From 221770ae5fcf939b76c6a436e6348b5a956c3eae Mon Sep 17 00:00:00 2001 From: "Parrin, N.D. (Nicholas)" Date: Fri, 26 Dec 2025 13:37:36 +0100 Subject: [PATCH 1/9] otel --- __pycache__/h2_backend.cpython-314.pyc | Bin 0 -> 665 bytes build.zig | 7 + build.zig.zon | 3 + ...2025-12-26-opentelemetry-tracing-design.md | 224 +++++++++++++ main.zig | 29 ++ src/http/http2/pool.zig | 17 +- src/http/ultra_sock.zig | 61 +++- src/proxy/connection.zig | 6 + src/proxy/handler.zig | 209 +++++++++++- src/telemetry/mod.zig | 306 ++++++++++++++++++ vendor/otel | 1 + vendor/otel-proto | 1 + vendor/protobuf | 1 + 13 files changed, 849 insertions(+), 16 deletions(-) create mode 100644 __pycache__/h2_backend.cpython-314.pyc create mode 100644 docs/plans/2025-12-26-opentelemetry-tracing-design.md create mode 100644 src/telemetry/mod.zig create mode 160000 vendor/otel create mode 160000 vendor/otel-proto create mode 160000 vendor/protobuf diff --git a/__pycache__/h2_backend.cpython-314.pyc b/__pycache__/h2_backend.cpython-314.pyc new file mode 100644 index 0000000000000000000000000000000000000000..f813f1addfddee5844bb5eaddb08a36b900d479f GIT binary patch literal 665 zcmZ`$PiWIn7=JHGn>5=hEC)f0?JN|EE}3J(5D|LO9kwFRS#%XOOWtT)nxyZ&NgEJ{ zB6!@#ONj>$e(?SI@%_Hv`|{;nc}7QIKVPnS21e*> z2L2l0iH)Zr?IMCsB7q35qo(A@c`r*P@TcJ8JqTw}6}TN>pFagKH-eXMA>=L~R6!kS z4!T4l^4$ZXkOC>1l8G&ODSz)8BI*OsAL3nkwV;DuKB18k(Jkr!JfhZNwvJS^S^?KD z${ub`rHU9uG*x;+M6r=YlTjXp0jDMxHWO(PlGx#?+M~8h8RyvtJ7FMbAm+1So*hZh zp|B#~_JVdi`>)Jq=#Ek)i~KY&SE%oYwJjF*Yb)#P*R93crtNIgz@5|Ipr)J_xD&!g zDx(hd9>QuIdOSO6qtQs0teYH`umaE7wit~E#Avz&1jU$ zb`-H0kjSpcHz0h2|L{efe%^WZ=tc3fdgi!1yLUCIT-aZJd*eg%;Bj)lpR|KyEliB) zusk@@28lMvNelapZwCXVswC-S literal 0 HcmV?d00001 diff --git a/build.zig b/build.zig index 60bfb80..a107df7 100644 --- a/build.zig +++ b/build.zig @@ -18,6 +18,12 @@ pub fn build(b: *std.Build) void { .root_source_file = b.path("vendor/tls/src/root.zig"), }); + // OpenTelemetry SDK module (zig-o11y/opentelemetry-sdk - distributed tracing) + const otel_module = b.dependency("opentelemetry", .{ + .target = target, + .optimize = optimize, + }).module("sdk"); + // Backend 1 const backend1_mod = b.createModule(.{ .root_source_file = b.path("tests/fixtures/backend1.zig"), @@ -85,6 +91,7 @@ pub fn build(b: *std.Build) void { }); load_balancer_mod.addImport("zzz", zzz_module); load_balancer_mod.addImport("tls", tls_module); + load_balancer_mod.addImport("opentelemetry", otel_module); const load_balancer = b.addExecutable(.{ .name = "load_balancer", .root_module = load_balancer_mod, diff --git a/build.zig.zon b/build.zig.zon index 01e67f4..dcd7b4c 100644 --- a/build.zig.zon +++ b/build.zig.zon @@ -7,6 +7,9 @@ .zzz = .{ .path = "vendor/zzz.io", }, + .opentelemetry = .{ + .path = "vendor/otel", + }, }, .paths = .{ diff --git a/docs/plans/2025-12-26-opentelemetry-tracing-design.md b/docs/plans/2025-12-26-opentelemetry-tracing-design.md new file mode 100644 index 0000000..1b142fb --- /dev/null +++ b/docs/plans/2025-12-26-opentelemetry-tracing-design.md @@ -0,0 +1,224 @@ +# OpenTelemetry Tracing Design + +> **For Claude:** REQUIRED SUB-SKILL: Use superpowers:executing-plans to implement this plan task-by-task. + +**Goal:** Add distributed tracing to the load balancer for debugging request lifecycle, HTTP/2 streams, and GOAWAY retry issues. + +**Architecture:** Traces exported via OTLP/HTTP to Jaeger. Spans created per-request with child spans for pool acquire, TLS handshake, H2 connection, and response forwarding. + +**Tech Stack:** zig-o11y/opentelemetry-sdk, Jaeger + +--- + +## Architecture + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ Load Balancer │ +│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────────┐ │ +│ │ Tracer │ │ Spans │ │ OTLP Exporter │ │ +│ │ (global) │──│ (per-req) │──│ HTTP/JSON → Jaeger │ │ +│ └─────────────┘ └─────────────┘ └─────────────────────────┘ │ +└─────────────────────────────────────────────────────────────────┘ + │ + ▼ OTLP/HTTP (port 4318) + ┌─────────────────────┐ + │ Jaeger │ + │ localhost:16686 │ + └─────────────────────┘ +``` + +## Span Hierarchy (Implemented) + +### HTTP/2 (HTTPS) Path +``` +proxy_request (root, SERVER span) +├─ http.method, http.url, http.status_code +├─ backend.id, backend.host +│ +├── backend_selection (INTERNAL) +│ ├─ lb.backend_count +│ ├─ lb.healthy_count +│ └─ lb.strategy +│ +└── backend_request_h2 (CLIENT) + ├─ http.method, http.url + ├─ http.status_code, http.response_content_length + ├─ h2.retry_count + │ + ├── dns_resolution (INTERNAL) + │ └─ dns.hostname + │ + ├── tcp_connect (INTERNAL) + │ ├─ net.peer.name + │ └─ net.peer.port + │ + ├── tls_handshake (INTERNAL) + │ ├─ tls.server_name + │ ├─ tls.cipher + │ └─ tls.alpn + │ + ├── h2_handshake (INTERNAL) + │ └─ HTTP/2 preface + SETTINGS exchange + │ + └── response_streaming (INTERNAL) + ├─ http.body.type: "h2_buffered" + ├─ http.body.length + ├─ http.body.bytes_written + └─ http.body.had_error +``` + +### HTTP/1.1 Path +``` +proxy_request (root, SERVER span) +├─ http.method, http.url, http.status_code +│ +├── backend_selection (INTERNAL) +│ ├─ lb.backend_count, lb.healthy_count, lb.strategy +│ +├── backend_connection (INTERNAL) +│ │ +│ ├── dns_resolution (INTERNAL) +│ │ └─ dns.hostname +│ │ +│ ├── tcp_connect (INTERNAL) +│ │ ├─ net.peer.name +│ │ └─ net.peer.port +│ │ +│ └── tls_handshake (INTERNAL, if HTTPS) +│ ├─ tls.server_name, tls.cipher, tls.alpn +│ +├── backend_request (CLIENT) +│ └─ http.method, http.url +│ +└── response_streaming (INTERNAL) + ├─ http.body.type: "content_length" | "chunked" | "until_close" + ├─ http.body.expected_length + ├─ http.body.bytes_transferred + └─ http.body.had_error +``` + +## Files to Create + +### src/telemetry/mod.zig +Public API for tracing: +- `init(endpoint: []const u8)` - Initialize tracer with Jaeger endpoint +- `shutdown()` - Flush and close exporter +- `startSpan(name, parent)` - Create new span +- Global tracer instance + +### src/telemetry/exporter.zig +OTLP/HTTP exporter: +- Batch spans (100 or 5 seconds) +- Non-blocking export in background +- Flush on shutdown + +### src/telemetry/span.zig +Span wrapper: +- setAttribute(key, value) +- addEvent(name) +- setStatus(error) +- end() + +## Files to Modify + +### build.zig +```zig +const otel = b.dependency("opentelemetry-sdk", .{ + .target = target, + .optimize = optimize, +}); +load_balancer_mod.addImport("opentelemetry", otel.module("opentelemetry")); +``` + +### build.zig.zon +```zig +.@"opentelemetry-sdk" = .{ + .url = "git+https://github.com/zig-o11y/opentelemetry-sdk", +}, +``` + +### main.zig +- Add `--otel-endpoint` CLI flag +- Call `telemetry.init(endpoint)` at startup +- Call `telemetry.shutdown()` on exit + +### src/proxy/handler.zig +- Create root span in `streamingProxy()` +- Add `trace_context` field to `ProxyState` +- End span in `streamingProxy_finalize()` + +### src/proxy/connection.zig +- Create `pool_acquire` child span in `acquireConnection()` + +### src/http/http2/connection.zig +- Create `h2_connect` span in `connect()` +- Create `h2_request` span in `request()` +- Add `goaway_received` event when GOAWAY detected + +### src/http/http2/pool.zig +- Add `retry_triggered` event on retry + +### src/http/tls.zig +- Create `tls_handshake` span during TLS setup + +## Context Passing + +```zig +pub const ProxyState = struct { + // ... existing fields ... + trace_span: ?*Span = null, // Root span for this request +}; +``` + +Child spans access parent via `proxy_state.trace_span`. + +## CLI Usage + +```bash +# With tracing +./load_balancer --port 8080 --backend 127.0.0.1:9000 \ + --otel-endpoint http://localhost:4318 + +# Without tracing (default) +./load_balancer --port 8080 --backend 127.0.0.1:9000 +``` + +## Testing + +```bash +# Start Jaeger +docker run -d --name jaeger \ + -p 16686:16686 -p 4318:4318 \ + jaegertracing/all-in-one:latest + +# Run LB with tracing +./zig-out/bin/load_balancer --otel-endpoint http://localhost:4318 ... + +# View traces +open http://localhost:16686 +``` + +## Verification Checklist + +- [x] Normal request shows complete span hierarchy +- [x] Backend selection shows lb.strategy, backend_count, healthy_count +- [x] DNS resolution span with hostname +- [x] TCP connect span with peer name/port +- [x] TLS handshake span with cipher and ALPN protocol +- [x] H2 handshake span for HTTP/2 connections +- [x] Response streaming span with body type and bytes transferred +- [x] Errors mark spans with error status +- [x] GOAWAY shows retry events in h2 span + +## Implementation Status + +**Completed:** +- Vendored OpenTelemetry SDK from zig-o11y +- OTLP/HTTP exporter to Jaeger (port 4318) +- `--otel-endpoint` CLI flag +- Full span hierarchy for HTTP/1.1 and HTTP/2 paths +- Connection phase spans (DNS, TCP, TLS, H2 handshake) +- Response streaming spans +- Proper parent-child span relationships +- Span attributes following OpenTelemetry semantic conventions diff --git a/main.zig b/main.zig index f563bd2..9b5d03d 100644 --- a/main.zig +++ b/main.zig @@ -16,6 +16,8 @@ const log = std.log.scoped(.lb); const zzz = @import("zzz"); const http = zzz.HTTP; +const telemetry = @import("src/telemetry/mod.zig"); + const Io = std.Io; const Server = http.Server; const Router = http.Router; @@ -120,6 +122,7 @@ const Config = struct { insecure_tls: bool = false, // Skip TLS verification (for testing only) trace: bool = false, // Enable hex/ASCII payload tracing tls_trace: bool = false, // Enable detailed TLS handshake tracing + otel_endpoint: ?[]const u8 = null, // OTLP endpoint for OpenTelemetry tracing }; // ============================================================================ @@ -146,6 +149,7 @@ fn printUsage() void { \\ -k, --insecure Skip TLS certificate verification (testing only) \\ -t, --trace Dump raw request/response payloads (hex + ASCII) \\ --tls-trace Show detailed TLS handshake info (cipher, version, CA) + \\ --otel-endpoint OTLP endpoint for OpenTelemetry tracing (e.g. localhost:4318) \\ --upgrade-fd Inherit socket fd for binary hot reload (internal) \\ --help Show this help \\ @@ -175,6 +179,7 @@ fn parseArgs(allocator: std.mem.Allocator) !Config { var insecure_tls: bool = false; var trace: bool = false; var tls_trace: bool = false; + var otel_endpoint: ?[]const u8 = null; var backend_list: std.ArrayListUnmanaged(BackendDef) = .empty; errdefer backend_list.deinit(allocator); @@ -273,6 +278,11 @@ fn parseArgs(allocator: std.mem.Allocator) !Config { trace = true; } else if (std.mem.eql(u8, arg, "--tls-trace")) { tls_trace = true; + } else if (std.mem.eql(u8, arg, "--otel-endpoint")) { + if (i + 1 < args.len) { + otel_endpoint = try allocator.dupe(u8, args[i + 1]); + i += 1; + } } else if (std.mem.eql(u8, arg, "--upgrade-fd")) { if (i + 1 < args.len) { upgrade_fd = try std.fmt.parseInt(posix.fd_t, args[i + 1], 10); @@ -296,6 +306,11 @@ fn parseArgs(allocator: std.mem.Allocator) !Config { std.debug.print("TLS-TRACE: Detailed TLS handshake info enabled\n", .{}); } + // Notify if OpenTelemetry tracing is enabled + if (otel_endpoint) |endpoint| { + std.debug.print("OTEL: OpenTelemetry tracing enabled, endpoint: {s}\n", .{endpoint}); + } + // Use default mode if not specified const final_mode = mode orelse RunMode.default(); @@ -338,6 +353,7 @@ fn parseArgs(allocator: std.mem.Allocator) !Config { .insecure_tls = insecure_tls, .trace = trace, .tls_trace = tls_trace, + .otel_endpoint = otel_endpoint, .lbConfig = .{ .worker_count = worker_count, .port = port, @@ -354,6 +370,11 @@ fn freeConfig(allocator: std.mem.Allocator, config: Config) void { allocator.free(backend.host); } allocator.free(config.lbConfig.backends); + + // Free the otel_endpoint if it was allocated + if (config.otel_endpoint) |endpoint| { + allocator.free(endpoint); + } } // ============================================================================ @@ -381,6 +402,14 @@ pub fn main() !void { // Set runtime TLS trace mode config_mod.setTlsTraceEnabled(config.tls_trace); + // Initialize OpenTelemetry tracing if endpoint is provided + if (config.otel_endpoint) |endpoint| { + telemetry.init(allocator, endpoint) catch |err| { + log.err("Failed to initialize telemetry: {s}", .{@errorName(err)}); + }; + } + defer telemetry.deinit(); + // Validate configuration try config.lbConfig.validate(); diff --git a/src/http/http2/pool.zig b/src/http/http2/pool.zig index 5ee77f7..31b5985 100644 --- a/src/http/http2/pool.zig +++ b/src/http/http2/pool.zig @@ -19,6 +19,7 @@ const UltraSock = ultra_sock_mod.UltraSock; const Protocol = ultra_sock_mod.Protocol; const TlsOptions = ultra_sock_mod.TlsOptions; const BackendServer = @import("../../core/types.zig").BackendServer; +const telemetry = @import("../../telemetry/mod.zig"); const MAX_CONNECTIONS_PER_BACKEND: usize = 16; const MAX_BACKENDS: usize = 64; @@ -77,7 +78,7 @@ pub const H2ConnectionPool = struct { /// 3. If found and healthy, return it (stays available for more requests) /// 4. If not found, find empty slot and create fresh /// 5. Unlock mutex on return - pub fn getOrCreate(self: *Self, backend_idx: u32, io: Io) !*H2Connection { + pub fn getOrCreate(self: *Self, backend_idx: u32, io: Io, trace_span: ?*telemetry.Span) !*H2Connection { std.debug.assert(backend_idx < self.backends.len); // Lock per-backend mutex to prevent concurrent creation race @@ -109,7 +110,7 @@ pub const H2ConnectionPool = struct { // Phase 2: Create new connection in empty slot for (&self.slot_state[backend_idx], &self.slots[backend_idx], 0..) |*state, *slot, i| { if (state.* == .empty) { - const conn = try self.createFreshConnection(backend_idx, io); + const conn = try self.createFreshConnection(backend_idx, io, trace_span); conn.ref_count.store(1, .release); // First user slot.* = conn; state.* = .available; @@ -175,7 +176,7 @@ pub const H2ConnectionPool = struct { } /// Create fresh connection with TLS and HTTP/2 handshake - fn createFreshConnection(self: *Self, backend_idx: u32, io: Io) !*H2Connection { + fn createFreshConnection(self: *Self, backend_idx: u32, io: Io, trace_span: ?*telemetry.Span) !*H2Connection { std.debug.assert(backend_idx < self.backends.len); const backend = &self.backends[backend_idx]; @@ -186,7 +187,9 @@ pub const H2ConnectionPool = struct { // Create socket from backend server const protocol: Protocol = if (backend.isHttps()) .https else .http; const tls_options = TlsOptions.fromRuntimeWithHttp2(); - const sock = UltraSock.initWithTls(protocol, backend.getHost(), backend.port, tls_options); + var sock = UltraSock.initWithTls(protocol, backend.getHost(), backend.port, tls_options); + // Set trace span for detailed connection phase tracing (DNS, TCP, TLS) + sock.trace_span = trace_span; // Initialize H2Connection with per-connection buffers conn.* = try H2Connection.init(sock, backend_idx, self.allocator); @@ -205,7 +208,13 @@ pub const H2ConnectionPool = struct { conn.sock.enableKeepalive() catch {}; // Perform HTTP/2 handshake (send preface + SETTINGS) + var h2_handshake_span = if (trace_span) |parent| + telemetry.startChildSpan(parent, "h2_handshake", .Internal) + else + telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + defer h2_handshake_span.end(); try conn.connect(io); + h2_handshake_span.setOk(); log.debug("Fresh H2 connection established: backend={d}", .{backend_idx}); return conn; diff --git a/src/http/ultra_sock.zig b/src/http/ultra_sock.zig index dd9a862..7cbcdbb 100644 --- a/src/http/ultra_sock.zig +++ b/src/http/ultra_sock.zig @@ -10,6 +10,7 @@ const tls_mod = @import("tls.zig"); const tls = tls_mod.tls_lib; const config_mod = @import("../core/config.zig"); +const telemetry = @import("../telemetry/mod.zig"); // Re-export TlsOptions for external use pub const TlsOptions = tls_mod.TlsOptions; @@ -46,6 +47,9 @@ pub const UltraSock = struct { // Cached read timeout for restoration after temporary changes read_timeout_ms: u32 = 1000, // Default 1 second + // Optional parent span for tracing connection phases + trace_span: ?*telemetry.Span = null, + /// Get the current read timeout in milliseconds pub fn getReadTimeout(self: *const UltraSock) u32 { return self.read_timeout_ms; @@ -97,10 +101,19 @@ pub const UltraSock = struct { // Resolve address - first try as IP, then DNS resolution const addr = Io.net.IpAddress.parse(self.host, self.port) catch blk: { // Not a raw IP, try DNS resolution using getaddrinfo + // DNS resolution span + var dns_span = if (self.trace_span) |parent| + telemetry.startChildSpan(parent, "dns_resolution", .Internal) + else + telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + defer dns_span.end(); + dns_span.setStringAttribute("dns.hostname", self.host); + if (trace_enabled) { tls_log.debug(" Resolving DNS for {s}...", .{self.host}); } const resolved = resolveDns(self.host, self.port) catch { + dns_span.setBoolAttribute("dns.success", false); if (trace_enabled) { tls_log.err("!!! DNS resolution failed for {s}", .{self.host}); } else { @@ -108,22 +121,33 @@ pub const UltraSock = struct { } return error.InvalidAddress; }; + dns_span.setBoolAttribute("dns.success", true); if (trace_enabled) { tls_log.debug(" DNS resolved {s}", .{self.host}); } break :blk resolved; }; - // Connect using std.Io + // TCP connect span + var tcp_span = if (self.trace_span) |parent| + telemetry.startChildSpan(parent, "tcp_connect", .Internal) + else + telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + defer tcp_span.end(); + tcp_span.setStringAttribute("net.peer.name", self.host); + tcp_span.setIntAttribute("net.peer.port", @intCast(self.port)); + if (trace_enabled) { tls_log.debug(" TCP connecting to {s}:{}...", .{ self.host, self.port }); } self.stream = addr.connect(io, .{ .mode = .stream }) catch { + tcp_span.setBoolAttribute("tcp.success", false); if (trace_enabled) { tls_log.err("!!! TCP connect failed to {s}:{}", .{ self.host, self.port }); } return error.ConnectionFailed; }; + tcp_span.setBoolAttribute("tcp.success", true); errdefer self.closeStream(); if (trace_enabled) { @@ -162,10 +186,19 @@ pub const UltraSock = struct { } const addr = Io.net.IpAddress.parse(self.host, self.port) catch blk: { + // DNS resolution span + var dns_span = if (self.trace_span) |parent| + telemetry.startChildSpan(parent, "dns_resolution", .Internal) + else + telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + defer dns_span.end(); + dns_span.setStringAttribute("dns.hostname", self.host); + if (trace_enabled) { tls_log.debug(" Resolving DNS for {s}...", .{self.host}); } const resolved = resolveDns(self.host, self.port) catch { + dns_span.setBoolAttribute("dns.success", false); if (trace_enabled) { tls_log.err("!!! DNS resolution failed for {s}", .{self.host}); } else { @@ -173,21 +206,33 @@ pub const UltraSock = struct { } return error.InvalidAddress; }; + dns_span.setBoolAttribute("dns.success", true); if (trace_enabled) { tls_log.debug(" DNS resolved {s}", .{self.host}); } break :blk resolved; }; + // TCP connect span + var tcp_span = if (self.trace_span) |parent| + telemetry.startChildSpan(parent, "tcp_connect", .Internal) + else + telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + defer tcp_span.end(); + tcp_span.setStringAttribute("net.peer.name", self.host); + tcp_span.setIntAttribute("net.peer.port", @intCast(self.port)); + if (trace_enabled) { tls_log.debug(" TCP connecting to {s}:{}...", .{ self.host, self.port }); } self.stream = addr.connect(io, .{ .mode = .stream }) catch { + tcp_span.setBoolAttribute("tcp.success", false); if (trace_enabled) { tls_log.err("!!! TCP connect failed to {s}:{}", .{ self.host, self.port }); } return error.ConnectionFailed; }; + tcp_span.setBoolAttribute("tcp.success", true); errdefer self.closeStream(); if (trace_enabled) { @@ -301,6 +346,14 @@ pub const UltraSock = struct { ) !void { const stream = self.stream orelse return error.SocketNotInitialized; + // TLS handshake span + var tls_span = if (self.trace_span) |parent| + telemetry.startChildSpan(parent, "tls_handshake", .Internal) + else + telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + defer tls_span.end(); + tls_span.setStringAttribute("tls.server_name", self.host); + try tls_mod.ensureCaBundleLoaded(io, self.tls_options.ca); self.stream_reader = stream.reader(io, input_buf); @@ -342,6 +395,8 @@ pub const UltraSock = struct { &self.stream_writer.interface, client_opts, ) catch |err| { + tls_span.setBoolAttribute("tls.success", false); + tls_span.setStringAttribute("tls.error", @errorName(err)); if (trace_enabled) { tls_log.err("!!! TLS handshake FAILED: {} for {s}:{}", .{ err, self.host, self.port }); } else { @@ -349,16 +404,20 @@ pub const UltraSock = struct { } return error.TlsHandshakeFailed; }; + tls_span.setBoolAttribute("tls.success", true); // Convert ALPN to copy-safe enum (TigerStyle: no dangling pointers after copy) if (self.tls_diagnostic.negotiated_alpn) |alpn| { self.negotiated_protocol = if (std.mem.eql(u8, alpn, "h2")) .http2 else .http1_1; + tls_span.setStringAttribute("tls.alpn", alpn); } else { self.negotiated_protocol = .http1_1; + tls_span.setStringAttribute("tls.alpn", "http/1.1"); } // Log TLS connection details const cipher_name = @tagName(self.tls_conn.?.cipher); + tls_span.setStringAttribute("tls.cipher", cipher_name); if (trace_enabled) { // Detailed TLS trace logging from Diagnostic struct diff --git a/src/proxy/connection.zig b/src/proxy/connection.zig index b643275..1642aa3 100644 --- a/src/proxy/connection.zig +++ b/src/proxy/connection.zig @@ -20,6 +20,7 @@ const ultra_sock_mod = @import("../http/ultra_sock.zig"); const UltraSock = ultra_sock_mod.UltraSock; const metrics = @import("../metrics/mod.zig"); const WorkerState = @import("../lb/worker.zig").WorkerState; +const telemetry = @import("../telemetry/mod.zig"); // Re-export ProxyState for convenience pub const ProxyState = @import("handler.zig").ProxyState; @@ -41,6 +42,7 @@ pub fn acquireConnection( backend_idx: u32, state: *WorkerState, req_id: u32, + trace_span: ?*telemetry.Span, ) ProxyError!ProxyState { // Prevent bitmap overflow in circuit breaker health tracking. std.debug.assert(backend_idx < MAX_BACKENDS); @@ -73,6 +75,7 @@ pub fn acquireConnection( .body_had_error = false, .client_write_error = false, .backend_wants_close = false, + .trace_span = null, // Set by handler after acquisition. }; proxy_state.tls_conn_ptr = proxy_state.sock.getTlsConnection(); return proxy_state; @@ -85,6 +88,8 @@ pub fn acquireConnection( // Create fresh connection var sock = UltraSock.fromBackendServerWithHttp2(backend); + // Set trace span for detailed connection phase tracing (DNS, TCP, TLS) + sock.trace_span = trace_span; sock.connect(ctx.io) catch { sock.close_blocking(); return ProxyError.BackendUnavailable; @@ -119,6 +124,7 @@ pub fn acquireConnection( .body_had_error = false, .client_write_error = false, .backend_wants_close = false, + .trace_span = null, // Set by handler after acquisition. }; proxy_state.tls_conn_ptr = proxy_state.sock.getTlsConnection(); return proxy_state; diff --git a/src/proxy/handler.zig b/src/proxy/handler.zig index 3421675..bd093a9 100644 --- a/src/proxy/handler.zig +++ b/src/proxy/handler.zig @@ -17,6 +17,8 @@ const log = std.log.scoped(.mp); const zzz = @import("zzz"); const http = zzz.HTTP; +const telemetry = @import("../telemetry/mod.zig"); + const config = @import("../core/config.zig"); const types = @import("../core/types.zig"); const ultra_sock_mod = @import("../http/ultra_sock.zig"); @@ -77,6 +79,8 @@ pub const ProxyState = struct { body_had_error: bool, client_write_error: bool, backend_wants_close: bool, + /// Parent span for tracing (optional, for creating child spans) + trace_span: ?*telemetry.Span, /// TigerStyle: assertion for valid state (called at multiple points). pub fn assertValid(self: *const ProxyState) void { @@ -118,6 +122,14 @@ pub fn generateHandler( } } + // Start a trace span for this request + const method = ctx.request.method orelse .GET; + const uri = ctx.request.uri orelse "/"; + var span = telemetry.startServerSpan("proxy_request"); + defer span.end(); + span.setStringAttribute("http.method", @tagName(method)); + span.setStringAttribute("http.url", uri); + // Use dynamic backend count (from shared region if available) const backend_count = state.getBackendCount(); std.debug.assert(backend_count <= MAX_BACKENDS); @@ -129,6 +141,8 @@ pub fn generateHandler( }); if (backend_count == 0) { + span.setError("No backends configured"); + span.setIntAttribute("http.status_code", 503); return ctx.response.apply(.{ .status = .@"Service Unavailable", .mime = http.Mime.TEXT, @@ -136,7 +150,17 @@ pub fn generateHandler( }); } + // Backend selection with tracing + var selection_span = telemetry.startChildSpan(&span, "backend_selection", .Internal); + selection_span.setIntAttribute("lb.backend_count", @intCast(backend_count)); + selection_span.setIntAttribute("lb.healthy_count", @intCast(state.circuit_breaker.countHealthy())); + selection_span.setStringAttribute("lb.strategy", @tagName(strategy)); + const backend_idx = state.selectBackend(strategy) orelse { + selection_span.setError("No healthy backends"); + selection_span.end(); + span.setError("No backends available"); + span.setIntAttribute("http.status_code", 503); log.warn("[W{d}] selectBackend returned null", .{state.worker_id}); return ctx.response.apply(.{ .status = .@"Service Unavailable", @@ -145,12 +169,26 @@ pub fn generateHandler( }); }; + selection_span.setIntAttribute("lb.selected_backend", @intCast(backend_idx)); + selection_span.setOk(); + selection_span.end(); + // Prevent out-of-bounds access to backends array and bitmap. std.debug.assert(backend_idx < backend_count); std.debug.assert(backend_idx < MAX_BACKENDS); log.debug("[W{d}] Selected backend {d}", .{ state.worker_id, backend_idx }); - return proxyWithFailover(ctx, @intCast(backend_idx), state); + const result = proxyWithFailover(ctx, @intCast(backend_idx), state, &span); + + // Update parent span with final status + if (result) |response| { + span.setOk(); + return response; + } else |err| { + span.setError(@errorName(err)); + span.setIntAttribute("http.status_code", 503); + return err; + } } }.handle; } @@ -160,6 +198,7 @@ inline fn proxyWithFailover( ctx: *const http.Context, primary_idx: u32, state: *WorkerState, + trace_span: *telemetry.Span, ) !http.Respond { // Prevent out-of-bounds access to backends array and bitmap. std.debug.assert(primary_idx < MAX_BACKENDS); @@ -168,27 +207,31 @@ inline fn proxyWithFailover( // Try to get backend from shared region (hot reload) or fall back to local if (state.getSharedBackend(primary_idx)) |shared_backend| { - if (streamingProxyShared(ctx, shared_backend, primary_idx, state)) |response| { + if (streamingProxyShared(ctx, shared_backend, primary_idx, state, trace_span)) |response| { state.recordSuccess(primary_idx); + trace_span.setIntAttribute("http.status_code", 200); return response; } else |err| { // GOAWAY exhaustion is NOT a backend failure - just connection-level flow control if (err != ProxyError.GoawayRetriesExhausted) { state.recordFailure(primary_idx); } + trace_span.addEvent("primary_backend_failed"); log.warn("[W{d}] Backend {d} failed: {s}", .{ state.worker_id, primary_idx + 1, @errorName(err) }); } } else { // Fall back to local backends list const backends = state.backends; - if (streamingProxy(ctx, &backends.items[primary_idx], primary_idx, state)) |response| { + if (streamingProxy(ctx, &backends.items[primary_idx], primary_idx, state, trace_span)) |response| { state.recordSuccess(primary_idx); + trace_span.setIntAttribute("http.status_code", 200); return response; } else |err| { // GOAWAY exhaustion is NOT a backend failure - just connection-level flow control if (err != ProxyError.GoawayRetriesExhausted) { state.recordFailure(primary_idx); } + trace_span.addEvent("primary_backend_failed"); log.warn("[W{d}] Backend {d} failed: {s}", .{ state.worker_id, primary_idx + 1, @errorName(err) }); } } @@ -200,12 +243,15 @@ inline fn proxyWithFailover( log.debug("[W{d}] Failing over to backend {d}", .{ state.worker_id, failover_idx + 1 }); metrics.global_metrics.recordFailover(); + trace_span.addEvent("failover_started"); + trace_span.setIntAttribute("lb.failover_backend", @intCast(failover_idx)); const failover_u32: u32 = @intCast(failover_idx); if (state.getSharedBackend(failover_idx)) |shared_backend| { - if (streamingProxyShared(ctx, shared_backend, failover_u32, state)) |response| { + if (streamingProxyShared(ctx, shared_backend, failover_u32, state, trace_span)) |response| { state.recordSuccess(failover_idx); + trace_span.setIntAttribute("http.status_code", 200); return response; } else |failover_err| { // GOAWAY exhaustion is NOT a backend failure @@ -222,8 +268,9 @@ inline fn proxyWithFailover( } else { const backends = state.backends; const backend = &backends.items[failover_idx]; - if (streamingProxy(ctx, backend, failover_u32, state)) |response| { + if (streamingProxy(ctx, backend, failover_u32, state, trace_span)) |response| { state.recordSuccess(failover_idx); + trace_span.setIntAttribute("http.status_code", 200); return response; } else |failover_err| { // GOAWAY exhaustion is NOT a backend failure @@ -272,6 +319,7 @@ inline fn streamingProxy( backend: *const types.BackendServer, backend_idx: u32, state: *WorkerState, + trace_span: *telemetry.Span, ) ProxyError!http.Respond { // Prevent bitmap overflow in circuit breaker health tracking. std.debug.assert(backend_idx < MAX_BACKENDS); @@ -302,11 +350,17 @@ inline fn streamingProxy( .body_had_error = false, .client_write_error = false, .backend_wants_close = false, + .trace_span = trace_span, }; return streamingProxyHttp2(ctx, backend, &proxy_state, state, backend_idx, start_ns, req_id); } - // Phase 1: Acquire connection (HTTP/1.1 path only now). + // Phase 1: Acquire connection (HTTP/1.1 path only now) with tracing. + var conn_span = telemetry.startChildSpan(trace_span, "backend_connection", .Client); + conn_span.setStringAttribute("backend.host", backend.getHost()); + conn_span.setIntAttribute("backend.port", @intCast(backend.port)); + conn_span.setBoolAttribute("backend.tls", backend.isHttps()); + var proxy_state = proxy_connection.acquireConnection( types.BackendServer, ctx, @@ -314,14 +368,22 @@ inline fn streamingProxy( backend_idx, state, req_id, + &conn_span, ) catch |err| { + conn_span.setError(@errorName(err)); + conn_span.end(); return err; }; + conn_span.setBoolAttribute("connection.from_pool", proxy_state.from_pool); + conn_span.setOk(); + conn_span.end(); + // Fix pointers after struct copy - TLS connection and stream reader/writer // have internal pointers that become dangling when UltraSock is copied by value. proxy_state.sock.fixAllPointersAfterCopy(ctx.io); proxy_state.tls_conn_ptr = proxy_state.sock.getTlsConnection(); + proxy_state.trace_span = trace_span; // TigerStyle: validate state after acquisition. proxy_state.assertValid(); @@ -331,6 +393,11 @@ inline fn streamingProxy( return streamingProxyHttp2(ctx, backend, &proxy_state, state, backend_idx, start_ns, req_id); } + // Phase 2-5: Backend request/response with tracing + var request_span = telemetry.startChildSpan(trace_span, "backend_request", .Client); + request_span.setStringAttribute("http.method", @tagName(ctx.request.method orelse .GET)); + request_span.setStringAttribute("http.url", ctx.request.uri orelse "/"); + // Phase 2: Send request (HTTP/1.1 path). proxy_request.sendRequest( types.BackendServer, @@ -339,10 +406,14 @@ inline fn streamingProxy( &proxy_state, req_id, ) catch |err| { + request_span.setError(@errorName(err)); + request_span.end(); proxy_state.sock.close_blocking(); return err; }; + request_span.addEvent("request_sent"); + // Phase 3: Read and parse headers. // Safe undefined: buffer fully written by backend read before parsing. var header_buffer: [MAX_HEADER_BYTES]u8 = undefined; @@ -356,10 +427,15 @@ inline fn streamingProxy( &header_end, req_id, ) catch |err| { + request_span.setError(@errorName(err)); + request_span.end(); proxy_state.sock.close_blocking(); return err; }; + request_span.addEvent("headers_received"); + request_span.setIntAttribute("http.status_code", @intCast(proxy_state.status_code)); + // HTTP response must have headers, validate parse succeeded before forwarding. std.debug.assert(header_end > 0); std.debug.assert(header_end <= header_len); @@ -375,13 +451,34 @@ inline fn streamingProxy( msg_len, req_id, ) catch |err| { + request_span.setError(@errorName(err)); + request_span.end(); proxy_state.sock.close_blocking(); return err; }; - // Phase 5: Stream body. + // Phase 5: Stream body with tracing. + var body_span = telemetry.startChildSpan(&request_span, "response_streaming", .Internal); + body_span.setStringAttribute("http.body.type", @tagName(msg_len.type)); + if (msg_len.type == .content_length) { + body_span.setIntAttribute("http.body.expected_length", @intCast(msg_len.length)); + } + proxy_io.streamBody(ctx, &proxy_state, header_end, header_len, msg_len, req_id); + body_span.setIntAttribute("http.body.bytes_transferred", @intCast(proxy_state.bytes_from_backend)); + body_span.setBoolAttribute("http.body.had_error", proxy_state.body_had_error); + if (proxy_state.body_had_error) { + body_span.setError("body_transfer_error"); + } else { + body_span.setOk(); + } + body_span.end(); + + request_span.setIntAttribute("http.response_content_length", @intCast(proxy_state.bytes_from_backend)); + request_span.setOk(); + request_span.end(); + // Phase 6: Finalize and return connection. return streamingProxy_finalize(ctx, &proxy_state, state, backend_idx, start_ns, req_id); } @@ -392,6 +489,7 @@ inline fn streamingProxyShared( backend: *const shared_region.SharedBackend, backend_idx: u32, state: *WorkerState, + trace_span: *telemetry.Span, ) ProxyError!http.Respond { // Prevent bitmap overflow in circuit breaker health tracking. std.debug.assert(backend_idx < MAX_BACKENDS); @@ -424,11 +522,17 @@ inline fn streamingProxyShared( .body_had_error = false, .client_write_error = false, .backend_wants_close = false, + .trace_span = trace_span, }; return streamingProxyHttp2(ctx, backend, &proxy_state, state, backend_idx, start_ns, req_id); } - // Phase 1: Acquire connection (HTTP/1.1 path only now). + // Phase 1: Acquire connection (HTTP/1.1 path only now) with tracing. + var conn_span = telemetry.startChildSpan(trace_span, "backend_connection", .Client); + conn_span.setStringAttribute("backend.host", backend.getHost()); + conn_span.setIntAttribute("backend.port", @intCast(backend.port)); + conn_span.setBoolAttribute("backend.tls", backend.isHttps()); + var proxy_state = proxy_connection.acquireConnection( shared_region.SharedBackend, ctx, @@ -436,14 +540,22 @@ inline fn streamingProxyShared( backend_idx, state, req_id, + &conn_span, ) catch |err| { + conn_span.setError(@errorName(err)); + conn_span.end(); return err; }; + conn_span.setBoolAttribute("connection.from_pool", proxy_state.from_pool); + conn_span.setOk(); + conn_span.end(); + // Fix pointers after struct copy - TLS connection and stream reader/writer // have internal pointers that become dangling when UltraSock is copied by value. proxy_state.sock.fixAllPointersAfterCopy(ctx.io); proxy_state.tls_conn_ptr = proxy_state.sock.getTlsConnection(); + proxy_state.trace_span = trace_span; proxy_state.assertValid(); @@ -452,6 +564,11 @@ inline fn streamingProxyShared( return streamingProxyHttp2(ctx, backend, &proxy_state, state, backend_idx, start_ns, req_id); } + // Phase 2-5: Backend request/response with tracing + var request_span = telemetry.startChildSpan(trace_span, "backend_request", .Client); + request_span.setStringAttribute("http.method", @tagName(ctx.request.method orelse .GET)); + request_span.setStringAttribute("http.url", ctx.request.uri orelse "/"); + // Phase 2: Send request (HTTP/1.1 path). proxy_request.sendRequest( shared_region.SharedBackend, @@ -460,10 +577,14 @@ inline fn streamingProxyShared( &proxy_state, req_id, ) catch |err| { + request_span.setError(@errorName(err)); + request_span.end(); proxy_state.sock.close_blocking(); return err; }; + request_span.addEvent("request_sent"); + // Phase 3-6: Same as regular streamingProxy (backend-agnostic) var header_buffer: [MAX_HEADER_BYTES]u8 = undefined; var header_len: u32 = 0; @@ -476,10 +597,15 @@ inline fn streamingProxyShared( &header_end, req_id, ) catch |err| { + request_span.setError(@errorName(err)); + request_span.end(); proxy_state.sock.close_blocking(); return err; }; + request_span.addEvent("headers_received"); + request_span.setIntAttribute("http.status_code", @intCast(proxy_state.status_code)); + std.debug.assert(header_end > 0); std.debug.assert(header_end <= header_len); @@ -493,12 +619,34 @@ inline fn streamingProxyShared( msg_len, req_id, ) catch |err| { + request_span.setError(@errorName(err)); + request_span.end(); proxy_state.sock.close_blocking(); return err; }; + // Stream body with tracing + var body_span = telemetry.startChildSpan(&request_span, "response_streaming", .Internal); + body_span.setStringAttribute("http.body.type", @tagName(msg_len.type)); + if (msg_len.type == .content_length) { + body_span.setIntAttribute("http.body.expected_length", @intCast(msg_len.length)); + } + proxy_io.streamBody(ctx, &proxy_state, header_end, header_len, msg_len, req_id); + body_span.setIntAttribute("http.body.bytes_transferred", @intCast(proxy_state.bytes_from_backend)); + body_span.setBoolAttribute("http.body.had_error", proxy_state.body_had_error); + if (proxy_state.body_had_error) { + body_span.setError("body_transfer_error"); + } else { + body_span.setOk(); + } + body_span.end(); + + request_span.setIntAttribute("http.response_content_length", @intCast(proxy_state.bytes_from_backend)); + request_span.setOk(); + request_span.end(); + return streamingProxy_finalize(ctx, &proxy_state, state, backend_idx, start_ns, req_id); } @@ -518,9 +666,16 @@ fn forwardH2Response( backend_idx: u32, start_ns: ?std.time.Instant, req_id: u32, + parent_span: *telemetry.Span, ) ProxyError!http.Respond { const body = response.getBody(); + // Create response streaming span + var body_span = telemetry.startChildSpan(parent_span, "response_streaming", .Internal); + defer body_span.end(); + body_span.setStringAttribute("http.body.type", "h2_buffered"); + body_span.setIntAttribute("http.body.length", @intCast(body.len)); + // Update proxy state with response info proxy_state.status_code = response.status; proxy_state.bytes_from_backend = @intCast(body.len); @@ -573,6 +728,10 @@ fn forwardH2Response( metrics.global_metrics.recordRequest(duration_ms, proxy_state.status_code); + // Update span with result + body_span.setIntAttribute("http.body.bytes_written", @intCast(proxy_state.bytes_to_client)); + body_span.setBoolAttribute("http.body.had_error", proxy_state.client_write_error); + // Return response type if (proxy_state.client_write_error) { log.debug("[REQ {d}] => .close (client write error)", .{req_id}); @@ -597,8 +756,23 @@ fn streamingProxyHttp2( ) ProxyError!http.Respond { log.debug("[REQ {d}] HTTP/2 request to backend {d}", .{ req_id, backend_idx }); + // Start HTTP/2 request span if we have a trace context + var h2_span = if (proxy_state.trace_span) |trace_span| + telemetry.startChildSpan(trace_span, "backend_request_h2", .Client) + else + telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + defer h2_span.end(); + + h2_span.setStringAttribute("http.method", @tagName(ctx.request.method orelse .GET)); + h2_span.setStringAttribute("http.url", ctx.request.uri orelse "/"); + h2_span.setStringAttribute("http.flavor", "2.0"); + h2_span.setStringAttribute("backend.host", backend.getFullHost()); + // Get pool (must exist) - const pool = state.h2_pool orelse return ProxyError.ConnectionFailed; + const pool = state.h2_pool orelse { + h2_span.setError("No H2 pool"); + return ProxyError.ConnectionFailed; + }; // Retry loop for TooManyStreams (connection full, not broken) const h2_conn = @import("../http/http2/connection.zig"); @@ -617,11 +791,14 @@ fn streamingProxyHttp2( last_was_goaway = false; // Get or create connection (pool handles everything: TLS, handshake, retry) - const conn = pool.getOrCreate(backend_idx, ctx.io) catch |err| { + const conn = pool.getOrCreate(backend_idx, ctx.io, &h2_span) catch |err| { log.warn("[REQ {d}] H2 pool getOrCreate failed: {}", .{ req_id, err }); + h2_span.setError("Pool getOrCreate failed"); return ProxyError.ConnectionFailed; }; + h2_span.addEvent("connection_acquired"); + // Make request (connection handles: send, reader spawn, await) response = conn.request( @tagName(ctx.request.method orelse .GET), @@ -633,6 +810,7 @@ fn streamingProxyHttp2( if (err == error.TooManyStreams) { // Connection full (all 8 slots busy) - release as healthy and retry log.debug("[REQ {d}] Connection full, retrying...", .{req_id}); + h2_span.addEvent("retry_too_many_streams"); pool.release(conn, true, ctx.io); continue; } @@ -640,12 +818,14 @@ fn streamingProxyHttp2( // GOAWAY received - get fresh connection and retry // NOT a failure - just graceful connection shutdown log.debug("[REQ {d}] GOAWAY, retrying on fresh connection", .{req_id}); + h2_span.addEvent("retry_goaway"); pool.release(conn, false, ctx.io); // Destroy this conn, but NOT a backend failure last_was_goaway = true; continue; } // Other errors - connection is broken log.warn("[REQ {d}] H2 request failed: {}", .{ req_id, err }); + h2_span.setError(@errorName(err)); pool.release(conn, false, ctx.io); return ProxyError.SendFailed; }; @@ -659,6 +839,7 @@ fn streamingProxyHttp2( // GOAWAY exhausted retries - NOT a backend health failure // Server is healthy, just aggressively closing connections under load log.debug("[REQ {d}] GOAWAY exhausted retries (not a failure)", .{req_id}); + h2_span.setError("GOAWAY retries exhausted"); return ProxyError.GoawayRetriesExhausted; } log.warn("[REQ {d}] H2 request failed after {d} retries", .{ req_id, attempts }); @@ -671,8 +852,14 @@ fn streamingProxyHttp2( proxy_state.status_code = response.status; proxy_state.bytes_from_backend = @intCast(response.body.items.len); + // Update span with response info + h2_span.setIntAttribute("http.status_code", @intCast(response.status)); + h2_span.setIntAttribute("http.response_content_length", @intCast(response.body.items.len)); + h2_span.setIntAttribute("h2.retry_count", @intCast(attempts)); + h2_span.setOk(); + // Forward response to client (connection released via defer above) - return forwardH2Response(ctx, proxy_state, &response, backend_idx, start_ns, req_id); + return forwardH2Response(ctx, proxy_state, &response, backend_idx, start_ns, req_id, &h2_span); } // ============================================================================ diff --git a/src/telemetry/mod.zig b/src/telemetry/mod.zig new file mode 100644 index 0000000..d61eaaf --- /dev/null +++ b/src/telemetry/mod.zig @@ -0,0 +1,306 @@ +//! OpenTelemetry Tracing for Load Balancer +//! +//! Provides distributed tracing for request lifecycle using the zig-o11y SDK. +//! +//! Usage: +//! // Initialize at startup with OTLP endpoint +//! try telemetry.init(allocator, "localhost:4318"); +//! defer telemetry.deinit(); +//! +//! // Create root span for request +//! var root_span = telemetry.startServerSpan("proxy_request"); +//! defer root_span.end(); +//! root_span.setStringAttribute("http.method", "GET"); +//! +//! // Create child spans for sub-operations +//! var child = telemetry.startChildSpan(&root_span, "backend_connection", .Client); +//! defer child.end(); +//! child.setStringAttribute("backend.host", "127.0.0.1"); + +const std = @import("std"); +const otel = @import("opentelemetry"); +const context = otel.api.context; + +const log = std.log.scoped(.telemetry); + +/// Global telemetry state +var global_state: ?*TelemetryState = null; + +const TelemetryState = struct { + allocator: std.mem.Allocator, + config: *otel.otlp.ConfigOptions, + exporter: *otel.trace.OTLPExporter, + processor: otel.trace.SimpleProcessor, + provider: *otel.trace.TracerProvider, + tracer: *otel.api.trace.TracerImpl, + prng: *std.Random.DefaultPrng, // Keep PRNG alive on heap +}; + +/// Initialize the telemetry system with an OTLP endpoint. +/// Endpoint should be in "host:port" format (e.g., "localhost:4318"). +pub fn init(allocator: std.mem.Allocator, endpoint: []const u8) !void { + if (global_state != null) { + log.warn("Telemetry already initialized", .{}); + return; + } + + const state = try allocator.create(TelemetryState); + errdefer allocator.destroy(state); + + // Create OTLP config + const config = try otel.otlp.ConfigOptions.init(allocator); + errdefer config.deinit(); + config.endpoint = endpoint; + config.scheme = .http; // Jaeger OTLP uses HTTP by default + config.protocol = .http_protobuf; // OTLP uses protobuf over HTTP + + // Create OTLP exporter with service name + const exporter = try otel.trace.OTLPExporter.initWithServiceName(allocator, config, "zzz-load-balancer"); + errdefer exporter.deinit(); + + // Create random ID generator with heap-allocated PRNG for persistent state + const nanos: i128 = otel.compat.nanoTimestamp(); + const seed: u64 = @intFromPtr(state) ^ @as(u64, @truncate(@intFromPtr(&allocator))) ^ @as(u64, @truncate(@as(u128, @bitCast(nanos)))); + const prng = try allocator.create(std.Random.DefaultPrng); + errdefer allocator.destroy(prng); + prng.* = std.Random.DefaultPrng.init(seed); + const random_gen = otel.trace.RandomIDGenerator.init(prng.random()); + const id_gen = otel.trace.IDGenerator{ .Random = random_gen }; + + // Create tracer provider + const provider = try otel.trace.TracerProvider.init(allocator, id_gen); + errdefer provider.shutdown(); + + // Create simple processor - exports spans immediately (synchronously) + // Store it in state FIRST so the pointer is stable + state.processor = otel.trace.SimpleProcessor.init(allocator, exporter.asSpanExporter()); + + // Add the processor to the provider - use pointer to state.processor, not a stack copy + try provider.addSpanProcessor(state.processor.asSpanProcessor()); + + // Get a tracer for the load balancer + const tracer = try provider.getTracer(.{ + .name = "zzz-load-balancer", + .version = "0.1.0", + }); + + // Set remaining state fields (processor already set above) + state.allocator = allocator; + state.config = config; + state.exporter = exporter; + state.provider = provider; + state.tracer = tracer; + state.prng = prng; + + global_state = state; + + log.info("Telemetry initialized with endpoint: {s}", .{endpoint}); +} + +/// Shutdown the telemetry system +pub fn deinit() void { + const state = global_state orelse return; + const allocator = state.allocator; + + // Shutdown provider (which shuts down processors and exports pending spans) + state.provider.shutdown(); + + // Clean up config and exporter + state.exporter.deinit(); + state.config.deinit(); + + // Clean up PRNG + allocator.destroy(state.prng); + + allocator.destroy(state); + global_state = null; + + log.info("Telemetry shutdown complete", .{}); +} + +/// Check if telemetry is enabled +pub fn isEnabled() bool { + return global_state != null; +} + +/// Span kind for creating spans +pub const SpanKind = enum { + Server, + Client, + Internal, +}; + +/// Span wrapper for easier use with parent-child relationships +pub const Span = struct { + inner: ?otel.api.trace.Span, + tracer: ?*otel.api.trace.TracerImpl, + allocator: std.mem.Allocator, + parent_ctx: ?context.Context, + + const Self = @This(); + + /// Set a string attribute on the span + pub fn setStringAttribute(self: *Self, key: []const u8, value: []const u8) void { + if (self.inner) |*span| { + span.setAttribute(key, .{ .string = value }) catch {}; + } + } + + /// Set an integer attribute on the span + pub fn setIntAttribute(self: *Self, key: []const u8, value: i64) void { + if (self.inner) |*span| { + span.setAttribute(key, .{ .int = value }) catch {}; + } + } + + /// Set a boolean attribute on the span + pub fn setBoolAttribute(self: *Self, key: []const u8, value: bool) void { + if (self.inner) |*span| { + span.setAttribute(key, .{ .bool = value }) catch {}; + } + } + + /// Add an event to the span + pub fn addEvent(self: *Self, name: []const u8) void { + if (self.inner) |*span| { + span.addEvent(name, null, null) catch {}; + } + } + + /// Set the span status to error with a message + pub fn setError(self: *Self, message: []const u8) void { + if (self.inner) |*span| { + span.setStatus(.{ .code = .Error, .description = message }); + } + } + + /// Set the span status to OK + pub fn setOk(self: *Self) void { + if (self.inner) |*span| { + span.setStatus(.{ .code = .Ok, .description = "" }); + } + } + + /// Get this span's context for creating child spans + pub fn getContext(self: *Self) ?context.Context { + if (self.inner) |*span| { + const span_context = span.getContext(); + return otel.api.trace.insertSpanContext(self.allocator, span_context) catch null; + } + return null; + } + + /// End the span and clean up context + pub fn end(self: *Self) void { + if (self.inner) |*span| { + if (self.tracer) |tracer| { + tracer.endSpan(span); + } + span.deinit(); + } + // Clean up parent context if we created one + if (self.parent_ctx) |*ctx| { + otel.api.trace.freeSerializedSpanContext(self.allocator, ctx.*); + ctx.deinit(); + } + self.inner = null; + self.parent_ctx = null; + } +}; + +/// Start a new server span (for incoming requests) +pub fn startServerSpan(name: []const u8) Span { + const state = global_state orelse return Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + + const span = state.tracer.startSpan(state.allocator, name, .{ + .kind = .Server, + }) catch |err| { + log.debug("Failed to start span: {}", .{err}); + return Span{ .inner = null, .tracer = null, .allocator = state.allocator, .parent_ctx = null }; + }; + + return Span{ + .inner = span, + .tracer = state.tracer, + .allocator = state.allocator, + .parent_ctx = null, + }; +} + +/// Start a new client span (for outgoing requests to backends) +pub fn startClientSpan(name: []const u8) Span { + const state = global_state orelse return Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + + const span = state.tracer.startSpan(state.allocator, name, .{ + .kind = .Client, + }) catch |err| { + log.debug("Failed to start span: {}", .{err}); + return Span{ .inner = null, .tracer = null, .allocator = state.allocator, .parent_ctx = null }; + }; + + return Span{ + .inner = span, + .tracer = state.tracer, + .allocator = state.allocator, + .parent_ctx = null, + }; +} + +/// Start a new internal span +pub fn startInternalSpan(name: []const u8) Span { + const state = global_state orelse return Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + + const span = state.tracer.startSpan(state.allocator, name, .{ + .kind = .Internal, + }) catch |err| { + log.debug("Failed to start span: {}", .{err}); + return Span{ .inner = null, .tracer = null, .allocator = state.allocator, .parent_ctx = null }; + }; + + return Span{ + .inner = span, + .tracer = state.tracer, + .allocator = state.allocator, + .parent_ctx = null, + }; +} + +/// Start a child span with a parent span +pub fn startChildSpan(parent: *Span, name: []const u8, kind: SpanKind) Span { + const state = global_state orelse return Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + + // Get parent context + const parent_ctx = parent.getContext() orelse { + // If no parent context, create a standalone span + return switch (kind) { + .Server => startServerSpan(name), + .Client => startClientSpan(name), + .Internal => startInternalSpan(name), + }; + }; + + const otel_kind: otel.api.trace.SpanKind = switch (kind) { + .Server => .Server, + .Client => .Client, + .Internal => .Internal, + }; + + const span = state.tracer.startSpan(state.allocator, name, .{ + .kind = otel_kind, + .parent_context = parent_ctx, + }) catch |err| { + log.debug("Failed to start child span: {}", .{err}); + // Clean up parent context on failure + var ctx_copy = parent_ctx; + otel.api.trace.freeSerializedSpanContext(state.allocator, ctx_copy); + ctx_copy.deinit(); + return Span{ .inner = null, .tracer = null, .allocator = state.allocator, .parent_ctx = null }; + }; + + return Span{ + .inner = span, + .tracer = state.tracer, + .allocator = state.allocator, + .parent_ctx = parent_ctx, + }; +} diff --git a/vendor/otel b/vendor/otel new file mode 160000 index 0000000..b03dc06 --- /dev/null +++ b/vendor/otel @@ -0,0 +1 @@ +Subproject commit b03dc06be8f10373d793694b5766413cae9ab4e0 diff --git a/vendor/otel-proto b/vendor/otel-proto new file mode 160000 index 0000000..a4cb1ce --- /dev/null +++ b/vendor/otel-proto @@ -0,0 +1 @@ +Subproject commit a4cb1cece1ba93f0258de091ba826c2bbe025c7b diff --git a/vendor/protobuf b/vendor/protobuf new file mode 160000 index 0000000..2828be0 --- /dev/null +++ b/vendor/protobuf @@ -0,0 +1 @@ +Subproject commit 2828be045c5f3e55c6f3f239c2ec40bc480a26ca From d6dd4fa2e40ea16e9f059e090a91034af983cb0c Mon Sep 17 00:00:00 2001 From: "Parrin, N.D. (Nicholas)" Date: Fri, 26 Dec 2025 17:07:56 +0100 Subject: [PATCH 2/9] wip --- ...2025-12-26-opentelemetry-tracing-design.md | 51 +++++++++++++++---- src/proxy/handler.zig | 21 +++++--- src/telemetry/mod.zig | 34 ++++++++++--- 3 files changed, 83 insertions(+), 23 deletions(-) diff --git a/docs/plans/2025-12-26-opentelemetry-tracing-design.md b/docs/plans/2025-12-26-opentelemetry-tracing-design.md index 1b142fb..fe4c09a 100644 --- a/docs/plans/2025-12-26-opentelemetry-tracing-design.md +++ b/docs/plans/2025-12-26-opentelemetry-tracing-design.md @@ -30,7 +30,7 @@ ## Span Hierarchy (Implemented) -### HTTP/2 (HTTPS) Path +### HTTP/2 (HTTPS) Path - New Connection (8 spans) ``` proxy_request (root, SERVER span) ├─ http.method, http.url, http.status_code @@ -46,19 +46,19 @@ proxy_request (root, SERVER span) ├─ http.status_code, http.response_content_length ├─ h2.retry_count │ - ├── dns_resolution (INTERNAL) + ├── dns_resolution (INTERNAL) ← only on new connection │ └─ dns.hostname │ - ├── tcp_connect (INTERNAL) + ├── tcp_connect (INTERNAL) ← only on new connection │ ├─ net.peer.name │ └─ net.peer.port │ - ├── tls_handshake (INTERNAL) + ├── tls_handshake (INTERNAL) ← only on new connection │ ├─ tls.server_name │ ├─ tls.cipher │ └─ tls.alpn │ - ├── h2_handshake (INTERNAL) + ├── h2_handshake (INTERNAL) ← only on new connection │ └─ HTTP/2 preface + SETTINGS exchange │ └── response_streaming (INTERNAL) @@ -68,7 +68,17 @@ proxy_request (root, SERVER span) └─ http.body.had_error ``` -### HTTP/1.1 Path +### HTTP/2 (HTTPS) Path - Reused Connection (4 spans) +``` +proxy_request (root, SERVER span) +├── backend_selection (INTERNAL) +└── backend_request_h2 (CLIENT) + └── response_streaming (INTERNAL) +``` +Connection spans (dns, tcp, tls, h2_handshake) only appear when creating fresh connections. +H2 multiplexing reuses existing connections for subsequent requests. + +### HTTP/1.1 Path - New Connection ``` proxy_request (root, SERVER span) ├─ http.method, http.url, http.status_code @@ -78,14 +88,14 @@ proxy_request (root, SERVER span) │ ├── backend_connection (INTERNAL) │ │ -│ ├── dns_resolution (INTERNAL) +│ ├── dns_resolution (INTERNAL) ← only on new connection │ │ └─ dns.hostname │ │ -│ ├── tcp_connect (INTERNAL) +│ ├── tcp_connect (INTERNAL) ← only on new connection │ │ ├─ net.peer.name │ │ └─ net.peer.port │ │ -│ └── tls_handshake (INTERNAL, if HTTPS) +│ └── tls_handshake (INTERNAL, if HTTPS) ← only on new connection │ ├─ tls.server_name, tls.cipher, tls.alpn │ ├── backend_request (CLIENT) @@ -222,3 +232,26 @@ open http://localhost:16686 - Response streaming spans - Proper parent-child span relationships - Span attributes following OpenTelemetry semantic conventions + +## Performance Characteristics + +**Non-blocking Architecture:** +- Uses `BatchingProcessor` with background export thread +- Request path: quick span clone + queue append (~microseconds) +- Background thread: batched HTTP export every 5s or 512 spans +- Request handling never blocks on OTLP HTTP export + +**SDK Fixes Applied:** +- Added `Span.clone()` for deep copying (attributes, events, links) +- `BatchingProcessor.onEnd()` deep clones spans to take ownership +- Prevents use-after-free when original span is cleaned up +- Mutex unlocked during HTTP export for concurrency + +**Configuration:** +```zig +BatchingProcessor.init(allocator, exporter, .{ + .max_queue_size = 2048, // Max spans in queue + .scheduled_delay_millis = 5000, // Export every 5 seconds + .max_export_batch_size = 512, // Or when 512 spans accumulated +}); +``` diff --git a/src/proxy/handler.zig b/src/proxy/handler.zig index bd093a9..3fbb5e1 100644 --- a/src/proxy/handler.zig +++ b/src/proxy/handler.zig @@ -55,6 +55,7 @@ pub const ProxyError = error{ ReadFailed, Timeout, EmptyResponse, + PoolExhausted, // Local resource issue, not a backend failure InvalidResponse, /// HTTP/2 GOAWAY exhausted retries - NOT a backend health failure /// Server gracefully closed connection, just need fresh connection @@ -212,8 +213,8 @@ inline fn proxyWithFailover( trace_span.setIntAttribute("http.status_code", 200); return response; } else |err| { - // GOAWAY exhaustion is NOT a backend failure - just connection-level flow control - if (err != ProxyError.GoawayRetriesExhausted) { + // GOAWAY/PoolExhausted are NOT backend failures - just connection-level issues + if (err != ProxyError.GoawayRetriesExhausted and err != ProxyError.PoolExhausted) { state.recordFailure(primary_idx); } trace_span.addEvent("primary_backend_failed"); @@ -227,8 +228,8 @@ inline fn proxyWithFailover( trace_span.setIntAttribute("http.status_code", 200); return response; } else |err| { - // GOAWAY exhaustion is NOT a backend failure - just connection-level flow control - if (err != ProxyError.GoawayRetriesExhausted) { + // GOAWAY/PoolExhausted are NOT backend failures - just connection-level issues + if (err != ProxyError.GoawayRetriesExhausted and err != ProxyError.PoolExhausted) { state.recordFailure(primary_idx); } trace_span.addEvent("primary_backend_failed"); @@ -254,8 +255,8 @@ inline fn proxyWithFailover( trace_span.setIntAttribute("http.status_code", 200); return response; } else |failover_err| { - // GOAWAY exhaustion is NOT a backend failure - if (failover_err != ProxyError.GoawayRetriesExhausted) { + // GOAWAY/PoolExhausted are NOT backend failures + if (failover_err != ProxyError.GoawayRetriesExhausted and failover_err != ProxyError.PoolExhausted) { state.recordFailure(failover_idx); } const err_name = @errorName(failover_err); @@ -273,8 +274,8 @@ inline fn proxyWithFailover( trace_span.setIntAttribute("http.status_code", 200); return response; } else |failover_err| { - // GOAWAY exhaustion is NOT a backend failure - if (failover_err != ProxyError.GoawayRetriesExhausted) { + // GOAWAY/PoolExhausted are NOT backend failures + if (failover_err != ProxyError.GoawayRetriesExhausted and failover_err != ProxyError.PoolExhausted) { state.recordFailure(failover_idx); } const err_name = @errorName(failover_err); @@ -794,6 +795,10 @@ fn streamingProxyHttp2( const conn = pool.getOrCreate(backend_idx, ctx.io, &h2_span) catch |err| { log.warn("[REQ {d}] H2 pool getOrCreate failed: {}", .{ req_id, err }); h2_span.setError("Pool getOrCreate failed"); + // PoolExhausted is a local resource issue, not a backend failure + if (err == error.PoolExhausted) { + return ProxyError.PoolExhausted; + } return ProxyError.ConnectionFailed; }; diff --git a/src/telemetry/mod.zig b/src/telemetry/mod.zig index d61eaaf..0740fb3 100644 --- a/src/telemetry/mod.zig +++ b/src/telemetry/mod.zig @@ -30,7 +30,7 @@ const TelemetryState = struct { allocator: std.mem.Allocator, config: *otel.otlp.ConfigOptions, exporter: *otel.trace.OTLPExporter, - processor: otel.trace.SimpleProcessor, + processor: *otel.trace.BatchingProcessor, // Background thread, non-blocking provider: *otel.trace.TracerProvider, tracer: *otel.api.trace.TracerImpl, prng: *std.Random.DefaultPrng, // Keep PRNG alive on heap @@ -39,6 +39,10 @@ const TelemetryState = struct { /// Initialize the telemetry system with an OTLP endpoint. /// Endpoint should be in "host:port" format (e.g., "localhost:4318"). pub fn init(allocator: std.mem.Allocator, endpoint: []const u8) !void { + // TigerBeetle: validate inputs + std.debug.assert(endpoint.len > 0); + std.debug.assert(endpoint.len < 256); // Reasonable endpoint length + if (global_state != null) { log.warn("Telemetry already initialized", .{}); return; @@ -71,12 +75,21 @@ pub fn init(allocator: std.mem.Allocator, endpoint: []const u8) !void { const provider = try otel.trace.TracerProvider.init(allocator, id_gen); errdefer provider.shutdown(); - // Create simple processor - exports spans immediately (synchronously) - // Store it in state FIRST so the pointer is stable - state.processor = otel.trace.SimpleProcessor.init(allocator, exporter.asSpanExporter()); + // Create batching processor - exports spans in background thread (non-blocking) + // Config: batch up to 512 spans, export every 5 seconds or when batch full + const processor = try otel.trace.BatchingProcessor.init(allocator, exporter.asSpanExporter(), .{ + .max_queue_size = 2048, + .scheduled_delay_millis = 5000, // Export every 5 seconds + .max_export_batch_size = 512, // Or when 512 spans accumulated + }); + errdefer { + processor.asSpanProcessor().shutdown() catch {}; + processor.deinit(); + } - // Add the processor to the provider - use pointer to state.processor, not a stack copy - try provider.addSpanProcessor(state.processor.asSpanProcessor()); + // Add the processor to the provider + try provider.addSpanProcessor(processor.asSpanProcessor()); + state.processor = processor; // Get a tracer for the load balancer const tracer = try provider.getTracer(.{ @@ -98,6 +111,7 @@ pub fn init(allocator: std.mem.Allocator, endpoint: []const u8) !void { } /// Shutdown the telemetry system +/// Flushes pending spans and waits for background thread to complete. pub fn deinit() void { const state = global_state orelse return; const allocator = state.allocator; @@ -105,6 +119,10 @@ pub fn deinit() void { // Shutdown provider (which shuts down processors and exports pending spans) state.provider.shutdown(); + // Shutdown and cleanup batching processor (waits for background thread) + state.processor.asSpanProcessor().shutdown() catch {}; + state.processor.deinit(); + // Clean up config and exporter state.exporter.deinit(); state.config.deinit(); @@ -267,6 +285,10 @@ pub fn startInternalSpan(name: []const u8) Span { /// Start a child span with a parent span pub fn startChildSpan(parent: *Span, name: []const u8, kind: SpanKind) Span { + // TigerBeetle: validate inputs + std.debug.assert(name.len > 0); + std.debug.assert(name.len < 128); // Reasonable span name length + const state = global_state orelse return Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; // Get parent context From da729f7e8fbb56306d56e48b7f68862bcde9587c Mon Sep 17 00:00:00 2001 From: "Parrin, N.D. (Nicholas)" Date: Fri, 26 Dec 2025 17:51:42 +0100 Subject: [PATCH 3/9] wip: performance --- src/http/http2/pool.zig | 2 +- src/http/ultra_sock.zig | 10 ++++---- src/proxy/handler.zig | 2 +- src/telemetry/mod.zig | 51 +++++++++++++++-------------------------- 4 files changed, 25 insertions(+), 40 deletions(-) diff --git a/src/http/http2/pool.zig b/src/http/http2/pool.zig index 31b5985..358dff6 100644 --- a/src/http/http2/pool.zig +++ b/src/http/http2/pool.zig @@ -211,7 +211,7 @@ pub const H2ConnectionPool = struct { var h2_handshake_span = if (trace_span) |parent| telemetry.startChildSpan(parent, "h2_handshake", .Internal) else - telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined }; defer h2_handshake_span.end(); try conn.connect(io); h2_handshake_span.setOk(); diff --git a/src/http/ultra_sock.zig b/src/http/ultra_sock.zig index 7cbcdbb..6a5248d 100644 --- a/src/http/ultra_sock.zig +++ b/src/http/ultra_sock.zig @@ -105,7 +105,7 @@ pub const UltraSock = struct { var dns_span = if (self.trace_span) |parent| telemetry.startChildSpan(parent, "dns_resolution", .Internal) else - telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined }; defer dns_span.end(); dns_span.setStringAttribute("dns.hostname", self.host); @@ -132,7 +132,7 @@ pub const UltraSock = struct { var tcp_span = if (self.trace_span) |parent| telemetry.startChildSpan(parent, "tcp_connect", .Internal) else - telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined }; defer tcp_span.end(); tcp_span.setStringAttribute("net.peer.name", self.host); tcp_span.setIntAttribute("net.peer.port", @intCast(self.port)); @@ -190,7 +190,7 @@ pub const UltraSock = struct { var dns_span = if (self.trace_span) |parent| telemetry.startChildSpan(parent, "dns_resolution", .Internal) else - telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined }; defer dns_span.end(); dns_span.setStringAttribute("dns.hostname", self.host); @@ -217,7 +217,7 @@ pub const UltraSock = struct { var tcp_span = if (self.trace_span) |parent| telemetry.startChildSpan(parent, "tcp_connect", .Internal) else - telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined }; defer tcp_span.end(); tcp_span.setStringAttribute("net.peer.name", self.host); tcp_span.setIntAttribute("net.peer.port", @intCast(self.port)); @@ -350,7 +350,7 @@ pub const UltraSock = struct { var tls_span = if (self.trace_span) |parent| telemetry.startChildSpan(parent, "tls_handshake", .Internal) else - telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined }; defer tls_span.end(); tls_span.setStringAttribute("tls.server_name", self.host); diff --git a/src/proxy/handler.zig b/src/proxy/handler.zig index 3fbb5e1..528fd3a 100644 --- a/src/proxy/handler.zig +++ b/src/proxy/handler.zig @@ -761,7 +761,7 @@ fn streamingProxyHttp2( var h2_span = if (proxy_state.trace_span) |trace_span| telemetry.startChildSpan(trace_span, "backend_request_h2", .Client) else - telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + telemetry.Span{ .inner = null, .tracer = null, .allocator = undefined }; defer h2_span.end(); h2_span.setStringAttribute("http.method", @tagName(ctx.request.method orelse .GET)); diff --git a/src/telemetry/mod.zig b/src/telemetry/mod.zig index 0740fb3..1c8f733 100644 --- a/src/telemetry/mod.zig +++ b/src/telemetry/mod.zig @@ -19,7 +19,6 @@ const std = @import("std"); const otel = @import("opentelemetry"); -const context = otel.api.context; const log = std.log.scoped(.telemetry); @@ -149,11 +148,11 @@ pub const SpanKind = enum { }; /// Span wrapper for easier use with parent-child relationships +/// Optimized to avoid Context serialization allocations pub const Span = struct { inner: ?otel.api.trace.Span, tracer: ?*otel.api.trace.TracerImpl, allocator: std.mem.Allocator, - parent_ctx: ?context.Context, const Self = @This(); @@ -199,16 +198,15 @@ pub const Span = struct { } } - /// Get this span's context for creating child spans - pub fn getContext(self: *Self) ?context.Context { + /// Get this span's SpanContext directly (no allocation) + pub fn getSpanContext(self: *Self) ?otel.api.trace.SpanContext { if (self.inner) |*span| { - const span_context = span.getContext(); - return otel.api.trace.insertSpanContext(self.allocator, span_context) catch null; + return span.getContext(); } return null; } - /// End the span and clean up context + /// End the span pub fn end(self: *Self) void { if (self.inner) |*span| { if (self.tracer) |tracer| { @@ -216,83 +214,74 @@ pub const Span = struct { } span.deinit(); } - // Clean up parent context if we created one - if (self.parent_ctx) |*ctx| { - otel.api.trace.freeSerializedSpanContext(self.allocator, ctx.*); - ctx.deinit(); - } self.inner = null; - self.parent_ctx = null; } }; /// Start a new server span (for incoming requests) pub fn startServerSpan(name: []const u8) Span { - const state = global_state orelse return Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + const state = global_state orelse return Span{ .inner = null, .tracer = null, .allocator = undefined }; const span = state.tracer.startSpan(state.allocator, name, .{ .kind = .Server, }) catch |err| { log.debug("Failed to start span: {}", .{err}); - return Span{ .inner = null, .tracer = null, .allocator = state.allocator, .parent_ctx = null }; + return Span{ .inner = null, .tracer = null, .allocator = state.allocator }; }; return Span{ .inner = span, .tracer = state.tracer, .allocator = state.allocator, - .parent_ctx = null, }; } /// Start a new client span (for outgoing requests to backends) pub fn startClientSpan(name: []const u8) Span { - const state = global_state orelse return Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + const state = global_state orelse return Span{ .inner = null, .tracer = null, .allocator = undefined }; const span = state.tracer.startSpan(state.allocator, name, .{ .kind = .Client, }) catch |err| { log.debug("Failed to start span: {}", .{err}); - return Span{ .inner = null, .tracer = null, .allocator = state.allocator, .parent_ctx = null }; + return Span{ .inner = null, .tracer = null, .allocator = state.allocator }; }; return Span{ .inner = span, .tracer = state.tracer, .allocator = state.allocator, - .parent_ctx = null, }; } /// Start a new internal span pub fn startInternalSpan(name: []const u8) Span { - const state = global_state orelse return Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + const state = global_state orelse return Span{ .inner = null, .tracer = null, .allocator = undefined }; const span = state.tracer.startSpan(state.allocator, name, .{ .kind = .Internal, }) catch |err| { log.debug("Failed to start span: {}", .{err}); - return Span{ .inner = null, .tracer = null, .allocator = state.allocator, .parent_ctx = null }; + return Span{ .inner = null, .tracer = null, .allocator = state.allocator }; }; return Span{ .inner = span, .tracer = state.tracer, .allocator = state.allocator, - .parent_ctx = null, }; } -/// Start a child span with a parent span +/// Start a child span with a parent span (fast path - no Context allocation) pub fn startChildSpan(parent: *Span, name: []const u8, kind: SpanKind) Span { // TigerBeetle: validate inputs std.debug.assert(name.len > 0); std.debug.assert(name.len < 128); // Reasonable span name length - const state = global_state orelse return Span{ .inner = null, .tracer = null, .allocator = undefined, .parent_ctx = null }; + const state = global_state orelse return Span{ .inner = null, .tracer = null, .allocator = undefined }; - // Get parent context - const parent_ctx = parent.getContext() orelse { + // Get parent SpanContext directly (no allocation!) + const parent_span_ctx = parent.getSpanContext() orelse { // If no parent context, create a standalone span return switch (kind) { .Server => startServerSpan(name), @@ -307,22 +296,18 @@ pub fn startChildSpan(parent: *Span, name: []const u8, kind: SpanKind) Span { .Internal => .Internal, }; + // Use parent_span_context (fast path) instead of parent_context (slow path) const span = state.tracer.startSpan(state.allocator, name, .{ .kind = otel_kind, - .parent_context = parent_ctx, + .parent_span_context = parent_span_ctx, }) catch |err| { log.debug("Failed to start child span: {}", .{err}); - // Clean up parent context on failure - var ctx_copy = parent_ctx; - otel.api.trace.freeSerializedSpanContext(state.allocator, ctx_copy); - ctx_copy.deinit(); - return Span{ .inner = null, .tracer = null, .allocator = state.allocator, .parent_ctx = null }; + return Span{ .inner = null, .tracer = null, .allocator = state.allocator }; }; return Span{ .inner = span, .tracer = state.tracer, .allocator = state.allocator, - .parent_ctx = parent_ctx, }; } From e52152d4ae208c3a3355a03ebcdf20f05fce1b55 Mon Sep 17 00:00:00 2001 From: "Parrin, N.D. (Nicholas)" Date: Fri, 26 Dec 2025 20:44:30 +0100 Subject: [PATCH 4/9] otel --- build.zig | 15 ++ docker-compose.yml | 15 ++ main.zig | 6 + src/http/http2/pool.zig | 2 +- tests/__pycache__/h2_backend.cpython-314.pyc | Bin 2324 -> 2324 bytes tests/fixtures/mock_otlp_collector.zig | 226 +++++++++++++++++++ tests/integration_test.zig | 2 + tests/process_manager.zig | 96 ++++++++ tests/suites/otel.zig | 138 +++++++++++ tests/test_utils.zig | 41 ++++ 10 files changed, 540 insertions(+), 1 deletion(-) create mode 100644 tests/fixtures/mock_otlp_collector.zig create mode 100644 tests/suites/otel.zig diff --git a/build.zig b/build.zig index a107df7..45e1a2a 100644 --- a/build.zig +++ b/build.zig @@ -78,6 +78,19 @@ pub fn build(b: *std.Build) void { }); const build_test_backend_echo = b.addInstallArtifact(test_backend_echo, .{}); + // Mock OTLP collector (receives traces for integration tests) + const mock_otlp_collector_mod = b.createModule(.{ + .root_source_file = b.path("tests/fixtures/mock_otlp_collector.zig"), + .target = target, + .optimize = optimize, + }); + mock_otlp_collector_mod.addImport("zzz", zzz_module); + const mock_otlp_collector = b.addExecutable(.{ + .name = "mock_otlp_collector", + .root_module = mock_otlp_collector_mod, + }); + const build_mock_otlp_collector = b.addInstallArtifact(mock_otlp_collector, .{}); + // Sanitizer option for debugging const sanitize_thread = b.option(bool, "sanitize-thread", "Enable Thread Sanitizer") orelse false; @@ -129,6 +142,7 @@ pub fn build(b: *std.Build) void { }); const run_integration_exe = b.addRunArtifact(integration_exe); run_integration_exe.step.dependOn(&build_test_backend_echo.step); + run_integration_exe.step.dependOn(&build_mock_otlp_collector.step); run_integration_exe.step.dependOn(&build_load_balancer.step); const integration_test_step = b.step("test-integration", "Run integration tests"); @@ -140,6 +154,7 @@ pub fn build(b: *std.Build) void { build_all.dependOn(&build_backend2.step); build_all.dependOn(&build_backend_proxy.step); build_all.dependOn(&build_test_backend_echo.step); + build_all.dependOn(&build_mock_otlp_collector.step); build_all.dependOn(&build_load_balancer.step); const test_step = b.step("test", "Run unit tests"); diff --git a/docker-compose.yml b/docker-compose.yml index 846ed6a..bd2aaea 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,6 +6,18 @@ networks: - subnet: 172.28.0.0/16 services: + jaeger: + image: jaegertracing/all-in-one:latest + ports: + - "4317:4317" # OTLP gRPC + - "4318:4318" # OTLP HTTP + - "16686:16686" # Web UI + networks: + lb_net: + ipv4_address: 172.28.0.10 + environment: + - COLLECTOR_OTLP_ENABLED=true + backend1: build: . command: ["./zig-out/bin/backend1"] @@ -49,6 +61,8 @@ services: "172.28.0.2:9001", "--backend", "172.28.0.3:9002", + "--otel-endpoint", + "172.28.0.10:4317", ] ports: - "8080:8080" @@ -56,6 +70,7 @@ services: lb_net: ipv4_address: 172.28.0.4 depends_on: + - jaeger - backend1 - backend2 security_opt: diff --git a/main.zig b/main.zig index 9b5d03d..7bfc70c 100644 --- a/main.zig +++ b/main.zig @@ -698,6 +698,9 @@ fn workerMain( defer mp_server.deinit(); try mp_server.serve(io, &router, &socket); + + // Clean up H2 connection pool on shutdown + h2_pool_new.deinit(io); } // ============================================================================ @@ -846,6 +849,9 @@ fn runSingleProcess(parent_allocator: std.mem.Allocator, config: Config) !void { defer sp_server.deinit(); try sp_server.serve(io, &router, &socket); + + // Clean up H2 connection pool on shutdown + h2_pool_sp.deinit(io); } fn setupSignalHandlers() void { diff --git a/src/http/http2/pool.zig b/src/http/http2/pool.zig index 358dff6..2808d78 100644 --- a/src/http/http2/pool.zig +++ b/src/http/http2/pool.zig @@ -21,7 +21,7 @@ const TlsOptions = ultra_sock_mod.TlsOptions; const BackendServer = @import("../../core/types.zig").BackendServer; const telemetry = @import("../../telemetry/mod.zig"); -const MAX_CONNECTIONS_PER_BACKEND: usize = 16; +const MAX_CONNECTIONS_PER_BACKEND: usize = 32; const MAX_BACKENDS: usize = 64; /// Idle timeout for connections (30 seconds in nanoseconds) diff --git a/tests/__pycache__/h2_backend.cpython-314.pyc b/tests/__pycache__/h2_backend.cpython-314.pyc index b54c7a3da47826ce6d4e79abb492f0b74340cb2f..99dae5fd92396958ae180c69ad857e58ec49764f 100644 GIT binary patch delta 20 acmbOtG)0J8n~#@^0SF#!_S?wK$q4`~h6Gmt delta 20 acmbOtG)0J8n~#@^0SHo$`)=gs 0) try json.appendSlice(allocator, ","); + + try json.appendSlice(allocator, "{\"sequence\":"); + var seq_buf: [32]u8 = undefined; + const seq_str = try std.fmt.bufPrint(&seq_buf, "{d}", .{trace.sequence}); + try json.appendSlice(allocator, seq_str); + + try json.appendSlice(allocator, ",\"body_size\":"); + var size_buf: [16]u8 = undefined; + const size_str = try std.fmt.bufPrint(&size_buf, "{d}", .{trace.body_size}); + try json.appendSlice(allocator, size_str); + + // Add hex preview of first few bytes for debugging + try json.appendSlice(allocator, ",\"body_preview_hex\":\""); + const hex_len = @min(trace.body_preview.len, 64); + for (trace.body_preview[0..hex_len]) |byte| { + var hex_buf: [2]u8 = undefined; + _ = std.fmt.bufPrint(&hex_buf, "{x:0>2}", .{byte}) catch continue; + try json.appendSlice(allocator, &hex_buf); + } + try json.appendSlice(allocator, "\"}"); + } + + try json.appendSlice(allocator, "]}"); + + const response_body = try json.toOwnedSlice(allocator); + + return ctx.response.apply(.{ + .status = .OK, + .mime = http.Mime.JSON, + .body = response_body, + }); +} + +/// Clear stored traces +fn handleClearTraces(ctx: *const Context, _: void) !Respond { + traces_mutex.lock(); + defer traces_mutex.unlock(); + + for (stored_traces.items) |trace| { + trace_allocator.free(trace.body_preview); + } + stored_traces.clearRetainingCapacity(); + trace_sequence = 0; + + log.info("Cleared all stored traces", .{}); + + return ctx.response.apply(.{ + .status = .OK, + .mime = http.Mime.JSON, + .body = "{\"cleared\":true}", + }); +} + +var server: Server = undefined; + +fn shutdown(_: std.c.SIG) callconv(.c) void { + server.stop(); +} + +pub fn main() !void { + const args = try std.process.argsAlloc(std.heap.page_allocator); + defer std.process.argsFree(std.heap.page_allocator, args); + + var port: u16 = 14318; // Default OTLP test port + + // Parse command line arguments + var i: usize = 1; + while (i < args.len) : (i += 1) { + if (std.mem.eql(u8, args[i], "--port") or std.mem.eql(u8, args[i], "-p")) { + if (i + 1 < args.len) { + port = try std.fmt.parseInt(u16, args[i + 1], 10); + i += 1; + } + } + } + + const host: []const u8 = "127.0.0.1"; + + var gpa: std.heap.DebugAllocator(.{}) = .init; + const allocator = gpa.allocator(); + defer _ = gpa.deinit(); + + // Set up trace storage allocator + trace_allocator = allocator; + + // Clean up stored traces on exit + defer { + for (stored_traces.items) |trace| { + trace_allocator.free(trace.body_preview); + } + stored_traces.deinit(trace_allocator); + } + + std.posix.sigaction(std.posix.SIG.TERM, &.{ + .handler = .{ .handler = shutdown }, + .mask = std.posix.sigemptyset(), + .flags = 0, + }, null); + + var threaded: Io.Threaded = .init(allocator); + defer threaded.deinit(); + const io = threaded.io(); + + var router = try Router.init(allocator, &.{ + // OTLP trace endpoint + Route.init("/v1/traces").post({}, handleOtlpTraces).layer(), + // Test verification endpoints + Route.init("/traces").get({}, handleGetTraces).delete({}, handleClearTraces).layer(), + }, .{}); + defer router.deinit(allocator); + + const addr = try Io.net.IpAddress.parse(host, port); + var socket = try addr.listen(io, .{ + .kernel_backlog = 1024, + .reuse_address = true, + }); + defer socket.deinit(io); + + log.info("Mock OTLP Collector listening on {s}:{d}", .{ host, port }); + + server = try Server.init(allocator, .{ + .socket_buffer_bytes = 1024 * 64, // Larger buffer for protobuf data + .keepalive_count_max = null, + .connection_count_max = 128, + }); + defer server.deinit(); + + try server.serve(io, &router, &socket); +} diff --git a/tests/integration_test.zig b/tests/integration_test.zig index afa2e73..09bc277 100644 --- a/tests/integration_test.zig +++ b/tests/integration_test.zig @@ -12,6 +12,7 @@ const headers = @import("suites/headers.zig"); const body = @import("suites/body.zig"); const load_balancing = @import("suites/load_balancing.zig"); const http2 = @import("suites/http2.zig"); +const otel = @import("suites/otel.zig"); pub fn main() !void { var gpa = std.heap.GeneralPurposeAllocator(.{}){}; @@ -28,6 +29,7 @@ pub fn main() !void { body.suite, load_balancing.suite, http2.suite, + otel.suite, }; var suite_failures: usize = 0; diff --git a/tests/process_manager.zig b/tests/process_manager.zig index 8247a1b..c54a268 100644 --- a/tests/process_manager.zig +++ b/tests/process_manager.zig @@ -8,6 +8,7 @@ const posix = std.posix; const test_utils = @import("test_utils.zig"); pub const H2_BACKEND_PORT: u16 = 9443; +pub const OTLP_COLLECTOR_PORT: u16 = 14318; pub const Process = struct { child: std.process.Child, @@ -227,4 +228,99 @@ pub const ProcessManager = struct { p.deinit(); } } + + /// Start mock OTLP collector for telemetry tests + pub fn startOtlpCollector(self: *ProcessManager) !void { + var port_buf: [8]u8 = undefined; + const port_str = try std.fmt.bufPrint(&port_buf, "{d}", .{OTLP_COLLECTOR_PORT}); + + var child = std.process.Child.init( + &.{ "./zig-out/bin/mock_otlp_collector", "--port", port_str }, + self.allocator, + ); + child.stdin_behavior = .Ignore; + child.stdout_behavior = .Ignore; + child.stderr_behavior = .Ignore; + + try child.spawn(); + errdefer { + _ = child.kill() catch {}; + _ = child.wait() catch {}; + } + + try self.processes.append(self.allocator, .{ + .child = child, + .name = try self.allocator.dupe(u8, "mock_otlp_collector"), + .allocator = self.allocator, + }); + + // Wait for port to be ready + try test_utils.waitForPort(OTLP_COLLECTOR_PORT, 10000); + } + + /// Start load balancer with OTLP telemetry enabled + pub fn startLoadBalancerWithOtel(self: *ProcessManager, backend_ports: []const u16) !void { + var args: std.ArrayList([]const u8) = .empty; + defer args.deinit(self.allocator); + + // Track strings we allocate so we can free them + var allocated_strings: std.ArrayList([]const u8) = .empty; + defer { + for (allocated_strings.items) |s| self.allocator.free(s); + allocated_strings.deinit(self.allocator); + } + + try args.append(self.allocator, "./zig-out/bin/load_balancer"); + try args.append(self.allocator, "--port"); + + var lb_port_buf: [8]u8 = undefined; + const lb_port_str = try std.fmt.bufPrint(&lb_port_buf, "{d}", .{test_utils.LB_PORT}); + const lb_port_dup = try self.allocator.dupe(u8, lb_port_str); + try allocated_strings.append(self.allocator, lb_port_dup); + try args.append(self.allocator, lb_port_dup); + + // Use single-process mode for easier testing + try args.append(self.allocator, "--mode"); + try args.append(self.allocator, "sp"); + + // Add OTLP endpoint + try args.append(self.allocator, "--otel-endpoint"); + var otel_buf: [32]u8 = undefined; + const otel_str = try std.fmt.bufPrint(&otel_buf, "127.0.0.1:{d}", .{OTLP_COLLECTOR_PORT}); + const otel_dup = try self.allocator.dupe(u8, otel_str); + try allocated_strings.append(self.allocator, otel_dup); + try args.append(self.allocator, otel_dup); + + for (backend_ports) |port| { + try args.append(self.allocator, "--backend"); + var buf: [32]u8 = undefined; + const backend_str = try std.fmt.bufPrint(&buf, "127.0.0.1:{d}", .{port}); + const backend_dup = try self.allocator.dupe(u8, backend_str); + try allocated_strings.append(self.allocator, backend_dup); + try args.append(self.allocator, backend_dup); + } + + var child = std.process.Child.init(args.items, self.allocator); + child.stdin_behavior = .Ignore; + child.stdout_behavior = .Ignore; + child.stderr_behavior = .Ignore; + + try child.spawn(); + errdefer { + _ = child.kill() catch {}; + _ = child.wait() catch {}; + } + + try self.processes.append(self.allocator, .{ + .child = child, + .name = try self.allocator.dupe(u8, "load_balancer_otel"), + .allocator = self.allocator, + }); + + // Wait for LB port + try test_utils.waitForPort(test_utils.LB_PORT, 10000); + + // Wait for health checks (backends need to be marked healthy) + posix.nanosleep(2, 0); + } }; diff --git a/tests/suites/otel.zig b/tests/suites/otel.zig new file mode 100644 index 0000000..2773872 --- /dev/null +++ b/tests/suites/otel.zig @@ -0,0 +1,138 @@ +//! OpenTelemetry integration tests. +//! +//! Tests that the load balancer correctly exports traces to an OTLP collector. +//! Uses a mock OTLP collector to receive and verify trace data. + +const std = @import("std"); +const harness = @import("../harness.zig"); +const utils = @import("../test_utils.zig"); +const ProcessManager = @import("../process_manager.zig").ProcessManager; + +var pm: ProcessManager = undefined; + +fn beforeAll(allocator: std.mem.Allocator) !void { + pm = ProcessManager.init(allocator); + + // Start mock OTLP collector first + try pm.startOtlpCollector(); + + // Start backend + try pm.startBackend(utils.BACKEND1_PORT, "backend1"); + + // Start load balancer with OTLP endpoint + try pm.startLoadBalancerWithOtel(&.{utils.BACKEND1_PORT}); +} + +fn afterAll(_: std.mem.Allocator) !void { + pm.deinit(); +} + +fn testTracesExported(allocator: std.mem.Allocator) !void { + // Clear any existing traces + try utils.clearOtlpTraces(allocator); + + // Make a request through the load balancer + const response = try utils.httpRequest(allocator, "GET", utils.LB_PORT, "/test/trace", null, null); + defer allocator.free(response); + + // Verify request succeeded + const status = try utils.getResponseStatusCode(response); + try std.testing.expectEqual(@as(u16, 200), status); + + // Wait for traces to be exported (batching processor has delay) + // The BatchingProcessor exports every 5 seconds or when batch is full + try utils.waitForTraces(allocator, 1, 10000); + + // Verify we received at least one trace + const count = try utils.getOtlpTraceCount(allocator); + try std.testing.expect(count >= 1); +} + +fn testMultipleRequestsGenerateTraces(allocator: std.mem.Allocator) !void { + // Clear existing traces + try utils.clearOtlpTraces(allocator); + + // Make multiple requests + const num_requests: usize = 5; + for (0..num_requests) |_| { + const response = try utils.httpRequest(allocator, "GET", utils.LB_PORT, "/api/multi", null, null); + defer allocator.free(response); + + const status = try utils.getResponseStatusCode(response); + try std.testing.expectEqual(@as(u16, 200), status); + } + + // Wait for at least one trace export + // Note: BatchingProcessor batches spans, so multiple requests may result + // in a single export containing all spans + try utils.waitForTraces(allocator, 1, 10000); + + // Verify we got at least one trace export + const count = try utils.getOtlpTraceCount(allocator); + try std.testing.expect(count >= 1); +} + +fn testPostRequestGeneratesTrace(allocator: std.mem.Allocator) !void { + // Clear existing traces + try utils.clearOtlpTraces(allocator); + + // Make a POST request with body + const body = "{\"test\":\"data\"}"; + const headers = &[_][2][]const u8{.{ "Content-Type", "application/json" }}; + + const response = try utils.httpRequest(allocator, "POST", utils.LB_PORT, "/api/post", headers, body); + defer allocator.free(response); + + // Verify request succeeded + const status = try utils.getResponseStatusCode(response); + try std.testing.expectEqual(@as(u16, 200), status); + + // Wait for trace + try utils.waitForTraces(allocator, 1, 10000); + + const count = try utils.getOtlpTraceCount(allocator); + try std.testing.expect(count >= 1); +} + +fn testTracesHaveData(allocator: std.mem.Allocator) !void { + // Clear existing traces + try utils.clearOtlpTraces(allocator); + + // Make a request + const response = try utils.httpRequest(allocator, "GET", utils.LB_PORT, "/verify/data", null, null); + defer allocator.free(response); + + // Wait for trace + try utils.waitForTraces(allocator, 1, 10000); + + // Get the raw traces response + const traces_response = try utils.httpRequest(allocator, "GET", utils.OTLP_PORT, "/traces", null, null); + defer allocator.free(traces_response); + + const traces_body = try utils.extractJsonBody(traces_response); + + // Verify the response contains trace data + // The body_size field should be > 0 indicating actual protobuf data was received + const parsed = try std.json.parseFromSlice(std.json.Value, allocator, traces_body, .{}); + defer parsed.deinit(); + + const traces_array = parsed.value.object.get("traces") orelse return error.NoTraces; + try std.testing.expect(traces_array.array.items.len >= 1); + + // Check first trace has non-zero body size + const first_trace = traces_array.array.items[0]; + const body_size = first_trace.object.get("body_size") orelse return error.NoBodySize; + try std.testing.expect(body_size.integer > 0); +} + +pub const suite = harness.Suite{ + .name = "OpenTelemetry Tracing", + .before_all = beforeAll, + .after_all = afterAll, + .tests = &.{ + harness.it("exports traces to OTLP collector", testTracesExported), + harness.it("generates traces for multiple requests", testMultipleRequestsGenerateTraces), + harness.it("generates traces for POST requests", testPostRequestGeneratesTrace), + harness.it("trace data contains valid protobuf", testTracesHaveData), + }, +}; diff --git a/tests/test_utils.zig b/tests/test_utils.zig index a50ad27..9f58dc4 100644 --- a/tests/test_utils.zig +++ b/tests/test_utils.zig @@ -14,6 +14,7 @@ pub const BACKEND2_PORT: u16 = 19002; pub const BACKEND3_PORT: u16 = 19003; pub const LB_PORT: u16 = 18080; pub const LB_H2_PORT: u16 = 18081; // Load balancer port for HTTP/2 tests +pub const OTLP_PORT: u16 = 14318; // Mock OTLP collector port /// Wait for a port to accept connections pub fn waitForPort(port: u16, timeout_ms: u64) !void { @@ -238,3 +239,43 @@ pub fn getResponseHeaderValue(response: []const u8, header_name: []const u8) ![] } return error.HeaderNotFound; } + +/// Get trace count from mock OTLP collector +pub fn getOtlpTraceCount(allocator: std.mem.Allocator) !i64 { + const response = try httpRequest(allocator, "GET", OTLP_PORT, "/traces", null, null); + defer allocator.free(response); + + const body = try extractJsonBody(response); + return try getJsonInt(allocator, body, "trace_count"); +} + +/// Clear traces in mock OTLP collector +pub fn clearOtlpTraces(allocator: std.mem.Allocator) !void { + const response = try httpRequest(allocator, "DELETE", OTLP_PORT, "/traces", null, null); + defer allocator.free(response); + + const status = try getResponseStatusCode(response); + if (status != 200) { + return error.ClearFailed; + } +} + +/// Wait for traces to be received by collector +pub fn waitForTraces(allocator: std.mem.Allocator, min_count: i64, timeout_ms: u64) !void { + const start = std.time.Instant.now() catch return error.TimerUnavailable; + const timeout_ns = timeout_ms * std.time.ns_per_ms; + + while (true) { + const count = getOtlpTraceCount(allocator) catch 0; + if (count >= min_count) { + return; + } + + const now = std.time.Instant.now() catch return error.TimerUnavailable; + if (now.since(start) >= timeout_ns) { + return error.TraceTimeout; + } + + posix.nanosleep(0, 100 * std.time.ns_per_ms); + } +} From a421d1f590bf40a6db03b7ffee96eca24b301ef9 Mon Sep 17 00:00:00 2001 From: "Parrin, N.D. (Nicholas)" Date: Fri, 26 Dec 2025 21:01:36 +0100 Subject: [PATCH 5/9] docs: add WAF design specification MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit TigerBeetle-style WAF integrated into load balancer: - Token bucket rate limiting (lock-free, O(1)) - Slowloris/connection abuse detection - API protection (JSON depth, request limits) - Hot-reload config, shadow mode, full observability 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- docs/plans/2025-12-26-waf-design.md | 502 ++++++++++++++++++++++++++++ 1 file changed, 502 insertions(+) create mode 100644 docs/plans/2025-12-26-waf-design.md diff --git a/docs/plans/2025-12-26-waf-design.md b/docs/plans/2025-12-26-waf-design.md new file mode 100644 index 0000000..76130c5 --- /dev/null +++ b/docs/plans/2025-12-26-waf-design.md @@ -0,0 +1,502 @@ +# ZZZ WAF Design + +**Date:** 2025-12-26 +**Status:** Approved +**Scope:** Integrated WAF for zzz load balancer + +## Overview + +A high-performance Web Application Firewall integrated into the zzz load balancer, focusing on API protection and DDoS/abuse mitigation. Designed with TigerBeetle-style patterns for zero-allocation hot paths and lock-free shared state. + +### Goals + +- **API Protection:** Rate limiting, authentication abuse prevention, JSON depth attacks +- **DDoS Mitigation:** Slowloris, request flooding, volume-based attacks +- **Production-Ready:** Shadow mode, hot-reload config, full observability +- **TigerBeetle-Style:** Fixed-size structures, lock-free atomics, bounded everything + +### Non-Goals (Future Work) + +- OWASP pattern matching (SQLi, XSS) - requires regex engine +- Multi-node state sync (Redis) - can layer on later +- Bot detection / CAPTCHA integration + +--- + +## Architecture + +``` +Request → Router → [WAF Layer] → Proxy Handler → Backend + ↓ + ┌────────┴────────┐ + │ WAF Engine │ + ├─────────────────┤ + │ • RateLimiter │ ← Token bucket per IP/path + │ • SlowlorisGuard│ ← Connection timing + │ • RequestValidator│ ← Size limits, JSON depth + │ • DecisionLogger│ ← Events + traces + └────────┬────────┘ + ↓ + ┌────────┴────────┐ + │ Shared State │ (mmap'd region) + ├─────────────────┤ + │ • BucketTable │ ← Fixed-size hash table + │ • ConnTracker │ ← Per-IP connection counts + │ • Metrics │ ← Atomic counters + └─────────────────┘ +``` + +### Design Principles + +- **Zero allocation on hot path** - All structures pre-allocated at startup +- **Lock-free reads** - Atomic operations only, no mutexes during request handling +- **Fail-open option** - If WAF state is corrupted, configurable to allow or deny +- **Comptime rule compilation** - Rule matching logic generated at compile time where possible + +--- + +## Shared State Design (TigerBeetle-Style) + +### Main State Structure + +```zig +/// Cache-line aligned for atomic access +pub const WafState = extern struct { + // Magic + version for corruption detection + magic: u64 = 0xWAF_STATE_V1, + + // Token bucket table - fixed size, open addressing + buckets: [MAX_BUCKETS]Bucket align(64), + + // Connection tracking for slowloris + conn_tracker: ConnTracker align(64), + + // Global metrics - atomic counters + metrics: WafMetrics align(64), + + // Configuration epoch - for hot-reload detection + config_epoch: u64 align(64), + + comptime { + std.debug.assert(@sizeOf(WafState) == WAF_STATE_SIZE); + } +}; +``` + +### Token Bucket Entry + +```zig +pub const Bucket = extern struct { + // Key: hash of (IP, path_pattern) + key_hash: u64, + + // Token bucket state (packed for atomic CAS) + tokens: u32, // Current tokens (scaled by 1000) + last_update: u32, // Timestamp in seconds + + // Stats for this bucket + total_requests: u64, + total_blocked: u64, + + comptime { + std.debug.assert(@sizeOf(Bucket) == 64); // One cache line + } +}; +``` + +### Constants + +```zig +const MAX_BUCKETS = 65536; // 64K entries = 4MB state +const MAX_TOKENS = 10000; // Scaled for precision +const BUCKET_PROBE_LIMIT = 16; // Open addressing probe limit +const MAX_CAS_ATTEMPTS = 8; // Retry limit for atomic ops +const MAX_TRACKED_IPS = 16384; // For connection counting +``` + +--- + +## Rate Limiter (Token Bucket) + +Lock-free token bucket with atomic compare-and-swap. O(1) per request. + +```zig +pub const RateLimiter = struct { + state: *WafState, + + pub fn check(self: *RateLimiter, key: Key, rule: *const Rule) Decision { + const bucket_idx = self.findBucket(key); + const bucket = &self.state.buckets[bucket_idx]; + + const now_sec: u32 = @truncate(std.time.timestamp()); + + var attempts: u32 = 0; + while (attempts < MAX_CAS_ATTEMPTS) : (attempts += 1) { + const old = @atomicLoad(u64, &bucket.packed, .acquire); + const old_tokens = unpackTokens(old); + const old_time = unpackTime(old); + + // Refill tokens based on elapsed time + const elapsed = now_sec -% old_time; + const refill = @min(elapsed * rule.tokens_per_sec, rule.burst_capacity); + const available = @min(old_tokens + refill, rule.burst_capacity); + + if (available < rule.cost_per_request) { + return .{ .action = .block, .reason = .rate_limit_exceeded }; + } + + const new_tokens = available - rule.cost_per_request; + const new = packState(new_tokens, now_sec); + + if (@cmpxchgWeak(u64, &bucket.packed, old, new, .release, .monotonic)) |_| { + continue; + } + + return .{ .action = .allow }; + } + + // Fail-open under extreme contention + @atomicAdd(&self.state.metrics.cas_exhausted, 1, .monotonic); + return .{ .action = .allow, .reason = .cas_exhausted }; + } +}; +``` + +### Key Properties + +- No mutex, no blocking +- Timestamps wrap-safe using wrapping subtraction +- Bounded CAS retries (fail-open under extreme contention) +- Token precision: scaled by 1000 for sub-integer rates + +--- + +## Slowloris & Connection Abuse Detection + +Per-connection state tracking with timeout enforcement. + +```zig +pub const SlowlorisGuard = struct { + pub const ConnState = struct { + first_byte_time: u64, + headers_complete_time: u64, + bytes_received: u32, + last_activity: u64, + }; + + pub const Config = struct { + header_timeout_ms: u32 = 5_000, + body_timeout_ms: u32 = 30_000, + min_bytes_per_sec: u32 = 100, + max_conns_per_ip: u16 = 100, + }; + + pub fn onDataReceived(self: *SlowlorisGuard, conn: *ConnState, bytes: u32) Decision { + const now = std.time.milliTimestamp(); + conn.bytes_received += bytes; + conn.last_activity = now; + + // Header timeout check + if (conn.headers_complete_time == 0) { + if (now - conn.first_byte_time > self.config.header_timeout_ms) { + return .{ .action = .block, .reason = .header_timeout }; + } + } + + // Transfer rate check (after initial burst window) + const elapsed_sec = (now - conn.first_byte_time) / 1000; + if (elapsed_sec > 2) { + const rate = conn.bytes_received / elapsed_sec; + if (rate < self.config.min_bytes_per_sec) { + return .{ .action = .block, .reason = .slow_transfer }; + } + } + + return .{ .action = .allow }; + } +}; +``` + +### Connection Tracking (Shared Memory) + +```zig +pub const ConnTracker = extern struct { + entries: [MAX_TRACKED_IPS]ConnEntry align(64), +}; + +pub const ConnEntry = extern struct { + ip_hash: u32, + conn_count: u16, // Atomic increment/decrement + _padding: u16, +}; +``` + +--- + +## API Protection (Request Validation) + +Streaming validation with constant memory usage. + +```zig +pub const RequestValidator = struct { + pub const Config = struct { + max_uri_length: u16 = 2048, + max_query_params: u8 = 50, + max_header_value_length: u16 = 8192, + max_cookie_size: u16 = 4096, + max_body_size: u32 = 1_048_576, + max_json_depth: u8 = 20, + max_json_keys: u16 = 1000, + endpoint_overrides: []const EndpointConfig, + }; + + /// Fast pre-body validation + pub fn validateHeaders(self: *RequestValidator, req: *const Request) Decision { + if ((req.uri orelse "").len > self.config.max_uri_length) { + return .{ .action = .block, .reason = .uri_too_long }; + } + + if (req.getHeader("content-length")) |cl| { + const len = std.fmt.parseInt(u32, cl, 10) catch 0; + if (len > self.config.max_body_size) { + return .{ .action = .block, .reason = .body_too_large }; + } + } + + if (req.getHeader("cookie")) |cookie| { + if (cookie.len > self.config.max_cookie_size) { + return .{ .action = .block, .reason = .cookie_too_large }; + } + } + + return .{ .action = .allow }; + } + + /// Streaming JSON validation (constant memory) + pub fn validateJsonStream(self: *RequestValidator, chunk: []const u8, state: *JsonState) Decision { + for (chunk) |byte| { + switch (byte) { + '{', '[' => { + state.depth += 1; + if (state.depth > self.config.max_json_depth) { + return .{ .action = .block, .reason = .json_too_deep }; + } + }, + '}', ']' => state.depth -|= 1, + ':' => { + state.key_count += 1; + if (state.key_count > self.config.max_json_keys) { + return .{ .action = .block, .reason = .json_too_many_keys }; + } + }, + else => {}, + } + } + return .{ .action = .allow }; + } +}; +``` + +--- + +## Configuration + +### Example `waf.json` + +```json +{ + "enabled": true, + "shadow_mode": false, + + "rate_limits": [ + { + "name": "login_bruteforce", + "path": "/api/auth/login", + "method": "POST", + "limit": { "requests": 10, "period_sec": 60 }, + "burst": 3, + "by": "ip", + "action": "block" + }, + { + "name": "api_global", + "path": "/api/*", + "limit": { "requests": 1000, "period_sec": 60 }, + "burst": 100, + "by": "ip", + "action": "block" + } + ], + + "slowloris": { + "header_timeout_ms": 5000, + "body_timeout_ms": 30000, + "min_bytes_per_sec": 100, + "max_conns_per_ip": 50 + }, + + "request_limits": { + "max_uri_length": 2048, + "max_body_size": 1048576, + "max_json_depth": 20, + "endpoints": [ + { "path": "/api/upload", "max_body_size": 10485760 } + ] + }, + + "trusted_proxies": ["10.0.0.0/8", "172.16.0.0/12"], + + "logging": { + "log_blocked": true, + "log_allowed": false, + "log_near_limit": true, + "near_limit_threshold": 0.8 + } +} +``` + +### Hot-Reload Behavior + +- Config file watched using existing `config_watcher.zig` pattern +- Atomic epoch increment signals workers to re-read +- Rate limit buckets NOT cleared on reload (existing limits preserved) +- Only rule definitions change + +### CLI Integration + +``` +./load_balancer --backend 127.0.0.1:8080 --waf waf.json --waf-shadow +``` + +--- + +## Observability + +### Metrics (Prometheus format via `/metrics`) + +```zig +pub const WafMetrics = extern struct { + requests_allowed: u64 align(64), + requests_blocked: u64 align(64), + requests_logged: u64 align(64), + + blocked_rate_limit: u64, + blocked_slowloris: u64, + blocked_body_too_large: u64, + blocked_json_depth: u64, + + bucket_table_usage: u64, + cas_exhausted: u64, + config_reloads: u64, +}; +``` + +### OpenTelemetry Spans + +Child span of `proxy_request`: + +```zig +fn createWafSpan(parent: Span, decision: Decision, rule: ?*const Rule) Span { + var span = parent.child("waf_check"); + span.setAttribute("waf.decision", @tagName(decision.action)); + span.setAttribute("waf.shadow_mode", config.shadow_mode); + + if (decision.action != .allow) { + span.setAttribute("waf.reason", @tagName(decision.reason)); + if (rule) |r| span.setAttribute("waf.rule", r.name); + } + + return span; +} +``` + +### Structured Event Log + +JSON events on interesting events (blocks, near-limit warnings): + +```zig +pub const WafEvent = struct { + timestamp: i64, + event_type: enum { blocked, near_limit, config_reload }, + client_ip: []const u8, + method: []const u8, + path: []const u8, + rule_name: ?[]const u8, + reason: ?[]const u8, + tokens_remaining: ?u32, +}; +``` + +--- + +## Integration Points + +### 1. Router Layer (main.zig) + +```zig +var router = try Router.init(allocator, &.{ + Route.init("/metrics").get({}, metrics.metricsHandler).layer(), + Route.init("/").all(waf_ctx, wafMiddleware).layer(), + Route.init("/%r").all(handler_ctx, generateHandler(strategy)).layer(), +}, .{}); +``` + +### 2. Shared Memory Region + +Extend existing `shared_region.zig`: + +```zig +pub const SharedRegion = struct { + health_state: *SharedHealthState, + waf_state: *WafState, + backend_config: *BackendConfig, +}; +``` + +### 3. CLI Arguments + +``` +--waf Path to WAF config JSON +--waf-shadow Force shadow mode (log only) +--waf-disabled Disable WAF entirely +``` + +--- + +## File Structure + +``` +src/ +├── waf/ +│ ├── mod.zig # Public API +│ ├── engine.zig # Main WAF engine +│ ├── rate_limiter.zig # Token bucket implementation +│ ├── slowloris.zig # Connection abuse detection +│ ├── validator.zig # Request validation +│ ├── state.zig # Shared memory structures +│ ├── config.zig # JSON config parsing +│ └── events.zig # Structured logging +``` + +--- + +## Testing Strategy + +1. **Unit tests** - Each module in isolation (rate_limiter, validator, etc.) +2. **Integration tests** - Add `tests/suites/waf.zig` using existing harness +3. **Load tests** - Verify zero-allocation claims under traffic +4. **Fuzz tests** - JSON parser, config parser edge cases + +--- + +## Implementation Order + +1. `src/waf/state.zig` - Shared memory structures +2. `src/waf/rate_limiter.zig` - Token bucket core +3. `src/waf/config.zig` - JSON parsing +4. `src/waf/engine.zig` - Main orchestration +5. `main.zig` integration - CLI + middleware +6. `src/waf/slowloris.zig` - Connection tracking +7. `src/waf/validator.zig` - Request validation +8. `src/waf/events.zig` - Observability +9. Tests + documentation From 21136d9f50db24328fdc3c1cecd35f966fb26945 Mon Sep 17 00:00:00 2001 From: "Parrin, N.D. (Nicholas)" Date: Fri, 26 Dec 2025 23:05:24 +0100 Subject: [PATCH 6/9] waf works --- integration_test | Bin 0 -> 2268768 bytes main.zig | 118 ++++ src/main.zig | 27 + src/proxy/handler.zig | 97 ++- src/root.zig | 23 + src/test_load_balancer.zig | 4 + src/waf/config.zig | 1197 ++++++++++++++++++++++++++++++++++++ src/waf/engine.zig | 586 ++++++++++++++++++ src/waf/events.zig | 800 ++++++++++++++++++++++++ src/waf/mod.zig | 185 ++++++ src/waf/rate_limiter.zig | 684 +++++++++++++++++++++ src/waf/state.zig | 940 ++++++++++++++++++++++++++++ src/waf/validator.zig | 572 +++++++++++++++++ tests/integration_test.zig | 3 + tests/process_manager.zig | 69 +++ tests/suites/waf.zig | 327 ++++++++++ tests/test_utils.zig | 4 + waf_test.json | 18 + 18 files changed, 5653 insertions(+), 1 deletion(-) create mode 100755 integration_test create mode 100644 src/main.zig create mode 100644 src/root.zig create mode 100644 src/waf/config.zig create mode 100644 src/waf/engine.zig create mode 100644 src/waf/events.zig create mode 100644 src/waf/mod.zig create mode 100644 src/waf/rate_limiter.zig create mode 100644 src/waf/state.zig create mode 100644 src/waf/validator.zig create mode 100644 tests/suites/waf.zig create mode 100644 waf_test.json diff --git a/integration_test b/integration_test new file mode 100755 index 0000000000000000000000000000000000000000..7a38eae47b11f95b93929ab41cc492ba9610ea3d GIT binary patch literal 2268768 zcmd3v4SZZxng8!(ns(AsO5Z4bO+#FpP_?WDnn-J>jYxU1tQ4$5ODM&qysRu1rTtfz z)Tk6$*ACQ00VPRUcarK_S6G{M|F)&R6m_)`*B4O9B%m{?2rTQGQA+;b-?{hPx%YM^ znU?a$em?2U+&Uw!Bex7sA5C8b=%O^Qb%;8@Je-rszF~)H|=IquZXS#m#*WCP9 z%g#UVit{eLL{G#2Oy%&SqkgHKO#ooy=#u%@+UOLOzaTR(8kM*mT?y>EW(RMXz>QEn0a z4z`!@+5?B?pW9yZhWFm|x9@#FPonMJ`U$tagI;_39c<4zs(5w|2H?kcSG}Ezkl7|yx0B?x0ijN+uluY zkDCJe?S2ckQur>q`wV~0&2L+F*|O%QOIEIOsc+v*)34KPQGV;6{jE0jC#;^rUvu+y zHy381y!L|q8ciG5@@N04Uv(hD?U#M3&shfMzQ422W|=R^HSTZQFSVzC&CNHhYu>o| zZ?3udrsluB_5CH=o9lOGRtR6>D@zM*dr^85-t@-(H#hF~Z};lLZ@+0NtWO03Wq z`m<{D##`U}H*Z@0Ci->#HKvd=n-9Tn`TNtIUX-&iv!W|E-^sVFkN4!($5Nf~$%9p+S}yHuojka= zb<$uuK4q{yK9$eQ1`}1ue7beYU`PDa!0*DlL@e3ezN(@pec;qR=Qz%exs}eMH#yFf z?9607SDnls9+S)u#QB@xj#^G^lkM=dT$w|f->&i?^<~y2VJ-gyFX@BNm zTm0vX+u{%K_XK~RTih9+Gnj6jGYGzS90XQwoU^-r-KbPXHF-M@2DXSl>+>xD}>}I+r9oe$H6Bwy|@#deT*EerUeAro)o#1r;PJN=U z`hHmbXjMPldCt)9np2$Av?>rh?a=;_Bk%caL&yS_Dv5#EZ2feh9ZJBgAeXIliwhCvF#?=ds)8IHmxhhBHs=AWE zXB@Phq}^oRsoJ-s9e7TxWr;I>-x8;?Wy#wqlUVFbqMfslIa4$)l~2${23Qv6Y|8aR zH+q+2ezVMTXM8sEHha*{Uwizj!H(9e1|ON~>`*zudcVFyUm57@dD_m>zeHs+l?6w^ z{%4`Z9OE0H-#NgrN_We+egw*U;5n0{PdYgBlFYcr289a@o zpWZG!g!R+*^RvPFVDvgS>WXR7fPR@-_AvUFXdSi&(7yrQ$;HK zLnoiWF3mpfMlTcgP${|ChwLlT3_?s`*PSy zo$-l-iAv{%tZb$T%y+2XLh4a>0N97Ie|EJ_9K0|#?h~?WyW*3uTP6?YewxhJPsEnN zw%#zxd02fOpk8(!b>}DZUD(~OJsj^Dz)tJL{&wx*DV{z2>BU*vh|z}nD_Z*Sk)eBk zE7;ge*=fL*EsV`HAX^yy(H8%&#T~5`J#F!ST>M3B?p@g2UD(;!*x2#YjU8;^8`!O} zo&ju&&iD)u_6!g9{bAVHAy)xA1lQR3z{Or`i$A%zBOU|p1B-WIyLAO@w@-qvpbh&n zK0trmNxh5>COeJ!YQ%=yUgK1z5*01R4n0@27O;Cu)_EIsD&0D7qRxqwGxt0&vYh$5 ziO>Rgmkupu2j5<%oVk*=%9S%O!q--B@7DKMrng_QoOy%raDwE_ml@BAoX46n=JBL5 z=J9va%F`FQQ_7#mt$}%b>z~0q{yTj?QS-Qj@f@Wu;CbWE7{8{%^K0V9ui1!Q5}Nnc zF+J%fVj9r)%g9H3Hewo8UGiro?*@?51NcM($mq5M#1!JOR9EZN!LjI$F5(t@iDh)Q zo;ui$4D4)u*I<1WvKX1zfh;WiK5bAj2jja|wJiAyWK~Pt)i3z-`5e4GoSbwfwk%20 zwux2HhhD}t<)xu}{Wt|O(!?o{k;#esmPke>r?xDy{w*OaBR{gp#CGIens|j|A~A~w zjj7$p&KUlGC2^iuO6?yU?>wJiEH)M~*V(tEcTCF?`OQ4*Zoh|i4$R(j=ug;^`0&J` zrex#9CdRn2iC}%%4>mS&=KaJb#@N`zdBhfCCbrPa7<$KmBl_1C|NP>wpGKeKHC>6= zT>j9J(;l3GF7N&ger!VWobONbJv5iY`%oj=eCnI6FUTm0XT&YWa zN0;iIQzWLeCNh7|DRx5HXiRCF<`26}@5IC6Wy^EXn9^L$8RaAcehCdJ-k4zyLop?6 zq#*r?*N%!Q!JEXCitAFz0p7{CIm%`Sb}**&9y@a5yXXhuoH&FhKw*34+dBL~kd2Y&s zAH}K%=7DEym*2+6b$t=LeHV6l7qRcI_$q9A>~!pMqXVR4z;P#f#kJF?8e7>xZ=@+3 ztHcgwEaLxr{)i4x`<{JnbO3aigr+;1DteORr30|Z(M7M54k+4}>GWkfeVIXD-ZOY1 zGQSHu-Snl&+U+yFzRYZJrW1FqQD5FO7#r{Pg}MIQU|)jzsD{2AaC(w|p}x3ra(tB1 z{La`TvE&hX{?X5lEVsXO^2l<#6`fN~?CTS>Rjv(vx_BK~BfftMo_i&7`>}D(^QCYbl1WDD!a&az}9Hc2;YYCDqf z-dM?XYzWr+c61nfVGj1!oWVBewH;bx&1}aYysF>uHES4qJCDSPzmq1Cn2nEK>D+SA z^U(#zT_@R})*4A7@;f-bV*cTN@K=+qOs(*I$}fNuAKoly(gw#lOFp?|%|6OHZKH?@ zw3xMtBU@aU=K1cUpO@5$5gxH~Kiqmt{xc)<$kXFT=8?GlRwm9}aJe6y8Qi`vbwNzp( zdyQP54&Bc{zQ4y^OGR#rMrH44P3If%l*>mm8{DuN+1;^9af>;7PPAOBDT9tqDua%8lu1YUfMwIsR?&`U zgTD38fR6s1zMm-lx}+E#A){}RJZlpDOoo1-p?GCVdbF+I>B&Mjq7!3#LL+-UyHl~J zZvVu&`|LlC9GCd0@WMQmic35gp^Z{;iEBg~WyU4`2u<3!#Mks4+wyqh z5+!vWwuQyfNO6gUmNxKJ6_+U6KcU~zxWvCPo}*+8wDEsVw64PsP9KBq^-ur%+UUB$ zPmiqY`p1r}>rRi*VX2&}eY91su6ws=&y!J8_5GFEUWbP9lMj{SC#Qsmun%zPc>Uxl z#pp2LC(HH<`Fin0&&$xMY|lRMV0aRF(?^^v+b`KQ*^^yvPG!5}Jc6uJZeTv`I1iKi z>3*+p9%3{!IaKzmDyx{J zExVqwtbLd`ReV}QM=fPp2T|D>F=vO(vrFTv$agVu{I5MYqn>zvj!$I4jTz4mH|^37 z$%kyrxy-C5s9(Sv0N#McV$&;mmB%dW!6fGd&Le$NE-U)Iym>?pW|4=%_~SPi&xxGJGs~FAnPtr5<7Lj{V50na+^)Iv z=J6eW2J`qBeLqq9@!}IakKedwWPa>a|3~1*7t5T-j~~N4&I!!plhD#@&5x^3;5!y$1smy)ZBUec>SNjJU%n##PQ>X6FiSk+&wZseoOry zfgkTIa~?Zrt6cr~mcTszf%$)}`Elb3oX7uVJjK@K1Z6uD3f^+_(&B5b4sm8pRPvDCm`C$C(nfdk~xe%;CEzJuTLLw%B$T7`Y` zJ^YrRdcVi>`*A1lkPDSLFgm3*?H%|OZH}|Zti_+7?5-Q-EULq2k&lu+-(6c*E~%*# zACq!e(-v&mXphJr(HaJPs2p1DKgt3(0o(*RN|}vgQrV|s-G8E7M)su25*JB03G#gL zLmd1NKF{DY5xaAS;60@^ehaS^c;rzD-VL;&wa01lr}Un^Wb&1qCGLB+&+TX%?JQdE zz0b{OtoSUM17lLTKRJ2%NV)zojT(nDoBd0(_busbN~E-wuJ(sC7TUG-23iv-sla>U0Q0P}TJPER-{j-d{s4ZCnOA%(n=f#6 zJ!|x>@t&*yvSmpZzNPl+$xpmkzEPl0?f8P7_=0X;!l`av!g-A4Jms8$iwoSb?2gpy zIzS!){%j|Hm|J(cTlbyR6+SL^$E1Fmao`)Tp})$RaB0x%>lkty-YHn*x4oxjN%Hc2 zOOk5~c?F~J|Hvnc=COtL)RoF(n*%)Mv9bR#n#bnXmv3tG*#0h6ULIQ&>wgL8OZnY~ z-u^j2Z{)B&1HC0g>wNFy`w%!jvZac6cZH$xgONRfrvH<{7ru~ay!~;-vuEx3-3vqa z_If#m;)mYJqEB}%FUvZDp$YK`G?Ia?oY{$$b7!5lvUftu662R!e!wpmKg8e%^30Kk zNy>|77(=9tcqS2d7EJ|bK1_Ua(y0=)}buSN@eU9pv`WLJ>1Z^DI67M{6z)AH&|3SFXJ(Z06mdvyVXY6L2?%v4Q zDyF@j1w*y!0$&xEtMP9$;Rifsx`?T&_tk0Hi zp5I=%!yRi=Cw)DpeU)OxyQ6v{kOIZAQ1L zKgxxfrSGCe<|vc{2mXTnA7*`Z_b@R&gD271aQiAhBRqs-e7lb~#y6Akgmh^zCIr7l zVhSV9<0s3Q$4zC-W4uh8>GETk$7e?u=CMoPU*mav{Ry1MPR4U0=W%8k^EkSUc}$l% zkNu;{=f^F9d2IMIn8%0d`-$SmMJIS3J3lqDT-~Amk04ifmN}2N9K$?T1?KVF(9&zo zkIPTsJbsJu6!T$ZyDA=N_pARP>dPFc>UsHG^vhC}A)okszF)-m^%bn2O!C%GCb9NA zk@Fm6@2(n5tV=d#?;v;hh;xh8^=&)jJ-1;SW|v}%-jVD+Be;hTKgin3b)&pBm~*kQ zu=_jvD|&JZ9do{g^jSJSl^g`}ci)?ARGadtuEJLDldZmheO>eD-+aoeOjR=fz;m9x zEXoJFy-qGuO-P_+L<>n~~cn{=wJMM=g>9vAIT!v=4|mon=@wokS6saAcO z=H*447VZ;1RHN+^eo`MkmV7GPr`zb$v*_>N;!7O{j`lCh$uMfLGwu0@;W%T8@ z*o-E3oxVhUnvQ;_=Zmb@ME4241H43S#BJnmn!FNVw!c{2fSo>3c3on2^6qrJdNA=u zY~L#9vR(1!!84R6A6uea(o-(jylW3O#$8UV`X{pKGI80W1-mZGyt5|0yZ-Fa{#hXZ zD|?@_K+N;Y3(t)W#5m3K&4uR!@<;9S|13P$-j{>6of>>h@B^Laf5r0+jK{RIw($IC zJg>9mzf^esBeieK|5xGp_j&I2J&{s-w*7CbyzS4&5 zdnZz_p7#$U%i}ZSBg^CWmMM?N(^k25?mr>_tety}zQ4xy(XX^FdV=iSb&MyNQ;~t@ z#G79NkB+1BW{&;5m~#A@$38jod_Sylj-Y?HmpR`l+A4Rx>jU%sYv|+^&iD3V{F?3M zlI!u`b;+ulX%QG$el1czI7IP=uet6v)banoB)kI32naCvSRfKq_HO$&u}!h;s0+==7_TB zERRlx%e|=Jax(WuXrxr`%@Jt4+}xW_i!QLS6(_q?-?5WlK~83IeS*D;-Yu?A zfE~=e`GM?q$syVO*mC4-lqZMicQhySouZNde|fnh(!f{ma%IJEH1K(ie;68AUnUKF z=on~VN`MA>puyLg2F!UhCx`|PF`m#m4fe6oL-?Ee)cFJp!KudF#=gEf<%lgi3%|X3 zQ2wm;TJObAOLJbIVgL!J~1M8i}jwabIVh zs){-JSf!J%sB-e`bD}>5+k2=rPTldWBgM^`J|=bm{7%&+zEB@a61%7#)EP!O;T=D} zx0SOE6Ye=Tzxf2~6yPYKGm>t1HV@S*7LepjrDXnT{QlFKljT>RW%e>YLmM+^F<qo#vjO*h~2%Ti(HXQQTcG0@f1REmo)f)Y5hQ{#{1@mI;*2>jJZ}q+`=-5V=7~B2{#p~dshw%BW68L1Frddm4u8xAq8C6B`S#wh9IzB$HKAZiFEl(jt|R{H&Px34mP>;$kYlEg322m) zf(?y|rp2GnEb#dEBKY@`0{^~IbHm#6NVweklDp=L+&gMq%_YW_`D5`qSU@&e353FKJ&K%9&_!b_iEE;J)UM9;O+@sI;$NMd6FU|iqr3*ey^}fg^#$*xAEaOIW*t>Iy0#5l zPWnP;&1Sr^AK+{ZqgT*PN4C7Jll~gHX7oy+y&EYPw6TlrNpIJl^h8xkaXp>4EB|UJ zuDwu`@a@uyS!BP_&+w+s)zf>E zZ?ll!i`Zu@8p1X(&yk0Tn0pSLaz_%JZ+CTta~XT}r>L#*HQ5Wd$jdOud+v%pO_Ap=kUA3p( z+vnE-E|xoEQ_^FS?blJ($n`1CSzn;NCz%H`#-@r?=Ec~*RxoFs8jr>euW(KQYX-|3 z8ONmT(u&4scxUmVxO=9Fm^X2C#nk(Gr?%_hKaS2eeVqtA8xg*<3U-DDR!nD@yfj`QZA!%*sO_~Wa9=a zbEzkNuRNSI{=3fbaQVi0VH>#(g8d@({@ZKQ^i%lTP?b6eEeU@gnc?Mjb{UR&>1{Bi$UXmW2BFJqHw+m9Ae0Vv%!P20ytx7LveGpF)Px> zKl5DYYg>FxiM)T%t9LTbAMm~-%ia8~xO&Fcqv-oT&6 zp}E$a*D>GX|6y#oL*>|Vw{9EJmfO9&*R_A7E7G#POWSh0mj`UQmsPfWTP`fChq2|p zOS_&<2-PXWmfOAjqv!ax+)vcMS7yukxREV)0d!fymJ9WBI9u+X5@S0KTP_51I9u+6 zC193e%k5qsu;o4?e7-VUE`-nDtG(j3Txe{=*>X!ujO{pVxe(0ZY`N1*z#PGr3$<@; zxf}0z#kQQm>A$nKQNorB!5z+)`z>u0O zIgD?+dwH8HLnIG%wnMq{(9FTBAP+xY0!L-Z!?!K+<>B2L%PWVDKWNJQy#v#1k7WVhuT~6isfMdpI=dXuTUQT37?}F55Jo7@K+^Z9*;bn_wf@T z55egN>C-Efhv^dIdNt+YT_s?aB@ewAs_qRT)_1f#B*#boT-*9sPlDWL`G>##81hiQ zf?|CSI-8ZpL(FCO^1oW-+v6VL2 zir2~3mW)q?>%YOPPx&a!86{xW%r9NX!{zqn2OClwyx7_6HU4UM{M*3gYT?q0l_tQY ziSsZ<`7fMZY4EwT^~yo!Z+j4r=itZS?-z^ngvM0!dar-c_$n}-;f!%lu7v7reO>W7 z_^F{d&v)=;iq=2ft55kT9uJm)nVDO!+kGO;)@83(}1{_+0Db^5^*DR&Nf6!}d}!aoS&2Vmz@^JRC;i=r%rTad@xPKUpzL55#eB(^v(9`pERnFNL3x{6JKFHVGD6g|+4E|aR__Mf83XjF( zw;{S%H^v)NG|tbMp5xA+Vtl#Z#=;|YvXS_0DZbusW8u;GEiivn0%i@dLK6#*)FEbL zWXVD3OZQ|I>#y~vrhW8i`=MC*{oX#JXxv@2+f}N6N4)rQB)&h?r1iFwh%d9=7S_SL zkBZS)9ZZZUG1}F^y9FId|tiv zTz|dtJmJ#Q!M^VBbZ}62)Jb<(9URmh9xkOjdUSVB8G6{)9Yzm_#}zLzE?;*<>O}SM zh`Ph*;V{f!)9+$Dw z-fH!S(ZS&{eWk>h$hC20P^3;&2bYq28M~%x^l2F8juJ4JS^ZI@j*rKH{%8{(J-?fE zlCv)wK?grX4t_|7fXlBamg&XvhSR~m?lAf^Jf5pdjK|jA@rD%1m@7E-RMde6D+4Q?X`Q|D_Z zoY)H&uvV%3j5IPT5sSUB&$A8O-xV)lmt58)9jo``gJ^xztO2rz8QWX3xwEcF&BSckw*ObF+_PDr+hmb(Z&4tUGaj7kg+D+<{fE&wBREq7RGVc$u{Y zSPzN4bo)KQeZI=w)LNR&T`5-I+5?lBQ{CaJ^`l@L>Q8o@qjlc9p^b-?A7q|sO?Nzd zKR7>4Yix6!xj%+(&ALzBk=yUlz7^%QJ%#=FNB%V47I?|7E5(vm&v8bbc2%A8*Pqwj zs0n>i{&C9w!7G0&)&162*SaI)cm2Y}skCP&{DaDR@ydhP@+Q|Ms@te*^M7)l|%955Zn% zb2E&rEx=WbdyqDY^>@F`&4|>ovJyTwer6!gB?NQ7&CM{fEDZC>5-@9QJU>z=m?wwq zadQpehjwz|MCa-L>P_wJy)yV|VDFW;7X6g)V`hk-u9oBsHfpJ#ZJK4#!=@n$b)GKe>Or*WQwc(a+DIruh% zoa*H)2Fo*M3@uB1o;f?fe`(9B^hxzh*|~2`9mGeF&$v_l^nAt*oJCL1&!F;OT+S8~LAJKYNq(nxT`I-s;oNIwn{wa2Nu7rm|eJF!6?LT?(F$)$#lHCOlRexu^HWO%M@9KzVvZ|81u@BS}f z{3mS`qpkf`_DAYOZOMQ=9)cORCBraxmw*|zB@1<|e8gS|#vwxREHC{2cFPNe`bEcQ z;}AwJ7RoAzY+I@Rg>1<}ogy}c-#1@wm1|R6>lEVun&07UiexNx(2KQhR#_{TkH@BH zbA0*utlBDWQ~2YOd>hWDSX2Usucl2gqXbM}rXGV$vEHYnf}XW<-Ly(I)IB$ z@#$A|A5ro3+7Lc{nHsSVWK;ChMo~I`6>W-dmw@TZ)Tm9-8aPMEwXOZ}9Wx*NN6fda z9~J&e@PUzufn1rdsq8D^1E<30gZU?b4?a)=hp#3dyt@R<RTD&)^1kBQW5I7GFUw1g$Vuh3JR=hy=YkK`0 zV_O*c@lb`owp#)GQnrOD+Z*>|(0>TvIALQ{o^6q}>qN%3nB&?OP0f2u8_Bp&_g_=& z`IzmB!oD2o(67;tqVg(aR}|_*?TWxUkuO7}bHa8-p}t_=R|00(t|-*8v{8;-@zjSc z9~9~r9bd?95UQAXvl6_~htR!n1YW8XVs-+BybqTcuCy|Eji%*gC;+jb!V* z#94o$g=n2)mGMW_A0~eCR0){F$@pmd)@H8rY5Uk^d=Q_K@gLOvNkwd(DD2^Eopgz@ z9jlCw!W=Gsa#snMC1rd(aOUAi@so!}`||ly!p{ld&1Tb1lsChACpdneH$9&gy+h2} zi}iSV$IRtfV^Vb3jGazDit%FDpDolWrFWt*htoSRaUW7Kn8%`bqVOzlF8fe%y%Q}TUK=TlPdNE; zss5GHJFO>xj#?6_Y^AG@ex&=ahNC0)3fa9b-%;7)p`)v-d^+ko0d#an37ox}baX=r zm?wgczP#m?(~<6oEK294=!pGRN4AV%?;9~T{J|j2`tm3g7x7|j{j)YHMsMWNyT|%* zv!rNaI2)m5T&m8CQ=hG}o}Bg9yjjOkoYA*~vF)`F$z2cd;%mKQeLDK95^F2LaU5+M zoX;7vUYwWqf6qNc#c&q34GMLlYb(|cj>23PvJDFL<*)p#1kA8)P^eR^e^&m~_;gb! zZ{r{dn+pj{#g?_sXmDv`l>uBHQOvyzyI^Z*U8Mk13{XbS#2Kq=`L9{d?%?EIqJOMQS40j0?qGu~ex|F-T=DpSsX-Q2b0n3&Qr$@#YNKF$9`>oKp8=C_o>*{ewNSCxQy zJT(8$n~$634=oSivNf=_70ho!<{k>>1`H?X>k8uv)j1BD57!T^pBH#rGHYB3m?dex zwQx=h>!s*FZyz&fdQJ*A;8S+7;uVH?vO9`ev{lKNl#P9|Vq% z$`4|#S^L5h^hIY#WQn!<`9a`h6Y={jcz3urB$OXSS(6_`c|Sjh@;6aFq`!F|og0&b z5Ly@Z@`7$AFUVaNKD0b}aw_ZP1>K{&r%L-ihnCNs;IDHazX~=IvD#()V z9v=L;A+6y9OXv9oavTmVZ#mhQX)md*;=XivPD8$QVLs(IzMVFT&0*LFD%6Sk(gAxb z1T*YQ7wQXUeF>OhAE;0#>)Ch*18c*EY3_ZSj+Svn#}|s>7GSA=u~PjD`9Os_ zLkDCJjwR24oEFij&TM9%*qz1piNQ1CJ>9dNz<1U@v1{nF&rvSol{aPJiq8UbN7;~FVnDFY;*&cz*6#YavJ7z`c5cPh;yvW5xAmXufM~ zKCrR-E+qe;;2-IZ$zpS`)#d|7>O^hDQZ%+Tln)$+xxEBT&boGUkj*-AxQ^$K9$J1e zxb%4Y0pZf~X?$FkuoLZ>RXf?+6vg9p=#@5&Nm^8L(6ohYx`JdP;u z_oR|+d;Zqp&a%3$iHw7ALpXEbg3Bhe<>$- zj7#Ig*&u!l+W371xZ<}lCC28*pd)o`zSRcSTeMfqt}{mQ>BpeQD0Ul$IY7UQ;mD6c zN9vpqUA5^H&iHfVbXnoe(^bgRvvrD9O5o3*vq&9FUuDl(G(G^#50`-H&sn5SXwQ=Dq~Y`dxF1Jrg9Yi+^m#1m`Ui>ACZZ&7_dG^~1>^F0UA@CF{Gcrv0)ES2O z654AJ#phjWuMGX_>jgvKVSN4O}QxDLLlr1*0p&F!z*z>Fb3^onrm7 zGA0JSyZOWg7&iVGq)($47PvIp-$ZWf`5s?*^eMe?iF^OmQTZoPTJiOQ(U}Ff;=8RS z#^%eINS))8F=3e3mVg3;&1Anq@>T;ls%fg!Va4XR^Nzbe`tQ)8QLN$h)Sm zyMwU>pEk{01at(jCKhlRs^imUq>e|Mp|X}XulRta%>oQ-2l%uJOvCS9-gO|CH-wwC z?h`7KcO4y@Pn*UTD8NXMbr|OVEdkS~%}AZ# zy+Rr2O!v#^Uer6GjSOQTR<O`vH$^S&pCJnDZDzK2%s|9=*@k)0u7kj=#@$BJ&i~ znO2v{7JrC+AcppmQ+zsoz38;G{)A4a_;h-|=FPL2R@ifOJ^g9z3cEibI+y-FTBFkf zwjlg)T?xEq>=_J2>UcV7_wvP4eII3``seB7ZRjL(mW8L25_bJ2qLX&I`(mI^7bn_} z{K>$2TEspJ(F*&f0{b|_V|sImF)a(7zfh=S<-EmXz()ze^v@?Yyj!TRIiFerX1hIq zp-3GckJnE1*Ar`mM^6{~b`o}h)&zWB2cGnh?pIP9VO}rL*O%P;!iwpk(73i*JIUA| z;c-1h8^w4%WBukxo$Q1#uLu0*5KMm`E#*W031fS-1WbP)ZIL=YF26X{kBR+2_*TSU6FuHi0;V6|iqx@wdL+ITf@k&7ziqVos6Z>lXvEJIiTLO0-vy=m zXX9IuI-xyV$nt+tEtxA})(>)5^g z@291 zfU7whTLORnoJHzHb?S)rv*DpI%xAfqs2E-Qa~7#nZcez75p$=f4thCwFPJ-!9Ak4F zd<8k-=r&>;k-XFLb76Nc|Jn3Z-B_1izJG%H^gtPXlAnQXluzjXoxr^&_8xTIZSpZ} zir_xwAg+(~E|G5`lY_pFUw@|4NKCKM+(lB$T_pHG<}Q*Z?jjk-T_pY7u|i+wVQ-gv z2i!K@)v|w7YPdV#esasm_jB$4HS5dR0L*W`5Bt@r(tY-^9w*ka#2LSDiBs9KWFKqT zIyZeAzJtyjD|H9l=V`0l`?=0xty(Yz>&4&jU2z8H>v--czf*UAf{XekPD--oQBVKm zSO*4AyUV%D?`GklR_9!B_YywoC#ZM4clrG{;|a~2HM{hi>9|LlC~aX!eln6pT0 z4%r3E^4CKP^|6JixvY6>-i8j0Pbm-KrJEm3?~6D8L^$nTxGaD7k2x!3{xZ%~f9GJf zHb(xyrGwddF|(E~yw!7FiT3hmDU+MGEN|{zsOCNI?hM|$z{IM9(|yG8%LjA)%Ddq6H}s8p zsHcC~!+a-qL+8)vE(5{IJO_`zn9M&cI8OoRH|Rgzt?@W_acFEmrGHP-mN#~DhKl-k z*vwj`nUk-&ZC;@uuFc>@LQ)=)oCj&i+v@k?x34Uw#FT=(FQ- z`mzf+|BQbyp85A^LjAzEG4$H#)%mgR)3dT+S!vnuKVJE})b>p14%v`<5FEpkxt;D9 z`x%e&h_Vj?n=&Cj<35fw_iJ==7j>HZF2rLRm&TO62R#Qb*28DHdmZ>Jao528Zkv{8 zM4Np(!42(djN^sxdntbpbjG-HpHlfmSpM)n!+VvVqB-Y#j%UI{XJ8)tc&0MSz4*h^ zl=~Fr?oTpC-N{k7FFPH7_h9xeC%?hor*aoY^!km?!nw0jL(yuO&;CsC6@Gh;P%nqUizDDg%)GU#=e^? zcNm)4LLKnywY!TP5kogw=ti>F^!E;T?2^%Y=&$-Ri8(fXx*a@hacStnGU-J14zV_s zV?1fjz0KZ69~hHlve84g8Jr=LXBwHD<98=9oG!*#_u=o}U;p8;_vbc(W5;?j@98RYVqF$vihF^EYaaR|D%h(aS9QHX9nB&F38c-VL3vEy&`f z;>9_m8CqgAd6S*)_P0a-l3 zrA1#B^G;`$sja9io{x>*M}3{q*GpSt;HeyVG<-FNcE+1}yRzdLUlCcn1^FaiSPI<| zYcTg28d>bogkV}(e6C01w{S0%FE2)r#XtF6 z!BsoB>OfxYL|*MhUP(R|!;u~DUoc*mP73!tDz~_kH6e{^VWsTOH*F+XXH0>%*a{fn9;SK93yvmS{B)on~&_GZJjIV%WzMoSld9dsEvEB zGsv+Hbi?$Q;5o0ZX&XA!xqnu+%AQvFK2NUvk#igSktv4Xp&h+TuXlPTLqq9!^QNrh zoUOaHWak<<(4p=u{Vny(d*yX#t%p2Q-LI9c6^-j`$f{jg(E##cMci4W9Nl90UG{tL z3}X{JDd1MHZo+RWR;T^N(sfSnVf@gHbkOJMb7)__p-JvO1t+q1`k~EIy!o_;=O9mh z>u;cW+U|!I`@qB1-dStCoT=7Mtfwvhz~YaV;Jpoj^8k+Ky~6%-wf`n>+|fFg7C)kX z7~U(?3*9NmID>V?1LvEZZ_ekWed7yXAiiRLSOaBkp}Tj?z9kvtUGKP-C09{acn`Lr zK3n+L06%yyVDSE2%{j6Aqu@&}iVpjrMUf|Xw1+<*+4R9E9P4mbYO&G-v@i6w&sQ)k2- z*|L{&`kd4$=KFpVTL|K3INaz=wG~D7pZAUBOo&-CQ(4BKc=9)~=WRSWZS&YPX7RDg z_Ra*KZdv)G;M&AD6Lw9Jcx`A+k-B@a&D?dA=0Vd&a;6_co)}n$A}Hku4r=5gQDi*B9)s)qUc- zV(0Zm&(SmUK6jSCrr4!2YZi76?V4h+kCH3?92y!Z zoF69~9mYm3hF5@k%~H^qBaQ)Zs`JF_~O|A@|S%Z^QL^Y%=1F!tWnu58g9E57H>@l{9Zj+#lHt+`sZ z<{ILzS90#>827$x;N4>IcyzsW_Wq0__2lOmSzhzzRBpYK&oLg^mWtC=5&z3!Tj#C= z7xgL0MFHb(+2gkRnBF)yTshDdLwg$E>OFQ z9q3*ia(;|`oMjxc#eRKVvRmhrsz2FU+R^*X*AFTVP(@s3fcUriM(pDKl@ss0ubuhq zW8M!y59{Z?IrT^E6s=dtPhjrO9s`VD&~6sH0^3z`aFv}?-4!aEE=Zs1+g7`VU0Zxk zU&0nGR&PJJGJZ#qdd13HnftaIt;`M6PoIZ}%u~x7YoX1>b}a@uuDLV!)OxrcfQ|>o zxww@bsC9y@7ZWmZ@Xr@(0|946hqpV~=#;^QDQI|1WT?Zarw%4m};R z0@#X`2K&}T-==zfOUIqF+`HG0#;c!KXyi?Jtm?xTO5imX+It_a*To!)2D$snAD?J7 zv<5RK*&`ngp3e6nclz%wCXn2#<^Qvpad$#3yuq zaJ2Kt+jy_|P459@spMXxEBBtT?JlK!?RkwA>YLA+-zcZE;-pyTs3{elqi4lC6R#W9Ira^eohO|& zy7T14V>(ZHTcUH)#Z{eCE*sl<>Y8z#r(Jte=Zu@ich0)?+4dz3!VIzfuq~j_DsQKBiH2=b0((r~4VSn3+l0+Sw`ed_K|Oj{h#o z8u_(zQK}bNX>s~7!K!s(?F7!yZBD-T5}g76nZ<4KpYeC^Vq^|y^t*e0vrokvb%uN2 z`M}T|FKud!!vida7}+Bp(S6EhtyJ&VC-Vz+Hh>qqfG;_ af*UIN`xMtrF|sZD## zxz1>3{Kjrmd%Bl92v0oM;K4gs>71o=s*A~({c{VkkfAZj6nu~ht`7>{!9Nw3XPG%8 z*Uiw^8v0rcc4n4aU-5-vu+4gJVEl>;XP;_nOw4i48Dc!@TY6`#M=;(2jCAW24Mv7T zHy3#HgS@^mNqklO#2j{u_APDc-Q38#`ar$8$ZOH1{3OYcw$`6B*Z1@HB!3SqR;*IG zBTanT$kf}NeD*eC7kwXv7OD<2FQ&fwS^YogJ>CKTD~b)7_`o=4(Ur6xoHx#aZ|A5~_FgAHRd?ceK8~ds#YKWNYF1!Hf^Y#!Y(bv2(m=&MIF;ria5%wwS$_2-H2gMW0H)+XBGKV|+t zx0skz19=N)D{tY~_hMIg{0feW+7cOLb04yLCov7#62BoY+}IMz*`poZiKV(G#@~wk zfCgfoeUxQhHYnGGH6e$!c*%@@o?XwMiFwmU`F_L^x;1`+YP!q9*dxrXi7^@39gs0s zQnwh6d>?`OrRL}HKl(f!!mqVC=3S2t7^c4ZIKRXk)p)*NsX5Yoh?cL>nU4Xx`up?= zAF505`80T#1PtQA#*g0s9wva}-V)S-6|tBX=a^VbHlDbsE|zUTUUbVw^Zc%&bMWmAiZ>PR zNie)S8y!>W+#=azY{@t>kUM6u%`e@_`BcPt_UK-k3fj(rCvcb7T{RWn`p-BIqZb8;>qzV2Q%0s9mHTi##(IFt6MUjOnDnm{_9_Q@#F=>l6kIJa{ET7=NipP zJQ7b99OQ)J$?vA#@x+s(_zlOC3wyuRm!ILY6{E9oJULwFAHK)<$3R=msT)r&tR3}^ zaq_1#kI0Aom5eX6ABT6we@DkD)|{D)Jw3t6UtjEe18lK=?60SpiRE1ou=dbg{Sq)7*AI0}&I;;#)M`$GF280*JN;L+0d6W6&iGgyzcrNTOy^uFT3;KSesT=j#WqPUsHJMg1* zGVwrLyl@6YMsTFdz>D_EW#9?%LIyrCI9Wf_;3VPciuA^r4Wh^Euos}UhB|bW;>=lO zo%D@xlE5!hO!*ncDY_JW3Wjhg{0g5NWp5ytWmBk}Ez^OI+`;-%uxy{~S;{KTEI)K) zTnE=!+kz3q z`6}-obTdDcvt^3S&o=K&@3Q6xTP?Is3fu#O#bt`+g=sDhLiJt^IWfnj1M)*l%ZUUw zbul?1TU&I!NVIwa<-~_Zz|En*E+Qvd3-VRD!2S5mFJoua!F%w3qoLiuAD2pSHiKyQ zZ_pbdd{S1lYv>j_wrlW3X*VESimkyvrv70!^ugm=^V1rRt~**Y>Ya#=l_A#y% zqsW;R&nst^GrEjDMVTKyCOZ_nfpI&r`cDLHu%QE$#IdIm$3B%j31T~!L~TLVlUC7( z)!6^UAr&){Ew(U*-Fitf{}%c}4vPzm-w9_M`va#AI!`+{x5fW)aSikREc>r>SAuiw zU~HnhOg`yFvV*1#CeG$gJo4)5U%tcmn93zMSF#)#tM+ZZ81=r){dN!W&OURl&l$h< zp~-6+cGj+G=vcU>p}lEML))q~4PRNmreXKSH4R^GUDNO{_pE97(#|yvU;OHthFu5N zG;}?_rlGTc4SDF4jjvhUGAq9F>RFX5le5OGoI9&(r88^X%DHpKuXN^2SlK&!;>vxq zC$DUqJ#}Tv>}e~no;`hKa`w!Xb7#+9>CCQPshElLnYk-_Yg?AcABxRBup~CCX65P0 z*!yZ4DpsDp=a!YrxVx{tfBJ`F=`-Iqm+uMZ^>gsA7RkR_!C&SgWFKSA3PC`ab->w7fX+F7Aaq@w^lJaug)T#PmcBUBQMjBU)it$dqA;jb7t8h{I>&F zHq>+Xprf^X*7186Qr^qE9Q5$~n9e$)y|+OtMSU>4pLC(lGkX_t|I69GT}Uw3xBzMr zs6Bd&CWntczI2d2&U5=Hzsp zTnjC(g%;OBi)*39wa_AE<7;0bE#7BnaRqikNjls)^FtNTp=h!WI_#a$vIM+wosl!; zKP}#td3Zyv`t-)wdnfE$V(^DOkscT8IbZblVu9YYW+WS-vp+&_$Rs=Gmfqgz(OVjP zdULTmQ6>3cWW?ciFODUfpcuW~r+Jv>&clzqerLz|^BQVv8EY?+S+9RDG8Z`+ZO_i3 zXb9RmJ3(2+)I&6cJm#Ibr}P=#iC#CW56D;1t8$Bviot7r;XtfM>$aSmLf)^#z7yIh zV?WF3^tBGzxedDI!oexMj5XavZ1DUTvE+{+AF8^>KLLE%O}s0$pJgNRxt#qh13xc+ zKg&m+WW5lW+Rw67- z*;5e4qnqQP+{X^$Rmy2?$A4BHK{45GeX2*-TimV2o_H5|tD}uQp`3f^f=)iMTTI+p zHll1GD}%Mh+eRMpY2R`87<95`p?T@>^hRf#9DB7xeZ|Ux>*!Uiqie5`a`tT*ci$0r zSyNVasey%FR7~@S!nbYD=qSoy(k`(E{}u2=m>8B6xd$?jY;<*=nLp#S*o zlMec^CbQlhqNS}bc=SiTBU{3Asx}8$Gb%<8`=1-W-h=c-_02laDl_K8nL8ew@zdPU zyqUCz<%%?+H?UD{yj5$rcS1wb zxhBUJxS8|Ouh`)=KNGEKPTw`S3z#aSO8~H{%)ZSU58*Ho`GDkH3W)IGryg5v>chB;w_6Yqob2y$dWyHD;)jU5gmG#aE zT!*e0Ixq?uH4zy#3E!19#9HhuaNmc2Q%pW-Zu_8*3^XBMMPt%_i28{xZp0_c=}#}X z*86JuZ$2lwpE2gUg85FjV$(6#|H7DsueMrpwV3aOcjm{Jz@6I2F<<@6xpKAA{Z7y6 zHBRa))FIZtX@j>GYW9N6q%8EAgBCSMnt#a_@V+Ps{h0i7=tAq|stau?hGy1HT9|jq zhb%EP^Q_9bB^iA--npfhd9SCO;&kD!)W= zd#!0GrdE{yG>={mWd9|UUq$)Vl)sYa=$Pz6$K>{zd`9M2{AzLmHSh4P$@znKP0kV5V1xBu<(@v!y1*h{hc4}O#S@Rw|8?H`gYvNt{xewxA9 zuPpGB>Ejb6`)JQQEe7L&-^XFA+ zXyR-U;^Xq^K2BUJnxEYXFG+@EksrOtjtsI08Rd`B&(lUG85!ltr3^f+{Kx+5c)lJU zxyUj5WOK-`glAtL05{54Q><2eo14$OO3E&v?2XjBna_=U-lp$7U&v=Oyi-M4KCS&B zd1rhI_F0KP<>&QXg1l*RbCtLL7j#4UD%w`vPG~BPPiESh2(96p8T{<$t{Heb4S&mT z5#7mNQQPTLoJAj}ZMFH>0op^JNv^3(tvAQm5{yCZyXP_NMZOf;)maU)fmgfj*1GLl zzwBr9S#AF-ZR;~ro6LV-cGCISLRz!n*-p-@FntDBM$YYw^>pm4@MPT;+N);reY4m_ z(kz@yUsJ;Kg)Q5G&Fku>wVSq~Pvon}ev;3sxs{D2 zdkx&}GIpB$%hArFb0}x**>P^n)Y!A`ny|5F{dt>!oeFOA>_^G+J>5TrIm3p+emZL2 zILD`yURvkNts-L%&f73;SlRWD&5~V5xATWb=_7M5ojfoB{WQ^$JsmoyrWj3a_4bxT z+YH)gz1U~HV)T_{W3Co_z{A$R)%%b= zMj4a04E(jMVT#{H$0}Fl#e0oCMmr{tnQ}?a^)dDjblORL&YVTy$$gV|Mearp+8T?D z91snH1JR$A)sJB>idLVKYz@FaL+wJpn!