From d5fba340cb3bf0c970ff20f6555ee2547fb925cf Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 14 Jan 2022 14:54:39 +0100 Subject: [PATCH 001/698] new: [taxii integration] wip - all MISP side code implemented for being able to have filtered pushes - still missing proper result handling as we need a working test implementation of the python scripts first - some assumptions made that need to be revisited --- app/Console/Command/ServerShell.php | 36 ++++++- app/Controller/TaxiiServersController.php | 104 ++++++++++++++++++ app/Model/Event.php | 83 +++++++------- app/Model/TaxiiServer.php | 125 ++++++++++++++++++++++ app/View/Elements/global_menu.ctp | 5 + app/View/TaxiiServers/add.ctp | 44 ++++++++ app/View/TaxiiServers/index.ctp | 90 ++++++++++++++++ app/View/TaxiiServers/view.ctp | 68 ++++++++++++ 8 files changed, 516 insertions(+), 39 deletions(-) create mode 100644 app/Controller/TaxiiServersController.php create mode 100644 app/Model/TaxiiServer.php create mode 100644 app/View/TaxiiServers/add.ctp create mode 100644 app/View/TaxiiServers/index.ctp create mode 100644 app/View/TaxiiServers/view.ctp diff --git a/app/Console/Command/ServerShell.php b/app/Console/Command/ServerShell.php index 58d7fdfe3..cab493230 100644 --- a/app/Console/Command/ServerShell.php +++ b/app/Console/Command/ServerShell.php @@ -12,7 +12,7 @@ require_once 'AppShell.php'; */ class ServerShell extends AppShell { - public $uses = array('Server', 'Task', 'Job', 'User', 'Feed'); + public $uses = array('Server', 'Task', 'Job', 'User', 'Feed', 'TaxiiServer'); public function list() { @@ -617,4 +617,38 @@ class ServerShell extends AppShell } return $this->BackgroundJobsTool; } + + public function push_taxii() + { + if (empty($this->args[0]) || empty($this->args[1])) { + die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['Push Taxii'] . PHP_EOL); + } + + $userId = $this->args[0]; + $user = $this->getUser($userId); + $serverId = $this->args[1]; + if (!empty($this->args[3])) { + $jobId = $this->args[3]; + } else { + $jobId = $this->Job->createJob($user, Job::WORKER_DEFAULT, 'push_taxii', 'Server: ' . $serverId, 'Pushing.'); + } + $this->Job->read(null, $jobId); + + $result = $this->TaxiiServer->push($serverId, $technique, $jobId, $HttpSocket, $user); + + if ($result !== true && !is_array($result)) { + $message = 'Job failed. Reason: ' . $result; + $this->Job->saveStatus($jobId, false, $message); + } else { + $message = 'Job done.'; + $this->Job->saveStatus($jobId, true, $message); + } + + if (isset($this->args[4])) { + $this->Task->id = $this->args[5]; + $message = 'Job(s) started at ' . date('d/m/Y - H:i:s') . '.'; + $this->Task->saveField('message', $message); + echo $message . PHP_EOL; + } + } } diff --git a/app/Controller/TaxiiServersController.php b/app/Controller/TaxiiServersController.php new file mode 100644 index 000000000..ab0408f6e --- /dev/null +++ b/app/Controller/TaxiiServersController.php @@ -0,0 +1,104 @@ + 60, + 'maxLimit' => 9999 + ); + + public function index() + { + $params = [ + 'filters' => ['name', 'url', 'uuid'], + 'quickFilters' => ['name'] + ]; + $this->CRUD->index($params); + if ($this->IndexFilter->isRest()) { + return $this->restResponsePayload; + } + $this->set('menuData', array('menuList' => 'sync', 'menuItem' => 'list_taxii')); + } + + public function add() + { + $params = []; + $this->CRUD->add($params); + if ($this->restResponsePayload) { + return $this->restResponsePayload; + } + $dropdownData = []; + $this->set(compact('dropdownData')); + $this->set('menuData', array('menuList' => 'sync', 'menuItem' => 'add_taxii')); + } + + public function edit($id) + { + $this->set('menuData', array('menuList' => 'sync', 'menuItem' => 'edit_taxii')); + $this->set('id', $id); + $params = []; + $this->CRUD->edit($id, $params); + if ($this->IndexFilter->isRest()) { + return $this->restResponsePayload; + } + $dropdownData = []; + $this->set(compact('dropdownData')); + $this->render('add'); + } + + public function delete($id) + { + $this->CRUD->delete($id); + if ($this->IndexFilter->isRest()) { + return $this->restResponsePayload; + } + } + + public function view($id) + { + $this->set('menuData', ['menuList' => 'sync', 'menuItem' => 'view_taxii']); + $this->CRUD->view($id); + if ($this->IndexFilter->isRest()) { + return $this->restResponsePayload; + } + $this->set('id', $id); + } + + public function push($id) + { + $this->set('menuData', ['menuList' => 'sync', 'menuItem' => 'push_taxii']); + $taxii_server = $this->TaxiiServer->find('first', [ + 'recursive' => -1, + 'conditions' => ['TaxiiServer.id' => $id] + ]); + if (empty($taxii_server)) { + throw new NotFoundException(__('Invalid Taxii Server ID provided.')); + } + + if ($this->request->is('post')) { + $result = $this->TaxiiServer->pushRouter($taxii_server['TaxiiServer']['id'], $this->Auth->user()); + $message = __('Taxii push initiated.'); + if ($this->_isRest()) { + return $this->RestResponse->saveSuccessResponse('TaxiiServers', 'push', $id, false, $message); + } else { + $this->Flash->success($message); + $this->redirect($this->referer()); + } + } else { + $this->set('id', $taxii_server['TaxiiServer']['id']); + $this->set('title', __('Push data to TAXII server')); + $this->set('question', __('Are you sure you want to Push data as configured in the filters to the TAXII server?')); + $this->set('actionName', __('Push')); + $this->layout = 'ajax'; + $this->render('/genericTemplates/confirm'); + } + } +} diff --git a/app/Model/Event.php b/app/Model/Event.php index fe6770162..460494f7f 100755 --- a/app/Model/Event.php +++ b/app/Model/Event.php @@ -7092,6 +7092,47 @@ class Event extends AppModel } } + + public function restSearchFilterMassage($filters, $non_restrictive_export) + { + if (!empty($filters['ignore'])) { + $filters['to_ids'] = array(0, 1); + $filters['published'] = array(0, 1); + } + if (!empty($filters['quickFilter'])) { + $filters['searchall'] = $filters['quickFilter']; + if (!empty($filters['value'])) { + unset($filters['value']); + } + } + if (isset($filters['searchall'])) { + if (!empty($filters['value'])) { + $filters['wildcard'] = $filters['value']; + } else { + $filters['wildcard'] = $filters['searchall']; + } + } + + if (isset($filters['tag']) and !isset($filters['tags'])) { + $filters['tags'] = $filters['tag']; + } + if (!empty($filters['withAttachments'])) { + $filters['includeAttachments'] = 1; + } + if (empty($non_restrictive_export)) { + if (!isset($filters['to_ids'])) { + $filters['to_ids'] = 1; + } + if (!isset($filters['published'])) { + $filters['published'] = 1; + } + $filters['allow_proposal_blocking'] = 1; + } + $subqueryElements = $this->harvestSubqueryElements($filters); + $filters = $this->addFiltersFromSubqueryElements($filters, $subqueryElements, $user); + return $filters; + } + /** * @param array $user * @param string $returnFormat @@ -7120,49 +7161,18 @@ class Event extends AppModel $exportTool->setDefaultFilters($filters); } - if (empty($exportTool->non_restrictive_export)) { - if (!isset($filters['to_ids'])) { - $filters['to_ids'] = 1; - } - if (!isset($filters['published'])) { - $filters['published'] = 1; - } - $filters['allow_proposal_blocking'] = 1; - } - if (!empty($exportTool->renderView)) { $renderView = $exportTool->renderView; } + $non_restrictive_export = !empty($exportTool->non_restrictive_export); + $filters = $this->restSearchFilterMassage($filters, $non_restrictive_export); - if (!empty($filters['ignore'])) { - $filters['to_ids'] = array(0, 1); - $filters['published'] = array(0, 1); - } - if (!empty($filters['quickFilter'])) { - $filters['searchall'] = $filters['quickFilter']; - if (!empty($filters['value'])) { - unset($filters['value']); - } - } - if (isset($filters['searchall'])) { - if (!empty($filters['value'])) { - $filters['wildcard'] = $filters['value']; - } else { - $filters['wildcard'] = $filters['searchall']; - } - } - - if (isset($filters['tag']) and !isset($filters['tags'])) { - $filters['tags'] = $filters['tag']; - } - $subqueryElements = $this->harvestSubqueryElements($filters); - $filters = $this->addFiltersFromSubqueryElements($filters, $subqueryElements, $user); $filters = $this->addFiltersFromUserSettings($user, $filters); if (empty($exportTool->mock_query_only)) { $filters['include_attribute_count'] = 1; $eventid = $this->filterEventIds($user, $filters, $elementCounter); $eventCount = count($eventid); - $eventids_chunked = $this->__clusterEventIds($exportTool, $eventid); + $eventids_chunked = $this->clusterEventIds($exportTool, $eventid); unset($eventid); } else { $eventids_chunked = array(); @@ -7188,9 +7198,6 @@ class Event extends AppModel $tmpfile = new TmpFileTool(); $tmpfile->write($exportTool->header($exportToolParams)); $i = 0; - if (!empty($filters['withAttachments'])) { - $filters['includeAttachments'] = 1; - } $this->Allowedlist = ClassRegistry::init('Allowedlist'); $separator = $exportTool->separator($exportToolParams); unset($filters['page']); @@ -7229,7 +7236,7 @@ class Event extends AppModel * Chunk them by the attribute count to fit the memory limits * */ - private function __clusterEventIds($exportTool, $eventIds) + public function clusterEventIds($exportTool, $eventIds) { $memory_in_mb = $this->Attribute->convert_to_memory_limit_to_mb(ini_get('memory_limit')); $default_attribute_memory_coefficient = Configure::check('MISP.default_attribute_memory_coefficient') ? Configure::read('MISP.default_attribute_memory_coefficient') : 80; diff --git a/app/Model/TaxiiServer.php b/app/Model/TaxiiServer.php new file mode 100644 index 000000000..ce7565fd7 --- /dev/null +++ b/app/Model/TaxiiServer.php @@ -0,0 +1,125 @@ + [ + 'roleModel' => 'Role', + 'roleKey' => 'role_id', + 'change' => 'full' + ], + 'Containable' + ]; + + public function pushRouter($id, $user) + { + if (Configure::read('MISP.background_jobs')) { + /** @var Job $job */ + $job = ClassRegistry::init('Job'); + $jobId = $job->createJob($user, Job::WORKER_DEFAULT, 'push_taxii', "Taxii Server ID: $id", 'Pushing.'); + + return $this->getBackgroundJobsTool()->enqueue( + BackgroundJobsTool::DEFAULT_QUEUE, + BackgroundJobsTool::CMD_SERVER, + [ + 'push_taxii', + $user['id'], + $id, + $jobId + ], + true, + $jobId + ); + } + + return $this->push($id, $user); + } + + public function push($id, $user, $jobId = null) + { + $this->Event = ClassRegistry::init('Event'); + $taxii_server = $this->find('first', [ + 'recursive' => -1, + 'conditions' => ['TaxiiServer.id' => $id] + ]); + $filters = $this->__setPushFilters($taxii_server); + + $eventid = $this->Event->filterEventIds($user, $filters, $elementCounter); + $eventCount = count($eventid); + + $attribute_coefficient = Configure::check('MISP.default_attribute_memory_coefficient') ? Configure::read('MISP.default_attribute_memory_coefficient') : 80; + + $exportTool = ['memory_scaling_factor' => $attribute_coefficient]; + $eventids_chunked = $this->Event->clusterEventIds($exportTool, $eventid); + $i = 1; + $this->Allowedlist = ClassRegistry::init('Allowedlist'); + foreach ($eventids_chunked as $eventids) { + $this->__pushEvents($user, $taxii_server, $filters, $eventids, $i, $jobId, $eventCount); + } + unset($eventid); + } + + private function __setPushFilters($taxii_server) + { + $filters = empty($taxii_server['TaxiiServer']['filters']) ? [] : json_decode($taxii_server['TaxiiServer']['filters'], true); + $filters['include_attribute_count'] = 1; + return $filters; + } + + private function __pushEvents($user, $taxii_server, $filters, $eventids, &$i, $jobId = null, $eventCount) + { + $filters['eventid'] = $eventids; + if (!empty($filters['tags']['NOT'])) { + $filters['blockedAttributeTags'] = $filters['tags']['NOT']; + unset($filters['tags']['NOT']); + } + $result = $this->Event->fetchEvent($user, $filters, true); + $result = $this->Allowedlist->removeAllowedlistedFromArray($result, false); + $temporaryFolder = $this->temporaryFolder(); + foreach ($result as $event) { + $temporaryFile = $this->temporaryFile($temporaryFolder); + $temporaryFile->write(json_encode($event)); + $temporaryFile->close(); + if ($jobId && $i % 10 == 0) { + $this->Job->saveField('progress', intval((100 * $i) / $eventCount)); + $this->Job->saveField('message', 'Pushing Event ' . $i . '/' . $eventCount . '.'); + } + $i++; + } + // execute python script here!!! + $scriptFile = APP . 'files/scripts/taxii/taxii_push.py'; + $command = [ + ProcessTool::pythonBin(), + $scriptFile, + '--dir', $temporaryFolder['dir']->path, + '--api_root', $taxii_server['TaxiiServer']['api_root'] + ]; + $result = ProcessTool::execute($command, null, true); + $temporaryFolder->delete(); + $this->Job->saveField('progress', 100); + $this->Job->saveField('message', 'Done, pushed ' . $i . ' events to TAXII server.'); + } + + private function temporaryFolder() + { + $tmpDir = Configure::check('MISP.tmpdir') ? Configure::read('MISP.tmpdir') : '/tmp'; + $random = (new RandomTool())->random_str(true, 12); + $dir = new Folder($tmpDir . '/Taxii/' . $random, true); + return [ + 'random' => $random, + 'dir' => $dir + ]; + } + + private function temporaryFile($temporaryFolder) + { + $random = (new RandomTool())->random_str(true, 12); + return new File($temporaryFolder['dir']->path . '/' . $random . '.json', true, 0644); + } +} diff --git a/app/View/Elements/global_menu.ctp b/app/View/Elements/global_menu.ctp index 2793797a6..21bef5a03 100755 --- a/app/View/Elements/global_menu.ctp +++ b/app/View/Elements/global_menu.ctp @@ -314,6 +314,11 @@ 'url' => $baseurl . '/cerebrates/index', 'requirement' => $canAccess('cerebrates', 'index'), ), + array( + 'text' => __('List Taxii Servers'), + 'url' => $baseurl . '/TaxiiServers/index', + 'requirement' => $canAccess('taxiiServers', 'index'), + ), array( 'text' => __('Event ID translator'), 'url' => '/servers/idTranslator', diff --git a/app/View/TaxiiServers/add.ctp b/app/View/TaxiiServers/add.ctp new file mode 100644 index 000000000..b9b17903b --- /dev/null +++ b/app/View/TaxiiServers/add.ctp @@ -0,0 +1,44 @@ +request->params['action'] === 'edit' ? true : false; +$fields = [ + [ + 'field' => 'name', + 'class' => 'span6' + ], + [ + 'field' => 'owner', + 'class' => 'span6' + ], + [ + 'field' => 'api_root', + 'class' => 'span6' + ], + [ + 'field' => 'description', + 'type' => 'textarea', + 'class' => 'input span6' + ], + [ + 'field' => 'filters', + 'label' => 'Filter Rules (restsearch JSON)', + 'type' => 'textarea', + 'class' => 'input span6' + ] +]; +echo $this->element('genericElements/Form/genericForm', [ + 'data' => [ + 'description' => false, + 'model' => 'TaxiiServer', + 'title' => $edit ? __('Edit TAXII Server connection') : __('Add TAXII Server connection'), + 'fields' => $fields, + 'submit' => [ + 'action' => $this->request->params['action'], + 'ajaxSubmit' => 'submitGenericFormInPlace();' + ] + ] +]); + +if (!$ajax) { + echo $this->element('/genericElements/SideMenu/side_menu', $menuData); +} diff --git a/app/View/TaxiiServers/index.ctp b/app/View/TaxiiServers/index.ctp new file mode 100644 index 000000000..a6218f862 --- /dev/null +++ b/app/View/TaxiiServers/index.ctp @@ -0,0 +1,90 @@ +element('genericElements/IndexTable/scaffold', [ + 'scaffold_data' => [ + 'data' => [ + 'data' => $data, + 'top_bar' => [ + 'pull' => 'right', + 'children' => [ + [ + 'type' => 'simple', + 'children' => [ + 'data' => [ + 'type' => 'simple', + 'text' => __('Add TaxiiServer'), + 'class' => 'btn btn-primary', + 'onClick' => 'openGenericModal', + 'onClickParams' => [ + sprintf( + '%s/taxiiServers/add', + $baseurl + ) + ] + ] + ] + ], + [ + 'type' => 'search', + 'button' => __('Filter'), + 'placeholder' => __('Enter value to search'), + 'data' => '', + 'searchKey' => 'quickFilter' + ] + ] + ], + 'fields' => [ + [ + 'name' => __('Id'), + 'sort' => 'TaxiiServer.id', + 'data_path' => 'TaxiiServer.id' + ], + [ + 'name' => __('Name'), + 'sort' => 'TaxiiServer.name', + 'data_path' => 'TaxiiServer.name' + ], + [ + 'name' => __('API root'), + 'sort' => 'TaxiiServer.api_root', + 'data_path' => 'TaxiiServer.api_root' + ], + [ + 'name' => __('Filters'), + 'sort' => 'TaxiiServer.filters', + 'data_path' => 'TaxiiServer.filters', + 'type' => 'json' + ], + [ + 'name' => __('Description'), + 'sort' => 'TaxiiServer.description', + 'data_path' => 'TaxiiServer.description' + ] + ], + 'title' => empty($ajax) ? __('Linked Taxii Servers') : false, + 'description' => empty($ajax) ? __('You can connect your MISP to one or several Taxii servers to push data to using a set of filters.') : false, + 'actions' => [ + [ + 'onclick' => sprintf( + 'openGenericModal(\'%s/taxiiServers/push/[onclick_params_data_path]\');', + $baseurl + ), + 'onclick_params_data_path' => 'TaxiiServer.id', + 'title' => __('Pull all filtered data to TAXII server'), + 'icon' => 'upload' + ], + [ + 'url' => $baseurl . '/taxiiServers/edit', + 'url_params_data_paths' => ['TaxiiServer.id'], + 'icon' => 'edit' + ], + [ + 'url' => $baseurl . '/taxiiServers/delete', + 'url_params_data_paths' => ['TaxiiServer.id'], + 'icon' => 'trash' + ], + ] + ] + ] + ]); + +?> diff --git a/app/View/TaxiiServers/view.ctp b/app/View/TaxiiServers/view.ctp new file mode 100644 index 000000000..6ebaa1af9 --- /dev/null +++ b/app/View/TaxiiServers/view.ctp @@ -0,0 +1,68 @@ +element( + 'genericElements/SingleViews/single_view', + [ + 'title' => 'Cerebrate view', + 'data' => $data, + 'fields' => [ + [ + 'key' => __('Id'), + 'path' => 'Cerebrate.id' + ], + [ + 'key' => __('Name'), + 'path' => 'Cerebrate.name' + ], + [ + 'key' => __('URL'), + 'path' => 'Cerebrate.url', + 'url' => '{{0}}', + 'url_vars' => ['Cerebrate.url'] + ], + [ + 'key' => __('Owner Organisation'), + 'path' => 'Cerebrate.org_id', + 'pathName' => 'Organisation.name', + 'type' => 'model', + 'model' => 'organisations' + ], + [ + 'key' => __('Description'), + 'path' => 'Cerebrate.description' + ], + ], + 'side_panels' => [ + [ + 'type' => 'logo', + 'source' => '/img/cerebrate.png', + 'url' => 'https://github.com/cerebrate-project/cerebrate', + 'title' => __('The Cerebrate Project'), + 'img' => [ + 'css' => [ + 'width' => '150px', + 'height' => '150px' + ], + ], + 'div' => [ + 'css' => [ + 'text-align' => 'right' + ] + ] + ] + ], + 'children' => [ + [ + 'url' => '/cerebrates/preview_orgs/{{0}}/', + 'url_params' => ['Cerebrate.id'], + 'title' => __('Organisations'), + 'elementId' => 'preview_orgs_container' + ], + [ + 'url' => '/cerebrates/preview_sharing_groups/{{0}}/', + 'url_params' => ['Cerebrate.id'], + 'title' => __('Sharing Groups'), + 'elementId' => 'preview_sgs_container' + ], + ] + ] +); From ad2c6ef054a34c4917f1aacc752725829feae620 Mon Sep 17 00:00:00 2001 From: Andras Iklody Date: Wed, 16 Feb 2022 17:15:58 +0100 Subject: [PATCH 002/698] new: [docs] added taxii flowchart --- docs/taxii.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 docs/taxii.md diff --git a/docs/taxii.md b/docs/taxii.md new file mode 100644 index 000000000..651173180 --- /dev/null +++ b/docs/taxii.md @@ -0,0 +1,17 @@ +```mermaid +graph TD; + create_random_dir-->taxii_push + taxii_push-->read_filters + read_filters-->create_chunk_size_envelope + create_chunk_size_envelope-->chunk_loop + chunk_loop-->fetchEvent + fetchEvent-->save_to_random_dir + save_to_random_dir-->chunk_loop + chunk_loop-->execute_taxii_script + execute_taxii_script-->read_random_dir_contents + read_random_dir_contents-->loop_files + loop_files-->read_file + read_file-->convert_to_stix + convert_to_stix-->push_to_taxii + push_to_taxii-->loop_files + ``` From 15ba5489ff90ef18e448eaed576ae664c71b13b6 Mon Sep 17 00:00:00 2001 From: Andras Iklody Date: Wed, 16 Feb 2022 17:17:49 +0100 Subject: [PATCH 003/698] fix: [docs] small change --- docs/taxii.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/taxii.md b/docs/taxii.md index 651173180..243a6371c 100644 --- a/docs/taxii.md +++ b/docs/taxii.md @@ -14,4 +14,5 @@ graph TD; read_file-->convert_to_stix convert_to_stix-->push_to_taxii push_to_taxii-->loop_files + push_to_taxii-->remove_random_dir ``` From b0d9265e859a2001e142a9f9b906be3deda20c83 Mon Sep 17 00:00:00 2001 From: Michael Chisholm Date: Fri, 18 Feb 2022 22:19:49 -0500 Subject: [PATCH 004/698] Initial commit of script to push MISP content to a TAXII 2.1 server. --- app/files/scripts/taxii/taxii_push.py | 425 ++++++++++++++++++++++++++ 1 file changed, 425 insertions(+) create mode 100644 app/files/scripts/taxii/taxii_push.py diff --git a/app/files/scripts/taxii/taxii_push.py b/app/files/scripts/taxii/taxii_push.py new file mode 100644 index 000000000..b625637a3 --- /dev/null +++ b/app/files/scripts/taxii/taxii_push.py @@ -0,0 +1,425 @@ +""" +Read MISP JSON content from files in a directory, convert it to STIX, and +push the content to a TAXII server. +""" +import argparse +import logging +import logging.config +import misp_stix_converter +import pathlib +import sys +import taxii2client +import urllib.parse + + +# Name of the logger to use for this application +_LOGGER_NAME = "taxii_push" + + +# Surely no multi-byte encodings here, but better safe than sorry. +_TAXII_ENVELOPE_PREFIX = '{"objects":['.encode("utf-8") +_TAXII_ENVELOPE_SUFFIX = "]}".encode("utf-8") +_TAXII_ENVELOPE_COMMA = ",".encode("utf-8") + + +class FileProcessingError(Exception): + """ + Instances represent an error encountered while processing a specific + MISP JSON file. + """ + def __init__(self, filepath, description): + + message = "{}: {}".format( + filepath, description + ) + + super().__init__(message) + + self.filepath = filepath + + +def setup_logging(log_level=logging.WARNING): + """ + Creates and applies a logging configuration. + + :param log_level: A logging level. Defaults to warning. May be the level + value as an int, or its name as a string. Strings are checked case- + sensitively against registered level names. + """ + + # A simple made-up config. Customize to taste. + logging_config = { + "version": 1, + + "formatters": { + "simple_format": { + "format": "%(name)s [%(levelname)s] %(message)s", + } + }, + + "handlers": { + "simple_stream": { + "class": "logging.StreamHandler", + "formatter": "simple_format" + } + }, + + # We don't necessarily log via the root logger, but the logging records + # propagate here anyway. Its handlers will act as a catch-all for all + # logging records. + "root": { + "level": log_level, + "handlers": ["simple_stream"] + }, + + # Maybe we let existing loggers continue to work, e.g. anything used + # by dependency libraries? + "disable_existing_loggers": False + } + + logging.config.dictConfig(logging_config) + + +def parse_args(): + """ + Configure expected commandline parameters and process them. + """ + parser = argparse.ArgumentParser( + description="Translate MISP content to STIX 2.1 and push it to a TAXII" + " 2.1 server.", + epilog="This tool reads all files from the given directory and assumes" + " they contain JSON, not just those named as *.json." + ) + + parser.add_argument( + "--dir", + help="A directory with files containing JSON MISP events.", + type=pathlib.Path, + required=True + ) + + parser.add_argument( + "--api_root", + help="A URL to a TAXII 2.1 collection to push content to (we" + " need a collection URL at minimum, not an API root)", + required=True + ) + + parser.add_argument( + "--log_level", + help="Set logging verbosity level. Default: %(default)s", + choices=[ + "fatal", + "error", + "warning", + "info", + "debug" + ], + default="warning" + ) + + args = parser.parse_args() + + return args + + +def api_root_from_collection_url(collection_url): + """ + Strip path components off the end of the path portion of the given TAXII + collection URL, to obtain the API root URL. A TAXII collection URL path + ought to have the form: + + /collections// + + So we want to strip off the last two components. Only the very simplest + sanity check is done on the given URL path. + + :param collection_url: A TAXII collection URL. + :return: The API root URL, or None if it could not be found. + """ + collection_url_parts = urllib.parse.urlparse(collection_url) + + # The "collections//" part ought to have a fixed length, + # since all UUID's have a fixed length (36 chars). And + # len("collections") == 11. + # + # The URL paths are supposed to end with "/", but be robust if they don't. + if collection_url_parts.path.endswith("/"): + suffix_size = 49 + else: + suffix_size = 48 + + if len(collection_url_parts.path) < suffix_size: + api_root_url = None + + else: + api_root_path = collection_url_parts.path[:-suffix_size] + + api_root_url_parts = collection_url_parts[:2] \ + + (api_root_path,) + \ + collection_url_parts[3:] + + api_root_url = urllib.parse.urlunparse(api_root_url_parts) + + return api_root_url + + +def log_status_failures(status): + """ + Log some failure information from a TAXII status resource. + + :param status: A Status resource object of the taxii2-client library with + a non-zero failure count. + """ + log = logging.getLogger(_LOGGER_NAME) + + log.error( + "The TAXII server failed to process some objects (%d failures%s)!", + status.failure_count, + # Be clear about whether processing has completed at this + # point or not. + " so far" if status.status == "pending" else "" + ) + + # If there are a large number of objects, there could be a large number of + # failures. Let's log failure messages at a more verbose logging level. + if log.isEnabledFor(logging.DEBUG): + for failure_details in status.failures: + log.debug( + "%s/%s: %s", + failure_details["id"], + failure_details["version"], + # "message" property is optional + failure_details.get("message", "") + ) + + +def push_taxii_envelope(taxii_collection, taxii_envelope_bytes): + """ + Post the given TAXII envelope to the given collection. + + :param taxii_collection: A taxii2client Collection instance + :param taxii_envelope_bytes: A bytes/bytearray object containing the TAXII + envelope payload for the request + """ + + # Maybe taxii2client should have been written to accept bytearrays... + if isinstance(taxii_envelope_bytes, bytearray): + taxii_envelope_bytes = bytes(taxii_envelope_bytes) + + # Shall we wait for completion, or just fire-and-forget? Maybe waiting + # would take too long. Note that even if we choose not to wait for + # completion, it's a server implementation detail whether any asynchronous + # processing is actually done. It may always process all objects before + # returning anyway. + status = taxii_collection.add_objects( + taxii_envelope_bytes, + wait_for_completion=False + ) + + # We will get an immediate TAXII status resource even if not waiting for + # completion. It may simply say that the adds are still pending and not + # give us much more information. But it may also indicate some failures. + # If we know of any failures at this point, let's log that. + if status.failure_count: + log_status_failures(status) + + +def make_taxii_envelopes(stix_objects, max_content_length): + """ + Generate TAXII envelopes containing the given STIX objects, such that + no envelope size exceeds max_content_length. The envelopes generated + will be bytearrays, and max_content_length is a byte count. + + :param stix_objects: An iterable of stix objects, where each stix object + is an instance of a registered stix2 library class (it needs a + serialize() method to produce JSON). + :param max_content_length: The max TAXII envelope size, in bytes + """ + log = logging.getLogger(_LOGGER_NAME) + + taxii_envelope_bytes = bytearray(_TAXII_ENVELOPE_PREFIX) + + # This won't force us to consume an object on every loop iteration. + # I think the code might be a bit simpler this way... + stix_objects = iter(stix_objects) # ensure we have an iterator + stix_object = next(stix_objects, None) + + # in a TAXII envelope, should we add a comma before a new object? + first_in_envelope = True + + while stix_object: + + stix_object_json = stix_object.serialize() + stix_object_json_bytes = stix_object_json.encode("utf-8") + + # resulting envelope size if we were to add this object and close the + # envelope. + new_envelope_len = len(taxii_envelope_bytes) \ + + len(stix_object_json_bytes) \ + + len(_TAXII_ENVELOPE_SUFFIX) + + if not first_in_envelope: + new_envelope_len += len(_TAXII_ENVELOPE_COMMA) + + if new_envelope_len > max_content_length: + # New envelope would be too large. If we are on the first object, + # we have a problem. We have a single STIX object which is so + # large it can't be posted to the server! Maybe we just skip that + # one and continue? + if first_in_envelope: + log.error( + "STIX object %s is too large to be posted to the TAXII" + " server! Object size: %d, TAXII envelope size: %d," + " API root max content length: %d bytes", + stix_object["id"], + len(stix_object_json_bytes), + new_envelope_len, + max_content_length + ) + + stix_object = next(stix_objects, None) + + else: + # Yield our current envelope and start a fresh one. + taxii_envelope_bytes += _TAXII_ENVELOPE_SUFFIX + + yield taxii_envelope_bytes + + taxii_envelope_bytes.clear() + taxii_envelope_bytes += _TAXII_ENVELOPE_PREFIX + first_in_envelope = True + # ... and we will not consume stix_object. It can be + # checked for size as normal on the next iteration. This + # is where not forcing us to consume the object helps us + # out. It will be re-serialized though... + + else: + # We can fit another object in the TAXII envelope without + # exceeding the limit. + if not first_in_envelope: + taxii_envelope_bytes += _TAXII_ENVELOPE_COMMA + + taxii_envelope_bytes += stix_object_json_bytes + first_in_envelope = False + + stix_object = next(stix_objects, None) + + # Push any remaining objects + if not first_in_envelope: + taxii_envelope_bytes += _TAXII_ENVELOPE_SUFFIX + yield taxii_envelope_bytes + + +def convert_misp_file(misp_file): + """ + Convert the given MISP file to STIX 2.1. + + :param misp_file: A path to a file with a MISP event in it. May be + a string or a pathlib path object. + :return: A STIX 2.1 bundle object + """ + log = logging.getLogger(_LOGGER_NAME) + + converter = misp_stix_converter.MISPtoSTIX21Parser() + converter.parse_json_content(str(misp_file)) + + # Log conversion warnings as warnings; errors as errors? + if log.isEnabledFor(logging.WARNING): + for id_, messages in converter.warnings.items(): + for message in messages: + log.warning("STIX conversion: %s: %s", id_, message) + + if log.isEnabledFor(logging.ERROR): + for id_, messages in converter.errors.items(): + for message in messages: + log.error("STIX conversion: %s: %s", id_, message) + + return converter.bundle + + +def convert_misp_dir(content_dir): + """ + Convert all MISP files in the given directory to STIX 2.1, and generate + each converted STIX object one at a time. + + :param content_dir: The directory to process for MISP content. + """ + log = logging.getLogger(_LOGGER_NAME) + + for event_file in content_dir.iterdir(): + try: + + if event_file.is_file(): + log.info("Processing: %s", event_file) + + stix_bundle = convert_misp_file(event_file) + + yield from stix_bundle.objects + + except Exception as e: + # Wrap errors occurring with a specific file with an exception + # type which tracks the file name. It hopefully makes for + # better error messages. + raise FileProcessingError(event_file, str(e)) from e + + +def push_content(content_dir, collection_url): + """ + Push MISP content from files in the given directory, to a TAXII 2.1 server. + This will translate each MISP event to STIX 2.1. + + :param content_dir: A directory with JSON files containing MISP content. + :param collection_url: A TAXII 2.1 collection URL + """ + + log = logging.getLogger(_LOGGER_NAME) + + api_root_url = api_root_from_collection_url(collection_url) + if not api_root_url: + raise ValueError( + "Could not compute API root URL from: " + collection_url + ) + + with taxii2client.ApiRoot(api_root_url) as api_root: + max_content_length = api_root.max_content_length + + log.debug( + "max content length for API root %s: %d", + api_root_url, max_content_length + ) + + all_stix_objects = convert_misp_dir(content_dir) + + with taxii2client.Collection(collection_url) as taxii_collection: + + for taxii_envelope_bytes in make_taxii_envelopes( + all_stix_objects, max_content_length + ): + push_taxii_envelope(taxii_collection, taxii_envelope_bytes) + + +def main(): + args = parse_args() + + setup_logging(args.log_level.upper()) + log = logging.getLogger(_LOGGER_NAME) + + try: + + push_content(args.dir, args.api_root) + + except Exception: + log.fatal( + "An error occurred!", exc_info=True + ) + exit_status = 1 + + else: + exit_status = 0 + + return exit_status + + +if __name__ == "__main__": + sys.exit(main()) From 386d48455a23d4f0524187c08e89d76ca9537a18 Mon Sep 17 00:00:00 2001 From: Michael Chisholm Date: Mon, 21 Feb 2022 20:40:51 -0500 Subject: [PATCH 005/698] Change --api_root commandline parameter to --collection, since a TAXII collection URL is required as a target to push STIX content to. --- app/files/scripts/taxii/taxii_push.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/app/files/scripts/taxii/taxii_push.py b/app/files/scripts/taxii/taxii_push.py index b625637a3..9efe3a13f 100644 --- a/app/files/scripts/taxii/taxii_push.py +++ b/app/files/scripts/taxii/taxii_push.py @@ -99,9 +99,8 @@ def parse_args(): ) parser.add_argument( - "--api_root", - help="A URL to a TAXII 2.1 collection to push content to (we" - " need a collection URL at minimum, not an API root)", + "--collection", + help="A URL to a TAXII 2.1 collection to push content to", required=True ) @@ -407,7 +406,7 @@ def main(): try: - push_content(args.dir, args.api_root) + push_content(args.dir, args.collection) except Exception: log.fatal( From d923fe23aa50d5fa313441cfc4f88edff02905ff Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 14 Jan 2022 14:54:39 +0100 Subject: [PATCH 006/698] new: [taxii integration] wip - all MISP side code implemented for being able to have filtered pushes - still missing proper result handling as we need a working test implementation of the python scripts first - some assumptions made that need to be revisited --- app/Console/Command/ServerShell.php | 36 ++++++- app/Controller/TaxiiServersController.php | 104 ++++++++++++++++++ app/Model/Event.php | 83 +++++++------- app/Model/TaxiiServer.php | 125 ++++++++++++++++++++++ app/View/Elements/global_menu.ctp | 5 + app/View/TaxiiServers/add.ctp | 44 ++++++++ app/View/TaxiiServers/index.ctp | 90 ++++++++++++++++ app/View/TaxiiServers/view.ctp | 68 ++++++++++++ 8 files changed, 516 insertions(+), 39 deletions(-) create mode 100644 app/Controller/TaxiiServersController.php create mode 100644 app/Model/TaxiiServer.php create mode 100644 app/View/TaxiiServers/add.ctp create mode 100644 app/View/TaxiiServers/index.ctp create mode 100644 app/View/TaxiiServers/view.ctp diff --git a/app/Console/Command/ServerShell.php b/app/Console/Command/ServerShell.php index 58d7fdfe3..cab493230 100644 --- a/app/Console/Command/ServerShell.php +++ b/app/Console/Command/ServerShell.php @@ -12,7 +12,7 @@ require_once 'AppShell.php'; */ class ServerShell extends AppShell { - public $uses = array('Server', 'Task', 'Job', 'User', 'Feed'); + public $uses = array('Server', 'Task', 'Job', 'User', 'Feed', 'TaxiiServer'); public function list() { @@ -617,4 +617,38 @@ class ServerShell extends AppShell } return $this->BackgroundJobsTool; } + + public function push_taxii() + { + if (empty($this->args[0]) || empty($this->args[1])) { + die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['Push Taxii'] . PHP_EOL); + } + + $userId = $this->args[0]; + $user = $this->getUser($userId); + $serverId = $this->args[1]; + if (!empty($this->args[3])) { + $jobId = $this->args[3]; + } else { + $jobId = $this->Job->createJob($user, Job::WORKER_DEFAULT, 'push_taxii', 'Server: ' . $serverId, 'Pushing.'); + } + $this->Job->read(null, $jobId); + + $result = $this->TaxiiServer->push($serverId, $technique, $jobId, $HttpSocket, $user); + + if ($result !== true && !is_array($result)) { + $message = 'Job failed. Reason: ' . $result; + $this->Job->saveStatus($jobId, false, $message); + } else { + $message = 'Job done.'; + $this->Job->saveStatus($jobId, true, $message); + } + + if (isset($this->args[4])) { + $this->Task->id = $this->args[5]; + $message = 'Job(s) started at ' . date('d/m/Y - H:i:s') . '.'; + $this->Task->saveField('message', $message); + echo $message . PHP_EOL; + } + } } diff --git a/app/Controller/TaxiiServersController.php b/app/Controller/TaxiiServersController.php new file mode 100644 index 000000000..ab0408f6e --- /dev/null +++ b/app/Controller/TaxiiServersController.php @@ -0,0 +1,104 @@ + 60, + 'maxLimit' => 9999 + ); + + public function index() + { + $params = [ + 'filters' => ['name', 'url', 'uuid'], + 'quickFilters' => ['name'] + ]; + $this->CRUD->index($params); + if ($this->IndexFilter->isRest()) { + return $this->restResponsePayload; + } + $this->set('menuData', array('menuList' => 'sync', 'menuItem' => 'list_taxii')); + } + + public function add() + { + $params = []; + $this->CRUD->add($params); + if ($this->restResponsePayload) { + return $this->restResponsePayload; + } + $dropdownData = []; + $this->set(compact('dropdownData')); + $this->set('menuData', array('menuList' => 'sync', 'menuItem' => 'add_taxii')); + } + + public function edit($id) + { + $this->set('menuData', array('menuList' => 'sync', 'menuItem' => 'edit_taxii')); + $this->set('id', $id); + $params = []; + $this->CRUD->edit($id, $params); + if ($this->IndexFilter->isRest()) { + return $this->restResponsePayload; + } + $dropdownData = []; + $this->set(compact('dropdownData')); + $this->render('add'); + } + + public function delete($id) + { + $this->CRUD->delete($id); + if ($this->IndexFilter->isRest()) { + return $this->restResponsePayload; + } + } + + public function view($id) + { + $this->set('menuData', ['menuList' => 'sync', 'menuItem' => 'view_taxii']); + $this->CRUD->view($id); + if ($this->IndexFilter->isRest()) { + return $this->restResponsePayload; + } + $this->set('id', $id); + } + + public function push($id) + { + $this->set('menuData', ['menuList' => 'sync', 'menuItem' => 'push_taxii']); + $taxii_server = $this->TaxiiServer->find('first', [ + 'recursive' => -1, + 'conditions' => ['TaxiiServer.id' => $id] + ]); + if (empty($taxii_server)) { + throw new NotFoundException(__('Invalid Taxii Server ID provided.')); + } + + if ($this->request->is('post')) { + $result = $this->TaxiiServer->pushRouter($taxii_server['TaxiiServer']['id'], $this->Auth->user()); + $message = __('Taxii push initiated.'); + if ($this->_isRest()) { + return $this->RestResponse->saveSuccessResponse('TaxiiServers', 'push', $id, false, $message); + } else { + $this->Flash->success($message); + $this->redirect($this->referer()); + } + } else { + $this->set('id', $taxii_server['TaxiiServer']['id']); + $this->set('title', __('Push data to TAXII server')); + $this->set('question', __('Are you sure you want to Push data as configured in the filters to the TAXII server?')); + $this->set('actionName', __('Push')); + $this->layout = 'ajax'; + $this->render('/genericTemplates/confirm'); + } + } +} diff --git a/app/Model/Event.php b/app/Model/Event.php index 5278e700f..5adc72227 100755 --- a/app/Model/Event.php +++ b/app/Model/Event.php @@ -6897,6 +6897,47 @@ class Event extends AppModel } } + + public function restSearchFilterMassage($filters, $non_restrictive_export) + { + if (!empty($filters['ignore'])) { + $filters['to_ids'] = array(0, 1); + $filters['published'] = array(0, 1); + } + if (!empty($filters['quickFilter'])) { + $filters['searchall'] = $filters['quickFilter']; + if (!empty($filters['value'])) { + unset($filters['value']); + } + } + if (isset($filters['searchall'])) { + if (!empty($filters['value'])) { + $filters['wildcard'] = $filters['value']; + } else { + $filters['wildcard'] = $filters['searchall']; + } + } + + if (isset($filters['tag']) and !isset($filters['tags'])) { + $filters['tags'] = $filters['tag']; + } + if (!empty($filters['withAttachments'])) { + $filters['includeAttachments'] = 1; + } + if (empty($non_restrictive_export)) { + if (!isset($filters['to_ids'])) { + $filters['to_ids'] = 1; + } + if (!isset($filters['published'])) { + $filters['published'] = 1; + } + $filters['allow_proposal_blocking'] = 1; + } + $subqueryElements = $this->harvestSubqueryElements($filters); + $filters = $this->addFiltersFromSubqueryElements($filters, $subqueryElements, $user); + return $filters; + } + /** * @param array $user * @param string $returnFormat @@ -6925,49 +6966,18 @@ class Event extends AppModel $exportTool->setDefaultFilters($filters); } - if (empty($exportTool->non_restrictive_export)) { - if (!isset($filters['to_ids'])) { - $filters['to_ids'] = 1; - } - if (!isset($filters['published'])) { - $filters['published'] = 1; - } - $filters['allow_proposal_blocking'] = 1; - } - if (!empty($exportTool->renderView)) { $renderView = $exportTool->renderView; } + $non_restrictive_export = !empty($exportTool->non_restrictive_export); + $filters = $this->restSearchFilterMassage($filters, $non_restrictive_export); - if (!empty($filters['ignore'])) { - $filters['to_ids'] = array(0, 1); - $filters['published'] = array(0, 1); - } - if (!empty($filters['quickFilter'])) { - $filters['searchall'] = $filters['quickFilter']; - if (!empty($filters['value'])) { - unset($filters['value']); - } - } - if (isset($filters['searchall'])) { - if (!empty($filters['value'])) { - $filters['wildcard'] = $filters['value']; - } else { - $filters['wildcard'] = $filters['searchall']; - } - } - - if (isset($filters['tag']) and !isset($filters['tags'])) { - $filters['tags'] = $filters['tag']; - } - $subqueryElements = $this->harvestSubqueryElements($filters); - $filters = $this->addFiltersFromSubqueryElements($filters, $subqueryElements, $user); $filters = $this->addFiltersFromUserSettings($user, $filters); if (empty($exportTool->mock_query_only)) { $filters['include_attribute_count'] = 1; $eventid = $this->filterEventIds($user, $filters, $elementCounter); $eventCount = count($eventid); - $eventids_chunked = $this->__clusterEventIds($exportTool, $eventid); + $eventids_chunked = $this->clusterEventIds($exportTool, $eventid); unset($eventid); } else { $eventids_chunked = array(); @@ -6993,9 +7003,6 @@ class Event extends AppModel $tmpfile = new TmpFileTool(); $tmpfile->write($exportTool->header($exportToolParams)); $i = 0; - if (!empty($filters['withAttachments'])) { - $filters['includeAttachments'] = 1; - } $this->Allowedlist = ClassRegistry::init('Allowedlist'); $separator = $exportTool->separator($exportToolParams); unset($filters['page']); @@ -7034,7 +7041,7 @@ class Event extends AppModel * Chunk them by the attribute count to fit the memory limits * */ - private function __clusterEventIds($exportTool, $eventIds) + public function clusterEventIds($exportTool, $eventIds) { $memory_in_mb = $this->Attribute->convert_to_memory_limit_to_mb(ini_get('memory_limit')); $default_attribute_memory_coefficient = Configure::check('MISP.default_attribute_memory_coefficient') ? Configure::read('MISP.default_attribute_memory_coefficient') : 80; diff --git a/app/Model/TaxiiServer.php b/app/Model/TaxiiServer.php new file mode 100644 index 000000000..ce7565fd7 --- /dev/null +++ b/app/Model/TaxiiServer.php @@ -0,0 +1,125 @@ + [ + 'roleModel' => 'Role', + 'roleKey' => 'role_id', + 'change' => 'full' + ], + 'Containable' + ]; + + public function pushRouter($id, $user) + { + if (Configure::read('MISP.background_jobs')) { + /** @var Job $job */ + $job = ClassRegistry::init('Job'); + $jobId = $job->createJob($user, Job::WORKER_DEFAULT, 'push_taxii', "Taxii Server ID: $id", 'Pushing.'); + + return $this->getBackgroundJobsTool()->enqueue( + BackgroundJobsTool::DEFAULT_QUEUE, + BackgroundJobsTool::CMD_SERVER, + [ + 'push_taxii', + $user['id'], + $id, + $jobId + ], + true, + $jobId + ); + } + + return $this->push($id, $user); + } + + public function push($id, $user, $jobId = null) + { + $this->Event = ClassRegistry::init('Event'); + $taxii_server = $this->find('first', [ + 'recursive' => -1, + 'conditions' => ['TaxiiServer.id' => $id] + ]); + $filters = $this->__setPushFilters($taxii_server); + + $eventid = $this->Event->filterEventIds($user, $filters, $elementCounter); + $eventCount = count($eventid); + + $attribute_coefficient = Configure::check('MISP.default_attribute_memory_coefficient') ? Configure::read('MISP.default_attribute_memory_coefficient') : 80; + + $exportTool = ['memory_scaling_factor' => $attribute_coefficient]; + $eventids_chunked = $this->Event->clusterEventIds($exportTool, $eventid); + $i = 1; + $this->Allowedlist = ClassRegistry::init('Allowedlist'); + foreach ($eventids_chunked as $eventids) { + $this->__pushEvents($user, $taxii_server, $filters, $eventids, $i, $jobId, $eventCount); + } + unset($eventid); + } + + private function __setPushFilters($taxii_server) + { + $filters = empty($taxii_server['TaxiiServer']['filters']) ? [] : json_decode($taxii_server['TaxiiServer']['filters'], true); + $filters['include_attribute_count'] = 1; + return $filters; + } + + private function __pushEvents($user, $taxii_server, $filters, $eventids, &$i, $jobId = null, $eventCount) + { + $filters['eventid'] = $eventids; + if (!empty($filters['tags']['NOT'])) { + $filters['blockedAttributeTags'] = $filters['tags']['NOT']; + unset($filters['tags']['NOT']); + } + $result = $this->Event->fetchEvent($user, $filters, true); + $result = $this->Allowedlist->removeAllowedlistedFromArray($result, false); + $temporaryFolder = $this->temporaryFolder(); + foreach ($result as $event) { + $temporaryFile = $this->temporaryFile($temporaryFolder); + $temporaryFile->write(json_encode($event)); + $temporaryFile->close(); + if ($jobId && $i % 10 == 0) { + $this->Job->saveField('progress', intval((100 * $i) / $eventCount)); + $this->Job->saveField('message', 'Pushing Event ' . $i . '/' . $eventCount . '.'); + } + $i++; + } + // execute python script here!!! + $scriptFile = APP . 'files/scripts/taxii/taxii_push.py'; + $command = [ + ProcessTool::pythonBin(), + $scriptFile, + '--dir', $temporaryFolder['dir']->path, + '--api_root', $taxii_server['TaxiiServer']['api_root'] + ]; + $result = ProcessTool::execute($command, null, true); + $temporaryFolder->delete(); + $this->Job->saveField('progress', 100); + $this->Job->saveField('message', 'Done, pushed ' . $i . ' events to TAXII server.'); + } + + private function temporaryFolder() + { + $tmpDir = Configure::check('MISP.tmpdir') ? Configure::read('MISP.tmpdir') : '/tmp'; + $random = (new RandomTool())->random_str(true, 12); + $dir = new Folder($tmpDir . '/Taxii/' . $random, true); + return [ + 'random' => $random, + 'dir' => $dir + ]; + } + + private function temporaryFile($temporaryFolder) + { + $random = (new RandomTool())->random_str(true, 12); + return new File($temporaryFolder['dir']->path . '/' . $random . '.json', true, 0644); + } +} diff --git a/app/View/Elements/global_menu.ctp b/app/View/Elements/global_menu.ctp index 9f90233b2..943133494 100755 --- a/app/View/Elements/global_menu.ctp +++ b/app/View/Elements/global_menu.ctp @@ -319,6 +319,11 @@ 'url' => $baseurl . '/cerebrates/index', 'requirement' => $canAccess('cerebrates', 'index'), ), + array( + 'text' => __('List Taxii Servers'), + 'url' => $baseurl . '/TaxiiServers/index', + 'requirement' => $canAccess('taxiiServers', 'index'), + ), array( 'text' => __('Event ID translator'), 'url' => '/servers/idTranslator', diff --git a/app/View/TaxiiServers/add.ctp b/app/View/TaxiiServers/add.ctp new file mode 100644 index 000000000..b9b17903b --- /dev/null +++ b/app/View/TaxiiServers/add.ctp @@ -0,0 +1,44 @@ +request->params['action'] === 'edit' ? true : false; +$fields = [ + [ + 'field' => 'name', + 'class' => 'span6' + ], + [ + 'field' => 'owner', + 'class' => 'span6' + ], + [ + 'field' => 'api_root', + 'class' => 'span6' + ], + [ + 'field' => 'description', + 'type' => 'textarea', + 'class' => 'input span6' + ], + [ + 'field' => 'filters', + 'label' => 'Filter Rules (restsearch JSON)', + 'type' => 'textarea', + 'class' => 'input span6' + ] +]; +echo $this->element('genericElements/Form/genericForm', [ + 'data' => [ + 'description' => false, + 'model' => 'TaxiiServer', + 'title' => $edit ? __('Edit TAXII Server connection') : __('Add TAXII Server connection'), + 'fields' => $fields, + 'submit' => [ + 'action' => $this->request->params['action'], + 'ajaxSubmit' => 'submitGenericFormInPlace();' + ] + ] +]); + +if (!$ajax) { + echo $this->element('/genericElements/SideMenu/side_menu', $menuData); +} diff --git a/app/View/TaxiiServers/index.ctp b/app/View/TaxiiServers/index.ctp new file mode 100644 index 000000000..a6218f862 --- /dev/null +++ b/app/View/TaxiiServers/index.ctp @@ -0,0 +1,90 @@ +element('genericElements/IndexTable/scaffold', [ + 'scaffold_data' => [ + 'data' => [ + 'data' => $data, + 'top_bar' => [ + 'pull' => 'right', + 'children' => [ + [ + 'type' => 'simple', + 'children' => [ + 'data' => [ + 'type' => 'simple', + 'text' => __('Add TaxiiServer'), + 'class' => 'btn btn-primary', + 'onClick' => 'openGenericModal', + 'onClickParams' => [ + sprintf( + '%s/taxiiServers/add', + $baseurl + ) + ] + ] + ] + ], + [ + 'type' => 'search', + 'button' => __('Filter'), + 'placeholder' => __('Enter value to search'), + 'data' => '', + 'searchKey' => 'quickFilter' + ] + ] + ], + 'fields' => [ + [ + 'name' => __('Id'), + 'sort' => 'TaxiiServer.id', + 'data_path' => 'TaxiiServer.id' + ], + [ + 'name' => __('Name'), + 'sort' => 'TaxiiServer.name', + 'data_path' => 'TaxiiServer.name' + ], + [ + 'name' => __('API root'), + 'sort' => 'TaxiiServer.api_root', + 'data_path' => 'TaxiiServer.api_root' + ], + [ + 'name' => __('Filters'), + 'sort' => 'TaxiiServer.filters', + 'data_path' => 'TaxiiServer.filters', + 'type' => 'json' + ], + [ + 'name' => __('Description'), + 'sort' => 'TaxiiServer.description', + 'data_path' => 'TaxiiServer.description' + ] + ], + 'title' => empty($ajax) ? __('Linked Taxii Servers') : false, + 'description' => empty($ajax) ? __('You can connect your MISP to one or several Taxii servers to push data to using a set of filters.') : false, + 'actions' => [ + [ + 'onclick' => sprintf( + 'openGenericModal(\'%s/taxiiServers/push/[onclick_params_data_path]\');', + $baseurl + ), + 'onclick_params_data_path' => 'TaxiiServer.id', + 'title' => __('Pull all filtered data to TAXII server'), + 'icon' => 'upload' + ], + [ + 'url' => $baseurl . '/taxiiServers/edit', + 'url_params_data_paths' => ['TaxiiServer.id'], + 'icon' => 'edit' + ], + [ + 'url' => $baseurl . '/taxiiServers/delete', + 'url_params_data_paths' => ['TaxiiServer.id'], + 'icon' => 'trash' + ], + ] + ] + ] + ]); + +?> diff --git a/app/View/TaxiiServers/view.ctp b/app/View/TaxiiServers/view.ctp new file mode 100644 index 000000000..6ebaa1af9 --- /dev/null +++ b/app/View/TaxiiServers/view.ctp @@ -0,0 +1,68 @@ +element( + 'genericElements/SingleViews/single_view', + [ + 'title' => 'Cerebrate view', + 'data' => $data, + 'fields' => [ + [ + 'key' => __('Id'), + 'path' => 'Cerebrate.id' + ], + [ + 'key' => __('Name'), + 'path' => 'Cerebrate.name' + ], + [ + 'key' => __('URL'), + 'path' => 'Cerebrate.url', + 'url' => '{{0}}', + 'url_vars' => ['Cerebrate.url'] + ], + [ + 'key' => __('Owner Organisation'), + 'path' => 'Cerebrate.org_id', + 'pathName' => 'Organisation.name', + 'type' => 'model', + 'model' => 'organisations' + ], + [ + 'key' => __('Description'), + 'path' => 'Cerebrate.description' + ], + ], + 'side_panels' => [ + [ + 'type' => 'logo', + 'source' => '/img/cerebrate.png', + 'url' => 'https://github.com/cerebrate-project/cerebrate', + 'title' => __('The Cerebrate Project'), + 'img' => [ + 'css' => [ + 'width' => '150px', + 'height' => '150px' + ], + ], + 'div' => [ + 'css' => [ + 'text-align' => 'right' + ] + ] + ] + ], + 'children' => [ + [ + 'url' => '/cerebrates/preview_orgs/{{0}}/', + 'url_params' => ['Cerebrate.id'], + 'title' => __('Organisations'), + 'elementId' => 'preview_orgs_container' + ], + [ + 'url' => '/cerebrates/preview_sharing_groups/{{0}}/', + 'url_params' => ['Cerebrate.id'], + 'title' => __('Sharing Groups'), + 'elementId' => 'preview_sgs_container' + ], + ] + ] +); From d82d3fbe8a3239a11387c140edb3e0628795419d Mon Sep 17 00:00:00 2001 From: Andras Iklody Date: Wed, 16 Feb 2022 17:15:58 +0100 Subject: [PATCH 007/698] new: [docs] added taxii flowchart --- docs/taxii.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 docs/taxii.md diff --git a/docs/taxii.md b/docs/taxii.md new file mode 100644 index 000000000..651173180 --- /dev/null +++ b/docs/taxii.md @@ -0,0 +1,17 @@ +```mermaid +graph TD; + create_random_dir-->taxii_push + taxii_push-->read_filters + read_filters-->create_chunk_size_envelope + create_chunk_size_envelope-->chunk_loop + chunk_loop-->fetchEvent + fetchEvent-->save_to_random_dir + save_to_random_dir-->chunk_loop + chunk_loop-->execute_taxii_script + execute_taxii_script-->read_random_dir_contents + read_random_dir_contents-->loop_files + loop_files-->read_file + read_file-->convert_to_stix + convert_to_stix-->push_to_taxii + push_to_taxii-->loop_files + ``` From d966e9b34717d92092f94239cf142625d7a3813e Mon Sep 17 00:00:00 2001 From: Andras Iklody Date: Wed, 16 Feb 2022 17:17:49 +0100 Subject: [PATCH 008/698] fix: [docs] small change --- docs/taxii.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/taxii.md b/docs/taxii.md index 651173180..243a6371c 100644 --- a/docs/taxii.md +++ b/docs/taxii.md @@ -14,4 +14,5 @@ graph TD; read_file-->convert_to_stix convert_to_stix-->push_to_taxii push_to_taxii-->loop_files + push_to_taxii-->remove_random_dir ``` From bd26870818eaa4e821f7619ac24ca04ffb99f6a4 Mon Sep 17 00:00:00 2001 From: Michael Chisholm Date: Fri, 18 Feb 2022 22:19:49 -0500 Subject: [PATCH 009/698] Initial commit of script to push MISP content to a TAXII 2.1 server. --- app/files/scripts/taxii/taxii_push.py | 425 ++++++++++++++++++++++++++ 1 file changed, 425 insertions(+) create mode 100644 app/files/scripts/taxii/taxii_push.py diff --git a/app/files/scripts/taxii/taxii_push.py b/app/files/scripts/taxii/taxii_push.py new file mode 100644 index 000000000..b625637a3 --- /dev/null +++ b/app/files/scripts/taxii/taxii_push.py @@ -0,0 +1,425 @@ +""" +Read MISP JSON content from files in a directory, convert it to STIX, and +push the content to a TAXII server. +""" +import argparse +import logging +import logging.config +import misp_stix_converter +import pathlib +import sys +import taxii2client +import urllib.parse + + +# Name of the logger to use for this application +_LOGGER_NAME = "taxii_push" + + +# Surely no multi-byte encodings here, but better safe than sorry. +_TAXII_ENVELOPE_PREFIX = '{"objects":['.encode("utf-8") +_TAXII_ENVELOPE_SUFFIX = "]}".encode("utf-8") +_TAXII_ENVELOPE_COMMA = ",".encode("utf-8") + + +class FileProcessingError(Exception): + """ + Instances represent an error encountered while processing a specific + MISP JSON file. + """ + def __init__(self, filepath, description): + + message = "{}: {}".format( + filepath, description + ) + + super().__init__(message) + + self.filepath = filepath + + +def setup_logging(log_level=logging.WARNING): + """ + Creates and applies a logging configuration. + + :param log_level: A logging level. Defaults to warning. May be the level + value as an int, or its name as a string. Strings are checked case- + sensitively against registered level names. + """ + + # A simple made-up config. Customize to taste. + logging_config = { + "version": 1, + + "formatters": { + "simple_format": { + "format": "%(name)s [%(levelname)s] %(message)s", + } + }, + + "handlers": { + "simple_stream": { + "class": "logging.StreamHandler", + "formatter": "simple_format" + } + }, + + # We don't necessarily log via the root logger, but the logging records + # propagate here anyway. Its handlers will act as a catch-all for all + # logging records. + "root": { + "level": log_level, + "handlers": ["simple_stream"] + }, + + # Maybe we let existing loggers continue to work, e.g. anything used + # by dependency libraries? + "disable_existing_loggers": False + } + + logging.config.dictConfig(logging_config) + + +def parse_args(): + """ + Configure expected commandline parameters and process them. + """ + parser = argparse.ArgumentParser( + description="Translate MISP content to STIX 2.1 and push it to a TAXII" + " 2.1 server.", + epilog="This tool reads all files from the given directory and assumes" + " they contain JSON, not just those named as *.json." + ) + + parser.add_argument( + "--dir", + help="A directory with files containing JSON MISP events.", + type=pathlib.Path, + required=True + ) + + parser.add_argument( + "--api_root", + help="A URL to a TAXII 2.1 collection to push content to (we" + " need a collection URL at minimum, not an API root)", + required=True + ) + + parser.add_argument( + "--log_level", + help="Set logging verbosity level. Default: %(default)s", + choices=[ + "fatal", + "error", + "warning", + "info", + "debug" + ], + default="warning" + ) + + args = parser.parse_args() + + return args + + +def api_root_from_collection_url(collection_url): + """ + Strip path components off the end of the path portion of the given TAXII + collection URL, to obtain the API root URL. A TAXII collection URL path + ought to have the form: + + /collections// + + So we want to strip off the last two components. Only the very simplest + sanity check is done on the given URL path. + + :param collection_url: A TAXII collection URL. + :return: The API root URL, or None if it could not be found. + """ + collection_url_parts = urllib.parse.urlparse(collection_url) + + # The "collections//" part ought to have a fixed length, + # since all UUID's have a fixed length (36 chars). And + # len("collections") == 11. + # + # The URL paths are supposed to end with "/", but be robust if they don't. + if collection_url_parts.path.endswith("/"): + suffix_size = 49 + else: + suffix_size = 48 + + if len(collection_url_parts.path) < suffix_size: + api_root_url = None + + else: + api_root_path = collection_url_parts.path[:-suffix_size] + + api_root_url_parts = collection_url_parts[:2] \ + + (api_root_path,) + \ + collection_url_parts[3:] + + api_root_url = urllib.parse.urlunparse(api_root_url_parts) + + return api_root_url + + +def log_status_failures(status): + """ + Log some failure information from a TAXII status resource. + + :param status: A Status resource object of the taxii2-client library with + a non-zero failure count. + """ + log = logging.getLogger(_LOGGER_NAME) + + log.error( + "The TAXII server failed to process some objects (%d failures%s)!", + status.failure_count, + # Be clear about whether processing has completed at this + # point or not. + " so far" if status.status == "pending" else "" + ) + + # If there are a large number of objects, there could be a large number of + # failures. Let's log failure messages at a more verbose logging level. + if log.isEnabledFor(logging.DEBUG): + for failure_details in status.failures: + log.debug( + "%s/%s: %s", + failure_details["id"], + failure_details["version"], + # "message" property is optional + failure_details.get("message", "") + ) + + +def push_taxii_envelope(taxii_collection, taxii_envelope_bytes): + """ + Post the given TAXII envelope to the given collection. + + :param taxii_collection: A taxii2client Collection instance + :param taxii_envelope_bytes: A bytes/bytearray object containing the TAXII + envelope payload for the request + """ + + # Maybe taxii2client should have been written to accept bytearrays... + if isinstance(taxii_envelope_bytes, bytearray): + taxii_envelope_bytes = bytes(taxii_envelope_bytes) + + # Shall we wait for completion, or just fire-and-forget? Maybe waiting + # would take too long. Note that even if we choose not to wait for + # completion, it's a server implementation detail whether any asynchronous + # processing is actually done. It may always process all objects before + # returning anyway. + status = taxii_collection.add_objects( + taxii_envelope_bytes, + wait_for_completion=False + ) + + # We will get an immediate TAXII status resource even if not waiting for + # completion. It may simply say that the adds are still pending and not + # give us much more information. But it may also indicate some failures. + # If we know of any failures at this point, let's log that. + if status.failure_count: + log_status_failures(status) + + +def make_taxii_envelopes(stix_objects, max_content_length): + """ + Generate TAXII envelopes containing the given STIX objects, such that + no envelope size exceeds max_content_length. The envelopes generated + will be bytearrays, and max_content_length is a byte count. + + :param stix_objects: An iterable of stix objects, where each stix object + is an instance of a registered stix2 library class (it needs a + serialize() method to produce JSON). + :param max_content_length: The max TAXII envelope size, in bytes + """ + log = logging.getLogger(_LOGGER_NAME) + + taxii_envelope_bytes = bytearray(_TAXII_ENVELOPE_PREFIX) + + # This won't force us to consume an object on every loop iteration. + # I think the code might be a bit simpler this way... + stix_objects = iter(stix_objects) # ensure we have an iterator + stix_object = next(stix_objects, None) + + # in a TAXII envelope, should we add a comma before a new object? + first_in_envelope = True + + while stix_object: + + stix_object_json = stix_object.serialize() + stix_object_json_bytes = stix_object_json.encode("utf-8") + + # resulting envelope size if we were to add this object and close the + # envelope. + new_envelope_len = len(taxii_envelope_bytes) \ + + len(stix_object_json_bytes) \ + + len(_TAXII_ENVELOPE_SUFFIX) + + if not first_in_envelope: + new_envelope_len += len(_TAXII_ENVELOPE_COMMA) + + if new_envelope_len > max_content_length: + # New envelope would be too large. If we are on the first object, + # we have a problem. We have a single STIX object which is so + # large it can't be posted to the server! Maybe we just skip that + # one and continue? + if first_in_envelope: + log.error( + "STIX object %s is too large to be posted to the TAXII" + " server! Object size: %d, TAXII envelope size: %d," + " API root max content length: %d bytes", + stix_object["id"], + len(stix_object_json_bytes), + new_envelope_len, + max_content_length + ) + + stix_object = next(stix_objects, None) + + else: + # Yield our current envelope and start a fresh one. + taxii_envelope_bytes += _TAXII_ENVELOPE_SUFFIX + + yield taxii_envelope_bytes + + taxii_envelope_bytes.clear() + taxii_envelope_bytes += _TAXII_ENVELOPE_PREFIX + first_in_envelope = True + # ... and we will not consume stix_object. It can be + # checked for size as normal on the next iteration. This + # is where not forcing us to consume the object helps us + # out. It will be re-serialized though... + + else: + # We can fit another object in the TAXII envelope without + # exceeding the limit. + if not first_in_envelope: + taxii_envelope_bytes += _TAXII_ENVELOPE_COMMA + + taxii_envelope_bytes += stix_object_json_bytes + first_in_envelope = False + + stix_object = next(stix_objects, None) + + # Push any remaining objects + if not first_in_envelope: + taxii_envelope_bytes += _TAXII_ENVELOPE_SUFFIX + yield taxii_envelope_bytes + + +def convert_misp_file(misp_file): + """ + Convert the given MISP file to STIX 2.1. + + :param misp_file: A path to a file with a MISP event in it. May be + a string or a pathlib path object. + :return: A STIX 2.1 bundle object + """ + log = logging.getLogger(_LOGGER_NAME) + + converter = misp_stix_converter.MISPtoSTIX21Parser() + converter.parse_json_content(str(misp_file)) + + # Log conversion warnings as warnings; errors as errors? + if log.isEnabledFor(logging.WARNING): + for id_, messages in converter.warnings.items(): + for message in messages: + log.warning("STIX conversion: %s: %s", id_, message) + + if log.isEnabledFor(logging.ERROR): + for id_, messages in converter.errors.items(): + for message in messages: + log.error("STIX conversion: %s: %s", id_, message) + + return converter.bundle + + +def convert_misp_dir(content_dir): + """ + Convert all MISP files in the given directory to STIX 2.1, and generate + each converted STIX object one at a time. + + :param content_dir: The directory to process for MISP content. + """ + log = logging.getLogger(_LOGGER_NAME) + + for event_file in content_dir.iterdir(): + try: + + if event_file.is_file(): + log.info("Processing: %s", event_file) + + stix_bundle = convert_misp_file(event_file) + + yield from stix_bundle.objects + + except Exception as e: + # Wrap errors occurring with a specific file with an exception + # type which tracks the file name. It hopefully makes for + # better error messages. + raise FileProcessingError(event_file, str(e)) from e + + +def push_content(content_dir, collection_url): + """ + Push MISP content from files in the given directory, to a TAXII 2.1 server. + This will translate each MISP event to STIX 2.1. + + :param content_dir: A directory with JSON files containing MISP content. + :param collection_url: A TAXII 2.1 collection URL + """ + + log = logging.getLogger(_LOGGER_NAME) + + api_root_url = api_root_from_collection_url(collection_url) + if not api_root_url: + raise ValueError( + "Could not compute API root URL from: " + collection_url + ) + + with taxii2client.ApiRoot(api_root_url) as api_root: + max_content_length = api_root.max_content_length + + log.debug( + "max content length for API root %s: %d", + api_root_url, max_content_length + ) + + all_stix_objects = convert_misp_dir(content_dir) + + with taxii2client.Collection(collection_url) as taxii_collection: + + for taxii_envelope_bytes in make_taxii_envelopes( + all_stix_objects, max_content_length + ): + push_taxii_envelope(taxii_collection, taxii_envelope_bytes) + + +def main(): + args = parse_args() + + setup_logging(args.log_level.upper()) + log = logging.getLogger(_LOGGER_NAME) + + try: + + push_content(args.dir, args.api_root) + + except Exception: + log.fatal( + "An error occurred!", exc_info=True + ) + exit_status = 1 + + else: + exit_status = 0 + + return exit_status + + +if __name__ == "__main__": + sys.exit(main()) From 778464401ea43c14d58fada4c3c28643b516728a Mon Sep 17 00:00:00 2001 From: Michael Chisholm Date: Mon, 21 Feb 2022 20:40:51 -0500 Subject: [PATCH 010/698] Change --api_root commandline parameter to --collection, since a TAXII collection URL is required as a target to push STIX content to. --- app/files/scripts/taxii/taxii_push.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/app/files/scripts/taxii/taxii_push.py b/app/files/scripts/taxii/taxii_push.py index b625637a3..9efe3a13f 100644 --- a/app/files/scripts/taxii/taxii_push.py +++ b/app/files/scripts/taxii/taxii_push.py @@ -99,9 +99,8 @@ def parse_args(): ) parser.add_argument( - "--api_root", - help="A URL to a TAXII 2.1 collection to push content to (we" - " need a collection URL at minimum, not an API root)", + "--collection", + help="A URL to a TAXII 2.1 collection to push content to", required=True ) @@ -407,7 +406,7 @@ def main(): try: - push_content(args.dir, args.api_root) + push_content(args.dir, args.collection) except Exception: log.fatal( From 49271cd8d4fffbc1d1140e5c93a5c4435eff5e9c Mon Sep 17 00:00:00 2001 From: Dan Nelson <34968876+nandelson@users.noreply.github.com> Date: Tue, 16 Aug 2022 16:53:39 -0400 Subject: [PATCH 011/698] Update INSTALL.rhel7.md --- docs/INSTALL.rhel7.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/INSTALL.rhel7.md b/docs/INSTALL.rhel7.md index 238628f43..6f15fe7c8 100644 --- a/docs/INSTALL.rhel7.md +++ b/docs/INSTALL.rhel7.md @@ -659,4 +659,3 @@ systemctl restart misp-workers.service via this guide and will need additional investigation. {!generic/hardening.md!} - From 196c87963d406cd4df5b71238d847c9a96967a8f Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Wed, 21 Sep 2022 16:12:45 +0200 Subject: [PATCH 012/698] fix: [correlations] Prevent Trying to access array offset on value of type null error --- app/Model/Correlation.php | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/app/Model/Correlation.php b/app/Model/Correlation.php index cc51e0fd7..b02915252 100644 --- a/app/Model/Correlation.php +++ b/app/Model/Correlation.php @@ -681,6 +681,11 @@ class Correlation extends AppModel return true; } + /** + * @param array $query + * @return array|false + * @throws RedisException + */ public function findTop(array $query) { try { @@ -688,21 +693,23 @@ class Correlation extends AppModel } catch (Exception $e) { return false; } + $start = $query['limit'] * ($query['page'] -1); $end = $query['limit'] * $query['page'] - 1; $list = $redis->zRevRange(self::CACHE_NAME, $start, $end, true); $results = []; - foreach ($list as $value => $count) { - $realValue = $this->CorrelationValue->find('first', - [ - 'recursive' => -1, - 'conditions' => ['CorrelationValue.id' => $value], - 'fields' => 'CorrelationValue.value' - ] - ); + + $realValues = $this->CorrelationValue->find('list', [ + 'recursive' => -1, + 'conditions' => ['CorrelationValue.id' => array_keys($list)], + 'fields' => ['CorrelationValue.id', 'CorrelationValue.value'], + ]); + + foreach ($list as $valueId => $count) { + $value = $realValues[$valueId] ?? null; $results[] = [ 'Correlation' => [ - 'value' => $realValue['CorrelationValue']['value'], + 'value' => $value, 'count' => $count, 'excluded' => $this->__preventExcludedCorrelations($value), ] From 098adf9f4f7bb99a8763ec1095f1b55a2c3523b8 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Wed, 21 Sep 2022 16:13:18 +0200 Subject: [PATCH 013/698] new: [news] Show the latest news in nicer view --- app/Controller/Component/ACLComponent.php | 9 +- app/Controller/NewsController.php | 51 ++++++--- .../genericElements/SideMenu/side_menu.ctp | 7 +- app/View/News/add.ctp | 8 +- app/View/News/admin_index.ctp | 56 +++++++++ app/View/News/index.ctp | 107 ++++++++---------- 6 files changed, 159 insertions(+), 79 deletions(-) create mode 100644 app/View/News/admin_index.ctp diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index edf189ec6..20823cc70 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -397,10 +397,11 @@ class ACLComponent extends Component 'queryEnrichment' => array('perm_auth'), ), 'news' => array( - 'add' => array(), - 'edit' => array(), - 'delete' => array(), - 'index' => array('*'), + 'add' => array(), + 'edit' => array(), + 'delete' => array(), + 'admin_index' => array(), + 'index' => ['*'], ), 'noticelists' => array( 'delete' => array(), diff --git a/app/Controller/NewsController.php b/app/Controller/NewsController.php index e7ce8c257..f4df8cbd2 100755 --- a/app/Controller/NewsController.php +++ b/app/Controller/NewsController.php @@ -1,6 +1,9 @@ 5, 'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page. - 'order' => array( + 'order' => [ 'News.id' => 'DESC' - ), + ], + 'contain' => [ + 'User' => ['fields' => ['User.email']], + ] ); public function index() { - $this->paginate['contain'] = array('User' => array('fields' => array('User.email'))); + $user = $this->Auth->user(); $newsItems = $this->paginate(); - $newsread = $this->Auth->user('newsread'); - foreach ($newsItems as $key => $item) { - if ($item['News']['date_created'] > $newsread) { - $newsItems[$key]['News']['new'] = true; - } else { - $newsItems[$key]['News']['new'] = false; + $newsread = $user['newsread']; + $hasUnreadNews = false; + foreach ($newsItems as &$item) { + $isNew = $item['News']['date_created'] > $newsread; + $item['News']['new'] = $isNew; + if ($isNew) { + $hasUnreadNews = true; } } $this->set('newsItems', $newsItems); + $this->set('hasUnreadNews', $hasUnreadNews); - $this->loadModel('User'); - $this->User->updateField($this->Auth->user(), 'newsread', time()); + if ($hasUnreadNews) { + $homepage = $this->User->UserSetting->getValueForUser($user['id'], 'homepage'); + if (!empty($homepage)) { + $this->set('homepage', $homepage); + } else { + $this->set('homepage', "{$this->baseurl}/events/index"); + } + + $this->User->updateField($user, 'newsread', time()); + } + } + + public function admin_index() + { + $user = $this->Auth->user(); + $this->paginate['limit'] = 25; + $newsItems = $this->paginate(); + + $this->set('newsItems', $newsItems); + $this->set('user', $user); } public function add() @@ -74,7 +100,6 @@ class NewsController extends AppController public function delete($id) { - $this->defaultModel = 'News'; $this->CRUD->delete($id); if ($this->IndexFilter->isRest()) { return $this->restResponsePayload; diff --git a/app/View/Elements/genericElements/SideMenu/side_menu.ctp b/app/View/Elements/genericElements/SideMenu/side_menu.ctp index 01170d17c..b5b801272 100644 --- a/app/View/Elements/genericElements/SideMenu/side_menu.ctp +++ b/app/View/Elements/genericElements/SideMenu/side_menu.ctp @@ -1364,9 +1364,14 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider'); case 'news': echo $this->element('/genericElements/SideMenu/side_menu_link', array( 'url' => $baseurl . '/news/index', - 'text' => __('View News') + 'text' => __('View News'), )); if ($isSiteAdmin) { + echo $this->element('/genericElements/SideMenu/side_menu_link', array( + 'url' => $baseurl . '/admin/news/index', + 'text' => __('View News as Admin'), + 'element_id' => 'admin_index', + )); echo $this->element('/genericElements/SideMenu/side_menu_link', array( 'url' => $baseurl . '/news/add', 'text' => __('Add News Item') diff --git a/app/View/News/add.ctp b/app/View/News/add.ctp index 376f5505d..d4f11b47c 100755 --- a/app/View/News/add.ctp +++ b/app/View/News/add.ctp @@ -1,16 +1,16 @@ request->params['action'] === 'edit' ? true : false; +$isEdit = $this->request->params['action'] === 'edit'; echo $this->element( '/genericElements/SideMenu/side_menu', [ 'menuList' => 'news', - 'menuItem' => $edit ? 'edit' : 'add' + 'menuItem' => $isEdit ? 'edit' : 'add' ] ); echo $this->element('genericElements/Form/genericForm', [ 'data' => [ - 'title' => $edit ? __('Edit News Item') : __('Add News Item'), + 'title' => $isEdit ? __('Edit News Item') : __('Add News Item'), 'fields' => [ [ 'field' => 'title', @@ -22,7 +22,7 @@ echo $this->element('genericElements/Form/genericForm', [ ], [ 'field' => 'message', - 'label' => __('Message'), + 'label' => __('Message (you can use Markdown format)'), 'type' => 'textarea', 'error' => ['escape' => false], 'div' => 'input clear', diff --git a/app/View/News/admin_index.ctp b/app/View/News/admin_index.ctp new file mode 100644 index 000000000..1f405183c --- /dev/null +++ b/app/View/News/admin_index.ctp @@ -0,0 +1,56 @@ +set('menuData', ['menuList' => 'news', 'menuItem' => 'admin_index']); +echo $this->element('genericElements/IndexTable/scaffold', [ + 'scaffold_data' => [ + 'data' => [ + 'data' => $newsItems, + 'fields' => [ + [ + 'name' => __('ID'), + 'sort' => 'id', + 'data_path' => 'News.id' + ], + [ + 'name' => __('User'), + 'sort' => 'email', + 'data_path' => 'User.email' + ], + [ + 'name' => __('Title'), + 'sort' => 'title', + 'data_path' => 'News.title' + ], + [ + 'name' => __('Message'), + 'sort' => 'message', + 'data_path' => 'News.message' + ], + [ + 'name' => __('Created at'), + 'sort' => 'date_created', + 'data_path' => 'News.date_created', + 'element' => 'datetime' + ], + ], + 'title' => empty($ajax) ? __('News') : false, + 'pull' => 'right', + 'actions' => [ + [ + 'url' => $baseurl . '/news/edit', + 'url_params_data_paths' => [ + 'News.id' + ], + 'icon' => 'edit', + 'title' => __('Edit News'), + ], + [ + 'url' => $baseurl . '/news/delete', + 'url_params_data_paths' => ['News.id'], + 'class' => 'modal-open', + 'icon' => 'trash', + 'title' => __('Delete news'), + ] + ] + ] + ] +]); \ No newline at end of file diff --git a/app/View/News/index.ctp b/app/View/News/index.ctp index 74ebd33bd..db852841c 100644 --- a/app/View/News/index.ctp +++ b/app/View/News/index.ctp @@ -1,61 +1,54 @@ - +

-$this->set('menuData', ['menuList' => 'news', 'menuItem' => 'index']); + +
+

+ +
+ -echo $this->element('genericElements/IndexTable/scaffold', [ - 'scaffold_data' => [ - 'data' => [ - 'data' => $newsItems, - 'fields' => [ - [ - 'name' => __('Id'), - 'sort' => 'id', - 'data_path' => 'News.id' - ], - [ - 'name' => __('User'), - 'sort' => 'email', - 'data_path' => 'User.email' - ], - [ - 'name' => __('Title'), - 'sort' => 'title', - 'data_path' => 'News.title' - ], - [ - 'name' => __('Message'), - 'sort' => 'message', - 'data_path' => 'News.message' - ], - [ - 'name' => __('Created at'), - 'sort' => 'date_created', - 'data_path' => 'News.date_created', - 'element' => 'datetime' - ], + - ], - 'title' => empty($ajax) ? __('News') : false, - 'pull' => 'right', - 'actions' => [ - [ - 'url' => $baseurl . '/news/edit', - 'url_params_data_paths' => [ - 'News.id' - ], - 'icon' => 'edit', - 'title' => 'Edit News', - ], - [ - 'onclick' => sprintf( - 'openGenericModal(\'%s/news/delete/[onclick_params_data_path]\');', - $baseurl - ), - 'onclick_params_data_path' => 'News.id', - 'icon' => 'trash', - 'title' => __('Delete news'), - ] - ] - ] - ] + +

+

Time->time($news['News']['date_created']), $news['User']['email'] ? __(' by %s', $news['User']['email']) : '') ?>

+
+ + +

+ Paginator->counter(array( + 'format' => __('Page {:page} of {:pages}, showing {:current} articles out of {:count} total, starting on article {:start}, ending on {:end}') + )); + ?> +

+ + +element('genericElements/assetLoader', [ + 'js' => [ + 'markdown-it', + ], ]); +?> + +element('/genericElements/SideMenu/side_menu', ['menuList' => 'news', 'menuItem' => 'index']); \ No newline at end of file From 8c44444205ea0c21de08c7635a8ba4426752a02c Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 13 Oct 2022 10:40:16 +0200 Subject: [PATCH 014/698] chg: [misp-objects] updated to the latest version --- app/files/misp-objects | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/misp-objects b/app/files/misp-objects index 3cf9307b2..82c699cc5 160000 --- a/app/files/misp-objects +++ b/app/files/misp-objects @@ -1 +1 @@ -Subproject commit 3cf9307b24232b209545261c7cbf075ce4d92a66 +Subproject commit 82c699cc5f139e7d991b5c76099c0cde88dbf806 From 5fcc1240e60540353f5acce47e1cdc476c12e9c5 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 24 Oct 2022 08:55:20 +0200 Subject: [PATCH 015/698] chg: [warning-lists] updated to the latest version --- app/files/warninglists | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/warninglists b/app/files/warninglists index 1b026ee51..c50ad9fca 160000 --- a/app/files/warninglists +++ b/app/files/warninglists @@ -1 +1 @@ -Subproject commit 1b026ee5115e5a6c7fda4cb7a6032c01e6f69a9c +Subproject commit c50ad9fca9c991606150826afe9432fb76ad310f From b768ab087d07de7b91e668ca3bda9e27bd7a3f1d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 24 Oct 2022 09:18:05 +0200 Subject: [PATCH 016/698] chg: [misp-galaxy] updated --- app/files/misp-galaxy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/misp-galaxy b/app/files/misp-galaxy index eacab6ca2..55b721a42 160000 --- a/app/files/misp-galaxy +++ b/app/files/misp-galaxy @@ -1 +1 @@ -Subproject commit eacab6ca27e1d1996bb28b7c617943052a41e3fd +Subproject commit 55b721a422827a22fae374803e1a2ef3dcabf273 From 0f68b422241ac1caa3312ed008151e2b7f1b297d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 31 Oct 2022 15:03:28 +0100 Subject: [PATCH 017/698] chg: [misp-workflow-blueprints] updated to the latest version --- app/files/misp-workflow-blueprints | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/misp-workflow-blueprints b/app/files/misp-workflow-blueprints index 115b18dec..3f22a11be 160000 --- a/app/files/misp-workflow-blueprints +++ b/app/files/misp-workflow-blueprints @@ -1 +1 @@ -Subproject commit 115b18decf8a5a6af0191301193d4b6607dbfc1a +Subproject commit 3f22a11be2545e808b734787246739dcd69f7eb5 From d03dc9c73bd216c67d81011f0acdcf09c35f15f2 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Sun, 6 Nov 2022 18:25:48 +0100 Subject: [PATCH 018/698] fix: [backgroundJobs] Added default fallback for settings & Use proper filepath when Redis not enabled --- app/Console/Command/AppShell.php | 6 +++++- app/Lib/Tools/BackgroundJobsTool.php | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/app/Console/Command/AppShell.php b/app/Console/Command/AppShell.php index d825ea282..77ba8e761 100644 --- a/app/Console/Command/AppShell.php +++ b/app/Console/Command/AppShell.php @@ -89,7 +89,11 @@ abstract class AppShell extends Shell protected function getBackgroundJobsTool() { if (!isset($this->BackgroundJobsTool)) { - $this->BackgroundJobsTool = new BackgroundJobsTool(Configure::read('SimpleBackgroundJobs')); + $settings = ['enabled' => false]; + if (!empty(Configure::read('SimpleBackgroundJobs.enabled'))) { + $settings = Configure::read('SimpleBackgroundJobs'); + } + $this->BackgroundJobsTool = new BackgroundJobsTool($settings); } return $this->BackgroundJobsTool; } diff --git a/app/Lib/Tools/BackgroundJobsTool.php b/app/Lib/Tools/BackgroundJobsTool.php index 19d56dada..37e53883e 100644 --- a/app/Lib/Tools/BackgroundJobsTool.php +++ b/app/Lib/Tools/BackgroundJobsTool.php @@ -161,7 +161,7 @@ class BackgroundJobsTool } RedisTool::unlink($this->RedisConnection, self::DATA_CONTENT_PREFIX . ':' . $uuid); return $data; - } else if ($path[0] === '/') { // deprecated storage location when not full path is provided + } else if ($path[0] !== '/') { // deprecated storage location when not full path is provided $path = APP . 'tmp/cache/ingest' . DS . $path; } return JsonTool::decode(FileAccessTool::readAndDelete($path)); From 771b4619f5b88ddbf907b7ba733d637b6726bcd7 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Sun, 6 Nov 2022 18:33:27 +0100 Subject: [PATCH 019/698] fix: [acl] Added missing entry about eventReport --- app/Controller/Component/ACLComponent.php | 21 +++++++++++++++++++++ app/Controller/EventReportsController.php | 2 +- app/Model/EventReport.php | 16 +--------------- app/View/Helper/AclHelper.php | 14 ++++++++++++++ 4 files changed, 37 insertions(+), 16 deletions(-) diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index c18835589..6f0a02598 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -969,6 +969,27 @@ class ACLComponent extends Component return $user['org_id'] == $tagCollection['TagCollection']['org_id']; } + /** + * Only site admin and event creator can modify an eventReport + * + * @param array $user + * @param array $report + * @return boolean + */ + public function canEditReport(array $user, array $report): bool + { + if ($user['Role']['perm_site_admin']) { + return true; + } + if (empty($report['Event'])) { + return __('Could not find associated event'); + } + if ($report['Event']['orgc_id'] != $user['org_id']) { + return __('Only the creator organisation of the event can modify the report'); + } + return true; + } + /** * Only users that can modify organisation can delete sightings as sighting is not linked to user. * diff --git a/app/Controller/EventReportsController.php b/app/Controller/EventReportsController.php index d4d972d36..a5c407fa1 100644 --- a/app/Controller/EventReportsController.php +++ b/app/Controller/EventReportsController.php @@ -494,7 +494,7 @@ class EventReportsController extends AppController private function __injectPermissionsToViewContext($user, $report) { - $canEdit = $this->EventReport->canEditReport($user, $report) === true; + $canEdit = $this->ACL->canEditReport($user, $report) === true; $this->set('canEdit', $canEdit); } diff --git a/app/Model/EventReport.php b/app/Model/EventReport.php index d0c074693..86298b57a 100644 --- a/app/Model/EventReport.php +++ b/app/Model/EventReport.php @@ -408,7 +408,7 @@ class EventReport extends AppModel return $report; } else { if (in_array('edit', $authorizations) || in_array('delete', $authorizations)) { - $checkResult = $this->canEditReport($user, $report); + $checkResult = $this->ACL->canEditReport($user, $report); if ($checkResult !== true) { if ($throwErrors) { throw new UnauthorizedException($checkResult); @@ -420,20 +420,6 @@ class EventReport extends AppModel } } - public function canEditReport(array $user, array $report) - { - if ($user['Role']['perm_site_admin']) { - return true; - } - if (empty($report['Event'])) { - return __('Could not find associated event'); - } - if ($report['Event']['orgc_id'] != $user['org_id']) { - return __('Only the creator organisation of the event can modify the report'); - } - return true; - } - public function reArrangeReport(array $report) { $rearrangeObjects = array('Event', 'SharingGroup'); diff --git a/app/View/Helper/AclHelper.php b/app/View/Helper/AclHelper.php index 85a9b432d..b0273d4e3 100644 --- a/app/View/Helper/AclHelper.php +++ b/app/View/Helper/AclHelper.php @@ -94,6 +94,20 @@ class AclHelper extends Helper return $this->ACL->canEditReport($me, $eventReport); } + public function canEditReport(array $user, array $report) + { + if ($user['Role']['perm_site_admin']) { + return true; + } + if (empty($report['Event'])) { + return __('Could not find associated event'); + } + if ($report['Event']['orgc_id'] != $user['org_id']) { + return __('Only the creator organisation of the event can modify the report'); + } + return true; + } + /** * @param array $cluster * @return bool From 6b1b080eecc56ab785431897782e4b315d5e071d Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Sun, 6 Nov 2022 18:40:48 +0100 Subject: [PATCH 020/698] chg: [helper:acl] Removed unused function --- app/View/Helper/AclHelper.php | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/app/View/Helper/AclHelper.php b/app/View/Helper/AclHelper.php index b0273d4e3..85a9b432d 100644 --- a/app/View/Helper/AclHelper.php +++ b/app/View/Helper/AclHelper.php @@ -94,20 +94,6 @@ class AclHelper extends Helper return $this->ACL->canEditReport($me, $eventReport); } - public function canEditReport(array $user, array $report) - { - if ($user['Role']['perm_site_admin']) { - return true; - } - if (empty($report['Event'])) { - return __('Could not find associated event'); - } - if ($report['Event']['orgc_id'] != $user['org_id']) { - return __('Only the creator organisation of the event can modify the report'); - } - return true; - } - /** * @param array $cluster * @return bool From 9f3d0eccdd9ce1acf1f8c162acdd762384edb704 Mon Sep 17 00:00:00 2001 From: iglocska Date: Tue, 8 Nov 2022 12:18:31 +0100 Subject: [PATCH 021/698] fix: [tags] index search fixed - not passing name, filter, search all together would lead to the search not working --- app/Controller/TagsController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Controller/TagsController.php b/app/Controller/TagsController.php index 1451982b9..562802c66 100644 --- a/app/Controller/TagsController.php +++ b/app/Controller/TagsController.php @@ -60,7 +60,7 @@ class TagsController extends AppController $this->paginate['conditions']['AND'][] = ['LOWER(Tag.name) LIKE' => '%' . strtolower($passedArgsArray['searchall']) . '%']; } foreach (['name', 'filter', 'search'] as $f) { - if (!empty($passedArgsArray['name'])) { + if (!empty($passedArgsArray[$f])) { $this->paginate['conditions']['AND'][] = ['LOWER(Tag.name)' => strtolower($passedArgsArray[$f])]; } } From 0f6ffb8270bcbae29222f86756293c25d3df1367 Mon Sep 17 00:00:00 2001 From: CriimBow Date: Tue, 8 Nov 2022 16:13:14 +0100 Subject: [PATCH 022/698] does not exists => does not exist --- app/Console/Command/EventShell.php | 4 ++-- app/Controller/AttributesController.php | 4 ++-- app/Lib/Tools/AttachmentTool.php | 2 +- app/Locale/ara/LC_MESSAGES/default.po | 2 +- app/Locale/cake_resque.pot | 2 +- app/Locale/cze/LC_MESSAGES/default.po | 2 +- app/Locale/dan/LC_MESSAGES/default.po | 2 +- app/Locale/default.pot | 2 +- app/Locale/deu/LC_MESSAGES/default.po | 2 +- app/Locale/fra/LC_MESSAGES/default.po | 2 +- app/Locale/hun/LC_MESSAGES/default.po | 2 +- app/Locale/ita/LC_MESSAGES/default.po | 2 +- app/Locale/jpn/LC_MESSAGES/default.po | 2 +- app/Locale/kor/LC_MESSAGES/default.po | 2 +- app/Locale/no/LC_MESSAGES/default.po | 2 +- app/Locale/pol/LC_MESSAGES/default.po | 2 +- app/Locale/pt_BR/LC_MESSAGES/default.po | 2 +- app/Locale/ro/LC_MESSAGES/default.po | 2 +- app/Locale/rus/LC_MESSAGES/default.po | 2 +- app/Locale/si-LK/LC_MESSAGES/default.po | 2 +- app/Locale/spa/LC_MESSAGES/default.po | 2 +- app/Locale/th_TH/LC_MESSAGES/default.po | 2 +- app/Locale/zh-s/LC_MESSAGES/default.po | 2 +- app/Model/GalaxyClusterRelation.php | 4 ++-- app/Model/Server.php | 2 +- app/Model/Workflow.php | 2 +- app/webroot/js/cal-heatmap.js | 2 +- app/webroot/js/markdownEditor/event-report.js | 2 +- app/webroot/js/taskScheduler.js | 2 +- tools/misp-config | 2 +- 30 files changed, 33 insertions(+), 33 deletions(-) diff --git a/app/Console/Command/EventShell.php b/app/Console/Command/EventShell.php index 1398bd476..88c6739ed 100644 --- a/app/Console/Command/EventShell.php +++ b/app/Console/Command/EventShell.php @@ -68,7 +68,7 @@ class EventShell extends AppShell $user = $this->getUser($userId); if (!file_exists($path)) { - $this->error("File '$path' does not exists."); + $this->error("File '$path' does not exist."); } if (!is_readable($path)) { $this->error("File '$path' is not readable."); @@ -637,7 +637,7 @@ class EventShell extends AppShell { $user = $this->User->getAuthUser($userId, true); if (empty($user)) { - $this->error("User with ID $userId does not exists."); + $this->error("User with ID $userId does not exist."); } Configure::write('CurrentUserId', $user['id']); // for audit logging purposes return $user; diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php index d73c479b3..c525ed153 100644 --- a/app/Controller/AttributesController.php +++ b/app/Controller/AttributesController.php @@ -299,7 +299,7 @@ class AttributesController extends AppController $conditions['Attribute.type'] = array('attachment', 'malware-sample'); $attributes = $this->Attribute->fetchAttributes($this->Auth->user(), array('conditions' => $conditions, 'flatten' => true)); if (empty($attributes)) { - throw new UnauthorizedException(__('Attribute does not exists or you do not have the permission to download this attribute.')); + throw new UnauthorizedException(__('Attribute does not exist or you do not have the permission to download this attribute.')); } return $this->__downloadAttachment($attributes[0]['Attribute']); } @@ -1770,7 +1770,7 @@ class AttributesController extends AppController $conditions['Attribute.type'] = array('attachment', 'malware-sample'); $attributes = $this->Attribute->fetchAttributes($user, array('conditions' => $conditions, 'flatten' => true)); if (empty($attributes)) { - throw new UnauthorizedException(__('Attribute does not exists or you do not have the permission to download this attribute.')); + throw new UnauthorizedException(__('Attribute does not exist or you do not have the permission to download this attribute.')); } return $this->__downloadAttachment($attributes[0]['Attribute']); } diff --git a/app/Lib/Tools/AttachmentTool.php b/app/Lib/Tools/AttachmentTool.php index 52f227832..d95cdd6cd 100644 --- a/app/Lib/Tools/AttachmentTool.php +++ b/app/Lib/Tools/AttachmentTool.php @@ -157,7 +157,7 @@ class AttachmentTool $filepath = $this->attachmentDir() . DS . $path; $file = new File($filepath); if (!is_file($file->path)) { - throw new NotFoundException("File '$filepath' does not exists."); + throw new NotFoundException("File '$filepath' does not exist."); } } diff --git a/app/Locale/ara/LC_MESSAGES/default.po b/app/Locale/ara/LC_MESSAGES/default.po index d669fcdb5..ccaa20c24 100644 --- a/app/Locale/ara/LC_MESSAGES/default.po +++ b/app/Locale/ara/LC_MESSAGES/default.po @@ -725,7 +725,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "" #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/cake_resque.pot b/app/Locale/cake_resque.pot index fdbc5ab59..a105801bb 100644 --- a/app/Locale/cake_resque.pot +++ b/app/Locale/cake_resque.pot @@ -578,7 +578,7 @@ msgid "Workers number [%s] is not valid. Please enter a valid number" msgstr "" #: Plugin/CakeResque/Console/Command/CakeResqueShell.php:1282 -msgid "User [%s] does not exists. Please enter a valid system user" +msgid "User [%s] does not exist. Please enter a valid system user" msgstr "" #: Plugin/CakeResque/Console/Command/CakeResqueShell.php:1304 diff --git a/app/Locale/cze/LC_MESSAGES/default.po b/app/Locale/cze/LC_MESSAGES/default.po index b1c6c1d00..fa32e5969 100644 --- a/app/Locale/cze/LC_MESSAGES/default.po +++ b/app/Locale/cze/LC_MESSAGES/default.po @@ -723,7 +723,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "Neplatná Skupina sdílení nebo není autorizovaná." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/dan/LC_MESSAGES/default.po b/app/Locale/dan/LC_MESSAGES/default.po index 073394e95..8de07eca4 100644 --- a/app/Locale/dan/LC_MESSAGES/default.po +++ b/app/Locale/dan/LC_MESSAGES/default.po @@ -720,7 +720,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "Ugyldig Delingsgruppe, eller ingen godkendelse." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/default.pot b/app/Locale/default.pot index 40c15ea69..8800c29b4 100644 --- a/app/Locale/default.pot +++ b/app/Locale/default.pot @@ -848,7 +848,7 @@ msgid "Add attribute" msgstr "" #: Controller/AttributesController.php:287;1725 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:305 diff --git a/app/Locale/deu/LC_MESSAGES/default.po b/app/Locale/deu/LC_MESSAGES/default.po index a447de5b5..0704a865b 100644 --- a/app/Locale/deu/LC_MESSAGES/default.po +++ b/app/Locale/deu/LC_MESSAGES/default.po @@ -720,7 +720,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "Ungültige Freigabegruppe oder nicht berechtigt." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/fra/LC_MESSAGES/default.po b/app/Locale/fra/LC_MESSAGES/default.po index ece0e4027..4383c9239 100644 --- a/app/Locale/fra/LC_MESSAGES/default.po +++ b/app/Locale/fra/LC_MESSAGES/default.po @@ -723,7 +723,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "Groupe de partage invalide ou non autorisé." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/hun/LC_MESSAGES/default.po b/app/Locale/hun/LC_MESSAGES/default.po index 29959ad24..060ff002d 100644 --- a/app/Locale/hun/LC_MESSAGES/default.po +++ b/app/Locale/hun/LC_MESSAGES/default.po @@ -720,7 +720,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "" #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/ita/LC_MESSAGES/default.po b/app/Locale/ita/LC_MESSAGES/default.po index 83ce00e04..3fd797c47 100644 --- a/app/Locale/ita/LC_MESSAGES/default.po +++ b/app/Locale/ita/LC_MESSAGES/default.po @@ -721,7 +721,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "Sharing Group non valido o non autorizzato." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/jpn/LC_MESSAGES/default.po b/app/Locale/jpn/LC_MESSAGES/default.po index ba835e83c..8d8b227ac 100644 --- a/app/Locale/jpn/LC_MESSAGES/default.po +++ b/app/Locale/jpn/LC_MESSAGES/default.po @@ -719,7 +719,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "無効な共有グループ、もしくは権限がありません。" #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/kor/LC_MESSAGES/default.po b/app/Locale/kor/LC_MESSAGES/default.po index d8348242d..702b70330 100644 --- a/app/Locale/kor/LC_MESSAGES/default.po +++ b/app/Locale/kor/LC_MESSAGES/default.po @@ -720,7 +720,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "잘못된 공유 그룹이거나 권한이 없습니다" #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/no/LC_MESSAGES/default.po b/app/Locale/no/LC_MESSAGES/default.po index 1615ea775..2ebb74bc6 100644 --- a/app/Locale/no/LC_MESSAGES/default.po +++ b/app/Locale/no/LC_MESSAGES/default.po @@ -720,7 +720,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "Ugyldig delingsgruppe eller ikke autorisert." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/pol/LC_MESSAGES/default.po b/app/Locale/pol/LC_MESSAGES/default.po index 275617176..348da1637 100644 --- a/app/Locale/pol/LC_MESSAGES/default.po +++ b/app/Locale/pol/LC_MESSAGES/default.po @@ -723,7 +723,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "" #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/pt_BR/LC_MESSAGES/default.po b/app/Locale/pt_BR/LC_MESSAGES/default.po index 14425a49e..e78b80293 100644 --- a/app/Locale/pt_BR/LC_MESSAGES/default.po +++ b/app/Locale/pt_BR/LC_MESSAGES/default.po @@ -721,7 +721,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "Grupo de compartilhamento inválido ou não autorizado." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/ro/LC_MESSAGES/default.po b/app/Locale/ro/LC_MESSAGES/default.po index 00e817fce..0032d1140 100644 --- a/app/Locale/ro/LC_MESSAGES/default.po +++ b/app/Locale/ro/LC_MESSAGES/default.po @@ -721,7 +721,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "" #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/rus/LC_MESSAGES/default.po b/app/Locale/rus/LC_MESSAGES/default.po index b3bfb931e..12d435b47 100644 --- a/app/Locale/rus/LC_MESSAGES/default.po +++ b/app/Locale/rus/LC_MESSAGES/default.po @@ -722,7 +722,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "" #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/si-LK/LC_MESSAGES/default.po b/app/Locale/si-LK/LC_MESSAGES/default.po index 53160e3aa..ba4d74a52 100644 --- a/app/Locale/si-LK/LC_MESSAGES/default.po +++ b/app/Locale/si-LK/LC_MESSAGES/default.po @@ -723,7 +723,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "වලංගු නොවන බෙදාගැනීමේ කණ්ඩායමක් හෝ අවසරයක් නැත." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "උපලක්ෂණයක් නොපවතී හෝ ඔබට මෙම උපලක්ෂණ බාගැනීමට අවසර නැත." #: Controller/AttributesController.php:334 diff --git a/app/Locale/spa/LC_MESSAGES/default.po b/app/Locale/spa/LC_MESSAGES/default.po index 548973e37..618975630 100644 --- a/app/Locale/spa/LC_MESSAGES/default.po +++ b/app/Locale/spa/LC_MESSAGES/default.po @@ -722,7 +722,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "Grupo de uso no válido o no autorizado." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Locale/th_TH/LC_MESSAGES/default.po b/app/Locale/th_TH/LC_MESSAGES/default.po index 45589c869..c22c08e09 100644 --- a/app/Locale/th_TH/LC_MESSAGES/default.po +++ b/app/Locale/th_TH/LC_MESSAGES/default.po @@ -722,7 +722,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "กลุ่มการแบ่งปันไม่ถูกต้องหรือไม่ได้รับอนุญาต" #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "ไม่มีแอตทริบิวต์หรือคุณไม่ได้รับอนุญาตให้ดาวน์โหลดแอตทริบิวต์นี้" #: Controller/AttributesController.php:334 diff --git a/app/Locale/zh-s/LC_MESSAGES/default.po b/app/Locale/zh-s/LC_MESSAGES/default.po index 9d554618d..b8a044794 100644 --- a/app/Locale/zh-s/LC_MESSAGES/default.po +++ b/app/Locale/zh-s/LC_MESSAGES/default.po @@ -719,7 +719,7 @@ msgid "Invalid Sharing Group or not authorised." msgstr "无效的共享组或未授权." #: Controller/AttributesController.php:316;1772 -msgid "Attribute does not exists or you do not have the permission to download this attribute." +msgid "Attribute does not exist or you do not have the permission to download this attribute." msgstr "" #: Controller/AttributesController.php:334 diff --git a/app/Model/GalaxyClusterRelation.php b/app/Model/GalaxyClusterRelation.php index 7fb182064..6f20fba88 100644 --- a/app/Model/GalaxyClusterRelation.php +++ b/app/Model/GalaxyClusterRelation.php @@ -223,7 +223,7 @@ class GalaxyClusterRelation extends AppModel } if (!$force) { $targetCluster = $this->TargetCluster->fetchIfAuthorized($user, $relation['GalaxyClusterRelation']['referenced_galaxy_cluster_uuid'], 'view', $throwErrors=false, $full=false); - if (isset($targetCluster['authorized']) && !$targetCluster['authorized']) { // do not save the relation if referenced cluster is not accessible by the user (or does not exists) + if (isset($targetCluster['authorized']) && !$targetCluster['authorized']) { // do not save the relation if referenced cluster is not accessible by the user (or does not exist) $errors[] = array(__('Invalid referenced galaxy cluster')); return $errors; } @@ -315,7 +315,7 @@ class GalaxyClusterRelation extends AppModel return $errors; } $targetCluster = $this->TargetCluster->fetchIfAuthorized($user, $relation['GalaxyClusterRelation']['referenced_galaxy_cluster_uuid'], 'view', $throwErrors=false, $full=false); - if (isset($targetCluster['authorized']) && !$targetCluster['authorized']) { // do not save the relation if referenced cluster is not accessible by the user (or does not exists) + if (isset($targetCluster['authorized']) && !$targetCluster['authorized']) { // do not save the relation if referenced cluster is not accessible by the user (or does not exist) $errors[] = array(__('Invalid referenced galaxy cluster')); return $errors; } diff --git a/app/Model/Server.php b/app/Model/Server.php index 0bdbd0b08..854447068 100644 --- a/app/Model/Server.php +++ b/app/Model/Server.php @@ -3182,7 +3182,7 @@ class Server extends AppModel $indexDiff = array(); foreach ($expectedIndex as $tableName => $indexes) { if (!array_key_exists($tableName, $actualIndex)) { - continue; // If table does not exists, it is covered by the schema diagnostic + continue; // If table does not exist, it is covered by the schema diagnostic } $tableIndexDiff = array_diff(array_keys($indexes), array_keys($actualIndex[$tableName])); // check for missing indexes foreach ($tableIndexDiff as $columnDiff) { diff --git a/app/Model/Workflow.php b/app/Model/Workflow.php index c1f99b9ff..70c8d1888 100644 --- a/app/Model/Workflow.php +++ b/app/Model/Workflow.php @@ -1008,7 +1008,7 @@ class Workflow extends AppModel $className = str_replace('.php', '', $className[count($className)-1]); try { if (!@include_once($filepath)) { - $message = __('Could not load module for path %s. File does not exists.', $filepath); + $message = __('Could not load module for path %s. File does not exist.', $filepath); $this->log($message, LOG_ERR); return $message; } diff --git a/app/webroot/js/cal-heatmap.js b/app/webroot/js/cal-heatmap.js index 0ce105e7b..96ffcc948 100644 --- a/app/webroot/js/cal-heatmap.js +++ b/app/webroot/js/cal-heatmap.js @@ -1114,7 +1114,7 @@ CalHeatMap.prototype = { } if (d3.select(options.itemSelector)[0][0] === null) { - throw new Error("The node '" + options.itemSelector + "' specified in itemSelector does not exists"); + throw new Error("The node '" + options.itemSelector + "' specified in itemSelector does not exist"); } try { diff --git a/app/webroot/js/markdownEditor/event-report.js b/app/webroot/js/markdownEditor/event-report.js index 7e9b6d23c..9096de7a6 100644 --- a/app/webroot/js/markdownEditor/event-report.js +++ b/app/webroot/js/markdownEditor/event-report.js @@ -886,7 +886,7 @@ function markdownItToggleRenderingRule(rulename, event) { event.stopPropagation() } if (renderingRules[rulename] === undefined) { - console.log('Rule does not exists') + console.log('Rule does not exist') return } renderingRules[rulename] = !renderingRules[rulename] diff --git a/app/webroot/js/taskScheduler.js b/app/webroot/js/taskScheduler.js index a871b5cc6..c5e6e972d 100644 --- a/app/webroot/js/taskScheduler.js +++ b/app/webroot/js/taskScheduler.js @@ -199,7 +199,7 @@ var checked = this.taskScheduled; this.container = document.getElementById(this.config.container); if (this.container === undefined || this.container === null) { - throw "Cannot create switch. Container does not exists"; + throw "Cannot create switch. Container does not exist"; } var temp = document.createElement('div'); this.config.checkboxLink = this.genRandom(); diff --git a/tools/misp-config b/tools/misp-config index d06a53772..ff9f4ff3d 100755 --- a/tools/misp-config +++ b/tools/misp-config @@ -164,7 +164,7 @@ if ($apply) { my $misp_config_path = "$misp_config_path/misp.conf.d"; unless(-d $misp_config_path) { - die "MISP Configuration Path does not exists: $misp_config_path\n"; + die "MISP Configuration Path does not exist: $misp_config_path\n"; } foreach my $fp (glob("$misp_config_path/*.conf")) { From 8c4fe514e0fe6030232e7f6ca35aab581f8ef2bf Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 9 Nov 2022 11:26:23 +0100 Subject: [PATCH 023/698] chg: [misp-objects] updated to the latest version --- app/files/misp-objects | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/misp-objects b/app/files/misp-objects index 82c699cc5..34ed3309e 160000 --- a/app/files/misp-objects +++ b/app/files/misp-objects @@ -1 +1 @@ -Subproject commit 82c699cc5f139e7d991b5c76099c0cde88dbf806 +Subproject commit 34ed3309e0392a1957d8dd493c5b4e3c32f9e503 From fc55c74da22d5592000812c330d10bb345869b76 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 9 Nov 2022 11:26:59 +0100 Subject: [PATCH 024/698] chg: [misp-galaxy] many updates including new MITRE ATT&CK changes --- app/files/misp-galaxy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/misp-galaxy b/app/files/misp-galaxy index 55b721a42..b787bbeb2 160000 --- a/app/files/misp-galaxy +++ b/app/files/misp-galaxy @@ -1 +1 @@ -Subproject commit 55b721a422827a22fae374803e1a2ef3dcabf273 +Subproject commit b787bbeb23cc624fd22aaaedad2fd4c0b190d69b From 38d7b5dbd40f448a96c027253c713de010f3746b Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 9 Nov 2022 11:28:00 +0100 Subject: [PATCH 025/698] chg: [taxonomies] updated to the latest version --- app/files/taxonomies | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/taxonomies b/app/files/taxonomies index 57b125782..3564a85d6 160000 --- a/app/files/taxonomies +++ b/app/files/taxonomies @@ -1 +1 @@ -Subproject commit 57b125782cd372c8a762db7ce34f8a405752c6c1 +Subproject commit 3564a85d6f7512a501cf324accc528e3a7bb5d31 From 3048b090e0419c08f036b383fe5387a448056462 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 9 Nov 2022 12:06:46 +0100 Subject: [PATCH 026/698] chg: [warning-list] updated --- app/files/warninglists | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/warninglists b/app/files/warninglists index bc12a5fa8..353d38313 160000 --- a/app/files/warninglists +++ b/app/files/warninglists @@ -1 +1 @@ -Subproject commit bc12a5fa8af4e27bc0fa41fdea851a90dc327c97 +Subproject commit 353d38313f10e21a80a03f16a0f801d141dfdb5d From c20678f2120e5ccc8033dc8cfaa24ef69cf1c434 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Wed, 9 Nov 2022 13:49:12 +0100 Subject: [PATCH 027/698] chg: [PyMISP] Bump --- PyMISP | 2 +- app/Controller/AppController.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/PyMISP b/PyMISP index 98bb5ebd4..2b20d84b1 160000 --- a/PyMISP +++ b/PyMISP @@ -1 +1 @@ -Subproject commit 98bb5ebd49cf1ab3eb725922c5bbbc6369657b05 +Subproject commit 2b20d84b101a6e5baa1b0fb470f715c31b092c86 diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index 390004fcf..e92adf25a 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -34,7 +34,7 @@ class AppController extends Controller public $helpers = array('OrgImg', 'FontAwesome', 'UserName'); private $__queryVersion = '146'; - public $pyMispVersion = '2.4.162'; + public $pyMispVersion = '2.4.165'; public $phpmin = '7.2'; public $phprec = '7.4'; public $phptoonew = '8.0'; From 72ca06023f341a8612f0aae2d01121cb3b9d90c0 Mon Sep 17 00:00:00 2001 From: iglocska Date: Wed, 9 Nov 2022 14:41:07 +0100 Subject: [PATCH 028/698] fix: [eventreports] edit ACL lookup fixed --- app/Model/EventReport.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Model/EventReport.php b/app/Model/EventReport.php index 86298b57a..6558e1c89 100644 --- a/app/Model/EventReport.php +++ b/app/Model/EventReport.php @@ -408,7 +408,7 @@ class EventReport extends AppModel return $report; } else { if (in_array('edit', $authorizations) || in_array('delete', $authorizations)) { - $checkResult = $this->ACL->canEditReport($user, $report); + $checkResult = $user['Role']['perm_site_admin'] || ($report['Event']['orgc_id'] === $user['org_id']) if ($checkResult !== true) { if ($throwErrors) { throw new UnauthorizedException($checkResult); From 2605b16f37b0dab658bd25cd41c9c611447718ae Mon Sep 17 00:00:00 2001 From: iglocska Date: Wed, 9 Nov 2022 14:56:36 +0100 Subject: [PATCH 029/698] fix: [typo] fixed after crash --- app/Model/EventReport.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Model/EventReport.php b/app/Model/EventReport.php index 6558e1c89..1ab7f3dfe 100644 --- a/app/Model/EventReport.php +++ b/app/Model/EventReport.php @@ -408,7 +408,7 @@ class EventReport extends AppModel return $report; } else { if (in_array('edit', $authorizations) || in_array('delete', $authorizations)) { - $checkResult = $user['Role']['perm_site_admin'] || ($report['Event']['orgc_id'] === $user['org_id']) + $checkResult = $user['Role']['perm_site_admin'] || ($report['Event']['orgc_id'] === $user['org_id']); if ($checkResult !== true) { if ($throwErrors) { throw new UnauthorizedException($checkResult); From 4e63386d07f9960899c84e0e00c88b09fbeb5c53 Mon Sep 17 00:00:00 2001 From: iglocska Date: Wed, 9 Nov 2022 15:08:19 +0100 Subject: [PATCH 030/698] chg: [VERSION] bump --- VERSION.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.json b/VERSION.json index b534235d8..d2d25f5d5 100644 --- a/VERSION.json +++ b/VERSION.json @@ -1 +1 @@ -{"major":2, "minor":4, "hotfix":164} +{"major":2, "minor":4, "hotfix":165} From f8b465962b18d2b2d79904f9bdf6b6701f215dff Mon Sep 17 00:00:00 2001 From: "J. Sman" Date: Thu, 10 Nov 2022 10:16:13 +0100 Subject: [PATCH 031/698] Reverse logic on permission check --- app/Model/GalaxyCluster.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Model/GalaxyCluster.php b/app/Model/GalaxyCluster.php index 89a47bcae..5643e05b6 100644 --- a/app/Model/GalaxyCluster.php +++ b/app/Model/GalaxyCluster.php @@ -1667,7 +1667,7 @@ class GalaxyCluster extends AppModel } try { - if (!$serverSync->isSupported(ServerSyncTool::PERM_SYNC) || $serverSync->isSupported(ServerSyncTool::PERM_GALAXY_EDITOR)) { + if (!$serverSync->isSupported(ServerSyncTool::PERM_SYNC) || !$serverSync->isSupported(ServerSyncTool::PERM_GALAXY_EDITOR)) { return __('The remote user does not have the permission to manipulate galaxies - the upload of the galaxy clusters has been blocked.'); } $serverSync->pushGalaxyCluster($cluster)->json(); From 66c627ce4f626b8fb0c9c7613e6ea8c2c2618711 Mon Sep 17 00:00:00 2001 From: iglocska Date: Thu, 10 Nov 2022 14:54:06 +0100 Subject: [PATCH 032/698] chg: [attribute restsearch] x-result-count calculation reworked - show a fake number that still forces tools to keep pagination until needed - massive performance gain - fake it till you make it --- app/Model/Attribute.php | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php index 93a89e50b..a019e0d87 100644 --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -1606,7 +1606,7 @@ class Attribute extends AppModel * @return array * @throws Exception */ - public function fetchAttributes(array $user, array $options = [], &$result_count = false) + public function fetchAttributes(array $user, array $options = [], &$result_count = false, $real_count = false) { $params = array( 'conditions' => $this->buildConditions($user), @@ -1780,7 +1780,7 @@ class Attribute extends AppModel } // Do not fetch result count when `$result_count` is false - if ($result_count !== false) { + if ($result_count !== false && $real_count == true) { $find_params = $params; unset($find_params['limit']); $result_count = $this->find('count', $find_params); @@ -1792,11 +1792,15 @@ class Attribute extends AppModel $eventTags = []; // tag cache $attributes = []; do { + $continue = true; $results = $this->find('all', $params); if (empty($results)) { break; } - + $iteration_result_count = count($results); + if ($real_count !== true) { + $result_count += count($results); + } if (!empty($options['includeContext'])) { $eventIds = []; foreach ($results as $result) { @@ -1875,7 +1879,7 @@ class Attribute extends AppModel unset($attribute); if ($loop) { - if (count($results) < $loopLimit) { // we fetched less results than limit, so we can skip next query + if ($iteration_result_count < $loopLimit) { // we fetched fewer results than the limit, so we can exit the loop break; } $params['page']++; @@ -2935,7 +2939,8 @@ class Attribute extends AppModel $exportTool->additional_params ); } - + ClassRegistry::init('ConnectionManager'); + $db = ConnectionManager::getDataSource('default'); $tmpfile = new TmpFileTool(); $tmpfile->write($exportTool->header($exportToolParams)); $loop = false; @@ -2969,9 +2974,15 @@ class Attribute extends AppModel $this->Allowedlist = ClassRegistry::init('Allowedlist'); $separator = $exportTool->separator($exportToolParams); $elementCounter = 0; + $real_count = false; + $incrementTotalBy = $loop || $real_count ? 0 : 1; do { - $results = $this->fetchAttributes($user, $params, $elementCounter); - $totalCount = $elementCounter; + $results = $this->fetchAttributes($user, $params, $elementCounter, $real_count); + if (!$real_count) { + $totalCount = $params['limit'] * ($params['page'] - 1) + $elementCounter; + } else { + $totalCount = $elementCounter; + } $elementCounter = false; // do not call `count` again if (empty($results)) { break; // nothing found, skip rest @@ -2987,13 +2998,15 @@ class Attribute extends AppModel $tmpfile->writeWithSeparator($handlerResult, $separator); } } - if ($loop && count($results) < $params['limit']) { - break; // do not continue if we received less results than limit + if (count($results) < $params['limit']) { + $incrementTotalBy = 0; + if ($loop) { + break; // do not continue if we received less results than limit + } } $params['page'] += 1; } while ($loop); - - return $totalCount; + return $totalCount + $incrementTotalBy; } public function set_filter_uuid(&$params, $conditions, $options) From ac823de662cb19955a7114c26ebabd75de61d6a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Thu, 10 Nov 2022 15:28:02 +0100 Subject: [PATCH 033/698] chg: [PyMISP] Bump --- PyMISP | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PyMISP b/PyMISP index 2b20d84b1..661bf6ad1 160000 --- a/PyMISP +++ b/PyMISP @@ -1 +1 @@ -Subproject commit 2b20d84b101a6e5baa1b0fb470f715c31b092c86 +Subproject commit 661bf6ad14bea56fbf59d1289ccaf061c2205ffb From 165d1bd5f851b92c8d1a186a20024070da143717 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 10 Nov 2022 16:22:33 +0100 Subject: [PATCH 034/698] fix: [internal] Undefined index: user_id and orgc_id for event --- app/Controller/EventsController.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index d430cfbf1..b7cd292a0 100644 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -5402,13 +5402,13 @@ class EventsController extends AppController } $importComment = !empty($result['comment']) ? $result['comment'] : 'Enriched via the ' . $module['name'] . ' module'; if (!empty($module['mispattributes']['format']) && $module['mispattributes']['format'] === 'misp_standard') { - $event = $this->Event->handleMispFormatFromModuleResult($result); - $event['Event'] = array('id' => $eventId); + $resolvedEvent = $this->Event->handleMispFormatFromModuleResult($result); + $resolvedEvent['Event'] = $event['Event']; if ($this->_isRest()) { - $this->Event->processModuleResultsDataRouter($this->Auth->user(), $event, $eventId, $importComment); - return $this->RestResponse->viewData($event, $this->response->type()); + $this->Event->processModuleResultsDataRouter($this->Auth->user(), $resolvedEvent, $eventId, $importComment); + return $this->RestResponse->viewData($resolvedEvent, $this->response->type()); } - $this->set('event', $event); + $this->set('event', $resolvedEvent); $this->set('menuItem', 'importResults'); $render_name = 'resolved_misp_format'; } else { From fd93ac9c5e08af28d35cb191a02ca70149cad675 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Fri, 11 Nov 2022 09:45:38 +0100 Subject: [PATCH 035/698] new: [workflow] Initial work on filtering modules - WiP --- app/Controller/WorkflowsController.php | 4 + app/Lib/Tools/WorkflowGraphTool.php | 62 ++++++++++++++ app/Model/Workflow.php | 61 ++++++++++++++ .../WorkflowModules/WorkflowBaseModule.php | 17 ++++ .../logic/Module_generic_filter_data.php | 81 +++++++++++++++++++ .../logic/Module_generic_filter_reset.php | 36 +++++++++ app/webroot/css/workflows-editor.css | 11 +++ .../js/workflows-editor/workflows-editor.js | 27 ++++--- 8 files changed, 289 insertions(+), 10 deletions(-) create mode 100644 app/Model/WorkflowModules/logic/Module_generic_filter_data.php create mode 100644 app/Model/WorkflowModules/logic/Module_generic_filter_reset.php diff --git a/app/Controller/WorkflowsController.php b/app/Controller/WorkflowsController.php index a70962c4b..211cc468c 100644 --- a/app/Controller/WorkflowsController.php +++ b/app/Controller/WorkflowsController.php @@ -101,6 +101,9 @@ class WorkflowsController extends AppController } } $this->CRUD->view($id, [ + 'afterFind' => function($workflow) { + return $this->Workflow->attachLabelToConnections($workflow); + } ]); if ($this->IndexFilter->isRest()) { return $this->restResponsePayload; @@ -151,6 +154,7 @@ class WorkflowsController extends AppController } else { $workflow = $this->Workflow->fetchWorkflow($workflow_id); } + $workflow = $this->Workflow->attachLabelToConnections($workflow, $trigger_id); $modules = $this->Workflow->attachNotificationToModules($modules, $workflow); $this->loadModel('WorkflowBlueprint'); $workflowBlueprints = $this->WorkflowBlueprint->find('all'); diff --git a/app/Lib/Tools/WorkflowGraphTool.php b/app/Lib/Tools/WorkflowGraphTool.php index 5762d10bc..2c71a1061 100644 --- a/app/Lib/Tools/WorkflowGraphTool.php +++ b/app/Lib/Tools/WorkflowGraphTool.php @@ -162,6 +162,12 @@ class GraphWalker } else if ($node['data']['id'] == 'concurrent-task') { $this->_evaluateConcurrentTask($node, $roamingData, $outputs['output_1']); return ['output_1' => []]; + } else if ($node['data']['id'] == 'generic-filter-data') { + $this->_evaluateFilterAddLogic($node, $roamingData, $outputs['output_1']); + return ['output_1' => []]; + } else if ($node['data']['id'] == 'generic-filter-reset') { + $this->_evaluateFilterRemoveLogic($node, $roamingData, $outputs['output_1']); + return ['output_1' => []]; } else { $useFirstOutput = $this->_evaluateCustomLogicCondition($node, $roamingData); return $useFirstOutput ? ['output_1' => $outputs['output_1']] : ['output_2' => $outputs['output_2']]; @@ -175,6 +181,18 @@ class GraphWalker return $result; } + private function _evaluateFilterAddLogic($node, WorkflowRoamingData $roamingData): bool + { + $result = $this->WorkflowModel->executeNode($node, $roamingData); + return $result; + } + + private function _evaluateFilterRemoveLogic($node, WorkflowRoamingData $roamingData): bool + { + $result = $this->WorkflowModel->executeNode($node, $roamingData); + return $result; + } + private function _evaluateCustomLogicCondition($node, WorkflowRoamingData $roamingData): bool { $result = $this->WorkflowModel->executeNode($node, $roamingData); @@ -357,6 +375,50 @@ class WorkflowGraphTool return $nodes; } + /** + * extractFilterNodesFromWorkflow Return the list of generic-filter-data's id (or full module) that are included in the workflow + * + * @param array $workflow + * @param bool $fullNode + * @return array + */ + public static function extractFilterNodesFromWorkflow(array $graphData, bool $fullNode = false): array + { + $nodes = []; + foreach ($graphData as $node) { + if ($node['data']['module_type'] == 'logic' && $node['data']['id'] == 'generic-filter-data') { + if (!empty($fullNode)) { + $nodes[] = $node; + } else { + $nodes[] = $node['data']['id']; + } + } + } + return $nodes; + } + + /** + * extractResetFilterFromWorkflow Return the list of generic-filter-reset's id (or full module) that are included in the workflow + * + * @param array $workflow + * @param bool $fullNode + * @return array + */ + public static function extractResetFilterFromWorkflow(array $graphData, bool $fullNode = false): array + { + $nodes = []; + foreach ($graphData as $node) { + if ($node['data']['module_type'] == 'logic' && $node['data']['id'] == 'generic-filter-reset') { + if (!empty($fullNode)) { + $nodes[] = $node; + } else { + $nodes[] = $node['data']['id']; + } + } + } + return $nodes; + } + /** * isAcyclic Return if the graph contains a cycle * diff --git a/app/Model/Workflow.php b/app/Model/Workflow.php index 8db42d98d..046c3ca35 100644 --- a/app/Model/Workflow.php +++ b/app/Model/Workflow.php @@ -1290,6 +1290,67 @@ class Workflow extends AppModel return $data; } + public function getLabelsForConnections($workflow, $trigger_id): array + { + $graphData = !empty($workflow['Workflow']) ? $workflow['Workflow']['data'] : $workflow['data']; + $startNodeID = $this->workflowGraphTool->getNodeIdForTrigger($graphData, $trigger_id); + if ($startNodeID == -1) { + return []; + } + + $connections = []; + + $filterNodes = $this->workflowGraphTool->extractFilterNodesFromWorkflow($graphData, true); + $filterNodeIDToLabel = Hash::combine($filterNodes, '{n}.id', '{n}.data.indexed_params.filtering-label'); + $resetFilterNodes = $this->workflowGraphTool->extractResetFilterFromWorkflow($graphData, true); + $resetFilterNodeIDToLabel = Hash::combine($resetFilterNodes, '{n}.id', '{n}.data.indexed_params.filtering-label'); + $roamingData = $this->workflowGraphTool->getRoamingData(); + $graphWalker = $this->workflowGraphTool->getWalkerIterator($graphData, $this, $startNodeID, GraphWalker::PATH_TYPE_INCLUDE_LOGIC, $roamingData); + foreach ($graphWalker as $graphNode) { + $node = $graphNode['node']; + $nodeID = $node['id']; + $parsedPathList = GraphWalker::parsePathList($graphNode['path_list']); + foreach ($parsedPathList as $pathEntry) { + if (!empty($filterNodeIDToLabel[$pathEntry['source_id']])) { + $connections[$nodeID][] = $filterNodeIDToLabel[$pathEntry['source_id']]; + } + if (!empty($resetFilterNodeIDToLabel[$pathEntry['source_id']])) { + if ($resetFilterNodeIDToLabel[$pathEntry['source_id']] == 'all') { + $connections[$nodeID] = []; + } else { + $connections[$nodeID] = array_values(array_diff($connections[$nodeID], [$resetFilterNodeIDToLabel[$pathEntry['source_id']]])); + } + } + } + } + return $connections; + } + + public function attachLabelToConnections($workflow, $trigger_id=null): array + { + $graphData = !empty($workflow['Workflow']) ? $workflow['Workflow']['data'] : $workflow['data']; + if (is_null($trigger_id)) { + $startNode = $this->workflowGraphTool->extractTriggerFromWorkflow($graphData, true); + $trigger_id = $startNode['data']['id']; + } + $labelsByNodes = $this->getLabelsForConnections($workflow, $trigger_id); + foreach ($graphData as $i => $node) { + if (!empty($labelsByNodes[$node['id']])) { + foreach ($node['inputs'] as $inputName => $inputs) { + foreach ($inputs['connections'] as $j => $connection) { + $workflow['Workflow']['data'][$i]['inputs'][$inputName]['connections'][$j]['labels'] = array_map(function($label) { + return [ + 'id' => Inflector::variable($label), + 'name' => $label, + 'variant' => 'info', + ]; + }, $labelsByNodes[$node['id']]); + } + } + } + } + return $workflow; + } /** * moduleSattelesExecution Executes a module using the provided configuration and returns back the result * diff --git a/app/Model/WorkflowModules/WorkflowBaseModule.php b/app/Model/WorkflowModules/WorkflowBaseModule.php index c61edc64a..976234779 100644 --- a/app/Model/WorkflowModules/WorkflowBaseModule.php +++ b/app/Model/WorkflowModules/WorkflowBaseModule.php @@ -298,3 +298,20 @@ class WorkflowBaseLogicModule extends WorkflowBaseModule class WorkflowBaseActionModule extends WorkflowBaseModule { } + +class WorkflowFilteringLogicModule extends WorkflowBaseLogicModule +{ + public $blocking = false; + public $inputs = 1; + public $outputs = 2; + + protected function _genFilteringLabels(): array + { + $names = ['A', 'B', 'C', 'D', 'E', 'F']; + $labels = []; + foreach ($names as $name) { + $labels[$name] = __('Label %s', $name); + } + return $labels; + } +} \ No newline at end of file diff --git a/app/Model/WorkflowModules/logic/Module_generic_filter_data.php b/app/Model/WorkflowModules/logic/Module_generic_filter_data.php new file mode 100644 index 000000000..58ced4ae1 --- /dev/null +++ b/app/Model/WorkflowModules/logic/Module_generic_filter_data.php @@ -0,0 +1,81 @@ + 'In', + 'not_in' => 'Not in', + 'equals' => 'Equals', + 'not_equals' => 'Not equals', + ]; + + public function __construct() + { + parent::__construct(); + $this->params = [ + [ + 'id' => 'filtering-label', + 'label' => __('Filtering Label'), + 'type' => 'select', + 'options' => $this->_genFilteringLabels(), + ], + [ + 'id' => 'selector', + 'label' => __('Data selector'), + 'type' => 'input', + 'placeholder' => 'Event._AttributeFlattened.{n}', + ], + [ + 'id' => 'value', + 'label' => __('Value'), + 'type' => 'input', + 'placeholder' => 'tlp:red', + ], + [ + 'id' => 'operator', + 'label' => __('Operator'), + 'type' => 'select', + 'default' => 'in', + 'options' => $this->operators, + ], + [ + 'id' => 'hash_path', + 'label' => __('Hash path'), + 'type' => 'input', + 'placeholder' => 'Tag.name', + ], + ]; + } + + public function exec(array $node, WorkflowRoamingData $roamingData, array &$errors=[]): bool + { + parent::exec($node, $roamingData, $errors); + $params = $this->getParamsWithValues($node); + $selector = $params['selector']['value']; + $path = $params['hash_path']['value']; + $operator = $params['operator']['value']; + $value = $params['value']['value']; + $rData = $roamingData->getData(); + + $applyFilterFunction = function ($element) use ($value, $operator, $path) { + $selectedData = Hash::extract($element, $path); + return $this->evaluateCondition($selectedData, $operator, $value); + }; + $filteredData = Hash::apply($rData, $selector, $applyFilterFunction); + debug($filteredData); + $newRData = $filteredData; + $newRData['_unfilteredData'] = $rData; + $roamingData->setData($newRData); + return true; + } +} diff --git a/app/Model/WorkflowModules/logic/Module_generic_filter_reset.php b/app/Model/WorkflowModules/logic/Module_generic_filter_reset.php new file mode 100644 index 000000000..d0668f1fc --- /dev/null +++ b/app/Model/WorkflowModules/logic/Module_generic_filter_reset.php @@ -0,0 +1,36 @@ +params = [ + [ + 'id' => 'filtering-label', + 'label' => __('Filtering Label to remove'), + 'type' => 'select', + 'options' => ['all' => __('All filters')] + $this->_genFilteringLabels(), + ], + ]; + } + + public function exec(array $node, WorkflowRoamingData $roamingData, array &$errors=[]): bool + { + parent::exec($node, $roamingData, $errors); + $rData = $roamingData->getData(); + $newRData = $rData['_unfilteredData']; + $roamingData->setData($newRData); + return true; + } +} diff --git a/app/webroot/css/workflows-editor.css b/app/webroot/css/workflows-editor.css index e1a2e5c3d..f285b42e1 100644 --- a/app/webroot/css/workflows-editor.css +++ b/app/webroot/css/workflows-editor.css @@ -665,4 +665,15 @@ .drawflow .drawflow-node.block-type-concurrent > .outputs > .output_1::after { content: "\f074"; +} + +.drawflow svg.connection .connection-label-container { + display: flex; + flex-direction: column; + row-gap: 3px; + width: fit-content; + transform: translate(-50%, -50%); + background-color: #ffffffaa; + padding: 3px; + border-radius: 5px; } \ No newline at end of file diff --git a/app/webroot/js/workflows-editor/workflows-editor.js b/app/webroot/js/workflows-editor/workflows-editor.js index f5817ddeb..070b34bac 100644 --- a/app/webroot/js/workflows-editor/workflows-editor.js +++ b/app/webroot/js/workflows-editor/workflows-editor.js @@ -129,6 +129,9 @@ var dotBlock_error = doT.template(' \ \ ') +var dotBlock_connectionLabel = doT.template(' \ +{{=it.name}}') + var classBySeverity = { 'info': 'info', 'warning': 'warning', @@ -771,7 +774,11 @@ function loadWorkflow(workflow) { Object.values(workflow.data).forEach(function (node) { for (var input_name in node.inputs) { node.inputs[input_name].connections.forEach(function (connection) { - editor.addConnection(connection.node, node.id, connection.input, input_name) + connection.labels = connection.labels === undefined ? [] : connection.labels; + var labels = connection.labels.map(function(labelConf) { + return dotBlock_connectionLabel(labelConf) + }) + editor.addConnection(connection.node, node.id, connection.input, input_name, labels) }) } }) @@ -868,7 +875,7 @@ function addNodesFromBlueprint(workflowBlueprint, cursorPosition) { left: (node.pos_x - minX) * editor.zoom + cursorPosition.left, } if (all_modules_by_id[node.data.id] === undefined) { - var errorMessage = 'Invalid ' + node.data.module_data.module_type + ' module id `' + node.data.module_data.id + '` (' + node.id + ')' + var errorMessage = 'Invalid ' + node.data.module_type + ' module id `' + node.data.id + '` (' + node.id + ')' var html = window['dotBlock_error']({ error: errorMessage, data: JSON.stringify(node.data.indexed_params, null, 2) @@ -883,20 +890,20 @@ function addNodesFromBlueprint(workflowBlueprint, cursorPosition) { node.data, html ) - return + } else { + additionalData = { + indexed_params: node.data.indexed_params, + saved_filters: node.data.saved_filters, + } + addNode(all_modules_by_id[node.data.id], position, additionalData) } - additionalData = { - indexed_params: node.data.indexed_params, - saved_filters: node.data.saved_filters, - } - addNode(all_modules_by_id[node.data.id], position, additionalData) oldNewIDMapping[node.id] = editor.nodeId - 1 newNodes.push(getNodeHtmlByID(editor.nodeId - 1)) // nodeId is incremented as soon as a new node is created }) workflowBlueprint.data.forEach(function (node) { Object.keys(node.outputs).forEach(function (outputName) { - var newNode = Object.assign({}, all_modules_by_id[node.data.id]) - if (newNode.outputs > 0) { // make sure the module configuration didn't change in regards of the outputs + var outputCount = all_modules_by_id[node.data.id] !== undefined ? all_modules_by_id[node.data.id].outputs : Object.keys(node.outputs).length + if (outputCount > 0) { // make sure the module configuration didn't change in regards of the outputs node.outputs[outputName].connections.forEach(function (connection) { if (oldNewIDMapping[connection.node] !== undefined) { editor.addConnection( From 8ac4a9481cbd5a5c44c50c341594a59dc2bf8568 Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 11 Nov 2022 12:36:31 +0100 Subject: [PATCH 036/698] new: [attribute type] azure-application-id added - En taro @xg5_datafiend --- app/Lib/Tools/AttributeValidationTool.php | 1 + app/Model/Attribute.php | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/Lib/Tools/AttributeValidationTool.php b/app/Lib/Tools/AttributeValidationTool.php index 739d3c01d..564a36915 100644 --- a/app/Lib/Tools/AttributeValidationTool.php +++ b/app/Lib/Tools/AttributeValidationTool.php @@ -526,6 +526,7 @@ class AttributeValidationTool case 'favicon-mmh3': case 'chrome-extension-id': case 'mobile-application-id': + case 'azure-application-id': case 'named pipe': if (strpos($value, "\n") !== false) { return __('Value must not contain new line character.'); diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php index a019e0d87..f6471cecf 100644 --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -3152,7 +3152,7 @@ class Attribute extends AppModel 'Payload delivery' => array( 'desc' => __('Information about how the malware is delivered'), 'formdesc' => __('Information about the way the malware payload is initially delivered, for example information about the email or web-site, vulnerability used, originating IP etc. Malware sample itself should be attached here.'), - 'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'sha3-224', 'sha3-256', 'sha3-384', 'sha3-512', 'ssdeep', 'imphash', 'telfhash', 'impfuzzy', 'authentihash', 'vhash', 'pehash', 'tlsh', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|sha3-224', 'filename|sha3-256', 'filename|sha3-384', 'filename|sha3-512', 'filename|authentihash', 'filename|vhash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash','filename|impfuzzy', 'filename|pehash', 'mac-address', 'mac-eui-64', 'ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'hostname', 'domain', 'email', 'email-src', 'email-dst', 'email-subject', 'email-attachment', 'email-body', 'url', 'user-agent', 'AS', 'pattern-in-file', 'pattern-in-traffic', 'filename-pattern', 'stix2-pattern', 'yara', 'sigma', 'mime-type', 'attachment', 'malware-sample', 'link', 'malware-type', 'comment', 'text', 'hex', 'vulnerability', 'cpe', 'weakness', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'ja3-fingerprint-md5', 'jarm-fingerprint', 'hassh-md5', 'hasshserver-md5', 'other', 'hostname|port', 'email-dst-display-name', 'email-src-display-name', 'email-header', 'email-reply-to', 'email-x-mailer', 'email-mime-boundary', 'email-thread-index', 'email-message-id', 'mobile-application-id', 'chrome-extension-id', 'whois-registrant-email', 'anonymised') + 'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'sha3-224', 'sha3-256', 'sha3-384', 'sha3-512', 'ssdeep', 'imphash', 'telfhash', 'impfuzzy', 'authentihash', 'vhash', 'pehash', 'tlsh', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|sha3-224', 'filename|sha3-256', 'filename|sha3-384', 'filename|sha3-512', 'filename|authentihash', 'filename|vhash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash','filename|impfuzzy', 'filename|pehash', 'mac-address', 'mac-eui-64', 'ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'hostname', 'domain', 'email', 'email-src', 'email-dst', 'email-subject', 'email-attachment', 'email-body', 'url', 'user-agent', 'AS', 'pattern-in-file', 'pattern-in-traffic', 'filename-pattern', 'stix2-pattern', 'yara', 'sigma', 'mime-type', 'attachment', 'malware-sample', 'link', 'malware-type', 'comment', 'text', 'hex', 'vulnerability', 'cpe', 'weakness', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'ja3-fingerprint-md5', 'jarm-fingerprint', 'hassh-md5', 'hasshserver-md5', 'other', 'hostname|port', 'email-dst-display-name', 'email-src-display-name', 'email-header', 'email-reply-to', 'email-x-mailer', 'email-mime-boundary', 'email-thread-index', 'email-message-id', 'azure-application-id', 'mobile-application-id', 'chrome-extension-id', 'whois-registrant-email', 'anonymised') ), 'Artifacts dropped' => array( 'desc' => __('Any artifact (files, registry keys etc.) dropped by the malware or other modifications to the system'), @@ -3161,7 +3161,7 @@ class Attribute extends AppModel 'Payload installation' => array( 'desc' => __('Info on where the malware gets installed in the system'), 'formdesc' => __('Location where the payload was placed in the system and the way it was installed. For example, a filename|md5 type attribute can be added here like this: c:\\windows\\system32\\malicious.exe|41d8cd98f00b204e9800998ecf8427e.'), - 'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'sha3-224', 'sha3-256', 'sha3-384', 'sha3-512', 'ssdeep', 'imphash', 'telfhash', 'impfuzzy', 'authentihash', 'vhash', 'pehash', 'tlsh', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|sha3-224', 'filename|sha3-256', 'filename|sha3-384', 'filename|sha3-512', 'filename|authentihash', 'filename|vhash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|impfuzzy', 'filename|pehash', 'pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'filename-pattern', 'stix2-pattern', 'yara', 'sigma', 'vulnerability', 'cpe','weakness', 'attachment', 'malware-sample', 'malware-type', 'comment', 'text', 'hex', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'mobile-application-id', 'chrome-extension-id', 'other', 'mime-type', 'anonymised') + 'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'sha3-224', 'sha3-256', 'sha3-384', 'sha3-512', 'ssdeep', 'imphash', 'telfhash', 'impfuzzy', 'authentihash', 'vhash', 'pehash', 'tlsh', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|sha3-224', 'filename|sha3-256', 'filename|sha3-384', 'filename|sha3-512', 'filename|authentihash', 'filename|vhash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|impfuzzy', 'filename|pehash', 'pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'filename-pattern', 'stix2-pattern', 'yara', 'sigma', 'vulnerability', 'cpe','weakness', 'attachment', 'malware-sample', 'malware-type', 'comment', 'text', 'hex', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'azure-application-id', 'azure-application-id', 'mobile-application-id', 'chrome-extension-id', 'other', 'mime-type', 'anonymised') ), 'Persistence mechanism' => array( 'desc' => __('Mechanisms used by the malware to start at boot'), @@ -3409,6 +3409,7 @@ class Attribute extends AppModel 'place-port-of-onward-foreign-destination' => array('desc' => __('A Port where the passenger is transiting to'), 'default_category' => 'Person', 'to_ids' => 0), 'passenger-name-record-locator-number' => array('desc' => __('The Passenger Name Record Locator is a key under which the reservation for a trip is stored in the system. The PNR contains, among other data, the name, flight segments and address of the passenger. It is defined by a combination of five or six letters and numbers.'), 'default_category' => 'Person', 'to_ids' => 0), 'mobile-application-id' => array('desc' => __('The application id of a mobile application'), 'default_category' => 'Payload delivery', 'to_ids' => 1), + 'azure-application-id' => array('desc' => __('Azure Application ID.'), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'chrome-extension-id' => array('desc' => __('Chrome extension id'), 'default_category' => 'Payload delivery', 'to_ids' => 1), 'cortex' => array('desc' => __('Cortex analysis result'), 'default_category' => 'External analysis', 'to_ids' => 0), 'boolean' => array('desc' => __('Boolean value - to be used in objects'), 'default_category' => 'Other', 'to_ids' => 0), From 4aabc2d097080abb5ca9e8410ed3eff87610ecd2 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Fri, 11 Nov 2022 17:09:09 +0100 Subject: [PATCH 037/698] new: [logging] Access log --- app/Config/routes.php | 1 + app/Controller/AccessLogsController.php | 169 +++++++++ app/Controller/AppController.php | 33 +- app/Controller/Component/ACLComponent.php | 24 +- app/Model/AccessLog.php | 230 ++++++++++++ app/Model/AppModel.php | 24 +- app/Model/Log.php | 16 +- app/Model/Server.php | 8 + app/View/AccessLogs/admin_index.ctp | 336 ++++++++++++++++++ app/View/AccessLogs/admin_request.ctp | 1 + app/View/AuditLogs/admin_index.ctp | 11 +- .../genericElements/SideMenu/side_menu.ctp | 9 +- app/View/Elements/global_menu.ctp | 12 +- db_schema.json | 2 +- 14 files changed, 818 insertions(+), 58 deletions(-) create mode 100644 app/Controller/AccessLogsController.php create mode 100644 app/Model/AccessLog.php create mode 100644 app/View/AccessLogs/admin_index.ctp create mode 100644 app/View/AccessLogs/admin_request.ctp diff --git a/app/Config/routes.php b/app/Config/routes.php index 673c57177..032267db2 100644 --- a/app/Config/routes.php +++ b/app/Config/routes.php @@ -33,6 +33,7 @@ Router::connect('/roles/admin_index/*', array('controller' => 'roles', 'action' => 'index', 'admin' => true)); Router::connect('/logs/admin_search/*', array('controller' => 'logs', 'action' => 'search', 'admin' => true)); Router::connect('/audit_logs/admin_index/*', array('controller' => 'audit_logs', 'action' => 'index', 'admin' => true)); + Router::connect('/access_logs/admin_index/*', array('controller' => 'access_logs', 'action' => 'index', 'admin' => true)); Router::connect('/logs/admin_index/*', array('controller' => 'logs', 'action' => 'index', 'admin' => true)); Router::connect('/regexp/admin_index/*', array('controller' => 'regexp', 'action' => 'index', 'admin' => true)); diff --git a/app/Controller/AccessLogsController.php b/app/Controller/AccessLogsController.php new file mode 100644 index 000000000..e49ecc7c1 --- /dev/null +++ b/app/Controller/AccessLogsController.php @@ -0,0 +1,169 @@ + -1, + 'limit' => 60, + 'fields' => ['id', 'created', 'user_id', 'org_id', 'authkey_id', 'ip', 'request_method', 'request_id', 'controller', 'action', 'url', 'response_code', 'memory_usage', 'duration'], + 'contain' => [ + 'User' => ['fields' => ['id', 'email', 'org_id']], + 'Organisation' => ['fields' => ['id', 'name', 'uuid']], + ], + 'order' => [ + 'AccessLog.id' => 'DESC' + ], + ]; + + public function admin_index() + { + $params = $this->IndexFilter->harvestParameters([ + 'created', + 'ip', + 'user', + 'org', + 'request_id', + 'authkey_id', + 'api_request', + 'request_method', + 'controller', + 'action', + 'url', + 'response_code', + ]); + + $conditions = $this->__searchConditions($params); + + if ($this->_isRest()) { + $list = $this->AccessLog->find('all', [ + 'conditions' => $conditions, + 'contain' => $this->paginate['contain'], + ]); + return $this->RestResponse->viewData($list, 'json'); + } + + $this->paginate['conditions'] = $conditions; + $list = $this->paginate(); + + $this->set('list', $list); + $this->set('title_for_layout', __('Access logs')); + } + + public function admin_request($id) + { + $request = $this->AccessLog->find('first', [ + 'conditions' => ['AccessLog.id' => $id], + 'fields' => ['AccessLog.request'], + ]); + if (empty($request)) { + throw new NotFoundException(__('Access log not found')); + } + + list($contentType, $encoding, $data) = explode("\n", $request['AccessLog']['request'], 3); + $contentType = explode(';', $contentType, 2)[0]; + + if ($contentType === 'application/x-www-form-urlencoded') { + parse_str($data, $output); + $data = var_export($output, true); + } + + $this->set('request', $data); + } + + /** + * @param array $params + * @return array + */ + private function __searchConditions(array $params) + { + $qbRules = []; + foreach ($params as $key => $value) { + if ($key === 'created') { + $qbRules[] = [ + 'id' => $key, + 'operator' => is_array($value) ? 'between' : 'greater_or_equal', + 'value' => $value, + ]; + } else { + if (is_array($value)) { + $value = implode('||', $value); + } + $qbRules[] = [ + 'id' => $key, + 'value' => $value, + ]; + } + } + $this->set('qbRules', $qbRules); + + $conditions = []; + if (isset($params['user'])) { + if (is_numeric($params['user'])) { + $conditions['AccessLog.user_id'] = $params['user']; + } else { + $user = $this->User->find('first', [ + 'conditions' => ['User.email' => $params['user']], + 'fields' => ['id'], + ]); + if (!empty($user)) { + $conditions['AccessLog.user_id'] = $user['User']['id']; + } else { + $conditions['AccessLog.user_id'] = -1; + } + } + } + if (isset($params['ip'])) { + $conditions['AccessLog.ip'] = inet_pton($params['ip']); + } + foreach (['authkey_id', 'request_id', 'controller', 'action'] as $field) { + if (isset($params[$field])) { + $conditions['AccessLog.' . $field] = $params[$field]; + } + } + if (isset($params['url'])) { + $conditions['AccessLog.url LIKE'] = "%{$params['url']}%"; + } + if (isset($params['request_method'])) { + $methodId = array_flip(AccessLog::REQUEST_TYPES)[$params['request_method']] ?? -1; + $conditions['AccessLog.request_method'] = $methodId; + } + if (isset($params['org'])) { + if (is_numeric($params['org'])) { + $conditions['AccessLog.org_id'] = $params['org']; + } else { + $org = $this->AccessLog->Organisation->fetchOrg($params['org']); + if ($org) { + $conditions['AccessLog.org_id'] = $org['id']; + } else { + $conditions['AccessLog.org_id'] = -1; + } + } + } + if (isset($params['created'])) { + $tempData = is_array($params['created']) ? $params['created'] : [$params['created']]; + foreach ($tempData as $k => $v) { + $tempData[$k] = $this->AccessLog->resolveTimeDelta($v); + } + if (count($tempData) === 1) { + $conditions['AccessLog.created >='] = date("Y-m-d H:i:s", $tempData[0]); + } else { + if ($tempData[0] < $tempData[1]) { + $temp = $tempData[1]; + $tempData[1] = $tempData[0]; + $tempData[0] = $temp; + } + $conditions['AND'][] = ['AccessLog.created <=' => date("Y-m-d H:i:s", $tempData[0])]; + $conditions['AND'][] = ['AccessLog.created >=' => date("Y-m-d H:i:s", $tempData[1])]; + } + } + return $conditions; + } +} \ No newline at end of file diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index e92adf25a..fe4db0024 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -665,27 +665,22 @@ class AppController extends Controller { $userMonitoringEnabled = Configure::read('Security.user_monitoring_enabled'); if ($userMonitoringEnabled) { - $redis = $this->User->setupRedis(); - $userMonitoringEnabled = $redis && $redis->sismember('misp:monitored_users', $user['id']); + try { + $userMonitoringEnabled = RedisTool::init()->sismember('misp:monitored_users', $user['id']); + } catch (Exception $e) { + $userMonitoringEnabled = false; + } } - if (Configure::read('MISP.log_paranoid') || $userMonitoringEnabled) { - $change = 'HTTP method: ' . $_SERVER['REQUEST_METHOD'] . PHP_EOL . 'Target: ' . $this->request->here; - if ( - ( - $this->request->is('post') || - $this->request->is('put') - ) && - ( - !empty(Configure::read('MISP.log_paranoid_include_post_body')) || - $userMonitoringEnabled - ) - ) { - $payload = $this->request->input(); - $change .= PHP_EOL . 'Request body: ' . $payload; - } - $this->Log = ClassRegistry::init('Log'); - $this->Log->createLogEntry($user, 'request', 'User', $user['id'], 'Paranoid log entry', $change); + $shouldBeLogged = $userMonitoringEnabled || + Configure::read('MISP.log_paranoid') || + (Configure::read('MISP.log_paranoid_api') && $user['logged_by_authkey']); + + if ($shouldBeLogged) { + $includeRequestBody = !empty(Configure::read('MISP.log_paranoid_include_post_body')) || $userMonitoringEnabled; + /** @var AccessLog $accessLog */ + $accessLog = ClassRegistry::init('AccessLog'); + $accessLog->logRequest($user, $this->_remoteIp(), $this->request, $includeRequestBody); } } diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index 6f0a02598..2de04e085 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -386,16 +386,20 @@ class ACLComponent extends Component 'testForStolenAttributes' => array(), 'pruneUpdateLogs' => array() ), - 'auditLogs' => [ - 'admin_index' => ['perm_audit'], - 'fullChange' => ['perm_audit'], - 'eventIndex' => ['*'], - 'returnDates' => ['*'], - ], - 'modules' => array( - 'index' => array('perm_auth'), - 'queryEnrichment' => array('perm_auth'), - ), + 'auditLogs' => [ + 'admin_index' => ['perm_audit'], + 'fullChange' => ['perm_audit'], + 'eventIndex' => ['*'], + 'returnDates' => ['*'], + ], + 'accessLogs' => [ + 'admin_index' => [], + 'admin_request' => [], + ], + 'modules' => array( + 'index' => array('perm_auth'), + 'queryEnrichment' => array('perm_auth'), + ), 'news' => array( 'add' => array(), 'edit' => array(), diff --git a/app/Model/AccessLog.php b/app/Model/AccessLog.php new file mode 100644 index 000000000..ec9b82b05 --- /dev/null +++ b/app/Model/AccessLog.php @@ -0,0 +1,230 @@ + 'Unknown', + 1 => 'GET', + 2 => 'HEAD', + 3 => 'POST', + 4 => 'PUT', + 5 => 'DELETE', + 6 => 'OPTIONS', + 7 => 'TRACE', + 8 => 'PATCH', + ]; + + public $actsAs = [ + 'Containable', + ]; + + public $compressionStats = [ + 'compressed' => 0, + 'bytes_compressed' => 0, + 'bytes_uncompressed' => 0, + ]; + + public $belongsTo = [ + 'User' => [ + 'className' => 'User', + 'foreignKey' => 'user_id', + ], + 'Organisation' => [ + 'className' => 'Organisation', + 'foreignKey' => 'org_id', + ], + ]; + + public function afterFind($results, $primary = false) + { + foreach ($results as &$result) { + if (isset($result['AccessLog']['ip'])) { + $result['AccessLog']['ip'] = inet_ntop($result['AccessLog']['ip']); + } + if (isset($result['AccessLog']['request_method'])) { + $result['AccessLog']['request_method'] = self::REQUEST_TYPES[$result['AccessLog']['request_method']]; + } + if (!empty($result['AccessLog']['request'])) { + $result['AccessLog']['request'] = $this->decodeRequest($result['AccessLog']['request']); + } + } + return $results; + } + + public function beforeSave($options = []) + { + $accessLog = &$this->data['AccessLog']; + + $this->externalLog($accessLog); + + if (Configure::read('MISP.log_paranoid_skip_db')) { + return; + } + + // Truncate + foreach (['request_id', 'user_agent', 'url'] as $field) { + if (isset($accessLog[$field]) && strlen($accessLog[$field]) > 255) { + $accessLog[$field] = substr($accessLog[$field], 0, 255); + } + } + + if (isset($accessLog['ip'])) { + $accessLog['ip'] = inet_pton($accessLog['ip']); + } + + if (isset($accessLog['request_method'])) { + $requestMethodIds = array_flip(self::REQUEST_TYPES); + $accessLog['request_method'] = $requestMethodIds[$accessLog['request_method']] ?? 0; + } + + if (isset($accessLog['request'])) { + $accessLog['request'] = $this->encodeRequest($accessLog['request']); + } + } + + /** + * @param array $user + * @param string $remoteIp + * @param CakeRequest $request + * @param bool $includeRequestBody + * @return bool + * @throws Exception + */ + public function logRequest(array $user, $remoteIp, CakeRequest $request, $includeRequestBody = true) + { + $requestTime = $_SERVER['REQUEST_TIME_FLOAT'] ?? microtime(true); + $now = DateTime::createFromFormat('U.u', $requestTime); + $logClientIp = Configure::read('MISP.log_client_ip'); + + $dataToSave = [ + 'created' => $now->format('Y-m-d H:i:s.u'), + 'request_id' => $_SERVER['HTTP_X_REQUEST_ID'] ?? null, + 'user_id' => (int)$user['id'], + 'org_id' => (int)$user['org_id'], + 'authkey_id' => isset($user['authkey_id']) ? (int)$user['authkey_id'] : null, + 'ip' => $logClientIp ? $remoteIp : null, + 'user_agent' => $_SERVER['HTTP_USER_AGENT'] ?? null, + 'request_method' => $_SERVER['REQUEST_METHOD'], + 'controller' => $request->params['controller'], + 'action' => $request->params['action'], + 'url' => $request->here, + ]; + + if ($includeRequestBody && $request->is(['post', 'put', 'delete'])) { + $requestContentType = $_SERVER['CONTENT_TYPE'] ?? null; + $requestEncoding = $_SERVER['HTTP_CONTENT_ENCODING'] ?? null; + $dataToSave['request'] = "$requestContentType\n$requestEncoding\n{$request->input()}"; + } + + // Save data on shutdown + register_shutdown_function(function () use ($dataToSave, $requestTime) { + session_write_close(); // close session to allow concurrent requests + $this->saveOnShutdown($dataToSave, $requestTime); + }); + + return true; + } + + /** + * @param array $data + * @param float $requestTime + * @return bool + * @throws Exception + */ + private function saveOnShutdown(array $data, $requestTime) + { + $data['response_code'] = http_response_code(); + $data['memory_usage'] = memory_get_peak_usage(); + $data['duration'] = (int)((microtime(true) - $requestTime) * 1000); + + try { + return $this->save($data, ['atomic' => false]); + } catch (Exception $e) { + $this->logException("Could not insert access log to database", $e, LOG_WARNING); + return false; + } + } + + /** + * @param array $data + * @return void + */ + public function externalLog(array $data) + { + if ($this->pubToZmq('audit')) { + $this->getPubSubTool()->publish($data, 'audit', 'log'); + } + + $this->publishKafkaNotification('audit', $data, 'log'); + + if (Configure::read('Plugin.ElasticSearch_logging_enable')) { + // send off our logs to distributed /dev/null + $logIndex = Configure::read("Plugin.ElasticSearch_log_index"); + $elasticSearchClient = $this->getElasticSearchTool(); + $elasticSearchClient->pushDocument($logIndex, "log", $data); + } + } + + /** + * @param string $request + * @return string + */ + private function decodeRequest($request) + { + $header = substr($request, 0, 4); + if ($header === self::BROTLI_HEADER) { + $this->compressionStats['compressed']++; + if (function_exists('brotli_uncompress')) { + $this->compressionStats['bytes_compressed'] += strlen($request); + $request = brotli_uncompress(substr($request, 4)); + $this->compressionStats['bytes_uncompressed'] += strlen($request); + if ($request === false) { + return 'Compressed'; + } + } else { + return 'Compressed'; + } + } elseif ($header === self::ZSTD_HEADER) { + $this->compressionStats['compressed']++; + if (function_exists('zstd_uncompress')) { + $this->compressionStats['bytes_compressed'] += strlen($request); + $request = zstd_uncompress($request); + $this->compressionStats['bytes_uncompressed'] += strlen($request); + if ($request === false) { + return 'Compressed'; + } + } else { + return 'Compressed'; + } + } + return $request; + } + + /** + * @param string $request + * @return string + */ + private function encodeRequest($request) + { + $compressionEnabled = Configure::read('MISP.log_new_audit_compress') && + (function_exists('brotli_compress') || function_exists('zstd_compress')); + + if ($compressionEnabled && strlen($request) >= self::COMPRESS_MIN_LENGTH) { + if (function_exists('zstd_compress')) { + return zstd_compress($request, 4); + } else { + return self::BROTLI_HEADER . brotli_compress($request, 4, BROTLI_TEXT); + } + } + return $request; + } +} \ No newline at end of file diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index 8465e5794..27b4268bc 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -85,7 +85,7 @@ class AppModel extends Model 81 => false, 82 => false, 83 => false, 84 => false, 85 => false, 86 => false, 87 => false, 88 => false, 89 => false, 90 => false, 91 => false, 92 => false, 93 => false, 94 => false, 95 => true, 96 => false, 97 => true, 98 => false, - 99 => false + 99 => false, 100 => false, ); const ADVANCED_UPDATES_DESCRIPTION = array( @@ -1882,6 +1882,28 @@ class AppModel extends Model $sqlArray[] = "ALTER TABLE `event_tags` ADD `relationship_type` varchar(191) NULL DEFAULT '';"; $sqlArray[] = "ALTER TABLE `attribute_tags` ADD `relationship_type` varchar(191) NULL DEFAULT '';"; break; + case 100: + $sqlArray[] = "CREATE TABLE IF NOT EXISTS `access_logs` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `created` datetime(4) NOT NULL, + `user_id` int(11) NOT NULL, + `org_id` int(11) NOT NULL, + `authkey_id` int(11) DEFAULT NULL, + `ip` varbinary(16) DEFAULT NULL, + `request_method` tinyint NOT NULL, + `user_agent` varchar(255) DEFAULT NULL, + `request_id` varchar(255) DEFAULT NULL, + `controller` varchar(20) NOT NULL, + `action` varchar(20) NOT NULL, + `url` varchar(255) NOT NULL, + `request` blob, + `response_code` smallint NOT NULL, + `memory_usage` int(11) NOT NULL, + `duration` int(11) NOT NULL, + PRIMARY KEY (`id`), + INDEX `user_id` (`user_id`) + ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;"; + break; case 'fixNonEmptySharingGroupID': $sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; $sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; diff --git a/app/Model/Log.php b/app/Model/Log.php index 2d6b983f2..65d882eeb 100644 --- a/app/Model/Log.php +++ b/app/Model/Log.php @@ -145,9 +145,6 @@ class Log extends AppModel } } $this->logData($this->data); - if ($this->data['Log']['action'] === 'request' && !empty(Configure::read('MISP.log_paranoid_skip_db'))) { - return false; - } return true; } @@ -243,9 +240,6 @@ class Log extends AppModel ]]); if (!$result) { - if ($action === 'request' && !empty(Configure::read('MISP.log_paranoid_skip_db'))) { - return null; - } if (!empty(Configure::read('MISP.log_skip_db_logs_completely'))) { return null; } @@ -349,9 +343,8 @@ class Log extends AppModel public function logData($data) { - if (Configure::read('Plugin.ZeroMQ_enable') && Configure::read('Plugin.ZeroMQ_audit_notifications_enable')) { - $pubSubTool = $this->getPubSubTool(); - $pubSubTool->publish($data, 'audit', 'log'); + if ($this->pubToZmq('audit')) { + $this->getPubSubTool()->publish($data, 'audit', 'log'); } $this->publishKafkaNotification('audit', $data, 'log'); @@ -363,11 +356,6 @@ class Log extends AppModel $elasticSearchClient->pushDocument($logIndex, "log", $data); } - // Do not save request action logs to syslog, because they contain no information - if ($data['Log']['action'] === 'request') { - return true; - } - // write to syslogd as well if enabled if ($this->syslog === null) { if (Configure::read('Security.syslog')) { diff --git a/app/Model/Server.php b/app/Model/Server.php index d1825e2b8..fd99b7573 100644 --- a/app/Model/Server.php +++ b/app/Model/Server.php @@ -5576,6 +5576,14 @@ class Server extends AppModel 'type' => 'boolean', 'null' => true ), + 'log_paranoid_api' => array( + 'level' => 0, + 'description' => __('If this functionality is enabled all API requests will be logged.'), + 'value' => false, + 'test' => 'testBoolFalse', + 'type' => 'boolean', + 'null' => true + ), 'log_paranoid_skip_db' => array( 'level' => 0, 'description' => __('You can decide to skip the logging of the paranoid logs to the database.'), diff --git a/app/View/AccessLogs/admin_index.ctp b/app/View/AccessLogs/admin_index.ctp new file mode 100644 index 000000000..4add1c8c7 --- /dev/null +++ b/app/View/AccessLogs/admin_index.ctp @@ -0,0 +1,336 @@ +
+

