DMh--S#GO*P zy*k%g3LInK7MhhzOH@+JF;kx}CC5jq97mXuou zvuU?O@S31!VkAjP2W!A~Y4n$5x9QcELZmP!qS5onV(+`3F){?Z>0rgoriYMipzJnl zFyW?bMU#<#OVGkgdm?Q^l`V)LCNXeb%7d>hp*J?7aP{JId-oElJBu_oipF=lP`bGx z(l@IgI!b41T{k9VN^r`$(yeekHD(MmNbPks*11^jO!`}&r%5B;udx(pnMgcUni77> zC_1F0_wZ^8I^D9Qyl@k;2>HF?rATAEds6Ob1&pOUAs?%TzfDWEk%q>|y_7MNEq$qw zMW5p+bzTY=d4J~uSoLPxk0q(x8G}r$=~15fuEwj78^@SZp5bYG6VI6kS(pa73+GH9 zYfW``T`1L<-_X`UPe4lBFdk&Dv3d8foYhNsdup^*7l4*iW>@b z611UL5#@6NZF&9m+X^GopV5sc$fG1fw7%G1knd<6s;sFc7erwhk$92uB(!q;-skM8 zUCW!K=PnL+6jW=MG-q>Bx)RE`SKwQcO;5jU&~5*S5+p@uKrzyV!QWau9mkIKCJ@yb zMdxSH>P=r;#sw7B^SK1F+P$AhOD)Bt32d#M85vM;sPLm5Q1^Pc%s-$MT4#Q58KApj zrhkp%{Mp%dJ2Z9&^e347H=CfSmA6(arrDmBT^3jOQ_jAF@f>wT$0ma#f$^b&mV1?> zVG(04l+2juEoEWQoq7txv(nLxcNw8+E#J)!NrbNNWf)yyaU_mGCstTIOQx-Gs~j4y zU*`1Pf$IF(o8!5of&_C?l|HuC^ctez^kgl=)r<@3qA~Ac&q0)@aJ!8msOBaa83d`GQA&kiHp?vPV!*^8nK|=uCv8>c@m_z)FRplv%~2i?~Fz(JI;68Tr=&CPuD?ZV~v&L!7x$T zYTFCIeZ{T_ju#pixRd3kIe$Rxxx~d!ujspBnk|sYgdcO^D#SL<>M_#z05g474>fHk zWu#c#L|xpBq5U(7?{BsID^lI?#sbGNam}TeFJVSa$Cf`u?V}X6%Z}?;xOyhe3yS_! z95)J0gZ}Cdv6>mD<+vceuY}Z>P|B{W7$(V?>v+W_#Rh#?=R&DSjW7I&qM%Xu<9@IA z;*Y^|FLK;}j8NBWJ<>}K-!9{EaHH4!%H`L9rHED#JvUMw5||}me-l-6`%=(cVVXAM zls}EU$A@puJY_09j>^Td?LI8QQ`jTl#@LI-qUAzd3bqz78cf>5&M9>kV=!7RVw)8` z^LQ-SqcGg<<0;c_d)?YNPIHRuLYMnG)#ZrkJH`$KhA$QvZVRq-^WMUJ~Sq6 z&0A22#EogCayixybK3gGGh<4PNJn>nrU0{n{vIuL-Oa8$*D7z@+w_K#Ti$8zt~5r! z`UK@CE&3f&+(-gV;iMR;;`buvhd%qrPK#qX9~LWAv|5J>HZ$0v>@0#NoD}_?1HBRQ z_Xy?XY20$Zyxo4PK_auo6La&@>Y;f=x;dTta*ZA?2m1vhhUY@Bol^{-t!d%(i}4LN z#J(nfUd~yQP;)@?r6csfCNF1ZV#@HM{V0=Z}bMLy>aS3x3aW+Wu*DMS&b6@ zBhuKyiJ~isf|)lyTBI6N=(!cvYe9#R`%8BsTYiV0{t2`i3B4cSg zWAW<#L0bLm=V%B1@+OxCP2L(vTnG%?6_pS!PSE!WImkMBeG zh7w&1DGheED)SdUZ}IQSP!1#>gdRlp=qt>vQYWlZSO4tPs|l?m7#*{!iVYlUUfg%< zxIKRzT>za8t9SI;yNM5U5eH{uAZvkxFNm8b=e9rPIZCxgr{cI{*c>Zp-8-;*_Q%i#mxsIL$xi2Noy0b-r*1NAGl5$ z&9H8K$q@~IlvPiE(4~hbWEW+*ZUJ+SLe33!D8X%W=C3+ z?kt8Ex*lYZ`JeZ7NR4McsM0>1`}ti>JWOnAN`Y4KjUSW1OXWG$UVh3Pb$b0B{p!1= zS``oSQ6atH1l<7A=lJthD_J?7gQNHJW~;nY(%lK$+UE>?7nA&Z7k-6!tmyKalASbr!AVPRBx=9Vl6 z4xctFq0$gWi07-WzJiy8o zB*_gYJiyPbCdut044}yMCdu7l-y@e}ghUfod~K%E&J)xtM2oVwvdUEaQkO_r`L+77 z2^qJ0`6KYQ{95y;>Cy_RmQOe`Dju!Yd3nsbwx%(G$(K7W{oH!{JPO&xJ3J{x5WPk7 zN|I53(|fA)6w3`BG{Z@Y+@ zdfZ~I6s0n$s(ihP6m8F;i~MmyGMQ>JsfWs!yxhVws|*v&$pW^7TZ z_memHEJ--6Yu@_k z{-3{r=Er-tOhSz^q#{;Qe~3c7f$=l-=yn0E4HJd5IH~xoHC;kBZ`=hNQG)3^ zc|xSB=TokeEeecD&_mCsU)MF8bLWY1%)U|+!O*Xga#1D!Z4S?a%LR*Dq#iqWEUAfl z#e<7857p?c`h{1;8C}E-UY{up4;`T4$ZZwAY#KIIkS-1a+u}pXMBbDi4C@KHo zV%>SYaTH=>6ePzS(n)#KfTX1#F2(a!%uP=QSOTI*cdmwSyu;U2Qf5iST|!qVHXVB0 z)^ETY##iVnB-vB&!1la@M#0-;7A32at2WQal;(>Sts}-1=1YDq&{RfoX!rF)mI!Jj zUa9C7doI|1W4@77pT9ih34PVB$nRA%_~21M#e}9Dzi(ugp)ljy(nloFS}Tr;&-xN# z>qFEFWm&$$JNF~HI1zg0NT?ek`nuF@w!`KPec+u28+)(!LK zK24jtK3$t4A`VpZB*s1?9oZSAd?HR;Sw#1#p|6RhIZ4_Fx@AcA$CKor5ICNUR>^yJt7D2}c&kQT(TP}j3(fq@D;xWKG17N~AKGqgMY>SFvip*YeV=H7^ZIA; zS;%gO7v>88t!(~9%~}5n>;bE`_O0r5f-#f9#5Vq|gmsF61|!`1X6an4s{P1%MlrU8 zGu@ZzF!)FnL!ovUXOrJ{g_K1k-97gJ+v+Tvg(M%R@96bqbJ8y3?=fcs!uIWBF`3yi zKWV<@d#hI^K$aN&xs9c&JR<73u&OhEZ)3HHaBcOqZJM}HpVd#3#67`u@6+1-JJ1A` zRx#ptsP1;|j8m36y(N7u8?DO0S+pGIA{VgVe%7jRoez7a@oPfnIw{)Q4Yi_ma%^N7 z%oLk1pG`l$@0RVNc{7C?88tKAn|CiR(;M^{cwzo8BhsoVvUs-HT9R&X^yh@hZ#`rE z`jjzJ=z4?&SmRc==|H# z_*oAInz3{%=k6><*>7Jd$`gA_;?pCX=XP$;nNxSC`9p)UC!kq49QYoCx-F2GIJkcN zXu92#FOBA=Nd+!?aNcSQzv*7?d7e!Klkd^l&QpBG^o+_1&OCjo!1uxIUbj=dfl}dIa(!WlgpE^Wt0Y8s&19 z_FWsXvx?{!ZmVo1H%fN6Z%;y>A~V9d9;sl$#gX#SO^Ds%p#^sG$H5no6hk)}7^{@) zENsfX@h~Suqb9LP5to5;jUls5>=$Fpm_%YoPy+A{_ZY^|fhP-b!bIcs)ply(pLq;O` zI@u4e(i(%8t!f*uZ6fpSFY)b*Je9tNzC5B=DrEEEwxah_%QN49605CX5Kv;IM5*L5 zj~-qf|Nc&mgJ^b-?Q7C&{h6+07Evs#Yb<5A!uN^ar)ap)ZW~p>k-raRQbJoWx zo0@`v>9zxl5<3QAgnrqZO^1R2X>a58$j24N4+xjAXg)rwOe~9ajG}=K_#?a2o1zbF zKJY;Ds1PA|n=B(JoW9|8u0lADVUsPT_cKqZ6)km7*4=2Prp>}+RS6;E>+_ouHL*nf z-|F=2e&R3W5{?nB5X)JKb4=r9*3R)baN#Ces|UXxsbH_Fsp`mzfIih2op*IW#!goi zNv~Xi8l?&dCL>X}oUZe1je+!_Ss^4l+aTfD6?1VVt1W+F=t7IV(g|1-R0hYs|co*Yc8pq~(ct#2SGk@R0DQXEbxa zWKE>@Irj<$b*q>BysOF|MIl){tFPFD?Wl#W%Qjfm#{~Jki=0&Xq9_0A^#Q}^y3#!_ z!Y^KYm>+xYan2*XGF;FT#qJQJ>}WvJsg73p9C33nBIuy|)=0CEMKY z0>#SxD~qzGP45U89FZ6tQ5mX`@je_MOYcGHao%?1KCE@-n>+1Ts>)b^h zE(2yxmnBU3(+SJulc&Uc ztsUMJR`WPAV{M%M!THzD{IA~zt9fDH_u{1J*`|(~QjPn8EU=@3G%JoYOMPobef$Y! zbGi?|ggI+^yDxaz@#*SEe}mf?do!VW?IGc6Rw@hi7>J_Z-?GTvvi2PuOV@jgIl=uR-^CTYIdJuqX5o3HhmA5 z#x>hkhS;apNVeG~o>Q#TY#ZOeBc{%^TDV*g>pXSmv8ev&#=&xx`U_F?C-R~P0m(f|3bfxU<^w%>!7{3v$Ebu-3gH4RF2zKvJ^npe!(iPVXw1YnA zPT-c#(yNTihAHz?lC_3K!y?ZD$1HrulG*xd)5qRazoY1$n4fz%-u^k*Hn%`A-laHh zwkqz4^t;Zj)|(35Sy9ljbk~P|MHS)})HO{r zoSs-{WSr&WqW5jiC!yU=i&CYyzRp-MZ+)|n3~3A_QBa;g_0sGGZ;tVGiKU)|mtQRV zFR;vdzqI{{JbWN*()SZdw=r&uz~bzjd<8E5Xj1T1C#A;ZcQdwLY8nJjrdiUz*0^XL zO!3_szpcATliRFh#rrvs^BTRkDz9bp^ssys4$b1hN91RD&$gskF+UL4=P}NsPPm#! zMrXtZ$B|xwmOxUzSLA=YPy^9a_LZ^rV@hJ#J-?!_{F7~Aq=#pvAm#hdOv8quig})u z>P$l~@B{BkR;D5INCgp(gDjW!G~QT5iihc2_5j;4WMxHE_iuxFuX1e)&Q5Gp=I<*F zQaRlqTY)I2;y^KaQ@*}zN(79 zm?^Po7^q0R?RZ0b(0I6FB-8Ney9yJ#F^Wd5WNqt){tDJ$$4-sGfD#)k)QOoF`THt^ zwznO_3Or;yZ%SJUH;+DnW_8MS4DIu!YK&^HSaNu6aUC=U z7yNkB%QW1qQ;RcehlIz9<_3+mrTdESZiNda8*3^q-f+L*U##<5TenHO)ya@eqlYR`SONsD-Kmqf%GbvyU*-}f(( zkYFn;z@mgd7kC8|Nm*J;oLyc;hSTlejlYhrxKS|ZddC6&juYHs$Ns&WyCa7q1j^y& zY{TIQb`bjo;`q;QVt;o->E={;S0dN-rnBE|9b<%*qXV_yI1CaN5LR8(SR@Te?kwUc zYVDLxK1;tNZ3Nb|Afw=)0VgPfs~5a<{?8A;zMTK_3l7qXIP8}{Rry;C9jONtTOC{G zxC8#61l+K#JAPleL9pFH{}fXeSCN;I*3{xqmiaHC9T1jr`H2F-+IkLflJnmWMncLB zng9d~8>@fU6#lmuYzGi*U&rU($Vf%mPuZ)-e=bFO480I75)!)1ze`wt3!NME_|osP z$Cu1VQ0{gH`<*nQ9W9B&i-ctFC z`F}vUK~#VXzx+#_PXl7^O5mAAoch zf%%ZZp;!zMP^al^V2oqUBa-~}NyV7surh<;zWLGex} zvk^51v$$8IMaXY}#l<36T%893OGR8+`ZVpO2ZzpV1DFwj(fpPQe9sMP^+JG|np;EY zBw=5bO%X!Lze;>+FqpHp}m8g8HqGq*Q&b33ZKnQvw$U4VoJq@;!; zCIuW%Jk^BD7ovSOfq?QLk}$*JvI39CsX(kup*9|nQ?Y$QI{99tNJx8Ek&u8P{<(64 zKHNSQdwgYsFfq><1Fx_FJ_~4nuH2yTM+g{un`0dn)?t#C5N)P{(lEurD~&1#f#c-h z4D$*bC&%ML2@IFQ5~~XV`VRx0A$%y=JryVI2zB*FtSJoX*SN9{YX?Kn4)CEaJMR<; z5n-^nN#fQ(1(Oc~~EbFzURBN+^~q^ip21YiaL25%uykio$B4pNdZ zlcoFjo3bOs!O79a{CF8xx$i9w!{h_u1-@xnN{`1L&xt#fnU{buKt2Q?gZZB#aFldT za(-AO!C}0@-UMq_&<^lwtEfakofb)84Qe!df#(j8OC87s-#tHnfe6!-cXW0?#^YgP z@s_H#vH`K$!Oif;1z<7B<<&7Ha2DUMP%L9_YIRI-hcQ{MZN9t=cu&9$->B2|r!v)C zouE$UPWFh60mG`{T!A^LF5ICAAnJ-MDiz-`%6u_ebLBNDJ--h=`Nzx9^Q18=V z2`Vd#$^eE6VAOCeNivQA^MXPgEg%*r*c(i?ajM?@-+c+J zA0?hrYh&u0q-{WfT%hLgO3c_oz&N=&m_nft3oRRm6SAf;#+~P6pnq5cqo&KhH3+`v z2IcM?#mTCvo@y+2-`V*Ofm|~a@2GG6L_$8|5V8<(D23^t%|nl7Brl%^Udx7=3BbYI z-Gz%sQF35xuX>W*!F*o0qZ&sWfUv>P7T&EEaS&h-Q;XlHWgHc1(e~L_SkN2*HyfO; zJjjl6}Q& zTptjr;X@R>#K+t4<8~RAU|_$=Ah5t&ODiJ+Pg6?eq*j5sZw^ zJxuLwEdI>_q`k}`&L?}WETt#51K`3E6-Kx^U*kN1tEHv%KcILUi8^)wY73xDaL^U5 zlb~Rv@;|7zZdwQ52l3txjIH1YXpgQOr2<=$0GkaS-!4RPrf74ZUCx1ap@kFAT<{ps zzs*8-N|X_w>^|2B>iPxvAbfrhE_O2T78bUKAr6<(U?d`2Ou!O3-w0+C`n0G@-$Q)uc5_H@S0yS7}>&y znM7R#)Ui`V|Gr^WHn0kX%*^@{xdm5=Ff4L1P-$6GG-$!(M zAdpV$BVZMji5O(524cw|h_&y70Mj^4ECva?rdnW|)xaO&oA0Y10_jxS{Oa&RB?t#h zYEvCGsLz22BvUu&as3vo|65-l^mPDz-vw5LFcXcy0i#q?s}sV^#(QBpOOPzMAxsZS z9z>mDpf-3rTfjO>RRuQt&(uAg>Ir!ij40I}`oR^1 z)^!kp;1#EO=|m!8m0|6vbAI4u4iGK}bl31b;~ohD%GulryhncQJf-+m2KrIJZ~z$u ze7^LK9FYS{5l@(^kW-rwt_1prMSJ+VEl?i?o#NoI=A^IqDVzjkvIAZOAMQtK5l|nIxnNdp`bc#<>1?7*DO zE6W!sd=JDN_;KrbPDI$TbIh>X1y%W}!DhkdfK2eUs}(@Noalxy64sRKH!7g`iR(nW;L{|UBT$}c-MjC&wS>5+5s6?n$nE5ZEptD^v~L3IcLei5@FB<5 z<0uO_(#b=#q08M4UqKbKftkRE9E@AXfKKvAn0uQZ60SW0U0N$h!{AYT!3ZeTQy;A| zzsgw!c?ePtf>hYxK?J;6XsVr>*l+XinXkcuGswc=r9z89Kxv#hXpNfEC3(xt1w9!LNF>60M#4xFf?$n zx9;Wf|PcbQt=%4O;gan0{h}tLD}l1QrNxbed4m!8qtZT*1TmlLni{%=E@OAY~k+LP(N_ zj)NXA8ry#43NZ+~kqFhS`*a-Tq;LsSS-(%$7!BwSI)K_hfB)yo4Z>MPU}-5K3Iu~l zsBPAUgC=wY<2ZQNwAw^~=xLp7Tl!xr=%S)rk-KTnPi}%7I4FRyx#!=)5#9vXyXH(rW~`t3kIvM9Ath7 z>WKpsNBc+bu+&K7@MM@442#$bFyKm;YaJzsYp`QkxZr@yXU-hyuKvONBi)~$PN_RA z+C3N3aBT(wDvj=F(>y$TA{|jsn7PQ*G3h4)LC*ubqlXhTo(KU2CW`4`>sn5JxD7)> zEf^o@fxfjI3_amTpN^!*ArS?G)zJ+dqt6xe3S2Yn4?+bGPsNov` zgSX`p76h2osc}tgfMa4EC=B-a6CPy&9-6@?BHAj7C%FYoQSOZ>WGes@0OmB{JHP0w z2&n(;UUf8$G%mP!I}EhlQ*gtNSSp2%a!!tkFp1`$h>D6BOvI)w*kM(iAY2< zgE?wxx!E-Fv7t#$4*_N43i)5530C7|1G=OoV7h1s)|RV(l&N=x_aqa6dBL~bYmH+7 zwG6rhc;$5(A4M5BIYQ`QU*y3A>&Z_n-;WL0z5o_C1rk!G_E=>Oj zLLMK84Dd$ClyIVOQgUkUW{Qwwp7+9#cIlt01A%*_fS|w%C#qu7$;f}!rkozZGUqYd zVb6aaf#&9e1LJ{2<^)Abfw}g7gr(E`C!L4=Zt804aKfbAc+DYH0_fu$=uzOKByZmT z{*0pr@b9xUybpzz{-EvDK?VZvPqhW7F*R+h98IC_t|ts-TAzewyaA(cKahgMV*?+b zhy~gB|F8(k59r@kfR=lKmfP-2 z6(A=0h<*h+i(ePaud=~t?1(x1b6WfFHR}I1%hB`Ne-m3(|l|6cn?O!hL zo8#m{PK{od#HF9ZFb_l%D2)caSY^b;A!?b~~ldvw>`zg*_k zlVtnDh2MksDEjE0xqs1Z{|7YO4!TFtNB6b;i}qjp-%`Wva{FI2tXDg_A3R$UoVQODV_y!842k* P`1g|+blL!kg!KOa 0) { + mTrustedKeys.store(cur_rrset); + } + } + + // ----------------- Validation Support ---------------------- + + private SRRset findKeys(SMessage message) { + Name qname = message.getQName(); + int qclass = message.getQClass(); + + return mTrustedKeys.find(qname, qclass); + } + /** + * Check to see if a given response needs to go through the validation + * process. Typical reasons for this routine to return false are: CD bit was + * on in the original request, the response was already validated, or the + * response is a kind of message that is unvalidatable (i.e., SERVFAIL, + * REFUSED, etc.) + * + * @param message + * The message to check. + * @param origRequest + * The original request received from the client. + * + * @return true if the response could use validation (although this does not + * mean we can actually validate this response). + */ + private boolean needsValidation(SMessage message) { + + // FIXME: add check to see if message qname is at or below any of our + // configured trust anchors. + + int rcode = message.getRcode(); + + if (rcode != Rcode.NOERROR && rcode != Rcode.NXDOMAIN) { + // log.debug("cannot validate non-answer."); + // log.trace("non-answer: " + response); + return false; + } + + return true; + } + + /** + * Given a "positive" response -- a response that contains an answer to the + * question, and no CNAME chain, validate this response. This generally + * consists of verifying the answer RRset and the authority RRsets. + * + * Note that by the time this method is called, the process of finding the + * trusted DNSKEY rrset that signs this response must already have been + * completed. + * + * @param response + * The response to validate. + * @param request + * The request that generated this response. + * @param key_rrset + * The trusted DNSKEY rrset that matches the signer of the + * answer. + */ + private void validatePositiveResponse(SMessage message, SRRset key_rrset) { + Name qname = message.getQName(); + int qtype = message.getQType(); + + SMessage m = message; + + // validate the ANSWER section - this will be the answer itself + SRRset[] rrsets = m.getSectionRRsets(Section.ANSWER); + + Name wc = null; + boolean wcNSEC_ok = false; + boolean dname = false; + List nsec3s = null; + + for (int i = 0; i < rrsets.length; i++) { + // Skip the CNAME following a (validated) DNAME. + // Because of the normalization routines in NameserverClient, there + // will always be an unsigned CNAME following a DNAME (unless + // qtype=DNAME). + if (dname && rrsets[i].getType() == Type.CNAME) { + dname = false; + continue; + } + + // Verify the answer rrset. + int status = mValUtils.verifySRRset(rrsets[i], key_rrset); + // If the (answer) rrset failed to validate, then this message is + // BAD. + if (status != SecurityStatus.SECURE) { +// log.debug("Positive response has failed ANSWER rrset: " +// + rrsets[i]); + m.setStatus(SecurityStatus.BOGUS); + return; + } + // Check to see if the rrset is the result of a wildcard expansion. + // If so, an additional check will need to be made in the authority + // section. + wc = ValUtils.rrsetWildcard(rrsets[i]); + + // Notice a DNAME that should be followed by an unsigned CNAME. + if (qtype != Type.DNAME && rrsets[i].getType() == Type.DNAME) { + dname = true; + } + } + + // validate the AUTHORITY section as well - this will generally be the + // NS rrset (which could be missing, no problem) + rrsets = m.getSectionRRsets(Section.AUTHORITY); + for (int i = 0; i < rrsets.length; i++) { + int status = mValUtils.verifySRRset(rrsets[i], key_rrset); + // If anything in the authority section fails to be secure, we have + // a + // bad message. + if (status != SecurityStatus.SECURE) { +// log.debug("Positive response has failed AUTHORITY rrset: " +// + rrsets[i]); + m.setStatus(SecurityStatus.BOGUS); + return; + } + + // If this is a positive wildcard response, and we have a (just + // verified) NSEC record, try to use it to 1) prove that qname + // doesn't exist and 2) that the correct wildcard was used. + if (wc != null && rrsets[i].getType() == Type.NSEC) { + NSECRecord nsec = (NSECRecord) rrsets[i].first(); + + if (ValUtils.nsecProvesNameError(nsec, qname, + key_rrset.getName())) { + Name nsec_wc = ValUtils.nsecWildcard(qname, nsec); + if (!wc.equals(nsec_wc)) { +// log.debug("Postive wildcard response wasn't generated " +// + "by the correct wildcard"); + m.setStatus(SecurityStatus.BOGUS); + return; + } + wcNSEC_ok = true; + } + } + + // Otherwise, if this is a positive wildcard response and we have + // NSEC3 records, collect them. + if (wc != null && rrsets[i].getType() == Type.NSEC3) { + if (nsec3s == null) nsec3s = new ArrayList(); + nsec3s.add(rrsets[i].first()); + } + } + + // If this was a positive wildcard response that we haven't already + // proven, and we have NSEC3 records, try to prove it using the NSEC3 + // records. + if (wc != null && !wcNSEC_ok && nsec3s != null) { + if (NSEC3ValUtils.proveWildcard(nsec3s, qname, key_rrset.getName(), + wc)) { + wcNSEC_ok = true; + } + } + + // If after all this, we still haven't proven the positive wildcard + // response, fail. + if (wc != null && !wcNSEC_ok) { +// log.debug("positive response was wildcard expansion and " +// + "did not prove original data did not exist"); + m.setStatus(SecurityStatus.BOGUS); + return; + } + +// log.trace("Successfully validated postive response"); + m.setStatus(SecurityStatus.SECURE); + } + + /** + * Given an "ANY" response -- a response that contains an answer to a + * qtype==ANY question, with answers. This consists of simply verifying all + * present answer/auth RRsets, with no checking that all types are present. + * + * NOTE: it may be possible to get parent-side delegation point records + * here, which won't all be signed. Right now, this routine relies on the + * upstream iterative resolver to not return these responses -- instead + * treating them as referrals. + * + * NOTE: RFC 4035 is silent on this issue, so this may change upon + * clarification. + * + * Note that by the time this method is called, the process of finding the + * trusted DNSKEY rrset that signs this response must already have been + * completed. + * + * @param message + * The response to validate. + * @param key_rrset + * The trusted DNSKEY rrset that matches the signer of the + * answer. + */ + private void validateAnyResponse(SMessage message, SRRset key_rrset) { + int qtype = message.getQType(); + + if (qtype != Type.ANY) + throw new IllegalArgumentException( + "ANY validation called on non-ANY response."); + + SMessage m = message; + + // validate the ANSWER section. + SRRset[] rrsets = m.getSectionRRsets(Section.ANSWER); + for (int i = 0; i < rrsets.length; i++) { + int status = mValUtils.verifySRRset(rrsets[i], key_rrset); + // If the (answer) rrset failed to validate, then this message is + // BAD. + if (status != SecurityStatus.SECURE) { +// log.debug("Postive response has failed ANSWER rrset: " +// + rrsets[i]); + m.setStatus(SecurityStatus.BOGUS); + return; + } + } + + // validate the AUTHORITY section as well - this will be the NS rrset + // (which could be missing, no problem) + rrsets = m.getSectionRRsets(Section.AUTHORITY); + for (int i = 0; i < rrsets.length; i++) { + int status = mValUtils.verifySRRset(rrsets[i], key_rrset); + // If anything in the authority section fails to be secure, we have + // a + // bad message. + if (status != SecurityStatus.SECURE) { +// log.debug("Postive response has failed AUTHORITY rrset: " +// + rrsets[i]); + m.setStatus(SecurityStatus.BOGUS); + return; + } + } + +// log.trace("Successfully validated postive ANY response"); + m.setStatus(SecurityStatus.SECURE); + } + + /** + * Validate a NOERROR/NODATA signed response -- a response that has a + * NOERROR Rcode but no ANSWER section RRsets. This consists of verifying + * the authority section rrsets and making certain that the authority + * section NSEC/NSEC3s proves that the qname does exist and the qtype + * doesn't. + * + * Note that by the time this method is called, the process of finding the + * trusted DNSKEY rrset that signs this response must already have been + * completed. + * + * @param response + * The response to validate. + * @param request + * The request that generated this response. + * @param key_rrset + * The trusted DNSKEY rrset that signs this response. + */ + private void validateNodataResponse(SMessage message, SRRset key_rrset) { + Name qname = message.getQName(); + int qtype = message.getQType(); + + SMessage m = message; + + // Since we are here, there must be nothing in the ANSWER section to + // validate. (Note: CNAME/DNAME responses will not directly get here -- + // instead they are broken down into individual CNAME/DNAME/final answer + // responses.) + + // validate the AUTHORITY section + SRRset[] rrsets = m.getSectionRRsets(Section.AUTHORITY); + + boolean hasValidNSEC = false; // If true, then the NODATA has been + // proven. + Name ce = null; // for wildcard nodata responses. This is the proven + // closest encloser. + NSECRecord wc = null; // for wildcard nodata responses. This is the + // wildcard NSEC. + List nsec3s = null; // A collection of NSEC3 RRs found in the authority + // section. + Name nsec3Signer = null; // The RRSIG signer field for the NSEC3 RRs. + + for (int i = 0; i < rrsets.length; i++) { + int status = mValUtils.verifySRRset(rrsets[i], key_rrset); + if (status != SecurityStatus.SECURE) { +// log.debug("NODATA response has failed AUTHORITY rrset: " +// + rrsets[i]); + m.setStatus(SecurityStatus.BOGUS); + return; + } + + // If we encounter an NSEC record, try to use it to prove NODATA. + // This needs to handle the ENT NODATA case. + if (rrsets[i].getType() == Type.NSEC) { + NSECRecord nsec = (NSECRecord) rrsets[i].first(); + if (ValUtils.nsecProvesNodata(nsec, qname, qtype)) { + hasValidNSEC = true; + if (nsec.getName().isWild()) wc = nsec; + } else if (ValUtils.nsecProvesNameError( + nsec, + qname, + rrsets[i].getSignerName())) { + ce = ValUtils.closestEncloser(qname, nsec); + } + } + + // Collect any NSEC3 records present. + if (rrsets[i].getType() == Type.NSEC3) { + if (nsec3s == null) nsec3s = new ArrayList(); + nsec3s.add(rrsets[i].first()); + nsec3Signer = rrsets[i].getSignerName(); + } + } + + // check to see if we have a wildcard NODATA proof. + + // The wildcard NODATA is 1 NSEC proving that qname does not exists (and + // also proving what the closest encloser is), and 1 NSEC showing the + // matching wildcard, which must be *.closest_encloser. + if (ce != null || wc != null) { + try { + Name wc_name = new Name("*", ce); + if (!wc_name.equals(wc.getName())) { + hasValidNSEC = false; + } + } catch (TextParseException e) { +// log.error(e); + } + } + + NSEC3ValUtils.stripUnknownAlgNSEC3s(nsec3s); + + if (!hasValidNSEC && nsec3s != null && nsec3s.size() > 0) { + // try to prove NODATA with our NSEC3 record(s) + hasValidNSEC = NSEC3ValUtils.proveNodata(nsec3s, qname, qtype, + nsec3Signer); + } + + if (!hasValidNSEC) { +// log.debug("NODATA response failed to prove NODATA " +// + "status with NSEC/NSEC3"); +// log.trace("Failed NODATA:\n" + m); + m.setStatus(SecurityStatus.BOGUS); + return; + } +// log.trace("sucessfully validated NODATA response."); + m.setStatus(SecurityStatus.SECURE); + } + + /** + * Validate a NAMEERROR signed response -- a response that has a NXDOMAIN + * Rcode. This consists of verifying the authority section rrsets and making + * certain that the authority section NSEC proves that the qname doesn't + * exist and the covering wildcard also doesn't exist.. + * + * Note that by the time this method is called, the process of finding the + * trusted DNSKEY rrset that signs this response must already have been + * completed. + * + * @param response + * The response to validate. + * @param request + * The request that generated this response. + * @param key_rrset + * The trusted DNSKEY rrset that signs this response. + */ + private void validateNameErrorResponse(SMessage message, SRRset key_rrset) { + Name qname = message.getQName(); + + SMessage m = message; + + // FIXME: should we check to see if there is anything in the answer + // section? if so, what should the result be? + + // Validate the authority section -- all RRsets in the authority section + // must be signed and valid. + // In addition, the NSEC record(s) must prove the NXDOMAIN condition. + + boolean hasValidNSEC = false; + boolean hasValidWCNSEC = false; + SRRset[] rrsets = m.getSectionRRsets(Section.AUTHORITY); + List nsec3s = null; + Name nsec3Signer = null; + + for (int i = 0; i < rrsets.length; i++) { + int status = mValUtils.verifySRRset(rrsets[i], key_rrset); + if (status != SecurityStatus.SECURE) { +// log.debug("NameError response has failed AUTHORITY rrset: " +// + rrsets[i]); + m.setStatus(SecurityStatus.BOGUS); + return; + } + if (rrsets[i].getType() == Type.NSEC) { + NSECRecord nsec = (NSECRecord) rrsets[i].first(); + + if (ValUtils.nsecProvesNameError(nsec, qname, + rrsets[i].getSignerName())) { + hasValidNSEC = true; + } + if (ValUtils.nsecProvesNoWC(nsec, qname, + rrsets[i].getSignerName())) { + hasValidWCNSEC = true; + } + } + if (rrsets[i].getType() == Type.NSEC3) { + if (nsec3s == null) nsec3s = new ArrayList(); + nsec3s.add(rrsets[i].first()); + nsec3Signer = rrsets[i].getSignerName(); + } + } + + NSEC3ValUtils.stripUnknownAlgNSEC3s(nsec3s); + + if (nsec3s != null && nsec3s.size() > 0) { +// log.debug("Validating nxdomain: using NSEC3 records"); + // Attempt to prove name error with nsec3 records. + + if (NSEC3ValUtils.allNSEC3sIgnoreable(nsec3s, key_rrset, mVerifier)) { +// log.debug("all NSEC3s were validated but ignored."); + m.setStatus(SecurityStatus.INSECURE); + return; + } + + hasValidNSEC = NSEC3ValUtils.proveNameError(nsec3s, qname, + nsec3Signer); + + // Note that we assume that the NSEC3ValUtils proofs encompass the + // wildcard part of the proof. + hasValidWCNSEC = hasValidNSEC; + } + + // If the message fails to prove either condition, it is bogus. + if (!hasValidNSEC) { +// log.debug("NameError response has failed to prove: " +// + "qname does not exist"); + m.setStatus(SecurityStatus.BOGUS); + return; + } + + if (!hasValidWCNSEC) { +// log.debug("NameError response has failed to prove: " +// + "covering wildcard does not exist"); + m.setStatus(SecurityStatus.BOGUS); + return; + } + + // Otherwise, we consider the message secure. +// log.trace("successfully validated NAME ERROR response."); + m.setStatus(SecurityStatus.SECURE); + } + +// /** +// * This state is used for validating CNAME-type responses -- i.e., responses +// * that have CNAME chains. +// * +// * It primarily is responsible for breaking down the response into a series +// * of separately validated queries & responses. +// * +// * @param event +// * @param state +// * @return +// */ +// private boolean processCNAME(DNSEvent event, ValEventState state) { +// Request req = event.getRequest(); +// +// Name qname = req.getQName(); +// int qtype = req.getQType(); +// int qclass = req.getQClass(); +// +// SMessage m = event.getResponse().getSMessage(); +// +// if (state.cnameSname == null) state.cnameSname = qname; +// +// // We break the chain down by re-querying for the specific CNAME or +// // DNAME +// // (or final answer). +// SRRset[] rrsets = m.getSectionRRsets(Section.ANSWER); +// +// while (state.cnameIndex < rrsets.length) { +// SRRset rrset = rrsets[state.cnameIndex++]; +// Name rname = rrset.getName(); +// int rtype = rrset.getType(); +// +// // Skip DNAMEs -- prefer to query for the generated CNAME, +// if (rtype == Type.DNAME && qtype != Type.DNAME) continue; +// +// // Set the SNAME if we are dealing with a CNAME +// if (rtype == Type.CNAME) { +// CNAMERecord cname = (CNAMERecord) rrset.first(); +// state.cnameSname = cname.getTarget(); +// } +// +// // Note if the current rrset is the answer. In that case, we want to +// // set +// // the final state differently. +// // For non-answers, the response ultimately comes back here. +// int final_state = ValEventState.CNAME_RESP_STATE; +// if (isAnswerRRset(rrset.getName(), rtype, state.cnameSname, qtype, +// Section.ANSWER)) { +// // If this is an answer, however, break out of this loop. +// final_state = ValEventState.CNAME_ANS_RESP_STATE; +// } +// +// // Generate the sub-query. +// Request localRequest = generateLocalRequest(rname, rtype, qclass); +// DNSEvent localEvent = generateLocalEvent(event, localRequest, +// ValEventState.INIT_STATE, +// final_state); +// +// // ...and send it along. +// processLocalRequest(localEvent); +// return false; +// } +// +// // Something odd has happened if we get here. +// log.warn("processCNAME: encountered unknown issue handling a CNAME chain."); +// return false; +// } +// +// private boolean processCNAMEResponse(DNSEvent event, ValEventState state) { +// DNSEvent forEvent = event.forEvent(); +// ValEventState forState = getModuleState(forEvent); +// +// SMessage resp = event.getResponse().getSMessage(); +// if (resp.getStatus() != SecurityStatus.SECURE) { +// forEvent.getResponse().getSMessage().setStatus(resp.getStatus()); +// forState.state = forState.finalState; +// handleResponse(forEvent, forState); +// return false; +// } +// +// forState.state = ValEventState.CNAME_STATE; +// handleResponse(forEvent, forState); +// return false; +// } +// +// private boolean processCNAMEAnswer(DNSEvent event, ValEventState state) { +// DNSEvent forEvent = event.forEvent(); +// ValEventState forState = getModuleState(forEvent); +// +// SMessage resp = event.getResponse().getSMessage(); +// SMessage forResp = forEvent.getResponse().getSMessage(); +// +// forResp.setStatus(resp.getStatus()); +// +// forState.state = forState.finalState; +// handleResponse(forEvent, forState); +// return false; +// } + + + public byte validateMessage(SMessage message) { + + SRRset key_rrset = findKeys(message); + if (key_rrset == null) { + return SecurityStatus.BOGUS; + } + + int subtype = ValUtils.classifyResponse(message); + + switch (subtype) { + case ValUtils.POSITIVE: + // log.trace("Validating a positive response"); + validatePositiveResponse(message, key_rrset); + break; + case ValUtils.NODATA: + // log.trace("Validating a nodata response"); + validateNodataResponse(message, key_rrset); + break; + case ValUtils.NAMEERROR: + // log.trace("Validating a nxdomain response"); + validateNameErrorResponse(message, key_rrset); + break; + case ValUtils.CNAME: + // log.trace("Validating a cname response"); + // forward on to the special CNAME state for this. +// state.state = ValEventState.CNAME_STATE; + break; + case ValUtils.ANY: + // log.trace("Validating a postive ANY response"); + validateAnyResponse(message, key_rrset); + break; + default: + // log.error("unhandled response subtype: " + subtype); + } + + return message.getSecurityStatus().getStatus(); + + } +} diff --git a/src/se/rfc/unbound/DnsSecVerifier.java b/src/se/rfc/unbound/DnsSecVerifier.java new file mode 100644 index 0000000..239316e --- /dev/null +++ b/src/se/rfc/unbound/DnsSecVerifier.java @@ -0,0 +1,499 @@ +/* + * $Id$ + * + * Copyright (c) 2005 VeriSign, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +package se.rfc.unbound.validator; + +import java.util.