~X=CkC7c`>R-h)>wrr?Hl<^`YU?3?b>mf z{?bOqD?3H)%67qKQ+soRc4nZxv6R#Lw6O!Bp=xMNxEB-tmR zbKMiV+r8ht(~|vU+n0Zny=UH?3wJ$F9|CLXW?vHH)4ZFqy|ev0vRhPE`;c}1mOaat zHSz?$ZWb9M`&{cm!8)}UZrJ3ejTPZNjv;yOpA~7=-~(sY(SDMCc=6Rx zon^;(*I5vE!uc}hUOK7QoVyx^Sz7{TyXVVC>lEvsl~XreW#g&^81Rf6AHY79Z6Q3? zVOIt3w2b2Nt-_^bGxISVF1HSIr{%NwS;hLAv2kbm6}%ryvR?CzJz-+q_8i|RE;Ba2 zmGZ&*8rPu`Fqeh))f8}3EN6;*uYAAgoVfh;*opPXk$UVE|J(;;plr|__D?^uFFPMQ zaRJ{K;{Rc5CcIeC8O()Q(?))_wf=&9h0l|xeO1FjZ@;hEvoCo8KdA3dBLn`ab#22J zSSNnFa+*ATNI?HuzefL=c$`_|UWjZ%PDz#(#j&LwgX2P8nc&<}0!NmHo?J@|D^hRh zfO5-DCe{{D$(~fKO*wjsxAkMY2It7Gt)y8i=!ml>fUQQpn8~ZtxefSjCN|%R-hnrE zDeu9=SBPP2zg1>|D{JMW>kO1m$_xMc>mYXCWnwAF|MgB!u{D(J$*!h*fqO9VvH^vfo9hMy$8+%ul`BwcZaGRk0pMZO< z-R00xdLGgP%&F{O_2KRxd3wvUwaJ>AG4z|Y0bFm{`_7NC3x(Y9-YH4m7SShk*U{?U&vM>0 zo+-90d4IBV_6NNBvPsz6uzmTVlQ?U^-6#HOaB26HZ#%^~`wp+{bYdHa;0YftG$y#2 z1Kg2a-Lm8g)@5_@1Jy6(_d#ECXD7&|I&Eb~tIpoIZ}D`~H@6=L@zIRlx8sO=<7iUZ z`xn2rKhhpHj^AF~JgjwKc`rqw_4kV@6`Snak!Q;&zd!OU#wclatJnX+wqTd z2T6jn2C~3x$DXOVdVcErY7-su2R;qYV`C_mu4ie*#xnC$G1jcAkqde+d8PGC#nO#l zpj=(d_2YAlUF#pV-qY7PqOoA`q_pLb{c(XLtjewXBmUu{gQX4Y-~IyO`*ymp4f#pwg?g;IPzvp@UpN0R;e#8JDYwa&b zAFJSJ#UiZixW~wz!dZLD1IQu+a@4JZujP{jN zo}hBnO{|0RHH>GQk%yMEnLxWXBO%-hjAr`Aasob7u<>V@UX+sDpt-B;3fwR5?J zxeVeal#>`gi8HcBr<4QK+l*dW@0c}m1~8ysQ5@&BdrLtv@^+uk3pIW+(sa z-#FbyF4Z8HZj1I+Ib37A%=xO?^Vv$hJMih?QSQ!|bhvp`<2dxk;Vn*Hai3n!hZy)2 zv~iElo8iowy`vg4p922+(W!50oClgVZ$n?`>}Tb-x3$K5w6`Ep<>t0u%lMSf6Wi*f z+SXV2{_<5kH)nOP60LJC?`ryRn)Aqa)DCU;?&N%k^9$`u??nR7GGzi@69oUZK zL9}>lUAa4uPZceb5;gVXWD6myZt3)F7ro0?1>RAw%9Br7)q6+mmaSgdz8jglX82Ni zbSZe>`!;h9!X$Djq#rl1=gjOwyA9lLK_61~0%%8l+e_a<_0KKTukh;A=d)HYPQf^z z^FQ^eb9lf0HuN-hynJQBabtRIQrlpDg@lCis1z{lpy60g7Nr_N8HuB+!+ zYt-I2#iUmR{22Ke?bi0Bt)ciy=gvzt!?FdBu9va)XOVi^;~&Mx7Wyka861Q3 zq#g54jrqnRV?H-B<{O6}^Db}98yItKi7{J!)Jt2%#=N*N=0n!!6Rs?;ZhsGQw@BS$ z<6dIN9Tk2d}bc;r1{Bw|IN^mM+@2CB)fl&UGW?2C;Tv-o!8v~|9xBdUgUJA;Zwtt z$l`<-!`jUFh&wfGccqbe*%4~Ng5uPf2LT)zyj>Q16rG#v8ju-NS!?`y{6oF z^+EE<%^!Fi}bWh{MRf`T_N`@RQa`MeCvQdS!Gs z39%wW|B^e(w-7All{lBX=h!&!;d6BhXWH<2C7-MLZ03`*Pcq0;hdi9VuY<3>#B1K} z><|v!y`F~NLvz3Gc`s)Xn8j%3%gVQO`6N`Y{dcA7h3=YS+?n}KH@P&}B`ufsqK_1J z*k->o_jNiGapSB8cMtol!40SA_w0raVq)5!%d~g)8)!IBij5vaMS0AXC zW^TL2DmQ;gD#7_V z7i`|Ohj({5vFe}9b>{w<7rl1|n<`p@qyJU9BnmTxaS*S;RVe0SlwY(W2cPvQBGgU@q? z=Z0==`>~V#{^$%uzn$rY=Z^-T|7GF%e*~XjP^3bQs;G|>wI3c@oCAIQs;F(3au_rR{Lio{!B2c z9ixZSUi@DBiFDqkDeKHlrMtE>IB ztX~nMr{71dzXZo2-dbmMuZf2gd?NMjlk~&$8T_%U&VC#3iPS;1hhjJOyv``h{WkVP z`JfLcn15RWrj5%|CR8Uo!G(Dcyl9V4vHn_J`^aj$wpAEsvGU=w9t&mFzZIqW7dq>) zQ0J(8N90N`bQ8phpFf0*Hhu&0xwna!Cv=ynac$l{L7nH2hZ8=ApSWyPDlyq@b3Zg%(>6D?opvNM&uAZ= z!p1+8h}D{Nd6MWf*(`Oxlr3?z9pAH9`S_f!m*W$pAoNl&6z+M!D;(@@;uqX$(%5^zNhQ4V-L3&{_Q3g#*fK`<1a(%@qcOub zF=wLmR!}!}VyBzCI-n;vW>9*3^8^PvbLhiRJQ1>M>%cYkN4M6^?RV*Y(aL-Ay@S4{ z;)-TW%%$RL3A6THy{R3YRUAi~9_HDoT^0DQMB+yi&MmTG7ZF-cdMjvpAmzPe$zo>lb4isMvvU&HP}Ka@UY}2>y|-lKuwYDcOpDp?n6)W#9wFOCQB{ zR9sHa{=_+)A)FkT)gxaRA0nT*xddLeh|hqr(ZDdiZ!bQk#nad6Z+87V8ne$GjVCAJ z#^|%p9gU~C)}Hd-1@Y8|+*J+~{z5)?Gh_K7f35WK4(vJT@CN<{zT?8Hi;Zc_wvJCJ zulOmQ%d7IuN&kGmd+49q8TbzSbgtvMWJYZ4*t%s-W2QBkzZv|P=cAmj43O_}A!mpt zVh=u17b`9cmQ8iXG<0BAh(DCGXy)ZE@boF+3|&UQ6@SR?#Qz`fJbb%1rq41D>eDv) zl{)Kj6=m+>uazia-xjR^Xz^V&3BO^=v&kNq3)cN5=lnCNUSg{zFW#&Z;|E&*4-8cVwu((W0w zRjQ5sp06EkL-maeU-vpA!{=HVUR8YF?AlMX9mOv*S29+O`M{LaW5RL&WsUIE*)`zu zSm7-5;we!$$}jifoC~a_%)vkN7oVE?wP4m>-gpq0b2WeWGk@oLYX-+SPOGaPz8pCc zrO~C}eIb8~oP2JV{AcH3`GDD-z+33#MK5KHceiw9BBnoVBrmU}7_3CXc_gX!o8fRsv9Q@#T{@Pdi& z^UTBsR=Z^-UrpK79t_F`VSL%b;JsjY2+xqAcWIw-EL zJ*|S>srjWJIpKdExc@S8Eap5S-KO}C%KSjNeHs__!Ie3i+SdOp^;IT2kNRq-mNvdh zT$(w^Hcd^4~p7k`a%X{P|tX_e>{m&W3R5tNigl z>-y%=@n>#F?oM`y+fMa$!&%T^wslRT$vKA4gLX>`GX4$pRdx&bT4e6=t7dHQqUb7n z2WvOjJEBR+Y<<_bj&;8F|E73e(UsIoDL)69Zo z_j2AX1Lv|epBqCQ{{VF)f3XWRrsu|$wh8?;0PtQy{)Ommf2Mf|dldc=q4LDtqic;O^yfX@hyt-Pdci7p}Mu z=#OJ0AMhml;rU3RI>+GyhU*XG13pJ?X)&0`=mUn}S^0m~WhH&UQ2F6}!0(jmUnw6j zur}0wpn6ZtoH1Eg{|c^kX`RjZ2=H46WowB?t#=lt?rTEUdGwIR{;!0ef@?fSpjT{Q z<9{dWom<-N9tNKE!jI>$My1cB&UtInTG=S>9>6vRo|o_7kKd(ja+2tS*1GDnhR!;8 zJL}!bnZr&ZrrW$JYje10x2-jl7v;Al`m*yDyf3DAOfvrg@R%K;uAR4Uuab}XHtq|E znSGa#wTDr3G}LL41b&#x#O&>bQYb#bHPYyjM(FLjM_&meCmubQx`nTRuxS74Z(59 ze$bvJwPVLo{ozSLfAN$Rmu{E36{d{0mIFBe_Uv`S@vw``<=Yw;P?WJ=t%p7QL zYTY?NwiWJlr7sTvSABY;##~z%Gx;m*WrNPJ*W%2HXcwEw(0>klD>xs?bY1;#1a=-I1TY#ZezS=v+CgWRPe zz7svD?dxgtKluKy{JqTI|6}g`-f`!F>O_c?p*wbx#I?X}ikdu{0|!pF=7^d;%% z`)uA2!$Z7RJ%{r_-4{Zcnb-JCbZ*e-!l7>zC-#^0?f6dmve~bnuLQSk^uwOXJ3!uu zgPg;={FjV(CH%+UFmuA>)z+S1F4FFYfMbRiD_dD&_Y3cn?8n5_b29z% zcOfTZ>V|!0rE<7tguP;Orqk$%j1zu|DJM4JvtTR=S^R_9{&0Lm3BIn~MYNmj5Br~6 z7cNqNp-XgKc#xbPuXbH%1jhfZ>%v-N{iqP!SFtWU{~+HbtP98W?tfri_>jf%N5GG+3nz)!`Tt{Gm@a*oxpa^E{NK1P zEVX_8tl-A13*%|`zk6L6hKB!N)`hu01=m-xE_n3q)vODTa3=rNtP4N;=Rm&SihsuV z3AC2I(z>vVy;-|1l+<(b`H^=ftP2ChcsbUEl5WuK-;RB>D%E#8h+K+7Ng8HbfWjbl-daP9J73wo6ZTN?=2Dp&!bQ)V=Wa=Zt*yS3C!H z0{7aN*a`X_wG)W3Gj>82dPMC6`f=m|_%e&mMw>l++Y64yHo@Ks>;&wcz)qlzSUX`C z-$(5P;LEq>bfe4QMbYj)+AJU!^xX5fue<)B85xBw)iZE~ZztGxjIIVvq*p7(PB>YEC;l;o%rNfqGl?-NWdw=z1rB71#;9yH4-67jX;dzrm-!$paU*6NKaXQd%23 z0edWrvqw41HXrTTFXw@%3lGVHZ)iZ4bibPvJ=+PR@hEp z?K-h8VkfkSc2f=in6X*yk3or@K>N4Ru5hYTpH~(BE(Haq#aM0xy%Jl5>C~%rSqzg74&C5WflT;$NP+L$OyupQieK z+UIO!zUdMEQ$zSqir_z~i2qiL|C7Kp`13A||8npz%=i0a?6GRbENYMOK3r!NdFN%@ zjw9#UP5~h@|(4K-VWBkt9u5{ zJPZvFcin^!jra1Q9Y{|ekq>PUc)bJfdf6TALTj!1}ebKIe zw`nf5Tya=_)H?iRf8c(1rgoJ0$*}Rwy1@E0X8ofdp7@isNNvg=&=KC;>H;kNvf$o-S)9hX@jnR1tkMmg3T*WZsR{|aR<-OnAB zPvY<8xo3UFvFT07;_W;STxY9HSpv_qO=`U{3n}G1ouVFZC~2 z_kjN`+S2;u`X*mthW^w!{}_GMp1u0S9$QHt%({o2C_G&suCjeNBDh~|>I>Grdt%l- z>hKXRwd@nTJCb}A)yW()+CSbFU=lAoUbAs}Vi3U0&aAH5Pui^2= zAK23}4L-GF!n!5e_k{go^zjMW6#cfSudG+WIIz}KiLY4OoE(?EC>j)4lft}Y);nP2 zSi9UfC?AdBUMsl2=57`0>bHDi|3aH5Si58cs&Dh~iS#1i>O$qA>i z=|jgdye2+4YU41~cftG|@V?3OL;T4fW_;PKUB=H=$2#Zc3u~TutGLct+OS@gu5-G7 z@-yT}2(5FpbB_9=wam^#`3?oo(WfwjceE9|&hbvTI{JJW`j~ZYeq^1S@76itP-dOu zyI`FI?nkh-{B_Rui8V}p+UM3ezWI;)z<*K*f7YfF{Hu%jk6Gt<7smfa@GsQ){YmsY z@;+SWFUa*R8(VFDE9`d!H%Aw(b6bIZ{6_ex#;>2RgjZO*dX1lVI%~kYS?8`CS)|z1 zN_ZyfcZ{@q1@N?9)kn^m1nZo9hupnaa?S*te##zKTs^nWEqc4PFC%qJ_Tef$;w-VF zh#9ZP*2-fmNk-Er69*W!4;7E8{jBwxlk`h6TKnY0o%Jb3ExcDHoubFz1Dx`e$H}id zu<5YJ+$zbD$(nd_Plo-u3UelOuzK&x+%w*~obFqw_U=p74y?>gPCc@6xcbOSX!_U! z=(~nHM94{Xs1f|O@w{eoHP7Sy=UP2i`p*~YxypZT)^oN0e7T+{`p<28p5#C8(DP*f zxkJxW{pU_SPxGI<^*qCWzF*HX{pWr?&-R~>>3OdIoYQlS|NK(*p+lU9I1V5E;T4nC zT{5m}-6eBg_kqnkZ|2#XQ}>SAIp=bJP4_zn(|cD=uze*a@X!SMs(xoC>v_EYT&w3w z|M@~aSNYG)dam}LFW2)#|G7=ill3XPnGYw3p*npcbAUcfH2+g)RP+4t)WmI>3-`~era$ke zyqdmz!2BN%&s3g4EZ?>r7k-@gRrYGby&>WOFfn*Y$G;qhGSRcw3o!o9OR%4*N>2r*01-_BY0^V{S1g%#em zFJ5@-tPk@0CH~H=n7nPrRop4aGNLPZ?W9u?$+Ha@dhQ#9m9TpIS+Ln9fVn9x)kH-t`!MHtfk(?!q!L z`Qde#Z%+R*>magTYYX__tGMElyv}@+<{QDtu^tHS?`Y#S#x2}h+cl}vt*aNY29~T# zY5HN;rux(Ip|HoOJzlM~S_8uClCh=J{ytnZH(Pitf>BHc3+mz(VX<8jG@=XdU7 zJ}H*zb=bax=rUTvd)#>z`YXSH`L=6*XRFQQHdEiu@W0*nDs!_L7~cFKmT3WdiJY4l zbDkyK5AjsF+-yJkcj*OV`LNlYXF;b6=L5sH5PO~_+GewhW#apAeU1M&658y>PEt%i z=Qm2~#Np@W$#~|8AM;<#KbD{2$T=) zi?&%VH{10IZ6@Ys<2>ofJ*Sa#jI%VzfpA+R~x37xlxg(D`b8z#fW&XUW4|sk8vg5V${9DPB<;O^g|K=potc2%_ zb^dESU#zb-Phl^_@o_277wg1*>v+C(jpO;^_sKkOX}NPOEx)<~TE1qUFSe|WgkMQn$iJy{>UViWiDe|Q@@}74$^G-2s@(&F0eh_#m>OI5$ zmtZ;=&IZ-`HUtb4YsI%mzsdUC==&#JZhPgYSN?R}V?wO7IR{?Ax1jx!!hFBoVQgBR z1(RJKZuddpooE67I=;oG%}lNea)$SkJ6k!kbxvJ(7b#bE{SDu~Q?YI43=;P@Wq|pj zV9p0e>Z?C@0aO1+zW}brCozk>c(cu2QM%v6oQ+S>CVGm_pJygY-?-Y>H&~ygZ=jzn zRX&0OeKooH&}~G&0c=#|Zjg?`_;mIFSGFiV`O$*PO7Ncz-gCfT`S_Ic_iFlJ^C?=r z2EH|Me?JC>aQ=>Pu9TiJYeeTZRQ9hbL*J1P1sv{0pDNXf_~x7XCe1hSGrFAVm-4}= z&G6k8^)9FO#e9oTYF;R(Hgo3t;XURy#!TyH^xUCv`l<57QD1o*%fWCmX5nShKO=eN zv&vUFvG-(4x>GS`#BGlb!#80(w1(uwh8NsDR>gVa)7s?oH$2CfrmuFn zmG4!&T!|i8L;Rm;Cca~gPryHyK{wS|1>KnYpF@9eDGvlMO z`8I{epF{JY&F1hOE@RttbU)TAx)<9OoJI88vn2X=<9Bi(0 zh@Y+@_E7eh?n&P?a-(#dNyq}uz)I%zP-gtIX1(x=>xKG@j4|s4^cVg&ht~_<>nx|% zi>sbs{`1?d7w$W=UH~I!zgI(UiGS|J zO#e9U*#uwYh4yO)xp&juIjMcAH^cY!+FNA)aELede$Mk~Q*w0>e1{klj~w&5Gt=Wd zpEvQyN^kt$m2ZZ2;xXWuoB$?wH{WNt<1@#4?b@sW)-b#vSfY!uVU5h^emTZPeAAuQ zcw9U3X{}Fur?xienX!={RO?uteq_csne((^{Iw<&Qh#pZy9<0{?o4C8Ab(y=x}Ve0 zN#j_73`)A6^YL$3IS5YA)6N25{#WnkypsNuE42I8%U1#$) zxOY|XQv+wopy#%E_N=9Qr?@Eh?mFHr0iR*k#-XL~1nqUR5C2B)L?btrv9G1CDh^0@ zNDi)+eHzNI$@i7!+tPC1E-ii+g@3l{wD|Dztn8b9J}efle0QMb>cbA#yw-$;78bc%KEgM8ck?mm)?#&T_Rp2iFItydh`77Vue%Sw zg~?e*ooF8)B_?+;QqH&r`n>2fAo@@it^2U*#+3hW##Qss^+mB4>c8TUr1wdm&{*6j z9IbEVC}SZ#2Y&F|cKwQs-x0Ox>`m7%jU`YuxL?5V8|HZsEDD11IHe5~&! zpc#ILXumrQ4yEN`dr~y}Q_;-$JWBEUkm^Rt;g7O?&Z>^J=>oi{6UA$zzKfKzewK{o zJB1fz(YkLlZIqUmoC`$Gh1b=J_FdNuZcdP{XOZmQT|aL zaFgrbtQSq~$V8LN^U!y6A17)SEEn^QZE zgny?hb`0`c`Mq^7h?m;(*{dEO$Nbhkf@AgLZfj?0A1v%=*FEOsE;`AaJ=p-yX83ct zvj^FyjDzL)^zlpCe`Rki3{SWi+n00RJ)HBF9c#*%N7%r(Wmre&xiaa0l=V<{9%b{$ z{{^3qda0(9=hGKAugJ{=e%?v#*XtZo7qaZlPqRj#Cr&_@XU%+!Tx0E9Z@BJ(d8rA9 zQmLv#ABw3jzm3i(tNsGjM-TC^O{487W>3BgeK(KqV&=hp&W3$0asv5q-z8q7@e9fi z*_zDv0etCIj^4YVx4%9Y=V%$ZPy(ZzTo_;E`;t0|av>DIt$aT^3tKrcCz9D%!?2Ho0^kS_i0yaTNroA z&3C{9`u{fZLQCA@)dVAcT9;~(2X7|^^B0p*@Th)$P?~3K&u{C|Z=1j8>pguRM&y1IJfg_w1RIU%v zIu9)QRb=Z*?=|uO8%JX{Sb5j1@Hj}e$$wX14D#q3TEj(a4?2gx8-vH*Gdqvk93oZ! zC-Df)b9gF{4eDdP<}w7*UBsGDa_8-7AQ z)?XPJqkHdXa;Nkx_MFH!T*tW2H~#d#XBLuU7<==%?Zo#nmh#6pM9!F#%bQ$D+zYfC zn{+MDV2gU}l4dUpcEu)g#uef%n*XJ?ZJ##aE0p)Qb1Hj|Thn&A^jySaZX{l`mI$XooiYbG4v0Rw1)e z%pY`zB)&P^V%9!#gl;KD+V1x{zfN1iwJSRv zzRNssWWRVgif4!X{qG*BsP#Ix{DF_3!~bl}ub@8_ogdFI_qG9=RLv`zR`DPJf}ggy40~=d?&r=FAd#|#t%Jj@7@&+Rr&`1$#CkJ z?jV)_`T+Iizut!ps`%J%TiUP|z!!{#_F3?ubZ4o9k9|6QQ0%g~-)?|**o(GLo$>7Ipo36TKE%ra6R&%fIK*kEO-W4VDhIU z3!d8)n)8h@bDptz`<|pipXZiCSDuS=e%grk-x|)-*y8_V&M!A} z{;J}f2k!fS0Ke6tr^}Dn5#Gm0p6}ndM0*NXG1uS2enxSwtG(!4?{WTn^_};^_3h#b zes?qf4$$|{YVPoR&1=A=xTjEx$J63XVEyKEmR_OxZrX=mAErHjzE3Ne@5tGuX3xjr z+M)S=g_-Z$;9Em~(}#-AkCgoOI?tw0+M5aQwH>YU7H^cC1KtzhQ!=kz8{l)l@PRM% zof$LD>&=?i?0ITlr!I)hYwi)Pt6*NU?>g)q`vUcK-_B|u=H)}t2 z9=QLjnb+5#3s*3&&o0jE5MDpCbaHrUUb`{;ch(q{yD@w{-|F{|h_`*U{M2vrd5z&E z_^~TnysJ7qSH;UID+{9a)PA3Bzij;zZeOL8cS_>7Dv=-6$OP7|Vb-nVGx*I~JH&c= z5V?AHmi=6FSH?NZ0zIJGmkC?LIoK-EXD?)YS#t`!SDqW`3ia6EvMbE_0KR!Y`$5N< z+r#kd5Z_4;QXR$7NvD(Tk%z|N*eAt3>$_{I`#**I%oyBztna|#{s*+5g!9`qPry;{ z)i?D~eR(L-7wOyjt`S%z`#@=Or=r*87D0Ptxb_i_uR<>0VQl9m=qa1l&tG-q}e=hQT8L*5FH{Tm|FctHWW6c@b zW_38hUyDAG@|+GA&`WTf|6+ABIU6H+cO{e5W&xfz`db}%XwLwdE?=0zo%h1`hpa#P zo!cY7cEz#xC{AC$!9_SZe5_7Xf*-lB0JwExeK0y zH-V#cH|D79kBqh3buWSTJo8(i8+e)+oAj9@X1}INxurNG&RI5{UlR{WAAX1J+x4_7 znO^U7G11bt`xdpkh;}J6<1!7tt_yUrTN~P(xT+#LyH_=UMG-C6Q&AM*#N zf{BySoz3-=Ju?PX;Gr?ebP$uo8RbKqt3QDae~9yo3$VA>FeZn{_tndJ%k07I}UYQ4^^`pp>k*z=ycm!p@nNUgw>eN==!4cM}Wt^{_yS@(>dtv*+( z{`3*IU*zH*bl>*tl*>rps9pLn$I{aOUD5fcv>(UY&CmF2O_Ww8GERBYnBzI*oV%;_ zICAb8bk%2Dys>|g~+oOT5hi4i409wsKZJ#kHe5DpdE{gSPL;r-Ecg1MLZZzt>rZu4L>s)(0b_kTE4P zYFiWYp0Z8Q2i`KdocG|nfOi|>WEAr3Qrm|n+La$5kWt{`+MTU-8B5`3XdRVN{pDrU zbmK=T+KWa;34S$r#>l9T@%~F{`NXYm|t=8BxQ5Z%D)?(Bd5}p*vumHUWXjENfG)f<`q&2GtoQXJ-3_Z8PbNn>@=DJc z=xBIKRd7pwSXWr=B*MYx@>0E_8NqM8}$q=JR?!{`|>Eu16SPzZs5VSD#t@in~Cp}|?`Sg+> zzwE~XcV{<@yaOJs5Y7gU-w)xZy9e{|viwr&e@&G)Du0wYO9LJY%$}F=Ka}W+PUe5+ z59EK?i2vd0UU=B}8fD*V?h8-ZRgVA6nvTsYeM<4e4Jp}RXBY9s&!sq|ZsHIRw4{z5 z!Y*+*n>!L)N0=>I>y-j~nH zZE51XTio3E%nJEkgSB8?aV;p^g-=@ZXan!*i(=n`xGrEm#omePI-jtCW9OC2P1uVM zvzIZ`ypj*0IIqrTUY*UndXGP^;Bm!38~cRyQ+)_{4W5?`CB8GfM%&+@?VQGTE$`sh z5}ttuMqbV4-A0eK4tSPl3Y+0c_(Hi9`_ZdJf35!}Hd}q99gT&l&pZ>~%a7sa^gsNQ zzXnFbUeOL|4fd~6La@E=0cwR zS;g3O89xN^1JEino^t@?6p|igd=PxUQhW!^^o}~CT4#IlThNYOlfC=*+BgUGPdZss z==WB9CW;d?;|#pN;`~%0jU2N3KqYq=@&5a?Cp;hJzxIXn{0Pq_@c_sJ*6O0HSDWJ=)s=&@?Q1&x9sobV z5RTg4?gKyJrZVF%%5EBYl(Ip)7tFj}oT0wa#rWnJZSyUAyu~|fRJZWx*zyuvr6qH$ z7h6F4XPTF+ccZ!W$U9`xF!MT7a$X*~X>FH3hB>aiv!QML-yZ7UdfPw7U-1d1f9sk? z_s~D-3bGR(9+-Og)GlvSylU16-ggUs{^$6nXQ0C53Er(Uca#k=Kf9-OB}TXGNe3mbvCi$7$v{2w~cp><6<3Os4S@IH}<}F^uw*|@J{rqWN zuyizWxvUF@j`YQxi)o~PDia-NL&sbA9vb#QL-W1*G@CKRC!<__J?VFjR6#%CT;Gu& z$v{8RPP}jCIej}9+8JGsXEXlP$>bP2=6DY=<60m7lY5~Ie@ulRW;Bid9J@liuiU#@ zp9-r>&#i>{R{d#nckQ&4-iIWZ^Oz&5FF5l;=VziYny30Y-l+(TJU&EppWWyzyX)DD zlTT1SGWKBb_1is|s=X^8#xFHr?;O74iAg6mUF%G=Eo6q#C!=i%-(P+=gl`!b{S)J1 z2se+|cyHR?mCE~)&v;8#iw8Dp+%C80sX}vUlFtM3tC_jP?_e%fGe-D)lqWIF2RiGd z^~2;z!}p_{WN~~TS~))GV!uc+a%P+*2dHECfc2**i%h8WMt3?sU@g&|RNLfNb^V#B z{#?CmAF@$#2-*iXu`#@t&8T%&HaPpM%e=|-pD|I4oBGtlIj->5m`J2R*GdB2{fE%^+C^@(SVW5&h~8u>k+c-BT_ zFaPze_EsmOM;TwE)+ox2owpX8SU>VvacgUPn!l7azu8P?!es- zJoe&uw~qG~zX`el=0F@9^mA;&n}uC;KfzZTS2`uF7OeV%dF9<1z9 zkGY}TMqTNrR^$dMItLf-U3otBhAhrQ$d@6-v>{V2rd&E>7yCelN7CmkliV@-ZzXWy z^GrvRVz`#*JXJS1cfpgod&2c=KmE$Xm*P{&CfTc!*T{s?46-28zo=6%zr(u%b3?L5 z=V7|if4gFy!S&NC9c2x1HmTyq zKCpnXLPs-to1v?CrDo)Fj8!;>OY>LX-^yO$e^=Y<6575iq3s>CT{=gn20q|n=A4OF z*ag2v^(oEG7Tz`b`Z&j?<_q@JjH^~1S@3lwvdUPY{i}K41 zZs4zlIX54^+w0GBouMkcnR%x=@TJbN3^Tqx1KzRUi}#5mLFSn}WJaImyA||F<=C=* zY$3cS-WQBs;&ru;q%)6&jm-H?j59KO5F5jtS=mRP1l_^$h`qBo8Kds+t z$H~9*cB~H6?D8$ljvuGLCq_4p79EzJ#AJ;b-?;CC+-RIXisOgBNodE(+n+5r^D4IP z%?WketlT|9tZB4O_^8i}%Ppz)votRDj8bN%xA<{8E;|$8cH6VL*J%$WW?sE7pPKb=!~TBHZt@24H*W4}JYVeSGG{ zz!hy4CDiMF*{|1>Q185idbyWud*m{S_CxK>NT^q9_b;wXXs;@vUYos_{s{VLTzkL8 z*0a1?LYHnEE3-GDy`Lx4%h?#2u7r9&O{iB}@ab|Sq295CdTn-}B8e^o3H7?|{%TXq zI0XE3N2>iw@zW&a2=eSG@~RnrilbNUu#f-XjQF|Toq$K1y(=%SUR*mldncaGB6`8Hq8NQ(Hw+Hai6U1`4lktVN#?qpj>t}kQn@$Ku_6C{5^F=qs82(m7S z%NnjjFG7cTrjfNJl*>XoU=E#Xcq#9(Z!)rL7Rn!}JJ)6x^-BB@!nFrqo6cPrT(KX1 zI3L@EcZ@CZ==f#pQpbMs6V_2Sc~AV_VRAtnmQC^Sz}(%v*=r8>X6GKxLtFWM1dBR-nfDj> zj?|vo6&^h;8xMCs?r~mz&fx>#Cx0MkA`HK0IM*ou4z^BTPu=X@JuT!hXxX%T>jZD{ zCY5u}hP&q|L#MMkoBHA4tADQlJ)6B_=csQ3*Y2(#=PiC6^$V=u=zSygDGwWx*!>Xg zC7ZiX^L34q90=h2DEnBiRJWfvrxb03>#FTMx`6TTqt7a5f!dbst+QbUCO(oRd}^)T z9fm0y9&-4Usq5D8-!3i9tKs*9vp)$m=&>c(V5SeUGEN z%b66er+$7=`-jvOjI#CZS{<$*J?|r1P4hpP@66LN^F7UZcIJ?5t~~EGAI*GUF}d?7 z`h(8!xcR>ROLo5VZ9Q|P#71hFe@ydskhz>=F1uL3Fu!T9LT5aNS2New`g1)0xYyU? zH7(C?N-q!aT!f$gvc=A8Td)Z0DOComCX6z)%myn%w7rbEVT#PJO#hhgB z zA8+bgtupzFpz~*6g3cFPeZ$#s7dQF)|JZO%&W58bu;J!=eb-T53oXpK72t@rU7{_| z`IgxxS8)zpJ}_j<(cXh>UM!kg7;E8UW6Q}lz<>Le z(7T@t{^m2=^PAt7UpKywfNL!Oy1UzB__x`OZwO9b0-O$ae|rQD@lt*HgOl3x2iFDscQ<@# z@JpW);CC;KqvV8Od zi%SPN7;2k1!)oQ%+5~+1txX!mMR@dwVI6rx0BczStTt<>#=-hh7*^9816b!Jz;d~w zqObxQ+?i@$3=O){+ArI%yJwoW_#2i6w};z0a$(TcgoL)7T^emmG}s%4)wC#p_3I_^ z^Qqa|s&TO1ABJ^gaRBRh0<4_1L*rmwodD}t0;~>eo5sOf9fs9(QGnMsi?HrP&oKIn zbj(_7uSQ`7V{=!k{oh!R$pyjKymvP`!{S{U8_l(JZ2!<{>C47*13W&ORDUR;K6v~_F@i>R6yba*0Z#W|0vzgVufomIKTN7`?a(p( z0FNJ9Ji>6^nE6})5T=x@zwR7&RN2*S1i8_TeI+j^w7+NJaO8A9*VvweYr#rMUTAr zb;wfw=XkF?q0O8n&dXnq-+XX0e*@^D=)hq;^yFgnP}ONcFIkOVf(|QNbjn58Yxw0$ z^iaNgCwq*>U%v&N06((yP}#l4SC5`;eDzyAKbHI9OP05e^DdITXV>hY-)8=C2X;#H zX$yXama|IrPTE?}Sj5$9o1I*b_>Vqf-TLxB<&XAzQkkWS5i)w^daqA=u|}`t`9Gys zuI2l6{<;KIxrny*}B6=3AcSPf#poLH>X4BhY?@;P0zA+r);qst&rX_K8d# zo=w~a{gCcTyoX;8{VqR@{=2DZ^h?l~+^>QDtNrA9!NHHOm;(ccXT>*3cNV>+`$qO1 zN@yDFJMeuRO@B`;YaC63eTSHO!yDKeMd#E$(BKPAeSZzl7@d{Az4RZ*k41hTjyj!n zk&kQ1z5``}&blzN?*JUp<7Ma(ha0wHao-_^PgJ*yGqgrmWq;wQ+jp>VFCosEeJVre zVBbOGvXHSyx6MC-t_qCDX&=A9SY1_q7wM|->+_S0uKN8o&DCRcRpL`k4h6<3Zr`C~ zoSNOf!_@e3`b5Gw1^W&$_2Ot3>^sblZ|5Tk?Ku7J(M8CIgu2@j>Xz&~#EjQ_6Y4pi zh1pk#skbhnp7U84|8Y#c=7f5+R?nL!zjI8zMG5uVe(lTs>$tlvuHJbG^}6kTgYj3# zw5K~JU;Ry$KY3@<78(Xb2>(jwcnkO9i!*$C?O~ zuy*9X?0l+bkGYheF0wwO?2J+!hc;(H`&X>LIKF=2PS%_G&3)ULXMb#Rj4qha;O81$ zke{D2?-XZLxXbHXKx}d5yaf~d{}asn6YDNruKE|~UBd+v6pNf`u&<5YBZ*Azs;=2v-&OOLk=x`Zyw>-J6%j!J3A5!nCLhp`P zzm$6?zIF9H-szmD(XsFJ`Yu5qHhMD8t9UkZJliz-W9IeX9lm_uI?h|7I9TcMhF^h4 zO!Sn@EMDLKI)3{*n5T~* zQy#g*_zo4*t^9~)-ak+xH*O94CtMuTsTjF&`hb-isO)cV+-S#zHd!x@>pGe7x12XU`_5bb8u5ddrI{GEp++qCGDAu zyv6^J^67t_YeV;kwN>c;Fth(^^_3F7cX6MI?QE`Se@=6~I^CYHZfV~~JDiO)2`kJNPpCq#bG$z<>5GcAd0WxockK!)LQ!>4$hfjIQ`}E$=N#q;^6$g-}0Eo zAy*zww~afBgY&a6oD{L%WyaIl195PE9EMX{9!{AuY}>W zm50;q{JSyu+#QC~Q65g4%l8li=e97M?(%S498z4r_J-l~mxq&ce%=^-J`jeJD-WmJ z`FmsFToZVG&ayC^=JIfIPg=ik44m`BaN5el;XIo0 zYsHP%Sz$OG<>9nFo(!iV45zz1oZ4f_a9%tTk{kWy;p84ohVyh7PTMQ+&v%mHe5V9X zc{$eh?RYrBy0xXEeIx$E!P%@Qvs>DaqBpE{`q{(D>s0r@#>17|zuVzguKqvA*EehV zKytgef%tlA_b*+$v{#TRhD`!FeF8l>|;nzt0+289~{rR%`v&rvI>tt_9r}R|%ffEdOmVF7MbF+Vej=orXDca94`ZYSY_9L$2{H9_FO?*H7 z(H@54YlOoL`B3opA5D*3q;m}Fugbs6Ia;G%vsbYXU%G4+z00%rp)&*d+kG9nlKPzU zF!bNAXCMDV=3DkHzNk61l=o{HleI1Ft@a$K-hZJJc|zMJw*Q8v+m%1#!O(beMz)W* zt-j9y!}#eh2FAt3aW&_g;G6vSlE=0CQ1ZBZ<6$e$%GK|QuW#nbeS@6a)fr!tUl^RkkMC!$=Z zpC-54e_MP#wR`fLmiNomzcs$T?6qhg+ir>fR&5Q@R$QI_zlyI@;#W?eeM~uh2Dc$I zx8pm;e|#MOakzc6e~v$S7@zQQe8H_c+qTL0mHYCW`G029^8D@Ni+ktzfyeBf;~)N$ zIq(AibG*;tPyP^RQIW-m^7wlP@%Ij9@h@-oO8m=jcs>4Q)!9iucdjf=R^L9Ff9$gF15bq^x37pYVhAKzImnkOXBMn4l*uF6MWV3 zL-9`e_DnL%fmkEM(3jr*TF|^>c~eOF2_f0%H^XDm*b;0 zKHMAd(b{suPi@wBD<8GWZ@F}NRmvmQqPfrbelNAY-%IWLo0xxJ9y|Y!hY~~eGB`wd1w6E;kseJ_AAsier@nN3;bB?`|{4$N?c0d z*OrV3`4Xctrp=zOJryHkuH;TcBV)?dcYf_iedA|mPk{RnIZJx!@*e!!_sXxm5x@2( z{Mz&xnQrv!)CE?zHZ(>bzBtwQ2hUpFT0Ure&PKP!PagQQ@tcqFXHypVvu`T;vz4bs z#lPA2Du1cL>f1Ml{MiOCau8_jt)DaSXAAC4z}fEMD@WG> zhIpi~9sHvH?2B2moIm?w$HtpONZYSc;joWP$Q z1LyoOoZ9km0)KW4oU_7kn#;op{Mj*ZD#CCg{0G;>n?-ccT(z@Hrh z=jkwmxmMhvt!_VEet1D9!}uTj)Bt?hLbAwk4EVn#4pFd`BWHA zZFx9>KRX7_N5gQM%fku$*)ecF6o%7Q9!}uTj)8Ms7*0odIDtPq2F^ReaJtLG3H;eH za8?xIkTYitobQKi_`shX17|@PPTLs%DS^}N{Mj*Z&Mtvd>d%IMO5ggS=eVzWy8*~`4e-rsL;k~PzXE@D1TVq;GuN+j^_@RErar#dQDS@e zlYa|;HqYwMZH~h5Zw=pve7Ixy!}+yi#`jl!cAl53@BG`5`lj8dlIMB1^J_=ysb4>I?Ut+WeAkis zrrlCsW{F(OIiGc;p4$DIYqwne&stw)q`n)Iof?ZRjKzM&Vt>&;Z2a+>tHa4ONqr_B zws5=M;a0Bxr{nAY^!M1G;$h}#*dKpheQ^%{`H;?j`Exd~aTgZnTNisr#-Bl1FyHXs zAEDgb6Cbi+Kg#@fHm~N_3eLov`8D6`YsF_Fxurho-P3$qGQaA)zH>Dv@V5`%3k~lr z?!l^#IaeXS{#X6^b-n7(_UFUTqp)hczDa^r!~3rT>+3D;^~9`SN&9ZR%sv5r{qY(% z`StJQyE}{H_H8$Zo=YCL=D&`oyYM~Fja#|;ACIqZc=`F{b~`>6Ur+5;x^~Oe-xpus zwEIGGyZwI|Ur+584qKT~uKq{k>)XA7lKI+}jsI3{JxW_~b^1Hv>y+##44f643nDBZ z%jAN9FH`M38TJ!4zH&~8_e_Te7s2mK`CI3WUV9$Aru~HV>?IIOKG-sDOiqYd^Vv^O z9sD#ytMH#R`uhnB$$K+qKY{Pw&;F4gubzU>o7;7E_-mSHyo<}7mmg>{vEtXu_nWf* zb=JuR<~K3D1I)3FEz6A`o^|zf`A4bqcE!!szJ9{T&3}B!`i}Cq>G$O}4*K#)d7CY7 ziVK~H!Um$q$=ZDL~{`_!x*q}*2E2lHR=X|?X13Sk$o%>g>?~{X8UuI2KEQZmS(LICp8=cVU%Uv$!nzEAhn{wU7 zX4Y$9D<>p(LYOhSjWH_B=Qnf++b=!j23crji^lRToHaJp1Ifp1cr(u}f{S{*LikPx5`%`PcjBE!QZ|V+T1vB6%L;)`8jy z$>Xz%@v(L83)}Y{nfN;SI_U5e{dlU#BM(S75RdFC;gJ$}floX##-h(Tjz`MXcRuk* zeberqN}tK<>%oOkH9eJ0fCbvXU9H`?{A^YZ=2hX)_RL)%dX|! zbLJO<9XFr5DKZ~~ur44jo=IH@tdzmk3hKJgehjbS*o z<>3TA@fbKW!*JTl!wG!iF>oqN;JgBTT#R=Nod102)z9O=Cmw+l$P03)d{lYdW;2gx zUs8;%l?=TxS(fFVvif`kuIBA`9e(BN|0uq`kx$v=c7vQAG3|cYwOg+K6J^@HDY@OY zAH>&Fe>+{f8xV_!l2K4ZQ+e-o$h515e!@YVvQ^HI0r;0Z;xb-x|8p=9&xg-^95x~yd8r! zt|TbCiZbpuxm)dMjOc?K>xP6e>UVkQV#esM2klsg;LJ#X6XcIs8I!UN|?Nr-M9nQ8XkHUiQ`V3#a;I%)cIi9T~cjoH$jLUK1-oNa%KhArXgRK>trOooz zn=CGEoCB>rvNY&dZvs9+9=e!*)r4U+Ee~LQDgjnoa6YkAZUp`Mwb%YdgSVfb>?nH@ z?{>U8FfoAtXG!pXW!H=tTz~n1<<$_JKS_X7`^yA4@IpAB*ELD?gY$}|{nXe!X7LEa zS(5-K_d*#w(iO+t+^7|_tNMv>-_Plp&T8why5JfX=c`3@R%LK$LJNx-S{_?JL}2IqTI6s z*zwBGz2$F;`FdBV-4@+FIF7qAxqGnE8=D(ET{9A__pBvj+6JHBoe3>O2i^y5&zsWO zT5S9KYP;37&9`%DyF~v;PdL`QnS1Jp#g5BofOWbRI)bo~BO3nzz9ZjRHDeocWSW};RKZ?Gz zj`LvXXWBc`840yz?l=OL?kugU<$k-h+)c|Gpg2S2Xeg}a9eu9?7h)#O*>J(G9}gbF zfx90$&xFo)*Q`v+TUtdu-G5~0xYox}JofreA-BNeCgITnOlW7?-oRaHDelZ&<&9=& z|7P~El;2$WzlV6IIw|P*Msmj&`0Z#~07vD3(fxNOKLX#09%^d}ZRJ-%Gw{~E^yEP? zd*j5clMjZ!gS5XC8s5V+ylm(`ARgGo1?caaW#~ppsj0OFCDR;+Rvu?Y`FW1?Z z+B*1ri?6Tc(N(K09nAf@whuo8PM-Zp?%y*xMHvf|PrjCK%~`vRrFYPU`C8-L?Q$ij zCzR@|!2iJCLm%o3&b-h)c2O8Xp5zFO{4Qc}@c|p!G(sb2qdjh7{n?X%hv8M-OKS4> z)84s^W3G|$S%=<(%_zFpGAE4w%KO}G#`ghl^bOMaq|?p@9{csiFIvZ$3a8Vuckle7 zp4B}VyP{td|LQzD*5ZYH9e-1SooyO@J2cNv<@dOeugGU@c#iTkbJysq=)YK>fJr)syppF`p~DG{P`#SGfEfnT>+i0H5#{D4Zl3&y;OfbKG5o>QGB5H zt!X}Yj1N?}{3y$KgWtnx-4Cd{l({32b5WXq!FY%6@QaRBt5aSh&F~g~o3RVt|FojL z(Y&9-`)hXZo8>JYvi$Th@K9gA#ai2tTHIM~PUc*WF07H$H1w7 z4RE@ho*DyZdKgY~d3@TOz8V8(To_JAc{sIBUyXtDi~BUKF-?;alJs$fzmBH}MzI!5=&)MhB7-ePrdbny}$yajw;Ne4%N9;1Vcj;rZ|)r;SD zJNhbRpBEmhfVrQs)S8d2VRUfm!ciTZcd8>DeBBqIE5Dt-T%v>9?_66K(w4bTyPOWb z$m-ze;tpns4jyWIuEm|$$`T#?{=5A?Ngr&QhYr3eMh8c4cYUZ9UYkmFaM?PFG0?rn zUD+pAB+0sF7qbwZYtZMfu}@yHzKcPEb`+zt44&=Jgzh?lGcm$(=*M#(MVho)AeVx<4DGTBfh(Fj% zx#9{%L-a3*GKJMymvT*e7AF1zj@%n0S z@gKQ16z5P`)Wz5HU7<2Y7q5hGE+r>iBf5B{(Zz3FlRIyWF7A)Zlfk$ijphPyu?dlJ zQGd@4#nG{frrjSUwj0DL z#I*ZF&~9>lr&G_L8>3S*e!^cm^|fZ)eVw}X9B=U{=wj}6(0g?1E6safr$!zvo~HN$ z-aTY-K&R$z^-|q3I;M#_HE<4w;Y4)mD4ax{+VuyWdV#^$_w}~cc#A77zBh;4iRjeP zb`o`J@ZA-L6Va)oa1wQD;JhykC!$kF;kY|7qdJksLHBxz2mNs<)jgwd5_M|eG>73t zbm}OaM4cKq3&U_CI&~CIqD~E*xnVdFojM99Nv9Tls>5(n7nRs9Q8+F)bsU{XzZj-- zc{pwEE|QqJ``l}QQ=6bq2lEqK;ZO0ebftY;VIOk)dgiY$lYX2iTiWa$nQ{Gm*y7if zEmQv|)^{K2pWp6NiS2f~c!fwkjZ=5fZkhTnULjK7Z};C5+fCA`)owOuw@iJPgD$q+ zpCq*5t6_0;bBf_BT)ckv35`Xzf1th?HO$W8J_559^$fZt9)FJpZU?E&0c`-Lf; z_4a;H_8;!k9>D6`iuZ%gVNdQ&3*`a(38T4|D09eUYfZhKbcw7krac#U7aI6>2pT7SMzY5I7;>u z4tI0cdCy$xp$|!)>A}aF0p@?Oo(tBC4=`8JTck_LpQc<%x-VUOK4E-ibL89|tUtD)SgzMzc$JmeStKb~h!P!>-1I`P~(Lwy5!u6>0wc_)0 zy56AE^(YH;J31AX-KYC|^}2UFjFbAIdfm{~>3-N&OD+Je zd)IOf_)YckL)Tku;t8mi=lqELusy@)>=uk4(6;v0!FxS-VDH#F$;Jn`GU5n4>*EZ* zBR=4|XxWGP&f*()wNa63-=a<_}S zJ)?cSJfV)$z2fS;C8199Z<5My_v9VGcb|Str>4h{*<@8-^GGW z_2uwB?q^keyOG1#jUN_1{OA56?&kq7UjEyV>uDp` z4L<@mcbC^bAAWSYQ!BRe8);K*b)|hBq$`b1kO05g&c!fn;k(`9`)Xj++P#J_48MI} zC+JE)o!q{SdkNQ7`|E=CUl~TNy`v`#ZV%peZQeqg1{OMm?$qvSNguoFY@G+Y zayRXoGc?agHxOKW{^nbJS9ioq?VW6%wLUFcH| z|4rb}-rq9jP8eL9u2dv##y^-S+qPGFHB>0?x+{`R6vG z^@6+3V(N9JpIp(CO&#k>f13XNkiR=uC|*@-ZN_`?HWN#*+Rr(vJz4cZ>v8yQwP<@O zs}l_JeH@4i|IFizqt#h578)t;aT9!I^dQMB=q(xO_#vhIhSEFWhkEj`t_Z#RB)k$gE*+I&y{mLwq}#}M z=JXiR?I%W$i5Xva*O^)KO5q5 zY28yg4A4luEh0Vz&N?5xtBVIf5U4i^fLC$ zfq|OCb5y@FQh)H`PT_EJ&n57Gnfly?etKN}y(>Diud@E{dSlw3x3Y8RtE~Ss>f}NhRxw zo7aCgWBe!f!Y?QHyp?(7kF(Y<)t$rMWq5vTZ8kaq?bbrGynOiG4W0Fd&x-T9WY2P7 z`msWKd}m=D->*k!*Z{w7#D|a`cW8K%@goFyDQ?if-@^NC9{W+Ot(%bx+x5qDc6{f9 z@5UB={F3%O>yg$C^SqNB1v^{Xdst^B*N5=43~u222l(6RaUPNSJ9*|Fw0B%d{oA=0 z1^vM2n(LwI0DNHYd;bXZh?AeeIR);D*I55<`#<&^NpE^W?Y!87yokWrngA!~&MCye z5njrFsJ{Mi5_sOhIoSgNMoQi>S{YRM3o4|K9e_6&?__kPl zJ?|o;2SCqFd^g+zFWYe(zKQXpkNIq-^RKwCG{5;R?fam|ROli4D{sc|EqXtpQ+Y+t z<=pqwwS2e!()Od1yv2J(w{_@t%hAu)?OmC_lW+Ia?p^%9#T$JAejlPe!!yvUrjxT0 zYHv8x`Dw#1etQnT{OxaPhyG@qKA>^BQR6h8ak{j<9vh}!?E&XRP4j4>u6cAqihV@p z2xo>zYbJW5UWeD2DXxt#*6ywA{P*dsuj&h9e-$uK@Lbpo4#2sL`kBrq@$BL^sLzy{ z^A?t8zf0XXp6#%@Mci1l1Y^p%4GZV%32>UNt`UV3*JjS@W6^KbxASQ;u8xyMAEEuY zdZIyLA%BZJ6N6j013GGq826!Dnnv$uj5wo2ZU}F5?_}?xTMhl2jm;_@Fm`MQCUn+m zY_pddUJAyR-?}4NsoVO&vX>;cjB5>lyDP{d9abxsl+Kj8y=HkL4@D;;wVmACe zqiJ*j{H--avCXnK71Jy~gvNI;eMTof)X~f`8&~XTiM@9TbNx3LW0Tc!zIsv9=rghr z;In6Cm(9l>OjjI}Jg7q+T+jdG#36r{F*os+oMYJ_KDijaTFT#S+MVHz{y4-hMh0v? zz4LFi=B$5fDWCA$P{dqxWAA<{|Y^XW}rwL4!$+;VM0wd}{tcyC9m zv(=DmiX*R=TqCB1_~yr4UD01-IB*v{JPBH*n*uxHcKYaK%iIpVlcEDjQ{xwbk$@ z`kMTKIcPkLj6ROMex}hIeRd&piS@Y`KTHAL=-Z6T8v4H`)iint`ksJiPpqcSTI#H$ z&U)%>pw32b^pBa3C-!)K4dm}BoT^w}h2CFaJ(up^#oTqe((M`($?HAHT68Y0>(FvS zepPyTZdJ?jI`&7lktN#Ug&&KHT|0~(SNR@pDN3YZyG&Nmp*oHcIwEX^jRal z*|XrSX(N^IMMtqd#~$#Je@d_g>mN0@_fGH3LkG?6-+Yd_-Dv$$){hzW!#$QDn{v*d zWc+X&u~V*wx2(UA_Wl{zaWbve?We`mQ*N5D4^Vkt;$Q?mCcZzpXKdS_PiWiCh2KnN zd=u&hbn2Sk*=p%@pXg-wg7Y>{=zm7WSm%heHVgk&>xT`Gd73eQnzL@=nWLPymVO=A zH|MkW_kPFrZF@rB+&R^xdWxl#ZhNAUJLAz=epcu6#DRkq$G(uAHga!z`pBW|bYvE1 zS2(|No%o3TaN+Cvto`pWUz)X zCDaSX@(a^D>+M*s)L7cRa@Viev9$Z=N15NcyGyZVz*({dKpLM{+IbvdlmB)<+BAJP-fT0c5L(oOk@odD*2?G9lRbOHoPkA;%-FN1z04==)5Xz>90z8f>g1kxvZk)XCqB;X zVLT6Q3&5@C{H*j+2kT~FN&hrD2Je-FLh<{Xx=!6OgpMa&O=p<@pDE*&=gsUrYv0k} z#9VZ6zJ<-C{Ue>{9SXsD^G)cSuHDMw_r3UP#Dmdxn`u`#NZ#hqG2R7zpFtMMUp$OH zdtA0N@1JSu|M7wJ%#nlHnIrqof~R-RTK2i@tP$;lYClwZa|WHK8y(t9t$IRvX0+af zahnQmaWr)6yhop-bPW5Mjh>li-07EeZLfoS*~0rq=wojGLpr)*;D#i>;G-Vwrf&TF zJ=skospfH=i?m(>L;W;m-KTZFRb`Ap#`+XA4iyHckPXyQjC<2rSLKU|+8PE=_}lpL z;qjhf@7UWuCjY{FcOy?0>kPH_^$lN4#(#$|@@C3EG+8~)$kd76jxM|3h<(tPsVKFp3)VlUclof*O}#4n&cJzZYR7e9xSvez7_@qy z>K;8k1Q#3%)?U}U`iY@;?7KDqcY*rHyPnO86R+WK)9yU_#3ITSW47QRa}Yl7MZaxG zEe*xsns~fh!!~uB-JgucH_Z&g=r8UmS(~Z^hU2fTlf_@9F@0aY)5oPNOKb&eZe0DM zO;uWVGHU?SzbK3=Ti27{kxcssan6ov= zYxe%&gV3HOcGV#3wd~NX)Wh#FrSNrcdB)33;O@ocf~&RNz#R6LAB9HOk$XZp7i7Z? z^4rA9V0#ToM#EPRQ`S`BEme*%<-L#$Zr{ba#5X_S-3g7iT%DZMgtGpQWvxoMbKF=KJ%NYEsw()&me%D>I zSU;9#faTi~MgNd&BEkREP6MZJpEu&~n^AT?v;cNrrnzayesV>aJq^m|xpMho6*FUH zt@&1E%ZcfAzFE~**-L(Gjrd*^}GjV6B@e^`o9`^(SM%P>(;RU?fc+N+)ztXUw3vRcK08(YRQ3K7@JxYky;RK;PeU8=3v*(${@jtToWZ#! zLwj_!cR@?>ndxV9`SrEK-i>;4PqClU_a4(eApci|VU?Wg8oOrIa$l-=D+=okVHhQ6 zy2ipt**q#y7<0ogI?DHn^Odo9{GIL7gfOiB@~}E=?&&B#qv*{6jZ@3Yu03s2XSQ5ZYIFgnV^DC)SS^tdhz zqrW^1r{8?}4CyzeaB{3)-J9p`et}$LT~;4Iiau`60yD>_e+XViN0Z&5^~cRqIz!k`kH0+bG#{+X)V5?YBo9t^0=NgIpkYl4g2a2?AtWwl5`Kz+@{;Ug$!?K zpV8Tn%IwD$BYq2C05UvtUizi$S!)%i;_Ed=Cur~4jIFep{U&1c;_MJN#uu3}F50A8 zL#4xOO|75l?}slVzfoAM21PXNjt8jD1kn;O(fh`&~iVUwJ!v;Ys;l1ovHx3AR$7Vy=InHB&x2;YeNV zZ-ZkB9Y_13_3T%|1AWp#>&Z{6=U-YlO&VMJXY6IwPc>9aCyV2QC2A9WNo{_W`r(+v zLHI!a3;81IJwI33mQVOGdiCRq{?>iYXT`j%_2C&E7`mMpoN?EzlDNbH>Gc)pNM4W& z(813`N9o?e$Ak9adfNXSgl|6aN%=zjeoNm}ztry%UI6F7|Dt_9=8Dt3*$?;cBLfz+ zoU(}i$gk3>{=h>f?#%UvZ+`wkU*5=u^HL2TE8Sz(d6sJS7>V&#UG!|}NoH@6HiyxF zdWkPA`Uz`B%pM#%{V?ZRj@PNZ(*42x6Vb(KOEz;3S(w|HS}tBBzGTW8{!VO4EtfyB zd;RQXt>~aVn`bW*9mK2JN9@@-dzoy}KZH*BGM3?AUou-Xg_jHu>HHf$Ud8G^L%)aA z25qU$7T^iiIADEHbcUyX0d4i2`{n@g{nA&%-|oYAtZx;EAYPU{=!xV;a4}W1gP(RS z`+5GE7PWiqv+}i#t>a|Kc|J`_>XpQ2W-Eid(&2W4SWIY~YlPN~^27D77_1?FZn$|l z{ICQ%+%2sxk#Bzem4bW42N@eTYoXOGpIq>WnNFS3A#l`mw!Q0QA zj=fL~zc5~1*@|O1e)rT}y)46>?!E9#gYI@mPBtN*j4ws~{HoVpfDZLv^xCl>@vU9E zdmndoU8TNL-kZG&yLh(snao+%mF4VGM+g4dtB7kL4+1uc{E79@%ft*?I%{20{nYi% z%P)bZ1?H)-w|Sqb@}|^ZpIWYV_pw%}?d6sp*cjw{cymZs8%x)I>!Xa)MfB{-7SCCS z`HX%)ALQDI8IPH^{j&9~ZWiCJ(`m-y+idONXuUyb@!P-i`JkxRjIHnH*xMM-C=B(v zfR0o2-Hom9{EgANYX2$PSAD@L2gAj1L}7$=0@mhH`CwYT)bmYm?D%wv|8GG1HIvz| znZmlly<6;;V0VuWtw!#LXI}n+ZQlIpd?Hy z0j#x6TiRj^m{p*xBC@*>u|gUZSajPdby=<2q_H-DZdrJoU~I{nDHx(z6J>)fJm`K>V~*{LQ!FZ|i&RiY+tmqJekiR!8^WNp5HA+41$? zEe^a}nfGpO;N3RHS2~IIB7%Jp&sA7k>(s&7RIx*#F+1j_Jcg$f-@pDSRRF5lL2= zJ=_KGvgAAQDLN~KKWu0x{i^1Drrv7u?2z;FT|7%r{!ICNHr0Eu*cXsb#l-dV?tWtI z3*vW%XG%AT(-R_~nk;8F{3E@HliqWiTT%HNdHLx4T}Vam)v z1~@0aWqe3H8$&(TJ9q=x$p6jIU>`DFxvlh{SiEk<&2}|U-mHC)pRF)$dmLYI?EC}TTk`M2>hkwemeK|=LJ#NrB1i;>wxP|)Ia7}h6ebW@@eoNDl;vY2H)qI z&Kde`*V1;OG4SQWyT+E@RfxZ2`*g9trnrkP_JXv2ntj`4hDVwXTbry9>{V7bPEfWG zU;OBch54exo;fX6PrMuIaN;+xKQIgWY8^o@dU*|crTn!%zv{X4G{ftZ*V^8}v$sPF z-JxK7zR+0vTQhlPav2hLBV9q~N~D{m#v0xm@^!|;oK^5>ag*5#lU{CYQ}lL!{4@_w zMVAi$9JtYuM$VV*Md;$+73AqwBkRo*AFys~ymUVD^yO;6pDrCbN0!Q;Z1r8}SMNxM zetBL*@t)07H;azMdp@}EBa=;j4#kB1J^1_aF`|QfoTt+J?l1FsFMF;Be)fF3?Ae%H zVvK|Q;A*ckd^2abZdRP>g9{Ur<7<$k&(ZE5*f;azJQ_JS>BTpU)Hi+q05&>&nQfD} zg>;pn{m42=yZ4n}$JkzsH@s(Zczhqa7wT)$<{t3IF1O9GMcQnzXP@)yAW`3!@=9laV#Rce{=0-=`P58E1 zyPBQ8ZR~kye-)a{mVDEF&St+A+f#F+%ASW2uS#xcjWfC)XMq^ETG=s$aLmNDP13k! z@e>~3X6y^qX|=u?&o7W$=OZ6tzMxZT&*KTrm%Mlo>Bffl>7TLn&`T7rD|>F``H}Z* zJOAAGB*wBon`8T3;MsoD9roe3&3|qtFj#-vW7*iyH$h|Zn);s@duV$Zxi*Jyu(*6~6pVP=%uQOzBn6(D`7}_>fVe=`s^?%c^0brUnz_i0% zf7b3R#qOJq?8NTxR?OjZlug<)_cD(65i!vHl9L0#*yE=dll#^FpD`w5zVPRd$$Vg(?wH)C`-Vo2$y32N zh1VOC7r&5Me{<^jW71G;O!D<`WRRIBtPh$eiScGmjHEyMn{4EPxs*qDPsH%2FsCB+ ze3{~6E~icT4ZX9WUXFtH&QPEHE|&@)=DK)Q`glJ+%`SX{@~u?D(+BQ`etORukr4=tpbNZa2RUusknD@R8t^N=Jw*qx@a#GRP;96>8zL3$%8}WqJ zF8VM1P`aFKV)apW#a{M+jSrl;841;!7#;a(gK-q{nWImLhf%s?5i zmH=zt#%Xi*;^&jBL=LC5wo1p5ERq~D+`XeWc-S@yIIn3}!lgU9o8gUe=i#8-sh8wb$$mSe=1!o~6BQyB_3>v(MZA$as1B zZuWe3q4GV}m+P(j*|MVdRKpWSSIB9j!q z#*eXIjZG!|*n5+&$eeZ29(E|Yi$2x)`okYpKYUZBJaHLD&o{X9T>I&M9p$VQoD_3P z@xsKAfY0(17l$H4DddD(>Zdv>Q-LkF2h)uFOo z)!>AWeO;0{BE81MFV95YAZPk(@B`jDyypkNlV2~v^Xu24Um%ORpu>~)ndYVN6TTtx zM{hwswYQ<4p@W!n^2j-(Q^EU%#>J0w_x-fNu}ndG&D#`ntBbiSU9HN_Q_b0Y`bK`w zeuJIU(gXJJp}sjUWaevIHr`6|H=kdtls_*#?Et#n0e@a@lf0#E@n<3YeZJZ^rt~h! z5YPXgjeQa<#$toUm|zYQ+g%7w$j(dkFCPXp&&V#*fAmh-tOho*f-ZX%+6OVR3%O@x zSJjmGEy6vFT!Mbv;AzQNb1xos(ZNl8XDWR2R9=p7!S!u*{FtZwT>7coXG=Sc-=tW zDqcQEcQ)e<4ElXB^2}BL6feSaGdH2tvCn$`J@pqHpFY@j!HHt)iSfY*Cb(!Vnh8y% z|L5my+B@L%rO*Ks-<(*4%v%~bYxMwo49gw-B-@_W{Y|-icfpDNb<{&1t|jI-wKZIK zY$JZ_O-}l8;=T56oG|D9wh6>N$xi+JytU@pS#!S9cGijeI1_M~|6Ru?&gnSbG-ndH z>5PB0+=kpP33^5LyOQU5b+1z0xwh_l_Q8b9Qv7wCzcO`Zj;wQ; z>L6Ft-o2c+X%GKmUI%kjKFzLJsP8ObnA~J`J=AYx4cTjalLZOF@pACE)@pULKn&P}u3r6^MbJrM~lVLS`e?wR1oZmQ1OF?s;{~mgvzWascoDsyQJPzJ`kvXV532zHIzx{ghqWHLwlm0qB ziLWo_PJvP<{ibnFdfhqBSz}*z>dMYxUQVWbozp#S0`_wFx)Zl)%#kbY*nE5870H!- z__hX-Et-4Pb`Lnk9Ip!DzheGsPUziE-pNlTx!%uv;i|R$qwI4U-LJ`;zwO9T`GY0@ zg5|E=;;l`J?b2Cft#4&~6wf92w^7gNRJ_x^i=OqY_rMafYkYpL_2kJGNtPdYnfVueTY!YbQ-AznDRC%{jqfZ?w-y+y0v8~X{oHHYNq)fs86hyEGq!}vl> z+&_3^_r{FA{$S8f?y!43`M$unz-Q8jPF1%j6DOYa>3MasF+cP#r@e{{Z)fYs_Ylpr zSG=x2-Zz@@&ejjcjLWt%;{a`>BS?Ov;NeEbPQI>x@izWtF{3u?>u2frsDZUqf zGcU~?DB(L8i*hQyelvLG@O7K^COJp8h5bp+TM<8N#=!Uukrn>=b9{w)=gA`bqz5TK zV}Fcti_n9XvR3F^d5vg)?g_o~&pCZ1d>-@i`V%htf!2Ka7VGx0R?VnS>%3WiEi_L$ z@y~|PWjAH~9_DPF%5+e79k{n+TkZ|tctU((>?CBGFPHYRPpN!NinsCi0wb3@8+t6? z3Xc4Wf_06&pJm5e+Q077Rpt!eou#e?qse7`ypMzpTAXx9@*Tt^53n87Yfb!4r}uTbHN(k z6~ElzyxfZ%^3Sn>E53&FPDtixo_FC#;jBkGiGS)f+FXe*P`I0YKE^ikp@nty@vNx& z$G2$H08a&cDmmlXkU0yL#oe53r>%qdJ|ZWbms3_pE7X?;yB`$ni)?W9f7xny7C6y! z>hEMcuZ~na{ss9EItH9RnG4Jj>1OgdUkpCN_u`MIb|6QLogWF6E#XtfI(GoS;T&Qz=d8hh zCOx)Xyo$d;G}7GIfnE{lyUER(`H$ZqVf!e#V8)6u`Z{}e%GFV*e?E_|XT0)ti*M0K zqu&8TzG~@s(j_aw|1$Y+$HS972M?h0cdzmBQk*Ehk#c_=^dGzqftUJY{7%5zaSELL zz4d&2?)*QZdBq!`xqL}Mn!ooH{qt#l7Bu(#yICDcI@a~4pnEBF*FFJ$c+Qb|dzU7! zgJLS}{+i2JOa`CK_^=1lILh)3`*0c`$6r(QpYhRrQ_Mgi9_jJ-mCfE)F0P-#4k%Qo z!r#*@P$vp)juhd?Ro2f`h%RSo{KKQsVcv`mGl^K&(zx-_u*S%TnqZC5nRjAc)5nnQ z&#h-aaIUvbYcD5vZsMa^O4%zZ+eCeQHGAc&IapHn-^-n}@0%G|!TV-F~f?tQ>($G@SxS;nuT zwKM38q1|dupLe;*Gxj3; zRA0x}V7>#sg9TCRJ6Kf{$A=)_!5#7)ysebH#N(Xw3*@wa>jWoVbB>cJUf zoC-!y=KM@9jEwJMjK?cl`*+%PG2^?S9qDv2?h$aufbUGkigGzR9qWQ1$i z^vv};C zo7U_pp_e+VLc~=E?8k86e6DPxyz}LzEo7qZ0rK{ZH1C~s6*=7G=hC|1omXN%NBcYt z^>rqOyws^Ry2NzWggiY{>qU*~B0r=v2lnLd2>K~}dM$@uo(#{@OgeWN`agElo#z?zZ7ttmk^dNlq?Agpg@0n9YjFj|S=`wbFa@y;$=cw}A(tP=}?0?Y` zy0gYTRPL{N%pqjrLkZTra$rjj)OeV)z|?yRyRA@Le(tGq^z)z}t5DgH)tw9BwU|8& z;kSry^(*K6KrGs)y%O>Y8UI~B>ss#kUT~sn8{>5)YYaN?V(8}EI)|)}NU@rFCp|Os z&ezB6JLsQzhn;cFEXxA^ZDErpmhyWM&y;^STpIt7{N=q1TXvumnK=c#(HeiAb%oE~ z+!elN^I_ujyd2Kjclq4B#4>&VGyc(^&g+Pkpxf@@_s{tJ%RJ%FJ(rvVAg%-6&=~+9 z|L+NZ@fG+#%=l?6J2yeWqYt;uf+#=Mi<$=}g^6vUTBC)2@7xw>87B!S=M@zune(tZ<#br;cofV7r`W zf*$rP80$b186yA70DEW0W@ufQV$Mx<#?C*$9diee$5%(t-MWawH1ePM*cEcVsk1Yl z{K}q@!q1XUvA2~9M=w?$-Uzu0y2usx*OVpx#OPr11899wPNOqR@bO`{%4S)^+*E!e ztsTZ+V`EbNoJaVph|9~iC3qi-8^2-BbLqj!>GkOW__G|`9h*C1Xn53Ju4GA#@<&{7 zAQE=Ise9ituFZ#RU#7*>9@z&Z)N>SF(7C#N`caO|Nk?pHld+6`)-VYCqukX&}q2Spk zKj=Nn$wR^OPx#NFV}v{u?Y@ksenij6Ls6dpj64+W*y76Nxf2|f@9Z@`@(+mKw|(BZ zOZ^PaU&%lDrTsW4`HPiLx3hQJ0qMG*WR3VFaa8Z;JfopIW8LL=`9gzysWv)#Z$2Pi z-_1FsoLDR1%YSljO!pFAKupoJEMF22Ccf;7-F$$x_Q2pY`M)kMlg=;*UD2&CCSJ_E zTZ-ONy{e|n`yOkavlebhF>iI2R?j09HD!^C=*5x=dd8eQEAp1=GOd?2=J(jlyCLjC z?T<#PYs#>3_|CpFuo`%-It_WxFSpMx&puzGa*M&+e3xa~7$k4Zk_o)Kf_LUS@NPWs zCiCtC7nfC=Zx3(LBMG0jgTL|z&4Bmi6Hwli`p}7Y$j2zYCT=dvgZKx;gOYWM4LZ3c z8~0`QKA9)ii2tzJGyKQ1W7wX0mcxHM|F!>IyoL|K@qKnGYk6|SvqHI1K35=L3il3) zcNOO+`SvIFor3u4*(*GIOnl4l-|;&byQaMdohj;IFG8`x!S#i4XRdlOP`SqB160lt z^4gH6ZR&|Ie4u%+_?RAIkPksG#p)SdIdtaB-=&{M-qqHpFUKB~E$Hb;>gC-=^ig+SvneW z;wjdK2>sd#y~Q`0|B4k;dz#;${tSKOzmLye$|-J3KGUQv7un|NK5LXm2id&WdO!U;+D6uCuLZcfriGk3Lwn@Bp*{My-`A*ZQ~OM2 zZ-x4PU*D!aum%|#BEOI`4{4o|@5Y5^BDASFX!eyXEoVYY(e-1isLT8nektU!=A--& ze!D4XEPtt?G38XpZ+E=fodo`4dA4?~=RcoH{#yKgs*~|q*fzr|Pg(6<<>%-I&so}& zGI+9X*fGC)vc?>~E|m8=pP#e7ge-pv&L^<5PZx%-@BQfHD0~T7I5~cVzo4z#bqZUz z9XnC;`*dyHc5wFeq^zwgU0%Et!QPdQA-)WuZyZFPXe?N3o_1vaN~fGu-2UBx{VN?t zeskHGI|ApPG$;J?s)gGBK6%L8FuDxuH}d(R@~nI|ysCa0eUJ4x!hOPTr5$4nhn=+M zSfTd({CI`h+s(O5^;>ffKEAUm6#B(UyHA#nw|_T$AzM1XZ0PsFJixg${s-F3*@t2N z1?x-J`#vV!wX89XlzRGImG2Ls|Gq!Oyq7R5(TkVQJYT=JTjT!Nc;t}P)T6{8b*u;RrC)KP=;KC(Ip zM($}0#Fy9^(#I3@`J?cP#}5G;N@L^MZzcxB=PSu$6L-p5 zzrY!!9G@KR36GsQXQ9yDW7MgkPV=J0amvLAB}`!Vdvw3QlJmteeuI4agDLA;dg zh{#!awEcN(53QBx99Mso=X$39?VTm&Y|UzwMRrQ>)$?Zl%g+*Q zD@c!b^8VzO>)0>2mb2)kX1^fE*VbFsmx_hsibYqPf^yOZVfknD6^ojz(T8<-fO8Ry zS+E}s!V9^loD{l`_an9+#utW9%+#wKZSu0b!!Ju8l+&ZtFI$N(WV%<@^cPuG8&+HzF>p#1senWl!v(owv+iV`OOt~m^ZN7@kvkCPZ5;hM(=GkQG z;-{=<&YQkKH)C6nv!g0XKACVhE?;6FF*~BE^t8mxLna2(Wvp~}><{d_6#Sw0<@h6= zQsp&K-IDlsd7pWQkJ5?C$5fn89(;8aa-uB9C)db1M9sZtkTb{}^ZO_KuCl-T_}yrK z|Crxv>~EdX++lwo=69F<{XKpkw!gp2Zn-GoM1RyXmH!6&vB8+H;O`t+2oIZFNBF}IQQzj4L>^@2*InQd z;rs+Ls@o+mrsDD=>H{{n(WT+{n`AEvmxe%&Or9^Z&sA1y(*L&Yzdwz(FD=scoY!yr zKo$3Scae`v-#h73wauw<$okOb7eHt7)_nVJrPZJOcUp`6dI{fNvGo=Q-mT1gw>I!D z!FU>961sPg_CB3ui$%nX&{2M+9n{rtt$#c0bL}B07nzeZ`Ppm=ytUbAPcSC6Geq`^rqm(cI`+LrlzX*KN+kM`o?tJQM?N5Op=QsEeSBUJ5 zIuG6{x&4_y*##=g{N|l>ouN$rRp89woopGsm#&0AC0!MDpkMZkPB8yzN81$65IFnV zi91p(q3pv3e8C;q{V9A|vJ(e*ulPsu{F!I+CrR!{pid+8kzZf21^5P@#%FrsAO1M% zF4@SPZRDG5kyy63W`*$C8ho*DCDKxCEz!$){gyicE_M5R(zXuqrCi-M#D`N=VhX(1# zl2GW6%H>)Xa`sovYW;%Whau^D@ZIb6;XlDCrS*`pJ)J%rpuFKD#=Z)?gLxZ+GS%pu z^v93${x!N?jyw$d$?2nXQ|Tqdk8~e{M{;$6X(tp3<6A^uDh8yR@fs1%2(qz1lN410BxO zZ!)xCz8tG{x}T%(|4rXV(1bbS$K2?C1NWX#-E*~+o$Jx2iu>v-v^H7VDDOuXJ~`z* z5p9yc4bTRDK2}>#TlKVs-cK2awOuswVxrF@f5Q~-9);sm=G@2p{c1kFN(1yl9*SP( zd>rl1^XY}G)tctxaMkP3s|$K*jdQU5PHuS*x}!tdkQ@a zdq@4c;6(C&NjDR}6rOy-UEuN5?o-fBWjwlZ|AmPq=l%(3ZtkBr&ixb6@T>4#&K(rs zru~{ApZRqAjrL%Id}eV78@d_2D$_T~YM;+;%<$Qj=-|*T?8Or2#1F&MS}U|)H^AIu zf2#XAZ|-Ga%2x8{-T-tnd`9lU=a^@je}|cW@{!1XVVsCD*ZOuI@#h|`8bvGKDV9-t zM#q?g&uI?wK8L@cODA+ObYd>vm(N?{vb-g}(wRZQ{i^7rwrzXgVZK|tE7OM{UCxFs z!I)ZNtaIY>wLWofJhN}doXfy5yi)_c=({@*ivLEsF!M!c#|EZ@gSpEMeQhiG|FAFI zHu$_Z)Hh0dG?7c=_!_Y>Z`gboU!h_aRad@5__CWjeED#GePT&pSMQ_)x})+&V&U<@ zZblcHwS@BALwUfRSQ1Zdr!2C;oJ|H^_} z^vR7s7tC9NFk4R#W`{lJUI?CS$bNX`Ir`jH8S0a-`y%ug-K9O6-@DcKw)dGlfx6pN zILP+wY7X^X&%J=0Q=9|u%`WGi$>RhMOGh&_6&;Dw=?b5FV4co6Q1_j01b-V3nUBAT zDQCXO_QWmv{zyCKIOM(+7OR3R}GIGp{?F?4-kxO{FxE%ZFh+= ztrd@;XX(6qigiHeN(XDv_vS*kUhj^UedtN%o)+f5Y=aE`1Hf!M_W=HQL$BX($7F_w zPIJ5~e&fe$=kkx>NH%D`mxs7#9(h+4)jq*UJ`BB37>4kC9GnD4@J4d#w@#cmncZNNreao0Nc`iA1a zrQUE2<&abEZl2XNv_#;aw^82cmx~x5bi0D%lgU4RE$hlPoKf+7J8EZ@ct(7Bs`}RN zeR4}~eN%5~@pc=me9Nz=c4L0Kr>O6*i+8;u`Ig%@xe^)kY~Dy0eJ;Vc=Z~`)U+$d4 zU)-JC$le0^MUe5v@AeI7s&VC>k$8kW%(7X&KwEBSV0`%PpSO;%259d`=gWgJrT#d$ zVeKzx^Na>@(R$|R86A-~5Bd-9V4l2Q{meMz=85y_W%G>Yx0@Y@+fg%PwLg6(P!8rtI%!Y|n!f7Ro&V42_=KgGZf+zS-To|)2|Q+%KNJ^tA{-Q%Wp z=UBLO-*e&7`+{&iUom&LO?QkRvY+`q(Cl=7C3fBc-6gh?wi4*(@CRI-jFFD6-uno(-9ag*Iy&^Zyp@ z>ruWcl~Xw~^6@MDva*p8qSTQ>pEn;f2$M(K@*>jQeD3PS5ji0s9{NTz7RvgLjj_ zCy}c{FYn+kjUo7PFzWnv$*LK|ygFwtZrOhTe0S*{65;n4bkz4OizhJzcSL$FETAim z>~koS%OG$r30M_x09Hrlj*MJbX9QtYRGt=I4Vk+#a$&v7K9k16^s)8yU}a`Lc81_qjGqk~tz?z9_AG!KZB|c6)Obx&NdSm^oPB4(_0g z(>z|4(baSD{9B7>p;&}`7!5WaHAuIdJ)g1leX_S$>*LkQNIW$hN~d;LqlcB?M=9Z~ ze+fE1AMEDj#1hUthxheQDjBg38{g6t-cO?*a@?)t_wM~w{l(G z4toa8&mH78UyjaCo6m>R%3Y=S6~S`D=kd9*#YN}P{a~qelv{s!I< zf7j^N>f_HpEqgr|)_aS<^7(x_?+d}(rTz^;>*EbNHy$4xfWGkZPW<{>Tg_U?d$p^z za3=SQr1+m118`MrlIYYAjHE65=35v8!5wHw55B~w37RY`F>xF2QN}V5W2Alg{y-aJ zsH^r?U9Yukq3XQsKCAH$j_|(_Zu&0aW~!!pE!KUnd^}m)Mke;tBd_=i}kudGj&( zL<94Eemu(Fi*h?wYaVpo+;VudGwYpdQ+(AnE5oDTrd}Z)ZMAo37vd@5J;UeG0Id6q zz^btKY8Qi*dK8==fu^hq*nk7U*;=N+=;Q=N;_ z?){6>sYjvVBcZf+ewTW^jM>44^tF@~zF~_m>*|9QiAyv6|5y>6Tc7jn;zBrkxs^{U+*-%@?!y<&4e5V)*^MIDUpUogQs|E7}a)+|mUe zIy)>`7i|B>w*8M6Y5(}~!gHg;-lJWJH%$BYL!153W*4*>@NnUxOzyW{(Soe=^65Mx zz73@%D}p%fwKy#+g42(S;1qi5)HF$UG9PX)G5KpWhx)PQj4trCiSb_A+*azmBc`!B z2wt6`v|^Wnc(qx)E-8XnR}s7#o_HO+_BW(&G_)a}0N!wS!%KVk?1oSF@PFgK6_X@?&fn3JlBZ~ zy`S&>tjFxTYfhT6J}}YbdDr-_fS&D)`K92UdWNUhV>U^i)?-uY+ z-K~BD;~@OfTaq3+xG+7~i;nO>NqX>MXz&;`ctYRs(Gv^PsYm$#C}ruN;#*P+V%_do zKI6mP?gORW=mF~vV^4e2|By!j+`kMMaCe2)Ngx5t~mlAJlx)Dl5=lrExp z2i5m!FJ1iytI+|Thd;)KyZiI#`!)DTxP-@gATEQeM-Se(A@_*i%99{RkA@$BS# zO9;Ina6tZ$0hH$EKU($-+~(c8B{H|i-~z~H<(lzyBz7wxAh_Qc@59@)0B zA-w?__pjskCXcVK6OTZL#IuaqQF!86#_T9O0)M#h#~}1^p^e)FjdWgYnRLtOuEFIY zVh6}|y8_&rL+NU(183&NY7e(-HKtAUX&LybFN>h9>M_4kOR0M$xY94hk9y}<7N(Oc z8q)pE4e1-yFI(5NwSe+5>eH6a5MrS#{@hV(nt)*{+k&SwDppNFpp!2S6wU)Mkn zpMJ>&v=eJczmK)`$L){tFeT2G?QgmBEuMI#b$&T^kGGb7l&qZ&zL=c6$`y*_uIv#JEAH_zmUUg=?oV_47TpdsBzHNSa&!Krv&$fB)OvViRJT;v$YDGTQ@QvOj z8)h*+nTzR*;QRQ0&f*`-;(td_|NV9r|2u*bL2Qr@yzdwKM#yOX3I*B zZvG&-5vIV~HC}zUc>yt%)8ejVaOFzLV3XHd^PoSkjkVNOn<~c~==N#!ZfNArSlI10 zU)16@|BcxfGIxXnJ5hNdak1dfIXe?$H8GU_5Hw4U2ZxE^5UYr<<-f7#WLx34saWY` zbnN#Rqwj6S=_?$c!9F#%S{}Uj6oD7oRvex?44yCb&QHwz6myR6+E2}ov@WS@Jja>+ zpyd~rb|UzjlJw`DTJs+Mo0c`$vy#cOoekZ1=1$7e?X}UAn*`mCSGBmu*R(XU{%Jo= z?P>2ZQTZv4r>CpE#dYYuvyGq0r_;7*hEC@e=~qKb@qP)X&j#rffH$fLyqC~CWcZ?ZB1W5AXmb~B;`{5- zcpP6_2YqKxGV}%h7%Ttsab~NYri!y^Lya_mUyBG+}ABhr}jga@JO6*v^YnyI6oM)cefV7x#EMT zz^Yx~94I$*9B2)!9|0Tu#v(Yi zt~v!yL7DqX$jDsj$2uRSG27LIt}uy^@6_+q-+1!h z@BfcWy|MXtk^UclsW6XsTvNRNJyup;4E}@1!T%L&nLWoM$uKOsIPX9 z(w_SyedwgkQ}FBi?RcG8WW2T)8Lx^(#mDO@@#~|s{g_AV6g=ghYwbS>ZFnvmZxpSc zAl@5#nppJc5553B?-n065<{vxf{l-v@=4&S&K1;2_10s1lCxD~K^^x2(IL8TaBP@Z zT*hf4-;=`1Q5|>MC&m*GJJx@AW;|kjyI0XK!Am|&jLZ0i>4EXFbSL^wVtvTFlZWxt zSm?}jlD1U#pY)z@l{Y#Gu>aLQOV)V0?HSP1UC;P6y}iY4`f$q*yVpHDC7iC)*!b&o z{n?py`t3z%9GX|0#=@f$d#4b*^NPT0tvdxg(dy9Dc;u~~PGhprRdhs!MCSe zo@p%0TikhxW?)XEjb_&O)wj*pd9Yp3wwiC|mD&G-FV^({FG@Q<5s&T0_9wrO)^E`x z8T+gFmsr=O3(MAXn?6_8+_v>haX?)vn7*fV}z)5a#sZ=ntR3pu{mHs;56a$lLeF!144{_n0&e;is2 zA;$&>JUY9KO+WD>qSXNVmoK3Ezfc(_hBTZ$*7jHNp(CTxgU_HpJj=R!l#le+p7Y~A zuiqn`Njlh*=vdEuYJTDf-_N3l_FPkUn7dVsokV}lSZt!LEyQMllNsmzOVg>1^qsgj z&F{tZLH2;k2Itc+tzRrz zG!cIW=RpNLs(Gb(pmJu6sP`V`qt3PH*)hhrReLjsC&pdstG%hBXNmKU%$%XU3hKS~ zCg(2M_%B*`!!yDen3orV=}wIAF#BPVeGy=m+dDb_gZhdOc9%h?;*>(7p_u`qv{2h-pL%pU^Zhq*>D=VoD^gm!r}zoTLYFj=2O z^Fw(s4Nky(Bmi@VU@pkQbPK`!`Pmto@6Us2a02GN0hnEa8Oy>vQV8ao&WZaz)ql=| zX>bDOX9F+~3+AFM%>O6^^S$R}#;7$9rojoAn*%Ui!Cab!NiO=4^!!W~&%e!sX>bB& za{y+9@pP}u!n~^x%%`$2m*v4UI05rL0hm>S*_4I3wGhm+-<%mE?1NnXRDEF91zvM_&*9i{wE9$Y7Vfqib~9`%*ee~>vi z81r;X&CPYlrlCcg1q+q!N-eeP*_E2FtWD^Y@>fcpEO{@odtFg1HaIopys2y6kHbQOd9KN zE%?r5eL*e;eZ9H^roV|8#8u$FoboZ&!$o{npeHtm)6usPCo$7W_gZ^EvfIehTI$WM zPd}u3w$701BQL9arpBw!8M~_nzO7m1)Lk4RPP7!6&i{zX72%v!)!@`^VJ!T8i{#Au z^cp*cUj(L+*XUbD-XD59J~8TB-Ai%Zd!b3P5*()6HQ^9?SB;bI@FYxX)Gi&Mdtf8w}ONaPgM_WBN z)j=bZ16}2eel$0){@g(Qm#DX%`p5a+sI~a!Y<cCrZK8ho z`|}f9)PA5o<^1sp@^82G@A~{Z+4ApWw+3{OfWP6=V*LB-;{3Z!{EICx?UGR~gUpi@ ze(^H+2pbL`J9=`Mbxdos#$7tWp?O{|g*jGl80)0V#S39{y)p2@*!uMOmN#B_wmv;H z0FU>=ujqVg=S?XmJ@!Q>UG_3<{GK*?#^l_GVcNo;NltRoHz0%j`2UEtmr8xUo8 z2>9i$pd7L&r`%1U4GHXloM)d4ZK$v@nVKh=afOb{;a&YV^GCF$znA8XHHjw8{CanA zthb$;vDJEq3d^dF9~U2Mow4w7aqk(|;*YE17xM8rFAtxO>8uU)-KI-h+@?=t>`B3U z;_rj@UpD^e3q^2jeY`l1f;Zmw+2B{7h4<+q@IsFjho|_be0kpbz2fE7{!7?9h3fV6 z7O$6ck1f1AFopAk(^v~ke5T{wL1OZ~O+E1y&S&dB%X>MC*~yvjuW-gtXX4eS)-%`I zmhN=_+-Kun;F}yGIv<~y?%gq~GrBtKXX=cntze8D^JCk4STn}!J~oxR`Gn59FHw9Q zb5?b#vG-)dy3AXhfi`v_^IiKnJ9(FhA>_Tzo+&5Bg}N_>->g3dhHqyY{}s7`Ldql4wEYZP_v;5JZ;))k@ zrpKeTat*Apd9sy1QvV~0XJmXuYu?rBET%aVOK;|e6xl~+j|TXD?wNmuPU@T5P`+x}WP8KY$QPWw z7c0My**rnWnq}Q1!C1lv~Sm`VD166-{ZG`8ZdmG zKhyAh7Kfa?sL(Rlc4nL`U+C_%e#R^T{gd$hN?`f9WA6J3Yr=S|pRspn*2eL6UA-i* z$L2q~!OI~lo%vLA^jJ!BG@CnAddJz?|K|HF`;C0!Of7k}yt}YBE4Nk^0sZ=Mf8ANjSEvr%~~I`tmD^WV!KB6&CtoE&_L!F$S0 zzM7y61kc1N=8N*msU3H~iOYYjxZuiR=+V|oE^*G_PnSGGE{47HP8tXOMn>_ud2=IU zqx}b+nbn-xtDGU=FI!x^zSG7KN#+Od`GYTV&O!OQPEdY|FV2T2U$1V1)u)1W{duZ0 z=Q_`Uu0Bh8y@@Y?c7iP&6<=_R&FzvW|8num%$cnG6O7++@1uubj_k~->(7^ z=j6Dtb0SEW%zUx)L~FkCX>>I^eG@;&`EL4k*v2$io-f$$blTOrAIveMy2`l|ArBM! z!Yr+KlEGfyj_6PW`mN3_6oT98-@nd03BpvKg$JQWp*nu9b>z&5I-N!8_;-M<%)?#z zsB+f%ERSdUpP?P{CCKB8jqMuUr+ei7Tpn)()?b3hn=?G*pZhdAMy4-nJ{gY!r{J~xA3@wz^bf5y$#f!^>qG3Js*&R=4jfc2Lcr?k~wPbJ6R z@Hl~^#%a-?F;0CM{9b>YF3caNnDT9n;#@y>VKAR$cSv@cZ)}XAyRavbL+$8p;*k`5 zfebPCnc^>cTJ%M~^Y+|%$8VFHFjDR0=4R%dbPb&+n#R2|g5%fUOMS%@$rjMMsB+?8 z`3pnP1$z#gSN8>E*KcDt1Yo}MK5T$MU$iDEw@pF0NR{cm-PH)02>Z=S8eT{6&0 zYe4V}bv5G>wDa)q#M!ej_S;V01?@c9Xd2rtY8xdF0*&exSFw~>@LQukezqm zN#rwjULU;R+j&0hPvnhpA%5M!`uK+UwV^n_Zd9LMhhP0Yh-<;|boh1YY4m078|};N z;(e(T|FWS&IhneVBU>covzUXU>Kl*do=?G%=m~mB3fI1S9s|BNM}T=q>SE!L5+2 z4;9D_pqPK_8X{N}xABl$gt zdj@p&J%c~AD+hlwFMuI?U1g^*FI?!T{A98t^-Q@b?nDCvPllXY|mY{JyKsKSIMo z-dK#RqpE<`?pq!<_HJlx9!uRXt7}A+`w+1|zKg@}iMtk-Vn|*WF#!%nh-t#u= zK4I-0%AQwW$N`4^d_8{ANqm;^;XnG-!L})z_qJV+pK^-1gV^N4QXd&Nc-PQD`4ZLV z5Pk0Iz2SiLIF0*Q#$3LGHDjDv3+S8tZBez=3l3rGR61$JZ|J%3)c#sT`GSMzG!`(Y z^~|2r&|FXQOmyD=NqCCyahf;K&F8D6_G?#8kAE^tw+FS)sD5g!d|p^?cp;Z|g4eO0 zIRT$aMoK?QA>&h5I%a=a{nR>VVCgOmt#^tGv1ikCM~8g4@{MTiP>hOb!0(ZL8Zm*~namUh)GBvUVxA>I=;27bn%H zzs5YC*5I_f6`p+)d&TRZ+1RL)-pAdqd%4qfU)yzjFFS#3v3q~4aaNDEJeou6WF}YJ zNPO<0Z-weK9QR_O^7|0HJ7+KaWqi2M*y{b6cI6W&*Im|Qx#KUwcxjC2TVxe?n=?;M zo(7FCeK&KIF*auvxF=A2qIsUs9f1?c*FBg2%oSwi)w{_{m><`q{8BT;+we*XzN-#Z zW%dyK^Ey@@W$+UZX4mBGJtEI)E&yjRjQpFZoT7KnldpO&a<)DE>^$|kp1q0v%vt5$ z)qei|whQLebIwA07N=^@=lL%mll;rJDIFq-E%@K~80F_r@CoL@mM-Upo%Cz5o?j*_ zo%n0eTQo?;oVt4}xsL!^zb2n4vMhMNov8<1wQr?-&K=kuACzr5iFv@e@WaHbN`9m3 z<0s1Q189wyES}GMo}+Jq1O8+7kd2(q&^6-=l1|1PHDlgdU)M1mJh`81r`iX;_MVgQ zLp%RXnQ@FUxDpfa&B?+E`unoP0(3EtWGKTYDaz;?eR$0lRr}vBFcT8e!KO-ck?~CsQ@ifZ_b5V&3P`r?#jG((LlX& zdpDKeW{?i;Hpi9!ZgHUA%89w{tqr`Z&wIBs@UGqFy7FP}4ZJJQd-r(Y9rm%&2mE@e zz`K=s@1odze&5T_$gNi$c-KBI@a`8Q$8xc~^V+oeqmg5|*WTY?-hXf8`^8p=@o}!k zSMTF>$m+M|UH8bk#BF8!`_RbukK4EkANJz`*xT&hoc}HrctzPee5p*?ruW2*uvVi72CFr*pKb`YnZh)Zl}y{ z%Islm?xx<|q9Nn6i`czU&NnNyPHo};YCh|DKfvdCeS71VJVLw_=fWVx#GB(x~^_e1afd_TZ#o4Bey7 zE^HWbD@Ee%;c#DKZnh7r{5I#3^AQ+>vLiNmcqU?eKTEx%zY_7E3kLZZDr&a6=E(c^916E4xttQ!B7EQJk^m&4B`kSiZ`+oTsI3F^D=QFc$D&L~6Y`PRQk`1c7 z%8`~^4v2RSF|TCfNJfdC{n&lUnf2*W%$F492B!9fCW z;+%cqi6_eETOGZD?;_*Y`akvzNZy#~OqYov5Ps0@z;(lWo?AzbW9FJq7oR`7210$8 zi$}q)z3u0gSAG%Xl{ckBN4Sgh`_%{iFlnSbwBB5@|v@$9~bK&aCs6Qs4RhaV3!IN9A$B(rPKh|gy!>Icm zgRuU1t$gzVyGgjqJ_UE*#;j+IWP71wnY%mY@n5!^{^Miv^pFYOKA(AZj(v7c;MpZs z|GC8J&eWZ4pUn>*a5nxo!Ti*8jQmk9$P?^AYb)D8IFH_ORp#@1hSe7m-7eZ!+(gkIKnt z{ECtXobS+@EMK_htXY$Rsr>?XIx@t}<58UFDBD#ozt2theRO}^D&?QPan26>Dx#m( z40EoHI?heJ{{Xr|_(ptp=bvys!2b_XKFl3Z@=t_sRy}h@M|0lXU5u z+veYkU$Yax=BIu%yhpf5N9ad3CMc&qg<4DFU)_fv=t|qi@6bnNVWfxmte?vHq4n5} z@nKE&bq^DN3qP2CLZ2MC$PoD`%VcAD=d5>eKOi|*q46T_wWd9thxm0qF3HmPg0I0- z;3gamehs7JYx19UjE=|k44E9U=M?1c`P0#izrCQ$`VsGk!((&xD&(zuB_HOC-#4Af zb>UmnH|S#YD%Jt{mdnl!^r?wHE#uP!Z?uNIc#58dboy*-BSjkxQ5x1-yGXFKwnxeiUT>*W`q zr)0L`bCXf$sfuk?@z3cQbn@5HxET`@FI8|%*6{x1mh8Q|x$}8SU#c1Vs~P&NcG8J; z%;)vkRvYvCU~R80yxU42+bG`#Z%3iqIP@-^wb;a5=RR1)Lg;Ln&O^&4bGI|jPVN>%mL*C(ot7B_%g@^Sy^}jcF471=@ufGq-niyjSN| zI%Apqz0$>GPx`n#t6U^{e|1HO8c3K z<_VeeLXZ4<6!}u$-NM|S^#S4RkFV%7Gcdljc6{f0XS|3%d^$gH#oC)^~ad=i&Td_v=lP`Meld?W%~Mi>^JU&8G6`B z4?g0gQ;!1kpx};<<9sCd*1PIjDNX<*EW?rvmUN>(u`95w>5ATt04Bal1@1w!m zYtlhP=1@o)V`Dc74JO09v%PEABXq&`9Jh*Y6IoKQ#Mw#6uh{z3Rz?J$_lLy z4Nn&CuV5`IVtaM`sBoR&860zVw~al2>HO%7iu35?d_V_hr|$K1#uJU)%_7@W``wyj z<}8z$b6%WiB{re-J9P4=gJ)2b>+B$QH+m9uvzrNwSo^_bC<^%}Zp;0Q&@s)J7N^kaJmUfUPrCvZ>A4IG!(&uZ`S1 zh7aIR@qu*WQp#!1&cx_|!#C^UNqB<0SIs`Zct-s&XST*t4<2uZ2LxZbwCNXPIY^x) zFMj+;_1asAxA5YYR7SeA`j#Avycl1fZlHg{bFug;`uG<_ACt?H`Zi_^9X>@tD~>nb=a-F zR@KLM7+?NLt)txQZRL{mx+KpdR^OZUD{n6~2v77_W%oXU@nX{d{`teK?RhZHC<4Rx zDLnUI`Eh4?F+T8zV$XCxq2kN9J2V}{M|AF=%ew`XYvYcxfPC+V&wm5_q~tsN+CG5% zXI)A0%wJFB*BqFMd}sYo49!>fD#mB|oCq;K;&qq)h);}O0(`TEz&k#Te&)lX|KFCL z4qqe|LF1*gvk2J$f2Nl54c$e%7%^vxAv7^*@T19V%v#l`dkq`7XDj5bagraweyXld zvwtx(%Z<@UX}yE*p-pX8JDQ!#=^(BZ8=!aX>;&LyY0`z&WAlrxCk>fd3}hu>zO|50eSn{m3G&mJc|csHLR#_lD) zkMsSCO!wn=|Xf+EZG( zkUJm1?^Qk;uhhai@=|sq-^^Xo?il(`{iyoRx9HN2td+iK>Q<7AcDs|7yh}ifCBR=< z>C{dU>@C8_Nk7B8!L9rj{I~GE(Mj(Bp6utUTYqr3{0ym0w2zG^A52c!b?^nW%_+N{ zXJu*|yIRyk@Vw-bJB}Sr2IIPqJMHqAl*gV&!x- z_o_-xXzY`nXOTz4(|;d%w(z)T?2)`NS6|;|c_;|yz9MiM{QZVJI4*oMxE$QMSDZ7& zCdOziW4w;f(1J+a685AAhez?btb6c&r+aW>iQxsG4^~?Lv)0P~W%Ox<$AcewFYEOl z;&vyMbo*l-X{g>WTh)vQw3ZIz?nYnT?RvV7y~qnap_eE;HV>0sE=~TXn(6 z@xD{=VuijpI|A(;I4BrIcR2PBM^XtNJ z%y`eW<4rzg>Cu_-K4``}J-DCz?E4p{2WKKLP5$Vto}Dw^wT$-yZ@gc=lJTwquJTgb zId10P3_BkFcu!{>YMiw6I(H_&r#opg-u#XbtDyh>c+U}?XHbUm{*Cg!LW3&NH#WA# zjV*2IVm@i#MY@#UP56MNPc!+Ne7X9|!t<)RTsHP)HEoPKt- zU2S6DwZ=()6KC8VAqPsx${XdnOi>>inLQ=NUm6{B2IsBA=WZs>cypt#A0mG`D#Lv~ zo%R&#-w%uTZ=9u55YDHHz-jnFVK~~qSN_jIsaVI9(`hB zefoX;H*o`TY&`CSsWr5{-kgp3FUw2+M9gWse+D~9v(8Y4W=o3nHTm7bebv|=VsBJ) zxFY~(P7ydAhYG_fq#raKEL>J?cG6~{Ivw9BTqjpIjB=NAs84$dx|g({Sn;4PE1jMH z=y9RCL@X5d^|vs6>L*@Yx+4DBJH_+bV;R7gX!0O39n0ex zVPZ*waTVIH9b_J*XgjkvgOAVb&9HZ^y_pDhy!J>XbIhD$KCVHZP`rGv%?ToZo)g_R zKN`jUpNxJO<^Kf!Pv(EMla5x@8@(k3pUL)o3Rv2MMJIaNfA$2=g8PFB%KhMeJ#zkW^aHZ3&dx@SyHWOR;R5f&{4$0oW;DpIF!dhVVI#?gqTE9!`Xs8Z;NIw^2 z?kxh&QhnE_f5?4<3FN*LcD`xsF2=~zW$hQ86EkeQceC1#)w#rusBcEUwEFWl8`Gz_ z6ur|rtU*51(U$yJ@~yj-;rMW8s3oz! zuK0NS{+;1iuFWXCr)s>ZFF2=y;m?&1(cgSHnSM+l@6vAY#vj&b&*Z3$fA?{}3f!++ zWOQQDMSI;D{8OjE-`^7}fd7l!?U=#;6fpce7x}mgzkB9F+uf`o&qB+ie70Nte;0fZ zMX$J>Z{&p^XX9Rpy#&pMc2PDwcAxU%i?83r9R3WS7gmqa*`1c9lbx0&lj~asv7-kc z3AZ4>GrnpEn@M}r@}Kr^hktIbhhG_kE5Id;Z{$(R&v%;SGijx)k)gv{OGD=TqU>>O zSIY4UDGh-5EOty?1lV$#xY+y__6d98ji;qdqOLqPj7?T~rF*yZ{4*!nJ z0x;gGG1&rrH6|M!Z(KHc718lw5Z`Md7Kjr)G z-vq6xBU*p&-ON?Kr>U*=wykE{)@rYrz|C)D1F+moSG1 zm#cjBSoV>+BcZBwN!De_Y!gSdnl`DYwz_PaCA2xXAD9OmE0K$k^NH{pQX9*~$^_g~;Sw)PK(X z9rAry`agkOPxcIeDbM-YZJZalnLeo>Pph3PX@~iuxq&ah^LOy>5P1cRtct^1@hoqd zJEnYj^>T6EO8!@I-g~veUM(t5{hAqpvjaB(&r`WR7C?lUkr7e4= zb4@E{Me|#rt7M(l|MIIMEsDqaAv`Tvq`gVASI=CKo+aCH#Y1CS7N@W`DfeBv^rd{aHXppP{)(eWN>^Lf>5VABE>)j_wwY_U*+-onr2ZUlYvHe)c?w zCy=d~qqmvZKV)B{ufIK7Qa5n0q%MgJUUNRaX=Isb7t$QNhjE$8GvwJen~Ndy44Ia| zj(CU4!L!EChrZwSR%g~m{MHHjmb#lUUe3D}@R}W))U`uio6nJzJLmGp9alSEl|^>TmUY-|qO5mgH8AV@cm?HG3%u(zu)&S0@ zgRAyY_JTM0%HydALM@6lG5kT__qAPx?Fav|mWqEfe!}fx`Gs5dHJ`b8U-Nr6qsMm- zJ{D>T^6yI41o?NdoABvkGd+pT^n?fBoReQB+IsmIOy1gMb}p?5%zd7jxsQAjzFpyo z_^_HbHxdJ+I4i}wV9&Lf`C1w7I~YEjGxHNqNG|WvTv)^y#$JcV?b*fQaIRlLmjQKF!O6pFB)=~Clq4nDht*_nOH4r8jz?qvR=d-lF#-sK2JX&8l%J|^- z^`3KJU+=XC1{Xlyp^2wEF5oxzw(+_0+sG~c z8$6~%PjKyOdowXE*BLtN+z4`7bnf=#VhOnkCINqvq4On{&h26Ee2ld@9}L>stL$0E zeENvSe`4Q8^gU&LdzLZ3zB>{6PJ+J7+YEh~118Tw+vLr%;WP9l$AaPId-CWztyJ_S z2k&|0Oug~M;CLs^J_r5H%Hj+!k7ceklba!|+zjWP5PU=5G2np=S4@HN9gMLucRX~H zPn-V+k4gNOj0v9)ACr3mJ~s5_c@!KZ&ku&D0{eVJ+h5}I&hYSCa&)F#`dWFHPao0u zE6_K?!>54Z+jzhGiTokCb0LGn+lu4R@S2tLd3A+DTM&m+z^L$Ty*wDE{RJcDU=9s3 zHeOy`wco7vsV_Kr^Ed}aMaDOh+y6p2_E?uPbu;JR;l*Gs#GS}Y<=C4(h^_Hw=KI_M zEa{~?S+g$EoP@W6d5ePhs9c5Jx6aQsSg!f@I&~W|IghfrG+lT+m_Ld6k=c9cXI{uR zD;#w`=EIBqHnO>jM&M_8HXpwe?BRI$6|d{_>SA~`SpSWVQ`Go^qx-&-`t!#r0<6Ep zIDIQahiuNud>X#daT1Oir%`{#IQ>%wzt2b@~xq-C=wHX2`D zU~bviaC9a=E<94&Q0Knnm^Dyx+N~W`=e8kRqkLW@cHy|gdS{=7DEkU!*+0@aSM$yI ztSh%RE3v@l-Q)1C|E`{QvS|_2$jQ>sh2?NJj6JO#?YM@+K zcvPSKxsBLsU2X5(yyjtN_C2M*qMfgkv;WX9o!Xy`X8r;Py@*e&Wes_POfHj0-&Mzb zf8FkaQFVSN9J>~W*x>OVPp9J@xE_tJNR|M4R^HeY~wKN%g_ zuF2;ARNj+|;A4_2>(QCkW#y#5k5Xt|Z$0Aa*~4wMIeRh*=rJ1pFn$Q&`7-xZuqyfr z!xBD^b2g#68SHU2%lpLktM_o?jh>szXJI7iAF|>&zlZmOnq2=)Boms!;x#-~@hbNE6S{nWQctg+)`^Ur+fv-6)BfLwI`C)~8_STc4L+|+b zkL5?5*f_E;J8fS+Tf8qF-G$p%TeZQyoCd6hM+(CdZf+C4q9(rSi`jRDMot{OI=0PE zg%_q%l_lxnBas%TgJ*j=8&SD1?anMoyGKmFW*Pg~mkFP@{rXbzekH$A7#H;`6ztb& zz-oQ4FsuyE?6vrOy*NIr{HFKuU;{0aVidFRu1zFcYNOA~zM&zH8zX1*+9p1McgJ(9=1Y5U$?yzi}F zEsU@F{^elbPXkuPR|>-tZtlc!e6Glz%>lkUGiLUK&7P3th1Ss6dGW2f_jKkJBl~kn zkC#hpHs8hOe|upZ)Sp{|{W%R-9bYO8OSrik>CeV1vSYcFzAR!a@w;Tkk~192Md6R- zV|{ikV|FaDH8NuvzR-;2Pfkc)Ts5-q^KIW7a{7Kp(1xz~m%{j}?=```p9ZX+&lQFx z+}x%Ke83TTp_~hvYlBPaQ|vOcFFEZJr$zbC#&U02S%|oZQfP2Vz4~PC=*Y~?Zri8t z6z@}Oyf7Z>(;wa+n46~otK#;;u&myaL(87e7A~uHe@?rF>QsEDa2@FY?!(aRVRQk1 z?k~U0_!C`x4HbbQrEaB!Jr$5K9ZE1x6&Aux>#?(6Qn7^N~)4tnG`lPc; z++(V{bu;{ah3&&t#rqKYSmAcnhj#}1a2l{WHWi08I1|3nnmv=bEByC6+#gqX-gX7f zIH7Ol(7g5Uinnn_k$IB*XyH22h25q%^SLgUSK8o}8PN2B0I&4EHU4|~oqr9s8|7S8lCZv?MX+=ug5TlY5UABb?u~ZV$7AUr~O)G7wrEJzOR94x_Zx^zx zLOScWAnVpC?y`ysY20l9f3}LX9jii&E7Y#G5!b3+x0$51&jj7-qLz{E=J)>G=RVIo zGkG4!?(g?~{r;HO%skJ%=bn4+x#ymH?m6eupF>VzHFR%4UM@vmYA#?$_4sHu@1ywW zeYSu1o}qthqj6IIdc*x22dp*ki-&bPe3YL>e`b6AVosR(9Q2{y>%(^6*P8a1`@C0= zP1CLoXX3FnYvSAgGx`!Gi~Ckb*U{d|t(nGWWvTAoK_3oXTh!g#{vh+>Y01`=WBKbo zOaDJR1N~P;w=eoH4by)du-4oW4NJJWyXeaFXlki<~Qo*gc-K@tYx_g)H*GJ>~mAEY$7xn9caKFX@tNWH{Sb@CESbY9A9-pq8 zqG1T1f9L+XU>=VHR^5%!u(XGEH@=Y%duitJOy+UPUcLG{&v*L?kN1rpoAmb8&uV?% zWoTWxm;J2mTX%flx|c=cqrN>6?%OzEwJwQiY}{m|Cn~8>U3WnT}O5jcP@63xp$PV zQ&+(UGvI;4AwEc7nORP(6L%($l_QT^dS&D3)zuu0gYbSwm|o+6RX0BxmT+@-(Vty+ z6m^;zjDI`h-*0sq&MhL>qCVS)e~RzJnz_;Kst>wjGMJ;|fR(r+9@gVmSe=HmvJv5b z^na$)}gA<@5R%p?(%3DqSI5f8_;PSu=-|2!;-zZH+=!0 zTQ*0@vfkuP=FC#@nZ91$+m;-76Sl|Cye4~f`{ptF*1y=k{Up9`t@Y9PsBeE2?%OzE zIpfh;rU|26ohC)-ach9LheygbSIit*W!?u(skX3paNay;&9E{$$a zxZf7WeH^e7HotPYJv`4jL5h1YbZ4k?Gss6U!8x9EM$WLaOY!kmeifa2(KqfdC6`Q1 zD5osHjUNR4!WRCCI9qr_C{|o&P+h)XLYaNu#JJGE!9Qe9O#?Ui$h_{{x5M#hp}zlI z@1XAp?{#i|`9&=cRXN)pYJAIgKb=2r9GH=Q#7%QC{%X z*F5@g13IPbslDlnfxp1k#T^KnDbrL*Iptc?f9^TpbH`>ktOw;8)587a)>=ti{)|(H zxpNdxH};Wf@@uUkzX5kDatEo_u@XJ#*On)KTjYsyy7iqC&lAtx9h$4-fVIY++m!P} zAUhKM-rjd2-*)d?j!&!g%`Ar@I({LH&p2S^?AdM-*(>$=P$asP;SQi`MG$I{ta@_x>5*gfd!*ofOp`eU8~YCZZ*EpM=M=ifahtp!t~y&ghFd>~)SlUt@Zfx^=-BeQDhj za~O|G=4>@%$T%*W;uH?I(T9#&?qK6iO1s}T@Y~{XE8as?3jaJGw=>lB$7>Da6~6PS z?l`%QanXC`JY&V2XRKtq8H9$? z6_8s$ASShW-G}cvRF{~1pdwLqKz_9U`!kBKyn6xT)l@GS&`kFWd$BWP$1BpOf;OIc zFEl?(-KevA2|_ z1N-rb%Fkh5&4pj)!xz|4$>E(HZY$><>nG42@(sl=bXez;%1N<=x}0N^+gP`k1B1MRgIDprh;zIx-~nFfaV9q6Rd`16`1x71F&|k_i*GDChKXgMetxT0 z-rR|W@1Jyw6k{g8K;_O+{MYENicVv{-L=@n?5M8EF*cX>+r6`=C|RAD?ysGbOML>M zt?rnV|LGa)Pm8Yq5`6*h?9f%z2Ud=KKyCx{>zI^LZi|2ZcVPFo8M}{sH;nHk`x?by z{2iYha&?e4j@GAIR`8spd--qw0i5a%HmT(wn}R&z+m8XYO#`m;5nzKJQsbO!q0}cESg6K??h3gYbne z`;uN>=P0_io*PXU;c@UTkFIB|ALult<05|29XEq*@KYQ7v;=F2!Aa{}cMI z`l4S^zKw;^ioPv>nQ|DaXWE|_&(lE+T}1ou4!3^>7`}Y{%y*^3l=dU6uMDA27$0|d zZwUU?oz#BLuBwUP3hi|+D7{8GvK-d7@EU8@b#y4LCBCdO^FGNKA*&SoC|TvN2_t$= zPFv-x()w$1btQO)JlTevOVNhzhEq;ky>p093Ad;C)7Q5gCdW7Tn?sA4CdRq1_egT} zk4F0^kOTaDa)4jJeLE8}nor89!x{C&xv zEyS0QI|-DFnYjW#zT^9>v+#xDk)!l0ABQgh!}J|~3Fo~H=SMg57hH5tRu4F|1G^-L z_*k5u^UwOrasJX7aQ^mKoC7!-cOU1iF*uj_VJ4>y>~E_W$nQ=R^29gi_wbF6sJo|? z7~=#n&xyj&iez^9V50ESqlv=H9m#BCS)PEQy;GWppWyvdiNbzAN5JTmX65;Jx^^xc z?&sZ6;;D|d;w$WYWfJpd^qEAVi*L81Et^6|c>}*qY{G-B1$US7_2_OJXWs2911^I- ztp%s+nT5Ij3o=gEUoTX=!Q*|66h*d0-Jeo7 zzZcvn=UnUMfK6r44XV5x7Vuxm7_6~(YKcrxbOk*inoJO3zkp5e2_D!>iluWmQGaW~u?^th^BC`|2H>%Q#le~6$Zp!DZgn^Nkbi*BhKV)2 z+38$91wK0;KBKs!gOPJR(&LpMIyPS@Wo>`f;Ieynk#@2M_)lrD9e zPHK$PwEaM9q4E6G&PMnr{|e*P&$AA`#iwiG3HY?0m_gZmOzikhayC;>?Y-k_bWZ!* z?Ep5ssC87lm_LyyxUcHNb8NY}-Fq+owsOo+9zOn(yP9{L`@1$S-Q-PMTZCN;Y_-uj zn>wrM+sQ;>f^hC=%PxI`Gye(wJ_(NCY1Ve;iE^S#X6E&L1@QZ+*UmR(On%gr{9ctP zBI4C4KHa=r?T!`@S|*kSm%{?4i2uU$Z`jT$*+*V>bz#7)67m7++_P{ zB-gn+rwB(h7p&ZT@Vu(E@GbB(uxA4|(bC*1xGNTC2N#9lE;_F{{|ar_gHytJhw?XQ zZ=-rcbEroZD4IvUR`(5;w*e|i#w;n+&^vh-Tc-* zQ?O274h-7P&j612Qf<~G3frk~@*dRizuJubLFKbEV~4#_e#-7t1KTS{JH(foI6u<{ zzfF7^Mxu+Byf1qbez@rU5naW3a zTD~`V`6%9azPZTb+zYXt=BJ0F^v@af)d>0MArn;lx0bH~HX8u+& zf2+Rabf&)4(z%^;dJ_YcrfvF@=l$&I=dc71!HSwG)?hV?VZyIr~l3-70I2XAmOa%~*2x_;uv%$342bMQ6h z9sScBG;?p5oN@GV0cpt%gpcn^RBtoFjf5h8`!dNhO@j$ctXT zcTiq3L-TKl_bMy?t>K=ZJpX;TdCJK~BH1zo4CNA4+24`B!pP8m`ue=3=?flgKlikF zEet!aIxm9D^TmD{*>apQ6F<_Aeav&&)ntzvdZE~lpQ`RF)KmTAEyO}kX6>K6bL3gC z&2QPY#^s&v4->36@yyRNBb-O^ksYFbjxvM5df_`0uqlJT`f$|t;TaEJ8+A3mCHGbL zCShI`0Jvv-&j}%zeg;7Z{i*d z+fM#b#_eFSpCfx6Z!PJ8pPT9L)qJ<|eJ%aIx}|W8wM23*SW6DEpMRpIaEEw6ZHYEo zPxjDOXgyJ$L-CyYe}MiIyKiVbnYldjphr{Fhh5a$jUA6M4%U9^g9X-Ff zm$gLp1C!?*+=q5jp1F9b`b&BA()r7Ik37saum*Vhcyj(|4HYMRgPx+9p;^Uax zL?5@b6n^tgkKb+-zpWPy;kQPo@B<5XWC_pO_$+tOC&1?h#`$KxZ{zz8KEkt||2Ko@ zN~cf_zQT2VqH5=fRqzROJinT|3s}GN9pJLoDde$%ED=4h1w(`Rnx`gb5@!OEQ-&7& z_SZU%oA^rhp+@!*`T2b7d_p?GRp0<082eZcxa{S#gm&7z{C=_xR>5oeS(FnF?1%HS zc|V798Y^@CHA{Bs2H+~LvQKwbP&a6&-YNJpSK}of9h%L&okMO$Xz0$O-TB3~zeE}J z#gwZr!u@-dT}`=mJDxMZrM3v$*QatFjL+JZ!e6WWO3E*X2F!C`zWT6pGbmS!EluTC zX$&a40=%KSk+0JnQ!kLOyvtAXV3o_)NAL$W`F|-h2(0u!P57k855Qx5Y5$fQQBbJ~BDBYKU!spDus9Q)sw?JcG&s3+=wFa*ufBB;S6ZIC-tR zC+Wkh{mFL395BST-kE!5-{P1-T**67yk6=&rU|&8Rc$M%A zb&TB=8V(~XjjmM5Gs@AgowW(_*V!>sEVQu?0qbqhHP9`l+r2sb7}}dZroDP9Vc?ud zd@5QWFn!itg1&As4p`lP7Y%C^d&%ot&cz;^^z5;WvFx$K@Da9)03X?*hTz*_c;DR9 zSi9|N*=C2~{lVHJS9i0w+L!$FLgn07uKkZ-J5^2t)~0!~v+H*+J{j`C*ly2b^YGdM zd^42qM)xzwwyGS%CLam3b-7FkHrPL_EO!2<8HOpf-cKz&qK{^{iwr(EdyK%KCThX^tKFHgf@( z;wy93i%nm4c;i<9y(H7kT%c|fbHU)A{5P-v*xY0LkL(hy!?+IuW0v3lalr8R)_)F; zVL0J)-|myO3mTML=NshAnYQ=haGuf8v~2w6VdKZn-!>sLoV@G+K2Bb)*fBiC{SNSy z&rjl`!TN1i54ZLGbO=5hhQ9{uk6gVk`S%MY$5Y$^j;*Fy=Vsmg;xJuO~a zC0;YOJ<(ONMRuH}ESK4q=VxEgc&&ew&F&dmEk##QU|b==z_J{Vzqd$BbiCg08he2@00FE#xA6Xb%? zg+q1T+DskBN%sC2+fE6e`?i$Vx7^IR!A<+2xyS3^@C9^s!4bUi!1BlY_x&30Qh4EW zDD_?T@FC{tOUdMcVQ4%?KJZ-kuD-;0_okhJAFVfcOQGkq-juawxk`%?ohJf}NEbRWsf@I-0eOc&k(Af&->71pbvv@gQR-jwx z&Ozows*gJdCpk@$eS@=DKYAtvIl;d~AMBY*2~Q+^f71R`sa<(C^B-E3!`T}Hr_c8# zErT<}+|a!=F8YVjd)k>VE9qxD&pIY#suY*He6ez{H)+lo`9=8~$qQzl+gwfBtJm|M zySu$RChA+WoR4JD-^{%bMt7^>e@$yvdQD@drL&QI1$owHWb1l&k&`ugK6c`_So(Cc zhNbNJ-MumWO4Ql&-m-qFPcPo;(I*UNWel9Y%i`gD;;rOCx3Tth*|k#1CwN`UY-)n&)iM`nke)=DrA>xoJF2o^{*r z*)jOG`u-OY{qFYrU0xKA8Pi&$SUK5K_7oUpSdiWtfm}wBx~?5MTSBb>dK#2bV;M@Ut{TVx#*JQ%r)tq zxr(*{UD6c+KfL^{==st`E=67+8i3)j8H@{!9L_#dS{S z@X{-Cz*k$JgpPX8U9x=eRrKv*@X7(!Io7~aBO9E8a;Vm}I-Mt~TeH;(r*L8_-xI-S z6YsX@8=7wc&nk50DbT(Z8ykMJ%2#IiE=kUN%Xc4-p-Y$VS6W6F;hFU58-lYX1`f8@ z$Z?92fq^e+M4LZn4;EF&UmM;@`=e#`M*Az#WiCaRxeWcdG9%vuqZ=cGUaF5-A7+Kt zht+m{U_HsPp6GrncRqRoa(=L%-1ya=AHzc0R^IazYopE_Uy_VvUJWrvq`#?7iaOG1 zr=0gI@@_=I=&dcrUtfrO_8;(>3*LS)aHYdMRW4 zcG}MYe_s+Gs3c=={m$fvashbek}U__D04A&$GF*C(!3A?iDM~Ymd(IiSQoMr}h27FW2u3-rxc3tZ=^g zYrw^y3ttcRX}236XX7`U{tkX>pISJWKFar}`TWHAt;xS^U-C1YtKGHW*aYVt^TAtq zNk4arJ})Ks^quzhp;5TJj_!Qc`i1EF^6{6h%^nlE>B&CbN2R@!xsMHAu0qzyUnzB= zH}AT2$MKO%GIv267ru77xufme(7Tq}%x%0gXSbRw>RZ~+zh!*NO8S=jO*C$z^LPBd zovHqRMAt9TQ`^oTkey0CNkeT$1_d~14{3Z&mNRdCAJ-KQ{;cpGebYSze*bDspRa9h zK>w7jS7pSzRg{xWEY*5VGknps)xMKWLUyhcdF)d>Gx{Ao^YbI{E%RX;cRT3J$?)x> zmcqN>+d;l_$ot2eSl{KB#ed3tZu

`F(T2Nx6`7)En%dlo>>Brq1!kRX%is zyqE4V#CQ(2k+Wz9e!#;MI)AF?j1~8Dd3Oy?@#_4L=WZ>!D7fU))y-}_b6@-bKG@r` zDdpd?dvErNS!Ct~sk+8$$yB}DkM1X3L+{pw-;u}5we@=8McqX$*utImviO&D=6b3# z?ygClgKbmrPof_dr$@nQg#PE3KvU#{a&Vj&KDT)pJT4edS^7M8J#z})mQIzzKYlwh z{z`Dk%@;4DCs}xVfM;wp=$JYSGPZNz->tk|lvQ4G*;`9;QYINM;W`)E<2&P$FE-FU zfFnNX?cq)f%9*^F;L5tDy>vl#PwkzRYghZYnfRB)$qauFINEl8>D~rdzvAvf)fb#I z!SLl^3;isIQxb;&FUTixm^)CyvQ+jjGq>Q;p5!Imzj_Hao4ZaWs=PbNcMZXZ(0wLr zg0aanCSJ^u_WpMvliqs@xtx_8zx;f7=_2|KUtXU`?Uep6{kDp=dL}f}9!quzqtDh7 z|EoU2mxf2`8YAv2H@2`q4hWXt-wE_LoDd8G{tV9lm>0e;Uyb|} zC@UE%n2qqN&d@Z+b#IdV{d6bv@8)6OVhrSmsb|0V*U{awYmsXhI(c?27k&uN@2nOLy9sISFt4?oEsf{Z`wWd;5W-J<{Z-k*kt*;APH8;4Aqu*4uIO$9^)pyYKJW zo16h3^I`pzy=Y(Za|@+E82{ho>ILA}r1KDS{zlsxW9g-xjGN*H-C5q)Ne|eU{8v7o zUASMo4!;apUlg6+ntO4G9bCs5jfrifp5k3pPW?ppGG{a?$$NgQyl|?T0{8Nbf5TDC)_GovyN>Raf3Cd;Y0&PgbpEGzJ3{Y{ zU@zA?)JDZY}3B&p?}Jq1AD|pVv3-K2MCvp$VP&S@a!W9rw^RCYEcN@KU`^lzjnO z9!AEbS)Vt;6ZSr(U(nVd_~tgko11`@J};Bmg}%_Sv~xRte0TXUI)L$_g)w|yW^ip0 z#tS}-wJn7|f(QFwV!YNE^NF)iWY(Q$D}zQgbOFjj%bYUoy<82CDP zuug2=z8Je#g+okFOLo%B+~c&wnZJPlqOUt^V#fLPv&O#f;yct(75I*p$dfge&&%nm zzW;$8tMS50ob={QIV^(@yy<+{JD+lAERMw|_p4|a!e=u0D5hNS#sjO%zmK$>XI4U= zcHj&{_gCPR6MVnQr@zIV4fj?$Useu_#uQvMCM!#5FrE{1VFX5x{E7kHZ|1^CI#%~<3x(1_RjdXyI z9V^A$ZKpqyp~3w&%NZ~Kj^A+EMa)fPR7u%3>R;$Q{tuQ0)0aX6aJ{k)T$eER%i#%~ zD_;dn&Xu?Od59>}s4`c9%Sqtsj^FuSnO@(Ij&~!&z<7nvY^#^eF=aE_7ipb(8X2nC zQnh)J;LZ2S>s^)A@%1jLvDwJjY%GqA)^Ecrk6c*fyV~N|q{?FT6F-Wkr{K@^`EH!B zy8Syz%jOocI6E?jKIl$|*I4ry8|;DJUB53@ntKLDmQ2cyEV(W_vVwaCPM6*@a0I0=8YX6)Vi>6yaEkqepz?9 zWBeZ3i)P^!?@j`Kr*xMJ|IL}5_LzO_6pgh%K7il1aC$(|8)$*f5Y(K za0LIQkquM&Ok99_RXpty{+*>|Jfrd5W&D?Eo3R)VtZx4<(lS_v|7tA%RpL_|=0AHU z&d8!X;x*?)lF53VTXzu`*R;Ls_O7iU(9@9J+T z@?DZKsdNgmXSmfGpXmE>46lfG7g^eo1Jqxq%ja(0lkvQAO_+A$fYtYSG%Vq>Fa3h` ziMY%91l)b99GAXB(e*Wsb#@Mn2Ts?Q;^7=+@9W?hEe64u(7)qyHa8AAH6s zv?zWF`)11ozRA(ywpVASeVaMg5C1&BIP1Pp!Dn$cw-MXTixt_Sj@H8PT6Ea-IhoIs zujQ}yy)|VPGDw$PV_LlSw)En|o@z zu_Mj<`h-uq$9eZkMYe&t!@kkPB+7nX&Iesh-ritvQ)_m#vL!>GOLTML{#oc7Rkz#b zbUIVr-g;u6cU5PGz_AJ(bzZd>zj>X{F=v}}KBs-4+VT4!+rcY;=+RB(h`pho&`mb4 z6BXHB(P$&SjiL#5Klx{p|K*hS4x`7}qtj>YA7=AB3h$iF?KB9CxIW(#)8~ZE@f26r zJ=o&;!m@74$2fn;DU8r}W6ycQlh-@yom($Spqn12>_MksVxOO<>?+UCb`ASu*$!k+ z(HrisSSVJ4QOQH$IUsQ0GNwj82|AK^w2K z?_n;rp}XCrxQWBSscUH#56F&S{9*+k`6b`hwZQ&9ec`;}lo*@fbzLzmH?bc@+X%AefWPPR}l^xK^GlRF^b`R_riC|>t-I}K7dj@SQzJN}~Tc3)^^ z!x`${A=+((9-9p94x0QGVI3R#-lQ_?8H?lCNWt@Ce2h$lzPaP{@3o5TA^N9h_s8JU zYR~15V6Ttrhmm)u?O36^%Wf%nIw#K!myX3&GZw4PI2K3Ak7Me~f9zR17AL`Vv?9A* zWASYHSl};a<$D#G5U@-VwIn@;=9V zwb8@=$mMsQXX1B%j!WL;c&0MGEdHpagWEy*C-|IZ4vjkO4bYp=&GN(mDZVI2tkDoL zKC*3Sj;~a{L(TDAOY>6l=E#0+^sx{gAM{}#hYvQMlW}X4*(;!J6fgSrqxXExI~$Io zpYat%pEL7vHF#=XGH;~|s!v1oAx9tT!EeHZZMVD|9MvcFP49Eh&_8Qu8k)u0Oq|z$ za*yI5emnBhV(n~NXJPHR6#Zp2bx-qYr>#-GS3>tPA3@`Xy%M_zeuC_k482Rn1sG~u zHsGrn7s2#l+>6~`K2gT54vd^FJJZr_Xa&#O`CxY%B7V&8*BjI?p6l!`=vOV{g#B;` zJKJ!5YvDWe3!V0W-V^8G$(kf%kW6Nu`xbrP4S!qTG}#bdf;VKl@^KyggXnSc?MJE~ zHAbqxgSMl_xbD}UUUsIsMh~a~&&p)>AHmao!kdST%RI#($@eP?cB{1`4N^W1uZ|eJ z*8IZab%wg)oyG9gu>AVSk6>swi#ubq&OghTG9SgmI>VPe-^i=#q|wiMkykov_18e1 zrRD0+Dbbm30j_eQoJnW;G-D$AsvP%Gdt*8mT1`!6SBX{+T3T7(LY-4dW*OaL5jp}q zXyP5(h+Ba7-dd#PbF%%X68f+{4qJKvFOHVy6=_*gH(_l{gE4ipqRk@7F)s$g=q*=a z_e7S7M!p_0)aK2ZKV3q83oCe0z#Beh1 z@*NFun@vB+uk$`&3C_nZVZP51Zk}H;eKvVi<1 zId04O{jRb79;$~P^gA~LTsd=B-0ToBx4!HkkJTr2?&eZX?HHNZ291_bt_|6-q_yyb zIXkwpW0B>vHu$V2neFR?2N#vf4xP1x@&47@gZW>=8+8Mguc#l#SARj+>kI5nO?jWErfR)&Zq>aw0Z&aU^3>PqkKv0NOWR6I+vU(~ zMUl3T5&Mv@gtn9mXxk2LS5l5x>fx2Gg?s3qWCuQFS@E6DRdtqb;7|4N+h^Ou?f@Cl9w!Q~oV`zYkn(YOonpTdRX1U6N^x~Z+Y+4VPT)*8Ve;k;GFGhX0WW#y z`4tCr&OXezH#qn`wO#gPciY`hDhJs~z^wR~(db zL&39V9qDI1)ZS0{AU`uYTQ;`bdic5;yQiKfChtT~G3TKN@U>tKYF2*SZFViy9!@b? z%-3uldLnz9wZ2LQj`l0(&t!Zw@o}nk@C5=#?A4L9LN-5qa>jygd^jZQb)Fn9r?K?u z@;G$y{1dOoXR^XOvrpc2N^9hPz8j|qZ_ckJV?+B*69ZV=QaEP@V~>nQH+@{ZAs;3A zE8y>x#n(oCME>*s5oh4Q#!DAG+~W+$e@%9cm#~w69{&lA=WueuftiU#KN3G4v$hnq zZ(x9f@hO=ITx6bXR(Zxqc=h8)uDz)bLI3lc3J2pACwXJs^Q+t7pULj zm6YhOy*YfQ^_YImPtjl1k#Cpp$8zJ_klWzed$Ez3$avsPaSC1Hoi_1K3ONDq!0TaN z2<8`b72nJ5C;tZ7{fwUkdkgNU>>L%((OwUJ51&U*co-YsVrO<{9pm^iwWvJGM>~eqR=T)wVB_ou=D`-&7C36n0DFFG_prkIOvt=yG=nO~l(( zD}ckACYmf|-*_o-BJs064TH2%-lzLw`qXNDB+Ba`e@f_hG=`48&-ozb%iFv)rp<12 zIz#)iI#GS{<;!Qk>dTknSRoG$j$v9Zg_fG9hL+6PFn@`bU%e4pCeKdGF5efLHp=^T zSxmojzqj+atd5&3rR8^GXqmHjC=XJ;yv;;Ro2|aQDXSCq(;H+?8edXu$k^(iE86O7 zxz`&X9m!A9Ol%$OJ>n-q{(^So81q=-PvGJX!{GRr;P^_MW$8 zw%f9=s;r&Y>zE7g(Oj70(Zyx&rCdR3Z*&&(fclaTroAJcY|z+E);yST_OYwG#PS#L z!~T4N|0sAw@mZJ6H8xmQhc&5W9(Z=Fu`;~N<`=_%c}$xR#k85TIp(A41T_4=-WJgN zbE2WvCCNr#o>+O;fIN|}nEEJrq8zD)j>y>0C+$42w3M8!7A?t*e>R!YcYavr75xC! z&RsG6s+Ba@2t)#fkQ)7iODQpeZNSqn?(@2_3Q zn6L6>h^p($>nk4j<#n;msPcV&tcqE)ie-i0x8v}8-OAarI-~v4#V4WL5;KGj;_v6B zCq8WbYad3RHu^TXQe+!5Iwv~xe#TYvMm~mtzYTJ89r~y_<6xdGwf--%SEVQ`e|GJC zRZqXA%f8NM@MPl4p8x7~=)&Iq#>Atb!`$*l>=X2@7hPKWDd3dGPxGz;JCE59*mpa^ zHf!F)KgQPayTzlsjUOjE#Oqs%Z5i8WsN7E)$?MFl)4UB(AWb98DPlKWrp zr!Cr1UQp%p)EcDyjM`QI6KkBz*Pp^RNP9!T>E_wb^&j0eRbyjIIJ^C)uV~NJwtqC~ z(J~xgZ|pU;Kf-&$*Of1{l{jy1>Qx@y(Edy@Vd4vT;YoDYfaj&VcJI23J;h}Ux^*|f zp}QBPKJ2t>kDDSVdn2~5Mtk@9J@&k!x9x88ZdvG^?>FkdyEpW1pPl>uyB(o-EoJYp zjTPIoF=>9i#?U**>U;jXWubTb?7a8i-5Yw>Qub~~=-nWD^O>3#jEDA0sYFZXx^tX) zf2#SOy!*+eDtjrs@ZqW%ywB=B7U_Umds35$r@CTNMm(ear}^LN{r`pk|7P#MIcJ2A z(?69z1a~a3Uy~lEvwZRQhxNRT=WW;(h{Kp`pWi=?`NO>L<<5!2{g-Xt&)!YgbzbuC;UW40V0EcKVQbu~^@<*%sesmz8hfI%@Odew$~g+ii8w za9y>B9M-sGkrUY{nd=nMtsWY#U*ZSSKW!kNJU=7fZk@9a9%O#6 zPGpBW64{s5;+Ih}w``o%6WlFu4*TinCpHhiFtK^NpBLc8iOspg-n;NTYq967Yu^0I_JK9^!HyiZw@l%z+41OtyL-G6Xsmd08IIayZz^7+@Hf68<%#j zdzaJn8s{^n&f3=O3F>X7-sRL=YU{0|p3VVu#@T4_n>;zcH`Od(Z^;LD?S#(Uv{ud# z&(A#aUEua}$9F4nxAN&0E@y+wd1C-~byc(SPi`07XMxL^gqyq|^ZtJWZq2gJ-s_#F zJH`tan|=Vdc5<`q_bKGCJ7;2N4jaBpUgU2I?#5-EOWU2M&-rjI?NSl6>m^_6Dsm?4 z{;+j-IZdzlbwYhqJ<-pndqBTcA$&%`r^C{3H~8QO)!UIASPA`lliV$~+G(mtj-_8L z?2RGVhl#`6Vre)E>@C3VuNat4Uv(!~!#bzw+W!vhogvs;&uKQfrbWlqlR9&|fSs%u z_!9%0d;@>#G(BKpr+!lOeOvk$&b%R>i!a^1M&~J9E#1lThvBb&Y;>0Y^NS`m>+ZFs z;)D6gPMyKH_2*`$iofcYbgrv(nil!I4((0-7ee(%sXy%bRJ(hrKTQ4pb2C5wnZ|ob z=dtsgrjM1^KN+fjxU$(jt@V)hN2#wf?)22mmExDk0kZt~kZM zw?@RE8K1L2|1fLQeV(2^+FzE>ayRYlq1}llKTnf#apmc+yKzz`zbM(Me0oX`O_Q9aA!+PfZf7 zvx0AEJ&LWLJTLM`QyxRbHc6+~Z_!%+4IVq8Gq}2kp!1;+o%J03Ky+^K={&2tNat7M z>72VOnl_^IJwBbs39IYQXjtwh=)46w>kcZP&dedVpWOK;>C2`NoljaiCy_Z}o?es^ zPjd!R!Dn${WTS)Mv*dXMPj8^T`tvfQ^{LK$Wrc~4GIUx^A`SttJ|L9v$V+1dJYbv^Y=No^Z5CkBAurd?;M`Nh+2E)+r3Cx3*DcOH_#4}pI(K$F&WU$Nw?&QqsY6X$h*T%cI1Hx zosqop6!WB}Dl_`vgwFg<55D1zCwTsp&4qcG-%r>%$nQYj@yy7(wT!Fe-AQPD5?qmY z%5~xKgBkNq(fgx5y&suUpTGv^h@ACCmy!|Gh z*5icLcV!H%+o1Ilr&R8tYr5Q(kl#gr+CsEmWof;ljMjT6dvb4m1v!xx6YqiCTNxww zuA;q;n#^c_6|}A>2)?29e4bxr<=!HG&$n`q-$w57-_Uvq|0VZMg4@Y5TI(IMPkjCC ze_A>6$kZaOx5m@DuQ8fFqV>^MpRdOUYt5`^Smr+8B=`9yZ`thYADS<^$5%K%?Bm>n zylV2||0sK^p$Z=u?7Zdjy6(-jgL5GJ#sRCZE*ci+A^2UvA0b_jJ9;;}bE`A? zy%Rf?Q^btR+ScrW^evp-pzEzKC4*L9Apbh0B)Oze!Di|x#_jn$da z!xKC6PkHbSf2`nnyPbN#^=HB$JCWonXJtLd+F0swX zzUwT#_oa{9IGkH!Y2D}F)l#-Lh}MfNe~br?@8?}Ur%h~GJ#-Gqy#4Hh++k$i=}DbB z3k&F+yv?I?x{S_q&Jmrn2io5728~yi(pc{j+p^;6U!L~n;lA{bER9#j(zx56 zf0xrnH2!&uHwVW9XN^4*FNY&LlkBZw9dCd7_RYQ6=*ia>*?ncE!+a){30K2UN!Otmylf=8v5b=CY%M#rql|4g`Yb_|X0 zDy6aBSy}hVfX0#WWFhvVBG|MiQ?yH>hCH1n(n8TLM3hLyyN zmEePKnK=t8har6K1)o5MjRRJ<%}rGfD@t~@+H>*pvTAoZ?MBtJ}I^lC|w;J0c z;~bXN<$fsg18_Nq_|cP`bEH|z{Jgi8FARVFzqki?`q$+97JmgFV?!k3sdpOHIxMSc4etDsDIB*+Uggjt=3BQ>^?jdsqUcz5K zpI!-{hH)&h9j8+Rd2$`+S?8p8=#D{ihJzk6oW^Gk|E-rFaI*L*l;jkV-Za$CowO?} zntOfQ@v4gEq16@5gZ<^wQDf_eUqC_^|x0on18dLqdN_@9WgPDQGDC? zCcCz$%W}(t(;Jopvsq>do@bw!|NK_-Z$vJI*HV=A9MpY`kJAa`^?>nTNAm(!`v*99VIJ^Zc^t;p+iqFpRE6pA_RJ z{aU(@kMCa@d~3kBeJs8g#pBy;WoY@hiUv=F@jU~KE-OpRVaOjqW3b8Kd#kzM(#Q99 zGaheXJl>(>pV=dNxK2>q*tBPUH&*qt) zuOz;JyB-urqP&wPzdO32iR}TG|9FSD_PIPWIr3O@)+J7TH6 zGyfgDQ$MQD^X?1C(U$%zw)&&yJ_TZ=t$bI!G7lY4q zI+U$2N?^a@8{7l!oES;0}P6nLhVa$#J|_X z1~fVq2jwH3haa^TxINraQq6q}Q^{X2Y~r&^)(8A%Ol}v+4(0Om@2A*~Kf_G%DPx)u z?a(>%RnB9L=w-z|7(bv=I#~aVuuqSf7t{~OD1`Ahx@Dlh6@7u!_J?fSXR7PVnf`;) z-HP@9n{+ez>Hfc@TigGSbbIrEgKmFTMz>O(cgjG%9{crLcy2wsw*fxeh`zgtIF*x5 z_T|?cVmpd+A;?XerrZOR+ex`C6N-B8)(OqIUBKFfY+OSuv6DJz@&UlJ+xcG5R_yRGq~8TAJOOR0abMdyZ?0da!=aoxtas&ZWpn`KP-xmNv`g?!Gvo zd2}z|YBSMNU{2s8hJ0Sn@3kSDKk?2DRh|tk+$Zs8?w!7FJ0&9@t^eHcEpyko@OxVK z?Ey#d9RDoh46wQuM8nb^wqd&Sm7fZCey7L}xelK--D7NGO!v|T&#yN+>vum5UI$Gc zevfwMeof^PHTQLa*Z+csia#Fdpxz^1|Fxb4K7y-^jQF)%SxWocRd1D7PxnYwPXw1L zdq39_ohx%c*K(V$LV9SsIcqj|sE`Aypt>gK1p6Y{ZFe9OnnXdq5F)t=8in?u~;Usj8JSP-{{{;x5~GbhbmVARRi8eR%=`icf7CW+^Q-Dr8w@HuO&+fhmUHohE(;qj@I z@$**Odlu%x=c=c?)#5?%qR;ac^6N||2i^=XEl2*zw+5a!cOjWOB4{%QPO4u`yL#{2 zwztDynu9)lQ<_6l%jQtEQ#eN6(ph1CYxMc8X!9OJ-wUGYD?IMUCpVCd;`s$6Q$F4t(VH%GER+se`EQci-voHBG&;Cx_MQAN7 z!6mQ_N8mCET*eE>*V}H}ul-?Zze;qFWc9%Qw&XzGt~Gbdf4b60e*r0 zv6eFHDYGS6^w->)Y)&a(euqO2S$GGTp6J5QoBZ)9YlCYC7kBvD=B4bBwGTA8<&%># zsY#xVZn@s~T-U5K-ect9GW+P=W9=?S(5tVYzPVqJHFVOA(1mr*ZG(Sz()NSMw_SWo zuX(VguymU9m1oo*Z5f#`-(mgt+8knSdpqss*gxpL$$i7z*}>Y{z_USMyNi$&thq1Y z50F3Hl1ly4L7?L~fCJzB9wz8)>Tr3$@8G1SHv99Y!j-gfXsC+xL%m1Fts(W3GWS!aPWiFsa!-iW4b1P2_@Hj| z?lMt~iOFw03%fh{sAYF|s;o>*-h7IC0Kd|zGSEUam}$?d%ozc>Cv{!}zm>?Iy1;*A za;aQ|_uj0#CN(y|8xO3$z(=GM7CD`>%pY%^({I+3D(KS4H~hAK8@hyiP1Vl5$j!#w ztiV2WCfr*CKa$e+l$VNmorPENgJ!)}+yF5GN36{oKKJ4Vh!L2HEqy6%ZwDXwUx`0C zKUko(xq&=kaclD+bI|0IgHHF8Ll*to_-`q%je)hx^JPfMUz*=$u2OarW!aNtwccud z)E())jNKqPF!RKrk;meM&ic$f2b{_L7~FIxa{efFHd1Gc*(V#n<@_i-lx80w+-oa3 zbF97cneX_4r?>lSbxD2n1<_rf{NV}B#Z8+sL-o_|*}RT(nYFh4D|J3Q zpZ2dpHirF1w0{_$h~Eh3T<9CdUjtkN{~Yub&4Iudd&30JZ=}EG$piiEPmZj`Zv?+- z@r2J0_aOfyXY(EO8C_vm$c8me_C@quUpR z=F2!>wfbj9Ww8A7Ih`*wSpVStjE8ik{rJG>d?uhXdWZ3Y>M5i1qKU>&?f`m%{7Xja zox;dL#x9D^$YSN;Jj@xv{`4D93BIB8492_G`i>y$wXT`{Iloi#59YtYV>bWgJA&^C z_iz|Gn=@oRPf!m!w^=&xOaH{!-uI<{x-gE$!QP;ZF5=@+?k&`KjR%e|-*5a!`HhSn zuSctZg*=i@t(>eb@vUaQN60Agr0G)|WvB6ZLbR+pF^KG%2T!GRb~(+Xm60E_Lh@tQ zSeX}=A0Hyer|}n}zTyIbb%FNxqBXxC(r;gWCW!Xav{==1NCh@j=C7?-Fzbv9Q^ zIsJXyMx@_7#T}F2sC%i_gJU%~P6nr{i59PvGw%lBwVGTyyKY`UE}e&<{XugchEBtJ zX>z%^j1B9XIYSe#Tmr51-NZN#@lNrv`mcPHlktJjc@cGu4}^Y)@1s)8v&kI^ynhLJ z_g^jVa<5yQeDKeYB4~6|z`JLMv&KJ1DuZKb{1|f0%q{U?!oPQ-tgQMvw>T~(b%OgP z%Ib_Jb&uu6++#U|_+@OVv(b0vpzk23p=|&o*drs8We-{E>o_kansdx|e|_Ul7UVkd zaf>RN$=UC%Rg1W*Y&ql5Uor6Hb6RWgJ@oyO>KQ}i5B&?tzS|g^B>VRZH_N7HWDc_a zfbW}#URJWkJX%reo4ANI=20gbDf_NsE)7=@OM4-*@4_bq-=2eJS?jztW)W)z{*6ZV z@!PC1{5N>aVjM!giL~MESM^+L409UY=L!ei;|_Q#k4%j6D-6?CW9s{EyuM`>=LB~W z`|aJsIXI`K@J-H(#|x*<#*vo8(cV(~%40Royk77U+&nZr!Skqi$L;6{ibGxZ7N^;a z?J8f7U~ESj+Yb6EJz_6o+rii-D+UglvAun>?x&WF)ZRpRE62bA)_=ug8o6X;(dEdZ zk4a9^&gHbzkZ=k=V(tmI=4Wi5jUBAizN9?IDx(~zYJ)MjPkF?QEZ6^QohuscS-yGS z>Rgewz5(Wcm2*X&_d53&zu%_#&-!hyFXg|3Coe$05?7rp`fVOa*06Vr&~cDS|3~~b zp|kPn1P{^iujre{Gh_WN%X!aVf6IABG_DPJ@9c2=_4k9H*O_W5A4kbCKNm)MS+$#> z-KaWsHWx;Dos#`q+vI`$$qAf6BA1XYgUGa;WZGQzaLBKhH;t8Tl3_z_yk9~ceDWl_ zm?!L4I1k@i(fkrJM|-i<4Xw?`uthD<9D?RU^I2!+Li_p&ob5P;y;*GZGgx=h+!u!~ zm9qA@>!FFt%RZ7r|H^M_$&LVT@olZm`fgj+%J~p5_Fzw!Eh#t`+Gfv%!skQY+0f5_ z3;z!?<9RuoNx{r=-lD$ztY-!^XBc)twD4HzZ`oA zpEk)D-0FP$P#JD&zti?J4CmK9(S6MM_j#AW5l+2n&mSvA|CHO)Wj%7Vk2Zd6w=RHx zlwZ@+6C?DxZRlR|b5ozXdy03Ze?JBnKX1=y87}J6HMUP-IA4!}(`xf_l*4hW85i_N z$!9Yz?`>^njnjVof@R3sM!s2Z*0sPMdA{CjP4(Y5@?Pr~w%Jqo3l{Y(@a*PU zZZ-3R_554%%}L+3Ke-Z=7msM@NFNc+9ECo+%!wBoiqE_+&AX6JA zB1hoqM&$)o8P);a0XMRq`Mja*PIPjJe9+QEdo9)bqVZ$8V>5Ea(8}bbX8lNlXCVRYFm~&=r=_M~~9sYwx zcS+(GB6}FJf2OtNDc?yLhSC26f2m?VSk3#ukFJvSa}sk9czK@dj!Mn#{mI$|Wj;}X zelNKGocIW|Ey*>@ynKC26**rkOs*TnAcS#>i$U0M-~X8ygn$0xnPU*bxT#-t$Y{|w z?4z%oOD< zfro*UqpZsP@(t)r@T&Az@vDRHY?%M#0~CgvqkM_J*I$jjo*0X(oPzQ@%HEeppBrpL zr(1$fhix~{Ubc}wH730IkcS>R8y-ThyVvYlWgo3*&au|X7s=2Z9l+S5FWQDafKI?! znCAF<{m#rV+r~Ux=d9_m)U0LKm9lF!g|gi^ZT6|8^$EZo;zjF?C&m) z$0t(o4SRb-w;cE3N|uz5hiLFa?lvrk^X?cp-4>@PIEH^`SRTagl!G6K_TZm`-l09k zzDnnD<$jS*+RUaSSG(~3Ozha&e;D5ZaJl!WbS!jR?DgAOk9B{CaBQFL;n+Qlu4?;Q zAA@6{YnAby;C#yVH4Nwc7&yL+a`(wDTgu1cUw;p7{1W>Ooe!G51-8Ca(wVPZsV1%h z`K0{KYQNLA&pdjp?nrSS{faj1x?M7Eb-r(ZS^I+3I061c&tq?+F+M1nSaNnsnVFPP z+1y_C@Ab)n_v4#^ZoFVAIh)P75bxx-F56O$Inu;@k(~?to8&`9%!ko|6+|4!%?auEtz+)M8D0yn z{R!jiaRokxvf~FjC3B%$y13gxZYV&-bKSFSJ#K38N)sNFGy&=q zWQ!8tkI=uF@5TRtGtrrA_{LA9_Gau$38yeqXQW-*7S2@sPFL5$)XgoO^lhHb95p|? z>(NJT-~KoTr|!TWTZ)tV_EXOE%HiA+180rz<6lOjC>~AtcL0}_Rh!?S&8RwSUXG^S zXmTQU-3zem)?nA2kWt*>5Njg59n6csrfb*9+;ZM8N9K0@)57ky#K6Afo`tC<_=I!* zi@ty^$9bh<$a1Wi`_j`+b#vCFJ?1gT`HEuQ4(lw5|HPi0(%F9$zJ7jPhx3!yx3pvH zyaik5M3cKxvdi4{##)wN!8o&y>O4Ac*U=>Ld&m;@q<5S`#v4Cp-#?3+Q^ z*DHWsMK znjd-QhvNBk_ixJfF^6qc`#GbBp%dhIr#83J$EY#xwmNOp7@M;dSuk&qwFD9FFTjBMs(4#t)`STw@^U7a|J^qr#*EM{}WDDK2!4l^~?5BcEp}Tj49vhFjm?}PoCUR zM_xyb6MOy-X`JSoF=>)dvhb*--Tk5!?N-rlo^~6tRW{OY6>!*dKNsF}4}gb{TNSo3 z7hjFkMJ*4>ruK9NaQLk`(|fsd>xmA0wa`JX|I$3}Uvjmpw~Ke?UM&9|xx#(^`)l6$u@(NfhIzn@+l*A^ za|6(6>NTC)XF5%(1bi$$c!j+LFjt58W+~%mVtXENiheDtnQsr;T!~BYYk3gbvW9;9 zabTXjwi6lNgbY7B%)KF)wG*3_>vcPP<30+^M}WzlS=+H)x*gYbZhss100NWvxB$l; zmdBQXqwzr^cWKKz?0lx2@0YZ1e%UkplALDe*5`d3>9gjF_}`x^hEBwf^i{GBcU;q% zdau*;3+3Jvo#M)qL+o*tUw=*Ky0zqsOrE9ua4NH37lcgKbgvWR^_)` z)7kLnPSfLOE1#^&WK=%QIRAyy^y9OYCr{Z&Ret9+o$g1RrqgFDKesB=sq%Y>=i1>k z-8kVa{cWqtd_d)UuIcRE!z=@^! z94jB+ja8XtD*qJp|FYBc>9X=}dHHlz=4zGir~KEQrjfGpsgUe6{IjbnbA`%3L;3GG zP4ApkicdpXd7Z&u#=KOXqu%e5cebqj((>~46$3x~ckLx^-@N_%PSfVH^6SdWqhsdf zmyuqzdEF13rrnhHwXw5^E8KE{sX(_h2Xq522O4u8jiaX8G-#M70PFom;BjuJfl$0uY)H&k@y z*L(1dFN6FId#o?RBmCZLeHr*IUj~!AlxHTN)hgC$PL z3!lzO?ishXpNrz?b1a%ZqVrCl&LKF-7&zVEiH0LPmdHKIJogXy*a@mnZHld zmy)O0+=&fdTF*`WXG8V(PHNUY?Pi_bK>g>b&;9dX#D1k*y6ebO{DAb@aQ#<8^;cIm zyRX6v$QJim>c6V`Q!}Y!)F;R4y6H~Sv$p;(IA@crK!5o}9e4HkeB2R3o9-`1(?(d&2VH(K7y9GD$v5og<5w=Zl!56mwxTW!nWi*~@ za}z(o9Djm2z6cs0jhW+DLBAg6_$uc3?24@5|4;nF!nuhJeP}GWxz~ z=!<_>1)s%*k*Q8$WE7ZDYgIMvg>w=E-_W;`=hz}nK^tQSuCzYKQ=yxDj`?r!n8tr_ zbvKf8mOQ`yKFauWC4d2akNfhoko$1u=NE zemoivwfRNAKOs18je(Qc84X7`xpT>jI(Jz>d$UH&Uu^cUA0pqS$J<3*r^K|8dmy?E z;hOew9WKH-{psjA(*4nBINI;HX>d)G!?m3DFL<=qdSmuhKJDvkGH>|>wC`C~O8fK$ z0quVhgU6b#Xgt)P6@Gt0aE`{nsoNS2M>zR8X??yov|sDdzQ(6Lxo>?w`C?2PiNB0) zL%6=#$2A1!Gcj=bI-}ue?}#0S&-Es!hB>=|hw~?vHd|ZEV_{p%OXQa{e3QH|z zn{|I4-KKE=tcq46J+Q+)Pz(94_|fm!FE3 z8@Y~XJk*~Kzds>3FT}vQ1H@ zPYe3u!06b(mqCwCXP?t1rFzF+Rq{#ZHf+oor>j6nNC?=Gc%PZ5tf zF?iJZ_ZgJ&fcof0u9xtA*EP{_WW#gY!L|K{v9w?1(O!GX5*?xc;>^{*gZ3M5D5ZV< z#X*0bi@~F{B^nR)=Q_VXAvoWRfs=SwG#ugN_S2vKGTN{5Xixl;U1w(mxc);-8^yd; zW6y?W__!vEaCXJO=?-#MmBNud)U7#}&y8bgzuu#LLpkl+F3J4cZ=wC%8%t^5Q^e!G z7(CX@i>8@q|4O5s$00bYW8l>J_Z*bXAK`?}g3pbme81D9{lS8zefpAs_SeO(_l;LvZHB!0CHiG#uHM-Q(bT96F*KE5=-OF#6;cXz%O8{g-C;J|h`lM(_GdgFajo z({`>Qx^1So0B0i4|Ad3IDPg`#L+T1I@|DLI!g9Rd!RMC*D;H0IL4wQrj70(N7Y!m{)BT~?Ki@3ZjOPo z#*aTK!_}Ot*nG!fTorQxu7%I~xb_$0A{NB7(dx&km$f0fe$mG@1m~?Wa1z$Xpq#EI zr)>IS{LJp$T!L$wI~Tz9Lq4vU00-^U1C(>|^tIH&(EdhT}P^B`Y|F}QM` z!cE5S-^?;P`$lkMO=6UyaeV7FH|%|8>sW zgL(Az7im>*_z*^(qZBW)n?i9?*H)BUqJ`Y~pP|~)mcX{$(>AnB% z>B8u(gV^!pZ&EI2TmATxvNqKBN#Gk*r`z{=EUQy;$1yg?L2QZP_JVi>?3>-m%kWdX z`&92LXJAebaRdD(H;w0qY;BLSe{Y}U%xi_0^d3KXKC3swE5=u2utxKo=gXae#h(Yp z$>RM7@@=Q=la$TMk3NitIdinU9==;v@SdK9zt>sn7Gn>J_wVi>zI#FMT=GhDSMdIh z+6A(YDnAdg2al!hBYvCz-{rqx%lFRwDd}{Hn!k#|7g8XNp^*0zN&P#?56Gx5>_b`5YInJHr16|SQ zWWGtvlpnu2k@3;<)EeRo$q_)T`Gxs8&_8|0DPzl)9~-`E@sxN*Ui75#aU870Ur6*lOWiJ;(=c3DeRr{ytN*Eq z_$Adk+3n&cIF+27IW2W^edZPLc}oX=P$9elr6pSqs+Bglo>*n%1v zSNVRfzla>A$WD`^6u#G3@5j$o{r7Ho4Q1)MY-X><-Gx@7=_Yzymp+ z4>GrYUj?tgLyE5o%LG%7GK%w2xnEIkG^x0C@&r;Ll;;D?gfW=t*9BN*e>LIx7E5 z%8U2*mGd5b-ItE%pCa!q!LPZ(oAbcDLA-F5x<%eA*7fSd^G}iYignb7D}wgo>-xNR z|0gBCi}g$WXD=RblT$M;XMcmIJw6=bjPE64adOFt2ZoZ94!lxbk=@_c(wv`Kk^L@X zr`R#hwoUw)=J?3eL}4VEJfK|2FHK7nUMBYHW%3{o)g}tB%&0>4dcH0B+Nx%kyRe66 zCkogy;E6=xnf>rnb!%a;zIZ0R349etW_5;uSHzcopKhQG{>QhBrY|n>Z*>oGmicI_ z;o%Nsz0bq>sf)8i)r+%(rzzx)m3wh=!9VwWmub69ep|L!ZCBVX-Y z(11*OGtb@Em>b;3Yx1-qm-3I;-^A~@9V?ov>O4Qvys>NGOZqBjsa{^26R9`hNBSy0 z=g7e8>)tWOk2I>E33M&VsliuTv*mqMAHMXKK&L99PwQ*(^}ZSHGs;`1>1r z%weqO@|n|04u#f261p~V2l&2AocX^3hoMpCn&>7P%xW#vt#LB?p4ruJa@IAzh3BUe z=G{!i&kh-MOI}}(<%FkQ*dXu7A7x4fBEo%J*n64IgYRS zjQnxNt;uOZ*5SL^N_-pTR(QBIQcpaT$8PmQ-iQ0;C?59)a6JL8X>h%P|FBR+i zS4AO5yTj>Qo8A5kGe^j8>TbNgvw_I9U#cDGV(Rap-#e)Hao|us|AIqKd30#}yc_Bg z&AJ<>A;CBMKlerQAvwP?e#XlS3~>I|!Z}_J=RF3_e&r|?4Q|*54X)oK zU;F&?P9gRBjuUnN%enPRV3PNkbz%knvkC59u4evGKIddco^gl+>0dbWQ`@diF@DNF z${uh5`ChWZcNuv5KI{A5=dGFU-d6LjD)jD%J!|pb$=5AhZ=R2X#^Nwzv6H#)fHGrnaOjWbgS&Gq4l{lH?7J`ygMZ}QIwy?7A#m6o!r=*v!+sx!OTgi- z1@5M?IPCLr*fbW0BR&rHT^I)k8i@{r@c0mP7~;-9!yk`&epLZ~5Zj@-*#_^M9GmZR zn&#Si?t4ROvTgY_dpYT;N8QL z&pc=SRbEi{D&#u%dY$194))n44k>% z{NJI&N>213ZyxdHvh>#t)3Mcvw#cdBJ;*n3zK^p*BV*>k_f}VR=Rk+q9vyno2TX4L zy}+W5`Z=-_{}z2eX#2YB?0xNf#^O9Xy01%O`kMIend|-MZ~tp|eiwaxP_fwbRb#Tn zDO}IqW@IZlx`+k#b2R(9n!AO*P{+gzZ$Q4NjK+5({n$io13I17RTHBKy_8>a=z*5P z-_Jyz*}4YqTFS5Ijt2Bz&Ih@3d>e2HM=pXAyI%jWvG}a$ow(^2%n*!<80a&I6jR)fQ;#fALvEzR)V zL6h%#usR>aK)NtK_HTt#z-|NAp_Zn;!k|nKD*~5RRXL z{w6>FYOkNQtXYz!C&VA%>-u*mx3Wg8WR2kd;+d_iZ(ZqyF83I(dkgqewuSrDW-cR! z@&6(1{o|v)s{H@=I}^x+l+r?5+R`>jV@(3K*aZv`SSF+`zjmcUTU3e^V;3q4BDxT< zLYyj4blb76Xt9zsDhcS)O1m)D&j&DSTf5q(tm0aCJCjiRp5QLB?0#gdZNAUfeZSu` z@0rY`*zX_nn3?zc-gD1A=iGD8J@?#m=cCV=3o8}F1pNDe@4O0qjyJ_qq4J5Qk4vaS zAGiDKHp+ck<(5z`1Wgv&W(+>#uYvVk^t}RJ1GmsvJoe9SKMUywoyXJsVR9akr={NO1zEA{S^6}#EbneT*^ZM6IjB3ID9e9)eF;6Q# zTDIIgY`N>e$=ETwk*y`@;iY_*FjvpD($?+pXeIotxxI0SJ-0Ax&vmixKef=e=Nit- zo@?9Z;+fbJDQM5l%F^h;;9B=sSMhq}a33!jD{r%7sb{mP;5HFgH5?{p&9vysUbn;Z(v>)g*czlr>kzTHCprd_n9vMI`@R@v#* zlnYaC9_5DECNsbh+oX+pk9hS=8x6Fv#!l}j&_+FFzZz^~oo!-?i?%VvZDS?%zTwfq z3Ekf4?5Swn2mA%#HWA$FY^(7x`YCxAE&9N}Z=;kYf50l%yv0qzQ zXS}lr@2j^JuP2#Aeum-{eJ^(J;tWoy?0k}gQ`3DO?3%(jRTROg?Q_G|`}tYu_cHW* z3BFxzrEgcvBmDeH%yy#)op1E?~VfiuF}FYpY7?D%Mzao$A74 zqx!QhE`{cP2e``dGJrii5M^%I#wW@gTWvKe7r5Yl`pUsw*MkFlBx&87Vah&0xrg{X z&_q6*?AlH?l>F7I_v0e?bhH-7NA*5Pd-}dlv{0L4T-jE9b%khgkiH%g9{6H*qmTCR z+0A$^vxbhF3RkYRH(+vx0QZ|k@JfDic)X^2c)eG6Re)ESi`PrwW!5icd2)6@vQKU$ z@+(b*PtY{|60vfHWZz!z$xB&bIa^-@=caYV>jizT%H7ompZXb}Nyd5~`lR#hHQaMh zd2S^9(z@NkKNR$Fdiyyh&xfxkWluZwTY6IYm!!AQk#W&uK+o+_JHvLQvFmK*bm_r1 z^k7(ZD5rTiT%esl@jQrY0$lsS6~Ad_EN1+sv=C5GDwd?<^7zW_$cGSvI*!> zYIruZ4L|2+ew`c|Aj^H?8GgoMbm)T)+7Cqb&e3Ol8Xr7ok8tVo--YPn$>(ZsAFvM` z{hU>u&}aHL@hOL(9lk2rj`9N*>T{Bu;l@{otmgC?{y)vys!*LKZyzF&SEo?fB(Eh&CE@d z{p%6zj|BHov0D=jMaDRGbBD=yqP!@&OW1lsYhbf4IthNTKdR^Gpfj?cs7&H5X$bfRzX^ib7Pm1)Jo|nTf*(7HCLNAr6M|QOjZs{vm%Xsf=>WogsgXXk*3`V`UEGz`}1Ox{su9f+6`6 z?Sgp#<*U@bp5NZfz!?lF)}VqtL~>JtyYy8-{f|8LAwx;zGRc_kYPNg-rc-Ct-8%u4 z-$w0fUIW6sNP0Wz)1xO*s4r6Jc7FtcBKKwiqy?WC=bYVBT(1GSAf05v6 zJ|*|VQS^|}3Cwlj(d2l5rshr`?K}2gxe1>0S)m+ZQ+2nQ^h`5%FiL05)7m_F!;rPP z=+c#UuHBc52frk_SjfJk7i$2#6XRWY?VR-V+A2=P}K35P<&c0@IMXz#MB~~C8 zOPJqU*wb8UrGIzOiobfuiU(<&$&{XeD)kV^#RYmxzw8WPm)p9qm0pswsl6h z?^2sQ)0t?~HuI6%UQO;hBk#1ES_q!-U3hjfE_C0S>{!A37jm1ap7fC5%2y@7(sAA^ z&!t&^&)^;P<;yf}OmW-5k2p>9webf4D=t_Kz?g#n0N-k2#nxHm>tP)xUgLMb|Ee`v z`E}euQt!c(PWcLa<1C46c<^go_;ui_wVvoN9b{-(3oci)(dM2% z+S?-BX0wj)?hA9!AvXZq@CJD^u@PI4Jz}U5PXR1A#hz{+AsEN8%1Yt#_kNvuNmFH)9V*w z^dw_6tUF=1pf7jP|J}UX#klx9AL+!hJy$LsJGkp)lrov;rKfaXYK}hNfc<$ITX8ev ziLsU11Keuvw?|Lt+-!pPeXIC%(#~#R)m#?SzOmv`j;0v@Eel)gF0iKEEg6TmPK#TA zdzf59dIntSRHwNtmO6zUOx;vVS)=yOlt)#2duqeLj+Vtj#HOf>xwD}U`2EeT%xhDP z4Wr-3IbV95{Suxj)-16Z|7_2tvBZkDS%N8llj3=k{p8VI=i0en+*w!`bojcUEE0ns zIWaoI$rc~;V6_&3&RHo;@0il zdG}7q>w!poJL^)}E1G|}E784!2^yph89MBDmRPy|1lnu-FUAnca^Do`Hcz(y|MyrFIOksDtX$?hwh4>S+fqjrpZi~dN4l5SE z%YFY(JU2X|?ZN$4dhh`B^!V4p`MShHbj>2-2YgxUye=baU#D)NdA;dmaeApOtqYCZ z24H=m2&`nXI4oyBbeaNvvBP$-fA@88RGwJm#_S7;_u88>eul}&0zOyWw<+7uSqQ!L zjCH2g4~d5Rxbu$NJ{Fn)ddpLU0a``6<53f{Z%Eu?DDZ?!JX!qBU(b>b$sAMj+H*AHw2(~k*Ox&?oy)(XZ~28`q+ zcu?xf>??0DzQ=+0c;-u;MZs@`KVoNMHvC!yzoPS4OEEqc{n)H8oz8h?eQEfpIN>q0 zhfZK_Zjetyu>-Jt-GJWDKqN)nJce!AH?9 zejNCfKt}o|n{{}G7MVSbO5QzSwI&${^FL#)H~Cp-5mSpCg_{@`*AagKZ$}Y`u%LSS zkoXJvp2NvdjJ8`fhQiEA#xL3vX`MIGntGRFHdV$hjmgK;g^x#Ny72Sh=iXFzy)|_s zWfI8b3HG?O?}NYQ!En>iSP9S1lIertC%Q{A@cQNj^xumS2iA|@0xbV-t9)3GzXe!r z7Z%3rn{NSDb;ehm+sB=60oF0^&V~FwZh8x_R%Xs)<>GbsTYzPcC`_-#ZvmEX59jxB z_FI7E+rwYnt}&MFC-Yxia_xjPu8HTA?$Wqne24F~&UAAA*Th;Qi`8$T-8S!zgj4v=t3*qIw1z0ORTR0!DUj|`yoSz=B&kpS){w6>6 zVtv2wKlY!sTI*BZ{Z^TB9oEotPZlV5tU$Tft@Y&|4jFj1Jrv%(_WFA7Uf)c)HhX=u zccwG*>~(wneCYE-=FJp3F)`lt_c~LUH_J0V=Nw&_^zK>6r)Qf-&+~zC%)4VD2t)1b zUMKmRwKrL`{of7cfn;N)*Z%pyIOf^E!S@7+6?Jtq9B!f@JS8{+d@&O&>T*RT0bpKQOo|AT-nv)KFo_><+pz9~B{ghY0 z_b=%8aq=V_U)0(KZFFZ!-~KtYLp|~gI7fil1DqrL@2QO4e*t#)SvOb0^^{edU~12t zz+G9!|Cqr|^X@TkeskA#<8pltv~%)ubPF&9t4gtJ$W9@9EOUn=_SRr%C>-JCG>nL= z&;PQ8em2}3cgB%FVce~)^L(G=YxL=9`t)3hu|b`NiqhA5zo(U=&5wByfLVM=ILHK;o z!)HYhpJT)0bIkYu7NGaPYb^on3kMk6WjDuDCq~3YAMTblxP>o8@7v{**i(vYt+LwN zpC6#CaMydqke@mZ{iv5(SCU?1bB1#R&qAY!53ktiY*Zf3Q4+ zLyC3H7V3p)+l?nbRpQ5(czv$+`h4wQ(C5s3?*;m7?olAtJ+%@1!6(IfT4$%te(*Zz z%yZG?W3PeR<~ivd@I|q5<>fznSZh4hVZ1z{y;;RY^ie(uJk`02I;joNk9y*1m^!J` z(DH0aI`v1sU(;{i6APiZ9L2*XDXY4VcOYZvBKd1m=#zSHo#m{e4tr?Gf;mH=vXX_D zKI_WnZ`n&dU)fxF%GIfb#*8^j4eXub$trLhEJ+WRgS!w&s5vHZYrL<8RC z;e5)OOWW`ToZb6!fHzaLn@b()Yiv0yz-5^$3!dx{&k>0`p^!Cl|Z_u7!Uki8wLwtWmc+RHWi~!7g?m6s~jf{VtvO4q9*GzfdtNagDUOJ{69Yf!? z^U2XM>q>{{n43Mhx@CB|dMxM*==gPUxl-;8;qt!@d|Y=^JXK5IPe7w7&`&x9dcd1W z&YIF(9Yb0Fy;B*`F*Tl!sSW6uNuG|G?9wl&V@}YnGXDi6W))^F)kBXk-DbrA#o=@EC>ZT`khhiuFI}duc<@kSc=geP& zuQNup%*Odhm-O*0S>g8M67Bc%n={jf=J$9pRYtG#Ot>q~=Z|UdA4fTzF{=$xHWGKn zl)AAoj61WhH0CA~8xsMB{F7#1D$v&N1Y^RyxbsPC>JK^VXy_gC=v@uHD?C{qVKuyi z`sV#>#5ao{H}ZZkWMmybPlNnA2Dd|V(tqdCZPi~uw_`snKK4$CZsP4}&P4jWJ!`wX z{iAy>E6Cdm#M=QCmB~Nq49=<)ozNN$OlqtvE zukc0lui-7veBN#qU;ao8`6R}`WImIae?~`I%QY9@TRy=#5sHVa>((Th2g20X9MczQ z=i}5Dte?Hg7(3A%Pd!f_OpT>iJ>FHeCv5h#EA|mLx-VQkai{YV^1}ZG_+bWKcI6}!zj~a0yd-|**-p>HFP^K-Ys80_ zIpg(awiD%(z*C)zsgpXBM+L+NUd?y{3&9$mlu7tpo((c*Mf4jyN2GwVGY9f)1(#x1h5mhZ)=FAZI(Ok#OS4Y;Ap27LEPc-*6Vw%+Ule|Ofz^q; zjaDoyx_Ux5{xi<`C{C+yKV^BRvTc;z&2yvgb_MhuXG<2aCK=#-iDWjY?_LnzuK|Cs zx#+mGJ^3m5OXTOl;__qk-ER7mKbP?=xy$X#%8Stf{7#v2dHRlLhKI~$H;F!bp!*Vd zwUo~iSKsXrKc(+#Lqqjlpq;7I7p#AP4yjsbu#Q}<(s!H-GIN#mT}{Z$RXO^Ob~5^I zy!$?=?>;TMJ^=nT#p$|#v#amE%f8(C>bsSnFHToq-z}r#q%6}w+dbq(RaUp1)8ja-W%y#8FtHolDI>g z&NAxIrqO#V^xIDRYb5z=oC9;>sb%Or>T(C_;dMMrSSw}zDAXlyE$3KpYJFoGfD&63@YZPcHsOM{Yols4KjiJ^UXL{5^BXmjWDM zl;3;#5@$j)a$deKrFq@1KeZh_D}R#SkK%ob_fBZkK4M8tP8XfkH+Xw_G7LP88|iN! zCh%0=nT;Hbr|->t11B}tm4^^*h|W5L;WX37*VnDAc+ zeWK8G39@u)q&1_*HkKGY=9J~Gx9?J&jr6&a+`-aY4d5?(jQaK5%VO-Y4KDqL=r8~M zD(^kE`XulcP74Hg19AZDuykOHTV{J;t>2_F4fL-iD=+!Jt51B|)o~lNHaX9AP}2vC zk43F3h2OQbeMaiCwRWzKn-tJ-lU-hAbX*Pnm;|5lbzCKU;?W|Q5-y-{>kMc?2sm?c42c9ZFNs78VnV0IzpL=*V#Esw2B^oJV`J zE_7-CLV-2?gF!#W%EiTLZ|(&e4<6uR#w_xDl3WHxo+r>}o~!K@>a*5{Q_9dge5TBe zhcy;!kzw8SDjM)jf7cu(PR6V^YmqaaNyqr_+QYf;?g_j*n)goQBv|kE03CW;T^W2) zYbc)%Lw(pebf{iXoDR=wTvsqo#~^PnF;-s=5qFBcLC#gDva+#S_bYll_`cWn!C>2V zL%#n!r|qU&inndxKE*hXR>k_*k9cCF;+)9;jGtWbdCt@Lx`+iyl_3+=b9CS7v;mJ6 z;zK#}LfyR=ElC|jU#z*h(fodj->(*fS$6Lyhh`l!ho{*R=%3j`8V1hFcMlJz z^dz$V8ZlI_H8B=P?W@1u%p3cahtHeSGrrJtzdNrgZ;8_xN*nqTQ~M)mdy8oM(5)u- zxa41a)qmx$6CK|sI=%`W4?@R-@Rz+e(`+-S9thj$9@ao}>kBxnEa z>f*FJ_E&Gx=OFEdfz$TR;o%4`=Y-q8-*2LSC+Oc<`gitL<|#LJ**P6aE62pZl$+A? ziG?H1Dg9xMH(v&>E8dT`cMRYDi>xU!GB6CBrisPj_`gca3 znLKs7=5wBpzCG2+waT|U4blBo;-^z9r}eNR^!`(kwL zbI|qkqH8C*0eQ~Mf&3?Lk&*ir(R2kg?SZB}0h;cGrh8pH6c0RvrgxVQE9*_Ky|yz%$&WHvkr)wVjJRarSd1W$H(JlS1GzI+AW$^Lepkw+8m(i)6jIAN7J1JXnJ=xuW_My)IM394#M{z zf;4>-SRKjYu$-NRX*y9f-3CqcKA)!1!Zcmz(R8BZJnGU@a=uz}{#>ZQ91t2J=hf)* zqXqT3%MX*|vSn2PeGX3sEhFbQi6?^*^f^3<26%D;o^14Zvbg|HUdiRj_Q07%t?yT! zC{9Q5q&~=#H-TmUvN$ZAF)XCdfAUdyvJtxKeLhb%6z0kA@cRq5pCmjv-{A5kE9YZk zKSItgmYjFy$vOYYnQUl!`cu&KWzGSIE+)Uidp9w6n^;TdRcN}(qv;y*M3h=j$_Ju( ztv&jJm*4+`=kjT3|Gaqrh3~H}balpXFp@tj4nyaP3eoVBqTwoNp!fMSY$;5`fAnbh zNoc5ZkD3qPhg@%$Tt8n(u1kl=^-ARWM|pDHMczWu{`)1I_XsW4Js8GD@#A~+jQq`p z{tt-$M@0W|(0@sW{$1pdLNi@<1}&RTJv%gN7>&4R6~Nv`5JKy-9gUWrxoe{q~4{ zmqNeW1N2*R&YA1cZ(%*e&zoUKqQXEEd zZ*drkzc0j}JH?;L&{*&D`7^07fA018b0_=}Zq6i^N3MLA^p@ar>NYfdU!HuwZxi`e z4E?r=ev3rEE1=)|1N2*Z&f#pA;dM36+HzY8Sa6I|L!zJ+I*p3PvbI$Q9F)g14_2=0Zv@gJ0VjxyuE4pm&yqSzSJia zyXM1q5g3NodJhb9p7Mmd&g$y4d*#D@hvE4LHnB#Vrg%!lajDK3_G9!--u_MW$MC;Q z{2wp=Pk{f+Hg$P^2Ga)T9=gd_27d0itg(AbI0t%(fq&;Fin<~(doNi2Mcdq(G1pDz6hcdj=gr|$hPl+pRqa>}L9Vd1tpjoZm< zpqRu&Ej~^3tj;tG7CsGg20E-9A{D^zEH!6dXMc_y@|1NdD9bp|7%;he&;#LdZo7wR zS7(KijQ={>bS>qLK2DGGPBB3y9vc2S@Hfof>vnvie+3>%bX9wEsMm+}ZOTiA8M9NR zGfd19?XRx%^qS5HYQF3z*BNr%%{f>HzA9#1x+{ERQ!9H@t^Qq$f)fT#SEt3DL2f<} z%`NJa`l2`@=^N=we1$n@Y=V3+>lgfM^3@DRFUUQo1FS!>H>CQ46FjGr55qqnvVeZ( z!wKfN6rGeqHCR7$)|j)%eTz723=c%}u8`gP%ReY@T;V&;x{wFOv37^}aK(^yQPMj<5`=AJ!{C&?cPhU>)gEty_0*sHGW{uD z*XQXkTXnWIn>TZ?S?9;Y-LHqT=f{KXX85T&RcF)SiS85An2>y5eZTBJm!}#FqN{^U zX#9jPvZj7XJcXB%ZRx>o^q}NMKH6^TrOK>0<8dr83>C^_6dqx%pYQJ-mqp^?CVPDX zew#gL{r_8g{awNT%gNE;?@{YLIUK5j@4s!YZ};ep?8mo{&TT8@mDRgvg6}ToEGTgz zYFF=8Ul^!YZLO~drtuT=uB+uL<}NoUq2uSiLf2d)zMzkgi3jU*_LPlGybvx&o^5^b zJ7jn}uN$7Y_n!e{bPz^Py#G)bK9BD-JkEvF>E&T#FZ5Ep@MxOH)o z^A$l^Fz@afADc(}1>b$N@Vgva$>d23^>+2xy~@|3ysAlbrgErmr|s~u(pWk6i$A9& z<|23Y=gj$KPF%(TjffuX+nZQcp2e&kc{Qj9g(P|C~Ng`V!_?6qt=-2?n6 zx#a$bd{HW=wjS4S=6H<_oz-!`kJx8(k8Tiujky&4)7c^7?_%}#sGXYMk$287mB#A1 zkxjDwBVR`&%RZg-T=8leLq7gK-a039z35N_d~iBNJNE-~0Wkjto%){(XT`pIX3V(- z>m%nrvfesZXIp8tulmZ_t2ydN;B9hNQvWgflas^6(;3R&QfHByZr7eG_mk^}Trugo zQgWqGKW9G_yzhPqeAHiP2<`)k@q4b!&DE045wimwLwvGXTXsvwOt2a?K1T6bfd0^D zpwem_Kz}VDmQne;$?w^ih#vLUKSOn?FXzAAsIeNz5fd8O`{#9+b-%uOJo$b{#M+~m zVvpMU9t~Y~xU>1P!{6$;a``6Fm&>8sqoF%!>kf1Q{wLzdx|Uo% z{n3`or#sx4Dp{LHPA=@>>5p!>e7eSFSM>6821Y$Mo}f!)TacUbobs4;Mc-%qq21UN z^~BAmmZ6WYv(D_e!n*BWD5rJ(XHZslOFW|h~HY?7V+$%X( zIe~oLYr2-$y<_hg+%+&48QF&2(DMPU2U`uE<zw+?!&^y*`Lugm) z($1OW;xXUDL-0DFUDrap_nFnq|FzWZ|G*~3ZtF2%8ayWD;_(jf__XMPY;{vNH5c5k zw#L?ZIb*eUa^^rfvvB$?xaj+1 z>W}PRPZp%#%f)|md^7f&&Ur{`{XHS`SxhwXL!}aum^S?$`#II*qJ4)U~8`XQ9c6#{z6rVTv$PX`` zNtep*Ho6&^(Rk9DGRb?@QyJyZI8};0!ZXRov-C;1HZ)FxWu$w50Z!ivf#(vpz9YT2 zOg@_{@N-f*DuG9g^jOVyvVA#t4DOrZ}$hl(;jKi_7cvvXBT6ykh64Y z_n+6@(LER%X>1?ibaU9fizdIGuM5Ba_pJL1)XmA81zog`O=@1CZ+*;zxq7hjoTc1% z71(*>BkA(HBj(;_Vq#e5&HfefmWrcv^OHe`B+tW)f6?<{+E*^CeEhQZejv9FvT-r} zk!==)v7-nKzmIqEKA1x#XC9+p%wdP?!suM?O40WY=9qf!;?fv6>d}{cW3HXXb7QA@ z@9Tr_udpsg=jFWL!Pu4G(!FCOJLhbt4g8&PjlZz>TYFyfyx+#pNq_IPl#5&s5R5t&9dBn`u%86!oSh4B{*vF(U@^s4hR2j3|{kV5%7yUQcCbILJkrmfY&dI$C zpOwp5b0BjLvg+Oo-Vs`H4j<4i<#v|c*3P^<&$3SGynys%@D39BVYf4mbk~o@lzg;` zvo?N9;M9Y&8FS2kdT06zPUNsLec=AlulQx_%9-1}y0T^VQDy=C^zX>fxXrOOfU|%; zD$lRE7o7hWS6W~BH86s9verD%{>x$8K2=q<=QlxHH^*iTjqUC3w|kXGmo*JB;?QS* z{yONIbIGT8enc?g#{qOnJG$>6xFhGv6Yf0Cr^n4RpNMXqg{?9xv5hgqv+#S_tDjs# ztPsENX=-%V*>TBIjx2gMAm>iZyK?C2%cxzrXlzV0{qwpXbtxBLVz0(6vGe%t^a|y`MIAN79q*QK#x}y#L`;6nQujul$$r1DR9~ayR6SVQ${n)oQ{L37xzPA~z&Wvt^^6x&jt^Crd~TJlbMXz)vnVfvrg0-sLM*O&Bx&*-HTvZXV?#Focb z`{%H!7k(VS7TeA+;{b=U#bE`Ec@OIw{O(E4~Dt#=ovwS7%-T7B53 z^>FpCDqerQaNJ0rL_hk*xPLLVihBlxFaImAgT6iGvG7IioZ8pIoW@%D*-w^!CDlT` zRmdQ8@MW-`^^$UwYpj-|yThW{8sOUOF|5$@k~2GaE*nVmQy=d%hHTp1uRB)w4^LiH z{rTvYYbht)p7hH3czj8@R8~M+a2x2Uhz%@5_Bp>v%qja17r1xmR=GF}-$%e#?er~; zq)#pbZ~7)V>S`|O)xLZ`Yvg)l;T66=i)?Xkxc0-$-3rUc;9~;6@J89KP_*=gZCF3;%umHNKR4#PG!{7lwwixoX9i zMf3|Em^%btg$}2n!D+tF@_7|}=kos)Wfo>>Qp5ZsUy0U!eSx;e0ng~zxwJomkL~&c z_WsFzev-Bv_Vda=gv@iQmd$`--kL)CK|I)&2zy7Rz7PG0}3|@a^ z&Mmc`P`+|=m(y%3?d~(nZur2a6!KEnZISoe)otf9SNS&Li4E-K%nsM z3!Oa!JkTT0aK2LdOZ_(drQ86Y1(e$tz4F{d7RoF(cBCtI>~UUr2SqHC0RQ z{_FUjWM%4`I1|mI=w#V+h6b(}H6aJGAAONGlHeg!U*fHB#lPo+zr?Y_N9nO9Y& zQtiQ?>v#`5A7Aa4{;(wubxej@0k6C=mgePcW(06 z8JTe_e_yfr@ef`+c^;kBuRpTR%Z%G$U^M+#VHmPqbyiGt&e*!+-M)sQpT?2)@U%wO zyk_t{06%GazI~qdhnM3rUv7o}{m@3=#{L)&Z@4?T0vjZZ4Khl4|Hd5;YwcZ^CT4yR zycnP1d)@I_!!wOfi?Qk7r=jtw`5;w6zvz<_vJ}&iuBWUS7iGX;T-4Dwoln;ORj^N| zDkJgVQ*Yen<-06I z%TESnVHg<6e=m%0aLp0iZxQbD3$PcMt{bg8$+ABFLH5&M-+Tf4j-i;w2z=m7F6#?o zo%$KCLHsj&kc{(3&t5sbGc)Dgknm`Y%g}x^uHnx-{N~aRCmFNJ8uYBjrDCRD zwR*cZTs8esd@`b69r~-ExuTQxUssFO`@Jt}zFo1YtHPRk5A{{=%rD^q<6dznzKlb2 zvu`l~d_DJZaFDf0%nd3h|FX$3i0td0Qu&91w#dIpcEnrBEwZ`;m^z!RxlFzX`F_;? zr^v0+r+$Ecg7NmHPhjuxUu_!sG<`>Bd$NhGVDbm(oQ%0&k2VCS1vvWtKk5(lGcpBF z6rZ3x-DVG$dz_5jjc!u@R#&eW-$jny-I2-P{5R}XdUvJ)zfXINZ&LS|x5j&YbGEKq zCud(Wr@id{Rkn`$^V3Xw#q0X>-*{*jY%}N&5G}Ru=kN1XT@`*$JaVl{Z`t^^6xKehdIymNB*e>WGR4~bfilIY$HPh zzJ*(`&P2%{w2+SN#^)kiw>wlhJ#YUphxb1J_O2KIviRosFPbl4zb({jd>04M)A)7z z4syTHAuAn$mv_O-le_HrD~mYK5gNHKxu5+f?)=qQt+!oVj1S{^=&qW?#;vp3%R;?%{`%%=cYPC6JKVjd_(HXn z*oWMdEgpnodc4L!`>&Mr&!V&x-B&N#c_o2M()hwYw^HN=|6?@twY z+kD1|b`Mea&!ICKoAnx-d{6Yo<~;1bGWulp6=`30Ir;P-PktWp_p{)XdI%lL@2=ya z-X!a?M?Zw!w2S{ew{EIqU*gU182C8%J0pWt$e{T5f1t%ze0pfl;Q^N(@XqYxWazZh zeZC!=cA97p4u2~eJ&>i5{3~JT;@{2M1rEVR-YIl*^oCzO3i@Ao-7zWfgJeb+?N64s|I$mIXfm6do+ui z_QG64EN$|x7znsx!z;tEY>*#L89NZU z_VW+P{?nM%ojhI4Ep^--sx`2DQpN@ZhCc@Xo4gjk6u!0i6FnPOHY{`d|Qhs3VyEJvnqW8A(mXS+EvDDzJBVN9S86)s&e zePAy4`>@*UgZ6(-A9$yB{5~9`52+gWzp)p}tfBjnybsoS`gPjpne^PV=mUR0GFV3Y zk^6vsazFA|>DD*W+!Trd*cE1WdZ$I+Ea5?Q`CkW@@ ze&k?tUW_e$t+q4!kva8zJLXgC81L*y=GQ$>do%;Hi@m8r_Gn$H^|v) z|Nk;yEMopMw%y3a#47BzRV7)wZLe#$)u=w@oV_j#*_2(;i_YcSZN|?KwOG&HdQNkB zH?WM&v(p`8&$7Sqo}k^fCaV+wBD*cW-d|w12{&W6ZEY&{Qjq1ebE$9IHr?Qzo zV25Pvw#@;%4P1t^+d9@lyA9MmAG?kAlbf^prCa%Ycy8>{Y?waD-ZBy@JUf;<7 z<|VG(_9l3I20SwJG5quGHbW21%j;Zvpj*B88;?$F+~*m)4IEzXg+}YLG}2kx9J>v^ z>wISdoD!4Ynw?|pwpDJQeSLekM~{D@{lw%vyKQd)yA52Q5UzW%+m>Rt0WV{>@$P$i zwT zJX@&t$YCHKwf_5d+xNj|fH^ZII|W)9yG?v6%cIvgk6z<*>6NkD#zU)dz%Cm~t8Qo& z982QIUu3s|?`H4}+HJ~PpgtD0BY3ZV`gC|wcV+Nwh#e6qBRk@2(CZ{?zGT#`Z|sPj z@E|l6{WkX8qoKvz#k}}j3wZzv+7Wr}-UmF{5vv2|rH0rM(NVc^1mHA=*nmRy{5i5k z@+UhYuWtT%jy_^=`Z;SCY+ts6BipgUiq9h^fOU1Fu_cL9LBAW{7VGrJL?>}fp3h@7 z?Ku^ZIQ~iCMdAa*zbIaKo)sQd*Jd@k^+t{2>>DwvKbqMddW6rv&#Yo^A`$K3_c!_c z$IL2XlZjnu#D*AKx5H|5YMUDCzGO8jMkZcJrThy1cZM?kyg~h}xv7y{DRJhn-1rnf24z>oyknm_ z6Q8ox^NA7@q4+}+CpACt9-rN9=KSSc;$Rk9arwSd__~=tTzXfA8WT%PV+r)h>Pg-{ zH#$W7#$&|m2Jl@7-SGu$Pbi6Q=tF-bDv!=eMt?EWhR&T)8~ec`K6lipZuaJEV%BWv z-Bn}vzOWttcJ$6o+gYDfp<4{U=UQ>CH^Pzye#7K{D-nHurggEq{+L(l=1(&|@(^da&>xD`(%r(sBmBSi`jzN8 z;~$+%ecG$DDFZG$bYAAY6JmZHb3Zok|NH+Dt3IB7qpOUa&$E+dk@PE*ZfgA9mT{YjSp%~g#8H4Zh}Lhv6Zpyk?kROz|+=5;+PB7^X2rjAB9f^>K5A{ zVf?1&8`%!*i@?LzH;>@#iXBTpFSDNl-Sw?lwO_->1hj0&f9ixer_wYvrdT=AF@^p; zLX01KL+2RVnZ0sk!o>0FJv25k`tbZkjj?CFxkmfUMt{R+#X;P|-ZtYsodQSlqfdu! zCa!k7w@;Q|egXMll9WwQCuqByJq`4f;_-mHxCOXDdIZP3cvEK~-?Rm+_+#p8$chVx zV7Z`fsD|cFh`XAR``rB{(Xo{MCFlq(63~w|&AueGs}i4}Z98YVl}k%F3-=Ca+CE6E zFZ5L0e>-t_x~ui|%{Q^n;ripvS{OXF$70F%z$f@V*f+zwkY&yuiPycfn}cICdrqnD z5;s0mb;>X0EIG8Ys-Jy0r+jm6pU~}Tw;plx;2f+QrY<`6jP_r1_MhqNjOXF4#xwGu zvj@;Kvxl_ZU;9(;MwJ6^m9y;n`*ZtQ%9(4!!`Tl-$*~auq)8b(pj<#`odDr z?A`|Hu+Xwiju#VSctQV&gKC{O!kYSSc-hT+={wHcZj!!H%xMbyrYrh^b0$tebHtR0 zi6`~PKxTYUE`NNa7$1@mBk#OVpnJsg4&4O-Z3duISC4zPabJitGwdy@UFlNAcIkYM zU#E@SCi3}c@7zK+Yi(@8Gml(ra*%K;t&jo@*nfxNa5xnz( z1*GL9);RW|%Wz!nDg^!v;b$&N@9<4NILQ<3AGqTz@#WL}q-Nb~Dm*CtU&Nt|O zXospGHecn6m;R|l12X`LlNCdB&^4n>nzRil&wXHtqAY*m-7?pF?z=Uq5%_RB| zerXR_V`Uw=<;;7=hxFm^w^=5BJ1EaV{bL(?2KFVv*O}z^`zrVR3~~{^n3$omJy$+_ z20cmJYQw}wpi9j83v|@2e%ocVja>blw&nBtS3W`ikRPkw!F(W{)xp^BLVm($B8~F# z)mirA8jISS36AGkzhHk#Z38=5OS}Rxq8dYC?O%dNzMi;|@{=*y90sE>2QxiX}4MfN@;L&%Thw>`9b<}vy!xlufl@&_bl z^W6+yGelF1ac5m3+9EfPo4A@_|Dfjx;Vapj%N`l|Jmf1h>zW3hEriaTS8^8e8`}6| zznd|pd=mx7AHH9A{4Hkuy_YkW?)a0>RB(;1kp4j*NG5z(Mpy7&JeIEbs`dquC2Rv@ z&+YyQa~5(e8112#%s#up3pw;*`SY^u7TG&KtdEoHB-1uBlPOP};@jy*e%l*qTXoG` z4zIgImm@2DLY$!ri6(r*`!MG}bS`k~lY_fnVSEX{z7Ttv@cyJX)?PthKN`A%_0JXO zb}(OcZ@6;$w;A{1pCvmpim#b5+=0!daVfvM?(7TV9|8YDwD$GW_0Z<^&AIf>k$uT2 zvZFDpxm`=hmup_>^e+l_pGrT{L}z$J-Hu&yOO)c$@VYR6=d_@49lSF9Bi@U?n0y5h@4i^ZjQi~U*7}6MR`j2J$y#59t}%De zPN5xioN!xQ0H2G&M{zk0ddrW^SzTsLod>;C=jH-+N~vRX476)w-7A^p&)k8YTR-TtF?KXMPIG*)ed#NsUn;PlD_HaE ztkf9ShSoWSa&vyKd|$&CWFr^OvBG?1aw{3T1N|AyN$?DQ0b(Oe{*GWyl^_mgtYu=q zviTNdPiS4IwZd?9v$0>NF8xj^ZDt!>&vzcv0X$%`Z1;?12pKls=|=1=G#`>mh(*36yA zyyi~L8U5(=?ON+?n84gQfi>p88{e3*-^|?kK{Izs$9O)m92xZc)MEOSJv+#m$ec6Y zTHogO34eiXEBeIUL^0XfVe*4vFQy0SlW1_%&xr=UVe*;HBNkm}AO4IUP4ru_Z!UH1 zMH4FpEu=G&tczuv>3srPPC@=m45RctbVx!UGv4o-7JHPnwKw+{?9&bONxaQJ=c&7l z1pm7_E67^w_01*Nn{Io8FMB{dlMPU}b@kyeIb_;7<6RE!!E^A^@xrNud^4AVr)(vy z(Q;sh^694Y|1O_}+y4qj^ql4b$Da$(VP-BEO}pNj4ZArr7aU~`sW_J5_<4GjWHftz z@_*H5?5}IsPuBNU-uIP!=d9P@XD**zKY;9T#nZ~B5P#%vtj8`&v931jVCEqB7iS)d zoB6DP-}ocV@7%qgNhQ{A~TKi^fj0+JW)2E4zEHJd7?_qqTm^ko4t7^AwHt=@g1%ER5wmD6QkDi46pd5SKI$v6H6WSn^B#%Fvx4tX+k z#P2AciQeTGv!=v;^W%)MOAmhpJd9mR%&1}?H4f_R)rZwj(MRn5@wV%(dISY=H z4;xv@t~rD9n*=|N3Hh&N=Y}ukT#glH-IkRt&crf?-1D}w{j=*yWIb#>9?8lu`z6-n zTLb^Qh^NuIDtNY5df2rsvgZjkt}@S?vd@hl)-NA8XDPq1=sUnWjb-t%o;`y3)s|>& zay81|qB6{5Y2Ddu^b&pCbce=7);BhEJfOSjXFojh=g_VxR&Qr>THT2K=1cUU)Ux_}VJ$TUBQ+c=)o9jO7#@L1M)YlvI$2}{KjtKHa z<2-%sL5~Phr!_ z?tItX_-G_^($UDBdB=L&`qvlMv_nqgR;U;cCv&$*&W_=fnEX z!S1(5&<5XO_{NwYtB?FJ^0i3@jXvTxXPdra{6n$@z4k?K!H^F}Ffu-z(EC}xO)z?0 z=U?v6jG?O-Lsv0|IA0P9KUZfv=QNL*u|$8+J!Y?goRXO}9{89XF7H;(7-T3s+Bze> ztTo7RbJC8#lU}}+buGB2irT$jyf5R6HR~ahkJPi{=V43MLDy8sop0MiznQ81y><<4E%aGit%jn{h-6-tEz9ZV&-m5beZgzZfu0Vr9GXC6~5GeTsEz2i`5rc4Ik#6 z;G6wX)=SPL#z8H%-#w|BkFq!YgV6Gs@o~#%9c>?#Weip z!>ps2L$xOB6OCJ}-dm-Qd8R!It%qfU$X0k8vaR*jGpr@FW>A?*>?BX0X4*9}>Dj8m z9H%CpojPNwBY&~%(mER*!rpEWZ`Jo@Vkh_oVGKq!SB_?{GZcG+{&?%_Oxu}0Lk}}& zGJlylllXThYR8iJ6?SxaX~LE&Gzbof&3Nv`(^0{ng%igl=pW#cC+0 zplmCxkJz7^jxCrziEL>NBNa(%fnGHGwA{nYev^Zy-NkPTUVUsZ-d(nkS6^ zVK%bD+@Sr)B>PQ$q0)Up-pW7Uk4*Q^rOZO)QSzxd34ZF#`_;%;at3-NS`te%^WL*5 zCQ43cBd6#e=?I_Z&Z?3|r)6a9dgT)%lI(nd1FfFnN>zSPeOwM%HWfo{>)X@wEqNm zjsLJGZ|b{Q>(2Igx6)dV?sR#_vvU06^&cb0$qXxQF&=eZI*5m%J!9L)#|f3iUg03+ zw~yW!yMcCzziM6W*?11{gqJgeeA%5YZYwC0;yL@i(^Hel;WpZu_DRux20D1Q-O7FN ze41P5jkTuk(R1tz${TrlntsZ5Zx0dgJ<7EkABS#THRK8;FX4RpS} z!7mXFn|K_*&bO!|+gf|ZX6*{jS`*b@t=ukFJR{5KFTZW&7&rce25=k)j^mm$xo*rD z-`P}@$JJ-Nv)6h26>UmAS#gG|f4Xq}xX1Ui{}Yh6$A_1&X5gBY;4?_0F5T((ddEV zG_sw-c!@?&dHr*StN**g^$l+xD&B6>$-?#2?jwG?!`1IAT;J%D&`@1+sYk!6d$DU- z4^&-&o@qNetLkd#hfX#=mQ`~a2PcJEGh=qy$VO*U9xXYi1wRVvln(!_e*t-0?e}T8 z`Y#pkQ@#y?eX&nIs~kI|IglHGce#3;b1$7%EIig7yFdC6;}AJZM1P!FV``l^+}!>Z z>I8j@L4T^`Z@BiplWFfK=iT0>{~zt$pK0%>=iT0&L)y#cc$cqFHkk1rdA6JUU$$+> zdYQ{o{0{2+x{L7_^DKM?x(=PKJ$>{4V%ca{pY!(z%wC9Shp*1RpHg<6eCFbh{6CuC z!Yes5B;OJK8~JCn7o{9XSE19{Z#Cx|ol4pp;kIY;<@j(sJRhcPa6d=u1;rjn_6xSp z7*cG2Y=BJrA;rw_AwEFu|Czq~?JIs#?W=!gE!!jCqL(9_K8l9G zW%5EurNz2vmoZ>N(7I7@fX=8U_YKDjXz z$M5)9eK~6{TRtY@{EqOh$4)CgBsKfOM%ls|kJ|Hk7MrS`*gnmzRlZMoV{<&rvvSS5 z-n$64#3*E;?+|y^ALP#Z{p7IfnHc-3a_U8I*FB9USE~4)p#F#0%h~F!qg1w+y+NJr z)bCfwE2=uqlFRtqVeaWRw%D?p)2W9z8@S?T&a2YT=lK0R-^ckrq2J_-A!bXtgE>P- z9wcz7nG_3;cJY ztN#D*e|z{4OI)3}G1I?~7QyM5p9_q8V%bN?>7UjHPGz&^?KpRy#^?Xrp2hP|9QuU# zebkSKn9%G#|D*dn;qCP>&&N~m-?O;;-;bE`Rm3x`^l(l_!FvmMk1rwiyCj{g zeR4(2*=DC7Ttj@EF4HSLEsdJbBppjGNsoBUxm-@rP>|0w^r*e1r)!1v3Y=J{DWojeV`XDQor zNzB=3r&kNVjo?>vNi0ErI3K@pK7N~lDPI23PMdMy^YY~}jm{wO27%T8j@XZ-OQLtQ zc9mJvn)3L0oHm3@o5xRIPRS|qLUq-&*txq3%d4*=p67ibITK7@W`5wcvAT%Nyj-M> z>eoG6pn%MzHqf_qS(@G_8Cu1&HPA_Sh_HrLOh}4;J5$~sOHCTr>a4O&T(6=1o}10s za}FX82j`@dEtkfe110I_MXLkw^$^cn-X0rl9@m;WG$);UzLYhXomP%TXJd0b)zV~i zSL#R!`xLo43jc_^rlDNEj@rt*+2G}@A@3Vw-|4wDmU>EU*=EhE=fdAPQsS;}$%UTq z*SAOJWcQ1Cro4Sgo~b|I!`~aE`Erlu6-8+Nxgs=g^VbUnXfF7B2GEQ9=ft5^+$k%K z50-)ZmYd_wGCOVJK(yYgYX5|@za*};;dWvi{Qt(U2Te+$aZvAW!1v(m-EF`R_G6OQ zkAEZn)#yLT<<=<~eRFG(el(pLMs}7VCuQ(>39{n(=H&l#mOy)aa}IryZ%%kPj6E~P zDoS$4*p`bLopI=Zalom$K6aa#ukUEBV~!aOtmmnpnu~lcw9|F;vMBKWbxSh~tG3z?)^n=j)p%L+a zpuH4zs;@xMUc;ddF59t3hN>Jx5fD^cxTDM=v3UonKRS3NzP{ER=$4k zo{T6okv*U?$|I|CCWdmdoj&y({9ry$O|jj)Tn&;J@^Z~^<))ndA^FMF&j0*~b~ew6 zt2}#)6D3#ky}cj3_jTb$ubE}0!^z+!i7Vl@T@Sg;pGvEd7`u=d^=bpm+$8+JZ z?q9)iGUXchY_QRvcKV;*aPvC!Q6>otmAhNzYUoET{bb*)4!ONi^1vMDY^aT;UPEqc zTwN*|bPn9?o+Y?vEAhO@-N&}hs=9~om3)7U@4NY4$@hA`@8ddFq{omx1}d16jSzj45QbwkaKvtTs=GRkd!# zZvf1DsZ(jYz82oAKTbmdS#2mFt2`4u?%@1ZkcT5Z9zH?rWJV_iWOY&z9(Me+I1dGX zo@8}AbIk-k3)%ud~nR>S?WamF!!wXr5E13x=_svFx|de7v=<(+U6-ii%B$z2O6 zp85SK$A(uJ_qYuNLZN;miAwQ-ob z{uoo+DvutI@7CRyWz1LOE^l?ly{~mOd(7GcP69j8d37xDnw1WhxprUQpq2jN2TQ+_ ze2u+?!3ep7uZkV!|0&7%Zsd!(X90IgW> zg8$K(7JYC!KhikwN^9D0gu7@MeJAw4D)t%CKML)LKM{}3S%F>j?IDj(ymL<5@rY=B zx+(4~xq>y*`&;MXBi8ysw3A-2>bK6a%K2t)b80p;KEqkh={}umvTKNCMf%q9-Qs-{ zzAq?NSTqm7npXr?)4t-c42{6Ksvcaww{=#k!AEeTMgi_>tO6)%`!&YtiWFz@&r~NJEWt(cgPMvjqe-3<(AfrBi zHLg>h3>dxoldZERvIZTfC{0^GIZD3$`dHPmwwbAlo6@P~5oXPks+riR+{b1=1$_K5 z_7m^|o&or~4uBOVY1IbZU(KKVnI}arvs1{uS_&{fx_38JC^Y zVu@2$x|e6dA$cm2{wVv4CN4-gp2ks=Ml zOZ!%m%~X&0JJRiM|GOG3<}UdjWG}_|NZ*+8FWSEB(l)XKTL{{v9zrfOM=|F)H5-jg z*8$tii_qFS)`PFQI#%^dW`CFXecnoQnc>D*wuOT2dNBJFM}(r(j(#oHD9$BvTcu@b#o(Ud;r&uPzj z`Awg<(x*b)C2m*j)E&J8{2n*~znSAwtZS5iO7&95Bj(w&%omCsH1oxC_^^1cHfFrY z`HKUd4mtrZp6AoRdSpfkdnbH1^QoL0S8i{oxgmC%`(B;n%XF4znqo_pE2Ixt%DpXk zwZQZFq5r1r19p5AG?M?{>AVWN{m#}d=8)@!qvSz)0vpD91^%8zjutYOUg7`0BM%F2 z0+-TsqNOpG=)u1iwjQgFG-Uj5)xP}pAlLLmxGJ~oJCSAl5oVuFI`Un#W%ODPbv-}Q z*dlysiw@71ZS05U!y3HP9jp1WRoyl`Ea9A_Z&zvTd3;Dlt7Cs7{Gp%b2hsBfpMZYs zF*!X~w>mw`TelPc{5H|=to>Kco^V`eXPhOBi>0ORUMcZi&g`*`&II)9A>_lCpQpTd zq9d-XbYl;R52in%cV}qxT#^2Ce0uo)M10x=U>z<3t7%hlSk6<(;UVIACC>+iYdB+* zo4J$sN#2V_k7zy3?-b7@|2eYGGebvgqpiKj=0WNmai2LYH8E#DcmA%&N3@@3J=bRB zY9}}kE_7vI_pK=I#K?M}-H!s#nZ3BtA-8E5dK>={-{7#O{SME6v52{hXJ&8HdsoG~ z$4k&}2hc4G=P*CHyik0LSwnZy53QkTUwYGwBXBco=tX&cv_0^6DQoDZf-@ubdyUWj z<(W0KVq26mGqu}F*Kt-`_sq;=f7j?&$~pZr$n|hdD>*mJ8d_t~tZg^Wb=S7#*k|R( zSO@Sug749+FPdkv?zpBkGWrxbsGXj-u@_05hpe>x{>n!h24B`4Lwz{p(#gd9LornVenIw?D3KfgZte z_4oYu$CS#Qg!lUXGO?*<3`oBO)*c2Aq{A1Soi04n{Zisj| zZmmChktZMe-)OIoToU-tJ$Xli|G&=r(bjE8=%>>>Uw4{J)!eJtR+q;1l9YT#$XC5D zf6ztx`D2uk46RXF>KYl^j6P^UUS{ywB7IQ4b0BJ^O^n|*%iLw-uSJ%t-WKF%vo{vk zkt>O@Xy9z1>_#j7EOwh>gG?L)eOC_CzMaIjX)Wf}HLzDvehvA^Skud{GjWKN@7utb z+!#rJ?FEl_>-Zmyr2he%*|$d&KVo9LmzAXZSCruMn;Dbd{DR~inYEr}zUbXL%lbLr z*a=%;=-$wiL;V2GatY{^DaD?~{_z=_w5$~L&bA%WT z-YtM%I+H-Ym^IE*Ry@L(SOl)7{vo&ivy}1qX?ebX^qi^hpS3mh4-)Hve0@js{o`akZi|5;-f(gERRh3EFBIm74x;RFtEBX{ek`Mo-T_uzi!Yvjqy z*L&vS2M))LoV@ZZE)@!sgV83CO++tZoNp3a<$URy{^qvyXdF(9+i8#6qe zIXR#+r%<+`fXgf5f|!Msa?g7@^Z#S+{o|vm?)?8d z8ITDP5CbCeD=}LM#Fn*@k`y8nMweeLs3<6?K+_g9ZK-8l$Wj+#KD%h?7N>N}wrm$- zc1wV^+M<oSw*awoC1UAmQ7%jWxhoqO-hondZ7+kQUZKjtyX zoqNuC|2psUKJW8B@AowRk3}<$oGqTGGn>$vYf3m%Cm$m^vmP9c&U_JFnL=m2%r~}o zXWOktXR5YOR%cEIt{NvFO-^Ut>gdd>e4Y6{a;(UnH+r**b^YhuCun3w zN4Af;mFaSDszv_Ch!)p7c#h-mN!0R$hB|*%oP**;Ws5}VCt8X9QF*k%YS}kSv0Uc- zS^9Y#@J)iw9vxhJdR~E?ZRCIdod1t?&Yb@OXVk^!d|7~;wO{$xayA(`yPy4{{1x+j zvS#*;yV1YUqS)LRR{-;CT-!0;RX_shYDT^KI)!{D?39twbA^`*fu=zg4F_($c; zbm?K}ILS(A{;Qzp#9I;E50^__`fpdj`s2|L^C%2yh%r`mf;~QGi)$^ll3K;z6~XO z&*6Jc=HgN-Q#Q=X3>}G{8qJ-Cloe;6{cvS6x6hsn9Xwpp^k>)3$yASJeDL|W3%^-! zk(;mZzs8IljkY|^UPI>|nq%$Zk`obk?_C=}*Y+U;&=p#C>TI*1uZn=a8V3jWB_A?- z^*p&c8V-J6xIe_$#oC2Rg4^}`;+MR;o~nQ9A6v0dCWZ-p*o_`+C-&(PVx~gSO*tD< zBiNh5PsQm|Z{g-|>``6Bm30w(oF?u$43Cis#WMN()n3?(G5Gdv@DI80$0C_H|F9GH zZ1UFew`^H*U2*3rmtSmO8!<}sZzFGtz2_c%!at5;yFB=NW+3C}@f13lXYrSr^W<92 zS zQXQe}UVRU^72`{5wx&yd&aEW$yi9Ub(9h=r`tk1C6z1*{+^Pv>U?ra1z&Z?A$)|x$ zajpDq_T*?nasSoCdMZ|5arYY6+?{h{Wj+}&ZfiCU?R@zEgS}N@KX(Q6lXNnD#T&B+Od^R!s=;d)Kr`GB`xBhDqonrL0Tj%8%{S}>KSsBg0f2MI7 zB%=lWJQ2{3N9)fTdgS-zzvC@>X#LaL*MZ*rBl#E@W4`k1_-Y^e?{??4r>*YjKSJBl zY72cXxUFyO9`xYg3mLmDcdv_h>r6M}zk!Xv3O$||cipBq;Zp86mBe+gLHVY%7Uc8Y zT_>veZ8GZw_k-HGANK`xY!W`2yck|?1an7Y!bW0qRjcmWNz9dAY~_8tuRC?-o;mPj z>!tyhshb9EOne6TX>O;91(dxfTU>d4Dmc?oyl-`B@%h&1#uWPRZzZwi{|THgw2w;S z5j3~`eTc`p4`^UwkDxebbCv=B%=*X}ksrWMa7-h6%CDn)TAC}WEhl{}AFlQdlK&L_ z39dJvbKz2cWZ@=V5`bGSE_goos7jo?UG&lB;dTLicyj)urP3+6e*AeMlJLcgX;yAg z<&#kTb?H#?jT*WKZ1|)YoCm#}q2TjJ|K!X!8~ml)s)t$Z`BoZU%Qheu%Fr*hb@vs^ zURJI(e~tE>oCe)LoQj;~#V?0PkQXgfAfv7=FfPQtECe3m{fb9k9bM?iMuhoe5v$oB9+4LZt38PN;7&5J?v|+^ zY)_tJ>OgB>TTMHAa*0#7r3Qa>E$`B=Q=_HCHDNc&!{sSO1r}<9t%%oTeY}Ouxi9Gx$E`jML?wXWFO1=U8JxHK_Y|cLC?2 z3!o2v%>|4-mH2Xl-+cI{e1rCJ`VrhG`4-$SIQ{j|pX5V+-0oArLSKUA%(K975*UvA zaM@7M=Mnl6j9q*S#$#@u$e;AC_}2XbebR^e{CD-q{hjm%;O+wMBSqjoURocSV13HS z<@%7hCsa5WR@XW*nOxtPD4Yj68|Xg9nDnhNk20pd$BCxkT}n)8DfD;{x+o`4_5IK8 znsWcpUFjzUJF+mur(0+@%x!1n_MpSRtnT6W!Ee>?qs9Au;}Gy1guag&`u6EOPBQ54 z`xkoW0Pj4>o_0iI<_I|z_LEa#ANf&quU+RH_J%nL;O71x^2>RgJBRb`!ltIU^ulj( z9=&EWmpXuvd6~Uu-T_QHhhxra-AMC)XI06G(w4i=rnkfE81t8LiSZ-uk@h=*9okMI zmyq$@?c)F4R%X6CA74-(+oQZkzjxn#h&$$dZa>5vcII*$@6YhH-^%~na_x2gC?2ME zMKj&IqnQs#jwYM=oak*sj_7;A-OY#gca7z9`=RU{*ie%ASK4YmoAz62zb%@XMf-Wu zhYLd{f6H3^z1aC%a-rB>t;3!AdztfhKQYQ#eX$An3V78fUTwl3M?G*e-!@no6N>;{ zq?7ISPMfDMv1V+gZ`FmdS3tXU&|bQZbwIjKHCqhr8Bf0PH2(P5i%xoLulka-)7#N4}T$t-E{KcYc`mytM7%hk+x`_vdFR$AooT#V3^OBQh&AymVH0xO7|Ttii*F&Kfd&T4*SL zm-2Vn@EY^?F#aAf{5|IHk^Egg99ft;bk^wM7tb0q{DYy3`FkvXj~l*#zb~FOVfZDp zCJp~==n~>dMoeuE4WBwCG;FGVBff;c6=#Aj-D)Mo%afiQEd=ky)FcP*FYt^S9|@Z? zH_1%V`NtWRev2Sa#nw>WJr)1{^GRfAJv5P?o(8SpU%D3gfQIs&OHR_R4ai;9jOq

*eB}lp!lYI!1B$A&a=Q<`#|*O z&GrcAE-GtGp3d~_)vIn9q&wG%Vtga74|^9kml1SIR$1h@wm3I1`(l+of!bDP^X2C94XN#PPxj!C#xQ3ie%;DDSL>ZI(4ftsfrqo~e9bHMW1fZR zV=%NW7j2iHoyncy)MVtkocZeJ{Zigi<4XzOxp6J=1hUy=r)ck_+!Q81yWkk%(vUi| zH}Q_iUs~qGikMud$W4U%HGANLV33SN$i=wYjoTN^l@H$F6n6T0ntKDXwFK|AF3qN> zMzb#`T`{_Qve>pnd#8N*J^xr-#R|s!f_&59tXD#Wpm`_!}uM+Hp1bb=!?ufu62amoZLNd_N?B1)ssi<8yr}3 zd0GqSXlph%ZvJ>La}M=ZZQHYXadU0+@}LmXfAJo?vO*!ZerzWeIvo8&a$MSncP z9O;OSJ5&sA&G|?0opg{RsGWPzk4QG~Y0TqnOYtJ6ZVftYAJ5Y0G1e=y539l#QYpDb zw*Cs*rs3H<DO<&igN`!eXnk?V=|I1HgmG--S9_<( z*PZ)oS)T`USuki%_uR4n;Vj@zbRw|ACu1|gmul8n&ABPe%ToG!RdNK6O4;Y7;pzGJ z4V*sJPWKI-R=o_~_xdTtUb=*SjL${9W_;Z@IKcQFu@#4mPX*ni=bdfViTI~EJB*Q6 z8r`CpHra3{M>fBEWBeU$MMIrE1krAFHeY&%>P5toVqATGuv-?nVbg_a_SIu62{KMfZ>U>5eQKx+B*fy*#>`_-JI_&>j7E9^Ls( zeR?#xM|9_z*H0eZ-FHRz4|;SD!w2Syp*wT0^Dm%#R{`A%#<HJXkPns zHE4{dIny*e8=&n`SNHqdI(*La)92~ioS#0&D~q4&m@2bbN zhmjuZ;hg5gm)^b}dl7gB(qr0NWc3(lZ2sC)Z&&B;^Xc5Lz5`gl@fNUl`gJbn1?M&m zp(cY<-zkMYanCd#j+91`ap{2kGfkZdDhIb@N;Hu!l0R29dz2rd9sTu)&UlbvopIh* zhy!viTDkf)JC1am$N&3<1G0W@(_HE*IR07x8K?BA%^Y;jIDP(h;7>YhT()07{3&#_ z$(!0^#YG_>j|$xwcN5VA|w#W3G+H`$%@Y z;I0W3Ijb4AY!7FfVkjrnN`#Fo&`0pIVO2O=O=9cApLQJu7vemHM6ybDs_K zJ>!0~>2IX(*=YCKXe;4A3(GrWFga4fPMt~kt8+2UN7Vwr_IfOGbWpsMePkNlqCCXO zx#YwTJ-{4|>{qVC-QcaY^g;Kovd(;ze=o&*rIy|+-T#??fp5r-ep4)&?$@;ww_$M} zWDO%Wj`)KVF)cb@qn~SaHlcl@-jC3S=7%@t8v5$Ne$a2yZ#I0|C*6Ra^UkAmmi-9p zXFqdF?`f>>=x@m|dcpYlfiE&RYU&00;TLbx;HUf5Y2Lv%vyF2OonbyU1zJpLu&_l- z`@ZL{!D;lSM<+cm;rZo0_&vB~Q`CtL=t$)uQvNXFlOJ0^pC1TCGe2M05dYe*Mx0%6 zZ}jXv_gZEx*7#~Kd(sB(??Ds6E}Ra7kH5BtaMRf*dBC-oIDh`a&mMT#uG~cAB~pLw zeDCS9PDnRL+*pZs!B6coG|z`K$5oRuVucTwy}tiEjCWQYba>GXF2+XU*%dk~9b%cY z(oT0TSZqy6x%*kx6J#@2zd~bgrQTw(Hr`x&X|Y*{^4j_5n;(Dav}%jDcUJN(-PTSH z`p(#-L-*50@*es0GrLMZUAoKo`wGuL=<8p<1rM0l55gO0fByL^@BFjgffm}!i?0!P zKL;Jz2EL;K8|BPnmbMWF1WS7Sc^ZShq)`+)ibkSWp1cuiN}uzq4_{^ zSa0Z?t5agmwtQpE`se(5px!!QzFoPD+8OvGZli$-%D}3FV+lmXUiv zIm{(vWw|`6k~hiKb?^ZFkQfM;i!`V3E%|M`JijCIkc8KTu$b}jn^#BRNeo#)KIK1C zy+ru|$Z?5Gk9YFyLto{>m%q4wnw61{s=bLCn9@P4Ii3#E+7lK$$dVU-+`mZiF~*OS z)ouPc`V)Tl`;z3hmVDwXGv`g_-k0Q1=S_@l&YSrEY3>9^TI=Ew&YUzac5dA#bJpmmQW5IZj8^0~S3*%!H zEe1zFKQHX~V2aVQ(zRie@KAHaFAK(REBynX^Owx*D7?3eyu z(yjAt((T%}pxf{Zq}vG5EvEG?LXQ5Dc%iI$^*^M0Ug6y1RpiR(0CbPhL7WXq?|8YK zlbqv72UW{1cncl$>IVm9&p`Y(fq#!8JEssP?k#6yRsTzUFb5w*{-s}xJ%=8V?@sz4 z%{()ELwD_X207H;vDkd@eC)aTkhAZVYe4gVK)L33*)x*sAG|cMTz?g~ja(zc{(Xdz zYhOQmzbF3W>cL=Zne|tGZBr{%bAPaGV&aiXjUF+zA8W~%WAp;QX}-!v(f^Why^mh} zru19hxe&0Nehl5j_?|zZdawn2zWOlOF6TCdh^w>W)xLZGTA#7I5_~7nb@da(|FE++ z@xSNS;U9qp$*|U-T)bx9UWIrl-4#y0fUWx+_Uv(F@Fe5-#uXjR`r5-gr+KGO^clS0 zejS_UjFoxy4gNpl*j=e`S=^jKLnq~A)BPR$pp}_J?by^o_L)5;Cy*^@^D;RwGoPm)hsncD>S3+VJGqnW>dXK%s{`8xS*$>>r5Gnp>PY3lb4_lc9 zUc1B5%#Vw;BSuLvOiA+WD96s8Fzt?6nOR=DW6?}Kb;nq5_G^4|kBYdkl;XmO2}>y^ z>zZ`J)Aw&ZaK9=&VeJINW2d@VJ+Pu!StNZG`VrOtuB+h^*@P$IRVBoPt+yx1yg zE-62R@@ugl%=E7uS|4T(soyEmTc_xMF7XKLhgK7BAU$vH=4f2tiO4?eV9(h$@=!PL z{kQHn5EqeN%z5x``c+&(2j84an>dfX{C$ACOW1NcKTur^)4$eo#_}1C`R%8rXd9hvQEMXIHx51yy^gVd!w%!fA3!d`_TlJB1 z;a|z-)tR&I19oo}kI^-Zw;NdXeG&6kaUzQQ>3y;>@!AG#6>N=dA*;R*xbJDHJ~R~j zV*&dheWtFq>U+x?*^@@LO$}kcjDz;f_3Bb*t@qC{!CG12_@d5>^I$x zSC6(P?qvnCS2}bX>qN%1T}&Hjn_j~AB)*q9ZN2z7!Q9;h9JCW3Yg{<&CBOnd)JG6c zTD_dAMPfF)m(k~9r_ami^N$%v{YySS1|4kpMvQYNNjy**`KWHGIAmls2As^t^jy9r zs|y`?o1nGs$Q!$Gc9h@Yc?_N-tLd4%yM&t&GQW=_KJK+ao<0o_qQxhQ5jU^vwarXd1ckXY{{?+C_%Y7q$0U~@RSrL5__%d1TYZV1X5LR?&X3~`>)^6& zz5NU7?}5g>(D)u`{JYG3&kxhGkQ^QbvSw;xSHWw>6+JeAOHuw!bNDBJtztNh?jPdP zxy(oB5&T`Ao7*~Dkk3zhq*7>XgIAvHXnrCyo(u^d-3t;d@?GeRbg3(Uk9`B!ra7{5 zzx&PsJ)6;JLq+`Jk%NEJ9gut_LI^#mmI2< zE^uuR;~$W$?nPD)L^B7DpbKI*Zp^biRt#>rP}}3b;Op;Xd$4vH+XEc2Jz64-(O*>s z*dAMeRdRUx>&&4|t`5q#Jz9PrwnxabJ!1KH6SRiCQ`_Sv(YXmaiK}=|FiQNPak7@d=NVP z-fRzK)z}_B87;IuUSNF5=yk}b&-Q4s;XAfRi)6q?pJ>k6o0(^R+ryjZvOSpRg|^3d z$-Qh3pFVn(GsFwhM?Tx*+r-Oc_0a&fhv$nt&-Re636JD+Q%=_$MAyVd9=aS|=h+=u zUE|sv4?`RO9Qd8>j#BK7%{R1QceM0EJM4~@w`q4gA1TF_3h9%JLs&5%yQ4tP3hj)-%~1JiE2f z?r00NJF@ioefT{FQFArO?=cCQ7up?H@XWJ2meKY??T(ARcGw*|i?s`|JN{>$J05n& zo3wi?yJG|M=@kAuj-7K7*d5o%?;*ckCwY%QcfQ?mR&^Te4eVdm^SxeqA_kr43}15gUg#5K zcl`Btk;k4nPHvuUz#*TMxkL(=N_*vVd?e}MUyjQe7 z4Xwpb{3Cy8zehy839vmz08263L$dHrZ4cA-ZQ33`|BeHPXM3m*pY4&yldSDgz>`AT z+^j)2@I0ciO8wX{z%yH9{VF9 zIk3?yhGs|j_S+wl56yS%k32s;{hiy749WKJ>7?%`FHk4>Y>%CP?$b%{%=X~i_Yyug zp3Ul;E^LqR$g{Vi?}BWPd!dVe4*brx$1rSAgj}!57W#i8&gN~j*CfOE>58?mhICEBZ^WG2j@0=pPt7VbD(TUSp zO^qd!V|Yw7b5yyLqV;jFUgg<8QEULQ);{>8t1Iz|Iq{OqsZ(`3wVN+8IR$=-&6Q%z zJzbpNgne+~e|nX^bPlJu5OYpb2K+oz%$4GBc`yAX|hguG1rO# z{?pGnG1qH})6)GUoo6c6%!#Ap{2M-b=lajM>$HjYg(g~mO?)+f8=oV-wNlRb6%!EQ zPT)hXo;0zp{3iP89P~4sL#FxP>vtcrqP!70ACf%iJrCcH9d^!4{dkG59&K+Iui%s7 zcg{OA^^Lile)9Zyig}C;J7ITS5x2?jmE2sCNv$K#7kRsSULTa0l9xAUB6)K{`_tP? zGIzW3nBG0A-o!+1qTS9C6DOru#?;O^nIt)nsk57j)Hyu6NwTwf4*Z^zp+@q}^&eyH z-AcP{j7v<2&MUgN@%vWV@}5mC32M-0KEDE6bPdm{#%0g8ucNR2T_qXi9x!`1-Y@AB zjn0>Sk4Bf!M&}`>{#9&PT=L`9Y_oUG$)wlC%-*Vrb2`a@_>g}6`h+$!}z8LJQ|J%76mOOSnwVSBLRsgqP`->Nfv&n-4uf-<=){6qNB;>2u$Pmv9|Lq`q?X?+iv=XhPqGP+d*Dw=%-J5 z_UL+S>C8O%Vm~>wC3S#zn`+_{?u52ox3)x>kFqh+OXzD^3FkiKl_oFmyusG=X?o5( z_Ihe^9T`duixQ_c6Jz$SBX@sz=>GIUCx>+zV>R>XdvbI=IU8DfcZ}q7Q%mpeL5bc| zLp4rTzpi4w8Xd3;*s1r`e|l(3y2t5XI?CS3^Id}y@~7Cl`FrOeC&veWM~GvN+<(au zJ<~awy4p?Cpc7Nx}HsYpf#Xs3u4E$0DW7e|NuM+3WIh zN3b0Hme@^~XL)TK-FmsnfVTGb>l5=wZ@D?Wd3=4Ecqi3Jh>W)Gy^^z**}!9OyFM|G z^BK+0YVm2Ci!bf;p1qSi2s|_AhVcCJ&6?NXOAPZ`_pYn%pcR8{b&reJ)?mE8AAnbD zYT&lr`bC!p1GKegI`|C}e!Ibs8U<5;MYv5CuQuoNN;<3< zoS~n%V{HzGb4380m2N$(WI$WNWp8rn#~e|ds;7JH7<5E74Ieu4`7l&`=()88J94_t z{EETd_`D1EreL_=9RT<09}e7BW7``XxRHZvB{%kl8!|R?XjK3mk3Q%2xgi*y(g1i; z&kWpFGHI`O;92XgJx0biJ22S`9a;DcxqI!sHw{R)R=56Da(ytIr+!>q=d}N`3ui!E zjcuBINW5@)$!yw+IewclS(o##jric&EY-^`ZoOT_zV1RWDYpe)S4sir7zO@ z(3frKm+F9~hpE%0T>3}usDBXKN$dObjHg_-_Tf9~?P>5qG~Rt#y-j_^Dc|0$IQYIK za1P~NtuwN@?V9To53(-luCU$q@%l)}y4kK7Wb%ZIPx{;7G1*zaw5F@}9q;|h$-y-! zp_p6q?qqkpo_4)6HvH9^WzG}OllE81Sv=XbOHG}#@$sX=;S6%ayw~2!{9TnVL+K~6 zL&}ho!{9xlgd9-({Sx1&`0gozUep_-Ub1(G=yTAn|8z-4cl3(sveZ6T4yuA>=)c)l z6l)vm9JpU&r5SM&7(`V_4S3Y z74av%PQ6mqf;dCJZ|IqG&w=`78MQUPo#MBiP&PNZc&q+XXUNb02KlIzFX%MyzsXpA zYQsKpu$B2C?`dyl-aW;;J&l=5cvt`518lvr-LZA-A;5K}1YPi+c>3h!Eotn6tQ~vc zn)>wSJL=PqUQ;hyib?gYDfgG{su&ho6m2A*I5iXZMU;2q{qYLsX_VTDib+kM8Jy{V zgU_3M`uT(}%JdJpC}Xv9C#%er3))pC-yaVl8xiQ1$ETOTS$>oktr^EJa@O>8Gqw(U zne-dL`X+Pk4d&*X*g)%fzH({3=GH4Ks^a#Fs`~zwRrPk)HSzh(msjy?Z1Dpge*7U0xr5}5(6^wuyrX;j;Ff~oD=KrMNDYs}bu(97JrO@UjoiF&uLe*D6mLC}-h zdEg>HP_cR0xXqoH^cA$n8yqmFS3fjx+cY@XYo^65_MLY4+IYp^v^MnaofePsf5n%e z-LX(+KeYWTK7Z-b*t(Cs=~vjJw(#A~_gDBvhOKtKkz;!y^galWoVHKp4yDcYqOUzp5$|C zF#3YeDRlEr#^~XD7qHKzF4%6q!Beun$L-6+rfFR21jv6gM1AcD>%X+K3Hj%@z)Q?@kR%RIN=m}BM(eK@xAL1c+O6en72Zmj;4E8nyWnj6{5ZoHp9?$WIdy1jc#LzU=uynt@cK{xvF(Jc@6_O&kV zvc`?~Z_G<$OlCbZdKGyyCkq z-KgbghiAn9h1jpGyzPK)%b?qe0=lg%pxZL&wgS5GetNG*&6b8AYc1PbK(`*~ zMjt_ROWoz-PP-twJrY2-(4BAH*2Jx{#!KEJ5r=L|L^sy_J)Ada-kUkv1kJ`kuW@|F zxHO|CV#PBq&CWnG>I-i4)9eg1n+wer7SL=l_ZVEAY1Xv4&}<IGc5495RxcU2t?Y>Ib⪚I|G{3@|hXR^v>o} z3vFib!7r-2`J$ zETcOgo^7lBh{@-ty%1}YY+FYk*TvUjC&^a-4{Azp!H(6wNj^{6JjUl8rgmf%eYrkw zimy1jys9xXhqj+4mxu5XUa#t23H<&KeCom>6|OVz-_3i1|1|JdwD#}J&WWm3ExnWB zZw)o-vCni@%Y&=h-9tPDT+xfHC;r6!&G36N{H}rDw5QIdtCQh({g#G{#qZe;ziroV zl@8B?rt>l$jdp`uF}}Cn;PQ_4L41FKx`oBsw#No;`!&XVWu?2{lHEE2UR8xNJ?u{m zzgJT?1bR&|c$e;fhFU^cn-b#<8~3Pw$wLM0&kbH#XG<-5Rzu{BQXY$2fFbOD+%Dc7B`J9svy}hq*h> zxdCmvPhtbV;In}xv+Y*=2G<7u0C$S=;O_wbe(s)xfqw|NyLCm2(Xz4Lr6uqL@!`Gz zKCGTGa9iCgkv{5uGiqwJS75hAvAZj<+l1E_;ge`;RS{^EWz zc6BwhFGiQvKX!3rydb(v3!qE;dj@W6bo81A$F3GHLnZNw`yRlyZg6btmIoT_H?7QL z9)0@Q>%Gps5aNM)Ujp_X&LU4)nPVU6-fes}c(`=A{C!qlI>fqSL8 zzkVG0;aj)S0kSWP;oe^D!q2-wxc?HnxmeqyR}I{DY~kE|4qR${bF;m~%+0i!W2O5a zAzVI=nzz>`CdeLfzczu7`#;$Dz$hX!rv3p?&XmA8lgLX8x9j z7nwt<`x|NC+@aWa;=H%(w&Yb)TbMi^woZJgt4nUVj`RoMt-SBjmmFfO4b8;uRiGI7F-)?^Q=Hy%- z{kovvOOSb)x1N)si(TA#HwgE#0Ng8wzI9t$wQ5;U^s!Hkt(QI2In=RN{z-Mi zcM!i(VLegqoqO$KK5PZ&*~|&vo#)0@JgRrMS(#NO))UjTuCb=}qK9Qi*^7s@=y^mtiIg3<$2zxH&+nvB0ZOdqc55$b+YBu0faNsx zML9?PW8T-k)H?&TXRu!?LL9^ZV|cujL&hw@Z-Q#q{CIZF;BW`mQSC z)~#C_K8J2g?uNoHe#_grSjKr-PXXp61bay z`#5;-aA9r(<~z4E$RA2dg3>X@9nj82ie%k%iO(HYKYmFyuyCu zUsfSsZ69t~>&7uiW?tu$iqS@E#Zwo>z1X%}8wPzr`w(N_C5Jd`NkwT~F{a)-AK)F` z(X?Y$M*U>xIAdh>Os&OUggLOmN*v`3$egYFXrJeQs)gn=p!o*mXQe0em2vAMTN+NV zN8lc^kspudid`*6^Y(vt>Bjp(G~W|I^P@i-xb5SNDf)KCsF4cIDxul%yL0=z&bC`N z_D%-p8dGmzy3V)Ey-nH}xta`)HRQG6J?U*0a~p)vf62pU=EL^V;m|Ge3_F%DgrgoqZo|O4}L^gfFj)mUcCCbcIet zN47QW58rlne^~j;og7SkK3|E^)8nA=B=mI5N+1u0&R=qQW9U2%I!{8DV#v}okIq-d zt(Gkf*NM*4@?~jffGjosz@-Q82hnm^04-NPJ8;|b|7I{YJR-YlD9GZ)x}idjfkzKK)cTq?jx=e$S-=?+4NEyZ;)X z|DJm5w)gHP|Jev^J=Sm!_Vi2G3%g1(=Dep1m|M3r90lgcZwl@~x4r*_-7zJunk7m6 zyea&Z-S`)Kj+G?*x;T3$X_GnsbZoT#vigYX60D&ee)XvGm-Q1niT^y=ab-NYF6T!o znKkGONqod9e8h^K>|Kp5fd4nOA(W{ITTkdNu72;v*P4<~yX%s;YOTa>B6bpAU$W|w ztPS72B$WBZOt(M$xcyu4FN80R%g5IQk5h~3X9;bZM#f*^J>?lmi?8&*k2v}i&y!u1 zapgOS40i0xpL+e_Tl^$_6yxJ6bhqrdZ}6^(A8dPnehlVTXbvB=Zs)~d9-EUexPyZ^ z=O{1XoN$VX!Myy7tVd^VF)^4rlXww0O$;W_?5!mU18c{ntT{PYAN62m?Ylwqc&p>b zk-l_d^BN7`lN}Eklf3@Vc`v#2Z__HV~k?BtMk zq@BIyp87Q7X5%yQdz$!6V&=tfgIlaTp2U~w@nNHf8@|%v0elGk+JUtg4^&%B@P6&@ zIsfLHSdxTnXL}oCLw{qxZ#U=fPW-u8FOW+2YOG+(R;i{?@5iBZ%L=c99gPHmXy!J_>mRoIinqfT;Ug^`G1K3Wnn)qvf29FLBvwf8{omftzGwtVZ|L@68GXiU%P~UcF@n|*7P5VhP1OMxio1S9Z#0! zXtKkjNf~Fvl95S{jM&)y(pmPV57pbVht)@j6J3pLyq9OiXw>M%U(&u9jebilyJGEH zz1Yiub~bCWaQjQ)9|M2p=1gD^?z^$~lOtTb!k5LBx69-8ogQBJe9!2f_K195Yt1MI zPsoeM#~`nW^Hr% zY;O}EM%NpDcTLUX_b0{g_3#^;*^A@#ukTv38ok&|`Y(pp7Xt8VJ?6@Ak#-u>e%-|@ zHYT1tlf&y=y*t;=L^C^t*Xs^moye7miCaND19Sbl06rY;a>u1zF?iPoz?+T3EYePM z!an7~+XK9PIe1Ta@b*PBYXt8p2i~>rK1K4T`w)WJ-r>k(k~<>y!kY@|{(J=6G!oLM zw6FEME*|t(43GEa@W^X-^l)%HjcFfu@o2j|p6totvD?F=hgwR)<9GqxcR6yD#DDF| zf8MyEL+-e=D+ce-0C*d}9o$Yjjkp^}{;S5ulP~4qUGKsB68Dk>?-2*yr=h!azTFJX zk6X~4HU3d@*d65aB!3?ure-kq`$_tO-u4UJzs~8VJe*d4(}j(`i{bQR>i-p^Mf;-z zx9dKL{$@@O25zk*$(^CZJpAtR@98XnJF6M{81NwnieuG$wvR=b`<&f^gNgq<2@X8V zi(_r8i6@WbXw=+dp;=1)>rgu9;HIX8ZXYR?`-gf z7TSlGnYjJhAo~BKOGm~jM*sVQ=-(0CPPH<%|4ANyfV)b3pTrK{g*{4KUF&e`mNwBE zxQM54XwY;;Jb55TgCEzq`sqM4(<~aSbmVRxawj`G1)j+&;ziv(#525acYLB=IyOko zD*xVvm%fVOIWqvy)qfYcj=*Q}=;gau2N%0| zhR3nSG;ZYiZN97j>ZkOyQJ~1{v zo;=ptklxL_Cf-`Hd5X#FK8zi7g!$4mEw1~=_DN*Qx7PoIaGdSp*a42aayWj-!*N$M zb5{4FXFE8`k0!fL@g+s)_ror{yk88@auI+stx}4!Wem5~pU027`9fR?)k8QD;gAw);`q&5Fi#@=6 zeDuBbo!qmHG|q~f`7or-Ikzak2p>QD!)a~I4Zdsnp4P=4o_%92-{H0fFMe-1wpDVw zm3eBA^~ANnQ4HtCtuD^MT#Q!#D}Yw5e>reFoi*5Fh&cjJFE;Rff@hnRi4v=In@5-J zyw`=S9OKjF?159UTK1PNzUvipR2yG$A9Ou)dkc2PbopWT64 zlbdtAIWfc42b)>{#T)$MI;+jvE1QTj+Un%_E=r%jaPg#FG5V;+WU+RwpB}iKy#c(( zIrQ;j0DqyoshbMuvyJzjgEq(cJm=DfnA&8_rO!6#({^pVT=ZG8JfA)rT>9`_XH>Q}N1t`k%p}o=v!6Wr?0`P>b24DAHQwjqNxNe7`L%nlQ>cqt*ALuIIYRA8 zE`8iszpsiu&6aB9Jn?Z)em3#mNoex|pOY?qx}eWump&cPCpJC)+@FHm!2GLrcPudlu&)0(JbI-u-l$XP<0=KSd z#ME16o~4!nw;N-$LN@FQ*80ik#q~d2xo1|q%)@ILw#N#`=khA=E0)wB&(@?nv9&8& zY--1?_GsSBdoMxnQ+)7Q8h<6RyU7(U%?|@t_Cx8o?|3v-Y;CQT z(OnYhOz&Jgt-F#l$nj1LwsKY&UYr`zqI`r?I1i`(bD|Nuh`7K}_6%%Jo~KWT99WxO zekj(p>(AA6Q%fa2Oa8Nc;Y;iE{x_wgPl8_`@-o@VsIIh4`!vte zud}z;S#%Y+>rRPf%^1RX$z|jmz60F7vuEs~fA|t-&s7>19Y7yiSHGZlX1j9KfgFv? z$_qi> z`jJP;rP;TRffl9oiyUg7tK9wmnl^f`WNny#(Gvy&MG%2XF zmfC!^CIxqx_$tY$kEVsNi!PDYXnp%+>L#t9RQG{b(JRoY8=9r~?Kas)dS@80L5F$7 zDH;BTdFJjVRgY~Zunfe%iw&$d?4x$4$%Ui-H4f*J)ajWBA5=%;uCwV5_xE=V zA|KF5@&R2+KA=JIPR>eI1Ll8_LDd9Oei_v_>kfzamx812_)Q7vtlrI?G7bD$TeN=d z3GbS!6Tjq}B zZmwnOd?=36$l(m0EmUobF=y?C{H?iwoi1K^cca`n{#XPUJzrY8dmrxHrklx)aua!i z1{vBY#$ElQJ6LPa?<>Ras`oCKbT{fGwKw}b{XEd$xnR@ehr%F5S2Oin@O!o**X=&YrI=B4y3#|puU=^t46IG)iRQ<^w!W8 z_Pr_Q&ODtpa{oDUf9WoZ`_C1Y>LG1u7)TfIGqB}!@gI7BQ+Pw_QbQ@>-lX1@6pDy8>;DF@%5^qQjM=pe&{6r2D4Tzrr!=ed-WaF znwdzQWWUK7K&xz&z3k}*S(nadzcppB6T7@+oV%yni|x&`QvYvmo^ad!P5U&jUGy^R zmR`mtkEL11PqC&5j-EBFQBBxE&C$$1_23U!#u}%!ir>IHk$%IAQyUylF5ANWZrUFN zUga*FMy>R}qhiz2V{Ajs1~+FXtaK=^xu6*~Ra*(2Zy6JH;Nc@)ho`$*z!% z!+RRn#DBLz!>x?5jeU0y`)+KQpLp$NM>DHwr@eS;F7IvUdxu4KVaw!hlV2pQya=IM zlNZ4XNl%zK-aNa+TPt_dZ-4mWytpCNTd{ZYnG8PeIgmM5pA3(54#ZgI9Eksk<;zT= zu1|Uw@a_iZ%{;@dQhg!iDN#J2_P}qcbFT%^hgX{Mj|kSNNuVt-t=`xlKo?S7(-_Uc;;KC}OWUfQeeqkgl-R2=}_k1%@(-#mJ9 z=V3Y%@%H(q_7AvxS~+ge4ZL%xI^@)!h5iqVp5ERo<>oFqx9J1>;F;NXiDnm3hw`o3 zhO+y%TwD32sG+=(+J+lD-Lro2G)ud%MO`!a%3RStHC^W5s`xZ>pH=XNR|dknn*4y; zpBBRVQ|w{`?*MIE-TJEjwl?!29rn>R2JB6f>N;a9^XZDbr+81axyqw!EEvvQP5T^e z)b=qC&H>tb>rRNd=7+UEHUvMwIQ#(PnO8&N`@$tBRL3m241K=>I{J7kKSF9HbFNAC zbkXgz!^Hh^2VMT*rf|L8jIDu8cAmMkPV~gz%De2fT{)E=PM{Mz+m>xy%bA;evXU?T z-x(gu=k|?H!{3QK-`BR3eeSZerk3GC=0;mNwcyL)`6#|eoyGq6(Z2BLv#NihI3}~c zEJ3%kpRMGKKg6Ear{nYFGgRsE`wn~qE0ED4j*J5DouVcEn04X;`f8sT+?Q~Fq;1LB zpS;+=Q}>$EizSD*f)lwz=Q=W~SP$Kq;jV*O<2%90#B1_@dLe84-D~Ui^^C6DcV={5 zsp@&+H%Z6LeTo^%J!SHG0r!9IK*z+8CHj`#qPr3H?3l@s#9W>(e{OO%?NSk36@=ZA(GPnM2t zJbCrGXLm$G7e5;bmFz!Cqt_V&+H)1_eaSZ-barMM*L+ae~apeN!AY2Z?cL$ zm=nF|%=zb9PDUmSeO7(Q#+w=%xDfNz zG@vc`P38Pze;OH&0H5fr=eFeDrE}>7>)z_sV?UJ~0*}zgozPu=6q8Gq{`UwzzPE~3 z=rrZ8(j59S@PA43!0^KQlybUh4rv`Rxt7a;hjx;u7_uauti={n{+v$<_nG{Tem8Q1 zPO;JXk;-Vx(}S&Ruj8H9psnohGVm6xl0VU*n(;sTu4liT4o{i-b7*vTX7kA@mH+zX zDWQw^H}iY}aTQRvi`!+E zbA}RTydn6m;SuZHMpG+XH1yF8-!QU)&yhAd=k$2c0FBIC9&urFxg8iB-F^OCzDIQy z>E}Y{awBuG1bhxnla9>q58o=b$6#vWhDW>4hCcJEt1v98+vJ)$|ib@vtg_Nz4C3r0o%GZK2}3gW9~2rnC2vafhP ze_vsI`FT36k+sgDL(ccmE8LL>#+JN)X1?UUaJqid|y}Sgt-HU4)T1&-RQ!eg@trv ztwFbUvljKR7Nt0=l&oq0+FJu`%yHRsvgLYNr&PDImvt$<@T;);T*d`?x%Mw`S$;cGi&F z@Vz^E=+*BJIQzTMemuI3Gjz-ED+R7bXR{_h{WIz~wcS<+PUgOWp5G(*+s15k*HaUN zt$Ad|Zu^OYL))@I99I9<*$154ls~Te-sRzN0sU0ExxEYf>7ItpV!cp*x_{P#KJQ@d z?raL37=%pyvxP0d`mlD0HN64a8^1Pdfoxv2d9UHm74T>I#jk=jNdPU`B#(W-&^a_U#9nYS9_Tw;fWiwd#kXskI_C# zxsRy-kkI>_>)iZt;M6=ZvNY0@C35bUijU{d_mG?4yO2ie?|JrtSy{S(zS@(;`IhGc zY#VkW-Bub;zl8ofW#QX{?x*>L2kj>=DUrYC-~&8^j(nYW-@w;(YDj%I_Zw3EdY^mI zR;2F{=x_ArDR3SV%2Yy=^l9kJx?VjPdn!~M@6|Ut>q>uHew_jNlGL`7`Aqy9`yFhG z=PbUtXM!!!dmMe-A0^jLWLxqif9u%`mf?HpeCrnU?Wkl=G^2VpR>(OAR6nJyu8n&P z8y6c#`)=8|8cVsY%sY+lJ6+&cg-=TNU+C)^$=osI02m}+-QX;pPR`GSH7v9!xe}lM z)-4TTp6QOd>@o*-UHwzb<2L*q*fA_`x3A{>ew~bge?vKP`j-_>9JGiv&K-bc`{U?{Q7g$=?d4_kxOJ{8vA6~R-{NP2=@k16> zj4xeejW1hNF>%-;YvPDS$q6GDJvE_x(VhvT7j2m^X3?q%V;4myj9XMOVZtJ7!lXsX zZCe_w&sKiI=DuubLRUj*eC47mqoGe!)|D)}^3c7D8l$TwrZx|{zohezKcT;?t*a&` z7qce96YUFr0PRHc)IoevPewC;_K4;n{PTFTlXKj`){J-auHH*727i9Hcd$3Np zeDB zH?UQuYs{X#8GV7iF>$n7Z?P9%O^udEH}e%j+K9vApgZ9n0&!esFo+*SeP19XPqXZhy~m{0O`kUOsCN zx?>BvV->n1iteaDcUa?xp+82TKSrWI%F!RA(H~>bA7jxUxc)S@Nx*JCZfv zG=TnS?-}{&5c;D6{SiTb_;pA3I&?=fdI7$#QT`Xd?pW-TwHod)@Q%?P3!(pxk`p&b z)=n14+CpTlt3cM~o-b=PuB?4^J7apfW3FUvoGWYN>ME`YmNjCM%$icT9ty^|`dsYD z+D7?p4tt0Jc%4Z=H?;-=HSDs!^T1d^=D!w{o!qVY|Q0WO~PmSbyS*Z1Lr z>KkDt_MaJ5mtF76;4|yJe48&q2jO-2bL6gPp3pYYR|Y-9W&01{C!NBcU`l9eGk&;? z_R)$3)xCc+ufyWu1eb>s;o-}HJS1~O(K#)@VxCRjHR8m+F6)H$LfQw3f8Ffw{PdEK zyc-!y;wLialWzXhZuk*{emdte@no?`JPB{E<5?1(DIQRHRj(q?MGrLX#$TrA-N**E z{QeYt?quw*y{YpxG&Fd z@$;$3L_vSQPn!LP{tIdLE1r2Ydjy)jc;mn{Tloi~+0E~eW_yaztT0Ya=ckgd6#Vz| zQSwzCjn;GSVdC!Z2LCC<*2CZCJ>HtK7~e9__W6Dz=H1x~xxbYXGw8LeAYNblL7RDL z;wwi+&E1TT@Jw{po;?&oM$xr)M<{+TejDyp)vx7#V@2UR=;_X?k`v$FDmlHau9`cp zifzp6r^!9_ET-G=IuGOwZu&o>06$9BN6k4$6mO z_5;AzNgHawa0fHg;`vtOdr;fwXuA&|SZ7b@#1YPz_7Oj+x$Cw45^Xy>Ld1Ywu~E+wYjRoKsY(?ReUbGx3&Q+s~+NkK)HBY*ZYk@#z51|1y2*`NWOtM|BBI{(gS@ z_~Xno=C}MJ75K1Z7s}t@=dtGMYL{Py@sy(Dd-XF=AKn}tguE5@10C^ahxeW9 zqP`>hBb}R0fyevWCY?=zi+sNR+N!-Pt$M}IrQ59fWZTiKAGi>1Z_LwEG-hlc8o~h zqvGbZ&oeR4P1cE;e#szbuH03wk~~Si!Oi%8>E}bx(fFvaVW+f`$34rBmFMxp!|R&{ zuX&sqmKeO$-tQOp<0L+k`_;_5bDMH)ghR|7yP)m!g5TSxwrBmbxwidbo!3&sbrWZ{ zUHH?XtNh@0E&5^xv|Dc_hy_akN478N48=O>K9Tr3kD8Ye-3uL8QqNi|-7%D$AN7iB z`X2WtjL&2}I)ryhr9=3Zeo3;%YA)-1&8}gsM^8L`g>~&K;tTUrx$5L=SG=~`=#$=D zQm=be57H0!t6Ne_;7>=%iO2AJ%I{u{4$(c0y!K7L_MDIDTseZi>g>66qxKA)U7-_0 z@eOyj-M(?{#n$vSZu>7DbnG9=26Swx=1%Z?_-!BKboP|6c8}VqvqtUjxGS01-*zi? zKsnP};m{?Uo9Fcs<>pE3@4D>J{;s8mdS_S(a^)I&c(hoB4Q6U9))Jf0RdV7;Y&3qy z(TCK(V%)I%67a;y%`=0)IS-Vd6F*@hLTyF;Z{R?F1uOCG#*aS_AE(YrZ9NAD`PDkZ z^xt+l{iC}kTbVuTrxtooJ8%AHc`n&&9Omf!bDLIhMzNf^=$>=KtB!v{htOXAyy9$c z8M+c%QF3=4otg7_dYJwVox|Y3oR&^DIzMb>44s*mkzr5$)aHK!2XkMrcAE3ZJ2zHC zXW7Kk38lc$*gashNR}5uU(t4;_MT4pyK3pm{5}kS zYX;^`V^+81x7GMH;xFyrlD}CUlix?44HvuoL^^y)Tzd-H2RgGi`kDJ7g?c85eGqYN z-mTyz9d7KExy&DIlDmC&hvnHMbD0zT_K@$lEd{?l8sT}$1dzk?e`Qp6Z6ZTS#MprDQquT zKI+ouLi+LM<`a|I-xQ&98N8Eyr@a{dX_E)U*m#Wd>u0QIYvKs*7^4q`#xBFZ$Z50q0SgKerz0T?6^bH5uS}7r;Xhrv$qJ}aY%cBBVF1bj6YA1R(j%~g>(&(jb?B_yxF?*LPo^uyfwpn|4 zJogy6UmPY@x)gqftjEp0S>%>A_N?Zn`3<>|y`sNEyr;SLdF=^fcPS=ux^iq4n;)&z zP825kI2R&Z2!VACt@cV&~1Lhch0@lBd@Fea}=(FQPZQH>^eJ-Z_wT^p%y8(OEO?%`k0^_t=#MqvKaa+zv|klZ&nU^*GfOhb zB_-UcD#>)uF3I%l9F%xvG0%sh`(606{)-hQIvX%+hTVT@y@`csqV1Xz?)uQCc}~V& zrvJ%*-BCq8qmrym{$a`Bk~!Q-pOcZ#_yY^M12&g@bvv(5oL)R9V``Z3yK0!FmeEhg zRO)1~UkN)k%zjCIBa_1tTTl3#zpE~5QN8VI{7aQQQ~&8@2$rQ+9RaU#m|J+*fxE zw4V%rIwr>LF(sMm_j9*!3^GJ5L4S?#lk~5#$$Ohoo$xfWV;`rsM0mQ%;XQdXJneAu zL6w55$u-XVpL>S2l;`%6aeP*^U~8CsmB}UKR$JG`hwt@m4K_6$pB`*It}|Ujr>5yy zIz1kMTk8)7#%+p6CtqLf0ew|I8{C&Yc|&~~_#(vSAcqI+a^!$Gz)sF&%@eL{`}+DsKwn3@2JY*tTj`5F4G+uV z=_c@j-{u^1b4kvBIcZcq`PZGi;FE{8q_*;IS6zJXOzDF=R5RVgFWF^0AHiH8FE~Dj z>C?o2{k~*WJUwk_i(Tf{qDN+W$IZ^&c>l7YE$Jmr|HdCSgy&_09KYiT{vI;O@jLQ&1ixeC{!5nVnK_Rg zF~`7bS4}{V-Ptk^xioo4^<25W!-Ep`3dSe5U4(q!OAnB1Dy|P2p9t>D4uhLu9BtiOf{pw>S01mF{y7P5C-2P4CwQ~*Fyn)RqhS$OR(9sllZJuZa1fXLD}kh8$1trJgaKR!u!d9F+%?k zJci(XmGd{le_vmB2K3e59^9AohWhKR+E8!z%r-Qh!#q`dV1>32ysf1)o($A4s0k z{phP*=*QzR*^&pyPi}O71l>PH_z4GWy2=VGi$^42?9k5Ov4zL|9v%h#{rbw{dZG0T z1NV3JUpac7T$5!$`FoRGbc$^*8(q&@ zcdc^TXYt*FuiLfPeh>uT_JQGR^yBO6?@&O0p}!99FRKSfTK9erJ*c}cqG@s-vR8g( zi(UR9BYWDPX7!-xOnpQTk1q#|+xSrMxEf=G9}i!De-+T*(Z3qFKfBi9)91yfT{pHw zxFh1>W0N0F`f;0n+i|0CGIvRhKIDJ93tYQCWb}wRBi}FSW}@ z*V{3N28YXu#pr-O*c>K?!kdeG$OYoc=DPymY5((Jc*N5$`| zkNAAJXTFSKFHBJ@F^oS1oR&B^jTT=I6v4?FlEvwlmBsZz=ud-T5KbTQx)&9Ec{R9#(UV?=bHW9CxXWl z{L}sL`}+G@K!2^x1NVo{Gjr(>=kfMI@Ij8u{)4f8G#9Z(t(&<2vdk~f$&0fzyEp*H)@1|Z z*y^X5ufMYu+4-G6KW+`~uNz!bug8pCW>a^Jc(Kf%RgqJwhx$3;E3>(gy2)jmr2p>I zJjah>J#~3}HMFRVPL2PR=e^hp>2h=v`}|(^_r~T?o>}(0Pu~=pv3;mDs(Uu;Dm-!Pcr+RKrz@^l=WAK|^V~ihP6+?)1^91MyTjmLK7~1PcS|Shj&e(+%NGz! z4L`>$Fgd5wPnKlt!_0{ze0S+@&blMk^SNUE zkyNfI-P;?2`^(}_uI%&+e2xM4bKr1n4&Rau5LZIqFv;1qdRdl69}mE(y=q{b zx*zk+M_+%p2lQ828QfoXjsUB@*}=cL0RJ_@e>3>+xVpvO@v*Fo82sNrJ`N)%J;;Rc zZyamzKP3DQe(ZewlVh^@zdHcl_Hn`RYRpIc`1|@B8_-|n*x>%M_yeoG&cVN?0RPFt ze;xQYy_cpHziD0n|9E@<_$aG0|N9<>9}@y1 zAOZr07;Ol2OD(35A|)|eKvdMAsHl*p7HW1&Ep26*T8L>2F5NGV*wRWX#ORX1y40nu zrtU7XdA8EpU5d1|D{aXnTJA}@rIdEfR58!{bM7B=&oFn4`+Q%|AM=`D_qopX`&{Ro z>s;sOy2EV^|2Msl*!+{eul>3FnP(p_O!4V@Dg=+_k>Pl#zl(x&1>hw@;1$OPfT!4| zl6BHRUF$CcNB!8x9N)5ovoCfp{^J3woVstmUMSw7&W;)5zn;U3N5qRd@nSZ-SZDTD z%o_Gi;{N^kTdm#fnphDlv+g@g%&&Sl86FX9xnugBAv85c2A~PtkM0lnkQXxW7Kgx# z^gH|L`S$Np`>V`({QfuCM_{k7fOxx7_|nh1tJ$wa{@Bc3!?P6*KW@(9#|`?vf*5$t z`x%En?NFliGvtc>`XzfDirXJe#S**@AqAQHK-xD5qF(Qv7BM zRxz?KDA;Q6im>*M4{vdFdKu?n>|@Rvm10*@Q`?(6@Vhu%)O z{i&=qlhiKy+*eyMBVr+AXRqLd?4Zb5Gs*UE(|uXDOmqC(;hgjEwLRgo5sj0Avfh+| zw=D!-@?$@}7mSzA$#h@pE5bDv>WT(PNd$DPGK zjrWG&RMj1hlW08gj{!Rlz`HdB-l5KLcs`Bjls(&_acvHb9}|tUp|S1*__j~S4>LE> zT`XSP?)vM}-Tgz-{ZaOprC-TQ6Y~8>B!2v>WS!-LWs9+Zd&v*1DXoVZ=RKC_0l>$+pF-))#h$#&tGW$*52y+3uI`{AmE2m z+lX=ay>J9~;yh5elbUo}dzv&(aSmlf)Oj!D{Y>PamXNZjR+F1uS@qzR{bQo+SI2sF?+9&{kECy%ne+W>LnK{*U$r+z(rx^&b1OOv zEM9bNt}?#$n|sMo06+C-VBK%-#y0-diNjO8aVema6ZHD z|Hf~r26!?Co~+OKP_6me>s_9Jvv}g~qw%}%N2yC}kB>2zVoorT_t`hb<`Jpu@@vpLvru7>4%=}IFH2b>9@AioyCXV>hdD;GU6W{F< zSGC)7uD~ySCLZISJ?-6b=d{UN@7(&81@;N_amwg)=hh!C=-kftDc2LDj^>3gJ3d6Q z<$crLTB7#xtJrV1?t8(_uQ%UETlZOR?!NiXKFw;kR;u~V{`Cu-+1Wt9zP?W{_4R#D zn123qxPD4DtxpGhTL4~B2)tx_IJ}49XOg@rdjztrV;yb#52p2eb{XG|ZfoIcF{ z;tL;0bk5%Fz^^-xdf>&0YyU*MZpPQqR(U+wZe^g|Chl%q>bBcSJL6BUNR*tWZPVxD zt&ICE!L}=cZ9fS9ZrkHt+YcrvSVP-}IC-4q|3O>nNeZ5%mO*RrRTTxCXZc%lJN$dE z_6%vSq*mx(cy?h>C!yKi;ppUv(b+nAobUDybh4&`Jd(H{1ElKkAtg6Z%kGAB&v?d% ziBaB>$HeONOnk-+{KePl!`GqJm-{;O#FYF#vuba+%q5G7K^+Rf`#&M@4($nt=i4K4 zv$s36@6Mt9TcUlt?D0d`Nr0@I6R+5^vmAn(6}at#yZisO*GDj#)b@yE1_}M4d%SfrCBs)^1Y#M z;W&xLr?P0wz?&KZukoAV@G>-F2U{H)-BinOT`{*jpcTvaFoLdI3w<~kza2p+-Q7=0y_W!lMZ@j9#bNm9< z5+CsQu}!`RaDMe+YtgUxg{K)uM?WbH#qdQ<W z?}Ky);7tpG*BlRrXG3>^=InDA?{eqt{HOjjXOD81kH@2P=Irisi`|&=b?Ur~VSF@m z_5h3%{4RK$aY)2!Rh#eP#4YzT{%*Arv9lZFTNuBeqFrhZKBa_la5gvv=k2qR(J_xF6am!aG1 z7m~{XZh>5f)GYd(!~9kA_VrFbr)3KZoq78_Xz=xN_X1zu-<$0F!Jh_m1)BdlTt4F0 z%%Hpj@R~#572g{U&!-(+?WGRw2XbiNFWQ%0)t*{vC1#w3e%>V?fBr7|=R5QFoxyR< zTIkdI`4HTy?g__Dw4P%A;`1&5@8cox4t+Eno=>Z*U-lx0-urXtT`zhUL2qxwp_g~j z+v@H!dT_eO+?ehziln<|Mbp}+Y?y-1R5M>-O&Yz-tVg5Y#k=8|yCyj|1oz~f;kb(z z|KRZ=2VO}CyxKd$;dwL&@3}ej&k_CAl6TaVchr%$yOz;iM2zpQb@k82wv7Eo6N2?^ z>HR+EdGVma(|zG=W%AMfXHtIMKeRj?XYrsu$b$g9t`K-tH;2RXXz=j0=Q{duW@NVQ zpW-|7fc8}3Foz$!OCM}6H)!3BX?r|=W1`2~34%Dp`V$Kvb5aTLw(3(_2b z_f!bH=4->@J^coA^NHB&Z2ak%j6XH&8e?34icHPA2EIBqo;eA>XRT|DaMv~Fxa%5o z-*H{z;jDFy`R=+#Va~b+{h6_+pY;)~Yee&`YZN-`5p~?FVa6(NUE@ttTO@m3Bbr&) zxccvM)-~RA?t%O;zngW9{z`lpJbAZt|9v<9+tbV@vzo4w#Z(#I{Kuw4drnDDmW&&|Jf(GvmX1pE=M;POE*te;j4zb zzG}G9&8&5f)FIBHY*}FMM?ZVdPj{|Ayr8pz@4b9~^L%pk@crG?9uBT^bXS>mj!ti# zL*H5FnC`7}=sW8iyS;S|eP^9xI`>OA1Z_T$Uznbl-{y%WPOse%ngSZ82=TCCG1|lH^G-T;Y;CICx>Vg_1sRO6Ye_4VfqwK z$zINDow9u&y+pL`@MxU~tt&FLo`BYMH=A{ksadpU@`!$aVSZn6$i0&=jMlm=S~Kuo4S`oR zcCfUrU`@-RwKtZn*C+YTUV)?6#gm}*whXPup>;pBvL2H3)mjs@MJ6UX*W*WC zw4C*j{Z;Khy0U)=Ir-;Jb9h-_zdg@a@|5p#|m zSUad?>f7k*Om57_LufqY)?NtHkK^2Zm=E5~A@Eka^%2VWKMdwWabl5PVydOlwDv-b zpC|V;c@X~#&#cv~Aw7>Tb#o-<0!w^KK2JR<>6+;k~>6pV}8qC->v~_Thi`SEsvL zrYCwP4o#<~@KVmhfoR%(mS>)=PA{8mJ^I_>%#YRgk!lmSaJJdsJ69iejk6d2LCz`J z`))G%U8+O&3U;S>#=# z?K58Gduol#zoYQ)=pFFTJ)g9)2A^ReyQpH%)7|8^TodG>mB|5mGDGusf@=tkJ>fKq z-pN582H-s$0xx0@49~7}^z2)lNwN>z6pzKM^5w#rzP`_y+AM#tBEzTYIedCFhffdd z`wE9oR^ya-tZ}8kj@A_%J62Ei{pqR@8j{I@Y4{m)ij1CS;4KY-S9>BHo^Mz1!mi2C z``U?YySgohUM^F4G*#p3#pP4uvCHp_$J{yuc0G2r47)mbQH6=s-MTTXWt&)idhokq zb@nX%TxVm~nLMToLufkm%W#?`%dJ5k1@fYXgutu%ML4`-*Y=X+@IOA$dh{*6d;7-S z+7FgZ78eFFEH(e899AEM^3*Vo^8K9d`~TOmI1YYfr!{KGoE?&*g&^|wh_We1u?-T9wUD}h- zo}@j#OKS+iGc{#7=Th)rMa$FnPAi>S8BN=(c&&GQ#6roa10TWqkU9IO{59$4^i00b zCqrmD)DcdT`tE)zV8a1;cZ9&JIus7iw_$L#OEdgA^P6lNUX#P0I`OB}S2wThX62=!|?o z<7LJN)O-ACTy-vgreEsw=fwCB`+6pv9`R>+kUs%nV_g1RKAkaOb^M&1>aEO|ORCy?cXF@a4(1pK;8}e%{kwJ1bnkk-SMy$- z?uLJL3}BaZ0BH@ID;^ujm4Q z^<#>a!8w{W!`G>6!|>Y`j-Ti~7^F7@#k)B1OND49CKA`($-{>dngb)V?Vd z>;si6*Uo;EwQ=`%b7w`tk1x`D?16$Q_9+L4X69qMDB4jp|XAUdVDEuwph-6YTs1inEx+ImX8@XNuI;U@Ey!$IN-tE7}jRzX*;)};x<-5=i;pfD~v&}PW z>%5rwWAWCDtn!}VGl$-9p4qg{eWv)HcJoBj6*XeuWTgt5RTE)j( zKU$$WM)2C@H}&MVUQ(g@s55e8@I!txHdv(R%j)fyTpOHiE&sgRpQ*`&&oZ@`wrLN@ za%#!%np$D+h&r{H)|?kl?x=QXj9ihZE^~1|^zpcTxmErsu=dfHnTzY(_lr(HwUyTL zp@DO=_7QZaBcpF$`Bk>>`%5%i-~Na1sSes`ZMwFEn4~UL-?q}fuOHJhHO~%>^?g^? zIosk-hUij$0rw}9Nv9g3##h)Y$VYtO$2-d&7`an*_K6j~=byVbWBXtEcGwU?N9{e~bcip1;I2BK z&o5-)tqFmb{OG{&c6|n)yMnd0mCOfK@22KlANO@VQ-e>$uZ@+S1=qW8`WWX#GyFV# zJX@#k$>C?M__@pFXXG-*(|i2-1*wzpawEKyj}|UV!37@;A2YRg#K+aMeLj|j&|SQ8 zV7ea<@-YB!LI}L(+XjYry?C?~9x-kl);e*JNB9_fTZTuiIXs%0!=p*!(KeSyN8!=Y zd;GO?d&;e8&W@(-MMKm77>qxxOy28j=jXS%#+wJG;r1X;0`Pts0xxo7IJ_+S@t@3H z{FrNP4*kCxlI?eX$@kP&m;UDW#AD4L&(OaN`Zq)WvZ3iu2I=4Z0beJc48gbY+Hibj zTa$zI2jD#%0xz<7V0eeuJMqjG;+Rp2W8^PhqJ}MTOj$54+MFF1sa~D%xon7IOWy}h zYBTZ6D#nD|m}DU~k`t5cRlf_-MeOx5c$Auhea}^{bY(m>-_qT3<(0xmeqCe8v8jpF zy7S0cwbF{oY}M^+x|Owc&S~soOk!N~>-H5*bL#dT85{38a#Or#mDS#}{XFd08Mm<8 zdjGzVmB?_`v_${T^Wv!;4t$+az~4}7&%G~X6`xnQ_l58|=GE=vH}S!X6U=>o;E#Xu z_2?I`X8W3JbM)vV(xV#Si_ZH>$J4y+TKxc|}j-vM}UjLC1a$twniH(RnUb!5GlnBR{97CAaq%>LH3Zv1np z^yo$Su}}3r3--EkZSM@XMz(bBeCn)-=l(ubb%x)c&*As)BiVM_qwm!YzpdgK?D=Kt zaOjMVPxtOjE_Qne-Nk=3Fx~G9@-YDKsStS0GY5wE>rca*Mc@u!3YZI-`#<);hl%I{ z{F=#`qtp~W7f~PvFbxwwb;iwEY* z&w_i60eDM8;MEp|!?Rh_ENZsm-hP_d2ec{@og)-0IcHhB3a#`Nz&13DfLDc;>G$iq zOMh#3^r(37ZPjMLu4B!gh{rfvuQ`6!n8WY(hzw6(`mbzXu`q|H^TpECZo$@<5= z@h!~PE(NaVgHqtXx9LV|vES6!^E_kFLG~n{ujZY6j0yPH$(FefPJ4r&_3&%F*VLh$ zFB_zNb5r!Fw`Td5^YYt#)r4>!iVy2tnFL{-41tv#7Y-|nU*L(&`@VH!4!_Q*zIs3h zPw_n!b@_GqEaGBnT)?l(pi_MEc&3_6`?!;CZ}hglS<|fa%wqVIKnLK_Z*pM1%6I8V zteLyE+%sv0XB`orXHSRF*<2V-r|`bS<5>XKVT;w1+#j&&xfv0wU3KS!{V^`~HnZm{I}6rS$A;4{?ZS7y zL)$~{7!z!3+Ej=4r?skl{q6Vq8=$S1qhKN9V4wX>y0>Fk+ga|<(48IK@GnTG&sXsj z-=CZaPq_2o{@blb#Y3O3`aFg)mRh{>6UvL!-JQG95AMq8i*e>v<3Yse*txv)@cZTH zp^rK>|F3BSH*?QkKHeX4@4s^D_h+6J|LfsLzBa{Y9sSB})6X4iXB$Rvrye}O_v)_0 zfp}19aWD0lO}t)MpgUe{_@?^@HTGGY6>4tMeT0v@_YoHLJp!-Hov!Faw`$CTV+H<1 z{INOfJHx^U4CNJb?rdqzIiv6KCIN5GHZ0;UH|PFA&WD3{A$W7IBJ$Clvca~#>=>uL zI~8@;&2A&RI|H)2le^od@w#inVq`ZR*|kMia&H^(npT>7FHc&4~}@lb1SiEIb^)BR_N2ixUSJcRxdj!&dc^n%W zB#el=r+u~|8^%9;ikJc(i{FB|{`>tq@X^Z2O&`PuaPLl^?iY|A&tR`uc$hw;zj5%^ z-7q0|*ZQ`Y-RDm{yaxfplj{^C*9@F~eDc|b;caKpfALs%3Fnn-j!hoT*rZdJ+|Wua zp?jBxTUT5Sea2?%t+-uZY4R$S=Yu^U=ewWV%N-_~<3t(@_UcZ&Gk0L)9e2&cAC?=L z!bjaZia#`W3k7kKKP-07Kc8**NEK@#G!aR{6d()3&WC=Z+-wQR|BAN&Pfd zH7sHC{YAbT*vK>%3CFF~l&BZMv zrwn}2{6F8$l2d4VPfi~(a>~HyZ<4PZ%{UkJeWmW2?c!b`-8&S-!}pu`x-NWOat^+2 zj{F?@U&3eB4)k6AQ120b*WH(|UW6Q)?#TF6KDTmrFn0wR`RSgbF6<|X&y+uEiQduo zZ^(|jp3Qk6e5c7*aeUBm*9YAh>VpoA@qFj?jFlPRxes0q7DlswPiO`PzP;TW5Acho zHi=!rUNSykYbUd?vodJb_%MobebfV^cGgEmZS5U_uc4-e>_Gk?#eIIdcgWx}h_Rr` z%{@KakikWKy5FN`5HK=6C<8;dJN6Au%vE*HP<4a4usLsR`1eidm*~qgHYmoKKpRu* z4nLv$*oD_~v~l?SZpMoYUV>5S(e^IJi*1GSK^Zt%_v|!r$4+!w!n+5vle1^Z63(A3 z8`Az-&5-ujR}5+YEoUUN_5EV!j^MeGbQfoEwZ661yKCo-f{HEPJ;84lRJ`6_P?6-E zGrD@(*7?t;*&n@;{ZYGyIYERW%)t)Tj ztSINidia0U%#wdzA{7MWTn>@kfTnOZec zxpU4Q)1qPV=v(%fx~*M{E3|B7YBH2_{7;Y!{fq9iTA4Ai0k65_gm%6V|?5_IeKl4 z9K~bKkQo>|Jic%@^odaws+Xl_?ak1zOEeTEZWOP(m&F%9Xq8_$bP%vPA7)@b8-zW& z!anHnXGA=C5ZKgAA1D4C;0)>`R{7UF*e-uOoTW_wsn_&#m%ja-KgNc;3jIvxKIf zx|xZ8UPHU;TjGcR%PN04r=1;WXP$p)QeutpT60}I_ByrrM=<8OdKG+jhT6F~3B*4Y zKhR!;^kP}Y7kYk5e3dU;D}8KwZ^FA@WFxuIb`58OPFm$x(NC5?bldp+IzA~;CA`*M z7bhpAyv}<*po=ryHoh*-3CQ^1*b3dzwivwaH;^%FQFg~)CDs%Jle@vToU+O{4F=}Y z0L+c!D(spej_+Dkz@6~GY`tV@xw)t@*xG;JZsJEZ~o*&8|QfJUFcUyq`bs?K0veA#@DZw z0L=@zCt;tfU(Z4_`wDhPdE$tC!kIhbTS_D4m4ku#d;n%YFgtWtAUa!A$hxZZ>w}3= z%#C&b+S>O=$~O-N=CJ_GgBMn)Uh@{g+z8C$z^tB|_@ZKy11sb9ha%<2J(#X+Ji2{b zEaBd;kMn#9_oH1MDKDjte3*V64$7u`o-dnCl1&mexbViCHt;UPmn^}T#EL5`T5BTZyWRG_pURPKYu%8e-vDN7bj60&6_N5o zInT$q%TWHwqp!6ka`da_`8zgjSs5wsbf2%Bow+M}@#@GGV+%Fcy*_SNkLGoK{IGYn z5x&`+<-{+hKcjs+zNbnrOiVw0W=*I6kFO&;NFyjd)^GUS_A@tQjbSl+-l{vEBCfT!k4&VN4U3Z#>7418{jT9`nfAL^5J#Xt{(kq1 zBc1*3XA9#!&n}JkoQm-5u(-xG#k|NOv)|oYMLyriME|;B@l?G7{{-_cokh2MBhEc_ zr}%s_;@nfmXMew&-^@LA{m57Q+}-fJ8(iJrym#k{iltSBGkcFj+VAClzuuRI#d~%ZRs`j- z+nw|FyacaXCMNoi7si+HY|pX6cxvCo3iYqEe)fy}|B}o1BYb|*l?$I^cOl!mCe=tj z`rYJ3oPz&aTdY>DzzyaOI&%&V+4S(=V(=BNBdbQvw9%#5U6qeWR$uUBRXQmnt2OTD z5Lq4a?nB69-|IYCy$g6%^Fw5H99f-kWHkdD(fyXGI%L&>ta_2v@qnzzK{Ph9IY(B@ zM#)Cndlru1wWz&kKQ=Nk+8&gNpA)hVK6fLNH<87g!`cPk*vKA!-{;!Mem?JUWx;17 z1HS8QrhUSd!2x7&06c^KRR4j8cwXf3oVp&BftGd0Ovu# z^6x~*fu(t`T?5WF%ltbRlhi*EU+nR>RcMdP?zlMdk5e^PLzjEUuNi+t#{`#-$>DU= zz9&Dw)W>&&bPNJkU7VxNLuxGd$vK>cGh;#A?zXj zcb-g2rvz-*{T!l8$)fx?h@MT*OlZbV~o@M~z-lpKOx!swQ(kn&I8a z0PjktI&uk-MdSGVyi;G(JXyR8coFY@gj_oTM|(RoZFgw$$AvLhV<%Uq@rl?u`n4bZ zI*`$?KmR3Q^9x*CsS3B1$mno-Qab`RKL}XYR3jnRtI(Jc2}qF3fHOHzvS;dz1j!K6ebc$ED#DSu|vw6R!GG{(eP6Nsxv?z)GIZ4@3!uFP)yzu{G}JjE-f|bLhYG;~;uYecc;F1`n^Q zH$ObB+uBXg)CAvyvDEt8%>3>@JlyvL`Z_ro zBjTx-9QejhE#mj3uAf@Q=S8lc;g@tYa{_T!7p{0^RXgKKbpr~lmf-8zr&Yl<^E zv&a1$qBF(6%Fie9{i7b=-vzwp|H==~-U;7#!S~?!z`DBK#Q3n3@nL6x?+0DJk6?W% zIImuIzB4{-D`@Z8wxqphHhiBrv^{U!F$r;H$=mn(@5AGpOhK&z&=j^LVbf^=q!r`DVD!Y5r+`{)peh;kQ3$7zC`U z|I81|-U_d`!RxVsv6%e^J6f7ZZHJz%0bU<>d0mvl>!PvZb-Jf_C@=ifW-HxOs`cYM zYZy)RS67$y~x4+b`ST` z%QCpHaX*LPUhCbFkjI~2=i&Y?;3dBwf_pc(mrUTrK2*>~=Q_C0^l(2Jz`gW64jm!5 zHy+5}m-s%-!~I>ri#(Gbp7ze{CU9@M#l$zt`A~{ z#GNkwTJt?QFfGMT=kHsz^gQb6|KQ;@d-ovZ$W=JnXQ1VbQ;X1#JJ&!*{Wa;HSwqN) z9Kt*M0<(2C!kH`o8+BAo>?{A7a{cFj58yxlKAfKKLyzx22LY?<$^5XiM`_QwkQcQe ziP@BsWY%1c-ByABGk1;45At8dBSHL6yZHZk0Q`67?^E*lN)Z1+z^ZyYKP>Hi+S|c@ zyHgj@Uo+b7*u*_SoX@&AM-Bzoxw7KQ$jGeSct_ zef}C}&Rd-`&X$gIV#)i7CGRJeJjvO(i3M@#*ExFy-IeY3oN`aynOL%c@l>(ooQb?vWXCo7&y6L2^*;f-9P9FXLO8#Z59Q~P z`2ExE0lORotj5jxVcBcocRlR&n}{LT1o(Z-<@d@QexEY@Ztr=vkk?Y; zcKCfTB!=vOm*XcV`nMB9E*j2Sf*aQyq}AD+&6bM7)bmLy-m zZke4(bwk&R0MAdkJYS!~^Mm7^Sh9aux~HG9poUnoAtaVuMt{-wC;G=vil?H((}Hhw zd?~*#b7RRGJ}-4+Nj{rclJAD+EBUTivSt#m+p_gr|GBZ`r5?{U?v%UwU6G~V4DX+pl0Nw|jx~IP1p7IeBL%#9nfK67pIA0TvbJgGE z??*WIa?hhbRt^GI(!2X0cibnJ0~_IWd-nds90%tg2XVgM#rdXioSWB#?UiuNoZ*R-d>0K8%I=ymux@YA_(me~&=^Y_D zJ)i!%Kal8enjBB9LZ^Xmbb2no&v$itA)n{EI?ZRJ(|k8Ny@>D9=?-w~0MFq3NdLJy zz0Tux>FkUjS>t}r#JX8}UF_YJki#SC$VcI~@gwg7Ui0nw<)?fbd(K6?$XOw#^5et% zKf)La|8@>xeSr9I=T*FC;=>PlG|5iybM@!51L)5!`TG|=?+fbBAYfJ15cL7X3Oac&I9IYMr*&ei0ufp$@ z&R7}yP%g&vuALspvC};hocL-F@zoyUD{2JvyfQMLH@>Q2EI%+I(SKrOJaycGZ|rm# zzt_0qz3LDwbH{r=`|%aOnfPiB_Gsd(Dd;+RPr*5<{&VB2F9rFXaQXeUaDFF0oS#S1 zkqtq94+2)>mHAuI=MpqzoPY{ z+5A7p<@a1Z&vxa(=d2tIem6N7CGcHw*mh*Ho%}ZZkLKED9iIOdBa?hN7*m2W`nD^h z=5QGux;#H$C8IGx84UtfE%l!A`2>3mHZk6jQD&bF8MPpzL|FdUKX6!oYehwMCs@{{IN8G}H-?qBk7e;4qQ)ZfdiFHPXy0qz|+ zxEDFNf7HXhv^<0R8uxPu?u{4a?@PGf;^F=-;6=Q95^}~8DS$}F~OYhuDOdia~(bE-FG`w_ocGWw!7(NlN-6a>DZOZ<9Uxu@9w6by1ySa zzq|R8S+P--cSk}FUZQh~OXpzVM7+BZa^RSGVANULwuBe7DVDRNR@&S@Oh4_HDmU~( zcyO!E9h>vF4qZQU@&9=^{-eX?)Vs~GkKIl03@75=Rg)W^n7r5MWN^EEgW@2a{}N5D zO}F;VAf|ZfkB&|6ZhFPV^_QWzCf#$fxqXP&FZj5=GaRqpKrWotXy%+@Hm`n-ic^R-F#8EPLsHQ;Y2+o$0Bi(*IXG^0z!(DTW zscE6wEvk#KC8xeXl5?8!ue57F+mJakD>#!3&F8kM@@gdIw8;yf{8IxzdMwBVU zTA%98=HtJ|%Lu%5YHMU_NT@agIGtWg4cY?QtG>R@r8e`s&UCkNuN-n`C#;(nSoY->f_}L00pO{)>&~8DzUQYJE?6e`+Uv z5uaL-t8i(K-qp92=f!LNpQK&V?ZfM{p6~hS&D5#L@JDq@Z1neaXf*w~c;68M!_%Mp z-iqeb9~pl1t#uc+oo$#%4U%Drw(iK$6tqygE8SV@@T99GmuD9{XN{TrCg)mdQ%hym zrUj}$Cq5-RhH%gOrUlGt*mt+m)r;NQDWy*B6gxU(uhx~i7t+Tp)mj-st(C7|srEyM zRi;miFSCF>o0=>Um#4Hf&sOW%9p>2~JgYPNzqmnub>)T__px0m{hrMk@L84VUU-tK zhL%OtXo^|ixwi4ciAwNW&E5?2sr0?r_`#;h)H|4jzn+YoZr^|n89jatzEY3O)It+Y z(`m#1eNHWryU+2zhsHVn@odA2wzt;ZN*$EpPVEfvevZ2bO-(i64F*>2`T1dq#?~fk z5j0Wv1$!%!O;LX!B|U4p!;ClF-D=jMQ}A+Tq%z%uzU!R7)`&Z)u`-u7K3(KcJ9K&V z3C^V};@(Y_kFE!UbPWPlvtJt^n@2V_(SuFs9DX6S2(EjeaAz5{2&jj>b7W-X)}9fT z!T&*bys~-D_+4n~BGyq&4Rg0Py#9;wUxB3>LaHBC0K6d&6zu%jn~XvH-&Mlz@aCV< z8B@!GXAefHdEweA(J~lg+@pEXR^BkXcao=>+HyXcb!HgI>j4gGJ$1bTw(>Vn@#WrMr z*kM9GUxZ7I~$EAc1Nf5wKPpJ{)M_5jEPhGT98dM zK2+n=K~wAJZtS(FPxaO{Hnm0XX8bGYEg5MoU#Z`stNLQxr=;;v0UDT&>Y74d2hw*$b&+88O-O-hOU%eZd&5@tE!}O{C=xd*;pG2)B z`j|VEHX0lC{3f24|55+qy9@V&ik8Y8t{r1;R(VZ_I(776piGd4FC925iic*-Wx5#f0VJZ00=7TH@C zseHun3q2D)Hu%SA`$yV#p+AasMaM7Jz0EvwW#9XSAG#>~{)=b+Z|iywV@sH>zx0=L zb^V9@=IQ$GLF)Q91Sd?_8SBnA6kxa59=4{sP~GR)Z&9D-5#7kpvt!kAQm$c=TAn`v z5BaIXi~)-0y5YTvRp6WI;K3g8I z&2KsJUa)O{hxj;>`daW2K2d*%bF@}_(Epg&dXd#`;tg!88+&{L-_n9#p`K44w((u* zv0kzXLw|(zxB=*|a@VoWHe5@6EQj_#h>z8k?Xrb7;KIgnBk?P-%O84dNWAiqhold> z_Ya*&BJ*Z^+Be^ZZvDpGN40|rBGy=QXT<{UtUw=P_e4&2vOc_+wX77ie0t#Te;!1OW#n$-K&&48zW_(QXtnRV+4Y-)tGm3AS-1q$-Lz{9M)psfTzV00!Fi6doLTt$RLcWf$?Z`*B^3eN&l^{V-J@#4h$nR&&kHa4#GGzFbvN> z%}vWcWy49bFVkE%ZNvRSThaRRT>j#j5^ziXJWs^=ks5zT_EOEBGrYZl%I#w!63w)VA4OuL|NTyUg*4S^Y)ad2_IhX!y3@UzRVnV0jM#{YcvGlPB0Ry?^L>dT$Ko?G`b*!KS` z-cRJg`^f(S@9qCT<6X&^pUdyR;kS3o?|X9a&Z<+^QFJubeI9$=#C9Ew!7p0ru9tH4 z#$78ohEBc0bFVo5PiH(2Th{j!!*hp=_M{(S{p7n^Co=0-FJg};u}A*Xc^Gpi?s511 zg!|qNypz0+(|!VX2{4wX4)DF3@2uh2&syo&Q0ivzIrTiB(W3(9kjioE(U?dd+J{T- zBYvtLnTWadZI?jv44z5u=Xaj54-m^f%c~dIr=YR7GTnWO-@8XA9v{m-PTit-%#Fn~ zZ|Hj7X{WxE;8gTC^ue>8C54I3J>cQ?Gn;{+U>B(N6iyq(J@?xHeydv{u{ z9c9h^7`Pd{;C&LjFBzvCYzGI`#nax5f1ah5S|Ru_lOuf4x%b&_8k6XJ(>Xid+0T4% zr?a+a`UlPo^}owmtLW@-*KxK+(w!a5DPQ9Gt(*nh$+@sO)$Or+totI&2NZ{@{dw#o zce=doe2F<{6uOV858CXbP09I*|M(90R^L=%Q^pSBX)ZiBB);}V_Qt#l{98GN@_rW>ZYx=#OHJCKj+^X{ljH*xP>-KVA`4ih)O zh8%u9x_`&?A=U>K@0oQop5O5;@a5g$+61o0U0k1!q_4h^`s!!U+c%K=s;knft??Lm zst%^)tad|J!mAc!*l(r#sXf&{f>$B0F}$d^W}o4|CfdKj`(`UWg1&9ea4IjCyZ^Ww zhIPY<*7pwbJNIF*cg}zJJG$Dz{8j7y%Hw4|NzKcMlTXrwF7n&Rk?1z}@#X!69^ckgrvDTAjE{hhuJtb8*1LTB#*{=W z^<>1iZSZXq^ES;(k3#pac!}oJ{;Q;$`?SWVxgB*T=jt9dBNzJneh~gD7yc?2{!gbQ z7Q6882mb2e*4zrW?fyI9X&t;^?N9ow&&IYV!p|wZ4j_vf_(#rFYK4_9ur|G1#$5)= z18rmetogAgpTGMpuxeNbir@p52A*BUXIF1Emln=lD_Q#m)#m!QG1bl zEP1CtWXv6e>4UV<8oFt>%xQPoU%$PhJ(o9&9Nw&T*9pA7J|`L%1!&~6p|KSBvv`Td z`OsKOp9=$cSD#Dca?v>7rEyN+*|~XWtafl6EgI+0=R#hy>2D4+vcGH3p+EFj_5S`N zNaI|m-S6sIXF&EnCE#AftJLDm1h2WYna?@Vg}hhunybBH_5fx>zxDu-?;Oc;BmFh- zD&hAcEB)W%R|nsLSyUW}Bd2r^XH2-aF+Fk^_!n4dtJX@y#yEOSt?BO+PiM{RfAF2O zixpSt{u2|Ux$94U%%c92?!Hw&wfVI#^VYh5YkeWQ>KBsR&0Czkz+k+fHeRgp_wSe`wyOIXdf0?Zxa#O{FfZ)*w4eE=*|MEOwql!!y8Dd##^! zy+m8`iK5uTP}-o&H($p4a9*Fgh4mitk+k=>mN->&_jlq|3|?tnAxWRRqeG9fcj))q zH3Ivm?_`vIM-X4Kmag@OzY{)%;4{YA18a?5JkR6zSNPB4^V)IN72gI2H#gMmTgD2k z`*yo^pIN_me&bH+7u-38`K>B)pK8kE!|rQy=L!C^*GKNNa(}xka^DNNzkMxo-}K;b z%^8?Wf_=5Qzk^pB_O1Dq-&ZN~t>KB-ct_52;axtRtomR4iW2<+OPaM&NF)~)bNl8fcRJ1+!Iv3C!A9vr{q;uM7Q)}Qm!ntVM! zKKc04_*(vF#p5;fnXgTPi2jK8f$GM5^d2TM|FQ)C*zRDtDwzmtue{i znPkj798-O`sP>g#HvYIJTA_P2XJD7DXU5HwK6NsNCF>nq(O9cGYwH)X#@4h#`$y#( z<25$uJNrt!$Uh-I)O`wVi%#g%xdPo^ zVa7hjC9MGzQ|l)}j*v44HEZqP$y!gi#9L3e3qN-!YjY!)~+p5P4zR->E$ zb++MLSfc%jrkcKoAMf8`?t^5UY>nOmO|iW_jH~jYie1du&Df~er4^b?{wd$Nzbak! ziM8|Ex+lzQJ2PQkf$kn4e$e>rjg!BHf8z5$+=hKF#WsQ6$ynMNy|B;TSX~jDY>l(w zweC{wTtxrfx6JEgY@Biayt$41rth)Im5+#@DaKKoG1SPA93|yhw4S+n-r_=QZmoE{ z5S$o4XHBSlWMri3Si$6~WA8oto%f;;*;HNG)6rq+Y|{qUW&zL68anHpN!+cffLY>Z9&(RK?Q zI~li?UoRY$N2NGQW21QRS>Sfg0tVwu599EXv+-lGX(N9u7+PbW85w!4YFL$lKfK?& zn0b_HQJ5Hr_P5bKRqC|uEJ1e}_j{cj2xu#uN!