+
+
+
+ + +
+
+ Html->script('moment.min'); + echo $this->Html->script('doT'); + echo $this->Html->script('extendext'); + echo $this->Html->css('query-builder.default'); + echo $this->Html->script('query-builder'); + ?> + + + + + + + + + + + + + + + + + + + + + + + + + + + +
LightPaginator->sort('created') ?>LightPaginator->sort('user_id', __('User')) ?>LightPaginator->sort('ip', __('IP')) ?>LightPaginator->sort('org_id', __('Org')) ?>LightPaginator->sort('request_method', __('Method')) ?>LightPaginator->sort('url', __('URL')) ?>LightPaginator->sort('response_code', __('Code')) ?>LightPaginator->sort('memory_usage', __('Memory')) ?>LightPaginator->sort('duration', __('Duration')) ?>
Time->time($item['AccessLog']['created']); ?>' . h($item['User']['email']) . ''; + } else { + echo __('Deleted user #%s', h($item['AccessLog']['user_id'])); + } + + if (!empty($item['AccessLog']['authkey_id'])) { + echo ' '; + } + ?> + OrgImg->getOrgLogo($item, 24); + } else if ($item['AccessLog']['org_id'] != 0) { + echo __('Deleted org #%s', h($item['AccessLog']['org_id'])); + } + ?> + + + ' : '' ?> + ms
+

+

+ +
+ +element('/genericElements/SideMenu/side_menu', ['menuList' => 'logs', 'menuItem' => 'listAccessLogs']); + diff --git a/app/View/AccessLogs/admin_request.ctp b/app/View/AccessLogs/admin_request.ctp new file mode 100644 index 000000000..79ad3c115 --- /dev/null +++ b/app/View/AccessLogs/admin_request.ctp @@ -0,0 +1 @@ +
diff --git a/app/View/AuditLogs/admin_index.ctp b/app/View/AuditLogs/admin_index.ctp index 81c556d48..eb6af731f 100644 --- a/app/View/AuditLogs/admin_index.ctp +++ b/app/View/AuditLogs/admin_index.ctp @@ -14,7 +14,7 @@ echo $this->Html->css('query-builder.default'); echo $this->Html->script('query-builder'); ?> - element('/genericElements/SideMenu/side_menu', ['menuList' => 'logs', 'menuItem' => 'listAccessLogs']); diff --git a/app/View/AuditLogs/admin_index.ctp b/app/View/AuditLogs/admin_index.ctp index eb6af731f..cc752eaa8 100644 --- a/app/View/AuditLogs/admin_index.ctp +++ b/app/View/AuditLogs/admin_index.ctp @@ -310,29 +310,14 @@ return false; }); - $('td[data-search]').mouseenter(function() { - var $td = $(this); - if ($td.data('search-value').length === 0) { - return; - } - - $td.find('#quickEditButton').remove(); // clean all similar if exist - var $div = $('
'); - $div.addClass('quick-edit-row-div'); - var $span = $(''); - $span.addClass('fa-as-icon fa fa-search-plus'); - $span.css('font-size', '12px'); - $span.prop('title', 'Filter by this value'); - $div.append($span); - $td.append($div); - - $span.click(function() { - if ($td.data('search') === 'model') { - var val = $td.data('search-value').split(":"); + $(function() { + filterSearch(function (e, searchKey, searchValue) { + if (searchKey === 'model') { + var val = searchValue.split(":"); passedArgs['model'] = encodeURIComponent(val[0]); passedArgs['model_id'] = encodeURIComponent(val[1]); } else { - passedArgs[$td.data('search')] = encodeURIComponent($td.data('search-value')); + passedArgs[searchKey] = encodeURIComponent(searchValue); } var url = here; @@ -345,10 +330,6 @@ } window.location.href = url; }); - - $td.off('mouseleave').on('mouseleave', function() { - $div.remove(); - }); }); element('/genericElements/SideMenu/side_menu', ['menuList' => 'logs', 'menuItem' => 'listAuditLogs']); diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js index 06f55beb9..c67c8a9d4 100644 --- a/app/webroot/js/misp.js +++ b/app/webroot/js/misp.js @@ -5680,4 +5680,34 @@ function enableWorkflowDebugMode(workflow_id, currentEnabledState, callback) { url: $formData.find('form').attr('action') }); }); +} + +// Used in audit and access logs +function filterSearch(callback) { + $('td[data-search]').mouseenter(function() { + var $td = $(this); + var searchValue = $td.data('search-value'); + if (searchValue.length === 0) { + return; + } + + $td.find('#quickEditButton').remove(); // clean all similar if exist + var $div = $('
'); + $div.addClass('quick-edit-row-div'); + var $span = $(''); + $span.addClass('fa-as-icon fa fa-search-plus'); + $span.css('font-size', '12px'); + $span.prop('title', 'Filter by this value'); + $div.append($span); + $td.append($div); + + $span.click(function (e) { + var searchKey = $td.data('search'); + callback(e, searchKey, searchValue); + }); + + $td.off('mouseleave').on('mouseleave', function() { + $div.remove(); + }); + }); } \ No newline at end of file From b508674f2c63445025b2bd77ba77b06000c30f5f Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Sat, 12 Nov 2022 20:42:27 +0100 Subject: [PATCH 042/698] fix: [logs] Remove support for elastic logging for auditlog, as it was broken and didnt work --- app/Model/AccessLog.php | 8 +------- app/Model/AppModel.php | 13 ------------- app/Model/AuditLog.php | 11 +---------- app/Model/Log.php | 13 +++++++++++++ 4 files changed, 15 insertions(+), 30 deletions(-) diff --git a/app/Model/AccessLog.php b/app/Model/AccessLog.php index ec9b82b05..d95cb47af 100644 --- a/app/Model/AccessLog.php +++ b/app/Model/AccessLog.php @@ -165,13 +165,7 @@ class AccessLog extends AppModel } $this->publishKafkaNotification('audit', $data, 'log'); - - if (Configure::read('Plugin.ElasticSearch_logging_enable')) { - // send off our logs to distributed /dev/null - $logIndex = Configure::read("Plugin.ElasticSearch_log_index"); - $elasticSearchClient = $this->getElasticSearchTool(); - $elasticSearchClient->pushDocument($logIndex, "log", $data); - } + // In future add support for sending logs to elastic } /** diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index 27b4268bc..ed4dc7f20 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -41,8 +41,6 @@ class AppModel extends Model private $__profiler = array(); - public $elasticSearchClient; - /** @var AttachmentTool|null */ private $attachmentTool; @@ -2974,17 +2972,6 @@ class AppModel extends Model return self::$loadedPubSubTool; } - protected function getElasticSearchTool() - { - if (!$this->elasticSearchClient) { - App::uses('ElasticSearchClient', 'Tools'); - $client = new ElasticSearchClient(); - $client->initTool(); - $this->elasticSearchClient = $client; - } - return $this->elasticSearchClient; - } - /** * @return BackgroundJobsTool */ diff --git a/app/Model/AuditLog.php b/app/Model/AuditLog.php index a760d62ba..d207a89f0 100644 --- a/app/Model/AuditLog.php +++ b/app/Model/AuditLog.php @@ -46,9 +46,6 @@ class AuditLog extends AppModel /** @var bool */ private $pubToZmq; - /** @var bool */ - private $elasticLogging; - /** @var bool */ private $logClientIp; @@ -85,7 +82,6 @@ class AuditLog extends AppModel $this->compressionEnabled = Configure::read('MISP.log_new_audit_compress') && (function_exists('brotli_compress') || function_exists('zstd_compress')); $this->pubToZmq = $this->pubToZmq('audit'); - $this->elasticLogging = Configure::read('Plugin.ElasticSearch_logging_enable'); $this->logClientIp = Configure::read('MISP.log_client_ip'); } @@ -262,12 +258,7 @@ class AuditLog extends AppModel $this->publishKafkaNotification('audit', $data, 'log'); - if ($this->elasticLogging) { - // send off our logs to distributed /dev/null - $logIndex = Configure::read("Plugin.ElasticSearch_log_index"); - $elasticSearchClient = $this->getElasticSearchTool(); - $elasticSearchClient->pushDocument($logIndex, "log", $data); - } + // In future add support for sending logs to elastic // write to syslogd as well if enabled if ($this->syslog === null) { diff --git a/app/Model/Log.php b/app/Model/Log.php index 415044d2a..17878ead3 100644 --- a/app/Model/Log.php +++ b/app/Model/Log.php @@ -108,6 +108,8 @@ class Log extends AppModel public $actsAs = ['LightPaginator']; + private $elasticSearchClient; + /** * Null when not defined, false when not enabled * @var Syslog|null|false @@ -1134,4 +1136,15 @@ class Log extends AppModel break; } } + + private function getElasticSearchTool() + { + if (!$this->elasticSearchClient) { + App::uses('ElasticSearchClient', 'Tools'); + $client = new ElasticSearchClient(); + $client->initTool(); + $this->elasticSearchClient = $client; + } + return $this->elasticSearchClient; + } } From 259e60f7c7fc8d91d4c4dc6d26f9ccb7b6e0d849 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Sat, 12 Nov 2022 20:54:14 +0100 Subject: [PATCH 043/698] fix: [log] Handle empty body --- app/Controller/AccessLogsController.php | 4 ++++ app/View/AccessLogs/admin_index.ctp | 2 +- app/View/AuditLogs/admin_index.ctp | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/app/Controller/AccessLogsController.php b/app/Controller/AccessLogsController.php index e49ecc7c1..9fb56ce0b 100644 --- a/app/Controller/AccessLogsController.php +++ b/app/Controller/AccessLogsController.php @@ -67,6 +67,10 @@ class AccessLogsController extends AppController throw new NotFoundException(__('Access log not found')); } + if (empty($request['AccessLog']['request'])) { + throw new NotFoundException(__('Request body is empty')); + } + list($contentType, $encoding, $data) = explode("\n", $request['AccessLog']['request'], 3); $contentType = explode(';', $contentType, 2)[0]; diff --git a/app/View/AccessLogs/admin_index.ctp b/app/View/AccessLogs/admin_index.ctp index d7428d2dd..9a1307f15 100644 --- a/app/View/AccessLogs/admin_index.ctp +++ b/app/View/AccessLogs/admin_index.ctp @@ -287,7 +287,7 @@ var $popoverFormLarge = $('#popover_form_large'); $popoverFormLarge.html(data); openPopup($popoverFormLarge); - }); + }).fail(xhrFailCallback); return false; }); diff --git a/app/View/AuditLogs/admin_index.ctp b/app/View/AuditLogs/admin_index.ctp index cc752eaa8..cc8b05896 100644 --- a/app/View/AuditLogs/admin_index.ctp +++ b/app/View/AuditLogs/admin_index.ctp @@ -306,7 +306,7 @@ $(this).html(syntaxHighlightJson($(this).text())); }); openPopup($popoverFormLarge); - }); + }).fail(xhrFailCallback); return false; }); From 13e6c107397c770356a93ff62a0a9f3461771eff Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Sat, 12 Nov 2022 21:03:35 +0100 Subject: [PATCH 044/698] chg: [log] Store memory usage compressed in database --- app/Model/AccessLog.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/app/Model/AccessLog.php b/app/Model/AccessLog.php index d95cb47af..264b56947 100644 --- a/app/Model/AccessLog.php +++ b/app/Model/AccessLog.php @@ -56,6 +56,9 @@ class AccessLog extends AppModel if (!empty($result['AccessLog']['request'])) { $result['AccessLog']['request'] = $this->decodeRequest($result['AccessLog']['request']); } + if (!empty($result['AccessLog']['memory_usage'])) { + $result['AccessLog']['memory_usage'] = $result['AccessLog']['memory_usage'] * 1024; + } } return $results; } @@ -89,6 +92,11 @@ class AccessLog extends AppModel if (isset($accessLog['request'])) { $accessLog['request'] = $this->encodeRequest($accessLog['request']); } + + // In database save size in kb to avoid overflow signed int type + if (isset($accessLog['memory_usage'])) { + $accessLog['memory_usage'] = $accessLog['memory_usage'] >> 10; // same as /= 1024 + } } /** From 483104bf80ab12632b86c9a021efd3cbe42aa73f Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Sun, 13 Nov 2022 08:31:19 +0100 Subject: [PATCH 045/698] new: [CLI] Command for recompressing data stored in audit logs table --- app/Console/Command/LogShell.php | 11 ++++++ app/Model/AuditLog.php | 67 +++++++++++++++++++++++++------- 2 files changed, 63 insertions(+), 15 deletions(-) diff --git a/app/Console/Command/LogShell.php b/app/Console/Command/LogShell.php index b2e583b92..2f445c7e2 100644 --- a/app/Console/Command/LogShell.php +++ b/app/Console/Command/LogShell.php @@ -30,6 +30,9 @@ class LogShell extends AppShell ), ), ]); + $parser->addSubcommand('recompress', [ + 'help' => __('Recompress compressed data in logs.'), + ]); return $parser; } @@ -148,6 +151,9 @@ class LogShell extends AppShell $this->out('Change field:'); $this->out('-------------'); $this->out(str_pad(__('Compressed items:'), 20) . $this->AuditLog->compressionStats['compressed']); + $this->out(str_pad(__('ZSTD compressed:'), 20) . $this->AuditLog->compressionStats['zstd_compressed']); + $this->out(str_pad(__('Brotli compressed:'), 20) . $this->AuditLog->compressionStats['brotli_compressed']); + $this->out(str_pad(__('Total size:'), 20) . CakeNumber::toReadableSize($this->AuditLog->compressionStats['bytes_total'])); $this->out(str_pad(__('Uncompressed size:'), 20) . CakeNumber::toReadableSize($this->AuditLog->compressionStats['bytes_uncompressed'])); $this->out(str_pad(__('Compressed size:'), 20) . CakeNumber::toReadableSize($this->AuditLog->compressionStats['bytes_compressed'])); } @@ -175,4 +181,9 @@ class LogShell extends AppShell $this->out(str_pad(__('Index size:'), 20) . CakeNumber::toReadableSize($usage['index_in_bytes'])); $this->out(str_pad(__('Reclaimable size:'), 20) . CakeNumber::toReadableSize($usage['reclaimable_in_bytes']), 2); } + + public function recompress() + { + $this->AuditLog->recompress(); + } } diff --git a/app/Model/AuditLog.php b/app/Model/AuditLog.php index d207a89f0..cfbb264fe 100644 --- a/app/Model/AuditLog.php +++ b/app/Model/AuditLog.php @@ -10,7 +10,7 @@ class AuditLog extends AppModel { const BROTLI_HEADER = "\xce\xb2\xcf\x81", ZSTD_HEADER = "\x28\xb5\x2f\xfd"; - const COMPRESS_MIN_LENGTH = 200; + const COMPRESS_MIN_LENGTH = 256; const ACTION_ADD = 'add', ACTION_EDIT = 'edit', @@ -57,8 +57,11 @@ class AuditLog extends AppModel public $compressionStats = [ 'compressed' => 0, + 'bytes_total' => 0, 'bytes_compressed' => 0, 'bytes_uncompressed' => 0, + 'brotli_compressed' => 0, + 'zstd_compressed' => 0, ]; public $belongsTo = [ @@ -143,6 +146,24 @@ class AuditLog extends AppModel return ''; } + /** + * @param mixed $change + * @return string + * @throws JsonException + */ + private function encodeChange($change) + { + $change = JsonTool::encode($change); + if ($this->compressionEnabled && strlen($change) >= self::COMPRESS_MIN_LENGTH) { + if (function_exists('zstd_compress')) { + return zstd_compress($change, 4); + } else { + return self::BROTLI_HEADER . brotli_compress($change, 4, BROTLI_TEXT); + } + } + return $change; + } + /** * @param string $change * @return array|string @@ -150,11 +171,14 @@ class AuditLog extends AppModel */ private function decodeChange($change) { + $len = strlen($change); + $this->compressionStats['bytes_total'] += $len; $header = substr($change, 0, 4); if ($header === self::ZSTD_HEADER) { $this->compressionStats['compressed']++; + $this->compressionStats['zstd_compressed']++; if (function_exists('zstd_uncompress')) { - $this->compressionStats['bytes_compressed'] += strlen($change); + $this->compressionStats['bytes_compressed'] += $len; $change = zstd_uncompress($change); $this->compressionStats['bytes_uncompressed'] += strlen($change); if ($change === false) { @@ -165,8 +189,9 @@ class AuditLog extends AppModel } } else if ($header === self::BROTLI_HEADER) { $this->compressionStats['compressed']++; + $this->compressionStats['brotli_compressed']++; if (function_exists('brotli_uncompress')) { - $this->compressionStats['bytes_compressed'] += strlen($change); + $this->compressionStats['bytes_compressed'] += $len; $change = brotli_uncompress(substr($change, 4)); $this->compressionStats['bytes_uncompressed'] += strlen($change); if ($change === false) { @@ -233,15 +258,7 @@ class AuditLog extends AppModel } if (isset($auditLog['change'])) { - $change = JsonTool::encode($auditLog['change']); - if ($this->compressionEnabled && strlen($change) >= self::COMPRESS_MIN_LENGTH) { - if (function_exists('zstd_compress')) { - $change = zstd_compress($change, 4); - } else { - $change = self::BROTLI_HEADER . brotli_compress($change, 4, BROTLI_TEXT); - } - } - $auditLog['change'] = $change; + $auditLog['change'] = $this->encodeChange($auditLog['change']); } } @@ -344,15 +361,35 @@ class AuditLog extends AppModel } } + /** + * @throws JsonException + * @throws Exception + */ public function recompress() { $changes = $this->find('all', [ 'fields' => ['AuditLog.id', 'AuditLog.change'], 'recursive' => -1, - 'conditions' => ['length(AuditLog.change) >=' => self::BROTLI_MIN_LENGTH], + 'conditions' => ['OR' => [ + ['length(AuditLog.change) >=' => self::COMPRESS_MIN_LENGTH], + ['AuditLog.change LIKE' => self::ZSTD_HEADER . '%'], + ['AuditLog.change LIKE' => self::BROTLI_HEADER . '%'], + ]], ]); - foreach ($changes as $change) { - $this->save($change, true, ['id', 'change']); + + $options = [ + 'validate' => false, + 'callbacks' => false, + 'fieldList' => ['change'], + ]; + + foreach (array_chunk($changes, 100) as $chunk) { + $toSave = []; + foreach ($chunk as $change) { + $change['AuditLog']['change'] = $this->encodeChange($change['AuditLog']['change']); + $toSave[] = $change; + } + $this->saveMany($toSave, $options); } } From 835a255ddee47653d12368a810ea09fd33ba72a4 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Sun, 13 Nov 2022 11:36:28 +0100 Subject: [PATCH 046/698] chg: [log] Tune compression for audit and access logs --- app/Lib/Tools/RedisTool.php | 2 +- app/Model/AccessLog.php | 34 ++++------------------------------ app/Model/AuditLog.php | 30 ++++-------------------------- 3 files changed, 9 insertions(+), 57 deletions(-) diff --git a/app/Lib/Tools/RedisTool.php b/app/Lib/Tools/RedisTool.php index 4159322fd..b1ae623c1 100644 --- a/app/Lib/Tools/RedisTool.php +++ b/app/Lib/Tools/RedisTool.php @@ -1,7 +1,7 @@ 'Unknown', @@ -27,12 +26,6 @@ class AccessLog extends AppModel 'Containable', ]; - public $compressionStats = [ - 'compressed' => 0, - 'bytes_compressed' => 0, - 'bytes_uncompressed' => 0, - ]; - public $belongsTo = [ 'User' => [ 'className' => 'User', @@ -184,23 +177,8 @@ class AccessLog extends AppModel { $header = substr($request, 0, 4); if ($header === self::BROTLI_HEADER) { - $this->compressionStats['compressed']++; if (function_exists('brotli_uncompress')) { - $this->compressionStats['bytes_compressed'] += strlen($request); $request = brotli_uncompress(substr($request, 4)); - $this->compressionStats['bytes_uncompressed'] += strlen($request); - if ($request === false) { - return 'Compressed'; - } - } else { - return 'Compressed'; - } - } elseif ($header === self::ZSTD_HEADER) { - $this->compressionStats['compressed']++; - if (function_exists('zstd_uncompress')) { - $this->compressionStats['bytes_compressed'] += strlen($request); - $request = zstd_uncompress($request); - $this->compressionStats['bytes_uncompressed'] += strlen($request); if ($request === false) { return 'Compressed'; } @@ -218,14 +196,10 @@ class AccessLog extends AppModel private function encodeRequest($request) { $compressionEnabled = Configure::read('MISP.log_new_audit_compress') && - (function_exists('brotli_compress') || function_exists('zstd_compress')); + function_exists('brotli_compress'); if ($compressionEnabled && strlen($request) >= self::COMPRESS_MIN_LENGTH) { - if (function_exists('zstd_compress')) { - return zstd_compress($request, 4); - } else { - return self::BROTLI_HEADER . brotli_compress($request, 4, BROTLI_TEXT); - } + return self::BROTLI_HEADER . brotli_compress($request, 4, BROTLI_TEXT); } return $request; } diff --git a/app/Model/AuditLog.php b/app/Model/AuditLog.php index cfbb264fe..22015c109 100644 --- a/app/Model/AuditLog.php +++ b/app/Model/AuditLog.php @@ -8,8 +8,7 @@ App::uses('AppModel', 'Model'); */ class AuditLog extends AppModel { - const BROTLI_HEADER = "\xce\xb2\xcf\x81", - ZSTD_HEADER = "\x28\xb5\x2f\xfd"; + const BROTLI_HEADER = "\xce\xb2\xcf\x81"; const COMPRESS_MIN_LENGTH = 256; const ACTION_ADD = 'add', @@ -60,8 +59,6 @@ class AuditLog extends AppModel 'bytes_total' => 0, 'bytes_compressed' => 0, 'bytes_uncompressed' => 0, - 'brotli_compressed' => 0, - 'zstd_compressed' => 0, ]; public $belongsTo = [ @@ -83,7 +80,7 @@ class AuditLog extends AppModel { parent::__construct($id, $table, $ds); $this->compressionEnabled = Configure::read('MISP.log_new_audit_compress') && - (function_exists('brotli_compress') || function_exists('zstd_compress')); + function_exists('brotli_compress'); $this->pubToZmq = $this->pubToZmq('audit'); $this->logClientIp = Configure::read('MISP.log_client_ip'); } @@ -155,11 +152,7 @@ class AuditLog extends AppModel { $change = JsonTool::encode($change); if ($this->compressionEnabled && strlen($change) >= self::COMPRESS_MIN_LENGTH) { - if (function_exists('zstd_compress')) { - return zstd_compress($change, 4); - } else { - return self::BROTLI_HEADER . brotli_compress($change, 4, BROTLI_TEXT); - } + return self::BROTLI_HEADER . brotli_compress($change, 4, BROTLI_TEXT); } return $change; } @@ -174,22 +167,8 @@ class AuditLog extends AppModel $len = strlen($change); $this->compressionStats['bytes_total'] += $len; $header = substr($change, 0, 4); - if ($header === self::ZSTD_HEADER) { + if ($header === self::BROTLI_HEADER) { $this->compressionStats['compressed']++; - $this->compressionStats['zstd_compressed']++; - if (function_exists('zstd_uncompress')) { - $this->compressionStats['bytes_compressed'] += $len; - $change = zstd_uncompress($change); - $this->compressionStats['bytes_uncompressed'] += strlen($change); - if ($change === false) { - return 'Compressed'; - } - } else { - return 'Compressed'; - } - } else if ($header === self::BROTLI_HEADER) { - $this->compressionStats['compressed']++; - $this->compressionStats['brotli_compressed']++; if (function_exists('brotli_uncompress')) { $this->compressionStats['bytes_compressed'] += $len; $change = brotli_uncompress(substr($change, 4)); @@ -372,7 +351,6 @@ class AuditLog extends AppModel 'recursive' => -1, 'conditions' => ['OR' => [ ['length(AuditLog.change) >=' => self::COMPRESS_MIN_LENGTH], - ['AuditLog.change LIKE' => self::ZSTD_HEADER . '%'], ['AuditLog.change LIKE' => self::BROTLI_HEADER . '%'], ]], ]); From e013d7accb89c7dbdb4d735522f2912d0a846475 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Sun, 13 Nov 2022 15:26:11 +0100 Subject: [PATCH 047/698] chg: [log] Multipart support for access log --- app/Controller/AccessLogsController.php | 14 +++++++------ app/Model/AccessLog.php | 28 +++++++++++++++++++++---- 2 files changed, 32 insertions(+), 10 deletions(-) diff --git a/app/Controller/AccessLogsController.php b/app/Controller/AccessLogsController.php index 9fb56ce0b..02a7ea5eb 100644 --- a/app/Controller/AccessLogsController.php +++ b/app/Controller/AccessLogsController.php @@ -71,12 +71,14 @@ class AccessLogsController extends AppController throw new NotFoundException(__('Request body is empty')); } - list($contentType, $encoding, $data) = explode("\n", $request['AccessLog']['request'], 3); - $contentType = explode(';', $contentType, 2)[0]; - - if ($contentType === 'application/x-www-form-urlencoded') { - parse_str($data, $output); - $data = var_export($output, true); + $contentType = explode(';', $request['AccessLog']['request_content_type'], 2)[0]; + if ($contentType === 'application/x-www-form-urlencoded' || $contentType === 'multipart/form-data') { + parse_str($request['AccessLog']['request'], $output); + $highlighted = highlight_string("", true); + $highlighted = str_replace(["<?php","?>"] , '', $highlighted); + $data = $highlighted; + } else { + $data = h($request['AccessLog']['request']); } $this->set('request', $data); diff --git a/app/Model/AccessLog.php b/app/Model/AccessLog.php index 3b36d19cf..9b7c15002 100644 --- a/app/Model/AccessLog.php +++ b/app/Model/AccessLog.php @@ -47,7 +47,11 @@ class AccessLog extends AppModel $result['AccessLog']['request_method'] = self::REQUEST_TYPES[$result['AccessLog']['request_method']]; } if (!empty($result['AccessLog']['request'])) { - $result['AccessLog']['request'] = $this->decodeRequest($result['AccessLog']['request']); + $request = $this->decodeRequest($result['AccessLog']['request']); + list($contentType, $encoding, $data) = explode("\n", $request, 3); + $result['AccessLog']['request'] = $data; + $result['AccessLog']['request_content_type'] = $contentType; + $result['AccessLog']['request_content_encoding'] = $encoding; } if (!empty($result['AccessLog']['memory_usage'])) { $result['AccessLog']['memory_usage'] = $result['AccessLog']['memory_usage'] * 1024; @@ -121,9 +125,7 @@ class AccessLog extends AppModel ]; if ($includeRequestBody && $request->is(['post', 'put', 'delete'])) { - $requestContentType = $_SERVER['CONTENT_TYPE'] ?? null; - $requestEncoding = $_SERVER['HTTP_CONTENT_ENCODING'] ?? null; - $dataToSave['request'] = "$requestContentType\n$requestEncoding\n{$request->input()}"; + $dataToSave['request'] = $this->requestBody($request); } // Save data on shutdown @@ -135,6 +137,24 @@ class AccessLog extends AppModel return true; } + /** + * @param CakeRequest $request + * @return string + */ + private function requestBody(CakeRequest $request) + { + $requestContentType = $_SERVER['CONTENT_TYPE'] ?? null; + $requestEncoding = $_SERVER['HTTP_CONTENT_ENCODING'] ?? null; + + if (substr($requestContentType, 0, 19) === 'multipart/form-data') { + $input = http_build_query($request->data, '', '&'); + } else { + $input = $request->input(); + } + + return "$requestContentType\n$requestEncoding\n$input"; + } + /** * @param array $data * @param float $requestTime From 6692a3fa60d4690afbab07a026521c914c870ad2 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Sun, 13 Nov 2022 15:56:45 +0100 Subject: [PATCH 048/698] chg: [log] Better filtering for access logs --- app/Controller/AccessLogsController.php | 26 ++++++++++++++++++-- app/Model/AccessLog.php | 2 +- app/View/AccessLogs/admin_index.ctp | 32 ++++++++++++++++++++++++- app/View/AccessLogs/admin_request.ctp | 2 +- app/webroot/css/main.css | 2 +- 5 files changed, 58 insertions(+), 6 deletions(-) diff --git a/app/Controller/AccessLogsController.php b/app/Controller/AccessLogsController.php index 02a7ea5eb..38b459cb0 100644 --- a/app/Controller/AccessLogsController.php +++ b/app/Controller/AccessLogsController.php @@ -37,6 +37,9 @@ class AccessLogsController extends AppController 'controller', 'action', 'url', + 'user_agent', + 'memory_usage', + 'duration', 'response_code', ]); @@ -74,8 +77,15 @@ class AccessLogsController extends AppController $contentType = explode(';', $request['AccessLog']['request_content_type'], 2)[0]; if ($contentType === 'application/x-www-form-urlencoded' || $contentType === 'multipart/form-data') { parse_str($request['AccessLog']['request'], $output); - $highlighted = highlight_string("", true); - $highlighted = str_replace(["<?php","?>"] , '', $highlighted); + // highlight PHP array + $highlighted = highlight_string("\\|", "", $highlighted, 1); // remove prefix + $highlighted = preg_replace("|\\\$|", "", $highlighted, 1); // remove suffix 1 + $highlighted = trim($highlighted); // remove line breaks + $highlighted = preg_replace("|\\\$|", "", $highlighted, 1); // remove suffix 2 + $highlighted = trim($highlighted); // remove line breaks + $highlighted = preg_replace("|^(\\)(<\\?php )(.*?)(\\)|", "\$1\$3\$4", $highlighted); // remove custom added "='] = ($params['memory_usage'] * 1024); + } + if (isset($params['memory_usage'])) { + $conditions['AccessLog.memory_usage >='] = ($params['memory_usage'] * 1024); + } + if (isset($params['duration'])) { + $conditions['AccessLog.duration >='] = $params['duration']; + } if (isset($params['request_method'])) { $methodId = array_flip(AccessLog::REQUEST_TYPES)[$params['request_method']] ?? -1; $conditions['AccessLog.request_method'] = $methodId; diff --git a/app/Model/AccessLog.php b/app/Model/AccessLog.php index 9b7c15002..0765d9fb8 100644 --- a/app/Model/AccessLog.php +++ b/app/Model/AccessLog.php @@ -165,7 +165,7 @@ class AccessLog extends AppModel { $data['response_code'] = http_response_code(); $data['memory_usage'] = memory_get_peak_usage(); - $data['duration'] = (int)((microtime(true) - $requestTime) * 1000); + $data['duration'] = (int)((microtime(true) - $requestTime) * 1000); // in milliseconds try { return $this->save($data, ['atomic' => false]); diff --git a/app/View/AccessLogs/admin_index.ctp b/app/View/AccessLogs/admin_index.ctp index 9a1307f15..538fb78c8 100644 --- a/app/View/AccessLogs/admin_index.ctp +++ b/app/View/AccessLogs/admin_index.ctp @@ -95,7 +95,7 @@ description: "Organisation ID, UUID or name", }, { - input: "text", + input: "select", type: "string", operators: [ "equal", @@ -144,6 +144,36 @@ unique: true, id: "url", label: "URL", + }, + { + input: "text", + type: "string", + operators: [ + "contains", + ], + unique: true, + id: "user_agent", + label: "User agent", + }, + { + type: "double", + operators: [ + "greater_or_equal", + ], + unique: true, + id: "memory_usage", + label: "Memory usage", + description: "In MB", + }, + { + type: "double", + operators: [ + "greater_or_equal", + ], + unique: true, + id: "duration", + label: "Duration", + description: "In milliseconds (1 second is equal to 1000 milliseconds)", } ], rules: { diff --git a/app/View/AccessLogs/admin_request.ctp b/app/View/AccessLogs/admin_request.ctp index 79ad3c115..b2eb724d8 100644 --- a/app/View/AccessLogs/admin_request.ctp +++ b/app/View/AccessLogs/admin_request.ctp @@ -1 +1 @@ -
+
diff --git a/app/webroot/css/main.css b/app/webroot/css/main.css index 9af777376..952f44177 100644 --- a/app/webroot/css/main.css +++ b/app/webroot/css/main.css @@ -2853,7 +2853,7 @@ Query builder } /* Fix text input for query builder */ -.query-builder .rule-value-container input[type="text"] { +.query-builder .rule-value-container input[type="text"], .query-builder .rule-value-container input[type="number"] { padding: 4px !important; height: 30px; } From f2475715428393d9808143cdba8a9d37e4ff92be Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Sun, 13 Nov 2022 17:37:51 +0100 Subject: [PATCH 049/698] chg: [logs] Add SQL queries count to access log --- app/Console/Command/LogShell.php | 2 -- app/Controller/AccessLogsController.php | 6 +++- app/Model/AccessLog.php | 3 ++ app/Model/AppModel.php | 1 + .../Datasource/Database/MysqlExtended.php | 27 ++++++++++++++++++ app/View/AccessLogs/admin_index.ctp | 28 ++++++++++++++++++- 6 files changed, 63 insertions(+), 4 deletions(-) diff --git a/app/Console/Command/LogShell.php b/app/Console/Command/LogShell.php index 2f445c7e2..0da55c6f1 100644 --- a/app/Console/Command/LogShell.php +++ b/app/Console/Command/LogShell.php @@ -151,8 +151,6 @@ class LogShell extends AppShell $this->out('Change field:'); $this->out('-------------'); $this->out(str_pad(__('Compressed items:'), 20) . $this->AuditLog->compressionStats['compressed']); - $this->out(str_pad(__('ZSTD compressed:'), 20) . $this->AuditLog->compressionStats['zstd_compressed']); - $this->out(str_pad(__('Brotli compressed:'), 20) . $this->AuditLog->compressionStats['brotli_compressed']); $this->out(str_pad(__('Total size:'), 20) . CakeNumber::toReadableSize($this->AuditLog->compressionStats['bytes_total'])); $this->out(str_pad(__('Uncompressed size:'), 20) . CakeNumber::toReadableSize($this->AuditLog->compressionStats['bytes_uncompressed'])); $this->out(str_pad(__('Compressed size:'), 20) . CakeNumber::toReadableSize($this->AuditLog->compressionStats['bytes_compressed'])); diff --git a/app/Controller/AccessLogsController.php b/app/Controller/AccessLogsController.php index 38b459cb0..c865fd536 100644 --- a/app/Controller/AccessLogsController.php +++ b/app/Controller/AccessLogsController.php @@ -13,7 +13,7 @@ class AccessLogsController extends AppController public $paginate = [ 'recursive' => -1, 'limit' => 60, - 'fields' => ['id', 'created', 'user_id', 'org_id', 'authkey_id', 'ip', 'request_method', 'request_id', 'controller', 'action', 'url', 'response_code', 'memory_usage', 'duration'], + 'fields' => ['id', 'created', 'user_id', 'org_id', 'authkey_id', 'ip', 'request_method', 'request_id', 'controller', 'action', 'url', 'response_code', 'memory_usage', 'duration', 'query_count'], 'contain' => [ 'User' => ['fields' => ['id', 'email', 'org_id']], 'Organisation' => ['fields' => ['id', 'name', 'uuid']], @@ -40,6 +40,7 @@ class AccessLogsController extends AppController 'user_agent', 'memory_usage', 'duration', + 'query_count', 'response_code', ]); @@ -159,6 +160,9 @@ class AccessLogsController extends AppController if (isset($params['duration'])) { $conditions['AccessLog.duration >='] = $params['duration']; } + if (isset($params['query_count'])) { + $conditions['AccessLog.query_count >='] = $params['query_count']; + } if (isset($params['request_method'])) { $methodId = array_flip(AccessLog::REQUEST_TYPES)[$params['request_method']] ?? -1; $conditions['AccessLog.request_method'] = $methodId; diff --git a/app/Model/AccessLog.php b/app/Model/AccessLog.php index 0765d9fb8..992ae018b 100644 --- a/app/Model/AccessLog.php +++ b/app/Model/AccessLog.php @@ -163,8 +163,11 @@ class AccessLog extends AppModel */ private function saveOnShutdown(array $data, $requestTime) { + $queryCount = $this->getDataSource()->getLog(false, false)['count']; + $data['response_code'] = http_response_code(); $data['memory_usage'] = memory_get_peak_usage(); + $data['query_count'] = $queryCount; $data['duration'] = (int)((microtime(true) - $requestTime) * 1000); // in milliseconds try { diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index ed4dc7f20..5e5252584 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -1898,6 +1898,7 @@ class AppModel extends Model `response_code` smallint NOT NULL, `memory_usage` int(11) NOT NULL, `duration` int(11) NOT NULL, + `query_count` int(11) NOT NULL, PRIMARY KEY (`id`), INDEX `user_id` (`user_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;"; diff --git a/app/Model/Datasource/Database/MysqlExtended.php b/app/Model/Datasource/Database/MysqlExtended.php index 9e7eafc29..df20c4281 100644 --- a/app/Model/Datasource/Database/MysqlExtended.php +++ b/app/Model/Datasource/Database/MysqlExtended.php @@ -119,6 +119,33 @@ class MysqlExtended extends Mysql return isset($forceIndexHint) ? ('FORCE INDEX ' . $forceIndexHint) : null; } + /** + * - Do not call microtime when not necessary + * - Count query count even when logging is disabled + * + * @param string $sql + * @param array $options + * @param array $params + * @return mixed + */ + public function execute($sql, $options = [], $params = []) + { + $log = $options['log'] ?? $this->fullDebug; + + if ($log) { + $t = microtime(true); + $this->_result = $this->_execute($sql, $params); + $this->took = round((microtime(true) - $t) * 1000); + $this->numRows = $this->affected = $this->lastAffected(); + $this->logQuery($sql, $params); + } else { + $this->_result = $this->_execute($sql, $params); + $this->_queriesCnt++; + } + + return $this->_result; + } + /** * Reduce memory usage for insertMulti * diff --git a/app/View/AccessLogs/admin_index.ctp b/app/View/AccessLogs/admin_index.ctp index 538fb78c8..e3859c81c 100644 --- a/app/View/AccessLogs/admin_index.ctp +++ b/app/View/AccessLogs/admin_index.ctp @@ -103,7 +103,7 @@ unique: true, id: "request_method", label: "HTTP request method", - values: ["GET", "HEAD", "POST", "PUT", "DELETE"], + values: ["GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS", "TRACE", "PATCH"], }, { input: "text", @@ -114,6 +114,10 @@ unique: true, id: "response_code", label: "HTTP response code", + validation: { + min: 100, + max: 599 + } }, { input: "text", @@ -164,6 +168,10 @@ id: "memory_usage", label: "Memory usage", description: "In MB", + validation: { + min: 0, + step: 0.01 + } }, { type: "double", @@ -174,6 +182,22 @@ id: "duration", label: "Duration", description: "In milliseconds (1 second is equal to 1000 milliseconds)", + validation: { + min: 0, + } + }, + { + type: "integer", + operators: [ + "greater_or_equal", + ], + unique: true, + id: "query_count", + label: "Query count", + description: "Number of SQL queries", + validation: { + min: 0, + } } ], rules: { @@ -264,6 +288,7 @@ LightPaginator->sort('response_code', __('Code')) ?> LightPaginator->sort('memory_usage', __('Memory')) ?> LightPaginator->sort('duration', __('Duration')) ?> + LightPaginator->sort('query_count', __('Queries')) ?> @@ -296,6 +321,7 @@ ms + From 131aabe13c9bb2053974dcb6feef7dde9ba361c6 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Mon, 14 Nov 2022 14:51:31 +0100 Subject: [PATCH 050/698] fix: [log] Encode request part of access log as it can contains non unicode chars --- app/Controller/AccessLogsController.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/Controller/AccessLogsController.php b/app/Controller/AccessLogsController.php index c865fd536..d45f70a52 100644 --- a/app/Controller/AccessLogsController.php +++ b/app/Controller/AccessLogsController.php @@ -51,6 +51,11 @@ class AccessLogsController extends AppController 'conditions' => $conditions, 'contain' => $this->paginate['contain'], ]); + foreach ($list as &$item) { + if (!empty($item['AccessLog']['request'])) { + $item['AccessLog']['request'] = base64_encode($item['AccessLog']['request']); + } + } return $this->RestResponse->viewData($list, 'json'); } From a151e3f58c2c249e785db9efa64c8f0569e1d965 Mon Sep 17 00:00:00 2001 From: Christian Studer Date: Mon, 14 Nov 2022 14:54:12 +0100 Subject: [PATCH 051/698] chg: [taxii] Added the required auth to the TAXII server --- app/files/scripts/taxii/taxii_push.py | 31 +++++++++++++++------------ 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/app/files/scripts/taxii/taxii_push.py b/app/files/scripts/taxii/taxii_push.py index 9efe3a13f..4ee7b9eee 100644 --- a/app/files/scripts/taxii/taxii_push.py +++ b/app/files/scripts/taxii/taxii_push.py @@ -10,6 +10,8 @@ import pathlib import sys import taxii2client import urllib.parse +from base64 import b64decode +from requests.auth import HTTPBasicAuth # Name of the logger to use for this application @@ -41,7 +43,6 @@ class FileProcessingError(Exception): def setup_logging(log_level=logging.WARNING): """ Creates and applies a logging configuration. - :param log_level: A logging level. Defaults to warning. May be the level value as an int, or its name as a string. Strings are checked case- sensitively against registered level names. @@ -117,6 +118,11 @@ def parse_args(): default="warning" ) + parser.add_argument( + '--key', + help='Base64 encoded auth' + ) + args = parser.parse_args() return args @@ -127,12 +133,9 @@ def api_root_from_collection_url(collection_url): Strip path components off the end of the path portion of the given TAXII collection URL, to obtain the API root URL. A TAXII collection URL path ought to have the form: - /collections// - So we want to strip off the last two components. Only the very simplest sanity check is done on the given URL path. - :param collection_url: A TAXII collection URL. :return: The API root URL, or None if it could not be found. """ @@ -166,7 +169,6 @@ def api_root_from_collection_url(collection_url): def log_status_failures(status): """ Log some failure information from a TAXII status resource. - :param status: A Status resource object of the taxii2-client library with a non-zero failure count. """ @@ -196,7 +198,6 @@ def log_status_failures(status): def push_taxii_envelope(taxii_collection, taxii_envelope_bytes): """ Post the given TAXII envelope to the given collection. - :param taxii_collection: A taxii2client Collection instance :param taxii_envelope_bytes: A bytes/bytearray object containing the TAXII envelope payload for the request @@ -229,7 +230,6 @@ def make_taxii_envelopes(stix_objects, max_content_length): Generate TAXII envelopes containing the given STIX objects, such that no envelope size exceeds max_content_length. The envelopes generated will be bytearrays, and max_content_length is a byte count. - :param stix_objects: An iterable of stix objects, where each stix object is an instance of a registered stix2 library class (it needs a serialize() method to produce JSON). @@ -313,7 +313,6 @@ def make_taxii_envelopes(stix_objects, max_content_length): def convert_misp_file(misp_file): """ Convert the given MISP file to STIX 2.1. - :param misp_file: A path to a file with a MISP event in it. May be a string or a pathlib path object. :return: A STIX 2.1 bundle object @@ -341,7 +340,6 @@ def convert_misp_dir(content_dir): """ Convert all MISP files in the given directory to STIX 2.1, and generate each converted STIX object one at a time. - :param content_dir: The directory to process for MISP content. """ log = logging.getLogger(_LOGGER_NAME) @@ -363,24 +361,29 @@ def convert_misp_dir(content_dir): raise FileProcessingError(event_file, str(e)) from e -def push_content(content_dir, collection_url): +def parse_auth(api_key): + return HTTPBasicAuth(*b64decode(api_key.encode()).split(b':')) + + +def push_content(content_dir, collection_url, api_key): """ Push MISP content from files in the given directory, to a TAXII 2.1 server. This will translate each MISP event to STIX 2.1. - :param content_dir: A directory with JSON files containing MISP content. :param collection_url: A TAXII 2.1 collection URL """ log = logging.getLogger(_LOGGER_NAME) + auth = parse_auth(api_key) + api_root_url = api_root_from_collection_url(collection_url) if not api_root_url: raise ValueError( "Could not compute API root URL from: " + collection_url ) - with taxii2client.ApiRoot(api_root_url) as api_root: + with taxii2client.ApiRoot(api_root_url, auth=auth) as api_root: max_content_length = api_root.max_content_length log.debug( @@ -390,7 +393,7 @@ def push_content(content_dir, collection_url): all_stix_objects = convert_misp_dir(content_dir) - with taxii2client.Collection(collection_url) as taxii_collection: + with taxii2client.Collection(collection_url, auth=auth) as taxii_collection: for taxii_envelope_bytes in make_taxii_envelopes( all_stix_objects, max_content_length @@ -406,7 +409,7 @@ def main(): try: - push_content(args.dir, args.collection) + push_content(args.dir, args.collection, args.key) except Exception: log.fatal( From be32cda69316ffed3b49e597759ee14b364c03ea Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Mon, 14 Nov 2022 16:10:06 +0100 Subject: [PATCH 052/698] fix: [sync] Pulling sighting new way --- app/Model/Sighting.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/app/Model/Sighting.php b/app/Model/Sighting.php index 67907925d..f33e149c0 100644 --- a/app/Model/Sighting.php +++ b/app/Model/Sighting.php @@ -1357,10 +1357,7 @@ class Sighting extends AppModel $sightingsToSave = []; foreach ($sightings as $sighting) { $sighting = $sighting['Sighting']; - $attributeUuid = $sighting['Attribute']['uuid']; - $eventUuid = $sighting['Event']['uuid']; - unset($sighting['Event'], $sighting['Attribute']); - $sighting['attribute_uuid'] = $attributeUuid; + $eventUuid = $sighting['event_uuid']; $sightingsToSave[$eventUuid][] = $sighting; } From 08885780630b8ecb9018dc93b0a4bc1f6d7d403c Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Mon, 14 Nov 2022 14:23:04 +0100 Subject: [PATCH 053/698] new: [UI] Add ability to disable discussion --- app/Controller/Component/ACLComponent.php | 15 +++++++++------ app/Controller/EventsController.php | 4 ++-- app/Model/Server.php | 8 ++++++++ app/View/Elements/Events/View/event_contents.ctp | 7 ++++++- app/View/Elements/global_menu.ctp | 9 ++++++--- 5 files changed, 31 insertions(+), 12 deletions(-) diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index 72c54b696..e01af41a4 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -480,9 +480,9 @@ class ACLComponent extends Component 'display' => array('*'), ), 'posts' => array( - 'add' => array('not_read_only_authkey'), - 'delete' => array('not_read_only_authkey'), - 'edit' => array('not_read_only_authkey'), + 'add' => ['AND' => ['not_read_only_authkey', 'discussion_enabled']], + 'delete' => ['AND' => ['not_read_only_authkey', 'discussion_enabled']], + 'edit' => ['AND' => ['not_read_only_authkey', 'discussion_enabled']], 'pushMessageToZMQ' => array() ), 'regexp' => array( @@ -703,9 +703,9 @@ class ACLComponent extends Component 'view' => array('*'), ), 'threads' => array( - 'index' => array('*'), - 'view' => array('*'), - 'viewEvent' => array('*'), + 'index' => array('discussion_enabled'), + 'view' => array('discussion_enabled'), + 'viewEvent' => array('discussion_enabled'), ), 'users' => array( 'acceptRegistrations' => array(), @@ -854,6 +854,9 @@ class ACLComponent extends Component $this->dynamicChecks['delegation_enabled'] = function (array $user) { return (bool)Configure::read('MISP.delegation'); }; + $this->dynamicChecks['discussion_enabled'] = function (array $user) { + return !Configure::read('MISP.discussion_disable'); + }; // Returns true if current user is not using advanced auth key or if authkey is not read only $this->dynamicChecks['not_read_only_authkey'] = function (array $user) { return !isset($user['authkey_read_only']) || !$user['authkey_read_only']; diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index b7cd292a0..04adfa14a 100644 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -990,7 +990,7 @@ class EventsController extends AppController $possibleColumns[] = 'proposals'; } - if (Configure::read('MISP.showDiscussionsCountOnIndex')) { + if (Configure::read('MISP.showDiscussionsCountOnIndex') && !Configure::read('MISP.discussion_disable')) { $possibleColumns[] = 'discussion'; } @@ -1036,7 +1036,7 @@ class EventsController extends AppController $events = $this->Event->attachProposalsCountToEvents($user, $events); } - if (in_array('discussion', $columns, true)) { + if (in_array('discussion', $columns, true) && !Configure::read('MISP.discussion_disable')) { $events = $this->Event->attachDiscussionsCountToEvents($user, $events); } diff --git a/app/Model/Server.php b/app/Model/Server.php index fd99b7573..81eece9c1 100644 --- a/app/Model/Server.php +++ b/app/Model/Server.php @@ -5640,6 +5640,14 @@ class Server extends AppModel 'type' => 'boolean', 'null' => true ), + 'discussion_disable' => [ + 'level' => 1, + 'description' => __('Completely disable ability for user to add discussion to events.'), + 'value' => false, + 'test' => 'testBool', + 'type' => 'boolean', + 'null' => true + ], 'showCorrelationsOnIndex' => array( 'level' => 1, 'description' => __('When enabled, the number of correlations visible to the currently logged in user will be visible on the event index UI. This comes at a performance cost but can be very useful to see correlating events at a glance.'), diff --git a/app/View/Elements/Events/View/event_contents.ctp b/app/View/Elements/Events/View/event_contents.ctp index 9d9ef9a1c..039857a44 100644 --- a/app/View/Elements/Events/View/event_contents.ctp +++ b/app/View/Elements/Events/View/event_contents.ctp @@ -1,3 +1,4 @@ +Acl->canAccess('threads', 'view') ?>
- + +


@@ -83,9 +86,11 @@ $(document.body).tooltip({ $('.tooltip').not(":last").remove(); }); +Acl->canAccess('threads', 'view')): ?> $.get("/threads/view//true", function(data) { $("#discussions_div").html(data); }); + $.get("/eventReports/index/event_id:/index_for_event:1", function(data) { $("#eventreport_content").html(data); diff --git a/app/View/Elements/global_menu.ctp b/app/View/Elements/global_menu.ctp index 2aa984d01..e841ac7c4 100755 --- a/app/View/Elements/global_menu.ctp +++ b/app/View/Elements/global_menu.ctp @@ -253,15 +253,18 @@ 'url' => $baseurl . '/users/statistics' ), array( - 'type' => 'separator' + 'type' => 'separator', + 'requirement' => $this->Acl->canAccess('threads', 'index'), ), array( 'text' => __('List Discussions'), - 'url' => $baseurl . '/threads/index' + 'url' => $baseurl . '/threads/index', + 'requirement' => $this->Acl->canAccess('threads', 'index'), ), array( 'text' => __('Start Discussion'), - 'url' => $baseurl . '/posts/add' + 'url' => $baseurl . '/posts/add', + 'requirement' => $this->Acl->canAccess('posts', 'add'), ) ) ), From abd61582d8069b23f0f6e17ed3f729045c359897 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Mon, 14 Nov 2022 18:07:33 +0100 Subject: [PATCH 054/698] chg: [log] Support for encoded request in access logs --- app/Model/AccessLog.php | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/app/Model/AccessLog.php b/app/Model/AccessLog.php index 992ae018b..bb637f0c5 100644 --- a/app/Model/AccessLog.php +++ b/app/Model/AccessLog.php @@ -47,11 +47,15 @@ class AccessLog extends AppModel $result['AccessLog']['request_method'] = self::REQUEST_TYPES[$result['AccessLog']['request_method']]; } if (!empty($result['AccessLog']['request'])) { - $request = $this->decodeRequest($result['AccessLog']['request']); - list($contentType, $encoding, $data) = explode("\n", $request, 3); - $result['AccessLog']['request'] = $data; - $result['AccessLog']['request_content_type'] = $contentType; - $result['AccessLog']['request_content_encoding'] = $encoding; + $decoded = $this->decodeRequest($result['AccessLog']['request']); + if ($decoded) { + list($contentType, $encoding, $data) = $decoded; + $result['AccessLog']['request'] = $data; + $result['AccessLog']['request_content_type'] = $contentType; + $result['AccessLog']['request_content_encoding'] = $encoding; + } else { + $result['AccessLog']['request'] = false; + } } if (!empty($result['AccessLog']['memory_usage'])) { $result['AccessLog']['memory_usage'] = $result['AccessLog']['memory_usage'] * 1024; @@ -194,7 +198,7 @@ class AccessLog extends AppModel /** * @param string $request - * @return string + * @return array|bool */ private function decodeRequest($request) { @@ -203,13 +207,25 @@ class AccessLog extends AppModel if (function_exists('brotli_uncompress')) { $request = brotli_uncompress(substr($request, 4)); if ($request === false) { - return 'Compressed'; + return false; } } else { - return 'Compressed'; + return false; } } - return $request; + list($contentType, $encoding, $data) = explode("\n", $request, 3); + + if ($encoding === 'gzip') { + $data = gzdecode($data); + } elseif ($encoding === 'br') { + if (function_exists('brotli_uncompress')) { + $data = brotli_uncompress($data); + } else { + $data = false; + } + } + + return [$contentType, $encoding, $data]; } /** From bb1d7c82b6417eb43aaffbdfd8b1bbf98e9af947 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Mon, 14 Nov 2022 18:29:58 +0100 Subject: [PATCH 055/698] chg: [internal] Remove stream request decompression, because it was broken --- .../CompressedRequestHandlerComponent.php | 102 +++--------------- 1 file changed, 12 insertions(+), 90 deletions(-) diff --git a/app/Controller/Component/CompressedRequestHandlerComponent.php b/app/Controller/Component/CompressedRequestHandlerComponent.php index 969303257..4aa1135c0 100644 --- a/app/Controller/Component/CompressedRequestHandlerComponent.php +++ b/app/Controller/Component/CompressedRequestHandlerComponent.php @@ -1,19 +1,16 @@ request->setInput($this->decodeBrotliEncodedContent($controller)); } else if ($contentEncoding === 'gzip') { $controller->request->setInput($this->decodeGzipEncodedContent($controller)); } else { - throw new MethodNotAllowedException("Unsupported content encoding '$contentEncoding'."); + throw new BadRequestException("Unsupported content encoding '$contentEncoding'."); } } } @@ -24,10 +21,10 @@ class CompressedRequestHandlerComponent extends Component public function supportedEncodings() { $supportedEncodings = []; - if (function_exists('gzdecode') || function_exists('inflate_init')) { + if (function_exists('gzdecode')) { $supportedEncodings[] = 'gzip'; } - if (function_exists('brotli_uncompress') || function_exists('brotli_uncompress_init')) { + if (function_exists('brotli_uncompress')) { $supportedEncodings[] = 'br'; } return $supportedEncodings; @@ -36,44 +33,17 @@ class CompressedRequestHandlerComponent extends Component /** * @return string * @throws Exception - * @see CakeRequest::_readInput() */ private function decodeGzipEncodedContent(Controller $controller) { - if (function_exists('inflate_init')) { - // Decompress data on the fly if supported - $resource = inflate_init(ZLIB_ENCODING_GZIP); - if ($resource === false) { - throw new Exception('GZIP incremental uncompress init failed.'); - } - $uncompressed = ''; - foreach ($this->streamInput() as $data) { - $uncompressedChunk = inflate_add($resource, $data); - if ($uncompressedChunk === false) { - throw new MethodNotAllowedException('Invalid compressed data.'); - } - $uncompressed .= $uncompressedChunk; - if (strlen($uncompressed) > self::MAX_SIZE) { - throw new Exception("Uncompressed data are bigger than is limit."); - } - } - $uncompressedChunk = inflate_add($resource, '', ZLIB_FINISH); - if ($uncompressedChunk === false) { - throw new MethodNotAllowedException('Invalid compressed data.'); - } - return $uncompressed . $uncompressedChunk; - - } else if (function_exists('gzdecode')) { - $decoded = gzdecode($controller->request->input(), self::MAX_SIZE); + if (function_exists('gzdecode')) { + $decoded = gzdecode($controller->request->input()); if ($decoded === false) { - throw new MethodNotAllowedException('Invalid compressed data.'); - } - if (strlen($decoded) >= self::MAX_SIZE) { - throw new Exception("Uncompressed data are bigger than is limit."); + throw new BadRequestException('Invalid compressed data.'); } return $decoded; } else { - throw new MethodNotAllowedException("This server doesn't support GZIP compressed requests."); + throw new BadRequestException("This server doesn't support GZIP compressed requests."); } } @@ -81,65 +51,17 @@ class CompressedRequestHandlerComponent extends Component * @param Controller $controller * @return string * @throws Exception - * @see CakeRequest::_readInput() */ private function decodeBrotliEncodedContent(Controller $controller) { - if (function_exists('brotli_uncompress_init')) { - // Decompress data on the fly if supported - $resource = brotli_uncompress_init(); - if ($resource === false) { - throw new Exception('Brotli incremental uncompress init failed.'); - } - $uncompressed = ''; - foreach ($this->streamInput() as $data) { - $uncompressedChunk = brotli_uncompress_add($resource, $data, BROTLI_PROCESS); - if ($uncompressedChunk === false) { - throw new MethodNotAllowedException('Invalid compressed data.'); - } - $uncompressed .= $uncompressedChunk; - if (strlen($uncompressed) > self::MAX_SIZE) { - throw new Exception("Uncompressed data are bigger than is limit."); - } - } - $uncompressedChunk = brotli_uncompress_add($resource, '', BROTLI_FINISH); - if ($uncompressedChunk === false) { - throw new MethodNotAllowedException('Invalid compressed data.'); - } - return $uncompressed . $uncompressedChunk; - - } else if (function_exists('brotli_uncompress')) { - $decoded = brotli_uncompress($controller->request->input(), self::MAX_SIZE); + if (function_exists('brotli_uncompress')) { + $decoded = brotli_uncompress($controller->request->input()); if ($decoded === false) { - throw new MethodNotAllowedException('Invalid compressed data.'); - } - if (strlen($decoded) >= self::MAX_SIZE) { - throw new Exception("Uncompressed data are bigger than is limit."); + throw new BadRequestException('Invalid compressed data.'); } return $decoded; } else { - throw new MethodNotAllowedException("This server doesn't support brotli compressed requests."); + throw new BadRequestException("This server doesn't support brotli compressed requests."); } } - - /** - * @param int $chunkSize - * @return Generator - * @throws Exception - */ - private function streamInput($chunkSize = 8192) - { - $fh = fopen('php://input', 'rb'); - if ($fh === false) { - throw new Exception("Could not open PHP input for reading."); - } - while (!feof($fh)) { - $data = fread($fh, $chunkSize); - if ($data === false) { - throw new Exception("Could not read PHP input."); - } - yield $data; - } - fclose($fh); - } } From 1a32cf2ed42eed8269c1552370060142df8cff80 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 15 Nov 2022 09:06:50 +0100 Subject: [PATCH 056/698] chg: [misp-workflow-blueprints] updated --- app/files/misp-workflow-blueprints | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/misp-workflow-blueprints b/app/files/misp-workflow-blueprints index 3f22a11be..7df546216 160000 --- a/app/files/misp-workflow-blueprints +++ b/app/files/misp-workflow-blueprints @@ -1 +1 @@ -Subproject commit 3f22a11be2545e808b734787246739dcd69f7eb5 +Subproject commit 7df546216a1d2b4073714476fd92434cc166e516 From fcb7d0c677d535d0cca06d6c11508bb3bd175d67 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 15 Nov 2022 09:07:46 +0100 Subject: [PATCH 057/698] chg: [misp-workflow-blueprints] updated --- app/files/misp-workflow-blueprints | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/misp-workflow-blueprints b/app/files/misp-workflow-blueprints index 3f22a11be..7df546216 160000 --- a/app/files/misp-workflow-blueprints +++ b/app/files/misp-workflow-blueprints @@ -1 +1 @@ -Subproject commit 3f22a11be2545e808b734787246739dcd69f7eb5 +Subproject commit 7df546216a1d2b4073714476fd92434cc166e516 From 422f1ba4ea39b4b302e22e66a6e8619eb89f7cec Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Tue, 15 Nov 2022 09:39:04 +0100 Subject: [PATCH 058/698] chg: [workflow:editor] Reference non-minified drawflow lib. To be reverted later on --- app/View/Workflows/editor.ctp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/View/Workflows/editor.ctp b/app/View/Workflows/editor.ctp index d5aec5529..d575f3263 100644 --- a/app/View/Workflows/editor.ctp +++ b/app/View/Workflows/editor.ctp @@ -272,7 +272,8 @@ $debugEnabled = !empty($selectedWorkflow['Workflow']['debug_enabled']); element('genericElements/assetLoader', [ 'css' => ['drawflow.min', 'drawflow-default'], - 'js' => ['jquery-ui.min', 'drawflow.min', 'doT', 'moment.min', 'viselect.cjs'], + 'js' => ['jquery-ui.min', 'drawflow', 'doT', 'moment.min', 'viselect.cjs'], + // 'js' => ['jquery-ui.min', 'drawflow.min', 'doT', 'moment.min', 'viselect.cjs'], ]); echo $this->element('genericElements/assetLoader', [ 'css' => ['workflows-editor'], From dd1d49cc76ad327d9d929d9419cd9733527cafd1 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Mon, 14 Nov 2022 15:48:11 +0100 Subject: [PATCH 059/698] fix: [ACL] Event report permission --- app/Controller/Component/ACLComponent.php | 23 +------------ app/Controller/EventReportsController.php | 4 +-- app/View/Helper/AclHelper.php | 42 ++++++++++++----------- 3 files changed, 25 insertions(+), 44 deletions(-) diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index 72c54b696..176e8b8fb 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -974,27 +974,6 @@ class ACLComponent extends Component return $user['org_id'] == $tagCollection['TagCollection']['org_id']; } - /** - * Only site admin and event creator can modify an eventReport - * - * @param array $user - * @param array $report - * @return boolean - */ - public function canEditReport(array $user, array $report): bool - { - if ($user['Role']['perm_site_admin']) { - return true; - } - if (empty($report['Event'])) { - return __('Could not find associated event'); - } - if ($report['Event']['orgc_id'] != $user['org_id']) { - return __('Only the creator organisation of the event can modify the report'); - } - return true; - } - /** * Only users that can modify organisation can delete sightings as sighting is not linked to user. * @@ -1024,7 +1003,7 @@ class ACLComponent extends Component */ public function canEditEventReport(array $user, array $eventReport) { - if (!isset($report['Event'])) { + if (!isset($eventReport['Event'])) { throw new InvalidArgumentException('Passed object does not contain an Event.'); } if ($user['Role']['perm_site_admin']) { diff --git a/app/Controller/EventReportsController.php b/app/Controller/EventReportsController.php index a5c407fa1..0a32b5f8a 100644 --- a/app/Controller/EventReportsController.php +++ b/app/Controller/EventReportsController.php @@ -492,9 +492,9 @@ class EventReportsController extends AppController $this->set('sharingGroups', $sgs); } - private function __injectPermissionsToViewContext($user, $report) + private function __injectPermissionsToViewContext(array $user, array $report) { - $canEdit = $this->ACL->canEditReport($user, $report) === true; + $canEdit = $this->ACL->canEditEventReport($user, $report); $this->set('canEdit', $canEdit); } diff --git a/app/View/Helper/AclHelper.php b/app/View/Helper/AclHelper.php index 85a9b432d..ebb734c55 100644 --- a/app/View/Helper/AclHelper.php +++ b/app/View/Helper/AclHelper.php @@ -6,10 +6,22 @@ class AclHelper extends Helper /** @var ACLComponent */ private $ACL; + /** @var array */ + private $me; + public function __construct(View $View, $settings = []) { parent::__construct($View, $settings); + $this->ACL = $View->viewVars['aclComponent']; + if (!$this->ACL instanceof ACLComponent) { + throw new InvalidArgumentException('ACL not provided.'); + } + + $this->me = $View->viewVars['me']; + if (empty($this->me)) { + throw new InvalidArgumentException('Me variable not provided.'); + } } /** @@ -19,8 +31,7 @@ class AclHelper extends Helper */ public function canAccess($controller, $action) { - $me = $this->_View->viewVars['me']; - return $this->ACL->canUserAccess($me, $controller, $action); + return $this->ACL->canUserAccess($this->me, $controller, $action); } /** @@ -29,8 +40,7 @@ class AclHelper extends Helper */ public function canModifyEvent(array $event) { - $me = $this->_View->viewVars['me']; - return $this->ACL->canModifyEvent($me, $event); + return $this->ACL->canModifyEvent($this->me, $event); } /** @@ -39,8 +49,7 @@ class AclHelper extends Helper */ public function canPublishEvent(array $event) { - $me = $this->_View->viewVars['me']; - return $this->ACL->canPublishEvent($me, $event); + return $this->ACL->canPublishEvent($this->me, $event); } /** @@ -50,8 +59,7 @@ class AclHelper extends Helper */ public function canModifyTag(array $event, $isTagLocal = false) { - $me = $this->_View->viewVars['me']; - return $this->ACL->canModifyTag($me, $event, $isTagLocal); + return $this->ACL->canModifyTag($this->me, $event, $isTagLocal); } /** @@ -60,8 +68,7 @@ class AclHelper extends Helper */ public function canDisableCorrelation(array $event) { - $me = $this->_View->viewVars['me']; - return $this->ACL->canDisableCorrelation($me, $event); + return $this->ACL->canDisableCorrelation($this->me, $event); } /** @@ -70,8 +77,7 @@ class AclHelper extends Helper */ public function canModifyTagCollection(array $tagCollection) { - $me = $this->_View->viewVars['me']; - return $this->ACL->canModifyTagCollection($me, $tagCollection); + return $this->ACL->canModifyTagCollection($this->me, $tagCollection); } /** @@ -80,8 +86,7 @@ class AclHelper extends Helper */ public function canDeleteSighting(array $sighting) { - $me = $this->_View->viewVars['me']; - return $this->ACL->canDeleteSighting($me, $sighting); + return $this->ACL->canDeleteSighting($this->me, $sighting); } /** @@ -90,8 +95,7 @@ class AclHelper extends Helper */ public function canEditEventReport(array $eventReport) { - $me = $this->_View->viewVars['me']; - return $this->ACL->canEditReport($me, $eventReport); + return $this->ACL->canEditEventReport($this->me, $eventReport); } /** @@ -100,8 +104,7 @@ class AclHelper extends Helper */ public function canModifyGalaxyCluster(array $cluster) { - $me = $this->_View->viewVars['me']; - return $this->ACL->canModifyGalaxyCluster($me, $cluster); + return $this->ACL->canModifyGalaxyCluster($this->me, $cluster); } /** @@ -110,7 +113,6 @@ class AclHelper extends Helper */ public function canPublishGalaxyCluster(array $cluster) { - $me = $this->_View->viewVars['me']; - return $this->ACL->canModifyGalaxyCluster($me, $cluster); + return $this->ACL->canModifyGalaxyCluster($this->me, $cluster); } } \ No newline at end of file From af5c21034a04ff6ba381833f845b6a510bc20c61 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Tue, 15 Nov 2022 09:57:54 +0100 Subject: [PATCH 060/698] fix: [internal] Method name --- app/View/Elements/genericElements/SideMenu/side_menu.ctp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/View/Elements/genericElements/SideMenu/side_menu.ctp b/app/View/Elements/genericElements/SideMenu/side_menu.ctp index 3a0820566..daae80b0b 100644 --- a/app/View/Elements/genericElements/SideMenu/side_menu.ctp +++ b/app/View/Elements/genericElements/SideMenu/side_menu.ctp @@ -1451,7 +1451,7 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider'); 'text' => __('View Cluster') )); } - if ($menuItem !== 'add_cluster' && $this->Acl->canModifyCluster($cluster)) { + if ($menuItem !== 'add_cluster' && $this->Acl->canModifyGalaxyCluster($cluster)) { echo $this->element('/genericElements/SideMenu/side_menu_link', array( 'element_id' => 'edit_cluster', 'url' => $baseurl . '/galaxy_clusters/edit/' . h($id), From ce3b2d9e7711986143cd2707b5429f5f87bab446 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Tue, 15 Nov 2022 10:35:06 +0100 Subject: [PATCH 061/698] fix: [UI] Side menu requirement --- .../genericElements/SideMenu/side_menu.ctp | 59 ++++++++++--------- 1 file changed, 32 insertions(+), 27 deletions(-) diff --git a/app/View/Elements/genericElements/SideMenu/side_menu.ctp b/app/View/Elements/genericElements/SideMenu/side_menu.ctp index daae80b0b..191c38351 100644 --- a/app/View/Elements/genericElements/SideMenu/side_menu.ctp +++ b/app/View/Elements/genericElements/SideMenu/side_menu.ctp @@ -436,17 +436,19 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider'); 'url' => '/eventReports/view/' . h($id), 'text' => __('View Event Report') )); - echo $this->element('/genericElements/SideMenu/side_menu_link', array( - 'element_id' => 'edit', - 'url' => '/eventReports/edit/' . h($id), - 'text' => __('Edit Event Report'), - 'requirement' => $canEdit, - )); - echo $this->element('/genericElements/SideMenu/side_menu_link', array( - 'url' => '/admin/audit_logs/index/model:EventReport/model_id:' . h($id), - 'text' => __('View report history'), - 'requirement' => Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index'), - )); + if ($canEdit) { + echo $this->element('/genericElements/SideMenu/side_menu_link', array( + 'element_id' => 'edit', + 'url' => '/eventReports/edit/' . h($id), + 'text' => __('Edit Event Report'), + )); + } + if (Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index')) { + echo $this->element('/genericElements/SideMenu/side_menu_link', array( + 'url' => '/admin/audit_logs/index/model:EventReport/model_id:' . h($id), + 'text' => __('View report history'), + )); + } } break; @@ -1094,12 +1096,13 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider'); 'url' => $baseurl . '/admin/logs/index', 'text' => __('Application Logs') )); - echo $this->element('/genericElements/SideMenu/side_menu_link', array( - 'element_id' => 'listAuditLogs', - 'url' => $baseurl . '/admin/audit_logs/index', - 'text' => __('Audit Logs'), - 'requirement' => Configure::read('MISP.log_new_audit'), - )); + if (Configure::read('MISP.log_new_audit')) { + echo $this->element('/genericElements/SideMenu/side_menu_link', array( + 'element_id' => 'listAuditLogs', + 'url' => $baseurl . '/admin/audit_logs/index', + 'text' => __('Audit Logs'), + )); + } echo $this->element('/genericElements/SideMenu/side_menu_link', array( 'element_id' => 'listAccessLogs', 'url' => $baseurl . '/admin/access_logs/index', @@ -1665,11 +1668,12 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider'); 'text' => __('Edit Workflow Blueprint') )); } - echo $this->element('/genericElements/SideMenu/side_menu_link', array( - 'url' => '/admin/audit_logs/index/model:WorkflowBlueprint/model_id:' . h($id), - 'text' => __('View workflow blueprint history'), - 'requirement' => Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index'), - )); + if (Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index')) { + echo $this->element('/genericElements/SideMenu/side_menu_link', array( + 'url' => '/admin/audit_logs/index/model:WorkflowBlueprint/model_id:' . h($id), + 'text' => __('View workflow blueprint history'), + )); + } } echo $divider; echo $this->element('/genericElements/SideMenu/side_menu_link', array( @@ -1714,11 +1718,12 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider'); 'text' => __('Edit Workflow') )); } - echo $this->element('/genericElements/SideMenu/side_menu_link', array( - 'url' => '/admin/audit_logs/index/model:Workflow/model_id:' . h($id), - 'text' => __('View worflow history'), - 'requirement' => Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index'), - )); + if (Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index')) { + echo $this->element('/genericElements/SideMenu/side_menu_link', array( + 'url' => '/admin/audit_logs/index/model:Workflow/model_id:' . h($id), + 'text' => __('View workflow history'), + )); + } } break; From 376b160d932b1e605d2b1ec9852b309ffc8d60db Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Tue, 15 Nov 2022 11:02:15 +0100 Subject: [PATCH 062/698] chg: [periodic_summary] Added explanation about the "new correlation" section --- app/View/Emails/notification_common.ctp | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/app/View/Emails/notification_common.ctp b/app/View/Emails/notification_common.ctp index e9a529d8f..f19e2c8e7 100644 --- a/app/View/Emails/notification_common.ctp +++ b/app/View/Emails/notification_common.ctp @@ -52,6 +52,16 @@ $mitre_galaxy_tag_prefix = 'misp-galaxy:mitre-attack-pattern="'; $reportLink = sprintf('%s/users/viewPeriodicSummary/%s', $baseurl, $period); $eventLink = sprintf('%s/events/index/searchpublished:1/searchPublishTimestamp:%s/searchPublishTimestamp:%s', $baseurl, h($start_date->format('Y-m-d H:i:s')), h($now->format('Y-m-d H:i:s'))); +$newCorrelationExplanationText = implode(' ', [ + __('Correlations for the current set of Events are considered as `new` if their matching attribute has been modified during the considered period.'), + '', + __('Example for a selected period of 7 days:'), + __(' Current Events Remote Events'), + __('• Attribute( 3 days ago) → Attribute( 1 days ago) ✓'), + __('• Attribute( 3 days ago) → Attribute( 9 days ago) ✓'), + __('• Attribute(12 days ago) → Attribute( 3 days ago) ⨉'), + __('• Attribute( 9 days ago) → Attribute(11 days ago) ⨉'), +]); $processed_correlations = []; $new_correlations = []; foreach ($events as $event) { @@ -459,7 +469,11 @@ $top_mitre_attack_techniques = array_slice($mitre_attack_techniques, 0, 10); fetch('detailed-summary-correlations')) : ?> -

+

+ + + +

From 3b6bf0349509d1b9fc3a75b1924a0b1828700e8d Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Tue, 15 Nov 2022 12:12:51 +0100 Subject: [PATCH 063/698] chg: [periodic_summary] Rephrased correlation text to make it more understandable --- app/View/Emails/notification_common.ctp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/View/Emails/notification_common.ctp b/app/View/Emails/notification_common.ctp index f19e2c8e7..3ed1836f4 100644 --- a/app/View/Emails/notification_common.ctp +++ b/app/View/Emails/notification_common.ctp @@ -53,10 +53,10 @@ $reportLink = sprintf('%s/users/viewPeriodicSummary/%s', $baseurl, $period); $eventLink = sprintf('%s/events/index/searchpublished:1/searchPublishTimestamp:%s/searchPublishTimestamp:%s', $baseurl, h($start_date->format('Y-m-d H:i:s')), h($now->format('Y-m-d H:i:s'))); $newCorrelationExplanationText = implode(' ', [ - __('Correlations for the current set of Events are considered as `new` if their matching attribute has been modified during the considered period.'), + __('Correlations for the current set of Events are considered as `new` if their matching attribute has been modified during the chosen period.'), '', __('Example for a selected period of 7 days:'), - __(' Current Events Remote Events'), + __(' Events from the past 7 days Any other Events'), __('• Attribute( 3 days ago) → Attribute( 1 days ago) ✓'), __('• Attribute( 3 days ago) → Attribute( 9 days ago) ✓'), __('• Attribute(12 days ago) → Attribute( 3 days ago) ⨉'), From 471c80d86a2744baab8f7a5ea876fcea49a9eab9 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Tue, 15 Nov 2022 13:56:17 +0100 Subject: [PATCH 064/698] fix: [taxonomy:TagConflict] Strop generate notices for the `tlp:white` and `tlp:clear` tags - we had to remove all mirrors from the office after implementing this --- app/Model/Taxonomy.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/app/Model/Taxonomy.php b/app/Model/Taxonomy.php index f2360ac86..7ce1a1e10 100644 --- a/app/Model/Taxonomy.php +++ b/app/Model/Taxonomy.php @@ -753,6 +753,14 @@ class Taxonomy extends AppModel } $potentiallyConflictingTaxonomy[$tagShortened]['tagNames'][] = $tagName; } + if ( + !empty($potentiallyConflictingTaxonomy['tlp']) && + count($potentiallyConflictingTaxonomy['tlp']['tagNames']) == 2 && + in_array('tlp:white', $potentiallyConflictingTaxonomy['tlp']['tagNames']) && + in_array('tlp:clear', $potentiallyConflictingTaxonomy['tlp']['tagNames']) + ) { + unset($potentiallyConflictingTaxonomy['tlp']); + } foreach ($potentiallyConflictingTaxonomy as $potTaxonomy) { if ($potTaxonomy['count'] > 1) { $taxonomy = $potTaxonomy['taxonomy']; From 5e9ff4924f44b2035fd2cac7ee87f65f0d365a9f Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Thu, 17 Nov 2022 14:51:44 +0100 Subject: [PATCH 065/698] chg: [AadAuth] use proxy settings if present --- .../Auth/AadAuthenticateAuthenticate.php | 23 +++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/app/Plugin/AadAuth/Controller/Component/Auth/AadAuthenticateAuthenticate.php b/app/Plugin/AadAuth/Controller/Component/Auth/AadAuthenticateAuthenticate.php index a7a61cddd..333d8593c 100755 --- a/app/Plugin/AadAuth/Controller/Component/Auth/AadAuthenticateAuthenticate.php +++ b/app/Plugin/AadAuth/Controller/Component/Auth/AadAuthenticateAuthenticate.php @@ -214,7 +214,7 @@ class AadAuthenticateAuthenticate extends BaseAuthenticate ]; $url = self::$auth_provider . self::$ad_tenant . "/oauth2/v2.0/token"; - $response = (new HttpSocket())->post($url, $params, $options); + $response = ($this->_createHttpSocket())->post($url, $params, $options); if (!$response->isOk()) { $this->_log("warning", "Error received during Bearer token fetch (context)."); @@ -239,7 +239,7 @@ class AadAuthenticateAuthenticate extends BaseAuthenticate ]; $url = self::$auth_provider_user . "/v1.0/me"; - $response = (new HttpSocket())->get($url, null, $options); + $response = ($this->_createHttpSocket())->get($url, null, $options); if (!$response->isOk()) { $this->_log("warning", "Error received during user data fetch."); @@ -303,11 +303,11 @@ class AadAuthenticateAuthenticate extends BaseAuthenticate 'Authorization' => 'Bearer ' . $authdata["access_token"] ] ]; - + $has_next_page = true; $url = self::$auth_provider_user . "/v1.0/me/memberOf"; while ($has_next_page) { - $response = (new HttpSocket())->get($url, array(), $options); + $response = ($this->_createHttpSocket())->get($url, array(), $options); if (!$response->isOk()) { $this->_log("warning", "Error received during user group data fetch."); @@ -346,4 +346,19 @@ class AadAuthenticateAuthenticate extends BaseAuthenticate return false; } + + /** + * Create HttpSocket with proxy settings + * + * @return HttpSocket + */ + private function _createHttpSocket() + { + $httpSocket = new HttpSocket(); + if (isset($proxy['host']) && !empty($proxy['host'])) { + $httpSocket->configProxy($proxy['host'], $proxy['port'], $proxy['method'], $proxy['user'], $proxy['password']); + } + + return $httpSocket; + } } From 4f3d8282c9f0f0fc3a2889cf87ec6b420746d4da Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Fri, 18 Nov 2022 09:47:57 +0100 Subject: [PATCH 066/698] fix: [AadAuth] undefined --- .../Controller/Component/Auth/AadAuthenticateAuthenticate.php | 1 + 1 file changed, 1 insertion(+) diff --git a/app/Plugin/AadAuth/Controller/Component/Auth/AadAuthenticateAuthenticate.php b/app/Plugin/AadAuth/Controller/Component/Auth/AadAuthenticateAuthenticate.php index 333d8593c..11c43ff0f 100755 --- a/app/Plugin/AadAuth/Controller/Component/Auth/AadAuthenticateAuthenticate.php +++ b/app/Plugin/AadAuth/Controller/Component/Auth/AadAuthenticateAuthenticate.php @@ -355,6 +355,7 @@ class AadAuthenticateAuthenticate extends BaseAuthenticate private function _createHttpSocket() { $httpSocket = new HttpSocket(); + $proxy = Configure::read('Proxy'); if (isset($proxy['host']) && !empty($proxy['host'])) { $httpSocket->configProxy($proxy['host'], $proxy['port'], $proxy['method'], $proxy['user'], $proxy['password']); } From 0bded9c30fa83a70154b262081494c682220c19e Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Fri, 18 Nov 2022 12:32:30 +0100 Subject: [PATCH 067/698] add: [OpenAPI] objects restsearch endpoint docs --- app/webroot/doc/openapi.yaml | 252 +++++++++++++++++++++++++++++++---- 1 file changed, 227 insertions(+), 25 deletions(-) diff --git a/app/webroot/doc/openapi.yaml b/app/webroot/doc/openapi.yaml index fa3cf41c0..7e2ff9e9d 100644 --- a/app/webroot/doc/openapi.yaml +++ b/app/webroot/doc/openapi.yaml @@ -13,7 +13,7 @@ info: To get an API key there are several options: * **[UI]** Go to [My Profile -> Auth Keys](/auth_keys/index) section and click on `+ Add authentication key` - + * **[UI]** As an admin go to the the [Administration -> List Users -> View](/admin/users/view/[id]) page of the user you want to create an auth key for and on the `Auth keys` section click on `+ Add authentication key` * **[CLI]** Use the following command: `./app/Console/cake user change_authkey [e-mail/user_id]` @@ -1896,6 +1896,24 @@ paths: default: $ref: "#/components/responses/ApiErrorResponse" + /objects/restsearch: + post: + summary: "[restSearch] Get a filtered and paginated list of objects" + description: | + **This is the recommended endpoint for searching objects.** + operationId: restSearchObjects + tags: + - Objects + requestBody: + $ref: "#/components/requestBodies/RestSearchObjectsRequest" + responses: + "200": + $ref: "#/components/responses/ObjectsRestSearchResponse" + "403": + $ref: "#/components/responses/UnauthorizedApiErrorResponse" + default: + $ref: "#/components/responses/ApiErrorResponse" + /objects/add/{eventId}/{objectTemplateId}: post: summary: "Add an object to an event" @@ -2854,9 +2872,7 @@ components: eventid: $ref: "#/components/schemas/EventId" withAttachments: - description: "Extends the response with the base64 representation of the attachment, if there is one" - type: boolean - default: false + $ref: "#/components/schemas/WithAttachmentsRestSearchFilter" uuid: $ref: "#/components/schemas/UUID" publish_timestamp: @@ -2870,7 +2886,7 @@ components: enforceWarninglist: $ref: "#/components/schemas/EnforceWarninglistRestSearchFilter" to_ids: - $ref: "#/components/schemas/ToIDS" + $ref: "#/components/schemas/ToIDSRestSearchFlag" deleted: $ref: "#/components/schemas/SoftDeletedFlag" event_timestamp: @@ -2883,11 +2899,9 @@ components: sharinggroup: $ref: "#/components/schemas/SharingGroupIDRestSearchFilter" decayingModel: - description: "Specify the decaying model from which the decaying score should be calculated" - type: string + $ref: "#/components/schemas/DecayingModelRestSearchFilter" score: - description: "An alias to override on-the-fly the threshold of the decaying model" - type: string + $ref: "#/components/schemas/DecayingModelScoreRestSearchFilter" first_seen: description: "Seen within the last x amount of time, where x can be defined in days, hours, minutes (for example 5d or 12h or 30m)" type: string @@ -2919,17 +2933,11 @@ components: modelOverrides: $ref: "#/components/schemas/ModelOverridesRestSearchFilter" includeDecayScore: - description: "Include all enabled decaying score" - type: boolean - default: false + $ref: "#/components/schemas/IncludeDecayScoreRestSearchFlag" includeFullModel: - description: "Include all model information of matching events in the response" - type: boolean - default: false + $ref: "#/components/schemas/IncludeFullModelRestSearchFlag" excludeDecayed: - description: "Should the decayed elements by excluded" - type: boolean - default: false + $ref: "#/components/schemas/ExcludeDecayedRestSearchFlag" returnFormat: $ref: "#/components/schemas/AttributesRestSearchReturnFormat" @@ -3391,6 +3399,126 @@ components: maxLength: 10 example: "12345" + ObjectRestSearchList: + type: object + properties: + Object: + $ref: "#/components/schemas/Object" + + ObjectRestSearchFilter: + type: object + properties: + page: + $ref: "#/components/schemas/PageSearchFilter" + limit: + $ref: "#/components/schemas/LimitSearchFilter" + quickFilter: + $ref: "#/components/schemas/SearchAllRestSearchFilter" + searchall: + $ref: "#/components/schemas/SearchAllRestSearchFilter" + timestamp: + $ref: "#/components/schemas/Timestamp" + object_name: + $ref: "#/components/schemas/ObjectName" + object_template_uuid: + $ref: "#/components/schemas/UUID" + object_template_version: + $ref: "#/components/schemas/ObjectTemplateVersion" + eventid: + $ref: "#/components/schemas/EventId" + eventinfo: + $ref: "#/components/schemas/EventInfo" + ignore: + description: "If true matches both true and false values for `to_ids` and `published`" + type: boolean + default: false + from: + $ref: "#/components/schemas/DateRestSearchFilter" + to: + $ref: "#/components/schemas/DateRestSearchFilter" + date: + $ref: "#/components/schemas/DateRestSearchFilter" + tags: + $ref: "#/components/schemas/TagsRestSearchFilter" + last: + $ref: "#/components/schemas/LastRestSearchFilter" + event_timestamp: + $ref: "#/components/schemas/Timestamp" + publish_timestamp: + $ref: "#/components/schemas/Timestamp" + org: + oneOf: + - $ref: "#/components/schemas/OrganisationId" + - $ref: "#/components/schemas/OrganisationName" + uuid: + $ref: "#/components/schemas/UUID" + value: + $ref: "#/components/schemas/AttributeValue" + type: + $ref: "#/components/schemas/AttributeType" + category: + $ref: "#/components/schemas/AttributeCategory" + object_relation: + $ref: "#/components/schemas/ObjectRelationRestSearchFilter" + attribute_timestamp: + $ref: "#/components/schemas/Timestamp" + first_seen: + $ref: "#/components/schemas/NullableMicroTimestamp" + last_seen: + $ref: "#/components/schemas/NullableMicroTimestamp" + comment: + $ref: "#/components/schemas/AttributeComment" + to_ids: + $ref: "#/components/schemas/ToIDSRestSearchFlag" + published: + $ref: "#/components/schemas/PublishedFlag" + deleted: + $ref: "#/components/schemas/SoftDeletedFlag" + withAttachments: + $ref: "#/components/schemas/WithAttachmentsRestSearchFilter" + enforceWarninglist: + $ref: "#/components/schemas/EnforceWarninglistRestSearchFilter" + includeAllTags: + $ref: "#/components/schemas/IncludeAllTagsRestSearchFilter" + includeEventUuid: + $ref: "#/components/schemas/IncludeEventUUIDRestSearchFlag" + include_event_uuid: + $ref: "#/components/schemas/IncludeEventUUIDRestSearchFlag" + includeEventTags: + $ref: "#/components/schemas/IncludeEventTagsRestSearchFlag" + includeProposals: + $ref: "#/components/schemas/IncludeProposalsRestSearchFlag" + includeWarninglistHits: + $ref: "#/components/schemas/IncludeWarninglistHitsRestSearchFlag" + includeContext: + $ref: "#/components/schemas/IncludeContextRestSearchFlag" + includeSightings: + $ref: "#/components/schemas/IncludeContextRestSearchFlag" + includeSightingdb: + $ref: "#/components/schemas/IncludeSightingDbRestSearchFlag" + includeCorrelations: + $ref: "#/components/schemas/IncludeCorrelationsRestSearchFlag" + includeDecayScore: + $ref: "#/components/schemas/IncludeDecayScoreRestSearchFlag" + includeFullModel: + $ref: "#/components/schemas/IncludeFullModelRestSearchFlag" + allow_proposal_blocking: + $ref: "#/components/schemas/AllowProposalBlockingRestSearchFlag" + metadata: + $ref: "#/components/schemas/MetadataRestSearchFilter" + attackGalaxy: + $ref: "#/components/schemas/AttackGalaxyRestSearchFilter" + excludeDecayed: + $ref: "#/components/schemas/ExcludeDecayedRestSearchFlag" + decayingModel: + $ref: "#/components/schemas/DecayingModelRestSearchFilter" + modelOverrides: + $ref: "#/components/schemas/ModelOverridesRestSearchFilter" + score: + $ref: "#/components/schemas/DecayingModelScoreRestSearchFilter" + returnFormat: + $ref: "#/components/schemas/ObjectsRestSearchReturnFormat" + # Sightings SightingId: type: string @@ -5391,6 +5519,15 @@ components: type: string example: "tlp:amber" + SearchAllRestSearchFilter: + description: "Search events by matching any tag names, event descriptions, attribute values or attribute comments" + type: string + example: malware + + ToIDSRestSearchFlag: + nullable: true + type: boolean + SharingGroupIDRestSearchFilter: description: "Sharing group ID(s), either as single string or list of IDs" nullable: true @@ -5398,6 +5535,14 @@ components: type: string example: "1" + DecayingModelRestSearchFilter: + description: "Specify the decaying model from which the decaying score should be calculated" + type: string + + DecayingModelScoreRestSearchFilter: + description: "An alias to override on-the-fly the threshold of the decaying model" + type: string + MetadataRestSearchFilter: description: "Will only return the metadata of the given query scope, contained data is omitted." nullable: true @@ -5408,6 +5553,11 @@ components: type: boolean default: false + IncludeAllTagsRestSearchFilter: + description: "Include also exportable tags" + type: boolean + default: false + IncludeEventTagsRestSearchFlag: description: "Include tags of matching events in the response" type: boolean @@ -5423,6 +5573,11 @@ components: nullable: true type: boolean + WithAttachmentsRestSearchFilter: + description: "Extends the response with the base64 representation of the attachment, if there is one" + type: boolean + default: false + RequestedAttributesRestSearchFilter: description: "List of properties that will be selected in the CSV export" type: array @@ -5463,6 +5618,26 @@ components: nullable: true type: boolean + IncludeDecayScoreRestSearchFlag: + description: "Include all enabled decaying score" + type: boolean + default: false + + IncludeFullModelRestSearchFlag: + description: "Include all model information of matching events in the response" + type: boolean + default: false + + AllowProposalBlockingRestSearchFlag: + description: "Allow blocking attributes from to_ids sensitive exports if a proposal has been made to it to remove the IDS flag" + type: boolean + default: false + + ExcludeDecayedRestSearchFlag: + description: "Should the decayed elements by excluded" + type: boolean + default: false + ModelOverridesRestSearchFilter: $ref: "#/components/schemas/DecayingModelParameters" @@ -5600,6 +5775,12 @@ components: - yara - yara-json + ObjectsRestSearchReturnFormat: + description: "Format of the response payload" + type: string + enum: + - json + ObjectRelationRestSearchFilter: description: "Filter by the attribute object relation value" nullable: true @@ -5731,7 +5912,6 @@ components: name: local in: path description: "Whether the object should be attached locally or not to the target" - required: false schema: $ref: "#/components/schemas/Local" @@ -6211,9 +6391,7 @@ components: event_tags: $ref: "#/components/schemas/TagsRestSearchFilter" searchall: - description: "Search events by matching any tag names, event descriptions, attribute values or attribute comments" - type: string - example: malware + $ref: "#/components/schemas/SearchAllRestSearchFilter" from: $ref: "#/components/schemas/DateRestSearchFilter" to: @@ -6223,9 +6401,7 @@ components: eventid: $ref: "#/components/schemas/EventId" withAttachments: - description: "Extends the response with the base64 representation of the attachment, if there is one" - type: boolean - default: false + $ref: "#/components/schemas/WithAttachmentsRestSearchFilter" sharinggroup: $ref: "#/components/schemas/SharingGroupIDRestSearchFilter" metadata: @@ -6626,6 +6802,13 @@ components: type: integer example: 1 + RestSearchObjectsRequest: + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/ObjectRestSearchFilter" + AddObjectRequest: content: application/json: @@ -8514,6 +8697,25 @@ components: type: string example: "/objects/delete/1" + ObjectsRestSearchResponse: + description: "Rest search objects response" + headers: + X-Result-Count: + $ref: "#/components/headers/X-Result-Count" + X-Export-Module-Used: + $ref: "#/components/headers/X-Export-Module-Used" + X-Response-Format: + $ref: "#/components/headers/X-Response-Format" + content: + application/json: + schema: + type: object + properties: + response: + type: array + items: + $ref: "#/components/schemas/ObjectRestSearchList" + SightingListResponse: description: "Get sightings response" content: From e5bdce5ce7794f145808d5b7f676d396197caad3 Mon Sep 17 00:00:00 2001 From: Andras Iklody Date: Mon, 21 Nov 2022 14:09:46 +0100 Subject: [PATCH 068/698] chg: [github action] Added taxii branch --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3d04f8998..e53ebb9d9 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,7 +6,7 @@ name: misp # events but only for the 2.4 and develop branches on: push: - branches: [ 2.4, develop, misp-stix ] + branches: [ 2.4, develop, misp-stix, taxii ] pull_request: branches: [ 2.4, develop, misp-stix ] From 7939d505b125f5e66b5612c9dcc040411d20f2b8 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 21 Nov 2022 14:10:24 +0100 Subject: [PATCH 069/698] fix: [side menu] merge fix --- app/View/Elements/global_menu.ctp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/View/Elements/global_menu.ctp b/app/View/Elements/global_menu.ctp index b7d36804d..c28e85cea 100755 --- a/app/View/Elements/global_menu.ctp +++ b/app/View/Elements/global_menu.ctp @@ -318,7 +318,7 @@ array( 'text' => __('List Taxii Servers'), 'url' => $baseurl . '/TaxiiServers/index', - 'requirement' => $canAccess('taxiiServers', 'index'), + 'requirement' => $this->Acl->canAccess('taxiiServers', 'index'), ), array( 'text' => __('Event ID translator'), From f7c16aa9bc28b1ccf9f7903b70609907efb221db Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 21 Nov 2022 14:39:10 +0100 Subject: [PATCH 070/698] chg: [ACL] added entries for taxii --- app/Controller/Component/ACLComponent.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index 176e8b8fb..cab59d922 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -682,6 +682,16 @@ class ACLComponent extends Component 'hideTag' => array('perm_tagger'), 'normalizeCustomTagsToTaxonomyFormat' => [], ), + 'taxiiServers' => [ + 'add' => ['perm_admin'], + 'edit' => ['perm_admin'], + 'index' => ['perm_admin'], + 'delete' => ['perm_admin'], + 'view' => ['perm_admin'], + 'push' => ['perm_admin'], + 'getRoot' => ['perm_admin'], + 'getCollections' => ['perm_admin'] + ], 'templateElements' => array( 'add' => array('perm_template'), 'delete' => array('perm_template'), From 6393e993bfec360a7bed7a725c795336f931a5ba Mon Sep 17 00:00:00 2001 From: iglocska Date: Tue, 22 Nov 2022 13:24:46 +0100 Subject: [PATCH 071/698] new: [security setting] disable admin file management - for compliance reasons, disable the upload of images for the various logos / decorations - setting can be enabled/disabled via CLI only --- app/Controller/ServersController.php | 6 ++++++ app/Model/Server.php | 9 +++++++++ app/View/Elements/healthElements/tabs.ctp | 13 +++++++------ 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/app/Controller/ServersController.php b/app/Controller/ServersController.php index d5ab9f747..284c6e945 100644 --- a/app/Controller/ServersController.php +++ b/app/Controller/ServersController.php @@ -1075,6 +1075,9 @@ class ServersController extends AppController $this->set('correlation_metrics', $correlation_metrics); } if ($tab === 'files') { + if (!empty(Configure::read('Security.disable_instance_file_uploads'))) { + throw new MethodNotAllowedException(__('This functionality is disabled.')); + } $files = $this->Server->grabFiles(); $this->set('files', $files); } @@ -1624,6 +1627,9 @@ class ServersController extends AppController if (!$this->request->is('post')) { throw new MethodNotAllowedException(); } + if (!empty(Configure::read('Security.disable_instance_file_uploads'))) { + throw new MethodNotAllowedException(__('Feature disabled.')); + } $validItems = $this->Server->getFileRules(); // Check if there were problems with the file upload diff --git a/app/Model/Server.php b/app/Model/Server.php index fd99b7573..588985a35 100644 --- a/app/Model/Server.php +++ b/app/Model/Server.php @@ -6523,6 +6523,15 @@ class Server extends AppModel 'test' => 'testBool', 'type' => 'boolean', 'null' => true + ], + 'disable_instance_file_uploads' => [ + 'level' => self::SETTING_RECOMMENDED, + 'description' => __('When enabled, the "Manage files" menu is disabled on the server settings. You can still copy files via ssh to the appropriate location and link them using MISP.settings.'), + 'value' => false, + 'test' => 'testBool', + 'type' => 'boolean', + 'null' => true, + 'cli_only' => true ] ), 'SecureAuth' => array( diff --git a/app/View/Elements/healthElements/tabs.ctp b/app/View/Elements/healthElements/tabs.ctp index daa0ee043..22ad4e038 100644 --- a/app/View/Elements/healthElements/tabs.ctp +++ b/app/View/Elements/healthElements/tabs.ctp @@ -50,12 +50,13 @@ ), 'active' => $active_tab === 'diagnostics' ); - - $data['children'][0]['children'][] = array( - 'url' => $baseurl . '/servers/serverSettings/files', - 'text' => __('Manage files'), - 'active' => $active_tab === 'files' - ); + if (empty(Configure::read('Security.disable_instance_file_uploads'))) { + $data['children'][0]['children'][] = array( + 'url' => $baseurl . '/servers/serverSettings/files', + 'text' => __('Manage files'), + 'active' => $active_tab === 'files' + ); + } $data['children'][0]['children'][] = array( 'url' => $baseurl . '/servers/serverSettings/workers', 'title' => __('Workers'), From 7802291f21757ce6807df7ab162e5d511e3430e5 Mon Sep 17 00:00:00 2001 From: iglocska Date: Tue, 22 Nov 2022 13:25:44 +0100 Subject: [PATCH 072/698] fix: [taxii push] console log messages removed --- app/webroot/js/misp.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js index 51e401bbc..4c20867b7 100644 --- a/app/webroot/js/misp.js +++ b/app/webroot/js/misp.js @@ -5517,8 +5517,6 @@ $(document.body).on('click', '.populateActionTrigger', function() { return toReturn; } }); - console.log(populate_script); - console.log(populate_script['baseurl'] + populate_script['uri']); populate_script = JSON.parse(populate_script); var update_target = $(this).data('update-target'); $.ajax({ @@ -5528,7 +5526,6 @@ $(document.body).on('click', '.populateActionTrigger', function() { "Content-type": "application/json" }, success: function (data) { - console.log(data); if (typeof(data) != 'object') { $('#' + update_target).val(data); } else { From 876d78d1ec49dc18804c042dcd98cc450247f766 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Sat, 26 Nov 2022 10:28:32 +0100 Subject: [PATCH 073/698] fix: [internal] Database schema --- db_schema.json | 109 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 108 insertions(+), 1 deletion(-) diff --git a/db_schema.json b/db_schema.json index 011b92d98..18ba8c2ed 100644 --- a/db_schema.json +++ b/db_schema.json @@ -7101,6 +7101,107 @@ "extra": "" } ], + "taxii_servers": [ + { + "column_name": "id", + "is_nullable": "NO", + "data_type": "int", + "character_maximum_length": null, + "numeric_precision": "10", + "collation_name": null, + "column_type": "int(11)", + "column_default": null, + "extra": "auto_increment" + }, + { + "column_name": "uuid", + "is_nullable": "NO", + "data_type": "varchar", + "character_maximum_length": "40", + "numeric_precision": null, + "collation_name": "utf8mb3_bin", + "column_type": "varchar(40)", + "column_default": null, + "extra": "" + }, + { + "column_name": "name", + "is_nullable": "NO", + "data_type": "varchar", + "character_maximum_length": "191", + "numeric_precision": null, + "collation_name": "utf8mb4_unicode_ci", + "column_type": "varchar(191)", + "column_default": null, + "extra": "" + }, + { + "column_name": "owner", + "is_nullable": "NO", + "data_type": "varchar", + "character_maximum_length": "191", + "numeric_precision": null, + "collation_name": "utf8mb4_unicode_ci", + "column_type": "varchar(191)", + "column_default": null, + "extra": "" + }, + { + "column_name": "baseurl", + "is_nullable": "NO", + "data_type": "int", + "character_maximum_length": null, + "numeric_precision": "10", + "collation_name": null, + "column_type": "int(11)", + "column_default": "0", + "extra": "" + }, + { + "column_name": "api_root", + "is_nullable": "NO", + "data_type": "varchar", + "character_maximum_length": "191", + "numeric_precision": null, + "collation_name": "utf8mb4_unicode_ci", + "column_type": "varchar(191)", + "column_default": "'0'", + "extra": "" + }, + { + "column_name": "description", + "is_nullable": "YES", + "data_type": "text", + "character_maximum_length": "65535", + "numeric_precision": null, + "collation_name": "utf8mb4_unicode_ci", + "column_type": "text", + "column_default": "NULL", + "extra": "" + }, + { + "column_name": "filters", + "is_nullable": "YES", + "data_type": "text", + "character_maximum_length": "65535", + "numeric_precision": null, + "collation_name": "utf8mb4_unicode_ci", + "column_type": "text", + "column_default": "NULL", + "extra": "" + }, + { + "column_name": "api_key", + "is_nullable": "NO", + "data_type": "varchar", + "character_maximum_length": "255", + "numeric_precision": null, + "collation_name": "utf8mb3_bin", + "column_type": "varchar(255)", + "column_default": null, + "extra": "" + } + ], "taxonomies": [ { "column_name": "id", @@ -9073,6 +9174,12 @@ "tasks": { "id": true }, + "taxii_servers": { + "baseurl": false, + "id": true, + "name": false, + "uuid": false + }, "taxonomies": { "id": true }, @@ -9150,5 +9257,5 @@ "uuid": false } }, - "db_version": "100" + "db_version": "101" } From 24f656ac3fd875c3a36ffdc81b9c9190b3a0bfef Mon Sep 17 00:00:00 2001 From: iglocska Date: Sun, 27 Nov 2022 11:15:47 +0100 Subject: [PATCH 074/698] new: [restsearch] added optional ordering - available on event/attribute restsearch - uses the new findOrder() internal function to have consistent filtering --- app/Model/AppModel.php | 19 +++++++++++++++++++ app/Model/Attribute.php | 7 +++++++ app/Model/Event.php | 16 ++++++++++++---- 3 files changed, 38 insertions(+), 4 deletions(-) diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index 29af3ef5d..48032b9d1 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -3887,4 +3887,23 @@ class AppModel extends Model ); "); } + + public function findOrder($order, $order_model, $valid_order_fields) + { + if (!is_array($order)) { + $order_rules = explode(' ', strtolower($order)); + $order_field = explode('.', $order_rules[0]); + $order_field = end($order_field); + if (in_array($order_field, $valid_order_fields)) { + $direction = 'asc'; + if (!empty($order_rules[1]) && trim($order_rules[1]) === 'desc') { + $direction = 'desc'; + } + } else { + return null; + } + return $order_model . '.' . $order_field . ' ' . $direction; + } + return null; + } } diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php index f6471cecf..7658258f2 100644 --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -2920,6 +2920,13 @@ class Attribute extends AppModel if (!empty($filters['score'])) { $params['score'] = $filters['score']; } + if (!empty($filters['order'])) { + $params['order'] = $this->findOrder( + $filters['order'], + 'Attribute', + ['id', 'event_id', 'object_id', 'type', 'category', 'value', 'distribution', 'timestamp', 'object_relation'] + ); + } if ($paramsOnly) { return $params; } diff --git a/app/Model/Event.php b/app/Model/Event.php index 833b4840a..17a31e004 100755 --- a/app/Model/Event.php +++ b/app/Model/Event.php @@ -1526,7 +1526,11 @@ class Event extends AppModel 'recursive' => -1, ); if (isset($params['order'])) { - $find_params['order'] = $params['order']; + $find_params['order'] = $this->findOrder( + $params['order'], + 'Event', + ['id', 'info', 'analysis', 'threat_level_id', 'distribution', 'timestamp', 'publish_timestamp'] + ); } if (isset($params['limit'])) { // Get the count (but not the actual data) of results for paginators @@ -2006,7 +2010,11 @@ class Event extends AppModel $params['page'] = $options['page']; } if (!empty($options['order'])) { - $params['order'] = $options['order']; + $options['order'] = $this->findOrder( + $options['order'], + 'Event', + ['id', 'info', 'analysis', 'threat_level_id', 'distribution', 'timestamp', 'publish_timestamp'] + ); } $results = $this->find('all', $params); if (empty($results)) { @@ -7048,7 +7056,7 @@ class Event extends AppModel } - public function restSearchFilterMassage($filters, $non_restrictive_export) + public function restSearchFilterMassage($filters, $non_restrictive_export, $user) { if (!empty($filters['ignore'])) { $filters['to_ids'] = array(0, 1); @@ -7120,7 +7128,7 @@ class Event extends AppModel $renderView = $exportTool->renderView; } $non_restrictive_export = !empty($exportTool->non_restrictive_export); - $filters = $this->restSearchFilterMassage($filters, $non_restrictive_export); + $filters = $this->restSearchFilterMassage($filters, $non_restrictive_export, $user); $filters = $this->addFiltersFromUserSettings($user, $filters); if (empty($exportTool->mock_query_only)) { From a1954fa9098f57af56fbce809ffa901cca1f2f1e Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 28 Nov 2022 08:22:42 +0100 Subject: [PATCH 075/698] chg: [pymisp] bump --- PyMISP | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PyMISP b/PyMISP index 661bf6ad1..34a112c41 160000 --- a/PyMISP +++ b/PyMISP @@ -1 +1 @@ -Subproject commit 661bf6ad14bea56fbf59d1289ccaf061c2205ffb +Subproject commit 34a112c41b6855da06ef09a1fa526b71c61e4f86 From 9137778ff1ad70747de5f44e0f61c033b50feb3c Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Mon, 28 Nov 2022 08:28:34 +0100 Subject: [PATCH 076/698] fix: [UI] added Search Log in global_menu --- app/View/Elements/global_menu.ctp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/View/Elements/global_menu.ctp b/app/View/Elements/global_menu.ctp index c28e85cea..79ec6031b 100755 --- a/app/View/Elements/global_menu.ctp +++ b/app/View/Elements/global_menu.ctp @@ -498,6 +498,10 @@ 'text' => __('Access Logs'), 'url' => $baseurl . '/admin/access_logs/index', ), + array( + 'text' => __('Search Logs'), + 'url' => $baseurl . '/admin/logs/search', + ) ) ), array( From ed3e03ce2052a9f86cd092d07151568b8737dd8a Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 28 Nov 2022 09:46:47 +0100 Subject: [PATCH 077/698] chg: [pymisp] bump --- PyMISP | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PyMISP b/PyMISP index 34a112c41..a9a56ae47 160000 --- a/PyMISP +++ b/PyMISP @@ -1 +1 @@ -Subproject commit 34a112c41b6855da06ef09a1fa526b71c61e4f86 +Subproject commit a9a56ae47bf1f0eac24ead8c7b2c9d8cc828d40b From a5bcbdd295d46a5bf5860519243640a2f8a689fc Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Mon, 28 Nov 2022 09:58:01 +0100 Subject: [PATCH 078/698] fix: [AuditLog] warn admin when audit log is not enabled --- app/Controller/AuditLogsController.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/Controller/AuditLogsController.php b/app/Controller/AuditLogsController.php index 298a46e60..24d4f709d 100644 --- a/app/Controller/AuditLogsController.php +++ b/app/Controller/AuditLogsController.php @@ -100,7 +100,9 @@ class AuditLogsController extends AppController if ($this->_isRest()) { $this->paginate['fields'][] = 'request_id'; } - + if (!Configure::read('MISP.log_new_audit')) { + $this->Flash->warning(__("Audit log is not enabled. See 'MISP.log_new_audit' in the Server Settings. (Administration -> Server Settings -> MISP tab)")); + } $params = $this->IndexFilter->harvestParameters([ 'ip', 'user', From f3bd901f4efcb0d5a787af8bf7058ca6b300353c Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Mon, 28 Nov 2022 10:16:06 +0100 Subject: [PATCH 079/698] chg: [decayingModels:enable/disable] Return a better API response --- app/Controller/DecayingModelController.php | 26 +++++++++++++--------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/app/Controller/DecayingModelController.php b/app/Controller/DecayingModelController.php index 3b0ac6377..0d1394ea1 100644 --- a/app/Controller/DecayingModelController.php +++ b/app/Controller/DecayingModelController.php @@ -377,13 +377,15 @@ class DecayingModelController extends AppController $decaying_model['DecayingModel']['enabled'] = 1; if ($this->DecayingModel->save($decaying_model)) { + $model = $this->DecayingModel->fetchModel($this->Auth->user(), $id, true, array(), true); + if (empty($model)) { + throw new NotFoundException(__('No Decaying Model with the provided ID exists')); + } + $response = array('data' => $model, 'action' => 'enable'); if ($this->request->is('ajax')) { - $model = $this->DecayingModel->fetchModel($this->Auth->user(), $id, true, array(), true); - if (empty($model)) { - throw new NotFoundException(__('No Decaying Model with the provided ID exists')); - } - $response = array('data' => $model, 'action' => 'enable'); return $this->RestResponse->viewData($response, $this->response->type()); + } else if ($this->_isRest()) { + return $this->RestResponse->successResponse($id, __('Decaying model enabled'), $model); } $this->Flash->success(__('Decaying Model enabled.')); } else { @@ -400,7 +402,7 @@ class DecayingModelController extends AppController } $this->Flash->error(__('Error while enabling decaying model')); } - $this->redirect($this->referer()); + $this->redirect(array('action' => 'index')); } else { $this->set('model', $decaying_model['DecayingModel']); $this->render('ajax/enable_form'); @@ -420,13 +422,15 @@ class DecayingModelController extends AppController $decaying_model['DecayingModel']['enabled'] = 0; if ($this->DecayingModel->save($decaying_model)) { + $model = $this->DecayingModel->fetchModel($this->Auth->user(), $id, true, array(), true); + if (empty($model)) { + throw new NotFoundException(__('No Decaying Model with the provided ID exists')); + } + $response = array('data' => $model, 'action' => 'disable'); if ($this->request->is('ajax')) { - $model = $this->DecayingModel->fetchModel($this->Auth->user(), $id, true, array(), true); - if (empty($model)) { - throw new NotFoundException(__('No Decaying Model with the provided ID exists')); - } - $response = array('data' => $model, 'action' => 'disable'); return $this->RestResponse->viewData($response, $this->response->type()); + } else if ($this->_isRest()) { + return $this->RestResponse->successResponse($id, __('Decaying model disabled'), $model); } $this->Flash->success(__('Decaying Model disabled.')); } else { From 14bedf5653b807dc9da510da9d676c1045645803 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 28 Nov 2022 10:23:06 +0100 Subject: [PATCH 080/698] chg: [pymisp] bump --- PyMISP | 2 +- app/files/misp-galaxy | 2 +- app/files/warninglists | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/PyMISP b/PyMISP index a9a56ae47..0298094c0 160000 --- a/PyMISP +++ b/PyMISP @@ -1 +1 @@ -Subproject commit a9a56ae47bf1f0eac24ead8c7b2c9d8cc828d40b +Subproject commit 0298094c05cb2b2420f71e2611796af01839fcf8 diff --git a/app/files/misp-galaxy b/app/files/misp-galaxy index b787bbeb2..fda4160be 160000 --- a/app/files/misp-galaxy +++ b/app/files/misp-galaxy @@ -1 +1 @@ -Subproject commit b787bbeb23cc624fd22aaaedad2fd4c0b190d69b +Subproject commit fda4160bed16a3865231a6c4b61bf0e681bb275e diff --git a/app/files/warninglists b/app/files/warninglists index 353d38313..5bde0772d 160000 --- a/app/files/warninglists +++ b/app/files/warninglists @@ -1 +1 @@ -Subproject commit 353d38313f10e21a80a03f16a0f801d141dfdb5d +Subproject commit 5bde0772d362f699f17071a701f549bbcecd8287 From 500fe316151e871f2b83a9b0c1a736e0f209ddfb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 28 Nov 2022 10:28:22 +0100 Subject: [PATCH 081/698] chg: [PyMISP] Bump version --- PyMISP | 2 +- app/Controller/AppController.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/PyMISP b/PyMISP index 0298094c0..24c528138 160000 --- a/PyMISP +++ b/PyMISP @@ -1 +1 @@ -Subproject commit 0298094c05cb2b2420f71e2611796af01839fcf8 +Subproject commit 24c52813876dd88a92b9fcc4b6c2cd259d80d733 diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index fe4db0024..045cbf57f 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -34,7 +34,7 @@ class AppController extends Controller public $helpers = array('OrgImg', 'FontAwesome', 'UserName'); private $__queryVersion = '146'; - public $pyMispVersion = '2.4.165'; + public $pyMispVersion = '2.4.166'; public $phpmin = '7.2'; public $phprec = '7.4'; public $phptoonew = '8.0'; From afbe08d256d609eee5195c5b0003cfb723ae7af1 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 28 Nov 2022 11:05:34 +0100 Subject: [PATCH 082/698] chg: [attribute] rearranging fixed --- app/Model/Attribute.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php index 7658258f2..9d146e8c0 100644 --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -1705,7 +1705,14 @@ class Attribute extends AppModel if (empty($options['flatten'])) { $params['conditions']['AND'][] = array('Attribute.object_id' => 0); } - $params['order'] = isset($options['order']) ? $options['order'] : []; + $params['order'] = []; + if (!empty($options['order'])) { + $options['order'] = $this->findOrder( + $options['order'], + 'Attribute', + ['id', 'event_id', 'object_id', 'type', 'category', 'value', 'distribution', 'timestamp', 'object_relation'] + ); + } if (!isset($options['withAttachments'])) { $options['withAttachments'] = false; } From a73c1c461bc6f8a048eae92b5e99823afd892d1e Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 28 Nov 2022 11:12:58 +0100 Subject: [PATCH 083/698] chg: [rearrange parameters] improve the way we allow users to rearrange data - tie more endpoints into the new findOrder() functionality - allow for new context specific ordering rules --- app/Model/GalaxyCluster.php | 8 ++++++-- app/Model/Workflow.php | 11 +++++++++-- .../Assets/models/behaviors/LogableBehavior.php | 11 +++++++++-- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/app/Model/GalaxyCluster.php b/app/Model/GalaxyCluster.php index 5643e05b6..5179b2132 100644 --- a/app/Model/GalaxyCluster.php +++ b/app/Model/GalaxyCluster.php @@ -1063,8 +1063,12 @@ class GalaxyCluster extends AppModel if (isset($options['group'])) { $params['group'] = $options['group']; } - if (isset($options['order'])) { - $params['order'] = $options['order']; + if (!empty($options['order'])) { + $options['order'] = $this->findOrder( + $options['order'], + 'GalaxyCluster', + ['id', 'event_id', 'version', 'type', 'value', 'distribution', 'orgc_id', 'org_id', 'tag_name', 'galaxy_id'] + ); } if (isset($options['page'])) { $params['page'] = $options['page']; diff --git a/app/Model/Workflow.php b/app/Model/Workflow.php index 8c3c48507..2b5170db6 100644 --- a/app/Model/Workflow.php +++ b/app/Model/Workflow.php @@ -1156,9 +1156,16 @@ class Workflow extends AppModel if (isset($options['contain'])) { $params['contain'] = !empty($options['contain']) ? $options['contain'] : []; } - if (isset($options['order'])) { - $params['order'] = !empty($options['order']) ? $options['order'] : []; + + $params['order'] = []; + if (!empty($options['order'])) { + $options['order'] = $this->findOrder( + $options['order'], + 'Workflow', + ['id', 'name', 'timestmap', 'trigger_id', 'counter'] + ); } + $workflows = $this->find('all', $params); return $workflows; } diff --git a/app/Plugin/Assets/models/behaviors/LogableBehavior.php b/app/Plugin/Assets/models/behaviors/LogableBehavior.php index 05e73d75d..a0ce0ba3f 100644 --- a/app/Plugin/Assets/models/behaviors/LogableBehavior.php +++ b/app/Plugin/Assets/models/behaviors/LogableBehavior.php @@ -161,10 +161,17 @@ class LogableBehavior extends ModelBehavior { 'limit' => 50); $params = array_merge($defaults, $params); $options = array( - 'order' => $params['order'], 'conditions' => $params['conditions'], 'fields' => $params['fields'], - 'limit' => $params['limit']); + 'limit' => $params['limit'] + ); + if (!empty($options['order'])) { + $options['order'] = $Model->findOrder( + $options['order'], + 'Attribute', + ['id', 'action', 'model_id', 'model', 'ip', 'org', 'email'] + ); + } if ($params[$this->settings[$Model->alias]['classField']] === NULL) { $params[$this->settings[$Model->alias]['classField']] = $Model->alias; } From d825fdc62b8bf4607e20662c8ab6b0628252103c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 28 Nov 2022 11:52:01 +0100 Subject: [PATCH 084/698] new: [maintenance] Dependabot config --- .github/dependabot.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..40fc7445d --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,17 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "composer" + directory: "/" + schedule: + interval: "daily" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + # Check for updates to GitHub Actions every weekday + interval: "daily" From 65665928d51e09b09a2f90725c003d62a1ba6452 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 28 Nov 2022 12:41:50 +0100 Subject: [PATCH 085/698] fix: [updates] fixed invalid numbering --- app/Model/AppModel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index 48032b9d1..bfe1b1001 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -83,7 +83,7 @@ class AppModel extends Model 81 => false, 82 => false, 83 => false, 84 => false, 85 => false, 86 => false, 87 => false, 88 => false, 89 => false, 90 => false, 91 => false, 92 => false, 93 => false, 94 => false, 95 => true, 96 => false, 97 => true, 98 => false, - 99 => false, 100 => false, 101, false + 99 => false, 100 => false, 101 => false ); const ADVANCED_UPDATES_DESCRIPTION = array( From 838c064c7644aeec245e42f2d67d07e56ef45939 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 28 Nov 2022 13:26:35 +0100 Subject: [PATCH 086/698] chg: [misp-galaxy] updated to the latest version --- app/files/misp-galaxy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/misp-galaxy b/app/files/misp-galaxy index fda4160be..de12f46ba 160000 --- a/app/files/misp-galaxy +++ b/app/files/misp-galaxy @@ -1 +1 @@ -Subproject commit fda4160bed16a3865231a6c4b61bf0e681bb275e +Subproject commit de12f46ba6305d457b1e248cfeeec89827ec93c9 From dbc18f2ca728ea73f9e8f47d7b5f8351fcfd673d Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 28 Nov 2022 13:27:40 +0100 Subject: [PATCH 087/698] fix: [logs] reverted the removal of api logs from the /logs/ logging system unless confirmed - breaks logging with existing configurations --- app/Controller/AccessLogsController.php | 4 +++- app/Controller/AppController.php | 22 ++++++++++++++++++++++ app/Model/AppModel.php | 2 +- app/Model/Log.php | 1 + app/Model/Server.php | 9 +++++++++ 5 files changed, 36 insertions(+), 2 deletions(-) diff --git a/app/Controller/AccessLogsController.php b/app/Controller/AccessLogsController.php index d45f70a52..549a66e34 100644 --- a/app/Controller/AccessLogsController.php +++ b/app/Controller/AccessLogsController.php @@ -58,7 +58,9 @@ class AccessLogsController extends AppController } return $this->RestResponse->viewData($list, 'json'); } - + if (empty(Configure::read('MISP.log_skip_access_logs_in_application_logs'))) { + $this->Flash->warning(__('Access logs are logged in both application logs and access logs. Make sure you reconfigure your log monitoring tools and update MISP.log_skip_access_logs_in_application_logs.')); + } $this->paginate['conditions'] = $conditions; $list = $this->paginate(); diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index 045cbf57f..f4c7791b4 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -682,6 +682,28 @@ class AppController extends Controller $accessLog = ClassRegistry::init('AccessLog'); $accessLog->logRequest($user, $this->_remoteIp(), $this->request, $includeRequestBody); } + + if ( + (empty(Configure::read('MISP.log_skip_access_logs_in_application_logs'))) && + Configure::read('MISP.log_paranoid') || $userMonitoringEnabled + ) { + $change = 'HTTP method: ' . $_SERVER['REQUEST_METHOD'] . PHP_EOL . 'Target: ' . $this->request->here; + if ( + ( + $this->request->is('post') || + $this->request->is('put') + ) && + ( + !empty(Configure::read('MISP.log_paranoid_include_post_body')) || + $userMonitoringEnabled + ) + ) { + $payload = $this->request->input(); + $change .= PHP_EOL . 'Request body: ' . $payload; + } + $this->loadModel('Log'); + $this->Log->createLogEntry($user, 'request', 'User', $user['id'], 'Paranoid log entry', $change); + } } /** diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index bfe1b1001..d34bd5da0 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -2399,7 +2399,7 @@ class AppModel extends Model 'action' => 'update_db_worker', 'user_id' => 0, 'title' => __('Issues executing run_updates'), - 'change' => __('Database updates are locked. Worker not spawned') + 'change' => __('Database updates are locked. Make sure that you have an update worker running. If you do, it might be related to an update\'s execution repeatedly failing or still being in progress.') )); if (!empty($job)) { // if multiple prio worker is enabled, want to mark them as done $job['Job']['progress'] = 100; diff --git a/app/Model/Log.php b/app/Model/Log.php index 17878ead3..e5015f309 100644 --- a/app/Model/Log.php +++ b/app/Model/Log.php @@ -61,6 +61,7 @@ class Log extends AppModel 'registration', 'registration_error', 'remove_dead_workers', + 'request', 'request_delegation', 'reset_auth_key', 'send_mail', diff --git a/app/Model/Server.php b/app/Model/Server.php index 588985a35..2659da8d9 100644 --- a/app/Model/Server.php +++ b/app/Model/Server.php @@ -5568,6 +5568,15 @@ class Server extends AppModel 'type' => 'boolean', 'null' => true ), + 'log_skip_access_logs_in_application_logs' => [ + 'level' => 0, + 'description' => __('Skip adding the access log entries to the /logs/ application logs. This is **HIGHLY** recommended as your instance will be logging these entries twice otherwise, however, for compatibility reasons for auditing we maintain this behaviour until confirmed otherwise.'), + 'value' => false, + 'errorMessage' => __('Access logs are logged twice. This is generally not recommended, make sure you update your tooling.'), + 'test' => 'testBoolTrue', + 'type' => 'boolean', + 'null' => true + ], 'log_paranoid' => array( 'level' => 0, 'description' => __('If this functionality is enabled all page requests will be logged. Keep in mind this is extremely verbose and will become a burden to your database.'), From 6236cca38ac06043f6f32714050b79634ec640bd Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 28 Nov 2022 13:48:22 +0100 Subject: [PATCH 088/698] fix: [logs] reverted action=request based exclusions in the logging - we can once again receive these logs in the /logs/ logging system - simply reintroduced the old exceptions --- app/Model/Log.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/app/Model/Log.php b/app/Model/Log.php index e5015f309..676ab5fc8 100644 --- a/app/Model/Log.php +++ b/app/Model/Log.php @@ -147,6 +147,9 @@ class Log extends AppModel } } $this->logData($this->data); + if ($this->data['Log']['action'] === 'request' && !empty(Configure::read('MISP.log_paranoid_skip_db'))) { + return false; + } return true; } @@ -242,6 +245,9 @@ class Log extends AppModel ]]); if (!$result) { + if ($action === 'request' && !empty(Configure::read('MISP.log_paranoid_skip_db'))) { + return null; + } if (!empty(Configure::read('MISP.log_skip_db_logs_completely'))) { return null; } @@ -358,6 +364,11 @@ class Log extends AppModel $elasticSearchClient->pushDocument($logIndex, "log", $data); } + // Do not save request action logs to syslog, because they contain no information + if ($data['Log']['action'] === 'request') { + return true; + } + // write to syslogd as well if enabled if ($this->syslog === null) { if (Configure::read('Security.syslog')) { From 192ed311b989f50af9ed784b5c4d58383dd0042e Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Mon, 28 Nov 2022 14:08:11 +0100 Subject: [PATCH 089/698] fix: [remote_ip] respect MISP.log_client_ip_header everywhere fixes #8781 --- app/Controller/AppController.php | 7 ++++--- app/Controller/UsersController.php | 22 +++------------------- app/Lib/Dashboard/WhoamiWidget.php | 2 +- app/Lib/Tools/SecurityAudit.php | 2 +- app/Model/AppModel.php | 10 ++++++++++ app/Model/AuditLog.php | 11 ++++++----- app/Model/Bruteforce.php | 10 ++++++---- app/Model/Inbox.php | 2 +- app/Model/Log.php | 5 +---- 9 files changed, 33 insertions(+), 38 deletions(-) diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index f4c7791b4..96dc46a68 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -1058,7 +1058,7 @@ class AppController extends Controller $headerNamespace = ''; } if (isset($server[$headerNamespace . $header]) && !empty($server[$headerNamespace . $header])) { - if (Configure::read('Plugin.CustomAuth_only_allow_source') && Configure::read('Plugin.CustomAuth_only_allow_source') !== $server['REMOTE_ADDR']) { + if (Configure::read('Plugin.CustomAuth_only_allow_source') && Configure::read('Plugin.CustomAuth_only_allow_source') !== $this->_remoteIp()) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); $log = array( @@ -1067,7 +1067,7 @@ class AppController extends Controller 'model_id' => 0, 'email' => 'SYSTEM', 'action' => 'auth_fail', - 'title' => 'Failed authentication using external key (' . trim($server[$headerNamespace . $header]) . ') - the user has not arrived from the expected address. Instead the request came from: ' . $server['REMOTE_ADDR'], + 'title' => 'Failed authentication using external key (' . trim($server[$headerNamespace . $header]) . ') - the user has not arrived from the expected address. Instead the request came from: ' . $this->_remoteIp(), 'change' => null, ); $this->Log->save($log); @@ -1373,9 +1373,10 @@ class AppController extends Controller protected function _remoteIp() { $ipHeader = Configure::read('MISP.log_client_ip_header') ?: 'REMOTE_ADDR'; - return isset($_SERVER[$ipHeader]) ? trim($_SERVER[$ipHeader]) : null; + return isset($_SERVER[$ipHeader]) ? trim($_SERVER[$ipHeader]) : $_SERVER['REMOTE_ADDR']; } + /** * @param string $key * @return bool Returns true if the same log defined by $key was not stored in last hour diff --git a/app/Controller/UsersController.php b/app/Controller/UsersController.php index b8f75c610..3ba568809 100644 --- a/app/Controller/UsersController.php +++ b/app/Controller/UsersController.php @@ -1167,7 +1167,7 @@ class UsersController extends AppController if ($this->request->is(['post', 'put'])) { $this->Bruteforce = ClassRegistry::init('Bruteforce'); if (!empty($this->request->data['User']['email'])) { - if ($this->Bruteforce->isBlocklisted($_SERVER['REMOTE_ADDR'], $this->request->data['User']['email'])) { + if ($this->Bruteforce->isBlocklisted($this->request->data['User']['email'])) { $expire = Configure::check('SecureAuth.expire') ? Configure::read('SecureAuth.expire') : 300; throw new ForbiddenException('You have reached the maximum number of login attempts. Please wait ' . $expire . ' seconds and try again.'); } @@ -1213,7 +1213,7 @@ class UsersController extends AppController if ($this->request->is('post') || $this->request->is('put')) { $this->Flash->error(__('Invalid username or password, try again')); if (isset($this->request->data['User']['email'])) { - $this->Bruteforce->insert($_SERVER['REMOTE_ADDR'], $this->request->data['User']['email']); + $this->Bruteforce->insert($this->request->data['User']['email']); } } // populate the DB with the first role (site admin) if it's empty @@ -1784,7 +1784,7 @@ class UsersController extends AppController $body = $this->__replaceEmailVariables($body); $body = str_replace('$validity', $validity, $body); $body = str_replace('$otp', $otp, $body); - $body = str_replace('$ip', $this->__getClientIP(), $body); + $body = str_replace('$ip', $this->_remoteIp(), $body); $body = str_replace('$username', $user['email'], $body); // Fetch user that contains also PGP or S/MIME keys for e-mail encryption @@ -1800,22 +1800,6 @@ class UsersController extends AppController } } - /** - * Helper function to determine the IP of a client (proxy aware) - */ - private function __getClientIP() { - $x_forwarded = filter_input(INPUT_SERVER, 'HTTP_X_FORWARDED_FOR', FILTER_SANITIZE_STRING); - $client_ip = filter_input(INPUT_SERVER, 'HTTP_CLIENT_IP', FILTER_SANITIZE_STRING); - if (!empty($x_forwarded)) { - $x_forwarded = explode(",", $x_forwarded); - return $x_forwarded[0]; - } elseif(!empty($client_ip)){ - return $client_ip; - } else { - return filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_SANITIZE_STRING); - } - } - // shows some statistics about the instance public function statistics($page = 'data') { diff --git a/app/Lib/Dashboard/WhoamiWidget.php b/app/Lib/Dashboard/WhoamiWidget.php index a95620908..40281df22 100644 --- a/app/Lib/Dashboard/WhoamiWidget.php +++ b/app/Lib/Dashboard/WhoamiWidget.php @@ -28,7 +28,7 @@ class WhoamiWidget array('title' => 'Email', 'value' => $user['email']), array('title' => 'Role', 'value' => $user['Role']['name']), array('title' => 'Organisation', 'value' => $user['Organisation']['name']), - array('title' => 'IP', 'value' => empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['REMOTE_ADDR'] : $_SERVER['HTTP_X_FORWARDED_FOR']), + array('title' => 'IP', 'value' => $this->Log->_remoteIp()), array('title' => 'Last logins', 'value' => $entries) ); } diff --git a/app/Lib/Tools/SecurityAudit.php b/app/Lib/Tools/SecurityAudit.php index 944b63b24..29c7cc81e 100644 --- a/app/Lib/Tools/SecurityAudit.php +++ b/app/Lib/Tools/SecurityAudit.php @@ -138,7 +138,7 @@ class SecurityAudit if (!Configure::read('MISP.log_new_audit')) { $output['Logging'][] = [ 'hint', - __('New audit log stores more information, like used authkey ID or request ID that can help when analysing or correlating audit logs.'), + __('New audit log stores more information, like used authkey ID or request ID that can help when analysing or correlating audit logs. Set `MISP.log_new_audit` to `true` to enable.'), ]; } diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index d34bd5da0..2557e9453 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -3906,4 +3906,14 @@ class AppModel extends Model } return null; } + + /** + * @return string|null + */ + public function _remoteIp() + { + $ipHeader = Configure::read('MISP.log_client_ip_header') ?: 'REMOTE_ADDR'; + return isset($_SERVER[$ipHeader]) ? trim($_SERVER[$ipHeader]) : $_SERVER['REMOTE_ADDR']; + } + } diff --git a/app/Model/AuditLog.php b/app/Model/AuditLog.php index 22015c109..83f0093f9 100644 --- a/app/Model/AuditLog.php +++ b/app/Model/AuditLog.php @@ -25,7 +25,11 @@ class AuditLog extends AppModel ACTION_REMOVE_GALAXY = 'remove_galaxy', ACTION_REMOVE_GALAXY_LOCAL = 'remove_local_galaxy', ACTION_PUBLISH = 'publish', - ACTION_PUBLISH_SIGHTINGS = 'publish_sightings'; + ACTION_PUBLISH_SIGHTINGS = 'publish_sightings', + ACTION_LOGIN = 'login', + ACTION_PASSWDCHANGE = 'password_change', + ACTION_LOGOUT = 'logout', + ACTION_LOGIN_FAILED = 'login_failed'; const REQUEST_TYPE_DEFAULT = 0, REQUEST_TYPE_API = 1, @@ -194,10 +198,7 @@ class AuditLog extends AppModel { $auditLog = &$this->data['AuditLog']; if (!isset($auditLog['ip']) && $this->logClientIp) { - $ipHeader = Configure::read('MISP.log_client_ip_header') ?: 'REMOTE_ADDR'; - if (isset($_SERVER[$ipHeader])) { - $auditLog['ip'] = $_SERVER[$ipHeader]; - } + $auditLog['ip'] = $this->_remoteIp(); } if (!isset($auditLog['user_id'])) { diff --git a/app/Model/Bruteforce.php b/app/Model/Bruteforce.php index 2c7894ba9..29507c1cd 100644 --- a/app/Model/Bruteforce.php +++ b/app/Model/Bruteforce.php @@ -5,10 +5,11 @@ App::uses('Sanitize', 'Utility'); class Bruteforce extends AppModel { - public function insert($ip, $username) + public function insert($username) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); + $ip = $this->_remoteIp(); $expire = Configure::check('SecureAuth.expire') ? Configure::read('SecureAuth.expire') : 300; $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; $expire = time() + $expire; @@ -19,8 +20,8 @@ class Bruteforce extends AppModel 'expire' => $expire ); $this->save($bruteforceEntry); - $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $_SERVER['REMOTE_ADDR'] . '.'; - if ($this->isBlocklisted($ip, $username)) { + $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $ip . '.'; + if ($this->isBlocklisted($username)) { $title .= 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blocklisted for ' . $expire . ' seconds.'; } $log = array( @@ -45,11 +46,12 @@ class Bruteforce extends AppModel $this->query($sql); } - public function isBlocklisted($ip, $username) + public function isBlocklisted($username) { // first remove old expired rows $this->clean(); // count + $ip = $this->_remoteIp(); $params = array( 'conditions' => array( 'Bruteforce.ip' => $ip, diff --git a/app/Model/Inbox.php b/app/Model/Inbox.php index c3f1d45f5..d5ddfbc5a 100644 --- a/app/Model/Inbox.php +++ b/app/Model/Inbox.php @@ -18,7 +18,7 @@ class Inbox extends AppModel parent::beforeValidate(); $this->data['Inbox']['uuid'] = CakeText::uuid(); $this->data['Inbox']['timestamp'] = time(); - $this->data['Inbox']['ip'] = $_SERVER['REMOTE_ADDR']; + $this->data['Inbox']['ip'] = $this->_remoteIp(); $this->data['Inbox']['user_agent'] = $_SERVER['HTTP_USER_AGENT']; $this->data['Inbox']['user_agent_sha256'] = hash('sha256', $_SERVER['HTTP_USER_AGENT']); return true; diff --git a/app/Model/Log.php b/app/Model/Log.php index 676ab5fc8..a7f543348 100644 --- a/app/Model/Log.php +++ b/app/Model/Log.php @@ -123,10 +123,7 @@ class Log extends AppModel return false; } if (Configure::read('MISP.log_client_ip')) { - $ipHeader = Configure::read('MISP.log_client_ip_header') ?: 'REMOTE_ADDR'; - if (isset($_SERVER[$ipHeader])) { - $this->data['Log']['ip'] = $_SERVER[$ipHeader]; - } + $this->data['Log']['ip'] = $this->_remoteIp(); } $setEmpty = array('title' => '', 'model' => '', 'model_id' => 0, 'action' => '', 'user_id' => 0, 'change' => '', 'email' => '', 'org' => '', 'description' => '', 'ip' => ''); foreach ($setEmpty as $field => $empty) { From f0d784d612e45afffeba7a56135550edf8e030c7 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 28 Nov 2022 14:18:27 +0100 Subject: [PATCH 090/698] chg: [version] bump --- VERSION.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.json b/VERSION.json index d2d25f5d5..956e0f9e5 100644 --- a/VERSION.json +++ b/VERSION.json @@ -1 +1 @@ -{"major":2, "minor":4, "hotfix":165} +{"major":2, "minor":4, "hotfix":166} From eadd86722ac1b7f18651a0af5c00246eea8065ca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Nov 2022 13:23:04 +0000 Subject: [PATCH 091/698] build(deps): bump github/codeql-action from 1 to 2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f2da0572a..a6e9e3427 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -50,7 +50,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v2 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -64,4 +64,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 From 6264c7c656a8b5999fe7adac059e4c75438befd7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Nov 2022 13:23:08 +0000 Subject: [PATCH 092/698] build(deps): bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f2da0572a..f375b9b0b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e53ebb9d9..bc5baeab9 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -26,7 +26,7 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: submodules: 'recursive' From f717f1b2c311eeb618e6b26bb788ff93b7fb1da6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 28 Nov 2022 14:25:16 +0100 Subject: [PATCH 093/698] [fix] Properly configure dependabot for composer --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 40fc7445d..d7bb38946 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,7 +6,7 @@ version: 2 updates: - package-ecosystem: "composer" - directory: "/" + directory: "/app" schedule: interval: "daily" From 8e920c31650f3897529d5712ec03a39d46ef6983 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Wed, 30 Nov 2022 14:07:33 +0100 Subject: [PATCH 094/698] new: add support for highligting certains taxonomies in event view --- app/Controller/Component/ACLComponent.php | 1 + app/Controller/EventsController.php | 13 ++ app/Controller/TagsController.php | 3 + app/Controller/TaxonomiesController.php | 26 ++++ app/Model/AppModel.php | 5 +- app/Model/Taxonomy.php | 38 +++++- app/View/Elements/ajaxTags.ctp | 154 +++++++++------------- app/View/Taxonomies/index.ctp | 12 ++ app/View/Taxonomies/view.ctp | 5 + 9 files changed, 160 insertions(+), 97 deletions(-) diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index 176e8b8fb..4d743abf6 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -674,6 +674,7 @@ class ACLComponent extends Component 'taxonomyMassHide' => array('perm_tagger'), 'taxonomyMassUnhide' => array('perm_tagger'), 'toggleRequired' => array(), + 'toggleHighlighted' => array(), 'update' => array(), 'import' => [], 'export' => ['*'], diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index b7cd292a0..ecf847065 100644 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -1805,6 +1805,8 @@ class EventsController extends AppController $this->set('includeRelatedTags', (!empty($namedParams['includeRelatedTags'])) ? 1 : 0); $this->set('includeDecayScore', (!empty($namedParams['includeDecayScore'])) ? 1 : 0); + $this->__setHighlightedTags($event); + if ($this->_isSiteAdmin() && $event['Event']['orgc_id'] !== $this->Auth->user('org_id')) { $this->Flash->info(__('You are currently logged in as a site administrator and about to edit an event not belonging to your organisation. This goes against the sharing model of MISP. Use a normal user account for day to day work.')); } @@ -6217,4 +6219,15 @@ class EventsController extends AppController $this->render('/genericTemplates/confirm'); } } + + /** + * @param array $event + * @return void + */ + private function __setHighlightedTags($event) + { + $this->loadModel('Taxonomy'); + $highlightedTags = $this->Taxonomy->getHighlightedTags($event['EventTag']); + $this->set('highlightedTaxonomies', $highlightedTags); + } } diff --git a/app/Controller/TagsController.php b/app/Controller/TagsController.php index 51eb10822..1f9e56c29 100644 --- a/app/Controller/TagsController.php +++ b/app/Controller/TagsController.php @@ -367,6 +367,9 @@ class TagsController extends AppController // Remove galaxy tags $event = $this->Tag->removeGalaxyClusterTags($user, $event); + $highlightedTags = $this->Taxonomy->getHighlightedTags($event['EventTag']); + $this->set('highlightedTaxonomies', $highlightedTags); + $this->set('tags', $event['EventTag']); $this->set('missingTaxonomies', $this->Tag->EventTag->Event->missingTaxonomies($event)); $tagConflicts = $this->Taxonomy->checkIfTagInconsistencies($event['EventTag']); diff --git a/app/Controller/TaxonomiesController.php b/app/Controller/TaxonomiesController.php index afbb6c22c..d77e2a50f 100644 --- a/app/Controller/TaxonomiesController.php +++ b/app/Controller/TaxonomiesController.php @@ -498,6 +498,32 @@ class TaxonomiesController extends AppController $this->render('ajax/toggle_required'); } + public function toggleHighlighted($id) + { + $taxonomy = $this->Taxonomy->find('first', array( + 'recursive' => -1, + 'conditions' => array('Taxonomy.id' => $id) + )); + if (empty($taxonomy)) { + return $this->RestResponse->saveFailResponse('Taxonomy', 'toggleHighlighted', $id, 'Invalid Taxonomy', $this->response->type()); + } + if ($this->request->is('post')) { + $taxonomy['Taxonomy']['highlighted'] = $this->request->data['Taxonomy']['highlighted']; + $result = $this->Taxonomy->save($taxonomy); + if ($result) { + return $this->RestResponse->saveSuccessResponse('Taxonomy', 'toggleHighlighted', $id, $this->response->type()); + } else { + return $this->RestResponse->saveFailResponse('Taxonomy', 'toggleHighlighted', $id, $this->validationError, $this->response->type()); + } + } + + $this->set('highlighted', !$taxonomy['Taxonomy']['highlighted']); + $this->set('id', $id); + $this->autoRender = false; + $this->layout = false; + $this->render('ajax/toggle_highlighted'); + } + /** * @param string $action * @param int $modelId diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index 5e5252584..04fdab3e0 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -83,7 +83,7 @@ class AppModel extends Model 81 => false, 82 => false, 83 => false, 84 => false, 85 => false, 86 => false, 87 => false, 88 => false, 89 => false, 90 => false, 91 => false, 92 => false, 93 => false, 94 => false, 95 => true, 96 => false, 97 => true, 98 => false, - 99 => false, 100 => false, + 99 => false, 100 => false, 101 => false ); const ADVANCED_UPDATES_DESCRIPTION = array( @@ -1903,6 +1903,9 @@ class AppModel extends Model INDEX `user_id` (`user_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;"; break; + case 101: + $sqlArray[] = "ALTER TABLE `taxonomies` ADD `highlighted` tinyint(1) DEFAULT 0;"; + break; case 'fixNonEmptySharingGroupID': $sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; $sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; diff --git a/app/Model/Taxonomy.php b/app/Model/Taxonomy.php index 7ce1a1e10..24f4c6f2b 100644 --- a/app/Model/Taxonomy.php +++ b/app/Model/Taxonomy.php @@ -118,7 +118,7 @@ class Taxonomy extends AppModel $current = $this->find('first', array( 'conditions' => array('namespace' => $vocab['namespace']), 'recursive' => -1, - 'fields' => array('version', 'enabled', 'namespace') + 'fields' => array('version', 'enabled', 'namespace', 'highlighted') )); $current = empty($current) ? [] : $current['Taxonomy']; $result = $this->__updateVocab($vocab, $current); @@ -147,6 +147,7 @@ class Taxonomy extends AppModel 'version' => $vocab['version'], 'exclusive' => !empty($vocab['exclusive']), 'enabled' => $enabled, + 'highlighted' => !empty($vocab['highlighted']), ]]; $predicateLookup = array(); foreach ($vocab['predicates'] as $k => $predicate) { @@ -877,4 +878,39 @@ class Taxonomy extends AppModel { return $this->Tag->mergeTag($source_id, $target_id); } + + /** + * + * @param array $tags + * @return array + */ + public function getHighlightedTags($tags) + { + $highlitedTaxonomies = $this->find('all', [ + 'conditions' => [ + 'highlighted' => 1, + ] + ]); + $highlightedTags = []; + if (is_array($highlitedTaxonomies) && !empty($highlitedTaxonomies)) { + foreach ($highlitedTaxonomies as $k => $taxonomy) { + + $highlightedTags[$k] = [ + 'taxonomy' => $taxonomy, + 'tags' => [] + ]; + + foreach ($tags as $tag) { + $splits = $this->splitTagToComponents($tag['Tag']['name']); + if (!empty($splits) && $splits['namespace'] === $taxonomy['Taxonomy']['namespace']) { + $highlightedTags[$k]['tags'][] = $tag; + } + } + } + + return $highlightedTags; + } + + return $highlightedTags; + } } diff --git a/app/View/Elements/ajaxTags.ctp b/app/View/Elements/ajaxTags.ctp index 67949af49..550763abb 100644 --- a/app/View/Elements/ajaxTags.ctp +++ b/app/View/Elements/ajaxTags.ctp @@ -24,100 +24,8 @@ $full = $isAclTagger && $tagAccess && empty($static_tags_only); $fullLocal = $isAclTagger && $localTagAccess && empty($static_tags_only); $tagData = ""; - foreach ($tags as $tag) { - if (empty($tag['Tag'])) { - $tag['Tag'] = $tag; - } - if (empty($tag['Tag']['colour'])) { - $tag['Tag']['colour'] = '#0088cc'; - } - $aStyle = 'background-color:' . h($tag['Tag']['colour']) . ';color:' . $this->TextColour->getTextColour($tag['Tag']['colour']); - $aClass = 'tag nowrap'; - $aText = trim($tag['Tag']['name']); - $aTextModified = null; - if (isset($tag_display_style)) { - if ($tag_display_style == 1) { - // default behaviour, do nothing for now - } else if ($tag_display_style == 2) { - $separator_pos = strpos($aText, ':'); - if ($separator_pos !== false) { - $aTextModified = substr($aText, $separator_pos + 1); - $value_pos = strpos($aTextModified, '='); - if ($value_pos !== false) { - $aTextModified = substr($aTextModified, $value_pos + 1); - $aTextModified = trim($aTextModified, '"'); - } - $aTextModified = h($aTextModified); - } - } else if ($tag_display_style === 0 || $tag_display_style === '0') { - $aTextModified = ' '; - } - } - $aText = h($aText); - $span_scope = !empty($hide_global_scope) ? '' : sprintf( - '', - 'black-white tag', - !empty($tag['local']) ? __('Local tag') : __('Global tag'), - !empty($tag['local']) ? __('Local tag') : __('Global tag'), - !empty($tag['local']) ? 'user' : 'globe-americas' - ); - $span_relationship_type = empty($tag['relationship_type']) ? '' : sprintf( - '%s:', - h($tag['relationship_type']), - h($tag['relationship_type']), - h($tag['relationship_type']) - ); - if (!empty($tag['Tag']['id'])) { - $span_tag = sprintf( - '%s', - $baseurl . $searchUrl . intval($tag['Tag']['id']), - $aStyle, - $aClass, - isset($aTextModified) ? ' title="' . $aText . '"' : '', - intval($tag['Tag']['id']), - isset($aTextModified) ? $aTextModified : $aText - ); - } else { - $span_tag = sprintf( - '%s', - $aStyle, - $aClass, - $aText - ); - } - $span_delete = ''; - $span_relationship = ''; - if ($full || ($fullLocal && $tag['Tag']['local'])) { - $span_relationship = sprintf( - '', - 'black-white tag noPrint modal-open', - __('Modify Tag Relationship'), - __('Modify relationship for tag %s', h($tag['Tag']['name'])), - sprintf( - '%s/tags/modifyTagRelationship/%s/%s', - $baseurl, - h($scope), - h($tag['id']) - ) - ); - $span_delete = sprintf( - 'x', - 'black-white tag useCursorPointer noPrint', - __('Remove tag'), - "button", - "0", - __('Remove tag %s', h($tag['Tag']['name'])), - sprintf( - "removeObjectTagPopup(this, '%s', %s, %s)", - $scope, - $id, - intval($tag['Tag']['id']) - ) - ); - } - $tagData .= '' . $span_scope . $span_relationship_type . $span_tag . $span_relationship . $span_delete . ' '; - } - $buttonData = array(); + + $buttonData = []; if ($full) { $buttonData[] = sprintf( '', @@ -138,6 +46,62 @@ ' ' ); } + + $highlitedTags = ""; + if (isset($highlightedTaxonomies) && $scope == 'event') { + foreach ($highlightedTaxonomies as $hTaxonomy) { + $hButtonData = []; + if ($full) { + $hButtonData[] = sprintf( + '', + __('Add a tag'), + __('Add a tag'), + 'addTagButton addButton btn btn-inverse noPrint', + sprintf($baseurl . '/tags/selectTag/%u/%u/event', $id, $hTaxonomy['taxonomy']['Taxonomy']['id']), + ' ' + ); + } + + $hTags = ""; + foreach($hTaxonomy['tags'] as $hTag){ + $hTags .= $this->element('rich_tag', [ + 'tag' => $hTag, + 'tagAccess' => $tagAccess, + 'localTagAccess' => $localTagAccess, + 'searchUrl' => $searchUrl, + 'scope' => $scope, + 'id' => $id, + ]); + } + + $highlitedTags .= sprintf( + '%s%s%s', + $hTaxonomy['taxonomy']['Taxonomy']['namespace'], + $hTags, + $hButtonData ? '' . implode('', $hButtonData) . '' : '' + ); + + foreach ($tags as $k => $tag) { + foreach ($hTaxonomy['tags'] as $hTag) { + if ($tag['Tag']['name'] === $hTag['Tag']['name']) { + unset($tags[$k]); + } + } + } + } + $tagData .= sprintf('%s
', $highlitedTags); + } + + foreach ($tags as $tag) { + $tagData .= $this->element('rich_tag', [ + 'tag' => $tag, + 'tagAccess' => $tagAccess, + 'localTagAccess' => $localTagAccess, + 'searchUrl' => $searchUrl, + 'scope' => $scope, + 'id' => $id + ]); + } if (!empty($buttonData)) { $tagData .= '' . implode('', $buttonData) . ''; } @@ -174,4 +138,4 @@ } } echo '
'; - } + } \ No newline at end of file diff --git a/app/View/Taxonomies/index.ctp b/app/View/Taxonomies/index.ctp index f2aefb7f0..b85fe5790 100644 --- a/app/View/Taxonomies/index.ctp +++ b/app/View/Taxonomies/index.ctp @@ -75,6 +75,18 @@ 'data_path' => 'Taxonomy.required', 'disabled' => !$isSiteAdmin, ), + array( + 'name' => __('Highlighted'), + 'element' => 'toggle', + 'url' => $baseurl . '/taxonomies/toggleHighlighted', + 'url_params_data_paths' => array( + 'Taxonomy.id' + ), + 'sort' => 'highlighted', + 'class' => 'short', + 'data_path' => 'Taxonomy.highlighted', + 'disabled' => !$isSiteAdmin, + ), array( 'name' => __('Active Tags'), 'element' => 'custom', diff --git a/app/View/Taxonomies/view.ctp b/app/View/Taxonomies/view.ctp index e569aa323..5a5cc786f 100644 --- a/app/View/Taxonomies/view.ctp +++ b/app/View/Taxonomies/view.ctp @@ -46,6 +46,11 @@ echo $this->element( 'path' => 'enabled', 'type' => 'boolean' ], + [ + 'key' => __('Highlighted'), + 'path' => 'highlighted', + 'type' => 'boolean' + ], [ 'key' => __('Action'), 'type' => 'custom', From c39d21f940c6ee734bd57d93c8b39e0082c4f1bf Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Wed, 30 Nov 2022 14:08:30 +0100 Subject: [PATCH 095/698] fix: add missing views --- app/View/Elements/rich_tag.ctp | 99 +++++++++++++++++++ .../Taxonomies/ajax/toggle_highlighted.ctp | 15 +++ 2 files changed, 114 insertions(+) create mode 100644 app/View/Elements/rich_tag.ctp create mode 100644 app/View/Taxonomies/ajax/toggle_highlighted.ctp diff --git a/app/View/Elements/rich_tag.ctp b/app/View/Elements/rich_tag.ctp new file mode 100644 index 000000000..33fa0b878 --- /dev/null +++ b/app/View/Elements/rich_tag.ctp @@ -0,0 +1,99 @@ +TextColour->getTextColour($tag['Tag']['colour']); +$aClass = 'tag nowrap'; +$aText = trim($tag['Tag']['name']); +$aTextModified = null; +if (isset($tag_display_style)) { + if ($tag_display_style == 1) { + // default behaviour, do nothing for now + } else if ($tag_display_style == 2) { + $separator_pos = strpos($aText, ':'); + if ($separator_pos !== false) { + $aTextModified = substr($aText, $separator_pos + 1); + $value_pos = strpos($aTextModified, '='); + if ($value_pos !== false) { + $aTextModified = substr($aTextModified, $value_pos + 1); + $aTextModified = trim($aTextModified, '"'); + } + $aTextModified = h($aTextModified); + } + } else if ($tag_display_style === 0 || $tag_display_style === '0') { + $aTextModified = ' '; + } +} +$aText = h($aText); +$span_scope = !empty($hide_global_scope) ? '' : sprintf( + '', + 'black-white tag', + !empty($tag['local']) ? __('Local tag') : __('Global tag'), + !empty($tag['local']) ? __('Local tag') : __('Global tag'), + !empty($tag['local']) ? 'user' : 'globe-americas' +); +$span_relationship_type = empty($tag['relationship_type']) ? '' : sprintf( + '%s:', + h($tag['relationship_type']), + h($tag['relationship_type']), + h($tag['relationship_type']) +); +if (!empty($tag['Tag']['id'])) { + $span_tag = sprintf( + '%s', + $baseurl . $searchUrl . intval($tag['Tag']['id']), + $aStyle, + $aClass, + isset($aTextModified) ? ' title="' . $aText . '"' : '', + intval($tag['Tag']['id']), + isset($aTextModified) ? $aTextModified : $aText + ); +} else { + $span_tag = sprintf( + '%s', + $aStyle, + $aClass, + $aText + ); +} +$span_delete = ''; +$span_relationship = ''; +if ($canModifyAllTags || ($canModifyLocalTags && $tag['Tag']['local'])) { + $span_relationship = sprintf( + '', + 'black-white tag noPrint modal-open', + __('Modify Tag Relationship'), + __('Modify relationship for tag %s', h($tag['Tag']['name'])), + sprintf( + '%s/tags/modifyTagRelationship/%s/%s', + $baseurl, + h($scope), + h($tag['id']) + ) + ); + $span_delete = sprintf( + 'x', + 'black-white tag useCursorPointer noPrint', + __('Remove tag'), + "button", + "0", + __('Remove tag %s', h($tag['Tag']['name'])), + sprintf( + "removeObjectTagPopup(this, '%s', %s, %s)", + $scope, + $id, + intval($tag['Tag']['id']) + ) + ); +} + +echo '' . $span_scope . $span_relationship_type . $span_tag . $span_relationship . $span_delete . ''; \ No newline at end of file diff --git a/app/View/Taxonomies/ajax/toggle_highlighted.ctp b/app/View/Taxonomies/ajax/toggle_highlighted.ctp new file mode 100644 index 000000000..a17c30252 --- /dev/null +++ b/app/View/Taxonomies/ajax/toggle_highlighted.ctp @@ -0,0 +1,15 @@ +Form->create('Taxonomy', array( + 'id' => 'HighlightedCheckboxForm' . h($id), + 'label' => false, + 'style' => 'display:none;', + 'url' => $baseurl . '/taxonomies/toggleHighlighted/' . $id + )); + echo $this->Form->checkbox('highlighted', array( + 'checked' => $highlighted, + 'label' => false, + 'disabled' => !$isSiteAdmin, + 'class' => 'highlighted-toggle' + )); + echo $this->Form->end(); +?> From 9a1f19d044945dfd479e71f87e23bc4efb988155 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Wed, 30 Nov 2022 15:07:41 +0100 Subject: [PATCH 096/698] new: show highlighted tags in event index --- app/Controller/EventsController.php | 21 ++++++++++++++++++-- app/Controller/TagsController.php | 2 +- app/Model/Taxonomy.php | 20 +++++++++++++------ app/View/Elements/Events/eventIndexTable.ctp | 1 + app/View/Elements/ajaxTags.ctp | 4 ++-- 5 files changed, 37 insertions(+), 11 deletions(-) diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index ecf847065..97e05cfc6 100644 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -1022,6 +1022,7 @@ class EventsController extends AppController if (in_array('tags', $columns, true) || in_array('clusters', $columns, true)) { $events = $this->Event->attachTagsToEvents($events); $events = $this->GalaxyCluster->attachClustersToEventIndex($user, $events, true); + $events = $this->__attachHighlightedTagsToEvents($events); } if (in_array('correlations', $columns, true)) { @@ -6227,7 +6228,23 @@ class EventsController extends AppController private function __setHighlightedTags($event) { $this->loadModel('Taxonomy'); - $highlightedTags = $this->Taxonomy->getHighlightedTags($event['EventTag']); - $this->set('highlightedTaxonomies', $highlightedTags); + $highlightedTags = $this->Taxonomy->getHighlightedTags($this->Taxonomy->getHighlightedTaxonomies(), $event['EventTag']); + $this->set('highlightedTags', $highlightedTags); + } + + /** + * + * @param array $events + * @return array + */ + private function __attachHighlightedTagsToEvents($events) + { + $this->loadModel('Taxonomy'); + $highlightedTaxonomies = $this->Taxonomy->getHighlightedTaxonomies(); + foreach ($events as $k => $event) { + $events[$k]['Event']['highlightedTags'] = $this->Taxonomy->getHighlightedTags($highlightedTaxonomies, $event['EventTag']); + } + + return $events; } } diff --git a/app/Controller/TagsController.php b/app/Controller/TagsController.php index 1f9e56c29..d1cabe53f 100644 --- a/app/Controller/TagsController.php +++ b/app/Controller/TagsController.php @@ -367,7 +367,7 @@ class TagsController extends AppController // Remove galaxy tags $event = $this->Tag->removeGalaxyClusterTags($user, $event); - $highlightedTags = $this->Taxonomy->getHighlightedTags($event['EventTag']); + $highlightedTags = $this->Taxonomy->getHighlightedTags($this->Taxonomy->getHighlightedTaxonomies(), $event['EventTag']); $this->set('highlightedTaxonomies', $highlightedTags); $this->set('tags', $event['EventTag']); diff --git a/app/Model/Taxonomy.php b/app/Model/Taxonomy.php index 24f4c6f2b..72c57e0bd 100644 --- a/app/Model/Taxonomy.php +++ b/app/Model/Taxonomy.php @@ -880,20 +880,28 @@ class Taxonomy extends AppModel } /** - * - * @param array $tags * @return array */ - public function getHighlightedTags($tags) + public function getHighlightedTaxonomies() { - $highlitedTaxonomies = $this->find('all', [ + return $this->find('all', [ 'conditions' => [ 'highlighted' => 1, ] ]); + } + + /** + * + * @param array $highlightedTaxonomies + * @param array $tags + * @return array + */ + public function getHighlightedTags($highlightedTaxonomies, $tags) + { $highlightedTags = []; - if (is_array($highlitedTaxonomies) && !empty($highlitedTaxonomies)) { - foreach ($highlitedTaxonomies as $k => $taxonomy) { + if (is_array($highlightedTaxonomies) && !empty($highlightedTaxonomies)) { + foreach ($highlightedTaxonomies as $k => $taxonomy) { $highlightedTags[$k] = [ 'taxonomy' => $taxonomy, diff --git a/app/View/Elements/Events/eventIndexTable.ctp b/app/View/Elements/Events/eventIndexTable.ctp index c71a7cef2..70f4d071c 100644 --- a/app/View/Elements/Events/eventIndexTable.ctp +++ b/app/View/Elements/Events/eventIndexTable.ctp @@ -94,6 +94,7 @@ 'columnised' => true, 'static_tags_only' => 1, 'tag_display_style' => Configure::check('MISP.full_tags_on_event_index') ? Configure::read('MISP.full_tags_on_event_index') : 1, + 'highlightedTags' => $event['Event']['highlightedTags'] ?? [], ]); ?> diff --git a/app/View/Elements/ajaxTags.ctp b/app/View/Elements/ajaxTags.ctp index 550763abb..d8fb8cb95 100644 --- a/app/View/Elements/ajaxTags.ctp +++ b/app/View/Elements/ajaxTags.ctp @@ -48,8 +48,8 @@ } $highlitedTags = ""; - if (isset($highlightedTaxonomies) && $scope == 'event') { - foreach ($highlightedTaxonomies as $hTaxonomy) { + if (isset($highlightedTags) && $scope == 'event') { + foreach ($highlightedTags as $hTaxonomy) { $hButtonData = []; if ($full) { $hButtonData[] = sprintf( From d4c2dd702dd3ab18a08626bd0edb19378cbe63b1 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Wed, 30 Nov 2022 15:49:39 +0100 Subject: [PATCH 097/698] fix: support short tags setting --- app/View/Elements/ajaxTags.ctp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/View/Elements/ajaxTags.ctp b/app/View/Elements/ajaxTags.ctp index d8fb8cb95..31f7c8fa2 100644 --- a/app/View/Elements/ajaxTags.ctp +++ b/app/View/Elements/ajaxTags.ctp @@ -71,6 +71,7 @@ 'searchUrl' => $searchUrl, 'scope' => $scope, 'id' => $id, + 'tag_display_style' => $tag_display_style ]); } @@ -99,7 +100,8 @@ 'localTagAccess' => $localTagAccess, 'searchUrl' => $searchUrl, 'scope' => $scope, - 'id' => $id + 'id' => $id, + 'tag_display_style' => $tag_display_style ]); } if (!empty($buttonData)) { From 2e7d1d30c187ae265942635075e03436df0c7a9c Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Wed, 30 Nov 2022 16:00:17 +0100 Subject: [PATCH 098/698] fix: conflics and update db_schema.json --- app/Controller/Component/ACLComponent.php | 1 + app/Controller/EventsController.php | 13 ++ app/Controller/TagsController.php | 3 + app/Controller/TaxonomiesController.php | 26 ++++ app/Model/AppModel.php | 5 +- app/Model/Taxonomy.php | 38 +++++- app/View/Elements/ajaxTags.ctp | 154 +++++++++------------- app/View/Taxonomies/index.ctp | 12 ++ app/View/Taxonomies/view.ctp | 5 + db_schema.json | 13 +- 10 files changed, 172 insertions(+), 98 deletions(-) diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index cab59d922..90fa748c1 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -674,6 +674,7 @@ class ACLComponent extends Component 'taxonomyMassHide' => array('perm_tagger'), 'taxonomyMassUnhide' => array('perm_tagger'), 'toggleRequired' => array(), + 'toggleHighlighted' => array(), 'update' => array(), 'import' => [], 'export' => ['*'], diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index b7cd292a0..ecf847065 100644 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -1805,6 +1805,8 @@ class EventsController extends AppController $this->set('includeRelatedTags', (!empty($namedParams['includeRelatedTags'])) ? 1 : 0); $this->set('includeDecayScore', (!empty($namedParams['includeDecayScore'])) ? 1 : 0); + $this->__setHighlightedTags($event); + if ($this->_isSiteAdmin() && $event['Event']['orgc_id'] !== $this->Auth->user('org_id')) { $this->Flash->info(__('You are currently logged in as a site administrator and about to edit an event not belonging to your organisation. This goes against the sharing model of MISP. Use a normal user account for day to day work.')); } @@ -6217,4 +6219,15 @@ class EventsController extends AppController $this->render('/genericTemplates/confirm'); } } + + /** + * @param array $event + * @return void + */ + private function __setHighlightedTags($event) + { + $this->loadModel('Taxonomy'); + $highlightedTags = $this->Taxonomy->getHighlightedTags($event['EventTag']); + $this->set('highlightedTaxonomies', $highlightedTags); + } } diff --git a/app/Controller/TagsController.php b/app/Controller/TagsController.php index 51eb10822..1f9e56c29 100644 --- a/app/Controller/TagsController.php +++ b/app/Controller/TagsController.php @@ -367,6 +367,9 @@ class TagsController extends AppController // Remove galaxy tags $event = $this->Tag->removeGalaxyClusterTags($user, $event); + $highlightedTags = $this->Taxonomy->getHighlightedTags($event['EventTag']); + $this->set('highlightedTaxonomies', $highlightedTags); + $this->set('tags', $event['EventTag']); $this->set('missingTaxonomies', $this->Tag->EventTag->Event->missingTaxonomies($event)); $tagConflicts = $this->Taxonomy->checkIfTagInconsistencies($event['EventTag']); diff --git a/app/Controller/TaxonomiesController.php b/app/Controller/TaxonomiesController.php index afbb6c22c..d77e2a50f 100644 --- a/app/Controller/TaxonomiesController.php +++ b/app/Controller/TaxonomiesController.php @@ -498,6 +498,32 @@ class TaxonomiesController extends AppController $this->render('ajax/toggle_required'); } + public function toggleHighlighted($id) + { + $taxonomy = $this->Taxonomy->find('first', array( + 'recursive' => -1, + 'conditions' => array('Taxonomy.id' => $id) + )); + if (empty($taxonomy)) { + return $this->RestResponse->saveFailResponse('Taxonomy', 'toggleHighlighted', $id, 'Invalid Taxonomy', $this->response->type()); + } + if ($this->request->is('post')) { + $taxonomy['Taxonomy']['highlighted'] = $this->request->data['Taxonomy']['highlighted']; + $result = $this->Taxonomy->save($taxonomy); + if ($result) { + return $this->RestResponse->saveSuccessResponse('Taxonomy', 'toggleHighlighted', $id, $this->response->type()); + } else { + return $this->RestResponse->saveFailResponse('Taxonomy', 'toggleHighlighted', $id, $this->validationError, $this->response->type()); + } + } + + $this->set('highlighted', !$taxonomy['Taxonomy']['highlighted']); + $this->set('id', $id); + $this->autoRender = false; + $this->layout = false; + $this->render('ajax/toggle_highlighted'); + } + /** * @param string $action * @param int $modelId diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index 2557e9453..9380ffe33 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -83,7 +83,7 @@ class AppModel extends Model 81 => false, 82 => false, 83 => false, 84 => false, 85 => false, 86 => false, 87 => false, 88 => false, 89 => false, 90 => false, 91 => false, 92 => false, 93 => false, 94 => false, 95 => true, 96 => false, 97 => true, 98 => false, - 99 => false, 100 => false, 101 => false + 99 => false, 100 => false, 101 => false, 102 => false ); const ADVANCED_UPDATES_DESCRIPTION = array( @@ -1920,6 +1920,9 @@ class AppModel extends Model INDEX `baseurl` (`baseurl`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;"; break; + case 102: + $sqlArray[] = "ALTER TABLE `taxonomies` ADD `highlighted` tinyint(1) DEFAULT 0;"; + break; case 'fixNonEmptySharingGroupID': $sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; $sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; diff --git a/app/Model/Taxonomy.php b/app/Model/Taxonomy.php index 7ce1a1e10..24f4c6f2b 100644 --- a/app/Model/Taxonomy.php +++ b/app/Model/Taxonomy.php @@ -118,7 +118,7 @@ class Taxonomy extends AppModel $current = $this->find('first', array( 'conditions' => array('namespace' => $vocab['namespace']), 'recursive' => -1, - 'fields' => array('version', 'enabled', 'namespace') + 'fields' => array('version', 'enabled', 'namespace', 'highlighted') )); $current = empty($current) ? [] : $current['Taxonomy']; $result = $this->__updateVocab($vocab, $current); @@ -147,6 +147,7 @@ class Taxonomy extends AppModel 'version' => $vocab['version'], 'exclusive' => !empty($vocab['exclusive']), 'enabled' => $enabled, + 'highlighted' => !empty($vocab['highlighted']), ]]; $predicateLookup = array(); foreach ($vocab['predicates'] as $k => $predicate) { @@ -877,4 +878,39 @@ class Taxonomy extends AppModel { return $this->Tag->mergeTag($source_id, $target_id); } + + /** + * + * @param array $tags + * @return array + */ + public function getHighlightedTags($tags) + { + $highlitedTaxonomies = $this->find('all', [ + 'conditions' => [ + 'highlighted' => 1, + ] + ]); + $highlightedTags = []; + if (is_array($highlitedTaxonomies) && !empty($highlitedTaxonomies)) { + foreach ($highlitedTaxonomies as $k => $taxonomy) { + + $highlightedTags[$k] = [ + 'taxonomy' => $taxonomy, + 'tags' => [] + ]; + + foreach ($tags as $tag) { + $splits = $this->splitTagToComponents($tag['Tag']['name']); + if (!empty($splits) && $splits['namespace'] === $taxonomy['Taxonomy']['namespace']) { + $highlightedTags[$k]['tags'][] = $tag; + } + } + } + + return $highlightedTags; + } + + return $highlightedTags; + } } diff --git a/app/View/Elements/ajaxTags.ctp b/app/View/Elements/ajaxTags.ctp index 67949af49..550763abb 100644 --- a/app/View/Elements/ajaxTags.ctp +++ b/app/View/Elements/ajaxTags.ctp @@ -24,100 +24,8 @@ $full = $isAclTagger && $tagAccess && empty($static_tags_only); $fullLocal = $isAclTagger && $localTagAccess && empty($static_tags_only); $tagData = ""; - foreach ($tags as $tag) { - if (empty($tag['Tag'])) { - $tag['Tag'] = $tag; - } - if (empty($tag['Tag']['colour'])) { - $tag['Tag']['colour'] = '#0088cc'; - } - $aStyle = 'background-color:' . h($tag['Tag']['colour']) . ';color:' . $this->TextColour->getTextColour($tag['Tag']['colour']); - $aClass = 'tag nowrap'; - $aText = trim($tag['Tag']['name']); - $aTextModified = null; - if (isset($tag_display_style)) { - if ($tag_display_style == 1) { - // default behaviour, do nothing for now - } else if ($tag_display_style == 2) { - $separator_pos = strpos($aText, ':'); - if ($separator_pos !== false) { - $aTextModified = substr($aText, $separator_pos + 1); - $value_pos = strpos($aTextModified, '='); - if ($value_pos !== false) { - $aTextModified = substr($aTextModified, $value_pos + 1); - $aTextModified = trim($aTextModified, '"'); - } - $aTextModified = h($aTextModified); - } - } else if ($tag_display_style === 0 || $tag_display_style === '0') { - $aTextModified = ' '; - } - } - $aText = h($aText); - $span_scope = !empty($hide_global_scope) ? '' : sprintf( - '', - 'black-white tag', - !empty($tag['local']) ? __('Local tag') : __('Global tag'), - !empty($tag['local']) ? __('Local tag') : __('Global tag'), - !empty($tag['local']) ? 'user' : 'globe-americas' - ); - $span_relationship_type = empty($tag['relationship_type']) ? '' : sprintf( - '%s:', - h($tag['relationship_type']), - h($tag['relationship_type']), - h($tag['relationship_type']) - ); - if (!empty($tag['Tag']['id'])) { - $span_tag = sprintf( - '%s', - $baseurl . $searchUrl . intval($tag['Tag']['id']), - $aStyle, - $aClass, - isset($aTextModified) ? ' title="' . $aText . '"' : '', - intval($tag['Tag']['id']), - isset($aTextModified) ? $aTextModified : $aText - ); - } else { - $span_tag = sprintf( - '%s', - $aStyle, - $aClass, - $aText - ); - } - $span_delete = ''; - $span_relationship = ''; - if ($full || ($fullLocal && $tag['Tag']['local'])) { - $span_relationship = sprintf( - '', - 'black-white tag noPrint modal-open', - __('Modify Tag Relationship'), - __('Modify relationship for tag %s', h($tag['Tag']['name'])), - sprintf( - '%s/tags/modifyTagRelationship/%s/%s', - $baseurl, - h($scope), - h($tag['id']) - ) - ); - $span_delete = sprintf( - 'x', - 'black-white tag useCursorPointer noPrint', - __('Remove tag'), - "button", - "0", - __('Remove tag %s', h($tag['Tag']['name'])), - sprintf( - "removeObjectTagPopup(this, '%s', %s, %s)", - $scope, - $id, - intval($tag['Tag']['id']) - ) - ); - } - $tagData .= '' . $span_scope . $span_relationship_type . $span_tag . $span_relationship . $span_delete . ' '; - } - $buttonData = array(); + + $buttonData = []; if ($full) { $buttonData[] = sprintf( '', @@ -138,6 +46,62 @@ ' ' ); } + + $highlitedTags = ""; + if (isset($highlightedTaxonomies) && $scope == 'event') { + foreach ($highlightedTaxonomies as $hTaxonomy) { + $hButtonData = []; + if ($full) { + $hButtonData[] = sprintf( + '', + __('Add a tag'), + __('Add a tag'), + 'addTagButton addButton btn btn-inverse noPrint', + sprintf($baseurl . '/tags/selectTag/%u/%u/event', $id, $hTaxonomy['taxonomy']['Taxonomy']['id']), + ' ' + ); + } + + $hTags = ""; + foreach($hTaxonomy['tags'] as $hTag){ + $hTags .= $this->element('rich_tag', [ + 'tag' => $hTag, + 'tagAccess' => $tagAccess, + 'localTagAccess' => $localTagAccess, + 'searchUrl' => $searchUrl, + 'scope' => $scope, + 'id' => $id, + ]); + } + + $highlitedTags .= sprintf( + '%s%s%s', + $hTaxonomy['taxonomy']['Taxonomy']['namespace'], + $hTags, + $hButtonData ? '' . implode('', $hButtonData) . '' : '' + ); + + foreach ($tags as $k => $tag) { + foreach ($hTaxonomy['tags'] as $hTag) { + if ($tag['Tag']['name'] === $hTag['Tag']['name']) { + unset($tags[$k]); + } + } + } + } + $tagData .= sprintf('%s
', $highlitedTags); + } + + foreach ($tags as $tag) { + $tagData .= $this->element('rich_tag', [ + 'tag' => $tag, + 'tagAccess' => $tagAccess, + 'localTagAccess' => $localTagAccess, + 'searchUrl' => $searchUrl, + 'scope' => $scope, + 'id' => $id + ]); + } if (!empty($buttonData)) { $tagData .= '' . implode('', $buttonData) . ''; } @@ -174,4 +138,4 @@ } } echo ''; - } + } \ No newline at end of file diff --git a/app/View/Taxonomies/index.ctp b/app/View/Taxonomies/index.ctp index f2aefb7f0..b85fe5790 100644 --- a/app/View/Taxonomies/index.ctp +++ b/app/View/Taxonomies/index.ctp @@ -75,6 +75,18 @@ 'data_path' => 'Taxonomy.required', 'disabled' => !$isSiteAdmin, ), + array( + 'name' => __('Highlighted'), + 'element' => 'toggle', + 'url' => $baseurl . '/taxonomies/toggleHighlighted', + 'url_params_data_paths' => array( + 'Taxonomy.id' + ), + 'sort' => 'highlighted', + 'class' => 'short', + 'data_path' => 'Taxonomy.highlighted', + 'disabled' => !$isSiteAdmin, + ), array( 'name' => __('Active Tags'), 'element' => 'custom', diff --git a/app/View/Taxonomies/view.ctp b/app/View/Taxonomies/view.ctp index e569aa323..5a5cc786f 100644 --- a/app/View/Taxonomies/view.ctp +++ b/app/View/Taxonomies/view.ctp @@ -46,6 +46,11 @@ echo $this->element( 'path' => 'enabled', 'type' => 'boolean' ], + [ + 'key' => __('Highlighted'), + 'path' => 'highlighted', + 'type' => 'boolean' + ], [ 'key' => __('Action'), 'type' => 'custom', diff --git a/db_schema.json b/db_schema.json index 18ba8c2ed..be825fc77 100644 --- a/db_schema.json +++ b/db_schema.json @@ -7279,6 +7279,17 @@ "column_type": "tinyint(1)", "column_default": "0", "extra": "" + }, + { + "column_name": "highlighted", + "is_nullable": "NO", + "data_type": "tinyint", + "character_maximum_length": null, + "numeric_precision": "3", + "collation_name": null, + "column_type": "tinyint(1)", + "column_default": "0", + "extra": "" } ], "taxonomy_entries": [ @@ -9257,5 +9268,5 @@ "uuid": false } }, - "db_version": "101" + "db_version": "102" } From d7fdbf9db98c5c5e0869de25f3b298f2504924d0 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Wed, 30 Nov 2022 14:08:30 +0100 Subject: [PATCH 099/698] fix: add missing views --- app/View/Elements/rich_tag.ctp | 99 +++++++++++++++++++ .../Taxonomies/ajax/toggle_highlighted.ctp | 15 +++ 2 files changed, 114 insertions(+) create mode 100644 app/View/Elements/rich_tag.ctp create mode 100644 app/View/Taxonomies/ajax/toggle_highlighted.ctp diff --git a/app/View/Elements/rich_tag.ctp b/app/View/Elements/rich_tag.ctp new file mode 100644 index 000000000..33fa0b878 --- /dev/null +++ b/app/View/Elements/rich_tag.ctp @@ -0,0 +1,99 @@ +TextColour->getTextColour($tag['Tag']['colour']); +$aClass = 'tag nowrap'; +$aText = trim($tag['Tag']['name']); +$aTextModified = null; +if (isset($tag_display_style)) { + if ($tag_display_style == 1) { + // default behaviour, do nothing for now + } else if ($tag_display_style == 2) { + $separator_pos = strpos($aText, ':'); + if ($separator_pos !== false) { + $aTextModified = substr($aText, $separator_pos + 1); + $value_pos = strpos($aTextModified, '='); + if ($value_pos !== false) { + $aTextModified = substr($aTextModified, $value_pos + 1); + $aTextModified = trim($aTextModified, '"'); + } + $aTextModified = h($aTextModified); + } + } else if ($tag_display_style === 0 || $tag_display_style === '0') { + $aTextModified = ' '; + } +} +$aText = h($aText); +$span_scope = !empty($hide_global_scope) ? '' : sprintf( + '', + 'black-white tag', + !empty($tag['local']) ? __('Local tag') : __('Global tag'), + !empty($tag['local']) ? __('Local tag') : __('Global tag'), + !empty($tag['local']) ? 'user' : 'globe-americas' +); +$span_relationship_type = empty($tag['relationship_type']) ? '' : sprintf( + '%s:', + h($tag['relationship_type']), + h($tag['relationship_type']), + h($tag['relationship_type']) +); +if (!empty($tag['Tag']['id'])) { + $span_tag = sprintf( + '%s', + $baseurl . $searchUrl . intval($tag['Tag']['id']), + $aStyle, + $aClass, + isset($aTextModified) ? ' title="' . $aText . '"' : '', + intval($tag['Tag']['id']), + isset($aTextModified) ? $aTextModified : $aText + ); +} else { + $span_tag = sprintf( + '%s', + $aStyle, + $aClass, + $aText + ); +} +$span_delete = ''; +$span_relationship = ''; +if ($canModifyAllTags || ($canModifyLocalTags && $tag['Tag']['local'])) { + $span_relationship = sprintf( + '', + 'black-white tag noPrint modal-open', + __('Modify Tag Relationship'), + __('Modify relationship for tag %s', h($tag['Tag']['name'])), + sprintf( + '%s/tags/modifyTagRelationship/%s/%s', + $baseurl, + h($scope), + h($tag['id']) + ) + ); + $span_delete = sprintf( + 'x', + 'black-white tag useCursorPointer noPrint', + __('Remove tag'), + "button", + "0", + __('Remove tag %s', h($tag['Tag']['name'])), + sprintf( + "removeObjectTagPopup(this, '%s', %s, %s)", + $scope, + $id, + intval($tag['Tag']['id']) + ) + ); +} + +echo '' . $span_scope . $span_relationship_type . $span_tag . $span_relationship . $span_delete . ''; \ No newline at end of file diff --git a/app/View/Taxonomies/ajax/toggle_highlighted.ctp b/app/View/Taxonomies/ajax/toggle_highlighted.ctp new file mode 100644 index 000000000..a17c30252 --- /dev/null +++ b/app/View/Taxonomies/ajax/toggle_highlighted.ctp @@ -0,0 +1,15 @@ +Form->create('Taxonomy', array( + 'id' => 'HighlightedCheckboxForm' . h($id), + 'label' => false, + 'style' => 'display:none;', + 'url' => $baseurl . '/taxonomies/toggleHighlighted/' . $id + )); + echo $this->Form->checkbox('highlighted', array( + 'checked' => $highlighted, + 'label' => false, + 'disabled' => !$isSiteAdmin, + 'class' => 'highlighted-toggle' + )); + echo $this->Form->end(); +?> From 65004e89ed7c5cd75487a0146cd868087282b983 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Wed, 30 Nov 2022 15:07:41 +0100 Subject: [PATCH 100/698] new: show highlighted tags in event index --- app/Controller/EventsController.php | 21 ++++++++++++++++++-- app/Controller/TagsController.php | 2 +- app/Model/Taxonomy.php | 20 +++++++++++++------ app/View/Elements/Events/eventIndexTable.ctp | 1 + app/View/Elements/ajaxTags.ctp | 4 ++-- 5 files changed, 37 insertions(+), 11 deletions(-) diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index ecf847065..97e05cfc6 100644 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -1022,6 +1022,7 @@ class EventsController extends AppController if (in_array('tags', $columns, true) || in_array('clusters', $columns, true)) { $events = $this->Event->attachTagsToEvents($events); $events = $this->GalaxyCluster->attachClustersToEventIndex($user, $events, true); + $events = $this->__attachHighlightedTagsToEvents($events); } if (in_array('correlations', $columns, true)) { @@ -6227,7 +6228,23 @@ class EventsController extends AppController private function __setHighlightedTags($event) { $this->loadModel('Taxonomy'); - $highlightedTags = $this->Taxonomy->getHighlightedTags($event['EventTag']); - $this->set('highlightedTaxonomies', $highlightedTags); + $highlightedTags = $this->Taxonomy->getHighlightedTags($this->Taxonomy->getHighlightedTaxonomies(), $event['EventTag']); + $this->set('highlightedTags', $highlightedTags); + } + + /** + * + * @param array $events + * @return array + */ + private function __attachHighlightedTagsToEvents($events) + { + $this->loadModel('Taxonomy'); + $highlightedTaxonomies = $this->Taxonomy->getHighlightedTaxonomies(); + foreach ($events as $k => $event) { + $events[$k]['Event']['highlightedTags'] = $this->Taxonomy->getHighlightedTags($highlightedTaxonomies, $event['EventTag']); + } + + return $events; } } diff --git a/app/Controller/TagsController.php b/app/Controller/TagsController.php index 1f9e56c29..d1cabe53f 100644 --- a/app/Controller/TagsController.php +++ b/app/Controller/TagsController.php @@ -367,7 +367,7 @@ class TagsController extends AppController // Remove galaxy tags $event = $this->Tag->removeGalaxyClusterTags($user, $event); - $highlightedTags = $this->Taxonomy->getHighlightedTags($event['EventTag']); + $highlightedTags = $this->Taxonomy->getHighlightedTags($this->Taxonomy->getHighlightedTaxonomies(), $event['EventTag']); $this->set('highlightedTaxonomies', $highlightedTags); $this->set('tags', $event['EventTag']); diff --git a/app/Model/Taxonomy.php b/app/Model/Taxonomy.php index 24f4c6f2b..72c57e0bd 100644 --- a/app/Model/Taxonomy.php +++ b/app/Model/Taxonomy.php @@ -880,20 +880,28 @@ class Taxonomy extends AppModel } /** - * - * @param array $tags * @return array */ - public function getHighlightedTags($tags) + public function getHighlightedTaxonomies() { - $highlitedTaxonomies = $this->find('all', [ + return $this->find('all', [ 'conditions' => [ 'highlighted' => 1, ] ]); + } + + /** + * + * @param array $highlightedTaxonomies + * @param array $tags + * @return array + */ + public function getHighlightedTags($highlightedTaxonomies, $tags) + { $highlightedTags = []; - if (is_array($highlitedTaxonomies) && !empty($highlitedTaxonomies)) { - foreach ($highlitedTaxonomies as $k => $taxonomy) { + if (is_array($highlightedTaxonomies) && !empty($highlightedTaxonomies)) { + foreach ($highlightedTaxonomies as $k => $taxonomy) { $highlightedTags[$k] = [ 'taxonomy' => $taxonomy, diff --git a/app/View/Elements/Events/eventIndexTable.ctp b/app/View/Elements/Events/eventIndexTable.ctp index c71a7cef2..70f4d071c 100644 --- a/app/View/Elements/Events/eventIndexTable.ctp +++ b/app/View/Elements/Events/eventIndexTable.ctp @@ -94,6 +94,7 @@ 'columnised' => true, 'static_tags_only' => 1, 'tag_display_style' => Configure::check('MISP.full_tags_on_event_index') ? Configure::read('MISP.full_tags_on_event_index') : 1, + 'highlightedTags' => $event['Event']['highlightedTags'] ?? [], ]); ?> diff --git a/app/View/Elements/ajaxTags.ctp b/app/View/Elements/ajaxTags.ctp index 550763abb..d8fb8cb95 100644 --- a/app/View/Elements/ajaxTags.ctp +++ b/app/View/Elements/ajaxTags.ctp @@ -48,8 +48,8 @@ } $highlitedTags = ""; - if (isset($highlightedTaxonomies) && $scope == 'event') { - foreach ($highlightedTaxonomies as $hTaxonomy) { + if (isset($highlightedTags) && $scope == 'event') { + foreach ($highlightedTags as $hTaxonomy) { $hButtonData = []; if ($full) { $hButtonData[] = sprintf( From b1291d833593c5d662e29a912d0561dc0590e975 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Wed, 30 Nov 2022 15:49:39 +0100 Subject: [PATCH 101/698] fix: support short tags setting --- app/View/Elements/ajaxTags.ctp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/View/Elements/ajaxTags.ctp b/app/View/Elements/ajaxTags.ctp index d8fb8cb95..31f7c8fa2 100644 --- a/app/View/Elements/ajaxTags.ctp +++ b/app/View/Elements/ajaxTags.ctp @@ -71,6 +71,7 @@ 'searchUrl' => $searchUrl, 'scope' => $scope, 'id' => $id, + 'tag_display_style' => $tag_display_style ]); } @@ -99,7 +100,8 @@ 'localTagAccess' => $localTagAccess, 'searchUrl' => $searchUrl, 'scope' => $scope, - 'id' => $id + 'id' => $id, + 'tag_display_style' => $tag_display_style ]); } if (!empty($buttonData)) { From 77d0e9e17d5b16b149c7b4b8f8b271656f7ff550 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Thu, 1 Dec 2022 05:58:06 +0100 Subject: [PATCH 102/698] fix: [log] Minor cosmetic fixes --- app/Model/Bruteforce.php | 13 ++++++++----- app/View/Logs/admin_index.ctp | 4 ++-- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/app/Model/Bruteforce.php b/app/Model/Bruteforce.php index 29507c1cd..7d0efab9d 100644 --- a/app/Model/Bruteforce.php +++ b/app/Model/Bruteforce.php @@ -12,17 +12,19 @@ class Bruteforce extends AppModel $ip = $this->_remoteIp(); $expire = Configure::check('SecureAuth.expire') ? Configure::read('SecureAuth.expire') : 300; $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; - $expire = time() + $expire; - $expire = date('Y-m-d H:i:s', $expire); + $expireTime = time() + $expire; + $expireTime = date('Y-m-d H:i:s', $expireTime); $bruteforceEntry = array( 'ip' => $ip, 'username' => trim(strtolower($username)), - 'expire' => $expire + 'expire' => $expireTime ); $this->save($bruteforceEntry); $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $ip . '.'; if ($this->isBlocklisted($username)) { - $title .= 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blocklisted for ' . $expire . ' seconds.'; + $change = 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blocklisted for ' . $expire . ' seconds.'; + } else { + $change = ''; } $log = array( 'org' => 'SYSTEM', @@ -30,7 +32,8 @@ class Bruteforce extends AppModel 'model_id' => 0, 'email' => $username, 'action' => 'login_fail', - 'title' => $title + 'title' => $title, + 'change' => $change ); $this->Log->save($log); } diff --git a/app/View/Logs/admin_index.ctp b/app/View/Logs/admin_index.ctp index 26f1fceb4..1d8eb5f4e 100644 --- a/app/View/Logs/admin_index.ctp +++ b/app/View/Logs/admin_index.ctp @@ -75,7 +75,7 @@   '; + echo ''; if (isset($ipSearch) && $ipSearch != null) echo nl2br($this->Highlight->highlighter(h($item['Log']['ip']), $ipSearchReplacePairs)); else echo h($item['Log']['ip']); echo ''; @@ -97,7 +97,7 @@ Highlight->highlighter(h($item['Log']['action']), $actionSearchReplacePairs)); else echo (h($item['Log']['action'])); ?>  - Highlight->highlighter(h($item['Log']['title']), $titleSearchReplacePairs)); else echo nl2br(h($item['Log']['title'])); ?>  Date: Thu, 1 Dec 2022 08:50:49 +0100 Subject: [PATCH 103/698] fix: cs --- app/Model/Taxonomy.php | 1 - app/View/Elements/rich_tag.ctp | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/app/Model/Taxonomy.php b/app/Model/Taxonomy.php index 72c57e0bd..c667cd8e8 100644 --- a/app/Model/Taxonomy.php +++ b/app/Model/Taxonomy.php @@ -902,7 +902,6 @@ class Taxonomy extends AppModel $highlightedTags = []; if (is_array($highlightedTaxonomies) && !empty($highlightedTaxonomies)) { foreach ($highlightedTaxonomies as $k => $taxonomy) { - $highlightedTags[$k] = [ 'taxonomy' => $taxonomy, 'tags' => [] diff --git a/app/View/Elements/rich_tag.ctp b/app/View/Elements/rich_tag.ctp index 33fa0b878..c8fcae5ec 100644 --- a/app/View/Elements/rich_tag.ctp +++ b/app/View/Elements/rich_tag.ctp @@ -96,4 +96,4 @@ if ($canModifyAllTags || ($canModifyLocalTags && $tag['Tag']['local'])) { ); } -echo '' . $span_scope . $span_relationship_type . $span_tag . $span_relationship . $span_delete . ''; \ No newline at end of file +echo '' . $span_scope . $span_relationship_type . $span_tag . $span_relationship . $span_delete . ''; From 6aabed566a2326f66fe2f0e27f0867ab3ebd3cb4 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Thu, 1 Dec 2022 08:51:37 +0100 Subject: [PATCH 104/698] fix: cs --- app/View/Elements/ajaxTags.ctp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/View/Elements/ajaxTags.ctp b/app/View/Elements/ajaxTags.ctp index 31f7c8fa2..5ddde03bc 100644 --- a/app/View/Elements/ajaxTags.ctp +++ b/app/View/Elements/ajaxTags.ctp @@ -140,4 +140,5 @@ } } echo ''; - } \ No newline at end of file + } + \ No newline at end of file From b34933a4a5e9313d4d658f87adcb609265bd9a33 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Thu, 1 Dec 2022 10:03:22 +0100 Subject: [PATCH 105/698] chg: [logs] user can see own logs --- app/Controller/Component/ACLComponent.php | 3 +- app/Controller/LogsController.php | 29 +++++++++++++++---- .../genericElements/SideMenu/side_menu.ctp | 26 ++++++++++------- app/View/Elements/global_menu.ctp | 6 ++-- app/View/Logs/{admin_index.ctp => index.ctp} | 4 +-- app/View/Users/view.ctp | 10 ++++++- 6 files changed, 56 insertions(+), 22 deletions(-) rename app/View/Logs/{admin_index.ctp => index.ctp} (98%) diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index cab59d922..82a3523c6 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -384,7 +384,8 @@ class ACLComponent extends Component 'event_index' => array('*'), 'returnDates' => array('*'), 'testForStolenAttributes' => array(), - 'pruneUpdateLogs' => array() + 'pruneUpdateLogs' => array(), + 'index' => array('*') ), 'auditLogs' => [ 'admin_index' => ['perm_audit'], diff --git a/app/Controller/LogsController.php b/app/Controller/LogsController.php index 13ee4c3de..c2463ef49 100644 --- a/app/Controller/LogsController.php +++ b/app/Controller/LogsController.php @@ -28,7 +28,7 @@ class LogsController extends AppController } } - public function admin_index() + public function index() { $paramArray = array('id', 'title', 'created', 'model', 'model_id', 'action', 'user_id', 'change', 'email', 'org', 'description', 'ip'); $filterData = array( @@ -71,8 +71,15 @@ class LogsController extends AppController } } if (!$this->_isSiteAdmin()) { + // no filtering for SiteAdmin + } + else if (!$this->_isSiteAdmin() && $this->_isAdmin()) { + // ORG admins can see their own org info $orgRestriction = $this->Auth->user('Organisation')['name']; - $conditions['AND']['Log.org'] = $orgRestriction; + $conditions['Log.org'] = $orgRestriction; + } else { + // users can see their own info + $conditions['Log.email'] = $this->Auth->user('email'); } $params = array( 'conditions' => $conditions, @@ -90,12 +97,18 @@ class LogsController extends AppController $this->set('isSearch', 0); $this->recursive = 0; $validFilters = $this->Log->logMeta; - if (!$this->_isSiteAdmin()) { + if ($this->_isSiteAdmin()) { + $validFilters = array_merge_recursive($validFilters, $this->Log->logMetaAdmin); + } + else if (!$this->_isSiteAdmin() && $this->_isAdmin()) { + // ORG admins can see their own org info $orgRestriction = $this->Auth->user('Organisation')['name']; $conditions['Log.org'] = $orgRestriction; $this->paginate['conditions'] = $conditions; } else { - $validFilters = array_merge_recursive($validFilters, $this->Log->logMetaAdmin); + // users can see their own info + $conditions['Log.email'] = $this->Auth->user('email'); + $this->paginate['conditions'] = $conditions; } if (isset($this->params['named']['filter']) && in_array($this->params['named']['filter'], array_keys($validFilters))) { $this->paginate['conditions']['Log.action'] = $validFilters[$this->params['named']['filter']]['values']; @@ -112,6 +125,12 @@ class LogsController extends AppController } } + public function admin_index() + { + $this->view = 'index'; + $this->index(); + } + // Shows a minimalistic history for the currently selected event public function event_index($id, $org = null) { @@ -313,7 +332,7 @@ class LogsController extends AppController } // set the same view as the index page - $this->render('admin_index'); + $this->render('index'); } } else { // get from Session diff --git a/app/View/Elements/genericElements/SideMenu/side_menu.ctp b/app/View/Elements/genericElements/SideMenu/side_menu.ctp index 191c38351..8a1a55e1a 100644 --- a/app/View/Elements/genericElements/SideMenu/side_menu.ctp +++ b/app/View/Elements/genericElements/SideMenu/side_menu.ctp @@ -1093,25 +1093,29 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider'); case 'logs': echo $this->element('/genericElements/SideMenu/side_menu_link', array( - 'url' => $baseurl . '/admin/logs/index', + 'url' => $baseurl . '/logs/index', 'text' => __('Application Logs') )); - if (Configure::read('MISP.log_new_audit')) { + if (Configure::read('MISP.log_new_audit') && $isAdmin) { echo $this->element('/genericElements/SideMenu/side_menu_link', array( 'element_id' => 'listAuditLogs', 'url' => $baseurl . '/admin/audit_logs/index', 'text' => __('Audit Logs'), )); } - echo $this->element('/genericElements/SideMenu/side_menu_link', array( - 'element_id' => 'listAccessLogs', - 'url' => $baseurl . '/admin/access_logs/index', - 'text' => __('Access Logs'), - )); - echo $this->element('/genericElements/SideMenu/side_menu_link', array( - 'url' => $baseurl . '/admin/logs/search', - 'text' => __('Search Logs') - )); + if ($isSiteAdmin) { + echo $this->element('/genericElements/SideMenu/side_menu_link', array( + 'element_id' => 'listAccessLogs', + 'url' => $baseurl . '/admin/access_logs/index', + 'text' => __('Access Logs'), + )); + } + if ($isAdmin) { + echo $this->element('/genericElements/SideMenu/side_menu_link', array( + 'url' => $baseurl . '/admin/logs/search', + 'text' => __('Search Logs') + )); + } break; case 'threads': diff --git a/app/View/Elements/global_menu.ctp b/app/View/Elements/global_menu.ctp index 79ec6031b..553cbbf18 100755 --- a/app/View/Elements/global_menu.ctp +++ b/app/View/Elements/global_menu.ctp @@ -487,20 +487,22 @@ 'children' => array( array( 'text' => __('Application Logs'), - 'url' => $baseurl . '/admin/logs/index' + 'url' => $baseurl . '/logs/index' ), array( 'text' => __('Audit Logs'), 'url' => $baseurl . '/admin/audit_logs/index', - 'requirement' => Configure::read('MISP.log_new_audit'), + 'requirement' => Configure::read('MISP.log_new_audit') && $isAdmin, ), array( 'text' => __('Access Logs'), 'url' => $baseurl . '/admin/access_logs/index', + 'requirement' => $isSiteAdmin ), array( 'text' => __('Search Logs'), 'url' => $baseurl . '/admin/logs/search', + 'requirement' => $isAdmin ) ) ), diff --git a/app/View/Logs/admin_index.ctp b/app/View/Logs/index.ctp similarity index 98% rename from app/View/Logs/admin_index.ctp rename to app/View/Logs/index.ctp index 1d8eb5f4e..fb565977a 100644 --- a/app/View/Logs/admin_index.ctp +++ b/app/View/Logs/index.ctp @@ -46,12 +46,12 @@ 'text' => h($filterData['name']), 'title' => __('Modify filters'), 'active' => isset($filter) && $filterName === $filter, - 'url' => $baseurl . '/admin/logs/index/filter:' . h($filterName) + 'url' => $baseurl . '/logs/index/filter:' . h($filterName) ); } $data['children'][0]['children'][] = array( 'requirement' => !empty($filter), - 'url' => $baseurl . '/admin/logs/index', + 'url' => $baseurl . '/logs/index', 'title' => __('Remove filters'), 'fa-icon' => 'times' ); diff --git a/app/View/Users/view.ctp b/app/View/Users/view.ctp index 158e937a9..74f3c9773 100755 --- a/app/View/Users/view.ctp +++ b/app/View/Users/view.ctp @@ -130,7 +130,7 @@ 'js' => array('vis', 'jquery-ui.min', 'network-distribution-graph') )); echo sprintf( - '
%s
%s
%s%s
', + '
%s
%s%s
%s%s
', sprintf( '