*; +import java.io.*; +import java.security.*; + +import org.apache.log4j.Logger; +import org.xbill.DNS.*; +import org.xbill.DNS.security.*; + +import se.rfc.unbound.SecurityStatus; +import se.rfc.unbound.Util; + +/** + * A class for performing basic DNSSEC verification. The DNSJAVA package + * contains a similar class. This is a reimplementation that allows us to have + * finer control over the validation process. + * + * @author davidb + * @version $Revision$ + */ +public class DnsSecVerifier +{ + public static final int UNKNOWN = 0; + public static final int RSA = 1; + public static final int DSA = 2; + + /** + * This is a mapping of DNSSEC algorithm numbers/private identifiers to JCA + * algorithm identifiers. + */ + private HashMap mAlgorithmMap; + + private Logger log = Logger.getLogger(this.getClass()); + + private static class AlgEntry + { + public String jcaName; + public boolean isDSA; + public int dnssecAlg; + + public AlgEntry(String name, int dnssecAlg, boolean isDSA) + { + jcaName = name; + this.dnssecAlg = dnssecAlg; + this.isDSA = isDSA; + } + } + + public DnsSecVerifier() + { + mAlgorithmMap = new HashMap(); + + // set the default algorithm map. + mAlgorithmMap.put(new Integer(DNSSEC.RSAMD5), new AlgEntry("MD5withRSA", + DNSSEC.RSAMD5, false)); + mAlgorithmMap.put(new Integer(DNSSEC.DSA), new AlgEntry("SHA1withDSA", DNSSEC.DSA, + true)); + mAlgorithmMap.put(new Integer(DNSSEC.RSASHA1), new AlgEntry( + "SHA1withRSA", DNSSEC.RSASHA1, false)); + } + + private boolean isDSA(int algorithm) + { + // shortcut the standard algorithms + if (algorithm == DNSSEC.DSA) return true; + if (algorithm == DNSSEC.RSASHA1) return false; + if (algorithm == DNSSEC.RSAMD5) return false; + + AlgEntry entry = (AlgEntry) mAlgorithmMap.get(new Integer(algorithm)); + if (entry != null) return entry.isDSA; + return false; + } + + public void init(Properties config) + { + if (config == null) return; + + // Algorithm configuration + + // For now, we just accept new identifiers for existing algoirthms. + // FIXME: handle private identifiers. + List aliases = Util.parseConfigPrefix(config, "dns.algorithm."); + + for (Iterator i = aliases.iterator(); i.hasNext();) + { + Util.ConfigEntry entry = (Util.ConfigEntry) i.next(); + + Integer alg_alias = new Integer(Util.parseInt(entry.key, -1)); + Integer alg_orig = new Integer(Util.parseInt(entry.value, -1)); + + if (!mAlgorithmMap.containsKey(alg_orig)) + { + log.warn("Unable to alias " + alg_alias + " to unknown algorithm " + + alg_orig); + continue; + } + + if (mAlgorithmMap.containsKey(alg_alias)) + { + log.warn("Algorithm alias " + alg_alias + + " is already defined and cannot be redefined"); + continue; + } + + mAlgorithmMap.put(alg_alias, mAlgorithmMap.get(alg_orig)); + } + + // for debugging purposes, log the entire algorithm map table. + for (Iterator i = mAlgorithmMap.keySet().iterator(); i.hasNext(); ) + { + Integer alg = (Integer) i.next(); + AlgEntry entry = (AlgEntry) mAlgorithmMap.get(alg); + if (entry == null) + log.warn("DNSSEC alg " + alg + " has a null entry!"); + else + log.debug("DNSSEC alg " + alg + " maps to " + entry.jcaName + + " (" + entry.dnssecAlg + ")"); + } + } + + /** + * Find the matching DNSKEY(s) to an RRSIG within a DNSKEY rrset. Normally + * this will only return one DNSKEY. It can return more than one, since + * KeyID/Footprints are not guaranteed to be unique. + * + * @param dnskey_rrset The DNSKEY rrset to search. + * @param signature The RRSIG to match against. + * @return A List contains a one or more DNSKEYRecord objects, or null if a + * matching DNSKEY could not be found. + */ + private List findKey(RRset dnskey_rrset, RRSIGRecord signature) + { + if (!signature.getSigner().equals(dnskey_rrset.getName())) + { + log.trace("findKey: could not find appropriate key because " + + "incorrect keyset was supplied. Wanted: " + signature.getSigner() + + ", got: " + dnskey_rrset.getName()); + return null; + } + + int keyid = signature.getFootprint(); + int alg = signature.getAlgorithm(); + + List res = new ArrayList(dnskey_rrset.size()); + + for (Iterator i = dnskey_rrset.rrs(); i.hasNext();) + { + DNSKEYRecord r = (DNSKEYRecord) i.next(); + if (r.getAlgorithm() == alg && r.getFootprint() == keyid) + { + res.add(r); + } + } + + if (res.size() == 0) + { + log.trace("findKey: could not find a key matching " + + "the algorithm and footprint in supplied keyset. "); + return null; + } + return res; + } + + /** + * Check to see if a signature looks valid (i.e., matches the rrset in + * question, in the validity period, etc.) + * + * @param rrset The rrset that the signature belongs to. + * @param sigrec The signature record to check. + * @return A value of DNSSEC.Secure if it looks OK, DNSSEC.Faile if it looks + * bad. + */ + private byte checkSignature(RRset rrset, RRSIGRecord sigrec) + { + if (rrset == null || sigrec == null) return DNSSEC.Failed; + if (!rrset.getName().equals(sigrec.getName())) + { + log.debug("Signature name does not match RRset name"); + return SecurityStatus.BOGUS; + } + if (rrset.getType() != sigrec.getTypeCovered()) + { + log.debug("Signature type does not match RRset type"); + return SecurityStatus.BOGUS; + } + + Date now = new Date(); + Date start = sigrec.getTimeSigned(); + Date expire = sigrec.getExpire(); + if (now.before(start)) + { + log.debug("Signature is not yet valid"); + return SecurityStatus.BOGUS; + } + + if (now.after(expire)) + { + log.debug("Signature has expired (now = " + now + ", sig expires = " + + expire); + return SecurityStatus.BOGUS; + } + + return SecurityStatus.SECURE; + } + + public PublicKey parseDNSKEY(DNSKEYRecord key) + { + AlgEntry ae = (AlgEntry) mAlgorithmMap + .get(new Integer(key.getAlgorithm())); + if (key.getAlgorithm() != ae.dnssecAlg) + { + // Recast the DNSKEYRecord in question as one using the offical + // algorithm, to work around the lack of alias support in the underlying + // KEYConverter class from DNSjava + + key = new DNSKEYRecord(key.getName(), key.getDClass(), key.getTTL(), + key.getFlags(), key.getProtocol(), ae.dnssecAlg, key.getKey()); + } + + return KEYConverter.parseRecord(key); + } + + + /** + * Actually cryptographically verify a signature over the rrset. The RRSIG + * record must match the rrset being verified (see checkSignature). + * + * @param rrset The rrset to verify. + * @param sigrec The signature to verify with. + * @param key The (public) key associated with the RRSIG record. + * @return A security status code: SECURE if it worked, BOGUS if not, + * UNCHECKED if we just couldn't actually do the function. + */ + public byte verifySignature(RRset rrset, RRSIGRecord sigrec, + DNSKEYRecord key) + { + try + { + PublicKey pk = parseDNSKEY(key); + + if (pk == null) + { + log.warn("Could not convert DNSKEY record to a JCA public key: " + + key); + return SecurityStatus.UNCHECKED; + } + + byte[] data = SignUtils.generateSigData(rrset, sigrec); + + Signature signer = getSignature(sigrec.getAlgorithm()); + if (signer == null) + { + return SecurityStatus.BOGUS; + } + + signer.initVerify(pk); + signer.update(data); + + byte[] sig = sigrec.getSignature(); + if (isDSA(sigrec.getAlgorithm())) + { + sig = SignUtils.convertDSASignature(sig); + } + if (!signer.verify(sig)) + { + log.info("Signature failed to verify cryptographically"); + log.debug("Failed signature: " + sigrec); + return SecurityStatus.BOGUS; + } + log.trace("Signature verified: " + sigrec); + return SecurityStatus.SECURE; + } + catch (IOException e) + { + log.error("I/O error", e); + } + catch (GeneralSecurityException e) + { + log.error("Security error", e); + } + + // FIXME: Since I'm not sure what would cause an exception here (failure + // to have the required crypto?) + // We default to UNCHECKED instead of BOGUS. This could be wrong. + return SecurityStatus.UNCHECKED; + + } + + /** + * Verify an RRset against a particular signature. + * + * @return DNSSEC.Secure if the signature verfied, DNSSEC.Failed if it did + * not verify (for any reason), and DNSSEC.Insecure if verification + * could not be completed (usually because the public key was not + * available). + */ + public byte verifySignature(RRset rrset, RRSIGRecord sigrec, RRset key_rrset) + { + byte result = checkSignature(rrset, sigrec); + if (result != SecurityStatus.SECURE) return result; + + List keys = findKey(key_rrset, sigrec); + + if (keys == null) + { + log.trace("could not find appropriate key"); + return SecurityStatus.BOGUS; + } + + byte status = SecurityStatus.UNCHECKED; + + for (Iterator i = keys.iterator(); i.hasNext();) + { + DNSKEYRecord key = (DNSKEYRecord) i.next(); + status = verifySignature(rrset, sigrec, key); + + if (status == SecurityStatus.SECURE) break; + } + + return status; + } + + /** + * Verifies an RRset. This routine does not modify the RRset. This RRset is + * presumed to be verifiable, and the correct DNSKEY rrset is presumed to + * have been found. + * + * @return SecurityStatus.SECURE if the rrest verified positively, + * SecurityStatus.BOGUS otherwise. + */ + public byte verify(RRset rrset, RRset key_rrset) + { + Iterator i = rrset.sigs(); + + if (!i.hasNext()) + { + log.info("RRset failed to verify due to lack of signatures"); + return SecurityStatus.BOGUS; + } + + while (i.hasNext()) + { + RRSIGRecord sigrec = (RRSIGRecord) i.next(); + + byte res = verifySignature(rrset, sigrec, key_rrset); + + if (res == SecurityStatus.SECURE) return res; + } + + log.info("RRset failed to verify: all signatures were BOGUS"); + return SecurityStatus.BOGUS; + } + + /** + * Verify an RRset against a single DNSKEY. Use this when you must be + * certain that an RRset signed and verifies with a particular DNSKEY (as + * opposed to a particular DNSKEY rrset). + * + * @param rrset The rrset to verify. + * @param dnskey The DNSKEY to verify with. + * @return SecurityStatus.SECURE if the rrset verified, BOGUS otherwise. + */ + public byte verify(RRset rrset, DNSKEYRecord dnskey) + { + // Iterate over RRSIGS + + Iterator i = rrset.sigs(); + if (!i.hasNext()) + { + log.info("RRset failed to verify due to lack of signatures"); + return SecurityStatus.BOGUS; + } + + while (i.hasNext()) + { + RRSIGRecord sigrec = (RRSIGRecord) i.next(); + + // Skip RRSIGs that do not match our given key's footprint. + if (sigrec.getFootprint() != dnskey.getFootprint()) continue; + + byte res = verifySignature(rrset, sigrec, dnskey); + + if (res == SecurityStatus.SECURE) return res; + } + + log.info("RRset failed to verify: all signatures were BOGUS"); + return SecurityStatus.BOGUS; + } + + public boolean supportsAlgorithm(int algorithm) + { + return mAlgorithmMap.containsKey(new Integer(algorithm)); + } + + public boolean supportsAlgorithm(Name private_id) + { + return mAlgorithmMap.containsKey(private_id); + } + + public int baseAlgorithm(int algorithm) + { + switch (algorithm) + { + case DNSSEC.RSAMD5: + case DNSSEC.RSASHA1: + return RSA; + case DNSSEC.DSA: + return DSA; + } + AlgEntry entry = (AlgEntry) mAlgorithmMap.get(new Integer(algorithm)); + if (entry == null) return UNKNOWN; + if (entry.isDSA) return DSA; + return RSA; + } + + /** @return the appropriate Signature object for this keypair. */ + private Signature getSignature(int algorithm) + { + Signature s = null; + + + try + { + AlgEntry entry = (AlgEntry) mAlgorithmMap.get(new Integer(algorithm)); + if (entry == null) + { + log.info("DNSSEC algorithm " + algorithm + " not recognized."); + return null; + } + // TODO: should we cache the instance? + s = Signature.getInstance(entry.jcaName); + } + catch (NoSuchAlgorithmException e) + { + log.error("error getting Signature object", e); + } + + return s; + } + + // TODO: enable private algorithm support in dnsjava. + // Right now, this cannot be used because the DNSKEYRecord object doesn't + // give us + // the private key name. + // private Signature getSignature(Name private_alg) + // { + // Signature s = null; + // + // try + // { + // String alg_id = (String) mAlgorithmMap.get(private_alg); + // if (alg_id == null) + // { + // log.debug("DNSSEC private algorithm '" + private_alg + // + "' not recognized."); + // return null; + // } + // + // s = Signature.getInstance(alg_id); + // } + // catch (NoSuchAlgorithmException e) + // { + // log.error("error getting Signature object", e); + // } + // + // return s; + // } +} diff --git a/src/se/rfc/unbound/NSEC3ValUtils.java b/src/se/rfc/unbound/NSEC3ValUtils.java new file mode 100644 index 0000000..73bd0f8 --- /dev/null +++ b/src/se/rfc/unbound/NSEC3ValUtils.java @@ -0,0 +1,868 @@ +/* + * $Id$ + * + * Copyright (c) 2006 VeriSign. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. 2. Redistributions in + * binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. 3. The name of the author may not + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN + * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +package se.rfc.unbound; + +import java.security.NoSuchAlgorithmException; +import java.util.*; + +import org.apache.log4j.Logger; +import org.xbill.DNS.*; +import org.xbill.DNS.utils.base32; + +import se.rfc.unbound.validator.DnsSecVerifier; +import se.rfc.unbound.validator.SignUtils; +import se.rfc.unbound.validator.SignUtils.ByteArrayComparator; + +public class NSEC3ValUtils +{ + + // FIXME: should probably refactor to handle different NSEC3 parameters more + // efficiently. + // Given a list of NSEC3 RRs, they should be grouped according to + // parameters. The idea is to hash and compare for each group independently, + // instead of having to skip NSEC3 RRs with the wrong parameters. + + // The logger to use in static methods. + private static Logger st_log = Logger.getLogger(NSEC3ValUtils.class); + + private static Name asterisk_label = Name.fromConstantString("*"); + + /** + * This is a class to encapsulate a unique set of NSEC3 parameters: + * algorithm, iterations, and salt. + */ + private static class NSEC3Parameters + { + public byte alg; + public byte[] salt; + public int iterations; + + public NSEC3Parameters(NSEC3Record r) + { + alg = r.getHashAlgorithm(); + salt = r.getSalt(); + iterations = r.getIterations(); + } + + public boolean match(NSEC3Record r, ByteArrayComparator bac) + { + if (r.getHashAlgorithm() != alg) return false; + if (r.getIterations() != iterations) return false; + + if (salt == null && r.getSalt() != null) return false; + + if (bac == null) bac = new ByteArrayComparator(); + return bac.compare(r.getSalt(), salt) == 0; + } + } + + /** + * This is just a simple class to enapsulate the response to a closest + * encloser proof. + */ + private static class CEResponse + { + public Name closestEncloser; + public NSEC3Record ce_nsec3; + public NSEC3Record nc_nsec3; + + public CEResponse(Name ce, NSEC3Record nsec3) + { + this.closestEncloser = ce; + this.ce_nsec3 = nsec3; + } + } + + public static boolean supportsHashAlgorithm(int alg) + { + if (alg == NSEC3Record.SHA1_DIGEST_ID) return true; + return false; + } + + public static void stripUnknownAlgNSEC3s(List nsec3s) + { + if (nsec3s == null) return; + for (ListIterator i = nsec3s.listIterator(); i.hasNext(); ) + { + NSEC3Record nsec3 = (NSEC3Record) i.next(); + if (!supportsHashAlgorithm(nsec3.getHashAlgorithm())) + { + i.remove(); + } + } + } + + /** + * Given a list of NSEC3Records that are part of a message, determine the + * NSEC3 parameters (hash algorithm, iterations, and salt) present. If there + * is more than one distinct grouping, return null; + * + * @param nsec3s A list of NSEC3Record object. + * @return A set containing a number of objects (NSEC3Parameter objects) + * that correspond to each distinct set of parameters, or null if + * the nsec3s list was empty. + */ + public static NSEC3Parameters nsec3Parameters(List nsec3s) + { + if (nsec3s == null || nsec3s.size() == 0) return null; + + NSEC3Parameters params = new NSEC3Parameters((NSEC3Record) nsec3s.get(0)); + ByteArrayComparator bac = new ByteArrayComparator(); + + for (Iterator i = nsec3s.iterator(); i.hasNext();) + { + if (! params.match((NSEC3Record) i.next(), bac)) + { + return null; + } + } + return params; + } + + /** + * In a list of NSEC3Record object pulled from a given message, find the + * NSEC3 that directly matches a given name, without hashing. + * + * @param n The name in question. + * @param nsec3s A list of NSEC3Records from a given message. + * @return The matching NSEC3Record, or null if there wasn't one. + */ + // private static NSEC3Record findDirectMatchingNSEC3(Name n, List nsec3s) + // { + // if (n == null || nsec3s == null) return null; + // + // for (Iterator i = nsec3s.iterator(); i.hasNext();) + // { + // NSEC3Record nsec3 = (NSEC3Record) i.next(); + // if (n.equals(nsec3.getName())) return nsec3; + // } + // + // return null; + // } + /** + * Given a hash and an a zone name, construct an NSEC3 ownername. + * + * @param hash The hash of an original name. + * @param zonename The zone to use in constructing the NSEC3 name. + * @return The NSEC3 name. + */ + private static Name hashName(byte[] hash, Name zonename) + { + try + { + return new Name(base32.toString(hash).toLowerCase(), zonename); + } + catch (TextParseException e) + { + // Note, this should never happen. + return null; + } + } + + /** + * Given a set of NSEC3 parameters, hash a name. + * + * @param name The name to hash. + * @param params The parameters to hash with. + * @return The hash. + */ + private static byte[] hash(Name name, NSEC3Parameters params) + { + try + { + return NSEC3Record.hash(name, + params.alg, + params.iterations, + params.salt); + } + catch (NoSuchAlgorithmException e) + { + st_log.debug("Did not recognize hash algorithm: " + params.alg); + return null; + } + } + + /** + * Given the name of a closest encloser, return the name *.closest_encloser. + * + * @param closestEncloser The name to start with. + * @return The wildcard name. + */ + private static Name ceWildcard(Name closestEncloser) + { + try + { + Name wc = Name.concatenate(asterisk_label, closestEncloser); + return wc; + } + catch (NameTooLongException e) + { + return null; + } + } + + /** + * Given a qname and its proven closest encloser, calculate the "next + * closest" name. Basically, this is the name that is one label longer than + * the closest encloser that is still a subdomain of qname. + * + * @param qname The qname. + * @param closestEncloser The closest encloser name. + * @return The next closer name. + */ + private static Name nextClosest(Name qname, Name closestEncloser) + { + int strip = qname.labels() - closestEncloser.labels() - 1; + return (strip > 0) ? new Name(qname, strip) : qname; + } + + /** + * Find the NSEC3Record that matches a hash of a name. + * + * @param hash The pre-calculated hash of a name. + * @param zonename The name of the zone that the NSEC3s are from. + * @param nsec3s A list of NSEC3Records from a given message. + * @param params The parameters used for calculating the hash. + * @param bac An already allocated ByteArrayComparator, for reuse. This may + * be null. + * + * @return The matching NSEC3Record, if one is present. + */ + private static NSEC3Record findMatchingNSEC3(byte[] hash, Name zonename, + List nsec3s, NSEC3Parameters params, ByteArrayComparator bac) + { + Name n = hashName(hash, zonename); + + for (Iterator i = nsec3s.iterator(); i.hasNext();) + { + NSEC3Record nsec3 = (NSEC3Record) i.next(); + // Skip nsec3 records that are using different parameters. + if (!params.match(nsec3, bac)) continue; + if (n.equals(nsec3.getName())) return nsec3; + } + return null; + } + + /** + * Given a hash and a candidate NSEC3Record, determine if that NSEC3Record + * covers the hash. Covers specifically means that the hash is in between + * the owner and next hashes and does not equal either. + * + * @param nsec3 The candidate NSEC3Record. + * @param hash The precalculated hash. + * @param bac An already allocated comparator. This may be null. + * @return True if the NSEC3Record covers the hash. + */ + private static boolean nsec3Covers(NSEC3Record nsec3, byte[] hash, + ByteArrayComparator bac) + { + byte[] owner = nsec3.getOwner(); + byte[] next = nsec3.getNext(); + + // This is the "normal case: owner < next and owner < hash < next + if (bac.compare(owner, hash) < 0 && bac.compare(hash, next) < 0) + return true; + + // this is the end of zone case: next < owner && hash > owner || hash < + // next + if (bac.compare(next, owner) <= 0 + && (bac.compare(hash, next) < 0 || bac.compare(owner, hash) < 0)) + return true; + + // Otherwise, the NSEC3 does not cover the hash. + return false; + } + + /** + * Given a pre-hashed name, find a covering NSEC3 from among a list of + * NSEC3s. + * + * @param hash The hash to consider. + * @param zonename The name of the zone. + * @param nsec3s The list of NSEC3s present in a message. + * @param params The NSEC3 parameters used to generate the hash -- NSEC3s + * that do not use those parameters will be skipped. + * + * @return A covering NSEC3 if one is present, null otherwise. + */ + private static NSEC3Record findCoveringNSEC3(byte[] hash, Name zonename, + List nsec3s, NSEC3Parameters params, ByteArrayComparator bac) + { + ByteArrayComparator comparator = new ByteArrayComparator(); + + for (Iterator i = nsec3s.iterator(); i.hasNext();) + { + NSEC3Record nsec3 = (NSEC3Record) i.next(); + if (!params.match(nsec3, bac)) continue; + + if (nsec3Covers(nsec3, hash, comparator)) return nsec3; + } + + return null; + } + + + /** + * Given a name and a list of NSEC3s, find the candidate closest encloser. + * This will be the first ancestor of 'name' (including itself) to have a + * matching NSEC3 RR. + * + * @param name The name the start with. + * @param zonename The name of the zone that the NSEC3s came from. + * @param nsec3s The list of NSEC3s. + * @param nsec3params The NSEC3 parameters. + * @param bac A pre-allocated comparator. May be null. + * + * @return A CEResponse containing the closest encloser name and the NSEC3 + * RR that matched it, or null if there wasn't one. + */ + private static CEResponse findClosestEncloser(Name name, Name zonename, + List nsec3s, NSEC3Parameters params, ByteArrayComparator bac) + { + Name n = name; + + NSEC3Record nsec3; + + // This scans from longest name to shortest, so the first match we find is + // the only viable candidate. + // FIXME: modify so that the NSEC3 matching the zone apex need not be + // present. + while (n.labels() >= zonename.labels()) + { + nsec3 = findMatchingNSEC3(hash(n, params), zonename, nsec3s, params, bac); + if (nsec3 != null) return new CEResponse(n, nsec3); + n = new Name(n, 1); + } + + return null; + } + + /** + * Given a List of nsec3 RRs, find and prove the closest encloser to qname. + * + * @param qname The qname in question. + * @param zonename The name of the zone that the NSEC3 RRs come from. + * @param nsec3s The list of NSEC3s found the this response (already + * verified). + * @param params The NSEC3 parameters found in the response. + * @param bac A pre-allocated comparator. May be null. + * @param proveDoesNotExist If true, then if the closest encloser turns out + * to be qname, then null is returned. + * @return null if the proof isn't completed. Otherwise, return a CEResponse + * object which contains the closest encloser name and the NSEC3 + * that matches it. + */ + private static CEResponse proveClosestEncloser(Name qname, Name zonename, + List nsec3s, NSEC3Parameters params, ByteArrayComparator bac, + boolean proveDoesNotExist) + { + CEResponse candidate = findClosestEncloser(qname, + zonename, + nsec3s, + params, + bac); + + if (candidate == null) + { + st_log.debug("proveClosestEncloser: could not find a " + + "candidate for the closest encloser."); + return null; + } + + if (candidate.closestEncloser.equals(qname)) + { + if (proveDoesNotExist) + { + st_log.debug("proveClosestEncloser: proved that qname existed!"); + return null; + } + // otherwise, we need to nothing else to prove that qname is its own + // closest encloser. + return candidate; + } + + // If the closest encloser