{eVDRevre&VxmwWaqip9`j0_syuC z{OL}3KrGVU3g0zv(>{styF>W#UL{#AWDJmOup!0D-{d7(CdYr=p|w&Y<6?FZ;=3sc6~E z-^1Teq&FTbEB?>N$|9rp)|dU{v9F?2UyXeJkDnO(&|}v^OXb+Dk7J~F zx7uGBjO{kN<6b`7o$wX>0B{ED2N?5~4-rrQq;;2UUl7cVf);X?@S)(YToU}N@0+v+ z6C-b=%!>W(;tSk+$XbHAJJz_?^~4<3A0D~(g39ePEMoc1yDnOS-KAdKb5{uQssuUtZ{SM5b>9n#%T%8Tp2fUDwG#jnA7 z`v13ZKKw3lzITu~KOBm4<{qcP*wakxX$khE9FG+CB;QiTyg{!v>g{+UAZkhvo#iB-LsB3ZT%GNKzwAK zN--He9zL0z4YLLazT>5fCF)~JU+bLP=1CUDmUyRKy-k0*>o%ol>Q>H6v2JmA)V#SL z=Qn+iJz&)kyS1yI#pF7Q*RAVso42;Wn!B9OnnxB8SCrLGuIcIDeDf^iTmQg_8pSyE zd?p5~SA41aE804yZZPuhCKl+vbDlnXb}d{wS)iMm>Gs$NzhId3+R4486P?-V^^B zexU!tU+1Nii)83PPu8I$hS$)jbB+!CZ`P$4H%#n@ohzQg2gJ9ycLKJ-C*eO5Tt#=; zWk0@%_|4$-BW%&5r^Q`M+@e@ccOWtL{SNr#p0&4j>#n4!8`Qq7Y3c_3CwZfF$vtRsh ztib4id|Tko%1l16U|#I%%Rp@p`SQrLb^6QNFV5<(*q={i+Ni%Fet+R@J-O5vxn$aN zw;X!u-jC<%B|7Q%E14+vldQ_DA^RkQwx($&jy1X&y?CCGRc~CxXl0nkvW9A;Ylzb2Eb7JhQ zb{Sq~+NtmTZr=m7^>}F+US`?{?^Tt3YyPF2GQ~oovxQvAX5~9Jkr!$7DB3#&nQESD z)_u`q{bw_WTZc}X^-53A%ud>kqn!;OQqXPkrqRhVo=?F~$vcYv#H2sSS9!|Tgo3TXIQTEfz6*NIdOz@< zxaaL1S$BJagVrOIJE1%4&e3&Z3gy{%S$*Hv84mSh#x3e9Y&p-mqEWvwms%U?`@Zl{ z9x=Z9W#J~d+4sXE_E@gqKjka-)^Kko&m_S`-`T@T)ZWj&YYXR$J>R6y9Tu<3I5uT+ zo>QghLP_N4!RS=-;>p8>59WS*_|n<*@4@_+EWJ+pc}ST%Fx79m5x%}d+lYVXWOm!9 zp}}Sjy9J(@u>pAB6J7k~(WPu~8BsI6zO7yLova;Cld)Vy44InG+HIh&Qm&sslUGSg1{e2RY6Rxk!^ z@8=_B+GqJ(bjF>_`~4c9>-rCTZm(=axxeza=ZE}?3jG$0OMU-}&gJ#5 z==0~qGh}D{Yt=baLM5c^3H3gAaSz$&=W2H+z%^k#(`Nch%Klr8mQef+czcqsY;r};v7vm9cEd5|0htbR>vt(U-sT2G4cf2=y zj}|zp2XDzv3O4cLee|XU!ndmhzK~PX_Zj+*F48^iCdWm6r^q!)?T5BqRqUf%>C_v1 zep5049yv3@xkv4q$h8?|m1`cScAtxb^FE$=)=EDo-vC^@WCSnZ;~$lqr048|z}I^5 z87m!$fXe~;sXH(6rMH1u4NUhAP|=?%9qFH2cjwVrv{$+F=zO&Ab$R$sFp9nN?m7Gu zE_NOG*MYx#uE{l^yxt^lp+Azom$>g*)|4yJx80i_ymBOMSbHAF zTJXr8Mdw%iw(k5yYRr(d-E@A1-Ew|n8#vf4i{o3UeffUbl#zGgfbu@%o~O#?g=l!6 z$IsG%VKlpW!?`f*9niiL8?LRauopT$Bj^`4u^xV-@C0YOgZh6Ri%nfm#l=bJ>1-LB zh`DEfw)~zovXYxCq|38B+SZI7khY|o2at=GXnSL$;}25r0K=P~Dx*# z7yN})?W2ZUkFriOSL-C|?}c~K-ywHg&h5*@&%nB61AM}l+6TxxIBnKMjRWKIgB)BunE7z|mf&timK(txzFY3RLeB>Ke}w0hN6;^w z1E;O>H7gfaZ26ou_j&GXHMxT151RU(z|orMb&_8LaFr{FjLn*;?52r5FMjXcUYV|s z-@Bo=*J|%wHZ)$yIH)t0y6;(I?DYS3b3GfPX}e=(1-Y)&%CW{hgl?7buDGM~JZC(x zPqBu_Z*779Ho502y#Ia__;0#`U|R0@;I%6Vw5xRI2Ht;Vf&W(L{I?|V z-=>`ZJ`wnDH~+Q6tABvECcaQT+%Gqh*ILckIF$Ugdn(8)J}2gyzQm>dWM#YHDJJvc zvE70H^m~E&bK|kfk7U}JHi7>(U1Kf3f%}MMGcj`8Vv+YJEXm@}Ufylg)Rgl7uRZtw zBhcahpQpXf!6)$_(xa~R)zqlKpEXTQ-1ZjnO3e-N8Dp&S2jEB6Geyq*wZhk~o?2mZ zAN6&5eml=ku*#q2c>}L$Wkpv}LB(2^A9~irS=>$h**c!@z9HT^$twSm`+SQ2Q}y_x z`{DIEVzb%cLhhkAX77)>&YiJmY%F#pjOe(V~j}7o+L^mv|lFbu7xg6;X}r z-w7SpM-)~3wxlSLI*HC#7ggAGMTu{MgB|65o{OyVp9S%*bMamS-V4E5d5&(Z(U^;O z9eA(FgLg~uxp+5SQqezmXu5wsuZ6s-scFAx=)ibyzNF%}Ete!xE6~@DONfOpNz@DP z4(>Ryv5fp* zW9R5)3SBefb5k@e9XI(QJpZrkKS@t*_dYd0_HBV)o{fqhM}Q|AAZvm)6>Y z`SBF39YI?n74MV&jyOn&|W@Ou{faC3l_`)ki)t^v;W=4kro+%;_Q zJ~=rn4$H;6xjlcM!uxCBJs22`&*q2mUExr}n6kn$aVBxYI1?xH&i++BbEo!A#HY7Q zpRghCPOQbupG=&IeRXmNmKSIKzLz+&dv$i4>D_-7BA4cW%8#4qyUU~R9bhzmCqE47 zguP~}6K6)bo8+3t1wDJFI&tO_#)z6soOzYo7jY)%X0zkWT$x0k&flNC%++ghr}OFc zlhV}{*oETIrT8E6tl{PNvex>V`-uhY=O?csbN*9(V%4=c z%S*ia6YKYSKmT3Oap>>!)8WOhPkr|79kZk(3+b;qL`Sw+?W>uK+$@~&S9UjdD0Mq` zC>b5WmvwfR_&RcrbfoTM**dbPXh0iiY|f9T=>6FjTpM@?7`40d!!SB>vdGbqCho|1 z039iv?&wG(I2JKsgW#ox%^ zuP4*@Bh!1i6IZb)XP?@|L%Z&>M3Ob3FVr%|ALGs+&hjWf-T%MkYNy6T4P#{VJ?7c_ z^lSHiFO51qL=vre=BYSv}0PIoSiq`Q_y(#qNRub$|mDe$)^vSwCXR==8cvQp`wHx{_H zNj2v=$9}iv=aG0(39pS#0B8CDFp^)*52FpfG9SsBziB?8Igj{dS92#$bxr&*KGf7D z?tovj;n$1Yd&9i0X9YZ33BOkHUZ>BjnG{>6Bh2Y^rpC~>=8^&JC9)+yZlW*d*~>e? zNPam#44q9$&1McFT-QX>Ga^>{uc1w_PcwHCeuJ`)2SebCPr5%ycL#0f9X_cJQ|cA? zR0^NCLr6JjsRnqn5k58XzFD6cTh}?~RFdezJdan33!Vy(3!1-}9}m&`C-_z;MH8&JLgcqNj4?8d)@_~n&bIloBhdByXbfO7&1Oq z2P@#e=0w}gx8XwJO_Xg`DA_= zr^Z*Nh5z&5e`;c7`VY~I_r4t+v$ubG^yjC{=kxcT8t>++z!!Tw_Z*Gq&LH-sFN1zl z|K-iAjm>DTp?xd)-OlP63GMa9y!HAqR(dD0=p2D;3Yq7P;cO${?Oxw$ur$;;)8sy0UFlz6~55tZ^#}3w@pr?>JIlp6{iTU!&tj&J9 zjC|@PU$#t5ChrXX7VKH^v3S9J^qCa70A)NIi|l%pamVE3n4BLz8y$zf%)XrQf^=7u+XtAf1$u-R0QyOtpw$h0mcHys7r{p#K`|FH} zzhyjREb{R;d)~_3pU<_ulTRZmtj>iyLX z@#Cs7=!bIQb$-n}Yy1vvh%=Lmn7?+=wgDaU=Jq8+D?SMwowJ=Bm$h!bp<+sVHhC^h z|k-s`mW;6*XBTgVv=?CXdg{DDU^Hj~MD zVBK2hUxaf+XDL^czvaqiYe;{!#OfLsa`852bdXQSQfvl47n(cap1HS2@C?tz$eqv{ zm+JUwzjJr=8{~YyLJqiU7JZY?zvT7Ul{3&goweC*@)0iH5Oen?YQfXg=3pH|`BXZ~ z@8@2CPxW1{zR=F2ZFvZ7jc#sJE^V@hAG055WE+5URR|n!A7L{8=fVp5h20%R&&7sj z@8wpy<8Eums^?nrKZ+SdVl=N7~?v3 zCC24nhM-edO&^u8hitmJo3-~H;vspV%86^mKbblKV;H0SXGbS&axV4kSM}^f=h-bI zt@0Jf)>f{l&WMJeQaoyK5*u!&*A0W@bd0+ zc=<#2qlh!!k(agZdONvP=g`#$jC{N}6o=ohn~{o{djG>DA!P=uE!n54kx!=+im)9SFnktP@-0w(0NC8HXX%JF^m< z*s?k2K>X+D^^J9N=0@XR(QUFPVRe(^8(G$i>S|d5&4BvI5)tH zGi}r{?~8$h>XMd$lW5&OX);iD4__)Ns3^i)Rj^ zk6Qa}*{Acng4e_t|D>K#Uj>Zmqpk0Kj_+-ptEDz-pVqnboc6?2 z8&qp-_*7_{YR(C${(DNljV;((5MfNJ=6PZR)rs}$fVPom=;Vk}(+ykT6>DRd!fpeR}9co4UNQhy~I3aV+*%>cUy|b z@Z}j(qk)*3amLhU)VV|TpPbJ;f_1!gD^)M+*1jJtfwtM?2O?|L&ufEr__9xP>tG(H zp8Z!nJBw%037utZ4Lc|M!ii079;yW(fFC(LttCW-xx7F_H%#r&>^x#T(Y%P$1zH)kaR{hYnSk>d){ zk3SIoQ@|xx$JF0e@@;c}&ziGDM;=w4lyb(B&odY4U@r2am3}gMe%3ha%~x8R#=1Ua z96n?mK4d&O$>XW%dI8@rz}A+dOV;V+j$If14RusH55k`g^zTKD^EdK;4ZgyWyUxeU zPqpEvh|Bvvbg#}`pO4>~Xr7b*0oK0OD1E|@8JrE#8pc8VnCVCH@Bw&*Ew{RJV)Zu` zzO+VfLa%Qz_MUR%vM1@k8$6T;XZA>WR`_V$LHj-R>sm zZUc8s@jJmecGdgcxH>vAd(H#=S@8cI+rKZo{cjet4s`(BqRab~?r@#p2ey3obm6xPSsLFx(fDrV=cV+U=esw8GkT$%jyA@p zR>r3`#-~=sC!;gyf^tdrHr>|Ov(-xPqfUW*ay@6ndbg3|9T~YbwH+JBK2tluX{VK5 z0$tJ<&8O_`YA;*k|NHsB!Ab}DWAtIdkzt6ZO8*5QCv`5^0Xv`_L3>;LJguQMk? zC+&J*Kyw@P(r%yj*kuE)_;!so=1e*5AI6sm_vPq`y^enBi3dkxztF7TZ_w{8z(Idf zb?_GbNv(14YjNo^XVQ7bm&FSHmn>FF78k*1>Lo-OD>Pm-aei+VbC4m{cMWZ;XonrX z0IwB~s@6f*8t4I@`hWR$>B^176r7#m+=u3STgF>gwDGLg#rL{CL9}YzmRx1Gsv%L2 zkM3P2Tt{wI3?crNx%#dcDw+JPf`O8`qS zdlw;#`QSU(k!oO5CHHz_W^fViC4 zyn0xs#xb(e8e!+eO$(UM`uJ#^O`-=~=vQaarUkXk(UaWCuvYcovB%DmO$%gqdZELa zy{3&rD!kvd*3mhU8Z(uvFSdqGx;sj}s@IrPwz4)*Y<>LkA-q_pHT9`dYn5wqRfW!* zuI0?Dv1!%-8F#bJ1$26T9QoPkjbi=72Fw!F40*b~B$mw+?x> zP7Pd#eD7T6-1%YV%!+y5sSf!+m~%R-HrT8|XkRP04*BmD2P5kxs_l_ehdhXv{D8;P z1%{{Lb;xtuh1DTH;`SXpAClWPZyoZcOw9&Qe!+JB+8MIcx>+Z6G8SV)Gd8V#4j_8tS?U_7XApfi@lk%eE4zTnE2Bh)AipB;#b+f_uoT|>54(Uxt7lO3H}l8Nia5q zo(22z=33r!|3v+ie(LAFweCE8F!dZd*b9L-sxz;1dfoWoY&l=t*TuNmJ=;pF9*Wkl zA0*b%x`65gcDa6Tcl1@(ws&4BKV1h8)?UC~<%vkeYs46;gJNp-vxcF$MKfc&#k@jt zQJqxrJw=@j&HasyG|taDR};iX`jKS+Sh{t#VHrN`2F_m(HERp1-BMgGt;j+CSpLwG?SR|4c6+X0_3U<;(b;Uggp-jYe$bPn z7n>P5x;&H|??R3`2gsVJ$?fH(n-;> z|MLzl1C86oe!cE&{MG(nm?Mc71GabXn#+|-(0{MxEK2N|sYa)Zt;+NQY}bPBEFaF; z=bi2EME6yD>4}bupKHcmpTPHDf?qC#wkJC7eolMBTKjtpIKeR^_*r{hS!Z*B8PqAq zmvMI!z6||ucl7-6D_iGSM_a0kbUe|D})ld|48E)ql=f zaK@Jj=e6)OUmH)C{yE9Mw^?`2v);$_D>KyX-%gLJJVe-=(@Zi-shP-j&h)(X?u*_YgW{=_F;2gi! zk0UbY30Zqi&yk)C5{5_TgU}iDSy{5eW}xZeAWf2wXwkT%F+hB1ZF>AU-R06VYg2nK zwo?`j z@+*G-7$=t*sE81m35Xd-5w*?PLcY(}b>G*0?)%JrhQS}Z`}qDbk2&Yu_jO(G>;3C` zU+?SveqZQe1GB3;kX6;%3#ki zKKJ)NU(e?O-skJ~R?i+Z5I@}zwNHF1xx0Gy;KKJdeIHu*{tbN}UikjFzKFase;@MKmDe3qK6-lxwlz4hYrXD^LDzgevA<7i5W_B=!g6 zNk$y*2a}BSMgQnrj($u`hlw%d{RDleR=OSYC-l{c9#vo3`)REz_RUMj>_Fe#h+fxw z8f%h1!?)6f^2=s{FVVNo=+PkjlD!=BGc^=>$M}IHLnfBDPiyrYhq@-oqmOxKOgZ@9 z;z_@kd1u-dehat!v^#|d)}0(M9c3Joe*k_jLf5>!Xin>W#|CvRTwB+5<65UnGL-Xh zoda(1@MFMjYD&`nuVja`1Z+&6qmz9(^X*G$s@ekcow_D!rff)XCfnXPeuMJl50^W? zJAds5)+&yE<&DV*Xc|)>&4|r zpXpvMwcpvea)TK!&3PpJqWa;-|DKqU=rcrr9>S@AhDiTGdsh9wwANn(LT&sr#G*Fv zOXxgSHQS?f)c(*JVnIh~%paB*Gkk_vXoGDLb%q#%*Xr^?X?uoPXdek*=nS#&uHf5I z3ck=8Vxdj(ni$DP@Stk0kneA5S3W1&!Nam25?-804A`S!wR8LVb4BY^QB5?R!)=d` z^UfA^H|BWu61vk3+o3Nu;BY4|U#0)saDE%?Y#P}5xPd=hM@eyIZvUeLeN!JpefM={ zPG2KW@aU1wYUkoVpAqBSS^k8O>$Mr;DrUeWuqxy_wXwq{w&$bActn`&Y} zc6CtW=Fs?>4DgLdZ??C*e_tXt(XENvF>;?hJ5)byEmyKnyQ=GBm*KPQc>liD_lTB&fo$25w_THQ2z8A#XzX4mWq0abBg*Vldw|L7<<^AdGmjZY*ak9J* zyr$M0F>5IwZ=K-nxQn-^;9t&TQx_2S23 z{;Q7QKNDl8{U7V9&i;toJ*v8o>dWqR&3=b>q=!ZCVeIc^$I4Ho_mbY4W%j!Cqqq;f z_ot=2$GWXK9bw(_&lQ=IKbLZcF&UfnM|9C1AmQy3A4mSQ$2b1D!1x*Ut96$3+ng`O z!|<9t9nS@W_Hr`UeZQM)4tj-Q97+84-%Hv5}7?*8Vha}^JOhirR&03o#F~zkw!ZF5v1^b4ja?3p|j#*yRI!KJFf;vfkh0 z7`@N$i8I~U%@*K@g0ry4Db$+L`t;x2=~&#yhf4He*Nz1|57x>#8J8b?2tJsh_+a|9 z?%K)y#Lz@?raIE$HO#BKf{bM*=@0v{fjYFvo?W|^2$$kf=H5+8~wkTwZ-HcAVU-36KKF)Kbz)EB(^a<2|UC1 z=Ds0hF(m5~2erP#;KTSyLi}R!(bwQ(DgK)!_-{NPH1L0*9^BHOm9HbUfz zcg?3gF~|G*frH)Dj#Ujb#amT1x9>yVQ}Sn+xGHRYaAD>lAEbf9^R-(zegiM-UEP;* zvO{#jm)sIJ`Y1S0pH9+QQ!JhCo-G?kc8};&4LrF=poMIwSsvczIVpq3dEjuRlajwX zYQ7eSzyFnZ7e8=^d)F^H)hX4k&FQ~lZ0i@S!TvF8uGVHVzH}|mbo$1z-eH&vYHMiKAlh^QhN`3#y zyA`(q@9b$Az3&E|{nnfNuFlal!o%BQXZE}A_~@G5@iATZVaw|5Vati#@MXf-#gTjo z-&uZ>ZV&Mw>#yZO#i?n|$-(S>@MmZ*Asdf9#J(H(ztHf+Sa@PAJc0ceTfI;H%I~YY z!R=X#`Y5B1O4{5E4@A+V?YJA~8Kg(BR%seIBYA{1Cj(7fS-yL=&OUO;9X8XFlhDP& zdE_~#HiyiMudABfvnGQB{G{L@)sFwgd@qOgoI72MociC9TZiw8os5Fr^3yejp9(cS zwbp-{vr!Xc!sj4P6z?W{{5AM6wTpTF#Sgr?HRPk}Af{|C>v{uw(0TZn7Zu~cTi=)S zY^COmd@KeZjqqqApO?D-WuG#q2b803;^Ekj$c{X`NcKP-@3Z!|#13A$UiDYUZ*b3K z+&c7%YsZ$~kR9oq`?P4w`&;JXi(1A$VIFOlx_w;BJksmod)>`M9*n^q{G-0p)WS~B z1U_$#odKTAxHIVk7_yyxTHk|?%Em9O115qWH=g0zH{Mt}n;OMS@8={4Z)CU|5G zJcN$V-Nb+Njr48@_2u3RT#CPvUjMmdV?DfcsEqu(^PA>-e(>~Ma8lXV&nf!vU%KmO zkayKzv&Ua2JBni6nD^hYPbuyvTcRJ!dynwExUU>@(mK_z5}m?XB;#(8yl24C_QrVV zZu_TbZ)noLE`OKB$2#6!4<6Qm2jncbp8v?2;BR5?q}kKKIvgct<)~wP58(`|%m%v^Ems zZtWgE7uP41><8;+9rU19Ed(>jsnY&cDfp3Z?}!*f2e zAx&(Z?29bxhw514OWH7>dmZ1Ybyl)U{D;F?nf4Nncb*)CPx80Qzh9`Z7n1zl!@Zon z?W5k03n}#BwsrY%dmR2KHNLlw2lq}!{{8V!-G|i!PyRxBpa4TC77kh&U4SmN^~>AX zA2uPUoLw6HAMorh{2=InLd}2Kq051%`1fwUKlIGuQaW7vTfBf?PBhomwoP&lwsQx; z6Ss3GF#Vf+Q=WZZdPDCFfX={*UGxp*s;A@p=B<#7pQjV^>&QY%#bf zoYkm*jiY!Kmsg0z!XNtw#y2_c*ayY?1)bN!FMj|2dgRSTdj|2ccvJVsXg_ZF5%^_m z+Wm{*)4B2;%c-{H4XcZdha7O&d5U1sK1*e8_G(cR%@KEZW#>nrg1 z8@G=7;|bPM>*(V*My{iww!PHRp*E$~(XaXAg>-bNt;OrBKQCTK3+KdILxc42dBMmP zF+9+|vk1S>iI?HqbjxE#52af=f_fklhF=>P3Va*PQ{)`jm0`wGo}%RUPvR-~NxVor z)0|K)VnDYWdoJM&eH=TiI$6S=V?Qn*0ncBXJr_R%-!gfR8%N+LhGc({=2LfMusN2G9>@Jd^nxj=MwYW z)>1}%=I3UseV@MUBfw933VlySHpwBBUpY-%^KOIQ-D=(~<6Z4xpWJ}IG`@U8qTHD= zTkFVF`k12gChbX>%RGF-<a0m; zM$&823lnL>^R6n|$Tu3qhh(RIh>bH`hM)Qh{M2W-_l^R0{s!cSe$-!Y`a*{poBYJa za9^6EU1PKO-4qY0JiQ#eWpYd4W#xXzACLo=lVj}1(0kS3Nic3=-8`2z{=5d*dEv(? zF|TIMLA9?hhDG$~2+pe)eN}ih6pH)G_6JUMy!<%TgQ>^EAM`RXU+2Xpm{{|2cOH+i z{%U_{@_>NjJ@{L+MraMzexvN=n-7gbCIzGR{~2(x4<5VdH4z=V)h7B44VB z<)qCgF5wIgTFG}~=+2r`5}KYT{|EZkRck7xG=(ku5fr=XqJ zqaSIjlM3>z%}G>VMCT*e5~u4&+DZ+y25{Tx%3%8!O8b!#qnvY}0l#`b|L*R7qriXz+ex#3YmCkhAgN8_x<7sgKIfg>r{0E-c?Ws%s&lcL zTnPCi+8Zw0w~PGX-SMSe?dwL=>?Rjp`O=AT&X5E68kLW=y=6()r>tjb%#iH%Lw)xgRT7liS93Cw6#AUAddkgI>H)oI6j_j5lAo zg}@>>6G`I7kORdL>CQ+)&mY&N62w+WZ?;pDfb&G;hT0w2)wZuje7ur9zAxcE9&?V& zIVJMR9Yy=yvugdWoG0aY9B#z6VV;UNN>QuB^t;UK7kfZ_FPgW|ug+6d!%X*IsZDkn zKBm6hD~jE{1m12RdR0w=nntQiWMZ$DyM3z<#WJ_izuL9Muc~R=JF@0F+NAGACyZsk za(is;qn>{{doS~Z4vB|jYd3i|mH%5NwzdxbQ=Ksj%Y6DbcmpQ}AK1O%uT{3Mo(cY( zx85Wyj_teb3Cz3m3h(a1Hl86I5+5Aumwk$Pm%WPZ_Xg}(#Q+PI>>|!ep<9l9P(tyI z%tv`Q2G2ax+|^FFSlb9+@tf`Eb`QTc=UVS7cKR}KroE8rv+Pp626(iCv4Zc}J{Ra+ z)*%DK^avPu7KGt_f`Q*6VesA+4Aa%`bYPfQfMJJ)p{UO)y*tZ;VQK^nJPX1wRWR^d zBn;lWf?QiTVnx~#~ zW}DivZW(t}#t#0C-fOr@`LHv_@Lqf6RWdEw5P(o~3uRKI5A-ec?Y% z=^n#Q)6en(j^oSs;rsG&e9(iN^^QF2ZtGom{$9PfV))xT@J%$}|8H1f_S3TUh+*5; z&KmeQFd4kW6)%E}v>5+MsNYpyO}OHIHRoLxuRXQ*>cbVc#~>be zt!2eN&N_TteEKwSvERFYu6WG$hO6PVas2Tg--5wK{Az=XYKx1Ot4rb{=AUnbc|^GQ zfW<{m?ftWjaC?^q_%ce+px*aogxhJ{`F7lR>GpO%`GrIBVTAiQ*&>?`dv4=6&N#8@ z*duO_W7A>R?ZB?v*)dc$ozD~2KhaKYq#f9GJJ(^;5lgTGyH55B{O;Ox9ZUD^!k*g= zjP1u2TYyc+nkoI{+jQ|IT_Xkmde$8Acz2u5A6I(2?Gh{FS7Xzy*ahqbo2~(yF3uW* zEoXE-wrL{DrUMqiiS5wcrh6t}(^0P_i!HZ{cXQVl`U=@}&v-UnBRV)})A74+(_PQn z!92B=T`(V;PW@ubnSQYuwVr8i-E2DAWS4t3-Okv-U*k(@zw64dO}EnRTYbomc^my} zEb=XC+NO`Jd6_op`y*_+`y*^R`&%iSPIv=$12?vuvAvc$zO4|l>4NWK%b9nv1Lu2l z4cTLalGvX||t`P3OHUTjn`izh-G2 zG*Jz%5e1vBsL!A3UF@!sb|ue(F#J+5@LMDd-n)X~yXseVB{ryq!MEv(`rNB`=k{P% z@+=6$w*&*fMZ(~{D;Vxpzte#M8`8qy+jK>JsvgZFEhCY4sCNn+|);*mRXeHXUuBnnAlt!G}$UEobB$+b?9(jbRSF)6J%% zf8VB?fWL`%1kXxf(f|LF?b}N|v}$s+9x^svLy=8)j&trT*>qE7zhL`fiwa)frW*mQ zriR!^*QUev(|+C9bd#_*8cW!8lUP52yM0^i;M4eN+xK4C-KOI?^GxkHenn0DU9p3I z(t91maoII?=an_Y4Y+G8?|$Pna8Q4CG!E21F|zyxY`RXyk$t)jn-2W=HXZm@4XaY? zUd4pyF*NT_c(C@^eq3~WV-E{=z#^MgHS(^Le(k`f^X~63xYcuP(Kg|)k(f;L4)!TF zo$5cbzi{`)Ct_`*saB9&6(FW!DJLiW84XW{iz@XK;_gIktC}6z*3zc&Ej4Pwjo% zGu)mt9dIym-#lPYUoW4F{DQNj)`4-v!x0zF8CfdPTscDevX3 zb9F{<#w^&R;W10vq~J|=SGcqb*`%Sl6l~IPznaH>4?fj0Dn5@sW4 z;$VmmP`w)Mk=x1VEp-R`eD<9>vsBGk#b7CRUgx$6`jVc$9sJ0@rSr+6SVtcoy;tGY zm_D(wQ13~(7uSM|Q?;%4<0K1hv*qEK%LH)hEY$d~`s3TCZ^0;A=U*?hV}#-|!tnWf zh{71^qsE7?bX!ZS+YPM>?L#q3;4G3xL!l3Jn$J0=;&u{&-2cav`#*7T>jCDWeE#Xc z63karT)a6uW<50TIzw7lljp5>tMo4WZN<7_GoCv4Kfbcd^l|NAKli^@XBE;v^f8}1 zq7={I#X*H|x60NJM|TzH{%2RY`H{i7iy!ve`r$=wvgkDBv#dss$uD4Y|GTxvM=CwX z{JV|$M2RtN+)i;D>0ym|03K2vVbmNgjn9I{?paSEZYJveaQ*PYyQ0_5Qt*|^{b!xD zHCKXokesI*96x@)AFxT5TsbxIs3AJpIXw4c&Z3c@;Mr6#Csp-D4x=|Zu^o%YGw1mD zDRs|@;#}nCj5Ry0e?O7E6nsd19@^FMj2sc2kK-#e`~z+cy?DpA`7&+fyEM3m-r{H0 zKXZ4m_DgRsK?}Rir)e9^H`VwTmB4MxyQj9ejX5hG08GeXl~)T~{a6_P0T`p`+w8^7 zxV%uvoz=OY&fV2V`#R^~9@&%)*KDZbE^d=6qQ229rC1^u2Pr#qX+1;nNabTXlx>jhYg0ws~thxu4zm=Q}0fj9GmX(MB{KW6S$dX>GdV)~?e zv=={2ZvTQ%y{z$FIiBUvM~A07CRR;#`kF-#Vqmi~(N(kP1OG_|--*tAv@e%F%1)7; zK)xBcQ9QtA?~FuoP=A?*-2e?Z@5pb)ZznrQaZ&O`=$<9{LUfL1_N)enh1w8N`-nC_ zCT$7+xl76A>|^|Ml5O>CaE=~w=~3v*;GE}zNx1qHI9E)Fcti2Yp8?0x8S2Bvp&Ph- z+7{~FEB4IrmDktx;N2e^p0Hy-j*R@3rFUTL4>Gpk5Krcysjb^>&aL1VvxkQdH+z1j z^`lO1eF0yB;5!T-be40kvf`5I;|1=w*}+-O&X!SKw^K`T*SgU)Uu_vp-NZ*ty(!t{ z33Rh~UbPyOpDdma!ao!Eqi}8c@2%kG#KthbgK=r9``Jc4*2f(q6RAY;{XU-D8@q(M zF4~(_^B)^#%|y=03=hd>;kW9*voyL}>)CvMQ=PJ4yqj=S{F`jm;@{HXtM2`hi@^OM z5i(xoXdgL&{p`vboxvndIBT_bnDrKXFB2cL-%bv%`%D#MCn_HQqGUTtA6vXV{U6u} zj9)6o*TlloM<;ZWVnJ z4s;@4O!SjID4nL51=YUJz?14{$N7paxLRjT`Q5C~=FSde$<%<6d@}Ci&|c?*Mh2nJ z-yU&uXC+^AtgZHN?AjxR+#coki@%Iq>D^{$ zZRWOnM*o^RFLlr<$V(H8z6-~py%jtdoS*DslY0Q)Rh{LusxF|t6Gms+3E5lJy_C#w zuBAN=>nnDIuP_Jr#gxGt=Pg*`#>T3A+u>$VQ+bH-z)-eC|g!JM1J5jao` zoY4(&bVGdQK0D{X`H~yQj}DkT-${HzeBKk>hkk@EfJcLQIze6t;$F5GV>W?H?gb)_ z=S19%8Hl_2VZnFB@0Jh0r7_~N#|k_W%r!|PciJZh+Z#HwZnw3J>k^$empSK2p0#f` zbS95KNPDxM1Zcne)o9w^?!{V|m@)bqr879@Z`Nn#m+;p5ZZ;9`N*8{Wy7WEa^H%1X zK`*;DQK7b|&j(&Vo9e?d7o59?XHyRV8EVR%yhr{RQ%3>1n*6-r`$1fg2|>b>9U1HWD9{dS=fmgm4;#m4ALPaj6E$)E1(gX{)<60$GR zTV{VJ{?(a~sbQ}9nmC^c?wOF*Pkv*)5^XZO?R^3sasBvp- z?S2AU&#TX87S-p^X3hG{G1g!1FVAp~I+{*hvs$y$WBH?LeEHMW z-yq+Yv(@(1zl{I2 z+^0G1<(}icmo=^S>PTc~aToW@dQ(5kA>T-~vmBFyO3Xz7kD_54_JHitlMT~arR)E4 z(_`(A##cVAzJJZ$Lj9<}iP{64qA$C4Oaa!Y{<7dMM_+TNQExcL8V~6W3b=@HP}%MX3K z#pQ_l{3dXCQg^slp3h#J|C9JXA(oep%uWZ7gZS;HnD*%A9$UeZt{lc)(1rd++5Y<1 z=f6dN^pVOA9p023dU;b7vA)&xm74&(jr^6<&XWss-d0|3{NJkIHxonRy`YyJL#frK|1uJ zuh`E^_tj1f1?jC}@C*0JZD^n2%y^i13s>h&F+Bc{;_*Y57wJ4?>Nbyt4I^69KPce& zcaM8A^#f|QiH3K1GyW8O`28Ndb){fe+mbuz}c3u8QE z$M|+#euHRv8?+qy7WCj11wHs+|o9 zqUGB?T22em@~K3UF=F~l9*zB|H2$lCwCqJ+ZI4IyC46NUd-P}-*_z(NoV_*ZlNMKd z>hjN(L64mtJ?{7DvDeAVub+K{`ER)}pWEr=bN9RJ&=ppeDo3@Z?dV*Xq<`v4zM@yby_d_YI``kFWsk?__%XyJN`hOe`KfDr{Pfd-b zWHYcwT$1Ip;#kJ>XU<=MC&#--po8uvJRBd>dZaO)&s`s9Eso=x9@6>}IM8`ndP*#n zJ=2-7-pWz@?M8MkA5A@?yO15vK9TQO-?0U}^$$AU20c99=xgbCTV4MB;*Gr?Z*1{+ z;|?dUGp6iLj#t!kr7Wjc@A%1uW_`VH4JcMl<#Sa&H{IH-jKQ!MTO+)d+1wnr3MPC(P zi|#8sh4~Z5YHY&BF|FyF3b<;wxVnja%@{a;#KZYI59jNhynMs|Li~!sb$o1V`ualq z&)fFb*X3)4YvOL(TZU|CZ&|Xzw*l9K>qo$KV-cl=%@%ny1NIQjmP0e1g=qF;=6491{kT5=X~qfCY^Up%>J86T>}_!HZHCjM{Xc)jF;Sjv{G3UVTbKv-w^#;x$j>XRt|JIX>wWZ}^)s|@d2+x&4x#&e-vD>5j(jHd1SVjj`PH5E` zsnz?pSzJvb$DOmSlbs%}r+B!Y>QK`Yo`l{y<52wLuZy?{_OwPerb4$)=r)LU z!L?&hox64be~4~Vpc~IZbbASyjzYJW>hnJU#vtA7UCt&(t>Bvo$;SR$qVX)6eUo!I zS2o-`p?m75d1G`xuCB*t)W3k6aTYiI>+;_PW{r`U#$8ojUT0EE( zrv0O(MRVx?afCQhxJ%&>>n{{4^RkqvH}Y zz)%dQ@FhRDYLcneQ<{6o(t-OZb-q~!4dVmq^5-&k+VG<5164f22N|y?c;*^-3g=(J zc-G$HZ83eE3UBY_9gDZGMBwdMvS+*vH*iMdO>{BmYXSKYjScRgpU$d?bLJE9 zu}pq!HgQdg%_NTL0JWSaqBn(8$(HW4+8rNnVjw26mTR9Wo!k>XkAC0A4i#`3^?pw= ziT}u5RZ(p!O2#CHYaK+@-wN~9co#RU%c{Ml7#gQ}|7_LYQhluS)J=0T{FbhyW^!dg zMt;WJ6f2Uctjk~j&pp)Rno2z`d>z~4clq_W9u{v-VZ5ox6ZN=^9Y|kk^KSQgTssuc z9w$eDdR+CQ$y9VH>x{Zo@8eIpSgEhLq+t-8sg*LxNS2#COaGeF+OrAFV^`@`-vt0jsah_wz8eQlIQ=)EerY2Jv>{ENFQTw`1QJYFNZ$XZ?;~St*^D@I$)wN={s_j^GW(E zyCu2pZI(yj-;cpV=KPKKPF1h#%d^-Yfv>1~UB$R+_RdYBaCHZ`>TN%EP590CqH+)#OLa~O8DB2e%p?2v$7%>Je}i@A-r1{zrl0I z#C~+sYoYgh(rfdFBjp)VMkwz4n&rFkekbdGW)XXn#k5(3-hTkToW;8F4c2h{8_HAZ1V^e3m!8URypw3=t_SRx44-vZ z)!{##B&Klr26EwMT&Q&tABbwl5sUBdcXi&ZI9cN>Wi0LMj?iy*7US`|)~{;TEp+4- z-Ivjh-zvA%-Ai!?>QTioZz4t_Nk2NvRgS&lmvvu3yU9m(>x9bpXwJ2#NGJc?_>8=L zov+uVhwHtZi4z+ygr+R z34hyLeldGzgKMA3_D~(6PqJ@?R&G8MxfCYn%#82W-HwFcuSXglUt>Jx!{0-DFPEZt z{@8Z-FQ}6dzk0)J;MZA~jkh+mhcBSvG4112cV|AedCZvs@aC{>CVH_AQ82gpc1(Ae z{~4IoUU=`Rk7hsDu6rNz{tCKbugV^p3?CoCzN-daH>a;qXCaG?quM$B49~guaRl#P z*IKVLC7o}WdfL1zydIkA@`ahF;y|!%qvpBFw`aP;xI8$|9{R9$!k)(@^WlC%@uAo< zs+Sy=@94eSc|F)Nr@2=P$&!V26R^Hsn`S8ZIW3!}D6c|#Lig%r&`)8UjPI(dtE;6J zSt>EuaqBblA6>9!yGJk8CD5~7*k#q;vvkq3B(d!F*+kCEDkLB9hsl!|Ol)XB=iI;M zH|?FW$b2k@J&i8rys-6U?j6i_)Yq;i&S_%tJLu~6%Cdv2(FNoi)KsAdl%o*pXFBgR z#t#0He$X>DS>Ab@-U05-S!x-a;mn-DckQ<&pU=X-IqBHWSS$XjrX2cQK1jutsNcV% zO}0{Z0>%{6nm6&?{oS@t@Q!LMw0Fi1O2?`mv-~Eu?JC+z_ivAn-k{%2TjWaPe#f*$ zw^gd`SlV(QEwX6aE>T<7Del_cpx@P2@LXj2)bHarsGr^ZuAEmro1uE7=zG;i=t(~m zWG|c-p+0UV{#xzTPfvYVe*V#Z$zHghU`|pt4zB?}d%YrF!}kY1bxxWv@%YY=_I2ZH zD$2UPsraxgd$1(A>eaF7+-+&~h>2ql$(7B^3dRk}mf7sM{b;W?;vDcoe~RJV)iSo8hlBn2 zHUvC*7@tQcHpBDqmvWFY4dlfA7qN8kv_syZ>JS=x7k_1L9=|c??eQyk9+nt9 zT#6m=KI#g&c}rG?63BG>8P2&4jHNw-sm%txwQkFfh@&5rJGCp$eaXm(`1%p}T6eKY zrc5j&@Na+V)vXR|rQ}}gkDe*+FgwYm9ewQ)KPgWOo|!2-NAtOjc9Ns*$dP14et-S` z$+yDGao}l`jE!Nu(MHA;2dd{yYPZvqCC2&@zZ+TN*>$Q73XZe}7Wl6_e(Jp%yC*h= zaijisEn$4=J^JaXkBUFK{`2BKg8uU&Ir3?wJ$W}dT1rmFUt-6Udm&jeI3Sli@gGA} z6I8K~P2T$9_halmFV`vPOP4GqPQ;Gg9>^zZ@bGG$jY4i484sD#9UJY9D>szt-^$b@ zk4k40?))g0sm}QL-Qri>5qlWX1@N)ar|2T1 z<3ejlcid$B`V!%L<6i{lS>!m!cqW$%UQ}JJ+r9h{Lr0!xcrM#_5_A-7IerryN#08U zugT@&H@%}=u71!?F^(ri(?I(^{4U$RH!xco{Pq#aQW$Q-qnzo=&J!FR$gYVGhSmua zH$TRWn-{G7b_D&pkUix>V&;!ba#FjGkEx;E9cWZV% zf(|$PR^Zm2LOkoPuj5%??cG@2abEx5R_BFbSHDMQsULFvkR7wHMZPo#Q{xjkF>_#C zbC>I+x>Rna_A%NA_uIm`V(qSVeWjG_qLN$N7f#>85YipNcf=j|b<WP1TN;&&BFnTSrg!gLv7*-~r>t7gVQ~*qoLtHq7^O7z~W@ z0v>0Ug3r^V#qeqFU$b}&^m9&$eysfd<-5AWAWRcu!=o4av3}?t6v=Q%=OD8hPisfN zi&+QwZs&Xh@JSx6&M~zdc=zS$o{nb?$*lud>+xr8bn-dyI5~;@41#yTr^a$Tz4Zrh zZgQ=?v3^A#R&QzipFK@1B77qo=Lr2yxYTLVotgcco!X=HyQVKbtC*8FpPTDy*B}%6 z>%YpW?bp{)oxptJ(z>S2XFBJ85SZ0Zb|ZhtyVYA$_}$nUiXQ}C`NUqh6`9}2eZ<87 zm@`9Q(fa+{{=|I)$C}}1ZaG@+iZcl>NY-W&M7 zh&zC`(8o5%#AU7qX71?VdtLrt@I$o|8&)N`ZlT_JyzF2Db9gI%Wqa}IwHTk;jB?<7 z7})gP-gUDX-;mZTt?jZu-1}*-#Fih=IS6;OG;iX(AKf^>$^U@1h6h`?o70n#&%ql} zvb^d)y?Bcvz7b8%v^*H-=VK-MsrYSlKT%`uKN9_}#(ZV59~TnRITg9+Hm6hPfw+x3 z3-Kb+bsiqPi@2HBQRm^K703oMr1M>9cG`6wg6o6$w#`4+4DX9ix6Z>*_Vd9y4b4>DGC8`CYD_sFF=8`SR@5$4k_C_yhYNoli;j%(@{%=0MU zU-A1roo5a+vetc!lINN6?y*ow;48>f?_#jlonmea4gQ0Bx^OI1aE`)zR4mk0^pT0z z^%x6vDeu^ro<`_Y91E2rCZi`BOf+x?VtPXOLGQC}nEeRrp}jXoci(-4vC<>(zYv>` zO?R&GQH{XoLJSWwb*}E4$fD=XzM8eorE>uv)My|VHt?N!wy|F*{ykVXL;gL+^lNby z<52rx`JL=u`0y0IPo)ie;x>4Hd;E*DRo6m!kCXnQ^C!+*{4@F$tW%s}v|PPG>y-9O z+BYZ`^a%Pv@u0Gqk6;gLpKI&_Vm#id_gJSDPpLhpsh!9=9))vjE1uX`s4KyI^Nrf? z_Og#vey#FCAJR!jSnp-`R1fFgHU4ytAs7#P_L;Gvpoe}tpWl?@V0@^IpH`eR?N!r2 z_EA}Gv!GdZ0kix4`9!qE1OC=#Df2w*g*z<>Wdg0#PLg(z(K*+T7X}D zoNaN?i$1LWSPP6nTt=O76!S<_JlgL*bDH{Xq`SBH5aUPD*}}Jg=dV}4{R(?FYK)Tl zt>|o{9eLJXAgX3mSnoyK5`$i+EpgL?*Jn!v>Gww35)Su_1Z|1F(CW3?63@Q#^lXU? z_kx^`Epdc9*Wb*VQM-X(wnQf6 zYRsXfcf6W@xE z7xu{~HkNZYFR_Hki#ekxl9}MzR40G_piRBL-+DTHXKX)s+um>e(&Cd_Gsr-ee1a+m zKXV`c64ADam7Omc*rV^amhGkb$$}GGi90;F$D8v**@dPq3429Tj|5ql4%meqkSO1@ zdczT>`f3#zl2KRElZo#%Pxi;A2sUHFk-TF?2v5fyH@ZQz% zK&T$m|54oB@dn~%dM|PF7UAZ9aeYVvXHV-xXR3GW!}ITWJ*FlV^4jq&zoycT><=_J@r%~S;wAB ze}y>i25{3;jEHAX`EB29duk5&^W?=JGYId9UdqeJ)0dY(?pyT!<4UOx0X<)vlJ|4n%rRwOT@UWdH==i5$CUjE2^8K)yJua>>J^738a z?@3EsFUk-hbn8;`E5c$6i&Op7oJFk6-fz`87lNo8!9_gQ9r<7Zy4B?ZlcY zPB!7yQqi3V4=|QuyIz>d-(vO$i>Zx!gnI0(-|1QIULk`YRe1q9&ZKfn`E40}>Ha_B z^|!ag4(e?D9de|*uzY%%RfKe?f1o5b@`X(vZo+UE(U)SXYSu!B_FeFew|4w z_TSu9zl{IvGqi>^63e19({|z~6nmsIT%DT}Q*viGmeTk?Lb~4WiIy3BUQVpvWyJcq zG5_jA=Rk^4TA07}Q1uNr)|86%2;x*QHG4UvCpL!r)Ona}DCIQ^rx!qH#(Puf)(}Cr z)vtkW(|Sp_yZ;yHmiwmUAdKS>-TwHGq8o9L(J?x&m2OW@dGqM@Gv-t*ZtNJqT z8CezQzPihP5ASl0X6_}BepOBS>cQwn=6YjaVo#F9pfJ~9t@s7#WW`}CzOux*Sx66O zycny{U0KZapV_zcwvWPnYK5~-dzPs#hdp5v(%o?Tp7-HBJyj!Zx zcW6W0kz(?u^|npbgx1wwo42Y>z^5c$i`88_o;->Z>F1q6)X6xJU`=-}tUH0so`A={ zZuj11|IE9I*|C91;*{iPgnpAJ@>_Ctd|ubOFb-yR=_j3390Q)`ZejjYV_jkV! zx8Dc2-$&W+gWT`ql9Su_j<3;}g2RqofTOSZt>5hOfm34rJlK-nZyLk>t>5ec=C?Cv z4;r{IcIMmJ zfZP3EfZP3EfZP3EfZP3EfZP3EfZP3E1UF~k?UfUJ`ke_5^Dr&)J{cRZ zCNXWxXt%Gv1OL{0r$6-lp#RyW`I-FoHKzBs(?03FpA5Xyf8b62`z}A6IlKSBCu4)w ztnuDI6P~!kdq;e6r~ldIm4W>BO6;sPpPcsT(F1vQKYwbUnD(jBg6q@#X?*pkdFeL` ze8 zR1@d0yDo=h+?=0y>!o~;3D%!PU+ywuT@Br3#CrSqh*!6Evi=yKCEs_($8~89y_34I z^l#!?{B@6d^|n6Od}2csdu(EEct3xK^I7Tm?VN)sHsSzvs!Wa%YeXU5+r%gNunJdg zevEzLtVMmM*=uTD>Z$F1KQE=w)@@VB-zvs!g%<~MVq>9=#`~T>Ug@@$uEPyo3+;pY z*z;NXb9}RXmS=G%i06ax#|-k|k-fe1!5pp9x)NvoI+Og2c&p6?4dPF8F}#J1l$oSI z_?fk+4Bhk%=wB+1=m5N;TyFAa*y}Fu%1wa}r#j?Mh#&RY@F#Ur`5efLmhZcST@;#Y z+dx|{<|1;@<8CfGJh>Q}_O_2^|8CoGA2H-Z_K2}(kvGAr_$&1BPlV?M*gmG#EAOzT zwkkKl$Qtq~SwnVaCaj&qJIbZh`PvTdl+fqgTUW#E3Zp=a4y*loCb%{wp54? z1$!)v!- z>poL;;@U&GZ4Nby%WA9O+k|W${@T~QrAD!P>ABbp^Wf{2*g@rN=w94oCPr@ghSlVR zi8eZm4c01X_u}Msk#{7XR$fx#MBO3r_AY!o^2ylRp}POw)F_xG-Y(P_2+En!i{mX% zhx6A3-xt7V_Ehc1mTs^4?cgr>;VVvV{SW4no2mJ}pL-JFU3k#X3v%VMRq?%=b56WJ z-SFua&T?vX$GYw&ckxJGkmNd$7o@wQ1n)b=<5M)osIKhF^J_(uB)F~SKjW=IMlMsF zWKQoiURjevx2zsmGjkok>3iZ9XDKn*DUDM_9%zMrUw1`KqQ5h96`zk%H!@31e_~YK zXKu$%R;{!J+-a8NKC>!lzL3xT&iUaN?K=zkjrIJf?#`af=LPV@?v}Cpc6E#;KL}ok zkE_vMU!M(}hDW&9jkQDhQqOzy`jhyg1%I0K)?#qOnwy}%oS7SAoWp%;>{$hOmb_HS zr2KBe$scKJVi70cJL9=vtgiUs7uCMnz?VGwDC233RV@Xz`K8(*&x*$cZ@Y{6+2Yn6 z-@`3=TS*VkZC>7!sar*V8TwPd2Zlo*@};b-e3|j?=Fj3jK`y7k1OE-ZMwmQXBQt_c z`BvJyt1t1^t;@j+^jXcEl^60sp3}d{wbJ|2L9$;G%K67m(0#5s;Sb)>+!ZHb@Bz*6 zmF5N44alp18-u7-E>x*Jn`EI2m{m&lOz zuoKDsaJ+gH#d28CY2D@UA@;#)uYP*!!|Js1f0IrN_Y<@o1fzT-UQCRyTea?1Z}xOo zCA#Y_NBV4u_)~xF$H&+3eTeR~s^UG#u%F`#uC*Ub)R)QT)LF8P$@Tl!`>T9gs$j2b zZGrAX#FKjGcKFBWNaj2rp3%CacetN=pLm>m(~uitUQ3K&@$mfz!gg_So^KW%nnrg9 zY2oMBq4zWR(A&$HKXoRu6O3+OlDw37YxY&Sq10oTQl#6Dk8pK6dM*R)l}lR>L*l z#-Dy?A_*P9zwj6vXLWNpM>Y+7XN#v!)qYIr_L|=gborOB@^t%D(dVkJEIL(V`??)@ z#7^NZ)zPkQ=eu+?@3^|Xb97Dn@zDj{Ug>n#?ZBHFhVH1;7}TklfNqB-Mpt+>Kz!Y< zcRH`C$)OLkXV%QT9+}s7quZ%pApWU}J2O=?r~UY{n$1aP=H-0OlK-DX?^ItnWa(sR zEM1hSUAV^RZoV&o=DXw6$*A;ncf;74_J$SRba&d*8M-rBc;0O2zG5G1R*D?26!c6b z)c-BzOW{8Q544}D8cs(4dTp@(QqU(=y=v4_yro5`*-vYKFzy4pIpqJ z7FRjuT|L_TJsV5(w1z zP54J|q)e@cj(=UiQt48o zL(Mu?F8!QBXQaISoZqkHw%*szgng z%HN}6lPN~i+>t|1G>wW)7p{?vE?ccN}%GZ)$ zjT#0oDPGjvolW0@QTca&q$Y-jN$3;L(D z2X}K!3igYsAA`>-=tooA1>&os-%pa8ePUyO;*zQ91ia4!ZzNwaht4A2`ueAd&Dx7C z>+z8JEZ-S9V4KmIszoIlxO}&5cDm(zhX0hSsodY~@n7-x<=MMhuI}oGjW8Me37qI& ziAY^walQ_myK^qw4IiaD!g+&*cZG{Hz(rJ>a9&NJP4FH}qX)p1bbz5Fd%|k?E~mK{ z?VU308GcJ03-YtfoaP(bwO>EqI{AN&V#e&?Rba7Jrq7XAAstI&-Tw@F&-3Uf&GNtDx_r=BC*91pYO6OgvOd zcVTO_QO81i%NRI)HqF^7@{slJbk-cDw_I5o$2lc>fOoZiw0ZXz=V_B0!+Lk~5r7T^EwJ(EmSd(Ry3Asfo*Y3ANWp8w?~__W~PF4Q>=wmS!(YZQOSe0?6> z?hhr}Sv+5D@LXt{2F|b42(PN`K9<<2ah!3Mx3+hXQ`bOF-8|%Q5qMsV>@7uiE~AD+ zxBUFF-MN)KZ{+#)Jm=2b+;TTZReSHlYj}1OcfC9A-ND(L;P*3}2OGdu=Tdb4V)$ec zzcskEh?K|ba9_uNG+}42;rCfiK1Z7zd&7k1n@xfT)ihPTQ!j2H#8>s6&o|Bf-OZ`E zn%Jfl#5R>1{xW$|*vJ}J&(DUp^!YIGD8B2lyq})8S5Ip-mI{}^klPGvH%tPZG0SD}hj6JKm7DuNz`91L= zU3K^|>XNFfIRv|4D6+bwi?eEU#Zqto=gQs4{Ht4EoJSw@qdG&KlZY>yLY$d5j~6++ z-qA9YHF{Xr?Zc?)czjsRSL4IG{-tGjmy^U-GC=vg=$oYYcSV;IoBMQns*_h7g!F@a zUQYw7>aXO07afo8=x(!He%t>wvyMg1IR{+wd2weF^N}z03b%fdN8?@C#p4*)`sLf< zAKBGe=}UC1YP&>@z3MOS8Cxk_Yh2)Nl|C%yC!@=FZu#PV>a}Zqm%gn|;{WR}-?Ilt z|GGT7LZK^x5guRC_CQ%E5!;DF+#wh`tj3tCG?5X!G@Ncn_)Al-=)vSLjFm^``BqTCpMn3>x5#i;Eyovyt6uZQT{}eM~97+=DwC}2Yd}LrOB%k?+K2!7S%ia zvR7AfLe~>r=r-vC_{rqafwK>7K-cpAguaZW|7QLxyYZui`3VDaA$KfP!vMZgylXMc zme;D3FWbO#^4+-03%MVIY~W);AFIBYbQkq>y5xJ+xx-2HkL--LM(P`Ma6b+hG5OH6-;!RE4^6&6`F%vw z&E?#iw4d|+rW;HSp4J5OTg5QnnGPK z<_B%1^ZndGXqVvL66Fh<+5_ls*@vsKGZa^}p#r_aZ$B9XuR%ZYJ9FD2JRM@3U>t$= z&p{k$|1A7j+-(F8^64_(gW8)J{jNC(7wEeAapytRh={^vg=ZtB{hYfGD$+v#jbXAIhten)4C%%@7a8NB%Kfk)BA=w_blU9F+>sW~47 zo2B#F%ujnu*`UFg0JHW7`l$q`!To{N$FeO)qThhU$ck*i_Tv+3+K#WR8N=`B{*Y~$ z#{LfNcLFgTr=rEkVp_ym3oI@A{?F6m%G0F93$;Dd;*mYQqs5~WMT>&&6Cb3-JArjk zd`wK7@jF!A{MfeYo6D&4rM<~LqjT^)pNC|3I3gEK4&6Dx!8=u&?7@HkEO-<29<13%m{RX+pI^!>vY_xl4Gp6>i=&fV<5SE=wboPs^V5M4anFmcn!HS`xVytM2r|ct%t-=_&yrsD?PyF!Pi=cE-1^=CvQ~l=2~zb z%ys@SIM&&b_Ccpxhi(ygS34sk$e)$d$4k_qTf*3~ak8x2#y7=Ysi!)0%m4W5n_4?& z4Dd(o%`E>Vz|E<0H-mK2`t@eYOW7&pFE1)^pDnb3JgTm*cNk$=Y3+Xub89@LnT&c2#{7{hKp* zeNXZ|*<99?Xgxqr^>?s~=*M35{lvU`x}y5Yw)AVw zfR7Dd#E+&qKX882eC~alr@7r>&XLwOv*(mQ$b28{tZl>osnI-uqk&qt#&1IW&3xi@ z6jN{B8{n+fzBaqXNog;E?X*OnwKq_^PkHcL95j=IQjva7Yo8Kx$awqB;yLL2;YqL0 z4JG<~<=$xgT0QyiJTLB7v73hG;3K&<-jrC|&~yNr8^6AI;j7qq*vyGt@CKlmw}G=Q>_Kj0@4f~9F7Zc=pB&RVpK+eYf4CXh zO_#Z`cy7EmzL8vPZ5qF)e2yj$VJ5OopW3gkptg+Ka_*ISjPXp|H_z_<4_CIGX?>a! z(=KQ_;N^T)dG9{NyM{+av&J)hnq5-@*A;$!^X@YGQ|$+e`njk?KbfQM{4eMT~TNH|*QnEWVo;0)nK?_D*`opWv_af`>8_pu9_ zRx@wanKkz;8U7sL&$Y4yjQd}VhEZdD!Opd_(9hr!{WL!x-H-G}ZW({e(WM*VPv(6s z^Iqu9BRf4|bk&GwJ^g$`eN#L0G`TLq#WE))ABmA$o+TgX+mv|VLcL>Rk+QSq*XkWp zo6gW>kU!@a|0P;SR6G|AtLD7I&bhJB&reJAllfKYeu&dgaYtq{54*pZJ2O zkDFP8xZ`_{#X*Dn{OMnKI9OZ2fswDpPRiF^JWH-U1KsuB0uB~|1Kv^GxvQ7X@^SFh z60pafDGmD=i-XQWKX;YrXa7&5`!V!lp2=zD$mG0`o)w-G4}+gY;HNT1j*L71-*I+r z)~nX~rp?@&S1tS)nsRT4x2~=&0Y~#w(Qs(2m$WA->Stw%e(Il$?#IjrxRS@1&#`$; ztc&iwo8oWQj_U98e;zzODV9P9uYHs=i5V9DPR?mO`0GoI+x)}maRvWF7XCm#Q%m$y ze;~Ra>3DQ`0n~ph zx*x?i7~Dh0BMo(_-_EN`y}YO{^`A@YQm-tpOZ^T$Ja$iAYVHH>9VpYvoFV4#!dUG) z>tnT37sP7cadE8n?F*dL+b(uelP`_c9@%q2?c~e(fByxw3$be##`^c0d}Yk=M%C4^ zTCG3VQ;SUeon`!qF(=Pi8*zj1dtY-uOdh)<@6+;UL&s*EHzNre{Qr_XoJ@6%KcEauf?(b8pb>7@t2@J^xq)+;xPZkzz zb$%CK5>)PyF-wdGZMJ?4ROTUd+7sP&e(AyoILVx&SI(zzKJnLUnyS9 z%&B3tkDK8o<`nyC^qd6y7K@ueKk*X%?B5aHkIqZrtz)_V2G$2`ydb<`?p-wXJa|Xr zX%33>dx?FEzP}>@&3Pt&t$Zgr>`CQQ>fGGUH_84d!Eb&o5wEX~QLk<_ya?YNF6#d~ zJj;%`ur>>yW+z-&8|2fGyr1h2ZSLi-9GDqb=l5qbMz$O{gl}k|*qj{Sb=Jc>CI^Q1 zu@#_MGPZU*`$@CcBzGY(F1B`J@cXpbTE+GG&+B7rHwC{h;JJ79$C#>@ME4q; z9A(W|*0(mhyswE(uCh98CBH4Zu(nLOr5)o9-gS4=s^59IKX_4CFExzw=XzcV7%Og% zhEZ_bXXhH|=dC6B$^27vKW47Lm24f*lxV%!r^nw}dQ?vEVH{AR@7Twp`xcBX7REq7 zf8H5Q*Zs}W{TLYGyX2(hs{Kbwv+k|2z(A#Onj3mQ#fowc+;8{^)E8uxT4xnRWR zo_hguW}dHcnux(|+Klb3c!@Ony}jj{eY-oZsmaCr?T$4kcPke51Gm#($JI3l&}lk* zH+p%DIrAg_$HZcVa8Tjr%>?2e==&Gv;>(pz@1bqI7kdiH-%ie?Ytkl%ZYd2 z0bIquN8!=X*n`XD(m+?qgklS1vt%aSGkR>b?gB+lptYepHGRYvA-V(OPy6aU;_0A$ zRbOIT)CS(R{bKW&91Yc4*=%z`X!q~5>x55~lVM}xnxIoKf9hm|asb8Dt)}ett&b6`DOT71=pUFLt#3R@k z_m|j{ssFyn^%>w7oV4~K|ELdfM>__P=YhXU^cTG)7bdQTaWjnbftQhM{AJ>Y1MCN; zNp1uaIL^_h?BU7q(&QNXGu}UPo9@pfUTRavY=?NTBX{Wzt+B+)6F=PC%>9llx~hhQ zw@Tu18>o?pPEJqSH0SI`nfsaS?G#U_{*isjZf=%iYR4X)g})Xbu5#Gl4-YD*U^Dtu zu~<=SLdM2m0{e-LD>&C!PX3IW-=O~gi94&J+EsY*Rq2R!7B3nbxKo<%c;N^66Mhop zyh*>?_oNGV$FC+nX z*UkVh(i2g2mWum$Gwxh#d5_^66Mw7NY~8tb4RkkaFnnKJr>GtOvf_|U+%t4NG{S>F zqCQbK`297z5Z5i<_&)nngM(i5VR>^HFb3~j3!Sw#j5?T&Ct7tjmA(y~xCNdW6H7fm zA(napzv_$lB7?9Q9j>$3t-N=rkJ+dA`tg}Qwagh^$z9RE>{ENdetxb`Z3f>%7QaJc zn$`&C*k<<5+9RjYJ^DSiD%N^$9N+Dv`qY7hGxHLjWlxe!KpHlv?(F6QaxG_XtK!nLEp^}vT?gzYj`puN&6(Jjc-k8_&2j#k|9{K>8~DF=)11t6 z_4&h{_4#ZgJ{QgcCw>#3%SPIF6nri}0=67|u2z2i{&=g=yRqEu7hS_xOHA&nqv{IH9v^gGc(+9^LRcIJu78oopv`d5Ja3?qN5cQJbw?T$?@0 zZmS}p&Vl-F z7}VN8f7%;=t_v6rac01NKt5-~Go4OK_|dtv&JqotcqjXe;tCS2L&Sg2xa&eY>q3=q z4o#eYfR4A2e{vie#>@D7Uv2gf^Cr6^(arO{>@XVa?duOPdyfw-`3!alsWZj!d zJ8!MHGw91*wbbo14P3>1DERkth8NYY?b6ci9%cS!?wZ>z%c{ziJG?sd{Ct)( zo9|o<{^FO`wsVFu3D`pK59a;Byg!`xr`8j0T`FN z^*KzR&{Fi~$pu8ojspC2^N{VqRzT4zc3yZo@)yEFHNG4-h3f}2PxEb??ZFK!QSDci zd!W}!^ut3=KJ#tn`w%q6-p_qo=N0&ZXF>0|PQDSj)jb7~@;AeSld+@bcgVZHv3T9d zOfTIoi|*@$|1zHLk}ZD(IQv7hg}3zIc6O}a7WN239 zcfilTtk36OGVARg<+y2|j=r5KA6a%1?~QQp;RxdMy&gU%mKeL)s~zU_>uy7-pP$8u zne=d{{Cwf>*k0C=_*LdUXS1*M@TT9glU%%232&1;9fnLR_DXia^JAdV1eX@O<5#kW zyRz%Z517jn=;j~5n@_M8ZHyf}2N`)auk~t0@qRRzQY@$H$aO^fcCU+&CQ?3I2S@jZAMnq}n+;X8gNL)%-J zGr3X5S7T*d`XEZiW7dzs`%!dwZ;3fu|E|U^|`mce_4} z;y%oLXrC>2;4Ahr<@Na?p6qAJ-L+pno)P?J>k~@vDF)MyZ~QOiE>3F12jw2WBfn#K z*ZN$J970~7L7$^*r(mZ|A?`r`*FZ1*O{s|0P9BV3W;l7$9v+M5v)_wzlutNnE`RXu z`YUc1>+<|75$%F^ESU3$IJf{G%){iED-M@;OkQ6oXIVHK#M%_Vx#Is#ANXl>hEaE# z_r^|b?tX9V3VxICE$ZIb;MhTW4}{*qJmPM3i-AwR(qMak|33!UwN9XK<=@37c+kW> z^Idz_G?szcaTAFpwC(A3}oW5*4B^1YrrJl6`Tf!{vHh0pUnI3qHVT6x)yp?^<{3f-_E{9 zxzqN{t@BIRyTF@?^A0>o?X?;U^RIXo1+$f{y*w|5J5>7zm^x3vC-$uCpP7?))@6LZ z=JO!O_%khe>M`aRmZ>xF<-Y}A{s?k_`?l`tj2+Cuo3dYIi-{NI*9^|h z=hf*vpXtfj6!!5mT^`MJP}^#%$ES@>{>n|BTus7OkdI4e0NDDSa~Wfb>Q0nVcj9xi z)xHnBv=125@OK9Lb2~K-WQU|_Yu;_pyIak>WxT5z-FN?!=(b#Sb!HfU&Q$nq3Uw6V zPh#rw%9*?oSy;GgL~9)~bS?B+n5@g+m~`@ww2b1;EAj?Sj_{SL0c(7Vs_(2^5!rH* zyNR@s-BU%ID1NLT;;!{4HZH@zeg(P6XBeF&xc~L-$N>GQzuxqPUNioV;=WA1@s_b0 zjE#d|N;%V}-Z(t2dgIaoxkb!(G5^7(V!@7}YZMPAe%wU7%DJ@h=QY62i*tw)^J?~T zB8p+ryfy^q)r-C=JR738uWWzdM6Tq2tsdNOOF#aOl%pSj`8pdj!!zj+{q`6>T-7O6 z?3v&=PE4$Fqa`Pbxhi}4=0i_zL#Oae=MNchaT`2R@F(l+mzs|)s{2TtUuZsz{!G3% zZRV=h8MN9S|MhG`_xLrX@#FiGyVL!h;HS6!SbcUYa2Mkzc!nu`t1~9zZ->afqMlZ* z&R}!o?(E|1@GGo=?z4XVlB=BBcwZ;q2ilg!9QNdn@0T=d!=_=aA7eb>b+u}itQzk6 zN1H!xYQR*@aHxk-INL0~e@|-(c40^+?!IkI+=pY}fbbrG0js7)b z!_zgaaWjmJBO|KeqIX^Y0eS?zV*CfooqY4XoX;^=)y&h`TN{0CuOxQE^QB&D`n#q^ z_T^?`(TvX!yA+!<Vnwm0- zNfU32M*Z+d=-znV-J-k?<&tNo6Q5PjofC2OQLi&q3s_xrqmo%i|mKBLL;Hjo!0 zEN6Q*nS0($o*w+U$i0v~;h6%Ub{2b`KmVT_VFL|%zlWV)A!2fwK}%Dk(u z_THgiTAwZkj@GpO+&tRvCjVh_^E9yDjoeLc9-fR%GJUi&Z*Cs?A^D{_*sb=##>X(v z!Mpwo7nlpq`n5LkM{6LVI2Rg*;=6K&jvuBx9N!?HhVm8K+&rwYnpn{ABAgE<2uJ!h z!Cx1?l-xY{K=NM@7tmh##@Ou{!PvmqE|{C=XIe)?S1TizmYZiOW4=Oio`#$i7rtC> zp6T%Pf5kV}rT@R=+qzfCx6+s4+Y4X2G`{`ra`=Wm`}tOr$o7A;r)MOwo8%SD(|eub zImOY;U%T|RuVhcp67He&*5v~^T3bc$aC{Rv&(L%AH=QrDZ|0rk3)0>f#unawsiF4G z;2%a{ld`8B>hp&yu43N|J|VPk2Ad4+o1xyhzhKMQxW)%2?!s0ScWFF~*YO)a_1Dg_u|KhU zZv(W<_WF1elg|cEv2aEEKSSJR*0*Z#7ra;8Yx?WxKiT|p*Pg3C&3ZsJIVbU*CeIvY z%^nKm**npp&mv#wJn+nC91uM|-Q@eEe^?$EAKV*to)jM2_h#u7&;7eHy|Gs~KGS;T zP<85Uj5<^u_0{Pr{uaRNMbJk~qII@3?Q<6xpXdEv#BX9Qo%PdRouqg`J53v~HT7+p z*O_R>E$pAcCKRifxty8acyqZOZ|=aKYtPIMa&LB$dvk})fhnFAOTW;?&ggs0{WG1d zJjbDLzHesUOKbc?wKHPl*5pj>2@3N@^tQ0BI8;5q|NYrN5nm5c*Vq7k#3=lKA9fS$ zBTSAX={4|mX0+$E-kuAe-ZVC%HD$B!9~kER1Z96P+KcbSXJcFFx<97bMmrQw7`q9; z-m5xgc3gq}Pr8b61%Ljy;(PwMf^X`tMCXmX(>$daSAh3d?6FPp-NaDXwf3d#RlE5n zd1`E-ys1X6QRK>6*MI(weOu5ena~FseUMzF5AQ=C{JSS!tNyBW;I2>;Gh5r1%{mci zLcYSO{7>7!tM|&g7#hC^eIb0Ya~)Yb$ej~Q!4vK4J&z6Lo9j4)?u~~J`Q|#tYd^+7 ze3r!}9{T$64(QD@=MgGjXwDs#ZN7~d_?Gy*!{}b~;x)cqo8PVD*0`;Ub)M>G<)}2}&;LVh>iDQc z>g4Nc->}K~%Duy#TV{ywtAW$~js#^BL)qYj4N)^caIvH=P8;K)Tm{haW%%}TFe2;n z!{}|jEz@&+ZX(ru8+?M6)@kvdp)YRfJ!{a7smk@J_xD>oCVqZ*@a_sT7ao#XOKX07 z8ixtC+Xj!?7Oz>(S`A}Z*3YNKlMU0!9WfkRu6Wc6-#zyGtogP2N|1R_v z|3_r3&S%FspY1NA&YGeZUG7lpUv^t&F8jOZzLEW;j&sHBYr6KLt8GrC{8_`NgZX)V z;DP*fiw8A6uM5CvZ_W?HMQ388@j*N%nZC2QU$Mo-X*aBiF>ZC6-(2fXyL*lM$>`0$ z8OOM(@qyaT8=R>xz#n(P?97~r&J%BEUx?c{oAs&TnaXfb%fxBoyDb-EywkDNSy&z&s2d|cX+@K>uu1QhHP^ZiIk!w2=E2Gk ze~NcT_A3j^zI|1J_G3p*%lD=y7d$k>oj5!myRf#l^YhNsPk_g#ZT&yehQR-#wRgL- z@ZG})%IIC=0rEhP2*2x2lD~0e&by23dy0kMwT_D{{9WK(=hVm(`-=z4te+Qo;v=I5 z{x|%(E3)ux&bx|#h%D?b87SAeDe}aw%Le{8^}ZchxNdaLyF-zMi!RT3*ArPdaZJv; zzkoCFuJctzPwcs3pv;`t6+Q9svCgYLDA}Sb?);*uYp?Xaa|VjNCJ)rczECukyo^SF z4t=HQiM{$Q{aL{GZx=ne<|_Wjo?G{E+?xYIq&Vi)`bjPRhfU~lfxf3(r z#Ex_tVqpBo@kxn ze3j?P)){Uuyxux0fz4c593i&niH~V|(8gfi9=_W$E6F|Gv)1}mA5L}ajP&-|nRL^L zOtQLrMsgbeH@z*BZXS_IVW0i0-j?ZGt^ePa>0dh{)7LtJ{2e1qOx+uO3wtrazwT|U z$B#5~3^De`xs7kB&0Ju}h2C1!c6GhPZ?{WP4mbu&~hwt5l?u$EX zqq$wHJNFU~mq3rNJ3ZtvcDG`uvxk!>_4i*^yv2BK;Rwp;-XGDL+KgO*@iyeD|CeMK z1J1_pZ^gFZCo##BBLi)A8|Wv8IZrCyQ{1gOhlHmA9cRpzJk#o}H};R@?8VwzcP(^s z-`CTklc#k2UOSd>*UmNHjQ-nib^aMy`z-$88|3%P^eqSK z^7C7;=Dz}1OW#r$*7N~bUy2Q;>pT7!S#pU?F8~W(Jim`KLH=4Tblwz%-7-kGL$D{* z=7+6&F4XRXa=_Lg_i4zzgFpOoCwoq{kIP-m`ooVIm<4*OW8T?y{BC-C zBwk6`M|7|1eA=zEMDYE!;4;4ONXVatc)N6Re%?w>|E%#cF_&8aMtx;|818)hd66c-FNRx)SbfmeJEA6bFi%Wt!5ro+9tyE1$uw%mw+(|Hr4 zE90!Llv18Lv8yzWusZP+I#K=*V`Kbg#X~c$l@649I^gT2));%r&^hX=Enh6gPRo%? z7jo$ukjqPdv2r<{UoNR@^0!T}ukhtk0LFo<^TROm7?~rFlEL!$GwWf}p-YiReQADt z8V8E*Z=OXSCGdBomB+t>phMB5SO~=`5*m( z|K<*M`J0|7{HLC9y#fB~xn4NW1MloxJss$`I8P5VI#2=5VsNI;yww{M_fwYgMaX|V zzU7O^%gk?`erqPhd%-M|Y^Bq^0h*-Kr#za1I{nR8z{3f}FVDk;YR@TX?6vJVVcT=k zYfl3@ZPpr3P=<289w)1<{?=HZdn||c<6(Yk?_SSI+6)Y}`Ij+|pEnEtabO>__zzqB zM?Cyl86Kt#<%Hke@8NR012`qagJGOThDX3jJ>mQhi?d8P4+5{-;@o3#?z1>)v*J5< zKV|m3HPc5~%?plKoHOkqbIvF^lRjtK_f7u(E-a~T=#%Asj@m?q@_>)8iQz!XjY zWNG@tpP^|t_;y*Ewp*IIa`>>FGL$oX*y7=Gw+3+Pu8@u}PQ!;Ta8ge=n=Q_t314VDkH1AJ)9p=o27Cc}r#&;(4;^tYC#?}(<2 z;A^uqwOX3ic{DX(Us@M(TPZ_1@gZ4l@z;3xpFDrD%*^wy13qO0|1H4Z#d~+rY^^yy zp*@d^-;Kd40^X-m`Dt?d;nhBPwQqn|x^K+z>STUi)t}4{Q}i|Xyea@=!mskf zFnYHlU?cMPt2`SC`uj;iKDqo>J+lZU18?$k>@%K&GAN2+6o{{LSzIP*w?!_jT zpvg&l7(H1`ySu#j!CjKWlSYpx#Ktu`CvN1{n_q4%NAvSQbo`8a`Cbmj(j$dotP>9# z;ms1u!v&Uyi##57;G>iS!d*<61^7+Mnsp`Yd@goAnf+F*d%YO@!TMj~i!vKt^75|s zEP`K@6`fbYFFiG{V|d&`uH^Z{G8=Ti?R?6>cV|2?t)1__{>#j5Z|8r;I_nunXgyE$ zzh>KeDKS_3!Tjz16*ePyX6!cgzzk0pM#htC(S_OrGm@>oF2v$V@<6!N?^8Y>dDD$!-%evg2cezY6@+ z7pxC~-+VuY4390=+QZG-W0{`vR%D2-SKLkth+~XZu64`ci2As6#K#ypynm1l^|RLOZhHS3_XPYu5wM{~Y^V&~ z*==oTT#jCqdwLb}qo?!BrG9(R>A1!6{`jq@jP^&p z_PggB7!O;Ybe3{KpQQdga#{R4(!bIVgn4+ef$^{hqC>|VDRn# zOR|4*F67$3rQwq7{|otP3E6+#xBt=cbQp~N7=CdxjddcW&KaT?|&|jZzC6;yJ}h3c8-9b`hv9u{O0?4WO$x& z34N%>Jw2zq@2L~W(%9jc_z!z2yJ^`P-H_GP8k)C7ohb;}4V)LmF=cgrP^9OvJzapM2`Rokm2iW|W&w691 z$k_Om(wj}o2ig4Z$h)NXZV7xZf$!*x89PgLj%cA7^=YU~Ig5 z9lSdOkAi*v9&C>KqWwRk@KE1N;bCcjhtuHUcKFn7dDxZ1!(Bu0up~bZTkbC0{;56> z3&2>qxG;=UFT%rJ@TSZ1aI58EhsVQK#-G}2@9v|_)`m%o)Q*u8ec{Pv+~hbV+?R9w%GFS{Jaa<;tSRm>&UxOgFd~8El%_GsWd*t=+k|JY_UYP zc;>z}?l|;lTtJVS(W5qW<)GE0jX8R>X$Uqdemz5Xx$LD*h)FdhHTM!75nb2EzY*QYvCRHmE8p&4BO&5^o#nU{X`Kw)b|Q_ zSP|giCV03SJ{`6^Y|i1~+97yYnxBUg>I=934xfhwU_@pXhA~V$TnlfSEe}^%9xj$_Wi(B@z+b2&*bRxeDG6W zuqwrKeXl~7tL`#)ifF%rzNPk|&nAw$I{tn6lhUSe99K4=ySY5CugcGJ!S3L0KocVs zfH7fGei)*~t%l}m?9U&&Eoh)0^z`d}=$C;%E{5Y**+Egt%Zm(}H#@%i!jx;#d@G#edhu(~wO>e9@xF1gbvLpg75ZwOtk&Y``= zqdla{Gtnhrh+kigc)EQ0H27C%|vMPeU)J-KBCj>&!%YN(1?c(B)|5PWAD>`lHp2^8C6{e^q`y z3)dO$C^Y(20LFyU!Z5Niex!_fy=dlp*jTE9wrFmATUj=)c+ck*S8&HiPF(SfrQuTa z=D_9oX$i#@Grs4|jn`chPp(4-_1~M3Z1ZJsP5fFTgAWagEB-_dCwJ9{*0>Guz9G;j zj+@849(r?RxQXrEaXC6w?&(x$Twjr2E-kVA?T}o);LD`|jHM$A!%dCY+DtT~ikAH~O+F03(tq3?pkp2d<5~XNxi~(%+@d z&hl*NUha^wvH3%7*w88d&#|G%E3l#VKjx<;WJC8^8*;|Qle>|_hq0kOz8tuF(8%G# zgKX$EvY}%iUgIu+{|f>(v%Bsjv>ay_BJxv7zI9%Z;Z_|V@q&q`-YNVifqlZ_KVtD83*$F7bcAx04cX9B$Zo&2p>8X?`s?GrXvK!AKN7Z~ zW8kO0VEs4v&G*H~aPeIOb7TG9_f#9QR7}-!ef;rXBku(t3CC1Z^2@C~S(xYV^yO9n zM$51B!w@ZQBXl9L_M6rDX>2)>AHMi=lTTv-7)yVVABOh#t`Dpa zkG1eFr4MX>Ha}dmSALZ}?{EaU>%7A;>(ZR5GyB=UO#doAed7i6=pcI8ZS{AL)!%(#{dMB(S7JIFogFt)_y)M{JVj@%i`~___v4gtB%`2Im(9Yr|yP$ z^0>916V`qX+z>C8{hZ0MpY7nMzF-ZL{pfoWde{`OpZ(T;_F4OhaF5Zi;CJbYu>I8J z*Uk1H=9j;4e|nttdj(*$d_O-7(c-Rx?o|Q%>6*ou#Iv87f3Ws5EkBJd2lB%gjqmYk zEC6Ha{=zV_eP;cuVbxHI|cY@fMjgXWgGXDO%8yxG!#&3$KxvG-3y z>*M?K(-P`4AGdwxgXQt$dGzK<`pk<~ZzAL4&7VPUNlFuix1;d^tS&y2nu zzlE-!uy(jP#}2l5b`Xj?XNKewYR7>m^0z~BIenegodPi0zgrka`}64j7Hny=wYfHH za~p@Sxi-pCHf(d_7CxP{JZ#P3;kqGs*pQ!x?K=y%{~JCJ3&3dUEDYma;^8`Y(`tFR+VZg3<6#t^ zt$f2hn`r-9ul??7%2UVq&{dQR#2{Ch@y;yH2sxSgFM2tHdYY+AdGYS&xf=)B)DqkFOR=e?+w$`uWK+NL$8tB4+X=l$VN+GU zUfdY}7C9f?RVxSC)Mu3MjQ4IE`p_28hsEeaBQo!``miiVADV{HhuQh{VZtN%+aaD_ z=j%fO7?FP}4CBZB=tC3oU1s%RvDJqqL)g?}%276CQ%*%ZS#52q#`3PEBECqxI|h$} zHnjx3puT9oLphK1eG@#~6yV`1csL(Eow7V!ki)}8L-253ejY}?RJi?5b6=#1x3N!Zx)`#cMJNkC7=(x(T8ee-f#7xCPyEp4WSS7 z^Xo&)+WhShZ*TMUp#Y4f4-|%Rwhw)nhJ0(RK2%wKm@I`^&9Ol~JBL#->WcHkD9ZUFzA?H&0ue z8b@8qi+68;cY0>~sg~Dr4_8s5W!)kxB6{NOqf$QLvxv2S4=%Yd!eQ_ua^FcVN!(bUiYhmFcT^ zhvpoAqHoDAzjcK+dDgPDK$7;%l{^64~k z;ohk<_c|DTIAZnTn5PeZ9PJ*b%#r#`A7!&=tF}JuoiXcpct&#T4`(E|^X%Z+_3#Yl zl%G)itvQpPW9R|(gl`0Tup0Rq9X^;t^I?zXPR_<^zlX|i3i7?3a|03X`igjYgjkCV zjongj%g=YgYEWAb(~g6-t@~|TyS=t{GiLDdy89_dSz~|u_#Uvo)$3+*hA*o8DpO;Pz0* z#B)pX+rZM9h1>g9%R4s=<2%7|d;N_3Fk}PEnS;}L7Sa7T1G4zi5c2^cxGita4>x23 z`>YM@m(JW@>#oSJ|Nhzfh2(NG`rn1VoVWVFD@T`hd%EQN!>sIvW5ko}$)tp0Dw zp?RxE^Kx?intf5)XRs-!%x2rJVyEU^RxV#q8@58<7Tbn4+lGxp=yeATaM6{<5sU*ULSvz^!nI8g!OtOZ3CX#Hb#1_@7?HicR;V#)wAE<)9VAi zUN?sHI;1=8mHBl?c)obGjmrwaXnAd67UGu~|l{e%mKR3wPS>~I+hfUv->~%BweC)SLfqD<(cis#x zd(ckutOn>+2O!6c$J;nds{C{lpAXu^XPu7xitCpM$=6-{u56_1+yLCn% zu=+NU+h;cM+kF1tL_VL65t+HP$v-!SkIwXMC5KPP+cJ}(tCDxbk3&F0oP zZSDUIHd9Ydu2b-pdH1KqA3Oi<*twjn{VPWq{a?BXTj-!4ToECk-3ZoO$Rkw3bBun2 zn?7g)d^LHl!J9fYEAc(x?pCZ4<$ELbD3@Ml?BE&gA@b!eI{$c8w$J}k?D0W;Pe^AY zrTO(ua{agG?YXqZ`b;EJSNo#;4`=vwMp(ISdX{-IS02e3%5kIoRZAk7%9!(H17%XJ z>>)CDdS7dDnx|WDF?aYRn`}Ot6UamJy5rvzPtK=3HkV(|f=FiOL*zt9A5!zVlVw4@ zm)nCqTQUABZ(`4usaG9OE{vY0m@iw5#Jn|ww~fHe(RR)4-2luOQeXJUeoTj%v}k@E)R_g~7tq3?(BgNFzFpmaXg z{;67*JWW&Jm+9Y^<@bY2o&21&wNO_ zF@HceP_ttsim?i7D*CCQI_hvwgfdzkVhCib1qn0-2L|(Q(Xz3|T zqu`16H;DK1;e9{6?}ztxFPkqXm3b9qKI-ev>ioP-{W?ER;j8m`TL8v^|H%)-$Q-*I zuUvtR@JwUZW%!Ji`da2~2aQ|F2WD~^`|IW(ATO8U=_1eXN)C$Sy&My_#NA^7yN(pq zUPvRmX`bxhi^+qfb!@}CnX}9|_NfQ(Bh%pD8TfZ*z}9}#%*49^oZ=Arr z5o35l$L-jIauoS};iKYH33Tc%lZhiTroSa7BL^b);JmTc^nGV9XO8Ec^o6uF8p((s zCQr^tVy!WrpL?8KG`_zuHWh_8)qy_qshYTZK44q*(c0I_wk}5eT$(qVvB|~ygnJ%4 zIzM1Xm-%+IHe^R%3eF)+*q5I-lGlyC9Tk8PN#uv&o~>h?@1PU#fH{dn_Kcys0RM5; zzrU5(%HmnC^Y4T0D@1e4lLhbv^?#k!|2FjhKm+3wct%XLAuvAC_)TYuef@tOa!s8l z&pK@n`OJ;PSsRJ7Hm#dcRR2~RZ`Q_N96_wK`%~F?(m$7!I#r+e40zUk3LmHM(Hr=? zdrc+%v&s8ZH6Oi#H>bJZ#pci4Kz>$@c}(omnqOuukL7Q_=zdanMk${`0T@fW3d8vL zbJ*!==$pp4OtHc#^2b+*W^BA4d9L1i-Fp9SJ#a2o`Tn}hdgt7~N*_f>BkxR~amwST z(QnFleMW8EtsXNF3r2?5e$+*;59a9gLG-!=-j&>)jm7>pZTp9H`FXVT{}gWDhkPCt zfKmTwei-fvcykgy%=Gx<-vRI$#yxML{guexJ>g_@?oE0hBkz#rR6{z|VfAyn{PS(K z?k-P1iv#+}o`!`n>iPQl5V_fme+KqRU|+EQHMOhW^r`*L=o|9VeYoa%#Cyj49EQjE zpS6ZVfgFaDEH8}h4fdrW+iU+?exCR_41eB>E*v9|_({_z^t%T=oI!m#qA~|5bHv`G zu;1QM((M?3+lXCe^Bf+w_PC$&)bZCeJUx0dxh>Xt`)PKqn{o0KIQ!5Qy=sr=Z@*waJJ#A>0T?YC^TRMQ+npn`J%eTT z?-tLc$Sm^t{P_IyC{2>b9{9W4%A?E5W0xn72HXFsjodA7?o0ROV8$8_`SEvKIqV@8 z*L*|!wD_OzM<071$ofaKmvI-e0GD9BsQeuIJ`P!oyE{9URIcmv>iL=Ub|;f=7?Cmg zzu!}|vM%PeC7TQT>qRTKjm&ws)LH59t`55~esE)cc}{4}&l}PAUSFOCU~rdQ-aYh& z&c`ET4gJHNl{-oUwB9%H{`TN|%7Qf!wz3hBF zb7#7z)z7K#Zq3oBj=}m=`3m%@WljF}`ucRd2f22jCtIyPZMOQfWe9!ROgYMi^yxwF zS~zU=>4?>*$c*@VrB9na9oDBU=o9tDle?u)`d)!PRouNM=AVzyc%@@Lx;w_qp;flT zYQKi>H2SfrfPQ=|e_Ms`msePOF90L*(flxU$Fw^!l5l6fsn*vK=Q1nziS=II`(kJ1 zQ}*slb8oeDVXU+A!Q6Kf&=20-h3sR@D>EKWXx>fz59@MMb&oqAZVY@s4)#gq^@&;3d)p_GSuif^wKz_x-vh@u z562|sXxW{~rZ#S)V z-h61wTjB>762C!P?7;1{m7|=g3&f-C+>b|&M$KvIcPGD1u4;bAMmSIYjeWm-r1Ru7 z3-j-+9$bn)Zdp=5AB02mnXOLdXSCDL|Nh4h(|*1YKi;BTjefuXJNuqGYgFe@pw3mS z`Kb;*;mg!}LiK!j$$@$a)%&+Vy^(&s;=%Qv8K{?0y?+VR%docN9>d1gIhn8XUiNY2 zE8xq4zs=8=U;NgtyEW(dvbCNsTOM3@Ta{C0wO3~SD5vH&2P{|8OoV8w`Ht_pwBVZZ%l5rfL)pV1}pGGlvTT@Dep^A=TBRmKZDNK&#fgU zGGmdT&gYKBi_!V?vN|)*g8a<*$+zR|So~m}(f<#x$+5As7TzVp5$<2A3 z`LUAq>~ZHgW<9?TF~`nx49~LlULM{BIeNCp)3Z)H_hIflh5pU(RqeP^yjldW7Fb@* zv%H$`@v4Iu%lK&N%{+KT+3b4txb@yVXE`*CgN6#8N4Qo&rlWd=;LKkS%SjOB}*xl%v-8zsNfV!EnpileE!EXwD;s-s`tN4oQ|Cn!$Z! z@d*#=UR-D?gO(}qg?HS!7r*}>(8sE%_Qk9@G|ai#m(%3~a{6iPKzLnleNIk*`djkL zNo{dwVjB(cd_L=E6_%d5D7iMEXCm}Wv-BK@#utj7evh6x!=0O7r*=2K3m8tu&(AM< zBhcHzc_q`A)F7*A4)U_`=Qrtdb7RdN&dTxr+A;l)>BAqRzs@c9IOQ1Mo4Fdl+>?~E z_nv0s*@Uxl8}PKI>^4JR4QHX@ziBV@i@v`XeGBRm-20b^*|k7-*PCk1*kMYJPF8z5 ziGI|WxwUDusewL$IW6}f@?GF0)PCKKn|;5>d#{|rq4&}U%A2?{Sbn?r{zPv1l!2 z5#6Vp;6JN88UdfYE&8SDng`z&jZcrY%&$ckj8DEV5bJEij+AHB*ZcoNZY!f3tG=-& zJr3PieC-+|^LFG$S&i}iInUJ0y2N{dH9|4#l)6N*KR>wtO|_kuIWR-6?H<8`*!uL+@Ki2)f6~NIwgxh+Hj>hbn**%}~)^lP9-c>t?xi!TsYU|CH zXZ_)zdFmd?ifjB&u#?)2$X%v0uM%y^N0E`26 zj5XAH>VfCb(ap$WG(Kg_z?|F;WUBdT$^kY_3ubqKFV46e#`f7on+2y z96C3~(>dK=8l}(bY`yb-wO{scepkbj>bpa^Jldmop6hIg9KFr&<05w$nJUk&;m?)= z{IO$(q1q5phv*v$26v;Mb4NOv{Z=3T*}|j0eR=(|WA>ro(q9-}R*rTu zTP^I*z5>`2tp6Mec3LtE+510Rd;dE2eg|{7p1lX>+wNuWkorX5-aE;qW%Qr5E_ca@ z%soNcju!5}{QD;#YmR|-CKJ|{)ap&5(Oa0N->(A|v-f(Vz>kZrmdl&Z@J1=%d zuREu?#r6KYFn;%EzrL_}hxD4e>~+7n%IZ#Y;t8{7hxHP3mqjOKyk z`_4n>^XWHq*R8q3mcFu^btn^?VcV3CchYXft8Nwgt9N6I+lnLlR+rhqz0SIucn9}D z>&{c*(%qS6?z{{ppbPX+!DJWC!bi+asCvSFjGIdrG_58^qnF>0Npb-}UTDdv@=;hWcffGdFN~?QhC2uZ=KwRtd~lB+`_m z-$<>9CLXl+>?J$uGt;0kwW1-B6t1YVQ~hXc!qe9wtCdM~(w!M)J;w8IDnCVSYHCQ3 zODfSfQ}sseOx8pbeQnW%xfASK;VLdE<~b=6GdSI8VVti926?6uZWrr^(;5=b@2b!A z1LyNM9e$)QI(hO7{2rBAdu;B6|9WI@(bg=x;c^ww&|r`UD(`5 zd!C1$-$B<4(4#$)+AFy}68qeaNb%?T!PCDw0-dp){msbaFmR5rZz6j6&J8ymdBnB2 zWm_fSeT;Xfqi>k}yXcsmpQkOKpYW4M$j7&H(%8>G(!ZAat^Co>$z$uj?9u-tOKWU^ z)^*@$3)6Z8T3zkUY=g#D__mHcnvs&v(ZKR zSp?ss377djW0$l$skPXE?2D1TY&w0SD6yXS_x0F;dwf=6J>#Bo{ay|3=6dPQW6!N8F8lzrNk<z(NAUsj)az7gIoVGj+l@CTuJl=Gb{Uyk1P?+#6`?1cH~D~%1_d+o=J z{q2GO#C!5BEy83@~x|t@5nKhnP+m~-G1TI$0ik*bj7A_ zy>9NGK7FijUL=#A4_~iwYQCqo!T&kvn7N;b-?7V_o0kXLESYs8JFR_@<0>J!UAEf! ziu@1#Qj^w6(``kGO4i#1L*L0ml8919<;5Glb6blNf7KXO|F_Oc6gx4m?z*DH9D6T? z%0=J3cKZnO`>FSBJm< zR^M08N_3*5-=}?scHa5;dqnTL0RC0s`p>HVssR2K;qO1u_Z0#BP2ul9)b}P2|NjC1 zh5(OugFD3IWrKOVlQJP5FDXiV)93M$0FN7s5{IxO`2@AGGtkBzD!(ky#>HV8zb+aV z2imYG{Qax?F557=J1emhUdq-x(HqT`3*YAh_`V=~jRAZM!th!IZ$SXx{P6cReD4ES zzi^@_+Mg!*`Tfi50{x5ZV8ht;kHqlhu}I0zN#u?4Y5S(7?ft^n*pNui$M)s{7hm6B z9^pwpQW44YoxomBMzoKoM*AeyR^d;Nqik6{dudAgoyhGkMVQlglfDn-OC}EZ5@PXZ zL~D8+KA?V=kPaPN`Q%ak^Vllt>+pCi)qZ>%H$^ z)V7Jhj6D~9W3mQcF{X&)r~~m(KXBYJw9Ai|Muze9>ibCgBGbpxpE~Dm@%!bpzD2=x zB%1KssQ$|M6!s|vebQ0UTjJ6CJ!o{ukrOiO$xdqvGwh=(E$?qsRIC+H}oh>=>eNm`vYLXZwZ;^bM&q zP9}NQQT)HMCBVCX2G4WA?>S3+eWorWS$0H=j=JD!N8h%gZ3bwn{BP1FhkmQ4*WrAGlL^XmwNKM2XzCrHsoT(03QeV#M$-vsIyso8 zC8FshG@T%JCpJ}V6pBxeIh=8HLh&P+P$8+b`zV-)=lemYXt?7YLJWJXp@$5V0eD`x7c=!+a!hZHVeHXoZ$&P8wxi0x5 zlM@$sDd0-h!W~5?)VE;gSIT#ovEjy931WpB%^zytA8WlC(LxOQqS}ieFzt=e-o9@5 ze311e8z=Z>ceXA#*SFir?2Pi<<76gS`8!trid$0q(98X-q0on!`>CPn>@VT08+>6Xz#qhHd>2-#F7?eCJ~DCu<^u zebKbA@A$Uh)!;j()hE#5m1+4|`7MnXt0N&l+adVX9(?0xt0IZi@n|CcaqFj@nCG9S zgmHXTIHuIo2Vb>!kZ)w&Kj<4jCmdBCj%MJRwSGUgW8FJgcCFyDcfj~P*67_6(U9+Z zi0|SVI-1x4tdxy2-_LLQ059HS-8~5NgM!I=x=(|9GMe~%(ZM^@|0u>R3)i_@b;>Lq zrD2&g>KpjerO*()VsEg|xQlP1O*Cqb^lD_bE&5CR@d^IEj!*vQOY_OC=>EFF{;3A| z&w;mR9eUa7>19VWa!V;3ST8<>MtEN=ErR?PC^ zH++uvE_C7#ci;<$>~j{-zC~gBo>co5(Y^%({zUVxTGtSL4t6j9p4{pfU#&Sg%{NLf zzeU~Nt#yf>iUD6=3#)?0nUMFF9lF8^iI1DElC zN!vW0JEIHFJ=VJL+|J=Y+VmK(=SN0&ou0b!k>6A2ioeb}cEzYG+D=EV=${)I(?1_r zb9f(%jA?reIFC_32Hd$k6_5LUn);^U(EW^UMb%>*z&jInH((!; zVJ~W)RQp~!cfae_Y|OsaNobDM;N-X2vxdBDkax0yehXizI9|ASfLro>y^-hW5dOYt zPNoVPnviExG4TVuEwS?a5Hh&W^5imTdMt7oau{Xgt9YY}m~aQNp>(+mow*NQeHa{7 z$hB!|+an*L?oWXGlj6(U(1rdgV1FbF^K#^x3$GM-{2?33Nbs6~_j+{jv8i8p$Xxy_xI#bRX zYN=Dx0l%aC$zC-l|Npek_x>Hj?ca{Zohu^;Lbi#{d z%`4EIDgQsyoyM^4%$M#odb;yP$xU;Y6~wvNo68)7JJDgi;f`}AzNupE!|Js^pOB=F zn1IaL1Cr>pa}UPGud?HE*7D`Yjg9l$^d-~k5_2f4H6>unAAHP=;im=4@>^xsT>ofN{PnrAE?;XaI`_t*W_5$uo#raR!F`|3EPUqKZJ7dn&zk}xNIR3N; z!{NMXM|aUtr}#m0&cGS{;EaDDF5cgI&HdY2%UBP+24DGi_v4q$Jh8@z8mn(>JwAPW z1e~pZcdoJ+9ro4;LVRjjWar#lM~Bu3lHl&<{=-X!Q~#d)aKs0-LHk^`MUPI8)ZP1P zXV^9OOmIH%jUxU!iD|@x2iA=vkoa=ub9l_kARMP>0&QsnR_%cr@vKPc{OFsdOBr3Vfj|6v%c+K&IQRq=ic(k zp?==b{4?`?6VWZk-R8Ux`c>)s0p7dEu+cHt+Hs!fVEP0$22I_>9a?+Vc`$#@gYkY_ zC;N6PBTg-2JIy0K?jG^l>C(;^<>fniP7q5ULmsqc2f0r4jM8rR2>J-`#6!LN>$AK& ziH!@ta36HMvx|p48YbD;$IJsz4*dP;ZhedOZ{VB1w%&6Pe0&$oZMvU>-{zbR<#$j{ z^A~1qopLIZVqLdYIarPmuPc6D%lK1cX4?ks6%E3?-?rfy=wnBo#wI_< z++9a^^ynSZL-BOC<>?;F(|ulhTG=0|vwG6uIp|3b^`gX9zCMpfmm~b$wu(F$yQuS* z=!@>Ut=F;d?Zq_D$vk6`4cEbcb2ioFe%J>+yFGf|Y3Y1YeBD)-G5fj>IAd9h!q-(c zX}{8Xe{TbP_=d_YVtl&?833d5zR9;{<+|OIYq0#6Ren3XmAtmvwsm-I>#%%wxAL7b z(v?F&U6KB68A4Y&pr7)R%d0K@_X`iQNpArb`jUpH>CND)!oHB#A?!sm&H6p|(P|&N zsiU$Rp~;MkJh{f;mttt!win$t=s@27T$OMy7S4^rr@4UQ$;O7)4d%hSRc>9K(PQPO zQQf!eU7Ppr1n-OvG()fW#Ms;DcB{vyDCb|`>8r?RmN4{3sJ99{Q}74Su6dlkGOhiM zVm(9a==hS=e8+B=TVG;wk%0FNKA%>LZjU$ExY1?5tl4`>*$S0iMY)sgJ@new&-$LX zpVPO46JA~Eml@A)raW~F4NaDYkxtEY=vTWh_hFtGfT{7hop1E!*C{uQa(&Ctv1+f4 z8sql+How@(G(}=<{fx_*e{FLcJwBz8vBuhF?AvH)$ev*~w!9d<;l1ei(kbi`_{k;g zuNgty^D%PH@V}9___x5L-3|IE>Y6>p)PIorg7eFt!J`GL7s-6r%Jye^*W~d5fAnIG zZ2H~#gWG#Zb>@3;wn-n>Qoq@=iO$P%{O7zOXlsQw%8RDIx3ujROxeUdU_l@8J!}A=N|hU?x1E zym)Yp<-x~9Q+1t@4>^>X(=&Z-le=Uv{mWE#iAVo2E6WwU6Fj$-n7jMRz3tt1?0t#8 zJ~`7#Bv%wAOj|0Pf&OTs?T@Ow_8@;V7I!DomI~V+jnlWB{)q2ppAxwKqPqqto8}#| z=zp3%Kz+T@Vcv-z^+zXvOF6~@X76Q{_deUVEQlVxmA)m-ccatwle&m~jZg4(TK#lS z0PkVo3HD9mLz(57d}9gqus!V&Rs5lSx$yBB(Uxsr3G|lQy=)`Bwr`;A+5VRAf~~!5 z-=}?M@0EpdAMMk=ebYW*u*cq%-LCeH1nwBkV_iYKc?Dzrckz4|`|w_U{|@$MX-`^b z^d7U%RAmPxkc+$jXlb)JkV$))!i26BmbwO|R$vPQej8=MrG~ zdm%r#lJP(eywG?cT6%OxMbXjpMtt3-NG7?N7=H^f{?{i7Ra_k z`m^-2mfz9vej(w0N_PMPNAMJXzZ|ScYkpX2$F}H~`Fm#2Sm2whu;;R9BDt2eQhem{ z=($_8FI_Z zC*3;Q(QRc!yDK=e_#to@d9bb?`@#At&+&Xzm)lBt_2KlbvZHiagQ0JfEpPnv z#iE4SyGVTQ(>(RRv71)#Q9dTSZ}#A<_v1L)^*WWYa;NW}D)?qk(<*eq#1CGbY`?Cu z@WEXbG3Wbb|N3plD8Rc$@K)Dz4la`Uf!fTw(g2Q5aF|>G7iT5XO_Zapqu@hv%Z5j? z?Ol-vXHz7jy~zeAzcmLf_~(y-bA^YqlXn*ndSk3P@PfG4$ZrZdB>jmg$42BjlZ$SM zaZyMo5BO(Sb97QMRI02YA>5Lid$=g^lMfTWAD)$nF^}LLK^Ch6W2J-8wm8E1a%8cD z=N_Jo5%D)WR?@iHUBdgt0T;U5`8=V^T>xFy9~UoWZ*dfT5dAZuTl6>Z zq+EKoM}HJQY2*p~$_eLg8Nq%Iw}J07y>`Tisn8wH{MmL)15a){X44MJi~iTyc04Sa zrvXPet0NxH8V_f7yimK zevGillV{Lw?lF93Kc&AH1ehP-UEiWviN5X8gn?7aULn!HhrhCj7psorU33&}D6duF-{`5ul^Eq)0-&1@S{2yHa zKEKnvQ=39@4DVD%am-`Nqf*wuI*9sy?|n9o;T+Hg{HlDJ(Ixq_^G>LJCXNZ<{hDpx znP-680siyE5Xjif@vwhWy;M88fS@Y!!+>Y1D}0URb*7&v|)9H$uj z5NBld=!6~foK#)LJiQ)_tnN@=b3~%YkGo7fbpoF9UbHWe?f^4+(i`(Mp*xCmO*zV> zfT41?TmE&3j?=)UO~`-nIOe#=qo95Kqv{;5Gdi{1^6VSDll=N*Z;Vl657cea9Flty z{?$+Fe=p+@^*_HPXPmL0gT&Lm9v-&w^bxPU#n$g=KaG`D7w3FEePB)Uka&Fxke(E0a-UoG5^T{C{-DhdC<42>T0ldE_ z_lRK66~AbU;mvhvEAxNm)eVd?9!9DFMmu- z`SdQYjT_*h`T-;N?X-vYqUA6&^#C*3<>^Q7NANAkP4pR>wpyAxJepkFHpKuvz%X-4 zz)9G)m5R=-;O#JYyZpJFU|UA1jBIoZi(r%8M_bwe2~16hFVY zju?kOXf?XJnt2IdSDUR2)(Sr|X!YpG%3w7#v>IN7=OvoK#e3oUpkx4!YDT8)W6fx`UJFU?nZR}tF^;jde;qpwRwdHCn$^U`o02L`|Vj~ZLi5| zN45`GMms2H=2jc^Eyuq2p5nXObNgRBn3`KL`iQSoUOl6Gyi*zV0k4B@W7B2m8?m9v zGDbJL?^->RyftUz!!EaNT?5_EEvd`&H1e&7J2RU^~bIVWHR4_>(goa+eOeqdA09PiUnR8Ib23S|TSK=VlVE2pUB2@QReVUJx#=jL`YH;~ntDqsfsRDXQ( z`=0`LA~36%OJE*B?a%hx@I1{o-gUVZ9!-b*e%sbD{%@T4i(Zz8arpiAap4#TP2~Z< zJjVKjQq{#LlzA|+K7sODvlQG=zdZ)t^IkG}KRoOKX0p`t2@iZY&~H;F1q_v2YS)P+ip#?h3Tu#n7PIT}1>!ri-=W)(`h_*2m(LzYeb)jRVVET_F27aNM8Ikw|Mlsp#bbPC#@Vt&cl zM$T}Dxh-(J+B=C}Nne9Bs4ZqK8XHJqE2B+pj?UZiovqH%ozYiwM)uX`=3e#S9Xq4t zw_;}*>0^X-_&tq(-K^Ndz_#xi-p_es;nM#HocNq&oOLbG_J1^OpR!=o(Cw5x@736Ay|#3n(D&esmunb~uuak-ff0``xOc=nb??v<0AjMfha z;1$IMs|dKyLi-`UJ;9&)zl+Q_U1%PL>^yx-fkX0pwDr|{JG<}Mn=aS<_M}mh8N>FW zhxnYyo!#EI+gYcMEuA#VdlsAb%$2N6Zzgvwb=fa*Wo$y#sMrMWo8FnSH%%I)Ij$;w zzo{e(uYcr&cQjqayGd1}s?2lXn}Jo&d)2AWd4HRIf7`(Oxhi-2>W}bm>WB8^stM8vYYLa<+bj#*7hwRC&{Mo>(?yKIrV(MzlCOV2)^AFOecf)w6XA#ekZ$eLo zv}1H9g^kZ~>eh5Nmfs&6##&h8tM6CeQ$(JFS=?3M$-7?WB|phnN&9Y;xBd|Gc{=-4 z$WH&IDf$)mCf*VBKb*Tx#Avt6`NC_dpF~db6~foixa59=ll$qHQ%`H;Q$5@Da^ zLwo&)!rA^8&(~>xQ4pWtzX7_3suQs}0dni$0}PGJ+1sMIf`jmT$od(Jlk&MZ$L7Jg z^z6`eE=Hr+b;*tk-S}jDmGQBX4Y9FoymyL|xG!{WyxiL-hX3we>#TWBaSO4~wrC`q zC*{NNKZ!qc@n@+ibqUTptWnI>-Z1X|IqW6qY#ev1r}yX~cGtOT+^wCB&e8GkyfeDw z)=Ki{nOsRFtRam-?lYVP%nO=(4}Jq*$vcop$yb7-L3>z`*)ZU|K{6}x@+PUAU*=Kz zw@1mP5G?x<@~)|@_NHpz$xwVwSz7=Pe4e)hUKzhHyn7g53{}VPCrdmYgz5$JJt)`E zHgY($w|coAJU>5DThx*$+yzgdgnR%jO-meiis*mvv*I=vG#eDlL_Wy(7Ge~ zdQR(;qM;lAYw}HxfhOgxKt9@oXn0u-t$NQ~yWwf6ljuBFe(L~V%i(Le;VUq>yE4F6 z_719T{|zh?t7#lZe;*wGXip)2qelMxN0d{aA-q5RFZhICmcD3ziBlpHNob$Ri6b}m4whHW>d0_1eTKT~! zId|?xC$BxH{bS@I;`epu7TVv^H}OY(%Qg0$;*?JI@@dR8hdsrz_igOmi=kJ78KDoD zux(uYPGD;u!F|yZtYxkosn19MeTF$Pc(~iN;ZF9LD|b_If3nzF zxWw>{cL82XC&+JP+Uib&e({nuJMCZ9*ii9i_B;M2mlwB#Gd)eZ0WYcoyug=epF@Zj zvNg(Pc`+}@3;Z`eTs~pBcrh=)i}^Xczy^D;g`X%V$b7>Kv-jrv(CYJ|LOP3WN{706 zze9UE@fnpZPOaLbv4MD_oM1bly$c!k9bHKQVop`&3s z%@~^R!Y$vt7CJQ+@ZlE2H`%E1qrgbnvhNk#sHL+6I*XxmwCFUp`BQ(7fOz8ffpg(= zE-z&hJpuf02kyn_aC{E_rn!_jB;<3laC3dmLSVE1Vvx_Nhj!V&^7x1r`DB0Iue0Ir z_R1H$o-#&%uy@1X`5u4e2X;iufLV5~+sX^RaMt{qz3S7%GtHxEUlXuBKi(F!g8`rL zt-oRi+Oy>MjT^&u&>mexOtR?QW#a2b?ajYt@6W+ueb?jiP4e%{@#*rZ8jA`4T|cHg zeo4Oeur0qsK7h7v!%y68+Alvbxc%}y=vK`eO#77s%C;X{&-y|634BSg{Vx72+kW+9 zQv&TLM`5-PBd+uPzz5WR@+M~6zbM>(?U&L#-;aMqd&n_JoO6fpXsl{|*5ir`f;`ar zzIZTBJeVjRTz5`=UD!V$BjX=v-z)bI-=EQ$KYW{!;-y$`K>G* z$=3H-HyD}*#@?Z^EO-L*Y}xw%%XzjeoFEt1o13Q{&Fem=%l%8FQHX z?ilwgHdYzGPAhdZKGM9vA;#QhUkP>TBVJ6?4|@HCnG4O*AQ`n^?Zuu+>W0RJziP)T)xphQKY&0|xPgF*|+~+|W?}SD>&J4k8xzeM-o97r9n`&QAiZ%#F=PKvu zm)^jby5XMtE6G=C_9m(Q*g|J?9Q_=BjC~l7aCX=^+8KTI-g_v|TuCNYKfZqheW&uV z2&Tr!LAq|vL)U@PL(^r}Dnt{su#S=NWpJZpVCQC*+x%i?U4gQXHr{jVqpPkra|1nU zM|8>kj1|m1%R})bMgM1HZ02GHcp|zFGhQ63PQA^S>CMH2>j)n?3A41G-2<(h$&$Xz zfmY2YYdj|ZW9D;xSrV^RlDl5#ZHB_xZgUee?>b0-+VjvEK_5-qhNz=>O8UO`Bgl^5 zYOnfe#b-XB4?+7-wD^AS3r}ma5Bk7*zw|A8z%2yBj4ydV|J{U0=Le9Xx$Y(eX>G!x`_XYbC@$Q>+GCY z=80aStEn@?;_MGgy!l#eelzwxEa!gVYdl`Ln~_ycuI@Vjo)7zNlAYJUuA81BXYDiK zW-m6ly*qzIM{>baGg6F&lk*;&q5D|Oeu9qSam6S2jjyDLMUo98;>zLax2Xr;)J3~e z#7mlYNcQp_pY<)?38v;D?n7SsCZDEq_?(^TWwf&i{;c4+if8Lca%?-9fAZ_q)MZ9T z@N2|qshNCV&9m9bTwLp9WUItnnfo}4H7QaZAJ5)ZhqG9PV)UiJz1TV?t~r3etoUB1 z)^xP4t8)Nu1?|D#DTda%np*+?nb#mr%V=Ih|7%P*s^Y;rbOxO>_H8;tnQn#lbv&Ci z24ODF=pU%grRZfLvaWR%N9a^;Nnt=fN^j|UUZd2^znLqE6CCoxBum1&JnTM2lf zuXi?ffxh1ced+no2mV4lZ~x=a_zbR!qN7^J^Y!O?9~btV#YMlqNxT4$@^|EG*U}dY z;Aw~)4yAz6#3oIxFnmae^2bzt@-84nM;bYwuJn!ncP0z z#BJpd&ZvyR!v=K4B{5Bvt-FEqcCxg>9%SH9D%n~!#0lnuz=n|M+-0B()>%^JGS zKBlgZ$JX3;&aA!359nR}4c@ykv15J86UFBIm5BVlD=} z$f&OYAFjLx*p_1b822}79meb}z~?BYU5=j1ZazuAlO*r{`;Zrho0y$3s`#XJn~PDc zy^dsj&H5cQAcODtV|K-Y;-AmE2jGL|HNp3U?B3+&RU5Ev>U^0#_=)RyZ+V%8BVRGW z=7>%rL(MN-Xr9eD$y+bg89*kUsHMeW?%UCU|p{{CaJ&EQ>P`+Mk6za<(S`p*>Y8*k4u>yAM;I+8ou zoy?Dz-$-Gf$qxGG`RJsLWqRg0na9M>`S_f9d~cwCn@xPkyCkqR7u@tA`hC8cexGut z-){rYE0QD?Iv=_+Xu9P91c3 z;;&k-W{#=sT(ROO*535DBYMrPI-|d>^;y$5=}f*u9snDE3~7t?;Jny9HXMH}25%RC z)zB7`0H-$==cNU@Y+(A5RHu^_nXi11)yZ{+BEbsl8}aY^gXt?Yl1SN2PPKQyjEaOo3gF^2cxdhyP-))RT* zw!d(RaC^PAW)JTFSbBez7jCL=Xt-+suU?>!XjR`@%$geeXOQ_&{i~U`K$fX-`a_p` zo%n_#_1)ydUc*{+Yd7b%{&~8Y*VI@mdiTH`7W`&x&fh((pF1~e9l@*zpj#$SeF=Fx zfF)bmz}WINe3w3LYo$#l{x@?NA^V$P@65T-d^>A@UjJXhhGn5er4QFkWmyjQ;Z@+qcX3z7lfpBUFHPBXD{n4n5#zYOCFUAo=BBmgJ5-%|J6AGP z9mTzA{F(M8>->9qG0!DDX`jX(l@a@U5x7W`pn^gU*7zq6Gmc9e|+ zt;~l>!7jw-$r1c}i9?PB=^1M~w(m0Qi~-o6Qk^odFHlT4 zY3!)BQT+9d^l18?jU!#Y*)c)?jl9!-67885jqMl756O2k*8~2d7e00DQ))Ngq_;g4 zb(!9YR<2RxN^YKSGw&ffB@; z2gdAIfd}oacbV~t{A$d`SqnuUv}z3WDEoeT;X%xacA2q7aBnwdHvWJ<3t5?YGPRR; z-_~9s_T*`9xRX6)(#xUZ@D#E#^KR_byU;wa_fs(b^=0DfQKB)YUT7Q!A5!pRdCpkO z^cA!<1&`!&l4Bm^?e#~=4_ zXUcu-O`cS&Gib~y(XW}iRi>c7)sEr)w&<4WGvGI4(w!RLr|3fzbEg`BgFn>RTe{;` zp_>u*?7)}Mxr2$6`9AgwuQboOo^hl4cJWU8AG9AuYtihd@W$ToLcYL1KVkjWm%P46 zI9Qvo_tfUDyKDYla4R*2mL285GCqs%nnMuJ*T8eL9~nJsANAmspN7XKuBD95nyY^@ zbOmJlG_uv61alT60BZq!&*DZWeB4jtx3w=V7x$gu79GZCAydW`_yYdei=*+sa(pSS zjIg2Y&e|eQ*csu>H2$3*IH`tT9ze<#zgR}SY~8SU2`Lul<2+GHEr)7H*>Q7675He7bGMF(TZ&_xH-=Q`XK72G51$D`^u)ZhIJIY%!3U&OtCd{ozY=YK~7 zXoSEDmK~g6TVTZjtRy5$9NCdoNem!B*h(xrB$XY7XjAN{DeG!m?62Y?P+jb*Su(*{ zC00|wN`gR5NQ%9f@@;{r4YsLE2(3v%Q#2BUJ18x|q=mZ#Yu}%9&%JXs8r<~t+Sm8{ z$Gm3do^zh(InVF&^L7=I7v4->cndjvVM_1W(-{BFdh8h+9BxD|P27*S%JC-p1adcW zqmfq1*D%M&IR@oR@`sYia2sW79q;SBTgS{Fu0^g>oEMVNIMRf^HbRH&I~n+MKW}3K4yD1_U(EOpsu=(_|&c2^+sLHqHs~r!M6Fx+qUubed;};pv3$JXw zO?S=kdl-5&Z;?RfhF5`GHYD2ccWL~a)+2P!a(|z5tjOf@MZ3QC!Wi%O`sCw@Lg#~e zk7ho44%x8=x#karFP9#3HUT{6;DP*JW+CHR^nbL1H5A6Rwb*JcIfw3W_1`1Gy_MzA z!F{goT*=+{1FHw#?D<(eFn|-}EN3dLF980}cO>(SNi5DX*s%+JTzzx(6vG`2hxS8N}z$J)CsJRf4sbgWDJR^NsVvv)N)DK!$m)%a7b31}@~ zyx(OF68$kb3+oO;W#m}poz)}g$1wV&y#+(%^0i;N=Mm;p5}YyN-o3lG#eZ~9a1Tp= zD|awLKkMfjr{AePm*SO)t#fLhSjKyAjXhA_UmiQQv+L%^<=@1s47zRhF=AKB8%p>e%%~p7S3|=#Kh_v|} za?<*RbV~7XHvUSwKd&giJhq2p@{i(AK7v2-_uPtxi;QuMUk2W<11pF}buEfVYUT^kfKX#h>O}753>7fmD+5Vd|nrrAId=PHsg1V1J{|&4rV4(wy z`%;UX52chF;Y(6;4&Isi6XjLR;VNG>a8~(n6rXkg!{BbPxEr&$Tj7^%{Wa{#)JfVp z_1XUSQAg)@jJ-8x;iiC_Zt(xR$$PzmIw$pI==e)unY^Tad|#fTey{L|FU|BtF^V{7 z@K#y8HCepl_|oFT5|71~-;MI6%IC4+ODB9G?is$+ekipRdK~tUYktD;rDi-$p9*-h z(BiMm;vb~n;^%SEyb%4Of9~Artfe523R{0cR_?)kyt((Fay*`;;?-RLnOgy`HaMvj z&}LwjSy<&++yN|;+bkI0_l3avcEHCnt6wuLA7@%vv$8TC$H(&Vbj^nZI<2|KBb2 z_3J8h90Hb~_m1z2&JM-{JY&;*JC0}Z#BH9bn5FY1Mi0kU`u53v#D>00w%wI!`Ry}4 z9_J6h8QSM1U(urrseP$KIW4Y`w0tI#bo?WsXnt&Z)oP za!*Y2RxqYHcXArzAI`0un#NkfG%px?>wJ~DoBza0+O72O$~ZiYZ|dR)GDoO?G+SSC zH8h`E=?#yp^g2fAlWl9@AE5pq^&?|-)gL~xlKW^@dJjeAd3Yu7sN=I4o!v6sbLtNI z@^n6&a+Y*fFQacm`;pb#hzV78U3ULUkNoOF?FSrUC?uoJ`F=l8d^kaUp#(nWcM_061sD`$Jc{1@Z!wYY2G5yr1sQR zn~~isOtyF{7j%;nb^@clyVz?WNg8agv-M<34Qp=CJ0m#6P1ZM$5U!uJohU2d81y{2|~ z;HlmB)h-VmYIlILeDKunCCWaVPp`UteKI=GHO=Ub(Sgm=yn$SJ-7AegnYvr1ai@^g zmrc{WZF%ZSpG@8L)7WQd>#m#TeK}9vGn-fX`rR?j`vT=>*5}9q+^4s!^!`X?>-fEC zV)=T?PIn-uu8C!jTbTLUJ!WB!;`_EJN z%vvkYmTBHQC_mGjBNN~~66iJe5#t}ZOnyL8R>UTB>pX&=B=ad z=><7Fp#GVfmEM1&?99T6Wv8oFdXMJ8q33G%Y07SZ-cmlwlQgHbEayI*U=1$c7*zRw zzBa-9!u)3T7v&kd8vfZl?KW(HckW$?lT&D3HCh&99PKQPf9U=19RK`AwVA}4P6e@? z^~RTZm!#(7qixe=)4XEpr8VC`jxj^;1}t0Y&#UrZcSpHvt}`|`R1Taq_i;uS-CP=b z@q<&H8_c`Csn_z?%+pl({^J~ZNw_C;7P%Dn1B`oD0`;4y@6IBxiX|@WwC5k)1s~s+ zu43rSGsF1X3O2S@Gh5$sZ8y7FGe`tBy~ zh^1V60HSbZuNo&upB?Af*2MT{JIO`9pVM|Zdykbj>%2;kH~V?=hr>KMT|CXZk9r1v zF+5eyd@nika>gafsbf{CrMcw~QvOj}zM(4h8@c5VQ~rsd{XMA7Hod?o((y-oU;K&S38?=9}{c`>A&Tcy|6F9MgV4LRkGr9DPlJ~Lx4VOW_F7uE0JEpq+iA!A0j=o)>el*mdRP9QHd|=}t+L5ruZYfY z8`xWb-P7P*P`y6-qPp}c+$*vf`e^rjuvdh#%w``}0nc>a!t51+M{no6c$)Gd;0UMo zid^^vcSTBu>!4M--%*^E{dz0=E-U*@)afqvGW17tOqzETji1sza2?=X4}I&beA}#i z*V3jv%d=3vo9I_}gZKBWIhwY#GxBYv{+eR%89PrH@N9T3@@;SMc8d>f;OgSDW4h-K zAk*D^@6m7M*NmJPE6!)k?6zd_hC1I0-Zc&0*951z0hw~wSCf_Ps)@21ZfP)c^j{a9 zsvp2^%+?M3TzXYju1^Vm6Es4r_k%R6pFz54-!=G{9H%+JxHCb0h+ zekY5)5vwbzYw%TpkNWa`#!uB&r<^COpK_{GH?m(>eoAwZq0DN)nQZXhFPvSX{|n(oWrO!G+_NE`){Flo4Ss*)vn~7 zQ`P6u6+Yfm5xgV(KAXiG>f9;tQ9tbSLHeAseeV2?)Z_Fy;c$lmH0rK~z+a|Ezclu!4)5kRc+cv+Bx*}LKR#0b=+udR z?!*e_vsQS&2Tu3+3hphT&EDyryB|MyfbT*5Mz;s2W_{7&EZ#sz(?_8F=nAh@a0XZS zer`W)6vGZooe-0T53ewO?z5s(^#eb*H(NLKa|c$0@vA}b_d_SN=Jj)XeYkbh8>OC0 zfAaddJyT8l?*(y8{odolyp3nF?ZD6dSN1ulDHqgZB z4z&aK2s*G1`lGo@2Ru}+vfj$MD@$vbt89YS?iJoobq~jSXl=K&wgGc(R@OnRNOvIv zo2&dlZPw8STJz>AZNOf;!u!7Jb3m=E=*v_=8i>I_c@ldqwk7@hUNZW(7O?Os5MO*o?U~HIfp6biVz@Lk93-qLK2z z$2ReM)ztChibi-&T{Euu8siH2=NjrM7A7NY>-pUg_93HhyB;e9Nsmq}pOM13cE zxIOTlHL3ZZ%`>j32TsEZZ!vHT4RgUqTyra?X6E_)MOO z_E~%f{VwBo`BX1CoA;(_ExZC9S^$l6t*sVYTP>kpX;%M3Tdjn)sukY*d8dbIOFLt$ zaq1UN^&Vwhp)>4({tuU6tEDTv8Bv}TgKr_96WHiUZ1oi1Bi2@tuk(%0>R-VZ6YB!` zUn%mO)q(t-l(Vz5`l9Nn{K|4){$oW({z1-V-kFRJr{mCExWfCz5#L{|KquU><>0=T zabuD8jigqPGp?AC=stJ8NH*5(UM%u`{iPzkhrxfJ*hSjV&h&Q#TxW|W#DVlBXtDPG z58!i0X+wYW+WW|I;^T7fRngd-FJkYM4*^Fw zW$&+k41X>?I1H__?<4dTeK6zFqeZ?yKVIbb=LB_57KQ#i7@OR!_;duijzZtz<-R}P zU*yN^1GE_|ni#WB(65ury&ZaggWA&0@N5tD_rlNIvFCy1UV3o3_q3Idk^6q|9p`fv z-55nj&hvdSt0Qwd(SdJuR{yT-XDe_=(epm&N0#B(a|isBKOeBN+?}O0^yhn^b?6`l9}vvdk7A zR<1u^C;3u71RUX%eD6oTUyS(kzsJV@Bp8>>!oFtO9Pzu6ym&MH%9kUSVI$=$yt!5e z8}{LQHiJw4ql-3y|JbD8MH9y*UG$IoCPzdDi=0@>c@aOy?>PsZ)cHqzKc~GhVUD#4 z{&b^L7N_JcAMflVW?<{iUqxdF@D6oW|NEoBSqBZk)i{qmLEUZ#d~^~QhSnE(89Poi zezS#o@|&$iS-oFl^}fyO{aWg@BWLamy%X9p>)=23E4jGMMP}W+pFJVk(-Qc!^m@OJ z_7wdq??Z5DWAegPMc$*}SMDE-Qv+Y1vCa=(z1s7$=H=d*4*DG(Khc-g+F0r|-+$N{ zOZ_7{t#_51GvM-HtFrhG0K;uXPu9Ti7Hf|U)*c(_OH)?IL!Z4CeC^A;&n4{e3ide0cl^3Y+%8Btf7@C8KO~<8z`cUrEJPmk zDYVB*BPY(_T6?U?(i+-h5?bq*drzsKRnWS?(mEHI6?yEjCd-@0)n*}Wpf#^O&INYG za_@Ikuadr~E`18^u^jr4`}08#O6@>$x@&h+^NxK1V}#^q6Hv2podUjff4+R*2`dU67~PA>CK ztKJBFQC)Zw>dA3KOEwRuEOXq4mFu^Qq$iXQ0Y^BcC#N5XKl?u;e*06_|GkU;54Vyp zH513-kMVIECZ#snT-f;+eBuRs`PPs4b4*9+E57^@=6iHc;;sMN=j-+2Secri_gg2^~OgwI5FVyII*#UPCby+@b0%mu_ zHoD*kZB5_WDO-m>Kp%qlIT>DT0$=wsZyxyE4(ijVymrw}y>-jHTUBp8^r$X<5A9-Y z!nE5M_)p3*YkgS5HZBJ`ki39hP(B14;gnt6id|%oYo-}G(Q&sW5%B@&LaXiL8p_+U zHm)Q|rmzup4QW-I?DEB{q_N{f+R{fMcPRUj_9S zQx~>)uj)i{O0=d3+ES1|9n`ve(gAW-qVy1 z0Y^9`zi&6ipFI`vYj+@zlQthcw*y=@7chP&wxL?~Zsy9%=@)(sn=tQx5B<(SmggIw zSu#HPzo5Nb@?{>bED_F;s?7K|%A$CTPjaTP|9OMWMJK0L{+92Prbc~ISr*rCflG7Z zkJ!7pjejbJM){|b9Gxt+vYbizEac1C^5wua_J66+#DCeUd!^7HZ;ciDwiu^=VZvLE zUFhzzpwEGhDPLSHIbEsey@&O_KN~Gnzx}<8=LYpu~IA40c-b-Js_vVA^XQTDrnX!6*&kM4eW9RUd=Z^5dwKi^Z)JduL;K!c9?!sJt zq@J;Cy*E=dmq-TI22UEAFSw_&w1z%-CbZ64=G`J%Z5u=DacDhJIMD~6st;}O>S5ZP zgg2$&s>JrHu)P|-lhy|J!}}_1@Ic{se>qs_`^&>t4oARsG)r4(gU9L5iF$8Dcn*VS zf4wiaJ=EU|A9H=^5$YeU_fDw(0qR3rUK`v)y}k9`YpOR`4}E?gLL1y&INpb=q7OGi=o}nwz=MGw|HKAkr=uO91ZBi+8mu|w>q)T z@}>ir>-Ege`>cZ>v^9NOLs?rM`FDVCeZ99za$QS(`jl7xYpB;&@7=3iiH6NWgWp!d~ z$~ESlfKguWJ!5GZc>(^8E%kYHkv0L3F7f-yl!^0B7nd>@u{1mH)Cv9XwX&>Dq&}KY zmY0???p*5qb|A}>z=lru)Re3&N2d7k`s@^+m!s4K~ahF*YAx>ZMOC^%g;=dzAWT`K%(wHRBsw z_-@tj`|$l!vg?h5S-fFvJ`CO?OTG6C&Vi-m5bW95OB>}-`?Gxt#yZ1;OU+tlrRY@s zU@db`wr=1z()*W&G5IFJ-wTbo?_a68oM!jHq`Ik zKFsgolQotN)-pfvulPX9g;)MB*t1dm(fG5<;kYZHQu&q6@yPc)h2Nbp_trVZ&ug5* z340fQADv$w(fMe8_D|fc;+C@?a4!1|i(Yw-T=u)}0J78?l=Xc@zWbN++)h;Of_x)8*S5DphfUjPffW! zv}vS%6Q5Nx{9O8W?g6}T^d7a{*2f*HTaiz2=U?v>?>isi4w4>ptQR<2mwL{2CpDmF z{N6TFa4a#^->daao&|LJ^cNc%8YA?Zc=8G8e9*?3Lw=p5)G=kNDSMc*w)?ycAM|X% z-Qn~6>ENyecyVkGve^MW@J#zB$Q7>FCzJeOYTnhFyS3j`dqgwr5!Jn-qANIu^a#Gs zoZ$q%+6Q*wcJP1ml(1ft;@@WJr8CML%mW%vD320tYA5~6#VdV~E=q>KW%oV?cwcSx z!ZwZ`}DZz zk?F7KY==(t%Uu`pa4i$=E{c;p;W9ry@s&$I(Ccdos2ns4tz(^40)?;-JEEwF$uSnS_1veYy2 zO}sEPuk~pLhk3W;cj#l_SMHR)tzAmp>&&~K-MPThe%Usku1DrNmG@}9wF{W7_+HKi zyKAO+UF@fNkNC~=c{e*R{42lJZ?_fSh>aCJS=8Gv8`9k8Ds&H74g=fpVb1haCwv%M zCA`XO=>z3v&E-?mQ|ESLzkBc}d-;fOw-==x?09zPhIhAL>NjL@**x>PKn;S09E*6(QV{7?B9yI+ulZ($BT{9)qi z`nz3Z5bWXKD0~aSw;+P=&~>RZLB5~z@f~HHp}gMUnVW;B!p9TJmOi^>Id#fy9lMuY zeQg!)3UJSj;Et7~z8~QJvX48TPgkD><9@*?2S!;0MqNot;~AqLU-f0S75d*U`YTuN z(|&fH!BBhSx6p~q%qgDppv{XrOH$6)HdMdaES{-c z%;PiSQ*wO9+fwbo9*Qr`<1^ltI#+T%b1K)f50j7a8Pg{Cj2G^UKl>NZAFksRXMI7> zpzpUYd>0#N14kt8B%m{2%=t8TAbeb9;`y~=&c(@o%(=vO5Oc2Zdu(!ex2Hx=(po--r$U&P;N{5TIR;)jcTL}xG`lD@LU8y;KYt+xHzPruHb z=UHw{ac1~2YI1Qsh?j_y|dJ_G3O$CERBAgn(W7yk;&uZ%Pr0e{~qYdsU;KR%kjzMb!GdEl&kU6 zapAD>h1g@_%g~I}xf*mOiJsJ3UHQiJ3A!>LT~Qts#+MWHBN|^$`u&;^Uq+UM@udLX zzhY(EtUjMu!q{nv;p?0rzCc%)3mgR|vJ8C>a&`~r;638wjmDM5f-N}EXL5=`A5N6# zRn!?CT*CS9C6P6{>r;OQpNwyL&HCafoC6c#%m+^TfDa>#=ZCIO{Ye1lnD3*0ADQY7 z1Ihbl(RY}>A9;(u@Aq-NoF|?H{(Y)&@6W*q1?{^k@P!yEL#@Mdog zo=6&yRgP)zaHs_hXWix^>O5j7xG`@`n22PBo=CovA^qM+|g#0)gM}o zp7lxo&Zvn$jm6pc!*3IRqPDPgJl(;bxMxJ;)*KpF-;nyb9Xpt~^O?7ek2^iquk=nH zA9s54_>wKTzT}3~KWf~vWl0`iazpCeR(wexeq=}BOWroYm%RPnxH(4<#+}}*kMIs< z=l8;xeQ+l8dK;@VpMqz04ohS1V7xT~FNeC}kMw-=WUv3D&Wm4Q->7_Og8W?Lo&>V~ zm1Ly2+hzN|iT;zH$)1c3slLYk>w$%je)(Rfa;2e3M?AZTn|xD_kuWS8EoRdA`a%Z-!6r;*MyIds=enew6ox zFzzz3f%qjphqzj^xVpggJ@}t#Ut;t|v;}g}cvNFF6HlAyKR!Q*BkHqamXS*%Wg5fW z>Qw41oqW?PyP0Qf0;ZWqraZ_g>iOM3PGS3RY%xhLL0vNkebwe*Rkn{c#8`AebH(8p zwx0Z;VTt#E_*9kCZ^m)DJJMYM9`SIYg;SY@6UwV5%ZEC_T9^Y%Je&(0zn>S}3Vy=_ ze8c#4)XFTJ1;A1NpP~QmT;yNj#}c>PZ~Js4zv!gSa5=GVf$t|w?sVwJ)QECm8}5YCg&%<|!14*GnkS0790^$+Yq=|FH=NGenyV%=j`(tP>`kp_R-}!d#x7t{}vxUA$M;y-dodQlI z&kc2LWHIZvi@hBdP7J<`oZ{Ii@Z&yjejuJm7AGe8`Q^z;;e5P%VzJ356UlW&%&po!!z3`X(Ou0-b-vRV!_hRpD^dY@vv7a~hWF zPsF!{8M>Fz8&|6u8PAM^}&VMpt2-_^&unW>ceC?E33(riFT~d3?+|@n*4i;790^+S1PW zm?rA4niTFy3C5$tEzsV&*xN>bhMW1_?)PH^yFQ{mh=&c9hmDiMcin~YunByt7JFZ$ zz1!gP)%b}T>nD=n4ftBm?}(g3zBXq0`UjS;Kl&E%>Y?BFFQaai-!>Y z#`h!j){nfbvaO4aANi1dHmGOo@h!}UZq&G>n>e?b7#XbZRDuJ$=w}?Dwe4Vi=eB$N z^_@MmmydEQfy@0CL9W?^57wFQOgrPtGGMG@KCC<<WP;0ENGFQ-Hx7x>jXEY{)%$*d_K>EbpqCx-1Yad z_vT|J51eiN-4Ef9xm!(T+(E89tdsYLE~8KVT@Nr$deA(B_h#-~K1}l0T-Z+DjX?bY zcP4#;cWyAIi?nNv%y)h|;2|_;W+FS*$D9uY^Kdt@zPqvdmp%_(h=X5wvF4@Us3DIEN3;J5tV_8>{~!LZkT5!)F{H zg7Ir%em)dNaTMn8p%xr>Z>;`m1c&(W2NuWY`IdhD`=66bmn`<<%awRGzKroZo{hIA zhFnQ{=cqedcXw3d^E4MeNk&$V1ox@*lUK<05b_CA~J?FC!X`gO72udm^6A?M}x1-0oD|=3vx0 z8_(|NV7(|a$TQJ?nC~F29^v=Vcy>R>i6rw?(0DxQ=YV_Teh#>wdIx}KV@??NN1*L& z(p#nXo2V`AjDOxu{XOxCIpF>zcXuScyCOUZ?ZtT~_YZEYo`($6r+~XRsj<7cljkAE z#pCvK?52EA(t9^>or?)H(FZON;d|Q zK99E2Cg4#YzjwsL{4tc}R`5|@`e9_*3H|q4S=PQY_0wiwmYV+w^NT)k?nruodDSnSR-(bzKZdU3=<-zES>Nuak=RIikZ*$zNn`O4dnQyVV^TAmuXZ6PFpGbFl zpjG!1^~SxIc@L%XgO|jgEy$)P>5cXxpQ0nrt$4Cn?|~gPzOI`#kvI|X=PMufaHYc<5h_Rbfe`0BLJ_CIZ!|zsfax*@8U6aZAbdDq7mGdxlKDUt%-;Yw)33#*k~k>cb4KTX zpz}G?uT6fx+=NrP3|dTnzoyB|%Z*zn-VEF}>dH3O@*T*%o!{%?VGjP9(KGnimgIhC zt#LvVxj?4bwrz>DZRPhG?21^SGgjd|Njvgim-HS-{^?bgpDn;_PI?8v>_BH+=rOr= z6EGq%D9kTffw3m(t+6_EXaL)5O8UGPJ!ZcEF|5&VkADy6;s2NFHd2>-GMKCVF3%*V z;Z4Z6gEGnH&@HJOqB7ZlOrAg{txaC09vL7{Gq>*CnsT1nSY3q-+??M^_&a++&TIUc%12m zwguqcjQ%Z*_{K`>8>_5utf5Xa>l?E=8pLhr_`=5ODHguVyV5sEe-=V_B{sjn`o?nW z8|MPAB9CvZK~Bk}_cq>3V%pNq_{Le(FU#W_=feMrq<4WkFWho)Rq@$^J@s729#_7% z>i2!jFT}I^oMvY6hCXH%c*~OBDZwdC`g^E~X`?+@(=ohw$mY%l|;OMmMe$a0dc9H&&3&A_TjZUwv8RH$1kF_k_eMyEL!EWr&3^r^YT2!HcIWRp4{T$v zjB>pop9*Mj9t-pw{r&33>fbSKoC`0Lhw45A#Z>qFl6?vM)gtNJR(zG>*Tn)8zxr(+ zuk``<{N#OspFXsUxOH)n@4wDcH}GGh{61e0`Y&U9XBV;7xX90GzJ@)^_nn}geBa4P z+f)1=DG1jq!<=Sx5&HrcdCQP#(67u%V4m<{`Z*2#+rH7}G-at-ziIDWf#z{{uABna z$Rh7f>Cq1Q&APVi-OLs2n7l7ImumR^MBr~`bLM_yb(!UzJChupy3!BRmqFW?!;!um z;rG!3ugjh-4Crt*2d~zX}*4c0rzjoZWVJ_133U4kvt?=15O`-4@Vby7x()-y%%}92NscY z&=!B|4)8q?@#}kmLtKdZ^;)&rOB-?t?IDcPJpzo=v_C^!cpSQn58nX{$$WtCKwozA zdryHk!W#D~>0b-}G+(^b^B&v2H`0D9zx&WPJEvmS;S3DonZ{IGC>P!Ak9n`)DkAes4yGcK$ll$F1UpUgUiVIO?}}ehi)Z0Ux6;J9)lkk>RiAuiSw}US`K4KMz=oUy&WP zTe{ap=*jb_|j_^`FYhkV74zZdB79U80GR~ma1i^-Q_fE}R@eJBd*Kn@QS=$<(|${% z^?lA?!B53mlPkq^&{a^>7{TML<+cEF5QLY4h!?yrOtUQ%z2FE`}aMYEj+?E3Gd*BdVA^c|G zw=D9G6IYHyb4Ip~jVgw^tB^H5qJNfC`OmVE9gFuZV~s@XTfSeMWc*^V_sZPsxnt5k z6FW@am$*;_Z*{MVU}kecUx${>a4NfV%NqQ$#B~l=r_&BNZn7YoW7HRT+T*1=Eyu}A zeua1{zw&9uXF8AMCKvhnMiuRqZ`2e_%s1*6nSA5bjWteZ&U}HAl z7|{JV>Qh;PcMhEA$_vJymzoQmG0vA(6!>}80{XSEARMy>K4ZAj$KRv7RVuKPvPFLV znbef5_U=fM7KOi#p+5EMqadhGcnM2>jwK&rJQXI`159%-x?CWB&ZX zr5I~bu}~J_{6Qi3ix+wI(glmlj^;>$=~*0xSjCnp|1 zM4jPN;8IsRPO}6!+l2leS}F`Oy==;M>H>lM~@B6TFkaJ5d)IgTE^^VBtAu z{4w)5n?F7g&WC^#_{hw0`oK6W99Pwn2W2)^zx;7CXKUswo0(T`+!)(`Y#cmUq+uJgXcT{14T zsh`Gvda0jJueJieug?1;>WiO4JN)mFUY_p&*5NvDx0Q{`4c|7${O>I>FU&m;!t)Co ztJ~nYyQL1CjGudK-y`Gpmo5C^9$;^-^W$#p_Ebd#hx2c~4j5dUA~ zCX1tcB97e_htbb&UpJKhW!6Vvbpq?^#_AfuT5n->O@#HQz;e5wb4@9^6!P6&>isus zV_&9hcrX3f6Vc^Ex2GaNSu z6V`2?Sod?P+fLm9;7ZTisH1&KKKxO4t^Q}{=|61y)uMK7@NKR5!uwwt*O~FG=4$D` ziP69daj%((`#!-~18(YT{`wVrPezbyI7MA1?+W+fZFqNT7kqom-0L7?)EQmXKU`(T zVHd8Md)2<%&%HX|Jt6mMLC>^jIbZJex7^|Jy5&JYr^&lwb5ofXbmzt#n(OAK+}4=) zc`I+(N0=M6)On{{>$165=iHQYOIP)K@DoAqH4euiaI6ByoE#jnc`3I!=Cy)j9Q;+l zZ?5zHJNb%oFSlIl2&}i2+4aZ<>sK0)O;grSgnnfK>w^myd%eeyliJeG_?0B}>thph zoksM$sm}Yn?n`OlcZI(mSxqjfb2ZvWALcqqd`Eqq_ZW4TyU@m3Wg_3+uBw>7r=cbm zu7{g-8`am|u1a68US8=`uF>AEs=5jLXN%a|wTygy+&%RRWAZ;QjvE)%)P?&U8lX$O z{Khxw`$Fj`<5I1sR#?y&#M8ec*J< zu&HwVesqrmd0z0&b!ayG96}k*&9=W)?S*fq#WyP!&S{wECH8q~%!|)q51saZ&CH=& z`!lAq-XFKL7uq((Sy+Kxq-SMuk8u}@TX+pvmmHrDS9lk#&ex1N;n+5WRh)(ObHTdA zdpfW1F8f?QAWM@sTm&Y02z?m8r)tcXwa&l%1UQo62a)0M#aeQph!5T{FV&-Qr^a~i z#Rt#ts@8suFGOv7{-8gvb8sH(j$PG%^)cV4Jc6&&9uCPMQ~V%jO`%2e3upNb<`+i! zeclP@qvYR=-YOqD%R4bgYW;bsJG*!<W3Hn|zgXhY@>gK21qmK8m<^Upo=k!tDLB0Dv&&=sK^HcHZ)m_y~kZ*brxC43*r@t0w<|gQy=~plBJeAMc3XaGe zMKD*I?xXFFTJIi<<9~`Ty|mqGb+*TE7tOD~K%IIAwOjM39;vN*p5&S#@OsLuMJ+B;It@~-MXeK6~T1VemwYtR|Z zowxXXLKn*@1e{1WXm6|{v{?t+M4T4?=JrS(fysuS@`3(%v5 z@T0=|r84W6%0)*Wzf?s(Yihmwj)GflX=nV>OzO|VFA@K>MjHC1a{SWVT5ka~k3j2i z8UHJNo%&7qlM(&&-}JpyIJ5h7LYR4-0Fe9vmD#}DXPB{>v1;2$%t{{ES< znJ@9tID3ruAYSb#-g$MfATDU!vN%{$wuueSg$!{+ z^YuHsS}sRv5dXKo-5=u&(e`Rb!%k>7@2(f@k2Chp*Cuvj{x+h;(9<^dsK#__DZjr*ffuJV|r6myt2> zqC63-HyFF*Yg5M_xofo%K5R9l^;Xe3%coWPr2R_$yc3N5Wt=a%`En@BVq`hRdGW4m z(7By_&fo-AE}bu5gU%TGc&#?PXT<3H-)dfo-|BA$y_z>YYai#om|u@RWykANYU9u5 z%1pjQu;df^d0%@!?`z*4fB5q6{Nl|XosZS~O~<`oJXy@U^`}`@_z@A?hW_?UkpC2DjPT12GJpeNnO=A`ZDVe25ipH=oV=rXG5m zE}fiW47%@=Z?JD?Gqyg-xqdk|F@Lh|lPGGNeUr~O@}Pah#_O4P56e2=Hok0rq|7OG z9(WDhZVPyc16tQJbU>fp-Ja(C@&JL%nC=oy3#V!`(uaz}jmQ0tV`5dJCX+c5s> z?`ybo1Gx+n3x?u_sUgJ;o(Zme{{Zq+8Dp+ps)rBSm01JqHh8#}?{z5S{(J;I2+I-#cZ~5^VT;&DFhKjSemIkYQTvZ0BJ0 zP#NzxO3*jiHv0nmyWUAm@?(>1zCVs%70=~grH9zj7M%v*`R3ej<&&KZ35yXZCTg$q>)3Zuj%84D!TAyTvEX^^L^~kV7GP zRV+0G4Y@K9{{o%(CVU{~kq#vUw$PxFJZ78b@;1jCJ~c59P`q>3QFh7MmnN1d z)|i~Q9eoXQfHrhx6`y9x2l*VaMJPqPW-ILH(}>P<%!f#jpH5W*$}YP_`IF$`B0h31E^>6fG%Kff`{FFZ{~ZD zb`6fVFKE|L>rEbG4Akf__f8#h2hAO&d#KyX_g4I7pW`jWZVVpizn!?EykTfB^|!#w zBHq=okh;)p;^2ZT-CF}Z_{O`zb8cZRGWBU2s^oh=?G8A6*LuZ^JMS<4y!Kibckkld z{m%Hz%O>yQey{m_cE)eIYg^aM%iFqMH}Pd#*NJ6+!53<*^+E2Uz%Q7&3(ZX^wvrE-xeAy6((`$R%#ECxn$o!J zK>XIrnmbVZi^7*()CFTl+F$KhwiCMi`3mIsp1=2FW^SA9tS^~(p3^2D{2;#m-aWw> zGK)jH-_MxQ%->=I=J#~$Q+p%PYt2DDg8k^ujv(&8x)r-YuQDa3-srHUC5wRfqAFa8UF!2HRJdac*#5u&p)VrWjZUDuPIHe-V^A_cPf_zr^$1v`<+Gq{XMB=h7XBd|Dd`v z{ko4#b?*Eab=|pEf0(;4XAEd7y%DayWXt0Q-?m#*j{xH|__qCkcv9-aSjN1Id|W=B zZJ%Lv1^8DxmXb%ueEkCcv)ABR%#OXuUB|U?OMMyxIce{7KAf@ZEKcg@;#_wPoU7T_ zX>>YI8_VzSEc*O=Qu8biyTn834fBWdikv%Fiib0O`q;PqLFK~Yzv^o~!|<_nA|IF6 zVavt;F&|fRzp$YX9Jzg3bd5e83i9rpHrUTNeLs8+J{}5u1NC!p-hK_7bI899ojGk> zY(_TrGWwxNg)aTqx=WgutZpJNl)4wMei#%b*Sl7r?K1jc=cGT?z zm$88;&NMo(eWdKJ3&a@W=Dvi(9Mz+*oK{M@4EG+ z=Lc_nDN48e$oA5*yPhvEyX*bp`QRsCa?5M?k%+r( z&^(gcHWPd7QR->GyXb%KpAmD);9I$~Z?}CmPtP>pD;~~wW-x{~{dNnp>#S;ftLouX z)OMR~`wl&muL#=8kHE9swk4{E-KcGfw(`*jl4Xzgx0c=2k57IYKQr6%xb8o}<2iQT zDav1+y)g3@$(EO{C7ab3eI7^KsgJi=+|YE*wi_-?Y&$k6n=2p&PP94cE_0R>ZLY?- z`;MEjJ^0NU<=yx)%>giPFfq3Ybm?P8mlhFwtlcGLKa~kgGF4h>nqi z{Qhc3k~ueDXRO~UecJJ1Nf%;Y^Yt(&>ql2j?vljUjMuGk@B{sL()2Tn;~M%AwvE~t z`q8E}>;Iejah3NMSsr~SG10C_t4&N5!>PN(`$|V^050ej>y-Jk-QtRF}Z*>{( z=w4`lZ7-{%=6)VC#>qYt?0)*?k7KgW(Wy|Mtsf0}BpJ`MV;B71T^iFRp5kskyT3tW zIOfE^llW+v=EPs3Jje+`7?Mw*W2f(89?Z~{)ice-q=6&)<}p6fy!V-JF~05+T{cI8 zf7&;&ojeIU3t@{s@}|q!+4b`{{~Uedy{6xpzj{t; z{u7^lN$v3iW?!e)7)+nRAN0AOJ{vfb$wh1qwwgRiV`tsZDO#`e`gw=?qq|m2pYTDF zNgp!N`g%V;N9CG77ap}U^blim=}B+e`p$Q8pO4@~^AhMZ>)+bDl%}0v1a$rZbc$a& zxxzR;W$h}P{|QFI^7^gX2DT2i2IXLJ4c*j8OGLHa~NWN zWw^ok;E)cp23-@oTkBBU;$OXI897Jds`HrkJ(%%LIq?&IrW=?8g=oGf7+Zj+9PDZ1_p@^#PY357sPo6v zkv*&a@IvMOKfY%>y1p&`+&%sHjyu^$-5-DGamhe*Y8_=K|BGfgPcYB{7wTY0`S z-i!}vzMQFq&MM{*Yxqv`sbp@YijVYS1~CdBWa$}w1^s-tU^2(Kt;?SS(|S$RrlhCa zLp}e<&R?xnX;EUEY zKH$>d`u;zp9sSlBK%Jou>gt^2PyQT!#^ERagLR_o->8f~dk&e3Zy9(o8ZX*4&~?-0 zJ7Uh=Wgl>!C@KQ?2Wp=Xe+5rE9>5E5|1B`pN6l}|o}69(&E?Z-J66u^r(}CCd{TSC zc`F!!zJCq6bKyjNpyrf^k!6$y`9JBc(N%b%v7~(D^Y}z^*30Cg`?fD+?+c(pIe9S+B`nAL+R6@ zFz?O!gJ`?!@YDI)#X|n(Z}*dHvhe zLz&+P;Ip2|rzc{a_iKJ3XAO6}FMuase2!QPzHzzZpkkVxGelOJ8}##nTP{D3+!V{6 z2dDB5mvvg*StdP}oOddRgQjuk8=(1-0_R1uhK-Dtu}@z2<7jR)L0!!O$hOo@zqMX+ zmCsPPj+>ox(fw8O(VvEHSYFU))oi<%Q1KGmXyxN4{a&%hI=@}-&^24GV7@yKK=F=-kA53qi;Mi z^s6`Atpz#uz&zcK0(goo4A5pbZTIlKw*Vf-kLfJ`JnkM$_bu{Rh~d*E#M8cDWz;bF{q<9xb5Ft|v=+U*_}eC$H=M z){{qj6S3>M6Rhvl-jcY_x#gz&I)B<({aJ9#1Kt~x$y>HSS1&a6KqK^xGB-ZDpR>dG zy3qsle~|OUhYPr?oZm~t9Bm9ur8|m*2ee* zb=_{@kmJA1e7^L{JSPSw-se2<1ocJJ@vj2Adl74;KF&wcyZOY_#O<##}+(3cRdP4*1-I?9L}&+uGlGfdo|Ot__QpZyzjm;XWg zXYf192aUejdWsqMqHl(W>%iBw$opexJJ$x!PC~;e=o#VrEZ?K(3uQ6JZ$HtU9&OY= z%V#a+qkOlEo}$s^#MRrtqkWXa5qcJa$L*kAGiQg%ZCAjH`Ey=-}9fz0}|J@t54QllO6t=swBB>~(1O z`SCPu6i2TY4Z9cbbK{9S+~xxBpCr>(U_+OAPjl0Fo*EmbJWaWHbR#@9ec+k;I*zA2 zQyua2@-EBMCSb3zJgujnmkK!J124z;=3X3^J9q+~J|&*kQ=hwWG7Xe-zfPvn=fgAb zLHBJLo<`{TXYfeJ&aJ0i%OY>IauH|bi+3%T4IbuMRfM-Smbb|q-Zls)yyXs|alBo7 zlh4~hcsmGh%ckse*F<>RIG(rrMavq?+sXn@``+9dU_+nb?SeeKr94f!`1aSlTS0xv z@N5Eac^2??d%)WT)Jw zkAUz5I%aqqp=Xojt#squ%tc-?I@^ZMu9$P=xpTApwr&}+#1G8lUJUb|uDRe4FS#>n z94{N+;qx;7j+gr5pLmJ)C+&0RMtE5U*UY8?tB`HAzQxVKCR2~N8*{`dxW0(;K@`iLXPzF zlFr&r-6dbYO=o(>fF=GWbNIX9oj!k)@HYv6H^bkv@vI++kLT~(#NV??-w#}haUay! z%%=q(n{m%_4)6%yqtGiJpXc19^})g2H>y{LjhSy~Q{L>3iq_h@i&(=neqO%)1h9Z% zbiw+5_atzEpE+gWkLX+`drfUlulWkyX&}DKkDuY*7xx7HKE?U?lXV{V;@>ruyesgZ zwB4n%_$CJFOw4h9qmwSNN%6wu^dp>2rLABd1D?Jsq)W$vD_Ra)T8{X%1oxU}&ej1J zyoc+&QR=REwCye;d8b9(@*@{3FdgYYjS-IRG7c2A|wPzki7(P9^u2+@Q5# zb04g76Y0hl+V=pfhdXx3JTVjL5hYwoE_d<=Y3kb5YW5B zrwcWJt z;OMC%KZCAb>bEC}E!^9_m2=bBuEyQ6UBML$%~dJ(-7OlsX}6g+U4Fk3VO}^Tm610rr#obo50r{P!iT3c^?WV8nO>;NX*DXBj$@cY|>T3ruwj{~HXwzf++J#+AaUQ6IUY%#n z?dzM|w{dPWIC=w5_jB%k{P{ZBQt_*!{BA=JEBLLuN=J8tzwbS~-;&&S z@I9%~Uh?NX(6g7ao+aKiZ2n(*mw1n|ujy$%zy0L2-nJ)SBM+WN9$ef#+vdTw?8VCn z2JLn3Q};C(e)i_@bL?iHpK{s7AGp@$@Utt+&sXS^yB1!wBWL=YS;y}-?qtDU z*6`nj#tigf3$N<#1kI~0lkVxBXzAVtWWC0h_0#Cy3(#hCug}V)8U7xD2Fc_oG9j+I z$KlBdo}J9fq)swv2KR|1_j1wZq?Ji)R{!$J;cEb2V?_T}*}m35!+F}PuNUcSoW5S7uUB|BmhI~l z^|b~VSCY(I(Pqr{wLa!8XI=Wk*U-OD2Kv`TUn==<547}cv?}Jc{nJ-|Se)APM)4)q(B9}` z((;x&m&fHnHM6ZQ&O#TP8B>F6VGeKWv%Gz`c)Jk3RK~pTOBbv7y#QUD&Y4W)H@f%z-5V99qgh=e-Wpx&pzeBTDSvN@ z`yAmdx;B8WbwS%E%63>?8~8PJ?NM}1FlcXdt=RIlEr+k`%dM{6jIKR&*=+~c6=!@L zDarD+TYSC39Oanf>slNhU1EM`hU2wK*Pt;2eMZ+V`DY`fXFvWj?RHSNA@1qDci-dl z!WCZ!e@L0?xP#zfK0$L1#qeKu7MV97XeGW~|RM)lqD|Uws?}?nOR(;m3Yta)9r_N#5AuNzB3c z?-9_Q3jypUYBR8yc>wZVo0pk;AILGEE^{ic(#Ab(^0n`}r>K)Bhx(#;bPAmN{T!~q z&Se_7haK`y_;7^tAbY_>9o^wza;oF@jPeQKo@8GH{nDOBGj2Z$yd%t^tH1j>djfw< z{5wG1!JKo->i-GW7*5uD?-H+UTR&H${$9>M+xZcVkHoLx1Mpywz2@}a$Z$XSj%yz^ z^CLT;^$5H>3h$2deS+_kSsVKj_mX6G)DpYs%YbONHntnOa&jl#(J;K1{FFO8GUO1t zKf&nOR@#ZLbI48m_zhnZ_Wnh809uqgoyyVqvblHrxf43yh0dRauAUs7-!1t5e8}JH zu9qI@>}CGd_WO2ZmFXjI4rH;(%A(uKVl%XCiJTYT1TEAza_ET2VLkP_^2lK`{oPXQ zeUG&^*S0lsXs7a#({LM&bW?`gxJ>OMG9+%HjQz!y5W` z2|2U@|B98vTF0ADUiSfXDe!gacIaAH>pcS=o#)Fm&bd_f7rT0|Q%jCa z*Jfq<3CXmDKDTlX6PacX^LrJ3tcd;xcG}Eu^eGr4y3n10W}|nj952YTpMMru&9uii zOt<>+H9b3vegyuj!TPU8N4lEQT?_I-uh{XdWTrC-X53K&-g5Xgmp)YRy@2n9lfxMN zH@a`520ko+o}|OP0^jvMybN}u_si;x_HY9_(d7HJTj+0Q1R58bxp?diSyzHbzG@ER z;VORPt3umJT0U1!9v_EK&G-4-rSre=nfIyb3|u&uSnuNtY-db&WGoO~#~ZS|`IvZ9 z72!>}<;`5nn~FTVnQM776FQUdq#nEtd^hsll;zEn;>}EGZ-gha;7t?XWj?$jc%!{p zhBxK#royN7b!gPOpZ0Xko9uYMsX2~Ww*RYg`+tYuf7V{KMy_}2X^%tL|FZG@KcN1X z2)5(t?k=~G-^KW7e+~7Ei6Zq&pX{E89q(t)LvgJ)Huzss+5`HlwcqPM7;kx9_NMWZ z-UFyMnWz5bhdXEPe&d-xAAIAL>wZZ-QS_?T4VYIEJpcFPAh*Eo*2AwpY;rF&4`P%1 z`QOFwO_c4mHo5=Tu*nQIDHyajdky0BsSqEg{sAWg4B>a{rydSmXCk0YmGw<_r%yWA?b%xv%+lZZU)W%$k?_ zYs;R&*28m(lxwX|b63m%`mJd$2Va`LnLW;t{jp~5J_1Mg(Tojh&%+G%JY3Hn%SoyJ zc0vj+mh=gDq>1fzGmRi}&7hNOuG4 z>=?enoF~UOrIWzHezn)Zto2q%--y51oBU-ctGTsavt$LY+zF$r-ON9xp6@>mobthvNJjzLZb=<7N*RYc%E#iG^W0TedyD^g^|Kq@3iir z0>+u-p`Sb-f5+uM=7FBMfwOe&@4V|9oSByVbcRkoIx$^q?GN*;=5@UTOF2xG{{IR6 z`FI`JOc%Vl+A*Hrx%&)qZ8~Z%&(dD}`M+f^Pr|>qvhh{m`*rN)^q zM|8i0&TA>QBqr;FzM~uC^c{I_{gU0Q!*8AK(ix>n-F;o?m~$iK68;{YLe}Hrw?0k` zd3>4OS0bOU`VUb5K)menZP+C1`j5XHcRr|jPWi2EU7SBNcQ%;4&mo=iaog>_jOe<# zVD42e{~xr??zhOU@B3~3`I`8$d$zJ|gs(TmckQ-;ZvFgy(yeU!v93b=*Uk7ZW-OD1 zsebl9XphpH_z#_L9d2ZAWRv5aUPTT)!G9I(%Cu14O8FYf9dxeQA#e2e;|#Y^w$|~! z?l>=){SRxgsVUA2Nq9TbguEK@2Ms(+`e%8y$4WLdpfi|lJg;(?{{<#KFz^XQ_$tj^ z>)janY^W|cV^rn)ovR%WA7y+vxt#DS7VPQ6H}HEHdeYFdnmb2_SAkph zF52+TX?(Hn{z$LGe{$BXi21TKa~Wqgj`c{N5{1qOH5ZnT9-ZHi&u0JU4}~w69y7iH z&pCKt_Ju7Zx5w{{Ryf`OXGd%CE44*Bn|nRFS&HAf|FT;S9q}gKZ3|zl&)WIKn>|0P z2L^C-{&hsYs>1p$;Qvg1tE-f~tvC37>*5V}eItJ3;CxL=?@>?rKeaH$ap7tqt3dS zJeJtfkN%jrNBmIS(!C}5c)j{p{`rTu!fWCcek8yZ=#z;V&=u%Kt=48s=qrAdnEfUB z(nls)I*MzVA9h~Q_(=P8h9m9DtUd*8b@o~@cRTN}d!BdSZ723TPwZ(&&y<^`3-j|a z_V0dQ()f{~xc26Z*JE=pZ3B0`eP8= zsApsae}b}%oj)?NqI?M1$fo{LYjN;NXR!M@@4}hN$9FL<-N~3qcz+CDtq15XlAz6t z&(j7S)EGpudp15^x<9WdzdW|%ccg~Ka(LcAtFBl1_b%hR7s>QYmtT& zSQ4j}Uv5!@Qj3B#Z9&;CrL-%v)B;XhP}=H#o zkv=mySwuI-e!iV{jIM)5?>W&+EGDuIT6M}cg~!RYZq{%UOKFe#6AcZBEh~ceGJ|(6 zzepjS?yXx0@BVc9zT5li^ajnBQ_$(lDL)XM?!~h|o&FQn41S&NuR9Q(?ypl!r++uw zUQVa`>$*DqwfDVsot|clk#C+g$vdOd_kM2RI^EyTQ`PA|CKr!ar++s%0G-ZUkxu{p z=Ds@JkI%cM(;v9;kE7H5{dM{5TKKF#-FiB7y1(tysnZv+pXuu5Q_<-cIQ-<+EvD0N zQr>ruPWSg^pgR2);`vUd)4j0GIf~Pu)BhU$|F7uugxL=~HJ$#*p8j>Zmu5!R_oLH4 zsuGoV5wRa%fUh%rF%(eXE64khrVds~a zb3+;zb9T{Vt7%-0LH|z1#n|~3tnIXJC8k9>u6C2H;~v8gqP27 znuD_SzlE)D9jTkI@+&r^IM-y(&S@V4`%->6)!XRwhnS@MY7T$cljpLy4f(SRG*1>_ zN87n@PDaZuP96$x9kqSU0BG6ltP8z$y*8`Pf0{Eo&}%Pi2A$72WPCx(d&)|&>*0IZ z?^=77LNCobuMb6bzs~ZACgQUW&adgLsO-fMd9Wm(wf5236eCl3Uyi*|!+pq<->x$( z8Z(_Ak#AUcB+Hlo2yjBc(fUVoP;q4PyQWwV>VL)GzQNDimjpPT>Y0@geDO}7S$Xgq z$Y%J=oSOxAcTJaF@A1vQ-n)hMp3V@M^`3YXI%~amHT$P#UF;hN|CyE9;!dB zr$75~_AKSk_O_{c>&n~~+8c;J`yO(K_|K_jWeGAvXZ)Hqx0%Mxaj|!b1H~GBLk>0awf;omUK`!RK?`IA?W#grJInh3+I6z%~ z`0It|z}QpN<#hwsX&xJ!uiVM&toe+Oa+hQZdRO*`e1*3DwX$)2r?P(@0ar(UX5013&&F!6{LJOC z@b8~5IUVCX=A9qsuWdhlbKrsjj`PsdL7R6$KFmFhwCQ|sVDjOgzxDrzeCWCL^zqHN z21uJt&?YYjbg=wLx`Q0hi<$d#S=+5=9kGhF;TraA*IL9gSef6>BUWmWUyiU(w25+2 z%50^~cFNplv9}P+<|{w8%*sTj;D=bRxCr(b=aDmf5%Og*|L>sAPU`F;wq+>yHGqTm z(c?k(FFUPFyefD^F?sWT`Q}c=%pF^%wLAIvS6G=(0W-P6dDlta{H0cAh0~7iIQkZK zRNlnaP%h1WMtV2+x6r?PdF}^KWMrbr%3SW&YpTyYr+TaE>APJ=cpDgN@iQql{Qz|j zTErmpe3*RA&w!iuN+_3n*&;V~p#A($kdw26@4K+)tk8Ddp`~2di65RIdY&*)& zV^2Q4v7R#}virzO!u!J+Y5zV>4X;!=P z&zd;PGl-M&-Iw9jaiXVkA8J3YH<*7{#xsKPa(%n@8N0@@mL{(c_g}2(s@#3fLe6G) z9Xf+H%hv3{4p+>ReRmf9tfHS&@XgTAeZUaCly5_8|2Xl@(Gsj&UuZ*Z|JyCVU0UCsf=`$8?%k9V zYr#u6yj3|dM{}_e`Yg-IiBAC2FDI^a+L4^NgE|A16Z719$cd*_?-b<3AAZqSPK>|0 zA2~5M7;)vq9QKY+RZg5G*e8(_RmchD815q{=7u9#IWf6<%}V6NS14zAbGjoZ$P*S1 z4(E3n=azYfFKcV=L`Fo1x2;y&j*O5!r+Ti8NZgH#2w%1#Pev>YM&7cFKt^#kI})1w ze@jMumwxW2@9(sX_%eK0Oh$Ya90njG?sM1oUKz3Gyy7zAiEWOIfJayOWd!$2oq{cq zZQJZmZ92Iv@fq+ssf-v=+?KdV^UxJg|f>I^AzaJkI?<1?-3{ zUusTd?FiqUTW{Bn_%{7~H)O;Y;lpAw;!C3STx5Dhzjj0(JzQVaC*Rxm9x~UC_{mmB zM!=(z5qZAcN_c^|BJF8pb7+>TefBoWutA}Dl5;OFlj}lz0mS6?xO;|@6M1`vmGzl> zX-j)6t(^U+F2xq3j{FyTI`z!mP8$1d?wJMZ-6b69x8l7o2w)3hr`3Rm;`oF^7<)~A z)f6_D=rd%n_G5odmRF`a_JT|k=sMU<%d7H%@+u*qa{HUYzaqb?;0teR} z!uK}H?$kLma#h`E_a$$igzt%{y-zZXJ3-R?@4~qSn;@HO2^dMI>?`Elc%ibPUG-8o z0)Gd;d%&V+b6brBfdtzdr|CypVQmce8&49Am3f?(e}j)dUV} zbWg+C8(N8%jT0|RysF|JO>ROz?A_E!Z^A|m{`+jj6e_m0y3CF#^zwt+-SQr14bw3s z@7$4aJfHRcK;bk@Dhwy2eA~?d*4>Kdyn}mG^xQG~b@5RPd?CK$S;M#rANSs3cPzAL zDO~>fYv8hivX3(6s%Lnb^2_+2c~{N)PID=_)u!)vmXOnxI~%w|r=4#zbT(FS9so`X z`yKcXYVGz*;LC<&P1R0}ENjuF8_1Ps_LxmO;AQeDfU z+zo39egihmW)W54F~9=Kslj7tG&sm!0~*4PQ`b zOO=sf{uph)JPkPa0QqU4_Tn8QkT2u;U1QGw$RB0ickIv-I?mQQx?=_)|~gY+dUKL!Bnuyc=tzaKU~{HMcL<_=kN2E$K>!!O%s2mJNb zuiG8E?g^e8&X(U5hT}h9njCCpWb4hxPgNay>~6;Pe(_hHEf=iMT=Z4w0FP;}iFvm_ zjjX8&Sf957yZbVI$# zC%tpF70Yg#F^W7ewLUyWZetMQ?n;e*<;8r#mRRf zE6EYJFTIHW(Kma7&zPLh@@dzvXT39(wvnILafi6t(fJhcyxnf!^tU@X#O8PT2v2NW z$~l6oxG&%gb1q4F2@BO}aPl-4s-yEUX=HD@5t=LozhyjE@T7mKMti=RznAiN8Q*9_ zy28+aewseuC%1HNvBNsjOFwj;Ddn7*Gk?#;pUj;?(#v*E>uZsL*J6*`wot2chR5ir zQgA^=$Aee)C{`*S<%zt{+MiCo$U^-LII=J?SFsEEv=P3?uw@I?b7kL$CgVFOP}i&h zj9$QA_UVOeToLf4Yr_Ya^T>Y}-?Y~*1cq4yQ1<-4ar6RoHfsxbU26;J5(_@lnRlae zfF;}od#vhIqN9dEBly3Z^~R;df7OsbYavhc)^@E?1Owi)r3cn@YWb%n;BlwIEg>51Ga2- z)sLdb{4vPpZgFtb-1fvBW_dij#$oIgd#IRD=~C7`v4^hUTysZ##N{pXcSRsV&Y;L+ z*azmk7ky0-d#E{?sMPbW**bTmIi?)!hEJo*X2wgc5B-VeGW1Ed1hVJEe=$k-4ELRP zTb#WD|5+Qw4_*pi`QiMu2%H9Tb4XwL;Yg2Z4jC%{hxSAaY!jQy zx!U!OGwJh))M9(@G=QGIoO05wW;~{eChp$p+3cNOg&oN=dew&JW#G_q_J+sQf6Aw@ z7dEqg(%zzp(F5P)bjBT-`nTj^iSM{-W~5Qex=UPdb3g`26x__^A_e^_vI&_cj9y9#OpKfni{n(wC5drkx6Xb%P5yO z@62B0*=_jI*oWj9zN)Pme=GB^?Gp9fH|I1*%-Bx1=iI~OL(zO~Ra@*MzO6Y|#+(BV zb1o7O^W-i{@wR`?eTOzpUdU6Oa|PfVS;H97Z+;aU3eCBjX-|EAZi_SLD8Iu$=fZDM z*M+6)b~w6jRFA9ccC0Ht=e{tZ@0?r9J9p0gmb(4TximcWR_EMBw9^|txvn!g8kqy| zUr}9`+>U&_&B{#9n{&h4&J%uS&JFkJx)JEQ5j}36Bv;?*4rKLxi^fOuE;y3A3P-lN z^KSM-uD-i`fcoz8o}u7i>${Of^<#QJzkXMc}IE8yHkl>t}d}2FlU9(*NWZMSplu( z6pvO`#yu3+1$t_4O14laXg#3yrDBsp*ctL~R^v~=PB3v*tX<9DhBig+kdgi1KZoP` zO0_1|KG)BW*lS^EJ)nDJzQ7$8vfE{&d(TGs&*UtHW}NvVe!1@%w#No?h7H>24BOY% zo!S|;Z6EIc4BOBCfiVPk_Kf?SVe{gpF>u!xW6$mX44c1Ru`_J@owoNxb7u(rbqk(h zi{|cA#un%N9(j8fTdeIo_aEceaqoZCnhrl*TQ&Df>CR(47r-wy&V5nr*_-t(ydn88 z5;>OrcAf8Ajpy4V*caOGv(KI6a=aN{9A@8dG+%tl-&#{tJAWJ75t>)rdm7?---TG` zLCo_)a|a*hDc`#kXa9R3^JRPNG|=W(zv&a|N5{Z( zEI!^RpGn^wi@*HX+sm<7!g#)&9E*OMG-vN}%+L8JU#!N&=wR#sW%)#yXQP7^j+J@w3o9+ctW`ZTs;eITpV_+rmRSbRanvZ~DwT zn`3bf_{%5er?soQFMu|Eb1cdSItm}?XwKJ{#uR%XKb{vx*2lfb!hfKgU`~##-6eIR zQQ0lrPs&~9>HXN&2TSUt>#)I~(! zm7di9@gRGa!D}|e@sZ0vCm*u>YRaJ%I#GYr#15DoYL(=>BG*`O3}@HJ^t_j{iUrsc zwR3A0qQ%Ndu0Q)qe56Y_i*Nf#h2PiM|2%2^3B~Knx3V|5w5Q~!Z|?k8@v+uD%Cm_d zPCVR!&7gCz%6Vt6OU9Tp@@f80&Eg$#SRw8$iZ_kL=QMVvO-Jr)HNL!DypZnL5x(bs z8GNU!jj=tc-51w|$XjOY7oNac!@h%w1xTw*)73N6)2vMO@R_w+z(N0qZn7E`@2GaF z2U)e+hmNnmYG$b1s%_%$ZpF=WH(+RN{T;WMvxQ~*7I1e`8TTnwGv*8Vd&qe|yW1_Z zkayhY)2;hwFW~P5@Wj68__o%L@%aAWh2Xg}$(wEdHh3ByDO)oMJ4mcrYZD=|5L07lwaT2Rn$F3UHKN%Q`mRnyKvOqcB)@v@GI+n zg!Z&QVa^~>=P}ih%%Bc*+vn$Jm$r8M4sC0#_A-ag&CppnPt86R@O}t7@u0! zEXpUxT=@?D`!>HU?WZtb=pVT4SiqbzeXHTFD*U19+csydBmI!Bgbq`HHP#wg!_SN_ zaR-L3%rULiOdJjE-bwrNO9}_^eQigShDZ zl#%aS{f1^cbf(nMv4*u7Hn;k7y}{SU!}X;;raQMAK5W)bMvkNF;w^S=x*R{83qPDY zQ!yFJ?cn0PN@Kv>O(RPuu}`i2uY&W}vB^(t>^pz|hV_{03r>G9TzUB0v66@RaJ=?| zaMb!C37zug;l!SrZH~;VVhnd!l7m-hEX;VkI$gK_GBq@pXouQKmHMVKqmVUolB!Tbh%tTI~9R=~T`X{H~v zt2S@-d@t8``XjuEduU4CH;vW*T*mHy5L#2wh3w7(xvXSIRN+Mem@I+!3dvzVbm^l+T zck`SH0sP9yXcPCq_f*T^*mu77=FZfs;oP3B{$9Zz3Go2i&_|j->DMUxI=tFwnSCoa z2ElE+`b_Hq#g04to5fo++%nFg@rwHP-td`u`%}X4H`uy`>Kz{2e?7@~>5%S5;lSOzj@9E z$|j}=UvfH5Wj-!e3(^grCqQi7@!OeTK&-A!Ed!xzPsq0v=E%hpWEHW0ZtobbX6&jCcM2`yKK_}_f^77)bDerM)ZHjV|d78&J zLmT-ajm`(}J4GA5CxEGSQW@|RoAMX5FMG}S7%A69KCoW)!cS}r5_4e15`!7fa(?KT z5P6MthCnhnM18GS^|x}ohR*ce?;TWmi@OUvX8^$MZ#S|g32J>AX8%86_W!*)P3`5& z(!#kDpbs%3@RIr?+{`-ct>sR*;Jev%ao&7!$7m2V8pyi1lpI7Sjl)xXt?)+nZ*$K^ zK#wb+OA7kPK4AQc$KiFzPdkKr4N77OXe|F?C-D3P zg6xw0^YWLVB{&?T{Z87~nbu^O7?DciX7GP1R-|^3;yR4)pdgJNu9U5^kh=)%++qGW zC4c_oe0)z&{^RewWUtp)SNzfQAOE%PQ-PkRlK=RN%3Z=ZiKjJIuKX`1Lz=U;W`4fn z1oQiK-G>Jp!5auHm)94VamVW-il6?ovnGN`FgAm|1qBMoQXw(*Gw!Dyp|Y- zUUv9Ovfiv4I|8xA@Lvl4OF%E%+tc*!Fm?u3aZ@ zKO|2UOwRISu8!LKc(%Rbb=|RPJzH`lSKq4}6#IoQ@hP1zsRL@S|I8esb#;%h_CY zDe@8hl4M>NlH&u-**u;-+yU4j_sJHLzr)1QqNj}BnuxBE9;!O^dl-gQ|KG{kyq>W- zRXe1SaXN_|lBJo^Gg-NxZ#T#e`4zVHN$ik3SneE|!W`)n58dI(%?E$L?EE2kWSkZ{Pt|ucK74_ z{Wlz(Ww*=6fKIR6M@|E9O%Z2OZCRP>LHt7f`xpC!s4*9rExqUSop&~V;cKTFhcz3nqP)w4wNWUo!7?P>XEiM)7<4+e6U z$X}=7T|7&426ELs{~+7$ojgnA@8`+R5gRq$xyZJs6i6WuR^UFh0N zX(z_o#6uyg+_OX#%E`nW(wUrro+Ua%by#b4sUGuCxuoCDS)yvr7;8Rj-&nYm0Z;y# z649ZSchj-USVMJA(LOTg-tgI2Wt->BhQ|kTmgsZH_*1lR@5|ZU@0@-6OU=+q<^q+qdPfAy1dmwtTybL}TVW{{6gr#@JVqefz|!g7$45KJS)&d)x9qnthws zUsn&#taw-K+q||p56}mdH!q9%ppI${iGIuFPc**eyt)JQ zLFLsc=7V}D+g_dzDzC09zd~kga`tfE{_o)WBfa5@Bk){|+$OQ~^U%DLv3ijwHu$k; z0_{oe6~-Ur)0d%r=~o%gLxby5uT#EdR4f#-{gp#$@7Oa9?F$|Wj8G2G(7E+@D1TSz zrjq0H-)}AHei=K2yjcq;pBW2T*6;<9{cYGr+pWOFU!*!2`^)Pip-Tf7tr>#P@Wpzw z_nYeV?cYrd)ujdp%pOi^+Mq~sa0C0vqhs6Vu#eTbFcP0;&Datk_9uE}UFxAgd-WWv zRyJblA?5LM;&z;PnEDS}OO8`kZ6#l)y^4z1^+ELZ_63pn5^Dyra5+2{2lDq3cMqvc zEe&M0vA397TN+6&1&^lp#NL<<9^uO)^OspOe(kNl%2$6yd0lF4ATwX}AEo|U>POFu zRn$=b=oOLbPg^tIAM~`p$ya~knRThHPW#i&h$OeF{p#3rru`+6&{}K8m%R0N`szPV z{oPLe+o-==^{2-EMfE$bjHEVLGoJ9)Kj5psd#LDZkHgE}G4m zIfFd-KjEvt>8!fcQK$Zj!I9)q>UUlkJ6rXGS4ZMsw`N@L)Yo12b1%0d)zGSXi&dv* zXs9)^dZkro#_iRL*lXOYoO*phr222H84o)3%(vjE*zff%xG)mhWzBfb`>kSBEUjQyX^JobHS#@$Xm)86z^v47LIaeRBon(-6wx2oB( zfBp#Hs+LEpe`?J*?+m*=Q?GGU>}q|RO1)>O=X~?yB7Vv1d()`cBGsEtAAW7kc+IJ& zxQSF{Nj}d$KfEqAvBc)Nt)WPA;>8)(xv|ielGqokfzh}!^4KxPZE#^atoF2R;7{|x z-#wx(RqMci5%{$({LWL@Z7Vu21@>rw{;%)MxReKGtZ=^h$FrKf=)CdVF)H>&?LAfZ6xxg}%u7{P-6a&gL;$INt%z?l;-1hpsM7JDoVB?7KOE zbqkzaG}(91uTQxj1=f}M%R#F?<>r*EYxS4g5?mL2-Ode@ZR136UHY}&B~L4s;7P{x zC_050y7@tChVBqfBllCCqhsk{c_j6ubGH1Ui`hp(R}J&Yo!y~2`AAcbmhgi=D+4C3 zMmi$>1nQe@QsJb zM_w6AY}zs>vGMSnM0Cp>$*WX&OkJXBOf2yz=jx+pMncZ{{d(xGaZNr-8_t-{;@xb< z!n}{3ogJeYMaH^$L_cGVZri6j2GxcK)_aP;Y8ciJEWzl=;W+{rBZa4{tH=3h-HWcS za&*k@L6Kw?GQMhTZ2BztyXDeIHRGq;9NGHQef1BO)um=RI--~Qvs8b4>>H|I^|46& zOmu`(f2?xWKFl~Af;Y-Myg@suqa$PK^<@#oTqzDRH6?8G##CQ>Ysd!so;m zi#P5SZ=4fL9Dq0W!y5-(-WUgOjEf}>!W+S}vb@ngj2Qca!0F&@6?ofYI5x`<_w(IZ zcje9f$$@^x5WKW5^uzj25m<-cwD(U7$&u84a616Ky>pRqNi~g+rNd`MQu`fxZ*}M$ z_R)Lp5PL4}43d*FoJlQWF5YW#HiNl%ulhYc*1P_!NO~9Ffo14@0D5aK9tHkU+Vawy zZ)PrboGU;1or&k6cX&c9@gnr@gx=i_y*nnb zOYbX-(5U$j#c3qo{uygKLvIhPi;KW&c(phz*`=xJ!}(pNxpPsC!~4l`jdiK$q*#ag zT>cYc1}Dc76*uF5|H+(0<;}MIiB7IdwD5j6eXbgj?eiq?Fu3i8u8#Z}$Gh<-9DeJV znC<`QA~-kyt~k!>|E+HSJ+MlOz-s6&4$ItIunT_k&Tnk(R8>VRy^Hz1)8V(pAF=26 z3Ln1>E4SzOflzzu!2EV}Ks)i8_WYj0{6*izAcmT3RpSRxGV=R*5=F74l2m+0XAZP5PU$Smy-pXJd0wjAw$$h#lC;nMy+ zS=#@A_l4&A;bd`oiS|>ow9mn6DFSQd^TlDAd@kFeeW^#bvQ9xK#?nugMzT3w4mz~I z(MS774ecYThZv`a;NusmGuWa1U}%4|Jl6YiX(Zik!!oqr4qa$3HNApgV?OQq2JIuM z==re<(SD6+KP8q}5AD}N`x{-_Pl4}wze#*QDoguMy0qVvqy4qKTb`x;d0E;oEkdv4 zzZa*MX#X#}oq6ApgY}Uju(lj64$I_L*$D0P_jKbxg}4%Tmqz-oT9I4tF5O0DtHUhCt7(7qGeuX1R=)}j5qKH4uHYSaE@X#X;_ zUkdFXb!h)6v_A^%UxoIsL3>~s+OKhFKmBa@{;GW1^UbFH`(jO^{S%`7`(uft(Edqi z|BOrf_d|Q$uMpo?W@ G%)ghMUM8ndABD^`>9#l-{sIN?m0WJwZ-Hg7pIqKe^!?E zIapsS0_*U@#bKE-Zi+i4^PX|{=-G+)$sk| z^b+k4aBrj;Uk|J)MPMZl6o;jpi>XCE+T)i=Redm)t{NLro@8T7&;6(^bDs6lzSp7s z;xjn^@KJm_&_3+YJ`C*W2V=dBVB zi_o>uelE11=g>ZS5q!`4xso~OWNH7~GabI4o1=Y_cgOzMl{p{G(*9ZAOXm3be&u(I z(@V6!%%y!t4%TBuUWs%36T;TE>q+V~Vs}5Lo54t!v&B)^X4@KHJ zyr+0O!nw-D*#m1=5m+m~QykXq;3OYgstLTCmPNJ^`>A|rY9m#?qz=8(o|-$%_SbcO zDE80SvWAP&zd_av-Q{F>w(3LK{`^%D92)K}j)U5InY-=$uvQg;mE2hzmT*gT(w9!2 z^u_iwurGciGW&V>xjSHdl2cjRPsOjao#z^SLsRi9T`(CRWx&cj?5-iIYP0?NND*AN z>?n?l`qiH8R}R*NMPN;i6^C`c#tDCCDm3|y z)S1I!co7@|-zbiQ`twz{KOR^o$_vlC=39%y5^k&$`SJ9Q(|X3Ka$bh`p}cYG?r)qr zXJ*IgKZ@Ye@U`N&s9%e-{mQ|5v#icOCV#m&tZ#yoeBY@kxJR$e=dW4tSFMF# z#Nn^1S+Sp9BVW+9`TW)N;cS046u}|zSH*Eqe}2bZg+>l|V12p>tmYew!xC<(-~@il z^Z84$E34qI*Yo*nzn8xlr)tJ2D+iipW&3q;5nLM97so~YdMMkk9IR1hzSW7t9sM&WwqO$dsaTQUpQ<_8 z{`^M~92!1T90&DhvD+UHtVfH$N;VaTCEQZ$C-MVFd|c-<|78PoPe%tGVthL0aqmnC zy0yf}xA(z!??Vrr$$rAu(L?V;4^4&tx`t7vqJ-zgJTK;M3wW}OJff~{3jb-g&)+VB zXY=ync&g7M-9CF@-C6`z!!^ZWY40m_ls+F_5!r^H<$aF*kX(k`=$IR;4`TQAV)wD9 zF}Yr6`o1zJ5&S8!v0pKEH+P7{s!zc+!VOq`xypDG( zdmK3$oSUV^CyL>JRdM`9izm5X(X`=#HLnP)WMgqy+RsZ(pUjUvIcz|49-8q_tyyAh zz>8d*MTCauDFQF>vEuMjQ^0d7YX`5dh`q&B#fVt? zwopWOc$&3C<9vJVFvYizIB$g3ZIRThA^f1jz0{fKteNMb*BeK~dJlvm>HRh=vv!!u zn95gl5Skr?X7G>hX;I&FhL*Jh{wD2p24g=g(fZ-1HXm8!qYlGIbK#?T4j*kDl;fjE z_&yOnI{2O}9~~`o_-JB|kABX(Ctq{;$k3471J0N{%C|!6iDbAq4TbmYyfMkaJD7v_ z6h4{^wBkoD~YrAPQSO#JlTEI-W!FN5zeXyWk9hj}+Ek1l6q z=`y`YKUQ8?ydR=VJdZ9pcoU1jOMaj@JnhA&rk}^})A@9nzQCc&kl5ocUG}?lDQAxh zx*UKm54m&+I&|S%IdqwRewHqokVBX999{mKcYpXF?>sBZ(&cx2bLLszylAd2-Vf2` zlX-N>!TVJac$3fXAKr*RC+7Jecb);;mN{p}VlFM7aA`3VpB=P#5?Vat(xTL%1>XjX z7E`jc_<>7{!8uyo&%5u77PRxoPd;AZ|NkM?I}Y5&b4v^qS#e_93eXrF`kS4H48oKqa$ zT5wamMLar^{OMP0h2rQkDg1;p5T%VUb|LzO}g{&<3;cYxOaL% z$3F2DjK{xnm!Iae7uF?3U^Q11?~`zg2f4p2xOBrd>_Fw-(iraxHj+EHv8QVh_T6IJ z26TN9Pk7cKU5$KSiv8DkF;DD2#!zdL2Oaybxw9nO*K>>EcUE!y#9Mc`ef7W^QUsP8 z+g?a^E9NE6U0AvUYa3(d`j3q7YZrEp!@Iga>I=jGD2G|zxK-u)(lxlSENF1=_AWAR zE8M<#U_Da=R?<0_T&OR0ezghoW%&lL4^O$(G>?Az2U~_US8+#&BlCY$q#gHse4%zk z{|{zy&cWJO1eO~cx`pqB;1!ggZ#s816`|Qk+AmZu`9|@2y_{P+u`xg{JS(R2k!A3# zVyntlT6F>Flb2`KQ&urO%^eflLX>yorifR)Ks4>Q4moLkbrheveG8*Y*(cE6%<75U z5vLem&bX9e`=;6BibqS19OB*#-5I5Q2IZ+sE#ezxCUH(u`2lq9r9v zC)a@Tu!qX5s5Chx^-Rt}XOQPT-f11V>p97|YiDj7 zY0bEca@>E~Bfm^5dDGMQ(W*5Eu={H`e_rQ)pXz*P?K|K3UdGwH`R?~B=R0e#ZO->J zxtx}|-^V%MS@VPxn+W{J$+z?wz6-xf-2=(~RV#Pr)ilf|x06lVLi2yi2uE*32j|5f zntVfw&1>?-cFziGjZqgrI(laO=#?{5$VZoH14|Dvfg*+q=IpUg?~f<_uom7z?Mb>%L0r3r>G9T%Gh> zDLTmq$KWup|N0HCe)8274r_!1^-qSwWLH=DV0iDJ7M-+4(fMcPBg&V36MK}OXm605 zF_!g!@z*mBT$B5><`Czk%zZq{`S($9(zuv8bl5wGR%p-hKJS`7cfZ&rx8pA$~>$(v{1-{&x=Ur#9ZXoB+y2r@r?$W;wd$>Z$Fo zIc@h>*QMJtgM7INJhmY8X>ZnD1NQ_*n3#3$d41f~x#iLeoDEo4vTl<1-Azte?u@Qvsq%#e-PqyBhy=!qJV_s+;9?s@6zqA$HOwK*s`;?f*{okvM zPR*pz(dMi>G^_!aw6SB#y2FgM=wtNk6y)J(oja3lx68S^{9CgPzLM+U9ipzm7nv@6 zQ`{jRqQ353JBH3p0z>V7I0Bt{-l_I0ZJBJ^XIxDCjJae;6YZP3Sde!*v#ItMjOH$u z4(t26e`V6p(8nxnR7*L*L^otv7Kg$4I4BpQ@(!Ckh_pS{!C^f(z$5ZGVM|~qm0Bh@ zdvk|!gnS#j^*MgunJxY#m(wScQEh7 zE0Q;iNsRnrJ-UO&=s?~nH{Bx65q6P7dmlVq#@{-BsC-$gWltg_7?Zji0wyk_?!Txj zzVYgIuU>ccxbO{`vx2(QWWvn7z?*Lcjw=td;U&f(O}?`W$kV)!Hk4P|B4@W(Kamsj zY486!V;eeQW$!CAcjdR?m{zee!7v5 zJC9DHE%)&ln)<)_X!r-{B|G8~51#h;dVCD7t{9I_Xee2ifTxsKl)2LGm*pDwLUxkT z6VfT1c?$PBXOvt$!6(t=s>BdlEHQ{usLbHmB`@==Ma3Pq&Aa z7ikdsCJ=M!CfVZGIkLa=_<#L`nUhO;e&E`2rr&|-{o1gBtPPvXlgIe7Cbr>77QIjW z1RbS2r7Pu^Xhm)gq;IXJZ#mdre-~>3$;@`!k9FTj@+q&m1%4F%3EDf0cH!rCuYKXI zUp>aYV`&o4yfQ&gzFX+l+%cg|ZB$RHUzgmWS zyQTlneVRMh$T?nvuhQhtN0u;0cu4Uc84@i9zezI-}xyaTB4)WPNgR;g{Xn7_;TyUck%l)r~sCWoGv*5bRB z!|i!+8(<;Q6 ziB|VRE7dOtA4B_E#s*)}5NsrkvBr}-dDkpJzRZ_iziD4?oLMgv8t0x*(YGn!aKc)b zoqM#=%X`xX-)gW+TBnbnSw=gdvd7P%U$)Ol^7HzV<3Z>!9Gtr-i%lvT+#Z_Dd9SOl zC-3KweYts5e}{K2xqX$7NIBZnxA_%zU;onS>r=uH8PI2rQT7*n>x2f!rb2&gVMANW zz5uP_;qh(qeeV7+YjpTyPxLwaj&^c6%QklWjJJDzB(9x$X+ZiUpAWoi7-Qohd$n$w zG(PmP`tf5v)(I_MfX47u7N*wTi3;*1G9O;xPJ(S#$-3mu-RJyjD?E#QR=;F#$Ob2G zRlDvXPqPN1uTQ77UZ{nC&}D-d%g@pe+55U9$!mkhqt`OeuI;%XFl1ks>}Bplk-hA! zd$PEQ$KC#oqJM_BSl8#-;~u?fbPN5Hza!hniL5!vA=n~a08aP^Mt+yRNY@ZcWpWjN zX0~-_r|x~Uf@>1YWAFVHULT8S=+`SdfaTRIL&CQ|y>ICcUg^5_7blh59~Hl%SIP#U zSLQoB)km-RWi#WZwJPy-zHyz&g$>vbBm>JoJU+q2#LMpzKz69qG!|?~>;x#k@#Y**?!b z!MkTqDz(?CdxHOA&jom?*jy+k4_&;}KKm8eCvaFXa1imzCu<`v)gs$hmn==vewV8to#i9*Z+?Q zAGL>nUwUjnvJyV;BP)URJ;4%hdu1i>A8^~?n~{|V$L3@u>o7wH_#GcoPF7M@Yd)hd zk`oHbO8T6YdkYwA`Ra|VL}sXO+ZXU;L%Axk1^&ZcOPX^%uOQ?JH{G$xU3F& z2w$9vJY+8Sm4{K;h^6ei5+6z5Twk^;D_T0vZIh3{D=T(=?ZnQOj%(XizY)mk8v61n z@NVUOH*4+ko31-3`S)4wu#${<30bbZK>rX391jJCcHcVrU+>;_-eY%9;~5GJ+xPX! zKfhbw7G8ME-QQE03%`E%nz8k-R0p=*y%0Z97c_)d|JT@WUK@#a>u6WLZ~3*fmh6UB zp+NbqHGv_w4gm-5#`+n5|BU+k;D_UhO3AaF&)J^`eov6Q&GO{GovSm>oo9R5FKp({ zv%SHwJ=byf&7R=5W?wf*&u`C;hp(MkjUP)fZTdSDsK0}|!|`{FWuNf5*}^4If87LY z(3s`b)@QyWyvlgGxWOk6)~K%TE?bK14_@7){Y%z1X3s$RGQ>ObwQ3(Tj%{0w4@37{ zyuoj8@G9C_%H0*4pZ?n~$R4|@XCJTxNBgu31EK9*i=pFC^2RnAdUm%CvzFXs+Vqq~ zE}61nr|dkt>;miq`8mvfLl|8S9NiDss(Wm&pB$^FM>EA>27EJ6HJK!Z-N<6F8zCSe+2)#Fj}F%;`t5zfsu5|KD!>e zF#jbBTCvyTQGUT?WhGRcu2lN|Y>yA*Ao>|MkYT-!$M z6SDVLvt5}n8Cg-nua4Nkz2T*8d!m(Xd&1|mU5w0;uOQAl!AI_z`<|fb8u_(!$6sr7 zX`99*)KJsi!5ZnCDo-1fU-xzRUS-mZf3-W$nEM)M?$oONB;S-b^rz&3l&>@nEVEwS zWb5y0XN}h?cy|3Ysf~QQk$du-`wdn9$(4*FZKO8U8(j*1`?YS)TN6|6pC}g(ew($j zViI~jWc(n!{}N2nWb$_5T%t_YTJ^v1_YWIG<+gOj?o`cn{ci(tt;7(x8|qJS5*c%pgwdu^)~CBAHd1J#dfz$Y#FLLJ#f zqJ!ee{e8KDa?%;Xbw2xBTK@(;dTyr`imhhyK8XwSM%^D!P?X7j%8AN1NG(4C+1?OujPzw!eM)vCH{mLZhVL^|ia^$lgF55MQ zza!3CSNlqnkWb!R_VEtxpGO8lJ7e3(j_Mi)Ey^{&ew~%QHPGGgI5d~dwgCPUkCyZI z!a#Yq_%!a=e%fnL-TD3S``LN)`Oa*EhkSqvS z>dbkb?wntZPEr4VOuxp)c;H!K7umXIrNg2E2Mn_U-n={|_{datq?Q8HsPi67J4wlXfqR&Koqo*jR z{nL2U@|o!QI^Cn|j(>70z9RJCO-{Sd02h70Se)B)Bju!jyu2s+xwh7)83+HJ*y1BI z)|6{vK5B1JHlD^y*czdI;t+W!lh93Lr!|b>4P@Cd?BP+)82yFX#$S;}zID+?_4OCb{Gn5JmA)CB zes0fR-g)NReY45q-yW*J>x%j7@BO^?tV+O3aVf~o_OeOex}x>Rdp^&Y zui49c`IYODhu-}ua|g1@K6S?xWfl2lp<&^&^S51*4&;|*-WD$VZ?|7jW7%bOZ=~+4 zP8j*$KWQ})C;=)(5?Y;)Ga0qa4@ChgPgVPAd^`%?Ix(GM%IO_1dQoq5T{l%}u~Q$hRe zgT)>}%7e+9MWGaZ-u_Y>uwziQ-#ovZlwb{}5-S*)I&u#(%;2bJ@~fcqix= z@owh6?hvxA89gMqz8&pZzV^t2&!e zL!a!s5IGxwp6py}MPAT)w93ltA%-pF#H+1`R}=W*_jHci!1~MR$a`yZF_8N9L;imO zotM_$t)UC|N}(596-RGu-)pdiuj!en+y&U+Za<|n6yv8l7qPz6ew^Q?Njfr+GVLce zEgMp z$zbWe=IE%Ne7tmTPH3Ne)q6Y6-q6x{_RL%Gb=81d>#Jwa}lz^vTe2EuZXeLo$+7Yd}8O`=#{i}Wm|~*7DFT8wS$#2_jXin(7j)A)+e$p=MyJM z%-_ttos}D^DHmrQVc@`bn;8qqCC*10AG*%;q?TEkR``W`4YuoSQ0Nlt`1R*<{{ZC_ zd$>d8JC|+{--bCmGuQoJdfc(6v@R4ZV^cT6gV@xo9lwx#JL*s6waoKI&BrnL9a$H- zZ7!nCGAmX_yE-d%i;E*|`t@b%Hh7Oa?;elbi*y^WbOCIq1VrW)$aC1>y@zGmyi>$knN+^ zCiJly-wSIpKUSJ-r36FBm87j&LNdrdZ-_fxltUmV_TrT@%9)1Ubz z)(rW-q?4gt`#!!epr2)o$3mWp^^l!}ud_YgIc9^Qzs5y!4*DZ&O?<4&W8JhX{Jy0A zN~buyrgeegFXW^<9@rS|qC*2C@1_&;d3 z3wdeu4Skpd?M*+W6X?f$&Q1)WpV9%Xe6P`1Iy@&@KZefGT$9}@{M&)|Fn=H9_a?ve zG8+$Q(Jfu4b;dS$(%p|q^4&Wwud)Z3;+@9yar_RtS6Fk@TShwN7oR<`^B&I0C70Uu zr4!RDB=^T6OUB~!xEi^SovCx@j@)N1T%_1+vq$S|_b0$}?53x@F((1X_hHNOkKYzGskB0b3W?wROytsT+pDaJ@+h^@eSDi^CLpFd{+&~3SQsyl{0 z`QPWoDKn0WJ3;?sX{A^iV{4c`lqP;+oX&tCjear_0?G40LMtt0X9#I_f>^O0OD z?d&1sogLlmo*hN6hd488_B))jqmvw6%-k^FYUoRi^UZ=T@1uXmz+JkzIk>!MA~bPy zdKO3V;NfgMXl|d_Tko|Z^;|yi?k{`m{d`v8_FO)g2p@Rs3eV55*3R>X!UKMqCeYy_ zN54)3hV~(uKlZsZ@%%V`qB-=I+)6VpA#6hR)tx_u=&;hELjwJ)y->d|QhtPL_E5!N zF1%Zyv*Pn5V@%(%QC0U0=4_!h+`cDXWB(2QRG+===nRS%PLg~YdAic-E#wzWG4F|czP%{SeV&#wC4I7X6k&X=2R>8SMH9hzHqmku;bzVFwI^z{Gd29 z(ef`emi~Rzw=qVaD=#V@@_kfB3S-2w(N-9i!6IJVt{HjM3J& zFh+m)AA3F)n@6>rb$hqx(E)Js^L*YsI)0PJsO@x*(YMU`yxe&ScU`Uho@Q(W<0B}Q z-9yZNS-p`PN!j-|$>)OYz&FK5NI&a;{K?2Z%E?bIy}|lyo4aSo+HP8=g}%o+V|@O_!` zukw72-!sHrS94#jY%Izc_zxpT*;nd%opQYv_2|RkKxPd*nsmw~D@)pIYI?D$_|^;U ztZm8@%|bG3#sZGwYrsbm#&+FsIr zjB?`ydt!hykPVsi4&c5{{hd5%%j`$(;_uy7CXCM4dClKSj|e_{>*ijh=jYe)_lVR) z`;M!?G;2vj_vNXNJE6r6@k`lu+Kr@wrTi|5qbXEPHTY>YY_cXbGZZPS=x*8{douPt^B>6bFbvB zXmse4gl}dOo3FbD5>?QXKI^{QG<_ykH;3&q6-6-tdT+Y@9dN{>1nW zQ@zkkV-u)Z6NCoWQid3tOjne>JK6};wC+lDz{jiTFaOJb@ZCQ+^Wb4e2UfBhQz4F172s=Q2#ZU=z4dS2SMf;38j({UJ6We$B+69?|hF~Wu50qa3_@EoiMn)4sP>!_VQe0E#)%eUB{yKHt@kX%5f)&BvkbENDZ0Xi}GAEa_LB#x=#9H#FJ= z-xr#T^0WASC4&70V9KYW`mW5F^UVRujOonP+iaO}7IG{rGp2~v;5n6NuQT_i@%MCm z4ve*8$Rsn=zSbYp5T(Mvd1Gz4jtu06D%_xEsV!RcyAnMf=fBmv}u7k_uB=H zZ-B<9V_v#8^nL$ba;JZ8KCdyaV$5k@bosveRA?Nh+2g2nr^ziZ89f-7$X+ z!}z-b-3Z^wH?8=YR5|@0%v?wIrs!WD4{3gicN|`ljMMr+xah2o_J+R!PWu1FrQkNr z=9!I7nPYl4k^6YyqwBfbEl;mU`{?zoymI4AxZC8^^m-J&xYx?u`AtW!S1Cs%W9zJK zj~%cwH$vyEUhlB=`saCP`m~>ZQ1_&Iy~)<=pK|LxRG*o0+sXC%%~J-Z*T2X*->cWB zQ?ICAUppw`&e0``HSS={#Urfkit6MEc`#hb# zYf!|iM@~hj&y$W?i(G!II=#%%>GT<$9tkzn8~=47o&G4et1lnW99YX7LzZ}SdgOG- zj-;CpGwRdn!=RbQWpY0{JxE^ARm=@Xr{Di-U!DGg*P&MtoqikrE2z^Yr-43-{HV*1==8QXpvBwK>F|!x=^mc( z>+}yhJkxwto=%UX7)x||B*nOgLm!D?Uq`y29s2yV%t=?D|L_&`xsS*E`uxZ0Q=u`GK9?+gJNmo~ zeNO+-=Q;k-+!Eh7d{juE-vv(MmshU@H|cZuy_%FSaKIh#UzdrAH2lRP|tw@0`n-YZ^DV?b zd-eHT>J`=JwI%JYKEICr{{iXq7U;C!o}U*A_S@0twHLP|M=sPlU4EO?2dvr+ef4=y zYF+^UbOXK=p5X@8CE&0qkohg`7t`k@;`ivq?RolqQAzti^?8)_=@M)ZGq%X&M(L-u zC)ej4*t_zD_gSM4b@VxXMxVE{7lfa{K9eDxt~0gXb^6oFrNP{&(>z#!)^tl^D z_{-JlkNzH=?&C4PPJdi|Dl~rRbdBF*_%Gk`8ht1_o&KTIbG+m7jKf2PboxEuB)Row zBe+SY!!NE*&*+_WI`3{kr+Z@t@F8aDVDeambNj@92Q3s|sJ%sJUp8A-GSsEnUs2B9 zlg;_}dxOdaSkAdeV)!bp%&~F!Bqkc)eilY{uOEKYUTboi#rXpEg11<)VGZzWC3Ycx z5%Ns%tv+)fF?tEb zquI&LpP=rEjf*(%X6FhN>=(CW_oTCUtM7r)wy)J+N4SKBf)hTNYR+rRkL|^AI5-x< zVarGxo*i3}!{H_5jLG2vE{bdZ=tI54-Ynlx?cS@U{#WpgvpVj1R{ZPj%~4_`f)mMWPvAtCD5*mpQ&Ay5aFW4B)`=$DBB8KxMJoV>}#fH-ijBlk*PObjwec_y{jrWjG>U2bOYQ#l&VekQRn z@|P+;TyjbKpdsSkv_IqKI#YZMc}O1=pNPldnOfPLiWdw)Ys~}2@yXWJ-?9-D_gpA8 z#;lnc*E_C2muvn;*;9pvz%em5+D9_9<6E`jXBZ3j+bxc*V&Z4`t}zwuJ_PMd+yvw6 zjgQfupZvIPxv|hD&rcgX>qt5{IF?=ueb!r<#Er=7jmYFp{_(fZ2I}tiW83+D8#LWP zogI$MW6!O6koBPEbK*vLp^4urzCX+Fc|9qoJ;xn`W2qMd?O$jne(M?Jxj%lZ%AOmk zXPBG5_^pKF4|BhH+E@pEi;sh8XqqTE1yNRrqa{EMN@; z{ubxQlF(ohXR~B?rn;?6ss%jfS(zVFPq`=(VeVpTWE@;y^I|LW+<(E3jkK|t@11;K zWM!V=o!}=I)n|q=H}uWy@lww0A@2hAZs^>?^Io3XyIyK#9(U_4g7c zJizlH&xg3@=V2=|-Jx+3+~{1Q zPR^}ovU!HQa>HvYtfkG~;8}V5lZv-YJ*mnatu)Mo~j;t$r? zVGBw}GH0&oXS6>$lJb7L~!9TVi(RE;ZhIq@iEpP>CmsXL74 z6Fe&%TA@cKfX`#JWyTKv?xIfju=>nP!TQYK2S@hokB;ooT|a9WGyV2QD`xKFZi-2B z9x?Y^Olsii(|J zkM+dYMt|w>$*+p?N#Nze?G=RG6gaY4d5#QhC)ZUpm+Q*km&q@k0&L>!{(?Ok8+PBE za(>ti>B6u@hc|CLHC;rGpa%^9!!K^UO_|X}W&1ckb+^V|Pvzg#d{B>N2yqL1W@E~bkL=^(G3k?we@+16D9)kk-5x5Pm7(HF@H<2~~uJxI*4iDO=! zcQ&28{FS_CE*d+8oO|&W>xgKhGuiiGTbuinu;pa?cfy~{q7Lk22GLYUOG!>&!lI~J~Q=FUuNCJT)JNQa}MX1GLow9SpRGae zM?x;>7w?=n^XHVs{%KRWJ>eB?@SyX(Y>0AWYprk2nTbY&(a{0RocaAWId9^Ww}9h4 z`-N@O23^~=uWWdczvX8cP+oAxR%abfH81#o4)Wy%Z+Hjuf_Lb=+K|>0(Gp@7#AnbQ zKGmAnJKmbhN%YpSDOM&1jg37nzMN`h-ox2F*?U^6DHfZv5qE1IXic}8Z_;B%N5Rvd z|FzARI;&Vy_SoHu16b|YU9vwDl)0WV;v?<*8+`!Wmngptxe-EcY$Lyb=EC0x$D<#{ zlW*P5?cmMxA9C`Mw!EY>>??Y_eev@AU-A9K#)X^{v(L4e{375m9~``K*s_7(DPnuk zf8eEcvhb@xZwj8BM>2QzI!`8uPSDPagXn4Od2nxzYCS^^24JS3uX4WYf8B$lcRCkZ zGupJX->mJt@rvl~`xe8yobPK5Uelv>mXQUFp=?1@cdT7kYo0tG9d(|$f|v5oGykxmew{s!=k24H&XWwCbF#(YILw2i)0Tlu{0)|w=+!M)p=ItH;eqZ zxVcO?cZluUf~|TF=b`>CN{&9x_w40-kI6r_SYt*WvPPa(sN0QiRE(XsZ{D%^5xAY$ zxP%zHM$Yk+nsYq(o-*mhjPD|HaYnkx-+K3KlUuJ={xi-j&tj~gg&PYcd3dZ5JBjkL zw-1sBL{H9TnK&^klAgUcEPb_Wc5^gvK*-V;tOX{mo`=B9_1KWMZT9IR_!(L znbH5Ntaj;t;T6IM=GwzL>z)pSC-2EExSjb|M@%03kybWurR;4Nc8K%UiV57VHkvqJ zr@Fv!>ng4g8D(PmWMjDfaqHcrdMmKK!RHwVA43=BsiDi%e7YDNvBGNCn%>|##m3d9 z>9=f}A`eVmWP)fKc47$)O{eDQvfQO9^G@d;4NW`j`z<8@E`p{Z%eq2m3Wb~54`Qyk zefXGghfW4xh>9c$Wf9c}M{5Lcm!JYwg$<$$fnmXu&K4Xu}aA|xI?HF5H zPVmww*L{I=7|BwyrRx0SgLf0f0WezTseasDnk zyyv^ziKcUuaowB8`Mx-7B$JQuNy!2IjVw6I->i`iMJsv~``e!^_{T1-Y0LB0w5`D_ zdeRTkzZV(Lhk158@p*^%yMq{NhhH_8sYjvx!|={Sw%oAFlpp5up7gy={r#T$2l)G7 zuDEKYcZI*V=Wn`Ux8D zr(F8U`i%C0|QDyhHTgVui9{N(LR9} zmvXhSh&GnlxVYsEE{)*Ad*KpLxy6(NAHmxLzqq-Yj#0+Q6w1A}oN`N{h020=4RUh` zzpi;U9y+HgA9;#ziklX!Pdc< z`B=*sGe#z-WVbUP=khLGfCq1bXLi(Qel8rh)BaY62WP>9wGI!Ch6hJGJO~dMKAH}^ zLOeJZc;WiYKLSrQ8YLc_F5Z#6ad>c=UDwNlL&SrOvGyVi52_vL;PT+_+0PS?iZ@eL z9v+$<|SEToTL2S^cvVpg|Lx5YoR@?lRkT?)X4gVv?Yh}|BW(ONhwZ&K_E=neoW3PkBY5{NOxw`J z55vF4k$+X~|Eb!C56l|JY2U1I)ZYSY9M!q-|8e*J@ljQG{{Ni}m`Zpt1}s?Gl{?5t(hw3`+S{y@8r&8W(a|9_woHBkD1K9=bZO>|32^YKJTM8g*JUP z-{lufCf-O=RPHswbdl$e`}U`#1hS+_-=>lpQ-T{BNV_ z@0slM9ovMjLk^$(3bSV7yZk{v?Nm!k>waVB*TS=V=qJQyr(^fl^L=B#A8Gth%`b#5 zTU@zwOX%HxNgV*8=LQ*IV# zMw5Q1+OL5x8iR>9s4-%E;AM;>*lYRhbjDu6_qu+YZQfhtyjSCSZwcR*;)e#Tt3C=& z%v|R2o90rjD7qER+#z98q z1Bll0L%+eF>ZBNYm(quDR>5bdgR|*;pOImXOMq!9_fcw&HOz65Gsg<%SnAAi3Ui#| z`Z*4qCG?kRj??LHMli9?nd5T{Z9SoTsFQP?WViLsaX;_HcLq62=gblR)H}ydFt43o8sPxFr2WJ;)_(H0 zTwmJwSNZZ^YI?g1tway_Ro<@lEzQ^G|Y0Wz#WzDO5Muo>s$i6p5Am8R@_5i(W{Ju`b z@lGO+H=ejTaXjQPf*f`shf!qt5OVDGdy?nHkm)XD`d-#GEvhGmkEykNv;RB9+kQV+ zI#TtlpGCJ^OHPOO#ln^NuzJSYS24N$JQJ^nr3=W>Qm&rj0a_Pin)7leH!D0xv5m#V z{H`X}ZO8n~y~gN*IQ=PRZ}Jhan+4zAx;c)#Y0uo$Y?8m^$aX91Q{^5T`~%z9evdxj zbF^e-rucsXz5_O6hQ2Q`a-jWe#ZMPd3v;R9)$ghUB^md`dX2wHU+-OlJXO#ho2LB} z-SuJgw&WK55W)}8defY5<$c$0_r@HrxATZUEIVX$BJaumca^e_u$2BC_{8(39z1+% zd_uvA{nDPrlkkN59(=sh_-*KomDK&$IZVy_0I*^@Yie;#mvx+!i8M6SWQ~ zK0RHr3&BwZ9MwU1h1w|a>~ih7Ba0d7=jLZ2U+MJwFYzq>?G_Bh!uN#UUCwVi`OS=l zPTK|?+H2JQ#fh0<@COq?!2qvkfkwX0h!D+mnq}=>2tVo3G%R*oJqTu zm5~Q%V`2p9@*w$=JU~zBH13r$yqh8q!1mK;!8@PTq6xAknyBtn9QhO9%Z@p6k(8-@ zBdwV$ct^jh-naVS2hPQV(yfX=?}O();Jo9N9d~@=LlFlyF)_xkVEkM%v>h2z9H?sv zxZ{1V47F6+ar^J~_Q#i%kL334%F$0g#Tf3qBu6&v$+eX$M|)}OzGrY(Y~wB|M~vUM zAXScB-7nZ$=-2SDBS)XnSvP){{A&*)${Zv||H57O9y!|WU3V@|k)u?)8#$uC7X*VN zN2(F6G5(9+^x1`Oi%4fUax^y+49L;-f}vlIQebf9=rf00IZA~iCGQyB7)5X1LvHN7 z?4#Q2Vd~hkM%&Jw;XSP3?qv<<<^k?u4X1lNyg8h0p{4LE>s0uu7Jkwmt>Gthg4S33 zzEk>CzR*hay4suE*b3^cGw(RM(&Us*6m6H;Iv9N%Ll3+BqdRD%`?N18`>p(rWZ&?F z*UvKiL*Ehnq^=U|Kl~Hs|8*J*9h%Hvb;m+y#?XtM&brUs7smUp528JWGvHA(N3D<1 zZ{G2=wow0ym#8k>2xq*{iO$eU`+Yy-oxV=xd!L9c_cy85RTLRTUnObh?$yc$cA*Da zOl`eW9otPl2K%nMb3pgoxc86$3Amb-*UYmv*0-X8>TSv%>3$zm&k7m~SKhJoo?B;4 zupe%`40~Pq%ei_a@{y;y9U+Av46GcbpYW5)D1Jye=c3XS^ z4}~1NEgxI&OV;$h?6z{gb)UuBcQ~Jg{nfh4*lpgEU#Wb9&D0-J?v~*xwen@?YYh7|9_pkhxPUze01&4H2Z%ySL^g< z|E9U0wDs+q8^Du^F=^QO zuCXO|#y+sd77uCNWo#YaTNN+x6T_7**qDk##dX5;{T=WV-zfYLr(G+YUun}d#QW>} z<MrsBS2bRvGu|rCc&ll@ zreF8yT{Gq?#^imCxh+JTfxR;M(y#p4UZcy-8QsJCk=2Z~CYZ=)tXBV3z~;=o&W5cF zoXTFOJX>Ku+sFR&5}s+?8o^lSz_`={<1*f@?T1mmiQWsKtIQs~7avRPeqDSdVO$1` zwb&!-oM^0B8f%F&R+VS0YT7UA$G>uU4Nj^UllP?`p8*H0;vwnB%GB|a_^)QXMZv_Q z&UmLWp7vDj{X{3eKhJK9+}m;kTw{4JNrQQ^DXcjeD?Z1v`LPmO5P#Z^OvmO({w$*d z#eZLbx31++>wfjo_c7+U!kHsFILTw^V(DGi-e@mD?-_iS>OBwtR;11^iBI&6?Dw~v z`MspEDx9${Z|pA%BYOX3s#)P-LAk~7{u#?u-> zd$P&>67*w=9s&pd$$LqBq8kl98B6PQqbK~}lla^s;d68^y`4T$7Ya?BKtC(IF`XGW{=~`>YN1Odkj=sH< zHT3~>s~??s*W5hjw2n2k^riMhC6kkhOE&wzjh@oyzs@bwvxo4t(E(a}mnjeRAv+Hx zj7&EBpF+o~zq{wY1|I~7k;Wzv$K)O9)lBo=i!RsNsjo9XWzO=aGrjNP>FF-vDYcDa zyQ<9;YYZB>R~;;4Uu*acT@ocWqI_`KzAj`Wf({YfWYUloT2M&wuexCi)p zkl%&KO*b-ZU`01*?c~OeOk3o$8@V=n%E+I|gGaU%ANZBy`x$$#@#ir9JoX5<_rbKK zo#_`jmha-$do{L;_qE=SAiEnKc#Rxk8x&``2^vPw3zF5SV&lC3BjN_iMN!N_e5<;; z@ zd;WF~(S^((U+Y2m*xco=ek14=?a9nzeqRFiCHzT8d(T$s9tHL;c9$3Q?*W=z7QqhO z=DP#4`r2M=9nd;OcQ0svs12Ah`Moahp9JrF&qob1-j>uiN&SFK3?|<8?*C+uxBWNI zju3B4jw^ooYscHR9YpTn&l&L2@rt)irY~a;;mKU_Hu(q|J5#Kn>A#JyW%hjxzw=(C z1YSb^?pM7SWZc9*kdI^xMKXJo@wWfD*tVrwa|++N;%znf!6pWVoO(d2 zj_h%Q)Hs(LZ+luWz}Mb*+mrle#zG%?<82?z1cN`As1*#zOC}gxIjD)aae`Dh1{rTl z&MPSo*ww+r+h%&@0lVRix1A?>SPCChK|62!xia%ye1GM5+Y3*DcVJv4n#{9la-?{h zd&gd`cv~y+wsX;odIw)G8LMtZuPgqo^QrhL$#~l$#vhCfMX;TM*DFJAp6nxU!xQuw zc5Mdlxia)TH9g!Inu%FwiM2gSTlYQ5hlyD$#_qGLe%3OnS=P_9_p*YTSKZ+fil z!ShpMZAo4;I&cuNHostSWN14uYmE0RZCa+s+LmX60U5eWFdRXKz8-dEC@t1j>8U4- z%{rF52j0b=>0Gb(?tw3S(BNlCcMl}E&n`S#=dt_G2xq!`0G~LC_hgI;KSB0cJd*A1 zfnVJD*S~wssV$-V3LZlTKTho7N#^jlo6DydSkqjs zn@kRP)Xr)A&{pCpTUjphlxk%tRw9`4^EwXGF3dd!v3J0|?kjkh_X@eM zfIAHOwmP-PdH0Mp_~sAO_vj3DjWs4PU^6-tJ8bojYwzN{*VQ-o9>l4|72im|Z}Z;m zd@`1aXWhm3P2?!zCnWDHQ2(kap*s||I`=MmYwBAj0>}2^`d5L$^4?cKTjiZ~Z3-s#P}_xfXBnKX0T$g?@NQtXVxj@( zymhRP`t1i9uaW1^I&iP$dx*V0>K|Q-y)?LlZ|3U0f)&tmBCs=OSGIbwU&Oe z-B-XI78V5TdkUi5U2w7I?tl=5DOo{Ebt_E+S4`&N2!GrdU zqHBN;zBBY`WG|tiw*6kkU0F|RuTOb@23Kpre<+w(rrJ8d?ZtN)cM^yu@^f^qBEFQ* zXZc)a1=EJv9+iKb{$M_;XU*@yMZtL=y;@J303A0WG zhZj0<^em#kYGSnD#@ufJUesS%fxYfe$IZ=d9pg0IXsB$*HVjPCOTm z0}g+zf=z>Y(c=2o=zksi9O6CE-0)rnyf>X%LsuaC9v%*HH-U1H4Lv462hn39pTMHJGDdD$ z^Q*Ru`ZDy`0zD=ocN6Tp33j}F`K;@}aW^==F4NrvLzF?+uio$n?U$s=;S0c`b%Tky zgPU(LuZ*-TwQ0E*U2AF|N++*g|+uYX(ynCm$U6$#VwZt;{inj~xDS z`AIs>>=6Qso0IbQz$D!7nFnm8oHK@RzT(j1r}}L)wGa92`T_NfQ|-7{{*Kj-SAH+M z9bW{V)9v^|elz^DJ(&1c+78x^&vo1F3MQVR-I470r{G!n1sW@t9S;*j@Y?Z0$x=2u zzR0apX8PxQ#?Mu%r^_wbBk$4lTXouyFiv=km(ba4YVy$GAm8TPWe z`PlK*>2{o&pJKxs zhc$R@%F)>HYT2t}vEjO(KsKB?W5XK)^V9ApSdCoN**bbFuxlpaWVGS*m(7MJ z?-xqbtLZlU0{X9Zc@G=DS9=@BV#9S8fo!;kKhkaZ1cyJq_ID{Zydeh7u;C4@&@YB; zi~n1rW9l=?oNRddT?Fvlr|A=(>ri{whEKh5kh;NR!~ZiqHIU>}x>NSsdmq72>^Jujv@%ERcRvp~yyNmxCj0%5z$88O!Snw|`X1I($g>+dqtT_#MtVyohrK_By;~OLqIc3_PdX?@#fY zu^ZU$@6&d$_WM$|-L7EbPqaId{r&~=Fc|y&274!7`#n)|l+AvZI`TuLgSFq=S$lpQpTp1=y}VSmY7q9j)5*CRum;zC1hU`E8T+02J_3&o{~_>e z?2{x118w-g+UJ9};rqRN_DLJgok8Ba16w=6o#;cY%v?6S(>^PdaUFgWbI54Jq05kM zxY{124PWZOk(;Xe2NfuY!N-9Nw_ zvElvvR-@b$m_vXPV_rTPs9L;*q)aJHp za;?KcM~Y=ogr0+V3g*y@ggs3pFw&&oSP! zOfAg*nufAF?0a@7w=&>-SFTsAFxU||of@3OeK%D0*|lVozkR`X!zI)SRoo+GA0l+( z0okI+QsODZFY$kpdMg>fsN>lx-XS&|{a?^_bAqJ1T_udt}61iawM z%s<3=)TPe+AGQ*A2Jmkkeu!#J)=ZD^o53$_bU*SXK5)zTY&Lbun0~oSr}4Mpb0a6W zTXyVT^WQpbb_+N%`(DK!Tu-nPjqV(aiFMoxJ|-}iiST?Wf6&J4c@bm1!F_L%jkj=# zgNsrd7h&=fro)rQXOj)CVJ?f{71q)t6n7cTxbSDPCJ@hDJ@Q#6mTuy};PRhX>n6`u z(@!3I+gC8Y&J39|+Pw2ybmju-fK687G{)6k0m_Bw2A+6{XWYWHae3y}T}dDJ6B?K2 zVfxV;SmVw}8+Vs75@;T+DAe<179SZ*+K@ zeW~!qM=qR9jzw(Z{H(NhZQU!+*mqQ<)4wk?jI+>VI163WcDQm_Q`CQk$;A>)yP#vb zp6h~+lcn1xt>cf+l64nGEB8Lv1^uJqHYNq|KY|wa>J~qupfDZ*JRs8i?YDJ&4HWQj|X2VzNbH!_|0r!00$1A?~G%oz~z@M z-`3|2H(tbfPRqdSt*NCuNK`*d^_a>yR}#tJdTKBAF_e#AHq3exTWt2b%()-sqXLWf ze1`1<^w*j-IoQyk4Ok+;qWpjx;gi5P?DQ$r%Er#?yQ%rW|LBH7+4chadtJ)?oV49U zKeq4CKSqi@_XiFr2P>VwrPrxXihd_2v6eZmKo08oe}zpS_dJd0t@8=3=zg73D_)O% zsl>KyXV1S1o^?cV+I!AqpIttA?RWBVQ_n9+m&DfdH_z5}^2tCiH=S*RfIU~qkA@eNa zEMkZDM19!hD|jznVb3=HqPoou)A4~0K-h6tUj^9;3)?3lgc z3A|J6?AOsxnf80NkImlX-OS6x@EKF*jdf1_CdT{)ziTcAFZuLI|0YMHknhNB)X{~; z7e?0fuGtSv>tC?9LMP_UJyON9|A4G>vu48Ql5&J*BQCV5vf7{RWGOY)imqwMS?&JP1IIVV-<>5|z*}z!P6XBd+ z-6zo};L_Af<~jQ7N5*EMzc#qFJHSH;cu&?z9&XwA2L~n&ZMS>VjaPfyokTk~20abG zvm0JhJkp$d!gs3#Pda}YlOGJuN5Dh6>&xP92JiVR69W(~9lC6%mdMfYYgwjy#tgsy zZSNU->YFw{50+=^sqgNt&vWtYQsD=?a=5X8xDvVrp4EA^DEykL8?)Rq25xlE*tgDB z{gP|y_YLx%vD;pMUuP2PV_EJQdxE?3V$iYt1nZ6Td&azQdG*)nPf36E-vy-h-aCZS z+hx0FY?m{3uC^KP8LRZ1%@~60&&nYC)yE+FH!+XnA^TsX-ppWR|Ev!UP4>sr?xH5J{RZml4@UMsE&ODc{X4YI2%w8~1~}s#gWyK8 zzj5l($^JjTmRt6pf&}l|Fki(C4XRpil8}qEFr+>GRVWL!;0Av^y&L z3{p>jMD*!A!k$P`<~@=1f=NChGK4%>F?M>n+xb0p_TC;3n;7tu+HVo)k=+|NXvAFU=(8B|o0ux=Qe; zSRX}8r4QJzsN(->yKn2}y~!HfCFdgJ6^uKbnq$;JDP=5Yy_SSgIxj*TT>Dh^-b`u@ z7wv;(YBQgBUbZ%hqsJ@wTLers7W)W%F6EQCYki5&X@9S=_s&$yQt>>^P53c$!1vLe zeA=7qVjl7ZV@@uF`99Omg;QubdyOlFRs*{~*o^Cyd@J!{Yq~b>K&SEW>sht}ezU@iqn4zuq$F!F?Lidyu z0tlshqrXEc(>m#*;@5@hOAD+K%?1tJs3Xh7;Mkf40^V^yHrZXaDAD(gV{-Wa_(2vH? zi#HxzrFrwLt0b6+mU`&wx9ff77qPbuoT}sI@`LD7R$wJQ2S1oPZnXd7an`ku!b|D4 z@OP4vBdmwB*}`_#MaRPy-bdY>!T7|>J~%X8dj;)|O4pt|IG^}MYT=~YLhTPnkh1`H zT1p3se>UhlK8wDq2DCoA;lmBwJ*>RpvYURrMLu{uU+uJS?1=-wQ&WJSechDv;wip3 zGNf@?lO=Uqvepc;ZemKr+5$!JIiKaDY+fD^J7BC699#u-jvaVX_RV?z{`uSo1T04G z_B4RvoSUyjURr=$E$JuKQFhy)gK`_DhGR!Wd(1k*UoTr&dUM8*eUx zXcK|%iiyehx(B{`n*OA#Sm*CApFg8%GI<&nc^avAc=h`RG4!1BCA#QmJMDk2_UO5R z?fdf~Qua7IM;uUmHe5*`Rkj`W;ydXBVE>dq7_iWVix{&OzN+PWjr|!I4iAXmWGfZJ zXKz{c9F;o|Mo&g~S9KU0$&FC1id~EGyVPTRp1+j;>YTVRC>}w|kC)?BGQW3-atahlxQ)N`^PNbNxBvWU}EmJ95(3nR*9{@bVG(B)y;iaQZ1rJAd!W z%dI?5?@NA?$vaR^a6WSbH_f%=DZ-B~eBX8PP)N?3i-*;`yN3C%X8!QM$tgevgoh|P z!JH44Uxf{g2yeiA<3;fHBHrhFH^04tob;fB{~6u<@ta0%sq>B6ct3kYJMp0^&_Q+N z)#`6&X#A`l_*7*+@*@4Gz841eE&_daQSGu?M%e7WNOF_$o=@TA(|?tE5e z!ISSDJ0~|CM}qwY@@LcgS)8Sxz5ku1AHjkD;llB;Z0+C5(jGW|=EC9W=YlN#-26u7 zeo}Io(LY_#eIIh2a(7Rt|4v`&r}fm3OL@-tha3IeV?xfC_y&HF9(3=?E3@)?_L3VQ z84p5Bul_SWB6K(Yo%7D*9Pj+fc_%%03;U5M_`KFy$GCrk51^VCNgn_{#%}&tXa1=_ z*s;LLL(k`beD*8JmFZA^XPNU|IZMjx3}>iOX3i?2ql(Tue)~5+=6;63#KXQry_-IN zK6#d>l4m&)TAk2j?$ty0DbG@|9O=FY^=rxp+_@asA^p~cZd1-}NPBJgo!_9F z(W9!(*f$5+M@P%fwRCbX9=2|>YH(3o{`K?8Aud7ou}_go`hovrrF_E2(%B2hnF^sR zlq==-r#w5=u1NNY+*;H|H+_y;cVXEF(ZlMqnm!ltUN!mzdMSrjIZfiJT5^0V=rfMq z?&e+9r7dfi)~g&5vt~i}MAQd!SOkuwd$Z}xxy~ek|=r6xu#2 zV;bEV14q6oR#P+lX!Iw~wU(A#R10VDtDC=6#s6KvW6l@BA1*u{L%LxBTv@;2kb zo9G6;y1<OQ+w^&h!oKI_TTjP%rJEnV}v0 zXlQqWb=3^|cGvKMhA)_Vmvx_op`B|_L_cbXz`IS&Q3u}+e+u8PKh9j?PZ!@k{GW@? zkMg`Pl$zUN_Nl>zOJ^T+Zmz^OqB8?7ZP9&CYb@Cue-K?7Ozh|X=YUsxm?l3?_ypbu zfj51vB3OqSxBKXM1J{zD;J2Z!C8x5^KOSqzaaRs*E%}=d3~ep>pR~)hmh=Z*J9RHeJS3ZWOzwAXzZbV-%DNe9BURx$@Sx@w@jxwZ6-KfT(nsjss%3oKuc za*LF6yusZ^t_>!dfLZrmhWTDN(YiY@3}1U0?|Ju|dA442TZW8=EO;irDe#D`LnOaJ z_^NvabE@Mx?{q(m?ChbBPTpOH%J0hboUCy2{3xIg3r7UlV`R-sA}{y?Az+-}k2#1n@{jm_Xz&?)egjD!MNu=FqH+T1G)&rAAuE zO8g()`x{$!@oZ?-Aw8_N`YwLp?(~jU-qGHVi^l?j(y8mr zT>%}jJZq-0Up2_g3S>re7A>)f!dI(PyV}6I)`nFyZ3cH;b8LQ$0!O6sgr+}Jzn8JE zPt=XP z#J5<9Le@+R3m)IxJ;O?LZ-tifd+?KWZ$}wpsPFg;x6iGo8r&eyCjTD)p}^;RGd3OD z_ZIb*+dCP4j}_7m;)UY?($_weIl;8!)h zf5Qud$txEOrTsAc+JWIL`j-8WA7JJMoifgA^gy^y5?rHc>%bq| zWhFKXKELxDIMI6B(4i1Iplfs%LVE~`37H)E)zAdkH1@x6rZ$#8aBhlsc+V|{S2=bd zO8?k_yJ_d@5cxtbo|~BC(X5-wGUXAOb<^KAm*A0`jxLwr^Xw@OX6MsW;6vB( zJG#omp5|G}eWU_-NHIIDDI8ySznk+Q{V;!|y&l&cx7yb^-1r&RHJ|2On7yu%PB!OE z8Q0|hNe=kl1w1;#FynsK21^)Q`+$NC-4mH&yT;GQ#@n{o?mG{i%vR=%=eBX!e5+RZ!>Jna7_vN4SmiJlp-_dT-^dSKHg;X5C91 z>ifi@tODr8+C}#e3YRV1Q)teePqz~0PGQL_dQHBDd>O4rC9j$A@A_T$?K5%fjB_^e zIP{J75IKjyycQFm@27Da`daaPt&gPFuvHJ5II7W8RzhozOk*#9&yEFU!?nf*Zfd6X zkLB`{*$?EoXdya%d$FzC%sxgz@XmN4@seQ<9EHI|fba5~YEt884aG$ z+4eoL6UYhG{l822Jekjvdp{(5i4IiUDbrkhf41jh5J^g{9id|It^NBU-f9tnT~)?xz3q-aVEWz>zwHwCK&! z+5;o4;&Nh&TX!s+GQKHbSz|6~*vXg$8!g|YXC_;dpPo#9vh|%w zO)>hF?evaip0!VEa_#DXXMdQ~ROZ;+0ndg_Zfec;Y;KNcH%@L^fS;KWmPcrp4bI=^ z=yS}JrUhAH$^0xOKGZq#z)SOd9nnR;4z25A+bzXoQ|w6OA^gLK@$njc9WSl*bwoP( z|1s>OW!<1N>(%gabP;u~cLw=w*bO?9@G*W<{3hVTK0apW&=ioD5YV{*<{96`SPw83 z-#0k>r)vL~a@y^p%>(FpXx)7~YeHz(eV3JpKTew``SbQWoOOh^-%UK*;r+)9)&$-_`W{JZ)Y~>vvRIzxbM} zHa^t;IEw}yUuX!Ckn zzx1Dihb25;ID)A3uy^Xh^9{*(HxqTgz#-|0@j zGwAnS+VrLMn~vX^JfAbL-)q$`Jlj2!zUSaa--Qo-JNvk`+!sSU^7R?ipTRGEZ8dcc zR|ONVR^o5Z!(R^t6K||#4N-#+xrnxYALn6wi755?U!wL1cSr7A?(=QtOk^Tl>`RQX z#^B-?{-p<*=l?NC2O-@dJ*M|#)(Jg7^qu&Z*Le3e z|B2Ifa~|=B{-WL=Sw%Z<_l@4Xi?zXzSSw7;8{YGZZ{%NI;k{SwzE!LU;$p6w!;WGRk-ZS?ilvo{Qs;SXAaaLdq z{xh~s_+_ou@pZ?>sm(8G6DtjNn0k(r$QNOZkmvd1dR_t_u@-!F-u#Z2O5w!{c#yqX zoo9TlB-qh2f%_Csw#MFnaN?{t{3q`C;?(_{tGO@eHU9^uh55g3$|IXs`9|)zjNkK4 z4c_@D|L`5tru=gA<0l92tn+>4EuC$=q3BziNAla0!}AZm?4LUAkUxLNl(T-Z`8J<# z$NZw(Hs3b+mz%HSvzE_W-kX2$7M|5w!*<+O6xw`|^_91tEV_O3mx}&n^Ao)Py02)5 z_~U%WD*%pi#xLi$fc`JKb@R%i4V!mC`zJp1FPnEk!yiJ+0PvOjM(o%Dz3zv0xA{i( zEc6xrr5l`e`$tUU+0MX+Hf$EHmCLoBb$wY@{69&@k8kY|yKqJ{E`H|vRaK^X-YV-t>>$Q8D$v=1ai+ zEB#|ItP z%^k_~~O;GPVUCCW8mf|Df>X@6S<5;wXO|cUW(otGg-X zKiK|sf2|(Pa|H8q`?v8l;@38gMwmI_!~Ixz(Y@(n7f&q z#_8S&O(*#}dP;m9n%^rfy|)aTUCwv(+K5-S4x8P*$x6JkNq%Ku$HtqwH!Sc4>a@Ry ztS@8_XoPBb?C?*ZPQ!#*+Fu%`c`UJMq&-Fxx5R%56a{DRb90qT;WZ!cEOG9MWe%d} z^*_aT;Jb1L(IalWD8)Zn?l}k2*O{8XA^vzkbFE{pGd*+Nitkf7rhR829RufC!aPIFvy*w2IP;um&vT>ZSpwYnk}31VH!<^^ zmpacG%rmwMdciC3oXLxIVq+Oqj*UQ{qi09;onI2i@(IDogJC+ezTJYDm$D`FK>*-#Dpy3 zKIFXzzU{lAz#9+xp6>?p`zY&%n4?4b?N)!y*?xP_|C@IV_FL^Z(1rbRpl=Pg-dH$g zLbf>2erv;&Y;mCdR_m0e4a_S;TxP%Zvnko)GW)HkbF_=)c=jG~nQY?)&dd(WX*r&q zcV^SRY<*suqusSX^S=r}4?yT%MJ157pi*xk(iLC8*TmO)?-EQla zvzk_B=H1=a-8uTaKgYA5pOq~xy4!l=tZceqw>4&J_Gjl!ZCaT**1FreHb=X4Q?tdA zcU!Gfv%~rH)TVve#v5~X_Gg!#oqfC;&(1!FdvZK`I!B-Ho!zt{8=U8rX2<8{rP=5H z)zWOS`Q27?Y4$nnFU>yp-qLI`y_*$O_Gjmn<(NZRb~tY=%MRx~Ioj>Z(XO{Fn@sPv zMwVwEZ*F;ZIIqpo?v5Po9xTs}m#53K>6hKsD>c{*@7I;uC2&U_Zus+)AlUz@j%WLG^!eWv+37y+ob1mo zI48Soe)^p3b6A(-**)iE$4mP;+3B!9$FtZu*>N`P-0aULpPPLS7w2eqZH{MOJvaOO z?l?F5{91E7dn8AnPv@9JFK}kl^A~&|2W>x)5zdtOP9=9+a(+X5HRe1F@s22aN5p#W zaAWw%^Pj|al&cmY<`YyMb?K>|6s}x% z;cFIg6xKW1&(L#XoK62xL#@q{i~H}0(04oL(SJvTpF1M*xg&xYlk(l;iY=|+&l#IM zkO#lWI?`G1CgCQY(6js$Ctpo#*2>hq2f>iwZo5qFS|;Rfr@brXg7qvVjsYAC!9mY1 z_Q)Opu7?Dl&)gF+ncTA2L%h3_-*`{?D-q6;PCm&wTiVI*wE=UN!WTZt+0qK)Od)^r ze4oxveS8mVZsChDl}o0aVe51|=QwtdI7Bq>fZ`;dRQu`RmpwGy>oAXYeZ<|)1~+Oi zm<>%Tp-Cw;sj}&3V1ftSyc+G}HbX0yPUh~0(qLl2RnUq#YrfiVyu=4B`0mNWNx}Wi zqmsFKSEl2B7i-@#d{5O1*Jr@wko#xrjHRhVKALs2bB?#G*h-9aaG*2jH#1MW#vr^% z+{E1XK%7?R(em8)CI%C0cu!|^6{n1p0H^9}J2|ooH1-Lxa^J{}3;7)3qn1P=@W4-J(%!@>c`sh5wR}O(*I8>TK5cT5!L#qv$NwG(3D)w%6I=Qi(JAu!{8Pen=Jtrtx8-aOAHwYhl zGSo!~@O&_J5uTqy%$0c@ZtTBTCuK}k zgJ|`XLm%aei(bS4n__-wNqk3JdG{(Saq%b6DOJof#Ci8>k4!GI5~adHHT<`T z=Ox@-Q)4C0?m)E4A18qFXC;R?ePJq}123U-0uRyvgF;BII262+ZUA7Ur^* zzC8B`{8q6(@NlkZs{SSppWQcU_-qr)7k-puiTvu^zvih}zs|zwoQ%OA_)`2dauB+# z@pW|ZUI*icD;VoOE1^31vH>vzN9KD3Oy9x-u*D{s8VH&15fD7n8PB;#Aoe1)2VT6W zAr|E`dQn5(&fZSD~O?!nw6 zAh^r8M<6zlPwo-875tc3Fk`y+2-Gp=FGOd-CcNZZ1}}rTMqdEV}c%o6;Wahev_%H9@$@rP%GT^DJa4d3p&64bLIUn9lm&>^>KO>hvqHQj@ zTsjE3^v=U8m%hKUT#j((;gQSj(^BQKn>wmF<#K-iodd31R*80!%Z+&reYfW|xN?~{ z1i3uO_(zhljZm`SVGRO!EF+=`tA_c|f+(%gaNO$rAiFY-Ph@M<(&( z(rx9Zf98?NTH97G;Wxo3TlpK>=90++;%RJ8E?eoHhgT*~W1PNF>e?rhtt=U=tz_Ni zwUtxdd3a>w7Melm7}ALzu4sZYqvaX`{VNc zwazo=g-2T*TH9xni^a6TfA2Wlcr|C(t|G^2xT(#NYPY#Nd?sTpwGv(EiYPwfOZa$) zo>lWi{SE4_vtwfdPT#XO1D3}OGZJlzFGlq1^L$ry@Uu8_Q1_tjY zM|ds$hTy05d~UQ7pU!h+mG>g#Z=5PQxr=9w_<&Ymqp2~l3HY|)oA(W~eOBI`L#}|) zBU^Yc-Dl;w$?uWR`Zn}jiwyGKNcCMxU)$+_4ewOg&&&_mikIqL`|hjQ>)40au@7(a`8Gal4=}uw*HFm# z*K+Tz&cB&6t-u+<*Hz5qkJI7FD88!lm5LdUJlWWs;j>MA!mVd8Z}@Ea*s9GH3psaF zP2~F|;O1Pj&gRF+AzjJ&WX(Zsd1lVL$6lsy%>h4Hc?$YnIRHABSU^3!a$kR~w@iH7 zLQNX2wfibl@7`9P+E3IEyx%>+jyL$q+qQ&5=;?ebxu$ver#AmZ;DavKl~LY*@~Vr7EWU8mi|nCbBT z4p>FAKb}s%Rrt&B)M|eFYssBp(0I`~M=y7`Ts2VczCeHJa`!nGx5(Xp(Pl7m_ciXv zHS0-WlibaHHHX}-b$n9Z{Y=f#%iRam_Yvf-1i2Ia2gu!8$0wEC;gjw~?pE<$irmR3 z#s4(ApY^G1fw6s@UD?3cuFSpd(B73fOT5*CFY1-KEqM*cP3F)6alwzDd%R`tp+U&p z3mpSxF1q)~GWS!}>KLNTH8W;5nX_D(gP(3pm$^_*Ten}ap@5J4F4c-kw{?}NwoWkQ zl(`iiTXzusBU=}>ZQXq}9+?Z-w(d6iOUhgcdaZ_faxQL>x%X%@7@2F)9)x2PC3DMO z$su#|9Dfs;qx#(7Y~2jzaJy~mu2A1Yl{xazv32Lm)+sKyZb}pmLb*9=m zpUW2>J9ok$WbTjW4oc=yV0G!|sqngXuH-cOm7Rm1By--JI-O6iKRc~1Vx@A< zhqWE{`4k+e*dn*m2@iQSm)C{Bw*K#y3`uGWmcPs9utt=ieWH&sHn?T-}*z zeCGalQ_d1FpDtj=H%{UyS;N@)RK%b0om%{7a8CaW&Ya+%<0H1runx3VPHInFhs@v? z1*oZ{+{|*P{?9tc_mOXfT#RMCn0z+b$#ry}$v<)1aW3qtbC_Qj^HyxX#eYrjKY|m* z_PsEQ@AhK<VK9tb#1?z?c7 zRXSL(ZeXs*Qj_|t6QL*LdG|29{OPX4RNwO<=HWe)+t=xbPfz5|W`C1nz|wVIoQm#d zpN9Lk%|1;fI*K!9t(-S&^-qNM6MJKCYJWlJ_q11La4|f1=K{a=pw=y!a5=@1 z!TuVhRn)W0Gx(Ig;GB)wi_=<2Yl1lQicRD<@D_0Q+nl{pll#mZ-(7@Vh5yQO?aT2z z%)8o`TTdHHWqV1<*H;K6&5{U4(*Eo!QH>-MJ9-{9SJUJZ9z z$(YG#V3NFSfLEmpV$d&+%$v12vKueuyN9=ah3u(*b0+>+?&$V@-tDj9t~ixsH75`9 z9J^EdG@29N4J5M~I zoR#pC(DrdF5q&J3R@D4gjP7}!zsU2bU>~+a=i?(i@WAW*-{b5pQ+qtT%h_A5^#QN{ zfNGij!~6L8yL7IKdt>ll1Fn95*h<_X9OBP*J#6Q)gdeaH8~H8#B)ahd&P&i%&jf?s zlke}IcMreI*nQ-%Y$qq=AuDl{+wP%Y!cUICfOecEk8zef%sKKH=gG}I_nlT^mD{c} zn7ER5G5Jr7Z~M(Y?oZ`?&Xco_NJL%_CdS3z-_-S(4U670us!a?+)8-2)W@ANd`|Zz zN;P+dA>y7q!D)9jeb8P*?*S)=kcBsca!}x zd&L?TSd34#-G6|)b=$jm?*r<)it($+quN5hCG**9=996^zUX$o-`5{|`;+v!`j>VcdcD{Ah9n|PF^W4guw}|hYd*}T{^{xIZ>RY2@_`AHmSHH;+{gLo)!2LN^+xukdw~18 zhO&0ffnK?g*rEQWEw^TOlgqZSD6nyw4qhbAC=^bgvyTo3?dfV3*D`c2+pL9X#I^Oxzn-Jc$=n7c~wX%KM80hic&oFD2-C z)pdP>{?t~v9Lh-x6ph%34ksUuw$-!&zq-FEK7r2~yRBOzQE+!H17_L@=4%`{%sIi~ zb{`(P>~>=x8vo|v%ycoenrrB@+V1lb`qbGr^)DX%26zzdw09P+@ll_Hc{faMH~cye zIK{7(e2QPIYFg82KUY#;G{yJukIv+KByp46qkrBSvhQ)ld)a-D z8^CwE@9{-`Gjn?Y9ZK5)KE&JL?;Yg&T|WEzeUEG0b`P=lkf~i3-{W$(T_-g&4q5xqubE|_aQsf{@~sE6u)E6 zaP|y?gYrAZK$~OoI|>}XgE``NG;rSj&5|sB$B%(kJb0R9XAQC`-IMBfGz`)2NXnM% z+Z5OD@Q*%je#bY3=UVVATCx}Ozu|W*hR?J49iIiBjD82aFl4_&ZI9CL2s&^i{SNxb z=65W2{f;!cr28Ee^m(4Ei}5>FfQRGecfha4@9^+xy5CXA_~O$qk5BPC8e-5MzoS8X z5JRU(?qbW3HLu-rWnF#;vYzgDTuz_H@9^lPQ^?gGluq*a9o>gKIw^RR+AsZ6zt54>H;&JtdNe6=aI8K@0Y1mFk2c_QG<1VIe2#|W;d9*n zANU+;e3tHWG^w^uCfdp8&_408_#DdnV_x_i{e0u_i_1Tme2y=wrVG6H%aedjJ_mgA zHAfcq>Noiu{B~8k&r$i;_c<>3OLm{*D)61|b1dRF*XLMI+rj!A^WAp%9FJvcm&NCp z;kLu)82|2(eUAH)p~1#GdJ+SD4ofnaE#9#{ufz2@rc@77zCH1dw_ftd_ZECItt+8>lb^Zh>774WEX9tQXv>o4lS=Qv;S4zvGyzBTjqfj&ns`L_x3Z&@4jSvQ~krC|qJ zsVR6LbIay)bgE{_!HYUle2y)79oc-2T4Ej5z-V{@ef~By9gNS>i65cbLjz(Rqa2@u zIpTA4u$MMgcHfP6XpQcTcWeS)js5;O;LhxKbPUn&xWl`yPWl~{$ItIrDO^7bu0>Dc zBL5qH$1Kq&OT0t%XfpX7;)kL79j5J3`Wr#Iel z33xbKzas?C>MY%Wcn3TyzayPjO?~(({COwl@yb-2S8L!^Pt2nu2L16pI>ZYxbc?~+ zE~ySz84b2{-m zs5SL1be35{?m>cW3VYhOZQsqD0 z?^vz5WTG2>htbu?xeLj5(%mlprhvZz`5Em0 z9&XHIpT7T|%@+2I$}H>6Tb+21Vm8VHcy@~J$F+78oD{rMF>-@qF*m?@t{dj^7EcTOE{Tu9D=y+__gtyFvO-M(i@dQN*b+TV+#3(Oo#wV!uQ zuN(VRj)ZH+O-!zoIhHVQ?xWMWSG}wD;sN2;@Ca}O=v#KYncA#6Q@$;_Nf{lE;_>kK%&{9_Xa=+c!J#JTG{lwdnIR-s!6p9RlP(_-660-peEAtTX&(d}xp|KJ?J|z-jKq)A-7Z`KHE} zJh-|8I(q4>cW%-<$cp4gHAFMv=(qYExEvna>C)64&)6CIy3VB`FiW1)|CjX}d=_R; z>~Q0PHt1?{MZ9@K;pxPjXIRPuNa{1mli6Fw-gnIr{ZFAz_o=<>IP=}?|1NhmBS+*A zHT(ZCx24lMpu58l!FSEdDdL&rOnCb&^j9ofx&EqGt$Z10-#$5(-gEP}!pMm?M@YJ@ zHS{TS4^XCduFn1W57D{ErME42w*Z6nCU`REcvW{(zljG&pf?s$4|OO zPUVRQ!prarYLNXU>2!ATN@{twf_LhiS~J!7LUr)e@cvpe8!v$FOPKdE{;D70-cstC zEVUBhMciMkvlUC3hxR#m9wSG1!bP0H3tik_YewI<604$S<_7BYYQH=_k+u9J_Q+N- z&(&5UzJ||6{+zL60qa5Smpf-(QuN5)iT1v5c&lp7r0&@ZhHK{8wPw70ZS>Enx!b93 zO!q2uIWUwn|L(_t>v3RulE2bCQ)ec;4E#J9WS%yxrlv!PbEtJr-p%v;UQ*Dc+6dqO z60w*{aMoFn%(d#Owh|Bg06ivLau008Pu~4%`s}379@^H9FlSshscjW_t;Y6;{0F{I zo4&PHVk$UE(!tMJt9j6YyKJ-7mw3jlW5Rf*zRbK}Vz=m{xiZf<^S#8!Jo#Q$VCNGe zQ*U_V1@p()c#}+|4rXu-T?ojPi|2;X60qsKQFz=*&HWyg$Mm zyDGo~x+F4(Kk%e_I$`wBb?$rU)SvJkaz?HMIY@JWlXHg_XTZ(_7Yj7@M%{JojJ?(w zdpkKv$X;^nVk>dA+b44Oy2h3)qr+9(#*FQ^Yui-2@1dIyX>5EJGj@qR_9OT$iy2$% z6Y0BdVA2}6oS6Lx?K2fJuKWq|CzLzvo-fgFpT!rEpCg+mI$pjI*`lqn8}yU+KVLgo z!T7qLR60%X+=qQg(wuV|@(sd`9-4Q;Lu(!WBj)(YbedxWW_q%m#Qf2PHgog>>0sNS{J{M=G>*Kd^l2X^lA2fJMsq4dh3x$(O zq75=Zp9S=%x;}>(Uv^UK6yakzc=4|Bl*6CQ-KNbEbGLa%vB9+b;5TFW{eHUg_(qKZ z|KKnsce~Pab^v;KWhS}4OskvoyW?0lXX{7o+(_@Z;xCt04d5yQew9n*<7r4L({T(?3eot4nKRWel;*tgl(TX36V@9F!o(YAk~oKD8x8OKj4_gP=Id|RLM zu3b}XlAk*F*ds68$vgvWm8qLk3k)kP@|O621%4E@yjuKz{HVL|VkGZ<0nmS#=L6xIJCEJUv#8vzjMh>`|nS zyP95bY5`!Ibcc8t{Tm6T-q-D&hZp~+FixL8wZ?gTDdVi?51p-dJMmGJ1FqbBaLoC6 zyKavD7fkUb!Nin?mF+FsXD1f*;xOk-70+7O{~GZk@bPYQsHj(G)=ga;^k|!ZY;SXD zY_GR24!k!(eXbDAXwzC-JZsPD;#ns4&+lh`6dxD;)2jOTz_#4+r{zBx{D6;u&X3gO zvDZJoeH-t+4Ssaazd2Ogt9Z5X2@M>X>*AQc6-NNJ*3~t$m~-a3IKU&ln#?(>9beyC zySSb^Hu+mz-?9`KwvVrWOZ2JW-IBDrIJB29-Ze9rc$9i0t#>V+)u!>t!>eTi`g!jXJ=>8*Pi^B4Rkf7IXwdD0p0!PLb` z?_aRDLMP@uOEgQK_17E=858-wmGLxw^h9V&T^zlCC*%J$fMyp8I0<-1)3r+}=`)%!S6c zugV~EW{o7;&ah?f5Vb@kuWcHO9F${{IrgWKwR&WZJO)15rxtIg%iKQ3{N+$&E<^uD z*FYoY&0leSCYigR@r17vT$$tjyV7N@a)`E$b$YY^F2~l5>ve72opsq|?%#I|l(~Q7 zH&^Bk(KeUN6(57lUBftil}EO9;z!8<{Fl|%k?Y@~8gOU%y|!*l`=UR(GB+m8))isv ziii)`d#i2OEyXCGh8CLp&QXrs`Ny{JsT|wx%H8KHUAenrkoNA1-kHE)+qfY86pP{RJTSCYkch|kD`KQ^sbh*oy z+;v{fJsFI}9_%s69s4ta8M*6d_4CO-O(t8{O?{am$z6v21$!$rV&3SUvF(}U?g_>d zUCTsQ**e~r+uS8YtT%- z`B7r3{sWV#>rr+(^C__Kz3^$Pti*S&bJqUYO5KGN#+Us*eJbC*OTV%9kPqGBjH4Pf zuhK?mb2P45tM1~SAogOq@mak!Xf8{uLDTRDc=|5h!9NM)s6n%tbFzb}LDMorxmm^S zszFnyzVXeP{bOu-DYeHjHE8e~OFQ0yT6E}Dbz`cL>%?2t2E9R?r8#0?s1+duXzbiDjp_&!X$QFt}+V$FL3 z^PWg=#m6*mlZwGZ|Cg1#m&YU z&nQ+dI4VaPU2E#he1+eJAZJM&3`Wi(z@l-7Drf)sg@JPR8~RL_v&WoqBxl8gl(QSt zYR+tZK8KunYR)_||LEncNqrwd&Pts8tE@F=Bxmvmxet_Bb*h}1oNwvnE8AN;`Ru%s zHK}qTirae_+m$iJ7DNwM#%kd;-nDbST^Z{fQ-9oK44F@N07_G*s?9eIkEM|=BdWaFQ3aHW1bo_F9(la#@f|4GM22Tb~Luktucd) zDTYQZgqf}_lO86I#l%hn4cD2weal9H!y=16;yktf17#;!iR(RbmTt>#rS6G*G?VA( z$XP5~otdH7vP$~))|nZqocRk<>_#qIcGqJ^ma}Trd-2+`>%F$@w@0*P=fQJ*X)w9A z?2ZwRoWVD;WnTZXrE^mImQ&Jdbl|%kZY-dtVqTMSIkfi>6|OyYU2$RM=|u4#CabP` z@wy9Jw_69wvA+@gk59b&K6JdMejj^eW6;5>8>jfK>M7`6>Tt2*pw#Km-h8cf;CsM8 zEV{E!_<*+i&=TcHf=F910zOWA8_}ci@o=EmKF1GwdF?ym8B(?`vQ75^6Ns zIRt9o9D2dQ<-m3~zu)K7a_Mg)m~V2%&egW%y@74B#iGl|q0(KWE2$k60UzaK9(gX7 zud}QLb*g7G;0%L5n3x0&TPv5f2Xt58Ve5ulSsTiy3iE6#&zgDWjZI`?9P(x>$Qev@StM*uG(2&o=Bh zxEQB>#pV+B%HWHD6Z8Hav8tpkb%px2 zZr(e$B_zJuJU6t4{Vsg-$aE`#UH@?@V`&dIonIpCfeDw|6Fl6w7+>&e@~`Z=p4tz} z)Mmct{?GI_iucCx&2^4AR$~$S=5r~Zz-Mx2ea`n9+rDVeUGZJbH#rB^Ma}*#b6Y#D z0~ggRKkAzLm~(Hb`99O$gI&HMpJg zvA9<`TmiSf3jX<7S#Xogb0O~_eV&5%Co}E+>2#dBKK2OFF+*FEXM`U=f*LOF9^s z&AB5_-><4oG4D#Z!1smz?E8K2pWzcDAAaDW-;4N7YZG&i2k?$279*Js)2Co5pg-;R z#qYKGxvM0Yh?aWj?CQXO#7_Wj(WuO4^9M1@-m(ICmwEQ^CwwfyP8?CTM`f1n6AO-6 zws*Vhy5v6B5M=xN4lX3y!-go^HzN~SWIG9?=rc&!PHFSMDciw@|5e#endgyYd(VfH zvYpb-mF;5D@fc-$GIyN}Mz;M!knKOK)`nNMu`L7c=<%Zm;giA0_Q}MJQe>O{B-?M@ zlUugGM?HbT$o93=>N=uqXR+H80)v!o{|VS_Yer@1Mbe{9DBk z!SxQk>$T%??06g-9>r!h`=2#7T>jky6Ua-;Y{Qdq4wUmH*zm>F89Tw`jy{L(bZmG^ zn^ZYZZIiU&*l%;j2K#O95o3O_8tk@ow7xI#*l^}%aKJpx9I)ZmaQtFy_?J(Xf175* z6{oJ?6n4KK!q`?2BJZezJmc*;DJaz0NsJawLe_ZQ?s zX2Opv=ckCjGqg3ip%Wb&j(;IKq}Xs|PyNe=pZ!7Poc~>TQ*1bWM4WdEB(vCO;nvvj z!Ynr2)AxI-D>4Bau6Eemj5Zu!AVtm{d#~S8Y&h_qLEI|BbCa_}pRNt>-EQ<9v32pT zZO09rvEdeXwylz!1Gi}8@`thKUK>vTpGTJ+QO>j2@YD1EZ_D}R-9wY}(~*z=KgjtX z{twIf2jXQo*#vrpGE8}Ma~_2{{FVya{eo7 zk_|@AzlbjD3*}>PPs84xPCO;QskIY(i!FU0TdKXVF6>p^oSWEJ-41na>{Y;m*(9kmD@R?Tm$ zD@@)QwqEw=^PKrpj;-$RjMFBLeRuV8fm4fA=LItH%6ww#ChmZ(lU_gE_!(^Nr-`xT z8(XWmc^7+x8duN1P2CZF?*bm>%Z$cv?^?px@&N=JzDES#!@c88F{FZFb`0sUKie^+ zK)!XsN0?J4c=mE8(OJ7cl?fi@wQ8JhaA0y*(cL|)J9;Xt#7_U%-XL+LAiBFPG?w*p zG4}S#Ugco1pJvW*1e`lmH@BrUmhbr)AoO%4Ia_@87$Q|46AJ=>9IBRU% z+v8^4iyi+ycHAm}UZd~>bjAewws79W^38ijxxzYgXkuN&K9o7uKV=s4NT)D;t z?j}=H64+#0U4Aladf;;T;!NFJGn%<#`{DUJ-uvt`GyKr{{xPp}=Ip)JdY)%Jzt*#!^{mpO{uYkG z_z8R;1x)6wZm3<#@{?=3kr+pN%W%$i&E?G9Tt1KD^Qc{akl&bwx6lVkxTOB#$Lowg zpH^OJl#jKyBv?Q2Hpy^*WcW~I_%LL+e``K{ys1a6yF(SrjQh;;YfVg)8phd?#766y zr{>`golnWbciB3fN&3Q+MZ}vjN0MW{A~k7U`q%8CE9P?x@z7M)L#&HAL!y|^Dax@H zzM88{ZNsve1FSsoyuB{fwXx+`YNObD3gK;Y?gqJ1jbZsJ1!(K$ehjgb8u}~po|!A? zw$6T^nreiM7}KNFqdvhA4iPoI8#4VF)|ZZ3AI_PIxg^_cuKlQ z`zhjm#WU=Dtnt?m%r$({X7kH;FMkjEUUMSSM$OC2h8sZ@IH|1t2a=uYG2k@i>t4%0ys54(Kt$U4G~&jMcTZU>#GxATfZxU zXK(AP%UJs)@x0^HE$jB*@A}zEee=8SRXrQ&-Mv^}-Jv$fUa-D8Dj|*{Jp!KuaTIj8 zbcTM5udjYYE#ipZMSqH;tP>q3pfk`}&c=q)xq2aXGX1F);@u3Vrr$=deBbxNWr-q{gX$p<@mk7)+jSrvvUW+O!l>mAH+MZ z&6{b%THUPaw-T$@zLz;OJ>A<`#OA(<|8Z&Pet3^%V!a{@Xrxy{NLhF zC$&i(ncPOOWQIuZdZl{yJj@xZ5R3zXF{!_mhX;NXdmv>PbWSlRy-pwPOT4bB3$aU$ z7cH&t@13HYA^k4h>}vD-=N`$eZ{co+^zoYq^S)1mQ9HC}bvSL*r-^5W;L33aWfELl zLid4(;gXMHU;-A-VRyJW__^+~9O=)&BIf8w#?zT|y}Q2YqKWI5982!G*L9unV83x@ z+B-%2jY(tY>>f{+{=#FcuccMyWqQWWOF|p7zd51|>m7o1gb%CuNj|(eSB@;1dkx%N zV!!JT^6sBl1{(|7+yYMaYfBlfMe0;phd^w%= z+1vf|RbjeGmeiN_MN}ifKa>CdU4NQQO(^jhe~~<^^x&>yzJIIg+NwsL&b)Nb;d@Aa zOm5XYp7CCW^_%WK_&j45?q;01(5=6BzveePoBt>C$67}@ggT$1Jh+VRntO~hpc7IZ z&%XzmzZ&_D-6MkjFtp;lOGhSlkH`n?c|!M0``=^i{Ucdq>QTm4j8JPWotHOopnK)V zNtxz7QJfmlK(gt+)Pf=XlU8Vb9~Kn_)Y!h z>KaM|vFF`9GkKF^nK#xas)1Z+f<_DZTugj5pYGDy<8;@Kx&01fY7bXyvFzo1F5zs@ z6<$g5TA0;PdU$}hEg{b@qQ~6a524>Z>A{iwh~flbx`IFSuykH0y1?j1cmkSoKeatC z#Q#O~|Ck|})y3t&yTU6Ko9ua(Vf;V5TuVZJhx9<6Hp*u+w52WigS%>=gSkgyDEN>+ zsJ%avKM0+=(N{V6@CDUa0k`5%*4wQ8GW%WdNFw{ z&EF%`fsE*Y#v$Z@9n@Ncf2pxl%EG_h@Ml~Hh~LFS-SCX=g;%btv4ik&paT{|Z^`03 zo_F&1V}0_T(E;3n^+2lQxwDaj2P<{JL!+z?crZZ+*t6K&rDgO(SO+v5OYL}S!0BE~ z=_8{9fI~bj7=1l(5cw?j%!=g?VMVk`I^0Z(-|a{iY&Fy{dqd0xj| zR@1!F*_s#nR$Z$B@K-m_j2?i`j2>vA@2jEVYCf;yliXLupiXn`;E@i-l%CZ&`vST{ zdMUS-cW>kKc67o9uQXozRO0~u$C-2O9qG=5!VRLix7x&XfZ52xxH8=JZXEPYKlIJ^ z@eRzW51ahH;&&M1L66Ud(rV%^gFiX=wlS%}t2YtD&^o_Hx|Mup{cTJi#a)uaIWO@m z!_(_po|vN8R+0=kz4ZK-bhaaU-a`$w-Y!pTlW40{Wq&6q8ZC z8@((4H#eHS8P!8US1C@S7zuO2xlQ%99-VEj65 zhw}MNK8N{u*5NbMGTsxyO>@xXukU}KCN?&-q4YWEf7X>lZX;QJ^;e0L-A#PV)R}?y zi}|}7J-G>;Iclme=SGKF`frV&x&M=u_ZaPE^NlVRtl)etxaQ}9yQP=-t399U+5;~O z#&s>fwsZYtFxT<1a(_%7tD@hgRM%7Z^M1d+UR>AmRMmcKU+81Md9UmKV_d)gXW`|} z(<-!Cup_x&(c^0Bl16l4%c!nwlXw7KcR9Ll3G>VSIk|;i>0xM294&|)tNujy3g()a zv21>}iMtlbF_VAvPIyH;*}a7OrM%P*>CH%e4tSx(V~utN^TPMtzu&VKpXgq5r!P65 zt6W_co-O0O!hFVPVT{Ist(k}XG1>+-AO2Rx+0Hmc#?d?5;m0EUXzsgSnDT2-sNTZ^ zJV%!Hpqq5hhGaNCuTF;l@> z@Dp}Q?{|}FFY#!nOWfN+=w4D zh%w}EuHw!i>5e?SYR024)eC<;=XSERH+p2=>67Zy-l_6QpJC5^ilz&>dz5k@b?Wa$YKN_|-4-rQjmC$!T+6hM9-zhs3uH&LQ1cLV<;WpQw z3&C3e*33cP1l>;@hxN|m=?~mYe{-V!nVe1fduh)rYjvM_K-1a&dtv@5>K$~jbgQBJ ztjc$?dS@1JL5B=;C!B@f>a%=gRObe5!jm13ESOG}zkTo1nZ3{Dh8~w&qU`IbMfP=VW;f@?h}S zyiWGpwF8gp{usDdcpYY~%zS(vI(AR?c{2}8%9H%bh5@)-Q!yYU)uf#O$q}oT?aD{ z=pEHUGJ9ERuOzwA9;5sU(R4L6EDHlGag+a>ZL+@aqu7up{+CU7l>YDbO0BeW`b059 zN9PsbxF=n{Q%-BHu+30xF9%+_6HRNsEN$Bwy)K-d8;MbxJ59B>k%15M%v;OF5`nGB^GMI@4!Sxb;wXgj}W`^R~h; zAIN=$F)N7QA%}aLxAmE;lJhgeaEi8l*;k0Sc`f%9-tp;#{LE?ItCF`B$FsM6g}L0T z*pshx_pPi6rd8&AnY}c0&LHJpBO{uJYr?tL=nSpLBp;huk4uMOOU!<5F`Ro%A1-g} zHq~N5UleCl=54J*Hz*D(yDNX+_5FFZK{vU5g)!X4HHbguZ40LF+Zd(RGHx&7_57yV z>qaL4<2T7a5AP-P`@<(6`@HbxS+#wHulzT;*1(yRr*$zfDn70DuSmxsCJ**YQ(QgCk87Thhi>{cYbtz>$eIeiKS|^APO+|`bSA#&n3_j! zWq$A0-hIR`;N3dC3$EG+=nuaec=@h#8j1y&ToQO=5k6Cf-^@8}<(J40#1@AAdsAD1 zJ`bVKXOK6upG6<;jDp5kPupKWOVweuHgH>bf8O!n&9_9)RP_oAvK)p*wo>Encm-e7 z!C>a+SZcFAP2R6xV{`-Xd{llX@9I6lt>1Fw3AgjRslD8&yo{mbWssYZCYFx>o113l zEP!3Mu#J3>_35MSoPBYMnV-hk{7mNl4`7nt*-q`)Os%)G5xsRRw9WBbmgjBhV|ES0 zZ`V7Dm9L|&=rzn^4K-M2^0^&9BB;NHAH0?OnN>^H>gWI_$@EIQXR~|x+2lLSrgo^G z?_kzqjI}|qOoLa@LxxAj#dw5wZq+;J4m0OtEAhEr&(S^N^U%6F0*9N|QD$DFun14p zlr6%`Rq;d~;KBRFqsA8nu8%p`M_bsDr3ioX&SJfTtN?qZU(E9+J+A}*5vGqF1!oJ! z3#JQpZQ}24e7D7_dtCeItz%My9@)tJxMw?<5A%$g$nj@mxeGn1or#Tw>ZjtjPSD!^ z8}O{z*A%Q)R@(=76Help_+lckD!*TLbvt}YjoxcbeO}c~WvdS{Py4;ks(tnnQ@O1jnd-R5xb0B@!OI7mPbFDd#m~1)H-I3 zx=nJ&|3lP9dIg@ik>4V9m60FSP2K<CIN*6?EY3Gi+y1pSRQ^#_zC>P<#`vilLvkbC zE4c};$$;YrZVY5+WBT}Dj74!g;QgdA?sH=}{+BI?jd8ad10Gkdr)tDY=ZII#zL**N zf?f3~kGUde02#^*vH5Y5o40s7v*co40bREd2Ysl-@EB6H=;bo?-d(jT+=`H zG|nUcuD<=}fjq5pF-69{*!2yc8u*8m`~Ic+1~1dMwR7RN?^WOa^PrY|`1x6`Z){FC z?-}3G(&l^gEm<$58#)Tq-08^!*lA8ZV?y6>o9eq9keKO3GN1SQ*^7mnr&nE}bKR;y7+RXJznIrvsBotdyoD^Dc ze(FebkHkRz1}?=Wjrm@q_tz0?n$GXx-#SCICT`YIPh3yuca`U)oKSPVXO?81K4gn# zgB$bS9**hVWovnZ=PlrwpA9e1LPq$%E#0r{MQTZ8JntN0HXZVlY+v{4oV4iV=FQae zqs=POYKBiM?Wq^Qp*Y{?4dtq9{F%Tx0yvX=nOd7mTVI8KT2J}-k=v^COW2tJziEE| zTe;&~@gw1IvEXTBd~{kjI!$>hN#nXb>uU2R-co;Oi$>F+(PT@bPWFC?wF^fB2QpxC zWx*4DYizz~u+h$=_A^C;t<*W2ZDE`&80DMQcstV;#sDX5kKT85HnsPG<0Q4g?kF!? zb=@>KJ`Cp>e&Ky{kCEiir`N5}i`;GOj6MxN$X?NRJ8&visu-mIE@#E{F1jFiS9T}# zu4pktv=|F5Mq64C14jPMJtU&@Q}k!nzr5Q|@7D1yvTS&(G1c`s=oa*EZO1C7yJ_?1 z5;%_Var_y5oywouzNp`2b1LZ-*cV4HS9_;hZLlxOVHdqbM0NVY1w1g5y5gPi zrFcX%lpnnvJVq_sZte`&n7(iq=S}cE_ylj+ferZBZVy^>Zely&{cqIi$?{o1w=1VR zd>4dp{4lnG*lCaUGIO(uop$*8wOn6AHc{*O9Q|sH8pdKR6kXSWr^(G^?bkgHIFJGM zJGX`RJ5B8g^hzFm(rjpQ3wS;m)Pnfk2Y7QCRvGNn} zH}6f=d&opPYf9s%H3ARxPSQ`#wmf_jz5?`&ul2;!^_n00*w}Ku(E$&K?E`143&^?h z0)=;$@eNMMp=v|qY4zW8`$cOlG1NfY!8sVe8jz2rN_%8plUAW4&!QWv$ zsXa&G_{=Wgf)_+%vmSPM!)vJJ_hp267g zzQzvE?T_@{K!4m@XuqdXehKHKm*bnH5Ax4SPw?=i;l~-Y7eCIRUwBUEqv6TO`K|8R zyfa7dr8jBMReYHp-^?GiZ#s28`lcyO?9WdWZ_x!{@xU(Vuhp5;yP za2S5xyIJqSzuKo4Z<)PA^pLaV;;mr*=9lL$&)8ZY7`TXqtxMlLrJHt7|AYCPADTbD zi>BKDX8!JVYbVE7;vx0(F~NZ>X%AiVXU;UurwuxWJl1n(09*LC2+vao)A4)+u13MN zc1kz>JOEsV=czv$@I2oQ&ubj!!{P8m zzBMP#2a3Rjza_s-aQ%ojCJw;&`c$A3?g_`yrc-NCcD6q7mCnc4oJ;)2_ccw;Cg7|S zoFjc2DtE%*Gy*tcbAGhm8{y-lIwTG@`6fPIUYEz&Gr{-eKEUU6))#LK`@>Nf1HA=( z!o20y5coJ1a~QzW!Wl$z-9+bih`+{#=8*4Z4tZwy3)?5UyE!y^YjQ*B|NaWj*fQ~# z(OV%n7QtW2PmA-HbhXi2BgxUj*VKMQ1+CDl%F_|8j(0pZ(%<(tdX?|mOAqElI*0ji z@F@pW{C}U|lfFR?9n1m#=tqz9hK|oBh51Z6DWt-0StkHrj|itS9!M7(;zO?>-Z!8X+C% z|5ihOnQE`r5UW;vOrK+}9K=0TH9InC?>_CV!lxY>Y=L|+@iq3aoNvK*lYjGa>Kocm z+P(apte5?LQ{@{Jna6gWiGY^S*z7S~gWsaQOwJAV=|eO9Jt$v8l_E0b^m8}z?e=Zogbc{n+M9jbQEG#%1^c!~vTw`Z-t61HpIm5l+JvqhjaHABinA@_Vd)aimxH$Ynr`1eBtnXN#?SRsn*Ov z<-EoIz>xz#t*x@d@z;j)Sw~Jv-D%3*J4NxD9BtOskryw0WZQP5CtkcB9H6K4kJdFi z_`j#Q{yxv+>jLe0sZPKe!^88IqW4bL+{uu>W96M`T|iEIYj$We z>%rel$x@F|>rMGb>aQ(5Z|U=#1xh>@H_hva(qyE6m*QyFpJTn!hR$O)XOu^ZPt``u zU-4$a;NLy>{)sdDd8cTNV$Sw}yE#+NUV+|AP4`;wm46EiChrEiY7aqYuzv8IYJF1k zG3}jPOZ#?e*lC`$zd;RwjvRcdJ}-T{e+DiLqjZpymybY0zjj~w+*-JOp1IJT#r@K4 z!^z#?{N5saHq4#35}o81YJCg6jocKNTft)Ez!6z>XW@ab;>^`f?s7_Mv*mAou5Y}} z?&S}%zVKRK0KVPJx0pKA;ToMf!+sEP1l6hLcaw7z%?svkyoIbu@Q3pF9AP>IHf1r- zF6W&k_HI1xyVIG3%z*OUct4=NMh@R1yO6)x55Yg=EH)uG`(D;$}dmB;nm&g3Fr!CV8w81UczbKrUmn4aKop}iZA zoV3Cd4W+`PKCI&RTqm*V%WbY&p5MvAR}SK%qRlvHmL3#6r!mbd?Px_Gh@RxN<;XM4 zUO~T)((lW(-@yHNc%hTQzlA!V^DO?~Vb5VbV=9-9Hs(IQu??l4h$rBo?X)RE<1>&Y z(Yd}RSP!iUuZL>G_wmK%_$FkpUjF2D9x#^ke$9P+8_>POpo=>jhhAUfa2(c9dY$Mo z99%}g^P~A=Zq{K(RAclr?!A#d-E@Y|&|>FY*aLJ~&AIFx&$INSJZIgB_hH7@9^Bvf6YaXG=`>S#uJuaF zH_*MoTGMR@o?;#2y1b~tv2l53{m+VVFVna@&(aUEnv(LOX2!<-0pkYq-D&UQTM?S? zH0Og_?0gSSmDaSy=6fKqb>>@lfn}Aqx!Usf2=3xrZSUgaZp>q%RlS>woeIv^q+jBX4b-rFPOZ0&FOgN8eM+Q0Q{X-@&2|Op^sT>Gp6zJ z(Ql_P<`4P3DA>@)g@K;AALZ4$zwKzo(;O|)+!D*{>HfAbkM57G?RcWPtPM_(wSz*k z_IBj7Cs{jTKVs}pMd+__c$lCPsoo!Cmj&-uu7`?OYiTb^lwRXnuP1c&&OVWO^ z*?*>{mh_0ZE3s++?riIqAZI2<7Lv22)arRP?`)G_5|^`ijJZ#DNA2UCZPOS}a(2s0 zR?eEL-`Td;a@Lr9XWL;t$k|)q^|(!YBfkko*|dvk+moDqMLfNaHf`tUb*?vhkB@v3 zb5;l+T=q|S7baHOi%oNPw#l|VyT!>_-|lJCSz6&cU2`J4#=T$Rd)i*%Jg0Bh`hHK_ zPl3Ugwb%ZhwieAv%%;U#z3Ck(*QGM}3XswN)A8ns&fhSq}Aav(S9BAdU#r(GAOvANQ5 zie-iKH|_&2cYn5{L%+jnRzCplHcl157RLKF@DAq;D%U8StMO&w8{&~1`Ht{^M{cm! zu^wLGY{cU1@Y|1x$O3!#!TsFGL3^lHfH_|=%dfBF=P`Gp1^Y+ge!@6hs<}(EKIQ%J{U}<0?@24q{YoL%13Dg&PCJ$E&MJu=^5&bNZo|8l>e;t>X> z$lW`YFu67T!G?FDa0#Y*?cp(J4hFX`p}jswL(TCq)WYx9ybXg+)Djq}c|?vg0~)Sx z=bXLHGsp)ExA|Mj-^);aO6_lI{|B5-);Vw!YXO&kKf%XkT?;iC*oRi!F+9)Womv~G z-Mu^tzvlP9EG>F$zsryF#@p{rE#Qr@dJeBvE#T9-u<@*?m6NHn^hNngmOotWR^{C# z(P?jM0bkGjWM?5O)+gN3L_BFOV=LCd?}~-ykef&?VD3-ReNsQjR@MTJ&)b&Qs21?5 zC;mCLfaCZ&S$oT8P5kUttpyw(+wFfGh+4oSb+-qytsF&i`ubc8_#f1(FnnX%R;>k0 zy&c&J?V}{|abIfzzn^{E-f97d>11q1oo_F+PnX@tTELff{Oi;LzK@#bMeM`&!42$D z_N^B1jm(pLFXilLA7K=FS9<_1E*z$r^lwkKfRE9Al=NeKxjyveWMt85`7*Iuz%6~R z&Hh^HE2(#Jo&_Wy5v{2g~U!(Qs+ zTd5h+7k%7y#DUSrrPu#+^zndyA$@!{bG5hn_|2*dbAa^mxA4>VMIZM^Mk@4i=YHlY za&N>xJ6G{-_ao9ExWN4gYf!c?1Db5AE+%Zdv)K_iS{Z2&ug`QSo-)s&0a?B2rhkHKb%EQW*^oMLEi^z{qSkvCl~Ku;x3UpbT7zW zt{<*qo_euY0nK__KMc}Zv*-0gq%S8U=dVhzSBB zbk2+TIrPd;B)&}!V)-|<-NrgC{(IysfZ~F&`VQGnFQ}nD6@0b#vx-=o$pvA~v_97v z0G%f*j^;Z!JNx!9wNhROd^Q#vq2U5syCa)$20-Wkl&2Gq3tmHiAZyM5bn{#>e8mNi zfPa$4aP#!S)$BtmZV0^L+<$W~Rj8jAse=*TTTyI4domlCuldY{XZB%EqcsRy>SYG4jS zy{?JiK~C*N=I|7A4ivf+z*F}^>ztD2PkG;}4J^57BJXW1G&g5R;YpJd3y%`_T@$bU z9_Agjb@cx{FzsGGhj{ck#G?n8c(jo>Xuq8~IkU9lu`!oiI#IPd#tB z@2uSIVyV$Sb$^6p#rRIpa=GU70M5~s33If5ALeLrFLSid>9DMQ#3w$HS801v%gwq=nV&CY|n3b&yLA3#@svr^}pz4Zrq)+v}dbNgd->!ax5pY#8te(bTW zQ@Jgz_FiJ{{LA<2D%|dsZh4Yg`?s@y*GRtf-GbRa57K>?SNbpJB6l}B_AZ`pK=*F& zN+0L9>;veZ4GpE=(^k)n-sU}{vmay3CxG=SK7WVKPSft|UTL9g_jU3_e#6>Hww`{9 z>`xZ+!23M!@8I)A{(eq=atHaf_8rszH_@Z4XSTo0dw=yx#lQ2p$1A;+m<0Q;rmx(< zejTUME;}&AJJ8t9X3FZ14Yd@`2FE4+d4YuW$A?(0md&iR@C zl}pO_h1+LNf*%g!dq*Z!zj)mR-h>ke zc;Og(#I7#jUJ9K<-qU$-tM=z#x%~U)+)4Wq=%)Eejal3X9p>^*{tDpxrVn3XIl1KA zVQ}wmXhKaI@rucX1LoWc=-<*%`T{rz?l8UUfmL&&bMQrA);ad#6MWA1X;+88r`qYN z0id=zzq@@dd@y9t>UwZ9ZD-L29E-F0e4fuaep|<9;)Cw_z(G6F@Dmn}9kc0g7WWHK zFD~<@O}9zMsK3zu!#&}+#L8jGw9!7OiIvlr`oD<&&*V3K7oU7X=b0x<)(_>5Zun#x zaJ~$jjeP!<&lx_vP4cmjCQ z9{NxVe&!_bnxy$FAm75T{pCX^Cd%DH))dHHr2ZOxe}+Ecxem2=`e8Qv-F?yzFZb(e zZ}j!UsLdh$P=`!GgTiP&p@Gp4WBESLE4ewBeh_Yj(a@rfId`((iOhF~WPdQSpC7h# zH2o{bTD%v?{#bZ#TtlfuO^YxOx3DMt4&F2KF`RkOe2m}|Sg0N9%Pn~jPLGJ5;=k=9 zkh|dxrC9^Gf8^z}Crb9VL*q-K@qWl)gwLGMyyYtL7h`g$v*ad+2N*<~PSxs=j*jb4 zYHDaMx1ej4Lt=Dt8v2Un1Nj8cq+D+mb{RFid$HpIUF2u%j~&13iRyNI6?Bf<@fLnF zIBlTLJ#G7H$3O1ceZ8SH``5kO@f#lKn;ma>AZo`?r(IP$KD+-iC#N4`U$jqh8nWZ3 zs_#D7@j7@*HJ2;w`0Ue{!H>QjudQD^9Xq}xZpW8hvYC68`J1!3z4LJX&e_~H9yx9t zw)r~7cQ)MAe1eyp4Id~u?mTB{#D*{LzbtH1_Qr<#;S2g`!!M)%Sx&EE!?(P$pEevmF*ZEJA8{Lgw&jlpo{QM< zWd-I88@{Za`70pX;{W#ip-Urr-^rY8I5HQv;WyEzvEd=zaM7`S)D0mUKJHr~-Oz&# zPvf_#wn~K!m)y4?_bnm0ABNm_4%^&H-_Cvqa&PT-4YU#dj(_*te%D~X^Jg!`elOb& z?XcemO#Ynx?)p^k_WLo_3klnAH;=O4%;SF9Z=E3lN9=c*hb-?nUP`jxUjruTsf>6= z_8XpAZe<~@-(|6FpKZI=f+wTkMhkdi*$o(+>=9Fc>PO?92*DLg0&4wQZUBdjk-!^>6 z;MLn_pVom5@7NCAu;Ke7e-R#YHay#`v$|0kjIY7F|7>hxc@6I75F4&J+)6xhpV#1= zO)G#SHoVL~mTw#%CE4)*1t#gp;o=$DaCpYq@Wb_+Y&gID2R3|9qxLY_zg&IwNYoWowXzmHgCJjG|Ex0{Gl4?uPm zr`B(Zwbk&y_65y5+HWAfqj_o1coW{qGo1k`0&6)BkFm(sSvPk$(DxVB_fY6RnAi~ix6#iTL#bEk+70yEt#Wk% zdFMLOeqe*4(+?P5?XJ~tBl(T__!_@O?t&OWAL0#Y*bSeUdq%-I${*B;67P(IKQ>T9 z%ib?~lK6x8S&qKD8OQO*R}X?e>~H1{7I-dF&yqGDvM_0`&xEGI9XZ2zH@tVmyBFx) zVZaZMnmckBOW(~MIl^na&nwU`xFg5>mQZ`voNJ}echIM~BZs~OtEry?t&JSe-)Eq+ zs|i(&cYnGOr z8Cx;w?nZmx(F`AlfafN2|7SPw&j9{8z#P6$hu>7wGB=kyB@cpc^*=bSqb~Y2%z0n# z(}~l5WpEbmz37Z{sgvdF3{yXtv3@RCfLAed^vB(bKS%h9cYdUI&`(Cb;p+%*^89;x zj{ZqARg&<@KP?fuN{-AfjL3Vgw?$&wQ zjp1Yg+Z31M$K4q4`)hf(&TZ)4zTB|t!tM7emX8#hyT@5mRzJ_oo$yUC)(h=!8%RSZz{R1EHe?-S7 ze7`F9^X$kn?n1_0!oBZTcqP?0)!EEdp?Uyeo>)qM8GHkeyoWuFgCaQ#rmhvXDwA+O zk7}eT{vO=VGhbu+wD;H>KAmw@!`%JW8D10I)zGnuHGyiA=D;nRFXQ)d;87dJLQGrv zl(YFBS`!Ff-N9ql1oIk7UjygxT|GJa`$y=m9#hL)uxVc9Ple|77qT(*@g>o12IE3E z)tgbR#UgYTt=wHb?ZB)WwMq2c@@GGvvc3u}RYTX{+BqPY%eOgP4c05jsI@ zasA)M*q4Ovr}-r~nDqqD4$-@HygSmq%Xr@zj4pBg$Mqa-Qo?-%@PqqS`a03l zG2|1jcJ1&7)!wv|&WzFV$G{f3=ZCS$d%qEzG(mY%VLE`}O{ur578G@)j{bm{KpGl{SCGkMw(-QP0M)R;B8A6=w1e!fxqzyGER z{g2-3p2Kr=a5jzYMeZ^-7NFSCiHw(nS5yNro98*YLok>%;52Y(7$BM-O}~`AgD=&gaN32OeaIGj#T|=~W7Vs{$H0D5zjtIA{~hWVm`vOQ-15M((%soJ!@p0$*a^N%9yE^8 z|B}U!{&)A694FjHfX_T=ZQqv+X?`=@b}#v90Z z;H~l24nmF`4J4;N512cBK2JZ!mQHRcJ*EEP{od}w=+b+VJK*>n?IS$iIK z0|t0_aTOj%|8=k6c?)!J!WW=FN4M@Kuk;acQSI#RCV0G&xXR^T>EDIlLhxG5{9n#9 z?2_*LxdS-=JCW*;sDQ$0L7Cjrhto~{eYli*BKGaJ3*;2iGYL}wT{S2vXY$KBO( zT}YnzZsdvQhJMq0`Z-vi0w>MQ8G?11PeZ|<)0myqJw|W2G5_{o{ygT;U!qH%KL1by zpYq+%VX{w$tv3E|`p5%!NDmfWALGk#{~vu67i(;IA(gD3+G6(w?P-keQ9N$(7%n`J z3(;Kt8Jx%QJ;pOb^d34?Jfpkb1gl~wsxj#B{hot$Y#G*j`v9xcrJtj{_{I0tqwq?f z_Qb-$J9MY%Z`fvCs zn{u2%&{?`j&9}6Coq?R2 zxLw$n`-XuhTBpqHH=wJ`nh>58Kh0##pt|&`vu2)yH_z`5&g8($s#&eQgZ|91?myA@ z_6=Uw8OU-sXDISN_0Q0^d)_JXiQ8NJ`#Q9KF))fel0sQF7&i~ z8ng-X#T(%ZovR9;rE+(jn7ZW5e;a*%koqB!eLvvH!84LkouSemrs7}Ez`ywYp*uH6 za=$q5!LM4+J~Iy7bYBkl(quqg*b9y`MPwKw%i zqP%qcu2-wR;fMC3K1rBHqQl55msK1qD+16iNsdG18mm--|>`n}Iju5GpYhW~+&rx=p_ zE*s;B$ZTKhlbmp9@AXN-bUI-5N#6CZQ{V8D%vBM)zBly^FJzv2s!tN8ne<9e^$ojq zw;p;}{do!X4dZ<|8F@1@Qdv(+e)k~m{_NMPeIohZ;r8+|+UrtXZ-9TO`LMLWon2ao z%dTncEO*J7PwtX?FgbvE_S662>P3Xw0>@`9 z9N|9tSLvhnmC8OMb-j_bI2}z42^#0*KQW$YG2F-{zRqBumZG1=m+v8&7H!wJ_%?gC z-Zk=T;>ka1 zd%z?*D@MPe$s^D6_+9n*{_W|J6W{n@)sx|@g6_^6;GKL5ZB!>jxd_VU($ihEMA9CuQf+v zds|<|uZ>fVXUq3XdOv6T^8J_c`@+3n6&T$doToW3eowhwMP6kEf9Q@$uQgNW*A)1$ z`oMS7{y6InJMU)iGjZN0@xElzuVEg|i45N@ApM`ou;)0=TP8kS^ym%0X#eduURu@i zo0nFdUV4dn+$Ek|hul}YV?cf6b+0+&DQ}Eg?xj3^srJs>rtMi9uA#mMUUs$I4gZ6; z_AyND1=>AByHh^9d#x9*r325qdj+b-3_AC-79e$_|Jk(wC!B~aL6@^G>C?T%Pjk;i zPV)?3gliWmKQ&x4@S*LhU9_L{K_CCK>GPuQ`PvKm+|)<E(mn?85#C4J87 zBYoa1`n1S5s3BLT>>H?d88+jda127ZGkI)=Suf%TC>~T}Ybwrv*k7}3#cwe26Xp`# zX!a$$i5JLE(A~Y}&VweeYr*w;pZi{kW7HY@LHr1PVb1W=ZUgzjT8CbOk1!^3&w#Os z0bKH-oIZZ(WAYQuAh*W%6V!fP%WrLM|H^hN1OK4hMlfGx$L^_ZTi_Rz+eY`3xQBH< z_J0mEn;WO4J=fmEvxU5~*xtiB3x8>`{G;+ctRJKXPi`)>oX_8^ho%-fsW&zcdU9uL z{!Z5R^PsV6z3{xiUd0O;&abtcUcQG_-*3lOPxTI8&5*>a|>seqQ1Q_p!RM z3mNY|@&;VaNQBl~M)rvqQIe(+=J*@Mg&(9mclizqxK2xrRy{pCcUdpHVy^ecW8;O*vrme6M>eeR%b6L+xAp#G2A&Va77#6Rh-D`~T51^d*{B$$UZccM;X z9=H!TfJJ+K+>t7oDSXo_JvPhUkqKS$iib}lwqC>h2v^`&O_(!M;K}#;nqa*aq1*KE zov1N-e*;?}pGmB5s`(|h{Q)92z{WNy$6?W_m>>*+A zgRzHk50dK>`8sGTV@p4vPjYp3Y;=QSc{x< zQOzA8yz}4a$6(IM2at}+E)UIlCp^SGsbUNZvRa+pHjYPH*>3+ zj5l&lAnr#-bZ=*-Yhzuy%hXDQpOv@RjSkMk$Irm)&my;BI-A%eYQ>8tFXW*4*r$L`a{$E0$SI}m;XY`S)Dc0U{E^8mo%3@okQ?B}v)hV;l zDS3E(7WKdAGdByG>$gUJo8y%}XvfLHFHh2@DBaGuMh50G&#L!