%s

%s', __('User %s', h($user['User']['email'])), @@ -145,6 +145,14 @@ ), __('Download user profile for data portability') ), + sprintf( + ' %s', + sprintf( + '%s/logs/index', + $baseurl + ), + __('Review user logs') + ), $me['Role']['perm_auth'] ? $this->element('/genericElements/accordion', array('title' => __('Auth keys'), 'url' => '/auth_keys/index/' . h($user['User']['id']))) : '', $this->element('/genericElements/accordion', array('title' => 'Events', 'url' => '/events/index/searchemail:' . urlencode(h($user['User']['email'])))) ); From 53e3af478751d08363384442af5343d60c55eeec Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Thu, 1 Dec 2022 10:17:22 +0100 Subject: [PATCH 106/698] chg: show short tags for highlighted tags --- app/View/Elements/ajaxTags.ctp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/View/Elements/ajaxTags.ctp b/app/View/Elements/ajaxTags.ctp index 5ddde03bc..3839e0d88 100644 --- a/app/View/Elements/ajaxTags.ctp +++ b/app/View/Elements/ajaxTags.ctp @@ -24,8 +24,9 @@ $full = $isAclTagger && $tagAccess && empty($static_tags_only); $fullLocal = $isAclTagger && $localTagAccess && empty($static_tags_only); $tagData = ""; - + $tag_display_style = $tag_display_style ?? 1; $buttonData = []; + if ($full) { $buttonData[] = sprintf( '', @@ -71,7 +72,7 @@ 'searchUrl' => $searchUrl, 'scope' => $scope, 'id' => $id, - 'tag_display_style' => $tag_display_style + 'tag_display_style' => 2 ]); } @@ -141,4 +142,3 @@ } echo ''; } - \ No newline at end of file From bc4b1e6f49859767b66c6e3597871d5bb7747eea Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Thu, 1 Dec 2022 10:49:50 +0100 Subject: [PATCH 107/698] fix: [logs] only allow for perm_audit & promote the perm to all --- INSTALL/MYSQL.sql | 8 ++++---- app/Controller/Component/ACLComponent.php | 2 +- app/Model/AppModel.php | 5 ++++- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/INSTALL/MYSQL.sql b/INSTALL/MYSQL.sql index 44da990b4..d559225c7 100644 --- a/INSTALL/MYSQL.sql +++ b/INSTALL/MYSQL.sql @@ -1523,16 +1523,16 @@ INSERT IGNORE INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `pe VALUES (2, 'Org Admin', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0); INSERT IGNORE INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`) -VALUES (3, 'User', NOW(), NOW(), 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1); +VALUES (3, 'User', NOW(), NOW(), 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1); INSERT IGNORE INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`) -VALUES (4, 'Publisher', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0); +VALUES (4, 'Publisher', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0); INSERT IGNORE INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`) -VALUES (5, 'Sync user', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0); +VALUES (5, 'Sync user', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0); INSERT IGNORE INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`) -VALUES (6, 'Read Only', NOW(), NOW(), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); +VALUES (6, 'Read Only', NOW(), NOW(), 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); -- -------------------------------------------------------- diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index 82a3523c6..724b385a0 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -385,7 +385,7 @@ class ACLComponent extends Component 'returnDates' => array('*'), 'testForStolenAttributes' => array(), 'pruneUpdateLogs' => array(), - 'index' => array('*') + 'index' => array('perm_audit') ), 'auditLogs' => [ 'admin_index' => ['perm_audit'], diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index 2557e9453..678f721db 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -83,7 +83,7 @@ class AppModel extends Model 81 => false, 82 => false, 83 => false, 84 => false, 85 => false, 86 => false, 87 => false, 88 => false, 89 => false, 90 => false, 91 => false, 92 => false, 93 => false, 94 => false, 95 => true, 96 => false, 97 => true, 98 => false, - 99 => false, 100 => false, 101 => false + 99 => false, 100 => false, 101 => false, 102 => false ); const ADVANCED_UPDATES_DESCRIPTION = array( @@ -1997,6 +1997,9 @@ class AppModel extends Model } } break; + case 102: + $sqlArray[] = "UPDATE roles SET perm_audit = 1;"; + break; default: return false; } From 5f6870b9ac9569947d85390e5c50955ab3a05f01 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 1 Dec 2022 13:11:21 +0100 Subject: [PATCH 108/698] fix: [internal] Attaching clusters --- app/Controller/GalaxiesController.php | 2 +- app/Model/Galaxy.php | 26 +++++++++++++------------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/app/Controller/GalaxiesController.php b/app/Controller/GalaxiesController.php index fc6ef9cd6..edb500e27 100644 --- a/app/Controller/GalaxiesController.php +++ b/app/Controller/GalaxiesController.php @@ -525,7 +525,7 @@ class GalaxiesController extends AppController } } - $result = $this->Galaxy->attachCluster($user, $target_type, $target_id, $cluster_id, $local); + $result = $this->Galaxy->attachCluster($user, $target_type, $target, $cluster_id, $local); return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => $result, 'check_publish' => true)), 'status'=>200, 'type' => 'json')); } diff --git a/app/Model/Galaxy.php b/app/Model/Galaxy.php index 40ef276d7..d08b499ae 100644 --- a/app/Model/Galaxy.php +++ b/app/Model/Galaxy.php @@ -380,16 +380,16 @@ class Galaxy extends AppModel /** * @param array $user - * @param string $target_type + * @param string $targetType Can be 'event', 'attribute' or 'tag_collection' * @param array $target * @param int $cluster_id * @param bool $local * @return string * @throws Exception */ - public function attachCluster(array $user, $target_type, array $target, $cluster_id, $local = false) + public function attachCluster(array $user, $targetType, array $target, $cluster_id, $local = false) { - $connectorModel = Inflector::camelize($target_type) . 'Tag'; + $connectorModel = Inflector::camelize($targetType) . 'Tag'; $local = $local == 1 || $local === true ? 1 : 0; $cluster_alias = $this->GalaxyCluster->alias; $galaxy_alias = $this->alias; @@ -409,36 +409,36 @@ class Galaxy extends AppModel } $this->Tag = ClassRegistry::init('Tag'); $tag_id = $this->Tag->captureTag(array('name' => $cluster['GalaxyCluster']['tag_name'], 'colour' => '#0088cc', 'exportable' => 1, 'local_only' => $local_only), $user, true); - if ($target_type === 'event') { + if ($targetType === 'event') { $target_id = $target['Event']['id']; - } elseif ($target_type === 'attribute') { + } elseif ($targetType === 'attribute') { $target_id = $target['Attribute']['id']; } else { $target_id = $target['TagCollection']['id']; } - $existingTag = $this->Tag->$connectorModel->hasAny(array($target_type . '_id' => $target_id, 'tag_id' => $tag_id)); + $existingTag = $this->Tag->$connectorModel->hasAny(array($targetType . '_id' => $target_id, 'tag_id' => $tag_id)); if ($existingTag) { return 'Cluster already attached.'; } $this->Tag->$connectorModel->create(); - $toSave = array($target_type . '_id' => $target_id, 'tag_id' => $tag_id, 'local' => $local); - if ($target_type === 'attribute') { + $toSave = array($targetType . '_id' => $target_id, 'tag_id' => $tag_id, 'local' => $local); + if ($targetType === 'attribute') { $toSave['event_id'] = $target['Attribute']['event_id']; } $result = $this->Tag->$connectorModel->save($toSave); if ($result) { if (!$local) { - if ($target_type === 'attribute') { + if ($targetType === 'attribute') { $this->Tag->AttributeTag->Attribute->touch($target); - } elseif ($target_type === 'event') { + } elseif ($targetType === 'event') { $this->Tag->EventTag->Event->unpublishEvent($target); } } - if ($target_type === 'attribute' || $target_type === 'event') { + if ($targetType === 'attribute' || $targetType === 'event') { $this->Tag->EventTag->Event->insertLock($user, $target['Event']['id']); } - $logTitle = 'Attached ' . $cluster['GalaxyCluster']['value'] . ' (' . $cluster['GalaxyCluster']['id'] . ') to ' . $target_type . ' (' . $target_id . ')'; - $this->loadLog()->createLogEntry($user, 'galaxy', ucfirst($target_type), $target_id, $logTitle); + $logTitle = 'Attached ' . $cluster['GalaxyCluster']['value'] . ' (' . $cluster['GalaxyCluster']['id'] . ') to ' . $targetType . ' (' . $target_id . ')'; + $this->loadLog()->createLogEntry($user, 'galaxy', ucfirst($targetType), $target_id, $logTitle); return 'Cluster attached.'; } return 'Could not attach the cluster'; From fbe66a26e81f427ac0adeac07845fe7c1b82c2d1 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 1 Dec 2022 13:25:36 +0100 Subject: [PATCH 109/698] fix: [test] Update after log change --- app/Controller/LogsController.php | 7 +++++-- db_schema.json | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/app/Controller/LogsController.php b/app/Controller/LogsController.php index c2463ef49..1b5afa681 100644 --- a/app/Controller/LogsController.php +++ b/app/Controller/LogsController.php @@ -1,7 +1,9 @@ _harvestParameters($filterData, $exception); unset($filterData); + if ($this->_isRest()) { if ($filters === false) { return $exception; @@ -128,7 +131,7 @@ class LogsController extends AppController public function admin_index() { $this->view = 'index'; - $this->index(); + return $this->index(); } // Shows a minimalistic history for the currently selected event diff --git a/db_schema.json b/db_schema.json index 18ba8c2ed..4470a2435 100644 --- a/db_schema.json +++ b/db_schema.json @@ -9257,5 +9257,5 @@ "uuid": false } }, - "db_version": "101" + "db_version": "102" } From b6a2c854a4d0f02a89ce5ed4bfdcf94c509a99f7 Mon Sep 17 00:00:00 2001 From: iglocska Date: Thu, 1 Dec 2022 14:07:48 +0100 Subject: [PATCH 110/698] new: [session killswitch] added endpoint to kill existing sessions for a user - required for integration in MeliCERTes II --- app/Controller/AppController.php | 20 +++- app/Controller/UsersController.php | 97 +++++++++++++++---- app/Model/User.php | 26 +++++ .../genericElements/IndexTable/headers.ctp | 15 ++- app/View/Users/admin_index.ctp | 56 ++++++++--- 5 files changed, 175 insertions(+), 39 deletions(-) diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index 96dc46a68..c57981692 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -102,7 +102,9 @@ class AppController extends Controller { $controller = $this->request->params['controller']; $action = $this->request->params['action']; - + if (empty($this->Session->read('creation_timestamp'))) { + $this->Session->write('creation_timestamp', time()); + } if (Configure::read('MISP.system_setting_db')) { App::uses('SystemSetting', 'Model'); SystemSetting::setGlobalSetting(); @@ -146,7 +148,6 @@ class AppController extends Controller $isAjax = $this->request->is('ajax'); $this->set('ajax', $isAjax); $this->set('queryVersion', $this->__queryVersion); - $this->User = ClassRegistry::init('User'); $language = Configure::read('MISP.language'); if (!empty($language) && $language !== 'eng') { @@ -155,6 +156,21 @@ class AppController extends Controller Configure::write('Config.language', 'eng'); } + $this->User = ClassRegistry::init('User'); + if ($this->Auth->user()) { + if ($this->User->checkForSessionDestruction($this->Auth->user('id'))) { + $this->Auth->logout(); + $this->Session->destroy(); + $message = __('User deauthenticated on administrator request. Please reauthenticate.'); + if ($this->_isRest()) { + throw new ForbiddenException($message); + } else { + $this->Flash->warning($message); + $this->_redirectToLogin(); + } + } + } + // For fresh installation (salt empty) generate a new salt if (!Configure::read('Security.salt')) { $this->User->Server->serverSettingsSaveValue('Security.salt', $this->User->generateRandomPassword(32)); diff --git a/app/Controller/UsersController.php b/app/Controller/UsersController.php index 3ba568809..ac92571db 100644 --- a/app/Controller/UsersController.php +++ b/app/Controller/UsersController.php @@ -1080,27 +1080,35 @@ class UsersController extends AppController public function admin_delete($id = null) { - $this->request->allowMethod(['post', 'delete']); - - $user = $this->User->find('first', array( - 'conditions' => $this->__adminFetchConditions($id), - 'recursive' => -1 - )); - if (empty($user)) { - throw new NotFoundException(__('Invalid user')); - } - if ($this->User->delete($id)) { - $fieldsDescrStr = 'User (' . $id . '): ' . $user['User']['email']; - $this->User->extralog($this->Auth->user(), "delete", $fieldsDescrStr, ''); - if ($this->_isRest()) { - return $this->RestResponse->saveSuccessResponse('User', 'admin_delete', $id, $this->response->type(), 'User deleted.'); - } else { - $this->Flash->success(__('User deleted')); - $this->redirect(array('action' => 'index')); + if ($this->request->is('post') || $this->request->is('delete')) { + $user = $this->User->find('first', array( + 'conditions' => $this->__adminFetchConditions($id), + 'recursive' => -1 + )); + if (empty($user)) { + throw new NotFoundException(__('Invalid user')); } + if ($this->User->delete($id)) { + $fieldsDescrStr = 'User (' . $id . '): ' . $user['User']['email']; + $this->User->extralog($this->Auth->user(), "delete", $fieldsDescrStr, ''); + if ($this->_isRest()) { + return $this->RestResponse->saveSuccessResponse('User', 'admin_delete', $id, $this->response->type(), 'User deleted.'); + } else { + $this->Flash->success(__('User deleted')); + $this->redirect(array('action' => 'index')); + } + } + $this->Flash->error(__('User was not deleted')); + $this->redirect(array('action' => 'index')); + } else { + $this->set( + 'question', + __('Are you sure you want to delete the user? It is highly recommended to never delete users but to disable them instead.') + ); + $this->set('title', __('Delete user')); + $this->set('actionName', 'Delete'); + $this->render('/genericTemplates/confirm'); } - $this->Flash->error(__('User was not deleted')); - $this->redirect(array('action' => 'index')); } public function admin_massToggleField($fieldName, $enabled) @@ -2828,4 +2836,55 @@ class UsersController extends AppController } return $conditions; } + + public function admin_destroy($id = null) + { + $conditionFields = ['id', 'email']; + $params = $this->IndexFilter->harvestParameters(['id', 'email']); + if (!empty($id)) { + $params['id'] = $id; + } + $conditions = []; + foreach ($conditionFields as $conditionField) { + if (!empty($params[$conditionField])) { + $conditions[$conditionField . ' LIKE'] = $params[$conditionField]; + } + } + if (!empty($conditions)) { + $user_ids = $this->User->find('list', [ + 'recursive' => -1, + 'fields' => ['email', 'id'], + 'conditions' => $conditions + ]); + } else { + $user_ids = [__('Every user') => 'all']; + } + if ($this->request->is('post')) { + $redis = RedisTool::init(); + $kill_before = time(); + foreach (array_values($user_ids) as $user_id) { + $redis->set('misp:session_destroy:' . $user_id, $kill_before); + } + $message = __( + 'Session destruction cutoff set to the current timestamp for the given selection (%s). Session(s) will be destroyed on the next user interaction.', + implode(', ', array_keys($user_ids)) + ); + if ($this->_isRest()) { + return $this->RestResponse->saveSuccessResponse('User', 'admin_destroy', false, $this->response->type(), $message); + } + $this->Flash->success($message); + $this->redirect($this->referer()); + } else { + $this->set( + 'question', + __( + 'Do you really wish to destroy the session for: %s ? The session destruction will occur when the users try to interact with MISP the next time.', + implode(', ', array_keys($user_ids)) + ) + ); + $this->set('title', __('Destroy sessions')); + $this->set('actionName', 'Destroy'); + $this->render('/genericTemplates/confirm'); + } + } } diff --git a/app/Model/User.php b/app/Model/User.php index 74d85e4e8..ab7c59f83 100644 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -1971,4 +1971,30 @@ class User extends AppModel } return $users; } + + public function checkForSessionDestruction($id) + { + if (empty(CakeSession::read('creation_timestamp'))) { + return false; + } + $redis = $this->setupRedis(); + if ($redis) { + $cutoff = $redis->get('misp:session_destroy:' . $id); + $allcutoff = $redis->get('misp:session_destroy:all'); + if ( + empty($cutoff) || + ( + !empty($cutoff) && + !empty($allcutoff) && + $allcutoff < $cutoff + ) + ) { + $cutoff = $allcutoff; + } + if ($cutoff && CakeSession::read('creation_timestamp') < $cutoff) { + return true; + } + } + return false; + } } diff --git a/app/View/Elements/genericElements/IndexTable/headers.ctp b/app/View/Elements/genericElements/IndexTable/headers.ctp index 4413be6d9..ad3548d60 100644 --- a/app/View/Elements/genericElements/IndexTable/headers.ctp +++ b/app/View/Elements/genericElements/IndexTable/headers.ctp @@ -4,9 +4,20 @@ foreach ($fields as $k => $header) { if (!isset($header['requirement']) || $header['requirement']) { $header_data = ''; + if (!empty($header['icon'])) { + $header['name'] = sprintf( + ' %s', + h($header['icon']), + empty($header['name']) ? '' : h($header['name']) + ); + } else { + if (!empty($header['name'])) { + $header['name'] = h($header['name']); + } + } if (!empty($header['sort'])) { if (!empty($header['name'])) { - $header_data = $paginator->sort($header['sort'], $header['name']); + $header_data = $paginator->sort($header['sort'], $header['name'], ['escape' => false]); } else { $header_data = $paginator->sort($header['sort']); } @@ -19,7 +30,7 @@ empty($header['select_all_function']) ? 'onclick="toggleAllAttributeCheckboxes();"' : 'onclick="' . $header['select_all_function'] . '"' ); } else { - $header_data = h($header['name']); + $header_data = $header['name']; } } $classes = []; diff --git a/app/View/Users/admin_index.ctp b/app/View/Users/admin_index.ctp index dd2f801ee..d66bb8a9c 100755 --- a/app/View/Users/admin_index.ctp +++ b/app/View/Users/admin_index.ctp @@ -139,7 +139,9 @@ 'requirement' => empty(Configure::read('Security.advanced_authkeys')) ), array( - 'name' => __('Event alert'), + 'name' => '', + 'header_title' => __('Event publish alert'), + 'icon' => 'envelope', 'element' => 'boolean', 'sort' => 'User.autoalert', 'class' => 'short', @@ -147,7 +149,9 @@ 'colors' => true, ), array( - 'name' => __('Contact alert'), + 'name' => '', + 'header_title' => __('Contact alert'), + 'icon' => 'handshake', 'element' => 'boolean', 'sort' => 'User.contactalert', 'class' => 'short', @@ -155,7 +159,9 @@ 'colors' => true, ), array( - 'name' => __('Periodic notif.'), + 'name' => '', + 'header_title' => __('Periodic notification'), + 'icon' => 'clock', 'element' => 'custom', 'class' => 'short', 'function' => function (array $user) use ($periodic_notifications) { @@ -169,7 +175,9 @@ } ), array( - 'name' => __('PGP Key'), + 'name' => '', + 'header_title' => __('PGP public key'), + 'icon' => 'key', 'element' => 'boolean', 'sort' => 'User.gpgkey', 'class' => 'short', @@ -177,7 +185,9 @@ 'colors' => true, ), array( - 'name' => __('S/MIME'), + 'name' => '', + 'header_title' => __('S/MIME public key'), + 'icon' => 'lock', 'element' => 'boolean', 'sort' => 'User.certif_public', 'class' => 'short', @@ -191,7 +201,9 @@ 'data_path' => 'User.nids_sid' ), array( - 'name' => __('Terms Accepted'), + 'name' => '', + 'header_title' => __('Terms accepted'), + 'icon' => 'gavel', 'element' => 'boolean', 'sort' => 'User.termsaccepted', 'class' => 'short', @@ -230,19 +242,23 @@ 'requirement' => Configure::read('Plugin.CustomAuth_enable') && empty(Configure::read('Plugin.CustomAuth_required')) ), array( - 'name' => __('Monitored'), + 'name' => '', + 'header_title' => __('Monitored'), + 'icon' => 'desktop', 'element' => 'toggle', 'url' => $baseurl . '/admin/users/monitor', 'url_params_data_paths' => array( 'User.id' ), - 'sort' => 'User.disabled', + 'sort' => 'User.monitored', 'class' => 'short', 'data_path' => 'User.monitored', 'requirement' => $isSiteAdmin && Configure::read('Security.user_monitoring_enabled') ), array( - 'name' => __('Disabled'), + 'name' => '', + 'header_title' => __('User disabled'), + 'icon' => 'times', 'element' => 'boolean', 'sort' => 'User.disabled', 'class' => 'short', @@ -280,16 +296,24 @@ 'icon' => 'edit', 'title' => __('Edit') ), - array( - 'url' => $baseurl . '/admin/users/delete', - 'url_params_data_paths' => array( - 'User.id' + [ + 'onclick' => sprintf( + 'openGenericModal(\'%s/admin/users/destroy/[onclick_params_data_path]\');', + $baseurl ), - 'postLink' => 1, - 'postLinkConfirm' => __('Are you sure you want to delete the user? It is highly recommended to never delete users but to disable them instead.'), + 'onclick_params_data_path' => 'User.id', + 'icon' => 'bomb', + 'title' => __('Destroy sessions') + ], + [ + 'onclick' => sprintf( + 'openGenericModal(\'%s/admin/users/delete/[onclick_params_data_path]\');', + $baseurl + ), + 'onclick_params_data_path' => 'User.id', 'icon' => 'trash', 'title' => __('Delete') - ), + ], array( 'url' => $baseurl . '/admin/users/view', 'url_params_data_paths' => array( From 14ebd7c7757c70ad98df3b3d358e742cff963064 Mon Sep 17 00:00:00 2001 From: iglocska Date: Thu, 1 Dec 2022 14:09:18 +0100 Subject: [PATCH 111/698] fix: [ACL] added admin_destroy --- app/Controller/Component/ACLComponent.php | 1 + 1 file changed, 1 insertion(+) diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index cab59d922..92660f11d 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -721,6 +721,7 @@ class ACLComponent extends Component 'acceptRegistrations' => array(), 'admin_add' => ['AND' => ['perm_admin', 'add_user_enabled']], 'admin_delete' => array('perm_admin'), + 'admin_destroy' => array(), 'admin_edit' => array('perm_admin'), 'admin_email' => array('perm_admin'), 'admin_filterUserIndex' => array('perm_admin'), From 1876c289125aa7ef309e2c358e9928223f0d48b7 Mon Sep 17 00:00:00 2001 From: iglocska Date: Thu, 1 Dec 2022 14:25:11 +0100 Subject: [PATCH 112/698] chg: [redistool] allow for using sockets --- app/Lib/Tools/RedisTool.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/app/Lib/Tools/RedisTool.php b/app/Lib/Tools/RedisTool.php index b1ae623c1..8a68dfe20 100644 --- a/app/Lib/Tools/RedisTool.php +++ b/app/Lib/Tools/RedisTool.php @@ -26,12 +26,18 @@ class RedisTool } $host = Configure::read('MISP.redis_host') ?: '127.0.0.1'; - $port = Configure::read('MISP.redis_port') ?: 6379; + $socket = false; + if ($host[0] === '/') { + $socket = $host; + } else { + $port = Configure::read('MISP.redis_port') ?: 6379; + } $database = Configure::read('MISP.redis_database') ?: 13; $pass = Configure::read('MISP.redis_password'); $redis = new Redis(); - if (!$redis->connect($host, (int) $port)) { + $connection = empty($socket) ? $redis->connect($host, (int) $port) : $redis->connect($host); + if (!$connection) { throw new Exception("Could not connect to Redis: {$redis->getLastError()}"); } if (!empty($pass)) { From 7d0faf356a57f52548aed1fe6f031eb84df6a2df Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Thu, 1 Dec 2022 14:43:38 +0100 Subject: [PATCH 113/698] fix: undefined index --- app/View/Elements/Events/View/row_attribute.ctp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/View/Elements/Events/View/row_attribute.ctp b/app/View/Elements/Events/View/row_attribute.ctp index ad5c42f73..10943c3b3 100644 --- a/app/View/Elements/Events/View/row_attribute.ctp +++ b/app/View/Elements/Events/View/row_attribute.ctp @@ -218,7 +218,7 @@ h($feed['id']), sprintf( '', - h(json_encode($feed['event_uuids'])) + h(json_encode($feed['event_uuids'] ?? [])) ), sprintf( '', From ebacca77f46a09ec4b1189d0405683597b6999fc Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Thu, 1 Dec 2022 14:44:13 +0100 Subject: [PATCH 114/698] fix: undefined --- app/View/Elements/ajaxTags.ctp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/View/Elements/ajaxTags.ctp b/app/View/Elements/ajaxTags.ctp index 3839e0d88..86c8e4e59 100644 --- a/app/View/Elements/ajaxTags.ctp +++ b/app/View/Elements/ajaxTags.ctp @@ -101,7 +101,7 @@ 'localTagAccess' => $localTagAccess, 'searchUrl' => $searchUrl, 'scope' => $scope, - 'id' => $id, + 'id' => $id ?? null, 'tag_display_style' => $tag_display_style ]); } From f66ac93d0239784339acc65fcee79878c17822ad Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Thu, 1 Dec 2022 14:44:32 +0100 Subject: [PATCH 115/698] fix: css --- app/View/Elements/rich_tag.ctp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/View/Elements/rich_tag.ctp b/app/View/Elements/rich_tag.ctp index c8fcae5ec..f529be23f 100644 --- a/app/View/Elements/rich_tag.ctp +++ b/app/View/Elements/rich_tag.ctp @@ -96,4 +96,4 @@ if ($canModifyAllTags || ($canModifyLocalTags && $tag['Tag']['local'])) { ); } -echo '' . $span_scope . $span_relationship_type . $span_tag . $span_relationship . $span_delete . ''; +echo '' . $span_scope . $span_relationship_type . $span_tag . $span_relationship . $span_delete . ''; From 33117bfe8ee0879e30300f200c709aae01e5236d Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Thu, 1 Dec 2022 14:45:54 +0100 Subject: [PATCH 116/698] fix: undefined index --- .../genericElements/SidePanels/Templates/relatedFeeds.ctp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/View/Elements/genericElements/SidePanels/Templates/relatedFeeds.ctp b/app/View/Elements/genericElements/SidePanels/Templates/relatedFeeds.ctp index c153433cb..fbd73e393 100644 --- a/app/View/Elements/genericElements/SidePanels/Templates/relatedFeeds.ctp +++ b/app/View/Elements/genericElements/SidePanels/Templates/relatedFeeds.ctp @@ -23,7 +23,7 @@ sprintf( ' ', - h(json_encode($relatedFeed['event_uuids'])), + h(json_encode($relatedFeed['event_uuids'] ?? [])), h($relatedFeed['name']) . ' (' . $relatedFeed['id'] . ')', h($popover) ) From 4a76fae0eafeb5e8f56eb114885bf7ac7b989c4d Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 1 Dec 2022 13:57:15 +0100 Subject: [PATCH 117/698] chg: [test] Show application logs --- .github/workflows/main.yml | 4 +++- app/Console/Command/LogShell.php | 23 +++++++++++++++-------- app/Model/AppModel.php | 10 ++++++++++ 3 files changed, 28 insertions(+), 9 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e53ebb9d9..294e448ee 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -263,4 +263,6 @@ jobs: run: | tail -n +1 `pwd`/app/tmp/logs/* tail -n +1 /var/log/apache2/*.log - + + sudo -u $USER app/Console/cake Log export /tmp/logs.json.gz --without-changes + zcat /tmp/logs.json.gz diff --git a/app/Console/Command/LogShell.php b/app/Console/Command/LogShell.php index 0da55c6f1..5e786ed5d 100644 --- a/app/Console/Command/LogShell.php +++ b/app/Console/Command/LogShell.php @@ -24,11 +24,14 @@ class LogShell extends AppShell ]); $parser->addSubcommand('export', [ 'help' => __('Export application logs to compressed file in JSON Lines format (one JSON encoded line per entry).'), - 'parser' => array( - 'arguments' => array( + 'parser' => [ + 'arguments' => [ 'file' => ['help' => __('Path to output file'), 'required' => true], - ), - ), + ], + 'options' => [ + 'without-changes' => ['boolean' => true, 'help' => __('Do not include add, edit or delete actions.')], + ], + ], ]); $parser->addSubcommand('recompress', [ 'help' => __('Recompress compressed data in logs.'), @@ -39,6 +42,7 @@ class LogShell extends AppShell public function export() { list($path) = $this->args; + $withoutChanges = $this->param('without-changes'); if (file_exists($path)) { $this->error("File $path already exists"); @@ -49,21 +53,24 @@ class LogShell extends AppShell $this->error("Could not open $path for writing"); } - $rows = $this->Log->query("SELECT TABLE_ROWS FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'logs';"); /** @var ProgressShellHelper $progress */ $progress = $this->helper('progress'); $progress->init([ - 'total' => $rows[0]['TABLES']['TABLE_ROWS'], // just estimate, but fast + 'total' => $this->Log->tableRows(), // just estimate, but fast 'width' => 50, ]); $lastId = 0; while (true) { + $conditions = ['Log.id >' => $lastId]; // much faster than offset + if ($withoutChanges) { + $conditions['NOT'] = ['Log.action' => ['add', 'edit', 'delete']]; + } $logs = $this->Log->find('all', [ - 'conditions' => ['id >' => $lastId], // much faster than offset + 'conditions' => $conditions, 'recursive' => -1, 'limit' => 100000, - 'order' => ['id ASC'], + 'order' => ['Log.id ASC'], ]); if (empty($logs)) { break; diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index 678f721db..572c56ad9 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -3053,6 +3053,16 @@ class AppModel extends Model return [$subQuery]; } + /** + * Returns estimated number of table rows + * @return int + */ + public function tableRows() + { + $rows = $this->query("SELECT TABLE_ROWS FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '{$this->table}';"); + return $rows[0]['TABLES']['TABLE_ROWS']; + } + // start a benchmark run for the given bench name public function benchmarkInit($name = 'default') { From d4c6d9e40c64ea79d44ff3b70d8b760a3d6dad47 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 1 Dec 2022 15:12:20 +0100 Subject: [PATCH 118/698] fix: [internal] Cleanup for log controller --- app/Controller/LogsController.php | 79 +++++++++++++++---------------- 1 file changed, 39 insertions(+), 40 deletions(-) diff --git a/app/Controller/LogsController.php b/app/Controller/LogsController.php index 1b5afa681..f50a23ced 100644 --- a/app/Controller/LogsController.php +++ b/app/Controller/LogsController.php @@ -25,7 +25,7 @@ class LogsController extends AppController parent::beforeFilter(); // No need for CSRF tokens for a search - if ('admin_search' == $this->request->params['action']) { + if ('admin_search' === $this->request->params['action']) { $this->Security->csrfCheck = false; } } @@ -35,7 +35,7 @@ class LogsController extends AppController $paramArray = array('id', 'title', 'created', 'model', 'model_id', 'action', 'user_id', 'change', 'email', 'org', 'description', 'ip'); $filterData = array( 'request' => $this->request, - 'named_params' => $this->params['named'], + 'named_params' => $this->request->params['named'], 'paramArray' => $paramArray, 'ordered_url_params' => func_get_args() ); @@ -74,15 +74,14 @@ class LogsController extends AppController } } if (!$this->_isSiteAdmin()) { - // no filtering for SiteAdmin - } - else if (!$this->_isSiteAdmin() && $this->_isAdmin()) { - // ORG admins can see their own org info - $orgRestriction = $this->Auth->user('Organisation')['name']; - $conditions['Log.org'] = $orgRestriction; - } else { - // users can see their own info - $conditions['Log.email'] = $this->Auth->user('email'); + if ($this->_isAdmin()) { + // ORG admins can see their own org info + $orgRestriction = $this->Auth->user('Organisation')['name']; + $conditions['Log.org'] = $orgRestriction; + } else { + // users can see their own info + $conditions['Log.email'] = $this->Auth->user('email'); + } } $params = array( 'conditions' => $conditions, @@ -96,36 +95,36 @@ class LogsController extends AppController } $log_entries = $this->Log->find('all', $params); return $this->RestResponse->viewData($log_entries, 'json'); - } else { - $this->set('isSearch', 0); - $this->recursive = 0; - $validFilters = $this->Log->logMeta; - if ($this->_isSiteAdmin()) { - $validFilters = array_merge_recursive($validFilters, $this->Log->logMetaAdmin); - } - else if (!$this->_isSiteAdmin() && $this->_isAdmin()) { - // ORG admins can see their own org info - $orgRestriction = $this->Auth->user('Organisation')['name']; - $conditions['Log.org'] = $orgRestriction; - $this->paginate['conditions'] = $conditions; - } else { - // users can see their own info - $conditions['Log.email'] = $this->Auth->user('email'); - $this->paginate['conditions'] = $conditions; - } - if (isset($this->params['named']['filter']) && in_array($this->params['named']['filter'], array_keys($validFilters))) { - $this->paginate['conditions']['Log.action'] = $validFilters[$this->params['named']['filter']]['values']; - } - foreach ($filters as $key => $value) { - if ($key === 'created') { - $key = 'created >='; - } - $this->paginate['conditions']["Log.$key"] = $value; - } - $this->set('validFilters', $validFilters); - $this->set('filter', isset($this->params['named']['filter']) ? $this->params['named']['filter'] : false); - $this->set('list', $this->paginate()); } + + $this->set('isSearch', 0); + $this->recursive = 0; + $validFilters = $this->Log->logMeta; + if ($this->_isSiteAdmin()) { + $validFilters = array_merge_recursive($validFilters, $this->Log->logMetaAdmin); + } + else if (!$this->_isSiteAdmin() && $this->_isAdmin()) { + // ORG admins can see their own org info + $orgRestriction = $this->Auth->user('Organisation')['name']; + $conditions['Log.org'] = $orgRestriction; + $this->paginate['conditions'] = $conditions; + } else { + // users can see their own info + $conditions['Log.email'] = $this->Auth->user('email'); + $this->paginate['conditions'] = $conditions; + } + if (isset($this->params['named']['filter']) && in_array($this->params['named']['filter'], array_keys($validFilters))) { + $this->paginate['conditions']['Log.action'] = $validFilters[$this->params['named']['filter']]['values']; + } + foreach ($filters as $key => $value) { + if ($key === 'created') { + $key = 'created >='; + } + $this->paginate['conditions']["Log.$key"] = $value; + } + $this->set('validFilters', $validFilters); + $this->set('filter', isset($this->params['named']['filter']) ? $this->params['named']['filter'] : false); + $this->set('list', $this->paginate()); } public function admin_index() From 8ea28a13850386e44db4e18ce2b75a7decd90123 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 1 Dec 2022 17:19:35 +0100 Subject: [PATCH 119/698] fix: [db] Duplicate migration --- app/Model/AppModel.php | 8 ++++---- db_schema.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index 3729362e8..873128409 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -83,7 +83,7 @@ class AppModel extends Model 81 => false, 82 => false, 83 => false, 84 => false, 85 => false, 86 => false, 87 => false, 88 => false, 89 => false, 90 => false, 91 => false, 92 => false, 93 => false, 94 => false, 95 => true, 96 => false, 97 => true, 98 => false, - 99 => false, 100 => false, 101 => false, 102 => false + 99 => false, 100 => false, 101 => false, 102 => false, 103 => false, ); const ADVANCED_UPDATES_DESCRIPTION = array( @@ -1921,6 +1921,9 @@ class AppModel extends Model ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;"; break; case 102: + $sqlArray[] = "UPDATE roles SET perm_audit = 1;"; + break; + case 103: $sqlArray[] = "ALTER TABLE `taxonomies` ADD `highlighted` tinyint(1) DEFAULT 0;"; break; case 'fixNonEmptySharingGroupID': @@ -2000,9 +2003,6 @@ class AppModel extends Model } } break; - case 102: - $sqlArray[] = "UPDATE roles SET perm_audit = 1;"; - break; default: return false; } diff --git a/db_schema.json b/db_schema.json index be825fc77..e2df5046d 100644 --- a/db_schema.json +++ b/db_schema.json @@ -9268,5 +9268,5 @@ "uuid": false } }, - "db_version": "102" + "db_version": "103" } From 00fa78e6eaab64da9917dad2ea4f9cfeb73512c0 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Tue, 15 Nov 2022 13:12:55 +0100 Subject: [PATCH 120/698] chg: [internal] Move rest response SQL output --- app/Controller/AppController.php | 5 --- .../Component/RestResponseComponent.php | 39 +++++++++++-------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index c57981692..2aea3a982 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -43,7 +43,6 @@ class AppController extends Controller private $isApiAuthed = false; public $baseurl = ''; - public $sql_dump = false; public $restResponsePayload = null; @@ -138,10 +137,6 @@ class AppController extends Controller $this->response->header('X-XSS-Protection', '1; mode=block'); } - if (!empty($this->request->params['named']['sql'])) { - $this->sql_dump = intval($this->request->params['named']['sql']); - } - $this->_setupDatabaseConnection(); $this->set('debugMode', Configure::read('debug') >= 1 ? 'debugOn' : 'debugOff'); diff --git a/app/Controller/Component/RestResponseComponent.php b/app/Controller/Component/RestResponseComponent.php index 28d4a60e0..e8d8c29e4 100644 --- a/app/Controller/Component/RestResponseComponent.php +++ b/app/Controller/Component/RestResponseComponent.php @@ -608,37 +608,34 @@ class RestResponseComponent extends Component $type = 'csv'; } else { $type = $format; - $dumpSql = !empty($this->Controller->sql_dump) && Configure::read('debug') > 1; + + $dumpSql = intval($this->Controller->request->params['named']['sql'] ?? 0); + if ($dumpSql && Configure::read('debug') < 2) { + $dumpSql = 0; // disable dumping SQL if debugging is off + } + if (!$raw) { if (is_string($response)) { $response = array('message' => $response); } if ($dumpSql) { - $this->Log = ClassRegistry::init('Log'); - if ($this->Controller->sql_dump === 2) { - $response = array('sql_dump' => $this->Log->getDataSource()->getLog(false, false)); + if ($dumpSql === 2) { + $response = ['sql_dump' => $this->getSqlLog()]; } else { - $response['sql_dump'] = $this->Log->getDataSource()->getLog(false, false); + $response['sql_dump'] = $this->getSqlLog(); } } - $flags = JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE; - if (!$this->isAutomaticTool()) { - $flags |= JSON_PRETTY_PRINT; // Do not pretty print response for automatic tools - } - if (defined('JSON_THROW_ON_ERROR')) { - $flags |= JSON_THROW_ON_ERROR; // Throw exception on error if supported - } - $response = json_encode($response, $flags); + $prettyPrint = !$this->isAutomaticTool(); // Do not pretty print response for automatic tools + $response = JsonTool::encode($response, $prettyPrint); } else { if ($dumpSql) { - $this->Log = ClassRegistry::init('Log'); - if ($this->Controller->sql_dump === 2) { - $response = json_encode(array('sql_dump' => $this->Log->getDataSource()->getLog(false, false))); + if ($dumpSql === 2) { + $response = JsonTool::encode(['sql_dump' => $this->getSqlLog()]); } else { $response = substr_replace( $response, - sprintf(', "sql_dump": %s}', json_encode($this->Log->getDataSource()->getLog(false, false))), + sprintf(', "sql_dump": %s}', JsonTool::encode($this->getSqlLog())), -2 ); } @@ -2104,4 +2101,12 @@ class RestResponseComponent extends Component } return '/' . $admin_routing . $controller . '/' . $action; } + + /** + * @return array + */ + private function getSqlLog() + { + return $this->Controller->User->getDataSource()->getLog(false, false); + } } From b3fd26710535ff4dfa0cdf1e28950f944c79e447 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Tue, 15 Nov 2022 14:38:22 +0100 Subject: [PATCH 121/698] new: [log] Add ability to log sql queries for access log --- app/Controller/AccessLogsController.php | 20 ++++ app/Controller/Component/ACLComponent.php | 1 + app/Model/AccessLog.php | 113 +++++++++++++++++----- app/Model/AppModel.php | 5 +- app/Model/Server.php | 12 ++- app/View/AccessLogs/admin_index.ctp | 16 ++- app/View/AccessLogs/admin_query_log.ctp | 14 +++ app/webroot/css/main.css | 1 - 8 files changed, 154 insertions(+), 28 deletions(-) create mode 100644 app/View/AccessLogs/admin_query_log.ctp diff --git a/app/Controller/AccessLogsController.php b/app/Controller/AccessLogsController.php index 549a66e34..936c68697 100644 --- a/app/Controller/AccessLogsController.php +++ b/app/Controller/AccessLogsController.php @@ -61,6 +61,9 @@ class AccessLogsController extends AppController if (empty(Configure::read('MISP.log_skip_access_logs_in_application_logs'))) { $this->Flash->warning(__('Access logs are logged in both application logs and access logs. Make sure you reconfigure your log monitoring tools and update MISP.log_skip_access_logs_in_application_logs.')); } + + $this->AccessLog->virtualFields['has_query_log'] = 'query_log IS NOT NULL'; + $this->paginate['fields'][] = 'has_query_log'; $this->paginate['conditions'] = $conditions; $list = $this->paginate(); @@ -102,6 +105,23 @@ class AccessLogsController extends AppController $this->set('request', $data); } + public function admin_queryLog($id) + { + $request = $this->AccessLog->find('first', [ + 'conditions' => ['AccessLog.id' => $id], + 'fields' => ['AccessLog.query_log'], + ]); + if (empty($request)) { + throw new NotFoundException(__('Access log not found')); + } + + if (empty($request['AccessLog']['query_log'])) { + throw new NotFoundException(__('Query log is empty')); + } + + $this->set('queryLog', $request['AccessLog']['query_log']); + } + /** * @param array $params * @return array diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index 54447ef91..8d2795eea 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -396,6 +396,7 @@ class ACLComponent extends Component 'accessLogs' => [ 'admin_index' => [], 'admin_request' => [], + 'admin_queryLog' => [], ], 'modules' => array( 'index' => array('perm_auth'), diff --git a/app/Model/AccessLog.php b/app/Model/AccessLog.php index bb637f0c5..9880a2fb3 100644 --- a/app/Model/AccessLog.php +++ b/app/Model/AccessLog.php @@ -57,6 +57,9 @@ class AccessLog extends AppModel $result['AccessLog']['request'] = false; } } + if (!empty($result['AccessLog']['query_log'])) { + $result['AccessLog']['query_log'] = JsonTool::decode($this->decompress($result['AccessLog']['query_log'])); + } if (!empty($result['AccessLog']['memory_usage'])) { $result['AccessLog']['memory_usage'] = $result['AccessLog']['memory_usage'] * 1024; } @@ -90,8 +93,12 @@ class AccessLog extends AppModel $accessLog['request_method'] = $requestMethodIds[$accessLog['request_method']] ?? 0; } - if (isset($accessLog['request'])) { - $accessLog['request'] = $this->encodeRequest($accessLog['request']); + if (!empty($accessLog['request'])) { + $accessLog['request'] = $this->compress($accessLog['request']); + } + + if (!empty($accessLog['query_log'])) { + $accessLog['query_log'] = $this->compress(JsonTool::encode($accessLog['query_log'])); } // In database save size in kb to avoid overflow signed int type @@ -113,6 +120,11 @@ class AccessLog extends AppModel $requestTime = $_SERVER['REQUEST_TIME_FLOAT'] ?? microtime(true); $now = DateTime::createFromFormat('U.u', $requestTime); $logClientIp = Configure::read('MISP.log_client_ip'); + $includeSqlQueries = Configure::read('MISP.log_paranoid_include_sql_queries'); + + if ($includeSqlQueries) { + $this->getDataSource()->fullDebug = true; // Enable SQL logging + } $dataToSave = [ 'created' => $now->format('Y-m-d H:i:s.u'), @@ -133,9 +145,9 @@ class AccessLog extends AppModel } // Save data on shutdown - register_shutdown_function(function () use ($dataToSave, $requestTime) { + register_shutdown_function(function () use ($dataToSave, $requestTime, $includeSqlQueries) { session_write_close(); // close session to allow concurrent requests - $this->saveOnShutdown($dataToSave, $requestTime); + $this->saveOnShutdown($dataToSave, $requestTime, $includeSqlQueries); }); return true; @@ -162,12 +174,23 @@ class AccessLog extends AppModel /** * @param array $data * @param float $requestTime + * @param bool $includeSqlQueries * @return bool * @throws Exception */ - private function saveOnShutdown(array $data, $requestTime) + private function saveOnShutdown(array $data, $requestTime, $includeSqlQueries) { - $queryCount = $this->getDataSource()->getLog(false, false)['count']; + $sqlLog = $this->getDataSource()->getLog(false, false); + $queryCount = $sqlLog['count']; + + if ($includeSqlQueries && !empty($sqlLog['log'])) { + foreach ($sqlLog['log'] as &$log) { + $log['query'] = $this->escapeNonUnicode($log['query']); + unset($log['affected']); // affected is the same as numRows + unset($log['params']); // no need to save for your use case + } + $data['query_log'] = ['time' => $sqlLog['time'], 'log' => $sqlLog['log']]; + } $data['response_code'] = http_response_code(); $data['memory_usage'] = memory_get_peak_usage(); @@ -198,21 +221,15 @@ class AccessLog extends AppModel /** * @param string $request - * @return array|bool + * @return array|false */ private function decodeRequest($request) { - $header = substr($request, 0, 4); - if ($header === self::BROTLI_HEADER) { - if (function_exists('brotli_uncompress')) { - $request = brotli_uncompress(substr($request, 4)); - if ($request === false) { - return false; - } - } else { - return false; - } + $request = $this->decompress($request); + if ($request === false) { + return false; } + list($contentType, $encoding, $data) = explode("\n", $request, 3); if ($encoding === 'gzip') { @@ -229,17 +246,69 @@ class AccessLog extends AppModel } /** - * @param string $request + * @param string $data + * @return false|string + */ + private function decompress($data) + { + $header = substr($data, 0, 4); + if ($header === self::BROTLI_HEADER) { + if (function_exists('brotli_uncompress')) { + $data = brotli_uncompress(substr($data, 4)); + if ($data === false) { + return false; + } + } else { + return false; + } + } + return $data; + } + + /** + * @param string $data * @return string */ - private function encodeRequest($request) + private function compress($data) { $compressionEnabled = Configure::read('MISP.log_new_audit_compress') && function_exists('brotli_compress'); - if ($compressionEnabled && strlen($request) >= self::COMPRESS_MIN_LENGTH) { - return self::BROTLI_HEADER . brotli_compress($request, 4, BROTLI_TEXT); + if ($compressionEnabled && strlen($data) >= self::COMPRESS_MIN_LENGTH) { + return self::BROTLI_HEADER . brotli_compress($data, 4, BROTLI_TEXT); } - return $request; + return $data; + } + + /** + * @param $string + * @return string + */ + private function escapeNonUnicode($string) + { + if (json_encode($string, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS) !== false) { + return $string; // string is valid unicode + } + + if (function_exists('mb_str_split')) { + $result = mb_str_split($string); + } else { + $result = []; + $length = mb_strlen($string); + for ($i = 0; $i < $length; $i++) { + $result[] = mb_substr($string, $i, 1); + } + } + + $string = ''; + foreach ($result as $char) { + if (strlen($char) === 1 && !preg_match('/[[:print:]]/', $char)) { + $string .= '\x' . bin2hex($char); + } else { + $string .= $char; + } + } + + return $string; } } \ No newline at end of file diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index 873128409..6ab2fc907 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -83,7 +83,7 @@ class AppModel extends Model 81 => false, 82 => false, 83 => false, 84 => false, 85 => false, 86 => false, 87 => false, 88 => false, 89 => false, 90 => false, 91 => false, 92 => false, 93 => false, 94 => false, 95 => true, 96 => false, 97 => true, 98 => false, - 99 => false, 100 => false, 101 => false, 102 => false, 103 => false, + 99 => false, 100 => false, 101 => false, 102 => false, 103 => false, 104 => false, ); const ADVANCED_UPDATES_DESCRIPTION = array( @@ -1926,6 +1926,9 @@ class AppModel extends Model case 103: $sqlArray[] = "ALTER TABLE `taxonomies` ADD `highlighted` tinyint(1) DEFAULT 0;"; break; + case 104: + $sqlArray[] = "ALTER TABLE `access_logs` ADD `query_log` blob DEFAULT NULL"; + break; case 'fixNonEmptySharingGroupID': $sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; $sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; diff --git a/app/Model/Server.php b/app/Model/Server.php index 2659da8d9..e34431a2f 100644 --- a/app/Model/Server.php +++ b/app/Model/Server.php @@ -5539,7 +5539,7 @@ class Server extends AppModel ), 'log_client_ip_header' => array( 'level' => 1, - 'description' => __('If log_client_ip is enabled, you can customize which header field contains the client\'s IP address. This is generally used when you have a reverse proxy infront of your MISP instance.'), + 'description' => __('If log_client_ip is enabled, you can customize which header field contains the client\'s IP address. This is generally used when you have a reverse proxy in front of your MISP instance.'), 'value' => 'REMOTE_ADDR', 'test' => 'testForEmpty', 'type' => 'string', @@ -5595,7 +5595,7 @@ class Server extends AppModel ), 'log_paranoid_skip_db' => array( 'level' => 0, - 'description' => __('You can decide to skip the logging of the paranoid logs to the database.'), + 'description' => __('You can decide to skip the logging of the paranoid logs to the database. Logs will be just published to ZMQ or Kafka.'), 'value' => false, 'test' => 'testParanoidSkipDb', 'type' => 'boolean', @@ -5609,6 +5609,14 @@ class Server extends AppModel 'type' => 'boolean', 'null' => true ), + 'log_paranoid_include_sql_queries' => [ + 'level' => 0, + 'description' => __('If paranoid logging is enabled, include the SQL queries in the entries.'), + 'value' => false, + 'test' => 'testBool', + 'type' => 'boolean', + 'null' => true + ], 'log_user_ips' => array( 'level' => 0, 'description' => __('Log user IPs on each request. 30 day retention for lookups by IP to get the last authenticated user ID for the given IP, whilst on the reverse, indefinitely stores all associated IPs for a user ID.'), diff --git a/app/View/AccessLogs/admin_index.ctp b/app/View/AccessLogs/admin_index.ctp index e3859c81c..ec1a677de 100644 --- a/app/View/AccessLogs/admin_index.ctp +++ b/app/View/AccessLogs/admin_index.ctp @@ -315,13 +315,14 @@ - ' : '' ?> + ' : '' ?> ms - + ' : '') ?> + @@ -347,6 +348,17 @@ return false; }); + $('.query-log').click(function (e) { + e.preventDefault(); + var id = $(this).data('log-id'); + $.get(baseurl + "/admin/access_logs/queryLog/" + id, function(data) { + var $popoverFormLarge = $('#popover_form_large'); + $popoverFormLarge.html(data); + openPopup($popoverFormLarge); + }).fail(xhrFailCallback); + return false; + }); + $(function() { filterSearch(function (e, searchKey, searchValue) { if (searchKey === 'controller:action') { diff --git a/app/View/AccessLogs/admin_query_log.ctp b/app/View/AccessLogs/admin_query_log.ctp new file mode 100644 index 000000000..f25bc0cb7 --- /dev/null +++ b/app/View/AccessLogs/admin_query_log.ctp @@ -0,0 +1,14 @@ + + + + + + + + + + + + + +
diff --git a/app/webroot/css/main.css b/app/webroot/css/main.css index 952f44177..1f72b1974 100644 --- a/app/webroot/css/main.css +++ b/app/webroot/css/main.css @@ -1035,7 +1035,6 @@ a.black-white:hover { left:calc(50% - 350px); position: fixed; background-color:#f4f4f4; - border-radius: 11px 11px 10px 10px; box-shadow: 4px 4px 4px #333; z-index:5; } From ad18cbe3a77228909b6ad971d31d8439c37ae589 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Tue, 15 Nov 2022 15:14:43 +0100 Subject: [PATCH 122/698] new: [log] Access log retention command --- app/Console/Command/LogShell.php | 19 +++++++++++++++++++ app/Model/AccessLog.php | 18 ++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/app/Console/Command/LogShell.php b/app/Console/Command/LogShell.php index 5e786ed5d..d4bf5f239 100644 --- a/app/Console/Command/LogShell.php +++ b/app/Console/Command/LogShell.php @@ -36,6 +36,14 @@ class LogShell extends AppShell $parser->addSubcommand('recompress', [ 'help' => __('Recompress compressed data in logs.'), ]); + $parser->addSubcommand('accessLogRetention', [ + 'help' => __('Delete logs that are older than specified duration.'), + 'parser' => array( + 'arguments' => array( + 'duration' => ['help' => __('Duration in days'), 'required' => true], + ), + ), + ]); return $parser; } @@ -191,4 +199,15 @@ class LogShell extends AppShell { $this->AuditLog->recompress(); } + + public function accessLogRetention() + { + list($duration) = $this->args; + if ($duration <= 0 || !is_numeric($duration)) { + $this->error("Invalid duration specified."); + } + $duration = new DateTime("-$duration days"); + $deleted = $this->AccessLog->deleteOldLogs($duration); + $this->out(__n("Deleted %s entry", "Deleted %s entries", $deleted, $deleted)); + } } diff --git a/app/Model/AccessLog.php b/app/Model/AccessLog.php index 9880a2fb3..d272ddeb6 100644 --- a/app/Model/AccessLog.php +++ b/app/Model/AccessLog.php @@ -153,6 +153,24 @@ class AccessLog extends AppModel return true; } + /** + * @param DateTime $duration + * @return int Number of deleted entries + */ + public function deleteOldLogs(DateTime $duration) + { + $this->deleteAll([ + ['created <' => $duration->format('Y-m-d H:i:s.u')], + ], false); + + $deleted = $this->getAffectedRows(); + if ($deleted > 100) { + $dataSource = $this->getDataSource(); + $dataSource->query('OPTIMISE TABLE ' . $dataSource->name($this->table)); + } + return $deleted; + } + /** * @param CakeRequest $request * @return string From ef91769bace6f74e098389e97e33972eb85fcc5d Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Wed, 16 Nov 2022 09:02:06 +0100 Subject: [PATCH 123/698] fix: [db_schema] Update to 104 --- db_schema.json | 204 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 204 insertions(+) diff --git a/db_schema.json b/db_schema.json index e2df5046d..a9844b60f 100644 --- a/db_schema.json +++ b/db_schema.json @@ -1,5 +1,205 @@ { "schema": { + "access_logs": [ + { + "column_name": "id", + "is_nullable": "NO", + "data_type": "int", + "character_maximum_length": null, + "numeric_precision": "10", + "collation_name": null, + "column_type": "int(11)", + "column_default": null, + "extra": "auto_increment" + }, + { + "column_name": "created", + "is_nullable": "NO", + "data_type": "datetime", + "character_maximum_length": null, + "numeric_precision": null, + "collation_name": null, + "column_type": "datetime(4)", + "column_default": null, + "extra": "" + }, + { + "column_name": "user_id", + "is_nullable": "NO", + "data_type": "int", + "character_maximum_length": null, + "numeric_precision": "10", + "collation_name": null, + "column_type": "int(11)", + "column_default": null, + "extra": "" + }, + { + "column_name": "org_id", + "is_nullable": "NO", + "data_type": "int", + "character_maximum_length": null, + "numeric_precision": "10", + "collation_name": null, + "column_type": "int(11)", + "column_default": null, + "extra": "" + }, + { + "column_name": "authkey_id", + "is_nullable": "YES", + "data_type": "int", + "character_maximum_length": null, + "numeric_precision": "10", + "collation_name": null, + "column_type": "int(11)", + "column_default": "NULL", + "extra": "" + }, + { + "column_name": "ip", + "is_nullable": "YES", + "data_type": "varbinary", + "character_maximum_length": "16", + "numeric_precision": null, + "collation_name": null, + "column_type": "varbinary(16)", + "column_default": "NULL", + "extra": "" + }, + { + "column_name": "request_method", + "is_nullable": "NO", + "data_type": "tinyint", + "character_maximum_length": null, + "numeric_precision": "3", + "collation_name": null, + "column_type": "tinyint(4)", + "column_default": null, + "extra": "" + }, + { + "column_name": "user_agent", + "is_nullable": "YES", + "data_type": "varchar", + "character_maximum_length": "255", + "numeric_precision": null, + "collation_name": "utf8mb4_unicode_ci", + "column_type": "varchar(255)", + "column_default": "NULL", + "extra": "" + }, + { + "column_name": "request_id", + "is_nullable": "YES", + "data_type": "varchar", + "character_maximum_length": "255", + "numeric_precision": null, + "collation_name": "utf8mb4_unicode_ci", + "column_type": "varchar(255)", + "column_default": "NULL", + "extra": "" + }, + { + "column_name": "controller", + "is_nullable": "NO", + "data_type": "varchar", + "character_maximum_length": "20", + "numeric_precision": null, + "collation_name": "utf8mb4_unicode_ci", + "column_type": "varchar(20)", + "column_default": null, + "extra": "" + }, + { + "column_name": "action", + "is_nullable": "NO", + "data_type": "varchar", + "character_maximum_length": "20", + "numeric_precision": null, + "collation_name": "utf8mb4_unicode_ci", + "column_type": "varchar(20)", + "column_default": null, + "extra": "" + }, + { + "column_name": "url", + "is_nullable": "NO", + "data_type": "varchar", + "character_maximum_length": "255", + "numeric_precision": null, + "collation_name": "utf8mb4_unicode_ci", + "column_type": "varchar(255)", + "column_default": null, + "extra": "" + }, + { + "column_name": "request", + "is_nullable": "YES", + "data_type": "blob", + "character_maximum_length": "65535", + "numeric_precision": null, + "collation_name": null, + "column_type": "blob", + "column_default": "NULL", + "extra": "" + }, + { + "column_name": "response_code", + "is_nullable": "NO", + "data_type": "smallint", + "character_maximum_length": null, + "numeric_precision": "5", + "collation_name": null, + "column_type": "smallint(6)", + "column_default": null, + "extra": "" + }, + { + "column_name": "memory_usage", + "is_nullable": "NO", + "data_type": "int", + "character_maximum_length": null, + "numeric_precision": "10", + "collation_name": null, + "column_type": "int(11)", + "column_default": null, + "extra": "" + }, + { + "column_name": "duration", + "is_nullable": "NO", + "data_type": "int", + "character_maximum_length": null, + "numeric_precision": "10", + "collation_name": null, + "column_type": "int(11)", + "column_default": null, + "extra": "" + }, + { + "column_name": "query_count", + "is_nullable": "NO", + "data_type": "int", + "character_maximum_length": null, + "numeric_precision": "10", + "collation_name": null, + "column_type": "int(11)", + "column_default": null, + "extra": "" + }, + { + "column_name": "query_log", + "is_nullable": "YES", + "data_type": "blob", + "character_maximum_length": "65535", + "numeric_precision": null, + "collation_name": null, + "column_type": "blob", + "column_default": "NULL", + "extra": "" + } + ], "admin_settings": [ { "column_name": "id", @@ -8758,6 +8958,10 @@ ] }, "indexes": { + "access_logs": { + "id": true, + "user_id": false + }, "admin_settings": { "id": true, "setting": true From cee85beb0aa0a997e1b4d2e0d07b1f8f629babb6 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Wed, 16 Nov 2022 09:29:47 +0100 Subject: [PATCH 124/698] chg: [internal] Better error message for FileAccessTool::writeToFile --- app/Lib/Tools/FileAccessTool.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/app/Lib/Tools/FileAccessTool.php b/app/Lib/Tools/FileAccessTool.php index 3e3aa01cd..b56338a21 100644 --- a/app/Lib/Tools/FileAccessTool.php +++ b/app/Lib/Tools/FileAccessTool.php @@ -107,8 +107,14 @@ class FileAccessTool } if (file_put_contents($file, $content, LOCK_EX | (!empty($append) ? FILE_APPEND : 0)) === false) { - $freeSpace = disk_free_space($dir); - throw new Exception("An error has occurred while attempt to write to file `$file`. Maybe not enough space? ($freeSpace bytes left)"); + if (file_exists($file) && !is_writable($file)) { + $errorMessage = 'File is not writeable.'; + } else { + $freeSpace = disk_free_space($dir); + $errorMessage = "Maybe not enough space? ($freeSpace bytes left)"; + } + + throw new Exception("An error has occurred while attempt to write to file `$file`. $errorMessage"); } } From b7d8b39903419ac5d98a7183c89229ad61bf99c8 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Wed, 16 Nov 2022 09:37:06 +0100 Subject: [PATCH 125/698] fix: [log] Undefined index --- app/Controller/AppController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index 2aea3a982..1d0515107 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -685,7 +685,7 @@ class AppController extends Controller $shouldBeLogged = $userMonitoringEnabled || Configure::read('MISP.log_paranoid') || - (Configure::read('MISP.log_paranoid_api') && $user['logged_by_authkey']); + (Configure::read('MISP.log_paranoid_api') && isset($user['logged_by_authkey']) && $user['logged_by_authkey']); if ($shouldBeLogged) { $includeRequestBody = !empty(Configure::read('MISP.log_paranoid_include_post_body')) || $userMonitoringEnabled; From fa5e70f99e8a6f8e290f46ddaf354ae1bde21ea8 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Wed, 16 Nov 2022 10:37:46 +0100 Subject: [PATCH 126/698] fix: [UI] Consider Database/MysqlExtended as valid data source --- .../healthElements/db_schema_diagnostic.ctp | 43 +++++++++---------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/app/View/Elements/healthElements/db_schema_diagnostic.ctp b/app/View/Elements/healthElements/db_schema_diagnostic.ctp index 351704f3f..e605e67f0 100644 --- a/app/View/Elements/healthElements/db_schema_diagnostic.ctp +++ b/app/View/Elements/healthElements/db_schema_diagnostic.ctp @@ -19,32 +19,28 @@ ), [...] ); - - */ - function highlightAndSanitize($dirty, $toHighlight, $colorType = 'success') - { - if (is_array($dirty)) { - $arraySane = array(); - foreach ($dirty as $i => $item) { - if (in_array($item, $toHighlight)) { - $arraySane[] = sprintf('', $colorType) . h($item) . ''; - } else { - $arraySane[] = h($item); - } +function highlightAndSanitize($dirty, $toHighlight, $colorType = 'success') +{ + if (is_array($dirty)) { + $arraySane = array(); + foreach ($dirty as $i => $item) { + if (in_array($item, $toHighlight)) { + $arraySane[] = sprintf('', $colorType) . h($item) . ''; + } else { + $arraySane[] = h($item); } - return $arraySane; - } else { - $sane = h($dirty); - $sane = str_replace($toHighlight, sprintf('', $colorType) . h($toHighlight) . '', $sane); - return $sane; } + return $arraySane; + } else { + $sane = h($dirty); + $sane = str_replace($toHighlight, sprintf('', $colorType) . h($toHighlight) . '', $sane); + return $sane; } -?> +} - $tableDiagnostic) { foreach ($tableDiagnostic as $i => $columnDiagnostic) { @@ -171,12 +167,13 @@ __('Updates are locked due to to many update fails') : sprintf(__('Updates unlocked in %s'), h($humanReadableTime))) : __('Updates are not locked'), $updateLocked ? 'times' : 'check' - ); + ); + $validDataSource = in_array($dataSource, ['Database/Mysql', 'Database/MysqlExtended'], true); echo sprintf('%s ', - $dataSource != 'Database/Mysql' ? 'important' : 'success', + $validDataSource ? 'success' : 'important', __('DataSource: ') . h($dataSource), __('DataSource: ') . h($dataSource), - $dataSource != 'Database/Mysql' ? 'times' : 'check' + $validDataSource ? 'check' : 'times' ); if ($expectedDbVersion == $actualDbVersion) { echo $this->element('/healthElements/db_indexes_diagnostic', array( @@ -198,7 +195,7 @@ function adjustRowSpan() { }) } -$(document).ready(function() { +$(function() { // hide non-critical issues if ($('#dbSchemaDiagnosticCheckbox').prop('checked')) { $('#dbSchemaDiagnosticTable').find('tr.noncritical').show(); From ae7f9290f7a24c5ab07801d55395f3ede0d0671a Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 1 Dec 2022 11:07:40 +0100 Subject: [PATCH 127/698] fix: [log] Request time --- app/Model/AccessLog.php | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/app/Model/AccessLog.php b/app/Model/AccessLog.php index d272ddeb6..ffde1b5b8 100644 --- a/app/Model/AccessLog.php +++ b/app/Model/AccessLog.php @@ -117,8 +117,7 @@ class AccessLog extends AppModel */ public function logRequest(array $user, $remoteIp, CakeRequest $request, $includeRequestBody = true) { - $requestTime = $_SERVER['REQUEST_TIME_FLOAT'] ?? microtime(true); - $now = DateTime::createFromFormat('U.u', $requestTime); + $requestTime = $this->requestTime(); $logClientIp = Configure::read('MISP.log_client_ip'); $includeSqlQueries = Configure::read('MISP.log_paranoid_include_sql_queries'); @@ -127,7 +126,7 @@ class AccessLog extends AppModel } $dataToSave = [ - 'created' => $now->format('Y-m-d H:i:s.u'), + 'created' => $requestTime->format('Y-m-d H:i:s.u'), 'request_id' => $_SERVER['HTTP_X_REQUEST_ID'] ?? null, 'user_id' => (int)$user['id'], 'org_id' => (int)$user['org_id'], @@ -191,12 +190,12 @@ class AccessLog extends AppModel /** * @param array $data - * @param float $requestTime + * @param DateTime $requestTime * @param bool $includeSqlQueries * @return bool * @throws Exception */ - private function saveOnShutdown(array $data, $requestTime, $includeSqlQueries) + private function saveOnShutdown(array $data, DateTime $requestTime, $includeSqlQueries) { $sqlLog = $this->getDataSource()->getLog(false, false); $queryCount = $sqlLog['count']; @@ -213,7 +212,7 @@ class AccessLog extends AppModel $data['response_code'] = http_response_code(); $data['memory_usage'] = memory_get_peak_usage(); $data['query_count'] = $queryCount; - $data['duration'] = (int)((microtime(true) - $requestTime) * 1000); // in milliseconds + $data['duration'] = (int)((microtime(true) - $requestTime->format('U.u')) * 1000); // in milliseconds try { return $this->save($data, ['atomic' => false]); @@ -237,6 +236,20 @@ class AccessLog extends AppModel // In future add support for sending logs to elastic } + /** + * @return DateTime + */ + private function requestTime() + { + $requestTime = $_SERVER['REQUEST_TIME_FLOAT'] ?? microtime(true); + $requestTime = (string) $requestTime; + // Fix string if float value doesnt contain decimal part + if (strpos($requestTime, '.') === false) { + $requestTime .= '.0'; + } + return DateTime::createFromFormat('U.u', $requestTime); + } + /** * @param string $request * @return array|false From 1fc62ef41ed350dc83203b47f6be9b85a1cad772 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 1 Dec 2022 12:04:11 +0100 Subject: [PATCH 128/698] fix: [log] Condition for old access log --- app/Controller/AppController.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index 1d0515107..7244f5d59 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -695,8 +695,8 @@ class AppController extends Controller } if ( - (empty(Configure::read('MISP.log_skip_access_logs_in_application_logs'))) && - Configure::read('MISP.log_paranoid') || $userMonitoringEnabled + empty(Configure::read('MISP.log_skip_access_logs_in_application_logs')) && + $shouldBeLogged ) { $change = 'HTTP method: ' . $_SERVER['REQUEST_METHOD'] . PHP_EOL . 'Target: ' . $this->request->here; if ( From 097275ec9660205a7f40342dcac08883bcb5d13e Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 1 Dec 2022 13:08:20 +0100 Subject: [PATCH 129/698] fix: [log] Fetching remote IP address Fixes #8795 and #8788 --- app/Model/AppModel.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index 6ab2fc907..9280a572a 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -3931,8 +3931,10 @@ class AppModel extends Model */ public function _remoteIp() { - $ipHeader = Configure::read('MISP.log_client_ip_header') ?: 'REMOTE_ADDR'; - return isset($_SERVER[$ipHeader]) ? trim($_SERVER[$ipHeader]) : $_SERVER['REMOTE_ADDR']; + $ipHeader = Configure::read('MISP.log_client_ip_header') ?: null; + if ($ipHeader && isset($_SERVER[$ipHeader])) { + return trim($_SERVER[$ipHeader]); + } + return $_SERVER['REMOTE_ADDR'] ?? null; } - } From 9ded7e4e31c4950081e1ab7d9446a2ba560ea0cf Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Fri, 2 Dec 2022 09:50:24 +0100 Subject: [PATCH 130/698] fixup! fix: [db_schema] Update to 104 --- db_schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db_schema.json b/db_schema.json index a9844b60f..e6bf3c968 100644 --- a/db_schema.json +++ b/db_schema.json @@ -9472,5 +9472,5 @@ "uuid": false } }, - "db_version": "103" + "db_version": "104" } From c59403e7583b5c216d44a2510cfab2089120f1b6 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Sun, 4 Dec 2022 00:58:42 +0100 Subject: [PATCH 131/698] fix: [log] remote IP header clarify prefix is needed --- app/Model/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Model/Server.php b/app/Model/Server.php index 55ee8e356..7751e6c67 100644 --- a/app/Model/Server.php +++ b/app/Model/Server.php @@ -5539,7 +5539,7 @@ class Server extends AppModel ), 'log_client_ip_header' => array( 'level' => 1, - 'description' => __('If log_client_ip is enabled, you can customize which header field contains the client\'s IP address. This is generally used when you have a reverse proxy in front of your MISP instance.'), + 'description' => __('If log_client_ip is enabled, you can customize which header field contains the client\'s IP address. This is generally used when you have a reverse proxy in front of your MISP instance. Prepend the variable with "HTTP_", for example "HTTP_X_FORWARDED_FOR".'), 'value' => 'REMOTE_ADDR', 'test' => 'testForEmpty', 'type' => 'string', From e96c56ef9407ca6baf65329ea22e145f6336c8a5 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Tue, 6 Dec 2022 07:14:44 +0100 Subject: [PATCH 132/698] fix: [dashboard] sort dashboard widgets --- app/Model/Dashboard.php | 1 + 1 file changed, 1 insertion(+) diff --git a/app/Model/Dashboard.php b/app/Model/Dashboard.php index c74698530..0503b2bd1 100644 --- a/app/Model/Dashboard.php +++ b/app/Model/Dashboard.php @@ -97,6 +97,7 @@ class Dashboard extends AppModel } } } + ksort($widgets); return $widgets; } From bdda94529d78c1874e7234829757d5f1e34fbfe8 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Tue, 6 Dec 2022 10:39:53 +0100 Subject: [PATCH 133/698] chg: [roles] set default role to User if none is set --- INSTALL/MYSQL.sql | 4 +++- app/Model/AppModel.php | 12 ++++++++++++ app/View/Users/view.ctp | 4 +++- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/INSTALL/MYSQL.sql b/INSTALL/MYSQL.sql index d559225c7..9afec4086 100644 --- a/INSTALL/MYSQL.sql +++ b/INSTALL/MYSQL.sql @@ -1661,4 +1661,6 @@ INSERT IGNORE INTO `org_blocklists` (`org_uuid`, `created`, `org_name`, `comment ('58d38339-7b24-4386-b4b4-4c0f950d210f', NOW(), 'Setec Astrononomy', 'default example'), ('58d38326-eda8-443a-9fa8-4e12950d210f', NOW(), 'Acme Finance', 'default example'); -INSERT IGNORE INTO `admin_settings` (`setting`, `value`) VALUES ('fix_login', NOW()); +INSERT IGNORE INTO `admin_settings` (`setting`, `value`) VALUES +('fix_login', NOW()), +('default_role', 3); \ No newline at end of file diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index 9280a572a..ffca8d7f4 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -84,6 +84,7 @@ class AppModel extends Model 87 => false, 88 => false, 89 => false, 90 => false, 91 => false, 92 => false, 93 => false, 94 => false, 95 => true, 96 => false, 97 => true, 98 => false, 99 => false, 100 => false, 101 => false, 102 => false, 103 => false, 104 => false, + 105 => false ); const ADVANCED_UPDATES_DESCRIPTION = array( @@ -1929,6 +1930,17 @@ class AppModel extends Model case 104: $sqlArray[] = "ALTER TABLE `access_logs` ADD `query_log` blob DEFAULT NULL"; break; + case 105: + // set a default role if there is none + if (!$this->AdminSetting->getSetting('default_role')) { + $role = $this->Role->findByName('User'); + if ($role) { + $sqlArray[] = "INSERT INTO `admin_settings` (setting, value) VALUES ('default_role', '".$role['Role']['id']."');"; + } else { + // there is no role called User, do nothing + } + } + break; case 'fixNonEmptySharingGroupID': $sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; $sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; diff --git a/app/View/Users/view.ctp b/app/View/Users/view.ctp index 74f3c9773..cfcd5fb9d 100755 --- a/app/View/Users/view.ctp +++ b/app/View/Users/view.ctp @@ -25,7 +25,7 @@ ); $table_data[] = array('key' => __('Role'), 'html' => $this->Html->link($user['Role']['name'], array('controller' => 'roles', 'action' => 'view', $user['Role']['id']))); $table_data[] = array('key' => __('Event alert enabled'), 'boolean' => $user['User']['autoalert']); - $table_data[] = ['key' => __('Periodic Notifications'), 'html' => $periodic_notification_settings_html]; + $table_data[] = array('key' => __('Periodic Notifications'), 'html' => $periodic_notification_settings_html); $table_data[] = array('key' => __('Contact alert enabled'), 'boolean' => $user['User']['contactalert']); if (!$admin_view && !$user['Role']['perm_auth']) { @@ -160,4 +160,6 @@ 'admin_view' => ['menuList' => 'admin', 'menuItem' => 'viewUser'], 'view' => ['menuList' => 'globalActions', 'menuItem' => 'view'] ]; + ?> + element('/genericElements/SideMenu/side_menu', $current_menu[$admin_view ? 'admin_view' : 'view']); From 9d51d143bb4cde320d45455c08910f53e2e438e0 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Tue, 6 Dec 2022 13:08:31 +0100 Subject: [PATCH 134/698] fix: [log] filter user logs on user_id not email --- app/Controller/LogsController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Controller/LogsController.php b/app/Controller/LogsController.php index f50a23ced..d589bc28e 100644 --- a/app/Controller/LogsController.php +++ b/app/Controller/LogsController.php @@ -80,7 +80,7 @@ class LogsController extends AppController $conditions['Log.org'] = $orgRestriction; } else { // users can see their own info - $conditions['Log.email'] = $this->Auth->user('email'); + $conditions['Log.user_id'] = $this->Auth->user('id'); } } $params = array( From f18f0514f75548117a26d43284a455b94dd48dd5 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Wed, 7 Dec 2022 00:55:20 +0100 Subject: [PATCH 135/698] fix: [auth][log] log correct org/userid with failed login fixes #8807 --- app/Controller/AppController.php | 8 ++++++-- app/Model/Bruteforce.php | 21 ++++++++++++++++++--- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index 7244f5d59..b3315f33f 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -236,8 +236,9 @@ class AppController extends Controller if ($this->_isRest() || $this->_isAutomation()) { // disable CSRF for REST access $this->Security->csrfCheck = false; - if ($this->__loginByAuthKey() === false || $this->Auth->user() === null) { - if ($this->__loginByAuthKey() === null) { + $loginByAuthKeyResult = $this->__loginByAuthKey(); + if ($loginByAuthKeyResult === false || $this->Auth->user() === null) { + if ($loginByAuthKeyResult === null) { $this->loadModel('Log'); $this->Log->createLogEntry('SYSTEM', 'auth_fail', 'User', 0, "Failed API authentication. No authkey was provided."); } @@ -458,6 +459,9 @@ class AppController extends Controller } $this->Session->destroy(); } + } else { + $this->loadModel('Log'); + $this->Log->createLogEntry('SYSTEM', 'auth_fail', 'User', 0, "Failed authentication using an API key of incorrect length."); } return false; } diff --git a/app/Model/Bruteforce.php b/app/Model/Bruteforce.php index 7d0efab9d..46c8342f7 100644 --- a/app/Model/Bruteforce.php +++ b/app/Model/Bruteforce.php @@ -22,15 +22,30 @@ class Bruteforce extends AppModel $this->save($bruteforceEntry); $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $ip . '.'; if ($this->isBlocklisted($username)) { - $change = 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blocklisted for ' . $expire . ' seconds.'; + $change = 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The source IP/username is now blocklisted for ' . $expire . ' seconds.'; } else { $change = ''; } + // lookup the real user details + $this->User = ClassRegistry::init('User'); + $user = $this->User->find('first', array( + 'conditions' => array('User.email' => $username), + 'fields' => array('User.id', 'Organisation.name'), + 'recursive' => 0)); + if ($user) { + $org = $user['Organisation']['name']; + $userId = $user['User']['id']; + } else { + $org = 'SYSTEM'; + $userId = 0; + } + $log = array( - 'org' => 'SYSTEM', + 'org' => $org, 'model' => 'User', - 'model_id' => 0, + 'model_id' => $userId, 'email' => $username, + 'user_id' => $userId, 'action' => 'login_fail', 'title' => $title, 'change' => $change From d7a65a39e76f73f36bd2b6c02a99675b4ce8aced Mon Sep 17 00:00:00 2001 From: StefanKelm Date: Fri, 9 Dec 2022 13:05:52 +0100 Subject: [PATCH 136/698] Update correlations.ctp tiny typo --- app/View/Elements/healthElements/correlations.ctp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/View/Elements/healthElements/correlations.ctp b/app/View/Elements/healthElements/correlations.ctp index b1e253034..3c7db1e38 100644 --- a/app/View/Elements/healthElements/correlations.ctp +++ b/app/View/Elements/healthElements/correlations.ctp @@ -2,7 +2,7 @@ echo '
'; echo sprintf( '

%s

%s

', - __('This is the correlation management interface. Its goal is to provide youwith information about the currently used correlation engine as well as the data stores of currently dormant engines.'), + __('This is the correlation management interface. Its goal is to provide you with information about the currently used correlation engine as well as the data stores of currently dormant engines.'), __('You will also find management tools for the various engines below, make sure that you keep an eye on the disk requirements as well as the exhaustion of IDs and recorrelate the instance when needed.') ); echo sprintf( From 62d680a82116c405ec3cc104c758a03fa1155c78 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Mon, 12 Dec 2022 09:41:42 +0100 Subject: [PATCH 137/698] fix: [workflow:getUserForWorkflow] Give all perms to workflow user --- app/Model/Workflow.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/app/Model/Workflow.php b/app/Model/Workflow.php index 2b5170db6..80dca6ef0 100644 --- a/app/Model/Workflow.php +++ b/app/Model/Workflow.php @@ -621,16 +621,20 @@ class Workflow extends AppModel 'id' => Configure::read('MISP.host_org_id') ], ]); + $this->User = ClassRegistry::init('User'); if (!empty($hostOrg)) { + $perms = array_keys($this->User->Role->permFlags); + $allPermEnabled = array_map(function($perm) { + return true; + }, array_flip($perms)); $userForWorkflow = [ 'email' => 'SYSTEM', 'id' => 0, 'org_id' => $hostOrg['Organisation']['id'], - 'Role' => ['perm_site_admin' => 1], + 'Role' => $allPermEnabled, 'Organisation' => $hostOrg['Organisation'] ]; } else { - $this->User = ClassRegistry::init('User'); $userForWorkflow = $this->User->find('first', [ 'recursive' => -1, 'conditions' => [ From 4c30854e27f2efd74993589915678ccd22940942 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Tue, 13 Dec 2022 10:44:41 +0100 Subject: [PATCH 138/698] fix: [dashboard:*SightingsWidget] Updated to support the correct response type --- app/Lib/Dashboard/RecentSightingsWidget.php | 18 +++++++++--------- app/Lib/Dashboard/TresholdSightingsWidget.php | 18 +++++++++--------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/app/Lib/Dashboard/RecentSightingsWidget.php b/app/Lib/Dashboard/RecentSightingsWidget.php index 7a34a6c6d..eeb64ab53 100644 --- a/app/Lib/Dashboard/RecentSightingsWidget.php +++ b/app/Lib/Dashboard/RecentSightingsWidget.php @@ -35,21 +35,21 @@ class RecentSightingsWidget $data = array(); $count = 0; - foreach (JsonTool::decode($Sighting->restSearch($user, 'json', $filters)->intoString())->{'response'} as $el) { - $sighting = $el->{'Sighting'}; - $event = $sighting->{'Event'}; - $attribute = $sighting->{'Attribute'}; + foreach (JsonTool::decode($Sighting->restSearch($user, 'json', $filters)->intoString())['response'] as $el) { + $sighting = $el['Sighting']; + $event = $sighting['Event']; + $attribute = $sighting['Attribute']; - if ($sighting->{'type'} == 0) $type = "Sighting"; - elseif ($sighting->{'type'} == 1) $type = "False positive"; + if ($sighting['type'] == 0) $type = "Sighting"; + elseif ($sighting['type'] == 1) $type = "False positive"; else $type = "Expiration"; - $output = $attribute->{'value'} . " (id: " . $attribute->{'id'} . ") in " . $event->{'info'} . " (id: " . $event->{'id'} . ")"; + $output = $attribute['value'] . " (id: " . $attribute['id'] . ") in " . $event['info'] . " (id: " . $event['id'] . ")"; $data[] = array( 'title' => $type, 'value' => $output, 'html' => sprintf( ' (Event %s)', - Configure::read('MISP.baseurl') . '/events/view/', $event->{'id'}, - $event->{'id'} + Configure::read('MISP.baseurl') . '/events/view/', $event['id'], + $event['id'] ) ); ++$count; diff --git a/app/Lib/Dashboard/TresholdSightingsWidget.php b/app/Lib/Dashboard/TresholdSightingsWidget.php index 95fdf969a..d74dafeb4 100644 --- a/app/Lib/Dashboard/TresholdSightingsWidget.php +++ b/app/Lib/Dashboard/TresholdSightingsWidget.php @@ -31,21 +31,21 @@ class TresholdSightingsWidget $data = array(); $sightings_score = array(); - $restSearch = JsonTool::decode($Sighting->restSearch($user, 'json', $filters)->intoString())->{'response'}; + $restSearch = JsonTool::decode($Sighting->restSearch($user, 'json', $filters)->intoString())['response']; foreach ($restSearch as $el) { - $sighting = $el->{'Sighting'}; - $attribute = $sighting->{'Attribute'}; - $event = $sighting->{'Event'}; + $sighting = $el['Sighting']; + $attribute = $sighting['Attribute']; + $event = $sighting['Event']; - if (!array_key_exists($attribute->{'id'}, $sightings_score)) $sightings_score[$attribute->{'id'}] = array( 'value' => $attribute->{'value'}, + if (!array_key_exists($attribute['id'], $sightings_score)) $sightings_score[$attribute['id']] = array( 'value' => $attribute['value'], 'score' => 0, - 'event_title' => $event->{'info'}, - 'event_id' => $event->{'id'}); + 'event_title' => $event['info'], + 'event_id' => $event['id']); # Sighting - if ($sighting->{'type'} == 0) $sightings_score[$attribute->{'id'}]['score'] = $sightings_score[$attribute->{'id'}]['score'] - 1; + if ($sighting['type'] == 0) $sightings_score[$attribute['id']]['score'] = $sightings_score[$attribute['id']]['score'] - 1; # False Positive - elseif ($sighting->{'type'} == 1) $sightings_score[$attribute->{'id'}]['score'] = $sightings_score[$attribute->{'id'}]['score'] + 1; + elseif ($sighting['type'] == 1) $sightings_score[$attribute['id']]['score'] = $sightings_score[$attribute['id']]['score'] + 1; } foreach ($sightings_score as $attribute_id => $s) { From 4c3bceec704113684079c68c0884bcff9676d896 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Tue, 13 Dec 2022 10:52:39 +0100 Subject: [PATCH 139/698] chg: [taxonomy:checkIfNewTagAllowed] Add the `tlp` edge-case when adding new tags - Now, after removing all mirrors, I can go about my day without constantly being reminded of my existence. --- app/Model/Taxonomy.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/app/Model/Taxonomy.php b/app/Model/Taxonomy.php index c667cd8e8..65ba1c132 100644 --- a/app/Model/Taxonomy.php +++ b/app/Model/Taxonomy.php @@ -700,6 +700,12 @@ class Taxonomy extends AppModel // at this point, we have a duplicated namespace(-predicate) $taxonomy = $this->getTaxonomyForTag($newTagName); if (!empty($taxonomy['Taxonomy']['exclusive'])) { + if ( + ($newTagName === 'tlp:white' && in_array('tlp:clear', $tagNameList)) || + ($newTagName === 'tlp:clear' && in_array('tlp:white', $tagNameList)) + ) { + return true; + } return false; // only one tag of this taxonomy is allowed } elseif (!empty($taxonomy['TaxonomyPredicate'][0]['exclusive'])) { return false; // only one tag belonging to this predicate is allowed From eac3a18c8f355cae92b81fae75b2fc307627099c Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Mon, 26 Sep 2022 17:02:06 +0200 Subject: [PATCH 140/698] chg: [UI] Use same logic for sharing group change also for feeds --- app/webroot/js/misp.js | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js index 4c20867b7..8acae30be 100644 --- a/app/webroot/js/misp.js +++ b/app/webroot/js/misp.js @@ -3904,11 +3904,6 @@ function mergeOrganisationTypeToggle() { } } -function feedDistributionChange() { - if ($('#FeedDistribution').val() == 4) $('#SGContainer').show(); - else $('#SGContainer').hide(); -} - function checkUserPasswordEnabled() { if ($('#UserEnablePassword').is(':checked')) { $('#PasswordDiv').show(); @@ -4189,7 +4184,7 @@ function feedFormUpdate() { $('#DeleteLocalFileDiv').hide(); $('#HeadersDiv').show(); } - feedDistributionChange(); + checkSharingGroup('Feed'); } function setContextFields() { From 559f48b109f23a144d978cccab854634653ba137 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Mon, 26 Sep 2022 17:24:39 +0200 Subject: [PATCH 141/698] fix: [UI] Attribute correlations --- app/View/Elements/Events/View/attribute_correlations.ctp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/View/Elements/Events/View/attribute_correlations.ctp b/app/View/Elements/Events/View/attribute_correlations.ctp index 0927f78e1..91a7cb948 100644 --- a/app/View/Elements/Events/View/attribute_correlations.ctp +++ b/app/View/Elements/Events/View/attribute_correlations.ctp @@ -30,7 +30,7 @@ ); $popover = ''; foreach ($relatedData as $k => $v) { - $popover .= '' . h($k) . ': ' . h($v) . '
'; + $popover .= '' . h($k) . ': ' . h($v) . '
'; } $link = $this->Html->link( $relatedAttribute['id'], @@ -51,7 +51,7 @@ } if ($i > 5) { echo sprintf( - '', + ' ', $linkColour, __('Collapse…') ); From ba6ccdaf26fc71ac420d0f795f39fabae8aaa4cc Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Mon, 26 Sep 2022 14:22:38 +0200 Subject: [PATCH 142/698] chg: [UI] Add description to batch import --- app/View/Attributes/add.ctp | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/app/View/Attributes/add.ctp b/app/View/Attributes/add.ctp index 288dd0387..db89756d6 100644 --- a/app/View/Attributes/add.ctp +++ b/app/View/Attributes/add.ctp @@ -52,16 +52,18 @@ 'div' => 'input clear', 'label' => __("Contextual Comment") ), + array( + 'field' => 'batch_import', + 'type' => 'checkbox', + 'requirements' => $action === 'add', + 'label' => __('Batch import') . ' ', + ), array( 'field' => 'to_ids', 'type' => 'checkbox', 'label' => __("For Intrusion Detection System"), //'stayInLine' => 1 ), - array( - 'field' => 'batch_import', - 'type' => 'checkbox' - ), array( 'field' => 'disable_correlation', 'type' => 'checkbox' @@ -89,7 +91,7 @@ ), 'metaFields' => array( '', - '
' + '
' ) ) )); From 8e710f29255398952494c16b184376586ca8d03b Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Mon, 26 Sep 2022 11:44:09 +0200 Subject: [PATCH 143/698] fix: [UI] Attribute correlation popover --- app/webroot/css/main.css | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/webroot/css/main.css b/app/webroot/css/main.css index 1f72b1974..c1f4094e9 100644 --- a/app/webroot/css/main.css +++ b/app/webroot/css/main.css @@ -2613,6 +2613,10 @@ ul.correlations li span, ul.correlations li a { margin-right:3px; } +ul.correlations li .popover span { + margin-right: 0; +} + .break-word { word-wrap: break-word; } From 82a71adeb9383a7ceababda4593fd981cd02800e Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Mon, 26 Sep 2022 11:28:34 +0200 Subject: [PATCH 144/698] fix: [UI] Pagination for audit log --- app/View/AuditLogs/event_index.ctp | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/app/View/AuditLogs/event_index.ctp b/app/View/AuditLogs/event_index.ctp index 76c88152a..9fd0aa7d4 100644 --- a/app/View/AuditLogs/event_index.ctp +++ b/app/View/AuditLogs/event_index.ctp @@ -1,22 +1,21 @@
-

+

- - - - + + + + @@ -32,22 +31,16 @@ } ?> - +
Paginator->sort('created') ?>Paginator->sort('user_id', __('User')) ?>Paginator->sort('org_id', __('Org')) ?>Paginator->sort('action') ?>LightPaginator->sort('created') ?>LightPaginator->sort('user_id', __('User')) ?>LightPaginator->sort('org_id', __('Org')) ?>LightPaginator->sort('action') ?> OrgImg->getOrgLogo($item, 24) : '' ?> element('AuditLog/change', ['item' => $item]) ?>
-

- Paginator->counter(array( - 'format' => __('Page {:page} of {:pages}, showing {:current} records out of {:count} total, starting on record {:start}, ending on {:end}') - )); - ?> -

From 57313f84d9628639484649c0a165a6e65a299d9e Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Sun, 25 Sep 2022 19:31:55 +0200 Subject: [PATCH 145/698] chg: [internal] Fetch just necessary fields for fetching taxonomy tags --- app/Model/Taxonomy.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/Model/Taxonomy.php b/app/Model/Taxonomy.php index c667cd8e8..c5438d250 100644 --- a/app/Model/Taxonomy.php +++ b/app/Model/Taxonomy.php @@ -265,7 +265,11 @@ class Taxonomy extends AppModel { $taxonomies = $this->find('all', [ 'fields' => ['namespace'], - 'contain' => ['TaxonomyPredicate' => ['TaxonomyEntry']], + 'recursive' => -1, + 'contain' => ['TaxonomyPredicate' => [ + 'fields' => ['value'], + 'TaxonomyEntry' => ['fields' => ['value']]], + ], ]); $allTaxonomyTags = []; foreach ($taxonomies as $taxonomy) { From 089a1f364f82674ec8c1bc90cf21f68647ea64f0 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Sun, 25 Sep 2022 19:14:55 +0200 Subject: [PATCH 146/698] fix: [UI] Remove duplicate onclick --- app/View/Helper/GenericPickerHelper.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app/View/Helper/GenericPickerHelper.php b/app/View/Helper/GenericPickerHelper.php index fbeb4f6fd..0a8870be2 100644 --- a/app/View/Helper/GenericPickerHelper.php +++ b/app/View/Helper/GenericPickerHelper.php @@ -49,9 +49,8 @@ class GenericPickerHelper extends AppHelper } else { // fallback to default submit function if (!$ignoreFunction && $defaults['functionName'] !== '') { $param_html .= 'onclick="submitFunction(this, ' . h($defaults['functionName']) . ')" '; - $param_html .= sprintf('onclick="submitFunction(this, %s)" ', h($defaults['functionName'])); } else { - $param_html .= sprintf('data-endpoint="%s" onclick="fetchRequestedData(this); event.stopPropagation(); return false;" ', h($param['value']));; + $param_html .= sprintf('data-endpoint="%s" onclick="fetchRequestedData(this); event.stopPropagation(); return false;" ', h($param['value'])); } } From c46d70fe2a948fc1656a2b1c0d1b685c60b97787 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 22 Sep 2022 15:20:39 +0200 Subject: [PATCH 147/698] fix: [internal] Remove warning when using populate by template --- .../Elements/templateElements/populateTemplateAttribute.ctp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/View/Elements/templateElements/populateTemplateAttribute.ctp b/app/View/Elements/templateElements/populateTemplateAttribute.ctp index c6b77ab93..e7d853c92 100644 --- a/app/View/Elements/templateElements/populateTemplateAttribute.ctp +++ b/app/View/Elements/templateElements/populateTemplateAttribute.ctp @@ -65,7 +65,7 @@ ?>
> - +
From 68de4116b372fbb77074504257720b9cde610007 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Sun, 25 Sep 2022 12:50:00 +0200 Subject: [PATCH 148/698] chg: [UI] Use chosen when adding object --- app/View/Objects/add.ctp | 73 ++++++++++++++++++++++------------------ 1 file changed, 40 insertions(+), 33 deletions(-) diff --git a/app/View/Objects/add.ctp b/app/View/Objects/add.ctp index 7b7d42d55..1c0c843a3 100644 --- a/app/View/Objects/add.ctp +++ b/app/View/Objects/add.ctp @@ -15,7 +15,7 @@
+ if ($action === 'edit' && !$update_template_available && $newer_template_version !== false): ?> @@ -30,11 +30,11 @@ -
Requirements
+
Required: ' . h(implode(', ', $template['ObjectTemplate']['requirements']['required'])) . '
'; + echo 'Required: ' . h(implode(', ', $template['ObjectTemplate']['requirements']['required'])) . '
'; } if (!empty($template['ObjectTemplate']['requirements']['requiredOneOf'])) { echo 'Required one of: ' . h(implode(', ', $template['ObjectTemplate']['requirements']['requiredOneOf'])); @@ -83,15 +83,15 @@
Form->input('first_seen', array( - 'type' => 'text', - 'div' => 'input hidden', - 'required' => false, - )); + 'type' => 'text', + 'div' => 'input hidden', + 'required' => false, + )); echo $this->Form->input('last_seen', array( - 'type' => 'text', - 'div' => 'input hidden', - 'required' => false, - )); + 'type' => 'text', + 'div' => 'input hidden', + 'required' => false, + )); if ($update_template_available && $newer_template_version !== false) { echo $this->Form->input('template_version', array( 'type' => 'text', @@ -111,7 +111,7 @@
'; + echo h($warning) . '
'; } ?>
@@ -133,32 +133,33 @@ $element): - $row_list[] = $k; + $row_list[] = $k; echo $this->element( - 'Objects/object_add_attributes', - array( - 'element' => $element, - 'k' => $k, - 'action' => $action, - 'enabledRows' => $enabledRows - ) - ); + 'Objects/object_add_attributes', + array( + 'element' => $element, + 'k' => $k, + 'action' => $action, + 'enabledRows' => $enabledRows + ) + ); if ($element['multiple']): $lastOfType = true; $lookAheadArray = array_slice($template['ObjectTemplateElement'], $k, count($template['ObjectTemplateElement']), true); if (count($lookAheadArray) > 1) { foreach ($lookAheadArray as $k2 => $temp) { if ($k2 == $k) continue; - if ($temp['object_relation'] == $element['object_relation']) { + if ($temp['object_relation'] === $element['object_relation']) { $lastOfType = false; + break; } } } if ($lastOfType): ?> - - + + element('/genericElements/SideMenu/side_menu', array('menuList' => 'event', 'menuItem' => 'addObject', 'event' => $event)); } ?> - diff --git a/app/webroot/js/d3.custom.js b/app/webroot/js/d3.custom.js index b7785755d..9ee2c4199 100644 --- a/app/webroot/js/d3.custom.js +++ b/app/webroot/js/d3.custom.js @@ -1,4 +1,9 @@ function sparkline(elemId, data) { + if (typeof data === "undefined") { + data = document.querySelector(elemId).dataset.csv; + data = data.replaceAll("\\n", "\n"); + } + data = d3.csv.parse(data); var width = 100; var height = 25; From ef0581a1d141f569471edc11ae8dcace7e98402f Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Tue, 27 Sep 2022 15:59:36 +0200 Subject: [PATCH 167/698] fix: [internal] Remove duplicate attribute fetching --- app/Controller/AttributesController.php | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php index b04b91a16..85d2fbeb1 100644 --- a/app/Controller/AttributesController.php +++ b/app/Controller/AttributesController.php @@ -2815,10 +2815,7 @@ class AttributesController extends AppController 'fields' => ['Attribute.deleted', 'Attribute.event_id', 'Attribute.id', 'Attribute.object_id', 'Event.orgc_id', 'Event.user_id'], 'contain' => ['Event'], ]); - if (empty($attribute)) { - throw new NotFoundException(__('Invalid attribute')); - } - if ($attribute['Attribute']['deleted']) { + if (empty($attribute) || $attribute['Attribute']['deleted']) { throw new NotFoundException(__('Invalid attribute')); } if (empty($tag_id)) { @@ -2848,19 +2845,19 @@ class AttributesController extends AppController if (!$this->__canModifyTag($attribute, !empty($attributeTag['AttributeTag']['local']))) { return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'You do not have permission to do that.')), 'status' => 200, 'type' => 'json')); } - if (empty($attributeTag)) { return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Invalid attribute - tag combination.')), 'status' => 200, 'type' => 'json')); } - $tag = $this->Attribute->AttributeTag->Tag->find('first', array( - 'conditions' => array('Tag.id' => $tag_id), - 'recursive' => -1, - 'fields' => array('Tag.name') - )); if ($this->Attribute->AttributeTag->delete($attributeTag['AttributeTag']['id'])) { if (empty($attributeTag['AttributeTag']['local'])) { $this->Attribute->touch($attribute); } + + $tag = $this->Attribute->AttributeTag->Tag->find('first', array( + 'conditions' => array('Tag.id' => $tag_id), + 'recursive' => -1, + 'fields' => array('Tag.name') + )); $log = ClassRegistry::init('Log'); $log->createLogEntry($this->Auth->user(), 'tag', 'Attribute', $id, 'Removed tag (' . $tag_id . ') "' . $tag['Tag']['name'] . '" from attribute (' . $id . ')', 'Attribute (' . $id . ') untagged of Tag (' . $tag_id . ')'); return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Tag removed.', 'check_publish' => empty($attributeTag['AttributeTag']['local']))), 'status' => 200, 'type'=> 'json')); From f720706a4f2e9fc3f895b7a0709c1aa9a511bff8 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Wed, 28 Sep 2022 09:47:50 +0200 Subject: [PATCH 168/698] chg: [UI] Import module cleanup --- app/Controller/EventsController.php | 68 ++++++------ app/Model/Event.php | 11 +- app/Model/Module.php | 8 +- app/View/Events/import_module.ctp | 24 ++--- app/View/Events/resolved_misp_format.ctp | 129 +++++++++++------------ 5 files changed, 123 insertions(+), 117 deletions(-) diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index f571cbb83..1e3b5d213 100644 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -5302,7 +5302,7 @@ class EventsController extends AppController } } - public function importModule($module, $eventId) + public function importModule($moduleName, $eventId) { $event = $this->Event->fetchSimpleEvent($this->Auth->user(), $eventId); if (!$event) { @@ -5312,8 +5312,7 @@ class EventsController extends AppController $eventId = $event['Event']['id']; $this->loadModel('Module'); - $moduleName = $module; - $module = $this->Module->getEnabledModule($module, 'Import'); + $module = $this->Module->getEnabledModule($moduleName, 'Import'); if (!is_array($module)) { throw new MethodNotAllowedException($module); } @@ -5321,10 +5320,11 @@ class EventsController extends AppController $module['mispattributes']['inputSource'] = array('paste'); } if ($this->request->is('post')) { + $requestData = $this->request->data['Event']; $fail = false; $modulePayload = array( - 'module' => $module['name'], - 'event_id' => $eventId, + 'module' => $module['name'], + 'event_id' => $eventId, ); if (isset($module['meta']['config'])) { foreach ($module['meta']['config'] as $conf) { @@ -5332,11 +5332,11 @@ class EventsController extends AppController } } if ($moduleName === 'csvimport') { - if (empty($this->request->data['Event']['config']['header']) && $this->request->data['Event']['config']['has_header'] === '1') { - $this->request->data['Event']['config']['header'] = ' '; + if (empty($requestData['config']['header']) && $requestData['config']['has_header'] === '1') { + $requestData['config']['header'] = ' '; } - if (empty($this->request->data['Event']['config']['special_delimiter'])) { - $this->request->data['Event']['config']['special_delimiter'] = ' '; + if (empty($requestData['config']['special_delimiter'])) { + $requestData['config']['special_delimiter'] = ' '; } } if (isset($module['mispattributes']['userConfig'])) { @@ -5347,18 +5347,19 @@ class EventsController extends AppController $validation = true; } } else { - $validation = call_user_func_array(array($this->Module, $this->Module->configTypes[$config['type']]['validation']), array($this->request->data['Event']['config'][$configName])); + $validationMethod = Module::CONFIG_TYPES[$config['type']]['validation']; + $validation = $this->Module->{$validationMethod}($requestData['config'][$configName]); } if ($validation !== true) { $fail = ucfirst($configName) . ': ' . $validation; } else { if (isset($config['regex']) && !empty($config['regex'])) { - $fail = preg_match($config['regex'], $this->request->data['Event']['config'][$configName]) ? false : ucfirst($configName) . ': ' . 'Invalid setting' . ($config['errorMessage'] ? ' - ' . $config['errorMessage'] : ''); + $fail = preg_match($config['regex'], $requestData['config'][$configName]) ? false : ucfirst($configName) . ': ' . 'Invalid setting' . ($config['errorMessage'] ? ' - ' . $config['errorMessage'] : ''); if (!empty($fail)) { - $modulePayload['config'][$configName] = $this->request->data['Event']['config'][$configName]; + $modulePayload['config'][$configName] = $requestData['config'][$configName]; } } else { - $modulePayload['config'][$configName] = $this->request->data['Event']['config'][$configName]; + $modulePayload['config'][$configName] = $requestData['config'][$configName]; } } } @@ -5366,31 +5367,29 @@ class EventsController extends AppController } if (!$fail) { if (!empty($module['mispattributes']['inputSource'])) { - if (!isset($this->request->data['Event']['source'])) { + if (!isset($requestData['source'])) { if (in_array('paste', $module['mispattributes']['inputSource'])) { - $this->request->data['Event']['source'] = '0'; + $requestData['source'] = '0'; } else { - $this->request->data['Event']['source'] = '1'; + $requestData['source'] = '1'; } } - if ($this->request->data['Event']['source'] == '1') { - if (isset($this->request->data['Event']['data'])) { - $modulePayload['data'] = base64_decode($this->request->data['Event']['data']); - } elseif (!isset($this->request->data['Event']['fileupload']) || empty($this->request->data['Event']['fileupload'])) { - $fail = 'Invalid file upload.'; + if ($requestData['source'] == '1') { + if (isset($requestData['data'])) { + $modulePayload['data'] = base64_decode($requestData['data']); + } elseif (empty($requestData['fileupload'])) { + $fail = __('Invalid file upload.'); } else { - $fileupload = $this->request->data['Event']['fileupload']; - $tmpfile = new File($fileupload['tmp_name']); - if ((isset($fileupload['error']) && $fileupload['error'] == 0) || (!empty($fileupload['tmp_name']) && $fileupload['tmp_name'] != 'none') && is_uploaded_file($tmpfile->path)) { + $fileupload = $requestData['fileupload']; + if ((isset($fileupload['error']) && $fileupload['error'] == 0) || (!empty($fileupload['tmp_name']) && $fileupload['tmp_name'] != 'none') && is_uploaded_file($fileupload['tmp_name'])) { $filename = basename($fileupload['name']); - App::uses('FileAccessTool', 'Tools'); - $modulePayload['data'] = FileAccessTool::readFromFile($fileupload['tmp_name'], $fileupload['size']); + $modulePayload['data'] = FileAccessTool::readAndDelete($fileupload['tmp_name']); } else { - $fail = 'Invalid file upload.'; + $fail = __('Invalid file upload.'); } } } else { - $modulePayload['data'] = $this->request->data['Event']['paste']; + $modulePayload['data'] = $requestData['paste']; } } else { $modulePayload['data'] = ''; @@ -5445,13 +5444,10 @@ class EventsController extends AppController $this->set('typeCategoryMapping', $typeCategoryMapping); $render_name = 'resolved_attributes'; } - $distributions = $this->Event->Attribute->distributionLevels; - $sgs = $this->Event->SharingGroup->fetchAllAuthorised($this->Auth->user(), 'name', 1); - if (empty($sgs)) { - unset($distributions[4]); - } - $this->set('distributions', $distributions); - $this->set('sgs', $sgs); + + $distributionData = $this->Event->Attribute->fetchDistributionData($this->Auth->user()); + $this->set('distributions', $distributionData['levels']); + $this->set('sgs', $distributionData['sgs']); $this->set('title', __('Import Results')); $this->set('title_for_layout', __('Import Results')); $this->set('importComment', $importComment); @@ -5462,7 +5458,7 @@ class EventsController extends AppController $this->Flash->error($fail); } } - $this->set('configTypes', $this->Module->configTypes); + $this->set('configTypes', Module::CONFIG_TYPES); $this->set('module', $module); $this->set('eventId', $eventId); $this->set('event', $event); diff --git a/app/Model/Event.php b/app/Model/Event.php index 17a31e004..ac2820bee 100755 --- a/app/Model/Event.php +++ b/app/Model/Event.php @@ -5594,6 +5594,10 @@ class Event extends AppModel return $resultArray; } + /** + * @param array $result + * @return array + */ public function handleMispFormatFromModuleResult(&$result) { $defaultDistribution = $this->Attribute->defaultDistribution(); @@ -5607,7 +5611,7 @@ class Event extends AppModel $event['Attribute'] = $attributes; } if (!empty($result['results']['Object'])) { - $object = array(); + $objects = array(); foreach ($result['results']['Object'] as $tmp_object) { $tmp_object['distribution'] = (isset($tmp_object['distribution']) ? (int)$tmp_object['distribution'] : $defaultDistribution); $tmp_object['sharing_group_id'] = (isset($tmp_object['sharing_group_id']) ? (int)$tmp_object['sharing_group_id'] : 0); @@ -5631,6 +5635,11 @@ class Event extends AppModel return $event; } + /** + * @param array $attribute + * @param int $defaultDistribution + * @return array + */ private function __fillAttribute($attribute, $defaultDistribution) { if (is_array($attribute['type'])) { diff --git a/app/Model/Module.php b/app/Model/Module.php index 325408ec2..cb99a10fd 100644 --- a/app/Model/Module.php +++ b/app/Model/Module.php @@ -6,7 +6,8 @@ class Module extends AppModel { public $useTable = false; - private $__validTypes = array( + // private + const VALID_TYPES = array( 'Enrichment' => array('hover', 'expansion'), 'Import' => array('import'), 'Export' => array('export'), @@ -14,6 +15,7 @@ class Module extends AppModel 'Cortex' => array('cortex') ); + // private const TYPE_TO_FAMILY = array( 'Import' => 'Import', 'Export' => 'Export', @@ -23,7 +25,7 @@ class Module extends AppModel 'Cortex' => 'Cortex' ); - public $configTypes = array( + const CONFIG_TYPES = array( 'IP' => array( 'validation' => 'validateIPField', 'field' => 'text', @@ -351,7 +353,7 @@ class Module extends AppModel $result = array(); if (is_array($modules)) { foreach ($modules as $module) { - if (array_intersect($this->__validTypes[$moduleFamily], $module['meta']['module-type'])) { + if (array_intersect(self::VALID_TYPES[$moduleFamily], $module['meta']['module-type'])) { $moduleSettings = [ [ 'name' => 'enabled', diff --git a/app/View/Events/import_module.ctp b/app/View/Events/import_module.ctp index 71e69dfaf..9ff094038 100644 --- a/app/View/Events/import_module.ctp +++ b/app/View/Events/import_module.ctp @@ -1,4 +1,4 @@ -
+
Form->create('', array('type' => 'file'));?>
@@ -18,7 +18,7 @@ if (isset($configTypes[$config['type']]['field'])) { $settings['type'] = $configTypes[$config['type']]['field']; } - switch($settings['type']) { + switch ($settings['type']) { case 'select': if (isset($config['options'])) { $settings['options'] = $config['options']; @@ -34,13 +34,12 @@
'; echo $this->Form->input('Event.config.' . $configName, $settings); - if (isset($config['message']) && !empty($config['message'])): - echo ' ' . h($config['message']); - ?> -
- '; + } + echo ''; else: if (isset($config['message']) && !empty($config['message'])): ?> @@ -54,17 +53,18 @@ Form->input('Event.source', array( 'label' => false, - 'checked' => $source === 'file' ? true : false, - 'disabled' => $source === 'both' ? false : true, + 'checked' => $source === 'file', + 'disabled' => !($source === 'both'), 'div' => false, 'style' => 'margin-bottom:5px;' )); @@ -110,7 +110,7 @@ echo $this->Form->end();
element('/genericElements/SideMenu/side_menu', array('menuList' => 'event', 'menuItem' => 'populateFrom', 'event' => $event)); ?> - From b959b94bbbd2e4ef2f9e98102c3e385303af398f Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Sat, 1 Oct 2022 11:49:57 +0200 Subject: [PATCH 188/698] chg: [UI] Cleanup for resolved_attributes template --- app/Controller/EventsController.php | 3 +++ app/View/Events/resolved_attributes.ctp | 28 +++++++++---------------- app/View/Objects/add.ctp | 2 +- app/webroot/css/main.css | 12 +++++++++++ 4 files changed, 26 insertions(+), 19 deletions(-) diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index 910aafdd8..19683d743 100644 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -3996,6 +3996,7 @@ class EventsController extends AppController $this->set('mayModify', $this->__canModifyEvent($event)); $this->set('typeDefinitions', $this->Event->Attribute->typeDefinitions); $this->set('typeCategoryMapping', $typeCategoryMapping); + $this->set('defaultAttributeDistribution', $this->Event->Attribute->defaultDistribution()); $this->set('resultArray', $resultArray); $this->set('importComment', ''); $this->set('title_for_layout', __('Freetext Import Results')); @@ -5269,6 +5270,7 @@ class EventsController extends AppController $this->set('resultArray', $resultArray); $this->set('typeDefinitions', $this->Event->Attribute->typeDefinitions); $this->set('typeCategoryMapping', $typeCategoryMapping); + $this->set('defaultAttributeDistribution', $this->Event->Attribute->defaultDistribution()); $this->set('importComment', $importComment); $this->render('resolved_attributes'); } @@ -5443,6 +5445,7 @@ class EventsController extends AppController $this->set('resultArray', $resultArray); $this->set('typeDefinitions', $this->Event->Attribute->typeDefinitions); $this->set('typeCategoryMapping', $typeCategoryMapping); + $this->set('defaultAttributeDistribution', $this->Event->Attribute->defaultDistribution()); $render_name = 'resolved_attributes'; } diff --git a/app/View/Events/resolved_attributes.ctp b/app/View/Events/resolved_attributes.ctp index 44e991b7e..311a31032 100644 --- a/app/View/Events/resolved_attributes.ctp +++ b/app/View/Events/resolved_attributes.ctp @@ -10,14 +10,6 @@ } ?> Form->create('Attribute', array('url' => $baseurl . '/events/saveFreeText/' . $event['Event']['id'], 'class' => 'mainForm')); if ($isSiteAdmin) { echo $this->Form->input('force', array( @@ -79,7 +71,7 @@ echo $this->Form->input('Attribute' . $k . 'Value', array( 'label' => false, 'value' => $item['value'], - 'style' => 'padding:0px;height:20px;margin-bottom:0px;width:90%;min-width:400px;', + 'style' => 'width:90%;min-width:400px;', 'div' => false )); ?> @@ -123,14 +115,14 @@ else $default = array_search($item['categories'][0], $typeCategoryMapping[$item['default_type']]); } ?> - ' . $category . ''; } ?> @@ -150,12 +142,12 @@ } ?>
>
- ' . h($type) . ''; + echo ($type === $item['default_type'] ? ' selected' : '') . '>' . h($type) . ''; } } ?> @@ -168,17 +160,17 @@ class="dcCheckbox"> - $distValue) { - $default = isset($item['distribution']) ? $item['distribution'] : $instanceDefault; + $default = $item['distribution'] ?? $defaultAttributeDistribution; echo ''; } ?>
- $sgValue) { echo ''; @@ -188,10 +180,10 @@
- > + > - > + > diff --git a/app/View/Objects/add.ctp b/app/View/Objects/add.ctp index 1c0c843a3..d10a9fe1f 100644 --- a/app/View/Objects/add.ctp +++ b/app/View/Objects/add.ctp @@ -231,7 +231,7 @@ - + diff --git a/app/webroot/css/main.css b/app/webroot/css/main.css index c1f4094e9..846b6bd0f 100644 --- a/app/webroot/css/main.css +++ b/app/webroot/css/main.css @@ -2923,3 +2923,15 @@ Query builder .warninglist-comment { color: gray; } + +/* Resolved attributes template */ +.freetext_row select, .freetext_row input[type=text] { + padding: 0; + margin-bottom: 0; + height: 20px; +} + +.freetext_row input[type=text] { + padding-left: 3px; + padding-right: 3px; +} \ No newline at end of file From 5262a40cb9bd8c29e6de318882815d8afa5baa02 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Sat, 1 Oct 2022 13:42:10 +0200 Subject: [PATCH 189/698] fix: [UI] Remove unnecessary prevent default from ListTopBar --- .../ListTopBar/element_simple.ctp | 6 ++--- .../ListTopBar/group_simple.ctp | 22 +++++++++---------- .../genericElements/ListTopBar/scaffold.ctp | 9 +++----- 3 files changed, 17 insertions(+), 20 deletions(-) diff --git a/app/View/Elements/genericElements/ListTopBar/element_simple.ctp b/app/View/Elements/genericElements/ListTopBar/element_simple.ctp index d397122a8..51de4d607 100644 --- a/app/View/Elements/genericElements/ListTopBar/element_simple.ctp +++ b/app/View/Elements/genericElements/ListTopBar/element_simple.ctp @@ -1,6 +1,6 @@ element('/genericElements/ListTopBar/element_' . (empty($element['type']) ? 'simple' : h($element['type'])), array('data' => $element)); - } - echo sprintf( - '
%s
', - (!empty($data['id'])) ? 'id="' . h($data['id']) . '"' : '', - $elements - ); +if (!isset($data['requirement']) || $data['requirement']) { + $elements = []; + foreach ($data['children'] as $element) { + $elements[] = $this->element('/genericElements/ListTopBar/element_' . (empty($element['type']) ? 'simple' : $element['type']), array('data' => $element)); } -?> + echo sprintf( + '%s
', + (!empty($data['id'])) ? ' id="' . h($data['id']) . '"' : '', + implode('', $elements) + ); +} + diff --git a/app/View/Elements/genericElements/ListTopBar/scaffold.ctp b/app/View/Elements/genericElements/ListTopBar/scaffold.ctp index 88575ddf3..8cc72cc3d 100644 --- a/app/View/Elements/genericElements/ListTopBar/scaffold.ctp +++ b/app/View/Elements/genericElements/ListTopBar/scaffold.ctp @@ -1,10 +1,7 @@ +
element('/genericElements/ListTopBar/group_' . (empty($group['type']) ? 'simple' : h($group['type'])), array('data' => $group)); + echo $this->element('/genericElements/ListTopBar/group_' . (empty($group['type']) ? 'simple' : $group['type']), array('data' => $group)); } - echo sprintf( - '
%s
', - $groups - ); ?> +
From fba49a5a0432dc5f5976eada16974207eb07aeb4 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Sat, 1 Oct 2022 13:52:43 +0200 Subject: [PATCH 190/698] chg: [internal] Simplify ObjectTemplate::checkTemplateConformityBasedOnTypes method --- app/Controller/ObjectsController.php | 22 ++----- app/Model/MispObject.php | 43 +------------ app/Model/ObjectTemplate.php | 93 +++++++++++++++++++++------- 3 files changed, 78 insertions(+), 80 deletions(-) diff --git a/app/Controller/ObjectsController.php b/app/Controller/ObjectsController.php index 2a5677a6b..9257620ed 100644 --- a/app/Controller/ObjectsController.php +++ b/app/Controller/ObjectsController.php @@ -1141,23 +1141,8 @@ class ObjectsController extends AppController $selectedAttributes = $this->_jsonDecode($selectedAttributes); $res = $this->MispObject->validObjectsFromAttributeTypes($this->Auth->user(), $eventId, $selectedAttributes); - $potentialTemplates = $res['templates']; - $attributeTypes = $res['types']; - usort($potentialTemplates, function($a, $b) { - if ($a['ObjectTemplate']['id'] == $b['ObjectTemplate']['id']) { - return 0; - } else if (is_array($a['ObjectTemplate']['compatibility']) && is_array($b['ObjectTemplate']['compatibility'])) { - return count($a['ObjectTemplate']['compatibility']) > count($b['ObjectTemplate']['compatibility']) ? 1 : -1; - } else if (is_array($a['ObjectTemplate']['compatibility']) && !is_array($b['ObjectTemplate']['compatibility'])) { - return 1; - } else if (!is_array($a['ObjectTemplate']['compatibility']) && is_array($b['ObjectTemplate']['compatibility'])) { - return -1; - } else { // sort based on invalidTypes count - return count($a['ObjectTemplate']['invalidTypes']) > count($b['ObjectTemplate']['invalidTypes']) ? 1 : -1; - } - }); - $this->set('potential_templates', $potentialTemplates); - $this->set('selected_types', $attributeTypes); + $this->set('potential_templates', $res['templates']); + $this->set('selected_types', $res['types']); $this->set('event_id', $eventId); } @@ -1234,7 +1219,8 @@ class ObjectsController extends AppController if (empty($template)) { throw new NotFoundException(__('Invalid template.')); } - $conformity_result = $this->MispObject->ObjectTemplate->checkTemplateConformityBasedOnTypes($template, $selected_attributes); + $attributeTypes = array_column(array_column($selected_attributes, 'Attribute'), 'type'); + $conformity_result = $this->MispObject->ObjectTemplate->checkTemplateConformityBasedOnTypes($template, $attributeTypes); $skipped_attributes = 0; foreach ($selected_attributes as $i => $attribute) { if (in_array($attribute['Attribute']['type'], $conformity_result['invalidTypes'], true)) { diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php index 8a27d24e8..8ecf7fb31 100644 --- a/app/Model/MispObject.php +++ b/app/Model/MispObject.php @@ -1235,51 +1235,14 @@ class MispObject extends AppModel 'Attribute.event_id' => $eventId, 'Attribute.object_id' => 0, ], + 'fields' => ['Attribute.type'], ]); if (empty($attributes)) { return array('templates' => array(), 'types' => array()); } - $attributeTypes = array(); - foreach ($attributes as $i => $attribute) { - $attributeTypes[$attribute['Attribute']['type']] = true; - $attributes[$i]['Attribute']['object_relation'] = $attribute['Attribute']['type']; - } - $attributeTypes = array_keys($attributeTypes); - $potentialTemplateIds = $this->ObjectTemplate->find('column', array( - 'recursive' => -1, - 'fields' => array( - 'ObjectTemplate.id', - ), - 'conditions' => array( - 'ObjectTemplate.active' => true, - 'ObjectTemplateElement.type' => $attributeTypes, - ), - 'joins' => array( - array( - 'table' => 'object_template_elements', - 'alias' => 'ObjectTemplateElement', - 'type' => 'RIGHT', - 'fields' => array('ObjectTemplateElement.object_relation', 'ObjectTemplateElement.type'), - 'conditions' => array('ObjectTemplate.id = ObjectTemplateElement.object_template_id') - ) - ), - 'group' => 'ObjectTemplate.id', - )); - - $templates = $this->ObjectTemplate->find('all', [ - 'recursive' => -1, - 'conditions' => ['id' => $potentialTemplateIds], - 'contain' => ['ObjectTemplateElement' => ['fields' => ['object_relation', 'type', 'multiple']]] - ]); - - foreach ($templates as $i => $template) { - $res = $this->ObjectTemplate->checkTemplateConformityBasedOnTypes($template, $attributes); - $templates[$i]['ObjectTemplate']['compatibility'] = $res['valid'] ? true : $res['missingTypes']; - $templates[$i]['ObjectTemplate']['invalidTypes'] = $res['invalidTypes']; - $templates[$i]['ObjectTemplate']['invalidTypesMultiple'] = $res['invalidTypesMultiple']; - } - return array('templates' => $templates, 'types' => $attributeTypes); + $attributeTypes = array_column(array_column($attributes, 'Attribute'), 'type'); + return $this->ObjectTemplate->fetchPossibleTemplatesBasedOnTypes($attributeTypes); } public function groupAttributesIntoObject(array $user, $event_id, array $object, $template, array $selected_attribute_ids, array $selected_object_relation_mapping, $hard_delete_attribute) diff --git a/app/Model/ObjectTemplate.php b/app/Model/ObjectTemplate.php index f82b89681..ef257d7d4 100644 --- a/app/Model/ObjectTemplate.php +++ b/app/Model/ObjectTemplate.php @@ -207,11 +207,69 @@ class ObjectTemplate extends AppModel } /** - * @param array $template - * @param array $attributes + * @param array $attributeTypes * @return array */ - public function checkTemplateConformityBasedOnTypes(array $template, array $attributes) + public function fetchPossibleTemplatesBasedOnTypes(array $attributeTypes) + { + $uniqueAttributeTypes = array_unique($attributeTypes, SORT_REGULAR); + $potentialTemplateIds = $this->find('column', array( + 'recursive' => -1, + 'fields' => array( + 'ObjectTemplate.id', + ), + 'conditions' => array( + 'ObjectTemplate.active' => true, + 'ObjectTemplateElement.type' => $uniqueAttributeTypes, + ), + 'joins' => array( + array( + 'table' => 'object_template_elements', + 'alias' => 'ObjectTemplateElement', + 'type' => 'RIGHT', + 'fields' => array('ObjectTemplateElement.object_relation', 'ObjectTemplateElement.type'), + 'conditions' => array('ObjectTemplate.id = ObjectTemplateElement.object_template_id') + ) + ), + 'group' => 'ObjectTemplate.id', + )); + + $templates = $this->find('all', [ + 'recursive' => -1, + 'conditions' => ['id' => $potentialTemplateIds], + 'contain' => ['ObjectTemplateElement' => ['fields' => ['object_relation', 'type', 'multiple']]] + ]); + + foreach ($templates as $i => $template) { + $res = $this->checkTemplateConformityBasedOnTypes($template, $attributeTypes); + $templates[$i]['ObjectTemplate']['compatibility'] = $res['valid'] ? true : $res['missingTypes']; + $templates[$i]['ObjectTemplate']['invalidTypes'] = $res['invalidTypes']; + $templates[$i]['ObjectTemplate']['invalidTypesMultiple'] = $res['invalidTypesMultiple']; + } + + usort($templates, function($a, $b) { + if ($a['ObjectTemplate']['id'] == $b['ObjectTemplate']['id']) { + return 0; + } else if (is_array($a['ObjectTemplate']['compatibility']) && is_array($b['ObjectTemplate']['compatibility'])) { + return count($a['ObjectTemplate']['compatibility']) > count($b['ObjectTemplate']['compatibility']) ? 1 : -1; + } else if (is_array($a['ObjectTemplate']['compatibility']) && !is_array($b['ObjectTemplate']['compatibility'])) { + return 1; + } else if (!is_array($a['ObjectTemplate']['compatibility']) && is_array($b['ObjectTemplate']['compatibility'])) { + return -1; + } else { // sort based on invalidTypes count + return count($a['ObjectTemplate']['invalidTypes']) > count($b['ObjectTemplate']['invalidTypes']) ? 1 : -1; + } + }); + + return array('templates' => $templates, 'types' => $uniqueAttributeTypes); + } + + /** + * @param array $template + * @param array $attributeTypes Array of attribute types to check, can contains multiple types + * @return array + */ + public function checkTemplateConformityBasedOnTypes(array $template, array $attributeTypes) { $to_return = array('valid' => true, 'missingTypes' => array()); if (!empty($template['ObjectTemplate']['requirements'])) { @@ -222,13 +280,7 @@ class ObjectTemplate extends AppModel if (!empty($template['ObjectTemplate']['requirements']['required'])) { foreach ($template['ObjectTemplate']['requirements']['required'] as $requiredField) { $requiredType = $elementsByObjectRelationName[$requiredField]['type']; - $found = false; - foreach ($attributes as $attribute) { - if ($attribute['Attribute']['type'] === $requiredType) { - $found = true; - break; - } - } + $found = in_array($requiredType, $attributeTypes, true); if (!$found) { $to_return = array('valid' => false, 'missingTypes' => array($requiredType)); } @@ -241,11 +293,8 @@ class ObjectTemplate extends AppModel foreach ($template['ObjectTemplate']['requirements']['requiredOneOf'] as $requiredField) { $requiredType = $elementsByObjectRelationName[$requiredField]['type'] ?? null; $allRequiredTypes[] = $requiredType; - foreach ($attributes as $attribute) { - if ($attribute['Attribute']['type'] === $requiredType) { - $found = true; - break; - } + if (!$found) { + $found = in_array($requiredType, $attributeTypes, true); } } if (!$found) { @@ -262,17 +311,17 @@ class ObjectTemplate extends AppModel $valid_types[$templateElement['type']] = $templateElement['multiple']; } $check_for_multiple_type = array(); - foreach ($attributes as $attribute) { - if (isset($valid_types[$attribute['Attribute']['type']])) { - if (!$valid_types[$attribute['Attribute']['type']]) { // is not multiple - if (isset($check_for_multiple_type[$attribute['Attribute']['type']])) { - $to_return['invalidTypesMultiple'][] = $attribute['Attribute']['type']; + foreach ($attributeTypes as $attributeType) { + if (isset($valid_types[$attributeType])) { + if (!$valid_types[$attributeType]) { // is not multiple + if (isset($check_for_multiple_type[$attributeType])) { + $to_return['invalidTypesMultiple'][] = $attributeType; } else { - $check_for_multiple_type[$attribute['Attribute']['type']] = 1; + $check_for_multiple_type[$attributeType] = 1; } } } else { - $to_return['invalidTypes'][] = $attribute['Attribute']['type']; + $to_return['invalidTypes'][] = $attributeType; } } $to_return['invalidTypes'] = array_unique($to_return['invalidTypes'], SORT_REGULAR); From e35c13d0f49069cf0e8cda669f6c6399984f28a9 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Mon, 3 Oct 2022 09:55:52 +0200 Subject: [PATCH 191/698] new: [UI] Preparation for creating object from freetext --- app/Controller/Component/ACLComponent.php | 4 +- app/Controller/ObjectTemplatesController.php | 54 +++++++++++------- app/Controller/ObjectsController.php | 3 +- app/Model/MispObject.php | 2 +- app/Model/ObjectTemplate.php | 2 +- app/View/Events/resolved_attributes.ctp | 23 ++++++-- app/webroot/js/misp.js | 59 +++++++++++++++++--- 7 files changed, 110 insertions(+), 37 deletions(-) diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index dfd13fbd3..bc905c81b 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -453,9 +453,9 @@ class ACLComponent extends Component 'objectChoice' => array('*'), 'objectMetaChoice' => array('perm_add'), 'view' => array('*'), - 'viewElements' => array('*'), 'index' => array('*'), - 'update' => array() + 'update' => array(), + 'possibleObjectTemplates' => ['*'], ), 'objectTemplateElements' => array( 'viewElements' => array('*') diff --git a/app/Controller/ObjectTemplatesController.php b/app/Controller/ObjectTemplatesController.php index f1f52f338..dc7b21878 100644 --- a/app/Controller/ObjectTemplatesController.php +++ b/app/Controller/ObjectTemplatesController.php @@ -22,9 +22,10 @@ class ObjectTemplatesController extends AppController public function beforeFilter() { parent::beforeFilter(); - if (in_array($this->request->action, ['objectMetaChoice', 'objectChoice'], true)) { + if (in_array($this->request->action, ['objectMetaChoice', 'objectChoice', 'possibleObjectTemplates'], true)) { $this->Security->doNotGenerateToken = true; } + $this->Security->unlockedActions = ['possibleObjectTemplates']; } public function objectMetaChoice($eventId) @@ -162,16 +163,6 @@ class ObjectTemplatesController extends AppController $this->redirect($this->referer()); } - public function viewElements($id, $context = 'all') - { - $elements = $this->ObjectTemplate->ObjectTemplateElement->find('all', array( - 'conditions' => array('ObjectTemplateElement.object_template_id' => $id) - )); - $this->set('list', $elements); - $this->layout = false; - $this->render('ajax/view_elements'); - } - public function index($all = false) { $passedArgsArray = array(); @@ -183,11 +174,12 @@ class ObjectTemplatesController extends AppController $this->set('all', true); } if (!empty($this->params['named']['searchall'])) { + $searchTerm = '%' . strtolower($this->request->params['named']['searchall']) . '%'; $this->paginate['conditions']['AND']['OR'] = array( - 'ObjectTemplate.uuid LIKE' => '%' . strtolower($this->params['named']['searchall']) . '%', - 'LOWER(ObjectTemplate.name) LIKE' => '%' . strtolower($this->params['named']['searchall']) . '%', - 'ObjectTemplate.meta-category LIKE' => '%' . strtolower($this->params['named']['searchall']) . '%', - 'LOWER(ObjectTemplate.description) LIKE' => '%' . strtolower($this->params['named']['searchall']) . '%' + 'ObjectTemplate.uuid LIKE' => $searchTerm, + 'LOWER(ObjectTemplate.name) LIKE' => $searchTerm, + 'ObjectTemplate.meta-category LIKE' => $searchTerm, + 'LOWER(ObjectTemplate.description) LIKE' => $searchTerm, ); } if ($this->_isRest()) { @@ -196,11 +188,11 @@ class ObjectTemplatesController extends AppController unset($rules['order']); $objectTemplates = $this->ObjectTemplate->find('all', $rules); return $this->RestResponse->viewData($objectTemplates, $this->response->type()); - } else { - $this->paginate['order'] = array('ObjectTemplate.name' => 'ASC'); - $objectTemplates = $this->paginate(); - $this->set('list', $objectTemplates); } + + $this->paginate['order'] = array('ObjectTemplate.name' => 'ASC'); + $objectTemplates = $this->paginate(); + $this->set('list', $objectTemplates); $this->set('passedArgs', json_encode($passedArgs)); $this->set('passedArgsArray', $passedArgsArray); } @@ -315,4 +307,28 @@ class ObjectTemplatesController extends AppController } return $this->RestResponse->viewData($template, $this->response->type()); } + + public function possibleObjectTemplates() + { + session_abort(); + $this->request->allowMethod(['post']); + + $attributeTypes = $this->request->data['attributeTypes']; + $templates = $this->ObjectTemplate->fetchPossibleTemplatesBasedOnTypes($attributeTypes)['templates']; + + $results = []; + foreach ($templates as $template) { + $template = $template['ObjectTemplate']; + if ($template['compatibility'] === true && empty($template['invalidTypes'])) { + $results[] = [ + 'id' => $template['id'], + 'name' => $template['name'], + 'description' => $template['description'], + 'meta-category' => $template['meta-category'], + ]; + } + } + + return $this->RestResponse->viewData($results, 'json'); + } } diff --git a/app/Controller/ObjectsController.php b/app/Controller/ObjectsController.php index 9257620ed..a3ca0e904 100644 --- a/app/Controller/ObjectsController.php +++ b/app/Controller/ObjectsController.php @@ -137,9 +137,8 @@ class ObjectsController extends AppController } } - /** - * Create an object using a template + * Create an object using a template * POSTing will take the input and validate it against the template * GETing will return the template */ diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php index 8ecf7fb31..7fefed97a 100644 --- a/app/Model/MispObject.php +++ b/app/Model/MispObject.php @@ -761,7 +761,7 @@ class MispObject extends AppModel /** * Clean the attribute list up from artifacts introduced by the object form * @param array $attributes - * @return string|array + * @return array * @throws InternalErrorException * @throws Exception */ diff --git a/app/Model/ObjectTemplate.php b/app/Model/ObjectTemplate.php index ef257d7d4..0062d231b 100644 --- a/app/Model/ObjectTemplate.php +++ b/app/Model/ObjectTemplate.php @@ -207,7 +207,7 @@ class ObjectTemplate extends AppModel } /** - * @param array $attributeTypes + * @param array $attributeTypes Array of attribute types to check, can contains multiple types * @return array */ public function fetchPossibleTemplatesBasedOnTypes(array $attributeTypes) diff --git a/app/View/Events/resolved_attributes.ctp b/app/View/Events/resolved_attributes.ctp index 311a31032..c99314866 100644 --- a/app/View/Events/resolved_attributes.ctp +++ b/app/View/Events/resolved_attributes.ctp @@ -48,7 +48,7 @@ $options = array(); foreach ($resultArray as $k => $item): ?> - + Form->input('Attribute' . $k . 'Save', array( 'label' => false, @@ -118,7 +118,7 @@ > - - - - - + + + diff --git a/app/View/Objects/revise_object.ctp b/app/View/Objects/revise_object.ctp index c66979690..cccc3a077 100644 --- a/app/View/Objects/revise_object.ctp +++ b/app/View/Objects/revise_object.ctp @@ -26,7 +26,7 @@ $tableData = [ echo $this->Form->create('Object', array('id', 'url' => $url)); $formSettings = array( 'type' => 'hidden', - 'value' => json_encode($data), + 'value' => JsonTool::encode($data), 'label' => false, 'div' => false ); @@ -49,7 +49,7 @@ $tableData = [ - + @@ -103,7 +103,7 @@ $tableData = [ Form->button($action === 'add' ? __('Create new object') : __('Update object'), array('class' => 'btn btn-primary')); ?> - + ' . __('This event contains similar objects.') . ''; ?> ' . __('Instead of creating a new object, would you like to merge your new object into one of the following?') . ''; ?>
@@ -112,7 +112,6 @@ $tableData = [ echo $this->element('Objects/object_similarities', array( 'object' => $object, 'template' => $template, - 'similar_object_similarity_amount' => $similar_object_similarity_amount, 'simple_flattened_attribute_noval' => $simple_flattened_attribute_noval, 'simple_flattened_attribute' => $simple_flattened_attribute, 'merge_button_functionname' => 'setMergeObject' @@ -123,7 +122,7 @@ $tableData = [