is actually a delegation, then the response + // should have been a referral. If it is a DNAME, then it should have been + // a DNAME response. + if (candidate.ce_nsec3.hasType(Type.NS) + && !candidate.ce_nsec3.hasType(Type.SOA)) + { + st_log.debug("proveClosestEncloser: closest encloser " + + "was a delegation!"); + return null; + } + if (candidate.ce_nsec3.hasType(Type.DNAME)) + { + st_log.debug("proveClosestEncloser: closest encloser was a DNAME!"); + return null; + } + + // Otherwise, we need to show that the next closer name is covered. + Name nextClosest = nextClosest(qname, candidate.closestEncloser); + + byte[] nc_hash = hash(nextClosest, params); + candidate.nc_nsec3 = findCoveringNSEC3(nc_hash, + zonename, + nsec3s, + params, + bac); + if (candidate.nc_nsec3 == null) + { + st_log.debug("Could not find proof that the " + + "closest encloser was the closest encloser"); + return null; + } + + return candidate; + } + + private static int maxIterations(int baseAlg, int keysize) + { + switch (baseAlg) + { + case DnsSecVerifier.RSA: + if (keysize == 0) return 2500; // the max at 4096 + if (keysize > 2048) return 2500; + if (keysize > 1024) return 500; + if (keysize > 0) return 150; + break; + case DnsSecVerifier.DSA: + if (keysize == 0) return 5000; // the max at 2048; + if (keysize > 1024) return 5000; + if (keysize > 0) return 1500; + break; + } + return -1; + } + + private static boolean validIterations(NSEC3Parameters nsec3params, + RRset dnskey_rrset, DnsSecVerifier verifier) + { + // for now, we return the maximum iterations based simply on the key + // algorithms that may have been used to sign the NSEC3 RRsets. + + int max_iterations = 0; + for (Iterator i = dnskey_rrset.rrs(); i.hasNext();) + { + DNSKEYRecord dnskey = (DNSKEYRecord) i.next(); + int baseAlg = verifier.baseAlgorithm(dnskey.getAlgorithm()); + int iters = maxIterations(baseAlg, 0); + max_iterations = max_iterations < iters ? iters : max_iterations; + } + + if (nsec3params.iterations > max_iterations) return false; + + return true; + } + + /** + * Determine if all of the NSEC3s in a response are legally ignoreable + * (i.e., their presence should lead to an INSECURE result). Currently, this + * is solely based on iterations. + * + * @param nsec3s The list of NSEC3s. If there is more than one set of NSEC3 + * parameters present, this test will not be performed. + * @param dnskey_rrset The set of validating DNSKEYs. + * @param verifier The verifier used to verify the NSEC3 RRsets. This is + * solely used to map algorithm aliases. + * @return true if all of the NSEC3s can be legally ignored, false if not. + */ + public static boolean allNSEC3sIgnoreable(List nsec3s, RRset dnskey_rrset, DnsSecVerifier verifier) + { + NSEC3Parameters params = nsec3Parameters(nsec3s); + if (params == null) return false; + + return !validIterations(params, dnskey_rrset, verifier); + } + + /** + * Determine if the set of NSEC3 records provided with a response prove NAME + * ERROR. This means that the NSEC3s prove a) the closest encloser exists, + * b) the direct child of the closest encloser towards qname doesn't exist, + * and c) *.closest encloser does not exist. + * + * @param nsec3s The list of NSEC3s. + * @param qname The query name to check against. + * @param zonename This is the name of the zone that the NSEC3s belong to. + * This may be discovered in any number of ways. A good one is to + * use the signerName from the NSEC3 record's RRSIG. + * @return SecurityStatus.SECURE of the Name Error is proven by the NSEC3 + * RRs, BOGUS if not, INSECURE if all of the NSEC3s could be validly + * ignored. + */ + public static boolean proveNameError(List nsec3s, Name qname, Name zonename) + { + if (nsec3s == null || nsec3s.size() == 0) return false; + + NSEC3Parameters nsec3params = nsec3Parameters(nsec3s); + if (nsec3params == null) + { + st_log.debug("Could not find a single set of " + + "NSEC3 parameters (multiple parameters present)."); + return false; + } + + ByteArrayComparator bac = new ByteArrayComparator(); + + // First locate and prove the closest encloser to qname. We will use the + // variant that fails if the closest encloser turns out to be qname. + CEResponse ce = proveClosestEncloser(qname, + zonename, + nsec3s, + nsec3params, + bac, + true); + + if (ce == null) + { + st_log.debug("proveNameError: failed to prove a closest encloser."); + return false; + } + + // At this point, we know that qname does not exist. Now we need to prove + // that the wildcard does not exist. + Name wc = ceWildcard(ce.closestEncloser); + byte[] wc_hash = hash(wc, nsec3params); + NSEC3Record nsec3 = findCoveringNSEC3(wc_hash, + zonename, + nsec3s, + nsec3params, + bac); + if (nsec3 == null) + { + st_log.debug("proveNameError: could not prove that the " + + "applicable wildcard did not exist."); + return false; + } + + return true; + } + + /** + * Determine if the set of NSEC3 records provided with a response prove NAME + * ERROR when qtype = NSEC3. This is a special case, and (currently anyway) + * it suffices to simply prove that the NSEC3 RRset itself does not exist, + * without proving that no wildcard could have generated it, etc.. + * + * @param nsec3s The list of NSEC3s. + * @param qname The query name to check against. + * @param zonename This is the name of the zone that the NSEC3s belong to. + * This may be discovered in any number of ways. A good one is to + * use the signerName from the NSEC3 record's RRSIG. + * @return true of the Name Error is proven by the NSEC3 RRs, false if not. + */ + // public static boolean proveNSEC3NameError(List nsec3s, Name qname, + // Name zonename) + // { + // if (nsec3s == null || nsec3s.size() == 0) return false; + // + // for (Iterator i = nsec3s.iterator(); i.hasNext(); ) + // { + // NSEC3Record nsec3 = (NSEC3Record) i.next(); + // + // // Convert owner and next into Names. + // Name owner = nsec3.getName(); + // Name next = null; + // try + // { + // next = new Name(base32.toString(nsec3.getNext()), zonename); + // } + // catch (TextParseException e) + // { + // continue; + // } + // + // // Now see if qname is covered by the NSEC3. + // + // // normal case, owner < qname < next. + // if (owner.compareTo(next) < 0 && owner.compareTo(qname) < 0 && + // next.compareTo(qname) > 0) + // { + // st_log.debug("proveNSEC3NameError: found a covering NSEC3: " + nsec3); + // return true; + // } + // // end-of-zone case: next < owner and qname > owner || qname < next. + // if (owner.compareTo(next) > 0 && (owner.compareTo(qname) < 0 || + // next.compareTo(qname) > 0)) + // { + // st_log.debug("proveNSEC3NameError: found a covering NSEC3: " + nsec3); + // return true; + // } + // } + // + // st_log.debug("proveNSEC3NameError: did not find a covering NSEC3"); + // return false; + // } + /** + * Determine if the NSEC3s provided in a response prove the NOERROR/NODATA + * status. There are a number of different variants to this: + * + * 1) Normal NODATA -- qname is matched to an NSEC3 record, type is not + * present. + * + * 2) ENT NODATA -- because there must be NSEC3 record for + * empty-non-terminals, this is the same as #1. + * + * 3) NSEC3 ownername NODATA -- qname matched an existing, lone NSEC3 + * ownername, but qtype was not NSEC3. NOTE: as of nsec-05, this case no + * longer exists. + * + * 4) Wildcard NODATA -- A wildcard matched the name, but not the type. + * + * 5) Opt-In DS NODATA -- the qname is covered by an opt-in span and qtype == + * DS. (or maybe some future record with the same parent-side-only property) + * + * @param nsec3s The NSEC3Records to consider. + * @param qname The qname in question. + * @param qtype The qtype in question. + * @param zonename The name of the zone that the NSEC3s came from. + * @return true if the NSEC3s prove the proposition. + */ + public static boolean proveNodata(List nsec3s, Name qname, int qtype, + Name zonename) + { + if (nsec3s == null || nsec3s.size() == 0) return false; + + NSEC3Parameters nsec3params = nsec3Parameters(nsec3s); + if (nsec3params == null) + { + st_log.debug("could not find a single set of " + + "NSEC3 parameters (multiple parameters present)"); + return false; + } + ByteArrayComparator bac = new ByteArrayComparator(); + + NSEC3Record nsec3 = findMatchingNSEC3(hash(qname, nsec3params), + zonename, + nsec3s, + nsec3params, + bac); + // Cases 1 & 2. + if (nsec3 != null) + { + if (nsec3.hasType(qtype)) + { + st_log.debug("proveNodata: Matching NSEC3 proved that type existed!"); + return false; + } + if (nsec3.hasType(Type.CNAME)) + { + st_log.debug("proveNodata: Matching NSEC3 proved " + + "that a CNAME existed!"); + return false; + } + return true; + } + + // For cases 3 - 5, we need the proven closest encloser, and it can't + // match qname. Although, at this point, we know that it won't since we + // just checked that. + CEResponse ce = proveClosestEncloser(qname, + zonename, + nsec3s, + nsec3params, + bac, + true); + + // At this point, not finding a match or a proven closest encloser is a + // problem. + if (ce == null) + { + st_log.debug("proveNodata: did not match qname, " + + "nor found a proven closest encloser."); + return false; + } + + // Case 3: REMOVED + + // Case 4: + Name wc = ceWildcard(ce.closestEncloser); + nsec3 = findMatchingNSEC3(hash(wc, nsec3params), + zonename, + nsec3s, + nsec3params, + bac); + + if (nsec3 != null) + { + if (nsec3.hasType(qtype)) + { + st_log.debug("proveNodata: matching wildcard had qtype!"); + return false; + } + return true; + } + + // Case 5. + if (qtype != Type.DS) + { + st_log.debug("proveNodata: could not find matching NSEC3, " + + "nor matching wildcard, and qtype is not DS -- no more options."); + return false; + } + + // We need to make sure that the covering NSEC3 is opt-in. + if (!ce.nc_nsec3.getOptInFlag()) + { + st_log.debug("proveNodata: covering NSEC3 was not " + + "opt-in in an opt-in DS NOERROR/NODATA case."); + return false; + } + + return true; + } + + /** + * Prove that a positive wildcard match was appropriate (no direct match + * RRset). + * + * @param nsec3s The NSEC3 records to work with. + * @param qname The qname that was matched to the wildard + * @param zonename The name of the zone that the NSEC3s come from. + * @param wildcard The purported wildcard that matched. + * @return true if the NSEC3 records prove this case. + */ + public static boolean proveWildcard(List nsec3s, Name qname, Name zonename, + Name wildcard) + { + if (nsec3s == null || nsec3s.size() == 0) return false; + if (qname == null || wildcard == null) return false; + + NSEC3Parameters nsec3params = nsec3Parameters(nsec3s); + if (nsec3params == null) + { + st_log.debug("couldn't find a single set of NSEC3 parameters (multiple parameters present)."); + return false; + } + + ByteArrayComparator bac = new ByteArrayComparator(); + + // We know what the (purported) closest encloser is by just looking at the + // supposed generating wildcard. + CEResponse candidate = new CEResponse(new Name(wildcard, 1), null); + + // Now we still need to prove that the original data did not exist. + // Otherwise, we need to show that the next closer name is covered. + Name nextClosest = nextClosest(qname, candidate.closestEncloser); + candidate.nc_nsec3 = findCoveringNSEC3(hash(nextClosest, nsec3params), + zonename, + nsec3s, + nsec3params, + bac); + + if (candidate.nc_nsec3 == null) + { + st_log.debug("proveWildcard: did not find a covering NSEC3 " + + "that covered the next closer name to " + qname + " from " + + candidate.closestEncloser + " (derived from wildcard " + wildcard + + ")"); + return false; + } + + return true; + } + + /** + * Prove that a DS response either had no DS, or wasn't a delegation point. + * + * Fundamentally there are two cases here: normal NODATA and Opt-In NODATA. + * + * @param nsec3s The NSEC3 RRs to examine. + * @param qname The name of the DS in question. + * @param zonename The name of the zone that the NSEC3 RRs come from. + * + * @return SecurityStatus.SECURE if it was proven that there is no DS in a + * secure (i.e., not opt-in) way, SecurityStatus.INSECURE if there + * was no DS in an insecure (i.e., opt-in) way, + * SecurityStatus.INDETERMINATE if it was clear that this wasn't a + * delegation point, and SecurityStatus.BOGUS if the proofs don't + * work out. + */ + public static int proveNoDS(List nsec3s, Name qname, Name zonename) + { + if (nsec3s == null || nsec3s.size() == 0) return SecurityStatus.BOGUS; + + NSEC3Parameters nsec3params = nsec3Parameters(nsec3s); + if (nsec3params == null) + { + st_log.debug("couldn't find a single set of " + + "NSEC3 parameters (multiple parameters present)."); + return SecurityStatus.BOGUS; + } + ByteArrayComparator bac = new ByteArrayComparator(); + + // Look for a matching NSEC3 to qname -- this is the normal NODATA case. + NSEC3Record nsec3 = findMatchingNSEC3(hash(qname, nsec3params), + zonename, + nsec3s, + nsec3params, + bac); + + if (nsec3 != null) + { + // If the matching NSEC3 has the SOA bit set, it is from the wrong zone + // (the child instead of the parent). If it has the DS bit set, then we + // were lied to. + if (nsec3.hasType(Type.SOA) || nsec3.hasType(Type.DS)) + { + return SecurityStatus.BOGUS; + } + // If the NSEC3 RR doesn't have the NS bit set, then this wasn't a + // delegation point. + if (!nsec3.hasType(Type.NS)) return SecurityStatus.INDETERMINATE; + + // Otherwise, this proves no DS. + return SecurityStatus.SECURE; + } + + // Otherwise, we are probably in the opt-in case. + CEResponse ce = proveClosestEncloser(qname, + zonename, + nsec3s, + nsec3params, + bac, + true); + if (ce == null) + { + return SecurityStatus.BOGUS; + } + + // If we had the closest encloser proof, then we need to check that the + // covering NSEC3 was opt-in -- the proveClosestEncloser step already + // checked to see if the closest encloser was a delegation or DNAME. + if (ce.nc_nsec3.getOptInFlag()) + { + return SecurityStatus.SECURE; + } + + return SecurityStatus.BOGUS; + } + +} diff --git a/src/se/rfc/unbound/SMessage.java b/src/se/rfc/unbound/SMessage.java new file mode 100644 index 0000000..df29613 --- /dev/null +++ b/src/se/rfc/unbound/SMessage.java @@ -0,0 +1,398 @@ +/* + * $Id$ + * + * Copyright (c) 2005 VeriSign. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. 2. Redistributions in + * binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. 3. The name of the author may not + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN + * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +package se.rfc.unbound; + +import java.util.*; + +import org.xbill.DNS.*; + +/** + * This class represents a DNS message with resolver/validator state. + */ +public class SMessage +{ + private Header mHeader; + + private Record mQuestion; + private OPTRecord mOPTRecord; + private List[] mSection; + private SecurityStatus mSecurityStatus; + + private static SRRset[] empty_srrset_array = new SRRset[0]; + + public SMessage(Header h) + { + mSection = new List[3]; + mHeader = h; + mSecurityStatus = new SecurityStatus(); + } + + public SMessage(int id) + { + this(new Header(id)); + } + + public SMessage() + { + this(new Header(0)); + } + + public SMessage(Message m) + { + this(m.getHeader()); + mQuestion = m.getQuestion(); + mOPTRecord = m.getOPT(); + + for (int i = Section.ANSWER; i <= Section.ADDITIONAL; i++) + { + RRset[] rrsets = m.getSectionRRsets(i); + + for (int j = 0; j < rrsets.length; j++) + { + addRRset(rrsets[j], i); + } + } + } + + public Header getHeader() + { + return mHeader; + } + + public void setHeader(Header h) + { + mHeader = h; + } + + public void setQuestion(Record r) + { + mQuestion = r; + } + + public Record getQuestion() + { + return mQuestion; + } + + public Name getQName() { + return getQuestion().getName(); + } + + public int getQType() { + return getQuestion().getType(); + } + + public int getQClass() { + return getQuestion().getDClass(); + } + + public void setOPT(OPTRecord r) + { + mOPTRecord = r; + } + + public OPTRecord getOPT() + { + return mOPTRecord; + } + + public List getSectionList(int section) + { + if (section <= Section.QUESTION || section > Section.ADDITIONAL) + throw new IllegalArgumentException("Invalid section."); + + if (mSection[section - 1] == null) + { + mSection[section - 1] = new LinkedList(); + } + + return mSection[section - 1]; + } + + public void addRRset(SRRset srrset, int section) + { + if (section <= Section.QUESTION || section > Section.ADDITIONAL) + throw new IllegalArgumentException("Invalid section"); + + if (srrset.getType() == Type.OPT) + { + mOPTRecord = (OPTRecord) srrset.first(); + return; + } + + List sectionList = getSectionList(section); + sectionList.add(srrset); + } + + public void addRRset(RRset rrset, int section) + { + if (rrset instanceof SRRset) + { + addRRset((SRRset) rrset, section); + return; + } + + SRRset srrset = new SRRset(rrset); + addRRset(srrset, section); + } + + public void prependRRsets(List rrsets, int section) + { + if (section <= Section.QUESTION || section > Section.ADDITIONAL) + throw new IllegalArgumentException("Invalid section"); + + List sectionList = getSectionList(section); + sectionList.addAll(0, rrsets); + } + + public SRRset[] getSectionRRsets(int section) + { + List slist = getSectionList(section); + + return (SRRset[]) slist.toArray(empty_srrset_array); + } + + public SRRset[] getSectionRRsets(int section, int qtype) + { + List slist = getSectionList(section); + + if (slist.size() == 0) return new SRRset[0]; + + ArrayList result = new ArrayList(slist.size()); + for (Iterator i = slist.iterator(); i.hasNext();) + { + SRRset rrset = (SRRset) i.next(); + if (rrset.getType() == qtype) result.add(rrset); + } + + return (SRRset[]) result.toArray(empty_srrset_array); + } + + public void deleteRRset(SRRset rrset, int section) + { + List slist = getSectionList(section); + + if (slist.size() == 0) return; + + slist.remove(rrset); + } + + public void clear(int section) + { + if (section < Section.QUESTION || section > Section.ADDITIONAL) + throw new IllegalArgumentException("Invalid section."); + + if (section == Section.QUESTION) + { + mQuestion = null; + return; + } + if (section == Section.ADDITIONAL) + { + mOPTRecord = null; + } + + mSection[section - 1] = null; + } + + public void clear() + { + for (int s = Section.QUESTION; s <= Section.ADDITIONAL; s++) + { + clear(s); + } + } + + public int getRcode() + { + // FIXME: might want to do what Message does and handle extended rcodes. + return mHeader.getRcode(); + } + + public int getStatus() + { + return mSecurityStatus.getStatus(); + } + + public void setStatus(byte status) + { + mSecurityStatus.setStatus(status); + } + + public SecurityStatus getSecurityStatus() + { + return mSecurityStatus; + } + public void setSecurityStatus(SecurityStatus s) + { + if (s == null) return; + mSecurityStatus = s; + } + + public Message getMessage() + { + // Generate our new message. + Message m = new Message(mHeader.getID()); + + // Convert the header + // We do this for two reasons: 1) setCount() is package scope, so we can't + // do that, and 2) setting the header on a message after creating the + // message frequently gets stuff out of sync, leading to malformed wire + // format messages. + Header h = m.getHeader(); + h.setOpcode(mHeader.getOpcode()); + h.setRcode(mHeader.getRcode()); + for (int i = 0; i < 16; i++) + { + if (Flags.isFlag(i)) h.setFlag(i, mHeader.getFlag(i)); + } + + // Add all the records. -- this will set the counts correctly in the + // message header. + + if (mQuestion != null) + { + m.addRecord(mQuestion, Section.QUESTION); + } + + for (int sec = Section.ANSWER; sec <= Section.ADDITIONAL; sec++) + { + List slist = getSectionList(sec); + for (Iterator i = slist.iterator(); i.hasNext();) + { + SRRset rrset = (SRRset) i.next(); + for (Iterator j = rrset.rrs(); j.hasNext();) + { + m.addRecord((Record) j.next(), sec); + } + for (Iterator j = rrset.sigs(); j.hasNext();) + { + m.addRecord((Record) j.next(), sec); + } + } + } + + if (mOPTRecord != null) + { + m.addRecord(mOPTRecord, Section.ADDITIONAL); + } + + return m; + } + + public int getCount(int section) + { + if (section == Section.QUESTION) + { + return mQuestion == null ? 0 : 1; + } + List sectionList = getSectionList(section); + if (sectionList == null) return 0; + if (sectionList.size() == 0) return 0; + + int count = 0; + for (Iterator i = sectionList.iterator(); i.hasNext(); ) + { + SRRset sr = (SRRset) i.next(); + count += sr.totalSize(); + } + return count; + } + + public String toString() + { + return getMessage().toString(); + } + + /** + * Find a specific (S)RRset in a given section. + * + * @param name the name of the RRset. + * @param type the type of the RRset. + * @param dclass the class of the RRset. + * @param section the section to look in (ANSWER -> ADDITIONAL) + * + * @return The SRRset if found, null otherwise. + */ + public SRRset findRRset(Name name, int type, int dclass, int section) + { + if (section <= Section.QUESTION || section > Section.ADDITIONAL) + throw new IllegalArgumentException("Invalid section."); + + SRRset[] rrsets = getSectionRRsets(section); + + for (int i = 0; i < rrsets.length; i++) + { + if (rrsets[i].getName().equals(name) && rrsets[i].getType() == type + && rrsets[i].getDClass() == dclass) + { + return rrsets[i]; + } + } + + return null; + } + + /** + * Find an "answer" RRset. This will look for RRsets in the ANSWER section + * that match the , taking into consideration CNAMEs. + * + * @param qname The starting search name. + * @param qtype The search type. + * @param qclass The search class. + * + * @return a SRRset matching the query. This SRRset may have a different + * name from qname, due to following a CNAME chain. + */ + public SRRset findAnswerRRset(Name qname, int qtype, int qclass) + { + SRRset[] srrsets = getSectionRRsets(Section.ANSWER); + + for (int i = 0; i < srrsets.length; i++) + { + if (srrsets[i].getName().equals(qname) + && srrsets[i].getType() == Type.CNAME) + { + CNAMERecord cname = (CNAMERecord) srrsets[i].first(); + qname = cname.getTarget(); + continue; + } + + if (srrsets[i].getName().equals(qname) && srrsets[i].getType() == qtype + && srrsets[i].getDClass() == qclass) + { + return srrsets[i]; + } + } + + return null; + } + +} \ No newline at end of file diff --git a/src/se/rfc/unbound/SRRset.java b/src/se/rfc/unbound/SRRset.java new file mode 100644 index 0000000..8c6cb7e --- /dev/null +++ b/src/se/rfc/unbound/SRRset.java @@ -0,0 +1,169 @@ +/* + * Copyright (c) 2005 VeriSign. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. 2. Redistributions in + * binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. 3. The name of the author may not + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN + * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +package se.rfc.unbound; + +import java.util.*; + +import org.xbill.DNS.*; + +/** + * A version of the RRset class overrides the standard security status. + */ +public class SRRset extends RRset +{ + private SecurityStatus mSecurityStatus; + + /** Create a new, blank SRRset. */ + public SRRset() + { + super(); + mSecurityStatus = new SecurityStatus(); + } + + /** + * Create a new SRRset from an existing RRset. This SRRset will contain that + * same internal Record objects as the original RRset. + */ + @SuppressWarnings("unchecked") // org.xbill.DNS.RRset isn't typesafe-aware. +public SRRset(RRset r) + { + this(); + + for (Iterator i = r.rrs(); i.hasNext();) + { + addRR((Record) i.next()); + } + + for (Iterator i = r.sigs(); i.hasNext();) + { + addRR((Record) i.next()); + } + } + + /** + * Clone this SRRset, giving the copy a new TTL. The copy is independent + * from the original except for the security status. + * + * @param withNewTTL The new TTL to apply to the RRset. This applies to + * contained RRsig records as well. + * @return The cloned SRRset. + */ + public SRRset cloneSRRset(long withNewTTL) + { + SRRset nr = new SRRset(); + + for (Iterator i = rrs(); i.hasNext();) + { + nr.addRR(((Record) i.next()).withTTL(withNewTTL)); + } + for (Iterator i = sigs(); i.hasNext();) + { + nr.addRR(((Record) i.next()).withTTL(withNewTTL)); + } + + nr.mSecurityStatus = mSecurityStatus; + + return nr; + } + + public SRRset cloneSRRsetNoSigs() + { + SRRset nr = new SRRset(); + for (Iterator i = rrs(); i.hasNext();) + { + // NOTE: should this clone the records as well? + nr.addRR((Record) i.next()); + } + // Do not copy the SecurityStatus reference + + return nr; + } + /** + * Return the current security status (generally: UNCHECKED, BOGUS, or + * SECURE). + */ + public int getSecurity() + { + return getSecurityStatus(); + } + + /** + * Return the current security status (generally: UNCHECKED, BOGUS, or + * SECURE). + */ + public int getSecurityStatus() + { + return mSecurityStatus.getStatus(); + } + + /** + * Set the current security status for this SRRset. This status will be + * shared amongst all copies of this SRRset (created with cloneSRRset()) + */ + public void setSecurityStatus(int status) + { + mSecurityStatus.setStatus(status); + } + + /** + * @return The total number of records (data + sigs) in the SRRset. + */ + public int getNumRecords() + { + return totalSize(); + } + + /** + * @return true if this RRset has RRSIG records that cover data records. + * (i.e., RRSIG SRRsets return false) + */ + public boolean isSigned() + { + if (getType() == Type.RRSIG) return false; + return firstSig() != null; + } + + /** + * @return The "signer" name for this SRRset, if signed, or null if not. + */ + public Name getSignerName() + { + RRSIGRecord sig = (RRSIGRecord) firstSig(); + if (sig == null) return null; + return sig.getSigner(); + } + + public void setTTL(long ttl) + { + if (ttl < 0) + { + throw new IllegalArgumentException("ttl can't be less than zero, stupid! was " + ttl); + } + super.setTTL(ttl); + } +} diff --git a/src/se/rfc/unbound/SecurityStatus.java b/src/se/rfc/unbound/SecurityStatus.java new file mode 100644 index 0000000..d6e7757 --- /dev/null +++ b/src/se/rfc/unbound/SecurityStatus.java @@ -0,0 +1,112 @@ +/* + * $Id$ + * + * Copyright (c) 2005 VeriSign. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. 2. Redistributions in + * binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. 3. The name of the author may not + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN + * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +package se.rfc.unbound; + +/** + * Codes for DNSSEC security statuses. + * + * @author davidb + */ +public class SecurityStatus +{ + + /** + * UNCHECKED means that object has yet to be validated. + */ + public static final byte UNCHECKED = 0; + /** + * BOGUS means that the object (RRset or message) failed to validate + * (according to local policy), but should have validated. + */ + public static final byte BOGUS = 1; + /** + * BAD is a synonym for BOGUS. + */ + public static final byte BAD = BOGUS; + /** + * INDTERMINATE means that the object is insecure, but not authoritatively + * so. Generally this means that the RRset is not below a configured trust + * anchor. + */ + public static final byte INDETERMINATE = 2; + /** + * INSECURE means that the object is authoritatively known to be insecure. + * Generally this means that this RRset is below a trust anchor, but also + * below a verified, insecure delegation. + */ + public static final byte INSECURE = 3; + /** + * SECURE means that the object (RRset or message) validated according to + * local policy. + */ + public static final byte SECURE = 4; + + private byte status; + + public static String string(int status) + { + switch (status) + { + case BOGUS : + return "Bogus"; + case SECURE : + return "Secure"; + case INSECURE : + return "Insecure"; + case INDETERMINATE : + return "Indeterminate"; + case UNCHECKED : + return "Unchecked"; + default : + return "UNKNOWN"; + } + } + + public SecurityStatus() + { + status = UNCHECKED; + } + + public SecurityStatus(byte status) + { + setStatus(status); + } + + public byte getStatus() + { + return status; + } + + public void setStatus(byte status) + { + this.status = status; + } + +} diff --git a/src/se/rfc/unbound/TrustAnchorStore.java b/src/se/rfc/unbound/TrustAnchorStore.java new file mode 100644 index 0000000..ba8e26d --- /dev/null +++ b/src/se/rfc/unbound/TrustAnchorStore.java @@ -0,0 +1,90 @@ +/* + * Copyright (c) 2009 VeriSign, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +package se.rfc.unbound; + +import java.util.HashMap; +import java.util.Map; + +import org.xbill.DNS.Name; + +import se.rfc.unbound.SRRset; +import se.rfc.unbound.SecurityStatus; + +/** + * + */ +public class TrustAnchorStore +{ + private Map mMap; + + public TrustAnchorStore() + { + mMap = null; + } + + private String key(Name n, int dclass) + { + return "T" + dclass + "/" + Util.nameToString(n); + } + + + public void store(SRRset rrset) + { + if (mMap == null) + { + mMap = new HashMap(); + } + String k = key(rrset.getName(), rrset.getDClass()); + rrset.setSecurityStatus(SecurityStatus.SECURE); + + mMap.put(k, rrset); + } + + private SRRset lookup(String key) + { + if (mMap == null) return null; + return (SRRset) mMap.get(key); + } + + public SRRset find(Name n, int dclass) + { + if (mMap == null) return null; + + while (n.labels() > 0) + { + String k = key(n, dclass); + SRRset r = lookup(k); + if (r != null) return r; + n = new Name(n, 1); + } + + return null; + } + +} diff --git a/src/se/rfc/unbound/Util.java b/src/se/rfc/unbound/Util.java new file mode 100644 index 0000000..3e0cae3 --- /dev/null +++ b/src/se/rfc/unbound/Util.java @@ -0,0 +1,149 @@ +/* + * $Id$ + * + * Copyright (c) 2005 VeriSign. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. 2. Redistributions in + * binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. 3. The name of the author may not + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN + * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +package se.rfc.unbound; + +import java.util.*; + +import org.xbill.DNS.Flags; +import org.xbill.DNS.Header; +import org.xbill.DNS.Name; + +/** + * Some basic utility functions. + * + * @author davidb + * @version $Revision$ + */ +public class Util +{ + + /** + * Convert a DNS name into a string suitable for use as a cache key. + * + * @param name The name to convert. + * @return A string representing the name. This isn't ever meant to be + * converted back into a DNS name. + */ + public static String nameToString(Name name) + { + if (name.equals(Name.root)) return "."; + + String n = name.toString().toLowerCase(); + if (n.endsWith(".")) n = n.substring(0, n.length() - 1); + + return n; + } + +// public static SMessage errorMessage(Request request, int rcode) +// { +// SMessage m = new SMessage(request.getID()); +// Header h = m.getHeader(); +// h.setRcode(rcode); +// h.setFlag(Flags.QR); +// m.setQuestion(request.getQuestion()); +// m.setOPT(request.getOPT()); +// +// return m; +// } +// +// public static SMessage errorMessage(SMessage message, int rcode) +// { +// Header h = message.getHeader(); +// SMessage m = new SMessage(h.getID()); +// h = m.getHeader(); +// h.setRcode(rcode); +// h.setFlag(Flags.QR); +// m.setQuestion(message.getQuestion()); +// m.setOPT(message.getOPT()); +// +// return m; +// } + + public static int parseInt(String s, int def) + { + if (s == null) return def; + try + { + return Integer.parseInt(s); + } + catch (NumberFormatException e) + { + return def; + } + } + + public static long parseLong(String s, long def) + { + if (s == null) return def; + try + { + return Long.parseLong(s); + } + catch (NumberFormatException e) + { + return def; + } + } + + public static class ConfigEntry + { + public String key; + public String value; + + public ConfigEntry(String key, String value) + { + this.key = key; this.value = value; + } + } + + public static List parseConfigPrefix(Properties config, String prefix) + { + if (! prefix.endsWith(".")) + { + prefix = prefix + "."; + } + + List res = new ArrayList(); + + for (Iterator i = config.entrySet().iterator(); i.hasNext(); ) + { + Map.Entry entry = (Map.Entry) i.next(); + String key = (String) entry.getKey(); + if (key.startsWith(prefix)) + { + key = key.substring(prefix.length()); + + res.add(new ConfigEntry(key, (String) entry.getValue())); + } + } + + return res; + } +} diff --git a/src/se/rfc/unbound/ValUtils.java b/src/se/rfc/unbound/ValUtils.java new file mode 100644 index 0000000..14570d5 --- /dev/null +++ b/src/se/rfc/unbound/ValUtils.java @@ -0,0 +1,719 @@ +/* + * $Id$ + * + * Copyright (c) 2005 VeriSign, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +package se.rfc.unbound.validator; + +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Iterator; + +import org.apache.log4j.Logger; +import org.xbill.DNS.*; + +import se.rfc.unbound.*; + +/** + * This is a collection of routines encompassing the logic of validating + * different message types. + * + * @author davidb + * @version $Revision$ + */ +public class ValUtils +{ + + // These are response subtypes. They are necessary for determining the + // validation strategy. They have no bearing on the iterative resolution + // algorithm, so they are confined here. + + /** Not subtyped yet. */ + public static final int UNTYPED = 0; + + /** Not a recognized subtype. */ + public static final int UNKNOWN = 1; + + /** A postive, direct, response. */ + public static final int POSITIVE = 2; + + /** A postive response, with a CNAME/DNAME chain. */ + public static final int CNAME = 3; + + /** A NOERROR/NODATA response. */ + public static final int NODATA = 4; + + /** A NXDOMAIN response. */ + public static final int NAMEERROR = 5; + + /** A response to a qtype=ANY query. */ + public static final int ANY = 6; + + private Logger log = Logger.getLogger(this.getClass()); + private static Logger st_log = Logger.getLogger(ValUtils.class); + + /** A local copy of the verifier object. */ + private DnsSecVerifier mVerifier; + + public ValUtils(DnsSecVerifier verifier) + { + mVerifier = verifier; + } + + /** + * Given a response, classify ANSWER responses into a subtype. + * + * @param m The response to classify. + * + * @return A subtype ranging from UNKNOWN to NAMEERROR. + */ + public static int classifyResponse(SMessage m) + { + // Normal Name Error's are easy to detect -- but don't mistake a CNAME + // chain ending in NXDOMAIN. + if (m.getRcode() == Rcode.NXDOMAIN + && m.getCount(Section.ANSWER) == 0) + { + return NAMEERROR; + } + + // Next is NODATA + // st_log.debug("classifyResponse: ancount = " + + // m.getCount(Section.ANSWER)); + if (m.getCount(Section.ANSWER) == 0) + { + return NODATA; + } + + // We distinguish between CNAME response and other positive/negative + // responses because CNAME answers require extra processing. + int qtype = m.getQuestion().getType(); + + // We distinguish between ANY and CNAME or POSITIVE because ANY responses + // are validated differently. + if (qtype == Type.ANY) + { + return ANY; + } + + SRRset[] rrsets = m.getSectionRRsets(Section.ANSWER); + + // Note that DNAMEs will be ignored here, unless qtype=DNAME. Unless + // qtype=CNAME, this will yield a CNAME response. + for (int i = 0; i < rrsets.length; i++) + { + if (rrsets[i].getType() == qtype) return POSITIVE; + if (rrsets[i].getType() == Type.CNAME) return CNAME; + } + + st_log.warn("Failed to classify response message:\n" + m); + return UNKNOWN; + } + + /** + * Given a response, determine the name of the "signer". This is primarily + * to determine if the response is, in fact, signed at all, and, if so, what + * is the name of the most pertinent keyset. + * + * @param m The response to analyze. + * @param request The request that generated the response. + * @return a signer name, if the response is signed (even partially), or + * null if the response isn't signed. + */ + public Name findSigner(SMessage m, Request request) + { + int subtype = classifyResponse(m); + Name qname = request.getQName(); + + SRRset[] rrsets; + + switch (subtype) + { + case POSITIVE : + case CNAME : + case ANY : + // Check to see if the ANSWER section RRset + rrsets = m.getSectionRRsets(Section.ANSWER); + for (int i = 0; i < rrsets.length; i++) + { + if (rrsets[i].getName().equals(qname)) + { + return rrsets[i].getSignerName(); + } + } + return null; + + case NAMEERROR : + case NODATA : + // Check to see if the AUTH section NSEC record(s) have rrsigs + rrsets = m.getSectionRRsets(Section.AUTHORITY); + for (int i = 0; i < rrsets.length; i++) + { + if (rrsets[i].getType() == Type.NSEC + || rrsets[i].getType() == Type.NSEC3) + { + return rrsets[i].getSignerName(); + } + } + return null; + default : + log.debug("findSigner: could not find signer name " + + "for unknown type response."); + return null; + } + } + + public boolean dssetIsUsable(SRRset ds_rrset) + { + for (Iterator i = ds_rrset.rrs(); i.hasNext();) + { + DSRecord ds = (DSRecord) i.next(); + if (supportsDigestID(ds.getDigestID()) + && mVerifier.supportsAlgorithm(ds.getAlgorithm())) + { + return true; + } + } + + return false; + } + + /** + * Given a DS rrset and a DNSKEY rrset, match the DS to a DNSKEY and verify + * the DNSKEY rrset with that key. + * + * @param dnskey_rrset The DNSKEY rrset to match against. The security + * status of this rrset will be updated on a successful + * verification. + * @param ds_rrset The DS rrset to match with. This rrset must already be + * trusted. + * + * @return a KeyEntry. This will either contain the now trusted + * dnskey_rrset, a "null" key entry indicating that this DS + * rrset/DNSKEY pair indicate an secure end to the island of trust + * (i.e., unknown algorithms), or a "bad" KeyEntry if the dnskey + * rrset fails to verify. Note that the "null" response should + * generally only occur in a private algorithm scenario: normally + * this sort of thing is checked before fetching the matching DNSKEY + * rrset. + */ + public KeyEntry verifyNewDNSKEYs(SRRset dnskey_rrset, SRRset ds_rrset) + { + if (!dnskey_rrset.getName().equals(ds_rrset.getName())) + { + log.debug("DNSKEY RRset did not match DS RRset by name!"); + return KeyEntry + .newBadKeyEntry(ds_rrset.getName(), ds_rrset.getDClass()); + } + + // as long as this is false, we can consider this DS rrset to be + // equivalent to no DS rrset. + boolean hasUsefulDS = false; + + for (Iterator i = ds_rrset.rrs(); i.hasNext();) + { + DSRecord ds = (DSRecord) i.next(); + + // Check to see if we can understand this DS. + if (!supportsDigestID(ds.getDigestID()) + || !mVerifier.supportsAlgorithm(ds.getAlgorithm())) + { + continue; + } + + // Once we see a single DS with a known digestID and algorithm, we + // cannot return INSECURE (with a "null" KeyEntry). + hasUsefulDS = true; + + DNSKEY : for (Iterator j = dnskey_rrset.rrs(); j.hasNext();) + { + DNSKEYRecord dnskey = (DNSKEYRecord) j.next(); + + // Skip DNSKEYs that don't match the basic criteria. + if (ds.getFootprint() != dnskey.getFootprint() + || ds.getAlgorithm() != dnskey.getAlgorithm()) + { + continue; + } + + // Convert the candidate DNSKEY into a hash using the same DS hash + // algorithm. + byte[] key_hash = calculateDSHash(dnskey, ds.getDigestID()); + byte[] ds_hash = ds.getDigest(); + + // see if there is a length mismatch (unlikely) + if (key_hash.length != ds_hash.length) + { + continue DNSKEY; + } + + for (int k = 0; k < key_hash.length; k++) + { + if (key_hash[k] != ds_hash[k]) continue DNSKEY; + } + + // Otherwise, we have a match! Make sure that the DNSKEY verifies + // *with this key*. + byte res = mVerifier.verify(dnskey_rrset, dnskey); + if (res == SecurityStatus.SECURE) + { + log.trace("DS matched DNSKEY."); + dnskey_rrset.setSecurityStatus(SecurityStatus.SECURE); + return KeyEntry.newKeyEntry(dnskey_rrset); + } + // If it didn't validate with the DNSKEY, try the next one! + } + } + + // None of the DS's worked out. + + // If no DSs were understandable, then this is OK. + if (!hasUsefulDS) + { + log.debug("No usuable DS records were found -- treating as insecure."); + return KeyEntry.newNullKeyEntry(ds_rrset.getName(), ds_rrset + .getDClass(), ds_rrset.getTTL()); + } + // If any were understandable, then it is bad. + log.debug("Failed to match any usable DS to a DNSKEY."); + return KeyEntry.newBadKeyEntry(ds_rrset.getName(), ds_rrset.getDClass()); + } + + /** + * Given a DNSKEY record, generate the DS record from it. + * + * @param keyrec the DNSKEY record in question. + * @param ds_alg The DS digest algorithm in use. + * @return the corresponding {@link org.xbill.DNS.DSRecord} + */ + public static byte[] calculateDSHash(DNSKEYRecord keyrec, int ds_alg) + { + DNSOutput os = new DNSOutput(); + + os.writeByteArray(keyrec.getName().toWireCanonical()); + os.writeByteArray(keyrec.rdataToWireCanonical()); + + try + { + MessageDigest md = null; + switch (ds_alg) + { + case DSRecord.SHA1_DIGEST_ID : + md = MessageDigest.getInstance("SHA"); + return md.digest(os.toByteArray()); + case DSRecord.SHA256_DIGEST_ID: + SHA256 sha = new SHA256(); + sha.setData(os.toByteArray()); + return sha.getDigest(); + default : + st_log.warn("Unknown DS algorithm: " + ds_alg); + return null; + } + + } + catch (NoSuchAlgorithmException e) + { + st_log.error("Error using DS algorithm: " + ds_alg, e); + return null; + } + } + + public static boolean supportsDigestID(int digest_id) + { + if (digest_id == DSRecord.SHA1_DIGEST_ID) return true; + if (digest_id == DSRecord.SHA256_DIGEST_ID) return true; + return false; + } + + /** + * Check to see if a type is a special DNSSEC type. + * + * @param type The type. + * + * @return true if the type is one of the special DNSSEC types. + */ + public static boolean isDNSSECType(int type) + { + switch (type) + { + case Type.DNSKEY : + case Type.NSEC : + case Type.DS : + case Type.RRSIG : + case Type.NSEC3 : + return true; + default : + return false; + } + } + + /** + * Set the security status of a particular RRset. This will only upgrade the + * security status. + * + * @param rrset The SRRset to update. + * @param security The security status. + */ + public static void setRRsetSecurity(SRRset rrset, int security) + { + if (rrset == null) return; + + int cur_sec = rrset.getSecurityStatus(); + if (cur_sec == SecurityStatus.UNCHECKED || security > cur_sec) + { + rrset.setSecurityStatus(security); + } + } + + /** + * Set the security status of a message and all of its RRsets. This will + * only upgrade the status of the message (i.e., set to more secure, not + * less) and all of the RRsets. + * + * @param m + * @param security KeyEntry ke; + * + * SMessage m = response.getSMessage(); SRRset ans_rrset = + * m.findAnswerRRset(qname, qtype, qclass); + * + * ke = verifySRRset(ans_rrset, key_rrset); if + * (ans_rrset.getSecurityStatus() != SecurityStatus.SECURE) { return; } + * key_rrset = ke.getRRset(); + */ + public static void setMessageSecurity(SMessage m, int security) + { + if (m == null) return; + + int cur_sec = m.getStatus(); + if (cur_sec == SecurityStatus.UNCHECKED || security > cur_sec) + { + m.setStatus(security); + } + + for (int section = Section.ANSWER; section <= Section.ADDITIONAL; section++) + { + SRRset[] rrsets = m.getSectionRRsets(section); + for (int i = 0; i < rrsets.length; i++) + { + setRRsetSecurity(rrsets[i], security); + } + } + } + + /** + * Given an SRRset that is signed by a DNSKEY found in the key_rrset, verify + * it. This will return the status (either BOGUS or SECURE) and set that + * status in rrset. + * + * @param rrset The SRRset to verify. + * @param key_rrset The set of keys to verify against. + * @return The status (BOGUS or SECURE). + */ + public byte verifySRRset(SRRset rrset, SRRset key_rrset) + { + String rrset_name = rrset.getName() + "/" + Type.string(rrset.getType()) + + "/" + DClass.string(rrset.getDClass()); + + if (rrset.getSecurityStatus() == SecurityStatus.SECURE) + { + log.trace("verifySRRset: rrset <" + rrset_name + + "> previously found to be SECURE"); + return SecurityStatus.SECURE; + } + + byte status = mVerifier.verify(rrset, key_rrset); + if (status != SecurityStatus.SECURE) + { + log.debug("verifySRRset: rrset <" + rrset_name + "> found to be BAD"); + status = SecurityStatus.BOGUS; + } + else + { + log.trace("verifySRRset: rrset <" + rrset_name + "> found to be SECURE"); + } + + rrset.setSecurityStatus(status); + return status; + } + + /** + * Determine if a given type map has a given typ. + * + * @param types The type map from the NSEC record. + * @param type The type to look for. + * @return true if the type is present in the type map, false otherwise. + */ + public static boolean typeMapHasType(int[] types, int type) + { + for (int i = 0; i < types.length; i++) + { + if (types[i] == type) return true; + } + return false; + } + + /** + * Determine by looking at a signed RRset whether or not the rrset name was + * the result of a wildcard expansion. + * + * @param rrset The rrset to examine. + * @return true if the rrset is a wildcard expansion. This will return false + * for all unsigned rrsets. + */ + public static boolean rrsetIsWildcardExpansion(RRset rrset) + { + if (rrset == null) return false; + RRSIGRecord rrsig = (RRSIGRecord) rrset.firstSig(); + + if (rrset.getName().labels() - 1 > rrsig.getLabels()) + { + return true; + } + + return false; + } + + /** + * Determine by looking at a signed RRset whether or not the RRset name was + * the result of a wildcard expansion. If so, return the name of the + * generating wildcard. + * + * @param rrset The rrset to chedck. + * @return the wildcard name, if the rrset was synthesized from a wildcard. + * null if not. + */ + public static Name rrsetWildcard(RRset rrset) + { + if (rrset == null) return null; + RRSIGRecord rrsig = (RRSIGRecord) rrset.firstSig(); + + // if the RRSIG label count is shorter than the number of actual labels, + // then this rrset was synthesized from a wildcard. + // Note that the RRSIG label count doesn't count the root label. + int label_diff = (rrset.getName().labels() - 1) - rrsig.getLabels(); + if (label_diff > 0) + { + return rrset.getName().wild(label_diff); + } + return null; + } + + public static Name closestEncloser(Name domain, NSECRecord nsec) + { + Name n1 = domain.longestCommonName(nsec.getName()); + Name n2 = domain.longestCommonName(nsec.getNext()); + + return (n1.labels() > n2.labels()) ? n1 : n2; + } + + public static Name nsecWildcard(Name domain, NSECRecord nsec) + { + try + { + return new Name("*", closestEncloser(domain, nsec)); + } + catch (TextParseException e) + { + // this should never happen. + return null; + } + } + + /** + * Determine if the given NSEC proves a NameError (NXDOMAIN) for a given + * qname. + * + * @param nsec The NSEC to check. + * @param qname The qname to check against. + * @param signerName The signer name of the NSEC record, which is used as + * the zone name, for a more precise (but perhaps more brittle) + * check for the last NSEC in a zone. + * @return true if the NSEC proves the condition. + */ + public static boolean nsecProvesNameError(NSECRecord nsec, Name qname, + Name signerName) + { + Name owner = nsec.getName(); + Name next = nsec.getNext(); + + // If NSEC owner == qname, then this NSEC proves that qname exists. + if (qname.equals(owner)) + { + return false; + } + + // If NSEC is a parent of qname, we need to check the type map + // If the parent name has a DNAME or is a delegation point, then this NSEC + // is being misused. + if (qname.subdomain(owner) + && (typeMapHasType(nsec.getTypes(), Type.DNAME) || (typeMapHasType(nsec + .getTypes(), + Type.NS) && !typeMapHasType(nsec.getTypes(), Type.SOA)))) + { + return false; + } + + if (qname.compareTo(owner) > 0 && (qname.compareTo(next) < 0) + || signerName.equals(next)) + { + return true; + } + return false; + } + + /** + * Determine if a NSEC record proves the non-existence of a wildcard that + * could have produced qname. + * + * @param nsec The nsec to check. + * @param qname The qname to check against. + * @param signerName The signer name for the NSEC rrset, used as the zone + * name. + * @return true if the NSEC proves the condition. + */ + public static boolean nsecProvesNoWC(NSECRecord nsec, Name qname, + Name signerName) + { + Name owner = nsec.getName(); + Name next = nsec.getNext(); + + int qname_labels = qname.labels(); + int signer_labels = signerName.labels(); + + for (int i = qname_labels - signer_labels; i > 0; i--) + { + Name wc_name = qname.wild(i); + if (wc_name.compareTo(owner) > 0 + && (wc_name.compareTo(next) < 0 || signerName.equals(next))) + { + return true; + } + } + + return false; + } + + /** + * Determine if a NSEC proves the NOERROR/NODATA conditions. This will also + * handle the empty non-terminal (ENT) case and partially handle the + * wildcard case. If the ownername of 'nsec' is a wildcard, the validator + * must still be provided proof that qname did not directly exist and that + * the wildcard is, in fact, *.closest_encloser. + * + * @param nsec The NSEC to check + * @param qname The query name to check against. + * @param qtype The query type to check against. + * @return true if the NSEC proves the condition. + */ + public static boolean nsecProvesNodata(NSECRecord nsec, Name qname, + int qtype) + { + if (!nsec.getName().equals(qname)) + { + // wildcard checking. + + // If this is a wildcard NSEC, make sure that a) it was possible to have + // generated qname from the wildcard and b) the type map does not + // contain qtype. Note that this does NOT prove that this wildcard was + // the applicable wildcard. + if (nsec.getName().isWild()) + { + // the is the purported closest encloser. + Name ce = new Name(nsec.getName(), 1); + + // The qname must be a strict subdomain of the closest encloser, and + // the qtype must be absent from the type map. + if (!qname.strictSubdomain(ce) || typeMapHasType(nsec.getTypes(), qtype)) + { + return false; + } + return true; + } + + // empty-non-terminal checking. + + // If the nsec is proving that qname is an ENT, the nsec owner will be + // less than qname, and the next name will be a child domain of the + // qname. + if (nsec.getNext().strictSubdomain(qname) + && qname.compareTo(nsec.getName()) > 0) + { + return true; + } + // Otherwise, this NSEC does not prove ENT, so it does not prove NODATA. + return false; + } + + // If the qtype exists, then we should have gotten it. + if (typeMapHasType(nsec.getTypes(), qtype)) + { + return false; + } + + // if the name is a CNAME node, then we should have gotten the CNAME + if (typeMapHasType(nsec.getTypes(), Type.CNAME)) + { + return false; + } + + // If an NS set exists at this name, and NOT a SOA (so this is a zone cut, + // not a zone apex), then we should have gotten a referral (or we just got + // the wrong NSEC). + if (typeMapHasType(nsec.getTypes(), Type.NS) + && !typeMapHasType(nsec.getTypes(), Type.SOA)) + { + return false; + } + + return true; + } + + public static int nsecProvesNoDS(NSECRecord nsec, Name qname) + { + // Could check to make sure the qname is a subdomain of nsec + int[] types = nsec.getTypes(); + if (typeMapHasType(types, Type.SOA) || typeMapHasType(types, Type.DS)) + { + // SOA present means that this is the NSEC from the child, not the + // parent (so it is the wrong one) + // DS present means that there should have been a positive response to + // the DS query, so there is something wrong. + return SecurityStatus.BOGUS; + } + + if (!typeMapHasType(types, Type.NS)) + { + // If there is no NS at this point at all, then this doesn't prove + // anything one way or the other. + return SecurityStatus.INSECURE; + } + // Otherwise, this proves no DS. + return SecurityStatus.SECURE; + } + +}