@E|SbEA3*YV>R0SJ zW8TY+Om)2NE6B|aJX_8jtKQdqzORK2w~=4Dr@vp%hj-^4jL*ef7H;!-VF5V;ZtvZU zxkSHH@5|Qc=;pmQs&8c0)HS+-wxj)VYS0VXH`ZASSA$8pai(w8sbTEGp3^6xqYguF zvW}}?oEqYtD?4MxLMIjBx1ion{&4CYQ1c*7-JdkIz9w_lux{AWv5fx#_G`3XZR8j{ za_BMD``Jy64c_%@eW8C;>x-HR6OC>pzbV6?se`nl!9Ty%V(Z}y=iL#&&D!%s$p`ni zFJhlU^~%(i^IaYCyW5A+w{V~ymiE!~yY_CB`)2%<)cD99O<^9BEN`*rQubh{!*#YE zqmOU#r*mA!)`OGcKB}$to9*luK^LQU$UhTIsuL!fXS>M|^AK?x|8Ao=JkD>r0-SvvbsUFLLH; z@l?p!iqn<_az;Ig+`-|aIY%+%zd22aa516ERBxBT* zFlYIljCCHm^nl42GG7$@)T=qrGWI|f8B6s+#-39RjQxW2A${0MeJT7DD zngedj9tM^^$(XIn;oCCRd+=>p*AFUX>^}O8%h=cLIFhk9^ijrI?ug3R)pztDW7AT8 z%?xC$ebC;^*fRBvjH!mFIX94C%c{!QwCNql*jr@Fv_D%o*qe|bW5HQ@S2x4e%NW;# zjLm}AsIlSK%dj$5n3d`X%UEIBfJw?RHaQ!6YsVVtTksQ0O^~r|@%ql#jWsR~5V2$F znhHBsO~&erz1y)NeV4HaJkE~2^q)GnABD-;v2z}`G6v5`#`d%v#M#%QIQx1uaSzsz z_=(D~QJwBEzQ#AiU(7e+^T7WuziOAp!mpD*ZF~g$IWs?6gRST{NwSif?zNg4vGA4i zCAZTqiyqM$Yyonl^9Qm$s$ZF#>-(xX{57o?iuhAHb6Lcv65X3@P41cUNt(**uJ)IQ zO$^4f>nJzg&)j$;kde@M8`DQ{&hUs`>(WQ^dE~B*>2r4#M`{hqCo*BiBR_L8_?fdP zlLZg{C-7>mRfI1MjKeI9_)u!2d>frdP<=r8WM+K@zBf}l#q25Y-Rx=6Uq9*`{7;(P zN#51E!kn|>chTos-nVgt#JRo#yml{tALo0|C*E_A$ywK!TE}S}BsjGe(i&(CYanRM z8AEUzXmK3u!|Q5R$(QWL&vNiyDtOaAECqb3BK=-Ve`Bs3bX&hv&FXuBTXZpXKv>6U zZ7jGiq}`sh?h-o&-Woxk8@wgISm)1}$8Pv553kwW`DlFw_^cZ~%fnYD{|kQ1ZYbAU zmytXwV_ zbHDO2Xae76`QDDN;Bvt}0AHE9ye=1v8X-DQXL7;B-@IR+vbkVxsAX~z@k@c_6Lgk>T$(Mw8ojmuK zoX{>e4EoZ4eik{^FO%y3rVP{F(l={)0DNe_7WbyyxI~j9ebkLgyiFq+K(A%EylTn@uw4c1o}v!}S6%e1!>8T*ntS{H2s`(0 zio-P&+J^G699-WPTtlO9nLOYSk1TfMz#|U-i!59{>AESji?7cjw1RKKFe!&vw7N+! z!9QVInK(nbOsjV~n9^n3Cjpb}W@JAZ`gXHM&NH7;`&cDc7oJm&VLSWEGl>m2yI^8Z z%>8!eaLlqx&3)D8{%Ytd8kjl(l2uzTTsnO{d&@cAS4^tE>exWPBDCHPAE^&tpGET2 z5_RJC|A1#>`?aE#Vv#Q9^?T}UME3WgZH_tAeJ;wu)E-C}Z7W36nRx#L^&Fx}g!bEeWO1?B+WZ`HoJ&Z!!H;y2}= z%);huPY>R-iGBDQzMI$vd$@~I4U^hm9y#$uJ};#%F)}epI!0^4@cb1ROZp`~cR6sV zVLw-NH+~GbQqS!A?cj^uycT)9zQ|k_>Qa;5(2p|;z_LTMhh`>z3oQ=z247q6HC+Ey zpB58mro3y%q*AmU%xA;(nbe?1=<5;YX;UHP-LJYxnt$nM#^!m=wP)x($^F$P7Pzy> z=b5R7molkq%(+sCo=E3pbkiRf4&>KsGq00;3LLY zE{l9TvlqqPC?-Bi|FONFNWZl|#X;nO%Tr|{3<=Z^Lkuj^YWKTjH7JX!vz z(Syv*$XajNDE5s!-8);`uxt@IOR5pHF8$kb&JwaBy(73*GN(mgtmh8)OzxCckG7*C zch*+&otxvIU8XsH2mYylKa@P z3w<;Fy~B~;bH=ddL53F-Gct9@4J|v#{~~8hddKAa(7$rbA13B(^f&#DqCe$7txLN* zf9CI6ROQV7azo2<9+&1sFqyd=&^%SOT6BL@Sm$X!DcqmvpuKC2sa$72Z|(i8eaKOg zPmC@sToF1~hmQKeHe?z*v&!2AOF<`o`w72kjUm05X}IN_nM>~asOmY_U-`&wS|1eU zi=;TGH!#}Qy|gpuB$$VAf15Q1`V?Arsb#ROKl{Tljj;T`c}n3jUm@%a(Vjr3ncpTT1; zuV>@`T>Fb_KK#Egjd}0~FP-uDUtc1IYVuPhliT?ljPCk9wr%y14cDJ}!lSp!US!yF zGO+M`2Y;K$;W>-vi%<9|&j(jL|EziTlZt2JlQVfX=7dLhR`ZDZ^kJQjT-y7*I?MZ5 zf=zi#via-b7u74v4!`}F$i7rMbcV^kTj3v|i}uAoc=)QAe?YCQSIs}@10JjP5s$TT zJl^tZ;vw6RX07eDD%VZxGVMdwd*03*GI-d_e(a&1`Yl;_Te)waax#WoJoLan=)uBFf)4XMGzkK)Fb@JVmcg(oTN6a~N0JPL>FR8sawr`Z`&S1-_N1>SVqzv}_jF4UTY>hQNb7z6V zeTV0)l{xd*SY`i2{*3l2*R#H3EfkEUwX^JYIB!+_?ABYlW6bH`EmpP~fGaE;#+ShM z35G}PJEMAd=co1^KR>vU*qHB|iT-Q*bLOE@u{+{+%a5fV2e}=SfoD8_Z8&v+Td?Br; z!!V0R3y!wF1@G@(ej)L}dDQ&yhO7ndH1iA9F7Cl+5F*8 zX-wHKoxzkJ1#h(~_NBO~WK@3CAZ)w*Cf;4`;d`!2-(+jSzmE9yFYyo8a=zd^)@VoV zQci>R>K8#jtqGL}rXV)y4kGL zMeDH*9h;~bxUpsKuC}^V*QS;c_=)nbj$Qf_c-X{IwO+-SvoT1&W;1Ok{0x6<0=V&A z>*VdsZ+*%uJtUl0&^I=!eSmkr^5#Wz)h2A$IGrhYK{X8JV+M4bXXz;0CL3busN4i|p4IkQz}B@bNpZ)^F-uuo-zb`hHll~gW8nWH zcna3GCh%`L2KYzpy2HVbAH9loyy`(JW*m$^-;SS-jvwe0H-4J&7c+j-F-y-$7(a>E zonL#=rGCy;lAQdVyv(Gw3+#H%J5+iqDqqT<3g_Bp;T^5V!ZIp7ZS)Frmd)!74KieP zi+s$sLCuHH2d*r9r85J%dr9Yle~H}cH|?RAH2^Y_8_`f|y%BxO{A{)BV7+q(b|%p- z262sYPOI@fXtP$fiBIO!%w1A@N4GoG;i5oFBX7 zz~lTZea7c`UKO0bcvIy(pSTY=AD4{tw($P1o9CPRhI7!iFTCBJfb;QHaDFKP=RfeS z<;`GR*`Vn?@OG9q3A`O??{I$KtAO+31e|l|mn3<<>*mUNzGokB-mn)qANwlcd{P3= zcT~Z7;Mz)@m+S-1AKnX`f48Vl@*MC;UwC^bea7W^VHKPgCg6PPKHxlNFK}KT$GK5C z62tL@$&*O4kBvWvtqS36ePC=@wv&B0Y))pl?+3TB&se*zU+dR|Gd`YdQGrJ)^ynd|JITeG)zlHouinXxeu<5OajGV&>Dr#%zN zal7(WRvyusI=W_cwuSg*$cA2P;ZePO#WwrvE;wSwVIM|5rHLiVhX4-z){fk5oQ;{C zTK2n%K1_^xZvh(}@%?yr^P~7x*kJj!ifwHNC;2*NpOD{j(CK^NWqpT$mc}=aoLxL0 z-+V5HsH_DSK!YuFY;%`YEI-^ zLNCpW{Fyf0Z7Sb}HH_w5Yt=KR$MgWtKVtkav&N6mvaIjR>vQAF(B@*=X#cQ~j`%W> z_Kr?ZFO0?@!tocKaoAg2|44svTtA$E>-Yp*Pu&Mx$Ls~J>klxl_b1>wHUZb;5^()H z@AYiQE9dnE+Vpi^7shanzg|+iwiBwiQ_e;=>o>L6_`0(wJ3;5L$P1a=JayH%?C&gW@M96| zEt!0q8UFk0(--XO9;-7P7wpQ91D84E6QI9Tci<{$bXE4C)`y|nv(V_mcZ)_B_Ke>s z3n$|x;dgyC{En~QE`p!xAP{RY_;rHcwC1U23qKoc(cal8XrCVkO~#_XES?)%sA-R_ zY)@aftAPI3{nk2z(cbC#c)sHEhwyy8@JwH1@EliV9&1A}nw^Ao2R}GJT=FfYth8eKzTMZnx_sG4JP<=yb2m9Cj1P2<>^apHm2Wi z@;J<17rsHU3H%p&rIpNaEwZtQIaaLfTeGoSu9vXKiW!e!?!E#cATs`#i$4!g!x1PKM2$E9#$q4DRTF zndkuFeuZ#%en$_uPv`DCvlmF;Nw`1B-Fitfypr6_p4x?RH|GV@*H5`63HQb{`@J_z zxjqT^w4U8KWwmg}N0R;`R&%oWSU5+<=;VG5;(Eo{x*^xuiC2Hb#Tblt|O7s?aoN&-^B}i`Wm&pY>=zq$iPu%#eYt<{Slj{Vsgg z=e^_jf8Zu_r+wOM)ft`>Q}~bAmqo-#wVx2!m_H3{y(VsBGMUzm*2Y{mZ69q6I=Ndq z85=X_U5Pg4o^UK6Vq;=wh{OYLDbq62E@ES1?IJqZ*_g@L7^{O{JO_U3tBpbT=B0bF zF&A@|JZxh+gYw`8) zCq#q2u`!FWF_(L#1*$28Y^<_2<~ZzY6&n-9KWt+X@K{j||FDfoXcy=}!@uChx&3M2 z7O^orb2esT0!^Had5dV$gN-q`A3U&Cxc0Wp`i-y5gU`xE{wag zF+v{*_99S-f1^xB5Riq@!Oqul%^orG2n|F|z6V_veex;StzTX;^XS_awjdcv=feDJ)7(7-|CSM`4#YUI?&M}Ywe6z(>(RdRp=vI z;|*z^db6Havo+Ai*c$XgyIs#TiVmUmOf@>BsNWH+OA_dCXB9e3&-C0bP6yc=@37{n z7gwVLHpe@%dFqAL=z!hvj&7cMuAbYqO@Xz|TeY?U|BCUjJ>GH6Q)gBi5BuZQl6zBa zJZzA6Li5y#JWrA#XM;LEcz|pWIGkC9)_Y@vLhGFBw&!VUd$3Vgli%CZI%jKWo%2E2 zqw{N8H-^?Z#vc7=P3suWUnrI~eo7x~5i-(~Ejs#)-fdBD>zu!mW0*8=`?Joue>S`q zw?)jG{D-}=5(Zqa8vv+U+_gj~x!%p-?O>kW1|`)%LQ^c}F$;_hFqg0Nk7n68_HqtV^$% z@{e~{(!{NE{>rnewugSOJ=<#00rltrt#j@W?jhR~!hKCRR?*u!=b$p~k#_sC&iN5I zRN#)yQ7rAjB;2t#TIXyQ?mflQLhGFWNg4w?qgdKklE%QsD3*3R&#bPB;OT74s0BUR zm`I!6);agS6zIiByFS~P=w3|FN3g!>VJ`;zvF)_YHD*u2?Zsd}w%z%7*?w$z+dkS4 zY?<4Oxn@S9{Rm(+d%L~t#Vo8sr-=P%iSFS9zCJP$tYt!bF(-(Z`f5Kydoje1wuR$l zCE-_TKce`B<76>7CHv#5;TN_av33#s+*(HX**M@I&H}%^wI89q7=veME%Tt6#|rxq z!7~yki@_^A|GYDq-y`-TpgM zQ+D8{DaR#^VeQB3lE$$1V<^vhvL9>a_qZ1m;iriGNT5w^6`DruN37kR&H>~t9ZBBO z>!^26P0q2z$JlQsJ{F7}*pJaw_VU^PF!m$1mv8LHv4dJ`IJ2hp$1w73jP7-N`P#2g zetvi_pS|HW_P%rM39o1GySol}#$!L&+tHmp8R?$1ds<(4GNA0EG%^vV*#o$!~qIv2~?<(t-diHsbW$l||uUqf0XODXW``f0z z#5C~m_Z_xf71F1R-znPo`ZScI5X^zGi-%bF&|yhIV9qnlx%|z{O!S34 zW1##C)rd%vhp^ly;dW^i+_u;n_*q~~YG>{pB7aFZwOM&R5uAiWpfB~z%4?nQ9p~@Q zw%a=z^lqe|v~jPp8iO-ZJGdo+aVw{Ko4q^5s4bb5ff??tv@*zF@1XLYqMD z6WYD%a=&g+>or#Hk0cLpf93w~r|-YqKl$Q;m;1G|_D}9FlRn!|x!+I)ul4i!O|w)t|z&V?2EMwHg$A!N$2<$!nH0Ne3bNA4r*!z3pxqI0Ad+t1UaO)WS zWZC=S6U5td%ei~{etXQ`&yl@9Z zZzmRE7ftToT>t&`oKKUj-;h3kR~~!c%{n4aPFFiT!aC}nt1g5_>;)*_;4Gd;D7E6 z){f9ebP_GhGpz;YHBbE=&noDHFP-InfnW2iFs&E*;PY(k{=L3v(V&KJaKuAD!c9 zV*gL{fp(%{Kp)N;WEVD1U7JWdo-J;kx+al!JiEMk>NTR>XrFck@|abtIxb)BH}v!M z#eIW={G{=U+jqX#@K7}xO&@G&ME^-NT3dxiD_#C%m39G*7@u5SpNDkrdr9-u_a@Sa zXIC^&eRm>_c(%NG>Wl;$xwu7xXjJFZh`fxGB{QPGgF}4k;uxnSjPK$DCnb#EX5#~+ z6UX=C%cFRf#7oYHZ=2`V?opeQ)F!ay;FB~bZ>=&Xfh|vH7pa5AS}d$fbjFIiKg|7g z-*}&QV{Wj{{`hOMb*$~Z=JBmr)@`leV9rb#x>_qH}#&T{~XeqK_;JJ{dSA; zqU`!@t6jG{KS{Z}x&uw^+vu~FKKqfYd0KW-YrWZr%xr3U5ABC~=FHGc)_+<*>a0Q- zR%65Mc^>YUV2$%m*6X&`0DbS^p1`CwuC`db4QH=|n1bL-YU}3k&2|pMVd`UaOzxW>Q7Z=EjB|c$tmoyL0F^_LZ5z}FAGdB$}XOd>}yUAt3C;1@1pBBrJ zb-vtJPWJtiLJ+gTSD4LwhGRC^jy8M&KW4-E3&m{kf4UXxz!&(eIl~b>e-Xw(^I!Wq ztFvZ{R?%}-%x~#ZL*q)ndV#YC3GIT|2JMaQSKj{Ea%`i1Ci;b#h;RvFHnM@duh`QD zYbL!u{CBU1NN2WMok#YXP$8Q5CGKH)R?rFSxCYJ)wV zm`QmbQEi~n7nF6us!%K^K9^fU`SeLR|8+;QjZSe_j>~sRY8S*{z}3ZN9{^Xu8N_n* zjP;53_3jZJ#`*JGfDXE^Lhq`UMx-y~%OlU}4!zH_ivH3(AJ9DYi#$)#?M{~*cY#~m zMdvH2O<)gzFA3MLRiRN}4-(o%*LIn%c+O*Zo&vo=&ZE&A%~o&B#y?AYL0)4Ty%9dM zWpo8`UY*r)I>N2@ZX1t0^mbMYKf9;=l9dgTsa|wNPy2)PKfem?7P$4r3fbT)`-8MM zu_~R_3gtQ;C*D}-^HQ+h(|UpTd&w_ZbJe;btwpOdUYRQzMbBz6FWbU<@3lSc4>I29 zGJcVE3;MD@DEt(^Mu!{x(yW76=Rf;S@I!}67Y1=&-rYd#T6Jviz>j|hy`FC(&dXYs zIPaR;?2y();H5b4=TAd7%<}xR!RQ9nVq%9c3$a8THmv>3m$;`}c*WsPEpnYa3OpzL=h z>=h!b6?=uw@2pF8z3}$lb?t)4Ug2E!3eTg?nXMy0|34`v>!Y^FUSYIdpo?f9>=nvC zvwLdSzN0LIm42t)D|CKmr-_rSx$3)znDc6i87@Artbam&XD}b~r`sZXg;DtA-`rdU zuUurWFxoDHm*OPW?{vP{xx&lJP@r2Ft75N^7_aK*8yoVcLs|>ghU~`nyR~M_zl`7( z^)I6^3b*-HaEtnvmF*%vA#yAqawIra_=Cu>a>I@izJ2j8ksaBagY|xrf7zKby1PHm zljPg!gip_P{$&*Qq&9(0Fn(h6ec|)EDl`goLPEQWyE<57YMmF>{n7;)4Pgd1x|mY-;$sc@Y5n|QO;l+oxpn8y z(VWNW+5ZarQM;E%?*-v(LFvbZDmvjjJI>=-qk+vzsAc~Va-Nf-ltE8H?04) z$n7VXv*cQfvJS-uQw~8MA56J)`8nWogNZS(x$5Mhre1<{!&t@HJKwjoo_N{VD!xfL zzbX!=;JdCGei2<+Nf*h!=4udk2cF5__6Pe-LKmHx;`@w)e-J^#Lm z(jmH+qrl!mk+JKs5gGc>@2Ynhrdt+zxwzdV(aZWV1?Rh2zbI$v7Wi)2p@Hr^_PxF9 z&IJ+OS&8S2YV?Wd&S<+Z9`YTjS=nLm!T(S$>j2?nbxEK*p+|-8oQLk5Z*}KUhqf-V zdA(ob3^Tbqf&cCDEW)xWyRg!&&5e9VVbt6oS_QXYzqLxcKzC}6I;9_PnzF4C-ASMF zr-i@4*Xq@Wd8WFNlHGQfXTiIXeypDTUQ$2kROMhiz_TR%=XB=8^PJ9%;+oVZ(3!xM zBo_~JpI=hDKxZbji~CV7zbZU0f&VnR%6=>MfpvFPU&-mm?~D^~6QAoTR>xda#OlVQ zQ_$s#)wP*3A{FcJi2cn)^gztE(Eo}mbgGTS>Z0ue--7l*td6`KmtQqi{9@(39{m{2 zud=Z^Y?1a`ZLDt1RiS;8zSKS8SVN!> zfMNIYDD3L<;4;pUc7Z;q(k_r=aCQ3NC#Rtg=+mv!!Z}$#zv1`}F@&}jaxGc+ zuUD*_b$?F&#b{rK44>I}xA^Qk$ubncZsPb6SvZ^Z)NJaq_4jix8E*%6W<>eY>Go_eZyXQXdSwxSzq@hzx3f}XpOn%Kw@zM$^r3S=h~ z=iV_HIWhf~m51R>3u8@7m#=igsaKv%)b=9%fzh z)ZNp;aYPiy_`9l!tlYzwcsGeJoeV5F*U3PX&Pil6R)dXx11{4)RRJ9!Uotzh;o@fX|D7wyWy_o}z9JG*l5 zzUpqZ&q;N?S#iGn1xsfV&-8h~>{~{7Amx0%X`;_r+>?>^d7Zxh*WAlk*=B(|*BfgS z>}%6jnN@Of3!G0VH_J1Z| ze1F&Z@G<-Js*z^*G$XLry8RaVjKluLm2fT0IMP5}CtK!{Gk9WT`Wt!pTN*X#|erS&4?zTw&b`XE1hV}hNYQPxwYzTs$Vr_oQwPUAD^j7B$p zyL{dI%(;pR-!?+`S{JXJAv&ImU7mwo9^mUL`oG@L((JEC+AVNrm=fBlhFv##Q(4*@ zyR0>B$Y(#h0Xc_9q^|;>9luHMug5lTz&2~$p?id7n@`7w3Fm{2Qe7_A%B#@7A)h@8 zpVPmF7c23)unJynP6sEni{iyvoprVGRjvPdjPSB+*F{bb3n$J(DCZ%?yza67dL1?d zKI#}@bZ`QFoenl@$4dC$SPg!shZEY#MkqfkqKiXwWpJ_n^7GTc#m}*t<9w$u{^s3I z->>*T-c9lmoJ_y}9H)z;cqFw6{0hcS;>Q=b$1bT|;8!HHi|&69?8+h^stKAXzr@_K zobSrD;DfLSuH4+3X605ykdkc+0Cb;F?x)5&3YrO$B1Qi&jHUg^@S?H{*xa%9C6kZI@%dtuy*0bq<*ZP zeSm(fK8xVsbmt-O@pWe$kEAwX-5Gyh^Kg3=dWCgoyj>4*$^hOVHo-pcOnjcqlZX0s z($KT$w{1bK8g#DoS-2)=JNL2}eb!?1*|vDTA->VJJO6lCQ1^M&iIR&@{6gQ!S&=Uh z=o4hIr~Tjmm>}I)vDXveW8xJ~FU*!5s*Lfxs|qa_IDaakT_onGT$@@>Gf9D&6c-U)GeXJt{WdBd?jvz2}_g zdCv3uJm;M7d_=YJbpvok@$;8rXyfaKh<1Y+#YMzK8`vjK%pkwVi;Mhusn88mj(2qf zaf;Cmt<~;%z37T^-B3$idcfC-)(y22vPI(`Rqbq>A-N9d27N!0m*ip_nNQpJKD|F?j6_#Z2LLVZ1zlA|NY2nun~E`wWa_VkUfH z@qqCe&<$GO{@JqOeTJazkD8m`B>=|9^zHj14bYo|d`yQmH@SXec zox9Qr0Iz5R+K#~AV1pECR%i`wxqnesbiT5Z>%py$wM=k24q3OlI5q~dwatn}Bj&63 zxoCM`WovR`+SxeP=wijNnlI)4mbEstgOA|XoCFtOjNV7wcF_gyh~ci6Rd#k&#hhVVvL%RdEgyYKD;5qR5u zb}NLpw+_F_i~aKGNYTmY@`=ptjm+@|K5ueL&6l9Z@e>32uaF$B3aq(D!TI4h`~vHY zh^Q@+hOo4PpoSk*5Okgq=0}`^>!;$X0C5 zFk@ouiamYA*yenOZ@pD|XT|!}+=)B}xb^{yiM1avGBdRQ1K3P_jXz*&De(!oBi-=3 zYAOGn{XYHhNfCXgIJ+)6fUgz}eE?p3Ss9c^vBz#|@}v5PQ2T7;lec52TML z`nn&#qnI8Z&!(3>c;zQV;CWsQo^8J!zMZv2vK#U*44yr19_tVF;OY4nDX*5Ow;6l1 z(&aN#OE}fr<544DvkzjgbJ+R*+2B0K#aa39 zD4FPZ(Suz+M+DBLXJcgc`Qh8yysLbRBKEZ(JKH}IcqSkh*e*kZjH{pSg9hTG-U;vn zy4pPR^wZZxAJ=v*tA!6#L#B88z*{v*F3+f+FU{+){XmaC_}itk8?WENv!jujC>pdq z=i$OQQ8d^cLxa7~#X-eHzCYKStKv zKHt+)7@z1CUjGbSh4D>Br(6Hq;I*Ntl)n)hbyHKR7n_;Chwt}-Q_WG?esb{rH#Twx z3GmH+PfNdSDE4d<{Q7r{6DiMUd+`us4W^F`$BE$i{a;7xw7s*2Z&%og&bbNQk^vrI zDZYpgzK+-f9?)KqwmS3}{R`K*!u7>6`{mKOcVknjZ!@^w=al*$AkJVPps`s7y*AEe+$g+19fNnm-a``8&fqPbd%gBAUcA2egok$qyhpV* zqyu;#;@-Ey6E5D1uxD>!jtn0_yY0z~29zi2%v?0kw~RS{5d8NbJE9@B$EjjXw==o_ zp-&y!`V#v4ApU_*gUluCUs{fBTj3Z#OLy*x7IiT^u*%*&0xVIqNXO8k!`?j-)6URh zIkZ>-53B^fX8sm3H)&)W7>ipy+9Xq1?Qwj44)#lYlcvo=SI%6X;rVf`4S(Rd<(Y4a zc3WNAt%i20U(>T4nTrRC*z~UCB?Ih1C>48K1}RrI@b zJ$J*oGR0nR?eYA&rQcNA)CB0)!}C+v{~w^=)uP{0mwx+*{j`3q@tjo;H#lor8+Ifw z9oUgPX~0>-|2M#EoMG0LJej}C>$*lcbLPeHQo_c&^c_WuT`{z1vhi+AJHgfmkN3js zE>Bct9rl@C@8PVu@4bmEom2cLrGZLJM)&)b?d`ii3Q@)#QXenw0? z!SD<2NQ<%)*3bCzVjJUD+6u)Ms^we-9{BHdvTw(MW69b#=G%XO$--o}6t z?ZQ6MG5d2jV#7BWU&!yn#^^eqtNzHfGYgu7?q6D&tIS4h6_306YGW>=2~e*B;}&rL!#BqE$KjlKtA{h=4yG${es>JcO*a1?)2??3 zIHRk(fJ6BTgERZibIq*{BLX(>e0nGID;~#g=jIOa_cTx@Kk=t8n`hP0=z|dwE(YZu-cq^U4$R zayMav#y6qk6Q#I$^!*Xlw?*iX*)g>7{gIeHRkE{oF@n+9Kss|wL$ot#&5K>HwEU^)R)qJ6@6CI z=K|Zu$tU_}8GcZGjE5I0b5uUOvU7RsYr~V}IiP*Nkj$AJRj5rdd~V03E+KlD&qF^UNKNeelD} z+G{%I2;j3mIDH4{p*g-W4nDiDq^wP0Oc=f>`dfZ~=smG{zR-O6c|Q6shi_>dd^XQl z*2d=fEbsMk219I~FEe!CIdO{*lkd|~mmcLW>MrwgfAI{?U^D*WH791PSVz~H+wYu4 zY>^4nPw4wi%vZ2(5<6UR1{=PR@+rE@e45!i7v2LNgjF)KYPd7l=>LtUqis{ik(|Ls zd;bhJ>U3?5{zJ3Le_ZGCg0;PQn!Nzz$h{Mm;DFA2rSxkq!qv>Yhx75YY`nNhap?4;F(ZjRijz9c*>M+bXWyaqP zoHzYGGmqgrn#$+#aCbC)HU`gCHm3u;<#=j7?3#*Mr(%sJr+L(V=X7hs1>mW7dgt&S zeyMrJ9^o9dMQPE1wG;8{Cj2Yy4Lnfe`YUR)BYD+;)_uA%SDAc-VwS>nrj~R|HG85J zCo6B=|2Fg#bqCV*n&)$3=DFI|>M>>%9`B9A-{x^*+VxEYKWv%7&DQ^bTQ7c>Xd_(o z%+_3tilB+Dxp?Cp(1eaojNhB=dC&A6 zh5OM%xQE)cSvwNbE{MC`C-Eb2sKA|AMeFQ8;F<6U@`GKw-6Pz|VHkekTsGAQ>D|y6 zJzBH-;=FH1jgir_f1me_s4>!dwsqeB;hCocLU>x6GW~qdhr$O6-YpQ-CRDdj_P*fW z{c~S0hQ-G<%Pxxb?T_cw3)$W`exR zC}b&ckL>BR4c6w%#=M2!zV)F71UU>~0f8`Be} zy=ZxD3@t-8rmS5^2QxmpqdPZO`3862QjPfSNNo(dw@IU3fh=InSEImHYSW; z(8iR(Dg4fg!!KxK%G!nS!^V}L^Lg-W@O!g1#?!INUm83EdlCN2%wvU(3E>&CF=g-y z&sTpIEfXOd6Va}(2AzRE^=*vi(X%7p0#Ehr>l8in^zcs6;LX^Wwb+>J9aqn?r+1TQ zV=l(N#@LuJ{y`fPfyaGu_y=uFL_1#x8vb=_FxP=wNYC=j+L#YV(8Su9Yekd8*_fM8 zi*^z~N&txQA>^M7tpF*2bI@g}Y~C&Wgf4Df@H#ytfMX;cSd(=-HUb zQDb;E=7gv*JR5T~&!X&wwK1Phdp4#F*Qhoj8&meacz$XOO+z-OtXgQEK%-9s zYxQf)zPIq6_uw2DyBIp3uJV4vZ83O-_jZNbh44~snf7)GuO9avz^jCprymx9SM1)d zG<&-idb;w|ld_9EpL8_m9N79I*?haVs~oqW+(*sX>KNSi{ss2{)`FAf(bt#YYxj0l z3*T9;-`QnrVtH3ScP}{%(Z=otIVq~29=BF(JkO$J*vkEu1vXz1o{y+DzT5*>6m6>$rR4!*C!*=OI;-inoFbF$Kvy#hRY zIyA_mn{(4ypGj7(wX1#vJ@sVynR&#uPkwFJDdzq$#kB_~Nl&?ZLZ=zJnzd0MCh3c| z8gD(A@uSWydH5&3PZ4Uj*Vd3lw6lAULjDi9=={1oYlY^%7S;>%p8r!=HzHd_j=3!>ifE@bKf6Du z3m7Z*d4iAi1EvZeSI?Vs%_MJ@*HrJMTw|*D=1a6TvPFAV(eXC#X3q@_^0l!!HXfwk zC?1*>gHwl%2P4`A=Orijlge#3V9&_syJOxL1Ut1&MxN16)$mNkyJ@|9=e&))>-l;i zzPI{2)o5*MnD?XF`2L|eb20pW4q5q+7#w~7Frr<>-hXJH$Hx!S*XnBJQkPIuPQ7{9 ze%|WQf_P8$Ze7TY&ORC>7a1obe%%diEB1HKZ!CQ<1{c5XCZb)Q*f>Yqa=G0u`@&ut z$!+aK=iG;YksO(+F-e^msPAIE0=~kOpL6o}r?@s}wYL}RY1Y$? zJs>YB{_$fi;5PQ4#!N9VbPSFCd|pgDtygK?N^lhBYk$tu^Xy*u$Nvu5nD6p~Zy&&Id(Y+Tx7VDs zKE=6}UFnn7Z*M+neS+_Ia%U>_OtJQ1uifWLpHY1B>nCI6+Q#@1?Lo0ed3O!- z9wpOzZ7qV)p=JC1>F2IE{A?@~(a!D>^X-Ah$Fc{nQU_`6L7Wd%ZP$%%jHdZbF)*<{ zeyMD2E~1^a0pj@}Ur66~WlkEf`u@|}rxeilidUlO7S`L9bbDV6j7_!%!RY&NJFC;h z1KRr%HLlg$cf8B$?QkDaZNhpx{JwZ)W(=%hy&Y~>p|_OE5=xwBUE`L8Kr4 zMdZ)wUCT$QvNHt2et39X!CURYTi!10hlkq*;k7#0z}@5KFP}RTxY32>d}RD^^1N0r zPvacJpkB6qT{$d!Lwl}-flR39>l@G?%Cj7f_*qY-0+v{hkuQCrJKvg zwfg+64e|QCyv?xs92_5r!Erc!9;yLIp0Pi7H~Rb@=pWz_>xb)J@-?dKT$u>_;Va$! zl77zQ9(<9z@m(TvCWX$iS#l;7do|J3yT10ZN#-s@>FTeZL>^+@`6drx{e>V*CNFFE zP%{2t@{CXog~neOLyx9eHrGv1AJ$>`0m56GIhMrG~dkLm0Pj1*RglyHhBF(zVBfko5y7bv?t~% z7Z-b8P&v=7vS;4XcN8u^|53D_>9A+s#8 zGws%-e@=K#^yby`AM+l+_Fm5(-gV&FjW3qE^qBD4^Fw{(OK>1 zN>#aev)&C(>6N)7ZqMHc%{D->_-x8MBl3AYtGTFN z`@mI?l&W%$pTQq`X01a_bff2&m-9p3#zVjrMWah%XjE-;UlHx{*8y|$30a*ZW8v$) z-YGpKoYsQV^?H6{cDG5zSQVqd)yWm+# zpVv91Cuoxw-P04YxfMfmv)PWlqOo)p{fOtq59;6Wb&~x6nbwA! zbLnM|`&f%o+^ju{hF`Y1w9ANg3z^@{$=pde#4n0<#(!;_QMj-dH+N@i!%sYT!!pFPZLJND^UTJjUE~$s zt~t|K`0T8s`gB`s#~RN)N>O7a$7XY#tql)Ejg{uv-Q54pvnZdw?bj~7v?f_DYfOC-SBwjokjLtF9&!p z??%a{)!A>avpPGBM^qa>ugBQsJR@G)8-ur>*NbR3*rWSEk3&BnzvGbhCrIz$TL)=w z^Lnc1VC`i~>Wk=Sd~)3}WzQ!KzArwr_zldl_+5hjxp)WT8U4fFf6fqLoEd@jZDi2s zU-~ur7d?|hHY4@#aC-mtQ~jE%e?QLE`&R${%*vMPxq|waag1ysQ%1IGpab@y7kj09 z&VPj8+K;bY#E0kJaQ_^KP53FX`q!RMV{}p&f8ljm%zUk~F;z@Et8WB{d;a7v=5=`d zHbJ~;_m)^$W325xSFGROIniC;?wPoLd*4K}zTKyoHgG<2`8+0m@A;7Qd1yl=4rj#R z(Db|bcA}wZd2qJ3zD?~-KYo63qBFF=XLU+ylm1>6RC{3*&J2fXz$rtD{5 zKauzv+a9u|yjx*Q@k@J`A@5I(*uS515W4yLl`E(a#aj2t87h0 zOgn2&HNLT>@Q1(u2VPd+RtE@A>(9JPcw*axr*CI@cYDvJ>wA}DXJ=z)S72vXVrTh& zK(TmW%{9oM(&7G@;l^H8;`f#~{OrA05$%F@b`$F+rXB+rEzSm?wETvx^Kvy2xF%hn zA}L(4XW+W5%kGaT@2AIIL;P`6KN&r{W8N#QOGMdPYrhtqXYE%Q|EM-$`y75>bN0(e zqIF5wK8M>4CS{+GL6>l6cMtrGT?)>VuSceueYaau|9z@k7lBSNvhH~I-k=-G_ua1M z9J1Of_N!HLQ-XKI(kQ)lziC-|v79u8yGpjWKleebk6{;r$fY&FScfsgfO+56*{2JboII z9mbN~?0wp+8-9km;pg1C;S(i0)LhxR;ozJ|c6=Wd9*x4`eK9!rK59fet>1H>gUj>K zTe1_x%ixn1K6lPLPWWIyB_I224JbK4)r;l8%e9!6PSIF^gJ-qgpRn&;JEvpwOJGuZ71`NoS6!ua+%=M$gkvAvtQN z{M14+qOKpg8KM2^f&GRf*{}ZS@vgl5=@?gDY7@@6I@_pU@gn{1_CxC&W%KX*uZIRIe!_78lWD-0SPH|-bd3rN4u*N$N=sZsbLN){cEaZzJZxy~+z-E|x6f12;h)4XqhViMw zdP;RYfBx^o@OeZ#-zTBHiM8056|@<>iq+&A3_kV0S_`qx@aZX0-5b6wg{d|MP6i=V3ge+W34PVe>S1 zn`7|y`8=ZCAb#SZ4P)?`5?QV5~qW2XJt>dC#mBqU>*Yv zSTkP~UegJWZ`VxB`a&4yaWOFa`xDFB6vh}H_Ro{^)<8nzSw6kU=hLAvqu$?Z*G%ZU zoTh!>mu{(~slR4Y)@CrBfHz079^&$5IbT{@-oSkU;uq1oIL6$E_hbs1i$|-W`v~ZM zJ@hS(A-*4n&%(PG@a_fhb7KOVlyS1Tajgxf^RCWJ{OmNzY$cqQ7DxNEcsJ_=3BxnP z^rR1-IaZU)9!{rB0jltpncYbjHRPa2){NN9GH;^9;<9C?+;DMfKzv3^<5Bg(U znTpI0{)3wz?Ec7Ko*%3p*Lq1EvZuU6Fh4k5XLbDr`9ULVf&8E^Yk~aWedAnN+Z4{3 z`#76;QTYx0Bt#2W3J%@01xom>(5!4NKo%MV@_gUer&ADjR$$K?ml6Q1~p z@<%q=wE^be<_8sz+WcUG@4rT;mHDe%g86~N;TLKb_H)DeuAskqxcuNRPK&@5 zzfX4PHP(HsFWYsP{NN9w`pLL?p(6cwK5GaEYrh)Lw)QKGM^u}zpBsK(bGH9`zAg!k z74~z(?JD+J4dq7sK73t5ZloRhnB2(NaBk#W@UXd&rtz(poX!8rjc}((T~u!5YxHvj zxsfM>xe@7vN2#M#E^*h`nA`}@O>V@4@71sUWw{aRD57#BK20ifBV~I*h_62qGaupH zNVwhMaw9Y0HIFZcWRS6JZp6r-mm84`zJ{JD%Z-F^@MX!wKw(&vBbXP1gC8?Sv^$dA zh+T8|(-iPIOm4)UW$+U3M#+VhrH{Pb%2F7Qs5ZVVnS5dRec}Da-owaJM7x-n(WiGH zX53XCGq!N%X&xUu<=yQ;%(%*}V&IOB8$&Sc9VTx4L=4<-GHwiwXL$exYDTlaqjKiHdic@)x z?l<{*@-@oWZ=v7Z1Ykw3bmm!Cv$KCR`b@uR9YZ-3-2;_pU8DbM=XT{7_Tks4CPnZ3 z%;>&KzO{R-4{caXF5JzH{6V>S+U%oEkxz06=FTWDUiRS*;@t#%!9E7l!Z}4;56<8a ziEk2oJHZ#ceSE=P_+Bb}!86a;z2Gc-AA?8qo559d1h)6CEW?%OcN`YiMa1+0Txs(; z;mT(rd3an$8(fF__-k=JB?8x5BXB)00@sy)0j`(430xn4o8~ou>)(KvpQX=oUS1}A zna^@wKCK*Q-Z}lSI9KxWiNg5^dHM4O=b=6Z$@3oCkR*TV@+$X>>?}wwlT!yek}C%` z0we1IJ98%Ykdv>{C%(#LCoUvM>{QKgp_4Wnd2b~BZl*>p zL%ZdCu5e1@1kXbFeI;w*D~Nk%^ZrWyXH5;5%-)nW*b}Yk>bYu!Q!Q%-$PL|};U3b7+i56V9d5QNrKU zrP40J_)8w5?M>VbXr#QzCvOg(!E_o6E%iuhDsP8IjFQ-`?crLhw^D)BN!?!pY*r&7a9Xm#DeAn8< z?CjT9jV`Sj<&^Zl@q3zPXFs%Nw8@pL59wL%gEo58+=+&cZ20fNt#*$|7xqAFuP=($ zfpMSR&bSl7le1mE&ojf56P<3&@ge?-bD<5fat^xHGIpxCpwth)r_Mgp+>f3bg`RF6 znYCw_8(7AeyWVb>?I^%AM~Rk_KX}maIsNz1x9%Y@@^lltja&iW?c#sc7TbFI`TTZh z!``lklPiC2f6E|q_P0Ue(?c6ZVPDB1Gj1LmQW#C{wF>@B$X-kxFl!#Nu}S0;Tate@ z@qb4^^K&1DZ-7yD)z}qmGd^e?e0_Y^y3^{Uk2=>~UH8w@PpUW2emCf-J$`C8NPF4E z;CMm1xZy16&-1aZuDrhrUS5oFJY(Fj*Kzk%7m~;z{lP0GBR_oK{lM#6L-}!V3yvea z&gEPnt9xcJH#2T{cd01+sS(_V51|@~+?b*K_Y!lCP&~X#4ZK6XOIQyby}t|nU%1yP zy>TD&^#HVf5S_BeDfMkkbRT%69KO>A@=x&mDem|>0lMuOU4P&i$pQ25IDC+5`~tN6 zwxQ(%{PrM!&(TL8f6uY!v|~heu4)_iFpr!uR=9`Xr*E6og`SZP5G}d8zSPB_*e2LQm43kQ432G-BtEGwdPIQPxp24gK)T)c?9C}$ARAfk=kv!!2VVM4#xb_Tqn-5VL;vaW19$at_5go_z|5Us z#W4xihWHa4%unwiyi=3dKUVgec@vE7nP=uX+_Orp=|ETVH2$uxOC_9364>pt?t6V} zKmDoSUgk{i@5o#=VD(-H-=#Z~yn6zD8k`wJw%5+Z$uYQB+q;@Kqf^T0uYEF>H-z5} z9q=r?w}U-dGcJBtc1FwU-Qd=J=K1Wy{KT=#`sa>pDQ-yBi~nXcIoaYymv1xPp4V6C z&)iiG{3-SXDb9F5eHwV7!-4x;9ya`UbZf(b^xj`BcG^uH?)K!d12wb}Kkj(-*t)xt z#|=0~!;jo~+?Bb~wdFxINk{y#WCDVy8*gQ zV6G*YS zp0Nr#tYd7wJIXn(aM0j`L(UDicy>Tzen8_xum0;8`{~B+ThK?vsa5rhk@bW4G9Ny%@e4EIv$fSfykkaU z+|I=b@H*tY671t*`Z(a>AbN^l)#q5+%KoORAG^c&h|?3qQBBB4)y^bvi+@MKzuy3U zwG%w{x$t^KzpLMww424;NI&ws_K6i|LhBWL&f;^W=DF%%4|qve8y()%_(~1_p8kKG z`O#gY`Q@%0J=E^Y0(^O{wu@S3t`EZTjD=%1aLft7v5@g+GyW1j=kU4I zg(JhBLY)`fzl^?tU;OpblE%_+7c$1irtY=Sc=MXG>Qdd;e?j{>3Ul2)tH7=H6OY}= zoZVSW^SkH&{*T~a3jDMeyr1>pf8q1Y-F(JKHwyoID5-2>wW7-zkR03BURWRBMY;j>1^~_%jyB~`^r(^Q~lMS6d&C6`{Hvy{r%$i{QmdI zq_Mq5=S_8C>}1|`ceU(nxvrVYoT+agugPwk47Apr;rMAodTS!j&|8XCqV(2L>Ps+A z)V){}26kllOD-Fz1y1?fFYssPX)UW(Y!y)@2Z1nPo6N)kvRcaE*&V2cd%D{P7p3t2Q$c` z{Bq4xIc+7QPT7d8&>%R+OLb3}%dHfK!x7ogqq)3N`wxAlG<_=>U#W8k%4 zh^NGtyo)TnV)lWOuTb11{PNU$5))Aqw1oUd(yg=N-4~&KRNr}M^iKI+UY~sWef?N{ zC5fpWCDmJ$B^>NV{9dT&Gd&!5o^YtP;7u8=Lx~Tn+u_vwU2R3pHZr#CVQz0tbU*(%v=7Dg zZhUF-T~EOSPxGAfdTvpy^xWwB=bwW&`uP1t&faxWV+$+C)Q990J!4|dmudGZe=oZ> z_^YZ5dJ!HUCgvQc`KEpUXPLWuBIIiaC{wlfBaaNo-Ud z{|koaA7}3AtFMQ-NB8Ez<1ytPg`bDhpS>DY==Y?}i%91-rQMioFnvNO=JV|p<89*J z+0@1JvsEo?b{D6+amFIW83&Usg=fap7y1}yEA$(5N(ua@{GG@p@s{;LzVd!x+2)jT z#9ukZUt{p+tI+Xf_FM4eu}S8fg9w{6`>W7xEA8%-{;4{sSWvRK8h(@=6TS)d3%u%B0l|CFfrPSkuAjsQ}tsNKk&O^ zm>I+d#bm;dGY&TM&f{*36N(#%^-LU77B^g~aXg>Bm~?Gt;ki_O9(vok`0@&B^YqS5 z&<>qYP+USjrkEVNa|ZaP-ty=j@(I!J$B*Un0zOlTv1_I4s}faX6^CpZ;hfjx(YrXk zsXN&J9{LxqImH#k2qrdI=ahJ_RJ@T-#RwZjFU~&VJg=2rKlyF&5bgTuPq3Vh52Kn{ zoiSHf>y+e=p2=VT6HfOT!1N>d`ylVCjoKEU@Zz=PxSb1ZTh2MtU2%GUFYo7(liszB zrM~N3Utrv-u#B7?BO}#kM$5><%(KCjITqZ#^eDlzjjixS9BV9q{dX{uNu?a_1vw4BdaEBQ?G+3eCZGmTg_0e{}eIP2ig zmNn~5Yz8dFJtJFcssB;#Sv8|N=Pl1Wg5~{RarIgGe74!Ky*SIv=Mu(LjJ1?c#aPSS zvD5exI*VET#mV9G$gp$^wyvae-TRjSV`A*)RHCsSdG788tW`z|ElINId8+22j%wY%kZVDqu{y5n$X^4Rq|GRF=$)#QfGZEbMg!e>37Gx%)a^DI7_S{r_Z4DNvr-{tRC z{xoi30)7Dg-0R=<&Lb0UoW&!3WuD{bte)B0O#RMqCG#8d_8g~{l{8^~u(g=eQUy0$<$E#elN)5>FuQt*&+ zuf5I43VjIv4}95`^M^h|o^2}nXEL}cUcmmyrhlm3X{jZ*rE%0ZFzJB_M+sl0nGX^@aFcCbktIFLS6wVrZl=#3Y?elVlil;bZ zwp3V>C>0k%1Mi*MQLbMpIWF9ZuTtgQ|6ckr_I(1hTgv;(_L_Tg z_I`ik0)0)~Hfbw;h2R+D!qJ1Cke?luul?Pf%9FZqSvo48AX$paPaNR=+dUc)(|;i~ z()qURfbwvHYsN{guOdEw{yy-Ami^?A`js}J{GTh=`n)%;^qTSy!>zHWSikP- zo4Q_W?bJtYS#Xh)?K;-oQ*-TZ_?ej4)VtWT)+WNQ+GoW7^3~ikxQ5o;b36~O!4tEV z&Ncmne}7Xj{lkcC0sA4JrSWeB)3JXoOpVFxCXY^&|3)w!WKFW1exW#SOymB+^tAoO znu*!sHiw)ua&b4h_#VC!k00P1>=*BIO7|cG2On@sJ0)8Wk_(co?r};l5ubdvihL?E z^>y+mrUt5q814~bz*)(bm)L{+(i6n^Pmx!9+9@4;#wqnb=ah)bi?qxBK3pGjt>A!CJ?7nIP$ErGI53uIC7e>C z&ur+^2YvdW541G*ty)@g-gxh8(Ep~pBcxxH{`@}<2!9RUeOCkMU!yjh^`C}0N z*a$Bq(`G%e_$R)<27e6dH+XUo{zx_%TK3UbZnDcCqK|UX2B(c4eI}%Xyb;2wW6SV3 zz4jfCK1a}3)8~ipt8X*&ztQ81G<12I^9F!jydv6(KU|*S*)y#TzZ6~pp4lLpO@?Oc zpxL_jwsfJdjZMCY}zwJc`seLTKG2D^^`pfxes-a-aHKzsOjU+>y8$P4OA z&rYn`Ecwmd)f zg2(NJLE^0Dqgx8i7q+CleI{0y78e5J_3-)<;9LjalS|RsZgDc7Hjw9eA|UBi_o*0&pv2n&Nv4rSLSH{T5H4Wy#GP*AUe_5mj+Lcu8XHx+dmGE zXaD^HIXZ&=5+9E5&+>k zL$0Yflh0ZD&e{Ea4a$XXSjJ z_%d32OSE_jS}cPW%l>}IPQw4Sqn-P$e_;6JGLKKT#^c_$ba;4w|LuT$A3=YK3y1Ho z(0Nj}iG0oJ{Ppm+Kr*>vNz3Xg=iFxI^Z>Hl2QF3@^raK5L6Yl4zS_Z^Iz!_t%XX}`r5l-_`WQ@qFv!WPiJMoZDw1;C!_H0;n}RVh7DzSPZ8et zf%kpjeIIyp_Pfqc6m9Y=@yG5tzgu@E6t<3lHk^60%qbl|hBnHr@lN59V_K@2$3*Vl zkDkcyNv<4ySGXBHk-(oKjyPZckBjmrC&71Ibd7=f}|2-XS4<*8~i{ zom%Db@xAf1Z>k@jUX4LMK7#)Co;Q4d!t;-uWn7`(lHAuZyRD%*Y7TUl$DFo?No8~J z&~}ZP^6xsXl3NX`*ztM~B>V9{=^k)1cbB&nZsl4^p#e`0oh%+WWS6 z{5NryNs5@-_@n8z2E|c@%_B;=p3|}^=aZ&}PzYaho~zdCf<)Ek{xoN7CQ=8B3mtq!r)2j9^wLIWOPiXixvaC&pYBqv z(z{yIn9cihhTfOIZTNU0`eaFCseTu_Y(9PhZB75vd4DExHTgf)1(~%v>4e$v{+!0r zq^;zfnPcZwmvaRD z?e)%5kLz#Zr|55LBd{k*I*Z)e1D(m3Po9wdIQl|o!!4TRoKplBJ5OCbiT%CsVHJF+ zT%_ivPVZ)}FlWtcZnU4k?~mW%nQry@tAwk+MB6v0&8?8_40p;bX=^w$a&CCGw5_40 zY;OLWJ_~bLi%L#j-<4cp&a73vYgh7$0p+?2D-)$nqnvO5oi`ut$zRQrZ^yd>ft=5l zV6GzX-BTV%yHTE;A4y+r-dU|teJRh*TI)|{AYaPAuOSDmy+U7sev%dQoH}gnF{m2V z_=@&H?cg1)%lWc2f%QN7xbj}+GuYo4A9Mfx^{sY}3gh4_=Cs%h zFJFhB%pGJ0uES4e&hCW1iVJhp9!d7z%Gg%+ROh9!YlD4JlZ0(D^L=$-zCRf?-^mlX ztEjEvo4i*ci)o%MZ)>=lXF*w9%>M;ymAW#guJ`UYFuJ@M9DRHCsqY*AU3KMgbG#SY z4ClXp_WuUt?Fjm_YcIc=#@b6vOduI*jG{vZTvxO;d^m~@Jv>|4)^KeZ9jG-j^0|-L z|82~PolDJ`!!s+dXGD#ck^<;_q zrz$^x8j__p?|!E^n!E!#A8B9Je{|~(qxw41J`%6S_aS_bc@yw-cxR1A!84d1#o3_~ zI6L$N>gPsfcc52`(npiYtzaiqM^_jf+?RZsYUr|y@zrz&_lK{9&)0FrCBBOIRNuRj zr=a7|r{u#Whk4#_XRQ<2WY4d=p03)~E8#)Amp51Ap7nJZzvZOw(E+MiOR!hrImXCQ zD<}CbaIW_(&Ff_M40BgUUJ*a9UXApj4VQAZ=Q3*AM!7YJjPYOJVor~+pC;;>gn4()J6#Ye6q3hQNA171TVgWwz4;>>C-wCw)ci6TW6{FY5zg5?N$#i<6o^B zW&A7QDcv8(zgDgfOx519N?gz63{~MO-7A01rCYo_?Dh88NA-0*@Tnj5cO-qSdd=nK z^1ednNx&O<>_(W^rowCNtHtJMe|)1uzH>bJ++jKI{2Y}1&8{B8*W~$2#H_ib?=3=YEVxeD5Uw$e5bJ2iW96)?yY%+=4Tam zGrBT)5wg7$*>=ysRxUvO*5Z@M7qNZaf-O}%C7(olI3=g@3(jS&UFRp{@KF@6yp#D> z`}X8B^K|~Rfr%g3F_xPqY;-&AM%)PCsD z*5{Eaoo&zu&mIu(@?7ic+moljJEwTH=98#3pES^({59}>Wu9tjwU(|kVzrj8y)@b{ z8icKQn|t0%P`*T8%i}*kO?o3t$G_Az6iuCF)z0TH|I2N|Q@~Sh8-C1hqDRm+d``0T z|G_q#M~wKlwhd>?jsd@H!$Hm$c{8@*Io?;>V?DSwDfZs`=4``NW{xXuLuc3D&NdW0 z|NgJG4S%U$;_=>l{tDhZCxZ88MeyEJ|DSkoD>VFD^WGOc{t@rJ_f7I%qu2HZ4=%%d z)uZ2(U-I24(SFIuzaj4}J`C^e3+xk+?u+$Hj)3=qeQ9rqeBvFRPki_Czg+Kq5jvIY zy)FD!uJ``h8|Wsk=A9e<^C2yZTP8lV8+3pPVH*rvm4dkiWTP2DQEV+wm&TKR*8W zj^vcx*NWfdXW+MR9!7UZddlv9ds_8e)QvjSj}qgh8raJ#Kk8ZMmDQYUa1dXKHO^fZ z?4LrO*Ex1^%RRf{E9w%a{=Ap5@)H=B{yH*Kc5BZeXONiKjeTeLEMb@L;VT{L&UI!I&)jp?gYWcA z-93$W!p{Te{h&8HdZz5&o+S2W?mBu-x_-JqxAM9T%AGC!F!DnF#LqyuSr(+dzIJjF`lyKGmOW%c8HwIx#9!%xrXy6;J2H8 z%6|`@nxW8TN z+~9cmN&mNxI5$iy|LxnuX-lv=!TD?4^|J#q88>ra{kMT3!Bkv))`R|QN-0-lc zzy06-d&CWm^k?dPfzR+;H|wX~_tyj8OM&nI8~FZe;QQ|a-+vqU-XHk>BHuNBS2JrZ zNp!ry?;Ti%t%wl#BZD17>S za`euxvCk<)KlpSw8Vu1dkcR~R7w$20GHhE*zd43}L+uBXx*zl;@|6=gi-9$XzQoX) z1UX5&zdtyaZVX1Qc((DE-CXfZYUby-Icj@Xm2$(XxqE^b&E$rslWS9sS+Ywm6Cb;j zn>lo6q}q=h)mXZg{d&2X^gYWdwX^@o-1S0R^KRO`k5TXH?AWeMV*i{~qT`D7sWEP? zwsM@sndE)Q;g~aH7CNQR$cN64Hg}O+1AkrsY#*v}N_#S=Apa*1u#Unx5oW#G)F7!& zQF#HI@1Cah;mj5O+DDKchPRKm`O)R%N8iW!3*J4V!2NHUA8d9gPcuwkdwu^o+?Q~) zYn;g3IXY`>NAk)6tp)4sC+SO_yHi-oC-gZJKdv9%n*p5!V=I2>IkfTdI@(*C2&{>g z6c5Os)c6VST<7w>3h;2h8V1qX$(xV%D62qlX$|lT)T2{LIp}Q;6aDU29r-=x{pxVddQD`{Wenn!n`L z>$|+VA9F?;ZI0zUI?*R;9TVDw@M-h?=}Ouppv{r?V`cLq;4Y`lV2@(dvE1Fu{w8lN zAqa=;p;-&5Vf|n_b1(Ut$#-OjdfqL~TSjxfW0LbzP94xX&Mnx-1H_sCq_x}3Rdx7| z=bE!fp&Pt4kUDN?J)xF62vzfmO&m~stQvXc79R7~w^r+1f`sm?a`{Me?XH;_-5;Wr z#c`s+@dEDIbb{Rr(n%N)bLvr$>? zch(wHZXxS(OBf4%6o$#<@XQ&xeam@g1@El%_K(fMj`St7{{U~@e9fHfui(={X2H;! zx4z#ug1-f!MsEHClBscbnca+ z5qdDk*|<8hC*{=zTn4^5V9}Z7y-ONPeM`Zuvnu z@jTCa?d&sG&dk!UN%TYhRP(0&EqQ3(o=onS51;bprOu9tz8R}}68ilPv=AMPKG_?k zPbz6^`7ud<6*L(G4Dh=dAOAqUnH~RRJ3jp0FFcX^R5ft{yrgE@%*A^ur$&?^k{)PeRieB$YsX@UnhRm&;aBKN`{pX1#6PW>i2skX(@ zp1ujK4L1u;;WmzE!h2$C!*<%g$nRbp8`A5RR}P#cUKu(Y&7O^&N;wnOxH@=(Y{w6& zzm^XzesEY5u;*r{%KjhB2+yOLC-e;T%OhK=3E@89oqgye_>Mi)*!Y>q5caK{4yG1n zHu8#HlONcXoW%KfI)_dE-(>1yCJ)Hwf5tI!XWc%0Kjm15!|@()bn|K#G9TWVa?Gc_ z144e~bo6*0_*8Q(zY3qytU=}U`*gwT{(idm`*VEC*B3pE&xsGR2cLW=H1CHecV_sM z{y@GLOQv!fs@(Zy56bc&_nPXL9FV=ve-T#-_HVihfu>as5B^jp78o z`)`|H->SN~LHZZ}+V<=DUEftNs#+(VMf@EP{%+yr;VXTn_w<`SzeO#w#o0dlzuvRg z@kyg-o%eFQt=z?ZXu}Yl<&zrU8+jEiv~N{)zVg*l>|5=EX3`Y_Ki8b&)Aj0k~;gAJCp>Ac5`?ME^^ZZp?rE_GpH$mr6??66gz>_;mYD8oH2uM&@Ddd zhi4R9Q*&0IO3YZB2X4Wl*oJjWBM+)!`cJiiwieBjb!N?m*A*Ir()lFoTQ4i3}# z5wGur_)0dPIsFd5nYl|=%-t^eEvbaT{h-ycn@^OE4foq+;!fr->6Cs;e`Y>99p-O} z2k&WhdZsl2tCM%&YgoNoUTf7(?g#q&VU6~c|?8Jec znJeLE=#)HpK=JBM_+31)hWyP2-rK=@%E#zE&A0M0X0OdMcdyNk%t`z{abO4YC%Kl) z=}fNT5--L@ru=<2k}c%wQQlR}qH@*k@K;CXeZaPSU?ul&*tUi@WCM_|D(2=`-j|H) z{oXWly^!@6=9x9?Qhu3o9ajt}7oH}kKj|uSMrxgWf7J|1zv#K*2iBWQ@1WgIYT)|e z^PT8^gJTWniFi1!g>MgHr^IW;nckivWJ$Tg#lS9IzDsywD~j;CffXKBZetCwP6)u7 zN4|UE#S;Z9G9kVeEH^NhihIo1$b*q1$pUf&+;gNqL`wrVJS~57Bz@@rtJfQuFu5k? z>K^&6!P-f^bD7>jUb>j?JL#v3^Zj>ZmJh_`9k%nlgXd~{2;aVo?>qQSys#LVR}Mw` zLGKxuVDYWNo( zQ~p5bbnS#LJ9t+)T*+5I{4Y9G5z{V$rh0z|{BQgL_+8I#fyexO5YKbSlKg?Kin;jT z_Xj+=F!MqmdGFnSfo{FhhscH6YF$Zk@rfCdi>r)WNLD2my@CEeOgq_E=?ue<@Voe` z%ZmjyuH@0^MEZT`MtBU~)^FdVFOv(9?nicZplgKtJ>Y&288WydL&EP-@(}M5?#Qw5 zF+7PZrr0kO!d-Ii!FM^h8`|=lpy@Z+T^*yU2=wgFt~d<;l%e3=>+K>gL|O= zvuNke#Z}13B=P+{lII})nseF2AAqa+{#W6TTyMl81!=n!m{spayqf`fENag2BdIYF0c>}F)Z#G1S-{bKmu^Cvo9#Fyp#?0=?@ zJmZ_W90z^qOMU+*xLSSi(SSY(<@wU%_sieQA(x!hU3wlpP^kl0<3Ts{A@7_EU3z{6 zH0~Rryxx;Hx7KA3yf#SgB#_tB_ZsqgHEv#SCbY}*ey*8&m5>1&-zo078@l*;J>~t7 zwe9>Sc}m#49=Ru*m%3BWG7BT~daWt}OtQ?HzBzXb+4!(s(en}eSMxu5w9e-G7UQqZ z2;}GWTYKi&SRUx`>W#|bQ9n0(xDDIht2rufACj-03H!ANJBR!nKz^P_ej?=ynd)1~ zJI%av9rD#V(v`1VUG^y9(ie~~eP4onEpg>baetoobA8O)oFUp#`&fG7cz6yTlE0Tr z!biyZWBexC82Li(b2TYnzIya52@l;`nK!rcC7+hFVY)Koz91ZGmev=ptHhy^I>JjtFXlK` zgB&22R<3TQ9eH1JHQ<*VoBbYqz2Ka2*&_U;z0lJ%56LCId>Nk8`?tEe^x~h9FWTj5 z#+jUth4CK+4{~3a&U{F|G!HeL{f4|*KEKwEjqaGkID(^(I6$=8XU=}BMaa+x2`%V{m=CVpGz z-iu|<4H53wxw!8%xR1%UXTmx9S+>7%@Edpy;lohLBDY%l*AGivgPFDAw6rpi0^F6bUDSoT1!k2JscS5$$^2*)xacDzee;&Hm=EeuD+X}bUs(Ef26Sqd~!zsUMl~-$UXv2G0 zpH7(E^E1#s2fsi0G31K=@aMYwq2ZzvSp#5ir1n78BJ1Sf>tfb&Lt|JvUS{YxG){1x zUoxHtKeHcLxixfv^1vpKiywIxad!u?;&x)iPI4Z1k(*SWa0hjk!lTXR(8%X279#fW z^3Fr+$Krdz?U;P@(C>=L?LCa@OMa|56A)Uve(Y&}&QZDjB0N*QW_4Z1x~X-V>z9A_ zhFN!4O{eZ=lTRwRl=CaX8}hY#yc~wk>os>R(vNJkcp|Z8P2F$Q2XszxpJysD&E%@& z&ziGEc(<4N5Py&V^y^!raFd?lE@k-Az4Q4<`O<0o(LAjS6kcttUrlcO1jf|di_a1z zbQW>o8`5pyrv1_Ix!Lz_-VqMWQ-PX%&g? zt`eP0y+nvlhHA!#?!nbKYZb>HVIM;^=teT_X=)ulKOY7uZMCNT8Z z-suMJ$V5K1exdP~c;m08o+{N;pB;;wo|!-ftKxC7JpZL*r8|aT(HLDlr>^hndH?!a zZ{1J0b)`9@fj;?tcPxGUJ<~(|2|mSzN7_f5Upqe3hvdlAe`K!OjZE{m($omqyp+bc zNN1A?&Wu|p&O5PiuJY?YhQ?4ICEc@kgncx5Yqmk!1?yyGqa$@LwmC0dDc(fxQcdr! zPr=vbUR{2xV$Xqz8TY5_S0~-IAi*ZTK6UoUtU2FDdbWl?+P zO{nh{&Kss*>5M3uv3&N%c=6d#O}`lro9B+Fx-ZrEu#Z>c&1Ssx)ZO2Y8t>z74q0bq z4`NFXZ5Y8CuzLr!?#flpgnbUXS$o}G2XE)KHp@7-JVw5N{XNnV@bx*89cb#GMWA(z z&~Ham16=;w70wM0qkF}7?)uvTY?51_uQC42UOs(Z2Oqh0?BVCDbf2WD(H{C8o!PB6 zs?mP^cxtp&=PW&DYqY8BJ+xuyeZ9L>{gnM4idB+T``Hs*#(&463*MOp?|kFk z^~~j*3pD@J;W3w=sHNfgP3X*p*lv99Jnt?Z#Fyor-i7RM;{OMm{d{OhN80)RB=bF( ztO~~s8iTgd+XZa7;?xn?yDRC-$OC-+8|IaDe9oMNKUsS-F*o)~`_gZxPr=Za4D{1U zKgg8&`O^o;pYW^~J~sF@x%=O9X<{n){oiOWKTFRQx5E#m7WFyawOzIJ0Uy?-Cb;8% zlxN1D0j}M^^`v+%E#GP+=Lj$^eR?&#h7vPK*2=$|9RmHm`HP(DlcJhf=kC51%$NBgyx-`)=i9lAz1_sd_=dQ~CquH}n%W^D|; zb|<(Dr#oIgX2k8+oDg1zRgL;ZA0=owPp{9Z9Px|nymI!{|)O?#b{_!z$_yj=&yoCzUUZb!3%`Xfg${MA z@hP+>BEQn`tYDBVHe*}OJ1grJ;or%hmfe;7>U^G*^SdwTyK>oDqc*wfnGX6CT{qFK z&C%I0S~phye2i&-wb`qq^*z(x$~HPuvT+%e8T-;~cYB#@JnGgVWK7COR`j^+j%;ztYFI z^BQa$vaOlP#LM z;oM}lcUyw<|3_u3@C|gP)H=lh6VfdOdp3@~V~a%}Wa%8=UeCsVn#G=qJ;dWZd@glL z{mbyjmh-tnpZvZ8K1`0w{*c(H0+J z;5yDpzcEpIOnWn~Ju2J3AyN7a&-!oTeC7=2&TZsxiL3wm($qvLpOoef19)%;?+N}+ z;8*TEm!`fKzD&KaHQ%ee^B8jrsq@TCuJAWTa>t!=o8|2~PW9rah<2>w8Co;$ zInv?6Hzi*J*|WIks5#9GKhA2l_DA!bVv-xxY^t_5_>R^qqiEGc4UwVM^k`bG`+vlpe|%Kco%io#z)XlX zN>tRSA*MFOSffUaX~-sFY6DVBHQH#=BF%Pz^0d^l7TDB>glQLC+Tw^VwX}tpx&(ME zy3|Kgw#78JuGxuQSt&KhETq zQR-f4>g+qM`y74GF-CeX{kqPl?!DIjgHO6-rz!h&Qum>$OLtLsnFD&^Z}r*tooU)N zddZPoW9GM3usARZ7KQH)i-4Z{$=b?GhBtXr&rAN+|1#$SUg;crUd;dCIh~-**!!dG znt?f%jPL!yz}}mC%(bLit1xC+_OWsYO2)4)^>4{2dG~vsP<={#CE}Rf7ULyeY`yb?(BOZBFoMA8v~QFb}(dj!&FDZg&uKTKbB5B~Iwo`0DVp#LZsOW3i% zwMA+6{@9J{HRCi-c@H_Ld4eWLW|M$cELlz)ozle_tuqrzUeiTE=l{(P|w z!Cqpp6KaqGv_ZjIT#=}qZQ^S~8939h8!&{HVkBn)! zg5TpF=zKkQT6rV=!@Kmy z`3347r`~FvSIL?U9l4ipVnZzJy5UOpF2L(v>{U+J=bBwsX)pPF5B-Wa@nk){A^3{E z!dvS2H2rbD^dV$Le%TlK8h@+%9H;4zbGc5tP0OY9AwJHdUl=*Rvifub{M>eN zBF~2&G3%=KyJ=Gs&1vQ_N6&NY{i9m5Q;$E&nJB+mn_N4IKG1y*v64C2 zb&THJRF3gGlb&z+JcAtUoSi-Okf> zJDogwvh5+4$EfE9)McvpbQ3wzIhjY=&kfvi&dKh@<;oB|j_7wMPbUwnU3_4ibG&r# z#U$u^?B#puo~-3(qJJ{JTe_$ImcEy@;!5URVh1O-0UM~F%m+eOm}{{{%9ni&dl~le zd_3Xi9$0Qq#4G-w9=FYYJQr7Rc^q84(p2bkB6k|cIy>0BH^zG>!!z)6j_-TBoR%$k z5}*F^-ln{>sn*xLNf2jUOF#8ssHZ{oQ*rH|yr_u&VOxRfAH+|0i2svA1^7{y_cxzw z8rJ@_l|PpyXGZ6-Mwa)Me$9IZv8@HFeM?)GbwY;qa#Geuyj3J?B=$7Z;!i);)@sXd zLNvCxhc)7PQI+SkGo!m0za`I~NS=$$Jd+_~ve<_?(hjkfT1Z;fh#84%&o@ZEi_Cma z5SH9JRdGF!`JJ5C%e&Xf1^n=ylJF^K#j+2|JB{kBIEn1a=27zGjU{=jI>ecN0doj- zw~{@81bYA$F7XJmEa+((d;G1nvUmA%ZVmNG8ulvD8wy@o=bOt9Ix4yUZklrE@# z-H~q2&-~M6*oRO!*YaC%t_!3^pA{amhmx2SO_q;k{!yLXJBbS>eYY(YTt8yPovS$> z0=s1dRUj?zcM86#${X2N zzcHO!P1qXtguqbdzVYCNQF(hWwU+PeXn$*4(}{Jhtm)z4gPcF^^T9p>zN<{^Z*pTl zMA&K*`>G)EZ!#>-{iX;?;XfG zgv?pIDQ{y>(?g@+J*eNljUkU0-di8_?sEd))_8lQ%j`i8!TX5D`=~K;%nV)}jSZQ2 zFlIj3naquuC*=LNJ^65kqwOZn*N(uMupMT;tgRnT9&L4wnMc8S4>%`WI43mD$ezXd z2sq1kJI?#SdA}WJ%6q1#>4s5o?s-__g*;w3-|mC+;6wiDG6yuy2QPyS_j+wO zk2xzkP0vlfEjVw@hcg`QHgSGM;!1nb`ZYX6*d8@_jx1)o!A!o}F*^cg zN9~wV-hSTI8U?f7WxDRjZM~`K;ZDA39ZCc% zxjVAFDLGWD&d1Ki);PYMv!q}RZ5RynSyFK!`!eWWd;E*U-({K`7+`HYc^qZ@kU2DI2YAzKAafFK zq+i^k^=PY+or5JiTL-3}$JyJE@$c35k6SnKtk6f|L)DDY%bQ|-%bOC7<J^zg$=Mhs6Q^@6PyM!Gz>o80hZ>34wZO^VNwxWk8!K*Kams(f! zX}qXM7OySnp?tUNVFo=6!nx)-9;UoQJxxcCooT3bJ(Y5F!!3tJgk&B6AH3(fp~BtXMW3@Qe}KEFW?^QRQz3%N8c6E>8;Fv z7x`gd&fCK#_Wv>hd%`j%_7TCp*3}2B2m3cZIZ4E*`ox57a5k!zy@??{*%lkhKPxvpi5<;qs=dM&Y5gUE_&7 zUOde3;i2ai|8&f8>BEeHOf&Kb4~sMpi*57Z2z6M-IX3dj+HW{`8Rxvrc;l5^gJ>U=8K_bdkYW@KF8!hM0p zojPQ3Uxdu^-Hv-0S=*2~i#z2_Sl;x)pGNdOPull1dfGI8$m50k8=PIu8|h|mV4gDUd@h81k7tp+`c#hH^OR7-0l~cEefG zO^n%cKWu+9{rJ#bY7Cu88BRW!pER0$Trh$U!kSG!&JjLVxcZL{_?QbHGhBSk(0owG zEFbOgA>ZwMEP#)Nc0MStetFZSqwvwH-@}a|j~5^E#-x`X_ta`We9|e5RvXyzRz(Hx zhQDyuf2=)cLsHX*-B??;|A=+acPvBx2tUiF(s#pIgx}4arNC9JuYvn*V58@F4{6R) zjo{YI8P-f}NW$Q512M2!S_aMIfIC;GS6am6&sWP-s0|jg4p^`egY%Xhn8 zEJiQ7kX!42Jc2AUmN$L<%~ATdiJD*J@zRT@IivH^i$Tlg$|qg2a+1=Ar~eGzmA7T> zUIdfCODk`+>|SDo$2vUtYB$qgEPOSN!q*DwEqqmKzN$`_FF2WP^7XzEe7%o5?j~R5 z!q+MnUsdq6f-=ipe3fgykSWVoC49+uJ725dYqgy(WSOB>>~3Y2QTkjIO!={|h5 z>i0upKIxJX6YuH5SNm;C<=jZdBH>H+1>|iu?CW2=oA#YqukoIs@h&scORRRb&CKV! zC&*{PD7>xF`IP87uw2;3|%d3#pwec9XD5Mc{V-ky?sUf5Z&hRL}d^BXx=Pp$_y&cq#ON`)FXbRvt}1aOn@ zcHH{FZKDmhATljl-t;+*o4l>S-A?XRXn&5BBQ{d6q8pt1W#?A*Gf?rDYrZde2{tF( z592JpV1fKh!IJ_B^yu>{@bh#U5&o;(25l+4E3W8vFg?7?_CPPd_}w9--wOz7M(+I~~^g zj`uZ6=37Ie;l#h^F(fKN0G(V&ZA}T7R8T?oEeLKw%gWizIuPn z94F>!`%j50@m|I+)H}9yBkkL~2Pt|wP2DRf_ONLg$&;lEGgN(@HUJNO#mvvgPAyw^ z!Ohdw4ViwWWjdWaJZ;_VxCb4!hS~DHu)kKY2Ma%2!)v_oC%)kSg?EELX}>LX4Ql** z-x>Z#0#4frk^Nf1pZrb-J5T({W2u(ubn@`R-}2ETcN!poV$VSJ8} z&iU`k-6xYaZf|2*uILM;?Mu6C5H65a`Z2kmF;Uj#5raLA?k2HK`yAn3{gS1--&EM; z?vgodE{4v>S9oDG)nTYLV{A5kEbCM8V}e`{T5Dr%bGKR64%Ut9!4+Q z*#GUr-^~mo{Z+n+4St{kU*R*+@u8xu&y#F>qz zg~Gb1UFy!dK>2$~ltgDr-G)BekX$yhZX3uO{~qTme^EpDEvW@Z?PI8wbTQ=RZXA1* z#j@6Y!R`y?x57`~hn>DqB>qP3WHI;qH^Sqjiw)uDq=tO8j5Q)p4SBLoQoc}xpCSB{ zROL9l%qqL8CH-ge5ji%1n_xz}crrAHwVTFHbjyziOLyNe#3zcAi@0EyINRYvUG72! zDO>qaF9+Wtxu0O9-zL4nqEfIJ6FvJVb>C>Pe%v!9CVoZM^L>qxt^`Zv13_?DX5#So z3Wt#C7lpCb($kccC-a`|x{h=0b*yMStvXg@{iHbSC-Nry#&eHgOmv*co4B<>&JisC zk+05WP25QxC7$T@0Bx|nn;(96P^T@lm4N9h<-?@!##f4@l{uHZuMyuWedd_G7OziJ zpZ-Yu4RSXmQYlB%6k?&;`P>l@ntx=Xi2PI=c$^|iKko=;cfhrRQ%zwstE z)7X08M}v9kvGN-R4dZ&b(_-4&<=%V~8|jziT`_fcGxuHg9vuC4xM;7OVZ_#hWgl2= z^y;tiS+d1Q4{tTneZjL&d?#|Y@)6u0JO`hU=bY%HU&y^nGM>AAf$X~^Hysk&&X3>F z&z(Yfdmy!nes8t(nZy&HU$mM22*1~&19C@|zO$NpB^AUKzqqo;ul%2{N7txNYMpNX zJ*U?;vh6<;z~`9rPC0ui>C{^BPl*5N6_iie4{(1_e5}a+&M@II$_*gbNqHlL|1B9) z#FP3c|Agcb*KvRMk8r+%eAlo}2$q6HDSlke<@dQKb_CBmA?Jk3_n|HCy`+(H=Gp5P zKfU_3T5aD|w_#+6BZK7I7rgyMe>kxBJMi?S2hWa9r*D3Z^-C%H6Zkk(zLVrWw&1LM z6E75g&V!%ZPsrZ>=3x7YEs^#UM;ND-?@HR8^8Z5HlQWj*!9x5H>chSl00dn z@!2iu&kBE(Pyh8)vV-#R`ML4}qy8tv65KIcnU_7W8a z&Bz= z@h4tu)|;`Sehl#~+#{bvuG$vb>xJ5HvgreKGgv4bsM1tn;xqX8BJt^ppHHb{v9pdcrb*nJq>hX|Qpf#LMiu;3!UeLY z3Z-5yzpRAE3752gVjYp>?-bvpt|@yT!8aufK1P0t9LYlB)tG(^HwE!w5)nTppHQ~g zV)L*12wUE}NF#lp*E?4B`L&eW`-&b%Tz!I+KU3brI?a6MyzHNkAvkq_6Mb3`oE&3H zaME5m=Zw)m#OWV~S1`8FkH5N_xxV!GBh~|qFZBPz>xj1=UU(BhYz1E1Nct^&-%8qT z{QnGL&w$%j6W?9vlGx2CyNe>@%?SO3x-Zd%&ldW+YVKT3WR7Sszt($Kjyd|EzUP_= zPIAoA#lOL9o$tJW@jZF3PTdFH)}qcj#hxRz7+uigRUh{UWG#}UTs6KOH|B0X6&EI?Ae;>d1^Sci}e@2hGuPVM+u6aA~@FZ!+mXCblbFcBH^bH{k>pd+4 z)99}z^1q6^#~6^YR&jlf@n&)b?VN8ihP;NHuOizBygFHr-p*dG;50WsPIL4f5I0WS z1*e5@u)xGBL0vxkG5qYojmYKjSJH`2@V=qE(V*rm;1-%_-kA{JLi;~&VtmaU+D<2! z9x&2!r&r`V9euUtGT%SNT*jrdoDHjWH|MyVaZxV)fQ+5u2ifY!)i{Gp=Scaph&S7e z2hOI?1o9BQ6^@IFe)oz| z%ij{e%@uzJ|J!_N%iNXu=YXsYMAuUHAYU85XP|G}xg$fJj@0Y1rO`QtT4SxO>r?f_ zC!Lye)aZD%lvU@Nb5O=`Gn|Hb=b3jwtg_UcqmuYlM%wDT)z~NTYl&ailKuxcd=-62 zpbyF~b)%^l-KDev>L9+a)wm;R7z^U`;dhcoaIj;WDre4M!3=@a-q-tD?Y|H)T8x(*Mf((5k=q^c$YQ z+ssn`cDN~|UbLU;rJt6$z!v%nr3bW`dTBG3e#)CuA>D4q={EECB6|?IXfq$7UL)SO zLdRr}$Bs?*uFp(^xfNxJ@5K)Op2Zkcspf`HcIx@C%ni$5Wo{U}E4NlbpHk?X@?8LK za@H*EM&@o--%tOj*0su4I6A7@J-T?`*T528T*){Tn&b2nYL`*km({L+{8oUyaOc~T z$wp*APu2VpJ(l>E&Z{*F;W5gSKKw;lyYhclHa%}vYZUT`>$p$f%e)y~jyIcWdl|zY zW4>?ApT$=b^X4ZzzmuCczmgDa?pALM3CA*TR{Kl3><#28dph#|1^ShpLniUvDf4Xc z2bZKxDvn9>{&#>+>v2=R-PlOIe>a6Ga_D9H5_GVMGxlPPLH} zZF7X)&^AS8(VGv7-tfPb_jL3|#wAr>@{o2cajT@h#r#j3R`umg2YHW5)|O%HUzqDZ z++R6s$x6;yWIZW15$X*lUCsp2ks$4dJ|i@iH~NSt>tWWMOZw{qdv|n}E!h++iofQsD-X)LiuBSh^W`y^@XjN{dh%3Pkav~2vxQ7C z>R~V6zUMAJ0{ZIkp^87kS8fBBPRN&ZNOf($lp73>5|71moDkW2gGBQXSaGo%a$K{VV#vcz}zl-77`I|#`4x$K>7cRQ^#TS-kz`2PtHQb@3owH zKF0a&G$U~2bn13@wr;k2s-nxZ2RRGucE-VwPtk@<4loxre*Z>OtIqI{XYs0cKq#q zhjm^j^DLuh5Fbb88Qn)%cL*OL?f+ZWQop1AUOHy+v6XO#-^Q?lS0OthC_!sWbO>?XvQb)0cee10nV=%d81Oh4n@3}h6Yo232!N`Gt3U6t-} zj_DW6gj`>XP@;6k#8aWy6g|goD;wAan|I|cEgwCK|0B29=0>;ZX|K6 z?*@A^z3AbF;98yE1t%UAY-bt+vDLY9B@dZ1hQ=6APn2aX#ezfrc%2*|D;>g-q?aLD92gG@&a#}q8I4y0}DXXjl<$WTl&m6r!BJ(nlN4|4D z*YHKKdyX~K2arSF08;VgUOBP}<}!a2E<)l{zaD&9d+#bT>Sq#P@{xJ5gB$c^B06Vs zebI?Uxt}t$l5M+&bU?5pQyb6&A-Vrc@Z|k?tb6s_4Q@UJuR+SiH=N9A3qC41QeUgzlCfYG`lI`%Y+j-_mVRBS^vgCj(*~`vK<0!p zUlQLTb}U2|>Gu=#`>{l>pZoxMN%^uKkZ~gx8OrsSRc3#Av&aZ{`D7|2ANJS>IGf-d zUH?8?WK&}l<+SgbwS8V(EkumBq-Iw1aGL@V5VEuYt0rT4b# zB_G)bQ)i9n>5H@23*)ynZ=Vz}l>Z*qqpC0cd+HUk&ezo&7?erBARKL`oaw}?rf;1- zmUB`0pRj6dr>0Z)B$%QD_41~ivN-@hyZj=n!~Yp=u9vmYW8{6M*ngCodb!K;dsgc7 zZzei%koWImuJ4Ysm+%G3$E>rB=rO*IK2?0l%KWV!dF#!wox7FTxWHksC@SOLAm=j` z&s`RsPk$*sS^w_$*zr`tHFhM*jz{0IXb>H#YDvdy%)M}lKTi2%4K;`n=s2iz4C>FFHnb#wa60!OSLztWs6mbuT;v#KFGS;QKrka<@KdH>m)IKBQj2aJ{`Ayr1i+xmL zy!mFE#{XBxP5e{ziLzFRm(dr~4pYYqxNlpKj@3Tblsr^w-f;;RM8CjUF#IVFCfWU@ zwwvg~w7gkw6sigP9xY`Hfte;e$bjgS* zd$nM@4{Vul%HEae<(zMR>DEyD3U%&unY=+z;!*c)X8H%E?ng$cd(FG6`y9(pD(SuI zewa5Jy)f(5`#>?DbjgG%`(bQs)LqU$z4EfgrW$lc_GrB1NS2Df+%eIc1&gw& z`SqaW-C>dSlS+Co88-T0k@b`6k zQGPsU2e7X|w>$9r)fq@vW6NDVXNp?G%biq%G3^S{9Nt!7zDdp;R`N&<6{J(0t)}g4 z`248ME7>c5u+!%E>o>>HwPy;Pe!u4GyZUYX-a)&cq5UOsFO2*0wmk7`Tp@klc~O-1d{^?e&n=?o?)2E985fd%2>)Nim%JrTR%U#F8JC#(AD8fFrm8-e{_(m= z*THHQsMx{Y?p9 z;ljERoEPy^=fb*9V~xxXtns&Ym@o&{i^00fjx{n}&R$F+Kh|^hYrK%j59=SV@a~s- zewjb5V8$Kqfy^?Ed5y-rR{N=f$HRhSBX{(hxv#&9@YVQ_r(NB{I4FL?TACOO*YJHU ze!|wYrW5!IOIBVH&0NiRUYCaxe1#d4O-`D zIXJ1IE`&KaiNMJU8z;;ujBC1^!lQ69_*0GROn**h`*0H9l|QXumaK)7bzmy(pp4(r z4$1>*Wmju)(gq(TgozJ}QtGggzqjPL5&vN=H^a?VzHg(RTk&VL&GaAkZQj&~)r`_V z;X};0(d1{pyz7A;IQl32h#AvOe)dRst&5-XR(x*oQ|#iWSo1^u9Q>5Q4`B{|)+2YH zogd0DD#%?rlq6s(DRhW5}EvX zc*KW?-mUr5W_E+8@NkTIxbSdX`*opxIL2xGjTxUY@rf{Zu=^YP4R71T4vvO@S=9KH ziT`OJ2&zSxIvg7n|=KQ;n>4*#eBN~6|;lTeGa~Z-M`0oM#eRljQb53{D zg`?sBxW*8f{P3UbhksxGw3+=H|AfZ>kRSe+M2-7x_}l!DeNph=F&h5xcb|#>)5IUy z4-vl9%>M}qKj^~$5cuy0{{t@k4`}?UhXelv_!H*9{{Z+OwBt{i_jWf8#Pjz8h`5Hz<(e36XwAG5cnUl<4>7A-A#9nhW}SJhREcH|9yV= zugae`b5!F$r19UWedDR5Tv)EdK7oDk;VBm*bG-1;^iq|9%1H$5^6CxQDkC&=W-$x~nQ z?vE-K*%6 z!ww0rbMdeW9_o;HnTv;Ing{CR;9&*w6XxKd9=RLsJW%Ejx|?<%%-?qn&eB*SlOGR< zBHryJerNu)nKsSCV$DOB&$vBwS=9KIiI1AM{_%q7H0^KlD#8Ddxku`|ZU~cpuZjO$ zPy7l0rJ4V12`_Zv-v$0{;J?s?|3ZyF^>E<782kxy;6DTWXWH?n%%68REf@{|nHoc6 z^22|HAO1JzPn-40Hdo`nz(_Y(>o;`t@Rq6ETVbz%w#Z$OwtSab`*Mk)%BYc&Gni|l z;&Tl<#*^@ zc(o_OUo-hUBH@S3ec$XlWC47ta|{=s9h%Q}7oT(ClQ0LL9q>8J&L?I5w!7*0??$wz z2kqh34GWqdYn&Z=vc20Btv{|2VGc}*>M*3>_wAO%f=9ikmIMZqF1siF>2(E@E zXV0nb)m&L=CaS%y%cI6AIjj0WbUC)+Q!lWG+_<|dZxiCz?NMoi5wi`>JJXmv-{MvLT_NY6Xy+sRU3IjkQ_MB3GqRp~>NL36Hoqtc1fAlwIcHuuOA^Y>qLv91aO{aJUK%SKB$H%yW90zBUSn z73XRmkjan3%{|`jzIFWQX_H}-gH18&z0Kx-4i4vW&T09d`vDwg{m+$Z4kplRTkUa? zna_KK%iW`JxkhtYtn(>(2VCNB&8RTBoZ!VJKG%%PO)g7RxQojYxLgC5g)S}&HJ8Zd z;IbGl33G6{7B1J>xWuQLaY;{8*(h8NYJ1AqOn)xxeYlKU{^;_gb@W@@Wi#Gy;`DPl zk9PN4VZyI5arz12de7Z4ZdhmDpFOJ2ygkko#fDG$rwh993~D^ryYMUpPr@8{_JQX{ z8=gbpS>4mL^EYPy_Pp5rM8y88i2DgSyKC%8vhrqa{?JXax9blE_RjiyY<=L*%dgq= zn{#$-^IU$-Hhk*c`8C^x?XK8#O_Don6=!+a*ectutjx0SZ()2M7`xwwyKAYLpO;T8 zd)*};Prq8!y-&+@I(c~c)p|F$pX&6-y)+N*Q{N@-pSI)P^UiR8<_{xre;dDQ!sF>+ z=7;-@|83lZ==)jddr#jubLY_TNHhs zK3wL;KR)%(w|*JDeEgmZqba_<&bRA#$(=-(&&FoPX?!;BqD{!X!x&>yVZhshgg+J4cY<8$!;rEEc)#UAhGO&M&Co(s-? zS@J%)OvbK}?P5^BOBi#dNieR;omfdL<#N|}AXX;!@B!@M*G>8U0c?w_%syXitmGbD z{}AzZ7)wJH!Fzk@gIj#$tg!5iNbi<&uaBHPmW`1sja^P9-;mse_|}w%kk6~WRzFaR zKALyHoH%9kle*HkZ3upI$};j295(yNX59gs$U7GH`us}z)1k54aX61V4(D$=h3}_L zo!oI?P9=A@#YQpCT-m8}mzp}K>>NFGuCu_@x$m5z>>mAe?$Mp-OQa+BW+H$0M=s#! zjwPaVWukL6=p6n_;^^9A!HyHd%=uXVq=#8w^bZC0E_+Gz_Tx*q*DzW6ji{2g`ij2i zq3jGD`q!iF3{Q1^jC%~XZ=&v|{!z{>utQ(+r`NuJ-RTp|^TaQT$Sd-QtzxY5Io7e* zQ(|{HL3FW}cRGV*OZvH^IZ69LRrh2`^H}gs{BYfQVwm+(f_0MIspcJ;C%@Evp?XtS zd0T_!Sy_Ift$^&G|o?0K2vNc)hsk)Yk$bwKXzOaGjp4J&(P+H^ndJFraJ9(RRl zXVNb!Jt#&On16?+t-LiE*zkFWKMv+n*hD@p_j5Kxemy0L?R%`8F^74(_z%KHKD~;% zdFh~4mxI3#JbaJxp>_*x@1yknW6ZWk+UAd%oQr=686U*{R`Qg&+beI2tamM$q~~UG zS6|)bDMViS0h#k$0p=HzPWhE$J}=r`rfe%L9u*xwDah7dWELDT+wL-6ZUr2pxqZ`u%ibjmg0EV>*rLPwS}Z?6{o zcso8BMAyy!GcA6;B#%ZP{96BN-l6uxPVSwDCVunQ{vU4m{4jTbZvS0o?K3*h_xa>$ z-N|WD=MZ_++e>%p>5_Jj;&yPXR2yUkF38^pIrJUA};FZ7Eyy>U_W za5#{@g7=mVw*}Jb+w?P|hi3%RKV?pHcqZqe?VSI1@KdjC^L4+J#5bqx9f*y+*yP{I zdN)r09Sh_4koIHkQQd~VicDg!KZ&>!-?Ygu()+_jdVjd6;alW^&kWN}i20BBXY|si zR?BCv@w$I{dYaZu?Ka8khP-O0s*Z7wh_2_{4+EFY9R2 z;d5m_^~tIKSQeeH_f!A;KK4_?H#uzo?fM{XaE@jBk33#=i}=(nYy0n$PRdob|9xVk zJvQ3&8`@ODX8XU2HT-Iu?SDOIVl&X2nf%OXF>U|Ze^s{s)IZjDuEX~K*GEjAN7(+? z207mfrepQb@xBFi%xWL9Ai7xguo&xP4{MTT`ww@?eWrXb$o|Pmm;F0?c`4#ZU*v21 zZ;NBu{<|@D*#3Ly&lNrxJ8b_w(%~meVS9yOTRJso`;W|ntQV}eB5o&qgzdl7z0OR} z16pF==CpUW)l1dA#?)8o3*>%*@&{&%<5zcw?Y~DIj(pL(?Ko`zJ<=sRP1%neK=!cH z_TP=aHI`k8&M4b|ul&}S`F%vNm^BI(CGQRkhwZIBfr2>AcqW_WFD6tBk$J ze|>+~bpL&oo94W`eU;BsuN33{B)PjB_g>%IWw!6D>^MAfeSgM%{_A^pK7Q-_o3%_{ zdj#%0y!KTbW3Ak|7#fG)-Lk0IYsav`9o9Cs^O@U^xO=gcaIqbJM&H5M7{GohAa^hx ztgdJ>?_iKu_728^pz{t!S1_I0uJ2%o9p*XRO`K&vX}^Qf#hsW~M^N>5A?9E*erK>X zO)d&6Tl3^%ey`DYFvOmCEoUy-Jh20-VC+E#m9Om%#-}9T31+_8GjezO2r^wr`bb&y z+j2LDyko@4=FeNF>JA3^|Eq*|gq?RV)*#OgepUq3JTZF*V@0cJTT4CE9fC7o6D1d_vbL9;VFmx|<%`?>uvHa~-%aVD5DwliIIm-r*SUDf5S2-hEcZg#2lh zZLQ$H3?2mkh`xg%^^iGOXI(V8@C?4!W#?dD6nqkQ=Io}dI_r83^FFG&g8|lIPpk=l zzsY5zgiml`9ieQoqwR8G-KDX%>}aiWxf^hpFbCFqzpK|K=kQu|a?ywQ_95OSCj1a~{@e8(jG;@- zI~dqUCb8!mKGMotu&vm#)kVMkUa@8SxIZVn&uL6H_5XLAe~!?9-V!w$Oio^w@PkvG z`oEZR_VcsA#mNHA33YPl|03!_n1ho8aB|SbNsuzH>24Z+d4&GIV7Dm<1T?P5Q)>zhnHgyZGVEP2CZrehz-HkvL44gP-H@bJETaWwv%V{nKdt{8?j+On&_Qs~oLU(>oIi)L-3nLTj?;{OpXU^3h#!8GSZd9Lm51j!vp>L0nQO)t4HGj z`@P#u9?tdTf$%#`9?q2T?JgcT6HAt`jtIMW2x}gwkAsI9$WNGqhf?I8z}XeLW!k4u z<}KY#7mUKg;317AGWqdvoevN3*Yc-T@4E^QjhcsMpK%&nLUjiNycwq*Z@za4{tHLL zpY)$H@&BHj`_dme#%Zx7oNwa)eJBtXbh3b5C4Dk!~f^`(`Fhq{$(2fazFgBll!U-{~t5|*0!A6@nssT9Swid zf7!(U&%__8|Aaqa=Kp&MpXtJ1?&39qf2j-qQjI_LaNu7C{)9R3ZwCLc9e>K~>25ml z(kS{rq%lM$Km5=2!+$V;T4hTs{ZFyRzr>0EboaaJ;p@0h(bHr++QZxP*Ja;RKmQE& z4;cYt~8r? zow@l@9Gf?F4`VLh7jO?_?o|9WgHz??=+O%1uG{i(62vyG*K8BDUYv;S+T$iCRT6&O zW#1fx6S0RqZaCL&$6HKJsFR~jWUwb8%)vAjDlZq`GS7h?zWTp=% zt()?v70irVtIf22Gk@C5 zD$UD&&C3CO4@2-f#6E6nH&#x?q-`+4b3w+ydu2&L~_bXewWTY`F_Yv1%ZxDZmbFrc8 z&HIwtcKd6uab5!Ua!=B6F4o>?o{M!fn&)D(8XNYLM{Jqa|5jr%@3Eho>Z2WP0q1Qw zoW<57xlQ8?zYcv}kL-k1j~%xPzcWiyvjPLD9pjc-at}w~^;agZopOKNc7OK6!ivlT%{8{RT~Wk2IL$-`3D-&x7Vn94ze%zO~Idb>DXTg6E1f%g3SLVywJtZ zD)>17KZ{-bEY|!`KL(IMv;>VQ>C6GkAx_7@7R|`47&a^jyW! zX5t^qpEen!AKPyXWR7co7HWPL+2$jgK)WL0UuXO_vr6_H;7DrSdR6C8a4~DOe3LlT` zqyBZAp>cmu>{itn-Zzao*R<>!s^w;MtscG``Kbq&dN^<7cO!OXa8v=Gir0IvVQL05 z&Fzt4liTb)LUbd0kFc$Xcdv@l#?9O#6rMkIhH1kSxhne4uP`r-80u^%dk;<8wO6^+GyD9Lt6$Q-iG1#%r~H*4geZ+2X3Zgp#+`ThYJaa4qLX zrv4-kQkJ{TM+l#8>Q797LTEa)% zB@~?Zndv_(9CnSuVYBA2Tyu#1U-mxes2pC+nUl%kVoweUztiM!p@e(gC2WSnG8czs znnPrBa99q9ggH12!(p49L(06Rr>Scc4oBQ2^x$DF?-+XZ0VD1bdZbMT>r~tS*B7bx z8f*@*cb7Ga^rO?TqqOc4Zid55hvuMEb1*^QB@`~}%zRG1Og>vi;c|w~r&#Ax@(#Gf zSAa3c`J@|NUj!Q?{5qAka(mMLBA#nJNiPQH52Y0^}yp}T` z6Q_SCT3Yz z0LJdSgwq$~wRy|dUGnj>d3#XHHz03#2k+pniZQu@Jj8C_AZ=3LOA-6w!(vxY zz8{tPPf(mZ8R}{B;6&ZU$;xf#5z(XYAf;^SfNw6w{6hJw9e+52LC^jWD#`1U2cxF=LcJyctgx^UlQVgS6j zXEdou-WM1tW5r49y*8(OQs+|YESN}sr<2#<3GciT^nJtVv*amq(q|6DYMx^*js1CJ zchg^=qhBd>-j$O38Hp;=RqAxX+n?Esjtqj%lSIwNa4vJQ=Z_KhU6f`i~8 zxCjot;UITM)=c@H;1C3d$i?WzT}rnrsY^DGeFfxk?z6uk59uG0q_^ze<-J#VyGHI% z+26!QC$5`p*NF=)ow&;vlb*x=b@`gSLul#5Y2;Or^v=t~^|zXzPx#7G@w#_86H3u1$sCQhPE?;{?`zF>Q46BegXUe5pI*p0 z^`h3?Js1A&57MrKcP>fNuH{}V?_EYW^ab|DWUf$XzG*CPvOIe*@Gxr~^$tv|lKWNk zH{19YW8NqInCN~0UpWi^jxnan)NgA|C2!5jy(3e<{o8kszDs+m>o)qIcHVK)_a7;v zOz=C+d|LIK!z&-TTNOus<`(Jm%Va#1dpj-Z7cP?i^%HV`@j6+@tGfVI<~)iu%e}3Z zUjvCx`X3Wt(*EUhrd%Nz|9ZW~zmffzHOH6=eqJ)JoNwkS?~zF#Z{p^!cZ2#3MX$Vm zj(n1jV0Sus&B^w$P7dtv+Q>Xo-jlQ5SWKXUPQByp7wRhMF#x{e}|2|JIROlG;{B3qL17Q zKOt*gxvOlKLB_O->|MtXahF!VuSvNpg|ku8S{(iAcfwIF{Rn&bVA0-W4ZiF*A!W{GMJ@B$GkS#Ml1WxC5 zH@&iZ#D0QfUQ}_W%hsK@a~yW^l=Ah=%Kk$UwqJ5L@K1ZeYLU%m-m1UFTTt7~vp4$%Pu#W5JiLBZ z!ZTByxGzSI{roI+;l5DgzTbuWB5)_nf%^e%pRHwz%bkeJvHu+f_c?~f4w=+Gpa<^% z>VtdF+j`CElU6WG?kpHkK9B|fxf=fk+U^J(4~zbHa9%Wvv!kPgAH!yzI^09Mi(}W` z(#o72+vem++WhfWY@ES~eTBUj$lh!|PI5N!=Xi2Lc$3){iX?oei<1SEli+8zi<8-! zlZ1 zU@Dw+@LT$%S=wga;-nKkW=I&^%%l#*oGq1bmZ!NH#(!?hEpSuH_X(WAlya6g!L)bz z+^^}Y`bO)kayIdsh(EHgBK&5PpI!;y=;CJ<++_G^bMe!r`JsM}zN!O$2y^fgMD9Y) zj;NFL^YI~c;>PZ#Cw}VetK1k5zOFGwCO>|j|E$?pxzom9&7U??2A;x8v*snNZRX)c z`E#0KwwW9c6QeD2;Gv3iHPojH9%|%F^`hu|gonkW@sP8LZ}a4V@ViYOnkBr?#X}gm zu+x`!U}P>ZWa#&8>NOA4$H7B0@)PFZp&Yp@?L5H!?cGf?M&Y67*BVP?^5bEy4-dVs zh3y>yI*Kk4U_p0VQ)@kh1;!arl?e^9~~ zyYR0Af3exFa^YX4@vn8^Ukm<(Iq<8rX$biZwEcU&=?|_?K(^EB)}tzP!hVzs+X;BZ7bZX!w(UsfqszPy7kL-^_oRgm<{`uLOUw*`DCS ze}cxp(S?6G_!H*9zZv|)cKqS|zV4<~qv8J}jUh7m;lJ@S-u+PTbNSOMn{C0rMB`uT zhd=h^Q5*jMaY?kFz5Q45LGcGUUz;!*{yCfYDo^|g|EigPxrEod@W=lBv~0Ge|CG5# z3HTSf@Sg$xGwt}p`Ioz!YDUBV|7r}8$q)ZFKm5O!KdrLW7W^~pJIMGP45Tk(y_{Iz znjT(f&g)futg$PCO>=K|Q?j!z`Y-1*H` zST@-{X$7<7LF}An7no!4F^&CkZRbRN)O>XzbE89q$z9JQMmn{C_zUfGBkbj$VoYAd z_r=t65o7XVb8b{EZQ?*+lyw~T&znqsKIzGiX&){8d|bj0y6g&$vsW}5eiANz5}F_C z=NOZZ!4F{$emaqRuALur;_>dLe;AFQZ)tvz$&a7qe*9QA**qy@K~oD0Xcj>ZG_&jTh8h9?iEeYE6vLe7~F zxOg}S4_)xE&&9(&%>(su@NfY633KqU47nqA9^n4z?xr!L@X%}7WFwOw4-0`jw9Utq`T?gcjoVJ=2$k_$mECPFE~q+a}@VnzsIu4 z&XZQKINTm)4UA1THh8IGY_hSz8^)H)T9+gu*kNHCmK35!Ak(LH zY>U>ht=j%qbgQ#Y@`L!6ut~V~OpPqRH9VWOJ9S2>(#BkF!p6D{Q-~ zG(t~vHsoVG_0+VF7Cn7SY!PNEJ?Z}OX@kn*FlQ)b_>UN9fg zcbN9k!pT|*uXXhu>)~W8Wvy{>vPN@4ogAF3gA>9WoNR-WXY8Dy2e0u??SGEwI~=(7 zST@_}Gsg>{&7eA}v zXE*$Gx%lbQ{7^p!Kdaz}Fb6+-kb9qPHd^>PQ^Hrc`l1f_Dxoi(;o@tC=8Jke_-cnQ!W?{IKcA4hb-M0xv7yIq|AJBY zs<7;_k;#v*>wNfXwd}F;q!rw_mo$*fw(hMy{MX@qaFH*V%k8ZKklQyUww*9n7{o`bH`ydG|(Z)*lmbRs^J zGv_c^m0*iqiY@ky+7|oqG1?aU{n5&wGap@L+B0Nrv4!6?ro3PL8S);uW27xMak949 zWymRGVV%~?dYA2|j;n03-MSOTR-d~7($>F>Kj{(uCidcD7cIJTzl5(gZ5CEq_wnkf zYZ+zNx^$;j>khIxbf*qH2y^I8Il6;Ae^z&bl*xUD2Y#Ht-^|)#Ba@%*JU-96-<)IF zV&_Sl#NJbM<~uv7_pv*&w%GBu@PMp0EWeO@2#;0ob5N#j zv8BzloB4cwH~BPZo)f^c(1qs=@SJJG zGlJ~c+ux$`RJPdR0PkFk!R`**w;*~W_DyhzzqZX{dz(Oq@Kd{4Z0;TpmY?Y5?TcP) zlFr~x$g#iD|CE^h&o0Zybcv}K@_!NIoaw{+gV?-jJ0-$Tb=m$8wxmA}H!;`u4EAiN zx(aw3fjdYxxrUJ`ge{TSYW;Px@v!V^^i$SY$~x6G6?-T{+4i22yF=iSB7YgL}bE5pNBSYmbep4U06BJnA`zQ$tn}K ztWJ@3M-ZK&ET>MLoz}@%d=wj3uQbkfoJ;dg+VOQSnd6}y3$L=A z?KoGKaJ17;K1VywrTLqT3H{@8p=D2RXm=Pr&;(t7uOiL3SQ9ghh{X}0}N z;>_F9w|wn4-!;s|F7@uSbSam9bY05Dm2vVqKlvQGluPqJ zH6~mwdQxTf&+ah+o%-X{f4nl=mt8J#-|d+2Tu!Ifa8~)>9TQ&V{XZ|v|0l1*Ux?Aa_U?z%{$S#@mZbArT4fF~Q?te$;He8g|xexyhbnat5*!>Ub+=JF0 zfUKLHbKe|4!s*pHxg2TUq0TwdT5H(*_FDa1u1u|Sj`;a>F61YlpU#b3!)D9!Tf?e; zF1L1lVQNd6;$C#_4ACQ>c?xT!7p5A_eYxW!aZi4dxO$$F?dSB`HOZR)LcQj)uU%Ch z_n75L|8^$lGd^>aY(0e2UY|9ntQWQ;hZoL)vrli`x+~XrIm)!&fQ)&pTfgm7=A1J} zUAMk4^}QG4JITawvta06Kj?L9$l6nKty}xdJ*5|>+Hm|n``kY32S=T<>j&4`Q*fN` zQ>X0u!Ij1uC+3aZQ*xB)Y>&AyTFU&ePnpj4m`md`1~|&I+GF$ut3Bq@d+CX@J?7$y zeDC#>&(R)pX*|Y&tZdo#$bPKsPx{O|UYPp9i?eId%S1o?=N%8)*P;_7?zM>m%(lyZ_;uLr7oyOWvyT!u$XC7_ikxE~n1r`tWz6bAR4r>0B!LH04l*O%V^XFszyyH8oZq&GNQ_Mu;xy5Z93w6o2=XBFjG z{r4`~u=v8^KDN1M%m2B(|1kT6dOoT80NelU&(Bi%$X-_N`#X}Ue`2&>&w2jgZzR+8 zUNVhb6J&MSqiyE)d2?%m7p6|B$c}%FQif04R9H{EEIJSW1~OJ&Epc_*3~_ca!?q^K zj+Jn~gEJcQ>_GF?U6E~*t#bb0eQuDg$H;SooSuko{gHR)JoVA?h2(0-?mpgctaSGA z&NBD;l=-)4Zx{Rx+S?XC`Fz@&D}y)M~sbcMnVCTctkZrEIm&%>SDxyL#!o6ItIV?MAwYG;-D-#(#mlLHS$eP9jT+ z_(}SgQ1r5B(bD00-T9RJ--`%Ywd5yH;Ju~_%&jF@wAjB?_It+w`D-R<4$?fP85c-!MD@E#)kOx zdq1WO`fTpm7+aEZ_F2FFBJ!voLmtWx5#_ykjp=_y>~fN`B`#^H-ytbi@?pdLUtnn1QC=6DDft;~Q8y0+}jIDx05IMl%B;PpWWh^nz zlH?@2aKR3v82zljfDV8XXhAuPfe>Qas!Exw3&bg0We1r0< zR1UA;e;6I+94&pt<;YTv9rF9d78$?k;lhTAJwKT;u?W8!lL>1u(pOAw;Wu$F6jLYGi4(UIUsxj$h{mNVxBx-wjh z9~E>%()MB>a6NksVh@xAuM};6`rQF#7a%@v!0bh_5sMM;_kwuU`itIbe`{@md71c|F)rMDYDyZJH?lEjarctL;UAeLQ&)^;>uB4IkF6o=wroOe-j+xkXNIzlWGfbJi%wZ;V z8&URT9_kMm-xKcD8_|>>>M^2+$!9b55PU^utFOPL!v2XT}|Im)I*unGn@ zC$MQr(cVShq~22Y{0|!ACo%49id?#+zwgo;`d!$`Jor0&n@e5Aw-WQT&C*v%z9LVd z!XRhc;y7DW`b_@Vnb$7=TdzfM2hq&^V{jra~wN`OV z8?)O{NWX56_i`(^y5_>F-xU3}>P4M|$1bTC`Ad3LFT3pEV9Hc*1bw_s)(c+pZX(R` z1+3&iK9P4P@^S`Fd*}aCE&J@cC*!3(?k17hHa5wgzSt3ojE^DHr0$ldtg(KjVO+2J z0LnRD3ns`fWA%LMBDx<67)J!pByGnY_xHpVS%jO=oA*B?{lPBA?=z@Z5?v8}hKuh> zJ!LK;dA_inIuK^pUn}f5=K#(ztAsJ@jA*LEQ1hSR*|hggBmL?gW8k#~M*8)I%s&np z1NQzSJBM71ykgJQMVe(sdgZw?R~*yu+6vOGB24Rfa@m-M_!_WTOT2Y_Ut`V@`Qz z3(v$$ZXAm(@}4P4>NGJx+;$`VN5N%QOS%=m4i#UT6kVzO0fjbKik}CgF8XWwkK_XK zqF++)%)`O1aYnt^y~Kj!qOp1-9im^7zDDK^Z9ik4MSiJ;=wLl%ihTH8k$y3i7}sF5 zK8NjUvGPHZ!AB1Icq{KH48XDKGn1Xg4av^J=<|F}Fb5qT!&pIn$$gC3jm(GH?~FI1 zAAGw}d~Ypd{v~~a#93hse42EJBjm??E14P7AnzE3z(V|w3pQf+9_L#!Q5cmu+yhq` z5C1;WGH_%?%fR6_WSv16GE07M912D^$UF`oEpHUIrr+oaq(2ilbKDz=;)XZo>ag1h zJKmChB6!Y;1%z#hoO6TtXWSeae_~Ux^n`IUHf@nLQ;b{W_rp_++vWEoQ;a+1_rFg0 z3uARZ9BkA))Qe8fq_02cxnGAu%t0EpoL5L1=Ao%QEd%3-Q^UNa znxC5j#S4mh9=J&6@}UbEU;5yR^*|qM2(g<3n}L-DM*WriEpunP9*geu>b+6y317?% zl{n_jvJObrfK{zwzQ;7qc=}fIc^%$gLtkD+mP98yFx$jZ=>fVeb5HT#m7;B=Hlp)e zjPwJvjnuNS4XLhZ_A+7jSm3sukwzPFEvL7*0S6a2NKla|!Ze5Y~wxP0MugpC}r=_ouxzqL3MYUV> zLe?R}iI(*BvW&f<|upx3_io7w2uTbVAm-6$88|Xi74bYw+ zzlHvR{(ZQRG9!1NxP&rZq7M7`arEtxbM__^MNxUjCPx4JYHeWPHTvJz*VCudPV8+V z+ox}VKk3uAqEqN<5}%ezcXyz>=-KN#NIOLTf{qQNV~IWV`$lM7a{U<%{bT4qHr;o2e2TxG%9`tYr0>eNNLWqd>bl8eX-tmXxbdYNNMT)#2u8s-{mUxGM? z-mkG)L|#X!_bKDe2k7tA{DSb`>+quUm>V!wgeso@hWJHJ9)t6M@wChpl9HBwEL23; z0`ds7zL_8o*^iL6B(i+qKbS}G`xVKL_91H_!Ed_kp&SSHl17>BOQ_iDaZ7yb02 z)NW&-hQH?%=SYG$y9*ma{9i;^_5I_@sP_Wiwi}Rd$bGL}?jK4y^r=#2YBy_MxK17{ zY*1sF=Hm?72=CnuC_XaCE&d-x52$PC^5?%HV=(Px{5XE!q{iEE3zCc_MS-Gmsq#<* zW5M;!8tc^2mH~U-S4jJlexMM4lEsYM@Gp1%QjCkK+59f%cc)-gbR@yryI$uLkF>CN zLO(-(BFkl@ll|3XC2g;r{V8O*f}g|dje++f(+vg2!$*iKX(VlGy;h#F283{++1@ZoJO5@WQ81T>K^pUd`mkSe6R&o3Sm` zX5tlQ3{bY{^rkT`e$n%cn_Say6ZZ%Qm3iN_kxdHz3d0wPq-?(eH`zE80qKPH;&hs zb^pJgd26lcWLD2)4vC!T^1uS*I5Nu^s2V_zVBbD((K8j82K|liv?biS3u)Yo^2w$nS@z%nlk44^sc< z`1zXPFF5a`u4P90Yf{%TQ-&_;Dt&?qZ#D+zQ@>QBo+BR&HN^K#YiPNfd#6^MN`vo zZCQVW@gML^W#k`tX5QhgeM$b0Z7gby_Mdwb_k54GY&i?>JCqZ=R8!-@YWk#gwARLb zlYlech4&a`1o!mwU0;X%QmRw4{=9W@IJS1{eYB~0A18N1c3E-^YwnS*pBO%rpSYj7 z`x^7|b><*;nNLICE}QLOgJ74u?VT%OJt)O`_{V33pB1%o*X?tS6Xz z@_%OGePsEaku~+5T2qh0)_HvfYb0bve;smh8n~sr))|r=Q)$y-eQwrB=-7VrtFbdH zlMSz5$J#~jwbp+KT8)D?o$BZOA6`L!vdQDj*{$H3{L|oG@C&plK2ST|$rFvQvO9fZ zz1Bj?#qY2l+Lb(MKysM1O2*3KuJlRu`TnFYi;puF?nn9$)3E~#oiKlG;4C^irq8H@l1OwT9beMJY>jZWJo14WFq~B|I}x}dy~Bt zvnFT%?9HuOcbDWyHtp`Yym_0R$IB7t0%T44zPZkY`rgJKjlREP_F>x7U!6Mv9=I3! zec7X-c*d+v;E~zl56MXSk)WSn_?W*I@_AD8(DM9GpH18|h>s+=-!#~)GfXM=N=CSQ z5S8EnpD1@9;1@e{pyUrd6MyKL^_zWv=$ZJE@$n_E8TdTUsxJ@?RM#=*1l#ec?ZOW> z79J?Tw|V+lGfMt2cQ2(&e(r>W->Zdlf$kY1J;T3X_7vss(_CjAnrTTovn%ZB7BaF%^@S@SJauw zsBF+Vuxy%mV&Dho!`GmT{Fu2U^8xsh5jEoZ))5WaX~>84h_)>Etqd~vG)6lQ$Q{!F zt^9c~NAp0uxi(?e-H%?wJOBrJ_BHYl**x@yXLu&PI|iF#|De;L^J!V`YPp#6Y5UhW z#WC36`&*L@*P1hs_sso6o^MZ{JfP>>(v#3B^&4Ut>yVm&>DSV_Ea~(pT{{* zEQFVG%fMTbJMV<^2A4-ZC_1%5pXHSAU)V5$Irr@w4sUH7>wM(@p^j(<|D2d_t!l`o ztJ<>AF;(T(?OTMe8C_Q`7|dbWz0OFdd&KdH?vW>r=sxa@WOwT9k=km?s*g8zqOm2bCpIWAeztj{n@_?U=P#b2ZZmb4 zIYrqo(#^T0!0xGS%g!i`X+Px*K9J-2{tMdj=)Lp7M{YJ{TTkas8OqkXuEZ8eyl7m|Ok(WZfQ8}bQxRN%WX&0!7!zmD&l_@2%xls(OBvWm&ion@;vNEd*75@XS(`-#X#W>@JzqZWmlx=m-Yf`uvt=x8HUE)-=#y-K`+mDRH-Ww22OrMdj>T{kx3y#S>LVqRiWjmfb2b+=q8`b~O^bLOd2f>?0 zf2TJh`?SaC_Ql$;8ndyBsF#2jYOa6>DR24Wde+Q3mtkyJVB~nGHpY5w<&(gMXC*Js z8-<*zU@k(hQP65Q+4uIpptB=9D;*Z>%YXmg;jK2_Vd43uc!#)WgVPqw`$ zo~UN7!S8+WdM&nWZG{^%(v9x!gYP9XC95lMbk^&)?7&;u!!rK*YQ_WoWe<%Rhd!Rb z{;BQ*={Ucwg7H=bpUwC;Kko(ke6bfoOj_T*0tzsSE;04LJdsRZBXO^efR)+)L) zsgL(r@c9}#__gLeFZUsXlFW(K`02Y2onHTS;#u00KLy^`=5ntJx`=fJc8T$y!+-L% z<;O~IPiEhA`9PQBJg#S&r{YWb{{+8*d*ZT;$@+x%aIUWE+H=|-fd<~b{3F5jnzgHL z~R`W zH#V-+M`e%LM!M|XsIF|M(gq?~?_+|$_by5t*ksUO)a zzd_g9GwL6NPeSsII##}E-4i$dCeMZl(&kmkImVyz?mm+}dJFiBt8elBaoz`EgzfGz z_y$Mz%5VJMV#d4#+$@daWr`~!t^+S?D6<9`M*kJVAp97g{S7={>tIjuy}>P$0vF01 zm_pX&2a^q|mpYm9t-Me3!KO&Du0xhzVfIH`8;dQIoyYq$-}t>58Lxdz*$L9!{maq) z%g`fB(ILC=2P}dfi|Ge&r+WSkgZtaS{T90iOnk)MCI3cO`mzD}H#(A+8Qmfu`RlY5 z2m5D1*!XsSCc16~_BIdpAh0{xqk9PWihUcW{lldL(k~s!rLOL3c8b4G8|ou>^n9yk z95_Q~%tz1a+5D6FzJW2!;TwDu=JOtTP>cO!_KoH!9{e^8+b zuy6d@Q}82xapz?5rj_t%@!cmHR*V16fd3}Le`kQd ztHb;^t%UC;pZ{KQ?^0why&T>Wp1zBYRdm=ZyWH^c(c$dDXDZt%3disowukIUt(&Yp z`W)qTk7T}%=eyv;UD%YKEt&5hW&CGm-r1ed-Q#!?n| z?Tq7O;F)q>8MXf%l~ey!cD&XlW44UpvwyVPkF)GLnRkWJE-cn2rfvEQ&W);{yEc53 ze~gTRCw-Z646ybbh=&!5ql6Yg{UAHY_}Rv8oL7U-Q2qn?e~lji9uWUo{-}jkX8i{r z7`dD*y$kU+@3YWXJaI8RHk`e3HuTLUDGyHsV=4`A2jH9oZ-ru58Al)dt+?Rmc+47y z`O?SSlh0fD*EsZ@7=;XIb$XwC@yJ$Uk&S#aYfJqejs2o^33jdcTe0hA--@y53~p-; z{@NsE$X_R3l8-BHY&lO(fdg#qQhc>=@586`UMTfDhE&QS6SwRFU!R9wCT$-%@z1p&qA^c82`X}(CiOTM*RH+a38#5Uh-INjYOA* z;?ALg_8tuWJ)GOPXA|>}KgXQm0gl)gQXWx%kfWNn!FY1Tji{gPXG14&WcPK3$OYaRxd6@VJF8QS z?(t|K_zRbKdw$R+*p}5jYER{+L5C1-pgr^bPV3k4*Kr=sT7tP<`pE$aj##I^xM26R zw!Ms1u|v;YUfzH4fH^Z;=ld_7R$0$~v3b~heVpU8ZDpsm5&!&R>*`W|xsB719oEkf z_6_)B5f62Q@*b4(REd9XrZ1j62-OMaJt)<&>-5#0pT*{Y4B}61Caj;utfNcy)#kNj z+6?DC2-orPKsZ|$%`pGo=~Pu-^UWEWBodN!#NUQfaV2ra z+46qI7Z)_v`uz0+`fumyG58t%zKZ{c^E0-W!OJoD8DCrw;Qzl@|LpvK|9-|0UQQEU z;{A-FafRnV*r)b~WyTer1Eo5aAFV72_!&cO`g0)SGZc?qTBc2Z4n*o$`E@LF;I3VE z4wU*F$It#8i1-ZEzjMm<&(48Josd0>Z4#70{v1FL%fEnTk&%l58=5wsD$}OVN0B;~caMdS9G{O$Z4S#v zhG$D<6(e_dx&B!`iqskGk^Mb}m=x@9@k<@&o2Q#|VLnd9Pq`U9pY3EGaMsP%KCohK zQj<2$-py~~QZqU`p*^y*(3R}BeSbNzlwHZI*R`NuWe4hiB)73;bxoSE7eG5gZkU)tvtTodEPdMR}&k(8e9!%tw=P^oV^H%_(d zefumk;>N7EcJa&o(})|LXt_NjZrn{d?ODS6W?V0?z+UuzzZCfWgTU|J!0&(Ox7uJ2 zeZAInUEzHzV0_8cU%75Ge0_=G>lFj6{XM?E#`gn+_?mV35SrO%L7LfT zL7LfTL7MSQG&@`L@P1bXeoqPfo*ejnD!&+JzmT;Bd>`i>WBY= za3sq+l4tCEp!tlQo%mMd%gHTbyv@u-_>{P9at=Agu78qmjCfIGGX8)}NAk>_$#ohZ z&#)I{D^w($3Fds}Jn#Jfti-`Ax&wdL6$NxJ@gA8s8P69vtM$bj&uL2$d$wi$H+QBI zW4G*QU0a~6lc@ZmVk(ThL|(OwANYu3leHFC+ke9TtG<6qysF}dDmdHA6;hl5cH>Jl zpM&EwHiH)%AM|$!#tIMC_kytY)DH_QQQ@wuqOdX{7{m9+<{*p0Xz=>;jUcSV?+@Fb zO`d-*3hPTj7)`^&Smo)wD2&esVQd;6hSfp)z7zH<8GgYw=x9B2-NfC8w-VdCPQK0* z_gKw@u6qA_Q;jbtV|eH0#=GS!S8fBz)x4)GMeFwTPv<)Lu;Xalbl9B>(J?Ib#xPvn zRlgou*KO}V%eH5AP_(_-etYHX=6*G_y}`6%tH$B?Ot#7P$>Pf-mN)a-63zaT}OUW_p#!Cst z%Rv}TGl!ioiF4y&JQswqXLw%ERma1)h<#V}=i5P8iTT6!XH!)?tOtWIHq9Cq#;VGA z80UEXsph*~@{_*Z5ro?`eBV0Gh=)7ggZmdjSbG|V?PJsF@vzneVI+nhXO*|-e`G_L z{-1guFcO>#)SQUIc$xhz;pa!*_eVo8hacN2?_QHA%$Y$Ln})}Aljm!V!l(|y*fTtg zD(|k7D2x+JFkY->FLpRxnegsDiNZ((VKfa7BR3`<$8TTa&-E8;Hw_PCk9W68v>&eq zVeA^$3`;XGEVK}+j zu6~{KbVNK17zhE;xh@BTP~RP%Fpdsxj=i%{r1Y&jgoVRi=lx3FD>ubb z_q>DFCw;BFyAFGt_%5^OeI4`jIOp+Z=4SumMqslC-^{Z)#O1JV?MNqj9nQd>b0251 zTX~K>U!V@Qv%hy;!5U3INS(7W@eP5q!@)Ifc80rGePqLO&b)n!+{vTOxdIczGTUue zd)c4;Ao77e^wA&I`^DtI;MTq+MviPZeM2thraQ#k@_hrc1)opfa zSyywMGgEnW;`(FPxXQPr_M-h!{z!`hd;`S->m8G0O6z!HUTaKSsqKF{^2pYo&3AF7 zvmE`?iM_2x?#k~#{}mf6dUU5JvfepqKxd1)51my1Am&`{_RunVRWn%#Gi{QgHe!sZ3S9yAPxOVAxn_`P>Tdb+Bm`YnF-hqAzU!p~7kxP5| z+!asK%^6J2U*ZQ^hJIVd_o;lJI`DWUaRTU?96BtnPkTI{syQb*TCo#ho_hnF_66E~ z=>o+~jbz?^fO$88weHBa{^S&M21L0F`=A55_{CB@#gu_Q_`<}5Rc@S@t>o-w^~QPq ziid`N{qShETJi8-p39g`j??@ti3a6S=wLqU%vV=yqW8?F6<=jyZ)fRDvDs??_o=GJ z^)2`zeos8id+k?r6LTsYDh5S-*_Hm(faaslC+3-3d2nIzi!JTOpi$1?9$eXX1>X6w z!Mx9cXW_p45Abz>tNrNrt{$gXHraOKnY!_JsNEmau89o})VUqJnRDath~&joWK1v? zG>9|tScmV=xeOWban{Ns-Fp`4!}yDl`M?ppV}WIPe#K7dmoU6gEKD*=JMVlC_>yly z`|erd`m$qp&&&6?=bN(QIrk3_x-!s#Ufh>jp}A8z@T*@UkBo1TInOyE{L;mrei`{l z`N~nyLf;kQOXKhJc}C;6eg2T?b0AJ2S-Nvmb5AjQ{hBW!p5yEq^ROR&%=f$f{5|G@ z+Ltdj<>d$bJzy&)PkCj9&k<*GuB^%_D*w+#oTG#{POMm;XsFEIXsWG}ARKPNgC<`4SJ%pc~B=1Q)a zeZ6Vmy?Iny730c3wqSjpm>jK>%hklf7D!k&5YmVHiUf#1k zoT06{_Pn-tp2XgTpR&~>+vICbRk-JN5Ar-ay^;O_<2F9RX?jH4O4^m&(ON+7vvn>{ zXQ%Ux9!$}OV)=5alf)m!T)#oGNU)}%v(RJxb9hJI!#~p))-GJXd89L|p8jU*D3c!5 zmKx*s;YIooC%bYse!gd1TQH}A+W3QukdF~KPnUtyVPofG;HY2pJ)^OU$8*hYUJYjy zb79WLd8f0dX~r+Q^zd#zwgY8v<~jNylb<+heSYFc*Ka1ivyQRl7;k$|a!BsEt->>M zHkSl9quKN2e-2u-_mHO!9=G)9gV(>PcVj6xo^@Df!pNW7cqV-g4vjuHV^3E2IJ|}T zaX8%Lt*-}T#{Ns^=2hv>P9KO*v=G_Ns%fCCjwk=<--oo0pu5$0L<{f7yW81r@*2GrEzI$XCn0w>v z4K~YO8IQe!&5|TX3^Gh}O8K7qk%?j5;o2+OW6L&^t3x_*l*mUq|k{>X-pqxY9^rr6c{ zgFPAp_SS|IiR&2I)|CW4^7TFS6CDyAgY<>+CrmYGaktIYIV9yVP@KnbZC_#9zMQr% zBW}TMTj!uOmeu4k)|on!mxb|Io2r0rs7+vxfQy3kSCw{@r|6=I8#34t)%VsY~XE7eYKJLUm{tWzS)*EY2tA8+k8tV$y zF6b{4k3J6Bm0V%g8p=JTy!fU)Xsz~6s>2S0=EAFTdItAw-%GkY7N(2rDfW86lS`kk z%r*aI$AAlaCSK##9!tubA7>?wY<=D1IkRS>eS1zc<=uN@&x__O6Aki-l{+sg8(}zm z>jzJW_by`oyD=-#xXkEyQmmWhx5{?9cL!O!LUx(t=NrJwf+N{pvb7X5u|o2kXF97d zULeM#_|qxQJ&IG?OMI&0%Ju#Nba-4}n|#~26q~15B-NQp9i0`*gD>p)VQtHM%~(q? zLSt3Gpoz{dFy==}>lx1`WmH|OLuKe{Qe^9+L5!#olW^Wa># z;F+73aWwmn=MY=Pdt)n(CdOiubECt5&1>P%Kchk$SCjAP--OrTcsey6jd#kxm&%OC z%CV*he&zSDIVtX>uDzEdgm=ap#rM&8>|-%J_Rm@$Gxi{lJrcuX_rQyBG#QS^Zlg{N zkA-Mzao|L7@Y{}cV$4`?j~VNIF=M^zHyG6XOi=VzRXdb5x6xvX3Cs#)G?Q2osl8b8Lu(( zt@#s>A+hw`Y{p!I@!QgOo5ssHgYt4h41Iqb9joe4?)~!e52$mjynJbdzIHCZLSO7$ zw$CPD_e7s93OxI5@pM@Xo}R@o6P@$d(PmVyZ2b-J^o93qGBe!T5|l%KT_= zX06D)8A&~3i|QF`uPpOx@G);5!PDK;k(@W{cll-Doh-UcYjoL6;`w&$OU^$O588Un zHSS6>Ykt|Ax#^UxqwFY$IrvHAf5k>qZmR>gbAC?xMSY(+2|XoUh`m@b!O4&lDC60m zvGeJ1+B>r06WE_uVtSXurz^bOzb<-v2M*ncKY5!-mCY-`0b$HAzw`A8@qte?eBnf%fC zd29D);OS7Eun+0v-mdBqy(X9Y((!G|kC1&hiX$%v$79g#N$B=uV=>jXumStxM6)LJ za+2-F4lsKi_cy{{z)0}@F83*^{Fh?Na}Hm*^0E(8ZteKC#MJi7ubGP9$Ilis%4((A^d!liCvWJ)@!&|eP zGJ`!Qhy6bEV=rrfxOxdM*LF6hp7Q$Vw|e6pJHj3By+g;lk+r?+cw@=Q6L%N8?dFNK4X=|}YkSntpW>c1>}Rg&MD*w{S$bt3SUTUG7< zNtJVt_5`#BiW~1HFTN>D{Wv`RWf?r}sq*j}Q_uMSws?4&?BU7dqgv)gt;a_Wu_Hd7 z)_%b7#gC93`Nc7Ky3NBA@A9KPJjL*uV)}hvIY+z#o+i-;>Ki z1#z68M1DKUD9=Iu-NsCQ(8T!}pLOBcQ4M>6rM)o&>s|Leu7Tz8^$=K;QGV(CAz;1Z zWb!w8w0M+xa3pzSBl#1*2|UC5$rIWVBgu_+_`Eiq>rgJXUzmAd=KahRrN6VB8~s@0weZ#FoP(P==W}2!@#M(ri!b}IiJ7=){f?bl z!zczZ_bTy^@W0NR+27X%et#zLdsX1~HG$vD1HV5R_fGq1O}{Q2kL(dW-&S)}cRf^5Qd;8BSg#yft-} z`f)t{r`)L-Cugi~eCAQ?i!yaJc4yP~=H|HTGP?yErYF_5`nK!UoCD z8JWq?ADJ=x)3lMFIH7G5Jc@q$({E#|=C>hh?0(50`SJPBzDOp;oUt+{)j++v5quWl z`x;UFck!_3;mw~|8ouN5=D{ZpZw=8fMxI6Kei-=}suQE1qq6L+V4YXu>HagyMCg8} z^<~IbYx-~R`~mgj=>7}t+w$lhs<-Lw;p>Se+%uHPrbS=wmHt|A4i`rmZML9`Fi>J z3p3b$7w$gExuQ$Bz78C|z-J}+l>Z3(U3y4&k5I0SJ7COSy19#_6<_a!)RyzW|Ng~} zn@3{_I(#2AdI{RR!uKv{vy|^1Ke+ldN#jeaVbDMle*&WR7 z{t0cLME}Yrbeg_LPS3Wv`9%xZPd*W!)8)#qGE04voh=^fTgJL~d1LWWa)Ri;DRYO% zcRj#-*yFp$HqM(K;5+4)@8UkRDVFcZXCXOUSjxBr&{UKk?uaH?$7fTdfQL z@4Gy__iUW^!4TdP;C=GInM3e?mBITZ?*s3@cj`h@-;D0d{xp3M9gJPp1C3tr=ElB_^R5fhC=HF+ zu_!^Zap-WGQ-W0 zP4{{@rG6YOK3Ikpd$tZ=ucK$h&ce6wxntktmvQ!vFdFw;!^_fDt&;&6MW{*qGt zg__5r<7Fe;jDPVJ{C)dAX6`srjy%x>yU=g1UgbS|wTW1z2Fe&Y@|gHA$%pUd$xLo} zb7lc$vx~g`<6D&fu|QijE5P++Y}HlRrIn8S+fQh0@<$G;y+x(=&d~VutP;BtzqQ)R zz2y}94v~*p@Ta@*H?w{m2@EU04V>vEIAhdrjdRbEf&8nC@zBQ_SlbW|;`Tqsn3R9u z)52L@7^ZwW$|GuE)|FuXQg(-6Ue9>?fjMzWLk)IJl?Su$spd@ITZxSB*!qt8IxP%W zFl9FzxYJ5-U$t;2crVW2tHZDb_bm&%x&(W#h5g{d zhP~Y5GtI(#9(eC0GQ?3_UU@F?D#P$(?+Fj4uazZuk6U`v&~-ihTSIK+uq+Idr_!^5K;?hSRGkj>^lOJe`>Ogyc+-y`2-e>1$q{)>S{-Fl6CB4_4lQ+%)I z*O1rCluMS%oufRFlzTN$?h48oUSR%4{rFkdS+b)I?}Oi(rjZT#cbYRb;}XV>R=tV~ ziGw0HoqY2e19PINycY&$%o=((xU3Gs>?J4n#D$rfgRX6^wnFgMJ4NmHOU9Xg6ww)! zDUdgymis)WCWy1y^fz-&d&sQl7J>dR<9n35S#BBEmcM0O zL*JZ*nR{zpelj{ZJ+3YLil>8L-8k>Be?@#WYk<|*MCNW<^_RA;2CmIZqIFq*6nTX! zT>jIVJ@FY=?`VH2s;_dMepn0)Uk3Cfh+{mC{Ydr|$2!FzylAc|#eLiR9Jpg3Xn z(jHmxq4VJ#H`mnW-)H^p&EdVA_n!bxv=0`9tA1L4;XnSp-AgOQb`wkN?hD!cePfkB z`pf~f*O_$hNHFbQd%mC3Z9jWwb`P&5kOwi^uD_Q?8^QdLirbq*-{bn4^UgkUMlMt* zy60zemqpvm*&H|H!}ZnXlrn8L*&H{KI>FpvdFZ8m-W)QRGZY!cFb3Op^MOnuAIKE) zfw1>?DDmO0=E|K$P9pa!oJWj&?8eWdJi{h0$N0wLbK{Xc;JQz`0U6#g!|CmZPDXC> zo|sv3hE(pH0sk`Bw`WH;X6TEdnP^Z0-Ao%}JvvTsN_m{@vs&Vfm@}brS2;JfGvCGU z1#lz$B9F*PvvOz6DD4-Q=c5|>7tA4M;+5#@GQ$^*#Vft85!^EErm;qK4D-2=S0csnx&Z?7ZA|Nnxwmv;zn3yCjHm_2s+w-q~4;o)nv_dQB@ zOG{RaBIcQU#Uszq*fH&@o1bH(U|;b^|Y^u3fLEt>BvN=x-w_Fqb|inN`>2GqF) zXVbsU%}&DSxVEVQew$_XVR@dy9#1hYvj%NmQQwtvW-Wp@74OiMJYyiwnt=7|PUW*l z))~86wn|)|6W$qkH*TPmGf8%%$%ikQ8ObLW?7w7YE|mMO1Vix^$IpwGT}?J;w2@um zI?8*d{6D!x(2DU^FkWaCvIX)p5^Xz--NC%aw))P)*cWN2<@&ofIaqy=(3A1oH=B#Q8X2fFQhHwXGH$V z=1;+^#OGqW0vj2K+?y?Zr*?=VSYH6AUCo>c>ru|>DFfS)3)|swoh#bz@%U7D+|ZqM zg!s!w7>neI@_Z}y{Y~)_Izq8FdAs+9oX5woPUluy zm`BFmp^nOr0}s2BmFwEUpK=ZD^>Xbi|4i^)aDC% z@93_eDfKDm?YnB6)PY*BUwPIMA)A|XhjIMXhNywil-3`@~R zbe7ZTggWG7B6N4AD<7wEHt2YG0KbyX!)zw+zOi}re>R`R_zXD1ZDKr;t<3H3YwmS3 zm*q$B)_pGq*L@v+UcB&`9dq9iaBFm)9GM=4W&CWs&(bG+FyH?yIM>;wEV@~7*XzNt zYy-uJwkKaP=Vna5T$y9~^&I+Bu~pKOI)h_jeGI&-o@pDoW!ruZn?(2LMBBcSwpCYi zL$S!+oXydlRb5HqN|Apiz7!rzdFNrS`33itS5uz;^}z=^^JC7%0K+}oa~fxRPIL1J ztUaA`J*N+Qu19eq!TwL7|8cms{5RIjl`y^siI+XHAxRzz;@Ii4u{jyL&P}IGj^;{Y zQOUW>_*lcOzI-+ETY2ceG%pZ~${u$GcyjHZX7WF{HhOT~sq;wY{F7NH zmda$o$8Fpd$=twBC_N9_@ZNgg=ObUo!zViP(h`ZG_161$F4%oRTZ^~e|DxK6U+?>H z#k&?~Pj^{6uw=JGKV!G$(f#uEXkBdLb>TrTUiZ!g&IkQ?-Ae*EY6-9PLv40=c^2Gt zd#OFaZ=~OzYzfs#yzALY#$GPf3F2IFTsBuf@-STA%X#GDy;NUqR+njWRcNhWsuPOu zO`l@ou!HS&p>yq;MmCxHH5|XL1owmKQ^K*b;8^n~(WGULj2-M_ z1#=QK&|aVGyKr+7(8vGFGxf{dvFA9&nvr}`{@Nr&XUorH7*E({i<~i?4sK>}?hrlk z8hYY&^h9_Z9u3hQedvPDTG8>@AXbP$eb5rO=8wU(~bQ{Y=h@>HTIeDABM&yKc;KPhR>bq9H#Qo z%o>Z{s-r#ZdF`F#j}flL*V7LPUt!n%~nbF`0R?vjQFb#B4t)=@05fvNS0c!%}L-cio%>FTre8T@VPp-;ps1#qeL zm+`+d&K!CL|5x#=XB^)8+I)1&9R7<}rQdk}Bzc&!oW;|AwUNK79@bLc97+}JiqH~64+%b%vaqn+#hetZ$5zR&2vG;&{6WB2- zOKxBCznsbYDFc$JN%|}OBYVS~nSwV{iIE2t>t*6o8Apm(FUb}YQx3lO^UTEOjvKQ@ z=NEM*RxwfXUASlYO7{etJAB|h_Z}zCEyDl7bBlu64jnr+9_U^GPvX~G!N2%UGPwY4 zb?#ATjRhx2-%iS@pZ&lwbc7zM>#wgDjl1y;7vPr)#-lZEI7JJj9mxc&!~`D2xV55!-}rz$)NC*br^ z*)YL%vdXVgd33dOZ>RXYQE!X6|Kz57Y4<5Wj@Zw=y|Ibrb5oU-_;1-F_X+7s6t zFnEXmhv1!ef@$%7t?3nzqkudMLiZ1K+Akq$OvX?A+=#Q)P(O^)dx-Xm?yw0KXl zPf&(uJA8jo33qDaY1SNuX2aAi`GZPzO`YcQ?UnpNr8;Ww0o&d%b*-*E^q_QQseUl8 z0RB&7qeta|@ohtwa_4AAeFOVzA~*(z_8jd7cu&uw=V*Ue7dbOYnTxp}Ggc<}{;$#* zSbL6k9(5!S^UxOh82K6Ow`8du^S8~IOE7*HW8MqQ=$L=M%$RRJf9ROUmB#!?aLrvh z8(!+K9kUZZ=1_e*=JnAr_ei&&z@BWf&FX+0_G2IRV`tB4(g8l4k`BO5lpU~kGCIJu z0c0z-_&R{RA4Ug|C!mZDc$YizO7>hLl*2aIrs!4D0UzUhrklUp)d93)bO7!AhB~0} zbm;)smen3n>UX3A=FNZ)k3k1arTxyHtHL^<-|2lB-oP#i%OX#ASa~;ry24?5`X_$A z`6%vI`8uG4JIRJ^9{z``Thalgx~8w#r@7gl+-!AvA2xk`e>$M=v;f|JhdSWZ4^HMr_)>fpzt2iy%8Po7P2=B0mH zr^r@+4I58B4DI=_j%oWDeab(^KBL_u((gkKpT_lF*aC`c%1&g>U(LR49d#DdUbUO+ zNd8I1bF)^g-#p6s$c3_ju(7j~i8W%~tK5?gxqUoeNoaf>ey;NH8ddmuY?f=Q9}ApS ze!lWB9O78kx&0*PkLf4z&FK~E(2Fy*mds=O?1wJh$xpHF!TuWM6m1Ng#-Q9l8iVrs zlpDh)Ul)hl));Q}#&9ffEUkMxhpyR!e$Fs$y?dWWdwT++G5f}>&+J+vgm2r%PTCmi zs~nm)B-+-|?49QX7uzFf@62cZ#o0S^K0H+SpMbsQ**l?r52yPRvhip$55A$RwRb}G z?YRHk;I?ExkZ%p$@8*>=`wq;Z1Te^ti66I=k1dq1GiLrr_hs0VF4iQS#}&ILUu2ft zoz^F&eF&}VUuFFA(TN9B6OK-^#XikSv0HJtvUel8e(X}&|70x@9B)T|Wqrq?%KEND zE9+A?k6tRjNy_BebmKU)oOKT2AQ+Dlv5Cz113Z`=9T+dT(0DsFUhpeAne&6lthoML zT8-CunS;SNqo6-M%A3d1hg*YvNWe2k>BG+-i0MPK_8dl%(~cNE#-qK4_p1{|EDh^~ zzoK8m_(EfO`C0lF+=mPDXcRXl-x++XoUKt_jpNNTXSi_#!_ns<+J|>D4m=Z#?F+3T zMDGZ%7$3IgkaQ9KdCgl}X}?4HZL4XU+z=&Qq~FASC~jjfv2If}r|>(sCz0vZ;;l0W z+#GISBj4T%^pNf*A8L%re?|S6nyFCs4;Ubg8L}#C8y+%-8|BHT>e0fP5uVaMSPJHk55GBBeUe=t`}{1 zUtnJD_x$<$lVi@ax-*WKR;Ui;or?JRUXtyl99DuqKjFB01Eaj}GW9K8lV(1YVEk6H zE_v+xinl7i&F&AjRR{JJZ~4gYZeQ_6)=@)g9gsn0E)i?z*`FzI-&3}x>D#r_+giN4 zY5zj7?EYbBzq4dp;=l6u2es!Q{Usl^4{!JMw$`tF-rqxA7#QnjFP_ic11!N5jQOT* z&85pAk*e!ou%^m}gz z7p48%X#dLX{igi>mFkAp4#U%kd+kemyc2(W8ojun@xstpUzt_n$Kh!7L)MN_+C_0t zjz-U_u8~PW8kJ(*jIA?@yhIh~e{`?EZel$`T%^f!?#H|LpRrE8Gi{qKKO z8`IDQ#Itq5YdZTuo5pu+%I^Mfn|uShhk1|6dS^{mk8x&wg0lF;ecm>E-_+fO{!m+r zbvH1ke%RmpULt#e*hjV365jjv$6?mGo{u35{NVni`nHLFc)B7~C*kGMj@D5;qn#7l zd$D&bqesK_z5LnO)4pC%3h8SptT_MLnenOqOg z);bx^|C<r>=%zW_cj$QD{;*OX=tIm9=N#qjEp4Ofyk z?+SAFx_R@|&(A}bqt^Fg#iR92y~X9*E!j&$+x@?`-C^om{(JI%tslZLg6k`@wt;ra zeIKT?7YhQ-#0zT%IXmUqf~=iS{DX6m8Q@O)cv~KFf6Mo!`yRC4hJDUw<<1WF&U8NJ zVabMoOxOI6n+G{>&)SujrMMlnRa0gj*s=ZvV~y4ety8RiW~|yD%fajY^r--U4>@lE z@Aq@p_G{A|)*fdJwD&l@DKCFyTJ12_9DU-h>P%ZoU60Yt#3a)S5Y7RS( zYMm8~M-bo68-b4#npBW~*Qt2!zVMv~$02`DMgE?K{NG=QH=3;loA9 z;jPH6h#bx>;r&wHFEeYq6Z5Z*XvnQ3#_+In@OEMWjE82YM~HCL0Qc?{ns5;sUyz8Zu+5EI&+qU zcK;&*POF)xl-bXnUl((S&Gza^^|jzQb>qvq=@%!)j@dqA zQaxi^vkI7MS9b*#G(PxaKRB$p`Fq=HZyvKvF*~f8p3u1%jalQ}u68H8?V7d{6+4EU z6`@?a${|NmiKc_;053e`J)S3bq>O}hPM?9WMbmLzt)4y;e&?eZj9G#!BIX-#goaV`fo>T5oizHWh2!jG@sdP z8%0bFaZdjVE>hUAw85Di{Mvd~p?O-#d9Z5+E}~p5bNHfB#5n3d?`ji?wu>s%f2YV; zXUhknm>bvcTbI&4A9#D*!;sBFw++mAt{}8cZ$teT+uQ{$conu^s)tpx) zhDh;Z=1e2D24lZVv4a|a8hNX`I222%ILr#}%(|FZ;Z$w+HpOMh#+H9m{utQkY;YYok4Zf{_9SiG>a~&g z`c-ahwoWy5KIhe`0Uw%Mnut8DQzv_S$go?2p%*qgLp7!S_6F)9?Fx`WAjur-nE$+Ey-BPI_*ney2Z7J zB-8WAbhV$tW+PvEgJhABU6i|#JsQi)%bZHqCZLcwS(``d_ThR~4&wmpl($%q9AaJa4)+_ptNU7=;#idMTAZf-3OwITzbaiEr*7x}CS(S296=rk%8U)bfM43QpZtp@3*n_^ zcxnN>)x1g^qmUhe;k;;LA=??eXY463$;lg|2O+J!-@`420_H_)$#=->sa4pLiQ*$cHDoopHDua*(cM|9RwwyEAvCFVx&Ww*qQ$@cF!`WGCN_*Jp&(jPi2 zA=@K(c0<0%XkR5G46QZ)vBx9>I#@Gk9%Gl)Yj0UO{B*vFJ7>|^fwSM~DfK$X^&HRo zS?g(k{mFgqU8~vjKhMo_cZiwSbKH5Yyu7IkZ@;fl&AbCI(El#2(Nfq|*op3)xRV-< zjU?Wc-c>)4S+gaxB#X39E+5lgp39EvuW{vuI5TSx z=Ag01;eBJnK|^%etTO-h=-jv8|hVHw16AcQ5V9PUudW zGdDXlzoW9~PRh9B4D5B5>BG6ArR0@x3(bzD59^Mh4>!d2p|sbien;oI{xf*ok^RC6eAmD;yMLL-hpu&y8~amQ+sns*U4xD*JyYF@+%p+{ z9`pf-e!`L2FMz*gCp;I*W#Hv!f)=_H`!(qo_$#3P1+57n_c^+NRtTO;Tv2RWzH^)*GDq>06? z#QyR0oOB-cxVeiZ<^4A6qeF>r>HJhs=l=})$!BPN6_o$J;NI@}QjGnM&b#hX)>V|N zQEmok7gx^aVo)37rg7H^v=J`^+cRg_fTOe2D)%;dPl7%O!4A^H*n!Qo36K7%$D^Wo z%G)#g)t6Zh@Si)ntgRDEm**)LootzR;$crH)Y^>Y_%SHII+ zf$r&pE+>5Z2)_9h>oiAXN9woD5d^+w$~KcvN^33UW^w&cf&4)9zjWT#*b;spM2imp zJXlFL3a`HhFKX<=)wTQcLI0y$rxed0#JAeB`}4s%YHy0)UirFq9^7E?UFvTz-bl3U zW9|prHFU0a+UW0{RnCmIlfAe%@=Y4wbT+-miyYDnO>+(%B1 zet7*_o%bgWaCHiOQwKbq1;Dn=cQ!SMXS7E|4srI;IWsWGnNxfkIx}EkRZ$1~*Uahu zL_?PI0D>idg2^3&+_N^0;3E6lvVn63`PLC_J7(eMevG|&Vt!-?ZwAMy+zg$YUC(-T zy=+p+ah1t8b1zWy0<-UbCS`Nf&vuS%v%a;{!LjC_Y|O6CWbcoG-IZLbJKSg0P+qo8 zE}d*kRk-%`36z)rGl(QVd@XW10_X77csL0!CTB1LM|~nM z4WDJ}^7y3ARo~29>1F-&W$snD9NBsrpR4Lq6Yw+RQ>x{gzOBg-yZsqx*N(lxnq^%s zF#eb6htBsfUiZ#=`q@#P?6u?lewlvmv3J%-`l&v(c;gMi*Yc&#X!e88!1r|~`@y5zv=6HD>N=;$ z`YO^tVsV;zzKAlN@IQ0b_N#BYQ@je;xjO8Q>5au~bFz)NgW?tH?+kcB% zugTs6^c`NTXHL&D`7e+M+KbQ`pd7H<;T_oo7XAVY2mSc&<;+{=8TrkNxuvXum$3fC z4$^%ug=*?BkNV-O+3>dbS$hk4<}vn%e{cIHBTr|xoe$i&d1&dF>104AYW?Yw2Ce5=@I5mPAdmw*G{62biC{@%@wUvPE`MCU;cl|Ec9T#<;k&S`cUQN zzKOQ4J9ql3fh8P(+tpHNRZk3OD>MV0NseH_T!#W>4 z8-LGUPfz31H1Q$&uXqvHwk_!oY!vLcz<w3+Ll=6KtXUd(4-u-vr7ao$#w`Zb1qIt`+=$YuzOI<(qUThHQ7?l}S#(pjBb(ZX1 zy$)iBM(Oyzc<9=X_&jvj z!20cZ=wIXd#QgEsw#=>JPQg3!iOK%+^IX~a)jr#g^?m6AV8q0z2FD?JwaUh* z0zY^*N$~%get7F`e@>{*9vhTV11l+@jjync2scEJZ%e zM%IeoeR;?G=a3^F&iyvUQzdy+^ghP=>w6+&#U?nip#pmf8>ytvd_4KI9Y&uWukk{=pgy}*WQs0)x29iAfW5xCU4(8W9 z11B=SdIC8(unX~V4Vh!ck5TEJbH=t+-ng!`?tkO#d3rK;he@Z9i>q04if?RKtyKr7 zW9K2~I$9IG^1Ue*BW3S<#}@rN@RRjyG{sKb#s9eZX7PEw!DlH)Kz=&y$o?JY#?fGe zxqHpZqe0v9TWQZ_HS#LeQLp&P0qr^DXAr}uXNd;)8FEGOofW{59h_vHqw_7_SAFE@ z0p|5~#-P38mi2YSQPM6lXFuchW9uY)xMxSUpw`yLj)hNFLqn}QK3V|{v2E{v2R}cu zp#cBDD_ex8eUuO81=f6s%DJHLvIRWIw?})%-)HhsX$-;zdm=6P^|W4y!)2A#hrU0r z}6^^HS+I)7rz{M6iws@?Bl)WrTlg$ zpA|1xEuG)G+sk(g?t^}Pz2};p-!pJszy1vNz^uL3g|A6I zOKaEQ3%PN(=VS1nokK1zFV~{~tSN9$hG!F{xD(@A&%dB@71&9&tH@!GU6>_aMR7qt zfscl)v*3}@=N#U8Ew*cDy~Xppz_09}JNY&-!u&>8WH^7n?yG;tJ8uu4HQX$X1D`>7 z%|`jR&sMqc^QatWpFP9APlmmQ%-6wV%}DI#8I|=9fXhyB`SqSk^XwvIK`rrO%=iK178XvN6M{6I}+(8||m&$%E29LC?&RrwKE;{#(+BeS?9OL=1@u){^Hl?s-aWg4KJ7|RX3s!5L#2=b|?e8(bshS!ONB3fxb7gBAGlpjso4cxZjNxtbyW%|io;zSO zt@M8oJ+1Qrn!Ac;%+GLj6YES9H#?Pg#?LK%Pg$ey(N#LH;c!+WyM}W_NynT^6}_66 zE1h>qw;;dzM`>i)beAVn$gOs7FAqDzl}E@Z^mV2kd6c5ogMD)Ondqae9l*|YhjM5 zFD~t__Gou?S=w#lUTc+)=2R8@-PIniC65lL>BM+A*moKBPc!+Oz!m-g**NlT8=gxO zTZK=%i@PyD%kx3}p`w{+A^wwXC>?8QR>eEyJ9Z#6qpZs9C;m!nCZBF;mu`8^JBV(Z zpxdkf-R`;s+4r@1Xgzh^ zNkO{d;}G3G5}?}*{YF={H=nt#t9eD3Zap5pn^%;joAv9*(d}|ew_|`~{rXWjhJVs4 zT>eR36YR&G*onndLZ6BQn>@W6tuOxhknP7Yz`53oE4`&nYrU}C3&uBSosNC$_d#pD z8u>1%-KzY=4%U{wyGW zpJRN}ramxxsIT~7$(P{TTlO#hFJdw|XOKQ)Cua$FM*HjK8{XO3f95*zA7=q{7glk5 z&(%96bHux;d5w38e>-U3$Q;%z*p!{Q#hy%HZ6IG;MZ%e2;-aXdHAw2l#6iiX zmOAH(0=}#L=;JrBpU>wk*cT7ZYeW8gV9WY%?o1`dZXsuMra)OIQTapV8j^2%R}b?u zJ!L27KG)Tp=geHey{TqDo<3ZHAD3JM#SC`1eDv6HZ>Lt3?nR8l<)(A3Y$*9W1fwem zW7F_3R-GLWV`~sb$M7(kd_5KJ$6vn>7*)QG3d8tZ5XPS2`;nLuKbFq~VdRE~0WWxR zJKT?@K^O`4Lz$=Iqd2f*_2l;bC-4iidGw5JuDRFgBeW4`XT&#;W0AteO}P zV|)`T@@bGuW5X$& z3FDjvc4xNPDfTU5pMG)F7GeK>DbJU=<5avy-*W!1bQs5vi2t~EE^9B@uaD-JV6O!4 zgKKUqKJ?%3ZtYuwuZ!QZXFGZlz5BkW^ViD*YtH59X5ZGISp}Z7&g@FF*5sVC&Np`_ zC-FULpg>y%);8vBG(O6%^e6DIVjpetu!6Dizy4dcFztpI|Rypu0Gf8&){lsqsu~ z%HvqhHfO-e`ev9w5iyDZ@nAHTH z^RKdwev37<&WzqavLSZ|_-;+LW!E~;*4-z#jJ{>l&|+<4@mXYP{w>x&N$0%6R+Vv1 zyeR1J^X@`Znd^D3_qBYW_nO@m?mXAKRKl5H-UaGjgl%!T`m~Eay};VOn!E1RpPtce z+165jF0lP+Z7hCQx!lgKYuoJY`~H#o_X0Fs!`_L*{S@RCsKu94*fz3ZbzLLBYP)iy~pp({5EloPtiBZe~U6Ts{521m%Q5h zEuPYzMT-Zwi{Iwl2l(q-#s|6Gw+;F&SN!d$w(LscCW)cDNB!TcH*5 zUh_}C!PTRAbb#jBYA-I@dw$T!e9n`%@O&(FjbEAePB@i$$M>{@%)6z)gI@cAr)OvB z*%J4exzB^P^ZQ2fS-2iw&rH(?=(NAOskk4VRG8L;tfT(@{O;uYA-;F8pZ2g*jMBLs z`9F((6m9|j2KT&z=2L!llXr%T^X`H3*pdZ%X1KgD*fTC1KS^I_Rx+1?BY2K-Hyj1l zste1*5-w)H*IgIIk+Cdi=I{8K)t8d6U<6ATSKFy&+ zPBDM?q6XO$+5<4Ms+svQ2VSMWH;f=w{5JP@zP~BcH-o#n?nq?vJr!-2iO$K7uJ7`4 z44Qlf)M?^Oka?b-u&yh8**f^m#LP+_?FVjt4!Gk!8}-xh!fg5gFYF!Z%$^p+^*9$l z!0=^P6xXY2%H!w9#EJU2J_c9`Zw($tx7*)_$7a)ac%;MQyTWq)*WAJ%J?Z|_pC%8C z^rG@{N9FYDO3rBDBQSap9Cam=y&dUf?^EEgD|u!8YH%q08y^Di+mk<-o4t-4W zyas;ThyF=47DtR~EcS4>POB#;bl2axorkyXX1>&l_Vi6L!v*>!9m*ZcX0JHk>D^N` zoo6$g;zg_l?^Ainuc+L!dmy}v&WA>;usmt}cU zI$!aMPbEtHEM2X;mGTFgG7of)=-o~Z9nU`8+0{Iv_d@0scSf$W{B3D>J2|<`^ECS! z>8ncoJsEhDMB8QNUMru!$I_=b{=UHSH~SqGu01(~zrFQ#98XpS`TH1PCA@Wa9IW2A z;P0{E0{;FJXyVU#@H`egj}eYva&eyGcVEwOZ3kXKcD@RI`WfFFvbz$!X@fIki_en$ zHfNBa8EZf8J!NkO{L5Ci_PH+`>cAbgnS9KrmG~K$%Bvr>yN2}7n@e#px65`vMmW~)DsCa(JEC*K zcGuY60(2|f0?m*cQ0-f=lKO{Rr8Rjsk9Y)En?Trpqxdx5r=CNjRw z_bxUcHl=VR8szsm8SUNM-==@BE)=e38=H^coB3^QzUP5O`4=f)qq@%rY(9R6Y(C08 zLpfvffdlbN-%38M;O#NT*e|){=r)HtFuI6yI%Tos<>l*qyAK^iKDDB3IA0bncWJbm z{^-1m_xzyjL*0Sb!gJs5qs=={h7Npp{~Y`;2Oc;!b|25au4l{KXQGqZ?n;xhExmNz zYHRm_+wIBA2KFzJe7$U-u$1~w!v9b4y^HT2c==gA&&Sw)#9EkqnaHp9^!L5B|I)Iu zde4WgEiyK2_tDpHYdv<1a5jA?9?t(2zMf^g&Gh?8_-&EK!S`bLE@0c494+rkmVRKM ztNG*gA=?hyB-e~RN1p};IfK2${oR%P_|Cpo&R)Ed$jCN%`C?<2_`1*NQR;k;94Xi< z;P@0ipD?;lxo%|l><6xLj~V$*Kh2z+4_!4UvF*-LIfH}$@NoHwvbZeSbwhF4>f`e0 zaH@QpZYZ3S#6R=FC-m=ze}t1ltNzn>&!)R*0(4u#v!z3Ax)#r-D?HD8E5qivGE6=X z%}>FUEuDM8DK5v>^JUL$Pxj0nDto@wPP`2=?1R8~1sHkY8(hwC3@-DhJF|ZzT++`% zHP7G$oteqQ3+9f?I(|>b#$&(vF3K7C5|K;ST3anfF8MZ|>OE*NI+VCk6UCnctQ46&p{o%Gg-cyXz$Mvv@cS5BG$5*x+`2oL|r>0{?-_l)!W-c5Zj?JeX2dDK-czArH;o(0E@S9|{)|Z9!Xye;*#%-L}L#`Ek9Y*(= z^W9_NpM8w&C3tZk=b~N`z7xG){Pm!*(eN!98%}q>8=TjH^XcFSI8htU;BOl5s)aw# zhO_t^9f!Z6zSOSBI=ac*TZtR@r+xe#9gfXs90zBj@Hg7U-?`p6Ptda&JVPgp=b7ka z@OhDEa|V2A^!df$UVn#g(+#EhEc)!)T+rqiU|G8^eY@w_C9*p5o(xnesmB)-tf1^eu8oEshH=6RAM?2!ley=iZz z;-j*_e~3gEFz_r6B_L=_Ti!u95 z>SJK9DB8EuK2x}F&)B{VQ@6CwRI2OZq_kHQZLhS?RH~!?Z@29Q_L-t}OZ!Zvy3sfg za!l-efOyQ57yrS2jC&3Pzp>&8Wg|}khgtA4ZPwwfvh|Fwng2BjH-0D-kBKZ)46ERB zr}>4VgW%{Bjf<2osl9pS&dHV!ky9I*;Xg072wn-t77^dt=&iHt`M=c3ftc4x9-k6B z=KC7#vsr<7GM-f^zV$LUE-4HDN)rTVL-DOVf0?~8ynI-I^~nXHkPZpx8@u zW)B_OhYlq#d|ToYd~$bib{zU@f6)9UCQkEvFE+9E!c4ge&hu1HaL@E?bbaGGH+uVK zWCpZ1Irplo$RFbrKhHDH>6!hD`+=WDjwq&YGxU?cPVt$+erb+3d2}SkDKpr7Vb~r9 z)_-%)VqCpVp8Scc7gs*v$y;KBV%zyqnRcxFIA3FnsT-X~SuY<7`__i{9~7RXOTpDM z3!okGZ^8+-wu^V@Z)EDIKrFU>M!eiq>qoQCkh8m)OFGZt@@P1o>KlxsaiaJv{Jfp# z*Ty`*PtQ3wA1p7PRDZ>nv&5I9-9Gz#Y2u2*@HYd8I`C!b`O$E*DuA0?{ugkwvJ7sn zDubJ)N5Rd{zi@20Y5EOtb5Z~|^#R;yZkqXO`2oI}YGeKFvvJ7B=riQrwaB+nUHEGw z&y*t~j+Z9V?~O4$Gmhu&G0#WG;7fdz(D;qqEb&H=$G&omczjEHI}skUXSBb3oAkSz zKQkl`)2H{!R#lG4>|;(b_Yg902XO=sN9`a_MzYp7`-!ag`&sYxVcY#1x-hRf{22Bf zK7kxQ0sJb(oM#i~Ug7_%{O{-UDl)O3a_n#QBkwC-z?Q4Nr~!Y)tSR7GF!ty?|0nC( z4xdiW-EGvl-zm0_cAjYR-uFKYj2(^il{{{=ZR7{_a?=x;e*gz@@~vs6OWW-9rp#da z^pG6wM+X&dqffF=?{JEREqvaf&j-Lsb46Rqlj}OCc^Y_B9}8PlmhZPHcZfc|MV}5~ z6ZJd2&7(J7ey#LJr~Dn>{h(?0eo*anX$?r zSJ=kqHlC%O;!E_ii}KHbpV~jJYqQULd7gig{o4zi*|)GaqW&pQ#--9R8|d3DCU^A{ zc2C^c&KrO`2wd`O7RaxeC%p zTGQD)?Y#eh-mh&Wo|^oe@+aQlmcb5k{b;n4zfOCx8^2$hNFB(pVcp7n)c&IS?ohvQ z1MtDSbl|70ZsMK%1M(BdrkYWP*15A?T2JMyO_bI;_mRI&{&!*(R?>&W2M*?2@mny@ z<##pvMzqtn#*I_BN9$*mw|!k+Dr@`_l+CreebxE7&%MjoSJFq;jq3Yu`mS>*vf(tg zzU405HIzF*Ir(NQh>gv|XUgACj{hzDmpP{HtyZ^*R?A#?ee_dww6wSbzkqy+^2v%< z*ZehcAj0nwZ){6T=LF5VU41wVewWZTIK}X;4ZIy6p z@vpcRJMX3nr*o+Dl#7FQ@FKso#i`h?n` zZ6T(uiFB(LEoRw%5Yv9dQj00Iw$j#2qGblQtCnre6fxiD>)dl^&YjF11KU6Hn9Q7W z-sgSZzt8*pvUrUajs5j#gKHqGBXj*{Wp#9}{~yzTy26(OWOY-5JMy)j!Fp#qxLj5R z-pXT}{zv-#|A0379@yX%?KSo^_wuH=mp3`QhB-3-@1s6CYUWErz0AGjkkYhMjzzlL zC7btZZ3E+NPfWuf2eM8KnfR=8#!hE0z-j#5%t4s%Y-60#Q=N;jbZKWl(RKd;U4Hql zpNmIs{WT5jt7Ie?yRjY2Y0|`)>9vCz0y{F6bx`Xw9xs%G;5=wQpP{}DJjTGqr>iKI{c-XV2W6ZwE#*d-&zsOGn|`AEeD@FS8EcUJXyXDDQa$7%kP{%9%#` zHol$TlNGV{oe?w%)(g5S@a?q)e0w7}t>tf%XMAb;RdDWsCh@RuzfioPFB1!F;`0#o zj)3DKa5|Fn?RO!|sV(o}+gDlNz8g93K<8rgf7JT*&A@(;zeeD%^)kPNZ}RJH(8l<6 z`}@!MJ+*4iw2klgrmT=(2RHfkI{NQg1zv0N{Q4STuHx@);2!g`{$2TB$tOC#owI9! zzYhC#U|*Q>?UC!VvwofOb5)LCP7yDdI?H@m$gA(y=|{daYya*92j-!ACqlRnrhR&u zZ-3+)ORUbTtU7|XHS?Z?sUO(K zx?EjjBdDwQfC9hsj~T|h2--o{e!g6A>wLJYsdt2WiiwObN3OEIe1RAC<>Jo*A703p z1Mh3(NfaL>sUz83{ZIIwW5Atf$2LFDm(%7A+3jR?c6xv`vMbnTkS6%#a_axq@P`&B+a@Bpz@#PZ?E;(OLS$cvGE9A?8HCObceUds| z!1^oEbGdkgoQ%u!<<$S0{4wQe#@)}CS2A|jmkZZ%xpBSS>$f$sI2s(~%PV}^hkQBh zx+{ITInJ7x=zf*xUSaVXDH>Z}E?fgy9iHnyE2|@O{l85A>CwI%K-ZivCr7=PGr{i* ze7X7`?)U#=+Nl4)=IV^9#-7$(fY?1b1YeF{H$Hrbm-*MZ_;BhguPGnZCEK23z=$YnBgx9(w#H--lyIvp!sX<2yNj*PdEDs9_Ro+J*df zO<-3zL!a*tG+u)qSBuQXnFy+LaY}j zCMK%#s;9LssF>QkVDZ$}30~)^_`=qei>GcZ^(JdQ6L~TDdGkbciq&mpqiX{78)9!Do$8WE>zm@yHy~=OwuQsqN=u^Bgb9>+^PS6|Am-D;M zdboH?my^h?@+a;(LTmlvsp8kq8GE5N0j1{Xj7x3>>%nZE}HPtIN0Y|usP8s{V>S|Afd&Wfj;kwYt zhGtfRb#kcbH(vM=}?fOTJH+S}fIZV59!(7t+Z>=r7CD3^O zRCM3$32f^)e=4|{dk=$pebn2=9Kq~G5w9uN8SkL{49N@UT()tBb9?}&mbVC?rS|az z^-iZ=7ET#(DA$_^LAhk0wO;sK@bonSoDSfW`EWQF!5Xp08)_9#-xZYCR+#eqw-sb_ zbkIdEl1Yizprz`w8O{9c`>SBx(@=&pb&;3C^5rf)qudaCY`vF}3g$vr;U=6k5G zwZ_C)?=8;cFVx-_vj)R&x;Lc_ShDGQ7q6T;vdwoPud1g#-)0Y$>?v`zWLbPyzpePq zY+hgjHXl2!I-2W$@eJY#+8B7ye>`?ado#_vl)6DZ-T%Fu`*eDc5ALgA{P3D`@uy-V z_bNBuwwm#oduz=+QT-S>^82}+wyM)w$@%R{{|;uI<C&Ft_h?&V_h7kgb@sy0U9lxH;qDs~+#hG*a*ldMLT3Qm zqj0Oqp5OaO8*g&>_jAGA1Hf%jN$i=$v zEx*g1+dZ7gewT4c_K@poX1?^=gr>QyK}hD-;j{bs5M-|hdDR-0Z1joTi9ZoLl7v?7 zo%pl(Em&(Kb~&Lt@jnKgeB11-r7~y9-us9y8a(69z5S)t##U<2r12x{U%QgKe{^3v zcdMHB`x3-cW}fQi8qvK!zGifT{l=WjDV01dHg_fIGXY%MnY*&ICoVgeq1_?c>CBSu zbGR6LeHhstPyICdBphn74Q9_DGAFw}_+o4^_tAUAR_>jS%8zJ`k9<9Tf;(vb^q1w& zo&x;&`Tv4Hzhe&cm*CG!Wdq~S7f+HuYu|%E@gPRF{PE5V^F=YT%a@_zONZppzRM(^ zjxX?arvDoS*o!Ak4jy|g|76}fK?g%`tfF&EOT4F895V6PTzrN6vG(1X*n`+kco<#g zf7y1uA={O`(=6xz<%1+YHH=&Gmj714c*d(-tjemG@5a?I!p(?fEW47!07NeUxyp9<%T!-3gvqP9gd;HU2)D|qtmjf-=KekyX3)+$>6T}8@LDaH|@bU z=N^HjGnb!-ZuNAMSEtzBgt44*RYn=^z+a02G)Y=24vaXOWlPJQkmX_ zzv^!G&2grEE^E2k|EWAeN_tKm>Sq+I+1Ms@Haozz99-SGgzCHPwRYm}#VLq4<4JEOgY)WDdP4zO zlsw5FNp2M12l}411>&`A0k{Tb_gR@2&CK2t@Rcp-KCL*e{|T;&1Mm$Qmv-hZL;7JJ zY~cLhe`H4oaZdeA&Z!UMocbW%yk`9vU3nM%)4iOssfu~Kd5?>;5D&<&kB`a6>nud< z(KI%p8~ft1uX0;_%ZzvD_&H{+10}I7UDy`r&G|OQJ;9@2YzsP`h>=r~j=C|xINmqx zM)sjqY7TFiV~e!jCfb>EX7ivk=hL-DrFlR=r#9%MH6)uq2=T8u8zW!G+4E0u_I!|u zMYVrZa1G7T@qAc@=9IJN#?a~u&^)lm((iwP#(|yK7C&g-{4jVqynP;99;`=ct`NXl z4BfMRBNIX2&$Di-+)jSqpQdlMRjx)cj^4m-ZR9V0BYT}h6F!l_1ap}rHgGv-|6i}9 zK6a%WIp~4kuW3ym7_SqTJ{%v_+tN6y_r4L{u(p-wPW@Knx#pchPiGdGk0nl1ZeMQ~ z&isY;uqoH!;y)4m3(-2z+4GF9gz4Saq4({1+kVZt$k{2#*$Ce89>M!?XZ1eJ8MBt! zv!4#@knf*#FTumyOVDz3&j76A7xy+ zLodPE@xAQDs-(^~-jUzJ{H~3C_#1Wa(0X_7V)ki;WoB-W`?wjIxe1x^-=x=hirqcu zvPb%+UafQc_w)_#4fq#7&s*36Nhv$wGM+#f_$$U3 z;4)WpbkPmm4L#6z=+~t6ZH8oSzw7HdysuFY=&ock<&l{e_Nb!9(43C&Ed zd_MY%jOxAG4(hn|0+@BGTWfK^w)Vq;G8c#2gaf}7#KG1T4mE;H%%B{9fWyN94tX#y zSKa9r2W)&l94K>fxKcRqTR|LbUEwfBa3_Mp%p4Bu103>To<-f=V%!>^ck#sn*&`6Ry1olmOmf+X#* zoo(oO8b2dFSFTC&mz_%zx237WZzex4Jd92PUwe>@-i#&=qK;s8b2o-Q8+bc&pmu19 z-TQKUP1p|Y0)A`H&8v5}kPm6(ujSU&dpUPAgmuOAglg!t$h@s0d^@b|QQX0JvAd&t zHFrtj3pD>QcWo$d-7|Ws(N#-N&6f{R5B%GOck3~)^QKwYhDoRkkFb27=#O ze;$9gtj1RPZm75P}{3`QBD`zhz-a5s})fE_j_WrUk{(|4y z1C4w5BzL6vU3Z1H;sc)tCqvhcXu2-3Z)WB5PUF~V@oO#C-p(2G+iO3ip#|$XtsP$H zNYSFwk+)iC!J1G&i?5vkE%s#ZF3Y0@@LTKAwR%1STEzJuT8s~9Q5)nU`_ni$Z<9Y3 zjpOeES`=$fY*`nPg#dPm;`I;Bgx&6uxHh(Oj-y&kVo7=$M%mdt*t~EZK*im;cpLk5y+Hu{} zp_uMY{6-@&9dTm9=62keuC-&>(bxC{F%m9 zFs55>;{%JrFG2PArFv7HXXDRcTzgcP zI4?4`&5Hr|3I~2GNC#V2bl5Jqk zfcmP-i|Oj}Vme~Q{Fv^yzoi{9kBRAs`Ake#DLyzc9kE)PI{X%n>42Y&=_-los3Up# zEV$@%kn%BcGq-%tcxK7Ph3!x_rjw7U_5IA=i@eLGE2f)dV>%myW@9?y%Y+-#DX!LU zcilBLHIaCuB_gJqXycM0vCh|KVjGSwDjd^IurXbW*I6nX(&+fuo<&oM#j`%PgZO`- zG^n|-FbxF1wUT(F(uwI>i0Q^LmL04W6Gv6KFQ*Ip82z$9`k;KEN_cyVA{Df3lZaq+S zd#D@4h>E9Q6&)*Yo2v0ChSJ^fnkQ&}qxvIGfR4dB#_=^_e3R^L7A)3Y+glG1=No=I zyi-g{j330LZx3YIQCoo za{CVo#I)I%G~C|wTO^jv#iZeO>i3DD-y-dUn6%{cib=yTLhFJ<$ss%QNv-`UpRL@n z)(hvd$EdZo;^~BWhx7c^%waRLIIBJDnGZKrkzdj~SlhveJh(Z>*oy9I|G)C;s#`)X zaaQ$s=2m{)ZK{i0X>Y(%=65#)dd@jh^xl7$kha`|rulNFrFQXZ)1Nmp`!3;bH^J;8Zi>gUt(En?3?ZN}RCDSO;PZM26{eeOlRg7+QaTd2Q4UoLM5 z-gnH&OQF8P?>pw|itf)x;b-rnrcMaI&|6u)K4x*t*T-t!9p4uJ#tdH{&kOYN0aqWN zqyHlM_@b+i|EanI(#P|CIf~!bi$2m{P9Lv`*2nBP`s-uveKXPQo(P(S^)c6`h(3n; z4C`aAz4}}n(P!Yle0>bJDWs3fM8g5=qoreGe>$dSos2$)@w+%;OksV@wK+L`%(WLC zPmAa?tdF@iC!&wntq$}t*Z#frF;`dkz0Mr1P@C|3tGPCzy&<)U&bF3VXa1eT-J95h z#u**gj%0H;+@JL@_YbwKJacMuv7;BJjp%uUypkg8yc*~aUYt_v$jz;DtDv%feYns^t+q8(Kwa6 z>G?11YXh!wH-cLqy&k7FTIVzCag8ON_sn44HT;Htxf|7!4^+NlAMo|PIex>`=9MF+ z{wr<%V!0d94crah@0Gi8>%Ld+#;yCm%-v}0%29|GTeu6oSnfu3m9zK08@K*V z!h!k)ap3m=hZ%w!wvtF+}4fzH39q?&$H#)0YD0kDn%I`~hFjjrl zMdWUPmC$-zUhYQyFMox0%H7a!TDcqQrvDeY8^L_{h_5qWW^d|1?aKX-GMzaBR+FL%>(R^jzHayP=ibxld<-P5rR zlWypjyHR;kxtpWcO>JFS()oW>ul9!AT2bW<+1!olE<6Dm#B5$9-xdpgYkVYsb-DGp zdiqiB=IB}25bi)M^`6ptoanu+@fT*#Od)%pwCi#CeF)d_7T2Qf?Rs2(d*yBn?Z8EQ zuv+V5onvdr4a65sts3G@UZlB&XshxeoKq3~DoZ-gF?DVXug4AXW#+_m^!@i z7_50V)|ovyn(qtdG4|M6IeTDy%@sxcT{5`eIM3hd4N3M5@OQJB@0)W2jW=SuM)Ybu zPVjZUv6wH--gle_TR8p<9MxWMior+*dpYx9XwRSEXwOk=Wvp|mp^1|NX}sC&R|;tI z{S%-`a9$ywr{wUU2RV?qp9Aq}vdGY6oJ*6_io_T8tU^9)jpd6jO^U#%vAK|Z7+Id2 zS)_kEx65y<{y*#XUj#-l$NRzE?Cs3sODN{+Am&3}(~acFH+Y#YV!h=3?BRQmn2$SG z+}JCK`BGab-|A&rR-Qr3NBkE*v$r+=iCoObJuEr{efWO(e)LRYzG1|C!@@D&rs~WU z;x}<2G2a6PV!p>id4u`Z)^%%eMG9Px8jdMN*eD&2Fzn++H_|&0S5c56f_1}Z_9OESR4(-7Tev4YK zgNMT1&|?ww(0U!QYY*6ZB51>(cddYxOhKztZluUlkeojKxb-X1KO^Bj# zC-@47F2St@2dx=e9I`QA9?X|icb>&zW&s>1b8+~!aNxIsbg*@W!*0Qy2@dmfIAmkK zJeW^XcXxaQ`hH!n_Vl)*YkEh+?7>=7T{z~$e+Vz>!8g^{op~|eop!wrSSIEpmUP$a z)b{%E0Z=Sl+_a znn7Ql9r9zo1>uI>!jJhBck4H;*UcnO>KRcu z=9@{}0^Y5=N;-R|D(1Vsf6PZYcPbO}ePU|sj*`w%vLUtC=i-sd>!-puv;H7hFYC>y z0ovl2y|*Es27=!j=g#Z+4NlBQKT{O*jlhO*FL)61(bu-dm)w{yWbc!9y)M5G;rbnm zYti;WT$;zH2|b=b1uy;`pmeBI5P7r%vI2X8kQqV*>28F>79*(J|}r-nUt|%knTB?}d1{B#2q_ zV2dtYgB%_ffsu__^I&BAKPwcohWig<*1Wdr{~5RcA~1rO^^BD|j}(sc`Wp3q;t2MZ z@rGh8?`Yxwh)uINWMfl&bCMXrUpwHP#5wW@@Up~v(%e;ppVMz1`Nihi7-#6W%ut-E zv*!Q2zi)FFz9Pk2XYy^jn`OLmHupZiMW5yOv~5Y_>sVVc_wCuaY8D6iqOsZa>+9K9 zwy+Jn&Azg3$tZnSBh&H+3GM`<{&wX}LT6s6GevSQAI1O4`5yTDXW531!(PZo;6GXO z$aE234Q4NU;@%%`(dYPkAKj8RK9RhMvj#3W7Xni`lk^19gMRTv`TdSkzxW^1Z(Xk6 zZtUcnyhC&t-N^Po+T;C}vwKb7;Ai@-P@DdJ$JO^}`mV5jV^{P0{_{)tVvQFY+RPb` zV9Y zI%D=xt4`2naEEP!EcC!rz1tukI&&tpheo>_&tJW*@s%0gMLIjgygN?*tMS&=ONV=x zZHK;^8>yYnIR%($rF7A}d)HCYR0A%lo>|kXc)M^qZFSbkw24!vjB#KC zgqN?&@y;=<7x=n7qW9-N?c019zNw9oAB_RqpjbO`=HN||rEFW~SYyhAwrBVLE@+FK zWZPm>BzK9^25)LZJ|%}$vJJuA6^$c_r+m8Zfv$(?Px3CBTod!4%P8nVj_WMZ1^*l$ z1zm1hU3H3gSq)>;T~zdy(He0;7xC!3z*3GhwIkM$+EJso`pjJi+P~j5=^3*|(lv!o z&T18sx%JjA=kJS9A2%~k8YrAVcH36;-(w*dqVpJQ+sBLw;q!oal8EWA{77)eT_Jof z*St;q0^UGiHw+q86u;!hm$w1b; zFVvft&K{J(;8kSJ`vG^&yN@~GiLQCm-GrR{S+~>z5`aHok?@)h%J^AwIBG ztBoJPcV_#NKIWg*mOW7%vDfpS()m}}bZpv}HWE|n4g&M`7rx>n+#6=fmM8{Nj>7EI z%EFe81mmt_++Fx5_dK?__ZK+7U`?a1R`Kp|;$33iIPoq%Jd9`fzJ_ePOZ*^Pi|_X1 zUE)RMb_&J2SH*l^kKei2#G&}de(^5xLteZa8c!@6?=B?XUBKNwPP|Ls|8#(OcM>=S z@h&k-DE6by8tSkXW9~dq>>k8^3;qgvPQ1R^yj!XIc`+w2KMl+j{x^*s zH}NhpQhvX;s$XJ}F6t}JmOs~>5tH41iB(OUtr${qHg!y_OWakc-?{2n{&1x2SMi#A zrk%cKQpfa(9J#UXNcF2&mpYOk6YB=N%Zqh)DmGGGWGEZ!BFp_^UCOKS?hy#Zx|FLw z#kwyZ=N_v#u^BR`-wMULhXxUkfRl-J^_h!xLvj(w`PY{#UI@#EiFKWRw{kCv>m$Q* zu05J1k1Ag4ftLBY*)@cDoTZKC7`jtPcba|0%-a`Fg-0ti7earD$)ojgC3xbe*sJE+ z3EhP-6dgPR9UNrtV(5Y|J>c>hxPI;*L*N&3Cqtee8CuF-ys(^U~2 z<1}Z_uzegIosW+CcOFP~e#QJIH9$B)j^X&4FdW7FKAvB*c=|Cva%c7+$|fF0rgX;Q z;uv~X>SeTcqIOK#%W=$Wpz!R)N%W*%n`{rm7Vwm90&q&s^rycq#Z_^AvA10&t1%R&56&T?d41AoOW(kHz~R(?JHGJYFpw>{?iGk>9b zgi`Fm7cJBDDg3LjFNJ6x#Hy~0ir!y^-tW~mp#9;`%4WnkWbx-5qggbeGKk*?uMSPgI5xM zXzxjv-lKxPUHrzLUgOL0*X>FC5BZPw4b{jpXNHvD+337Y<=P3wsWri#cFz0v<-bh@ z+<8V$O^z#Ur-Qxh1==Y;vD7(#p?+e)K6cJH73$|w+fRPGfG1zjI1985*>dRRwpWbb zRp~V)tX=uCU_igF#%E@94aN8NAlJG_mpfI4akq_Mwr7TwLlaY|Y>2t{W^unU1-RV? zTz5ZzK2DPVyP(JT^5707*+A}4f`7#~`1X|Hn?Kb9QWIW6-Va}El- z+VAXuOE-7^GLEt3`yT0Ce*M5t<@+?z^grJ9ZC!qw@LuJdZwt{68oBMF=56RtQU83L zJxPW9vkTiDclxi96%!}s@G3U$d>ZBZXSbj17~aD_zbKs1`xN?)9l_@KHqV9S;{2b& z8G5_6%e|YFx6Yt%es*D<7;ZLd!Dg-!JVfsgGcVJ z)Bfu-Em-%%g!z-ZP7_)unIQY0H)jP_J8)CuXg5K8WsOELkUMvz&g1Hv`Go1aPH_A=>qh#` z_KE&$ZDw%7t_|^N=B&o=^zV0z`o&hHu@$CY`LVoyzeF9=CpN^LvwlYX4sd_WNm{^O1#wyue);(ud)BG`{MF260qIW-)e|Qbucm}`g zRe!LloHaGYq2$+j_kr?plpEbf|D|ho%?(|DQZcIXQ3>|6-%iYi^^O_UIK18me{88oP^m}ScY?@??eRsoBTVvDwx~ZwU3sErCey(k=JB1!lzM9`# zYj1lRyUX8gPd6{%zV(g^p8iLjXY&R(B{<`%IN)EYt5}fy%4LgzcMv&H+f+}iDal>7 zCFF&E3LR7Unl$z&J;fv5m^E!YZ=R=LjZI68t)52wFj;xfpU~FiO4;M1H7$c1@xA8$ zYM+Qn@6YLF4^HM`bmLLhz=C@+F2FVjkGP|fE?dr35-%Cu97XH{W(Np8mUr>H`UiksrZaKf}4R+HnHm;R<-CgD^(j>DtyE(44 z-mlHjdZy@~FusvB(#G?r>K&4vS8Jvn?K@^@xsiBEZxragfi!{J4+jLd4ewFTJy!0+6$hR zU6Q|UsWtDonz^IaA{XvDzPZK76!&kJSGOSM{b{+d+?!!d}^xGcz9@sJZH8HE(Z$146 zHU@a+?dDem&%|pvT-0VXZ@cCH9-7ZJ4(`;QG+m3m?3|9b4Km?)U2{5e7R#^^%c-}L zyjI}j79)f8{I*KJ`}y~z_N~;}HSQf=<|D`ZHYWx#f8OuY0J*u`*`&9(bQhT9R(%ZSjx>F0 z-;i>c0e;Q3CFsy*yI(D=K_H%ac&Uc_G_DD3{#vJ}bwEH1=nzl26H_2(+7^m%*Y}?_zuh91JB=}l~zHRn0 zM}*&IV2v8G=~4FZ={~Qp?He(5TjPNlW7v0L&hwN@xBJiWgF8X`8V85YYl;_N7e5wb zOQ5^%8gTi42Q)zc+I6R(p)>!R`<{gtaw(eY{#3O&{F7sw;a7VK`PN&n@b`(-1jg#d zvDE8Qy$OsFy~x)C`6qMUERb=<;(}#md@+3mGX4qf8WRr`qbE+Y@-&COv1RPhm?E2K zaEASDgdF@GL^L>Us;1I}M zhkVpmEkDog{hDXvZQAS1hWb)oPw(4lJtcw6A&;5VR{jDQwc$N+*Gnek`-ecg7Aq4i z*fV58^JeaO%Addp}{A>)#QHpznL6T!p^V7ZFKbG;*I4(81Dm>kejZy-eff*TJ_1ke@JnBxU1OZvr|uflsR+*>>>2+-qUlRrKC-3_neO+lV=}XU-eN`2|Op zRx(b5qvXZcr4>Qk)Joi>Jqdb)OMOnz-QawFdmnbL0(*fR!CUMScpx{{R$Z!fsE~Zq z=BsKmRCdv~F?POHP#(q^dAOFluuDu%$bHkx&=+~soJq3ZOuTm&wDUZzH{{;+3S{Uj zlx1be2ewDJkrOs+M2a7^2K06E1o}`8v5evf7l!d^)DQ5grQa8Ve#zNu4NLtBW)1Hm zt8cYe|HXLrA9qTJb3Aj$7N?IVZ67I%SJc=7yeet)h;7qK8~N|(Hr1J4_^fePLAx`l zYhpTwb|!8!QA@MAj9+*D1a)Hr7=KM~urIIh*hSyF?KrA{ zKgywR8o7Bd`quohKYX)?!j9!E?mE%91DR2*>hfDLjd<}>`YOb~nm_c1FPTxBJp;k- z&HnAt+nk*|Nj>{0@?>NP+Y#tl2Yk|R@1EWPJO=-HXJJfK;WTm^b|egQpuhWE5i zRL_oLKMk+)^z6<7&^d@Xx;|Z8&t9>8oQR&iVA~8t&w^aa$>`ZiOS61E8#jRQ4@A$l z*m30R+0cQ&e-Ax7G(bK3A7u1I_3RLB-qQ{g)H5d*#Q!RnD4!_1R+ZTMP$E|HL<%1l z^2PYy?>~<(##hLH6Z33OGmjY`^ZwS0ZGFY{p?z_^qj5HSltvO8mNvB#gK3VZ{enHy z^L?k?qcoGUT5y>Y>RnLytYdEYwjJ*9r^oG}z< zBnSI@B>X&59s8DUV4uV(Cf3lru~3`fd{v<~W*;H3Sb71pt^>bCd@kmb@hO*4h3_=~ z*YSTjW%SX_*bEIArx^otBaeOdx?}vjf9D+|?)6C7wNvx|OwZ4$;8qtnO!rVsr-7FHp2G~ z-jpoVF0fBee+s)@psm@ri0vNCe!;`USBkaovu`Pwb1~R?!Pj2FA00&>_|DwyXR4Q` zo?;ozU(Gw1wr=Yy$gzApW4@R;`Y^ISp0TUVHuB)g$;h^ww{$G*Eow88x@w2~kB<%B zG?+iVRtdl9zB}#F5suH0*Vf(=&F8v+^)-!|-zBr%mBeD>EKiBy zJ{ZO=X1j<@6z|@}Su}E*_AMmV+T*-i zPTZeH=lj6Bk8w+n#;jXEBVqR)tO6%%haN99cl{XU?z}RHm$goU?&SAf$b8wl>+a$Wpmbm9wAVVQ=OqTGW}Y&Q zy<%TVv4$c3nm3jogO2;CzaN-0ub%dy40Dbx^l^aS_Q4P6pqxU2b8>pSPJ8{-ZkyH- zHdFSpmw7+Gr?!gTXY_hwy|b96~}NM!4*@-k`Uek64y_rkZk z(buUrc@soAll0nZ_DXW62KT82cLM0{1#@TEo#+oacIBMQiCay-%k{svPu!RD2Nr^#7k`;?!49(=XlqBlScF3TAoaJ7#46XBz_K|giWrys35 zDRwvY7en{@>dbf5&mwSN2H#k_(miiF_uHns0=SPxcSNQ4p&zG-eynXT@Og@in78Xq z{#1C^<@*0BFxAJ==g7M(pbWXtcfAqylXJ+w@!K}+Y5-UMCgH({`M@R*w=u}43obB} zYt|hHrvEv9|8AXMsSY+k@7HsVo%{}X*7mQrKd4s=pRnhTa#sA}*x)1S>C~MGf1s(> z!_t(CmIlrgAI{u_H>Fl()2pe=-#CvPftPs{`fLZzk%?aB+E`-K;Yo}IxeVk6x*k)JakNF3UaGtV4a&L0HA^oZOoj=E5%{P;;J6Z$l27Z87 zrRD3r(DC&t*y5G&2bmWxsg~-@?;fene2cX~^*aWeDO>kDy;Ii6J7v6+bO*7Md8_Ow zZZZ&i7iGP>wwPvhVl%*`1;A16~{+ zZs@yR{yAiShJfqK6 zW3MIWymy+N`_8G(T*exi=%h8*1U6cBqYYY{PtHs0eP-pW%45(H+2<{o-UPNuI$-7g z$TipttqrBn1)Zr@j$8R$k6dp4xd7=z6?RJTYtTNhl_vh6ybHVn`}9rTsE|L`y0mX| z{Cu(Y$H}j82Nd?_=H9H$LAMMau{pANvN&)CxFg!rM{cR&x5YX`5u7evX2aQK|yqklRl3jFP< zxX;t99jDHnsuQP9nQynMBIGT!FPRul`f1LZp#R#R?(5R|=+Xt~lIBk68F}g!=5M3P z^*%%HH6dElkDG%w`=}YGe5B%IlLzGgz7Fk)Kb_okoU_j8?gaiMlfaeC_n;r9Pu{%y z7PjtTbhL#%40n4FdyJP5f>-*cj!mbQ@z`RZIg_MukJb^ zb$&}7GcQ4wB&SQPoSL`NkSX%y$fs$4MEsMSFSUCVUV{$m=LNwiV?4;3{G-3OQ#?M6 zJ1XK$YNx%}+Uwp8jdWIjY3R-hd$tMsoAr^A>#ppE{yZ}P4Zr|jq@O&6+cO{W+lwpP2J^Rs;g?C4kUHEDG8(z3w z$v>4W95r*2ux#HJTicA&1Isy06P{Bs?cJ0>>$Kb0M%-Te6Ee{jn>CN}L>Sr6@QicfyQ zEjuu=>1mZ6LC5Rklg}IN!@Qh3f@LpKmFMtxW5d!x-es3zGgAluW?E|EkoLrV-il{z z-ZC|DUVGvxzT3M|&3EpI43&R2wqlGun`z3w8e8$qX*OO|`}Ww1YJ0zdDet7*zF%#= z|30?DV~@|5ghR{hOnU3=?0jiVsXrgGbF~K)Cn#?rJGp0R+}QfQvg#&mag+A;zq9<= z)@S02e}5iGd+x_~;M1!ryeWUCTsAbYSyiL(*ZSV*)ZgIO zUrPOVqUx`4>aPvMH}FGXfO#R4PQEB%_oA0lCE5;w|Td0^PHDMlm36cH! z8ylEQnssP1?gb8>bv~Z(Xv%nvJCMtAe;z+Zcjl6_EF_n)h0(Zayx(QKS-Bhly!D?b z4)4|upML2&Xt`i^=9-JV%wgo_8su>NS>CW~R>Y?Hw2cplwy}>z_m>(6?OLE+OCIg! zIkcM}K|6bA+Zf%i6G6MN*GBg(+AVfzHvo9ebBe<|J)qruXg4oMyZiEKw`5>)IrggJ z{r%xtcy&KEZqw{c6@1FqcYSXqHcr5|D){z=<9@97n%ZrkU1P4@UT_TRt+Dl9QN6X) zTa&BT>eO3d>%FLYtEjg!S1-X{`T*XYw%-3!z2($fmaDhasduZb_n)eFC-v%c^-@l~ z1-9PzRBti$7CH4C{H~#%bWwB|ub6UrX=d>G%(G@9U&NLdEALy2e9bA%bZ}qg$E2Hz zZ+no*o*NrlS;tadH+AH1rb&0NaCKMrIcdG&{37yqd2#;jX6~2O-2uRBo)ir)Yx9cUr=G^EIyJ;ZfA7?Ji#lC(gWJ1? zc~cAx>!2BRUAVV%ZjTLQ2JZV$V%%fLMvvRjy3(QbIBSP_14j8!jb-Rb^tt~0=suP2 z6WssYd*S4IDE{pyVqm!UmpNB0?w>z{*hRWPp6 z&bXGGG9aC89vLYL{qni^g9%m-K6(=J zQd1g@lg4=L8E8KQ+Lz^Qj&M<|uUJ0cx9fYA_-pKmH>?W#c^~`|tQ4@!XB>EaSD9Er zcIbz5n9pG=WqW0hocQj=@yWuv#<<^f=S{J`lE`_Jaz3egWTpP5hQ0Vw<=|68mQT~1 zP;<12u3YFoLiy7V6vz8tUD^)-Ud`{L;ThV$;n4o5rM+ES$hTYj|Ln{8C4rnDg??}3Nvg@w95S@LF zy&0(!a-O>1|zrS+%GXQusUD5DTJ<#{nt8%g7&hqvI zd7Lg{HQ7Y7heKmLbXBJN$W@uY?nI^~#|IpqzHE6q$eU6{8&kf|Dc|pxS7B!_rd(q< z`uh{tx7aI1#g}iAzFfVO zQ}2D$(-^aIvdhZJZbwc!81r+;332i)J7yy%J(HSbpCu<(N=_N@aBfS>}fP-)`2-x{NKTN zAItGS;mp0io$+l{sp@T~-XpnsbDer$qn><9*ZdCS54#rdY4aQTHfd}}H0?FcaaLaj z0&CAR#bNpO>hi1{Zed?>s(w*JVuW|u6VO$BQEX!5+pgQx+k3UlUJ}Z)vcK8N{uW2} zx5B5EL795?7HD3nnA!09eutM2`n+r%>P`6v^|=K)ZoVpKheqbf*GON!)&=sV@5qu$sS99M@9R&>+Hm34t92!K%e;TUv32u9Mey4{H>^MU zp6Bbo@dNs-XB>-jdQs)r=E>+qmQVFlv$pU?@u~inhPh{Ymu-=*o`@}+Z)IbFBO7(l zW6_{Y4|Ym(rmQWT4vtn3X0 zR%}CYSmnZd9(d33@#em+oXxt=>hKpsI{ad2e$6_1)Erf~UIMOJn>7G<>(@ua3)!p* zRxT$xaydz|FeuZ3&H6BW%j!bU)U3_=GJ9=OEw>c5Sxt7lUydH{`g@}BQ-6QpeY)&; z2LLbj`Dl2liST8Dqcii-nSUqe9K;Lrkwez2yU-cUYqB~s37wg8Rp#=a!drAbRpIDM zrPUXAUNh1uAMKY{IkCbI^yZ##>mDzXM+nJ9&B`L<65g&p>AP&*pL4N7{eRMDCF8Hi z>C;BX*8TZUzOB1S^+r=~WUk&)r{0^?3&~BHm75`s+ze&R!wdMj`e|9YDU;mvM99ro zt=xP)T5k4yCYm0Sn>$>&834SRrP1(GL!d{QBR6GvzHTV;G5o5`ce$^|$j7mGE`Qh; z_wz`OuewBKB>)8cveYKhNvD)m~q09fzTmJho$rV{&_jTRZ-EwQg z+|#|w8fCjr#Md2(`?--fphpk~9fclm$1|1aoX$UIeO-@3vqP3<<=&K!tIs#U`$%mr z?%!S3ejdMPV~wM=neMl1GarNg<~$7iFXXevNap0TW|pyjRhFCcRbDZzZ^8KuUNb)H z5q#F1Ih=>XXDwjdz)-*0JXK#o=!P*Q{+G0KBp6EsOGPMy?uarm_Ea z%6aTHJRv#TZ{_TOBWEuoLkHuT9?lTze5KAZ8r^)(k+XeP&aUvL{F41AsRPhzzawWG z%6OA6zG9nwizKxHo<9}O?N`$GJ(LIQoci8Ld9V(u@8rI3&&FhYUqQYD+5aLqnLV_R z5R<)({2r{$d_#Ah=sP-gx9;0sj-0M6GxvHY$W5eLrknNH)GlWXyZtdNJXz}abOF^2uzqJ{iii&OrHU%t1>n=&UT z-{O>S^~)3Ey(!lO@t_HDZ0g7eD_e|J=-BzNg}YA5E<1UN82ArTKsS7rYhe4LVm)KG=N!BHt-HLfJC* z-W{QAd~C?z^ubfwP5Iq1Q+_RPdLA}qg9oQyJ*B4l#F!!C(9uIUc`27X{_vhcTIP9}H#7c5F zl;+{^l7qu>2Z!fQY2Wy!#o@WD+pGBh%h(z5tL#7E7rrLFyEb!pS8aA*mAmfNH~fMI zuN|MW8=tcZpVO#$(rpb(gZItk2XTSx^OF8x8w%#XIZv*ujbM>m6dOS#C@Vim<)>3axuHIay z-W#^w$5d|>^;YKUwL0})xAm@4y?xYs&aZdIyM90NbGvlk)dKuf9daT+^&I|bAAV{- zp9k<$`(_jOd2h9{hB?Ffx6fLhkt<^URCq7NT<2~uY~PWZ@@U@u#_DXH3wKFb!95!J zaMzy_4cF*@9WuUvzsHdC9j=^TNuH#l!TS|*{wi|56FKjY{x8nTxye0CHea=J-V>7Z z$KAX^O-VE!lDRQ~oDTq2vM*LNPRr)?Yi-;$2Y(pE_w(T6{CFnL9_<^QcqCQ-;ii9p z*Qt7cd|LA~=Xn{QV#qOR8;|}z6px0+IQCdHUK-<}-#PK<0N^$EM#D?ZL0)TXb90Wh z_%vdj{$(3LP zdtMB@GN=9!zkU_D<4Un|~!?@rtQB>JCt0{t&ZMA@ux|6RrV|7Fns1o|I$0{tfk z*#EDK_y2Uze3`%2^q(AH|35F@|7!I=9Q!jg=T}os z4sPfleE<13syBpsWx0B-PQ6mA)>1>aRGD)Z2{N`@a1H`zYZ%T$7S2w=dCY;cr7)a-7n}pY*%F4c(Zczb;Jkrs z9GR8Pdzy3FHYT6(R$o|0c3U0kfNw!e^Bl6VucW_@)X!|XW;#036QLs+t0Tvwb!7dM z(fpLmevfw{vpKc_z>9q^8eXacI_#d6(~(u^$o5O7)wnwH96GXZR_54qhW?q<4(Jf* z$WG{hj%*|zxK}!`%Ie7WlFaxgsvFXa;E{A?vCpd|$TW=^C*|j%=hcnP_Ndl zx5d_*PPuevriF*@D2@?b{u;WRsP2qyD?%H_64D)gM|aZp-b{@(q&xbK?u-v~OW$4H z(RXy`E=PAtB&*wz)kU-04=d{Io_eTc# zdh`aL_?)aB1@)HMdIu?&9=+<<%j!{3uin<%N4fN9zlG=M(L>PXMD-~7{}rJPeTVc& z-(5Y@cW}=7AbofBNZ(yO()T<)`k>@>CGvXYs`kTgT;=Q0nPEK|CwYDKs+=C}_Q#&@ zht3zQWxzTJtleQ)fgX(zto;tGU4>x{7OZ+;?E}`XFswk2VuH06`B{_Gqq&YAedUe5 zupZ5~dbGgNqdMegQAz*3M4V+#Eb*GYIZgBIoG$6k67kr~v&*e6ofgui2i#mja&0t! zrAw!|x-@8~j9P-kvHl z7Y)&R{ofU#4Sk1nN#9*v(sx&v^xf4ZeRp+9-}7|o)+dqK>B#IFWOl8U*;rVY7E*`( zUO8QwKd7Kjx>m3z0c#ns=7(Vgx>O@riyc_=3d5QrSQCJ?2w3yNumWAWggTPP)Es1} z*4HP=M~qnHY5WQM)6H8lisP3$I=1`2eV-PpTVmgx0p9f|!N;0UNApoQ3J3KUd|d?jbP*t{k_AZ`ONvp zket;lDURPccFbJ^fR(&08kWYPv5nW>;E~pLjdpBT1^QYUVY`yCrn{#q4p@?n146cI zthHSiMcb~}&C$4t55Hv{EgJ_60N(n#Xn3j7$lb`C?J{e-&K_v>m#n~cRnE$c(>+Ph zB{kHsUBjUTwkzeFXZ^m``A*P=EV(WkN8xbC4qy%k*P%I|v(eFqW54eU`<%X*pC^br zd@BRjArX9AQqoi=zST$YZM@~%2cr2_^O53X_?*kP0l?dHO*Fhz99s0%WamL9ubR)d zGWa%RR;K-jmTzyza`T{Lv3`7;dlGzWzA73=@$FCFqwixiuC_hVM2_6@GP{58jhamN(VEQF0WS|ipI}b=YJXn7 z)CJv7PzP%+kH%ZPY!okF1^=YmmL%>+qF}mc#nE&+>IYcn5qv0NyXh zB4WUJQ>FOY6T#PMmakVv^L5X};^X;OXq2_11AtfafoOQC{m^A!O;#UM_s82)J1?20 zJ($_t-2r&`a!uwX-MJwogkN$_~=xFTb? zzqUPbnlrD_cVaQ^!8Exveg7i4HTH{TzY~k8{MUAl{pTkb8}-s1HJQV^Ys{Vj$wvCI zSZ4fFvd5t{a8&VRbShFxUM#rhp@7ka%A!E z{>#q)1Kf6j+fE0!7K___`choHpm3iZYQMn2ZD!$m?ZT}E+~$MZ%;LCx6x>4b#{E`L z9*pJmWHY?q5}_x_c+*XnE8h5I;drCQ>dEYAJz0Ntv`k3vpMBNQlL5esjfjSqdJsLi zzb2nbsM0C;*BzIipgP1Pu4i)YyI+#gS{!& z2YR&9DPQH62RU+$?_U_-iQ3BKsYS*(vNk;D(RVk8t?%xfN8hDqK^{)u-8qlGOV6A< z+!)Cszo$1K%Z-jKFSD|Iu*9D;zRG6-Jv&1(x~ztr!L0Vfug=QlAFTc)oIMcVJmTw5 zJm_;ReXeo(thascqc6sl+F!WOqmP60{#iNQ-d(s}ntJJaaN7rNyNly?uf^@xf-QQi z0=Jb8Zgm#7o%AK$-c`8IpQ!yV2e(HG*LzmD)q&eiaC@XUZa09NY@hU7@|&6y%UrCx zeCB}@J}^B$COtUP?>v>sfedP@pR9N^r`Mr;;x$&UKbq6)s=Rv+_Pp({%NM#UKyv?+ z-!c~FXOjIf1Atfa$7pz|dFb_=nw(y5C}~ga&gDS5=hyH~Ne%mpXJ^jR-87=hbjBa( z^-Nzcvw8Uqv)YZ{m}L3441OpFvfSrOHU|>an_%lLqFge#*sqt(fdus`ZM}JvOCIK1 zcuo%FpP`Gj2QNnDK=Nt5o@*?gkDV-K=H3iksePAB^Yasfntmm}Y4Q^nHh7;PKT$`1 z;t}!_JCvXJWNzR5gLMt*3EV?bQ+{!3N=dukgBHF?`r6D{Cdo=yoy}h?%H=QeWu)d{ zw2YYX|7PH@lD~|GCE7@LO#WhsjVFepYeC#S99

%SIg=2N9jvoBLTQC~QoSYqwY zr=smn?B~(AX`J6>oLRdw0C?*=qv557A~QoAyEC*Te1>y4vBb!lOfUCr7@O1Q?GQo4YcPaW{4T9th)0PHB2^l6*-7Pw%ok{cJQ(m;5MtjN<7u zm!|`OmwYxFUg{{m@r~-7FL^l@=IPtK(QvFf(-`oy2Ra0PHzqc)G&!^zLY$ z?%^J4&EultgCG9d(bECIt9ddSp5EI@A8>fOHIJtU;pwZ@nbQNFKIiasUw@u{9o$aT zN7p=71i!8DaJ{3a`ku$rTJdxr<9MzxPhUyp>FG|((_IcvcQclb2%at}Yx>=X;Au|; zPa7;x?~Uf^*w*MVN>AszJRJbM=5IyAOYMRdI~|_hna9)J@U(;XXm>+5#e3Two<7!} zr&TAx)8=hO@VhflPxbxYu~vJskkN*yd<>ddo}ib}=vU@6eo>$I}*g`bc%=uL7Rl z@9^}&{yg0QZYQdzu`dA}s3;WZxmZyylPd6}@ zO%Xh0kLo*@%AZE?^gheeFGlk;`7hC96i+|p@^k?3mTZiMmuiF-YaO1x?S=j626(!u zI`f$BDv_S9ba=X|KTkiL+wq(i{STmb$g=5vAz19$J5uo18%Dr$I8My zU6aq#ddt&09iA>@EXyN!%D&$X;%Q3+Pn#@HzZ~LeXpA-YM2}HCee)GZPX_>RPeU|3 zz2}y$cX+xxkEhGv>GJB#6#-A{9G))f&(r6@&FblZdAjHCir}{!9=dU_zF!%(z01YZ zMU11aFi%erPkFZ>)$>>U-I2SGaUOFq&KdN(6Y#5+M_-TT(b(nDIEzOcTpkSoUh`i^ z!!x=x-=X^gOLu3jblFMJJ$6@gpBlp`(RBfIou8v?m2(&M=-O=Q`mJcXF1e#PPM5lL9RR%Kl4y8_u5%o^&g)OtvrdApHMd3gDY|xShpzLW z>zo{2=Q?z~S#;&Sj8r{zt#|0U47%zb8_vCi?hkFVbp7{ex;Ecb9H)c7a%{=~;Ek<| zhG*zH)1hl^f4c6bzZ10+>lZ}#DY|}Ebk$mAZFT1G%<6*YOqq{AK7PsIf@dShvxMw$ z?Bmh>>CKYX_^{Qj@#|La4eobc1AoY`_2bVImOoDw;m=2+`_kA}y8Iacys_6t!!!Ju z;_zpBfBw{+41cbU?o(qZ6@R89_fv9mztNHVuf2}k^WIBqd<1k|n4{|^==wwfy0%-o z{vevJ$(rIgo$u0h0PvQ~jD~0EI?H0!6U6;JS zI8G~Ex()zda(pyAL)Qw2u9f}idi_bzwdQ@%eTuGe(N%W35<6W{#7-v%W~cXD7~P-V zdg5(U_;YiPKfB;hq4=cJ^5>-@{HciUOJgf{`7;1`$@8M&8UBoP_%pgce}4b+iOYS> zsOUa5hAnNt9F5$M%*lO%H_C(a4Ih%+^G+6TNkZ3Ka&+AnVW)p(>H3>!x;Bp}j?)gt znYAYafH!tnG(1Dsp$=V#_owUTlc4K*`!-ip9(1)q0>7O#o3?HTDzH*X|&Lz8vDO2(N>gWs5SduFu8W1V^@bzA&vGq!bj zoq88^6?M9hjU?mvrw@An*3BId`rgA^v`OUVjf?s=w>2*Ab^Fu0e}M1Rv_HP)8s6(H zY0}$mp?5apr}D;TX_MZ3Pc7yhQt}$zcap^E!cU~yPwYoDc?+g8r$M({|%qmq^!K^eY7aP?*(pO{M699ed&4Nw3)vN zj0YLfo&en!qj&~-H>K$7ZD?oWn>p2)@nI^D=F<_`m$#AI|3F^}bCfS86NLw6rxqq-V2par~SZ9BIn!U@CaQFc>iw!uh744;`b>_7Nys2AX z(s?;Jr5AxGIE=CP#24zb#@_9e->2!Xvc%|o(BJByzae@3HO4ysSu#yu+v2Z8kM9kC zFJ-~Lc<)zl&j)?o8uV3`*H??z`La81 zM*qeJhHUk4;2?MTxFkGy365Po>Ki&Gtlg&1=E3WRjTC;^U)kku`e?29I=}b}_L}fp zH!|3YZVJ~Vayt%u^_Jyc?n=~~@~U$SKCck&HQaqCKjYeLvrn5g^W~TMOhK2bSn;v% ztqt4#zr>hd0cQS~KOQmW@!*<2=8BUT^RN>b^QQbUcf^plQ+P`qd4q@fJeGZyzZL(h zc~5&={2Mb8%;j3^&tJW}@%-K-d~8AHz6me8c`tgFcWTp8?8@u-@9(jm*j0fKgRiYI zZ}J)9E3%+ArtY>=n>JFnhq~ilqV7)i$HBROkt*i!ODr}16ymKTzTAkOKc z{_!J>;pQ7?iv0_-+24o@TI3>b#r`i@3WjAoHb@#QC<;F^pyUjM%uCRy`1m}li~T}r#8)HZ@75==wAq@ z&lke!1mt?IS3RwDWyRD$uCwyldur2OOTV@1qnIproo3`-O)FC$B>4tBhk4pQIM2jM#`0^h6-=CwHy9ju%6zt_RT2MW`3Y?KZ* zN(W1s$FToV{;!bTJR1967d~0G^C56dDz1hWzjz1P7;S0HK1rj8qkS4Drg0ZoaJN_R z+fCkzb=Fo9-x+(DxYfCDJos&iw_*(UeqAQLmjAnYx4wUiqf zVhvfJGwf#@G)SZ0oFjZ7@z!ZggNY+A#(y%OY_BT!+6&5C)(_8S?v%5+|Hp+j_VfY4 z3T$dmjeK$r9#p>4D#jEG?X1LDj2xrAS^7V}I=_p)lEH7Qy zg1gM(IuICR?VUC*4AXyy?Z0+$bpQ5jf!kL7&kOn=0F1G3`+mfQ(N|m6`OfmuZO7M~ z*LFN!*3?!R>r79=FHAu$r+b-h=4Cz1q44Vu1i67$Y(V!sexL7U#u%Ue;EcWnno}Q` zu`T{@GobAgsX2n-+_%GAt>>G^Huu!xyXO!u^1Ztb7>m^I=d}CsjHTE#<+@URCDXRW zUz*X}Skk#I{(ok)R+e=B{Y3BIl#G=EA>M83vWH_R>dCTm@;jq=u>SZ7<~ zsMVT(X`ZFEzShRN-c&vK+{s@(?Z(m0TlX`~&v*-Up?sHF6O5s6mASGsWwN!JPX#!~ zXt#7fvR=vDYn))mI(NrMuYNRsZf{%TxxMQ5SJc;gWNw?ex&vrpwZXTwk^EibEvu{0 z-?19YOy*RSU5w6*F9q&0=6}mQ&Oz|Gioa!)6X&Lv^U2&$c-OK|^h3gX3geknozXmd z40ABx_9DZ?>}KAY<(b;-85+dBxA4yVqBeN%$2st#{b%3@9Kjn1tR<%vhLvV4hl$5U z-?@p}yXjCq6NILhW08hPJl8 z_%R56NS@{)U)X*#Kh=2C%)QG*BkBhIw!u@yg2&V^w$034XxpWJv3ts8B^vJPm0eE7 zyeGwf-SOV-^!JkLQcv@Q-Q*10;^$)@`6G9Te46*04UX6r;Uyf;L4HMB&9w}lWOE|; zv_5MW`}1i&d>Sa6z$Sj9S~f8Zt1lkM2Mr+(^mA$5@TLbD3+s7BZ#TNqgG_hT`}4^} zkfVV&ZNN2oGw9e2&)>R)`LfNO#dtUFBJQ0@LW6E-WpZuE!PkN|&`$L4q1}Jej@T%Z zME9(p2+3_Qj=!dD61^in$sAuZk2o{#&oyf`=S^V07z=pikD*Xr@biKd2M6#oxFKVA z3pa3;OlU01e-y)KuIiIhIlg8tx@70Q9l7~XPyB*M9siykljh;w^e5Y?Id|6(a%3IE z<3rb7*;BjcmDWbDQ~kHb7t2OWmXDX8*cSh-l^t@CMs`e2G7DESza%R=;d#uSPTxNd z1V%vbGZ>#6i}lr(;wy&ZD@H);(x$c!uhZm{kQ?!@8~%l9e?e~wo|F@>>wL$U&-ZOk zt*mK~j+nTG|6Aju$hqINnz+HdYnP<{wicT=DYN+iczU|{Wo4?X5lLQ{!R z=}`-l%o(QE1Jr7%E0fy-O}pZ{ZIYj~*0#=>p*n}D)a=JOn>e56>we$&`@GMYbH>q+ zwSB*T@R-B<{l2gJy081XulxFSUpILo8eb_m322rAfAqOrO1J`BeE1hz2X{$+EJZJo zT>mXHCk=1OevOUxHnmv2&U{b%v-n=Wms`A!V6Vm2y(aEtxAy9C^2N>X9g8%-L&y5# zNByy;S)UG`(QnGgtHXhAG!#}H_z8|^HxgLu0v)LkR@g>F#uV{cHGGDj0hyhGSL82Z zzmI=W{yS)!>^N-wcSF~Uqs7||E%LVNVCzZn`XqS$OnChycpbfHCVRpxczu3x|KfA{ zM^{R<@=Ysy2zoC*`yTT<;*Y(nSNhCn7iezC3CP|m{5Il~mCT$^8+^Da>drrx}NQ@XpMBME2JTuLr+&(63-fCy5a|sL@(rk2kz>cx1e? zJ>cbcvL;rsCQdSILiMW2PwO#$?Uu%!Y1V&wxgERkR=;&#ZhgdiQ2LtqS@{2yx=rai z_<`{?GB(D%Q}G1dIcDxs;hP`v&CA8p&13(Y#M6biW+Wq42q)wtIzf!SwEr7=@;nl0 zZdwQJ4&fKqUAZZ(J$)~KJ-CVHvWGMmJbOL5agX$oBkn9eI7@#km>c*-`@BEbXJy|B zeDjT+YZJTC90T(>wzKm6V&kiJ8ogtc-=}Ek&oi(p9jvL@zt%jjw%^b`qxP%S9$Lcx ziZdCUk&yw;$VB119vx~FV?1KV|6-Rkr6Djs3vRL>W{=aud+8F146vSZ6D z-(Nlq-xTjJn|M~dzch&Ue}w(zhq5WAjBKA8>Hcz&(X0IZnQn14y_TaESA*k5*n->b5}yh7c^@m}WISI&D+EgZ^w-{V;^@165U z;=MNx!+XfPXC=cVizGis%6t1R$m=%Gur6PYZqv{A8vAK^-g`W@y)^F?saR@n@r&@+6!R=R|IEaoqM`8R3av7I`x8;mW0 z?SyTRm8^GmZKLyJ@UB6A40Iv)?k3)yjLbKF4BpFTlTCWzW4?VRo9D#VH?z0of6c~W{BUBvsw2zLnG8)-7WO!h3<>+%C= z>}mRr0DDT-kEf-%|G3(J*MprQTVmx>;yG3J`_zo)+#dRfnK8un?SK!kJA35IP^~!Z zN8@w!h+oMMQ_Kg>Z|%oREG z+k#}rxA?n#K_z`QR+2aJL$9g&U0!>2gjn(A{9VVttN3?~*Djm6c+3v(t>7KzwSruk z);AngJeU2InsvTC8HS@Zkz$VfX7V0Ayl*aJWA38hbn(Z?cd2JC`&*h~5pPp!(%ol` zrv6NFN<}=j&9@^JQ~oIZqjxaYQ=h9~UFcrD4F8uM8>|;>E#2)Wc+Y=FFq(6RIZs}j z92Z||VZ9GHrRJy0`q&0r-w;2swS~F;Rzf*J=AK)0ol4ebhPABz-MTdXCElq&t;>tK zM?-p%!)I^EXQkMZzH?)G!`F~Otkp~%&ydfDu>W)>nT9UX zJD2hMxb#HYUTJ*?`bN2OdiE{)RyM5Y`z-Y=G*2noxjCYaTgf?c{kfrNAO1sFb|)E_m&+V z6US~j^`iFu%JtdlMXH}15^n|G67WBSTq=&ceorw)-Y?>PCqBI5_f0&n;f!VR^I3XM zyuSGP1w3C{;`@4@`*JC7ORL{no_Ch`ehSZ&qZ1NY0|76Gc`|7mpe(A?%U!9iS0gYoVv*QWo$L+BPpRb-L zzsE@T*+=bKDc)z_gFht=zsiRfyXKmC?9HZz%MSRt)V{nBUQY3?zc1%wS!PW$cDsLH z`VQcR>}LsOYEMZu`UKisj)67^IYri2Mb@=!!NW!>{7yDn@&`=sK_I#MZ^+)p$ew_0r{Nn?OhG zLMQ9$xIFs<*$(J;T^&=iYb(45CG)k1q#283qxR3eQN^UEW%t6*@~0%F|JB zu*)BhWvb)oZtdmTx7hrla9ic?7VlAA%$w#Sb~bwuG`fbEZ)3{^@#(erhM;@ndFc1h zTY5nq{H3_*acCsjR(aC4OTEUuyTfu>a&QlJiu|$S!!h?FuR=VdzK~Jm_IW+>+wSSD zJ|I}=Wj&g2^q&b0E#BwDcn@}n=OWl3`1<+&x9|%4;-)0}p7br=`#cuBAZgQ7f%s;=wYo*2;t$o$&kD#4Bc<*;?nKY5EK7dCa+)N7kb5Pi>5NAMzr1|5un+gHid} z&%mz4*WNoiu6Vlfv7_7f<7Wr{!VY)`@k-x!{$I>}sWvWW zt5h5LXEQVSw-Q>f0zdhG@$)KgLB3jidmEzXT;hW$wgXog|yK;d=C4kRJ*ly%^shJZ>&UHV+UaaRAFN|o5tB# zfldZ|$@|}PkAvd(4&My&OtF5WW66%-opAZDufoU3IMG@88OO&W2N}EO*n`iM<7s03 z_Ittpj@nF;%%mN1VC?j5m%jD-vAY{1C+}Rw->OK}PTAao0q>buVW1!KY%$Mdmnz?0 zI6U)x_9EaUfhk-nfmd;T->{{#_RkG*e}Da^JnM&zpwKX z#8OAH&XZp$zs@_6S2|Zyyw0Cc8`h*-=Z(bgs`%&D_P0u`?Q?i0|A_W~t-UOEQ+RDx z{PMadp3u05S=UwYbh&l?Uf{|}v8V1qr!)R! zo9`rjSGwz7bhj9?Mt-7(>;HXs;vuWcTMOxJ>b@3Z2OR| zBH8Ztt2Z&91v(Y-+2!D?AL*CjzD4`gEU$e}_p~hy?yntJQ#;9Fwg zlBkn^V$Fd>YxM!_hk1Ht{ImR}{|(q*W`9z?>%o4`w)XO`|B5a6I%d}}U(!(@RxEA| z`x*CG$DTV$c7z#^_2CxkG?t&kI(~*ZRQp6PxwFurR6FPI4!2X^U$A`-*VfVSmlukL zd7n?%c6lipE*1T1YsdaE=(pj2k$!J|8T7kr1oZ3bopzv@54+$ot!wd?;kjAHo}JiG zk@fF2a=g=me{vY!SyzI0H1Dyqy@@+KAC`FH=b!ia(Y(9-%$2c)v5D~a7Og|s%kXkp zK6AWshfA@nQE6*YD{`vAFm`((HG z&onW>$MZ43>a2-9vDft9;I$vau1eR-j*0|l56_|x`7x!lr)F|)dB4}*$Q)0H&y1X1 z6KPU@cUS9_Elct1CEBKh_^`4nv3UwU6YuDw^Is&kyk=eld6HAKCt=6SzQzx>5}7tz z{+6G@SAFV3Iy!x}0#7_WioTwry<&ITkM*7VW)D83JsnfB;cq8#Kb5{!EJwO?DOs07 z=E|O;A8ea^j;i`y%N&$yd1QnY{A z@5iS-`(bJZHcgoJH$eMYvh&Z%4oCaHKgr~%zBKLCM+w@0g7zb&{l6V6N&EYpZ$SHP zA?@EvJloF?7VRT>+84BOw10a*`+U2wuL>I97p5_KRFh~{pc__+4qI?UEmYx&FgGwY%%%u!)=Xzz`9coal>_scQ;;Fu{(C+rUChQq@PJn zr@QH!yy7G|#p(X$COs>q8%WnXh(00T3hOAZ8z841&|Qc4a?D+VEpH5+i8t}xg0bK$ zwmGkPolClb+IM#RxGW9wx`!0&>eB76 z{}<`Di;hu~Wz^_F@~3uwR|cer5Nif;H{d*K6q4 z_eti@_bV=9VlK!b{WU&TeD3CacO~zl)!83UCx>Kib5G2R&5$h^&ObedY!Hkqb|KgK zOFlu*sWZq0(q7Ge(J!AY&oAbg&B0OpceaUhv9~JDwceg7J(}N(3-E8T_g?vXaUt&4 zL-$f+?y`4n7q=Pg(AfvhJ#0Ol*aK%DI>-mNdX4e$h zK0e!YJ$b#IX|Id~XC2;-Z~8LgCjMCm<#ns??B}qf*&EXMSq&~X zdOeGU8-7M|iVS|4datK(vNs_!Q|I--5t_(H?&CNmdm1=$_NqsFjB?U5(aP!c{YmAC zQxDJhjnkg@pnM1Nqo{TY?@d0q{4KKC)%QD93vGnsay+|kmiC0gv6*qKKo=n2dm3Xo zM7%;dUGi5juAZg%GUNkJ-wc0|Lu6tmbzYBr$I=(cIqUhI#VKv!oWdBl(N6fPHj8P? zc@4ww%*zq(xmqNcoI_3X-Ff`Z)bpG6G4P08kDdw*MMuWIAx#{Mc{jOarcZvG+#B%& zwD) zxQoWj!Cqv9bQ@x<^Ex~J+wR>akF8*RrGDeilNQoh^=U-wtKlJXiF(q^z3Q&QgF|CQ ze0RCN8%y8t$`Bqw_X&6ey&%jZx6+T}k?&H&q9B*7x9VsHo~90wsgsm!<1f0Iv00#l za^d=jp%m_O(|o&SBedh&%x1p3mUdgcTs!ol=8jL_HvV4C^BeTek1wU@tH$R0ryurm zZ)Z--`h1G9!v{NDY>c+Gj5o<&)lK4Fg`V`7NY931_`8tf@I-p%sHUI~;zu?196e=)0rRh4g8o( zui&>^lkjL}r(Kh`c{$ZFGW4d8&CpwY8JgToyCpshvk$aZ9Ict-&MTamouGb}0H>v9 zpmmaW8SBokVRf6o7Uwheg0*;KXf2LYy?DD8kwL*)+_6kkBxJP#)mkwqx<*{X&pLT=L45LDrnykJz7)i+E2`m1?S_)kjzSC_1)w~2-my8 z^^~zY_jOEU&p9pIfJ|U6d_PdfX~>2r{4;eOmzkK7_2n1J2wPKZu(v8MAE?WR)co9` zIa-At!d#eK+|XQp2i+mL%IlHO-N-?Hn=^633x3r+Jj*|g?`@w&esnO8@O@hRDmhcn zScy4@*Ilc=t7nX?nLy6i^>d0s0AJ&p1it#)Cmxk-oPr<9R?64XJ`GpoB6jJweP z5%N8O+hOkPE7iu)>U52v$Y)iMTL`Vfbe0doonMwtYjjn{E?OR84V?szid8c&x9+I$ z9*}POg4Qdz93!4>-mUYVlka{wyq_z zTba+{^zshIQlJaGLcRP-WS7$g{g5r}zwPDgVhPZsiwvRviI1OVi{xey^y7{t&gEI z#Z)s8S)4*gN~6<6TD(?oqQDzu5{m2D>W$U z{XNv2@$IdMKlLK|Z~x+^^hw^FCfe$3g=rH7ALJi4yur)Yozcsz9U-0TnM3Gh$Un6) zx}?U?%J;3vR_)>1!@%9Nl};F(6Fwt*8e>uZQP6G)-!74TM;;eGh(djC(mY3-&CupJ z{bZ_XOTQOIR10b{^muZCce?1|`ydh>@7mHpO{f;er1Qu0lY3M$UO0l2=4LIhq~oRU zkF=-nZ)rzAGW(a}K1rP^W~|A%{3S2V>W>Ay?9OVO*t#0s@!jOmjWPM1>f_|Y@aG8O zIQg@BrsPi{ER#3JIBQP#@u`_y9-l~%OIrxTjG4Rd%she9NMLmZwGIkl1^Aq2@o6lN z&-S1$R3QxE^X)J`BY>5!4^;>&9Bap3F3^pXCpIJwvc_vlvA#1Mihty5FNF06?R9QW ze)n3$zAV0%)QYG`1vMe4eUm5Qzv@q zXss1sH%!Yu^gDh_Px>tXxX&aTYxJIL!!OtD{vVG#cO`9N{9n3LqJwWL(V04+hkSna zEWgo*7{}OKSq~k^G5XZEd%>|WLVe+_$W6{sRgR84C!fVl__f=N@ z`<=?~(Y&Ou<@*!S=UDfqev+}XfuFhoyzQ88??yl6*&pKY{I#rQekY!&IGO@hbmd4e@xANx|8;$L5L>Jby9HPc*G!+M@d&s5dbcr;TR{I+-~s*9t9@KE%&B~y2FI0! zILZc0Axj0%;n-wx>;%5C&v}=4%%}CYtD*HO{@?G@dLQlA^DhHW8~Dqiq0W^lr+)=~ zk-K#&eao(vPwx1N=3K$tw~BVy`4U*%AAOIwO5H28SUR8zLMWnFj9;1V|{Ut&sSFoF8&+U2{GR=2F?Xc_z(I$&fX$F ziN@$be>2XRp>d)sz;_RdA57l#tY+x%^Pavv;&~5fEaC^j-UrNo=J(h6_agri9T#Wu z^)e=Ss2=;ot)m&>53eAc) z&}xbg&(SF}g?IE-iO(T{ZOIs#nrB zhr7Vx@_FDj$LBZVJ`v_rK4!j?+%P@|;NC!8G5H{ZF-`Qxw8Qx=`R4gsz<**0|8Yh5 zkIUn~-r_Ia+u+Z;F#aC{|4h9<9wT$cGH2kw0~z4X#HDy2Zu7~9>7QqsgGb59JcBVC zn-bg{UF6^W0I-kkgsI=Bo5_Fj@zm4)hiu-*R z@T8lhM-|pW2=dsmn+Kzn1^zAJeT=*NO0{$Q-nk;2&Di+@mwmbEO00Ly!)9gz+g)vlKq-;Ai<16yqCgjTMYT=h00J zPj#rMFPdacJD&vphzYT`d7GMxpM9rdlcP-v-vxe!+(OQe$v2|kf`<>UU3jKjIls+0 zzt4kfy0@kMh&_8?zS-rqtB>@_-s}&7Uy6C`>}LO-;Gg-egno(Mw{MBP?X(H{u5x_y zrVPBT{XSD4X^QdxB)-tst1bN`yUC#$1HEkf-1(d<9s@q`p2<}JFTsIU*2gl;obzol ztu(f)Ut-Q5rcZKnhqO&cp~V>A$FqaEGI1!a=cw=VHuT`P_F`~0z9821Y^{6aOQi3H zh?kR0lWZ?F&$TbuI?}W+h5NiRxUX|@)DrDV^^Tbc^*))}#r%t&l`Xdp+`7D!IWlXZw{T5k?~oJy zE@WusKpT6w(XUdp+%pe{?_c>0azVWP#`_KK0vPOxugIQ@)XJtG+UK^L;nE zD6~1U@M)3u>7ZKdrEL&ucbMZ4Y2 zxu0>bhHGoaw2|*O)1EQuTu?Bkt-kL32z{k)R1BBc_qFtSoA#us;7u+*XH&bQmuC~* z-q9P7h5MqHF!z`6?usqPul9184Zvm}mmfptf&?SA5j-|G=f0*fTn)Sp{9D0yD@7m9 zbKOh573d?qb1(E!EL8lPX+s7we;v?7ep%TJdzBNSGqcNSueb?1_XT=)FS_muVu~x7 zhc(m&Tg`dN@h9)3?n>?==EKNmD~A-H>1$)Gd?WmJf>$Z|5c#Qq8*=hYtg;n8RqQ_jjYVsGT)Bby&D_T_cBkXD z(;1IssiAc%v|hr!GmI(9v#>1C9WPohk_G7hJ;-chuNYpf6YZgSy~Sll2$z}QGRw>L z+BFlCyx(Z=S*c?#XF&6M;Z(J=adfkpGtG^@(b)-|tuVOF1h-kuxtZW*`W$EboM`(* zHweZ*g+8mXjp zZ47P2N1kW$#Pwa9z8k}L$l(X+w>Z8~D9>MceBnRP>olfVD83MeE#7ys{;BEZ;|uSg ze#{{Lf)iV-IOC3A585f;ISfm25Tk!Vb5oZTn#Y`90J_UB@Kf~x&6EQxe_^7{JGvSk z*E4g63G<;GX6QB{T^(skRkt*WzVc&!?WkXqXel~@_|?F1@2P9B*S=qm-X#6i*masu zU`rn`^@R8>yF+vG;J*y+>QkJ6XXbt@=Hs3J?DvtjdWX^ZLNH96mG2#1t@OLo^^1L@ zyleFq!uR7XXW!oee zi}<^Io95gk|X@GWGzp_)zS^$6HE`IlM;!Jv!yGc6Fh%aSMbVtKjOS7enUuQMl zw+BZs{uZkrl^eV0JIjuv0r)yE=IDFRNZ|k0<>lmQs~XI1ER*Z~aXX&TJ{2Cf!r#G*}1z}+VUpQ?@dwzDRFg!rrG_cm-z)#cH*OQ|n! z_QHCjcL#ZgvY$)QCt~j-q@EDD{Gq%<`dS0rQf<~zYejZdsW!ro+Dy+bJ~TDBk7a}K zQ@siBYv7KMx6&3nz}PP__*pzDUAqB(Rjo6hE^D%k^FBut-P!T+ZvkhV9VhqZxLi=^ z|9Cj2zRuHbymrq{Y z2ET>r^9XW5x|yAWg8tl|aB1VveAiOn2lw&-yLg^|ioRQ_O>iejQJX<>H^TQQh3Oyg zKYL4xHQ@N)@O|6Rdz8!^C-Z#2R&!kK&oOeb;2tIO?Y7!@jM_8e`|pFd;|KJZVee52 z<0!d)*v%KQ#c)2pV*Xv_=z$Ju_`ax(a`=_I z!zEfe_c~0IVBVx}wGN+q9c~xiBkv8y7Lp_A5igZ{{h7bOpMw28T<-PYPRS7M>&-of z_+I{%aPGCoKH+%b2y4~&eTvrZ(K2gyxZLY$WoTVC_d1$CFUxr$?G3@Y6^#{ZQe8FK z!G_mby`z({p^Toxm~<{UX65=vo+DO_9#o1yg7pv0ljud^nACB`89pzZiu!t9qPLnm zAGH5)Mv>Z;vD2GxZ8-PHok`YG!I|HVP~95p>`)WvL&Mdq5q#CedzLxyh+(}1EK?(X z2)y3>c@DFG0`K@Za+1zeOsjgH>bQsw4dhPFU<~iaZx%cI{HhJ+@7U?+KuzxbGLxS? zy=ob4$tyMQ3eGHb6xIioPYvEFnk({dkYOfoXwtTYCU0mK-%Zl}2l(fzIjb}a-4Pot z!TS0pW5<4*mmp^Rm&~nV+5EmQma2^_-d$tkC1d?a-7(UW2cZ42rW&UR<+q}+f2<4e1n`h z+L)L<`08E+>E5x))LE?KcRlSU>K?qi7Bq-&lw)1uPLMEcC&RaN+hsBqrZIpl( zS|c&}h=;LJ{uvq>{SbNJY?L=>FJQbcWuvJ6snL_l*eKiV`}HHVQ9kwXP#a|?z83Y7 zei=5(m9F0+8|6vHRl-II=oRLj6^3{6dbF=Y`}Ub^l#6U14zKd|hPCNvv%t1VjKD_u zbY$cjDI9HN|hZ)Ly?X0k&(cE2^-~$BeYT4=&O`0AI?U3 z$4KxiWut^-xRIyG4&^^&*efJMmG6mP3>iA3YAnCQa@2h@fc)KHWa*45U#2=)8m>JS z(glGZmIZ-Mfqd2ZPioGYbG(v=?hYC0?IwQN<{f=M`?`D!@aG)WG%iIex9{El7m?dz z;O#Mn0{xBg={&T~m&u1wi4UO^9G4p-xmFCL?^Tjhw}NA_oQfeEMk1%KphoC$a_SxS z{Yd51mB{*HU&?5^=A1kji7#cI>$gZweT8w2R8E}-UCQ|rB&Vuv9}cgP$f*go%}C@F z@ep(WZo>$CDaCT?z(b|w)cZ#;{*lP3B(X_q$Rvx~1g zKlpaJzO{aX1pblNAzRRM0{?@2kkz>ThB{=Ie|K&Uk}c;d6Y>fgeHn9N$OA@a>Sc6>3}bJg_gZYm_JApKlHI zX>7#M|H0wef6|x>;Scso@1-XG)(QBCNBQ*&p|xr)iSEir$czft4zM|D(hJcCljyy% zDnFk6_VbW!_=hz|+y&pBsxy8m?nJJO$5_L%&wnW#Y)qeZ>D%(O$$xupT^KQmzY(mA<(LIchh_-_>kn8l--{0Ks&r@A6KmXW+y=3nj-GM*A-$RV9eP7r= z)Y53}cx=uSTQ4P7^Ah~Jqx@V=`se}|tD_gR+g@M3oz6@uzOQcUsRnBP(`)}3cz z@O`PiKU${muDapd1vK4uZr~UEv}kJmg0ZpQoYkUfi0|bK*BojO)OjmI*F|<7*XHSZ z7yjd<_1_Ig*X`3Rj%G~^rR(xCV>>*xd^_h0b9DXJGIZ@a%fc|es-b zzZDrB$e3YxxYnLk^Zk`W$NMaKp(XimydAIcjTW{G%P8@%&g7MX(PHln@a0q?4Dr*^ zGJS8i_i&bLCmI=*+&)&&blDWBpv2vDR|usqqz-XqP5`CM+us zm!Wfnx}*jM-v%ia49{8G5S zwG6JQP@Ye5yH|6++RIo?pGmNcVe@@8vE6o%Zzv3pJ2Z_uT0;sWWRcyX#HyMSJ3+}Mdw#xzdC+@X<6~7 z*smTd(|60Ov|o)o=hfSC9jnyUN)hL2Y<+ z?ml$Ge(5XZf34p}E)w=lI2TE0qnbZXj!?ayW0hG%EGK+lgw0vfcNgkAeBg>nNbjuV z9D(^(_FX8yN#D-kTX!Dt7(RdHou=8NJbZIH4{(gTo%fK3+6J8UrxAmBe)7C85ohR( z{)qDeCRaZji(o5}2k1o>J&C*}w;SCI+f%-KEdB%L}j+49xX6qd~nqmO8Iv2E$TvYRyeAI>rXS;RJ z@I}}+qZvPAi*UwIxug}fUi^boU)ZH*)u#mUm|NWZ$fv%}=_SNciu;v+P&CZp^C-ym z9n*Ytu=l*9nP_!9^Kc|5pF#TJmfW#}5!ueU)FY8x-(!(n|92xf?Cj9lG}+nM-cRxV z=}2xZIU^qNqV+nfJ`iO-$H&u8L~`S(^PPI4C70|zH6F9)`8PuwL(3_Pb(Z}B&4Fqd zr#H6t968CGJCFYx`)*^@oV7^vT})?X?vI#!xgCywdRub;@G*RN_qPyZTAWMY!+X9p zxuW~|eQzXJ$2wK+QTm=1a$Q?;k;#=ilO5dWVROhX2A6c(+NKzHu00ChH1Zc(`gMZn z|7q|t=fCJHwZA3TcW+DXg3lo@`G0y*Yfl7UZtp$tFf_|N&A;x5;YY8DSX=j%P4LQ` zHEukMqNWa}8IR7H?FL8k|H9+>kjAqc*c#8xym#Zdjo-T>xhUh&`J(jA^u>4ncxr<2 zOf}<}{pkFKa8KRFSa!AK{^zscKB<-Z7tx-_GzX5>H_~6|Tv7~p z=}A#jBSh_&3eOu`d_1@Et;6#Mes_fEz7;(A&c~BH2ut^0*NE;{8oKW-raS!<(ESE* z?P$q;7hL-u0rzhB2^@~Cd^7jaofB`QeI4`gS2|nVeMx(QJYF15{+-Bt*GVlhJx@PV z(UXD?ll|l4$;}aX%J&O>7hDWYHn-%qs|MFIi+j?uCbXw#UE01h=FPrT^nRFe{Crxx z=DF`K@ZQDTUQOS-M{z&idz;cfspyG~=X?Y@c_V+tKQ;EuNBSp={dXFpedk#_*uA?b z^sc$+-8G?iYftxWE7$I((7R@9r@D80L+_GB?;Z`k^XxquYF7z<(~09R<1h6xHl&}f z;GQt=vd=O8a~!!+aMndM{{7cjJ4LWImVtHn zP``cEwCr>+DNHY&=L6Fp(*j?>iqf`W7kK9HPE-Z1)1&BuAysTljufrgYnTP4_5Rf zKJU%>(I_82c6&UQI@{p-V|*9FE0(&U=}5OXXWD4Kd3v#_%eC$6-rU>ye|kCitcZs-fYQN&0G3ryS_WP`>-|N_9@r4wIz3x z+TP6it~;$gU3XdgQtMMl!2`**hJe5Soi^#VYnqOX^5)EO{NGw1y#E&OOY;Bz@;ob= z&vpDCf^}~hScenkVWq$|+0htJ&Sjh~A9{Wy_XS|3<}y$7nahsp@#LaNZm{?C_RncN zi=glFNbVny^XIaDQqWLq(XHuEm%(HEm&)UzF;%!RX-=$s`1>-jYWEBeE4_hrd^P`m z&pP`9yzqO*@(1wlo)J&aisV|EKlQ0KueE<{R!dH6Fx`E=;jjQd10%TJ;{+ex_{PBzrdYD%}xGH|N|chm4Gw3}&p zwe7Tcaz>ut<}-G)zGk%KeyJLrGoeeESB2ja%d5Tcd3C<+`L1nsOU~5yTmr9dp46V+ zyeiMDj5QgZ8Sr8?ZPL*X7V>KU1;P7CW#;1WXNRAQPwCE2_#+j9HL47(b+?s=l>*mf z-Rt7XiHy_n>ZC~SxoPm~MCNi5d|3B-^8ex0iIdw0c%GgDed~Q*Z9f68Lc=hx_VG>0 z^>=f5JTxb(+?X^cmRG-92G-$Em4}rc1AgP|{CA(uea-nfd>D9U{>QfDKA`y@M_=Lj zhmX=@?EFV*JBS@(b&;>Qwu97eRogMlfA3lC>E3te=O3O-cFzgs_ioyxyFXkw{~fb~ z_q)oC@8jjiC;U%#v{I4hj>+p5u zVWoc#e$RORUe$j_JUNh`!}-87^FPp>`=xZ!XPOJ=AAKPG2sJje&$ZI_C;7JLyS6`R z&izjmM^Zyhz2G3^xpJ4um;gwqJ2=53>H%_D1Hvt)?9twS5P=iq3MT z&>4-Mmh^%-{vz$tKPT3WjwhW(HnidM-bKMTpS9!U{j*`e!S<`lk5l8Qax@FU`e+$g zwQc2LrO*d!!P(&Mao+2G#_i<6LtgF!z)al_KRm=-OAqxpPyR4G5k05DoC(9Gd%D}39PkC56PpdP!W?i>Uj;pSt zlj|1(&+x>4z9C-9xldmvz!O)CC#1hGu{_ZWKi!>gTkqQ5-JJWO+Ae`7X4PSzwzVhV z3Ed@VXj?PNr|mZG8M5OzleXy_xjP2Fz=tyDjgBug7i&ic-@T^Hc)KnuKVFTe!_lq? z-v3PX*Jm-W)m~a2o*4tUo4M~C6Hnd-4IF>$@^U`~rfPFiuhZv`&R9IT8~%9W-1Z;y zPIZCO_jtK4!XNJ!e?a3fe|*0TPTSvB9w&`)nH!_#%+mE+Wnk4VFAvN3F51|~fO%~G zMeJ{~<*EYz#WdNUtycy93v=d+Z$GFyTs-IOqQ7TE&x$8^=K14pa522KvpIK(_@f&B zc;dYF^b=RLFC`~yhWHEHiyX;#<9XC5mJj1Q*n}&g{-%0N%mTT)~l;=V5LQ|Nh*XH5fR|a0H zp*%caPNF+9*Ip;S%=ys3&E+C5w;PzL`OM`aH+S-fNKQ7k->z}CLjM)MoIK}$SRc?h zEGKuC!Kvlk@;GUXo*Sd)%+hsB8Ca>>^03msXWlm2Iqru)X65Jjy}&bTYgTja49)RI zzJ1~XWZeha*OSL4zpv^C7~RLnkF$cgdwUsNwx3-d7xne;++|n_UP~ExktxH&TSB~5 zb+80`^_P+D2N(Bn*Rapib!X#C$d9+djduojhp6 zNBha;@H=C8{5}&NZwTJ#GVr!rpLHppuQ?ZA?{uPR_yO``d+sbdm&B#IHMV;A20gjq z6mNDr^XTh~&_jIgRh#+%0iWBpfgfm!mCt+|i_{pId{;FvZ~I`dpPG9+q4^gMLUW$0 zMwgL6z4S3LkJn=kuZhjM>xI`$XkPbv{Dqs^*E=0tyyexzJG-Mt9lgIvJMRBgoq;)~ zw!C~N`mUL{hg}a3@J&hiVfWcmG!&mShUX*%ud@uil+EQT1+NR7J3A_l;@i*5jj>+t z)4&4XoX)a$lJlqYWe20vw%o|`^f+WjwU_%8e0zEhnZaCzWyVL!;L%0AO0m9DcxYVD z@3(79b8l(1p$se+TV2fia_~M#4BV})k9~>y5{%=-*3sN46NxKFn_Qh-Sa!Sf9-I>+ zkD5EWknOSan$3B)##(S9uB!SYin*D0?JZ49E4{hO_0>GO?-e7Sel~kEbX2X2bnyfPtg*a>t z!-)?M$DMBp!%%&`aDCKtlsSafVI15X5^JSKy#6)kxCh3ZG1c$HEbr(?1_yWPp4K!u z-Qq``I~yGb6 zfzyetOUV=PYjrrj5|24PXQ`KGGB zrZzf@DgH)Aea)P=B*$VscjzqOn>2DbQ=R8e&QkWo&hs{Tz%cQ8)n}m2Y7(9f{y&HJ zmWPnvJ+bZHrfrtzC2u>ad(=hkr9I?atoaP}bHE|ih%8~A;Q0p?oBuDq3y=Lt{x5l> zJFYahoUh7ieX(YIyqRa^hOpny72RYfsh{rakn47hHAKjfpq-;*!)Pz3GsgPv^ZJhc zLN$3B&hv6#;d%HjLdRp~TnByW9B&urcyAF8@z<9RYl3;{V_r<{82Cfqy$RlHCVyl; zxS8*f842nxYOGq{;-d%m`FzCsx-Y!G!e@Td*Z`_Q@yw-=up z_?P6@UHJX4z$N%5biZu)8{zQDa9>|54=a3r+t7}+s`Go;Iyvuj<)nnp;1%T^X@1Gc zqwW!QL&5p;X?|^zDPC?V=d@$Q`O|~cKZe&+@avbf&XMb?+rYf-gJ;cso5`8{MQ;>O z$3%a4MKwCp=uyat2R@|VujvPIDhAd%#~mz$;bD|vq{=qe5*?o$e$LQdr%BRI8CxRjRa1_>LkT* zOg%*Cq+BW0(umjMoU z!Lqmc_vlJbl%5~v?O>0#>r?Ac>yq_H8CAP38NYeHsijG}dF6Mg6Rq0H)O^rhb&>LG z_^mM=fj0+`;mcTC%i`nXG0!{oqW1jDwR6m(y4ZlZo%6{grzfyd*Ms|F`+NnL& z-`h@X&EHe2wWo8rg4qY%?vTu3{-kRdnPX*5C+ne$^^l&0+#TaRa53X*KxRm`sm9k* z`&)M#thc|lC+)Dmb?e4*nfd*YYEX*b;0ISDQ?UH?J(cx6je827w)vFr zVf`DOc?}hBFtu z_j3u+52PqhnVTWc!g?a-HFABdB_l`B8TS;~DGBL$(y5Rsu}H;!)w+~! zlt$l>&60rzdN13@eJ35z{65c@4@M6p*DuCel#asr(A>p;FJ0|D)HgMCD+d^t8N(s+ zn!ICG@d!K>*4b1qQSBDf&g>7Y%>mZT`;coJkZA*~mu1w-KhB!b`VC~8^e}ksIC9Cz zHuzNU3uGJLq9V_C)$u!Nu9_X&SUo}6}1~vBx=&pkWcZrUd`*qHFzBf9RS|O^JQ#sIT zaTlMWJL`_U_72vjWQv|e;Fa@Td**B}?K8+h*S?qbs?jakvM2hUtZ4)6kAu5t6ayY} z-BWpqH=*JBQ&;X~?IyaX%`^Bg4+b85A-)to{mij)M5SYj77pGf;OV#ILS%GvJ2eq{ zy85SW!5+E&P{g}X@h7tfSs5vKDSW|gJ|40mCZO;4=y`(Lou*zp@P0$ytn3YB2Q_Di zMMcoZBia{-uJ2lVrtQSmi?DHh8_Cp^9*52G_A^$-7-OuZc|7~788746(8apbxn-ks z)88Fy{d;Ua-wu5^uZ*tO(+F;SJ6*PTK&L2nd7ZV(oxKR2vO~(^7s#JHexljKc8tTd zb#mwAGbDHN?Za}XtG{|n<7H<|hs9x2=We*QIkCeH~tK zI(FjuY4cR`NqDpWnsbWUdn?a-^v=E3CX0<0k5Q)>z7ZcvpO!8qyQ`MDJcsxCUDxHs zM@jCTqgqSbE-gNL-o-Z+Jb!@q?#$16a(Fd&swWKJ1!oWS%*Yy^6~kEzt%sf;FRIZL zW#2}|q>&Ak;HWWVkWI2jO?@tST<@abJhRT#h6>-M{R-hh!v!Vbq~P2| zb+++hfBk0Wd+pqn+C&cO8~X0&z6*4ubcYvL9&kT;(njFp+iypH%&ygZaF!C7JuzZM zCRf0!Dhegk(rqz!O4hi<>a^p@}zfHJqiCH_0dwmfO*_-UR(GL^7XCFxPUVZ@G z?m#-|vzk7CZ2LqGmZ7ziWj{PkvMfJ#$!gKt(OGpHo~F-Yd+A6K?-Q2|&W-#On5x%e z)+>9B)@;n~rH$~P>P$$NKt^-sHUAF%-`GF$o0&ST@RanI|1|ebn7yWeU)&fH^p}eI zI>ZqBhkj&33C>RB*RXiJ;d?Ll(!Y_v_S*e8 zFjKDcFGFxH5q&ume`0Ht`|UKh)LQ}H zKFMwFnHEisv3Gr$ed*U9e{q**>iLEJuDV-(B4^yVUp_k8j{``ruIC)v4BE~tmbui? zo6oyNyleGxopr=Yq<7gEwdyo226yS1$B+TXmaum$Y0mxXFHiXA(`E@TYLkebbG=*! zeJ-<{XDg8JEBU($n2N8|dAZkFI4R_p?$_&|;luptEb8CSMd#@Ej?Q3TWbWtfKo?Ps zgETy;@#_u--Pf)4pc?Wn=FrC6E9XP{yVilJk;I(rMRza0M>5QR+RGj9XC`X>UdGwA zmH4Dbo0x+06R7syvfK?%G+y(*dFAdhFNV9_*7+=ksr@~OcRd)7cjHh_M z{_qOs>)RI2aPxKKe__6^f2sNU?MF0UTVCz?dfy*uzTQ`2zK*|w`FiIF=Ig!aO@He3 zHU6dM>$&SSUk6_8`Fin2?YV`uM3czQ@Osr*UsFSLqOBo{j7(BfGevAMIR$?=GRpYF zqu9mBp=BT89#&*RXE!npSro`gS%d>{j8s&4`%jbQ`njr z30Dt_@d$VGZRh#%9q3ZZeYyhQgtK3eyTjIY4&$hC9=5s~G77tMB9T?fr#ax(}4>X-UQ{NM7$0sa%&-j~=6XxtOwg>mf=KU#}yH&RD;o5fDbM)c#@OYcow5QcOx;Kg+1sZ=3y&&w<3EK$^1K&X2H(cNcRzLL74{YY{7H8jv z=Pucwx0UV`FQ6xCj{2chvZHrFSBJ+OeQ`m$UcRjA?5*S*iy!dkIiFhqH!OSq8d#36 z!#>{vxeIQ^cqQBN_75Y6Cowp~B-f;ensh&SOa&-lF!C3T5M9tM0w#&g-pH z(d);=_tr&@s&1KdZskPwp}+UH7UP9(znteQd|vO2-nL+HrDVwy#58VSuyho85laLk zbS{5BcXj;jA9nS(LeC|Pf&cfd0>)~!`#-e%?1J@@E%^J>gB4Ak(eE?H3TXYg1&O+f zqkqfzsD-T@pE+YCV`d*HZR{b$mXrfzmrc+zFcGTTAXE*jlUZkt`1wSUa%ua4@ReK*%#G)PG@D+ zuVP)smm6yHoN9E;Y&Q7f>)wK0u?2bQ`;0*s#7#JjUK#YG`Y}*L-~Si|h%s{mo|Dj$;h03DJnN<>n4s;pFCfFLSCpcM9UT zw7p6FB9rC&h_zp1a%Ix^3^f1BYcP4he5d|CqHp;Q-?z!_+e_R+_m`Oa%*a8LAJ^bG z#vhZ~oB{uewx#N*9|_4K;hm4M7t&T^%o1B1DIB+_Ejd+kzYtb|&j>n)aVXaJmU3rj zqP6;fukTIUBE5}zea|jFaDF_&{wBTcS@3c?9(&vz#lVJ>MdyH%uQTOi;_`i?Gnl%c zx=%>HE@Guw_1E3H=78zbyCA5e_9fzyPFKW_6Wj|E9*gMd_99=$%l9YvUjpw^ct-5K z=f!QDUbvol79Y8LVT$|Y6mCcdDeUvcGJUT5ed#tsY3VDq0 zGpD$NSwqYHHMGOkeL)U4uwMF>v-TvX`2P)@&*prBsf~!7oh==TI{;sNIGkp3mZgW4fkxQ&s^k74q?H_~Jz~$)=5fioa z(jJtlhmNOvW*?|sPHtOt^_CsbNwm{%_R${Gm*lqJ*K^uqR2PPIGFS3NcU~qs-p&4T z1~Oz4e<$(xO#ZFPGI!jCY`^EeL+x|IqX#_FbBVvzLHlazjT#*MePt_m*2U%D4C4^Uf9628r09hH;Dr5B;2S9Qy|dGcZF=R>gl!Mv$@99nCnxbd_aa_DW~E|)G3?n!V;@(R zh%e{!=u3`&j2%DgA~_~BUTC55ep=&YPQ-h$(aZ_+RtkSN-itI|<|`a`3Ge%_1c&#B zafrM$4h^Mn2=fBtDaOOtbj+)4D(7oj8oEc1b3W~Z@QCawcaNUY4G#IbfqYJHRU8|8 zNayGh&gTT()W&?f_O(Hs_``Set=7D1RUILPoCoRrM!;`J}@}Oup<=1QlAa*pt(!W(8lUamM*GGw~D;R zq^&18oX)h})xo2W0$&<^tSU3EROk-waGNwS^e`>|tqd(w?oMt~zc@cmjq8oJ&qUF= z`xd7&6}2h2s}UXxw+rN30gv6apm~&PAbxQ{OttL`csJk|jIBjvF$uG$X@c`P4;6kUFU?IXS^Zd1r(`8K7#bv(8(;IaJoj>lxH z%D3luOu1Y|>#u+|?=Qn=#drqw77d@}`&B>REHk#l1$>roQ_N?6&G@0TIb6VJ`S$9w zvrM1Cz3+z4@@1`z-lfb;oNA8KB>a0h_ZE(xccbq(>po z%z2L_@3gPhe-K@UJwj_jc@5$HO+LB|?c_7dkmK7}TNg(+BY(}yRaAPWhGt=0J|AC3 z#`rlxqK9+{XcEway-f5lxrOw7kUexE{1QGVG}s~k_9^5IM&rquW!CR3;9_qWy>TwI zt7Jc#!MFHgWFyO$qV;o#SZ)*jp)Z?n!tZ*av20aC;}y+4;5b+QesX-Fm+uSdYW43= z^Eh)L|E!)@(AOMl3nf?herrQ>e(Tk;@k~v1M~Uj`joezZZKV!~Xfc2)U!sVE`M# z>A#;@&0NrSIND2nbp3p z)x%fcw}E#XJ)PTmKxYz+Z;i83t^Dp^iC=XEV^|Ikwp#w};4TDmzEAtq;4b5jo6maQ z2+T$Bg0;UYiGwLFp}czKvJ~@Oi@W>R`oKbrmU(1^9CRQ@tkCps^Od=ddVFVv)$3tvNusLdGGV5&HHln^z1)$oSyY6 zIcLP(6Y|MQ7Ia15F;>-GI+Gym^0vo-pUy8 zBN$%-wzk&0o#Vaes>&OdA6m9|0{)R4)_RkVK{?Q+`gVKtaQ%XJT>GBu%kh)(or9O- zi^ZR3t&U@?*l_Utt@81%A7$|v+swT}-UBt@WX|x0+SOWqa&7nGCrRKZ>B5h&2mgK- z{u0%)ev#T4Ztp2ImdNjXADi2IiuqV^Md7-Q7*}zOzdt%{pXj7myJB{UkS?k{US|x9 z9m^e|$?8K3lbmbohd*47RI*O;@{W9*gV=puhCqM$-m3+F7R{kUh+?C z_^CVaSs)LOGcO5bzI+|~qG#iu;(P@C262v1n}=@j{XF6+&&DLg``X`1%}1AwzZd5t z2#1AVfLDN%fu~0T%dL@}Rq}Tf-a(3-`m>YAhu8k;9j{vmICb z`N-oXZ~ya>$In*&e_I~^c-JeF$KU*j&rdHUk7vJ1@^~uo$q~ro$BoX79`$O;<8f18 zG(P?GpMgBy%v`-(dAyQ&lKdP-9tSj&T`-(H{-N~j;pK4wEGLiaStCQ_aWs^}&0fM@ z8nl%yYWC4_)*s5gn&gZ^;QvJrlRxy!S0O*6-tPB-{5CjD(3W=wOzLvvzipnE?;c2*eQ3-lfM zRC?RU-QsK@cCU0l(PNgQi`nO=9q8)4;y|L+JNjvAL#f`!QhYzg&LFQV(L0TE4ObkH ze_^=s?_>PH#&?*%pOSp01JJTZx%29`3)o5gw8c3n##UO+oUg<-Sb?s!s+d1)Jp!#p5Wir*8b^L9?54HNH$0}o+Q4xpV*mn_?6AFhc~2l z-F?MW~E&&Ypw4K|kiq{i;y zy>OH+JxceT@VfxtR`A6J_3@pW{W|yx7u6NaZ01|!UVuw|zK=)2MYyXrOkb#vA5fDe zQ*Uv?K5@7g;KX}}(@(eyWC%{^`8DGmPSdjgXmRSqPTq@+oIzFwIE8G>0-Qp9+%KHa z<&DiDxomCGM)ZE?cQfZ?EuFrhyHsW{c5DjCsl$xb*r<9o(SPRgEXMfd>kPNOgTCZj z9h7_lUcCCmuGRcDcJW5$9(gO6^7*L-uyhyXWt=*B#)eWG+0TmW9%qjkn2GNUf9wY8 zOzm%*IB);viSw3?uiUvD{uzkkPaDm5WAG8H+e(s6^V}1vR!Q}=gk!Vakf{s zm12j-kgxq?;Q6RO2a+4#lZ@?HbwFzcd$>oks1y7&jvvrQeiiu#{*!;IFA(-Sg>xV8 zLuM5EpYr}Gl^&Lkn}32pSxN)}IF_&zvI)o&6jNdjfN?=_TO<`#AT~FU8N6z>n_N z*U(wwX0FcIcIo>Sb3Oa~s_=dG+Mo2^zr%id)iT<~BJM8x(m4H5XcZ0VI;;VcCp_2d zNfhZkhK{V;?$)yp=p4NKL$OoXYrNP7xp@>8S>wT;{>XqAsA=B4_U!q&JXl#a{8FxPd~M5%vl_pS6}UTz_M99Mhb2sdP- z!EJzA$j75q(^+$$Oz#ZiNPD}-q@VV37tkI$Pfy?Me`Dyrg5T6OGxerc0C%V6qjD$b zh;ur}Dc`93*5&5UD7z8}fgnmKMSJ2N{`{VV}aOU*!Zl6Tp^0LReqHuh-b z#3_vZ5cY!NNhbbrV{^|^o1>-L%`q2eyV2{>{vK1Djo;db!f<|pKC_K>rvpbmGSe0r z$2oH|2kSYX{kObJ-vG_{u94rFUHk?Q#@-aWo^un>ypey}57Lu}?cLz@C@0PI$#2Da zf^plq?~0B(S~J;=cYL;z@v1Iu-)iV$=Y%uhhL)TICuatF&gK8avNOBAToisEH5wi7 zMd&n_HuK59ApT?S?g`U)R*1&E(D(w^=NZ{=e2%uWd>U^f#`Jo|ru(D=T;~IKW~e=J zzM5Lseq#1i=HNK{u5t`jzde0-b8a8|Yl8i?0eUkB&_s2zPMg=+@r2E7yDS^>FWx7) zCLYpW-{R`3_EyEUKfbW>TZu!_HBUYbPIvN;+Q>cYnFGaH!*loz$+J~nkMej8&G{|e zFAX1xPep(E%hl$|_2?`e%pd%&_v~k1Q*NQ;Xkdf!-GAu2dd9|D$)MYVU$8C=&)3n$ z@q8WMg?Row^yPSdAv~|OXngzZ586M|i+tX~R-0>T2xu+XHD_Q?@}P(Jp!6maCq#CK z;Y*iv@XxbrsuO%QK5E7Hq_K~U9(M}%7JPag^wF9#G;{pdi$1&1&E;9yYv2X5E*PX$_p#qr!C%YZE&baU zoi@*Vn_m|}wP?!mm)i$^HHvzwMLbrV8<4beUoyWFJ6ijI{1|&Wst^3lXkw3|6Zn1N zAarLRuJml}u7%X@n#lZZiad9OINZQQ&I)kGZrR}pLuz&rqZv{gWCOOxA?)L@Ev|m9 z;`v&9yv5Jg=sD-Ki=Q7?t|jeO@xHUf`%8G9EYbgRp4U*zsTkf{^qgFq;^&KazP7~o zO+4=`@q8A~50&UwcT65C@qNAEpE0!G+A`0l@VvPMp8sI!@g@FBFA{B3W9I8)IM0^X zg-kAPu`fj5js|Y=^8($WhaaY$we+;u}YyAZQ9VF{(?VZts9j6q?dcoWmhE?;1 z09I`oSchNZ+nuFg?Fz%%#vM@>uh*1;wa&)QOTjwbj`gEqn8^zRm~6@=$9mY+x-K!+ zjbT{LO#!T*m4UU+#?njS_nt7UPVP&xV|}6wtO$F)?DbNxE-C}-P#IXx7hMY0g%*~> z$MA^vrubLOz;bf>W4tehhmO=E9!WjpwfCO%0y2ggU(qYJ>=@+AM1 zebm~sy2bDXyUOAlhV#)fa9kec5IEq`g}&wR_)xj_);1c_9z4>w`)eu;XKficT{c!; z3@5y=p;wZtjL)N}=8UmrS^GNUDH*2ovWYhDXd`m^7%|1>v+em-a&wJ;C#rKI`Ln2D zcxG(}apJr`IXR{|_W!ck)W2&1mH=I$CNL+(QCKoqV8L~){8f=uj*XXKGB=KydV#mHu-NO@dkT_>TWYP z{a;J-F>*T4wx991keq&|EdDzO$;x_Ph0d2okhPH=Y9=gd- zE$nmPw$k%iYu6P1i-P$`lZz{Q9f9YR3t4I|-I{t`h4VS(`z-anJ5#}$E$B-$=`Dw! zt9?+^rXaT)*%GGzNMncD+kKzINMnbWU**e9#oC689maPckC00)o|u+gDT*B~16C;- zIhsBl8FB0|Sf3jA%Z(j2fX7H;htu>O^HeH!c&?)h?-d(#vBQtlj3{;(;4c~P#=o2K z`|BVt>r2HBk8&1juvd9Kv$@X2}3S>6#iHY43>q6$p7uy;|=GwL{UR(`qI;XPIcxY!~6Bxoo9 zOoZ5B?h;~$>U(~3?iQUhrjL@b!$m`4hXGwg{~&fqe$pqC zjCC&d1oRwBjHMJ#j+bKal5Z0a9Z#m!@6XJG{8&Nk@Qm!Ux8Vm~L+tPoVux3=hQUX< zb@HVk7xS^hHSoeL8#}D$I~O~g!M8TnRS-L5oZtB}{)ibiCdMA*zAK2+@m}Lp?C`hT z`Jmqg__l&?5Ia0Gd;T5pCAcIvctO2@02kSR7MFrJU8s*o{|=n0El%h;?)w6qc<*p} zycACI{{*qav$98_p}}b*IBf)fWOaa({28Ti3ia_N;e@9il5 z(slI1o-Te4VuyM*)_>-OV~3%(H_=xRI|SZG&$O{a+M2jAI<8!w2Ybp$D{bau4TEtl znjIo$sQ9kVXqZ?b?<6O>X_H1iBsx|ekYBAhUMQcYe8loOE7npRFZBIS-o6xLDTo!K z_qbRdegG54)45OlQrQNtV!)5hh2mvV)s~xp%%vV+Fa8GjD+wPf&ovRMWngl!SO+HV zQg3s4R>A|jn|pR3%jz^n=$nFG_dR9yV^gzPdbWJT$$I2tRJj#*EYKP1M09et3i`wp z&zOshW?w}{%sox>0pHxjd7I+ed|`Yvf9_7F6I)jz-!9!d81?J&DLyM)+S>5tNGF`j zS~7Ewe=v-jba}-??xlvQ@axdokUK4YQ?h-x;gN92>iUr>NN8xKVI7Tc;P?g z9e~$P{I@y93ycqze!opUsF9Az$-3_hDh6CQE;EKjetcsG<2V$KZ%hfrH#V}zxcJ7D zP<(^mCcYtBSU4{*#%(sf@f37Z&H`&;6Z7WJiMtDDB6Q$8)qg^^$cM~W%fvS(hT4u z-~LM9T6;H*4f}4bO~xCuHmqc)`Wr+psC_^5!p^#7aZN>F!w$+X3g4-}9oVq4*-Gv4 zEsfTO1^$Vxm$IHOL0=ga+}-t6a4FSpdwuzKY1V{rU61Z18SI}`9jf!JJI})4`%-;> zrcB>mb;Gv{Xu9p(_z~+D_`GP!+7dlt+>N?gG-W*r&lqyloXdo!4YFyGn})8ewPL#N z6p!0xPeUj1YOCmK{qzawiX08jeJ7x64gVLf%0{|~HknyIZIhhi=w{7%=!=q1-so)$ zi)sDN3f7hN!wkp6wKhIUKPAWe0(pm}czB)lb(d-v_Q!~a6@M)Sqs7+!zy>eb_kWk^ zdwYRTX6U*Tt4XKr*KCxpoH^uF`oO~_Ou6W<_{e(kdY{~_k zW#~IurtiZ}zLseh(0KN!VBZ>$jcE6+9ng4Nm|OG3eFw7D>|;aw{zRF+1KC=pooG}c zz7NUPxae&6u|T%6pGZFl(|M`rEd4-qwlY=c*(Fou_b%q=d$^mX)E-tm))j>$%1?BP1EHG&^ytajXM zO?~U#3)Y%?Fkc`R^fYI5{n(K13{h-oQ!Q=m{*kaT%u-`Wxp5m=lCLSO{yzQ^tvFlPAwbZI@ineNXnMq(f6V!@zw==dh-{{rdU*F^`#f zzwbTwoO91T_uO;OJy+{sXWJ9Cy+PtO$WyK}zHepBEAMcH%^@dQ5bYs*Z^O^PDIcBe zzZ+Y_pW9Y@JMV|aTo~Ug0K@C=J-qkB$vyYSy5H^eCnF%%XvB*5G7Z;{7%tH`u=D7{O5eW!si!!_SAMnR#xvA;k--n zjq1x-duCtwbB4abb8lPvKAY^b$>Ps2@hJz+-xPqe#@eL0XX zBP#}~{-T~l_jxUe7a6z5%(zYUzC^#DEYR;SOBc}ZuOQ>EqPJdiQmu^V=q}`&9Afd= zfmHle`Dpl%-&OmYv6EqZA|)-JKXw{8DdyEYZ!B)%{80Li_ldlVy^X*fP|owY45v)K`JrxwJB9}8FUpQz>IhZDFuKOE5=e+K?|^eeaIQU1%1YV!igmmQ_OvK#QdA60qfU_oxW;Q>6;z1WE- zsq-}P!pMShhA@^=Dl5NswELViAAbmb@%9hYgt!;$Ddvqzdq37z>M5s;kvrOoJ;{9Y zH2&T7(8&Mz`noP`yz%cLUyH%{G1~Lve2D+rQ{~R9Rluo`U9&!5e1@j{{l4ATy|_raP3?Tbc_zA!ppeV?Z9 zUg$dzPJI&k;tT8W69&5ES2DQn_Tj4j*yG~bL4W9;wvcFB7%(|?#GA*2_a5-xZSmge z!}~7k?s8J)@OK<_6^pF0F5Y9(cz@L3z0CAWr>|d3oH=dDr)&JLv=_Sz+;@djb+&Kz zsQp8<|Cnumi?96%?QeHd5n>U{`Km3nPg%9E952!Cv1uIY4GtfwiNA{N0Pp;G%&D2edZU!jRA4Q4QZe*J zYdd!ut$=>Jk240E3?9qDV?{Xi-VywN)U}N&-sQ}HB*0wpQn)MF$Nfr|IaP7}2k$Gy z(~j?doFc;L1hh37fK&;Z?A3tcPY(lAFk<#SH$;sZx@73r)p2rvRDS}5u(AhV><@jm#Wgc3rxzglaH|HN! ze|xyAmv*k`eZzgfd{lFM`I6?4_2tB01kabow9Gj5jL8+6m^s${jjv4mt@7nKg!k2&`U z{V#vkrJps<17$b9EzQfnD!_wn)+e1i?-*Q49V6?}?ujkh<4fZ*(@A|;xRioRIk?OW zr#{GkvyTQ2e@%|u-j{f{z?G}xuR&Mvf)>$Sj&6ULHGF*T`oPGEn> z%U9McA`j^-;Yb^a1<<>&o;_^z&sbM~akm)phyl*TGEOJerFz>-TN1Crlh=aeb#mvU zcw|OR`EdHk`oz{DyDJ29Zn*0Pp3fNPRNcw{80|*urtU`07pTkWuY%3O5fgGxl0%w%l0&uIDq!g)10seZd|NPIIC9UYvCv z`d;R)zg#$L3&3f!I%yCd$la|i_D*wt-*E@y@=?)jW22$j?BD01`TYgj@@)Qc-VbU| zbhoqquw!vS0T^Z0KRu{EI6mmn?SoTU08Y&2_s<9C9X`6>3*EW3G}w+&$K;J&NIpx8!d=#bKN0m#2?{R9s6xdU3`{)zX{v@~kw2g{xNl?zgM)Y(~ z+o-MM4}0yGP#(Muzs6>_E#1>QiMFY)Hot7!{=;>&jownsPsIrO1G>yzkww6=wo*Ir z#qSvUNb3jWy4vIUR}1jmli!WJ&)plzUbBwxNtBOjNi>4*T4V*=*W_$G=5!t3SU_$z zlLwEp@~la@|0Y;-JObX^slOfCo9k+{9{SVm@b)%v=2?7haSNA#e=)x2z0Hd_r*M&E z>@i{x4smv8v@<@jVt7r6?_%~lD*4vD*lN#=#1DnL^sdtPZmX3i^Df|w)BC4npV+#0 zT0Q91P59nLv3ZuO{RP-Wk2zhk0fbjvwy*Z6>xOM;vwKl7bckrUiM?p)llaVG%=5$f zK!^1?$qtV0X0F%%>K?wa8T09Q&lfRJKR$cC4E%2?4)-kKc>Q|%zonN3!-_S*??&!C zUGAhl*Fx;ca_}S0z}WuQFE&>4M7y&46UV~zv+bwu;uhIE_zH;$<-8Mm(~Nb>svkQd z!+N@jDJ2KQrjBwc$@#s3(z8`)YAPAz*7n_p$?M>NOl@n!h>CD9m8 z&5-?0-^`HxUZ8KTSHEmN z&RX2$yrgXIyH?IK?3CQ12XqcPbSZa9F_!Rwo@em$V6OHF2TNK8 z9vaa+gB+jHhqhjpSWSO4QD&}_(plQ9`nU0Xb0D>d@#fYqq5e5719L|<&zMa8Zt8EL z{!X|4uhgGajC=55jcE49O`o;XXUrL1pMA>fGjwn71N51#a|9aRCA#1*u|{XbnG-^ zP3orx##Z~t=6L%R(s{;ql)Uuss>82Sm+HSCId~{Q+^dzB_R-wgKDuRKLQ(S!)DFp~%Ed zGp>|>{)@Gpk>$zG;6#(V_p^R}EVlgMEVoZrJ>d5x)IFP@2JvH>pC4xdEB533u;R1x zjOR#*eU}Vh{?6me1n$AUA33pgvc@yd3h2x%n%bVqkB4Y_=^yE1;0!UIvtZRdnID#s zxwFKl?ECp)2%qjZiO=CD^23UkKod5i#&bo;nWwW~t-(MW)() zlCRWu2CqeKrY5y_C|g$ZFfazsqwKv3*Lj@Zit{_ZdRVi!78*1^Hd~pyy|B!+{abz- z)W#O^!yAKV0jusi`C*y+Q+btY80zN-nc(LZ4K zi#xhk9}LM3N8cr6r}M4%@WAY|R$z-b*p>b`{!pH0{(GL3=S%y+cjlaLCFZ{+K~4?M zG^GZL_%Ie6Y`hs;x7B(&d&L=e`F7rC-`}9KwZ-JVckd_8?dNE_f9kt8-TT?^E0}dh;01^7V(;=fe%2nfQZ& z?vcb&PbQXn3bE89O%8MEWXYfMEo9?u_m){p>#ReFy!?t&d!9RKZ{*B|_I#9&PI9Yw zjt=$*>gl`Aq;kk!vkCis-nBVp;_Mqc$alOC+Y?()IRWchM`t^yZ{l1R z{at1DrmJ{fdQ><^8o5zZE?T$3;U>f#M3cx;WV=wc;?ucBSlpmz6 zaafOX)-SSfxx=H{!}(wVxB=?}%Y`dm$BUdU_Bxx*dT3Q(L)4C&coFLWtw~z~8(Q&w znYdHYC|?Dyna)Yp9LrFr6?y%MSy;{K7_jq;N{8M&AiXW4Sz$I z`gR{@>GXXcYkI$4RBS`G%n`#;&p9K;M^a}4gY-jDI29s)pW-4n7#s@gxJ3qsjDGXC zB_FNEo#H6GI1zJRAK6!Y5a&sg`+}v(cH&6d(5?H>r3v9+<6e$<@e`#kPuC&8iZ|9> z$;QtMuBtajvI`HhbSHJP{!{ia_wc##E(P!f*WO7^*C75V_J?`Dcdt|9pEowru9++R z^9FLE{%6jfXV!(2!sM~NfwNh~`{~~#{aZ7X{`lh`2Gf$Se0t8Hzq9D1@3uo{zB=hS zBd1PQjF;`3;|q~*=484_{ z$LKHR9ny2`;JdYk2u*iRu@_+GmMHT7_G_?n${7=^kt&h>PVzu@25(3v;IsIZkll(O zv5|eN3G}(j>fD>`1Y!hsF6Nxi$El~>j7?=fno=2s`T5v%3oLm_0B41M~0q^>GH!Cp8!2cZZo0tP#_$9Lh-|P?S{0*|L^Eb?w z#!so7!@bC*2mABDRvRx}O&dXA(~icrKQ_&u=R#veab?~(K@RyXo|h&Y;Un=3U+e=v z6YrYtgVJilWBGdFoALE}F$lDIL~SE~;#og+!Jm0ob9(07vp?QT_fGW5|Ehkc&-c;a z?UCu+ePR1~IPK84S?xgAx73dGTX{Hji*y-sQ2Ev$enoxQ3H~ABCwdf9;o(QURu?~4 zM!-KyMtJ`Xy{Er~f0m5o^lvvdjr4-CA=QV}At#`@=SuaE$tfY|md*y34V9Ev?1RoS znm(g^l=fz*&-mW1b{QisuNHBS^)NG6`TI-yQuacwuBiNwGrr>XbCfh-{!I2J6`}8>`^&GuegzhyBkp)%E6yW2ZDvWcobI zmmDl1{%K@OVmbX&4^11NzbR&SGAUO1cj>yah&cK`jQ|yFJ%Ezj+o%QHA#ggcL z83S8qhiN;$<%$|)ejN7=c7*~JP0F$Ij}{mC^AdAuZ-luMuDPS}+)W*gAKKIr;XCr7 zO>HlNL;Ja#wyAygkfcLR%n^8M-(7c>FaN98@GXC+I(_~Re#IXfS);s)Mpv{OeSI=9 z6I^D4CpMM#ooUc*#Cd9J71?Cnzsjiy>b| z*3bc=aU*sH18#oIZy{eQdxElQJW8lDHk^7@xia8|?Bzn|OLKYR>49JWp8ba$zC2AE z!r`*3fV&#M1G2h`XMd)SNcV*~o4w`CI^q}Lr1t+@9dX|EgLTCBfSIc!4%v33BSP@^ zY<0wgUOjZgO4>SG9dY8t!8&4l`4Bo{VX)cL5gqI^zgZp8EZAqz5uP11NJlKJZ%*ro zvWli{=!kz{3>ew;bVT#b2Rnl2^7#;VH}GBmp@WJeKvx_*sxUk2I-`CVSJ;L)XXRl1@NdA()en!_cBCI1_F&<}e9U7mhu)&AyY<{NB-v$Y{M2=e^RW@^Rz1)k+LQii`La0*zhsR z6+0?dy#KK1nt(mUJLR2q*f-a`hgw%?jo}bSa2P+R$xVQ7Mz*ZECy4SPV8rCRwr$=6 ztiGu(EVHJ>_UdFUtb5NpSqsayX~WO34?o4b(EDmrZM{Mtb50W9vAfq32fxsWu<@<= z@n>zBO3;?p775A_H@cH`it@`mPzf(8FLPQnuAi{6bBSO$4b{;?p{~H*=r4H`Bc@Q|s)G$Vb>4o5*Ks@=#=I z@&WrSROg(!iS>{2;lED19YK{l5B`26Y2t0MqjlE_w)9mx+ben%i_&KH+@8aKe^qiA z`w06uhxDD`s@kpzt7;FHud01??yA~zu=eQ4vV+HXfz)jqguRqX@q zt7`9kXjSbuyI0kI-_TZftNiMRHKRe#d0Pnhq?x9&6FQ*XV) zd{4jiCi7i-tImM6asJDhR`x;Xb7lM|XIpJxOmS^+41GSUxOT*tQME;5=5W7Aacwcb zOUBGLzen?X?3lNk-{bf_VGQy#YgFyTG3V4y8uNj`IsBf?@2O*!@cW$F>0{2VEgkc@ zz`5jyA3LilFlJU|VDv1#3k6E}t@{*;XDwo^X}{qc@VgZs`o73jN$rnooG2enr}|3$ z8aX#vNshSAAol@ipUL#uxMU~mDCNB0Mt!YeSR*Ej>2KWwP^|Tl^!;Ae`pgecS^tgp z8{D?8OtQG?Vh6rVK#>V4` zcTVOu(HLRv9~gd0_i_ZSE-?7WFS(hv@Jp_<=dHwh(f<7pQ4gD;gYg&RSppapobwK~ zjgYP}zB1L)h-unE%Djh8h0w7tP>U@rovDH2qYowjEoQ<+$gSEUl$CK{cN8wlZwCc|G>yfX@rf&LIb4a>>8<{t; zVUMkW569pq{A;y&Ma+NrCw>`z>plDvf8Q?tKjivyCh=SIobJcdct{X`+3}Fup0UMv zE_uwy({0Cx=IM*no6E=WwHP^H;qo;EUo}qB&zHN;|px&GW$H_R4wAUc=?lm zaC!R1GH71mjt$A2-lce^I~@$4>wSD~0M1e;)d-(UfMaYa%BA_d1wJ1|Mj69Fcq|>7 z9>Wdrcq#WUz+;2gXy{nr;pTo=bmX}-b%^?42zZlO8@v`ifL-SJOUo<{0 zx)-=~ciLxJ}xipQX(D+IL8nKtOH$T>+aU6YH zl0)Oz92&=38cTC%z+P48W*c?v0J6@-$~yNV4t4eJdzlMK#PCQbIy5Jmo_$2FWY|v;h%)ZwZ z?D+@WeUzYZ36k59yyCw3H=SF#$hJ@4DDRBorG{$fUfLlxfql?=@-5mn*e~$nLqwbG za^;B6ZBP4b+KV=HPhbzC-RUVNrb72p|9YW&FZB`jouy0qkO##;Xzy9~vqvW=f25l` zP;o@ZLN@0->x**An|smVk@1;RuZ+ET^$C7#?EH6gkCq$9H56^1gf{=4q3Zkd*!$^0 zPET&L=U4o7g!3@l_E2@(Y>p*=U4ML!?h4a>mUzSd2RR=?`?bIS26xcMh#`0bKI<%8 zf1~c=bb30G74_-IkeA$bL`QH~kItRGu^c|4%XLSYpB8UDp*gL$30Yf@EUd@w8O@kv z-V2Qj6Ep9m5*vAb8{eDx#vY2_rtv!LBspx%J(*GTdVHmxIj3Spd#4=UKpy}nbU0jt zE!h>C$i86d@EW(Cb7}{3TrGWE+AMwFz}Drk8fqUf*tHb{Rfx<^|=YHT}$a z)Z_4JANKCe=V`zD-0H7mGi#mda7NY42Lai!E0a!O;q%c3C#AD=CxF?fxtaM~u#a2V z|LKR#8uvee-MbxG-idt-{KS^wH79nl$F`e2Hpv<5-;T(&$xyM{xYli>9{Z6to&)zD zKAOw4mxR1Ota&~`+wp~b_BbhWHyZwXdr#(`Q=4CRF>|5TaN1v2oeJgCol76t_r=ym zHFuU;9x3ne3!CVRx$vlpJ(&gUn~Zi+72~8+2HWLr*7nH9d$X_agZr)3=y(3dnWIAR zRPjG)T!16HR%ahNBIA(HE0Z0ZH59!a?ZF=HQJFJ`@OnP?edfc(TO-`rPh1w~$#P{O z&4Zb~b_?*}pTvWi@L-N?PvVdx+=CkAJ~HkkGx9!>cjzbCriulVoW{#DaJ{utE)PBd z4@_JY^VcZ)qkj^0&=20)$@IlkSEke#p9T-bD0qBIFn(mu$&TvP|u&y@4QdyC4AMFv$Cy5x@;#iu{$;_(*h8M~Kv ziJ%MX4r^x{-40$2#Bpn0h*3uRwj9||UmY3dJTjX$#c$#NwHs-R{_dy0r5lEl`M_`8 zxjvuF=hF!%mb);Gz8SamvJ*z%oKFnL`AO-7&W)3*zkzSY!C&r7ls+)`f1(d`Z|B12 zhk>VZJL_Ipe;lc~Ba%Mhj95y!)BQ1_{+Ng;eZMZ>eD1R+$RTSM#!Z4Wg^-kV_lhxh&%2Q!9&^R_#3eOTx9be0EtpvmMR zh;runIA@;0`&sEm=?l$0G38@mu2W8izH-XU3?Ogd&bjE=>_Dn_4$tRuhGGUj4f!&v zD8GPDRb47niT=j)|iQ4R@-_#J}ZroXJK`@vUgRAv;BD$;4~m3jAW- z!B}4>oowJ%jNqF(z)81W-deIWz<0sMlzLGpG`v1uLq2X0vf}hS0 z>DdE3OAPRA4mi9FEO1m_9B*7!g1_L#DU*1`j_s4Y&(%Y`7d(ya58vj(^k5VNBLoaH zW`Pm2W#@yJ{4UB#(Ce!|hv#Wty#!9$1F&np#7S^n0ginx4&C@}OdgZIu=vpuhtFnB z{xbOL8N4e-9`NC&5;~u?I*>{<^1W8S4No5yeY(Te^uvqzw&(}t5h|xI1Y7xeH1-oO z(ze$hD{X%WhQB{v0AGA2{{9eOV#mP2_Q$KM-2S*y{qX`Y>5qi^llS6lZoZwTXj?Ge zr}9U`Is;0Y5a+x{Ena%}9=&@B8tKQx(+)8qd_UuueyWEKtzos-l%Px&PnzJvdfMN} zH)qhY@OTnh;Qb|2d~_WZsvrLNadp>Jaq##*F+j z$|aNTqbA!&z{~2R#|HONjC#V~>!bf;`zXE?dLDE8NIt)x@)5p?+2F`0G@5t!V>2UP zmFS+tL)`gIY-9hUF7Izf_Qkt_hXSd$!6U_%B<`2*5C7Bwl?i3f=e&>cUbt-iYue_w z@(M{Vo}wR>6UmGto~exX3mVlA2PpR_AI=cQx6qFfzPATbt&PKayjW!Er%%V3(>O=S zofoHW!k$rVv-+Xe*X}alCFr;QJe6sk`JHI0TZ(scSqv}c&O*Xo&FE)Va7htdFImY%7GKMDSOZFSOC+BN`2%$A)h{_Fy7JD6a|)izX4)cOT|;hf$|zj9wXqPc~E}2-n%k&Q`dvgdqqI1B)!IRJb1eX4XC7<+_e8CCn5nve|vIQ87-5p-6CS~WV>=xR;Kad&$ ze)0QN);Sg8-1as0e}eu~edhMGPn&!=H!hRX0b!aGR|5Zlix_ zBhI=_d7Ml>eBQ;u(`zd>Y44QxlViy6aJ|*P8#8fN&%;OAS!urQw0r~Cta050J~@07 z9eET82w6ApKCy4yW2GDxctbsgv@#qHMEV@_FW)9tof$+=Ab(Zdj z)&2@-f$pCG|3}cGu^xYj&vM$Q?=`0yzvy!C)SUW|ol_;_OKtxw%k+;~GcEAp7Juu3fn2Y%dm}GEgJArf%GYP+#vk%r`oh?9 zzrath1wR3M9e1+sH}S;87DT8{i=Rg^EP+QGC*!ae;lOQuNTc)cY3hu=K6e5X6>D} zg#{~cQGQtBt@2lSI<(lzo_SuCdA@k6bJZ`w-N=;uFAFq>aVBgoWzcz^j@BI9%R7~m zj(+CT=sf;=@DsrI)})FrGw^KRKS(~1*qqC|^vw7akf+3>0pfMB)j7-D_ZZKy&4&lD z?;8U>?vUMt;=O!2rhn0w&hB7O zg1MX6x>U50af1yZe|H}?%(|?z%lIT@m&qp);r({{Uj7Jdp4d+6+{Lq9yuS;(vdw9^ zy8iXueb_F_4HVm~diWo9^Lr2N?B%{EJ-$lcG`TPY*PN%o4ocihy#wHS zFTU&p=wj&q#D(bM$d#Lzm*;8CZ1VeH=g5A^8B5vyRPE`t?3gsQ_XFAY)R(<96pS_R zDhy-OBKQD|1bFwa;B&}HRhBuY%$bmGhk1cdH)}WiJ&AUwE3qrkm4N@1SMvW}{_l4G z&)~jS*Z=LcVM)LEq+TCZ#G;n>I;o!K=$(`SIE`o-!Oc)ZNz@eb@2+1#32jK2~3 zt`u&|;GbR3t1sc-BeMNorJQ&l18>9o&Co!w z@7|)CRa!gKPa)>qTwCoh_NwMa^L|yhc?ajRv|f~NLAI&kpT-n@qMRUC7=B$<9Y>!i zhETlL$H++oJYGs49&=KQC$bOL?R;E$EhRnIDUHbc)Q^KAOo%LYn| zYP7bmz=xrjDaEys>m_v(xW@!reLLKFWTx;eZK%;XE$B%5`;wGN)T=*-^%#HO{jMG~ zFh|hm)WH@XXY5$c0O7|qemUdsqn>D7#5^p2-|A~w8}h%a0U5v!jf0!+2{i2%IrHi~ z92VrkVSx{a-4+LMukhor9=j+P2kQB8c#p;5%ff+p2oDFvPU!yA=)H_D#^dqXd|m<% z=YjF^DTMGTgqp*5xA&QI3CR)AbkA}2pwVN3f8-u$TTT8l2VSs;8M=(KsdK4c6F9}$ z`KwOOWsC=$FDzL@{zu0-cX9K9gN(zSPN4L8&7rdY)E~M7wi8}!-y;EUJ0lYh9txgM zY~%R{RYq%0Po6r+-*Xi_Q~PTePi0@d*xX+tUgKN)eWNqCGwasxMh*GX}$Mf z^S{675_9*rzy6naFFh1u-@0NIch?9Y91FrPOKzBB7;;;7I4h5%f z>WECi_Fyd#bmm=bW#IQ$FfZ~xR_e<9$`@YSt(atV_k6+AIz+rb-;c|-p>?olCw;6> zc2YJzqNg?TOOqqn+O%0bUgPDv%&8|F{)_e38SAHQrJQ!Vk;jjb_lo=V6lZ4S$-*=9 zO5M;jwWU1!DF-fn=-O(|BaG4W`mKDK@fOe+aGz_fA-R(sgYJ89jrFCb0+F%B)AG;1#+%^(1vX{WJ`H z5o8R!+MCfoZNYO7-upGidMP?keLl*@FP7pbP|k=;iLvwYAbQWPC9cuStLQy@gjh!M z&wdJA6dwcLRazHUAkV}vnbO^OrEv$f-b1ny#kwyBp zt?}GVM%R`&u5DlBq#ix-+U}Fk)nA01m7v?8;TCu><81LiR)DWYFZ{Y-f42QPe?8&) zGV4lL9)_s@V*dL6IJ7AA^+M~qtaVOlQZZR39&0Q)Ah{zaN?ew7s`ibQXFy|b5xTvb zb&K{iv`=i}0c;#|qP(ug#7W{CW*zFqj%DdRPiJ1h_+;;xJ?%_BcEgm}43$On?dr|_`JSpm+9f6}w!S=fWv9L2?MUIcy14wRjb zjx_g#KpVD^QziS;jAitMbX7>>n%~klQSvBhZSTj|_d4$Qy45ZxmA& zc-NbYw+jxuj@~AhLVZ z+roEOoWAiW=e9Vrd|~ytsqD9*FQVv>QCq`zFXr9;$b|Y}87uAbdJJFw`$K2TioKL(L`J|mg z^`)DLs|CNDydcsg==ywcJ-@Oau5jC7aWi_TKwVGPe-V|e`*I<5XYOg2Zf>hDJ=oS= z3NM`vvE6&8d}{4$yW5njg!|Fq^TDjWF8FaV^eC4J_#TAzTcYUS)0=(wx<`}??E-S4 zkq@nYWQ)%5nVcgH*dN4V-b^kB`93P)XD2Z@Chlkj?;a(`#%d=OCN^0$qH+|BW)Dx3`>i73+5f!F`*nyJe;GIeFsQFk44z4G-d zMoV?gJ{)#}`d0CN-kH^}|2?t>%u>lE`BXZQjRZW32Sc+= zJe_!M?U+jIud@FAEZe0My{xzm6W;;fJ=^8+Ph@PD@4}yaI@IIeZr-2X+`!oZH_wxa z+wj5q%2l%eMxeVUqPx!L48;hOCtG8(k1=?hv6RhEo5yj1=)qr)e(9^HT!X{CNIYB0 z`DF1AA5v>@cdg663zB;$GdF3RF-DCp3luNGS2zAVa?iwOGA@xzy(2)=#1rbb(ILxx zFtHzWmehqgCHcn%1G_`$YuzQ3rLU>`_~q~(U6a7aX8hH`Vx9f`tnuxGqmcn*f^q$b zVy8m6h5jq+SsvX&N#vOXg$*yH_thzr<^_p7h)LS3JgvxSk>8o{i?