- +
@@ -172,7 +171,7 @@ function highlight_rows($panel, state) { } var un_highlight_time; -$(document).ready(function() { +$(function() { $('.similarObjectPanel').hover( function() { var $panel = $(this); From 9153234885315e5652aa46f83f5fc6e5f80fcae0 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Mon, 3 Oct 2022 15:31:56 +0200 Subject: [PATCH 193/698] new: [UI] Allow to create object from freetext --- app/Controller/Component/ACLComponent.php | 1 + app/Controller/ObjectsController.php | 118 ++++++++++++++++++++ app/Model/MispObject.php | 32 +++++- app/View/Events/resolved_attributes.ctp | 22 ++-- app/View/Objects/create_from_freetext.ctp | 127 ++++++++++++++++++++++ app/webroot/js/misp.js | 71 ++++++++---- 6 files changed, 340 insertions(+), 31 deletions(-) create mode 100644 app/View/Objects/create_from_freetext.ctp diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index bc905c81b..c78f98c15 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -436,6 +436,7 @@ class ACLComponent extends Component 'groupAttributesIntoObject' => array('perm_add'), 'revise_object' => array('perm_add'), 'view' => array('*'), + 'createFromFreetext' => ['perm_add'], ), 'objectReferences' => array( 'add' => array('perm_add'), diff --git a/app/Controller/ObjectsController.php b/app/Controller/ObjectsController.php index 250fbabd2..c97c7d6d8 100644 --- a/app/Controller/ObjectsController.php +++ b/app/Controller/ObjectsController.php @@ -1240,6 +1240,124 @@ class ObjectsController extends AppController } } + public function createFromFreetext($eventId) + { + $this->request->allowMethod(['post']); + + $event = $this->MispObject->Event->find('first', array( + 'recursive' => -1, + 'fields' => array('Event.id', 'Event.uuid', 'Event.orgc_id', 'Event.user_id', 'Event.publish_timestamp'), + 'conditions' => array('Event.id' => $eventId) + )); + if (empty($event)) { + throw new NotFoundException(__('Invalid event.')); + } + if (!$this->__canModifyEvent($event)) { + throw new ForbiddenException(__('You do not have permission to do that.')); + } + + $requestData = $this->request->data['Object']; + $selectedTemplateId = $requestData['selectedTemplateId']; + $template = $this->MispObject->ObjectTemplate->find('first', array( + 'recursive' => -1, + 'conditions' => array( + 'ObjectTemplate.id' => $selectedTemplateId, + 'ObjectTemplate.active' => true, + ), + 'contain' => ['ObjectTemplateElement'], + )); + if (empty($template)) { + throw new NotFoundException(__('Invalid template.')); + } + + if (isset($requestData['selectedObjectRelationMapping'])) { + $distribution = $requestData['distribution']; + $sharingGroupId = $requestData['sharing_group_id'] ?? 0; + $comment = $requestData['comment']; + if ($distribution == 4) { + $sg = $this->MispObject->SharingGroup->fetchSG($sharingGroupId, $this->Auth->user()); + if (empty($sg)) { + throw new NotFoundException(__('Invalid sharing group.')); + } + } else { + $sharingGroupId = 0; + } + + $attributes = $this->_jsonDecode($requestData['attributes']); + $selectedObjectRelationMapping = $this->_jsonDecode($requestData['selectedObjectRelationMapping']); + + // Attach object relation to attributes and fix tag format + foreach ($attributes as $k => &$attribute) { + $attribute['object_relation'] = $selectedObjectRelationMapping[$k]; + if (!empty($attribute['tags'])) { + $attribute['Tag'] = []; + foreach (explode(",", $attribute['tags']) as $tagName) { + $attribute['Tag'][] = [ + 'name' => trim($tagName), + ]; + } + unset($attribute['tags']); + } + } + + $object = [ + 'Object' => [ + 'event_id' => $eventId, + 'distribution' => $distribution, + 'sharing_group_id' => $sharingGroupId, + 'comment' => $comment, + 'Attribute' => $attributes, + ], + ]; + + $object = $this->MispObject->fillObjectDataFromTemplate($object, $template); + $result = $this->MispObject->captureObject($object, $eventId, $this->Auth->user(), true, false, $event); + if ($result === true) { + return $this->RestResponse->saveSuccessResponse('Objects', 'Created from Attributes', $result, 'json'); + } else { + $error = __('Failed to create an Object from Attributes. Error: ') . PHP_EOL . h($result); + return $this->RestResponse->saveFailResponse('Objects', 'Created from Attributes', false, $error, 'json'); + } + } else { + $attributes = $this->_jsonDecode($requestData['attributes']); + + $processedAttributes = []; + foreach ($attributes as $attribute) { + if ($attribute['type'] === 'ip-src/ip-dst') { + $types = array('ip-src', 'ip-dst'); + } elseif ($attribute['type'] === 'ip-src|port/ip-dst|port') { + $types = array('ip-src|port', 'ip-dst|port'); + } else { + $types = [$attribute['type']]; + } + foreach ($types as $type) { + $attribute['type'] = $type; + $processedAttributes[] = $attribute; + } + } + + $attributeTypes = array_column($processedAttributes, 'type'); + $conformityResult = $this->MispObject->ObjectTemplate->checkTemplateConformityBasedOnTypes($template, $attributeTypes); + + if ($conformityResult['valid'] !== true || !empty($conformityResult['invalidTypes'])) { + throw new NotFoundException(__('Invalid template.')); + } + + $objectRelations = []; + foreach ($template['ObjectTemplateElement'] as $templateElement) { + $objectRelations[$templateElement['type']][] = $templateElement; + } + + $distributionData = $this->MispObject->Event->Attribute->fetchDistributionData($this->Auth->user()); + $this->set('event', $event); + $this->set('distributionData', $distributionData); + $this->set('distributionLevels', $this->MispObject->Attribute->distributionLevels); + $this->set('template', $template); + $this->set('objectRelations', $objectRelations); + $this->set('attributes', $processedAttributes); + } + } + private function __objectIdToConditions($id) { if (is_numeric($id)) { diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php index 9128f08d9..fda29ea6b 100644 --- a/app/Model/MispObject.php +++ b/app/Model/MispObject.php @@ -452,7 +452,37 @@ class MispObject extends AppModel return false; } - public function saveObject(array $object, $eventId, $template = false, $user, $errorBehaviour = 'drop', $breakOnDuplicate = false) + /** + * @param array $object + * @param array $template + * @return array + */ + public function fillObjectDataFromTemplate(array $object, array $template) + { + $templateFields = array( + 'name' => 'name', + 'meta-category' => 'meta-category', + 'description' => 'description', + 'template_version' => 'version', + 'template_uuid' => 'uuid' + ); + foreach ($templateFields as $objectField => $templateField) { + $object['Object'][$objectField] = $template['ObjectTemplate'][$templateField]; + } + return $object; + } + + /** + * @param array $object + * @param int $eventId + * @param array $template + * @param array $user + * @param string $errorBehaviour + * @param bool $breakOnDuplicate + * @return array|array[]|bool|int|mixed|string + * @throws Exception + */ + public function saveObject(array $object, $eventId, $template = false, array $user, $errorBehaviour = 'drop', $breakOnDuplicate = false) { $templateFields = array( 'name' => 'name', diff --git a/app/View/Events/resolved_attributes.ctp b/app/View/Events/resolved_attributes.ctp index c99314866..fd6332c91 100644 --- a/app/View/Events/resolved_attributes.ctp +++ b/app/View/Events/resolved_attributes.ctp @@ -204,12 +204,18 @@
- + @@ -239,7 +245,7 @@ endforeach; ?> -
+
@@ -250,7 +256,7 @@ var options = ; var typeCategoryMapping = ; $(function() { - possibleObjectTemplates(); + freetextPossibleObjectTemplates(); popoverStartup(); $('.typeToggle').on('change', function() { var currentId = $(this).attr('id'); @@ -258,7 +264,7 @@ currentId = currentId.replace('Type', 'Category'); var currentOptions = typeCategoryMapping[selected]; - possibleObjectTemplates(); + freetextPossibleObjectTemplates(); /* // Coming soon - restrict further if a list of categories is passed by the modules / freetext import tool diff --git a/app/View/Objects/create_from_freetext.ctp b/app/View/Objects/create_from_freetext.ctp new file mode 100644 index 000000000..73506dd23 --- /dev/null +++ b/app/View/Objects/create_from_freetext.ctp @@ -0,0 +1,127 @@ +
+

+ Form->create('Object', array('url' => $baseurl . '/objects/createFromFreetext/' . $event['Event']['id'])); ?> +
+
+
+
+
+
+
+
+
+ Form->input('Object.distribution', array( + 'class' => 'Object_distribution_select', + 'options' => $distributionData['levels'], + 'default' => $distributionData['initial'], + 'label' => false, + 'style' => 'margin-bottom:5px;', + 'div' => false + )); ?> + Form->input('Object.sharing_group_id', array( + 'class' => 'Object_sharing_group_id_select', + 'options' => $distributionData['sgs'], + 'label' => false, + 'div' => false, + 'style' => 'display:none;margin-bottom:5px;', + 'value' => 0 + )); ?> +
+
+ Form->input('Object.comment', array( + 'type' => 'textarea', + 'style' => 'height:20px;width:400px;', + 'required' => false, + 'allowEmpty' => true, + 'label' => false, + 'div' => false + )); ?> + +
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + :: + + +
+
+ +
+ +
+
+ + + +element('/genericElements/SideMenu/side_menu', ['menuList' => 'event', 'menuItem' => 'freetextResults']); \ No newline at end of file diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js index 36970fa9e..e12c65a93 100644 --- a/app/webroot/js/misp.js +++ b/app/webroot/js/misp.js @@ -2772,9 +2772,10 @@ function importChoiceSelect(url, elementId, ajax) { } } -function freetextImportResultsSubmit(event_id, count) { +function freetextSerializeAttributes() { var attributeArray = []; - for (var i = 0; i < count; i++) { + $('.freetext_row').each(function() { + var i = $(this).data('row'); if ($('#Attribute' + i + 'Save').val() == 1) { attributeArray.push({ value:$('#Attribute' + i + 'Value').val(), @@ -2790,7 +2791,12 @@ function freetextImportResultsSubmit(event_id, count) { tags:$('#Attribute' + i + 'Tags').val() }) } - } + }); + return attributeArray; +} + +function freetextImportResultsSubmit(event_id, count) { + var attributeArray = freetextSerializeAttributes(); $("#AttributeJsonObject").val(JSON.stringify(attributeArray)); var formData = $(".mainForm").serialize(); xhr({ @@ -2808,20 +2814,37 @@ function freetextRemoveRow(id, event_id) { $('#Attribute' + id + 'Save').attr("value", "0"); if ($(".freetext_row:visible").length == 0) { window.location = baseurl + "/events/" + event_id; + } else { + freetextPossibleObjectTemplates(); } } -function possibleObjectTemplates() { +function freetextCreateObject(objectId) { + var attributeArray = freetextSerializeAttributes(); + $('#ObjectSelectedTemplateId').val(objectId); + $('#ObjectAttributes').val(JSON.stringify(attributeArray)); + $('#ObjectFreeTextImportForm').submit(); +} + +function freetextPossibleObjectTemplates() { var allTypes = []; $('.freetext_row').each(function () { var rowId = $(this).data('row'); if ($('#Attribute' + rowId + 'Save').val() === "1") { - allTypes.push($(this).find('.typeToggle').val()); + var type = $(this).find('.typeToggle').val(); + if (type === 'ip-src/ip-dst') { + allTypes.push('ip-src', 'ip-dst'); + } else if (type === 'ip-src|port/ip-dst|port') { + allTypes.push('ip-src|port', 'ip-dst|port'); + } else { + allTypes.push(type); + } } }); if (allTypes.length < 2) { $('.createObject').hide(); + return; } $.ajax({ @@ -2830,24 +2853,28 @@ function possibleObjectTemplates() { success: function (data) { if (data.length === 0) { $('.createObject').hide(); - } else { - var $menu = $('.createObject ul'); - $menu.find('li').remove(); - - $.each(data, function (i, template) { - var a = document.createElement('a'); - a.href = '#'; - a.textContent = template.name; - a.title = template.description; - - var li = document.createElement('li'); - li.appendChild(a); - - $menu.append(li); - }); - - $('.createObject').show(); + return; } + + var $menu = $('.createObject ul'); + $menu.find('li').remove(); + + $.each(data, function (i, template) { + var a = document.createElement('a'); + a.href = '#'; + a.onclick = function () { + freetextCreateObject(template['id']); + }; + a.textContent = template.name; + a.title = template.description; + + var li = document.createElement('li'); + li.appendChild(a); + + $menu.append(li); + }); + + $('.createObject').show(); }, type: "post", url: baseurl + "/objectTemplates/possibleObjectTemplates", From dac0feb164a45ea91775164074a4ab5980931fe0 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Mon, 3 Oct 2022 17:28:43 +0200 Subject: [PATCH 194/698] new: [UI] Show similar objects when creating object from freetext --- app/Controller/ObjectsController.php | 46 +++++++++++++++---- app/Model/MispObject.php | 15 ++++-- .../Elements/Objects/object_similarities.ctp | 13 +++--- app/View/Objects/create_from_freetext.ctp | 32 +++++++++++-- app/View/Objects/revise_object.ctp | 13 ++---- 5 files changed, 91 insertions(+), 28 deletions(-) diff --git a/app/Controller/ObjectsController.php b/app/Controller/ObjectsController.php index c97c7d6d8..14eb20bda 100644 --- a/app/Controller/ObjectsController.php +++ b/app/Controller/ObjectsController.php @@ -60,13 +60,6 @@ class ObjectsController extends AppController $sgs = $this->MispObject->SharingGroup->fetchAllAuthorised($this->Auth->user(), 'name', false, array_keys($sharing_groups)); $this->set('sharing_groups', $sgs); } - $multiple_template_elements = Hash::extract($template['ObjectTemplateElement'],'{n}[multiple=true]'); - $multiple_attribute_allowed = array(); - foreach ($multiple_template_elements as $template_element) { - $relation_type = $template_element['object_relation'] . ':' . $template_element['type']; - $multiple_attribute_allowed[$relation_type] = true; - } - $this->set('multiple_attribute_allowed', $multiple_attribute_allowed); if (isset($this->request->data['Attribute'])) { foreach ($this->request->data['Attribute'] as &$attribute) { @@ -95,7 +88,7 @@ class ObjectsController extends AppController )); if ($action === 'add') { - list($similar_objects_count, $similar_objects) = $this->MispObject->findSimilarObjects( + list($similar_objects_count, $similar_objects, $simple_flattened_attribute, $simple_flattened_attribute_noval) = $this->MispObject->findSimilarObjects( $this->Auth->user(), $event_id, $this->request->data['Attribute'], @@ -106,6 +99,16 @@ class ObjectsController extends AppController $this->set('similar_objects_count', $similar_objects_count); $this->set('similar_objects', $similar_objects); $this->set('similar_objects_display_threshold', $similar_objects_display_threshold); + $this->set('simple_flattened_attribute', $simple_flattened_attribute); + $this->set('simple_flattened_attribute_noval', $simple_flattened_attribute_noval); + + $multiple_template_elements = Hash::extract($template['ObjectTemplateElement'],'{n}[multiple=true]'); + $multiple_attribute_allowed = array(); + foreach ($multiple_template_elements as $template_element) { + $relation_type = $template_element['object_relation'] . ':' . $template_element['type']; + $multiple_attribute_allowed[$relation_type] = true; + } + $this->set('multiple_attribute_allowed', $multiple_attribute_allowed); } } } @@ -1348,6 +1351,11 @@ class ObjectsController extends AppController $objectRelations[$templateElement['type']][] = $templateElement; } + // Attach first object_relation according to attribute type that will be considered as default + foreach ($processedAttributes as &$attribute) { + $attribute['object_relation'] = $objectRelations[$attribute['type']][0]['object_relation']; + } + $distributionData = $this->MispObject->Event->Attribute->fetchDistributionData($this->Auth->user()); $this->set('event', $event); $this->set('distributionData', $distributionData); @@ -1355,6 +1363,28 @@ class ObjectsController extends AppController $this->set('template', $template); $this->set('objectRelations', $objectRelations); $this->set('attributes', $processedAttributes); + + list($similar_objects_count, $similar_objects, $simple_flattened_attribute, $simple_flattened_attribute_noval) = $this->MispObject->findSimilarObjects( + $this->Auth->user(), + $eventId, + $processedAttributes, + $template + ); + if ($similar_objects_count) { + $this->set('similar_objects_count', $similar_objects_count); + $this->set('similar_objects', $similar_objects); + $this->set('similar_objects_display_threshold', 15); + $this->set('simple_flattened_attribute', $simple_flattened_attribute); + $this->set('simple_flattened_attribute_noval', $simple_flattened_attribute_noval); + + $multiple_template_elements = Hash::extract($template['ObjectTemplateElement'],'{n}[multiple=true]'); + $multiple_attribute_allowed = array(); + foreach ($multiple_template_elements as $template_element) { + $relation_type = $template_element['object_relation'] . ':' . $template_element['type']; + $multiple_attribute_allowed[$relation_type] = true; + } + $this->set('multiple_attribute_allowed', $multiple_attribute_allowed); + } } } diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php index fda29ea6b..66ad4abb4 100644 --- a/app/Model/MispObject.php +++ b/app/Model/MispObject.php @@ -864,14 +864,14 @@ class MispObject extends AppModel )); if (empty($similarObjects)) { - return [0, []]; + return [0, [], [], []]; } $similar_object_ids = array(); $similar_object_similarity_amount = array(); foreach ($similarObjects as $obj) { $similar_object_ids[] = $obj['Attribute']['object_id']; - $similar_object_similarity_amount[$obj['Attribute']['object_id']] = $obj[0]['similarity_amount']; + $similar_object_similarity_amount[$obj['Attribute']['object_id']] = (int)$obj[0]['similarity_amount']; } $similar_objects_count = count($similar_object_ids); $similar_object_ids = array_slice($similar_object_ids, 0, $threshold); // slice to honor the threshold @@ -891,7 +891,16 @@ class MispObject extends AppModel return ($a['Object']['similarity_amount'] > $b['Object']['similarity_amount']) ? -1 : 1; }); - return [$similar_objects_count, $similar_objects]; + $simple_flattened_attribute = []; + $simple_flattened_attribute_noval = []; + foreach ($attributes as $k => $attribute) { + $curFlat = $attribute['object_relation'] . '.' . $attribute['type'] . '.' .$attribute['value']; + $simple_flattened_attribute[$curFlat] = $k; + $curFlatNoval = $attribute['object_relation'] . '.' . $attribute['type']; + $simple_flattened_attribute_noval[$curFlatNoval] = $k; + } + + return [$similar_objects_count, $similar_objects, $simple_flattened_attribute, $simple_flattened_attribute_noval]; } // Set Object's *-seen (and ObjectAttribute's *-seen and ObjectAttribute's value if requested) to the provided *-seen value diff --git a/app/View/Elements/Objects/object_similarities.ctp b/app/View/Elements/Objects/object_similarities.ctp index a6a3941f4..744a67910 100644 --- a/app/View/Elements/Objects/object_similarities.ctp +++ b/app/View/Elements/Objects/object_similarities.ctp @@ -4,6 +4,7 @@ Required Args: - object => The object to be drawed + - attributes Optional Args: - template => The template used to compare the object with @@ -45,8 +46,8 @@ if (!isset($simple_flattened_attribute_noval) || !isset($simple_flattened_attrib $simple_flattened_attribute_noval = array(); $simple_flattened_attribute = array(); foreach ($target_comparison_object['Attribute'] as $id => $attribute) { - $cur_flat = h($attribute['object_relation']) . '.' . h($attribute['type']) . '.' .h($attribute['value']); - $cur_flat_noval = h($attribute['object_relation']) . '.' . h($attribute['type']); + $cur_flat = $attribute['object_relation'] . '.' . $attribute['type'] . '.' .$attribute['value']; + $cur_flat_noval = $attribute['object_relation'] . '.' . $attribute['type']; $simple_flattened_attribute[$cur_flat] = $id; $simple_flattened_attribute_noval[$cur_flat_noval] = $id; } @@ -87,7 +88,7 @@ if (!isset($simple_flattened_attribute_noval) || !isset($simple_flattened_attrib > - +
@@ -143,8 +144,8 @@ if (!isset($simple_flattened_attribute_noval) || !isset($simple_flattened_attrib $classname = ''; $title = ''; if ($flag_comparison_enabled) { // Comparison enabled - $simple_flattened_similar_attribute = h($attribute['object_relation']) . '.' . h($attribute['type']) . '.' .h($attribute['value']); - $simple_flattened_similar_attribute_noval = h($attribute['object_relation']) . '.' . h($attribute['type']); + $simple_flattened_similar_attribute = $attribute['object_relation'] . '.' . $attribute['type'] . '.' .$attribute['value']; + $simple_flattened_similar_attribute_noval = $attribute['object_relation'] . '.' . $attribute['type']; $flattened_ids_in_similar_object[$simple_flattened_similar_attribute_noval] = $attribute['id']; if ( isset($simple_flattened_attribute_noval[$simple_flattened_similar_attribute_noval]) @@ -195,7 +196,7 @@ if (!isset($simple_flattened_attribute_noval) || !isset($simple_flattened_attrib ?> $attribute_id): ?> - + diff --git a/app/View/Objects/create_from_freetext.ctp b/app/View/Objects/create_from_freetext.ctp index 73506dd23..b6c825d39 100644 --- a/app/View/Objects/create_from_freetext.ctp +++ b/app/View/Objects/create_from_freetext.ctp @@ -1,5 +1,5 @@
-

+

Form->create('Object', array('url' => $baseurl . '/objects/createFromFreetext/' . $event['Event']['id'])); ?>
@@ -64,7 +64,7 @@ - > @@ -85,9 +85,35 @@
-
+
+ + +

+
+ + element('Objects/object_similarities', array( + 'object' => $object, + 'attributes' => $attributes, + 'template' => $template, + 'simple_flattened_attribute_noval' => $simple_flattened_attribute_noval, + 'simple_flattened_attribute' => $simple_flattened_attribute, + // 'merge_button_functionname' => 'setMergeObject' + )); + ?> + + $similar_objects_display_threshold): ?> +
+
+

+ +
+
+ +
+
element('/genericElements/SideMenu/side_menu', array('menuList' => 'event-collection', 'menuItem' => 'searchAttributes')); From e4fd5280fdf5fd9f79917fc19ae4438fd9b47ffa Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Wed, 5 Oct 2022 17:48:00 +0200 Subject: [PATCH 199/698] fix: [UI] Margin fixes for resolved_misp_format.ctp --- app/View/Events/resolved_misp_format.ctp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/app/View/Events/resolved_misp_format.ctp b/app/View/Events/resolved_misp_format.ctp index 1fc55b00f..9ccbad4f5 100644 --- a/app/View/Events/resolved_misp_format.ctp +++ b/app/View/Events/resolved_misp_format.ctp @@ -1,9 +1,9 @@ -
+

Form->create('Event', array('url' => $url, 'class' => 'mainForm')); + echo $this->Form->create('Event', array('url' => $url, 'class' => 'mainForm hidden')); echo $this->Form->input('data', array( 'type' => 'hidden', 'value' => JsonTool::encode($event) @@ -11,16 +11,15 @@ echo $this->Form->input('JsonObject', array( 'label' => false, 'type' => 'text', - 'style' => 'display:none;', 'value' => '' )); echo $this->Form->input('default_comment', array( 'label' => false, 'type' => 'text', - 'style' => 'display:none;', 'value' => $importComment )); echo $this->Form->end(); + $objects_array = array(); foreach (array('Attribute', 'Object') as $field) { if (!empty($event[$field])) { From 9ff1d0270068d688944ffdad6018bbc191b81737 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Wed, 5 Oct 2022 17:59:30 +0200 Subject: [PATCH 200/698] chg: [import] Do not put same comment to all attribute in object --- app/Model/Event.php | 20 ++++++++------------ app/View/Events/resolved_misp_format.ctp | 2 +- 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/app/Model/Event.php b/app/Model/Event.php index fa1380043..98e6166f8 100755 --- a/app/Model/Event.php +++ b/app/Model/Event.php @@ -6424,8 +6424,7 @@ class Event extends AppModel } if ($jobId) { $processedAttributes++; - $this->Job->saveField('message', 'Attribute ' . $processedAttributes . '/' . $total_attributes); - $this->Job->saveField('progress', ($processedAttributes * 100 / $items_count)); + $this->Job->saveProgress($jobId, "Attribute $processedAttributes/$total_attributes", $processedAttributes * 100 / $items_count); } } } else { @@ -6470,7 +6469,7 @@ class Event extends AppModel if (isset($initial_attributes[$object_relation]) && in_array($object_attribute['value'], $initial_attributes[$object_relation])) { continue; } - if ($this->__saveObjectAttribute($object_attribute, $default_comment, $event, $initial_object_id, $user)) { + if ($this->__saveObjectAttribute($object_attribute, null, $event, $initial_object_id, $user)) { $saved_object_attributes++; } else { $failed_object_attributes++; @@ -6503,7 +6502,7 @@ class Event extends AppModel if ($this->Object->save($object)) { $object_id = $this->Object->id; foreach ($object['Attribute'] as $object_attribute) { - if ($this->__saveObjectAttribute($object_attribute, $default_comment, $event, $object_id, $user)) { + if ($this->__saveObjectAttribute($object_attribute, null, $event, $object_id, $user)) { $saved_object_attributes++; } else { $failed_object_attributes++; @@ -6538,8 +6537,7 @@ class Event extends AppModel } if ($jobId) { $processedObjects++; - $this->Job->saveField('message', 'Object ' . $processedObjects . '/' . $total_objects); - $this->Job->saveField('progress', (($processedObjects + $total_attributes) * 100 / $items_count)); + $this->Job->saveProgress($jobId, "Object $processedObjects/$total_objects", ($processedObjects + $total_attributes) * 100 / $items_count); } } @@ -6606,8 +6604,7 @@ class Event extends AppModel } if ($jobId) { $current = ($i + 1); - $this->Job->saveField('message', 'EventReport ' . $current . '/' . $total_reports); - $this->Job->saveField('progress', ($current * 100 / $items_count)); + $this->Job->saveProgress($jobId, "EventReport $current/$total_reports", $current * 100 / $items_count); } } } @@ -6674,8 +6671,7 @@ class Event extends AppModel $message .= $failed_reports . $reason; } if ($jobId) { - $this->Job->saveField('message', 'Processing complete. ' . $message); - $this->Job->saveField('progress', 100); + $this->Job->saveStatus($jobId, true, 'Processing complete. ' . $message); $eventLock->deleteBackgroundJobLock($event['Event']['id'], $jobId); } return $message; @@ -6765,7 +6761,7 @@ class Event extends AppModel /** * @param array $attribute - * @param string $default_comment + * @param string|null $default_comment * @param array $event * @param int $object_id * @param array $user @@ -6776,7 +6772,7 @@ class Event extends AppModel { $attribute['object_id'] = $object_id; $attribute['event_id'] = $event['Event']['id']; - if (empty($attribute['comment'])) { + if (empty($attribute['comment']) && $default_comment) { $attribute['comment'] = $default_comment; } if (!empty($attribute['data']) && !empty($attribute['encrypt'])) { diff --git a/app/View/Events/resolved_misp_format.ctp b/app/View/Events/resolved_misp_format.ctp index 9ccbad4f5..a64ed3219 100644 --- a/app/View/Events/resolved_misp_format.ctp +++ b/app/View/Events/resolved_misp_format.ctp @@ -303,7 +303,7 @@ > - > + > ', - h(json_encode($feed['event_uuids'] ?? [])) - ), - sprintf( - '', - h($feed['id']), - h($popover) - ) - ); - } else { - $liContents = sprintf( - '%s', - $baseurl, - h($feed['id']), - h($popover), - h($feed['id']) - ); - } - } else { - $liContents = sprintf( - '%s', - h($feed['id']) - ); - } - echo "
  • $liContents
    • "; - } - } - if (isset($object['Server'])) { - foreach ($object['Server'] as $server) { - $popover = ''; - foreach ($server as $k => $v) { - if ($k == 'id') continue; - if (is_array($v)) { - foreach ($v as $k2 => $v2) { - $v[$k2] = h($v2); - } - $v = implode('
    ', $v); - } else { - $v = h($v); - } - $popover .= '' . Inflector::humanize(h($k)) . ': ' . $v . '
    '; - } - foreach ($server['event_uuids'] as $k => $event_uuid) { - $liContents = ''; - if ($isSiteAdmin) { - $liContents .= sprintf( - '%s ', - $baseurl, - h($server['id']), - h($event_uuid), - h($popover), - 'S' . h($server['id']) . ':' . ($k + 1) - ); - } else { - $liContents .= sprintf( - '%s', - 'S' . h($server['id']) . ':' . ($k + 1) - ); - } - echo "
  • $liContents
    • "; - } - } - } - ?> - - + + +
      + h($feed['name']), + __('Provider') => h($feed['provider']), + ); + if (isset($feed['event_uuids'])) { + $relatedData[__('Event UUIDs')] = implode('
      ', array_map('h', $feed['event_uuids'])); + } + $popover = ''; + foreach ($relatedData as $k => $v) { + $popover .= '' . $k . ': ' . $v . '
      '; + } + if ($isSiteAdmin || $hostOrgUser) { + if ($feed['source_format'] === 'misp') { + $liContents = sprintf( + '
      %s%s
      ', + $baseurl, + h($feed['id']), + sprintf( + '', + h(json_encode($feed['event_uuids'] ?? [])) + ), + sprintf( + '', + h($feed['id']), + h($popover) + ) + ); + } else { + $liContents = sprintf( + '%s', + $baseurl, + h($feed['id']), + h($popover), + h($feed['id']) + ); + } + } else { + $liContents = sprintf( + '%s', + h($feed['id']) + ); + } + echo "
    • $liContents
      • "; + } + } + if (isset($object['Server'])) { + foreach ($object['Server'] as $server) { + $popover = ''; + foreach ($server as $k => $v) { + if ($k == 'id') continue; + if (is_array($v)) { + foreach ($v as $k2 => $v2) { + $v[$k2] = h($v2); + } + $v = implode('
      ', $v); + } else { + $v = h($v); + } + $popover .= '' . Inflector::humanize(h($k)) . ': ' . $v . '
      '; + } + foreach ($server['event_uuids'] as $k => $event_uuid) { + $liContents = ''; + if ($isSiteAdmin) { + $liContents .= sprintf( + '%s ', + $baseurl, + h($server['id']), + h($event_uuid), + h($popover), + 'S' . h($server['id']) . ':' . ($k + 1) + ); + } else { + $liContents .= sprintf( + '%s', + 'S' . h($server['id']) . ':' . ($k + 1) + ); + } + echo "
    • $liContents
      • "; + } + } + } + ?> +
    + + > diff --git a/app/View/Elements/Events/View/row_object.ctp b/app/View/Elements/Events/View/row_object.ctp index ffd87f25e..076ec5dbc 100644 --- a/app/View/Elements/Events/View/row_object.ctp +++ b/app/View/Elements/Events/View/row_object.ctp @@ -81,7 +81,7 @@ $objectId = intval($object['id']);
    - + >
    - -
      - $v): - if ($k == 'id') continue; - $popover .= '' . Inflector::humanize(h($k)) . ': ' . h($v) . '
      '; - endforeach; - ?> -
    • - Html->link($feed['id'], array('controller' => 'feeds', 'action' => 'previewIndex', $feed['id']), array('style' => 'margin-right:3px;')); - else: - ?> - - + +
        + $v): + if ($k == 'id') continue; + $popover .= '' . Inflector::humanize(h($k)) . ': ' . h($v) . '
        '; endforeach; - ?> - - -
      - + ?> +
    • + Html->link($feed['id'], array('controller' => 'feeds', 'action' => 'previewIndex', $feed['id']), array('style' => 'margin-right:3px;')); + else: + ?> + + +
      • + +
    + + diff --git a/app/View/Elements/Events/View/row_proposal_delete.ctp b/app/View/Elements/Events/View/row_proposal_delete.ctp index 470d8213d..d0469977d 100644 --- a/app/View/Elements/Events/View/row_proposal_delete.ctp +++ b/app/View/Elements/Events/View/row_proposal_delete.ctp @@ -66,7 +66,7 @@ } ?> -   +   Paginator->sort('comment');?> - + + + Paginator->sort('to_ids', 'IDS');?> Paginator->sort('distribution');?> From 2597bdf9908e63267f4f867000d32367f9aa1905 Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 9 Jun 2023 08:25:24 +0200 Subject: [PATCH 563/698] chg: [db_schema] updated --- db_schema.json | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/db_schema.json b/db_schema.json index e2fbf87b7..346c849a9 100644 --- a/db_schema.json +++ b/db_schema.json @@ -5762,6 +5762,17 @@ "column_type": "tinyint(1)", "column_default": "0", "extra": "" + }, + { + "column_name": "perm_view_feed_correlations", + "is_nullable": "NO", + "data_type": "tinyint", + "character_maximum_length": null, + "numeric_precision": "3", + "collation_name": null, + "column_type": "tinyint(1)", + "column_default": "0", + "extra": "" } ], "servers": [ @@ -9538,5 +9549,5 @@ "uuid": false } }, - "db_version": "111" + "db_version": "113" } \ No newline at end of file From 4685a96accfdacd0085ad406f5c418b365de0b38 Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 9 Jun 2023 08:29:04 +0200 Subject: [PATCH 564/698] chg: [submodules] updated --- app/files/misp-galaxy | 2 +- app/files/misp-objects | 2 +- app/files/scripts/misp-stix | 2 +- app/files/taxonomies | 2 +- app/files/warninglists | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/files/misp-galaxy b/app/files/misp-galaxy index 14301a9c4..734d57edf 160000 --- a/app/files/misp-galaxy +++ b/app/files/misp-galaxy @@ -1 +1 @@ -Subproject commit 14301a9c4cb5f607d3c0de744556de94cc921fb9 +Subproject commit 734d57edf5e76900cd0c8d5d48d6f5910e29b84e diff --git a/app/files/misp-objects b/app/files/misp-objects index 20f567757..2ca2667d7 160000 --- a/app/files/misp-objects +++ b/app/files/misp-objects @@ -1 +1 @@ -Subproject commit 20f567757d9c91f9e9256084e05adf3f73c9883d +Subproject commit 2ca2667d7668067f906e9601e0c97a79d4c7ccf1 diff --git a/app/files/scripts/misp-stix b/app/files/scripts/misp-stix index 1a1dd4819..df0c4516c 160000 --- a/app/files/scripts/misp-stix +++ b/app/files/scripts/misp-stix @@ -1 +1 @@ -Subproject commit 1a1dd4819f6d80492d0871ea7aa6f8fd57ea1b7e +Subproject commit df0c4516c4dcb3517bb5905b4aff0a3ba1ca8ef4 diff --git a/app/files/taxonomies b/app/files/taxonomies index 6bd1809df..bb5d823ee 160000 --- a/app/files/taxonomies +++ b/app/files/taxonomies @@ -1 +1 @@ -Subproject commit 6bd1809df95abcf0bc4c81776dba171af9c70529 +Subproject commit bb5d823ee4d4cfce445bfbf89de8e013c169a3d2 diff --git a/app/files/warninglists b/app/files/warninglists index af7d0c0f5..911aafb91 160000 --- a/app/files/warninglists +++ b/app/files/warninglists @@ -1 +1 @@ -Subproject commit af7d0c0f5815e1a99827d5abc224aab01874037b +Subproject commit 911aafb91a38a68bbf6f5474c06e77a039469c93 From de2c7596ee43a44caef55059d03d0a1e96d7dfaa Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 9 Jun 2023 08:29:34 +0200 Subject: [PATCH 565/698] fix: [taxii push] missing change from python script that was left off added --- app/files/scripts/taxii/taxii_push.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/scripts/taxii/taxii_push.py b/app/files/scripts/taxii/taxii_push.py index 948f42ebd..9276e9102 100644 --- a/app/files/scripts/taxii/taxii_push.py +++ b/app/files/scripts/taxii/taxii_push.py @@ -12,7 +12,7 @@ from base64 import b64decode from pathlib import Path from requests.auth import HTTPBasicAuth -_script_path = Path(__file__).resolve.parents[1] +_script_path = Path(__file__).resolve().parents[1] sys.path.insert(0, str(_script_path / 'misp-stix')) import misp_stix_converter From 711b87657f9d5d234247b1913b29e54eedb63277 Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 9 Jun 2023 09:23:05 +0200 Subject: [PATCH 566/698] chg: [stix] version bump --- app/files/scripts/misp-stix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/scripts/misp-stix b/app/files/scripts/misp-stix index df0c4516c..489cc1d59 160000 --- a/app/files/scripts/misp-stix +++ b/app/files/scripts/misp-stix @@ -1 +1 @@ -Subproject commit df0c4516c4dcb3517bb5905b4aff0a3ba1ca8ef4 +Subproject commit 489cc1d59d594000e9d0076c25e5bdfd372adc2e From 54d8d1fe79a70222147160aadb7dde9b8bc9ffab Mon Sep 17 00:00:00 2001 From: Christian Studer Date: Fri, 9 Jun 2023 11:20:44 +0200 Subject: [PATCH 567/698] chg: [misp-stix] Bumped latest version --- app/files/scripts/misp-stix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/scripts/misp-stix b/app/files/scripts/misp-stix index 489cc1d59..0b5455752 160000 --- a/app/files/scripts/misp-stix +++ b/app/files/scripts/misp-stix @@ -1 +1 @@ -Subproject commit 489cc1d59d594000e9d0076c25e5bdfd372adc2e +Subproject commit 0b5455752686408bd4e1c3e7c22359cf2460db04 From 08bb172f68a4a1c8da96b04391b648368b61dbf3 Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 9 Jun 2023 11:32:07 +0200 Subject: [PATCH 568/698] chg: [VERSION] bump --- VERSION.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.json b/VERSION.json index 317b4817b..5696da9c9 100644 --- a/VERSION.json +++ b/VERSION.json @@ -1 +1 @@ -{"major":2, "minor":4, "hotfix":171} +{"major":2, "minor":4, "hotfix":172} From 104e791e93151997354a4f7d7093465da3292242 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Wed, 14 Jun 2023 14:11:35 +0200 Subject: [PATCH 569/698] fix: make target event id not required (makes form submit fail) --- app/View/Feeds/add.ctp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/View/Feeds/add.ctp b/app/View/Feeds/add.ctp index dc49d38a2..936b3b49f 100755 --- a/app/View/Feeds/add.ctp +++ b/app/View/Feeds/add.ctp @@ -91,7 +91,8 @@ echo $this->element('genericElements/Form/genericForm', [ 'label' => __('Target Event ID'), 'placeholder' => __('Leave blank unless you want to reuse an existing event.'), 'div' => ['id' => 'TargetEventDiv', 'style' => 'display:none', 'class' => 'optionalField'], - 'class' => 'form-control span6' + 'class' => 'form-control span6', + 'required' => 0 ], [ 'field' => 'Feed.settings.csv.value', From be8872d2a84bb72cf292766f682a675a0fe0b867 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Wed, 14 Jun 2023 14:11:35 +0200 Subject: [PATCH 570/698] fix: make target event id not required (makes form submit fail) --- app/View/Feeds/add.ctp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/View/Feeds/add.ctp b/app/View/Feeds/add.ctp index dc49d38a2..936b3b49f 100755 --- a/app/View/Feeds/add.ctp +++ b/app/View/Feeds/add.ctp @@ -91,7 +91,8 @@ echo $this->element('genericElements/Form/genericForm', [ 'label' => __('Target Event ID'), 'placeholder' => __('Leave blank unless you want to reuse an existing event.'), 'div' => ['id' => 'TargetEventDiv', 'style' => 'display:none', 'class' => 'optionalField'], - 'class' => 'form-control span6' + 'class' => 'form-control span6', + 'required' => 0 ], [ 'field' => 'Feed.settings.csv.value', From 179cfda27d8fdc9b5dbf397979b932952858caa6 Mon Sep 17 00:00:00 2001 From: iglocska Date: Wed, 14 Jun 2023 17:14:12 +0200 Subject: [PATCH 571/698] chg: [composer] added an explicit dependency to avoid pulling in the wrong version when building docker --- app/composer.json | 1 + 1 file changed, 1 insertion(+) diff --git a/app/composer.json b/app/composer.json index 952681602..367c0d466 100644 --- a/app/composer.json +++ b/app/composer.json @@ -12,6 +12,7 @@ "kamisama/cake-resque": "4.1.2", "pear/crypt_gpg": "1.6.7", "monolog/monolog": "1.24.0", + "thecodingmachine/safe": "^1.0", "spomky-labs/otphp": "^10.0", "bacon/bacon-qr-code": "^2.0" }, From 1a19d76549d3a55f37ef69939d0837e70222665a Mon Sep 17 00:00:00 2001 From: iglocska Date: Wed, 14 Jun 2023 18:37:27 +0200 Subject: [PATCH 572/698] fix: [taxii push] correctly save the status of thetaxii push job --- app/Console/Command/ServerShell.php | 12 ++---------- app/Model/TaxiiServer.php | 1 + 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/app/Console/Command/ServerShell.php b/app/Console/Command/ServerShell.php index 179a562eb..a82b9d97d 100644 --- a/app/Console/Command/ServerShell.php +++ b/app/Console/Command/ServerShell.php @@ -800,15 +800,14 @@ class ServerShell extends AppShell $userId = $this->args[0]; $user = $this->getUser($userId); $serverId = $this->args[1]; - if (!empty($this->args[3])) { - $jobId = $this->args[3]; + if (!empty($this->args[2])) { + $jobId = $this->args[2]; } else { $jobId = $this->Job->createJob($user, Job::WORKER_DEFAULT, 'push_taxii', 'Server: ' . $serverId, 'Pushing.'); } $this->Job->read(null, $jobId); $result = $this->TaxiiServer->push($serverId, $user, $jobId); - if ($result !== true && !is_array($result)) { $message = 'Job failed. Reason: ' . $result; $this->Job->saveStatus($jobId, false, $message); @@ -816,12 +815,5 @@ class ServerShell extends AppShell $message = 'Job done.'; $this->Job->saveStatus($jobId, true, $message); } - - if (isset($this->args[4])) { - $this->Task->id = $this->args[5]; - $message = 'Job(s) started at ' . date('d/m/Y - H:i:s') . '.'; - $this->Task->saveField('message', $message); - echo $message . PHP_EOL; - } } } diff --git a/app/Model/TaxiiServer.php b/app/Model/TaxiiServer.php index 86ad6bfe4..106ad7cf3 100644 --- a/app/Model/TaxiiServer.php +++ b/app/Model/TaxiiServer.php @@ -77,6 +77,7 @@ class TaxiiServer extends AppModel $this->__pushEvents($user, $taxii_server, $filters, $eventids, $i, $jobId, $eventCount); } unset($eventid); + return true; } private function __setPushFilters($taxii_server) From 7853cf70c27755975a7b8771da6fc9cc05e50295 Mon Sep 17 00:00:00 2001 From: iglocska Date: Wed, 14 Jun 2023 18:39:06 +0200 Subject: [PATCH 573/698] fix: [UI] index searches will handle spaces correctly --- app/Controller/AppController.php | 2 +- app/webroot/js/misp.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index bd5639df0..38d0bd8f3 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -33,7 +33,7 @@ class AppController extends Controller public $helpers = array('OrgImg', 'FontAwesome', 'UserName'); - private $__queryVersion = '150'; + private $__queryVersion = '151'; public $pyMispVersion = '2.4.172'; public $phpmin = '7.2'; public $phprec = '7.4'; diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js index aa6d32e27..5c505f42f 100644 --- a/app/webroot/js/misp.js +++ b/app/webroot/js/misp.js @@ -2303,7 +2303,7 @@ function runIndexQuickFilterFixed(preserveParams, url, target) { searchKey = 'searchall'; } if ($quickFilterField.val().trim().length > 0) { - preserveParams[searchKey] = encodeURIComponent($quickFilterField.val().trim()); + preserveParams[searchKey] = encodeURIComponent($quickFilterField.val().trim()).replace('%20', '+'); } else { delete preserveParams[searchKey] } From 80e50d294a04523ef46a810086f8484c2971cef0 Mon Sep 17 00:00:00 2001 From: Stefano Ortolani Date: Thu, 15 Jun 2023 09:33:59 +0100 Subject: [PATCH 574/698] fix: update composer and fix dependencies Changes: - update composer.phar to latest stable (2.5.8) - rollback pinning indirect dependencies --- app/composer.json | 11 ++++++----- app/composer.phar | Bin 2205196 -> 2837394 bytes 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/app/composer.json b/app/composer.json index 367c0d466..af6351540 100644 --- a/app/composer.json +++ b/app/composer.json @@ -12,7 +12,6 @@ "kamisama/cake-resque": "4.1.2", "pear/crypt_gpg": "1.6.7", "monolog/monolog": "1.24.0", - "thecodingmachine/safe": "^1.0", "spomky-labs/otphp": "^10.0", "bacon/bacon-qr-code": "^2.0" }, @@ -39,14 +38,16 @@ "aws/aws-sdk-php": "To upload samples to S3", "jakub-onderka/openid-connect-php": "For OIDC authentication", "supervisorphp/supervisor": "For managing background jobs", - "lstrojny/fxmlrpc": "Required for supervisorphp/supervisor XML-RPC requests", "guzzlehttp/guzzle": "Required for supervisorphp/supervisor XML-RPC requests", + "lstrojny/fxmlrpc": "Required for supervisorphp/supervisor XML-RPC requests", "php-http/message": "Required for supervisorphp/supervisor XML-RPC requests", - "spomky-labs/otphp": "Required for strong authentication with TOTP", - "bacon/bacon-qr-code": "Required for strong authentication with TOTP" + "php-http/message-factory": "Required for supervisorphp/supervisor XML-RPC requests" }, "config": { "vendor-dir": "Vendor", - "optimize-autoloader": true + "optimize-autoloader": true, + "allow-plugins": { + "composer/installers": true + } } } diff --git a/app/composer.phar b/app/composer.phar index 3791ce36ed26e033e485226ed288050ead25032b..d39c3e6df0d6d7c302cce3ed13c1860815128a12 100644 GIT binary patch literal 2837394 zcmdqK34EPJ^*&ydHSCp55P4fdZ_*~Y-PqDKP0}{lHX%tV(zNk5xk)a)xi{RUZ72m5 zL>2)>al-`#0e5j10TD%9a79_f1s4=W++|hxJU0|L5P2a&qr|=b1BS z&YU@O=FGguPfM1Ih2*A8E}714@y15RY8Ecxf0Hw7yqR9_NT%owWwL1xbSzaUdHEr) zH9tC*FQyAkc!Cer4b*#UGTEZnGMFxmrgAxNVJ@ZrTx$Mk8cZ+dv;22jzA%{amgR?s zGpStOTX=TUCi#15F`XT3+N2)k)64S(uQZbOhRWHjH;^A2FJy*CN?s~A=w&kl>0A+f z<%aU8w3Nx`8oaS=I)(4HWYSw%oJGxZrIA#LjmYK)Ql<2uhfn-@Q@&KnkFr%I(^NJq zSyPitdM#V>nL)3mtJNDwm5Z6&uvb9Uczh^TN@cxtp^z^?Ea`$bQYwuVo0G}mOlhRN zsc9fTn#BK=l>9$3#bP;KOwK)Neobb`t4nVyp#|W(KbwcR2I~^3v4KRrH)94RUP>4G zx1$(vs=;y#VT8sDx~Y6BJ!26-QXqWHO+3CGdF?1 z7B5QFo6-sajVPK%L|AC>X4fxJHSO@yS@fT-mIa5l7BZ!DT~BXYdv`a0*QE+M^h2}i zl!c2tU8Ogg8dqHeO>ui>>qt8170Njlf%@qF;2%)Z!D3UQscU6de|zUDsXea3wPS-& z7gpEcK^f5q5544c1i$4s;Z}L2yf+)#>5b>h1&*sG^kk&U9W^^@lrl^k$fk{Og9WrIgTUst0B)zQf3$t$6gGHxInS=kw7w&=;%%rkC>47qI zbKHOu?1?=!80k@uy?(9%n^_So4&@Cm)hML3pL^iF24z+RrCiF>bf7)@j}_@$x{#8V zz47%LhV&0_TJ^xhFs)R<)v2)n%+-5q7}Be5KCj2X)K%oBYh-LW)TtG=80=6k&mXKY zNFVv(=3#?zL>Qx$)`=xfKSq}z{n~=*=a~{GL`vwvoNUy^*^wHUPDicvyzX%PIfc8M-{F zw=vmn$~RRj-L9Q-~;ZYVSCaB)aZBaq&@EZ1ca z8Y?0c(wI-W3i-3s1Fo(dc$x+x9jN=+eFmtazUqE<<=VcNh9G_2VdqXY5EUiTmPrlg z;K(`cc}1tjAZ@*3X4YUdRBBHf6vdby2j?ExW%e=Y!(Xbs+~8DHxb|)70jK;y2k7#o z-(Pp*lnKi(FXslG@?SkjmnS{(HQ!ue%2({!71{izRMtVbN^BPCw5bo@Y7i>6U}b*P zmE=Y#Px|=uS*;V6@5lv=#|_JL3rGhq_}gbp`HBkBkt@O}b(_$1w1yyk?316n*+5iO zh*jFBc9rUOX$I*xF3fD05TmnPqQ~TR#v4Q#NN@c78=f*4O_h|YD>bk=HJonC6bJI~ zGRN(J{rP;|BGM0^)A28ZR9_LPkRQox%9PwDJu2gb^xJKPrzZsIPG=&r9TeG;{&?v3 z&l-@53f7$-MOz#N+aET9LxlA9={Nk*AXMyNm{B@)4#Zt&Y6#LRFTKgyuZrU6F6Vj% z3Yjt2@=TqoK}e4q`pTY$kBGY=6(==9OE!~orTWO;8iw?gZ}r-)sVI;h81;b>r!{#| zHPU-JUuV^|;=It4&JJn++(CKgt27^^sc+x+OVgZ+C=0hv&EFJ z+>TPJRCXotX_?qb%RiG*!7f$htqKT9WK7LzvhDUnePv6HW(GTh{)m46EyU>vuI4C z70_wLe9i?UGXpZRNxwO*x6v>Yqd>W0KATRqjEy14pdt{eF{`C9pw0dF-EPXqsIe}; zLd6VP2I!i!Go(P2gT+XZzUG!oe`io)CSr}UvNW27?HwzZ5HvwN1X3Z+V(AUiA06a+N;6r*0MLM-IO2RR*VGs~nupF*c3d3`?s>FF83e-=IV~ z+V^6+(-1Nyfn-~HAj1$ukw90;ltNm6;iqR9pgCbBiv?1VkFGp=ZJc1+4%2NTz5YAN zwFWFX2{5%*$_#Xuvq}NqF3S$mvtC~Rgn>F`5>TrUnaXyj$MTr&a>bO=2eNlNmZY30 zNPqe6mG3r~^CpM6IRw`sriJv3$KGtmC+tMf>5UQHYDA1O954`F$+UTvbSmk=U)%a8 z!{6db0CpmHrbZ4lPPs4k3%2|P8P24Op1tWNgWR!G$g5L@&1$xiD$;|2N{)~&Bb_p5 z&1t5RSM6FQYY}WxEeTcg3aN&)wDrIPO*Kn*sv66A!0bH@3~C7J5l^lAkHKEFQ`kLf zoY@-K0V_rINcTMYaN7Y(cM8~wB!K;U>0HwDzS{k=U1M6$dja70i^(JX*~!1V!2nNY zylA5k5bpa#2Bc5#@x5OexX7FmGhVv#`7Gslo%mR!+m=r|(qK%+!VqIwIg>>|olwuU z=)NX>#ojB>-wo^x%10o;M6lMmz-TNvn2U4@*lala~MfVe1fL5i_C16_`LsZjrcUq?_+PY7fKK zWE5QRI@m}F6#h$EN&21x#_d3yJ4yD|rAqMQM;I4ICvKPFLi+lVf3z9qb_#7pAvHEa zwD;_%MMrwpd$!v+;AFc~@wO&Es3zwv;=_=Ry=&hu7}g>_Ow35u#*r-Dc&cWJbiZ-W z26^GTPS~3oWm$Q+ecM3VdPQFnk&&MJ@go))z7|XxQO0610Q(*ZZIj;Cbo-qKb}~jM z%_<~YbU?Muena6sbEp;`>Egtn-fV!P{b`FKmYB*7 zr|B3KN&(CKFUW`EiuB`OyK9*Niw;j8%&@aMl|zIc1KnvJ_pI=dF)PQ{V&K;=0MF7=?5-9>uAFg zrlHUn@*9R_QV`_%HVr~Le&W0BO23+PR-Bs|3!>a2){pdwOSjnIRCLnuSy?$8#8@H* zp7gcJH`&N*)a&;#R;RX6$UT^fDdIFXfCHj_lk`35Pj5Z;$3{feTGy2-jRZNHDY{Mi z$(Joj8I(xq%`cYh!g@N7m9_sByX9M~($$G-o+6Yh| zjU7MtSS={hmd=hxOdG2WkTcH>VtibDebN~Z7Ob4AF>+RTq+WBpW`y+lY3r@q6N!nn zZ$Z!k!Q(MHCWsuU&uq$r!UpLZp8CLFO;g}228A4p;3E=iXsPCg^xxw{_ZqB7hs9#` zls6R-h}{%2_;-O3YBuSPMSrkCy9q&cOqQD{Wfewp-HW#fDCwD79{YY}PEDy~M}b)Z zh`PAS70}nK1eA34FXmf)jr6E3m0XkWDQ4|Q%J6jpLi*s^8-HXt!;lR2$8tnNuyM~a zS9fX=kv`p<{je$18!4l5Xp+t*B%|kyXTk2m{Y`dY^Q(|<$!04)!uon-h?Aaw+OdzC z`qu7ZeXEe*QMJNX%kq`xF9y3UH# zI9<3^Y#r$jdtdq$Q`^pWVa3`4X7DR$1xFR>1Fv{(&eVqhZ&1xTI+NUj@91R5KZx)> zOObjP9c#xTw!ovM%0ojK%BtLU=|9q!FFk6tsSV~cQVyXsL^q|v$6u~1B;EU?|M|5k zh^aeLu%k23!XHSTr02gd@^Mo%u7zumOQ$*Q6xWAz(apmU5S0f3aqhbg!3R zaEvJxaRf}bt&m)n$)yV8_A{kB217yVlAibQuWdXzvP`t41f>gUO~`Ht#{GW>5fP2_ z6Z78jCc{%?9`@1XFBN=r76Vr!3`!)@JB~S{@=O&$N*C-rGjmT3Lc08{-#%p6sUji^ zr$AKn;X~3W(#6+2agRZXEV^u26GRQoD%*q|(my|V^XCmvWS!&#t;%dFguCp3SL#-g zUQ#;xF9s$F{sO5|KFsQL2@ZTN&5GXUSJiuN?&(n%fp#mpfU4h zK}34k-T$zIs!A704oLv!)cv$vN%vU$Lz{6Fi8R?#N!ff%4@%35dZDeC#veLVl3 zw$8_mfS>`vF6TyClKpgUKk}8m?KqAM9?QAxe{vJf_(5#QJEVU}-@9?+XH7#Qh6?$R zJ*8AmHYdB&rE($HJ3fZhouv5^?U|Qpwn&dX<%c%Era9a$gT{DWHpd)@JD~(oYWEJ^bvy;8K@B? zED&9w0|kimXQMwl)Bx31(qT$oK&h}#imfAk;RAQs1zp6D8%8K?_QcA(o5g+HoJ!vnW79sObvu|S_*~Kxc-|0T8SBshMBbPBd@s5@Dy>6 z4a}-cZnNqi852)}UN`;h51E1$>tDrF6;i+cn=rScCs;q}rSH1krXW-tS_0FN+rk7H z;VLjiTqLHB^s&|dzQ%Aivyzwvl2eb**jr^tkv?|A2Q6a}_sR-Jw@)Jky2{_%3=B7HB(_sNwbTSnV3 zFPPdJ1%dRmp!#WN%I@$oM2e5Tv*yq-ftEek{%pZnB^bzY()S&Hh~?E-X(*nHCS*1qPIrXf-N)aCWcaT(4qZVqi1-6Wil z9{S`n1%p(H6OH5t8{D0YzE{1~=3XR#7g*fuf(WbXH7p!flYIG6@i0lByWncOQaYh3 zgyWN6Ark}XL0b;8Gkhie=*kxv%eA{7R;*tU6(@aU>EcU`FrpK(h}C9QL)9%xQY;$j zy!~!D%%DUzJB>&RY7Jy|J}l04!VT$X&$-O5`KoZkM4eW3QpBR%f@mQ zi7f3;XF3g5u`tpFWa+8&RyiPRe&QIqMz|u~_O>tE*hgeqXFQ;4ne9AC5E8P7qAbmssGx?g2m?hgudg~QG`iX&w3<J_jpSxm=}HbnoiX5plEovB*I1;Z|M{#9GB;Gmf?WyX3?HI#NN0U=`5lI*i2nP< zY&djKd7%Ce|($veo7n^YJP*_A~({O>Ay`%rIH4YfUI_(65O6y-J(} z((!lw>S_aZN)@@qKn42s5tL=WlHT#@7lsWcVq`%h@3Vq7t96h6O$aCHt(;>eWDAFk#FSZV3#QOWJBxRKP-%xS~h>t?rmz?>$;VEKo{bB$rjrbpl za>Z0FE7IRLoNYHatD@jYOAy7~SUbJ^eQSfNSq*HldCQ3o{h5>Y48bKdhn$v{R{YCcW?Qe|#_-O~*uZTjaO|281i<}@E~Z3&lR zurv_;v5i|A4g1kvK@kob`dFLUM1p!Mw z$brHM>Gx(lZ^!*as$)R{R^%43BBZ^ST~zrzraumnK=MCvRGbVyfMOBa`V#t=V5F}f+4qeGY+jXqUx&*exD66BvppoPBWZTVXYGo+nsqa9ek%hU zZWTzPwx7jGA z7b$NKXC_~j9#>@_63a#UtpogggJ|7;S?MEHzHdL>Eu^{CkJ&~?>Zal4r5GbC(^-U| zsUKU8*JVlP-TO)#3Xd%ERatA`So9QGk&wRn^*^?re}rvS)cE|XGv+AY0oahBHj#ee zyB*d8J|QeJDbJIM5BirEajGf%^4OYThFR$C&AJfj?H@Vs0aGZFIHTIDZ8yukLM9~A zzpQ=yk_pSfRzujY~TnOnEm)o;X>>N2?9DcM>s zgtC~wbD9PreR}B6pD-0C;wv^FIMFzUydM=$yGDit>D3E9Y|R#C(Ky}-fyMW>abL0D zQlpt5P4@NgHwh*bg5!O;0oUbIZ$5nz5OQiqA+ZmJ#VnBC`^LY2&Ol(aRcePThTn*e zlHNbsz0nkpA7U#Z1`}n`I{tC=8+DxYyZH?Vney?Y8#gWZ^1D(jDe1dLKe5ad#bA%& zd=;`#*xnk^AJQiid)d`le7`Xb21lz?t8oR?P)4)dDm_m+c+>&!H1)wfziUdK5MO5@KY(2Toe-<7 z=({})K)QY4J=P4zcNwp1DCwLAbqsKV@s_+z7gPhBDD74shIGG*f{M0PwYe1jAsed^xQ5>qICEcRxLetl<)UrG9d zn=ZD7D89b61$DOaA;i8o_DN5FM}McOFTN0x2FT>WqQRusw>|V0QwYkXq_PRycEu7- zq4D7w={?dPe!bCVV?+a<^T~uyev3Sb!l$J6YOY+FzdD zG-#@)4^XjmE;R}t0C!d>h_mo06`1t#8-Mk713^n(5n`-Zn9uq@A&N};?9^9xOsX)< ziyAuLkfBO?)Vf}~|4YrPSThc{mofva`(6<}>Bg^awI@U37#~PAZo(B!xGrN=M{E0< zp7vKt-J~n_+s8%@>tgEm3oC_%;0o|G)1&*Wd8v{d>8}sJ_n)TmG^=6$eGIjom0G5_ zVKc6&)$%8OICtMZ24z+p3Kgdjn$tLJ?%IoM(4uGV_?Lm1KS>zHmfXNcw(b-Gkq+GP zH9J)<+6BD8@!_jr8L4lipZ@L-p4=5ixlG_m1~OU;4~BT8Bme9<$Kb*JkM=^0{MhiW z$en>xCEic^?h}vPU{Fupc~pNF|8SXLNPqXKbDuGwTsDUlCS$H~U>mRWbQ?);Jn_>H znu1&}gbR*}x7Ro-?p~aR+z*eG4wP!mN!A6k-RU z%T1ixt8$6~9;w2S8948_3WSn5R(hXwzrIsnFpWC7QuQv3-lAMl$d|_u&oPko0!cd3 z@%}d$NN!Waw#bEChud^IhlX%btAjXG5J{hI+0R<4IAarRtIyS6P&?I}bm88=wQ`Od z-$9J{Rz4?qq&IzMwsm$GWUAiE*e3p4;7GU6Y{(m-#o0p3UKjKs5H)whJNG_PbFx91 zR*fkf$xw^x=kOFIM0&u57anB_$IYach3@oldK(q#B?s!#q>t=4)(-fp4M2D-i|N4c zr6bV8u^tLf1$fO5(IA%3S}mcnCDjLhL54pmUN7mV+mC$K2w?II zE8I2t9PV5*bx{)E5@6E%Klz}IE5+$>yd=y$O^$dkgYQo9l79Cm$5@v>&QWzhl_aqP zOul~iQVl`6X#HUs)8IHO8Uvx6-5W5ykPXtMb8h{p!H9F$9gH3|s>sAMqQRuUdRe1o zf_p?2#v%uUEU0`};0Gu`Mo6#h`DmdkBV&Wx8gbPpsbT=201)*}+8i_~ zs+HOo;gygj(!1ujwHlUUM^rqbVN&5Oyi4Pe9=YgoyY%NaO+-`yJW8ww->i~0Q}Ejl z*Jz~s4z$15a5p0cZQEdaQ+c=%7k4lUZ6r2J>=^0&zggOA5N1z|K!&XDWirs9O6Rvzj#slf&SNFfoRMEA&Rj7l4!R8bX)7n5f zxYz!_c(LkQQy#?~4Z*rD6ip{hzxjZhU#z-1H|aaU-ER7VM7>E*$bQVO)pu8hdPoP` zHAC7(dh#hxeeA_*R}b<~bGS6!ZP&SCmq?!(y8C=n*O|Mi8$58S?w(I#r>2;;A32s& zQYY#D`H?PJQn4hYZ~fdXn|QXn zmPFMS=*pP~>!C+F=k4?DQNZ0bk!x}6b10MJP2#TRG)&jkksi6nrHw|Q%XdMb?Ksy^ z8dq~%S3bjwgsCTwiHAwL_x3e!H#O|an6t~sr2Q+_P4cP9A8MDAiInZRkVB_8(HIeRn!W-UU8n+RjcU^DR=CIhqy}HZ{qbn_D zCQ$QhrDoD{>+LdY5uZVJ4`LRVtrwKkRc5h zCk>q{;*CpOPVmr;e8pD%3ZmhBM!Np_me-m3c4b)+s*m|stm1lc<4Eth`kyw0xhumZ zR0VgnR-}1k3RiaMd`C~B1Ekk~^|&KUgIGdRcY7agb4c2D2j0=RrC9M% z<48|D=6mxD`zv=1-`LE6h%N*c>mZ$a+G~$9b@k>pAUB>CaG?K03ve{$ax%g`y6$}wKVv7=Dzq!W-N z=WR-o^xvzFy3jN-IVsEl)E5Mb^s?XVahriUxf)c&$p}E6Bao!s7d&g{kt2eT+5E7H zuPqT7kzVx7e)}3G>Z2vPAmddiY3wHcmJ5g%2ngxl7SFS8+`P&law;psmivi*N55YhLi)Nh|M3ySLKSW4#bMqgZciB<=U+6aV*)~Y^x@yz%YanT76qc& zup%*Vp7)hSZkERgjq4$;zJvfVBOf8|n>!vquzV#ahnfs&sC+6x@pD za)g7Mbk8N{>}e2Btj3bMf(#c-$4To>@eoPpuKmJu2C%Uj;PP@78E{#P$hNu%%0E8$ z(>844Y*$3vx+-<`I+?0S7f*Z3X2VQvHD;XhUwxUD4rxtpz+O>UwJ~v0`93P7 zm`M+5d6S)|s_Kvi$_H--O9>L`$G-J0E0zX)uBeUOX@-IW;{70^QRIm93zr|-ZA4Rb zq^!;9EjXMlCSdq(yJw{DNsC8x{oY_YCNbJ&L*<-8QhQ!^9<8||P4Dx!RR*D|oGe0r zCZ{ewW7ji2!}gJ${=1G>!u#@I|Dd- z^31MEZ_{DQdE)qz9`|I<549 zSlt}b*G)OXhTojgS{xr8%IC)E%ky60@T=+efMcuF5AIse(p zK{6wdHXV2C8K!-Us%ewP>QQ5kXu?~-vAhoe>{ik*FMG`$1{miu%v4^XTjhQ|0o9)Z z(5K6IBE9yI_pRIoXjyj$>YxE$D?TXcG2iL`w}GBm9KyA1=|_Ow{I|i|rrT2=?(7)t zGtq37;;5Bey(yBM9wFWv>Dy{AvfiINqfG`-t~7?Xqb&GcA^_5MzOju&gRc-}t9zY!>A5odFL62UKIZs0Qhe=jK+M{;NJT4Ew$;$n8AA zBE9!w&#r+TA3dtUYAR9pP$_Z#L|RPxy5X%G3_sJVw76U-YHNL!jC0a&eDtO(P2sl6 zh5eUtb>zf}#YI$VR~S>AXk{0UWw3!mhw33pdi;;QT7$o^8h%l|5*cTjoHx0)rS-Q^ zBH}(Me3LHv*w?MitkMYv0l5C3#M&Wl3F$3=oVU^N=%jasJHZEVumW206dFj|MEbc$ zm)Z<>*KG@p9S4+Ns{fHpK7NSCBb{@?V|JUU$`s}UAYrz!c@Xb9^1mYH>Ef}Hmae;G zi)r}ec(} zm-O!Z!w(stDpCso={eH!wL;)XuYB$p>+3inj;eh1rVBVHgZEBb#PbD_bfj>*^-?E7 zq)Wj=SxF^0^NBq%L!wipXFmD3O{lIi1=@8WCn|c0k;pNDe=1!}ddb#5K4E0(#GoUM zw^_?{C+3~&{j=>x|w`Z`Pvw85lbdT^ON>M|)t zLwJEf% z?QQcF8A;hCbfl^esH@a3l=U|0@^@^z#qeFlY4!PDhg0$DrE}H9eZMF%=?Bi*;|r#S zlPdGBuK|F6gOdZcHvevbFNzH(z2UDX*+j}Jv#CWi4xW#8r$~VG#^HM}GW^v|%%8od zda7WMKL4Yi-EJ`EOo$QFyo`X6-thU?ZZ%*NGvqhwawJ-F@Q}{`<*%&moR}ev5zxLz z(F%f*9(UPw_AsBbcNf-ek+&xD?&B5GF4Aj%{+&0Qc1_%E%8IK!MZbjuG9*a%zV~Sx zmQPM7a>V9&A&3vPPJ~68zUzkv8pf*lQ_?;_4I`_oxJ=)7@hVhKL6IJQ#*gfFQ;RKL@T!b2-6~A9@59|yY2$R z$;5)PFxHU&S+tb&hgW>5-(XFWrSAMzwfb}qF0Z?6o{fl1lBJ%sbLjJK8God={p&k6 zY|}6~LEENXA~P!KQ3rj<>Qj~Ys2X{=RC#!d`isJ@$2JW6jP%aI>+Qx`6#*F(-0*B+ z_Bl|)kY0Cqt#y`WRBn`pu?W`-0_nbw&$0WTRYHyqg2|U)laAP1^Fn&j&u7?$%lt|4 z5>0k^C(2Poq#r-H)24D)>3oMX>>A^?0PfI{x8r47jdZ^^O|wZ&RqULD6|m#(x^czl z|9P`f?J9cYKxv1cEd5>tPkP5Q%a$6PDh`y!!J!D;X2ij-J_nflp2&>!{+}$n)__jP zoIX>c0Lk1E=}XdEu0G600^CieQ1nBtA!!mTLi*ILFWGE3s3K{d^2}Wn z2iXJtRTMzGP|0QL^^xg8{gDmI%0x#x-u%TwCc&0qApwh9KR%Qja=Ytihu>wOs;npC zpaT8o9*Dp6k57HpU{-POf|$6nm%8qA`Bs@%NIUPJ{Vju7MH2+kU-D3J%cMU^PdL8& z8wRI}A0;?GFZT#9q}R1J*pXbtj|yM}MD>KkZAkxm7W0n-D=XX_@Jq)6wS z`FHF5R9R^XQg0zMI+`BTYUTs}R9GXu`<5pTFsxPa&5T2kY#qttY_R!A$^X1Y+dtC% z27Y^^L93!?rZ~saP$uRj1uqc}N&h^4w{_F2XobZze~>pf$?0=fe9oRcu43z%2wKKl z(2L1UnOt%tGdP&eWpZQXQWG}dr_}1Ul3sJghqjouRvGF(-hkakXxfBbg>Q-6NcX+& z+&Y6*MQ%C-hnq7H@xp5vf*;x5X)+2(&u?n}q`|D>llCBRV#Dc9Ae?X~3LNQ?cm4W< z2ChmsDE}j=bAvKXA#BhNVW#Bo!9N0;T5x z%TpsfS5DicSKNN*R}9ecm4PH=sl3ol`|IMQ4?NtGGsUY&nwfKmQaUo$-%!$Tl4g;< z^0*G0ja6lq6*vh~g2>j759*HdZ(qB>+OsNR4}$to56OTeZQJ+r_K?%kYSL28<-COR z0vY7n2&)~%p7H<}WkY2p%KIfqMf%EbT=;q;$|_wdY-(aRfIlX#3hCU$DjO<~QP;ur z7~XWQUIN^RqzN!MP_hXq?tKLpZ+XUsNn+-KcpQ`H#GYLwGdk(}zWQ0a-i!%ss>|in zt&{$#LI1D7FgOo#r}mOwvDY8kjLc%Ddo$U2SleP8L_c-NLL30z7|Mut~3&cF;Wr zJH{}_@*Ef3eV1U8{(S9P8!eA3%Vm1j`w|eUbJ^-(=+cNvL`I=vI(U{mM6O!)m`J~W!m~E^72_O5IWwpHUBGh%kaX5rRvE%hpK_*Srzi^B}_V78P6iS@SRR^&v?w4LA zy>hQ5zcpo#uUHm|T*#Ek7gRjwGt!f!uPE*}-xQBod`Y8LWb^9g?t5g}M%uRNjrM?D zOngd8np1zcjk{RNk78h8Dm7oSEdw%%kiP8XzuF5=V$H0QgDIV)Qgx?t!}1(QzcVAF6O^n$)3p0xJ1-x1&9`;CqCB5m&mrgaXEfocCnBsK6R|Z?9h)QC%2$%Gw zODDFDJCB5tJsdiI(lFaf# z)hOuOWYQsB^sb-%(}=gSwXzamqMP|Z1#t7TavQ#Kn}Ld*XM^olcX7cd<6V1E9lNcUC5YhxiUm3RziiulTAgnvGjlow^W2VQ%GXfI^yYvw;P}sRj$BRKwRIKX_fRpr`~yCJmgvpc9U<}e6|iGCFCzCIW3+yqUHiT_oET4Pb!3r`-Qdx7+inV(z#ZFvzw8xAgQ# zXZ|I>#PnY8i&Go#=Lpo7x4W6b2M%r^~t6jS+oeVSnC^9;p z&2PmWXes^1nrEQFQ~=VKUUSPVqX5+gs%0{YjSH9%bp*D$2UuOm|C=Lq4Wv(w_g`ab z*hTKkV|WFW;r^8M8k=-h_k%MHc1$$h_PpiZb~$DIWo*q+4y0?&+Gr={m=JIkB&|H( z_B0l0+qDNiV7NM=N`HZcljp^0jypqF^Aa>b7h%|*oG379Yw<%_!$VApoNbSW@H zG;snc0iX+S0aLDrd&}keyEfZRcJ1?#sl1Azgj_ln%qlf(cQ=vTiZQ zvnc0#qzg%Z{);E<;w;8Pce@bGg<;WN%j^}>d!#>o+g?96%*HJFCP2l87Ob5~1KBLN zq_6zJf2<*C$LCPQVgg)y%2nUoZQi@KK`J1=ftV=>)IDhHvki<^BkqlbJ&yxqA{dLJoC{( z15wSGqu42PA{v7`P0EEFg9huc1Zl;wV|~rh`$br!-@7yT2Gwf4JSQlue+r|dm)!S* zKEr6-jIA@h{D8UtS0HpeE}W5`bH4Jj)14(%3Bm;Ng*bmkN_LHm z>DQvs5c{pTTIM9uJHObl&F~Osj(j9h1UBOD(g@P4i-*2o0IIQ)8N>d%xe%v|pNRCz z{k4H5eaYq?n@AJ4P&KS5B!v(dk#0NvY@5QfF1J?hXGPWbs9Vf22+jjQj7a7Q<(Kc0s?7@m1 z=kPYA2YYnI)Px!_`=oO^K4J4V>L!C76RSAwl6D*Rh%v`e{@@s;O972?r;Sg2;p|6E zb5EHJOVTtPS!Te}Zdm_DA~U4ZuR8G$1~bMMM_Ck1=*gB0cH9EY{sK(VRUv)0`!So{ z7UR@c1hyR$g#L^`lfL80K|8Wyrlmv!uONVtfoLLurz}^B~Of z5p`0lN6=~eUwxl}s)aN|bA~`I8!tKKpMtZ=@}x`e{PNYNe0|08t*Bq!KI${^H(6+t zzJI~I?--DnD4sB3=i>@KRZ*0J^qiGvyu~2K^`4fHk66v6`k>&F9=F$r?CW~x<8!>Y zeB8L1|7yV_Ex%>zu;H^Z9^&zQ4FL}Gwj)m}Qyj5hP%~OZlB8Y3o9$qLqEz6|7EdlO z;5DH^xJzUZkbdE^sVfb8l{?0VvwsB)!2{A@(vi07k2HwKR%9^7!FczQe{MAeD=R9u z&U_tPd4N__()&99a+oP!StIMX_`5}=-JnKuIB zqLqP6Mm|uv{&=uPB0cOX|>cx-cky9O?dtpJO+5_rY^9>gD}p-oYMg)eU7DVbz^4m+ErVM!xNl$_&y|a5|ND;4K4zgIJG!HDLFA{7 zPAjL-j|^z_@ju*{3;ibVM((pOSjJ}L5Z*`@dW^T-U~>RW_4$9|h?IV;lIhdG%2^!n zj);E_+vlbgefAt#pH8&2pS6V4TTZ=}@*pd&*2ATGd*ipuWspnHL;4g)i6~U zukd6K9$8<5`uNJRy-Ha=piw&M0E?(`BdOt~nhiFgMtHq_5+(7BfWyjH?QlXr# zZ}u{|68fVyr4==kF5)MH+_-o+T~d)O6hoeTxqx>Rh)UzhI;Tdd%3HK(kr$AZG#4W! zGvw6;e$t(U0#dl%10$Jy6dz&S8P8dbWb&dxv#}$8&KDetL z+dSOmmI|}u7gMEl8D5%KR(YnZNUMl?&<+FE)1*o?vliPWD(+Y}eW5GJ#pL-O=Qr}4bg)E)Tfw_?Y_WPqXR=xvdBzFb0@ zyeo1JBS$gtK?}gqo(L0Kc|uZ1EX*J;V)2?h)LjpZ_?B`+4e@0H3zMoq!l`MtLgoxI zR>*8Y&X;E`Kv-8~h>Q3DilM8%MP zBsaq%hLsvC6sQ8X^V0=A3$e9c3W}M{dRT0fJjl@3!X`(Z7u4Vm`4ry8+dL_;iolID zrze`EPn#0c73>btsL0p|E0mV1?N~imMs&*8p`9Be{?n1cp$3)+W8BVOPzTLXeNE$H z#B5gP3z>6y7kReMe3MQgJW{M%Uz3oDBhgTkXg#Byq?g;!{9|qRDv}m4i5_2dfRv6R zzoaLCD+>p`R0$t95H~eAh{M0YH0Eu*aj|gBYeO2027x`)WC!thJ$^B5Xk4r|!QE%U zMWttrv6dHFVuk}YUL{Z}$*QX^h)sWmOt+L87wa)p*VfY8-rv&Oxf)NZRzP03Pq93j zTgR1F-JAyRl-VLR{r&3Hw$M*lv_hJ7YTQj)XY{z4*b@0#qvse{+4Zn>wKyYIG!u*Q zrgql)?u=&95t$aORVkcuRMykUNHoenOxZ9%{twed$C|zAO-@fcx`FmMk3&1uquObS zs7vr+rLBBCG^ygL(xk3+h|&;mA;!WW|$E)DTLOE4;C*xG72D7}q303!F0*9|YuMa_Dj}+SC%6 zz7uOYJsKG`Rh#b?jug^Ei$+SNv0`&FiIPpD8SDl%4yvt z?v3)jGhVnXlubE#di`#-pkq)Lv$B#kD?`papvSl`e#m%c#NKd7BiN#M8iT;CS5bNB{pD~a+Kj( zuQZmH`YAP8CN{vC)1T#-uJes=Er8$*MS7fJvD@Xenyw9|8D|}X3RXo-luFoIt8l?; z`r05s?qYY0j_Unl!@kR0gK~oHvu7c?QM8%7Y?)X@tzuRa`ula;%LAo&buc>OORPb8`?_oGu<;j}rgQ75A9}X)%Ti1H zPcZEI0Y?F~9;uLvR&#?9(jA2q`c9c(45Z`NBM28wSJ_}fU$*rOWSKFXh93!z*(t!T zQ=V?U4l;mG-B(csCL5K0i}BnrETtD!DLsSzUmLr&uquN~ZOX!f$-@<$@C%Dx1sfN# zV`>ZqEm1AhJ@gG#J@l17hC)AxEeL*VyYs)N%>L3@waHpZ;itii$WVv-v}4}jEiuDL zIT13{?U$4Q6iGQ25FyMbW{Kuzw>hrqhmr8d5I=;50Yr7B9jWG;#=yQac)b=3pu9ICQ@au86vqxAM(@6wix2 z2+Jj0SD)f^9oUd)&EneP)v2)+ytb4X0e$A1(Ds4(I{KjfCR{?ji8b`4x?;60Q$(&k zUg=)w3w;hft&c(VVbNCN!clTQ=%L6j`nXg}He2zLokgq&BzKU%Xn1yF3L$ndW`!5q z6#C>Z6|!BO$|1xrj-B0R!gi9glnn!Q_VHqx$VQVa3;SBKnN(3ego>I+gjQnJJl37h zmnM1?M-TfDBNz_V)a~y|nTF#{F=nT#QpHg}c^N~kA#A1`^>M>YA6$?7)%14gw;pvJ zcb_IoMT?;)6t=XPrvM{eLkHT~u~Xi&p0ZkGDB5wO=OnXQs!e0nRq}_3o=NPlnSAJr z!St5Z*d>8^p>+=ZsA|OUMx7%FN72dV8qt&0sdDKh1YMgN8z@)#37t2T*%rbtlyh20 z+&+o}9ji2S0TkZ-a%Yo}UGTzE!Gz^#K0|*Z0LQ5d2@(&4QS6kViW7uhF1%Mga2Q)M z^Hjx#0M=+x#6F45Xl~X=)p2Zo1lt`tWaTWUtb2epMw{-=I=yx0cdpvDqx+}*QU8Zp z`O~- zpQQLSY%FplU^C18y4n3yl}W_HMW=<;fRcy$A@EzR|H-dGjr`b7(UVt<@?bft6~_6k z$R0rw0`oKaRn)F75wRrA&FJgOuwJH!goZJ7-3(&LxTt!-&rR^=HqC8NyB)xADrT0Y zKjW$`6@;;y5)EE^|Jt7R?*6v+uI~0$1a#Y+;ZhBwt|Gb}FGF~#-ZE@ncNTbwdaO85 znfBwtW@Oi@wo?s)1eI)-Gbk!P!+}xpN5gVd9R_iyZyf>>cy~Q_)<_$$H>F*HxEax_ z%_4;}%efK>0x=UXTx0)Ri{&~Ku$sC8_e*CTkt!fyhlBVgj{t$)9A4Kcv!1p1&L}S8 z7QxImX9TMNrM6hH)`Fptn%XEZN0}BD5!7&IhC$Hy>B3=qXl5bPxbz^WV)6vL&Ohl9 z)QODM0=O=r6ZjejGlc{qf;M{yJGasSP4w`&=cO8Czb0Jc;`BD?Xt7Skc_Ot2zi3>H zxYi&i04JyvfLot{J(r+Su({N%xJM}`wg2G=+c!i?Nc?4*gs}QCX3uEvUY}^~T;0{F z2k;sFt2^7;rB*XKo13wR-k#fnozTdWSkndNj?95MDsx~qrNpEQ{d;H*Zd^PlzP~oH zb*_um+zdm~-?Fy1b5&=D$Kj5#Bk-)szbY+=|RC)Z2%arTM>#ti3h&+s;$ z9ys46q=8cge8%q}zh=f;eYP5Oo>riTdh@-e4U?`Y0BO}CP^lj`Z%Z{%$t2Pibcmzhf0Vha-qK+m+knTjY22n_*3|U*bp};}tzUqjIo7}se+;$*!jkZe ziow>^)PNI85bs`|KOuX3=zq)@qQmJeGH)|xt&;t$|DeWVTkrv8uOMzF7GnKK8EAvP zshr80v^V?!*DTJ52>KqrtD>qxVoe^W5mH&>Nx&G%%o>jJoTNNKk_ z3r91{K~uybKFl$av4}A$(Z8^Z6k*D#6H_s~f_iV3HwP*UX9J5GWix{+s^r)|3L_Za zy~f6;Dr9ptFuY~Pa7UAV$PT3)vT4)5IXw>3<4VzKEo5e9rsY^ATec@ZXP1l@5wHi= z4X{7kZk4IFhT~dR+u;@)Q(D)jJ?47#@OJfI7VE3U;)=Q;lWLUpCdzz)Q^1kC)>zvU z5CJjy&)Ua6`zvjv`9w3RAJqS)w$1h!B7%}2%52ze@Job?uppezQYObGsSCCv@CjAI zQlW{usZE|$mL$xX)|Da-Kcwqm*|eeS!$16HM27CrYFv*+C_My69IRKZ;%qf&0M2g1 znZjw3Eot)}^L{dcRw;WP*A!7hStVC)PC=iqrCflBdCh%PK=dlz{Gi2wrJr(!xCBh= z8zKiG6m1z)3uG`Gjltw7&owgY)2Nng7*u8r?113lsl>-slPJ_t&7qMM zB62qw=isb^gb7AJT+auG`m$xFW2(!7%mao;odm3HT4+tGD)VQq-aOZh5DX`Ihhsg^ z=W`BpT?YKki!BIZHQtd19Z&vV-M-!b)!vxikYcm_}!l}MVzrk z-f1b#4p-e-&%iNJ5HU91l3paT3O!*VmeP+;`gyYE8wl$Ci>p&mKxwb)3Z@-dp@JVB z{Bf(LnT=tA3x5fFaN_l4ZJyP0Gp<`3F6YZd^(+qi)T>TV&#b}HL7%@d52;~70dQoS zQv#tM7khK~gp8t4=6OwGp`5>2%;P!O9clJj41lL<^^}P#^IE$GkLlu;7i5elnraf> zR#<#>)&j>@Dzbseyxwa{Y~#@<9|n%SUXxHVS_dpVtnhRX@7?6nzBQjtCeQ~d!==ao z4`U`D!C4Nb2;-Chwjeg88BiZ=T9`DAOw_Q;%&O&oA`>)s6E>dyuiFeot)OyU#ljhx zJc91bauK}GyT8|&UH8e z;0_Z2HV><58P(VUhUtP<5MRl6n7Wov6roTmh6n$*VSoza#}J4ew@hl@oqDDE-NrQzfsM!(^PT^#{}2Iz$#?NI_nxM`qw zB~()a8x%y~bN=>1+>^n`qj4zGg+~3bItUXB!<7p)L1!Oe54hNk*uOprCQ3I+JcyPXhK5Q5`#cktm&sR$jB`S)`0x4W3` zkXO>CS&|_@Y>9$%GGTS3oX72A4DFXkl#8zp_+x!Q{SB8ja#ZEj2~_Bh6NOhYvbnh! z{%EEzE_^U<5B~IZE%1Tn0AB>dqFQ5oB;>YL?%0_20xHv9eCv#*73#xm44W$9z$G+@dLfn#NZT+ zlp18_u}Bt>dkj@4XH-jAq%km1t>jDk0c`n;=-L3sdX^S0LuGvVnD(g$Lc_mmdm+Zq z_5pYdPMmQJ>xnERS&2Jv(V_-Yv>m&k8K(Arg=Q4PeCrCNvMyUifuS`e9lU^1ndsS_ z(QscWof*zF!Roe|xwUrtWkOqm=qYhws71RVNjt{4RalV=_%Z4Y0d))jHFzpb3I`D? z7;kqJ>X2fj2%Dv>u(3HP<2N#PvawCYA8}jF_!DqSYXn(;?$}C-W;hdwO5g z1PciS+SL#>U;Q)rsy4Mz?Hh)oX9!`c+aC~0K@yP)k#gThy;f!rv2!_ofW)_;wXu&N ztRNg{)2J)w!_`8*iQuJ6EkpqU}xxJOz?6W|1@TpHDS?_ui&T*Ni&Jik&^Fq zXi>ahv+ZZL_001o_Ps&rsaloO(+Xhp8qWzn3$1fbNMmhVN{`m7 zjO}>zW_|ycog=4Za)uceT|aw+8kTF+aDjb};n3fkrjFVrc-*6EI0o7xc1^>I+#$1I zvs^o?#sSXz@l2xsJcqZoko?8}-o-)5NI9Jl6YQ@AHM+YnzlA#t0th|}Oqh^jVYbge zP`$Y0<}v}L=2)1`xz2$iZ;T@CBnF}HRc4KoszOhnKkC{*SLAOqQtNz4S@eHa*%Jia#7W)sEwEnCkViLZ9SDG|fbZ zoQ!(C3Tjii6Pyv14a(vmr^1*XFy81+-%9=Hva#E#5gslb=Pho1-MFX`S5veb zZwre9)w9~@g!YL2En;l{q}80Y8t?2zW@;U_X#MR!eewXBhkR2G5P$nm%{np732cdL zU~YzC@Hj5A2CL>C$A#CG6}G-B7-(=dgM#sPvkW#NN&g6r9|MW|PRB(|=};`5M+KdL zjL9c;oJeP`W>%^8CV07}`~Yh!OA9U`)cJKj1H+<*w(`%_{+ja?JJDU*_)k{zk0nEajRipnXG45)zIkaXfa$K(^|XT+JH`p)mvMlrF|-0zjg z9}bBG9*~XP1on>nhC9fi6l3=nRn#P!PRH_I+%l*?<<6g#BPxM?=#Q__PB;(Wt7!rN zvLEaZwn$RH)bHlmpJS01ULyN8V7Uoqnt5IO4FCJ#uj-BMZ}p3^ z`24G55DQ=Kw<19kkt`FkTaKTUp8GgRspV{<+A7U#rzv#M~Vay&)GOnivFl~_fgO9j?!Lw+3u%pEaMticfKI}gjX(r*SM`+_<8vH4b zU+7a^>e6LXm0SWh>_=t9 zh-@0>g#St8cQe>tn!9}TQN2$8{TQ8AH%nQ;_%$am}Fr= z;naN}&CPsgf(rFXx-woch9ntvT`C?@H+HHEq4-Ugyq;$At`G#T;>c8RiI_OEre0@{ zrg2I-=(cq0^KEb&ls+g3<}&+zjde}4>T7po+Bh)yu;Ude za3@hG+RXJfWk+ZC`Uu!%gVykVLCQ`dYrZ$&_mY|-jAIxp4aK`3S8_cl8&?W-sTmz% zS24nXYOU<18z0OSnYbTjw>GlxPSd9M+mT2V5uaLtMtoIu3RtI&MN5EVW(J7ts1^2^ zph(%F&XcMktN03ArM7kTyb~T#}JkL&9Yt14Y+iC^_urD!lDe1FuS84}pQ)n7C&R*KFy55x*Q(3Rd?tJ10) zR8i!uDH$ZrMO?ZuKQ@57($lb#kg@-}r+)R!ugV}|(@G2qWbe8>rkIV8##A;ofLFdJ zyz|bJlsd}=f-iYZ00;v8shgrUY86kx5TTC56W&QehYjLLFuGbbRKJP>Wbg##sQL7|X6 z7o-rR3VJbyV=0cny*JaFGaLVKM9q8&4Od?}U(IE*rYpvk<?#Fyv6g1zkwT#uobGMe6S=Bt@9a;z^aVRXkFRf`YIh!LMEN_ zh#Gm!3-7Ci6)UH;?Ml2lUoO}~{JhNw1|9E-;p;Y}Fy2}KU~_Fg_E5yMpchpWn>=7( z0H!@;)bPZKdYOYGQZ5ggbUQ4Ede|E%-%6n&R)aY1qfbD}lm_-(RR}ER0nS3vueFHU z&+OGA>fwb25qpk@lqIR)1FM>2im^L(Nwn&GOFj#~gmR;p?SxSDN_if5k+4;I5UdIJ*zzSm$=`SMoqGuU)2>Jlq^ zd%Kczn&x;X!p^Hyi(D$};WA*%44%?tMi*H^pS)DCn6-FXpf16CcCx8)eN|Xd`;&Z@ z|M(;|Te%br;aZm>`0d!p*x;sN5j*7@P)DjIq)d)Q~a|y5Czqur0K~!_Z zB;)WdRGmj2jPgfY7SlBUaIrZ_OXh=DzS&c_J0bMoFw~<^#mM{LR7)a{33BB`nnD2<58SXB%CRI!8?x2qYlV#)O=7z*`-u zj|Ww#=hJb9Pwi4*n^a@NGsZL({8G(N6>G$xH~S0~pV7Mxb9jB24KKpY*GaTZwWfB6 z(1x8VVtFda4zm~oHC=UrAK5h5WyM^C!*tb(2F=(2$BkGBOLNj}6>OvCDSJ|RWbLY% z>f`G#AW>g~=Qho2n(YlDacYdW5|+n!4T^sMkf;>(1l~4=k+<-~rjyj6OjwrSBpw`s z4X`?C1pmD9*l+=+RuzWtg{drz2>4b7aDuQmDXEfH2aI!|3+ri!j_WwL|{KiaR9*Nqnwt0=O) z@Z9EO>-xstx`qPpf<|wAc^f7)I}3vvb<$I-iKuky&CkD`c>z=gcs|4 zM)iYqt-1a}mC?8?&5>noL|>m_qfcK@uFGmGZUDroWnumkW%MMKpKfL(nLj!P6c@>v zGZn>(da0ON{q9q|Tg2zYX@oqTRJ6hsDULF$$AV2&+v!{((E2nt8&MjcQ8$T=;#(s^ z54o+VsnI=;KA;4#>~)SdscBB>2xb^4Ng_DECv-C^$j*3izPF4uQml)h)lgT_x~iq8 zhxa++rr3@(9lf>+xTpQjOgW76e0ZCeUd`BkH@zOP3v{kRN|ZpTT^~k?p89aCWKgyk zC`QcqlZiJ_E^|!W?`Buw>iYVSBg4#9b3%mi8Php|CY5tIV6dBwqSdPjOVISJZ;NQV zB3;|DrghcYw)Xz6mfn?q#|E~x(dxKC64`S{Kbs~7%By4ssCDr28CM|T->gFnrf?By zS4%fu0*5t309J*(YFz%c#dp=Jr?;iIqcx~eac!|0rmc`V!Q;0EchF_~A;&^L_nGVb z-Zy$@zv)rgx8cc&pVjM?pt(ksH1`gFroVJB5w^va`E` zjl~PR{9d5?Gr0Z&^ ztFFQ{9*%8lz@qH5Ju%AfTSpOXO-;4hRTEt4+lRFsx7_(1VOfhczfN@;!3+uCgei9_ zEFxn9mUpab?{RA73|8#T(+8jpw>En+qqa{q46k!A7Ol_3ZODRx%jS7CZ*wzVfj1bv z+D!xaIWr7bkRdW}FiAPSbfQ;Z?TS^M%UV|TtjCR~W|iU3eX2Ey4eP_eI!D%pmzv2v+({Z@#|2ih#?%L|&rd!kk9 zR=_@M%smJwM?_^;x5IF@^)K)2#1OMhHolzoQ*|3_0#8FkR{8yNnN&9A*$Rd{LN7`x z0aN-f#SA#ClqaU=lI0MN4U?GVfQgA%+u^SQ{1t}(9nGtn{3q-C`?Fw0@82HFu`2-U z3PCbz`m(=7W<~Jf`=26ZXr4`K)>2ffIc&UgSH)%+;vPyoza^*NS< znA#a~%yxwgac=%jh6f%e5YNG?`%cteB}d&)vYvz}l>>mvc5Pj{Yx8m{aS08;?dDeKuRPL(=x#V1plbe zZqI6k>H9Q-J+8icc)r2OwAfa&B6fmTklue1qu9@T0bEhxDi=y z!#e}JYWYY{Q1;^3InH50XFhAaL9QKEXMKH4-DB5ct)^OQ!lUTvP#rNnUacOZ3`!4n zy3UsH73a2dE4GVL+lf~BHH3R|(yf|Yjm#^zs}HIvR%!IU^b0tq_sx!Ri)ae83GSQC zL8l*Im6k*X6;;>YVTPxD;fS}#=IW{$sk@q2(v0ww_ z28mxfhp%;z02fYZduMWoV9Alaj8uxU^2NwL?`hN#1@k@AV&u%aJju<0*-V$2#vL9^ zkcCpQe``h^nnp+(Yg3U3O{|+QrW(55Yz!b*$$u6Styc#oR2@O?wR|{lu}F|-%_TY$ ztl&n18fTR0pUh~gSsxik)@o7+f#J&+y$8p2V9fc?J6}6xe2vz23D5iHieJS(>uZ1D zdGj?+$MGga+u*D+B3)QVG&kGZ5|SIenaNRxd+4Xt&aPEQD|Nr2u=iYey2DFt$dC#7=dXOE7c09&jOD3^ zB-x6p9Q7d?8tZ6T)p3@1tHDN?EO-yW7B}XgW_dlJZ73^z^Rn@ITLa4)i-=qktio_4 zOGZ<;>DG6)3jn9m=4Rzxpf4yFbtJ`Uh|>E?esIjeQZ-VUTW;Pu;5)j!`E(MmISO1q zF!?;+7x&1MJ;w>XGmTNHnr3-QKTA1pI&OmWSoH!wn%ww1&RvG?w1{95#f6vf=AM z#l8M*4NToIzey&H|9UD>Iv8KP$rFZ*7EmrFa85yKA3}D2;ac!6NI$vSsf!^vcfzo8 zkrt>KBf4q`UO{YUnK3XFJQc+TBP0e{>7-IIACQ{!r5YKS!F2wo|8V@tVRhw2rS_<_ zm*v*^4qhec2uL3jBfn}U)=DNaidQLrN>_7^pWx8fw-AAD+}F_8x0nWaJ+GxnZor?I z4V`;)Y>D;C*W;ZMxS%*8g;}&xqxAcS$Sit0*8FeZh%UAqHYL=>H$c=61DEGMw6DoS z?aJvy#~b&-Kb%rQO|*lG|0*b|43tI>Oxv}UdJF4ZRSLX^CavwsS&C7*zK*Qa{HCXM zpL09{v5|TFR|k#_YT(iJXxvQvPkXCPvzD-+{k(o-as$5N?L6QL8`t)`dPT3r=dp23;c^<_*MeGxEDi3%^EXw zb?$o(C_to_@cJNm7HQ8~A1!ZaoK+mOL#4~8{7a{V8p1Mp(YM_JH-n9#+rTmA$zc?=qpaS3rQ|2#S2ZCDs4mjS#S=;+xl79G0!K@IjZsn-PV`lPD#^qJ37bi4 zg>)vPqZ`uKZef={SxFg1B@=bE=OybQ6xSbR5+T}&i9nhVBO&CK8o{w~D$f)tqd0A< zKgJz9u~4#7YrZ@BgStsdvY*w>L8W4<%7${ z%JFpK?)j!8 zvQ!c6E7WNZFwDlm`B)njyUs%NZJ1lL4>~rH+n;XMWude z3k`u=JA`A^-1$ul9fC)Q0Ts9_ zh-`N0q13}$i3)gMF{pf{&H?Mej|xLY*$#PGia&Hh;3}q~;nnD`+MYmJpzC|}!p)TV z%Ct=fqNHDgZ3BcD5xcZDTYcU70D|4@fhs$5qdz(Dd$ABO$J92N!6&tS7}_4>{-pGu!csy8O(g5JOyDD`uBQ(QEM{TBYmUQjP?v>_6AKZzsN1}a-+ ztHR!U)3+QV;TxbA)C3;v= zzF@cL@Lfa|xmZ%u5B^ZfH>#tc&O)93@R-8oMQ#Y4z{M=3!KS=MMhzHN){pn@I@kU4 zD=3MCxDs0aqJxNQ!HIRlgt`tDbC+eX+aVR&@36w5?A$*k>mTz9C;Z|F9#%9DUD5l( zHg(eP@W@Zbuj*CnD=DbW+zj;==v;b`U9RmJ#)A5dzR9qDho?F`r82duC{09-Dqf#N z(NewG2&8|pYW2Qx8a(rxzMq^N1vtbLmZ$hv0$T)S&76mw_e*JM<3Ogq^A_eNAfhEW z2BuURy^4PJomd5_eu4gwH3uFsLL&jaqsRIj!CJngWf(rRHS9~1)I$yS&8(?MxlY*3 ztoX8)(7jC)yr!i>1@`Sfsu95#5UFUnnrzH`EU|p~&b(?U#Ke|G3IFFRWQH7x zOba`+rn;uoPP<9KX}WB~0Cs&j;3Q>9fXX0IlCYCX=kv@n*HAy_>iSB)_g#lL?1K>4 zSzYa}PGIlY5i3@#Sg~RqqwEp4ro51YjlXf%sSj;3PYC;Xg`i}Len_=QB#WX-o+DQx zW^jtq-rT%LP<4ovQF_BWP&|>LimhMPj^4JOJh}&0sLtaztJMCX=e6e1^sBE9yY0WN zxBvI?(a(Q4X&?Q3a?*KYj~=%Fm^?jdzxnd3U)P6IXs=XUGk_D+1J33zhd(}9K0@}m zW-L4l7OUsA6yPjPlw}#;pl>Rp0(yhAN7pW;wh!gV#n+y{#6NRkHp);Vgp!2wD5G5N5l%Iw)Ei)6pr&i zyH=uld`Iej<0lqh4lB4{r#l|e>XxT7A7js#je^r?ZSWU4YcmQfBUZOU-P zCz8O}+FT9>?^+>cMg-!CL{2CDG`{+l$ssrfi+O6Ih+@~vniV3>Z(p#~LdY2L9lNL0 zgIRiSg6bShgq{^}Wqt9*ZTot(EEW`nOQ-w@pwgW;}5_5YW3*oYwCh0N28DY-((fk4!J}6R_lHNpMf-`379}6N)pF2 zR_-46Oci|ijl8}M4yhQot9Q2C)R*JAJySY-IrzY&8l=T^Rb)|8ynR{v7N-G|e;23NR|eX94IgFCv40)q`G?pIk61rf_y0z90efuAS5 zO|^Dll#8&&WU{`9IX6?A;iEDOdy>&*Kpl6hwJ9-X^lTIV22wehk0jm{Q zs7Gqx6@e;>pJTy3BNAcsi%ecom@~gHrMnZ#!8q{FFssiuh2^8kvLr#uxlYBdScZ!Z zxs7g5l6DcdbLrhrn|TB;)mb-vCv2GX5w?c#wMaS7MRW!C4qPU*IW}R*#!l!r72v~m_peQQ%(QGVUNMj%SW^2j{VxeZx!hDjU}QH zzkz-L1#B}Eb%cd4d`1PdDEjP>3Qu`L86bKbL?js=?aV1~`q)hS4F?bjC2Zz92(W?p z(c_IqaWfC%mO{ zGRP)nsnfy%s+Y^j@IB+>!