_RlaRPQd)z?d^MIs(4$v#R%e7gtK-uf zv=w8F>ORmI{UKXk=lC^`N_QwGu|LASaEVMSaJ!{*rKNDZ02nSh63xElDigPWf`Bf7TIC)j=M? zS$v~^YtWlD(l&cW2owzIsMSf~U^BC^ui6 zdb%I<+kbp*w?j_8ta^TZOPOr_P@44Cw-vfG68#Y!o6)E0Ytgf1y&31Tit$&-uF-d~ z>>7AK$gY7uKdM7^`PO*2lY7lW#pGfXuJluaIg)XEGKPFO8k5lOJrf;Sx&atnz#2+t zEo9L#HPIgTifaR?d#l&fz2%&#mF3YHS2u`?^!!AR?OM9ymRg- z=m$1-M<%ZxHuphz*=6Q9+QnAh6uw<^M|KWio$cYgRH}Dru3Xr8V>$A8KQ=EqHiTVQ z90)drwne6J4yQ}^pJ=bi=$dZLA78S1;{4<*w<0fl80*$ngAYxz+yDNf$VCIP&buPr zw`bpLZn@pQ>s=a7_3<9t<_n>=V)F3~o}VUP0L^=`>+oGNw&%%TP0VFF->G8!)Q*vxzzyOlX|N6>jhXJGT`s5Z}LqrKdm zw}QWfHDtbe-uf$Apx!_jxxvo&#!E-{q=VwGbm|d&*OyqDV)cwGp6mRB_LW0g`vsQN zRMhFL+pwPADkt>-^S7b3Doo#UU(mY;3{H!DXCfqsT#Jdd;K5vxw(poPJoryx z-wAK+>lhoy!mlN#Oahw&J>FvM2a9*H|11^nJ$&kO@yVG-Tb{T0H2Lt5F12tyJj_`t zAKWRz1D$H{K&N@-E3rMb4lsP-y@y8`cu0rKc2IvGhCVY^^bEbAXAaLo)HQy2U)_N# zU)!CYBjH2xkFW2(5xyj-8*k);?o)lulg3X`0zAc8A`9Aw77nu0dv zKX&Vfjjgq@w7QKoiu7>>v?%BA$I)G(=@*Y`GT$Y$=$jhv{gTPN3(Oj|1Urp9u;yLX z+>u2)^@jkEAW#2)w~9p$H4y4>U6XL#?orE~odo5=k#P%l5k1pE-^ zb)F95hhY5mGFK~aw;yi${5*O>wn+>JK+N!exJh;@YXZquahrAK8HCL7tiOQdP`lO!;RoeA7p$EYEM1~ z=K4WC2kL!FG%$}F8uH=K9G%9WdDxGC+UEeAzAY~PHvms`#NbPO4t&8Lkk8>8@Z9J- z-f14>JZVh~oS){oM|VD-L*1w7EBcK&e!t4e58mIPZ{W&rknXo^Kf~!ykdqR-M}7w3 z+<~9Le{bgReu*>8JWI$)!{cYwepMB>=X1`we{jd;zr`y|t7_wufjb1V2io@HI2eatTGXyf&EOktGw-AI&`~%^xo^Bb{`0x3gzPbEIJLFRG;FLo?Pc?_W|AyS=W>6ZNHFi z%e1ZjJJP6FvsIfq>ZkMJ90jp~$`8>|zN*^f=)cq1u+@tJV~z|F>$P>9T|esoC%9M0 z@>6T;&_4$@JZ|qIH~+f=8)l60mG9whA}@YS<$p_g#yJj4)A!(T(AVc#JP6n`47oJC ze2a9!b;+UXmL=VB=dWw!<$+LL(UAPB`|ly@9v-^i*4Uha`P&^NFIn_%`@<0J4wkj7 zx^2H7qV5@F?eOo0sCx!ki`lrlyz~wp(^)tNP7ZEYGJ2csU-ZHQp$CWNcg)`F>Tlo3 z;bCV(yVbqs{|RTqV(vtj{Ubfv$*1zI*d*Akqo(7lz=jQ#VLK={C^oHZ%pm)_VT}!R zU`IFOrJHYiMx>*CRrL{a<|(e$$YOV4IX-OT?)*54&dWSG9-?l{-tFqIo0j9Uq4hu@ zI+(wQq2JhM*jeZiH}59QO zu#Lp$-qU8EjXCE+KG+S|Wr`W@D8Hc^A7EFAc_(b=OJlnsL#@cr0<~{+{S5`@iNi+* z()ARkQMZB7^W>S+y_ zrY-HKsi&-BMH<)>wD-Gl2XM{tW%zDbzxS@t{xoYd))q0=@$tT3%a1>;b^hhel%KEo z4DCbce|-5cK9@HiVPErYsuOvpHoA-$>h08PS3B>kDXz0?82O&Zv4)w+8isG#zH#iw zlQYd4=7A+w&K$IcQ4E=UIPyKrARbS7URdX+tdBEIn_zAGfNP89=ExHrtLQr~Chcrs zl`YK=OJ|Pa-S4f5M~DZE)YruK25TzNmy1R@RUd}_cq2SH8sJmc96uIl*1IFzVeyaN zyFT7MP5q~XHSs>moYepNn)r(@oE_&oRS&D|+`2CE*dOc&UVX5me&RvF2~BsZ;(B)* z@mqVaW3XqGS0;fy)4!76tI_K@bB9yzTs2*161_UiwWbb!ul`1UuN_<``VQx+&r#?2 zLi)c7e;oYlrM*7dGUtWYBO~M8^Y-`zyB1yM%>NzbRql)Ijq3Yu`+YAt=(6DK4W|7I zJsym5<^+2d((DgXU-ZiVub7Fem(q9T?3YKzZSv0UDn9mW^hH`exOYMFp&W|^<)b!# zp96pa%fc(r+9WYZ~}Al!^xuYXs~6SrE!%B^HU9oQ3s`Nl^TYDfy6>T3Jv%I| zZ}Dg)4l0*cmGNl(rf8icTF-~pYtpp-4%;&=yJa4 C!^+XH?dL0dYE}ku%vT6C@ z5dTA8O{TA|HRsf2cME1n>(jDPCRRn`PkmFUuj(e}hb=f}F1y6*?`sRvSvDy@4AHqC zI@7x9EMOfzFF!2Fw(g$kWsT(Z_s7-W#1&=rH~!3m{f#}J?r(mZ{sv|Om^zornb)Lu zHWk~!*r=KQ{-y2jl?C|_v;L)gbNae;f1epnoAq1e!ig&mD>9A#zW&ed@5AY{!`Wjq z-QP7{e_vma&Nl03%f(Oq{dRwUp9QQs>&MK6#a=k`3hRX+YcksxKf<1L$IP#7U))d- z$8E%*$S%xEevZyjY+8_5qg}OvJ$ytsb^8?7?AY5e?Cn4box$tOz1b#@75)e1vCz4i1pFnQmRKCt z2k=fd{Z?Y}=20h2SK2l!JeKNg?xb8?MAu3`U1tHyyW=$%7Jds8AFLRwK{=dRdmCR4 z?-J}wijF%NJMwLroGRe){3l;?^9cbbM!9bvwekoLI?ko9d5&%}=a0Snz%*_<=xf0- zXZL|~5%z_6(;7VUxbwzuE-m8AMEG*HaJ=#RQE<+MHGsT(XXc_sxns3786^hGlj+Y; zUu`Ck0ma>F4;;JUIq?hMp~)MPfCm+d$qQ!Q-D!DgV&Qlng;$CZyn(%VyO)<`J9+q4 z(_W1JP@Jy+EShqYc>9=wQ$xO+f$rhxp>gP;@tnaJPHZ^m$Iv}*phKjG6rZiNNiVV4 zi_u4eVz|%^iks5dQJmt9^eHs#S5AAyM?}#ripz~JfNpe&kr&2yC_pR#x-NI0`;+ft zJi;sKiXG&s)mdcmPC7}k3OeUxV)W6K9uK|qDt4`$#gn%582K<`|4L%;hnul4|E%B| zo}-U)VHuwDUNR$I1>m`NK392LN5W&)FGg>)246I1z71Z!zJ1EZV49c{AFLM}Tp2WN zBNJZRPvI++Zy~qsUe=bvL*qo_Fmuj}JF$=#-HC<25uUntiJhGO`tB3xd*P=zL&X~& zw{Z(@{_@G>FQ07lmro&o`4n^Z$T9aBWalr}Sp(%hF}dh0FAjizK3;qB_vPm_Ub6X} z<;&rI^v>>KJqhGPF)vZ%qnG~fqkrX_S(IM9x5xGst26HCYp<8_`w`mI{Q_F!v<8Rw$R=3s;ZcrWpe}Y&D!LIq-sYqd86?|c@T;9CM=6{PWgfESp*|qf6&`v)2@bq%-ec7V>e)e#4 z;mj-m$CI-+da$d4*||&-(4;kkVsbS$V(_N5G1wy=?cq1h<3kZ=8{T92u$i)3pno&; zm+-xXZ;fU6(9Jw&a_wpy%z;+%4V)8KpsSD}#Q^p5U;e${2E(b}l!Q~Cn_RN6HpOyl*rFLHkM0nREd4miwtlQ*eIjf5E?=kJO_MZAnbyR*OsYd`~?~Uz#&UnKSzN%6oB9%+2N= zMZX=TSp2N{ted;KBO_b9`;xHza_F^dx9!lo6Q10~_by~_7r6znaTGf?u$%w8>Ff3A zp1aT~=;Z|O6X<5iMjy6;&TK~`;nYXfKjLnp~V3u}`%g)7dPOqY_xcul;@CC)}Y& zI4F1Xm6VIG! zrF^}y5qyZm+L9DqmLzgXIUp)=g_<@7SAYu`uh{k7T?zKT&@Mqgk*Ft1k)2iA`% zt1?f`rOYz=h`u`F;Ze{2g8EDJHrTrcmb$oj_MGazs`%Nn?6WqzUd_!rrasgBq&Y`+ zlje>Y)=x+d@dgeFypQsW(IrkdyUgxib+mai=jo&t=_GB^r zs+^bNwQL@h(Hh_qc+__&+@;*Kika2(cyL6^X4z7W@2f#K&R4EQlPl8)zm$5><&R$$ zj}TkEa_eP@1GM!R_%3i#Kl1oE+sDT_mXC8SAFUl7FQ>hkJR3(2w2{ud_lV9pz?yC8 z#O@hHC+}mt7p~`uPJSCdCw$4GlX4!Nue{gNSxVix9-SjwJ})}UuP}5X=4KJA>2mpiHFpb=Y?vuy!$2J9!I8CgioB$ub=fBMkQ;aU254gH|G zCRYxGXCv~Y`hqhQ3{USp^vvKqcIFHWu;S%KEia)*qa{BYiQGZ_a$f^h(OCR zXo=KoU)1E2)wi^TZftcIvP&( zz5osFMJ<0j9vb=@YIZ<_?wgCg6h6(_%F_eg;QuoCcjv)>ZE$G(ZQNYGJ{acVe+C$3 zHhwM_hS6gad~!d@%KcPV?mLN5{5*8T8S{yIEuPA6s&xwMmH3la)U4xNnPN`NodxhB zUgD6CHtg!LvHV7l#knt7dG5t8!E&bSTy(HUYn^!a6*a@q^_QO~o8>%gmI<$uE7kbg zqyw~0RzJ5!ju!0WGJB_1E`4gRi?!<+>)V*Q-1-M;TQHj5>Dpwm5_c@hhlo#)Gjms0 zcVK&IjCi!QMt)kmFEXshxfDK$PHbgo{?^Oh3w>MB=b}ma-{cGO^CL*PnhZbQm;gWU zKeh%ZzwY@SbuLkBc_a7mamHozLxHjD-MyPjlkogBJTZD)V|NG`YkI8>pOf3p_$wz^ zomZ4c=S@Oy@m_5m<^Be(DYZ|bxp*;a8J#;dx}9e#Bi;V5_2@2s_ZIPgs=G!mg=dl% z^BleJ)Isn2;OqO~D>l2cc>5RD5A99r%)lbXiTXu8 zSglj`ads{=23y$ffh}T9D*!I0sZokUT&E@Q2@^0}6#qq34 z?gwT+@-aJr?M_?rGc-*O?L0|8a;DbJg#?TQF{CCp4D}V$DY$o9JK2m|_+rL4?H{=u zT#zZ9=~lU{`xvRKeIMcZ?6hym{dA_adEy=JJRrI7 z*5=QmqZo5%y*B@?ndi>DHuvKxUKCoJ2ar$k!oRN1t$Q|W^V~Xx*5)T6^^j-meEeUkPWx4_1E28DDYxxyw7di6`viJURb$*Lojvs59&2z&sebQqN|X z``2Y}Xx|2#_SujxCe*JlwbziYR~H^!&v)jaaJ~0#Xh$xm`P=iw7UtHITzn1wq;c!X z#4G#Drr-O{ANb#EJv$K5nNZGyZYDof{Rs9&IM0Niye&9Yx%z(Z`M4BonC4$S`KcSH zRx9REXPnx7x~5|n=K=@VA0^(Nb&|1JOzb^#r|~zBaOTa2&eq6v$%LcBJiWgl{oeDX za4+;h;kO}xZCK(|-3pyMu>WCZX_mMen`A+s};9re$KYR5%>d!w|0l(umE?xP#_60wZhVda_bk<*U zFmwTNk&_qC>Ij~nZddb!{1ei-YUiHwPn-7cGwoe-ursp4v?rRhUm`vvRyZc+P<_@2 z-nv&zxD<0%AapKm1d3;IFLjqk8-8jt7n!y03hBA)lEOEJty5{~`vUDLXN@@vJHn~i zCHmB6gKcvubByhq2zG(Sv*3Jtl`9uUkHj)#Rda7ej(mAKE$}1FH`y|#yk#Cgx%00p zm!G{$UA)yNuZPhO+rwRI3oZB8%5Mg;x`JEdVe0 zZt%i)V(`LuvdH39u%B0C+Q{nXxh{UHuYSHC{M7FGYHtPY;qyQ@)lByDefeO%?;{VT z>WT07i0{kc`-SjoF??T^X*-wiznSRD@t@vKd&`u^ka$7HjiC=a&d`UQR+#VSELT3f zL43y+5*SCZh@uub+5dCBLg}rI;!q!}8@hT_}vZHJp zS@OWVD*RMm_|3NRaJSlHAH>Y3qn(;By)nQU8s>@m!t+GHu4!|}u;71-wdxt`r_X<7 z>j3{cEXJB9Jtte6#;ota)xp={Uw5f5u!Xv`z6;skIwKZmO;POZ`LN*!b8Gp4yEfHx z^QmFjgqx$W^8)?}cbDUudX^kO&dfxipI+F6aZN8;In{DV}v!2YUlMlW(uQdJ8J1?Kf zS;~6E;27e}hkPcYvjQ1WK1Rb!=BZp>jukJp=B7V};-z;V8f&FNbp3|A!t&u7vwqOr zI;`umc=>|@yo}lN!_YCP&1VX4tc`mmvi%)$seyZxz6oZ8lN6#wvqXZ;deeBc>Oi-lt%}2;5=f=@nn} zJLr?F?XYJ>wWd~XZ|=IMp2`*P|HXUIzpU}~PH`R%cY3wao_vxHF@K8Z`7S&)x&axM zE--l%DIWrcbh+2&zXD4!(t@QJBlH~ehMRkoJnz`q+{b|Kkl*No=zo<{TP6BU|D$tL zy5B1fe(=!b6ZYfJJdsL3pYrG@D5F@y1bt-oFyTezWyH&&FP^aDUHya2^n3A1&xi3` zIWIi?J-p?++%7&aw+VA990{IA8`?wD}6+0?l2)xO;lh)|hbo=7V zwmdl`h92TGoh1C6Uo;j5Y3 zbK(-gE0d!SetYGsxzpn~{m@6>DbA2Rq%OUaZ}R6F+d=%1=zHxMn;d<WAc-H^aD&1?A^E}HRimus*zIExt7s?oyAJq6iM~AUpLnrHz2gS3P zoC3&9CC|lw`9_s{YTan3>f`qP0p1(`CuJ1Be#;2`z8OBxsx)o)6CvHWpr*FyCJoYJ1T^W#<$89TU}s$p}^E`#@VqTD zE%}uniEf@T|1bx46$gBG2TB$`7C051<81CYrTo;trC;w0I1ha8N^D>55!~7Q zF9$<`lAZFW6R(I}U;4bc;}pJ`xqo`{Uw>nHskV3Pt}0~3=+wF@U(C#4omw}=wI5G! zUP8RE%TvLa#D1^7|K1NPFmFg$__d8KnhR^AA4c8KFb+@559203jBP{H)Ry+oWz%G0 zi=kn599FAFb>;1A-ORA^btQlYKG*8my06@H97Oq*|JS_cgDW*KuzIzGYNp*_lC-TTSB`xNq3u6|$+8;X~8 z)=%K4EsFkrm-upqx@+>tu;yOH(`pT3|j^}i>-fAxcG`E_wG+^3m)%X~6V+ez%=Gu6%9Tb8Now@o#tnb-pQW6<1;tYB;4 zbF^!XjoiCMpH*PX$yPUGhcRVn&$^p&Fzt1A{pGhSwHEYb;7;}&%$yI;?}qmps|nug zZYjwc_Ez;!HoV8%v4*!9+tt4}DLS+6$tv1ArQ`iW-;;F{xM;tzc--UHh48H*uTApn zg~}@U_T57T-YbN+wXH*^oeh4PR(bE(52*xBrS?UDC7W1rrR<*@|7{{TYJVm937xX1 zzT)3IH2dGQvEba(S^M9)eP+fleW^P#jDMuW`bQYk(Gs7}0-dLLgjVA7voM_2>zc5`3C zvOIT$?HyKQ?g(3m{#oG+z9Xz2dCbjIT@_BHDzJ;|v5URj+;gbUe&!DEjxfsno-)i4 z;KrC36-wDp|YEqB{( zvxI zu$!(WFZW!Y$wuZ~zWc%cmNMEm&ggP}%V(@uAACI~A8Al)1nqt1xgQMK%eo&7IrQ!a zTQ|aaSoss}KHLMIzXKX_e84N%>%9iw+er63Ex3M{wNJi!Wm$gU?0V8K3Hqns$odp; zo{~JkJ_2jQowo$sd%NtKYbRq`>$bbs**m|?`B2*3whCS|w@5w|<8l(cbjt|0?&5Jy zS7I6dBw*#k%^N@c-}8LH+4z||zi49}ZDjfS=}*RWnm=h@Kl1QDx%2D!tIs~y_PsYF zKa;|#x41Hne)!+bwcX7<4Q9PcA3Y9#to}*UESd25_Z8mzee~wsBYh(Lv@ZTy4gAZE ztB@{&Us1+xFE&gcV>_Ft_Ur_@%IM4mlv!xjs42y)%g3b{Pyd}?kCbtyOJip?I?c?B z?wwzg$T_1i-ixg1-IVWU$|AZeWiobH*(9y%+r zmc1}^W;*{ix>N8%fw1vKGgjR@zoZk8M|ihW`|{qJUpUQGfAVeWjmH1Oxfb0w6X*Q1 zp2?RS((`=zw^eUByyiZK>bKNN|#I6Fq z_<5;fCA0K1IKJQI3w?_IDAxRIViWSp|1Y~G|2g}T#1*IS2t;>z{>2#ms8~+z31~k2 zbME^3!Ha*vyxWmXd}{XiO%f2AB$qMZ)tzS z>}8Zne^H;iv9MXpIxVk!eHVECIoBU^>+LzZzW%{?s>j)j(td<&RM{?_!PUtScg^%; z_f}xv>MnKdO|7%{m5SGkh*J}v6`vepZbff(DQ2z0{#HziV&e2mt zc!MjWNASBSmIFSLm)SYR{^wPf@IPPwww-U++0^y#GYj@{;y?4%30OZd_xxnl5iZya z#&)RSJ~(qfs1L`{;Fu5IHhT`y9Y2{p_TSLIW-kI59UD25dnb3y*Wa)SKDv1f1Y7+Z zoQf^ahdoYgpf2shqfZZxqrBlk-3)W5pzI&P)ZUPvcQ1|4kJn-A_szx2+ru?6qR6G! z2R{RjUr*>h2gPrwt$mF*RPWn3ty*)ymqZ8t$VJ4!$j_CJCo#L<>gtLNPXz1l3iM0* zE+eCNvg?>VQDVD1T=xrCVz|sY4tdg<4KwF37RcX~O!uYq(Mac!>H>JSd1p3&l`B72 z6~HrKeLw7}4yt2(Y{=0!IWxliY()PQczw6>rz!VHR$N7JOivg=*(A!5ouqJECvM*EF?*7E*EKF9QJ@b8N4Dr$+p6zDp+@%7!& z7Z~Tm$@Q&u{|MJF^mw`Tuf0H@@vPYQZpQTNcUp^h^=6ck>qYrWBedJ-q?FT2c=T>T zuWZJay$^eMJ?~`W3cu}=kwBO5mrWak2cB&lKMB6=;Mw4$zHu=*K^o|v`cO-Bxs#rE zdY6&^1ODs0bMG?V_wjzIllmaf1YhTQchjccX}(Z7^wa*t9$@c<&+UBQ%Xg%>CAtEi zkXLU7b_#7qSHj=byg$JA{d_;f_oGf~;4vpP&+<41?jM)@Y{!SQkTTCWDekW1{+t;H z;|JjPIA^EM1joR=6K2h0h^4TB*Eu2#~_Xg^JVkP*D3++slgWDl^*v&UICuZ`! zSNqAF_nFP}IZn!p%X|b`(D^yVDQm6MFSyOO9HgzL$C)GLr`J4a}SNi zF6>`g*yN8YKuf^hMR8WJ`<$NFbdKBL{VNNb^O6N%mnH0Z%N+R@Z#Lp@@b5oxPB0x8 zBU^nR{{A-Bbj)8#SJw|a`2@157n4QoF?MLHHDszF^GA*42Gr{`H9LX%j!iJJ}V_%#+_Nv;LON+y~4P?CBi`26k6k zccp!h;Az&#l+il*1o}WWP7r%~JAI&WnzK)nhT+$L-#Dc8MP{w!x1nX9=WW}{$~rIS z`d+8Ttnt7@Huv#9r)5C8DHv#JRGEq3(^yxtgSD^Dh8VsCh<%Hdr1zO;C_j>sW3v{@ zi|gMQTr;*sl-N(@r1N4-eZKgUThZAUNH4-`lM4ktDvz6qlOv8r@k5%g+1IL8&Orx1 zRBMpEzXCXvrT3mQ?Q1>mUqk-6{Q7#g)1&z9j&`R<{JIl<;rp+~&p%%=o#Iz9XYncr z@9pK~(>n~GGI7qWkyWopgU)Hz)~CfIofnV{h)1$N<=@kN?`kI+44)>i(d&jcgZKKf z+B=-)Nv19LY@OC&qd8X>Y-weEkSjy-B`IE4@xmI*8iUBv!@3VwaoFgbYWyTsnsZ+V zFU}6U&Rt`#TYEhVhuB4~4aU6&ub(V#Qac7QxYu?kD zssX-(_FKQ@FVP3SCqq5xi{O-G{I-lAxRv;)y0<7!P3Pn;ObSNFgw@qYxbLJ=zoFp> z{$IrhYJIG8Z5_0xFd^o)Qv zh^Q!xKdZVytJ2;gUb+l1@8`SD-c_egSLXsaf4tB8M?F<_&c3X@ZhP&u*IxS#+{f;6 zOsBg~+p9Rq6nv=P;hD;-jW4Y%dynCsI50^UVUGwVaAkRGGSn4Z6M;*%h~Sbvt+l)0 z!9M@G>I;WjFVAq#^AT8R>jAA0^30R^eB9k;1kD!aKu#T8&9( zhvs`6CpF$N_vY@xm%cD^-hrX0sly0JZ~v0+nr9BaJ)p=Z;>XNq4;jS3D1 z=zj5l`r91AGkCjSIl|mH?v+1SzGzQN-A|)7(`pl&%;3Z2gC7az#>G&sKt?aY@-ygfF7t8=f# zr$GN&@{ZV;oV<#U>@4{R^0JH$4p)-bYh8Y5=J~@>d6iFAaHRfn#N-xx0gww?uJM(OHUDIuf4^7oI{q7dSslw|3T5s_sJf$@n0I=cr(w5OJzPe z{Uy6=2|Z4%{b6?xlkv650lb7xte0<4x;`^LIIQ->XDf#Ef5Xm4p;xk#L)q9A^nXLN z%kV7Evn=wW-=75+iKc7L!oP7ic@3FkjTHUm;1Ahm@_Bi=#7FbqIS!U@QdjL~secQ7WJj~^(E6Tdn%lSY z3>i}HV~ckaFUV#vzdkgw^&Mp|Oa!9WJ@NTI6+3(7`Rpz5S(Ik#PxfDsX!(+O^l{=S zbQa`2e%$b+#x1&RX55ZHj@e&nzAwes%f3>5o1+J@8{%-^RE)(dwWIn$QwWpy6_)vh zx>NhLmnz?c;zoLwA;%GXNC#$Hc)lFjVV+5_rrb(Snx19QU?n`cl3aYm6e!PUW(oM= ze`@R_&ng#O9^Bwl7?)p}Y*c<%#f97^`YolL=x60=n|HbHWcx$B%go`-Q#1L5+GvM4 zu?fH7#p01|;hZ#?--3f&a$!z8+DctMES#Tsra8&lZ64bGLE6hNhBxQY<^uNERIhtz zV`f2^|1Gz@Nqdv5bC}~IW0nn<9psLboch~8^dNEk@0AVN?fOe6hwfkK`s+wOg+1JU zf%;1)$6*KWce(Qy^$*tHwdaO$3Nz6CH+=C%a;e<9_PGc>e`VN z@3e^H>)JO}hF`i^^!VW<{4DcC_v+obHSG2OjE}}OCtz)tI7jEnqjsU{JVYJ%pbNWk z6+X)W@9)$5)x00Y`x^$n-^2T!8=AVZbKn8m`wa9Eo|L;c-*)ZSg+D)E>HWW|J>GlV z{)?N-^zO^N)3@GB=KoD?5i^qtQqyysIgi8s3ALp&<_p2KV(OL;EYqek%W32A=yUL8 z4rpV&-nTS$<$lAv-%yU2hVKHC&U!fcI9SIWzaQs+Uhm;I>uZ^73*9fNInh!f7aQ=5^2jcwyeP9<{4eEEPgKNP+xc-LsJqw`q^pMu4Lm$yu~-wmfv$R0B&d3>K?JhqJKSkbfK^OM&ilTSZwj)2Y;#d`}oi(}(na0`Dc?oU@Me;(ffwFWDt~ zK<(w>Kj}(jvd`e9uODmt8b@KnZKC6D{&(_G`CV!s8^_Z(x<>QQygl+d^s4PaT3ZXO zEtAQ^lU7Yb2g_DT!5>ynvgqStu)$Wib*07J(eKCA@8~9zYt6~|#rV2tH{>POYHer0 zOX1nWTAM>cUyAlEv{o2w4)J!&Ne?M!WjQ}-ygF0+70wf?zmDWj;MLn5uTF$l2i}nr z=he9`ej?uXQ;eZ({~X(k7#;2T{5JG)(l>t0`QESfaM0*|6&jD-XE2fR!#C-+FYVQu z2wU`gvqh_#3hx46{x^7o&I8vIY9mV5*s@9Xe>8m%d!FiHP=oOS)1UsIIg ze^oEEoz65n+k7z1@+S`E?itSO#>VGkd75-?o491zih@=BOlHlXwFJ+)7-!efVEHVt zh(B0=kaMBrv(^4)Uh<~-WCF52BIpwTq$I!m*7?;k+phVn{j$TfpOwYF>%qP&hZ)-r zd#?xkPWbho9?fy^O9np4wTx-k{Sg--Tb8@FW@vlrZ^M|3e-WI>TMi$S))+^g47!wy zDR*mVt7(l?E7)#zw%Yi)U8%9d&M{vC&&*b%5A7TLS#)Er^!o;tY_c8x&a39L%J!9V zYWF8YS6$ECs5O($vkCU}uEhQW#dg_;Kz=Hn*wmT$x#_bL{Am8l3t#Y*$-rUD5U{`A z(G~sKB|A28W7F0wbIQ+UYtXOl&CPW5n^&S=9{R~2Z1k&1?0;vGe&PKmj($&hT`7Ix z_0rZZba{-1@+qsWKrqgOSLoC5(d_Wy&jnECz!{X`oT+GdhpYF3p4|{WvwVr7t8CCY zVf}Pe_TcwaIuI!2$f@9g=eUbL6JFB}WLZ>yhKn zTOU|%-PA#RkZz7OK3R|KAR~9n&IS&Aqg~3WDn0Mzg0+qD+a}gVYDau#b1Z##sqY!! zhB*QFr(^qiIKz2`GP_g;eJb2M?O;})iZM;&uhM#TB>X9OlsEES6ZpLWcsH;{aQ?#~ z#EVRGw7pgB%@Hmqty&4qZO)>u&XaM+tJ81c{$eGX7w>9_(fe6oGuac36rY1lkv=J? zKi~B$n8n|Mx5eSh><`7qMC=dwiZqrF0;j$;pJ?o=KiZGY^MbR-Rz!T_s&kpf$ox8B zjQC-0Esn92Yc>@*4=ujF$?u)U#_09Z+tfbsKDjDlHiT!hxvTqj!GFUUub#=bqjgQL z3SA(5R8>As&wta^R#n)RctdM3{ufgCUvrL*wfKb8PHlAJ#WwXa_~ z`>1wzUl_(Y#_P=W>-AV2XN#82KUs9E=`ZZnc>A{v(!QUwe*Pe1j@65wU+HY)-bROa zJHx{K*^6Beg;~DGo_e0o^8WeHI{&=RWnH#6&3P^5Ue?)%o|)hi+hPRxHs2!8Y+Zr9 zrFHoZ&J%PbKX*Zz+X-|8<&JHtK7CDRV3K zy+2=qJ)Y*whV2*mvoY{qeu2$(TV(TVPsMC5`uWh6$lP&`%hT|q&@etW8wWZx!8w_4 zF_uTLGo+IxlZ?yu3@tADR^|uYD^tZ9r6%HI;J4XV!iQ_;7mTsh`5T^5JE|+4u6Yi+ zJYE&lYi(_F73JQ*?>s&O)lUIO>c(Jk3LmrZXf}}6Ma+BJpG(R9J!|Dya1j# z*An9S%>Ew&gLp?gROFq-f#DMy5Z_8QIhW8Etf74D*H*^g%G@YC%XW~TN;nn`I@yDg zFM(JH;^qdQ3;i8YaXg#P6nNL44&5{tLVMkj2VU-FomYMql5(q5ZUlY9D+73hxsvr+ zcz&v?oJVd0X3rzN?QV}2wbUsR{a202Av zXFXC!$;TJRWnOl#vqg@E%bQ%R3h`D0#+4dmTql~3Zvg$u&dHRSL| zeR%yy{5i>X?U}N-Sx|1W=b87T{mOrZuY`3A`T3ZqdYPB*WG~a_^RYc!{2=njnoo98 zrFq2sPi6DSJ{Jca-Dgx>O)qktSs2L=gfF0&A81|EZ5yC-R`UotO?HmXXx&B*2h(5Z zD#;z|qp`NmnvK1S+@>xiKTv(pm7W~DS32|n`1%#|#wU~?=-`{n^8=x0@|0D6AkAsg zFS5H+ll#AMm@%5(pzmA3H##buGh_LIqWF{CUF+^tkB(LFk6wuE^Zl`CTe18=@wO7h zTtlV3PPMTz+D0rtP`r(7F~?AO8&^czh~)>0x3RC7W2n51XWtW!XsHl`GF43)QWaJKY}%&xQCX&&v~Uqm*N)yp3#G8|N3}C7o_9qf05rPJjW<#2p0+D0r-Q5+wBo;ZAeEVcpJ$<~KChGy?QG%&{y??3Qb z@Qw|kduzh@ok)%$=uxtDOwX0!(9aX`@o#XjAFXaF$53h9qJK0FH$Ki%j-gT=>4%nL zf2Djh@w%lPL#4W9`x~q$eXc{TF?M3_`MYHj+yYrs$-~Bdl z;p~qzHd2ayy`Re8Op-pU)@;$z`&gED7+%j*ac+w9xf#yp%6G$>&SK)b?u)@vb#z!b+r&Bca=b<3^X0pV z!(;L9k~i!ZFJrb(C_WelUckxvM^Ehjrm=@Ow^P~2Ql_)YeJrI|e)(7~h1QkuUhZQl z)u~iA>+O5VL5No8F^x$n^oOeUT&O zPgZ^$a$s0J{BP#xl8oh(VOy+CEyl)l2V-5$S!p}RDL)KtEd=+`GyQg^jB-!Zv4(Cg z?GKBeHBa=yzeWS*f?d%wHio-o-w`9t=5jv|9T&w%7m=a?*(If2bElk>^VllJ~U zALOhjej8-C?5t<2TRSsn%ePa0*3-#=e`oWVJ0lu^mp6eI`FqhD$p6*-zd-L-lBIoa z?u+`0qxH1USgBsZ(SNXdt@sow)$?+==j-Byi0lIA?=Fb(0eJQFFWLg=F69j<$`8J- z+2r}Lb78#Gyr4Nk|E2FzJOg+4DmJ1l*9!d|JO#RfBkxzQ9j08hB^sB-1a!Y7#BFg*Pb@0)plUr<=jv&@t5{(Vh_ z|N0{PBD@m}DkooQ{zdxy6EGj*`$$me*p=9yc`zvaov-&Gc?!>}P%oKa&6>d1&iCj9 zzCY@92Zd$6UN<@IsAsks{hN<(e1g0bl%L4=BtF04tmg}yseUYkMQ|Ey-$tjfhk2le zvQra<{B*u&Bnr0xzpcwPp1TrV+2upJ-bDROy~@p1Y|@t8GmK*vaLvI=oiw~r@dIl2 zV)88IpP~IZltZUo%bu6^jcu*1et!cGNZxjlAHQwv-X6-GrMBnM|Gc@JkEPw3xpwYY zeNE%;;`}b2-Njwu$cN%Fv^Q?;>%1-f=O$g$2w#oW8R=A_cBSG_Kh61S8|NL2dAsgPPyY>uVXvKd%h4xKnYV5n9@m)=YU%wHa?!BbJ zaJvy$6#uz?cw_EG#aNf%At(@g0-gkk+M;1PNGk1Sw)8?aJN za-dzU2dV&F%W-YUM>s?cTy&I(@)>{kqz{%3*gA`$76lyEbS%kepk% zi1W(C-xdyx=QsBg5*HSYFD|n!cHo22{>qW=^0T%%`pa*j-;K;woL$D}v+@9I2K94b z!|+DNx-tX&I{&2jJHea16Co0ALrBdn|Nk)=xZw6{1@~IG|bF`XBQ_5dHBW7>5F&g0Iztr znQ!s#yb$gd=s5zo)pl-H6Yqg@4)lk2@xc|MJgfXkJ@e?F_v-Uh`q%f3Cxh#H@I`&_ z)F`=TjE&-l96HAE_AqiM-4d7m<;>a0zV>T2`PdQKTuPgYPgZ@eqh8NG^Kt2@t>}jC zP)GftH=?6z;5Bey=UKpk$^LYn%?Jvf_R>)rlkKO}KrgR=H zkbigzw#aR9TV&mJd(&-W_*}9#-OP9MC3|-~EnPEa?|Y>OoE;*+l+ke)JbG7C;XAKK z4>Vu0w#*KhHEiAS+94wkzd}2t+SwtD5j$jEYHriPnnCQ49l$EsQ<9xE$fop9xgE0Z z71$v~`I6mqlea^XqswDzUx6L6O1N$T*P`c?{~bGID7-$H9da@7RJ23jhnH=KsO|~c zA=4ck1MCpm8q5y4$?XXpiP0x+hn!5?XM3LSYbspx(yM5Pz`JILM0hrChy0%09pc%g zS(SVftTb8KmFJ?$fuE`9)b8)T32i9G%Gt}+{B`;e}|Y>+m5A@9aUH(o%e_x<_!Y>;m33gsFd;0qb$ zY!JqX4Z``7R>jO&{!sZtw0@8JLpA`f`u_PC;I3?kbiG_V1fSb)qwDRW9nxH`dtQk@ zWTEi=4EPpJ@tgc__(OU=H@F=#9e66)A>xUbYlm3f6SPCB9UO5xL~VIHWB`4<9TKBY z+z$C2IX|NQkhj6JC+ZJrgMUZDj|2Q6@UQHUINvJXKk5_N4-Del2KYAO6Y0vq2iPKA z;)xu3#&CBx-_g0u%RjbAnV+5ZCP)sJGq*%^REB-J8N=t2 z{-XZr#tuo2?Y{y2H<%r=Mfq4F^6-l7kWttncfY+0JEZFXc*73qI#D|$&S%~i^1gr7 zxu;g9eIcW;Ll_%&NQrMGr{WjKKb7o|a~F258)0$_SW&$WUCa%r*pF0d!Ksz_LTB9$zQ`*iheo#G#^zv zRjdm~utwxwmOStAX@4Y0-0^JmPMss&!??fZ6z;F#4x6@N?U|WDLGkoaoELp8_$zzx zPiC8W-%PvJYI{iEPS)zR$YPdf9X0IN$VcY(b4Ed<%uIY!_@{39@sVxM*JJN$pOR-i z@U?Pt_fA!R#5v64KYB`SE8q8yHr*3(`vq;Bg;V^07XRNhMXv+q7a{={3yx~XZOmqox;8zc~;4_ znkLt(+N&N0ETgsO_db^sDva+>`8?kEBz4xI(m4GdW`_8!!|Tg&BY599Td@iQaq4C5 zANN3m3U#$_uDe5r>+VkYP;}VrbhGxnEhdNd6UvRq-esQh9^O3VaP)!nw&rQhZz8 z_d4feGJi1b+{}8>@}1L;`XBPbKR$hx#?8B)nx;bU)CgUZqU#qfsDh^jr)c8&LFX>S z4iGdLF)h0lACva~S(W?tWyk2f5qTc3S_P z{9fe*g7}f9Ag3Z19A>U`xk!p zxjp&A>)(SMg}MDKS0R4x{B-z{GWiLjd8(Y|ywCDJ1HOhsbLA+?^Gt1418d6DoM$Sd zd!~Oi>CiUCXDJ_`@>cu$zu@`t!s~hU$=%v-FTpJSw47Gs1#6g7*y69DGj_b4(UN^& zaPsT`y6Pg%lwHKxkpslF?SAo$2I}pRPh5I-g*)%4Gnaz@^w$6*yr>-84-@C79B4Xc zpNH-~&y?@i@7RlX|4ej85U zvVqaM&jMk&(U^^ z^8z}%XCb+|eC`JBFnb2pPqD+at1*T~+{sB_2*Jg=#6M?hP8UL73V$=GDe>CE*C z=3~VLYEMrxlBW!3po%)91^&@K7&>GT_ORt55-w6Y=d+J9K@&LJ!*lIf*f~JxgWfV7 z@!m<$iSsX;=tFwa`hb6}4`ij*_8{R8`q0|Q`k3Q#kb+jjy9c9`z*Oqb+%^P1v)qUI`&OBk$WLe8S=OkCXXebD`&(epW^en4zAaS znyg>zNS%ev-|V;^k`Sk~e*x>gxm_I=5o@&DoW`zJHAmGS)Wf=oTJA_?P*dv%sT@&@l%eme2J%_oum ze@454r*YJwZNiiArT^0N@FTH*iT&ARvRydpp}!)IsvV9-4UVHyjBh!9qGw5odo9=< z_SigT&$x3TVJr`4KhVcsF4E|cJJAv0yYS8s{D_}wSv#e8KIsZ#mt>nu7i!MQP6FTX zR4;M;Eh|dpE}`7ykwN_jC?{RK0(xlvQB0j;QDrAwG>SRd>AcO*P%>tBgfBz}P72O{ z3;&JQU+Ae;?+V#$|mfUveb>Z?xYi?xi!-r>k>M-M&Qe%s{k` zY?qwDRNmK-Hre_Ka`y)9vhybg%fF=D_&hhcJd#x0V3K<#(ILs;DeoJRtq_mLmEE5n z(t4Zd^i}k$@-jf{QjRCyr#|CyJP{vU%<;r;(IiLQ=zR2~?m9Fcak&g~8^fG38bb88N;$22w@FK7KyH;rl!)?G(F;6^ep97($Ew}_LE9zIquPDQ+7+EnVm^hxn7ftJKZ+C4OMNNsv-V?;Zm;{;knN2B zp!PJ#Po=qXTy9s;m>EHiAjMPn8h*lUIcpcRPeS&&qlxv(KD!$tDj%8~)UWix9LhES?m+*750ldQ!vuAT^vb0u8!DubMlX>fE_ubg->GkPYb}oi7--`$g)L z11`L)w#3t{C%=Dqed&L?`|7 z8=OZozKPPo_{q&bweKHxZ}!1EPQUNX%!}BvS#)OYQ$r7CAG_o9ueoQn$SwRcZa4q! zJ$39H{F;alfw~_69`RQ(=PS=X?d0wn~`0jCC>Vl++aR#~rRZ7{G&C+sk&-xp=|9;?hvAl#j+_oV86Y z^j5vvVT#Kd$jhFuzI&JWs&qcb!>Bd7*5gkY96u$;*_Sx;uQd}fUfBKN-Ac+^p}Up1 zpU&w|`Idgh$6!{Rt>hZ}g!$caf=kZ`=2L|u=&4+_nh)af-a3nkt1@RS9~usy@lLwi)~CpLG!|I;o_U`3p$mD?;k7U)QuH~w)b(8F z=A&{cAJvZTNqgsCe9NL0LB~gGKbD%9x^c{S;5bM9mF4H7-){p8Fd^d+xos|wkFSU? zcsvCUzf63ce0Y+_`iYytEA&--C?b0e|d@&lxV}`flFcN0|rt zeuy&Nr?uy{2ZeLsRQ_b{AId$P||&dRSLmb)$09-Pw3T@lz{r?t-39VFVvQoaQ% zw?5Ubw&w9Xw_$!Ga&caYcP1CK)3bhlW6zOcjagvaOBu@v0srLgo2&auA9&KWqc)_Y zG@mL*r-wHq7?RcP!I=(*DXp`o>8!(6@YW43XlE1WtCg=xwu8QH{IoZhacLAHelv+E|!?V8VcHNUE_)D(2U7Wzd8q$#KUF|%DJCCnyL z-{aw(+!pMP#K?onRgvSJY@9N@CWp5NXS@E-X`QW{#I_$w{p?0){a8@=ykH?WuWU@^ zQv4r2Iq+D09=0H`)Nxiu@y@{1Uah{`g2Hv^48i_il+_$#If5S>`gQ3v%c%uC$dIkA zJdLt#z zug&9VO^73C6Xw;T&F|8t;b0Bz-bV~QH1c@=BD`UF(zdb=^*M~0XQcnE&O^hE&%TO3 zRk4UG;(YedMU6dooMe15Pg761VN>cK zAKPZ;0F6m)?4b?COXpXMuH;#KE~eKg^BI+S4x4yovTMHUyU1_dBie%tU0)Zs&L#og zr#ns#>L2vu1GXd2z|-RQX3EZWW#8F4`@_JM8j7vB5}ZOm#%^AdH z+V?Ygn@QW?Eh+;eRdy!*!v97m{8p-?IA>3%DBq1zd3dizi?#hQuY6fpzvA7uQ5k;@q>~#cvH{WUtJ`7S)cro zlNv)_9oZgS>Ui~it+Tt})eiVmI!kM8&Xjh^x2O7La8N(m≪(Y+}llWQMjccWqzQ zI{P`=zJ|6_uI)IipP&uRFB+HO7QamH$h#Vq6K|G-A-8^%>5=WqwYcG8(<71@tF!*% zMtGE%ce+wHy;UhKw`X)us#-i5@;Y=eUHPj!*`IAYw>^5lU+x!_ zxi~o3LK)3X=68|JqIs+e8R0#4B6|zWVWZjiK>tWTJO^B||8rH=#}?Lxjn@sL` zzhp-6sE+OfsdIE|b2QPqU%EiPMDey_k^G&--1FEEZ#^JeM|&G9xLfDV{8k@7u3}w5 zd!i+|&VdJ*bWbF-OmjD6i^Eqs`F_?~m$6T^q`&UE>l=`PJ=*Jx(opgh!o8&5)9?e} zOV9q(`ninub*Cx)i3c=yX+CkfQ04BYoaQIp?fM=Pc9t zW#ORg-e%^@72rTJE!wKD&#N!y!7`XMSH@tvRppp#?7mr7cbmr3cDcr}N_SR7b%ENx zS?`-K-<#iN^1qTZa0AM$Q@dNqL(ukq?LBrG9pDY+4c-FY(|;cf~B4Lwoky%^S7n1dVZAif07t62UQ#@p1lF`2C35gGNz4lk9u^ zdYHtYcK}bOIVhxFN*;WIGD+$RzmhApeKBq4XE5#%#DAQ9yG8Vg@@O9W0bOAJ zv?xFPjqu3WOxG|U3oi6!sB5r2Jb#)k!MuE+o_%D;pPG{^@u&7{Jb(T>xlaV=slows zbQv#9AIJ+MRc^Y$VoW8=fa0=fW?WDJ(wEG*;jyWPq zJMn~v<^R&J(T;f|{o+w*r#Ytr?e+<7=AAI7j9?jAoI~U*E8>qi#PAoHLu%YUh5Yg< z<%%XRMhah(eB1ILDrP|M%5aL_j?&wYLp~%=?WU?@XTN_JvO4H+%fd0qM3Y7$x3;HSUwTidbewksBhKFW0q?VP4|7O)0Ex0}6>9*d88 zjLJxNY2JcA#KXIgC)qcqGr_&)qaq&AO)7`27V0SUS~GZ%?o>O1V-vhBUzYvn-13FI z*P2K2sqyIys2}sE-IxyzLl*1ddvurTiSNB{vlIRqjBh*JMAs|&r3=NEnzt1vAY88) z5!7EvzrvT`lAaLX2oBE&IqAR%--!P_-#h_KrVHW0GCH6ScQcn59cm(UKrdFJ!-Hz4 z20BRh$WbD}DTIln$dE9nei?m!jv2bfBFwI_Q5TI!O0i z6Z%!ob#(Z==zu;sfL;?k$4du|;YN*tIZA86+63?w<(~B(JfJmK8hVMId2}KKY5=sEHvYo4>YrnV0U4aneVsLiKjJ-*4;!=eDRO5yLXcbIUu3q8HiT>Cd(R;&dF&9y z9~JE#WG$*g%^nA?EIjA=xRqQ#g7w*<@Cq^~ShY^mvmf$IJedY>kMb=2;^mDZ4S>au_j(nQnwXu$S7+n0S?ROOGBHOAVMv4&+nRdOu$8Lgg` zUiG_8xImtx^s<;F%1GZCP0q3X+WT2+HpJQ8{A|EwUzuugyPc_7nXtRR774S8VU7d(imf;u+LpoEh`riN+uQ zsspjSJLAO?l zJ^n`PUj~gm{vczrJr8*QUy;)z&AR^}MO?*@_AnlW+)2c0vCmZKMQ7xb#E4W&=Sp|E zyARNHz1TX>%Z5TvNAEtEAlQIYxyO3JRWI{Js5ip(j$++Dd@kplC}U$n{w81-Sne-! zZ$IvM&~%^jLArYn+PR3)gLzT+!S?HR#GG867Ny{ruJ3jQ2O6pmanY55_a$3{&6Q$P%E)K?jeRaCAy)it_P z-e?PrE7BgCD=%QBdoMl*9eRmeMc|_#44)m@MZ27KeAyQ61*2?cxhuDlwJ&_oF+6zh z`=E#56`qU_#AD6G@+Lx_F+8-L)IOOQ8^gnM><n1D-7Z;`9j4X8@}o=k%t+ zx4^4%Wa(UBb`BqCWH}k@gTkr4Ts=C8a>{3Bc$*XA;~E!Zp!JvhbqBzc_Rj0b6*648 zZl=<&>>#g)c$c5rWY7KaO!#<`2Uj-w;v9M7G6)K@+EbpNl$IiB_>Fvc1;PGS`m+y6hl+(h)d z#yQE2v!&}#TCcNJFU4i_V_rn#La3?L2DN6Lk#)V$DaQ8 z*f<-M$89xbfZceEdt9}5I=L>wW5h{KCZ@=EY=+Vp#P@fu{|X4nTq*& zHLu(eFt32SXuM=u-_(oZNqtysK6kxZu59>8v8}A}Wy@GTR_$}AY)ukao(1hWi$7{v z(=ZGpmcI{98vu5p`Rnk^1GJv zOX+7LA9Sk9cH=MCoG+PYj%w#FurTJ9|AH~UggeOBt=PLm`OG-izk_^2cL*llceIV| z&#!MHCWkwyW-&h`$KeAT*DpVGC+%uK=f~2KwDZ!DKU_Tu#}RQ`e?jE?dh! z5}(V~?pO*8yG~uZQRAn4u7>lG_=dGdW^pdSD?g>;yqA#IC%yHuhEDaTe5b%8AE|VS z&f!V-;TJCmf4VzIXJ)n5ZE^FDd{ok5`SIWvcm#K?a%Q&hO$^GXd9OVT!Q3;Ee$iEL zrO*H7nZ{yxsiIBVx460y{6^k;X%uXQmsN)Bf@Q99_=#h^JrXoc71tku%m} z(b&F9bDEt|JI0(wE_K~sSkT;d;JaSV#>D2dvCL^>iEnEqo}#+X&ug+VHQslLCiIg| zj@$ci^SHfU))GZoyYx8cwM+ZI4-BEKjT>}cE0;Cews~zVbX&BS-{)vv(>_s-d$KFY z8vA0(@A1BV#W*N;gwAy<25ysR5}VWFvbK}lF6r*~?d?=w%31YFWQ`m)f*Dz3zm;!t z*;Ja-K2D!6OV%p1FWA%2h;gHD#_g>nYuC}A=-PeQ$r|M)Ye(9u$X9R%`3lbDoNQHl zx;tUE-(RrzGT3>_L(q#&sr&;^uwE(ow9o3#&$(&Q|gq+bd6kK33W_G{t*SZ7e>b0q=;4NE;Ce`=_*#`|0bAFVW!Ff@}r9D>Ja6bZ8`5lO}F2L93HyO-EfAsUVhOIben_sX2 zC7%}8N*s~mN<57_kv}^pJ%jOJQ>Nh`tt+)3r2GJ~Nh{&{T6ZtzV7OMlz};S2ACf=C z@sq6qdGGn+o~f+AMl)7yPBvbE%RzB`f=TLQ5o?^{(C$Rec3AmE2qnz%(&Ksap9v&1=N%zQ~DE!w}SEk1f z=Tkep{!;YGCFql(rccz~o@ww3?Wn!uY0LW&3ZGM4PkDRM{jog0%RD@y{V~oL7lsV8 z^V@|SAv z3~lV)3U6++e#ia&B)_&ySpzwO}FaLAf!ZBy@&&xL-aF#K%ymj_#Pa=L$ zx<_T&fMq)$UlxCDW~D28L+k8Ol+A1uoqu~<+1W7azW${@Z?iTw(#{?D2X;l;Npj9| zwQGm-mb-@$YtFj$P4HuWm(E%HxS)%|Si|M?ad>l|x7XEf7MN-&r?ZhyQ@?CX%o&;W zuKf+j2=BA&fy0k$8L-?1Zox^WI#w6|M5fKv-Pk(&2h_FvJovTk9uQ(mR=8M>A4-;i z<$n$_H@DFK9?hlT0zI%9zkzh0!OHtQ@4Y-It}_}#rZV4lZOC@iJv8|{_+C=Ez3-~* z65gv##U3sm*xrLGvly7b{T>JB*Y#{U&qNE_PZMXRTx;t8$lW|E(it3VaX7fOb@qP? zN94emCVg>3Q=wCN6n2#E0iCRKu+0Az^`V!xnqT?_CobWG`v%+Ra?Mn;7uUw$mCkcgY^@NdAO8PlNE+?<>Row8Qxy z{_OP79B6?o2uI+XwG;E>L+puw&(DL$VZya=4=p~#nW38<-xXzoeT2+bCllLRXR8i8 zP%oQSzAMqUShkI_+g;f^T4(=OI(H4{YuSUbd|5XpR?UUp@^eZK%vVSKs80LR(D2+I zywWAO>WJ5$_8-A2#au2R7h2ueTTahl%QDaG#-G<`bFyfI9<_O$aanw__)BqUHgB^I z17>)}Wd3X5Mz*W)qPS;`p;OP8+w(Kv(NW>KQcve!Md;l3&^sIdm3T|VYtVoUdd7h-cvjw{YhHPmNr zn#=uBODUgg!++`K0NKOJN2tD{w4DlVt$$#X-La!vK96>n%j~ub2ox-zuduOm4~6s9 zM!`N27~Py(N3Kh+8|HalckO1`U(f7ve0W#u>?!JZ0`OLtuNy>nV3#eV`Aaroe2#jZ z%3v>PP4ST9muay+cR2rz>|H|E2wZ><(fl%;suoo&8YK*<32K9$2>Wxz*Wc z&DdPaU0H0ednha0Z~zUd`xs-je#G0`;Q#HBcDiW?o6Y*f_PUsMI?x4g6whuW=6pnO z|4Q*H?PTfO&$S;@e}bzBPnaXa+QG*91n)Iov#nHaDSe_(G)gC5-E&w^9t z?_C?(J5ub3Y!03EuhiZ@sO)0it4-Nf3kSA$jmj(pCUAVOgY(E;lq=#0`)Q*aCw9~a zg$HjxVSkzZG^M_nhiWpiGU)u~?WgWhWj;o;pKbt7`ZW7#4?K}@FfRa>`iT7m4x%)z zax@j)WIt`Hs$f4gGd_)JJAK^c+MUOLa9d_SH9Pz11jps=r>}el`zbay(Y;DIo(Bxj z%j_qf4bd}fD*2Xb6TrgQ2iQ;0HpRK>qW!cXVn5M_>UjG}YkB6vMZ_nS>?eMk{ls`S zbAGvQa5~+ib*IC5U(tSwjm7LI2b26_!e7yTqK^YD*iX-3KMBtd9@~EUJDX!i4*x3l zQ*n+xG5e_u?u56WVsM-N1irr9?{vy6a0kDa*-z`SpTOsZDQ7=voY+sFzTxJ`LVob81X7C=F%6a>V{;mc$<_7^UW?EwLkt_LHOYuOf8r zTYvoaQ<>eo>x68mGFtEOHdKt(lD9G&3cBXd-?5RH zJWa*N=4`0jp_R_j$cDPvt!W-XM{1roUqV!$U`LodaAwYIr}Y(VC;E!g^~b~zs(;Tb zaoZ`U7{lm%G=V<2DD44#yRpgPvBI(ZD@1DEx<;GoFj}8MmDtP@f|z_xT;Q$5`^%M%HK5 zz&^jBGF4%p9j?!N^=uN)(5qMQtSlZLT=fFq^P&qrEYV-SMa5R@ob;Xe<@|ltx|{n> zVtRD{w$}Xy13r&x*%MQJZp%{4x#FTSQ^RvSiY3-rJbdu|viWp3w)}m54zGi6tQ}yN zZ8%(K8j`%1Uxjx%uVubO-iw~{C7!E$I{5F~$WyL(rhzuhA4}O&$Q|=MpJ8eEY$P`5Yr{r>IjF+XO6%GgDlZ?)I)DcV#WPD>cSE0<0%S;pjX)B%o=>#mf}=PQr5;@gP}+J|iEJhQcn|KJh)+OOlk z)`I{3M{HomiH_|`w{UKPe$uNa5ht^3?O@~G*B`E@qvt}t3yf+n3eU#`5AfwAf1{8u z&4to6vM-^va(`HCD)nv$4(XeGlJSfp9*Xvkus2xbMfA(g=Ck&S|Foa66Bw0eRyqXQ zAm1YoHiKI`)5$Z_33{$Rku{rtIftmdbgQE?ozf$&zI2J5gQN}dpw4tEzoVBqoh#NJ zt75sl+WyieXH#uDbUeLN;pwl7mfuJNJx(UFNvmF5uS z1G&hI;MsWg>81z!pJaYauU^)W!&j*|t)ubc&u)`_+PWw}_M>@Wp=$%SWaAUW^|8m= zm?Fm)d}IDYovpNd!F*S0`&xItM?4a5S9WjN84PG{x&l416Mf}rC7g%)WXK-jTy)vw z*IUs3wZb8KRe0CFO!O>7T#p_LkA8oqILEO@jP`Z-4}T_pe{lWvNpLtIPBqGtj3o}k ziRj0Fp#3P1sIS5FnD3k2{EkE$YW(z^I(bKAzTi4nC8O#XU3wX#!05fhVI0 zJZ`v@UaCT`9R+uDLfmyl$5&=AK>IlE1e5f#U<&iehI4yo@~ZwkGOTmDiZe`2L3Xh< z1WO&dO!;=a-0^IS-TQ{_mv6Do&3&D#(ZT2gou$?}Zp$46{gi`Au_1PL5gaH!d7^U4 zh!*hh(Z+a^#t6?w^LT$ zFvexa7~^$*j9+~f#~9T+@Vez3MsAgFduQ^je$7WI;Su0q|BD60GoL8gkdAEa}<{2h3!K} zfvp4E#%!F(oGHB}+a!zL{Umu$WH&|o^)}4o-ew1Tf%AhQ z2eZukP2jC(9=>Y+cQa?`ZV>qhtCOvZs&A~`j;{Z0YRa3j^Q*ULjiCF+q&t*9r6c(q z`OUvbesiD8pM1{=3evB#pA<`)X=Z$5!gb3g%RzE=gU&1KE+DthU4&V4 znAb}m`4sa>z2=kh_>lY@;Ap$NU;A(>-;KRybKXqDBWD3l>(?5=_TFaUuW~s*h|}xp zTzz_ja+`D}FYm82KH|I-^<_sqOC8qH4bWm0zV|Mz6|}c#dw{fUb(CLZD*kTxPd=?( zE>25h{OXIcpX|&=*?7D^lX!%#9Q%yHnN7FF$An+L>i~V^rwZQTmZKz34o_RR%nM;5 z{>9ev+GAIL+3Ae;nh>wbEu&|j00xb_ZyswXwMo9uixSgU=IaC2RYBoe#;Wz-1GJH^ zx3!k7u^AKj_`r$AC!2!tb<>|>0JKgzfDJD`FTyq+nEbkmb(e7E;nSK-yl!-N@C|qH zeE|4qrwctrow}7n=tJ-n@s55{Te<_n)-KS)cqLhxSF*nj*IuFBQO+mofBqmenewZ! z9&3|9X%e+LGT1IX=t;9@(HlMBD2vUt6F-j5UiGjpe*1^2+gG4Bd*SVm>pn)-s&)?D zpT}igo8l~Pn)@`g?&?9NW#eitP#Z3Hf4}xnbytMuhiY%HafUz1^P&9zIDU#RKayWmLCbb(7_F%j{Lz zaynNU$@lQY3Fdp)ervd%$R_b2fs0D{9)354Gi|^lTxIb!eM|8wgW&b?NWO>1BWJFo zI^`<*ly50&qdFU{TxO4w@8P%H3s|X+x9bMvdx+RN+A|j4*qjFMi1wcDvcqf1%V&2E z!4I;9^h~j~%8_1O{jJ+&_v>4E<20^RGPqy7loM~^FOd&QbGQ5?TAPc9^xN!!7ZYC( z<8Mp+@N?;b@#>4Y2>z!0_toxZ)hc!r+E*&q!+Y;ToT9y3=%)2U zl>Y=%wA@f~_Z(?c9+7H%Y(v@wgZ8+48E2G+!i8i`K2=+*$p;XLL!Q|i#vzLb6i3o4 zSkOT|;vMu}W<0S0$?$%~bW5=Rynj{sWovWDVh!bO-eO$lf1%zQ-Tesco#czC+xOPu z{$eG%`}yjdpVa#GLgFIBJR+(ey{jfV9^v>V$79htg8BWf@1xb-;o^Lwb<6w#PG3d) z6b?;)f!`kRE53{PEX(-ckEz|pRPv`v7I!em$^SAPS=4$8d&OeKuIa+LAR z{4>Cj1rC*y|GM$ek!|uR>fQ?ZT1?I&_n{q4&VKnXlC#oXoQgNIoO5gDHqNgK>YMnl zajU=do?w3icY&u@UuAqMdtH2*Zn>(#{Gh~jD^968*a?oS`?fGf$%M{U2<`*Cn_tWY z>|$teW({aIJ;^-t(pC+QB+RXE%1X zUD^M4L&7!ICSr4C$41&csI`OEdh=a=L)qUeTwXqni5ME=WegoUp(VKX zV>N!Ko_Gh^48V)dxfI(&w$1OK3hLhhY-;a|w3nX=UBHk0d7As}d@nje`-e5o{#RM! z8_FigRr`BnzKMHW{CutVvXy#jnhI|M2a?AXjB~1^m*iaZD8j;A5cNB&{yz#9_}E~9 zFN&}*KWi_+uYC;`_*Z2G%YI;CEoJ!&i)&xO1JCPRaSC`U;pX2Q?XDC~CAaX`2KQ_U z&n)jF&pynv==lKCmGHm$7J-BPJ@ym%9wlFS>3l$Rj!8#yPN<*bon!7J4#Lkd(yij> zXj|fUKW}z_;wWAOBpZs|KqZrGxh4qxFll z!2fQ3cx=2JJS=|G86?@hdH6b9pH}xZyES6b*R8t|SU*<6k*CX5&;=W-Y`vqH;bN{n z_;gv~Q28D;{I9iN9M-{Xsc5+Q zKhzH;J+Had^gQJ>XGZhU=D{C!qUEF2oG&}~+TVn8Vb}-lMD{}&S9q@z<(8-%V>kO% z@OEpxFr2$E$vX(VvSp(wpRl7+z%1M3 z?+Zt^!7p}if$c9x>g?z)-z&eBvX(=QGFir`{q=611lCKT^`i|l^8KZDYe8z5-_ja;$xreQ<|HwA^)wI7XU2!yC-?>HnR>}#d zHq}-d+x^8q$tDVIckz$e?$Y-W+dVfY(O3(t3&4x+puxT^ZaRWV;b_6u0Y6#11=_UH2o6pHHPZVBaxpxTr5ThwUN% zc2pM@ZLwqQ!^%d`oOu`X33g?DEi~2I620e``YabnT-qx!smv-qnNCnmcnL(Gq# zYcs_BDE?v9;Ul(g?HD93E8hNG7oQVt`zNmw&)h?NiRT%=zaH=3+nkRuzCn2gJ~4h# z>=FFZfxRcWh{qnq+rIW#u}9sd_^M;=T|BCsxRJe!%XCL4KI6aA-o-s%ZXMeGO>%=B zZSP`&!BB3eV;>#Y-bG4v<9ioL`7}mw&pkfo8N}1c4^fsAAoPvOFQL29v?tY(*GU9e;D=I&lMf_ zK}U;q6@Rey4;b^C+?W#@Gkd$XkE=0D=BX1O^Pl=0t=VH5EG9Ni>$&-XWA1i*80EhQ zfm<>rJ1R8_+0Yu0b(HzWA~CVT{SSdd>t*>%Ye$iPf%c9hwHB;Gu35`bFA7I-4kL!t z{0T08)XQ>aw2P}_J#+!Ki`VDkaW|({l-YN0it6)u$ZojbqrI*jte>(Qg2pdkQ?NGm zzKF7R5^moIUvXD}fBo?KQX8^|qA_#CiSD)h?eGBm>*Kyp&W;^z%l4)$etOEvPUx$3 zH~hEvadd&^4($59MpG9v4WI7S{-5|rzwL}Z`|m3_M<+j!WEWq!`2-pFUN7&yZNaJc zTJIIx_Oi(secSTASljrU!f}=2_pA@>Bds&74=;lbe$(x|SFBC34=)GoaTojGxB4ja zS!mtud=|3F^Zq_+d;{|FdifQ7-XR`h9jusX#cIrt`zgeSoV$w3fa;yEdhng<45!XT zD6a8%nyQt*=={6-ZcvQ34d#r z`S7FCW6Zg!p~1Kd(Gzv#zlP^mW|&80BWd1F@vJ)XZnBH%@$a<1o^w4K@i=tlZNj)P&r1JfuY7G-Qapek&rbZK^)VQ(1P1M~XdbN8re8~Z_5Xk)^iUL@ zO6C21C2<&jCi!iXTqcOO;7kSbD}7N5Kj@w)`FSTpujt;1bVmkV_Bx)o@aYBiN1RPW z`(?6x4WBt$LxA$4b`=?dD32B z-+Q#S=F|3Om2 zu8X|Okn8DuaF;9EHl=wNJ-HX%-IXGrUmYLmAlZkqaU_cs-y_3%FMmwM_Y=bR;@^tz ztHSq+tEl*%`Bv@!V6gY-NWIrOSu|fKns@&d?JD>{d!6FnGFz^KUm4xh<7ajpSZc9=jHJaJjAF?(x17+0WS`!;CX_qXtgaR)+`N_N1Na;3nVib>I& zqq05CeCA2FolHzl@Y}?N^9tDo?A2P{-^6~+&F=_qUNkId9d{CIh%Nsjo8qdqwdA5a z+qE%N{n1Z;p>%C^A9I7jm;nZzAy7Q1!9y9|@3A~(@ZcuD9}65W{^HNuvU4cUZ;!k0 z=*}kU%O~9f-t><6@ndzSA9pondp3dXX3JTW@4IX#{u-VvzpP>_u68gPqZ5P7!@J^WMkx*qu4xLovJ;a<7K<=h~@eUe(%P`|rx}nWZh! z;7#Ot(RYqHUojM&NzQ7toraI|a_of5`$ye=Xxo13$j=mQ|14K;Ews+nP#6A4Cr>xt zgdWzHVxROJIJYR4E_GhhZ7ZsS`xgk8JkL{4Ip{9p{KWz0OO3~mS9YQ=qZlWDpN$`f z`~*GJ&(e1#&rInH{a_hz73Uern)-YjeMZj;hc?EL-96-r=uHl@`vEQ1gfUAuoBfMj zC!6;x=v#Qn&IJ&U$38=FFvFZveok1qaYv(P$&Z^H+Ma^GqRi}md@^s744C)PUI&IPjzxGg)zsyo5+ztD1BOVGIs(YZrS=PFJ!wC~EF=cp^$*iD^_;AQ2~+YL?C zp2dht4?AC^+ZuTxx8C;Tp-?hfqWoo&nd z@oQsGl=fha&nSPr#ubHuzD<7MHLa<1Ke&7WmNSKZ#iP-7vcfTadLBIm{*!&Ivxs(1 zph(lm-AeRp^iB>!Z{Dj-(fe7gRrsAtRvuUSbBDIcUNm|~>UEL#q-;F`96D2)j@TW- zk8Co@m12PFz!B@YyO+gSar@){D4f)$F{PwHqd*s@{`S-S$57N zKK6vO=b|xHTKCJZ^R*Y4C)Ee|t(M({&7^rDC0)wg(9!l&&P;yc0`ki@=vg(ggRVf= zR@)gv52x%P&20uJ^sNYIEKWWS=RS8=XC*lQ893#8%R!F=;6Ig^c8kt*Y7fTr9kf@U z%mZQk9b;RgvB5Li8rUl8|yfu6pcTRo@I%{>v`&rH%XpL z@oH+%=yHtl&Mls!Db@WcbcwEw6(9Vjzdy7sILaFMRrgWTXT`Ntbp7@U%9Q2bY#z?N zI%7DSI~LtI7XQz<{yXiygp&N)+`w99Cu@vdtRe1X-LMned>6KPZBuYiHjcN^Wv7Y< zb>BjiA3Bnk_P_W%F-P3JAbUFhq-66lV)Dlr|Fk*(&Tie&@TBz2;{Mdw>MhmCZN6K4 z4evchouWBIDq0l#q6_F2CWjgt=r(<`qDu?fZZ9!qgDD}})Scx6dw>_})w)s1P@Sd+-v~w4@ zL%y}1)A&CH9&!&Fy!Yz9o9I52-f!Z4&#l;8_c7n|pT*v%?T%k}_VfP&i=ID(eVuN* zq#t>Es$37+y6aPZJuW=$n;Nbek2DW&m;d&q8y-z7c0sw7b+4$MS=b0HTLQ^%as8rx zvb&lJJ$E$~PEuZ*ZIr(o*lDu^z7cM;ez9^JDYu2Y<&JNQ=FJ>mJ|;R)`)Yy!F^l0eF{h3)^}-&vbTJXZh6Dl(U!uCf0cX~Q)2=SN3*3;P* z*-5Iuig{Px=Ly#v=x051{V74=A9$}k-JbUZkM8o5ysS7qsQ&?NSU)$oe&BH{vpOs@ zAK!uO*EG*{Cu|zq+QzbyaUgq5;7)d*`aV^Cucq%C!oIantn(y_{}NA&mvj$Jk*8Yd zQ*+(&u&-MBvVCI8K8$^9@0L1PxlicbuAi5B>8AyJFQ>0%O@-<3V;%gMUl_oXsV#kr zX&3yzUnkn{9 z`@HfWWNA-zK1Q7$V96|Q;@)EUaGM&p8vWduXCWidFh7U3G~VWLOz4k#=?|?ldlrOk z$@W@7dusPljdKq5nhj>=YwAV(94gbLGWC?172^C(+S2p;c&>PI<>U(2#jF8l(m(i+ z4$(N|_W+)D<@%EjDUB!EEro!2hok^5`%*HrS#>P`_LQ|neIj7gJ6wXJ`PgRKXuQ{Awrsr##3cA-Mja`N9 zzBWZ}I?0Rlmh7v5{Pu1QUZ$_+Ivo+$SEA*Oti6s^-`gkO+o1c&%5`3Rogv#B`=;2x z>~U|)`n8AF5D9Q1`#gP8cn*05=a#ju_G=HFThIh?{i z4PbM(OR z#Koqcz*r;KWQCM4vU?4L|3u4>dTv6VqZ66TWCL1`;a=-$*vqH&>zXT*eYG>0Sk*!G;2$ctA>WGeR}vbcm%!N`_MB`!Ok=ZZK2tyEMrnBrp2{Blf7yHY z__(V3(0A_{414y>NE!+A7y^=P9-5J4BZvb!#nH$lJ<^P9W7#=roJ(aO36{nWM3d7v zU?jmkMbgMNmYe2we1Z(=X{@o$!+`>~&9M#PQ(LkPmYUnvxvgdBy+|6raXvrnrtbB0Z31sEvU&R$ zZrHPav2nH7HDD&wjKDlC6E~M=}ej%(W@&;91&vhU@a& zOlVck8ti_eR<$iPejGc{vD3t!>UMvbemO6$tSxEjn%HjGfP)VRF5nXn0*|fF?PF~^ z=LcoNWJq6i(EEdSE#j|E9E0-vb6?;ReJz_YsPhBtb{!w8TFbO?)PDB#Y5W@eR&=~r z;6cwsZcK(p`P4Gn{}kh8J;vT%}jWl=M+4&;lOiH+WjiyTo_U9 zW!g9IWc2?NdF}ypFL`!xhVB)!;26`rxF=^03T&CWm*8m#AKE*-f0Sn=p77>c?N1dh zpexabh0b_yo5)hpaWi!5`SO{`cB7?*i_bzpTu9m%%$eO)& z?Hd)N5E!ne-RrR7gvRoq6ZpKMgKUcqs<8VcR_DkhWv7TtBahecuNI{h{-59hmI<~KpE3tl6NZe0}fvZwM^7OCeO1Y``>?5WdDV8 z{d-b_RL!+@zLDtpliMg9^8;S^{u4GVTb{VY`(rhAE`0xULetq6&0D*?%Ei^T)<@iTB6k{>1ku*e+Kv4wc(v z#T~_O*~VI&;B$v=oY;b+dk;a&${xd(`Ig(VWvZY^)~qD}9w~lJoZ7Q&KO@vKK|?6rT?B`q4|GV)ShXO_-ti!9`!mlz7{?{-3emZ?zg`Pt`3b`m^A8rGdZu%bjduUnU z0^fr_)6O>VPTYe$J7UX*cWv459&n|xiQtc7v-imw{u%8bp|8IeJp$eA4UKPXmA~cL z-bwP|*UaC0%v(Bg_V0;Tsdsr#$%nt@`CV%5Es=PfqG6tY=WltZH*)q>sgLpoeZ4DV z6#a|57UZzy1OEel{}-jB8R%$ohNcyZ$4~z}@N!Sih9vgXM@`JM_@y0vN@@uV2wZedqAq(pKLEZTj*nerhP?OAE0(_Y0~rtRjrFk^+#~CRZdKl*Jo^Ls z`61^~*?lNq;0D@!0-xZf4EVk`4xf^%^6qAx5)V|#$-ALRKspM^ZPnCHGs`(M@0ioaUm{F=1AkY`s% znC~Dl6Km~N`(^$YpBehke7jkTF$;I^vc|-htaR!BO#8eWA_hZk9HqM{ny#>Y5O-Ve zIJ%hl@5T3fly{`>A*mx$!S`38Pg$FH$n%r@2;5gWM?8OuxRL6YYl6!Oegv*bo8m|4 zmv-qxZ1CaVW9)ZJ%?$ju(_}1*&xCYf_He&gU}n5BzS+PGe-eFD+IC=8euNAd{zlrK z&AYU(V7_Gvn7Qwa@eP4lVBwmA*67fy6n(P5(I@Y)^vP$O z|Fl(wZ%@VE77ATJ2YEIfTy5d!ZgPyHv@P(zO3lcv_-=>zT?C%R#*@6Dp9vj0?|bd{ zv#s}^Kz9{>>Z~`(@f`j#WAF;C3Qc*D724S%=Io5=s8{a!uZZ;9RSpZt?WqYAff8#h;2 zxEWhxGrbeITq5JqoW&mY|C#LX%a24FtIOJg#;vVEbFHzsxKLY^uV2;}DoX^7vUaXrwzxRJ zwMs4Hnrm^fhiifHYx&f#9{wKw=9_w`-)P1PbR*`RXEfID2g~~NiI0=xl=Pgxr(gQ_ zvL~}aZx6;QrH{yn=n$UsRsB)=k6EzT*S=s~vtY5W&9kmqu&8U*yay~JHY~}D!a~0u z>VsF1yI7yq9=?(3IX_Y38I)x`S&d0(^c2ju=2Cf;W(6#@IcNAAz- zciN_(U@>}i6FgwlZJtXbV?#IfCXcy`!_l)%{n5hx$!gsbHgs=H(>)j9pS=&CmATKq zOM5uP{D-DVe4sfP)~~q-%G^t=Qe%E6(?9|73Pb4N(a34~PKIQUDR6}K&)nt(m-%xer|F+@v{`V0 zzx?YnuK^c0%lBto^JoDtc*>t5uFzg)ZuJt+5sOy7jgsber_*kM1m~?AcTb>~%Kma<5(8 zTf4KQQ0`Ur*V$um?iB}UGoWoOWh`}!WkQ>bhg_yjb&MxOJHzf!ILdfrUS$7oi1AeE zhF9iT;TbxfJf2T;u1)4TDtTmU@^2$I8Co+hptXO?c~&q@(*l!mB6B==kvaAuQT`+8flEp9{v{9O*GCt9pdLf}@Z1PLZbdgqrtm3bST;r>9!iqoK;Zo86|pB&=VR?> zpNLP*n4%5e6m4)#=QC9s`I;Ud{CjxoGhIt%?k4xo{q&{o*J)b1Nz=~_{;(^Uues6{ zn)}=(+KLZ~+%3FBUzfN)))%s5tgnl-RdJWrxPx31bl=*LFVg8L*cX&sqWkc@DV+j8 zn^~|2SoQ?dZao(Fv*+!mUi1MYT*Vm#TBRpE85h##0owFDnv-Wdnx7Y@-GWfhSi4+b zOxt-TZ5yGCb_;uh(VO-J3v@HA&CR*}V(kj7(uTAP?^Nx!WWq}u4y*=khWL-o1H3tl zLjp6uC%0Yqf!4SVnDv6!llZy%Bp2y*bW>t*G2_O)Nsa3vK04=0P4%weQ2bSeA2e;! zLa!$c-hW5E&$Xi0lS9%D=h}E~r2UJuA^jI{U*c7n{TCJNO%`(fV((TwYQZk{i$~^) zzIE{7VSO9?4>5Pc%$<3o(&NHf%Y|c*XPtJ6*5>Dhm=}RT+9~3I=N|m) z?lX0I_bi)$-H!)YMCh5=FZ~F`O!n}{I{Y&QRSH$PoMvOyBHz zbo%BYmnXf~WgM=bq0#pjfZ=XnnFmaj-RB;BQ{_1RV&VVfp0#)WcKZLOf*}tW@_-=^ z81jJON?^DW7_J0{D-{f@fT7iucL5BNKlzJ=R{o?TN6>@QZP1j=!wir1atrfdGS4AC zZI^2=*XervSwmY=l(Tzjs9-O;`QG3$w-NK*xIdWCy zZO-CS)=>6iIg8EDYq`Ci{lSM`^Ia$V{o~WLML8~?H^99S@VjJ9K~8Z{y`f@Uj8C zG=P`+z`Fpv+{)OC!OJnvf#Aj;`xRa~7+aak?=9fo0C;KU*=69Rd2QBp`n*6`$rkXE zJuf@F;m786r+7E;KdpCjF1OyTu<@eNhPtfd(IOk&~cp{5k957p#l-Srv@u|{%vHZ1K zW4*N=Y9)u}K7J1}R>|?j&s^(;UW@>H@t9xljlJ-yFgm)=8(-U+R|MS*VUv|;9&g*) z{KX}Yc9?P6gnr80(2v~D#I3Ui1z*CiuEUSxT>GdoDg98_uXFgE?9bV?0lc*9{T4|Bjkj5;w}M;o-pgQMf{9jd^IhTH`Ew_8mAlbKd{A80)3rar80a zal)5>g6%xSniHAde52Mad5J#|dz%0CIlB)-zlV$AXF_`o*G4+)^zWRG7W5`-KB(;P zpoY^>UVCyS|F`4Yhz2^6@Zdn4=Z?7xQ^(S_BnMd5?IH*z05=nL?V=F7BhfhQB673i$@U#=~w2A-;deaSGNwA&M7onSMY zDKGyk@T;r{G$*5hmZUfEcycAS^$E8(yn*jy@SiHrfn-j%f3wI6W14m-$K_81K3vw1 ztav%VGsudU18cK3547Z@kQHf>6~irND!bded6;+a`LXpbYi`23i|lt7@osa*yE2B3 zmh4pQMepW%a8=b}B>n=q*CYO2(bbIClSNxxn`KNf;5X6Fjxi?WAATWU%4d&hof=bX zGR~M**kgL0@8fPiW7^M{d>Lc%eS$IVXH3?+)|kfM%^cH~j4^GWG@gGsJ^E7HqgwZO zGx&?pJhtLzJ(`vm(sh$H;w}7k{^I=0v_|bweQ_21Dsyhf){3ngh+baIXT@6cIzM`L z92p$1tntp`cMsR1g~i?)^z#E;-&Ps(HdIEv)C9b)s8GAE6`fFPF%y&5;gDMk54&CA zszf3iNE`JBjv0+c77je0aa zny-5r;`BY$IP7N=Jj-0@Jv=*nsb@pTdQH<~()LHS%drd>&FLYYZPm{FmEg4kyhdod9$T-7bvJbz zda8>yLXW<_In3Nf*Sa=)`CS67qi1i!o=S${&Avz9*u0Ya{zv_rvmSMC-ow3w?uX|< z5B!EFCB19!-t1fJ-rPnW9(*@h%<~nxHyzPq=L9Z|HU+lj%x4wz2|O=3u(eJxJ_Emv zQO-V6J!es9u6J?8T&?kO#^cd`SX(s5@G9MCt-08oo3mJS>*z{!>VTFTn}dHA+nW7l zwZ5Dm*0$ek#(*a*_QJ5cJ!n+tEjF(A+*W~3QB~F&^w3XeZT4d76=Lh%a)GbtqHqkn z*H_eSBxHZB2RNj?CxFlR(tqhULNz=6avj)2_YVPE2-w2iTEHws|JQ5!iXWp!9saiJ zL!OktHs~f6A+YFyTw@PsXzC9>?aaBr-~ks!;KBeG`QYMN=?h+Ce)wKr^`CnZ68kFx z4$&olVBZUUeQAHF{GOenQ&y9=Rs=i-@EE{j0#DVS>jCj!mmp^o_^v~Rdz1Od@!~)t zIhfa$tk>`9EB^3FVkX!vd(4!ZcBD_qeaPfHCh$dpTb?0TuzSG0d+t>HXDVD`7cBA6 zM<`U~HA1m|O|RT3aZ^) z;Q3>t8){{as>?cp%gS2ugFs)Efn4n53w$mL-)opJec7Vu+G`ejwfFks-|{3%)?U51 z6#PARR0|xWzS52_X@Szh1IZoC=j?}?YftD|u^or9&~3EFL<1Z>;Cr(DmFRkw=r}*q~1jeTL|>f@fup1=r@O_xh^7ZX_gs!2=8xv?p^c_l&g< z_8ZKxqC=rIU<(0T`0Fya;jqu1TOV{MI$Aq(o6aMC#N3vgda{=F8jC`2LW4u#YtY@E zyl`&yTmyY)Xy!-E?Iifs+|ozrUgq}RKTvZk`@m%kCa^|F_y`=q zFQG;A)T^~&aN*5)r4~Pnw@&xQA15axyw;D*hy;quwA>PEV|C1__J-#87grOvYnn!k zI?xtuZ)ppnPh4r9dcIb{0)EZi8*0N}^4~7&FeK}++@4gE33Sn@w2o&Lz~zFCYjs%Lq- zbbmV3-OyjpSnC;QHRF`}ROW{#`xvM4%Z2te^oOQjeH;4Xm0@V7t~_T1S-r%=IMvvZ zT@vfAIAr-PnAcjd%e}6FKJS6ZkD`pbLGc@6}?$ZKSoed9q zgo39|_oYK~$Okz85cC$v#YVXF_&>DA?;0Qf415FO^Y`|9wXLa{^`5BrF{x~+}j^2G{^CAHelfc+EDm__g@kp_}MPR z2W-kgsDCIu)rxWtN^YK;93#r04C-{;RBz!$c>BOL)KcDwdOe!>GXd1WNwW2 z#e!i+1{qYlKAV2F22Y%<|9?4yenLl;f(z%+Cr@#Qc)xa3fz z6MfU73)jGDfvHL80$7BX$$D%8FQGZ;ZX=$ZpLov2h@IiPh(q z_lNJ*!$Kdv{|*jvWPLQ(W118>`L)5*rMf>6E#)3OMEFUUo-+~(v?sf%Q!4X(;kbFWbpB4+JLiRW>~CV+ z-@e$mWBvDpBAwZ;?3DBYA4-hUeh=-BPRkjI&RL(d$I7=FD>@QuA3mR{BRRH@ao05q zJjfjr{+HIz^g-*1k`I5?2c0K`PVQ%pW9ProzXBSMemBxN>h`4lm+kJ`rJLuD-_jKn zdS4}LUjJ&JtiJ|u4`1@ar$^fGoA1)Khxak(zsK0*-Sp^5=+Qj)IP_fo+BX#Kf0ld2 zAO5OS_^m_xv$+<7Z-voC;VZE^&ec`-psgbAm1qNfz8^<^1Wg83qC2GVoy|f&>qYlo zj~>~}8koiRF7$_9^oQel>yz8K=B$_F=yU7Iy*a=$vUa+4PpX4&(d*U)+LFWQb=8bp z#;o4McjjZ$O+_sgfi{iS*P1bT0>ao;?Sds)}fk$szFO^1$)ygS#Z&cHM4d<@U%iIec$H-W}K1w6My<3rGR zXryOTlyTC3iX62*uXgmbtV5f|Hwuk&4Z8O#{|b8~I-zmS)2-}8eoo*i;-hooOeQ?V z1DzMaSL#?hvhMSB@43*MJ(~*j%AL|adTy=odRZ^gJ&{i7zgQbk{XfC|p}Vz>BF_Z| zt}7TSMeYJa_e|}OshQi-cXS1db*;Sqdi$^$2y=twts1#cn znp8Ow*!jWv*K2`}!UMs&uWOBQba?tGi@%vziXS8|v_`AV|Dsm59C=q)j=!))YAsI8 zTM>J|ioQJbQ^7OK8Movnh@XMni@aj`Y@!YPI!lbT3pZ(JBYm=0HU?}0R}FB5fl25m zO5R30dU5ghwLqei%-39QvX}+{&o5va2KUy z-YyM;KE{{V+k6>3DSnK8o;(KaS@3lvhi}J@Mm8LCn}-#wdlJdYJsn90S3@)ZdgWBH zej~E%hM(iR8^F*1XY3cd620wvkGU3)UamE+gic0HYhU7M7PyC}j^=8O_wlV&F1ukD zzTIV)Yu(79D>(?|v+_<0?-=@-8;Etj_9)l+{j|hA*YI23*(vYv|2|WD?VIYp_>wGt zRRKBUW_=(x>Y099ak;k0cayoe1G{`3bFv;;kzE)dH=-dURJ8{fYh;UK`m|H~s2#19Kjk-X5gz zTI{Ef{grtH_!BaJ_}%_e_RfJD8H;DFH?O$xr^NE|Qn4>;ucm+bSpQ0LU3ZmfBkuz9 zcJeQYU2iP#U$$V^h&FORZAkoG?8f z)8JxB*R;n@H-oqJBad}PJz0s>ray6#{J9-^R`0;Hmb-QYv={fN=d%?5P%_iwPsCl` zL^bdTUs3m&n<4fGhsri3S>NSe>JqO2?i#(sG)wWX@!QaS;UiZuPWsz^xt3e%iIhKg zd89KAPFa)YI&iWb97geDAqT@@59g&Zj_G>N9pPz_@@-kf%{-A#Y^Ge+N02pR8ii)K zNY~a(&fyrE`Q{3#Q{}9cy;9pyf1uohkEP-tt+Vya@lS z>>%T&uAk{d&0($XB)8O@aSDXj5-fbZIaq z&t2}t`3CvP)7m6v?-e-7ONbG>H=T9t;8H6XxWV#Ynu}d)>b@iSDaudC8Zp=8FOHSx z=honxjWfnL`Q^o6s7!G1fZP*m3622x;CKf``K0aL)#xw%%_Yv0oqG~vrdtoJJNGl+u* zh@CAq^kP#72G?I)wz}Xm&#sc(D`>G6eVM$mp5XE?U3EKo0T;2+;WgsxTXXed$0t&= z#B~ZIwk?(13jCq9T`gK!QA=yE?ks0}O(Bac zUoE~E?mKcwVgn}qI(?R$b^0__pHckqVvkp-KHHV7q0hs{+PY2n2m88oy{w?6b&Qug zG?3X>rrc3}lC$nbb-Js}k~wvo9GN5ba3(DKZU5#9)_b&D56s67kbI6+$eSK?`M51_ z8nBJhc?kt$8}bl4@FV2S->m%QmvwSo$eDSB+_E>cjhV9M*W@yYtobu!jqqKOHAie& zbHtW4M>1s1jVr0CgsgcM_&;~0_E~wyk~McKS@YkyZs>O^S@Y-o7Flz(ykpCnKUMd| z4`=zSHIX&<>bcSB#%;xC^+mp~Ty4o3;t)#K;M-7g<}1jVuVly>o_{XemNQ@ZICAEy zw8=UXIm23r&sp1TO8%nA804QVWA41cTzgGk_lI})mwf%P({YzCv4t8zv)M0k0+};f zs*UUe-s8xb9mttcTgGG~VN&j?kF{(?-Y6Nf3)^2}fRcN#iu*^9FGpmB4L1f`U-PijT@^BP+I1{)}0OvvAj35su!}=DmKBea+a*&B5z^b__c4)50x0l(l z9syR7iAR8S3$VTotZ`3HqQjG&=-|B$_>co_@SY}k z9{X&91H{66^Mx;a6knEgVPH?*%zWf)9>tS;UBZ*C`@)kW&{7fii!*q#=si1xC*P}i z#cwP;S^Op<=c4dr@e5l#*^D>5*bYy&_%Znvi)vT{WBeH3v9#3&Klb25E^J)zKW)vLoJA|~%XRa<_-Nt1FDl+kTz4Yx z&AtfloubXNR+~0|Plkxc;sa0C9mr8JFuRY#hV)_cTKIdi?yTx#3Z5%|ZelUqzmVq! z#(6I7P2jost(|eMuwxwX++=jl$KbiZIt9;tvETw7|I$47Y0mTgBs}*gaf|1^4Bhp-AGCOGrRes_g9jp=yACLxn?$!y?cn+6nrxnXAaYvtdh~mIbNKtw>(TF%F8UhR z?XOCw!10AV_ra&19OJp)e%d_$txf+w&mCRz+vd5M{B|3Bwi=!*_K5IXAG{RbVsL>z z%QSzAZijwh=vk>I>fQVRUbZcWFOoBfW?dgC7du02j9%Sq?pJHZFLsIK(S^g;Yvm?$ z-o!pACOOktb6W{My5TF!hXr>e*!w#udW_p%%QU&XH_w)xHeeB!S6 z+y6cIY)pKfUaphpad-v%TXawO_ej*?-=pJtwO{x*ek$S5!f!>do-fx9d3#H_=IGIJ zuGK-$E0LeZAuS>N9zH?bMf7uDJcTSOAU-cX1$epgfoJO1}> ze-tdzr{f!vxla)X3WJ+5Jv~Eas2C_R(hGhZKmBokYwZbebPzw)N%ySqL2&dGahxOg z+eh-AN;ZS9?1HzF3%Ew^M=C3KeKP($Z|0q^PI%{jQ(Mx6&*|@UY8LREUHgB+GxNyH<(ad+JhR39ecHJ9g8R~^ z^eysii#vH&YW8=!R{+~_{H*wE;sx-58bh12;>VFr;ybAohW65mJw2P&vE~;1_@VxT zd>_>HKo|UAdtiNV9k>_Swi>>153br73W6dtlwcBUSDxV(h!^1iAihV45Dmxw6*ze&@%`Wd=hi`4y zbWggJ+=Cs{*U3JR`24G7&i?VPf&AvVC#bb?5P$Y;?Nq18o#j_)OIDrl*|ZSaeF!`s z0)Hpv0}hXX!&$i-f+yjz&~q%`r8T~-KNUR4TpZMMV!QOL_yOwG4RFqM19j9R-`zcT zfU~EEMCX}-t{x$rj2%B7R{Ck39&Y}5TugxCTW=O3~ z6F;x#u+m*wn^mk$fvX;$>XiyM&b<70z&EOZEd*@!?C(0E@c-3+E&i7Z4gQR_Rvqo-Tj!*^RPns*o8MxM9UxDSc(3ixaClxEJ~=%5 zvhIPr-E*Zr5OFGeK{>Hgyt~MLb|7zK(psx;t9E3qhFPn_bMN^PvE$T0@wD!Nt9Q?B zU%TBLxT1M(nmQz_pygxmvm^Mm9tTF&3~`}m;$Yg9+u{58smXn@{4?<8l;p0a-M*CY z{bSTfSFA{SR87f-?Wv2j(tgvI}}75{%5-tyv2ZzuCz-#L8(7!@ryoSs*fCePEr6CmeVC(kII2N3i=FO%JjBfbva*-hYhzft=m~d=vS%TD}Pn zaH1P++>LJ{--cCWvcOt^Z$fwFB?_O?HcE}R0$?r3gq1T1#Wzu5`z8wUO`P=Ti5yc) zT)ZmqiElz`h)6w81HXi!`{m4z^7-hz;*&Ut zjyww;x&BRZa-c(@Wtlsn%&zOT#-q@hIX6-sy*58L{$^u8 z{`s&u7rmG9dCR$uEQ-70@@{E+eE9+U-(sF$8n(%dWjKQWz`A|iqya>KdebjQL4=}D{O0V`7 zA3%o=?eX;v-eRrCrQ9QT$=ikQfXrV)-;D>5-=RHPV(=Dg%`f7a`0irec+f=$^IEwkxyG(;ku?&>9{00&V_mu# zZ^y^t(=9xd^1TCm>;ND6;G-k3E*L#;`2j@7IEKD1u!>$BM_(_72h^kcO1?!LoC+_a z=17t_Z7O=Lwb!W#8+eEuX>|G*Lvz}aMbq|fl6{+oUednxmWu9Y+(+(u=84bm*vc8b z-9NwgPQl^UpI?9H7WY5hd=F(G+(do{*CbZGmwsB|dy*G= za;Cd`AX{>)$Ik(BY=R*(jIE_%$QCNuI`Foy>_dLA-s<-OZFhkUgTExQp=tU$A%J}!?9(EGfc1v27yod zl`&MGZ|$jqHU&0mL*UL_d#Rfzu07+;R;2?U;`uh7pG?Esu`j2h;T<1ZG`wTRg*4m% z4G%)Y(s$Y|x~*|o*0})RIWUXv<-pv*a|vJ+_^epb9bt(% z9z!SVKqqV0%|s14*>O8gBsy6KI$4O^DbdMJpp#`IV^833389M_BA3y-C3YlsNgCg0 zO<|;5bggZLy;3W}tjCX4g|1aysFi2>AkWnOMAZXuNGQ6$~^1k5m@)Bz6i9*{!^}dl%KLN67H28jIi$VB3IDW(0}2fe)w-; zWJcn%+)H0!#iQ!TBN*ns=+olA9CFVHo5-$eWS8t|EvD9ljNi+59db_mcmu?g*%OnR z!Sm#3n;D!vh?3^kWF!NPEB+1`egKG5!MbHN-bx^?f~H+B{C^aydMX+Bjm*sB+zpAfP9 zrmqusA|EmRL04^h^!bO?UJ+o4lDifo4{ZhSbgf|?z@fLfgLUQ&R}lks(e84-O>)Zi zlD9AZfTo7xJLB-bCf!K?0GqG`dv3YQ%H3L7xDR<>YR>0-EBh?EuC-z$AwM}YJh#$} zl!vh8WKU1G?xD_xtRKnUlDbo77=Mt8k#tSBVk8Zh%k$(w@ecH#EALhFo>AxtqkCZM zS$nyMX1*~Yo~_ov zXe^SqTSlS%VJ>++1)EMYr$rZ3{Yjx#Sb2Sd+pB z^1($j>#?w<>toUSoKHyWU;COBqZK-?#uq(K>*b2p=W^Z9%N4EvCw>d9e_7r^r;;4Z zIb0i~b?~xHX#Kpqk^4*bD|=H-^r>@c#*S0)6nK=;j7)yro{F9p!I$lM5(Wb5BINfI3bX$ph zxR7U0nZs~iwbwa|JOkE6ay9MR>mpgVFGtn|egj?Bg~~BtT|mRC{W1D*WRE2izVS3P z`$`e%ZJM=m4K7NvcD_L|vA$|@3_glxCGWzf*gAtnjp}b?$>=(yq_8U*fz>7t*`HE)i{{)&PUqWbh+nOn8 zmi&Vl`2;I?uj_37h~m-T80>>bqnADSw8f(zeA-K1!^LQJ5PDvoRVC-rmXkj_7SoQR z8w#HSkEu5DWvLUKD{<{+){>X_bcnjL!h1`g?>6YW9=evj&f=qGk944v=d*}=%QJEx zdNj8)FT_w{apK;{nXu=2cslXyYW#HA59QV3r&IClsc9Y>s+Ij3RqivdWX5Rs0aH&# zoacT^-sg%hNbO~!eJ3tENX!v`Piz=lMf@=<@IjFeMO=2T@_|8Y)ilEO;#dj~- ze?}b3?!WWX=-*`gDb`R7U*ukV7P5|zw{djCC3~^km+OW%Uw2K=d1inId9HwOS?4w2 zBZNP$8ed!w{&>+h_rjls!435$$fdGk)+PAmM7KREJ{<5Qelzja6`@-;qw~mIx8skG zfk(-+l>PAS+?VIXhe#bpWk2gmHy+pD#P9lxg&tzACN;=h*hAwn*R8*pxc>aeG|`U= z7@z1z;wRmWzAidai|wnCxa&6JuIZdJuSk4T{02kl#$Al-?rSW(wAy%ahv>Gn)~e%8J<#n z`g>zKpUA;P`DKfnuFYxm;QLNf&pk>^w1#+X`gV7B2XW3);+*(&(}VbWj`@Yp_)_U& z%TFvm7lBj!N7Vm6BffW8bK>tEg07$k)?6qY%2;y-`UbdQ%~`$z$$b)BtXFN^tJ>JF z;Pu4^8SCWsj@j+4wBH}bk7)Un_d}=qluvmpZQf3MLJt+H-9J224{TvzYXG)h+V5g+ zw?bcO;DnDs|DmwRnECLjE@gYIOGcspsG|S<3TA1ynDz!a2jO2a*4IRCL_fwFGFe07 zn-}~vpzDa-2=SiSi{e+6wb#a&1xDdx&f4=h@8JWwlXt|&ExL>7F%pwFPJHhG{A3&S zaspao&keMe6~7yP&;vhd(5;+~XTi_@(a}!c?QCUlqd{BptjLwAbpPYP-=%^@%H4gmX_r5UyZ)Zo}#h(f5KM^v4^E*gOgj-4UQ#7;K(jn$Kpd@ZpR9|W3d8q z)!{c%Q)jBWSi(12CbccLHu532NO;wGtCj%IF@MmF^4D8_6j_fZeg@0OK)ycD8XCR~ z*2`r1C;dEwtu1@udu<*od~qK{~|NFj)?LFX| zIM4XfM20DuB0gLh$NQcO$MFC>JaZh9b0qU6@O+K;_^#asoWTCD=zOZi4|1e{-`!kK zF{WPTQszI}!Wj=|ELkFPi|874ukRRs{}tttA0^no6Gz_s>EnNz{BFy4sm0XXH|#dU zf}0iPTJCZ1E3rbs4RJQ9;o%j(kkEj{J>t;Hx-nloxw6n`n=6rQ!~VD!|5=_DRdyKh z;nTF0+d+I-{Fr`xm^*ZzdBSbRX5s5p_80!kW9|~-p|X~}_$18~w%1vSeagIx-Xvod z|2MofCTphs=80>jm6(k1X4%85@B?m&Gw6IBesQ7mb#}}klg_*CHrI`{X~n~2d=1dK z#0-SzUt_}~Yw5S%M_B3>TY9%s&(*Qr@J-2?*NrCi?WDH1)OM;S-=FhDYMV;g-^RSf z@s-u!v%xPMLk6*z?kZKAf_)sbrH+A5+r3onf5e|4`RmV-myfU7iVx4V`BUJk+k`(w zZ#uyH(`&J<1JSwq;wXFmdZ$^kxjN+W!qcYA!{1G9Q-RX}PHNBPQkQ3G3>c5mr^MoY z*x1y;tn~v6G3%u#pz$8vj4c3`UBGf2-?Vl9g;8tJx3x#B)NH~(*b478?)7@jQ$G~@ z!RzeH5*tg#=fjb+>uhhamCw(DX>3=w1>}rQHN`m0*u`r;K0fs4vqi zce({<@Bs0*PR1Lw_7Yg9iTf^akxKyeW7z z^15wUI+V?=XrCOL8ghfIe2oRRuYJJifj)))p&0`jmHM?!=-Q%Jr_tjLXw-m4hoMntU8JX|kv0{LBCp1A0UpBAFZ3z) zg43VqJIm=y;wmEFtv(ndG#A~|*hvZ1l+-1VbvPBB${8fB^pjb)lNvnfV%<0=G+R%< zHGCvbC=}=jVo%g|*}O7l`?llk2X%O*$Qa=xGx>JrXclwj)48asD3!r$-p4?04+SpnHkgPNex#vpB06Kd2{mDgJt? zF&D80q=wRz8=4tfe+Y^}QFDBQj28`IK`@ z&D74!F_tj5ZOpCg{gybn#oMX-2W?9&N@tAB-zDdD0X&C1%Ge3?kPT{Hv+a4^KWU8n zlO2q)Yix|MKJh`ToKC&8otl?woub1C@13y6LCqh0B9mrg&@5+%o|AD^L$51rnjIV0 zn|k9sbUq(+w+`IN9IVDKxZQ@~Sl$L~PV!M%$3k=BdmM(|qz0nQYv%gA6kQ)=O-wa@ z@fAuwwajrZZOfh+XZ%jyYgAv@7biAaGlx6_;7CmC-LwK+Wb&fwJ)F-CFLCg4YzkiD z$Zo-tF$qu3+MaUmb-nQ&=AJz&we#tJ2l6jY93{?vFFDI=GQ5({>&QRB(WUURo;D@l zbr&=*@?teOejD72oq9@e&wt0~(ZCu|xCa-$&pnk)%*7u!je0KNqP{YOyob-h+wi?6 zBu*WHzd70|kxzT~qo-qk^kws$e8Vr$-P2ikF53D`stn&^W7UN z$8ShZj^~3f_UAW~t08a`M-BhCu4I(<(&U<~_+sSM5?z~vex~YK)PJY`Rk4Ml>@}^> z!wphnP-H=fb_GT!*Oj8kxu!posL~^Ad`6@bSr!yOxtl(`*T^0&>flkAVtFSo?>=ogs>wGNnbjddXFL2?CUJ!C;I zvL5jBsP(W1no#rb7X{hcKisG0g8%2`cjlV7>31;~M?bx}Q0svhQOpxrv%HdehMt5->+m;zK@cYI{DEUse2)Vgnif6xpQd_fx0YqRIUu)O^3&P29kX zo$Bj8?{;%`iB;=o^NG>#N&WgN_*6AH)&DFSQ<)I$dGL zG+7rfMPHE|>rjR+E;#_Ai%Xqd^6DqZ&uufUyz(3DKI+ZLYn)l0iq6zt3X$h2watrl zvj@FeKGY{N&xPnaM&CX@q8G=}o$&3{3NFPyKaTFR9@!>3YZh`-WaqJrylvL2%GtJT z1MdXeVEfFujQOALItPyHY#AbcX^|oFy}~pS9mtRlWQZT0Pd?qDRShd&eM|R6*`u|T z{WJ;L-|`p85VvSWXPB2VZ_Wdve78J>tGKEI#m)@?ZS+154P3)J_ zeJO8lLis%e|H2;z>=co$kuEr1C!2K7PmmG4h5AyBUU%QwefA0FA=&1+w z@jXk9{nddU=Gb4y=r7a$qSmacHxoxs?LaqMH7Akm1-AXu_HSB;ZZ_E$bNm)--`7+y zR^gi-CgxPkKEoR3;N$E`S*foJ_7Vp~A0=% z>93mQ?{91&F1zwSMY^|=_c}ODds$*@ZHBGGf^Xr|2LIuq7N7nN{a#<9UB!<%yOg#R zKNemrJ|oVTReNGA9(+K>-P^#M)E$)=u;}dIG@72-K+&UWkjEa$zu`Ls zeRw=~_j^6_Hr2o1hOXm3293<%ca|rz$&quJ zbkU{c-1^{iHeEQroQvDF2a=g~tslE~+uX|jl(K6}+70@-xNU3E#vlG-JPx}IUEJVo zI1hg7ic%|fK@Mte6uyqXIwohKhKOB2@Je@=*admp`0aNuO(_4B5nDmLpicLx9Bnx} zr47C)_2x9{%}M;i!#Q#xe9GkH1VY3wLVDQjA%21W5-SSHdCwQt5Q^a6cixe4|~b1dPc`YAE6CjMolBmDGeGE{Kv(nQn63sbUp!P5PE| z@Y?VfQ?HL)4J}-a&oqP&tLTuC@TmBNCn2>pB=(^B?i;IvR4^$v;k4yJK1(~&p5#>2 zK(o|HMX$4BXHqLyYBh*{De`1U`FiowOyQeBR=qGe7UAHF8i%(@KQZKm$PVfq_EnL` zB{5gq-;=1v*CB8ZxZ9FP-Q&4Pj?V|Wc!~B7Q_t~}(1pt9w|suk1$qv2q4qdjgf1BC zB)Y)w_Yrh42GbTFJF_4=;Z6D-Lm~Z&&VcFv&W0QS8!}$EsVc;9#a1CRtfZq-=Hs6gs$x_C~9wepL zm+;@&H{1?C;hiy`f3+Sm!}#!I90orBqI;+2y%!rxh`B0auJUc)zQY@tC&d>X-@eGc zOU+Zvjwd>KWsdCdk#{q3EaUrq)LO})wK4c@ zAHJ-iu#Hn6`$_DKS^cFLK5yvb;EB zUz4+L#fQ&WUyNb9Ho(K{+2a&qzjvk&ze;QlJ03VRg^X}`x!^-$a~H*jt=kB%mpxrk zWJNJ^DzFJ}arRs}ux0w|KWeTePA$1j&K#Gp_EwJBr5#B*J5$!?J|$bdDbewZ8Ta-% z>ymBgH4?jMkh!ibLLNRz4O>s*qx|$g8=7e6$R4=g%uoMrhM)f34F7QCwVq4(>Ai~n zsnw1jB#!T7MMM16b;>XAXTPM@_%(bga=j9tN@(a2V&(Yc=S=iJir>KT$xrad<70V- z_dc#a-toobYs44d%enG7pTpOf7bhp(@x^b4PA~8Qm&qCN?~eI^|8Zz)A8_+;0oTe0 z{11hXjr-zfPQdkZU%t36{x`yP{ilQLH1#BGe2@Fw$+wa{sZo6G#@9{p<%W%~3vOqQ z;dW?vYTSl?Yq-5n;nw!8KQ``LkG!_zw~gC>`gCwR7FWWLUV|UK6+b%rcVCmUR_!=b zvI*a|if>$|EmE|NKm8bb8vd@R#GjFS$_`Zi^nZ+WYWf3X{`52Hi~H06c5s3}{VB(v z?zjEvk|!ztbPd0W_yX=D2eIMiNOu)>W@|`$sR~&xI!`g*71(=mE zE09Ct?_Ge7l7K%pp~I!|{YXs`$NvMLNbQ3^icZ%GkHL>^`Oa;hOcDP*@EOj3tTky< z^wZ39`KW)Z{3s@}RPvrACY|XEb^PS`Vl2PROl)Le4vAdIY>#%Vyb){{V66kz)cL9`et;NyLZ-aXw_1t#g zZ^k#1692a7PlQ?dJS`!CVuDOcwL(7-)Wur^U`LtKgXCBCPJiI=`mo4)kxkTd2?qwcMFb}Jl z2Pels=3xWlck*gFGUh?_LaFH@zU&(2A&xIw^tCv?>^Q#c%=MN2-TARESy$WXoHr;zb<=l z9RKzbev3@IA00;g$-j}l<(cS1o=Ugfeg(NE7wER*{^QR9M~Tftoi!}}*$SJ7u4HV_ zW$?}g_=2BjT%(LjVkja0JA0O}zfhiMLb>9Me288%hCgUj%}3(Ze*Dn0_$<_oFm-b9n|R|R#GP|q-xv(=e}La|t!!sA zF=%)_$=`&^bnVzE0wB6^h-RFqiXWH&FJ!PL#cbPtY^e1Py9j7MXF3$NYV4M%Y zdyBaj=9vZD7v1QH?mzb|^o9IRk;9l0Jzzik;;0KS+zTH8-|2kvAErS^@R?eP5rF$N z_s<>sA^tjRp3<5gJtt?%WjPw@Tl)7!?)vNkp8amo?@?YeCgZ;Kj!n1?EN{<5)MnL(aj;t9Yg;-uiOKQsV0IEjs(wChUc? z&Yv&XJ#d3Mm!0#A}hxJMd=Go&n7j>@HC6$l1a2{EUs!?+kozs^_h< zoC|g@<9X-@n&J60&!3y>`Jy|iJ;KKnyiprd&SWK4er`~W)0Jkv&S^J|_mg?HopXjD zXD)OeWiRtEbsf>`bB8Oex{d=hsfH=gjqQvYuEQxek5)yI4;b;a39Zza_ttwJo$;46mu;bF67Y?ke5q zEp2|Pc30u7_*QgDAOCl8esY!M=)o(Bs52Eq_B=%0As?SrH)*+kK6|lS4bE0SR7kv& z_~&f+(;z+ssh2#Q9}!`Ckk>v^|%^z3*u{8MDuNjLi{hy^b!d@C4*Cymb49=6UG-WSCF3rpNY>R{Eg zzhfKk`rK#kz{c}NIcIVOdmN+FYQjx=?!yf_=Lt`14d$=m3_tL zB9`$4Jhn)`T3x@5>-k*!0nb+1*Gjpz0vL4SKwX95c!A_5>1M3XllO4t`Ozh@xjBom zC70s&S%hxO_^CC^SPvkFV%Vlp&W3A3k2N_%48Kg+_-<=Z;wQw=O!OtMz#}@L&xYqH zIN-UcL7(}Bkw#;;b$(i*Z$QPg6X0h#_!hhnTctlwSlW=iTmpNG$QkNfIqL$O;j=pb zmye9jIS21A8XcWO`=-3}%M4jCMkDa{Dn7oP7uaW@-IfJitl-myUa-4x{&(&NHzmN} zL(dTWJ)rPs-iDs8`j`Jzx_R3l%9!9)@{Dee$)mlXzgC(zznoA%gavrWJJwiVQVa%e9) zEe7398>c(!7lFeiMb~?73oKPBZ5T{6Xn0g$vHvbKd7e&tpE*)|}7ZY0tU(U!~9AspcG6Ao+P{{xr%x^K0XhTqv+>jkPB%1R1XAZ5L3T) zocA1IdY0jx# z?wn^%9S8hPvde2GQ8$&zBT8enw=SQ zo>p^y{*U{a^Owa=ju)yqPdfa!<>uXF)?Y*dEYZ( zZxM6eE@!$h=OdCEB6B|ahR*rFms8_K->B+KA*USOxswgfnVVhcoc^*zvZSm%`A}JFGFHZZYid@k=dQ+(pSbajvW#_H;wn)* zv=x1|M0+ZEkJg;r0?w#|9yrRk%uhj1b5OfWTl5U)*0?@{FPL`U$!kfz%m05N9`Zl1 z<^JNvpClj9E=v{WJdrGO6~u&2%8*eDv~|hZ+J>b6m;15xJUv72AKdg7G%*VrW~+F7 z8SAs+yxu5s@f5O1=x79bg7+_y{XPQ!JG39Uad+}RKG+n)o~R1vVs4;2W5&=cI(DI_P@`eGgxD=9OXHw{5@f=Zua> z=Q?cB_4Kn1|7Dk6b2_Fc@Ha%`<>k8310D8+^h)-OO1%c^ zC@MLjozniC`aYl8vOr{TUD^E8d(Mt7S;3qNy-4m`9nWqLKr>~WVNML93w+6*wiD#P zpM+lGHKIN~|GE`cUV>tRT-W=I`Ak>!^$Ma}1lrq_()MCy~1i;1|D% zY0Ode)wjua_e`snc^)uzF!omDtK`te@yE?){^Y!%1pP^TIv;qb^{o7Hj4`$Kmd{fM z{h#lW*w%V*unHVJM_rbJ&pfl>{3E|l4HRAF#b)V#x&D%j9o;MS-2XHB@~>E%@Yxi5 zuLNi9vUa83`%&t>pUU9XA?%^$e7vktpXS}hxiOt#Xk@|MNayesl{>qzr+nH|wMST+ zC$N)ZJmcg3DwlRg2hTKd-^=|jatz-C&`oV%=x_V!K@T~V&sHc!@aEG;;?pZd=2N= z^)I}tHqBGX)y#K@Jm45Gr1Zyj`dnvTN$cKirprv4)2{j4G1hU6T!QFaeDln;)H9d? zUhtKub(Z;V&4;6Z#r}tMRL?nF13W8vem*j>i+WpInUk8zUUeqWs=4=Ea3)a4oKLo1 zBnP1SlC>;rh_yFi4e6|*8G7Z;&+@KK zBWbbUH7$DX8QQ7Rw4QqAj9S9Tu|~xcET0KAUi6lvp`Gb-aUQ(T+2r*X<(;Y4;5-#e zY*)1mBsbIrK4pKntYPsPh^&gxzwjNQML*X~&65%zOH?yb!|#p0{0{q;1P@jGXUrpp z)^#|p9J{JY>V09md>VEY zeC^-Nt`fa-vRx%Mlw8lWtHjolYmQwdI`OArS4kg}?JD9G6YMI<6V`n1T-2_THr&vM z$XTHyhZe-9ia-ag*i^rUPgkMG)3zzk3r}}wWk#e>(MdHlVhWwCfll~*65C2_sZ867 zelD=BWLzI*TM4|AZL2X_{1j}f5@7m|Y+H#AQNVl)uhe`qCfHUpBKI-x-*~!O{GEJa z=-1+t{G>LP*i@M|R?!qT7IXiRHde;mkJ(tveG)$Osn}S|{eNg1i@DFRvF^8Qth-&< zSO)uHT^n8Kc%|4_&rlDug!z~AaSZ+1+O0pofwOV``K~SQuDiD0($pQ}Ueu0X?0`Nv zzpn3XJzLpa`L1kbgT282F7$QzFE&^cwzb4LR$_bAV0-0Yixp#w{jY3;g`t=KC^neX zb(A$LHr7dOup@f5vcW7nOY0u6Z7`Wr@;sCcX4z+Y_rPyvgQ@)(VuQVf{jnN<#Yt>1 z{0i7#=2SM=+b(Rd$Y-AYcV>fG`-XoL8_YR(OKh;`!NCS_umKzF{3BKDOSEcGik{9s z+m~eA8+3o_E$pu|$ZE;U-;ezTzS?D7JLheUWXN%e>A5QdDt5Q|gK_!pN2Yh<8=uYh zFyDi^KPokcw&5o~#%C7i9voStmCZy4USR)z13jKNBY9?5-PTcm-Qo^Ca9bQ-Zb#_4 z+{9Y%bt|YjjveR?>3(m!e$~U#wdUed-SpPuXKq{DmKVa0wSBI(NX`P7k1c25)4r8) zX92@ObkJMzBg?sdGr6}FT`R;r{Nl9@g*`!Nu2Ie`Yr_{UIrF8wvx9eJ@2uE#gFG)e z*4e6!?6~Oe{_~^%AA4^e7uA&}e&1UKa*F~1(P+>v3W+UX)R>qkX=w^H34)qP?CDA8 z(+#LeP!vPbGu=rvpqLH{?w!drOb3@NP*{nYq_d3OV9bJR0`{->8Cgs$DA&>?KqU2k zpL?sYG^V%TeBOEI^UfdjxpnW^o^#G~p7We%JGY7sUhKCdW>6`zcWgf9oibZzT%7sRH~9#^WynjL4;0WV`n9aUACeswpg`1a+LV~9`0@ir}Vkx zE*EP`zdAP$nXt(EG-SfJFs}N%J;uDzk7#7-GI!JUxeLE}9O(y`JBizkjaNw}?G^#k z;_rv2$UN!uN7>8s7k;zMRTOe}=uXi-=FftxUHBAfPh{?mI=_-&lh}oF_GWH!@{nn3 z)Q!9)Zo-&@`W(tV1K5CKCxA@?b6BrhQmn}D(^YHH%xBidr67mSMh^XTb13rPtJ^;A zZ(H;Z>zT`?f%!y^e-1hRGUiL>^CnX?^O;}bnN%4!_-6ln`txic&qwH!8c9Eey~2?( z8{?k4Vm=>yt{$23ME2Hhp3En450Kj;KR(58LVrB-89%8U8`?Sk|B3vU`CQ-fPxyaY zQ_h(OryONIt6IKuY?E5BXX2Bu)D$tdMe34053kr&bC~~C851kHKPaV2RVvF?M`@hha`XpQQ$!oco1*k0ditFHxCBhqwoOW zL2EQ}cJRQnK*xjGdu}AX3z*id$bS`iLaW&33O*DuXF14<4P1EeIpHC|1zjHRhF8>a z0eL*Q;L&k`{YYfP8f}U!9$e66#8=<~vTi>vRD%oEtY>`aC6@SMWS7c$KQ1`se2>oD zv*?-1>J(%g;DW?Eu4Fx5A&+J~>$(8TRc(U{dfR?ncnw^5?I>f#`u@XNWc;k}>a*7e zuW#kNl~|)^z&RKB^jHMsV~y+ij5V&DkKkUmBf~bttpg`~<>r>pzH7xloj4^=MArA? zqaFjlWo4|B`{XXv2cMhBdpEM{(WC6eS^O7Vx$#$y&1Zh;*xcmXFeHP!9&h?p{;}=+ zxAPy_S&`kI`S>d4W}Erju5IQO^-2$N?GWXBCw+`p%zfqDHJxMa|zN=9O z_mv>0dU#LMzPZN~rC^V`d{@oU_l|7oU~Z@L-^KTkCtWokn`2UF1)dkdS%s(Itc!2sp5&=SHk_X#HX+wF ze9SZ2G^pVd{i!rGP5ucoYg2NL_e8-tW1rr9&d_lm_&N58r=ZiyglKz zO*-BaXL-m+{YSQRvj!&ebFwxfE*;vk2-)g!^&W3Ba_uVQKRN2U>TuKg>eHbc^!u2R zH5a+q3p8E6ZNy^8V=P|=_Zz@{Cvx2!-nZYiyna$2IsoP%-DKAJEjM!Q)5x`jr^=P_ zpL!4SwkTp}D6h{{Vw^L%Bf_ZHh=VYbJRpxCa35fCehvm z+LC))lle}(IKO>%gfp;SEhdZelsVEVb}x~v+eYNXr;!sAhoT`HKd&m}^b#jR&p%vr z)7Ef)dRi9ixjxZ|W7Ge{Y}V2&?tCQPL%9*}L398j)0aJZB7M3WJL|g{-(@_bECS@%(L|28~~tns#Qh%J*L<8LEgi1e+UnBYZY_USVB2;zkZ??Jrs zoQ>eV2brD5So{1jFa9X&JkhwD^>_T2bvEhChmY+(;d^~I?M*VNF-<&$-o!+2iktLp zW$spN$rEgbF3QFDiA?w?-#W~bQe0!+sXhWvI5>J;^=Wld&MU}kPjeSy40Q+OI$gZG zfdjja)|6CY0$>BSL{Sf}L=KEhb%=}K95uqqIjv|1drLrnKAr!>T+Tgh)>6)JcUi=W z?KO83ukkE<%()e=8jb#G{2#pH<(hT;cV*mE>B^W;DSL~S@k))ha!%#om9s1BR^%UR z=04ox*nMjI)>nVnPfUE(YL&fM)|#=`MDbtj(87yc;BvxL<1RLl0o|DD*nAqfeY_g! zIYS=N1x-g@uBaln$Ci^kJK1Zx%@ds2)GhaN;2T%cO+BLfuTm{Jwd@nk=*J|6wD?HO z!7oDg3h|E+8{a&}+t2$sp{aXx-39QD$6sJD`^8aJYnaIYJmj>^Dn1-4cQvl8sFr)i zQrO4P9qozd?l}kFu@ywlt2##mm)M5oDUsL$O5Y;;%ApSqzrI2At@6E=ehHo{>g>J* zV9rABiwk=Bz+(L@q32kgg6!UOc<6fc$db-dFRVYqe0u4y*xQ6@9tW z<@3EZoBEgXj0DeK#`ilwN1}ltp8dF%bKc=ewZ#8DT)h+i6xi6OO&%Y%Y+bCw+2~2< z*pF1NgZ89jbC`)fV$HC1asM2IbBd$GmcWlQ&QFyl@!{Hc#od0w$2#F(C-6MPvsum} z@UivxDMJqPyBprs2OrzXJTLSAFXzATJ}zv<>`TG?t?W|){#xuTK4sqIo8wF0yk*3>i0t!C_R;=3 zv@?OT$x(RO58-!{6OP6iI<2T2p=r`iBRq1jeM|>+p_9$k&on_iaI|T#HF}UTH^2u+ z-b{>_Abg2{x2c5xoxt-5&t^43=Y!Y410UqK4BpoVAG{y^@hkrS3-~W>%~EIWkr+jX zpegJ6zjLe@d{_@Yi0*9zJn=5(Txilcb9Bz&Ctn6X@{WDP{06=qg-4ce2EODIlPhun zcZf+fHyb`%@Il9yWLFJ1b7+p>hX30^zJWU}BW+hrHgqx@Iyt-lpN>sP&N(*ct%w@IwR@oT$>V1oi+M4k zhH*YWQ{70Mmrc-l!L_IXe%!#d2cJ6|#E*k(9>Jdq_-X^!qQJGNU|jPgGp^uTbqf6H zL45Ls7ZzL-8DJH4!58T~eKU3VaZN8H`M@s@20Hq;rFl~ z3m<-#^Xpm0P|Adx*20Iczk)tpy(cbVPb^|jEMQM0=9Pa>wCa0eB60iBr&~+eANR-j z_Ym+-_IA1Vh%>46M)ZE`HdeJB`BtNM>4X32UAOg&7oO+P%PZcgc{w$r=B#<}p`-ng zHK$h`f&Luba`kuDiVy$p?>njgj5*>^74^GT9Ie^ee|Sq(sM0c;fcY0&pB`y`uT_blsf^wu3r91%>&DK!>{kG zS*?WX{P_!I?`~Nz^p%|#u2@O?jLi~d@Z00bQ^>w=r7tp8;6Q`;+s6ZYA?Jn4TdU+;J9jDf z%$EvovOia0!&w{SC~08r1$Y>-GaCmFWAL(?&I>eR+b|k=M}UVByTb5(Q;oz55nMY0 zUj$!JbR&5VS(IDHg}$>TIW6Ou*hZwQ@%lc@nRYWa3?BFJ+PD1UgBF&nGTQa`w8722N;f721Os@gK7wpx52L!e(ib4W{1UIgcgNX{37Ijcw2_wP4v zir_ph`m=SM&y#uH#CsIy_TaPndd}%q&g(7Em^L-Wx{c>)a=k)S4*Eatd zQO@ZdoYT`yroR0)q33h=bo1kRbm&9q&@$-I z2I$aPRXG&B{6p4$^r7f4qiQBT`C-l3{*ShtThTP|?d*z{|Lbqi+m-}m2CI+@oF}f* zIo7TD$=$ROm2$(A+iTiZY^}k*t>FY~X?5BDEv6ycYi=O#$7VHU(38*Cgd#(@foJ=Q zZ8gu6PvihXXPOj6Kj$mZp7)RiD6G{Tlb@RSulfbhBpSn)^bAta*(Z8Pn?@8wT{EC>77kIz8qQ2&R;JiRPH{B6EveIE4 zIqt^6BOhM%{+9DYx7L)**k0pEz5CeORf8IsgKFz4VzipY2F&^gS%Zzx)5Z8@o`W{- zQlqUc(8fmW9+z;QyNB4@MZ~mB4-MzsV%6#5LDpCov`b_KIo#z{6sf%KOAM=Ti*HK% zC+NjF=*fqnA8u*sFF4k;GUM1$-dF1Vu%;yPJVAdZ0sF`Ne{uPanwOS8Uvq)}{P4*g zHJ{R#lZ@>}`l5_@z9#xkb>zd2!6O^!)5cXFY$-9(7wny!tHQq07wLxw`@vxOkeqL~ z-tvTgPhLE0y;e2#O^5zz$m6>F@*p|iN*~29Gf%ZZBP05{XkYqi{q{Y_vf#(0zwA}m z1{yM;Z&BtZWI$r$c@Evu8uUyS=;TcJEMy?NL`LRJky*^e&Qw8WA+nNe#3CLCKL2?z5 zsm$lS6Pd~lz#FjfRial_$CxHrCvkSErED^HoLQAhfQ>Bj#{^zLrI|ChwDCXe2iK%EIqC9PN23IG3yDf)~p1D^{mM2V3Y z8w=Q*MdqWe$g*-DQLLi1*%J9Nj*lcnblNP)iPFhuB8G!wM7xbTN|e1{?SoPG1nRc` znY!)NZTHumcvamA{<^<97DnC0)Sdrl>dvR`e1F{wuByAhUw6=$PFInko4^M%`*H~O z4XPgRTkKdTgZE|6HKh^P+x019^Ngb0Ci?BseZFU9{Obl8V>g|#t9$Z0)?tjB$YZ7K z_2iLfJ3e{;^kvu-ImcX3dZtME{wHS8-gNK}U%cst{j9Vj_RCkNo$vPz@5$RsUX?N? zU*3o7RbU+IZ0An24)btlr};W(_!qusFOu(5@@ruR z%;mtWmHwl3guqO`cJc-Ce+leTuhjo$f7lf9&y2+nBv5bv6Vrhu6PPksKkw>t8U+~I zfuV!8J8ApsJTC|7m1DFH+f5oVp!j{0|2N!z&h}o?Nn4rygzW=p^j7=Fwx@Z<;>aku;tpHBz0>w0@nj?>uu13w&w2iKEVOeA?UaqaVEZB8hWXnWMt$)bn#*9F-`9&{?*#YwtT*4@ZFx&W((!L4Ewch`~qt=3!Its4(k(`hET>n+G`Wr)M&mb{1+bn zBrvwwy*AM|zt8_B{>!*5R+K5o`==E4`zD6~V<<4cIO>HtKM8`*crPdxIQK09Rz2Mq zr+1bZ<1`lfSw8B8;t!esa>nvip4;f_A)W#H5(19j5E4=Rl(u!w>Zwo7xdZ!y2Y7!W zM4R)IKaDAVHzZ=tyT5*Z&U+!F=DhdoF>_uB8Tx}V`wh0O3&+?_B9GC1%#nG8MNhD4 z$eyBkV!K@g4>vCvc~~-O(ey#SZDXH{Ss1cRvF$Dnq{(+lKN)e8t$oz);<2{fbHeob z9&PJbG8#LzvfO-oqRsfefO5owE?E<|VEI^EVE)B^F~tvq#Sa7frVhhm(z5+9$T!h5 zh5&;J94I7B>>W8r6$vhU5;5i~T(E-+c5orV_WY=V;)LZl*k(ZY9?%lNhcSA8Ly?KC z*2aJjcJLtqe6WKLW3Gu0Cx2^RcCu${@%uen=e&Pn?40-Ob`>`RL*18Qx9Rf?T$ktB zX#4U!CosD7x?FFA#;|`oE0!<59s|2MYp_Kdw@C1XU+jLJwAZV`VGuOsg8gsqSCTm#Mw3DaLY;L)kh9ku${nX6>?3C97wk2kvp;;sKGDIqPSPIk^*wuu_ltaQGmrG|K_f_u zb1ovSZJg5E{zs)=?q_x1ue{a9p7R;`dXD4U!yeRO9^vd8sq{+z?~`BlpgwRM{FXxse`q;_`5OBR`3VZ*^$`EQ+soKptB!DNCB*(h{2bC*6LxcU-%4ylN6@!G|E?!}F>sq{ z(+zA>^!`m8fLr?4$Qqaac^C)j-!lBtPUC0gHs3ms@3_h6pVQyJ@5MY*{aNh4ARmYX z7ov2Wyukm9;QXh&ztQ7+_6u<3l8#5$`SIv_@MySm7iq{8oPytihsGKh<$T}kdsgB; zSn$J0K~HD+IrX&4e6PVa;0yY>*ev%tE1ps_eoN^4l5SdC?FNsRV*}d;9vJ+b(ayin zj^MnkKUqTtF3UO_>fGRmp;J#AM%r-ai?lDeEiiP6UX*wp@#;w3&ncR=Ec$$C&I75J zb%=9x9ipKVya}CPJGd=ts>2*jJA>ixa-b2}(2AMRj4Wu!UGYiA`x1dFSqswp(}~*OV42 z@3G`HPj~(NBL5T1(zcraZQ85%E{Aqzy3)`4o(+W;Thk}8WMVyTvDHEUx(Yh=g1Kf| z{kSLUWnWCkE|-4y?dN`JX=|&wdYUuw@p`e}w{o^mR+WuhM0t)g|3)n%YLo7Vh&&+i z=fDwrhpPj4jyp?l^<-P3khZ>Q{cC_8WJV#+!%44t~&{Of7k z%+F49PW(}Q5%6v^Z<%Javw7Oi3-?ZSUC5ofle{}G44LXf9@Nbku&4H6--0bu>$K<1 z|1z!NmVee|C#8%7^6S1taIQ1x~EUn|az&!3dSKv}7>7A8> zT<*r{sa>VhjrK~-sU1_A(mDj+pAK<-=Q9Im1=n-=FK6Sn#HO@v_Fnm)|1ZGCTFCL| z3#@~?tK4IENf)dIe$IK>C*Tv_%C&C<1E8^+Y~s1URst>-@qo&pNhOh_FYYNY|-E!rM`CH{v!R#G|`VL zQ!57R_2MThdAwKU(aR%ulQa)$?ayYqg6j{|VGkKmtZ+uqI3r|z9(G&X(=%Lc8-R0U zMsHWVfpcxk{5Vhq4*2d&^)%jT;6US`ui`)vI8X@k9>9h`JP281w zD*dk1N^s4S9!6Q&W5WABMy4V7)A1-{@igV4C}+*+?F@@@d3=;<^p|OrGU1f5=k2MPq(kD2z;Ixl*8{u-7-kI8!ey4$R>4Q=`7c`}Hf-eh%uidY< zbR~u?y?A#hysQx)0C~U5!CAS0pHkRvld-X+h2NWwjqp}z!2#?l;<4*)!j?(HCSAjx z!J?K8nXGC#?lAS{3X^7yCmycIe4<&$A~Q%&NGj5>9UeNV;(Nh)Oyq%I$rU-}WbDC$ z)21UwyI>xga;2@2eOj_ zWGKnV5ZcWdE`|35-bJQx!K~#dBf9ju9n_;yM|-)0Jnc5|qwk=N1oA6W+iih-w~Vzsw=!M2-^1d8`B6l>aXwOX;9(Gvk@bPvjLL$SWMkas=P= zd7hl^a5*TCd~vd7l9*iK_e#u~Le6GxIYay3-6F@Pyh{0e+7{nQGcuTk5y(i8VSGaS z?{Zdkke1Ikfx(1)qD(tyo37#OIJMKJ(Z5XI%X!b_U1Th}d|KHxq}HSrCBP>aN}J5N zz);6LX9c|{@vivgE&_)_TPEO8fWwS0rO1EGwiCr4)7Py6Bi~jc`%y*Wxqs z57wZ8&ny27KKHAC9-qNu%df#_EBFi!3qFVPE_2on?gemK_EjC9D+QlN+ZJkxwl&B= zWIPn!Z{WR*cV$Gfj?+@l1wTHwSsktuVS@KJFt($a{{%gsRnsWq8t}Pw0!_au#Fh*7FR% zHy)pdW^lPV=sk<~KpiLO%No*>sZZ(??23Z z^3UM6E{Bmb2lV>S;&;?v#P5Aq;rB29B7V;YzZZbt(0m=gk*o1u#=A0N(ExroP>;~- z%lN&J`JN9h6zKT`zqgaepw)%ocfReUj^FuL;rD!781#Fq{Q(`%4g5A_c6EL^SRh`Z zAHO{T{4Uh-TVz*1JVwkP;#mrQUw#+b9jL>=?|?in++*N(G5DQt>qJ(y09lnE$2}4s z=`xN#1dcyQzZQVw_-!y23ED&8_=Dj1eEu)6O$x&CeFHe24~_#1I3Tb|ER5~oM({V_ z2geQBo5%>kagTxH#o&0s09*#18~G%U*qmL)b0miT`O%Q`ZD$Vl^PUO3BKH$MUgVy_ zZ?)6U1p0X;t`~so%-Pq{a}#p6P|nVSI75eVme!#87I+n8Z{?;s_{+!{3ceMeN`5;H8?7(FWv21@fQsyBqsw3%+XpGDRIC zZ%b5qMP^sV{<|ndxz&O_m7FOS5t~EHIJiaPC}*Ri9=JP)b4C&|7ingL zFY2)>Z<(oQgp3XKh#Ur*M?6Y7(;M+93-2j>se0kpYT)&-Xh+zSpbEJ>vK-`mb1LFW>u+m5A=EhkCE4UXj1#5fk$i zFex#!9v7Kwx*Acm+MLtZ{+Vyy!Oy~`NbJ%|#!{DQVQ&QNMP=si^|gKKn^$X&!!Ahc zld;~xyDmeeZt0Vo{)?>gGHj#Z?XGtwU-UgI_Xr#E#{hhBqz!Y9CQaljJ?P>JAgs@b&5RFugmfna;Ln8wD7 zp3)@7>9QQskU=g|w^a84bGXPLO^PQT8Kj0>Fa;T8cbL)}iwyE|8%F#8L>r=079DY0 z;`I71=8PEZ128Q83Jju?zRp<=3^KO@$7NaMh`#CA$quH?jjT_Z-x{GG>PTk=KFwcv zeXqN}4NvC9XO=O|6P$of$lL|wf-3JiKA4QS#TxS$NNYRioA+syqj%fwhL1=ma@;$B zPu8QXoxpclFQO0lHfcH@0*AmVYvxD56ArKCu{z!=g;y(JPMOEef-|DWk+vPkFt>tJ z%(ebqWY_Xd5j;btE;7($WaAOc*g0eFILQmp&{{q=$7cy$_1;4`#9cKg= zdeOOTA>DJgT0flUUh++6JxLrNLso5dM)~JO=v}8t@Iuzy2<9c$srl!`pfiSzK)m1t za&-Jb*i$lEu{&)QnV%J3kUZKHdEBS;vChPu)WBJajJnZe>9a6bNjG6z34SCIpTP~i zFktbwXLaRyS@ra&irNBe5jI`y`%**l=w{p1O1FW28l3vt{Wkr{9&}3jXm%7liWKUuG-DG?U6ot^##3h@_k z|K1%)Ph{U_Z^>yNiHr_8ZnAzKw#8FOOf`||F2Of-DRyfTmwy>Hu@dX@sQiGn5jf>u z>@(aYf-QQE4;WnPhB)X|iNpzLRAY-y)6b%Pv4@-!Zzg74>$D}nJ`{OLEc^23{67jF zi;o9;M$uyO3LNbtSEhyIA%U{uZ`OFr zEwpiL+P&2KvKpInoc*B)dk^3&IgRZ~(LSxxIdKwsTBc=_XNf5?XFWDlrKZ6}OMX!m zH^+ZZ$}*m3>7(2`o<|>##%zeI!p~;|cqBgVXV{CR&hbiHt7~6v_0nHDUTwe!O=1PQ z7$+D03)#Fo!I7%##RubY@8TG_JB2$61NWv7XHnwKWvdg`Iw#%+Ouw1dA#-pI8T&S5 z>|%ed-<3@n^Gen#jWfzF`vM?jB;@iT~$$ z{2s-oFPqqgMSK&UDjZwBgZQ`N58>QB?j~URXj(h#s9ofuu`AO&V>5fZ6El0;qE@Dz ziqGt=g*UGQPZohAOTZC{nN|#r;5Ve-J0o{i)G~f@xBY2wWTzUzJS!zt_;Co1L^5Z! z;E0QPF9b)phrZYSx!T+IMN?Waa329TT$E`9H`bCzm-l+g(lqh^1UK4FitKj|^6fc( z`S#${wv$b1c`{buMxg9z+VOp%_ICNG+t-x#UDDTqAC2J0A@BnjOC+XcA^6el0fw{W z`@AV_Hu(xo5jkRKS8B2p75<`v*aNIn`nQy)+^r*h%%hLV^icyxBEgY#HB!H?QtG`C z9H|0FmVhIb#B!85tYVz>dwqCc%eZUcNIY{=2#&}-rktI2i`{D$J_#~Mnwq?}d$_6B z9c$`sv+gtIBWxw|o0Vzq(tD7#-s6|GMyIx!_oX3s9vXZfdr^YmO7NZRMl4CO_wW8A z{XI^9&o-sSP%eqJDe*0({8#T~KU`f%T^cYqW5Ztuu1FncJE`L&bzERhpsyF9_if;^ z(7$Qu14KtAb0_ap1Ns5v^FQkLr*ZC%#++lCGkE>nX5xFRdJ`l zM|?EEEog+gF0R&(kEQC+qIKX}^1h*m+%@1#E&ckiDGfc59=ouLGPUY3omRCq2I1nr zi>@IjwW~45n2SbhYTLgzrF~!K0$dD~({XW!+S~mS^&V?V`wr<#)S)@G;9@1X2z(`x z;9~N=VU_MJwErym4mG9akZ-NYnuD)OOsy%RXzef7#zlaGSKqT0Pyghet!!{{Hn=GM zC&D{Rz2m^eB5-jWxVVV;3a7bWwTLm2^{??>$X=8UF6M!Y+*PalbPFyf<1?ECE+*@^ zc;nixM&|q9)!z2w%u{(BI;PpI!P)*b7@6Ak+a?_cJ@88rl##o1lN0_Ae)(3X#WzhS4loPIt{Kld9rC^14B7-zX7Y%qSkrNATi+8910+(pAT;nxHQD|8$T zcb=^TrVZ5b0XP`IA#m#7&Vp0OTSc}bIQ6f*3m%F*|0eh>!KoGSVEVT=z^P>hPQ|O> z6Y>;y(ch0x>)@XSpH6_k9kg>~lpn9A)8D%oza7Y2nb$!233NDabU0n;a72$N{767& z-0@BJ#;1V~Jxw?Inqa-LnY4~_%A$`Ey-c92p=-71`qYk6xrZXJUg&%tI3nk3S-b9d z<+X$H%B`X=Xsfik+`c;uotrN-wWB=3)s^_Y`fhYN+2B$)x}5Hb_vw1xBJ`rdlLmCu zZIwALsaIrHGS4$PBUD(G$(_tW=l#I;hNIU)pORRs>6{PiknMIdAD!Q&Pp>$1nB_b1 zxQU$!EKi5J++%0yI#JKKoGbOx*Z?mi2C$WVpy21|9Fg@)+Zpg&!f$ml*Bu)|T-}YC z@C})MzQL3#`b*L0O26a%`EMY9JM`wn(`NLIndoLS3_SL!sqN??+bUI;Rd7g`nP*Q4uN%flG+8T7@kpGKG7mM(fQlS|gC*kkOJ@e8bH@TD#=eypjJ+*KJE%k9DW z82jhsUG^RSxK{_tk#=)n-06$>^?ijt=RlwDW_`ZYls1xa4bbNX7j8F`p{ z(QV!ym>b;G3!Eu?tGS)BWwgKA!v0=Zo%&=kqtM`y`%*90J;@PIOm+9NzwTIlo zxJ{vsnx?d$Q%CSUKNj>iNyDxi5{_Op?*XM`JM!%$?h_&2SjlwuiDYz_-02lFGt#ly zQ%WrJF$a)eYK!xcd1n)|%!+=oKy;T$?Y6B8;+Hp!Q(79z<9iwsl@|OOd--i*ot1RG zx+aeDLl!3=jAM_p!fS<#&PI4M(Q7A&j*>dIQAa&>)Kf=2b#!s&?@ClQ)#1+|^{D7Z zm56pdmaIk`ZqaS_KXLh`1k~f4Z_sqi+`CH>BTZD#-+1i9^2w9>{{eO8R6u z*GN2rgL;1)^fj9pXx4{cp+95kPXam-<(D4X4#00c*O+@X{Nj^tp-h74pD43!fBfG1 zSfvGBRFsr6q34pArtzx!i0HL~{bn?KzO4+nG;{|RbRX$QqR*Rn4}Y+yH3K=nDG9m% zgYH(*S7atFu$lQ4@C|(4op2bP#ngOTdT-SEW;q80^}9Vx>6bB+d?G6noq>wovi-2= zdN2F!DAbh%3=hbeo^*K^yA@x#_^FtYQQ)KU1ojO0jogaNra7!4w-K3_8-DH<><;C= zE?u^Sjb9ru1Z15n`7iRicJ;?oL}n+ku=i887P@Bq|JU4q_2 zu`Y0-3z<>Z4xW_?dTwKE#C8=~&E|xCYpbOnb~R~j{}Xr6?-|HursLma_{$Uq-Ag9< zW?-8u^2L4hQzLdzg{r(($aru*JFi$Aj|;ERsr>l1X8a;VMpWR3zmxVv2QA;OZs#A} ztjp=9mWy|XG3G|>Q@MjH7C!$#WJNCfp2yAF6x!c4ZpHxJ3dnWlGl!bm^9wl_3-7sx z@vP%+4GXv>Jf+4v2g=6e1Ad8 zLieC=&yprIPR6^G@m|GPY%~9STHSu7rLNr8Q@22A5jmZkF*p2>vKZI9@If+UTy0!3=SG*My|LDy! z^>|bG-Ui+HM`8xCmbi1$(GM&or=ZtapZP%DeA{To*8S^>*21TEd)>Q!?`{6wNqxQ& znVX6;|JIsy-(GK0e3LipU`J|4&8*X6u zd*Bw>R)T+`Z@2q#FnCWA-sB=WhyEw?q9oa)$41pnQ<4qSQP!U z*5tQbUdtzkylXC<^d`_R71%5fxm!oeI3~^Kf6u^wyYgdfMx3pSSf9zh&%KgoH1L?n zw`f*X>&(QR-Zj^~<4r#Jxi^tCnLF8gO{&swQFa>T`i(RP{z6X)-f&mFDf&sBmq`Ji zBrfRza8=>FFF2*IEy|B$PA=DRQmhPV0H ze|VGLHP+o~)|aH!eP?ZJMeHuG`@o0ZtX5;~Nm?dp^O*~C^b);Yp}9|CqaprU$MgAZlxE_p%)qZv_Px-0_UVo9 z+`Zr$V=#zzUi|fgbFS`7Sfn=R<6nO~=fxQ#ir=HG)HBFMJ>*@8t#0|B9w=V$yN90) zp&v8oQz-p-aq2?b3sWDoJx$ktGm6bHEF6Jr=Y*OUmf!)Y0X1xTeZ>Ky-7jzSLS*; zV^Hx*b*uZn25;8bKYHu-8aQ%?_JFPM=UZ9}@7V2a-uowS)}hb6G7m2#J!o4%noif5 z%TUI44DaRCvjg0aG0niP$_=h239j}S`}`{MX2=>An=ASuvFiS(_u~%wfWJAk{Iaim zEOcX0U;eSIyVvEqRoUmYqC)6op~PgI&3zs-Gv~&i4l8jWE324TlbfX&c{Kb-9{py| z8(M|4Rp+aq+X1?g^k7wM)~p@gq^jR|wYQD$a&A(v=@PmKzr8dGn)eKP!ioFC6&R0-s(E`0nt-_mrGD z{O}3Cab>=f1NkC3i;-_&fBS1;aOg1PLxZ42iqbFfi?TT**T)j^J zT6~eQOk~Xka9(5%$s*5sFY5d%WJMBF{r}B2J4D6@O$gB1z}gj>un3y42$~RB*8@EM zHE4p-j~^dPKd+pxKkl2i${~FOAB1Lv2%oGW$1&oo1Y)aP#&hFbDsyuso?m-zvY4Aw z?3n|&;Xl`YWp00U?ec|`{}bhfe-KI8UUgj?MLnN=vvB-r$*18#hi>QWt$g z8Nzc2I$o=zAA92-u{lsm?8HD9{b(09SLw(>kxdTi+P@}F#nx7Q_2`ElyC`taeK_!X zN_$#!RBPppWuLdsQX?wGuCjx6v(F#cVpZI&$)~w@N@;IJ2HzT~xV^L0$jUjugubvc zM;%;=U9V>*cj?uyTvI&_*hQ}pkk4(WUs8|6?w@(U@#0_Q*da?y zu#~c=bEz{YZ=YJCr_o*#X<~B`fsVU~J$EU3OAmVF3Fx5@p@&|NuKN)B$q78g4(1SW zoJO~dzIniwOZ4LF(Tg7;4|4D7dh~@=JVh_Q7QJ;>Y*lsgd186dPtk$OyjYcXeO{nD z^O8fAO)@8Z)8|BNz-3ObGp)Qr)`p#e$Q%{$qF^%e68*f0E$Ej%@zbwNCYG$ot?Q)U zku#2kmz`|Qipi>!nA3h=i}O4DXn58{k`SzhbgAKvmAzWWkOg7el!ZQtNcC!&;I z^J5F&JV1=DtO#XpIJ%Xh?>v>8&HXevD~7}_UXg9Jn#*#twpmAVPkC%sS_Lt&>cYEC zWkbR(;Ul{rRo?nufif4HqK&S7QJYE?%eWcPH*Cgpij?cDrxMNjoQNMp*;C3T?66|M zkMnl$cCpVlW$S&5_bSiZqmJ!wp*8c4k5)=nF>fa76?kqS ze~kbC2|d2SVCPD$)Kwn+&dxiBI$SR}LW|#b3@W~7RH^HvBdj<&GrBl|bLp6n5kJWM z(}Tr#@?7wzhl(HKx%y8J7jNV#^ibh!Ch`!4^OlkXEhbislC+TD!?sDIl}(w7+ES~= zc(z^g;V&5BtW`&NBtF}Wb1RPRRznV*Fojf_%%(#tS353^{z={?IkQW>=!ni2FfJcJ zFWa$yw+tdS=cA6d(EI0fr7LfBg_h;&|G%ZYWns>4w&eMuO2oHA=G*c< zjGkm>{PL&e+en*augbTT7GMXtm-9wXBYsqkL-N9uk|geQc1J01jby%Leuj-!S}t{} zo7R*oEfvtvt{tZOHRz(;iH=@)wU*ArLG>4y*TVUH8yi~hW?tR+4_KlLZQ;>Bv{{h> zL~v%c9zEF_F`=i`4KACR!@#@py~0b#mr~q6!vDaeOs?SG?=IRa0B%()u%*CHWxzMB z;$6-aGDqQjOSwaNbL-;5OESh<=I}S**`NDEYT322bW@ z?BnUT@Fk!8$njP){MMTL3*YplJKjo3J`{I{8fqmzK6V-5Icx4udei+a$6I5Qo8!(9 zKf)KnJ>#qak&#MS`Svzni6)`Xw>^Sr6y)X=}Xdcq@YYE0@wvgncWn=f2@m9y*$v z9HVTKeC_nTi+-ikuL#by(7@aBQ<1|?Ewq)gZz-b+YO8p)I`JTcz>B}c!%H$;8j{uM5^zzN! z*dk|JxbFUhvdn{z4!%mu@H<@w&Mmtm#^G8m@wFTw#V_!bHG0?erLOn+FKhKAPg$#F z=zg|gWAYBR44v3gWUFdRQHIiDMTci6&A~69pXyMGl~LOU3(d_TW+nS;ipUG|8Rz)W zC%q2N{}G=)xp}QA;*h|T|BaA29(*T?ES5t>z{p)1hYCWEPfMWP1czEIbu*T`Wt|4< z7Cvnpb&u2Qj_}ABiQlE1No8zz((kp5nS5`4Z1J1SLyMKXdB9OcJzY~Ay)woPgOyv? zKC$RcIjgdETky4+Y+-#KF%7atL4VIee`TGue=wt7_CcYAOUZlDEVf4$&pV&^<~5Li z?I2~-EcN=zw#Sz2tul?M4A9^F$8Wq8ppnG=9iWlmNbC5c<7GZ3O6-($<|G+(X*u_>+Ccn0`vErZ(*J zH@%Mzku#Q@OB6dkarp3bGe;WhUDj99W0T+f7(bp*(5s3~fCdecyh2w*uA)L$EYKvO znE`q&=eKUk&ZO-7#7E4!@0)M-v9_e1llZNOKC@yFbdWsK-uD(Lb5rgsl=*FWUtni` zPu#-y2y{b!-#VeiLaURY&pNDC$m`65QocF3XNpb-n17*%Li0TE|Dzu(+MCJ#n#ulZ z5}F6RnU9UT#9rD`3g4*;eo-bRQX`JOvdOa}bkivU7*@64zUeeiSHZV7ouMAl(a8Mg z-#776c7oD!T*W?{I+n7pey9x2sa2wiHtpIFcm7M?6yn^*q}z+3%Z|Zi@D7Wly!623Oi6mCBWo zF_px}J(R$nYT_4|Bkonu_f*lrS=bM|@r}tw7cFoekDw3Gfo}SL3-G(maXB*f$t~I; z*)zq5vc6RI*SH*LMv=z;N*#0K|BpeNuij^q(BGRVC;Ml@H1<*UP9-pZUf*rfW*6r9UEs;Lo>*?@8ZQyhlWfLA-tnYV1Yx2N@l{&pDu=$A1p+*$g;GO&1-*EKX zIZqyE->GCAj@y+IIUglMtHq}=eCY~!YsVhJ87}hMbc%T`fHow;2hHI3!1eF!e2M2r z1ALM2LIRucLc${nUnD%z!#4VHK7qX_4_idx4G*#}xT#l*v{b^sA5vNC(l_Yd`E5b4 zijOL^x?k=%3?7>b#)iGTg}V!#CdMY@8e^j|HdTxbd*Z;@NSo@P85_Ml#%8Og41u4< zcFNHAfA-xw;koaC_nv_b6+U2znegNpOHbc&K##Q&;Mv6v;GRieZwH{*?Y0N$zuY06 zwIcrBnU8UfTJucqq3?)X)mn6b@wehnuKy>W_&uZZ9U4A;eQwHc47&jf{7CkmRk_Y{ z#(Oh+n1#Cq?W&d|Ja0GgOReM|_YX#$3#h04A#;?9FS^_cn;dy0GZ3XL2o{zx0UM9?|}; zXDb-(eV{!QW;n22XE zoo8L<+T6Ma-*_a1ybFnS;GX+TZq|D*J)*~sOd5lJ;|AMweD5>y!4HYHBlG0{2z>D+ z9s>4H5^F&0px}ol+v!u_T(xaKJhhAgX<{Q)CpJ?4yutaz{%Bw>;elkXbQ>1#PD)1S znEk-&+=J2j79iRPMn(eQrF9n49c>_-StVm&QA5f8K$- zjjfAb*y-)6d&k@LrJ*zKf)*#MQH)=KZS-S>mqfNNy5gbK*Om5k>&)Yg-kHtsc@IRp zbse+pVY8tdvTw*fA+$q#U!Pac8nF)vnpfS%&5s`{ysh@9#?~zAYQFTjSLjuMS8iVa zbZgQpFM8c+A9%BVY3PQ8j+&59if&M={%LFTcVG4-m~I;!TE3>{TK zSGIsM(~*6N9xEg|U)OhLjxcmuLOaBUOy$|c*}$07eRW&j^$nj{{cP*ZSN`3*=z(_` zzn+2dd+!1~9C)1^{*%`F7vA<-Mj!BYkuH0@VxMnY&HO&Yz7eQ5P^aL?|H`xeSDy9X zA1&7I-#HXz9;c#!CP7_xsxgZ`k`T)tPs0Kr|a$C z+9Y-`?2DJCqo-*8{I{*my$1aZ5jxoXUTZV@-2k0i4SmZ@!ZwS%qPy3WH(QhL`;E5{ z+bppsP$)zEh1QA(k9aFS^?xJ3LS9Fb=!>9*4)zcKI9xr}^)eRzv7X6T|JiY7Pm}a( zjvjsk(+lTF7jKM1!e)m$VgmRb*tca*(Z^r( zmt&$zMq?KcYzr;AW{Le%&YY>};q4=g{BCp4FSN4Xw`xQDx=8o|X-C6$TlfLl2Q_TB zWq;Rs3E(RuJs9`3Uw@|OO`y&M`VruZ0(dX$Akc=?BYWZ+&Rp7ejdQf##&-?-gVFFS zN%S3il!_E7n)Gx*y)^)uOR) z={9Vw%!2b}Wvy=8Zg1gtF5|t}wMbg?(4V$ew7u=s3NGV+Ag%7@e{Ib=*XXVL{I}k~ z8k00x8*cchEchsc_c7X%bCd%(?5vxLchG;KAE{=~|KI)nfA{zQj{W^twJv1BCq&seTnjQ>~r6#bBIjF}#jC*V_*$^16|1)m~Kso31U zpZiC#0dC`YwV#iS#oz2tL>w0UiKaB8R}$Z$*?!nNeb0WaKhcaoVt-j~!jCHq9X0+$ zPY~;Ex@psYwNH^-Q9cUz6s7*b@E6+nAH?-i@D~z)Th?E2o;9S2PtgSO>fd)?_91dU%YH={@hd9Cuc#K;GqGeg4^u6= zUr`Kg;#bt#h+k16v_;ZOP4Rt)kZ0?#-~-kF#Fce^|389!jG8)Z3H*e=&yXj$t^3fx z=LcxzWjZ^WyvW-0ydrZm@&@vCCH|6F!I%9UWUU6`A0~lkIxi>j5c}iL%Q$2Or5Exp zYg}Z_Nj$OXnU}>=Y-CKdXJ*W$T@yT^!y&ZYu;uSc+^@?@2j~KPts-=xC1Z1TLe8FX zy-{-`j{NYL#9mm(oyrnJCJH-=!E)y<_whC!QA&<*_x5Sxv$)9rGP3!@YD7-_5r_Ab zxeCAgb=B$UFc%SrB8wOXCZWCXoGHMbLtjd1&q3ehKIuHlv;l7p?G@4965118+8o-; z#y%yR_G)P_oAwT3ry=m|q`gXX?S>7C_%R^s^TS>Q?6YWR9qlyw`?a35qm+Avw2ibA zJ*4RmG1qY}M1Qi9cFGc(s+Gfz&FM##l9-!nt0yTj&Pk(l_H3mc?w!l21;%scjd4}n zYure`PRDGFJB%Ha^ea+$X?XH1er5a~RV~&+Q)EuOOD$Q;d|(@v^Xo?6vjVGzJ%F4E zI*8ktN!&*JsO`m?V{5B6*{~5CZ7HxNrg8@jys$h~-a}Fg@CD%v%JUB9GE-Y^oC}?JjrL8+*bcx?o2f_a*37B+DDV_~%%F_e zs@@>)V)M^a&aZ-73Uebk*o+UO$X~-%#~y5Y4rcXc9g@Cis+_YNn+0bjuBXUgiCLDL zy>jjMto`5-|Hm`0bBK>BF_gdy?w?pkJSoACHF4l|Nf!5$Yig`DzBg);2e_5w0v+yP zd@XOprj3}EhR@_>JXRUkz*-a8x%9`(nI?ojh<&g0QO;emJ_OGOa9&l$$sHr{s>3U> zBJz+k$T~`cNKje0ED z(1l|+#~lTGG}6kHo;Sj=t&{J9uksXIyT#Zf$(|VSuMODJ)hB+tzL2&S)7Exu_5NI2 zGpQ>(sI67Bl}+99UD}do4)4;|R`Y*O3$%e9Q@!}A*U?Tr?L2>#O`!BiVwhD@wu(B| z@mtUTqu2)4VjEb+IxkY!SFfk-qXYJV>#z?bmWkgcP-M8K|4}x9#9u2nYyy4LL)kZn zu(!mrZw{^RH=`%R7dJT0M>BLx_jfJ-evjA=N_+v)t(o|~UG}V3mg})1Zq(ycM0m3J zF89c9<$erT;}i8SoA2*ggZ-VXiv!Tp8?JZswS%V}#2Fg%pX`yugy?@_9x&X?{+5g1 zZ0M$f-}#0+u(!DSyYLj-hzYj{I*E4;sa-%oiId#9sg_E)?3&OOD>@zLw5UDO-@E45?}G}Z+@k5t${ zCf&Vf7jfIdP2o9WgL-wJPO$HWLt{fpbM4F69LS%|9jh--nOeUT_#4%zB0I3p2KJ@2 zv5s+EO5c|5JG|v(VBY}jfp}+)zY{2#aRT*;66dUK;Qr|*Vh0`7V+UzNDyl8iTMNudH`i7t19KO1o(#-8fm!xXfm!T>1mE2(oLytiF_A7Z{Y>sGWa}+kFwOy=jpL$cn^V}6?#_jxm)uG@l8-NxqsuIsf-_QjR{f;Y%**b1A3CN|JZV&6am*gEl37W}sfu zD*|;%I&H2Fyi47@|6bZ8-;;bFsDnDE2G#K+Nt3ub)GaYW9+h{2C!QE$@T$`02h=0H zu3iV__XpldYZCZ5XX`OuXlrjEjrQ}Y>vecrpLwW1hSIRU>Cg@7S35CDx)SfK7u(x- za7W@0tT7F9&g5>~B(pL_#`rdDw58p;FCRV@h}Yntd?7I#D_G|mvBc_mHku^va)lnN zk@|AvUWwo~B_1Sglt>(6jo6Hlf)D=wPLck~c+sBh+xLSndS6LDMEsEh;32V!to8bn z{hz%P8*csn+$1SWnXBnRb`x=3=;O8016^m)m^_!(nb z7^bJid>SVJPWi;;(tke&^-7kiNjWl?S!3iVO|ev@K9NynkSilvhV0|*6PN7i~jy`n%n_Z zU;e!w@efGR_r`Ef9r29o%-`#g*me@*?r({2cL7_AKzylEQ$*2t_F2I_oi05Cz6dQV z&44cX<6ot#se(uO^r_Tj9d`tn^_X~LE%j|Rj6J%sz^%8SP z`~^~=$=Sqj6x;t=Q+UzZJ^y{N@ao2<5-0Qb)3%j=iU zCUHi_18)Pc{!Q`h{CAxP*7v1l25%!gOn{%)dG4gk{Jnxq?nUOp&K)T43yz`lOO~Ii zWv@XlBKM{w%xbd<&nq_cLYETuw)y3EhFnwRj+ZzG1=>)Mq5VX!lY2`2bt>GQI(n9V zS9FPeuU&5g+LtY{doqx**{LINe*bEH`TqL23sbM}LEX-A^ep{;==1iy_zlAUQQyIM zHN%_1-2{KGK9L{A6MI_D_7X2y_;ER7iCizw|2;Skc|Pa(LPgDXn}5uCP0CvIvJ#_5 z%EqhVMRN9*vqhdi&5~-QiB2pZn3GA9SoGO^w<;z*9=(%zckznJvyXJq0k7oQ;g^dU zv7pV+YGaI(ra87S_U9MuT3MaBtBg3`zTqjH2dw<^pbrIohyklcx^udxtTU{U_k}W5;e;@U5LVIM|TYpTb9I1GISqI>I{W`2qMPU~v}0OS{bu z;=zV@%l=dff1k(w_DT~lRkNqEc`vm5XdB2Qne;I$(S?yQguevuN zfBxI>*EEYe%^6Q+Z^C~G{+ebHZ;E~@d(m(H9r&v-Zo&AwQuawbhPYX``Mee`Z$$^I z<8sK?<8mA0{&l#lkajIx&c5W+aas0i!R03IbqvPO1buz{1^ny_yG{7!0InzODz8>{ ztwPRg%u@hwyL)`|zW6hEE4q*X9{wf#6&=Z6!c{jhsIG;pDU83!U8&P0*lXgo3W2-IVlMTq64I_5aFb z;+zl3A^uB_s@$66uOm;rr$o}rDKB^m?KMN%-_(*Tww9}ei1b0)dOQrKF0hFeayx0 zkbFU7UVX)wlYZ5hdxFON^`J5L1daJ?$?%Ig+|9$7znJ)uz$*4EOZLFvF^KC3+>njjt1^=mGl|h zA1mKPMkxNRdE~M49=PvdDSLRH!hHtB(%+8VuZKMphoZ?<;mTz8l%ny(Lq(3zD)M4i z|Di2K^ab1TxstYyHC(KkJZCv`y`n~WLck>tvX!Dp<+aoON4Fdb%6k~ShT!QE@}D6; zatP1I*r^K7S|PFO*v~Wje6I`b)cSn4_T+u_u7SWk3ZFu!#h>vR&Jg0$DEEKJ`OCQH zTJE#H&bgkn%lv@cbv*)pU^;TEOypJ>*lfRBm;EQ-aAJoe;?3;Co_SukelM`xnX2f`@!lt*CUgGkJjVPBO95(+CgrW zbNEx=t+S$yc-SKUX`~$TdgS-SjJ6-HUhgm0!M)5?loMQ(*zGdLH(vDV;~zY3t6AF~ z#*#eFS;%NA1(*F}&HDYtOn3zYf5LN?5EmafON#d4d%CZpIB+M)HxbNHB=XI{#Mv@$GQ%HjLpFK!{Sk8S@9Xz3 zuWv+GhKzG_vq`H?7XI@8Ved=eqO7|ApJy0!*klpQg>*nvHuohnjRDcXg%I`4R(50) z5SK(j0kOcr6tq&Y1eaoUOA|{I*Ff9=d(&P^a7hq1CMz?||MxsI4_wAU)UxIGm(S-g z=ehem_uO;tJ$K^`>S$m4bd1TC-iofY!*7k`=5~!8U9fACeId}oV|F5Bzc0>+ofGES z3B#`7?VSeO32Yj*_*UCO$mZ#Za*aj##(;N5af};+b;;;jY)+cvt5P-Vj*}IyvL+YXv{?mJ9fe_VhoEdF)ci zYRnavP}%rhm@mTaLpIj^C=7CPRiTL|Sxzg6vM|QhV^;G@K)*_=TXo7~cf(!J~EO(f3m*K6o_+G9;7< zUjV-!aVAQPBj&jPV^zw7#sq90^rnXr@^ci%?(^sld6XA(QwMk4OJ3VmFPHA3rZ&~p zUc_f5*muTZ{g>`XmLcu%v%EQEt`MKj_RxI+M0b9V?lupEty>&tkS?mWh3>>yg!X%O z;eCa(owQfO;O0i0yTJJe+|6o(Uj@bnRiF*_`#qZwBr%oCO0WK2G>6k_OQ~pP~7)gYMNjn<}cgjZ7v(=WN!b4yOHb_tj&Cs;GOrwCo!<+ z7?FPFX)lHyoqdpZrv0gWd(0!Dor- z>2%j#t|$A<)iZO#-ny;=*zz`5)5H2P;@jQ&$h+pO`kY1*zFm;MHO^d6ezHDvuH%y! z+UJsp{N#AMl4vE?f#%7Lw2}+763&WfXytiSZE0Gqk3#u1mvCuYlIETyO>|3w|j^ zxKA~#M)0HcbpwpW>~ZcCcWgK;e7lif>?gXK+oujQA2rUy$R77vmEm5zvfH1;zy@R_ zOH_|7XfG+PS@Jk<%_A)W3C>i|n!TjGKX^y|eq)L|?ghR0h05LLdzCxx3!^>C3vj1c z$()3WkW*V!DThl`HE&5TVd+&vF!+FcDSdXT&9@^(p=$tz3i>7sFy3dU2(RijseLqPe>SK+yWa3AW)^xXn znxDGV+o6vdXlQo`>+MFr)7crLx@x>}M|_s^6V4H9+Q<%Ll_z(XJh{8%aot@a!yE#3 zxjfp}U?|7}!@4|-5oqs#A!LDq+#w5G@vFc*$Q^Qk{5X;qkOwqZkjt=d0`foxp03q1 z5afXjazG}?0q6}z4#*$}>=M=Yqx}CM2WW3Mtq&QZ|5Km#!8@wd|A|)A_laJ)Ki}O( zx|rku=7n|EcpFooC+v76hYk3@|K1pOA8bo^$gq0l5_m}le$k~@62L){!cr)a;Wbc$b^*EEx2Ad zbxIZTn|d6Z1oz<>3xn?~YTDvn;iM8($Sw6aJc!2O!3!$vURa|F`TmT`E?+$k55Sw^ zQtaK#`TV^K_whSavUe&}A=}k{$?#L3hobxfguR?=Q3l%kNqa9JY0RwBjG6Iv?UOO{ zll%VW!R|?WGyabAQ}ObD_xY)@^1t8CWC$BmIBZP$u_v}Y)p2rP2sHbrfwQL zlYl?K*dP^S1AB}OY?~Py@E8ZAzPi-gpvU$YvagX%%7A-cxOarUIegO?A`!o&?|F=O-zdtD!Newqq9 zRVnOL9cc}cev9%`L(c98Ng0u4?9(;#+|iOl|rX? zXY5qMcQZOYmF#fP>9$l~9Xj1$T|otV*9+-%J?Lix#j=Xp@7AkQcNeQ_cV1Lcd^%4- zG^6{*NIws^!}tJa30&|?^A11F+@nFyYHV6vG;>-z&HP`qY0+FZ5o=4tvmQ5|=;zue z_wnZao%(rs=YO|;4(ZI^UxK&&CQ7EdW8Vm0Ebr`(H4GcfN1cD-r>4NZ#M*1th<8q* zAJRI9cwSaqEAb6#WlD2c4)<6|uogpeDm|?0bj6%kYKCXZ<+k|k)!7#M&^irsXt_;i z-@{nz!TVWVu?NChn&o zo2Cuy_|89>V(qyp&CY7x>>=4jGEt-%rDuS9E@&N(<}5Ual3*Q!<}P|z*PwL+saYIo zg!5~-6Ur8{);bMxRgU)&4nwvo)O*TkPb8)F#J;clu7|sNdU!v@5Nq^C*w-#eZ;Lhd z=~!#8!FzzKafbCQY$dclpY!AEgJoC?&-u}6@Vr*sW?I7@gSE^oz0*T67Z%Rvs`t1j z4D%|x`#}!g?4$V9M`%BIlQ;Xi;LW~sTsq=yqV?NqoIl{p?|v`<_FFoGvEr!uti}iU zrL#=AUFY1hmplo1)4uzG$g2zDIb*+O+1-m+V>7yieM=L{P$s`4IIn>9^2@z(?h5yi zUcp#qH~fcVof>z(=3xwyC%j{b{VJt*e-YN_02^W7LcMTa*9ti8nIZQMjC&Ny zC+z*kzHb@d!Mg_gzKJ$O7ux@QXU=HsGZ=-u^@Mxi#W4}>d7Jo5)BSF&98ve}rtb(6 z9mRJ9&%&PTjP>axydNWr&hi%SEP}kj{=Ho_dR%%xyyL>YCFlwp4Bbt%kaVfwHbManaDBhXN#e0D?MjHt`MKZ=|bpM>SETD5D z<*mS-GEK^LQGHh% zXMhKYjy%dh^m*8K_-qmHQQotoG2ss6&Awf@*G%1}hC9{o7dm7ABe{9t4ZcvkDVT~k z1wHVl;6J5JtwF!0Wvlr|v@7kqr@fv*ps)BgC(VnhHE(lbKbr{_2KED1A8}+dTsaK zHzW=4E~N8&ruBQFQ@ikP^+{ywXw!HXIP~Zp(xcTR6Etr~+G9M+p^u%0o7gw#PSvj1 z_d??YX*teuF4^-E;rd?#KM~|PTq=w7KOGo39Cs&czyBxFz|{`-C4iSn2R6Rhr@ph5 z?iTQaAN7qdk#E&-F5T_Cx(`&fZu*|16Kqr=CfvY(`B*zski){8o^#<& zJYJ1;?tgn7>HHqOZ7J|d?jL`5lhXO4?{0Q~h%!CMdz*hondqG<_C3=lb2!~|xF_#R zJ>K`FE_V2L+q1TJz}fYEP2ar!5$7y$-aC)xqBORu?$4zg(c5Z9id|%5N|12zRishQZXwO+~FuzH$$2ly_4^!|~ zsQR5&^%^>je?`5lYaG(`A;ux>y!C$LkZ#b~Ymx4J=Q zjKzF`3-eWu+oeqhaSx&Pc#Otrv<|_J$Hz4{1JECEhu|*l_7d~g)n1gp6lK=cUe-F=i{^|pU#B*rI&0e( zfcSvzmtx&xN8UFgI#jar~ot~TB*N% zJLk}RT#w#omtcKC^PVe*JqEZtJrwVZ+u!*lhVJFb!92Va=T}Ng)Zb^-^YW?wWZ%{? zFRviJj>lc9eWRpJT=IhmS^G&TVH(!4u*mFMS z<^gyIGEm3docMUh*+oq03eNB7r zC6<-^awaaUNNKxCRa1IQbcZ4Gqw~eIzk_Tm za>x~5Ko%etG;NT#us_(6yft!}q6hgAi27^K#Yx`!p}*w}Nvp6Mtf2?&Zem{~KW$rx z=oduw+qkl#=9PSvdk@?dkNpy4a|*^fLCA+oD?&zWR+a2Lt#U8>Mb#Sa2l4jQdiZ6d zZ|kEhtx&%g=^J@e!#+iMS>wLOM!U*IA>Mk~WFZcZFxu@#Wg$7M-ENfMdgLegffvMf zW8IUf{95fs{*#fPcDtFu{UYAXB0ueR6aA9mx6UpQc?P3yk)6LndmS7+x$^=1s`rqn z--4%hssc3V0jz(K9>D#9qzCTEsJ~ooyw6{>sZgKckS^rl9q~Lh`l~R$7v&(2zDVyp zQ#v#sCpn1zeMb&lCG>Z^-6eeccD_peeYgbuz45);A91$(2F`f@S#x*s?nhb|rt_Uu zC~r3AHm}j#h3@XceO#A&49|5C?q)I8++Svhx1kR&b>!7=L({qC4xq^>oIg$5qsYJ+ zZM?T!rCN>i=1vB9YQ=SM)S2QJKOUEC^7$XhupQOGLItzWNf$jP_x4!W<4taRxZ@4PagM|E;E(SPpego4hVceQPB;sXJ2}k5 zhmA2ZE}rk5(oJR*(v9m+XTW`iaWTbcOLyF1C37*iknvnUTKnhhs$nNp-(N%L)w6JS zhb#g2aar4kD}d8p30d)CZ;rp%ncfSQC8S}`z(uU1RAZlQ_s({xqs*QgR|-Fo7J@s@ zW*gqo8|U+@Uf{X12&&^E3uL)Nq+=XEuUyx~k$EVUhc3ws}@NnSaz(Wy^&N}Dv2BSq> zpi_J+HJw}<=@cICVPt%Bt#`^Rpbzf$A^NyuotEeW*)ATanse$R4PyzOae<(9FzBJPq zcWM$`P3|1o!fgYyrJCYv^@| zWR8p0#s6X=D#G?a$GPuSxn#KU-t&Z`q`WaV7>7oZvL zu*xXCyEp@9EAw&JZU*inT3LW^XWqCD_XpkT3Y#A8Z?7=EJ+;!Pcxq+O;^L)kc1Bkc z4a>k&1$^4dMZ**sZEnX_n%<19JPKaBihH4tf!D5q*RIA!&f2)AZ0T|Eo9Wz*nb$zy zYw??eUo-HVsl;^j(fEy-M|VV39tF+PT*{Uni$9!sJ^pB>Iq23$Vpi5>?$OMnpy{>v zLBX+HNzCO6k4b5FcU=8^a#nT6SV zmhy8=Gfn3n%e)5s8qekT9h6S@*XQ@f?=_VDTK18pg&!(1>XCj`yjf;-e4EUx$p0w9 zXXASl+|AbPS=xqcBg8$*o8|XG+^c$R>gw;llYugRYxaU7!)(pbrALvDIr8F=Cy#QN zpgdHDeD0yl`Voem4CfkV_I>lvQlq^_b(eYLZ^PCb<|}#gmAIcOKa6j)ax6bJ z!$^WL1=7QP!JCx>(^f_xU6U8aD(&@4mYVP`pVC|+hnMAFxjWz6nm1X=p-+@xzm+@g zhz;Ql56SjS&Cuf&TOr8t-wG;GG8KCA-7b zga0ycK6oYZC-MCo;9Fg9iL?W6TVj7)3hpuydAcp)T+(a1GGE|nBi!BB_SSsNNmCDf zy)^G⩔~nSg8lUURtmhyseQ9sgMnMjJ!qb9mspE3s!TpV}O6 z&D4kUZC6GNJhU|Y&e+O@NM{kk74n8kq_13rxE`qnWqBBXLI$l|i1<@@gO#4(nLOl^ zcE=+>e4ujWm1oCo$=L;&gnMf)cjYmDC>~ZqV+rsI^qfX6d2PY|&?p|`eeJhS2JX50 zG{!#H=^YTd&-j04+%oJ3oSHJkt0G4t%ae-t=3-wV-AR2{ubpO2V0lXd-hq8!3Acjw z>W#o&JvZD5G`!)CcJiZlN2(C_6y6r6@%&HYU301ZWqbJgcNm>Od=t=?xla`9DnV@@ zeUIN7+|xsQ{MIzHUP88VcD*DC>nqypB}tI2_tD2aW$BE@`*D&)(3D!U&WZ675* z%8HUrYgKkD4yi&kZy1tI#TI&^8|(+}SC>}Uwf#huVy&Uu0Whg7V7j6ygp7*RVz>Vsz%VyWq?WRgN*MdF6ls1oY{T21s z2Mr#j{-m3;VP{A}dyq|sY&Ya4z8mNb+UQzC84LG&c!5{jFq`lKe^W*G?uzRK9@t++ z>jcAe#ecvxf`21Db?rY>oq`O&{N~@xBi8M4S1`xL&>QGqk)G3GpQX1g!(g9vfPEG^ zR@lSsaOXdjJ{RXb<(mGEr zWWMbw+H)@_>7H6Paf+ zY`+WK+DEQKJW8Y6cj~=bl#cLSt@V9D{XJjfZ(CbDEZ{_-r`z&FC(fqc;>3ebt<4+ls9&YoXb z5BmKGI(!N`&>k?l$G=+7WeUA{-m^KFGU$lY-#x&(GP*q`bZIQL-vko2Z9SW_8L z7t)owY=)RiTGF}^wLw_q!V1HPFH~VWj;g}G|3&47dIrh@J0C)OTta&oqCFOZ?jzt% z_H^=d$V#gi_2!oGsqt+c!|@P#4x;u82`6v{Ue z?sQ&|{0vQ!D)PpyRbBdizsm53rha+;ODYUc?^YSc{!euY@0haj!ZMar9O}7C6?S^R zY83X8ihcn|^N@2&McB->s!`9LP=!GcQaNb-U^sY!_7Kqi0pbr@OCbIs9=Qbm2?PJ+ zfq$rvtU)+ew2d5o)ZPZL@lrpgvoOR*^NqoSGPT`4L5rV!8~G_lZspsV-iqfW+#re@ zfUv%}w@dm%>nP63){|`F)E^~S7m+S6_7T@3<-ik=zc2Ej@@dvi}^Xp*W#eLk*g+9Ys;MXFAml-Kw-!-_YwwcQL1i@xn z`{b?^>WEj2Co6hdjx%e#2+vYOf-jHlrw2zC; zmpwC>be}x3bmZYe>ET?2b{1e{%@*~{t;8u!Bnh62I_#f`(&5yNgr!dE|76F zj;+Fe-%GG}qYewnzQm@l>#a#`xr6z5g0aJ(yK zf;YtqHE)V7#anx!=8JG2v$@59J+izX$4hf*9VrE8;7V}@j@GBKt~R0c&N~*cVHsV* zxwbC6VYnUIh3p3Q-AYzog54Z4CL_%H5a!3o2X^y;<_lN;47+)W#ByP-r0qi3>hnr) zf4VSN#T~Hk?4q-6TJKJ3&c%gD1};pM3|d&zLy}vCGiQH_%v*aOnTIjpAD4Me-?St< z%-wxF-Z+zDUab$Cdn?=l%nRoWLqOYF4Q=V{swKuTk51pVps(dU^z9A$(tN#UK9}C` zuBR!^9R_geDWGqtKwq(Mjzk$pVD9gRyMWc}pFh963vP{XXWnhAD5ri$_f_A3ZHd;z ztFX2?D(mhC#<)8&<&JA5-ZU#uogG$`53rZq6z+b%(wlqkGVY+ig7w&|uupB|6+5os z9kA=Y70;PTIE!n%nd5cnn(O_!=QfVuimoI4QJiJmgENYbVj9lebBB3Kqg~T9oVC&z zu1N#o#Wb)sv6b%po)^}0a3S6s+zq?yTG+kQQO3)-|JNLM4W}8(l#8sna{4X+kEWp> zn-BODZN7VVzy^fFzKVf`2vdkKSeq!{0KcQ~TZA$BS;&!4*xPIQn}c#cQ1ck}06rHc zQS7*+=iuPTE1nC7{)FAgQP8RS@Ege$k#5CZ>_R<3+jP)2U0j#>`Q?2%#6QQ(i(hRc zP4GU-n~px-j%(}r)7;8SrrcID+}*VX<*Gt?eO$QuuCRT$T#3u5GLd>JOcWV>8>#1T zW2xua@m%^|UZQl3=F0c+?UVrtT)A~oR^)lKU!Y7;=qk(d9HEdzCgIl&zy9s#6&?hB zP|+&#Mf?W%>PKEww2s{5D~(L|Z53JJ+d4A9Ei2M&WL9KffHz>hTXtkJ;2_{fz*^iz zoNTqp^MKW6&*08mJOd~lg-5rOiuM4-GKmHYcLIKDa}k?nE{~xm?h8a@4aLan^+S7P$)bRM(Bd zW`UnWQhIB>6{mrE|D24U8LNO%VylxO?ZQ0HPsn{60CcmpIo5Gph+k1R&{NGz z)iyp?PLCZ(dgno>>i^!M>3RN#L18@C@bCRU#=f zGc+$V@5hy2M?PktyP3pXnGUdSrQw}cjl4s3BHp2Uq^a%tpl)J&C5A;8S%X)s!}=7N zS#b5lKTE(rrl{|=r{z0Lxi-q{;4^bc8>KbeT_GE>{!(_>z*tH5lpledOEc%nd!4$w z^{Spp-W3BAklyyKbizb*%|UJraI1?bNXEYgqD&wM*JuqZ&$O}UTLE1Mr{ zTeKc&uT7X=mMrDceK=_y>4$atiXFbQdlk*+^y=2?b31}=HKv37$B|zG(xEhcIZnxO z`pN{PrH8b{ba?7lNQdL}jIxl%Uf6^lRQD-Ay8D3Uj z;dhwyB6Ob(nZY##;6=`8%gCoKm217rl3-e6mGZp*QmC#|v&|zsasq92R{FDFuefDR*BSk3cFYv{1E&|$6`9Y*rnO@|J1{R?!MtqvV# zYuuZz_9$skcasdZVIpv$=KhoQ>~7+q!}=&~t>+}7P1-CYeCM0#uu z>Ya@|h$cw@DfHA@@RTSoqd7CB8DzDnryx@-61g6o=VSinHz3>7S}OH)6~;i4ya3C2 zg~1quOji6}U}l)*Y36Dcne1y8N#mb#w>6P{t@?VdhyQwoe&iN>_p|Efc@f_;3IlyXwr+t;aYi89Lq!W21}sT@Og^yv{Sa^Cr(1JAdNYt@CWSY5u6K$D}r89lfB(^g+w@ zpe3uztf|jK#+xBb9|^a^j5AeIzp}yaa89wq4Sm*>Gc6+-PqP0iWB}I8%U^2EZM~+~ zCa;ZQ8|4AW{w&$PmHNx{1livTGIXRy_OIvklpo_en34UWTX)EQ3Jbq&Ba3~CTE(@> z{0g%FVuF6&8LqV;`&*IR2lSW~RMa}Ib>`OCprV6{9?G{Rt;#-*?N)RV@qb8oyKFsV zKj{mS{l$XJZdF$dnY{pVpT>5S#>a?D>2O>t$otmHEX3y!UyMug{s7`;ahwswJpg&% z8??c?Z2B1uuhDz~wl+(D@K*xh9N-A}E-Hyj7x~OA1G*EuWi9E^IT^f_$naJ@cvas5 zyaj$}-DYn=Gry1m~-Y1o1rrhr=ED^GR7QfZq<)BI>mf zvf>*0&oxtS$FXilI$n=2G`xm>bFDA>mw|z@Pb+RmF6Ll`n1eY}eIcu_V{Z=WuB-TU z20cnK2kQy`A%6+xU__5M;oleZ=!3k8R>U{^0CI%8iu8{neT>hQM?o(HW%$SZZ{wf+ zCil+4_M12t9!2|T^N%O^$C>6n=pX6CKd2MehfCiBTK1Y9U9=apRPzw#D|iQsc&I-r zO0?($x@<7_`;W>(!9S#b!yuRJ&AIaY|J~h6?-wpKFjOj_e@$h_ zS5_sOWu`!34&JfLWMBPxQ(G5z-{Rqf?`mP(wZN;03~g6m*1%Mn_y~Mn}lOb0lkA z@GI(w%^Dq%^?yc3lxlRup%!%n(LDF&Y`k#Ndt$Zl)s7RV-LHO+}zVNTqpaXcYm=EM@riD{lC%!@Ie z$i{er%0N0|o<>K2z8TTb5tNU$geyCWd2u;(gs7K~qR+B6x;@YluptWLig~aRi#meZ zO^lNco!8fat(W`%kmA31RYTT z*%b~QF&1;QE3omB-7X0_;w4$}%Co7Qpd-#f)(+R`2v^WzIOKQ$qa#GOuFw$_7Jl2h z!ajE{UN18lIwCnik~a^wHqkyO0S`)N`xl*$mu3dV`olhFt6U5FTtKW%Q8Ln=5Br=e z=?Lf*nxiciWV>G7V$B@Q6!9sI0K}zquJL-%3sPki;?ur$F)rzaB*cA*Gc}^PG)KFH zzH-IXcZV_Pu$uY=*`AP=J^BRJozltPUxIT8F+I=jCt4+%-_p>d0`Gl^Di^Z@B0F1-Gk=!2WjpG2(ZFD9^>N! zSnF78?p!#$^JdTWCP@X?P&Pl@p-HwjIr?o+%*%|S+sXb${W%==R&l%t+nw^LIhVc> zYuiUgD2g`WEoJQ2cZkBA4B>?_&|uWXhhzlC8B{kKHxnO@MxBKD8pbGTiCj9>k3*fV zqE3kh^9tvi?=2A5F~qWG8#ouPHBTxyiu9_{K4hnZom5!ApgH6f#2pP@r}PU@<_#$C z6sEja`8G<*V~_qGVI3n|KXE8*#F}*sBf&0Vh)+jMwvm0tQ-rcHw{}3y# ze^poBzPc;*{{-*ZGVDR-IJ`6If_=^EyIaI`tTDc!JqY7v*s~`eUTL7mEwSgHPq*tJ zQ`#f0VPfvhOXw3E?5|ksuDGPfIXH%d4jvsM&Or_9NcW5Bb-A;;gwhl4+kL?FMk77P zKbT$>%11U>?E6Rg!Ul(jh;~>5p?tNl1C#$~_&I9%=_UJB%U32TXUSQEaC zxy{&iiouZp*d)Re(LafYG47lo<{z#je`+HdKZ{|g{G+wXh;gMiOIxvg99KP9q&MR> zONU#L4!4`4o9udgrOZ4wLu`N80+e>h(<3qGW-Z!ZOxr-N$aUoTd}Cg+(x?xY>x1?d z&s~UViD7a6Vl>Cq+*3Y{`#ojUxZhJwxWi;o^QdL5Ls`FVxvbU>oSCk&3hp|}D!A(? zt92gIdFZmrY>BRtg~mL;(AY_&s|@E^4Dimix<83@<@)Go^FG!0lo8?XDIeS(wQPAP zTV9K0lj|s(Tu0gDI?5)0nLNi zjxt6+Vi~aqqYE#2@G{;$BfF>Ex6ioia7)qQ)}TYhwywpYH9;>!F0*>MK_*BQxw`ZN ze|z;k<$&8g<$&8g<$&8mmxGsaI?KT&=xDP99c`ANqsp>TjzP01H=d{}fabh)b+?$DmyAqnpYsA^1iIdVyoExMIT*+I7<2XRm=8*DCeIFZgN^t(_uDR&_8}pI4MOY&yJN3|h|}25=QdX#g76eZ z#>ZuNU|xx~DwA`?I7XB(Ode7*lncojDi67Y-#q-*;x~6F#Z||do8e)mj^haW8FAbW z$B>XBqY%3yyO6LVS%?FEL-A{0L~+Ej(->9E!@*dQ;SQUd%!MmA#=QrNFkh_sk>3(B z@jX>ed`YGZ_Z-OdWlEe=Ei=M+ooo&@ty5O+HsI>@Fc+Y-(%@$TdluIE%S>Q(W=n_f`W5WsdSK=yhFG87v3zu%s87i^I zQYpvWL4kP#>~!_n2te6jRyf7c4F|7%{ zN1dOYAvfkdWeHq*E$pQnk9BT7slcA+g*<#X!@302$wwBi%0jtDUysjlmtns&XQV{D zHe)bnp|U9!aJR7+V)Gu9%ZJ08Ldci)$h%uoSVN_CJC5v&_2e&>bspxr^RdsYNtxwb zebPU;%yLeCg5~WR@G6yG%`+m7?TsP(fu}e=E%@jBONXV{!w(Vimj&>IxQ_gQ#n!vl5>2h5E}^IRF(&i3Ifa)gHeLp!)t?tX@=KMOkn z?XB@d{=`Gph%2U*t>;|mh`wV0+k8*N+kk#ki+&S|ep5>K3!vZF>l-Lbd4n=1^qbY- z_1e~{E6(kp}??b|#CzG?&8cW*!ye`aVgzj|mDUp%asPZ(B({!@(pGYb8O z`pz}LZr)I^n^2n6e@3DIVBcujX!IWk@Tw6&f&Sx*{)2T*fw!|-&nqOl5`BB1K8vd3 zGdy{|{4na@n=@7x;GB7t3Gy;Qo(A|eXw18zEDdG*9%cLpW&94mAL92kepd~J?Y{gd zfcC!@-nqNYp7zM1Y*-5|b3~bN$4;5A{u%V^)s5xC-9A(%+DlHdj_%MA@6TC-_+tN- zStCfbr8{R-MzYXZ zhkRq{bQUy%tjIIKp5|Q8iD*Ral?b{(Ct8xuaDYAI5c~|07Om6!aM0fkG`x3AaSpZ# z?KA^4X;R*lC)vG1A(I?J!UyM(ts~TNFxJSh2f(N<0rj9YG9R>$9`cz7S)UEJde{t! zjuMpX66{)CLLHj4+d0SuRtCC5j@cMJ(eHnSerI`#^k)Fti~7`d32d8a^M9*OW$lr& z0g4R!-|4K3L7ffVHA`c^<#JCxr%$9E*1}VGZV<*b*LmxG!_HpdUXok+M{+rRBk7Ei z%mnXDo$E4KhO>7Z)(oBk4`Uxpx(s?v2D#4B_)(LVJ%xvU2))~SP%6^1)=H1=@WB|( zBKOBGgYA)?J<`Kj93|&Mw$nzNsLWWQQowFaeb`Wv;0^gv27Bjd=qC#!^yxbEX-D+A zTJ)uGxXr^EAQ$wv@6gZ426hF%qHLqK3@B{+?W6Vmn%4KrTHoWfzNct?hiZKXX?^=? zeZQggJyYvDM(aCL>pM*AJ6P*`p4Rsqt?#$AzNcw@M`?YVY-mb91Fi3_THjr?z6Wc4 z577Far}aHY>wBtJdHyK<`)Z}%Q|r60s%d?DYJJ`a&UQ%WBwhY1;NDh^xT;el zZqcz3w_(EgGht%v8^a_qVfry)wsdI>qw3s<_haxFd82y<1L`_!f_(29g#NbC6yn@01%i!NK`1cHcmcf5u@JkGSmBCdE{xgH$ zV({M?T;js;KZ6@GcpC<{VDP6Hyd#5mW^fw@@6O;34Bm^u`!V<+1|P!UFEF?(gO6nJ zQ4H?M;NA@W9|nJw!QW(Xe+Ca`@Gu6CWbhaUpUL2}8GJ5-Co%Zj48D-T-&N!F5^hsp zSI6}0FYeCWM6#=ux*feZuKll=r(iz_j?8lH>F!Pu|B=D3GdRs_#4y+k(tuxN@be5_ z&EVfN`2QIEB!hp=;1vvhjKOiK?dK);ILCQgxSU5pELM&2H(oyIP=~R z7iT6K@O%cRcMZfctY`2w48EGdS26es27jNymooSg24BSB3mKg59u&)v%;2y^HMq}Z z@Hq@Vi@|3wcnpI_F?a-nhcYksX?ul){=`KyNoUbzY%M3n&!N)PUCxee> zaCZhD!Qie8?#$pr8T>g0AH?AO8N3gJ_hfJf2JgY(whV5~;GG$~6N9&B@OBJt!QiG0 zZp`2Y4Bm>tVf$;KGsoa}@IHq~|62_H3xnTa@OlQn%HVYjUc=xQ82l`QpJDLR41S8i z|I6T&41QdLQ@L#cFr7L)*6fgc8(2iyi+hx8W9sv$c{Uf%5;R_ge6vs{oM+bw z=aIkYCq-BoV{uTLB|6iuhaZaH7bifHLSP{5sehE)T z*+lo92(u2~RvI^3EZ(0+eDXh!w8j9BLp_GVe-*xs0pxcZ;V#2XstGHm$Np|b81}n4 zJmLYvH5Z@UNq!QK-!IIg_zgh1_luW?yr0nf{xrHD{j~iagx+c3*{x{n0`Q&)Rt!$^ zTXesTa3sUyG;SvlSM;O4;->jt1%F$7FGE<-|DW_b2IV4|_*a)H5Og(0zFR>jlDYIN z!Ybx_8E8lDBojn`?O!Rv9KMggc6jl70+WyE_Nc$MDB~DSS!rA%rV|186DZpR)R*LT z9KH!B2*kIDzm7PBZ`Fhq-Pzy62*2z;{`;A<*?3k=KCJtr;FnQOOHElx?}%v(XeMvb z|BwC}gEm&s-|J8p1@ejm?gXImHT79?Baq@-#Oc=;;in@U;n7SuHcTIlKkG(xCc3e1 zG*%P8i?!m=82n~4>5Fli`*nK6c$A(O@-;(QHUX+ozUF|+C;GV|T%cC?C7QUCm~f=O zZvqN5Ztb<=i0QGvG{$1T|BX1&v;_6IfnOTGi~(c;h;GDxCjcaK1^~_@9L>e3|0e^e z-&=xL_rq^G!cD;Uc|ah(NtWFJM8N$zU^;N(nLhAmfq0wR(-P?p0E7Ti0LKCC5pO4c zuLEp>>jH|u3_$bI696jTU_c;%^bzsP007M|*8#2rhQgilI029&-2#+J7f{)Y03g!2qQx}$@t9yoTP8~9fsR& zfEVJd1H6v%r2(n{L~ASj_CeVQ6u?Qw5I=}+^lQv~lZ+s@!Av|hEaA&2{C)hj!;9a^ zj}S+UtNlxSds0(wUrm`Q47Hnf*vI`%eT(cQ?UDas0Pza}m4)~;0=Nin_+A2_a4Z<( zo8U6y6eF#Z05P2sxSa&B;h*4-haNW>Iureg&gAwWP=hwR2_Tt4V1{4o1Q;V-IiL?f0U#L^0+!gQufhF8YUyK2S0FnV&fSmx6 zb1nIc={q40cL3@A1OVxN(zT@HuLGz*QD1NaP+uS(rv5;Ei1?lOn&?7(LjfRq&H~Ul zW)pz=dJRCTp(p9=Nr35qB>);flmKY_!-2*$mmUnDxj-}^4Uhxa52ym%2DFEM9{}(I zko_hFuntfRI1RW7u!R2Z0~iAc0VD&m06PIE0XG00B*U=!dlpavktp&&Vc+HxpB}hTq1DG-lWpFm1XiXU=X@0FV;iluaSmSnH^DD+9n&)V_N#RE0 z#$>>G-~=>o6mjvF`ZVE|nlP(0zvMPpD?E)c$vsZvUZUkMrm5?fO;?xyKgDel>PK`V zS#Sb!gnpO9jec3UsR<*vfk%n9OLT-I|MrkI^h-2g(`XK-xl4neCZDbNB^gNkP5Pq2 zUsJA~nm8mIML#?EWohyzH#fv{LbxjYlKd0H(J%E`8lNoD#D5+BLJ#o12x~IH$``%PaJ^iLG`i&C;$|ffWCEsw!ii_8%Ip%e!pUTF$^1D#6>^xS9JfU z{QgtR^>@&RXz{Q>d8fz0iLY@b|^{ zN#J67C2-qH{`X1$uks_kX@&Cr+4+%vykD9)4=32?yg-KtKnh?Tpcrr(K=iW&J<0Ai z<}raK+JSUF$)gZJG9U}E6F~C&G~g!SHlRJ~GXO9cFcdHeFdaa8t^iO1Aid3jmPF6N z02;SN1JVFF0McbufZG7Ft&qH|0i;hO`ZCDr#hK&)dlgOghVK=k8) z%i&LSA~!Gm_F?>M$Q>|?aTDXRzwKM_XTv@YJPTzkqOxkr;r)ifA8lfhGBm<-6t(J+{55hh6$jX2upyoK(-VSj6vte z0nO?7ER?M|AbLLxkUVM*_QP){Q%|wJ5Bf`Sn*&?;r2#09NgABwda zFy4p*?gTgqcls8AWW9)szta(pa2gAXZtQO#jX&!~eU!#NtQ(Dm#qVORIMkm-zlZ&; zVbXorxL$uCUtM|8TtKArZQv}Oshs3SKy(&y@t5dKIL!w{H};q4%zhIt(wW*u^dmZp zIMG?e>6hrte*aZC(fLvHBARm3rr}@9e-gPmj65`QdeG#c7LNEeA$X8pHRL`%RlRV@mY& z(5OgxRIog_<;pPe<^HkLgXDe@p_3!0pvZE&w?e0fAerE4LDMOR!C?-2xUx+>PKmZ z2Fm?nCeNUjkBIUMqYLI3{X}Ja|TAfKZQn zBdY@n34}%l2F+@jc2sh)p2P%1cK@guk%7~MUZ$p;UvzXtY(rCP`VEzsp-V%U$f(Gk z#D7Rh=(sHtry>6bO_IVP7dCr&pINhJJyK}407 zO52#;w2;u?>2jnK6-nZ^MFG-KPwK`(=b9PRVkDN|5N~=^lpH+(@`gHUU{C+h>6-2u z5ro31iv(JU=|8AUpjwONYnoEaB^2X9&dcS|5q<%XdM&8b7Ii9Ho+j)@9qz%@azlL@ z)EM|mR4-`g#tthAn3$lcGeW@>a<$@YRILwG+{XOaOa$Hvjhr?kI5;#Ql=x&?G$C1m zJUIUa%?b*bA#~Z8AisbRqDmw>m+&EEj($El#&3#7gx?dIbY4)Tpm79EG$W{|T9A^+ zYml~7aT1V?UYfwuLy%M811Nz8zKZsX3=J64vce>$!JinWHLw76ez5IFNKv>ATZ|=HHq-d&QPI)FlR|28zhD~wJ^;-{{t?M*rxCbBYR|TYf@iRb1ltGLL-ABNTN;gn;sA{ zgwziNh|q^){UT$vX`$;|%*P2r2qTvVA&HQT81Df{_=m#lD)Ya=t<_^LB<`_%tbc7E zYw8?l{g~75@R-x@^qAAPdCckm-Tc}25$ZSK0pmQ5a27iA7PU*G=eS0+2?mqflfNev zXqEyKn)P|&@q_{#*PL8=LYsdl1)7`x{8{e*PO3a9_2Z_%#AY)1v*pW!rq>+5H&e`e zoW03zrZ&A#37QfW6Dy|$5Sr*WPQjftlYW}0V~HR%G9YS7bVShfAVb5E!nzk3(bRUR zhH1NIxd5wT(_*Jh51MkHH0~)AIk5G=ca*5!*Q7JzLpna}xRUl$J2y$VXi!9;yhn?J3~_wXgHF@nfQ}|!4?0#urwnEW&4_H+PKoJH zWYmxc+8ZgRE0*uC{%x+GH0M4oA`~0YH9O3Ew7i>BtX~g#U=(&6(+MOxJcZLwL9;-& z2-*sZd1GMEG;B^)9~laY2%>{YEjG!0NhQsHzcJZQf0 z+7UJ1qPym}z!W--g&oiVelzI67uHY%{BRCTV@H@iy_r-Rokc!tbop~II(x0_Pup30 zTqM^xXpg7FaN6-(?n&xWi1idHLg`SNln<^fN!^a-RaYM<{O*m8CUM=29DnAm?%Iu= z*Z=gVqjI+l$+DP`-*egT;l0yV-uk$#DmMJ>%Y4m{wG;L9His_rd$(6a=j-zazV!Y( zM^cN1cbGRTpuhP!er=~Qt~a+oJ7rn_`l3l~)4WRD!wTlsd(8RJf7!{{L#Oy-o%VLw zlW@ZB&5=tk|7fi$|NXfxT@r%VE*(+S+2hsC$9dOp=k>2#QM3P@PKA?Rm>Dr@P*1aw zg9hD->f0$Z<;MQ6_@O^}KAZN<#(?la$`5W`eY%tETc7{#@OuA~oS!p_BBZ#g zePOx7(|M|4yVS9sH%~_&`S7bWgVf|U5&i2TKjUY-Thf2A;*(*+zVsQ8=;Z4B&XIHH zvvSiG&o%wztyOv(__q_|6LwwLW?$9*v!u5^yI|F!)6Gt=Jzc!#R*&SioA<2eExHYR zx&F(=MS3q=O!WOv!Y^jAHlBO)z2dijYLxy)&WC)y`K#~$l+b3T_5b#>_jvz}y>FzySbS*b>q9QpKWB2h()x^h`vTvd)p`2I0xmD&pWiv9 z!;Y)VziWGN(i>TOzO^|wqvx8}w^~(Oy=PJNocr6nLF&=CWh2)nTp#DOrUHaD4@1x%0Tc?y> zA5oTi<$Q#DX6EG67Oh4lE-YNg)M(;}VD?S+;DFbm`2(CxrbO&r<2!2NoN?i=@s&M)x-iG-d*1I#`pZ9z_IgPkcx6lb zrwpH#I3)ctW%mTW^Wxc|@6Ajblk;tGcGmQ{4KWzK-m@YfNbAi@e`CRr$|fe04go_RTI|jqqAB@tXxs zzrS$WwIV;HOg7hrFWjBeD#dkGTdSBKHw^sthmBXk6*u)nt$%2cWfNad<*&7WukN7L&%fvN=J)P1{gSIY95C?i zw@K&s#oWwv>fM?DG3DJ=cTaa)lvuUBS1(0zr(GAN#uwh$wCJ-RY_7hvsXcFTWw3Ym z(Ggb)e|h@bBYhKVU4GwV`)cb`R$;wUJ>DAAmOp=IY4@Q|an~k{JoWmm=N9E$xZ(Gy ztVhMDgR{cUJfqi!58j++81s4b@U8Rq&NBJ(*waggJ@ZV4+lfJQre2t`r&7ju&j?;p z7?=9RRjXI@wwv#h`R-XZVp{c$^r+*J{m<^w<3Gs0aj>SXKv?ke%J>udY-&qP~&*g$)dzvbdb23*TKC^4!a9=B<0G z-`l>)UPUh$Ejqw^eQERko~z?K?_4@RVe#obJ=|TnDKB(wzwMQy1uukuvy*?d^36k+ zt6V0&SyMOv?fyg34=gmkICWx;Z``CFS2D+J<@H#Ki>C;nI{TYdr8ZtTv?aN-+Z>0vrnt!K3TzE%PxmG-#szpc0la= z?=BzN`anmoT}yf2q*$}ApT8RGGR;2ylBMyp3l@EO>*(>c-*)l8Ho+GYOS`}5`R_g`Uf zrmV;71ARZa9LGmoFg^6Y-^^Z`W}oHKWng&0^1VfC%9h`hE;;ww$Tq8H@SnZxUw&i3 zkX6B<7bd^7XwuhDT`+s^mbtgV&dh+FVNsEMgzuu=tKv@9e%a;D*ZxZvcRV+Frt_?Q z-JCaA1>H6Zp3GO?`trMN+XlYv`Cf+Y6xrE~!Xce5hu|M``E?LQgv zP1v4ED`#KaHh4{TyH@^irDkJ~t3jWw9B{m~(RV*A9m7w$@@66T zzr=!)kfFtcN11tEz23EYkzUQ=S322Bf9*4px9erndPu#o>t`3^>Q1EH=v*)}Wy0p| zd)(GJ*1QpY#hE{txI2CNz>L5V2?w7k*!jsElbCCU(XV~+Z0A+7Wm`&~zN!u`7{+3>9SyDpEk+uNUiKKZ-sEptZ=kDc??yO%b-<+|(l@7$^` zPI|Vrf&A{!Q$6`rlRl{^{ZF6C=^wd#>3c?L95?HkRR=TQKeYc=>n=VfcKkrq;i2ah z&MOw)Iy=PJqIcZ(cJp2C_DNC(IaZyx`-TlaZ`yCq6mFTlqGn^?S33K6ulZ)FG~!Zj z!hkg|{bs!MkQFak|DMx^ry~5kMo-$1vwi1?c8g=4I%oPy-1S2*1}^q~nm?{^JJ!DF z>7PF?IP>j^F{u&bW9`oMaGpECA@!+Fkw2O97hKOSD{xt4;4rCo*CV~$9Bz4i^F~~D z@~k&c*~s#@81w0!iaVX_@nbjVslye&?R6OB@$w?)&-A0_KX3T0a(`-TzSGtLM_&K> z_wTqE)9fvGJX}MJ-0MgB>J{X^TRs2z*%JQw+J&dQV}^aP`^v|js{)q)yxQg{z zPffbIHNJc6-}oZ`o~;hltlic9V{7+*POqnqn_d0UsPg2S7Txw%tr=C%uODQv+-t^* z3l44?boxk2{Cl5l|M2&lM$as3W3_nH?Ohjnzwn7`-jVzD>t5aU_t=adqmO<6VrTB9 zx*o6nU>W_Q@ArJ%=O2yjJvC-pr+z1vpQ-7S?D9q2sEp%By1#Jbw}l_}`I_%P=Gcz8 zRiiRD4z^GTgp2?^+ zHuA#?o0S({-pBvaMKAcbl-nb>c$v319=`h0st@m;-t?<~YWMvARCX!+oPU4M4@##m zwtX}CRCchF{K5yHm9E}#_kZL1ZgiUO_mk5We#5qkXR}Ifhh6`$-4}+#7Mg`lx=}T> zcxd@2(woPZ{Wq5nUGSSrcE6mEsApc-deQZ}cRso~A?V6$t6xm)Snz3|+-yGNBX54# zQ@MGO$A5LL=v!j`YwLit=%L*3xG`@ny1RA-pMCO|{o5i-xBvQES+DuNqfc-2ZI@Z# zV9{@IePQwQ2h;gW^Per8>af;DPA|*}n~}8p zuA5or$nlE~au#!VNApkS%o?;cV64H6cF~>}500(>>bKWEn{(iYAADOaI5h2^W6Zc} zv&offGyo6eM~e`=az(2-}FMEF(mUX$TMu%bP zzUL>IH-7j1@7WnU|I_&WQ?JOe8#XuQSbC}Z{K>OK>jlSMd2jDx{Z}0tB4l4Ve6-Wv z%7*W5>o`N@A)AJ2=8ge+{kGpIv=jq;*xKyY(yxLVmWRx{d!0RZ;kHyH%ET|1ginjV z-X5opg}>bGl^tBBZHeor`5ybeP2vbeT-0sNcjC2z1+TeG>3LO?RxD<(SJa=eFLs8`S#jF|X0bj!P$6T25@|X6|CHnAlEh@k=pc0D?lp1Th>0$onbgwEP2nZw+UZMiBfZ;%310f+ zChD8P8<9CPOE+*VEW}I{#C9XR zEGLeer0>>l;zV=6xQQbsOhPLEkG(H}r>g53KR5RZCD(8%LxiM(qEZnq?lqM%+$)rs zOocL22$|=Zh-4lL$xNbT7KJ2|p^!1k6#o0-_VoCk{%_Cwe((2x|KHE9efC~^Tzl4zECsMXg~;xDqe~v_s*;@Srzd6|1ll0TPg14Je43 zFfl>Xf+4iT0{j*5I4q7DgU8b;6PB%w!t3F2VtCwbP!14K0E6Kb09t4|7&QXBiZle4 zk451zcnnSqhQeX>RinZ1Vfw0IR+ZJ9wklTNC`=y@q0w+O5`%<62pAHH#-gxz7!D4V_l&B&UKq61zF)$?>Ee|Lv z55eF_fDRoT3ny$Y;6NBP;7!ng@E;C?gA@k#nZQtBkr3cWIG_wzx;z*hj=&=^Fa#V2 z5JMvrU}AtRsp$v{#Zw~{Fo4ZaNF+p!qXxAAEi5%*r*X=F;2?zI zFpSnWQVz!(f%PWgmFci(IwUm;ja2}QhoYl{(;=uKI2wTLpX!NI*rErtioijs$;;h-DXSTsff2^@`r4p?~tB_V)328~6)6y)(JgaQ%+ zsEwsV;K3~okd?<`ad6NX1)(r_z~yv+Ul0oN2t1Y!2?0K$M$uu=NG!OWDLglspRXnmir?EDfFo;MPF^hQx_sVGuPnm`ec$;nDJR)Sx$v8V*+wqeH;xz}*hR z$jcK_3@l!mYo zZByT+msL_V-va6L^_QyC4XddbVc)M5n&5g;nRoU`=e%IsuY11b4C=0>ctb5q#sjx7 zR@e)clh2M-#^2z<^CZw*M3+CI7bx!0I(Z$tT-rY=uopH_be`_h*%d@!A)|XXhpj1h z>^0=6w(}{UCOWFZW)8q!Io#U)=3@bAwMaMYY=r#F(&(tL5JAV`+RpQpQ1cPkrG!{g zvsSrAs6)fNd*IW+L~*ds{k zlG?$9+VQF&ojL3hQiCc6BmzxEXzmKimM2|MH;(>h9X>Q&F2!>iHP+mo1BZ)h=9 zKR+Xwxm$7Tb=YyVq1*xA-p?7|E8jEKtaww8)bNL!2=DoDG*WvGYX@UEj7|MGnnGw&IsJo*Hrc_I1Nj(9u$YAKww~INkFF#mOCb-0@wll6on4YD-cb=Byllq!7`{ENmdW<~7*YsZDPijv*EMxJ zjZb)3a-sCVce0pK7eBw}mKS#>?>qJsHkXI*$;oLC;Gb$Aus&vMV+fBfLAw)0vTCwU3eJ6P369d-&e=$wQSJK1TDtk{bE@-KEeVvCZUqG@SN2Vq71 zstU{UqF==Blh7)NH3ytK8F$d4k2=POPUgd&iE)@f&JE3}_X6yk?Z=(0?+1SM;?}## zZ#F|`xF;j-b=(~6gN1X1j8qRx|DYltxs&xB`HnkE7j@10L+rnM`l4a5XUY}IcRf`n z2ip0~hII!b^j{Uf+3vTCJ@p|qZc2s}7HN6xIj<^wy75+U!TfQQRDT4Mw&C*?=7w>$ z`p_%eU_3!;L-U=ZJ_c{aa1YD9K(?`a$}Ja=!A8|hv4CS+R1V#L=X1&+goej5c8Lv!5`7f^SRS-s9dX}-SG7Bi z%Fsp8<$1jaeKHqpSGxbptBq-tRHlEzB&bUB2=n=Cko37>10NKG-Dt zHZITgEQ!d~_a}>Ma*^bZ-M^Owb)=u=hegMtZJSU6nkx76N*DH1iBuSVqiO59f2HIV z<=(+FCt*Towc`S{bm~50q!Piwaw4rtvbofdvCKTBt2D2X2u$LdWBQf&U5hjieMFY{ z%W|*5qZlSnf0!rfYa3=x!ocpCP+J>LRn3pPTpaz>CRQ&_!b_=;ZRsCAxiwK1Is-cw zccA+DvTb^S&JyP*%7-ytsqG(*Nz!}G)IxMP2L%}2gHsYRw!-F=y*m?1oXBLdjQvGQ zPs~J3)yIE&L$3mpTZpR0U-f(WhD(5BF&~y5ohLz7p*`+=&X0A>;gtr=%gf2UDE8z_ z1G|p&u3J^yg8FdNQwLXMcPSLG_vh%t5TB$O$#&hAKEoxDrQ>m`Iej;#5AAV_Yd<`$ zx*+!o>w`!2EqQDnlf-PS&Qp4Yu2F zbYe8=gl}C_=Gz776EhmS9bkT~eV;qXADo?0X?a7v&pq*2_g!WZnrpGT7Isac-Yzf! z%|>>2tvu(Y`>vv-YFr}qfq{w!$&>Ty9@=l0nY>|^wJQc`pGF>R$2il4Ag3GzQE|;} z$B(&OXdeu`@G1xXXMd%saLE*xiIn*%`<1CxT2-@ip$i{ z(i|qe=gPu?J2>&_ydyTKq!_mR$Y9*=bj#I3Ub+TP_buP(tRI9Wc@2^Y>iL?-U9N(u zUv&1v-fDSJp5IM(h@Ji|TO3y(HR_qtovNWBR^bL%rb`oB+DyO*NBU_?)qOaj6k)?c z!Qg2vJhv#v*@dm6)gko{&oFv-~f)!~TR zYq}Y|fU6W%#B#eBDN_28|r z07rRswnSqogE37gk+q!l@G%xtd=u&Etw~WzW+mHUfh-l8v+<*m?y0$*S$h4Jin68t z@hTy@-c1)TXe?91t{hXa{ERM*d|Ya%&||7{ioScSUVj?taycmSYUV|tkL0K>&8E8G zz?&VNKsjM%_I0m)lCObA-37;is_s|Ju#ABREdpID@cz=HN2Ci)9vHVMP*=ZJt7qlH z?Y1*uhuNncRcJyDrsKG|xgA{U#9S-i*GpRo;mI;A2evYB!)E;wxt+&%le&Z-_ZaLx zVrrN_r+<7G_5BC<+r0GsJTSkl5|*siIfqH^x_4$aIyzA#^!sjyS@us|pKj%EI0|F_ z(yscpU!X)J@{yW5{{8E?OL%9&j4FGv7rQJcT2H}F@xLg2ixWH5=&d5A8OXoIjI<{E zlr0oOHiGf*ofU;ST_ZoeU+G|42)_5W6pC$6sq7iv19VvJ@V=$nu|krtU8RqC_QzQ{ z-;}cFjAL=w_Z=arkwjJyopd=SzvAv$*vlN{VmGp9@f0%R3ePLc_Bkm8UWhVBczN$( zzx8R45=`VpMb6n{G?nI0W633E8X3>mU=xa!7$4DJ*SeVdTov|N`Z9Z-Donxrc$eFB zLYbf3R+WmyshlPgI^*}xytOvG|Ni-vSx*&+E_mg=Vamz+_;3uCpcoLt(!ufI-Cj>M zJlQBJSzkFk%t$p12ml0$2nYsvl&S(!0gpz(2m&g2zX$pRh)xUwg;)dzfrJCu1BWJv zfP|NKIyiV!M-wDof&?j#Qoz#@q&Of8hymdc50_VfVG$4=H4qkoOoR`UC&;nba1KS4pfv_Y2S>>RVFSp) zKt%vnAqJzP!zmD?B?1oAaD*6^8Y@pN4Voh6JqwE+Tw z!~pIAECmOe91NZg3%DOh*Z?b_8USMuwwfS-0!GJSA%Zpx1@upVH^5AAf-Zp=Kn{rB z2%rlRlc!UFfvo{zIbn4$3}Fx;^h08+ObD)MI0DGRSU6C=QDf+U5Kb6G9*&U*Y6>_S z1L#3ufK~ko$kD+uV5J0|6_P+ldCaO-0o*9^fWv?$0566`!5{^KE(6dUFfKq16KWi; ztQr=sudjL;ud0uR@L&TmK#?Jagu!q!GD(2S`gnXeNN}pE;YN5sMtrhYF zJW#EG5T+0KLLZCQqr(C;lsU23Fg#vSA4gy}F|afMDJT#|BB<%)S4Sr3u>fg+G6N3B zf?2@CXhMs%u;q`PAQt_Pq^rvXGp&>8$DA9{+47_2?`52R(fs@`%K6sIfA_mO_g{=d zz<=W!2u)X&-nKE(E?WCdk~0B*m+`;U>RiA)9JH^79|AYKRY6A1)y zfQSZ+X9gy12jf_RNcdT7H;9DaFi1fp@a4bSpMvQkpU_c(t9@aiePMzB)u`j2}A!~ zeq6)mA79zl|IqHISVfv2ARR(j!*3xCh9~0v8zfpqhS>h!y&mw$B5cCZt9{Y&tLs@k zNqi$!|NV6RM>{~I$6sM92EN2!bND03_V1?G@8SvAMDHK9CDi{|*P1JtLu~6S0sWP% zjKBfx>m~;OG3z4S=l?JMq!Ir9uRb&Yx31oOY=mtG9wWf9`UFB*u&q&W53$kebLICo z;pcr=9gN#zKbs-=Q%~S3E8sL^b4@V>n^{=?&H)_6`$LbC;KDN5DTm!Qboo&(33LX=!dD zc=+)D)O^3Unm_1$*z&6RVH@qsnuI5b=0EODq=P1}v4xrGzb@nar7-+2@Ee8jYWTx- zhNU5}00k$Cnp=VUZLJbqDc0Kw3j_N`a2_b(S-0vhgV6jh+x_VJml+C4qwC;FtY>uj zvi@~_ARV!p>FQct2Q!)M_{`PZNkb-EfDoC-4nc&*vgs2xmuhR&=o)Y9=LRf!I zTLU()|27H`cL%svviqG$i1*EJHvjQF{JZUc=b1^smx#}=a1Z!Z#d>+*KdAp#`~PbA z-{o)rUkm_rxc}EcypMj>h~!rl8_Iuo{eOH(yf(mw&#j?<1aExF*w~(O16~{J2{x%e zhmG|=*Aeo>=gr1)BK*g1MZ}Unrv%;D&*AU#YhR!%g$5ha%a^fT}q`CqjsmhbtEF*ciQ zQecw;|9dI$JI_Gk-)lB);39b4oijK|?H_ji(U05I>_^8R&h~zK_-!EXKOA_yJ#l=X zj4;z(`zgS}$o}uY@2{^JmmRS$UJ(0+a3qnj`uFG1b0J_B&=%_a$I1b-^~!=LBx zy=oKj{>vHv@QZzU16lrQ(EFe6`S0yW{CoI!XZdIQ5$7TH|GRwF7vK+GdDLX2H02e~ zODSTNl!X7W&g@aS6}r{P6PdO^Gu4a&BuveOI6oWbii8bS+$lL&#k7; zZoFa;2rp@LS5vo+h}BfTv5}CnX~u662kDTt^a(8fSh|z*j0&1K=E&GUpQth0o9x{xcW3h0$Mdd{~&?(eQe9}5PUE>(bqn}cm@;P zCP&&l>5Kv6{>coWmp6Du{;tbAjdImy@OnN;;NaL@c+euI=q3w~=Y9Mv4PIUAmfz;ZCg4>m5#zlqhk?v0yrJmE* zXS$rH61Md@XQFD|3t8(YA_-0(9u&)b-C=m2pUwKDvC+r^ki%<8f!(Ls{0D_#kwF@U_<-hFODX zU%l(@q+w9KuU~Ci$B2b zfq4drI10UPO5)KtdA#iYU9pklP3p2<;>|@??k<^UNfmQH#M?K8dEE*j4{iB8Az{JF zD6>m^@$C0LA) ze`J65?t>-6>!?D#{cnm9BU-BOv5dkb&5R$*j{5KS;4CuBFgZf1^Ymqaa_^ko>-<+q z;qIj##Z%87UD;_9>6IuQa5^<(|9;;5UXPy8<%~wgqkCnx6?eY7=1aGY#mT2)GR}<2 zpBstuf7mHEpz&aGbgOJa4nN)SwJv$>*l(SOhH6a_592cV_Ib5lVizQ1<}0tOj()+g zY@R_nlP*o6TXyxP?X99%VYzm)oVK?OC5On*eVz<)k(|7pubs0JzQfaIaIEs zocr>PqVUUshv{bATMwB^wS0JxM|t_-SH?Q5om*F8gNxi)U`?D~r~K)N2z{C+r~C2T zkBhfXQ4MatxwIVqRI{Pxx=xzRn9}a^?@G(R=h&>+Qx#rx`w@A;542n`WoA|*9_D8vfqB5B@1K1ZGkvr^W4}~r)l&K|0spTyg~oD zHft>BB5bHqG^H_QRxF0y`?d0z-Ij!DD(a`UR*DiP?HJ`_zGB$Ov~*h&FIo!M?d>LF z6G6)5N^Q#3CXo#s0rl0?CIX{lsotXn?&VJoof2jKyd~jLXj=O;KV8SH!`ActNv__# zMM@3XqMZ$2-`28U3gFCA88Tdn37|qhYAFwk>J+$gBIq7#Wf3_Ul7nY)B>*FJ`>}Tl zKlgTu*BSHkE00i7AN#H-i1G()uca6I?i85C`qHmI*ubeXMfid2V%$vRK1@!GjoABU z>c%LRg%^BId|}Q=jy(3G2V(6d0if8c#gf#>b!_YPy&1?8Dpcir7vAgsh=`UpdOL%5{0_v8ja`U zzNGMqM8u;Gb5V^l$hmEIR40vFrF-Zyg`LV!ey{iCl>mmM>#3*8u{dxR+#{hgRSoeUS8qqfDC9=rVU#`QQ3p*cUQ)eF6CT9g?UW-l36V|E{wJ~GAfsA^@(Ddxp9=Vfw zRQURXcW_Sev9NE_##)m1lnyv9_J*E!+wwH(s`&SMjOAP2Q@iYS_e$_pkSQ%L-H5pX5f$8J=QHaZgqnzyhr8OVITa{GYO~nx&||4m(ZKR7RSRPtN;36u7jiJUBt#z!!k@49qSZ&28B_5p{c;=yEP9J@4Je6jt|IW5}SXsqB69 z>klElK`91h;#!c{y>_2o&a0OWmDKcJRkB3~$uvCJY3gY)JG`JGZ5ST-^`g_;yI#if zR*9z`^1w9g?V=aXeeE0BN6EXTM=GS#56}2yU-<6NqV`ixJC@K3?&<+LxKr zU{2>uElH~`tZEMPy(7pPeTSu4U0k=P*G@orQBEKfSves7mF7E2HS*a(`wtRDp#7C3X#HheIHrb5w|iWSJwl!E7kI4=lEntPY;fA>v0}e zelnLR(4z5xR+1_-s$Aehm<^MM+wE^rkqop&qNZ-D4){LqK`zS*$LTVht!AABy8d+bi8l=^+ib&IRh*Urm4_jFS03|bwQIIDEuUw^4pnkbysj^xBDJA1x_{APp1k>Rslqk2rZJb)nWm9l`-(b~a86?D!YxfQwhPWC zcDjsw)#J%kG1)>0OMxT(_20G1Y|;Z~s$#rJsWIQX%7uzDQEhosGZ-Fe6n-&y{Q0yG z4}zK@N|srU2i47Fl|MOdE7^AGiMnpQt=emy)`83e43QMaCXU^xp}*#}=)NPeP=XL04AGCnbbDW+(d7ApP54`)8AG*}F zN5lN2ln-j#1MF+*9Qh2+aBE-EUE^>4Ixmpl>E>+D5~^iLY<`_O=g~gsOwo~acCeJi zkA&jYx3sgYdm7I+$7vkYH+O6BuzbyGU<9#MNm&btR=2)?UE^laD+bMUj_xOKwt2xo zv6vL7q6l3>8qPFS;)`M%?3(k&FQfhFT&_KdY76OO&AfF4kCuLOcB=X?RDZH-A49?o zV|le5@mYmJ6-%V8Q!#bSw+AMv$vTr|kCb^z@?w^BlUc6P%LWAUiddsYV`T3xd+@{0 z`Kv}3H@;%rhv|O4v|sf0hp7oP_fyXgN5XKkH)i}ls*WFQDYE_QE7Bbr-K4VX$ed+~ z%cpk!BmQ)PPhk&PPYWm-_uumsEzODYoO&9)ufFOd=G|aH3W`eWYj{z`oQ5DWV}DN) zbr(%xZt17V{BP2)QI^V7?LiEe-+$hdrFZP23=?%&?cS26IFpcLqvcR1Wlr6q(1cN? zhh(96$~gMGg1Ybmg$ex8ewB|j3J0j~C*^H__p!2%ig7j|<9hMP?N5_ZA@LSnA-yw? zl&OsL4fc$w7JACJ7ViAgdq}BDN`1AV~`<72HJ3>|JRSy421l99BTT6%SdYH3QlE$(RY#F)=W{&J0r(hbw% zx)&7zCd0f*ddm*FhD;PjW%Jn<)%We2mV|jk_9!H4)5n}6yOg~BUO8!@pV1)I0#lU^ z#dPy|8B=Mlsj8lkxxVRzhKZ{CU0!Mh)`BLNx~@ht_gbk*?hl{Srz3Yis_0eDp+Y+q z@u=jRld6wFMe@P%L%b?uH{*>hCm0IQC#AbW-!WgvJC|6Q`nh{RUXqcfn0DZbwvOC% z@MYBQ!H)RwAqJM3`C_(g8?8qE33pD7AYK}lcb0Tb6ot+!>8V+d9~Ucg(gsJ}qWq}! zq>W}5N59dPv50RgACLht5zjLwzWP1Yo!Px0>R0#3btymG#3Cp6Mo#ivz>%`}fl|F2 zk}tb^y3}8OdvqgnV8^#|%0mg>CTW7=_LGe!vB8gcsS9MYs+DS6Bdc zDM)qL`sBs6As^WrR}h*y9@k~E^g5WOsCm@yyr}*rnAUvfjWFdvWSiYF7dzWLuUA!- z=lqZ?E3)-kQ)lXt0&c~p6jTmef8VrRIJSE^R3eGnQ-3_~TtubFzO-av`_Lx-k>&k5 z?7|ivh5J1(H!$DQR1{Uad7P9imFw66=M~+1vs}&D?<%*}DIR%xOlzgI_VMJF?vO`b z-wkd|iJcTZ^t~@r;|Uuc;Avjv zVxMqx@~qmql6@A|>Ugf=Am7{P!p-K8ZF5_V1xFro=TC6;mG}tYDQ3OkUV~k^_cOBJ zj_|sTG+1V051Q4Umo#}$6C4{%1J(L$6RI!iXCQrRUw}EmfG#m@A}>pS7wZwII*3BB zAdM-+8}dieDsc-J0(dxRWL+fF;`H=!)5CK-kLEMN-?2xANR>J6H|MmOe?O~S8gkIl zR#jkPSGD!XqK{fW{&d&5&lgBc;%(>#7amM;m~0DX|2X#Swr7~?-J-W+qga1|49(#? zN>)p=Tk<^V@;>j}Qr|^=E4B6eW0DW)yY6wtRhB8XCn#>caUT=arYSQidGzY1Gf5$C zJRj?vZg=r0Z$~GZoB09BZ*Y!G+V|Meq^XiLMS_R|L2hW$f-|8sfy0@JA z#6zYA`K?c2Ci^3QA!l4|#|+QSx=u<7KJ|Ffk7Ly(l-KQ;h2?`nZ(4dbYo^T|2x^MZ zJ)3BCqe=Slhc2T##f%?B${)JdGHtoT{#FrFX{a65lyz}vF`-f{BhaAjOI4Amc+~a2 zg`{2NCdFFMBN$&B)W&%Tt?;ILGFHu%2gANIavxLIJAMDTD_FjPITIAsletMU?-dm$ zz52WUOwZr8jtlVkWQrbU7j~4q-e(i!k?uB^)j?Ha+`#f?$HkH2&=JLw2KV8-$~YRS z;mD-nQ%Utl&L0R*D!kH5cp`UO&?E;M=H08iTgU$-ee+;hoR&9W2IT zOtfx?x64W5&+fKLRC~$&%)OB7^w|#)>F@P}<*vbxeoei6UCwU|I-t_Iw`EE1j-9l6h1H#IC(Hqnk2 z`qZuZ)G`d+#ED@!YInf30a7=ISZ* zt}%n$SG!eD(!6h; zdca6VNud!jnt^A3p)~gHMdu#bK;PqKpTe!IF5&1#m_2d4Z*9cdcQ3pwJF_p@zpZh^ zJ1b|jIP?@YYj;lb7uj1$V>^2cX1+_DIrOOMR!5V$M`-hiGv9YQjag0c1ivkEX?CuA z?}-RSAOAYrT6aVuo>pbRl$^2-a{cnyW9hq+=T6huIv;7r-k^dO%e#)p@XdM&8a8iZ zRjl`t(p2BQb%119Rv=8_`S_~`9^tbH_OGsG-L8U)LROeYy7Fj=<964>jf0=<^9~M! zqOU#;bzz`7jVQ3nIW$}B4AoAZ((R`4speD~cX(?lAI}m2*QonU|NYym5k~4@J+i^l z+h0qQnM-ColeEL~Z_4f-{m6giW&beW!L8~n!T#gHAur=3ba?q!1ZDCP1^Cl#3adO` zFBC18lVAKG_pCfL>|P%-_F2J#8OecxkP^a9cNyc@ATcL zZf;7nJMzwm)AD{OHp?dck_67^@su|sZz%PBjpfA@c!zXz9V6Co)m_B-QiAT zXh};vho;r8dL{J!ykCSVjq3;(A6X`|njS^ReRE-ONnE{}3j_ZStD$i{C8%COa9+Ls zaf$yUyPB)n05AL*M#uaamaqCV%sKNX_=j?My_BuA{7?1VCgXpCHyr+oE|4hxxt^#( zCYBxe)?upFjKDaP%u0ywPpz`J?@i7o6k8PoHJz zWIq3FoAsmK*`A?*tK-cNI55+c-`3sZ2b_0-LX_Sx?FYQ!;MaIJI<&TesvEJsCTUk- zQIgpYGigC8wwZka^-aWjH}cRq+f$;q)?xJEwjzO!tpWGeVfmhO2Jpt(FSYA%;)Y{i z%qERrt00?io+Y$MR9utLGRvW9Vr4KFjwdiqe%5>f`a9 z3`=_l8U4@i`b>byGMd$YKJ%4u25c6B1hKC=qX1N+?+VLK?Rp_mom~(<2;i59#+a*S zmqr|#_#FwK%_eX_E(1Q(1B@Pn_rw>}c@q}uO7mX-9la!$G ziTscq8IV2J9!@#pZ|FRnk$AGT&G}7xBsMVdy4d8k&zE)Y-8(FELbN!;UQzhi3d$%`;U_Kq)m?o%2c+@;7f`|woB zme0OsBlUq8>$v2(nLA|0ReR014KC-kDM`H)__77d9?ihD?|fXKe&``_oeo%gx^wKr zB>Ri6jztBnf^yvp&z|_N3^0c=fj0+}?f^{7P}>@Mq7s8GM6oTXOS?46AMB z;$D*%*G!(A_71FaV%|qTZ9joMbxv}^M_KS~^R+i)5t)zc`zL*@B1UUoO8B1}E@QY~ z&OA1*D7i1;VpV=>=nY34krgPz; z`!cG#{O&Yu!Hx-;j2GW|=$`O+pOCP3G-Ss7cEMUEHx=y>T2xWhn26VDljSnC*3ZavD+I?*iG#OGPmpM|=f=P!GiBn0VG zhS=y^eznu~)ovse2`?+}d?%>X?#z^Om`s&HotV_BF=(oh5uV4B$ zTl3>bScL(cSNsJ{fScDBOb`ZGNimOPn$7 zh8jDo=2l4~)eE1ZRgAKS{cNp{p74sOI?QwL=>u10y_|MM$j#(to`WsiS05&S>&54p|nBy{1togrc_b&(ekD|Z(7#D`|o{+ zool6vLr%bQ1g;!4t7ZUx8%jD;3*E%jF;dXBLYC1hod=MwJ`M(1qEss=lY?moUNDYG z1Rm}(%sLTS<6*P2+wR@~E^m>#DiT{>ygyU}_okM`_=A1>^m6;v{WB~j$M)S-?DO4z zSw%B>AZq8pFf0fAi7`9CiFdYHy+T7>Pn?C}-kx_BtP3*|R_4~ljxyIDz{9*!m6+{h zWk`*Udb)PJ#V%w78|pH|c6q=_+Jl4TJLcN+#ZRldwWeV!pWnF{?0(TbHw{}H%;CL_ zzrf{-fZ>;v-EHknuaSM)d@Vzx}QaCL5%2;+kzRDxDOF&O;(1d*tyR%osp|{|ip30@{9#WIE z1MyeN3Xth{y1odjhu1t;I$rZ4b1*d2CD_b&rbMtHReWKdfwlM)hfRHl?PIs=X+|-N zrb={h>jNv49esP7Y2B)dWes=Trv19y;(KwTa;N@`k$R=(WtCjVEhnSe><&MP)VA+j z6ty`#LE^q5tFky=zVN1bfeOEv?q={rowqoB{A9E1ywZW8VFPHG zk4^{g(dUzE$?=&)I$Q{ieXnUP6Vtz~Fn;N_quSWb%Fm0#Sz`WME!@g!161gkAAPjf z+tr#=6R`Ken_N@Xe$Du(vN*|}lIaJX{+e}W<3e!fc8*bRoC>9MkweekVOa!Q!=aQc z;|Iv-6h`HTiLs>IE3?Q>_}frtg?k5?+}YuFE79p5;$-TRt(e6??t|D1PsGB~lw>V4 zx6%t9|6)bYb2xb6)zGD&2(LSy;sxZqH`MRkaHD=(ynI|c%xJIgsjg#{cap*ajT~Kz z79@Blw$fDQZfP!=A<-Bxm=C@A6?3NOq4uq>ww1->y-Y0c`04MaFcsh9XRt6j(5a&r z^5o9#pakx^<#){_Rsjw-Z69v=bi6+IyU6P*jH1QcOBq?(*{~-Qu_<~B#Tg)#eHZTHvb>{oMUy?)PDh_{xBb?K%M@@r-5ij{ zU0>0iLZ8QEe8DYlTh;WdFH4hc3e5KsFjw^@KB?M1E4UlJ_fbybpsZdTowj-SV|~fe zan>HnICWtURlDuq*;g)n9!bHskUrj?_NLyW+iHbAy z?FnQ2zEgg)=DiGb4l_!9CAW3L3MC4oC4K!z8*DAFhJ}F=H-taD}kqpTRU*7Wi2!>2QZ4 z-mD+VC|^_f(HikB`&X_h-m|&}H*gdaVJkDbXBX%G%5At>2cl|`Gd%Q+T;+u!*~j~~ z4i$=6ZI=_rxAV@sc)xE@jy6xJzmX$;??vgIp!{uUYprC@=fwW$QYIyRVNx*4Y|i>GPb|WFDKb6c!V|L-Q)N^ zmUb#Py$2XxPDhKLv}=iet%F{z%cCQgvec2vbpDh%QksW6L{j%!?z9RuiJFq{-eoh( zeU9dE%i-G7{VU;$-e&31o#rNGE)I*^-aR?}DRUb*piHj%imuwij#m@g_PjZl4#V}% zN}aa7G~92MLg#Uf;?}Xzg-reMNBx(SS~^oHliS zax4vu9wHy;GdyXZP7aFNKatvd?`mD9Xt!xYHuBq(=>xA+D9D!>{6oE0-i1z2WPjZ{ zarVsj?#`HeRtn*{F#mZy6!Kx2EEOg(bS~TA)jf_3Ny2neq z#_bS(uJ4YCWpLh|fxNG$m-uar^SfN!sSEB^valcZEfqx}5`#I0+6H8gCXI+b%%I|N zO%|fhK?LkTr+o2{tKUDz5m2#f zGuTt#{zmd)N57u=*u~F|=>;RpkxYRl-F(Wnw-=Ikx9KN|II&wE!1o+C3Ax05^tR?c zkAN^w!8Tx45y0^czGXkyO4~WV10R;MLAaZ+;0ZPUuj(|zVF|m zvtKAiTyqBY{7Ym)fJ0tT@wAL9t<5!Y>%*e;7SVeI(#)ATJ6==1Qd-=xjD)4TzVhW5 zBTX98rBkoHn~s*{ho2Ofk#6d{p_=DV-S+aG2%=gd=j|<~cV_n(=O_@N{_X{#-Q0XZ z!-I*)J6x{JyYjx=sJnjit1fHP>!*|Vby>9!GcPs2`*J!3Ci`X7_q4$&A>C3~9fLcW zm}vyn;gMlS=3>4X)bm-p}O6Y_Lv051m$8L|gw|EEn>9wFOg#pd;?R_3F>`iUsz~`Jk zmz@tT?t42d7XEJDE$`bHkF(ad`5Xnk))J+Y$sa6?PQ}kz*lOfD>f(>}Z}l7cz@g_L zy{$`AqtqDoP9|ID?IGc4#-^ZIE0gCirAzM?k+u!!dt%nb`*oQ#b(_WXS>T)3cCa}@bRoV z{8goh4;|=Z$#GSWjcZaCmZuL&b^6Ia4e&UodwW5lXnFEmv&;R4J0+{eAu0$Mn~uD2l3>Yg$k8@+9mrM%Wjr6Hw=G@jIoUHk!} z-^c8)TN3dk9%>80|GM2~=^6!o>@PTRI)9yb1jj`%;L3>PH;6=R0~&));B;IVIG+2b zegK564vStZB<>GHgtz>;2f;@-A^bGNYId#kkMdugYxSR2zHuG@JiJC#B0K-r`x*9M z==_7$zcDEcMtAry=s+Cz$NmueqSrFSF~MwW2(6d@?*6bsY|vKl7y{>N5Qiep@ZXyL ziVw!tXZ= zTO3I~^;dhwOd6N^SDig!)u11xvgvnk)9>D<-#u`5Zu;E=2lD^#_Pe*~R|J?FZu%A3 z^eeLISLFX&zaoV9NkSx^J3>tVcq3nXGe?3pe+L3SCk#E|OZ`zS>+L3SCk#E|OZ`zS>+L3SCk#E|O zZ`zS>+L3SCk#E|OZ`zS>+L8Znvm^iUeI|NM3r6_P^@pt+$iue4$&hSlXJQHpNZ<(4 ztz_gB+qP5gSabdZ+7a#V)<*gB7=$vSJtVPyWBLP+^$Pm+l<0?OWBreb*V}FMU%k=4 zG_bAvQy_l#ODx>z&zfMn_H!WOK`cWNGwbQG4Y0xnSbhVnxB-^i0H50culi2iQ=&w-zZVP6M`yhr3w;=M;) z1Cf@*HE^!?Bk~+^EyR1Ac&`$9oVYe3Pw!msPvqeP>oD<|K-^0rO|k3sL>dry7ub0J zShCA{z3Y1Fww~sK6b+i8LCOZ=+Eb6fkw}OPloQ5rUX3t_Knnt%lAxRoL?nn1XhASD z*a7k!Afi^wAjk@oS%PQ|q78`FAYKR24#aC9nt^BmA^~5*eMF$&+N=;12J&kb5~(01 z0Z|VM0M|ee{Xrx=i64V&-fEukR3uQ7up=9vaD)acPK4`^;Jg8bRyMG$8Tv=twTyEh zs(x2IY(eDpNzd}(g;e3QctS`L%~FhUKJOU(=W~Cdl_!7hPuv3M_2QH0KiAuAfIUPX z+WNCRzt$kC8p0mRDbp$nUx%S)F%q1HQ|mH`aC_lUfVyhG(WH?0@MHU%ILmcJl$%7kmi_8g zQIu=%a!uC-(G%^YZZmq}q9Jak!~I+?qV~&3YHI4IqRV2Bz^QW?qJ$lRuSX&uLs0KJ zUcDRE|L4_${SbAXPk=DzOrh`lQBcc;eNgwYuaHhx1#~(p3=#{JfOHj>p^}~qs6hKU zBxuSBwaSS@GNio_`3Nt>9NYqZW?6>z=P*MX7})Uy%+QAHvk>cbNdg_;j^mGvsr>?i<{*YATQ&lf;< zFN;DvBbre0J}YSO^9xAWVG5c(wG|3h^oABqMj+N4O^8h04?04k3^{z4geEggAhyzG zNMI%!>Q7^VG_->tGNzBv?I?XHo=y|;LmNWQZ&sjv7IF|NDIZj)jDl)YEg*+JEy%>T z0^0RV3TiZ{g2;#7L8`6?ARp^zP%?8kgn8Hv?YhtcC5a#)#MTw)sG}%U$v*@|p6`K5 zZt_E1!d1|2lL;tpP6Im5DhN4!se`6GSfCq$dmv-Z8&I3+0(6AO20{r*K#%FFp{iZ6 zP}Z|b=#ZQkv>j51+;2)k{nvP)JJr$9Q5|p}wcdd8QX-%e_%^6RbC7-Z1&9Il3967$hJ@NXp%k~15GO}H)b4Eqso}ug%UT3YQ7}Qfn%+Zk zd@Io9-NsPV1#KvEQ3`T&dIPcR7eM?&UeL!UTF}I^M(BzFIixQ78lvy%fK-Hfpq@Ly zP%Aq(#O*!=^{L1~)ph(3SwB70d$S&5sE~)ISyG^#y%!-~+GCI_jSl204THY=Uxc!< zouJ*rUm$5&2?%NM3QF&O13l0bhm5tGAPVlp|HIt7$3<0jf!_-U1%b*Gjmm1gqlpf~ z0E00K2nvRP0*a*x!f;7$!l0O1RAyLKXjYh3mR49+WL8v6VOfz`QTY^=CY2?b6{VJ` z}*ZX<9@SSz`K6|gd_F8N2a~Y6N*KL$d#jSyf1g%{HqM#Q6QPS5@gpG5fa?+iM*L}m-Kyak$4Xel)jVJ z%g$LlrS>yE(z*5l`Syq9vM%%isr`Ar%$*w{ul;?#BtE!Z3N{zZf{Hk~YmQYO z>E9&H-}jcgLWjwpt|+ne94O}nc*)hig);h=ESdaNowyG65cg+8<&aZ zD|xprl-^f`$@yz9k!j%yVD2yNZ(S?L*6fsbp1E35c0DdnMt&eaY>AMk*Q}L&afNbm?$@$#)vr=` z=X5#sRir%o=+m;lf2i<50#1G@c~kS{=bkUiNT)?+&Uiy6pB^XI|MiMgy?#W3@7*s? z*H|Qf)gR*het$VJxR-o!;4*Q%uvunadXGeW&|6aCew2Q%Z zxcE=FK(4L+K!*IaP?p^3Eh{gokawO)m$K4t>nWShD?-UIpOkN`G;b8ze(OG{#!Q7W74zufLyb0qYNsWEc5z)BCpI|F6B8%GJi&g ztefs7X_=97`F~!Pu-|q{ztXuf$8tb!8?!|&+xC_`YK;)zmp99y=gCoj4w8F{4#VCDM_wTT(`zkk59tO6QSS zS(^8?tj}wgFJ2Fo%@4dKi?a4e(RXi4*O&d|)p5}>DQJ>pR?U@9+{dJJ%{#Jn%p5sC z{%09DK2CCW-Yz5m{!tEoc0>j*-6dtK!^OAbZ8`n`F>fpxZ3ZK^ZJjLn}Y)6 z#{9M7HFAJFa>GLT`|sCfM#8W11#9==FZ#)yuf8HXA2=nU4I|{Y(zj&o+Y!>-K41E-43V;#HW@u*rL6n#JNeA~ip;<6DH%U%gIqXwxBTrtMZP(DQtrO0M7~`y zT7KNKTuyD@BESCfv5X0SPsT>&h<#AJT>3?;+5d#R-|w>y&)I_*q#wI6~~t43>g>_ey5xQ*z62yX-o+UZ$P5S=NO;FIzr8Uy6Dr zigR0++*JFd)FwY5e|;PwgVwwtOKzDW^&btAm`C=?-pQHrjcc3~{1hkuJhWe~+cQ^| z6l|7Px85L`e>^5v)((-_S2JZ+sjmzgwL+pM-zqD=`$4{cc#kBVjFHnbew2Y1?2@-< z-63mFTq&RKcv~)b`y=`4nrCJ5+biU@iSuO8imPPw;!dn*r8Mk3Am4wrM0SpQQ-&WsB!3p*18d$8=cX&gaqsiuUg|HKr|p#y`*Nk|n|<=& z+KZ)O9};joR48oE-F*w(kvzca2A`sh@N_8fH)1U4503Z@siDO4TzDyTPvH z!MA)D0p+qIMd2S@byNPs8-JK^yVp;ZfsY=X@YTjqao=z4oKV-b>6Xypa&J)9&lA3^+x*ybn}0F(+g%ebSov3R){9*emP}g~-Bj`0 z1pBzn+<*GDFd7!~oKFW)#iVPr<)KA)$LO_<}*`&ar% zZImPaqN)?q8-Fm`ZIAxv3;(LVErwhj?0#e6o_%{iGUS%a9V0JsMsM5SUBCIeakJ{z z{OXaLn^)XB?XP904Y_@+dsE2KeAfjB_4aE=yWg67xU=dCLvHEk==ss16}OBvWQ*NB z{pQCLADrMR7x$^%pNG3sJ?D>g{8kV*v&l}}2W=Gf#i`UOPJoPt5N31wK@A^*+xo)`o zs+5l+j(ls#9X;HgZ>?T_`w>IV8tP8DbbQ7L?@q&>VUA0DK7QttK#zQZ$$o*ZGwZ6h5o?iw=blF5eLXR@RD+D9%rI@6G|2Roiy9l!pILPOqZb>Fus z^ow1K4Oxb`o1Axi@$MalTr-W8{f>!3=)V8-YX55k z4Y{MI`>(N2rN1@IkYkQTPkHBq#>hxRHecj;wtnuFO^Jpqz1{CmZ+$=h8bdA|<``7A z@WFla4Y@7CJu2nvM{Zf>sqf|9G~|W@VfT3C5QlfKUFE-RG~~^8_sY}hQ(xO=$g{&8 z*Z!u*nKu5W;f}YPuD;myndkh&&36y^?&91|LvFjs(c_5EUDus3C0w^9`39az}5+h%r+RueTU-`zXg8zezRk#TjzfCGPdZ#&0ua8gjP3qu;!v zcT6cT8s`o{dX3|YR2t{D+M?(}~=@`310pXm8T8-LwscfpatKO~R!HUq|f<3 z>Eqio*0E*fgT)`34Y|Cp`TN3~47uj(=xs?OeqXi5kXyXnre2R)8Xq_0^7GvJWe>jG(PYSV z=Q&RAxVrB0-G;oehokJ#BX1S$H{|Lo+)bB#e(jsTd&>K`f7}+E6Wr^tKAxBh-5o|= z)yCi9@AxI}#1{iYJmtOJW7|&8eLBXF+s=3Q|NBJs4 zIQoiFe#rpGd4+d}Bz|PbX~&`iZwq?tsRM=_^Gxv$KRymFW!6JJ#o`x4(9XUOtY^w5OTYZs;&a@W!3zvF8cTk{RMW>>WR^$pMb zy~L24Pek7mJ+w#rYD3Q6(|mW`!#D4E(vSoE-5366O~k8iL+)s4Uc2C)E8qN7mutT6 zy$bK(+zLymc&*%Wqii(`NxU)0xqOOLAp3kP}1 zUyUxVSv3B^(S}_AYxJ(yE*!Hb(o_C!^U9k_JNr*GWJ`N=LB<~yb5jg?!X@r&ZtMSP z<19m7-ot(0718JWISo1cx9Cg$+&6N5xgihj?+9tAxN^@DL*DpfbKCl=poH5EIp&Ax zR-gPo+-nTETHLoDd1u%7hYeZkn=MgStbccl=ls*rr)u?mlV*n26U}!NA4vGE#VBw2 zB6>h##g%Jz8?w2lqkT@)kgM7ax$Q*rk&i#M9{$ddw_fUaV$1%ykN;}Oo!;)QPyTr> z|D+*X&U0Tqbj@Dy4;YP2RQx{THN9uWymp| z(aXGl4{V4qWb)CEAzPk(FwT%WI-~8OsrTNO;;H{r^n$w|Z>_(^kS#qO``=oSu{qz6 z?Iy>C)AjwLHvT=qjz?a*Z^fP)jqb$Ti zdS649_UPDs%T^~{VaT>C9Ygvper(^BhJ5^D$H5$ZpRCXS#qJS-x178p!6>)%aP)X$ zTk40?3^}o%yYa)z7u_iToF zl74-ljX%Qb_J91BpRIvMG<(+UFLyV6o_wl&kS z$ZeN9Mx6LAe_oOy%iiV-9$7Q@?HPvLZgIa-`}Jd?d4}9N*b(*AxX33L7;?7R@sI2B zA;WL-$OGK=_MRort}^5fKlfYX7hD?ipdnYpyUiQFw|(`bA)9?2_mv)g4^5iXd&J2hhMe8cZQhdh#j#LBt{>v~>6PUZ zPE0UlIT3yF%A9Q96wmp8G<$vWWSn`nNA`CQkjs9Kz21;(`nrdQ-I-rfZO9!KheYpq z@v#+#924U9es0Y-->fxcbAY4b)6cs`Z8GGv%iUg0C5M(hZ^$)1j&DZl*Mr*lYx=pZ zJ1%O9{m@e`j<5Fpy>8oHLoOffxc}+)n?rswgGd)K!6pO0_+>)Dr{S-f@P z(}7R@)X@6mQ%|gUyk>LdrumN*K6?Ge@<*0De8)o%ZFq70#}9U`>$h%Pz4L*4@85af z@wJw<^Y7iV=FsXftE=i>zsK*MS$98m*FUQ=R&Bl0=gz!4cCH+@a%Jr=x6in}WyO^% z*4^fN+v4SiZ_T;2{g$*_-n%*B<~M6%YI>YL|Ld)IfrO#bxmhvywcYdT0)!*VBDP|EbqgE$C(H ziTIiJyt~`*w5zw*qq~-;tzUjzJ%0GZ)#IOfYSe^&AMRH7k(AH8QCU<_>dcd>QsYCe z>jud!zCnUZDhtf6imKAw9G5e1q!g99oCVGbbJ;>?MSgMFqV5BEWzI@-X_?EMU*s|u zm74RMm9C=F99L0UsoAx-+)2fSImJbJW@l+tiJ6a8PAM+S$upPbOQoxeE#DvK66&E+|zMY(=b$pCW;853<(R8*C_3|mRCv!vX$ z*nC!VBmFR{s^!deDJ2R@l|C3TC%4dHJbGFj8_{E~SN1yb2R)w$rC_!h{KO>9t{&67@4w z`)SpFhG{=-+Rt$9XN2}MQvHn5>PKnyqqO=_TKy=kew0=}N~<5G)z>O&^*C`vDPE(j zJ;I!ie`=nlAHb2F)j1d?uV`UWrSib?in6?_T#QoTEXl#OoE7vw<XtG@qd@#s-@}9;{1ear;L~edJJTOw$I1B7IR2G!X7Q8j z^vKQ4!PzR!9Y7dRFTCAZ~t2NAOvxZwEtdUl`H7d*!78+&^3k$P_g@;9i zMTXhKqHGphsLg5%v)OFnwg_9K&2Ebdw}gj=Tf@V`ZQH_VB0(OGIddH6kp+ z77-p15fK?-kBEx2M21FMBf}zXk>QaMk&%)1$SAwT9%{GR!|XPDxIMxiX}8;>qEIo4 z?xScriqoPv#BdD9owwM0gR`Pc;+;8p#bqRtJg19r$HOxcrcaf;s*-sUOd`&4jbvgn z60$PHS;(iV(nYwrXR@7zbMq^(ujG@Wip$E%wft=^n|D2J={faZ;@(+Zu65-}YATJB zPE`u3a7`kuYZEb|%06PW`AjhKc~Ey`A}lN`%A*1uj~JwVmde7Sd=gekSrs8wRB0|C zD71+!%%Raj@}lafvgig@2q!i5`kobsAf8u*S5*`h6#n1J3Y?|RilSUnVF4aUu&Wm5 zYAw#gOLGei&la^3%T3Nl8se$&mEv6B8vVC1biIrAkT`Kdf;{lT~3>!bFLSjh`eF6O)qT zB|afGKA8vksZ$fCN~~%}CdFnZXK*AVj)J(%^jVUSm6V<#S@8)oIIRE7h)<&JbnR!# zjM!vJnUs{AAXBxUoSQLAGO{w_IC+xZaeCTBNl!~kOOWZQlhS2sa#G6GqRH{8Q)PN= z%H#xzogAB#g4$`*QzuVXBZ^I)j()S0GU=%kuSVPSjM(`2>C+RY$<*}8=}Ffl2$eHZ zGiK3nN~-obH7!Fwn39^FnUknT}3;qIT?z z*dzv-kP)9cGet2o1=TPzA5k?SLnfxCq{PP2TSC0{SwEVR8kfm%lhReO8i&U8#7w=R zjMUVru_?2rCr~FNX=*}zYNp;2N9a9Xl2cRDBqerg0yUFUQzlDdYPx=^`p~UJYDU7; zG;EFmSWl)3=T1+T_-UD`3_c^4nVFt2l}c*rr!y1$KQ$?RYHS80P}a^&(FdqLpItD~ zQ;?FHjQugzEF46$c5G&b8ht{%_91O1(>jR>nvpPlx}@@RQgZ4{)t$%VVwFp#CnhJw zQJAhureeQTnHZZgF(H|uCdF&+%e+cbaym1dk{X+V2dkPKn~GN^B`RyA#>ZyF0?ma` zX}Z#jirVaJX5>H`#S=BpnVv9F=@T1=6_~t)>B{G2+N8|nWQohEWapJuQC7X!Jjqzn z+1I!htGu-+ry{S?JUJnQbhMy~-DRb=Ln1>JpH-el-)AbQ&7yfqdTNS!URmDRwKD&^ z(tnk!sravE&aDxTkunmxtDI2~)hg63t%6nlUp35gI?LJYv9UT!e|_Jgj;Otc%SpqP zO+5?KOR{u0^0u?`oU>2hKj>td-ZBtxamLao-B!rUr$*CpnxkWofa z<(abBDpz4yMbQoVKG$<*Q85{_(p*?p9x`un22U#B)YTRk5pxIWbo% zuPb#Gu`yQ4R7$eCdWp*^W<62*=CRUL6wRx0p+L8XY7SVzLYEg(QAX$H;IOg$J5uyb zy1I5Krqj~=q5`Ivl})!~r6gu#q>Z)Gyk=Q*dR2Kj7Y=7kcupLsrO~XPai+$CRR0cGaY zjN~+$FD@o*%PK@$r&;^EtEl}+x5YhH{P$|-j8C-dD{WqtIbH1WE7gS)*PCqpU1jsC z@?~c1By;dg=R9+4d3kY>zP_6$6;(JFF$v5FdYFrgO4xpLd8V!VOi#Yrm}p1wrCg^o zkDZsgLW)gGGJ;rL^PV}EV&hbg_SzMz?x%VSs(G~)(VG=IFI)8AE>l^e97FT>e{C*v zdXk}!YE8dT`+sbYICq&jOS3|HVGdWc=Be66q5ipq&*tuHc&$%uR3X~fwF@Ub>9Tv% zPS#E^bU!N;J){2DYGvrEH1DoN^p)ZXTCb!OJ8~ zTe`KDyHB%)N3Z~^RYLEwyCBjYC1Wd{>MCu*0!N{f`5#`MQ{Z%1hgUL74iapxe#*ko zv0V97R4Nt5vNLs6j-}PHEE3v{2hlTdrHmz)k@za+7U6v)#JRddh)UBkX6y|`1tDcs zuCe4F&7yOSIG^jxEi99e5G}KWgmCh?b=B<|>Z%0ite~Ena;YrmlhJ^71LsT)<7lWX zSteN_6SajWBvD_FbZLfm+b1hzy1s&kB*lxG%MfMaEEQ8BS34Iom|XHs$b3GYvqDK6 zM$;|;S#8uQXWU2Tv#N#=?+cxBwfY#VeRLI-I2pMkoYvEG@|_-SDhtc1it|F|IYW$% z1z{U%jT~d)-%$Kd#)%ots&T$zQVG+q=7H(HzO1lxE@6TPs2d5z#-SM28MSbaVQMI1 zG6#gWrmvwGPbH*O%S?aDD==h^54TjU)`u$gbRmKM>+90e40yV+*dzt?LN)~l$GXn z7ld^eaOiH06gleIcwzPyxj;Dh{E7s7X^(+%mtI+CkLebok>##xz$(7tZ zv#MTc9zNV`+^!n4&{?`rtE5>|WoZfv3GfQ;eU+NeG&PQZH{+aK_?p#B^6$7Pn=OoE zIIv6Ig)xsAqlbVxP&rop98>Nrp$10$mkJ!!%B|yvhvN6FD(Zfne&@2=@#iw2vDyMu zsjowGbJeA-VH2%DpL=a(!$P`6^!#PGg^F$&OAHs~FCMFHPmBh&c-F35&kfEJu1n{Z zxr)o_%(I;S+p&<4GMBSBq&wlA6Vx=|EH=^;h7D1Qg@nr3GOofa^u(J{$Q3&O<(SW` zNnE7os7r4ZMCx9QwhRzLy5eIgs4&uYNXVj`{BzU9TyUvS*q?$;*o3+s+^b6MMr#LelU7NZxfsM`s&6042&miZZ;qnk{d zy8oAE?Y8#+M^?4||Hi7}|2LzChguDrCK-<@@++K9i7h78<}EhX8MXD}X#q=YSuwYI zv+JmUOp=#f2Ag7`tXR+uv*(BXrpcZZYQY$})s|raXZVO2FWEG}Fa~z4| za!7lUAhFyqE@a!o6|vekmMgy^!ki1oYD!#_G2p8R^7NNR@ri# zmNLg_2NBU%-wx}KDYPpt?c*5z!G)*|QX0#SQwqv+*bMWaKrI5=&1hES|54u4p4tdk zRkGqqh(*RY6C|f}F`cQ4_HeO=v#f?o1pkMr524}eW29Yu4vVrVAv7vnD~gKb)+w^h z&J9vkZnbgmRj*>Taw}J>6%lF)yv+PJA| z)f*3uvP6d2>=9vl7jzvFX$uRD(EG7*-!?3gKS9qOWK9F^(}vo^Bh@Wrt;ZDu!!(5ZcIlo0Nt((JTyGa$}Q=LD9jSdU2bjQ$^wxQ5!{##vtb}h zq}8yW6;p6u+`=w2GAs;TB2Yu00q%yQbGVhRA|g=8Ziz6=%1!Wa6p!ErygiH??opPo zFvG&?K6?~*!I|DD?#x@GxI-V|F*di#xfgC@!fo7R=k9wrJsWoCrnxQ37HJ8MjI=T# zR+=PHI(7l)I$gx`cm6&v#G}c zx>xZ)A=F|=MU2I>3JV?=X|q~+BH;1t$WTkT4K1-5k25T|pgodD7&a?P8?h4}ZjD4y zWjda8;FD2dJdEHeN0=uHuuMc4%BqJL7HhcjQXWFsLzxzgs?RfzA3`JXag?**@K_@( z4BrUn8HmjjGCcaQ*p=Jc=?7O-M&W!bPdThipAoA>sLe(w;B)FRiZYFAfu|`EJZ~`^ zf#)z50>fgp5x+!KI0jN}Fy}m{v3SCc$12n$BP(Bwv|A&2SVJSsKJ~+Go?x^RbK%S@ z5uiLe6zegU794>SILQ;Dp+us3_=1yZ9*z--GQt(7VzSkv96cO}0UpO7@E;zpTmYw2 zPh_mvmaO85XM%!lC6aO}&8=|`^-PD*isa!AQR8tYvJGa!b#X7v%Smb^5gWl4#$z7~ zVPpiqosT@7(mYM``AFrO5jcj0p6Dnn!jlqge8#|<*I88vgef<*<02Niq9<6T{4K z5{gFPdomNgtscOk8aA+5D7Ny%jtonD*a$H~AxfnJPrky@ znF73@)QqK7IT1(pMI9ayGT+Q6Gr;3KV-aG`Ei{PlGh{*mBarEk)XAuVI{2n?03*2( z0Tx=s0nh-`C^w^!ad5IyhS_Be!w)mQi^0~hNCkPJc}fz7?4VRbZaNcYUxQm;0(7i z(h)s8w*XyHkwI0Ny+VAWWdM$QlCrxuA3 z^oq}_=dw7uQp1yC)nix$7E*>o?zH05QOv)J%P>0N;V#czEoh_^>E0$p5I$rp#>pdF z+!2f6^IFtK&@owoP$O~KlqSr%k&na3R)jkf$unUxl=5@tU&S!FhqQ-+q+XsCqY9Dc z$Pv8r_M+}KGVsx_Araj!^%4SiWpRhX!g@IyQjBje??k29*h zjlRvpX_W&qGR@2EtmaWvva_74z(ui0wOzu{G*2AkljH%%GvQkj$Dg;P_Do3exTBVfk%`{P<=1v&{W0PoDXNh6*75gDP zH55O>6ihVzY6(j%;A+Mhjj=?MeY6S09%`q+ehd3?VW6Ux9Lp-LT!Cat+(l{WORel| z+}I(YtFbQ$W5pvyvHDWTNC_XdDk_($oJ%$QA&itorea&bzLmtzE`%bKH8KEmsW!Z< zI83#L!4gM|Tcr$@gQ*idor6G{mz?!D?9QYJ?bJ;<$=nC^SVz=S;4JJPWl- zcIwK7%%t`lI2^k|{FKz8bRgnY0^#CAg_AM>GHo%-I8GQlVbA(aj$!gJCn})=dsB9h zlt!X58CnfZUFZ;rSQry1nUzUpFgs4oN@T3+WIkq))PO6f)lls!*_*TW@Pp){2FG|< zGchuk8cHVYRW@UD$bP!}T1aI@rctFYk{d3_u9I}drL(GpIt-5yF)R`c%Oyi184w!8 zD%Hq5-4{*-FBflWgTfUd)?jfVb>J{;B2_+T1w>7zj0K*!VZzmlNr(`%xCz@FPB%8j z>UAkr6%rqt5_JiSL>^urcWZ7gviY>4(ImUdd96WA_yq>o@bPvY^_m zsNJyIJg5ssE!(3VMrQ)BGl>IFCnnh|tM|Le$@Gkybzi=ri@IcEU}_hmw#$SfX^)+m zmi^TY0ftF>VVW5uA*MEo7!}KKJxsWvre|+~Rq2tTsof3pL|hP*XsQZW&s1LH5?t-^ z)fQ5vetd#}!8Tk%% z&!$D)kf5f@6zXz^C4>1>>XIka3XOf#GD65=RxVmuPM8*~r|zGqe%0EBiE%Fd?hj_h z+C&J|$Z@n!bVZ@C${3gi6LE~%3}Gse~ysRNE7&@+Sw7H7+2j*!T$KXl`R2bOkQR6Q-)T{slM+amtb^d9xXR=UCkve z7Uu~281kRWAw;~&Ei7oP=V}+t;;7|*49_JpW>Hsto(pQyikb{{c zZc=aohEY{YQOS$-3MDZP3$nUQGOl*i#ip7#mETo9R~s1`RohuYg4IXe&_H>Wf|v!S zlj{z0pt|TKqOcv;ohZh6Y+=+T859i4kuP0+1B7ZYGq|* zRuRcWU>EM~skMbv$>u_LT((~*sG3J5_O`eQH}n`Jcl|g*XX+MM6q^H;k+1=E@MCqo zqB0~aEq$rQOGPb7lkJAF*{kBW?eS8%oO!EUy@24HTVmB7;yOe4puGh?i3i6#OPJ21 z1><8vX2$Kh#3 zyzp@5c{r7vuDHc%P9EH6=nugqrOc&X)8Q2>)w6m|k&)GkJ>YoUfk!DUEras=o5EII}coA%@Wo#}`%3pH@}IOIm3>zcZe~Bvfl} zlcz5(NiHg#pUhj#qCRN#5KI zE-cD*N{Z99sH|fCnbUbno>5ko%xf#WnwY0lNl`CR8^)NFcW&2ubN_u*Z=1(Di-p&2 z)Z?Kuc2kq4mBjL18DCDRs!URExEtSr5v3#j#}yT5AC=A345U|S?}A}&RY5!de~xw! z&819)#rcj%SwSgp9p%j^E9QGE9MZnip$&)$@w7QnpL<@+XS$P0GkG2qs|#n(k722J zz7*mqp2YVWikZajmXw)XWjvfd>sZ`kL$QA?Gdj{+GMsZNPlC^CKvK2mU}qoEofr!w zt5>~Cm4ls$gIM)-8!V-{v@efz0pn9Tz=A1O1m7m+nbZ0)VZRBb1(|na5i>qQ{sq zL+T|SZI)Ev7cWH5eC;`%kvfd$mGPyOvD2C33Y9XnCw=M&|NPIviR$GKjezo7@O)&y_={7`ng@k8ef1qE3v5brc8JC{CLz+Up`4v-#wYC(n4uLeD{H~ zYM(hs&P&ao>MSX%SnL_mRP3JW5#o6tIREU9GSvH^E>V`(zL<7at4x4C02Rh6XeJfs z6p%kvuvJu*D+e*O^o*$ze=v&T)w`nIEu0f+>5Fp8RddP$>6lV|HXJ;o5I6a+1fc@h znWv8_S-oi3owf91Q&}&R<8D9zN1)@O=1O}+8u z8O6j&vE7xmcsf(lQ)QC+N)7LU}CBa@FVbD!$<2 zIpE2|dd|i3V!PL1PtiHl zHXGuZ(sb>e$8;vItbjo$<`m}>fy$Q?)c0;BleuM|TZ&9t%X6Mvb0SBy7mAfDsf9>= z-&*}PZuL9Y)pxpw^1u2=(fEDt-uxzC??QxXj;a5H{`Qt?4yw-^ef*``tbgA6=LJ%2 z(LdKG2TFB}{<-4+zrBqoI=1F4lB0`Cg*Sb?O(m zbG!+v^4dYV+yIq4day_%`V>M{Zv*T?J^)quR^4dcJE4+oBlLP1P{}*>Uy$#804h0P zv|c_GDmi$JF2_J6H(GSL4Qk~MT~35b4vG=6c!{YU7Q&!7kp{RMs`A50di}sDx*VM> z(oXqy{`iC{Uz!Sgh-tGTvQ7V^4c-}0$@Q7~`AtyCEwlJ#jjH}N`tbv>8rjURfNX%4 zY>|4Cm`*|d@wVjX=N--yX;a6GL|VMX6u>XIZ|o_iI)3rJuMhez6$$ng)6N_Do%nF~ z&79X;Oxd@HWWn9b(HjQcE|TU)e|KPa7qS~&(8Jj60_s1?`F+Hc2<`B|V~h*h9v3+d>$Xt;LNUcZjlKJd zso^<&e0vr9ahyLCPy?%BBMfX3X$llm+iQ%cznGT0(H{oAE@B=arme6Lc0vB}E`LL} zlYIyF<9PY|$QOyJ5yrqaSPoCYjnMZ4exp3Bf&4mh(}s`urJ8Vg8|6?w#@;aC6UKEh z_JVd;xCi~c@A&c4W&Ta>8X|O8!YdUIVj`YYtN%9)+zi=68L(ZO72-a`gNY`@y9r_468G2Xf~> z#Qzn{^J(S-R-3$31@GO^Y!*|kua`8z2G|L`{W(5JOvlgjk``#bfck^QG_bFiWWkpH zUUD2J4)7Ao5M-DQt1t4BdT72xZ$ATeBJY7gL&-yz^81is4OIQhKrg95w!ucY0d}bJ z!L&Dw`5H$5Feund?8C9kNH3{|L8GV-x5DGFXPeDs4e(d6W7*K^iuo`wi?}d!diXCr2UzmL( zc7y}@YbBO2`~?=m-OIhC4W_Nc{x;T+RoEW}--AAIXdV5*Juo<&_E&Qr9Q^=xgzf9R zBql;k84q$EY=e!kc9U)|@68;yqvw;ld=&ad(a$#OjT2MWYuGQE`2848ARZ4fuW|5C z<|Q6Gz}-$TkLbN)p=G=Cc!)I)-k@QcfIc`FQ>f_=BfTMUPbc7S_N(TMuc28PT*ijq#4B9oPh`;lK$! zqye_a_7L-Q<~Obf-@?V8U>$6qsO!-hPdmt~CQ&b)@?`2|h^cj|UVaMJBB!M?4%i4g zp>G=cXEJV>2#-&r9^9MRLo74sZ$=NvhPG>ai0@1>&4zXuFbDg=yz6KO9-mA7Ec(wu zZ`d@ihqS<*x!6@PuZP6U!hQwl4Nnzf7uZrn|JR^bDfWQzW#|Vtz)si-gRUhW7BJti z6*j=&iXPGqUC?(n{sQf=(?$QVYZ2$eyv5At9Jqw`VZcoshf;%`t|Q;WY-qm)ePO_D z9G{E7!!%gCf^ov#wTuH=R?=QJesm{(1T*fze_-`$`p@C~dl?^eLFFH7VGDAfwah;} z3hndo-}@L3wA3>mxDj^3f$JD=u9)g!BCLB5z2U0$_!C_I5cOaq49X+FJxo2=^$7J~ z@T1rd+8?7H9Q_2xo#b=a2%{S~FQ56?!f`n8DUQSX=a}~b#`Oi`EW*xTGN0Ge&R*;Z z>tO>-{F-si$G`V84!9eZL)SOh0XBY%{fhDX1Dprt2mBK5hQ1}(lfNI42pc=;A1?h7 zePQAu>;s4XgndgnewcFD=U4m$HvdjMmQj9Gw`&&Mh};A_VC^x+RgS-&VBX*=$e#i* z6`rJh*o7*V1^8PJla#|&lSwwh}oIS5mJp zGCT@>UCd9QNwVP9%S{qfMg1$N2LsI}X@JXNCp<8i@`d=z5c-FGLeOUs;|il3=7m#U zjsHZ_FDy=nOBqk5NxERu43i`-V}56vq!tdGZIa*{iBnhzkHUJGHJ5SR#QFm*Fd&=p zz_qXr)>hDe4fc024%iNl!_5on|7P@EL}ur=P-j3a1 z@k)~fEoZ*&W8AliDf@B8vjRIkfqu6W$1n>fKZ)M3b_?au_6+u~WjxzBzLL0q0exU2 zJP!M8=lnbHSC|Etzf3s{*iHRa%;N_p>45Q{nWWF%^#3{a;P!Ufh4yb4=RNr4LCWjU zvx|12?HKy6rrt^HwubpT#XQ0If3VxV=zW@T!uVd^VqVL-(A!&TpgF`_n(FCy48NCa z9rI%KmRi^eTVaij`VW!^CR1-c?Ie23aTuKBEioG?pW-d`&^Osz+Mp$cb{@j6sos(Z zv!;1VBiuN{TPzQg4`*`S2$yDiOV%UIFRX>j3%#XfBlcX6UYqfohv*;L9^t&lY5y^A zX@EA^4vROT*Aw^&%!bvQ)$bJ(@0cg3hrAKC!=NYm9b`|U&sJ|qgTBvrOC4;2t#IJ8 zj0bu@=gr@?p&rbF)vtL=`4;>iZiJ&>rye}~2IGDT|87NZ*!~{vK<|&~|7q+7V_^Lr z%HdAf1RMV2&EG|0o-x1K-m>wEsZ=uoHH{~BA3=4z5N09IK8ioUj$`-(+hry@O2L=u4DP1qoKMa1E@eb=Lbue&vPicXNp)`?a zNAwg6oE_X#s^JFM0NY_Z3>w)}d|yFdXji2dB9?XiPT*(uAN+(Q?@2UA?;G~`s^KJ1v!@g3N$xTloEm=f#*YwqtU*>6++9QJD^9=SL#gj=8Ie7JNQ{lf#> z>Hj^(^)mJ00ayn&G+{TG@e2LGfL9sEF7$ex^P%|->;*0GI9&cF{l8E9?=mm&Kr8L; zCNF;2Q##=0FPOg%n71!!7Y6Lb{vV>p*VqLfhBeUEfnIRK0qpt_Vt!J4NfwMx>m{{t;PhV70bA31 ziG43|nAuC}U~*P3@!dx|_wiS+% zegJ=6$8ngqp7x<_LoW&Xo^d|ZOA6uc$9hTj59qsz{$TXxUeW@O!Y;VsIgTF`le|d3 zu=Ax}64S}?muVlSHK7-*eTDX68|?EV^ZzRK;O5uqU-1p}g3&uTeu(;SGHz&ptCzGv z^G?S36Mp?pFX5Wr)cI~NX@z~h?Imfya2~9I!9URcuhlE}BFVotqeIyH>nu=a$6+hXo6q=rdYSgZI+#(+_~9wo1y_}zPcQT+MIRVb#`!R?lH)$K@1k9JcoFqs z#}dkYk(c^N2b_JAj|BJjGTCdW2RGkB`*78*=;!BU%DRnthu*c!A6$ADcJcQj-mwep ztn-mhn7!IZf&#ouzH6ut>tP+-xt4O+dLMpwo)_0c%mX|Q8)5c(AK_k=DQE+FoX1;0N>vJKC@V-1-UqT|~W4 zX%`;YgPw5UXPgJip*aXY`W!pK&UWkwqrYOD7c)@yi<(la>nyF!Y` zZs{$SDD+*?TiRgb9la%S9ObKeOARc)tGBemhP!)9pR2q~+wbiywTk!kmM$2-t~Y;~ z1^dEQ*aeR(c|&hWa}duD(GGMyOgY^82;nK&@69#VTEkP3)|KsQj zgBmywmT%#B4E_ugq4(410k`h#EiEwZZS;Xb@AQ`7Sp20GJHW*E7%yz!)mtPEKmQPY zU|}2W!hs*7FWmYG`b<>ugB@Tr4^x8T84pZ^wO{s@jj-)2`hgqv_7-yjvaSAo{?qoxR035x+c)KJa)K z_JISBVILUq2YMyJ)4in=7Q>(^_+<}2?sGDq-hR>vTYLJ6`D*fgZ$HU`+XMWh4vy~Q z$Nf(H zq!1RG{iG3Q4fB(rRQiXBaP4r;gGXT_+%UpVI$$Bc=r}kHJx1|MZQ+3{X%}XXMt?Ze zLc7zje<Ro=) zh1|H1de@Q<7I8idtfn8>2s>fcV)UJjzAy{=F7cC%@Br+9LzgnnIruM(ft|1%ZeB(` zIQwSWfibr*uIsQ5OoTDFGA>xWf_a4Hx1$eixRZ9~VyD&22ehrB9M;~C-r0=1o_1l! zdisY)VV@lG%mzQ+*W@^?f$}it!D`qA12$u)dH6f5fq_r>NgEvcBtWM3j0XmNi=D2= z9^X+9b{#+uxcLzC3U|VGxaViaH6J~GBc9;e-?10me3bKxvCj$4hfRNDFKGLRalm*l zf9{VmAKw0w4edSsr2*FU@|WY#bN#R0A+VQ{H(?>H>FqB~(B{wiWsEPtpZlcbmGk_i z7Do5?=l&?;9LRa)th+<~r4H5&^Otsb3i>W!yrcZNFUt5w(;f^6@t01x8wOXPPbhl9 zjW&Poi&Ad)mo``&ifZloO6Z=!$L1kJaTH#g%~u;p>|gZ3xz1DFkiYU$@m#tY3`m}i*v6z#*cu+K{D z|1{;$vejQ|;MVPo1Df58?+*HVn|Xr1@6bLhgvX)fUCQr7k5>AJ^}84+Y}ifvaMg$O zzl!zeQ`&_`VIyqWgMQHbAIk6IymtDB0ek5OF5mAjEwB-G!JzN3)7`Z51MR>AKl)26 z^ge_hF!?9^*VcJQK!@$${ z!5ZrEm(w@G7_R_ngRR~H+-Ig8Udm{P%L4)=Z7qIrVSu#4t^CbexexnaOg&f+3t^wj zI3FIpoSpXl)H4T24D1>bAayW%1m{CnFy}u&`ym064VRAzka`#pN`J5|JV1i$IWK~C zVOk{Ruyq{gtwZ0dXcxL1vc>0C(=N0; z%=s__20c!EKSKMk_)*3UkHS{CdlTb%0y}MH{7@PgKis_qyVL%faC;l$ zgVCSRKJ0`+&oa(W(GPaO8rZOhe&E{w&<8U-5(O z_{}lw`6BgBp%<+FKkU5^T&?Sv|Nrc@I!>p(cDudz+FOVnCxp-tLWo%iF)=aCXv`YZ zm=I#}orbVxgqUSCG=zl^LTCs%LI^oRXiS{Y5W+%COicK`ujjs>=l;`PYyUZiuiyO6 z^Lnj5&-L8bzx%qc`_J>Y#Ia!GeT-+7$GHBEpQ&S9Z^!?dV?px==vTGiRmk7?STGKD zf=l4&&EWeW{j=d%kX>YaYCOhuas0f)v0w*mywkB@>chz0oeH<67}FA zwJET19{<-F58n?zIQs$k{+)h%74-yXKSVsfO#Xe8axn9WV?qCa5YJCx7aU)qe1kZB z`dH8d4qkmMm;`%2gMVPxD&=1xo?sWa@_Fh5Zh{NoF1Q1(t`U!~(tcln4{X>(9^CvI z^4HMb-ynYA{11==JBqZ+CgorUIQT=_AFREsI#~KTd3||x(E1JZRaOW6-~l)Xwj8Yv z_QAPh)xqEvajmHicEFjF)j{?@8UJor9dvw?_5g>$EpP^GyK!}p`xf=Cs}456*_&1e zwcF^wd37)a_FY*W?1DwG{@eI@>*`<R=39 zxqWr82IiZqgXZtDo&vMr*qzZ27Qi)d4h(jPC)f;bfLUv9x(mj>Y%0wb`mde;i2dQ z+y00+g2Rs_-an*1kAm+<#G?nh;0%}p8y*cGIQ8eq|Cs*r805jJXArNS5T|Ei_os|! zBeWB^{VdACzUNd2mH$N^gRNj~j&d;fJmkPNuz3&tJeWHPPP~-3|BUs}D~Kn!46cCV zlj!+5cEMI~;FZ)H%z-mt+pCBRSn+D&^5572d%zBG3|s{lz@-B90NY;!-#+aC_J9qq zryT4Ccfbv>_7{vxZ=ij_%p1`IE`tkT&oq2s=bO;;OX2|b3%(7x|AGJ0#OYUzFIN*+ zuw|9F{+jxI4n1Jzi`4r!#CM(c1`A(BK1d|fo9G9}j~oxil8Izx@_4WTPF;RH7_Ueq z>#B|im6s)w4M&d$9bnxZj|cmgCzA7EdnNqM$9Wz$k?g+H@n8q6yX)~_>WW0Nzx8-f zTa`#Qw;d1G!0CG9P-z3=g037pCB{B;Wc2Oj4+*hF#;Y(17pW;%`sIWYfV?123b zJsvbyCz88h7OZ&K@$f!L(1m}{J>VL+4hF}OdpLT)eQ*#Qegyu2U4Klyz>03fCZ zOeFgzh;wZsx%g`A+=zOy34c5L1e{PaUu7Dlj*qhMWh#31+{E9WeM7^|>Yd+vG7g^KJ4B%zlS>f-5`J z<5tA``;>!=Kf?c86Xzdu9Gu>ze&Es`{x*_VKf^z;;lJsfjqbhE`eRY#4flF*58)){~!3kJunAW{)#xtaWJ?Y@%lA!1Q)ts!^5B7nL&DaBbz|@(VU;)g4``}zHdYG5i!Hz$memANK z#=y}VqX#VB1U@iz)0&|9PUr)(;0`zr4%`er@BrKeYtGgL^>;=u*adEbIdC7G15@=i z!4_B#*0j(c!5(ns<~6}2xO0n|U<2&ElK=R37wXf1J+S?j*aL^aC2*mUdf%0PbDNrA z5KP~W#6YlA>-08euK5oKrc7}HfGTCOyUV{KO259c#g8y0`ALku>JnzK@R`G(SIPW z;J`mp4vsw+e;+`6pGUpG;pbxqEP^}W{0s2wfy@Ih!hdl0W!URL&ugI{L_58K`ahWd z`6ldxlkcKF51}2eqJ27P=MP~Ato$hYA4>T$_8vyQe}Z-fn^y1#TmpB&xvR;aKf;gC z5C`x8Tmkz(OCEHg=X1z|Ti`G_vPOP^HD93o;l%5U|(4H6G1=N@%$6P47faY zBB=ix%ZYAI0rU9mArU2eu9njl!H^?4!H4NaU92x^9@KiCe=fP>%~I0f#5Yhd4Zu=Dri!FOpVu;T~V2j{>YaIA>_XHefC z;|JLL6Y}Pn)Mp?55#saf6T#%O;15m)J7D3aCwb16@$T%&UVi=422&m;Q3wlR-PUal4bj7}#@%lfec!3RaF{ z4{QYscRU&7z#=#Yw(%0ymf)R{e;#^UPV#&%;}JLm_TA-VunSIs_0Px7-S8I-?tU^@ z0_W~=GN^e0?Q&221)J}M99XzF^#ix>gMW-CP3_np!!NKO+y^JY;rmi=aPa;o1D=^@ zoqaMG2L~T=GN^qK^#eP=nNI2jZi5S8|3lFa7Qxzo!mlpmz=cQPPo8%8W9kDggM(mA zH}L}J9)%pZ2G+h<*46j{W_yVP*pNLLWdE7=`%CHp?mU(_f(L(v-j~omk4GQa1x|r^ za1ERTgK_x5X0YZ7=mAH-ac}`#0yn{3uwwxK{)K)E4ub1Xqh4U;)3N(f)`x#jJH3o? z;Tgz*P0yxXCh+e$l!L7~`~`cShn|1M4mb$Tf>U7A3-RaW*n0`_dj**e$Pp+yHc-t^n*R`C2znra0?uMA8~mN z@mW9~?Ee7eVC_{Wx&Dg&58~fziSr`sM5M<-qpWqvspw2YbK`@BplN1NpE^eFT36|1{&r zugOO+`y2cMXL$K=1zb6DDyV!DaZaA%dMo`0%z?q>r-Ci8z4BC0`)2GOr5p@Wr-Ct| z!3A&-+yVQK!S@#0r5ZkP_|&Oj4x9qFz*PEFP&0!+H#`*#f-AMBf*El3CX|Cib;!S! zJi6JbU>MBa7QVOBPwztcEcI$V74*M@{J#4so@1uH+pr6cwsZWQjL-Kw#dFN?fx)|^ z|C|c;!HS2T3L58_x4|B8@?rP|)^{Nf&OQ7T*E`9ZN8k^b|Fcs;{kzG_M^g{*;LlG5 zyI{><;6LrNkv+xrP5gK)aR6uj3Oz#qHFoA{&nKP=n%|56PdXJ$f}Kx36>Na@PeJ~D z@PqB(-qWZD*fK;p*zk9hzn}gMc7OxJ!~tx62K5KGz{Umg>Y3C7oEt$u*w4$OtskKL zdDIIWeLnRD2VQ_5S78Utf(-U9sK z@*6q+A^4}s3$W`=v^%)>X8ipy@q8QnVE!G@A7S129_%hrkM|-E=H5sBz|{N6vyYOe z3-|+WegOZ${8iKs-2NbPA0wX@DF+Xhu>lE~ybQfbJAs97 za2(wGPuc@af0KOr1ajY^9P9&g;37B&9&8gQF#T=f`bqjH*aKF42R-2GcTWXt;Oq|e zKLtP74sL!AJz)QT;UBmI?#S_9&~7V?6TdzcjDtIgbg%_>-5?!we44z!JRMAebKnYC z1oy$3%5>0pHRB`L0~W7H2XkQeQI3Cx_CJvh#=%)|2^>C&9Jm2CuHyHZbdUvSZ-joZ z_NM7z4cx3x2VI{f-)_Nia1&esyPDEL`{&5dyQG5!aO|$>U>Dp2>pxFE-VHf$0~`aF z?v6e%e-B=SU!#5Qi9EOl4uainX|7K*zkwUz_`T9W7s-qJQ4Y?4GvMkUq6ch#Aa=gQ_|t*^;P8Wx11BGh+`7z@d>a5vFxkrU z|MIPXIq1=cQXjCf3;X}hIP(bV0Um%0;AnR`sQEJE$0KPMu=Y{uAP261b6`&ocEHS^ zV&^}|%SU4eT<@hEOg)A;Y>-!ffjn3Q$H0Ru?G3K?;rCal&tIb#TzwpN!Og!xFWAwa z4r;$j{lN}!5*!AXz!`7{+yHAHPaLnIzk;n`7VHPdz)5fpTmd)0eXw$X{MjTgLEcGA zPJt_6;YsNE8twWN@&sH5C&8LQ%E6VVQlGCgzktnP?bF}`+rV*f99#kme@FQ@XlF1B zrk_E*z!2Iiw`!@Y|Djj6Nac~G6eSJEZ1}oo? z4%Wdbu;M$!|BdOO1>6Puz|rY+Fah?wDIF{e4eo&pV8eHr_uiZiy1{yI6l@3Q!9H*s z90t=n_yK0X8E^<(1gF6@a2+gy72hL|-hzFw3G4%VzzJ{|Tm~n>J#ZOp_&)72gMDxi z90gawd9d=W*atho^bd$9m;qP8Au#0lEa0aLrQAJ_)&fkR;Jd#MN53a*1aV8u^pC$I&a0sFvJa01)|m%;k? z5l65SZ1^eh1-rp%a1>ky=fQ1o8*F?(e*PE7!3@~R#~6md4R9Kq`~ddB_N%bJNBe>; z;Lr!L57sYYAKV0&!SN4a9}GT>{hwh6>=yh8_QAa+?1TFs#lFxV!~V}1-#(6gu=^9( z2iHD{eXwN(``|8E@!z!Tr?C%if_-5AYV3oRpG6H!X1Lp{KKa30*)#4fnLjlTb( zKHtGFuELwG2JR(K2P0si;&j04b;-udP6wM{4on^4W!W3R2WG(mu=4WLK>?fuSHXtL z)4>5a4K^hxzv6Vz3m$-ZaJ%Ysum~<6Jsr^flG~}%L0vML+&XqT=mh(ZpAII#-5TtI zqbE-XyqlYxsy!X_flGDx1@_#Oa&R3?U6xGN-3-6LJU9SufCX^yEPjDS@Br+u$FCbu z4)%hLH^(oq@)r07u7gFea3y|SPCXj%3mm&8aRK*kbvjrEyBe`u3IAu%i znoO>Oo#4dX@e6Fa2XO(r+D-@CVEet{OC^&n?f3^4{}6rP@B`5YPCw{$um=_%g56`Z z-$RKnIPh@%14qGCu;Y(U2Nl)HWbGrV2iWu{r-LDItd2sj7@e8bZ4EByEll58b zf#Z+G9=QHE;stIE5RV$-2eyHgPa+;*9asQ6z*VppJOCHKrW46z`pLut90c=1KZW>$ zn_$aH;`UVZfVsat9ZZ8mPp2GQeg@^IlF7~-@d4|eOTEG1`RE6WWB8G#-s9*6_g{ND zSO?c%M}1GDZwh&^_VvUC9Df7y;PM+OKSO=M7I5M%l!Hxgr5<4R9q0jz^VIi-$z;X* zumjdE;3wD!7QoeyQ(l`)?tpFJKPv!1Wd4D&zX-Z{hFFh}$;)3Vs*+;1qZO?tx8b z=?6Q=gA-sLoc$j9!R+_Z56*)P^~CW9 z_fy&focbC5+#;Er14qEEpA$c@VxRbdGru5yS5lu}56(L zncx82tT+=iHK6~pGeIv{S$QVNgSFry*nh>Dpa{-ZoeAo0NxV{Lf=+Pa*qLAioH>3b zm<1QWO|YltOpv-2?FF`hV<*l81K`xjGeH4NrOyQGU?W&@Yy7zhd|>BU_`p6snp6OX zZ-JlS79b-KYn+ zaCho)TjF+4^nkly0Zg@F51eYpuiKHY8TLpc zSodV?gI!<&oCa6H1@Hh|1)J_d`+>dS9+(F^o`QX_7c7En#54uC^o0UQHY!2);y&Vfy>jGtgHcmU?Xnx|qPYygX3D_D1T+8OKw z$H5VB8Jq?8!A-E~Y1qF9;{@0SE`kGK%MkX#EpQc_d^+~Q^e}w)BtGB(I1bA7>jF3p zy$P;^%YRRQXrmuLgZ=tGSAxEJ^=^nwTA0GQ(YeFd-%Tm_rJ1F#Kj zx;OO#d%<2X4-SBf;0Ra*^I+Y5h#S}m&VnOg5@!p+Em^BI1hdea{8H`c=RQh$g%zX5&)eyjWr_%&sa=a=WV$gjw+?*7R0 z8{s$0ZiwFK7;ll8>2IS4Lm4}u$X@kzuimn;T@;EEh?ijD`t(WxLv%>}`+ zr68zY<7t^KK5@1i1Sf(c!O5BaKr2oKIw8KxKZv%aO3eK z!A+))@Ckz>LEXxc;HDc#f}8Ce3C`{x3F<2o!Oi*n(=8ek!IiCvprIo{pswGpkHGa2 zxIO~cN8tJhTpxk!BXE5Lu8+X=5x71A*GJ&`2>gFE0yWz2BhPq5aAf#qM`}`MgJzD& zC;OLQ`Q6{hHWt+_Q{CLbL-4OX@|r|dqC0iAxuZJx`qy}yJ_wrlb@Hoym6B;NGWC&6 zXXq`rTpx({;gtB!iu@Opyu={fGS%&oc%qOx+pYsFes01)bdBO4 zHuhrvssvS20%049KCzQd&^BLJa*c9OwoG;0jz~G}n1O$MNAYhfZZ94ShuTr>jEJ4@ zDLJbhV>^A8og)0R@Q-Q!n()(+pTH+WKO|1;$Tj^`$^CDSlhk*)g0bi4 z|Np3OH~pB;fd&J=RP`MVKP^WPGS#G6GyoFs^G}T%pYXV+br60_}!K5F$f4MP-Dj?Zpcb*NYZ% zd>}-z0^=#^MJSpoCHGW(xJIrvXZ}jok#|#Ze1b>^zbS4bLdIzTauEb zMkn4H!YN_gH6;l%duEQ7)?gGwZh&b%>$ZA@@^3;Pr+-=VX1AF)t1@Pv1x_^ojv&{I zp4uv<`An zM535FJ7`&t_fZ<}qcq;PkCQ3U@t8&KCj~(_pQYM3_WRks;-7prtG(v;(?4mq2^Q2d zCzXHPcT$_PzT7eEDaq|@)P}TAykF`#?H2LGEUJI=xu9S;t?XWE-iPgvo@K4)_pyKP z;a}4YuU$Q*o!a>9#<14&yJ{z~%V$c0jvM`M^F!LTiO*xy-bC5mGkKY_#xoKV(u`+@ zATJ}P6SB-vDQ|})7g!e|%E7&rd1)y_`dYTc&!>_#dvLp-n;?0tXC%YC|L@Y|1GrEkrM{ zG%(*As-y-}5cJ{vDzBSvG^+Z{pSwNmCa98CMI4;cF~o}I5*z$@-7{#ot+LZ+;%e`U8_S(WQ6@wIPKqB*okneb=e&uRX8!yo(E5t-2Z zLzaG#4>wDHx20d^*=hI(wEmPC*O#n3Ure2aRC!Jq^**wqe;fJM2dMfChsOA0*{fn! zP!-A??W8Ep#s8eab#^HGJI4N$rH}CiGWK8Z z!z=zzBfqERW!(^N)^*SX-LgwJh>V}>@V7rm*|Xx6HOrD6a}K1{iJcVxmpJ`kCCAXB zHtW7XCb}m;$q>Ib`1iG)-_`nG{G7+`%0n*9&tCYq;h)v~b0&YR>j2BzN(XKu_|s#EzhUcmv`GSzFzPQ4CP9d(bnIoT;~9QIU{*km$K64?j5 za@yD~O>DZf%gy;GE^Ol0UYGK#nQKnrX5GgK-QvF*MBOuVYtW&*!DZGROv>`sy1cF? zmy(&pj8T?Wb-!u)CR|JEQT15W)gZps^{9B{bnfG9BDbsM>Wo}`pRCi$=T6E~Fl}mn zo_$pt?P&E=mLiaLzc-{bK~xs@`(E@d{h9JxuCIohv%XHOS~EPAm{amFw(%<Xq2qx=?<@ID$>2Edb#5pf6{pjOZY+%GClWDh{ZW?n3;XKuOmi5Y@ zveT~Z(@*1d01m2NPT4fS5%`xhe^<$RCsVYSRk11z+oarxw`sqap{7i+8#J3&RY1n~ zhI-bKL#kej#!rT0dwfrJ;HN!Aqs%5rZ=3W=6Wea_utO#?78yDw{bLcowuY5o?5fR* zcZU`47D|ite1<{u_nPs|^v7g|Dwr`y6c+e3+?;vj8OqM@+jXxt{9DGqj%O+V_}AxZ zbH+(IA3WzU8Fa&4af^We6QJY|Ok8%&IF)RXF(VphB?ApX2E_!8s`n*sz35%fDZSIC z-@y@&f4Nvd*6sr`@WfVZ#j+B)RwZPgmRI4Cd^o_rjpr)=#?)bVT`U(PoAvmm%O&qx zu4G;qRdU1UkV`P^DKRyF_rX7?`4e^Gmygo7ImQ_~UU?^v}aTq51nYyHk%YV?g}gmU?J@{$-`wEd6R7 zI6#UkGvPXrgt4f^oI?^_t1wxl84PVn(g(2CcT4)$KdX3jC1d;JRzH}qFDx+FQKr^3 zRmnm8ipkD+U#l4cm(gGUFG~OK>O7a@X$e0U#v9=YKOB{!k)1OM*pB4KD=vmf!(#HR?_BWAhxplyI z)0BPw#hls>~1q(G#QLTk^Fi_0s&y zhQG^9M+kK3jyDwTD#i@ZbQ^qpo$_y{-$UprPAff@-|dkf2?oga z&<&~&|1|tfZ@Tt&i{k&=l%Dg=TVl8Fw!};G2j)2=w|^vOZ&0qjqNfi%`F~S(cW%G| z*{pU|*Tvc;3w%75+{5yEVTx55@iyX4P>-4Zqaw41c?6 zUu&FB?o`ABFbftMHy)Xhmrd+;qo?yj%FjZ0lt1?Ms!@|$!aoXsQS*x*;bzUt^4wCC z$D(f@{@}w(|L@y+G>>cDRH}RFkbi?wepe-S%(bMF*PB>-4Mvk-pS3Tml(@j&r^iOe zbh9&6Kx{5b+wYqRK#+- z#@}QklM=Lck=2DEGBzRWA5-M;(ThryBnV-NqS7U$)m@m3@lAz^zuR|UEc={_L%o^j zvnC%W%xYQAG_pD%q>N9;;rXQ3V*R&Rs7Vf8+)GmMl^IuQlW6>rd~AU~r}=Z|;+F|5 z642#hX8^esEjMrEx}tWF`@dab=ovpKFTmgVCFR$W;g84fDzi?ae%Mr_Ir{`G+9w~> zu2Rqj?4fsF>+LssO?}C<$bH1suI3Z@mOr3xY56fDAJ?NQ(GgW7bCjiAR3~8-`61*R z)>XYOR$k&bkNkj^9}uOoS?y(B%~0dVHvBW1Kd-ojzdee3_%27g&Uszl2iDz*HL{jV zoAG1L8#m>`J;$PPGrS|`&@`(>hht7m4`F8%J2M+99v#NclxL?8I~+51XeOIZ&U*}W zU#py9HKtTt4zN4Csq8MAxa7?EDEGY~)$kZ{g!zAG;-ckN&n-9O%Sk*3kQ@J+vbSyO z8RxTF2MtmSm9gP@sDFQR+9`IAMOI%5%_ehBak9Z8#g620 z8^LJ&jNGtgfg@;cFx^MR6_+-xXa=qkMkR#))1LCNByWTo8dyXKuTt4Ot% z%tIrs%<%`R9dl;*qMiDj0UZVq|Qbp9U9ah2Z--_zMH+5el|cCs>%OiI?2EB)<^0ImnW4JvWrN`Fh; zI*|KE-AtCXHL87jc!n$74$m`g3%D7cEV@r+c%@_IWZfXRBfU9eP>ZYHG8t?o9~pB! z6+O7)4ODK^xWT{hGH>8?1^t23EiGqK-f*@CPFK)b)Y8OmX*spd7|LuDnc%#Fd93?B z-0!08*{ubV#n{~-U@FMPba@FXtZ zH{@P?l-7q5&`q%mH(9#htTV6Y@5lT7t*YMy$4d2^rE)WaH?6szCA-}^Ssj-emKAj? z{J*hJT{l^61zfeCoagmrcrNM>Rl82EOp;V9vrgr z)a~NQNw>w_Qm@Kxp;Z$}4sYd~bBy|>-A-vay=BU*B4Q?SoV`ESE*^Aoam*9PZRENh zqU1)8>IOKp9!tCZ%FXfQlp9F5R8GaLHgF5wlVYn@5>}UVDQ~Uj7G5`$Hw2b*{1VG7 zu`uxRzQ@o5xn}Z6)gJQBZMYq35AV5THy_Kdh%S97D;L(^L3@-l@0NLe*Nu)lT3=$B zB}M}k`87R=aVe|Xt=3$>Qw}3@q>-W~hLCP%C`YI? zA!AbsA={Espwh7qsCzKiMfy~Iv*vo?nyGJiEgxE4AP=7hGZd+B2u6XJFa?~;V`mgQ zg~us7trf~X^TV!p9e9Evh-1-pWC^cL%B4}8_KRoSVw@<$?dqZxVqWcD6WI0;V)O*% zw_G0%H>)4VSHLI`{sH(KHGg}^%pdE%4Ian$nuNaqf9pl?ufpGP5&Q@6_Z;>=z7K}~ zjz3ME%;gus-wXes=I2tM+N}Fd1X<1clt_K^@DCsMKfbRmJH=Ce3fPZ^`&{!oPLc|M$U15p{xQwpbj4wQ^_<;$Bz2BcCGYIq9g6+4 zQMZ&vww4AoiADJ*;N>La;HleF-qk%{E;62S%pOl|lKIajX*rveOQbeUjBPS8>(YL4u52+mV=GI_C3pLP zukAd(&}^2pEv(wH;^B;IBPw2e>pzPBIBN`bA3}8y+JHk*xRR|n71QDP)rp?&XDdC@ zPs7dXmtpU{S>~heZq8L- zsN%J$qA%^=ZrXn~O6>T4u;f`DxzQIXxo*>LMveuE>JRGq&PDiV{zTGdciQ8>=EJc_l~ zxbm~n#3lB#D-xzm>eUDTyykB<=S{pl=Zvp=q?j3BtHRGmShOUaMJ9)-seM3N+onB! znLeU8+i{?M~d)0KPX#Ey`%r+))F5ahAqW$=A_$}Q6`bS@` z{OK|I#Nedk7Cu-38I3y=*2pENM{$vw=Zfgdze4GoF#5*bc5o-Q@U>Jp)U>Dcw9t7r zCa=Ao5%e^?O6ietHr#kW*!9P2II=cwMg&^;Eu*LM)k=@7cf-wno|2RtkK&|?`Fnue zrk1nb&yCLqs^px#D~c|Ql4zgMs$HH>L{H{VnX?MY{+yYYx2$#|5g>ItQ3XRJM*$SKK;aLwvB zJJw~RDyDzRqQNd_Q&hz&+P5fG>+pHSBKB%$mA#>Jw&$|dhVs68)S#?s(9`ti^!Ilt z`M~sZD<4SHNF@9?b4)N|#QSvrXkYcSQS|P;Q|X;C^M20jXS?(xjzw{lerA)21BWJs z;!=E!w}e^@tj#b_id6=w-NWlEJ|u38tYKts_GE zLBn4#SG-T@m%I%(dz_)t?YbjnDC~y6_5F(9dM>}+jNc5mN`T>#;6?ihQbQ|}dKJ(U zEGRwljrDMI-|I%vk`p&Wbvi{fY+NLIq+SQ;-~NEoFXMfl`ENN(t{jphC;s~{G`K{j0bIh$@%+7l|5@cWsL^~)78VX%&6bXP!{c@ zT{o97$=r?&t ze&S!01dL)jJ;U*&?XkpM>#?4r-gU-*S;lijjaq6P8bU6!tnBAaJ9+)J#(54|@^2Qo z$xkY|LF0EUSA}8SaWhAwJbw-W0gDX(Ktn9=;!x_T+Llh}(#m9YNskA6n!Z#fd{-;Mdh&-FlBeu>;D za=BF{*J|W)P97y|W%`Q~N&H(Bxz8#&Yn)w+?a61vp~Tz-{6+Y)pHuvM$=E;ECeC`c z0z({A87mirm?<23&ZFre<;odltYQY1n8F3A$LL>EmoF&4>a<(*-*bMai7Ev1@Xu)e zJrl1juO1RGj>Yw0)UZi9vqj=$OobB zOozF;NrlO(NF{ro5@GCqP zZDOamXB=*MF~ergyX1sR(s(xWm`i%H4Er{-r)u6Q^&iZVrMD%V4BSUk66cY2BO>1z zvy>&=(nF@b0C|=4YPIL6PP*@AsVppGddr#Ns*(%NmjkMj^Io}(>bAN`mvk%EXBQ3_ zLZ_9Cy9bY#|9A2I@HzSpGmebM<7aq7A5w-8ed3luuH^}gKSz|@ppl!h>yjc&?k;SZ9Ef6myQv+S|1 z!FoSj$5cF#``{Hy@22s?tZU^pz%DxqY8}&t+<}&}&f~`|f9MpDR{W$ML&yzWrtHm_ zdf4%svmz$0$KeYv`Nfn8v*=w#@8S)V-gAGCjiks%0g>yaG0}hSeYMVQ7~p#+mtXh( zj-Yq9^19V4dA*L__9~@!^_=ZFb*Met;7dITSuMACPC4Qif-zrxkd5!66E%f>p!OKS@|BXH>>1r|0p$7_0;u`CljM;C1+ia zw$69PqjMRx4j7Dbjr5B4iJRJ0ihHI0qW8GcJ7LZT)~tR+gF))9EdTb(qIN9`L%Kx! zJp^u}zx{;LKWo-~YwmhUW)%*Jjc}?A@734`5tnj)gWcYz(AU$-ZokQg zEvsIrgpBHi_c5jYm%N-t&&p|~C##R!Z>;3Tj6JiS8;qtSHI9zLUw0G5f1&v(?YfBE zl9n4Y>%iEKS}*0iS#-vmMG3k+sdkqku_^7*@>J%ndgbq$Y1eV@dR+lS9E%c41w!I8 zgnafEO1{#_$LEO&GP*fT3bj6-hQIYn#ow&d$oYL-&v+3>ndo1)_=OHPi$AU+1=9a2 zo<^Ot{yoJl`mOno39~E8QZg*wM^n6?G5ax#YTrKeuW0@CrvJtMt9EL1+DZH_AUAg_ zRqr|DS1#^9*6aDRl&`|yd~3zuQtEp}{&J9RYc+p(SJ9%q<#V#aaWXtLw7EweW$vTt zR-WN&C%=)u?3(~59XI+aCxrRj2|vJ5RLn%F8+n6=B?c5I1`U+)DIQY2R6~qxl*7)MoKpudrl}c0}eBTQ^Wdepbt8O}@E)`ftX{ zx0;OK!-i0L#qZ4jA&>8+>S6iS9zvDEX3<)00dE0o47?{)rU z#!UmuY0@?Po^EN`Hs@T^5>@q`2U`A)b?XCEeP_+{Kwccj+@ZqKBu;plI^s?TM@svJC)zp<#|VDn3z25y48EYJW)XJ=pQM)**X>f!{f(_+t}WS z?S?M7R+icO){3Vp!Ftci8?V#~wjL90-sy6p^8A_2%y?>(R(iV3SA`MAtG`kGf6}Z+veCR!C6{uu(dvkyFW#3gU_}Im)NVL{ zh~7Q)HauSGoi}=?taaC-eaQvQltqg$RL2xm)cbAd?R*yV`4g00YaWc}g>v(A0r@=g zb6S4SoNvYQYQ41N4q&XS?8;{I3E(k21+bQJzC&j()`xCEk1wiHm7f4z5C!_yg>b% z=%0W;{WRsz-U$xKX07v79=IQS@=rzFw)F->|BVf=*ptmTLqc+-!l6CcWJRT2Y?p@B zkp4H6<2iums`@pWcHNERT_u-VAa$3+A451_q9jdqiL}EidiO`QUg&VM;?@;;MnQ(( zL5_8t=3lkO0WZIL$*(DsP*SCs4EsgqAE?vwmEA4$hMV0lWaSX`1zfg z#CO-dP9o1NawzV;^3bJCW5y!;ElLax@mt2u`iqsF8Iw;mQp$dRW6Nqci5azt+Ywqu zdDF^O^2(D%+ofVx@~7>&jECdOZnorgjlemfutF$m!s`H|=&5^|(i2$zTm4}jXX5^l zpv_{6&Y|~1ed5Ywy^#qzJNtxn*VZeMyS6N;tSYG28*Uc1mXIzW6! zo=3lby^8Pl@e=Ws$NDV&hRqzydIm~Wh z_zzVrRbHw4%#UwYOvP2!XT|69oZ!1uyq9&j$!F_2C!<(&J(Fft zyNXffm!=m4L26FPb84zKOJ3eUj%0+t7yfR|KWF&OdWpd-t2<#Y<$3tmHGi8K2j;AP z%hCce>bHTcd}0!9hUl{hF+I<(i2k{EEB~$gAmf()RqOtgoG((Qja>)-FVoTI5Cl86 zWD3OZZGO`%%BJ6|{I=G`410QfuaZs@kBH*8Ay91yr$nwEmngc9g&cJxNo>{lBl($s zA?@=4RnIyzUk;jTG6JfLwlcP$C?eGQdKLNnRZ4z9f+w4GzsCM9u;k|f{41J2E4;Fm zxc?sJ|BF~(X?~%@&01e|N8ObIvEK{-p60i{yKeG7S;+_$^#FOEIo>BQ@jiVy-lu~` z`!Rdy#v<`r#op?NRQ<=&;bEzdcm9<1p0e<+#My&1Q9g7z)Sb@GQ|yla{u({Jl3pKn zuyAGOn?8?c<%`c_+7ouCEx%UfOFg$)kd&?yIco}O}b5jn=X04yYS7f{Nf>YM>YCmM_=I<=>`&$0Gnjc!wTk$g1 z=?BWMt!n%^6O7}@AB4||TK^w%$-BNXL26qUP?GD^)IK1!v1k>q7W&;N z`qwT~`nRqu5y$fPgS}7Rdtd7f|7}yr*!VMt8@Y>H3!R7Cn>Rd5WlPI{DzB$p+q-65 z%DY$R750}?d+CL)6_+aSkjv{*|C=P8MVgn*kZ*$ zENFdg1l5KJpUX0&Q$`iy5(aaxr0M~Ho8#f5xS9~is&ts>ui zTP1JZFU=XhOMgd77F95+3ZYu>2NT4#;Z=Oc?RHA<{z>K5q4R3FC~Y_FhC_0aU==2J zoNMA$-uoUdvoxY5>lTJ@oLZ&w=^dN&vMuA35>1=8;Eh zX}KnI{dURnw?fuLk-u^?qy#|^j7ym1^gcF5_|0QyA*1~3DE-{C*T=lBFy>?-HtNGD zh8Lo+ZYZlr!oaWPwLItWAZ7oY*R|z-d6X;i{k&+uGuq|5D^eHq>}WkDzf0)fY_LyP z<-D`o_BDJW#JGOwtaRI9_Lr3YWVGXO%flv?YH!79yG7N)`~JPJBUX=4akB0g#Lo%H zrJ?39>hO`@dH6>(|F}7ym^1k!Clio*+7W+$%M^`gS)l7$)TLVAx3$m(j7rkR5Kf6? zR9s|A7z3G~m#66SJu1#CcarF{9Xb!&aGKA`YRRHPxx#U$&^x#G&+oiNe6rKK^5G_x zf7kNRBUO`*ZU5%#A-cu2cBs75owkxWcaTVWH*>w~p3(|-7ie^~c`J>UejK9F0 zam>gA0+v-*5xHQM`90WcIWpE_PPV)5`@#nfw^y2M`z;FZIhNfjhRaK<7H+A$I#RMQ z+2#6tF`~<5MVY)yT6O!DWm9!i{*F#FAG|>I-&!+odiQPI6_=F-p&prkSJ5;3LZ!!g zFK5acKgldevurnntl11jg<^tK)%)0x^MjT*u}1hOWykv7%($@=Ugd$-hH%yp^q~?2 zM&lBU>iw{K;e0ZS-N6?tyG`n_GtPBKtw5Q~)0^-QX#PvRj^Bo!hBwQ#d}Vj=9Cph+ z*C>AUA)nXsg>%V|9IYbyDuWn}t^Igc>N|^`nQ`Su*61=R-`4z{DJ|g7%ZCQi%_tMpJ<$n=q+3`6jq~46 zNgS_quH2Y)XsR1^Rm)R z$|>mPHw}NC=Fge&an0mYcsdGg1~xIp zHdqf{qbKt=)?sf}de$mAAe&Vm^}OmxWmGL`SSx@byNok=^km+p^jOb7SpMXVKk^2U zawn9R{=15N{hX3-x;#954nH<-P|go&pY+?gC-8oyXIrbGKI3t`<#9`>Fxr%7;9t=E z*7qOdexd5$>nzRu`itE>dg`yz{u{fop6(4ioS|qw|yY|l6+}- zhA)fTRvtPe919C0V?XS;gi0GKz~e-Cwf1OSKYhlkDpX}*LC%2 zr@6R&6N~XQF5_1x{L7ku$MEOe^@9j;D2kWnlf1|yKkzAKPwEwJ*7IBP)wpQdZ=rAz z{&CHJ?sWo*6bWc`;^!W6l`G0ljmf9AxL#Fq85L4ZC*eIUO@(o3!Pv&9mAutIwEFzZk~q=29CK6C-uu9Kd`F&ozQwq^=E0#kRiNhTtWMfC{pBRlkhQ?4o`^=x`K zdGkf3zg``7=GP8uT$Z@@!e6iX_Y6NLQz`xbot;N8siry4YJtCi{JNGOHF4T9^5NnU zTE#|8%=23pyX(r&WwVZt=QlMU*D*d?3%u}lwM8=)SX6=;&L;B?>GBSgDRXbqTXJFl ze-APKit@WbDkGb7X3sxzr%-oX;V;6Uy$Jp~f;n}8{L)^X z@Na4UcGF(troH679!S$%;r04ab)j)knIA$TOiljmysX7M#=A%e10J7wzuD+ zV^MI!Ni6BVRov|s_j}3~-QrEJnBmmQ9{=W%cSZ3$Z)eFpJWH8ZkMKW$SjGMYMp-u7 z#d*(DFVB}9Zr|3Nv!ty`?z>kLy@%>#;*l@p@jaDaseB=I)aK;dX!Iasyl(D;tLgoWFIui>@_Wi1U*&QohvMN?hBb?nf2(29 zBNio&NI#vxPU~-!f4y>0HftP6WTNV+_4zXVeVTtmaSOk79*~O`cA2A$IoYrSDn_wa zvB3KN0_|nsZ-KutD2C4i$$5Ub@&DSqILtWH2o;Sd83e@c2zvIkp7u})f2?_%NIC0> zS@X|cs$Ll3Yp?2Mdqm(bh-z(zJ&_6YZk$nit>*~_&9ZUajL(uqgL*|F53xl11Xk^;3Q4~ziryP4y#-Ux zcwJ~7#ZcpF-G|7D8!P^l8Ry2WxGY-h8Ri*^WZXx$*y}}pL(31G%U-t`$Av!+fBGiM z9z&Pf>~@e3-_a^!LfU%~{(|NoGXBjO|H6NS2W=KyVrNhMs#A7awHewwjziYC71pES z!>sExzx0!EbNr&}mS5fQx7<|ex1QVBHGawULrCLRc)uc#-001;U#32G9vVY(74}e8 z(#>&h9X&&5ubm!=Q{6|HSL>CYaaC&>N5&Qj;>u;g-=Sp6uopeU} zs__5Q*fT}enJHu($Sm=^&25$5;gWhM&ZE~|4vO9adi(FB^p2F&dp>_%y`AXYLvQ{b zO0V5-yz4Zq8zpA(lUavku(aCJB#1ic8L(z`H9yjO!D9pWuGRV^zP+-l#;s_1nq&q=#E?IRmi5kQ{gG<}tg? z=oM}`n!Li%a)r#kmJgn!OS+U1Nc59xe{2bF}v1`r;WbFVYX(s%u@b_!}8p9udU(EWv zSoj>*0sI}BzuR1|STlJX{znIBmB=!k8$w(*lv~7tCoUR__r;|?enX!jremsJjpqKu znz#NeB518Y>6Yi0@OH%>134Ytuqy43- z9uwhRcn(_YbG2@Er?cdWy9`Ns4?rf})1WGU)b(FPAxLHp5%c^;K1(~jM)}oZ&I97} zH|5u=Eom(Q)FE{@B%@-2ey8`9p;2HReM4_h z_WLW;aqKU-d3)%+Z8|C}QMLF^Faw%>z$<4wvr6qku_)JM!vhLB4KI z$!A5WY*s&!`KDdRzBAfYT){ylYaHa;w0vi;F7U^-^L)y}TT$C-B3Ibf%4S&E{5#L5 z^xYZ1$~Qb))-btLCh>D+O9`qin{i1JrA#TQQl@mWY$-EY8Cm*PnNn}DG{&TH=*MZQ<%Lp|Z1Yxu(BWev}jEuAS_ zTDFV(A6)d@@-HlU#r~VWUPF|xQ~6S_lXo~(^j>7NUgij|&YY(kFF3mVDy@_&^`G9q zC}HoVFkg1Ltl`S?=~I3VSS+i$y?kFxmo4_5knt;3eqbx#5@ml`_ld3bBi$leGs)0huI^uQguuaH% zDlQs{_eJkEdOI&ye#{!Z)_uu&bGu36G#H&}$=lTtfi<;@Miu|IO`Z>|RC=xZ|JL<| zx#*gLx|@`>^+p7G)o!R)*7FnS-MvET-8AQ+TUH#_tpAiI=SY<4lS8?fW+=CaX*4b( zM0!88JHhph)Yqt2O4*&fTXmo=G~k%k9Ed3Fl2OFu_@{Sr<&E&^`=?$ zrS7Zztv|QEB}<4fYX$fs*F}rS7qz@RPZDn2Pw}pcwv&4ti!X$V9*dN_>^AL@@-D1Z zY?q3?7Jft9JU4rPRSz!RsV!4Ic$|MS5S<%N=)MQ%>Z)tPmHeZ6uB-{b3*qFC&0 zBRBEDi?b)~SNH88XzEaM*7eCLtNn;Kq+WW^Vllxmt@p(XdCr;ppXh6NkkZ#>?x)OI z`sgT-TAw^EYbfTr-#tO|8KbhqG!!*7gk53^sI&C5zVC3Y^P#HV=UWF0{{;LM54&*w zW%%5uwp0M{3uVj~ZBG+Y)V&3;m2%!aoFmTlT{E+u)yue@XLS z?0rnJw=MqtrLxyy{EOH1B&=!#%7j1tJ>JjL{1T^dv+{$fB<7d)%D}&^`Nu0_{&8nK ztCA1vawu*utlDI9pNz5&(A{GSl@fJgasYB#qz$h3AnddMn3?S~F^^S6ln zs+ONL^0~O3!t4Ezdi=pdL(uv$!6>Eo!#v7-AHVvQU!6v;b$+=Roja08L@zp}L{D@| zDRIuDr{?iW&s^v=f1LYC$aY2Eb(sCmXjhH*>*yKQdT4sJS ztn%I)bM+=?-T&XisXIbXI zZshY?e#+Em+!{yr7~SK+g0wUQAvJ_kA}>pqC@L-Fl+ev$1x7U-#q+vn*Z9Km$aa-;-}>NE0w=X#^0>7uE@IcrSy|F zmMlo3iC?wr2=c?PQg*H9jdE_hWj5eY6z(dyVd>Cw4n1g5_$cw* z#!jxF>@=JD#p6p)lqymue(C=*{IYHeH~YB^#&FeuWR}?t*+jk@`3Y@rMM+CPvf@ep zMe#(J+Et7qKY@JRYm~p+M*iG!WvGkRP{JzpT}OUN%UkDLv3+@sEV3#56?;4f`C4VK z->l!dqV^9jORII4`u?5pzh3com~~RDze?^IM)h;9$B_BwJx-cLJpIwGs@E)bYu~8s zTGwCVxR?y%+6(pCgg>kKt>;!*R;TR$3pvfGXysRO&|QdEg|nr_fo7E_Z9ik2e~a?x zQrdY0`SgsEx7MlldXrp_myWcw-p9U-SBuCmYWZ=~ZcASM_K-96lS_Otsq|F*oE&(Y z^5fd*=|oTG+m)UfI^XToWeLbZUFpt6PekDl3CrKiE<*RG|9SU@Vt@MDXb z3a|I9BR~F5B~J>d&3{q@=*&ozyGj7E8%dI=Q;a^3*Rm)q~N#p(zu9Bi5*tyR~M~jZ* zqCcKA?4x&H`6csDxLJP1wW2`$=!U;r^Iw;K%!=OkDnG`Q7c#EK@iDi!)OfK8|E%Ue z-?%S+r+#7ht^1^;s2(rErrj^S&0)AGkn&~tr!@b?_8al1;(s__(el$~ zy`FQgw}mfgaV%bl(8@M>zU$)44!bQZ^^^9><418(#i>ya%4X$vS2WUaSjMYG__sBG z`=yRo-km0EP-1Zt_iP#4tRgjUv>lL}OUmCR{0TSbdJQ67QE%xm`y{zKtgefXqG$VK zO3(Tgu^wJ-(0QsJglC?%-gl@<4p+Db5_=xq?b6ait>%*(3=WNhHtn;Mb#}45J8RP( zJ0q%9N*rTK)lZ%)8Tl3Kw9lw|Pnhe_TZik-p*ZcrdfNx2-VRN@Z5q#PQl6Z0XewgU zKKqngEMMQS*(DA(?THfytCTpzl!}9lJEOm5-u-tK2W#Ch6^~O@;mx3U+{FZCdJvYI zbTNf~y+4HBP4pJNtn~ga*QwpV;a<;%vfHPsDg8KJPqRLY^S>bVhkr`*FPQOX$*TWs zy!NA45>v{e`ez&}?@&a_aJpg+{v?Xp9U^AFI=PQvwDvDgs=NW{alx4z+U7! zHR<;6Ig~Ezu#HbN)FWO}O#*Z=_zS#F1b|%Qb{Tpu`Q`N(I4$oT8 zZbXY!rylEKN6YnVx9m8Yf6t@Zt0GBzeM{M?H0@>C**vG6Hsp4-oK+u_N7Tp8qXGCE zwv`>0rfRd=*Zk{66|VyPMa@5I_`9M!tzzhly4?hRufpH{ZKZ$U)M5SV{3Yj|zr@L- z&R+(-V(;|E`z*G9_S0NmT5iv)77mU1(v9Vd7s?l(=ZUQzSK3<5(1ZNbHs3R^+ODw7 zPNr6jr4d0BNI&Vj>`0LQZ`CftrXAa(cC>HR3I7EAy%)j14F9y|pE3HU;_*hVjzh_4 zBl`E?uiIDtj2r%J><=e4S*zbR+~7zsqWRCKKZCw*`1dq_%JipLfB4}ZWk3yN(LSMz z>`J~D(6jIh<>$JY7g%#E)^>}rKLK?>=WnFI59x1OlS;cm#ghuMqaQTs-;#bNK zYaFub!>k+C!Tz6CUVR48v!wO>zpBqP_1VLZ)R7;B&rR=Hadod7sV|tB3rBLnV9g@s zY}=+iQU-s!n5CIb$|T zq?gF(giA4{&NG{?I1*$oS9&%>FU3)_t~=lVuN^>sOUnsnK;AM#uWhaxxBd#Kg{ z0vS{K{1?4@S17-Bj9>Bi5`OHjT`x9dy{z^_PKi%N74vwNl3z9b)$=PUV_NoDyZ`Qru8h)GGs&B$A*Y%kNXVE`Ut@IC@=VI!kaZ8;h62AJd zuHh6zf3_(9zlD*6cBwbldH?gzRTZzl#Ed)Ui^~$%-lIo?mQ%{#OI`npo@w-SpH_M< zb^MWWzlffiGdh0I;byPbs8f_0!e2+H>(TrdGVXW6zoz-EdBw`ZuE>B|v?^nnqn*)V z<__#mpr`hR%1`;eZ@BS&(Re-!pOlQ3&vG5k5b|hJOwnY~K1zz{E!JMUI7)l89Alk) zBcMuTC+sJj?{MyA!>^B`h67*kr@%Hu^C&G=>3<5mBcy|)36Y$@u-LuS;= zY`CsE;DRGW2)b&-2tgMeb(8@Dj1XjyfDuLW{ztE;Q4Kh7ER zjc7Ohr}$;FbA-j92=U97Q2$u~-<|>1=a%GcG9OIM;moI-5mLV9?m4cuK)?D3roS%j zH>u+41{SHkUSJ>qhByx(1+n*Ly`%W)$d4b%e2*K)Mp2&$(9Kx7S+UcG(g(pDAh{Au z13L*|-YfJV3}x@Zm#!-Qw!wen%UG|iw0TVJw-Nd)ZC2xvcURO}gQ+X@ogFDBB^(5n z)Go!(z`Q%pa@6=N?LuF%aZN$5jqtrui1e(3KK+$U-xNKOT=nREYUqhaT2Bq8($G^q zAg6NJR?imc`86y@tv{&o8D?~2@*#O*KR)(#%hI1^e6N8|;cHos^IGpMqK@m}JN;

tM~>jg8w?|Ka5PYAyECz@J0eTn}n@Jkl|DE<`J+Q6T%_*bQV z(^5avxd3yWNCmP>|NZXOweVQhOYILhP*Z}wMQZ-uS>J^GZpCuX>)UK8NA^f>0X zD)DS5oZr&~9gn=Y2}i=$G~TJnB^8ke{UzV&BKO5|Ahaz zdyF^EepT>U0-vF$Sp8+(m<-$P$a7;e7{y$KEYc6sc?dG7opSfb{OzeM=eXk<)w2w` zRZDl;e2e7Ig3s>LPA-2FbhU3_y0gg7JpkkL$jRlGLD%<;v&k=^U1!0k_>Iixjw}p9 zms&69_3Y@ou5jL7(*bye`9=sL((BU601QdvgYsc1^=ZW^Dx6Cy#Msf9GGr7&-RKgX zDOZvTM-mF--CkxCXaQxa3QI1HmPtusW9jqN2q|| zP-}#ap}??i$zN6uyLm*pn85a0P!@jgN3r47F@C$=i+u7&tUuW2y4}i-Bg)9n_kq7? z@sC>nqW;zYIq-`gW&Yz5KQJBCeoiBUpCMwId|rWYBk-w#Pvys$kD4#4Jh~zIa)yg~45I0fBP;T_&4-wy1$agsaLtL}UpcD>Eqp$Wy@1I7vp`S#Bn+ZCcL`wW= z&`3=AoW#)C){a&=@L8%P11EBdn(-`^3;pB#n)MtxT@6n{ouui)Fp_GYp3`K|uxIe- zTc5~`j%d}$++(4+yLW@CN9`EVM#DvjoT^5HNh6Z9m>?x&9H|((g`6ri z)eUjupDl>nG8O)MS|D-YnD)+1Q%k`)`yFUD1VJu3IW9mL-Z=yxprvgGG#e~Q-jgY7A^54#S!>LXdM zS`YH;RvDA$x`jBiJ>md!ey!(Au#Wd-Ot01l)w~>yQgQ2N)F(Y~Ro&O*-aj__je-B{ z73M!C^;+?MnK9o71 zFH_Nc&(BkQzKgO^{AC}G{b-9{OIw2Cor~don_eEoBR^3~7161J2YGmwdSDop@NW(L zFBPml!ha>?pPBp!$yXVl8^iTkHF;sj`JnZw=8|O z)A`g?DN3~_BRdAB$)Hc@kv{~Xa~XfDkURBM)_Y#`o|Cw8^7rSe;G6r>dv$G25Mrv~CA8xgp7xPvHMu&|Ur} zD^J$pcA|ASWM_Ef!|nNWdpS^EpK5G5b_fMKIaF67E zu?_t3=P>^KHER$x?(zEEPSC+p*X|5pIGf9F%z#Sqd+VcO7(Vf6sKMjo(GcUk9HX|8O=w zHSo!P1;+PX=F`(Lj+di2J|5XKFwv25oZ@W*a`W$Fxm}Xq={Pv$V;^=6kzM*En3l~2 zpyd<~2^wTH@z;i&&3|Dz(-IGSKQiC%aYGwP@%Kn={k?up)3ZYhIuYpSFqEV9JWX7m z&EtL8_p_eVF6L7GSCR@I2iAe#^>2)S=g3%%1Y?D7sscK5I% z-!h+d@LB$MTmM7(%sT?!b3TL*jmO!q!g+)bG9NY06eJIV4h5^vA?HNPpf7*uY4bCt5xLUm6Bd@WN zIftA6TIApNXMOIDbGUWL@BeI;f0q1k9efra$b6Q#dgMQoKCh;)!vdlnM)uqX{@{Zc z|2*wkel+sk-n-A9n~=Zwkh9w}hrwv@p~tsp3HUcG{&n$BvHvN)FHLc+3BI>Jm-QGD zzL+5OxZn3&QS&9rSWw23Cqy=T&kjNHq78m~pJ(mEkI7FYPWe7kyg+fS?=gr=ml^-0 zagF?}3i_*`&-CYImqGAd2H*KFV7@1bV{On~`9h{s@zTe26PjIa&|zGqdgULB^TC$S zdDV;TJp;a*{im}x(Qkr&@rzDJPj<~d4(kQahhuL*iosI=gAq`22YeFh)P^{Mb(x^6JzVGj@+f|+ zgRb^8rt1|u%D6`FA-a^?tnfI1=MOz4%-gCt8Q3fCo1G|rBKU+L-0ug|j6@ucJ| zhB9iO2Jj0Oe_rste;Sns{FK39P`y_{w`l23IzAJ9`s)zyM_A9(&=)~}^%FKEk zQ{&hdR}auVJp>t~?-=CFelyFdiGQhjPD(v96pdV^Y2$_ON#7;#S$hui*-PUAUGY3I z?2oiwBhfLFx*jgpnNJ8yIoMIW%sm+De;4@c7JpsrJ{PvHIf{g5u7SHTym-*` z&;DW9<9V#-E^A5l*a`U1JD_;t;%6CnRnYBQy7S5t$qviln;&C+CPW|aPu*4LHT=G5 z3;0tO|L&OQjy(nK@B-HNwC!NpAAE+ti}|Q^v2j0+Uw2`i{dgDn8y5eD*h%JP>N~*1 zKl}AKXZ}LwUlIHP&mTRL!!X(w3O zKWiWH?n@SZ&n=dnhr=@QZj61MO%|WB4sCKK+Df9_+ox4BXCyBP)>uj`jcQa3kPl3* z!s71j0J}RXT|Ry3QNLV|Y$c(_Gl`|aG%geOr_qo$tWs4Ms)UCk0mb#!({aA#mpMKV zY%Uca%8nidRGu5bIW3D%`Hi_0zE=hXgkJ)_<9~&*gS^Z)rp2ECexK!k9Q*~~_n!cN z8~B4KsBh0R@Lt*p_~(It<(T+msPh=`3l={ud3HD-OclZV{^2 za~twDe~sIFPV&Br8^_Igriz_Uncvm%0KCWD!y)ARbx_b%wOi%ee-dapNDj(SaF zp^Wge--Nhi@%s+JM=J&RMc`ku_;Z3^aQ%UPvC8!U;$H*)l*L~@48JM(WXC4(vu|Mi z)p?_M|9BdKLTwPIZfTh0w!o*p#C&!|uK0cTx_5iR&piwA?Y9}fBKY3!GDElVANW@- z{+!?+Y6q&<1n{>ke!r}b#q~<-dK51ltk){|EZ<-~(-KcA-u^A;%Dm3i2LAN#G5(db zRWzQ*W>S*~#5-;#iw>EhuUD%FhLHTT_-y#+A27dBiR&xDyf~9u1V21;^J|t%^mWkB zyp8DxM1K_z(HC6|%+Txh4&b=33i|pVF@0I;vlz*5LOz~_@@FAGUBUP2-of;0obdg_ zEXApt{_Y3|R(3uqa>Wv(WEltJHTcAhj_`TBp*tfI_ntfA%JfMtWU54*LOZ8g?{qVb3Ulo@J966n|7_b43 z`du6N*Dd~x`0I4IuAjPsi6Wjke}PyJ!RNsz{~Uau=+9ZM8h?F!2)=vLVIQ#sK6UUZ zy@&ZAW#cOt7gt>eh7UoHinYWc=T^v`o8VX8WPTTgpXyI&K-YybG?#OLjsM?*_IoeW zU$*L?{d|8woA9X^8Z2*L(8C(Y%FZ}z!3zj2fKZg%8*l)fQfvfCK=-uwXbtsZ8#lGtq)<+H%g z?J>TJdn+m~EWo8)T%dCg0?>3eFeTyau{8 zOP7=WqWWiDx}-UbApNrjIZL2#wps4D#4q1Jd0(~`v}?xvW0753k zmHuzT{>6t`u8Py0^sY)JIPVw({lrI@{;d0JgV1Lg{AwR%ehYxjrS>Px{H|bQr7b49 zHt23zy5r7Yh_3%C@|=B^r`l~%`Qt6wc;JZ-`F$01qaR~BvZJ|FJcXfrJS90Zz`tto zuZw@oi5&CtEMOiGi66;X2i@9#vz!TfNSCq)?FXj%-K{%VuZkrL>@XyDAUWyh;r)<%Gd{Lb`O@d1=s3A_K~qk2dC=uEOxF;)Y1K{@ z%H4H45nT;*(-)X-sbl}04%Vs3ehZ-M`81~M1#B*5KUB;6Q5l8Xz~8^f_!p&p_oDWl z$4BC&eUYa_XZ3(qWIbrsRR*7rb26X7e20YZWSBqE+BY7#^eL0N3BKw9@%13@e}ixH ze$4lp*b`CQ<$)maF`cVV{b?0+yPs+6DeD<~LPr~d0J*zR*5m=x{$r@m{h7W~JWY+L z=73C-|ADUcK&ESo9l|&qt-@Y)ZA4)fe5hUP;4}1K=A-(pSuLL`c0l#MPm&Cs}!v1IyKRojthn5)>3`V$!-!k}ZeId&~4}Lu_Ks@`R z^WjJK7zMw%hcUkfDNR>Gp4SU$&q9rD})ia zRk6uud%h2O<+q&OE@kl9w|q`wmj>vTsw`iv<4PXv!v=q+Wtrqy{I>K{iBl=sI&rZn zc##(q3IANhudD8{$;)$?giL=c>qCBHE;XNq33;?Y0kvxh_)UvnFv$2vwJW#}*kwWf z{RiMLIsCLGh{szqZBqG7cR`OYnN)ND2`jq_84HmDsUp^QAM$I@FQ^ zqx$uKKh`BIe(xdpLkgelH46L@i{B7@8E^f11aFNL+yu=Jz5M=B6MSYZpOcP9G#>1N z{@U}oo=f5^2DrzwZIHdPB=;mL*^4lHPPr`h~jQ>A~_a45N=}tO+PC#xM^u_OE z`n%(t;wI!z{Q%29ZGK61$W36qW#V*pFzpZemZd*a`-4yUMXbkh+n@B`23`7xm~I@f zxm0{H`7ZbH;sxD#fjEo5+>4O6So-oIey>hvp#u-Q-hX@UJ$tT(8ULZ*O{-ty4t|b! z8}-Zmv{Q_hT*xkM(B)sucDXF|lKzAd!F8t$y))|o&=URN4`F|7is{={EaVn^UOMUq z2AG0AJyejsSp|L#^jnsGzT^5|JDA62qR$wP>q-URYh{H@`$Nv9SFoNW*Iddzv=7^% z`SE+PX#XFEoh<#PJ;$T%dzZHV?e?$#zUtC>ji}00)EBfUj}S0Rd3zJ$-i?`n7>+l+&X-{uZYI> zTZzmL|CWI~zsP!B5xPmW9|>mzXh#D2dYFft82mpAKG)xHHa=AEUGSNDBlDrW&|E5C z_0w<^PEBr`Z=PgTDGEme*iu!TN7}KB^A<6^lR7F^`{)_I;vHv>&qXvkktx zzt4KqI`VBC!8hEWDWg7vFGZuSGT&<*`5vWj$d}rw0lvNK%va6VB+g@9#Kn1Pr)A(* zEPe&Bxzu`72FpLZ;Dl7JDEEX%{=E+i)hjG0;`s&2&4`FQz?RY7N67K%z5L?2k>*-Lb)R>N{k6p3eN17eL#eFgNl5 z$=wD0)}Jx`uE^a`^mTvm+rBAL1zoOzbH(pry3X%e-_-Fw9^Yw?g{N5NSd}@uEihzI zyVoJ7XN%<=700MPOTaH%{B^+QQu#oq@x2AQo0hI($%$M@XJ>71k0tJC-wzGrUy zstmf3ZKmru-W@{M0Nu>rolG9tZxwW#f6sITn@h!Yzs-pP8qeCm->~={_v2D@TwI#U zydESVpZ|CT^1pv%xz$egF`w}k!o&E~!Kdea%;&WFP`%f|r@zH~dI6hD*+Gx%B^2%h zKWFiWq+gtBpNr&|UWxN$?`QcFES=(s_!kBmw*XG~6Tq)n{K{eYP}t#9e_R0mwBs-K zKG%H^(knZSb^JZ9$8q#30)NxuPuxbm79i*5hmNn;Ht;XC8GlOjnhe*y&;I*k#h=9a zp8q<&UNzufwfMJ7FY>=_$eH>G>veamLy!IxzIX63mcOq0S1|9$B!72;{ILl>!yiAs zeK&zWY4LBDeP^Lp{#7{N)BQnn{_~!8KD$Qk5B+X@66=>v;{jbN9`e4;N;pJQchKP) zF-wD(YHJWH#R3w0l3Sj^{>Qyp?p^i$WXcQHA$RLOEH~HjJW@|kU!qID8t;!~nXUoY zTxx!hksqY=?~#&U=0SJyzD!qPsxaP1@p}yT1&god)8`tGs6LyJGkl5lI&Qv4bUipT%_Q+~joF&*>w^ctoTo7o>C53bytmJ!Zgf z{DI7GT;jIMcTvQ^n`2v|BkXEc$75oQ2kNKxXFP&#>MP@bg&{@#!Te>MZ*Bje)?Jzr1 zyKIBL_ysI?Rr>#QSg#a)$Q;k4VP*o@RD<7txQ=-8Fy?pCeNpN!W1zqO#Y|sewu${^ z7Wiux|9174JoHHaEaJw)S+7gdKCzu=JK4Di`o%{uJwgy)#XDD&-)*Ra+vc@66mloJ z>PrkA*=Yv++Jnq5YuO=gANsx`;jfbZ7Qa{U{XQVV5C>_LQ6AX_{+h+VUFRH0uhE}_ z|2^t>?M?l+0sNZ9SLb|uJq}qPnt)p0)N!v4+y@u88uC!f2)V@zgUkNaPh8$!aDHhEq+tvt%UuSe;ZGC+#-fffmsak+XTP;5te@*{Q7paUW{5{FowfF*@v8;;z8cf-il6CuMFI1hU|vD~)b}e` zFZ~{-Q+dKpBo{dz9yz(@UEc)L6-ECYHU3UR2bWnIiDmq| z3%Y?9G2PWp=dI|RmrUg|DYAru!|&1|7XaTpI#=OGneU9PAN+XQ>tm*PtPa_K4ERlp zzbozM^AyhS_O)EI&fEmu@Q<^c;ZFLeZba+V&43T-+XA1FmolF|(bvmI7!2~H+^^z2 z5{rM_e24tB47&8oSk7gs=VatBSUbTZ=Py0cCYZd@`rbh40df=MBXM>R)OTUghcZT_07duLROy45|MC_#ek;$N}odY%FY_v1X_j{$%41o*SS-?sQi^;hb5>%iZz_`PCJmABM& z-U17{B!=^zp4Va?|1)g2)6kbdKYjgl^yH5X(2xHt(+`RMbIKo9)H+e(dskKP+Xla@ zKgaxT=l*T+H;}*nBFm{juDSHS7g9~<2;>Jf;P<|U@d-AU!q@pB`C$|IIg8(Met(Sp z$`<(Kf0^Z0WnIz7e_juti^dU54`m!QD7F9C8Vd38;=edXZAtAvcU8sB0sXnc900r_%yhHIQKfHyT$5I z{;K2Fx{pY9#oUblpqqO=(;fG`1@((2=mr*<4!3-T@{lx0oWwXQkOWObM|Nw2N#hO7 z@1*^l{BiKN@P6nUnLa1_R9u|QbT7!6`3&N0#YS*M9KHn)@RW}5b;i%V4()95)w+$J z#~}-G-P+Wrr0|d1zGR0w=*EAC^*RaNGU&Q~m+4wkpMtc*nj5kFz7562Ht3ctT~7R7 z?3d}@RUVX~4DaJ>u{0v3@s1KjkOL2b^!%a`LYk(A~6j z4WW~I!H)_qDL^9}c2D)(2A}>nv;0ch3Al43iVyHHJaX}YMimXFb`THsgRq?XQ*jaV zlDDv&w&<(Jt?O#sf}K!A@_fAW`nJ>2lfR|ki1p?_vh*sRgnp8uxx=(L3e5^UXyQu=e3n<45Ba~jRD3}sbm7Ic z`vmY;EWYZ$x*uXbdwBmc;~(h9{+Q*RhJGLPm)?Fl`dw5m|0aA_&(aqV{~5B__u=PjAn>_zKM8(7+u^(GqUHE2E&mQak`P@~7x=)=0W5`Y@n z#ud_g;s(|~{_zt_?|tY!_|4~{xH`wo3;kPdlpgq>|$|L(o1R| z4O07PI4(wfN-9S4>0-2x0yQtI-a7uz{Q=e=_gU{j*>_kus5c(z`I82_(Fz)dEDcha z&~RLgY9$q;6?HMHr9jP#+M$K|6z=sQb6)jg=XSt2F&WlJgGaSPWN2+#o9k(AN4CQZ z^lrWdd0CqEPRsZ<9gS}Yet4wYL4%ZKY8Z-XuzM_osRIi$jm!=*f&cPv#XircuwE;& zjh0A%`Jveh6jI-@C z_3tC%EPC0A`Zwuae;elU_hr3z#BZ>99*p16TkWTt-lW`!{3fZGx|>3WD`=2*<}^&5 zPOvqyH7n(T`9Ff+Tw=X%b{xNNNjst2t5%~Rkl6T*B+8|v!bG-cBIh^<6*{iNEl~Ye zaqjzpT>l&5Z(+abE(hY`&-zF9NYpK{8?9(DimPoeikB_uTYs?C_cr9Mr9Vc#@DS$T zYvp!|m*hVaz+boc*^a+2KA#wO65U`;+az|q{iMPq%6P7zj17OP1#D>{U7Sr}?o$2V zj{Su%WP2@jnnwlSggEH0i9V53m?|dP6wJvbDz{-}B>T!j*)bHX-+Bh2{2=GIVu_i!_dJ0)NZm&xzk}gzI*xYp@2M z1q%@hq!pp0;<>Px-u_HNhvy^}Plm;?m%`SpP33V$1phDp8P0z_m+exPymB#$cOy7M zqyiSb2&Z8%*C4sLhT~$yH&v`ljb@Zzl>Z#(rmwPIrL-w2CgP=!ruJ6hI{?Ah}kUZwA}_LO$siR?+=(!(>Ym3Kq%%RqZrvMzloswU98tli3g}p zFy3wkRiqfNYHZd)H5?a1EnR$+y(mxIgkHnn&3er$z0|twKDhd&SQ6<0dih46peQII zMI4b}nRr!xFV?fZhvm~ciMjOqJu^N2eJiqK9r!mb{ynK5=l%lkYh1H__X*UGH=*~H z39Gm2FQH$iOn*^b5v{nRK+|6o92dheH9Gu3fg0H~Kl$a@U*f%vA7Z`cPVAT0l*5@$ zM zmI+_i&!n?fE6j^`ke!x68JRF$fqB1aRz+$ zET8$$>|`(cHFoJg>RbMNvT`mgErj4&2u7vNuoRY4f>Jjk!4dIxfK5K7iRnkZ6dVY_Bd&RakU&86EcB&E8c_@%&e#^BpHAWRF)Rkht zsNuiWzr{KG-{pQVA>-;sINsAq3q11aF&Jx*UVhLp(s%`G$OxvmnEyNEdB4YU)%pHO zA0OydWI!f50DlblZHuqo&sXtxT;ebF*NXI4zUBV91U{p0X1Q0SzSB{C;Y)br>TA*+ z51aY?KKPWD?^?T2d)0O@&b{TXm)nBe^2%K+cNg`o{$Iq`x3S!I8V~3S-d{>xL>EC` zWXBP>=IsLD$ikW?qXNPC1i+9kK*tg(p#D($d+eXQo$J|WDrxHJ$2kl;+?DZ|@F##j zV)1(cn@i;hK2D%u6MqZ9AF}xBeL2;CrlrqhAkFok6W?RpJd_paJ;(w_@!ux++_7crD}2KGX1Z^v3R4S>z>mEJXpVvS zqhRJwacl6OG4B60^Uv~QvZt>nMs8m>vP%{C!xmqylOes(?U-7k7wudNxEB^lUK8}U zwvQ)|@Hc_KeFFUSO|;ty@CSk4JSM)WKk%n4{!QsWas8{9@El%$&=2e!ul{3Hf8b{= zensR({gr+jvDdhgnJ^$uDCj`CT-U{jl@6EUL-Bn$2l@}JUvC-@=u+bt$A_*^p5j5y z*B_SB53D*7b7R& zvrdL>3IF#03&xY1Og}92Iu4KcXbY_|%&DM^?&cwkdEhre{NBg>c2qxA{e2l-(D!#V zkpNUT1)SzJ5B<2i5x54m^Csw~{*CF@ty=I4 zzg}ZLK*#S0j4`IZr>UfCA>0wf|0$)oDuZGPe=Zys^}Y*t%8IwzKVP>#kQ)y2mGD4w3fZv|JOn*3<>{n+Qf#r2pJJIsk4=*RN_ z+V+x85G~rmCKOk)|Az7A!_2QN{07{xpUR^*u>YEMwj%IzA7y;PKlN$v{z#hK{Z)61_<(-73_kmo&;Dl__J@o+E8)nZoQK983T)z8u>;cCP2}qS zw&i;ZoHHp-5x-^d%jcNidBnY*4B^a90m% z3Nqtp19GMx&T^Jn3dt$Bao3#HEZBYtYQAMeYS(qp_dJ5>*AJyfUv~6n5#IsapL_lj z@7Y=Utk8Fy*XDsgVet=NUxFi5TpXd4#sMsE0`%!Y*7rE_7Jz@#%2W37{ms~CSnR{M zVxJc1t5)7=^zHvI?B5?#Uy2W-z~8X=>ibFFo@k9Ao-`Cb`MJ>DL1Oq{UbMBK-&L$Nq)5PfHFC04>q?e+1_Z z@+_|`@&p7yI;xOTD%4PKL+|COW!5uGX1#2>mb0Y}nVeWVADV5Q< zjQl$HQN+Un*SGmVTag3nIvb%zm}K@E8}M))WwKFelov*&v>>T?MWuzr(kRi5XwOm_ zrNI&ByQ@Z1iPoqlmbMa0ClX8RNu?C9r2<mGE!vWBBguDErm5bI5~N!LR38=fkfC z{j&d!e*SFcS2=wBXI-u8m{a?Hae;!=j)ww(vQa6b{^+5uCge6CH}}mfcTv`D_ri5@ zdZiGL{BQvW)FAD-YZ!Tw29GF4gDGrGKs;nx4>1h?4}KiuZk6?{ihZzG(4)UMvWU5i z(zAO$f}vSZ4tprr%3H<%O~||Stt_wIF>XdDO9I!+&}%8;iSac5E(ogR_hVR0EIyy> zaaO-yr}Yo;8yjPO6A!fpI}o3Dl6q*o&VLVyW@m}d$+WjGK6fSBxf0B*=u_It9aCq~ zijLqZUJ>VXV(D07>8-@l^B)%)sqU^zuRNdrv4rlh4St1b=65~q`^Qe0f73)Ak9<5e zA5u^-rVT-HGlUT%gW}~7j;PT(3R}}!^=SN=Nq2Yk&e(n}@pU7LuUo-(A*~hxL#lzP zkA|U$0yShLQ-0g?N!?w2Kh1LQka1b%?~5*JFJ3_O*7^Ga^elnCW$AA{#8&7)JWBSe zfkdA>OFt{#^t9yu~j`|5p91|XSDoXT^z-Emt>OcuAi@#^fM@~0SO8kD5GX7f z=~xu-gU+6VFrX$Odo}Of-PQO5*88rsS1!}tRe9?tp1n4q_xRgb@0$2m#jjJ)kXKQy z?C;6pJ%EPr_h>DDkH&KM9>ug%=>qc6)w@>i68vKoa<9If=;8?DEM zXaD=5@8F%?T|*m8r_N9Maf8lJ@=(F!LlyXQ7C&o@jeio(%gq3P^3R$7h~N)+cScp+ zc!HsbZ!I3_w+Z^|mVQF$MZc=(H;D4|r*?PkT70#Ssp7?y*xd3Xx;*Hr?_oV@UBFzy z_&MYRx#N6hysUxlx}}@6WP04y`-UW^3H+NDe@pPyc)1{Bo-HT3ZO~0^vVKcKcVxY? z7rVRC?>#{0?Prc*as&H%mBGIRx=Bm7-Ep1bV)R~9w1P&{k6yokYR*SDNuR%AeXe)> zPFA#|m`bNLBXd^N@rABrpMCHx?lRw22meoPs)?(m8~n8Hu3P`aba|O4$i9F%_+>W+ ztc6J480hx@ndv5kZZVjT8Ab7kCo(3^G(lH*AJbjzXx9OyD8g21K7grTw7}<%e`7vb zz~<`E4+%f_>6p*F|9JQ%;Fo~EVetpVo*Oa_nTbANn_y8}dkCG<-jiOl^ap;6A7J_F zJ<4g}*S+pHU^rhxnd5!EV-cdJ;31X>5R@Qr`Vzq+<#5q_G5;CeUD*$^em&BjAoAnx zqT+!Gs^tgT1^i8be#g?M@4y4P4$K$B_)Dkjog32_-44M*2<`-6M2euMI7P2eb}LS# z7Wr>~7W0LVaDCPOsfr88gb#@eRnVwMc)#V zW6fVE)p9b9MF2DFuSX1wcy(VBQTDFhC4=NC|YKxG?jX-CYA2)^ADt zOZ#v@pr0?10_aH>oewSIrJTY0u)ZVm9mgGI&tB*Y z*xD13umeD0r&Cc$7bPGD-03Bb4h#dl^95j95gP7@!Gcl*(|SM($gWHHo4r5m`WbB3 zOKEzFt9U0U-1x%Zu<&*bw$#WEJoDoMXI6XyDwZG6-8FMR*87_H?@Ey8WavZ~9+6A% zv5(0JUW;HDE5JvPRy-D?*z!%hsc zlXJTFY@h?>AxqF>w3qc>1#B*ydkWe&_})8@`z_Gjv~=pdgT;U@LodGIk#h^np6u2C z+1*{G2eaHw`yBo-C+)lJLnY-Iqrl&@_$|So_V{KZ1(0N!qxkk7xYQoApr3sR%d3jL zH9eZx)5H7{??ymCZ9nW5bUj+V@6X4f?pF1W#)u##k zE{lIsds2Vd1^t4hFNh!Q1%7W{R>33od*gq(-tMlY%WQ{>LZ|Y5gy3P@3bZ!w?h&c^ z7I6b~Rq&bkeCAVp02HF@z&xi5DS``7h#d$%3JSj?9Tlc7C6T74gNbmw^}Lu!n|P=q zl?^$EDyIsGrO`2}h_;-lRkY$Up0#n<+Bg6`>P9Gw*}3N4W(j z>UYaT_ZX&|V|L_MUS9W<%o%C?Y5_m}SSv@y+eHg!9#l+P4b6J5OZ3$6Yrt;~(h8OH6lF)|2A#dJE=vajSU2O!+-* z;@B?uOh1YF%t0S>1?&AKS>w;ZE(L3O|CrA+_dgW*gXOaz?dJW>^dINm<}kVk&}#l3 zt>*6iW7B^c;6FIbdhUy!KEE>OV-d7fU^IE$D(G%mI<l~fL*79 z@xZ(vk4HQn&{7iwYuLQspdPTo)ZXRKMI3l4^WPFXZ7Bant`Cs?+YnO!Y=G|a)0j^E zeu<`=Q*;^gcBf}Ufn9*4GFaUsqA~0}>rdlt_Vc>CmPc5RHb17gGN<&v?i0P}6-uHn zgMR!Or=ur3%z(b{nFs8!r{u#90Bw9QbrleH5Fn`xcJPR>gT3bpQ+&-`M&9^MtjBeJ zOm^_`gpRXwROa_&O2F@Z7US#P?4C_f;5 z%E0e`4(mT<)q&sm`qMCE(+2bYavk_}i=P$0(ftkMGC=F^u$Twn!}gv9k^D{Y8~T>x z`$zf-A>hapE2>crGM=bsvU~`>fJX!{yMaw5G zcJuwyyyE53Ci6KH51@zmdklE)-aqF2zaR6U=W@N~teR*?-_OjDz#R?a1K7BG)&E98 zR|TI1%jdlHTmt`9@E`tG*7FnP`~&&T#1~<_`*zlwU~{Q{URM2_;@kr8`z$_Qjdb`s z;ka#PLwM!~ZuB+{qQ@u@ao}mY;p8u(2qXf z)=Tu%{dwDWTf;%RFv*_*{m|Iy=*fDBlo{aE$T_`R$_(653%_d=$p`L?;j zd}UeL+Z2qF)a4W$;sb&x(@WmchUJy{!KgejMmeA&FnGJovq-67csyKWgd6WPVW@>EYKn zUX_|jzxtDY`jda=Q?B3fv-keF%+Ft#?J?V=l@U_-J)7_Si@)6ZtH1u6ZSW#}N?(F? zvumtRm$ZW)_cGm!Zs0rc{vWkt1N5Wc&-90_H)rU5!*OdY;L~N=A9S0RPJJh4L)n=Q z@B(H#JGy<)rGJp+^@_gJLPtL*0Z_=ycsKZP?0;Ii5u*kEQR~Lt1?gbqH&x(gCs>Zk zPy9GSDIX6VJf6+~|LO_wSAoB5@ux+fNna0|t^=ZKkUnkT=U&A69LMkb9s%dD_;bR) z;^K*3XCVG%;E!8;Y9Dhc`;3Ztj6LhXubn`jCE$;o0Dl+w`D5Z!ev%zT9&hoLA4)u; z26HJxW=QTOeK7rD6nv&EpIg=p@Dn`_%&WKrrr|g+3;Mzj9q>=ppHzP^^KI!I)DGKJ zj~{0Gn#lL{pp|~E2HFheJ&!~@vH0VM_Xp_f`vXll1;DWC0R$_1Z`!vCz7vxN^br4t z9)bS@f5qY}|LJx92J~Lz%+PrPf2+V>wfIGevmT${tBp>cPdFz2oonW4z_1Y2kuvJs z4uWj5bMZ^j&OgTWn*nSto$rGkw+vz=3Twb`S^PDz^G-P4norZ<8TDG$5%yNF6@&j) z!LRz`2jqMEW@scS*eKTFJSWwo=gW}ySUy>1AB-nOH=Ll1@bkc*IVL`h4`aZ;X7Ss? zU-yUWz7Is}3e+zbK;QopXR9aiX_Fpj;pgACS336wq&SnQ{kA3jjv3y#9%@uw>VcPfPXn&6A^N+$l^GjHd)6h?V z{>n?4{xtru4EmO(pRwwP^RuJiV(@IblMm-y7d=i1B9#-|KE>)>5)M{mx4dcbq*G(lda`h)-YH1l7S^GNZ!8HD(yFtCHp z8l?4n4M)W(dIdhIypmi_W1Y+?5zsxvb|OD2<&l@Xn(HygkAu80_#UDyFTvmHpj)wY zU2=X1L#Xp3^W7dhq}r-`ucC_nPXfrczCLt(Ng!$jUxc9O0V$xkwE30rr=RC`*p_xs zd6OTI&G#SO*i5KZ{AIri=i_FXzAtSV6z|-N)*0y4T0HaPGa5pJsZs2Ist1tiA$oTk zxeMg1y@usn>v*oa6>g*I`~$8Kf50v-o=T*Swv{7dGJdZK7nFbKLe@Y3)!0XwXZ^Q2 z>OU5qcZV5-XNG3H3JeQVF)hw!?%Wi#|jv?-(=fc#uehK;JY#i2EAkjla$O)p_Cp z$3KXB^i|veSIJKIkmqnb3O5hQTY|jN-??k#QM>hhE#4dWU6wZ_?WXECCHfw#e!fz$ z^x<{whum4n-Li7CT>XyuIO(|#{AG*3E#pYk&S8&B?I4P|=A?L%PY1B>Iw(er6J%0} z9a);i|axY7}`1x&ye)7b1$1!(n$j$s^ zAM^w7VEPGu9FEr`(yW6h?=NB=Yw>B^HkX>`nWJ;#*0*gjjVD#mO|P*Wbq;+)jqeRu z1F%gL(Zd9w$(w>;7!P3@Ved_S)*+|=oh&D3=S`p>@z%N<+)2?%nU5byv zI;Z8cCvq#&|5s%$W6MeY1n9=rS>LnBUj?5{%jf2y@|O?D&jW8CboF;xdmY-IbvJQ` z>xb__kpB6{;{D)vGd-4C_)_~999L&_mr3b&*olDbR|lWc2J@l3z+AyNH0_+X=zg}B z;=?lNHY^?WLvyM9DO%qt7@uM}E#PPWjOD0(S=C==56Gc<_B{^oNm{zAQqRROAEM5N zM=l+T&Y`ryXAFE+-^21ZC0_{N|1xte|Na+6q-%%_`T@Q36Ts*o8b9`Wg)*bZu+a$MrXP1WDP z(Z$k^-#s}0_lB0BXZ8u`C+|C;r=HhCQJL36QvpzQ0fLg-`abzC^j?SFt$$^`+tRrL^^T*0_Kd0;#(0jUPMZA-T&?YMEU9q~xou?Ov-9tCXmiubUOkMR|`2d7*R z$xSCnULN>67Jp0dRo;vGRje>{6TW4{QT#Un`fH!c@@7TfD30v}0R__-6<#n#3#7s( z*Jm62mo74Yf)7;B)cQnUBgd z6`$mGp8@@KOMg_m8~+D>%i@!KbE!PsTL}e(-v<6Ii=Sm|YUe}GeUwn%_x0$n7QZe1 z^;B_}R%p(?U8;e z<{$TGeJDPdOV1-PaV*$*1o_Dz@Fy+4I`5t<$8#@M$m&aS zTA<55nCne^%$0C1Blk4e$>JYX5AvH5@b^E5`CpZNc+o2ppLg2Be91*)vrF9pf*;!w zlCwl|`fjfrvRCdKAm{T~P6e>Jl)Y$55!$dBuYP8y_X zw1yGz6=?i%339G{ALys`LO9s6Z5 zTEH6!`>B4v3p{K18w20H0oHp&{3FhL)`B!AL+ku1?J@6+1~8mM!QBM~^18<^1BQiKg#D_-W;4-_2j>csP>a5{QK>2@F~TFIuy(sGwW5M4-@Ms>Iv zmM(-~gxm~EXF@PS4%IL({&m(P`n4PLu?vNr>Q`eWjl`kpX<=Dm$M#9qGb~NfPrGPd z=O}4C;CzHdXpKebky?&?@g#bsMxsiE&76upI2BuWHP9p~O)W->l|pR909B2MIQ+@O zxbLP~5$jsW>nvb$kGd5IO07nEgr08Rg;jM-ZJZ2!^JM6;BZPhu8+baXN!&B8hov_{ zFsx?u;rZxC4`a@uhjm9T6mbsaM!($@dj+Kx+S=D6-wt^nXq-zCdeo1S?G@QN)Fd{+ z|KE`3gLa9n5e+oam=!i!JQ|(|xf-fb3Bhv|bRw-zgnUn|f^HL&xKTb{dk)scUc>p^ zyiMn@{xIkBK}ya5QCdlPa})SG7Jnjb2@d3cyJ0{)@KbMB!zPVdI4~YWnEB7Q;Jcu| z!g@}Lo|B^II3_2oC*`>%;OCo+-xhqS*Ad?>X@Gw3l=QStvJU#@ud@8}UMHdXKz|kA z7x*>iKO^wUlZ~gzsd4$ zsd-~KuTD`1*iaK|fT$l+{}=;)c9HpS3%+VE=;Tc9ZyAx=dja%|mVQF)9?zdKzN+~!9of+! zWyl&PGsrH3hKyjUXWzGB9r=x{x0*kDzo$*Yf~h5+H!B0bZSmDQ$aK_RU1%>n^9v!z z`rSLS!xH%4@jI-~U1bN7+mFK!JvZ)Jxr30~gxrg7X1Ptk=F`odgW*dj=V!Uci0SxyHoV?c zejeh&TUpOt+a8Du5+7+6;DVhk-^c$A&{bEMPWkn)vzz(NZP(6JzfXvJ<(pb(j4sY+ z$OIH;8qY_b^M_pjEA)^qwcZMn0UKuc{2%adT70$7B=Og*$k_l~ya4C0_h3u$cpvoR zZ)15YfX$`kncaJq2p>YfaQ8r@ewoKhvwN1F;)A)=zJvMXfb$VsO!cgRuK$l%Zoxj+ z^~7lF>q+=c;O8y=Wx@CTY1s87lo9?W@COg__xRx7>+DGQ>F>b4sl})9)?C^SaCKL8 z!XE_wHH+WN*wjv*|4_ug3jC`l;6DTW*%ROqgMm?J?~(A_1(~O)rkd0Q;ww zUhO~l_Lsx=ysumZe&L-guPEbCLE;+nD%VfwtgpLA`oy=)X90Zj>&!>(Pb)r)jsX4j za6YE~;4}Cx=F<{?QG67wK12!JBK`))5vMHuS@f6ypRISZ9_n1a~w%5Px*aVw1M z@9xo#e9QK$fzR}xvt0GwoZ>U@2)G>&;X{773_g?ZIllfa;ICQy)5-` zqJEgYhI2{(&2$v^%%$>M@4zS^{37tn7Qc_N$*+9>DLIF?_%+4W;v=K3`-b*>4#l*0q^qnBkEp1M}vEuqTG8FxGTo6#^ zMadHuLq9N!yLjdr-h3HYffy$eN-0bw6dys1yzunI%`*^3dLc1ZdLRx91Ur_oc(dN~ zzjnk+<3~70XFHbA4`yG4dD^G59o6^#rXznGrgdcHfVAhPU@*c}$2w#S{I))W`L%NV zT*qn7mnvx&uKDa!ApoPF6+3XI2AQ2CH*sldGFaq{i|IUeXJT59NGQF1wA+btrxHtd z!&1Z^U4=y2_^bBaA#v(jbR;1xj*oYRtw<9Mtw=N&xm0MB`%#^o=iJdbQ5u^A7WU@BvpBDB$nG*WY6d z^Y^22Z|g(j{u1O|eK^Y@*jy^#0=Hfx1qF5d?E=4Q@wa3@B90>$qc{QuRTw$&y&1HH zE)KDEp;3?W(Xk)JKH4Dbeak$>Kf%7hdeEkXGK#+@=xUE-x^2-PYdJk`Ua*Q?Jip$M z8beJ4gk~OqUiO}tzl`~-d8f~#)LA0)AxUps&=%sj%%6#c_5t-B!YBuLc%?Fh{glgJ*A|$`q2EXaAV17sW z36=L?kZ2qepX!|l{*=XU0XA1KpM*}s&fj5rcdzm;l3NF#{yghBY}vpse7`|Y=N^GF z!e0V@>6rNBKfAymv-oOWxhUhXkU0UW1Fpc{J30X@|G3Sny8wGMpD-=m-S`-P1$TbKV1j@ip9TO z=VU0J488>Z_H|tEg+ucf#5&jCPxw0^G+xhu|Ll{Pe>rU{Uc58vZ{6EL_lnQCr23-n zh$yCdW5%R$>H$>t5JZywb1y}n@%5~S8W(*&rO&-k94P^R-r}n`=-bP@3U`>FTX_x8 z4?LCSskr3FVZ@_IIAn@>TpBcHNXx@?k52+Mx*ik&)xKTMhVCi(fL0Moc76hiV1Go*v_`3H(Wm zKPUFs5qp@p2iR8I9Ch=ckwAL3z-Q~3tY@!zihoqR8dCm6?T~vp_9HC*s;qbIg!>}& zJC=AvqItrMxm5t~Mlh@$lrIOc)r;yq3;8|IVtv;o&V=JoCi!ptJ?Cuop!Qn;pOGr_QS%45u^T@yZv;e5LF4!~@Oz)j`0Bkg@nib@pL1m3(>02} z>?`r!qowPY{g;if-Oaf%Jo62YcGVyaW(qdkyG;M8f&bd`Sg)ho2_@xLxJuUpN2>yUGD>9M+*B?orLExW6|El6Yb_joZ5z7f6{xiVe zKS6z0fq%#I*`7z$w*>xe#b4!7;zwr8wvI&80i=2!LMz*QQxnp+_>9Y?L;Y3AW4@2;rSc}#j%vX5=Hcou;lEYTuUh&WGEQO6+T+$o z_SK}-tV#Q^68vOx3+EPqeyv!bpr|uZP=dhW83?^mochhg4D|j1uJ>```2z48Kgjqe ziRZhZyE?&iy%Nv&4vFV@rsKH=DV{5s&2Qp)@zwYppC4iVN5vnicMbSCi$7rbz>j^r z^(%lVqw%Pz@F%5xSAzMdSyjR#uRfiZ(XdI1)B_ew>y+uAhX2)B|Nq_hQhQnE10svc zrsU89l1n?N2X-v|4Bo$a3EOd0{0!47+YdQF^+XdhumOs1H}oJ4My2$9t%Ty+NF1?- zDU=>sOXFCSr;J|5I?v159;$!Oskk)nmle$MJ`|B1Kuh$qpr3!m0s57Y9w5<##{&)h zHs~v_Wcs$z3jgT!2D3so?dTDf?LE+{_{;q)&KFKI{a(lX+pL+W_QO1TPJuM|D;PpN zL@K4hw+=b8Kgn{Yd*~^ycw9^VQuJ0@4>0tJG8t~-Z`#G5%np&wQm7&hOX13zGkl^m zs!vPJIGliLs*8UbKZoBp`vtZ`pX4)(VgI4GzwyZRmlXZ3iHEz&u;(WDbiKy%aUTqg z?U|}2<_W1{axon?R8{W|GX?lS=fVT8@Q1YVE7DPE)E;4JqTFQ00jaJIwGP}7fBmzV zSIo0r$#2c2@?7(NM#c8VOvNp}6fYn;@MG@RHSn2wE%Q<9NjhgY{|vHkbO&IGwH?SN(ex_}do0D)0b&PK=C2<_2;_)BcO^%+G)_zF(tb^ZP>vZ}Q zLErPM*mrq9(~nAh)VR9f22ffRL{zDms8YNDi}J1Mr)BWj{Ws=Q0bg^e`MrK0Zxn@f z;AcO;_!Ba}pNsO15&|)vxx|;2aWvSy9KcpA#erS$ANU~iSMM!N`f-zgMF%iXq==O0 za=(Ui)E{EHTapLu1^IZ2#w$ExwG3SubhrM4>C||uuv($H@quK~KL|75x=qy$~c zZb<6}Y#2BA%fO#L0e%bk*Db!9kBVO1J6SbSOfpdUAN4+^^^GH0_Xvji!kG)tfWu`>`Vh`4?n4yPf) z902WJ`%O6SMQ-=)jBocaUp#R9H%y>XYhi8>5C79aau6*V%mjroX>#deKpQb04hmr* zmFmP|&W#b;OT=g?WZ63Yb{Ei(@6YyD?>BBl@wiHTO$A`oO@oxOYB&OE_*KQal=PtS zWbC)FKAdAcR2)+I#jMLCe4a&lNfUH~pUrevCGIT-anJnN6CQEgD_-CujSe=y6Wjuy z@`ISqh>S~--=)L(o;D~Y#@W#CP){*FeQ#SJRmA7M$6kl|{zF*)wB%PRo}%-*SV_Uo z-}}I6QZ0T=R^|EqD)?6WnD0$~OnJlMcBS7Nt4N~L27dbW81Ej+^b4Kl!L%DDb<3pY zLp!AQLs(Uwaz#`|5l0;(v2Zh>3=C|(N8g$4uBKFk#zK@A?4#Z*U&QsM@y=W--=bN= zfHf82_b+0d$KnrJblBPZkFN*H%J>@ve)?g|za;J5pVd{Ld3N6$@g1c{ zvD^ux4gOK>PR+$`SiCTcqB8K;EPh+!mE_sxhoJ%5v<59N0320-padOPN@#v7PylES zQegF_c-n@3xjffL<@GD#KlFYKK&u~R7#^~GO87tjCalAK74vC{epUwD*Q1^}h!Al?u#n*UEvNhlL#!8FpHg)II#gKQGF?N8vcx0{;!mKPT-nC;Fzg zbiYBfqKu5d`&9i)-CYY`%lb8Be{)gMUj#j1XSjlf5cQ-e0J@Kf7Z9BWKvWhL$b|%g z*9)Laq=1@)`upH-V;=H2w!=lSBglK)d5cxeO*qg{5a`fRP#$t-A!lpI`WFeOEAR(! zcI{3XGT$3Cij&)*uRosYH_cN+uj108#3fr!aX$MyI5+nMrkfHvKTgZn6Zw2X5%||E zeo59ZCZqgn2yq9`$T!T6AnL9`+JsTCl}q(#f`9evSf7*37q>w-_9Uj;lXgO=v+YC+ z_o)pX4o#kx{ax%sK85L2o;E4%3*Q68Ue1b=-AbTavUHRDILJfD;oMk8el!96^w+bT zRf!*}KhiIZ*)B+~gZ?ZK0*C<8Rn2ajEr1M)ce{{Nc`C~}?S7FN|8F3!TRuxtze#Tw z`hp=KvJ3g|DDX>VmYb9Mc|Xd~(&)Gk7N~;*;QOGT1^wlxF}*t1wBqGux))SrrUev~ zx!8j^sGvpwq2EYZNESc=K(Et#sv7jm|6X@jVTAR&Ch^ecL%c6^EzGA=3kZ=sTJrg{ zY6wDzE)77)r1o4Qx!=Tcn}E#~#08kr#f8j}+^g|``qe)8%vwH&=grH`Vf}oB{9y3S zXxC@4d=(#jUPtl4`8nxZ1%A`w4~QSYmbM?7a~R&V=IbdQGL_?cFMv zq4>ek0b0Gx+(AJ4T$n%@9y|cvGx%$Q|K7JT|MDGpK$ptD*w6Zs{R)vp`IY&YkAkD0 zok$f!r@{u}l;Y8_oM_`C+!0x)$WG@AK_u14R|=)rFrLZAE}p#OXy*W)bxuns=A zEFWb@-=8wHwotL&W9?DK|I478zh>o2zgkp&*VcImq8ZAp6T;~{0B^VVeE$6{_|Db$ zTfXAY;kaogpK8`{%lf z0rWrLzHt=s)e2O3DQu~_v90B#Go4q2d9GJf!S{|S=3AG3Iw$_556EzQrEzl>bmf;YoyyyWW!OZ=9d@2JB=@iyKj!y7 zcfn`b@);5ND!!~re4#Z77i(zgz}>U;%zD7!+YpCe%6cigdcDZ5PCnVS3jE%eS^SRU zSNQ$COll?y&DCH?GVu?5%dfI_?Z|gJ+?_wbw{n1Q_K&ch^YhGisw3Z{^bPrvKaPR# z;;%5@inS-ky#d#rdSAGT@>$^TSo|@G!+XK}#l&GeqIhExN{pQvq!Tt8M)NAr{H|_# z75mk{#(LqXJYU5-_ryOb&jx5?8m(#wWDYucko>j`ewSa%{02qu#b`d*Mg!xSQ{4RK ziib;7fAGmJFrN|8YfQtPJPJLC$9|Lz;xG5d zSQobVZNV?N_R7%F-+~ox%c-5qpj)$alpmT)wX+ZKPsqHDjPiOql&L-t() ze(v>L4>ccF@pn-oCbE9wYeTjF75ETfZhsO%ayLQO^G2@M z4n3qR$S;xnaDc+B8uoGbK%;tQ-+{c=(hn0YT`J$kAng5w%&pPPG-o*Mg zI_*ECcJFXvshg9Y%b;6XX1Ynh=F)yPDt<$L*aH5=KVbZ}n)ih9#Jo?c6T1|>Q58Jc z2p^DK^2^d1=6P?k{L}Ol7vf0BpH@Ls1WJvj6>Q?s4EPMcgZW$%KC0b`hi~=_swqHf z5b@rFX1#6~{4Twd`Kj;m#d@tNJ>VB7kE5kOft+`<9QA#UY4KMI7yxa!f){!K6|(ni zHfrBl@ay_N%iWeulx17=Dz1P%gp(F z_VfGr{HF6bu6;5zUCfUB4m&TuE-pYuA^H%AnM4!O;8I)V+d4Wxz z^`aU7x89#qB=Jf_ulwI>uHOzzKBB%qsgbyy61O10<7vjV>??kAFNylM4B*yUYCikNn#B zjeWda{3hP!@iMOme$%f-{4(ByU!?7+d<}?S@dxnx|KjuRMK8;9ff2OdZ_ZDD=sx)C zpW9c*r$yp8KS3Oof8)=xo@L*|+!BLY7yY8opuT3!=aG=>-6Zw(1(q4Ab|@>hhhY4W z?EI#g?dH8A{rn33Oj%>Q9siYfhwbgEd~{2@UEibKOf%22k0$HaVPuO8Zn5Hlc|Re3 zZIke;HfrTRmg@ucemK3p)N#moRj!Yzcbod)b&|(&ouv9zB>D;JTTOkL*{!@^+*jp^ zu2KBTen7uQ!;i;j8ISSYA#`*Y-+;t%tU{drFzu^X70Qg05U!UJ0y1BzA2Ico>q!}* zN1wH176$?C<%z$03hkAd{%$>9bzkFVdn%tbqW4f=Z|cqcO*T!Pf0fTx(f3jxX+Bju zL*nQ93H@p|+X)^A^OxB%j^q{c{!r>Ic`)ab`pS7GT*c27eZkL&pKrzw?w^u17l&@tk+~;b^KtwZ?nbh ze=wgRZ;4jd^O$7Dc}=xnE&iSVp})#^yZEO}L;D%#`Y_vx#)*PpAZLqxq05P z?ZfJUu~g~X&?NP%qgFOP323R1qZ%Yx>(Wl%>$2Xaqn#A9UzX$2Y931U-3$7#CdnO> z{&%oi0?J>3{J%xwb}{aM^?K4c{u0kW1O0S{?PtB&pD^#&&l-^DBJ03E-}JXU$1*+( z8@#@i!yz_Y?5eEc-^TEa>w-FoSDT1kdYM|t8uA^xp1 z(Qd08I^!?od53Y!Gp_q?yj>+okgMa9`-V6tBaVEe2!A2(-<1pmf>DeIB^FGPb6OD9 z{BD$Zh3g@n+V_mVHJtC&yz3Ty5%mq`@vzLhkbS${dT{eBU{M*zC3U5|Z(x1&qmA8= z^P?qho#{=x>TiMgP0-JBTnhDhAl&g(7Qj>mP{BwW~mn^)??P2^8Uq*;QwDe-fA3m60dG!#2Xhj z{w&ua;qp}=qE7M4-UNP@ePK=GupW2I0NI=r34`)HX;Z|TLbY0lJ~N-{g?d5Wx2jhI zgG9Yrmjx0hz&O#KpVWMA6#tqu^y9y4A1#r%BN8`jGsGP<&jUS{@%bz-?I)?Pg%YD4 z?N|tnT1aB6ap%3I-q(xx1H#6i^>qp36>V=YqC7tef|>{Q;-9l6{4M7-m$`1b^_2u( z91tJ1Zo0)UW2;}}E4bd&R|a6+KtCq>gsq{kHaaQ)vFtDEalezpR`Ju{mg_p|Ezci< z{gP?mGUTFF`U27CM4_(}y(dNE#gypBsdt&@FTc4ijNeoe=2EB*p2UCgZY0^FgE|Rqtc#K%d0ybe zd@ECx>d!jg#$$+qts6c8-Jneu+_5k z)YVsT9jg5&`CVDZ+n~SA=J~Y8%txGc^{eF~Hs+?r0NIMDd$@>g5(9Uno z8+BZ=MIVSlUoQGS>N7A3HU40~CVdW8S=!!Qekw%82|fn-rf=UQtQb0vwr_X zo_W8k`d=>kHtN&Ob><6w9;D`$R0X?}AByTt1{SmGN4LbS-WmO{F;rwJGYBx1ci$q_ag?$F;4+e=b!I}{@qV(8bF$r=rsR9Dn^CM15!ZisK0 zkHLLK=3{VO8RP#z&YRRnvObDLKea33N20G6{RH)v{;Y9*bc%j73jK)aha%Lgd6fF0 ztZ(Y;*YrLs`|nT0w(DpTTR;x;r zI=&OqFV`IOt1j$uXx9l>=Xu$P^ntJ*6uB5cwF-;Z|3>6~^kBqoGisH=`uT-&y>m-k z30ufDD+><)lzSp^X_7ddj8nYE=gH1>%qgb2DgDtiPGLs~%F(eJ<+NmGQ z`@iO59JS^+g3o)^tB=7K#>KAohq7Z$t=(`!;8Ae}d(>I8|Jqmr7=v%1I2ot}^7JpRqKI&7$=<{s)v{AVik3yd> z`eN$S!^D>*9+ID0(dR`GzfJU+QRoLnpBzPh68|OlPMn|4F#We5uN={jMxn11{UG&` z%+F@g4@42aPxQS}=qE+r8AX3GKayNt@`s)E9*5zvc8|^nXzFdVh#yy(f;D@gvdah`yZtNej~-%i%Sy4Jt)n zKz*yJFD&9E{h#8S5^k7&Knu8)m5%u2r3WbqR&4LjUb2 zVf5;?V?A(nobpBQI39T|4>P}v3sN|QJbUqqU)DVM{Z@X}I66e1O}%Aa2IsMTpBxr_ z8TEzX#^E-{q2i~E%RWH;Z_N)iZnx;msV_IG2C_|9=Ck@5CTsr_C*=HmBI4JD(^rS; zb41@veV5k9`PSH(>s`G~)SCYW(R)sT z-tyXKP#^D*r$BU2$G1!Lg(c7@go{5Blw z`u5Whza~t7;?*~@So&Y9;+H~ic?M;Uw>nhcCi>j@(3gjcUlghz6uoBw^uhUKdCft6 zmea+D<0_wt-^=|6^}+dIJ-+fd(t5mdM4!8m{STKP+j^-KeFOC!;q-npeu3DVMW0yC z_~!LQ*z4u#`7@^2=TxCT zvefY>uhA6R?l-3AuQUCK#Q1*6ox4!qZZLByZ_Xd&wYx=#V|i`f%$xc?EK42=ML$># zeG!|L>;9nLexK|W{S@_)E)TZzTZ8B)qtJJWzGxZZ4~L5%2p$&WzGPJN3Cp3MGGEj1246E! zH)Qcc@=RH(Fb|CTR_7{t?eaYMIn8-weJ!e9y~HGsoQ`UqZU_5qM^QGudlR2+L?q8Lm1;1|E9~}Uly)CxsI^zdmhpEQXk2B z_ltg#`lfL4W%lX#YCHkamt2nicz%66g>qzmF`ks4<+YCn_!ow2&vw7)7JWPQW#RPp z@r!-X&)iJ=^%CO!dzz{tZo$wP%c9_3sAg z8^ev?c3v44eF^o&;q;aVl`4M9w0K87^=6D{1<(~ zjggPnFZw#_ec|GJLyvbr^h4A~k{?H0yd&q&=#N*&|CRB&MBhMtB>PvH=)0+((DAML z842ybPxRhq^k+1jelS$uqxydn^uyuwfl&Rp=trp!z6U;T!aTsXqqt%>we)8z3YDTzaUI}%l2i&_lv%O`bfqb5Pc{0 zk&M?dL-x}L(4R>3F3}fIAIW&jMBhk#VVLp8*{&yiqHm{uIGofx6Yuani1>;6`Xg@G+%M$5)_QykMPKUa-JoUX?arw=cPyONgAFl%hRQxB< z|LidRw{+jgk0VLeC-tr{`Z66}Y$`vlDD`C)eNLG8mh>C(eWGt-e@aY!@V$`6Ye|;p zc0Ho+p+1u1J1+XfCnG<;&RMeGMWHVgy^s1xj+a;TnNOiVzcnA!@$69Xsn0NgXAP1S-E#@vD0p?Tnl2+TzzA*3X$7@5ufq{3gQs1;Y9ji{E%J{4C$yX};Gp zzFKYw@CHKb{f$rjJbmzMH18*Z{fw^@H{S57arKD4|0U?N!scTtZ2u<3ujgg>O@6v#V>CK{07W%`ONn;$2Z8xgw?|*WJIkuzxWLgz%LDl zGvsaJ`;XD zwTa)@zu_1DJY>FrrPqZqe(`Jj27ZO+b!gADk}&H+z47dpSuM%(D<^VYDjIWry!E#F zR0GDZ)?3a-@ecna;x?FZL-Kmd^p+WTeJLrvMpmuP<4{gz@hV=kG|B{U#p%@)o&Y^H&$! zA?>UA>K6Z=>F{qiUsvh))%?a+%j+y62~Dr@+`}jF($_`2vh{-f3CXM4#%@`sB{3-cuNbM7Y5+{2L#2I23Sx4q|WUuY@-;L!sP~UFqgU?Cgn)FQ$_Prd@m!u

LwS`wba|8^W-0y}0oj!E(AD**9IzFwco zZ&3VNX2Y-1oR@{6kJ$%i$gUYoi^@aFrgGi7EBu0=QIb~#-TFgH>L=9PxB*dmx9A6V zgFblu6JIdRoCxaMc900A_lUlGcj!}ujX%rvhvoEYe74aq`WEV2x&O#K_Dw7QmHlga z{<_nTSa14~>rbDXGQD7f=|^oCUo=Y{^YYLYr*@GUN6wf#qhQ8S(h+0)@&)FBT=eg^ z=7HLO+@kNM-tziPa2_PZd*t|F{CTr1i$Z*rzgPUT4n%w5?`L`}=Mn4K82#-L{}ea; zBRO8Aj+#It1~9?`w&xTcf^1 z^sYmp4_>FowVV24oo(c2SoDFzBF|6C=5k&?9QsJ|;}(6(5zznEd^YC4=W57I8qY&M(RWhc zX6l3S)vu&*TQ$~ekLa_GME;w!-g+Lg%!eYekBi<%eT|-<@>%p>o`*)PCmi*OIynWD zg*^`yNZkB%xvrm!e&m~R{lC1QQ|BV7);p2BRv?dnEftuz%@VJ*0P!q&4qji%G78@J zDtn*k{nTgbJXq$Hq#>v;7yG2>o2kz;&tD*v<#pag<#Cv5wEHh3(jiT=nef6=3 z-)UZl2IM?nRoRKU7;1~>zhJr;s@k39*C2}Uv4wWcr8*jDr3BbTgm)7 z0sZMUYUMxH?_f}0CGEvijsh`xMW1mZ^y;Nu<4?XrDWw1ELORL#E()V7#1*}z#PirP(N9LG&z5*T z(Wjk^{s+%z*8Zscg+A6W#@(mdp z)JHPzV$t_Rs8{1|5dARqDSF;@#`wVID+G@G{>zzH-d3vevXSi_f+Ve zI!~5%e)0Tg8`)o}x9pd}eaQHE16#k;c#6fZ@-(z#x!(U(KXpCt6Th}n_yz9=<3@h@ z#zpnUEVXm$n@aT|DUPQ`%0Y?aT7Wq1=6&7xw6M>Ej1P@Z3wa!r6yGcxjp+4;p&kdQ zPg#u1%eyj}LM&)lt-r!;;~nMYXg8Ae=M{Y(^)7wf<7zB#m<-N$W1e>?eFfqN-;Wtr zxkml4=yOhozBL%X(9|2>%7z1|`k%6$oX5_9KDhpV?fPHzO_k8M=>1FX_RR}2^NK*l z_lVw64ZS~t{`f`jSqyz}{)OZxxGu2&iN13Q^p(N**8GI(9U1amWhwLtdY;HxA~;dw z%{OAJ{<}oqa~AZGYL2xg_d=! ze#|d)9jkegxU-D&9`q~U^b47n@tFzcv=krJKezaG-w(e?_Ir=$TOWWvlJ)EteZzy1 z=PMxkO6n`6f5u;pxqr*i4cYG;BnZ-%!uZ)$@7%;)MPnzG{D1{Kx1&Wxg&NvcDP6 z-Hi{Z=}q8`m1>Vy{?1+G`sE*Jzsx)@{K7xpEiY-9?nY0I@r!@o6Y#gZZ}J!Z#!q0H z{>CXr`TNDc^`G=#!#=C}A3ycW_SO6x7Ju(c@Q-A@rR*B-D5E~d7=`@D@_MU%{djE;aPoe1h*`G-CUeR|(q3;lVOBDKH(brQS$#_$Cm;Eq`_-@fRM4|VH z-V=r1FZ$vr^a0VksgGp5jy>eMiuy?Ak4yAAekA%b(Pu;v-zWOSDD*v|AA1q&F_Q6) zM;YI_rx`zz@fM0c!2U#{_lmwV3Vny@o1+--uqA%BUhkIut=zWWQ?liG8skTzcZua8m+V(j=v|`kh(cc``lcxKKGD}wAIW%o zMBfrc{BhBHqtH9|mh0~*^o63&k3#PieHQhRjJHGdg;B&G7JYUU`jma-`Fj+4x9F!{ zi2QoMBl=zE;cfubeD;XGjQU!AKPc~C2LAi0g8W6p{-ssYL%i~(>_ui=cE64tF-_PrfI{iGPF66f_fK7K{w#X+4ZB8b`RW~CNQBBm zoA@QZf_B`>NBvpmi9DkV&MVcALD8pCKWd2OKecAwlH|d!(T=?S-e~bvQq^8suAHao zAKaHM?b*M_B46|))YqvX>d&gLHXBj#YenyR72~N7&Vx>~gSL6lCi?mS^yx@> zgpmNe?m8%X5B0w_57co4MiMxhUgzAOs8<3PEdk3#Pfy)z1Zndlu+=zXFe=5dH5pFN`Qi9$avdVdsp=RuPH zDD;J*FN;F&6}>wOeTV3sQRs(7?}$R5;+Fh#T}G0Bx9EGK(0fGhk3#Pky*CPdK=fr% z=pAz;|54~&qIX82FB82Z3cXMC!`w$B$$yXN^*$Ymeq8kaDB?R0mi$MdFBE-Q6nd}d z-BIW}MDL73KP-Aj6#A4yB>y}=N0Lvs=zF5jdqnS#Lhl#7Hwt|~^kq@#9eI-fDD*DT zJEPE-iQW-~-Y5D=KL3m)|2?7~j6y#y`mQMS&O_ySOBDJ-(bq zi#{z1eac~ye_jtql7F}82P4$$%eGh<%Rnpxu?)mA5X(R;1F;OmG7!r^ECaC-@e zKr92X48$@J%Rnpxu?)mA5X(R;1F;OmG7!r^ECaC-@eKr92X48$@J%Rnpxu?)mA z5X(R;1F;OmG7!r^ECaC-@eKr92X48$@J%Rnpxu?)mA5X(R;1F;OmG7!r^ECaC& z#4-@eKr92X48$@J%Rnpxu?)mA5X(R;1F;OmG7!svJp+wbZen~5Xfw-JmK`j+S@y9U zU^&ckjO8TDgsTuQg=IR+OqSU!-7E`O7PBm8>0w#NvVmn2OFzqYmR&4+Sq4}Ru^eSN z!P3!)ekQX_W0}Fy#WI&=KFcDOWh|>%*0QW;>0{Z#vW;aY%N~~fEC*SRupDPO#WL|~ z^f#5IlVujm9F}=33t5)1tYlfk(#x`uWi!iGmK`j+S@y9UU^&ckjO8TDgll;GS*Ekh zWSPy<&9Z=HG0Sq69+q`18(226^s{Vd*~PM#Wq{=n%TbmSEFIVK__Iu7nZeSe}3=te{JVyZO{KlU)wbJGdpUhwLeb?e2eD_$={>=-5;+lrWxb) zvTSEL$Wote3RBZV@}lc4<$w1h6-(%_{|ssGe{265PD6eJ^I6*FkLxJpb#2e1gmch- z+Ic9;E}5H`GHo{O#VptM@&3KX-{wW! zN64?V{I~w;=Y+ra{H*Q%cif8k+I<_!@!L^m-hpy$U&jqrr5fwfUyZV5G0NUw)69Qn@?*yA8UKQtnK(uez$g? zL;c?S-+a_8V?P>Vsqbs_>!kTk?5p?lPp=PM<}TyD{0Ee&=b@}*sdWvEqxpY(`N%uC z|J#}!9UDzH^7JO_w`YCUSE&EVruTh|`YneLXB+BMr%-(f|Y8@H|zznJw-)^{bM z{#@2?$@-3D)c=|F+p)ea1@$knUjG(t!RDwRW&IY^*KdXTgm=+T9Y2tP`fXXiIrSr% zs6T-9IzMTD8$Jfc5IP zgwNg)oe|Dt4*^l}>*6ZV#a}VklvVK?U8}CE?^{m(V8GI1+53_zZ>W4Z||Di2@ zW+&=5_yGNJQD6KR>JMhU9&h^-sIOvu2KAFqqyAQ|$IVz@whi{NL~>0UbXi;%tPU2B zbDgZu8t1m~Uxz%l5Bys>UxSYP$IYCN+P{zfGiWb40sg6+Uv~ewoImT)P`n-5*FOP1 zRSEy8MJVn5ZS>!Sh6eg4kZUi5Uoz*D-Ty?+myKx{wfVblgMTgOi`{<}{q_9G&p`k6 z_){K%fBU21`#+7xRp)Pz{`x*J?^*bbJRjb_Us-=hw~TnbfzElgJN|*Cjte*6qD)(+}GCBO8B7*6mG_b^IA4 z7?0i`?c?8>cHKX_{jap^{rD%c-nTdY81c1zSF*NWPuBfwA?x{kJGq7VNH}_Z<9xWb zuWw`VnQ&Y2f93f|;6hxFRyUy3?*mL}0{`BR|JuI)Sljto+x=hL@niY1Z5+h^EBnXV zoUv8_{$Nw7E>(>W${r#-huZQaT=WX?RUW~9_zaFaV7*S~cA99zAfNAp?l{r0x{I@a%CtG~-uujl)Vte;K2uK$|#nYQ{Z#?en*uh&5y>vyDH*DqoH zPPY1+Z1sBG^s;_u>UI4%>$7b2TmBpU*~L~r*H*9B*}1IWm3m#@#`@iC^@Fy0y)F~K zM!PQRb^X4q-`!Tf$X2h{>#eNcgL+*bVEvx9`h;)LZnmv{Ut7Ii_e)s67xlWnmGyhu z>ff=|>(`AooItz#P_OHcWPOgU{t{cg-aooozc2N={yWz1XRF`+TeQ2st$wksUhhNq zu|Ai2UH=K|53to|e24hDUhhu}Sbre(y8aHwZ zf3U6oQ(L{>|8|;0{6nbM^-EZvXRH64tzPe!ldM0KdR>3u4~T!5t^QJ5z20B@S${b7 zx<2(s#L2hSpK7aj(tZ!?k09&%an>JctKWYW;?K3!Uv8_{`}gatFQ8u6JEsumC|ms! zTfN@byIFrU^}2r6Pl$7jt^O2Sz25I1V0|I=x_*lF$J*+T{u%L)v(?{WtJmj^3DzG^ zy{^w+jW|WN`de-F`aJVB>*rCg>+>CH#{J?6w))#`_4>T@9qUh|Ue_Nz4RMNX_4l&= zBwPKoIOuh~K9BVrj`uZm9zHF7ldq>Wb$k~;Z_b>S))@}R@H9t{+u=w|y&$1MZ?}x< za4cp#ef@ThjZ-CnBhKMS*#Ek0iKlO{MkuYN2 zPkkPBBhv{tIn-YHlwrJU~z zSuWuHmu^|VpZ~Ysf2#HR{iU(@ePN%~8_xgV-uJaR-+zgI*2n8Cvd&i>S?B9&vTpxI zn}55_{}G%0Wt;y>vd+gxHvccldj5Pz*7=w@9r@AY-I%QVy8~Ir-;=EU53~6nN7nae zi^%%^<#MvVPQ9P3^VdVx^WinJZtr88{d*hFoPqJ^*q8#k#&0y*!&+S>+!Cz=|3Xt>zPTLe!X=<*SnLfuh;X)di+H;{pnwJ7b*7N@}vW~yn=AWDxIzQ9My1zS;_5QUFS?BjC zvTpALvhGhMSwH8gBkSXPqm4Vry1&nob$?cpb$>?4dVl`K=0 za>=^AqsV&xm5}xEuO{pDcqv)0$2-Wn{lAm-bAs1w`Y*}4e>0NMe;sdIvhLrWWS#Fr zZT1t$I^Ghp&hI5Q{~O5q_&z|^;4@? z*5`v0$U5Ik$vXb|WPN-JaK{AaF<@#}b-lC^$2vL4@FWIcZlv+0i`>*KqCtn+&oS&!#3oBl?!ZvRfQJ{}K| z^?uex*7^D;S@&;%tgnaOvH6dX^?vs=S?6;M0>)W{j>|i4PK2?KKiK<^X^F1Uc=4U<$viIK8=sheERM!9hr6_5 z$vIWamM(D|yMfQGJ~UXmyyol$r3DoabHYW~7Sr3)(;m7a0-{AJ~;dbzlk z)>NNUx?t(jn&mai=6j^p>+71<6PMyJjHTsO=hRf~>Da*MSe_{2($lMI%TKSVGAdG7 zv0PWAvEu9{%Y!1PSr^o08gWm`rJngUm8A=pE~%McwWMmv z8Kv{f%a>IwUv4Np63dXDQBhM0d1b|XN%Wc=YE|QA_D`Q*Rc!?FPIH&eU$AspjX@1U z3#*sPA(FT?Rg2LrpVXedblD<9(kviGIoJmJ1*?`z4$n2PO>oKlB}$2zu(Y&d*|Md}4DWG+&o+jo+StRWoeZg6gh<{vajmGWVm5>pR+d*G zj89SZ(&ZHyM;~*@oTCppw7`hdtg4qTSyHhOPJZF?vpr~}O`xK-Vj(-)A$a=yg$v~< z&WE~7)tGJc7`UVc$EHt_95YA*n#hB~av*fZh6NW@Rl{>spn7>l1rFJ`(Befh4th>1 zUM%ZO9Sv{1z}ZVQHV7{DRNzSY2=r?f^i+9}D!+ndGUqT4+7$j_Syc_J9fHbeG|@$X zvd5r>=bXN5>0-m&Cl$*pmXrsVL4XxCIQoMI)_Bg~+!zKgtI!pry5ejq##M#PVot6} z!LyfCS1nn@fp`-z+p>-J8x#e5?$d{z5klq<) zM}y0*!BV-rqMAp*Qi+jOm6tBT#Ay~=>HKqKGoHVos=BJ?+|qL@mMxc!Qudt+q|<@F zX{C16rYO@lMZ-Q;Yt{QRb2caulS1>_&d#pEP8plUqjWck@mgFR&V8BBxg z$i?Ia@|ol&avj-EZYH;r?j6NY2+)(8RXl^F7jWe$>Zb}@)Y?#a$-I5`v^Ie{2bXyev_O<9wq0H zey*f@Pp*k6!44MzY6?`w#x_Cl>fFeZq@D60>mEeQPc{_ni$(dJ!&nH)Aft$&m zYr&o5(OtnS$O%617i8}q;3W9~tm={6VN92;jzz+EUuhD)!cuR8f9pIhG`DFQ7DnmbVC+ugEv+o99M)utYzLT8y0QgCA zZUK0V+<6purmSPtpSokfY2;S&UgTqMF8Ocd%gBA? zKat-g`^le^A0&TEevG{CYuG=ZCvQU@An#57K(TbZ?IHAk3;6)C;vw=rBWlwU(3|M~#@-yx5E3?5Z1YsgFe543lE z1p7=mkEr-w#@|G-jBkMUOtNDI^lozUYv6fgC;2S$*oUyUkn0A(UF1sgYl@})liB|J zv}dh^{yW;wqCH-|KtT1c`)$~_Q7rktgZbK(yh0xj@&GxXobn{*!#wgHHL6#f}<9#`Y}H|@KVGoM0#4KqJOuMk0C!mK8f5#UPOMD+(v$l+(~|) z{1JJKoc|o!`+<`s{H`%o0BKkMf@DHbA9j;4<+bIh*{5 zVwqo$aennGmi{)dzoXQ*P@f=QNMy`EdGIA^bfl95+k@q69}K%|NANsyS|+$g^G;wN zxt-ij?%5gk=g0$lf$sktz76_6wg~oZ$jOVr z2aq$)0v}8ElNTtS-%jGo{L0w`$2(oIjMv5Qd&yHg zP3|u<f0_2wY}h{}w^KhO1ML;%!oIy?@h_qO z9^?h&gUFTS0`d~_N#q*x>E!ds%gJ7{mwXxdYH}m_X7csqd&$k@PV#N!r^&74SIGC1 z-ywI9N6G&ne@pHr$8C>%JWXDo{2V!5ae|ybxqfyeJNj_G*;}z3&&C6h-xFycq`jQ> zF4`|8rym6Uz2w0;;OEH+2ZO&MkCC_D0qqSQ0{aQ%|6|3|9gdec{;z2tD}a5q_CE@oBhQi4_@~H6kPDB2{S0yk`6_Z^A?)`lmi9*3 z-aiye{~u(3|4AMt2gq?RVtntC3(21=mj2W+{<@jqhSRW~cO(bqgY(Ig$D%)FZ7Dz*my9PXXUTE+Kc3lTU>`KrTNG{55&96r8#v`qwxgyf?XP0r&{TvVRnE|5&J4 z@|84z{rD{Edly1~5$&7OevP)5!`?!>llJ>)uQ>zu7s*qV;P=T1=OABSlY6RQ-(V;7 zziy^T8U6FK zy`9ME7s7rZd9()c=WC|@TypvOus4&FF9bhI?ypC@mE^)Jz+Y(pbD^IikN*L@X%_ld z(+ItboOvzyFtWo7eFZtg2m9sZ0kWT5NqrBw_B!YX$XR~|e@@Q181ZNBg8npI2F@ZU zUkW~)TuWX^9+VeyW!X6{BlkBz-$5?A8TRMNt}9^wm>i&eHQ9R=>}k8AKSkGq_a)a} z2QDTj{|S5{xrTfLxry9PZnz8mc~P;fr`@<725C=dh5bje<1_H4yP-cRO=vHZTrV$N ztMMP8SmGVScyno=puI{n{VyW7-hg;5t74&DHh`zL-3k z2)>7$DQ{Fz{rxAo@lx=|nlA@C_CovZTY)zwS6>0nCfEM~e7s`0K1h5E=l}WS!^umj zZ@3ToM#VC}{BPiVc{90<+(v!&gU~-q`vbJUPJ7)Au#eIHAniZWp7}8BX?tTld4B`% zMeZP%l2bZif0bNcnPBAWJ96Tk;7#{IylnC=ie)?xvHksNuf7ZVE679SesXOq?4Qy9 zJ^D|Q?_J6JyBxIVz6bgYvY)&^IqhE9Pa|iwgR9Aj4}z~Icahu3>3@O!IdbPJF`wy*Wg%qTgYo5%d#OK`-1Y|i%jo|i{g=?5yb|_5(*7## zSJ9p!Z!A*l%}=hUzK7gFeuq3v{+e7ZZ)8#ao9~bQ=DY>ok394?cp=&I4)_xC;Je^f za?yL>SI8qDgFhzcd;(6$MSG*<-N}>kMjF+hlgOF>0-r~oBKyg;pTYhZd64`zxn&IY z_yeT9WQQY@&-=DkEDgE7fc+41|Cit@@*w#-vhy3ZM|P86Cs&fk$R!id&pZ(A4Sx%E zl3Q1S_a*m{=aF-!U_Xo8M!uSy_7m*)k~_GcKTqzy4fA7^JbpVk@gVdk^A7NAa?YLL zBgk3zfR82TlNXS4+h9MNoPIy}B69D2U>~__`{~B< zxA0#?PWTag4Y`qgFS&9R?6dL^uP+|)wpT32=WFI;PuhFpU_XI8N&Q*W|499X&deY#dtFkFrF>RIlSH~ zA*W4;-J@8p-@3NI_1gusyLZI;xkmHO;M>SOHpA3}B?1TH0ykP0a=0NzOhBy!nx^Co|r) z!w-QMl1Cl^w~$-9z^{;t9tBT38u1FK-;CV;SJ-bS*F6k=iagQ@exID4 zg84p0&e#zA;xX(md8DdOKv9wt9SPA-Ez ze;)L;%`=SguO{c;1a_VPd-*NkH_1)(|55RDheQAF{W>Q?->?kvXOjnO*dDoqd?Go! z1@Rlnt>-|0v*tg7A19BDBOmXQi+{%T*P>#ypSc=*5xMm(=$pxdZ-f6v9_a(GAeY^Z z_TDGA@c!Xva>2c@Z*&sctGgBb-{k?Y&; zeu`ZE8F(eRmpo1${}T2Y6==WYJ8*_#*&he^ykHO7^Cn?Gn(QN&kh{s(krRG|{&sRN z`3Z8@hZx`c9SZsfvLu$!E>G58I#cQde~3jX8d9m)Ayz+OOZBA-njONYIgT(c$kF~!s6{mz^p zeYCgIKI2TZSGYCwHRKNR0NLw=J$VuIIop8uBKx)l-%U>44*WT}kUYB@{ypRha`|lN z&nGvM7cPdrBopVm^T{pbCh{QpL2?@Jhn^+(?~M3wkQ=kW-;j%T1#i3r?PcbG_aS#5 z3@#>@=Yh{Aw;u-nJ2~ZWaMDu5>pK#BF1cwg_$KnyQQ*hP?MH*(BWE82PV^vN8F_bd z_OY-ZPwpXKLiQgAdpo(8{3h9bJnTP^Tgf|~h4$KtU@su2%mdev)8vCr>U?-RxsLn{ zx#mRJKP8X-0UW;!@w10*Rw}sy}}rkJW+S zBIkI)-;zhJ1^Hfo~@#UJo83Hemova1>V zFnN;v8oBHi*e^I6@zPqrE#&N5!Hpw~WBvORgRTe?<;_2A**q+Ux!tyd^o|3-BT2=C8mflk4^U19|d! zjPH!|5zloL&TkiybFTy6O>Q_EJVb6h2E0)n{PX04lWKnNLry;qd=k0uc<}jT&phyB z<0_M6gX|$MuZO+u zP1vs>j}C&n$+_=5fp=_x-oG{Ya>--s=kJoxPZ^r;t0I1D{1s`4Buz&LtmpCHyma{r)Yvne4g>_R0*j|0=nid|D&y zUE9OnuUPWAn)!QMae}=5{SEHdN6Go*@5m>T6Rt))Pc!0ePWImnoDVF|Zy@}V0|3Q1%>#)B_PJaVDO3r^1JpCHY9c`G`T-_ac|Q4K5>( z41vAmgm=MzBiDWa{*c`KF*xyB#7~tE9!oQhZOMJ)Tyn-Yun&^!J_T3!;Gg|D_#1N3 zSK#ZegMDZmJm-40_ci$6*euanDv2A|XfefnzfP2>^sqvV3P zna22BH$a~f4?c%HN&YjrdmY%HA~(zg|3uD70&j66;2mzrVk zxDwob6F8?4{M5~0&(+{(ZUJ}x2|T3v2JjE$yqmx&Ezoz7w9D1 zHMfD6liP0xUrBEAgZ+wSz2#3}z5RvkC3jQbe+TrgThYJNyTB)r>+S?!K+d?E@yTiO zL3TAiC&`}sz?HWl-YEGpa>4_!-%f7t1^19Ac|H9exqK1!=S^=%ydm;Da#{`SH1{A)e|?@9K33O<(HJ_>Fn4~&7oCr^%pkGxmnO?Nozc|Is6KSVyA z{35wVu^gE6Z{hzaIr%&AJDOL6)7qe~CNCsU#3dQW_iOTS0=VNo==-LF%kBreXM$56 z0Cy&Xd&pTS;P=P{8-O=zhrVe;@QLIu@|onajbLve*QJ8*AvbRf?j`q+VE%loSn~G~ z&+qXMqP>Ah*taK-YzF`1$P-(EtH|CTq3}BMH{lN|7KrVRGzeAt39DFdj@<8w-py<58z62YAyHzatFDITzoF<&yoY=cgTt7 z!~QjSguG!F`jb%y`yS+c^5NuB@+sujKSF;wx#S}7ZDjYw;6AdS{I0fN0{e_d(SG%1 zU>DhQIrs!}!gb*D$!%AGo5|VNgS*KMH-bMPXEuYUKZf>(<%?s~{N9l~LCzzWx4?di z;sl4I`8!;XRB33(qBQ{bF-@I&NY@_{|Dw{*h(GP$}NT=F#R?q2ZYN2m2G` z%oo7#kn>&ypY~7aJ6{FYkp}|czmk2ggI^-2zXo>n!oQEa3Aud$_H6Pf`FOH-CG6GY zDe@KC{xEOHjz`hyawim$ub-?v6g8Ru!Ujln)!hUi;IC~cO(3ioZ$>dkSHS26H?^U29M;3jhQzTk(+4f}ytle6{*A2on@>AB!Vwnbqm}S?=7EnR2guixdk%&D6|FxEy!D&#Z#)8ALC!rA z+)mD#3!Xm+eJlBFa{AG*Z~7MOCC7nt$zJm7WIy?Ha@O(C&wLyH#oJ^4pF-{(DX1OLGj!A<0bV(`ag&q?4JL(rF(fiuYU^TCIb^DDrM$*E_6uOeqxf@i;r zcq8Oq@R z++T(MR(}Y6u6&W&G>5}6>m%U=dH?qhIDhU+&QHMetfLf*(6S;7013lc9e= zv8?x#2f>e$Pa{81|Gcx|{~kH#9Pn!L@cH2FN6>y=9oS87xElO1IjsSF#mCT((w_AR z*n1u9uaZ-505AI#_V#A*E##b=z&nh>-q8a7D>=gt&ixnc&3A#HBX^Nc`V98UR@ejN zp1Z-NpTnMW5AEbK^1LzFNAHDwjO@G*e90HEw>|*g^hi3N02AB0-r%1-wxbBZg+y)$z`*_uaavr z!9S9dcL#4i4efb%0Ut`P-xYi&Ij|SFfjqu9c*{8W7w!Y@A@}VE9wHC#51u6FHzMDD z`JNLs-fr^Y3E-LopkG05Ag>}f$`@6t{rvLj(6`aP;SBH??JeZu!=T?`9oT!00C$kH zjsm|B_DjiiuVcL4ned+=pO*x76+-VLmyw?) zkC7+HCC5X*@htc|PXr%89xDc)M(!v9Uq-Gw4ctm@kuUmG`FxgKwh;UUIjaJEPcqsY zA}^Hhky7~>J012P$Z2PQZxf?&d@I3+$oEVsE;|!EN=~Q--o(Z`NG>9`lJjnd{V8(w9pF#M6XZDg-Yu1{{<~n`i=5jEK7s6L17D!^_kn%n zvyDUCHI-!^sWg3Ub>+&|gCC>tKJ#qkjdj zBs;sn4V$7p*WbYVrh&b*SCZSwj?G|C?S{UYT>BK*wK?oV&w!`N_x7m#<~$2dC$~Kh z&LKNq1fNBoBwtSMc?tG5a`nsL=g5t(fYtW|srK4l1%FQN41iaYb6*1|%lD8e{U~`` za@y;#=a7fVN0ZwIU_Xc4^al7Ua>twC+sT!K;77<4-7bkR2mv|77yS$KbB5;h*^lcm+B2Q}AbG$0#`734Q$w>l*z}C;R%qdyxzK z!M<&v_q+(ck6iK+_!-4X4u^9#KF<}Pz4LR}zaZz2fs?jHydm;z@)-M1<vB2g{l0p>ZqMiI^?Lv5&sx**JkS1XnZx-Oa=uxN|IYZf zc*G|<{sNqa$C|_IrQt`-e-h*CFn%`P9AApJ#MjZM526)_#)snhcoKe}zIueN z->;0H&Ui|;&i8D*t~nfUdy4kolkqDUFJZhbRpV0`Z)N-<##_@gemCQ9GyX7s7e9kP z#;?(L?V`u0m+`L||DN%@-8G)FxsJCgL+fSXii4mjeo$kc)3y9 z|2n*eIh=TBw&pK1hxt30e?0roWdBL{DSQfjZ;tw#=oiwru>Wi9|8G2qJMfCVdOTh? zhvUiER`V@pd;`Wu4@s?dRo*sVhrXAm0yd!RD)O?5I+C8*?mD%23ax~v1j1Q$~|GRLzl)TuP{E!9FBj^SoPx={}1Cw;&1TD>|b-U zj`vdBGC_R{o^+`Eq&Zx_(Okb*8BZ_M_{TU8uf4U7C*xMle<shI8?T+v|Ap=4=05%;9(@f2Qm4H^z(pqw!<#^w;GJ zaQEe!{~`Kn`X?E0sMq*sj9<$5VtfN0v4f7M{Ce%bsW}|aZH$k`Wq42apB4V02YddV z$oK<{S213{rN%$SojLNhJ8Hest>mN3VZDdxPi1`c?K+-I%;EaCa{aGoytPaH3pl+; z{u5U>t6wKi>owwhb679^b6xNK7|*{~`=7!1=8Rv!c>VnvzY}*qBtOUg+p~WsJ_>)x z{ylBlfBBtsJUO%E&CKC=j%WYv8BYuU5QkmgG3Idoot*zscp;ule+B({^eM~h^YvTU zKjmn>e?P`}=5`wY7SDJ>>m~23br#T@P5(2`$eWXT$t=tb^J%--j_80Ik>e*<2T^U zF>)Jj!>{3@VvT=^>&MDtch!28B?iwG! zTjKeh+J8SEXT2kF$(tH~v_O4QsgCF5J>@dINuk_@8}^p#Cusj)_mKzjX+?7NK^kB1 zH@Wm+xnzu-JW+nESkCUz@vJ#kZfAVz0rK=CwEvqWa?b+ozx8;z^&`3VKsmQU`+rgz z9G(v&!!ORa=l_5?+{rje#g$AI7oce+{>-CVycL=XVXCKmW{lZkoo|K1A!a zt|gDeP3y^f;tqTyUWiY@1siDpbMTCfz7uh;~VskXLug{1-R~B&G#Tq zen9TP#dyTwns4YqjaT808FDkO_?P@Vp0|yTX92DsEf3;myulHgzivm3?}VFhDQ?53 z;<@;8+>P(T9lL10r*QsE9p5`RyG{NA*F7vJAF1PM!W-ebe`|baT=j^2Ag-JxSK^6} z%9r{$z8z1)Pv8dpA9HwoU*qfdg^W+!OXo9jl8&z*zl`(t*7%2b+GARO{88G!b{~zO zguC{W&%zadldr=I$Hq<>-fgu`R(#aIPERD7WZ)dnsNFE8h_6m&Szte_jAUZ&(nHqmuvl5=gWKH$I-X>{Ufv4N_*vuo;*Q1gb-3(Dxeph! z|4tQ}uX#}8m*IK%ZQSsS#&b{5{_}A)F8x*GFXAq|_KDhm@^2bH8861Oamw!+U-2aN z$7Oih9~%D`F5&CXm(Ah(Gi`joE)m5(?>?p{Ma^-Otwn%sSsT)LM0E3UxJXKQ>2&%w##^?Z027p<#)xpTt) z;qg9~&mY&o^>`!PjJL)Q;9bq({8E|k1l$(>;YYiE=i@HCbG7#GT3_QooGaIEARm6d z+`pkbZyNJ&B=3BoT!EV|lKb#)HS*+*wg26h$V2!AoVJO^r_^e^4X=B-+>7(^ARdQP zv(z7F4(~rXTkHD^7n#HJb>5bGeq4=T#<$XE(a&dmfbsVk?__+4@sV3;zE!T!{G~Vp zAB49shYR1gs~-e`?qfal?x@T~1MJ`*?ZAkV|o zca#_5oIJVuDz0z%hfMAHz0p79zMbXg@WS2XH*iCt{G~a(-k#z0GsyVpy*0ia!@p1BLxb;xE0oRnvO?c9-ayxE3PJSQv<33zbq46JaR=&L4)jGa~C&+8! zp%dkiIHOV?jmuA#_rz8B1Y9~*)BLgNSG%&X+7cp&`4x7Oc)Yj2m^aQa>HYq;ee`CHsLQ(p5r ztyeNzJ{}i7MUPXSmA}M|bLIT&)fc=VUx{<)$zS0Py!Q>-zwH%`H{j}568Ga1Zq@k0chp~slirn^aa*_i6fXEcKJGU4%{cQ8xvfXz zi<;%ePvp|Olk0FEZoy4o zXuJa_e=UEBEAXZdYQF9PjURwZzmqRC+sEVW_3^l#@x?Q`Xe$4^NpY zPo2T}oGpK34$r6JZS?&6n(?Z0G``|P+Q0Je@+NpvwOnAf_Xqm1xDl7(4tyd`+g9sU z;kEE3=J3K#Jx}xBft&FhoOiy)-=oi@|D5rL3pD-%&a9EQ_?PBiSSuHp!^f|e`S>-K z@pQ(I#*;78{#W3+b#gNF%>*aAc`&xM_ZoW>w3Kv~3x8SDf^5eMb zpYjWMuu=Zd9M0z*&ZnR8o|`rP8!l^-H*C}XAF%(H=5YNR7$1krZqxo#amMZPwYVP7 z#Pjj1crpG0=iQ-xrH8d%BikZom)Yt_L*!5>B5Xe~9fLKDUowi_PKn(H8z8WAlhdw0_~gG@gy; z%#`=T`47uS;Wm609{9J$uf#dC- z4*lBn;}~!GP~)e#KbEh+6F-%AoUQpfdgY^W@gjNMIU29UFFYl;;%{&#zUvu{58?x# zl`FzObZ?LUD$mOcKbN<_#b3#9&((MvzUD=_u3zI1;DK-Dm+++T&5SLSBTEN69O_tm7$T{>^bM-UkB@mIKX7mZiX*Lc#d@(QoXZM(@WxMp|xS#x+l z$=Ok_mp5=OUV!(+U*T%}i#a?INAIEeHhf)f+EXsYy?e}d7B0gpzM*~)AAzg) z*8W%HDSwk6z?oy@kA3_AIloi$EyRtuwM658;$D2@o7%r}oW`HP{rDYRTB`9MaQi{> z8vjw>e}i5R+u*u`HGTk|i%-I76E*%1+;*sZ5AMV-;^{|d{2N?8NnYbEt)E>k?}7)8 zl`qA8$I0*Gq2uK(y42^KEbog;@!hx{|BBo2x^JuR!)M~OQ#9X8cpBc~9qr$ar{Ny_ z2A)4z{a){C|6*K^yUx`3Z8+s@`5`>xT=`jCb)Nj8*`ELTdj9w0a{Md%=U%A&Z+}ng zXI~_b`#{dGk-zJa%Px~wSs+itS$GES`cUJ!SJLC2Yvt8H3ghAZaWmc@GtJ@kmVcwh z_cVv&@8Eb#aMG?ipCfPqtJBd_$S*2{QG-UJstE$@g^pOGKIqn~HISAFSAjGOKG zxVs*|XBnUJs>VOU`LD^VEK;BJt~?pnh zduzQqyc)jA9M-GKRR1W>`KKO_Ex*%vW~1DUa|^WpR^MwpZDV;XF5gN%6Bq0x-;HYv ztzC7{=%{O;fd2gJ)k9;~F!Z+d85{=Ks$>Zeh7i+!}d>(Ebukm>}t5p60_Z%dz z_oMohBjr3ibd-D-PCG{K@Nr%r@8IrojW5D;kCTUR>+$j$KXLvi$Q$9h0bT!{ap|cV zKMa?jCZBE&A1_An@nRa@8DE9>$BpzQr>pP4S!c-W{jB3@#V6v$XKH*l&i=dHiSw%D z{6Y2ojDP-%Jh@uq%l#@ZJWt*MPd{HS#g#Sk$GB~peEe_pm&p&}+RNp|=5RfZ7U3y=(eC<`V zUK_p?_v0^dT8j2xGyJ>P_IfSGJL3M8HC}|P*OEWP6IYf0o~pi^@ikVHi`LcneR#(D z@?NWJJYyrd9QS0&b+~m?`2k#-EBE^TjBmV#<}2SxkH*y@sz#gw6!#U>OS%oxD`*p^Y_*GwRrRx`4L=LEWhpJYszP?t@&r* z)zjtb{WYG88^_AW;)MsuH~4so{4%Z`ClBD9QaO7a%|GuTc?=%H)wp(|##?aiA@aL8 z<4}2(b(s$r;IcA}pNWeOm+!^BN6PQvu1U-n{@r+cJ*6HkZ-Y~gk&iap$IlTN!>{+r zjQ2C%fQQPp|MR%3LjDD}o*-`?{vCQ-Z~lq${kN(e<7UQJ z*+laeU*mO_4V3G zjL$t^{bji6?{YI9#B*@^c^ZEQSK@DRKVEq=9Z%yl?Y|8kxKQ2;r(Yz$jSKM9Z1olR zOs^?2eHn*VWJf1~^{o?IscKh5t? z{TF?4mijrk4!>&-?H=9Y|mfj|Aq0>7++~CU7u_4 zI`~n%8Scj0Z-T$U+u*JFdH>z3o?!pUe182BJ{`Y}r{YiX z+4wtrF8&i=h*!(i^{T}i;;ZnM_&U4`z8U`w--!>#58z|*EPMuj248?*!T-ST;G6NM z_&z*KF8wqa24Jh*Wn#;6W$v?j1R;w z;iK>Zd@5dy&&8=<>wK=jo8uetp7?HDh9Aaf;b-tQ_%-|h{s6y(zreltXFTE?9nT8e z>iUetYvaA~NPH~b4qt-zz%BRy{31Rae}PZJt9`5W&&J#1OYx!jIy?>Ef$zo-;aBjJ z_@d0>Od@de?Tk#>d8y}BT zzSn$H@vitHd@8;g--d6+o%nv7{DbCu9Pf%>z^CK4a0~tze}KQmYc1A%zvHoZ)zP|M zm*VyD96SpDgm=Q*|ET%)#i!v3_5K0Xd#iSNY!#2@2(@W`LlKjJ-p z7PsIx@aK2|-fB?&SNL@N3w{Kzw7ss+AYKRW`HT9^@MU;=JRk3c(|^_e3lHKdyn3FFw;FGbr{SIP z1-J-bh%4|#_)J`b>+r?+W_$^L249Ll!?pMqd>LMQC$2Bf!tHox`~*G(&&DU=Cvgp) zgRjR=;fHYtehJURJ@{q(1AYasy0eb=Rh*6IiIgJEXK#+e0&iu#cj9}e}Zf9*1KxHMtmM_!zsIId>-Byr=6|i+YPUY$D70Pc5u8$ zo5TCTG5-Bf#^*79IpfDOKHVJNAJ$^N`)~%HkF)U4I0uj1UHxdh1Ku9*jd#Emct<=9 z=iwW1K7Iff;umlc{ty@AjSF-+spQ%^a?GC)e{C#;X}$ zz<4*~-!fjq_^Ny8_!{sgxDglNW_$v^6Q7Uo!nfkP@%^|JKZe`zT-=U7!5uhbPaR)3 z-UGjnkHbCqT)Yrpi~I05IPDxgf1lV(^XKDNa3M}D)OZ;liOX>ruErPR^YDXs8h#ts z;Endy{Ec{D+=MG|*57r!7n#H3-N)m3J>!LpKZet$Y5#ZdK#lx0{tmCOkJkSlZ-9Tm z+u+5x7!TqLaMHz^|6e!-zk}0oUXj+zz_!UW(5vk<0KkxEw!h z4v%NXI33SRj8`+h5ZBfm8(v|&<}bjRcu%|s zF2o1peQ>oooKF_#b1lxn53zqS`=^y^y;3}7g4}@LI7q$@e~BCMrUz@h4ex{>##iBX z{4VaqTTfKqjsK1Z@W1eP_*MKpUVwkV*B+|*7UR9k*u;4a+#pvHf}U*Y4AQa^w{z!@{N|4+CSk33rYPr%#Z zGCTp7<1=st{zve};mf1>e~;I_re8?AA=h< z()eY*KfWK=jnw#CxE23^XJl)9{c^207Z>2XQ5ru1&pAx4#TA^-ojClutKsvTizm|e z;<;ODe3fIhUN7DPr{-$B7-!>CaL%?GzaAIjHrzH^<6XED|LFZ58qYjV>lfof+`qrZ zPrBadfau>JXW-oyIy!n6uGoDyG?eN6^bp1e-qQG)xa~dpTHMtu&%k-#$S>pR_pLMhczua;+U0dl(D9T%B{-^TUxS>~WG>2=~!JjWaZVty^cZ80=%N%_@{R#H3rw4-V^^^aoj`ug5fmb|H z<7IeFT)3y!-w@~SCU1^Q3*_x^UZK1z&U#Gi72(Cqe<1GPSNk81>+aY76?pD_@)>x3 zt9+iD{V&5Aj5pvE#&5;tXX?*apTH$kFIJVp2hgS zxDOwJGueMCZk(+C3S7#1x8oM}e-tmquiJ`s1F zC?Adc>*Pw@aGZQ5uIKun@B8!k)#3uiuf{$2COm`3=MFshiso;{O>f8#g{z*__^!C&DY+PT|3}9+ z0jIwuAAtw%*8UZE3O*gzwrIQ>SH3M@>ifSVUxU*bzZsXmtnn6H|B5^l56qKi;~w^Z z0r$V5@lHI{DSv?L82=1U{y^j3;qD%J2rqnJUTLzf?;!iHg}Z;$cov@jle{giW4r)o z4`_TW&izgN!;LFxy)n3aMR_7l zVfV~-*OF)A<_vib&RIcz882R5eg`)t%b(&J z_8-7WoX_t#Wo7NZ%IUhEb61tu!@a3;Htyd<-Vt|iEboJ-Fg^iSW@)_K_s3`8(j1Ln zi0d|&uf~hFkehJVmhywRayxmpk8dQuj5{*rZd}Ir=Qxw&{|VRQ70%H0$Qh|V9XD+z zZ-!g4axqJ+s-X~Y$@-OA7c;Z*`c{t;1`BI!c zAlKt*d_1`k7vS6RBzzxk!fiN}&u5;%lNo;w=i*m!3GTx6cmW>5pW#WB`uIO$imv}0 zJ|3=$GjTeej5orm%(n&Z!Q0`XKXpBJ_3>n_w=d2}kxTHjRQV9x_M`fvaO*Gf2{@h4 zH>Thze0^{}F5&Bg%kg}U|5}`j8}T%JC(h)29>D$h5xlTU$NLnXGE?t&FX34SY5Yx` z&-e#8;}D(CBHa0i`fqX185;iu*G`a^pQ^{Jm#@E8$8+)eIOlQRk8$zA>bJ#>te5Zo zc^cmb=N=}PxMyj;Lvai19gC~Z*8ZpBX-CRu;~8Av3vtS68n5%7$Mbr;aI(gm@M3%~ zE@%HXoXLE%aUJ7xaqFWx{x@(fejm@ri*PaXeT!2${y{tmFL$OMk0HDYp3n1TZCrbg z*3ZIacpKb~cf(nHeX&1I!ezJ+pM)oIyl3Jmr|bG%fYW(C)#3Iv^!&UY*R3fxxi^*X z!vovO|Hi55@@!nPiToU%wWIthPTEE8!c7P0_&&tdW8^;EvcLR2ZX72M`TjirRys@9 zzXY#^C-ZvA!~?r){cPM(`UW7Ye)c8So;q!7ip7?@%I?m(s*=e|B zf6aF}Ui_T)pYHCE@4|!6%5AusuP2|xW%xzhh~LE7yx;WT^dq$X=eYSn&Hp2A;p@5O zt8_gZ`TA^iT*&zPcyzhu%f{`jw;gWXS&!H5xCoEI)%akXwu|;Z26r=lDsH$-<7eXJ z$K+}}t5d!Rcg>S8!#RAuP>&bBqw(oD<3srtJmU-bPF&G1x8lX$%QM|8=z2Vkr>`bI zjXQqT{&R8jS{k2^leU(-a5t~N1-OOR(`UGAwD$iNS7gaQ;`UwTA)K_IJmPHLug1zx zUlhK-7``{%$@d#e!uMM%!tW9A?c4-k6?|g&PUvQTj6d1;**1LtabAkPpSyPWK7Mv& z+b4XhJgLri4!7gOcx>xSS606hz1uSD?SH;mAKUsW`a|j6*4V!D!alxP?>;N+zeV`| zYQ~%T^Nkw33AV=O?>Jn?cQy07ZQSPXwL5G!zxyuc8=Wv;?-81BCiA&%3Y)Khx$MT~ zi*3h~b)@i>qeGBXN(7Ua%zR>QlSzqV~x7Lq7R_mvS$K4)px9w*A zoaODFHtS;#_vPwyyvJ5pKi}@KSs&Z_p>p*F^lnS6&$Byh*2lJfZmRk!dbcIk`}4zW zeQfLdE7V^{@3#G|kFU4&v8_)}Q~waX+xvLEzgmANy!yg4Nw4_%WAEej{&M|v^`H6r z*!%c;Ss&YuznJ|u4X-NHFIdrQUf+?eFI`{#*Ys}h+y9#n zKR;tzpR$4al<;Rs_V~EHU)uHU+)(}I^ltAv!koU@`Ny{P=TB3=553#_@M|uXY}UuN ze(r_pkEeHgpOWzY5_@?4i`8G`>tpYyFIipJKeqK9o2b8)-tGO;u3z~j>f7nv-iL3q zE!ph+W83<D}Hh?R+w>Q2#Z( z+xz(WXY0qd^@m2OUpai-vB$&h{nFOYx=Q^P^ltCt_5N!8qOH{LL+|!}Y3t`)t^OE# zxA(;f*FUzMe`T)v^Xc8*$L}9@{IRW{a;^GCdbjuS>(~0&*7x!A53}gq-Y@O^lN+@D zoAhq)mv;SYc2NH{z1#cveE;hF3&RT}oJP_r;qMmP^T+M|(vCl6XZ54#-OJjS@2|BT}B@w=C`&$wNE_-AT|d-pQ; zh3fb99(&(mci8OubvVMU9e;PB`tZ-P53ldG-R$%2!my8T*2lI!V;}Vw`})`#>t}f! zZmo}P{e1SnpWbbm^-FvGO)t{=FVef0wV$+~`cLWI%i3p$5AfkMl9JZY^;_cbpO)qL zQ}0y25xv{jk3avg>lfRuUorjG^ltB)!alxPAKUugyR?4zXNQI#f4BFgBfQq*7u)*0 zd(@vo@AiID^8fa+t#7zr{pIv-?`MU5e6!<^ZGF*$>hGd=dtZ^Ter)RtO4L71@Aker zVg1*z~KYKFV zul65(f9WMW5_jR9v7L`yuhyA5-;cw%U2nIaZ}@az$!6C(w)H*q8-}05wBGG~Wy0$v zw)I8-*8029ySXY<>C5Qd-ZzEE#5e0>+xqF@3)*m#R7LN$#-1&LeBhxqx`m+9T!cZ7X>vp%-NlZxdmpd&SL@H955G2jczw6` zMRteHdiQ~0|1FZk_sjVGKemgV&j9ls$$V}bxAQ5qJ8U*zp(ET{Kl&M+&#m-s+ih9; zDfFMxyS@KEpHFLt^9f(WXDzRv=e7Oqc!plp@vIic?eTH@e5v8T`DW+i-qz*|*QYSy z`qaFp`F3YMx6hZE@OqDJ$CE;TAidlBYCo88YscfR;CK#6IG(0AbUag;&+YT|CCujz zzXo*p{K}Z`4s&>~*oXJW8RqacR2siu$)>U6ukF-&&#<1`*PE8GUTo|87peb%-tB#6 zLhla0HZp08@Htsc!tu0!s`-#^^ z`r+5M4X^L^e*Tixb^NidpVp6xBdmsMulFfSef5IJm z{vMI=c;>#N95xB>r$ z@5d?Y>3m+p>)$`2-*7xU!+17V=GG7DpEx_||__e^p>nF|C zdg0f)40~;yoFQ+F*Tj{0W893l#w|GC9Nw?)On85(;e7rU#_fFEcKmie!!HiI4V#^h z`$Xm+WPTgB>r>OOUC#3Pu#MY%Rd$EX=5t@ieEBcv{BOqx;s^2JxE-I0U%;*SKX?}Y z2!D$Eaq){$+vxl0-L{)u|17)1W_^|;+*;pBzg+lp zS9|>3wwv|2c8AUS*wzoOrt7}}z1tG&bHYBpSs&Z_tToi<)4Q#)ekkGd!`RkmuBCo| zdbjs234h)i+xm`m)R)t{y|1%7Y z?yy~h7oR(4xx8jV&|V>gKXBv9`3hNU*$cv#QN#9c4K{P>u0ck1HIe! zw>~{#{n*xbY_0WY(7TuPDRxhrt#3b<=9~3hJF0(?-fjEX`tkL)KDPClJFEYM-tB#s z-C?sn%Mos^FQEUG-fg?t`cv!D}Hh?e)=2pB#Q} z%&x!N`}p%^JO0?V{`4bt{#o?yW$inE)aTCy^ltA9!WzEW`tFHgfBXJ)`P%>c{pr-7 zHQ%w!=l1!gB>QZ7JlyBmeBoLTB|Jade$#wcFrVA!%TM_D8QZQ;-yiDlq<4E?_}{}B zetyKZKIc#MbLidPmnNJ~Z0oC+*W>d#z1#bV3G2I8%+mF3TjzhTZ}JJ6Z|yK{&lk7P z*OM?`Y&)KX^qbMUyU`L_G|u)lr2yFH(e-hrzVK0j?eNyj%Mj1SL`!_<0z zN;u!5$aZ|Wr>lRS-tB!~*vB_Jzu4BNPf_2KrS;v`*!iU;^zOm1zrCLF-qN2R+x|9R z|EZd9g^`-iZR0jyR>FL-txr8o{YZNEvi8|i)$c*?_I{e(VYBNI+tzQUpFr=n#E!ql z?yy;3!~NsJ{#&dXejbRwuVVk%=F2)$$8#?8xozC$n`L*{Y`)mmchTQO@3zGH4!gr< zeFyjFg#GP!1{02F`dK=j_n6OZnax*8Z#OnyY&)JI`Y-9-w!igtc8AUS*w)upY5j~% z!~T&iS(ZNaZ1wxmyS<;x+IC~>yC;YJ?fJTA!t=G7`OalNx6fCfFkfstpVAF=JdN~j z@8i!$?08~ZUqe5W-tB#E!uqkTpF!VA?_Sovn|^@a?R`$d`tCJ03)eHe-{!BYj~|)l z@O&H1zh`5a9bb0Nh@^0nR20VT@pjv|J>GeChs~}}Z0pPDE9u>qSf3mI9)fSy$F{z9 zd#ztb@3zMJ=^lq$>tkD=v4i>+dbef&uf8MfZ_l@~gy&m&p5}Xv`P@EVVT#?;X2%oT zj%NnP^9jA%3Ok<4u#a!n$F_cAf!1F!>}-#R+ZyZhM|iF4;odw9+WAc4e0IRc;k|Gr zF2Sec!*LZp5ub<8!Zo-CUyiTF_4pQiJ-!b&;#v51{48$4uj2>s2e=LQ;m7cgcn%)1 zxvs~vcn$m_&NL^7@2~LjeoLG*?|;8PRllbmkDbG~Jsxg-*_{pm*CY*7vio-B=&n`tE(T{w7=K@o?Mz*2nKp*2lI!wMhM; z^ltCx*c~?O-OXWtd%lc*STR(4{`akL2mRKKO zU+ZIAKSZA&{vM0He%#(q4FAnH>tkDAdZ5Z0iRn=z12@yS?vC=wn;obBOwKdbjuCKQGzr_+wk29DdJkxJf#T-ffW`|LE|T z`DT4=>+{0z&9(k2dbc&!$Lsyo`jhByrFVPZW|Om7AKTVX4Zla%c4?<~TVm^nZznC; ztdDJdMfg3qwo50y+al|yC-kwc9}K_O)^_=x-o31SefT}G)~9b7)(dys-sjpNn;m~_ zTfaU0-dEdYXL`3KcKoRcy?g(#zkU8&%ICkwo5N$hO4t8>eLOe(o&uXUoJ zEA(#f=h_`MJHOc0C!eF&|3~z0OYD5olZnHP^|7t*2)`#X+$4QZ@3zYNhJ-%0^`+tW zfLXuhR$>3h-Y>R0Y_@)E>x;tgv9f*#dbcIEe*FG#eQfJek{G)`x3juW_@hy ztLQ7}-Imz;xwLj;eQfKSIQ|Rh-M0U-^z-O%q<4ECzhBt;v2Fc%Q+56`y~o~{+Z{IR z%N^m?`YiT;n%-@@+3~m99X9J@Tc2^Bo`3JsyDhQ4IGH%ySRdQ^@(a~}OYgSIdjEXS zY<+C&n|b_3Y#sKGZ2J$dpYVGA|NVL3MOuF=`b_Noe7nPD>&LeB`>J&P_oR1QV(TyM z@00ei-m%^%tlyh({bJkt73XXHbLri_erv+V@7UI-hTj_#Zju`5-QLHqS3CdM*3Yli z^?QQe?R{;+@yE8l^h)*b(7V0QPB{M9)>oXX&Lb}=UVln>D}HB`QqW$){kv{QjLy(KYF+Kl?i=p z>$4lQ{t5JM@7ogk*w%N^UqSEoz9pfLZG9!j-%RiJzSGW;ZG5;N+xqJ3bo?FkZcDPm z|7In8{utZ(+<&U?qIY{gBjNFjZGHYFy8d6$yS?v9=wn-7ce(nNx6$**?S1(2b;&k9 z>>u0u)XUW8(!0H%yrkCiC${y~^keAV-lv6qe6#gqTi<=NuHW(WZttgg9B!?TZTvRNP7*6(EfMf7g(+f$b0 z!{;B{`kH@e{Xgm5-ghOu|HZa`;J944=-uAO?>E-Rw!Vt~B6_#?S$2ob`YcDdwSGGNjr4BY&0haYd;II}*7Iiuy?bf> zD`9{8dS$zWuLqJ_G+#IKxqZHxgvT?solnx2>VKtod!MwL-P2~*BewNv)Ae|)x1F93 zZY%71^x7RZ>tkDAd!N?Np?6zi{S;cevEIE$*x#Oa?|Tzo-?6PPds2Nn zz1w^Hdm+Br@yE7)bfb>Ho8IlcUw^apv8``=Q|m9HcY9x&VfVCIAKUt*pVcovI$ZC_ zR@n7#wmWRrH#@?u_09C_)4Odq>-!VFe;V8R`aiUO9=+T9X1l}oSL^5gsr~?Zw;r`Z_now6Q0j4%y%yHxvjVP{;&6&TbQpdVZN;J329h1sg?QMK40ysc2Aof zUu?TR%{)Km)4Q$se;tpFTi>#(*8kYg2Ya8IYWK9+`mwEVTTlIp+lTccTVd;0DINZQ z>)jiN{q6cbm~cI^Gc;c=^SNyTn=d0YzS(@S?RYY8R$oN#wq{wbN5Mww52tr~KgAah zx3<3fOwQ+pg!7rfd^ODH_W8;a-hX1-`80AqH_^MjA51u&*w#1PqVs8^cY8mS(8snu zHA{Ubz1#czY`$GB~=-uAO=lfUZKaKtg zdiS#S?eq)j-QMTh9X4A(wq3sg`lKE8_$_g0mgV}5-a^-JGkUizX?>C1VYBsP+xk`X z`_j8DvA&enZmf@O{apGAdbjOweTLm(vp%-Z+~9wI zUb6P0<%eI-1wJ3PX>7jMg!jYPc09S4s6UF{?R|N|=hv~V?+f3M3pYuZ(7V0QTgmQe zv-62O(@1=KJVaLBXS*`uQ^|7t5zfAq}^lsbV`lN*Ok3HO9p?;C~*!zWH4c~12 z*w)Y3Sbfq?VZGQPvi1GviER$+V_QG@O7-i|yKR5#(^Bo8HtSyI)|w2NUL-cBAHdi}~C>U+)@rPn*r>?q|M-66VYKx90nm z`P?>x9baac!#A5Rww+(mBkD7D4*N&8#`?(~hg<7oTi-^%6TRCq>&xv9oAu?6aBF?q zEUkYGz1w!P-rrx$*2lKKwlaD6_5B9D+xEA9UidiXoAt4+Pq|C|PxNkUmSz1s`t^1R z`-l15-sgw^=9{hW-X`pC&%c=okLTpObv(N>pWEm2&p*vJUu-*{9{MZk-QG9Z9X9J@ zTVLIx_2<*OEg8O^VISYDpNGHXd_LrS2JwCG{O_Od7T&A*R|uat*!6PToHl>C-C?u& z%N^m?j<1D`uC-$!dV*2lJf)^B>f zzDV!3{jHDB*ZSDjS3jxs7tp)C4CH1h&3=WZ2(69!>h}e}6u42IsRK^SOP#nuL$wDf;zZ<>V`{{Ov&DM`?{ge;XA5ZVL#MZA&c)yEnefI+O zm(shvpJsR1Z2j2QPyA4Q3%%PCTfZWiINVqt+xp%`>R+dKTV?%3yTfLEZ0qwsQ@@Db zZHe{q$7}0jTi-{YToCq;?0s6o^^0x&V4v3Cp5E#M)i`pxui+u!CKR4{-oAt4+ zZ|c|j@6)@jv3|P8;nsTh@_U5$`_yp#5`I6$=&v>3CSlwjPq$5D^EHM4=9|qI+m2`c zH|qDLcUxn9SaQi`eQfKy=})G2TV#Fw^HZG6A+K6tkC#=XQNQ@e;k;`@FD^ zZ`Q}Qe&7!Eee`bc{p)qJ^|7tbxl?`0Ug3I2_CEgk8S7(PpMRJ7QS@%_7cX!3v{@h9 z`rLcf?@#Zx!XE!jrNjSkeQfKC=_k;;EwFxZ*vGfw^&?wf5WZn+|LHh-w>8$sKmTlf zZ0j>0P=7YP+xuw=ufN#V&%Iy$#q@6P%j^!DtsmR^_RUuqKK=%JwFCL}!JL%otr`y4?+4`|<{l=NPejn1i zEwT0c!q18OX1)8Du)lr(YGJ~kf7ZOG`Bo|nec0b^bJ%>v;lKH2^ToE~$?s7=vQWL- z8tcpL4x9Dmj&N&z_E+k6C{*vZ-K;MQ`}k&kZ0qN}ul~qF^=@mdpOVnWw!V?$KcC+1 zeOp5B{zur~uIDES*R%LT9na0o=l1z}><*iqPi#A$`Fy=~U!l&&ZHb*vYr^rww!Z3P ztv`?6?R`N)AKUu2Pt<=%@Af`k&yGK~^<};4|D<;>tzVYK=G!)m+w;@y z^Ub$AY<4`c?Re(XkD+&4V%KvHt=(AfJ~r%ckMB1L$5Z#Yj^_;Kb6aoo<%BtWv-x7% z@wD}+{|CL>8tdcZw?4M@)4ovOLhoMIzW7V^Ptm)*kDrgWe(d4(`_;eW>tpZ3kAE%M ztdDJd+PCU|qIY}mf8JxZKDPC9zE{8QK6*a5y{`=W_-1`<>&q6aA5ZW0zTD$*Ykh3% zv*~Z6cUxwUU!L7zvp%-;9V$AAfA?>*=qdcY7Z{-|YBfTVMH`*1wP5 z?R{N%&H842Z0qMOuj{vJk*=TH`_UeUTkGAMhyCsS;QNI4gN_lJZ%5{H`+O;34&Q9P z*mgXF9M7TjZtrtF4!733r*b^May%E|mH6|VtMR({R=g>`AMcDG$NSGKSY}UuNK4S%~ zKZ)LLiLIZtJaM?O-aRGkZ$B^5zTyA=yhP!a`h4y}=5yODHeb>R`#)_qUu-*`!mZU` z<2|;*`Wm~#W_^t#+*;qk{xR?5U>D|lP_tPIk@AiJK-C?u!W83k!6>9zS>D`vt@wbM3e6v2b^=130Z=!cw zV}1Pjw)L@x*WXwD3%)+~zRB*eSs&Z_k|One^lnRR{dr*@->i>qefoatR~!@ek8F+g z@%JCBk8OR{81<9r-QG{OJ8ag+w!WVJ0(!S4wthRU-B=&n`l4d3-%Ibd{jIMG`}k&k zZ0p&xv9oAu?6 zaBKYl$A2ch+jg_Q*6y%bAKUt>v08sFz1tG&>%u<1Ss&Z_p##)!wSU+@vNhJ{C-kwc z&l{)yE_(N}_NiRI4aRDHxA*mShs};Z_VDqK*ZSAe4`EB}_|p=OKeqLg*?*-2w7%Q> z2D`&%>&Lc!kmE0-cUxlX*Q5}K8|!0RUwycaeQlz)`n#>L_2c(D>tkELaHjfw z=-u9@hkbmrKDPC}kE=hP-tB$7-e0ZX)ULjX-o32-#3$6hPVZjUzJ%jnZoICa+xtel z!)C`H+s=Q+!&-lRdbcHZ{X1#x#`@USPy4s}JLuiEzxDB-2U{Q8`rhytcEe55GxY9d z?K9K#`S?flZtqhPK7WpF>u0Z}eu&=feSE%l{IRWHO#jM(y8dqO<3IniKDPDq`S`hU zsd~5f{b3*9tdDJd>TF%VAL!lQ*C%_e$1k?^jZdrJe}dL`dtdk8eE9K?ZGA(!u3sI! z+xyIf&;MgvUmLza3O7j)(Yw7bPk8)dTc1w<3ccI=DRzf#eAqv>^?jRY{S6M%`MWK# z=Wi~p-B=&n`rb{|Z%yyE{jHDJ`>XY{p3(K+hu-adn%!ZuKDMo&IZ5kR(z`9O^*ihi zoAn)zaBKa<&D38^@3!5npR=;v(`J2a>(jPT-$d`W!ulC2sOKDPC9c2xf;z1#M; zzBTOQoAt4+uh>cbJM?aAmZeYKMg7n8Ztu%8eRUmwY+HZw!Rj*)4(mnszA^ka-|YBf zTi<@D`qA`m@0a%cNj^mVarAEQXC6?{ikL zd)n;$V_QGtCG{`RyRERtFaCVl`q{x$4x-;aGF;rHLyovG`&(qTFtx6NSZlap{hvF&`itJII8cY8lS?BkmqPi*Vk z=!@yy-sgB6Zmo}PeO{BU=VA12?~B7ezF8mJ`j&Ha{Ppy1?-zO;Zmo|!++U#n7VoiT zcKsG6tRLI@-T}QIJW22NzGRZ!(`M_(w!Z8S{d~#-dbbs}{?eXLIe)4@wM>t{+xvmd z?4CATKenyk@}7?WVtTg~wtimN$2aR^Ti^XY@2B)`YnG+&ou~d0dbjtv3Gc_TZT<3l z^!U9=@AiJK-C?uik8OPuKM(y8z1tEy{x({>u|Br-CHHClKj_`Izx4$PufN#VPrFUe z|FsVf`$zUZe7j-EX6whcKJ9f~zfI`f-cL{X`}*!Z!~R<&htDU!)ZZ5BoqsO9+xv=y=TmI!lO9!nIKA8ZKHG=Q){kv{$7?$NDfDhj?D%U_h{KKbv8^w9 zNB#BmZmX=1KcBKbw)NBARo_bQUeW{X}}V_caN}AKUt(Kh)RK zyS-nyWc9!Pc-%0gzLDPTef)g4D}IEt@Pg$ zus*i+MJwv#alfBG_I@bg<3Vie`ySKrryQln-|hXZ|1LlL`iX6Q)8pzV(Yu$mFI-v2 z-$w8DeqqAr6R~amtZmfy(!0HH4*U2vKHQIOefn%2|B6TJ{N3Kizwg!h*w(i^t$s&( zxA#e5AK$ExZGFeKI{vZrZforQrzqk5KeqMBJE)&V@Akge?y%YVv90f;e}LX?iLKul z_VLa7*w)uQr}JM-@3zMJ`12R*V_Tp9y!r!<(e-zG-)DE&tdDJdO`gvGZhE&Rw*KH+ z#No#J*w$B%QU5Nz+bZj4*c~?OV_Tmc{sKX`N&1f7ZHe{CHppguZ0l1>)bCv$_K$3d z_3_tF*2lI!_dxa6(7V0QO?dsswmxTn_0Q0|y)O&<_-5gROXy=; zKYG0SDtfo~L%w*pwe@3L-|~!}KX1^xy^o)-*2lKK;92#X9H--VdtVav@y+_!)|XAt z@#oRIy$^rUdp$xA(;f>&Ldflm04txA*@aWA_8^_gwdX z{NP|%8CDI$DZ|uBlgUXZCW~E~SsE=ZooX^#S5xD6%G8O2sZ~d ztD=b5p8xBZH8jt4$Be*Bf;50Q7%6~?eb3E|5@k^eJ*VE1NZVY}-#plM4T^s&!dAI#a z4m4OlH-5AH)}M^$gB!y7`SS}tH-61aasRzr-fcgp@_vvTKlR_?=g7P5$8n&+`nmBf z@?VvAL)iZ`S#I#T@hj!8kau%FzK;V9d~W=rmt+68$h#rm3;+?{`%DYkh*Z&Id_tnRL<7>k& zly}>=l{GwAKR4^o8y@}^dAEIjz2S4?XTB!<3VFAEUT;h5w~h$^vb@{AtE}OH&&~Sv zyN2ImRy=>)_T`^r92ofA_^BhqzfIn4zi~jvf&{R8FQUO#`o#OKB@l%Fi`w$JNrY5n!1 zWBs$`-S+c2(7@+r{keOEZZpjd$Nv&gb*Q>dNPdPR-Y+`P`nbyUgLie7V`r z)O}(<+npJYhugl%xZL7%<9p=i%DZ7)&k7DS@VW6Vb+P_Rc{c=~-@oy>@eOYbKm1d% zf4BW$k7wJP!XGN{wr}M?gY|Q>{>Xj9UoG#3u>VF`Zt%JBQ{|tNcXK{|4hI_e-1uJk z17^qdyCL|_%IEXk_?ZX9{!f#4+mGcygY|Rc7s#J0?}o7cgj(TpgU^khQT{+gxvBZY zr(^$aRKMpyqu)EqEq;;wx$o2VQ`ZPCw>3hN-ChxY--#=MDH-6^C@YChp_WAP@J~zJmnDA%I zyX|Lkpn=bgA8~B>U&y;5T>p~F>n}IH@3`6 z7s$Ig4bOi(@VW8Jpvv#hT&&&pn=bg@05R0-VMRmmUBGt zx$#}oV*LZpD(9!h;Aa_^TYPT(h?BxkmUqMO!^$}x_}utWCx@RW@5bO~8kbvqZu~s? zE9KoV{3Z@G@VW7GKN#!(R^AQ4x5{#Z&y8RI|HA)K-p%>=jg|MG-1zZp;`{G5pDpL7 zwx3nYQ4H44jqf}^*56m&jbQzCLHqw3pBum6g7AmSy8-y+pMU;?&y8y`C$~uatLlKE90u4Sa5VyZmZ-Hw0f_x&LzGmo1F-H_N;2^Zmv8x$%A94u9y} zxc}Vt`T2s+jo(~;U|nu%PLg-q=j+Ai#*b?cKS$ne-^YOlJ~w`o{Lkgx5bnRcUwm$S z)AwWj`{dpBOE}QL=f;m(6#k26$NlGquzvpeF+Mkb{N>>n$-9T@r(O~MCV97gzQ0&M zcmMvc4F8h%ueQ(k7d|(>RF057iI*N%#%& zZu=G9e7R-+x!M0J`Hz=3)-kE=$5r0Ha^r{f#QM$hZu{|-^>gDJDZQynjt9=Xl_A;}@-s^?xYu#^Ce67lF@>pS>>pGI_Us{`(&I-1rsGhJRk(ZNHua z4Sa6=(&xf&_l0=;+>oJMf9;>c?0Zk$2lS zaiD>3a+F)v-*kJt{vMTga~jt_ww&XE&y62F37%=f>a%`}t?%rQyFU@3x=A zfd=d6X8rk7!e1@#hOmDAyo1k;UvNVB)$(rpB^+qrbK@sY4ZmCYg)Q%YZV2nID*u}Y zJ~w{!iQx~EcVqDR=jHg^_`VN>|B$@fzN?($fzOSfb5i(o<=ytHE6?BD_{r15-z4w0 zZ$Hed$M=ui__f~%|De3vez50H=eNS|d0yQAZu`2jh6mT5oAtZ({JTlsZC}1E3=Dj3 z{FraX`j5-I?OVz@9{Ak&WedaqL*8v){+vnFi*Pk0d z_m=Rxektxhw|!@2{oMFb%fcTi@3!Cc%J%y|Kjp@cxHbIA@^1UKiqDPjkpG&z+djYE zrj{RnGCi=f*F)EBv2Y!n-l}!QOv1YyTI0IlSAxi31JRZ*r7d)*pR$tbe7v zo6}f-S>^Sg8^2~n_+ELpeg1hB>*vOI-xq$JyxTrM-uT@38TW_Z@BFxaxBdKbjt4$B ze(lQeE9Bkw4HcgoKl;J&U%MdIciT_%;^mh0bK~d8|5Dywm5_)_2=a zDCco3V(^b+kRT*{WCYd@saRL<=ys!y?@uP4nOk3*uUF;uwVbqek}ZWdAI#w z>yLjt{6+F^`@z;<^hEe;Qd4I``@3}4fhvnV&`SD`?-1reshCfT*ZC}rU20k~wQGSiQ8^ZqA zSFS%deysld`0-zf>v!AF;Xs4+bK~3P|1R%_uzvn|6h1e8)|hzw$9*-{ciT_oKm(r} z-z|Tyyc@#$!^=4y_}us<`^EaFE{OHr82pm*`z{`M_wsT+?{6>b{p?}7w*0*Ah4}l^ z>(rCf|EvC>nmJj2PJ66h`?Xl#&DU9fT;=(f8{hH0@O#L+?Z@xIQ4IE<8^3aK_@m_A z2-eU4|Ec)g__e*^&yaW9_wB+_418{U_kH2NF7HOL{^Fqh|BZKdmGim(>mPdc|DR*i z{W0G!HJ_Uam~UyB!-M&9v!BrqguheXjlt*NU&80cPkJc)I(fH!cR9xc@80(7@%;IC z<@vF3Rm`_r`8w~fZqGNnGGA`?)AVroL*?D}t(E6jZv5KS;hW^$_H`U+a6NU7a*MBh zG<=J^o71>I=hku*1D_k;{6zR0(BdR_*L?5`z4j{54rK@xbTC zHy6!Ccx*$cYQtlp5KZ4&uu@vd=K`(=fG3|`1Xs!KP&IHA64tsuJ%~pZJ*z7SU)$uVL|w%mxXuR z=l2_YZv33Dg}>!{;oU>^i@z2Ax8D!%wy&vt|IW?&i@zOywY}QDt@8ZMjh}c~_!s5f z_H#MV;QDjpm&lJ;6#I8Wc>OfUa)Zx}-ypw_yqoj!eUCA6?Gzz~{!-UKi_MB=5HG+TA){pSkhf%feqN@3!xJh4;U{a^pAY z&)4?KyX|N1_R0k8KR15nr{d?6kIB33^ZkX-jbAPQhAZR#a}U*znj7n%B=5FgS$TiW z&HB^y=L5eZ@3!yaK!g3~#xMAEtpA|A8^ZH9pT8wP;WOcP>4@uh+vok_bF=>V{|^5_ zdAEK3Jc`eaANjfP-<5aU*OqfU@VW6*Z;j{QeI2oXH-_u)<3IzS8$ar{@O%6qyc>ca z?DJ_$U--l2-S&CCEv-N4j_~KnyX^=2`>w0*41cq{+dh9DW&PY-|Dt=sKPKm%Q6P zUoSp4zHwFf74mNTe7*SG_%-M1_4mWL|J?S&%Q+tS-1rSz|9$dq`}T^@ji2$QSpPzK zxBY4_UT#@GH-7%Zas7+r-S(3z>*vO=cqIJq<=ytnE9>XRFIpY`d3m>e{(i^)bK{ph z8vZq%asRvR^ZkX-ji35>_#@@r_Jh6tN399pD(|*0|MS3L{oJg-RQ?`$w|(C4mi9mG z$yk5;tK<6J_WAz8=VtvmPlex4-aS;mU~TxL<=yuA@n-$ptUvwf@c)o^+vojmY5#Md z3IDol;`-e~^=*F)e~7$$sJ?q$`1i}Z?Z?(~6odWe=K5Ez58o;8MvUP<6`vcwX+!vb z$h!yg$NeaN{@$vezfV{HO#Mmqot2-@kN$hCH@AF!Oj+OU^)_&z!S&{5zr+7G{EhN% z2-jP)1OF8RpS$0`9R3k|H3Hwnfd;KY5q%kIB33^YX)yL&l}6+-S)#qaukE>cmKVd&+qp=Rr&KHD>ub_+x#RR4>vP#e{^%P8qAlQ z`*ZE?aXtIVyCL`yWlax!Zv4i*!=EVc#^C3cb3E|5@h$(1{huN4#^B43RR#t=H-7X> z;d|xXAbkFL3qCh~VfjD(EH^c;|7kftwS5x@8u%thxy8?_3xArto6}f-LoG)!@VW8J zwf`IB-3WYp(Ek6%=f=<69M`{D-VMMn?U(Ui_}uu7y8aLREUw>;z~|Q=J~zJZU$OpW z@^1U}TXPfxpBq2CCVqeAUU@fy_4Ds9<8$K|9T4~b^YU){<>ed?d~W>gU1I$a<%z-L z@3yZuF1P*br^dI-pCRwIUy{zp=f+RnHP-KzciYb?=Xl_A<9l}t|2KKJeg1g?J~w{Z z$nb|=AJ^};AM3@-Ej~AXz5EB{-S(Z8?}xeZi(em)-y(UpeP3n$-1vEK2>(ZUxBXy0 zznFDk`0all*YCDpTUkFh>rZ}j_~Yf>_JjTUW9?hQx5>Nh=T+9v&H7FC;jfi<+vi{J zPbuf;#*Y~n{w{g9eSW>*bK^H09R3A)w|#k94h(#5e8=0vH{KBUzuP{)Uhui`(+>%M zp}gC^X<+qu{^rInk$*(qZJ$5CvVLy-gu`O}Bg+pqc>i$Q=ldI<8(;gb@J;e=`+R@n zbK_SuhMzC*wjb>ISO2;2Z}>&*-))~CFV@e^`m>G*{~md_{em}h6a$|d-#$0|ujJhb z-v9HzcZ<)BU#q{i0}XtKquk=x$sa54 z<~00L4m9w&@tx3 za+F(qhkT#Bo739Obru{R?9KN4>t9)A03`&riAWvo8w2-Hqk^)b{!F9_#1E z&$&4KIC-~yLoG)!@VW7|mxe!C-i=`Y*vNV zl|Sp(Wxdq))64(nfzOQ}c}=XpRe7VtyX{9*d~W=hABDeO-fchDimbIN`4?xFgH*M>jye`0<2P<=yp_^odV@3vpSfd*UAF zyCL}Ya*hW+H@@Y;SpNg^ZVY~&ak<6k#&4FNE$@cmTesmT20nNH`VYtYmw0_O0$(4r z|G)9M@uQv$f3>_DfS+8>@xbTCcRm|_nY#gPd)SQN2wH-$>@VW6bpNjRz%exWy1?3zMd~W=P zwc#hryD|91mG_U__+`5PKP&IHA5nS!un%KTh6l-&wi--1sH`3V)Kk z+djYESwA;^{J+DWCGWP+j~6~Se&SX;)s&l>@5#IECsy{K8$Z7`{O{!5_WAQB>*vNd zY#aW!x5xeOwx7=CH1N6cZQF&vy1cRT`g22g{^!q|_}uu8?ZbE75#DW|-|z6b@yq2~ z?+ov@UtG@dz~{!d>=5gJ=C1JWq5APVg+FC^c=u5Ky5Zs9dv|!Z{Q_^k+_L}N?0@cS zzPTd|mhh?hWs@@2&XU_|2ok@311g+rIpBHUoqG=f?Mr3ICkD+rIqI z0|W2=S2^JKx2yku?``|Vd^`R=_T%<^vj=92`!hHD>8=mIyS&@Jsp50vH*5Wi&cBD{?=IkZ}M*Y-dA}4^C35W&6~sTdS6_>+kSaD$Ak5AxyX|LHd~STl`0yj{kNvyt^Lp$*H-30S_;cmm_D$s+4}5O??01G=DDSo( z?DO>e!^8hv-fiFM#mg=0=Vtx-cZGjh-fh33;&bCiH- z^;gKBDDSq<>uqWM-uK4(-;{UTH*uhWZ*r8|{{0^l{vPjN&1qbJe!b&!;}`r__v!7^cKwaVg+EQ+Z9mxc*S{}(x4hdv|NN2t=Vt$%@*i6j`*+)KEa!OObK^%(iS^Hx zciT^>wT}0n-1r$MhJV8!VtuzgkAVm4=f=0lH_E#)oLk3%2ENWwZt)%R_shFE4WB>% z;B({aKM?zWPTp-l*!%bN{o?cd4iCrmyY1(2puzgNS-(&I!}4wj`(G~04L&!1(lkAP zpRZdpG! z>(BX6_^0LF_8Yf*WdeL|{LH5C+pUiMyY2J)Jw7+S^<&}3$h+;ARX)Gu#!ose{Cnly z_WAP`>*vOgJU#rU<=ysqzxdqv@w38zRo-ns*yFcW{(wj0{&U;s$BXrIv;M|e@%mXN z@3yb!Km(r}Uw20MqaKU(-4LGt<7K(Q=f+Qy{~vib=i?hV(7@-$FOYxNnc-(Y8T)tJPb=qm;N3et6~8|@_Qm-9$%E9B zYG3{DCAEDj=0CoCz5nMOYR|u5m}igYXKwa4dT#hL<=ysUEBkXV(06r@VW78&JF*vyc>g` zX0p zd#?_^Lf&oP%z*|zH@@MT@E?6H)^|hL|5#aW@VW6#@+;)soR6Ph&hfzK#;^NPtbfw_ zSl^AoH&lFXeBF=3ua|cZ)puSO{(?Wp`fmIDd}sf;S%2ZR;otC=@NWD3^Kg7_{B-%B z%De3wInco8#*gcc_4j^0)^|g=|K<%7E;snx`0mBw7s|U)__-CI8((*G_#HRI`fmH? ziqDO2zcqY|yxTs1|7ZWX@xyKl-zD$1Z{k1$-{dH__*wFI%DXv@>+j=01D_i|?)F%J zjl3Iz&(C*!Zv2wI@Gr`{?bnoZJn*^k?RSRX{jYKVyY2Ju$KiA1yOxJ&E$4XP zbK`r#fp2n@Tl|81!hi5@v41zG;q%{*!so`hOpEJ-pjKueYW3TOSWU?tjC(?dv(vz~^TD9{G>T zyCK|v`RDKW-1t#X#rp65N38F*pIQ0-of|*znecmV3h%bh>uqWMwSNl#qP*L_jsp#R zouk~ce(kg2AAB*^cXJxoKdGGKfzOSf{9O2*{u$nl!Ot@;xA@%nKKcFS-7tI;2O9V$ zN4dq1T_5Y8Chz97{`D*O|Gd=r&gaA5DDSp!;y`0d>(_1w|AM?5GL-dOUI_o5m&*BN zKW_Ub4m7s3{u=r7<=qh0pP#N5pPTES^^aJ8g}mFoi35!-t=}g-1zQM z;ZKrx+vm@#te+d-uzUE6=ov!7^_WbWVJbbUb+kRAK|G8Oz&AY;{mUr7PtoYpcNeklrdy~A|el7$U!_+l6-{@cH+@@wxHSkBR*+ zl6Tt=_W8T_zrydoeXQ@c&+Bbz{rcm>_sF~L$8w;7&&~d)$=@&UhH(9jvfSWv=^0XQl_}usjC&cV^@`7pA2&7j|AigHyY2J+h0l#| zl5dlD+b`fi1D_keUj8@oZV1;ur}F(HH-5$kV*eZE-S+wOI_u}g*L^Vj>voFkciZRB z>-gOG_0z+@Ti$J-*W1$iJu||eD(|+>>uqWMd8dZINZxIqzhB~Wv;RdO4c{s6wjXT& zO`iyVtGwHOu>IGc7XHujZu=e%G}wP`_P<*Gn&I*Ixgk7%^3QAWx$)~i8S8)IHR0X% z^&Dv6bK^&y9{xpnH-z;&%Q+tS-1w!l!e8;)Sl^8qif=kI{LwpycMsLq&JMp$-ff>> zuk1fJ`)`xKs@$<-QrqW0&y3HFpFTI%KVp~gZu{QKub*<`N6icWu)Nzo|9NKC&y8Pw zLHKiajrHC3b(Qy@-1yBGhQCbSZNIjh<7a(4 z{F(A@`-L26u>ain&GJW zxZL7%<0oDj>vzh#Vfe9?{pZHd{z3R#K*YY2S|DyM=wx3+~=)wMT zv;R@og>RF0+qWB+TYPSOkNgkh-S(~J91nbM{P>^5`ZvnE?ephteD41B<)8BUYWs;^ zyxih*<2UO37veP2)b3*_BH_3N$={{wlq{iL!-5B8s%{nsrC|De3vzR9@U;&bE2 z-4K5M8{+YE!?^$Q?-$~8<6E@;JIfDNc>i|W=g({S-1u(!S@LfC!G8Tca%t?pX7^Zs zptb**m7gExX8q<{!ne!2y?#EQ{pZH7{%!bid&K%~`x%w@|J?Y7Tf=X)XLz@L{`D5? z=f-#49)7gE+kSdw{oMGPJHt1~yX`k|puzgN@tfq&l6OOR{`ARmgU^lcy(`wgSl-R~ z`0jF!2R=7`_TAyTmFzH4QyKSkbczn%jP_Me;mFMJ^UIr44@`yX9-{p7~?JQV(`@^1Sj9B8n9Zv3oO z;jff;Ls)--EI0Vv_>JDpP{~MnhKk2dXPs+Oi zL-CD|hkr@lJybt#P56;}#q-xaR6pj4@NboO57iHUD*Q3>?xFfoPlo@fynCpA*tnf* z%EM68Ebq3TTzUTH?tlE>9{$_%)718TmG7Uq@uS}n{^#;;`@9~{pWOIa4dL&VciZRn z@VW8h8pE%bciYdcTz_tS=Mmv|*gKv-?xFfoM}^;C-fiDjx&Lyre$Co={EwD*+i&C? z4X!^oe&f^OPmy;+c>Rr+<2C)y|82?#d%l0Uhw9tR?m^DWf5+%R8m z{G|2a|19qws$VU?$ ze~#;G()@1E-}MHLVsQWD#!r6ZYy0o-W_dS)$2GJ%X zpyy|uzWy(L{UG($PsZcbs2-taJ@(V~_t?*I^Z7zFwNg!`-9#4%2-9qdr-^Ts@<*Uh~%Re0*5zxxJpB-(JuCPtEt= znr~RSb9nxrU73H$u$ce#k_GGEt- znD0xP&+Yk^SAPG({X@<7fabei{gC<=^%Ir#Rvs3wkGr*=+v_z|?hp4`&G+ZZeB<90 z^ZiZpxjkQ9Ek`kUzU1clJ$F=G|FHey@o^(~KUq@F@xbTC&-_xXUnlRz;Kv)6TfF^Ms9xpei;q$)-jCVJb^SOUd)BSsl`ti#9_o$Y*f2L`Ex988l|HJ(5Gd17(%6v2R z{iRv+xjkS0{RrmE&Goii82kCUyxV>%2O9X?_}0DS@w!6Z4dMQpTzUSu@8EjM_m3uh z|9FTl_unkte^0BM)i0=9)mt49=U=L3J@&I=Ozdap^7ZnP9caGJen!@E6ocz=Phh^X zpI+@}ist{B=AWUyxw78cv9aEnTF=c2tT(<~lLza$zoYfmXuVF&f4AoUxq6ejSH0cZ zSHIpy9Te-|Q@+mix>=L;M^vuYy;1Y+QJHV-+he}1$Hsha&sSS{|IFQg|Lgg5i2Mq* z{j|#SAveDM&{+RudAEIU^Z6oqxBcA8{gE5L?7QK+`dr9-TJzpIM8q8PcD7Wlqnf%BDmvcN=->;`%b3Ntt zG_LY`8aX}YyG!%AJzt$CE4R#-oBfQJe?s03<9bH!z)=i*Zv3e4$Njn6Tl9XdM&R?$ z@A0|uy^F%1Ebq2&;Xni5;wZQH#_xsyp1hmWSUm3gv(?9ljYr zSIIvi?}p$P$#R3wjh}l}?EiogykEIFAHRYF4Sa6=GF|^Hc{c>VP?j5fZv6DlSpRx? zH|OK?^9`RHzj;*?H^qZs(y_~BoU>sc%BM&Ro>(7@L@$}PTL{v~-gr{TLR z`_GLZzdZK8=fUy#y6u}PpXc0%mGgOgXFv1m*T=;BV!rokKDXzaS(z_4`&oET_>aoF z?RzS(@7(xR7sdT~p1j+BN#*`<|3uf*T)CdM1u@^RHJ{t_t*FfBen#_Mp!qhczg3yP z>6Ewx3Thk$<6hRTpj*a zdAI$%{a(31?w{QF=8m|Ym*w5|b+7RL_v_sFcKO$hkNekc-%;7WyP=%V{X6oHuYNyh zxF+^leZ@kZo`e!u?qE+AEKb`+J&y z*r~7ndBf}S(& z!e1co9`Kd@RG*&{Zw-H)yxYE`@_cgN&h?b%({@Y*I#>B`FeS- zv{gQTkJ%}n52MT1`TXtn`kVIUCle@lMiq*(uMdAGg4ztQ;ItiRy6@XyM-?N?VG z|J?Xl$A>@eo$>g&?dNl#!TRoB9v;u1Uj2UBE$S6&2=n*d8;|c@=SZpcvl2Kn9I73;h0S8Hu`Z zoHmsGPyW4LAM$SdRps|+JXk+B>(@+;$M+YFas6%#>rdxE1D_i|UH*(C!n+~(d9vK# zbK_Ua?=vC1oAdGc&zItJ;}^U?_TP3?c(?s*4m9w&@tfrT`JV7@2ud~A3(=MTk?Ssl-xUrq|| zw)fA6Y1Yrp`b)I_F2{v;+pjL)Gd%FQ@e5Ch{h#%|@NWC|%Fl;$<5xc#`~Usq@NWC% zte_j}M zdd#<>e4YKcJzsg54h;5_oBd3i75=0X!@KS0ReWyziZjCB^nvhh`w^ALGdF(Ce}{iq z-ff@XzuA9o{6_iB^6tU>-qYgq$H=<4KkL<(sSj7LP%|IvjoLPT{Wht5z5o7Jd%by; z$1gX2;r8KY%De6J`xV!l8$VgUKQ~|AZQsLz20k}_{7$j{_3~~Aum8MXd~STtYr@|x z?;gzmshrQ}!LL{Td`10;nC~B&&pp_De4YJt?HYc!lj8Ak+i$GpC z_X>ZGyxYE`^6Q1%__d?McgVZ#`#8{;QqIqfANHAe{ddc|Azc5s%KmfX8_o)Uue{sd zzrLqgKR15T+2PmAy9fL*j$-ut)cD4^;deeco_}rx`yXD;@xbTCPd+bvy}TQP&-WKT zH-6+7!%vrY+fOg&c;Iv6XMZXDSLEIHtredezo8}kZ{*$fqboi)e)##}AD4IAFRVQO za^pKL48K|4ZJ!_SDdqg!_|Ey^cmH5Kes25x>mz(_{Q9qie}}x=ep%)FpZmCSKJSMI zRlc9kTp06B*L-fzH@))vpSju3((i}=q`cdHR4qp_xSrhjl~;y8N8XL#`Pf`}JaXeF z|1kV_<=yuA^Azjn#*ex>{4Mfs`~3Y3@BULcpZl}3^8IDZf_Q)Whvsv8zB!fOkIT(| zHtFZlBgzYh@Aq!|2^?s!p9zj~i|^C*d_>;OY22T^9BANs9px53|C+cz&Xad@8b1Gf zuK3*e+H1pKC-1hO$bkkvH-3_Que=+=`isjs9{Ak&&DX{HTYo6-KQ{)y%(&d*bK`rv z!_Sp>!|AvAL-ot#KPB%T zs$V64k-Xb}UFH2OH}_xfVR8RmCGWN$?EY)`Sv>!4mUr8)=Rkw|KR4@-=?VX!yc@#v zZ)Q2i1D_i||N8KMl6Pb9gYAEjeC>zh`Qx_F``yz1=l?v`-%H*-R6qBI@b8d!+i&DR zgY|QB{j(N_KSACN;ra*L|FmC(pC#|MAME~{C4Yg}R}a>*vPT zJ{bOfc{hyvuc5MjZhY^`@K4IS?I%`zZv3SGitB$~-fh2}0}b|{8$a^6@Y|dkkG~tj z{%b0af9`%iIsBgXYWvR0{&VA(93TGe@^1UqiqDPjULE(}(eiHl|MY&q*YV9K#rmhn zyX{*l>$~Tc^Lan{o8C{(SMRF7f6=Diz4G@zHk};nU7_{dUa$PvXkbh!$GO?>gDpJ`(FcCGWPcE$4XPbK}Q+IQ;03#`Dc>pV!;c z`b&QmkM}rvxBZC9`ng$u`I7L*%e(C-?&00X{g)d*;{Ncb%e(D+D(mOQuh#obtGwI3 zq4N1HH-6+Jv3`fV+rGWBzWWd5e4ej+SDud@Ux>%!kDAZz`9@ae%gufkpBsL+rg%Kv z_W9?%Q_A_d@w4ZJKT_Up-&|SW{h@L`*K@e8=XCW^>a*1oE7!aByjbr7t>^Z7EtU1$ zmutQ$mHFBqjmP6U&FA)fzW-^iKR4Gu?(y&s$-C|I&&Tk&@tfp#`dHlmZu?o4_wU^J zrYB?lx5&HgJ2=o_{SHUD#n(I)ev-VK)A;_;%{dzQ-1zRb;ZKuyL-3nrxxwegcRd~c zYw~W+$LHr8-hEp+pXbjQ{r#1d>H{i&pQY)UnEy%5@Amxp{$&2#?5}TK_^m!3kB{4a zRXN84@7}kZ&;Aaq>}S|_%$J+}EWI=QU*+AH|I6=Gej&~Gr$+tx^xf6RR{p&D65U@1 zl&_B|>$yFD2L~GLuftJp+28b+a#14PtW$Tzb?)1W=`h+Pe0GNh52gB&y)6zKmT*LdV~5A_21QhQjZ%G=l?_9rDi>@ zchRue&$egAC z&sFcDWJ!utsOPH()_-lR|5W*U z|N3gLpTD2*{K(DzH|`j|ZFYFK{Ui=F@VW7gJB9z-r^CA;T>pZ~&lhszSM41Bl+T2B z+Yk2na`}kxpZaWgw|#3_!-M_jX8ozVhF|r$@NWB&#^n~D8$VP2pYm?|{CNhS8^2k; zJIf=)Yn%2yvA^?|IYGtp1*Fd-{8%cTlSxu{r8ND{huc9w&ywMfzOR!DSxiK z8`FPoImZLv|IJqaL%-iW)_+I&pu_%GsyPMkKVL!PbK_h02>-(8!@D^jU%qV)418|< z`aQ#c=-lvb5WcSBbK{5a6~1qt?tiuYbPhCFKR14+&VR=j!@D7@-zv)uJ~w`y{Gu;~ zcXR$w{OrAB|1Y(KciXpdpuzgNS%0(q56=(phOmBqz2kG^N9+^p-zx96@8CcK-{B~? z_#XK=<&BBwkDJq2e>?{o_}uul@~^)ryc;r<{cn@%`^>>O0iT$Mx1}z3*#1x7W+BFYYh*a?Q7)GT#c#_ps)3d%jH^ zXfU69v*vr_n`6H_UL5=(XU-ff>>ANbs?KUe+{dAI$<%Ke`kzhrEz|JwQS__^&Da-hNbx$%<^48M=O8^ZPX zm2*7sx$z_468>^|HwK^A+tT_=wiby&DV$GJKi4tXYy|Q{CKhd+^oOwknnx-Zu@+_ z_}uuhbtAT;fjqf=$eDhcI{;RfcsQBFYb?*qj*H^>4hw9fH9{#uTZu_3{ zYjzLzpPTjDCWOCN-fiDuTyF91XUqBgJm8kf=kIYx#eADIpPOlTKGanHymW5%Gj3A& zZ5PD-;kIARfd>1@jUWDB;SZ8`Ls)-It#G-)=k8zs`0yuqeKiW-T>1NKx$#{mhyS#^ z+kREW=f<}*g>RF0+xy?&rrCdP{ET;oUnK9gFCPmB20k~w{o~=6$h+;Q4d_@uH-5eR z!}4zX{PSDZ&yAlsGuB@x@3t?$tQZ*h-1xeN@PC(g+c#ExZv2|l!f*Apc>cNVM^}7q z{N_)F-$mX%R6lA~_&3VC?I%^%&&~QxXM`Uo@3tSwfyR__es26+`6J}r5T5_5E3e<& z_^D^b`lrde?K>(yH-1BN_yzKA`?2L55BBfwEa&rifB0MC^E2l#->5Idd_UKGZoba- z%;P|V`EuhI%HJ;UhTtccb3E|5@oUbF^`DY=WAOR!zu$Xbv>+x$!k$ z3ct(ON=sH1N6cmTo)UC!tEIH&S_oPR;g_XW-8_I%?j zpZ9XJpQRUu?~!-gFXcdk{p7|sUljfxc{hanbFM5m_}uvQ@_&(cb3VS00}Xs`{Njsa z{kOHnz8-i=ldI<8{fVx{Il|I`%Vrt@VW7gw}x-{ zW?a7;!t-}S<@$5u>-)lABJZ|e$bkmy=f?NSKPT^o^sise@xX6LjqkZL)<5c7v41xP zpI@)|-1z3Z!neu0?OQp}z`GwQ=ktEJO7Dk%Qa9Jf_v?SCd(=$9dYiT0whLpwZobZb zXP0w4SkHYxIiK~eugo{=?%4mKn$OJ~%-6wz2J>||$}RgDc2D>z@@`JUui`)hpBukM z{$uiP2!2sH#{-`mKW{~>KUdz3!RO}-J~w{E@Ade}yX_~Gb3E|5@l)>$|6_T#eSW^+ zbK^(dAO8K{iO17z-|EH7Ej~AXk^Dct8{Tc-Sn;{>tK_e_EWF!(WX0#kub2O|yxTs% z-?9JP_%#p4^`G|rSl?}5S6M$dzUHCu7s$I|JpMhLqrv*Q@ja`;cgVXT_yv{suiW^? zN5bDM@3x=Gfd=d6#&^hn{PMVdH-z;^lyf}rx$!-#WBt)rhIeD|>&nk0Jn*^k?N5e( zx+A=dO+Y@BX7$-wk2?{OfsqZv6VE!{62w-fcgg0}Xs` zeBCqQKX+|-H)JT+KVE*myxV?O<>&ReS%1-=V*O5e_fUQ9pTqacyX~7e(BS%;9Oahv zXUab-@8&eFe{N;}x$&zu#QJZ#F77|KeKQ9dte+b{^{?UIC+~)^ejNuI_&Obbv7F!k z`*R1s`rn(}xH;xqp!wXe{>QV-;lX?(Q?s98{|?_H@5bPJKWiPYr`-6yIlI&_lTw`jhGr2gUWzRqv{1J+5c?7h*r>m#_2tqi*kKAqN`lCpW%B{z`c_g!?0( zza>BZ+*p69yxV?8<@>Gs54xVwmFsCcFXsEB=5u?#{Qa8!Vg=5xcif0xU1!+g09Dn0wc*w3l* zZqCQA=0F3V8^3IR_>1M;5d0ijZt%JBlP(J1A@AmV{9u2cbo?dZm&v>B^ZPgJ=Vtw` z1>q0;Sv($Y`@z;9^NsMw%e#l_J1z}>mb}}(lLHO*pPT(p{AT#C$h#rjf8}Gsz`*Cm zFIpJBQ{D~2ud2Mha^vTIH~g>U-S+wSM_4~Mep7q+TjkyMYdO%syB{m(^Llu&@_JZ( zSly6voW3ahOY&~}1`agXk9*JZM$CR5sqCjs^Bq{e&ikjEDcDb+=HiC= za&!MozdZJHyu6$9@x2^q;CmhA7C-8W@Mp=pISoIT0}Xs``~vxJ$h#r<2^?tPCpgM2 ze!2Y5H$WYcFe`Q?%pXA;4GqpB1te>0p+vT^vJ{~`}eH{lH z_&P_q#V?V6lf0YL*neJcOY4vBi2WZa@3ybwKqIezN;#kBg!P*%>*r?u z%|D9uKPm6F_wPT@te+b{>c`<*<=yuA^FBT|zD@r7@^1TyynCp=;rj5$$h+C z91nbM{Mg0eFOhd+`d<&mUn~f6HyL{tx8c_PrIKoAoE$8GgrK>h-6#&!5-Xe{Ot_&VQr4 z+rFmq=M{4I``^d<6YbUZBP;uNPcP^5{cZSjuYNySwle1Xq~>#bzLmvza6P%%Py55+ z&y#oC=f@A98{hay_3kym znf7Y?^08=Ou%F!cX-|c}Sl(@)U(fj5_};bQ54kDs54ZjNfz{*nksCkh>F}q@yY2Ju zPq2P&e5?HHm&W>T`!SXEbK|?@Z@oFZ+dh9@W&Pav74m ztUvRaxc^T0O?bC`{(j2-bK}?iG5n6d3-7k~^Owfw#!q@K{QmOp0ndR(zju^de2@GC z%VK>ur}0>=;y?qR8$W-2tpD}f!n+~(yx;!y)9VSp;rZ~_%De6J^BtcXKjW|AZW<;D-+6n?F|d#HYne%`#*?Q#8X`&E_q!`!UD^xv_5y}a9gV>!oz>(7m!^pE)Y z@(g*m{q%Hy<8$LX{uzG0yxTs1Kf>q6k9aBk4f1aLwdEWSy!+8|KJUl7SKg0%YId!G zJg52G%)#?%{b-J2Fkf!=)3i_c*Y(BY;YQ&5g7*J6J~w{Z8^brsy8-z8>jivn{Gz?W ze@xzOzpR|&fzOTaIVk)W3LZtZyXoO+kOQH8tgwe`)_$y z_)d8@g!?aFZ@&KDl=J!d!`MUO*9-Tm>(!5{k5E6SZdNlt>yLYPtp8&9`k2&wo%Qqg zf7Z{9UvxzHJ?{zcwx3ka@xbTCuRSvSRC)J+H!ipRJ~h66Lio$%-S&gM{-?_?mUr8C zr1e-oH|uYb-|pVHez$!~#plL19~JvQMc!?{sq%RuH-650!+%ZQZQota@nHYC@uQCo zf33XRep-2sdEj&Rum8UAPk4Q`{T$C&+m8m-1x4^v3|R}+djYF z;B({G%D*h{wr}M?1D_i|>-bpz!@rOHyCJ-O^7&ix>*a5hciZRxe`b7c)}J~x)_+jm zZJ+7-zV?3pUi;k2d zIgRy~RbKzO@e5Ch^>34R+b=KYc(8tMeAA5Zf01|F=k@Tp@nf38?|gqe{%-rc-j>$i z@UifR$-C|I=S_TW)?fGW@E6Ft?MIe#Jn*^kn?Di$VR^TGedX7ax$$Gq2*3ZzxPG^N z{=CKdx$#rwkCu1a=jS^*xCmpBukKe*Xt!|8Dzyf8lfESIf_n zciYb{=Xl_A%UjtZ9lB?^OW59N%BWN6#IAEw|en%%lf(TD?c0SFOYZJkFUJ{ z<;D*?JN)JHZu`#KS2n=@pHcr{x|Y&`z4k4PxoWx{Ql3+ z4e|MTy}C(_Xa4#x#{B=({BF;m-;cPy-1sqH3V+2P;_-3Yk1XeS;B(^}TEZXyNO-q> zUFH2LH-7qs;s3fiyxTrMpIJXQexCe}kA`>KkMrisEj~BCTfR=-ZQoLPd~)OKFNyuH zd@R;?+vlGzvVLy->Tl@!<=yr(D)*oJwU5Wo%l57OysY8dG2iI&b$-3%_I&yAXFu*E zn6JDRdiDI8tgd-yJpWEn*QsZz-==1Mu4mkLV*PW<*ZY6HrXFnlcFp$=&3BEuxibIs zU&Q>2HNV^QH*=uD_2p)NymM!ehTz+V3zr*wZv5IC!k;DYM&WDAIUe}j_(j)*@0NFC`mew8emW*Ke%<2mYvtYc zbG&%DW&Pav=3j48GpD+~RZNr@lGXKT6&W!_P10c;Iv6*BluB zEO|EupC2!LZv5z9hrd$ZZQoqZ@xbTCkGd)Rt@3XB{Cvgd#xGnNeuKQ*zSWDDTYT>R z^=}Tp{ZsMyjZ)j!7vq7?ji2~G;rEeu+vo59_}uv6w}d}L-fcgo)~m<CXvCqWgaZu&)XwiHpm9LK}^SeD?{`Yj)Pj2=z?(x{qMe=U@v6cPg z#!r`jM&51TS@G_Pe~jyC*Y%u8m%rQH*YN7Ue>4AIvA?GBb*|6t`Il7Y&&~cO{5$+t z<=ysmBUwm$SSIurU<)-E_dAEIDZ%gaTlWX8} zv;LTE!tb>%?mstVO!-d}2O9V$N4dqf$~VfpISrrx|3mS)@ip7W`U~XU_7gZq1D_k; zuv7Ra{y%%~183JY?*9ixE>%%MP)sXGi824@45gX;YeJf&O$;r%_%#oRMrsvG$ zPa6b9+#B?|b#G9#eRnMG%_O68xUeem>9M&t7MrnKSv* zmhW%pb#l&o_ImHN_S$=|z1G@m?@iwr3gY+WEqu@L=S^4tcl3?TzdNXZc!odiWcAnn zl;sWC{2YF8Lj0cL=NNvRzA+S}--plgN9n(bzOngt;|C}Bo)Q1hBQ*W{=o>>p{Jwn$ z-!uHJr>OtTpXvG=n}6ga{L%@&XZV{Rt^PQDV;G3vmnZN&!@r9DE%c4eAI1+(@Qr8x zT+5eP^Yr}HMqWdPg5{q)Q`0w3=A(Qu#(bpD@6TAiXZYJ6r~VxW)i*ZZ@6Yf(!@uT< z>c9P$>KmKy_hg>@!hM@n#GyKcussDcZ#^zrxVQgA1zdgf0l2iW&^o`B;`zL(Q@Neu<|MWXG|BTJ| z*Ms1DhCg$@`n~jx&A-DEFW>Mz!#_g5MBmu_Yg~O3zGwKmmudX}MBmu_i-Pz)!$0X< z^{=CEZ2pqK_Y8j-{no>pf5zr7lQ1?R{hs0PT(0q7Lf_c@?SbzZe$z_zZ=!E(zTaOE zzi0Rd&R73V`o`w(3C1&fhCltK>Obx-U4LWq{qrmkzi0SIUZ#ErePi=yN*J5qdxk%w zPyP4NH#YyK!1o-*&-(HW7C+hi9WyL;wqG2>-@jJl|2BPN^W`)YPe{LK_&2Uo|Ht%= z&A%L5&r$pZ^&k0L9{*(XcLe>Pp5bplq~-sU=o_0q?Gece zESK<};ji4F@psWTHh)Hte$VjNj;Q})`o`uTOrnpW=|xr_XFeTd{Z6-+vH8n_^NnZthbtQYAbn%= zeSK)Tg!c@8_9peOqi<~fO+orS!|xbV{}%ej=KJSgA%4&B4>JDT-Maq9=5Gt)_Y8k{ zv&Mh>J?a~qf1`x43GsV|f9oacKj8Q38=HTv$?^@~GyE$qRlkkCvH7P-7@OdGhCj4T z{gw2M&EFgxub$!W*{c2z=^LAG*T2As-!uGMU$1`uAGrQx^LOC~C-|P>U-ky|KSJLa z%53@EK^I@}jSowB9Ir3s@%X?a$}bO&&*3-f@@L3=)Q63+JS=}ZesIF_JtKXG>7Pm8 z7z+Fr31bs{&+uozN#kEb-xv;jfBu5+8UD~))qfLxWAkSP$G2zrxxZ8Y3-pc6ZwdAf z&+xasP5nFR8=Jp+I)3Sd^m~TC@15%B{;2tH3}d40i}~=cf0z0d`o`v8g&&*{|5XO^ z4gaDm)xVOyF@hofp`bqF8UBs$SO5RgH#UD4esDtkp5YJeQvYFp()Bln(#ZPnIZyos z^o`A*D{39WPOTh`zD;TTPa4_@3df{1^4#K;PK>T@uD7_@3b({($ zu>bCI41ec`)t~ui%|B!Fef<&fdxpQ`qw2TPH#UDxFkZql{A)j{{@L`6&Cdn(5zp`s zeoFnd^o`BG0zWt*{hr}(`?UK1LEjh(_MaVe@de*A{1%>{UiE+nM&+L|!o%N#ADrNO zhJW&BH2#m#H--X#nS`+kzGwJr_Nsq7ePcNAFAIFn@DF@e{ii)p({F6PPcP#441dRU z>VJv8vH5F)_&vkF?Q`nC=s_C4vH3o~5x-~nqt~nd3;M>fAC#Xv9K%0yqxu)0r12Y@ zf0+x9_&vkl_I35|qHk>e_Q3ZHfBLu8-|}FM-`M=M_`wPBuQiZw_(SwRN#7X3u>FVK z@ebcJ{C(fm_#gNXjo;Y(D}v+Ca}@sp^`A_Ch-`jG5Wi>mSN@OstLYn?zb1&^GyKCp zRDTD3WAmHvgVS;e-((=)@Mr$7`d_4Pj9|#W!}!4ozGwK;f298J=o>?U@B2UCdxk$i z|5*>!{5Lj#4SsNf?-~B}^w-fhhJyHgdjh^^_zQom>EBG>*!&ytgA@E44CEXBNk38l zE%c2M4DtK+KYY*dkKCsIx9A(2KMOxN!S@V*CeuG{y5?WZ;voJOljR$}XZSbYuJL!# zH--lPR{Y=u|5gL}hJVc+>Mx^jj9~Cr;s+=Ap5Y&%znQ)R(6S*!*qy!3pW#W+312@1Xxf`o;)`^dAoDzn1|h8OQ!f_@xu# zKkOL(Eq_vfK7C^th<}y~58pHVJ03W5ntV+w(Kj}~-u=5DmGEdEtqa;iD<7iE`y7{N zY|G0bGEPX3@%OpBvxDd9Y=5XO@8?{eF&2UKo5N+{3(ND2_1i=L(GS!7HAZ;&XW<7Y z_@3b(r2jhl#!%qnV-tMO@Mlcd^#6>$F&u==nJnM%J;Pr@|4|Ru^czEi@9V?xJ;Oiv zHyVFCePi>7B#ce)J;UF8s`?A*8=Jq@Wch~g8UE^rtN#P~#?X-d1Htj(8UB98zv*OM ze`E9g`5f_khQIK!8vi37p}w*C_4aSfhkwoE)&C%UWAlA{S@F+$lKN+#qVXG>@9$rL z?-}tQXi|SIePi=)mM}KK_Y8mc8R~DRZ)|>t$?^@~GyIiv)&DSkWAkSO<*R4-2N?ft zmVUDNV}b7({@PBB|H+Tk{4+Lxj)buZ={J6^gh%-_7?e-jyL5R=xIAN9-moo9zOg*d zNY7#Vo9G*xKQHh-!|&+U_^+mKZ2qpm_Y8l>bJgER-`M=y0^c+I{fz&?(y=|;vH5q% z-)vegzdgghp-1D-(Kj~#W|QR`zGwKO&r|;u^o`A58~C2#-$MVb^o`BGEbu+UUwxLw z{~7wm=I;u8&+zZ2|1`eu*Yfs8JmA3h~G2(>3!-yo4&F6 z{(Ob_jbAR|qw9eWoE5c~5gyAs$mI=ldB(OpU;biwp5Y%^tLeF%zOniHgY$uB`1=Ob z{}1}c=I_G~PKe(#{M`lh@1buD1?90nf5G<*|K>sUpEgUkhq3v7ec^kCe_*}(OX(Y% zKa3xo;CqI@WJvvS`o>U@{yB8<1>ZCLQTmU4yr$n6;T!RH(*Hbt<3{}(=udxw#&6uH ze+T`)rElD*KclGmckUB4e&a^{9Q|`-pbz#9<3|0p^zWi?+^D~u{)e8V@f$bl@1cL{ zlhrqF)Zb74HS~?mZwbz)p0WQ;AJ+VT4}D|v*Ww2!?7wRbV;pG6m6@IAx7it!($Z;bHpefbODGyE$@H2#M@Mf2a-{GAfUCitG= zcQF0Wpl@vcRVK?fe9!P_jB5M~=o>>r`u9p0o8Wtff78Y4zl^>y9QeMxf$tgqA^Jb2 zZ``OqtD^B&n>7E7%|{w+Lj0Z)|5@~(c!v7Ma1eI2$?^@~GyKcxchWb82LI%sf6w?_ z3IFs{#4n}q_qp*>U7z(_p0O>@pTCeE&q&Xeo78_jePi=4!VgaHJ;T47{#EpipHnLj>i%Gi@bLZhNBExMA9|Jg&!%r|K9*qJ9}^k$`hJN^HnZ``PV4gJ%frtup$>fb_tl)ka~mj&aIJR|>Bzftpl z2YqAnXGs{Fu>PLm?|8fVpP_GT{%(`y8@^}w!`s#WA$?=>Z#pSi0DRBzJKn7Rw5MzS z#Vi`O-GN{{j_1h#C-t9TKH1`56ZBVmhCky9^`A}O*!-;$#wMiS_&f=Z`)yDC{9~i` z#mmX7$s52jwt3z~T3)`9^IQK-!(TyO`9 zdlva@au0b8`5f{V@&)97Cijy+N4^*=`O$QSrtj69|258kGx-kkyT~VfU(@p;@)_jM zke^TfPx8yi-z0A(|B(Dn@~^;>o|~ASKXU$uIsf5jYJPo@{CM*B$j>1Ej@(Ip_zyI_ z3&>}Z&m+Hx+y|EU*F2T`2j{w}soBR&)BJ$PbRpbwo^WOXC&(+vUnakd{C)BU@?r88^2xu@^?4)tY2>$)UqF68c@6m!EuU~d&#Gh^W^7{UrT;Ic^CObcSD$?qqBl>All=g7Yye}(+SLmJA%tCT}q&szapCR{<|C3xIf0Mk6{6q5h$iE_=dRUkDNAe5F50{Q9)URGgemwbl@-xW4 zC3lir@6zQhAdisGBY%k8NB#+UggpDV>R(D;M}8CeYVtpme@Olp^69@*|C8pE|DC*x z{0;K$rRUvQ85PbI&e+)BQgd^UOJ?=}3n0O zO8x-3NIpc~M1I~M)PFtsjpTnMf0KMQx#@_8|2Vls{yh15^4G`@|D%TgF8QV8+sPjx z-$gz`eo&j{&+zu3ad2v{_s3gq{atK{F3 zUqfF001f|E@(0Q9CO?4Jb3Ou=`oPMIH9a?w*O334yq0`7Sn5;T&(ZqagWHvFAfEx2 z<7tG;Zy|3azW^-pZRhe{NM2IW_+Lz3N-mLKNPZJo;-9`m<9`R|udJ&7Y4RxfE98sG z-z8VbKOtAicaz7+r*vp~H&WZLpCfN0Ur&A;`SavYkZ&M=nS2xZ0QoEA zJIP-qKfFuR`!(`x^3CM4!Pwp})a`vCc@}vy!+)LO|DJpc`Ge$J$)6+NK|VnKDfv(2 zpOMe#*7W_Hyo7v^{8I8S$Yt^`$=k@kBEOS-i2QN#-Q@3*r;X|U{9CZB|6Z=|DLG9~ z6X%~p&XHeDUP<0V9wPrQc^mmzJ-WP|`@+|Vr3NQpY!)~{;xQH8|Od#`I^4V$xk8gB%ejTid-OHO}>=;KJvTB?+*Bt zuaf7HPoAgq*N{&quO+V`ZzjKndTSCXf_MwkCF z@^tdI$ur0u3pKu3$Sc zpM1(v`pb0rXOP#BJIOoA=aBc4*Mg;dTEg^POkPTU@{4r-O7bPkl-H2oLS9S$1X#A` ztaCLzU*`PHoPR5M8~M@a>hfm2R`dJWFLI9jbMkY^4_>azKZ|@C z`32`^)gJpf1xIS+s&mn)5;g>M{jFlSSO7iG=%9oSBalZ0Dkbg$rNj_th z&fi1sB!7bZcjUd~?~rdHKWnx6`^lTghsYlz|C;xH_!!{pvI%6F0P z{#)hWlFxsM^6$vkknbix{G~eo9`XSB_vFu$|3H4?MH+tE>vaFvPM$;FN8bMtoqrGc z=j8sEseg$4J@Tw;H2iPLE6Jz7T*IG7ehzsJ`8@Jka+y3p#x)^aKf?0?(7yS5nUC=_ z#+W}_K5H?P6Rsb5hJTh^<3W(!^o^mw_t#6|dxn3~sp@}?zOnf;g7GY#;h#K9{X_JP z&2PaEPKe(#{Jj^b|HM9Be`6>}|3bR>g6|prS&aW|`o;(k-#`BXzGwKCKS|^7qi<}! z&oB6%;qRsYdP_gq{OLjdd4|9JbdCQ*^o`AL!VgY}zsW$p;qRvZP5Q=8=1-P? zH=e2S-$viq{3iV1g!r2bKc`vae+7MG^L>0-@z10GHu}cqPnQ3Cq(GBoOxr`>*!(8^ z;Dq>_4CEW>zlHuj`o;)`{M&5`D-PNP4GR#Kkz7x|BdvG&G+$T#Xs|f z>VKHNaqI`{KgTiR?^vb&*XSFY--I8W5Py?_e8XQ&|2OoF5e)gi6+bw^_Y8k0&!3O) z*X?HvrIGD_f+seE<9y_@3df{y*x^p>J${hlH^SzVRXnkNW=Q zYqb4>Fj(H9Z|d?c;PQ+yAM4}C(_?v_;qUpb`W5=d=C?=~o8Wtfzwb8n-%8)u{H7p3 zJ;U$#rTW*U-;aRwdxn4WkJMjH-`M;c@q-h5&+sq5P5p8D z#!#^TObd=jrn|e;R#b^A82_dxqaJPyOf6H#UE7u>C#5Z~C-uzaIL= z=KK6wF5x}HKg|4JNZ+_o|KI{m{|frX=I;p7?-}uL|B$BtZ|NJGzYsq-A^o1=-}piG z2k09^!T#sRU&Hqd|K{E5m+2due-?glg6}!OgT65otp8>SV-tMO@Q1eP z{`V~U#&F=DY_fdA_YD7}t91YArf&=l{to=$1m83K9q(1Ym%cHSDE%hOH~h_x;a~YG zP5+DN8zUI}87@40&+t!X{qX|&#^yH#zGwJHUa9f-(Kj~V$CnlVGN!*s-?&l#Aoss2 zePi=|dJ(^8r2in}f2H|k^CwIHT;|^!=^L9r7e6>5e$R;i`d4fI{R4etD2;5t8{e<{ z|GVfLn?Kp{cko*E-*4+rHh-3+(I%wdGtxi(eY*dCgub!)J582v_@3ckcD4GSqHk>e zWr6P*{#A_s3-pc6za{WJ!=LsBUH`ApH#YxZ(EjxdziF-d-=uGB{%GKPhClmby8hp% zZ*2ZN{NS`)!p}31Z}@v(r2Eh9^o%Xl2XXzW8@8ipgzv+4{KmMJ*vH92I2PgQRk^TepZ=r7t1^eH% zbnyk>GyG+HHU9shZ;bHpeSH(YXZZW+|B}A3`8VJPC-^rQ$T$3*pVj#PNZ%O25dUuc z-~`_@{CU@@fAR(`|Ba!*-%1x>@IAx7p8gZ*8zVgYz4*ZizGwJjpVRoCN#7U>{A=jq z3%+Ogmw#UU9{R=z4}TOtIKlS}fB*m0{cj0od*!(N-gA?NSjQB_C570M;g7~-L2PgR34CEXBWxF)~5`AL?gTD_yIKlS}f9PB4 zZ>Dby1^xhCe8Kk&fArhxzs}N6MtJ!1g8qBY@Mkjqx6n5>e>Hw^Lj0cLul zAN+>K|DW`YpEa8%XZS~MQU4bD#t0Apuv=gFp5bq2{NJN*Z2ka#aDwj{{_yuS z{-4k{hJyHa(8U*g&+zvjQ2*ETjS(LHk)ZzL8UC&Rt^N`E#^(F@vf{s+>3`_3mcPd4 z--;ic;NNN>-%=-~@lIfqcWi`M2sf(Kkjg__Zy=S@eye!5_j8PVha$pZja|Ur65=3j8Z1j7{)8!@vGl>aU@1 z45yL!cQE~f^o`BG3O_g@{;Le+8}T>Ysqv4|H%2hTKY$;c;CqHY>#+K-rEd%czOV1W z_YD7r->82%ePi?2;s+=AYYpTZ{*k-Ye-C|Q1VjAW@PiZlZ3glUf7$QVzlOdsg26v{ z5`O6f-!uHJjQ=|N#xUS-!w*hb@o&9HHi~rV+4bL7(Y0{_YD8WhpYdvl9r#wP~bO7 z7@OdGhJV}1>OYRYF&y|uOqOr>p5Y&Siu$wZ8$*M?6+bw^_Y8mklhtphZwv+gPP+Jl z?-~9ms|{Gg-djdxpQ7{aV;k4YGt;CqHYXTSQ3=^Mj=Ki6dWhVL2v+ym+_r*8}m{y_<2 z6MWC`uex3R3+Wrff$#g9;CqID#U1MR(Kj}Kvi|S2KU05*zOnf}zO49H|6Kix=^L9r zL(*sye9uV#tY4^q34LSpn@pB(_@3d>r{`u>j@IAxd%IhaP=o_0q13x&y z_YD6m`fsOi3QI0m#+T>^o`AL z3F7yR_;=r<{>$han?G6nGdX^vK;PJWU*Ey{dq(`Dy#HX7zOnfi;Rh%9p5ZU!{RfxQ zH->`a=PbJTg6|pr&D{UrK;IbQ8#(^w(tj&`<3|0h^mo!XZqz@G$IsRDjT`k3(*H1h z<3{~k$8`VwBza9Cw2XQOyAgizrQ1X&+reFHU3}G zH#Yxf31bs{&+sohPyKu78=HS);CqID8}I*m(8YTGGB$sqMK0fn-!uFh>7PR1*!-rz z_Y8l|XV`yC-`M;s1K%_JC98D(XVW(}{}u^j6VmS){!VVcX8OkF`~3yJXZSZ>qVeZ! z{mJHU58CgZ;m>`s`t#`-g5%FK{A*bLj?*_bf3o`j^bw8!RrHO` zpNSuwu>PK-_2>C>yRAPN3d%npKFhy#SmS>ied9*`!}PDDZ``QAmg)Tfed9*`)0lsI z=o_2w+v`|=&&a>+jQ=|N#^%q$4^Hqs!{7ZW-T!Z-Zwv+bkB?38J;T3@{x|3w!)e67 znf`y%H#UEcMK0fn-!tN0!uVoZvSZ$T$3H^q0~%Mlhtm2|qYx`Sa+np>GVOk^TQ7?!W8l z8=LRzJBZ&i(mz_#@~=YQ*!*4i!3n-+_%m65dL?~hC`kWJbnyk>GyJ`e)cWUk`o;(k z|0?|81pg`n`G&v!QR=^qzA=KqpRE10{S5W5G@op~KVKt$&xrp}v-%&TZ*2Z;62>O@ zp5dQ7Q~iIXZ*2Z)Cd)T`&+wN$Mg8mO8=F7b`d{0w{uk*Rn|~yT-!tN$)~){6=o_2A zH>f{&hJWRYbpP8&-`M;kh=UW>-!uHp=cxY!`o>VO{pSYpdxpPjsrq-&H#Yz7Ab!vA zcb=>MZ|EDFzb_bn;yFq`>wiZq{bcifdAD5R^9+9(!#}jD<-c*G{xI7wr_whz-=FUh zzh}gM=y|&RPor;azTaQrdxn3b#wPfl;UE5@rvDA}jme}(yE^G^!m_YD8;e^>u~^o`9w62$Kr{^k#=zlXlD`AvcE8U7mjpQCTwsK1l` zm*^Xt@5_tj5}#+pKim3m=o_0qS^anBOLY4mpl@uxAFqS>JtO|BKBD<|JAGsG=LF@q zXZX8#|J+^ljm^ItKR6+N&+vEhezONj!*;e~C^&!Ypo=f~p5f19{HM@2MtJ!6*aY7* z{Fb$ve~+hc3|jm_Vl=u!GT!{6Pd=db6`H#WZ|@IAv{NdI~C zjm`J<{pAwgGyKi;&!KN@zK;*SXZSO^HT|pT8=HSokbckb_cQ)J`o`wx0^c+I%ipK* zZ=i2%euspy3F-F?|D;c=U!iYo{>)(i_YD8qTh!l7-?&kK-%aYjn!a(P{v3{9cs+e% z^L=@P_4kbQ-}-Hhe+PYI^Or~%o8WtfKkEnTUqRp4{A+{$FVFC=`KkKvq;DMi7P)*Q z{%ak>A2_J~)%1-U^$-6>{oVA9&A%qt{+<#4;RkE^@p1FX=Fbd#&+xB!g!-SMZ``PV z!|yfy|3=@~{40a{uV=)6)u|f)jr5JpAC@pSEtlV(;ZJ*(`Zv=zhJ*6+P!PXo`1{%3 z+ehEn{5e7S>lywowx7OF-`M;a_`wP3_Y8kui>Ci4^o^k){kH_$&olgiCiQ_HsF5__?m#f81Vjpe;M#e zo73rkLclEnFAn&kfHwrZHQ+Y~{GNb69`F|e{;z<46!2XEKXgla{T>@|Q^3y*xF_I+ z0j~)7WdUypcyqw75BQ3J-yiTt1O80F{~qwo0e>gp9|wGAzz?`2oqs0>{J4P62)Hfa z3j^*8cr@U51^l6a_Xhl>fcFRd^MLOO_@S4k*Y~jjKP}+70Y5L`-hh_|d|tp81-w4s zv4CG0@aqEpyMW&o@H+#3f50CJ_>%!&AMn=#{%*jx27G(KzYBPp+=%SY9}fxmlz<-} z@aX~13HUhy=K`J=@Zx~a4fw)ezYX|Ezz=$5dVhFWz>f_0F#$g@;HH3|9`LgR?g;p~0nZC~ zalq#WygJ~Q2HYR;hJZ%{-Wc%KfL|N%n*zQ(;C~AE-2v|k_`?BzBH+CNe?H(F1HL)n zeF6V>z&{N5j(~p|@Zo^}5b%RumEPYT9`KBS9~x8u04^-VyNC0q+g?8v*|~;JX8Uw6rID`QIGy3j$sq@I?W?BH&jCT^IG}5K|VX=^Je+HMLutp&*k#@ z2l>2BKL046E9CP}^4Te$cgW|R^0`tz@0QPd*e!#`TU!Fz963)0jKJ}1fN!SZ>Cd>$&F z>GJs-`D~N0uaVCi<@5h$8#eW&uFi@=IlNbjj)$%W%KbY_DFI21UFXhof$>CssX)IZ}NRMSCXk$#H zX&kN=3LD~?{ljI+to4PlvEoRwzNLJrTpcbHk~JFGGCa^%9LcXQ^o{1nhWh%;rLlam zR4lFU%MT1xB&qQt`})SCg>K3h$J*k*ZmJZ=k_asGHWY`Gl}N-5Nk~axwJ>}6iUqyP z7c5#9FRrg|pty0Y*zW!?QXcSs7#YbY$sZXndF+c;N7kCFG$a{Ts7$g_!SW@wK@!T< zzVVXmbCtem{iFYE?~}L+rDU4~LB~s}z?M7tv9U^@WOA}wq~^%p813uT;w4Fbg(23D z=PLu5A^K&%$k-%NqyvTOSf!jC9=6nhf*f2!ai(L>ilHcb>sYN)EesFFVXCsXxr0#l zqEewhS-sTmP%V@O#>%l;DfDj~tdvLMKVbjrNYSVqg_hy#E-6$Jd0>1r*%fgl#o-3a zmE>sXD{OX|J=i}a2WcEqvb$1P@1ltQFrNOys1G0;-6v_ZIGSvy^s)<^W$lugvOg3{ z8{E;3ycjGFCm{y=%cEOTe~AvTWDgrnA8;f2VcEsvbr~&JixlgwbK)b1kN zIHe9&3Q02h`UZ=etAk_3c*)UU25SB?UaHmxlRt(bhs&}P6|2b}Bg@mj4b=Q?yp$CZ ze|2H|%Wh!;aY755N0TKA_!-H*GB}ctXADXSkSL&d)^K@!Ym2933DsgLkp$vU)r;L3 zXDshR3B;lL@*CwWmS0yKF3Q2Ru~4bvG}1p*kYd~R_3D;tU$I{f%z~5_8)cIY_yc=< zT~(G>8Eam>WwfxcQ0=c2N5{&Q=3;e~Z2Q8%w7z;FWdB{BA1O@h8z`(BU*9~MFBSV2 zZ62#gmdFXB)YsP8(Kb!axP+EY54q@++gugPLiBX?Bq4gb#a&u%elboAm1fzGkd)*P zqm^PwN``3J?cJ@dmWsvW!^10)k~wn*$4k*!wdolHg~9yz@L2TsXPkLvb9sDh#o+w% zcxj+&o)6;VSvNj7Sg0UwUCV}+FGr5l9(sq1`FQymxzi~bQg4OY;uXpeyE-NiCEKQu zQpv=^`a)%e>^X8EZ8|EqHZyC}+=XphZ$IhEb;ldNy}Pa5gUqRyNA0OSB)vnlOBTiZ z?S=W_@q+Bo=N3!j)fJ@)_So*0mio!;Zt1F7s2l@&m@L(dte@HrS*?0&(jj|7z08U7 zqpm0^>g&6txW2Dg?JLQ_IM7!pjgR!nQ9fQsGGM75_VdS!!(+wLLa9nh6%^sxT6&_~ z#uCQz>!U?9tkq3%N1TZb9W5-B7DZMK&I%WOqiaE*Vx-m*>>WdTYZaovMWUgg`Vkw6Mw_cpN zq=c^BTDjJV@@|4H*(J%TmjhiBlnxUWpj{J`%3ZYuK(V^Kus%Ol+$g0=P~b?}uu>{g zm=~80agg9_D`6RCl~mU!$VZ$~>t-_c`noeaC)%*cNj3A;YN0ZgwK5l!q@gM`f_P=> zWqtb8oi3QWB^7nO39`Ohj)YX^om;GqueVz<9ssf>?~t=d$ST&%lMa-EX;RBoM9C>1J2X)G{7D5L6Z(OhT!gEyD#a$<(08>qV{!V z^-#XFs5G_er8M{CG+r3CLm)|0{ZhZZr_JqbJ?*s{EjssdQ5|jAsxjnJc@s4qdxwXo z^{vwiMRTPvHeM+$LZ?<@wWGiZax@i3yW4v^I#9W?2s_$kE4odLPP_GSsVLn^QtK+L zkLvVG@}+^{fF8{Ww+8wm7MCk4#)b;A!O<PfapS9gb7f$oeGS}G&Db4fAQm1~s@#d$;eT-KN7%K^DbdRr}L za_w%bmCK`xhsUd_S`M!M$f@D{!n%Al68hg9 z)^C<>VyTSUNl2>6c0I_}aeNe=ZZ#*Zm6h^(TpekyJ=N%T2>;%^ez?3YKin)`L)xw5a8=sytrlFZ7P}>UF3v)1)e~pgfF7vUgvpiOaF18zVYVE|u;` zq)Mt1^1VVX9qP=5a%>MaBTW~SHp#&yotC&ZQ+K)TImxuFqP4$N=mW1vb;&UPX||TlB-F&ww>tB(2b{U>1YwsGspRITF@Axf<~%^ z?xc|GLRM9aBLh-ESE^&HE7FZ;UebJNXd@Li%SGjd#f?Q=5;$M3xk#cY`u7LTh^F1!PZtdaKeX|>Tce0Jr z0n@F#V4fU_{ms&JD#iPG52}mW>XH+l4q$Mn0c~mZjiA7ZPcG+1#n1VL{&BfbwXqPL z_MFo{T*z0@){?8?FD{M^Et0)rw6LHo*PC4^E;+iq8J&((h4-MI=tnDMjF4y^%2$_{ zON%f(V^L}2h53q{ETuIWUptbzmXyPdhi;SI*V>Dc_bV!kN~ntVO5d2KcGdXks0PBh9MUX)!}Zs5r4|SA`L4O7=f3dI<4Mi;`~oh*P8dK2G)ypmv0SE2lGut)Pu=k| z&%knW9jo@`rNNt@)+eJOMw@kgR^T2PDT|myCei!U%M<)vpke>E7*^hao;zHmu=?+0m_D7tC(=nf09vB}k==Dkz z?@6-tigk2+^t8L9u%{gbbsQs(jszr~3CQ+MAgLGiwDA@S z(jHB+y$j{E&FRLRRQ+vXz9P95RnN65r^PVaCb5TIc5q~@d7!wyI98R@`xFu?gO`c} zh51`vBI9J-QdXB24CSS~tylZ$$>FN(#Pz2hIhSe}J+Y%4JA4wt)inmRWturp`dyQ@Wz?O>b2>`4s5}-;Py8dYc}ip0 zaPlV~6vON0Z;AfwL;BSCVo#EaN^p{#>gaHOZ2p!pl)L`#k(6G^){IW{AVgbg*;&g# z*I(-7g%+th8EbnKC(x)N>$XB0%AUAY80?!ZD1LOWmCTc|Z?V|Zf?h&9#a8ufT20Qc ztPP~nWT#QdCjGm#Ec4YZB`KQxpL+491u|lAyduK^tZ^0_so7RoF`gGoi|L$7d3>~a zBQC8^>suui)8Q?0-q}zXSXQi#$;ql91IMHaOGD}z19I)JTx!NuvwYIPP8KEg5L6T> z$WWL~c6p&ydgBNyfE0 z{rOUVLH9OIkz}uBW2JEMxQqr|kP&1(@+->JbV{OpG{1H;q-NV@@X3jmE7_a5n$b+; zP!#8)jgk*+?#dz(yr85jrQL|NOV3yx=_bzjD>sqs#OzH^uWNNvepK^Djs$ei$PSSX z5slT#%04c+?tJO)h`M`x;s;T`j@N#*4BC~UPR(QGh2zp!fisSbkX(*oK3-x(u?tO` zVy4LwmP-YxT9BO!L#CqAUyh^dmIX>#y zWrXIr`3;4rQ!DLZobu{&#tbfSoebtIt=b|j5EiuhciHtBKo0iCX6wdfmc~no+EVk! z<=T`MgX7Y-Gb$UjFd(helALq>O4@2jnwesr6NhmtJd@`i?8^aEnB*HJS zHyYudJ#Rq;W0P@O<@`}}S~f?6!P9X_%CM>~s84~+ML87gQG>GFXmzmA^x`n9juEw4 zRz*D%(G|ydy>qxS=VQe}qR>b@j!K*yTyQ-n$9aL^sAt5><~paF<8rb`y(x?bViFC_ zFwiR2N#Zp0usc7M283EI`(+q!Pg}5l7(k5%*rLrz6SK9Y2Q6nGbE&*3BR#SW<+^3o zafw?HWS1Ekt+UTWcO+yiG4?W-S}I86u_`r?rK1;=IGC1K58}0#FxVSM$0iCfUz#ry zFGEgQ7|uR%AWe)k4>nH}85cEKFkB3oXfe_eQ-~TP^;aA_&_s)fcI1fyM2E{n0i>QR zgHPo`H5%vAu~8mI^QeA`QsE~GxU5{>FkZ7&&l@j{7v{*0C|k98Nx3?PXqz>x#4f{x z&$NQXjt8lY$uY@BXS&&n%V^rQP$z)SL_>M89LE+Y>JY&nFe7T`N>vhhJEXlGH1=mPmOM6=Z(4EDl{Q z%g0C76)M`{Vwu#|;s!9awzZ<`LUK9UKhj+}G80|ovDk_pxP2VRUc~F*tK*(^Z?f4APYdg&s7As@p z`C)7YiBo#9{UsaSaB?=sl|3{7s)JXmlIFCceQn6udLU1(b_HtI%m5JRr2SIT~bP+V;owIDWwB?v3M~a zZIP(>sVQEf>mbPrU?jJm!ke|*-SwJjCq@z$W3W*|ptM~j8zC?Eb!oM=trf$?QMH(ugrqK5;EEL<$NH)=esZEcc6_0nq{ z9FUT7YOL%^sq`!vkbujI8covI9d)=BgY^$kF>XAoDD?jOeMgE^*ZMa!qYFS5 zJTlrmFj3Eebcx7)&=qu|tdIg{{laJj3d$Vpjfhz;I#+wgmKCI%K#wcA^Nso2i4(6+ zO)B4T4qg>?oD~WfWa&!#cnMuN0y)Fo4%XVhZL_R6Rqy6yrhG7dma_;u&wc(trc>X_mzv|%|~xsr0Pf0Jw$`9?mX$rsOv zPHIx>Eh?euX~iIJxK7GTY38BXO+7!5AH~&_!lvHQVw5r23ys2|hG!wI_?3NC4t(9> zNwVd-_`nKHmhCgGtu`i4>ReS^V|H`&c;`7Zx#Q4Is?s|mXK&g3JnCb!9fMG?$0w(c zWv*YWwG~$@Wox?yC1(Sv#!6A9rwY9fJq+7hspM@ejVue}W|M{S%q=Cl|Ld5fHPARN z!KEP#AjeF+N^R)($0|j2=H#r`+J^CzI317XD^=Xrk|-F@<4BI0XaOkR(>dK{BVcM4 zj>|Y%u|^k$GiP9o?TA#v<-&_>ZD}cu$bfLGe6o|j{(K!zRe!!)rXRZ`!<8`@Cm(GX z8DTIaNf>R8@^gvMxp`@IN;+iB`T)jY&D~fo4(NZV!JjGheO!XLK<-8?3@pgY2|{k( zwcWR&tB+B}q3>0OM7p6pN1Y&Rz%-TeC$GrHCpx4L8mH)`4$`&SE&rK4UCNy&=J%JH$@YIS_1U|HLX;w2t{)!G_e)YesH zBe+klWmgO9wf!9L!<}gMBa!vjqZ9T1j79ZF-3sn_=xmqcCRs9WY)l9hFh{A7s52$= z+_h0z4>x*S$c<0{rIzBGM6J2Hapv$sIbYFpeuJu{xrD314EN)aQsk zT+EgW^73#G)=DI_NhY9V(r&ona7gT->)J+h+( z7Y=pf*0zmhuIzY6eRyS+TT+ik{omrmkf5KHGV)O44mE}>K zsN2cJa`~|TDnhGR?3=V-zgU*{T3bV7^)N;6OHfXcEXm5WT7G#!s1=M106;u zVzE+$pNPdq9f$R*q4lbf9g=&p7fe_lbw)SfMm5~1%3a&XFPErGsA2JOC-I3?PsN<; zt|3SO&4H*8j=Gbip6crZz3bLh3LBeOqhUX{BzK1-rE9%lai8=gi+1S+a=KA$_>(acc(k~~y1+tywVv<}FSX3ITY?&J_c6_YN^W~iJ zu8uS34(8=~Yf0u}Pl)>Fq8m(n-&sc&?#G*Oz8r>{xN{{DQM0#MFa1Q#QrqSYv{qzf zLb-A&pBWPEL~{wzlIO}jSn{AE>FnW+I&)Xx2{7jtM#{3rsN*b_TdN8KbLDvfI(n-h zqly^zm8XYkj8ZybM#)VqmQhw*Okr)pwwEm8MTIS4lb{PXdxl#J&AZHV^?k zwJigQP9LbF<U4!QWKG0o_b?!>dewVv->K_#OQKMMNSyH9b_2#uneXO zuVV9}KQGa5!VOkh^y-y|#80ka$i*AmVjbPMJ;tcB#XTLQwbPHVK;NqDka5W9(nmt= zasNr(wnyd&oA|<;++NZ#wN^mp@?=X6kB^k5wxkm|q9?j9BS?-vp>Zu14MlfIu{&#( z+%4HZ6t&W%+g;ildJ{^9ht0c4h7L#9=zG^m37$UVrcbkN9elJL&(o-O)IBH5b!(Iu zVQoqNEc?M^NuemcBesvUv2$KZv+DRd_t*B!rPa?6?8i|fEYs6bbGUacBZ-m5Jk|rl z2f|-4GE4(xE+E=S_AFHy`xGruubBCqPo6D0;nwKvk({i};5LlP@(JTUBE`z$fuKL0 zvydkXiZXAq^IYv><0G&;*U>5u74SWGa-F1sbLUi-S!e$VhTbieyLoX<7US%6TTPgk z_F%|{_H4cCShHtG4?C${n{ZHI)K-;BycRW?n<`kBN_mq8mg7@TW>YIA)1{gmRME3e zk9|qn?Z3J_mLIlDYR4~uVV~&a8C#HAsN3wQj!M6Y)KV5*EMqd`BBLAS($TDZysNvD zjodLR0|t)Y@}!E>$R2@`caaPvosUsDM;Ci~r^vd3b3B%-`4jc7ha2>0HbFYk)gh@R zZIFkJ=qm+|Z6D0sy0wQ2j-JYja{QDDt+HiTCZsxw8zYW=MO`kY_YTxoHEtP6+AqVw zWysq3azDH5`;#9p(u;s$aT+jd6z~8ZU30$N?lDEQ({bRe zC|YYTs&{r`fVegt^u-QZ2q%rosL?oKBQP3;APICMHxXHM{V^D%-`R!1k?B^Zy`REH zYogha4iUel!h&GfEr&cx+a~pttD4cJ%{as0eow7gFP3ahFFjhp=wQKG*0yoG(8jd^ zmJ)bzd~a`O7q0qnRy6oj?oj28i}C1BjKGw8H{(sy#k=Qpe5Twx6>WBel4QDZnka~( z=Lhx6%mH|sq6gKoyz8h5IE=s5v?WgxCT8bu&R_?>tSS*iAp(bmmL&0%6 zt+~@wTKB;n+i`dsf2~FQB-ckGu*%&SUA5nKAwW#f5a zUL)HtdZy@!T7js6R5Ms_f_hY)jjOe$u-aMwsL=wEu?c(4wUF&ZQTt;_I)al$pifhhlvQi% zl3QMEf1aec$r>gcox+d7&uF)^z>=Nx1dn&pXMq(4*qlh$o&3m#uIM@8K^c=8NT6KL|qi)e4>m*I-B)a9Wf1sdQxy@bl@C-Zpu2S6u(M!mC}%G+dP1qCa>AN|Jjz)T76e(O&;50Ij0b4yju2mE(cw%{KY4ndluQE{ z7?6)1--H)ipehnv_m@XQRxPevmd%4c#-3&fS7}$Ut z#a$gME3yVutCG~Fv;o=fc}f>C{-S1A^aQoqg{Q{6p$Wm8?72dg8|ek7Hd8lt4WB0* zIahy$QgLRCvx}OQQWp5iM4f%4`}mEQJ+W8fEjN&nSy z%Iaif4!7P;5`jNTrm|!?HYZuKAEr2ktslJzMi+e)RST(mM`b$tF7!N*e#UWYSM)lW z6S{oa<|lOdD3niZEhlvqtjk{4;Hrx9l9$537AqneyR~bmI5>9xP<3^=JijPUhtkre zL3Q}3UgRhJ>xq~7@M+l{P`CFbUELFs+&3My=!4U!{5e>H8yF`e$n?>j6U3n{?g;{1 z;LeKjW)i7F)tt*aa?!1a;VEAJEJ^ljS2Mf>&+IrKy>7M3jNZ`D*q(f%%2~M{(CEQ* z0+SFoE|L}+E?}VvfL0go0h&0E^(iWvmG$c@a+Z!Rs0XL%DQb37N~cwxm=wKQ$*ON1 zQEyl}OnR_{gph)4;t)yoxACGKaPksYvK5lsqS0uW;;xbI&Y7az;AMA=+Dh%kL8T&DmFRB3 zV7Kh*sU7!QcZ5z?)TdQbZpoje&`aW(aFma}h9+Yf=q#RM4q1gg9d)n2%U#~XDm~0o zTy92phwV4+u0*|(etaqhC+cX>0jxMC2ATT z)l=MaqD#p#Qgw0k^ozfUeM4VX@t2U)=meG?FedNPkWx7sjh#KtU0ygKSM3Jmd04m$ z;V*YB(F8$dQ`R8ak?~0La7UI>De5WByp}9)h@1Q*mN_&fYeYulZOrZ#RM{svmNMf_ zkJOk-jCfhuBr)Dw<8Y^tY}MlYKy-rmu}4t@27IflwE@0_tBQ9I-~9}g6l zS8im^v&!paM@DV5@gAY$IHL}i$&au}my>mnN6$bz<`iZwxq%Lw%>6Q6dpEQ%v)VAp zF4*wGwKf=Dn>?DOrw=K4%=xD9f_B{oKxS&w%ge}wmGX42A|BG@H-2iAlys2VD>qoq zxgp!~-cmUxyn7;#TULASwdlrWJW%~B%;DoK^|(Hf>mS`eFyXC@4fP-mmMb!%EP2V| zBs=N}Un4g0>kak0pCr#N6x>^TpA6F+btjm1_lncjZvU1aA@@QfA>2eR%`RT6j;=4) zj0s#P@2IJ4SuJ<7_7_Kz@zin$kTe&Qp@XukNY!Rle-Ta7!T5dPt@1WV=}iyA)hrB; zVUv__yj$|vMR~=eq%l5uc7_jO+*Gb?z+)y;!{^+SJ>!vdS=ZycyHe-rEt`rR%U0q%lJ<2y(6smoVjaQQ~22%KP%v!_B^5`i%NuCy^@hDG* zkT-W=L};82X&}|f`EIo36W?u95v=yw z@`+Dd#`!Yt{k$(SD(V8L$r?0;C#!(n>#1eu#&K-G9?zXlQ0|ub&Ol z2+!-$g`4A2?%mHf@bRxI{6(yA*4exV_kaDrv(2-!Ku(0xKH>Np4F0~LWH-V^b9_TC zDcz&dncPq2`i0XyfT%YTK-KN-OTHVzFw?f_+7L5KD$TqRk;D&_b^4HKvF}SYpX|D!)H}Fib1;^t$LJ0epAs- zHo~HQy8Vdb`jzkcKG*wbR3G*6Spn-fJcG^$^L#v35Hw&b~EzMVK}9*0p(Wi3-l z<=y$|Yo@7YL@s(6PdY$WGa@Iic(TK+v32nYNjE2^vN|?Yt&ugs%aj^fljH%pjjf6A zOOMAo)UL#&1JoOP5(W#4=%$Ns?Zb0%S2r%0hU+X1wTbQ@mwQlUQ~CnYM~S;6bdj0G za639tg8L$l?l1@zGQru|Z~fH9%ebS#?SGm1(t$hXupzSN;-yx{ z=Tv&4MjmNhCeHH7PRAWKs3?1V@d~l}xq-_rx<@q7%nU0mvVX1`F3X$Tc}`ptFrG`!=U zsLY(OQ4!oPBk66loA!il{3)h49w#|j@pV7RU)GD(;Q>V)7ax~2(W~I5T7&3Ho`<3% zG~5|8^+0#Dbyr1C2#yC3$*8VeYje3GkI#{F1Zp%Z@LS$EB`?IAsOr(xjkbKfQ>@%} zHPKw`W4_A6kv)>`k+R$jtk>kj2M$^$b+^_&)-ioAgM^R>k}j4BhlI<6IFQz`GADm- z;5u3DO2j#<1JksKO<(ho*e1E3tHH$vkFq=FrKV3N$GkXsTvsx->zJ2jEyd%spzzFm z%!_poCrgcg3?7bX4+WOzSK{S*dM{S$x{<%-x4R8@v1b$rb};0+F*4?u6MvK=lX%>& zk`rHHK%Um=?*y@~iDOP%^o+qtYF`s2B;IjQSY_Rd(1!Z)F+?y~CrYZGIAKbIn`hG7 z-QTgDi|&>`=B$lcm&dT?c9T$aNpf`H;%50IduAuk5WU&gOy$-_seq@~F|)Iyk=x!U z%GPv$$1!J`?bwawTl(;i&kkW*0@UB z4gG1;#a*nf810wWmdlv9qC6a9!Q$R@?ZX9Kb-Z73k4JN?kXInc+dL;NV@_l`qVa(2 zz;X|5ZD=&D45X9?6K|9keM*%qdI4s9jQ61P0J~FFUXPjlHF4>j+ zrT!`<-6T7oJ(qM@S#AcBd}NgFI-3k3L4g@oMCH#?5lsf7M%Unq?ePn!ds^_;_X+3A zVw3s9<@K#CE6bat>`neSTHe$tSHY_OZ}a6f)AH;qy!a&Q{*+fG>l0h$ElT327Al46 zD%|idf&C()vNn1HiU@_uiown}C!^=glN8T~u z!_5Ds_86=XgaPg(^=0S}*UQ!)t6-$&<^5x5$mg8wvx< z@UBWZ_7@i`RcYB#kscO4Epn5*%0B7zk~eI~9wKr0i_xi3#XW8D!Qih8%b#T*2t+wJ zdrNT#VNV+}VzLvlo(U&u)ay}qd3bx5+VCW+ zdwpB-wWID0kMayiIcV1GJz8A}RySR{%JB=1qM={WPDo?>Yip6KN_m1zy zlcPw})UIOowBssfLp$eDq{TLRy5BDtlG@XbH$tI3lhr#fbJ^NSdNiU-v=d$5?`g+~ z$Ebru$86if#-)oL^({B2W;A!)TOjW~>uQtd*H^2nhw^-cyKiyzwBrGOZc%Y0(&b;Q z4&jkSS#$9?^60s3soBwA@U;BsX{63eMJcbePg!x48DcyS5iToiELbb8da=AC5dX!M z?2e8)*|kny>>#V|lB4OY$;OdFWqm=8?Q*hAJckrpwIc6+NuE#I(}7yQTVP}^+MIrF zPftgCIz_mOg05S6a*@1nB5471VBc{|L%67}jb=;`Qqto>MjL*WYeCD~>(a~8n;D~} zC2Q4{k@}i4tplUvU0lqam3X;YvM8MDqd;2kl=i8cmtH`;S~csBR=hCyeP%ncTE_w&`eH`*xo^DNLaTvoHEb4o9$zaQU>lhKmu#7jyVI#J)xH{axq zpiW#I{(ogv8?Ao*6>L>h2qw7*|JSh9kGWNP|KHTv4c$(>-uJIz3tGFSrefELs|A1M zYbZx)GK!~CSeM6hd{{G;_J`Dw_0Fea^#Z(S{5T%d;W$@4kkXfGk6Qtf9a(z#3@!`F zMUu9@BHk=iC?;2`x-r-(eMvX#ifvEy5RisV^mW) z(2p@HIpVNB!A(!eGgGpLU-#tD0igNr$GB$=xv#x7X@bVX)EB1L$v?G{aq^YM3aOl=h>TTJ#= zoFqB!E|3OuI+YBkA64|hZ6N7#v^MEk$40P-jI{{HuKV3DwK8sa>@jSa+NEUY%<(x( zoT#zOdS0u!@iRH=;`Zco%XogHZl=k~^AnX&s|T@DJM6ga!Bs{a$LN5vrwub~+?CbS z9Ur&%)oQRcy+qC;NwVUH`A6fh-QR7UYHz`9lbf>Ta^_?^mtNuW<5A;2WgVYfv*nL@ ziBXR@-uz-WEltwQnly>pyAlnrJ?6yevSeSf-MMZdG0}j+jI!sLmX}>{L|v&IRGHqB zW#f0S&X;lGmbrEnBRO&VL4F93aUmmmwLxTX50r4xOD(f6hhT1e;ks@%-dkhZj%JhG zTWQPQyneqwkttbUC>1Kna}9GfZ$P;>BbQNlbw|n__pz7Zn#)MP`!aH=Xx>-bT*e6A zmyt^`ai6U@MzP&@k)v@DjUgRh7oXN!@G{N&(?fSTKDo|gcQvJB`SpFJ{79ki-hU?W z#K}vBTrOU=qIWe$tFBz};?BOM%P;I(wQ||g)qccfI>_qY`O6mh*;2je!vf@nkiII0 zv-+7BBD+`yLYHmSXj@AccCLB}VC3<+w5MH4A4hTtB~go24v@vId^IC8qnE2M9T^># z7p&_T%}a{w`-;_QiwyJ?O5-Da8}q~Cg}(mgfqZ3CvD7T<6>K;^YqEM&Lsfk}s*dN- z%XG8wewxTsx7@v+QB&xKYisSmE_Z)VVx!%6$8&d^VlKvK?#!LNS=*wO=BzjE_MY&O z!qS)tpTHnn9_@pBeaqKLN~0HxkLMQ7P6~#d-|M+j+vJz+6Frh+l9q8pDLsmzaN6fH zL5pdU&XJ>ta>4^{@@|Y1n-evCASWui%snBxkN!U06QZjY_w`25o|)oUVZ`1!-6pro zp#FTH=1q38q(r-Kla<}2aNnjWGpkzTE~4XKsML&1l07Eljq|;kr{JR~#N?ckHP}F6 zO`c(P{MT}VSmW!8_iC(hgF1Y)I^HcSFR-aDOU5aq?K?PJE?3yRS-r_d3GmEu7&sIOEOv&^QDi&4L{W(vlytG1i|?~3ZmyD z8Ri;vthPp@Dvrx>bUzeJd>UvMT5qCe|oD){C(!(?4P{D=$hAKIKU2EOw zx#+KIt&{N>@mWGnDZS%kWw|+Wv5fPtj#b9{$54Xix~I^Fy`N`NW&^OZ;g{_EC9Yi; z?#TITIIJ_bT~{>R4|Ta{43<;{Mw_#%cK7pbm(>dFvImwXS8Su}=o8#o*4En9Diy$} zMidVWw8~Hy9(JL-LfuQVwS&#l{jarp*07w~rDSw0G&(Xz7sf$3N1vMdqk5*6kY@kb z-^r4b8e-Jg=&wdo<3?XiDHYC}XrrWuzokYBw01@B-jeFL-!W@P3P`xPN>O)*s~s^l zrM0QmCt9iG0ThGz;;=jhV__wa`v+_OzDk~Pf(N78@e-dU>l7|0dVo`U=wf=DlN|HO zn2Y-=p&7Z(R@D6<3!`T()MlELh7$~@Y3;)8vs&K8xynk?5*ewLswK&TFPjm_gu1)? zL?ei%wBt{-pp1);(UAu9UygR-HHyY`buZ+o)d6t%{^6*hHhvb%_D z&Q3aw<*gi;*>1bbp6*zzKQl4xchd{lUVc|^O8owx7<%%NQ7y&2#3a0tMqA(M zNM~1$O(C6)S5DRlQx_n9M{WrB%W9Z0)Y~8)rm=|emg;f=@fb6hs6bk?UF1vHm@la! zvP^HxU|Nxzxx`CH8@f}uImTw(gcLGqhMA_{9S`75=B$D55EEh#1N;wk-0aaBrY|!* z#+nSOCQsXLx+x`{66S|%ll2Pwx?Wp`R@kY^RGe>*b`oMGdp{%z6a5Evkhv(z9tW?v zqy`LY?FCbxu5Wu>I}sZ^UEfq@kwzINbBx?}klc*YG~*|^HPH)V&Y19%+zydPXU zzTB!~2CvMhGK~;(=NLd{boQX#CHVD#K~{zmMZd^sok`~=BXR5|LpCgQsUUE@!Sd4^ za*H!fRoR5JBxNRrKN^imm~RLSDG%D&IWRLVjM_+V83;1yGGg@^GnmnR$cMJ$!D`7; zhCeZj90wcH5JLw4H5Crd;G+EgVN7$QK0b%>K1jqgIAR(|tXa0yQ;Rb3n_>!91C6ex z(72Lj(#mbkry*dW*+PPsX;X>hPoJ7ftTXz)zNbuUmW!(V59~D~tM$Lo~ne_&^2c#73?xLC94y3EcUA~Fo8 z2GTG;9Q|^02(d&Mei5XiM0L3oD~?6rJEU4aJM5qolgM)#R>M4Z` zbkL1}7y5p9ls06NgJB=y*x8W4;lL=AB#sQ;h^cF6 z+1Ozx#%~f!t0Q$7fJb#ivy^M4$FLTjXhaUyT70mMQ{@5Xpq?f5PxK=w+OmKz2|8da zy|FN4gDn7kX#%4D>V!nW4%H4i8@%_WNuV1rpTeXPbn7%v08MI|K=%OC1ah`wo&btO z7alNlz+oqYKjha_5QkyxFF z`L{(%z#Eb!q{`la6t6=BWDY4DuOxcOL(zKVpafoO%j%*O6;6ag$QLGIa8Du(p)aAf z7?yr8jJD!lzc=m`QjohGPu3m?MhUUy=rb7a`p7(Eq*#P?UFi?R*MnmuP>|Z_Xk2RV zecrG)M!nC@a@g!nr!&iK&v81ynaRm^qnA-{1izGTs zRvaodU)5H4>@+Q5%OPDNld5bvWGcFOYIpn8s;=NnVNP_gc>-{cdQR9}B-M~+ry>#a zmOe2(Ua`4IjY1|QD_dYTG3c|?VLAli1h}x1Jx)wYiwxk7836d|)1Tc6;*`)i$ z5jf0D?!O&}lhC@=3aDspSZ%mh2q6LTb}O9$DIh9Nm^DF+2fZ2*V0J5=7^&5G7g7nl2Q?TgiCSBq$ctjqnCAI4pYjWpO9j89Gr@=c7WPY3d<{{R6j|I zLX@Y{ya-u#Oes<#$Knt>o!ma zyZI{)%7mg$q6;%AIxyn(_w|OnAn1|@;tfEIDwA=j=tltq5ImqFvz^YE3E?=MqRKpy z4+stLPM2XFl8-dwG^h~PN-%d|L_d;Qe=RnPsA?*y?_q6L4Bbh{@klkVR5t5S4*CAj zs%0dg9-{6EA#u~>&~`T&KlB?aBeCEZM&R&vO`9c7mtM7DW9JZlGO4;C675@uKk8_L zAxxJ6x;bQ2Qm>T`Up++DT7{6l14Vch0MqgMARFRl2E*=!VVI-R#_tl4r#gONA195HHfd6nzE_ll zavVl%2jo{r<8^d2(W#M1R|ugdS2EBGUm{88n=931sNkB{YGdii6{+VWo6cB`VYx87 zR2oRw<8gBFzVN{rtE0D8eIeN0blugc8@G;06?IwsAC5R^Pq2=HwqQY+N;mYc+ z90*#5U8zEG?_|VzV%@Ewx=iRnnz1wG(37%=EL?%UxLm4b`A50j-UK)Rov! z6`9O!Lv{Ed>5OYJw%|YMNi+fY|C0);q&jsrQ!6rE9SsePxgJ*Q6sER&y{jb^_arSR zk@Rz9lYv4N(;*}r-HvQhsxn`aDVU3{O;(1m3anEDwTZ* zh|8laMYTXtB%B)!(#^jp0ZqbGIbIu7X9PP*DyZA(Ex^(A<+lc zHFmjF9UbNkfSL>h!CMgqj%qzPixKUK0;sz-;i%eBsp)k48ILG^PY9otR(k!B(SvY< z>j#cEW|&Qt0D3#IriAVr3o*FL!gZ*joRM$^ro&L926^5WLt3;N7B{JfVvk5DKxl^m z$}<_^s;wS7sgmrh-Z3WHJLlzqdEf86Ny&O&~7Nh&fZ4ct(>E%{Z({XT<_@ zvGl|#9y85{#%@0}`X+o;lJW*-A*9qdNUsXbkZxK?H!tpgLnO?wxMN(RMe-9DrFn@r z#hGe=HyKMSjzho#YR1jrZgOx3z+5iILtr!RZUVA|&t5ZVn+&v!8gGVglfjq03^c>H zN#F}WG9It z67OW(`C@|xo{OZzxuAx@wq?SlSXNd=CF;xLjYeTvmx-06ZOBaye$sS;*+^2mYjcy5 zN7|ftw}~?4L>Y1pBt1fc>R|}D)JSEKzIcFF>|)#8szYP*M6DjY+lQHOtWqsTQa?oE zk-?+GxWbdCZnZNIuf=1R{=CZ=@#qvJSxM4F=d$Zr3~Gh2-3IXJi9&f}bEa7`nj

u0+Kn@OcB+@tGUZg5+?e1lHfu5ZRr!!zrv$htaf!SwZb zHA5F__w3B@gsOf~9MNp-+FhhAn~67BGm)orx+KDop6+5H_pWj1idfE8#HC81>j*)8 zzEC5iiX4XwI1>sL#i=y$v9d^&1arNK81zAv&E|4y!e(l1>Y7Y)O{)8p&A5{sgxd2| zZbLqvQY-F}R7Dy|H07yGq4!{4B<$7oN8x|~VSUQg@fjC_AL2K$NSzKB624OBvR^O| zP*d#LWQUprZwN;i);^N3ybVe8!ag)82XVF(Nu$YvF4nUlhh8rU5T;2YODpM;(w4H4 zn5>}`41)!k{2wXRC#7lqfb|CTrQR?)my>p%p}u;maWQk<{3K1PhE(Xx6EqQlx&VJYZR)SSf>On< z?I=}zTM^mz%D!NbY>gCFgrU5b=asQ`{+*uaBUdEGEP0i|kl#`j43P>;uvR?)C<5PH zg;2>vSUQ}5s0m~MtFi5jsU%JeqeL+}0R3uRhVqq6xP@#2l}Iv#UDURyWHbm`gP%kc z#4-#?hprUpo-9X&ItM%aL4 z8UfY?7@3_}UiEk~on)s$`O!&s)b!psL=@#DrAhNT2>8rYaFbp*4z=-xTs`iYDEjG(fowihM5enW>ToSc!BJ zdNpY`SB`4ywmecN#RkE*qErxxLH{}uf^wnKvM>wGzyQrwiXNYf)|i+=XN%%1E)TX^ zpx&>mYPxdB#);|CX2*$WezfI~?su9pbjLJ14s%FeJL6utNHxK<1)wQZWY&UwZ4D{KHEIPmR2kSFOm(nv3$USDackVY6*gu; zH`KY^ucnx?0tJ#xArs0%GN;zmBfybO%sI0&)nO&AL-Q1?aN0VUfd;KUE6FmaJKkJ` zmeVCN^8$K3WSz*gbsH%mYWZxUp%sUXG|AI9fMZ85NRGqI8z3b;Js*)L>8n&=S>|8g; z*sMAzmz!*Q>LIZL%n|yarn%W+riaM7PZBVgdYzs_tQjT+gm&D_K%ABnmg;_0sDxJP?84X2Mb)c?b>ShkwIY){=0H`Xd3cr~r`JxHZ zZ)e_0nea3{MwCKW-5b)b(Hd3F-ktRjy{`!&k+OGkCgT`LLj+|HOmawmj}%T+dl)U} z@mWd>2Y7f)4l~MN*3sq#xOX3rWRZRp>9leP z&0L2j!g-CjIq<1!Xv-1zi1-rtr*Q~!NO~qU63=$}!=57DOcKd8ac*W=FK>7)%%KNc z6B#Z|ZG_)W%OY`bGBmLdy)qY`{q%O3oUZXvlZggt`CVj>Q4fjF(Re$>gCduq4EVxv zNNJHkRe2qr;&Ww#sZ+O`#Drj6gk1v^OW;PKGX8R`wdAIj7%kO+G&q-h%p@m!w&r%U z8AUhLmi2skW#Yz9hO4MK0qlF@ibyHeN~ zMluQwKMM7v=GVdl1I`5v(?()ddUh^N5AUNxqU^JfG^z|j@B!p!N%^r@3DcC+YVuY3 zgE2K^2%!4}F|O?=LH@o%7net4F)3jPM}=e%r-E#~R13u}0tH-8K^i|dRsn~}kdF_0 zAlX8`FL)dEX9KP%CfAYV)vyS*buH*ZVbs@Ow{VQg$RDGRELMgidJAOs*a!~rM&M(m zEK(-LbPMZ>z5#j3g9{E`FR}1LaStkl+^;7jX;w5dw3ZEqf6xz@M`GmA#q`KldX`4i z-t-(dIr!_Zr9Q{;^~;NA+P;AN6k&NLXl~@N^8LXOT&}_0wJpm=g2LLA*~njbqemHy z=vycmoJ`k5TLvkq#^c-ok_I4~sf;{^NM|95->K5!Bm+*5P5Q9uENUPJcBJ`Hh6YG? zBz{4;58g%GQk&mgR-2BnczroO_)H_}VCEIVm~rUQkEc zaVrn{;cP@qW4AVTwv>_{e)&!JgdrHRB<*h^Rc7$kt@W|@_y zl37vpx0OkcMbm_YDq@k*x^z%| zIZbW>uz=(X>Ne!WH#2Ux$=^+DD0A@~P)TtK_8248@b@dQ)pO{XSQOX^lFiIwaxtti z3v$Tp0n4Kr!Q`&(QwNsPLF4(S2xzo!Qp&AkdO2->=n@G6njnJJ( z4P`@=MU_AxA(3Pu4)y{^Pql;jTTF=*&-MFNBVlk{P0v5dBe4Yn9T4QOD4Y$w2~h+= z$pcErw5epllI$#^h>{x6O+(RhG3z2T#gbAun~ddZi>aWVCtKl>GpR9jxCl2GDy-lr z=EhL9Nuk)6Y^Wn-X|SO@WNU>)XqbpVnI^)KolTZ&)LwCEm(el6K#|kn;v?}0dt@W8 z+Uk5VaTY~>C%H~58O~8=2vD+Wi-3utNJ^5Evz-S%$M^TS@3qn_jCb`om1~ zs&FCn2XCrWPSx-(HVClr1?3GfTwqBsE0!rjF7RItk3N0tl!M$@Ln%)cL}7fEVIKJK zjU{|>54!1gSPJ{+4=*gs??-|$$!U~QT9#Wjq|_|6us`%vi*g5=mo3XL8HDsS1=3bNaRjivY%&5nEfA9`$Tn!o2<&94DJ_BxD6!%$`la~94`8F821=E*M>^I zT(WnXer(Nm>^*)y?m(Zo#R-YTg-`07%O3Eef%+ka%&yWLQ#fC zM!1awE6DK3C|3oe!z%F_0ar^tDZe%fZ`hE!gwAG*lFFdo7T_4kvg zEv<@TFDWReJ`kk5;<9Ck4ynFD|DC5)A5Ep?C+bsU=(ri%9^S@+V!sDbL@vE44}>~* zw|}R5+^PVZXrl^$w%ZQ&<-gMj1xC1c=^&zKiGQbcm2ph3xCKlCP{=;EThS?Iy>x>Wo{nh~=t>1nW9BYZjSLNvhQF zsD&K#^pxa-7XDDUO7|EEUS*l3x@uU7&>JB;BwUgrBl7{WVq#)YP{!MXPs1+OEaD}r z7;|(y;6mquejq*tohOrb;_IdGbfi3xszM8Cp82svaQYH*!{KTnEQdSxKdMoYjz|MO zb1@4mWB^j;M1yR0wqe5Xb`pVuRI;NadT&k^j(|HBoaMW9Xjq&vZd@q2TAeE)%z*Hj z*<@s*Mk-V)d}da^c2j7SORq*Z(~tzIP@(Xd*$`?JmtRTyS6?f1?xary#Y+nlrasta z(uGj0*@~MXaxi2WM&c*jXESIScqV1WS@6)8oQn5ADHZ@>n7&@ZHq>T%>5(WS@>1nD zxE+&ZOoaP`H>!;n*djRtutfztsIzUN=VK4@29%am5qq0AWH7IYp5-%I{tdoeha%qH z=2lMKI?$zWNKrsoa}9Qpo_>Vks)Q}KDNj%k5(_x;G(`msHl%IMMm$C|W*}PqDNJ+Y zm>S@d?_!e~@pE^n?uPh|LZuB!GiV^%wJFHB`ji={Z{ajlYnr#oe^jLu9~>)A#Ou{8 zvs!aNInoXg2?x`)-_Q_Ll+NY+5@9%CukywrM8P8hga%nyN9(E>MS4^Z#)v=w+60%p zHmi-i_NDK7^Si>He^+SeXlS0JJwHc{IC7h(YtK&?CuN8d^%||SS?zScs)oB?dL`E= zMmw2vZN`#&^HYM#-_hrc41MXxBok*55^*0+n@B?LYSwIrQEHLZV`P!oiAAF3w>n4< zK@SQ3W?}iyz?fl=4oRIb*6biYidL6XaCU05I>`neXXKe_Br#sJzYZ>$f<6nYRgos= z8cGIMH7O6VE7Blu?Jm`+Dis+T<=&|BBGu856z5EMZ74Ye)LrPjHwrVQxG3#HQD!sI z<4NbL>YR986j~O6NH+s$*iE&&<(w{HLPf$|EOBpzhjLoZR^Ac}Am#=S$;c^xj8M2# z^{`usjixYhA~BKIWB?_fzocpmmz5q+gpj%`mZo{YKKdlRpnx9rRTW5h zBLVBoP|W!7GAI~^71EeD2!gg^a3BDSrnIorO@^T+rYI-A1L2W~aUV&6&PbTow=gsn zJ#`J~4@;4#R-f1oSP??J%7w(ckSjk-&o*jn+QE?9WJ+|Up$J~u&XY88YpaVC#*$XV zzuP_z%01e?h-TgNeygbNdGUakUmK5kHEiQ1lq}94_LI&j{%E^*B2;|W^ z!x*}|n3jwdT!T$TlX*l%k-Si(90Cccd!Ab4hqur=t{W+F1@)kxhB!$LaSa6Y)lgN9 zxZF0P)+BcFKN+h!$Ce;0oo65|+lXFjRdeR5wxhE}Q@D6>#U4t(keaXjd;ZFw32teg zr#(MU4dHAnz0EamwY`}YlfhZ2;ZZ9omg*sr(bPgfs~TMziGc#aP0&|`Tcl62z|99D z>b-#wO{9@Y|NLqV@|`^e)!U}&qtC8g<<<5y`r%)@Y_VaQ>j&GI6K})yoL=mUz(8W0 zk}|MHk{AID@lpoJ2SnHnl|%v?;52EMby2ECg?yvfUECqat`*JLf{$PBRA>0+G3 zpw%Hy*P`?Xkw9Y#pBZxsl4Rm-b`ot*$KXIJxjZq74Ou7L^U=sFPOGm*iZ65CKd7oE|g8iB-jG>d1ZZFJFJ3uqRl~4N*YuhbXOHZ zVBGKu40qFFZZ%8G$Hn(Ed4O;5B8TzE0XSJ(O1_-t+Wy%6c{&-U1p`j}bF8tR2U`kmQYliO7|WiKir!6Tc)|J~k)4bJcSy zH36AqJOz@`r<07N{W~2pVQy-;WET!Plj_uwn9Y<4ty!O!G981GptTmtA$B^=F31kQ zVC2P?L$c(W-!74K;ZI+j=F#gRJXBA1ytfUG6?rwkU?8J#7$g_K60VVAaZdn;2n^1# zK!5Q-$srq2=}J{fwQ8XP-8K+f!iq>&MuNG=5S-vu2V;_2IG^GMvM7Cg#5+x`q`Ep1 zw)72pLFDw0b_+P|-65TAr0sH;wH(z&ngU2)#H1vXLQHLggG3HRMynmf8_{UJXD;+C z{c_VbbR(CSR?ghdp7_Q>ZUC9eQ>ip6A%%U?Kq*{72J6&JL0Qv#((;OwNa{I)Ju*w zAH{pmQJgw;+Tmn|()B&ZgdYqt1@-1{>}AWWA>*-%Lt!t{kE#cEX*6kW(>%%Jf`AhV z+$A#c9+YI_Z4^nPxys$%1toJ#{qN91Di4dPhJ?M^GrP@A&!c<154c?J@jjSteJ+D! z5G~5k7O1KzoR$tW*)*DcYk}e`j%W_BZOoZ{G6lk1r*fhXYU8BooJ9M%8=(D^QYj=L zlSW8xO`(h!tBk~}hJ7Fm=|*F+L&T8#_31a^oYW^i+( zAaykBm-Z}@#z?Kkgv2Dz85w2`h65`2&`*F*>Ahwp+MZP(F>dI6lw=LG8iesXOs2&T z8|>BIkOdm^^vkJgwg}C7E>Oq7L8Xbs^~wCnAu+C~j_ zlbc9OBL0)0s(W(}5v}hj%`d}R-iyd160p#D?0ZwsApNO#?B6+o>m}HdY$QP1U%Nc- zQ9?4cU-dus>_)a)BjKg6i?rufi$S3l00p^6)P6?!!&=My=>h7AG4`r1`y0|td8m6ig02@z#bN}qJ{_tCfl zv~@WJs<&$;q9Tbd1-WNN`lgxfV0CIgOtXfW)uzD#4x@oOF_m=sV)ej4mcCl8Wc)rU zk9b0(yH-Lvd(nZc%25`E$!HeV!`{?6^@Y-}_RU;g7+@v$Cds(GeuFSn$ON}=v<=LF ztDr3L1)!~DtJyU|+^D7-#!B+h$?IP@9!h;dGBpzj`qE{qA=Q8(a3c_teL(QSf-}2e ziXB2`(rQU=UCfeE44Vfv%RQJV7k0jR zk#rNqWDk;FGE4?-#B5eG%*MNxeg@2tTLTavCAs9`m~>8GcJvO`V1W#>2nVZ;@TS&+ z+YJaOA+BWP<|eKD`g)Oa6vMZZ$y}R^lr0gpGbm*;Thd{s4-dMmgBs?0=x|)^#9G5-2`|hl&v3<+v2AHr}dq^?f5cDrhD27@UX?4h)j2BeA+3B_P`RLjh6p_W<`W z5sgM-kjm5Yj_u4r#A;%ujRw=-9?6}9mjh+RbVHZAH|etZPmH-~X4`4+AuicGXc1#J zhCuw#QX2COjQH}f$tBCcU|6Cjn7VrB2@mj1J5Np9+opjq_7lU6><`x-ZW7!_i`cxO zs-(%2LjF(jj(rkLIlV=2B@OTT@qGpTI?cJ+MqyqBkN-bQF}EoqGa;4s8^@o0hL`v zR$LXSebY2^d7gT*mPO*;kp9wQniHmX6-j<16O9a8pTyr}lT}&?BAMM*g%r5#6ECnr z=jp`>gD8>8MYcHDm|(=I+s8^ba!%Ss$x;J+g#oXe91qo;Oj7N7MrPnbDdiN^ZF8I? z>c*?U<8D8d+ShSYsfF3Z*Xp9nG5A8os!!T5L=!!9Mu+3FhYRQ>r^4e7d818}N*IJh zuRILHsWm8_&BlEn57_1eOHJHcPHGbXc3CCCS@J6%79Xt4qerQr$j-?oet=rN+bZZ! zWV_wOwl_g$YD-EntJUQO9ioO{6ad&(4Oy9phaMt|MGw()ydDx9T%#l86je=w(F1S@ z^bo1<=^>j?3v3FAY1w2KR?kTcB|Rhz-3r_*^cr4&u@JPJ*@By64Rw@8?8P)M4U}MWPp;*W++DvXSAG5 z8%Yb<$mXOT68wClmjc5HAz}L=WN6(%wx+dO?8f$T#Cfoj4{|N1gU)I_BrHg9dJVJU zpm%aTr{DtJYI6vNvk)TIqn?wV47HHcFz-&m&IsBw%%)Q?xP>&Q2y3R6pw?;65o={BrUl0=3uH8k9Os!5gJr(L9L7B;FXB$;W6LLD3#bq@OAp!D^Y;mUDP6001 zaAXBYDF=Zc!O$l{#9!0XNLWV?30B~dQ`nmbk>InQlW>_H5_T1G3jIV#*Z~wWloQ~I zG+|{SL|kgU1!4CiO@J)mNURb++!$bfQ#J#7rOy2 zb^~1O2DsP_aIqWUBASjvdj`1J4RB#9ej1eQ2Do5p2_teC;NmdA#bJO87MfVj02hY= zE)K(baTws@Fu=uOfQzWyhZ!=!#bJPp!vGf%GoYLSE)D}+9ESBG8q7mE16-U2xHt`P zaT?&_G{D7afD2Qt)8@fxfQ!=r7pDO(P6J$=hV|k!z{P2Ri_-uXr*Qh(vz!86LWopE z^_~g%8fgYdmI2$QsNE6ODq!}RLq6bo~ zJ(oaBA*TTnF5#>~n#0h7VcuN^{OJ+o^BIP6D@XDhau2A~ak6Y*jAG-<{ zuP}4-sa6G9BXnD@ArH(BT(7|3tHC`1<|r+=h^d*8QsoH+%Mr!(lAvO*gngDUT!hp} z9_kw|9$}1Kh*1@n{8GS+$1YDbGi|8kgCH|^>Y((E_#RYq4aO3Q31bZ;#*E?29U+-U z>*4&+ApDEzz2$B2J6tS*!Bk5g*&C2(K6tFqK^{@*#Rz1nf_IV`7X>gp%1e$~OdW(2 zrh8UWetORn{K`SWuSS9dmI^`{svJ??ya#g55Q&!KeoG`upvFjfH)wR=H%D=Q#O+m$ zP1_v67?0P9;MQ70@6p4!atp-LV_#xc-Xhi@V8|XR)kIpIEj&I;Y2g5mM}i2A2jpwE zrCQNgR+O71tX)AvU9j&qXoI00IeP^AsQs3ADsOTZX9`q zu>`oOPvb?GF8CgLp)-uzFyDM+>^d8z`?n0Eb{-N|P$pKn>KfA2Nl1DCCNz*>Pn}u@ zvL92318lI$0QFoi<6Q zKAl{6GT@640SlIO9COnN$6+Ys3BnI|37xN^MNLmvE}KhQg6Z)I+a!LL4(0pb-q&kRr4RsZoU|=fUe*qy}h2AuK2# zh(9FzuoKm7s2pG#3d)u1!amqpl<7$KYuNOq)wi5kjE zJI)&<2V3g78VblxyN4a^+QG`vgV-oTjsal9Do+GWLBZQwVTM>)7Goz^Q6L~l!m4d1 zp*x?YxMXmdwxGZib2%&}`MLdAMGC7{!7M6PN_soUHPwqWd#g3B3ZsloQX6yxBt-%9 zMM=6;z;kMpEa4E1$iZ5MGFdJ}skoYBSwiW2TM~7|sTg%c0QWHNn<}^H0u9Rz!)&n` zw-{zQnH!sWj(BU+pD|<>UBRMy{o>LPr{3?4;UHD9x9mxDH~cYgl@i4O8VOmukCj4K(lotfr@I95uX z4ar@I8-~M0L#tdaPJuDWJpxz5P+MPq--P}K?v}MGNktH~a=0}!-&NSLtZ?ylw!MSDBWbxo(4o_jxP)~kI$>5SwE^Ns= zX3V3e)78pS7{)6bgkpek6pYIhSu8T0)sTh;#=*Uat}`kT8cD>VS*qX-o>{>_A}K7_ z$rv7R9TC_oOYPSD#q{0Y92n+>hQ2wf90s zNTqfPRFacXRO}{+vkg*&xKV@tK?;)=MJm6vDg+h6adwGgcUe7>(dc9v5mAI%kuMBF zC5Gz>1P+ASun=H-3|FbR7fw#SLJD%1N9aZ$sSsj`_kjaKkcuKzUP(q4BJj`-7oHG7 zPKj#oF?Zfr9U`)`95y>1OS0f8+39dwU3hXtX$_8)1p*p5R-zfT*fi7D3|&YP1A4m# zU3kC+yjd0Wj@&943{Nc#>kvBmTOiD6*6f zE^-KJhrp#tiIwqq)S46*iA$lRsL|elSxluD{50MnVkSa&RHWmzF&1E{4e~~H_1)$b zw&z!vW~D$77fdElnoqiabkZ@h4!k97;kYLe4~AsRz`h`HOUhJI+Hi-_4P)?!8=+WP zercJfU~nl4sw|_tO1uDx+s&9zBFT|N%qI5nfA_w~_SwS-7SOpK6ETjvl+8oYNP9Nk_;)mEk6V!K8I)atRZv zG+f+Mdv8^GpPFJzO~F(Ys0Ea+LMJ#3=)^2YPymuzZgAPaVkI`Y7)#0J?eEDOT-3jCfQH7^=+c7ReuIZ;sm)|PJ&f#Diir4S#Bt(}F3m(|6A+y+ z*QwC->8`xZC(1uLQ4|^;IzaqTA$m@c4`6%>X2jFZNCq zjBtK~GUiD*e)m+WkjNQT){xZtu5_@WI@SIW=ZDE_>ud~5E+nD78iU3HYw~o?B7>sd zr81mN-p1*T2>fzlUkW_)^iXJ~wf7=gn;}Sr;BLNu|J#hcM%=$Ogb>ff;ac+^+uQb7 zM$;x-EHXdBGTOqsRC5#exv|wZbiQd@q_GgmxZ5Jhd@{ zBAQivZq3tRKTQmHm`)X5wqQC-_Cx}n00}$dwT!=xnbn0U8ExSOGNj>z(Wzu$hWB=1 z`ZIzfV=_TNb$3`ZQ9x>1rNH}6(RJrCC?uRga(#^KB2feN36SJk*$uoH+yI?S(;kLM zV$U>(K#`dWu?#CIEW-n~hfD5)x(@pxD+nPc4}^nac;_5lZz9BUn8IRmd6jJRcx5;@ zVgjA1^_XNzQ=jrkisw5>>G&$?eK4guf3OB3P3gOxl%A#~_Ogqs3;1Jc0br6RO>L@d zpwj=8J}0H8sfF>&)vORUBqMxD08h=5rmkvku>~R`kjloANva30_vyziCZ?%AELFfq zeEKSq($m!v2@_up@(BZu8NIdDB;uxUt8f~4kC24<`s%0`J2dcd!j_bjh1*tn&hlN<2*cC0Ei3>@7MxdBx&?-pD0>Sla zdZmz~!7zyx0u7WgEfGt-8Y`rdt}8uK2%?CXw{p40AJjf&{WGq7`u+X@<^oy${z~mj z*1qD}7b;RS*2vmtt&$G&_G&sl)pUHum8^1QOwRyGc3u}^)eLOl44&W>d8Aq#yO8hp zDEetU)jSqjB|r-_GltAcG+=EK9i~ZSn3_Y}!*la!t`f(a6yiA?Q=;t*d@0dfhf0iw zs*Fib2>+QxC#oT@n%Y4go!UVbpV~ndo!UVbo!Y?!>0y|)NzrC)BHpY`M4PpV=+riA zlcB;$3qxyUszF@{E|2y`)!g*0W~6T=j}P7_p>X5z z&_^x%sH}oNvLK`u5g8hzl*gA++E*R*2iV~0i}wXzm0Fyve`%?4ElzE>I$Ep5MP%NA zh|JrMYi-80HsfQIa=_|-AKOCo#rGh6@oj}KDad93UzJ)uWq%_MCxTzgfPgFp;#xq~ ziYf>JMU|b4ueg?~APL0PYHmJK%fr>1$?Lx zN;nSbaDPB8S<8c3c?wnr)FxSKr7?45z>rxsW|obaWn<=AH8lXl%KAkgtYffOttxS9dI)<3npvYt1tXNc>q#l;L- zWr?sXbdH6zDp^SD0YXAASxC$&^p&NFEeJhEnymMUg~S$wt|Lw8JqsCgiY?UYLq^V8 zLkqR~z*(ABPADXl5VB*+Ii!J>;{KpNz~+z#D#d^-2I69%Ru4#G1yWF`0PGGin^1ui z6e^I#3S_YYS*!qrtzH}M_hLxCzUx|tMSxkkbps5N;!HgA>f*GL{%nyYMNkLW>aW!*X%^X)V$JNYn zC38?N4te9GhddMqC2k$L@qrRJ4AfUxN99$A)K+m{QDc;fLTam!Mb6G*y=Gsm+xX%* znm*JRH4hK#q+ST0%7HQIrs3XoObl3RivDDh*M5G`qEO>V-b6T~TJ3BFXCo<8-QHF^eRA%xXA4y$tv z&2T>1&_v=NV4gxfR_P57C{^-+QfV|2WunSzMkT0bRf1aP(LfiBI06e68%z6C8f7k$ z*rH)yY}r6<*r(7y{8No(`4Gj!qhjP@6gnLE;4z7EW#U0eE0c^bWe)MB%on~?`iMT2 znZ>6vP0*iU72}uH3;Fu6&mU0cgoSuI#p96TgJSXVfHGPoB$kP*Bm_&-YsSeV)KF`v z0p|}-OX##EeJaqVPX*F+y;l}HeJZ;`x%4Z`TnQ;FokGgk6Z(##PqnbVrxLj1g4klS z$G(+evTwDElt-Ci7SE=b$mmgYJC^a6s5$ei+W- zzf>GS{AKF}zkG?Pzc}A`1ju#%!L!g`tP}iTR_QOz-KZA55^}5;DXxTi5sO8+S@(pR zRYdNYWyyA0vU>WV{G9D{6_nfyfB)X;59SNG~hQv3MoF z%Wuu`dCRlP9bQ*?PC3lXWcwtW!{(%#go-TQZpH}C$mveYT)CZ6Zt+@NPm2J9&Qq4XkN`{XjY39o6{o2W`v8q(2^d@7N+6;PD}u?T0O5xy`~%h z;tQD6i&&F-5t~{sU1(Ffi^$Yk5t&*kB2()Gnlh=BVpD6S*wkt%Hnm=M`%dXB#irIv zv8nY^tXMBy--QbKZ9X|dteoW#>tzvQmF)g6RH5(#Qewnfc^eNo8tZs;!H%U$ zaH&_&DR855ro*r;yGklpj@{a{TLW&1>h%j`C2pfaNK3;o;&G8&g#fZnhZDgmTqY>U zQ-OVTvO>AzgO*UP;&hxU2$?>`gT`+-LS!|hV1I?Up^#ENp?vlk@I|6^0WgdK3s~s{ zhddI8r4%n|YS+QW4!kjf4@c_Tz~^DoUt=0+e&((R*gaemjKTB^%PYsR%*shEGKSh% z6o^@+3a+qWS_!B-soEE<^Y|*OXi5+wYXL$KM4%etLb1rHF=+Idii9`D)*nUyLnV5V zm{2>?!p6j~ma053`j}2P`cCSVIHn>o^b0|ZwuL7sV`^c@2He7k9Fj<<9o|a4KH~7R zPxdOy$X3z{kCKg!ava+D%RO<@U@6E4&3?IY1Vpf6=wXPQRKfTQxkR83gO<4-tfFa? zYDvqwA4rFAI1Ht8%w{5rEh5!QK6>;BcztAffefn$l#&5o zIF1t(Yzr1kKlFiNvmsOkLr8`ArUY12SD`Uxm7SYZR!l3CErb@#A_Apx!!eqv17>;z zXE+ph_+P*>hTa6=@D*^whU3eSzT#w^2Mt#c@bCd0bL}g^zQ7$Pwc13OEF)2C1Zz8f z$Yy}@g9eBc;eWCFC_o{SA;cew!3;7Ih0`hgFXD-4;R!r|Zz5gzUqn%W;)sq>ekhiL z6kY9Qe<%vC>+EkW|I4FlSsXp02f%b?abWmUD1!0QUltefBMy|0LJcWDNMghhPs5xd zWaW|6XM}hF-;7>Teh|rmhz60w{vZmU6ag}c|D`Ad5C@ux{Xq;qDT2r+<%c3Eh-fa( zM_P?!shj_zT6#)i%E*F*0j8ekg7@J>82r^3dJD~B`h#U-jKs{cXi_N-GHea44QBiX zZ@#EoQN_hxjNv^7TPA`%X^7<#5QZo$C59uE{)u%Ui6IhW5|pnFu5x2BO%l%rkXo>$@vcr%KY68m%X_1S^vwU?fsqj_vsxVgdgU>JuFu6D`1{iD zw%^cmM*B;?%o;!R=R1$=`2LHVO3%9V=x$e?c>3(K=l`&M;D9UdYyJHTTfhAF?CfRZ z2F~idtmow~6dZi@yML~`Y2@mcuKK><;#)p{@*HdPK!(`iR|-mS%R z=HGbw&g>O!a$g(SKe}dp7pG;}XSKy=y?1)a_BMZQcw%nr@ps()@d*_tc%_x{;PU4> zp0VWH`OY!9<6bB(?KtnvV^;R*o_F5?bB44Ua(SB%`cI9ITQ~cH`%gW0MT!?YZf;r7QZ+tX!I#J$G8-%BojvCI+b<{>aQT3l-FEiB>9}4?!}D{yKDqCov)|j%&b|Dc z16r+~_F-sW`?9a^zb0(E;KQrdwV2%hbWirP5C8DYxxNYghRj&|SnQKopFQ-*L931_ z>NwN(^UjBVeDkWy-oCcW9A~$)mi=-0^t(2m(QAI+YY*D6`q4QHUg&LkulM_XZ&>4B zFz2)P&;NDo596MAVSC=>6AyWD*24YnT-nt#weXvxzh3dyA1`0_?D(FQUyOTgNUNzc zj=i~X>ifq%{&D9;t499R{yE>>^U7||J!)cn?(Ylle%@$hV+{o!2TJnR9_@T0nKxZZNkj$!Rz zy?aFLu{)QvSo=i#5%%1lEl$rBw+_1F&(VX6hS&V{*@V--=-pz@!~?IHch#zz+iz)e zz>FR1o|yDRx39ju_s7$pb?s;$oqqKI&qEg2S-DBGYS56x9$dh60>R^C`Lq0Q9a=Z-&nM%A0IPyA%;A+HU8`ll&lXXU-J$>p2+ z#nzjrbYAP3v1(QP<#6oQk7liS@6C6HZa?#-^G;lQ%Hutc`SzyEo}KpcGdCPM=%A99 zd-V8i{cV@D-n8h<;S0(izq{a-jb8c-@fqF{c3VI zXDz+>i&Z79Bgb|)e)gh!HanJ1o!zZn=;xhNk9vRJ(zf9xdE5H0zh>R4-Z@{idS~(v z(Hq7sz5WpEiUo&1WWBQbjzgyHyWe>Oi)$9od*!-c%T8Y0_KZ&_tl9iS=LweS7g`Qp z_IB}z{RRvid{180Q`haRX!C8^b!+Z9{?dC~v(CvM_uKo^f6P7q&;f~q%2!?U?brEl z`*$3(cGTT7{y6%JV~>C3h@a=qefEgQe*P?X!~y*tdaK-Rj#;>R=ZCEpujzWr`-9GyF!!(%TF*T5lZ*Sm{Gq&h{4GnmT{`2=NiTgmW9hn* zZ$Iu(vti1pukRavVQ7B#A6p)M`r?~^zwR#grj|b~KIq0ProXtg=-#0(JyhL4-fG+A zdv5itt9oYm%sDyJON#%Vc<}tbJBrtw{nvqa?t8?@@1}orM)!|%mwZ36-QP8#HXDwb z6MN>OvyYyYzyGqVyf-&JblQTEtm@)Oy7Ygq9dGkS=XNRAdyM1lPmiszKj=SrU2`6uxQdRr>p9^cgDx7+2 zpC5-0bG5r-xOC`}uP(iC(TnpYuJO(ow%k!Qd})UjpUrt=ejtC^O2 z#@_e#ejntXQGNK>(v6=i{k-L)kFS6HtZ|R6S~IEB?20YN#19%V_3p!mw!eG&y)8a& z`}q9!`wegV&GU=;Uh?zgLq4DJ*p+iX9)Eo28=mg+(ad4;yVpMbUC+|s;gg1+6+M5| zy1t*UzI#jcMgILxw{8A)+__V3e6#hPOSTu^*!J1FvCe%v9RFC(I|tpef9d`=Pwsfd z>dHBNcK$E_-Fe^M(X!W^QDz(=!~t>hgS_35Bt9k&Pz7cP8{3ylN)+J`c3h@8-G4+{K5sX zb*~&VDdFh4&&_LxZ)s6dHfZI_u|qz*remz;!H<`Ge%Hv_a}Qq8W9yE4PCcOLj3Ha! zYI*j$o45VGrRv?Hqsv!YPe?p+-Kg0|4%=t`@4xO_^7N`s!KLs0{Nbg`U%Tmq+it#m z-kFt0-g(l?i{(B$PF(%m%ta?Xde1lC^ggG3?6X7arYwA;?~^agYqzD-E5jyz-SSL# zd_~rK_bl0dfwve>D#fOcEbP8sLXrxXI~=!s7t?`PzA$QC*>}k`1#cbci3mayRV*@JHIXQ}q-vKH$;Jihnj@pr#*#))fp9CE-ZFV4Q=pp$=l=(I(%o^Jix zxbv$o%)4X4Ti2i2x9sYp))!8hUespzS8el7n|HzO(WUQRH}|f;Cv3dxueHMtJ@JlD z4wt^a?3862cP73)aZ=ls>)$!JcFc$Er;L5+r;a1~9sSj{myVel{QiQcYPbFP@Wmeu zZqsr3%#$AcZBe_>!*kdF^wX=0dSB6T!a1G$^!jv2?L_&FyJE!){~9%U_U8kZU)^Ti zXFvA8|C64Pn@*qix%Id|M%*;B=c$fEE_l7?Ijujvuh*@2ts59PrA6+en#e?NZ2!eJL}I=bcf z>|6HhbH>G+mybI1qaTVEFIn=)unSk-Kc=i`#vh{#LYH}W-oGYm^YAqXkN&@d>t@}1 zWBwx}27J{&YPo*l(_^D=59s*KBTs(1etYhP`>a}ie#r&)0)UnRl!^p`A47r9Y+}bi?%DHdqhac5&f?c1v&h zf9#mEb?%EVj(zvipKA&h-16y`Rj;n78F8`m(1rcm>^wfQdcdv0Q&#_a=f&g4 zufL?v__glG``jFCHTyXGf;V5w-SN);hdIlyeq>VB4Xp;)dlUywm^$6GbXJ2+5d*`*0P}^x+ zcU+uZ^y;BouUU5B6OSg!Ha!tK>c`x*W9H17@!*wHFP~Le@YR|TSIx8ezp35t!yo2+ zy?H}^j~|Erw4i&N4Qo5v&bZY*;PmIt>h-{NkA6Di&F|Z^JoW1JZ{NKCjmIupeo1KK z7biV5cEGpqzTWcHE(OPZbjsEPe}Ap_v)}tJ8nL$6y4pXlWRvH)iuT*C=(cXe)3d(W z<{tN6#n!I-Z+qAOm`D1teAer&r5fj`i=IEEB(U`NsuQOl|7Edj!&M!(SM|EfT|8~x z#v_mTV859io_MJE*y&ksoICOSDW~6f-1ZMfFS)N{$2+?G-y4>E-;1jjf9LCX;KT3s z+`8ka9=#Xm?lWTf*-tF3xWRRb_gMe0eWWkSI)^@-`DE9!0{`p7CVsPM#^mRI+3$#V zc5FUi;J*HSH|6&Evi1G*-ua|x+*^w~W*6L7dDu6%-?-$C=&B3e8kO_dtfTE$-~acZ zzL#CU^^%SIw0dyZ^Sxg_>GvzA4P1S|fo~nTY{SUMM%Z`G>iNZxg07bo4E;5+?Cifl zdbM?KKl6_xAHL9ks?;g%dtcB!&iN9{2eBhfZExbA|m`+j9B3on6+gd~|&7 z!{45|^3{b0o!I)^$2NYk>F0|-{^d#U<+HzXckkEp_Gn!f+>?+t%t!xxJ~bN0J;@{yk%_DSt+{z0?vf9IKt4%zp2|G{lt z9afyRz126HLo?Q2c>Us>7uvsiR)<5vx5YMHzwuuCdzapG`MJLixb>Y^{O8)GPe(lX za$#tEj%RZCu($U6VPKboPTs%Od+o2RU4FwW|2twu+t9>0m-+8(Q~Arn7dM|(>+i5) zQs;5kuD&Ab9XO@;Rkq(=TyW;Ag=_kbSb5FTB{#Iqx@YirFW_O*{y*iS!m=Gxb89`X0s_Eome4ta8)dpqTK9lCB%{{H9IjrsJRP~hi&FZ+5g zTGo2Y-QLN6pLy2NuN}Q};g#R_IOe$vOWJ&T_-&RI?z1-Du+Q3Ix9!s=)@^*&n2Mu@ zT|c+wp#zWZQMU58?Aty#`-Cm?@0>lo=+<9{mhH3l%Co0FxxumJ=KWfHy#3Eh?>TGH zLsOQu7}5LBcaOdM`5tYzPJC+NNmJWpcRl&G=le~5#y|eGr3e3USceBr^4rUv9x?j1 zeQvz#$oo4zK0C7b+1Wo%==Rb<#W(HvzQ?>S?;W@G$_F=GH>0lQ!FS#oz3Z}Ty8Yhe z_MRW=)3fsq7z)(KG@Qy^_T}QdHJ{g zT}Mtm@|CfFd^pz^6~5o+iUo)M zdBvr@%I-dGLg2oAFRgj_>Tvd{Ro({qolexUQ&Up&!j-P%oO`}zhJU$x@TSsk8jH+Gbc<0wO`~OzCb<*KZ_v)@WQ%3x~a%$@_eO|d?(`#K4?~nR*&N(YrpWiLiZ%e3d z%=$IXYwoFg=B1-X-gf@)Pgb^_((bDt2i`w_&8E?PZd%Z~=d$NE9s9=G1yhbb>aLFO zyne@}=e6zf$L8lhyKd>WamSxlb?{#&&mJ=6_7i5c+}ZJ}+fFLKYevQYK0fpIMVnXu zcvJC(#m9C2bk>0<7GAXA(eIvWckX+)4BCIym?Lhx^p_vk-1t+6apgxm`{&%gJ$|}; z_G!Lf#xL16?UG-v`S`ciS35==aNVrhF{ie=<*zo|+bmrCVSM}GC38MGto-{!KL6mU z);Z_jx4K#$_`&@<*LAjhx@1VvS;w`lZFA^T59b~C<|Wge)U{i;-ruY~V%eW_uidY*%w_ptZ2Nm(pZxWAKh1pViPLRQo^Ze)SC?FL+?;d% zZ@|8%jrjYT OTLP endpoint for OpenTelemetry tracing (e.g. localhost:4318) \\ --upgrade-fd Inherit socket fd for binary hot reload (internal) + \\ --waf Path to WAF configuration JSON file + \\ --waf-shadow Force WAF shadow mode (log only, don't block) + \\ --waf-disabled Disable WAF entirely \\ --help Show this help \\ \\HOT RELOAD: @@ -161,6 +199,7 @@ fn printUsage() void { \\ load_balancer --mode mp --port 8080 --backend 127.0.0.1:9001 \\ load_balancer -m sp -p 8080 -b 127.0.0.1:9001 -b 127.0.0.1:9002 \\ load_balancer -m mp -c backends.json # Hot reload on file change + \\ load_balancer -m sp --waf waf.json # Enable WAF with config \\ , .{}); } @@ -180,6 +219,9 @@ fn parseArgs(allocator: std.mem.Allocator) !Config { var trace: bool = false; var tls_trace: bool = false; var otel_endpoint: ?[]const u8 = null; + var waf_config_path: ?[]const u8 = null; + var waf_shadow_mode: bool = false; + var waf_disabled: bool = false; var backend_list: std.ArrayListUnmanaged(BackendDef) = .empty; errdefer backend_list.deinit(allocator); @@ -288,6 +330,15 @@ fn parseArgs(allocator: std.mem.Allocator) !Config { upgrade_fd = try std.fmt.parseInt(posix.fd_t, args[i + 1], 10); i += 1; } + } else if (std.mem.eql(u8, arg, "--waf")) { + if (i + 1 < args.len) { + waf_config_path = try allocator.dupe(u8, args[i + 1]); + i += 1; + } + } else if (std.mem.eql(u8, arg, "--waf-shadow")) { + waf_shadow_mode = true; + } else if (std.mem.eql(u8, arg, "--waf-disabled")) { + waf_disabled = true; } } @@ -311,6 +362,17 @@ fn parseArgs(allocator: std.mem.Allocator) !Config { std.debug.print("OTEL: OpenTelemetry tracing enabled, endpoint: {s}\n", .{endpoint}); } + // Notify about WAF configuration + if (waf_disabled) { + std.debug.print("WAF: Disabled via --waf-disabled\n", .{}); + } else if (waf_config_path) |path| { + if (waf_shadow_mode) { + std.debug.print("WAF: Shadow mode enabled (log only), config: {s}\n", .{path}); + } else { + std.debug.print("WAF: Enabled, config: {s}\n", .{path}); + } + } + // Use default mode if not specified const final_mode = mode orelse RunMode.default(); @@ -354,6 +416,9 @@ fn parseArgs(allocator: std.mem.Allocator) !Config { .trace = trace, .tls_trace = tls_trace, .otel_endpoint = otel_endpoint, + .waf_config_path = waf_config_path, + .waf_shadow_mode = waf_shadow_mode, + .waf_disabled = waf_disabled, .lbConfig = .{ .worker_count = worker_count, .port = port, @@ -375,6 +440,11 @@ fn freeConfig(allocator: std.mem.Allocator, config: Config) void { if (config.otel_endpoint) |endpoint| { allocator.free(endpoint); } + + // Free the WAF config path if it was allocated + if (config.waf_config_path) |path| { + allocator.free(path); + } } // ============================================================================ @@ -410,6 +480,34 @@ pub fn main() !void { } defer telemetry.deinit(); + // Initialize WAF if configured + if (!config.waf_disabled) { + if (config.waf_config_path) |path| { + waf_allocator = allocator; + global_waf_config = waf.WafConfig.loadFromFile(allocator, path) catch |err| { + log.err("Failed to load WAF config from '{s}': {s}", .{ path, @errorName(err) }); + return err; + }; + // Apply shadow mode override from CLI + if (config.waf_shadow_mode) { + global_waf_config.shadow_mode = true; + } + log.info("WAF config loaded: enabled={}, shadow_mode={}, rules={d}", .{ + global_waf_config.enabled, + global_waf_config.shadow_mode, + global_waf_config.rate_limits.len, + }); + } + } else { + // WAF explicitly disabled + global_waf_config.enabled = false; + } + defer { + if (waf_allocator != null) { + global_waf_config.deinit(); + } + } + // Validate configuration try config.lbConfig.validate(); @@ -445,6 +543,17 @@ fn runMultiProcess(allocator: std.mem.Allocator, config: Config) !void { const region = try shared_allocator.init(); defer shared_allocator.deinit(); + // Initialize WAF state on heap (too large for stack: ~4MB) + // For multi-process, this should ideally be in shared memory (mmap) + // but for now we allocate on heap (each worker gets a copy after fork) + const waf_state_ptr = try allocator.create(waf.WafState); + waf_state_ptr.