+B#X3CbV*9Ev&pcRjbUEhsIQAS;L|_HBW(T{0*MC)j|W zdi%$EXP5q>UO9W2Xaut7uV%w@QBfJtWTL_n*=)3*vi<9x_T4S0< zkV(-q5*$tJ2MLt_R2#9uEOu2&2uW|Zfjm80$4AkRZ(T}&t}p$IcDMBJ!H9Zr*ZHPz z;5agdkWGbr?2MXHpL=`?k)^*gI=@Cs{b%}!Kr!isxu8^zHW8W0CY{Qi#sdgswonS- z`oDIJOUe@}W)uvvu<*Mpp*3XQp~AaqnhMu9{N9+`i8grxaEWEgR85AtXV z)=Kyzyv_hh!Fz%tSf+Yb;N>c<5GBBRjXi$^tWwatr;_w=`f93$g&oRNjEc({Opy?Q z@vpcdPz~+bs>ygXUF#wy`U-yp%#?wu?pG@xlNeg;DCbMwA9r&CRMGP&Ows88*O{}V zw|hA=K>@NKKbq6pDx6!%e?HGc_q;#FjW*^-AYt-+n9!og}4HD;8VWfYksSKy5>) z+yGwFz_4H`W7LO`_>0&nT~_WlV4jIBP%Vq!I|xYSG#U2>gFchF(7%3sh0fXQT4R4O zXmrn~WBt2Ll4y@XE)ASX(4;b!QW8ley9m99W@~v32*XN5eMtq5IU~igH zyLu@o2^II{XIY*gbdU3m_Gj$Pd3cA)*fzuscwd40hL|N@ngd698G&}M#7;j;F%NUg zuFWnkarMxGFSa#g{c;m@IsoV{AYBZGvUbGY1h|H`NCr;Eqte9(MQJG*VLMxeLNI2M zj0?(@pjHSs6MRRmk(`rZjYZ7-S0_ZH03{!xx)gTVz1F0-B_4g~PM8_;@zXA-t0raShe2vBH4^>e>lKzh^tnTH60~$rpiF9f z@y*H=!TREN_?dx(1A(xA@jvjjzCg2+37EY)gmmAdA0AH$|Av=uMs0u){=;~B0qybq zC1(oG>zL>8-7)(-mOi0ddeZo}!owC0r7~#(F<3<8;~kAZjGA;SuGy)Mqm;+tv=XO5 zD#taO25iY%6VxqsQw)BFiX-y$_x- z3Ni&VjXFU-dSKsTiB$KS@_6vw;dFEG_UcpmZ2#Wl?T`Lsaf^UE&b^Fmw_N;;u9;-M0&|6pm-rW?QKtA4tiwK6TLf;uFZNP zr(n3`b7Pg5Pi0H6dKHA^5K1E>wnp!fa&70u?#@2*(rlqv`2MTygDtg7lzPv-oD=i1EP0xrfWvJmKE^|&!eL>0)S*UmqO)eI-2vB%afW*l(F!*$1VlAAelwxXt zD=88n{jZ}cO3JtD*Xpwf*^8_TaRN&;c?|Zzd{$H_pkvF4FzS}FC|E|dr`v63azQYH z8S?1JZ?Gxv5C3+TqaNAsaVBFP)E*seLKk}=yb~HHeTAYK@c-- z8ku3e(ifW;PR{$3=6nAn=jqLzq?-Vk=G9Tib?@&+rHywh-3oJcMNPm1!TYn5sZ7Cj!((Ko;Umw)1!o^_{ZI@6}Y zI!AP^Idv-nh!U0-_3R7m1(G0kf%1b-a;K$t1SC3~FPV*uQXz9|*BQAs;5s=z9~_AY zssG)EJM4sElsA2|b2Wq9d89v*uXyuTI~kI9i(pE~v|vSl+V~E(Zi5!Msz4@=O6Z<( z`K7NU!}icjSjdtjo}{v^)$FqC=Bhs0987zY;U$INR&)Ps`~e{$jVaQ6&T!i6(aEAg z@=b_(@sFPk&M#X_@ZQ_nIaqqc_K%sry=Rz1f*m+Y%BPPW$Xiq-J%B1-KEbg@QL4ws!c$B+dJf?qAM%R z#XpANwCP1#t{X49BPgFHlI)$?-P^HjOJRJU^dmf{uioR(AuIviSP162fmN11QQ@xl zjtbWEF{~!B1xv+152ckUCgZ=rpn)Dh8Rx^dlkNns*Oq9IIGfEbrzn(&X*n!w?W5U6&|2OP#4t^is!UtG3nCt{7tqX63n7Z0t1gO`o$p9kWLkn0Lgj zV!s!L@)rCAw?1zb$gQTi5zmqR+=W`#c|&RNLficTjoM@5B(ZgL*Ux6QHvr!m(qd(4 zLLmdiX9e)$i=+5!HIC!^r0M>k7^t={{NPA`Y#}Yv44FqW0C&%?PKP4`#|4%q)h)DP zWgiQ8AUq$B5uccie4}TAUEsHbk(4lA!LrvUr&rvYI#Ah_q2iM|N~vhNBaHQ?zLl?4 zp9bMPnDow&Cc$uCb0RpdRGD#ra+#^qLyx}x4OSIeNBs!IJv5=+!5PjUYo~wn-`@W1 z8~*yY;boKlvK4F^9W8LmD8PPHWarEV%#AbyKsDOcX5?-Zb;H@wxYVfF_&siEFh1d! zI$YxYQO*coy%vHpBn%gjXD>RPo!tYJ99w^mDILHXZ0%?s@u8WG2KGb+VbHKk4icdV zpGA)}y9X`Z^y>5!5i#p-2QYSmd(-_YxZZ2ky}59$hZ97WNUEF?K;BD%l`5c-fF+Km zRMu+ham~d$@$vLkr}KLK`Kztty{-TCYI|>M6D^*~t=Q*`K$EL;vFsUAIt>s7belpM z`V(|PV>#%e(drLQy7++aR|A4n_BZ;ff)Cf1&{$Tf7CP#+2QqbEB%nj+!>>Ts)fj+K zc;_K#;FmE^vC&4NY-#X*zt&uW9^xfJ-|@DKNn=G6)$j>8KW70kB$s1NxBglsRKru0 zmmahsu|hmVkdF~m1qxp7yxhX#Xa!h8zz-T9&H&D|`<{Y<(>d__#zeSG3L}lHBxaa1 zA%q)?+}eC2%6pFnu0f9_)%!L(iAX@jT@EXAro=5$hcAMOC4A|pnr|DD3ZI8gmwe|T zG%tG*h@a4j7zVo?u*?NdzK>oSYfJUArg4+Qc3W5ITafFU2L1%d-#$1QkL3^E9lqs% zxV(7cpdH$7ee=dewhK_jx<~TH=%M~~giMR_}bxW?*karmY zv%t1t1x8&0?OERArl#a(v(wsgIwUb1nJsU)Zwc`Jei zTfxCE5$y7r%Z63&{p{m=-H!MLfMm@B7Rb8up8QpTe=1x`#$o~|VL#NUqGWbdZaP`n zO6fP%G!`kUnizIqSt?P3n@r-caq@cq zTGTV1+inGl5ply)HWKbAOf*Urwy~F8{mUhI+5F_YoA7wB5Atv3lBa$pfXWMs9zLj z)Nrs-#*(7i!*@5-eNd1+r;07U6h<@A4ou7uHB6#cPZSg;=ZR94R~%Q)55$r`6pSYlhysreqkDB`uWK<@ZolDGi- zQ*M+3wx(H~%wLQAi!vsg@VbPX9y~=Mf5|y!+%9B{q4_g&XxvBGd~f#sWPEiwg){TN zVgIpmP>;kbAZrG92xo{aAiNhOy?ziRR}DIFa5xoE=I^q5v2<|S(xQs`LjwT5TWv5{Tln$OOkDh_}&qREIfnWQ&UR{tH& zA%qq5hvHr^2g@PV&tg*rp|cbwg}E6 zSmkzApsBN{D3=s^P99@NJuJ_*$;R1Dy)Qo*v%L=b~AQjB>s!zZXVkUNe2jpH* z@d)Q4XmCH9iJe_X)5SEJ*f&_)77`JpUwF1%LC<~Ncz<<{%v>%6c6DCVt+JKn%Exwc zW*Peh11On9Txl{Iw;`!O%2Mk^y|NjKHcC0r>=J154{UwA*0GB)ZnbioH=pi|0^Q9< z2c;EG3!khtUR=Q*1?~B=h*>CfvW$AYLsmRlrlg6VnE&$h3M(|ZUS<%GEp?}(RtD6e z{O&mv=7q=m&=66mN#@)__1)gPL4N^!NN0_=uph%Dq*5-wReM0eR#aXbLDEf{c_O-` zm;ZFafMR@GoCFYrpfLws9Dg_xE%h(_3Et;E1t!JI%G0|*q7}wSxI*FnLP8!+jHOClG9UJ~aK zyXWG*LyT{F!P~5A4tTM1@D+-AlFicoJKON&0+)TjXknv@WsaZuL zmth5E&N7Wf$Td!7jtsNU$w9C*49$_>%~>`PgCRflx5*I; zIk1ctJ4sfRjsoI!c~%&*yZi36G_bW3N)Bw2L}>K9T|VGj$U$c4m`lo-Q?9v@G9opL z8laCClCTx7MJnoapcTZWXHOGH$15ptkq99IQk*?$T&J#xFcsU}Z~oyDBZMGW7HT9T z6iGWDBBT{Q6*Vokxii(Z(XBo=w{$5h697#KRrp$M5J#>+wFTgH@1{4OyT8CJ3J}iq zOT){TPCwCKI2ZITY*Dfvf`VWyi^an-83Feqjoqxk^#fE?=gnuDZPS2RA_7omV z0v)!ydW(G@wKh0S6IMXa;p9(BS@3RgMgisxJY$23u_I|mKCfqH+FBT>Die~ng}XX- z2LqIn!;<93d!sw8z%2|46$#A#FrK_qxfD;DYe}y#yc17w)$vhr!@?zuOgEf;32^dU zF``rn(rMOB@!uulh5u}bMJ^!h^q_IBE|52YAHb_#Kx&t zB-3QQZX~^oPMrpDmrZCy`c&-rFz7b@P)_-Pc3tTOkO#sWOoA93`c9zmKDknEPE91o z(k57HMn#_*sZF0I3Kj1y(E5G3zFqJ}JsipxVZdGZLpe&3a=?2nZPZQ^TvUB%SN{gRFJi%MxzX0{fH70JgxqC0+Q8|4&T8ms8 zyv>QA<-bJPUrexhMgkHl?3!6a0bkOoOU`WN#bVwAu)iQ7S1)lk`AR zB=Tqm1yoEG%Z!c-=J;fF6_)sYRUce+Mmh+cB(j`cjOl>n;$9-D!J{CGZAmy0EVZU~ zBt-=xfHm2*kwAkNW(s!BesO>V z(;yytd`0Nmj}fqDS9<|R8njl%;*(F<)3zX~tnF&xdpJP^B7LoC$g~f54>@Ladf4kJ z&YT)}%0*z)>8P@k3$7$8kbHkWe%n1S>;Ce2#RD*vRRvAnwTyFF zx-Mfxs`1PB=z`lZ9d*t1_;~NtOAIKhjh}%#DW@T0@-c;HmpqN57bt9yC4l4`?FyZj z-;@6_Kx$&(v7-?OK#0fS>vGBENL=q zvY-^c=g^md+%$J-*wVx;5veKvYP7@2R%v*vzaT}{!5>L!`}>zW*nhjv*AHlvV~o*$ zEu~ft6lPdhmsb&>aR6^fCcNKdkysnbVx&{C`JlF*T^@-2Vx305YLpS zx`Df46u$OEPrzofWh*DC1?qkCMuMqZE#2x8ION2$H~1?^2Rqpx1ZtYQ8k{8;UOnW^ z*~OU1d^os_nB;JJtS&t;)l>i^ZJJGStE*{H$+arb1nVqT>wMftl=^-AQQaNpb4N-s zLJ^aw%!IBoRda&R%$nf&2$ z1;c`zhlss&aNDBqK#d_`Ym&{sscGe!$m3raNQD~9fv;^LILu;88@r+%3l5?kGO{s$;3=AXWdokI$*2qAXNtjv=HE0tw>EREo5kwqN#zK5|mwOC&Dek9m znQ`WAAcPMD2oaXbTebq+M5DAll7v1k&nN2DHbe?Nl$9DhMIl@Y4HBodX)Sf&wyWmw)r=@$QN~q>=9HA;%d9hInv`sp>MNRF0_+I08TcdDer+AFP^k%-Bz;}$>A!lU92O;zTQ4fo)KrK^3JUo(B(sy z3`H=)9qMu8AsP6>fH3F!cc|jBGm(144u?Xua4!lVg6$b3WK&YbXjw_5euN3dPBlV@ z-bW(zkcy|GEVT!64`w7r+5jBZ6a@&=zYwKU)@Rlj(}~y7tQTHLlLvmeyr=c{(pQH~ zixt4Nzi>v@GjbIW$d8jjaCOIpxA~?)tLLYNY^wB*F>#2 zwZcW4%`7&BcmLNO;DSO?jQ>dJV=i>CbtB`XxFa}mi6)~y8x>`0{VKqzpC=LU{$8?j z?a!{yap9q23f6w&KYTCm_mGqeN;c|G;DV)}#+^~k&fS^d&%-`a1ggEj{0j_s-hw@? zd|)%#2i8a=d;8ebgU*UNo#FJ)h}LDR+tt?{i#MUpge#3{G)0>g!sb0BrT#qfZ;RWpc&HrE3lGtl9)ST76|QJZx6d4D zw4coDDU;CFpoakf19WX^SwKIj;a9aOapw2 zo_f*v0`Gy}(I94j2Z5!gSJqRpriB*KlMr5V<}0{9nRKt?i~27V`bCp_MHm+8J3zBY zW8c|}w2f`5UGUWO;66{4UT<}tZ1tX0>M0D9jpfJ+e+%m@VAvPgIDVB^UHwSHVm@Os z$EBqTFRqwO&>6-}(I;|@H-fcrcYWhe>)&sY(_N|$A;MhaK~QMDvGa2OU~hf<gJVGBdR>mSzYZyo5%Ppn#f{qPos*;I z(AX}K!Uc889QQBhd9r|ixtvhJyZjD5^2mdhd&v_3i@RazEOWp^K+7T?@hNTsR9G+Z zh);dqsbHiKG=X#aG@!D~6kCT3^cSQ+vP4hbWCtWT86shYU^5CqXsUkdq(H2roK^B= zT$~r0NX7DI0Jhw-onYPUU@r@3_qQ;pf~f34BsB?N5vzqYwVn+kRTERB!_AL3@rqWP zgZF!;Pqv0C0V>H`7S(fPk`0C%gv0bbcPc~LObvxAa^nCc*|3n3U(B)N@2Q4TL!$(N z@#^C74g~{_%N|;JG+9Khlp>S6=F;>VVXaDQvLPyMTL>t%?E`2fQ19?iFO7>3h<_MH zQmGf5DhVdA{aSHMYjFCMTOD3Bs68iz))LXs6}nbaqj)Hgl4m$iFde)3ai%6&LL{yG zJf0GgO(cq# zR_KPA6;P6=n9$hEYH_%AXs3~YpqVYgtueT3l*8&CiS_oe(T`*Z(zQa4AaW`TiO20l zqshf|A%c+RuwY7|e2MVkeHl&4IJV!xCT6J^83A`po!kKE0ItB!p zGNJ67s=OhEaZ-gs){{D*$^w{vh6UOpo5MU+U1mHokyJ53oDn9}@{^ zF}e{^OsPjk&UggAcPSsG$Ko<37{MYqjo{Y+lWkFBd`6$jPQcYCUBIj^^GwB(bVsfo zxE@)XVSC#6Vk&!$ioq|KeKZVhDQ5mXTSuT{M$_W&7RW$Pls$&2>-5#ZT;Gi-`pZ;;U$( z38g)Rb!5uH0)JqlTn3a&2AT8mShCuK4?YpGk4iH(`^ir%6ZV9!-z<9A{TB+T4%qt5 z?GxFC#|5&%POjS!J%6Gn2hIjn#eu-i*8v zS5i+BSq%mJ&;pRE2Zv{c!UKmW*;ru%iDTVf)ON90@6+{H&kv5_U3hTt!}04aXeV}F zl6kesx#o3-Ss_i0Ug`oKl2OBUHfCukk`~#HL~`R zk@64Yu*yK>Lv#?hDi7OAl23SW4aq0513Hpwg-F6nO?b8rMoqY#UJuS8g7LTBbyuET zpd`j<*5#wO2&TtR;4hJ-vd&2N(y!ojN|Oo(pd_kLVJR(cc+e+GCwbivs{NQ3tSS^&OIa3$AoJo9UK zVEik?K0gL0x@r3dk_Ytjwmx-bKnFTCTF@0jibH|x3x^@aIEk6w6Yn=FKW*8!ZD!J{ z?*Lk&F2rrfG+%wC^HQk>A)#Cx+m;6q2?$&&wCeV{6WdsTYuHFO@B|snQ25q4z@smw zk0~m!#PDO269i*Ga~Z@Uk71v3wsS>nfY3FVOX&TZ*gKn6F{QWww!*jJM!;`xIO$!T zcPD>F?Pwy{8Iv$!^>YTBZF#e(%DHA)AJMx~;#*Y-5*;dqNEUa>E6<0cK`X}|gg*YC z@KE3mcQEn68UBo4j2bZHfBgOL|MB<#ga1j-|MB<#XMaTu6LU6c`_-Z3WaK6zf}>9< zkzV2s4HFJfAW0?MT$L&TN28(A@qhgN|Kc}ld38&C1+rF_491B5-oqt6MpWnXcl#t3 zagglq%0LW)426T0|Lu(t(mwE-eEc4Zgzka3x`0@Yrhu};e{9ky_qsGTi zZNB&@|J7gloa}%~Pe32@*kRB5)8E#Dw|+ik9F8P!tg+rCS=wq^Kv#-{Cp9mPFSzmN zyQ>TM<`ml^iscAwt zkRj{=j%t(Lza!Vy5&y$E7vKr+phFs7f>o3gtwlXklE?#!QmJ56=uS}UWsrG=#(B=1 z2cF^p%LHJ>hK}uBnUGDl8bnSU8(VvOJA239Z@t{w+up#|fDYLAV%p&O&c>gPcU~QA zt{-e|qS-eX+3}*`kOxo_X{nr2BpNz`r}GUZ)!qW|n3heW!C0!Mxjka2)D+@8?iZ-) zh3gP>OH8l@-%Bay9{9@cO?^ zFA9It>1^*Kt^MBm4~>t-H>x#}$~j7dSSLH)q%KMePGYphAW(;SbIp6sT4)v{;)ULD zo`ufN2Mdy-8%z5WG$*EBiBbIn}AYaoAZP16InAwSxNPcRn5aC z_8Q0U=u{?nLkc=}Q_MgIP3N6yb!h=wg~f;NGiS)~f_aS_gV7Y*N_RnKBhu`3OYl^N zNdPy1bF3?G=}ee^I_aX$PNR>DD!Q1C;qRkYckWYUDS=ENX|<3YWO_b4J)3dcT;MMM zet>uZsnRp*!R|Cba>y(3#lgV2 z7AiR!NNb2Zd1ln2Fw{Vim~2jJ8g-1%f#qLbO^tb>V%LLkzmtO5_XZ5mnm()zfpG$ z#f`uR+0@Vr>?I{4t1nna@70dUbN%w7PXNy~OX?qNE+8>qQ=Ww49Z)HxiE{j2lo03< z$J~f|b#{jCL#XbyCYdkPSHs8Q&ySpgco zBcv{WAYl+T70RY@(l`^tq`{s`t0IpSPj_EX2k|xwdNqP3g3DloQ(@yvj1>#Y8!_K+ zn8Zoi)!UCfkd;%3xtzdIFCE@#sp(TNORhK-ku~djAi_=JtU>aRAGBNp!P#_%w&A*{3o7j zKe0zjkT)VZ6AN|k;9gZOAQ91qogsfzc#lMFd}SX|NQNNIQm^$6AGng0mu^=tOZJuK zyAazPg736UA!$6sP5@AqDq2nF>>4mpUO*3q<*gaQL#Oc_kVxHpa+HAh%$Fd9I;6)I z79u&@st>V>W1go%Jh@EWu1SxRBP$Qr&A3(A2jph-jPBy9tc34g_r7gV>k>Ia%-_Bq z3EN&{SJCZp9bKE=wPsmjyd2|HhrJ=i3(Z4+EhM~m&%NW$^mv3 z{MhYQO$s3eQ{U5_BAc}uBb1FqYfKFV$|r~LEEJA~*ahmHQZ|*-x?K=poaPp-8zU9p zl~d)zP{6rysLj;7Ng0BPB~u*sa6cueaejV>N^Vz1eWtR_KMoN!&=Dd=NEB{~mZQ_L z=F}HX55{|gQ_z@|oKe$^*PlV<1yncjav40W3M27!j=Eu8BWz2=)1k)9V``-TT1b+> zC+d^%?vwyXGf1xQ$n^#3RFqKAdBJKE^vIDpaBTfTux>P@xaV+hpn}%-%+X2{2LBJX zCP^aUl=GQk-8I*($aD#~KixG}>VOI0G&T*!(BiVE~G)3Opkh`pV7~%ev zG8ExiS`9IqTce&J8&VmksGtS$;P(zSmvUHf9%!4C%r_(+D1`vAZB3JQwB z)q)pW9NgJ_`mro>%&=ghmd zbJjK^Jw=>GOSc0Rh+7(Oozj`n3cmd8*UKdA7tErNJoeQ{4C0tF1;XNNm4(X{78mUR zTSSoDQi9((7U;}8K*aMK+#$PAr^*9jf{Z8b!*I(6jmYPl-5DLY&N3;%wqQK739la7&UX^qr7``}?4zTd;T} ztB&iN+d;BLNVt$OP+>wYaXDwYJ--s+D+NZXG(3ki!Yl;1k+^)2vLqnH)=kjml2-wN zCq>0aOBO7_Ir>b{ATKs-J3}FG3%m<)%GLq*xf%HeygCk1Vtn-E@{E@nqyG66dYC3JWHK!@i+*Fp>=L8y6D0$=j|= zk?4V8v!g>NpGUi+^Ra3mAc?`%7+@?=3+kz~b@jh`VRafaPyu6q$RgMe|HjY5X7=C> zEO?a$E}Nbx2t|jq`)pUN4??bFN-`vrJS>erf5|h!FxNR6!^c=Wm2x z)8f-J3%1yCG@pfOf7Zf4(CM<&7Vg|og30m=AdpyKV>POc%Re0loev~ugv`v4(Lo-a zb>FM*)5r!@!u;!?zk>z{W)+oj$wdL5Fu*lbGewI1@=h@+(@ZfuJd)VYaPHsH4CC>c zL87EQq<1%)gR@D!SldHa6+j%nfGuxVFGl`U#GI&^@tr7}LN9tc0`#IKA9fScg><+F zn`>5*NRB)2$~HBmuVm$2Ls0 z#Hd{s8Es5Em?(N3LJEHIE;4tJ*yD{_X}b|*K%1bTHCW9+Fb~hJ&BX2GJq(`M<|rEs zWhhFYGCzq>;%8lfGE>Wyp8t?FsG-fUT#(huM4dw>h=z93s9rRLuG5)^aJejge!>Qu zkGu(th$J2tG@)@yZYsZ)_hvf(c!SUOfKAto9+`GlglpSvnXb~W>oIW+l_&6Ig^&l2 zRYC+SR$*6U0c&wnpdMA$5+~vvW2~wCjFZedEo`DxbwT->=!;oD?D&;$M9`r}V$Knh z93Z@2xl%KZp7ya9f_ZO)P>GQij2c4Up$;c(l+LOtkmr~yR+b|kcS~AY39vqtn84K2 zU7{ieKeJY6pAL|4eCEG6BOkYN4x*4F7R%#RYK5&cQxD>Jmcq|GXo^#UKSZb%HYc9d zJ9Kqg=#tAzob6c*VlkuxW+oq;ipKD#d>8)WT|)0D08s3 zI5o3>g}?8M%Y0Y^u0ZJ9@gHccIeNgrAEBTr0yrZTS&qAej1Wa5kwIZ3Kw2328vv#Y zuHq7umK!R=;|G|=Yv!!9xHEUrwnF+Q&NOPuz&%+%l8Alzo zE8+p`qJ(tFBw&CsU6>k=!@wcK;*inlijV`~9}KT{z?v9^8Jfugzsb&INKBDNOEq4u)3w?5mau=YL+PsxwLFU>T4f=X;}xBr#QWam&Y@t(QFw! zxZN)+vp}GO*nPP5wF?5S`UnlKea^q1Fp|vD?FMO3)^A@j9OIB!QU{RyZ64x>CS8We zOC^HHeEpz67vSG^))w06K^NH}2Yds*rCWR1v1>@OTo-~-ZHk_G_T;zHF9 zzFn9ec>$%C8e*%uZ9xbS14SVdac&_Sk>BM?AS| zRXi3T+`tsZm--Hhz+Ml|TU82Nwi2D2D)pOmDx`N!60DF75N+eF!*Z4Q(;h@!*|i!C zp_r@+G?>6k;j}w>3uiuP)Q|(RM{jafnsyNi2Ip%T7ojbHkTC}iKg*W3mL5HNL{H}f z+@1C0Pmp0(XxKZLr4XW_cLw#IE51ax;n(Hn6e-PtMJiMP$ar#1H*}gmFX$wRSp2iu z>~h+9@BsYHKUy14P9OBgy$26}*Y2GU*Dm`1Er9`#9RKZJFZIgC-YuSUpRNlO=eSaZ zA#hYU%~8yT&mPV`QxuvSkJn6@HoXhvXatKU8khkbss1O*rNOmht%CeL&jo!lq0`R1 zPeOzE4ee+1$B8ZCSMvtpJ5mZ}7LWL3iah1rq!=E{fiHJHc?FLgo0E)0<9%740iDYY z7q|&3f&`gBHC54Y@}jAkC?$%q3>@ZO@`R#5@ORik$ik$xtmM3r(__r44fzlrz+$|F za1;A7qF=@+nUJV001=f2(kt|{W5_HiT>6Km%LUmp6iCdo#f7I!fCl-v2fNLNMcuc= zbHKwb=S>S*eu=!%4{k9TLExPAs6poU%4pioXrQK++0P%jiY5|@)(jPprV^){~!TYwCOK_MP zilA(e7%QhJBeBy&YN%Ox@Z4PJxaV`Yg$;#aEmH7tBL4^M#$n(nV437AH-*c zPU4FNY}`rXvVO6?(KRAP&xIfnUqX^`{O*jAac{wiW6*sJ`b(r_l;5J?OyymIg_ zy*NN6&ms#G#l-@pcD7Y#&+_DQV+N$=C34u5Di{zF?FxwB zq`Zpg`#GPwo=X9!oyO6|`IupevHNhDFV^t1bJYP7u4V)tMU^7Pc)A(fsWwG_2Rox$ z&pMF{tWmt#K=y*Z9t?TGZ!)`yT#v}@=Ap$ zMljGRn28q>5OoLaO4$NhWQ&92M6!p)0dKt`=qRzpx{}4u>f*q1y5wJo{_3vAAz2P_ z;?oF&Z2jF1Y}Nx>v{~06&#qg5U!buLg@~k+)P8I!Z{tO|Vmdh;Mt*doshD~_*F8PM zWen?2ot4N0bt{I=BkybG=iLzsbT`L*lup~}B4lEfu*Ep(TlAW(iQh^Dw`rzWkt1xL zu0bT1QwICGi!4TPl%>yn6KQ3^YF7}JGefY)Q<##7rY7#!NNR-`4b)6%B3?ND0nZJ2 z@y9>%Hf$`yo&dY?x{%H)Wg)PKsB!V#DaVciknY$N3c}2Q?K6 z0(K`e#9Sh<2(cjVv=W>u-mx!Z4|2&6jD&7v{*qugcHMaVZR3xBl#S)!Kf|y}$a(j; z3bHFh+F>%*o3Fmggu{G9q#^pnW1Q+b!1`sBE8|bE-eSh(Sz?8#WyZVn!KnCp70%?p zlZ;RDk^?GAR~t+n!_oX*2eIKO!Z)%tsw zl&Hn`Qxa&V$12lfft)_&yg?_)F(MSqejhQNRhTK+8u9Pj5yRHIGC@5L$-lBP64PS8Ffk ztg@t!jg@XpRQFZ@0|#3NW{;fHF|+__utwjd58vXU>=JFwurM}BHp@yE>xJ{=t?U`+ z71F$|jqw7#fDa5uBUpHqoNaq07Z|Sc9NN|C6BZ2>V4hrBAyHdt8(B8U8x+At$Fh5q z?!lNXBXH5^B@N;z)_*AP3}h z?brd?kmGatodkXxwc2it+N&~=ok|`EZjrZ6cLh~dAy3=xzhND=caFAqf=E>Oq!2@sL1IBl=0c~L_zRyK ziRYSC5vk3E($2~9bvp)!tH*nc$o*{YHCCsP%-8@71>je_oU0hwXu_NCO&xbQ)ep|8< z68qNIy5<2O7D>`^Xu0Z#6 zIz1o1?VjTRZl2;lvbQUZ;Om!{NJWCfT1W@+v-ASjk9}NPhboip4fKg1%UT!{8>3T ztOv}k$ECdqTYH1q)dVqF{t4V0XvzO@2F#tnQvrID)5e#y%lpcqLf92NBB;oqdxHeb zLEdA9x+)6su(7{XBf>IA{`)@i$s@Rw{^cZN!!65^QM(PiFkt}+MUv(TCt3TlL3MrQ zs8YNIBQ`JQ4*P;NUdjW;Y+06wWDz)k5w6r*WK$LL5J1~)nST{xkY5Wbf(4f7&s+=C z_u)!(;T0fi3pkkIwjy0HVPcD^2|=NdZozqH*OC{Mh!k5tzeEALY|(Hh=lFcZ@6V8_ zG3%fbt--u=6Img!5^BV2(hzI%gODtoJ3sDkuC}|?65*rAzB}XG!$Od*K z*vvHcFf1qz%q7s!02*DGA&4{R;+dH@+x}!MjL+ozjM*!9;A?mut%F=hg#ZTGH<3`2 zhY_<@2|Q9@2}d4sNX;-RDYs@gbaj9vpDfT(0KT)dgw))P;1>P`z~n)+M#rmT3LalH zuor}L;OB$r3oc#K4dhe$Ou8c&>Pd&hA?o^q0nIKigUO`lAZ(GjwA+g9WMHBO`!d^< zi*%K)_}a-Bv3NZsWi|J(x82DaP+1s8BaE_<8ZGw2t<+^f1gS7Q%)64(<5GOza1<`mCxKWCU#JB#?e_;uqSlqfUMa{r94eYM~WE4U|}*=uaTbizh1 z4uu?I%tYtg@Rl&>A!y%U>k*X>w*w~O1WF!q4$Ygg-((<(^Oo~&k!cr()YGle{AC#= zv)oZj^fD-Tne`ffP2xZDZ74hpD<@g}%vF>NgF@O1a1|F5)42k*COBbky2?Pa&y)O% z%d)(+xqYy+w~WNc?|};BwuI$E$phL5>?6v8lxXy@azRg!7PusVUkpt4mIC=hAovg6 z>#2~idWRxfe#8UX3AVA$qXB1km#c;fCAo;`>};uKe_%#8vSvpj(ifKb+8&wnE&W#I z2A4XiW;eWWtCAe)U{rs*ZMk8neBO_TeRzdjA|u3ThR{K#Ti32s#RYXwa4J_-_^=d4 zqLYQ~7hahZVzj(oxgA$o?Jsll+O*q3%e=cgA|){-eG{1|K;%KDt$+%OX2L2LS`%MP zK&tb=#kc5$mM&hEpHd14YF7~Nh6xE9;kD^pgX&a2WFLZ?C3nWtuEb|G6*QVGK%0%m zCToo7ikA^we3|);I5-wbQ=DfUKzRwys9vnD=+aC|AH>O%hWOAR!-J?mTcV-BGAz-G zA)};Og3}q?Z!G_EH2U>uMDJCiT2-qVws?E>n1%dX6=xO2*_WyyFfA^>Rs8B>FAEw6 zkrj&Sh0-dmXNrmX6*3q~J>@gVU%QB$%_25gXeO~aLAO9=rKTu@cWZn~Etj^DQ* z8%>C{U^c#D+REa(m=)SGT35W*tXh(o3xqHJ7DU6*I&I`TZ~p>sdj@wGb4vHlF2=lF zRrDyDXAXG3@$g?BJ`{qXab&>>=17_|$zsDWE=Dx4icNg7Z-=wDS8z0%wa08yIcr=` zPH|VbdV6CVSm+mOGaJ7{DKPq+6fumkD4@3AcBjK$U5mFcOAplLzxe$ED^x^9z*e$K z!ntlFv@_=I7YItZ=|UKmY)z>_i~v^S)>^mLE<=9vhvq}$IY>*%P8X^Hqp3dTJ~13a z=1Fl%qyEarlS)hGAfSJMNo6c{YxKU=RDp-b4+&h&v63;=z5$O%{9E#bjFwGfS3{JF zMyikxyiMcfN*IlmOQAmQ)70%&z2MUXN2;J=d_SZXrulxz|Bg`Ukv}hoJ^6{l@r`&z zg+O8lfjDe6k%P5&mIWFYz<{T>Md=qp!2?hcWT?Np$XLe0484m!Y|;XwEalS5iJhrs zY|9puqTI^8YDtw*+H)A(zb;L$p*6ekf#JP@SUl#Nl(A9xsuJx8AJiCZ)P?^E;ru^g z-NBU2W~cQq3(H%cg9|>ghAE5)XV*%{=|g4TIGS-x&*!0lB%88#moe-bZs*4XCRo!# zAplwr->_!Z4d}Op)K=ghnrVodCOx)IpwAB>qVmT5CQ4!@Jnfwi=5&g58z^j0L>&@N zc0b5dl~d!9U6NBx(^g*S6;mETzeNEsF0|{fa>W^DN76txc6bcZa|I#3szO5tGNFu& zq%mA9q_pw8zD*$}DJ^3=mkU%^FWt`-pZ!Ke25ho2wHc=4)61&qQLRf6?i@>3G9K3N;i&K?r9Eyiv4Qa8M+j={N*!~tyD=}KoRah)opdK+K}(HqJYyL( zA5C!KN!j`)uV{=@!y7cWFbudQjxU9;qcbQ))g;GE~wL^*nLAC(6`ifZUd z>q*DVimUwnXsxyO)#~b#2RxS}N#l>;{$WR%S0b?IhhM*0mAg&+J8=kJQKG}n;slu_ z-_-3iXTE7XL7+Qb4*k5dy@m0Sj=AE4Lx%>VYN_62KWvXM*s$+pyY+K#a7m?Yt9c-5 zbBS@|(H9{_>~?_Y8U_SUP>u>nqI6V`XU@W+vlN5hG`ezeIGK>U7}Iuyw$VpGlNTXgop^ZsJE? zlvQOktV#p$5X-0>foU`I8}#@rxm$1!WVavb&%xvg{pi&Sma`cPk$#&A;Ix{ z0$23o0yjLlMqY=UJe&}3q)km;8q$9paueu%6$?;JV-av81d@Sy94MOa+6jYe;Lh~v z(0E6XQXx2g8c>vlKOG`X$slP-ctyM`hO`?htz!0-Pwb4>n$I;q&q5)W+)tY$vr~j_ zs@Zaij9WHGP>JO2kP&Ja-h5a0=7S%PreC%WAGZIv_U5Zq{{E!XI(&C=`ev0k<|l7g zpR7K?(ihu^2hC_-0PAl-)al+gJ8TDi2y<@?|Evg zV2b8F*a4`0l&jC;J9Hk2sn`H(Ops$2-LcbS9A63v#qEC(q$W5+4F*r__Stwklh}&e zt?OpgQFInng6s3_xNpqBF5-P8s|19!4)%+JQR}9N{QX_OyC@)fTZ!96R zJIzZ`i82)>kKZcfIrYaNc<8ESO`_Ts3(H~!Q!^Wzn zk~`z*(;?)A_@5U-&|sZ5%j|NZO);fsS%s3T6=~72rX|A8TMF5T8ZGL@^`y!UY#c2G zyEfJ1R8#OIltW#0nW{t2wP%`#(bB%r$jKsBBY34CXDMrZhZ1NSX|lin{K3KVeIZ}$ z5(XCyG_hfpUM{HWdZOCj7d0P?7_uIZ?&N(nou+DhoYzk6;wr$YFNjo8aq9fwq1rzm z>;v}m!Rw;s4)=;1)<!!J!gX7bZ8MhpaaE<*luSF})&nL)LfC~fov{3ea`s-uAA?dpu8rgPqR1}FR zrTnm}gttIrm8Rxje$3=0tl(j{{kQe@|Hke5!Iy2^uO%-+oCHQN+ic`2W## za#$_%lnpae?3q@QU9{6-GJ1(FhhxQI7D3+B0K;RZ=7mO{bxysnP1R96=-wBLU&;-%Y}mVT+Ay9gf&en zeP1-p2`&zFFnd@$>gKxbs5@soA;iV=QoRrmtPl2T&c zlf-su1^}s5KIH=jIVqOtPM5}M@B|g1xAu7YTv$z|;wnLv3xT*(WCxE}DsuLcj9RgJ zw-!#zeFOnPrBa9NMuD{4Q#xrCmFG*Mr!7n@663(yd;FPh%Ct*VE_6MX&@}We|gv`^KfWDQOLHCOn!H_KTru?lJf?&JQh<}HzTE~$ zVXd*HVU(Q)^n#HsYUy3MNJp1S$Rc$C*>(x3zWm97@tbcl=TGxEr%CHrytq)cUPFI@ z&z-q>I#JgzIW{xtwPG7-vJItD3!8cE*Mju=N>x486$~n%+s%!hrBO{NZK)>2FT(hX zY8%ePSC{53Kl!4HGHt6+`|L$md2I0zX*1`}fSc+=IHIN#OD>~TYm|JP={YJ` zIoY>)$^Mg&)2-$?M7*+i2{+8vjC*65y9yme9d8r^s55sTVI0ZoM(ln!lus&%Z?VgD z)v}aMr|P}!W{}@}Ju;=({5@W?D78H}1x6Qb^H+PKj?{F8mOUVT3H2Z~wP4bTr`{;j2kmJV~&G=En7FR#(`a+Lo8OWSBRBCCX zsH9%${`WT&ohn((?YqfYj<9ea=4mVik>B2TUux)rn;d7z2U>M1n^u7sBY(;&8$6ZY3<=o;E%kPGB`f!8asV zrjjYcM~o@<$3-l}lOW=qcusdRjehB7PX5*b@ZQ3Y{k(7@{`xLNe1NPx$YyjM3HW|6 zVIorpk}6SStwVE3Ki6jcObggA4<%P;)6aV5fb$^WCqHi%l6xu{EVyFT$K>28hek;9*9_lPhP{X!QND(M zMiDMKnd;Sa`xakXutyaO zAZWS9Sw!#r{4Ma3d3Bx7*o;B6{#b9<%N07LQk~{*y{@W?-B15Ttc(j7u-2qM9|)oJ z@Pc0>j_nb`>ZHIqvk*qUInUG;F`j}7saei+NChe&XRZP!QQeEnWu~)#LO+8jpM;r4 zVDs!7mZm40YND8}_KNt>ozMy5@tqtaY$z7q^L~`L;M7CfKPJ~cX1=M`VFhEuhSBXr zji5-P#TAj`oM}Ch1jQkJRY|w&dsMoz{TsI6Z?dBo-an$+NEl)%*fegQFOc1=!uETc ztwUYXaTfeGMcO7s<|nR8(63r|vN%<%Q%=g@D}s_MyoH1XK@8*FK6OPV{cH$c+Bo~5OApncs-&1d^hX(r}j>N|eCV0&HH3HTES~7nPZ)Rk>YRgnR zllt=^P)>|P^zyS1h!zGn<_9u^@0C=ORlb*j!4Cy?QHH-m#SFUaylbo>TaCo|qxCro z(X>#DLIs$kH9A=!If542MVz7pKHFX{FR}7$wAR_-7f-IS@(zE*r2;JynRw3y0=v$T zL*5-#gmTtZ>IS=)2vV*JM#Q|#WiRW7ani-T!LsZG8y5#asAB;h{S6Q{51VU2l?Ggd zMr+MC>Og7Gk{aVO0I|{+dO&hR_;gcfvDYzp4dYD3zlH;$H#xKtEOC8e0}C2W6;4%I z9I&9WT&uKqT3jhRmZg_uBJW5E4~0Uot0dn5mM5oKMK}XN2pcaawFR?(-%iO4m9vQ# z&&sd@SI{zj9j&c>xe{qhiB;3wC420N`R%L>JHjp2|)ai4KdC_v;P-F<51XV#c&Dg9rk$%HL6gqg(^6* z-DU6k)|aJFg5x@eI<>9l;iHq&Z?BOUY5d_|&)^I8t@JC$8bp0v|4BvNWgIKKzqRobx z*f(S?Xx(USGm%enlE`J}z9mWU{9!mNbcte#(+b75dpj(FA}#TlNn3Oa!hIdMMK(qu z12yCCjbo1pL7~l{z5Y_8t?)(GAxpQk4raO@)S3S&v!u?>vfX2j2>+m} z$+I|BFN7i#yGk(x&O&s>j>3FP(=`KxT@wE!X~aK6<)w-h)}&IBi>7=jw)AP5s;2y! zGf~r>9XeJ-$rFTv|Ap0tf)%8zR7%SmP5{LU7ZVMcD$nhHx5TO)AF;bU9b%wcH>ri4 z;&#BWLWD)=dlwNwQdW=jxWaiV*&6?&bm;Br8#A7C%%gCNB}i zH=xIS3My-XTLaYrA$TZ8P#iJzTucp*u1h>Y{0)S|ln_mBLtg>9H@vp$@qEJv>4C|R z@$Bq{jKzYFc84v~TcV?J@jyH-6G}=}Zys9cDwoarM9WR-(~3w8<&`F0;C2_-Ax6>j zWLkDO452tm0F^QeGW5hQ5&=o@5RRb&v_{FC0S@~`@`Oouz%1!mh_H6IKyeatkSR$7 z9TR#ZN#>s1vaU;XhEMWJ zynE16Sa$VJ_;YP&6 zE`8&jP$DgIBDo^^aC1mV#5!!@3?3fza$`*6yc7(jP1OCB>C1xrHuc~(=6;Xz?m-n+S@AKB0S!8v9)E&}SU*ICTN{wQ`>Q*Cfp!hAtWjQ0Ib z3c2?~Qo%wWL=&nXqm0l|{Iz=htKt+9Er!~?CTsQ>kRRoV+yu79*YJVkXK`|(Vo<7_GG zD=BXCc6jSLjT#kZLtkH6u5B{j>6m zay2q;0}7B*dhk0#Wvpp~@hbKVN2cRJMUaC@m#HK94}uJX`C%PgvAbgxH%giXYeG+s ziJM9c3W!V@K#o{hYH&lEOyweH?HVksg@PZ*4#5+wwn-&JpG_-Pz??HpBf9&D+l4;f zG7@sWxU1n9%6j%_P7id_L^qB_ed|>QlX`$Jiq$t!*NI-{{YL9*g!#Zu(|A9aOldZS z(PoOc`r*lN&|ihnlg!IUr)As9{8D8(;i$~lD6}Pv+9&Y16QYr3XY>MOqnW5%C*M!32R9qTZ`ne^lGIxyJqLHgYXuK0(=rINM*EIJs;510+ZO1i~@z7E!8`v`gogE zX=@2@P0K$(hZoyb2*;-1o6m$4``t#(4jUnr+d@EXYC46*psJod#?p21)PvYr3!tM& zKIq2Mhxj6EMiPKAwAR%k>;YBvoUR_*m}yQNWP@IFEtBe$#333 z2@G7)P=5{dg!&#(LK}UPSqK|UCoj9ZJ7YDsNds^gPaYgx0~$r-SE;^Ll1wDDM4^H-}jp^W2Gu34h-F;xP6C#rxBoGpD6M}5x{je**h7{p1caGOzq3GYYUwh5J8jd9+w}E{KE%N|R4j{Qx zG;BlZmurm|3`GNXUzTzW%P32BdEOn4_zR76%RCg9;Rk<#q7chG=%p7FKI}Z**?X~m zaJ>KO#f$a5A4)IwtAsn;L77?>L(B*OPPM--0{o5VzUrK?pG>;!HGBxj0dibWLDgt6 zqVB(grOn#DK+_uhRzSMQHgrJ1C#xX9LA5vt-RZk|$T1FkIP;xI~GeX+Zb`b!I7*=CSOJWO4=uWy9 zbmIaK#J-@RR5VQ2OHxCH6?~JJaFb0Kg)ZtV4W6`7wTvwHy+y$}jHoT?-l4n@r_Qi) z?E~Y6PP}`W&TC4d$M(Fs1W-Mu_Fgjamu?KR$@u&nJKVsq8wb9C1Ti?LK?L7R0nAAP zgx2}3i0I62%Mi0sx@z*k5j^Xn-uH}&-4rp6Lj&YZC>QLr6Skt{PoH1#V7qe(E>n&u zS6&r#zvWD!Wrw(r%2-ejjwe9aonY9buH?E$^mtMAhFutlUcE4hla^74RELK^s$tuH5-WC_ZEUslrt3S7 zvVp?p$cjo4-ET<9Kp8DwLI4nEOc?w^$*BWwIGB!rVv92l1II7Fb)Th+>-cbOJUNBG zjFu!eaQ1LHxow5jjIz^8tDtUEKn2Z`@rF8ol%13wwb{Mav>seVgFW3HErawTF5uGtu(AR)KEVZUk<4)4Hif>oys#Y=K75n zlx88!!I{akuepCPw=@&5=^oW}1(ZG9w@?#WMbc&Tv%J>WOfNzF#)t+D<4uT}+)D1p zVu>t+S9v>8KetbVx2j`I;1!tiGTzx;W?3e{n{e(f?cONZua3z05l%@u8LPoEo!4+G z7M(6q)V&|H)Um8QWuCJ-LqEc>?y*@^xY=vEZ*!FBCTcHecAV$G+%y3@0#~vEUp$or&Z}5df4J<{d!{Grm zi31(x+iJc{j`7f3R#i8GH;3%gEH=D5S6r;agWsfbo z?7`ndwBs_#B8B(>k%f|;9>aSSfkyM2(Oq+13(+s-)Ai93`mb%^H~-oOV8wbNuWexq zDmabI&;lS_8ZG8MF4!P!Dg7gukQ2`V}@7N{*L??O^9`Z1asS$M(; ze7FtuiQl}D;7b|>+=D(i)d%`3zq0RMo5)rAG>{(s8dUVbZdBj=lo0XS@}Q*eNR`Dm zHgoX*U1b6EZt@%|fe@+tbYQf{zACWP=9+wyy;VbG>FsEYZ7t*y$I|ac<871d0uWDj z>u4mwzu%EcbX0&^spc6Rtnq@p-jN4l*$XOUhboE%P4tISiT91s=b---dY{)&J_T9I-t6J#Wu(g< zaW>f@0rwcCXzoG^WOa0ecVSDioqlC|5D&tp<4cj=Dug_|D{mz{OcxS==G!Jdu$_Vj zadY60NUuC2qnp2Ok`yVjWrb4aQ{zfb>7Y;eDA8WnLIl6vk|p1|&?gLU2udiuQi}BU zSdu_Vdb81mP>b75Qzj|hu!C}#NfuE047waEu{m36_d+~~u zD|ID|r-KpQZU*6#YmzmONlX`%LZEa={4pOUVBGeI(y?t+PC$Fm$F0mgI#LJKc_OpP zsx5g=e>4aZ!3F*z^<+rUb*>ibs;w=OL0d*-*_F%$}!K>siV1c7q z7l+=K8AeU^5KY{R?x=gJc;H=8^ad`qAT@O4(j3EQEEV*umjP7UDK`v5;e*&-{7`n2 zLj{+lUeRdj@I}AN#tNcmF;Yp}gJkRD$>V2GxOEy(<%*L}s1HCTm9pAk zGJwKLbP0XxqM#W6fdBIRhm!IVT5kBJ%F&ROsQm6!gR}NWjL88D0xO(GcP4HJT2{ zg6I+9>R@v63^Y{*t*~APS8(O5J2gSr*Up7wUAxLFb1(s~vcRwNiXcJqA(bptJqlgA zb|A6m%K3~@SQ?&ej_Ie4Z~dSTA}L~+F#*s;^VoiF zyxx~T`>2aZ;~#Zmy)#zZf!Rv_z8FIp4`sXj@%C>M`3Ypm&$CncaWXycy@S4*e;hyE z+27xOevHcOlzCw$r!*-0O)=1ZOqm362lgi2`?&0I=fj&>3^m8IvDdKCZ?PLB>Z!F7 z{tlDlO-bc!{KE0bEbgtGOuZb(rkj{zO>2H5JZ-K{b3>dJfd(fJBrD;EO7(%+90kYj z8yL(wYKf53G{!wK<-uGi9v4DZC9_BLXpZfK1~7-%TmZN?`eCU)qZ1G@AScLj7h+0q~@rL{m+h+oz#f#o5< z9b9@W^`qA(Zm;1K-EP74h509>vt&5gUi;ujqn^l}IC5Ie$p!iZx2R|yK)wl7JyCM- z@Xb81_?kp=12}AECz{C?Ql*F5+0?Z>SoZ9!OVvF$s%b%x-04n5hf9KWS#?~=hpkA!M+!Wdp!xy3>I9uF=Z9Oz% zLYQ#k)FZ+$j$|}%KbD^)m+%RWJ>*rgh2Xo?Im0fy$7Us*Cju;J!5 z+>j4;_I^0t-`ZW@TgR_>TC(;DD2Wn-3sKZpKz1Y-y+LIWMUCNf{VhV3u4V&?IH#PT zel2=+3V+@X^w^EUT)Mf4C&LEa5y(}#jb+IIlF$T0Fqhp~rvcYZZ9(=;QEDHTSVl_- z&}E#0QwPXRzbGA={L5R4>>FxpL*df!g-l&gd#u5EY- z281APfuPBEAtt`cx20^6&>Cdq#x_t!$Px#w4A{7Ogw++vty9?cpb<$HtAw6HsLxS+!a=0Kl{N^hj4ZCx z5f--}>kJhTz%4*|cTNu@YCX=O+evx}&7D}0JB!?{AfVc?xO<^^jl)o?tyWK`_6Ces zYbnt^fBYT}&-{gH_$}1ABcxiW_^Nm3lWSG zY_5fg56t32zNhCNddyWrda&s^by0d74FN$_Nlhg6<{IC+55HhN_hM5#LxOcj8ph7| zNB9^EBU>OmxW<=7tvNZl%Ai?bY%2~IFl7E@@+QL*@G-fNJW;{A6>lYBbW!l&{=o+U zE=3QfSTUYrw8El8QGsKoCLH46zls?H6AO9m^0h9mP8C*!PWhs=26(3Uv<30)@A~1L z_qa@Be~FZ&*tLs|w-6F^t2m&s?ZblTb!uFLO=5b*l3FjfeO)8nf?tKSHXagfN8y zz*&xZ4vGZsxC*;3MM?3oUB;z-RwK3Zz9zWp8SQHO=c``h1d zzdX2KY>mfAdGn&``LkEM*u&v&j?9pH(bn+`Uo@bxW)WRz4d`?oW+K}oxPoo(Pz@_- z@3yG7Yc=-t44~>Rq0h^jN=Gf< z8>o^YYxZY^bw2M-XNoVL#J}?Y!Kb)5zD3hLlxD9G%eQUgDg~Bk$!ve`%EgoLKV5(I z{NVVzz4ezH&yLrhZ?EqQo)U(Zb}8fSoCs*(p4C^DZFLvnr6s+w2uv@*cA&7s#l`X$ zroBIfS_4upw0j1oX}j4xq&Eac6dk#wBT!ev<7x&3D-U4IfnmiyrMIqJvUr%7^nMeT zZ-JeDS&G`Uc)&!4TIpYWl2w*cnBANV@j(G$*O>4)*}ynK`WN`m2~!}g49k$(N4arY znhLb@E!5~x7H?#1M&Xw=EdwJ6l@PE{#k>N0VeE;RZ)*{R9wo2C)d^x zZti+c-sn9h;F|TBe3-J_uBp$RBuIHBOBT3Zb1F{wC{h45v^N%NH!uW==H;TDc*ad* zJsRR5SAFmwLlut_*+1a|%YBegtf_^=Yj*9Y94=f}v#rtlRx`xtiTA|ot-XEZk^nc$ z0L^!u7>{L>nRkq`L*wgq7fe}y`|;HXw^JC<)c%FN28qVo-zPt>rDlmX^qz>G++G#)lToLxhc z=*df_lI;hZqt%3F>BE!;F4*IZfumMK*J7M3|B1bjaJ3}B!-v_NpACi9oK9zb@B3FT zwq6FWpHgO$Bu><}E5`%TAzeodFwOHj*scuOW5mtDGvi&#X*q>d}dEphi5;2IrTprALn*ZS5Q^ZNks%yo+?4eHi_qTcndi>l%><@kGJe_R7VN$Y~Tj;1`bJW*=J;;;4aYPAXAn9 zQpiVTccj8oy}}nBx`>0$kh}>S5%O~|q8HlkLi39pbc55v^LTkr685>GsnAxXJ3kb} z6kFXw8>&NLp@k&U(%B#(rj|#kYVtjEQIX3znvUel?a`1FUP_B4FCm1b&XQH%Ge97s zt*Qmoy@T!rAe`Z`72u|IDAkb<(2)ZIPqjB z^{@;7oRF<7JE}nvluB?wCn?BQ$YIi@&0a##BWZ91{OZZgVBA2;^F9rIFi|IOZh5L3 ztns`}4)9HTsmF!7>&n3i|2E3c;thw~DWcs7l0nAC4{(U7+}gL!jK|8iRAa!g7v+}n zt~kgU_6nFkNCEj1PbuyK*%wnr52H^*3T-^F3=t2W$>(cI#68F+j8nIuQ&pIJBl!aq zSafq29&dB_Z5X_U`UbCT6Gz}1>3l@A?v*u6^sd`8{w%jo{6R_+P6i?|y?A(J4wA~~ zIvq1mLwxXcqVPY|px=0)`k6zO^`9%l!5K;rz+vg%loM0Y_ z?(c>dJ>>R8hH)oXp`{JO!an}G=!#2@ed0t@v}w$9T9;BRwbtQaA1IALeDCH=-L9Fg zLhu>dYTe+49!FAX9ZMQil4=>%lgX7X+Um2pEnv~qZwNR%8=^$%tI7FybgzQxq9w&a zIu9O9pyyswfgYDUi&`Ke^jMI!R@GY0@XB+^&$`SoP)jkcyJvC>>f)xiq8h&v3%w*d ztAr%s`gpg#ArQ>zmbd`9k4CtQ4BsQ;1G!(o;;kk@wCQSa_v(_#H9hL!lKF68GTzTS zGJQw0p~on#h!uu57Q)FfhNEU9SRmm+@7DE~b0vl-Yc%dxLiwe(sVqAyc z8-_U)N^HVS<^N~zZP((uuB_4jTt$hNyGo7>Eldgi`4M@9_gV^|^3C<@P2@$S&R*T&gDT$F zTTC|jKYZ~3JFJiPy6~#SegYLR;_EM!OZ_m?QGCC;{bJ+AH}!-JX~DTHTgo0_^Y6g5 z7IL#zr?n#`3&m;}Lsqvopo3e$e{$5n9#c|-fG^eZLx=iDui>fr__OPW%asTA9TrLU z<+ir;&Vt-N>6{Htt^f;5v=beyZ$9JLJA*+IT@l@H*?Z{B?#H(L_P5Lb#Oe1neG*;r zV@$PE>#2i3LKeXBO+qldwuZaT8z3U(%4m1amYKwLO=e`A7C~huF~4ha+3r33y9Zwg zkQ&DACh#D8YL`+=6w{e^9TWsyEO=C;%O4(FOvqxe0z}3js0awLdPDd@PVdl_@ziYR ziX&Vksqnys;Z?DhyuY({31Kj%9RLPvqz$lrAl(*}K}b3VwQA*F-^PG}Bm8lPUqw(< z3Nr!?fPCINVBw1Og9C7z$XPUAL3Ic!#f29eXLEV|n!ZWzHH)q5*OX!_b7<^5ZNA%M z-)odGK@}9Qx}||Xx=)-f4Rh^ECqc|-m1~gH1|oqmfZS1F!*S6)IVeogn`mK0rdU!U zeME%`+KV+!egmN}X?K9Q3oZQCk1CiGowFx1v2VHg11EV2+~57&TrS>R`ouXu`@YHA zXxKgmkQKmgBzLPxSHOD-C=we1+&(D+I*L)&23d-QRj50{(ZW##Vk>i(fD)i>%n!8> zyPdw9-j%xQll!*PZr-+%dkmmhA^#2zIaK^J317Gn(#N33eK|js!u`ZZNKwtpbck(hc1w5)fX6EGuhrL1p0MlYt{Qq{pjuShT%I zmIPOkFqhY4hgHIu4(PVAtP#gKd<)|M)o`~Cr421d(n-Zg^3e3HgELIgTV;{<&8&fY z#p*O9qYx8dX}xyTp{EO{X^JdI5Q&JRcmnr3iAPOu=uZsF%=IEy+E~8Dek}Kqb`Ynx z{D=O}rV8UE;a_^K)&+aZ^)NIMO2e?e8aopjMIjC;8*4=t8?`G`T8WimdPOHLPsGI} z9eHSHz&g^O1|#p8Llp9@L*fV>oifs;uKJJt$3ZXYInY5+QHD7hW-xA!&N&km?~Cq) z=V29Q%pB#(8@%iJWYZi3PtK?)c^T-od*#i&rJ3M;_;~{QR!>l2cjct0~d1!Tb zy`VfIQ*GbF+>3Z$KK>C|1|i-dFdAA6NV{-(faK*F{)+h~&OIhBe=zas>{$zgICunc z5N<_@u-bm0pWsR!b-sZ#y#k02GFaU$oHciWWXK#!^0$p^e!+Sp%2Q1}0c4Wv3!KMe z(IoZcgcyv~IW3F5?w3nn{%+|3_dRzF{QcO-OacYJGAti&o9Z12q2@1vQ@M>-qfrN9 zuLMmno~%}Zq~omKVSWLzty{=T3l0ADB`7O&``CBRo>L;)gZ1|<5WdeoO+`*xoBx3q znYHF;F(YVA$_b?oT5+A!X?8`x#KQJ6m2~YM(I4m{?C3xfengHZvs#ThS)nO!$y`#B zQ!{jWCk6+pLvru>P=o8Btq^lp@~KISVpn_6+Y8h8ug(bel&4~dyLj~d;h2gL;<7|m z0+;e&tSh*Hzy)9wG^PW7aC!IH4)tWTJAqMK>g@7H=*VzJaFwI@i3>q}+75nkg~Z$I zGo}Utp<;i}4=?%~7kx;^{pVoA@esu{AviFlKmd?|qU(%|B2nj%&0@ArI|pLPMuqdT zDNb=UEh7*%6riPy5Dh}UXM;e3F{vnd-g!LTzGRbTY6u9El$+DV<2l~7kHM+A7Er%8 zsQIiNNd|usIk0n989zPb>62+Mo_C#@-Xlc-HaL(o5a+=ycx7yJEk4{xh%w>$g1eJe zh6R&^im?hf5gc-zz9?&zR^?Z&1X_QT$j;15wPhOAPjY#5Re*f~>WL*y{4Lq5$>a3y_cONsjA)xb-0whdGOK&` zj~&ynzj)0+u#`{XF%3xldUOmWIoK$I5$Dp2sbg+2*t?Y+9vI7vDA;CzAbud)!z#LRv;C0L4T&$dBB9h z<~I0JGpGbS27IOz0H%{}AWMq^s@=lOG!uA>We4ZUKJ(rb(65e(#WIa&fl35 z;J_6ActAD&fzFb|T-~Xud#RIU}pX(oEcA(QZKEaEBt97SH0d7=< z5q&d4Y5|7+kUg?kA?mTv!$Szk#ZZ=7@xA&k6PC<1LP=GemEsNOLOO3omgR{Ta)`=7 zq%J488A)SV-omt7t&B|=9H!6aF1Ms*p8#&Ai@)ZW%Dk1jl5-D3~7FoJFJe@4T zMgq15JKfq0MnG#N<}>S=p$vRc`$h&c`>_&Io35`HWd>y}}S)1rWfqKifdtB1#1(YmD8{Xnw9 zU$UUw@B6O@-`=tu2N#_}!yauj$6T12=#<{~T6QocDqUZnAVZ-{nhv-~LCUUfTB19q zRQqa0lB7VS75Kk1J$|nN_)T^o_!~L+#p1Ec^Aq~AqFb7?eE4MT1B=-tLS`li<}Vn| zIjOQYF|N<_N`6$Wd`H@%ba6tMhJU{W&lqQG;}mIActe}pcK^*~*8`u@zu`VNtFKf* zgPJvD6qHyGR?v%{GA?myNly?!crif4Dv+GNG|Tf3O`!4vp~ImDi3_G?i%y{L#5hxn zt7^`*H@;H|eNIs}@Gli>PfaN~EyE#T0ssilzz_afS}`1*0+fRvY|p#SlGFZEb(Bxviekp_G>N*vUSGI-KdF^>$ z;#9Mx!{<%ymRm>Sei{QvRuEDNoj;-hBvfa}>@t@dSx!tO98O6CA=HLWk^<2bT9wTY zv?IM5drG5dSp^T|b9uVD@hn|skP9axVH*Psoge-b2CaB%^=YyXS^)r4!^CWx{mzVN zMZayMG58U3g4UCP_O{a~Z0~Uf>PLIibfZM5!&cpsyyyljs0?t&X^_Dbk>vqeh$8Nu zmM{=t*|t2o{-48mV;7RLp?77rFlNVr9c>Bb1*CbLpo}JLVCBPX{ep6!&NBO+%F0K* z7;rkYVF>RX`n|v`{Tc!hluy0erT90+=t%jSZWa10KEsrweRo5(@W3Zr$QWzNDMi=e z1F_=wm1ULd2W8{V=o$U!TM1 zFocs#2f3_S{SzBQh?o`vsa!lTNz|{J^Nn4;0WL99L4v6}(=>MrZd$c(>A5x6x8T1K z@LT)ZAI>v2m4mgf^=O`NhmcHBkxaf7)2ljvZJLr=@A~Kj_ncMl#s_@fX}4C<|Qe6=srhY1`A>){l%v4;Ns z@Zie_zpwNMcvfFU)AV@*G$k#3rIUC%#|}hOExqoO^y207uh+LR&j&w!ftBOG6O9vC zVz29;7pzSE1|+YjZ@>NSd91z_j+n9CUN%C;<GMtb9FseE@VlhVB1f7jS6gXnGqjo^Bp|v;Jazd-WM9o<9dxKx<<@P$ZOJ z5WRpuuuFri3f6%Rf#I2LY3EEPWGZrq5)444#o#Icg%TiNU|OdyoVBNi}&NQDsh%PNqeyB)dg!e$U8JIud+X*LFxJsA$-5_ zVr}#Low!8@U%%XVwgwL*V6C2Go8)y+AP^kWAC_S8|1HiQ-ZG{vysiCj<+0Fx{K)#h zz4;gPaA5bIt0-R{BtAbL1CP!?Y?k-fkgBkHX2I;CoPYGAJcMxgj0E6bP5>$@6{NR( zqL4+S$SYtwf%XB?+z+_(FD+7ONot*KnzDtNLTqU<7#Lh%eF+w2(GwWZ=L9|z@Hv52 z2=LRvJ%arnwJX5A^^yD8+y>bB;=eAuhI`A8;3RA|qVX-W;k!>Z8+JZ58@n6bmigG* zPc|d#eritQL|SIVcb{xN?0jlAHO{4FUTW1rV%%VHs+07TzviU#8s*odZF2E_HmD5% zR&dfqhp9kzTm#K9CM4OITK1R3_o!(#W`d#{4=~iT{_Bo5b7oJ1>fSBa>oX?x# zDQ37dHDa9&YuUP5GwM(o=)$`QoBc?hUCmpxdJNART;dbd*B-s&H&C+i0kWp2irN$m zmcUZ}u+n&=8HZD!!K2P5?`@;ZW72Q+N(bxLut04u-WSYe0T~FS2=wKvg`?ON9Jo9| z;1=-#3Dl%{172odt{4OUWlMj|r(*DO4&N?p48}m}eI#b1M*)QH8#=SX@_#Zg6ncWx zOO&j}lBTq2+)+noKzi+4_%pT~Ubk0p1;I>!WtXof<7F^V%h>+kFMkPc`N6+@`7ggY zJDDu|b_HLJDINTN>96p z{c?Y$pGgqkR0=UFLHTlBr23%k1 z=t}j@1g6jq)KyosB(&g8WQlU-4QmVDO*oPj>^tD!^CrM?N}8rN{1^T^NUQ;)G3d?3 z;A$Da@aM0F$B(}J@{fP~V{ylg6RgNBbF5zoqx{HsV9M9mHcZjjbO_2GP4W?jXUn$; zGH#}Z^Y6;ka_Sm@73dWG*>|Qn0a<{ghyNq*7hLT9=en+eK~g{@EEleSJUzB1W|?TMoD6iN3curVoj{xP6z(GZ@*aj zlEl@1{Gxd~iY8x1<(*1*vl$Dm=hNaudbjf zZib09i8Er!lpl=RQvL>7gDV2w6r@$65G-#<%-%Zb5S1HeJtc~l_}QiNc`#bz65fwd zoR8jDxPvUDLBbpV=xr6aO8F<~F+3rRQJCJp?9YXQ9M5 z!AQfTRLv1&Wn@ISuC*)DIrU^qmJN32$04+9EWBvMv@R26_Bo~Q)ugZ!55LP9PJxLa zsv0db45ZCFKjhR#2q8KhjZlIUbQ44dek2O3Y0SA9-^o=vm73)g4`)s>j>uH&n5l$i zZcFqCOiYX727>H|M?>Z&F|sx3{Lt^mUi<)eo`y`IkPWUeyhT8_@6$_Q()dvOxT1P*Wd4J zeN798Z{Dn_ct+QC2_cZj9RmAw=^I~DFOs|*QfL(`bm14}=q(9MzoaLB&y0?)UVYh7xq%UxVP-osF9I|BN@Xn)dXx6^A@571$Cq6Y@~db8jw_;In3iN%==8_ zVEw5@ewSDlI%8l^V9i_@zPa0=!!^p@Fi2ZVjsrpryE`ak^B{a5BvkXl?`&CoN54EG z1}$!S^+pP(SFWCeIM}Mq8*RFa0tcBJPTFwt_45?Zfwew&!tg(6%)z|~moO3;`nEVF z*sK!YM@LimNoDi{1P0O3>U{&x3pWC_3hT++3WzD`e5;2j>50_Yz&aO&3HQ)%28?!= zDQJ2wW)O4JIoK?ye8E>T1McJFu9-!f3FRx2m!(N}yU+?fnzF!aP5u zjFmA+uLg^_`PJP*$cNYMQ;h<2Tx+n3i;rILH|PWZF|0A&aLd^$r`}|Fp2~YKJYIo{ zXSC57)6Q~NSPKgwfE1G@#f^k)m`b7p_}Q_!2pCw8Gt2}C*r|YNDnwXF;?gC-NEg@V zuLtAJ6Kx$>Ryf>4%z%w2rhw@f1XiyfkWW24QDvTLH=0T-ClDFAG+$`K0!kGq9;1t7 zR`r=7Y(jGyAlqAVCI1Cif7aAKd@A$r%PbVpavd`sH+Q+(Q3*Y4O~&61M|S*3i&f7# z@I|S~QE~2%TH@eCR4~EFA;JBWwq{d&#D{8Lh=FGHzB)d=<|PG)O7XFiV63Kw1OHXLPscQ((dc7!II~^x_if9`F!ZcI`b6i1Ah-2cWVI8cvF}Fd2>-PjdKwE z;W2|vJ$i@WPm94#m|^vj>TWTXu2*3jCO&*FVPOj!@O z&z5q2nyxqq7@g>KH*mO97Db%& z*Flz<@U?RnKo9*jbf-5U6v`n#H#&NMY``ywb(pR@t}=5%En6C72{@Ra5K{%>lafmC zpO%1y3MUqeAVXgEqa__c_X?jBfN~}9PEg_ZbMY>mC-vdIMQk7TH}zuMY1hW6Co@kZ zY~dpe#;3^O%>`DzEzyW3>xspn`h7bbT~DwUyFK{QkZth>PF$}KVXMZXD54B6JV_-I zLZz>X9q=ts0R9%kr6dqYV+0!&>caA|t-x2B+7U`Vsx4)1vV1#uXOqbhv4 zALYIbmHtahldrLc*)2F?Q{L-(hqsqRv$+qi23ettte4o?h8EpQ_RH@5$rh-UTd zjDn0kvQOHjqNl3u2hPpS#_9LlJ`_vQXwgoa{?WxL(Fc=~p28G~fo52+8`vR$tOXk} zb!r5b8{!13Wj1W^PKeBDvP};sN6bTxv@`FBhE?B+t;OE6PzC7QAucr+_FO z7|#}Tmbjnj6@hh@Du1#&dWOhNe~crO){q6rnNyz{Hg5+mge;qXMw}_y;J=#@*s|r9 zsHcuw<9i==FMiihg4uhFL*weFuRqndVEG~?CE8({%=f9~_8-&BAx$@W_K^rR)X&lv zx*uJNXZ<+pJ2qsiTK1AOLgkUvn#KN5zux%?CV%F4# z7^VrymhJnGhZDGr(7pX@_}Cx4fy+wKopz5%1Sf27f(%v;xpB9Ve49kQfDh-sKxzl$ zEAMp;NyvJs5lC>r0Wd4tLBko_WAM~Gl##?z6!=JBM(OO%d#t$*maVYdb~xh5eaY3` z|Ao7${0Bcy5MPkD8(`m(G6d%)B+ILi8CJuxy{;o*e9o(S2hk#4#mHVXAW}^}<)K(- zCXrnD;pK&U@j|EO!&1s$>ZrC43nb!cc>1O`$OQm!vG&A7!IYco)cDK5O$2H0nS!yQ zdCiF&8Sw(FgSHtdBMQ}NIgBZwu=5U)Ia%nHmu5-9+yNZ9yCB}bVY&$39b8=-9?E{y zfx$@l)e&O4AiVshTU1;Hf^dE`={@aRPdUtr3>PWbB#F#rkrf7oSclx7JfeCQu0ag1 z#){QxOB9dhUfPmfn@0aWLvYS$x+3w+mv*9aF!arRrI2`+-BpjjXV1X; z`tIv@q2PwKVSLQs4J^QqKASw|Bpzc()0#aEzHDU$wNMT(!8T(_a8lPlShS$N=yZ_^ zi1K%jyaCTMVNTlO#G#IaUfTBx{0oZrLhsE)@?vEuUy`lxt)od6#;nPm`T)B~O7$a6 zvU*b(LJS}zI~coB+axmM&XfoS5=3DW(Z+EUVuGaU)p&MCol8rKU`;5Pczyf4jv6Pe1SAPcw| zhJ6`T6e*bYo()%VPxt&1WH=>1KyG00lSA=x0mSNZ3qse`jqwfGZQ(huz*p&iuM2qd zIw*jlBXiWuGQ6Wwmhz)xsyQb?ultw(iqIEp zqu8`pvz&f8#naWBd&c`sj^WrG*7@%G=^Qhxy4e^VRSJr5*TNrs}b`ulCsO zD@*e2XT#mor49i$&fKo$r|?Q{t_Iy!SzA@2dBv>eZ%uA&s3F}hAi9thmA7vb3!VCd z8brBh{3t=@gTCBB^lfhxj3C`Iflk(Ib(kVozo#i z^_fDfrR4;C$<0`*Xrh!}-e=7w*WrnpKFd(Hfd|n8DfJ zb8OvrOn)>1!Rjd-ffWKTa6!zkqZ}DV5}Ss7(K9`jB}(#NPRv`uHCRnLve++5b(H>z z2jd$0BeMSAs#+K%u&>Mpf#`}r>G-!mzx}srW3$dPfYrWdxgxb2&Fd2Ol~>{ z2UjD11fJnbvIgEahpj9G`iSGoN{Yr_et0#*N#TXhEeaMID!tr^=uFwL(j(>};VrGN z1QE0pW7D9NXjR^n5eQaxF)LdNJ2%u~sMD1)Zu)jG?q6Jw7i{G06lZ3}9hBAH+T1}B zsBbr)uiwl4HYssh&fN7l@pfgU(BV`ZkD~>0QOW*n`k#2ZvNDJLnU$eh%)~Fj^6`Qb zg-B}#ru?wud2XoBg0<3IpOVKyG@UHaNw2<7s_aWXv9d=nHiruqm8=>Oor7DVPf+K{ zvyIL*(!RoK1FNs?`Pt2VW<`*59~rU*OcI|QdcuWD_shohF9Y6a|6n_@Z(FOo-y#G8 zxpxo8m_p?nhOr&3>|+DQll_O7)%fu~Ae!>|{`Tk)8Ldx6t90y$aPw%m1v-l@Gtu#~ zeY8x5!+-;=;CS#;$H*&d+Hc4?5we_W*wJ;7Q5#szVDjVD=#mwW>5+YLd^kRaJ{~Oi z1>^M_5hdCM;5R|S4WVdT{55W1pM(of=nk0WdfDps15immnaSNA1!pnG4Cz zho6m3hez2q3`ZG+7F#pAX0D)fVD=3J?5L#m_3JJxMP3 zv$Nyd_8{vV(6!}_H__~ba7?9j7E=@zZ~`A~Bz8fbx3#cuuluDXE(SDczo$AZyo0yv zZXJa!-OInRt873wUtd6W#oX`1eJt}m(06rIneF+gZid$a4eG=$Ca5o5N=(t%HBS$w z2R{X3@&rG5VWf``aBYy#aoHWrmym~0fOO9g5_nQ8Nc5Ne*QdzkcZUB)`0q9TJLK>8 zzKZ|tzb49pYg5vwmT2pK=L;ge7U=?amlc$rIN4E1N8EN@LIcBTiZGmPv7!(@BsW8Y z9xp5IqksL0gM`gW5Hjvy%YIK7q$Y98+A^eP%6|TFp2n!d?p^2a=IOgxUCq9~uga}}Yz?_; z7uIz5$^B44J}FHtX54iFeLWMiIR@!7N|kDm%>ezybh+*a-NEb_w&e_1o<7{DyJ&gD@q6 zS7`{SjF}Txd>g|XSd?DEc+0KOPQ)kTv<9%bT4uW1wlv3YA~)7M4wY8gJQO35*t9wx zHoCg??Lm*bI5EyMq$R`~@F39xyQPrjTi$e>3&jfUID^~wV+BvWi;|mD8-i>x-qPcw zzU7Ghe)PA*&$KRzUcPmyn__JxNCCvWH_ab$TUfz|arHKRO{Z`@Y`9Io)Ym{u$*iP2 z)DO=P-@nbPBbK7EbO4OhiX1}<73wkKTCgY49Vs#5a`dt(+ZhmNf8(>lA357#oJPZT z;msmAd2oDRM@oxJ9GEPDy!~U~{P=*3NjbGWzjsrvxTe}SBIK@-rs7hb|H48R6D|$% zY$-+qYy@h1(zC&{t;g8Lf#v7fT4CEy(Stv+m+CvK+rH&S^&Y> z5t0JfW2t#3SW7TG)qy8GrC|bDRb*>;FPIRwL!!k3B?9jHf{N0yS_XD5I6wPWYnzhb zs%P2?1hIJ`#PI;Xb=p}z+XMl~%p-J>m&#NKG~m0htF>c~g-*<<6fIHE6G<$Om}VID zRH`58#mg}?$}Y9Yc*Z#7ayB|J@3b5)gRt*UqG!mT2a^>8a!mNTzofp zy=W%ZF%0Xf^^W-gZxv<~*RoUhd-VXfpGosSkvA z9+=CnhHP0xjMg~uY{vJVFpHLcIDr{`v_V#;ij(W%l@y82>m-_Z@hifb&n+E8Tj~UUJKv|NOZhZ*7+aK)Ydp61`LCJ(T+FA6DAd`f@z!pZUT67mr*|+d4pIISLR`|^)?`yZg#E&$v89E#tiSyj zuG@L@_XGdrN3{X-i$ZzOyhRe?vqG)bk>2jWD*#TXF59KpjbVGa>6ayGw7s)#^ucj3fhx>p~v zDemtmJG#>!o8-B)k`gm!eL-O(eFE1#)K!Gcif9dlrUZgAYY=!2sU4=&jJdBS-9zw| z7hq#S;Y@)bK(RL={1Wst7cC~!*sTkuvo@`6#%=`yzY5eqdAF7gDj)av$x1q=v4+uXQ zjh0^@j#rr3_5l?l{@_u1u;@>e{PqFE-baccW?w}XDDYG(mJ^czV8 zs?Z8RkhcQQU&)_FDNIiQ}^WKoi@NSy!*B{FMvy;+oN!5vtps23ER*6(!Ux?-e-g>7n4 z&*9x(DPw?0WfvRh9U05NJN=7Uc0HLuW&EF zAyY-5493*~F7UJp3R+uu1d;PRKyD@^97@YEzdWkDJaWZ{@im%v@f|Z@4v~lne!cV? z-aG97{Gk8GgQfnf-z=BE-2K}c78sLFy-?gM?8&a;3T1E-ERgJhKZ$$0^^YZTqE>?c^5%? z%0Y-uqyuNK>L|^)9H(oJ-`jzKv#f06J}q4@ks26sIeoJ51A9rnn{u0J0^59->bnoO zG!jLm&I?*fzy7@C#q;S+FJAh-7pt>-&ED#O5O*H;2&zm|>e-QR8#W-{0q?2l&h8<7 zICUZWldIz=OoC=77wI~hK7d>@{TP#~b<+Z~B~GeuUF97&ZT^*ren+wqirB0sxQK=xfKmT2kDD6;>1HCF7M&guQk|Q90b1Q-MGT;f zdrenR1Vc_6X?=Md%)2*wO}XPv?aaPp(D2yq@1O1S4*ZKN zfBD%z<7&P(VE|`(DIP` z^6{|B(DALTFbR3Ddws#6IgT^EzZEd^>l2rqXiBt^pSfqVUD&7TflOlgeXH|crBAA^ z?4B8FMli*iT$BOTAk2xv*xj)<08f?&SalTYHwR5EsTgsJ(~4j!YS*83VRsvZUoJIZ zTASth=7MliU=z+Lk@VEUUXcyaY-JQT`%3<3W*@kKIHzTf=6wnE)t3I9((Y|2gE<%$ z{mc2-{QeukHAFvzqwmEyLiR%R=8yEQ50S{+;zKBct0mAgord5<4-pKPTk@KTIe9kG zeg^hR7!|1v>i7^YiZ-?Km@s1NdhCpFO6kj{MdfILGLjSK?{~A%tdZ;)NAFxfE2znB zfVXb0Wm?+)8qj7)Y`aK_9An`=q4em3DD*Tot%~i$tHzVUqxRU+4=yHRmBuFSO~0TN zeI{XxpaFbayT4Nyk}9%mq;@7u;%=ICEk1(2f*~X;oiwr&hR%N1BRZlf%b4w#6L22~ zH^1eG+$OzukgNBN6`+zFcQhXg*pF{Q&n^ttB4`_T3~9FVshI?JkmJF!pGRH+v=cJ1 z)F(*{0Vp`bQuw1JDdZ!HK{_<1{197%s@ulbxX=PLC#mIm$_C#c_JA>9s(8v(N!lTP z)RziPkl`K59d1qTfI0ya%-pDGyeL!@Y=hl1|A2V}HSUZp0H5U%66^&1K(DfH;pCH^jjvH(HP)C87J(GPVlmOQ^ zsY|{_-nJim-R}oySP~GV=|>ZeG;j@JV#HD(-Pfm&UL&aXUr$aS!9(PVS~%Vh=yf@S zrQ2y99vZ2FgI9Rj={5AQWB`Dh$D`}hHys@wDTBCz*l08I*>vFPn}@oKT#VSd#2YOx zF%^VKdwAY}yhutydqew*F-?3b=-?0d5H?272!{dCqbLxb*8>m`ZP24)>(#y9-fI7U zy}I{T|JVMpSN9Zyu)qJs{{CL+GUh4y{`+UWpm=lm!O}_55yq zdoKmbAj8qq)tAq9558M}v9`G#;2VAd<<-ViS zZ<~99?#01n32bp?qy$C{XHC{K&dyoA)r(`70|(IOx`xDbxxI(Rn>=2A$d4XF-;wwi z=a-hcnNxbDWWP|o)si|wTEx{=H46ti%$^XCZ-zHXPDYw!LbmU((6;_~*9z(XJ=NIi z;~z_T?L6RJO%2-vGZ&Bxa4wIB-c5mu5K*)#14J*3A934}mo{5Lnvqx00P-8kymAoq zT|C!^CMp1E)`}i05K??G4Jc)QEpsovCoU^~CH}2~5cp?g>1ke(y)$`tK6JPGa`)Se z?(F-6xH$=XL^xr>lJQv^p5ujIVmE<4YCQ|t6^-&0sAIONp`qW|cvkBcil8BAPiF?6 z_RnTcSlzUBou};0(wrT^7fZw$`fqA$VzWKLEK^#l&nBIRNC?FvpYburAwEmriy?sU zTE%Fq1{Ztq^@j4pl)h1sglhh7iPEgE5>~;CK(&vw0>s164*{4ImN&!(Z--thv=``&m|0o>7ddOxStt2S=TLh++OCh=FPtA z#-E+A{WM?eY~?A@RO7dXtE!L@ZWno!3i7J=Q$odDq^{mU0K^QkSN}xEAdF>~snyj3 z*_sF~W(k^)=0)Iwk6C!1FrBu#Ltrl49gy*cw%P`ll!Z{};`s3Y`Fv8UUbr?;2`%+K zXn~u2_<+9pHv%GxQq6!PAxkh5aXzVSB5J`2?Xs5-@;j??OB`VugzoZj%L@65_k#aU z(>r%OXkK7=B?!aLNAaF*JXwFSlQ`v~`*w1dz9F0v7Z+bSdkOa7nfnh_ZkM-g*b#rz zvMK(S`{F<9tZUW+S+&5Iz#UVPA05Zwt$%Flb%t@8tqW5Q!PweH=$|F5;o7q{rG;XmKF;hmnVJ5hy`t}kX# zL*Qu!i7B%ob~1FNjUu+cq?8>EWu3>CGdl=3Jo!z?;xCs8k>5F#+}?Zi=)iG|%wuC5 zKXzPQx;ucBmjFn!#NY@28b6i5z+a~T3eyM8clBq%w#V{vZyHR%9%ctDb;=?#Vpwc( z2yZKppALd{`VTscH6>Mz30L&B+7dYc@Juj3xl66bf)3y7WTyN5u*1Q)AK`qoT=Y|$ z6^|)fKqm(-@qP(HV?*rWY0aWx-~8p_q(v5lsF&m$5oyhWPO(UAl4G-ZU!$EO%o60 z47Jh(&%ubdapKxb7e5;`6G+ENC7pTP?e`Cmopaf;bBd)BMV^O23$ELI>;N5bggav% zTW)`cS(FR6I+(%fi2(089A(Y9)cmAT*bg@F)2cTe4k%6apwF37fvb5gxbH!T2YOht zX|cU6bUI#>P{+^0b+{PQ@sHDTj0tKX`XE46%q8qpMC>&O$L0U(eYIsOs=a<^>HhxZ zU!MI9f4$&e&oBPA-~IpopZ|BUcMo||p-M%DsfTPYVd(MFZ@#+s_}*7{mst|tNZ)L7;4iBZ>4!aHkb9niBlP4hq%;9 zGK9Mzn_XZ+ul9xRzaN4}TN}a6ecbu?(VL6T&N;NforizM&;K^~>5xfDn0fATxNr)9 zrb>NTpR4Yg*$O^>#KeWIBDBpOTS!>T7{(rF5f|K(8%yeMgmPl@eMEEmBJ@uscS{Jh zj^ASyX6PBbz#-x$d}WXQE~Fv?d`tEQZ^^$#BsL#|-Cc&7ftXJM53#3D&)Cz@3kTsb zNscvo7N!w0E-P!;`Q-k>1PurZo-$i3@BNn{!B@*eGTfd{9N&V<`6t&$NVa{f$?AE` z3Vk1dTebvD{7_zM8dx}}F}<_4hv+DJNzy4i@o=XvuoGIKU5;ij0!Q;rHhfpnPQKy> zI#7L?m9W@PhpO~Spa8cc2H;_jXnw252lY$H4^I zrsaJM|M!e^nx?a7y~y`BzWow8sqvxRs31_aWt3O2Wr+a#;tyiU>eU0`DpPUgafmNG zl3EO6Q>9NeT`{D>n9f~5hJDCrzZl3EZwQ@caS4t{b1vp7n|Gb2QSvYKX|tBVtuD_ zJm3-BFPuN|K&I(!%nm24Mg{aok^`(^YEcavT=$ilZ-XNTDz`X_7~ujS%=C)OUR*T9 zJ!{A5@e%FS4uFe-eDTe8~^rdW1oa?+Ad{2KA2c;l|#1 zZDJxQxNL{GWL*n@8}_WiL&S!Od}oN$q1_4fbbwtKa{*K_XNH+V{D|VvDo3V7nfZg> zT@4`++C@6x?^d5}tgY^@AIN@yUBXf$LN~_kH28=ac92){iAtrq_hLFp_i43Hp&x<2 z4e?%F;i=4*#FlXIyrdpPx&X%mQw^um?A@)5VaSr`bv1>2!vUUX%%_MohV$%HA;Ubq zB87-KSQoh$ZNQ2^zSMzFa_5I|LGUg6K{C-`V9{1Zg%NilZrbb?_t1Ga95a}2t62iQ z4~EBOSCE?dciad0d+arxxhqr6TPMOld<%eKO%2N{U-ya>1C*jo^34j>4iSw7b0L5r z1qp=G29&AL2(WESq=|(~&dzA zrJ?jXI)s|O?|G;qqJ4ugFm{5GVd2H*i*@kGPe;gC#gIfTL_VN4XP2`O&%umV6I6Uc zh99h8GE_$EpB*vS5^ZKH|_@PJhGmZbn8 z+nPEb^MG;sSD1C|h?5V`q`9S|bP$7p(y+AS@l7AtJ$2B2&UW1lP?4<3ynO*}s68Ra zKqi#)^os~9y#XD=(e@}c4v&UcFi*fc4+lR%91qs=8f$FX?PJG7{SlI>%`vgSTZryw z^8e$Ja@+Y~MLaF4pfxUkc7g?mrnU90?e!;M(AHKu>%NK#yd!_06Au!YG$t&aYK`dJ zBEcr78P`_F`}LESowykF{UqnvhGLStblW^RJ49J$)T+{cC|5lXhB4>On}Ojl`+0^M zPV6Y>*@V`yg6)BqVt{Wu^zFb;1R=K0DM9+r;c|@!i?slGpW=EjW9x0`0-<;WU*k=& zXGREdNY+E^5`6vhj{wpQOichV!xF-@StpOzp5f(8ib(42iD?6dozrWc#v!Tt95Wzm zj9LR~-Z?yh>{7+q=IEJa z@Go%N;^Z0>dwjD<+~$nS%F5Ht?dPkz2RkpHKVRMc)6|QdrYr8q2HkYu{`D>YPY|C0 zY09&!%nYzlLbpuX#%L7cGm11kjUj~NOVA(~X`p8kWs^L@Hct0iFb>(JKfTb$N7M-H_XE>`UB|)vYJ+Lg&>%lqN7K%D^q- z8UsY}Q_Oj;0f8%E=luyg(mHMd)g1dU(y7>&!sDdJnp1(MG`GeL>h}+8t8Ri`i{I;q z<(na}^UU(rgfJE#h-Fy#EwXdP5JAakA@B5<#pIuv=DeTax`kLZ%yb^q8xw(Bf71*m z^GqQmh9a?YYd-SWnfPX9rO1%AW4Sa)3*e&#^sl5dmc=^Q@7Nzl8Gtcey@iJlAFgliF6;tsA{ULA=!m3rypItNk@Ky>&u1BccM^`- zkPoimT!S-9@tR8MMfEgp?hq0Jl|Mn-KuhtP6Bzu0?MELAmJCeUEZDek^C1?ef>H=i z6>6xA17x3QV*DjB8wCT}m_VGOU}I1p6}}Db3golQU{Le5>ZZ)ie?o{2O5b=8JP#Phfk<3vT9CP3{^*^> zJ~=kH6>eN1@ScobXK-?YXkDGI*m6rJ4I=f#fwA-3rFyR9mPr=u=f|0A?(i2+8U7$v zyr|gRxY7k0fXar8tCSatTrX2QZ&CSS5Jvyk!huDyFj?I=FmRwpzXnVvw9wL=k*}6I z-|o*jdJb5lEqECNqMi_!rH{YR0OdyZ12Pq@Q+?Dgc+3J=4XfwsPis26YG{e^{td zKcjvNV=V7fm0Bw+!^smQRyF|+ZDb&u0)j|}9;4DP#Km1KZ~`hfJQ>0*kP_`gv0uPo z;Hxhfop%PZadb!yo*UzmsAa^!{Y7#GBIz@dQzVRI6u!%cQ#Vp6d8tB{Mh_}aGM<=H zdW3RJ)ccvjZ)F7m49{0ztbwBo7=Wr>FjA`AtNW&J*M>0SLh`T;gla**r3#K}qg|#w zSawL9Q^$=ye;LK|5Vx ztD8q?VZj>)X=}-Gz%X*rs1?|_j2c53TrD<0pYo%k3%b{k-8C=HDST4v3?2{AidXkz zstLgX@F6v&_RLR4TEXWz5j9;iW!c_x37a``re*+~6B0OxWdUlgM;+flrfsCIuGG30 z8dn$SHz9a8wy$WM;;ZjWOV#v2$du94AkhF8z9I$q`V6cAK{#IX=a}B$?Q<3`Z`lLm z6@1M_&JtYNmM^mWfqkk0YepNpzA+~C98HH|3XoW+bOlcpDqUpguRM)zot(5l zp71NOUmBS(%+`Ml3`wnpVPE;RXX|`m!sIIQsjNl7mG#nDJm1kp&A7s}MEm>;n~rE< z(xo74`&%Za%v*EpV;G{cuY8euoaU#x#Y!eApWp@z1GTA_uXmW~>elq*1`lZH)}r+L zZ8j!P&%Mhtzpd>C5!k-|u35$2--gAbYX55I>gH^)@9*^sKpB5TIy%oRLS*9Xf^i#D zIl~)dA0wN{?85qY;R`})YbZnjEvlJ?G zC-6LIwMap9gtHRWRVVmM8*JbnmZ(BEV<#I5R8#1#bgsa0-S1EeSH>|@EwV$tz`uL( zLziv%!qty3+BFzWK$zZBQ9eOMOsIDuhBeshHqVG>5O-Hfa#7mHKF}ANsCSbF~lA`I{ymG7p2W~{* z(=*Ge$A#5YxFkn)a$SU@CKK3H8)VE`Fj0{GAnqKV<(El9Y9?t}>5yd4GUbghG3vjI zKyO=2PSoH7Q_YEqr}No@_+h)a9@czk6AjtWtu zanIY(kFKMYOLTT{kmINb&Ep0jXPd-rRFrf;P_wp0*zWv%hsC3;vS%d?mL z$KdNlj(WWkml*=s;n&;S!Q!i`Gi6?_L@<+_a z0f>BpN)vxK9K175d~+Oy2413SR)7znNBS;(9x{+Ryuh5$VfW!1Fz}DMOD3WiMFH=S z>qGHVZ0BP@h0m@LFdicUDPIilz4Z&b8NOFgC~uG6!97EM)(9gh$7uka`?cWVXm1+c z93P2_q=U3!Sd-iaYlX%V@W@T7fFR2igaA9AB(%*qO(Gqy=)GXqNi-DKsU$PlSGruy zajfN6Pz4w|nc81!0uYG-L5z3IQp1*Q8}}%fmrCHiwGHRq5l^|}U zvYLc%=2%K-sqbYn5NB7J3x1z(15y~2w z@l56C4cqZHWnha2!Xf?(F%Yjkk-;7JC@dGf7a`GX=t-g5-($f_CRo|GY8Sux4JQS0 zaRGTIK;}@@uGr)Iot@3?-Gdh|pRaFkJi*Bz5SPq!{oa({XgS3LIsac=pT8cAH&50I zlrHqf?zBUD<-i~tOo4R&i@i6-c@N4%q>nG(t=|85G%CgSZ-X3PT;ZoFDZVB*CSkpyX&5`^lS;E2c1@OU z=($uSw9ndzW3%_A$)RXLKXRmp6nEYthXQ=1l&IFq{!r-@0-wgrf@R@rY0~K-1S9zV zK@!aZky8%ZSOGdx*qa>#meIG6u_*qd*g|pxfp|3>cc9#Y_g#4ATHf-trruK=W$5ayW=Akbm)Dq>e|M=Yl*O1z&$kBaV{3z z7a`t!9ICE@8?L$!hQDW_ZB5c|+GAYk*={S`aPxLb)6fRfVidh}dKBzvWib<{95PW- z6gIqvLEAonEbW#!vvlG(CF?0X@SUQwr`8(MzePV6lj2^Gj1-1LtFgd zIBjf$g2Mf23;+YNxT3T#$+L!?$+`DFR0XFvS-4E7-?5ewd%2O|T#rn*1Ag z!dwBk8LUil+r-Q*AZBRA@jQfr^|%Q0Y@>hbaTd zz|EX3K3+&_QH;)jzV@ZJ-4Pp|9lh`9vf!n)Uw-)L>gat(H)@JOf043|YPwLxB^_Pm zL8D^Me2_5st!`Z522@of78SGHFUj4bz*jiD^p2JmBO*}FhXFbWf6!*j?q zp!mqNapatwx7Srxg@b_KkARUsi9V8(F2J_ewaxtpb4Alp1iprAc_J$#8AKY9L&HKo zp{Lp$Gi>z=ORE9qp@x(A|If@IhMG;|(N8zxYJVVFVk{6#LA~qr&wf~tOW6^E%1ASh z>6y{Pk91yuYA(Q57-sdw&Ia0`CG^Q=+d96dZj-QhlVKOb!^>!Lee`B!VWIC%YjCn2 zT!hP7?-6VVN%R1XqB%gMy~-__``H9|lvjp4+Y&qEIzjRu-warDEbFT}z5lz~FTI^W zF7n07jG8fV#w0-x`5FX`C9ft69W2xkxXKB3Bx<0Wqa%dPyZg#yaE_abNMw4loQ|Qc zG6F<@4tRZtFF_Ty4syDX0KXlbp~@D*?tj$u-waRRoZ-K#$M8ycxSW55h+EJ>8@zy)IA}NZ^$YqDvTMI_Q4i076e0G%GEN zgz*NQEm=CV#IoBxd>yM$L9qzBm11u=k|J|pJK!Q6#P!Li{iyR-DJk4)=hpfM>horQthUAF-JGf zS6936hjV=HRI&QGKP*3&Cm}(qfiBb!HEak?O`$+&IoyWU;aCvh+}NaXmd;@DT>~Ka zTg;`ltl29u6~BPjH9c8l02dH?JVGPoZiv};WA&2JUGnas{~ZF!8k9oRcul8i8BVrH z!JZgypvC$1XmkcYS|23tM|-=C!iFp;QyAu-vpcw!CkT ztsOPbaLc5#xxF^LxqsHCUW#5J<4~Kv@BeNwA8tKdxTWpR;7mn=YU|&EAK*UBT&K0? z*=A`9G1NjB04lJ)`sz> z+TK)-3#PVa8+G+xMI;n=drsiyk-OH25ZZmK| zX?q&JVA^S47A%PsLq##)n9;=2_!zlse^0V8W=_`l&QGHcqJ zUVH0UpE~qv=cs=LOJ*9b@W|6coJ6U0FM%ee=gVq6m8q%dRwYd5G!olx*Yw3<-IZ$we z+v(5{_cd$?zG*bZ7>z-1l8L+-Jieh!ihOg`JZjavyhSZzSJ!d{ez6kpx_1vnZF%;H z&moJ4+dE-G1hYD}c-er*O!bfLOBo`4Ja!s(RX3{^Z}yUr+X`WkHy|uOkLud{$G_?A zFX3;`%Y_*wF0A}mL?wCKcy^!^Jhcn;G!w5kf6P>?M|rQYp6SN4v~*vw<>BQey!T+A z7@=H&B(fY`#lnfuj5A)ZI<&{{t}D3=NUj45Pb8# zg(NC{K zrS=si)Nra6RhgbKA8Yf7^%u4j;}TS33626SpJKh;Q6 zhvEPlPy6oSYba#lhC-&I3&f@4N1!-nRXzLE5QE2l7nOfzHwJN zijD=rY14&3QeQz~exJw=*7X^!NsGlDKuVL^3XKxraoS%WrAF+aJqOWB!#!1IiyBo6 zR5CFZgfy|%0@JCX3XJT41`m%^1+q?R1JE$H`YWr4#O&rQngNW4zjeEL;HVws$eT+%%2>EsFSMzvuMMN9>y4V136@ zGwVVdSL8s?9(}meG;Rv4Ux`L*R7&fv*btw@y}bvzqNR={Ah6adU+B!_%<8hWqofA6 zbpeYq{i2CA0B&$Iqn$yuBK>yK%HmC)NYIWQH|Ss?g`62rEgTFV*6tTM1#{1i;quk2v1r}X`<(|^feFcA>17)LHpm!W z$SLj)Fq6G2a7yh&nS{iwgvVZ&WO={yTM+ioU3*tM$~taU(w3y_px?z#tBo5}R6Zb)HBmoM$qVmuc&k zDIh2e(xI!+hfz8tyXNk;^6&!$jFm*kVdTDkNy&8J$puHLCvIE_K$4;@UGP{@n#`J| zcr13Wj?qBC3F<+;GisooCoy;*ZO_}m<9^k0xU#bP?Ahk`2QOc&K6$dfwY&N?%2Dj# zpN(f5yBnxPq4OwEnavk!KVkmZ`o9N`t&p0S_s+MgYn$J%uN`c!Z*A^u>~3zSNzVgB zxw?A7MTUChaENEMg$k+WiBPNN`kWUyT?XF@eDI-T`}E!{rA;3|>j#Wwu88#Y1KB4E zw-12(kWqSgb+go=HNtx>a%lP&(X9N`Ge@0E6(+Esvbt%ubchGrjc`?%WMqYKeI?C; z92drjVn#s7KoX-122|6-Q5^f|9YrRet6J}Ofw=8v;!ZVntf;CMvj)dwckV=L8B}>Q zkzEFqf%t7HM5%cWI%A6`q64(GkQJqvXh^(>b0H?tu2BopvT?o7=)%2imJ5o0LN4&_ zB*V;H)v4ctLIRpb@7O6bzd|!NWPLuY#!SZW;ZBjdt?W;UK~QJv<4}Q4k~-~r{|^&^ z55iG*A)`xK45-ZN$Sg~L940VOzaKnxlE$jncxNYO;M%J5LiVesS6LNz-9OvFWtFeK8VP=avL0WLB-XazNNup|v= z89q4&J+9rbSdVnIKsd=0ymrT!*zWI2lUY8VTGn*wG6cmfTev$x!mG2xLJ}j^*s+Js zn^%}>Z=baFr1ZmN5+M%&*1#JTmXG(sVT-LhtQ?*M9Qa2Mu$c}!Z-*>EnP`d`g68t&V4*sAXXFA)cJBKn*d_`S)bQov-UaKfd z2ss%^1f!9jEOnl|86YOFyx@omIztkO)BAQoHieUdzs0E~3gRcK zso*@zd!IdRIwD;K*ta5p*qM+?l1wdB1ATSMV1j)%-AOGAgtht3C@c)CD=o74HvEbh zvvEvgvV`IICKxGL7+e6#E{Ca9P_)bs}7l)_a3!vW$#>`xFrfvCYJvxjKhYI%9*wb)~ zG(PxQLn5JUSB&)oJNaJ3in6;v#ZYc)8lNh4MRJHRE9WZ{nc2evF3i>N;#%viFL1B+ z8MVM?z>Kh-UJZuOc{`W@A5{C-nH^e&1;-SzX@wAPwph4cPTc8q!n_bLBN>5+FQg#) zy}K!bt*sWiq7~TrxCCz@QF;%BJ~Yw$`L&>>-y-s<7&C1rU%d^PowVxp4m-5%0+jMm zra8EHBOpO4CwT}cuZ_d%omkj*qCWJ~il@H19*Y+KsJ?a)B>+XDiJg^$jk#_8cuFxj zer3lsK$+?+)GN)4MTY^1wO*$t3U_E;MkwW`#*myGn`{0d)mo!!eYtQL-U5|E*5!MDRYG)pRimBIiN~R>{{;Wercd;O`g%^@-6ks^?Ri<+rFaU5 z3<`g#Yu>Jcx)AXu_;_4>oW5K*|VJ-aEsvl&D-mt4T_-J2U^!N0<_YfXG= zV0alE8W0rN732hfYM@#hMA<%GgNyMiOMWy)MBqw8F4Wl89-JahphDgL28p6x>>g~b zKKYN;Z`P-h$rLG3omA6qg4@7kGQf0X+yIQG822J$tC8v^h?jSbl_Gk+F-w65y2eqp55O>xoYIw1>0tMO0_o~0Ks$1ihzdt?tN`Ik z6&i3zK>f4R%Hj@S<__T0C6f-92Q{OJOS)Qe!y)>B2fT%2x&`lp3cI9k`+h+`ZCJab zd>9LHvk`SRvikEZ4NmU|T&aj7p`)opk&lYxf%~8g0_x4^aND35xvirrBQUWpPI^#7 z#xuWtdEqqkJ-*%@A6`soT%Jln?xvynT?U~~TvQkzb01}O}BHXm_qpM?cC%}UO;4dNph!L+7Gtv_oeupdfY$1!N8 zbwzr%1bD!X(4M8nhC8bSl-gLR41*FkQOti>K_TjX~rs$bkrJpTdfijKTgM|B~$q}n62|5_n(_1Vky184MJ!X@?B3X$MR zs%&uF=y?;M{aPV%WhM3uy#6yfx8=N=O32C3&`honYXSS0r=J41T+h&H$_W}%C)cmd z8#GTY0QJV20qteAV?csy;X+1qo!ns|OI%$C0zBUab3QHgG{AJ7}Xh_@rSp)s*dvQo&(h?p<(VdsCklr{I~~u$y*|ue~@xP~p7f zCja(B?B(kStc)$>m@pkf@dzyHDyy`=Hlf$mrBvqAPjT;?*7&f!G3JcJ6D6V^K^hc? z0MMZHsI^{cBA^gMF~w4cMxc-eovKNNLduz|LccU#ey__^`$k3k^u5y9q$w3k#?a_B zz3~OnUcjqZ84%i=Pg$qbPf*;>b1RrRHH8g>tg?;P9kspNzFYG$m;PSgI8vAzBf&V& zwqa5#=VNN7t@o+nN$Z*&v$j8!G!WY_n+h(LYiudLc(=A}&1_2=j>dwV0IK#c07(i^ zp~{Fq3ldN_i}g9VM^zNQ=7l@&DG*e?Fz}*kYlAX$Pzhr{w_KM97UueD{o-w}i}Jnj zfnVP~SX=+@;Q8j-Ixj;E3y--k!3D|AhYH9;U!1NZJSEvwzcFqscLHTAbeje;eV#8@9E$I;bRu)Uqy&f z2lkt2A-s~>>pDJ}r?f1#qWaY;7LMej_#2>>cZrvv+AuEElxug9Z*E2#L5_0Q72O`A z(k|%*u|0-Qml{7i&csg*_Xj$HpclNv0bH0gd<)+9@^0?zw%=Z->mR>V&6BV(8Ld+V zS^LotYR!JrU`^sdz`R*&xM6f_I;H3*H1DtwS6c~Ocl^K2q?0`RU{+J`eu%E=#ce%o zv?ls2x4O+g;!_)iD*Zd%-!CNX+9|Fcza4@@z1deyW_JFY!A*yZwFWvc`2Cl z;g3F5c{av-Pp1u7qon^Ri_wlXT($!h)+Cz=4ei0=q!KHxBB9#Je^fcwnbxE@^OORd zIbL+G@n&VEs2<_lNCg@~usm@)4COZA)+#*PsHjpPF{lux{T`4P=q<)J2M*1^=-rf` z15aYs`nhQ2*pSs$6=*576&?1v$6iPM_R)+JG)vtm%+Scak0@a1KhG4J=F9-&NTA1p z>x;@)GT;iX7=sJCXHHPT0sbJbVgID7S;OMVC_2A6$0n?eG_slGp`?6waW;apMD)-) zgq7%-X8?06wT090M8At8uMXou4%s(jhy~iBwNk9b2}t{5y}=w)p(RURCjJRx3kH{+ z!xJVW(0aJ#^g;>pBzF+0U|aXWN~_;~{Ap}`@E#+>)eb7-!!raU;&vdrO@{$5oMmE( zUu+(%zFgbbee?x@*?+4~)JGeUvTr<>c)S9cF~UOs=my8WlA7duT5ZLkK{ zvN>x?qY9oj=s4>8-2}L$fS^h4T>s++4S;cUSeNz{+wQ#0PC;l42+exn9~pj6t>iZ(jGU=^EMnVos!~c z;hlZSA}RgmuA1Nq09AfdZasGAwxQQXI7)hVVcIyBdG^W7I?ZR@e2N!f1?H)nX0)7B z31U8R=RqCt)9LScZj>0z6%LPIi`Sz8ncQ{2BH1j{TEwHOeyVA%P|XyL zEyfP|u^#fCkFQW=47nz7H&PoaA!|DjXr^3NQaEt}W&?LDAM&$wP9g-;CW2?A4=Ph` zszqzYoJe|e3@Hn`#3Fw5QiNmsyF4oOhLJeYR}3o>tdZ7*C5t#0Uo>SHnEg z)`|ND@hkp_4-2MbF=Li2%5+yY?ZFloU2mC!d*&bNaaBT4OJLa`SDjTi@{qGfQ=TZ zHOf^Xa6*V9UVn|Ng@S~DO?+M}juC_S-MD%Kw85_VycoFDllIbBYAN5PMneTPI`^0v z!Edu9K_*7<-w~RIbVgUZbbfjSJM=UWn5Tzk7os-wTZkJK(ZQl+TOCXO1TQZ#<=4v1 zPeC4EyO8JNXlJoaE?IQ9vSwNEdd$}YsEB5WHZca(3XtJ>3o@h?%0QxHP+?E!lcnF9 zZwatg4xZji=K+4VJgQd-Q}Bptm?wbCup=APu}?z_bx1TOHw6!ol3PJTA1O}e!UtRzJx^Um@5a-PpXa$x4ccm)BAF7pJm5$d3EzJ9yvQ=ZCtopOiE zZz@lA`g=N4f%vmvrw2(H;X{D7rKH1*)h35}yORurZEF%&9z8u=MhR0mgq%JmnzTEM z;CbYltfzHM?~uV!$jC#%dR-_(>4O<%if#KCHZH}uCRL1x^om#>xkD6VMRxP}yLmf7HwZ(jAQfS`2S$k4a)0!$`g z1OO>7MAHlH9FQEa5$jW%qw-Y~8>O$T%R#wgy;4o6wmU3qx_Gh21`h*^-W$AX+J{BSaW&j8l|XQ}Vciw+>2YT`7%Bn8S}P zj1eLjF&P#X5-!XkPYO5gglF>L&V-b$rf>;$)LV88{IEJZdv4M*2&p_}7lOA@)sef! z_gc|*mKak@V_4~ZT5nyE8(3=pWE(3F2;_V;=( zZ$_!{9nhx0z=RgpFZ8->aMm?@XG0Ubz+I`vLkO%8B=vdnm^UmEg4If~RNSo3Opug;mF$3F|!rUn#_IZEe99vz}&k(t~(ajb!oV9JC~4r^)vyBGWy zQRiKg-f%N7lw{`;f!_BRKN4?-r+5+24Gat2FY-VIO%|-wt4xP3B;1A5kZ~xmH$QZmq5E zt{*(x*x5zi=I=Llzdbr-JTMWHLgnk`iZw&*I6Z5&+WQ;czYbPuK`a zU+BuyT&&vqsKP)WM6w)lXWly3S+f1n)t{wyjP7|EHV)~r$f;lYEaN&-~Y7L(ggKF z72}(7jTFpn3zKI}T9&+Bp2}IK@UN{r74%~~U>N7MD{QAM8?eaKZ7=~n0-j>`7<8Kg ztXQU&>_6b_>RL7v-*;$)t}n>S>H_*}X2q5$UI%-mlZEfj!@+nw8b98qDhb)APYxkE zz!`;!n-prsY+)`=z^KEJRit!3RRQ87wqpJhT7n4U{V5^Hi5-hO0a5u|7&$8E{8Fa__aUzK~Dcz2f#hQDp zZ|OV<9& z^z%p+H5g0Mtmi)ZcVMqJ_xbb=sAhP1ji4qvgI6XMm!Sq5TPn5F($>Lzbv!=2nF-*9 zy0+exlrB6^n%=dr<`yOpH?BNGp}_?Z=O90;b(df4XG$G`^|iJeoBJD^ZO}CBTwmEw z0r(EUA2FwO$NNb4%q72%=RF7Tb3(-15!4dn8;Al!T)mvH`z{QtXE#qI6CUG5WI_gU z98W^GQa&fyD}N_tEPp?8d}{=-d_&82{rBlsiLW($e9e1A=q5fbLjH;C;q5&m7i4o- zfi^SZ3UUs}adY-ZRDvkHKQ4`S$rH9k#pxW2+{Vvim|GG*<~#|lfd}D`7zk)(#nL0L zK7+y1a1EFopP!O_C|8NxuXDl@005CbBmwa9o~m)Mgha#0o3V_H8FYX4A6LFuda(4M zcM*2>vO(WLyR9e+C8Gk7A*K7U3%laJkr&@=LaGQC?`!!(a*MOZm*oVJ8h?uktzXt47HKf>= zj~1|VAFSii;F3wJKP1w{RG2LaQq1!oF)$~wk{0}QTVzaIP)?U0uv-fJn}b@xcL?m6ia5dh)JZW^geSF-&s$?0 zL1dpI`vL8@ z@7}<5gLU05PM3vNXq{l%bOs5!ed?z17)Nd{D2-jfJtNGaeUr#({hC1a|9}Lltr1GD zr6vz89SUIY7fAI;N4a51FA?@YcP3U|7@idQ^N}djl^_-)4>tK6gqJ>=;O4E;pMpPA z3In(uLbqd?uq}TYl4s(xw?kwnIz)AB0Eu9) zhr*1gZ8_+?Mz;22{3Nj>SG5b}LLkGbk;DDeRUrDja;F(XJcQ%v@euw8$PB>!AOdC8 zHrfZ z$qWuGfyR0pOjc1@hujXPJRzHBkX#|HpZ39J;Nu=lVEnEOCr2i8G3Lh3u|;MywcVp~ z7Kg%XM3O1Y*9nH8ewHTc| zX?m2Ak%uA~75!-Vaf=UDV}>CAJvln<)gJF`e4~;!(~o!8x1Zmy_k!l%zT84>!&KQ) zhDWe0K7Q?s&Rt|UrU^=bV-p8rU|!#9{1ocd4B(P;OslA^gc&Cy6)JwDe*zerY*JWR zSzG`5|vO|o&s01?q&@%G27xUreCT+^In(PuTo6zmaEj@dSp5`i)E9i2R)iW3qAE?39At< zmO@;2<+9otfNI}Fs<6E-4b800hB%3{;p_3?_=d^*yw7;8tu_0-Q%rS6Zv|9m82uTZ zlijv}UnsE6J-P1E5Z(+7l3MKdwY0?uh{8^(BsES3a>KD0i(t-;rXC{p*M?r~a1o}~ zAA{R|n>lXJ@BtA-rLAD&nhaUw6!F6_Bu%OZ;IIR~#HsC>g)fb7N;w2_ES}N z#S=ub39t#lUQr9W$muV#VxoniO%+4b@?x=-Im5HWT?&N$>1Yz*3Dn`x>s(dbC{ge+ z%Ve@iGHvyx|G@mN3{Ybd z#OyY^iq+DcanBVMynyg5?}Fw_Or2ka@g-X{dwalYscD+ty;rCltnpN9xWN}?E1b&> z&09uJ!y$IZO^zK8j(6~Mcs9Jc!6XnVPBg=6e2P=yeQa!4-RSCI&rw0`{Q5lgD}1)# zWrQP=*COB3p`tF|V0=EjfR$Igpn4U4GHs_EB^o%YS^&7@GQ%l2y(}|qz)*5i1(j*024(y^Tmc~qmvQe1-wm*~ zI1Q|c*{#V8%It7GW<9LV@erY&a09sMu#%)rgH(X(7BmD7a*rT=bV$=PlqLM-WJJ6~ z5#RKWFhG*dJpkxg6|HJ*zX6^9txE3`_SE411WS;r)$4raWZ z%6pGTyXM}y=Xu$>D928ZaZH||%xqw|`DZsM&faCFd{1cMbDVsA^B)6(y>AxX_}qN_ zH7wf#L^L4$W_Pf00iY==q8=!!bw*sK9ZzMR4i*Wy~gmYI1)PtYQ*tX>aQ>1w09EdxYUN zWti{+uGqYHqwz72Y)r%5|MLJTYM?w|51mi5FwZiO1FpooDB!^uh!k0n5r|{Dv+FS| z?~f>aT!0vsC&=NyAh$44l3&Jp!}}l2zr3YAoZIvT04sg-+grZDRf7g1K4gJmeVdkv z&uz1j?-x$r6@sz!|Fie5YjGV*n(%+FqO8GPB}<^AWtowsMt~$NBoGJ5GI-MkRX_=- zLRAF_?d^WPXRe`t&eipmeD52FJgl{E`OGENy0IX#_XND8Kk z#iN<2jruzF@rhC|Ljz?JFt}*I+k{1nwb|hfn1!U6;_i65JP;`e*13xxU@P_okLzoV z9aIS;vk2YZ!`H*+{yy3w%j;Saq|7pH)H9RyovvTIF6E&JNvop?x$JJrf&q*^Ihj({ ztQMCk<<3qa)>K)ad5g>~0dSu@y7jo2J^MJM%{u2{vW7%|q0FKbbQJAV$;{K65(3L- z#Ac!PhcS>SmePJND=VNWD_8D92rgL~P)`IzB<6bWIg$mOL5^WsMk&I#qVtKHUzkOF zB(`pSpS_|=0@Q(Y_rx4?kZ%1uQgiy+pvekh7>*|<%}1rtX!xA^k8w7Ab_v@ZKZ7(W z-&!h{7^k?r2EWvLG)3ipfRL;1aIfJ?KEptLx7D`l-ww9m+RzI*4FL>S#$~bGOblGk z1b7HqCSB>4m2wuT?pwJG>~Y!{yociw z>ceV~ccT2N`aq+&x=qeTF%g?Lh}k5LaoZ7N1il}MbVSQy+_kQau{~dy39JE4m3Uc7 zK}o{vLvmlZaD^qprzvWXF%Z1wPvJ>5hFSOpx#D}1k__;ETAYXW1q}(pLYEJJg}q#< zUy{oRHz22yeat_g)v}X_I??7$&W+N9NEyibs$iFnjCv*8lu3L$0E3j2lY~ijdwGQc z`o=|4j#!Z(G=VZOasyu&kW5W<&EzTd&ppJsK^ZXy^EL4I+a|LIxS7=Xj*KLCsJ<6f)c0(^`Eb^1+ZRL-W zY~b3HCs6IJxDm|(Bg8QuQH!YmmVGF|RnC!1Y7)q{5$#JcCmp>Wh^V@w_M(9m;=40k zaC&hGh4kZ3taiHc_&Z%y=e^j#11llewc@{Rdx`NFQx|UNaPlqSf2bv@RuUAja%^ntc&}TXQogjd*&ELJhiw zjxpRls5Q2#91p%tIdyCQy1O?|leVLijY2fa_--{!cVdVJbN=@x1Z zQrk~zLeOFDq3OX9KSqNPTc^h0_H+Sw%@UL?xbAHwfn(gJB#jv^9-roViZjik<&GsN zDLF!5Aj`bQQra^s#h7dt9ohaiKnapdGPCjvvxu6p@DV@|Y<$^_aV)vL#>dM09|?Mu zM(xBhYPzEFjaZ>-+$BhNW^g&D_w_OC`pSxW+mV(f(%*;e3#i>T1!xqZ>;)p!uJ8q* zNzwRLq>QHmW2nKxkx6S%- z8*CnvyT!mW8 zhgg_fK3vuOildaiFw)4M7tu!FjH;$s|j zZU2NqFIB}w{=1NiZi}iaE>b+GOb+zsfE~t~Iu^d69nJpbwRh60H5nM9OR6)oRI&Mr z^O$*QAj1I|kBi^fd&w+&=c$Sda9PkYIE{&#&K z=!wUsjd2UYS4h{0*$bqO5bYC=r@f6VwATl+h0;i!3h8ztR5nHZ0dYF{S4)zUQdRKD zzS1O=@Rj8A{dHxB+#!`#DUcA4Y;!ZDl_uX8l_MI>_>`*xJzr9uNL(`h4Wa;pfjBd> zu)4a;n}JsrUe7PQo_mklYHQ0&8#ENRpUo~VEzHw&i&lcNgDyj1ju1DTkOVkE+|pIS zOM0%@A#m*D8-qMqPfCJCbo zmCx839=z{JcYaZbe<<{=aaEEpYW~z>=hj@XAnlg-XvNxj?>FuQ*6pI*Sx>=d$1YQ6 zvO1QOO6Z@mT`F2&@Ie!F(N$6aAZSvr3&02wpW{0z(1~ITf$~r!S+^34DU@%76YwV! zjq2HXK=BF@5O79_9>FBqp;*@<34=Mf|7fYe9%olU_vkydW!}ZChL>DHJ=H`K+X9-S)QNTpx%U1-_=6}q;;W4!@y$Rk@R{b1O ztcnfho5Lm=$%ipgL4NYpCT@}!6ipFqL>T;3BXDh0X9im5^xX@*lDH~a5FgqO_7x`f zg%?CW5_u3srjKO?!Y=-G*gFLS3KIZ>A*kAb(m@VaO?#2MnJN!|5(@M=>vc;Orz>9V zR2TU|{lpGI{MNi8+0Pxdo82R1;&8<<1>in%O3{MAHiP<;2Skttb$%iYgSrrp1-VWs z*?Bfl)VsOX#Y0;YA+~8$orryA#{xlCik!3$Q9G^+ue>-ev-E@Kt)t zhpWTY{aZK;r*S2CKy4(M3}F&!QZ*52dxQ+y`r$msg8nyJ}!9Hjnk@#8~8Nt`=(sn)DYaXvm(c3coH2}>vjO3T%Wu1NvJ%DR` zF*bBL%IKKHpwsm)t=OD$`Jldl6!p0?N}Jl4DT`(VnoEj7YZsh#=r2K&OWNNj{)!65 zYrFl<$#6>o4k)MexBM(rD7BVJgJM}&EwtP3;Y4?^@Tt9fS}y&nP0Zz}1B|Y4D|-{A zXww~9016wwSZ7z=+n2X zk1_K4#@fiCFL^DOJ*>>my_|i%;9yoxVQzJScSo$OF8{nRw_Z6MfSFyLd%?RTMoneh zdw#yLzPz+NJHI`@@oJ?Kj6w^9Jy!`0h*9+>HliGm{jVn#wBj3e*t1i*wqC(iJSs@& zMNrsjx4Kj;C`jY{^~(V=tKsU=lqY8`l49w7Mun`gIYFI4c8QZTE>;%mf=?iOo>hKT zdeeHZG@?!=wNmSxg(yi}o$D&Fho|7)W?JRQV2rJdn$Z}>7<>U;s2KvmX1xonAjPrv zd*E&0o;tRQ>)+F=XmJM3{{Em0|Kb{mVRiQX*qXML<)3Jb!3m5mN0xF+Dhk4XIH>6q zYW5|)7Pz~phm9@1;@gre-)%!DudW*gx6QcG?8bK)iT(jJuN_0Zs_qOS(O2sar(<+y zD>;qtla+x0Vg1PQtgN$8SCr9dh6-HkfyEkGDoH(JaRaz#3=|B74W)NU<%-nN6h1TN z=Jv3)YOs2SQ)*dG?H>CjZeLgQC-lm5iL~+$N&ys0ME_yE(e{OeJgMAIw}a{pmRn$$ zO02BJ78RAM6OshtzR|Cc)5EF}B=r&D2eSBy)~*(APm&J_T^@q$t42#!{}%Plnr{|% zyV$DQj0w>C7jn0m>MWWZ`ZvW1v!^o;?h|drH`MfyQO0}1ChBX#N2m;9b&v!Duc?iC zbE1x4ckqv0YwsJDET?wu+rhOugHm~l4GltW4=JGuOi9NT9kz<;w?&a@f4QLmQgNR| zTqoUO4b%X^)=RMO=-_jmF;3;ct^l|~mZE3Os+;2JxHJ;rT8;Iky+Uv@6=ky@kv`ks zKcx@2c1^pw#?uA&GIqM#a@5o?paN&twyM*}+InWDJ`Edp z8^;{X^=;Ir$e6bAKX?j1)Cq2w@ZpfNU6_!qzprjcLTI?}-l>R0;rWoffdsy1hT*v1 zSJ)KBbefPkW7fg(6Y174<#Q4W2Di1CI43z!x34(4x8y`sU5sYj9pg&J}`ycH2YvZ4j^@I0wnO8CNXK#=jDKS-OOzIN=e49&)3-JPjW;6cqHuRs1IF z@DJf1E_PPFOH>>(LeE+)q91W}&;*1nRM0)&ku(KH;dW$ulPb60QjZ3jJo6 zm0z}7xWWfMHG5s8vDK0TdR;Y&8mg;1>-XjWvEw(I_g zXsoFly4u%L^dML^sxqy?OmY$Iq#iz9Q3y(7$$Z(Y*XYI29$obXiu^$)3Pl#WGZc}| z2xwoY<^~GXc!bFR-J>ZYMB+*TBJTW4v=LDh$Rjlw z3`33997HhlK3IiIREPv8_?FiJGDrl}0JSc{jrq-S*G&|)-zx9QD;rg93E75`9`vOaFsp7?{Li|b@}s{U)Yq;&lYqFY}i&G|O{ ziDcwD9FPQKu!lYJr#D$+n+Bi3VsPGc)PD zM)LTpxJ9zbhTzSBQuhuglMIdE2!RmobyG)&i*iUI2)U64{r@==+f`BA5d6pd82>LD z+kepX3W{#LgX+JU%oPqrM6INWvOVmr$&MFuu9n(aOTGQhZV&~H`obp^ zd*(${h;R|+8N?L~kS5D6S&FgB|9vRQ^=U}HZE-V)`#MGab7|n4dz4yVRNzvk1I?tY z9dk=vYNwdmx2e>P1h-A|I8K3^GzU}Ct;jJAW(sEA-~YC?cBA%$(MmAh!}t-44W!xK zx$gJ1{}m@5)mP&22)S^j-Dt`8ObW{31kp|f!tcw@5@glCSY$dgx%^B+`Ql|zs3KlI z(O?7=R3$aiV`Sr>eA8Xhar|?U=dpXR{0no`tN2{K5(Blmg*KE1IF{mndN#AxZuWN% zOaUAr_bcp{tH`vv7GsYt`6$lnIxM`fF!J28g`sMR6m;&7lxeKTIwkrc_Q-2&5+NF0 z*@A0UN6`wd@J`!Nytwo+SjD{`(l;CotzMryaQVu;a~k?x?H0n{_7TYNS|Hv9 z?qM%Hsjjz~+7Ox|!~J+nE}-H!{@tu+4}MDr_ubm44||90?iU?mBvaOp>GxDJn%0f;ijtXMqA){FYU}xM&mVuID`{E<~nJ4sem5bu`fXPs2;IkH5;tu3cW@TmOUN zo&^${LoPYl3S>Ty#oS90ISusd>PU=9r4}j+BECeTx}vG?=sFQ+SoDDE3sMA0g(M=B zQJoAC+>smIkUY+H1(AxsdRneMK4>4E2&os_;P?e1Q`@J3E)oQ)fW=6vsPw>|cCL>2 z7%_rEgMqGalo+CyA!vr<@oj~|l zg3q`Pud>R=Oa6u5M9pP_MTO)u25yJ-)QRNfi#OwVKu<~pnw^fX=~E&(RDG@~JDPRB znGed${VRbVrX_`&Wo`H&H=>B7IDB|CGN)1Z3RhaNj(@{BKn{%boI7z{+Y>SfLkZ?z zW7()&WpH7+5UYkmM*tY+a1n&@%*@)tEY9AypKUBHtuOqtZl0F%{)j?LkE@!6$tYjxBQ{sxmN; zx>u5MXUvcH1SkU)7|uH_9LfMGYOP@X)};t{^XMJl&_OpbNg1}(?(R!Vct+7xyU8L{ z=4l&9*sYEzy=EUAH$Tx+gFBPGz58pqM`BZ%b@ID*!y-3v8G0+T8GsK|8`IcbR+<~Aq|Oc&{u+0( zirmsw^VL@PoJ3d^Exg*|vimwWBS@~edvgc*X1)FCK#&3`csBNaTxJ^I>qd1>CG5m8HP zou5qgj#^^&pmA0B#}yp`M|&2Hkko<=HF$NniHCY6}Q2-D!_nx^-8%CdJp zKh}ZJ$E687sLDlSgl4{wNu~c_wT<&Kv=BBcoa`u|f$lI#78f-^>#Y_q zoNLN`$qcJA)K^>Rm_9GHcO5+zll&`3@gBwwbLS8AFPQe;kywus1wzf_oOh-_ zIn`CW^6vgc1K+)L;OW0^Xb!%#zBYd52#lFB@)A4n3W!)HlNcZ!fhoRiM>!1y{=`{n zljVSUfhENbp0NZ)2N8OgM!S-`8|yEIyCSk`7wOUkp(MKyzKC{z!nlfD4IFqH0f5Q0 z$1sAM&W;sM6$ZFFbF}BK2+UV{>q0kEQF^7`J4o#cr}-ar;EBPyjR2;%3#)Rng!0*& zw-HN9<8W;V#5DVi@Icf7L_iB^;W0K{U0~+)_d~iEahNHCbOeaTQEr#0V->oaL{7nf zV%NYGJZE!u5to^~)=qpcxXeSNvZsbe*v&E{_mE8T%G8ZMuYsu_42LH(w{F#80TAyq zGp^jECPktBVAKaNkt-dYlN=>Z6yp{q@*;Z=_YEsx>#W7_cCsZ>@iqNwZ%t2@tVZNW z;DdY=en^`X-UY-Yw&qki@N2R2V8*EJ?j6m{%)OX>{d!?(O{{p^?p$!8l9IDz(p!lA zQ!$P=fMuM*FHyk;4S-j$0DY$ih?6QVBZkEhP=ObTf7K3WEf{SVUWxWR^4MUAD;kX` zMdAn7vt3@bKmj5~JK zZLbOJv~acq){i@a)O+k0!>vF(hi8ClbC-#1yvLA;MTi>$XO2&FdD5#dv4F(2B+56B zydyyNgg2j6y^=CAMitx`#N9V(mp0I!F*^mB(*iJd4V(EzYb`TX1rECkK@qwWW;^mrK13s;56mylm{J z5xV6UTF!@LjuluwM_BVB;{*4wmY4;j!}-oA8o0Cw^>hS*OPVEJ&^am_KmcMN(s>!0 z!iS}i!lyD!q1rbm=nh6QM<2$YDQGFM{zl8NSA6hy^7q134ekbfkGdoX;bMThxB%zO zDkd`}$yW^o5|O)QQ2K&RIHGL^;ujX%MR+b4asbgN`X7}{B=dU&LvS`%mHpuFJoN#X z@<&)P{L1&fY|2S9k-?dA#tw2^lHxcLo3E{)MPNIVi;ZgQ7foV$Ee=(`L>vokma(6@ zT|;gWZbaDVqL`V4{UFlrG+v)*k)Z~D(tQdkXJ{=Rh9t=dK? z)dtpt;#b;@eS$8`(tg$a(Cf#J02!(g!9l8d8Grv)s2Ph}@)7I2 z3Zsu|HobH*!g~gX9i+LmBIZG%{mR@_b^!z{F(3Elv2MOr~Ufsjmk? z6M8m}%c6QUs-Kwbw~u=Jyg}M! zn~NBvO6~1|v0^ma1*F`v>JRxYI~N>p%x1@3+{I5-Ifg1>DLqJtDhw!68wWd3RG|Hd zuu%zok?7i(@i$ zgbt?gO$ktZjlIMnv{U!w8PcX}8+6d}KoL8Gr8zN_ub-H!<_5v|wrSB_a+ham38^5M znxrFc*4sTC|EZa9IbxjkgelnroyfxS5<=A$;7tLhmO6WFo;!|Oq<{L{Mfj`~3;k{0 zp8BylwfEcK@8AA?QY!joVqKNQ?2&4R85LBM6$(K2`j1IVEXGRnM*HDnCLwieFJ`Ci zs9y{hp45000sab2QVgOqSWcoqfgXeLkk*#*^F(#WxIMk584*=lm&-2*6eWka*|_=P zLDr9zCbCC07BHXwqzB3T*hK<@Bo|iKPzP6qb%w7hj&VUK! z>T(F5SVGZAZDV^RYgus?3{w~8pxd%!tY-RR7m0t0UZ@Jw7DrBcnua6yDRxnx#<6Cr zcPs_waBsIGPa#vDAT&6g@|^^Xv*OmU zoi49?6{itDlTYVK?bXk3Wb84a`&J*#0p@6 zLhwl)1-PMTJ?*vRzVl#Mm5F$yPcNX zNa5_gQFrk|V>sKoR1Py2iTLU%VB@{?I>Myf=@=JQGOQ3~f-F(Lcod6KM8$6J1mz0z zCBmwv8&yq|j1uq~k51LSCt?yQC8RM_5Et&SilYr@D z+=7e`e35N5@K$nxt({)aC;IIU`WEo|` z92|WD|G%ge&0RYHbEl_-La#LNO~DIW+SJhuu!xF*qMk#(?$=vY=F+aETJh*Wuj^%SR{Pxq?Hw({ZXP4(@_aDyk{oMXb{Jk*S zeLDZ*!>?-(+P8mw)q8pG)B5}mdlS!I&wW1n<-;$xW;^Y>tnXltG6%uw?DuCc)yKs$%)Rr_U^NV{m)CgA8wrd z`s({%9(;UvdUyHr=lf^xKHdBIeece#=B*d+Tg#{Ker(@6I$wMEcDQzX_U+HJH#Q#r za(i~-;MeZctB? zE9*<=AKRbbz1-OAzyExCXK$i+>%+Zw&(5C>9y}kuyno($KkWR{zi}}*dHU;%<$D)* zPFs5q+s~do-`%We!+&z&y6{q*Mky$3r#pYN;RG4j$aSwf}HuzPoYK|NcSu*VlKR zKm76e`K$Y_`xE_J>l;5jee-7V^WfM0+0Mu1=f9l2Jv>_6pMBMNd%JVGyT5m@|N80D zhY#)73+JdjxBmRcXSe5uZ*KhX^U`^9Vd8vk;dJ(N_4vlg>c`H*r>osJx1PV;*qxg_ zUznYJ^V3hd4G`H}+5~Z@P()p}$-@4XUA8{^eC^NOX1CvVZry$Ppm{R)_QMYkx^vyR zqq`HY-fXP2Uf!7fvHkJzJv8NCdUwy?JbizB@%HGKHW%^^%ocY z??3#qbNJ@-)ANUGFF&rdjt(ZyW`B5nvh%8q?fS#{%B|Vn&e_H%kY;6OZ^Xb?wud54tqZg zhPTddy+65kZ}mm{$F-x6hn>#a{a1q*cRoBl++93ecrjRoVEXlQyS35$^#1m%iQ}E- z?bDTm=NpUNlaCeu>+aM3(l0;YKI2yt-8W~?cRQWa8!vlvcl-BV%s=g)%(tJu zZ7sk1H2-=1`_=oM#oI4?OP`+|+&y{u@qFj~jo!}dm9@J&A8y=j?f*Q{e|zuk_dkE= zU);a@W_j-E>wCKoAD(aAS$VlPTweNccVX_Neg6KzS$E<74-XeRC!K}U9~Nd?FCYGT z{^9P@@p^w^_2rw5wdRk9KkV;6J$(P`yV>^gt-G`Px7!!@_V4cO|A5uKF?g}?@%xMJ z;xDc5j}Fcr4ClUIdD?mbR(Uf2a$@Ko&WLs ziPh(44}W~RGJoUl{8IPli$QmPaQ3#jafNM`Y!wrskb;m~xFGZ=7vkF|c)*joZ7pGd ziY_Wc1PsQZ`W~o5LYv(BXe^J{*02)0naU2|JG>`U~p@qO3Ryl0c zamVRvXjR*@OV5|L;e)vM@IExWC$);_G%>7&iSv+*RUaHQ`K1*W-#$jELU^oEKZ^GY zF%;5N89~5tYg===S%&bY=pLd3B*sBm5z~?Vgg7Q>LB&y}N7d7)q}@zR1<}NC8v+r; zL_2aq`16MCeVnmgsNNIxZ`NlAju_Rw-9p_#25$q2s;L^hFayG)HJLoVpegs@e)$`A zh&*k@5mK8Z0!49{EPJ89uUdV{B6Ls#1>_cuT6Z^Vn&lp+A*4%BEfjGmt;n_zyTn&c zaoDgb8`lMgvYaplU@Hva1IY{}7*2&5;fa$r{v;(*Dv4&e@?vG%4F2uK`P!q}L%AlG z2Rc6fUccSuP0F}F#5R}iHBl@B*q36B22`%DLzixemkr5)$YLRp2z}55aZ{^}h%iyL zj}dn()(Mh}wG;_JQb!$<#o(p|=HQ}}ssaUaW1w-re|j>!g={_)tU{<85_SaHN`VY? z;A|=~lD@(Vm10NTQ7{FTnC-U$Dk;QF6s%nQjIJTsoBtY$S0~;nE}sRB#7s!hGQ5Iy zp_iiR99>R0rZ@M>2+y|r*F4q_MvD!Nzd)N}mxW71csUF@Vj;c9@L@%Nl@XcT`BITA zVitW!_L=nnXFJv@#zbe{2n*PtJq5NKr%ne&7vNf$5rZuxxTRpT23#h^rb=ZnWAskx zhVD5HkMn@BQ2$&v2%Q#%Yg;beD=P_wyLpP_K7j#rj>Pva3hsC!XOaYma_?zEnCIL)&3u-LH)kp*@35+Wadd3fdRE~=6*v@sgm=^Ibv zWrY!O{dY#Y+X(nWxTN~Q!>F>aapBKwxAm4zJ+MI(UEzw?=22YtR&C8)D6N-4Yy>4jYE=Zn= zXhS+H{;QZXRG`17L5ROs*iMrmGTu8uU@~tQ{T6k2*$bWv!yMvjF`LK;8wjvP3}#DI zHo*XhdB5F9{tW6s!J|H11F{A)Gs)wIkFEL6wA=pT)wdz?<&Wd~YE-QMI)M9YSKYz* zFSYChN?c!#vcF*6gCDw4PdT+j+Y5Jw6sn+1RSckOR0NW{jB03BXUIqQRQTk!pcph8 zALdbFp}eH``qsoWc8qEy5-B$JfJ_;0^qd#EDu}SrJk>RTD1|*36_Pniy`o})xryMX zD2J5eL4*&Ca5x-87+0P|Le(=pJxd#4&+1uSc<3|t@bbc87Ff7QX@opbeL@tT_FFKE zIFzPbCZ{E%XGXBCqw13rorR1XyXFOWt2lk77y6$72oHK4o7GYCfy`AobDiZC9@1O?v&goU5;fz~B zd7PQAM%Fd@3U*!6j6?VV8mduBgnjZF02O>BF|NPgc-l?b!S`0oi2mDb@m31(I?O~>)4Tog^hqIB@kHE|%Egc*I zLe&nO_o~F}T!_>Won4Xj24ppC6jHh6OpuvpXfLsJGe6H&9QYXXxLN`{Y zE7Z%mNJvby0{I|S+nrO0tXbtXh7d(i*Qe!ER=CjUBcOb852ae@f;)pe6;R0vs+XZs zA*xso@P1p5KZJQ*GNfXm_`%bQ*WBp>FeXdvquLYhSnc&uY16Yh^b0f+PG-erI4LbH zLqyuvL#;cV?!e+m#xIAkNBfj~Uw&5*Dlk+{Rn=Hhk^_>gYyCYlV>P!}7qA6tK4{$L zpE8jK{}Qf;tDQqaU_oPJn+_}3L^W7;muLX~KNa9-lF~t@Kk^xH80G!Hs2qzTo@}#0 zaeo~OX@`E-MxCEcQ-5Oaa+cLW2eTkhh089qf~H4jeJvROGpCGBk5$pJ0eNR846r1g)mB1XZQ-dOukwd z8zD4;G9{B5DOGKlIPL^dB-+r5+i{2m+ND4c3?P+L0Piyy;hN3l&2s8xBHfx;886dOVtGwYxYv$h4qI z7S%HegrV!MRKYh$|9F)~1(uEo7m?GrM?*Les}`{s)*zL=QqqD`;pq~ZQ7nrGCHoW+ z`kgauu6?ky&EOy|-TZ7E4R?gVQChsaIt-nhR+Y6zk8y%4)1ZOVbhphydN2qPLK87T z0pZQ54LDUqx?=c~T<+jU4VZp%;KJXyGXt8AxV}mUN%kc-R2fLsPa}w`UqERn zf)^Fp5^z>9T_{PR#P?@A11ys3iv|N|Uu&~+jtGZjUjFGZKEx5of!ew}7rXoY1N!@N z9Sk1~5YB{B7j)ewH`Lss%WrF|`~@6se(4@ql|(DFu;yM5L&dbygso83u|L` z4iDzQT!-!DoexNMXk1&v`W;OtmmyrcK7n@A@_a!rE2>??wFYDZFgmZ@+Qo^_$wlqf zPVE*__^#P>u3h8b38>euu{Hl69`oh^f83sUr)ZmAJHqwtje7{&WfcG*ks=C5$VsGB zsCPe!X<$0akf<+OAL_0M`fOYfwMGKFC%LJ6A@>2~_#z{3R4!kkodh-dl8-O|MM;Xp zI5-6>X}5%h1pO%ho|8u~QT`Mfj~0xHKT42)YF(~*nCMWTySo>wZQQI0Z^qWVmd9A> z;mU)HLj5W%7R1b!3#wHON92LmWp9F0uh8Sz+FC4UR;beL=Fip&95Apiww^-6v%d>n zdkcO-u5G_ZLE_DqP(f})Pg3P+{9soc#9TsK_Akn;!iXF(YN73#T$R=b;I`tR#1pZX>;3 z4sPtPx@KK`A8`?%jfOV18AX7x#a8?ia^Wg{GM}|rwk~$Ewc6_qjWXlYLceS6V{U&O z=u-XZbce~Gqd>NA^q*pXC#_FgYxtj~&Mtzu+ePrSNQ>^`#qM5DKQEV%BS5{Qw$Kr_ zF{EtrCxYKj4MC&7eCA~$zqEe;$Pd?s7qrZ?P2zA0NLuvY(+n<~TJp&#Ojq=-$wHU) zt!FCb>i=#ohRXQ|y>o2%F@^Yiwz>#N$mjs`sb9wvE}fetE*~5T9pSbaZEtt%^aJw{ zA}2rs1B4MGCQp;KjCNkU#fSVPkU{}uNbK*u{oP24Z& zPQMu6s~x~e$Mue{r0%N1%?ko%Xdk-O`fUwOo{*9m2ytX>F@zqn1lb9+Tn$YZ)E(h5Gm3ZTB6N|eK z0pz`=yRQ;%ZVxZ@cFC0(vM{zg^dbzwd}X&Ri$suDE(h6r?FKQ0BweTa`qLqDu!%37Nd+m*dcto$US|Lc) z7n14YNdIBJa2TL!MtbuYh8@Wb{2~m$=Q}4RzXcq?FYb3))z9t(!Rec=RAX=*8SBtl zk?~|#yta{ zL4_L)$^dX#pT88Lpg$2M+1hiEtyjudU<;kl-B|{xU4BwvibM4M`#{ zKezimDU%8R5^j(ofE1>gG&!HHtwT~x;r_@Y*UcE~A20E# z$)-*>B@Xx;JPULhF-vD|K1sTW#AD!sK$RfyGE0ey7i?H)K}SE~slUv%QCDWj9v@#; z$*GLHo+C_@*K1lHK?8bvl%Q0j5%1}6<0wY7ScZc_GnJ2cym__Rn{FWm6Dm0Y_xUIu z;JbWei)0s9p7iOeDh##8)ckc{U7VLn6{3OE8Gu9uY47-{nMfufhMS-X9|PZ?;Crg7 zfqmgw^Ll!A8B>5Nc$#iBIXkL&3*s6%&oCgCe9S~S06-dk=`^oCE2T)iv`oE14c=NN zB%RP_qWtngqjG~pj~~&1W#d$R#(k`$^E;Ijmz~bi=}1nRnu>-DS1t~s6O2$v87kl1 zkfS{uQGdlUR!qz`^Pj#-+AkLO=xgY$0#G31z*$nEkgM*RuOcS)3LsZ1fc(GxhQs7; zzmIy>6U87%-?fF(A!HQ(ILvouvJ7#J+;@pE+x*Q!kX^hAp;xsG0$5`E;Dbj2n1)7{ z!37Kw5yzeAJz*psu$Vd!LG*K{hTN~{Uk0Ek$<<})UrR9BC|ydNZ%Xmz|G8inoSx<9WIj~Lf=oR-ENj%CwVVRtLBm~;@SS+U1LOk2V93C+XzQ`WBWe%h+#O0`e_%gW4 z#O&$=MS+kBR_;&@79luo#nfPV!D8Q`~c+8cX=GZ>UH3p>xIG zzI912apQg2t{U6lQt!V$-^*?Zd zZM1mokiOdGmp|U@1yv`;ObZO2#T?xRt&M zo0ukD{1vwi+yupqmPp`HfzyrpY)zuZ3#<&qJ>wGsBMDJBmriQa;Y5W=_;hWst$5|k z!gKKH-LMS~T!%SiP=m8-bCNt;$*&O%0THw%sx^NvaT?YrNB`J$j)P}xL3FZ+XxSCc zNC~BSbV~Y{%$T0}l|#9r)jyFbCwke}K$`VMY^hXrxu*K+lJh(hxuVpJQZNJR$OldF zqgE9=mw+SYhch71RPdI~141d|SLqy)CkC1~M10-KkV6LTrVxhKu+4^2K;^;*YcHf}mo}+pj2dM$N|CAwRI!{V#CSJA5IGHi=!Q`XMrULlDlgC6Q^YE*Dt@t94ZX-65WOP zH+V7gz5VChVeXKZx4b(8xC}g~&>E-N4F9m?(IS}C*RJVs*UZO73q%o6?QN7Wd$a-g zPFm5djdQ6mn;14lZg1t&jV_g9%ni-mx#`{NhJ$G~yfBY63*zEJXZup#hc~c>qx2W7 zF;CUo8i-7!VQ4!7fN-qR#TK`|^gXoF?^G%UAV38U8!mNo#z@0mw^e~jpn0FH3;z~+ zcAVnVh#Tt~V*)uM39FE!o>#L6bFBs&63cba!I_yBFcHl(E`xi1RScM6C(T)ioZ39! zi1alC%CE=U((4klpo09>g-$1s`9;gebc4KF(DRk*K{30Y51$4+myOF_{MALakBFWjg zOhA9cFAWyvhAshBA^0&xly4w1m1Nfl3UhYQs7F^ej>Esog&y7A(nB24+?RqE(nAmv zU}?^0{PYI_sI<+?jL4!kxb_bdTe3UfzCuB)OHX_RYkvvB1l`7A9SY-iT{gFwLb#aShJ2?SJ zt3@@UCG0m>j_u6~oav!stQO%x)c|6?yU!QHgMyld>h6-Q%c_%y4P`AcDZ%$S#Ev3}d1LoH7qRObPl& z$#6(gj8H-HW-a@@1CxSEM6e=2ExX4jv1BE`h$;O$#4r9ovRKT62NGb_dMBz&D2WsG zAKWfNja|=)w+UwCFLssVC(RlS{CqQ0#lA|&gxmf`5N4$BO9f3t!d1mg{DOE4gyfmb zjxN!LfmHvkO6n@oaX$gw_D2#XwNjBZ9vtfA6T);!rUc58PJZ4b);X1>s z3DvH6mItbe{_9^$I&@I}5ihZ6U3T(EA2Ah+F zx64+ov~xGLfoK>ETFK@;uzL0;f#nJq<0jeyr*f^-q+9)-F}D(wx&2r=VJgMTV1h%X<`l zsz`m~uT$m+H00$(D;k0RQh2${(AXU9vI!*1+8QN%C?n-^AF<>3O-jl3#n?qjrY+<{ z5>mw>?yur5kEE5p5v*CLZ}eP70!|$!DdHn|ftU^O2oQ=0z#%q!bhHk#uXH~&>S7N= zM6u#SU|A)EFnwJR!VusomYz>aWI_;seD?_zf)RzDVecva0}2z=H32C+{kjTV|kY z4rNQi^;6^ID@}7k7^oaPLw-9A+wVZ3R9WYs!`?cR8hqye9MFBG8NJWw(kH z6&#qtAk=PF9w>q`XWfXI@-l_)F z?qsZF$-Vofz;LqBoIv!oH=b{6^$upsUTJot;UOKPjK{L&qa{4UiqOQZYow16tIZ>S zUr-I4j^E}Sz)bmq{I4coQi+ieQD?XUZfxIXB!K;5?7vJe)!pZGIqrLsS3E3O9BiDd z_rSr#QJ4WC%bYzCV5%HHspuZr2y^|596uxg!&g3^@Z6 z##&Joh>p0K8BCiXtw}Yhjs8)f6ObyRA2^F3tdE(MVpNJ0-6|1_t+O)z3zR4j5*FywLWe_whio{pu8PE_j<@2a<2 zjAteo#WW<@_PTb)Z?1y!Dh(k&k|A`kp^uuoZDx{M-{j>OJKwOvKHw%Qv=zsD(gnXu zex^NoCF}_pcTC%tquFdyBgf#Gt<0D;+$UfaA~Yr$1zG(_+|_a@DD4q<%e!V@LS)iA zryYUcN(5We52*CUQ|NxDN2mzEQp1)B*FgoBZ&?5!EM$o@^X}@18D1Fes~Okaf_gG4 zH}GQfeDTvxQ$#*_BC>LXtPeBFhDv%KOPUl&*@plw3Ms7aWnxPOKrqJL3z#Y&jucKH zv(jC?hx$JuI*amOIiOCUxH(bJgpa<1r1Pu~~tnZTtHz(jh7@@1VDkj^j zLKPFfl=voa%(;Ve9u%14MmOL5mmj1Alt#IN?K=WSovM2J)ibjvQG2)}$ZRB0P5Ctp zH@UHC9v9Ft{=g%%!<$YQ{OHAR z9x=W9@f@pK)mY{g*hs5y7n@Jj9vyV{503Ev!^b&(9^Hy>#!d7xTww@B=J2r~E#5^o zuGc>SeHd7f5s~PZWZ5<}T$0=;&pRy@(m@Sd$Au9{1jUVX;AuT=hp83#s$Flx0w~5jgiLI%~^04Zlhl$;gkAHXJD^;mExm8unVYPy9$X7kn-Gr6xwu6=XpJ4U8sFANHS%#lV${95YfN?lDv~ zhi$#SifgOFa-}Ax*6R$_XYw6bx)D@V%-{}?cq+N)GEfjNlz_a#CCKf!DvEE)ol^E} zN!%jYqr~_}Z44X{sS8+mBpb4 zy9lf`K23a%c+QhbAw>CFT$|9p(OX~?bo|O`CuPt{!nDq%*=pG zHBS(8z+MnQ^ceBU0SwNt{u@jB?!tmKZI1H^Z@HKQPD9Fz`H{Du;OH6F0lne?O3Za#Sp>4hEOr9&O{Z#-^ zO0e;Z(CN$INK0T;vJ?=tk#hDG$`h zdd1c?gQwDFD?-UNG|xn1Gj$JQ-3C(od1}zyYftI$jA_%qrhyKmRT( zkV1Q1d^3qJ$ABj*Nl3q5dn9di-q-+-`7_X11~}GOf4fBH5_6bGw~BpSMtOXPtZF(&D&23%O)7lKF;^LdKZwE zz6~LQ(#5R&AT?JVdwL)mnIIN(I*+iHqW*};;CEmVDT~!-j02&oH0Lxaby21fL&d!v zyly2ZLYAFOFz~qWfzq4(6kXN4H`OJpO9x&vD5iyK`K(_JBSbXcxZMjCy+mxpR?t&C zXu$+DPs3?ROD3TTDt6|ds6$epi#2VZ>DnA4F>)dc%9#j@Ht^)hHtu`mB~zhhy!m23 zoTS+lsPqawg6ueQmdtxqp4Vx-_G7|)> z9NWu{AcP7Dxbx{PA@2CMxucxBwTk$_vql}&GsW7GX$zY07_~r-Fqbk8rF4k!RY$6} z&MSvVUqHZw-VxsRP(DH+aU4D!x3RgwR=`nt?i}H(OrayXm06rnXT>fnK&}_Mt>7i= ziNJI)ijc&DV3JH;`ZaVurzKxduwFg#6Auu3n0kDUa?2}y-1-L|tSb*{i3<-bM1|Hr zW_S!$O$5Hj1W?Kb;gPwy?dJIi8L6(Fve`f!X21%hlZO+ALAJ)q0_(`B+lQhS*Ur!3RD ztPHsc6H8Ag@+pHB4XZ4{29%bXF2Z51oR3uYO_3ydOzP_*N2bvGQI-m2r->NZUQ8W6 zf)@vIXZp(K!a!@#0M^?&7&&2~lq0!C@o2pl@#G!qo#4^n+blpC8PGr_%_u&e+JTGk zhBxL$<%9X6Tj83(Rlxen+y0`&I-l4i62_?-QCw$ZlzuB{byZB05dt?Iw?U~(ri?!` zV#Duzte7U1cE?MDxJ0^BZr1pFW@i2U%EGo)_$7}{Tm)l2m|uA7A3@7DKM(5Wf_rL} zH&GF6D520bJ?;e8k=+*ct7}_bb;#L)=)gSl*D_X7-Ie$l!$GQW51d>fyR0zAWNZVq zJRU-bE~Q_n{saw$2g^Z!x+*?aR+rx{&M#aYfpg2RpDiuUtzZ3%)rFO%**OlOT1(|k zB$00ZixYaP4D0e!koloZ4gW!h#+o>}3Js-!u0&iUBJ+Qn-j6yG;`*-YV?NpyAjPUq zU>hJQzU6dio#e%>GO%9S2M{>ed7BbQlkOv9+v(m50>8MI0g-H-Y(on*7c6jwZmHU2 zW_R`ly0slsIYn*jSR$?;@m4(A_;leA?^$;V_Ja)44U>L`p`t#KeP57r<%Q!>M+B#G z@z>ErS1e;udT&!;Yn9V=$Cr;#L0U14uCfPpsQLE}-$1t8UZcMG?cle_RlWu3I3qzQ z23=hl`x57zPN(t}1Mz6Uls{Ufz{O2?lI&7NyU2PUMkxOnoX9&FRzk@aRWR~-0YahW zOjwQ4jA%TQQgnSysF06oC21i-lf{2-ezY%@3IA1Y@GiCsGZ0B>$&Umu=2s-aCE3upvBf3M*2GJd}liS>i2L+>#F& zh}Ri2Rb$E6=IQVN;Ri0;lWN@~xJ*^Ql-af!JgRD%VO458C2~N|M<&9)3{I0-W@7Rx ztrjKOGY&)e~<7 zr48#V&5~(M`ZE~ps70Ib{zAv8DOmW179nMVsC51gH>ra((@p1GR%l7ui`O+g4%enjImj4F8NPBrTk1r~BR)Xb&qXMrKgMYbeN^c#xrit>ry zJt-8)w8t|Np%3oIK2X?2gVI!(3S~u5caKol1unAUSxtdyIP|&(7W!e`W>&RvRo?T~ zUIC0{1wBS3=yh=IDP?mhmXlQ}0FnwZ-pG&)BRfZkaIE3TqEhuFm z*~H@*9s}O+H=5{;k~1@XO@}*EZHyNU8*dJB&lse5Ny0-gI-H3x|IA+pB}UeSte%`6 zv=)gneC^)|aTcE{eY$VY@W*{vY$yY%Rvq*@OcEM!K!M&b!*e!s6wrD@udC%79fYI z{1|Id=_U}Kz!B8(=Dx4L*D?M2^y%(ir$0d2xx;Y%_t9eL8jx-yPuH#`Y&@Yl9f>@d ze-*f&JQG4%Z^9`Li6Vyj_l|D_9(?CwEw&nsw& z9^&-sS2>8lWVB~AaIPY7+Xb=WMXp?u3|-cTVoZK4wghd~J$p~VNr!lPvB*RB&R&PE zbNc|F|IeDT6%;#C7^Opmjk2@QEHS}MLDa^Zcd-2+|D+}Z#g~2j?I8QH^1HKRQv z#x>~)v?@fG63|!46m0r1RP~7w2@s}1LY^#%hNl)uE-FMufvNKY(csAuXSr?W)3+GuHm?w76+@@0|ko+e5@oEujbp3A-S|F2@Mw6 z;F@Nqh)lo;!8)?|)!0uz1#(aOM`hG%8#T-);FC31!Kj9br7o+1y+dqOgC2bW3E(Z* z`+_~tY&F>Nvr#~^#T7tivk?GCEkZS_kq0l-TFEQ_Iqn4;t>8W|@1DG5$d$$>kRK~a z@`b0f3=c#H3c-7Y7F?*rhRbdGKhG1Oqb3&bsQm)$mmC6wPxoN95Ave`9l<>WK6?qW z&}|c%kLoV9w7oZZR@Ip`mcAxx`01>mdINk^~syVw#Odr*%Gb(JU9f-2!e9WfQz)5TWG?!D<0*L@BfS-Gz!l(7{TsrsX z11>Wb+IF`;R_^S-zL*r0H-0r81g8r7nVFg7LHL@uQ)sNNV-bU@!~LaNgL9THqAf|T zpk<>3p=$f?tEQrnZO(cxWm7RCD}Wmr7mT!O-vCVWO7B2WmHAzm_onniRB$;9J3xoX zoC3n%;y3!aFe7&j2wCt;d8#UQ>I^VKsp1F~zJTOTQjJSbqAy?)B2YcCuXF)-nGGpn zRulDol&tO|Pr825W^@<-+P!GXlVg$Y)~i-|krluNY01&-WhO54aj0MyD{B5oL2la}@(&**_^9+^ zgiR5Pn97zgB9{q92Ym1z=m8p!Nz{24w?&BKkCD%*Rj+