* = waf.WafState.init(); + global_waf_state = waf_state_ptr; + defer if (!global_waf_config.enabled) allocator.destroy(waf_state_ptr); + if (global_waf_config.enabled) { + log.info("WAF state initialized ({d} bytes)", .{@sizeOf(waf.WafState)}); + } + // Initialize backends in shared region initSharedBackends(region, mutable_lb_config.backends); @@ -757,6 +866,15 @@ fn runSingleProcess(parent_allocator: std.mem.Allocator, config: Config) !void { const lb_config = config.lbConfig; + // Initialize WAF state on heap (too large for stack: ~4MB) + const waf_state_ptr = try allocator.create(waf.WafState); + waf_state_ptr.* = waf.WafState.init(); + global_waf_state = waf_state_ptr; + defer allocator.destroy(waf_state_ptr); + if (global_waf_config.enabled) { + log.info("WAF state initialized ({d} bytes)", .{@sizeOf(waf.WafState)}); + } + for (lb_config.backends, 0..) |b, idx| { log.info(" Backend {d}: {s}:{d}", .{ idx + 1, b.host, b.port }); } diff --git a/src/main.zig b/src/main.zig new file mode 100644 index 0000000..624eef5 --- /dev/null +++ b/src/main.zig @@ -0,0 +1,27 @@ +const std = @import("std"); +const zzz_fix = @import("zzz_fix"); + +pub fn main() !void { + // Prints to stderr, ignoring potential errors. + std.debug.print("All your {s} are belong to us.\n", .{"codebase"}); + try zzz_fix.bufferedPrint(); +} + +test "simple test" { + const gpa = std.testing.allocator; + var list: std.ArrayList(i32) = .empty; + defer list.deinit(gpa); // Try commenting this out and see if zig detects the memory leak! + try list.append(gpa, 42); + try std.testing.expectEqual(@as(i32, 42), list.pop()); +} + +test "fuzz example" { + const Context = struct { + fn testOne(context: @This(), input: []const u8) anyerror!void { + _ = context; + // Try passing `--fuzz` to `zig build test` and see if it manages to fail this test case! + try std.testing.expect(!std.mem.eql(u8, "canyoufindme", input)); + } + }; + try std.testing.fuzz(Context{}, Context.testOne, .{}); +} diff --git a/src/proxy/handler.zig b/src/proxy/handler.zig index 528fd3a..dacdf1a 100644 --- a/src/proxy/handler.zig +++ b/src/proxy/handler.zig @@ -18,6 +18,8 @@ const zzz = @import("zzz"); const http = zzz.HTTP; const telemetry = @import("../telemetry/mod.zig"); +const main = @import("../../main.zig"); +const waf = @import("../waf/mod.zig"); const config = @import("../core/config.zig"); const types = @import("../core/types.zig"); @@ -123,7 +125,7 @@ pub fn generateHandler( } } - // Start a trace span for this request + // Start a trace span for this request (before WAF so blocked requests are traced) const method = ctx.request.method orelse .GET; const uri = ctx.request.uri orelse "/"; var span = telemetry.startServerSpan("proxy_request"); @@ -131,6 +133,80 @@ pub fn generateHandler( span.setStringAttribute("http.method", @tagName(method)); span.setStringAttribute("http.url", uri); + // WAF check - before any backend processing + if (main.getWafEngine()) |engine_val| { + // Make a mutable copy since check() requires *WafEngine + var engine = engine_val; + + // Extract source IP from connection (use 0 if not available) + // In production, you'd extract this from the socket address + const source_ip: u32 = 0; // TODO: Extract from ctx.connection when available + + // Build WAF request with body size for content-length validation + const waf_method = convertHttpMethod(ctx.request.method orelse .GET); + const body_len: ?usize = if (ctx.request.body) |b| b.len else null; + const waf_request = if (body_len) |len| + waf.Request.withContentLength( + waf_method, + ctx.request.uri orelse "/", + source_ip, + len, + ) + else + waf.Request.init( + waf_method, + ctx.request.uri orelse "/", + source_ip, + ); + + // Check WAF rules + const waf_result = engine.check(&waf_request); + + // Add WAF attributes to span + span.setStringAttribute("waf.decision", if (waf_result.isBlocked()) "block" else if (waf_result.shouldLog()) "log_only" else "allow"); + if (waf_result.reason != .none) { + span.setStringAttribute("waf.reason", waf_result.reason.description()); + } + if (waf_result.rule_name) |rule| { + span.setStringAttribute("waf.rule", rule); + } + + if (waf_result.isBlocked()) { + // Request blocked by WAF + log.warn("[W{d}] WAF blocked request: reason={s}, rule={s}", .{ + state.worker_id, + waf_result.reason.description(), + waf_result.rule_name orelse "N/A", + }); + + // Return appropriate status based on block reason + const status: http.Status = switch (waf_result.reason) { + .rate_limit => .@"Too Many Requests", + .body_too_large => .@"Content Too Large", + else => .Forbidden, + }; + + span.setIntAttribute("http.status_code", @intFromEnum(status)); + span.setError("WAF blocked"); + + return ctx.response.apply(.{ + .status = status, + .mime = http.Mime.JSON, + .body = "{\"error\":\"blocked by WAF\"}", + }); + } + + // Log if shadow mode decision was made + if (waf_result.shouldLog()) { + log.info("[W{d}] WAF shadow: reason={s}, rule={s}", .{ + state.worker_id, + waf_result.reason.description(), + waf_result.rule_name orelse "N/A", + }); + span.addEvent("waf_shadow_block"); + } + } + // Use dynamic backend count (from shared region if available) const backend_count = state.getBackendCount(); std.debug.assert(backend_count <= MAX_BACKENDS); @@ -961,3 +1037,22 @@ fn streamingProxy_finalize( log.debug("[REQ {d}] => .responded", .{req_id}); return .responded; } + +// ============================================================================ +// WAF Helper Functions +// ============================================================================ + +/// Convert zzz HTTP method to WAF HTTP method +fn convertHttpMethod(method: http.Method) waf.HttpMethod { + return switch (method) { + .GET => .GET, + .POST => .POST, + .PUT => .PUT, + .DELETE => .DELETE, + .PATCH => .PATCH, + .HEAD => .HEAD, + .OPTIONS => .OPTIONS, + .TRACE => .TRACE, + .CONNECT => .CONNECT, + }; +} diff --git a/src/root.zig b/src/root.zig new file mode 100644 index 0000000..94c7cd0 --- /dev/null +++ b/src/root.zig @@ -0,0 +1,23 @@ +//! By convention, root.zig is the root source file when making a library. +const std = @import("std"); + +pub fn bufferedPrint() !void { + // Stdout is for the actual output of your application, for example if you + // are implementing gzip, then only the compressed bytes should be sent to + // stdout, not any debugging messages. + var stdout_buffer: [1024]u8 = undefined; + var stdout_writer = std.fs.File.stdout().writer(&stdout_buffer); + const stdout = &stdout_writer.interface; + + try stdout.print("Run `zig build test` to run the tests.\n", .{}); + + try stdout.flush(); // Don't forget to flush! +} + +pub fn add(a: i32, b: i32) i32 { + return a + b; +} + +test "basic add functionality" { + try std.testing.expect(add(3, 7) == 10); +} diff --git a/src/test_load_balancer.zig b/src/test_load_balancer.zig index e876d92..bc67c4f 100644 --- a/src/test_load_balancer.zig +++ b/src/test_load_balancer.zig @@ -39,6 +39,9 @@ pub const simd_parse = @import("internal/simd_parse.zig"); // Core module tests pub const config = @import("core/config.zig"); +// WAF module tests +pub const waf_state = @import("waf/state.zig"); + // Config module tests pub const config_watcher = @import("config/config_watcher.zig"); @@ -69,6 +72,7 @@ comptime { _ = http2_client; _ = simd_parse; _ = config; + _ = waf_state; _ = config_watcher; _ = component_integration_test; _ = proxy_io; diff --git a/src/waf/config.zig b/src/waf/config.zig new file mode 100644 index 0000000..18de444 --- /dev/null +++ b/src/waf/config.zig @@ -0,0 +1,1197 @@ +/// WAF Configuration - JSON Parsing and Validation +/// +/// Parses waf.json configuration for the Web Application Firewall. +/// Supports hot-reload through config epoch tracking. +/// +/// Design Philosophy (TigerBeetle-inspired): +/// - Fixed-size arrays with explicit compile-time bounds +/// - No unbounded allocations - all limits are known at compile time +/// - Validation before application - invalid configs are rejected early +/// - Hot-reload support via config epoch +/// +/// Example waf.json: +/// ```json +/// { +/// "enabled": true, +/// "shadow_mode": false, +/// "rate_limits": [ +/// { +/// "name": "login_bruteforce", +/// "path": "/api/auth/login", +/// "method": "POST", +/// "limit": { "requests": 10, "period_sec": 60 }, +/// "burst": 3, +/// "by": "ip", +/// "action": "block" +/// } +/// ], +/// "slowloris": { +/// "header_timeout_ms": 5000, +/// "body_timeout_ms": 30000, +/// "min_bytes_per_sec": 100, +/// "max_conns_per_ip": 50 +/// }, +/// "request_limits": { +/// "max_uri_length": 2048, +/// "max_body_size": 1048576, +/// "max_json_depth": 20, +/// "endpoints": [ +/// { "path": "/api/upload", "max_body_size": 10485760 } +/// ] +/// }, +/// "trusted_proxies": ["10.0.0.0/8", "172.16.0.0/12"], +/// "logging": { +/// "log_blocked": true, +/// "log_allowed": false, +/// "log_near_limit": true, +/// "near_limit_threshold": 0.8 +/// } +/// } +/// ``` +const std = @import("std"); +const Allocator = std.mem.Allocator; + +// ============================================================================= +// Constants (TigerBeetle-style: fixed sizes, explicit bounds) +// ============================================================================= + +/// Maximum rate limit rules in config +pub const MAX_RATE_LIMIT_RULES: usize = 64; + +/// Maximum endpoint-specific overrides +pub const MAX_ENDPOINT_OVERRIDES: usize = 32; + +/// Maximum trusted proxy CIDR ranges +pub const MAX_TRUSTED_PROXIES: usize = 16; + +/// Maximum path length for rules +pub const MAX_PATH_LENGTH: usize = 256; + +/// Maximum name length for rules +pub const MAX_NAME_LENGTH: usize = 64; + +/// Maximum header name length for rate limiting by header +pub const MAX_HEADER_NAME_LENGTH: usize = 64; + +/// Maximum config file size +pub const MAX_CONFIG_SIZE: usize = 64 * 1024; + +// ============================================================================= +// Enums +// ============================================================================= + +/// HTTP methods for rate limiting +pub const HttpMethod = enum { + GET, + POST, + PUT, + DELETE, + PATCH, + HEAD, + OPTIONS, + TRACE, + CONNECT, + + /// Parse HTTP method from string (case-insensitive) + pub fn parse(str: []const u8) ?HttpMethod { + const method_map = std.StaticStringMap(HttpMethod).initComptime(.{ + .{ "GET", .GET }, + .{ "POST", .POST }, + .{ "PUT", .PUT }, + .{ "DELETE", .DELETE }, + .{ "PATCH", .PATCH }, + .{ "HEAD", .HEAD }, + .{ "OPTIONS", .OPTIONS }, + .{ "TRACE", .TRACE }, + .{ "CONNECT", .CONNECT }, + // Lowercase variants + .{ "get", .GET }, + .{ "post", .POST }, + .{ "put", .PUT }, + .{ "delete", .DELETE }, + .{ "patch", .PATCH }, + .{ "head", .HEAD }, + .{ "options", .OPTIONS }, + .{ "trace", .TRACE }, + .{ "connect", .CONNECT }, + }); + return method_map.get(str); + } + + /// Convert to string representation + pub fn toString(self: HttpMethod) []const u8 { + return switch (self) { + .GET => "GET", + .POST => "POST", + .PUT => "PUT", + .DELETE => "DELETE", + .PATCH => "PATCH", + .HEAD => "HEAD", + .OPTIONS => "OPTIONS", + .TRACE => "TRACE", + .CONNECT => "CONNECT", + }; + } +}; + +/// What to rate limit by +pub const RateLimitBy = enum { + /// Rate limit by client IP address + ip, + /// Rate limit by specific header value (e.g., API key) + header, + /// Rate limit by request path + path, + + /// Parse from string + pub fn parse(str: []const u8) ?RateLimitBy { + const by_map = std.StaticStringMap(RateLimitBy).initComptime(.{ + .{ "ip", .ip }, + .{ "header", .header }, + .{ "path", .path }, + }); + return by_map.get(str); + } +}; + +/// Action to take when rule matches +pub const Action = enum { + /// Block the request immediately + block, + /// Log but allow the request (shadow mode) + log, + /// Slow down response (tarpit attackers) + tarpit, + + /// Parse from string + pub fn parse(str: []const u8) ?Action { + const action_map = std.StaticStringMap(Action).initComptime(.{ + .{ "block", .block }, + .{ "log", .log }, + .{ "tarpit", .tarpit }, + }); + return action_map.get(str); + } +}; + +// ============================================================================= +// CIDR Range (for trusted proxies) +// ============================================================================= + +/// IPv4 CIDR range for trusted proxy detection +pub const CidrRange = struct { + /// Network address (host byte order) + network: u32, + /// Netmask (host byte order, e.g., 0xFFFFFF00 for /24) + mask: u32, + + /// Parse CIDR notation (e.g., "10.0.0.0/8", "192.168.1.0/24") + pub fn parse(cidr: []const u8) !CidrRange { + // Find the slash separator + const slash_pos = std.mem.indexOf(u8, cidr, "/") orelse return error.InvalidCidr; + + const ip_part = cidr[0..slash_pos]; + const prefix_part = cidr[slash_pos + 1 ..]; + + // Parse IP address + const ip = try parseIpv4(ip_part); + + // Parse prefix length (0-32 valid for IPv4) + const prefix_len = std.fmt.parseInt(u8, prefix_part, 10) catch return error.InvalidCidrPrefix; + if (prefix_len > 32) return error.InvalidCidrPrefix; + + // Calculate mask from prefix length + const mask: u32 = if (prefix_len == 0) + 0 + else if (prefix_len == 32) + 0xFFFFFFFF + else + @as(u32, 0xFFFFFFFF) << @intCast(32 - @as(u6, @intCast(prefix_len))); + + // Validate that IP is actually the network address + if ((ip & mask) != ip) { + return error.IpNotNetworkAddress; + } + + return .{ + .network = ip, + .mask = mask, + }; + } + + /// Check if an IP address falls within this CIDR range + pub fn contains(self: CidrRange, ip: u32) bool { + return (ip & self.mask) == self.network; + } + + /// Format as CIDR string (for debugging) + pub fn format( + self: CidrRange, + comptime fmt: []const u8, + options: std.fmt.FormatOptions, + writer: anytype, + ) !void { + _ = fmt; + _ = options; + const prefix_len = @popCount(self.mask); + try writer.print("{d}.{d}.{d}.{d}/{d}", .{ + @as(u8, @truncate(self.network >> 24)), + @as(u8, @truncate(self.network >> 16)), + @as(u8, @truncate(self.network >> 8)), + @as(u8, @truncate(self.network)), + prefix_len, + }); + } +}; + +/// Parse IPv4 address string to u32 (host byte order) +fn parseIpv4(ip_str: []const u8) !u32 { + var octets: [4]u8 = undefined; + var octet_idx: usize = 0; + var current: u32 = 0; + + for (ip_str) |c| { + if (c == '.') { + if (octet_idx >= 3) return error.InvalidIpAddress; + if (current > 255) return error.InvalidIpAddress; + octets[octet_idx] = @intCast(current); + octet_idx += 1; + current = 0; + } else if (c >= '0' and c <= '9') { + current = current * 10 + (c - '0'); + if (current > 255) return error.InvalidIpAddress; + } else { + return error.InvalidIpAddress; + } + } + + if (octet_idx != 3) return error.InvalidIpAddress; + octets[3] = @intCast(current); + + return (@as(u32, octets[0]) << 24) | + (@as(u32, octets[1]) << 16) | + (@as(u32, octets[2]) << 8) | + @as(u32, octets[3]); +} + +/// Convert u32 IP to bytes (for display) +pub fn ipToBytes(ip: u32) [4]u8 { + return .{ + @truncate(ip >> 24), + @truncate(ip >> 16), + @truncate(ip >> 8), + @truncate(ip), + }; +} + +// ============================================================================= +// Sub-Configurations +// ============================================================================= + +/// Slowloris attack prevention configuration +pub const SlowlorisConfig = struct { + /// Timeout for receiving all headers (milliseconds) + header_timeout_ms: u32 = 5000, + /// Timeout for receiving request body (milliseconds) + body_timeout_ms: u32 = 30000, + /// Minimum bytes per second for body transfer + min_bytes_per_sec: u32 = 100, + /// Maximum concurrent connections per IP + max_conns_per_ip: u16 = 50, +}; + +/// Endpoint-specific body size override +pub const EndpointOverride = struct { + /// Path pattern (supports * wildcard at end) + path: []const u8, + /// Maximum body size for this endpoint + max_body_size: u32, +}; + +/// Request size and depth limits configuration +pub const RequestLimitsConfig = struct { + /// Maximum URI length in bytes + max_uri_length: u32 = 2048, + /// Maximum request body size in bytes (default 1MB) + max_body_size: u32 = 1048576, + /// Maximum JSON nesting depth + max_json_depth: u8 = 20, + /// Endpoint-specific overrides (e.g., larger limit for upload endpoints) + endpoints: []const EndpointOverride = &.{}, +}; + +/// Logging configuration +pub const LoggingConfig = struct { + /// Log blocked requests + log_blocked: bool = true, + /// Log allowed requests (verbose) + log_allowed: bool = false, + /// Log requests approaching rate limit + log_near_limit: bool = true, + /// Threshold for "near limit" (0.0-1.0, e.g., 0.8 = 80% of limit) + near_limit_threshold: f32 = 0.8, +}; + +// ============================================================================= +// Rate Limit Rule +// ============================================================================= + +/// Rate limit rule configuration +pub const RateLimitRule = struct { + /// Human-readable name for this rule + name: []const u8, + /// Path pattern to match (supports * wildcard at end) + path: []const u8, + /// HTTP method to match (null = all methods) + method: ?HttpMethod = null, + /// Requests allowed per period + requests: u32, + /// Period in seconds + period_sec: u32, + /// Burst allowance (extra requests allowed in short burst) + burst: u32, + /// What to rate limit by + by: RateLimitBy = .ip, + /// Header name when by=header + header_name: ?[]const u8 = null, + /// Action to take when limit exceeded + action: Action = .block, + + /// Check if this rule matches a given path and method + pub fn matches(self: *const RateLimitRule, request_path: []const u8, request_method: ?HttpMethod) bool { + // Check method match (null rule method means match all) + if (self.method) |rule_method| { + if (request_method) |req_method| { + if (rule_method != req_method) return false; + } else { + return false; + } + } + + // Check path match with wildcard support + return pathMatches(self.path, request_path); + } + + /// Calculate tokens per second for rate limiter + /// Scaled by 1000 for sub-token precision + pub fn tokensPerSec(self: *const RateLimitRule) u32 { + if (self.period_sec == 0) return 0; + return (self.requests * 1000) / self.period_sec; + } + + /// Calculate burst capacity for rate limiter + /// Scaled by 1000 for sub-token precision + pub fn burstCapacity(self: *const RateLimitRule) u32 { + return (self.requests + self.burst) * 1000; + } +}; + +/// Check if a path pattern matches a request path +/// Supports * wildcard at end of pattern +fn pathMatches(pattern: []const u8, path: []const u8) bool { + // Empty pattern matches nothing + if (pattern.len == 0) return false; + + // Check for wildcard at end + if (pattern[pattern.len - 1] == '*') { + const prefix = pattern[0 .. pattern.len - 1]; + return std.mem.startsWith(u8, path, prefix); + } + + // Exact match + return std.mem.eql(u8, pattern, path); +} + +// ============================================================================= +// Main WAF Configuration +// ============================================================================= + +/// Main WAF configuration structure +/// Parsed from waf.json with all settings for the firewall +pub const WafConfig = struct { + /// Master enable/disable switch + enabled: bool = true, + /// Shadow mode: log but don't block (for testing rules) + shadow_mode: bool = false, + /// Rate limiting rules + rate_limits: []const RateLimitRule = &.{}, + /// Slowloris attack prevention + slowloris: SlowlorisConfig = .{}, + /// Request size limits + request_limits: RequestLimitsConfig = .{}, + /// Trusted proxy CIDR ranges (for X-Forwarded-For) + trusted_proxies: []const CidrRange = &.{}, + /// Logging configuration + logging: LoggingConfig = .{}, + /// Config epoch for hot-reload detection + epoch: u64 = 0, + + /// Internal: allocator used for parsing (needed for deinit) + _allocator: ?Allocator = null, + + // ========================================================================= + // Parsing + // ========================================================================= + + /// Parse WAF config from JSON string + pub fn parse(allocator: Allocator, json: []const u8) !WafConfig { + // Parse JSON + const parsed = std.json.parseFromSlice( + JsonWafConfig, + allocator, + json, + .{ .ignore_unknown_fields = true, .allocate = .alloc_always }, + ) catch { + return error.InvalidJson; + }; + defer parsed.deinit(); + + return try fromJson(allocator, parsed.value); + } + + /// Convert from JSON representation to WafConfig + fn fromJson(allocator: Allocator, json: JsonWafConfig) !WafConfig { + var config = WafConfig{ + .enabled = json.enabled, + .shadow_mode = json.shadow_mode, + ._allocator = allocator, + }; + errdefer config.deinit(); + + // Parse rate limits + if (json.rate_limits.len > MAX_RATE_LIMIT_RULES) { + return error.TooManyRateLimitRules; + } + if (json.rate_limits.len > 0) { + const rate_limits = try allocator.alloc(RateLimitRule, json.rate_limits.len); + // Initialize to empty for safe cleanup during errdefer + for (rate_limits) |*rl| { + rl.* = .{ + .name = &.{}, + .path = &.{}, + .requests = 0, + .period_sec = 1, + .burst = 0, + }; + } + config.rate_limits = rate_limits; + + for (json.rate_limits, 0..) |jrl, i| { + rate_limits[i] = try parseRateLimitRule(allocator, jrl); + } + } + + // Parse trusted proxies + if (json.trusted_proxies.len > MAX_TRUSTED_PROXIES) { + return error.TooManyTrustedProxies; + } + if (json.trusted_proxies.len > 0) { + const proxies = try allocator.alloc(CidrRange, json.trusted_proxies.len); + config.trusted_proxies = proxies; + + for (json.trusted_proxies, 0..) |cidr_str, i| { + proxies[i] = CidrRange.parse(cidr_str) catch { + return error.InvalidTrustedProxy; + }; + } + } + + // Parse endpoint overrides + if (json.request_limits) |jrl| { + config.request_limits = .{ + .max_uri_length = jrl.max_uri_length, + .max_body_size = jrl.max_body_size, + .max_json_depth = jrl.max_json_depth, + .endpoints = &.{}, + }; + + if (jrl.endpoints.len > 0) { + const endpoints = try allocator.alloc(EndpointOverride, jrl.endpoints.len); + // Initialize to empty for safe cleanup + for (endpoints) |*ep| { + ep.* = .{ .path = &.{}, .max_body_size = 0 }; + } + config.request_limits.endpoints = endpoints; + + for (jrl.endpoints, 0..) |je, i| { + const path = try allocator.dupe(u8, je.path); + endpoints[i] = .{ + .path = path, + .max_body_size = je.max_body_size, + }; + } + } + } + + // Parse slowloris config + if (json.slowloris) |js| { + config.slowloris = .{ + .header_timeout_ms = js.header_timeout_ms, + .body_timeout_ms = js.body_timeout_ms, + .min_bytes_per_sec = js.min_bytes_per_sec, + .max_conns_per_ip = js.max_conns_per_ip, + }; + } + + // Parse logging config + if (json.logging) |jl| { + config.logging = .{ + .log_blocked = jl.log_blocked, + .log_allowed = jl.log_allowed, + .log_near_limit = jl.log_near_limit, + .near_limit_threshold = jl.near_limit_threshold, + }; + } + + // Validate before returning + try config.validate(); + + return config; + } + + /// Free all allocated memory + pub fn deinit(self: *WafConfig) void { + const allocator = self._allocator orelse return; + + // Free rate limit rules - only free strings that were actually allocated + for (self.rate_limits) |rule| { + if (rule.name.len > 0) allocator.free(rule.name); + if (rule.path.len > 0) allocator.free(rule.path); + if (rule.header_name) |h| { + if (h.len > 0) allocator.free(h); + } + } + // Free the array itself if it was allocated + if (self.rate_limits.len > 0) { + allocator.free(self.rate_limits); + } + + // Free endpoint overrides - only free paths that were actually allocated + for (self.request_limits.endpoints) |ep| { + if (ep.path.len > 0) allocator.free(ep.path); + } + // Free the array itself if it was allocated + if (self.request_limits.endpoints.len > 0) { + allocator.free(self.request_limits.endpoints); + } + + // Free trusted proxies array if it was allocated + if (self.trusted_proxies.len > 0) { + allocator.free(self.trusted_proxies); + } + + self._allocator = null; + } + + // ========================================================================= + // File Loading + // ========================================================================= + + /// Load WAF config from file + pub fn loadFromFile(allocator: Allocator, path: []const u8) !WafConfig { + const file = std.fs.cwd().openFile(path, .{}) catch |err| { + return switch (err) { + error.FileNotFound => error.ConfigFileNotFound, + else => error.ConfigFileOpenFailed, + }; + }; + defer file.close(); + + // Read file content + var content = try allocator.alloc(u8, MAX_CONFIG_SIZE); + defer allocator.free(content); + + var total_read: usize = 0; + while (total_read < MAX_CONFIG_SIZE) { + const bytes_read = file.read(content[total_read..]) catch |err| { + if (err == error.EndOfStream) break; + return error.ConfigFileReadFailed; + }; + if (bytes_read == 0) break; + total_read += bytes_read; + } + + if (total_read == MAX_CONFIG_SIZE) { + return error.ConfigFileTooLarge; + } + + return try parse(allocator, content[0..total_read]); + } + + // ========================================================================= + // Validation + // ========================================================================= + + /// Validate configuration consistency + pub fn validate(self: *const WafConfig) !void { + // Validate rate limit rules + for (self.rate_limits) |rule| { + if (rule.name.len == 0) return error.EmptyRuleName; + if (rule.name.len > MAX_NAME_LENGTH) return error.RuleNameTooLong; + if (rule.path.len == 0) return error.EmptyRulePath; + if (rule.path.len > MAX_PATH_LENGTH) return error.RulePathTooLong; + if (rule.requests == 0) return error.ZeroRequests; + if (rule.period_sec == 0) return error.ZeroPeriod; + if (rule.by == .header and rule.header_name == null) { + return error.MissingHeaderName; + } + } + + // Validate slowloris config + if (self.slowloris.header_timeout_ms == 0) return error.ZeroHeaderTimeout; + if (self.slowloris.body_timeout_ms == 0) return error.ZeroBodyTimeout; + + // Validate request limits + if (self.request_limits.max_uri_length == 0) return error.ZeroMaxUriLength; + if (self.request_limits.max_body_size == 0) return error.ZeroMaxBodySize; + + // Validate endpoint overrides + for (self.request_limits.endpoints) |ep| { + if (ep.path.len == 0) return error.EmptyEndpointPath; + if (ep.path.len > MAX_PATH_LENGTH) return error.EndpointPathTooLong; + if (ep.max_body_size == 0) return error.ZeroEndpointBodySize; + } + + // Validate logging threshold + if (self.logging.near_limit_threshold <= 0.0 or self.logging.near_limit_threshold > 1.0) { + return error.InvalidNearLimitThreshold; + } + } + + // ========================================================================= + // Lookups + // ========================================================================= + + /// Find the first matching rate limit rule for a request + pub fn findRateLimitRule(self: *const WafConfig, path: []const u8, method: ?HttpMethod) ?*const RateLimitRule { + for (self.rate_limits) |*rule| { + if (rule.matches(path, method)) { + return rule; + } + } + return null; + } + + /// Get the effective max body size for a path + pub fn getMaxBodySize(self: *const WafConfig, path: []const u8) u32 { + // Check endpoint-specific overrides first + for (self.request_limits.endpoints) |ep| { + if (pathMatches(ep.path, path)) { + return ep.max_body_size; + } + } + return self.request_limits.max_body_size; + } + + /// Check if an IP is from a trusted proxy + pub fn isTrustedProxy(self: *const WafConfig, ip: u32) bool { + for (self.trusted_proxies) |cidr| { + if (cidr.contains(ip)) { + return true; + } + } + return false; + } +}; + +// ============================================================================= +// JSON Schema Types (for std.json parsing) +// ============================================================================= + +const JsonRateLimitRule = struct { + name: []const u8, + path: []const u8, + method: ?[]const u8 = null, + limit: struct { + requests: u32, + period_sec: u32, + }, + burst: u32 = 0, + by: []const u8 = "ip", + header_name: ?[]const u8 = null, + action: []const u8 = "block", +}; + +const JsonSlowlorisConfig = struct { + header_timeout_ms: u32 = 5000, + body_timeout_ms: u32 = 30000, + min_bytes_per_sec: u32 = 100, + max_conns_per_ip: u16 = 50, +}; + +const JsonEndpointOverride = struct { + path: []const u8, + max_body_size: u32, +}; + +const JsonRequestLimitsConfig = struct { + max_uri_length: u32 = 2048, + max_body_size: u32 = 1048576, + max_json_depth: u8 = 20, + endpoints: []const JsonEndpointOverride = &.{}, +}; + +const JsonLoggingConfig = struct { + log_blocked: bool = true, + log_allowed: bool = false, + log_near_limit: bool = true, + near_limit_threshold: f32 = 0.8, +}; + +const JsonWafConfig = struct { + enabled: bool = true, + shadow_mode: bool = false, + rate_limits: []const JsonRateLimitRule = &.{}, + slowloris: ?JsonSlowlorisConfig = null, + request_limits: ?JsonRequestLimitsConfig = null, + trusted_proxies: []const []const u8 = &.{}, + logging: ?JsonLoggingConfig = null, +}; + +/// Parse a JSON rate limit rule to RateLimitRule +fn parseRateLimitRule(allocator: Allocator, jrl: JsonRateLimitRule) !RateLimitRule { + // Validate lengths + if (jrl.name.len > MAX_NAME_LENGTH) return error.RuleNameTooLong; + if (jrl.path.len > MAX_PATH_LENGTH) return error.RulePathTooLong; + + // Parse method + const method: ?HttpMethod = if (jrl.method) |m| + HttpMethod.parse(m) orelse return error.InvalidHttpMethod + else + null; + + // Parse "by" field + const by = RateLimitBy.parse(jrl.by) orelse return error.InvalidRateLimitBy; + + // Parse action + const action = Action.parse(jrl.action) orelse return error.InvalidAction; + + // Copy strings + const name = try allocator.dupe(u8, jrl.name); + errdefer allocator.free(name); + + const path = try allocator.dupe(u8, jrl.path); + errdefer allocator.free(path); + + const header_name: ?[]const u8 = if (jrl.header_name) |h| blk: { + if (h.len > MAX_HEADER_NAME_LENGTH) return error.HeaderNameTooLong; + break :blk try allocator.dupe(u8, h); + } else null; + + return .{ + .name = name, + .path = path, + .method = method, + .requests = jrl.limit.requests, + .period_sec = jrl.limit.period_sec, + .burst = jrl.burst, + .by = by, + .header_name = header_name, + .action = action, + }; +} + +// ============================================================================= +// Tests +// ============================================================================= + +test "CidrRange: parse valid CIDR" { + const cidr = try CidrRange.parse("10.0.0.0/8"); + try std.testing.expectEqual(@as(u32, 0x0A000000), cidr.network); + try std.testing.expectEqual(@as(u32, 0xFF000000), cidr.mask); +} + +test "CidrRange: parse /24 network" { + const cidr = try CidrRange.parse("192.168.1.0/24"); + try std.testing.expectEqual(@as(u32, 0xC0A80100), cidr.network); + try std.testing.expectEqual(@as(u32, 0xFFFFFF00), cidr.mask); +} + +test "CidrRange: parse /32 (single host)" { + const cidr = try CidrRange.parse("192.168.1.100/32"); + try std.testing.expectEqual(@as(u32, 0xC0A80164), cidr.network); + try std.testing.expectEqual(@as(u32, 0xFFFFFFFF), cidr.mask); +} + +test "CidrRange: contains" { + const cidr = try CidrRange.parse("10.0.0.0/8"); + + // Should contain + try std.testing.expect(cidr.contains(0x0A000001)); // 10.0.0.1 + try std.testing.expect(cidr.contains(0x0AFFFFFF)); // 10.255.255.255 + + // Should not contain + try std.testing.expect(!cidr.contains(0x0B000000)); // 11.0.0.0 + try std.testing.expect(!cidr.contains(0xC0A80101)); // 192.168.1.1 +} + +test "CidrRange: invalid - not network address" { + const result = CidrRange.parse("10.0.0.1/8"); + try std.testing.expectError(error.IpNotNetworkAddress, result); +} + +test "CidrRange: invalid - no slash" { + const result = CidrRange.parse("10.0.0.0"); + try std.testing.expectError(error.InvalidCidr, result); +} + +test "parseIpv4: valid addresses" { + try std.testing.expectEqual(@as(u32, 0x7F000001), try parseIpv4("127.0.0.1")); + try std.testing.expectEqual(@as(u32, 0xC0A80101), try parseIpv4("192.168.1.1")); + try std.testing.expectEqual(@as(u32, 0x00000000), try parseIpv4("0.0.0.0")); + try std.testing.expectEqual(@as(u32, 0xFFFFFFFF), try parseIpv4("255.255.255.255")); +} + +test "parseIpv4: invalid addresses" { + try std.testing.expectError(error.InvalidIpAddress, parseIpv4("256.0.0.0")); + try std.testing.expectError(error.InvalidIpAddress, parseIpv4("10.0.0")); + try std.testing.expectError(error.InvalidIpAddress, parseIpv4("10.0.0.0.0")); + try std.testing.expectError(error.InvalidIpAddress, parseIpv4("abc.def.ghi.jkl")); +} + +test "HttpMethod: parse" { + try std.testing.expectEqual(HttpMethod.GET, HttpMethod.parse("GET").?); + try std.testing.expectEqual(HttpMethod.POST, HttpMethod.parse("post").?); + try std.testing.expect(HttpMethod.parse("INVALID") == null); +} + +test "RateLimitBy: parse" { + try std.testing.expectEqual(RateLimitBy.ip, RateLimitBy.parse("ip").?); + try std.testing.expectEqual(RateLimitBy.header, RateLimitBy.parse("header").?); + try std.testing.expectEqual(RateLimitBy.path, RateLimitBy.parse("path").?); + try std.testing.expect(RateLimitBy.parse("invalid") == null); +} + +test "Action: parse" { + try std.testing.expectEqual(Action.block, Action.parse("block").?); + try std.testing.expectEqual(Action.log, Action.parse("log").?); + try std.testing.expectEqual(Action.tarpit, Action.parse("tarpit").?); + try std.testing.expect(Action.parse("invalid") == null); +} + +test "pathMatches: exact match" { + try std.testing.expect(pathMatches("/api/users", "/api/users")); + try std.testing.expect(!pathMatches("/api/users", "/api/posts")); +} + +test "pathMatches: wildcard" { + try std.testing.expect(pathMatches("/api/*", "/api/users")); + try std.testing.expect(pathMatches("/api/*", "/api/users/123")); + try std.testing.expect(!pathMatches("/api/*", "/other/path")); +} + +test "RateLimitRule: matches" { + const rule = RateLimitRule{ + .name = "test", + .path = "/api/*", + .method = .POST, + .requests = 100, + .period_sec = 60, + .burst = 10, + }; + + try std.testing.expect(rule.matches("/api/users", .POST)); + try std.testing.expect(!rule.matches("/api/users", .GET)); + try std.testing.expect(!rule.matches("/other", .POST)); +} + +test "RateLimitRule: tokensPerSec and burstCapacity" { + const rule = RateLimitRule{ + .name = "test", + .path = "/api/*", + .requests = 60, // 60 requests per minute = 1 per second + .period_sec = 60, + .burst = 10, + }; + + try std.testing.expectEqual(@as(u32, 1000), rule.tokensPerSec()); // 1 * 1000 + try std.testing.expectEqual(@as(u32, 70000), rule.burstCapacity()); // (60 + 10) * 1000 +} + +test "WafConfig: parse minimal config" { + const json = + \\{"enabled": true, "shadow_mode": false} + ; + + var config = try WafConfig.parse(std.testing.allocator, json); + defer config.deinit(); + + try std.testing.expect(config.enabled); + try std.testing.expect(!config.shadow_mode); + try std.testing.expectEqual(@as(usize, 0), config.rate_limits.len); +} + +test "WafConfig: parse with rate limits" { + const json = + \\{ + \\ "enabled": true, + \\ "shadow_mode": false, + \\ "rate_limits": [ + \\ { + \\ "name": "login_bruteforce", + \\ "path": "/api/auth/login", + \\ "method": "POST", + \\ "limit": { "requests": 10, "period_sec": 60 }, + \\ "burst": 3, + \\ "by": "ip", + \\ "action": "block" + \\ } + \\ ] + \\} + ; + + var config = try WafConfig.parse(std.testing.allocator, json); + defer config.deinit(); + + try std.testing.expectEqual(@as(usize, 1), config.rate_limits.len); + try std.testing.expectEqualStrings("login_bruteforce", config.rate_limits[0].name); + try std.testing.expectEqualStrings("/api/auth/login", config.rate_limits[0].path); + try std.testing.expectEqual(HttpMethod.POST, config.rate_limits[0].method.?); + try std.testing.expectEqual(@as(u32, 10), config.rate_limits[0].requests); + try std.testing.expectEqual(@as(u32, 60), config.rate_limits[0].period_sec); + try std.testing.expectEqual(@as(u32, 3), config.rate_limits[0].burst); + try std.testing.expectEqual(RateLimitBy.ip, config.rate_limits[0].by); + try std.testing.expectEqual(Action.block, config.rate_limits[0].action); +} + +test "WafConfig: parse with trusted proxies" { + const json = + \\{ + \\ "trusted_proxies": ["10.0.0.0/8", "172.16.0.0/12"] + \\} + ; + + var config = try WafConfig.parse(std.testing.allocator, json); + defer config.deinit(); + + try std.testing.expectEqual(@as(usize, 2), config.trusted_proxies.len); + + // Test 10.0.0.0/8 + try std.testing.expectEqual(@as(u32, 0x0A000000), config.trusted_proxies[0].network); + try std.testing.expect(config.isTrustedProxy(0x0A010203)); // 10.1.2.3 + + // Test 172.16.0.0/12 + try std.testing.expectEqual(@as(u32, 0xAC100000), config.trusted_proxies[1].network); + try std.testing.expect(config.isTrustedProxy(0xAC1F0001)); // 172.31.0.1 +} + +test "WafConfig: parse with slowloris config" { + const json = + \\{ + \\ "slowloris": { + \\ "header_timeout_ms": 3000, + \\ "body_timeout_ms": 20000, + \\ "min_bytes_per_sec": 50, + \\ "max_conns_per_ip": 25 + \\ } + \\} + ; + + var config = try WafConfig.parse(std.testing.allocator, json); + defer config.deinit(); + + try std.testing.expectEqual(@as(u32, 3000), config.slowloris.header_timeout_ms); + try std.testing.expectEqual(@as(u32, 20000), config.slowloris.body_timeout_ms); + try std.testing.expectEqual(@as(u32, 50), config.slowloris.min_bytes_per_sec); + try std.testing.expectEqual(@as(u16, 25), config.slowloris.max_conns_per_ip); +} + +test "WafConfig: parse with request limits and endpoint overrides" { + const json = + \\{ + \\ "request_limits": { + \\ "max_uri_length": 4096, + \\ "max_body_size": 2097152, + \\ "max_json_depth": 10, + \\ "endpoints": [ + \\ { "path": "/api/upload", "max_body_size": 10485760 } + \\ ] + \\ } + \\} + ; + + var config = try WafConfig.parse(std.testing.allocator, json); + defer config.deinit(); + + try std.testing.expectEqual(@as(u32, 4096), config.request_limits.max_uri_length); + try std.testing.expectEqual(@as(u32, 2097152), config.request_limits.max_body_size); + try std.testing.expectEqual(@as(u8, 10), config.request_limits.max_json_depth); + try std.testing.expectEqual(@as(usize, 1), config.request_limits.endpoints.len); + + // Test getMaxBodySize + try std.testing.expectEqual(@as(u32, 10485760), config.getMaxBodySize("/api/upload")); + try std.testing.expectEqual(@as(u32, 2097152), config.getMaxBodySize("/api/other")); +} + +test "WafConfig: parse with logging config" { + const json = + \\{ + \\ "logging": { + \\ "log_blocked": true, + \\ "log_allowed": true, + \\ "log_near_limit": false, + \\ "near_limit_threshold": 0.9 + \\ } + \\} + ; + + var config = try WafConfig.parse(std.testing.allocator, json); + defer config.deinit(); + + try std.testing.expect(config.logging.log_blocked); + try std.testing.expect(config.logging.log_allowed); + try std.testing.expect(!config.logging.log_near_limit); + try std.testing.expectApproxEqAbs(@as(f32, 0.9), config.logging.near_limit_threshold, 0.001); +} + +test "WafConfig: parse full example config" { + const json = + \\{ + \\ "enabled": true, + \\ "shadow_mode": false, + \\ "rate_limits": [ + \\ { + \\ "name": "login_bruteforce", + \\ "path": "/api/auth/login", + \\ "method": "POST", + \\ "limit": { "requests": 10, "period_sec": 60 }, + \\ "burst": 3, + \\ "by": "ip", + \\ "action": "block" + \\ }, + \\ { + \\ "name": "api_global", + \\ "path": "/api/*", + \\ "limit": { "requests": 1000, "period_sec": 60 }, + \\ "burst": 100, + \\ "by": "ip", + \\ "action": "block" + \\ } + \\ ], + \\ "slowloris": { + \\ "header_timeout_ms": 5000, + \\ "body_timeout_ms": 30000, + \\ "min_bytes_per_sec": 100, + \\ "max_conns_per_ip": 50 + \\ }, + \\ "request_limits": { + \\ "max_uri_length": 2048, + \\ "max_body_size": 1048576, + \\ "max_json_depth": 20, + \\ "endpoints": [ + \\ { "path": "/api/upload", "max_body_size": 10485760 } + \\ ] + \\ }, + \\ "trusted_proxies": ["10.0.0.0/8", "172.16.0.0/12"], + \\ "logging": { + \\ "log_blocked": true, + \\ "log_allowed": false, + \\ "log_near_limit": true, + \\ "near_limit_threshold": 0.8 + \\ } + \\} + ; + + var config = try WafConfig.parse(std.testing.allocator, json); + defer config.deinit(); + + // Verify everything parsed correctly + try std.testing.expect(config.enabled); + try std.testing.expect(!config.shadow_mode); + try std.testing.expectEqual(@as(usize, 2), config.rate_limits.len); + try std.testing.expectEqual(@as(usize, 2), config.trusted_proxies.len); + try std.testing.expectEqual(@as(usize, 1), config.request_limits.endpoints.len); + + // Test findRateLimitRule - should match login rule (more specific) + const login_rule = config.findRateLimitRule("/api/auth/login", .POST); + try std.testing.expect(login_rule != null); + try std.testing.expectEqualStrings("login_bruteforce", login_rule.?.name); + + // Test findRateLimitRule - should match global API rule + const api_rule = config.findRateLimitRule("/api/users", .GET); + try std.testing.expect(api_rule != null); + try std.testing.expectEqualStrings("api_global", api_rule.?.name); + + // Test findRateLimitRule - no match + const no_rule = config.findRateLimitRule("/static/file.js", .GET); + try std.testing.expect(no_rule == null); +} + +test "WafConfig: validation catches zero requests" { + const json = + \\{ + \\ "rate_limits": [ + \\ { + \\ "name": "test", + \\ "path": "/api/*", + \\ "limit": { "requests": 0, "period_sec": 60 } + \\ } + \\ ] + \\} + ; + + const result = WafConfig.parse(std.testing.allocator, json); + try std.testing.expectError(error.ZeroRequests, result); +} + +test "WafConfig: validation catches zero period" { + const json = + \\{ + \\ "rate_limits": [ + \\ { + \\ "name": "test", + \\ "path": "/api/*", + \\ "limit": { "requests": 10, "period_sec": 0 } + \\ } + \\ ] + \\} + ; + + const result = WafConfig.parse(std.testing.allocator, json); + try std.testing.expectError(error.ZeroPeriod, result); +} + +test "WafConfig: validation catches invalid near_limit_threshold" { + const json = + \\{ + \\ "logging": { + \\ "near_limit_threshold": 1.5 + \\ } + \\} + ; + + const result = WafConfig.parse(std.testing.allocator, json); + try std.testing.expectError(error.InvalidNearLimitThreshold, result); +} + +test "WafConfig: invalid JSON returns error" { + const json = \\{invalid json} + ; + + const result = WafConfig.parse(std.testing.allocator, json); + try std.testing.expectError(error.InvalidJson, result); +} + +test "WafConfig: invalid trusted proxy returns error" { + const json = + \\{ + \\ "trusted_proxies": ["invalid-cidr"] + \\} + ; + + const result = WafConfig.parse(std.testing.allocator, json); + try std.testing.expectError(error.InvalidTrustedProxy, result); +} + +test "WafConfig: defaults are sensible" { + var config = WafConfig{}; + + // All defaults should pass validation + try config.validate(); + + try std.testing.expect(config.enabled); + try std.testing.expect(!config.shadow_mode); + try std.testing.expectEqual(@as(u32, 5000), config.slowloris.header_timeout_ms); + try std.testing.expectEqual(@as(u32, 2048), config.request_limits.max_uri_length); + try std.testing.expect(config.logging.log_blocked); +} diff --git a/src/waf/engine.zig b/src/waf/engine.zig new file mode 100644 index 0000000..620c2c7 --- /dev/null +++ b/src/waf/engine.zig @@ -0,0 +1,586 @@ +/// WAF Engine - Request Evaluation Orchestrator +/// +/// The heart of the Web Application Firewall. Orchestrates rate limiting, +/// request validation, and decision-making into a unified request evaluation flow. +/// +/// Design Philosophy (TigerBeetle-inspired): +/// - Single entry point for all WAF decisions +/// - Zero allocation on hot path +/// - Deterministic, predictable behavior +/// - Shadow mode for safe rule testing +/// - Composable with existing load balancer infrastructure +/// +/// Request Flow: +/// 1. WAF enabled check (fast path for disabled WAF) +/// 2. Client IP extraction (handles trusted proxies) +/// 3. Rate limit evaluation +/// 4. Request validation (URI length, body size) +/// 5. Metrics recording +/// 6. Decision return +/// +/// Shadow Mode: +/// When enabled, all blocking decisions are converted to log_only decisions. +/// This allows testing rules in production without affecting traffic. +const std = @import("std"); + +const state = @import("state.zig"); +pub const WafState = state.WafState; +pub const Decision = state.Decision; +pub const Reason = state.Reason; + +const rate_limiter = @import("rate_limiter.zig"); +pub const RateLimiter = rate_limiter.RateLimiter; +pub const Key = rate_limiter.Key; +pub const Rule = rate_limiter.Rule; +pub const hashPath = rate_limiter.hashPath; + +const config = @import("config.zig"); +pub const WafConfig = config.WafConfig; +pub const HttpMethod = config.HttpMethod; +pub const RateLimitRule = config.RateLimitRule; +pub const ipToBytes = config.ipToBytes; + +// ============================================================================= +// Request - Incoming HTTP Request Representation +// ============================================================================= + +/// Represents an incoming HTTP request for WAF evaluation +/// Designed to be lightweight and stack-allocated +pub const Request = struct { + /// HTTP method of the request + method: HttpMethod, + /// Request URI (path + query string) + uri: []const u8, + /// Content-Length header value, if present + content_length: ?usize = null, + /// Direct connection IP (network byte order, u32) + source_ip: u32, + /// X-Forwarded-For header value, if present (for trusted proxy handling) + x_forwarded_for: ?[]const u8 = null, + + /// Create a request from basic parameters + pub fn init(method: HttpMethod, uri: []const u8, source_ip: u32) Request { + return .{ + .method = method, + .uri = uri, + .source_ip = source_ip, + }; + } + + /// Create a request with content length + pub fn withContentLength(method: HttpMethod, uri: []const u8, source_ip: u32, content_length: usize) Request { + return .{ + .method = method, + .uri = uri, + .source_ip = source_ip, + .content_length = content_length, + }; + } + + /// Extract just the path portion of the URI (before query string) + pub fn getPath(self: *const Request) []const u8 { + if (std.mem.indexOf(u8, self.uri, "?")) |query_start| { + return self.uri[0..query_start]; + } + return self.uri; + } +}; + +// ============================================================================= +// CheckResult - WAF Decision Output +// ============================================================================= + +/// Result of WAF request evaluation +/// Contains the decision, reason, and additional context for logging/headers +pub const CheckResult = struct { + /// The WAF decision (allow, block, or log_only) + decision: Decision, + /// Reason for blocking (if blocked or logged) + reason: Reason = .none, + /// Name of the rule that triggered (if any) + rule_name: ?[]const u8 = null, + /// Remaining tokens after rate limit check (for rate limit headers) + tokens_remaining: ?u32 = null, + + /// Create an allow result + pub fn allow() CheckResult { + return .{ + .decision = .allow, + .reason = .none, + }; + } + + /// Create a block result with reason and optional rule name + pub fn block(reason: Reason, rule_name: ?[]const u8) CheckResult { + return .{ + .decision = .block, + .reason = reason, + .rule_name = rule_name, + }; + } + + /// Create a log_only result (shadow mode) + pub fn logOnly(reason: Reason, rule_name: ?[]const u8) CheckResult { + return .{ + .decision = .log_only, + .reason = reason, + .rule_name = rule_name, + }; + } + + /// Check if request should proceed + pub inline fn isAllowed(self: CheckResult) bool { + return self.decision == .allow or self.decision == .log_only; + } + + /// Check if request was blocked + pub inline fn isBlocked(self: CheckResult) bool { + return self.decision == .block; + } + + /// Check if this result should be logged + pub inline fn shouldLog(self: CheckResult) bool { + return self.decision.shouldLog(); + } + + /// Convert block to log_only (for shadow mode) + pub fn toShadowMode(self: CheckResult) CheckResult { + if (self.decision == .block) { + return .{ + .decision = .log_only, + .reason = self.reason, + .rule_name = self.rule_name, + .tokens_remaining = self.tokens_remaining, + }; + } + return self; + } +}; + +// ============================================================================= +// WafEngine - Main WAF Orchestrator +// ============================================================================= + +/// Main WAF engine that orchestrates all security checks +/// Thread-safe through atomic operations in underlying state +pub const WafEngine = struct { + /// Pointer to shared WAF state (mmap'd region) + waf_state: *WafState, + /// Pointer to current configuration + waf_config: *const WafConfig, + /// Rate limiter instance + limiter: RateLimiter, + + /// Initialize the WAF engine with shared state and configuration + pub fn init(waf_state: *WafState, waf_config: *const WafConfig) WafEngine { + return .{ + .waf_state = waf_state, + .waf_config = waf_config, + .limiter = RateLimiter.init(waf_state), + }; + } + + /// Main entry point - evaluate a request through all WAF checks + /// + /// This is the hot path. Designed for minimal latency: + /// 1. Fast-path if WAF disabled + /// 2. Extract real client IP + /// 3. Validate request format + /// 4. Check rate limits + /// 5. Record metrics + /// 6. Return decision (converted to log_only if shadow mode) + pub fn check(self: *WafEngine, request: *const Request) CheckResult { + // Fast path: WAF disabled + if (!self.waf_config.enabled) { + return CheckResult.allow(); + } + + // Extract real client IP (handles trusted proxies) + const client_ip = self.getClientIp(request); + + // Validate request (URI length, body size) + const validation_result = self.validateRequest(request); + if (validation_result.decision != .allow) { + self.recordDecision(&validation_result); + return self.applyMode(validation_result); + } + + // Check rate limits + const rate_limit_result = self.checkRateLimit(request, client_ip); + self.recordDecision(&rate_limit_result); + return self.applyMode(rate_limit_result); + } + + /// Extract the real client IP, handling trusted proxies + /// + /// If the direct connection is from a trusted proxy and X-Forwarded-For + /// is present, parse and return the first (client) IP from the chain. + /// Otherwise, return the direct connection IP. + pub fn getClientIp(self: *WafEngine, request: *const Request) u32 { + // Check if source IP is from a trusted proxy + if (!self.waf_config.isTrustedProxy(request.source_ip)) { + return request.source_ip; + } + + // Source is trusted proxy - try to parse X-Forwarded-For + const xff = request.x_forwarded_for orelse return request.source_ip; + if (xff.len == 0) return request.source_ip; + + // X-Forwarded-For format: "client, proxy1, proxy2" + // We want the leftmost IP (original client) + const first_ip = blk: { + if (std.mem.indexOf(u8, xff, ",")) |comma_pos| { + break :blk std.mem.trim(u8, xff[0..comma_pos], " "); + } + break :blk std.mem.trim(u8, xff, " "); + }; + + // Parse the IP address + return parseIpv4(first_ip) catch request.source_ip; + } + + /// Validate request against size and format limits + fn validateRequest(self: *WafEngine, request: *const Request) CheckResult { + const limits = &self.waf_config.request_limits; + + // Check URI length + if (request.uri.len > limits.max_uri_length) { + return CheckResult.block(.invalid_request, null); + } + + // Check body size (if Content-Length present) + if (request.content_length) |content_len| { + const max_body = self.waf_config.getMaxBodySize(request.getPath()); + if (content_len > max_body) { + return CheckResult.block(.body_too_large, null); + } + } + + return CheckResult.allow(); + } + + /// Check rate limits for the request + fn checkRateLimit(self: *WafEngine, request: *const Request, client_ip: u32) CheckResult { + // Find matching rate limit rule + const rule = self.waf_config.findRateLimitRule( + request.getPath(), + request.method, + ) orelse { + // No matching rule - allow by default + return CheckResult.allow(); + }; + + // Create rate limit key (IP + path hash) + const path_hash = hashPath(rule.path); + const key = Key{ + .ip = client_ip, + .path_hash = path_hash, + }; + + // Convert config rule to rate limiter rule + const limiter_rule = Rule{ + .tokens_per_sec = rule.tokensPerSec(), + .burst_capacity = rule.burstCapacity(), + .cost_per_request = 1000, // 1 token per request (scaled by 1000) + }; + + // Check rate limit + const decision = self.limiter.check(key, &limiter_rule); + + if (decision.action == .block) { + var result = CheckResult.block(.rate_limit, rule.name); + result.tokens_remaining = decision.remaining_tokens; + return result; + } + + var result = CheckResult.allow(); + result.tokens_remaining = decision.remaining_tokens; + return result; + } + + /// Apply shadow mode transformation if enabled + fn applyMode(self: *WafEngine, result: CheckResult) CheckResult { + if (self.waf_config.shadow_mode) { + return result.toShadowMode(); + } + return result; + } + + /// Record decision in metrics + fn recordDecision(self: *WafEngine, result: *const CheckResult) void { + switch (result.decision) { + .allow => self.waf_state.metrics.recordAllowed(), + .block => self.waf_state.metrics.recordBlocked(result.reason), + .log_only => self.waf_state.metrics.recordLogged(), + } + } + + /// Get current metrics snapshot + pub fn getMetrics(self: *WafEngine) state.MetricsSnapshot { + return self.waf_state.metrics.snapshot(); + } + + /// Check if config epoch has changed (for hot-reload detection) + pub fn configEpochChanged(self: *WafEngine, last_epoch: u64) bool { + return self.waf_state.getConfigEpoch() != last_epoch; + } + + /// Get current config epoch + pub fn getConfigEpoch(self: *WafEngine) u64 { + return self.waf_state.getConfigEpoch(); + } +}; + +// ============================================================================= +// Helper Functions +// ============================================================================= + +/// Parse IPv4 address string to u32 (host byte order) +fn parseIpv4(ip_str: []const u8) !u32 { + var octets: [4]u8 = undefined; + var octet_idx: usize = 0; + var current: u32 = 0; + + for (ip_str) |c| { + if (c == '.') { + if (octet_idx >= 3) return error.InvalidIpAddress; + if (current > 255) return error.InvalidIpAddress; + octets[octet_idx] = @intCast(current); + octet_idx += 1; + current = 0; + } else if (c >= '0' and c <= '9') { + current = current * 10 + (c - '0'); + if (current > 255) return error.InvalidIpAddress; + } else { + return error.InvalidIpAddress; + } + } + + if (octet_idx != 3) return error.InvalidIpAddress; + octets[3] = @intCast(current); + + return (@as(u32, octets[0]) << 24) | + (@as(u32, octets[1]) << 16) | + (@as(u32, octets[2]) << 8) | + @as(u32, octets[3]); +} + +// ============================================================================= +// Tests +// ============================================================================= + +test "Request: init and getPath" { + const req = Request.init(.GET, "/api/users?page=1", 0xC0A80101); + + try std.testing.expectEqual(HttpMethod.GET, req.method); + try std.testing.expectEqualStrings("/api/users?page=1", req.uri); + try std.testing.expectEqualStrings("/api/users", req.getPath()); + try std.testing.expectEqual(@as(u32, 0xC0A80101), req.source_ip); +} + +test "Request: withContentLength" { + const req = Request.withContentLength(.POST, "/api/upload", 0x0A000001, 1024); + + try std.testing.expectEqual(HttpMethod.POST, req.method); + try std.testing.expectEqual(@as(?usize, 1024), req.content_length); +} + +test "Request: getPath without query string" { + const req = Request.init(.GET, "/api/users", 0xC0A80101); + try std.testing.expectEqualStrings("/api/users", req.getPath()); +} + +test "CheckResult: allow" { + const result = CheckResult.allow(); + + try std.testing.expect(result.isAllowed()); + try std.testing.expect(!result.isBlocked()); + try std.testing.expect(!result.shouldLog()); + try std.testing.expectEqual(Decision.allow, result.decision); + try std.testing.expectEqual(Reason.none, result.reason); +} + +test "CheckResult: block" { + const result = CheckResult.block(.rate_limit, "login_bruteforce"); + + try std.testing.expect(!result.isAllowed()); + try std.testing.expect(result.isBlocked()); + try std.testing.expect(result.shouldLog()); + try std.testing.expectEqual(Decision.block, result.decision); + try std.testing.expectEqual(Reason.rate_limit, result.reason); + try std.testing.expectEqualStrings("login_bruteforce", result.rule_name.?); +} + +test "CheckResult: logOnly" { + const result = CheckResult.logOnly(.body_too_large, null); + + try std.testing.expect(result.isAllowed()); // log_only still allows + try std.testing.expect(!result.isBlocked()); + try std.testing.expect(result.shouldLog()); + try std.testing.expectEqual(Decision.log_only, result.decision); + try std.testing.expectEqual(Reason.body_too_large, result.reason); +} + +test "CheckResult: toShadowMode converts block to log_only" { + const blocked = CheckResult.block(.rate_limit, "test_rule"); + const shadowed = blocked.toShadowMode(); + + try std.testing.expectEqual(Decision.log_only, shadowed.decision); + try std.testing.expectEqual(Reason.rate_limit, shadowed.reason); + try std.testing.expectEqualStrings("test_rule", shadowed.rule_name.?); +} + +test "CheckResult: toShadowMode preserves allow" { + const allowed = CheckResult.allow(); + const shadowed = allowed.toShadowMode(); + + try std.testing.expectEqual(Decision.allow, shadowed.decision); +} + +test "parseIpv4: valid addresses" { + try std.testing.expectEqual(@as(u32, 0x7F000001), try parseIpv4("127.0.0.1")); + try std.testing.expectEqual(@as(u32, 0xC0A80101), try parseIpv4("192.168.1.1")); + try std.testing.expectEqual(@as(u32, 0x0A000001), try parseIpv4("10.0.0.1")); +} + +test "parseIpv4: invalid addresses" { + try std.testing.expectError(error.InvalidIpAddress, parseIpv4("256.0.0.0")); + try std.testing.expectError(error.InvalidIpAddress, parseIpv4("10.0.0")); + try std.testing.expectError(error.InvalidIpAddress, parseIpv4("10.0.0.0.0")); +} + +test "WafEngine: init" { + var waf_state = WafState.init(); + const waf_config = WafConfig{}; + const engine = WafEngine.init(&waf_state, &waf_config); + + try std.testing.expect(engine.waf_state == &waf_state); + try std.testing.expect(engine.waf_config == &waf_config); +} + +test "WafEngine: check with disabled WAF" { + var waf_state = WafState.init(); + var waf_config = WafConfig{}; + waf_config.enabled = false; + + var engine = WafEngine.init(&waf_state, &waf_config); + const req = Request.init(.GET, "/api/users", 0xC0A80101); + const result = engine.check(&req); + + try std.testing.expect(result.isAllowed()); + try std.testing.expectEqual(Decision.allow, result.decision); +} + +test "WafEngine: check allows valid request" { + var waf_state = WafState.init(); + const waf_config = WafConfig{}; // No rate limit rules + + var engine = WafEngine.init(&waf_state, &waf_config); + const req = Request.init(.GET, "/api/users", 0xC0A80101); + const result = engine.check(&req); + + try std.testing.expect(result.isAllowed()); +} + +test "WafEngine: check blocks oversized URI" { + var waf_state = WafState.init(); + var waf_config = WafConfig{}; + waf_config.request_limits.max_uri_length = 10; + + var engine = WafEngine.init(&waf_state, &waf_config); + const req = Request.init(.GET, "/this/is/a/very/long/uri/that/exceeds/the/limit", 0xC0A80101); + const result = engine.check(&req); + + try std.testing.expect(result.isBlocked()); + try std.testing.expectEqual(Reason.invalid_request, result.reason); +} + +test "WafEngine: check blocks oversized body" { + var waf_state = WafState.init(); + var waf_config = WafConfig{}; + waf_config.request_limits.max_body_size = 100; + + var engine = WafEngine.init(&waf_state, &waf_config); + const req = Request.withContentLength(.POST, "/api/upload", 0xC0A80101, 1000); + const result = engine.check(&req); + + try std.testing.expect(result.isBlocked()); + try std.testing.expectEqual(Reason.body_too_large, result.reason); +} + +test "WafEngine: shadow mode converts block to log_only" { + var waf_state = WafState.init(); + var waf_config = WafConfig{}; + waf_config.shadow_mode = true; + waf_config.request_limits.max_uri_length = 10; + + var engine = WafEngine.init(&waf_state, &waf_config); + const req = Request.init(.GET, "/this/is/a/very/long/uri", 0xC0A80101); + const result = engine.check(&req); + + // In shadow mode, should be log_only instead of block + try std.testing.expect(result.isAllowed()); + try std.testing.expectEqual(Decision.log_only, result.decision); + try std.testing.expectEqual(Reason.invalid_request, result.reason); +} + +test "WafEngine: getClientIp returns source IP when not trusted" { + var waf_state = WafState.init(); + const waf_config = WafConfig{}; // No trusted proxies + + var engine = WafEngine.init(&waf_state, &waf_config); + var req = Request.init(.GET, "/api/users", 0xC0A80101); + req.x_forwarded_for = "10.0.0.1"; + + const client_ip = engine.getClientIp(&req); + try std.testing.expectEqual(@as(u32, 0xC0A80101), client_ip); +} + +test "WafEngine: getClientIp returns source IP when no XFF" { + var waf_state = WafState.init(); + const waf_config = WafConfig{}; + + var engine = WafEngine.init(&waf_state, &waf_config); + const req = Request.init(.GET, "/api/users", 0xC0A80101); + + const client_ip = engine.getClientIp(&req); + try std.testing.expectEqual(@as(u32, 0xC0A80101), client_ip); +} + +test "WafEngine: metrics recording" { + var waf_state = WafState.init(); + var waf_config = WafConfig{}; + waf_config.request_limits.max_uri_length = 10; + + var engine = WafEngine.init(&waf_state, &waf_config); + + // Make a valid request + const valid_req = Request.init(.GET, "/api", 0xC0A80101); + _ = engine.check(&valid_req); + + // Make an invalid request + const invalid_req = Request.init(.GET, "/very/long/uri/path", 0xC0A80101); + _ = engine.check(&invalid_req); + + // Check metrics + const metrics = engine.getMetrics(); + try std.testing.expectEqual(@as(u64, 1), metrics.requests_allowed); + try std.testing.expectEqual(@as(u64, 1), metrics.requests_blocked); +} + +test "WafEngine: config epoch" { + var waf_state = WafState.init(); + const waf_config = WafConfig{}; + + var engine = WafEngine.init(&waf_state, &waf_config); + + const epoch1 = engine.getConfigEpoch(); + try std.testing.expectEqual(@as(u64, 0), epoch1); + try std.testing.expect(!engine.configEpochChanged(0)); + + // Increment epoch + _ = waf_state.incrementConfigEpoch(); + + try std.testing.expect(engine.configEpochChanged(0)); + try std.testing.expectEqual(@as(u64, 1), engine.getConfigEpoch()); +} diff --git a/src/waf/events.zig b/src/waf/events.zig new file mode 100644 index 0000000..5a27ad0 --- /dev/null +++ b/src/waf/events.zig @@ -0,0 +1,800 @@ +/// WAF Structured Event Logging +/// +/// Provides structured JSON logging for WAF events including blocked requests, +/// rate limit warnings, and configuration changes. +/// +/// Design Philosophy (TigerBeetle-inspired): +/// - Zero allocation on hot path - fixed-size buffers only +/// - Structured JSON output for machine parsing +/// - Human-readable formatting for debugging +/// - Configurable log levels via LoggingConfig +/// +/// Output Format: JSON Lines (one event per line) +/// ```json +/// {"timestamp":1703635200,"event_type":"blocked","client_ip":"192.168.1.1","method":"POST","path":"/api/login","rule_name":"login_bruteforce","reason":"rate_limit"} +/// ``` +const std = @import("std"); + +const config = @import("config.zig"); +pub const LoggingConfig = config.LoggingConfig; +pub const HttpMethod = config.HttpMethod; + +const state = @import("state.zig"); +pub const Reason = state.Reason; + +// ============================================================================= +// Constants +// ============================================================================= + +/// Maximum length of formatted IP string "255.255.255.255" = 15 chars +pub const MAX_IP_STRING_LEN: usize = 15; + +/// Maximum length of a single log line (generous for JSON overhead) +pub const MAX_LOG_LINE_LEN: usize = 2048; + +/// Maximum path length to include in logs (truncated if longer) +pub const MAX_LOG_PATH_LEN: usize = 256; + +/// Maximum rule name length to include in logs +pub const MAX_LOG_RULE_NAME_LEN: usize = 64; + +// ============================================================================= +// EventType - Classification of WAF Events +// ============================================================================= + +/// Type of WAF event for structured logging +pub const EventType = enum { + /// Request was blocked by WAF + blocked, + /// Request was allowed (verbose logging) + allowed, + /// Request is approaching rate limit threshold + near_limit, + /// WAF configuration was reloaded + config_reload, + + /// Convert to JSON string representation + pub fn toJsonString(self: EventType) []const u8 { + return switch (self) { + .blocked => "blocked", + .allowed => "allowed", + .near_limit => "near_limit", + .config_reload => "config_reload", + }; + } +}; + +// ============================================================================= +// WafEvent - Structured Event Data +// ============================================================================= + +/// Represents a single WAF event for logging +/// All string fields are slices into external memory (no allocation) +pub const WafEvent = struct { + /// Unix timestamp (seconds since epoch) + timestamp: i64, + /// Type of event + event_type: EventType, + /// Client IP address as string (e.g., "192.168.1.1") + client_ip: []const u8, + /// HTTP method (e.g., "GET", "POST") + method: []const u8, + /// Request path (may be truncated) + path: []const u8, + /// Name of the rule that triggered (if applicable) + rule_name: ?[]const u8 = null, + /// Human-readable reason for the decision + reason: ?[]const u8 = null, + /// Remaining rate limit tokens (if applicable) + tokens_remaining: ?u32 = null, + /// New config epoch (for config_reload events) + config_epoch: ?u64 = null, + + /// Format event into a fixed-size buffer as JSON + /// Returns a slice of the buffer containing the formatted output + pub fn format(self: *const WafEvent, buffer: []u8) []const u8 { + var pos: usize = 0; + + // Start JSON object + if (pos + 1 > buffer.len) return buffer[0..0]; + buffer[pos] = '{'; + pos += 1; + + // timestamp + const ts_prefix = "\"timestamp\":"; + if (pos + ts_prefix.len > buffer.len) return buffer[0..pos]; + @memcpy(buffer[pos..][0..ts_prefix.len], ts_prefix); + pos += ts_prefix.len; + pos = appendInt(buffer, pos, self.timestamp); + + // event_type + pos = appendJsonField(buffer, pos, "event_type", self.event_type.toJsonString()); + + // client_ip + pos = appendJsonField(buffer, pos, "client_ip", self.client_ip); + + // method + pos = appendJsonField(buffer, pos, "method", self.method); + + // path (escaped) + pos = appendJsonFieldEscaped(buffer, pos, "path", self.path); + + // rule_name (optional) + if (self.rule_name) |name| { + pos = appendJsonFieldEscaped(buffer, pos, "rule_name", name); + } + + // reason (optional) + if (self.reason) |r| { + pos = appendJsonFieldEscaped(buffer, pos, "reason", r); + } + + // tokens_remaining (optional) + if (self.tokens_remaining) |tokens| { + const tok_prefix = ",\"tokens_remaining\":"; + if (pos + tok_prefix.len <= buffer.len) { + @memcpy(buffer[pos..][0..tok_prefix.len], tok_prefix); + pos += tok_prefix.len; + pos = appendInt(buffer, pos, tokens); + } + } + + // config_epoch (optional) + if (self.config_epoch) |epoch| { + const epoch_prefix = ",\"config_epoch\":"; + if (pos + epoch_prefix.len <= buffer.len) { + @memcpy(buffer[pos..][0..epoch_prefix.len], epoch_prefix); + pos += epoch_prefix.len; + pos = appendInt(buffer, pos, epoch); + } + } + + // Close JSON object and add newline + if (pos + 2 <= buffer.len) { + buffer[pos] = '}'; + pos += 1; + buffer[pos] = '\n'; + pos += 1; + } + + return buffer[0..pos]; + } + + /// Create a blocked event + pub fn blocked( + client_ip: []const u8, + method: []const u8, + path: []const u8, + rule_name: ?[]const u8, + reason: Reason, + tokens_remaining: ?u32, + ) WafEvent { + return .{ + .timestamp = getCurrentTimestamp(), + .event_type = .blocked, + .client_ip = client_ip, + .method = method, + .path = truncatePath(path), + .rule_name = rule_name, + .reason = reason.description(), + .tokens_remaining = tokens_remaining, + }; + } + + /// Create an allowed event + pub fn allowed( + client_ip: []const u8, + method: []const u8, + path: []const u8, + tokens_remaining: ?u32, + ) WafEvent { + return .{ + .timestamp = getCurrentTimestamp(), + .event_type = .allowed, + .client_ip = client_ip, + .method = method, + .path = truncatePath(path), + .tokens_remaining = tokens_remaining, + }; + } + + /// Create a near-limit warning event + pub fn nearLimit( + client_ip: []const u8, + method: []const u8, + path: []const u8, + rule_name: ?[]const u8, + tokens_remaining: u32, + ) WafEvent { + return .{ + .timestamp = getCurrentTimestamp(), + .event_type = .near_limit, + .client_ip = client_ip, + .method = method, + .path = truncatePath(path), + .rule_name = rule_name, + .tokens_remaining = tokens_remaining, + }; + } + + /// Create a config reload event + pub fn configReload(epoch: u64) WafEvent { + return .{ + .timestamp = getCurrentTimestamp(), + .event_type = .config_reload, + .client_ip = "-", + .method = "-", + .path = "-", + .config_epoch = epoch, + }; + } +}; + +// ============================================================================= +// EventLogger - Central Logging Coordinator +// ============================================================================= + +/// Central event logger for WAF +/// Coordinates logging based on configuration settings +pub const EventLogger = struct { + /// Pointer to logging configuration + log_config: *const LoggingConfig, + /// Optional file handle for persistent logging + file: ?std.fs.File, + /// Buffer for IP formatting + ip_buffer: [MAX_IP_STRING_LEN + 1]u8 = undefined, + /// Buffer for log line formatting + line_buffer: [MAX_LOG_LINE_LEN]u8 = undefined, + + /// Initialize an event logger + pub fn init(logging_config: *const LoggingConfig) EventLogger { + return .{ + .log_config = logging_config, + .file = null, + }; + } + + /// Initialize with a file for persistent logging + pub fn initWithFile(logging_config: *const LoggingConfig, file: std.fs.File) EventLogger { + return .{ + .log_config = logging_config, + .file = file, + }; + } + + /// Log a blocked request event + /// Only logs if log_blocked is enabled in config + pub fn logBlocked( + self: *EventLogger, + client_ip: u32, + method: HttpMethod, + path: []const u8, + rule_name: ?[]const u8, + reason: Reason, + tokens_remaining: ?u32, + ) void { + if (!self.log_config.log_blocked) return; + + const ip_str = self.formatIpInternal(client_ip); + const event = WafEvent.blocked( + ip_str, + method.toString(), + path, + rule_name, + reason, + tokens_remaining, + ); + + self.emitEvent(&event); + } + + /// Log an allowed request event + /// Only logs if log_allowed is enabled in config + pub fn logAllowed( + self: *EventLogger, + client_ip: u32, + method: HttpMethod, + path: []const u8, + tokens_remaining: ?u32, + ) void { + if (!self.log_config.log_allowed) return; + + const ip_str = self.formatIpInternal(client_ip); + const event = WafEvent.allowed( + ip_str, + method.toString(), + path, + tokens_remaining, + ); + + self.emitEvent(&event); + } + + /// Log a near-limit warning event + /// Only logs if log_near_limit is enabled and tokens are below threshold + pub fn logNearLimit( + self: *EventLogger, + client_ip: u32, + method: HttpMethod, + path: []const u8, + rule_name: ?[]const u8, + tokens_remaining: u32, + burst_capacity: u32, + ) void { + if (!self.log_config.log_near_limit) return; + + // Check if we're near the limit threshold + if (burst_capacity == 0) return; + + const usage_ratio: f32 = 1.0 - (@as(f32, @floatFromInt(tokens_remaining)) / + @as(f32, @floatFromInt(burst_capacity))); + + if (usage_ratio < self.log_config.near_limit_threshold) return; + + const ip_str = self.formatIpInternal(client_ip); + const event = WafEvent.nearLimit( + ip_str, + method.toString(), + path, + rule_name, + tokens_remaining, + ); + + self.emitEvent(&event); + } + + /// Log a configuration reload event + /// Always logs when called (config reloads are important) + pub fn logConfigReload(self: *EventLogger, epoch: u64) void { + const event = WafEvent.configReload(epoch); + self.emitEvent(&event); + } + + /// Internal: emit an event to configured outputs + fn emitEvent(self: *EventLogger, event: *const WafEvent) void { + const formatted = event.format(&self.line_buffer); + + // Write to file if configured + if (self.file) |file| { + _ = file.write(formatted) catch {}; + } + + // Also write to stderr for visibility (development/debugging) + const stderr = std.fs.File{ .handle = std.posix.STDERR_FILENO }; + _ = stderr.write(formatted) catch {}; + } + + /// Internal: format IP to internal buffer + fn formatIpInternal(self: *EventLogger, ip: u32) []const u8 { + return formatIpToBuffer(ip, &self.ip_buffer); + } +}; + +// ============================================================================= +// Helper Functions +// ============================================================================= + +/// Format IPv4 address (u32) to string representation +/// Returns a fixed-size array with the formatted IP +pub fn formatIp(ip: u32) [MAX_IP_STRING_LEN]u8 { + var buffer: [MAX_IP_STRING_LEN]u8 = [_]u8{0} ** MAX_IP_STRING_LEN; + _ = formatIpToBuffer(ip, &buffer); + return buffer; +} + +/// Format IPv4 address to a provided buffer +/// Returns slice of the buffer containing the formatted string +pub fn formatIpToBuffer(ip: u32, buffer: []u8) []const u8 { + if (buffer.len < MAX_IP_STRING_LEN) return buffer[0..0]; + + const formatted = std.fmt.bufPrint(buffer, "{d}.{d}.{d}.{d}", .{ + @as(u8, @truncate(ip >> 24)), + @as(u8, @truncate(ip >> 16)), + @as(u8, @truncate(ip >> 8)), + @as(u8, @truncate(ip)), + }) catch return buffer[0..0]; + + return formatted; +} + +/// Get current Unix timestamp in seconds +pub fn getCurrentTimestamp() i64 { + const ts = std.posix.clock_gettime(.REALTIME) catch { + return 0; + }; + return ts.sec; +} + +/// Truncate path to maximum log length +fn truncatePath(path: []const u8) []const u8 { + if (path.len <= MAX_LOG_PATH_LEN) return path; + return path[0..MAX_LOG_PATH_LEN]; +} + +/// Append an integer to buffer, return new position +fn appendInt(buffer: []u8, pos: usize, value: anytype) usize { + var int_buf: [32]u8 = undefined; + const formatted = std.fmt.bufPrint(&int_buf, "{d}", .{value}) catch return pos; + if (pos + formatted.len > buffer.len) return pos; + @memcpy(buffer[pos..][0..formatted.len], formatted); + return pos + formatted.len; +} + +/// Append a JSON string field (with comma prefix): ,"key":"value" +fn appendJsonField(buffer: []u8, pos: usize, key: []const u8, value: []const u8) usize { + // Calculate required space: ,"{key}":"{value}" + const overhead = 6; // ,"":"" + const required = overhead + key.len + value.len; + if (pos + required > buffer.len) return pos; + + var p = pos; + + buffer[p] = ','; + p += 1; + buffer[p] = '"'; + p += 1; + @memcpy(buffer[p..][0..key.len], key); + p += key.len; + buffer[p] = '"'; + p += 1; + buffer[p] = ':'; + p += 1; + buffer[p] = '"'; + p += 1; + @memcpy(buffer[p..][0..value.len], value); + p += value.len; + buffer[p] = '"'; + p += 1; + + return p; +} + +/// Append a JSON string field with escaping for special characters +fn appendJsonFieldEscaped(buffer: []u8, pos: usize, key: []const u8, value: []const u8) usize { + // First, try simple path if no escaping needed + var needs_escape = false; + for (value) |c| { + if (c == '"' or c == '\\' or c < 0x20) { + needs_escape = true; + break; + } + } + + if (!needs_escape) { + return appendJsonField(buffer, pos, key, value); + } + + // Need to escape - build escaped value + var p = pos; + + // ,"{key}":" + const prefix_overhead = 5; // ,":" + if (p + prefix_overhead + key.len > buffer.len) return pos; + + buffer[p] = ','; + p += 1; + buffer[p] = '"'; + p += 1; + @memcpy(buffer[p..][0..key.len], key); + p += key.len; + buffer[p] = '"'; + p += 1; + buffer[p] = ':'; + p += 1; + buffer[p] = '"'; + p += 1; + + // Write escaped value + for (value) |c| { + switch (c) { + '"' => { + if (p + 2 > buffer.len) break; + buffer[p] = '\\'; + p += 1; + buffer[p] = '"'; + p += 1; + }, + '\\' => { + if (p + 2 > buffer.len) break; + buffer[p] = '\\'; + p += 1; + buffer[p] = '\\'; + p += 1; + }, + '\n' => { + if (p + 2 > buffer.len) break; + buffer[p] = '\\'; + p += 1; + buffer[p] = 'n'; + p += 1; + }, + '\r' => { + if (p + 2 > buffer.len) break; + buffer[p] = '\\'; + p += 1; + buffer[p] = 'r'; + p += 1; + }, + '\t' => { + if (p + 2 > buffer.len) break; + buffer[p] = '\\'; + p += 1; + buffer[p] = 't'; + p += 1; + }, + else => { + if (c < 0x20) { + // Control characters - escape as \u00XX + if (p + 6 > buffer.len) break; + const hex = std.fmt.bufPrint(buffer[p..][0..6], "\\u00{x:0>2}", .{c}) catch break; + p += hex.len; + } else { + if (p + 1 > buffer.len) break; + buffer[p] = c; + p += 1; + } + }, + } + } + + // Close quote + if (p + 1 <= buffer.len) { + buffer[p] = '"'; + p += 1; + } + + return p; +} + +// ============================================================================= +// Tests +// ============================================================================= + +test "EventType: toJsonString" { + try std.testing.expectEqualStrings("blocked", EventType.blocked.toJsonString()); + try std.testing.expectEqualStrings("allowed", EventType.allowed.toJsonString()); + try std.testing.expectEqualStrings("near_limit", EventType.near_limit.toJsonString()); + try std.testing.expectEqualStrings("config_reload", EventType.config_reload.toJsonString()); +} + +test "formatIp: basic formatting" { + const ip1: u32 = 0xC0A80101; // 192.168.1.1 + var buffer1: [MAX_IP_STRING_LEN]u8 = undefined; + const result1 = formatIpToBuffer(ip1, &buffer1); + try std.testing.expectEqualStrings("192.168.1.1", result1); + + const ip2: u32 = 0x7F000001; // 127.0.0.1 + var buffer2: [MAX_IP_STRING_LEN]u8 = undefined; + const result2 = formatIpToBuffer(ip2, &buffer2); + try std.testing.expectEqualStrings("127.0.0.1", result2); + + const ip3: u32 = 0x0A000001; // 10.0.0.1 + var buffer3: [MAX_IP_STRING_LEN]u8 = undefined; + const result3 = formatIpToBuffer(ip3, &buffer3); + try std.testing.expectEqualStrings("10.0.0.1", result3); +} + +test "formatIp: edge cases" { + const ip_zero: u32 = 0x00000000; // 0.0.0.0 + var buffer1: [MAX_IP_STRING_LEN]u8 = undefined; + const result1 = formatIpToBuffer(ip_zero, &buffer1); + try std.testing.expectEqualStrings("0.0.0.0", result1); + + const ip_max: u32 = 0xFFFFFFFF; // 255.255.255.255 + var buffer2: [MAX_IP_STRING_LEN]u8 = undefined; + const result2 = formatIpToBuffer(ip_max, &buffer2); + try std.testing.expectEqualStrings("255.255.255.255", result2); +} + +test "WafEvent: format JSON" { + const event = WafEvent{ + .timestamp = 1703635200, + .event_type = .blocked, + .client_ip = "192.168.1.1", + .method = "POST", + .path = "/api/login", + .rule_name = "login_bruteforce", + .reason = "rate limit exceeded", + .tokens_remaining = 0, + }; + + var buffer: [MAX_LOG_LINE_LEN]u8 = undefined; + const output = event.format(&buffer); + + // Verify it's valid JSON structure + try std.testing.expect(std.mem.startsWith(u8, output, "{")); + try std.testing.expect(std.mem.endsWith(u8, output, "}\n")); + + // Verify key fields are present + try std.testing.expect(std.mem.indexOf(u8, output, "\"timestamp\":1703635200") != null); + try std.testing.expect(std.mem.indexOf(u8, output, "\"event_type\":\"blocked\"") != null); + try std.testing.expect(std.mem.indexOf(u8, output, "\"client_ip\":\"192.168.1.1\"") != null); + try std.testing.expect(std.mem.indexOf(u8, output, "\"method\":\"POST\"") != null); + try std.testing.expect(std.mem.indexOf(u8, output, "\"path\":\"/api/login\"") != null); + try std.testing.expect(std.mem.indexOf(u8, output, "\"rule_name\":\"login_bruteforce\"") != null); + try std.testing.expect(std.mem.indexOf(u8, output, "\"reason\":\"rate limit exceeded\"") != null); +} + +test "WafEvent: blocked constructor" { + const event = WafEvent.blocked( + "10.0.0.1", + "GET", + "/api/resource", + "rate_limit_rule", + .rate_limit, + 100, + ); + + try std.testing.expectEqual(EventType.blocked, event.event_type); + try std.testing.expectEqualStrings("10.0.0.1", event.client_ip); + try std.testing.expectEqualStrings("GET", event.method); + try std.testing.expectEqualStrings("/api/resource", event.path); + try std.testing.expectEqualStrings("rate_limit_rule", event.rule_name.?); + try std.testing.expectEqualStrings("rate limit exceeded", event.reason.?); + try std.testing.expectEqual(@as(?u32, 100), event.tokens_remaining); +} + +test "WafEvent: allowed constructor" { + const event = WafEvent.allowed( + "192.168.0.1", + "POST", + "/api/upload", + 5000, + ); + + try std.testing.expectEqual(EventType.allowed, event.event_type); + try std.testing.expectEqualStrings("192.168.0.1", event.client_ip); + try std.testing.expectEqualStrings("POST", event.method); + try std.testing.expectEqualStrings("/api/upload", event.path); + try std.testing.expect(event.rule_name == null); + try std.testing.expect(event.reason == null); + try std.testing.expectEqual(@as(?u32, 5000), event.tokens_remaining); +} + +test "WafEvent: nearLimit constructor" { + const event = WafEvent.nearLimit( + "172.16.0.1", + "GET", + "/api/users", + "api_rate_limit", + 500, + ); + + try std.testing.expectEqual(EventType.near_limit, event.event_type); + try std.testing.expectEqualStrings("172.16.0.1", event.client_ip); + try std.testing.expectEqualStrings("api_rate_limit", event.rule_name.?); + try std.testing.expectEqual(@as(?u32, 500), event.tokens_remaining); +} + +test "WafEvent: configReload constructor" { + const event = WafEvent.configReload(42); + + try std.testing.expectEqual(EventType.config_reload, event.event_type); + try std.testing.expectEqualStrings("-", event.client_ip); + try std.testing.expectEqualStrings("-", event.method); + try std.testing.expectEqualStrings("-", event.path); + try std.testing.expectEqual(@as(?u64, 42), event.config_epoch); +} + +test "WafEvent: format handles special characters" { + const event = WafEvent{ + .timestamp = 1703635200, + .event_type = .blocked, + .client_ip = "10.0.0.1", + .method = "GET", + .path = "/api/test?q=\"hello\"&b=\\world", + .rule_name = null, + .reason = "test\nreason", + }; + + var buffer: [MAX_LOG_LINE_LEN]u8 = undefined; + const output = event.format(&buffer); + + // Verify special characters are escaped + try std.testing.expect(std.mem.indexOf(u8, output, "\\\"hello\\\"") != null); + try std.testing.expect(std.mem.indexOf(u8, output, "\\\\world") != null); + try std.testing.expect(std.mem.indexOf(u8, output, "test\\nreason") != null); +} + +test "EventLogger: init" { + const logging_config = LoggingConfig{}; + const logger = EventLogger.init(&logging_config); + + try std.testing.expect(logger.log_config == &logging_config); + try std.testing.expect(logger.file == null); +} + +test "EventLogger: respects log_blocked config" { + var logging_config = LoggingConfig{}; + logging_config.log_blocked = false; + + var logger = EventLogger.init(&logging_config); + + // This should not log anything since log_blocked is false + // (no crash is success, actual output verification would require more setup) + logger.logBlocked( + 0xC0A80101, + .POST, + "/api/login", + "test_rule", + .rate_limit, + 0, + ); +} + +test "EventLogger: respects log_allowed config" { + var logging_config = LoggingConfig{}; + logging_config.log_allowed = false; + + var logger = EventLogger.init(&logging_config); + + // This should not log anything since log_allowed is false + logger.logAllowed( + 0xC0A80101, + .GET, + "/api/users", + 5000, + ); +} + +test "truncatePath: short paths unchanged" { + const short_path = "/api/users"; + try std.testing.expectEqualStrings(short_path, truncatePath(short_path)); +} + +test "truncatePath: long paths truncated" { + var long_path: [MAX_LOG_PATH_LEN + 100]u8 = undefined; + for (&long_path) |*c| { + c.* = 'a'; + } + const truncated = truncatePath(&long_path); + try std.testing.expectEqual(MAX_LOG_PATH_LEN, truncated.len); +} + +test "appendJsonField: basic field" { + var buffer: [100]u8 = undefined; + const new_pos = appendJsonField(&buffer, 0, "key", "value"); + + try std.testing.expectEqualStrings(",\"key\":\"value\"", buffer[0..new_pos]); +} + +test "appendJsonFieldEscaped: no escaping needed" { + var buffer: [100]u8 = undefined; + const new_pos = appendJsonFieldEscaped(&buffer, 0, "key", "simple"); + + try std.testing.expectEqualStrings(",\"key\":\"simple\"", buffer[0..new_pos]); +} + +test "appendJsonFieldEscaped: escapes special chars" { + var buffer: [100]u8 = undefined; + const new_pos = appendJsonFieldEscaped(&buffer, 0, "key", "hello\"world"); + + try std.testing.expectEqualStrings(",\"key\":\"hello\\\"world\"", buffer[0..new_pos]); +} + +test "WafEvent: optional fields omitted when null" { + const event = WafEvent{ + .timestamp = 1703635200, + .event_type = .allowed, + .client_ip = "10.0.0.1", + .method = "GET", + .path = "/health", + .rule_name = null, + .reason = null, + .tokens_remaining = null, + }; + + var buffer: [MAX_LOG_LINE_LEN]u8 = undefined; + const output = event.format(&buffer); + + // Optional fields should not be present + try std.testing.expect(std.mem.indexOf(u8, output, "rule_name") == null); + try std.testing.expect(std.mem.indexOf(u8, output, "reason") == null); + try std.testing.expect(std.mem.indexOf(u8, output, "tokens_remaining") == null); +} + +test "getCurrentTimestamp: returns reasonable value" { + const ts = getCurrentTimestamp(); + // Should be after year 2020 (timestamp > 1577836800) + try std.testing.expect(ts > 1577836800); +} diff --git a/src/waf/mod.zig b/src/waf/mod.zig new file mode 100644 index 0000000..4f19b0b --- /dev/null +++ b/src/waf/mod.zig @@ -0,0 +1,185 @@ +//! Web Application Firewall (WAF) Module +//! +//! High-performance WAF for the zzz load balancer with: +//! - Lock-free rate limiting (token bucket) +//! - Request validation (URI, body, JSON depth) +//! - Slowloris detection +//! - Shadow mode for safe rollout +//! - Hot-reload configuration +//! +//! ## Quick Start +//! ```zig +//! const waf = @import("waf"); +//! +//! // Load configuration +//! var config = try waf.WafConfig.loadFromFile(allocator, "waf.json"); +//! defer config.deinit(); +//! +//! // Initialize shared state +//! var state = waf.WafState.init(); +//! +//! // Create engine +//! var engine = waf.WafEngine.init(&state, &config); +//! +//! // Check requests +//! const result = engine.check(&request); +//! if (result.isBlocked()) { +//! // Return 403/429 +//! } +//! ``` + +// ============================================================================= +// Re-export core types from state.zig +// ============================================================================= + +pub const WafState = @import("state.zig").WafState; +pub const Decision = @import("state.zig").Decision; +pub const Reason = @import("state.zig").Reason; +pub const Bucket = @import("state.zig").Bucket; +pub const ConnEntry = @import("state.zig").ConnEntry; +pub const ConnTracker = @import("state.zig").ConnTracker; +pub const WafMetrics = @import("state.zig").WafMetrics; +pub const MetricsSnapshot = @import("state.zig").MetricsSnapshot; + +// State constants +pub const MAX_BUCKETS = @import("state.zig").MAX_BUCKETS; +pub const MAX_TOKENS = @import("state.zig").MAX_TOKENS; +pub const BUCKET_PROBE_LIMIT = @import("state.zig").BUCKET_PROBE_LIMIT; +pub const MAX_CAS_ATTEMPTS = @import("state.zig").MAX_CAS_ATTEMPTS; +pub const MAX_TRACKED_IPS = @import("state.zig").MAX_TRACKED_IPS; +pub const WAF_STATE_MAGIC = @import("state.zig").WAF_STATE_MAGIC; +pub const WAF_STATE_SIZE = @import("state.zig").WAF_STATE_SIZE; + +// State helper functions +pub const packState = @import("state.zig").packState; +pub const unpackTokens = @import("state.zig").unpackTokens; +pub const unpackTime = @import("state.zig").unpackTime; +pub const computeKeyHash = @import("state.zig").computeKeyHash; +pub const computeIpHash = @import("state.zig").computeIpHash; + +// ============================================================================= +// Re-export configuration types from config.zig +// ============================================================================= + +pub const WafConfig = @import("config.zig").WafConfig; +pub const RateLimitRule = @import("config.zig").RateLimitRule; +pub const SlowlorisConfig = @import("config.zig").SlowlorisConfig; +pub const RequestLimitsConfig = @import("config.zig").RequestLimitsConfig; +pub const LoggingConfig = @import("config.zig").LoggingConfig; +pub const EndpointOverride = @import("config.zig").EndpointOverride; +pub const CidrRange = @import("config.zig").CidrRange; +pub const HttpMethod = @import("config.zig").HttpMethod; +pub const RateLimitBy = @import("config.zig").RateLimitBy; +pub const Action = @import("config.zig").Action; + +// Config constants +pub const MAX_RATE_LIMIT_RULES = @import("config.zig").MAX_RATE_LIMIT_RULES; +pub const MAX_ENDPOINT_OVERRIDES = @import("config.zig").MAX_ENDPOINT_OVERRIDES; +pub const MAX_TRUSTED_PROXIES = @import("config.zig").MAX_TRUSTED_PROXIES; +pub const MAX_PATH_LENGTH = @import("config.zig").MAX_PATH_LENGTH; +pub const MAX_NAME_LENGTH = @import("config.zig").MAX_NAME_LENGTH; +pub const MAX_HEADER_NAME_LENGTH = @import("config.zig").MAX_HEADER_NAME_LENGTH; +pub const MAX_CONFIG_SIZE = @import("config.zig").MAX_CONFIG_SIZE; + +// Config helper functions +pub const ipToBytes = @import("config.zig").ipToBytes; + +// ============================================================================= +// Re-export engine types from engine.zig +// ============================================================================= + +pub const WafEngine = @import("engine.zig").WafEngine; +pub const Request = @import("engine.zig").Request; +pub const CheckResult = @import("engine.zig").CheckResult; + +// ============================================================================= +// Re-export rate limiter types from rate_limiter.zig +// ============================================================================= + +pub const RateLimiter = @import("rate_limiter.zig").RateLimiter; +pub const Key = @import("rate_limiter.zig").Key; +pub const Rule = @import("rate_limiter.zig").Rule; +pub const DecisionResult = @import("rate_limiter.zig").DecisionResult; +pub const BucketStats = @import("rate_limiter.zig").BucketStats; + +// Rate limiter helper functions +pub const hashPath = @import("rate_limiter.zig").hashPath; +pub const getCurrentTimeSec = @import("rate_limiter.zig").getCurrentTimeSec; + +// ============================================================================= +// Re-export validator types from validator.zig +// ============================================================================= + +pub const RequestValidator = @import("validator.zig").RequestValidator; +pub const ValidatorConfig = @import("validator.zig").ValidatorConfig; +pub const ValidationResult = @import("validator.zig").ValidationResult; +pub const JsonState = @import("validator.zig").JsonState; + +// ============================================================================= +// Re-export events types from events.zig +// ============================================================================= + +pub const EventLogger = @import("events.zig").EventLogger; +pub const WafEvent = @import("events.zig").WafEvent; +pub const EventType = @import("events.zig").EventType; + +// Events helper functions +pub const formatIp = @import("events.zig").formatIp; +pub const getCurrentTimestamp = @import("events.zig").getCurrentTimestamp; + +// ============================================================================= +// Tests - ensure all imports are valid +// ============================================================================= + +test { + // Import all submodules to ensure they compile + _ = @import("state.zig"); + _ = @import("config.zig"); + _ = @import("engine.zig"); + _ = @import("rate_limiter.zig"); + _ = @import("validator.zig"); + _ = @import("events.zig"); +} + +test "mod: WafState and WafConfig integration" { + const std = @import("std"); + + // Test that the exported types work together + var waf_state = WafState.init(); + try std.testing.expect(waf_state.validate()); + + const waf_config = WafConfig{}; + try waf_config.validate(); + + var engine = WafEngine.init(&waf_state, &waf_config); + const request = Request.init(.GET, "/api/users", 0xC0A80101); + const result = engine.check(&request); + + try std.testing.expect(result.isAllowed()); +} + +test "mod: RateLimiter integration" { + var waf_state = WafState.init(); + var limiter = RateLimiter.init(&waf_state); + + const key = Key.fromOctets(192, 168, 1, 1, hashPath("/api/test")); + const rule = Rule.simple(10, 10); + + const decision = limiter.check(key, &rule); + const std = @import("std"); + try std.testing.expect(decision.isAllowed()); +} + +test "mod: RequestValidator integration" { + const std = @import("std"); + + const config = ValidatorConfig{}; + const validator = RequestValidator.init(&config); + + const result = validator.validateRequest("/api/users", null, null); + try std.testing.expect(result.isValid()); + + var json_state = JsonState{}; + const json_result = validator.validateJsonStream("{\"key\": \"value\"}", &json_state); + try std.testing.expect(json_result.isValid()); +} diff --git a/src/waf/rate_limiter.zig b/src/waf/rate_limiter.zig new file mode 100644 index 0000000..6d5ec74 --- /dev/null +++ b/src/waf/rate_limiter.zig @@ -0,0 +1,684 @@ +/// Lock-free Token Bucket Rate Limiter +/// +/// High-performance rate limiting using atomic CAS operations on shared memory. +/// Designed for multi-process environments with zero allocation on the hot path. +/// +/// Design Philosophy (TigerBeetle-inspired): +/// - Lock-free: Uses atomic CAS operations, no mutexes +/// - Fixed-size: All structures have bounded, compile-time known sizes +/// - Fail-open: Under extreme contention, allows requests rather than blocking +/// - Token precision: Scaled by 1000 for sub-token granularity +/// - Time-safe: Uses wrapping arithmetic for timestamp handling +/// +/// Token Bucket Algorithm: +/// - Tokens refill at a configurable rate per second +/// - Burst capacity limits maximum accumulated tokens +/// - Each request consumes tokens; blocked if insufficient +/// - Atomic CAS ensures correctness under concurrent access +const std = @import("std"); + +const state = @import("state.zig"); +pub const WafState = state.WafState; +pub const Bucket = state.Bucket; +pub const Decision = state.Decision; +pub const Reason = state.Reason; +pub const MAX_BUCKETS = state.MAX_BUCKETS; +pub const MAX_CAS_ATTEMPTS = state.MAX_CAS_ATTEMPTS; +pub const BUCKET_PROBE_LIMIT = state.BUCKET_PROBE_LIMIT; +pub const packState = state.packState; +pub const unpackTokens = state.unpackTokens; +pub const unpackTime = state.unpackTime; + +// ============================================================================= +// Key - What to Rate Limit By +// ============================================================================= + +/// Represents the identity for rate limiting +/// Combines IP address and path pattern hash for fine-grained control +pub const Key = struct { + /// IPv4 address as u32 (network byte order) + ip: u32, + /// Hash of the path pattern being rate limited + path_hash: u32, + + /// Compute a 64-bit hash combining IP and path for bucket lookup + /// Uses FNV-1a for speed and good distribution + pub fn hash(self: Key) u64 { + return computeKeyHash(self.ip, self.path_hash); + } + + /// Create a key from raw IPv4 bytes + pub fn fromIpBytes(ip_bytes: [4]u8, path_hash: u32) Key { + return .{ + .ip = std.mem.readInt(u32, &ip_bytes, .big), + .path_hash = path_hash, + }; + } + + /// Create a key from IPv4 octets + pub fn fromOctets(a: u8, b: u8, c: u8, d: u8, path_hash: u32) Key { + return .{ + .ip = (@as(u32, a) << 24) | (@as(u32, b) << 16) | (@as(u32, c) << 8) | @as(u32, d), + .path_hash = path_hash, + }; + } +}; + +// ============================================================================= +// Rule - Rate Limit Configuration +// ============================================================================= + +/// Rate limit rule configuration +/// Token values are scaled by 1000 for sub-token precision +pub const Rule = struct { + /// Tokens added per second (scaled by 1000) + /// Example: 1500 = 1.5 requests per second + tokens_per_sec: u32, + + /// Maximum tokens the bucket can hold (scaled by 1000) + /// This is the burst capacity - allows temporary spikes + burst_capacity: u32, + + /// Cost per request (scaled by 1000) + /// Default: 1000 = 1 token per request + cost_per_request: u32 = 1000, + + /// Create a simple rule: X requests per second with Y burst + pub fn simple(requests_per_sec: u32, burst: u32) Rule { + return .{ + .tokens_per_sec = requests_per_sec * 1000, + .burst_capacity = burst * 1000, + .cost_per_request = 1000, + }; + } + + /// Create a rule with fractional rates (milli-precision) + /// Example: milliRate(1500, 5000, 1000) = 1.5 req/sec, 5 burst, 1 cost + pub fn milliRate(tokens_per_sec: u32, burst_capacity: u32, cost: u32) Rule { + return .{ + .tokens_per_sec = tokens_per_sec, + .burst_capacity = burst_capacity, + .cost_per_request = cost, + }; + } + + comptime { + // Ensure rule fits in a cache line (important for hot path) + std.debug.assert(@sizeOf(Rule) <= 64); + } +}; + +// ============================================================================= +// DecisionResult - Detailed Rate Limit Response +// ============================================================================= + +/// Result of a rate limit check with detailed information +pub const DecisionResult = struct { + /// The WAF decision (allow/block) + action: Decision, + /// Reason for the decision + reason: Reason = .none, + /// Remaining tokens after this request (if allowed), scaled by 1000 + remaining_tokens: u32 = 0, + + /// Check if request should be blocked + pub inline fn isBlocked(self: DecisionResult) bool { + return self.action == .block; + } + + /// Check if request was allowed + pub inline fn isAllowed(self: DecisionResult) bool { + return self.action == .allow; + } +}; + +// ============================================================================= +// RateLimiter - Main Rate Limiting Engine +// ============================================================================= + +/// Lock-free token bucket rate limiter +/// Uses shared memory for multi-process visibility +pub const RateLimiter = struct { + /// Pointer to shared WAF state (in mmap'd region) + state: *WafState, + + /// Initialize a rate limiter with shared state + pub fn init(waf_state: *WafState) RateLimiter { + return .{ .state = waf_state }; + } + + /// Check if a request should be rate limited + /// This is the hot path - optimized for minimal latency + /// + /// Returns: DecisionResult with action, reason, and remaining tokens + /// + /// Behavior: + /// - Finds or creates bucket for the key + /// - Attempts atomic token consumption via CAS + /// - Fails open under extreme contention (CAS exhausted) + pub fn check(self: *RateLimiter, key: Key, rule: *const Rule) DecisionResult { + const key_hash = key.hash(); + const now_sec = getCurrentTimeSec(); + + // Find or create the bucket for this key + const bucket = self.state.findOrCreateBucket(key_hash, now_sec) orelse { + // Probe limit exceeded - table too full + // Fail open: allow request but log the condition + self.state.metrics.recordCasExhausted(); + return .{ + .action = .allow, + .reason = .none, + .remaining_tokens = 0, + }; + }; + + // Increment total requests counter (relaxed ordering - just metrics) + _ = bucket.getTotalRequestsPtr().fetchAdd(1, .monotonic); + + // Attempt to consume tokens using the bucket's atomic tryConsume + if (bucket.tryConsume(rule.cost_per_request, rule.tokens_per_sec, rule.burst_capacity, now_sec)) { + // Success - request allowed + const current_state = bucket.getPackedStatePtrConst().load(.acquire); + return .{ + .action = .allow, + .reason = .none, + .remaining_tokens = unpackTokens(current_state), + }; + } + + // Rate limited - increment blocked counter + _ = bucket.getTotalBlockedPtr().fetchAdd(1, .monotonic); + + // Get remaining tokens for the response + const current_state = bucket.getPackedStatePtrConst().load(.acquire); + + return .{ + .action = .block, + .reason = .rate_limit, + .remaining_tokens = unpackTokens(current_state), + }; + } + + /// Check rate limit with explicit CAS loop (alternative implementation) + /// Provides more control over the retry behavior + pub fn checkWithRetry(self: *RateLimiter, key: Key, rule: *const Rule) DecisionResult { + const key_hash = key.hash(); + const now_sec = getCurrentTimeSec(); + + const bucket = self.state.findOrCreateBucket(key_hash, now_sec) orelse { + self.state.metrics.recordCasExhausted(); + return .{ .action = .allow, .reason = .none }; + }; + + _ = bucket.getTotalRequestsPtr().fetchAdd(1, .monotonic); + + const state_ptr = bucket.getPackedStatePtr(); + var attempts: u32 = 0; + + while (attempts < MAX_CAS_ATTEMPTS) : (attempts += 1) { + const old = state_ptr.load(.acquire); + const old_tokens = unpackTokens(old); + const old_time = unpackTime(old); + + // Refill tokens based on elapsed time (wrap-safe) + const elapsed = now_sec -% old_time; + const refill = @min( + @as(u64, elapsed) * @as(u64, rule.tokens_per_sec), + @as(u64, rule.burst_capacity), + ); + const available: u32 = @intCast(@min( + @as(u64, old_tokens) + refill, + @as(u64, rule.burst_capacity), + )); + + // Check if we have enough tokens + if (available < rule.cost_per_request) { + _ = bucket.getTotalBlockedPtr().fetchAdd(1, .monotonic); + return .{ + .action = .block, + .reason = .rate_limit, + .remaining_tokens = available, + }; + } + + // Calculate new state + const new_tokens = available - rule.cost_per_request; + const new = packState(new_tokens, now_sec); + + // Attempt atomic update + if (state_ptr.cmpxchgWeak(old, new, .acq_rel, .acquire) == null) { + return .{ + .action = .allow, + .reason = .none, + .remaining_tokens = new_tokens, + }; + } + // CAS failed, retry with fresh state + } + + // CAS exhausted - fail open for availability + self.state.metrics.recordCasExhausted(); + return .{ + .action = .allow, + .reason = .none, + .remaining_tokens = 0, + }; + } + + /// Find the bucket index for a key using open addressing + /// Returns the index if found, or creates a new bucket + pub fn findBucket(self: *RateLimiter, key: Key) ?usize { + const key_hash = key.hash(); + const start_idx = @as(usize, @truncate(key_hash)) % MAX_BUCKETS; + var idx = start_idx; + var probe_count: u32 = 0; + + while (probe_count < BUCKET_PROBE_LIMIT) : (probe_count += 1) { + const bucket = &self.state.buckets[idx]; + + if (bucket.key_hash == key_hash) { + return idx; + } + + if (bucket.key_hash == 0) { + return null; // Not found, slot is empty + } + + // Linear probing + idx = (idx + 1) % MAX_BUCKETS; + } + + return null; // Probe limit exceeded + } + + /// Get remaining tokens for a key (for metrics/headers) + /// Returns null if the key doesn't have an active bucket + pub fn getRemainingTokens(self: *RateLimiter, key: Key) ?u32 { + const key_hash = key.hash(); + const bucket = self.state.findBucket(key_hash) orelse return null; + + const current_state = bucket.getPackedStatePtrConst().load(.acquire); + return unpackTokens(current_state); + } + + /// Get bucket statistics for a key + pub fn getBucketStats(self: *RateLimiter, key: Key) ?BucketStats { + const key_hash = key.hash(); + const bucket = self.state.findBucket(key_hash) orelse return null; + + const current_state = bucket.getPackedStatePtrConst().load(.acquire); + + // Read total_requests and total_blocked atomically + // Use pointer cast for const atomic access + const total_requests_ptr: *const std.atomic.Value(u64) = @ptrCast(&bucket.total_requests); + const total_blocked_ptr: *const std.atomic.Value(u64) = @ptrCast(&bucket.total_blocked); + + return .{ + .tokens = unpackTokens(current_state), + .last_update = unpackTime(current_state), + .total_requests = total_requests_ptr.load(.monotonic), + .total_blocked = total_blocked_ptr.load(.monotonic), + }; + } + + /// Reset a bucket to full tokens (useful for testing or manual intervention) + pub fn resetBucket(self: *RateLimiter, key: Key, max_tokens: u32) bool { + const key_hash = key.hash(); + const now_sec = getCurrentTimeSec(); + const bucket = self.state.findOrCreateBucket(key_hash, now_sec) orelse return false; + + const new_state = packState(max_tokens, now_sec); + bucket.getPackedStatePtr().store(new_state, .release); + return true; + } +}; + +/// Statistics for a rate limit bucket +pub const BucketStats = struct { + /// Current token count (scaled by 1000) + tokens: u32, + /// Last update timestamp (seconds since epoch) + last_update: u32, + /// Total requests to this bucket + total_requests: u64, + /// Total requests blocked + total_blocked: u64, + + /// Calculate block rate as percentage + pub fn blockRatePercent(self: BucketStats) u64 { + if (self.total_requests == 0) return 0; + return (self.total_blocked * 100) / self.total_requests; + } +}; + +// ============================================================================= +// Helper Functions +// ============================================================================= + +/// Compute a 64-bit hash from IP and path hash +/// Uses FNV-1a variant for good distribution +pub fn computeKeyHash(ip: u32, path_hash: u32) u64 { + var hash_val: u64 = 0xcbf29ce484222325; // FNV offset basis + + // Mix in IP bytes + hash_val ^= @as(u64, ip >> 24); + hash_val *%= 0x100000001b3; // FNV prime + hash_val ^= @as(u64, (ip >> 16) & 0xFF); + hash_val *%= 0x100000001b3; + hash_val ^= @as(u64, (ip >> 8) & 0xFF); + hash_val *%= 0x100000001b3; + hash_val ^= @as(u64, ip & 0xFF); + hash_val *%= 0x100000001b3; + + // Separator to avoid collisions + hash_val ^= 0xff; + hash_val *%= 0x100000001b3; + + // Mix in path hash bytes + hash_val ^= @as(u64, path_hash >> 24); + hash_val *%= 0x100000001b3; + hash_val ^= @as(u64, (path_hash >> 16) & 0xFF); + hash_val *%= 0x100000001b3; + hash_val ^= @as(u64, (path_hash >> 8) & 0xFF); + hash_val *%= 0x100000001b3; + hash_val ^= @as(u64, path_hash & 0xFF); + hash_val *%= 0x100000001b3; + + // Ensure non-zero (0 is reserved for empty slots) + return if (hash_val == 0) 1 else hash_val; +} + +/// Get current timestamp in seconds (for rate limiting) +/// Returns seconds since epoch, wrapped to u32 +pub inline fn getCurrentTimeSec() u32 { + const ts = std.posix.clock_gettime(.REALTIME) catch { + // Fallback: return 0 if clock is unavailable (shouldn't happen in practice) + return 0; + }; + // ts.sec is i64 (seconds since epoch), wrap to u32 + return @truncate(@as(u64, @intCast(ts.sec))); +} + +/// Hash a path string to u32 (for Key.path_hash) +pub fn hashPath(path: []const u8) u32 { + var hash_val: u32 = 0x811c9dc5; // FNV-1a 32-bit offset basis + + for (path) |b| { + hash_val ^= b; + hash_val *%= 0x01000193; // FNV-1a 32-bit prime + } + + return hash_val; +} + +// ============================================================================= +// Tests +// ============================================================================= + +test "Key: hash consistency" { + const key1 = Key{ .ip = 0xC0A80101, .path_hash = 0x12345678 }; + const key2 = Key{ .ip = 0xC0A80101, .path_hash = 0x12345678 }; + const key3 = Key{ .ip = 0xC0A80102, .path_hash = 0x12345678 }; + + // Same inputs produce same hash + try std.testing.expectEqual(key1.hash(), key2.hash()); + + // Different inputs produce different hash + try std.testing.expect(key1.hash() != key3.hash()); + + // Hash is never zero + try std.testing.expect(key1.hash() != 0); +} + +test "Key: fromOctets" { + const key = Key.fromOctets(192, 168, 1, 1, 0x12345678); + try std.testing.expectEqual(@as(u32, 0xC0A80101), key.ip); + try std.testing.expectEqual(@as(u32, 0x12345678), key.path_hash); +} + +test "Key: fromIpBytes" { + const bytes = [4]u8{ 192, 168, 1, 1 }; + const key = Key.fromIpBytes(bytes, 0xDEADBEEF); + try std.testing.expectEqual(@as(u32, 0xC0A80101), key.ip); + try std.testing.expectEqual(@as(u32, 0xDEADBEEF), key.path_hash); +} + +test "Rule: simple creation" { + const rule = Rule.simple(10, 20); + try std.testing.expectEqual(@as(u32, 10000), rule.tokens_per_sec); + try std.testing.expectEqual(@as(u32, 20000), rule.burst_capacity); + try std.testing.expectEqual(@as(u32, 1000), rule.cost_per_request); +} + +test "Rule: milliRate creation" { + const rule = Rule.milliRate(1500, 5000, 500); + try std.testing.expectEqual(@as(u32, 1500), rule.tokens_per_sec); + try std.testing.expectEqual(@as(u32, 5000), rule.burst_capacity); + try std.testing.expectEqual(@as(u32, 500), rule.cost_per_request); +} + +test "RateLimiter: init" { + var waf_state = WafState.init(); + const limiter = RateLimiter.init(&waf_state); + try std.testing.expect(limiter.state == &waf_state); +} + +test "RateLimiter: check allows within limit" { + var waf_state = WafState.init(); + var limiter = RateLimiter.init(&waf_state); + + const key = Key.fromOctets(192, 168, 1, 1, hashPath("/api/users")); + const rule = Rule.simple(10, 10); // 10 req/sec, 10 burst + + // First request should be allowed (bucket starts full) + const result = limiter.check(key, &rule); + try std.testing.expect(result.isAllowed()); + try std.testing.expectEqual(Decision.allow, result.action); + try std.testing.expectEqual(Reason.none, result.reason); +} + +test "RateLimiter: check blocks when exhausted" { + var waf_state = WafState.init(); + var limiter = RateLimiter.init(&waf_state); + + const key = Key.fromOctets(10, 0, 0, 1, hashPath("/api/heavy")); + const rule = Rule.simple(1, 2); // 1 req/sec, 2 burst + + // Exhaust the bucket (starts with burst_capacity tokens) + _ = limiter.check(key, &rule); // Uses 1 of 2 + _ = limiter.check(key, &rule); // Uses 1 of 1 + + // Third request should be blocked + const result = limiter.check(key, &rule); + try std.testing.expect(result.isBlocked()); + try std.testing.expectEqual(Decision.block, result.action); + try std.testing.expectEqual(Reason.rate_limit, result.reason); +} + +test "RateLimiter: different keys have different buckets" { + var waf_state = WafState.init(); + var limiter = RateLimiter.init(&waf_state); + + const key1 = Key.fromOctets(192, 168, 1, 1, hashPath("/api/a")); + const key2 = Key.fromOctets(192, 168, 1, 2, hashPath("/api/a")); + const rule = Rule.simple(1, 1); + + // Exhaust key1's bucket + _ = limiter.check(key1, &rule); + const result1 = limiter.check(key1, &rule); + try std.testing.expect(result1.isBlocked()); + + // Key2 should still be allowed (different bucket) + const result2 = limiter.check(key2, &rule); + try std.testing.expect(result2.isAllowed()); +} + +test "RateLimiter: getRemainingTokens" { + var waf_state = WafState.init(); + var limiter = RateLimiter.init(&waf_state); + + const key = Key.fromOctets(172, 16, 0, 1, hashPath("/health")); + const rule = Rule.simple(10, 5); // 5 burst = 5000 tokens + + // Non-existent key returns null + try std.testing.expect(limiter.getRemainingTokens(key) == null); + + // After first request, bucket exists + _ = limiter.check(key, &rule); + + // Should have tokens (5000 - 1000 = 4000) + const remaining = limiter.getRemainingTokens(key); + try std.testing.expect(remaining != null); + try std.testing.expectEqual(@as(u32, 4000), remaining.?); +} + +test "RateLimiter: getBucketStats" { + var waf_state = WafState.init(); + var limiter = RateLimiter.init(&waf_state); + + const key = Key.fromOctets(10, 10, 10, 10, hashPath("/stats")); + const rule = Rule.simple(1, 2); + + // Non-existent returns null + try std.testing.expect(limiter.getBucketStats(key) == null); + + // Make some requests + _ = limiter.check(key, &rule); // Allowed + _ = limiter.check(key, &rule); // Allowed + _ = limiter.check(key, &rule); // Blocked + + const stats = limiter.getBucketStats(key); + try std.testing.expect(stats != null); + try std.testing.expectEqual(@as(u64, 3), stats.?.total_requests); + try std.testing.expectEqual(@as(u64, 1), stats.?.total_blocked); +} + +test "RateLimiter: resetBucket" { + var waf_state = WafState.init(); + var limiter = RateLimiter.init(&waf_state); + + const key = Key.fromOctets(1, 2, 3, 4, hashPath("/reset")); + const rule = Rule.simple(1, 3); + + // Exhaust bucket + _ = limiter.check(key, &rule); + _ = limiter.check(key, &rule); + _ = limiter.check(key, &rule); + + // Should be blocked + const blocked_result = limiter.check(key, &rule); + try std.testing.expect(blocked_result.isBlocked()); + + // Reset to full + const reset_success = limiter.resetBucket(key, 3000); + try std.testing.expect(reset_success); + + // Should be allowed again + const allowed_result = limiter.check(key, &rule); + try std.testing.expect(allowed_result.isAllowed()); +} + +test "RateLimiter: findBucket returns index" { + var waf_state = WafState.init(); + var limiter = RateLimiter.init(&waf_state); + + const key = Key.fromOctets(8, 8, 8, 8, hashPath("/find")); + const rule = Rule.simple(10, 10); + + // Before any request, bucket doesn't exist + try std.testing.expect(limiter.findBucket(key) == null); + + // Create bucket via check + _ = limiter.check(key, &rule); + + // Now it should exist + const idx = limiter.findBucket(key); + try std.testing.expect(idx != null); + try std.testing.expect(idx.? < MAX_BUCKETS); +} + +test "computeKeyHash: distribution" { + // Test that different inputs produce different hashes + var hashes: [100]u64 = undefined; + for (0..100) |i| { + hashes[i] = computeKeyHash(@intCast(i), 0x12345678); + } + + // Check for uniqueness + for (0..100) |i| { + for (i + 1..100) |j| { + try std.testing.expect(hashes[i] != hashes[j]); + } + } +} + +test "computeKeyHash: non-zero guarantee" { + // Hash should never be zero + for (0..1000) |i| { + const hash_val = computeKeyHash(@intCast(i), @intCast(i)); + try std.testing.expect(hash_val != 0); + } +} + +test "hashPath: consistency" { + const hash1 = hashPath("/api/users"); + const hash2 = hashPath("/api/users"); + const hash3 = hashPath("/api/posts"); + + try std.testing.expectEqual(hash1, hash2); + try std.testing.expect(hash1 != hash3); +} + +test "DecisionResult: helper methods" { + const allowed = DecisionResult{ .action = .allow, .reason = .none }; + const blocked = DecisionResult{ .action = .block, .reason = .rate_limit }; + + try std.testing.expect(allowed.isAllowed()); + try std.testing.expect(!allowed.isBlocked()); + try std.testing.expect(blocked.isBlocked()); + try std.testing.expect(!blocked.isAllowed()); +} + +test "BucketStats: blockRatePercent" { + const stats_empty = BucketStats{ + .tokens = 0, + .last_update = 0, + .total_requests = 0, + .total_blocked = 0, + }; + try std.testing.expectEqual(@as(u64, 0), stats_empty.blockRatePercent()); + + const stats_half = BucketStats{ + .tokens = 0, + .last_update = 0, + .total_requests = 100, + .total_blocked = 50, + }; + try std.testing.expectEqual(@as(u64, 50), stats_half.blockRatePercent()); +} + +test "RateLimiter: checkWithRetry allows within limit" { + var waf_state = WafState.init(); + var limiter = RateLimiter.init(&waf_state); + + const key = Key.fromOctets(192, 168, 2, 1, hashPath("/retry")); + const rule = Rule.simple(10, 10); + + const result = limiter.checkWithRetry(key, &rule); + try std.testing.expect(result.isAllowed()); +} + +test "RateLimiter: checkWithRetry blocks when exhausted" { + var waf_state = WafState.init(); + var limiter = RateLimiter.init(&waf_state); + + const key = Key.fromOctets(10, 0, 0, 2, hashPath("/retry-heavy")); + const rule = Rule.simple(1, 2); + + _ = limiter.checkWithRetry(key, &rule); + _ = limiter.checkWithRetry(key, &rule); + + const result = limiter.checkWithRetry(key, &rule); + try std.testing.expect(result.isBlocked()); + try std.testing.expectEqual(Reason.rate_limit, result.reason); +} diff --git a/src/waf/state.zig b/src/waf/state.zig new file mode 100644 index 0000000..b80a64e --- /dev/null +++ b/src/waf/state.zig @@ -0,0 +1,940 @@ +/// WAF Shared Memory State +/// +/// Provides cache-line aligned, lock-free data structures for the Web Application +/// Firewall. Designed for multi-process shared memory with atomic operations only. +/// +/// Design Philosophy (TigerBeetle-inspired): +/// - Fixed-size structures with explicit bounds +/// - Cache-line alignment to prevent false sharing +/// - Packed fields for atomic CAS operations +/// - Comptime assertions for size/alignment guarantees +/// - Zero allocation on hot path +/// +/// Memory Layout: +/// - WafState: Main container (~4MB total) +/// - Token bucket table: 64K entries for rate limiting +/// - Connection tracker: 16K entries for slowloris detection +/// - Metrics: Atomic counters for observability +/// - Config epoch: Hot-reload detection +const std = @import("std"); + +// ============================================================================= +// Constants (Single Source of Truth) +// ============================================================================= + +/// Maximum buckets in token bucket table (64K entries = ~4MB state) +pub const MAX_BUCKETS: usize = 65536; + +/// Maximum tokens in a bucket (scaled by 1000 for sub-token precision) +pub const MAX_TOKENS: u32 = 10000; + +/// Open addressing probe limit before giving up +pub const BUCKET_PROBE_LIMIT: u32 = 16; + +/// Maximum CAS retry attempts before declaring exhaustion +pub const MAX_CAS_ATTEMPTS: u32 = 8; + +/// Maximum tracked IPs for connection counting (slowloris prevention) +pub const MAX_TRACKED_IPS: usize = 16384; + +/// Magic number for corruption detection (ASCII: "WAFSTV1\0" + version nibble) +pub const WAF_STATE_MAGIC: u64 = 0x5741465354563130; // "WAFSTV10" + +/// Cache line size for alignment +const CACHE_LINE: usize = 64; + +// ============================================================================= +// Decision and Reason Enums +// ============================================================================= + +/// WAF decision for a request +pub const Decision = enum(u8) { + /// Allow the request to proceed + allow = 0, + /// Block the request (return error response) + block = 1, + /// Log but allow (shadow mode / detection only) + log_only = 2, + + /// Check if request should be blocked + pub inline fn isBlocked(self: Decision) bool { + return self == .block; + } + + /// Check if request should be logged + pub inline fn shouldLog(self: Decision) bool { + return self != .allow; + } +}; + +/// Reason for WAF decision +pub const Reason = enum(u8) { + /// No violation detected + none = 0, + /// Rate limit exceeded + rate_limit = 1, + /// Slowloris attack detected (too many connections) + slowloris = 2, + /// Request body too large + body_too_large = 3, + /// JSON nesting depth exceeded + json_depth = 4, + /// SQL injection pattern detected + sql_injection = 5, + /// XSS pattern detected + xss = 6, + /// Path traversal attempt + path_traversal = 7, + /// Invalid request format + invalid_request = 8, + + /// Get human-readable description + pub fn description(self: Reason) []const u8 { + return switch (self) { + .none => "no violation", + .rate_limit => "rate limit exceeded", + .slowloris => "too many connections from IP", + .body_too_large => "request body too large", + .json_depth => "JSON nesting depth exceeded", + .sql_injection => "SQL injection pattern detected", + .xss => "XSS pattern detected", + .path_traversal => "path traversal attempt", + .invalid_request => "invalid request format", + }; + } +}; + +// ============================================================================= +// Token Bucket (Rate Limiting) +// ============================================================================= + +/// Token bucket entry for rate limiting +/// Exactly one cache line (64 bytes) for optimal memory access patterns. +/// +/// The `packed_state` field combines tokens and timestamp for atomic CAS: +/// - High 32 bits: last_update (seconds since epoch, wraps every ~136 years) +/// - Low 32 bits: tokens (scaled by 1000 for precision) +pub const Bucket = extern struct { + /// Hash of (IP, path_pattern) - 0 means empty slot + key_hash: u64 = 0, + + /// Packed token bucket state for atomic CAS operations + /// High 32 bits: last_update timestamp, Low 32 bits: tokens + /// Use getPackedState/setPackedState for atomic access + packed_state: u64 = 0, + + /// Total requests seen for this bucket + total_requests: u64 = 0, + + /// Total requests blocked for this bucket + total_blocked: u64 = 0, + + /// Reserved for future use (alignment padding) + _reserved: [32]u8 = undefined, + + /// Get pointer to packed_state for atomic operations + pub inline fn getPackedStatePtr(self: *Bucket) *std.atomic.Value(u64) { + return @ptrCast(&self.packed_state); + } + + /// Get pointer to packed_state for atomic operations (const version) + pub inline fn getPackedStatePtrConst(self: *const Bucket) *const std.atomic.Value(u64) { + return @ptrCast(&self.packed_state); + } + + /// Get pointer to total_requests for atomic operations + pub inline fn getTotalRequestsPtr(self: *Bucket) *std.atomic.Value(u64) { + return @ptrCast(&self.total_requests); + } + + /// Get pointer to total_blocked for atomic operations + pub inline fn getTotalBlockedPtr(self: *Bucket) *std.atomic.Value(u64) { + return @ptrCast(&self.total_blocked); + } + + /// Pack tokens and timestamp into a single u64 for atomic CAS + pub inline fn packState(tokens: u32, timestamp: u32) u64 { + return (@as(u64, timestamp) << 32) | @as(u64, tokens); + } + + /// Extract tokens from packed state + pub inline fn unpackTokens(state: u64) u32 { + return @truncate(state); + } + + /// Extract timestamp from packed state + pub inline fn unpackTime(state: u64) u32 { + return @truncate(state >> 32); + } + + /// Check if this bucket slot is empty + pub inline fn isEmpty(self: *const Bucket) bool { + return self.key_hash == 0; + } + + /// Atomically try to consume tokens using CAS + /// Returns true if tokens were consumed, false if rate limited + pub fn tryConsume( + self: *Bucket, + tokens_to_consume: u32, + refill_rate: u32, + max_tokens: u32, + current_time: u32, + ) bool { + const state_ptr = self.getPackedStatePtr(); + var attempts: u32 = 0; + while (attempts < MAX_CAS_ATTEMPTS) : (attempts += 1) { + const old_state = state_ptr.load(.acquire); + const old_tokens = Bucket.unpackTokens(old_state); + const old_time = Bucket.unpackTime(old_state); + + // Calculate token refill based on elapsed time (wrap-safe) + const elapsed = current_time -% old_time; + + const refilled = @min( + @as(u64, old_tokens) + @as(u64, elapsed) * @as(u64, refill_rate), + @as(u64, max_tokens), + ); + + // Check if we have enough tokens + if (refilled < tokens_to_consume) { + return false; // Rate limited + } + + // Calculate new state + const new_tokens: u32 = @intCast(refilled - tokens_to_consume); + const new_state = Bucket.packState(new_tokens, current_time); + + // Attempt atomic update + if (state_ptr.cmpxchgWeak( + old_state, + new_state, + .acq_rel, + .acquire, + ) == null) { + // Success + return true; + } + // CAS failed, retry with new state + } + + // CAS exhausted - treat as rate limited for safety + return false; + } + + /// Get pointer to key_hash for atomic operations + pub inline fn getKeyHashPtr(self: *Bucket) *std.atomic.Value(u64) { + return @ptrCast(&self.key_hash); + } + + /// Initialize bucket with a key and full tokens + pub fn init(self: *Bucket, key: u64, max_tokens: u32, current_time: u32) void { + self.getKeyHashPtr().store(key, .release); + self.getPackedStatePtr().store(Bucket.packState(max_tokens, current_time), .release); + self.getTotalRequestsPtr().store(0, .release); + self.getTotalBlockedPtr().store(0, .release); + } + + comptime { + // Ensure bucket is exactly one cache line + std.debug.assert(@sizeOf(Bucket) == CACHE_LINE); + // Ensure proper alignment for atomics + std.debug.assert(@alignOf(Bucket) >= @alignOf(u64)); + } +}; + +// ============================================================================= +// Connection Tracker (Slowloris Prevention) +// ============================================================================= + +/// Connection entry for tracking per-IP connection counts +pub const ConnEntry = extern struct { + /// Hash of IP address - 0 means empty slot + ip_hash: u32 = 0, + + /// Current connection count (use getConnCountPtr for atomic access) + conn_count: u16 = 0, + + /// Padding for alignment + _padding: u16 = 0, + + /// Get pointer to conn_count for atomic operations + pub inline fn getConnCountPtr(self: *ConnEntry) *std.atomic.Value(u16) { + return @ptrCast(&self.conn_count); + } + + /// Get pointer to conn_count for atomic operations (const version) + pub inline fn getConnCountPtrConst(self: *const ConnEntry) *const std.atomic.Value(u16) { + return @ptrCast(&self.conn_count); + } + + /// Check if entry is empty + pub inline fn isEmpty(self: *const ConnEntry) bool { + return self.ip_hash == 0; + } + + /// Atomically increment connection count + /// Returns the new count + pub inline fn incrementConn(self: *ConnEntry) u16 { + return self.getConnCountPtr().fetchAdd(1, .acq_rel) + 1; + } + + /// Atomically decrement connection count using CAS loop + /// Returns the new count, saturates at 0 + pub inline fn decrementConn(self: *ConnEntry) u16 { + const ptr = self.getConnCountPtr(); + while (true) { + const old = ptr.load(.acquire); + if (old == 0) return 0; + if (ptr.cmpxchgWeak(old, old - 1, .acq_rel, .acquire) == null) { + return old - 1; + } + } + } + + /// Get current connection count + pub inline fn getConnCount(self: *const ConnEntry) u16 { + return self.getConnCountPtrConst().load(.acquire); + } + + comptime { + // Ensure entry is 8 bytes (fits nicely in cache) + std.debug.assert(@sizeOf(ConnEntry) == 8); + } +}; + +/// Connection tracker for slowloris prevention +/// Fixed-size hash table with open addressing +pub const ConnTracker = extern struct { + entries: [MAX_TRACKED_IPS]ConnEntry align(CACHE_LINE) = [_]ConnEntry{.{}} ** MAX_TRACKED_IPS, + + /// Find or create entry for an IP hash + /// Returns null if table is full (probe limit exceeded) + pub fn findOrCreate(self: *ConnTracker, ip_hash: u32) ?*ConnEntry { + if (ip_hash == 0) return null; // 0 is reserved for empty + + const start_idx = @as(usize, ip_hash) % MAX_TRACKED_IPS; + var idx = start_idx; + var probe_count: u32 = 0; + + while (probe_count < BUCKET_PROBE_LIMIT) : (probe_count += 1) { + const entry = &self.entries[idx]; + + // Found existing entry + if (entry.ip_hash == ip_hash) { + return entry; + } + + // Found empty slot - try to claim it atomically + if (entry.ip_hash == 0) { + // Use atomic store with release ordering to ensure visibility + const ip_hash_ptr: *std.atomic.Value(u32) = @ptrCast(&entry.ip_hash); + ip_hash_ptr.store(ip_hash, .release); + return entry; + } + + // Linear probing + idx = (idx + 1) % MAX_TRACKED_IPS; + } + + return null; // Table full or probe limit reached + } + + /// Find existing entry for an IP hash + /// Returns null if not found + pub fn find(self: *const ConnTracker, ip_hash: u32) ?*const ConnEntry { + if (ip_hash == 0) return null; + + const start_idx = @as(usize, ip_hash) % MAX_TRACKED_IPS; + var idx = start_idx; + var probe_count: u32 = 0; + + while (probe_count < BUCKET_PROBE_LIMIT) : (probe_count += 1) { + const entry = &self.entries[idx]; + + if (entry.ip_hash == ip_hash) { + return entry; + } + + if (entry.ip_hash == 0) { + return null; // Empty slot means not found + } + + idx = (idx + 1) % MAX_TRACKED_IPS; + } + + return null; + } + + comptime { + // Verify size is what we expect + std.debug.assert(@sizeOf(ConnTracker) == MAX_TRACKED_IPS * @sizeOf(ConnEntry)); + } +}; + +// ============================================================================= +// WAF Metrics +// ============================================================================= + +/// Single cache line of metrics (64 bytes = 8 x u64) +const MetricsCacheLine = extern struct { + values: [8]u64 = [_]u64{0} ** 8, +}; + +/// WAF metrics with cache-line aligned atomic counters +/// Uses cache-line sized blocks to prevent false sharing +pub const WafMetrics = extern struct { + // Primary counters (hot path) - each in its own cache line block + // Line 0: requests_allowed (index 0) + line0: MetricsCacheLine align(CACHE_LINE) = .{}, + // Line 1: requests_blocked (index 0) + line1: MetricsCacheLine = .{}, + // Line 2: requests_logged (index 0) + line2: MetricsCacheLine = .{}, + + // Block reason breakdown - grouped in one cache line + // blocked_rate_limit (0), blocked_slowloris (1), blocked_body_too_large (2), blocked_json_depth (3) + line3: MetricsCacheLine = .{}, + + // Operational metrics - grouped in one cache line + // bucket_table_usage (0), cas_exhausted (1), config_reloads (2) + line4: MetricsCacheLine = .{}, + + // Helper to get atomic pointer + inline fn atomicPtr(ptr: *u64) *std.atomic.Value(u64) { + return @ptrCast(ptr); + } + + inline fn atomicPtrConst(ptr: *const u64) *const std.atomic.Value(u64) { + return @ptrCast(ptr); + } + + /// Increment allowed counter + pub inline fn recordAllowed(self: *WafMetrics) void { + _ = atomicPtr(&self.line0.values[0]).fetchAdd(1, .monotonic); + } + + /// Increment blocked counter with reason breakdown + pub inline fn recordBlocked(self: *WafMetrics, reason: Reason) void { + _ = atomicPtr(&self.line1.values[0]).fetchAdd(1, .monotonic); + switch (reason) { + .rate_limit => _ = atomicPtr(&self.line3.values[0]).fetchAdd(1, .monotonic), + .slowloris => _ = atomicPtr(&self.line3.values[1]).fetchAdd(1, .monotonic), + .body_too_large => _ = atomicPtr(&self.line3.values[2]).fetchAdd(1, .monotonic), + .json_depth => _ = atomicPtr(&self.line3.values[3]).fetchAdd(1, .monotonic), + else => {}, + } + } + + /// Increment logged counter + pub inline fn recordLogged(self: *WafMetrics) void { + _ = atomicPtr(&self.line2.values[0]).fetchAdd(1, .monotonic); + } + + /// Record a CAS exhaustion event + pub inline fn recordCasExhausted(self: *WafMetrics) void { + _ = atomicPtr(&self.line4.values[1]).fetchAdd(1, .monotonic); + } + + /// Record a config reload + pub inline fn recordConfigReload(self: *WafMetrics) void { + _ = atomicPtr(&self.line4.values[2]).fetchAdd(1, .monotonic); + } + + /// Update bucket table usage count + pub inline fn updateBucketUsage(self: *WafMetrics, count: u64) void { + atomicPtr(&self.line4.values[0]).store(count, .monotonic); + } + + /// Get snapshot of all metrics (for reporting) + pub fn snapshot(self: *const WafMetrics) MetricsSnapshot { + return .{ + .requests_allowed = atomicPtrConst(&self.line0.values[0]).load(.monotonic), + .requests_blocked = atomicPtrConst(&self.line1.values[0]).load(.monotonic), + .requests_logged = atomicPtrConst(&self.line2.values[0]).load(.monotonic), + .blocked_rate_limit = atomicPtrConst(&self.line3.values[0]).load(.monotonic), + .blocked_slowloris = atomicPtrConst(&self.line3.values[1]).load(.monotonic), + .blocked_body_too_large = atomicPtrConst(&self.line3.values[2]).load(.monotonic), + .blocked_json_depth = atomicPtrConst(&self.line3.values[3]).load(.monotonic), + .bucket_table_usage = atomicPtrConst(&self.line4.values[0]).load(.monotonic), + .cas_exhausted = atomicPtrConst(&self.line4.values[1]).load(.monotonic), + .config_reloads = atomicPtrConst(&self.line4.values[2]).load(.monotonic), + }; + } + + comptime { + // Verify each line is cache-line sized + std.debug.assert(@sizeOf(MetricsCacheLine) == CACHE_LINE); + // Verify total size + std.debug.assert(@sizeOf(WafMetrics) == 5 * CACHE_LINE); + } +}; + +/// Non-atomic snapshot of metrics for reporting +pub const MetricsSnapshot = struct { + requests_allowed: u64, + requests_blocked: u64, + requests_logged: u64, + blocked_rate_limit: u64, + blocked_slowloris: u64, + blocked_body_too_large: u64, + blocked_json_depth: u64, + bucket_table_usage: u64, + cas_exhausted: u64, + config_reloads: u64, + + /// Calculate total requests processed + pub fn totalRequests(self: MetricsSnapshot) u64 { + return self.requests_allowed + self.requests_blocked + self.requests_logged; + } + + /// Calculate block rate as percentage (scaled by 100) + pub fn blockRatePercent(self: MetricsSnapshot) u64 { + const total = self.totalRequests(); + if (total == 0) return 0; + return (self.requests_blocked * 100) / total; + } +}; + +// ============================================================================= +// Main WAF State Structure +// ============================================================================= + +/// Calculate sizes for comptime assertions +const BUCKET_TABLE_SIZE: usize = MAX_BUCKETS * @sizeOf(Bucket); +const CONN_TRACKER_SIZE: usize = @sizeOf(ConnTracker); +const METRICS_SIZE: usize = @sizeOf(WafMetrics); +const HEADER_SIZE: usize = CACHE_LINE; // magic + config_epoch + +/// Total WAF state size (for shared memory allocation) +pub const WAF_STATE_SIZE: usize = blk: { + // Calculate with proper alignment padding + var size: usize = 0; + + // Header (magic + padding to cache line) + size += CACHE_LINE; + + // Bucket table (already cache-line aligned entries) + size += BUCKET_TABLE_SIZE; + + // ConnTracker (cache-line aligned) + size = std.mem.alignForward(usize, size, CACHE_LINE); + size += CONN_TRACKER_SIZE; + + // Metrics (cache-line aligned) + size = std.mem.alignForward(usize, size, CACHE_LINE); + size += METRICS_SIZE; + + // Config epoch (cache-line aligned) + size = std.mem.alignForward(usize, size, CACHE_LINE); + size += CACHE_LINE; + + break :blk size; +}; + +/// Main WAF shared state structure +/// All fields are cache-line aligned to prevent false sharing across CPU cores. +pub const WafState = extern struct { + /// Magic number for corruption detection + magic: u64 align(CACHE_LINE) = WAF_STATE_MAGIC, + + /// Version number for compatibility + version: u32 = 1, + + /// Reserved padding to fill first cache line + _header_padding: [52]u8 = undefined, + + /// Token bucket table for rate limiting (fixed-size, open addressing) + buckets: [MAX_BUCKETS]Bucket align(CACHE_LINE) = [_]Bucket{.{}} ** MAX_BUCKETS, + + /// Connection tracker for slowloris detection + conn_tracker: ConnTracker align(CACHE_LINE) = .{}, + + /// Global metrics with atomic counters + metrics: WafMetrics align(CACHE_LINE) = .{}, + + /// Configuration epoch for hot-reload detection + /// Increment this when WAF config changes; workers can detect stale config + config_epoch: u64 align(CACHE_LINE) = 0, + + /// Padding to ensure config_epoch has its own cache line + _epoch_padding: [56]u8 = undefined, + + // ========================================================================= + // Initialization and Validation + // ========================================================================= + + /// Get atomic pointer to config_epoch + inline fn getConfigEpochPtr(self: *WafState) *std.atomic.Value(u64) { + return @ptrCast(&self.config_epoch); + } + + /// Get atomic pointer to config_epoch (const version) + inline fn getConfigEpochPtrConst(self: *const WafState) *const std.atomic.Value(u64) { + return @ptrCast(&self.config_epoch); + } + + /// Initialize WAF state with magic number and zeroed fields + pub fn init() WafState { + return .{}; + } + + /// Validate the WAF state structure (check magic for corruption) + pub fn validate(self: *const WafState) bool { + return self.magic == WAF_STATE_MAGIC and self.version == 1; + } + + /// Get current config epoch + pub inline fn getConfigEpoch(self: *const WafState) u64 { + return self.getConfigEpochPtrConst().load(.acquire); + } + + /// Increment config epoch (call after hot-reloading config) + pub inline fn incrementConfigEpoch(self: *WafState) u64 { + const new_epoch = self.getConfigEpochPtr().fetchAdd(1, .acq_rel) + 1; + self.metrics.recordConfigReload(); + return new_epoch; + } + + // ========================================================================= + // Bucket Table Operations + // ========================================================================= + + /// Find or create a bucket for the given key hash + /// Uses open addressing with linear probing + /// Returns null if probe limit exceeded (table too full) + pub fn findOrCreateBucket(self: *WafState, key_hash: u64, current_time: u32) ?*Bucket { + if (key_hash == 0) return null; // 0 is reserved + + const start_idx = @as(usize, @truncate(key_hash)) % MAX_BUCKETS; + var idx = start_idx; + var probe_count: u32 = 0; + + while (probe_count < BUCKET_PROBE_LIMIT) : (probe_count += 1) { + const bucket = &self.buckets[idx]; + + // Found existing bucket + if (bucket.key_hash == key_hash) { + return bucket; + } + + // Found empty slot + if (bucket.key_hash == 0) { + // Initialize with full tokens + bucket.init(key_hash, MAX_TOKENS, current_time); + return bucket; + } + + // Linear probing + idx = (idx + 1) % MAX_BUCKETS; + } + + return null; // Probe limit exceeded + } + + /// Find an existing bucket (does not create) + pub fn findBucket(self: *const WafState, key_hash: u64) ?*const Bucket { + if (key_hash == 0) return null; + + const start_idx = @as(usize, @truncate(key_hash)) % MAX_BUCKETS; + var idx = start_idx; + var probe_count: u32 = 0; + + while (probe_count < BUCKET_PROBE_LIMIT) : (probe_count += 1) { + const bucket = &self.buckets[idx]; + + if (bucket.key_hash == key_hash) { + return bucket; + } + + if (bucket.key_hash == 0) { + return null; + } + + idx = (idx + 1) % MAX_BUCKETS; + } + + return null; + } + + /// Count non-empty buckets (for metrics) + pub fn countBuckets(self: *const WafState) u64 { + var count: u64 = 0; + for (&self.buckets) |*bucket| { + if (!bucket.isEmpty()) count += 1; + } + return count; + } + + // ========================================================================= + // Comptime Assertions + // ========================================================================= + + comptime { + // Verify magic is at offset 0 and cache-line aligned + std.debug.assert(@offsetOf(WafState, "magic") == 0); + + // Verify all major sections are cache-line aligned + std.debug.assert(@offsetOf(WafState, "buckets") % CACHE_LINE == 0); + std.debug.assert(@offsetOf(WafState, "conn_tracker") % CACHE_LINE == 0); + std.debug.assert(@offsetOf(WafState, "metrics") % CACHE_LINE == 0); + std.debug.assert(@offsetOf(WafState, "config_epoch") % CACHE_LINE == 0); + + // Verify struct alignment + std.debug.assert(@alignOf(WafState) >= CACHE_LINE); + } +}; + +// ============================================================================= +// Helper Functions +// ============================================================================= + +/// Pack tokens and timestamp into a single u64 for atomic CAS +/// Exported for use by external code +pub inline fn packState(tokens: u32, timestamp: u32) u64 { + return Bucket.packState(tokens, timestamp); +} + +/// Extract tokens from packed state +pub inline fn unpackTokens(state: u64) u32 { + return Bucket.unpackTokens(state); +} + +/// Extract timestamp from packed state +pub inline fn unpackTime(state: u64) u32 { + return Bucket.unpackTime(state); +} + +/// Compute hash for rate limiting key (IP + path pattern) +/// Uses FNV-1a for speed and good distribution +pub fn computeKeyHash(ip_bytes: []const u8, path: []const u8) u64 { + var hash: u64 = 0xcbf29ce484222325; // FNV offset basis + + for (ip_bytes) |b| { + hash ^= b; + hash *%= 0x100000001b3; // FNV prime + } + + // Separator to avoid collisions between IP and path + hash ^= 0xff; + hash *%= 0x100000001b3; + + for (path) |b| { + hash ^= b; + hash *%= 0x100000001b3; + } + + // Ensure non-zero (0 is reserved for empty slots) + return if (hash == 0) 1 else hash; +} + +/// Compute hash for IP address (connection tracking) +pub fn computeIpHash(ip_bytes: []const u8) u32 { + var hash: u32 = 0x811c9dc5; // FNV-1a 32-bit offset basis + + for (ip_bytes) |b| { + hash ^= b; + hash *%= 0x01000193; // FNV-1a 32-bit prime + } + + // Ensure non-zero + return if (hash == 0) 1 else hash; +} + +// ============================================================================= +// Tests +// ============================================================================= + +test "Bucket: size and alignment" { + try std.testing.expectEqual(@as(usize, 64), @sizeOf(Bucket)); + try std.testing.expect(@alignOf(Bucket) >= 8); +} + +test "Bucket: pack/unpack state" { + const tokens: u32 = 5000; + const timestamp: u32 = 1703548800; // 2023-12-26 00:00:00 UTC + + const pack_val = packState(tokens, timestamp); + try std.testing.expectEqual(tokens, unpackTokens(pack_val)); + try std.testing.expectEqual(timestamp, unpackTime(pack_val)); +} + +test "Bucket: tryConsume" { + var bucket = Bucket{}; + bucket.init(0x12345678, MAX_TOKENS, 1000); + + // Should succeed - we have full tokens + try std.testing.expect(bucket.tryConsume(1000, 100, MAX_TOKENS, 1000)); + + // Check remaining tokens + const bucket_state = bucket.getPackedStatePtrConst().load(.acquire); + try std.testing.expectEqual(@as(u32, 9000), unpackTokens(bucket_state)); + + // Consume more + try std.testing.expect(bucket.tryConsume(9000, 100, MAX_TOKENS, 1000)); + + // Should fail - no tokens left + try std.testing.expect(!bucket.tryConsume(1000, 100, MAX_TOKENS, 1000)); + + // Wait for refill (time advances by 10 seconds, refill rate = 100/sec) + try std.testing.expect(bucket.tryConsume(500, 100, MAX_TOKENS, 1010)); +} + +test "ConnEntry: increment/decrement" { + var entry = ConnEntry{}; + entry.ip_hash = 0x12345678; + + try std.testing.expectEqual(@as(u16, 0), entry.getConnCount()); + + // Increment + try std.testing.expectEqual(@as(u16, 1), entry.incrementConn()); + try std.testing.expectEqual(@as(u16, 2), entry.incrementConn()); + try std.testing.expectEqual(@as(u16, 2), entry.getConnCount()); + + // Decrement + try std.testing.expectEqual(@as(u16, 1), entry.decrementConn()); + try std.testing.expectEqual(@as(u16, 0), entry.decrementConn()); + + // Underflow protection + try std.testing.expectEqual(@as(u16, 0), entry.decrementConn()); +} + +test "ConnTracker: find and create" { + var tracker = ConnTracker{}; + + // Find non-existent + try std.testing.expect(tracker.find(0x12345678) == null); + + // Create + const entry = tracker.findOrCreate(0x12345678); + try std.testing.expect(entry != null); + try std.testing.expectEqual(@as(u32, 0x12345678), entry.?.ip_hash); + + // Find existing + const found = tracker.find(0x12345678); + try std.testing.expect(found != null); + try std.testing.expectEqual(@as(u32, 0x12345678), found.?.ip_hash); + + // Find same entry again + const entry2 = tracker.findOrCreate(0x12345678); + try std.testing.expect(entry2 != null); + try std.testing.expectEqual(entry.?, entry2.?); +} + +test "WafMetrics: record and snapshot" { + var metrics = WafMetrics{}; + + metrics.recordAllowed(); + metrics.recordAllowed(); + metrics.recordBlocked(.rate_limit); + metrics.recordLogged(); + + const snap = metrics.snapshot(); + try std.testing.expectEqual(@as(u64, 2), snap.requests_allowed); + try std.testing.expectEqual(@as(u64, 1), snap.requests_blocked); + try std.testing.expectEqual(@as(u64, 1), snap.requests_logged); + try std.testing.expectEqual(@as(u64, 1), snap.blocked_rate_limit); + try std.testing.expectEqual(@as(u64, 4), snap.totalRequests()); + try std.testing.expectEqual(@as(u64, 25), snap.blockRatePercent()); +} + +test "WafState: init and validate" { + const state = WafState.init(); + try std.testing.expect(state.validate()); + try std.testing.expectEqual(WAF_STATE_MAGIC, state.magic); + try std.testing.expectEqual(@as(u32, 1), state.version); +} + +test "WafState: config epoch" { + var state = WafState.init(); + + try std.testing.expectEqual(@as(u64, 0), state.getConfigEpoch()); + + const epoch1 = state.incrementConfigEpoch(); + try std.testing.expectEqual(@as(u64, 1), epoch1); + try std.testing.expectEqual(@as(u64, 1), state.getConfigEpoch()); + + const epoch2 = state.incrementConfigEpoch(); + try std.testing.expectEqual(@as(u64, 2), epoch2); +} + +test "WafState: bucket operations" { + var state = WafState.init(); + const current_time: u32 = 1000; + + // Find or create bucket + const bucket = state.findOrCreateBucket(0xDEADBEEF, current_time); + try std.testing.expect(bucket != null); + try std.testing.expectEqual(@as(u64, 0xDEADBEEF), bucket.?.key_hash); + + // Find existing bucket + const found = state.findBucket(0xDEADBEEF); + try std.testing.expect(found != null); + try std.testing.expectEqual(@as(u64, 0xDEADBEEF), found.?.key_hash); + + // Find non-existent + try std.testing.expect(state.findBucket(0xCAFEBABE) == null); +} + +test "Decision: enum operations" { + const allow = Decision.allow; + const block = Decision.block; + const log_only = Decision.log_only; + + try std.testing.expect(!allow.isBlocked()); + try std.testing.expect(block.isBlocked()); + try std.testing.expect(!log_only.isBlocked()); + + try std.testing.expect(!allow.shouldLog()); + try std.testing.expect(block.shouldLog()); + try std.testing.expect(log_only.shouldLog()); +} + +test "Reason: descriptions" { + try std.testing.expectEqualStrings("rate limit exceeded", Reason.rate_limit.description()); + try std.testing.expectEqualStrings("too many connections from IP", Reason.slowloris.description()); +} + +test "computeKeyHash: basic" { + const ip = [_]u8{ 192, 168, 1, 1 }; + const path = "/api/users"; + + const hash1 = computeKeyHash(&ip, path); + const hash2 = computeKeyHash(&ip, path); + + // Same input should produce same hash + try std.testing.expectEqual(hash1, hash2); + + // Different path should produce different hash + const hash3 = computeKeyHash(&ip, "/api/posts"); + try std.testing.expect(hash1 != hash3); + + // Hash should never be 0 + try std.testing.expect(hash1 != 0); +} + +test "computeIpHash: basic" { + const ip1 = [_]u8{ 192, 168, 1, 1 }; + const ip2 = [_]u8{ 192, 168, 1, 2 }; + + const hash1 = computeIpHash(&ip1); + const hash2 = computeIpHash(&ip2); + + try std.testing.expect(hash1 != hash2); + try std.testing.expect(hash1 != 0); + try std.testing.expect(hash2 != 0); +} + +test "alignment: all structures properly aligned" { + // Bucket must be cache-line sized + try std.testing.expectEqual(@as(usize, CACHE_LINE), @sizeOf(Bucket)); + + // ConnEntry should be 8 bytes + try std.testing.expectEqual(@as(usize, 8), @sizeOf(ConnEntry)); + + // WafState sections must be cache-line aligned + try std.testing.expect(@offsetOf(WafState, "buckets") % CACHE_LINE == 0); + try std.testing.expect(@offsetOf(WafState, "conn_tracker") % CACHE_LINE == 0); + try std.testing.expect(@offsetOf(WafState, "metrics") % CACHE_LINE == 0); + try std.testing.expect(@offsetOf(WafState, "config_epoch") % CACHE_LINE == 0); +} diff --git a/src/waf/validator.zig b/src/waf/validator.zig new file mode 100644 index 0000000..98e614e --- /dev/null +++ b/src/waf/validator.zig @@ -0,0 +1,572 @@ +/// Request Validation - Size and Structure Limits +/// +/// High-performance request validation for the Web Application Firewall. +/// Validates URI length, body size, cookie size, and JSON structure. +/// +/// Design Philosophy (TigerBeetle-inspired): +/// - Zero allocation on hot path +/// - Streaming JSON validation (constant memory) +/// - Early rejection of invalid requests +/// - Pre-body validation for fast fail +/// +/// Validation Flow: +/// 1. validateRequest() - Check URI, Content-Length, headers before body +/// 2. validateJsonStream() - Incremental JSON validation during body receipt +/// +/// Memory Characteristics: +/// - ValidatorConfig: ~20 bytes (inline configuration) +/// - JsonState: 4 bytes (streaming state) +/// - No heap allocation during validation +const std = @import("std"); + +const state = @import("state.zig"); +pub const Reason = state.Reason; + +// ============================================================================= +// Validation Result +// ============================================================================= + +/// Result of a validation check +pub const ValidationResult = struct { + /// Whether the request passed validation + valid: bool, + /// Reason for rejection (null if valid) + reason: ?Reason, + + /// Create a passing result + pub inline fn pass() ValidationResult { + return .{ .valid = true, .reason = null }; + } + + /// Create a failing result with reason + pub inline fn fail(reason: Reason) ValidationResult { + return .{ .valid = false, .reason = reason }; + } + + /// Check if validation passed + pub inline fn isValid(self: ValidationResult) bool { + return self.valid; + } + + /// Check if validation failed + pub inline fn isInvalid(self: ValidationResult) bool { + return !self.valid; + } +}; + +// ============================================================================= +// Validator Configuration +// ============================================================================= + +/// Configuration for request validation limits +/// Mirrors RequestLimitsConfig from config.zig with additional fields +/// for comprehensive validation +pub const ValidatorConfig = struct { + /// Maximum URI length in bytes (default 2KB) + max_uri_length: u32 = 2048, + + /// Maximum number of query parameters + max_query_params: u16 = 50, + + /// Maximum header value length (default 8KB) + max_header_value_length: u32 = 8192, + + /// Maximum cookie size in bytes (default 4KB) + max_cookie_size: u32 = 4096, + + /// Maximum request body size in bytes (default 1MB) + max_body_size: u32 = 1_048_576, + + /// Maximum JSON nesting depth + max_json_depth: u8 = 20, + + /// Maximum JSON keys (protects against hash collision attacks) + max_json_keys: u16 = 1000, + + /// Create configuration from RequestLimitsConfig + pub fn fromRequestLimits(limits: anytype) ValidatorConfig { + return .{ + .max_uri_length = limits.max_uri_length, + .max_body_size = limits.max_body_size, + .max_json_depth = limits.max_json_depth, + }; + } + + comptime { + // Ensure config fits in a cache line + std.debug.assert(@sizeOf(ValidatorConfig) <= 64); + } +}; + +// ============================================================================= +// JSON Streaming State +// ============================================================================= + +/// State for streaming JSON validation +/// Tracks nesting depth and key count with constant memory usage +/// Properly handles string escapes to avoid false positives +pub const JsonState = struct { + /// Current nesting depth (objects and arrays) + depth: u8 = 0, + + /// Total keys seen (colons outside strings) + key_count: u16 = 0, + + /// Currently inside a string literal + in_string: bool = false, + + /// Next character is escaped (preceded by backslash) + escape_next: bool = false, + + /// Reset state for new request + pub inline fn reset(self: *JsonState) void { + self.* = .{}; + } + + /// Check if parsing is complete (all brackets closed) + pub inline fn isComplete(self: *const JsonState) bool { + return self.depth == 0 and !self.in_string; + } + + comptime { + // Ensure state is minimal (6 bytes with alignment) + std.debug.assert(@sizeOf(JsonState) <= 8); + } +}; + +// ============================================================================= +// Request Validator +// ============================================================================= + +/// Validates HTTP requests against configured limits +/// Zero allocation, suitable for hot path +pub const RequestValidator = struct { + /// Configuration reference (immutable during request processing) + config: *const ValidatorConfig, + + /// Initialize validator with configuration + pub fn init(config: *const ValidatorConfig) RequestValidator { + return .{ .config = config }; + } + + // ========================================================================= + // Pre-Body Validation + // ========================================================================= + + /// Validate request before reading body + /// Fast path for rejecting obviously invalid requests + /// + /// Checks: + /// - URI length + /// - Content-Length vs max body size + /// - Cookie size + /// + /// Parameters: + /// - uri: Request URI (path + query string) + /// - content_length: Value of Content-Length header (null if not present) + /// - headers: Iterator or slice of header name-value pairs + /// + /// Returns: ValidationResult with pass/fail and reason + pub fn validateRequest( + self: *const RequestValidator, + uri: ?[]const u8, + content_length: ?u32, + headers: anytype, + ) ValidationResult { + // Check URI length + if (uri) |u| { + if (u.len > self.config.max_uri_length) { + return ValidationResult.fail(.invalid_request); + } + + // Count query parameters if present + if (std.mem.indexOf(u8, u, "?")) |query_start| { + const query = u[query_start + 1 ..]; + const param_count = countQueryParams(query); + if (param_count > self.config.max_query_params) { + return ValidationResult.fail(.invalid_request); + } + } + } + + // Check Content-Length against max body size + if (content_length) |len| { + if (len > self.config.max_body_size) { + return ValidationResult.fail(.body_too_large); + } + } + + // Check headers for cookie size + return self.validateHeaders(headers); + } + + /// Validate specific headers + /// Separate method for when you only have headers to check + fn validateHeaders(self: *const RequestValidator, headers: anytype) ValidationResult { + const HeadersType = @TypeOf(headers); + const type_info = @typeInfo(HeadersType); + + // Handle different header representations + switch (type_info) { + .pointer => |ptr| { + // Slice of header pairs + if (ptr.size == .Slice) { + for (headers) |header| { + const result = self.checkHeader(header[0], header[1]); + if (result.isInvalid()) return result; + } + } + }, + .@"struct" => { + // Iterator-like struct with next() method + if (@hasDecl(HeadersType, "next")) { + var iter = headers; + while (iter.next()) |header| { + const result = self.checkHeader(header.name, header.value); + if (result.isInvalid()) return result; + } + } + }, + .null => { + // No headers to check + }, + else => { + // Unsupported type - skip header validation + }, + } + + return ValidationResult.pass(); + } + + /// Check a single header against limits + fn checkHeader(self: *const RequestValidator, name: []const u8, value: []const u8) ValidationResult { + // Check header value length + if (value.len > self.config.max_header_value_length) { + return ValidationResult.fail(.invalid_request); + } + + // Check cookie size specifically + if (std.ascii.eqlIgnoreCase(name, "cookie")) { + if (value.len > self.config.max_cookie_size) { + return ValidationResult.fail(.invalid_request); + } + } + + return ValidationResult.pass(); + } + + // ========================================================================= + // Streaming JSON Validation + // ========================================================================= + + /// Validate a chunk of JSON data + /// Call repeatedly as body chunks arrive + /// Maintains state between calls for streaming validation + /// + /// Features: + /// - Constant memory (O(1) space) + /// - Proper string escape handling + /// - Depth limiting (prevents stack exhaustion attacks) + /// - Key counting (prevents hash collision attacks) + /// + /// Parameters: + /// - chunk: Bytes of JSON data + /// - json_state: Mutable state tracking depth and keys + /// + /// Returns: ValidationResult - pass to continue, fail to reject + pub fn validateJsonStream( + self: *const RequestValidator, + chunk: []const u8, + json_state: *JsonState, + ) ValidationResult { + for (chunk) |byte| { + // Handle escape sequences in strings + if (json_state.escape_next) { + json_state.escape_next = false; + continue; + } + + // Handle string state + if (json_state.in_string) { + switch (byte) { + '\\' => json_state.escape_next = true, + '"' => json_state.in_string = false, + else => {}, + } + continue; + } + + // Not in string - check structural characters + switch (byte) { + '"' => json_state.in_string = true, + + '{', '[' => { + // Use saturating add to prevent overflow + json_state.depth +|= 1; + + if (json_state.depth > self.config.max_json_depth) { + return ValidationResult.fail(.json_depth); + } + }, + + '}', ']' => { + // Use saturating subtract to prevent underflow + json_state.depth -|= 1; + }, + + ':' => { + // Colon indicates a key-value pair in object + json_state.key_count +|= 1; + + if (json_state.key_count > self.config.max_json_keys) { + return ValidationResult.fail(.json_depth); + } + }, + + else => {}, + } + } + + return ValidationResult.pass(); + } + + /// Validate complete JSON body (non-streaming) + /// Convenience method for when entire body is available + pub fn validateJsonBody(self: *const RequestValidator, body: []const u8) ValidationResult { + var json_state = JsonState{}; + return self.validateJsonStream(body, &json_state); + } +}; + +// ============================================================================= +// Helper Functions +// ============================================================================= + +/// Count query parameters in a query string +/// Parameters are separated by & and contain key=value or just key +fn countQueryParams(query: []const u8) u16 { + if (query.len == 0) return 0; + + var count: u16 = 1; // At least one param if query exists + for (query) |c| { + if (c == '&') { + count +|= 1; + } + } + return count; +} + +// ============================================================================= +// Tests +// ============================================================================= + +test "ValidationResult: pass and fail" { + const pass_result = ValidationResult.pass(); + try std.testing.expect(pass_result.isValid()); + try std.testing.expect(!pass_result.isInvalid()); + try std.testing.expect(pass_result.reason == null); + + const fail_result = ValidationResult.fail(.body_too_large); + try std.testing.expect(!fail_result.isValid()); + try std.testing.expect(fail_result.isInvalid()); + try std.testing.expectEqual(Reason.body_too_large, fail_result.reason.?); +} + +test "ValidatorConfig: default values" { + const config = ValidatorConfig{}; + try std.testing.expectEqual(@as(u32, 2048), config.max_uri_length); + try std.testing.expectEqual(@as(u32, 4096), config.max_cookie_size); + try std.testing.expectEqual(@as(u32, 1_048_576), config.max_body_size); + try std.testing.expectEqual(@as(u8, 20), config.max_json_depth); + try std.testing.expectEqual(@as(u16, 1000), config.max_json_keys); +} + +test "JsonState: size and reset" { + var json_state = JsonState{ .depth = 5, .key_count = 100, .in_string = true }; + try std.testing.expect(@sizeOf(JsonState) <= 8); + + json_state.reset(); + try std.testing.expectEqual(@as(u8, 0), json_state.depth); + try std.testing.expectEqual(@as(u16, 0), json_state.key_count); + try std.testing.expect(!json_state.in_string); +} + +test "JsonState: isComplete" { + var json_state = JsonState{}; + try std.testing.expect(json_state.isComplete()); + + json_state.depth = 1; + try std.testing.expect(!json_state.isComplete()); + + json_state.depth = 0; + json_state.in_string = true; + try std.testing.expect(!json_state.isComplete()); +} + +test "RequestValidator: init" { + const config = ValidatorConfig{}; + const validator = RequestValidator.init(&config); + try std.testing.expectEqual(&config, validator.config); +} + +test "RequestValidator: validateRequest passes valid URI" { + const config = ValidatorConfig{ .max_uri_length = 100 }; + const validator = RequestValidator.init(&config); + + const result = validator.validateRequest("/api/users", null, null); + try std.testing.expect(result.isValid()); +} + +test "RequestValidator: validateRequest rejects long URI" { + const config = ValidatorConfig{ .max_uri_length = 10 }; + const validator = RequestValidator.init(&config); + + const result = validator.validateRequest("/api/users/very/long/path", null, null); + try std.testing.expect(result.isInvalid()); + try std.testing.expectEqual(Reason.invalid_request, result.reason.?); +} + +test "RequestValidator: validateRequest rejects large body" { + const config = ValidatorConfig{ .max_body_size = 1000 }; + const validator = RequestValidator.init(&config); + + const result = validator.validateRequest("/api/upload", 5000, null); + try std.testing.expect(result.isInvalid()); + try std.testing.expectEqual(Reason.body_too_large, result.reason.?); +} + +test "RequestValidator: validateRequest allows valid body size" { + const config = ValidatorConfig{ .max_body_size = 10000 }; + const validator = RequestValidator.init(&config); + + const result = validator.validateRequest("/api/upload", 5000, null); + try std.testing.expect(result.isValid()); +} + +test "RequestValidator: validateJsonStream passes simple JSON" { + const config = ValidatorConfig{}; + const validator = RequestValidator.init(&config); + + var json_state = JsonState{}; + const json = "{\"name\": \"test\", \"value\": 123}"; + + const result = validator.validateJsonStream(json, &json_state); + try std.testing.expect(result.isValid()); + try std.testing.expectEqual(@as(u8, 0), json_state.depth); // All closed + try std.testing.expectEqual(@as(u16, 2), json_state.key_count); // Two keys +} + +test "RequestValidator: validateJsonStream rejects deep nesting" { + const config = ValidatorConfig{ .max_json_depth = 3 }; + const validator = RequestValidator.init(&config); + + var json_state = JsonState{}; + const json = "{{{{"; // 4 levels of nesting + + const result = validator.validateJsonStream(json, &json_state); + try std.testing.expect(result.isInvalid()); + try std.testing.expectEqual(Reason.json_depth, result.reason.?); +} + +test "RequestValidator: validateJsonStream rejects too many keys" { + const config = ValidatorConfig{ .max_json_keys = 3 }; + const validator = RequestValidator.init(&config); + + var json_state = JsonState{}; + const json = "{\"a\":1,\"b\":2,\"c\":3,\"d\":4}"; // 4 keys + + const result = validator.validateJsonStream(json, &json_state); + try std.testing.expect(result.isInvalid()); + try std.testing.expectEqual(Reason.json_depth, result.reason.?); +} + +test "RequestValidator: validateJsonStream handles strings correctly" { + const config = ValidatorConfig{ .max_json_depth = 2 }; + const validator = RequestValidator.init(&config); + + var json_state = JsonState{}; + // Braces inside strings should be ignored + const json = "{\"data\": \"{{{{{{{\"}"; + + const result = validator.validateJsonStream(json, &json_state); + try std.testing.expect(result.isValid()); + try std.testing.expectEqual(@as(u8, 0), json_state.depth); +} + +test "RequestValidator: validateJsonStream handles escapes" { + const config = ValidatorConfig{}; + const validator = RequestValidator.init(&config); + + var json_state = JsonState{}; + // Escaped quote should not end string + const json = "{\"data\": \"test\\\"quote\"}"; + + const result = validator.validateJsonStream(json, &json_state); + try std.testing.expect(result.isValid()); + try std.testing.expect(!json_state.in_string); +} + +test "RequestValidator: validateJsonStream chunked" { + const config = ValidatorConfig{}; + const validator = RequestValidator.init(&config); + + var json_state = JsonState{}; + + // Send JSON in chunks + var result = validator.validateJsonStream("{\"na", &json_state); + try std.testing.expect(result.isValid()); + try std.testing.expectEqual(@as(u8, 1), json_state.depth); + + result = validator.validateJsonStream("me\":\"te", &json_state); + try std.testing.expect(result.isValid()); + try std.testing.expect(json_state.in_string); + + result = validator.validateJsonStream("st\"}", &json_state); + try std.testing.expect(result.isValid()); + try std.testing.expectEqual(@as(u8, 0), json_state.depth); + try std.testing.expect(!json_state.in_string); +} + +test "RequestValidator: validateJsonBody convenience" { + const config = ValidatorConfig{}; + const validator = RequestValidator.init(&config); + + const result = validator.validateJsonBody("{\"key\": [1, 2, 3]}"); + try std.testing.expect(result.isValid()); +} + +test "RequestValidator: validateJsonStream handles nested arrays" { + const config = ValidatorConfig{ .max_json_depth = 5 }; + const validator = RequestValidator.init(&config); + + var json_state = JsonState{}; + const json = "{\"arr\": [[1, 2], [3, 4]]}"; + + const result = validator.validateJsonStream(json, &json_state); + try std.testing.expect(result.isValid()); + try std.testing.expectEqual(@as(u8, 0), json_state.depth); +} + +test "countQueryParams: basic" { + try std.testing.expectEqual(@as(u16, 0), countQueryParams("")); + try std.testing.expectEqual(@as(u16, 1), countQueryParams("a=1")); + try std.testing.expectEqual(@as(u16, 2), countQueryParams("a=1&b=2")); + try std.testing.expectEqual(@as(u16, 3), countQueryParams("a=1&b=2&c=3")); +} + +test "RequestValidator: validateRequest rejects too many query params" { + const config = ValidatorConfig{ .max_query_params = 2 }; + const validator = RequestValidator.init(&config); + + const result = validator.validateRequest("/api?a=1&b=2&c=3", null, null); + try std.testing.expect(result.isInvalid()); + try std.testing.expectEqual(Reason.invalid_request, result.reason.?); +} + +test "RequestValidator: validateRequest allows valid query params" { + const config = ValidatorConfig{ .max_query_params = 5 }; + const validator = RequestValidator.init(&config); + + const result = validator.validateRequest("/api?a=1&b=2", null, null); + try std.testing.expect(result.isValid()); +} diff --git a/tests/integration_test.zig b/tests/integration_test.zig index 09bc277..6cc285e 100644 --- a/tests/integration_test.zig +++ b/tests/integration_test.zig @@ -13,6 +13,7 @@ const body = @import("suites/body.zig"); const load_balancing = @import("suites/load_balancing.zig"); const http2 = @import("suites/http2.zig"); const otel = @import("suites/otel.zig"); +const waf = @import("suites/waf.zig"); pub fn main() !void { var gpa = std.heap.GeneralPurposeAllocator(.{}){}; @@ -30,6 +31,8 @@ pub fn main() !void { load_balancing.suite, http2.suite, otel.suite, + waf.suite, + waf.shadow_suite, }; var suite_failures: usize = 0; diff --git a/tests/process_manager.zig b/tests/process_manager.zig index c54a268..0327c5a 100644 --- a/tests/process_manager.zig +++ b/tests/process_manager.zig @@ -323,4 +323,73 @@ pub const ProcessManager = struct { // Wait for health checks (backends need to be marked healthy) posix.nanosleep(2, 0); } + + /// Start load balancer with WAF enabled + pub fn startLoadBalancerWithWaf(self: *ProcessManager, backend_ports: []const u16, waf_config_path: []const u8) !void { + try self.startLoadBalancerWithWafOnPort(backend_ports, waf_config_path, test_utils.LB_PORT); + } + + /// Start load balancer with WAF enabled on a specific port + pub fn startLoadBalancerWithWafOnPort(self: *ProcessManager, backend_ports: []const u16, waf_config_path: []const u8, port: u16) !void { + var args: std.ArrayList([]const u8) = .empty; + defer args.deinit(self.allocator); + + // Track strings we allocate so we can free them + var allocated_strings: std.ArrayList([]const u8) = .empty; + defer { + for (allocated_strings.items) |s| self.allocator.free(s); + allocated_strings.deinit(self.allocator); + } + + try args.append(self.allocator, "./zig-out/bin/load_balancer"); + try args.append(self.allocator, "--port"); + + var lb_port_buf: [8]u8 = undefined; + const lb_port_str = try std.fmt.bufPrint(&lb_port_buf, "{d}", .{port}); + const lb_port_dup = try self.allocator.dupe(u8, lb_port_str); + try allocated_strings.append(self.allocator, lb_port_dup); + try args.append(self.allocator, lb_port_dup); + + // Use single-process mode for easier testing + try args.append(self.allocator, "--mode"); + try args.append(self.allocator, "sp"); + + // Add WAF config path + try args.append(self.allocator, "--waf"); + const waf_path_dup = try self.allocator.dupe(u8, waf_config_path); + try allocated_strings.append(self.allocator, waf_path_dup); + try args.append(self.allocator, waf_path_dup); + + for (backend_ports) |backend_port| { + try args.append(self.allocator, "--backend"); + var buf: [32]u8 = undefined; + const backend_str = try std.fmt.bufPrint(&buf, "127.0.0.1:{d}", .{backend_port}); + const backend_dup = try self.allocator.dupe(u8, backend_str); + try allocated_strings.append(self.allocator, backend_dup); + try args.append(self.allocator, backend_dup); + } + + var child = std.process.Child.init(args.items, self.allocator); + child.stdin_behavior = .Ignore; + child.stdout_behavior = .Ignore; + child.stderr_behavior = .Ignore; + + try child.spawn(); + errdefer { + _ = child.kill() catch {}; + _ = child.wait() catch {}; + } + + try self.processes.append(self.allocator, .{ + .child = child, + .name = try self.allocator.dupe(u8, "load_balancer_waf"), + .allocator = self.allocator, + }); + + // Wait for LB port + try test_utils.waitForPort(port, 10000); + + // Wait for health checks (backends need to be marked healthy) + posix.nanosleep(2, 0); + } }; diff --git a/tests/suites/waf.zig b/tests/suites/waf.zig new file mode 100644 index 0000000..95e8619 --- /dev/null +++ b/tests/suites/waf.zig @@ -0,0 +1,327 @@ +//! WAF (Web Application Firewall) integration tests. +//! +//! Tests rate limiting, body size limits, URI length limits, and shadow mode. +//! Creates a temporary WAF config file for each test suite run. + +const std = @import("std"); +const harness = @import("../harness.zig"); +const utils = @import("../test_utils.zig"); +const ProcessManager = @import("../process_manager.zig").ProcessManager; +const posix = std.posix; + +var pm: ProcessManager = undefined; +var waf_config_path: []const u8 = undefined; +var allocator: std.mem.Allocator = undefined; + +/// WAF test config - tight limits for testing +const WAF_CONFIG = + \\{ + \\ "enabled": true, + \\ "shadow_mode": false, + \\ "rate_limits": [ + \\ { + \\ "name": "test_limit", + \\ "path": "/api/*", + \\ "limit": { "requests": 5, "period_sec": 60 }, + \\ "burst": 0, + \\ "by": "ip", + \\ "action": "block" + \\ } + \\ ], + \\ "request_limits": { + \\ "max_uri_length": 100, + \\ "max_body_size": 1024 + \\ } + \\} +; + +/// Shadow mode config - logs but doesn't block +const WAF_SHADOW_CONFIG = + \\{ + \\ "enabled": true, + \\ "shadow_mode": true, + \\ "rate_limits": [ + \\ { + \\ "name": "test_limit", + \\ "path": "/api/*", + \\ "limit": { "requests": 2, "period_sec": 60 }, + \\ "burst": 0, + \\ "by": "ip", + \\ "action": "block" + \\ } + \\ ], + \\ "request_limits": { + \\ "max_uri_length": 50, + \\ "max_body_size": 512 + \\ } + \\} +; + +fn beforeAll(alloc: std.mem.Allocator) !void { + allocator = alloc; + pm = ProcessManager.init(alloc); + + // Create temporary WAF config file + waf_config_path = try createTempWafConfig(alloc, WAF_CONFIG); + + // Start backend on dedicated WAF port + try pm.startBackend(utils.WAF_BACKEND_PORT, "waf_backend"); + + // Start load balancer with WAF enabled on dedicated port + try pm.startLoadBalancerWithWafOnPort(&.{utils.WAF_BACKEND_PORT}, waf_config_path, utils.WAF_LB_PORT); +} + +fn afterAll(_: std.mem.Allocator) !void { + pm.deinit(); + + // Clean up temporary WAF config file + deleteTempWafConfig(waf_config_path); + allocator.free(waf_config_path); +} + +/// Create a temporary WAF config file +fn createTempWafConfig(alloc: std.mem.Allocator, config: []const u8) ![]const u8 { + // Use /tmp for temporary files with a unique name based on timestamp + const now = std.time.Instant.now() catch return error.TimerUnavailable; + // Use seconds + nanoseconds for unique filename + const ts_sec: i64 = now.timestamp.sec; + const ts_nsec: i64 = now.timestamp.nsec; + const path = try std.fmt.allocPrint(alloc, "/tmp/waf_test_{d}_{d}.json", .{ ts_sec, ts_nsec }); + errdefer alloc.free(path); + + const file = try std.fs.createFileAbsolute(path, .{}); + defer file.close(); + + try file.writeAll(config); + + return path; +} + +/// Delete the temporary WAF config file +fn deleteTempWafConfig(path: []const u8) void { + std.fs.deleteFileAbsolute(path) catch {}; +} + +// ============================================================================= +// Rate Limiting Tests +// ============================================================================= + +fn testRateLimitingBlocks(alloc: std.mem.Allocator) !void { + // The rate limit is 5 requests per 60 seconds with no burst + // We need to make 6 requests to trigger the block + // Note: we use a unique path suffix to avoid interference from other tests + + const path = "/api/rate-test-1"; + + // Make 5 requests - all should succeed + for (0..5) |_| { + const response = try utils.httpRequest(alloc, "GET", utils.WAF_LB_PORT, path, null, null); + defer alloc.free(response); + + const status = try utils.getResponseStatusCode(response); + // First 5 should succeed (200) or we might get 429 from previous test runs + if (status != 200 and status != 429) { + return error.UnexpectedStatus; + } + } + + // The 6th request should be rate limited (429) + const response = try utils.httpRequest(alloc, "GET", utils.WAF_LB_PORT, path, null, null); + defer alloc.free(response); + + const status = try utils.getResponseStatusCode(response); + try std.testing.expectEqual(@as(u16, 429), status); +} + +fn testNonApiPathNotRateLimited(alloc: std.mem.Allocator) !void { + // The rate limit only applies to /api/* paths + // Requests to other paths should not be rate limited + + const path = "/other/path"; + + // Make many requests - all should succeed + for (0..10) |_| { + const response = try utils.httpRequest(alloc, "GET", utils.WAF_LB_PORT, path, null, null); + defer alloc.free(response); + + const status = try utils.getResponseStatusCode(response); + try std.testing.expectEqual(@as(u16, 200), status); + } +} + +// ============================================================================= +// Request Size Limit Tests +// ============================================================================= + +fn testBodySizeLimitBlocks(alloc: std.mem.Allocator) !void { + // The max_body_size is 1024 bytes + // Sending a larger body should be blocked with 413 + + // Create a body larger than 1024 bytes + const large_body = try alloc.alloc(u8, 2000); + defer alloc.free(large_body); + @memset(large_body, 'X'); + + const headers = &[_][2][]const u8{.{ "Content-Type", "application/octet-stream" }}; + + const response = try utils.httpRequest(alloc, "POST", utils.WAF_LB_PORT, "/upload", headers, large_body); + defer alloc.free(response); + + const status = try utils.getResponseStatusCode(response); + try std.testing.expectEqual(@as(u16, 413), status); +} + +fn testSmallBodyAllowed(alloc: std.mem.Allocator) !void { + // A body smaller than 1024 bytes should be allowed + + const small_body = "This is a small body that should be allowed"; + const headers = &[_][2][]const u8{.{ "Content-Type", "text/plain" }}; + + const response = try utils.httpRequest(alloc, "POST", utils.WAF_LB_PORT, "/data", headers, small_body); + defer alloc.free(response); + + const status = try utils.getResponseStatusCode(response); + try std.testing.expectEqual(@as(u16, 200), status); +} + +// ============================================================================= +// URI Length Limit Tests +// ============================================================================= + +fn testUriLengthLimitBlocks(alloc: std.mem.Allocator) !void { + // The max_uri_length is 100 bytes + // Sending a longer URI should be blocked with 403 + + // Create a URI longer than 100 bytes + var long_uri_buf: [200]u8 = undefined; + @memset(&long_uri_buf, 'a'); + long_uri_buf[0] = '/'; + const long_uri = long_uri_buf[0..150]; + + const response = try utils.httpRequest(alloc, "GET", utils.WAF_LB_PORT, long_uri, null, null); + defer alloc.free(response); + + const status = try utils.getResponseStatusCode(response); + try std.testing.expectEqual(@as(u16, 403), status); +} + +fn testShortUriAllowed(alloc: std.mem.Allocator) !void { + // A URI shorter than 100 bytes should be allowed + + const short_uri = "/short/path"; + + const response = try utils.httpRequest(alloc, "GET", utils.WAF_LB_PORT, short_uri, null, null); + defer alloc.free(response); + + const status = try utils.getResponseStatusCode(response); + try std.testing.expectEqual(@as(u16, 200), status); +} + +pub const suite = harness.Suite{ + .name = "WAF (Web Application Firewall)", + .before_all = beforeAll, + .after_all = afterAll, + .tests = &.{ + harness.it("rate limiting blocks after limit exceeded", testRateLimitingBlocks), + harness.it("non-API paths not rate limited", testNonApiPathNotRateLimited), + harness.it("blocks requests with body exceeding size limit", testBodySizeLimitBlocks), + harness.it("allows requests with small body", testSmallBodyAllowed), + harness.it("blocks requests with URI exceeding length limit", testUriLengthLimitBlocks), + harness.it("allows requests with short URI", testShortUriAllowed), + }, +}; + +// ============================================================================= +// Shadow Mode Test Suite +// ============================================================================= + +var pm_shadow: ProcessManager = undefined; +var waf_shadow_config_path: []const u8 = undefined; + +fn beforeAllShadow(alloc: std.mem.Allocator) !void { + allocator = alloc; + pm_shadow = ProcessManager.init(alloc); + + // Create temporary WAF config file with shadow mode + waf_shadow_config_path = try createTempWafConfig(alloc, WAF_SHADOW_CONFIG); + + // Start backend on dedicated WAF shadow port to avoid conflicts + try pm_shadow.startBackend(utils.WAF_SHADOW_BACKEND_PORT, "waf_shadow_backend"); + + // Start load balancer with WAF shadow mode on dedicated port + try pm_shadow.startLoadBalancerWithWafOnPort(&.{utils.WAF_SHADOW_BACKEND_PORT}, waf_shadow_config_path, utils.WAF_SHADOW_LB_PORT); +} + +fn afterAllShadow(_: std.mem.Allocator) !void { + pm_shadow.deinit(); + + // Clean up temporary WAF config file + deleteTempWafConfig(waf_shadow_config_path); + allocator.free(waf_shadow_config_path); +} + +fn testShadowModeDoesNotBlock(alloc: std.mem.Allocator) !void { + // In shadow mode, the rate limit is 2 requests per 60 seconds + // But shadow mode should NOT block, only log + // All requests should succeed + + const path = "/api/shadow-test"; + + // Make more requests than the limit + for (0..5) |_| { + const response = try utils.httpRequest(alloc, "GET", utils.WAF_SHADOW_LB_PORT, path, null, null); + defer alloc.free(response); + + const status = try utils.getResponseStatusCode(response); + // In shadow mode, all requests should succeed + try std.testing.expectEqual(@as(u16, 200), status); + } +} + +fn testShadowModeAllowsLargeBody(alloc: std.mem.Allocator) !void { + // In shadow mode, max_body_size is 512 bytes + // But shadow mode should NOT block, only log + + // Create a body larger than 512 bytes + const large_body = try alloc.alloc(u8, 800); + defer alloc.free(large_body); + @memset(large_body, 'Y'); + + const headers = &[_][2][]const u8{.{ "Content-Type", "application/octet-stream" }}; + + const response = try utils.httpRequest(alloc, "POST", utils.WAF_SHADOW_LB_PORT, "/upload", headers, large_body); + defer alloc.free(response); + + const status = try utils.getResponseStatusCode(response); + // In shadow mode, should still succeed + try std.testing.expectEqual(@as(u16, 200), status); +} + +fn testShadowModeAllowsLongUri(alloc: std.mem.Allocator) !void { + // In shadow mode, max_uri_length is 50 bytes + // But shadow mode should NOT block, only log + + // Create a URI longer than 50 bytes but shorter than typical limits + var uri_buf: [80]u8 = undefined; + @memset(&uri_buf, 'z'); + uri_buf[0] = '/'; + const long_uri = uri_buf[0..70]; + + const response = try utils.httpRequest(alloc, "GET", utils.WAF_SHADOW_LB_PORT, long_uri, null, null); + defer alloc.free(response); + + const status = try utils.getResponseStatusCode(response); + // In shadow mode, should still succeed + try std.testing.expectEqual(@as(u16, 200), status); +} + +pub const shadow_suite = harness.Suite{ + .name = "WAF Shadow Mode", + .before_all = beforeAllShadow, + .after_all = afterAllShadow, + .tests = &.{ + harness.it("shadow mode does not block rate-limited requests", testShadowModeDoesNotBlock), + harness.it("shadow mode allows large body requests", testShadowModeAllowsLargeBody), + harness.it("shadow mode allows long URI requests", testShadowModeAllowsLongUri), + }, +}; diff --git a/tests/test_utils.zig b/tests/test_utils.zig index 9f58dc4..7daca23 100644 --- a/tests/test_utils.zig +++ b/tests/test_utils.zig @@ -15,6 +15,10 @@ pub const BACKEND3_PORT: u16 = 19003; pub const LB_PORT: u16 = 18080; pub const LB_H2_PORT: u16 = 18081; // Load balancer port for HTTP/2 tests pub const OTLP_PORT: u16 = 14318; // Mock OTLP collector port +pub const WAF_LB_PORT: u16 = 18082; // Load balancer port for WAF tests +pub const WAF_SHADOW_LB_PORT: u16 = 18083; // Load balancer port for WAF shadow mode tests +pub const WAF_BACKEND_PORT: u16 = 19004; // Backend port for WAF tests +pub const WAF_SHADOW_BACKEND_PORT: u16 = 19005; // Backend port for WAF shadow mode tests /// Wait for a port to accept connections pub fn waitForPort(port: u16, timeout_ms: u64) !void { diff --git a/waf_test.json b/waf_test.json new file mode 100644 index 0000000..b912cc2 --- /dev/null +++ b/waf_test.json @@ -0,0 +1,18 @@ +{ + "enabled": true, + "shadow_mode": false, + "rate_limits": [ + { + "name": "test_limit", + "path": "/*", + "limit": { "requests": 3, "period_sec": 60 }, + "burst": 0, + "by": "ip", + "action": "block" + } + ], + "request_limits": { + "max_uri_length": 100, + "max_body_size": 1024 + } +} From a2e6587627da73c23ae2a7b564a1be7b4a50496c Mon Sep 17 00:00:00 2001 From: "Parrin, N.D. (Nicholas)" Date: Fri, 26 Dec 2025 23:30:59 +0100 Subject: [PATCH 7/9] Add built-in WAF and OpenTelemetry tracing features - Add WAF and OpenTelemetry badges to README - Document WAF architecture and OpenTelemetry integration - Implement burst detection and stats reporting in WAF - Add IP formatting utility to proxy handler - Update WAF config for burst detection options - Expose BurstEntry and BurstTracker in WAF module - Add burst reason to WAF state and decision logic --- README.md | 252 +++++++++++++-- docs/WAF_ARCHITECTURE.md | 680 +++++++++++++++++++++++++++++++++++++++ main.zig | 47 +++ src/proxy/handler.zig | 27 +- src/waf/config.zig | 4 + src/waf/engine.zig | 27 ++ src/waf/mod.zig | 5 + src/waf/state.zig | 303 +++++++++++++++++ 8 files changed, 1317 insertions(+), 28 deletions(-) create mode 100644 docs/WAF_ARCHITECTURE.md diff --git a/README.md b/README.md index 50f77b7..ed2ee4d 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,8 @@

17k+ req/s HTTP/2 + WAF + OpenTelemetry Single binary Zero dependencies Zig 0.16+ @@ -22,7 +24,13 @@ ./load_balancer -b localhost:9001 -b localhost:9002 -p 8080 ``` -That's it. Health checks, automatic failover, connection pooling. Done. +That's it. Health checks, automatic failover, connection pooling, **WAF protection**, **distributed tracing**. Done. + +## What's New + +- **Web Application Firewall (WAF)** — Rate limiting, burst detection, request validation +- **OpenTelemetry Tracing** — Full request lifecycle visibility in Jaeger +- **Lock-free Performance** — TigerBeetle-inspired atomic operations, zero locks ## Use Cases @@ -59,28 +67,28 @@ kill -USR2 $(pgrep load_balancer) -### Local microservices gateway +### Rate-limited API Gateway -One port, multiple backends. Round-robin or weighted distribution. +Protect your APIs from abuse with per-IP rate limiting and burst detection. ```bash ./load_balancer \ - -b auth-service:8001 \ - -b api-service:8002 \ - -b cache-service:8003 \ - -s round_robin + -b api-service:8001 \ + --waf-config waf.json \ + --otel-endpoint localhost:4318 ``` -### Debug HTTP/TLS issues +### Debug with Distributed Tracing -See exactly what's on the wire. Hex dumps, TLS cipher info, the works. +See every request in Jaeger with WAF decisions, backend latency, and more. ```bash -./load_balancer --trace --tls-trace \ - -b httpbin.org:443 -p 8080 +./load_balancer -b backend:8001 \ + --otel-endpoint localhost:4318 +# Open http://localhost:16686 for Jaeger UI ``` @@ -123,8 +131,13 @@ zig build -Doptimize=ReleaseFast ./zig-out/bin/backend1 & ./zig-out/bin/backend2 & -# Run -./zig-out/bin/load_balancer -p 8080 -b 127.0.0.1:9001 -b 127.0.0.1:9002 +# Run with WAF and tracing +./zig-out/bin/load_balancer \ + -p 8080 \ + -b 127.0.0.1:9001 \ + -b 127.0.0.1:9002 \ + --waf-config waf.json \ + --otel-endpoint localhost:4318 # Test curl http://localhost:8080 @@ -138,6 +151,7 @@ curl http://localhost:8080 | HAProxy needs a PhD | One binary, zero setup | | Envoy downloads half the internet | No dependencies beyond Zig stdlib | | Node/Go proxies have GC pauses | Memory-safe Zig, no garbage collector | +| WAF costs $$$$ | Built-in, lock-free, high-performance | | "Just use Kubernetes" | This is 4MB, not a lifestyle | **The numbers:** 17,000+ req/s with ~10% overhead vs direct backend access. @@ -157,15 +171,22 @@ curl http://localhost:8080 │ │ │ │ │ │ │ • pool │ │ • pool │ │ • pool │ │ • health │ │ • health │ │ • health │ + │ • WAF │ │ • WAF │ │ • WAF │ └────┬─────┘ └────┬─────┘ └────┬─────┘ │ │ │ └────────────────────┼────────────────────┘ │ SO_REUSEPORT ▼ Port 8080 + │ + ▼ + ┌─────────────────────────────┐ + │ Jaeger / OTLP │ + │ (Distributed Tracing) │ + └─────────────────────────────┘ ``` -Each worker is **fully isolated**: own connection pool, own health state, no locks. A crash in one worker doesn't affect the others. +Each worker is **fully isolated**: own connection pool, own health state, **shared WAF state** (mmap), no locks. A crash in one worker doesn't affect the others. ### Health Checking @@ -173,20 +194,190 @@ Each worker is **fully isolated**: own connection pool, own health state, no loc **Active** — Background probes every 5s catch problems before users hit them. +--- + +## Web Application Firewall (WAF) + +Built-in, lock-free WAF with TigerBeetle-inspired design: + +### Features + +| Feature | Description | +|---------|-------------| +| **Rate Limiting** | Token bucket per IP+path, atomic CAS operations | +| **Burst Detection** | Anomaly detection using EMA (detects sudden traffic spikes) | +| **Request Validation** | URI length, body size, JSON depth limits | +| **Slowloris Protection** | Per-IP connection tracking | +| **Shadow Mode** | Test rules without blocking (log_only) | +| **Hot Reload** | Config changes apply without restart | + +### WAF Request Flow + +``` +Request → WAF Check → Backend + │ + ├─ 1. Validate request (URI, body size) + ├─ 2. Check rate limits (token bucket) + ├─ 3. Check burst detection (EMA anomaly) + └─ 4. Allow / Block / Log +``` + +### WAF Configuration + +Create `waf.json`: + +```json +{ + "enabled": true, + "shadow_mode": false, + "burst_detection_enabled": true, + "burst_threshold": 10, + "rate_limits": [ + { + "name": "login_bruteforce", + "path": "/api/auth/login", + "method": "POST", + "limit": { "requests": 10, "period_sec": 60 }, + "burst": 3, + "by": "ip", + "action": "block" + }, + { + "name": "api_general", + "path": "/api/*", + "limit": { "requests": 100, "period_sec": 60 }, + "burst": 20, + "by": "ip", + "action": "block" + } + ], + "slowloris": { + "max_conns_per_ip": 50 + }, + "request_limits": { + "max_uri_length": 2048, + "max_body_size": 1048576, + "max_json_depth": 20, + "endpoints": [ + { "path": "/api/upload", "max_body_size": 10485760 } + ] + }, + "trusted_proxies": ["10.0.0.0/8", "172.16.0.0/12"], + "logging": { + "log_blocked": true, + "log_allowed": false, + "log_near_limit": true, + "near_limit_threshold": 0.8 + } +} +``` + +Run with WAF: + +```bash +./load_balancer -b backend:8001 --waf-config waf.json +``` + +### WAF Statistics + +Every 10 seconds, the WAF logs statistics: + +``` +[+10000ms] info(waf_stats): WAF Stats: total=1523 allowed=1498 blocked=25 logged=0 block_rate=1% | by_reason: rate_limit=20 slowloris=0 body=3 json=2 +``` + +### Burst Detection + +Detects sudden traffic spikes using Exponential Moving Average (EMA): + +- **Window**: 60 seconds +- **EMA**: `baseline = old * 0.875 + current * 0.125` +- **Trigger**: `current_rate > baseline * threshold` + +Example: An IP normally sends 20 req/min. Suddenly sends 300 req/min → **blocked**. + +--- + +## OpenTelemetry Integration + +Full distributed tracing with Jaeger support. + +### Setup + +1. Start Jaeger: +```bash +docker run -d --name jaeger \ + -p 16686:16686 \ + -p 4318:4318 \ + jaegertracing/all-in-one:latest +``` + +2. Run load balancer with tracing: +```bash +./load_balancer -b backend:8001 --otel-endpoint localhost:4318 +``` + +3. Open Jaeger UI: http://localhost:16686 + +### What's Traced + +Every request gets a span with: + +| Attribute | Description | +|-----------|-------------| +| `http.method` | GET, POST, etc. | +| `http.url` | Request URI | +| `http.status_code` | Response status | +| `waf.decision` | allow / block / log_only | +| `waf.client_ip` | Client IP address | +| `waf.reason` | Why blocked (rate_limit, burst, etc.) | +| `waf.rule` | Which rule triggered | +| `backend.host` | Backend server | +| `backend.latency_ms` | Backend response time | + +### Example Trace + +``` +proxy_request [12.3ms] +├─ http.method: POST +├─ http.url: /api/auth/login +├─ waf.decision: block +├─ waf.client_ip: 192.168.1.100 +├─ waf.reason: rate limit exceeded +└─ waf.rule: login_bruteforce +``` + +### Batching + +Spans are batched for efficiency: +- **Max queue**: 2048 spans +- **Batch size**: 512 spans +- **Export interval**: 5 seconds + +--- + ## CLI Reference ``` --p, --port N Listen port (default: 8080) --b, --backend H:P Backend server (repeat for multiple) --w, --workers N Worker count (default: CPU cores) --s, --strategy S round_robin | weighted | random --c, --config FILE JSON config file (hot-reloaded) --l, --loglevel LVL err | warn | info | debug --k, --insecure Skip TLS verification (dev only!) --t, --trace Dump raw HTTP payloads ---tls-trace Show TLS handshake details ---mode mp|sp Multi-process or single-process ---help You know what this does +-p, --port N Listen port (default: 8080) +-b, --backend H:P Backend server (repeat for multiple) +-w, --workers N Worker count (default: CPU cores) +-s, --strategy S round_robin | weighted | random +-c, --config FILE JSON config file (hot-reloaded) +-l, --loglevel LVL err | warn | info | debug +-k, --insecure Skip TLS verification (dev only!) +-t, --trace Dump raw HTTP payloads +--tls-trace Show TLS handshake details +--mode mp|sp Multi-process or single-process + +WAF Options: +--waf-config FILE WAF configuration JSON file +--waf-shadow Enable shadow mode (log only, don't block) + +Observability: +--otel-endpoint H:P OpenTelemetry OTLP endpoint (e.g., localhost:4318) + +--help You know what this does ``` ## Config File @@ -218,6 +409,8 @@ Changes detected via kqueue (macOS) / inotify (Linux). Zero-downtime reload. | **Prometheus metrics** | `GET /metrics` | | **Connection pooling** | Per-backend, per-worker pools | | **Crash isolation** | Workers are separate processes | +| **WAF** | Rate limiting, burst detection, request validation | +| **Distributed tracing** | OpenTelemetry + Jaeger integration | ## HTTP/2 Support @@ -249,7 +442,7 @@ info(tls_trace): ALPN Protocol: http2 ```bash zig build # Debug zig build -Doptimize=ReleaseFast # Production -zig build test # 242 tests +zig build test # 370+ tests ``` Requires Zig 0.16.0+ @@ -263,6 +456,13 @@ See [ARCHITECTURE.md](ARCHITECTURE.md) for the nerdy stuff: - Binary hot reload via file descriptor passing - SIMD HTTP parsing +See [docs/WAF_ARCHITECTURE.md](docs/WAF_ARCHITECTURE.md) for WAF internals: +- Lock-free token bucket implementation +- Burst detection with EMA algorithm +- Shared memory structures (4MB WafState) +- OpenTelemetry span propagation +- Request flow diagrams with function names + ## License MIT — do whatever you want. diff --git a/docs/WAF_ARCHITECTURE.md b/docs/WAF_ARCHITECTURE.md new file mode 100644 index 0000000..a203a71 --- /dev/null +++ b/docs/WAF_ARCHITECTURE.md @@ -0,0 +1,680 @@ +# WAF Architecture Documentation + +High-performance Web Application Firewall for the zzz load balancer with OpenTelemetry observability. + +## Table of Contents +- [Overview](#overview) +- [Architecture](#architecture) +- [Request Flow](#request-flow) +- [Components](#components) +- [OpenTelemetry Integration](#opentelemetry-integration) +- [Configuration](#configuration) +- [Data Structures](#data-structures) + +--- + +## Overview + +The WAF provides: +- **Lock-free rate limiting** using atomic CAS operations +- **Request validation** (URI length, body size, JSON depth) +- **Burst detection** (anomaly detection for sudden traffic spikes) +- **Slowloris protection** (connection tracking) +- **Shadow mode** for safe rule testing +- **Hot-reload configuration** +- **Full OpenTelemetry tracing** + +Design Philosophy: **TigerBeetle-style** +- Fixed-size structures with compile-time bounds +- Cache-line alignment to prevent false sharing +- Zero allocation on hot path +- Atomic operations only (no locks) + +--- + +## Architecture + +``` +┌─────────────────────────────────────────────────────────────────────────────┐ +│ Load Balancer │ +│ │ +│ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────────────┐ │ +│ │ main.zig │ │ handler.zig │ │ telemetry/mod.zig │ │ +│ │ │ │ │ │ │ │ +│ │ • CLI args │───▶│ • Request entry │───▶│ • OTLP exporter │ │ +│ │ • WAF init │ │ • WAF check │ │ • Batching processor │ │ +│ │ • Stats thread │ │ • OTEL spans │ │ • Span attributes │ │ +│ └─────────────────┘ └────────┬────────┘ └─────────────────────────┘ │ +│ │ │ +│ ▼ │ +│ ┌──────────────────────────────────────────────────────────────────────┐ │ +│ │ WAF Module (src/waf/) │ │ +│ │ │ │ +│ │ ┌─────────────┐ ┌──────────────┐ ┌─────────────┐ ┌────────────┐ │ │ +│ │ │ mod.zig │ │ engine.zig │ │ config.zig │ │ events.zig │ │ │ +│ │ │ │ │ │ │ │ │ │ │ │ +│ │ │ Public API │ │ Orchestrator │ │ JSON parser │ │ Structured │ │ │ +│ │ │ Re-exports │ │ Main check() │ │ Hot-reload │ │ logging │ │ │ +│ │ └─────────────┘ └──────┬───────┘ └─────────────┘ └────────────┘ │ │ +│ │ │ │ │ +│ │ ┌────────────────┼────────────────┐ │ │ +│ │ ▼ ▼ ▼ │ │ +│ │ ┌─────────────┐ ┌──────────────┐ ┌─────────────┐ │ │ +│ │ │rate_limiter │ │ validator.zig│ │ state.zig │ │ │ +│ │ │ .zig │ │ │ │ │ │ │ +│ │ │ │ │ URI/body/JSON│ │ Shared mem │ │ │ +│ │ │ Token bucket│ │ validation │ │ structures │ │ │ +│ │ │ Atomic CAS │ │ Streaming │ │ 64K buckets │ │ │ +│ │ └─────────────┘ └──────────────┘ │ Burst track │ │ │ +│ │ │ Metrics │ │ │ +│ │ └─────────────┘ │ │ +│ └──────────────────────────────────────────────────────────────────────┘ │ +│ │ +└─────────────────────────────────────────────────────────────────────────────┘ + │ + ▼ + ┌─────────────────────────────────┐ + │ Jaeger / OTLP │ + │ (Distributed Tracing) │ + └─────────────────────────────────┘ +``` + +--- + +## Request Flow + +``` + ┌──────────────────────┐ + │ Incoming Request │ + └──────────┬───────────┘ + │ + ▼ +┌────────────────────────────────────────────────────────────────────────────┐ +│ handler.zig:handle() │ +│ │ +│ ┌─────────────────────────────────────────────────────────────────────┐ │ +│ │ 1. telemetry.startServerSpan("proxy_request") │ │ +│ │ ├─ setStringAttribute("http.method", method) │ │ +│ │ └─ setStringAttribute("http.url", uri) │ │ +│ └─────────────────────────────────────────────────────────────────────┘ │ +│ │ │ +│ ▼ │ +│ ┌─────────────────────────────────────────────────────────────────────┐ │ +│ │ 2. main.getWafEngine() -> WafEngine │ │ +│ │ └─ Returns engine with (WafState*, WafConfig*) │ │ +│ └─────────────────────────────────────────────────────────────────────┘ │ +│ │ │ +│ ▼ │ +│ ┌─────────────────────────────────────────────────────────────────────┐ │ +│ │ 3. Build waf.Request │ │ +│ │ ├─ convertHttpMethod(ctx.request.method) │ │ +│ │ ├─ Extract body length from ctx.request.body │ │ +│ │ └─ Request.init() or Request.withContentLength() │ │ +│ └─────────────────────────────────────────────────────────────────────┘ │ +│ │ │ +│ ▼ │ +└─────────────────────────────────────────┼──────────────────────────────────┘ + │ + ▼ +┌────────────────────────────────────────────────────────────────────────────┐ +│ engine.zig:WafEngine.check(&request) │ +│ │ +│ ┌─────────────────────────────────────────────────────────────────────┐ │ +│ │ Step 1: Fast path check │ │ +│ │ if (!self.waf_config.enabled) return CheckResult.allow() │ │ +│ └─────────────────────────────────────────────────────────────────────┘ │ +│ │ │ +│ ▼ │ +│ ┌─────────────────────────────────────────────────────────────────────┐ │ +│ │ Step 2: getClientIp(request) │ │ +│ │ ├─ Check if source_ip is trusted proxy │ │ +│ │ ├─ If trusted, parse X-Forwarded-For header │ │ +│ │ └─ Return real client IP (u32) │ │ +│ └─────────────────────────────────────────────────────────────────────┘ │ +│ │ │ +│ ▼ │ +│ ┌─────────────────────────────────────────────────────────────────────┐ │ +│ │ Step 3: validateRequest(request) │ │ +│ │ ├─ Check URI length <= max_uri_length │ │ +│ │ ├─ Check body size <= getMaxBodySize(path) │ │ +│ │ └─ Return CheckResult.block(.invalid_request) if failed │ │ +│ └─────────────────────────────────────────────────────────────────────┘ │ +│ │ │ +│ ▼ │ +│ ┌─────────────────────────────────────────────────────────────────────┐ │ +│ │ Step 4: checkRateLimit(request, client_ip) │ │ +│ │ ├─ findMatchingRule(request) -> RateLimitRule │ │ +│ │ ├─ Build Key from (client_ip, hashPath(path)) │ │ +│ │ ├─ RateLimiter.check(key, rule) -> DecisionResult │ │ +│ │ │ └─ Bucket.tryConsume() with atomic CAS │ │ +│ │ └─ Return CheckResult.block(.rate_limit) if exhausted │ │ +│ └─────────────────────────────────────────────────────────────────────┘ │ +│ │ │ +│ ▼ │ +│ ┌─────────────────────────────────────────────────────────────────────┐ │ +│ │ Step 5: checkBurst(client_ip) [if burst_detection_enabled] │ │ +│ │ ├─ getCurrentTimeSec() │ │ +│ │ ├─ WafState.checkBurst(ip_hash, time, threshold) │ │ +│ │ │ ├─ BurstTracker.findOrCreate(ip_hash) │ │ +│ │ │ └─ BurstEntry.recordAndCheck(time, threshold) │ │ +│ │ │ ├─ Update EMA baseline (0.875 * old + 0.125 * current) │ │ +│ │ │ └─ Return true if current > baseline * threshold │ │ +│ │ └─ Return CheckResult.block(.burst) if burst detected │ │ +│ └─────────────────────────────────────────────────────────────────────┘ │ +│ │ │ +│ ▼ │ +│ ┌─────────────────────────────────────────────────────────────────────┐ │ +│ │ Step 6: recordDecision(&result) │ │ +│ │ ├─ metrics.recordAllowed() / recordBlocked(reason) │ │ +│ │ └─ Atomic increment of counters │ │ +│ └─────────────────────────────────────────────────────────────────────┘ │ +│ │ │ +│ ▼ │ +│ ┌─────────────────────────────────────────────────────────────────────┐ │ +│ │ Step 7: applyMode(result) │ │ +│ │ ├─ If shadow_mode: result.toShadowMode() (block -> log_only) │ │ +│ │ └─ Return final CheckResult │ │ +│ └─────────────────────────────────────────────────────────────────────┘ │ +│ │ +└─────────────────────────────────────────┬──────────────────────────────────┘ + │ + ▼ +┌────────────────────────────────────────────────────────────────────────────┐ +│ Back to handler.zig │ +│ │ +│ ┌─────────────────────────────────────────────────────────────────────┐ │ +│ │ Add WAF attributes to OTEL span: │ │ +│ │ ├─ span.setStringAttribute("waf.decision", decision) │ │ +│ │ ├─ span.setStringAttribute("waf.client_ip", formatIpv4(ip)) │ │ +│ │ ├─ span.setStringAttribute("waf.reason", reason.description()) │ │ +│ │ └─ span.setStringAttribute("waf.rule", rule_name) │ │ +│ └─────────────────────────────────────────────────────────────────────┘ │ +│ │ │ +│ ┌───────────────┴───────────────┐ │ +│ ▼ ▼ │ +│ ┌─────────────────┐ ┌─────────────────┐ │ +│ │ result.isBlocked() │ Proceed to │ │ +│ │ Return 429/403 │ │ Backend │ │ +│ │ + WAF headers │ │ Proxy request │ │ +│ └─────────────────┘ └─────────────────┘ │ +│ │ +└────────────────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Components + +### 1. `mod.zig` - Public API Module + +Re-exports all public types for clean external interface. + +```zig +// Usage +const waf = @import("waf"); +var engine = waf.WafEngine.init(&state, &config); +const result = engine.check(&request); +``` + +**Exported Types:** +| Type | Source | Purpose | +|------|--------|---------| +| `WafState` | state.zig | Shared memory container | +| `WafEngine` | engine.zig | Main orchestrator | +| `WafConfig` | config.zig | JSON configuration | +| `Request` | engine.zig | Request representation | +| `CheckResult` | engine.zig | Decision output | +| `Decision` | state.zig | allow/block/log_only | +| `Reason` | state.zig | Why blocked | +| `RateLimiter` | rate_limiter.zig | Token bucket | +| `RequestValidator` | validator.zig | Size/format checks | +| `EventLogger` | events.zig | Structured logging | + +--- + +### 2. `engine.zig` - WAF Engine + +The orchestrator that coordinates all security checks. + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ WafEngine │ +├─────────────────────────────────────────────────────────────────┤ +│ Fields: │ +│ waf_state: *WafState (mmap'd shared memory) │ +│ waf_config: *const WafConfig │ +│ limiter: RateLimiter │ +├─────────────────────────────────────────────────────────────────┤ +│ Methods: │ +│ init(state, config) -> WafEngine │ +│ check(request) -> CheckResult ◀── Main entry point │ +│ getClientIp(request) -> u32 │ +│ validateRequest(request) -> CheckResult │ +│ checkRateLimit(request, ip) -> CheckResult │ +│ checkBurst(ip) -> CheckResult │ +│ applyMode(result) -> CheckResult │ +│ recordDecision(result) -> void │ +└─────────────────────────────────────────────────────────────────┘ +``` + +**Key Functions:** + +| Function | Lines | Purpose | +|----------|-------|---------| +| `check()` | 192-227 | Main entry, orchestrates all checks | +| `getClientIp()` | 234-255 | Extract real IP from X-Forwarded-For | +| `validateRequest()` | 258-275 | URI/body size validation | +| `checkRateLimit()` | 278-314 | Token bucket rate limiting | +| `checkBurst()` | 317-326 | Anomaly detection | +| `applyMode()` | 329-334 | Shadow mode transformation | + +--- + +### 3. `state.zig` - Shared Memory Structures + +Lock-free data structures for multi-process sharing. + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ WafState (~4MB) │ +│ 64-byte aligned │ +├─────────────────────────────────────────────────────────────────┤ +│ magic: u64 │ Corruption detection "WAFSTV10" │ +├─────────────────────────────────────────────────────────────────┤ +│ buckets: [65536]Bucket │ Token bucket table │ +│ └─ Each Bucket: 64 bytes │ └─ key_hash: u64 │ +│ (cache-line aligned) │ └─ packed_state: u64 (atomic) │ +│ │ └─ tokens: u32 (scaled x1000) │ +│ │ └─ timestamp: u32 │ +├─────────────────────────────────────────────────────────────────┤ +│ conn_tracker: ConnTracker │ Per-IP connection counting │ +│ └─ [16384]ConnEntry │ └─ Slowloris detection │ +├─────────────────────────────────────────────────────────────────┤ +│ burst_tracker: BurstTracker│ Anomaly detection │ +│ └─ [8192]BurstEntry │ └─ baseline_rate (EMA) │ +│ │ └─ current_count │ +│ │ └─ last_window │ +├─────────────────────────────────────────────────────────────────┤ +│ metrics: WafMetrics │ Atomic counters │ +│ └─ requests_allowed │ │ +│ └─ requests_blocked │ │ +│ └─ requests_logged │ │ +│ └─ blocked_by_reason[10] │ │ +├─────────────────────────────────────────────────────────────────┤ +│ config_epoch: u64 │ Hot-reload detection │ +└─────────────────────────────────────────────────────────────────┘ +``` + +**Bucket CAS Operation:** + +``` +┌──────────────────────────────────────────────────────────────────┐ +│ Bucket.tryConsume(current_time, rate, max, cost) │ +│ │ +│ 1. Load packed_state atomically │ +│ ┌────────────────────────────────────────┐ │ +│ │ packed_state (u64) │ │ +│ │ [ tokens (u32) | timestamp (u32) ] │ │ +│ └────────────────────────────────────────┘ │ +│ │ +│ 2. Calculate token refill based on elapsed time │ +│ elapsed = current_time - old_timestamp │ +│ new_tokens = min(old_tokens + elapsed * rate, max) │ +│ │ +│ 3. Attempt consumption │ +│ if new_tokens >= cost: │ +│ new_tokens -= cost │ +│ │ +│ 4. CAS (Compare-And-Swap) atomically │ +│ if cmpxchgWeak(old_packed, new_packed): │ +│ return SUCCESS │ +│ else: │ +│ retry (up to MAX_CAS_ATTEMPTS) │ +│ │ +│ 5. Fail-open: If CAS exhausted, allow request │ +└──────────────────────────────────────────────────────────────────┘ +``` + +--- + +### 4. `rate_limiter.zig` - Token Bucket + +Lock-free rate limiting with atomic operations. + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ RateLimiter │ +├─────────────────────────────────────────────────────────────────┤ +│ state: *WafState (pointer to shared memory) │ +├─────────────────────────────────────────────────────────────────┤ +│ check(key, rule) -> DecisionResult │ +│ ├─ findOrCreateBucket(key.hash()) │ +│ ├─ bucket.tryConsume(time, rate, capacity, cost) │ +│ └─ Return allow/block with remaining tokens │ +├─────────────────────────────────────────────────────────────────┤ +│ findOrCreateBucket(hash) -> ?*Bucket │ +│ └─ Open addressing with linear probing │ +│ └─ Probe limit: 16 attempts │ +├─────────────────────────────────────────────────────────────────┤ +│ Key Structure: │ +│ ip: u32 (IPv4 address) │ +│ path_hash: u32 (FNV-1a hash of path) │ +└─────────────────────────────────────────────────────────────────┘ +``` + +--- + +### 5. `validator.zig` - Request Validation + +Zero-allocation request validation with streaming JSON support. + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ RequestValidator │ +├─────────────────────────────────────────────────────────────────┤ +│ config: *const ValidatorConfig │ +├─────────────────────────────────────────────────────────────────┤ +│ validateRequest(uri, content_length, headers) │ +│ ├─ Check URI length │ +│ ├─ Check body size │ +│ └─ Check query parameter count │ +├─────────────────────────────────────────────────────────────────┤ +│ validateJsonStream(chunk, state) -> ValidationResult │ +│ └─ Streaming JSON validation (constant memory) │ +│ └─ Tracks nesting depth and key count │ +├─────────────────────────────────────────────────────────────────┤ +│ ValidatorConfig: │ +│ max_uri_length: 2048 │ +│ max_query_params: 50 │ +│ max_body_size: 1MB │ +│ max_json_depth: 20 │ +│ max_json_keys: 1000 │ +└─────────────────────────────────────────────────────────────────┘ +``` + +--- + +### 6. `config.zig` - Configuration + +JSON configuration parsing with validation. + +```json +{ + "enabled": true, + "shadow_mode": false, + "burst_detection_enabled": true, + "burst_threshold": 10, + "rate_limits": [ + { + "name": "login_bruteforce", + "path": "/api/auth/login", + "method": "POST", + "limit": { "requests": 10, "period_sec": 60 }, + "burst": 3, + "by": "ip", + "action": "block" + } + ], + "slowloris": { + "max_conns_per_ip": 50 + }, + "request_limits": { + "max_uri_length": 2048, + "max_body_size": 1048576, + "max_json_depth": 20 + }, + "trusted_proxies": ["10.0.0.0/8"], + "logging": { + "log_blocked": true, + "log_allowed": false + } +} +``` + +--- + +### 7. `events.zig` - Structured Logging + +JSON Lines output for machine parsing. + +```json +{"timestamp":1703635200,"event_type":"blocked","client_ip":"192.168.1.1","method":"POST","path":"/api/login","rule_name":"login_bruteforce","reason":"rate_limit"} +``` + +--- + +## OpenTelemetry Integration + +### Initialization Flow + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ main.zig │ +│ │ +│ telemetry.init(allocator, "localhost:4318") │ +│ │ │ +│ ▼ │ +│ ┌─────────────────────────────────────────────────────────────┐│ +│ │ telemetry/mod.zig:init() ││ +│ │ ││ +│ │ 1. Create ConfigOptions (OTLP endpoint, HTTP protobuf) ││ +│ │ 2. Create OTLPExporter with service name ││ +│ │ 3. Create RandomIDGenerator with seeded PRNG ││ +│ │ 4. Create TracerProvider ││ +│ │ 5. Create BatchingProcessor ││ +│ │ └─ max_queue_size: 2048 ││ +│ │ └─ scheduled_delay_millis: 5000 ││ +│ │ └─ max_export_batch_size: 512 ││ +│ │ 6. Add processor to provider ││ +│ │ 7. Get tracer ("zzz-load-balancer", "0.1.0") ││ +│ │ 8. Store in global_state ││ +│ └─────────────────────────────────────────────────────────────┘│ +└─────────────────────────────────────────────────────────────────┘ +``` + +### Request Tracing Flow + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ handler.zig:handle() │ +│ │ +│ var span = telemetry.startServerSpan("proxy_request"); │ +│ defer span.end(); │ +│ │ │ +│ ▼ │ +│ ┌─────────────────────────────────────────────────────────────┐│ +│ │ telemetry/mod.zig:startServerSpan() ││ +│ │ ││ +│ │ tracer.startSpan(name, .{ ││ +│ │ .kind = .Server, ││ +│ │ .attributes = [...], ││ +│ │ }) ││ +│ └─────────────────────────────────────────────────────────────┘│ +│ │ +│ span.setStringAttribute("http.method", "GET"); │ +│ span.setStringAttribute("http.url", "/api/users"); │ +│ │ +│ // After WAF check │ +│ span.setStringAttribute("waf.decision", "allow"); │ +│ span.setStringAttribute("waf.client_ip", "192.168.1.1"); │ +│ span.setStringAttribute("waf.reason", "none"); │ +│ │ +│ // On blocked request │ +│ span.setStringAttribute("waf.decision", "block"); │ +│ span.setStringAttribute("waf.reason", "rate_limit"); │ +│ span.setStringAttribute("waf.rule", "login_bruteforce"); │ +│ │ +│ span.end(); // Automatically queued for batch export │ +└─────────────────────────────────────────────────────────────────┘ + │ + ▼ +┌─────────────────────────────────────────────────────────────────┐ +│ BatchingProcessor (background thread) │ +│ │ +│ Every 5 seconds OR when 512 spans accumulated: │ +│ └─ OTLPExporter.export(batch) │ +│ └─ HTTP POST to http://localhost:4318/v1/traces │ +│ └─ Protobuf-encoded spans │ +└─────────────────────────────────────────────────────────────────┘ + │ + ▼ +┌─────────────────────────────────────────────────────────────────┐ +│ Jaeger UI │ +│ │ +│ Trace: proxy_request │ +│ ├─ Service: zzz-load-balancer │ +│ ├─ Attributes: │ +│ │ ├─ http.method: GET │ +│ │ ├─ http.url: /api/users │ +│ │ ├─ waf.decision: block │ +│ │ ├─ waf.client_ip: 192.168.1.100 │ +│ │ ├─ waf.reason: rate_limit │ +│ │ └─ waf.rule: api_rate_limit │ +│ └─ Duration: 1.2ms │ +└─────────────────────────────────────────────────────────────────┘ +``` + +### Span Attributes Reference + +| Attribute | Type | Description | +|-----------|------|-------------| +| `http.method` | string | HTTP method (GET, POST, etc.) | +| `http.url` | string | Request URI | +| `http.status_code` | int | Response status code | +| `waf.decision` | string | "allow", "block", or "log_only" | +| `waf.client_ip` | string | Client IP address | +| `waf.reason` | string | Reason description if blocked | +| `waf.rule` | string | Rule name if blocked | +| `backend.host` | string | Backend server address | +| `backend.port` | int | Backend server port | + +--- + +## Burst Detection (Anomaly Detection) + +Detects sudden traffic spikes using Exponential Moving Average (EMA). + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ BurstEntry (12 bytes per IP) │ +├─────────────────────────────────────────────────────────────────┤ +│ ip_hash: u32 │ FNV-1a hash of client IP │ +│ baseline_rate: u16 │ EMA of requests/window (scaled x16) │ +│ current_count: u16 │ Requests in current window │ +│ last_window: u32 │ Timestamp of current window start │ +└─────────────────────────────────────────────────────────────────┘ + +Algorithm: +┌─────────────────────────────────────────────────────────────────┐ +│ Window = 60 seconds │ +│ │ +│ On each request: │ +│ if (current_time - last_window >= 60): │ +│ # New window - update baseline with EMA │ +│ new_baseline = old_baseline * 0.875 + current_count * 0.125│ +│ current_count = 1 │ +│ last_window = current_time │ +│ return false # No burst on window transition │ +│ else: │ +│ # Same window - increment and check │ +│ current_count += 1 │ +│ if baseline < MIN_BASELINE: │ +│ return false # Not enough history │ +│ if current_count * 16 > baseline * threshold: │ +│ return true # BURST DETECTED │ +│ return false │ +└─────────────────────────────────────────────────────────────────┘ + +Example: + Baseline: 20 req/min (established over time) + Threshold: 10x + + Window 1: 18 requests -> baseline updates to ~20 + Window 2: 22 requests -> baseline updates to ~20 + Window 3: 250 requests + -> 250 * 16 = 4000 > 320 * 10 = 3200 + -> BURST DETECTED at request ~200 +``` + +--- + +## WAF Stats Thread + +Background thread logs statistics every 10 seconds. + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ main.zig:wafStatsLoop() │ +│ │ +│ while (true): │ +│ std.posix.nanosleep(10, 0) # Sleep 10 seconds │ +│ stats = global_waf_state.metrics.snapshot() │ +│ │ +│ log.info("WAF Stats: total={} allowed={} blocked={} ...") │ +└─────────────────────────────────────────────────────────────────┘ + +Output: +[+10000ms] info(waf_stats): WAF Stats: total=1523 allowed=1498 blocked=25 logged=0 block_rate=1% | by_reason: rate_limit=20 slowloris=0 body=3 json=2 +``` + +--- + +## Memory Layout + +``` +Total WafState size: ~4.2MB + +┌──────────────────────────────────────────────────────────────────┐ +│ Offset │ Size │ Field │ +├───────────┼───────────┼──────────────────────────────────────────┤ +│ 0x000000 │ 8 bytes │ magic ("WAFSTV10") │ +│ 0x000040 │ 4,194,304 │ buckets[65536] (64 bytes each) │ +│ 0x400040 │ 131,072 │ conn_tracker[16384] (8 bytes each) │ +│ 0x420040 │ 98,304 │ burst_tracker[8192] (12 bytes each) │ +│ 0x438040 │ 128 │ metrics (atomic counters) │ +│ 0x4380C0 │ 8 │ config_epoch │ +└──────────────────────────────────────────────────────────────────┘ + +Cache-line alignment (64 bytes) at: + - buckets array start + - conn_tracker start + - burst_tracker start + - metrics start + - config_epoch +``` + +--- + +## File Reference + +| File | Lines | Purpose | +|------|-------|---------| +| `src/waf/mod.zig` | ~190 | Public API, re-exports | +| `src/waf/engine.zig` | ~400 | Main orchestrator | +| `src/waf/state.zig` | ~1240 | Shared memory structures | +| `src/waf/rate_limiter.zig` | ~350 | Token bucket implementation | +| `src/waf/validator.zig` | ~350 | Request validation | +| `src/waf/config.zig` | ~600 | JSON config parsing | +| `src/waf/events.zig` | ~300 | Structured logging | +| `src/telemetry/mod.zig` | ~220 | OpenTelemetry integration | +| `src/proxy/handler.zig` | ~500 | Request handler with WAF | +| `main.zig` | ~400 | Entry point, WAF init | + +--- + +## Test Coverage + +129 unit tests covering: +- Bucket operations and CAS +- Rate limiter logic +- Burst detection (EMA, spike detection) +- Request validation +- JSON streaming validation +- Config parsing +- Event formatting +- Integration tests + +Run tests: +```bash +zig test src/waf/mod.zig +``` diff --git a/main.zig b/main.zig index 1dc2d40..19ce07e 100644 --- a/main.zig +++ b/main.zig @@ -69,6 +69,45 @@ pub fn getWafConfig() *const waf.WafConfig { return &global_waf_config; } +/// WAF stats reporter interval (seconds) +const WAF_STATS_INTERVAL_SEC: u64 = 10; + +/// Start WAF stats reporter thread +fn startWafStatsThread() !std.Thread { + return std.Thread.spawn(.{}, wafStatsLoop, .{}); +} + +/// WAF stats reporter loop - runs in background thread +fn wafStatsLoop() void { + const waf_log = std.log.scoped(.waf_stats); + + while (true) { + std.posix.nanosleep(WAF_STATS_INTERVAL_SEC, 0); + + if (global_waf_state) |state| { + const stats = state.metrics.snapshot(); + const total = stats.totalRequests(); + + if (total > 0) { + waf_log.info( + "WAF Stats: total={d} allowed={d} blocked={d} logged={d} block_rate={d}% | by_reason: rate_limit={d} slowloris={d} body={d} json={d}", + .{ + total, + stats.requests_allowed, + stats.requests_blocked, + stats.requests_logged, + stats.blockRatePercent(), + stats.blocked_rate_limit, + stats.blocked_slowloris, + stats.blocked_body_too_large, + stats.blocked_json_depth, + }, + ); + } + } + } +} + pub const std_options: std.Options = .{ .log_level = .debug, // Compile-time max level (allows all) .logFn = runtimeLogFn, // Custom log function respects runtime level @@ -552,6 +591,10 @@ fn runMultiProcess(allocator: std.mem.Allocator, config: Config) !void { defer if (!global_waf_config.enabled) allocator.destroy(waf_state_ptr); if (global_waf_config.enabled) { log.info("WAF state initialized ({d} bytes)", .{@sizeOf(waf.WafState)}); + // Start WAF stats reporter thread + _ = startWafStatsThread() catch |err| { + log.warn("Failed to start WAF stats thread: {s}", .{@errorName(err)}); + }; } // Initialize backends in shared region @@ -873,6 +916,10 @@ fn runSingleProcess(parent_allocator: std.mem.Allocator, config: Config) !void { defer allocator.destroy(waf_state_ptr); if (global_waf_config.enabled) { log.info("WAF state initialized ({d} bytes)", .{@sizeOf(waf.WafState)}); + // Start WAF stats reporter thread + _ = startWafStatsThread() catch |err| { + log.warn("Failed to start WAF stats thread: {s}", .{@errorName(err)}); + }; } for (lb_config.backends, 0..) |b, idx| { diff --git a/src/proxy/handler.zig b/src/proxy/handler.zig index dacdf1a..77a113c 100644 --- a/src/proxy/handler.zig +++ b/src/proxy/handler.zig @@ -64,6 +64,23 @@ pub const ProxyError = error{ GoawayRetriesExhausted, }; +// ============================================================================ +// IP Address Formatting +// ============================================================================ + +/// Format an IPv4 address (u32 in host byte order) as a string +/// Returns a static buffer - only valid until next call +var ip_format_buf: [16]u8 = undefined; +fn formatIpv4(ip: u32) []const u8 { + const len = std.fmt.bufPrint(&ip_format_buf, "{d}.{d}.{d}.{d}", .{ + @as(u8, @truncate(ip >> 24)), + @as(u8, @truncate(ip >> 16)), + @as(u8, @truncate(ip >> 8)), + @as(u8, @truncate(ip)), + }) catch return "0.0.0.0"; + return ip_format_buf[0..len.len]; +} + // ============================================================================ // Connection State (TigerStyle: explicit struct for clarity) // ============================================================================ @@ -163,7 +180,9 @@ pub fn generateHandler( const waf_result = engine.check(&waf_request); // Add WAF attributes to span + const client_ip_str = formatIpv4(source_ip); span.setStringAttribute("waf.decision", if (waf_result.isBlocked()) "block" else if (waf_result.shouldLog()) "log_only" else "allow"); + span.setStringAttribute("waf.client_ip", client_ip_str); if (waf_result.reason != .none) { span.setStringAttribute("waf.reason", waf_result.reason.description()); } @@ -173,8 +192,10 @@ pub fn generateHandler( if (waf_result.isBlocked()) { // Request blocked by WAF - log.warn("[W{d}] WAF blocked request: reason={s}, rule={s}", .{ + log.warn("[W{d}] WAF BLOCKED: ip={s} uri={s} reason={s} rule={s}", .{ state.worker_id, + client_ip_str, + ctx.request.uri orelse "/", waf_result.reason.description(), waf_result.rule_name orelse "N/A", }); @@ -198,8 +219,10 @@ pub fn generateHandler( // Log if shadow mode decision was made if (waf_result.shouldLog()) { - log.info("[W{d}] WAF shadow: reason={s}, rule={s}", .{ + log.info("[W{d}] WAF SHADOW: ip={s} uri={s} reason={s} rule={s}", .{ state.worker_id, + client_ip_str, + ctx.request.uri orelse "/", waf_result.reason.description(), waf_result.rule_name orelse "N/A", }); diff --git a/src/waf/config.zig b/src/waf/config.zig index 18de444..9368db4 100644 --- a/src/waf/config.zig +++ b/src/waf/config.zig @@ -423,6 +423,10 @@ pub const WafConfig = struct { trusted_proxies: []const CidrRange = &.{}, /// Logging configuration logging: LoggingConfig = .{}, + /// Burst detection: detect sudden velocity spikes + burst_detection_enabled: bool = true, + /// Burst threshold: current rate must exceed baseline * threshold to trigger + burst_threshold: u32 = 10, /// Config epoch for hot-reload detection epoch: u64 = 0, diff --git a/src/waf/engine.zig b/src/waf/engine.zig index 620c2c7..ebc2386 100644 --- a/src/waf/engine.zig +++ b/src/waf/engine.zig @@ -207,6 +207,21 @@ pub const WafEngine = struct { // Check rate limits const rate_limit_result = self.checkRateLimit(request, client_ip); + if (rate_limit_result.decision != .allow) { + self.recordDecision(&rate_limit_result); + return self.applyMode(rate_limit_result); + } + + // Check for burst behavior (sudden velocity spike) + if (self.waf_config.burst_detection_enabled) { + const burst_result = self.checkBurst(client_ip); + if (burst_result.decision != .allow) { + self.recordDecision(&burst_result); + return self.applyMode(burst_result); + } + } + + // All checks passed self.recordDecision(&rate_limit_result); return self.applyMode(rate_limit_result); } @@ -298,6 +313,18 @@ pub const WafEngine = struct { return result; } + /// Check for burst behavior (sudden velocity spike) + fn checkBurst(self: *WafEngine, client_ip: u32) CheckResult { + const current_time = rate_limiter.getCurrentTimeSec(); + const threshold = self.waf_config.burst_threshold; + + if (self.waf_state.checkBurst(client_ip, current_time, threshold)) { + return CheckResult.block(.burst, null); + } + + return CheckResult.allow(); + } + /// Apply shadow mode transformation if enabled fn applyMode(self: *WafEngine, result: CheckResult) CheckResult { if (self.waf_config.shadow_mode) { diff --git a/src/waf/mod.zig b/src/waf/mod.zig index 4f19b0b..1cb777f 100644 --- a/src/waf/mod.zig +++ b/src/waf/mod.zig @@ -38,6 +38,8 @@ pub const Reason = @import("state.zig").Reason; pub const Bucket = @import("state.zig").Bucket; pub const ConnEntry = @import("state.zig").ConnEntry; pub const ConnTracker = @import("state.zig").ConnTracker; +pub const BurstEntry = @import("state.zig").BurstEntry; +pub const BurstTracker = @import("state.zig").BurstTracker; pub const WafMetrics = @import("state.zig").WafMetrics; pub const MetricsSnapshot = @import("state.zig").MetricsSnapshot; @@ -49,6 +51,9 @@ pub const MAX_CAS_ATTEMPTS = @import("state.zig").MAX_CAS_ATTEMPTS; pub const MAX_TRACKED_IPS = @import("state.zig").MAX_TRACKED_IPS; pub const WAF_STATE_MAGIC = @import("state.zig").WAF_STATE_MAGIC; pub const WAF_STATE_SIZE = @import("state.zig").WAF_STATE_SIZE; +pub const MAX_BURST_TRACKED = @import("state.zig").MAX_BURST_TRACKED; +pub const BURST_WINDOW_SEC = @import("state.zig").BURST_WINDOW_SEC; +pub const BURST_THRESHOLD_MULTIPLIER = @import("state.zig").BURST_THRESHOLD_MULTIPLIER; // State helper functions pub const packState = @import("state.zig").packState; diff --git a/src/waf/state.zig b/src/waf/state.zig index b80a64e..ed26015 100644 --- a/src/waf/state.zig +++ b/src/waf/state.zig @@ -87,6 +87,8 @@ pub const Reason = enum(u8) { path_traversal = 7, /// Invalid request format invalid_request = 8, + /// Request velocity burst detected (sudden spike from IP) + burst = 9, /// Get human-readable description pub fn description(self: Reason) []const u8 { @@ -100,6 +102,7 @@ pub const Reason = enum(u8) { .xss => "XSS pattern detected", .path_traversal => "path traversal attempt", .invalid_request => "invalid request format", + .burst => "request velocity burst detected", }; } }; @@ -372,6 +375,172 @@ pub const ConnTracker = extern struct { } }; +// ============================================================================= +// Burst Detector (Anomaly Detection) +// ============================================================================= + +/// Maximum tracked IPs for burst detection +pub const MAX_BURST_TRACKED: usize = 8192; + +/// Burst detection window in seconds +pub const BURST_WINDOW_SEC: u32 = 10; + +/// Default burst threshold multiplier (current rate > baseline * threshold = burst) +pub const BURST_THRESHOLD_MULTIPLIER: u32 = 10; + +/// Minimum baseline before burst detection activates (avoid false positives on first requests) +pub const BURST_MIN_BASELINE: u16 = 5; + +/// Entry for tracking per-IP request velocity +/// Uses exponential moving average (EMA) to establish baseline +pub const BurstEntry = extern struct { + /// Hash of IP address - 0 means empty slot + ip_hash: u32 = 0, + + /// Baseline request rate (EMA, requests per window, scaled by 16 for precision) + /// Stored as fixed-point: actual_rate = baseline_rate / 16 + baseline_rate: u16 = 0, + + /// Request count in current window + current_count: u16 = 0, + + /// Last window timestamp (seconds, wrapping) + last_window: u32 = 0, + + /// Get atomic pointer to current_count + pub inline fn getCurrentCountPtr(self: *BurstEntry) *std.atomic.Value(u16) { + return @ptrCast(&self.current_count); + } + + /// Get atomic pointer to baseline_rate + pub inline fn getBaselinePtr(self: *BurstEntry) *std.atomic.Value(u16) { + return @ptrCast(&self.baseline_rate); + } + + /// Get atomic pointer to last_window + pub inline fn getLastWindowPtr(self: *BurstEntry) *std.atomic.Value(u32) { + return @ptrCast(&self.last_window); + } + + /// Record a request and check for burst + /// Returns true if this is a burst (anomaly detected) + pub fn recordAndCheck(self: *BurstEntry, current_time: u32, threshold_mult: u32) bool { + const last = self.getLastWindowPtr().load(.acquire); + const time_diff = current_time -% last; + + // Check if we're in a new window + if (time_diff >= BURST_WINDOW_SEC) { + // Window expired - update baseline and reset count + const old_count = self.getCurrentCountPtr().swap(1, .acq_rel); + const old_baseline = self.getBaselinePtr().load(.acquire); + + // Calculate new baseline using EMA: new = old * 0.875 + current * 0.125 + // Using fixed-point: multiply count by 16, then blend + const current_scaled: u32 = @as(u32, old_count) * 16; + const new_baseline: u16 = @intCast( + (@as(u32, old_baseline) * 7 + current_scaled) / 8, + ); + + self.getBaselinePtr().store(new_baseline, .release); + self.getLastWindowPtr().store(current_time, .release); + + return false; // New window, no burst yet + } + + // Same window - increment count and check for burst + const new_count = self.getCurrentCountPtr().fetchAdd(1, .acq_rel) + 1; + const baseline = self.getBaselinePtr().load(.acquire); + + // Skip burst detection if baseline not established + if (baseline < BURST_MIN_BASELINE * 16) { + return false; + } + + // Check if current rate exceeds baseline * threshold + // baseline is scaled by 16, so: current * 16 > baseline * threshold + const current_scaled: u32 = @as(u32, new_count) * 16; + const threshold: u32 = @as(u32, baseline) * threshold_mult; + + return current_scaled > threshold; + } + + comptime { + // Ensure entry is 12 bytes + std.debug.assert(@sizeOf(BurstEntry) == 12); + } +}; + +/// Burst detector hash table +pub const BurstTracker = extern struct { + entries: [MAX_BURST_TRACKED]BurstEntry = [_]BurstEntry{.{}} ** MAX_BURST_TRACKED, + + /// Find or create entry for an IP + /// Returns null if table is full + pub fn findOrCreate(self: *BurstTracker, ip_hash: u32, current_time: u32) ?*BurstEntry { + if (ip_hash == 0) return null; + + const start_idx = ip_hash % MAX_BURST_TRACKED; + var idx = start_idx; + var probe_count: u32 = 0; + + while (probe_count < BUCKET_PROBE_LIMIT) : (probe_count += 1) { + const entry = &self.entries[idx]; + + // Found existing entry + if (entry.ip_hash == ip_hash) { + return entry; + } + + // Found empty slot - try to claim it + if (entry.ip_hash == 0) { + const ptr: *std.atomic.Value(u32) = @ptrCast(&entry.ip_hash); + if (ptr.cmpxchgStrong(0, ip_hash, .acq_rel, .acquire) == null) { + // Successfully claimed slot + entry.getLastWindowPtr().store(current_time, .release); + return entry; + } + // Someone else claimed it, check if it's ours + if (entry.ip_hash == ip_hash) { + return entry; + } + } + + idx = (idx + 1) % MAX_BURST_TRACKED; + } + + return null; // Table too full + } + + /// Check if an IP is bursting (for read-only check) + pub fn isBursting(self: *BurstTracker, ip_hash: u32, current_time: u32, threshold_mult: u32) bool { + if (ip_hash == 0) return false; + + const start_idx = ip_hash % MAX_BURST_TRACKED; + var idx = start_idx; + var probe_count: u32 = 0; + + while (probe_count < BUCKET_PROBE_LIMIT) : (probe_count += 1) { + const entry = &self.entries[idx]; + + if (entry.ip_hash == ip_hash) { + return entry.recordAndCheck(current_time, threshold_mult); + } + + if (entry.ip_hash == 0) { + return false; // Not found + } + + idx = (idx + 1) % MAX_BURST_TRACKED; + } + + return false; + } + + comptime { + std.debug.assert(@sizeOf(BurstTracker) == MAX_BURST_TRACKED * @sizeOf(BurstEntry)); + } +}; + // ============================================================================= // WAF Metrics // ============================================================================= @@ -550,6 +719,9 @@ pub const WafState = extern struct { /// Connection tracker for slowloris detection conn_tracker: ConnTracker align(CACHE_LINE) = .{}, + /// Burst detector for anomaly detection + burst_tracker: BurstTracker align(CACHE_LINE) = .{}, + /// Global metrics with atomic counters metrics: WafMetrics align(CACHE_LINE) = .{}, @@ -666,6 +838,19 @@ pub const WafState = extern struct { return count; } + // ========================================================================= + // Burst Detection Operations + // ========================================================================= + + /// Check if an IP is exhibiting burst behavior (sudden velocity spike) + /// Returns true if current request rate is significantly above baseline + pub fn checkBurst(self: *WafState, ip_hash: u32, current_time: u32, threshold_mult: u32) bool { + if (self.burst_tracker.findOrCreate(ip_hash, current_time)) |entry| { + return entry.recordAndCheck(current_time, threshold_mult); + } + return false; // Table full, fail open + } + // ========================================================================= // Comptime Assertions // ========================================================================= @@ -677,6 +862,7 @@ pub const WafState = extern struct { // Verify all major sections are cache-line aligned std.debug.assert(@offsetOf(WafState, "buckets") % CACHE_LINE == 0); std.debug.assert(@offsetOf(WafState, "conn_tracker") % CACHE_LINE == 0); + std.debug.assert(@offsetOf(WafState, "burst_tracker") % CACHE_LINE == 0); std.debug.assert(@offsetOf(WafState, "metrics") % CACHE_LINE == 0); std.debug.assert(@offsetOf(WafState, "config_epoch") % CACHE_LINE == 0); @@ -938,3 +1124,120 @@ test "alignment: all structures properly aligned" { try std.testing.expect(@offsetOf(WafState, "metrics") % CACHE_LINE == 0); try std.testing.expect(@offsetOf(WafState, "config_epoch") % CACHE_LINE == 0); } + +test "BurstEntry: recordAndCheck detects velocity spike" { + var entry = BurstEntry{ + .ip_hash = 0x12345678, + .baseline_rate = 0, + .current_count = 0, + .last_window = 0, + }; + + const threshold: u32 = 3; // Current rate must be > baseline * 3 to trigger + var time: u32 = 1000; + + // Establish baseline over several windows with 20 requests each + // This builds up baseline above BURST_MIN_BASELINE (5 * 16 = 80) + for (0..5) |_| { + for (0..20) |_| { + _ = entry.recordAndCheck(time, threshold); + } + time += BURST_WINDOW_SEC; + } + + // Baseline should now be ~20 requests/window (scaled by 16 = ~320) + // which is above BURST_MIN_BASELINE * 16 = 80 + + // Now simulate a burst: 200 requests in one window + // This should trigger because 200 * 16 = 3200 > 320 * 3 = 960 + var burst_detected = false; + for (0..200) |_| { + if (entry.recordAndCheck(time, threshold)) { + burst_detected = true; + break; + } + } + + try std.testing.expect(burst_detected); +} + +test "BurstEntry: no burst for steady traffic" { + var entry = BurstEntry{ + .ip_hash = 0x12345678, + .baseline_rate = 0, + .current_count = 0, + .last_window = 0, + }; + + const threshold: u32 = 10; + const base_time: u32 = 1000; + + // First window - establish baseline (50 requests) + for (0..50) |_| { + _ = entry.recordAndCheck(base_time, threshold); + } + + // Move to next window + const window2_time = base_time + BURST_WINDOW_SEC; + _ = entry.recordAndCheck(window2_time, threshold); + + // Maintain similar rate - no burst + var burst_detected = false; + for (0..60) |_| { + if (entry.recordAndCheck(window2_time, threshold)) { + burst_detected = true; + } + } + + // Should NOT detect burst (60 is not >> 50 * 10) + try std.testing.expect(!burst_detected); +} + +test "BurstTracker: findOrCreate" { + var tracker = BurstTracker{}; + const current_time: u32 = 1000; + + // Find or create entry + const entry1 = tracker.findOrCreate(0x12345678, current_time); + try std.testing.expect(entry1 != null); + try std.testing.expectEqual(@as(u32, 0x12345678), entry1.?.ip_hash); + + // Same hash should return same entry + const entry2 = tracker.findOrCreate(0x12345678, current_time); + try std.testing.expectEqual(entry1, entry2); + + // Different hash should return different entry + const entry3 = tracker.findOrCreate(0xDEADBEEF, current_time); + try std.testing.expect(entry3 != null); + try std.testing.expect(entry1 != entry3); +} + +test "WafState: checkBurst integration" { + var waf_state = WafState.init(); + + const ip_hash: u32 = 0xCAFEBABE; + const threshold: u32 = 3; + var time: u32 = 1000; + + // Establish baseline over several windows with 30 requests each + for (0..5) |_| { + for (0..30) |_| { + // Should not detect burst while establishing baseline + const result = waf_state.checkBurst(ip_hash, time, threshold); + _ = result; + } + time += BURST_WINDOW_SEC; + } + + // Now burst: 300 requests in one window + // Baseline ~30 req/window * 16 = 480, threshold 480 * 3 = 1440 + // 300 * 16 = 4800 > 1440, should trigger + var burst_detected = false; + for (0..300) |_| { + if (waf_state.checkBurst(ip_hash, time, threshold)) { + burst_detected = true; + break; + } + } + try std.testing.expect(burst_detected); +} From 090827ed2694d49e68afbd794ca2b5bd642f2b62 Mon Sep 17 00:00:00 2001 From: "Parrin, N.D. (Nicholas)" Date: Fri, 26 Dec 2025 23:39:20 +0100 Subject: [PATCH 8/9] waf --- docs/WAF_ARCHITECTURE.md | 64 ++++++++++++++++-------- src/proxy/handler.zig | 6 +-- src/waf/engine.zig | 104 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 150 insertions(+), 24 deletions(-) diff --git a/docs/WAF_ARCHITECTURE.md b/docs/WAF_ARCHITECTURE.md index a203a71..3bd911a 100644 --- a/docs/WAF_ARCHITECTURE.md +++ b/docs/WAF_ARCHITECTURE.md @@ -483,26 +483,28 @@ JSON Lines output for machine parsing. │ │ │ │ ▼ │ │ ┌─────────────────────────────────────────────────────────────┐│ -│ │ telemetry/mod.zig:startServerSpan() ││ +│ │ engine.checkWithSpan(&request, &span, telemetry) ││ │ │ ││ -│ │ tracer.startSpan(name, .{ ││ -│ │ .kind = .Server, ││ -│ │ .attributes = [...], ││ -│ │ }) ││ +│ │ Creates child spans for each WAF step: ││ +│ │ ││ +│ │ proxy_request (Server) ││ +│ │ └── waf.check (Internal) ││ +│ │ ├── waf.validate_request (Internal) ││ +│ │ │ └─ waf.step: "validate_request" ││ +│ │ │ └─ waf.passed: true/false ││ +│ │ ├── waf.rate_limit (Internal) ││ +│ │ │ └─ waf.step: "rate_limit" ││ +│ │ │ └─ waf.passed: true/false ││ +│ │ │ └─ waf.tokens_remaining: 42 ││ +│ │ │ └─ waf.rule: "api_rate_limit" ││ +│ │ └── waf.burst_detection (Internal) ││ +│ │ └─ waf.step: "burst_detection" ││ +│ │ └─ waf.passed: true/false ││ │ └─────────────────────────────────────────────────────────────┘│ │ │ -│ span.setStringAttribute("http.method", "GET"); │ -│ span.setStringAttribute("http.url", "/api/users"); │ -│ │ -│ // After WAF check │ +│ // Summary attributes on parent span │ │ span.setStringAttribute("waf.decision", "allow"); │ │ span.setStringAttribute("waf.client_ip", "192.168.1.1"); │ -│ span.setStringAttribute("waf.reason", "none"); │ -│ │ -│ // On blocked request │ -│ span.setStringAttribute("waf.decision", "block"); │ -│ span.setStringAttribute("waf.reason", "rate_limit"); │ -│ span.setStringAttribute("waf.rule", "login_bruteforce"); │ │ │ │ span.end(); // Automatically queued for batch export │ └─────────────────────────────────────────────────────────────────┘ @@ -521,12 +523,17 @@ JSON Lines output for machine parsing. ┌─────────────────────────────────────────────────────────────────┐ │ Jaeger UI │ │ │ -│ Trace: proxy_request │ -│ ├─ Service: zzz-load-balancer │ -│ ├─ Attributes: │ -│ │ ├─ http.method: GET │ -│ │ ├─ http.url: /api/users │ -│ │ ├─ waf.decision: block │ +│ Trace: proxy_request [12.5ms] │ +│ ├─ waf.check [0.8ms] │ +│ │ ├─ waf.validate_request [0.05ms] │ +│ │ ├─ waf.rate_limit [0.5ms] │ +│ │ └─ waf.burst_detection [0.2ms] │ +│ └─ backend_request [11.2ms] │ +│ │ +│ Span Attributes: │ +│ ├─ http.method: GET │ +│ ├─ http.url: /api/users │ +│ ├─ waf.decision: block │ │ │ ├─ waf.client_ip: 192.168.1.100 │ │ │ ├─ waf.reason: rate_limit │ │ │ └─ waf.rule: api_rate_limit │ @@ -536,6 +543,8 @@ JSON Lines output for machine parsing. ### Span Attributes Reference +**Parent Span (proxy_request):** + | Attribute | Type | Description | |-----------|------|-------------| | `http.method` | string | HTTP method (GET, POST, etc.) | @@ -548,6 +557,19 @@ JSON Lines output for machine parsing. | `backend.host` | string | Backend server address | | `backend.port` | int | Backend server port | +**WAF Child Spans (waf.check, waf.validate_request, waf.rate_limit, waf.burst_detection):** + +| Attribute | Type | Description | +|-----------|------|-------------| +| `waf.step` | string | Current step name | +| `waf.passed` | bool | Whether this step passed | +| `waf.tokens_remaining` | int | Remaining rate limit tokens (rate_limit only) | +| `waf.rule` | string | Matched rule name (rate_limit only) | +| `waf.reason` | string | Block reason if failed | +| `waf.blocked_by` | string | Which step blocked (on waf.check span) | +| `waf.result` | string | Final result "allow" (on waf.check span) | +| `waf.enabled` | string | "false" if WAF disabled (fast path) | + --- ## Burst Detection (Anomaly Detection) diff --git a/src/proxy/handler.zig b/src/proxy/handler.zig index 77a113c..a26317d 100644 --- a/src/proxy/handler.zig +++ b/src/proxy/handler.zig @@ -176,10 +176,10 @@ pub fn generateHandler( source_ip, ); - // Check WAF rules - const waf_result = engine.check(&waf_request); + // Check WAF rules (with tracing - creates child spans for each step) + const waf_result = engine.checkWithSpan(&waf_request, &span, telemetry); - // Add WAF attributes to span + // Add WAF summary attributes to parent span const client_ip_str = formatIpv4(source_ip); span.setStringAttribute("waf.decision", if (waf_result.isBlocked()) "block" else if (waf_result.shouldLog()) "log_only" else "allow"); span.setStringAttribute("waf.client_ip", client_ip_str); diff --git a/src/waf/engine.zig b/src/waf/engine.zig index ebc2386..dd9808c 100644 --- a/src/waf/engine.zig +++ b/src/waf/engine.zig @@ -40,6 +40,7 @@ pub const HttpMethod = config.HttpMethod; pub const RateLimitRule = config.RateLimitRule; pub const ipToBytes = config.ipToBytes; + // ============================================================================= // Request - Incoming HTTP Request Representation // ============================================================================= @@ -226,6 +227,109 @@ pub const WafEngine = struct { return self.applyMode(rate_limit_result); } + /// Main entry point with OpenTelemetry tracing + /// + /// Creates child spans for each WAF check step, providing visibility + /// into the WAF decision process in Jaeger/OTLP. + /// + /// The telemetry_mod parameter uses duck typing - any module that provides + /// startChildSpan(span, name, kind) -> Span works. + /// + /// Span hierarchy: + /// proxy_request (parent) + /// └── waf.check + /// ├── waf.validate_request + /// ├── waf.rate_limit + /// └── waf.burst_detection + pub fn checkWithSpan( + self: *WafEngine, + request: *const Request, + parent_span: anytype, + comptime telemetry_mod: type, + ) CheckResult { + // Create WAF check span as child of parent + var waf_span = telemetry_mod.startChildSpan(parent_span, "waf.check", .Internal); + defer waf_span.end(); + + // Fast path: WAF disabled + if (!self.waf_config.enabled) { + waf_span.setStringAttribute("waf.enabled", "false"); + return CheckResult.allow(); + } + + // Extract real client IP (handles trusted proxies) + const client_ip = self.getClientIp(request); + + // Step 1: Validate request (URI length, body size) + { + var validate_span = telemetry_mod.startChildSpan(&waf_span, "waf.validate_request", .Internal); + defer validate_span.end(); + + const validation_result = self.validateRequest(request); + validate_span.setStringAttribute("waf.step", "validate_request"); + validate_span.setBoolAttribute("waf.passed", validation_result.decision == .allow); + + if (validation_result.decision != .allow) { + validate_span.setStringAttribute("waf.reason", validation_result.reason.description()); + waf_span.setStringAttribute("waf.blocked_by", "validate_request"); + self.recordDecision(&validation_result); + return self.applyMode(validation_result); + } + } + + // Step 2: Check rate limits + const rate_limit_result = blk: { + var rate_span = telemetry_mod.startChildSpan(&waf_span, "waf.rate_limit", .Internal); + defer rate_span.end(); + + const result = self.checkRateLimit(request, client_ip); + rate_span.setStringAttribute("waf.step", "rate_limit"); + rate_span.setBoolAttribute("waf.passed", result.decision == .allow); + + if (result.tokens_remaining) |remaining| { + rate_span.setIntAttribute("waf.tokens_remaining", @intCast(remaining)); + } + if (result.rule_name) |rule| { + rate_span.setStringAttribute("waf.rule", rule); + } + + if (result.decision != .allow) { + rate_span.setStringAttribute("waf.reason", result.reason.description()); + waf_span.setStringAttribute("waf.blocked_by", "rate_limit"); + self.recordDecision(&result); + break :blk self.applyMode(result); + } + break :blk result; + }; + + // Early return if rate limited + if (rate_limit_result.decision != .allow) { + return rate_limit_result; + } + + // Step 3: Check for burst behavior (sudden velocity spike) + if (self.waf_config.burst_detection_enabled) { + var burst_span = telemetry_mod.startChildSpan(&waf_span, "waf.burst_detection", .Internal); + defer burst_span.end(); + + const burst_result = self.checkBurst(client_ip); + burst_span.setStringAttribute("waf.step", "burst_detection"); + burst_span.setBoolAttribute("waf.passed", burst_result.decision == .allow); + + if (burst_result.decision != .allow) { + burst_span.setStringAttribute("waf.reason", burst_result.reason.description()); + waf_span.setStringAttribute("waf.blocked_by", "burst_detection"); + self.recordDecision(&burst_result); + return self.applyMode(burst_result); + } + } + + // All checks passed + waf_span.setStringAttribute("waf.result", "allow"); + self.recordDecision(&rate_limit_result); + return self.applyMode(rate_limit_result); + } + /// Extract the real client IP, handling trusted proxies /// /// If the direct connection is from a trusted proxy and X-Forwarded-For From 59a4403fd66c75f456c121bb40300e16c2efd3aa Mon Sep 17 00:00:00 2001 From: "Parrin, N.D. (Nicholas)" Date: Sat, 27 Dec 2025 00:01:01 +0100 Subject: [PATCH 9/9] waf --- src/http/http2/pool.zig | 4 ++-- src/proxy/handler.zig | 7 ++++++- waf_test.json | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/http/http2/pool.zig b/src/http/http2/pool.zig index 2808d78..9170ee8 100644 --- a/src/http/http2/pool.zig +++ b/src/http/http2/pool.zig @@ -119,8 +119,8 @@ pub const H2ConnectionPool = struct { } } - // All slots full - handler will retry on TooManyStreams - log.warn("Connection pool exhausted: backend={d}", .{backend_idx}); + // All slots full - this is an error condition (causes 503s under load) + log.err("H2 pool exhausted: backend={d} (32 conns x 8 streams = 256 max concurrent)", .{backend_idx}); return error.PoolExhausted; } diff --git a/src/proxy/handler.zig b/src/proxy/handler.zig index a26317d..539bb2f 100644 --- a/src/proxy/handler.zig +++ b/src/proxy/handler.zig @@ -387,6 +387,10 @@ inline fn proxyWithFailover( } } + // All backends exhausted - this IS an error (user gets 503) + log.err("[W{d}] All backends exhausted, returning 503", .{state.worker_id}); + trace_span.setError("All backends exhausted"); + return ctx.response.apply(.{ .status = .@"Service Unavailable", .mime = http.Mime.TEXT, @@ -892,12 +896,13 @@ fn streamingProxyHttp2( // Get or create connection (pool handles everything: TLS, handshake, retry) const conn = pool.getOrCreate(backend_idx, ctx.io, &h2_span) catch |err| { - log.warn("[REQ {d}] H2 pool getOrCreate failed: {}", .{ req_id, err }); h2_span.setError("Pool getOrCreate failed"); // PoolExhausted is a local resource issue, not a backend failure + // Pool already logs at error level, so just return the error if (err == error.PoolExhausted) { return ProxyError.PoolExhausted; } + log.err("[REQ {d}] H2 pool getOrCreate failed: {}", .{ req_id, err }); return ProxyError.ConnectionFailed; }; diff --git a/waf_test.json b/waf_test.json index b912cc2..4fc3afc 100644 --- a/waf_test.json +++ b/waf_test.json @@ -5,7 +5,7 @@ { "name": "test_limit", "path": "/*", - "limit": { "requests": 3, "period_sec": 60 }, + "limit": { "requests": 200000, "period_sec": 60 }, "burst": 0, "by": "ip", "action": "block"