    pjSQ#w>f(E*VcTN;b89 zaoSF$D*_cl@~;vSO_aKVopqvqDA53lqkFUqVt-|5|4l9tX5tSeE0fiMpEk+R>;L&5 z|C{;#AMiJ8zzur{%EaH6Qs!R)thf^XP!_^|qyy8W=GgYiG0stL+%SU!<3Z}^aPn;i z(tl_e^$|2O0)qr_B|P?;QaUy?n_w%z=-T6jH%@TynoxmMCQtyxol6Q{!igNc(R;iIEp$#$lH38H`9B!`FKH$= zKAQXT3>LfW3Lk~SSdKMNZUP-Qy=;zQ_3C6aD%MsR3%!} z3jcXiVs!VQbJRje0&xj!ji*|rR7n63{0Sx6lq%Ll7$d*YaPCMnx-3|UIgUc%uN&3QSH?T0c4J;R=a&7o$J(G`nOuy`b+nLV6f!jkc9Zf?*!TSmCuyqD_T`L zR@j?iW}6|pPSvHfwdfgP39N2*iWW8yiY(&CKuM5bcn+m1%5I~ALkyxZ<->M3Dkkog zybm#LLZHZ8mh|hI%oP+ll?C(^vEmH`Bd$GgE6M{meL?uUC>RlKtaMWc?r>An4T|e^ zbHdMYPGGurdZz=@Lc-Q>P9R{ww>`Khx0lpq!R{)5QeapAo9ya8|Kop2uu$GV2t|cp zJW3WUOXAm`DV$1B@+7-v5~~9e`oj{-E|w(X&|P6efSYuJz`}5&1lA}pO^S(-ks}li zp-lK&7qF=`6ZS>@itW-Dn<}WJ4`DUCo&N6WQM3OJ<$2IJRFn%`Ge{3G#8U)IcZZzf z%?X~ipm;KZVH(~?OxC?X=n0%CphsL6+rIAAV_mfNk#KR`xJq5X;)y`SXabsFN8xsw`CM$^kc3DrHv3>JeX|HzXvHjAd$stA;_0 z64QU8f6Zn7=s_6p>WNGQ}o}ia)-?w@y%lHQZbX!h0(H0g4y%hc#kcJeHDZ8mHJ_kY9aVtsEk^_#I zS{RFYRUTzEfOmX=mc(*i<}#xN|3@yFZHbm z&k#pNXHYC&22MdcyZV@tj zdy36d+Kc5n=w<3P%DQQHt|LYk$kym=&@xs9Ts%ov1piN-d9e(s`^CEb;Xy2$u2nbS zx7N!3X{TZ@GBrobrzd+V4&tTNXUfqRWEmnS$yw7KLgp($Jth~|B(qI)LOSq_u>5Jm zxU$&AZd@~MG$2Ca_LFI29pJoc?sSmt#-O^;P{pfBc)k7>mmqYGPmkBUxxlq|)Z7=N z+)-WeVff-18~YwL(?B|~TTRqqmBJ&Q!EF!nOWS65NWnkuUttS|;>aYi9b9V{0N@P0 z;f490#sChJ5>X2L`iQZP^h1=oOIIt5!#Q&Bp@f{-Dq(Ov6ju&K1Hw5}+DXDJQf5`` zDkGEd4HOGyTY-)fhFUz5FLVib*n%Gj=L=ns&jA(tOz?e0>Tlo^@2f$ooYx?%}86U3KoNgzIFy6*BvCy*p^~(C7P}v6><`*yY6mpxw|5HjqRJCL$4^4 zN?7hLG9@~!M0wo~rfmVCp$Q9D`lc{LXPERhuT}?-^v{Hag)J3y1_tGqKB}aR@CgxV z+Ke0+5G(fkOf?pdM;J4FHT_|XM?c9i06UGq1A`v2;9^0;xSxU%&iNEW>U*}7*o7H? z<8BSY!o-(WJIR(5&C)dl>H1|%0i~(SElrLWN{g*1fE+|wg*?68P#4>Xnx}!?uouIp z*a6P#%Bn<3IL>)Jks$m)DA73$`Dw8h-Ch1Ipi<=07L6td!f6@dhR2AOK7 z*gNL42c)vsC*&|*j0999k_#HH>$CK{qP_+Ri=dp^5yDh!y**yLj)E~4wc}okar`aM zHyq$DJ?RmpX&AhKgv7??1UZImF283PqKo32`pelr&iH?4_&aGbGxK(KX=7pg_44Zl zG~)1aEL6_MeQvPDYI0et)`;xkrt~37v%nE9S&f6*u52L`ibqg4E*})IUbK%;d+E`m zM+?jA6HMRKIpZT?5jFG9rc({Kt$<O1Kk0PRnG4-q%HM&C!}qFSdb`42t#pF4qJSI zxoK4dL=E>jtCk2{10xf=X{2VhdNSf%6SviLusSA?;V~%%IkkeWf&M33$MT^sRlENz zDTW1Y>JaNrh*a61@5qs2M?bQKTR~W6Nbp2kHQdB~A?*|A09kan`A^y<(8zS`GTbU9 zi0U%GLFO@!cVLqG7;5^XmJ`SYL7x6t&z$_18s>Z-rHO(|sfuxJ*eDN>^b$>J(eaoj-_FabzirsqRkRJ$~Oitx;+9{(w|yvdAatF)Wx> zFH6n~A4uNAw>`PPiNc-GqU5a@1?JS<3@m2UsQeBOu;0=*3GrJYX$v z3Gpr5tK)UJ1L(j_2&_#{p`ghg@LfX91(K>>DKEbg*2=#Mi-zo3E}HG5+79j|0RO&h zDZSsqVtVgRqYUvT=>NT{S6$UBZfM7USXX1pwXN$VF{?L!g-u_$>)uW|mE53(68|-!6`-I`nt-(LJV3tV>tVDPcsabW?&Y3xSjQeBZ zB)njOI(kDc9h{o7Hnqmo*>&CkHbCrT^fZaHM@}h%>$cnEzJ@~W5w}`J~)1?%>PgHSkIYsE|ul$7hdo3{=3qa@7 z2#>FOnUC6ZcdjG42y?1(;lb>^f)m!pjE>ZSU&z`pH>_D(UULqEUeWEkbAifMV#|YL z&}bUxbA8_Lo#IX`^&{4HF2Zn77aanW!`*A19t}|v_h#A4i{UKk9U%UJ5uzn_5E2yp=LSif zSxwHZDhKJ}24MsoT)tuppQQR&SSZkiPSc!z?8cWapO5cF-W4JA!J3}3@%+uq%;MVi z?CR?5``SN>ZS~zmtYji#Jqu zXQd!$?4lkd?t1{Dw*rSKyFU{M*4Ti^b!HTOyTTwfc7vbj83>=B7 z75`_54Di$N#-#4YqAU_p)VEp)p{#;Xb{R*I(U?Iyi%3NB$;7q+p3@!l{+2> zX@)a*1dE24qL+1C-;;3xOF6us;){PX^xsuRkvYhqtXSvz@1Q2HjK z?W?s>B0Px&q?a9^PE0}@gK(#55E1GuB4HjJ#yN>L#`%!n%^}lrMj_sNZ(4yCYsY3W zgx=d1o!X?qZ`#Kv!;6MNs)}ihW4A8_gmAW`lM)p*^GpX!Nd$!9iPDxTx&!9(1b|o< zTuuOw1ExF@t1~mNcpUun{r1Z2+{@YL3qY%xH6;?w1*q!KSMPsq<2lZd$(jW;*`RUN z+&`1(1jzvZ__7(eE2`YRNXVq)%llngTw51_6ZESR(h%grvdK0R{5<6qPsr0JN;QF* zN;w1bWxQ??KcsRyg%cOs?-PH8B0p!mwxCzzx=~)k+}*ucZ9`oK&x6YU5q@h^lKnGi z!@8e}F%^r;Tgg>`h2CwdTT2>Yk_ZERQf!WURS*r)-Y-7?6JjwOl(*{g_COIofOCzS z=jB@(ACD=6@u0A8F|0#^HeTSIeLft}6ab!Wopn&m=VEIXik*aXj1L21i~z=6XK;*m z^;a4vVNL&liKJ0Q)xkxhVShuy0z2FCKgfyjpV~f}=mF@y*z!Ra<0DY2Vox+T!HpgX z+CwG;@?D@IB8_9ekEkew;(BmNViPH#1G_KOcaQ{Y^u%EbIgE+=o#M6TF0NH?iH6@} z+=oVGXsr_(c?tYBg*Hmn3bVWFX)$uJAqVUhqqoKQ=9<^#aZ3C_aJ7o`*yoWU) znimnZ#F9C2osWu=9k2iUU@SB*R`!dm7Zv4-nu3;*g8&Q^WA>+!{WIHiCF_Oh)31 zRQ(Dlf-0n7$zkW802KS-bSYj4!ao!_|6oa@ zT0{PK_n-$hJutLMR2I!lTWMrc2 zXpzxk;0rs2YgNx2SiZt;^I*oq4sNf;Wb6~fAhu6x%{>}c0rqO?GjjAMRhui|e$B_0 z558dJS_851kTQcF#SrQ@)y_IinFV41SC-cnRuQYYJ-ac#xc<`}>>Y4`<|zIoV^1jq z9S3v5okVqWU!;CHU3+y3rU+=RNqQBIc(1|c?(nSl8pS#O1=qPYIE4z+zqm%OBi;0H zsq?et)mO8K!P`Lm;_Ca-i?u4YibeKPZtea!xRZ4TEm_q$EUuNnfy}66+vwlCQCH|Z z zy*oG@=SJo&sm@w?-k<@&CCMVN!bU8?`|huTH*qz89mwEoUmQg}(AeY_7+~j!YLL6T zi4dr}2+6_aF*q84P6;%N5)_z{FF^Hb_fCeLyX)KqcSRs6KG-vx7;azE)5)Ss(B>E{nQ`*33f z3}#XKWq{{Ndl%UWyEPvoWdpSaGm8F&XL?hCvy4!pDj>ZI&vZbbZB{{m3kj|c0@s3O zj)=N(Xfi&!BJG*p03|kPtP(wkGkggVWuEnacnI0e4%y{w?e64p?XJ*71e?tZhzDPyc2Zo|t$K7>=8$kwu-F z9!cugFa`RZ!C|fO-F3i(JKa!^3-FJhT>`wGYDdne0DT?c-xUA`mSK7mOhb!o0ZDa& z5-DT}(VO^o#3v_s#`G?SVQNY`%yB5Lpzi|G90nk#KkT5g=+}TEWCEXBANgY4*5!a* z1`&dSP_l*YetQ@8e5*z!3%usq6ayEoLDN7&9kwEF zFl_Jb5#wYl;>?i*1L~`D=CG~Z!xgz{*re6s>6Fgc607Uafi-sche5t-0vGZBO@0Q# zN*i;yMMZs0;UK;cfEU&w;0>0faZYI911LUJpb)|V5*|=W(~SoX0L|?fyKe_8MIt88 zY^jAPapq*HD=$_Ut9+zUQ{whDS5|3hiigF1RA1pv=gBf?Fw~`TdtO%7StAnz&c4M>l)68%9SF4-g8=QaQ|1mR3aP@=us+nF2ZMJ_XEsF&|sK*p$~T_-B}td?ndm){;rEzWCbQoodj?749CxECx?Ez!vjn`)Cu{Q?7njI9Jg_k z9?DEd3<~0{E%FsBFgD*li|@1TK@v_WuZql#1TYBz$tzvK%fjYWy1^t{aT25oo%qya z`8U4GD#G#GDjei{N_t3o*MKRjU{yp@{8Zyt!~)^j_sk60tNa{5075zflw#M0x)krR zLqT(#2~Jta1cnEFB-nFxan6o`IxT0th$)0q4Ffgm>tO0(qKTSUyN3Ao-LUx6^=slX z;8R07A03;s7G^oh5W#;8haSa5{E+e+f}|gHeK9o}=w~#7biYbETRJOPJQ_1TIx%+-nX{5 zaa?JB=dXYiH~J$k1Y6N2%w5Li2_u65Fo7n`ti}F`c1R1XJV24BltkSVF zpbh9Juj0({Tiax$o$qr-XLEFpfAn5iMrYW_OZ4)t}7n zP~=0wUWI?aIH8ww8zs(JS}k8GgjMQ7&>mz`7RsmJsnHVFPRy%hB_$J!(bU^nB2JF zghEFgOhV(<8p3>Dbd{mlneU-L1=!zWRlqYV#Kw#xb z8n^vZi|QRwmtODX?h~XH^j|#R`D>rKlUq+L8M_J(ouD<)S-!`m;^AY))ZzNyZy$Wy zKiJ!NzQ292{oPg{dz1Sv)Ehzr0!bR|vp~UThJt(2doNxb^lghnMUHWs<&s@q?_G`S zTt?3|S+%S)7`}4Yu!b~!C(fIa!iJa1eNcMIFY8MikRSau{|@PG@1OD9^4zR-gB}}W zzLf=gw&9DoX#+Ithh%ha)+Haeoj0w?CO5*K4cLF&S?lJUYE3u58fj0YYRC@$N14sq zy_DVEuBcCi!{kmA?u!*VIv?5|M8JQfFNi)VVB|R>$YEf!MaYswbP)Q|V z7!hVtxEe(rMQ}7kHeT_c7f=h=XEvJkN%Ax_5KR1S29m_|mrWmK{l;or^@XFwl206h zc#BR$bnsQ7Pg*Qu=3Z;Ou7HE4u8pD}{kEHU@EpaF} z^*Yo!DD0?RWg{zUMD;^Yg*RsBrcvH5a~5z7+T z51|9C&O$A0PeqL$AQJ>Nszpgxdp}Gae(hj2sR@+nglLj;jLf=CoZtQ)ET{%GvpGuyiz zu^eE^lK|TO11%W<@MLh*#Q+=>X%DwZU%tH|yBob$cKDno5W3>-Kz_hmH#Z>Kkj#gk z&D5R30Xz{w#Po^jV zJnE?e!?k?~HJu>0+Ln@-RGi{C&=hs2L~LQC;Qc!$i3(wDl&Ipq*!UC!Bt3~4Xg*r@ zoFs0wlIR+x?=X5w#_1~zr=yMi{-pG6iV9&NM~oh}N}G~yerDzrG6qyfb4|T{zd(xOYYKp7WO+JIPMd3YYTb!rPTO7j?$L=UI|x=DdSd1>_>Sv{2p2lmBZg$Q)` zae5#Psr%zJZfGI~y=%?e$%k%WK7P%+#yB<$^&%oI=N{DuC*gxApgFM#uX*9g%|_o# z`aU;FB;OQN4|i+o5zez1RG3=We}pIK#+Gwqi+*;4#62cn)LvW6o%#mSwU9A|$zNeJlF=ECZ;++EwWP0b@|0t<6E zy+)$I`3(*yc{uk5p9HJt2H()D;JxL9y7}OdhDfT%mDF0Z^GAk*AtpcP1d>>Hm0Rz? zU5g7XKm$pM_jsZwIaK7MV_TsJM>FC@^&z!fHLz!{*xZV@uxOFVcl?g-H-c7;xp_X{Xk5(>kCKt2bU`D0yNy~b|t+;dDh z%5^xR**HV~p&2od;MuDt!1132F$KWm~6n=w-Ay2YAvRWXN440Vs-f(t>bf$rL zB)o$InE}YzI_80C;@dDGJ9!^)VKp^#4eni(b#YY(&g0o+{b{e4RHKlBW}f{A91pOiJyvAG%F32cjfp_;%D|#PtxgBlE7GCv`!axTeD26U zv%@`-c)bR9pV@w-0~vSaLHd#O#+0=$H6QP4%yd0T_yjt|q8^`qR7Gl^u;vkoy?}^y zdAaDPmZauF(5jC9zptXLEsksVT4oybdT?N%3`Fo!2a3B_n~tRBFnjNV!lpCCHu%FL z38jl7SbWF=g3?Or!_tM8RO{NU3*3#O=|r~(hw5VH+w2+kZ#*29mm~V>H4lo4#;Ucj zzG@2>1_QhjUK@=nXOQ3sVCCp_We~&`l@ZUx-^1zm@9GRFl=%L3Yx6Jtjh!9ubyp=S zdTxj|%Ghfzcmp&$JVLwRBhd`ui|_2TXhtHHIk@Qcc@!A&8Caz*%wja%SFWn<*Tfls zIJ7co^q_RkTXIeezg<*`8y=Qq?V+x*B9aG9IMCesFj^c{zh>Q-r%-oqHToqLT@*p$t9I5}OhI5_=G%(>i3m<5HjeX(P(`Mp#5j0@S}qTukH#d|{|rl^A?E*NwsQHf^|g6a z5)*ld10W(P>5PYJG({yG0w2~q4Ynnd#R5A%Ao89uFfu;1cpKv}+c*qm)m zgT5F*(7=zzC-#O@Z0=G%pns#IVM)(UrpDv=SyFx=AA?dS6L!QgsMoFs5qllMN391C zFc{l8kEG{31o3kpZ&^3beCgWcy}CUsph;`va4cUjA?4_JEeO`7A%W1HM${~TR8u=$ z3#ArArap5%sJ+>(DUdFkhjI}#`=qlDdpgucSA~SR$$+@5niU^oy#kOMX$?^(B;GT( zf;|AWT-~bX`=!NMBe5BiRKk>?pqmmPX@nQaUTkWWotqL^N}T6|A5aEdyCNts*x0ME zj;07wHhfHKf@=ZTrbUntoww;a$w(EV{Y;q(7VeSxg~7@hny+2i8p(u3Wjln*5qZIS zA+rWyTfYvgDDn)yowNM{OpzHTQZQ+85iQ}U5HNVl3SfFoW)L-%Z!#$wKfq+hvweJa zK6r_|V;czxKfI)#$?GSR-P$HDd6XO_3RsC`%R4m_$4qAB)$ve3BTbis0EB9a^|ZAo z&p^jXcI1qzMVVFC*2E`K7@4502SMsmi=moAAk-!f6!LeltAdRmT-Klm4mM3(v{?24 z=0Xx)Z-~{K!=do2PCOsrj6C$^m6R=D3;?@J1}^j_ytIKwEYtpLkd2-2bcLX#B=Jk; z??iLsse@cFInn%j%*T8B1Yjb8<=}*3;q(@&i$Fl~3`TY&hZd$2&`f7NwZ9OjRWwVq z)}ij;3}OO#OpOZ^IUk7hTT`gzO5}6e(ptRXD8N1rkIlWe=&QA<@EEQx60-BN#BgKD z1p2Z(eW9vd=PTnIh51%aeaUw;s;l_ECiUJacR)fxjX=1nMRhfvz8$@Rt)pWgCi1J+ zH4`Xmwd^)>kcnFtFoKH`2Lg&Y{A)d&_ z9bWMb*8-XgrZH*+PEUyk#5HJFqYgL}e~_J9ChSCu>IhKes@Cx#wffh0%aMoex==cgM&Qy$FmtOSl{I_$>mYyd+Zo2;Hi^DT$e3KTA)B;e0Wo7(C4By}?v#{3q;rjQA@8 z)GdqYK-zU4tp9HPf59Qj-akf8;^wyqUTtse_mjqDyS=TQt&M#oE+UaqI=lDa%e8yI zU%U5jt^0rI-T$)p;C}hZ{)?A;n_ESv5$X(#y_e4qwx4bFH+Hwv4<4-J|In|)jEH-7 zd<@RNg^PG;qnh4CjS#!ky$@3Yp?Cglepa|gXub1iFhSVzoyyrmu1B8*9{ z*inXKiA0X<=-S^72WxNct^M1pAHTZyvmD*hK@6^R^I2ci^}pWvZD&3EPM|U`ruqT^ zyVqiI5}+`B=*4L=+6$j(Y^?qrQwkqAgjudvMyzpl?m4N|9O?OM$364G;$3z z)w@WUaD5h(EUU^gpPyG`glwBaH_y*`Y0&w4bFpO_7ai)mx?7E18*>7{V5YN7PdwRr zy76-7087@f;)4x}&~Acd!($DbH8gzr{4dX6eE*ycug34jC?uAsKvnBd#~X5xV0Yu- z+kLdeQK3>xB626S5EcDsBiG+a&5<=GGa-&8hUk~~?%@(TSXIb@mD>?;0|ril)2`Gw z)Jg}NV3QAF&xCIfQqpg5v=YI(HH25?3sm()Km~R7& z-ssKsnxx*w*UWpz%Tw%9T)oE8k_j^r&!+O}VMm;9#0)!A$yZ=A-j2uro(*DiX)XC9 zyx@=ZMk0Lrn*h8XjpO4V+p*!#ckzlXqMkZc6bw;&1PqUg!{ky-R~aU!veQ_HVTx#*Cd<#9ipOB9DC5! z0&zSWJ&ql70~Tv`b}g@+K8Q-tH0VaZqHN(eSnK1#B?3O#i(a~5ljBr#7SkXOwN%;(s&p>o}ffiRh$bp*snmgLMx+mV7JpjRmPMLJKL+vDkbP;5H3 zTs}GAlBUQz#;x_nz=lp^r#S!_2W7n*TZNgS;u&DWy1mt@r@U^0RlpG0V4B}+SQ5t_ zWR{aE{8f+{s5`j=-bUGJc+kT1I0>81pTf!JFt`|{Z)h8)zrBi>rjp5<4oZkA$zqha zIulMr8VJ1Bef22?Oa0T?(}ijP3wj>TTKB52RkB zd*x36{_x2Nesp}qu5i2#g#(8uEFYii$EwxS=R~Wjoa#HQ*5GWTXn@(0Ow&HF-dp4M zqsz&dySeEb21{BgMnU{ea_lv?fPRc?_~5Se z`Qj;3An4covy&8wU1yXDfsqKwn*X6%GJEy5Z6NZpFLl&7?)BYY=(?Y>7Rc= zSzvI!{Ss_Tv`L%8b5R<}mV+Djq)TayfLQ1WGqIO4-i5lSq#eZS#T(N-@0Nn=Fh2B@Bu|!pIQL*~x24gD6GHuO)zu zf*T@3u#3yqjP1pG6nM#66s1~+i;yXF{T)?#{H;nHzZ3P1U#7UdkcG|y)b0m14bnEo zf2CQIsRTTf=fGSRt_KnJ<%w7;?ILj?p9I?SjQJOAzQl%4$y4DH`&d{U|JddxRBfik({w{LQVDqzI$Qu9^5+xOrk>Ar1p`x>clEu3S z34#-h_MzOC+rZbU@|yz^_$2?T9y+1-*!iLQyO7q&h`8|z?yg!E*<%Fg#1S9CPwqbIVT0~}utB%B{_3|!>#L74r@4Fgr}nCpoJ?WT;S++Y&f6}Db>CZk z6cY}8BzSdoiIP6T0C2PQ+;Mn5L6zPMw zE~HCqLu8a3*h<6ey%l}radrQVAil))e9yt3hv>OK2;uQg{v^iH^XHtN1jF;k9wLuV zB|sW~N^}%8t=qhV2Xq{+=boZ{p+BrqFIo1B#6&f~~|Rdri`r5$RWPEwLMp|A_9= z3`&7Ndd~8x$)M87CWR@F&J$Il^l77-QcC)6?iKtX1cc*yox4XzOxd#`yxtFM!CoMH zd>7GbH7$W#;*I4m1LoJh($aq&S?XlE>`kcJrr*VpBB9t{o5PxKl4-J&y0YaP#I`c* zV3*^JR1%;v(pCzMdmv6zmDu&)gSw(xCh$UCoJ6fbnF#R(ssvqN< zH{C-RDzH;l`S+t<_we2M>8n-zHG1@V_0j4hJZ|6RO&!q^tPYRWMfDA2WlqI(n^)vw z<@TnO<>1LnDWNOb%UEgDrNL3%4#}j`YyDV*%b#zvk`Z(uw-P~<-8aY@q7<^R5AVaL zBd=S1Uw`~S{Ug^lB8^#^3v#$MFhpMP(pyb9rhD z$%!;9oi2Yen<~}?*R}oDw5_32C>c~J;8jO!9F2e|0=Oj|X-}oMt%nQkdU;zjZjH#c zQIZW_U`{C@2%16xMt%Bt`+1+rb>jdQBF-t-&l<3fwFW+j@- zs7A~xkZkr8gANG=4fN*e>F}~I$-Y=C34pH0!EnuY**#ev`JHa<-)gPx` zjAoa;5~d9(CI%ZcC0J~&%zuvT#?$IZ`>!M?p^zJ-vmfBN6od5#MMKj~Zlzx?LQZ@NW12*~2*cqWd zPo3N7J-6`|REa#f)N|Gdx55fpn7iJRQW2ti8fgIn3w-DeBX~}pKrRIjH^tXqwH`gH-3JtKV92h@N!1tP=>H} z@I@HbaVIx$dVHNovY+v{LhO`ZgMbh}&~cPTQa&UO3J>qczrm5a`xC>_uX^$yb@mXY z{^`j6t^Q2!PRkf17Kl6$aPm2Lz7E10Iw^kuYSklLLc1```QJF7x-~7VK%W?|u(ma| zG4gz)1j^`!psy`P%J^{#c68D!BvlQuI|Q=V5k!SDzvynAaw^F!_A9iO?XA@{0$^c- zy*cRJ+)WIRYwTNQsw`Qi&op zp3%g(B0ob-Bt{SsZ9p-cK5&mJ-t775_RayEh3{|%Ov>cre)ohMl`7hDWSNepAD2|bR03#t<6Rp~I^ajzc|za>dK*!QSK#^Le#L&didQ$0-J3X&4pN-TqN?(}C8 z1?BKa_Dw$Lx^&mdD7RGX#pFp8!5(Cco6kDo?*v?`8Z2w}2ykgy9z2yPkC7Q#& zjN@f}i4+m$TWah+h58Kv2;XE-M1YL8So=4brGCYI5r-VQQA!S18ihH8rYXIar=FK2 zGbzduIy5bJQjnAp)Pe;sDa*~XU;@H*&rZ+UXuImc9q5rD+N4$tX2srY{Q!bT0(h?n zz3RvkTmq#gq@sG>@Xehp0Rh$z`CiV|@Gf=zrtlZ~336IFeHwG7RrAx93LvRz9`CGq^lv@u(p zi{(d0xQk_!?2lr;bv=ovhbuTdv4+SD{x@)ING=D*iVaI|!{i|w;<0=HyHicLI3{1k zUn0E;Z{ZGCNCW-nUKEG1a(CDfR*R~pqfeAUaauTVuJkb^PP(0}W0=LI81Mc%h&V}y zg2_?sT_Wv=(TS2MoKV0kDYuD{$|m8Qlr|Gn(fqUe875I* zLt#0+1b~piB)$JJ-a--0I72cf+SHw3A|xN_5`i*3!K&diQ1YRCDRG{-xUX8jb@f&P zF3K5{Q0PG1H%0Z=NW{zNyk<%*zg~h^BSkJ)Db89hn6ODTPT?k+ms5!%f&!xyB0;Xy zaHTHazAE?ybJZA{um?4U-Vvr9L==!Es!^fhY{O5sCm?4M`6HZa@E>xd;U_)8@Dp7w zJ(c(qqGvPk^ZDx0y5ux69!;*45H!$AUxT!Xtei7mu7-#vo(kj-fNt?rBDVOY)2r+m zsP7@fjd|8lwQ?c+jQaL9e2{;^1=6mirkT+;p1?J4lJ82B*-{0|gdG_6KYdtyX)-J>SU-|Gb%ym(Ao2$w+uFsN7IOQ4{Q8wh83r&0Th$wjx# z)_j9Uc;Uvuq3vkOTkNYw#V)-w8y$aeIP$qi8qmifpIay;{6xnrwTJv3A0@okZb;?n%d9v7^n`k-zNr9G!wjIAJ#s1}@VB~k~ruIqrv&qVLcqtyMY z*UzDgm!DoF*j(Pq41982tb9@w81vwGhJqJ=8D4L{*+O*}W?{|qLWryg2j$5+32Rv8xXq^ES8Yu1_4bcP>V zXIPW^8VV*Eoq4%C z7IN1A#N`g}`ICJhpM&Xa%!qwI66L_q4Ra&-bb5t6RMyzi#yEwKzd)0c`<4FfU7F1) z-yUC%E@mh(H4Hbsp{f-7ykJE(9I&OKh;c96QnYP2of@u!#49_Rmpu~lKg63K9f#J| z81QI1JK5xI+9LH+R9s9i*X|Jp{_)j92;xkk?5faIU)MlZ*GO)D&7dU5=d%yr31;Vy zpEa2WL(#Ab$IltIybu!*7F~a$&ng<=FN+z3$_Hr-fi2SjgCJfmXHUR42mnlN$~9xvx9udeFJo+u8UJO<~yJ zw=f&zup8fhSB=HvDhv|xP2>yU5_y8&=V{{3QzVA+rX8etYC@GkAL)N!jxE{VFaOr>7JVeQOyU+?7$Hx><)=6JDC~XT;2X{9SoDG2Fl+eK zUrUc>AJ>0Hf}r4p13WuI-E!W|Rji7vC+s<2JOws=ijbL;P|n4 zudhxGwxjG<6B+Dk(nrEa_JsKzCs^2IEETOda7O#Al`v_jPG2xD1gXekzYY^xS!)$S zOy(~}6FzdOZ7~JZEI*w&a996YnsM z>OVebecynEHZLudYq&vR6m5+C+NNV{*h37nyYP^j*c7VdDFo6 zlgoEtToi*uhN9d%oD#LrE1>TUPf<-p8IxATMW7|#F0PO+x`aDDoA@&WxE59My}KJM>OPwbu?iPL^# zV_sKzPPw> zWnsLv)EXgX-PX>?152jnfsqTw0RmvF9~O`Ix4+qbesHI3jmJn&epdJV+n2lW_Z<~} z>KR#^LY~DJ*xyvcM0`+n3X0Uw&ff5Nh`TvXV9{D940;V-!)OLC;7>gam!x9%dQY|< zzx+lfZ~d=5Hat+*~IqbjL;{y<0VeEkM=MyJm~Ryi^|Odn1X3@Gg05faH07 zp2A1xhoO7XTv!G+g#x3xnGlehP-36=5yh>;qlu^>o#J4a5pyP@^!kmQ=Eg@S$?;v@mU4^`>D}4o1PMR5Fm-}*<73I0))CguM&~2cXqL;aBxxF8;}SRA9NK~? z0!P!E(j{$8aBCTyAN|rU$kMA!e^yV%d7@r+0`~;+gT#ndv|@U%mkPC(^B*!JSqEFGY@Va9IHt;x}-HOAHrUytn)kb>U)=>c!D|9!&X|(r4 zEhu9=l-^Vxv`aAGOX9dAA)(;Dbq`mljB@v^D|grvxhtvp-s=S(LE1K7iyR#3t-6gX zFXb0hotD|&ohMR&1QG_JBgB^UhROK~BVr4zl`q!j22RuTpKR};huCa1wGsfhZx>nY z;5@k&@h&36cgcpN0`5q1zk=o)Y&TGoQ9K0DbA7By|6vpQFPbjHby9wbx^ucMM zcr^~a@fR}t6QJg5aKRl^iG&l(T7_jUv|-k3L?*0DZ|A5a!Yt;P_hMgxt52-(o9r<> z#~30DJ>2MhmZ1!fH`0&tL4hi>ghR9vaRvztZd{%ssd5}$IQw1_6^+y7JZueSG|C0?M|Od0>+ow*BUbm}U+;{+ z=FQ*o;}wLX`e~T>k`s`nE!}||!7g{4Pyu{U&pFOZ#FN3E-aYHPiWSkO<8GXN7+fPd zUm!#6CHDTP1)^DwneJbmOw@?SmU<-qM8U0qlHIWjF8UA$kq{uD zK#CuM^>gL9v9t5y`~LpR-K{-xk$!-p46Da`YQC`p_+d71rba&yrmN8j0Ku%%C(!Y7IcG3V ziXJ0_j;J=ZNL3Xp`!Aoo=)c^4q71Q8*c=(!`njb~{?dBb z3I;~&!NXtQ*E5dPm1X3>`od;0`>KBF_6ZX(uAhSrvM86MRh@}uTkNp2wq`*dDv7o4 za88gU(Zzlo3kd1=lm*-sfQ(*QVWI1A%s6>dDlpMkh$x6ng9+k0?kI+yr0Wi{33!S4 z4EL~*5-aqv%F1V|W^3muA8Gu-JO{-?5}8YyRDywAcsE#UXrd}i>|o==CljeX13xPq zSmJK}B}n=%_V;nuA_T_et+@w~**HC69FM+=c2YCC-nJ0H8q@<+hMWtjfu}0#uZOs# zovT8@A7uSJKGl>LhC?b6-jTCmF&;uNp0xD#zZSvPzT9jDq{uSE1&Jnh99(5;-W?BHoO8Nc&{J01oII zj$6}rBOE;`&=D6#r-JmSIEbPsShx8Oh?~UWHO#zhqsbcJik%s@)TP*zZbd)Q2NM30 zqhqO&Hpe0YPq)wDm!mn&Wb+HWdvL7fg4mNon8jnBVHSO0A38MtQv9{{Df~rEL;FU` zJ#9##7I9cTYfijWHbig{VJp;FlVy6QH%`ONZP~Fo0g>`YvkcmD(A+(-iY&pflyw4z z@@^qfOu|(;T4q(@CW)p!41}OuGzAg7A1W1?z&jBcG9A1b&aNSvVTwp$tTAp1M3`Sg z1E@AMWdwd50%_I?_1p^W{-^uoN#-iJog{o`3_PW|LxBe>EaV(a9)*^I%lNKI94A}BQ!QaQZiCBiJiwLNUBdNsL#C|3WD%ME>PGBG)7Lj3`^hD&+pgrP7 zokI?ija}xmg4Y9@aJO_Rzmn6ZE=-}RBNESoUFjf-CxY~gX{-AMZZDTK6#PK+^$T8Q z2smXIIN!fXpQo2n-(iU{4V!)Y?RU@o7HRrdtqz|+#HB9~80a8N1y7l)V%IU>S*h5Z z2(|UExUAAs_=SRic)(f#cO~?Yyr5Ny&R^=)ovj!9ofWGea;H_lb3oiBQ1rK-w7zcr z;ogILzpKMwCls)73{ep=u?N?LV@7|#rP;re5(aR@-y?TaxMPGc?Kuv3wa!NGhEPv9 z0*rJCa2xAbAVPj_c|eljQ$fsnXTA0E;`DNW2<0i29pccF@hSR&?Fx!xr$o8*$z0p)3P%0u|D2DPp^B)BtHy-b7 z_5VXQX8PZ6>>*^iBpxv_o|uR0idjyj?kr>zW;150)fr^i@qiQKBt@txXh0?tq)#ZS zhOMT33Ee@=?E#q4oN^%DAm*NIeJ7wJP}}Ft=%A^DUqvEFoGT5dG`FyL3mb4N5lDO( zC2BcT9j=^fBkg_f#ZwL_yAgsMo=q-jl7R|vw+XjP!txWXuoGIpzt=jUOAG&Uy|q0f z9i`+$k6)ACM(72kWdZ_e@=|)v!bal5!YC037J(D&iL}fiNC^rmu@CnToP9_}$KN|o zsg9eK9VgD!aH;qSSgv*vy@opcM!fz5t#qG1#CUTg=QEhd z9r?}}XT5cP^1JT&=onQ!g@r&!B$itmS}U^5t@Arb6JZFi-`9Ag1RBJi_Vn@qhr0V& z^Q$q;#&<9Qtv3~YX|N)`s+Dk&Yt_`DSZ8NRXi7A1C`%<_RaO%PXQqczXhu0Vt35`X zIlgGYiQ0e?Tt}QGSXRjJsGwFEklUuPr)>e6t!~9J>LIZuD*54m1q)B{N8S0C&>$@U zY2mRywV1AoJ=9}nsIsN3I-+Kp>94(er7vfOkm0Sppi+{i$Xj)y>Nsf&b`qUCC`vJC zk{06DX^(QY|K#fYT#AGWX+^bQUs~Rnr;p*v>e;l{>#Rc?_w58g*Kewj^cug)0)?!Y z*pIC^pO+b&;yn7x`5to1;G{9684}VboW#%T3MOX{z?|x939B_NMSfZVY2^y2xn6m9 z6wLV|G<~hUS@cV>BNEK$eVO^j*=R5YThM{VUZ*^R)=365Vi#XO@%Kf^G)K4);DSv? z0yV=0((rP|#5~|5N+8>LvxTI{Rx{)YlL3+ceaih;`%twWvYV%xBc@^DUQhSZb#E4+ zW5)%8On8$p8p5-1u&|%s4O_ga%iv~|l|82+WrZdgA;L-WtOhM4IQ>i#OP~h^r$gA+ z>&WZ?-ZdvfI9c96c;A(a0PH_J8nxcR9p#c=Sh_CvnF`6Be&_%$tfEI{&k&;+s$ ztu=0m8@6>!+0}=EXX?(7pZHZuMb#uw3tjkk>gsP&Xc2M2D?4CGbSWaO#}Ph99Dz&k zk^#Ori5uCek|TqdLrx*8{@To$!OYdqjQONN&L~Z#jbK7Bhx>&Po9scpLBgD@ys{f& z?_C zKAWa^cNq$|wsJWR!{M@9N}*|rOf{%%?8>HK(l@*TobwlpCmB*SgwCHLuX>KPMrQ0tg5J*|n6~heKZ3w4^F4Zi{k3%4Xk*#FUGc-&I{748?B&CT|A=~eUm#=x1 z`Zc7?*JY+suLn=%@r(WKgTFEwfxotdBb0sC9wKiheqXRo-M50rXjL;p0P;m783&N` zT$F3V3?JZlQIDFK(?CPvOHhzgdf3)N5ba(6&E*iusx0$yqSu)R(umwG4FXBwc+SY871dX=db{{ceF#1!%wrxMigJ#-1o!-htL zl<^H9n<^4cJ6EnHD~H9WYmYrFZh&wfUV|TK#2;@a+~8oKB=A6D_){qs;jVvwxxK}z zzZ8~Hi)}gcn%4U{*;X`p8#pv>Zzem%Tv6Tl<05;SX@E&6A&HaA>3ek@7^k9_!@L}s zl2pSEGOQ_T6fs+a0!Npi3K22v1F=*B{7l&D;5&Dfj?Yilv0vKSz`0xmLYKo_)i6?6 zJ}n=14Xe4P7+F({tPvyfm>5|L7+J$|^9q`^d<#&4fR#6Q(ZyW2$wI+#dWV&T8GHik zYE##W(R~~m8-_gLMbuxnMxg3+eQd{s9Ir8tVU0LiQyitK%(e%$9E=u&j5;q>WeDfc>$K8HS`*P$E8oWEL|`CIjE z{4MQU@4b>Yp7$p+%O7C~GuZOy;m{Lx3N1LXa+x&)V?bauDAGP7V0oYRJnOUQREgxVzg1^|}&7yt!_JYP1#DlS}6AQnbQ!WtHR z1`*rpI5`*}D0;LOiJQdM(!340M$#oT|6AAub_5#1f@Be_>Dt4(mNbWikIRD*_Ej(4 zWdxw^WBK~ZL~FifDt)Yw96#h1Q?I9oGS_+k1E3Zmryn@p;QRV{PxlGv{XWrii6D4} z$+F9eeUpSzLXOn;Q3@6@m}H2`*GSotJb&x&2zfhK5~g4b4%z-`lun%sYgxX0GGrmt z5WXuu1y{;-98K@Hk?P#g@iwC&XJ-v>H|6Xbx@VGeLz|bf3D)p(e>k{2e%tWUSZdht zdgJP(5$t`Ocxw1;Ukl1K;bKqqM8n5VuFfxL z@ERgQ<$A;WozXFlc@CS#{zj718@}B{NsY@*9`k!S9!h z_=eZw2e_`mvNX->DFUYrUF;1dn%79bkFlJ|r>qJn3c>s?-@k&8yLdae>|qN|vRD}_ z;YlO@Z~$Ynd)W1^Iiw^~@z|utAxmzgERO0EZwhu1dE_$BKWvhDJ4j+cScQ2;ndoc3 zzC=Xxtwi|u3YdcDVc8_zet?c?U0jeXA{p+CByh3wq_8L^Ic2s!t4 zs6NWf45oeC$VTbiKLdBrGIfB2eLYE>f#WrQJkb}f2K?I<%gp}*$&?aa_dWDhNUHy0 z%9lhTB>qE9%89y+yWLevDgU$!i4PHg;Za^`F0Zz6G*>GMZkTA!Gv6gkB?a zAnn+wY%svLf=#c7BcSqc0>gN+W(jpzaWx2=!TA0ys?H(h0voqxBYH|4La#R+b}Cz2 zECjY_*nMPqGNgoXhg=$h)uLw&eQ3LfOclX8!lma45Mv}g62c9yn*wKX<0Sfxpc9Yr z>C*Yy>}?_Vw72yH>$Cj^(X9}rW-0{vp9$ zK6Ux*{S>Z`s?eCm3ZF&oP@_t7WrEvPzAxP}z+v$U0Y$bnoQwpNi*ruKABpp#V>}y- zA#G*5CVJHu=Shpr!NovsRUQqeI5}&?d8D5og|||Uh{%N%$MSpJ-{gIssuc9LQ2zyj z8%^|)o8PE`M=$=^2h%%2A#*UGESbO`-U@vFib9Laz-=3`nB~N!zZDN6*|~W+Mmjpo z%;AX~Webi{x1&>nt7sFx#&!)zC!~3Y=h!;+5F9gUaaQFL$+Y-?EUSfB@#LH~z5}3} zIuX0+q-4%IL#~s|g3H7yrvWGHE6r48`_DfuoeTsKrZdumlX^?|oz@46FTV}kCkws= zY(nNoV1x;AX*6zp#MImY99w%Q@dc4i=Wle1|`IKNoEv?S}csGKB~o7^CU zM1*Q$**w|at0d!N;NvbyJHY7X1qL*Dria#uB8W5;! zI%Q@8Zh-VBRFn`Bs*4{X8i=AD@nAxXP>{!bZqeBOX8YjVmyi2;n15gMO6TR%HreC` zS5zG+89KNaJ{imgxHwgT22~5EYoZqnV?CZgyVfRQl%n54pz3{9nu-PE$c3iGq`J3z zJ=tyGEtbPSp%#etvwr&yF(3~F73*low-Jt{>@B|)UGbS=s2`G(ZJb8s6N~JWRjw1< zIu*bX9AK^WCrPu-Cs+goi85z4mwKSV?}D)9bHPpdruZN9Badkq+zsB z0D)3;{RF}S`y?)G#q){y(|MEeHk^?EUAE6A<&EZkkWOxy4|;-(F9jLPw7;Xvu}S15 z?E?b+8IkyT#o^gxifyYx{1vx|H5Y4qDn1J`PmU0RfO#E$H`SMeB9JQiq5fI%oYd|r3&A#CYSoxrDnJ(8qwK0_aycpkJkcew73IRRQQ%8K7U4fPR$$`qd2pRbNUG zsqnl;Iv=K|10tA&2+A?gjz{=M&jSBSrIzYNH6M{M2O5xmafJ8B+QLY>^JFc-x;5JJ zjnHN{s7IIiX--vJ8^II?Ie2WqK1`H^DJvs(v_-gzYL?o<%ozR@FxsduHMraorN`7U z&ZC1XyubXnpT7FHpYHwi;K5H1zWV9G?|yplho2t&uT_@#vo7?CC(G9jx0$21{k<>0 zJUZ+i;@#$X&C2w}BvZK14vZ)eS}N|42b;Bk*H&oq%okAv8tRwkR59z+qSROkuX33@t5~ zAglw1V+skTQ0p$oa$TVI7r>1sMLiTHgU^A2_t~o~z~#>M0L|@fIe?6jt8h$l_KtWj zkx=^qc;Ohw2q8@=1$rnKVW>o@-r3rR;Rw5cJ-#E3tR{qgk%)@qyBVr2A`2T5L~4fg zq!rD$qywtM#67~0>z&&Vk1BOOEC z&ZTQ;f7+)X@uh9JAb5sy_)C8uzgqNBhy*mA>|DNwJT-FBcY+hGhwN2~$kIHPDzE&Z zsu0m5R(3Xf9SnoYhwh_|-ZM$4ZFeD91O(WO|K{l@H&1!g0gjirSSUpvy)JK%~xo<1^ybN@7DfF?M~gqvL}>!Qg-=(bs}ztT$&{$3%Z*Jc2}>&A;%Fu?Ba>IRQza&c)F5l7GV5Pb zt69kYQ%EhIraAbnK(&tM{tCD$BW7=hr3M#Yu47*A8Ax zBSe2!@#Qekc>8>kEaR?1z=-@X*)uq1C1&9-%|?pB<3d1mEUOe5J~%@!*XF=OP>y6> z32qHdR9=Mh3)(x!Xqg``2VJu)!ZReP`KV3!b-%Rec*m& z{U_L9WKO{}y+r+Jo3%|)OZ`p@Rw9zu=#0@0(1bID$Dxd#Y;A7uqsnT3XPXsQcfiH> z{@BoDZ);=!#dEYkH6glcAufG^{7pPcp1`^mfSwI51k{>WsGN#AetNH`4;T`;QhBp0 z*`XXGiD&aCK5pyK#)!$N)^Uyd&PF)eW?^ii2uGLn7mEtqY3*Gh+}-~0_Bt^)G@yzt zd&hJak!Aa~ea7#gjteMcf|5aUxT20u71_AL-1{lpIJVIQut;pDW;Ro}Fw-~J*>nIm zGiR~XZOi%CW*B1d8rt7RqfKXaNS9@XWGYMord+dQm^$YKr?@{!Q%JT??8>dVO{69_hj*5J5?1^)>fAZ%nX9=?9IGiBSkidqvkhQ)4FfQjy8$yw z{3jV=UR>__vPQ}=;<$y=`z)+noncB%X%BL5Yc(22ADeu){Lr6kWEI~`od0$xWadB*2{w=6bKvPVECqNHh?E7d(m_O*t-MhVv`CG(^4UIs$km5CwhlvIRXsF(Mj_lrYn4mq`THb zSOe4u=@>Z5cw}csYQPb%v@%ERZ_oB{Bb;VE+T!|vHN70p8v%#2?!TIY_S(^RRK+pr zQaRJzKtU8UOmFGSZR$1HNHg`FMqyYTE=ROXVHIWsIo6P$ zKzA@n$zvk)2u#@-W&?Qcn!rlY&sx82-Io}IL%Mi+70c=4CRdWZUQ@UuSC53b6apfQ zq-ZCd21;2q%q>`)S~;f-QWD!d4AypYIphh*gm!R*pj5^p1(fZuyuUg;+LNrQ1Kf%I zJ&Let+4@%%rm$+*Y3`0cDsYqxP@?$V5NFG=@0GC>A1>boa>j6mC#(++jlaLa*CN{Z zc`n4_vCo^&X*Asuo2Sz0ywwvWVk$5AMZud%{RZ_k+;`Al;y(lwq^hZ6v||^4_lG*UU*`Qn6T%!CNvg5my!G3(wVe z!~e3n=L9Fi;2Y|AsMI+{(LqHU>S}0L$ithqu$AdA9G~mA*KeEgEGSESBN1!4d@gZ~ z#Sloq&7s=*qA%9MCv_InY+~4cv`d#)9A03U76mADD$7MniL+t|01(9mNFM%i<=qs4 zI+PrU4Y_FO0qr}7>2_$^Ms`4h-^XkN^LLqN#E-G5i5dx9Y91++KT?A6H4k0LNyGSS zy@SnA?Go{C*-GQ+S#_<30z|o z2HYT zv^%^c38$?|kznxhbzvc=!5}>noI(Za6>)z@bN~oYAXdoyT^cw_CPYR_y8=5Xvle}1 zeF_oQno@R_hD(e?i`{bFkTZnab(As!vRm!f@m@l$1vkzud;UFT1K;y$NNGW{fohB)flL)o9-*Ao}V*zMB8 zR-v$r8o^aB3@#tCsdxS6aa*QoHwskNt=(>HzIjDSg2Tnz=>5?g@ z3%lDH<1fQ&eBoDFLkMEFq3L=!G;N*ZTMAnV>EY;4U-Q8GBN&Dvgu!1G_g?9F9#_I* zkWNv}E{81ldQ(#TxbB2~Ts0>fxXebm*ipL(HxtP2r@)jV19J;GJFyQa@?XnFwtr6A zzEYHPlgb~bS2vOu+pkxx$|vWJ-^DWGi6RC3NQ(XudFVWUsq57lL2nIEs2KlwU0tPC z%`()8y9DpvcOAx;{8EscYrZAF1Ob}tJ67@a_@^6feU`-|8HJX!ah9l^w;W66TP&7A= z*jW19)>=d(iFbraHa{??*Fj`F)QoWPFvSC*0zvt+B};# z`_!o_e^^Q}q@-%oWXw3Esg>9kNC$%^Z4Ex~hs>u?7PNI^Jck0ARs)Pm{1Ge4?5c=G zk}>YB(}1b>^PN=A<2P5Y@mb9`_e6iuEL&+0wx|1`<@k{elrCE~JtZl|z)5+E4F|rD?hbUQ#gtqA5M4_e4MdTQp`87mH&3#9ZWiI?7jSi$I z6fTkiOxkZEumEW?P1+ljA3%xCRY=N3O5LPtEQ(aFh!jrj^h7SZpF<{36^Z$zxF6(e zDGSfU;r44-EN7zQjN$+YD_D*A z8;+FRizRq*LA}JVt{!Z<=5)Cu>>YvbIorUh!68(BP2S0n%F%OBM4wZlY(f}{=_QAz zPZ>vb{8w~PB$sTR0@*b1gOE;cM=nV^D388_dV^;o{(%Lf(xwG2?a=SCAIax<&u?>}<~bspV# z8&2+*h&zG=?fCF;JiHtoOZJkdf7(uKBHj{Y3-QhgwG|Rhv=+B;!yi0)+n896lQosL z^nU1jg&hD@xyrdgQb8E`-_B^I$p;nUJj=}=w}^AkcZp8E9ZcWq-S&2t^=eFd?{-EY z*0+em@D7eVFp~qzGVOF_DFA(Rc6Hd14m2u8MDt%c3)Hc~1(ID^vGyf09->x zY+dp?EUUeN8|HaYRhLoysG*7}GFhWmPvL3Yt6tit z&NjaUS7y5bFlShXdvbY=lPIwG&w!ZtEQErKxPEMb9bNArX)G(GtS>5qjSf&nYRc>E zurcN`AbEz!en}*0Y`ta}up%#~O~7Tno8~!4`@vc4sYyN{E0B6FHWZ3B?E=FOC7sHV zix#>`_lqx{f%I9oawrG!FD%}>WQ`iuO}|J5Ibym~Y~NtN&$>gCXq&fjnGaTuOc+`u zZQ3fkawO}HZL$Y|+S(x`u_xhl zpHK+f`DP~-jUU5JN!~h0r(%zC3>|jBwK%kDlCi{86@V09wP=Xj{VD+S@i18(k{0_R zt_bdoCu5vhd@r?qj5egkC{i)XlJ{!peH9)GaU^GA- zlca&%d8q{u3@F`;jYQstbrhzXCSDLdbaHR`08K8Ntbi^-4l84WS;lV^d56g^BCXaC z-Cb4gDoG-KsUTuSpofgA9a0B0S!1uO&c((EpbTU2Z@o%(?C`7>#$>U zrA%hT%zh>$EOe1fMG+@o2T5h)K`L>uOfuP)b!=yYEPwqlmcn@%aT_ zCQvfmmi#28Q4_msnGD0l`y~u%FP=O*&pAuEw1dZwaG@+tlG!!{?jgoq$YAGL>r32; zEVk72wy^*IjX{ylG1B(_5s?v*m4eu0_pCx)Tq!4X6(5fB`7spxCTIuBs@)> zxSOrk7$cI|TBOMS&MenrIio3RD;%Wur^k!_UIC+{7kUZ!WQ>_YE>{ytO?8#wpHQnr zA~Ki9fK`V0?4pNtNL+;vH*YaRS`cMD6_5mti(Yyvs7avg~0C8MNLx`aOH z&NLX1xRbu~Qy+zdv2GobmCC*`i=6Q<=J$ru0Ur>LhF^xxphm%Pu?qz6aTNuO1!NVv zlVSZqyUIsm_}Ju2Wo;jpAcpCCasfL6n%$cyp-}MXB+z}NL=aEG;&AdCb#uR#s_IBa zGXTXd*#$0UnoP$gR(ZYqHP~N@tQXCn!o1W^f@#gKyfyjZ7qAo-lm7-SMnj|0phwT1 z4KClw+Yprug#FpM;Jh-{$1+4ZpFj?%BNdy(HM$Ujtud?SGD3%VCZz=`Q!#u) zTC0Avh~j9MoAlu=p92yCE4X+1nbS zE#B_s6)Fam2w`40hPpVT&$&zw^`rXm?2qZ z>s4&N8jdFsOp>p%A)7za?V)T$Za>7XxSy3zP&%t_d`T*Kb<|2j*~iERtR0{_Mdrd) z83joN+xxpa8-MNZzj(Q~xz*p>dWyhzG6PO0CB+70+^G8`H8`8fQn<^u@@(&|2E?M- zFNQbZ@8B21TGBZLMO)LycxDBZoeBJ2Z!~>*ae6sG`Mf%Uv&Kl?s$0(RR#F1BAE;Le zWj&dE7_(pgh6winUIYc#LIsb%hSZk`b0sv8hP1fbmqx<^SEY@9p|}@jTB~hK;Z!6B zE(kUUooe|_ zc-Lfk!d~9Xhw18W3NF8cMq`nAXQjYDyuHyMVh_l3QY7ChOPMMra4217r}ari)S*cH zK_-B#XnGh+t=jr-Bmu=%Q&LbaWb4M(GHhx_P_5Jj&Zrl4HmqKT^%V|75~4$|haqW& z*$4z2pu6hT87z@8euxp6Z7GxqR7vib^w}Pr{PwqyWtD!#45lUKCm|v2cmt>$;LLY* zRQ@72)>_o(yi&lGY8fmOcx9%{XxLT!Oaqy!Sa`HRE>N=O6933GF7_G@jM7D_ z8icWJWXc1468tofZt0u!V?|B!DoaC-^9l&?=Mjz5s@VF^nnF9_#Y?p_$%{kco*RSJtIe z(MATuyW#LcTt?NRa*=DOwAcKZ4JcopOvXo@neQs=Rj@(tX%}!ei_D1K6iWfAHR4oB zDRB~b^>QGqk7XH#qZnokU6DbE_wXR-3b|-LJU08G+SFdKwFa2NC)zc`B;)~7y-S=Z zDkw6P}Vs33jh^Z_-%~&vU*}p7;eMtE(3gVoIhi>XVDDMZ9=MlpIvB&ceb7$AeRnDb@Eg@ip}oo`fY(EF$U1Rng_pd zd}<4&Z)XTdUuY!hsQ6t(mbPCUC6|R4FU>UhJZD}RRzza4R#dZ|8^-gd^IO^5;J-I? zW;*3)-^*e?9i1WTzHEJbIXr@LKP{i1U7e1`N4xSLL8V=dNEo%otF^csk^nbR?_f5R zhDA?MMt=I+FGr7$n%l-UO%shRj*`k8@oCZbr$-!{I`rVlM+GOJkz6-Wr#z_3g~NEZ zKRAn(M(f)P)=+@Y?qJls4X)JVtI-)Q5Qa6yf9~jD+k=;QG1TY;GaA~rp$+nTwZiJt zv%zWk@)FfiByX_t8Q+8>U;0_-a)xV8a1ZI_b)0|EVwm$aEt&}R1t!F+-OfkspX+P+8G*OSUm7xvNIXb*Qm5O!}AzG|M?tsiD6B*sz* z{~cn>X>SQc-w!UwNp}HgIr1e}aSf@tP!pe$aYK3eU94go*yf3zf11sX&)bN16)*#zpyUDhrMY1d8?jha~0Y>RyM zY@a`g@#e^=Y?YuVYZB4pt>Tl=u!@utPoZgvmmE={*@&!zB?u21P}Z({F6I-7vIx(; zrp)6y`4P-ZS4t3axbX~?Xi%6->$Ktz*l%nM5vixG^tD*IFC`5p@ST-_GTSnLCup1Z zX_(>%@XN+)+_8+)_o5H5Ayy6qcTa$%OP4x8@=!q2y`iZ8JOSK98+P$&1u}gz$T2#5 z5`{7v;{G9uPIuyxu^Oh0tPkP(oO{!wFWH;o4rmq1hN95D z7Vi%`)9Z6Wj$#`0z$?Qf4dleLW`PPo;=q(bdk*qJfa*0LCuQw`4ksnlGRC@@Ia#i? z+U#guPi(dOkw#*sOodvUTypi9#Ju288La?Z?&MSrA`N3iIIRCA=%pOBN-}c?Rnp;d zCR-M=#pWh0W-OsKEn>PC3&ce>T;VDgAe%v)e_geX`RRVJxx{>D4vMYVMzGlYXjZM} z2(E9g4)8byifh2KL;2G%IOLp^lQcdgUJVK@Ckmm7Pjjj2{iDD$%up$J9U_%WI^%UG z?;{zYj70LhDH? zv`lxZo^}1Pa5MAh0$G&CVp0V%iDunc_uvC5_DV zdb@jD{oNNYcKVyRfAL@o)#EZ*98^ADC<)f93V&Ou3V)oq3ZWxDi;h8fY*?Iz2Mb+X z*0ZZe&f3Eh3+qWunF19Fk5YS8P!+p%n8=9LcGAyoFqQ)_3jv?g-ODnZo%RnR6d%YJ zneK@pz#+wibh#D+fmu5CoNLi9-T9)+EW%;$a_yIYXYaD8M$u*d!9q~;=7mPgUnWjQ z{-P$5U_gx~AQu*J=yn+Cnzb%~SGhGlVB1>a#*E;$r#gur5S<}{*6SUkw#22Fp&rj? zBawX`+z6QhJSA<*OiLiqd!?HhFFvBGO}7Y>U_{g(@JcNeN5o~-Tol{zY%qiPJvRut zx`#>eqL2&B*`A;hSg{PgKUMjV-h*(wnp;?v=uL=a>}FV|lhRMTYi>K;N^m@y?xQ|E zjwHTG_YP@QCgb_XA}=Fq1dM7koh+qpuJdzxPx~}SF|!Sw8Qsi_=98?$GE-0-H+Ph- zO=31;T1oH6(2vLn-wdW~w+IA-P9+N8JuDbBgB%!*h(l#XHO@islt*&_C642V;ExpO z8)Bk)0kTdP!ShMTsfD2tIhl^H{Zugs0;)&^HaC8(8pBngV4=cPfk)Plrd8ciiPcN` ztZ{m5ZEImK*H%=Ms=~+IpWyqt@#brn#5hkUBS7-Ob|^O%USE^3$*^|&xv`7@A*Ng? ztL`D4_-SgBSB0YlTaw07!YuV5cO-_j=Yc`FMJ_kyA?YlwHCk8K45Gy44VlFPaZum& z)|TV6u(tfMt(0nBUQ1>elN(Lt#?cJHlHc0l;!mH_97mZpcM^$IuN0YL)FmHzKN6PC zGE`2RT1WPwNM5CdMgVJlnfzfe&@~fRX)Tabg3?qohvk!~t-CIF%F2$#wnjeib0Db8 z%8s10q?0UQ+3r#tT3qvC$npX=$l16UoFcHQ;nm2_I7TET_k7J$yM{Tj1=qP#L4LF$ zAc)1Su%9UthP?Hr@Kh->XOPTM7c^3mit@{D_{P(>-{?3t(s6wzPy-ah|1NsCmw{v($`7U zv&dQy%**U-Q82V-=vVU~y6vP-NK5&Qg`ZL7rjHA!&hgj(3?a&jcUp-$z+E%iMp7~9 z(?-FGz@#ssr9CW`O-{z?GOj?Ep^b@}R$H2*{S#rYbg01n@(>%>RfbKQ=gUg2ozpY8 zHwyf~CYb>*+JgaeSx{<9#8*j1l^{9*<+Es*X077mN;;x)U*hCZ%gHzzo}9ybQ33$y zWYbFaV{l;o{V-GyfwHh|Iva`0N1@JmF+o)@(9gbZFQxBu^&{VKp@km^D+1qw_*xLy zQ4R*JkX!88VE22wTO zA_@t)2=7cBUd4Sx%?7~I#&2|a4eSL?u|gWQv*vX0Kj2=@;TEe6Rd?Ois>DTJQBJ>3ZuWsu-@VeL%s zlyvsbBcvRhn~{QiWkN~>Y^p~7C9D3~WmV!^)dWQJDz!aT!8QIBwrVL_HFg=2yHk-a zdYjVA^{;gXO%Ls?K_s`&6HVZzISGgYr5dYgumadUh6=&XJah|xPJ%X;FqF$&9)=`(53; z@cY5(=wXt!E~@X<`;(F?sRUL3n)<|M=zR$n>)RGIa`*iR%Gksz3R*&Ca}-4Cr54nj zuYs_7Im++tikc|hYvir86EnsDf5DVZ%J)k*W=w15D6ODb3l*pD6t;K{i+?&xI?N!OA)otn-66VJeOXbdsUc3vi{u#{^t zGW8EZP{IK>EV}3nYVMIln=sA_cH+;gENgm>XTBT_wfV?M`c*w5IgE-s;?ThX>Pj zcjsgRHA9C;I1hf%wL3dTq|?$*3GBWQ4BX6iI$RD6EA+2^Rym@sk*M-21LTf$N$N2d z+(Z82Ru{I1?YKrNxVb*b1GKerS5{GFbQxF7%m+h!Z6BtAOr>5bEe3&7`-z1TQ^LMM z90Rv8**eS3xW*D`z+y~t7B6&B%M@y>*r9#rYv^VX1SP)EEJ_cCr~(%b@&L^O@bW<; z`z-1I#sTj%B(B!`DGHVIkcQb{9A-(`?wMQGaq?CqUlc#Ogl?{wRFcgiv1f>mEZFi9 za|^H(-3lb7TP6%C;fk6h0|=bAdssI=aFSZ7C5L7Bv0ajfft+2)*XT>V;6zC;NJKp? zPa8a-IVIGBm~3oNnG7u6f+&M*7dYcgju+kg(*Muj*5_ITo3;r{py~!~lx>x`PEvun z8@GR`Lv9sm-p$(wkVB1W{W*%+uV^5ZVzyT55%s4?oH@poY8f=iR7DZs2!=$^#lQ;E zs9^o92P}z+l$)(=)=9Fy)F6=p0|@X2=OwzMMnk12SD?(gmx{Oy2)1`^FSaewnFZ}K zI;-n7F&2Xoh|%rFFBS@s49@BxD#w-*C`~_aZLwohUnLXDEY2Pxr9M3>mz0u#kS266ayo zqr6!L9}y}IA!K04%i0~dh!XP`DsEVoW>}>^X0t-AG3PKlbtc6{BuT~W1+)n1io}!q z#UT^XZLF98xpy_@&WNNywkCc|){-G#4=M2A!JdzfQCockIx<2;VOm_$jW?c$&mjbn zyTRiE;gtE5Y!x6}d+6h(dRC^%FW<;v7C9qoqpd9(jdJmx3Q+%g5gKHhs5`}yjAw7U zom~JJ(I7X3@nHT5lwj+N^)KJFrb9^LlPT}L&vAkRU2VmeU3j0J8141G+uHkUAOG|C z#r{@QO~DNdAgtIeMUtS?`eNEL^6`D6DI#Kaf2Kfnjk`PJ&d_xWHDWK`uJgn07bjnQ zvD*58OFhGsuwC_Ga19qpZ$i4WGQK*0J-qB=o#DbEx0uU{o5hRA0h@PLE}1ygy?^gs z>n?UGgbIGs3X6p!K&q(c&%Q#Lf49=48_7m}aVp*@_b3V1G_){b@lRR3bU~rhA|JGv zpcOy}Nt3iE`7f3R2;8g10bGetL}ohVCA zb?XE46|l*eU2#r1$js&Rgh_myWw;nzq9!$Q4eJJ0RS>kQJiK2PN5cm8=y-4zcFW;E zFY)CztA5B$i@w+!kTta*`d}v_Z^PE*;Ns%!T9ybq@hJZWVT@Q7{+Fsm{<#8cB&=Za zi^({TLagO7#Nf#!TYti(wYbtSpu zXHCS_mc?$Nx6dNHi6Br4MlWC*Pz$1eEU8j~f^=F~KhAM9rd(ChaMm><*3dENQ&*C=@NgnxZjx~fZ zO@+;JniBo4H`|R)>MFd>CsSvIh@izpovt!Tx*)dcLf(L5YsVg$AyAEtXE`+LWXEq6@ zPGwE31-gTT5j#yfshnsn?_PiZ6*AGj`J<`O{wZ`4kej&7`c z@)o zYX?+O1z}a;8PG>_v>>Me;hu;YC7~O9FG#DlUx>o$CpX1kE&9CMf?oXbW-u!=qNi`M|4jCb;aXgNSH+A&dfjq3m+$cP6z#>&+PK^jr$z@-xr zIQ^5%2;$1t3Vn^E@fguyR zOqF<$<<3e6%d1g?YP(H;1&fdUsRF9Di)shWym)!F*{)wqg5JP^i4Nm*@)^*Zkn2aV zeMp5NUO07w?hmj1XI(i*M_;mo|ArrZ21@a_-*Oj|8*8m^<*`9EQ2xO;KO4>pkUmmV?8|>gA9{>_KQ)Am&u831;(WN$$gxZ7@{; z!M^4fGJ1vJ>di>q_2zXpW;a*0aINL)uHx+N<>Z5S6-PUh)6wzP4=gl{ii+LN2J#Qj zFSr9IjsdqS2VqO>!`l%G4}8G%!F=yWldI|3HBu2-ORSX)X!lo`v~wZjQC#eEC*Cws zj(?Sjr!umRyF#kqB8h3q1PkS6j?3Iau1+Cvr=wI|C0WF5n|i^g;3_hSi}j`A2`Os) zLm}o6MEGoyFy;9$Wpi^gCu5v=7Z$m&_Klh<*a&7ZunWtTu}?*5?@mDNIKl`1^~v6> zOISr|f9z*I%~%RtfG-0hHDq4J9FL++ZoPC~<)I5z;qr-U-gl=I97+i9PMe5;S)1*P zcc-$}(6VXdK;oAcN6<_5aKr7^(~Xxq2mQx;8_zet?QiUCZ|sYJLLY)n>ne~9sn?jc zDJoDs?`*i0d>895#4|MBQ4g_-z&Zy)0!@F1VAldZt;D;i3lbfezyEAZk#`I6l4fLP zlzcPJXzKT0?D31TM~e23<`FeXMNw8YrAOWxwuASU3cOMF=&g3XV=YopQ6;G-3o?$a6Az2Q3(|Kkg=8zyx%#Y~ag~1`5 z%9Si#J{Zru>Ic~@J`?n-8y>MkLsWnzGXd-+VRUVltw1Gg))<)3-JmKscCacri>5lW zXj#E%{RGGu$RtU`J^M4|mbuKtIi2LwRcmBVw#>XsFQeN z7C}GBu036fz+W9kFVy=G7WN;C7{f>-O0a~@K~@{#p8+R8TQi(NxZMCL6-ROL+5uO# z_KgIQEHAiIn(>|QVMPAh*bI^yV9%BNKE7ft!Z@mjq)Em0cD!ZMc97 zVKcurEB?7ZEN^>??+{%%ez$RXIY5$~e_B8vuE25{O>V5ZLDNOZHxWKJgEqp5JI1tR zZG1%EhyN@y^>Tt7({s&9g^-%e5cow92uf)%os9QUuE##8ybEFI^fP36GyDYJ3l|WT zd6Xn5kcXN5Pci;SzDWP6?a;FyT&NUoMG5EnsD#+(l?Plw(0^>zJ;upVM9 z$Xm_k$}BdKbiqXs6sR|FpY|3`3k?x9)#aa}xnLTj9A6=aXPmuKnaPz9>%x{yk4^94 zX|K2Ua%Zc*_u|Dte{bvGUvBShafs%ivlN}Txlkx#`L%-P>^r@8UQ6e+l6^U75}V-yB}NlcYED84zWq|rq=_ZKZA7+yqPStRVaxQztj9> z1{NbJHUlSk1%DXl=$Np&aOUC3@Z{uX7RxcIDKgD!Sp9Ev2Nh4{!Ci81>|4qU)cj72xQj>D=>|u z+xY^GJ74gB{Syi$?$&U*(OLlw?SK3m0BZ67bC}K-Qyft$K6cvCZC>vx=@sD>e~LKd z`Qd#Hd6S^l9)@C|UA%elYE|4A{)G;vI3;yFG})3Z^?v#W(Gti!%p-baAzCCkQ^V@n zkE(Ld1_KVcJ!fkmp7KQ+D;FB{N!8BJKGncV`l+~Pq2!;hf*i5#=mljtLhYA)CaTv; zRcD!us&}u(Bgk1G(zsbCVZR7+8ql&O2k_RQk^ow5AxJSw6{OfKWuNxSHa-0r$i@Eb zivx5y69u%)E((3g^bzx@>&xLXdNJJz1uh4i$FsFWi)T*(tWHyUuNbwX>E?iOy~o#d zM?S$Cg(cZgs>$p=Au_Y&sUd{8B5S8_GMzwrFte)wc7ZMsfoX`+V5No1?U_Xkqop1^ zm2kKxaT=_|9dFns^u#I+ljvu_j1VR$;+kwkmnX)eGxIsT0+T3^*=x$6x1%Z3XT%Az z)GHm^Xrc5|#)ypVYjZj(o;{oO!&>Dwar?ZqeVUBG&uZPc>13=%6B!q@ZqAR%08>0{ zjj4%vgy%xMSH05O>s6AGgg)e3O+z6taK1v2UZLq+yuE<@PA&!fKkR+`Ut33(=kNR# zGD})`V&O;kyy(Op3^?Yqj$r{O+Y4?+Mgr6ZiIIdI`mulee!u5YuY0c$Hcrwzot{b1 zy>+WjojR{Nb~ppPhZUP}y!g93&mE=K$@f`Tc{+JXLB@y67Mn!+MZZ9EiCI zPhl53EqWv*^O<*eulxzbgq@7~ror(pqu9$zkg=EulcM%V`=Er(JBd1e@2;jThR+aZ zy*}aqacyY(<;x$wXFl}a*7j?iY=#9n*wNY2=&_BSD&xi-3DC3Txr;wkL zCCwo{jk*;|S4~jqaB_0pnx3IRuT4~{{&GVEf)!zqtYHFK%|J2+BT`rutB2Ha@k0QG zvY7! zzUYwGA;0pG)9-Q{b;kS$3J=V`GB-04h_TZadf+PRaRjTOfn00YuBA;K`gVtUcX8+C zP7D3Oh@eNPV1RaOayGg`Rp)oy?hBJhMd}i!+6W32JUiU7S?f z(${mI#*biN7stApv=lZT-^bgSB$%SeU<(pDGc`asi&4T0EZ8t2Do!B+!2*|3YKxWq zqdrVp{$Lgx7`3%bV9_3m+1UC%H8`VR$I}6d@7R?Cw64T<3CzzDF@I9S!&UwTlGiS- zE;^7n?{IeMsgR0HxQ0RpLIh#?B~9OEraJ{Q zfPD@n;mxwyQ&cR@W3n^eU3?C0y%ZP5j63OfbZ4P%6hkra7QHY;j~o=GYYJ+XJ;2Jc zb_As*htZekeIhZE12*VT4-nP38pGX^F6aICglbGpR56*kFlel{YPMYw<>%{Gt_KYo z;m$oh6ho)39x0;ekpqo2P~bk^jwt`*zERG>6H4?B@^NL|Lbaq%qeSodCQ9^nIRyWp zMD9kv2qhBXLKQBWL9(!%xG@$|OhnQO5=vGAk(Dbnn>Iz`WtvQ6rf8N(k5sETV2KaB zrb_l@A$G9Sa0&Biv{?XA6^})Oe^8@n?|!;pPfdjCVyVyyn&K9Q0u*;{C|S@&;r7 zSD`xLkm2Tqq@d;?bt&CTc)`2~9JU2hODbJQ=MpWuF1@iTk#r{oE7T+r?NDa#NdKc@ zUpJ}QV7_CVbAR%yK$u#@v>~MSAyK9KyazCI-}jLt_O5@-BZ%ARf$Mn;k}k$NgU8HV zL5@73L`O}XNim;oT%7Z-uCBd$wf*DKo7ZdW>zh0KYtIp-vWNd{z1rH}+T0UcLx)CW zj1-rNp2x5X20a99P%FyzC4{GhSGke+0L2s7H%@Z8ILhWuQHL4~ zc?l~|6m^#qXVpTBV;bvB(|PF5d2#4?1f=xBWU z5Q&$a(XbaG!LT|XF`hNcoudKBoQN@ z80~bh*7-l(&YvH3{{3j>Vdw4FOA^3j^eyfgS*ro!Qct_*>t~2O10iTPFqt%t=`Uq3 z61YJ=O*@+3L7aZ}fG#yS1t9=d ziXE-DAYVU0AT%$y*7oq3phpkkRO`O>+Bo>nJlvOlyKn>k%S$9wFTip8v#UFJYQ36yT;$^+4{oZ@*nh2U|gW$|88|0f_91(Z69P zJTb=AW64~{9L05ZHBIiQWR;hxgY>qWCR=) z)xJ<^JcXF zhmk4^HV7%9vsEk&)-55el|{zgw#0Wq@-%ar-*c0Kn*bp$V7)_a#KZe|BOz(nEpR!= zU%b^3ONx`*OqPa!AGQ{E7x2;}#*)|f%GN4n&=rGbMhq}HGx4(udj)9(Z!3eIGMDSK z9eF|n8f>ZN*qk9P-Wzs9d4Qvq1MrK(oQVY^W{pd<<>Ix-wZr zp(7Mp4}p+|3nPB*Dfqv{(%||rtJD}7-T6oIS`7njBr<7cA4ZFlcC3w%n=@&?YSMo& zrdEP%Of9iAc}S$zvLsfMHj9HDX{iNiMdD^<65w+di`@^#We-%?cEnU-ykU(6%zU+? z1eceJoqYcz*f(@EgrWM%HmpaAOZ&SaC{>MEp+^>ps3)%ZCKd`nR^x1)l;(-Bz3Ztd ze@fC^O8c5NS7C`-go3bRj9_FdJ&&NqF1X0qj$AaPjAPcV;{ZgW=KDkvU+nRL$IX)d zjihIl<6z0JlAY6f4|yW(t$Wu!xJUQazz9pp2rCWrm5G&+zBOM1W$tIF3Hq)1K!a;g zWW=e%aG#YKb2+q96O&uhCl8S_bKb2aZj@+L+A`WuiV{%<VwXW`N=3{amaMSExTD&3n5`G-RH^1=00g{{rSJLwwNVb{ za*H|rJ95q$od?Ub7^9gTdfkY&ICD{8YBf=hn50pdRQo?;JfSZ zyML1KuUvQeXAL$8ha-U(LDBY=IhZs!bIFDf9~6{YVt@dokjCJxK>BbQK;+t9|BuUu zy|3>duB`l1lAdAXz~sz(gTpu)UOqKy-wRIi2aVOql2=}g#)1HmIl!Z}k?nW>5o5XG z4Qs=AB*M8q*hu29Yy)YKO=7>gTlIcL7KK$%@XK#d$P;F=AL~k+Hnx}0QTanB!7$iC zK^+l@PU|tZQ~}%GIY>;&MYDKA|KN`jD&>l>Q4LL<0lcn4sSPWkBS!otpeJ_XOa-Sl zQYE;|Tb8>Kk+AxWX%30N4^Q0GN_2xPvkg=8Izf>!Q)2JglOiLeY1(uuHlCcMc0grs zs0u$Aim$~mFr=LgPO)jFhBa{p*DOSu87zyp>m@x^NhT-Ag3g>a@NW@~q z=n+|h7&ErYs7tz+#RqT9FTORLH<&~AV$>U)4Env5)?N7WEgT%mT}6shVREcc6SE-n zzyx@d*{5^Wgl`Qs2$4UAMGg=7DKf3io7&C;I{V1sfa{FsN}N5=sEiBK4+{D=K>^sY zOi(hxomnvs0kP#Udo+9B)>Q)oeZg+A*swEgj}eyJzlH*nW!=DO3A4d1xVOzqkTvEU zCgX5|(5vaTxRyoTmN0lP`$b!~HNA*d+1EjPa(zJ)ndT!?vSu`py@E(|UCkNGQ@1WK zEsQ>S1OUy)dKwy&VKCq)XASQrva)t8XU_EH!`qxKyw7>%(k1IV= zfZr0H8btR}2}j%X;I0LT$Coa6d?}6VT0*K)KTL@%KmhwzJc>t0+}em#K%dxyIX`LA zft-r-@BkQr{}{*R_X&%frzD5uDX;LLPOe+X`$AD{bb|%39>{BYSt><}Egoeey2s8b z5JH(M@?}u#(z*3(kj{6xvZfJi3ty#<`$0vxb`KAN&VU8k(l3>b2GbGpIAC~<#u695 z4{ix;C`N`0+cd5Q-uPc z9HK&cv$PpS2xlW9{!PcydT@gMD2`_=m9aF)BkNi6=bQ%*;am`=x|u2o8{0`>@+8sh z?sXswnymVnN{l6yzl&m6rmPO_zadzlXci66&#cAOG(fd}*Z1A&@!8t>dG!B4(c&Mi zoW(o}m=IV5{9}39vZSpyI~!~Jn@8KPU;W|e)z;qr<_4@1FNamvQX3upxV8WCXdgvv z5eK&Q!{*V(=FZ;H>+P(55_+Nm(=_Icp77-pei;eUl6oR$@j7{Hp?L03PhUx(tu0vH zds;f7{AgVR>43J}%vPE^gB2KkqWWbt_8~w{ZeLcsB>BKj-QS>zm z^#al>W}nsAl_)?Y07m?vGx3XZkE|K`H7zP%$;Q0Q`#0o@Y^~jB&MyqSW`IdFb_qby zX>H;m@F&J~ls;kWC#F~WT(3v0aDjR)*^7A%6&Fq~;mC%NXa-Sp#jo}@{2RPVoM+VD z18kc9g++ICVU(O!lK^NO%o?^v=)u0hxevaJQ><-;PzQ!twmzO++indJSfD6C$h*r= z&me4pyH#txY8%w5hkSmqS4LH) z>g_XNVw!IT(+t~T#xm@NbkZjLyFi@L$%~}!`iz2|nXIeDTT#NjL4xM1m?^Prh#4{< za9|B3Wx{L5baHlYm`~Q(vI*H>!v>jNq0MYo`AD;-MMq8c>Fq@0EVRfX7y00I*by#1 zvV)KsB?rl+PxD!Yp+&FOEDKJw=#4{})n)bdn>yU;1uHR;Aq+RL=8#lkcZ%JV4jnB+ znojY=tG5ilCP>9OdId}b$!?=nDTEB6^5plenno|S z{S}Yv9{trxg?bgh%tdM3o8(fW#g6}EWlV6ZbJ z=&tx7FR%!kSe71SZ-6Xmg1)VVLx=Z>_W0%-v)uxAd}cUmS@81RHO&-9(&))Q|8q?P zVmYYNK-uNgV4vD$ol%1;9%g;=k`>(1`9fo(qoe7_os=FqJ*zzy2e&)qrR1sH6_y&P zceSiM#PDE9-<`>HFOwdy{F~NtJ$?*<$bNWQE`h$9p$&9!uJSV1-t~!^3z06Qhg#UR zOq$7H(Ix6TLT3|{oATk+=XmaYri6iRtrGFrwVALCVJVI2&{QKY3qrk zo+;pl+X5~ZATG6T=vH*Khx7^B45uMVtcESIMV7{s)Kmp*hlJ$Pm`o9fS zAzTBlYAs6x#L7wMGx@7#h4qm3lWEhSs8S|h)KXPXD;$!P?g9-#2ni}4*GxaOs0Bx> zxy^v)H{Uic!R(&piWVL#!h9~b@vn6nK4$R#xa#yv?ZU*AL$hs5%0-HDhL~kO-N)^DGMma z_+>S|xwd$$O4ZQ63bRaLNDQ_Kj1WyGuo?8yx@yAbo4wg>r3(|-HJd&e&30?jR0X5B zCF{+h?u5tw^3Mvd0;GLDPo*uSnUm&EGpHbJIjra1z*Q-u4VvZVK% zUT(Nv&lbzSO@hT_qbt}f*1bws<#iT_tSP>|^)|8A(NoWsvWR}yN@-4m=ang(}7 zR3%}QOb)A{BIm$o`HcoKI24jA+3(V7w@d8lIEoAtEn-_4CRb~NG;L6}>qxefOcaA`-vd*Z1FVSSVwSCU{N(OBek>jPl|;UaDHu@&Ffb!r z8m(QC5sG=^Rfq6#A`vNbgNx<~wo#5AdTGLo$MFR(uZWRY-kc}kH`|4mK)22hve zUrF^=U_q5m~*31r|LSUZz>_W(Na?uZ0GrQ<2pgUq0oN73NM!hwwrQ#oK76~yM zKsQfLvrayCww`=c2u_fMcrCPaUAC3aMIFHQPDO~^kVXc&j{RcJs;Z3#zp5rq*m0s#ylCI4pfdNdR%1RN@_SdNzd&@6|L z4vbj&G8PK&%sd32+f?r1p#}t^&6=?2sx3QgU&#J#0&BnVDE38oPe_ocAO&4*VNZ;6I5_H(du$I~4VfA^eTqctaA7@)wJo#hWJN z%j)ela@hO`j@ihLH|V`uJrnp6!N(ZumtWxatru7V^qd(SD+%$W^k%0jEnLJfAHhlV zE=jH$%gx+G^4N{({R^wl#- z?aO!l-i?4BppjbT#k~9_zx1yRqP77z0bTnm!sUNA;w9No#AC(`dRR=Be=N|C^=E+I zet#bH)=35Wv~wlgd{qHQ3?7;Pm+c7;{<%`)0=1!Y(VBubbtoMH&Yhx~e}765S~DxBNm}ySEgJ3UjkR}mEo%e-^OyxY zfbgxNVh^b|K%P{C)9-NOW40k?Gkn#w84jnx(Gx*DaIcals5cUjF+DMNgJ%Ln;EXF{ zgzda=v1%}G^WE(SOo*)Q`O4Hv%jAZ_xNfSdT*zqIf;+aG z0q~Mp&HB(Ecwkh#xLI_P>MVpV^bVKD0nTB9^XR_OP-x(z%q?yc^c8^4-351#B7G}R zNVSg&2DrpQ%HUEq+)OfSBUt%9m&If`D|$-R98!t{FjPr$JO$wpr)pX%u8EMO#z@Af|-Uv7uoJ>_J6pI;J6}Kb)<+pmPIRI{hiRe}sWMB9E z8ns=q$h?@9=3Oep9f;Jm!>ge8&F(1m42U&U+6jI{2qR+O`5v4}>m{($>3DR7db?jn z%{7SzSAXz5^-MAd9F(LsY2MFBO~R`4qDh1g`k5qc`o<YzO)JjwxUsPs-h7K=)6hy&O0jcn6DMa$wW4mhe8tnf$?Ag1o%-ua~0YiH5?XZwr)#K z{4tioQwanR+OwBUXH{ZMTbsl$^+{6N0TCskFiDqdR3NOCo7%13n9u&UaQC?bH0ff< z`;%7#l=(+AuHH0?%#~f(1E8^lC)}7}3VY-fe=6ze?6eY_kw#J@QY08fIPXt?GA=;P z_wWZ#a2ach>Ml41UtLXms%;C%WKm7PAcirF_C%zM>cj9lT4?^k2Cfx&#|=Y651RoM9?Q{^J+KV>*! zQ^Yn2MG#N9nz9lj0$u#%a6i_=2!7Cc>Hx8+ff}N(wBvlvHQ&nmR=%|d?tIE)e{}2& z{p!(tBK;ql`D(yTYGcD{ptG6zXEgV2HLdU=?2)<;%Q;mTt|l}zl0d{OmbhHsx(I%J z3SQ%mE*g|+KrRh>i$uo#_AE}a46Pl$p?4=+yvN*Z{xz}qZN5+VTsDn1K^yf;3BWlM zmW&gks6-l5jLey|4!0;cQA}s;^b}P$k-Yt&b-2#!7U+K>V;GV})wLMRePkvp@X34_ zO*~0n^QdBTZy&EAHL9;;BG2!DXZgn(iCOdfdW)xGlJpom-Q%ML4baVDfTP*qL0!9~ zL4X1c?C-omfCCNeZ!}A5OY>CBLw2WrLZ)wJ0EksQmH0Dpt;3Qb+(i;lx7SP3Qz&}bRS37I$TN>~MBJWr zE#e}now0p2-9C8^!style>(0<$+qS8o8kN6=p$~lqu^xk;2-hoa3GStTr@yT$l{8< z5HfK@_+$yc3GxnD()`RE5|=P+hrB*{&}SMoh6%l8I}0L7BZ& zrw5+|1AsrshiD@iv5rq3!k$vRCZAC_kcHN{Q`a0l*UhO_CcaW44mAnS)#A-Z#JEm>8SHFz^i4XfZ% zSgQP%{c^dM#U35>&8Tek4mIpDQxtUNTNT zE_sB9DnJ&{9gL~eX2&8eM80x>G5d+!7rM4bfQ809Lg^lVR;z0&) zKthz5GGI1qKlw}Mp6v-gZKnIgE(uCxIo36-UZS+HJciEn98q!7M68(`@7ZoBE=&sv z#+w)R<4=tzLiOZbO)cVkO*RT|qEjWbE?g;iUh#n}!F|Bh!k-WMTtX|H! zh*v~OgG6TE!bHViN0;56UDQqk$<_FS*1w?=J1kRZ<;B(3V(Qw8o%1hYjM$}|!dkgy zqJTB{ebW4!9uU~hQLSg_%<(5XV#~>L*Gcd&$z5CmK)47inHkWcmw<%@wwJZ5+OPp| zi(GXCm^y=1X!J|?C^8fM#o!#4c2avlf?^mRZ*R6vhqw-mUZD$WV@EGg zF#z>5@2tNqzh$xL(OhYBRBR9@k~OES#Xs4e<-7h+_bCtnseOJqf<1_d=Cb5#SCbf)GY;cfsDX9F z0RUCd`tIfOQb}PiROExCkeJp}%XFC0+SO{`nsMqrtibJ^vDGo^h6dEc>6*$0w*u zeTgnFB8nm{Nic%5FHTA8*Q#Q|RdErzoYjNNC`f88u@XcSM6vQHZ5$d|pfy~U*8eDf z1X8gg0bu>iQJeGvfS<^GKm@$cq;ds z+CXmFEEbkNj>hl**H!;YqSZmjhkKXj@*6Tgyn};a2*c@$*O}Te5TxqIvjH%KeCebe za{DhXr`L9soizrZrEPjNTG1DCNWJ-+qHL@m?YS7Z=ay7L~VYW z1ti6}3VrflFojoFQx7BwOZ0hF(K;${_qP9;4*`y2pR21<7sVq1BrpTr8sa2&;jTc* z$4>yO2PF$ih#=*?D1iBDcb>v~w};acJ83j-!9I=)m=Y97s($(7C$jjw%t01koWdc; zF;99bq$efd;K0~n`yQRdBWS+<`?m)P`cV=&t zh7OaT3J6lrTKTRj$}57gvcl?H2i+vXJyH?LC47Rx|G``$TppMYM|C04C4`c=3_p#z zB5lMjNf!Q#G>v~$qx!>C>ZJQ;x$wptiL9n7^#TWBQG>ig-=CuCz#NHHX#}idLy%I- z)?Q>HVQVs?Fk?hQ!XO152SXr@5Rx!X;>ORs4HymC6nUT|gXite%+H8w3PlVhWbz^}gBt*C>Z(l$KZ&AU)Q+#Y^aYH(YV-A+!A>xQMyyVy{X)g3 zgqi$l$J?Yf@TAVEet}6(Om%}SNR$qxgRm3Uz{EV)RF``$8_ED@N56jSDFGHJOXjRH z-Co}y(r0v%vWZBhxE7)B1p6YMK9>TyG2`OjNP|vRa8i-jZR?TNB}plf3z|_QAK?1H zh%|j0e}5Xe&La|0VnUSM-C1ODT@?MQx+z6$Q<<}g$hk&)i&<8VTnb0Iwm9S#Hmd61 z{00?MjV!n=VI>V4US->gWq4cBf8S1DFRC{o{P#F9rf(9d?X-Y z^9^zc?6>J;Zj`OBni-m=yA* z1AIXS9!O9dy;htG`81-VPY;a&e0orHd^Kid?)J&agvGsUUhTtY*!UuR$6gB#NzaAs zctC(k>n;=5q+f&9a85TRAEyV|`swc%Cb%urVbSiqbgpe^t{5CHIo2}5SK%xRpfn7`y zou>>bidpBI_1k*-ZOeBKH=skhw1vw1&|B7Ut6NgBz#Br>vK`&y5Y@m2Q-R`kfYME+@ca@MMlnPE99n6Rf_r z7YqL#ab3YQYMl*g%K2vgpho6~7Q2Do3$k>Q)MfuNLZ5z);^q(t22_Fm)SMk3`a62?hYj$yICMT!^55=pvDzR+*@>+7!r zvQ$#(HcJPs4yy^WsXWuJ(7B;pL}l36>DxD2I>8_fFJ%q}iwygv^sUY&#$5>RzZ-Wi z&kFteF)Ru-l>|mOCivfS5peW_QqK~KEM2}H^?1OCf5+tz;mk+kiP(j16jL@W6HSY@ z5a;)#m*kVw(5`r9*g-J*aa1Iu$y`{xGx_=Ct?ZBOY?Pl7ygcwW!NCDMrILSS;mXQX zwGDtSH>Ly?LfN97j4o=w>O4hkomK!9tO@^l+IW~zi3>r?D}~Ir{J-ugQI|CQQ_>Vn zyUQ-~6>Nga$=(r~M?nfwX*^FS7i>&u8m>PVZ|6%^HN zNWiQsZe(1BUm@?JJ~Bn1i-`^GfCAAjARHI}di>W_si z*{$*ewtCy)amWIv-6{Bpts={AXkmY-B}NV2i`YiAxKwq#UQUKm`-VEoNi`eXy9FHn zUiWBS#?uYa--q-=wVL(F3?Yn3uXTk#llS*|i#p{0x$+C-LBs}rq!c4@oi2((hF(nS zGB`2$g`|_(_Zf2FMG?n&1~&!1W82NLnyIrmfn*@VyVu7ap{_|#C@5mmmt{_->(o>G zrAbG?0T`p3R%CX-Oy_BwK*U{QgeN4WtE#M#bihA*h;@jcW8`yX-;&aZn0T&#DQhWMKE0or66hJHaVPv zMiRkhuC>G))x+TOWI77J3AvEdYYHS;r(CbkP@JKgX4M&+Krl2ZPeo&dI)`{E^Z}}= zQ?$waPzm0xxB9lBFSM*t%U{SBg2gHfGh$opGTnSFiB7?m(9JJ>P~N*uk%u<&PpMN= zrv(?)4iqp*vQMCNwoaU9f)}H(IH=IhRh~*pAwG2xW{)SudPv3j>=P|Lal&5*cavG1$|Gphc9uhSF960f2KyoAg2+*Vn+PcXQ@RS;0E;4EtLTMh zNyd||5(78IJyu1q=z!_>BB#x=E0J!FbQ_a(S5bsPIq#m8jM07e;`^P5tyky+eU-<$rg- z8UIK6!q)cT*7nwIavMk*DyH}3oEf6i!(Cwupc2jV-L=>2FOObr?Qia`z1mamt#7jV z!{#fzr$kRZ(=#$2(qqq8Ym3EJ@=xB4yF=Vy zAG`v|Aovr}Xcu*_$~zeHKJD#~XV<`n`Wj4(EFlkg`r^EM`l{a@4{^xBe5JS_Kyxb> zkj-`go^c%+?44Bg&5_6Ppp_5?+(VK6HoDjM6lD_%+YmuaU$(2ZYg=vR} zngbg;!fA%>W%-DQuwlA-`YOZldED4?fNU$|3Z>Z;@)iWibu_G*Ft~ylFx7d=KjDCg zS~<}Vm1d#UgBE>RoC!!F12NHr$>(85?i#T&H9^iUIs_S7>~pA{Kvk+(1F6z?Z}I2) z%<5`zzn(!7!rJ2UBoO(Z95PHRm?Y>(Hp$$Tnfi9wbCW>N?Pb0@K*GD#f@ z_Db>wbZpK712c<+qAPjh-SaJ5VYU1=!^rj~@Is;z`zSCG`mO?0GwNLMKwCs(Fr$4e z(Uw*Fc!AVu&M_{j1rcdr5Uvu2! z(_e9Al6Uqv|G?WuX3DDF%7$K^#4+p>@lB+ZS%dTVQ4UJB;z&zVOdF+4iZ%DwPTDA6 zD}I{&(YBmQEC&@V^3$ox3&<4@wfL-Xl8AxG73o}Uc=wMR=>G_b zlW1oUBCHAWzu(QMF;aQ%K!P)<9`KU~5sJbxmH=H861U21Y>*~x9^`?NMUmSkGXd(5xf-={`+03y@*P@!<KzAG^lk@c?^7R+qXuJ!|c)?cYEy@A{k?rhPFuh6)@Yn}O677iD}k z-0Mo_mjPPR=M4iWT8fV**b5D(C(G>(hx(eu!AIv;;Lgi>a6^mx$$p_r)j(X|M`FnxzbJ0M-Vy&u0% zSttN+cIEOyu;&f}Q&ak_Z|!Yuzjp7>+Xrxu%i)%@mxDQ3ASuKZP39AV$O23x58uu^ zoMw9YQu{Hq;J(=3j{yOKGt_xXXrjdw@{B7e8)VtW=W57DUW_i zD_6JMO`_Yp%ivqCz?8M9ZXC1Mt#3dGN@T!ZGEAjcMb9hDLiQs1J}kIf=uPep5uT35 zz9eYds=B94&d7^r2YGj~DV!&7547x&I}+(7e9H*NI2}C$zZ_jUL5B{EEQAT;zbY;t zX#XAO0dcJ*)B)zV<<<-WRlA@W5D?83L8=gGmCH4w_Yr&rCB>?jrukIyA-0FkMdNIM z3`P0MpvIpxFYxf=*|n6$%X%~@@mjz#U_%F_!AEikc6V^il=6;aw2 z-xQGH328`|q~7>236No)%NS&vOpVgbT1veVG7Eb)+IvNzfM@X4EDf(N@E1?1&mYIX z5y#20d3Er&gHaoBFxQHJjU7C3Fpvo@Wn zQIbD5(7lZxuyJ;pJ0Qdl=e+*vbabBlOzo@|B2pk63j!52?W+mGr*7moHz>i~ei!?3 z?!Z*>c@HgQC#QU*qn(dN??q?Y##2y)tIEf?yvk6}y3~yhdc^*;ueU<|86yZiXZ#;^ zr;obT>vV`h|6NNVakt^kwtAosx2pJ!znHmsu(iH{po1XzJFld# zjc&i4q-MV!n^#8_B!a4l^Ap3cXu8GzEDdv8X-dd{Wx{l(x=7iuN=!y>KLaVz(uZLU zVx6u2jp*XWs$e*j>Xzm zPsyo-Y&f?FguK$(6}yj&w#XT}jG2Kh7_M8~xlcEUYaA@RFRl0CSA7 zkN-fqMQ6|CdNS=_h~dEH&{tnem}AW**R59ZUsEuovMnxW03f=$iAFKV?xg{4Tsk5y zk#H3Wy_^kF6&q3Mku9VrodrTHliA7o$Waf9$45}PVmHygN0+6=u0v0xJ9ZMLp)^oZ zhKo~if?{~_qYZHvFHU|3lam29=`NZR!K{5{A!T*By|(T?2If<%9FW|Uk7pbe$X$_V z=V8oUsog>~9Crn|EmJH!JF+E}?sFJ0fZOs8y?idqOlfh2$mkSjk^8guby&&D2zcmN zp%0a9lVNJ$CfN7v_$z6tpXN}2gOV1?xk{3^nD){rXGcg)CFme&D_(bP0Bx3mW7>^- z2hPDfT+$b*H8PH_yGR8dE$aAe5-7t&P|8r`A%#oD#ln*Fgj$P~T+(rToaFyPa0I6) z_%?;0%C-p`hfzff3g=B`M`9zOZ$dkasR+g>MW{skmATfsD7A;fIFSjspK(?Y5a`hB zEdb55`xxInWZeb%+~c~n_QFu3x)mMquuma($zj5k;PO#Dtc!c2i$3)2@U%T?A$NLs z+DEN;_YI~KXd%HIThwKl{{Ijx++VZ`pbe2t(J`bNop?gF?Kp{*x~uW23!0$7I%y#b z2ml~MT*!DvymI+7qlFLcS}2+qsR74VRSQnmKwr&{iO*OGbkO$L*g>6JWsE?Gw&iy_BuXsAy$ zHV9qNf{P-jVQ5KDVeuCPR7e$=PKSadKa)&O`WdFCp1Z(uN)6%@q7B_8&ix1d5q=H-a<0StLLrj`cT(|I%%)4DhX_EiSgFn3-R<3@jm@3S*BhI!*Z**|yScah z>dihQ7GJDwz1rM>6fMgMm;-^CrufsMI>8*4k0}>%5y)BOW7%))qaZc{9v~f8uYx+Aw&r z!AvieV=xvT@of2`J7tV;uRp~|j19)t<79R9W^6;$Kzx*lD+XH5C<2yqdT$}l9W;cO z&;N^MzSFzN9<+)J3gd%~{)f$bh@t7uL^IBcm?*<5M`wE2s$l zVQB+`c8t6N(a8){iNO)6F<2GkEfr6Yo9B3>r!7VGO$boxlU)QOnx;6sz)BRiRO-a8 zh64~+fD~J=a!urG+*7&O@{~&yZbz*>?CDUyU8kzMQEbbm5)FkVS7RSrjEoxL?^p&M zV(}2b2B>hoCD`*^Pa5C#!E!Lcao;88UNjqyT42Uw?)*aicx$aTrwlH1v$*3oMyuwU ztR4=b8rFEnHNz}L6Ylx!Q@_HZo$sa-+O5OPn;Ceap=-ghkpE(?>V)Xt!2Y3)Gm_iYTb&NoPY3FyljY4UcYeGt z%fS9ySC^;bZm*AM$sTTE*T2OUk}5{s^NFmsEhZcuTJsnt**OF*6cZM0a*5#klfiMz z2y&7jxZok-mtbLaF3+!UQ+B6&IXHN-@@NIYJnycit-%zqz?LEd2*-gPfw-cpPHS{L z?p_S8CJzm|j*s6iS8wr~kFY2}8c!R)fuV; z4aGd+nm;}R@#=*Lt(})Ut$$tl-O4u)eW1hP)`?h{$K9dK#1Jh_X?gOwec$?KFgzKd z{+St-<$Sn)<38`L?|t)7niB15b8yKaEX2}KC?0*C;QyXjcSrr7P~>#7+(wHxL-5xN zV6M+gjt=*s*4JS;y zfz{|E90F5@d>#ymCb;Yw2*O#fw7y4)2`m^oC0?(DdGhbEh?Fzf7(hNL&56A(Y%qCG zu95zI)gxGnO81Y-JY+^eCBewY-N=KB%X22Z>3zdc$=XunjGY>awvh)l_NVQL&s2N3K>8R|8l-+J zR9;zLf)ZD&kPBlNTkLeSEj z6ncY`Ymg9Jzn~-RP(g^=PEz}XkXN9Pq1>ROXbIq-4)4-dvj~Pwm}__m5^_X^Rv<2N z4+RJ0G6cZYu=SspXP1!l=>9(`oVqPkXn@A4I2Vyudzk+T>EA#+yWqhD~gJRLJb}Qcs z6Mk{u#E#yEawxY~*pI?P;Z0bNyWy2J*=ne!wHtP0$rb6oK`XipM%4AL?Amdy`Zl~K z5G$i${3{tL@si}p^%UgMYccXpq;6LJ&cecN7Bvl^%yCDsy~m~)jF9(`HLz>Nje@ml zQA0m<$QfT0KmA_7I8NxO)S0z_2SJj|h{D9HH(n}D@6n?8mb zJSX~1^6(vc9H2bvU+na?D>8%iD3BE++V)-Ygi=Pf6kU9TA**-cYV`fPrq_vjTx#y) z84hDmB2y%ZOA*MV;|rvNDmXvrwo?+h73APK?70gxi zyOcq?K_cP9zgO!PKhd(8zjAk=tA_72+bUDI^2yT_z7q zu!xpO9&5YeX^ERcC<$78k)3Po_bldcXnnM#G7;pB67WiUb+w&e8W^Zw4)y{)*%a@l zvvBO}Fz%={0jBDptc7H*wzB+75HI3QHO9p3lZ(YfEH5m5KnZ+$rp*%zMR<(!p76jk zv^;J{y3~ESFNNoPN~*cOhcKXwv%sOy=L{Z}F4HqJ_4`>52INiO`($Rc!#piKUa@2T zVO<7`v+;>F$Y+rqGSBQ|kuyRjynhW6(L)R(nOn!wa@TwgA#>6$wuZISaA7l+Z%6$a z6vDcQQ)ZgGAQpa3$HyK{{&_(od+Dxy>_5zqnx?0FDh^zM0d{z z-O2yNeoS_)B3gq)U&awkGau_}1{xF_D6+Bls};xX*g6+e2dILtgG(})uV*44g#eh0 z60DfR@4MsoGRhXUJI_YKJNU+x&PW}RJ~B>8Ewv_2SN5C0Lwqc8Jh|L#`U*5+21-hX zLF%d1F<)1*0P)Me{+01XacK~R3o8<7=BV&P8%QEmZ_#u4ecAt>%=~jksPv%sBu33w zv#{#TO%_uZAZlJ&)r^pumLio7v#H65C>b@9(A+~Ab0;Dqs%^>!8bqn-K_Q_#P7I;< z%|y&RkmRcX&>{SgO6cKHBy+(?6ihjH1*^vhsf1uQVgj3m@f#Tp*KdR^9i@mGVzgU! z#D_T9AH5hOiV_!2gm!=&_H6u}e;3AV{FJd>n3v0`$^bibV+F`gf+TM zcO}~{OAyc_hCp~AHkdI4`E_(DE4ibj7){5Sofg`tp--ibO3#2e<5M1G;?(eb)a^}* zl_G#C^Csz|IB?g4E<68g^K?)A_~UN*8QjX_E{{6V#4IwnL&x2Nwk}2o&TE`KB7=m- zmjXyz?oMve*MCDhak7|IuS+pwJ_rcV!wy|$IBwtvK|W^CTEV)+1_{c&Lc2~kh`s=N)tnNgDJObVA!n#9ztZEOZne~e=@Gr7ZHw?qQj!D2C`RWC6S;i4X0+;gFy>x{^3wm)`nr@A~3o zG`v2PQ`sTT&JSOpTn5gx^gr5Y7j=%NhcG2^2H5xiHVrcKe5|xdD5&%w)X0avMR2vo z6R(XCDfgl8<^iIxppQ|!chY)+WAOMG(V+Mz+P+JO=;{uyE;oPbA74fPVkM9jZUF}5 zGM0~lByvG}-64xft!E{srqI=|vKrCSPGpNNcagVApWOhi`7*KNW`uM zur_kI8!OCYZeZbq%cw>;HO~WWT8Jr54Ew}Z3r#Be4#fDSk zLE^c@#s%$bz^k0qN-&6Iog+__V4mZ4pdGNqavX>jtWJ4GYtrh<#@6oU`u_IrACC4m zch+{-@TXcEHQ!6LC8hzh8G+NB?et8^+iqjGV3BK^YMA#*J7!w6S0-1KHOm*he_n>L z{x95M-nLv(n#PYFwEm5q`knNH$q^94XkU#)VdoauBj`Xl>blAt#X*o5`4?`I!NINl z3GmcdhzL3751WrT2wX@@Al3RuFHfK-Z5}Zqqz-#S2Dt_FZE8$k3FQ(OjE7Yq??`bJ zx^jY5h#HcMe4!b>@te5pY+?M0*TIN@f0imtCk<+eACPnsTnjCWlUMgWQE-l5A+u_o zCHQ{iT>ydlg@%(3{YuR+^E)#C~*LF{%4?j zkum;M$VNjju|1q;DF0G8i0A06yNFMrOsVJNTFOp1*{RxUksgY*623v8DPmif4@15e z_R=B)U23D17FJwB_0q&&WCM4eBEoC9Tt_KF1~$A>Tr(_qBbZ-pA#Z7x{en3YlUzd& zbPY_PM;__&UJdC3TaGPc3aVa~Ae&!|&S5^S!>CNfQ#__`~|%vaW1+v@x2#0KAj<9MR6gpzW27y`w$I$9|hV^!k^O zERUqKAujsC*jQ;(r;=KTrbpA!k(lqC7J=Y8!nuWm6s++sEGc9PpyUV-!!+?#=PUoN zZB?B$3qX@vM$Y#Usd!u>P8QEr8#T&GIFy_e$KYy`YS{y(f)P2{=wV|a5-tlr;Q<6e zkgoU#Ix%bLzP`!D0%8$YTJ48z{QDi^orxGF0@YTepdi|%Uv?bphaQ$mkjrh;;xs>F zNC0xXK1x0bREk8$d-^_`fiKu}I)XlHuM}Y5ORTP{Mvdq0O30{|-sY!4GkLwzu&r64 z-bZ=N3Ziw2vTlvj$CvJl5sWHhQV>QY-Pi+0rwB3#)+XCSE{IUQuERYdHSni!wk(~F z;vcBFsPKq*H9x#Soiny_rrIP!j!~DtHksR29Hj&B0>hW@gS!8FZ=c&9S#Oz1CiBZCU~; zq-IxL37ShFDhvM#?uHtmjP&N&6>{bCJz~vvkTm{zsrR4Y_|b{VF~dn0@fzz=YKDQ% zW9%Ps_`s*?Jz>*wXAE_Ul-TaMem0p07eX_*G)GtC7nyYC6q|j2GOR3kvihfWF0vOv zX%ugRNqe}3y9|!0o0(DR?x^s3KDU`Jk@~y5i|eh3}hFB))R+nMU!#xkAIAKhMu1N(PO}P4M#wOD)zMdWpxFm zBT^C}yFS93zU0{HZ{XOZm4HchX~1h3m}{O5%LfgE8hzN1{M9^QWhKLi45XSYn`d94 zmq*n>)m^rek(UiFU)*kV=Z5~+bTt$ouJ?V=iZ6l;!%=A<(G)JU2hJgkrXwV(q9^Hs z_LSOdv+O~;Q#b&RF9V{;9)PM z+CC+1Y(m2VIjR$Kuhl&fYcED)GX$D-5YYTAev#pMpg|Clos-CkQLt;2#kyoSB!Eu!_7TOWpt;MeEkmm%sz}aq(XK)d)XYRcDWfMvn^xr^OzHw`R&H zS=WsKP+*u+l**A8q?M7kvi=0sb&lbzjssFsh$}ok%1@AMw5d03X6k5GPrE2xLZ{7V zox3fCZX&aV;|mQ~!Vu6BK3Y^2(Prp8MXqp-7ri&Y-2(Io#jhzumXxfM@JLJ~NLytx zJbFmskkCtW%mFNWv)}mW=yxz;=YFOYp?uK#P3W;0 z9_(WsU?^L94a&7iVS>V=GPcOG;&`jgOyy8I;Wes707&s;jRIq-cZyy$9}Hf$SO&rT zQU*CM6Z6BbR9@Ssf^o->xK!(8YNAjaBQ}$J0Tu9oMyX!7kKs#^Yna706<%Ay)~a{j zm%E68tE%ra?3N94z_k9AEsCs>gU|5=yV*5X6)$3o!7fW#o7p=P@AsZTAeBlpZ#-xv zyIgr8Uq-7~1$U@}3Nas~l1MXHfz#>rYx2YW6?`skmtu)m2Cnoy7n-A zC~JLcpTN1vYNyzZJ$9ZtM$D*n)(7g7DHrk=%W4a8qYUuPTV*e0I{a384)*Mh9>N9H zEPDpmOurhW`sC`csciAt_|tkUHRwalis_(>8pJ!Q)&i=0MQaR*Ukb5GV!#MYI)Qp4 z7+-NMGs{2KQuYnyg6IU4fU5K&dLYt!!UZ>zF7-@-vXE+T^%Qe55mZ8BH0Lku4MlEr3XPeg}m2p6pJ^UhNvF$X7zgzyLKLe4Dcg@)rD z#iL3)D$xPbCE;jg9m5Y$g#rZb{`&}RLX}~1u~4_|Z=|~DQ`$}%Y>!hg_#=DRQLZdi z6z2VJ9%_49N+kf@$@_K2`7o4-_x^|`|51(?S&@asQKiNT&i%)I<7Gc*G?PnqX*`NN z_y%G3EUxqPxlErXx4V<+CGz~7 zD4+;(qE3uAR77&A}gZoJY43ek>{^?-8Wu*GZ$%0v*Fy=t}p@<)W{ zO~*$tU(azqwcI{D{3rSySNLyyc6#(*S2#qJvv_uQAA5$SzYTDsO0!o|2e=)~|HLI?UE5V8g}+wNXXNA3-b6G=3#c1aQMLaeRZ zJvoAmPpjQSm|9EJP)WL>5b~p(uk5L=cVA)<>zf(F4FLH|vxqDI}FanX(5(0{ymwaUf>6yuc&co>+ zIW0==id@WSc8+q+T%q%v8Qeaw+HM(AM&C&BoX@BixFqs5L%7 z=ndEN@USfjFKDC>9-`1`aMm)^F9l=_XYPdr079G|9-=MZ{sMss^i9qV$fUH8e?TA_ zr_gYUCXGt#qJdOhV|nN0XRhGqvFS7x=TrS74uMUw;xPajf12;+j=(B0f~)cH522LzO5#079*RK@ks^}Dw|0THL7(om3kA2K2tc- zv+yr{b-06TU>M=EVIDVW+t75}zp15s4NC&7inNpQVez}@SMn`mcv0P3PxPsKw+FBh zfKy(`BE7!Er7}LH`WA1-=L~YkfA~RN{}9uxxu&U-BO7K;)$I5FqzHrKp0Of*Ex{b2 z3v2kGISMiEPCeYsV@2im&;fW5JD~84b^YT2`MZ-OdN2Lvn3+O((>@6&E@%D{!x24r z$bU@A+lfxt(|?Z$5meh};R)_){GXyVEX+&Xa?^haPa15+q_OYnG5e~hAa{PS4v+71gzqZSitDZE(^3X@cxhxR`afLOL()ts4w} zxH4>unLAXp|5l13@1J(%!_+g2=Mgm;07Oa5auXdF{Jchq0LM!cnsnB#JdLz z?a-+{3_sD|1Civ)1Hhm*aD0XZN=HqW z>;Fv|63+@)@x%xne-T3BkI`IQZ2ni_#P;NtL5wMsFj zF+~3bhI8XG*>w|S=jZujN zqudj~omtxwPwu}OShtGH+F<}!jQ6dDTt3@zoV}sW&`8-5nN9}>QO0}*p!tXd)3A^% zAE;wqkokQ@fD*0bJmCEJ{p3oL{z@Ug2Q{;9?-?2uR0#(!mIZz3D$Cl4qxfFz93JBM zLp;*b455dj$$ULwMbXZ(cgLg4>-`Z79V3i{C&NM0lJdRazp%Tc4#+D+<}28BzXvd ztzvH**Is2NCGV_VXA7yx07aNCm8cjkobRX-l7U1*QE9AIL$FGaaDfrPZo;WIAl1dx z&xhDWVFC#U)F~D6t@D)SJ3ucYYYRCS<{9OjEdD+&pv4Yyj9V+X2ZTMtgnlWL5Cpx; zdEp_qv=p(kq7eb4AI?NI5;y>GfO{e|_^S}Qso`ggMR}-)IXXN^-U0G41WKVNJ_&i< z{<=K2do%3+glpnZ(CLTn`BgtS&J2lSV7)~KJS?7g7vltp1`?wWW70cbfeN_@7k&YQ z?S(9Ho_C?4n26k&=vNQQ`JebWhqzP~dzB$~LmzN2Vsi8sP)50MhPt#z9CEo$u|c)v z0GL>IVMg2}SqhEwY}2s!kMz>00m4+7I)U5HFb~W1w@@LsLNI@gzFko%=!m+XLSC*Y zRT=92RNZE-=j+~;ihg@XX!c9Y~4X#4xopQf93oPQJ*@y=cra z@JPHl&Nm{;I6{c8j}ujcEM*eT7l=eBsS)PluvTBaNDMAk2&s6VnxyQ15D;#lwT^?> z*ey5}!W0BW>Xlk;$>tC0OVov+nb6(68gso!Ti^v^*6OVRk$VZ4=39}Jvl=oa35Fd;LV_Wq zfIA8|`U6>j79#~lvgB4kcFp!)>tav>33B*Jy&#s}yoyF`0UUQY!8JLnDwC|iEwdHU zz(QTbtb^~nKapDYK;+a4{a(Kpv_llGR%xg@e$cGhM>5XxBekG4=5n3)Gm6o7FUEAF zuO74x{`t|P2d#g8^o0NVE&ug9mdA!g$@^Ia^MuI%2CF|JIncD42QZSY1%U3MsL<8K zKqBY-?%)5t+BGGOJ3O2L5;(3V=l%ZWGJwWEkarGOrvs{UT69HX`36}Y5WB~B0=xW; z$;l55e%aa$9(UQ< zGJ=HQ{<4L9>;UqdcMrulAl6rt)S8sUW>J+z zAyfKLXg9LrRqVyIjmh>;;i_B40^RcPBXyA|mI~2*i-M^#*}A2a_|SkGi4s1emZ&aE zeX1|)sU|nK*RIm8W-+~R*z_#aRAZk!nOTOQo%D~OO<6|*MM^`hDmUYVBkf#+7X>g3 z5dTIzA42F~?i@jp9qp{`zvNH+XY2Kg?W5;wdz-JBoJg3}lC+|=4JPPIMP_cS73X;?cINR8D1nGLbQ}bp;dTZUMn$Kn z()zFe`me3uwEpka1(I9zWrN$Bhst}A4Q$nMpVQ^J7JB07=z*#V%#sb zo1TeUuYpOCl7v9adt95ZSGGR408p1niqv~fyp==X)WOw?_}lcT2DEOQ<;F7fPHxCn z@)jLt73#USs2X%%FzS-_kK&+7bQghVvD9^$PdIPQ>yZ2<)CWnxDEy*?t@BbGL)S|^ z4v95vUskfs+}D#2R!!-`!ui(8&`?P-%SVoBW~JF}Fwe<$Urg0jBlhBwnSxO9TgCbe zo5boO%91srzczh7aahaODsIf!;zpZC31pzety(5*(%0pVVj8OF{VA*4_WJxoccCav z4%O3r2d6uBrdA*|E|#!WRfVKFf6j#qzQMTPu~>a2pjlRXFtVo?m!0+sE1J80TA5s) zAC2DeaQcYu=`Fam-L0Tw=JP}0@MzvTgV@g9w`%lMWTXTYJ z*t&563ZtUlz}lK)7#L;gT2bxagX;iRBE0ZNQdA3-X+V3}Bnj zt2Rls12@Hot?jt!)_OUvjPRUzer<8siIU>V!S#*c!7D^R0jF+0=}fsd@CZiy8RED| zUeI+(O@YXD|r$YLiqny6KU>sQM z8SZJ)J4{dl6RS>oxy$Skk-1vfG%`h;sYp#+f8f#ttgsrZBYQIn_hJDor`Wrs~CC3_6#A(XHO1(c4zZc;nU}Ryec1 zT2i~rCxSSt!yyC&FlFcoV?$L)5jY*myiyKG4F+h<0RhAQgg2E5CV+-7jDQCSJ#g2u zY@o!aF>|x@^I=5o&VUM%_h+s4FF)DOmPls6>{J|)!Ix2erS@I!my5qBI_^|d-5`V% z8rgc(${;tM*e4{)ym1_{P;a= zBn_)dawt5UimXEq!KB~U-PY>Ehv0um2|4y!8I4b+NYY^1!5utW8}258F3R?OPI57$!YyT2i$U(Y&Iy`L?phF)re=0k z48cBk6P(uwewO9lV1{wy0>T<#YkfKiWywju!3KyjVLGaLDC)rrC%}}Mp~|L%i$3 z5`H{9>>c)2!@mwEUmqTbJ(0|rM%Urnhjb{!L*>G*fjbW?2@J!Lq%+nF;fZw4l=O^) z`n3L$zySM4ny}3~X#V%y>j|VQF!}gOoCWT*#uVgty?tCSSKW3ua^b}Y(GthWAN?1} znO~5t@R1=ls@mY_#rEFb)~h4+U)|-tG}}a}?Oh~B&&=aDMf+LXuDIbWMwYbh?*>yI zui`&VN!!>q)P3l&0k!YSonDRxo;K=dH|;?wXmp1N0DX^#tnb?GVU`O%vn)i&aRzxI zvMs3v0S5A{>a-F3jK|$EBK@pnL~IsXojL|pI1WB^;n>#@&7LizhsMqHJX9_+QL3R& zfF47Z)ylC;H$j@Rj23ap5tn(BM*{I>U|H|oJHw+B`W;MR+3YZHddiGi+-)fxsPqWk zWWofU>2ETo1%b|B`d@N8FJdj?kHy`@QM?1|OZUK(Yx8dU4N-_MU~{YAsPpeDZ&8g7Uj7dLC3|$nR$<++VwQ@7 zK>{35(Vn1V0~_%WE}47!A?!d_n&N2#%}ltnmXp^Q^vTL^R~~i7$BziX({J?*Vx9a= z#J!nl@Pz~^aJp&CLEUNX9$_5`{E6S{qsqmrUGqQ z&C!XJd85IErmc@qPq=FoJCZASbq2#0D#?x|)Ck7p`@!WUDMm}Ag@Y+Oh?x_jSTV8m1)U{O+05X!T0;na*Fg@hIPfCXgY#Kc{3F$;ayBPQtANIP9Vtk&Tv%zQck)6Hx8MT6hn@T zOQ7NJdjVLf0^1!3)5&CXJfLFkbnrm1q8A})j({R$vZ=44+L*Hl0q^s#IoTq(G8!jNKPMpls%4X@pW+SRN(a_PL~fi- z{^c$4;>~B`M)q2`xCooIiJ#cb}n~265z7JJ?7Y^D&5j0zrDCDp3`B(CDl9Ds3 z0xTRX6t;JMI`W|TH6cZ%@vVt64VWd@zro$F&NG;d>ynOF&l_!sSpdEQ*HZ3&Wke9sNPn*pq)#i zB^a926u$wxBt2yH3=}f;$#08XVPB#j0YvBmokwY*-++yFP}DDNj-lDm%v$VQcID{G zrmuq_dqF%_X{>@$Rg8m%rVtE7ekctmcZX!SC}LC8_DS`KA`3vN9}G4t zg%sdyFRR(`p(D8oFczSvkO$xCU^6;6xo&-h`FurBo;A$O5ePdu4-p$9h}B??)T?fN z+UZPbD|!!@SG{KU26LJ*b7Ca7Wp11rq+6I2!bIl7)fb=rFJP!7MER?*Q$+LHW#y_m zKrf6)fD#GxcpLkK)c%Fd6AZD^{^MT==wSLcWcK`hTPkjR+@$lBbb@(Ps{Dkq8Z~~> zCfC+lU|{wkGK|yEV79vVVQ$j)ONH$OaVl|;YK<*uc(4g&^ZdmK7TG}A?ymEJMx>u~ zsrKac0&0Z%jTg8+L$`l8Wm5@Bi&0`&!$`B^mc?J8_9RyBlw19R;f^ z>HeS%5LgHc*^5*uq6(zFzoGS6`$AG-9M4o(a_7Vw+Oiy}2D8D*Wv1>W>azBO*-GUR zRyXfYEMkcg6bcX(Su9*IdK(}T!}d1*tuJt*U2Cu1#uPL7<1sfD#$vaG7MYHLh{{d} zm57e}=Us6#Tn*tcIey>ob>uYR+u;b#1CBa(cveo;H##Bj{M1&*2Wx)rF?<=p3M%{T z+U7V&tzFkUx5IB-{Ik(Vdg-wIXS@%r)BAf{X8=#nW3kG@Aek85LyP0-cjM934P!c|eBNWa@qCjEpPXwHWrFZg% z&nu0Q?GHovDzDIwmO4fI^7Ux?f~Ns~0j{Yy31)!LVSx6JevdHB);Hg_9`lc{fk}vP z)olq}de$35AS&QU>T!6=PKeBG^=fb#)=v?s!vdAd&sGoq_z=sA+OwC*-BNJ?WG>A> zb_7%wSMVti%1@bM4QheUeBzq)D&J6zgdh#g-Q)zVj%)szS~QPjnCb$x6|L%0HYngu z#%{{<-f)Mxp5Y*gs5|5hfU zu+A_Mq4`t=sp%u>Cu*l~DyXi46AGyz>Y;W_V|_JQSy@4paYs&N(~iKu3Z~hpfB#C0 z^ipM5*k434cj<7vX89oBgeShx7FA((R)zP?3?;2f=D00)@wM1nV110NG^(zLdMnpA z{O~ttma6z^;R^{)Q-~5ZMgGpUkth#Lrcg#?c~KAL3X0DY$j%Cz3Wg;IB$8y zisuxoFWARmiA2APSHjnaRMnVLA{IldY*38|$*hXt#U zOaQ-}&qln-LIT3By&YgERqV%TR$!Lq3TWeWgo!Bz+ ziOV$`rE2OBr@8^mdm);gjCJ(7V#Aq24vSw1;KJ#?U?fQLO9*T|kP>DhC>GU_kT z1*{o?r@J^K8X48*oj~M}e?tGsa%wfTi|!>{9mqUQBAjupJnm7caZ5?%G?qETYk~1^VfhR za-Ew-;p>ikO*WKZdx0~6{Q&GZLQ$&L;)g{VHy;Lwo+DeHP&b|<+u3R>TfoZ4GiF9< zx+fr-d>k;SHK7AyQF6lR2s1tFpI-`f&m!xxw;_6)DG1-_ zjHF0{-h*jye29=21mQ#gzBYYkpY-Au3H_Rg;Rosl`%6HMIX5S`SR#O$r4>5&kei@vjk39=?tM2S`}jM53zycXeceg zSSeH=9$ultYXpTL2ob&Dcm@jN5_QsKfDafz2s39ke~q2DzCItJN|KSbRsx>1mcgDU z_tEriP?JF-&fq6l#xMdQUNiLY!gP=hV#Y5o6;Btf?g{E3$;=H&BA;h;jXOMXZ!a@- zxl-gSTTC$>=had5CXGSn(iw&=Pr6hE#v(+bmxJn@abTH6MM2u_WueFnubZB+p66fk z(mahVv0a)Wa#?%h>2ALx$d#Bm9nO~^kwoO^*&7pg&tU~GN1&wARZO5~aq?nxs_9}2 zH9*drTwRrnM?XFcHar|$)qF?TuvzIM;K#&bh}U*py181vyh>pqBw(kK02i#Dbme18 z3%n+Jlph~qmmfncps_!x-&FXb|qjJ!?Gn#Bl@NZ}m=x+z!M6QfIsIV^ridg7+rJPe(2J?*9aCfi30 zh>y)d7M82dLq>BF7kFG0U-mLernr9&X@J!w(z^zfbIrmx{}o ziT7kTBsaJmYF4iE9HGekzozwjqU$#!-B-tE9lt!oAVfK}lX-AMsnqUv)$GG1Kj5zw z6(*LI0(6g0I#Bvb4x47J2t`iZ$Yjexg1%Sjta)7w5!FRuM>G5RkURDoI}&?S-;x_Y z$c9dTtJQSV!plN~_M4WqHh34 z-UX>6GN*ZfoC;<6XOrP#h;fsRdVv}Z$W5WcT_wdSD3`8EuTI`rO-F8!w==+3X>|7- zgbG4lTx9bnoR^Wv;7(Nr5qG(`AE1qJLhAdAAZbfA3mhcej``2BGd_05tkv)oN+o;* zixgp0r!2p)jMGkut72ULxX+y-Dq20e|INejAt|H+KHL^t)7JTD^nQYk(|fH>MJ|Cd zfW|-b*wpR^)IgFLQk)jj)Mgb2&Bx|N9M|wKFJf;L!tDHNduUAYmuQa)+{K9Zc}M~_ z-zfo$Qsqws3rTVU0>xk$qM$;X+p8ApYPA*tm_{L~O;HBaLWU$eUD+Cf=tk!sIIY2C z1xp31W|jekb7^eCEkJd-9nGoFEg`{(@ErN1PCx_dC^IBlKTL3fmIpa^)0t;pGkkk?^{x||af`IX3$fowJTDjEKft@vBhKqk z89w}af?vEgQQ!R*zgE!Nj%DL51?>s^W&kP-VUfcMUK~ja(*Y@@IUkQ6%{WHmh)5|u zzQ~Ha01`h^a>7C207lC)6lT$nA%XPXM5Y`RGs_CRaHb6JCYR8kUdt+2ZR)$b%#ELC zpIM`pgu|FP&O<6OBQ8Z6eTyvs7GZVqtFO+mhyLoTF6vT!_0?oCr`gvdtUK*V{{~5#s-VgOFmUB$1fbsEs6^*0 zEi(*b*)E#!L0EVjN+16oz(d7*kMIi;$bf{Nz;6{DmA>oMEksLAJ*HxftZs-yH&dv( zAaaazZZL+#{!z$kCFS*2c$Y zxW_!c!Lrn>>HlNz-MiXKuJqym`4qB$WJ#Vj*zRPK4C%N-W8BRQ1_p3CJ*LA5B(P$T zh$L*&Nxu90Jo{3&bB-j8?PT(%*Gi1esZ*C-yY_wWLg^8NpH3I4*GOMrRD*~y4P2cK zdBkwM+3M3($>vSSaxVuZT*(G{j-ffG(;A$?XIuN58;865KO7%y?yc{y<4-)5ONKZ} zw<6s04am~JMaHLEP7f6A%m8+41sTOKOY(q&>rzJCl%k0vTrKG3B?$we10aJl8|L%I z*;~NslgNgd=ziU(K{*Ya#Se^o(-&I?$fQ(OX-AL2TMRY1VYB~Q2DfuA%Y0sGKnLUj?%8q>Oa#j0%khde8Q`VLBe?xuQg4&vo zY+ivXCD{4VFM5(D-<>n^^1E~Xn2^wT`KRyBBVDeq{sd}`|7r;K-?N$!Wuy>SWy_NM z{e~huq@J_RWBaw59RF$Rp)9}Fy~gQdVJQQV8x-aimcjvm9f-v=Xk1a20~INcY_bEJ z=H(eLwl~3^AB>Oyv-C=?C0;d1qm7)4cEB00Wh|al&efK?@-$1jPZj_op%y*)jGsU{ z19Tck4~A?Co077$@4}wc19sMjKGNl(u&1m|#q598yp^bx8lmpv*SvKcxC_cFPE@nY zlC39m6GK^{)!zU6mbt~r`h2PN%`_n;1^{MI#Xx^eC`%8E6vb6i0HqyENKQ}V!JI=D zIO=SwptG+Kghho$a>GxM^hcH!><%PS)Pi51s|aj!b3eYLAh>c~E1i67GEEIS(J0{b z@}Hz!Emlfn`^p%MWKGQNlj#j4QhEp>Xw70QpVwGk?!a7G{) zWNNm77HTN_vF#mNs&v)`;X!si^eSPS?x%+U`wt9Bu7}4P4;6*ah_*8zMd|VD_vJjkSjwbvOGO956oG z1(fB=s3WUQ7#`f_+v*K_5H$5aMd3Zr^%{kXGff`TSlhn@XeKS()3VXMBCf>uVUNX- zrUh}~iJnYb2ZyjKZGH;_(+@AUw|4#uqRvIz_^#jLO@)c;f77&jX|(R@>3XhP0Z4JCcj(%&$Ch&S_@ zmsksFH?q4QbLSAe)PjU9Bvbcec`$iy;joyryil?_>0g|!tyMV_v;PWU3IRo~$_(c& zn=G~(CnoLxydIwNGB~DYNXTKhq6*ffxB}a;6r6vuF9Y3o6oh>1De}wR6T}x{kM|O1 zkFMPPj%k;J$$HWrmgwY{n76YhfMm32Gt%iDib2jcr3vHodV@m&Z?snN&MbI zplqverOy1Mxr==kDSv8!26BToAgm5ZE^+E)o)p0^rItC)!@V@`laYU#)a=9!n_jyV z;6!%XHKZsUiA7j^JIoRO5asC3*>%?UxNWu*zJWq%VirT~+>~h*3lWsD&akMOqn^i{ z_`n$OmN@>ii57}4h)n`6#6vTcQB#PpG76v>9YRJgcnf4erTw+qVnUH#F+;HKJm@Yb zE#)9%L?1xFx!C#y@epuw2N_9u)8Ac0q6{kk@xVpmTEq|4V8~$NjKtU~k!qn+d%tB8 zQB^&x%0#P3j4*)~k^K|+>n@OX*+(pql!ul*BcI`ppDW9% zIneO1tkN9WlH7xePU5Bj>3IcKJKS5L-yQF*AAWbdzqz-2K)pc@Ytaq&aB-=h5yw!R zsKlwQgonL^6YgWtCa4zs_19KkPzI0ngR)K*o5KeIl$1jhb*^1heLasKFusCx!Tk*T z28hYh<6b2Pi1{JKh6lTSjdg_0UEZ5?&-#Aia5s>j)0iq&^s5sB&8=W#qJqv8(SAU| z6WmkA@>i&JGP>xs>}I0YBl)%W-5y=9C!-eP`A}P@H|p!1CNg4cgWeu8HB&)dteiZu zy`U)BlO#X0xIpkqbr(qX#d5?S2v_QkVt7PwpD6q`{MXrg-*>` zt?X@myzYl=uG1!WH-wY)nKl@=e_d zgj7BeE~Ecf;Wfo^U29o}gi8Ys;IQ$O*p3-BD>wfwb+9kT-*4?a+x`CF`1hOp2V1*4 z$1m3Z6W+V0tzRPHepU-gAipF!)^@VB!%pBQR9DhJgr~d|)Cw1@FhIEo{758oPeU)7 zsb{)BmI^Fjq4>|7u=Xr^R73Ot`ioD=>7$6b3=eVARea%_2a@OCE^g&;m4P0<#k{BW zj?!Cby`_TlDX!y#+$=Yvq!OUYyHSy%7J`BTeR0{Uq5?r?n@^s@C|EYnE)k$CTW`*2 zZy@NCtU!ze3B+5H!CMfwO%rX$Q4&Q}}(x)Z${`0=GTnHc(E?OF=nog#}lT!=hMmH6JB&B9-K; z8^mSyfPfPyip%MVh=fe`oDGA{t*aH8J?TIk&A3}}bjHY#_`S%`+4nY8>>yidx7-b% zi-5LR59YULc#pfHfb&z}TI^NNNIWp5alua6NOuk7who_?*<>rAu|Lc$s#-?Zl9!_0 zCcPx1RWeC?qnDpA{@ACgV2D)JqKPBil+aK$sI@j_1z{IN=llfvMyxzd>x25%wt8c@ zwZ~CHmpVmA(iziwi%Nu+1&xZ~cm|0djmLu?Xetk}6O(WnWuGgM2i`&C|CnVNa`5`G z6l_RF$_pU?=4rhHIgcgvU^xf3$~5 zYI+*b*I%-{1uPe*)5DQc?S~ecM(7jG<-Y}`s=w<_iI}@J9DIkWoVSn8+?$y@X4I!4 z3vItUww-o(IbPsR-29nnQ6olw0-VUwEr}P1Lgbu<-PhV?)F>759NO2zad+H$e~WC} znYp%tzVM>8TTdUMl;a~#h$`CYYt)Kut?ak1zj!ASY_UHvt=AP zkE*r}BM}cEmXT-tdjD#1>vg9dr04G{=v0gjE09OR~+L~tUlI9YkTufp2O;Kdv5Ko@57oXbpa4a#ueC5oD?*rF~aCDqhx-<=r{F^ z>~b+D`>2>uCGk3$2#7m|fsZ+v4Ddn5R?FcMOT3)yapmdBVAvhs zxYJkE=7d62599<$z^ah{G^yA1;D#N91T9tnOAD9qE^5JL!*~=(`ABs{A6DkHm^Fai z)@aV`OT3!LZ~8ZZ^I}U@1i@EudL6?x9?wk)sX3(PEOcn#exN$N+8*E*tnF2d=OlBE zb(zw7zqL`^@;eiNfR6R!PG>%?$+)l+@p!~) zJaQ>(L2BE0_&=i=VkY`&i3>r5I_x7lxQnq~b5)4UWom~gxDqddy(?keW1<9pU^0fvh8Oux~zD{nhGYoRId@->R@`U9F;04|E2VyH{{+AHuE2 zHyY!y7{*gJB1%>)&4e@ei#ZTVJHt?@DZ*rLe7;Mv3Vp|J8^A zPL>uh>#>I0OL~ReYz-u2C64$&2$}_%A(!GE>q05r3J*!Y>?tf++7rW?>P|}-Fd!yC zqg1(30I&lA8`=is%jq&D66tOF3WZ(%%-U0h8{y;ex=fq zh3C(bKtjBmkVR~MQb8K5BDrO;XZetfsYk?7Up@$$=MpDEtqT9uY<+fd)dKs^t@BJt ztp|-A+^g2sB+U*oSh$*rB82W8eK<7hdbQ4kBMNsDPQECAOBsZ2g9!exqrs#c<4`0@ zLuA4fe*|2eHi8K93){#|YyviCYm!V^+$w;rwez6P45-D*fG-9&)pgyh{acOWI{sX@ zbpeHjQ(FqQMSg~TigdjQ%XaZ3&Fd(l+zM1>+(vfO5b7d?{0;ykp9g{hp71sk$wR=c zd5sfM@o+Nh;;+2xaP1c&Zo4o{4A0}@^On5gEAX{q{YwsjC53?8vI78=ouUGMxE~DJ zq7Hz?F9?%F&~l;$be525D@gRQ?h*UAmxX=S>%Fo|y8^4or1pQt+q#PDuk>QBk9Pys z$M=_!RF{&>?>a|4-a1X`Coh5`@j-F{VZ0S4ZJoN&NUsq!8jRz9Qbpq8IfcYK91T&S znVC$&8t~-(5Ig?xS1wkfIt4oxah4Y=&rB{Ksqmpc*(h1B`K9-aFigU+IEo z)s~BsCS&}^m6t`b3pelB5eU|cXi`ba9+Q!I9_t5*%Zr|$W&zoRxWqk!Cu)m#A?>6; zebVQTRmJ!i;!ZJ)MQmyL=79Vk__?I1-NnU3+Jwp$O|dc^(>(xjiUB! zsw5;3ljx6ezZnREiNE%9%lII3| z)oUvC8h8O7i(s{_Ov^yAZW&06J1{ZJBAAG57)ifzAH|tD#iooWlm4&DMraR-~ ze9R-qstyZ~MxZMG6S@2hBHY~SV%olPWPsihyJ>eHEE2tCOx4hhVE#mWLA_0dFWJm( zNB>8v>E+r{v6ih})W#F58@I4{`4aw#q@JF>oyQC_=RS4kK)AKp#zUs9}A!b2~R|Yz^ObF9yB!@%c6N-XLOi+D7eW-;K#s$*46MB}YU- zP@60Silzw(#d5_1x0;OUm_lwxb-MCgRA#@`fd&S*xZ4#;>`~)FGDnaOkOazj|3R(g zT=)YDmaQ>UW&;S!>7$Vns1ZowpIc5jq4t;?iU|N#t&;gGcV+a>7LVX$}WqXhfBOMHb<0?JFb~ zSK7yq#AOA9`SW#OD{it5g9duV#PVc5#;4K=Mal->^ySs`rdpn_wySGrdTD2~{aq5G zsf6(kn=4~nUxiC&|K6KR(=^OGeO&mXB;vMPmc}X}p7ZMJ;wB=9CT!vQwmbAMTEiV6 zZdkJ@qiH@F_x!{O-c}-fB83y9!sp^3E<$8JqEHmem~{~CYD!||#U`a3?gy}>#W|AU zS(3sP2pIrOw>&u!4x0Oaf<5(LEa-EwAf@~@M+P2eM&#D9BafJJwl&+*i$FNJV(R0a zrKG<-kc;V!@)W(qeIa3N_E9R-vv`sMOl(OINV58^GmlgjO@iP8<4w?_5L1WO8|Z7;feX^vQ|CQY42s-wzN9y}OSq9D1)oNc0DScOkmylL?C! zvLrHNyr7;;*T`TIZk4>LcN7STRGxbovUS>fP$=o4LG2dv@vK4fT80-dA>|O7Va4*S zQAddS0|+8q!OZ=5Lz9Vn0Gr5+h;v~)61+^v$1 z!rq{ps7Od1NU$uN)+o3{485z+ zW%U3TR9fm~uKFbf(Poi)p9D26B~)}k)vU)hg)fGNfT=YUP3_Vv*QXK`jYR zm5LuKy@2c+h9u4=}RN+C&VflxG(Qc$+G)UQI}cHtw)M08qinCJ&)o+Nrt`$uwJ_9uKv2mKw>Xl%>wmMSXUbWPm>o1CpN}d={)_ri z)qoR+jkfz*u$V|#1xk<+tFM$5$ME>uO=uPza0*Q7& zPy(w6t4(BtV!f1H%I|V$K^RN>C7(>qv+`0Oeq4{~t-OME+U8~Ziu)0GkOp@;hFVO> zAAXA7xDX9uIq2~Xn0gIe_ymzQNpxWw1f;d{{y)z|LM~Pj3oj7m^gi{KjoB^bm}2=v zy#MPZ8fJ#nQuvfDXC#`Ol~3m0Ul0*zrk!tn)M6La*pI%Q{Un0HYuerT_ zx46^(e+E}}a`cd?8yrvLL7I8QaK`lZI8zsvuZKSkuBd?{&rD;l^7mj%*_h?`p|~yQ z<1d%dr%iMB(AwLv0sPyqC=2vrbl?va?S6S3g0UQZN0h_Qo3TjX#I)QcKAn{b~jK z(f;v)Fv_}_y&|J}rM(z_>AXhcNYXGctWT_Nb8_;ywQ|F&xmQMr)R*LJ&boeXf-cHA zXN;|_W&~y1@GF1*vkcs0jzAc>xw>w{qyR7hN2_+HJ`y}WU{;Gwi@W`S`vjds2r)b< z!xt70o!!KB&-J~K=zj&eZDnTXp*EZ5JqO9E?$~6MBI!GO4%8Hq73LF(i$x!>>wAV< z`KLHB{vxAV91B9{LY0C9vx|lC`&dATdF&uxN<}3LA_<#d!D<=%(XW0&TAxx)zpwBF zHxVOZ3Hm1l>i}m)T_EgSiYP;heKWYaqLHMoich#;ER+hWPNseaEYp30Ygs(LW6nUc z?_^BN1=VeIAoy!c zh}bwJ`w|5x_d!b{Z2L51Uk|TfDaQU@OXdNiFjzqk6G{h3^N>$udis;=xX(($!hDHK5xRDz~(l*X}#Rp`a=tK;KZB6;^>|J z>iH`0*F}*BFxG*ypa)puIce{x^^R8!0c|fvlj$udzRBz&0wuzlsA+y}zHnHhq?UlX z^W~G($4|a^Aj@UuPH%u}qnyxXF?L9Bng_jgDeZ;*0T73AcX5-A4rwRUX9WoSYg_AX zlDi-9(X2mr+`mkn^~CKU?0Lk3`D^%348OrI72AUOIFT!zn~^v(&G7rd^!0&UH2sq2 zdJ&ry&veB|vsaBea`~7STJ?Ls`k%qo_F#AoONn1}NtQF&?oK4n8-dlo4a_OyS_R#! zGA_4H8m=cR!#ZmYhlg zBpE0kLmm}bWVu8Ea;)0bQKknN<`=Dwbs$AU;g6g#|K}xICzm0u%nh zBGp|*CWh2ca7E~q!lF~=7w#aI;LEf><8qDJc_ng4qE1Z^nCcHFZ zOyy9juqlEpF{K$M=~gcT_W4+938$MkKReW$=qUM{6z6ogQ%f zqQrsfm-s6}2NvDJmr)WhLxYS$5jQL%lsp@LdPyS`8X|~}j6NQ5OE?qsEGjhQJBS@h zJIaF>R@+e!BIvNTEEp{BO2r^ZA+3wS8@d-MG;5w`w{?0wnc~J!6D^=@UtL_I_`Z~n zLqva1#1P6g>KFx=H*o0PzkK7or$4^UtPcA9*6Zo?Y683VIatm0$tq~qBm57>>;Cvr zn9+pK5X123-yc8zW$*Fnm%ski&mSY3?aQD4y!-33Uwqj={rQvb=`VkMcJk!(-%tPJ z z-r!7P$8lh~R|Di|41SWZ`&I{mK&YI_%UmJ3BIpC|CRhw~g6rYe~nqhv-n=yGw^w_Atbz5M2Qed7=ptKhOM3Byod z0f=2B@7_LKv~{?7aCmUMzQ1|A|8i$%Yv)^hOP7XxJO9wE_j&-v2nDGil_R(u06N2| z2NDok2)ck1owR8d-bDnQOmN-aqbE&MC5xyJv&R^yT=183IpRk85{-cRV1mLZm*IY)r%GCO`H59?DQaXVg$M zqF)SAx9ELK8EskeDaZKJWHdbPgGIuX#Z8N*;kC7pENbl$`mPK{#`1u7Wa8kCVT@Ne zrj+B|Rz$@i)cRj!7kSW&!6B4zvq%>^=sdpl!7h=*g4C0hQHPK}JkllM$iPkOFyp6! zQpP9|MXjGR>Eqz~lwF=(%f6~Wl|`dlxcsJw7yVu>48=S~7D*TG>8;c`Lb z5PaQyKS1;#&>Xhx2mH+Tc@?2;FtDxqgcOtc|6odxDRaRLzP%7Imr8O>@`J9Xaefyuz79yu()1)OBpprkFS0t(7)0HO#H*=i;U637n zoXmaYDX?^CT@%op6;&e{#Xb?5YH$XzL%bT792XmkZ~LtdBpP`~+1Juv`uVNvYpcoK z#b?Z>9=tvH4*F+HoC+1l+wvCnVr_+p0TO>o9oZ2eQ`^P8b($ZfY-t1=6}`q1Fh-JjDA+0R6ldb zz(5gPG=#XphxR+scR)1Bbi3zJt5cxCDboczYwlPrU^xJwU}%;dB%f)gXo!V)HM0WwBMH?LrLwXjGp`VA$ALY9(C zeuHMV0()rRN*@r9wWWWq6~D;|>t_bKsTx&67IPA<(3D8Ab;Gi332uZt`U z)P8Pwi<*gzm$SIltLSlNp%w&)sG=Fvo#JbjTd_-B;-5{84^GE}t7*|gfUC!%*1|Vz z!#8ppN%*MftUg{f+kTzIk&Ggj)ySmk23^0NjxI*s-q8lD(QM-{zmBaM@@IQ|w2ox- z0kqJ7NzF~MhYZU*vVV0Y&CR!ls0Vm-Ao7^}J@12EsUV2%1^e_@(>FM)G>YJAy(_hQ zEFR=oZEy6_{z=$Ldvq2z{tFCww7) zH@+S!2Jod4oEX^HCr3P(Lc_;L_FqZbQifEVMzKW6LLRn~ldYbgc}05?Ugh8*zw*BW zds6RIQn|-Kz{dXPA_aQlS`A7~EP|!d0?<6~EIcqMg22-$9ro{1>2aGuPa%ohnWa&qB6G}^!J!aaglY{yp6^z~z10tG(K z(u{d=DU3PgvS6y>KQc#wR0_J4r${<-2x&vHYdQYnNEI1+4o^J?X8O)%MDE{O?)Bfk zfCLJliuWVPSKZ*`fc(-dd-*01IO9<3!|@q#KoEu&@!7EBkGNPY`Dh!LZ=VKpL#KVn zD5}Y8xwv68g!>RNP0$P=v-Z@J)P+y>0?&m&^g`V{c&iIE%V5Q^Qf81q8G^RTfIyMoHgY+Lg;h#U~tmyw5hjdHL<} z=I>!$fooVy#;Bn#er>nGvj<&NN~cmpEIx}4L^-_TzX-cc)BN9Dy)6BwPP=Jl`-<-3 zr|@*dPKfDrfP95`1bNp1UDnCsvJdf@*l(~8x%;Ed(0}QGo?&ox)CQmtOywavGf-Z) z{i&^##L~61>&a^YYVt~53$*uLkB2Y1jFrP(A2H`J4g%lRGDD>)LkgITUC9SFf(GY6 zm`57?)?{nA#{@*qfRMk3SQVv(ND1(c*pt8XhsEn!bVt~XqZJKT^ct4Sg(tjW(1o`K2)@Eo;_w2H#SC{1c`%W?*VcZ& zx&O`X!KNO+fQ1?dBDWcN502-U!jsk-5j!p62Kj@YV;56QZVJQS9U`$SjUH@V#?mrz z?uvr0*ZDv!9ej;IMutxMdJsrKo@TA>MA$FEZL5!_y%8CB_{|(9ICOm3AJb2yEwX(~ ztX3Q&*vsNhn@#FBa$wE5F3oUhq|AQ>aYfw;E);=I%WNm26h}W$cLPo@0;lNumDSmV zx-4M_)jBPM!LRVO1&1|f+OXMgS}2cV3liwem=XY-PKad)^j2e9+v-;V-CB#z#f1ps z@nm9ipckh5)Bc^ymMsf0QV%QnA_rIb6Qs&iav&eA1s%;)D*%$YORYY}iR%n2XoWSskOdc(Kai&H>aV_!a7A z7h39YMI39?jkSAFs;ky?w5Oo z4+KrC2!V+&!2K$?&iDZ0De(I3pesA@5fE7MH`ITXAOWJ8pTr3$hb|=29i_BESi$~P zIR~QfYRDC&8ljn&{pssb&p1l;3G zuGwoTcjCG@SXt;}Bj6jvF5Ug?IM5LRI^EyFy0&wR>4orutg^UQe5 z3|z?0UiIV|vle76Q6u0xIjYY^dG0-V_s?-MaI;NVDJ$5E^uinKaemVjnTGvy-nLP9 z-g_g&8S|_l$fgfHsJ)u^&w6E_{P>$9)BL+g$}GI6O2Eq0upz7J-YwNTa`Tqik4cQf(u#1 z4@h|zkp3O)$QC-gKxz{xBA>$84$0il70^xNc4;P{cz~SdW9Y>PNQ^k%de-`?_3OtB zh^GeT{mQ1TOPKTkyi}q#@ik0X+7&5RYzrOb_uY$Y=!!lj+lH9M@Ci3Fb4Hq3EN~#j z7dVb2miQogI@66e)v{g%<0TWS#DKW#z%rNrKQSU#rJHdWWk;N3)%nXwq58Pd`Kr%k z#)PEQqHB%7_d6){{o&hsy*6^Zh$56Uh*SO!+G$6&Q9^}LMAfe~CW+(u6l4@^4md{x z&F}l;6QpjMF;A1sv$iYFE81#nn@GVp@s&{V z;Rix4(p*zq5qfmeUPVIp`SG8x;l59Vo7J{nLmPV#n!-Jm3OX{+o8UNDTMPG=>YEK| z$XdSmL}mb5ZkVA7uj6n}=^q>CAo;B}rrS7Tmk#t;=p952sx24lh|D2z0_u>M&7zoG zeDGU!B}D5B^GL?@Jh+ymJ^z}dKH&bV<+t52riD1b>pn~S1hd|6DI}O#&%b;qT2veY z2aN-yedy6Bb(LbSzq@*Ul^;(A39k=%`3$ixANSu4v*Ng+zK0#P{OfGDxUJ0K1M2+o z=->hz@fliqr&T!TssB0!OjHrU~3)GB~Q4S&UDBaU9tU#3IMO$xj z1TVT%W&|+h`+Ep_qj#*<4sglwV3h>0x=q{{-9&uFA=v|jI8wGlLIUheEL$UPM?4>PF58r~ z%;rjPYk!KP^EVdbe)vf;e}3Y^A!vDKxYe`InE)*wFG5@9tN}tbw9>g#PEr=%r8`=( zb87YL2;YC%ut&pA`_49Oh$o6L>h-cD^VR4|bZ6BL9982CNCT26!QdMuxA|KCDd3_J$AOfo-$WFc4$( z4q4RC5lJzm;s=u0ZmpnJ7GE5r%I@(Q^xffaXSu^rIgZ)pop$k&nzP{-kWg2v=`l%1 zv3JLgVw1(jseI;!^UKlrW_y4_66qk9eLg6yh zwE)3$9W_i}&VWR?U4<}ShZAI2!4^5jd%+3er!p}M`lHm2EMJ-0>A^gA*7DZYnt~Cc zd5Pj)aBgHmdNO=+Ax5Up`2fk{%H9IojYA@1KMrY>Q`wgV50+tQuyeWVFj6^>4aEXH z2nX4w%;H1E*3oz{y}`M8jJUEq1;g8-0=B5O)M|g^WqJC|k5XAP^ynL2&PXq_2$Kr! z<8V>!RO%bX6@@blEmg{GaOl2d6!FXWTt4zS$~U3E{FCrlzM#CPh0tL!?G1V$acnM3 z!CPu#a(FN4(h#6RNKN>Tg`i?|k$)~RGq7P;GYC-HVR+90vwP|MP2&z&X>yaktXzYh zx+10*h;a}Ck~(sR;_r};0f%R3RJTF#t(X=<4?XD+T1VZMby2-mwu`{b1WtLuRoekd zu{Yuz>Sra>qMR%}G9*RSNZ2@hvS|Iu3$|Xf}KthC`lcO*}hx1Uyy%k z;@#I4$6i$XiHnPC7ux^ZtU4=?r}H#I{EJxP>gh$=^7Rk_|Yw_Pavp^cf3@SYSL}VM5W!njtdZE^PBQTn{dK))a63{QD-# zKxQkJWV$c~q1#?G&sP8t!E9EJ0s21aJ3Qm<))+2!!Y|W3ET)NkN=OQt`q$wQ_)?o^ zGlg60Y=E1jW!jxKHmWxouk;3E75&ozR-Oioa66Jy6hA99w95}}&8dZ+T@|q*+Dr6x znaEqUUei{t;U>_?M1;{cyx$4pIXnf?#t*Y0!+>T^WG2vP1EUxo1ef<9~3o1S=z^TcK$8-keXwo+=66f#ZJ2Srr*Lb4!*=+3emxDIrG zV=z9wzQBDe+-h13lw_MjQ$+Hxo`DR)85uRoxGERuBq7cw`^o`Sb0VSz zX|44&_5-#cB!%Pyi~`At{VQTaw|GkfNYrMfjwqZ|S*k+Rrf67&7Y49y@2wwx2g3#b zONFQ7gUx-o+*wIXnj#B9R0xr*{AHWAW{-tV`{ZL??J^89m;`rqJ`qA&r9igflVi}M zj&-5N{Lme!oLzjRk4P0c1@Y@+I6D>(s+ALcN%%rmtQKo?x4`Gq`Qu;Ps{{*{xwpQ* zez?2OJeACaXk)InJIi&A#ibW!BQvj9+I<>85$&xUGcHGVS*7hyQ9VO8AKQ=8hU2p? zDo1bfd<9Kv9CR_DWc5GOu1gOYB{Nstf-Xj!_!KJ;6NY6*Zi*!*jfu9Hs|jkW$|un_bADaDPEd1c4T$tP!A>>-CrZfg7;<| z*}vbSL@7eZ8XE79MpOGRAb!y_ikXOG!V(6Mjc-icTcqi8nDFsM(NqFk2m!4~Tldz9 zNbS2kx1z4ecPJg~=vZ0548J`ZUDbVgfN3G|xdJn(dwjGf{|MDUS%Yi~48!Ljjpyd{&%^rc!>| zCkkTO(Nyv%+(T)kodIPjQ6j2gBj1fK`w$^mkS9n+%dhbeT;2~vP0H+dyDv69fKZxK z;WUX#ev5!Y2_SY-1S_a`5JDNi(ipnZUf@R1whV{lH8|8BPpN4B<3aIFK$dnumx%1M1Thwb#XbB z2}2u#mV*C()J94R{~u13_9I7XmD!eYfX6Dc>7@)YdWm+r;S#5j<45+=p@qUbr5SDP;9qlW+Z0b4of zD$RU-)|E0Lv|37xsIo|A1>+A+h6{Bfh>&n-44pO%$9T)A6gFZjM=$&)cF};AJet7X zC`dOG-8Wbz;u-K=k-eq3o8tbdwWx({z_E?>jqf&(pKa}jL*U<~GxcXOFBwYpf+`Y) zj?*pkFVZe~G}(#l0jH`PF!!Xv51}isUDx*R#`<=4@?!f{=rI`*he+O}OPOjpshZ;x zx~(1-1(Kr=j14FsBa|mO9!~vQ18qPv0?0)2cS< zR}f>C^|AZ|=Um(Xu+NQmJ_M{&Xol6iEq)6Q3;rosmVo~|mw~{4_4}2l zn(h8-sjUy%^ep2SKb60AbMcxOEp`>Q2sBF&oro#z9z0xXLoDo8+d2MvvmYNW!4s*= zURyiZeYw8@HnaJB{pGggDC}k$HSlP{LM{jhY>EM$3}J!~ z!h%MHykI9_arOF3$tIDsRxWd){hI+*I)D_NwQP9l9eYCC6;pO=Qs$)EiWprKT8MNO z_d8c}0AOAsQ!Lz!Ly^cAX9Wm!1*`-sIl=lf3@IIlPax=R2oO{=mOPSDUG`$Mt;{VHTe{cWji z%w0G}lxw)d!#*rV2Q_@w$0demxEX>$TPkO(EQf$Gi0FE7=V5mDdiwhRG+sY!`4ZRG z)?d;Z3VHIydKKMYr36SoM28V^pAif5kRJ;1>je*hZ7ybDVVf>mu#dSMlxtAjTISve z%lK{UPdL)YJy`2dxC6+pqKfs0fry5&8lQj1vye+< z*}cGt!S$1fAJ>v`PyoBo2|;yQ|9P;x)6%Lyf{HHM-hn1^8G$eo&9iCZSlopqI*c07 z2gfTPjrio>;AqX-k8rrdu808QUke{_dS%QpLrrf8w5(1-&Fev^(0*nK4WNh{hA+=S z7BcgM30d&tT*f5MOdD(u9?~7VO z-vo*%kFA~OyQqSHxVgiG%Lhwehg1hYAKDg07gl}&CJwReO?!!zsFLAH zRafPWECMHXrtG!e^Gm42J_o)ZV}xw>6m16QuP^YwsmM1Jp9-s>eB5b|`#mtPrM6{c z&uM*ffuI6lefy@*7+rp8YPtrjl_n{b7IkFK6V!{flJx-v!3j-_WU4AXX#464f%rW3 zV%{{SQY=R^w?IU-M-n~*Ml~@tn}wH=+B*ENbNJ$rr zl`M7=q06oY#16BvvkSB$Cxcx}fU;VJ2?ue{*9y>HEt17BDYBul5+5t)sXeKqJM_d5 zTi2x(^(_TYCt{vTyE-tLp}dIHoWeFmN0r+lNlWD%cmyA{!XPB)^FoQWZ*! z2RRkdA(O@`7vd9LT@bln?)=xz?)N*vRayrLBZ<0wJhkX1od^ZWvpSh389!joU_=BI z!OXaNMMh6PQ|rfSLDA%ro=Phx940SuQ)0P|kogOib$x-Xf7A|OZWB0U_MOW3C{@cU zYwvo1qqE9II%CbcQ^jKfL<%P*^W?4|vK27CmZWv!;&MP*qy`*PJHb7A;MusRsLM;J z|AfGSaF3pzq}n;Jwz6v-`_r(j(fIt)Np~_hUAg8BI9e(ZS^vDkQ|rz)7X0-!uQH!& zb9Z|+o4uZW*~-Y3m|g<;nCN)Xx6FKM8fw$ET8aeD%2QW}Oc{!T;`aI_L`(wCg1r32^!DiF%_*vRG!AXLu9G!k412ey=bxDMCn>E7-ceX)<>$h6)(bs(+;tx+Y|t}F6B-$jTl*%QJE9ndRYSypJ}L& z&seMuX=oz0o9j`ACdbePhp)|?W}*rcvWN$8oTisghy%;N*FrBs^xZy1eBv1jw4DS> ztxJrL)kR+G{SxUn$`-}5=_%HMZ$&Sv#UHT7s0LEfBuBTkb?bVM!%0wE+J6@w#nIuX)97>?_=m95G0zM)II3Br$ zoj+Ka_)CLvMzG!v zr(dX67U-v|pb5wmm8rB{1UnMY-q*q2Uhe2ED~f4TX&*Va%9QzDXeGP<9bS_J^H zzZuYo{d<)0^7vB5cLB}M1u)DLBINuj3co_Yuf)W7^j`fttfc*9_3`Rsb>T6>j&TSE zal=uMO;|qHxSIT}1>5*xiEH9t(i=g{!zKMDkF2_gKivNpvLI7qot@hi2;D-=5Z=4#`9VANddX@P&SqS(h zXDaMS1&wWavnN{Vw5LcM!|n~4z+vQGn-Dfbqp%YIfk*`iHJ^lR0|k1wvPcV732O|? z>k<8o_~fuIKk0G>RIIbzw8CCapvQXfX}} zfJ(%{OM#=}ddZtEq=Q1cQxn77n2kyotRhCr8-YvhBR z4@WT3Fhh-M*L}9U@7mW$$|SO~BsQ2KF}>BK#+$-c`VM5s4kqs4IDNy?bVSTd1gu>c zlFEFB5EY^p1TZ1#WC!Gvz8hK#6utQW*f9YH+5|5`0sCwZ1DK72>HIisf6SGLf;xAb zMMu()>@>_>@xse-VS8=OuIDCD+@eD#PejOhiz#gKO|)hC{9<$xZv*3s0AoeLR7R&V zlz9suNbxEm%`^~Hy2;Mlx7i?>tb#=uW|@I1K8QS@!q8QPJm?33Iv52ECpe!{?AFG? zj^{8ey1NPldJY`447^#dt}b1K8N%PWHPn?uj&_H$E=BpE)1RJA$uhhu5-+60!Biw2 z!#MdHk!9DoIbQxonaHi3EjoOYHQ`*8;t}$ToKRyIyw@bR17He|(OV>(SJx=!ZkP^o zImSAbgz3dGp2@}UjpUkbG)ze8FnXM6dRBl{ZJU_|(%=PXm@PAVTiPd)!{O|d_F%-+ zGu+oesaiiF@5Wqju<}#|?K`~KyD zqk+u~LTMog`$@`(c*YsTgYTdF1{71oF;QVI`w~yxh#SvQ!Ud2ThBC0N&QS=fcAI5U zC^0EUlbC@OBEd{8M&-)=-ZP!8fkgQ7N}3i@z7${zU(Rlbjrq6NELn)FDi%7jJpviDwh_Z@CNsh2<1^LkK8}r#^IZ`*EqT?3i)m5 z1sgSWk-(~1Y3s@8dVJciv^Ps0u@h6uzUV?3Lwi({*6X7EE$A(G4^cZ-e@) z#+s-X)sCOb^Skx^`n=ljcjtHO6P1_YgU0q(0K8{!?$$r9AFph0s!%&`OauPOp?6AcsN) zp=ZF1a}+1Usz+{N-HtswH0bTAF^>!@bK8J8*@t%XgYvE}cq!B*?^ARF|8W$*5wnhP z!K_o_+Tz`@wfC)(hHJLn085ZPyNS90W^Podk^j_OL2=j(7p2S(vwCJeG1&~nwiN5l zjYazzEd!Pa8fCjATB)u@5Z8Pr#lV#j6&m$XN@m;04CWCvvI}zPEx45c>vof|Yl`V8 zK)Pg|Gn>*6F=9a$F&!10%@)_Ru~ifD%%Nx&K|Eis&853uL5*80<&BCr3mPD0Da_A= z;PCtCoBX}vf#xs!Z^1zvAjE#Q1ξU}N9{ zRss;#AQT|{I(VpXiaXM z^AGFNgjs8s*F1Zh+9M=3ykPT*=>z;!@F3U$wVa<#m`WfC_&wPjR25S1pAQAMpN{Qb zHznoTsTP5>FH)zT1p?PBnx4eOxYgM&bN|&OR`RdRO$vckoSqL`_SpQRi7T@>n6QP} zEaBmxmo#-&>XV!T&1=1=GgZxnVltc+2wSzBnx$nP+i)wCF_o$jb;CFmxq71wmGet% z2I3^(S)+5zC&DoC-~{tt#hND}p%u1<<`$oUkt;l}EiMxEh&yAp>A3~h#|Tt_=8OtA zbN7;3fPA3D{3NEqxf_t1aH`u;;-e_%yh)rfezdN>`Vlym_X3cs#ksZ2AZoEd2uP@9 zsbB8!g5TOhQ~bpj8L9)}+LO14FAz87&};%UPSC5jGQE(icIz5xmX|Mm$F**c{0(|pVUW}7^Tu>JP7v9NRV_$ zu~L<$!r&z3Wmw2%WL`ggHwf@G*^G6;S_cQ)j}EsF7)eS=5A$pGh{jE-TcJLS-o{xg z=8R)-WH5Uk<6q)uMN zMDLrS;0))v)3$3DnDLuhUA&Pb5_v z^dv^P#QcOL9Z5YPq&tusqwAS_9RWQ%J3{wb7NSIrA15W%e^8E#z`?PUcroV_uXhy#BI#17TxweZd05 z%K0%}@!2N$fL=9s*%@)@g6=^Gd~KtqG@nN+k(zVRY=Xe_ti=&h`+ zEs5k?zqn}ZU9L;%bF@hava3uXgo!}yD2;nKcN#7j>LEeGjMUzUY#iTb%A3dhY0&cd zDG%u#i$2~Kq^^;F)17!kQ&Dqm5AORTIBL&}=h4JayBXQW9rP~|)GbBpaAF6;Y4T^$ z?X0F@GvEXahPMS%rHU>aS!lwhq zZt;v&v%>|x+isa?5u@zD*B;4 zbemdNuAvGTxeLND28RbkDa?X=#{NS;K)^eIfl8`PLRKbS*?mpbdBA*gkL0caPH{H{ z5e#Ap(CbE<(O*L^)HCad7-Vw?okUbgq^Dx$`_^~r$ zEsOJbdc^=01)L9}`UTxyObQ94;M2<&DHs}8Znk9j!nWyt;AewoNk!4?Fsy6PS0#brPTc*a>|n-Y<4EO5Q$;j1V91r08w!LN3iT z0uXrkoeD9!N!5`0-+OsnzJ9tl8N>B>&i`#AW&v{fQkNno(i%(;q|mpun-bc@iAnMk zy{S^{3F;s%qQU=!9wUVcrad4#Gs~049ZJd0c`WrZZy~3;rZ1+S)%IorC}LXEfxtuU z#-^ISa06C8FZDBPMvB}I5@(s+MOF;*O5D@&Gr2yFfN)yf42ilCDRJFyxRgTILbEbM z0k3Vqt2U5Lisop6B^b|O1HHl(SMNsSUU;Uplxh}L*^qKk5J-Fk{OKK2yrG>AFs|Rb z%A~oO`COBJ^9hGh8fPuHY3_I5g#sanyC5-cErUc~42CXan++0z_X!0yX8$OU(|SzF z^rgqNJMRgL4xcN9uYqE`-Sgv5YI8hh>b_M%VStIPv36!e-1MXe?1dTg^v(LPcTk?d zM742^i^nHs6~*lj#aC<4fQWCXF#l*0=Y&B1K0|-GcT)}oY|SUv$c~-v z%JfUuXL!9b;(PIosqj?aUf<=7;c#wjjCYmBhod+BA#vqYn5j8o(K8!Q`BJ7qSq@xq za9U}~H!CN6B@IvdaQTnxd)0SrhX10SCoEehF6C55m$0|VU9zwoY8^AB;LV3^xhEgt z?D7+-+Bu<)x&r4{o25F7$CExDOhtc%LL8@)LcExZz=KFGM^eWV*D8}ZOvY{VoZJh+ z8_BE+0Hghib}?c6o)|9V^y)%;{gZ2yOVSpaWIjY`FhGS71G-z+3`8(2u&xjt(ChKQ z4A2&pt_G*r${X6yh*DA3pc6Ie1j|>qgLWfZ=@?N{Yx0#XI4po$r4C7}<>ViO_(+ON zvD#O*upb}r-q*IzbftHV(3#PSqrZ3&#nh5pKiYr!5TW#Mb z*brE;IHt;nSpR!Hm+>5x7#WWBZ7>oaQR`Y5BYETvjqZw(Nmri{Ba=}@KAVY=X=9wf z#W7O18-y^b?TUEN{q^0e`|{xakI?+}Nw5SjLcbg<1Sh{#q{;~t=6)!s`Y&`q6@?}O zmG1Cd0+lwt9XbR7X(mQ^s~jm@a#|Fd+UBn@)_g0p@)>{?`miR>MCKRye1TaX%!Yl` zga!NPRogQM&}(jI;^d2zS!LVc5`Rr z2kcMi#yilBDhKXfAo}V~gRXCH?jJ5bAg+j}WdnxLFvHs~bYp+(a0|EHEIzD6irs0< z&Heq|{ly1lcq@dcI}Q2$`u@(=&bNyX3h{1m3ft!$K)bUG$Zjq^q}Is3!+NU0eQlfFKE(2W*uW#CPWpp4PaIwuM8i+vj|ChA4jx1syfy!Y^w#3#my3pk7Z z74Mq5Czcg`>m#onqLw4v$NLR#6PQ05k?!te{cv0kNYhCL@(%BOuJH<$J4f48?b?M2 zyZIi+@A?-A$~gLOcu;6;)}LzBZvIG%upb>vVNki$AM-wW?seSDYbt}EY+esidfCQg z*t`6`{nwz$^5wkY3^4i+>~d;=*P9u?xjsX^2$=IFF`_pSKQRj2Z|xSA`~k~F0D`)?;?o5DufE6MbeK*ieFcte? zbQPj+2NYfQm<7(1{vj1Jq%Y{N3}kng_tLVijeTkt0XsTp%undFQEV07yvzP2ialXT z?J@5XNLGcvK1uHUn2?ON>q&t*$M4!YkgcpzB`zVcBbAqHciJE< zA?1c@4o*2I;Wj9!+j8&ql)=c*Et24Xva!#38U0 z9cM?!(v?;izN|rqywfXp-oPW9?C-eCgn>aT9kdw?6QW`1nE3R>woyttEZ=HD7^UmOx;=gnq|D2d$a=f!%^;?4h&!8U6|1vc7&qX_!^POt4 zb`=wLxZGUabc^Htj9ws=9y#xv!NUj{GN4PcS>YLhAAUHAFFR(Y4_p@}|FIiqwJN^I z)>CB5nl<;9NOqOJ6iW*Eueqz=OEdxQ8k^BkXfv~$o6u}_SFv4lcd`dF=VUFKx-e#E ziu;`dDte>uVTOx_qAYO1CF^kFl$q8bSYiQi9rx2tje-YQ{em<5sNo*B1DQEvXKts& zj(om3mar?QSPF493(lf=Jg8?fMa7MAsh|4WarYfaimHe~mR_Em>EY6-ACoo1u7bk9 zihGPWBg)>{H%~n<#i;|7sL-Q^dn-kf4Uo?<5i$6rL;v-+RkpGF@^J6v;qm_Z_u*T~ zCzMomC2xT~N{6b=zT{0vSgHOJrA}_7g0A|g_2luFzp#JE&)^C;fI3XY{&H{%;Q$Y` z@FebVGGK%;@PVItv=?Fe__BKi4GJRVX)DOw!RY&-MPZRYsb$N&aAd-usj6pG+oN~e zuYR`rJ))kN`@mX=ER1ik zb?OE}?ZJ9b?-E*#30ws~7f@G}V>v?Fk`<6DR5FRiO7N{_)HIqQGHP&p z4AJxG*WGZV#moYoT=yJ$G3_$=Cm3(+$TBbi1w>FKKk6#j7zs}(pL_LR{lFOsIz{=5 zE7%)4_i2-YK}v>&Wz0nmUwx$hRNDQtdPjjE&ixRdB3Vpw1!aLNG)t8Wbn?ns3#*V% ztb%emcCv`J+_%TZb5~%X^93ZG1V}8>56-tt&|*vzn&>@~N*R*Y!qR)tmq`c3u0jiN zuz<3KYa%Nc0D6!%q|v2DP6T&OY!fJ61R`_UeUFbHCvrONuxT>`8a~d*Jo!%deLQ)E zake{w5%$mK&OlqM!EE%5!=Y@AsH>d2E+}Z57Q5)5OAMR;U=N9ccK(t+%SB`09ypEQ>Zd+75Lr+kEKUY^awb*uFa@=u-)MtGEi)fj{ zenOPJ|Fg+`M!#AxrwGZ+CDn0&daCc-nbzc%%-Qo_46AsFx;XrP(<+cqXsoTYvz)HG z+H+hhq_X&fD2tGJDL4Y!dPfQfcjIJzG8r*myhFL^LF)+j8xO54057kG4N67wW36Fi zn+kT^4(=<7xDu{u-I3`zk=DruMGtb37v|SDsShfIa;OeAL6rLGYvw_4y(vZ+N`n>J zORXT7)+MlsN?ihYDEeT9P-*ok=g0ZR_-}oVA$%+uL72BbnMm1zFhN*c(Ir=fIpj-4 zNeDbE?Rj8D;t8NXQ~rn+FS0y+XKYIqHf%NfDW%?$r>&LxH9D5PP!@O_<L*e<6MVVK(VUfRb$y-FnlO8M#|e zev?0UTXyTq;zh7nw|-H56Ku^mSide_o7uVbpuuxBPvf0CfZ*eNZB>L|Xw3DwZ*xca2zJA{W5`NA z@<5eM30nSqkVS17dqpmGo4sltc)<<3)958CQY(NKC_z3hc12mlmKRQr;C)ROnJ!T6 zPSHCmKrUDZ5I04kj0jGM6(&ooBHT6HXPzg#Kh{ z_^~$%Dou0$`xz!`_U&%u6m*<^N3YO+1WqCMk%vFR#pD{16&eCBP=mC8^sVGSuS*?w zLHDBFGq?_**CI!1UyGLFszkkCZ*PPg<(v7wVf4yqxX@Q`ZuP+~0_r8) z@95Z8)KEKsIDybr` zV1B~`7NK2WSZxO<0i@5%NvPaAe*i_1L@Up5wfX+6vS-wi8vCFZF(JO8HV}U3vTG?L4 zb_WQ11NQZMR$O+nFLlK#c(%2Bl-Oj7?z}MV`o*B@x92o8;l(!#G-LRv_1e%8N#g~I zqTQ-h6O4TU+k@eohVi!b(wueXo9f>U4WC_KGFeC(>fa3wA>lGm{mA~s9b1TPZ)jV; zO74}`ebV9L@1mRdBB{$P0k#=hB+ZobAp9*pEBc&O{I_Ttz&k=wmZl{pS0XiSQ=E&R zg+8v*!-m8c#mMnR{31TP%{cL^<{^?LEYduZ7T?AhU5Bk+VA65$dNL8;qZk`%D$N9; zULaNKTBX{D^(`{LH}|(Tj-Rh@ZNJ=S!_r>ty&P}vZv5Br^R4a8bQo4L{{r9+MC{aD=f~-!UO9IvW=DB2v;=K{F zwKY(S7wd<|2QOc|Sl|DFNSpvf0r_G;t0~9xZ7fcLHbcGC(L0u+MZ+pCByB{_mU7NP z0UY$%y(t%KYf83`cXzgbINshmINW?zIbD-xQLvcZl@Vt4j!U{?jpRz7ERsbHvU~Ad zC{Lgs1y~r5g1pu74Hey~Tms+@VU8W>XNcs@a&mS9mq8*8E{Q}Zpo&rzL@vxr_;S+H zh~&eTYc@vF5bcl?!G{2&bLh~fLI`<-FexAJ5az$(uF90;G0{h~&h+8KR-yLb29cZ+ zJ_L3Zqz}fL@)1K)Jc??B%?B((5U(-{K6I90Ee#5M6S#)GD!{-d#iP)D1sZHzc^H~2 zgxE&^3NLD)!&Wtq!zTr(*t~cYnpPmj#+8SmdEP{h+Z3J(F!@23qptC3l z7U#)yOq92ms??$WF;0(l8%P_MqFZb6d4#Ohw9+HwGDtW>pu7xb7!0RC9R7EHiX`g` zh5;R)-ke_a#o>a7c0rxEUy{g#ga8SViUI2xm17LXto+{lhbXjXJB;IFH@mg6KIBH8 zay;a*;|8?pHHtPSi=z+^Bj>MuebET5k49gQ9(-q*tXlfRH0&| zymg>nC$9UR^`H}BfWALbH0CGh=MA&(CGtcE47aYSfw~<^a_)>Y6&ZTpDtnNd-EfT( ziVPz+x%HAvm)_5wTlGlPan}-1iM)<5L$OX~IUD%cn3dRhft>cX+B)d>V~KFwEM~Vu zu8zj%kL)w4#D_!(Zi7}60Lf0Od`gI?uEmz_j1q885JClzWaUw&P`>Irkg|N^fcC16 zC+96vjL+XxgpK_5C18Tx>0azRH3vBTs8*0dktki9F$GFc$r76e%^_387z6#Sdy3)` zKXuB1J5sKva)aB(?u$KCciBIFw)y+x7rW0k8F;6A=fdOHt@e{Pvo#(|3OSC75KPw0 zjiAt0j0B#Sy}I};k^StP*)^Gd#^LXdyUC-@TAayZ6B&{S}x zo`B%% zfSeRZO8JOh^Y{-s#bjD~hGe&Gtx&!}e6a77A8e8O%-GH=XY8clD60DuQ4k7Oz9%!8krwRPP>drir`YnkVoOE`2F+#O*KR9YQkkT%e=#jHgS&R|l6 zzt=P22#f@5cyzg^9sATx)RaxNp=WfbA&@U{Pt9fb0ta(&%5oPXM=M+uIpnZrkctOv z7C6b9&_gVxA&nD&%P!aoAQMSMs;|J#$~~8!l@)uIUS^|i@wy^!M_FP0q&w^Z`X(;m z=z!f*g{Js2*2{3ITwxg@R5#o)FO$MP^2S^?atJ?ouml4C5}JIwwHk!_#@1-lc1fbW z1f~F?Bpv!43W|iSVa)~Gu0p7(t2k~mLWU&cz`MR!y>vONKn}qTlFI-xPo=uJ!CAKe z4%z7qxde+3r4aI}<0;+BIWrMAeOtBkB&c01uKktNQ8Tj>r|MrzfpoD+iR?D{3L+JY zun{2xvDV`kQM4FlNZKP_2j^th8Ac(cNVw9LUD+v)4OaPMJ~sab<@@RV`4^zh}Kn-?ptBFg1Z@c(&^2iOMX(7Ql@iVd5W9q zQPupL!LU1q6pZbI%0cv#rvjHVe;tZF_; z9ftxhYa?)Yt}`{wE1mZjUl8Vc&3V2c%U^UrjVv8m^)ysZLG1o;de&LGuLR&{J>11~ z`UXktAZfT79+~ESB$AUL;K9Xc^oD<8qnL3{utA3sdcbQE(iuHmdZMY`=|iMZnKtPLy9b9el>@&26xxB%^?Qh};*}Mh_IKa?{soIp9>AZX0w-)3TIYqj ze181IyvqYtk=s)J-VUj-2txsp-fJa=jqY$XWcl7bMHVrmETjGqWH|t_tsk*kTVN4I zpUJVB*IAH*r1~2dq4__4k|z&ZhUKb^z}_VeH%x>ws9CKE7qQpDDQs_|h=^x=9|@2$ zG)M{NeKw=0%NY8U%C(A0Y$%Z9ALvZv!`QuElOh}AlS2#6(g`zdx;{Jn<-iKmSQaF8f?N#jhv2bB%xer!xmkT;CZljjPQysGlx|0be5u6mw>L!MQ7?U@Ht1A*8nZA{^ z1EO058^|_(;J@gJ0OgU`u2xVzw^E5()saY&Q=Vuc^CSBpm=KpE3l<&6R#Bssn8b~H zJrOVh{WRF-04r)KLg;}%)~;5tH-|_?#g@|r#i=mGl_xch=^xZ-S~h`HQ$FZl^p1Gv zID$o{M~vD4+-IoIN-U!*2TFheM&Fn(i0G54w@Xf_{1hzQk+9Ely#;!vX!Vug>Qhh} zDBosx73Cox*_~EkQ|w%gm5ISnIMay!#V)TboDRAdyg7*GNk2lkJecanJ47*(7j>hZ zGFm+$BqoeZ7yZ9vVdwoJV+Q-_XJD{8`H<3|L@BMUNlq9Jm!AWKlAfUgJd2bgPGF{o zUrtQJIaFzYQ9wL$f$0W)ICnU8N zU1xVw`9!yDtnrj_aSBuOggQ!>fe=-o)pT!w=Lm3n?iqIn<9R9WaWXQA6SE;Oof83s~byoTY_P3R`Y? z9zWmp7+L5Og37EK;;Lc29xN;6X-a(^`B^~#H2evexA@-Vhxd;;a7|$#_;x z8Rn>$CK;yDyu)jxt}l8mlIRm&|0><9$TC!|$`Z~dIn7;#V90XAu$@7htKS*7a03Ujw#+bi@5`=GvIW&(_=mm!54J#Rl6Sjwh%4zFQ*KokG5gc;Ryqv*- z?4y#7?NJcTS6f?WKJ{MIt2mst${d&|p#)}Ec zhPOA&`+O8)MlY`hxbF1)h16IdLyT)9@Sr;uy}h-B;>ZXLf`7c}gS9njZhAeoAgt=o ziF{)a*^4hdZYg+}>;#(*D};cjy=Q;I-lI-G4^KtR8+q0au~udlo}`97Qw#%|3yv3y zm1-Qz;d8(_oqzFG7Hr7O$P92>WnJnESZ%LCFAjaxw0;g2tY28Py&#OJ+s(_+ZOK+q zBfXhgv_uzZK839zV&8%l$mXpxR_kBh{7?);`6{*bqJ4+8E!utfV2N9l`=93SSAt)4 z+f}!md7D=E&4+EBBYU=c%kgv-GY0yFcXB?8_cbV$u7&h2H!EgtaGtH)^PO9oOFQ#+ zP_F}q;08=spKVWmhLTM9r5j*B5QaHID(BDK1qG9{antl%!Dg(M=el>90oocQn_PaI zzN-Dy_h3@_GQLSZTne=Xvl#<18~FH^kxyI>y6ROP$w0umvL5D03Fa8cmeV-qOVRXr zA89#c`u&0Fh@SmbUZWquyQInq2 z_-;zu6#)6M>QbZV${DFU!Ait%MuK@W`Jj&8@i+-tKAAW22}eG;#mLDAO(VOAi#X&{ zItLXZm=kkU0K85l6)cSw;R#{E8W{RHV=r4pw%cXu&9U9(8z>OFExJ%kdLRcR*SBTB zDhvl-zAZl_{LPHo2m|MY5G$r#S@uf1uc3SNqi7t8uqA*M5?!a@l>wm+Z?5RwZ?(k+ z41-~`m#V?tiZsj;oLjJnOYlQ7ZNwYAQ;V8RnkPX|Y)_~y&`1|RTFtl{XwiJ}tUK*? z)c#xwU_1SHY~gU!C1U5aAMM*ExizW{q zCNcBwg)CKCp{>FAjW0y6O8=zh)7iX_OY_6tZ;u@BxZ!pF@|DW2zQ9_Vxi2N=~@ z3UMEvP+aMODCx}RI8jR3(J2cz;8 z4lX{u|5XA&5Q464bB-%L-EDO5^bPOrzj z1hwU|r3dOsLQIgXjZ3?LC46fy*pNeXJ*le;3}w-!PUrR+aT!iLjDQNFv&a*dK{c*3U=8M;DJA1wumItPOQP-S>JoJc=#DfyEvy;6(j% z*H#Vk%>VdApf-Dj{!cf>rFFPRc z*CD%(7mPB3k_ELuBwyoNIL3S;KC&i01r+jsLm-H%8m+I4ptgoE$v^$yTY2p+2NT8> z?W^cP#+8GA|2ytl`hn^h>qK&q<<@)audYL*0D@8Gc zEa$$5lz5~@21r9?zJ<$oD^DT9ZIirs^`bm}IhtAQ1Sdd?$2j=-gDc2EB;&$4^+w=8 zDhTvid1~ZPtXj)_otU3!xrom;LNa@BfzFi$tKkR|{b<@Pw6rNw(~^^GdzCDcMs_s(p~9*Pi*9I_r|AmU!#rKPQ^1ySul!zs|Zs2gjR#*xV?& zK=@s;N~Lp2)54YM)gmy}Qe`;`nrEz>=Nh`ed%w$~OkB`cDGbKG4OA?2x}Wp($(x z_l=;`c^<<$=K35($P7zp9P8yAw<@4A&%3E3MSwIfY!R300t32@+{koUOiCadc!D^T zV3;#36OXNn=w$k)A(t&A07(Zhm=|e$I%;NtuVq9PY8yzuNxR`UBqK}G43E5Uf|S0% z>2^Qvoe8|?Afo7gRM%kR*0&oygKBpHdowqAX7xebdK%<3b-FP~8u$pYtWxs+AB z3GEGPpodEWsNjQ#PX$=C*wCpncuQ5h08i`!MtixQs`M8!vQ=y3G%Q761Mh$AQFu2 zI6j~KeV)4XZLK8jkx;hpIB=wVU&h!Gw7HG7!&4iXERNW|r zqJ}66-8PkN(fW$z)+rS!vm`m)vRUPU06O()x8?`nmaFggrLVy@VhPTRuTa?OO`}Sv z;zol?>dhEaHNY^{c2gyy&d3MlTP8T5hlH6})9vpVywQo`G zX)S$|)%7_!%$nB_mY1B`*tjwaOe4tC(T@`Ou)RIeZt+7eF$(}vN(e`Y&89IgIAf;X zhvanzgJ5wpG-u0MS~MyOEGjrUG>tZc_%&ZPHt_(M><6P8PeBobBWE;}!aGL-Zjp=m zaAtHsKM$|5ONL2+K>@KDVMf_Z9I{N!jJdi~ZvSEC>QbSAoD{sWypYzO`sXILYdfW6 zxk$ z;V-2Y1}!zaAcQGIv40#Qwa5@;&)=SgG`sqgQ*kTmbb^+my77WUZGhAb?UTUDrkiSL z-zMT@r4R^>bx%8;0!3OZi7ZUnV+oyxqLw`=EJ;rRG0yvBkor`nB~h_6jAPFt!3TJu z{NE{oLs}9B7-&>^va!W^wC$V5K~eZ&M}#B;QOmDEd?-|vU13aiC@Z@+1|1ZT z$ibcACXdo($)QS6qt&&gC_Of|DU3~O?VN_a7!eHCikMt(;*bLt>goJKV5w|2Q|+^t zLGU%M^#TfA`jj&;Nq>f=$dG{)cUoTG3GiWhptmi~yY|cR1j4F2}(pog3)=%W{UrDKV!68|mXg@ z>H4P2*h#Gf|Ij#$H6fjw&aCm_#+S-X+Z3Rr((S69DTZbSr<9L6w9!Qs3Wsf0yglJ);&QNunzZDn0j|QpmGbtGi$hkW{cd7NvWSF=&{+in8Ie#PH4P}Y zlKP2j45hI)JQb98O7+)9dbk9LI08z&ST6*%V4kI0@x~@>B`_l@kI8eL_3+j>73M}< z7bVsuMQku%Hj1cpZ+HSRD+JQu^4&!mj+p+VA>fMb2s7A_6Zy_6hrgW88PaeZG~LffR)pBx{1(9vKR2q2Hszxhu-Pn z(r>^R1FC?h#EgKM%T&17kiWp07%wUWh^3C3FXWg__Iy{#qx#}eo>{wEpt8uTML<#5 z$ErRzqDptJs)e@l(57kuPoWudpLU!SDTNflVgCV&=|fC39DXG&0MI8bk$#p^|z{A}_rlICN zhqqFC8TW)p-G<)EArB|k6-GpLAyT;w%v-~vlTXb-nv&aK3qms+kH{Sv6nu+ITVu2Uezvbh!2_&kd?^$XSJL3?#$K~ zDp-L+aZ$Nct3tZfA^_OIslHTe+{25j@72gK>H&4sXGqpPUs;K65z=oRmS*it*EgjD z6;WR%Vy=v}wp23Q+V`3Np|*sKISzTJf^^R(7e$wpj>D~4R!jt4na@1+Gd5$f*+xOS zl)u=;nh4jJRj`nk#qf*T(2H~vAukvjEsE>&n~O8OMvq}CrT-sNQ;`rK!WltJS|6Vr52~?=Ju_Ot)@nr+W)s942v-vuW(v|bN|Fcwmv$upJ zd(hZ-JtDRHn03=sZ#UB`2+_Vmd2}x|j>M;`U(b7&oi@ZIFY$XbV4AaNP?vNR1v1xC z%|s{gNoaQE;zyj_yK)o=SoOu?Kx7+lI64wwk>5n3F{jkTIW+Tv*WE11`x0e4CcM-e zCy)Mf`{2pZ!QRI6{q2M8AGUBs)$Ts?@b2yG9N-RIWb57Ax>03#LWJ*8_nCUd-1Z2$ zk%s*i{=G(+8tng>W5lf|mzQV5LErC_Q*~r^y+D0a5ZFkOHPcPi#&1Bi#Q>%j9)a9y zd4EyH1wi`v=1}OaWCn#knhr%MlS8488=W*!~`A4_$6)D?7?D(@O$tD%t%Ntdq*kEDQ)YunXmmH=FuV!yHNI({RKKbG|R=I*ps z^jUpZ`Yv>+KbyO);dJJ%+daF6n+|T^lINR-oVu0da14EXp;AMSH7K+TtKxnd-9%%A zopl=DAPlPM&fE&LjU|bq#+NnVe^|Kp;PUk)R2!IqhFr*N8`}%aF4uy#7J(*4L9$?py_Ci(cDYN!x3`mpicgbIO);% zkvx{m*OT7}NerV2AvZCLj>1ur+0k6dGh{qEkG=D*GTRK2yL_Y{7gek!9=q zq1{o`DQPdLP!UyDWw&?r+PB$xoP1}*pmkyT7@J8;+hZpdtef`bF_@~|&iH!RZ0o#)a!efYrWG^ao%#A_(V2k`q=m|_RnAP?g z5}e|lK|$1ePF=5}+k!fR;wTS}J+xZk*4cgD6@pz5YhU;$Gkc(UUN3?_xb)-{DiRn6 z?>gc``zm`2y1|YEX?jqV$*xa1Tr}ua?ydPLejdbvx$8m2f<#Y6Wn=wU050(Mup*>(D*D;bmBdIrzad;Y+$#e2L*_4nU`2$QV!T`_MNi0PA@inFy zW070_p>QTyINZgJ#0jKNf^ETt;PYdTlgqXY}YJy;Lt zN7-G5Xy<^kE1VR;3B|=8Zgg8@Y)Y`MxqJVgxMu6(4fm`OAQgE+c(H$dtRfKl&{N#? z_!a>hzU~76Z6^7_scisO*E8QPrqiT8MV|b8=)BSi4t6F-i$4HA8l51P7_efKt*yKm z4d3#ffVc0O+G5=W7q>{i-8(z$v`=0mLpiNlbi*ZZyLIQczx{3Nm#zPIecqe=WML^a zOkR&`hQ1nkJoG7N*bc8GSI(A-%;TpsbMU@Fj~7UBG}>IsqKVLqOs1_z@VbQDNENj! zv^5u{k{Zw;ThLX!+Fm{GU1eL~O{DHcjp8##tQf^$F_LA{w6UYKEo{;a$6M!@$PH<4 ztvo5QB!}^NADIV14q40AwaIziy^cr5`UB|NIB75tVtBU+x`OVVC_z-IMJ0j~M@;D0 z_23|u)fJK(0;Jomm0!u~Yp=qh(qMu~@tPppj!&EPt7~lud1LxWNrog$I0HPg*4mOm zk*i4FKsP|15G{$7aEf3PIAh}j0!9Ux%s_J5?*rtMtM8!@Tq6Jd`yYRCYpwHO{dzK9 z1F&m@(a){r2Y7J!V z`T4M5A?TlT5WX4{E6L%DK3laL(2$?qZQerm9!%>h;B2r*_RFFxfsY_jvnmKE12g zN@_5&#j<6&N;l}M;MCCdTlFx@Q`{PVMD>h`vXrHSMeEmXnMf0vAh&r$9xoVTNNBnK zgE-JhZIT7mW3@&xHS^Y@$O_UDvjw<%>8OKz&(r|Q&mjEPks+42|S(O66mKB^< z)zU4!Hlt*t*>CWxsQgs;Z5>FBGn?Qzu0&2@%6fhJqX64rN{j4k2ci+|YKe6rKpdHlFL?v55$7Z$M-a>jtd z)}!tHjfYRS9&J6{_zV91^Dh0)JI}q`{?RgN?oKw+_Dh>i_jG@2oAZ3R4BK zrw)hp^}*z%hrHBLzyGPr5+LxDn zZ#enT>Mnj20s5-D*!t>gDMY#H^6H;EUY~2`_K)L5_>OMf|Vc666|#s7`XQ3E4=Xm!wJwml^IN zuBaGJ5nFG?IV$H*l<7?40?K0}C%CP7E^YS)Yynd`=$!`{L*Al~o^UG*%O1+i(yOzJ zvE-8L|&ags+sAoE;zan0&?ts}0sqod!q{nIRDUgV=o(1b!EndonbqoRM_nz`mpuX1j3 z46ZKz9?VbpgfPr%ZzHCUJ5MDs74lMTK7H|M>xg@Vim(*1H5DE{-Prt7EUkN%K?JG?i=%WBMN-=3KmrvS zSfoVx`E=qGw7v#c8&FxHjRiW<($5kSNAe;I5bDu*fQ@h5pAJ$~n(JbQe(oV=LDoqp za0|tzLu*-WnACxdfk&hr@Ox7ykGG$09UT?D*kpR^w!A{)Vi1r%WK~D|LixcRq&>_aN8*@?n6RtJ_+7ciZt{9?j0~JD$ufI9pf3kmHlb-U ztuyBT-tS~Rw!S8os|)|$y?gryds`dNcK3Gv{1;h{sO0x~A8kKs-D~~s4nACzL=i`H zOT7K=5{=i4J%qMMz4|{DR3%YX;%DvauOq&{Zv6qQW&oysmONYw-=Ww*rwE%0X{(`( z!lRA1fD=uM(lzTapWOIX&e;tw;M?_@{2Slc!$4$D*p_a2IbNJcW+8WO+w2+iWuJJ8b3g?|Me)JX}9Vt!1>0@gE zdZ{=?(Q(!d8_uBMB2p9G0sr>5HEW?;&^M|%ZaP_ea#2L~B*$$X0O@-Fw(O~{x~}BH zXHZu3DVQ=EpMH!6*K}79Wd^0Kr|ts&z2^Z|Dmo^(ydFahO2qq1MwKQORlJKP_8>(+}w^ z-p%pBjw&F1BkUVnhk({NaE3%yvKi0J`KI4xc;bK z#WOXlJ9A(;VuEAK0p#EL2n$BnPZ(uLpEs-LFwjr~N%2mtm2~jRzAP!X^=C~wUr&j|w(EUX%{=F5$ z822yp;j=(7Nql7GCCojqP!w)p6$05T?1X7lr1;1_roX`jPRwNs;(hij9TUq=McRBr zq!W7HK2^~yxXzs2z{pbxEGvYfnDmDWAHTJ~cjp{bUnisEH;L zX@Z+BJAvMd{f`g|Sr`Y9JvDW3R?Wf?LtohEY3$Crf{c5GFkb|NN|)Ad`La`mV48L- z0HoZH1lW^^!*!fI;~#wVJA=B_%sSP%;fqF;Ya z4+R zA%C41Ds1Ktp%468TUel@CJ%$6GbXX;D|U#x+YF2fhEQLInxZ5Ozi_2YUN0>CqP34` zQn*Fw7_P^3w%^Tp&Q-;2Q1owcgr){QAzF-~9T{uh)L_>u>Ka(BHZ-e)ZjAcj@8A{*$Bq zofmtXTZ^=>4qGdK#~dzMk;T@_-_wv&r9G*4XK~?lxF9Wk*Inwk?hQs}g<5y-x7Kis zWQ|Ux<+AB&y9CBNm8M}Pv*i=q1>RkH&sSd^u66Nw`SpjzR?_(ITPQ=aeFP^R7VPDl z{<3(@FqVF64a9k}cJl63A12r!8xEAP0RZm2c|F7qFIK}cNG&W|9aW!>s@BS=XlHrt z>zrx+qV=Bxxo`(Gx%uwZ8~nNEr423HGGX&z7#Cs{(;#b|^VWEztG^oK;&@(H(GOjd zclq$&y^_)^=R^Y@G6I?J{quYMIhgcL1a0bMXf^tq(aKynB^DP+tlNkNBAqgiKFO1V z5<=wKyxn>;X!!;8O1(0|E4jazhxOk;rCDGDdit?}=0+S{ER~aokY(}y7Q!yNOLy{u z#EAicm+yhC4{Ich$AEN^<^Ql4aHq^reu9um%Z*jy^8QlsmbSTB6H>{24-hlG5vPpZ zgcGATMoZjD-2BXRKcp%lVKkF5n1L#0rUuu+7qe}4-{%ZIL2HQJD z+-Ea(vcOU=w!t(Y_M>Pip7sv0uSvd|fX$-TqXC>Gec=1u9-SEAtlb??3?9FIRPAkz zvHTFlS--oF(`&sm`}0JiNGgHI zhPO0YU4xO;N$Am@gR!Sci9y9D2u9+b5|gLIr--{8o(?70UE?&X70+atv5LhoTaV(g z#UXFV8nmxb(Dq9GwHWa$FdZC-uEgf1fy_iE!p!jR?N$;&uBj{@6tmGdTX$V=0WP2^+n1!?y0qiVd3%P~Vvf*`F1cx{>E3~FJE_A^!G0m=l zq2wf=o!f)qa?OLnTW?PWvXRkgzZm^A!cv6x?$gBH))}mBSO~Z-*Cdi`DaUlY_QT4o z(+rsCk5})7O0JiAR6J&gC$BIkf{IIRTp?4kN!61SA8dH#{_CK+gj7#y6lM*$29X1h z=bRF4u0VN4U0JmQU=889k`3HYDfz%TVlSvI)-$*p>zaYhT_NlqWE>|Dq@dI~6Iu{T z3#YmnqYI@@j&@c^1d@iRHbe+j>-@wH<(tk>gO1G>B7`2FRne?7LH$AX)PSW!zUoh7!h+(3ODyKJ!7I&r5@vx3$_BmB^`+@IL5o;$s@FJp6l-&!wmxi7he^fi4L>A z?%BVLGJ)hxMOUZNF+`TS?{PIY{GeC7)%hv*d=x=E%JG4`S;?NkK$_zen56=tKkY|k zzZY(FXv#W7*A3o^#0oDsVBtIANy>Q&gF$j0*A_Hhxa0i^9-Wn8W!6?ITYr$06Q)#L zQH9N$*pL)3rb_Ij%u_21Ym%Lpwufh|T*`6Kww$~`3RHMffHPlzQf-S5!P3N$t0`)w z++kbmu3%3bn)6_?;wxj)M(hK_-e;E+XhfZHw97OKwroQ6dN27wuH*A8kD&-uXRw_8 zOr`J!tfu63409n|P4G4giuBx>(Vd)W;P+(7I7T)`eLZbCc*qjGAVLI!bOXUq@C=5S zXu27Ei;RemlLTA%86cmCOo?1PNOoh}bFDYi6qcxa!EFp13>*#&TNk%+s+IfKBX_mS zB2@J#gNztZ9Yrt-#w`Oj_JKR@!{EqS1ay;z<;6EX-V%YfywXhcL78&}qlV$@qY9IA zo*&>+!H{C!L`8;v>i}p9%baOe{9w(cTDU<1+>{GpcBxHpJ%)Lf6&ZR{Wdlr57W=KR z&0;l?R-&!>6~K(!Ca3uoL3^s3V4-rZGM(F)pLWdvCToHP5yoZOSOutpHGuM*u7lsjQr;Skl7ev;zV9%%Xsld$ngX!QJAP(^qrT!Oo6$T=D1s!7a%>!{aYVH%q7 zEyn`L<3Z{9AYOF>y_(Fjk+^s`)bUFu>a&D|+5#OYS+i19D0&W(hCik17uW;zk( zMmW&~=qjZJ31*9wLr}PDMQ0A@HtEI}ZBW0fXmIhQ_0zT{%I~dZjzo+Y0mW|i^Mxho zu-Sdn8(!@&IF0bYRtjYV7cve9ORilb^s3fO*FiEi=CTLl{en7%O?+78%}Pe0FDM#o z7U(n$=AWozU>7%|aAjYGLK5gmLMG=D#y&0o7Ak?6ET5 zQ!)d}rD!TPZzdv<>30IB#NcETVzk%#j9vLkp9PDH&WaZVyVyXw(R$3Cqp2+pd z>x(z)7Su}ttm=E?)gOY+80yga`Cliw6ZZh6isE$+2L|qMV8rxuo`MH=UI^+Atvk~h z#CL8tIqxFqedGJBqwVMW2OCeH-d=DuXGZxKyN{5pj>UrxHLJ$+(8tR|o6VQ42M_Eb zAfX>hZM_vFj)DeMTuNe3DK-jMy>R{7H}P)k6ak%xDahrZ^14ZqaTXLv$qlX;?4SD% zN1UGmBIl?B83nX2{aiT`fi^e@1GZy{>om4~}lMu+s{2uI#MJ z=UduwSt;?Bf>3mu%H;Xf#oAawfrZ>`d8^?{B8shjehwn)xG%D*uCFG?N9*~%;e3O% zK~d!jJt^f0fXH45@5#lOkz7+1C_j(ydjsXZfSY<# zVsvT@aqa>J*+fC5(=dnj;RMY}p@nE~FWR%kDBsB1+(HLtXtm1HFeSb?jAZra+UM9- z*UpZ6o>LLtFlb}Ygg%Hf<<@FUa_-}}J_lxeK(2Kd1nftVevSZ{#~0)05|x3yDTH_j zcf!qZr|zq{P*>Q~2{!8dHcBp%j-ZOUs&i|}0{SXQu6WLfYiZWqfA&+R#C?9&oEOo? zvl6-nv!>wAOX>-Wvzci2lqC&tdW={LN;f3?bXpydyTUbNUPGba08G27TZJi5^hlTV zWbe`Mms1*NVory}87dHGI5hRHQL2XyfJf6d4O8ok0w>Q1Dz9Qnt*I)(NafB zHEYv#tjeCv(5^9baOt}G^{g(=<+ksi?_sk<@3M-+HH5tIng1Wc?!rLB+|^NMR!c>G}skjj&Pv@mfb6u@(L2 z5SPFrxN1j^l7pLw0%!@CbB)wYK*Fi4IDaj&FKb0seA$Y<9H9l7jLL0%*6R0=Htrme!>i?jxd4rc1 zJqkG``qf%VdG3VcoSgLoXvXhWkoMyB3e9eWv`b|PU_skF`yvnEJUbs;y+#5;Lexgi zor5;ttyMS8Lcd;ZB`~C4ur;M`IUf#@^Q7I4ope zGrWi?&MyZ0aqWXyv<7F`Lj-%7rxzI*ISh0R`lH`B$X(Vr~FeCdZ<~!F#2m&m_Mb-8WC?;RL$-v){qf?s%vxPECo$CaOc$Q&`O55=2E0(W%?x+ zzmfmWeTCk7^!J&>r69MLH266y^LyJp{y@kmtY-y&mYrjD4V7dBX=}o;8R`cj6qsk;l>o(mg}O_9rd*1&s|KU!~zjQ^?Ttv7BN_AK2zXQOvfHgKo`ZENLw{gXyD_ zH-!%?J>#O9Z|16YJo1(=O+Hq0{H1okxdPekR)T7{Ab2`dA!FWt?l+CD*4I;bqR$-E z;;hc$kaZDe*;aMs0F7adg#!YuYz06Tsyu|Qrn*c5FAF9=mFpIGh0^1=<3Sw%j*+_2 ztOVf7?hx6%SB1&grM?CG@CoAOYfGgPS<5K>!vORj-|B@}6kkkqzRgSDDA zfs%v**w};QcLlrx!=I5;)UDA8`uC5a651#ZGUFmN+{3)JCwbiVk;rXp6Z7B37U{}` zJ98&1#DHWT`!ejz#C6Rv+U$_vUU13GaSF8QNWpx^0u5KgaDF$iyr5G!MoY>JM`xVh zn8Y`ioXSbJ5;iw8nq36Af25{iWQMb+AP$T6^FH)%*^}?F zI}&KKO*wvZ^KQ!yhw8YS%YRcdLRAD4)Kyu|4Sf354uW&K`YQNF9i!#YZswh=c5qoU zIP_I^<7(I!nzFLH!f7-O?9a#?Glt?~Ylha7)!FUgq)G3rq3UkKeQgpa>F0^O>R&A@wtFlF|cl0X9jtlFdTp+_vj$)B*i_ z&=Cs^re*S&0ac}u3NExER&YTgh;G6qQxZJiq~F?@HUriUeLkB<|(rzja^CIAJIs86XAz!G5>&qui%MHG#c64m^QZh2U&N zpQ#+eL29;@o}S>5Gr<7sI@ir_9Ex!`aq1YM^2h6u*zohU9WJaHs!|jHVaGV~X_r@} zZ#6d}GIPs;+X{N@K^Q@$Kn)!^yZCfv6O(EaVrmp}VE-Ts^wCgadcr}lxu?$t5a+qV zoDha)F8vS#f<@%d*b#n0&2`PVaXq;zEL`j}=)nIXY!t)rweWE`ab5G@94EyvJ`E?f z96!;5`2y6T9JPtrr7J>D;7(_~w&V(t>AT({GI=49<5HKEJ6rV;D}-n0zKSCMF7DV)eeCG9_ z4GT?6gyY97jHC_hdYzq#N`>iAnlB=DA_+9D8yl-Ip{8XM@PTdT=2hddXrC@NnqYP2 z`gxXzx2DU(8FgT$ipl?xTs;+Z8Cy4Y@DOQ9NfxQ-O0Cl{#;DrEj`(C+kF9~OQyB5n zkUa;%mmDWfQ$2~t_aYnMGn6PNdz@@~tMRPTR^?LA+<`>c*Nj!cu_4p7ZC#NT{fc30 zGgMP0BMw_4_=kS4Wu-K`cK4TGbsFxrtdu5Mrt7WhCN1Rnt_~{r<^s}_>$;5}lvWGV ziYUnd6Yd-c_Bq`rYK4YJyfGL)6I@cpgwF=M;CdHi@;$7nE(Hg#d$ zPM^v|$I4d!cC@jxl^@YIbq+}B5$7aU;|Q2i+&~K9AeR!g->-e$Ud1wtA%JVls6KCsN33uCBJVY)e#jr&Uuo7`P_mnn~yc%%Ss7no{p$=DbIr`AMjLL z+`11KE_hv-?i$Dw1*r;n(3q;PbOL1=Td7A0lWHDWl>R=ib5*nMRM)Pn$p|~w1XD;z zGkL6O4YY#jD{-2*m6#dp~rhGqj3x)5sQaeTM5Bc(a3Fh}+kz40^~>#Kc|9 zs*9buO^aL#9rCsW)T4WxUu|ivt*)-Nj3RJrM|FA&_(^nMYA<;2Ccz~>KHr)3zd;Ku z_F2m~x_lFLTAK0~mq<`N2ti6kyEOrSp{U2mgagpXQ$Z6x^Ho;N0M5NtjKZ)NPKL&IZa* z^|88Itg`I1ej)d5o`g0azF^J~?_oTyHzpIH%8Ah?_j5&*qCn#W849BE^D#^Ha|Mx2 znFtdIpJ^hzHDQ7?RzOu;#kufyny0`^+zi20(Q^~eka0N;fBE;(YE%b63NWgKt>?(d z;R}8a@n6N*oWeSU9n{GC|BWK~6GY$_kjS3^%@+{Jp8(BglgCYx$Qg+^MO08t6Svq^ z{)Ex|?-aO-wMH4)gn1K@QxPA;=qKX+-+9Mv=4Q?(5adn7pF1Px-J!6RRoUx+_M5o8 zr|ejKDYt=p0t(~$;|>0x#Rn^@XnHR?D&p6s!VQP~RE(<--&K#?mp;meOQCyb1Q=Qt z#kd`M#nEWH6}mjz7hY(Es`8Nf3;fK&0FF1w$9X&YphDQ}?6Z9}2<07C208AT7>|4J zlAI>E&Z9bC$@_oJ(Z2vN9rEEva6|^g^3ZUGf77x~g``|KMbKy<3Y@&g$$U~xrJaCf5dQ3j z*iL9QtoG(c+2&{Dc{0!{zetW18W!TI!XhUoXh}{LIwv<}46Zi+WjLsnY?N6%sFcXk%5^?? zd&-Lqi&zf$UFzA}oW{R9F~d2NO2=|nf$@ZzQpRbJMyLsrFJLr_w-TzUAC8Hs!FeG; zd~EzfVwyZDDFjGHv64_|JkVzoq-@|eTEEj4Nu)`nOw88R#MN^`gd1nLRvgtFpIMBS z=3|n}v*aX5UTRBkV+xlqA-xmwN%YQ;fd?tYHS3Q~vq^nVcTgbKy9SZq&CG)npLLsK z>OE7st#3I#>;frSz;;(n;#Ph!!cEIlB}qY=`=8t6b9EYbiVF4{$>g_E&LBIkI@ecoJA!yv$QKSg(aPRy9?v>tH?` z0iQRV2OG?1*vIg=iSIB>O^D%bi(yK-u=oI-k@-`>#Fl3|$6YhEDvi-11`2>0XJPc3 z8_tEotgO#dR;J%*Wx_11IlF5W+^R7*lC?U%&?_spbq^L<_6^z$lW9C-DP_LA7bywk z@kzH%eab_*uU zw-DPponYh^NF&Ln?Ph{j2Qp(I^7$FA?#6L?UR!`uy%TQE1VCpPP z$G{9@PBnS$&ulK!!kA?zWLC(oioIF(%p(il9E_{^7P9s}&Z?@|LS~wqEi=AgN;h8@ zb8PtelEWr zQG^aQkeMerrQk}(JT^u~nqVb^Fp-ew1C>F-*BG}Le4QKH)E@hwRKcS%v^xLgFzy0lRqjZmq zOmX0tx3yG%dOhie8sZ!_SYg2#p9&7hps>#y;Z;Aau97zlr2xW>1Pq}v|8oxOb8k$4 z)UXO5KEtqVem_wq`>4Tq*V9HJbWfR5vW+inh13sdu651xy~dOWeO1 zm77|jczp__Rb)feGa%)(V&js=j)Mx<$}WS=HLHIC#mSY(?hLQ;$xqOXXK73ymyk<6 zz5DOZPcKIAx&qJ$8;kfh!i~3s?qi9syn-60sqDjVC@b<&jcNb-)vLh-sj3XeND*_1 zi|PksVAPg??w35)O+Vq%Yseq%`y)Lx16V0)19U^zU9G%pM*6TuByVHmIT~o@ZGS3HDGdcqj z{?^H3>@^q$oAs+%<5FNT_0Fg(F%>nb=cSB6g2|JF(K3PbdDNs8x$|yN5V*L|D($2E=FhX{0PO> zWare%0)>8UM`iwrI8{18&X0#@Sj>ZdGDksY)83(ul%3E94Qp}iiMzv-K6>D)jOqWY zF!0g|dkVUcpeHXho*X8x4xLV4A|ZLKap;u#Qc{wqFN|6NfR`Wi8>;4yZ9z})_txYKY`Z0?l+vZHOgZ#d1t)Ul45$DJW;dBC-gbq{HX^p= zk`Py6Yrume;~Y{)AoTB0MntAe)(Nf;c`RqA0#^JvnMMi$e%G(paIzpG2WJaP{7A5s z5(p!$)>~iUx(YcH9zj7D_@O8tOip^21C@~U$qC!dE*g&g;!L}$5{+{YWJduKW<*&PTLYfW+VaPC=?*5Bn_1>^bfN%0FuMkTJ#^z(Klq=_I0q`dP$PEGZyH zMuyJFb0aPTfq#uB2g|b{Ke2<_abIN{=8gdhs3Od1Mp{HclcDZC-qsth(y$%R> z?E@_cglwgjLl|d(7nVhE@)7b3ep+sM`t;$4^9{@+HcpZ59YuZ~wEBLW4_U0Re>38_ zN8YnN(vy<9s8&`0wDTRK{GjL5%e`mt6`%Lc;L{kMbpA~RpP;=uA2mcQo2kyC+pCRJ ziOIQCr81qF)*Far&KlM*W`{>x(`kVx9S++60#8NK609eK=)bs$IvH>ZuW(nU`zW zE~}{8WKi>kaoGgPQVWG05S8HPgE4kFLguuA!UPoXxrL(MhBUX!Pma2uB+SJT? zR6z-at>4~d%`GNp!_iN{`UP>iipu8#$$=>P#OwzP3O&*hRJ1)QzBl;WHT;6moWWR2 zz9=PdnL#W>F_4W-Zx^bqNSp{9QK=+r`Y0umxEqd+1T#UMLTgc71o-&`E;IH9Wktm| z+>&(an{gcx&7?J!<-{1Q-K*iqGNd|fb1XV~qe46omCUCkK31Q)8?qt!L#Bkd38;U= z6h{X~Va~6wYxQt#vgbA!U195e^EED1Lni7ml~1`=&uBB4(*cU6dNTpq&9cBOwAT&~ z*H6&<+4{?uNC30Y#(!ueWQAGmj&R{`yCvFT3ezV>1pW~Q8x-?wlc~wKQrSjgEjF-! z@_KOI>mqPwh*RwsND|IB`-8K7m#?2fEtfC5y)oEw-CMrF=4aTc)iUCsL5;5ToZrS) zl$h#MdK9}_uz#P_8q zXXC}ellb;OXbG7zpuV6#?(aN5dhvW~e{*AZ>(SBv(~bQnTl?tfH+1(@i{f^Vg9EsZ z_O_pkYw7OqYKz4dUp(L5gf9v$-u?A&%Ceg~&u}l_)}BEKkJP~vlsr0mw7qw91nZ!U zgbwz9aJw~^uPYOo_tpOf$|T0s7b&v z#Ly~w0QBY@C?YKFMY2iA_VCm}4zg1+T<37NzyWpL4kyogS0}GK?e{;j$mGHL+S-R9 z*Cv~r|DY@@w{V@{1errbl(c%SVr0UXu?ug3V3*vi@2gQ|+I0aW#*#mQ&~a0l1GN+j zr7|jBJS4fRVV+i9CsnoCvbOEXp>lrH4)(!Lv6v7rDLKRiJ8F8H(pBsL!}`Hx?O1yn zj3rWEtL9@8or8485!DqC>6>*cPaa-iBKP z<85k-!S9n7I%7cN8 z_T}qKu+no}lstZiY>4m(k}xi>>j{H<0lcXY>YQ8++cAK7FDErj@w+Hygz3QSXXZrw zJCbBu8BT-~_`W@g$lBvW0l|X~{6#WdjgiB!FFYkbtHGqzR$9FgLVY#Ia4$v{thUtx z5qrjO&h z78Df?d#0C99hh7?Z`~o-*ORls;Ii}UJN%%L%remlU6P9&c*M%&Q|T0F9<8hV zB<8qDW&BJOj+5&#gQE>o!0#V~v~sp*B2oxXxVI=GMOB_PC>{wX_uepAC3_J`#rjbI zapFTJEMp&cQrS!llyd%ORq+R^@#~h2YJnJzI`lJL7@C^nMTc zA?#QHNHud2=@(d9f@#x3IkN7f{@?_g7#**U*TT=l>mm~-g(1}2eAHGE>=?)FD5?TB z-;J(%Z$oP}+}dU{uSWiE6Ok=7ffS7>#={pPSZCXaJDFhRqe%9q*O9awvZRYJkG2hK zy@+t|p5~eCrQyWwItAWH!s5?J3lWXlus}|Z(@<3d=4`yyoT94Ev{4$*7Z?U7d5&X$ zFt#Cy>=aIX3<7AM0+D=2jV8WP38TLsDXDZWj`gzK!!{V`sqHF@(L^Y@M^7-U5jmiv zU`Jzo7epEH;xF*eNi2 zjX4n9hZkl%6j|K{GNwV8TF}&$=YS7WHDdx++rL;tAcbKOb}g@pf)&>`&}G6FX?aXA z-(2`^^73-@{`(Ik*|%p@3$#}{FbIqYz$+P2(E>p{ARUhdobQd4G9+Ym1t4w$e(90XHr zyyFQl=*Q(lC=}QiR4EMgR$s&M%vg4r!Nf))>#(6i7Ypu|PMZdjx(R6<1qB6(%}!qP z_!CqWJ%}Z0KufVp+gbru7G?}F4V9h3&RjiIR2TZ}uYUDA5zm}o=kIw1*G$lL&Nf83 zCNg!|iVm?Qs^}JR(_xcGNU3ynB(P)hghUK@sVxtbA-nseWX6?dWdIaFu(vIuVe)23 z^ihW3F(5iY3Ubw>w)XaR_KqHH?H)W?UsyVyydn>K)_XfVzdok|eex4GQQ!p`ygeBV zu(bl?&h)FYk^O^>gRP@y+xyQp4mOk4UX1#K@hQ$Bwm|iqLhh+gTIa)w%xZIkn+JPO zk2ard>_y0;N{fv?@yE7K+#%aKy|^Atf$zn^2i_PFPE4ck+ zc#O=ZLrfRcvXd)(*I7^6$GN=T_1RTy^2O+<5x4wgI>iW1D85_u3eZ;4W@!}-52OOnH z33?{Hb96u(U;ZOdL%;JtuNs4A6H|?MR%+!wwuKPX!iFpO(85G48G;?(?6ec~kQ8CT z<~ZX+5%X*`XAEd+9-C6QCkK}}mV~-_;?(Ur878;r2v2@yG%(EA8F7&M-jzdpAAvt} zG4^mkRq(GZ)6oGphayA#YvEiI*md&wk#4*i|NF9A7GXhoHapJqV-M_v;~{(+RvdW- zf=F`0(#ztnN4jr>yoBVlx5eApTJp#HVD+yDlhlQ3SRl&%&Ogzap8oTllaZ^a$*taG4Y3cz~F>ozwrzs{z=cX@AGpr>8>R($@&4 zKLd5bdxlp*LJaZX&hMc@weCTG6)^bgn{PC+YG*>sEZbZo?;m`bHzWXq(xk z4f|THOco&yh{KS>mK*xis~D(zSR(=c(2S7+7rI+denO>veoTMn&rs5jM6_U)sX>wS zm~8}ZB6{Q)0=d&(>vZw?X8F2vcxUDR^j1z^zW>#SZp0`pvYMMHXRWVVcV(VP_$c{$@D@g}cYr3GIPScC^t(HE zTK71QEDFTn(c{ODTleh|n{gFLJG!H)vpuv)kVq~$ng!5SKz^{dYB1WtIZ0yd$=94G zZ4cmJ3sv|c_flVM?yuZ^xMlvey1t7U_Ek$_)R|v(q70^lf`en?7kx4r!`c_5euvshWdI>0fRpSdSpvnq)fTba`6d!zYK1=w#N77qn3 z`uRlQag4@Z&{uqz%tGWzz!RXtT&bPXBWpx zi~#WPKroWD6+l+J&#nu&zxhVi@BD-00Gv{_ZynXW2XItFYsQxGcp#GE;rLT=Zxz+7| z^9^3CcUSpsnT6I52U{;&hu^HceDICD$J4Y?O3guU#8xSyTK~|bBKRw+Wm;4jmh`_U zE&sSk4*2rxZ%~@wT8HxB_;fVB>aM-?r`Ihq$c>f9#v@zHUn6;T+Oq6rNW-n}A;-GT ze|{-?U8_4m2Yht9c(#n^tz`^Li*#RRZC>_a1c7QI1<33lZhZ6f?<EC_CI zfn@#u0~xH8y;W?}|Ki8)`_Agu%iRx4znD-=c)j_z>bbv5Z0jcP`8AdlFTNPH6mPB0 z`wz?6w!9$+kcmG`OeG*6Y$y)pHq^N>6uM=2Tl5tG*T?;^Tq{euICH2VD*(v%yETn7~G{+`}t(xquA;KwO z0QaDA7=~Ccu9NX#O;KhixqZ{SbDd995Ih`v@;JA>BrMHFyhfFhi^A9x@iZ z+WxWgVD}!>xbf9}aEtDH`~wygc?f>5%QIzC_<9@vEr0!BxxKmo_Pu-0{dD)+s}S{m zNmv}Y`>zP-Up{})Ss*NL`lHmQM;TJ0O+s^~;;=5wNB9P7Pz(a@=`4*G}F z?&0Z>^)i54gSrjZ43`HeH^pSFVYDm};c#y=XFwdiN&sUp!Ca4vzOs-qT1oA~qG7B9 zaKm#DxI+t1I@mD`W;~BfLZ5+A01`nEnMN9ulu^V!1meln_v4G}%SopVVP;IDyZ_DV z*AGZp-48^F2{$JjS(~ylyp(X1d)aWa+TsNVtR}Ee^3>B)SCra$qWN z3^KUVA!ITo17rg^tmwmH-K2uetQ?62geMR~{`*t=wwr|}>{PObl0;=6vS-L~V#JBeMuKoQF`}-^Xi^Az(@`JVQU$1~s zCSwJ00om7f?$S6YwmPc*B5pSxJ8M)#0#V#m3XT~tyb+e&`6aT~38p(sJ)Uy#AIIeF zmO>2kS)=VmJ2mKhG=`P+VxQIZy58j_2nEwCG#z~PZgwk8f(`9oA3ujbse^;p(4mJA z1lakeE?=~|qzw|hDqI?`-vAnLkVmiDg3wA+``6y;5wR)T%KNy;ml`(^i$4KsQE{3& zPDc%%sGHM1UadK0l+FD%^;Zlu?{eA@cWv8v#^|^LF@71X>I0rB+UdNH62Mt%{jY~vXxGLGrJQFXTY6`^NmJ=A4tQ~M^nK^utbdXlaZGT zQKz(aej*jrplkNL6vWazHA*-&eaxDYqKBqgX>5P?Y!p3Mg_;S`KJtms%Gq2@TO-at zoB^D}oFqddgRZiK8QjqgRi9YMFKXx}FefA)=ZerA zA`i32!8pp>j+vLTqgi!m*lGshQ(PW8kFq|QjQ~L%XTrW$fnIxm*YHJ9DweoIq}Di# zgds52k%JIzDF}!#6JGOnO97#Q&ZGu5ew@{p1@lrYb=Mz_*Qa)VT{~7aqlc*2U{k6; zaGPnm;ZJ{E3;sX;q5m-&Gx8{RAi_Jza_|7a0RR!~`g)vuH~1aq(&#r*pxJMZzN+D$ z9J(m&|1d7hU9KhKL9{b$fdmgg46ZLjBP?cLrd3m7Zjw5bZz6{L`=f^&n}0gk!#_x% z^KARzNTLoBWh``}JJ}k!+qlOyhsQw(pX+6+$KkM@_!~};6uOU?UeLE@){;yHquoKS+SC>T_Wpc6BWckd;WP9UPM=k|l;4-LKt0Z;(I z%sR9_$>w|rⓈ@P-D2xKA81d!kP&RzU>yG6*J3iO`>@fVV;=^JfwEPb2G8r+@zz( z2Fi&;Rfb0YfFu2d=@jgiP&#DYlZisZVsyYgEA@-En7jpnGx{#D6G^lpz{Ap#zoZ2% zB)XZ)jL>^xN$E;*gG_33GcPl;%!s0+z-NQZ$Jv&mUmB-p;63=r?mg_e@C1(RJJDP6 zU|AkJIjGw}HgIKp}5~jlj|AF{G)yYqG<|T!-nFs|;U@W;dK@MXaGiX)yCe6ON z16+A_#V1#%qm6TOjagWQ@wKo&J-|4V_QuPE?9}0KEzBeXl>2romB}E8!Ib8O0u+&4bBx~Ec$u2?u1!_rI3p&ql*Xk zxy$4&n%b-<_?=Y=6xFI5XJFX%32)?&_-U4TZZ#rE-n>82Ln>$q5Kmsv!Px ze*^>iU2(kgQj+e-Pa>$g1E{ZTyg-qJm4=3w5$@>^tt9oI@Sb|BJXcu}SoS6(cq-z( z{hnLWxd{@Qf+i!lL=uz8`fs;Z5UPefFdUsX7{B#%aeS02V@-WF_Xl8ZKfpiLexl% z$6zEO5K0rjU(kgjzto}tRvGIR&B+_v4>ko#UN-l+!I10s9#}+@RQ9A(9bksGWUB$w2ja2M5o%WdFF|c`eRFO#X zW@@%p=To5Tx22w0IFl>T5Qf5@^;CG+3cIo1>|ts(!&Y~+5H>b0zhHP2#xg513Plnh z>GWu*GDr+{)e)X66*?v$F<;1dV8j$vid&gdNPWV~9JbMV`z0i(`qE3W&78Jvt|uixE-eK&GU(iyk`IP1l`3B57*)+ctX8o2r$YQ$0j@WrYq-Ft*vz5` zi5Hd0oBbdR6>X4+8PP%$rTCZ{TleYllCoFVJNrnc;L0VHAjs=HRPtkZz!afnOL#_P zq>X3lP6dTmv{h?t(VXpsCYxDLl^5*ik!iFE=p+psFDON_Zey!#`Ub^xWAroXGg9(S_-NJUZ!49*Mr7{C#e`v3TG+?2*d0E z5Y5@3eu`+Q%Nc2A7Dox+b`YzUFAn)sHj9)r97LFd!Wnt~{u?=B8Fg!%e_9=$+qOA; z)htMuR&i8JP{EUxkfvsBWFifU{orhHu3>ZOtpklvN^!{s0gaH}6`sG##8m<)jsmVG zkq5r}%t?avLuqR@=NYFAW3?5B8fu$-M#lo3?2Ki@1Qc^XD_d$7e(8d|DtHCAg4cNX zJXk1|gA*b1LWLjXJn{XHox@i5>g6}fiyzMCQ95jy@*#*YZozyJ9T zRtLufjnMRr*$FE=vW%tSM{#CD%rFT=Jbc!^%q-r@}_!tLZ^xf|3OP=sY7TxFA zo4{qLm*eiU!PV=FK3yVKM!V>4AQS#O7TrHVR-F9Z-r)2MXNNHJRy{swEQpR_$TO4j z#>okCj9iTOv5-&jH?MMlV=CQ^@woSn-)i1H)PsZ#Z-ELZ33iVYzf5bYQuu~#b9s+m zH9+#{9XuDq6UFb|;OcrjV#zJ8kO@#%Gqi0O+^+`Xz24~6prKVO((v}#@a>@A@NO!w z4R!b!8M=;#2mr2~C>(jekYQm#1m%_!t)#mOHasr1)Xtlx2(b}m4cNiGuEK-4*n6QbLz3uFaChLuWT zNf+`Q+<_Ubr~2r{lY;JMw3#T{B!z1+3iH2)?(ESztEg5_8hc554gaybE0| z%kQ|5?3gB1NPX?tpUA?6cf zxY`O)psK&<%|_1&x#q=fusDR+S2| zu;iHwJWyAHA(TRl6lT)HZTP*Ss&}MKs3u8q!9Gh9=OO2pKag}?ZJgtvKxwb*q=btf zH1DUdrW2%WTVVog7!c4&+b7s+9IRYjoy8yIkSJ4qbl!VA8U7uhCp*}3BvvnUD8(6= zjHH;wzUlY!Wqk0uH`*C*{q4GUc5u;QBGyE?B_hNKf$HB%>n zww00SXmkJ$E%9aja3Ye@{UNgCjQcA{Is*wj(R1Z8Apwqj(HsEA4&C&V*K*)nH1ncS zBzIT=aX{Z(K_1?D+XP#O9pBjK1mbwG(!0KTJvWpyT7(PbiWV9Mk5q(ngZcV$g_o8z z0;)TZE9m^{;^gA27TTahbPhSybtpzNypp@=wd{9JD=^^%O|Rbu2Xgx36oRCXItOQy zCr3!A_gd)$3j_uMGArRqz!keE#S(+&bTY@7?5dP0V1XW|4jc1-k%A4vPL>~$rCeFa zl!NnRezs~X9Yl56I5DhZFR+qgbQ*0W3Uo)JvI9!1u%%^dfYaD?z_tV+&UPU~I1C89 zf!Y_C_iDQV7sP5R@`OW!+%1!+vvmkkYB z86V89!*5M^-8=ge?m5I58DT7{-8PbF@Mt6Qghi=b=_9C>>_b#bLV#lAb<`E4?`cd- zI%6r!gab$AqN0&n!x1g;(D0en<;sZxKA0EJ_6kHW66jVuXX3Tclnf}AOvQ;I3a}7g z(HL1@$9z4<$&ZeMOUP3+%5WnRIZRSm{WN`hWuo*olo0 z@B}JZxdp$>N0})d5qW6d2LmW9D`-v**^>D`A260>vd>U^q{c#5Pc#jE|nIhz$akR&|GSFVroDYo9sm-WwfFCJiq zyL2Z`kT2j}{PrA4rnw6iiMGbs=9I1Dxv8h{W=$uIqy~~%ez2M<(;J)$9FbPj;*R8} zZ+OYaQS@5ve73hGj}$KZfIl~L1(G25-O3i z#9r5MzW*_G_cxwx9X-cCtei6gBu$|dn82l3D7uQ}z@Dp28H!;B>C>%^z2_0T36I0A zs_7*7kT#xfZ`6&a2BEd}x1ay8wYR@@bfb1)nI)#!6&8=)-7O?X{D{nVN2uV$MNK*) z26RoX=-(Yq;8`DxiPoJ{CY&L6;4i#;#~WqYR#l(yN9AW$^aK{lsnNC8%qM=w7QanV9v*dn9&)IO#3On1N&G`Db# zyTBS<*oNx(AVV`Z+|P&ykoSV&&To2rs6_7V3A9^K(g#XJ#q?Tt-X z4MSIlg?CY|i{YfweiJd2ZF`fX(jb09oY;(YEA(Qy^00czD=5kntV_E0D9Iv6DCk<8 zmDw}d{3>`JQqFF?czSU3aBt)J<`dO_EF*WrhT1@G2^iOL_ypQ;rlLHpF}>9n*^n0( zPC5@vQ#se)b9Cl4m%K{t&;okBI1yK`MOUXJ)M;w^5n?B9LXoljv=(nbjcjl#En0y& zDKVCw246x>^YK15n^dZ88x)ZjyCDVUm1of($buF2U-!P2DERrO20G|g15N-T;{~i{ zI9j>qfHO>358L=J9z@B1?c%05ZZPY{!~W$Ns$dnJUa0Teb{C}8-tpOhZztMn*k;H( z!NP-A$L_L1dcp(9BE33OYXIe4jb^f?a?R>po6U)Wd2}KF!f3?n@<4|H-p3u zNsMH6Eum)N#ELYIVVPYSvfugxx1KAa2%#|&7r`zZU+_WzbJ43m5t}5DfYD)~M!TSb zZf*iBaqWyTJi9pQosA^=kQQ7>$z|7jPvG)iTw6qZ4Sgb^CR`ruU9PeZkj1uSm3(^a zOg%}(y(vVccj0PzRqR>4xEh{yK@)??y9uJw^lki|lOLYXAkh7H=cgB=cL+B*zq}Y> z=Fv9%E@S&+blX&@LeOGH`=(h*)@*kQS*PwwOa@EqDygIGbcaZ7bA$>gk;FrpZ$&)f zh6#1e4quHBpRPFJy3tTztf-|^{-hTtB9bcrdG54Hu9?%x%6-&72T%UHh};hLM9)ZS z$op;N$vU!ZvaV#=oXS-Aat)3zQXQs9o-YuB?}tpfMX|1c#>Q{Udnb_kLLlRTjT)QN zno-tV6^hX?PNG-Gs1V=yDgG7Wtpi%L14`()Byu z@za5{p|F6gs~hUZC?(!oG#{qN7h;%-4w4$a)vYwzD+Z zqpdMzDq>D@U{i{5m?|D-h&oxcx0n@MPQ;}0&cs=eUQ0t0_h>xl7y-^G60O18319J2 z>+Ab}+TJ~Sv~#deu3_EW3eC$wxnZAp`r@+Y(Z!pQhMac&D>D7{a7L>TJ{AJeP4=dO zNl+HOiTrY=))ndY^y1>OXic8)zZ;!A8Jr<1rFdI&s64djAoIZ)PI}w#1ZB;SldPqIotPfBD`syOYMio0Tp z5bc};h8-*bgIyE+D<_UkL&{5WZ4?!u_h?bp?Hn|7n^tN6eRfDb@$$rl^Nh9oxFym?U>7MA*{IaUIl8CqmdRCokz z9!4qZB5GdYjd^W&fAQvT+r_KZ}N*CC%^6eJVhWw_W0U^*M734fg2t1-h)Li6=1P|e`mJkY`B!GC% zpwzZ%;}*FiY5J#zXbHgv_0x3TAajE@bC1`q#l=A{rP= zwX3-nwHg~>G(M!DU^D_Ab&#TnjtfXpj-jY>c;#=&j*Mf@hBTVam`-FWi@$Mr6hnux zjYKs%7**|!L2)HdH<%LCbLkHxv)7V#Ba3&Qbi(b&0#?iKsh(U8PT+4F^!18rET8KM zJtD>;$5=gtETv9Gyvq>Pul*NkR17hH0Nqm)MIbcIG2)0%LMoI?C=03p5ae1oX+_OU zExyRN^J)Yn!AE(^P-g;X&gkm2(|&#dd7&b;b&3?!{nph5u3eMl7Ok%)c*bcYw{%R) zG7^(ST>(T<)r1u+7=_^mMc8=Qn!~nuoeC!_TX_pjGc*`X+%`7K6XxmM&58j4Nmc@f z#N`oOG2B-VDV=d?jf|_kiXh;>sY;uGy>cI!XRgNsP^2W@dAG%@a4}605cF(UKQZ{| z;(Q3-8w7z8K%vB}-1i6MXtJR+eyCMe~3&rj|w z-bDr59=V7hlwi%voPb4}zh~vXrkxAeD)6MVW_L}=5@6k66rRw{gWzUr%rYCU1=xV_|wci88N9pnGD`&MLayMHh8f9%%vLfe4FukU! zv6rS#2z_!;A_|D$p#O2+geO06owh2m3IVdP-a1UQI&Xnz1Drgi#T2mJCUKkAkbXG3 zHg1p(tl&{H#N%sR3uZ|3w_#0$0dgf4h~V0WuLXluF4o8ng4`k;`UCh149Xs1U6A+i z__q#>edCxs9w^^L<=LHqg^f@T&Il2fa&Sn9$|f|oC0fvO*=AT}UJJZGXbIAguxvn& z6>uOAFoGNM&QBOi=v5Cw*{X9kkjpJNzjeiRQdSSIScIJ}GSw{>RFOpbNyhmVG(v`| zQ<2&{Mk?5@gP(FKbC=Sgmdz1-GBOznz-ZKvO!CpGv0mm9aw!Q+XQ+r~tQH1gL}UVj zx>;8JtxU*MyG{gsL=$w@;JsGd(x;l)k>n~;&{jGYH-~RopX3cQCP~^SvFlo^I32L^ zwI1q2)v$7z%>kX*EgsgLX#4tIB#)ODgMCpN^p&(I)a*m|f=c3XlPUxrgL_q(U>uyF z%LvN-B@wz=x*pwTA(yD99YT*s;@82|&`Qi>(d;A((O-v`8}`r+s3E6EXr=x4;bj~6 z@e}n@g_~2e>cI2?VbTJ^pVe1?_ix94znip2^Ux9gozCx(tsZ*}0vBMg7EsubtjmmA z6jD=p15)Di?{CU{KsD9<{+5qBczNg?i=QSt#SIMAzvQlO#(MhdjaG>cI}pF|5G929 z%n>pI`;^d_%!wPz-diw$6h3PISa00JAlmOez}@LBWC=b)q9k$Zo?IQ#!!Y^oTVOr; zkU!~-gY*kg!3xLQ9dRh19aG!Q{i99$aN13emVNK!%JLXKgyY5-=wsPF(#eR?{)tYf z4J5A$_H6H`_#5*%q_{}Diczs9V~W2hqvZ@w(H%(B~~11lx$FL}_rEMWHII z^KNTIdiQyW6cac&gv(@r%{*wuCb1AZKER^JCOfiIz(8PR{9sp(PbP9J<6btot}-AS z$U==7{oFRineF>4X zCV+=lKR_{I<;en6lq!ry6GnouX`iNWhYQgvOnM4xUkwn40SeqT@$3j5BUM1A0$8tA z2`ME-dh?qTqiE^sY}a*BbcDS|mX?`!YVa;na;Tw(vL$B|(qNS9MwOT{+ZYY_fm*^7 zi_~5O3PD&~GOfsOqymzOY~Rw{Ub;qQ?yr$6LhF3jI#W_$x0q&>6}X|a;UJ@|;N6Rf zWD7%0rwJ>(#=`7hDW;}QibvFM|F}jyN?gdSr@Pin4q8*!cC)c-U|4Rgw7yl}eigW~ zBk2cP0wI+lliX9V<2z$E7Ps;J*~Rht`qhQpL}wk}Zr#QGV!X`U>Ho0J8(nOsSEb?A zcIUx&OaE9~7MHv;L>VCzA)2_KTOP`K(2X}2n_Fqe=kav|xqI8$c$uWwgQn}az zYA1~+gkwFRtx=W*1HV|lZUku`Uj}_m>V&fy#cUZ*G7G7tFrJRn`Oqh8j8;^zkRx_s ztgj-w5%}JCczlhEo6YG|FUE6axnW*trHby62rMLjp~q@!zqg?hup-!q)CB4_0$5KW z3ED3gB-}&%J%;8IU-dPEGDCp^kr7T5U=70P!wOefKe@zVeq0&SoqQv=lt^)7lDUaT zrgN8`2W-qO#sq87C z#iZ6-n%u_~^vtq}^3DXmTU(eZ?3~g%Av{gi?>i;UdysIxO1${;$?$(e%T=-qo#LHeRUuJ@fPA4D*YcYS7nh zC2}Oug{P~NdyuLYWGut{JrtDJBdiOYhqXr{@KtLTUk$A>wChT^mXZxnj8Td9iQYFtUor?s5T*037bk2))pXfLF~xSV)37 zx1p{vl6ZanPg{RE+SotZ-8gt632y$;sx7wpVsCHj`2mYQ-hR5Z{rvF`2mrxr0eH1^ zCjsc_Tr-fA{FC5g2@Le@(@`vPf+jo2wA<8}7;;*S(0 zpfp4i%z`P?_KR3twv&|<33H=)Bcr=z0G;$kR6sb%VAKqPoHgxpZRu^|TG|l~rTXIK zj$ZRlUX`k$;wi$sfjNNV(rF^eHo~2acxA~1!Qj4W7;;y<(zp9!1m=$2xIzC1W>th% zmhVT|T_jv&wtu;>xOs7X*4Oc3MPChkJG0gP3h5J1G2QZQ9Vl3&gqBY6#ikqI5G)Fp z-80MrLeG#6gbQ*SqT`h)R&^8ihsXhVwP?6ETjh5j;S2)5GF%lTR<15U{3R4+YI@OM zSp>gT0>U|H)%{|f@#m6w3{m@^CQ2Hjx1F*;rFF5qk^Aziv_(Jez)qAG!=MxQ z6Rx$ujTS5=OKKO7u_ceA4)ERk!^ij{`zlEP(C&8Ws1|!T9&`}Ip%h!yvAO*m&Q(Mv z4Bo=}GIF^rEo;YRaZ(X&iD_)}VD)7M2^tm9^yG=mLV8*xcEM^Pu*=JFgo*`@0HB86 zr5COf_Ef}8qc%{1utTPT#5Ukrv;m$&u`u%lL8!9dKq%#V>#f7w5J@qGKwfLOb^hig1Ec1!oRwds>HIGQzKNQIMw4LNtjEPhTVEy(3w4&>zZ zWFJ=B=#}#7d02Hoe5r+gQLZdzlA1p*N)cSK@pEq|ZcDCo$O=DJ75ts`Wy_;_!fM^H zZT~fFE2$&u^O!WCsLa|&HY7T=m|ix14F*ghAYzH`EcT?J4ueGoq>{rP zg`OZ7`LW4V)hXHHhs`WGSIl0qtW#q1AYOAYIf1X8VJ`B-bFxp!iF8fMb2gIaYIzAA z7Y7C;J5^I-{(eepp0<+B!QNw{x~A6b^_0dedl1_iYpSZIw(RwkwnEk+w)MAb#6_(j zDOGcOQe*;e}}%puNz-K+&b7mfp41|*m%18M2a*w0(jBJU9=G(4a8>o@^F+GMPQrb z1-2ptTMP-uIg4U6n4-PS+V^{#cy~NN23(ruWo?cG?{Vhqb$tOD2uk>5l?`ANL3Ik_ zSQ_?;{&;ABGC6+&!vulI6h8TLP?B*0j9hm#WI6gw1x8lq!(%teK3?ntZ7nGb=0)QV zJcPUscV$Us*k{U9hkd+W`Bs={oS@Jl+Bg^!Y^f0CNZW#ZRHsS!Lv_v=% z(&ft;V2hHL?pCk_o*(+)0`w$_sQrqH;_XlYi^`e%*^nqpvtQzf8&x&>EJPn9_F$3o zx2R_aVhZ7|DT9XtfIO;c5qz6>3L|Rf<}JDjqd^1+=msJLl4hBV^TGYj5a*~sq?o<@ z5V_2{P;b4R1;n8?s-b~sKn0R%nk6Vq7^Ts5Cw>hwrv(Mu-$$TiJ{0ruwaESCryNiy z3vo&k)#d5MtKms7ctd>dLfggRBJ5Wf$|G9#$FOqy{ei^lCjCeeO!@GtHAGzU8SLTy zJKzDXE{D9uGOIjhn2?Jvb0!u}Mkz$HhpM`aLY>%JQDQ-E;_#+pG0<1iY|{*2;@Fw$ z7o5Nc@n@KY%8bTdn%W&sT>W69+{dppQgoe$a(UedOH)5+wxj_2R#ttT4CWXg+T5h?^3A=(GBnCer#w<@G`LOX4=LLzCMlS)99$y9?( zvCb(W%&raRT1XTz#ybpr?g>&CQ=nSx|8+rd8e`yCR42@@?j&X}raPq&4Yip3j0pcZ zD1)vU{0}#o>j|?sU$Uw4TU8)t(N}0CR&U}ngx1qw?~aETI3xS6qDiQBjW{gLfDZj% zcW;$;ygIb1S`Gx2_zd|jB#7>$YIO~397E~T8fnejlj4JJHK+D z5Ik{oD#f_RH{%{%kL~wAel=P8Fl?s`Wa$KHm_~#C25%y=nkb9;4v9?Qxciz5eU<-S zBGJLo->z|B83C_J9SQfg>2X)k5<7;2siupd57L;(P5ZimPQpknC@eujvWpl8+Ig`4 z)nplieUy(jt%qT%p33W@YJ;!B$%%lmNXd*BF-FU*>Y-?W)I}aA3fRL21qThqDk+Sx zFPK~PXbWcz{{ggTl~nWkJYFA3%7V~SPdBvbv8CejcZCQ*$|nZWunIjh?$9zvxEPO? zIq3Sb522Sn(c4AE7A-U$XynQ}0x3^K*Z}dlMWBx{b)iFg)vB$%kj_JE3QMImeazMz z*hV{JQ*K7>+sSZjUEwMM43Dc;;+MqEwE?n0m6~D1IC7m~iAzygVKssP9rTEDF!oKGE9@)#G+~`_3X)(t zgEJ9M3>5^>5_UV1OR)3f3sytW_*v1f>YQE8D41UCj=Q5pf&+jIvl4^oTtN$fF<4#Y z36+)5zuar{zgvUoxH}u zCTwAe255^IUYyXUz3E>Zj0d&b;GlNawXJw` zoe!|C|D;3}i1a0iW$<=*H64z)U~SY~ufU2dRJ}qlTh{VOsERv1QVMylU$ZmPY`6a@L;gw*;MGWE}{pR)oT00IGzqqkd{GI6X~sK#>CnVg=<>_ z^j^RKhkDM&r^4)2uuYCKnXJ(jO+ z5qJ+J{y*;Cy|Jwu$rJtGpMrKPL&_HEM|$r}YZ9v!+3sk@53OaVw?}fcv_#A7NTP<6 z?0DkLXTQH+J@7g>N3`Sg?!8L4NuC1~3WY+UP*o@dlSf+;4ex z0N`EC)1hz`8u0Z3#wKG0-ifPMS@FVE*uZpGlO!yMX((KU228zxVQMDHPE5Uur)y~C z=10g>BN0H$&@>co!_*5HrqJ~Wyc1Kevf_oSu&0a7*W@Id7l-og2NC& zrqUJ5CEQF+%T9$_&1x%TvVir<*uQp?qgtT~ofASs|J_e!6R%SgWmT$hiFE=u%;q!L z+PYCsYKdpMmFWz=9Tr=5LM!-K=?d&aL1V^==hZFEUV(37&qLi1JuiLvGG;+lI6cO< z)bu8ZT0A>ixT7hJ-YSX)KMn>w4M0iN3TW#zM5M26J+8d*rLXeJ1YYG$ve@9QMX@B| zFfP@rFHLo;fHfgkd1G>-@+QnMyt7S0+VOGZPZVfkYVUpQy@8400kncnXn6VbXwcAKkbeHX4K7d%a9eS^3J8#MRm5;} zg`}ieoVTvCbRgz1Tk$ezZ6JVFs)vS^BM}h|+9mHuzT{_HE1+Q73Lv(vdrJTV%0U4Q z_`1kyAnPxPsekW4GeGXZ@hUJt&~-T*>NfQ+N=#S!I#6?%z)Zk4MU85(Z6JV_D{h9C zt8XO-Mse*LUK>mdtixM^$TYt)MoHXDtL{Ati$xnObg`<8l^qO#$Q9v78&q@> zGI|-!a~~E&-CMfFKLB6FeTi;(ajmkqZcCaPTq|aiPtfYJmC~X~>u}MZ6mAEnC(Cae zaY*t)%QNn3SKjjS90M=g)=EU#m->!U4vfh#}P(`<@Ojjxp z9n|xpMm*CjibhIekgp5NN=Fl3)S9sMv1p>&k8&C6XvB+JBep(ejg-BpEK>F1&{@{L zR@7^OV>;HYwyvP9x*TtBBrXym6eO_`T-{JZ`nFYJk8(Ne7IYW&f!<$6IPX8WJe6B2 z@>5$Te)p5`q~fTSmna2wOR+YA-%`Am^4Vyn?yF6@&=hyt1e&~kgno5~J_{S8F848Z z9tZc!$VGp0riPc%An3i%EPDKewPHTz7fYiop$@weUZmyI=R@@>vpDAaj5n6>JC55x z8t6|t=)+4nHH89*!%VO8Q^4uNA@06YB;tLF-n={+@&GAH&=j(Q$SGzw)&LEB_oT(t z9nLk_OuQl*Zmh;NhB`=5^O`Ml+dx*~AY45Kr+(Q|62q$=?-UI^UGjiQxy2=`VD%XD z5We6hxTJ>YK;jBdLFxc$uyF#@h6h=kWq2ECrqu#LVkHhjOC4TN2n!k!k>FXn8o83T#{Kq`<143xK>r6+7H$Gnj^z7F2Y?kHUyvFpqmoWTfhYtxLx-X#)V*Oqv8NN#w5hR zBr+MfKWwd^96d%{2Zu;+7a&_p2+-^tH)UA#hn(Z0tc#QXmp+z5q`N`d#c)n9cchPDktc1BEQsa&0jSfc7lvG`O4&DIRb{pVwB2lTASPrPgkK^YV~3dn5G z86)P1i-P3$sIr3w#3n!8#U{rVdfjR^VR6U>o4kg!$gYD;Ppvesl}&`n1+JUTpo>h+ zVBsz@NryCefb0tg&mV1l{q@&>l1>&#G;U8#+Oe4b;cK~xRa)dJKk15#dJmw%>h}Zl zq3{Ty3VOsraHYcs>5R6smebC*t<`~zQURN(QVFtSRbwb0s46w-lT{4ztO7bJPj&F7 z8MU?$>no+=dT&N%uBWzd;#X79`86@C@uzPP_}%wF{GM*^_}k_rznYeeujzvPsiWkv zd$KNvmS4$5g*2XsE@KlYVx}>D$=pg`RVF~Dt*5kh!%LIIH3Ls?V_i<4vV~%jrCe51 z@ubny>Dl!3@-!T)$mA8K{gdLoFSodWJFl2@!Cnph2*wBPN?9X8c|YW^lbC#&(#;FS znZI09h?uV8*P;(0ND;}fXp*c6M25nHj0i^_P^pDlTV`daUTZUZr#R#k#JWcp+Jv_a zn@sy?1dTFXCIm&gihWr&@Qmc6gam(`T_WZ8^l)G$bSd=GB3A_E6^stfj9|cuRYi+Z zBsUeIU#u3E8k0$3ZMM<~r@KB#*j!);?`twtA1ZyGtkdkjsA=-X2Dc>im)S=F^(^hh z?&K8uGmb_0N|$^MMlDp5Ki$%B0mpvC_RyN%;Kko|cxLZ^zTAHPkYu$a3kyU{Hp?Zc z5?B_Sjpv$^pn1-Giskc>FDN z?`Q_~g=f(`{|0LN3`hv_^69@nefHO<+79xBpwh+6TS9Zzm>qdqArW^`c<-7X#7c>Z z{Bx3dL7pW9%$^&ivS&_}?4c1Lq)tej!>Z3KHIm1=xoJF>&WeWQ^ov;+l0~UePvaZ6 z0@qpXKoTrRa^9ntMquL5l4iPB9ML2Dt;nrii|_*L;y6}l1c#9loIvP=q&8G**MiHb zL=ojV;pO0`t&55W0VRnX^dV)4#yl!=MIn6{3q>SRFhMy$X+=EY1wCz?mfVOlv69OK z{)v{juM0TEAUmLOK}7RW}MwAb(-6X1i!Eqm*m&VJmpYuty|_Kt)EHkQ&=-YA~t|X ztuQ(3;ifO3`eu53Imc-(1aRRMa}4sRBZ8GvjT}V${^y3qYcol%&|(txq6WOBRH9Y4lqj{vmSRP7VS=_4 z=X_{+MUFScD{6%g_5DtE=8X0r8VmM*7_hFd5cXy$o%x zX$l~$F?nN1+?RBv?$%}zcQU91iw7-~zR>%~4cT2W1$*##bYhnRt;M#Y_2pF3l@R36 zQdfn9wdFh$Bo6F9^MlEJKAR8vFW%x(53P?iib)NQCXl^yx)uk{aXuZXNpW-vSz~9H z7ff*LDD_Thio*ZF61~mc&7B^Q|1i76Dm%p$$7d5}&4H+<%zk+Aa`)kLf7{%{Mn zoCnY~KvxWdY!f*mCOjpx?6cQ@$7xz#Kggv4wiiK=8=bKIO33z!<~%>aroi2DCV4la zO(1{Cbq-H(Qd8|lVaq3JB-`zP;4kap@cu7W=~rfk23dypg$F4C7I+lOL2FTuLOiUV z2xDV#$sd#(9Z@_(+7sCa&7FDkW}FE-I*#Gsip{s; zViOr_aT>v@Bi79=@D&rVNC;{eTR(ZEHd%uuW(h+k=}N{gRul*Rok_zjO^um{E;`RS zIRqQA2*dt&f`O3-ph~2VBNIn9!NuV;$r`JL;jjb8DR~Q$tF={Vu7od*8W8K)#aU}+ zuFwH2WRWP1*%>qwHN{*=FXvoFuj{`&`{@j~&i8y=sMkSxqv;ZIjQ6npqCBxjH zI`TP&A==7o=QsqQ;W2o_Jl}{aYgE!H#on8tvM7;x1jTTZ1blUtmAT?w(H$J*=$_Lo z1B`i~t4=5n*V_;2GLI}k4w*y*)nUd=HlRV$1)6}igh^RHH z3q17~UH6jfnhOC{Fm;i%uD?k~{$og9=uOD8fYmZ)9b5Ep`|}0l>QzF}E}O%ep7e9h zOPWtU=+q3-O3p}%E3@ELddxUWH!`b(bEm&u@4;072h3dHntc>e8*zkmBc<+YwM80@ zv}M^p)5RU8QC2~Qt}>G}`k-O)cl7+V@N(MTLq;vcw!B5xD1>Aq1NRs$UJoVK#iE~}Je3@0&ttZ!R?3maoPhf`)_bGTXsx$@1BfNR0y6gO*R}mK7-!Vd!Ydq{wM=|o ztE}UDeeX7s&i?y@Bo zVB>KQ*my6CpRW3{{$cZjZ3QcFHsC&olQ$z%?-1GtB^H(rUa6?Xq-PD7*!_!U(TGY@ z)A$c*qS#{n+|~FP>=YYNLGAhs4nd8Th0`M(BfO;aRRARrvH}z-Mcd(8r8d~pvm`RI z0()EEBW>Z^ga}2g0Q@=<)*#1YAeKh|sHEg~C_ zCaH27TQy9e{-2X=oW&BsgOnG<=EklKgBzc1$Q@k|@cjka#IYItyOuxv4eOyN_AGjv- z?431=+lD4{r26s^YwO}3M4gsYeySLH|2L+L7aH~dcTe$Ea}6xN{;CJ;z(aaDP7eVZ z!4N#=2^=+!AZ-KEp99;vZMT$`c8I7+swgZ=R!rPhRM(gZw_*UvONp3Iwf_f+2RJmI z*9pv1A`k-C+FMVGG@Ab2GpK}ilhUn?LZ6rPGD(*$PR&JIQlio3zk9A6sdK>Os< zj!2$Vilz`+5%Ji*igfbRQaUj&gVkjVA7Q!_(wy(sB&22r{KhJ2hf~1~IVo zNjjK-Ml2h8UCt&wJ%r{O(EPMefadXv9oWOJ!u%%f*vA5m_8wW{mC#-++lGBO|5?L7 zIrHPgl9ne-(^||fo_N8M+-zPK29mRd+(a8<_L?+nMD2yn)T)PWA-VB%ym-pk-xDOB zW13gP3EmOi#*1szmqlw>LI&hT&?XRL%HvUk{x5_5(Vu?#=U-QE@%HQf=x5G{q8W%H zS+Q#CXyQiWNSUdg>O|?NO+$x^2GFF&H3*U_`4ULJR?A!4>wg|J?}1R1&I1nz0}p8= zlMW*cnyJ%6eF*=Q`aTSepf@DW5G`#Z3PY#o3Kr|X_*i2M=u>zE7^#@2lH<4rVU3|} zXx(w0{Ct03KEo|gUS?Ye#pGphU0ytOR=MXYtliGc3R5%$9o`qRsSrg0bcXz;r&OBs z{Yz#oO)HTHl?lBlb~2hQr*J}QsR&>8Joz?AnxrF(nbYG&Cv~;b|ESl*1m?6|4}KRO zModBhf;X{QaxpM)aVo#k`l^NGpY$otVbtTjY5h&<-x)xR>LB5@ysj8w-g&u?`8sckBZrx#1q zpAhpbh+-1Uq=t8pdLl^-Qbc~2LghX@VFlZZ!!nh+%AEhnjVK(w=t^F+f)al7RJ4oe zTgnWe;$tC$&>U>-DEOf0aT-uaF7fe9a265io>#OKL?)=-l$zpkeat!I#Pp`~-`zC# zvW}1cRza{8MaFuMZMm~HReu{rN!?|v$r^(f2>?Z(kz(2njT%e%0}pWC5_jhaIB~8%U;{M#VwcD9qW&oMlJAxXFm%R~>ST zm?$)+a?!Q`V`s5^v2=$q_1BLddor(oyBq#&c6)k;9SL@l@6^EN?)Et9g$PN#*RI=w zh4aT4@F+bRZ-x3?pun{V%5v2)aR5UtMDYI*QBn-OlFL>4dM_h?`_(87z-ztXA4LIm zO%7q%p|OIV=1AP@>tVDZh%oNh+q4zuT#r)OF={C-@>)4uRcFylbVBO`Q4{hK2_@4P zuAEfpk^&4Q0ct_qXKIaO0>YZ8+>wxhu2=(d42*6^FGLnOgk|buI9x^H;g~9zx~vER z4BFhlxghWD9qlkjU2M@!uBo=#K_)P%uZXT?rjt<^GAWXdk?>-Z@Gj+c;E0(1+$|iR z>cOQ=39ps%UfURE^%|@(epUA8LQH9hE362SD~e1`eW#GavaUaEdg`55SwDRhuM(Ss zWBc1{#jGrS$%0EDd-*nanu)Q*rRt*8zSdO8iLSub9e1ZczLRZfYNRpQNO6~5@3q8q z5$RJ%qc0t~jnzh@Mz>Xz+deTG!6A(#P33-ggf%8;R4WpG3S}!kc|V??L7m8+VZP&7 zpZ=BlZyHf-tC|80I;}$t4+xGy#5UKpIH!VRV=ufSU-@_Fp*q3@!WW7g7Himq*Vj{Q zZWv8MSlsjs()v_lBG!AjT4WS25;?nJ*d5@kAhInRD&To*T$ z>v6Ijm3LP|&tc>{E1TS#^JA=%XBR=d#hYYr5W~kZM(aHfk=+-V5D9Z|Hjn#$wHVC+gn8|j85fGKMun2`3H(ZwpW(Le#lxQ`hsbcndjRcEnI=I(xiMsV+>8Oh%9w7eS~+!02q`?(Ij``;LsKyW z(Heq3T~A`St*^*@piQmuNGkT??(bXcU2($8Ut7Z=EZcwU*=B%AI1RV#&9I2@&@-2? zn%nmH8-lY53B7oR{Dd!+>78z+su$ce%N#SdA+przphM}obJQ)EKLZK+ z2M2Q;t~@wE?t`d=Q1QmgAI4%Hz(ypQVe9KS9%8Z$o-Di+&DqC1YcH|EKEH(Z<8%@= zg#OxJrDUmZHAaL1W2i3p+i#OT!5C#dBn4hB81mG~Z6}{@u}?(H-z*gBL=|Dj|Wkmi1muK$19T&(bf_ z(AQ@=B}T1=A2ATs9F#;{a&H8pXn-fk@VSuGbp?6s$2(nIrwS;?`((Ue&N1nfmrf4F zQ0}C9g!C92h!dNP94V_Nha{ye?;lGUvRu{-p@8Xx!RiyUD~ZPvbn46F3kH zy>auozI|V+7TP+dp7mUUUJVQVGKW5JZg%u^xI!xkx811##9`;eevRN zKI28&NZ$)XSS8<+@@hgMIgj(C$Qd;-1XQD1Uk_%}kdDeHIkMzw-889`SvWKvBlsP| z&EFp$os7ecu;}}n32ZJMxO(})JSiVd9J%NMXUkh~;%-g$An z@^#{j-iF-ZW6D6m#Lv6}bOO2RxbHjdk14 zLi9Pg!uq|BYsL5bi2prHaxWn!lIYQ^if=vNyvq?-IzV^6-#K{r>~U{&t^WWHFrJqm zA0AGRU`fESsSg^9iKp}4JZ)?Ih9-mYndtxXv+;>zv5}gLwLdzWL<9#Xk!(#55cjtj zT*b|i$(Eihp&4I6;$#XO3%v;e*a)2k@nQJ$h!~N6pQCzlC<)WN#)X7#3}L`%gqvQY z&P6I=9mppf(@E=uz@?-5MR_nR6MAK2#-;F(WWQ@QQeKT5UGS(gCzKX&v53hN9 z&2u7eB&{!|wr+tGM)+xaGeC@-q;MH^&2NI4*0sXJ`?$_GHp+t@C`OzbgBeQkE}{$r zk%!r9PM%;qGu1*ms(UowI)^yALQt9s$P>;5&x5m346sRiDvOq8J3!4aQ}Er^Rd$~< zMcqbrM1m6h@ZvA?+2#3y0gfB%KYrZ**t_|0t#@;Eu=nHI{^AcGU)@^8i$CoB*u%Gt z-YpRHmcFxBE2yy#=l;#LRl1-+JZ}^~;IlZ?+md}E$UW6i3yn0QR$@8_XQko43a#^< zYAaGC-v+3fkR1<~miF$x$}k`lp`60dGWTBj(^P2}(Nfu8R~i9;w3}#zT6?&c8NCq~ zWJ-uW#h3*KXeydqA#6QG*LPQtbi*R&<+gV$5H}!*j9#NY4r$tN8*@Aw^)_u`j$t>b z$FtpFpVQur$Rc-)j^|6+}{-`r%bmEm@;n zH$&62`R+NC611q(aKT@gc>4=Xp#6^<_~Z-%8RXcRPa{f{IN2Qt1>0;6*$T4xTDXGz zXZ0oq8{b_2@#A>$aqrvv-}KfHj&qZbhO2vPy;p+`eBp!ZYb>&&^Ed;ZVh|c33iwgr z0MTqHS%#9V2w4VOt zN;1fTW+8AUz7ciUprzQtIGzlMn+j}y>u*T>6l}tjafEbc#NVtW>XCDE;C?K(7FqwJ zt|x!S0>kkh-CB`YhLyYdm|z+-mN3j7j5ii4RF+!F@+0KJ;T5VjeF@1*R4iR1-3IGJ zbWZnR5Diob9Bnw!(G!V8{tQltBfxes*6fJyAFBhp{8(e@MS|dBKb`YKIdT!54u&wz z)ivUL7Ks8T?}_Mzr`&;GN)ann56abi)Ho2|53-_PK*DpD}8f|o6Ur* z`|orn7iEKj{$bxO!|_p3cK7_~=Y9TTXVj=P;7{FYRpWkl@(A`yFA-#^^?ccedh z3$g?WZqxQTA@NEDCIIy(o&_Bfh@N2yq$liRpSy zr}zSUXvFfMcBmXfZ{job1CF}1)EnB?lt`ufDfRvp&TtPI@obG)Td@~0smulFN*^E$ zpuH7o90a=48I@AoJfM=f`{*!8{BcSdIcucb0dGSaLr=xzkRZ%pN^vmse(9B-Er{CC zvC~VWzF>}(iR3|K6`FafOtp^$ExL+c(t9nc`J3Lo(LE?KNOB7;@;#Fz0@{3XI>YH+ zLi!q}|Mv5=WaDy#evhyNI9H9}%2J>-t*rLUnJRy(Y{fAN4CaG|y#}JtuqtzRFwhKh zX0y?Cv@k|cS%YzbVmD;8m#8>ESHs_uzBpO%l?AjTvUL>%a0*pzK(Y>!9}EdCu6;<{ zKB7FZSQ-J}Rko$`HhIPH?*YjHtP;p-)=_AC3DU&K_ZGa^Rm+8-B{E5pZIfFdU~T=i zHQRxqmQvap0I{bY?$5hbm=Lh7Bhck_Xv8q{1U^CpRd6m}o?+JIwwrW(bWJpcw>p+e zP~NKowN>1rX737mN;s&WcfVFqwly%OiqXO0k>5C&Nl0+|3UGo(UygYw*TS=k!^n%_ z7|uwpkKj?68hJxVnAgyB(AnV|qk>IEA-pD%gDj%Z!&V-0OF9F8WQzTgTol^=M7H_V z&aQYvt<2*_UgLX{NY5w7lb;86QC+XUw>kWe@$kQ(4Gv%3;tVw&^cb&iRzk# zHW`&OuuJdoS{S0rkD6@Fc_xWa%(*WXYe9zv&`>Yj1R5kmNmE2Om96j?7RLu+M2}V*~ zf7Qy>Rgq}@RC(CJej)XOEVO#(o+SED$%3tEN+yxXFMt&GlDH)jm-v`Xg^dpS!+$v% ze^?-zBw=dVAeQ7z+C~eltRIVsRJ5P8$F)f6PyzD}?w-R5)(lh5AjuFLgE3Bb23%Ky z^!EyC0I}L^Sa^z8y+E&?VDf*^ji8rjkyJSP^A|H~+AL28!CsPr0`ouFenC5lx2QaP z-G2xChxc6&(akA+i%kTQ`>R?t$aL5xD|LmuDmGlZ6IIE*p4V_>R2t;X4Wb0o-^otH za7l;c97jRn518PVwA1lVP>_*UfSJPCB2--@0M9cAdS9;DyCJ6utLh2c=qfi zGTM=G^992TX~H7cQS>PX+Eovmnf4-KfmDMtV04%Q66k{aK|-oYP)&eF}9MzuR)8q4)Cn<7IoEc8VRZbX!?L`yBOc z?eziFT=?x}y!VW0;PHF3{rCkUAAdmdYPn7F;gikn$1;_SW>=6xn(U;5A(a!sq?Fc% z#~RKj-tM)`tO&?cObQkJ%C?p%Z<9$3m2$n_GOY;krNFN)3)nyk%5_oZsgp$e@RUz^ zue^vVZHY+0#76Kaos?0%s{5*U+My#f9 z;|h_{f`?NVhKW>obeB%1S}Itrb77*De3i^1+l;mGOdwN`q+u1QD#Ee6PYoS|bndiu z$!mP_Wb*E|&!MZD{QOB(=`g2LDpgt=C-bxl*6vzsy*=kWK;aqxgcWj81St?ll$Dv6A`@ZlEo!-naWX1MxU0MeLmZM>ojYw zW^F`QHR4JVCyGqAOn1^*VCQ6Bc4>>`bUlZ&lM9+9#cb)1FiTZ>2Z&b-Sa>T7IoUEWmzzivK#Ia5PhPrT%Nt2At&Tk2+%Q` zMtm^ne@h;|dq@8y_8rxu{FbTtTf%^=>Ku#;9$63NsHS#=5}kr3mXZl*A%>NpVL$Vc z`8`6gCdI2>aSS{5A>!H(VXg8iFty||*ZfThrzY|#U<5|REVL$M297-f+XKMq797*B zq zsRZW)tN6j_HY~FmCSh%*D$R04^Fzb zZXs92nGVkPsi>%^+uJUci{&)Wl@o&m){_!WkL3n&nH%c4x&j-a`zqN^{0^s zWDUMD)zq)KO-#M{|75P<)}RYX;S-JnX@VY~m(1HE^B|IGcwgfgL9T|B6;RiA%wHA* zPnfFSpYA9t2PvZ&dzP4hHU~taSj!dWS_oA^6&pwpG&RIA@#^G=Ga}67Yn=pZMxJ~k zz2MP>698whaMM(zqGSm^bNw%8SmB6g=acyu;SjjK5Zj|~WwH9U595r4Uq}Wh8tEg% zLI1w4Xgn4hDOwbXc%Q+%xFb#2Q7Z-M)Ctw!Iju$F67Cx4M zZ5novPnY97wq)m?91H?lF5W^kIwdY(Vxg&ge6pA!$OTT?!^sh%UzlcIe&7ubgB^Y7 z={1HZiNz9^6iyEj9TT9=FJa@Y+sndQmM@;_?R7%yV(-3_O?8F(og<>l*7TLWm*~`2 zVyT9{lK4p}T)Bv+3sw5ME_@w!sdikoOetjedXIbW-+st=6N6#h5@FG@y~Mfx1$ZLU zN0g*Bd)}_B)`QBS&UV^X4}eA@k^74?YViob9wcB0;?5Ph8d%+r6&hcqpoACqpX1IC z;9R#nae6o!T?it}leMy)*RQD{-y_E_)QcxYfO4oe*AbMnVHo#OqV;~ti z-=eCYA!QK)~ zaq{j}gc%8DRq_NlLZk4@ly{{2^F<)M!a{hCj8|Cm;gAikLu`^li4o8S;#BATzjoVf zLRn)to#9m(ovPw^LiUEfkt%Wb9`4%1%(4^>Jj1h?AHD!v z`F!wwfrUBgk{1ineNnSXcnKwyEm%!WBoqs`_tizFmt%<9h?4;H^*z-&oM1TbEMvY* zLt>L_VcV=7H6pb&6N)m>#eGE-d03e{I~ro|+f^kS1L?S`NYxw%&urFpW2f!w4X3I zwK`DQ3q?H{&9uT2LmG;M-I~M@zt7plQo|b{p?ANPG7U=-PDc)TE-bD}Z48j2@rnJH zsn6&j>`swT(Y7QvhDfr?!?jDah*P(p%iO=A%b&>epV>`mCGQ}YT>ce{MiQu*UFZj8 zvM6agDp=i$+kjBC!^tX9V_fN8%cZ;_5jw})mISvWWP@g*we^aITDrbVJEOFbL@0X% z6V-6D=s~HykBzBhL*e@5QTmCFCOQQ7r@T?Ur5~ccrAfI}cTEzPryYf|1_c5FA$^~4 zerCbdCbKSakC-+l)+A~w3b3c$rwxfILJyETXLiKP57XvoQu2i}t_helA+)O~egpc> z;be-VE2EbEc^h%|GGwV7X9jPJxD;DYs?KKkhScdc=3kCPSu=qu)NK*$C`h$v{Vl9; zWp97qjP#sLm2CZP5XqA1|D%Zt6`S@V*sgfS7sq{0UqjD6nIeSro*DbTFs(@qPh}5r z{r{sx_`m-=z}_g0yTxcta5PSZrQ8@vLG5z%H;aU9FPI5-3dWeMX}g|&-nA=T3xe&_ z#RMLx1Q+W_xPCl(RcH@EA`MHJoGwAEYFX>7V)d_| zlsuiQbOp%6QHrPhgi5mRHE8zQ)I>~z(^^X2ng%-|Ywg|9G(buB z%@4(^j*7CDm#A5m!pLX5jJ$A?6E*s{$pi@(MKhBQ=lJXclu#ah3^`9gC5Re_B*TME znGKsvxBR;7U-m`2QwP0vyNX-j@{}hdKBnjhtTj2p4BsM>(MW$S5*22;n?XwmA?E}+ziU>6Jfv}t*C&h(=^~6XJ>j01^2d2B-o>e zpu;(`BEcmV^6T?lMt{`c3r_nC*A?@RklNrXl||;R(hOV781Y}PkX?&CSp8_9`k}8R z`wncHclY>e{0oq4cGK2VW-h3q*GK6L9F{XJ0+w5Iv$H7^h~#0`ht`JF(T{ zx~--Td)GEa5h@bd7=(2BkhQ2|{Xl;OjZuH)*GrB>x|qYuWk{Qa7($Roj)7u$BfBZ1 zJ)`++CzwNF9@n$r5uMrIyo#Wt3z(dlS|dlUkUUh{M}K_hX@y*KDT`HY$q}7|lOmyP zjOlb2!cntm8)6#`Z=*whtA9^Vx)HHoTf+oAyblVx~C2y@db$(jC@{a5+|Va+c)j!iBbJCdh#hep*El2 zmnFvHsc$7&VjWqABWg$0+C~FZb?f$L&~aIgxPFLO&V~`#M>aZPu9O&FrN#`BYXsX9 zIjD(n44$XP`VGf3j#l&X8c_m2qn8zKX%`{UnAl{Qa65s>Xoy|z29^{q<%(gRE++^? zeVj;%P7!A>LM|879#s&wnE0Xu5ThPKY{Zr)3jv|pfCsmRy->H(f$fr!w4Mt`n-9xT z)}Tx@kqxGs<7%dS1-mrMhC@Q$bt6V@fD<941Hx`Jwq(Ah`H~t<`i)-Z%T~Rg&9zm) zw6CPy4BOU6F?Ac`O82i^`(7fQL6c>vvm~tbyJ|Bg|B~aJZBi={h;1~7<-1Ah7I=~P zG}0}3+$BzxWz~+R&`7!}Twnn)@Ny&Fq;FAqq!g-LUyhc-S+(9v6iJvOp-ukFsfZAN&WoS>9_lj{qg_~k+woVI*$(Gui9CP~U>*mhH7lERN? zhd+rlkI&i*H_cA%Ws}PhT0z(EWy(<9(Qx1W2bZVV@$3t#`n_n{3u^W>EvVmH3jUx0 z)t%|^c1|vjr)Nlo$B%6WfAYGr0-*HbFW4(1LIfZDS(K<<d!G3D6b zhx=>5KKiHG^f*eBIksAu=TWl~=&OY%q%#UvY*f$`w%knSYCLUR{Dqt@dVe_7~;d!i}d}w>HOkyd_tW6I-g#kWtZnDWq+mBHBF0G zTu`;v50^v5RCRyUfnU+7!P(s>Lf*`rZ#!h~%laLEuMS-Nz3V^vDW~-PQ{Z>s1hRs8N}*;4-&# z%2*0{i4_mcDHo)Lbs{DS0F5nBh6|L?%Tfjw^ptD5Tq_9H_R?NnbjB5gDpe4XA!ZCr z5@&3n;XIPwXIZ5xmN*Bi7f5hjg*oG7@($7E|E@vcNXAZcAMg1wCpN!Y($(av_%87V z6HMd2rIdtXvlK}44yHbSZAOvG`}8^jt*e*yAu~5?ssB@wsYe`b*wJZmjszWh%w~_@$%MyDt#PcbdUU}4>*|AW^Ie^?}P@t@t~0nF5uyC zt3}gxss)6Jep=vC&)74An5agaO_3MeEnoC(4aqT4N5eEqQ3Qi2g)r_@%~YVUGipjV zD)cr}T|gls^5^LSH>lQ?8M)|~Jyul_?9VnSR5{1oPH7Z|g>MX^>iWo2@9mgBg2Cc# zg1E@3*iOWbrv#)a*=m^*#@BnKJqLS8@np)FBUBSdJX}?)s7N-!Ct!W!phQq{7{O^l z1=CRFbQvj!&ghsbL~?%zE`G*AiU*T-&nN#$!7eHxhL=PybRtR>c86mT30Dk|pDUC_ z0s^%HM~EwsCP${RuylZ(4yf5N6C8aLY#iVS#Y!T0%)ZLEStBY4?C$IQEfnQeU?8;{ zNTV-!zj5nJpME$3>Am5ad^CfPEA<+flq81O8$mk3Xgi&qA(rvdA)aR3%~TNTGB} zhLIFLOT=1EHaNDj3kkj2cOT5HK}j40aXIXiv803uS)0d^w{&TCx44wUO6=2Ju4FL= zibvsM0mUGkERiE&#A&elicJ_8$Q1U?f9f#kQL{}3W?2I%f;GTWmRG^GG$W5gp=2By zeC*+1%ECG2IQ91QjuNbbmWzs57PG?o=7Dmek z)5gHdM|w#LJ)Y@1koK%(JnWpK zaw(=yn~}_p=#3xsFsXYt{I$)h8;qwfrWMSZHlZkRE8-S1)$k_MW!K*8aRiWEG943z zPMKQFJ!Jy#a3bz%ypk6aoyHysM^ly4i#MP-hLcWKBFt-JSEsd95<<7GHF1|LH=xk? zyXahRL@+P6!k82lm_|c2izXt?Xk@2oZLNm36|tcR(ACwYj2LJbaXqo9%&_c2$_jvxZOWcAKR zcFu42aMrEhvg;T9z>9F4&shf_8K+QvDu`e+r}qX8^)9oatyvq>o}h*Cp@#(>k`w2#xraz=hz(n zcKZ9293tnvg3N|M#8-t9vJ`!R=4H8(g*py8hs+`&(LwAa)-5g{j)cq65f-8LjNiG z0%x`Yp@d37g`};_oN8OJm z$m5HwZ6vhC>%S$)Syu7rdI*vMUk zw82+xcGIJ{(_(CGB&54KN)r5ww4Y@ar7j{1=4;wnf%}6^RXau?H$n)NJDUTm5C2>d2)I zGasXU3V7)#T^_6Pm=;OjihbgH+}iTVPdN3xR+t zR`#;X%@YhsU1c>yq@}57!<8Kie^%_ef^MdaE6})S4m9&c&z)i+@RBgXEbxWPmNysi zzGs7sDXs2qQ_&>%CPxCn?RS^Kg#v1NW?_S}X(p#wMX{*tK$>5OrHLG~VjhWlDO(_- zZC4?JMXq~ABG;~x#0>RDl-`Z67B_mZ#=^?yM^P9y!ws?qL&ekmq$LueV8>|qUo$)V z%Hn)-NQ{;5)WbBq&(9!v&^L=hVd1cTX2uqjfk@-!2n43(^nQk@dS^iNC8`Pk2dYjN z5F)s40j7ILRY<*^co27SWB4HqX&UyRhXEy^Fe0G6!CW(1z2L144sf-%v5pSo5hV)S zk1~}{Wgcc-AbqTOPKwlxXc_Xw&ZKf`a-#)O5fd7?EI3z`0 zp~&2AOx%L(HUzbHr~dl-WN|nKnG6k}xH<~$f|5^XyKiUjcc;f^;|pB0 z!Oez;7F)ZBKwp6}dwz*y|2j0JDJ1hT4`e-I0zl?=MA~{v}9)NK+71t}mzIKG5qwV3Z#8U%o(MDas5dM;3}0 zXuSc`ozZ=GUwu&nxvJp#qph#M{`ya=2;d9T9Ac*24}&+JzdSrlm-(yoVB-yXoT~b?m@yT^jMbP7=@+xrh#?) zr^vT6JCfpk^vOCSX{3_8Y5Lw?9>IlT!Yg(|M3`)vF^dHmS$dYkM(Q<@QFUJK5ZCRn z-kAlTVU7<^o53a`!@y0!Do?9HRiDph=+OC$au1A>3`{}^+%AIZQB-L$fULhco zNSwd`Pb|1n?bseDcBFdzlT~B|dLiit5Og3yHc>1IOdux;C4wigEHble&~cDecjPN_ z6@)E)N(IcQ>6!bj7Jr3{9e6S);e4@)=NkMnNB++Se&~95mZG7$)*dKA9G&6fyYmoDd)#0U9JoO<#Cel7C!TcY167L!EBxMs~CVIEfIxF%N$`oiU ziD*N=!&srOfmg5`b9M?97s~!~%kxO)_-er;tzXH!ML{F66|^Q{21yF4`&3y>ECd&b zDI$48lTG%t-eHimo-w9(>2boKffRh0v7ktbILc{n3v&97V}+=p(X^d}!YQ95rIHd# zW(4jdnBIXTufq^wL}d-_;bLGv6OZe{YhqrcTYrcvA#ppT%+`bzc#)hNW|0erMH-{a z>{U1PB(zx5sMe~54Wq>TISD+bk$DY+nWXs)aTN^aZ&^k^RIv7bb;g(S$EsKk@g0=WMK!YELVcfyHP_iJROoYI=> zi}qX{G`_{F52wz_FL4(;7Wrz3xe0>qfbf><*d+#h%c6CkOqnSH&G?@NaobLm*Z9G5 zzUU=6M`1`pSoZ7!)PpTal2f93`b1Xn2U9{#9;aJQ-S*}0zX$!{uocTD5WTB*D$`l8AG@GP7;*?fLUo%LWS&SdKpfD!$H7bxlv0G5U8=o^Q`zUW1r}B%vgsW zX&Az=c&)Feusq3to5T$YaCUPlq^?^i5>{k^tN}2Il?!}>GRC+x{?nf)w(ebzr@$F1 zWqGQg+6L%O$oeAz1U;5c#a0Kn**k-$(?xKAN~zl*Dij{EE;$J=F!iyKWo~?0#I-UX z3Qi&y)Wckk4weT2gvtsF)pHaC3d~9UlPOZG;YL_Ns4~z16$#W1FVLp7V=ib1;k>M7 zV}tB%_R$MVNBu_!imL7cl*E{XK67h8bAu|!Mn4Bf6~~AYOcM6{MC?O5Vr{bd4r@~n z*?E5axW`<-w_n{_?d^~DM;mdjvz{S33a_(%p!ut~pdkp`6^09!od z4Yhh_FdS9<(V&@2S$*9>D}{yn;(TdvhQMj74phD~sqNUf6mKBpFF1z&y$vq7EWmBW z>?$BY&a4Kq80fm4uv=|5H5d9N=2oQ@ARUd~`BZB*Ayg>mEU;IMW#-07Qo}l`A4_1H zK<&UXg6zf)OKc?R<@}^E>q7k22gCsoN|dFpfRtKcPbJRn?b9jO`HXChdu}M2l zm+F4Y_v^0By1gJG&OL;kr}CFLo<@&PFC1y$ZrN5lSQRiH7qrhWUd)~#oYl`gAWj!I z1TUmC*s&IK5_lN` z^6y;)a47BlZ$PPa-#uX7eYbH{yYDY!_x(v{_q~wM0`s}S)`EE-W`RB>ATQt5{paSn zYwvyoO0D}3qTS9Z0OO9&u__Ug_mK|C!%k8p<&+u^Vrw}+Bqa$k`RQb-%!&kBJ7FrI zsv=@n6KyV>FmA<+RB<)m3KCB*)PZDx3qbXixCBx&LqeXqUDOeDLuvy-e?bKOdk2C6 zZYzQ%kQM|n908VT2q3;cYM`0Cvmy7Q9mu9_wBnmUc2LzJ-#(Lz&cvMTR839H4V2TD z#5w)#Emin5Yo`_KWq^SVp5|_Vko2r@4>WKu-V^=eQAZETMghHTCs+eo(gfYu&TaK} zyw#4YsQtdt1sa=k`#uCk@}R8)MLo(2I~$m9VvBNZ;DEgvbRIw(59<0NjKsWkrx=6qD{-}ldDq(vp>>4b{gXUY_ys8GBnAqtA`=&`g(gz{uQcYGzd+2~wGNM%M)JPI+|u$k2#ik;yk;YW-_j8= zl!ces=$Lkgw#1=GkRIe{b_w<=#74QXLIU%&0N=OtlCP`=@V%ll3T>|s3?vp_+5R_l zE6y)~R6`=Yf@YwUlMWnM9Ti9sIm)mMx(t*i`8zR2o1{1yC7bI@;DQL|WhwXl@n>Oz zaly7LoU#%A-H-9`+A%;z4}h;-bIQrY+3np1A7KTU<9G`WxcB-p84hsPv`O&SO01`V1Juxh@Lv|H%m#f0ga5n83JHQD{|{%6^~4X(N79zi zo4w`%(6!z%!oJ1`s5(MiK0*(fgA6%18H|Ph;p`>?g%E&&HwZ1_71x$ioR=ENNm4!X z$z8?@qIbni0jg7+#91hv&4Ob?*}Z1Sot$uF6(Osu4i20Tf1k{s*!*eowh#O9YcNBJ z)*uTO{z1&GW|-{Rz=UEj9NB_~p+{or2iv0)g^DU<2cyzG+=-|P_A3&r# z|9Vwf6uR3|2!LM@9Eu)Y<9g@wBjpi|kc3rWFJRv;tx&BvqAm5?tLWEl+X%3E)vYTI#(Q<=~?e3OrFA zmm#xOdZO+J!Ahi+Hd8hNV&~-xKscRoMKd{to2@8?j;0G(3O_u- zg-Lj!8CqLK_cCZ-?PBO)y-I+Tmu^TE%qBN1lAg(w0BOoufx=sED_^Q~!yep?hgw^g zf(((}j&}|5hJi1j(zZOgovVpYTaB98D>PFfX4T@P70S{ONKva8#IHef5DT>_AXiJL z2!OrYh(7~7$Gb!XJkSV@s-ujOFVCj`c{!k07e?bY5JxUT{1e`0?DSWxu zgld-|#G}1}tYx7_u5Glm5!aniuYzDj&V<#MmhZoka_mTIjT8GX$W!x&r(f3gSAGPJy@sWgY(q4 z-Wt|y7+`N2jVF0c-;|bPi&-r_XCBaon>%!@)pss+^R#2WMN<=qfslh+p>PK>otgF8 zK{u;)v=J86M#jAM2Ff}e;1dpa!O=!pAxm1m11tm{EEdG$MD{IJV|q&Nyg~t)-($-<@q2JYPPSOJrP0B=@5e*qmUJQ1A%mn^(79q&PsFDi|7plKmbYzdo# z0}fP3u?c|^VzuF#U(N-TPW2Fz;73t4Y4jj@w|pm(N^8BOA20)WlFpXCq}Zk2+O8f& z4bS>>=qg{MH{s3leF;^vo@_mP`snfY)(hZe1DlRW#3+VgboC%;oz?-jEi~}=7t5pX zH8SjXo)hg>Q|xV5-0Yy7NCu^pG7o4aoHzOlc4oxaXCor?*)m0oU37ga!;}jNPS2W^P zJfC0}_^^?6ezZWBPC|uBAr_{q3AIQXd^v#A30#ZYIUpfSxllr%WdaV-7?Wdm`mB`s z5NVdKBhv^8_)Dt!siI#V*>xS?pI@!sTaUrBwAw#>wE6P!i-Vo#4`00ao96^XzckJE zE!=rvYWEQQ0(ViiJ1FNU>rrx?Ojr^tkRKmTrxglSPEqCp2W4u9PN&C}7jbq}UK&gL zo4RJy5I#$bunGYhf~#%*VSCbO7|g3}Hx$*fr8cM-r64kO58#updogIxzgPm=+Cwjj z_Rt4uveAXSi8g@fKqiux5a$JVWkS5I8Q`5Y1FWmNjudtqETFv9dZ5b$c+pmYHh93z z;I-0HLA3z@Ldjxa3=roDpynrI<0~Q;f3?8}f(iUqB(DYpM14UqEIZdAIacl~PX}@i zvlTOIg&@AHpyu8yahfI;kziqIm}e@URRL2jO`v+&F}2H73bsoYt-=N>)mo-CPhSlcOlm}PW4LdHY z>U*}UYlaPv)$}b>QL{0|oN%_=aeT-5?#H`YtD0_2BCQ-?(RMkWXu4o81Cg%_8I%f) z24`QfSZjYOfHGceU1gjc6#&Ma)(Z}M*aLLbN~TK~J8U^p^}eIF3jnKXax9}+b7GV7 z-NERsL~7NqDLTJ|A=`7?0E21@oFpZUBB?g-$Vt-^M5sX5Nd9cBz*k5{)C*w=Q@=fG z^YCzTuEs{EV|e0#kzFMu=g%25JZ1=78rkFu7DmHVi5M6pWhF3(-xx(Ev3YhpDsNy< zQhDfwQ;YyhNU**h)G{E5tbX3+tKK(Qxx-J<{2UG%GvjYaU=>2}41sa2|0#IM)7JnK zlHi8q)&Cf#C|Atla$9@7uQ!J-aq+I+8rpT0Z%dM;-N`AoNBfWjkU~sQn0zge>M9y^ zgL)l#jSI06ewWP=y{yX^T|p(vpw}7W#kr1lw^^s%e3}?-8 z9fYR$=Cz`JUqUxVr{ljPRUYm@D3a0qDA|5TH-BXg*Oj|Gm+&rTFS4)95sDCN6l)*%dmr~de*AH@_lF)18Xqym-eLlF z9be4mMe&_);uO4}y(83p_EE-S)EBA=<^Vex9gliH-W!e2KEQf*cHF4>vG?DVsvBPQ zzwa>>;(y;8-IH9D$obE!Tq;lsAbU4|ezkhbq1+qYBp7`7m!C)YuZJ{&6;SuT-9Kt} z;{LaS%KdNe0++JlY6b>pQPw`L7T=yc3~-IS$a|zhC*y+6lM{01vo~*`*Wqx2 z4J6q3yx=g#b2BwHOu8DkK089fH-tD-#1&_C5En^75@`PHJ4j57`*Ae0?mZp@ z$V=7cNmApkbTPJMmuyvKcGBSeZ|ziv?Vz{-a!%lReQF{sU3von7c!RSbs6%F5z8if zQVS<9;y73r4FE`CuP}58P#;LiF}`C9{`xvdcrrPQ^z*Bti9lT4WVB_S8Qz!mCcXmq zc!RdQB|>_-*u^MKE)YJE0|Yj4!pqGREwy4PRLO9E z!;5_wJdjIuvcH8zeR6{1fhQAtBrNm>4rK+n`{DG>?Cb;7>C(d>f5#}$KDC8SLKcy1vtt=iM!rDTJ3Mo9rKrwlz(jD*0jei>Oq+H?VT ziM86`1+_z)lA8wAjf8mvX5+loZ^7+k;8cDa@)m`Vq0Iu>1DQSSe6v5tB$yG;O+u#A zYWI?WEnf727))6pu&a>cNxr>a_KFhKNS(u&C4T!1msOY_ic8hyDjPjFB@D4Sl%oLuV-|0qP+DXy{EAN}cWO+x)&o~i%j3iFK5E~d3p+c$nTl*L5vTy^FQdCA0JzP+Ma`7 zVpgzNi{bbeW9+xM!}1shStal2M6>lo7r1yqRJhtojUC{&{%|b+4iSHGI6IliU93a? z8o$Pk5bxyWJ2{T6S22M>WsQ?fklRdv1*0fdri(`^V$^1oA{Q;x1#UPcH05btL}x1^3A_F8r~lMFyV zHon@w1}hkLP;$WEOM&tcBioAJX)9PF8OqBb7|(;)YJudX8`{i0j!DUQ&YIQXQoB9I zG2t(><%d0JY_Fyf4)34M=BIEM{nz9>v8eg3@h-0bYG6~Me7DX<)>6S=;Yzu%dOLYd zV+yk}A&94Bhzyn6zDkbj-5lMzEh8Y(U#p3fBVR7Vj2qx2@a24RiZG=G6P?U(6n%R3 z5j=Z=o6AmDZ?A6b;i5E2S-mXR*^Gd5MoxEo&nfo!pU#?sV8SmAk&|$Qy(`5|K5X2_ zz-Yj$fWUOA9%{4Sq*-%#jCC-3l#KLh$)$CWG{X}dZ0UV-Q)2f@Bnu{*$H-RJl`wB1-B07PfMobZ&zu0paqO6>0+B7`j;FwR zxc!L3m#AAeCnrC{1cSTXdC%o=c!4>>8QdIayAIlriL%5VsJS9p zPzD)0K*nE5x5_AFFi4>u&Mxyp&i#i!(_0V2fL$~#V$?>)`A!tdCOwN?_)-dGux>0v zVcb=z!mv(BSC5z}BAGFeGD{QpJ6o-_8LrjE;(_teIqkZPfdCGm&Uu2uK) zWxK&ooU|N?`ixaHMn(%|ej;?e?8z5v(Wz?_ZDr~=EmE%LP%ju=3xe;~HEXI3SGo6}ar=uugjKYiu$YC=;$TWSVU?F|> z)8qqIFGWyX(8>cmibxCp7hUE3vekL-2J-A7_YEwf@bE1L`~76i--l|;MJao&efbLS zuqdUMwVoljz_0uJXE#y>!LD+U1V{PepkyFlsVb zWX2=iFWH=FF^h(y!ePdlfbmg|mea-I>DK8H+YCiv7B!A=ieSHfJ8(v*DAJ2e5Mk+>V=P8R ze@X5LFbx^u6A0*#I}P}r9?^gSG(j-$Zn zDxX`A0kb56meKJC2Q$du3^muif#H4nbrJ5jSiHGJ%A?40!eOQkf@ZM-qII6hh2mT| zIeH+c_?=aCTz$BUR!X{zz7sWt06A^^2RI>*SmGV2&dddze^>gD}v{jU)726<< z5bAV?7)ECIffQ!9A1om(YQG@|5N?Kb5vk_3+TE7Yb*nPG4@}_SB)xRokALO6pBY9$ zj==E#`|%W)8lxC)@H~?nK{3$^j>6IzC#`|>CGHD|#Ktb9l+1OtIjnvl+T|EQWq;xa<8SRGm_M{^64 z*eT_1+zRrz9QWhtc!7v1e85J;d+8S!AJ4G(emuNHvcuu1vAjNV!+SUo37)Tggc(rXL=sXoegDAO)zqLNa3l0lAV^m~dNA7D`ik}vU44LBc zVQd(FKIM+5#!E7HcCh`znAcTaDKX@VN@wW?FAF|C_|Hq&aSJtaub&nL)&78;3^Jg~ zQ*J+8&U7~Cg_divC>V7c~^lCdp5L_61**A?w}q~{;L!SDN{o3{rd z=pv;l-}ISdDcJF`mUMjaWcBu7baQp}o7;r-2e!iXawl`mChew!EK<(G5n0KG*Bz+aqpNqlc`P2xU924G?%EEiInyE5knkffh&lJ83|bvvITtieDmqn_XnGgw>NjWFk1|~gmYjj1VbzoXP&@_0&HMOJ?NJ4Rp^ojp{X3vY?f&)?B`3{Xo6mtsaCIU(_px zGJt?9fLXAi&+{k)f(8ByH$fcS9==-Lzxi?hCPMJjXL>D!V;ft&-kiz|R`jPkdf>_E z9`KEX8)04`o?XYq-(z?{UEv0jq)7OqEt9!4Zccu-txk_hlM?P;9Br{g=m8mZ zq4AU<2xAcRnS(>~A!@+PvTP!)&IUw(j3PEQrnVlie0hF6$62Rvb4ds~IHG4Z+C$^> z7qhr)lyxe;Vih$H#b+oE3fXdkRSMz4K#>(=mi$;+8{Ly7O?Pk9oN2Yx1R^S`wKXPimEg8?|$qfL$oC;7=Cp<3l*Xb^Bxq#SCNBtd`QHT{vCAKv$A zog9O-H`~YP3sPvFv=%AW;wvGx0(u1h>}>wwi@^)aWC0N;54NARy)?nLpPV`_s(T4J zduTseirCw>wze4EkJ;2xTTe;;p67R?nwH#zuscEe{p{F8QY;Q0FrQY2%ha@}HvHxz z!KO51#~gNXl_;473Q*9tAfX*6=|b}6+|CR|tfC_3_CKsDlx)=Bnz~tf>LF4C&7{ek z@e`NxG%17y%i3pE2n(v~$$5tiZ@ex$BI`m5f}$v~;wHfL2(Yfr@RzD#*UlzWr!muN zlN@{KzSs{10(G&$>ML1R=^&1D8}z^ZR+r#d+9WcJ=_;?VBE`Q_*Mpt+=sVaBVN2GC zs<2oZ0%{Np=2aYZh5_CtlC@+cjO!`3T*x7TD_?d!ApnYaDlRGvfkcufg@@c!Oa(|& zCWq%hU=SsH0Ny}j+(-lkec_=z?sT5L|Lb^u1{)-KNfypr9Zw`knYW;cuWi;Z-p*(5 z#V5c262{eYF!|)@2dcOs3}n!MXwPw-3$$POIIz!njYE_dAN1xI9Dn+H&MRJyFWFPQ z`h}`kgGw@BvQm;Ibp>jr6}hgHk~?iwHo*@4Q5F*<59fhbwfj#_785e~b*PeU^-~{2 zYa>C(iv9v6JiS)O7{|rN`g(&6^;R845I5-VnaB>8nY3tTfe3AbV4 zAnm<1@nMZ==~K@MZ|S)jZ7GhU#v@FxhX*frA3n$JG001|wfW-V1FE`?Q)7(=`?Z1( zq<;f-;yZNW+59og*d4@Ho=7&101tazWfpF@8%riAh386w;vmud6{pS0YyU-(y>2fEIV`J3 z+I4JoV>{S3Ccx5HiN34e_hmpuzyKAHOhB0@zXIz%dJ?M>uL9{VaJD0Qr}hIJtUjd? z1GZBkO<1776-w3cgxpT%AeGE2(7HxS;sx1gcTAr!>oMuC)}2LGA;{tc0oO+#xSmXo z$jm`K@mIT($yxRyuK&U9D}rj}{HJ5#C6Qd9DSitPOl&|aNY1)rlBj%>oI4UYf+(Gz z2tb5#lq;@URgC~=oPT1AZWU5=yemD9aGsjw*$5_Vh*)5QW&~*+0?+Bgx{(4`6?gyk zyXn#7DC#oa%Xl+cd`C%UMq~`OUb&rCW!->1FXoc4Oj@7D2r|>c=NZA4+Vj)=v zUVqSw)SN`{90Wsz1hpkKaY`5q%W;oVyIBjRr;Eqpf;C1)gV&9A#!G==pxGG*kbj`n zQGQ%m2msZ*AmRgx4+C{XNx;k;6xt77u`n5cIS_bFousnQiiwFTdji6OSMdj0G8htu zuM1PDn*B-UMpuuziiJL{V0DKIir)=7ZuD;S7d?A#;^YQhX7pN3XNXw9@-cZhpU>ul zYyEHDs|I)<+AIf~yCy1HMsS!8;R#T(kE~H#=hr9^q!C_1*FfAmif|sv#CfzlBS(h7+wc(VTQSbfRDFTWCS$TBSAANKCet!)iP?wXn#sF;e64iHo{pqvk zPc|Qe5ZTio9zOr>+3v$@l%iN_d^YQRpaoS{XVMuY`PXYWx;2)|{sP}8MNIleX{O>9 zN=AG{Gl}aBX7_Tox3+|tY&8g3xoov@bX+fkgiiPHl&qJDII77i#BYm?C7OB2@{_yd` z&E1Fo4)X{tM6e->g^I7*^cTn4+v#k973tLLI_v^0B*UGx&w8`%C{X|#m65@;)vM89!Gu#Q|gDYQn-nIbVk{?95;9$P{wdehvo zf@C(JlmNk5;Jf%P(!z&bet1?aEruZl=ZC1rzJmpvegX{;oGn@h(wg<=X%uF_t8h>; zkA*vnA(pv)ULJL6@QcpV;Pl9B8_}H{A7k&Kd;WZmuPi1wKLxL29GMF$llf$Nr+PAb zpK89fx@sioGo-=LMx&gx|!zJt;1 z0q%+90W8!gesj)v(jCaXi|P2p?fA0FMtihLcCFwN01}-Y;a_+ZtsMcQ?7b)~(5W+= zvl7s}BtKL35K)(DN6=_#j9moF>Yz3bVR3?t$up)~*OG-(+4b@@mhPBxR=8DkKwd#r zYXT%I`Ay1K!2w<9wCE^PbTUN{4L0bH#ghtawyy z8cbd^#m*Iv8Xc=Z{%z7fIG7=XvSmPIyIYwG`L6HusKCRYCx=MXZgRanJ(`xI_2Ch( zx~Dr&9f#k)eRqoV5e=^)mSTy~dW-j_Gl8~hnvN2BBF$%DgY>q;3=zYIm`%Nh8zqL+ zYuUF5+}fuvG4DL&aq*zxORT_Zz{ftp*7gRpvVkg3$$<>Ak*x_9{Z*qN)QNJ<0Y@60 z3Bvq*;6Uy%#K6RTMH6JQ!jRbGFKWGdJ~PmTut@4x@yiEl-rc5d|22f?^N zWNL7Lnj67FfD~2Yzk=Cj?|DKMidL>Qr16GbgA4Xy!6f1aAjvI^x&^TM zP6mCJjSa!8U{OJ9^79l+tK6_%=d^H4Y;dipzrGG@*Z3T! zdq;A0bghqgd2H=_!=oObj{ZKq`1Ve3h(o)R!?&|+1poC$@812}*rMI$IKjHr91L2k zY(r~kk_>V*s#zFwF_@9k9bctn!h>HlmUcD#W00y&0Uvc8Li z-XaemL&BpI#8R7R!NjwZN~V1I^f=MrMQL@^Uth;wC4%a&BUh|Q1ftQvL-nao!y~Rd z-ppW06e?7BgbUxPA_pqGIcs#(qisE1;|j{OcWHX|ZuZk;;0A4)BGt4VE25|%$!GNni7^Q;|*^-`VIp7&oewIcijmdk_w%|zL zoHKJxY)OZvq!pE#pD!k7OjHV)8)JiwoALfY3};86R4gaJx?uUbx6S&1)*(d*{S)b8Z)6KDB1D92c-n*2LlE-qkG;_zS7%q~^EQqU1wM%lr$~~r zqU$sVBY??~zBYS(fXNFVH+mrBDD~mDV{6H%p&SW(h`i`$eEwT41FgDYl3$qeM!3vv z9+@Zv+SyGf@ck|(&(1L(i<3a7ng0GkODjg8>_J;Ym&5Fd_5VnevkcVqp^20%? zjas!?=wfuqFslsAP+&f?so@+w=6-S}#7-kBxc~L&ju=h*-&nTr00v$pT?!#$01G#C zp%+Hu7c+Py?7QV#!?~Tl)WyLy;q*vqOfdMElX6NYMkV)24Jd0|r)@QkIn`0`Vvbyz z{gJI4p$7>7I5Zf3JQP55bITbdCYF-eaO4{#-hz}1CqQM+ngGox)qlm9b`a51ngcyR zm(G}Msj}na>Fd9rPmTjSp6G8QPsV;6mn)e~t`xY>%LKquh?JPkmCbM(LHHtv4@R+$ zRQbYXQ0S~cM_1wB`Q-5xWPE(PNb(=ZY)#?fETST|xAI^4^G~PEhsk&j(){vAnQzGA zHswl@)2C?UQwhW-K9fFv&$uu7Xb z+eg4qF;0*~#uXf-RpDWbfO@gcTJP>1ChCYg$rd6}-k%(e-C_B~8}A;Xh_%m{7_6X# zcG0;qC2GYp&D0P_q_JmBEpskR&j366S(66WU=&6hp$mu};_tOy(Y1K0Ujv4@pV9qc z*l@i$!I^ESVSBH*WrV&8PtE#zijBm`VO3&Xd`Ja|L9?eMSOH2-6)PgR@ud;Q9xF-s z+=)ZIu)5!n-g0{-UqZK|@J?G230;SynvUSqMK9w1DcaMi>0=ybwDs)q%fDu6Ff=1AUD2ylQcrXT{DgKp!j(GXa=YT2!UE;V6)W4IH zB~kiE4pntM55?S0bCN`QKVB8hnT5F zm<&pvPGI$j377vaE>eKC;hZXf!a+-s9wCF)AtP?dkS}G?NA)Zsk zQN|cBLW|*LqnV=NP%s;3q6060&3YYsu_3G9uz_QNbpTq99#J&cBkj4H9NaMcOpc=5 zDlwN^8Ww~@8!%17#KE#d<0hK^^3p2XB*xZSsI$fu7!>4kXDWQk1>KfF5uRst5{MpM zvJk_48k{*01NKUjWua*2(OS(S>{;`vv|Zs~`cizI^7%(~-dYiRr4w@QQ~ZHWco>|Z z3nRU=7#`tQkQ2~RQ5S9$0!3kK;)!Q)Fq{~z@kxA{uom%3UI_5a8zznz<)OC0LR{;x zavV{_lb4w;6mKN}q=^czOeD0=s+FSp1}^&$GV~z^`-!+vOSbe-rt-O;!vNu4d_a_l zMyGR6s&Yi>E#c&l269LS!4bB5(Pc9|{g}dw=Og8~pdEwkiI=QwU^qUX!f^z5R6M5T zN3q1sTWLF%#9{?o6VsGYmc>I+8Y+LifjA*1i2<+@Fc>7*76vzL6mHNnCDF4Ye$+@Z zx`E76JwH!4=7ILh>3kwO%tUVc#iUS=&#EIwGcsgl6lI5z7fgVUZm2na#S*`2 z>zn6O(*WYC8D>a)Dbl;F7zu*9)Ft8r&o`knI@3GSD>&M4q0>U$@#TmJiQv&iDF3b; zkuqK~uC1ajL#vn+M*-tWz!xCi4T)y@3Za;o}6ZvUzt`3d{8M!x?7nc}c-dBKwgh*3yd2-al1t_@49ZLS@?&eN!;7q`~ z$vfMT)66)U+#{3V0u}BYS8;C8&pnFcQw~U|640cwxfG$VX`0}`Epd!hGx$<;?T?V} zEf-HQuXppVL-lMk!NUdB_OIB@wMM=}>bP0!Eq`t{^+%xxSf>s`g% zvH1t%N|;6ip84BpBatfel@Jpil6cm`F z-rr`I0EM(56X1R^>!JIB-FlbjywFPXUU16akPG&dI~O;4GdXcujJ5d|>k?T7j)=wn zLN74BjVP3#`_;ok7A2v%pwqcxePApllrx+1F+ibO6i)cNqd$%Qg~z)*M&bW!3}pw# zDS0u**emPMgz>+3Yt(x({t2R+^BbdS0|;Kk52I60$k4-VJr;ZAynO(nYNnbybNf*+ z**+`e)=1V8?4$CTrHZSJcwQbcM)UDt6~P_?bEwROUBIgz;zm_j=$iJsHs7dg^BnvQ z2jnzb+e(?#fN3d-;AXN`#b2-X4mD=^p4$4Ep-@W_`mz+d#S(%-L&C}c@#kX+a zrroLPGA@+n6tXf@S#|{1>%x|}n!-tloMMA;vAJ9wowjeor6EBU?k5HJ`eNfis6wHH zwD~cRorq`SdDt8bY+c|876Yg&uc;`Qwd8u*zird*x&|b#E?{rR@35xz)QDx#s7(9;zqHyW&SP+X(p;B57nJ;^=zB?9{v2^&^atUB1JssVT9ZO@O^cTtq_F*= zW_pcX2+wP{Jea)m_n(hW3ZxAqJC~aD#M>pl8S!k;sq8+F-G~F3^%|Ao#WfWrskxm# z(`z^7qSI!;hxf-vnOP+%EDQh2*hb!XL+rJgJabLpe%M@M z?$oN8_K7=w8Lj$Yf*777T+hU~hrGw=OW7(OnG6%+9#76D^D&MHkp*5k4|^%Sph@&!0qvM(#><9oW1%RqA~}V^MPc16Cd0vkSXe^#n=ryVn)yHK_7Aotlu6yCPK?fEI7)hMVn}_A> zV;C0847TY~Bld;y4Jl>7Dk7I3L%4`xeI)^+ZdiTA=*)9eu8cNz7d$8G24NhoJNkdw z`}V)Mjw{dK^;fh#Bn`Gew&V3qh$DTlgluN?ARsx3!DbP(P{+_sy1_Pn%-_D>?|D?6 zs(WvDgK#FC z9K9H#s1I-rD9%R&8UD%E*G&M`{{J5Q{?+j(AAWRn^zp|Zzxo~Y@&Enr|2}y2YVh$V zAARz>L(PDX_<*vRDiQY`V*8HHJ8Hr&S91X%WF|tRc?GgmNIyh$q=1j}%L`u+;4Xs_>2aSMb@3s08&Ylv}3w{WD{!hT%&)?)_cH3nQo*1OJDLA1Org%X#U=?L0*&Vw zyyThxa9c`?PQjKs?41ry4v(&~rf(txO!U$Rb{t zpy5MhN@$c-mr3r#h0JVojm#~<1)G{&Yl0&svlf#~Ecgz*R$~+CHARfjKMh8AOiyw7 zT%Dxq4z|6@zy!4QYj7`Vh~29_6G1t&eO!DCw9^Rx)>Dy+DRkS!I@#I=RxKG7w2l(* zfbGgSJk%5!{y4xjFY-R_#tvi&W+5VL_=q8|UqGBM<1j(Ci{cQN#+YD*p7A+f;1DrfVxYv3F)QmaS zJx>_6zP{ZEwWM?o|LW+D%+0F4VBi{e(@>9+#eul&Ocp1`ax#}D0Y!IwIXN2GbF`$} zrzCR&4dkbeI(_5;8xZLxt+zYhln(swx-$~W!c;N)Q^!SJ3JMq4craFlZq7ypSMPGi$Q`41TV@Cn9!EYzdK9c4~8diq=Y9=NwQlneM-Nc{UC)YQEI=^UF+GRqKd{z>ERh> zV7(|B=mD;))}cR>6AXSzVNv&-?@gwCRskom*r~9csu^ycjgRR!ovzvkcExKr6sG6V z*4%oa2~e#fBlrUZTaz1Lr|b$X2OApLpBezKcXIh#V6VX(ByQsXlQUd-%L8n5-SmVw^{RF83wD%T75hgv@#iyA@ca+dwv>G`7XLVihj11h?S4 z&RRMkwfCf{&|riL$pQ< z;PTrez|8K;&2Hh1ZHIYV&6CRP=n_tvQe*9N>i4#|fFMRHV4d3)QFf;j~c?a=fMVrR-JXE#M%RbJ4-^%(f~$B&^fBf-;xBmltsL75KyDkQRdQGqK^PX$od=?a0y_BhxKP}bNHirgdb46+>iq~$|a++QI8 zNK>{V2BMj~W5Gr7dt6fNyzxA14lSIxUO&-wSeOpIMj3o!09Dd;$YkL zBDu6S9Mi~|+=wTHQ=AT-z-;fY#Y4u_w%!>(F%yUyog~aL9ii#2#sn3GA0}XT*>G_a zt`Y@g0fHEi4X?OBT+cm1UWk62=B}S-4!IDiWgD^ThlH37PLH%~6 zj7TU%8!%KiF9eH4;J9p2Mo3$Xcsf+y?!DXQQV0i)sMI;V$N~KZIrl5+&`- z^H+ZZ%=8#7J(P8UVyzQ$Nu~MfLtW9)0GS4PL9`m)>24U_$S?xwk_Z|QywjJa@S3az zsx=@Xa9ikef*twHe(c z3$oKTaCG9oYfAYebb;+F?MW4&X*k!M6pzSn^5?ug&jn)()y^aj(r!i&5@VLN8A|1N zWH1a93^O1MA%`09MNa_%O>z`*Ce1WbiRx9(!!oJ}8bSgtQVx;)&cf~T-{d}j z;IQPxIVTvwsIQf>j;#j?#IkQw04Ia9^ck;0lM#-gp0C(ksC}Oa_ZhAe5>&19yZ~_NDtzh|jMessCk7R}1R!RR(ew>=D+D<(#kWdy2 zxGF^)S9$B$ae*-SmC-;;izW8uh**zZpCPDLklZh>1iM+Uxam(lkRDKW<=86ua`%!i zKtIY5Mf2a!L7Z>_;~ad9$SV{BN16*S?c`yP#e*LYApMvIfy5PAk-1cuPDLWt z6CVVfK)x}j&5#J$H9#Yr12Nl%-^;f#Ip%n<*2CR-y*C#Z=hO9j_dtX0JzX15PVNeeqI`GQ*^&cPE1RAX~cA#f{hqk_0WPv{cItHU0H${;-~E34VVSuiuDnUVs4K1 zWW{Ia;-iLFRx>|D43X9WA*5>@ULwE?4&w(n4wKzW-`wy0uNf@i#dwSaw$T-s9U@3^ zFEj4L#7NL}UcpZb3sG`BQVQ*zDGqvZ+>6-a(G(X1bN4fz98SMo?mrp}aRD>I7~cK# z^~oQRC^Z=UK^g1xkFSufb3bfaAD1M)tLMhNrGc5T2o_~_<@dws8+kFJoy_CS(fIoZ zy=A!}5|MockfjSpo3+2;j?k6f-lurL6x{n)cSm=R?>_kSoti?)9(w z>v#08QTpo`e>u%Tl-k1Sp1+dPPD=O-$yA9VC}gS;ZrQ8c^co+H^d!O8r}lr0z*fy_ zSAr7kfX^Nw0hfk;S+WCFXPvWv#|R+RKjR9YJOcG8EFJ&?hGYbVp(BGr!|sQRI}tm3 z)mx>Aak;>KEcQ#!sMVV!+a+5L2fw6#B8_s0ojaygc6x=Ho&8bO-!j-K6$33=g7nV0 z{iDV7@*Ip0p|GznClG8CM|Tczi~-Q$(IIYjCraN%w5ZVZ(VN53Nlw_#lePCU1(B2I zastsSZ%9GHvE;f`xZF2gt&JQGdvnzKthnIB^2ZogH~d>5pl%}Ye{Ae|0>1Us^jWd#q^;kP;BdI z-M;-d9VgI1!GF*sL32nyxM1?aBdbs-Ju|ZqsUuUpF^ToE@_~nBThJ=ee%$N5giGU& zzMWp4RgW(xr_~ee>;?L-o~r4DtQTQf$jBEIcTu)y@5{pqJ|Di5mY9C}29G)>ctaT@f>Zoo7 zAQEgal*CZ!^^ex2U^1!Kf9rJ?oVe_nR@{&5cc{w>{4;}N6wfkCt_HFY}%v^3-=m|ozJ233D3Oi-IBmlD* z4$>pzXa6x4vDZYWyK);iK6q#}MO_{_L|tf>Fq4}L=IcrnSp-uR)7Ck11V5_HDRDNY zGkY^n`R&}A7r>|)d*g`qk7nQ3Ekdo_(s=n~0Lq5paJ+Lln$O6sLNa^ETwK3b=G=mk z-CVe=mds;rDH83h8oB`|HnZ+?W-IbB>D}g-7=&~p{KO~Pxxq3a?y&rkkfgy4Y>3W& z45Tw~#nwh6{U41kn4A<4*q0KRU%-3gf;`v2Ovpjr=&$Fa2VFtl+B-{l0*mwrD*NCV z9Ile&M=&wRXAcj-9{+Q2RlQWQs!*;~AK=a6%JA_#$<5`=*fh+IPl?6?F2k-2=* zAd7mgN*}F#ZwF+UK_=z0y81&ROwpe+koYxbUzU1|FPjkTChY=MIrSVNP^t_yQqP$E z!?IKB5t6BR-dIBUT6VPfpv$k0y?wEmC{xO5A)YL)7t=FZ(CbA-u7stZ8kLYl9hQQy zeO+x-4P0n+EWPpqC|c&cz^cTAx_biB+Wxol=NtnVZtYG&sj6q3DneZC3~&JjJjD3u z?@0fI)l`&IHVtS$oE*96PF#N*W!xW1Riybme}X_=si+|*ibNH^fr2qnGQRASKRrC6 z|DHzmu3ZD~ALcI+EBb19ii3>Dy#1k)2P}ZFaXN&Tuk8)4(i^}8fuxbo(qzspPPKe` zIm**{%(8C=9qXAB_kT48cZ&~0w+NWKJ=+Y86a!S!A#|QVfJb^;LLxm5Fesko)u+e4 z@bsW_&GQs3H{jyJNGtJol0CNh`rh!sBv9*$*|7CR>ahd`+m}yL!vGu^KH`f_flV^3 zyj6aZ`f}*8iT|Bmc0!V^J6}5Ysu2n-btlkLH#;oh4YAVNlfayv80Iykbs|p_Of9`^ zw9#t!#5(q`yMM=crStBN>y7U2aVKwfcXt6nd^1{MSRl#l?jq{w>{`I-%%!`ljAEUg zyzF9G-MwBL6{%1eztn)mjQkDh=~FH#q<#A6w|n}=Hod>bK%J|oM}A9#>Q59}P!u33 zO2JuPwa{&Kr+TxvO+lgs5o34B)2sACMRIo!K81b%Lq#A(k;>>@IAMn)QX)*pcGvtXsmdqd8>Bs>J&CIKmq@bcYtMBm>HY94-(k1{!Cu#U=c)fVM_}zhPi+)?BZI>{cTMc z*A?}y1~^+qp!W#LdpIf^NrV9~)QvZ7hDC8*Z^@LCW<>8$!Io!T57T8VZ5-pG)A8gA z2VHWx&aTBx`SZ$T^2htlcE%!yaHQz9j@}jy3Atl2O#w7ms|2VzSM>-}h+>@Bj&<^1 z{S8RH<(pD=LN0)ZvTXWOR(;cw2yzl?>$OQ@G!VOBBLX=#8*}UdoYOVM=7d*)ki?`X&N-=6ZH7}Mb zwUFe@y$Ko2`o_@D^o@+2jQ zc-32mBtbPIE#9jGpi&WUEkK-s4bA|E;#Kc{??YA$K_al#PhXJ|2yIl)ENYwYw9?2q zFClY-Nvjc-jQ`S-N{V2HLD~O1kB3D?%`(Z0}To|fVg7W2VIZGzS$2j3vPtJi=hsYK{FP@Cpf2jS)6?P z{56(lS)SMY2sr3dD*ID~rsiZX|;zPDfe#ImT+g&gyrXJ`_H6*%4F=0tl!}Vpi;Mg4y76p zAOI~Mu`D(ebsd-Ngn&VEQ)(YEDQh)J&gYjz>4A< ztGAo`XWCGjf?8d9@0Eu`4YS3j{2!wW+g@8GqJRn%RLqijpMQIjhqQU;2Y#K4?SbHL zB2vsrP%Y0gGp(hf-@@Lpz7+d2Mws-c&%D3a6H36w1a(af>p+6kirCSH2~#cm2IaQb?EeRp$X=iwIzk6%7{@?!HZFN7v0Oj<%$ z{h#0w3Kg7whFeIjbI7A1?k)TYm4tu6Lqq|mQo=GN2x8cwzYM8LdF4S0vupOdWSynH zfY_!MV0v8%fyx3}ID!*}Ls`gKd4Z8~J8-_-eD>)14neagT~H)34ix}j?%%`u<*BeJ zg4kq=P1HUS764321=JJDG2>2y44HBlIgK6T_P~{8QlT;qUg9F zM%Rv$%6-(5!qv9hR&XY6&-U$Orb=H-2FNM)`n|v!VI|*>C&$>D73Q64s%u>FqXDlU zmJ?!XbD{*zz}mbqjuv@?5HwH0r&3cyAcE3!_wt;Cfhh8Tq;vX-a|IA^8JD6D1Kz8? zuLV=Yzs0T#FxVv+GEWsa)^yR`%3Tkq8?O+{g}XD5$|jYFzX3t)Rp7Sp zIP%%%+XWc~ZAcqjKvQ?bnkK1*p!3Vo5DZE&KoUDc1Fkd+_o75?o_VS77TqOKHMN0Y zHO~cBvdJQ{1ji0nnthI)M1lAFj_e5ppI_t+!`Co;8w z<}?5}*AJ$Kh_c`Y9=TKnIHzF^S8BGSMY+LV5>OFxK?_JmKa}7FSC+xi^T1FmlhLDs zLDVD5o@UI0e?>i`BXqM<1EY9W|> z4Ca!~s;M#~3*?yR9wJ`2X{AksEOvVz#HCt-Q5I#@ylijtb!lwZR2F=UGuISuzLim` z%PHyHU^SJNiEy2f)3-Hhjq;Zx5jqCv!#lyd{1bW_M3#I{RI$`Y|13fxjv?e?ST=)B zun=L--ZI2{S8!#A=D$-ty6HtuUJR%*wg^O5=GhC7LLYIy3wc+2h zX0-Kuf9rW7g6d4>Kad-|&;P?9_3E9WNEzkWdXgkQ@5%lKw@Lr*=*k-Ef4b%*G4+rk zRUh*BtKm6l68|)YV*^KzuTktF3-J`YA(IKuQ|X;4@~~L6;c~(N%G@GN2UvpR<8<_L zN{2osQ#~Aid&#MUh9qw7TAph?n5E&EpEmI_#y$#uD|gTiiklvhjxi>cp10(M0rkjd z-jU2fy6_HUy2s1?ABX39k$fORQWV9JZdwt|#^Kka`P8+rjKr zn+L3nTyemp2qJ4^LF+VW&Iq0fJud3#PB)_^Iy=uzXOplc3HyrbeedF9;DyZwiPob> zxF?&%icD8_peb)@L^G6MWMvY!T;)8DZ8TWth^5{A8IJ@;kMn zkAhn#*)K#n1sqgvKOo*3VE`DzAOXD&4MPg`x&9!svZ~1PE=TI6;tN074A3o=zY(P)F6Vx0|iKM&h++`Pd1s%O?HXLBqc&n(MHzCdZ4=d zaLaDI_+snXhW%GuYd9*{B(WLfcyu)zV=dxK=wE# zX#+Uq@(M*?S{_HFMg1Wk`iFQoQ;-m3s5iu$FL=vXF$8ZLO9G18++eg%40n&iT2K5F zUu|tmF7=CzoqPD-+UH;0d-3^KXnynt3`)KW-+509sr0mN2XV%|-oDXa4bK<<7@yj!fe9^cF$<*O zj8K8c?;^=&lwRxq8+Zt`iNQolgmAOGx4k|JLR{!oymx}l?b`=?pPB(pDjsj*WRq_y z2mtkQHzegje+3^*;exz8({J7!et5ty!go7^!&6QU3|}3wiZwnXtS_kr)b%KP508@} zDhS~_+Ex7&8%z)e8tH1;x!2&ew%xwJ^}gbC2*Z%4`Cj=F`0Q7+Ahy+@UL@+wnkHRZ zb>BNkct1oPlZS_+@o0#MT5C2%n%R(6nfz-}!Wti_31!s5Gtexhy-(_$8F#0jiIX2K z%LAv>g;pZdT13W4Jifx)XcwisSH&4B2#1Im8>_Y9BJP=)-(#sZAKhz~$gH4gi;O;t zatTr~+#V5IZ{3B|oKxe#G+}OI`oAg;draxuhpV<)z(GH#%+_rqo+n~PE?^_u2Z4lI zM~ptRjv*_@-JDhnbZCm2hgoW9NJqEcHbqxKd^AHbDM-5f50cAX^{y6K^>C(#W4j~R zQ;SFKZ?_fVsrpYbo@eLCs2rU0xa30$enC$ zF&O}gWif%OrF{NqIEBWEGrNhFD9XR9*16EYK3K6P2q>YMY?ofk?PC+W+iA)>+@o z?OwpVaeA7EsXj@?7ho@kL&Ohp(?N0wj~#O6VZH)o7Tmw`eHA z|5KDB?rOt>XK#ifEGHz6k$UOsf+g3w-l6-A@1U2{PiS13_foZwbXc{da?)IL-3nSM zm?ElbwlzLI{P8NSuWORNLe31lsoVhd&BZO36o%dDDJlPC0&TZgjrlAGxWWD+GL5|N zdhy-U;bbzNFvB~c3YGe{#{(JV_^HM>@pGNC%QJ!N2fqjjvxX*@CcUN2h2l&nTc6^o1b9^rD zne;upGeTrEoh;eV-tG0LkRb^B(g=kB>uzJ(cA zcyUwYM8*vhp*Eia*y)u~ttL;l^dTJg0Kh*ucAks=7>Gx&Wde^@{esIb8km zgVo=!eJv2}uVV5qC#Se%@R0Ym|CnL~08O~IdVOoY^j`;I?mE<%Pk}>kz9OE`!IG3TbZ<_|^sPjE8c`#+&l7K*v0XTL#L(Qa` zV5^M*@!cSR3fdzfADYH#G<(2ig|t*=K?6e23RQr6 zBoSp)%5(W2LE*ZkCG)vO+NKo=EQ2(&Y~dTwwG)H(5lK4prHD8G8e}Pe&je_IvbDC5 zqw(iOhmEZtZ?u4OYDObMG0%Ad##yx1MI=!t^)H$&hq(pt#&szAr z#bWY0Zh4}%fi74I>KDWpUvD>)kkv1z0>uW@$HHk$R9uIP7?0W!wE&!4Mu!uzEE{G* zONoi~d-XvQ9;Q~nrT@zvb=YNnu$&?IO~0>-V(}s}30;gtabiW`aJ=(^MG3&r&wvg$ zT9Z{oD<&mV2&;7#qn;LA#wE8qhQZ|nXa)`_g@=od**0g*X%gXVn{*H^_||6NW$S4T~sS$w1rt8 zroPECYj)5+jLouXFDhdZEyOQf`LCZRl zyu*|dy5uhejA^IBjw_=Cia}?D^ka~sYHa6!Wx`oYCmcgj<b$(>-U%-KU4&4sc$?>rls19ka(duxRk^ zU;;xQEM|aHE)tr&39~Z|g-1ylw~UD?qJo8DYj7x5b1dSfYm3Un1o_~jr*6v**FY){ zl&Su)zlJBMU{3IsUt#MS7If+LRR=x01llTK>^Nm*^*(NbMV}J>8u3`AMY5*_TX~2= zEm*eSNcmi``F{j0D@^h}-x$ibPHFACRS{l$BiYhgwF@-(53DSAEi?0-(k2Blxp%os z^f#D86^s(3zH7n-9GvV(3sPHe@se#t;WdyMsmLhD*}h7OSS3$w`=~I4%MaTY$pvI> z!1}k@CNWYu$A#I*nPn0{V9JW1#n1%s_0AaJ6G_!&B(_)6`nh1^Ld_EfFsOy=;MG9Q zONV*nV=)*y{p4b~wERR^BS8f1P?U+0N!l6WBF@@x(i`C@Z-R5Oi%VR|o^qS~7VYEV zYq@^{SKOj|nx`W%FRj=l z6;!et4m3;qrO&juU;3%yErT+imBq+gapxH3%pXMNCZER=f7kzxNS3Brc1rTo9IBgO zOxH3Uw|@1NHnu@m6ZwfMcxQtN6=&x&AT0wU<@_aLOS2JWOu|nH6+%iX?FJ$@wLDI< zE(Do`#`Ht*kPY{?Y^$z7^X;arDoW16!&samLg6Y;c4bxzESY?{mhzMV|JldnqizEy2F zlMqcsd>LjP5jfyj4!fmFJ-fV^$UD{6fh7lUmq@J5UjH{z+wC_DsQC@cru>HKhkHTk z*4l3XDc|Cq%`gqlNiFHGEa7gfBFg$KmP|X{>+4=}|G5g^zv2+hwTaBx8Xt=$pk1*W zl`1xpW6O8L$;IU%qNZe|Qjps$^e{qyh(hBY1A8yeWRu!AB-Bc?F90=qN`SI&S(fjP z*_foypl!gD@MUyPg!6*vJd@$Ey=tdQA1g_F67-1>Q1a0lJESq7PhEMfZ+25BfD)(N zc1Ja|5oTev^WL;;I%|tQ-IdEfKA(&)&!-3-`)21pHd-|F+G-wPrFA zM$x@T?Wn<;Z%$p-Rg+wFZ)>~vSKI$;9=Cz}LGLe--^8zAG!L{Ak7&dG*vqen{zejR zZYi%?)-s#KKX@iEQ3$JAwm_|Dx$ppPab9b{14|>Fh9AephZCc=>xhV_MIcrqRE?t4-eC6z1XGKx!Pd?Sdod> zwsZT!qFAa6O7B5r_7C-n4V=*l$K3ncgjas^=OU*M<&FK_D!tfe<$d3SriZQUGT=mTq9 z?JAT0mkbVcl6SOPU)R~XqjyQCXzK(PsfOG>D>23LAfX~!JsIv~FoBz8c5JCv5}S^M z1;Pf`8o(w%aSzK1pz;RW7AE*1K#N$cw7l0yL1SvTQXf#9>N^<|1m9W@6?zUfpFhE0 z-yKd4;C4q9N7Po4y`U+qel1(5UD~pG{}49z(Z%4{3|kcGF>@!GKn0n&trKvTNM5Ki zK3_ZpE{QTTi(eE>Kv+h{HjqI$HXDl(MT-~qGBvL$mW&-2D@a1A&85Tr02VbYA*@3d zvW+S#5CCTcye4(XwFLImM1_T8lA-kv4w%?7gv`KxkhuwwSdL!REK z8Re1D34?{K?yTNNfwU1qeA|zCr{{wsqrKlc1{%s;rmA!JC;2=JYT-kfVI$=bGQ;>fR&3(XF$ezWc#p`yP}^-(rO2!?kM4wc6fo( zPL$|Q1!9up<8##JL1_gLv(bn)5TZ0%a#`ARP85TrSYN--mon#$4l?MiA^ALFD%qd*0=gILf~2~ zXBV>Ja{7=*perJUKK|h2%uU_bMXsu<%aUHjmvK6+8N}s)fetPOQ|veUGjO8ni9IwU z|7(#D{*dD&o~Rojk7U9Mj;=!*HVG2LVE5k}#h0NpV>$vVoOG}Vm=w*EHDVh4RY3(JMeQ>bi+Gmr`4p7`F zRMP*t_W(0+5&Vkpf?{3OX!9gK^8jgyo!D0urhw3s;^=l zzu7jbvz`&8BCWVCP+S0IaR30*kaKW~3^7+Sb2;2I%y!bJH3>Dn>wQ?6NrWhb%f7sA zWC}I~0O~>vlWbl>@JqSYf$7IazK@tO8S#ymsGoNOv|vunK|?Y1&nSD-86MTSUf`ZJ1l3q93ahn z3tcLOk{FKLG~4m7F&V{j8dECLB9X+{8gmPVlJS(@A6e3H-4T#m^6Zw|Fo;Idkg6Jy#}V#_=2 zFy`r@-~j(n=vt(st~iG}D#w(@gt>D~`fXT3@<4;?++}Q?RI#QheKvia7>4H3A8Vmn zmUwnlf`@H98J-MBur*;Mm>Uf{9~0=YC%o+{6*?9AXhSL&4b17KAsUVg+NUgQ4ULPn z`t!6d5!FU~MXXLibYX+iJb(uN_*aC9P0i=M*FOc1S;d)yFc~}hOm;A~)^OtW0F@sQ zu{qd!9k~)>X+^a9UV%4scO6!Uj!D{HHbcEpa>Ix3%DR{~Rt~HQnbxmw2ZeYCEo*$3 zCl@ZH0ZWc|BV5+e(oH|2>6Yb51EM8hwt$bc2q?CqZUA6Lk!wwLuH`vP)udp_rHq^A zDMANeoZjty{QKX7)v43EVic8wN6tc;o7;yk9o{6~ojVu$Lg>x8sHyz>-wX9BTVti` z0SjI&_doq!i%8w?!{5H7UqAK2yFAAI^j>NqF1N&KqmeDD`4Z6te94Y3wl&-b_-%qZ zeVLYtcQqJrG_2;O8dvi*A)X>=@;WCfB~0}NVW>=a4GU}NRxLGYMd9iz zF@>mpuuHP2;pkF5B`O=+cQMOEkY%~Uv^Gc&Qwb@Xy<^1!nr6IA*tM4usC#}tD+*=} z;ZfC(Wy&^k0)YK-kQeUUd}b5C(^$MU!!mJrxOzYJvz+H(P0%rnlB|@?830EoU&i`p z>+6p;A8)*T^5WpLosDO>_;TaP*2XS3hCwVs2n?2xKZ@nte6EHSGX!&hblcD!yJnyp zPHlnVZfmuzmJ%2Rd%@YQcl@dPhh)r#)x*>2Zd0 zg0#cdJ?2)bBG~RF3`7wY-2vsKNPC(3ReJgeLie~9nOBzln4)d5GB6ijC)YItXM1~`gLp&j1AOYfJ-k`#ugY^N ziSA=LnNSRdw(3(=KCJtd?0;>=hy2&#M~Qcjz^mZ?viKPA!D#2>M-A5$pFGA{lIHk` zpDS;fGO-#pydy+1yoGqtaGJR9I@+Au9;)cd(0W^;*WxV-Knd-AM~KR{(0LB2@QLn* zY>DhjbqNKLy$qK%r-?0?f(zjh?r3Qxd|>G9xnp#NoK~69B|GlxA~}m7r(7)JPSSa! zwGeXS>{Ma5-dj>hLij|Td*6T&;{WA3OS!Oe+WYP!=B!_gkH)8nsL)#nwC5nul4_nuZ43!e}N9f>RSQ?uE-_Z5wE9UrCXmPj_c{o$Csk7*wK3H z`qjYykZO%JD`5~^rsZ+Aptl>i#?P+5F#-l4TvYG4hm5qpe*Pm^uFadrjGf@FDtz<(a5#pK2moc`_Tx$DuO-?4($2B*Aa|`+^Vc3DeDn*)%^$y zLkDUuxjJSl6`q&YQ5um4vG#-d5J6kn0`1Chp%=C{!Jz-sb^C;IL1i{*7pBGa_4|_U zd>l}gb-yq%78~gbz7U)BWE}MtmHEt^Thw&pISVQ0&YzkYblyv;>Mo?W#{-PH1C(iQ zhzKg@9aa4<1wZk*&Q;Wdkg#lK~uoA%(VrOsb2 zv-pYV2KkzL2He?z0$`J}q>7^*X$Q*gSU$#aPdIu>@iy%TVE+{lz+kF}!#>*xJwHtz zbv$*`MamA}2h%AFdBDna_d6QTKB=e&OkXz61Q`B7ybxv6j+$&Dhpa^U*v|%9+}Uwe zE3WeZ56ZGePz+Rs@HouQQw6|2?4$>C(7bli$llQFc*X_2n}-UKndGzW+c{?dviP#O zv%YZx<){UCqf(U$P*8oxm4@8BJ#v>z^7BIOYKEvSPF5x+Pvq85~ z(i%DOQqrs4Aic<*XQ7-X)S?@T+AZGfRvV78GdC&iH<7EmzmDztW$ECBS8AF}P!uY+ z6=~W%F}-lV6ZgS#rJOY8{|*b>#VeZD*Cnd~N71RBTz_HTtgk;u?!=#fplKN3crl7$ zb2`be-+o5Z5>?Z7P_jHNpAIlpXZ5X$&mGUdsogYY`4K)1M!27&Z0=@on+ z`&lDH%G&Ik(p>@$5_ECypM)K85=0TjFniH;I5c#UX$>Cvvf!+_Uny+F$Fh`kjsUwr z?%i5_#p=Rf46+kCroMS8x@tl&yG9ZRrFfz7qm4e|w!PCb*xL<*uLCjjZXBP6Cb^cq z>$61`k-qNe{Y>w%vhK4SRWPQv;uY3kgr#h*!9btlI_BYp=BP$!Pr(e122XVmX@kgY z+O>L%k@%P!9S~0^16064*< zdOfcNgy`bm`lt1U_L)xdonAo5?6sTOf#-m9=o1+qFj7f1>6NlUo6uarq5VX3-gf+q z1l^?OQ^?$M27I!};P&ObC8BdVw=0yvw8}^jVZ$nhpUmp!{Buvhv~nTo)kan0VlFhb zD_NNt^0p6dQUa!ew$g;osfK5&9>bU!{lAH|nMI3q1r2+^yS)zpE>#`%7&=~q`OW&* z@4pX3#qD)pzxTe}gsH3+AA;9dWd_kKecJX6-7*jr?OGO9KlR^j%c7n72*yK<@d;Tv zWCetcPOHVZ2U&3sv#G={xZ+?|w*_|Wz{(GGgQss&NsQom=^bCnDMSiY5>wi$2|Gmc z)V7Qlhg7)cJ`xj4?IL7caVfUeX1nAmlhO`4EW9`^mr7vy)=QfCpfPC6#x=)ud~Bd2 zx57DsWuABnpq6bgTr^W#S$ZNMqbs4ltUub4$~>58*ZB7~AZ3p*Zd+{gwP{9LVzIUR zrbxxyWYu9Wyklm+sO*#&+Hz41&f}ulX&b7sEiE*S@yF={dQt6%+G?gP3qu1nWr}cF zLLV7J!wZS>8|){tdPvFELCy-oLmPpDN&FF7D?0XoEFtRx$xn>;VPE;P03qoB$CZ+E z)X2bT4lgUQp4{gq7tlR3?C_5p4{rpQUh4|= zrx1#tLkN1=Aa+g+y!IG;%Q;<1Cv(`!Jc#!po!gHl75WP5g$heE9D=t1AzusL08VFS zoH5;;ZF61@#LRPd1lUQkyA=ply1CZK?gFq`GwVd|4A_*^lPOsL=;HPAyD0_5?lWH( zXSBnihoUE_$%!&3$K%0t)W7J7rXX!N&ED|<7Zak+6nxbvA%x=xx%{N(D5BruC8Kxk z{_5XMb5;xQa zo>fq{@y|SHiUv_%CuT=m(2v(m`6#p7Y;;u_tiVbpd+(aN{aew+$wY*l3$zhWwv`cz z-Yexz&9_-rCm*=7!vxwb93|rTH5Nf7ESb_GQpng{Dv&k>S_gh*6VJU+d$5PT1Y3bp zN9i5*rg9Ffp$IQfG-J6Dm;{waUz=aq71f2ii|8bgO^;w0R-MtoYLBo=C!XuYy;oS4 z0E6*8n{a>g2ZkN}atb(=BJcN6gYy<9xv#u!)GxMInAo7$h@?)XX>LQRS^VZ1! z+Dq!8GX*6MdHU(N&K@DdlfgIZ@ZhiExaQypVJgtK2YB{1`>Qen<*pgLHB1xrq*31@ zYe$eXDcFh(H3VC^#$*H*-l(pZo@+VF=>@J|iTSoKP)-YN#LeO-uDHfaOc+KxaX4aW z*nq7OuHYLUZ%j@u&yeq&wraW0>$&8MRL~#UgRcg-Fs>)w0Q2yffkxUTQ_#VDA)*@i z4-%*M33T&6`M8iIa!Y!8O{l7>hW#ItGXj8e=^%c^u(!fme)oqv-@lR6V1Kx} zDv+N@QA;Zql9z4|)V?-wR9B%3EO83*7~Oioz)jQ><{jI--2iKEyh4ooB~s(1*>rt< zduQ|D@z#^ggGbN*{Orl|jYmnI5Ki9dV1maE8vxfuCF~Iv+;)vY-H+TkIR|K)nJ}LD zB~#khi@I1)>3F)y0(Z@|2@ib+j9%s)+-)t$)O;NTbz2+hWqUG)L_m@kOit#&c=@-P zA2rsMkig>I6JD3Vl@TMR`Dh%NtPG=O)xuB3<*U!e$5)&miEYVP0@WV-lUgiINSsV) zISRmq9SXMVM@ndo;}O9veWw;Lh@o_r250N^M&8!W4qSgMH*1jz_}(hu1t?B|R$uRO zdOE=Ee;Q{RBR^lhAtC3R(tE_yQ_4xEbL?{xlhCqVa?34sqdgue$b{32w}%4+ebvfV&>3rzK}Ye%T=`xtW`R$ zKbJmL1Lvzy9)um&tus^m53nMl5K?CB(l&MiNh?5w^`oG$H8yV2Q&uLp8sLt6z*CeG zlg!0ea9w?i2AzthEN1{xR2u-KykEMjxinRdtWaX}i^TR5gAmKJtHy+uW1Q3H4DQoD zqoh)S`%B#8Vzp}68CT@jf*lV|Cagz|DpH~sCcG@15}_W3m!}50)|IVU&H73r;ox^* zfu2fB2A^U1K6OOISh??ELWv26avsPl5QoL-_~;OMo(#ScW_EUXMb#5z)WfC$Z3fv{ zq5R9H9#;fx)T1XS*NlJ?kIA1Ic!?AZ|3DTzwpd=trG|i~cO1v=6nJ7TkLWKHp&JzK z64935Wfbcer4;hsulHUe1zsID`!Z+L{XQKa`CR-oVCIJxJyB>OOA(6n=JM4V82>$I z{`n7BptwBq9<;)>ca>wgnMR6Jjk?8&nrxIR-VU<3vRM3y<6(}mw?rywqVH4*I*1<^BYd-&PJq??ziHJ z?r*(b^#XjWyKv;8?ll-+O#+aBt|w4Hs+9Y6YyxWgVu8czr(xjZie|H0*9!h!Q7gDO zrf)|Xk^JCVzmg_s`k?F9P1Ey#m>O7M(xYoBZeizxh9ufdL{D}qn@YLRh|7K(buOwI zCQ)mx)o{$-&eHcP>Gdz5-~A8Mu>7#Wc?k5OMi4`l4CpFErgndlm5Oxk5OLO=oOS{M z*A1@+sZ&w^fnLwT-R}n*&&C&WZ|y^>uzSf}ppwbZd4FeccyzIEE7%9G9-n?UsBbwy z5j<7lg5XmT@)}>fd1?p3@LZt)k^|F@!)maR)P1WuM&}OdcuS>->JnX$ZYD!>3w!YY zy_q<45f3Jhm;NQanGJ~{I=z{Z|7vO&xYE*aoY8bR2J))E(_|5T;E^z(+)RGrab;Wn z*1n04(W=t2b2rrs*pm2XWq{BsS9(dZ+tZ!JPlTxzE;5}Z9%Xh}k1gabJ2+bpv^yhg zJ@Z%?=BjMoIY|hc;fZ~^!AzCWg?!mJ(pzo5v)Eu`t}dX|vsG=$znXemO}}6VuA(viQv&a-!{Nms57irHe^<7^$cyNFS5AeoIoF!ZQYy2wQHy9r`*?1U9wvVm36Gqt(Xgl5n z6-P*$qG9jc8r6tWqpQ{XVYouTRFsdU+ml30f_By9aiV+dv-b*difk-tgl%{bCc4Ksw+Awo~w>DML2K_ykA>eOEX+S1sDrwZ^6(ac)SdtCk4wT z^!B*5GFPf(24W4@tfj|AL0(}yA^bkg(fE--z9`v!ZMec?q}QhwC{?V|M@{QnxTbYg zUKm=Y!{4`&gGW^uO^8iaP*I_wbvig{kpXfA+OnL8BEh7IlcaM=Gp9j-#^Y8Ta zB%85hVd;QP9r5RRgz<O3g{|EhOJLWo)~4KrXTah}xr)U%W`Fj1`?}f(FBa*;H`$)O30$uh z%9Fv__`8Aa*G#$0o8_-B*vxb77#Telf1V7bjQx%)Bv(oI6J;yPfpVITN`k_oceOBc z#b|63NRdM7Vtj#cG*IIW1eAXJekGf2gkmqGWtU_v6~~r!N7;{=8^~wCa5^}BO<-k? z5us+7{udl~xfm+PkyjCjS78we#lZ0Wyc4@6e+%BK?gY8bAI|j>>%$%=8G@TNyqswl#hRFRk$qEY zIM@3N#`8!qVVUrCWkmU?;YgAZ2_@6varSb{=e|AhF;I(A!JV=M9&SGT0ofq9w2q6{ zF=Y@7r{x(Q_fcn|Ur3nIk+lSG)A#WDoGwi0WWpz^IlAFedTw`PY7@_Rbpq}S1Ed)LS$n5*`r3)AX4!s=V zk`Td_FAq;I2Pt!4x&JU_yGlrU!XcJt%Hi-?Fsoa$JHsIlYIvKOSQypb#q@vK;+QV0 zyG$Jxg@+LZ508>B&oY{jV$Gm@+JuASMU!Pkl-kX66M&S*S3#~x4rxlG&#FlpI^fo6Jw}Yw$mc!}BD?}Dv zUJQI{>>Za{$bxX02k;DpcDBAwXnhZKmm=VD_br<=*U&Nuoo%~skZ?GdD#P%t;%P*> z;FJ?c#EtO!xP^NTvk;{sexA^Xc!R1qvR5n`B2>bPkSKs0wuZxC!$>WGRP1EZzZVTl znE&YDkcxHM>@b1k`35Z+{)kYqMaU-UFim3f@f6QOr<5Gv5K}p`QPaO7yK`(YL@ktDypetTv0BnOtNe{ z!4$FX#5NjC5KwM}FgSLdc-c2PGBiv$>@2P@Lm-D}!1#;u4$PyPo?|>Y(Dvm8Y%|Gv z+j{Le7>Pfif`IisI9|iq77s+!zBGMGkUKBz#d!P8`9mI^_`$X2{r{oA_U`_ODO5h! zyr_p_O+c&0Yz{ym@NJ16D{3F-N2{kSb*sOmqlr1hI*0 z1<0!b;Lv)PPEoyxnDwqwCiVbZAWh$YAG6GQf%ZqGfF+S6MuHlaKutSYlaL1{vkwk0 zmis;Y13GAD+}P9#Y8+;?%#MUTvP0B%StNh-CkKmh7EZ#)p*sK?s}3SOXiF~t^U zUQ3MpL7x40hm!*+wZg+}&NOW(JKnX4B_~jxxse7N;eVkIEvVjjdp(GwkCe;TJmDu@pT^4D?Z8BMwm;v-4B}+cpVkd(xerU86 z*_@nJgsF)l&D22NS2kh-s#Ylf0{S!|J-gjfz~%l)m3DyjqS-RV$n+Zdw)=-GL;GC)A1ab;RhdnZHGJh7Z# zpR4&43lD}(KFkbTmuj+vrUF~!?jf;w2alsCOV~*0fiMX_MW##p=dTHw1iQw3h$V?_ zq8FS^u^-jgvmE01re;8vLQI zz);?$dwSC1Vzt9gl`gM1Ntv{4n^tqlrW8~QRr<>Up=(u3!|9`h?AQT!Dx_z~p0RI( zs>altM&I%tb~P`U1x2`HoIi;$!uVaOMl&n0C)WU*s+|^#HSsg)@x|c;Y6M&`>?8tL z1c}YpH?;(FTQ^9D1ww%1{rwVV7(->;tMPVykOm?wu>nc`yi>dp>UrzIQfLLWLIO+f zdygwdFx17x71Tj6LPk_LlL{YDB=Wpt&8DN*y2cLU-fM?nsz;Z-sh7yJ`>(Ym9|OSG z3viRQ;ctM@H|#N5Avf$IoyG`cxzb-c5Z;b59pNo3?YanWpS>-@w{>$}gkQ9eTS541 z43-hzJ`#kF9dsgm{-7P<^ZOL;BRg>;gpV_F-i1BzF`5YPZ#ofvZjbX3er^|v@IDnq zcp5MbE{_sP&C-sk#^s`dv4gZDx1mD;1t9nOhrAJxmrK|jgX5sFL0v*RXb|ZTu;Rm_ zcwBQhaaeq-?ua%{10Gqu#gn8c`xk_^{_`WUq$^YNYv=+dCeuO^(st;@l_H#4Ma3v6 z$8!G?N)hEVw+K}s44abZc>+%EzrqJJmK;bOdG zL(pI0{+r|vq%ymloV%_vWk00k9}LyY$F}X=&2l|npu(0IlYm+>N2?yg&vqS9&{n*O zm;j^7MBg|ttX3U9ZdgUESru{}+J|>4W1mituqM2B z#-i?jJg5~zzF1TtmTXc%0(iD>Da(+mOT@(k1#JKG01y-C}L!*u~cg6=H+@kWDg%=;!jAFANjR5k%b3 z2E}tWj7VZ_{1IORWo&fw(%z9^%U>-l#(4j}{WoDt73ty4LIic)0>!OSV_|Rtfh7M@ z7zhG{c9MBEC!^qQ&u?Pdwy3%^BOqJy{Va_~D1zpvJo)k92e~+^>Ucm54}4UiBfM20ZavAp(Q>invX}Q$oINu zdwn=M?!B8<4zy-$z!Xsr!`DOD>ozq7G*=&@w(YUYk4<)b>j^akL=*k z-I5B>)Ga7GBV~Hp*I;#bQ-T!OjS=I+%l^7qEDaN! zj2%OYA$KP`dF^PlR1f7*fQ;-Y{I?`utkQ6snGeBX;F$&$rBBl zCm~0AETHO2r!5Y;XGcEJ5>EMxOrS>AOk8~8D`o_00u7<&xiOekg)utYE(*Jq9=O)9p%OQ8)B1`-%z4Q#`mVrH)&9Ctf~3>9tz%Z%cZGS0>o6`x*f z38EJfHS8P!0zr22tya;V2Xg%-wf9q!r+L;UPMj^9W!<#ymM~;ptTnsVo>hq(B#?p< z?S0S6!y6*#Q)^i4oia*mhU^b;i<)IZ?0Ly}GZBy+Tir6~v9=V?(RI>kQv~*t+`-O| ziUoCy-bK?`T+3uNh{73DK1dOEujaSh7_hDPALeC(rD%{!#-+%UZnE5VZhNTL-~zG* zzs=NV1YXR&M9jC58%4L3^l)ZU(SHk=I{*x}4rQbPTSYy$1(TyR>n`r?B#+N}RfNCT zOcLI%lQZo+AeUO4CIbzz+z_yZ(R2=_2DB%(f#i~*1=j+lxoJV)B%OzC!&%?&w03SC z#Qty7&7fWY%Lds}@8SR#;2?!%Z-z|*ZR^WW*dg_jzg-xv z*}}L5c;?QWk<*=>lP0(!w+YE2Kg@KH8&%P0?Z|x2`}SWj9#o;PoMyX&GdLg-4CuOc z_%rRnHNKhK^eGFOz$(ilR-ZT++C0b|O`qVl6Lp^{$yd0Uu_|Gt20s>+MzHttucqQ) ze@_35TKwpZN9dF328ul-MJe)V@Utv~AUTCMX2B`U6p!(V*JpD6Di(^I_ej8a=tY=& z_&p>$(^#eq$+ThQ#C{;D+sx>>Ll_$Ch{-5j~Vde)X8Wi>kC)iULD9Gs_cZ zR7RNp>U~R8m%?g!k<0x*{*iH`X=v%*07qqAfNS6C0d8ta{(u2>sD^8JrNKuCMEsV+6B1e{K|#UiGEG08zXN=UnI91PRkf}@}hf|)Rz)n9CEpQ~=EuixSMVJ-GkHikn z1TDyD%Bv13fGwWjD_c6UOX*^Yp@Fv6rX>p4Ra9f0I;OZf8V!;*?kW?SOa|Pn^hC;Qvyp1Ny2&zEqU^NC zjC-4=^(+k9dk&LrZzc0}%E~L#J=Ne4+h3!+Oe!8Jpj2430&M_W7^hZHAHt5?C@r(2 zz@zjETRGR}f&~J@6jzq|ajFOZuq7H8l~<`}K?~=k*hjSG_jlEY*d-NB}m(4vwW7>r|$ zevE`T*&$Q%K(SN_vxtS}L&XQpDwRi50p{{8>(}nx4t#ns29%+AJy=jIWI(s@m<~Aq zzX&-|ku&}UQ6i~9NpwUUYoH^WhA*>ZYDbq4y;y0)=7zOlzb zL9+J7rnXQ6a6I)8u)i6P4>{;@{NJ8Xz%AB$|2+mYKp;(zCPTdrn<`4^3W-LqaKjx! zB*If6I{3*D;-27$a0%Y(>AovTPve(*wI}XFnc}{-ez$Psjy-|EDdPjvjwdiUqX3J< z7fl=euJp3L{^GCOn+H3ae|ovKvl+pt(~iKz%(1)x16ViWLgw+%QLBxVm4@wf9HYvl zGA?fLJF_X>c^6kmtBL%s7|bo)>o7kNgc)TVR+iLl+)`m$2=>C}^OCv-15G&0p( za#XN0SbY7m(4Q0zYyx)SpvZe~FN*aCc>4B}lWEBp^dgNr7MNfh-^+5{qU%sQ9i^*g zVQscjOdu1$k>P(2w}(^gCA;x0M#-ce2A4IzCAmL(zPWqw?D>mK_sYDGLYZ`hifu8+ zvSeI=`cr)FqN^4NC6Gl=gN34-enCspeGm3X%;?&qXHF>v%S^vK-BSOMdb>8I>?bRW z?$#@KiyCnRx`+QnW9P~E=-cXO*yB;S@oC%eDU8v5!3TVc4$CAC3m9XAOQpWd@XY+fR?Mj9Z_ESD0&|nFQIImVVNL z=yi=6+{iJ!0N-kXGxwyEN8#S&Zv`iz{E%}7hQ=+pZ2 zrafNUbia&|GeDXns6nWx-v~g;zZ#k`irT!t`oa9lcG`~0zy6i#%rLCee3FQx9$mt> zKRjAS(FhMju@O{@P|G28wr9GoK0r?*Wo;UM0#|(Ks_E2_qeT^*;ZbYz}bax2H@g!0L~FWa6FPbd+W=}QTAnjwAK9$N^h+F4MjT-{3?4J z)GpbveY{4gu{qj@21-D7@Q`u2|I;^$ufM=E^?1QUBe8-(Y@$ZP z1rpcJd8~_r|dMx1J{nQ@v!7%Ui3DY8JGgeSeNy(wm3h#%jEg|989XpnN-X zs{#O0pY)51i}Oe0??;OM)w-mGYcj3xCS%kWm~Q@ngDMnJYip7tDB9k>mNtjuA47BbSreC3vlXkZ}v0n8!c4t(kU=GfgjX*Ojd! zJp!rl&YHyi(+jXtg0<@2l13aF3rLDQ0E+l!>_zS!at?K57Y;aFEK#A?yjzvWjA&O8 z3bM5l5s`aqqwNwiU~lOIYeDIyP7xqC3L52^>h)lH32o4RcP?=@eHP17{&jrWJG(>) zN=@Ln>Rr4U^!^XP{C~()0aWZId8edx@Er*KO<=~V$a-xt#eb7N9Wn;aDwQc11TCE~ z*4I&F2&etTxwe(0&oT%SG#)$@QpvHRTkNsKu&Ih(qHD9BX}jdPunp zwZ_1m0qN*VONlbAYcQogszo9tK@M*J>oRhW(u*)XZ0cKSSU_9xk4o7xn>p5w71?7k zjJTIp5-fipd&f5_%s2k_QuWz{sh?_jnCj* z7)(eM3~{FbEGEJIFrK2jgJLB;DtG;XNmeC`jpSG^|>Hm^JB~= ztH;!EI434FA|i!9m!&god_8CK7yA zSB${Y@oq52^v&Ui3N7FiHrGrdLp58TY2^WQh`<<4S-oyG^II>FCeD&6D%Tzav(1{} zGR^+<>Wq$I0j|alVco`vnIFVwEF2}kvrNXcXCoXzNFmM&{w9c6{UdL%Ha6y-y0E5N z^7I(O@{xQk z-6f3rNF&yoD<&79YuuJ=%x-CXd2x;tHPnrADiDfD{aN)7p5`0VgdDX>gu^1{QdDaU-Z{ZVVCk4&&DXW`~B|lWOR6OIT<`YJv?!7X~5=D zimt&Sx(LNyOonI3rp+?stV)p^}9L%D^~oDX1+dY zcX%j7GkJFpS!h-{@oWsPp>HE^EcgP%Wn{@KCP zjh+9*rQGuO^Jh=~3L-TAD}Eki`u64BXFD4YH^HX}NA2Ke>p|W)n8_m%qz7%msfseR z*Z&C=oGSBDY_&D|B{t$nGXY1%X^eYO#4Fk}%j{rshmU|t-Abk-uwwvqK=-d$-ExERIYs^f19f)`(M2I?(7lP#(M|q=~$@EzL_sw zuWcTU*Ow>5(f;-+|I@XUS$Q*6f8zh!1=mEnMm^KN91mVyo_qnn2X8|veu1rJOt%Fs zgzfyyFdk|+TszxOHeNh_zVq~8d*k7MZhX!Fp3gV`LXGFAZBAi!QtA^r^8n(t9ys5KYp*kA?_h29>j(be z{gwBAcK**k@xOBc;Ryqs)ErB2>lOZCI@VN%#7oWqXqL(sNK}fB9LQ6JhOfx+qC^FJXe^m{L z$XnEP?`nX~BiHIFrU#FpAuE(rg_W(EKE*I9Jc{v`LPqWkQ4Jt}ocgiLk*xpVAF6sP zd$zCQ*!(n`>KVSY)M>#;*#<0&DMXZqW`X2-{U&2vz=~7g=%lT{>!Au0c}C zeHLrbIyih;TgZhRsuIaqND_gXe*({goZHikPL}}i$iBZ8s+2o&c^yhBFIkdZ1?;3n%p{DED%1IKO;_4O270Q40cw)WOAxQChaAgfUP_w))LGtSkm zV#l#P$o4YXjApwf=F7GbfRO6881*OE4>_KM$3kK*B7P^#R{f(Evry^Cu%4l3y69Bt z$UeHh@1ICiQD>cR<+IOeVgo9|9vRi9t5i8}bY2#lFbwp5%HPNg+Vc0XfJ~A4T}hYzi%6*i$@0jpVYS}0sMoNNZj{bX zjUvK}E5065AL~U?)_TUpYR0oz-!!B->-p(E?l^iDR}|uxj;@n;dWki5dB& zavwm_wI;E!?Xj>$d`RAfCN_XQ&^=hap9)&Su8n;H|C8NgJH;`A>b0C)kD@~BI5dj8 zy5Y6F$calK#JoXFy_ybOQhJ6%TD{9(ylt+$Qfk)Mx1YTHeCyf4#`cywchKo=fI&yv zI3Lb~$Es=wR16jbP3pP{BP!_$PTH=Awao!l>aZ1N-rxHA&dX;nww`YO3eYmyya>2V zz+VGix$`*yvxW;mEO$wec^pW@NQLwemD~HUZa zjgs0h!)+;f;Wlso-@aMi`{uviU;X<1m9_Vl{tf8ZU;2dBpp z0Mb$f6P60&X%-;xdOjG?=sH073Q>=}7jJk~XK(lL_2A;F8w%*U8wL#;-Fo)oV0Y^) z_|ind{dZsFCm+vRqZpI(SNX}u3ocUoBXucSMn^0l{>jI>q6PMKTVW$&B#Bwcb{nhXRy9qz-`*hn4 zPfq(APye*t3ypkYL~(+Uh*m6Q7k=!ci_a(H%k$}S|K2y!0Ruk9N8?lfn&$4zW%&n- zt;t(sLD7NUUnQdRGF@mLI)UaI=|^v!qpt83_&E#P=!U=g@uOSZ@6Wy(o`2-^U}})O zw{o}K=`#uMoX*-_EYwsL0-YGRzzB7Es5GTYtVFRp<=4_4qxzqj_@ z$^&@LBMY8R-z>(a`fDX>`DYQe1W5Tsz={N1w> z11_&uO=Q81yZ6ltEZ|2LglEjfD{3MtPN(C`$>EpeUrX{|HxTdEIQ zl%rUee?oE4+6+phjKa_jvOWL60(WMr0`ERQMY!F&z2^MCbf;gX76{GlujxrW2(Ofg zKEb#GQAn12R#Ygn{z-WAn`6PxTH*6^2J-I)H|ytbSAAGPas#DJq1D^QOI5i2P176dvq4n|CClX91p@+LH|5c7}?Ub+)&pSE0&=gJs&JaV#yI>n+g%199J~&wzylf2U z8V#F{^F%vg>5tf3fI1a#d+CBeG8_P1f%$yX0$*=G>t1Nh_R#!%wD_{nmN-*<6{fGV zN241~9_3>PFPOsI#rx{%zs3hVFXUD~gY*y|&ZPwN?7^m(R-nK8aqVO}Z>u*Nl zPlHz-m|XTe3vFSl59@GNe+ziA6ivO^+PiNS{wX|?t6 zW$$u?2_FxT)OjpXX3T*F+raspN6TT0=wDzY$y|pn9GOoJ&}~>jyR;o1T@rC;anfdA z_#oE0aqFbPFez!cHsFz-G*(JSO?YQB4e!3q)mkN_6GN_=&m#U3&g{ik)a<$@_+CB1 zO2kVLFN1Z&HJSn}u&qWf#-hJ6&A^^6&rlUK*t{w7xcEXJGMIwcd{SM?55cB#H+UdbJ^*4mj`F6X$ zH3uw+iaUMy<`Bn7GbUr?i}|qBHwYPdU-+TXsZ&(7%ZXna@PuSE@wPAT_0s^DD;UR1 zwRlIw(KETB@E`vBOFz3*{3T4 zNc%)R;%agT`3Ys`o}-I#Z~u4=J|T^W`xL6r(Hjv?D-R@~c9_4i&J!Wie1s}Me~5De zIA&~_oOP4(J;GixLepy*6p~2x%fDX(vt{s9-AcTxO@ec+R_1Fk!NjaLudcY)=X=0b z42E(OPLB_7=Cf|_(b}&55(i+gY7Bm*4&SZ{I6P^l&9oe?>t_sQan~^iYjKDp86Gd5 z&g9t+#nK^De97%+N1{2{l5j$$+6R4Tgrhyr`bXMD+Yr+{us>l^x$Eq-;oWYsGr|(9 z9fPiOMzN0467uJ^mOST)(X2Rg8o_e3lmfpXY;p8_IT_(F-d{3bhKB+i0!Zh~L7WK8 z%Yp{adKTfJiG1^TOb=LpDmMu5Q~b#P;Tb3nxb@lh6V!Mo9I>?d@u^VahTIARUz7+BnwCA2VnrHh@t0(&8C-|7+0*{j!!pL1Y}Y`++~ zT4OAah!DO@yoy|^@5>TfHcTd%RW-PaWA~?@9Xx-w_4&)4mrpn5X=+YM;}O%;FV7A+ zxmkPJ-g%sL>MCs~ckWI|Z7f&?c|N#$`s(MWm#466ui#oiWXa%%-u`lWw-4THIFi_i z=zuMJBz?5l-lXOPK>A_dcI;1T=997=D#`zBaCUTv!XDyuxVB>7w4&Y7;@$e-b0K2P ztwY~%Odw`@*MxHsmT%`O-Td$xhdMKft!pLK z;f`!wKGUhV=^Sq7_8V+!EHMi9(v?@76w1!A`z?rb`!q05riZ{s|@R!+7tOwV*! z->bP8&!yWpPZv@sObI65H@_`OpqP*|r4T=Y!}W>}TuuLeIwBX)v*`2V@xd9N-AH`R zAt&Lf4^dhGmGcq2=`{MYVL1Yk?)PMH_yq!it-b$XrFZX4NQ|s1)BhZCa{)vi#{Q3x)IiJhI8Dkm)GpDIzFZ8cQgcEl z{jhIKq)KnoT%cDv6a+x?_^3GHU$MBt4OYeP7G4t@+ls<>jrGV}oIdK+loWD)qSTP- z!=GHAqcpakVsm>uy*Pnn`O}mAWq|tp@B1rVyrkizIa`QW{L$9Srw7otcQ#PZBbORz_tNE|fS9u+YG=PqlEn_fT=-p@Jh_}c zyB#X#He&xUM(>I7l6mC1*v{D`Gsg><+`^i0h<~$CqE^J@PN2g?^|!Mm>$M#nTh{ag z!e81B#>7mUp3>1a6HRF6?LK+YV(8K5MzfP6NVSiJ30gkET)V)A9xvoDOj7C(PmtA* zbWN-r)@&DTH;y!BV~8)`t?X75$;PbnI?jQUL-sij>*D;{ROPEf@ewQz82JE@X$Q@d z;j6!HJgoz)Y;G;)(rgd}<3NU;0Rp~Hcnp5;)2wCtk3+h#=CU;4)K^>iKn7q&(A~!5 z=nX4*%~49Q0~}>O*3K9qyX4pvaksG$4712ezQR)Gv1EbsocUJ$(6-K1gBqqaGtHse znBLc|F*n(N+euU2_gSFNt-5$93QZis%wKmESz^8b?AMqpj4}3xZ<+eYG^`?_j_*hx)+7Ep zj|oT|olV-~=)d^l%cs2^OSE2=^a3f$Z89R}7qAl{9gW(qvs^>dy8Hp7Af@mEoS@&0 zhsR#7(H|o`DBR*$EKjiE&1C$&tbM;Lv1z%#`NKIJrJ#}uK4rGES1I@T$a<9f7P+#X zIyp_XsRV85`(9qr(}TeEX15OXQ|3lz7(Xg=@Kd!QOwXLfWLbAoM&~5sQMmCaeHP{l zUMsh-$ZT!ZB?Zcya?j;UIVL$gy0|<%eF1MZhV4)3|3{jGKBc=l#h;c9^_Qf$#(}}z z;>|8xm`u)rIGKSBI1U?3UL#OT=9Ru^pmw#Km_CXWcfe$ADbH1LKz;H8W|>b1I!L-Z z5?*jvqQ$!4y_Tvuafym17>4;?Cg9R!^VWf4o`YzstX*Yg-h7JUPsn!T!B-qXfvDqP z{{Pgw8#klM<&Cd!yg7HDA~C@CCyDrh?>LBzs&l=HltM1>H<=- zYTuSBrYa6=94j%MCtEY~8!DhQI?+)#H+t9Oyn$CgT3!_WB7+Uh~#B+9!7d`Vcl`J;Nh@ zr%-~pS_h~gZDv&|Bp--*sfAn;WC8j?C;jB`^DsyyO&0|1RLyhDO4(Bx3jJVROwPm8kZMJcdF|MSL;gZ7cEu47 zEHm5Dgq0>yctjGhB^l#2w^dOW3K3Z!Le;8BS}E%AYZY6w(YV1;j58hbA3-|epo)0e zTGME??1ct+M!W`&Sr8{hef-sMm;@Q^v-ZP8tS!r@6yce24Hi!V@m6;rt!)*yhI!5Q zhnyq(9aBuv$6J6H*ss#OXuviu)c%l# z+V90ey#)m%#Zz0T{WZrzt>twVy7l_ikI$dzg_GFXriJ>pzjhku;Fmd)QhSRnJ7diE zmeb}fTslYz5)joqnLhr}jG4`eJ}MPeKBvZ>&>)8dgjATcM||6OTh< zi7X?Akpedhv@%d>N|~adC#LOW{l6~C-1)=o13dj78s1KGx0CO?}m{ zl(0*eUdJ#N5ScPRsSx%cfe;9!a)?29nh-Q;hfTUza-o%Xq2BvvgSe8=9T)q~%> zegU6&#EqrSJ2-|$t0?3HzZ*x7w`E|n>>^6N-OSM}>2LLpQYX=lxOX@LK)ZAVEQ6J; znLK-!YuC#_10FjrSsWSvOuuILu6o^c&8z~D_33MV1_1VonlbH_o{DND#VsCz>8(vyoL9B~JK6m$){<$wv@2{GUVG7?}NDdhNvx;xs) zaqMU&A&$z9o%5T5NXQW<2gLmrT;Lr*yALz+c+%^>L|NB!WbDw~lHJvMW?S&_1hzib zcw!4Bii86l+(!dwQ>cXx9}2!dObQ6zU;S#8)ta8}zu^@aPo8e!wwVpYfdjU>rw&;g zCIhRSM%^NAsZ`yJBlBFIA*>+TcnK~rSp*q8exsLF>uP3>=8zP`>OCqpgls~T&PR64 zjqbu#|rESJZ!dqTX1WdT&X*C@h19`6jh; zA+rK8Y@6r`soPVCg83>BMY<9$p}zuZ1#4BPa^q#c!}rYA;zJ-S{?QvTwXNN#=C_UI zpXuE@g5#kpd8S>>Lv~>{BKx=;9ZIgG-5xOQ3;-<rA~8=4UWnozP1Ky9+!ZKlvoDaYx?(>^ZsZGM*tQl<5_Y zqDu3DwSayS7UQSP#LdbDfvMeuoG;!hSw+5lAyw)_6rzf&Q%QRc4@HP9rf=BnU*bBS z5lf|SOs__V6bxynQI-Y)w6d^l8ek{+BJiMqBA(c6&^7uM(@pGkQ!_DL;Grl+M+9Z; zz1T{wI^eVTNZbQW-F-M@5ysk{emtDc*@?LZnmRJq!n~b9`EBeeyXm5JVZ43llNW|E za0i!%?+3Tg73Q;YyWO2!9(?)=F|E`7E%Y<}z&PSh#G~UeBo|3ztHbPT;3I+r#;C&c z=`%WE`H4?lRey3ZJcdQ1sizHlKkxZ~me8VDbD7Z;tX@W;e z#rtm(8W^Ml=SISTqRbWEt0b664W4{LX*}~+j2NMLUx>+MkpkaRpDANHQT6$D7KD7;%N?o zx+B9My`z zVPsQFT^TwxmK?Y*PI{+h@|-~WY-V+n!}jdoV0I}?)!yteirU%lMT@pepORjM!s0*J z0gc*A_(NzGt}BD&iZE2l*VsSvh#b<--Z8JmcW++2U>YdI|GS7YQspOW@p9vbr+9m> z{;hgF@cuq5LiSU7UXY1nOYW6Wf^=>{tnqW7MNl%+XiP;$btnOSWTq3w4B&W#pK=08 z2h-pHA~I(^U=iZ(@s7$~=$X>VLSghqVa#v>!?amlAbem4%~ng=^h5tV9J&7C;ow}h zX&e6?B2fseCcFh7m1kGHpff)1pVF3o^+JjmVDh_S;)xR~=YMktShm=*TY^RXoRbLL zWSt49YCa{AAv9F;`}z^0)xbdE#hDCbr*M5P$>Q{zdr3c7BX@6#QKCUD(bq8F%=Puz zom`3*vuJ?a)s}131r3lEg}xktU;4I8a>B_DA{ROelIaYaKZL`JaK1BD41nnWI6@fj!pd6 zM~_@wQGna9^F z57T)F+s=ryi0dAgU_B^bcUDi@9mOH6wPm4^P*u1RxBgJkNRn-HY(djJ=IA687k*%vii*_e#zjT9pvUn`x-EE7AHr^iQ%HM* zBZ-vdD_yp#wK4@=gFDgDoQ`tjQ|Q%xV&t!F@{1EMS_h<{(NlGLg|O*lQdBMpn>yW6 zdl&5z@*Y$+MNQ14^L}t;_YFtg8P~QAag)vXBd@m&tB$I39*9kwuyQ|OU^}$IN@~DD zHQYi6JQ_+^$Swj>C9t6WCGJ8*DI0K9ycUHJ3L-XQQ`ryZqN@fMA7#6s!zlp+qe@0e zo~513SxU|pu@B~NU9>xM@U5<0A}sV*oj`b#^Of+pU?SnUaSn=B3DD9->avq9(uqL} z1{@-4s0ynz483PPWCSbrl#q{-W&xJ5Ymr9+XVQbKaA~Gi#R(+c67-2*?OoWM79UG%3*kM6|TmPnrwK4iQeWsGEL!$uq|AseDxZ2I8PDhytjq8u2<)% zUq1YM<%Z>k=7m(>(CRT`{^#lPHLhqMOfQOF3z2q49Nxy!hv5`n_&tZPKPY;pIyRWzSy~V{Dna)NBj!78|F-U^{5&giZ}+?p~v*_1@5-y$xrxXx3(? zxkl5b?tSH!UA5=-fGefAGe?lv+>O&yuqa3~G>m|@HypJKoFx1h=>R7Iuikj^;?-aG z-@M$|+~as{dyD*~XJse?=L?*H5=zZ9m_6^;$o0 z!%$EpS(#RLiv(1DvRAJM#}IW8DkE>>E0+?eT3B$i%*1Z^M($~i4W%3)H>H$sIWrzM zTy|_z3&UR^RB_Bqf(Y1rexQ~tC-99*T+vkqZw-h&2P9}KHzZ_3vza0~B}eW<>OyHNK|L6pC#gOIdH?+=e#k5?L{LCzZ= zZw)4P1Rzqx$Bn= zaO9;VNmEwRzdB!k(`oEtcd^_e$mBubuASa)98$C`8B#f~ttw1OjDcK#{-gj@*eL^( zBX`u?Q>2$gtM-HS3Pn)ks`=17GCwlx+Pj|Fg9wf$7MtWGJEs$H+r2K$cdP-07VDn# zODA2yo3dUq%{bwm|ZJ2gC}jFOb#&Z7?FWIOCH zRsSG0BO?P*ztbGMx!nLRr^<=BGhKPdRUFN1h@2RZZ|0 zwjuY|p{<5aY6eGgR-`9V2KJd8W*Ne4tI;X&?^<5(} zjgcW8R;(t%Ln2LO^@(zi9yK!)Tuj%-*J?WhJi=Ewm!QTUERYU1uEQ-z%(O_@B-W;H zN!q91!KsLwM*_EyzqxU0;8g~~5LNybUP?(r`U!a`c{rDT$EyKYxPIuu2#C*K+sMotcu=9PL5}H}Bxt~u`DDpT zrs$dCmq?{4F*)m>SAdlE7*K%_LhRCc40)g(tE!b)q^GY;&pDWAbphXvX>T)P2$MKE z2Q-BnSEjCJ(FWMaBoJIs9io5{T&#(-P#FY((44M>*tWn&B}oHT1dlxkNP-GT=$OEY ztF=7%w5jQZ9lgu>hy zAP5i!#K}r9Le5-x7dAy^AqO-aKLbm6Ay7FVhfV|>sb9`l5a3Z2|LVAhouCo9MlA6X zcsGE=V-!ubfsLqnNVKskOH!!SDx6q|z71nokcsea%pt0mfw-2+gv#`k_u*d@QzfA- zzbt3zAQG;69bbHEdWD}m`%@)gK!gKR;N@$xsTw8a8++o8#A^b<@GTl50=!g@b2|hc zi&LiRXvroWzOGZ)0N+FeX~A@tLe%M!(zmLW=_(^}atLO8Aa27iT-IbdbG26xXHFu~ z|6Yu7D^Jw^q`C~3PF+r%mLkyrUh8;M8f<|8cVsMfXSbb&_O-!eu|Onk6j zoM)(!PKmr(^iZQG6ux=T!@Mjxwwd33HxAZnx60da!~jH;ynt6=V>0Q(ofv`~7^4SQ z0iO{3Fyll56G)pPSmdm6B$^YFLAV96!#Sv1+LMVJNq3->*PgVKRzoI}0eHQZuQO+D z>2T>u76HsO>^UvXNmnA8w{WC7SoXlioIxR>1Fm3LCXuv?i1iEndluLgoF=FsaDqS< z1g1hu`+!_my**4Ww>}vN;<)tj@nm>-0?##z=gMa=bxQSt){1*JwyQY9b)+nF~AFfO3_H$ zIb$uckCKMTb37#K)pZ?IZOrcO0yn?FJ=dw;_&SPDiF?OzPYxu+iA0%>1V&DB^!H&) z2B=j8>!W=o*dxCSWvhI+>(t5cr27^$S=uKBL#cP8V4XbH8XVR_pS)eRcPZf$TVC2M zeTgsBaO~i$%u6ZHXNq>-Qi4|#jjTIW##}JycnaYr{use4w^E~ec)Z~tZ3=A%0kH{0 z$y2Zg-%NtH3__yiK8+HndwcjVg>}*gCypL#L+o~p(U^OEy#5UovbVS5QFM>ED z{LZ$Ckl+(=|CGP}VmR{Dtk53_uP$R*-ARIi`b5Q$&=OoIELfeM4WRTBNqIGV9mbI} zY8S)goXfh8%4X9Jg07*)V_-&*jG?kQXUaB==~8O4xg33*^v_knl*ZUL^PkBXChCa% zQEi9-MC^U;rAa!H5Oo2YG%_XKHr!`rmO_r8W}Q;Lsd4$(!AqSuGLNc3fdl6Q5+;ft z6HYB4l5JcK1Q&tVi0L;DOb13Wz1(j(%o}Ktfy|P6)~NV{{?5c^xn# zL}3-O47R=$j`sIq9)mE%%Wdn%3qmZz0?xrrM;Ghs=|@4jF&k4k02BdEOgI>5hss^( z%l2F@K6bt>I;A9p-5PB7kTDIIWl>|BETC6}=D_wQ2@+Yu)@o=lCZ%N_ivA=u1ZT&J zMip<%I4o|d?&o)s{`~~zT!;~)Zb#|?DHh^OQW2C@`5Cda7q}N)*X+f%314-a9=*D} zIKR9o^`;7j+_4UrvCedaV|ss=J2D^WB7NC-1ad@6o}kExcrlSGgPp59J6~ zeRsn=0TD?#(Ak($p-~exP^bVmKw|Nj+@0!4Jj?>-V*+C|y_^g{ZWN23{*1f?_!27z zm*hkaDNZ`GA>@Dp`6(*aHJ=H*?xxv44^PLV0q@8N6a@+PI4-n{LfJD(7C?l+aRwD? zET#GelF(n7CKE8ik@PeXpRa4Ah@>WWrB*v}MbKp3{bNvOUymQH8VZ*j4|%KQD{Tp3 z2TM%j8i-~f@W8Kdp3}}qmF7p?bJ$4c=+Nd>$z+i-ZV$ifW6ehdx#Cc<7t3{9P#>mr z*1ux;2P}^V9oK}0T@4^9ks9#-dQInH#%*T_3&2~d$`q9O4pdpIHD=VEpPVxWPlC4~3SzjMa5Bn@35wIMg4>KBtH84s-aYl}n z{T}IZBXqI&b`}@5zUdTl4jMDmVfjy+zRwI#?il&<35u#U8-q&#^4jOl%E}1g{6HK5 z>5NCk9Feb5jDi1aBK)CwA8w!4C(AT0;~rDgOl-p8%)9 zRO{3$j^(mwB9G-SfJR+tC8PIweTcd~T#YV;Qp^n^Wi}zV@C0;k`F0!Z@KCebd2a{e z4@`beEFiA9CN+OeWI=%zNTF(<($Rc6cr)>sd3_(dRy$NZoN)uoMaZj)pI|nRT(7t3 z5acZjBfo{14b>v{M+Ore*m>_^I}u@ghVns-nlBFuN@jLeCZsbn4@uH_3$5XVq#UsV zFVGTaUOpEbG01;hOD*Ga`2ZzC&m=F8Ernc_uyWL}-dfEM7PixpC779|tvoGZw z`;vAS^*4dE{+a^Yn_&!VNMlA4s-r;nW(D9&6S!StKb^lsyjUF6ka{#2FpAQH2Q89^ zSgi~9n-#i$=>3GtjF`(iee^4?KVCw~Bs|#t>D#y8E#7;*i#7dt?bkh1j=$ikXzHQeSmIytb1am6K}(#kuY*~+ zOHU0eZ2Om>YeAXmm4jMp6vIG_TBA?#(dI%Y3(~pX<}Iu0Z$&BL1Y)uB0#p${!Yn?o z1+mUrSQ_;*Q=-^{3M*i&=DN27lfo1kYZoCVr)bOi>w8|4y?EDZrhM$>JByD(bsH4o z!N^F62PMXjnjya*UW5@DYsx`2ZK75hUqHWOK!;9}H-CG?`-mUd^e_DI{<&ypTXi4s3LmAXx*B&iBT2!i}g!WP_u&{6(o|MLu#=;mu zINX6LGN4fsFxKI12apxT3MF?KtahGXbfkhHG<7=6pY7~yZA&{;YwXwd!phx=;;N#F zJrHEX)*<{HGnbp<>`kH=h1d5Xh4_c4B|jY5&IYIvXh0@wqc&D0ZgQ@B{suvX3*l}? z^1@wzQ)8s$Ow{VT?5$9HQUCu`>S`?0vzEzT>B&c{}JsY4o$(H@K6BjP-v-LGnBRzbpyh(zyttw(WkhMMneAFHcOj;w>LZjV43edd$A(g z+DA>ZmpSQ~wP{NQCJ3~_HniONTUx=_C!};1QmVknpNbzy0tzAg%PRx5H`wi(0)unK z>QG6=;kqUn%#v>bK5CJA$GC52O$Ycy2q{LBu22+xK*c~1Zr|!rB2zW4)-fMo-ocsd zfyOaKbFL2_2QQj_l=O>3LqKUaC`Yv~g=9gjWJcur7>uV(HzSO$(*`*@k(X$+tDkW7 zf+g+UIzh_1j`PgB_r}Q(!5Jk7hV#%*T49aBs%%Sm5;@a!a+vU?xy1vD2EmOT&P9R~ zaj$2N&uKjBUwo5s$hl_%HcCL?AK5&a*gU8h7zz>JHX0p07e3R3>APM3tbJA1DzNzZ z}7)1db`{pCGxLRdxc5k&Em zO6UZN5s$T+HGmT2a^AMe-jW%xquPePM=rOaVfAd!E0Xf;t8ki7fJSv7nI6!ZKqIOa z2r!4Jxg^s1ME*nd~*bg$u&`fI6(@5 zj^b&U4=Zxj!x4)HzThYb{tmiYIL2;Q=4hdT^)zN4Kij9_jg3&j857Kt8#|3Wn6Up( z@!@^iQpHJFS*RI!tE4E`j8*7>GzA=6{rm9z2Ds&Dk-)SoJtgkYOPZ9LeV}+Z1*5+_ zQ;nJm78qGQ?x@h2J63EDZ@_l6HyMt*P60=wm6@vXp)e<~J+$Cj>%l^o z62s|0uM@p@_b!YDsX;+1N=;W8(6ns7U-VIs_+nM0su4m&u}u)%Cl_Xcu-8T$N&^Ii zv6uJ=r(gXHNPa=oXV0I91yWc4G!hX)u|-^Gf5_rsO)lu};(fyu`(eCYdLGe&D@EQ1 zht>zW9?{$(M=CmSdt8hHaJ6rNg{dxam2UqCN@B8O$;9+y=ie$N*gi`u!3rZ7hGBf& zf}2smxGnsQJvQQ~OC_b;GdHe!2cHRF4TVo|6T)=)^B}LTfGBZW=o@=%LSTp5O_4Yq z;Ra}2{X9oxpB@3?ztukloOWp^niMv0m$5@26sTn2iu^ihX`kwOFO-)#|*{y746;QMHd&AOcCX=KMQs&UN5A_ zTrK3`Pjg;|zw;W+l&ML5VuH~?1m;bcWmz|9_rcw-mOBsbK0u-;39Lkd_a5B6r!i1z zV=A_;!RYfJ5Lyauz=31rZVD#b3+|k&u7obQU z9?BDF(BYyu*G;6T;IdRqYL}nw_hU8MnaGD`5J#uM^o<-w$}16F;I=QYepoiO)cNcgeKO$*JQ;ksKM+i zbt*<4{ortO+75R3I`}`!m(^({G1g_dmkmZW$yx3kX{uSg>OpXuH)bcp;XGbkPDUsL z1GnVB@`Q3}*gI5|ZeO-R%6)1~hapiF6i8-WQlsEz#~DEk^U)ZNBw>)}=eQHsl9~Fr z29bAgz%VG0CwfzOceNI?(96LkTb~Wi4nPqkJtoqN(HMDCi1nOwJdjL?7ib5|-uF-A zFz_RT3av)JbKtEKZ*g!sez!K2YF{Wt_HHHguwosr3`fb$xIDhm)SDwk6l&ewxZ6F0 zOrXLW)g;xRI=Eg4FL)7&vYC9l@=gOGP($B8D2y(TUAb1g${yKg8m$795MPU}Qt(t( zCBl&;QcfWW?Q0c?UY9}g(BXRxSLk$m`$cE#*_P&Ra!5wGoWZ(`?ijH`mYbE?T3`S1>FdX@wx1?^IZof!V~iSD zaZ5SJb$PL^ab#P06klC58O`<@Kv?(o%>+T|SxlUSpnVUxB2x|j@Xw;fwL|KlE=U?L zWvUR#rX=YzWz#||jqFon1Fn@NOZ<$0YfNVqG*ylcyaN#^IN~q6dwXkdFwg9a)xy8qAfX3#Kz~sx5HRQ0MdH+3Mz00HBhda8S=I z4wI&EEQzv}?YF$#)%wI-{SLTl=WKob@O020Jso`z#p(vhm_?SQt%89L0nt3evDeg= zNZpEhw~&q5F!qg8GKp?k%w-QZj>(!fcWSH%3rO zJw7umGgh)VS}|@CIXeh;K$EFo5^XmyGnN>|szj>kA5#~)vwjC!ClcfE&l@l-o%1{B zvV))dyp)Bp>Ff9JugQr8i~HLpE*L4_%S*t3de+fc#IKKiWUV4k6J(HOK;Gb1x za>Uw5hv)^h<2fJCYF$L9iEYME(vNrZZCMzA$+v*$v0n=Ph4+Qn$E(rd4@0>PEkZm% zKj0@&u7(h%uaga`NT3NZ6cwf18GxakNK(qBTw+tCbtDx$Dk}3WC%**$6a| zo9s_00XwjBlS;%Vk3;AVPP;u8f(>d-O93_MN`~#G;hG;Mi<%y#C1`^rJK(+4+L)@mafsfgAn$ zC@ZfUj9K`EWY6?;JxQDRCW9xJM{U_MXH@W5%zLKF=aFx1iV3HXeM#J;?ansZNJ5f7 z0@~71U5JUh3BjaT%@=Ai3iST^E4_kbX$`+=7N-0nCkwiV`>%#@vel@N6Uym z7Q2Z4L5$$m*eA4!W^83U3+4X>xmBGndwbhoE(uG~J}_X6%r}Ts&?^an&x%n2ifxb= zB2aH9!2ztZi`oQ$3N7Exoj{yqE_m}lG^LgpV39{Lz-jlc zhI=M{d^}QH*~&~KN!O$bv4g};aZR_Tq9D~G1aNA~1#Ku$`5`b!y~2KHWf>oT7>sa# zDFnx48pbse7plh;bpJSAXMkXH^?*1PxHq`24f`)Ti&z2A_6 zrFujET^)tz2e_+D5}WQzq=Y33ET!pAX6bfJ)*fAT%mIfQK`mIMY(A}_XZCGtU-@XfxbVKKh* z+(;3I3`4bR6=VGOjG8IbvR9G8|ATD485m*m?frxU3*8y{%=iVSt6%XCKsH9g{$T0R zx4*8f;lbXj{(EwHKrMA`M&h)P`9_f!LWJz9Ma8AcSeu;T2-yq=ns`PC>KJkT46HAOS-7R|Jq^eo^0Kd-qsb~xRbpwhz! zREny3i>QtxxPX}6hau$$B86v%*hrH?xG-3R}>P=S)HvLFTiU)mQ0su#iFSw6uqWbHHqNaaB_eb z7EoS&Fu8!Dw68KYZxv%&_g9Ga{7d882lCeDUL=Hn#n@e46}1DaB?e(nJAM#f$LJp9 za$HOCsmna9|qn$)(G@{EE3y$%@lrruH#veScI zKVVr3_m+*2xkceEgp6_YVwTQrp>`%H2{`N06Vbue8eYk^l-s?gntG-^=6gS^$~`zw}fWK$j?^HTSJD-0phXPJX&cW z0@yK2*Z3KeX&|&q_WX@15Cozzi=NbtlB}BYeDENHNIPY&&vy;lxuH^1=Dw)euv+2( zT1#Q0|F7-4;=h}^0||} zwTr<1YT8xIN3Jfy8ihH|zlN5%_YY7o6hXtdd@P-F)Rl@!C+%@qT?em+i>XxJv;7&* zIMCy}sCB`D0p^oza`>EI*dL@mpg%?=>WL1UJCsva)cTP$q`+qSBgR7rJE8;2Nt&1@ zCfB4+yv>iaxk_P^mw|lRY{Dk0WigRFTD!p-qai8ST~Q)a4Dp!r&6yoUetKu7YbFM* zefQ?&ljkqLU%f(oo`8IF4&i--PSegb%TPQ@*m*NkfeT2ryND)KlB3B*brGvNfP1FE zgC|!j%#B$&MqO&SV8jC{&|wj-vL@5)1SQUOIMN!AL~KiB^ogPVl0t}h4ZVl1Et&Cd zcQ8WrCm0csKPh(N1C+M;w+CIhY@+8VjD_j*ea+aGDpJ-#>{$*&I+NfVPNrmdC2ez& zKf$;RRXAD158#<(9HMp$epRIy^$E)eKhf=ph%QvbMY7Sp&loB zs;YHn@hF|;y}gfLF6~YKw2uGvR=-?Qe+s__f{ErHB?ndH@0)*hSJiQycu?~HvXFv` z5NaKMZ?^}F|K3|zU@(C{MC-qg<+Hdi(+H5!f;YIFyocJ?!!w+Q99Fw~-8*j|q043b zPyZ0eNw@b=~ayN^D`lKx*Kx6RU$-&WhEYUg)cwE!#jK3PIpNXuT?vlxnh`* z{_uA7Pg+TE`sK_e8=lNRv#`W`dW$KB%{$iwIsO1ZHXw&}9e@SO8cGPsJC9+ZaM@dE zMTiv)Lp&6ONTHLV*GzuGh{@BP9tdLdZ&zzAm9CE!RVZhqOIl_Bl1n@k_1-o7)knu6qI$2 zP|3+)Jes3-8U(GiEP_!Na}7cJ@yT#7#}L-?n%yIx0r!L9x@SqZn`an&5kI)zXs1J@ z;PlV?S96RL+Foyn_hVe8GDr9C$1BIf>vb*C^U39C9*hlbSBK-Z$t)y=ta)~cXveGl zgURp+<)vmH2|EQ`fqtrAN-h$tTdYtyod=Oc7;fYIcEW>nTebPog}A8#jhV?IY~$I? z+Xl#UT;815SeXviR5*%L_L3dm|EAz159iQD!4CX zG%%SeAggQGrHRzOt4PbboG1d9a}FY~y+|foBLY)OgKh!tP!)kIJ9M?X14<|RVf z2REJjRK`xxcP+9xf5H08$}B$Gr;sFe{RsC^@3XehHz+CuufYPcHDLb0P8aGgH0>J5 zgG8|xFQek0mFG8#dZ9IiJ^T^YDEDf3R;twX!CT)L?h2|sS&^rDJba1l%`KM22$Sb2 z>v-WJ$6Y*hyA9_esD*#!@Z~IwuUpP!v=M$99>ji{aKWP%1XljXXTk~4V3fT^yrG2F zd^&dMbmzy9q&+c2|CEJOkjA2?mk02#dp!IuBf443?OroHcW#|IR3G9+sxch^TV9p!f(a94&p{^6(IEe3`_8gN?%E`{fI+EI(v!^LQV z1hp4!b1>b7y`>sBf#(d&;BLnoypx~{RgPghKkegYF2vJ9aoSten@DLo3?s?aYv8_e zzbpt`&%CrNM`Py7199r-DkI-GS^Rs6kop~Di3@kDV{eR1;E`qeMz}T1I8H-|gKwy{ zqT_-+1o|0bn4ojGMLYNB76Awv(7|(zorSx}h5WF2Fhs0tUcTW{H>N5kbz?$%@wdiE ziusD}c-J6{-!^r+e%($fQ`EsDGFU8`Wd$@|QLh;)3n76N3W%^puRlwDEG+riOAUKIAs61BK43~wq+7l38R=%cAK0{m(rJR z%5}%vz~#B;xJk2l;IQn*fe{F&!&+GaFHe6oJU;H(EA0ggAzcmeQ(23{K>Q|$xE>iw zuC~+sYGwHe+H^+`f60Y8jits7tz+2^bwCuW3Z zXgECy07zMG%cLNn2^%(s^Lwcu2h|DMRk7TI)tf;7$P^yNEa>Kfft>?HUkec`4=M&Ve!CF>3vA_pJrHEtD?WC$rj$}#n z?#$9`ZB^N7jscSAha(haqXU5Dbi!oQto4jFWSfxJFPwQ8L+>dlp2A>bW#j56NC@>i zr!2uci4&ZC9-UFlM*I}dWM2c`fv{%_##{p0^=gnUIYCK{0guQI_4z8O(fi{Ok|s`1 zp({?7SiUI16_79?SN&7gIk=MIlsMsk$C*G0K30X00uYRjq0YU0t$7O+^TJPtfcs z=2NjpChTxT`%$u6F`PdKrCXr@YHJ+=Q!$2LY*l_^d>G*vs+yWvyliF|2q#T{bcj0D zDlJ&6EGD~dJ>}N`Lh!*h45(EHZa7}?u@46ncQ}?)j%6xBE<%VrYk?lx)Laf0N>S1Te~VC?m1Jh!zjJKIs?}lc z12?ek$eOj>4B2Af$K|w8&5#Gg>mHJtAQ!KxZtC@zbD+{#dw$~UHlzS!qV>kQp>-h9 zG)2qF_?%Ty!$#B;M6FlhgL%+(s~DI?V~Q@3sr{;8@r;98iLG5i%2WyK$t`;n&{d+- z#*woaR?tX^IE(kx_JSs~OcR%VkluBz4QW*6Z|sYGXMrTJm3@uikw;4p|I+!>WN`Y; z9ab5?Bf&%b$ZdG3h@J+%FecJ9U8|AsSt}8O%}E)*tX$x=(;0bZT+^MoG2n0Z-Mg)6 zkxYJ!oz@{6b)LDGD(PH3D9Hmig=+_VF(b7xYr@uJgpI_n?M~d3 zJsZhRXAR!+62+V^5Mtb)9KDh(JDeD^J-Y!Ec3>1TLyffk*H6EH`k!ckn{i*Z3 zTH*FkLWv&fz1>@1tC9F2&kLGKJC-kdxGN>ymQZR~Gbr)BHogDQk}1)C>uZSk7gKzV z>vi!LL5|nBZdZfj7_s{6nj}{Gasi9N6FG09CvFu#USAJO!!cHQBQeX%kyeT=UemcV zHGzEzJE_Ukth=&Tn#qm5iuEiCM;A=(UA;|dowyPO5TpdvoZJcb(D_)KEWU#tF&!K| z5!*fquZFaBb#o9bR`oQ%7c8ysi{z-D0)+NjAL=}mP-lH*35wV{#Og;U0)$RLdW*A7 z3AI$8wmJAxu-7hP$WcZ6c!hwqRb-^o3%8VlG%%k)e&Hjc|Iz|(i7Of}tcUcCD3L1t zgllzxLdAm>b_Q69!DdDy(E!v$kNUy#VFzV^bUI55Sh3o3Fn>ipmKB>Ei@9cJYz(md?@6z!ZjAEmasUmgzH+&!bEjz-W>u|>GslC5oNthm?!~OI$ZKr=8;mdAYz8UCQ4xb0U-=AwepNM+0Y!*kH0fMi1Wa8h4jjF9XB*BG49<=_YQ5Zy3OrPahqSFj5ZK_6T-t0 z3%rk~45cl3HwVh5CWr^hV(W}75seE6;~#obm1Ieh;H93f9X=yI@lb#Mtn9F+G($K} zJ}$^I+aQ9!hK1%@SAjcB#5A&{l-sJ+i?~qXQyAnKFel1Cz5GwetJ&*{^q;@xQOTc( zEr2Y)V31-8`G4t(dNv@YN!lL3_kYke$mwmBDhtGuI|gOl|Gad?BuY|AJSZi_ zo!u@jZB0WZ!FUEt|IThkPU7%DnzRET_71|6cmCQ5>W4kVU+S)TUo25G**{}Nz1xGd*--XT7sU*un4r=))u znic@AU7QaIz~_sz7Xj)uy*95YNl|QDOJcne4i;yabby&T^PMIFQmqbc@pW9AhnV|*F6Etc!=V8$c(n$_SUZVjU#$SB=~b=%WH%v z17WQlgvqBPB=HS4PEV1shnGui-~VXw;>qG5T$n!qa-&5x$I&3+OBQ7e&n_Tmq|_`ZZ3<$wgq4mmLInS{f`N6R>53Yh6~~npIk)(Uuk{iOM^ZRGF($A z!5Aa@lR)F6eK_btl(Bc{g+*)RnAgE%3xy)9t1CMc_=;FaxHs0P&BjUBonPVuY5E)a z&;G@DpV)XulKF~Hqje=*KJL9yxKFR}MM zZp%dEid-jnaSLh074A$ME+Cgtllrr56rNY*K0**P(mfKC!11+7CYhI?^DbPg!cx03 zUs!@sa|7M_O_nD7zHW8Y4566{w?(Y+|iIy%&B>ZEf;)OwM>tVL8r7CLpD z7oE!P+AyoeKPM_t&4G@r=QiWVg*%p>RcB`+U?`>VM;ZRUc4$v~U2l*_2^sACWy|?d z@$}P{rhUjDM9FelG%qJh;-8Jn;mg{k@I}iq{75G_loJ)T#;tZyoHVfSVE6&k?z0}# zgEgaujXYj=C1~$p_kX!yyX@N)9 zA?-$i0J?kS+W9#W2nZNNH=`DOpbbE7^@+(j(v%)T{Br4~0ety#Y4Ig;u!*Gc>TNzz zQHNm`Lug}|cF<9R5F|a8EhPz~coR;$MOJc7OPz;UfI&rYq87x#_ZrqpObB(;l5foQ zgGiLx{2)K!5%@AIoM9`(84x5lfrYT388`qO3Gy2402!iGMfQfkor=5~B(4ubn6-x} zjf`tKn?#$t+8;EKf6#om7n}qA7&_%k%GDAn;41U3M|m+f}6**WU(-3A_3! z!5did?L}(T-C+xu6(Jh+n^(qSAiWNP> z%-=-}O%uY!0LElJH@PW3Z~`1gIPj44y}q8sN8*&>9Ej9hn_{x~H?T?4=SKF4HSidC zJvO$7+gNWuicxoo30PZzo5^*bh&pH?(%QC#HZLqPN_OX@Kl+|wvP_+rQdBUqjLAjz zUNf-N0g6-Mft52IABi_O{<+)j%MkmgNONa}m4^^|ghJQPBQaYFl0od+r5~QR48b+eD1DsP;UTPKN5oP@ zi60G* z^eyMSF^eGdJe*1z*wdfSnSSID2`o)fHvJ&avw#|fod}n+DvJz`mDml@*!H)DUOPq_ zW35U4NodMvIrz!QNzz33Yo|OhBKHU}=)6u^Yl0}53oKtHfhZy*2b1E12oD;0{{!ec zs~arwlbph3`;>#dHoc_@_)xti^(+wU|FwW zPk$oHD-0~U?Vkk`6Cr+9dW*+Ll=rRpwe`K{uLNO^5f2I@4=#X#GKwgzcn?gCIL3=* zT;PDn$!ukql!PhfPP%FoB7`rH011{6R$>P~vX9#e{WFOiVq6gx2TeQ+I-{g#P38^@ z#45JtjO`;-WOc&4TO;EdVhI7SY{K~4$9GVMD7gf!BS<*~i_?=ySWK{b+kb|$keAW# zlVE|$cae8InodtGx~i1Uw%-rW&zY%ZjQj}pN7w>sKZNRrc|n2w$6kD&L=*=b4dne` z8G3E8_EDY(%3ePz|8~Rfw~_6Cc=7#Ye0dJT`>luILqwGyw+@%5zYNV3yQUxcEI`vw ze}RGe!M`MkXb^?X4)K~V<$CEQ+L^Ntan{gbxG5!j=Q>$56KAi1>hN~w@uQNCtv&)t z9E(GX?&bHe=5v7Ep7z!-%i4~GHu2oVSfltwa>&}d7CG7|T;4KB*iHTC%{#DY7t@v= ztkO~Fq_+qOinc}BpZ)0x>ST&(OQ@BWHmT`ZEf)OL^y1s!gCc(Nm-W3PxdL5cC$o*V zdpe7qPMJl%0s;cUVaZ5-A6Y2v2_o;PwETu)R&)UlGLal4USRLGMhDxc$ z+vl(L64s7=#gFEXJbTxcI}#0HQsxUECQqUhFnwCy@{+xyNHm=2_@zsEDtZ);y$R&~@#LnJ`^6Ubkk`!aS8Xx=NaH`ji3(7_Px?%(Fbps@= zM8g!Z^GO*eQL5^%^Y*aH*@IppOr-2JJ)@^>b$XsIOn;vx)1?^t7nxW!`{m}oAEJ0lmr zA5U??_Gk*0fl+j+Pk$aFcN@+*LI6*luESckPrZq@i{8<2LWRh;!KSPPsukp${gD_1 zH0d!|i&gLd7|kw(^rrXp&oN+**Wg0HS?%m#NABPgpV?~nPTV0{MQDidDRvI7#4>_3 z3EB{`uY-xj!3X=2ZwF4u3A``7gXZzorf?}=873A$Ivf)gizj;E4WM@Xz5Psk1G_N0 zlH6oy+vN}>!)}LH)w;L||C6D95xhsw#8>F_cb3`!B z=*T`VWy!AxlgW7UFzU^h=WzWcX{@rV%dp~BHnVd)8J}T)uxVVmrFEb6uXv8IB=&QZ zq-unjLo$5IQD0qNoL^q_;B;R~6IkgU9Gs%c#4m#MyawiM{2?N@ZWTrO{|7yl=K9TuY{M(;%%m;_GZG-0+q~kqLp!GR!qZ zXdL6&Tmi~vkB{+v*c~-xW{=d?uJ#Qsz)9S-ugk(Be1!E_2yt250j2z%z_mv4LfY1T#SK}#9x@>7h2r{v< z=`7J7CP6MB1mJvxejo`>M?gbF+|o-UtW_$zhn;mKwl*!hy$Mg(y8-NKgRt4jf}qP+ zucD{o*}(o59EJ;B>=VG3Cuh)IEvkAjY z3$S(&+s05~k5mdeY(hR6|E5F}zko`$U(OCFNhDpftdN!*D4;HPxx7FQCG#{`9; zoeS{sNJe+?oV%mFh7Hm`uf0c}pYi3A?3DHrHjCYv-Sytv8{Kd3dlqE7ft*a75}<5= z;_m`7kJfi_&&%6C@j~T#JiZom979_1Jm9o;Eyak{EOa(NjWU!|_HM8z-bP7Fj`aSn zK>Sjo{Y)N(j4brJe*i5Aw^t(-K`S$?@BZ}d+b_RedITlx;PUYO;DQ%g{K_oQA$5z=5V;Y@c5{uZKQ=hL9kc z3U*q>xH@gF)~09NRmLHnC?6t+QXn&W3R6gmwdwe1%jk3wDJ>MG`l&X}LsP=%HA8uO zp=b7?1S=2EAF$Shgi}}E0YwhqLxdUh&m`Qs(m>(|wjOMr4k1Ku zpAQbjm}cDBpuF-BqVWheHEkvFu7b|))Cu0MZ1U=v5tD*VK7=S&!RX6LXrMqvS_-P) zw#n3iY?%3Z45udgL`(xDag^)LyumhVyJUx<*faFyQ(s@#!Xaw6Q6Pg@>F$C4zoEL0 z2R4iF%7|n5Tc~-XNrX%VeP3V4bxK)c6K0n7*>njKP^`v4b2A;xrV@0%`o3F?Klxhp z;1*&?I0abW<6vuw@^{{aBfOwOY~Ir64m5#Op=#+*o3`|IYX*?(SalYM3XiM6YgOZr~a?oNDO`t^Jx$|(M zbiG-?qEcwRlv)ta;R=WpA)Bms#wO-1KvkGDj$1jGdr@*5jmsupxgZ@7oTKrC+v$!; zMp!X4caK+q4I{BTJ?|}~{Y!wBnn(&EO2lM^ zyCGB*upWZ0ooe|y62{Lf5ZB1Q%Ki%B^xs>`D}Jgx9F?tNP?3m1QtBRWe;Cp1gn!toXwfRZ z#{x#R)gXaT?p8I#P>Y#X<`xx*=)(PA;@2PhJ9dS`G{-F1^ zBGwP4-p0o$nsGATgufTB%^~M4inrok-GtsoyLbPT_B7Qu2`d*~7cXTa-M<1Gk;)7y8tBPbG+1cH#C*{E^eQ7DqI^O}kM6NR`SAZReRPLY#S*3>HZrA2}RC|bBO_NwLE>xl4)1P|oL zVJd}p13zAb{AHEQqid>75Wk^b60Ai*n3|r9QEOB2PbHnqpBX~MbKyrYrQ%*dSnRj( z_2?b!aUF{F zwm|MF2w-o~8UpXho5i($j9Z(I06zLVl^ny-RPzB2(mHM;nK0FGz4O<5|91E8y|2>m zXbx8e%!*wFO_F5R0~F@K33ha&y$b`{23jYLI~Uq3*)iPS7ar}1TmNxl|BFkT2VZ2Q znv}*y!zu#TF)ph-(qIlZl7+v|U3ourq_x9BPE{qg64% zp|Lt{*}pRR;Ku}x@~}kd$;ARl51}{t{R0k`?6<Lp5j8 ztHOoEG^GiSC_1VlUp;-kStLi?`F{XP5KtQP=$lQNUOv5tkRhCE-}~Fbly+3$*{#I| znMS|^*suoB)B~?FyYtG!reF-*^Dy9YgqHD-3NPLUS|#Z!KfUN9kV$RAM;*qopw#&8 zPdx-^_{9-8>2}gmB!qBU4b}k}XOiyjJ=8L94SB&)GE{SHu2Ua_co=QKT$t?OtRNVH zfXU?$F}HZMDa{KbksWV6tI%~QsTPPyw^c5*{_%r8m$zD{NC4dgW+ z9E*u#Gt-A_+ zTX-KpxvMIAXsl-m)|)OQV0VPZL(A31#|3tY5=UZ|MZ-O5ORSvUaA ze$O4!|Fa-9{!%OowXGv4?~t}*cKJ8wY6V=!oPc8>b>2+^7qwwLb1M3 zPZBuT7tsOG5S3+c5`wEV&lo5m+8kEZ9K*D5hjKWDFL3wKc(gKvr;Rlb5wy)%raP-! zO_9Nb2Z(~jF};$U6Nv+s;~Zm|$O2rp0r5ew4`dxV^U5~JPJ<2`!~sY;SuP8Bs+T>G zj3G<^WV!-29iM8ue3AGYk7~(>s@c_8JJ(|_TK@i1EV!Cbx1x@_K$p@2{D{DSs zcz>Dl6BXTJ1)OOqi_#aOQh2F~P;J+`!YMVm5&QLf~+Ow6q^_nK_V4 zuP=}KXr;SeH>QqhxfL%nhl%iBDW2PpU_8w06T8rIM;ysW97FO1LKcxeHsmc~r#L2> zp*dn&=A^T=vGc4m7=1uBgVoNRz0uz2PL!w`51@hUWHSD!n#^n7a(gz2{`!UPYgpVZ zU9HGoMD@#4t#-tFij<@bfJkUoSixM-Riv!L%2Jwk>?8sqCo^Iv3>&BdIUc2l%y!!( z_V5W$M*;**$_q?R%kg=4#GQY*FM5WrHjAIE^;@@kf@uhCx-;-oo!SiKjI%HN({FHc z_afJ;ds`C-y0Fkcz^;Q$A#o5zRpJeSFd9kG$BDKrGV*!P`3#}X(Wdd?B*~{ zpAW}*J0(;3GsE@#A!D~wkYt^L7YiA41uL0|kTG->evUy?PCKQIa(^E)0emhGFZ5D& zjn~s9EO(OB`TD9j`Hq#B6IHUTLTEH=VvzpD{Vb%I)PD>z=3%Xs$5?vW2V{Xf?!5AW z5+~;d>PN3M3hW|mGsa0acUL@5w1}$q96QL{g$6^3xgr*1e2T3d73@X6;cSpU2|XCP zutmTeic2Xz2KJmfYMcm0dm^Zwg^A@HPLQZ#1*5&hlUjJ`$l`CqCp7aU{kgPIq8qlS z&NEUwqkq10Ds>0g?$rAYum|n#qTrI?ZYjzD6p!a}6s0oBJ51W7rLEsHY*#d%gj0h9w(Fd(!bZ`dQ+G6TFFv-()BTuhQ8YHL6SD#BYHX$G<+v^m2pL9Mb+ei{2&d8qNCy(b$xPxoJc zx5=zgrL&G9-a){I!fSn5?!97tO1_9drLg*m^z7pJoOM4EUwq_NyC`!eFZB*svC{gM zDVfTdj|R<98Uj+=r@GN(JH?(>LrOolFkF|ZR0^{KO)*_at-o+#bSC*#7gLSK3&K^o z?gkWWA!*uGO+N`03DMohGyTVn-6dzdel}IFl&`X8a!tWSEuTCt-3TphHMq&VS1s*k zMeVeFIy3l4zpYvOn>6IfN2p@W++?kOpyC9@ar~^6wxiolJ|#uErPM-9KGQs-Qd1jI zoV9JzD_;jA0uvYcKMg$&XSq-kw^Ui*Gs}wqi>h!C4;tFOU_Hpm-o|9oztZ2^8~%u( zTU1OyIL+LjSm_L#U9gh0kE3>Io|1(zw9MIHyY)(=Yxmx)#-XE4SX(HOaNTx)wMW z#pCV48C=18;8P$ueGuN{*P>}jsxurw2a<+L`W-a+hya}dIqlK3BT!GChpdpPm2|zF zu=G}J5kNRg<+qU6mnhf;WR7CM;&2LtqO-f^F|BwtujViZ0BW>IIdY~0GLtDEi*`Sv zaN25u(-EMSOgCrg`8R0B%|~`%W?3cXxr; zmY-Z6XolQoeQx+3%H2M@JWwjj>^XdM+MoRm>QTpULUDqbLp}B~2JvGIxbmqT%p5lk zhXPQYZyt8KP4Mv2hlGV^a4CbWe@SMykV~hFSwnxA zG(Hrv&sO?d7%HwHpIm5A9FFX;ghn|nWKa2%(6AtkY-x`Og=T*$6v>hpK|dh(As^{U zZQvszn44mr{-%T1`@-PdBZUXLlkfy#KH7RmcSQ)s{&c{bHhcC;Itm^zZO$wS>Z5QV z%V7LmH2e4`m!yA52bnU8O_l0=H0i6)eA+2mv%>O+i&)8vvlZNkEY6oN;Sq z66NP`-l_1@D`X%SHcYf2-{_0W*qeRb@%DSZ7o;F%f0YWdOoEi>X(@ z;a*$|xxyY;sIBZb=cjM#8U{?%muO6+Tg)&e0xoQSCGRD?$q_v~E)c!s8*nW%zl^`MMM>Q&{hiPwkPPjBMVIF+FO7(Hg+ue?iC==hDZm^i+Pio1djblm z!RH2xU77bk6F7!U!K_&x{geKYDNCs(q1Ja%BdiKq)<}mq`A^TzFRr54Njsj9Rvh{q z!3+7crAw39Y9!U>-i>F~d?N$lY?jwBrl&Cx{nE!|{y{~FL?%1}WvQ@aJAY*7&Xn1W zo~+nMLNjyzLi9^Q7HrctChsnppdVD+Uiam=W1UK50!u){K7DjL==`|3offrCqXa;d zaFUEj7|c{pG7@00cil-jpRUPR1mgzT6pws&rUGccew^E-{-uhEYch`X_C(839;oI>;Y6rzepw#q4 z68pr~fW(ODyJbC7dj4>91rh+nKG^#yF74?dcNP@8E0B~7#cyK7J3}J^iv1WfQjcXr9UAg*^A1U z0gZ(D)^$@!n_pdd`{-!!0RbW;j69Ut5Lhe7SN5nJwd}I@6Z%{Eb=P}dYUn!ahlg#! zQVDc4yFPJ6g+!T$LBIJR=3G^P@qUq(1L1nX=FeDcu1MT45CkopZV^ z)G`^UMCoiDw@+0O#0Y!XDUuMURyG|4eE?p#c!bmv{>3sx-UB*bT#%}3KrsP~c;Ewk z2oW1`;)vjf;Ej))(I2)RIBy2HujKUfs@#oiFRn#=pCdMBLT{PO-x7$F zh-fl8>K14M|AV^^k}hX*8m+KneCY;~vVA|dsN60JbXOsb&k*ckM=sf{M69b$*h?-0 z-DEWf5mP(Qc6PRq4${B41hvECr7kp$GDaL$$Tnn!EKZPrk!!#Sut@|9ag>Zq6g&_P zs-en6wAe)=&PNLc*pKXMtExuj#smWIaJNm@Fw3F01;uM^F6x9gZf*JYZRg7(x--*VeNT#guu>`?H7A2B0Jg52`1pezC|FWpB%L@UIm%#QAr!gqb`Yg#jAcvWDAw1XJpFFt&5ND=$FDbDZa&-J zc=3E=TSFVue&mq3Kmh$!I%Q&oPBsx);c21l0*Lv1v>%cUmO&u$kL&Y?l&Ur*KfYCmWCs6ISF5xA;`#DJk!BqaJjnE?d-9zdb zu2M22@cwbq|El$oP-|_e^ANG}0BkgFH$-pMbR*U*bb=$F&P}AfI0WA2i}|fi%C#nh z?aW|i8_iI%Rut9U9EdoozyGcz(re*pxQX6PQ&m*0Qi2ic>p+dI#h10;G--12h8psqxh%#I71%;2aZIq%zc0O=U4bHPKI_YZ3zqfj79g zaI8pFb;lw1DkgcmTxRN6X2J*apaW$Y99QDCBJQqPV!pKpc}`f*tkfaVe>%A(@H6 zRoey09WZl}Z8TRUW89WO33)Sw!XnV291JiDt0~_lw7x=EA`r5Kl|~@!!1C`9ut`P` zI5-tUiZz5;^<2#6zBW?4c_-E+P#2S|I}yv0y_m_^3<PX@>R%Tv210T`yr zyv6r8xv^Dm(tAXPZ!mFBW}{yz{Z2UhkB&5Qdusq1*nD!P&GOSClz$ov1TnLT)rrBK zo(`;}49XUXUz{B%TgmGj91+=Me%bs*H8JPpcPvK<9HA>NH|*Y`htgK4KFoiyINZ14k&?g825`|2h<(PlMKzScny*NSfu<%@6AIe38ze3(9#5NaiJ#T(MU;!)FR zK$mhf_M0EmIr|a~PU`l{@Pra7Y3TN+n+^e>`Y>OOLD+%aG<$@;kaE<1>onuDCGy!` z?AgBo-^%2!dGJ3T^%g`9=b#?R1(PfE;L|q6&u69E#O7MAKbUbS($`OFGB|_&YajMz zcThv*Hp}BILD@1~+1jzhrc=J2|G*isC=P7h5hB8V5_nD>{@Y_G&LF zSW~<#GPE=!l5Q+k;gFYMo0JO6vw&-%m9ZO7c5|zO!Nea+y&vpCNiK_KT3$x7Me`|e z1IrCc)480PQFvQMVxyIz549s|O82Pt0~%&TMMU>tZRk(z4(#yc_*5&#?!F~mf#zDt zDO=Rh7x^t@Mfm{8ZZfAshE&*p4=*cOMsZ%Vh#eJ0TQ38t{r3vBj$=ZAssShZdH#w$ zBsf#)g!@?k`EdHgSz9Sa831fa-a&OkF@sl=A#Tr%2*CL~N^vdcKvjIv$yNKtX|D7g z`i0oW{9ug5>Xlfu&A9BITc?~A^1|UIF7zE#I<>BV*y&V#(T@MY2-DnA&FsP>Oi|=$ znRaT+*Fy^1y-q_E?#dL!m72~DcZ$wfPg6&-F7HZa!zZ^z~H??1iRIRi4k=w;n@*k z_05))dPxSoJcsRVFmue}Lk>B|mlzSN+j~vW{y~V$PwrG5+iQB*?INi)y9+k zCvSe(a@eA<=$NwB%F*T7c`J0QpL6K>zkmJe)z1Fb#^!%)d>?jMX2EVI z?^!Y%XB~zn-0aQQPg$I2>-DRDf4Yf34PDq7E~w(xLHPe0uGwt`D8cf2^V#zspN1ZQ za7;c#5!lu*IfwF70Z8`krye9wvp0f>!23*MNGeG1Kq!a*kHHm>mYob@#qh8bC>3lb z(9A%<;1YCpi*gDlq?#z|JbFjEiI5&%GKU8jVf4r)RKG$#vQkhd>;)&SHog9E==5(Tr<}=00o06<`;%wkcfOuoz3sa)}r^}(R z6po_E2PUlO>%?mBQjCKE-TIcX#1coePX%arpp1Q!^h> zM4b}&5Gx({P7}jaA0>h`Y#Xe2Nvy&qSvEG8_(jbc^AnS-BnDZ)XeREvnhZjFgObJq zPr5GbSGqdRE+HtPknk8cf{c$59tQ6~AgVZA@F!*G)$1Ty7dOHV$0eH((b*vnyqjL& zVw$7P@KQO%aQXvF^~hZ$yzNaYYT9SasPkQ6h->JL!EGOg0`5SGUV+^!}H6OQ`r;<9%z2ql2*5#ZS6mO^@3&(Ih4QzrcMwSB!jOqX-TZe`Vj9& z8O^{YGEn@ECA6&;<9g!S9cuOFX6fkB4ak8=R#d$nAb0-f3)y)SKRdX)B6HxEh>x@T z0#Xtj+K&pvk7zEAdrAdPTY2d86ykF;M+?CfBTbB|_4d2IwaEpHDY<(qVYk*gcwOx8 z-R{|Nv~qrOjsUc;zv*xneti0R`}wPv`_G@Gw9wisTTTL*_TB(0=MVu0M+lL+Ov-h4 zcaUI!7;dI=1SbtbBwY9I^gp1)K6x4Hi%+a{__M9h6ln>`bYe_c!p>6i{-d#4vL@1a zhbys3ut;*f6tK1!fogzA4J}820_V4KaXPh-QT1V9w`lbqAHrV@{fVp!^gUiNQ@&)e z6LOF0=y9`iey7YNj=}<Lcv2zN-jv|cP5dMi z8-*bp)mrfhTysg z!cZt5^m@RE53ev)m@`w!r(kR}xKYA#F(naoDt4_}k%o9*3@7A|GY`53h#gErPF?vb za#E#yn7aAjOYVf+-vn@OhSP`EY$8r@{tahT$U`P1k7CF zApTe3?E-q8kF1Q5OFc+w;BUMCHF^t{zEG-i2)ZCa3*sW@I2?haVTz)6zO4hxqd?sI0I=kvFcSjbx`z8}CYS$bz5Zxd6Lqr!aopr`QrZadc#ufTS=mRO|&Q*2+PDIy}UMtOjvh z*rG&^y9aVb9D$k&*C8v$_N>)XaS1~WYAa^&^XJDe2e=RYDBw6!&SOB2BRmvtiWJQ2 zpm+c7B5b4 zL|zQfhG4~bnsm*ZU0%nRy+vC*yO|9B`*MhMzU`?Ln~(EZd6>LPKT!lpUMiYQ$8WSs zSlR_J03G8++Ceh)t}eH;vGp9s`Tbyo%tD<{XM6iqr;qIiWdAP6v)Umx@K59&BF54_ zz-1(o={3~}$c-ZaM}mgp#q**7dONPsF%R1!vJR)u88V<(6P4GeR3jmJsJiA?j&PcW zI?N0c$9LbRX|3Mj;BCGIaUMJuac}*m3B*VlTGgkQLD%!6pZWIvO~^yK#q6 z!2%9q6KCEz2&R6 zf(+#;oP#HQ=$E{mCPoJzL$W&|rvh;UHRW&CJ9yN8f#WeVyMKy9`VoN_9bS!d+WF&D z*d5@TESJE*c^+WhAjV+>ce^qj==|A3Y1w_du(YaFB+9V9xK%KXi0b(~mpkXmkIcG} z9J)Dop1rFT>*ibEKV_+GnfOzUes#w3^APShFA z889BqX21|wNs~Nm?|OvKK26R`v#eBF`S|TF?rfh0bO%HA4>TEn^^WKrE`ljiDPs|AH#kF< z{KR9^&{2MDBx-&ivy^-6;8THVW-6!bvl z(08Ysf2JoRIYcvFGSo( zOh|x~cKM1IvyM~-hh!(O6HZW03)rlWB3VG+#2hcSmJFl5hKPQU6*jPts*naMlC6}Z z2(Ojt$mFYg7J~aDa^OB1jNwoSD|}4>b(a#4mL-4|xLAV(ZmrM>*L@8lOcB=&4WG;# zLDvFt2;9*mCNl*|BrGWtbHTdE5PP+3k3rN?*)?wXm6-e+ zd114JEQ}Ddczk*IesFPJ3>GXS-p0>Ak;J$5l~eh!Pq!)@)gwTVjg_KT;4kG?pmkkN zMqtTN{j!+3LjRJds(R@`P3TySE-GB0GUUAy{dS-WbTj_k0n>A>8VQKmLGSdW913xK zb#Fv9!#!V@Qn-+s1@s!%im8yI?vLnONk;>y+wrj1;^i-?vUI0ml2IFi>rK%Z8lX?{ zD;Q*CVQSCuA#vD!>p=$YycxY8jX#b$lEaGmBGz2Nk$_I67VW0&bD>?V_MxhRj**8* zRoi)y>)VORiFGl!oi!L#tH37+bbUEap_=T~l8SbuQZq!l2GdHngP)v_M6~M#@0$t& zOc$1VkxRH>8BEX_EX@oNgrK#EVUeFV#(^Qzv%RyqN_$v~pCJcrL+qpe@s`QT_Hi7b zh4Y0eVXJ*KjvS0AacDJHsK-VRxd;ZZ^oe0*-u;YS8&#m2qqO+L44cFFnbv@vw3u+{R9JHw!DZS-6|3-{!Tg2(U8;nx4k<^JBQ<8* zYwavfibqojb;b2gJNWbw+;b3Y_g0~b;X;f(4z$LoEuJWqxY`zRArf!x8fL-0`$lNB z8J@HwPCjmxcpoE$MsAd6Yy}laks!ll(t!s zWrvCj)}?T}HZZo~!u)WAewm44RcHp&QZ|{b*Ux`MyyVKxtN(cV62ztsBd<3Lw`t9@ ztA%ouB02X=Jd_whg+X`l#=GR*_t1KjDSwrSV5B8tb%g-gK?v)cv4@Gjo?~ra(Dw*;*5KbB z?E77(<%%(}?z-5i%IT3eWXP~lP$~M!93?Q;+{+OOO}uQS@b(dursKN-OH72CKLjbo zgzsqdK{#HGAjGyK)GF205CGBQB;Pd}irYe|kSGnA^Ao*(lTd7$PN}A*Zk)F7)V-GF zvaq_?<2T=PkFGaKu!**z$loJfja1Re>TZp#17wi~5M>j>j+_W4!kEcnEy(jMiVzUe&BC^dh!`;|#CN6!EDpBSo6 z)g1G{@eWZ`d*8uhIi6eNgw4APw5+FcP>)KPIxyl+i4gK27#Zofrnue^@3c;Wf=;sP2nJ4Q-NYl zwak4P4^%S#ln3G(fjx8G+4d}pBQIl{F?kJEcm(YmgcZxSN7suQGBRSYM;E>g3>9p? ze#$<}_lI8>Ptb{B-}<^*v+`xR#ZRIb6eS`FwnfR}gcOw^heu?GQgJ0A)sh9Ha8(; zIxN4tt8$j|DBHD_hXc7+5$PP@85$Gtt`mFIg)0VwR*f$&5TaD_&PGKSQwNPLth^e_ z>G(E%JALAqWtGflJ!yEX3n9QWnhwo6l>0+NZ)qQh# zI>h7s#0!bmaGx_b1#*PBD8eer2u$v0z*IKg?SiW?)MkIk*e`JcyRfD2Yj8MPcJ^M3 z-wh9w8f8x{>=wRkos6C^37ZhnFb;=!F_`|66T-soQ><@=YB^G`XH6Z{XY{-dHeyU zouk$CVw8rSb{HSTkcpE%tCXKi1_+UmIIyW2oOD^`1n#X$tOe{2nXHYl906!Q9=jlS zuepT)C-dw;vU0~Gu~F3zaX${BHdahBUnmMwA;$1%cr@DU`gzBuVw-!&A3VESl5mm( zp1I=E?IoO!#w0k=imxEC;0##NbMALW#!%J_@IBrdKW+p z$wcH$YH6?QA%P8?4}$4ld%C&WkUoVoIMEmnFGq*HSQqpj?k*7!<^k&TqbUo;Pov%= zpa5klJ6VoT$SlSp@^q_wLWOq&^HbKyFIy-5F2ZymWi`3WW|vF)mX+6@^kyi2`-0aN zS*IXujbmhJBby*Z_~aG+lF6lP{NJApGe1EfwcfAUJfJeAgn9Yj<@j2jN~(R@6teCTvS-B$=5I@G4E9<$Mw?LG)qe9WpI-I+(1p z#VSb-RM zyXZ(sk@3OtrDz*R@CjZ)VAsn8*-MSkQ;Ivbk-{QE(npv|^lf5=GNwSn1Beyz!dhdmU{r6BeJ?v;n0D<> zLF{%-Czvm)uv2W<*MAgFB8W?g$(l3k`1rwin_otrY(qMQ77{;ePjVEc#nKrQw1~$h z9Z)Gq4NiJ07@J9uxZZZ_}bGXw5oBRZRqomA@8XmN~k*lfC`=ilNvZ{#>>TqEUU0UqOEY#SUz^2dS zGdziG+A2;_gN+X@9X&Btpny13Bi!PgJfj^p`4yxhUPuTin^i+G5#A_K{6aq>bBEv1 zyb`$6+UqPFEie4(_2<8Q78-swKPO>3;elLD9ex9CIqQDag4x%mD~HC5H((UZMjV)7 zh0P^s>NI|edPozY<8FvCI!_()<*T zNh$HA0QbRgRKj=onIGX3LQL2IWg$3+68H-EI311D_$+(*nHXM%dX;eYMuneCNd*Nc zf^%9{#({_UD_{xM4Es-S1a~Sw;Vk6-632f&l^%(r)3NY}{sqwP)`*A!5)30)K*utS zD$wS4KeZmM;6EBe#*co1PiCH#8Iq_kK6{)zSeb9_{j~J@?)*|~@$RE}d@E66^N;3! zX9g&OgoRwxZ9_-^4#y`8pwsev?>_ECS_;2Cz|O_6gUbA5W~tkAUy4Ocn8eaG(>OS| zej2o?=&W@zv2xkoPo0H-;)u0z_paW$%d584!6cyP=}^97BrippnerSAhA_vR!VTAb zH9F1E|K3cA_|m;1I&vNZ%4zDkki6*#_3Rj9d>B3{{^%)7(aD!6#eu{Lp$mlcSkF`a@Zz^!Mv@pDwKNQ6hzR3;KmDn98hVIkbHFE@EJ^%pPOgM zc?^lW?nC)nqTg@`kh$Kf+%1%SQ`{B?fEg*=vt}fE6f%8x@w;yH}_$g&V|HcBN9wh&xgru>%^@hAF#6AVjLQ41u6fui=sUK466??j}prPJs-;i0Pu ztvFA-Llulu_+hf|_<(YuUN6S2mrI~q0gqV|KuDZv^u;{j46yf&F)DoZkNT`x051JtO1c(FHbA{Yq!Jp^T(-7OW4X3;-BG z0SAiOFnOg0dq|LJdc!=WBt6H;%t;p``iGB*_yC+JUiOgqPAIVIkPnZj4@$mC3%h{F zJKAF}UXBzeR{>@x5zAGCOW6f?bi#y^Vdln>!w@OTj@6&4qkVt15iS~s>rfwJ6gkal zKQvY+zat3I*IWpRKmWA1y7~Ii4_liHd-orF@fz3K?$J&EXdhJs`;)S0NqQ?avm4$J^s>^63`p8VZ6wh^y|x~CY>TukM>=3Qzz>9C8;sqw*S?CExJgh*iaA3o)K62o=Q;Zlh4xk#{^x74 z1H=Vcb2$;?%j09n6V$PBdiCq5^-x2EZQ-A@k|&@t9{58(8cq)DiL>}v`UV66LCh%=Esm>9R-zNSLzE4pn_jd_f#dL z1c!F3w|Kk=e>cWhI7CWBcZmT|3td!@?v3Xc8-GKfWZW5 zNPrZ31iL`ZG!*9HUgDQzuc)U53a{YCqh$4_yz$U`Vtf36$~&-40a@z%MO{Or#fP>&qm#MM7eIDcDN{93*jL90m>}`xP;?@8=}$=!z4h#5KF;=V_;0@ zr{!7 zLWkaFMP?EPQ8|}%A|VWsg+mf(+tUTyKjA0V9=*gl9f5$85sP4s_(g;|>1 zAQqs0i$*h&?-|`dvJQn7NNsO+X@)XsrQE;JK!fU%E^S`grR=fprgUpBr}mt*DLRjc z5{H*=Z5hFfa)Eona7W0bxu+w*UZXIu=)mj{vUqHu?vmN$BQXR@Mcs z;X@*qleO>Q`7rkDdsT42rQb>Fi#HOcm+ep#1JkV%_Ci)Z1R5~T62R&(fD80~0S0J0 zFlcdr;}ZA{`cos=@OxyRCxb7Q&Z30Laq4-(gx0o@t^ zl(9v!1NJ%xzdel2!U?M#k5JW5R2BeW_19!p4&pn31cegt@l))e4Xq?_0Ah5X}Q zKDeid^T-s@4m<*pm#5+w%v!e@6i~Mbj8)*rc}JjWVA6yK?tDC2SmqDT zCbEgn;yzM%<+1Vp&7yn&F#v=VJ1jz2gS>r=4aFG;QuN=Gn*(QND)j8)@x@ zM@Z=BjVAWxZ725SZ=V>1W-*%rjc9vtBTZ%iYw^u0ujp30S<8xm;sRAQGYMwY+SG8E z)qo*fv$8dIKz%bJ!3i%gujc*5<;7*mgQ@RDWi3U#*o8jj_Y!!%B!5dUw&aC}TzZrM zFxOzPnqcU4dx%<;(6^omqh|UPMNzP zBYSD6R@t>r|GWMeBbRITplli zsP#H$tg`!bV{;dC`RnTDhFm=L{mYk|>#Hve%dKt&3Q(eE)BeD)WknJ|Bx@w=4>8eH zUSR*C++YaDxLBy9G;1C7W*2ABQ3rA$Tz`EiRy`ygFwPyEjB(7eN_-7Vov1~ujZYO! zLgCqfdQq=uqWeUUk(VTqH|s>4;DEqM)MZHpYDWPxXj5{tkYo0)mUmzldknu62|2dV zhY3P76eFa(fsID_C^1H^sOSWb;glW!iwfOt!wz88yD1ECSw4y}wdp@Od9XC4?Mvxbr}Zkl%2&}0!M z0_0cyIs=0cGW%RT5x?5qiS02BF)cyjHiPbEsbmxnaJiFEK+wSQFyM5F%6|x-b-plM zAw{WR)VlVD6~y4S^$aTg7`67=?X}HSl!RzQJ<*3)`8PA=NyWupo12Ya8oX(38|H8{ z37Y{TEo6&g@khUEpzz&o_mBj=zXf%=KkoUz8`M%6o~Qo1?cU+#XpDIFCs2MRWqJee zJII|b-uq+!*W7D#xC#@;Oa%~-RKWE_#CDn z+`_OdO;F~Zy+@&A-;5YKmIedKh3A}YIad*oBb40#iXM>|IK+h`b8t!{QztZ8r}R&~ zP*O_bUMQ$I6I#SF@bV!y$acoT%Ew_p>W4|bs-1=}-OR?05@Enk3ht<>*)Xc|;tq_s zR>R-m`javavT72l_@~^K5_^+21z%f8E}~00n^9XXeH! zzVz7i^cdw$!bWYuOF~U)Wu-s<8?br!jv_BtjJrHB1y|IYqce=!SlVeU{SVE3D=5Xv z3e@Dzd9MWl>Xg+j(rF3@3T2NfJvSCcN7Fk^maIqygGCM`NO3kJhBYf8f`tQPfdN}K zy2zh6J0zK?`$eXA*nzWMobV(g-YX@`1p5rw2{?m1Ih9Inot&poaH^01CY$Der8|6>sd?28OP9Fgs4wL2m6MNc7-aylkX*e@aHM7SvSO=y`BnI}$J3e@F(>z)I7 zJ&-7@Tgh7_P!;m#%ms&xuJ*RoR+dJ*iQ-tdcC1%8thS|yD z(s&2n39LSV)_Wy-Dl7#O?tuu9BO1xYVn{!kDDvtgP((Wn-)TPBa_S21RDMl8Zb?lpxq$ni- zitHGighyo(Ng0p@13K>t zA975M#zYrt=>bNzQJ~{Of)vfzhnLB9F2YA7?2s#m@HHq$}mK_HZgJbb+e{_i&9(vuADLsgw;GOb~4Jh>Qq0%F3`;B-YVX!5t z(gVzD6eoxZWJF?T&^f(ACc&&y+>;RkG3ch*ukcWxmTk33OUz_GjD!DnthRhU^{m(|$vRg(n+u zqwT)j{;|EYzO}l&iXT~bVbmAdVdwIIU#R$?SRvfMPVSgGSN4*LAJOz;Kfzq0+g2lr z1kChq5{=Z%Et7-|By>{taTM~6_1|-pA`Hd8^VmMCoD5P$MKT#s@NlYLAv`Ufwd9Oe z`p!?$R5k_68Uk7v4v-3~7JV0Z8JA{BOXL!Q-!`BAc=Z5wJOq|X zkCINSH6$lAxEPi)u|;I8j*cZ#G&rhS!9uL*$F0xCNE`xoGoe_1@mpa!HU&iHU7Ro~ z3)+Y*2`$w{88Vn{Rv}?CnKh6Z9S1}%nxH2j9G4#S1b{`bQ{wWzYm78~R7aNVYQzL; za7vrxOCnUHhkXE62#|q`xgPPELCCmPb8)G;$nx*{flPzwKqO}lkWp?V-l-hPO_fA% z&V$*x07h)f2lJxsFVnVx-{hC11s~t3n0zE$d<8kVnuQTNG>d*Z8BE|})Qam#8pCb7 zzmFMl7D}55&}ErJI`3@GGK4_`JEYP?>=Zj@kdM!F1h6a&gl$#&PFNveKmewg#N(NA|)OoA`3;0zv{vIxb%cZ@Fqqsj$i^#1aQF|%)l?y3dd0rQ%()|t|2@m zZX^ppWz_F)GuBl56AB}=I2qJ8jbv*vnL&j-Wrv#xL9!I4SfL^yO+wc`nA)KN5M%d{ z=a>itzm1k9%PRmZ95$Z)0v(JT%o=_ZRI{G4CzN+-QP_V;c^7A!w5J3+XGAdTF{R$l zo$E;WqVG~O8+N{~EfEIt@#(JU*TCfII~nIhnI(7x<71gBu3k*2xAl#y9vaI$_rU7K zMgm-N8Y*r+3Bwbu(<%sEt8f=m9e_iNmBu7M05qn6$0BJ^>N1Wie1zxAS*gCee~(!) ze93ES_&WcTP9&>F69Q0bCpJcnjlfjccaTRjtFOEv>P$2E&dPd_p#m4AHq`^4_(kNYH z0}|1SHFFrh4uDet3IekJu2M*`2TNWLNF>96W3qan*8@3;X-D_~UHeQ-bmFfJ4OHAB z7&BRN2bgqt@xy3%c|LA6;Yw`mp$ZFA5`TVh@7KF44fqxtOH1;P`WPGYkNDp&4gdAm z{(Bxa9SE5$p*~GmvOYv{nn}}(ixViBieS{b7Nx6;pSX6twH$?K=!O=#CCR%6Qzrb;2jL_jK00&aV=~Hk=6whB$m1wsAd!$Yu=IS0zz{(dY=O?vI)hCFNHGOh1Wa^1H?_jNH*yZ%72;v5UKHT=lJ8)D)Oy+*wP*9HI&zXm9VX6^HYAH4tDUEim5JeH905m9 zS7GQSwC2$YsWH~EWLeNFkCt>+5=4y`bN5$lr+tzcNRrO1C#@Y7b}K@E+6EvFs>`VT z3jDb)pfREs^t}+dRQ*+RF7VG#(GE{22NU{JZmJ%9`SdQ7J#Mtx-YIMdJb?uUP#IwgKvR>f(H@4P zsQ#nE3}arB;A|o6wQsNxIwK3qu+AvVr}j&qAWr>Auj2|kuI}Z+1MM3x1S4bt5mHVY zvdB_$$xLFi2O2shog_yjcX38gn%i6tUYv2DRAI`HsFBz3wr5dc;V7$RJQ`Cue3Vfw zBrJp)jWrStrRIv$D?`s6zN0BWE*BfQ_Rb1B`2n@LkyS(n3`Foe_dqjl1(r4re~V%J(w9 zsfQ7UWf&;|WiYTO)zR!pG~iw(^T&8xp9JbkhjPd!;cB(>fB|vB0ci=_k1|PHp<}6c zt5YS@$DhjSx)vV32|OgUGN+{hdEP>-O=ys8g&Y-rr6}uD!geI$3g5fsRCt%Vc!C`6 zU!~_D@7PJ5w~S}A#It{R+@&w8Jd)lZpjtd&MWlM7Jr=iI1=qw=8;$NI4-|R}$xlj( zAdZoF&>jeKZXyfVVn}3C-6Mmt9aX|OP9RC(iGGo_&VY)mFNmpnlIV`8FpY%d+bnJ= zQUXcEBO8d12-6}sA6JvT;jw5e{n;I8GX?DrenY@JlvRb@;a;5=8H4$3VYHgq72`LF zY_OJTY{EPPu7pb}Z%J9&#F%_4A7a$L28^+AyWOSZQ;Yz;5WtFQ$GC56>$weomk6DN5<5!!1g}Tos?2rmv;@xK%!i?a6(%1D+HKLi_8b^C#|x^%l*52R3$MZ4gy=*nKo=?QdY6mlNB|I} zreMKcd%R$(N3lFWM0tmkS3O-O9fdZIswK23m2O>Ltm#dK*L$3(Sy*I0{23 zA6H~lDX6Q;dph_TmRp=d9hChaRQmTO*Ytl-*MFi@sNupKjdzZE!y_cP+olj_$=Z)NxA6F0 zg3(z9);Bg6dn2e0aZm%@3~UEz>83{CY9A+VzIB8Rc6MaikM8(KPYVZuL``K) zyk4_fZ%E0;e?>BQc$p-Ulh0`$HcE1Xas~n4EPGxsi6^~tI_5>xXyR5CE6E&x2Vs-B zq-{+5$Ct^6f}fH{&gVt6{*;=|_i&{khmd=*@NXrIjFwliHlP#+shNxc6USKif^wj~ z1mduqw5dEgZLE=$Sr%X~tS`O^%dl5*1$=vig4vKw_@`XW=yCwaGjgs)JDJGt65xR+ zG)(hBJlRtB+$%Fs3-*WwyY^@86g<{<<6h(U-qTCD0vRtP+kK^BH|gXnL=E84@T8A> za!}>{`zr;d+(JNFhQMjVP<*kNN|tL=9M? zUKtvo9^;Ad8L4d2L3ysx1;BH5fH?Wi5$Yf`W>;p#r->RSv-I}9LOz$y7v)SICs#hM zJb17~-p%Oyf1tV{E~(4k%S)`ERZdVBn4HaTLj=fqg)da4aBD7lu^Ne-lQ20T55ae5 zu7tYppy6NCN91N~%3dhDxbT)@mj*xL2kZ;TPh~rHO8?lS75IPQlIo3q(W`Oh_s4hj zjt3g#7w^um@UO>qi^8w{vuqf3kI@tsL`__7e9{@O;vyS}U#u06bUT(xf)9d)c?FFe z(H0)oT!iOM?=?o9cfgJ=YAz$xCwScuj8OODfw*LZqw=I)3=fA|cUlM2V=XpLxl#P& z@?aq}BgeZDu=3k4==;{fAJ7*;J)d13JQ<#$65x2dciemL_rUAWytcFnh<+{wP>HqJ zCWW8C#BxR$2}u`hwB?3bdgVb`8o%N8Hi50?&GUxRo&16`j_ziOs>JR9Li`NGk5A&w z8kFynPXi?7i>0OHoBOZ%EPW!qC>$-sRzZ*cX#9lDjrAEaV#7-oyT^_NP{43)Vg zm6AzjJTYY~Zo%e)(gE*-)6&yixM+U&)9;AA%|?SbT+9tSC`E;ISV>zG_-3b3ZN9)+ zy&eygFvaJ{5BzqrC!Wz2+p7rRM?D^diDw4osmt@#9}8bc@fTQ#vot)>=VF9wGci2~ z*N|uppdMhRC$eLuEHoK8pC@pA+c#-0_%OiIIYo zJ9ltJ>bEmKc{&{FVF7Mdm<4h5_UDR3>e0O1FJmF399rNOZt0ejlCCcVHEFaf^;+To z!l@%}>LT>^Of=9e+c}tWq&PW5B0S`YDjt5tu^>?cdOOCWgC=D&hB6)LU5(+Yd&(m$%MYq97b!>9 zc+ak#hS)H&!FlC&z%AHZ^~yaQM0IO1&zwbn1>x?@#TDQRJaApG@qhMSlK&2^oNh#DP7GAIUUI;G0n+^7m0lC& z_1uX|Dh|LCEph@I?KM$QRbt>#z>CBVVPW;{Tq3h}LVHp^X%TKJlsq8MYc2v*49~H{ z$`#m;k!aXVF=+zjX6z8SHR=3E-iKim>;UDtX7Mg8<zTQI)2+Jo!Zq+4(gmzlU=!p9++Enhyy6E=y4AKo+74`3^d>C#gq#~ zdP)$<5K0;>E*4wLCbv2AO6BCU^h}G{CLdQRid?@uX>lwSjoc(%U^wKQa6vM{qvV|E zN%r#l=@Mn+h+7j?nw!CjMuh*r2^c%A1IMN7f61(?oPw2IBnb=taU6?$o9)G9z5ZYb}zRN&=3nWe;g{n%$sWFYpX2#nZirOl=a{@$iEKbTQEa>Vj8CMs>qmh|4lit8=~pzGp1HH zlzY)1NRq^a7J%((=V0NmZ=ES)1&34u6%mhOwW4;N3>pWXE`S$;dMbb`wbK+6#p^F# zf73|PYzT|n&8isfL)3!WS@DcbC7L$XPeC>RofHC>84Ck2?NH!2?r2Z~3dCxNr~~(= zWJTy6^JFz2Ys})F;OG`pQ=IPZJ$Oyx7BU?kQ{s$YT51TwK2XDURi#byTisNu`q1MU z)gp(&1Xa7+JLNK{@GED!jn=n)Tyye}3^D8)mFjPo zSbf3XBvpN{_ zUNMoK8n~KkJbpJEbzQWa*Y?o#N+x-Xsyi zszlTVMWs%}Y~&bZL)shzdFd@0ylpktUOwM?DK~#??5uu|Ech4eyMKGR{TD6md8_se zL_uxP{#j22`AF(g()z7mO%dvwLR@R;E$9&gaQ04aMz?>H{$W28Yh zzed7CRE$XiPJ$Upe7vxr=_X9`M891?4jVk^3k#Ul0^mo29DLG*Cy|%wYjB83xPoQv zLg|FkVdXzR`;Lq7_mC5FUv?`_cSk zxrLJAYrqi)M2Nj6WX-z{3bp`{!uj9F6^2+Jqm{9gq{-!Z7nh&l)j7gFdfqZ`Gp(EB zLwpOuH^hv#@^qOH0xj4)<#h@LiTuV{R6I&TP+UxP_$mPKH}?m;%dg&!*E?8M)P$mE zC@Dwz;SQ0{5K-M9S`^XlG z^VLoDyy~)obneTZh*q%zc8Xy(bcP&=^}|jtEZC|QD?S_lh7IIgxd-Icx7xVq%Pe73 zQoSQwvU#%IJ9;_dj$K3lVpI~6S>rF~806v#_t=bCOIgL&oK)KEQKJ6v4F=nQ$J&M> zngQ9+pRg^VtEuru5>-13M~o2q`OD>B=Ojvq%|)NjhbGaKa3|7$gAr~`qu5xUek6VW zgj*{Ye!&m>i|^+j@shzgOU)z!$T|i5tt%w%yJ(IG)Z_RYCw&8gs1xD<84VQfs_$e3 zdrPtLh8<%v^}X6GlO81?jon6JGz<;mR8xv+fBgCD&)+_3E&?jY?f-p==py*F1-A2x z&ADGC0?7NApFtc|7f^Pe;^t@s!)1w&A&4-L7RIWBi^Q`O0*dUB1jm@G zS(ccz2BhEWAw-z+8F(*tD!zsy_+arqZopd@9WDc3nh(FrG69<)U4!8QLgd~pjD6N> zF0@s%xB~^JGNH2OSSLbLq!T=~Axn*u|9>G>%<1(WU63K64cUf7){40%PNQhm!1#=QP9lqur}BhVNZfN&9Q?*ahE{`8MnAdv?)&V;^Afn4xHqxcsX-9X5dhwE1u^Ki*!h>Z2Eku2mzBM=p zs8r$vl>%xL+JGL^7{tekgk`g;dh&pP;;y?TCm97;k~Iur@(FNV8mdEylKEqb%7&k) zap!v>>l4+V5P2MnI&3rgqz^s%3Mbp5lr8J2#j1|;c|P$qT2itMG7+IR@!C(^ofwKq zB;!W@P&tliL@eo=iQyGyiGhNh>pxT7NLE)UB6Ugz08ntENccbkK#eB8uF)x+J>O8N z2*n><=aX%gdl^Xr%40M>KZUCaHxMFQ%9OF; zG*nDk*&j2A84pc*;g>jC(ws#$QQa!RM1L+7ei%^vp(+s%JTk{YXhi64jD`pbhqV!L z(YT9yq!(^0dHb!pQat?O98C~Zn4dY|vBdfH6aiA7s#Sh$e!VgeIP(_mXTJlFjkJ5m>Or9d`E$!Xy_4VmJ zCC#SIYIF6)53g2#Kxew*wF%1&?XXs~(Jt#&@#II`uCclC{q`!#U2m=KKJ&)GAXOtu z{!k4jU(2#yQu)z^HJGnsG;Z@3oO!L;#QQ&CS#n{X#4s~nLtjk@-l#lcS2vj6I zjA(|nN)9?EAzv=46k)V{KvE~*y7@bZ?L*N%ClDfx4-qD9>YDtz*G_odJr-o3qs1}9` zMq5)fF!myJK|5jALydntnR4bXtB^?m%=w2K0{r)6?vrpd2WcMjR)H^Y(4WQdc&ZyY z;DZQ2$`u!xxQs#z;c;^iW|+^6k`S7S3Ytb@K4q&|JA2$)I2n#FSo#SfI=6-EC*!`x zG9SJw_CuzD8@QUNVIr>O4Dg()&QzL^FVNrDYW}!zw$N=n>r<>pMbsiYWpOU-Bd^!blc24QmS=pn*^h++!;)B<4lgac3CN2%0%POKc|b z$TM@e)~s{73M-oO2;fT!P`Qx{0p{*N#lc_+6t6pV1rbcs^1~# z0PlJ%u5~=rEh2T9z8f!i%q~t)Icawxg@NfyCj(zB%<0X>jXb)dN zCx|Ri@%kLm`kmw6c=4?JJ5%08a#j)~;M^D#hXDu1_<_*YNnjJsG_i+-$}kp)77075 zt>!9k9>jV%Z_6=gSg8hTtfsA^G6HekD za%`q*+!YW}3{xq>_yoZkt&@Hi#x`&#*fc<#m8ocNU>CTTaUzFmhBzB!Qs@MZk!w9j za-j1lnq)c&qig<%wI1>Y;?ps_4P78Pf^|9r)K&uhLya&P0fEt)COYf5;Lt-9%_(jo zKGnF86B8*GWUHBjNcjTaG`^JyKAe^9H)Bxb{mIOx%NYvjS^>iXb2{h!SHj=Cf&z!P z;sb%rvDR7>Et44{f_nwBkHpTf14Muq@T41Fgl_pN84i7z(J|Rp= z;w=~GC<1lBG#)C3!&gJh@i3OE&S2pzM29FNYWZ7w`&zJu?|r%a#k~f6NR@&W>F$0j z`qM*qNhzK{DrB*b?&7yg`kLF4Y(m<>zX5uvX=+Z(Yii)Fa#-b_XDK^ih) zBQ>abS7?iXt4k(Jul*6^<165TMm@6&JE1{ZpP=o4Ic$SKZ1&-f_ImV`$l&h>MH9;| z?KvZFgPp>`IAwD=3r&zw9uyq<_klpkx%TERuFmOof&cchSB*pWZWzEnhKLFgg~a}1csgWgwtOuH zHMw&gmZdnDE_x*a#-0I!!{|jBD$L8+7{KayRl8DnsDc9R)FgORkx0xQoMp|4)Q2erj^F$%NpUJXk@@n*W$-H+TtP$o^ZmMj*J2^ zD2X!s*lVcUNGX}|A@lzPw!x{z>69)Pmc4pwVl>2kxNQ&~tpBzRf>N`l9=N^!6xeVy zL$WXsIoiL4ZLku|PYw?W(@USYp(+TS(ME;n&cl~M7Oh5$uE3=u(cx67aalPNhwmamoa99il#t){dh0pt1B+5?rIoWwULM- z6S_(;b6RIwU*6-&UJj-_ukhKkdzWtJ&A0E^zXoL>}J<@-*dJ=|Vm% z{E&c_!E4|H`#7~uOFMBP0UDyM;WIK*#V}DA4yNNpm_AU}$HflD0JLbyxTYij8XY-E z*ilubs1gPfLHJK8bmo+^-Ul#7lmV|;sF2l9^sr`?okiUOo&ae1gT+ zP9q!*Q*ZkS=0r)WIo;t!$>>j%XE-eumcaO#VFQ~DLi4nur=+zoe<$PbLCS&rT=HxM<`jmShMCS(!_M{Rea9j~PAQ!RPq zbqoy`@gr?1Bt4nnKY*icFFmUbw{7|~5DFVmlZfTw`nP);fzEnzw2)OE%g{}$RNOvB zM1xgssU=#?@8Oto`<;&daIEH`jjkyz{<)c6o-RAt}Q=Jc8eVIhBSxV^nrHgeQ#EiM9}`3Tz?v zbdKp65{tPUEO88ouuKPfI;+g4dc)NsFb?3NZj$jxGE;Y5^D<^zD_7|d=KyJrU8WFFVZ8WC?(D%)gjjzqYx7*=_- z|Hby=R1}W0Mu-4yEA9TkBgt-H1D^4)H1)BhFupef>#B9S&{30We{cbVqFm`EbZxI` zqC^`FaQ^SY`B%2c<|PJN+)FS%@xncDVk9I3IZ1q}91gIbX$mJ3dv4OK*rA!%yv-<{ z-Wx1@%DU6}}Ex z+odfYE;D!bMsW<&fd{06NmGh$A6)iNyGRi3jjmdiND9aaway!NMD@E_5J51@U2cuwDJ4c<4U3$dScCT~MpT~Gg zmWgN!eauC23YzpMBsXqUotwJQo)mOYorH~OuosO>whSB|6)gV@8I$2je&R||Mi47= zB$8rMS0z*&N7Z&Bv{*=Fso(d<5-+(f46z%CVzg|Au*t-d6xW-O0dcZY1d(-d4iijA zq3_p_hLsVMXQ~;A-y|cYHmkffvTEpTrp4L^{P@g&yI+B2FF@LL^H@=e)-Ym9Ok zG;pyUsPN6VdaR_JQ=JX*U{E7I`G_+83NW%?Wo&cRt zP4!+QE3op{b)=%>$74by*>+c%MHS6XPmNOc34J8{FIafZZRF1>0@%a()^>x^N+li!V-!pJo@#lQutSlNxnyQ z1?*#Fq()VIWlkFseJ(zJ3)3eB`WRf=s`(aVfnQo9udAgo97v3&>6+EE@NXWF&X3Y+ zev(M_A!Sy-;utpGA4DRx?W^6%a;}t*KK8b1x>STEP>}v`G3c-7g&(5wEir)jMy@WC z7*e^pOmcN4TL6HZ$Aw|gd>K$JdnZ;Xiw^0M!Q&~SSs`<`5c`EvW-eT>xWxQ;KDnw) z?kR(Su@GYVuPm9@kU->(kV17`&MEgeT=t_d0NUfEs+6HJXQ>$#LwLqVcGBb7=1xi2 zAkDJX0yv7g25vcQ(w@IiyK{~{L=hFtLJGUZ1%hOST!Wxs6oT_jDLM}AGdE<0i z+}Kp6(UK(I<>erc_VM57(f&Z{^J&%;kWNm=N64%F2r|U}GaN?{nM`J=6(o`vCD^{7 z!jZOvFcls@TDik9EaIJ}Mo1-HR^1{+M@dR#HdmH*-}izA#W(V9M=rd@l9-QCAATk6 z$V;@qYF#fljdhO+y|@Z(v5m0Ci~X(95LrPz{}&*(KYB^&8VFDPFcrAw&QMdiua~~! zs~}O0Pf!=D`uHEi12HI&wS=}5eBy5^Yot%eW_+!&9ZpK`@M0IbDlioX<*P+p46HP}~V^IO2oqO9YC5{(sl_BK-`f>;2X9&H$MnqxAXs@|-EK#I9IP8cJ3g@I;Q2MxG(u6zh5!N(K)48=ZdSr(r^+aYl)nN zpLMW8q@FYcbiTORu(+46cH1wXwx6#*f4Ti*3cl@6i#eoVdx#Mulzp6?olUB|8&7}ST9?Tr4cn4LTHpE^7Km;o9;JQQ8|AY{ zuWReuvBCM9a?ro5|A^0dsLoGD@MhM$XMvr+JrM}h?isMv z1~Cl46`T%-Z!XU(uRz5HAU&1mFd$tppZ=&fs=Ncbj4md=MRf(CX60uxd*Iw}xy)Hi z`pX*~37(c;H)ugdJN?RLS>zf-dHeURIN?Xsih>1HJFJH7b zo-`hQ*ZAY|m&?nDf@?fL)LVmsMBwpl`5<&)^WoZ%}cU${mna^oH-|j^Gb~7(h<%&Gwr9 zke(dhm8#T$PXgKy#~f|iB-%Uet?ie8|54Ga6^Hq~Aaz|+g@_7kB?;(S4UgphbIf^o z`W7*T(JVCT{R4z5>WFG8jlbiNh59ze$Wm+3@carkODhPxLf<>>T8Jwd^$#vD1VnyM ztJlw0ztUb^KB1dW!sphC;;vP4Y%(Xvy*l-sK(a-^6YmS2I#lXOw+$m1azR%@3=~>0 z>MM}UEvKqD{tf_vt%`uaqqy{RZ=z7()D56Y#!C0&Q*Ke%$~aAcbMH0G0(Dy_jG=wj z8y)xPZ4@tHx))^M#tfZ5jfF!lgFUh}MC|apgsAXqc_O?-+zL6!W(>xi)0e>k>2RiS zMbcO;kV>hFMjFaw`-}6BG+P_&LvFuZI$x5kDB$uuuW4$@;GR(@33Y;6(}7HyH~p%U=KAkYq8k;KP;dWN`Yo=>KFOdgD)R^{k4=`@_R0{ zvORibxn!74F4|)BYpdqL%OwyCdx$Cq16ZV6`P=r!?z*XKC@>}2#)=F#`TFU`Cginr$8Rv?`ir%f zPed-Bot?+!Zr9EcV#)5ywU?Vax?%FGNGy$CL^O#HDCpfne7$yL6G&a4ie@E@V}i1K z{{y!d6&q0y7Ik7m#l+Xb0HrtQGx(HRdeQ~jC@<{xkB$<-qHM?97Fh47`+@4LG;mu5 z)K9rfY2x@&Trd0TO|N&p&^bjczm#e)(GznJaNSB0C1p@I8|Zk#={RwgLs5peKUpS4 zLK&5vq6MYZAdfz1FKeS#MWTJsKsdHb#=<$T-SM<*(?rroZH%USKXtbZVWN^C!E=;8 zq6_YsoVBUDnF)Lt*2lzN)R}5=8!Dta6I}e_J=^#YzaFbTnzi2=NJ#(&W>KmVB556w zh{wEY0?=N_7qmhYU+@ENd?9g5I{)jvIewvsLRg&+$>JME z_0np0RtuPofD~OQ8Y{Wp7s!Ve5 zDACn%cc(>+vPUr-`1t@$*qa3o8Uj!7y1m)V+%S4VWP;7aORtV02%scH21M0v|m#fDios&&Ru8Q2Aw z9YX-4(jQqt`%UkvB@2W!z;Yw0bORy4PPkhWvEyzVpetlgg^5HUqH@cyP84U5GmRgh zNvTe*PfS0bX+{lBU&P<}h3Zb}CqbdYYhR1L_uue>OHtuNU&Y_?k}@7CgS}FX*MmFL zuTmif-$n6Ozl^`*rI{r3joT;qm>Rb~742IiLj`HK{2XKI@2})g;?%-Zi7?GqIGs%^ z?fi6{K0c>ltf3$FB zUEvxR*o<(6CTlR!S>P|U&Y245iH=K~g*m2Z%K(vGmN=8Re`?jB>TK_M&W#F`;i_(} zU>*&F2C(|1vb6}*4CzRqhTkF_YQw?&E-+%f>AAd8Y7Mxt-5W#NRg725Eke>w>GI-{ ziK!Q0j2I;Kz&y6Bg83qVl_spt0X!^DjA5X_)RX8W(gI^~I!!rKXaeiCO*}jSO^T>( z5+PnjUJzQE{H&|vMFDSnQx}L2i_WbFk^Ne8b?3VHSc8_Y$6tm~c)vO3 zYFETsZr6h5FA|H)XQ3YG`fqifnU7keUxY54Lbz|;|H_2ecPCW1<-RHBF3Aw&DA?Ri zw`LTzLq)76Dmx{I0waE8u|)$paAxz@`b=K;@uuc9a?P$;MX2x1^^Luz>26_MbS1N| zV}=zgg-!hdy%hTKG4gu9Z51)S|e`14&@y zt%A)se@w0+)(l^n{E{(wZ84w`T-J^jgIo-_Ek%iYis7YCqXOBBG+x%i4;SLFdHx_23Z2?970Y#^+sqXR} z>jJujTi|kU9*v4L5}6ZA2Q&csyOwq?R3u=SW%}akwJ!8(?xW1WsKiV_S)pPs1yPYV zh2FALK-Rdt>skqWZvL>o+mt)^S~E%QLP87b{vR9n8u$Nzzy9<9fBm5W-b2zeKSMjS zfrm`~i?14F^J<$VJh4pC$7SshDO^;Cd@Vau=OTs;PayB4YOmt+HwkS~+Cf#*Xba z`fAcQ;uMbh?;$5k-RemPmkI_8A@>@xmtx!#z}D^c$3w1Ye`H zX6U0E1x-hrbOBGObVk;xE))!N6RG@%A*8X@ z-0mIrAOm$#j{_5g7KI(a{Mj+~pfeKX- zjrL);WDkW?=M8;}tflOVT0o{spzz)(BuViFmbnyaT2`{X2=Sl=9@1;JorUn5_B(ms zijUy*Nx5q8U1JUSw(XTFRN#oDNpO)WNt_*iF*xEUUmAXN=m0E65=;892l*!UgIKrf zt_gVb08Ayi!N7(P-w+}j;G6JHylxZR?J;6#F(Q0FDoRX)tPt6>V=odeMA6rb;cf9i7fi9G+e+~Vchdla(ylTa+VcpBO0aONiMLWl1A&jI zkJ?4Rq27|xAYj0?Q6ZE>*>!TXph`Y%GGv;l#^D{Zc{({^ss~qyqfo*bx6IdbV*u(& z`>%nxIn^vqr_xM6pkf=^334&)w%C70eo>&x8a-2QfM+EyNQ$&-nJBFtiZCs)NR60% zpMj=^tsbqcfYah$K4bkL`Kn1sB$6CSv*LjgWOZ(`Nqi4aa42;Xx6Jf6>oL7vwudWr zA<4avxONwoyi0T-#}L1x2Nj#HD60i?65g1^<=;l?K|w2z*)SPDeT>!oMro|VB1@C7ummVQvKH|I_ev;Fq|81(MW^}*aA2fg^L4B%!~xv{Ikgd*S+%tNAcRBb^`kdO zWeeB=9|0JB)ko*;;;KwC6bPaS8cYGon!r;06>U!PW+!sC1O)|H+^*QE?{v~@LZTGqsG4ZEYcxz%+fGo#v|zfus5 zU(oKDTiF2up9z}&CXbvTb~%=J4tbYMCJZLioYFXHYDTF#7X=nGS-@6HaqX-oe?$Y2 z&v~!ulBsK;Z3w}~h`h{sKiz7wXZd>WNjUXK5rx-O>|W5}Eo=}6qRWz&hz=Hk_Xg9B zg79Kv)ueCvHlO)4sKzc}bd1!bf@C)ZF=hU?!}(th*dTbSj*)DAF)vwmsbc&Fs8Iw7 z0Tm(D$*sI*jSrHOoJ*m*_Zm({BHKYYB=j?wau72v=^ zn2zYWM{Z_A;;(uXV3AKu!4oP8XVRTPDLI^JBaVH<+ z0%SXLImMgNVGpVOUg?ETMxSbtap!p4B%xE&Lwt5&yk!7yM6>!hUME#O++Tf+&|aT( zFa&P88blvjcJ5Tl2;yLHr2(Jn5*sG#r`M7LX<*bKY85q;p_9uljRL%Ja}-X*6b0gn zk$)kBM0hwl&D82tOa(_mU=zRDI7(D&b0sI8BPTyy2?IPqBZ8q>Jd#GJ0cD% z#ne?~sy&<|NL-bUu|Q%F<+PlF+<>$~z~b$QvYBFIz&9e=yY0$H6&bDcL|jxz0>89%Q4V$vIKb^biQ(zg+&3;EHEP0OorGY*Lbk z8KdfwbP)>6b%(rh2Np)N$+MrTn=;*iW@mJG0vCe;aKf@f1+@=Yvq%Fu`f(I_EHfzy zFl=C-_K2f^HRNJkEC#~{jrkL1AyHf4b28JL9?sk7=><@PLD-3RDnP|bHW0SCs6vOQ z$WNpYCx5&MLy+GvWj6?>#9GBPNzj;*LiTpp?;7!rnx_CN(YdjW*TxeS8H6$uOGB#y z9-9%d0id^-ZICO-caqroQf{7ci>#gjd<80l=E2jF=Huxo0EU_ce7`L!k^8SlOMCIx zL3Qv4aoKp1P4Xr?5S`#R-wI1(a)COI8J*^@X#)R($H{_`V4cGsCW5HNLvVNEmk*LJ z?{z@VJv|X#}rlZV0yaIN{x->BjKc7G62M4(ix!? z$Sux?Uz!)|dI1m;dL!i4b(ex?&@5c>F5ujj&%S9KBKHNhpzkg(juyT~tqBb?5!#zf z4Eh8E8P;EJE;|3qrr{0-*kd1H&lfpcagf!tg0F;)7}vVE2%j!;yUc%Y1czDIRf|^4 zDU+iwy!<+mRN}VMeWZ*D)pgF61|-TRnAp8snXi#Vqg5(JrQA#xYTe0xRzfLHl6)+P zT?F@Zm%WCl{~N?)Iti0FY8W={YTpXQhtD#L?UgWF#t0OoM8XCrH!%?GIitoPC%~_Y zV1oE`ZFO_A{ruJD?nZlSef#Ol?dOD8RA8#neKVPPOd>GX85uU-lfGZi&pc|(9%4uh zC|YU!EYE*!w0<_3ruq%^<6kj*`RYtFMfshIKsC+pzy5W02H5>7227+Q3L2Dt)8yA`UsE;)2$%$vN59IEQzq?PK68|t@evEYF7$UPT6`bfj)P}Lf(zX*hNS}!3 z83&UI2$=lw&6B8Vnq#$xGQc)1P-&P?$rG#{srzAn10z=)A17)3bg72dw8?TT7XE;l z0r^uaE9nS0nbx=L4328(Q1TMVl1=)wo~V6zuYna51x#R`VN`|KoUxa(3{1e4o4iAI z@)7HcDX?{4wwPg{<)?fXLPRq}r7X!9bC%{$P|KPD&OYfmhTq5=telb&Ai_uE{F$08 zNWOPgw>DItIy~(+8LF5+1@d(dj>QWt%(^#ti=H*v#3!*nc-zvrN8D|Py)z&iC#yeI&6UW zb&CwHpKPDvMk?CQ4Tipjb-*7Cw}l_8QzF1!BZS(iGa0-(TUQfL8G1AirjdGKi$uXp5M8oqcgJLe#n@ zz$*$e(-in8OXJVjnZ4%4AqyJtInu`LY3N2Ia}%gz_^wO~RyOsr$P77M<=v2uB#{37 zl@>!ael0as@rBk*_3MSCr_c_aRQq57sjLsA{lj1jv81*uYfjAYArDY|>JMMGwZ^~J zC$C?ZQcPLc?3Uy-QJaO1@lT0NSZRFU8Ka!R&(iU)vx0q23Jpk#ktAIcFa+SSRGOzC zL9a%AlT;~M2?57;JJJ8Wr#}H{60J_dsD&~mn3H}^I#pQPy{ov3_CcHXbYG78vTTit z4KCNRf(tQ61D<87@l(K43|w3||2T`RIUfR8l11Z*!kQ!3`@Pb`l}6pQ&(b#J+ft|@ zzPNcA1&X#&UMfwk_1(!|*<|gdvVw{#SWZ15#pRh!l%T=e7bNG2ONF7c22#hu}$aCeS|FTX{s{;m6E#LgWRu6kY*4Bh#cjor>($ zEoh4b(uaX-W)&SOTQ9fO4Rh03`2P3;cGEPcOSY9^Y&)d>nw+ zBwmA{-dzG1LeEOnNZkyCT4DE*a*5Yo{h4Z*(W|*+G>YSS&#YMN^eYSx8s=T=`)f&G z`l*sX??5RYA*WBsFGwRFtKl+x=-(*9)DMbK;=1`3gGwt5DlD3(5Kxm$3ZJMk8gdjh z6iXOzHk;mQL zWr!^pU=Z}LbzePRUzHJT9FH0PBtoy1Mx)g0L^V(prCjkjDft%p7P<+I$DN~I^`S(^ zkJEN19Tm&cXMHAlxv(6&G;v5nL`d3fBB6!RP8!KbFT zgoWS{va^L3(VWV`k-{uejif5;1D0g;FLkxf`jRfw7n119p51^LJ5Ty@FrgFk!`L9K zIU#UXy+bJ31Q`Iz!A7WZx002>!#)d3Q$aQWkXT^&Ba<3y( zU3d<0c_R^B3LU8ys@=#$?NTDlJ>gbyHj!UhGy?B+SA25zOB$*MMwgrLD@*9jDfdA( zhpZ&FlWnsV1sutIL4G}!p`i=n!H6i999>Jm{ykfYL>dq=Yy>-j43u-BQB}y=>Gj?V zHYEt>km~Hn0H}z)$SbD+o?HE)x(=&(~6#$uXdJ zArnd0p+{HtF!Z3ic6}GxE}X^KNxrqxkv_5s$1)WS%I|!Nk7ay2oXIy;h6zM{kqHDX zH!{c+YL%&glQ>KYgiAqeJ$%3@CA`4Txs+D|`^#b!IAyw+>M`ezq1(_R^c0R9TZE^v z-DFZwgHeT%#GHUODL+s6PW4egZ$X3lZ2X;u0Xa>L6B6+8Bv(#`)681-RC}003Dh>?)sH~V$Js?0>J&eJrISSu6T;{yUQTi-U zM(sbe6^!6$C3#H6HwP>ly9J{dJ}S!TK#ACgPfG;M7r?jqlYoI~mu!~)9vbK0M&_K9motq6adGh;14-s zfD{T59wO`D@BkvA4?kB1GLSQ)4ryls5MQ2tIu%A-MmlBxRJ+DTPyX6BX(Gq<2JGTf zDR{i1a-V-aMbc%Vu1&pJzD=o`|mryfbO zjo28s@H_ELl9{=o$$GHZJIb1k)S*~rKl2=;C|3jbnV>M!u@(xkKJ=_u84$$=e}hwN zKZXM~`0c~Qi-DeT^;kU1d!`8HVUYYd_HBg z?k+I`nbYa%v)?R9fmUWh6gc=TFTRW<{d$Anwftd!+ky-V z#u9=O_UU$yLl({4Zdg3t>Kwkook{zDMNx3%UiiOTL~UH8lmTF;cZRB>`+x)R1Cgf} z$&W?Tpy2IqjBu3`O0kW2nWfJzyw=aQ>+iDS;I*$dAfJwo5Sn4^%mmt;i{iw(EDD(l zxfVOStGlmu+PI+S)%p{V+WX(sH$c1XU1{-PLJO8v*<9B)xP_{An5U~K@XTSpoX}wP z`!qod5`+wcB>n&J?J(>8Y5OgDWdr4d%gSA#>e4)N#LDFn&YyU>tPr%6wpNbmqe zP!iGwy9einSKc^%^+{uTE$VXfNx=v3diooilM3ii6u}?S-P2(aWhF}$IaxT8d zC@PPy#<;QIhFuBJ5vDh|#Pt?^lmJ9c5JTixu%ohnytij-bsJG`>zfkblHUgr`@l~v z1dN~c2d%G`?|Feed#@pj+!Fs&BO?XT1~99|R~M9vva2$5`ax zB9O~glV%TGyasY+RsMOq8*BNRB}ZlCJ;o49u!Z6vYJCDkh$_O@;_qNLuwdD4>7%f9 zNRQy1D8Vs;m=AO4+8(~^;L;}zQ|x!)_`_MCX6WVWtQGdaSys{5MP~oTWg`V@2~te{ z-vOjR?sL6u@#6uOkaJ*I=Q%7YN(i?mhla~)7a*1<$JtKeoZ*5P)5`u6kZtZ_coST6 zh$(JQM6>jmR^SMvTKhKyG>T*voZySNLK}~aVxgeE662;Z+21)KYPRxxb74$n>kkUcPt>eL)X@WG; z9c;@Mx#{j*c%7+?UFz*h%62osR4QwWgHFHpwctC5Qu>TPp`9g(agbNj6K29(N&jEZ z>vfl6tC$26mXlJ3MVkpH|e^0RPh z5<~(sGC3LlW;a~AQPCM@VH{*3kEzu+w6=KjQ|p8ybLi zqA}A0|CzlUj6f5oYSqJKWMaUC+B;^C3iB4lXMlS_>meh0Q@(tki=foMdi9*XY=Plz zzDhxDpb#`KaX;B<#cxC`oZ3TNb6tBt)AI;$vxA7*5y2u_LZ_U1I7QdIAu5~Eft06a zD5e8V7|PB7$5NqyUFb%}nNIpRjLI=B)KMnP#kWO;kVWuUT=$dS9iT(Rb{sY;O4E%? zt)|@O)T$uKOSE4bc2yvUe3|6Q}fwe;ov-j>fdBx7N&gjjbhX+rF1HCELrMuYj zS5TpN@g7QHk+{B{CfrvZX;p2EvZoE{c&k7{~&ELNBm{ z=J#80o-)C7?zr8;f<0sv;neWZ)yRSQNdvI*uZnL1i*h+4+Wqd{1&nx2J<9#2XV1tQ z5FSvjeXsnSuLG$kC6(I_p^R0Jl9^qD!nZW)M zQQspw@vr!_c<>pYtSV<5kYPy4crE=ShmCZNkwKVulPibt|1Qn`_d3@2kcsCrqX*fI}ermj5AZZMMEC?a?39SE1)Sbkp zRSMMEbKT~Uj~dy)j0TEDhLXVB#hXaj0xc(I=mAl>-}P&cU9tqcbxi!An~onaRsO0< zDt;<=Bn+4WOd5U6fw>*nkh=PTPUmFB0cPQ;d>GB`ftqB*Irsvr$9Z9aJ@}te0T;`h zW{N_>>%9kz>8Ydo-5r|Pzs4%`3Gn&rs@%TvXOKx)Vfmrpo8NH)@X1HAY7Sivi`tFw z?ugcyI5KVWnIpimg(l5kD&!}VsacBq-ETqmqnk1kWbssDVNNd;kpfj_;y?{mCW)x- zNp^<=fhc=Fo!5xlGFbz$Gxhn=d5@ z4hR>$kKzDuMi% zo2{RPia{u~3MzjVtY%QTl3O#2daz1F42Pen+ELVmsUok|Z#McsUNK8OAIYXp*pCWw zsi;Iq<&3yGD_o=Eq(nKlNlVwX3@9{ty`tTVK+29Wl__g?Ac_;B^A-ha#b|TIdntG$ zItn7eLokoag-6ITQ?Q7<8_7-%8Zbl~8eF{w4-}=*k&9^3o9})gNW}Q`^5~+ncg4Br zwsU1FU1Wcom`iiz;c2fkuxK63yX+f|r*I=RU3GvMcm583UU=AtL+=n5EFOVXOJwcZ5{Y{eWSJrzrH< z^0)_awAv)GC77V@R-EO+L$TTQFqcES6r}>JUp>@ zf?d@xwpxM9E;&ijEQP{reEscG(zhO?nvG|5L)m$zBXR2yMpwJ@c&)F>Wg1XtH8_?bU10;9dhB)CJbnxGgfU(>>l{>v;EXgae-#19a)AJu*gI z4oGnw7Krd5GL%VTC2<1#3r^!_IDzBV{_e?W_)f?)D#{=rP8=Q11#eR9+LYrEU&iw@ zlj%!(EtVK5LzE*>6Wju3LdJA5_XAhdUVgxn$$TW> zoc93nkf16<`w+31D5VOIj$E@0Z;N1N|LCeM*L>0cB456?ltOXR>@|<18fn|B7|K%{ zq1itMh3d5>0Zm;&6pYb{%c3nS@uHZE5aI_8fu(RLCr}Z}<#2)vG-KMC%7z~y9-m?(Y?aRK z_y6AQ9b6t;x^ey+r6>KPA@&=Cepx2S72F!Kx_T-(3Qj!@SlMtQYM>oDmgpwSwZ)hd zb^>%M(91MqgBMvdT1pjBw35Lwesta=K9IBAeQ>+)93pSl&T%W*rv4I4_#{XgouZ0CX{a?)O9iQNW za~RjpY)qd#iJwm&xFM;mpmMb%N>VU7;~OxC zLkzNxQ+x^LlfD9RWEn9Vs2YY!wQs}hP7)wmAwX1~IMtyuvHc33=8wp`y_h2oPwytc(xl>tSbD~)P6?>UTU zTFakcM-AI+7bZurrrQFt?6-t=rRQP^(lybm>|Qi~W3u>$UNRP_!;p@;0z~-*02S+G zFn7XZFgWa79-mNURE|CaUpA~q#C`U)4@M{{+S2j7dDUi0LhV*a(8OQwRp0WK7jtd- zfPew>FQ~})Bkni7P^=z^KXWN|8@$6Knzrm&aY**!cM>@0KtZ1*xqI3FZ zSn)764iMtE{P(+1ErD@~*^@Y(-@eFXpxEurR+(=M<(;$s;b=(hrKJm5 zz~vKhp${9&i}wYx$;0o;kFcG-*Ah;&Wg8z+KsBe%`<;s(LYU?o7$vSk;j5x*@)R&V zfP(UdcnWzupSsK`4vMIc{`kbik<7|A1!ohPt`)LGGiDrZ# zZf6{Y<_k=ir&}VqI9mKBeIv#Pd%#wHnD}W3DTCjC3fpz?@Dm`s@Mnb%Vafk}j3lDR za3mfd_i*Pbt9l`)z>G^;!RLAJqC<CgQ8y_;Mwrsp#KCtW6 zZG+M&le%5}nzO}u+wu)>P>@@$Vz)_vADNCzW4erFJz(Y&d+E)L+P3A z^&i?hTbmoZZ4{$if4;T*Beu%uyUhsGH8IjOMm&O!Vo^ah??{wWtD z^$C0x^i2i*P!5`oVuSM>nH&=IP9;?M@ClF`v$LTg)V$JXayLz?4n$Qu9{6H0a^}Ss zAd$5W%5eO(xtMXyj|o_MEBt8FNk{bwM_WdmhXN+xjqALPWDzNZfM>dDj)*0Tja%2#<=mDDZ`USO|DToM0HE6UbF(Hq+@;! zW^J4#z8^PZ1Jq0lErizu$Z~sS&5M+0*c~d5OTA6~4cZkIeN>VGV2Islf`32{lT->h z1<%l63vY2_p5Z8ol3*NKv!1TUDfiFUSpS;XrH#>HpK?bh-Q5V$=CF>y^ zit64gaz&S7tWV)H<`X4JdQ(AmaPG{Jx@6~J8xN}3Dy#5Q6_+8PU>EQ)>1uKI4DEnq z=~G+rly4Uv;wJgC&iGA&jCM|CncJPgF=O14;q(xNVFXYbFwHfkE!jqiPBJe(#5W!j zjB3gq}fi?KhBM{8X*GQQhv$9Fixpv`rN}I1l{Xi0640t|BJ|ba({*aGMN4+ zOwS%)OY?nW>bmjMZX!Y9Ur3peO9aa6!d@U;RSC9dCBcv}d2z=}p(3Y_2V{)9CLNL?_uikMqG(DB zje#Tl(3$X^xpdYEH8SGn-c!fo-qT^1H%<; zMuNN>=PI(KAK3t$x1ELvHKig|G7{IE;wq5Oof;S&BlppF`}~6CO$-Ng$-;JpD?3Lz zKNq~SsrJvGcg}Z*e@IrBOm7cVlI?vfl7m%o+sQf?(;>8O-_RxO7dOnC<9p`O!^7K>NSv>}LLjW+Bs z5v)mbot|wpWswSD0(v{P`EHLW)@=au0wC>2!@vX)480;A#w{@r*u1&JVPO^Fgfm79 z#jE_SO@?nVm~CJoo5<(bwBH~)*bF{~#2_;^fg#TRT4_O+XD9+dR3rmA2)5;@N6%0? zr}{xjmyNF3WIJ%a!3X_8XN2gRu)pa+5nLA9MT-D#WW-@Gq9!LhJr2t_4EIrldy(fX zeepof$ph}14n_>IUU2!7K1)}WKEf(0YY5EQ*P#4LR-n3Bq5Xr9d7u5ty~uIED6rsuRW;ad8#mH#nAlBcmdVSH{vu#=vK? z{it1vk!oKIDR$V5cyWR6uWZk>mEg8aF?gUKM4^E4>970=5A2ZYGyBEkGwLxW*R_3? z1jGw1$K{*=*#LGG!5#w=`G4{k0Km-#P_M8bf3SmVOwxOTeMz*7<{rcj;F+0jh)qE# z;fUz@H7x}Cd7?Dv2M{#u({J_uJEx2?IcJ!hgX@q!0iZ9Ak@m9CkVrItRomK{;x1s$ zhDU`{Js7=FG_kqvVX`9P>r62{9Ty=((3!HPD`@!;y3)JY*B*lTu1HtmmONZd^fk`0v-;DK=uz`ef7mxsm!J5qC3I^gh5=ub0u0P zfaiiWpcTF!QG$sgsf;5)4o9wX+|rpjCgZHxfrH`Of9kx)IkSi#PawfOit6q772mXl zu7)jv&sPgTY8di1*1s>C?xBBadik)rH>(T&N44uE%EvALEMZH=h^> zw{))8;okOeh?}aUB3;rn$G;tHaBl<*41Xr0;&X7cHH}&E&~Fb-&{0@b;88gu`X)Xa zF*mp&r-!syZX~g7igt&S{_zPSH9<`fo+Fo8dG~25jrSy840s#6eTXrLL@?iFcme~R z*8}?=bm$Ns+mwHVc7m>)sl`cyg`B}K2aB!EM{w5{&fNa+Y54|0?5Y;UmBhx18&2lD za~a+CV8RZJu~i1#@#^XMN#~%4^bD8~uKXq^2MM;pMUG2;6|ftzBPEHcAt@a=R|>R& z5Sjw5BP%A~1I~ZTvMdM56Rd>{&pEWuDqUjmkd@O(7g;VVRAhSB1BP6vQ!!cV+$Dp& zHxW!nMg$(0`nnB;)X%NIa7A+nlzYRTvJ<_HB+ovO&m)EXWlA0DPFL2WY=K|bEW-e2 z3>X5fC%w0EAR&d(Rri0{d)J1xt|VRfyMKj3lSqy&uoL&pG@Xu3Fm5yB3kPsAJ>bv+ z2~ZmlEeT)Z55)E$7i|##FJXj&``p+sktvr8 z23v}_?*3D$avO#^eTa_Y4>4GT)dE;-MLAF57PcE%d;Pi_#fo=|U8LWvF1oF$tfv@p zWL5-_PaEpo)#%z)?c^Q;$2qnYk;5;<68x-Gm>sy@7% z>VQWFMmpjFRPs?Tn@!}g9YIp2I1>*Nft}M66ilDodpNil;TST1xOO^(KW_Q-1t_q5 zwh0#*oIh%c*5CjLR+inCM5X0Z?Q0v6S>+oU+71HV$`>lW6i)*jlIdNZ50O*B zp`krJ1AgUI-v9?jZzhjUdx(Ne0ReKQ5BZkdaDZ3oyP@2*ob*LkcFj1-k|;aFjR&^d zixEPJB=xLom)u=Qo4A|tn4DyK0`Vhvv&3V4;HN#q$#**V+pPqbpaje9%w{=H=0_eC z>VWI04Oo{;_?Il3Tig*zF_dt}O$>&z6YemKm2@Oh%VA%s$aFM5(^z%LtK2X~p}7dE za!<7gsicVnJl6tN2^*OB5b^@*aFLt2cZ_DzAyZC~j%+z1_+w7k0L~6YVNb5xAiB!c zo!f&kMC)}1J52JVn@!8@PV?Z(`Smb*bBGVii@_0GyzFt-c5$!Oy^thDMcXSYgUMm< z0#ZF3BQ!aY+$Yp!*yo}KlJ%coP9gb_7uTXRy#EYAQlMdwmU7D@9eGtt_CtD`0F*C0Ld&lD@TZM<$qfWn4uQ$uXtzG3Y?F zdlJ2&k1n+q_80K4IG8IDm++A&@ym<22PZz&$W%aLA=JZ~YC+MnrZ{}VySA0;_Gfb$ zEyg_n$hLV;8$x|CZ{n%#wP|lUf0Wg27(oGgpqVrf_Y~uJp{%vX0@^htjI?#&rw)QI zWJcV*mp#O|FqyBdf%|lq*I_ zD)YVG+VEM)tD40EbVTY&VN)!ENYgW!j#d*nxv-cEYDh^f@>r3JT77@qfI>rZ+t zfQuD&M#)!87x$JXVD%b`T*Fl<2@w=A0B*i0917=>$8=-g6XMo?NC@%3{q^ThAZut7AmV7|4du;bF9%VJa3MYI^K`-6XiIt}*zX6%0x)l3!<;u-)(T8O z5YNXdjKm7vh2^l_n#D`P{bJs(-0&4v8fX1-OP({9q}`migmx5UQjfcs)3-d}Qb&#& zPxDfIIy@P*76tn_-w(E0VIaCNf^;Q=GS1*iRnDl0WOi)eOu!4uzU31wU$Q62AgaI3 zU_pUQ_BVPSS<|Zo9*%bX!43JZ%BBYf0{z5KmR> z!AmkNQgnOVCYS=t z8>mIa;RM+aj|csY^F(lSRVKxv5~A%>WKBFr91qkA6&L^>WDl9H!NELMY-WA}9j_q3 z5uY!$cf|%EOVhY6M~v(ASknTc2PTrOCa8+MnGpiOtW$Xcd|Z?cMwT9JpuYtj7+94)R6eZCJlLVN+Bq6E~^~` z03|DF!Ff?|94{FW(m^qmmZM!1Qh;?3_NPW2kq!dlmFRFI7$F!-!}$P~K_^{kE!=J` z?CtSSXrhn@k@u^S3D*usr&vyj*NPAYzrop7G%=~q(AMB+fSB|{(z%OcaBY1JRSpOj z?a9EIwKqub_~#pkC;cH@%#GJ#tvJSud)v~9oJ>SabqngI6I@3wc4>8yp&r$U@7#&> z^sXEbr0t?zlKTTejG}D9DNE|gMiz%}bHsyse)(oR^rfZ&WoJaCx3fqIJ3{J6O6gN< z_KGtl@;N49{Y^xP-_U*0hGvt{Hs~3Id8<#&6XY9>Ri;Wa3lg(vqlHn{>5ctEB`bxr$^}tNmF@N$?3Up}|-@ zndg8aoj=NTP`gPSdHhx#+H=jg4LF>S;K3uyjIW2Mqk{u%+W3Y6L7GAGrgNmcdj+oy zg!0g$*&3gLJUE*0RTGP$K?>nUC-Gpn<GD#%fP1GCRjO*s*Drt`5;NEIdEA#=k_DTE zuLq@0ml6`4zT9iuzYFjtQDamhnn0{LvL;c?% zV6!b(E`rpBdpEcb0@US3dvQGtMQ>E;abUWL8MgCp)q2W&;VPky@EsS+FERxkIElba5KMLS9({Q+6nd32>p9mPb^{ zbEKB^?d%`8PhAeSW23-0(&Hy}EfPNr9fJaIzuD5h-r*iIIwzfmTTN@w7BfythM68= zD$%tepEo2~Gow;k&sZdzlD!sI4K}ct)Ff$Q@}#)5P8EL;_<%FMD=-qGC)U!IyOjH^ z8x~NrL+sFAZMg%Dz*}u6S~OvS7VZtGIUmp>we)X*l-VnUXfm1yily2XVK%QpI@Snw zVs){!ku=2*vsO(_5R`OB#z`~u63 zB@oqBR}6qWNB+!9q>bUIklz9=#z-j}KN&Oe42>wT zV>&2(DAu^(uiEucGFTy7+HreOl0HF6vh@;kuL_gHf(fd`K3b z@&$!_1gJ(M+Arn_n86(91(N1)4g1qj{7bx&Bo0g7p`{A7G8dxOBsAl%XP0Lvn>;|} zUBc0+dKbZV$WjNDk#QO&iB$;(;CTRmCM}{1^%Jfq<(=MfPR8?)6cYCiPUZI5UyCr{ zMsutoBUhf=kl{FQCtZNE%V}>Krz$+SfwLMdNsqhn?4_O=5g#9jw%fo-rI}iBK;0^Z zIbGM1ERI{59r;%xfh&&8YCtaz5!VF0HB1BdQ< zao-CzX%I`DnhZ{~Ce|0mDFsm&`C5XN^lbQc(64hK2!-Yp*?bEIDTCO+C47TV8oH*q z^%fP#_vwBq#Mjp0?GiFj8wGk$Zfdb@!2V zt2(eV3{52lIARWTvC=5W-DZO_tU{TZEdSQjQRdS);Zg%fqxT#7Hh~jk<;m z!f8R*Rf|s2A-b-g)tk{lsYzr5cFaT)796xhj4KMo+UX&@thX5$= zYl_W;QxY{r09_&@sx(=K15buoUFy$CXyf^5~JtP z^|K<32aHuy^H}Tzf;+w)!m!;t{buy`ua_D;tn9C*sKt(KBU6OH`q60oWO#n**E>RV zl8+hR%J2-55)P{9Z-<1^OgpxIcA>Z8h>0>i&OUrYGX!ej3r%`zdXX(cmmSY#rL`cm zj8kgT9ZB$sr4%Ho7ANW?T_#);{JsK6>*ue-_9o_F!}%WFYWCCod3=j~c^|Gx->z?^wh?OpzFGFtA|Ba4 zfzaI6`m=8v8p4~T6(?$}(EtNh!?jPZ0Rs>lQcf;%e|3(DXPxe36Q^R{GK{VD9?1pO zD@&_`8RioP7A@|_k@KfDLo5k~;u2Ts4?Hf%3Pxmh`E&?aW6NQl_soTf9V;d@cL<#l zrnk&KMTAC|kf+t4$8}Q$ayWU4ct~LTAHM&;yL)@fFaIEB36@V#I;3ylAv;cu6({8= z#^o7yfeb1cnr1rc8tC)@fv)VTv$yzT=lawRM^+`dg$PTYlU#rRZjv=oD(=pTUklMsai~_ zn%59!(SH2=={f|SV505B>OfyEvlqF)lAo;0JG%aDZaqi#6tqHPT(@z zv9QjezCN%;*4rt_PcTZjVZ6n1I{b`FDAVJ?4-){X!#!fx&7*w?QTeM z|GpAfPP+}eUqFat{f%kt^^tZIx2YlU4ZgD9Z9IGU{JZUa?CIMZ&!6po^J3$P_(0Cw zvH((gW$Sh!5fxyqdQNLhgx=pz54L4L0hXwkmtkO9LWnG{QKihY1F~xLtE3xn{sFf;R5+!d-hv`-gA_Vx~A0q)iH@ zCm3fGX(yX3iR4})gmJ;9BP5K1f2m@aZ%I$L|F*re{*(iN#|*8myX~hN&;I(|mtU|? z`TB477$ha$ph<6zyI@Z2%0mPLWuQymEIFLudWUzKamV1Fy&>QX!nMsPuk}{Qy3;38 zyKYce*&eO9503c7I`P%jm&g@z=Zib|$og=pdsCQW;VFlN5}&p1-2HdHWY(wvSj@F) z&m2xR&LOeE5WxgwI5M`wh$mLTd2!)ZKQ^I-F^uJF|%F?E(y6e&^lFt z-k5%qQ8V0_OrT(~)5N>OxpSd~Ve0~~znq*71{WQH#2r})FuLMh+*ybYK5|nEb;OQFB5_oe%OGU_zi)T9< zPuHm%pj~2F`?adz2cx&w>`BNwFf8sJ&$ssG3Y62=EP&2(}@nMG{|q zG$G;Pu@6bBLeTlx7jX-)ANR$FaIHHBjU*T5h4M&AYLD-7aN+r||JMOc+1W#}`>oRN z9dE)|i&KO2e$M+vE*4ai-4}~$#?>-A3@3wO6m6Q@O5#`e*&<*HxxiXXayqC{QMz#v z+6AEf^UE^`Zalax6Y8p|w?9%Jhtz{{5e?dzIryUXs)CiV5u3>sbxjtVIX{ti&BA{5 zjH0nZCFRU2aMgT7>J&cvGiTwL;`=-<_N~G$M79bH)p!i4l_~MErIljQ(N9gQl4M9n2zZ4kIMUPDntkR*8AmOucS?6bxuuk?Av@_~t>KdtIf9T!p<)s6=XP!$)Yh?FCQ0;jyzni&ZN7@XpRg_yV38ObB;KGL| z!_$7tQG|Cp;#LWi;#y^?z*bfsu7C65ufl31p zq^~K=@d14xlRX!PY(Ctzw3ZbY03>xB<2IEPbX5`|#xPGttdOz=W~$pAy&e-r7$MpM zB`EO@r;MX`0;eEtS;zSkoECvPr|&qeqSecDIDElffw7|*r%WfkZgGfKWF~u;oiico zlsno!2K2}LDK`b-$V|iT*p9)D-bhPA#S*hXp0P)t^ur*cA;1Y2tDjv$V1gM)PPz=R z?!^c564(+#)PQ6|cy9u)kob4nLdNV~JeA~~-?1caNJpu;XK9#}>blqzoB;spdS3S3U)oyzQ)Scd|}gSEEriFo|R8sv_`OBBQp zd2|XR6*@GTD^e)k@%R!u_jsU}IuIP4&p5(_*Wee@ee0O$uvEZmWhEOPwi2mejl-+~ zQm`NK9lP^a{BFz&`I8R^r}e`PDP^Z(B@R`zTurDY<9W$l;Pt%T!uw2bmQ=N~Z^HttnAptSyUbkULf z8D^d&tR5f}1emkeWKTpn{FW<%!*_cRHZeA(Cj2h`~ znOvBTo__}M`8b+Jp-U;(trP6Za?lmBzsgj>i(Zmch4}N$53DR`NME`8km*JOXl)EA zJ)UCXo!B5zA_Bk=L!RNgse)mhRjzemMlBaJ9A69@vG>kA73n3LuvW>*dzuLZpIjlkxdp!UnL+Gh^HYTC_G{?((3959-G;IOjU5SX-G$6jU)r4##IxGokuH#kuK8Xp(p+vI0o~4k9Fl*YE?H z=<8_Pi+@s}7kAk$-3)Y#rM9#WnQ^>NE^drJ2!7b8_^_V40QPqB8fCn$y`#P8_+KKHscbs`hgw#kaa&SPF&vHf(M5{c0KPnf4;(;BNRH{uT5tB-{LY_xqLQy~)d4H&?{}(8BQX_`%*}8IK?QG(;!mV!_2QtPdDd zjdLOLeWQ7%j|Qy>Lo56%-+$lP?RAe3p7-+o-7jwc^yBdfe*f@tpZ_9s4=?u7|Dw>% zS!^!y!8Ydc`RAXn;J*iQM97t@^pbUQoz|S)vKyHH!Vmy`?=eDOmltzgoUsI*h4v$=kg)I@uE(NSkC2$^vr1A4%6FdjYJH?IqBJ*nRFJ zB0;{j!II$Rf>><9w%o$Ng7&A#Wew-nf2+>HC2^DjB+V1?} zR0}kX+|?f@@=i-zo-l_6UYF#~HtVhF+=`5EEVLJvz)NBlsy4GwwfFYg{1O?+5(+94 z3C}P*)SM#qlaG!0tIoMtlFSL(#y>BiNNPE~Mlvbc+MC{9NG_7Z>iOG}K5-X!huHA> z%>{{8UA((^cW-Zj6z)}Sx4OLRvM)XI-r~ix!L)~l{1Nkmk}(xTu>9%n_n*GJ_34kF z?0)~r%UhqwrQhBtni2BEUD|AnmSvri?Bz2i*Z%&qAHVv#a}&r*F(rBnaZQpYyd#XW zy})SYJWkgpy%;8)&KOv^piTkOC`YIwhVlG5Anq>Mz&?F>QyTq#@ov`U6^rnR)v8v* zrfnD%mW1f?5j+$0J`z2g2S11F&0xIuaP$UwmwLFKdhcoPEuEjXaXTz+%7cDli7#r+ zyxJydatGcx6Q))TM(U!WBm#y;+Aypa)8XmfR7OW6@j_#}n8y+ufLH+P#0s-D`lF<;H#e;X#0X+F}-Fz%H z!YRb?99K1_59!ug^XQqR0*!UC?qlX%4ae#xV^G`aPj1%DDw99(Kn?O3f}-Mr>vJom_}4su1MffB$%AXLEUP`&O&7*S~dB zbhAaRf>oFJEInbr5z=GZ<=pa4a&V+Bo_WAtg>T0xJ;fG>UHfCt3X@9bRL;ewszO(w z@GR)ir3(B75tJu9WCKo|S5DeGBbavrm608Q!G4Na|ua>?Ol2Azn z#c`NF8SLY}FOG-$MPL!sOQ2rhP7d5T2e;!FTTk}4*B-AwU61_O#Tzt){n*LP*&Cil zUKd_l2YhK?vsYw%{!XPIYu0%QU;6h@GZl4EKrtI9t&oNKRWmY~%_mX?Wb*_v^G4!M6{48RldUkN*$$h5lrnWPVuzB)5@0>c)>%+ZqGlnY;~ zrP25pd`EyG=}RJ{puAfZCaS=?@^Z6-cjw?59gtPoih#;Pp>2I`LwUfg7kzMg%P+dc z8iq;mY>rDy)fUf{q0~VM<@VX|{sbi*TzTcVG)3X++7tzJaTX7!%)hYRB>juz_m*K+ zii_BSZM_&zhV<^pn2GGR*g(WjO4C|_wY!VoUkC6&;<1l7p}eJj8F_9HuqEUDCM9mr z5bx$j3`ppb@VuNr#*_kV04)0LJE?=>*!AHcL&9sr(Tt*~yl!G4|1AE3M>O-Yz{9P~_2Nn-^`ZIy1{ z!b>@sIAJKn4`ZO%mqHl-`|k~HJ4DjGrJMHyw(kkLUo4A-*_QAo&1W-N!Xi)`6g7)$ zeEJ103IL-)G3)}2lB}S-vLS`ODqG#Ju{0+`#AE_;-@F5EK`RdHjM@59VXhEF6Jkd_ z)riD)7x{Ri$`%W}kS<;4D;kBFbpQk5EdW?Tq@w$3*&pA8wNs|6J?s4hCJ+MS81$ge z?8XO5Bru6wo|3R_BZIo2JZt|1KI8DO1CHefRrI{<(-ZJ)avc1vgw0u3Fi(qgWe3UG zEAsU80U0~Zv;2L&86rP8<+o-7i( zproteYhOiiOq()|c|QbD#63}sU07mf%%$bPB{%dGc?q}=e%E!t0Yx^+fe{@(F=VT& z!P|QT9|-o#iLI0#y+N~O`MgNK(<$c#1(;p0wbD{u55+G)IfffE9 z$s33#1PMz7tbzn=``#Ux*zeu>5|`p(&6Zh?`RGDxx4L@oF%wH)Ugs&~+WE z7AU;1xDHqVyeMom$q-wf49<_m=6BUm9^m8b>$po=t92O;eX zn3?+SXTT%b4kV;PQ59&^0C_8xX!X~i7<6MCKs)o*aHQ3|)p!a<>40lO0%AdMnF4}AEgt6}Q^@i+s$uhR-n0wE(X!^OYd z+s92Tw3s;Z;3N_(mpry1d?LFGpcXC?1tSb=5ZvQ|7FE0>kzYkg32Z+$!kB~i9E0{9 zHXOYrqx_|qR^7gRTy#$Hou81yW`zKZePrK(naOgOh-Vos8~c*cfo2S(_d(Fk{5M^%#(+%-cv@vQ#`Z>-D4rko2R)%Q12+6B9yhGSQm4xw`Whw90l#%x!5``p#AW6kky$c>uV4GCe!pJ5WQlZEr*& zTwDeQ;*2?{J_0b|FNsA|N(Q7Y;$Weq1>k()JOciND&2Q!Z6#Y^0YvC$jgG*#@7P_&&QbD;z@7vXvCPg0YqpuCxYTkX%xsMQ-{WZ zAbpX`lc%_z^2Rwz}!)?`My@7fm66;aN zzpz0;>PsmqnGjYbzu3oVV%#iMPAdtiP$A)Am2In5Rl>%OAmk6QdeTdlS`|jq_m;Jp?G>0~;LSh0D z0P}iMy|Y5!gRUu$S9ODYFzN0SQO7WQmI24HmC6H9;giHNpKuLYbY?Eu0v!Al&4hU> zox^Hp0ztl%V!jJ@AjB1X8qGg&4O}ReS~me}9b*Jj9Gp+EXYPxC5^}Bma5_9tLz&wW zBU|B$n$j=C{7D@b;8Yt7DA!r22E8fj2MTSMVJPWI&&g$Dt|Fynfa%5*w0>biO-b+hD&vlA z+HNw)_5-k=$f%iQYqQsEKF z#QJ3Y>493%@a-fKger-k|xP(-E%hKqOzOJ*Q9dmU@k8sj9vD&(Q*b#x}f27 zAR#{xrSQg+hZfYcv{o)+JdLMx6+it>8*hhaxGGC5o)9IRv$g2b09m33!(4x<6!?TUUpFLo04VbchrxBjMxMm|?T!Cg z-{06?@jcz)0E$lnCT6sPO#Oe|THi(s!U&WZhE^DSL>kh^L7E3Vg5MxiM0AGRJvz`a zZ!=T#^kz$P`66uvLpGAdYAt(Hp@+{~s3sAG>_17ID*g{_{L|JS#jcNXsv!6<_>zN5 zf0OiWw5cCsA~&Uv38kcVkc_U>#DiX)R!yxHcEF(H+5DT~E|c8IN~g=9_^*C>0@NUmHiyB>Ko@$+#ye7NoKz^?n}> zI1fhw)^8o-s*DyGx1(l|KnZo_)QoY*!2*q_%-UhYa=AMck_VF3Bf(L5n6u^@x@>Q) z?`$EvFZXWj67s=RYn+ImtLMBqHTs5}Ot#5^SY3fnC)R*~8*@pa4PP_Ci6;l?bsGY$JQ7m={@fK*q zu}ASF!XgxuWo&$nF8wCdg}t%Fn?epeo6#V{Qdv-s^^ZU(kRGtD85oM#g64tAQdq4_ zhPAQEvp^dfZ5I+K6&7)4Euj0-Mam-EYY+?zru0ry5fb*5cq}Ul&}_N=Y;J!eZ$gh^ z+3Fm}MCNoaXpQ?W$B;hZnuq?2gC&4O1lBp5ef)fTM^3)M!qP^SVQPQ?Y!EO(_^5T_ zX*Y-tP{AWFLN70hAB#ABe+>Uzj5V33b`UtU#}>$VfZzFWDo%2prCXi*I3E7-!Oiy4 z1)MDRB{mqhO=w>T)y4Z2hNaxc6-6t%%X{}<;)bI85_8|)yIYwMRyrFJ`EHQ>uO7|v z&E4;p@4x&UeeK=9c1L9JTrhY32uqQAW`-jp%`2s&Eo{AX51iqvVpA+CO%TR;K0WHR z_3(=tp7#ac+{>G-Pk9Zh)%7=%+oe-&GU%CuK-75|Lcv&w;J#0s*2#s3KnNG+^$qP; zDKa_g#$#1MB#t`1s`eXZMLe8wcrR-c28ELVVVJWV$bOay>2~WFr%pa=@s6PD(i3C; zSDiosWq;K}r_A%o7f7_%z?VHhI56e<;9(&ln5@5xaB=_LI|BlbfC|Y-L@WDx|9?6Rw+p^-UE( zI`FY*Sw8wOSq(%|&uYdedl<_X&tNRrSlc1|7DqVJh8RbeIf~uLtN?6gfVBFM>Wo#~LeW3pC`(EM zpSAukOgNZ9!jGl2>L(4Mr~nUDrQ$vu+v?Kp1u$jDswrF`1#4bZu|n5|E2u&K^liX8AtWmWb->!>;kKvJi6G<^FQDx7K|kA{QO{tP`7vy5AtZh3l` z{1%7G*Z`-D1=D4XAkwwesOYallC;5EF)R76OEWFzb8at(6m<2XJH zs0st!IA(!}`;~e}CyCt}D_q@PsrEatYQ`pzRwZW9CMqimdyB*prj%V|=@7p_c@Gm- zh$#f5um&PCNE^=s`O$J|QH4gf_RbPr4=2PB1TafioM6A=_+|61ikZ9;b22$q4Su%#6>{sV%eX{?SoJ8s^3lQ7a=6#;^UJcaO8fu4tYk~p727Y`}KbB}*C`KfjKd!F) zR!yAfqs;NqC2#^1ajE6q7yMOqZc52?;Co$FZ!y zp|L|jMz`ABXun|JtL%FvBtl#Mbi%mmKf`w8|9v`Pob~M+F8oQ?2DQ%3+c#XNiB~nA zTtQz6oP!U9EOK+Ibda~aw+!OhD-*H;F~0(ydeY?^j`zIV65!^%`ziX|LCdM#8c5& zZ5(hF@+!@=6ktJ%rX2d-zj!#jH~~`QO+dF5;2YdF*Vi6CUhi&guXb10x9@)OAKkyM zJ?(BkUj5>a|3;5aeT{!-7qI%ML)zFs9E_()LofAKBJNP-2F0;iki02q6C647;Vg-vD4K3s z+F)R7>8@DR+C@qb+QZ`kqNpV`r7n6r{nq_X?Hm}K+YW^1Zok8wSZ8a!Ekx+4ZDA92 zI>rpac}2j6vI5OF*g9qZZ0rtQm`Ns;0BVZs9J1on1`}vER+5v`&L@umg^A2yWrd+C zcH@0OBU_OaU=Sldi4Z_Cuwfrs=30+U(b_9c6uy+PB34TG2WINH%A(7&1=y1jQ3Xw* z54#d)+IrKQNYIM(*&2;=w;d?EeHV&nL%^r8&J&EBP%vCb%QA_v5Yl5ZsEr}6e)kX^q6 zRVxa&mEt%q;iEE!eLx@8r9mI?-h0}iL&8ZHWETf8XVoRTxC6rw)evRNbD`FfHQLgC;5J5Da_#a`W)61Ulq^+4WiJn`!Im7 zZv(D!-)@?OZxQC7KK(R$r%W)550p0ZtziTZ-8d@Ghoj0P=p>bAhjf)(i|wO-L$ACW z^vH`mEA{_5m2`DG%PrQy4oJ};M$LAi%lRoapAdZZKxe>*J{NltTMZo`DLeyYiUBY; ztV-?;0y-kZd*_t-K@+b>!#>SyQ6J#jv1kMj|MukJ{*#SwwpO?Pw$ET(HM$7Q{U7VX z)f|v1tTZqlIt-bd2yr+uPpkknc!ugVPwL?o9tt;ezc)1yV(ku)TpM6<1EF@np=W?= zNY5m_29T%Jtjl1-=H-^e?=4Le69%t$(JDgVaAbOdUCD-|kalno8w<>`rg>B?NhAfe zLdy;(Z8U%&h0E0taL#m%xk$F8x|ul3C|5KGjSqYB`W#BLu5dc|ruEhyvl#&it)?ud zL52hn92%?(>JQ@apX42~VYT^Y|M z*|IOV**>L?2Bu5$h`6=r0MyzHK#6HpTgFbaWk(rA1DH0&f|F$Ov!(PVd{)Sl74Dwn zZW*u-y<&7(Qkd$+a=dQQqFy6RjGypUS0!0699v1Sc}f0-nFA34U3O_M)P&uoL}5GD zVfF|g6L~dGVcdRbQ`f*fj`XD02R(Wg%IUjdNI4 z(^S$X;Jp@NmV43vP%d7DZ3s)c(w2+@S2e@Ra8Ud~bB1VC?tC?Yvn#FjyZ??$!0yi3 znO6DY?jP^mxrZvbK)8pCwRopbI4nibMgXF6Bax>J__kx)0f3TJe?%ttke6$ECU8M2 zeVcBww{9UtlpZftr3a2HNJX=FPe!)DC@iKjy16IkAp|q_Pf{4UI@)$dpPvQn?&@2m(oXTfH3A!O*Y^7In2K$xPw#aFM z$?mI5avo0PJXf#S(zTln7u=L8Iu3m&U|ek_$WE8~A>Z;34vDo<$tmLyve^}kMB*Q| zFAqQ^)CPbDB$!s`y%onA{)DgqJsqLC6$QJM1>wnx6o!I;l?rTMr z3R;lEWbLP1&B!oq1Z&hUnXwZf=`3uY2!BbSBn|K^3*t%wk^8OAJ0#{g$7P}d8|R+v zHNluf*bY0e9Ks80j$+kWqew-X!l1c>0DXg)w0L+%KbL45hZ&r9?^d@fUW~YM6K&qW z-9|u^Zi*e9sS{GM=%B~Jz+F3)u*?iFFYHyz{`cX zAW4FJh?*g!92kA6#%Oi*B0bp+VGEBG#I3QebR;p|&6?n%J8~V<-{Z-7-}N#H8I4WF9^sMF=aJ@Nu1E@>`BP=L8->Q>gg|@U|Pj z`&LCIT2`V`%c*~&LbMy9$P4&5yHpqiNxMt^xgTPrn{rfA%1L8OZ!0IQe8oY+~5sLr>8cGZM4&Q zG8$d*kYaRkJH~)Ve@r+SdZw&#G>fR_W6gvCB61b()o_-;F?r3q@!+*R#hRIbX9hgA zMqnl3a~%qSEni;nltq~HP=^kloO$&2^d4*-e=^qY*FNq}9F-ftl3qj=S3GHM3gy90 zan56gmN3nx28rD^Cx|9K4U)}OUFnRoF-MSq3`DNvF6jXQm;%2I;2vAD?pL^W8fc>Ve= zZP|RmvuHAx55rzS(Msq$y)h`ffvl-7SO(SqM38e(u81K!qgBnSm~nEr5K%)OtOl@t$iWUSWSWw`OI)$yYH9Dt7@uGFg z*|yYI9oE7DLIGh(h3N%H&X%f|@RXz4Ba8ughmqC_ht{Doc8F1HINfVcn6Yelu4mSs z;j^_9Iw8(YVCrEbuxP*>(q3}YY5O)des!LFHF(GL`{_d9Al+#VN`FECTqeK?RmvJm zZQe2gL-t_2BnYAMT;49v#Zw%rv|WQm)iO1BG;=|ql4e6QkPL8=16x&ZnuC|8|4gk6 zdzgX!jKaRJ*gFsV`szNM`j`h0ml^9}*5P!Yd)MSIO!=C8h+PwGXNicypbeDC#1{8_ zXbK=HPjS=W4S3U)!b$^2gWciq)f!xB^hTQjgNqSi7av3cgh~#_9y3mSws`32Ccqka zMg!I<)I-`;CPkJRTYJX2XYD&}nxrql5u!BSk*H-@HOS0^zBGak6kpE3em4vh677t34Kx=Mr1U3Pas@@2>TU&BXY6$AL<+lF1~!)L&h12 zP_zd=IhB@C0|@Wm;e22KRURauOoxpT84O$ni&A!kiXm3R@?HsjXdUi6sT|#1DiRdX z@iFZ;fS2Nii$tvH=t}P%q)MkpKY~9dgKgY8Zd}${Fo*s9w|~6zr+rbGGla;lq+!b* z%faec;LC%5;P!_$ax-9+&PL}1yg5!8xWaBJ=TlmuSoYa%@$5^xSv{47^{q&D5#w0e zMDWswei#O4wcMSn+Lmfz6I_b|W5WBr$>+E6pXgq5wOTtqr3Sb!!C>Dp(&!=5Ps1>S zX;>*G$|#vy>1U556qw2%KHIj#B!g^1Ij3^;hN_U1Uvoal_ZSsOb?7WCvrh`36BS zrJ6)oT111`Br!!teh?;7Xdd8R9N9e6dbU$~mHO!9>Pc5S1}9^+AWFQZsDbDg70}uJ z5v0Rb(v|LAHaJ*kkh8yFeA)5uBh zF1-_@>ZJClP>UO607Ws~WXn^BiMXxmtWnoy9X3bJhT>gg zx-w(#3wQNZ*0V~7=g=rPeD?rElnr>0x8WoI65_khjH0U4lD*Cc5jPT?-%V7}VktD8 zbcEb2fQ0}9a8WaUUVhhcE`LnKyDNEJY|^nmpVZdic)*(qVGRjsS(15##qx6Kh#~0= zY3<;;+0QZW_HM8H!=3J*x-V}L3R%mf^uT6q8c`~2Zgi$5(S_BMpEMSi=0^O`joi>Q z2gb8w$8XYv1e6+;+>_Jui1P`g^zP(3E@8X?Sw7_Lbzr28Dl!4PmS69FdGF;i?6uU` zCV?#oo=G|jTt6ij(KJ9!c*oxT$w}`oOSk4FsW`J`8Nx*4qV>+E^!3@20*~ofG3c4%eXpl$P8`Z90a`Xi1q%&A{u1%SoB8pW2wvt zStaD&u}Et^*$TDQA+%iGm0I>Fghc|)s>s=b@{fmdqZS7(Q%N5hF4C4qaa$D2$v$nw zoyD{qNYX%_04pm&X!CyorL?>(LW6)A?%j655oC~JFq~0Tl&Y|n-Ouj7%x<_xmc`Fr z-ja)u7w>-lIduirrFvA?#v0hq0ah9YtM5DaH@~_7*BQS3+O&(8w?H2^@AC!ypuXPy zer0)Y@&MA{iWD|~Eu z;J*io@Xi#{BC!=@{q&*{$X>-5*@sbVzz$Va`Jds1swxeL1m3uooa7km(!=hZ5o%){ z3Wtx`E{Asw->l9>lCJFr5b!4^+B#QArKXh9~u;F%Tnh?qu24N^B2`4IjJJTpZ_ zJ3-?yo)9D6;)*QTnEf0TW%R;78p;!53;Hyxnd6L9KEFJZFiT-d@`XFiZnQ_jq)UUw8hD&>r4_E%0|V;=^0F z1gIQC!*UL}f;cy{BKFPf@mMLDEubzNItu}%_K`7W?fLe9WBUx(S+E}het3SVt{qAh zp=EBjh-E;j{IvD=bM1z6?J6*<;)p>POR~2I*kbRWRR%Ik9sI2koQ+HBf#2N=)XyVz zFAxTw(_nx#DPRTP@}->qGE`nH$`1?NN|fGvSVnM7h2G-Wu~bKEb!a7~CbW z;^Fz>>1BVgakTyxBKst4{N%pe^OI^|!L}RnrROq|`_$+QYb~|p0i0pOmdQnwn|#?f zxMA7l{{F*_t^Iw_!P3(5Yn-!;#>?=9mSHc!je^vJRiC>Fw1WQ^Esy{QhbOoJE~IZm z7+34^LQloiC;^8J$PsW6K4g6O<%B0AfA@VH@{mzK6MF4fYwW@$uh1}(#JUp7xGw?$nPZ=hO=G>NV+#od}6L z^)4*!se;_WNYL0S0F6Z+bx7}drzxFLfYb$G&E;iCyVQ$81kw#qOlB6QFd-QDu}%=M z*2f*I+wabfM(6MLq%R&gK_!VabLfXvl$K}JN3HmY^^cgT_swYhO6z+Q7_G$l!TDDf z%E@Uk_7Y)`KC8-f5uU7Rd*J*dragu%W6_;c&;<=n{l`l}Ae-x}Tfks(Uq;&Caw?$K z7jzdDc12IKj)?aT;SD-u0Ye6FduKp0+yHgddN;a+)84z70aCz@?qw7eu(Hdr7IgHY zS01Qoh|@#ZB~SY}z-e_V)vzw-lM!&2a-mQ)j(HG`h1NLP2so@Zh(r$kT5w_2I7=4M zVL`0`X2@?}(q%RRF#+~cWcyWLz#-^^?V#W}r4G@;IYrhCi@6-D5fZrcicP7v-@$+e zkk;|=HJQ)lg`>By5(CkMBLuC#lN0XXW@wXdy*S5x;p0i~bS>^G-pm8c7@^LsN4#HMq@?fI)Onb6$9Ir4R*J*(T4T#9hOvp5&v`}N0=tAKUwtF!dFXO-N z9f97wrSGxyvT4i7tgz{^Gcc0YgV*pk1$~bu%wbCQbbfquh5qxb$x_9kI}{1Q)<@uM zU`AOxTKz|El4WhgcyJGVIOIkxm6nx5c?ctW#>%^>Ye7X5Gy00kfE^`Lx0M5j(EewWyF$Fx}A~ zW5!0E|4AH6lWrTHyZ7I z1BB?v)~Bsz1<2jNb72pio_qlr1}rV>@ygXpK{6Z21A-V9joB-hwr69>(RQ%_an_>L z2xK4`I7*y?;F<7e3`dkAN8-33H8WTIZNOFGNl&pUClj1wI9?4~GgB|nQ2|a+*BKRO z*)S%=98f$IPJxZQab&aTymxVUxhd#4AB>QIynZxhH^s@1$`^zF6Ok2b$7M_3dH`t= z)}wTQk@MvEq30< zT#IRlW_bm~oH;fQPq{<==oYvl`yQ5>Yb3)(3tzN09L_%Blf zpt!&ofT+dc=yC!Xo;|Tq&e>Xow9ZculCs@EUWI>5R&2F)pke5Ed>mFQrRpCQh4tuY zf<{>buDZBOaE_|7{h-?5zGX2D5xTlRx#pvDs=O+PsiJ|`*VT{fk?f){P*SF+r@E}V zcNKIvJZ)zSlPpRt-ptcr!Kt(M=LK;UlWMRi9jx>+H^07@vayU`2LsZFWZ9w7U&ghU zLp!(4raDH92X_%3V=0_rRnVP(E}ni*%tI+KidH@_PnUC-No#LI<62k8$CotahE#Ue zdljI4j9eE>FAmj_Z1+EzWlh3VKY!JFG%*6Hs(YXU z(Yo_LM!#jVm9hzGv1%18&+3T-#~h24*d7PmT^6 z)^!nLG)!^;0OTlqchRH(C`U%3)%X(I$Gon`k#OSaCpoojBB0K~Dii&6CH~gVMYQ$S z*(EkjiehqTfk}jumkD!o^kAZvR9^0$45}9ewIcR z6)Hv_rW3Nk`yA$0yrCaDpYg4)PT@vI5|MgKou!_MQ(tM)j%u+pBOjNyjkOh=p|M?= z`Ue%`9GKTah>}5EN6n5n@xkOZ$CyTO%_sTbV+mNmusQ+jmtz?vnnrB!3{B~lm{RKzuuwV|96%;RQhJlo;T|kT_}3b3~h1%#WE2bpr;^EAj&)3x9&5;Sx8E zJ>|Vq-pHS*v{Ge3YuI8B1`KrW(}*RRR(Lc&g?TLT5x{%i6InP(cmNNUU1PPoLHt2X7?LFa3%H(Cu?<6y#j}>HM7;twM(-%lVX5> zLO4v0tg}Kg>}gl$Ck-=QmQhp)PC!N}b3*Dj;D_3))e~be9?3QU=E_41@RikYuG>i( zY`}upBbMHeSlzi2A>4D~obIB<@Gh!7=4pyRjdID=5T=_B z_}8p+h}epNi0)SWM7eL?ZOJ)YI3OTa;3lO(2?eAJ+V@_ObZgebEx4Z0eNo7i zctLl$c(4IgQHO|8(wHEt%Gf*uYdEhjg?*h!)X5EZI9s;Uq+{#({tOR=vR}#D!v&MH zEpqpIwRSR$I$2NeVQ=bsx9pOc!8i~9%wLgQn`4dj)$&m#tQY6LR@X+yc~R&xbW!2P z8PX)>#4u5ZHnnIXp+l<0H=@Ze0DTka=+mOIksgf-&nLOT&22Dds^10*HXj!*tM09G zCP^KQC+rlqq$wlWa9&M<(QRP|--zAf4vdQvgjmET@CK-#ENBm0%D z4Xtn7rwLY>*Bh8l)Q4CX3@jLT05Wr5!*clnvKHq~)U;IPirM}m{8H9f1_Ka_kYK6g z)R=SS!j-EaeZ3DbfhkSL2f@?CuJDd)njIlZNq8~rD*9DV4GqG^kjmoeqWH=R-Y5-v z@k|tDwu@{Gxx?C3BM}fb^(*L~FoC!QS5Vb3nYQv&8kSNavhNUEu>KY<%Dkb*C=NTP#+@X4B-VRd6dKV~9>Yyt zHC3{OH_+gK;^WKnb8*QyZ}BSl3>_3DWq%crAfCmDpd%N^`*rRbDdvmJzt`3;zXMJDrQ`+AmF)$FpRSU@p+dtt6&U*39bGJI6TYdjf-fz+&6(g8nwenic51j<4|$g z?+`ASo7jeEapVSx1g}U+XC0b+oA}3|N^TIo(-@ zh2k%DYl0>5u@~zaCxEPu43yL6@_%6_vs~f2Q|b~`1}BL=`onP@6um)Clnl=`^T3u- zkBCD_1JkHD1$%w}Yow8|A%BzpjXT)vr+K;fE8+WrP(X$nD})i7>m3>|LFA63k(0SeaERj;_Hm@XzsV~G-K&-AKV2%K*1Iq^BEXfpX?fo#bt`cVw z2f?PB=)mX9zaN4os$m6b5B%OtA8E-*E3=>G<>Ieo4UL1`$qe^%bC5etko$PhYKGA4 z`I(~JA}{xI6+n*zHL){417TFU?*l+Cw-H{sB(aodM-JvxjGvMkFSn`X1N7I4OdtvXpkH^gc~g^Vjp z7$(cON&|OAxo1gsW|S zkNlTN-I~aMNbWo&ni-Q{2hJvLn;32}w zy&pYMI6cKXOKvHt1bVM=3fDVeQiBnkt8f?#YzEFFdKvcoQHWoLHYYLsOcga6A20Vu zhs$^Vy$fpsZ)sjS>;J)0MGX3WlN*??w6!zBZt%}bgpNp%I(9=`adQYOKO^6Hqp!dH zyZ7MDc9FcX_5Bx1cm8foJ%9?<;}|^#dPB2a4EhF}NsNS6TCw=!GX&H2cVCL3G`zS# zX!u!|@zSE=zNaVaihZZ#;mPok5CXI|eYX#Q(f|{mS02FgNHZvV8R-$n8n{%&AK~~< zM=g9eK1D8?{^arms$v9}u`ojBMA=k0zBfRg8glfr?FvjpK8Dw~tk1}~| z!wgSsoY+)kjp^yEW4?`rl_a74tSqokZn91u{`B=vKk77oN>?aX!##X7;F+nwfm_>B z^Cax*R)BYZ9ZbK4r|4+x5e{WbGNj#?P52T_B0BWnvFBnC*7R4#p28rNixN1A0Pc|U zeS@1Tx!_QPWX%|zDyy5U{FYhQdM(Bl@aP3qA#6#;4^_En`#3y76B1|!W`-=fb`ukf zZ3hE6YW6-O6=)QkBER8OKrP$LA)ldg1?B8*8th;-v*Vm%GjD-s2mZKeDN8CAIM@U< znMn#1iVyq*?LuXVw873z5t##QOZh6ayUSb21l;>DNFtqCsIuF3o`zdzY9%qsbb4ii zUuNc`t?0uBqu4EPIM7)H*8%>ta>;=7>(S}(0#~MCv9Ah?4qZqNFt%A0bGPQfA|?z% zfaS&DkQZ6W9?=>s9m9%sIy@NTo>h-_3235c{n4f=cSnY|HnoqBMBlvI!F~pH1OJvL z&j1}Qt)NY&8;f=Xen2LvbZHLUa z5RTaxKVD;^^A@a^o3SDmYQgm6hfiv?y%L+XQEjSjH0X>tH7IpJ^;7$JN=bd2mBCa?OAfVKofiQEDEuFnq> zgsWwM2rr4_s<%WtQZx)1XQ}bpG28J{7Mu65+lFwN3T?!E-n}u$=xXW;fh3xL71yt6 zD7X@*C(v9cM~p=8xoiyO2iq>f1(AtW24I@`=gL+$G}+dh9()U-?Yuf4y$Lj9J5lS4 zr7v%B)3?O{s~RmIKto6=NHv!?qsvnmUa?`U6rHt#(uEK}TZnH}b(pNIgmHJ6o6Vl9 zP6ykm^~aPvP<*~b9`Sr4PD)ulG9T)M3Uuoez|hpbusl$Ga8Abe1p`L43;;8>7rqMoT+%@-LLhgNK{E? z)U@+#1vv*8M%_3eL2eMD>m%zg0+cixTx-nnbYKLJLUiCb6bxcciQ27XV@gs)dPe4I z14@X$Ew`}O!yeuQdV_c>5rEvpl8HbN)nHr-07R|x0SqFJfsV<(k$QRypBt5dz!}hI z7`P_Aqcgxi7=P&Xkp&MaGLf*<8us>`h*eU{5GfR~b+ID0m??BGCt|jdSr(*jja;Q1 z%)k(7;k~v4B>9E=-Zi$Rid;{214OjU(fs9~WJBSjMZv5rnUt60-|Owak~BXt`Pj9X zX@mT3eX6h*uwmAwo7-u4eLk@b1AL+Ku{(>E1o~^nTo&~5p*^B~kzIJ!R zI8xP(qn>9DE;|0^lL!O(IkRw<`J2xo45T`X484q}gbTDO?{VNj^=e#ZVRYs-E4fP%2c-bR4goKG+XQaQmJ@^nHVm^!#!Ab*MFdR{ zbGe;hl(s?YD&+~MN*yNll5gfx_kS0wCS$wCo)GwH0~a>5j-J1QI{2s9A*|dyY%}RH za_FSF->Cwg(f=Y;v59q^!m=y!=l^@OQA!lGJN`!@k+SFCDaE5M>h_Ot>^3K}-}0lx z|MyTjfa=#|_(`X~Bl0XnHem^h@bqMPc%@Z5Z%^na+@V(9cfD3>Jx~ zdIy+57XvpLRQ0E=Bras!dlQu!h6%O$y=hPEYlpBl}G zKVaX#l?TVX^yL^R<)ha70FD#K$H-`F|Tx0y<5vuj^=>WEv_5Byy$cylBeG{QS zNR03>wbfH^mgqQf6xV3;z*NdpZa736EvfGv?IWSEump+mLz@gc5nohVMKpTY992Qa z{mZipsCsg5A?*8k<}>ucgCmmQ5pFFM|316@$SXLl2NSh_fe0XuC%8*7y`D<$IOVM? z%U&>k!LE5Zm@NP4PhbAK;*0HNgo{Nc*p)%ITiyS-jX(yy_jXNg7W9qJ|0)ZPEEZhZ zJzcF8TCkQgm=(cAwQ&q=zou>BF`f_K#}JLBiE+W0f7ymgrC0NP;q>OWlnp*PaB6t`kkqso~q~PZ^cv#w>V9$RAX06xAuauX1EBhx}mbTiYvt8 zDn35p?$4cgJRow(PH&wGN+_#vj}bBF8;cwcdYi)I^r)NWUob=Fl7xdZ4*;d`;O*cL7r8}O7HtjJ z{YD9fy`dKhEyf5x7Y0a|0&V16j;9ac4dcU^R8QR*jcev)s!bV@mQlE?)T$UO3ReRN zV(N7Oc?Y-q;eIQ49%|+SUbrO=34Wj%&&u(Nxj{udi{L;?MoNTusSptU9iaroC5Y(W zVC!fns@}ri-D`Vs?YoD5A!1VUgUhG+0JNBAOa>BI92E<$pm@6C!8-_|iK zEoXpK9pWq=S1ug=>atFHN4N=0b4HIY-2nt$G3|yrWkXJ!zF~$g10L2kyGxOKSu%j) zb-6NrUSXWDwI~3kivxX3lU>V6Cd%QEWPQR9jKX3VM{rs(y-1z@e&?pYH8<4-wso6% zwyun?BM4C%Dau`)&KyLXXmct{)Ojt}b6&?K!^nVQnSTBI-h6&6hlc-Bdvorx9#RhE zJFYBfRC?;vfh?|}R0#~TvNFIwSnN(l{or7*W`1L}w}nDQ5#_4P?BK_`31aeVCS40! zW@Zi%+*Oas22~C`SoYQ!=ln#j4O>~El2?wy+|rc?BRpK9Zbine4V>oy)E3u7b-VE% zuzIh|e4644GEZBP-q`>@s!ZsJ_9+%6*OuYh;rhL`nu{VEo*#YlB?qa(K=A47ekb=)S1dGwiws~R(y)Qy^4Lo%A+ z7WtbV=8nQaTaRx`(su~)Z%J1ibQr?!Av{x%Av`>|+2R!g^^=Kux3`}^iN6xPd?p0S zasO_9xx)N{n5*Q@*58er}zNfiEPyXv>(^0jJ*)XR<}{LRWeiNW zV)95yxsij^a?i+664qc!T&$|47!Lnlq_%~{37p)|dJ8M91-}#e9~0bRqK`GEdfYpj zcJJI<)@OfMP#eQSe=s>54=?DN&+4n#A#gauxI;O+Nx~H-a{5YjV#zD>OqR7q2egg& zQ{27x{0NVCRY$-oy>Bh}qVRcZ!OXLhh1Sc~PtojKEvH`TSm-8{)_qn4Nr!OVbD zXP2kbA!N$r{V*}CzI~6YjfSK{4cYrJB z$accW^qpY;{eS-D(|=wfxyGlT5e@$GDgXVnX~1uKVyIy+s6(oHPT)z4(DP4sPDXLFo`x~rR~4-lJUJ&!jgih)GNer2V^lPaA7 z>%FXJzsg!b&J*tWald30GUvLzl<)XiAVXrU$lQ$X>jv!%aL&>Rq~~kiD(s(Q(?!I~ z4}*SXLOSe(7uT|>P^#DopM{3~CV4!79J77Ak~`iUJn{xE>+aRE2g`_$rQpS zhY-MUs?i@LbmYC&Ec1dNBjqr*eXthBCXijHf+Sp-zXEsx5+6V=%+`I@n2cG@Ux5J2 zO9!+HNKCL5AZrq%7?vICC3RdRWLM!m+g-pBRw3*1F+W$4s}fQqCOcVKM{cp_a1nhI+LFiUOrKl0eKK0Se6=jfGGkR}F+yKzMhm##b9#t}A#C^EM)2 zVH1_fl+Wt}_TjH?==gyfy)aEZV4+lNv3r^D%~DD9iNp}W>z3)LoQhW$K;y|+=jS(Zw% z^)GrbQ#vv8A%nS*xQA!lT{42@HUwy1GhR{0;2;hSKx`J@@AkSs-0A-5WoLJPsr&N2 z|Gahc^Sx#N(c#ONKX%{Wz5T^cH`6kUaUBvwFGgFi{cBAW_fw6b2$*V?hzbb?q&;KL zL^A#wA z`_XgXGIreR*n)Ro z-n!`*3{Zuk3onxvy6224F1{$eiwlTc^s=cSn$11HJjeJNG(^u0DAhZF69~4$s<`PA z@9qLKNDO-CG+!ANz09Th0x=ghkaC~C)M<(yC}KV{*f_w6=#b={gVt041%tBQ7-$-k z4+!DC*m}|uYYs^g2Av*EI#?`Z;OjFu4=UdH92UaYgQeEP!BG!7pZF+AmX-!A@*TaA zpdr>-&3q{ac;A zy(Rv=`ToxBFMs;+dnCN+HZc+bPZwFY&Sw}x;?iHa-~#(oi4~?B8&WyK)eLU3n(d2M zG5`T!SajkN!@^Rl0aF|#s6%TJ^mDFeONUDi!KbIg^H*5+Z`ZbIARbMIxa<1e{7cUZ zwT}ipINlEo4u#Q`J76S&IgP6H*~j=4Z8U4tFMaU@%@q@5r;97`TM$oql##exm4&i!h+V)dMH)EJQ=q%{~^cwX83CO@xaX1KjdhK zh1Qq8Dh zGvVwiOes|V85kaIViihev%d(%55}W6*jB(%{a8wa22*>2vINA!OxcVj0zP8w5gTq3M^j@nWFXlK$R@s zXRWgOYlOjEP!f_8F6>x{NH~X{5$^Rg39g*z!W`0L?N%&^f5mnzWel`>8%;BOEn5#eZJ$~6O6#-q#Q6N}sN5>$vslgSWw5hSu#+DFX}CtcHXq*Peb zdSNwZ?sIjsu)PlFse=RPQwYCd&gMRjCx@quPYTmxK^0EvulnzbDLFG zdBY(Aj(~Q}2}&xXT3s*LCdX-EgfbOpu(i}wirYJ)x#N)iyrt!d=B|WMZ*6s$=NxfP zzzJ8}V=B!_t0P8e6cF`R?&NgmU(5x8PIwWmLlv&jbOxSHDVvs|eO90zXADAJSV}4s z<;&Dy(=X}&!$K*A2&^08E3E=QhD!cQ6Buk}9T?dp-RKlHI<8S4`C<=GZvM(p45zRe z%zsk|+HprnhzEOX3e;Z}K5E-)b(8V&$P<5!R-5LGLpgs?2KN_Xh8g0OL#Z2(cO z&_AH@lfh{usmSraI!jZ7a_NbiZZto`=hn=_jz#dV38rhF^=NFfZLS*sixUyKC;b;- zR`2{>gF^^sgVXqWTV5F1yIMCctLw5va!BMy`Eu}5dNQ!u%M4u;p@}bNsR18xCfSfU z4*$&F#k>^%Ho5Qs!gD~WUh9)~&xYrlsWaQ%S!H`~^Rl%Qi{g+^pjeYoD_NZdjAM9q zdDcaC1MwGq*T}TPdGO18s8!(-3DmSzNVV2#s!PDbpBctIBR;6Xm_nD?z>$v4R4Day zfCMzgyoS2A(_ z4KD`f>ZO`qSxP3eg88R~yaNKK&`P45rjt#*`vS5Ew$^i#P(Bo{YwZI_;tyl=2sM?2 z)%p;ibKo9IIXWdfGH3Cb-cYwTmtf~#8(B!Zc)r5BTN_fCa4oYWi> z>NSf{D%oq%)WS}kh9T#M*e@`hL<m749u>yIkbs!TCT_1JR2}vI|CI zkdL7bf8{RTk3Ti(MyE#0Pwx~q!{qK7m=x&&^-gRYV7SR<69ykPjC|>mNi9rq&BTL)L*)npu_U zNdwJD1+kJbJ9~9Qc7S0DHN&bdyRE{_n5bJRUlw9hfz~Nl;{k!gN_87vA~`vctW8)g z?#wE)AUhG%XB$lcRmq8E(Vtu#KUX^)9QO{f1bXZbzdW%>1BSe0>TuM@y-C`WN=K0V z-idQkvN#o(HSaEs;A}=oTsJ)frf!*U*z`)IT@^`?#|ykc8-W}2jhg_$5NF0m%w7fN zVN(Xf;JxR(yqlhOxI$Q@05J}}J2ST_L2SGu(X={}4U1-~;c->k`JixN#2GwjX28a* z(pMndbBSG1DejQ7CAqm-+Bz{A55WiHAwpabqgq+>t0XxJSe3ClYbwzqCy`L9AeGe? z1jXIf1= zI3HlK9^7pJXxv>kepNT6z=@hkNAa*S!vO8MjxE+KtB(aaRgSNl+{nYKIiszNBb0D4 zvvxe8RI&QLU0mxpB|k!O+nMY*;E89W!&kbA`Q8vLNLUE5%boQ=b?3q-2Jw&vV*sx( zB~z?5WU-P-4~9B8AR|5$hrPIjF5Mzwy`y`gG3An?!n{9-O5j$dsBnAx{5zkdE{d%= zb6IB$% zj;S-j<**f-Z?dq-FYnxGb^Zv`$^@HeWrm6975WAVcV~)Wp``K6 zfhD>S1WUW{5=jhtIvTx_S-R?By2k&<-kYu|jwB1B|9J{dPR(T2r6Sq4>eD@=4G^c*j z+{5X;g{9+)H)H`n9A#ue`mcvcDvD1o7l6JsC#7JaJA_7mckW*WTEhT9O>?#46KK7t z#e>tyBKh#p87VUl2V!6Z=9tP0xD=0CO$dOZ6uo#@##GmSbQeC{t_p?}834!!Y&zZk zh#NM@AF|%Rd;mZ&JZf(thr_pi?xoG1BrjE~!RZL>OKhb#m!Y4+!7AP(0?WX=PA^XF zz8eD2!Js^Zd0$ToS)JGhj{6HD2xxKB^bcqXx*^yO(1ah5;a}fE zI66kb@7e2|`WA4&;90U zG6;D^;J?P?UtoV&7$>{|!D)i}BdlP`y`Bc|l;?%!UJr0>9a@QwW$qZ>GzHCdUSkzz zpf^yJ+!ac?8|e@{n8NYKYsNsa_$03zq(=J-tdFg!LYl>!tnMcEJcUu8?(KHqa59m` zv~w&F4?ZCfOt9sENLpJ{K=~GU*@8kg*E9R&3$3{H1p*ddKG^nz{sMr$eE9Vt-##|- zyk+TbL9e-0pWDJ6jGD0U?mZ88{k==SX8cQ7Gco;;np%JV2l#NdlieuHG{i9J8t^=a zV~wORDwdoE9|0`-3&ufX`|{yGNuz&!lQn9z_y zK<5}J>s-(Qs;~PBe_m7keRFd?X|MKAItiHC6$_PlM3ngE=lA; z{(cHyUba8iYOnKA!k@?2Xga@y~x!gYKVB!4vopM7L*5V95qjU(K?T2t`zATz?_ zT3v=k0~$EwIDx+i&1R^v0XIma^AFDNKoeMVa6k)kaF2HUJ?cr=*oS+XdjJV;o?qQP;s_7+Q^i~KgoyMq zCt?pOBimfSHA!F^lADGI#S|42Ef8-uoJ9u$5Hf(E!Vl5Wgyi0R$2WhbyAsPPlfv8dkCT@0e6iLDEp^gNCW%63t)dbsG1bST>H*1%`2tZY1#@0ZMB zm;jszzU&o%AGk^n{IkR@gv?LXG2)aZcf2}IB53HMFN)VDft&PFECz`{>4h}!F(lCdE4JWmQsMOH zOoXtzlXCz$Na*jTAOPRErkrm-(^30G2qx!3SqVH7>A||>E>KB?uEZ@QwqYj#_XPa2 z3_GJB4qJ>f6Q9kK0tu_!KI3hA7w$mfyR)NFQCjZ?1w8DW;H3ww+^%U1p3*E#M41zl z^jiP`SL0sd%9bz9<3Pgi`ErLVpS@R7L4zt~-5 z4`h)IZnVbx?Z^*2U~BTfz98%S&CR9H@1NT@ah8yCzAvbmzrADo!)vZO^}yP{-2i$d zDgy!+B4wn8IdCK-2;g=|WX+Xj0M3xB*d!U_B?{@5{lXK<-!S~>)MEqz_6Kio2p4g7X@3pj{kDx^{A-)Fwab)-AcU6EoYxt#uXvj1-sZE=!8 z5GAc);xOa?2PQ=fz%L*Ed$rCnRi@G48JYR-U%qfobK3AQ1&%$uZ~BA)-vp#uI2AL+eX}yOk~<7}IZ<$x=DmaO1(7`=DRNajEm9ih~;pof&in zne%7rpT#Lq8AD!P&+p3z$mf%$>^qqY8TkeMPfyI}-HIB`Dg%!Ny2o+!t~hsQ2W~pA zf8edB?`l9*1UHh`N}_oOWkDe|(YnDiE5ypN%;O1vvFYi8N7hcznxUOKr&!S8kCSqB zm0NmX$FOgG!k?b`A2xR2j3b$FPL9_XGBRxFLI>9-iQ18S%6oLrBl{y7r> z;$pz<1sta&Y3_JJ7{rwbM(+d;_MQL`D96XsvkMj+ODde>dBOU1P^;kymT+ygu$P$i z4iiIhr_1--62lQi-;Jg{M~o5{aG~ zeX)0AI4JPuffOSFqi|8Q1PKoeBo^s-Ja+!s_mAfG!V}C z()E*rh6G3O`)l8D%-}8~{DkL~=tVP_`|2AhML2rMfR@g9s4q-E(p%7cjc@q)9T|Nj z#TkxI65ARR>A;s5a3;xhPk1`P`zQpnrEBQT$%2re2Rq4TM17rTdb_FEB#{x--iz-L zBs~F(=S1Pi#`;=T5-dMSc4e*ZzAeo!Sn#&13v*JEgIxuOSa8lvgWC}qj9VNikFc)k z&P{x#QNX|p^`5%OAt7SKg)drVI}xoL3*kLzp~~v_ikLWCI#AV7lF8-`!8-8#!hb}p zA$E$>Z3$Fp0gg0S5Q7F3fy;fjzF7*tTxT)UORW{F7f zg=Kxhr_O*|3z!QNKxu*jl{0Q^54Vgp&(&C*^HpJYQco^D z=mAoW{uCaAeyM_Z&tobC>tO!_R;xmz$NU8#XePj4guh19?Pv!jrMKTb8x~>|a7xI= zn*J}42IdP$U_Pt&3Sx_J390YxUm#rJ4GzYQI=uHc9qc1r9=FDKWsG@nv7hhf;rDlY zk)m|*!ye>IdAauhy4yeg4Dbf}U*DnaPnaPk*teV{m5pyCZ(gCr%|LdonmaG6zcv0I zWFz`SHCVUw5?=^|LXaZNx=S9?Dj=;N^-8*79zdys+?DH_Lczqr3=JpLjJg!Yt3k(r zTNhCn!qu?wSAgvHkMb=}@FVHvk~{rAo_F0F!KQ$JI6(;WtQESy0d6kiAg&#- zE)3W_QBT98CM1RihNbg}I5*uBQ^e{f$9f0=?;Yg(fZhl9-jZq=1OgshgH9~!9i^Au z+{>&WbUD=!Ky7yJ!U!(Q~0f@mYmv7I*V2qOF9LTSQ z<-Rxjk=bm6F34LcL|?64pU@c3<7$&B#;ODBo1uI?}FMh z>Kv|wdD}DQxx<1*;w@YH7csT^e2bXcqt^()(Okm3gyNX9zcQl4X@*P={j7FR! zkeB&v)(nL1=6@ynVp5QE=op7a^SYjsByLR%@MnU#{^q1Er4G?K3>!CGJ@D)M=?Bi( z$(p#-!5>Rg3rYW2kscD8Q1W6LnUg^HIoyWqR-_l$)JSRSU?6AQsh0si0N;`gG$iuc zP2V9&EPU{zyO=LX!=U}`wXKeNJg0s=eNlPVK@e#4+KoyEg(o)2d$l} zJ@m3e`s4~EX2ZvK^l&A*zotcCk-gj1!&qQTSqjwUB7o@%Cr&8GMNIq=P#(~$Nr79G zlO6t(yNt+Qi1#A6{N@zl0CyFpqro|P1#VkJ2i8YY*&bvsgp;a(cGCoNkeXOJs7; zuHE^;9zcuL;W~tcgeo+A#UVj|{u%S4O$;e4z)gVVHsL)aAYxVn1@-JU0nVcBcbz?@ z7cS7hz~q7QG-&g^2~T@Ogf^?c1IGy{S%n{j;h59p`?b`ky~_ zpt_?DyYlXCr}{>c{&LYSdQaRE8{bpFfA5J?y8pTJ_R*V)oIi!!v}*{IeZSq@CH8lk zbpWlu^Q8Th1`QWP4P?$dauNT*THJ-ly?eJI=k?EA<6igQ90j+O|1&WFJm4C9FPNtB z%_r~E;@ytHdk6v^d)L3~f_MA>J`=y}>2AM&*1Rn+>%aS+ewn_%dnEjyvg)Z<5vyn6 z1y7TX)*Lu!}>ySo(D+2DjpiT)aCV3|jE;~VR<&Rsx1n&bz!VXR(-?g}* z2HOM+eS$|9HGlE49KBsG++{1fpuI7bva|h@;_pTcFJXPemGkq8|x_L$3z5{u2H`@@Q_HR-_rM zy0^|2(vKf0BSBQY<`!(>{<|ec0TU`onH(o9MyV3uad3}jWPvRCMzdjvRDc*Z_JN{{tX{gCJYu9fYFuOynT7Y>Hy;!~Bvtor z9v&qESMM#)`-CvcArQE9#8lpRIo57o@ZEjSZ+nCP`j-p+`)Z+UhI7~T{Zk(Ux{dyQ zwGhOR?-rqp9sKDoNdJMLz_`}cM~}DXt7bP_i6<)jjqvw-S_VH2qA&@1LDKfaS-LZP zS0!0DSs21+1RE%RFn_^`PdWabOH%p2uNJ!B3?Y(A?$>z1^s<-lN+){n1_Z6$+crps zo4YGfvH{PyCt1K^_zZW|eKtNrifQ1eG0_w%-k~JiZ~vI;9oOGq5%*W`FF$dE@O^6}yg_BZjY6A38pzIC+~$D1sqr`>8Ay90 zoB^J9D$yPA2e@%IU|nOsF#bCbfsG-{!Cav=c>Rfc5FzlJr;dESF3;cIp>7f2k4@EzZS2wBa+;ZN(#c|-NvDXwe?-laxx z_85`|;hM+a4r8krzw3K9I(s(+*UKBY{Xtr+Nz$0TS-;wxPV^eJj-x9OJj4t)JN+vy zfU4?WA&DHw^VK~-_*|#!6yza=}%7t6%YwtIS{|v{mUhfAHo(`Km^z=5Pv=;$3-cD`Y!G53i72N zA8gRb@6EGYntHShR4lLV{Gd%iA^B#8jyvFgt2-Bhx*Xyoto!IMzfhmxQM`!LZ^8ei z`4b2GZ{GaBgEs>-Yp3+40_78LRAWzndxoR$-BN!9Q#-orxA8D}zymeZfBTFsftkOM zo69BIEq8g_1Dsu{k3oz3<%(!rW z4dm6tircV$!-?M`XuN_EqeOUC?V}?P@p<$ko-2f^V*z;yK1|^t@Si)7VBT=wx@Pp< zTmm5~7Tj0x`q}843>aQ$v;>Zk1^(x70ezG7EW5LA@DL@OY4b7%;Ws>12?-?zRLp|w zk#{4niaZH6UJ|Ov8A0%NdgmMwU5$3@CFULwbOMu3&1g413BadN<`+|k&>sC9?!d8n zfOCLCdSM$*mw|tTX17`334}9+$`;a*huM~1 z55aL*nnz|oM=&P>_%?b2_XKYw4@~~xg@|9h$q3l!Id+Gj?LvVN!<#(!*PQ|g)-mwp z6GbNex^r+sW&f4Q;4B76`QHCmo`$_MpkBv+X=VzpmVhz=|GC2B&8i8sIehRyK0O~$ zew2CY_3%&@(~Q--Z6Ii)bIJg{$$Q?sf4$!|2!5XR|GpJx^k(N~b-c2tVcUCw9sD$C z@=#LxiHW-w0g%+Pl+&%<;SKm&A^gCQ(mIfB=Tu2YofnFXuM9|7#z$Cb3kpPBuDIGl zk#4vT4GV&}wXR9YQ>TD7ydi2fyhBw!{E1|Op%|YUPzDVT z({GV5q{;?nGP-64UbK02zZ|(iPs8F;V3|N67)TX&Mt5V7kZLis@Czv`Ywy;0#~j?W zXecVwGNC!;aMS|}T|kltDfgp75p|bxXx!-*l(T?J+F+Bosd+%?zXnn0C8&@2JXnf2 zUp*y5pxoIjl0O(e`Q{$_)sveg`;bL%w16)e23TLxDB`-2&u6`(5(=7I$P~( zf}ZGbW!-xW3McmZ#{s-d?oGA!J>y(XEz6|YOs|jifuO$@@Rz^*ln&&;-%96SuSMy< zNlVz&hi;E;Z8$o;TRs*ozlE*88M_eX`&Z~+q5u4!P+)3Hn}_9KMv@$G+1pqw+L;(dj(VB1eW;$!;c(?`7TE*k$FhYw!**f;=lwxeTCV<;{Hfb z91reC@P_)>nX8Z-odMLXM&J)x`R4U%&EV>+9F> z=kUjMH|Ig*0p{1?);>F^=93fi?sPueO52sf!W##UHez z^SkL>M~JaU{oX*lY3G3gUKfc6UT=W@3BbrPSvp&<5ka8@2PUrOc=s9z0;i6hDgsV1Rg!LW8*fuLt5%%hCjl$1msIBN&1y?q7ZSYL4xUny&SBtO1FZFEBi z=|%q{7f0E_@W{9vh#q&oIaFk4GF<1&tD(9a`pT3GK4uPpbIX}eLV7T&8)&Ilpb@46 zHVzn*%i-?V_bddS3GaJ?%J2{FM=oU@Jb8~nRNp*u`JIx`rJ4Hyh;sK=w2bg?{tvFU}{wk~R8FL(&c68$=jgM>qx)00G#0wM&3RS2|huuv=3yx~P2h z+aSEY`oUdiPvGPl<5&C`xQ@t5b`bgpapfb#-Y|!^OFze!sUY;d2{Mo^Q#VMuC~L4G z-twL+W3Ra`^uvOv8$cr1%HVf*WrMIlzWVs(%g6A4fClNZx7+?D9RC%U>ULtm5qhk= z{6$>BwlUQh%Yd6UR$GDG@CrNSC-A_*fvp#^N0AV7$_d1W$xY}eHOT#MP{G;L$ZROV z0Jqkg*5?moC%jr7J{8HG4y?P&g2Ht|=k>R1j=nhX}tkBaB_@i z=6w3$V)FQ=ad`-1ca52^u}Ep2q>&eAZW3 zHd^}#SIZZ~sthK6m#K(POj#otewn?~!pC_XWm1 z23#x7Q;2Yqc%uRW1V_nN#qk?}Z-Lr-l;x?O_EY#H-ib-*gHyv0;YGEDeTeLdH{_SzzhG#(7c5g{`)^@A3ug8#5?r!&-Y&gHeC6&gS3|Ir$^oV zatr=fn9%c$k<)Q8BlcZ&?3T56D|d3l9J<1{?;Y7OgD`%DVWM?V@o|OW-!RL|i0^h3 zkKT>|Kt3Tl07eGgIlue^YNBcA$Z=bdtdRuF2U8o5*%THnOD+`=lZwe-40&Mex4X1Zh(xv+ic+LS1T@L}H zzgP(LQ)ldG^9aOS6M!c`lRJ(ZTwewQJ5n451kn;*fdRSem7?sfQ%t4!L7Q60kc3YG zPp;14tsi)g1agMvcU*cbiA$Rb^V^Pr^RJ!V&-WONfm=3vFdqN9qjvH&wFzhVXno7R z=+t_MY$QJL48e5>h(g%>VQa4`bocea3V`M3Y72oQxn4+*pm^)Z5jz2VN4?LktBWA- zmSookB3)U8QRoYz{QytEo$r)s09BxL0TReEauDm9s@Uk#0et7v3aI|~-7X%7 zIUIfKUV9>LC)^;Bv_7?(Zc8Cob@gdju#~Z`V!Q`V!*OU%C*>1`VX4SP+f@ zFy24H))2;qkuSi&a@yIr@xi|v^n!Znw4)$yU&EodqQ32dgAGE%PA|7@JP_=OHUunE z1s(9<{B!jD8*HKu;0@F{fI~x4Aj9dsaei3d>ZGLhfBfl3vN*hT&e5GcIW9Y zA8~kqZX!x<9#WN=jNeZ{I(|aNAFvms6xqaGv&1C_ZFtcT5r+?0Z)$s-=h3(Zuwlb= zmNu{NTl!`$#&e8_`ig^uK+XdXH05^e|JvSqFch$*{^NOwzkGz0 zbdb~DToC&JBAAxfqY3zy5XqC-7v}dKIh;#>JV3t<84mUsay>s?2{KgPP@tjOa={7w zMI+@%FFM}G&A)sEU2MBOeRTvaupW`k6fRxTPb`XiFu2HZD4xi5t$~l^@5{hTaXsd9oGPzu z8JE?0Ed>6Ab&1^dj)m>%InMHP@QWHN*(_ZV<{`uT02HI!4Z&N<@psYW7UG{rnid|Rz`XkZdSvmk=KqLQ;sf^Q5ksWb9Xc8RbaFWS{T{W|5l6(O zfI2J01D}#m*WdXAhkuH+YQZg0&Spd$+?Pp!!r^I|4y_~ZJv zZrq#Q%Rr!Ng^j84PB!@E1R3HAH$xH!A>KWb6njB2YMZo)0?;`k@OV+nzK6x}C7SuD}0grjveN+1@M*VzA=bwFtCp_3Rrb!kMWDOAS z0b0z?ufA0D$6tf3?SXrGsK{|{e}4<)5Dz9gk!Vokf+F8&km@9s_c00!+;RRxbj*_h zm$yDXyFiD5cz^uj_yfHMKZY@d5!bHcjSAvrU+d@PP{^CU58baxpj!sG#^Cev31@Hz z3xiV5l0YQ+FoJ&7+vY@;Il}4Elw!#{KXV}#K!8vSI`v$lfJFac1bYt;!Mw}M%NM@g zk&Y_#k=Z)8zkMW2>$1@BP!OEC9-FIEbZst9!1aq4I1ZGHMOzTI*kLuKsJ(@dY1D&3 zxc;Y*cgpJvq@~{Y(u2D3&K}*hb^(@cbLE+*K_G%gnoZt~^a_p(yoS|w@DPag6lCy@ zEnZgMH+Owpz_}eXCTrQ8>#L{02cy^p;eu?D16k;^?g3r63A&n|1|Pp0a}YSUt2Xfi zV#e9i9o)0X1&9l_vw}fu5M`0j<42DQ{&p4&faZ48RTew__rkvbalpb-`c_L)Nh$Go zUP)*4bZk5tCGyEcF0SR3R4x|F>aq8b0V=9*LB=a<7a18nIac&UK9h{=<3ui&$;3uU zRa3NBW}HYXxz|VxWy~#I1?MxQlcT58f{R=1sH>m2J;d~kmK}{#N;(&hkH$(`9j9Vy zT2-|S^qf&%>%o&VOH9N7?{oBS0?9;7)$~MSoXKcfYMj=RV=a@2Ye_wq8|8E3r@*Ti zCb@^5%O%oK+CG;YCjdA3cp{rkB(#*COC{8CR(};a-q4A7fYYbz3B*3``_MD_adw>1 z^+YZ^%4hQNd`?ZOc`cL8W=C4`9ewyj&>fayS~?G1q+&`+)$)L;(I_<@$1|z1s_IHg zdkRY+i9m$j!5(Es`FvbSXETYIo*2WQNQ`kTIo9)QA@pO8e z8^_ggOiRUcV?C9JiR83VPR(TEqaf&*1+$HUBNWoC^r&sA9#h(GXx#;$NUHH%ER`9j z6L1G~QrDGOGL=bZN6J`JV7Uc>587LD@jJwPJBje^Ab)Jr9sbLghO@=PZ?MP5LGwdl zOtplI0)g(|V67kyDZ8OZ;9~Cv7kdRyf1OM4Yajz{=wSgT(S`u|QhBZC+0KSIv;}>P z%tI7W@nVyY2sSP-$dEkW&zHWYk9J0hsO7J6uxGFx$rpFzzJP46wc~3e^&r{M@WrVP zdLgO`^OJm1k%b4g?y#yk`BGDlL$Y337C&l2dGWT$B3_2wZYeL`x$zSFk2V7 zlVmeFzrXy$BbS3-dLYJ@%_=ko^!}~^kQ`!2D0Lm3s3#DZw022w@-3VZK)1C>E^b5F z1sNgu0C^r6)G1+7tkzkk+WzGu)>omGkuHb!usz9XxQ67o)qm5cFm8GR#v>*f6lFVjz@nw3ZF!P&#}s zODy~;^zkYGk6%E2{)}ll4-B)|ouT^iDJRft9sGfwpx3(bd@8QNbw8D-+(A$E@q2ti zPjx^HJJ;;GpUG2>q31jL-QJ<6y81mXqSre3gZxB6UEJyOztdS1)W`E4qg!DB9#*&` z!*}WpBqZ7MQ82WL3KqKj{kroek$l@D^GX}f&GM+tjqfCp3GPk|_J$-MjE*+Hacm^x z!La>aitAybjYS;Px2}ilVG>Osz?qOp`#bcty7m-21a{>GcnGY3JF4HrPvjqT3)Au0 z?zG!`yF8x2&&l&!TRToBL|(auuw!Jzp^^>yAX+!v6=)*6jT<+OZ|vb5z$1@tOs&-%oUJ+%{gf}8}R=42c>_wtp`OuYH(fdNR! zarvIu3jx+#B74;hcWs!(5oZ@5WZJ+D)SwC$6A2Q-kboZ`dwGo+S_}2xbm^z!o5~^1GKcLr>Ob;?gR`vMQ@x- zWICXW`prl$U61tjwEcRY)a3zkvnwvE=`NG+VPD<~y8Fb1ic;V@`R~~=|Hcf!r@-H6 zV|OWam+-$k4>yPJAu0mh2KQ)p;ka;vlK0-%$L~rAd2jV6GX*a-~X)YR~RK-C7U ze&NL*FuRyKui-3rfD_4Gns521p~~Ie=MZbS2JJIE-woIO)(6xlq}~C}{R)KMzuZ`X z50^jxOd0?k$ng=*T%X{MgvmDiiTg2}h{ZEr<&aRQpoxtwr#3Ya z;`^uh8Tu~?;dZ?s_n4Lt7Te)QtKJoPfe(LR+VJ;>pTa#+F4a477+SQLnmh>C3t^@< z2v@`!4~Mb(aItXEB0VN9X zT_G$9Ev^KR8CI-{^5CaXL6mCKq5=d;03FE=TFsB0pjG^A$7I>XD@;xF4@jyBNV@u{4((n~Lt7MLU z4$C_|Tvk@$cq|-C{TxsH9Ls>nNhHHXNp|4KC?eoLB}@}8u-pFUbSxiMeVyV{N2Bw1 z3}JtAF9$9`82BfS`4R7y)?q_9fbb#*0-=xw7V3lh*vOTRD&DE*A1ho1hesl>xs9y{thd~qH`E#>fnokXGHqq18-@|Lc`4anP5bY1O$$YabPMUecDxy@o@nL5AZ|$mNQpQX@Rf? zxskM@`*Qx`<@0=AFT!q%_~%5P^a#s6k2U@J5egL-=15s!o}jaMm=NUF-24l@ z;6GL<;tCc(LKQ^3U!6P+NutPWGRHBCguxs{mNCRC%aDI;p|e#E>E?lN4$2jCC{Ffj zjcE!6w#gj2XQ3)F^CA=P2<$}Sn)A*vRFs)MYt*_dW6FY{*`q{xGAh*8!$is$tp-~) zAshvssna&L%*M<6QLEZf{&r^^7Y3BZz>1F5T+6nD{}2k zu`Q00d{bbVW`|)?BFi5bd|zQqz;%;XLi|n{&eY5-6^m5H`~7j6k`_v2EtaCf#;z{A zLbILE6&tP8Qd^#nXYG94ij_#FHXURX>$GHs%6@%3#oDKgt-=<`luS8Rk)&96)`_N) zT3hO{9W@*0cSjCPv-+Z)TNm=FVzOJ4xq5$IJLl%5b-ZVR_iLW%&gQAnVUU{^7o$*R zo-C~6?bJwINz3RwciQ#y({ZQWD3?=BAsZOStJ?OP+ugVTiX)U!oCXP8{uGr;HBGWvt?4(v*99n5% z+UZF>UCA7+xv=CUV_3--iktbYH{`5-$T-W6>0A;d6s4weWLUo}=^A)kne ziDcDUtybhlQsj`~XQ4s7 zGs;=k-jY|7W_F%3BZK{PI>=@-Y_q#x6}f#Zbyk~IwNUIV(uR=C)y9ijr+aF(*p<}M zv|h8zkMmurekz7$(OfNiI;97(QDU<{kN3q@zB(z3!?I;8#@sS{S~i%G(A_o<+IpN` zSBvwx&SuW*mG*F*V*dVjD$fK^tnQ>)NPq}5$n?)Es0Gk~N@&yF z610F+F5Jdl4Rm_CGjKt2@v`nb1S)?k z!eLvunm%7(B%Z8hfjc&nA;3@)q~z5UsjIc!!FEYNOI@q^p@$)84kkv(Y(q z2Ugx*wj_Sn98}vYF(2ag`~hnsA>(lVQ!6cz|U{w3Jda zM>YpgAS6Kk;J~Bu(2B{pQ?N`2c5~QL&Wwi3q|{6a1*6&N>TNdGDl+@+w7hFhXVQ2% zDKqolt`CX@=u)8@Wr_!dfMxjIXckvSQeBgm{bL5|kkl4=bqGwBWhc>!lspy(sYq`) zl`~D&o|JReQe8DpAvu~lF2_mW)uY+TDU30x4;`-oMU>IpLALaQIxW?NY^?R zEk3XAlam}ji>r3YUS^k*wE#iHft(qPL+5_HFL03&%Pf>hwYy8Ou}n%+^jPnh?yu%* zLF&(9!bz?tI=QTt%kMWMD4=5T+t!NTchjR?G&jp8jN$26kwfM9fv@&*us3EB#m!mo z?Z>Un##pWQ>9nD?(o4D4-%Toqjm~nTa--7SW+S6Pv&xCv$V|8TORiMRMbw<$&g-F7 ztsoT!$w`(Iljri9=h9=^PHWf|UfnTR z1?-w7SR-NXG}0{@w-2IB2WZmHmhje&z-wnzs3YEvz!(g(lW&)Ir@(;fDmCo`2U;a4 zl||uDF1KW%4GIa7DIwS*%FSiL2HCL%nX!;s(m|k&K{Z|Tdat}t7j$=!+TuZE2q0jE z1qW(vOzFk<>at@rlZz<`q;iMuH7wC-B{tRPWmKR$pfn4q8b3Hl1rwf$ar#U=*W@`q zJM?DP>VBx*=^TX_)1+I9DRUiA^-Hh|^zx^nEXWer8)zGFN2!9nd!6&38*_AeATozI zyO29Q(6ZBmW%tyj`;kG^ejacMQ@b%jSTI6x-85iVg@tKyWDQj$A+$SHtR)}sXSm^M zX?4?aZZ%Em)2>l19#ZjLy>ePA!&+q0*AsyF?ly5UcIRbfI@o7o)0)}NoM)CeOft>3 z&4xOwov7s{b(YgJyTLTB7^{^UFqV@POV~gB+1O|dsca%SC;F6 zy6Neu#^Kz}M;C436y-w2eD|O>xW<94R#>t4f{Gsk?WKN5@jzFx@e_8lgZ)+c;=96k28%IFMx z*6^gM`DACFJfDV)y_1uRQ@bWNj=A}gE2wOGzTT^YOt!A=CbP8_S|nRDDH}J7eCeQz z@x(rQ(r1g5fsOBw7%mC#nP)wpWRx8$^q7)>qArx=TrV#7cO-z$3@P$M@UCg%> zK`fZHL{>hjiwRTD=M!?is;P%mrr9h+_DZF_Oz3hxk)O5rr{bI1LwI(688WRRR zvpt=RyPTCQ?0Gg9-_51+AW>`zQTtq}Me5QZDRiRSWY0Lx=I6G3D8#Z>I^H)l5me?w z^f*)}5}OW9Mn)mpk3@#8;*8HR+_o`k*UobxuFQ}6WEwR&D<-U0NizmJ-ubBKhY7f5 zXsVC7thg?xL3wLcN8|Wm)U%b)ARC{jCz0fN&!1MOOtzREpE}~?Jh!XU)KRG|XCk*r zr3OiT-W2q7q^9he);V=pl&q$7POOH_Xgn%r^nsl(g<9N!?T>72D_7gCyqKzP`G}z% zPRb+`&(6->XkBMZAh63qbu&0G*H0+ax4t=a@VXwc(_=~L>d^4>EuksQ(F>7WdP1|+ z+k*KLBs4kJ=C8$3w<{eBGp6GxtES9%JeANE1yBJ`DbRMABo$Y-ER`Oq){>$0;eWmK z31b9YHwKH@wlVTxhK}5CpuqI0}cy=&GjOX_tZjVJ*mRf^Df$j~U zQpYbUHOH1mOKBI9K+e~wU!*FWSx~Cg9Zb`+O+cC5H{+}f>NKd#j!F%RJ}CZ+A;(TZ z;{mh`7ocA6LW4x-SaNhCma*l+l$aZ!k249Mx#1C}Dl--(4442HbA*Wh5W0O}^MI{v zxE>@5@H4*?g+g2_f;(!ti0Q~SPwo#PrmA$e^BNbihug|BFDBD1soqr!S-X}NIv`Yb zNgFEfu(OPisx;0?K^QKp^O#<=1Vy$-twXsd+R`d24eWD>$?uXz(vFB?OV5tVy-H=A zN>vw(Dvt}Nm|9<)*5-k$bO)3EsFh#EW86M!%=cwW&gyb)*E9-DlpAaWrhYhtxLIrf zMtQyh#)6pc^s7QoFD25j!^fn4c@}9`#sx8^sr`L?mp*1<`Q@Y#8z_7)Q>n~GrCDXb zN6P)8XpJ(t&@6LoFXp>VXONr=XJMET(zR87XWI#@yXO}jRb6NFRiv5h$26n1WOwoT z@-Qhy((A@FpW^4ku^p=&Qfs5c)nk z5|Zug4|Q0Z9Bawf>a(johaRZUg#4uzBb0e&YA|TJF&<+hw@Zr+%M;EY93@!`+#VLSiPjL%rmb@9s`&&6bv_NhvXm&9(Vv zCq*LrsJ_b-+8eEDG`Lk?*mSCkTwy66+fALXZHtWt)2U}xVndxJm~1Y-iG{YM-7aD5 zn)OnDZ?xje*k0?aymH=052lqA7L%?mM=ZE9v1T-e0h1K~*;b$Pf; zy}2_<#KE(1cP5qzR^_uds(h(A6GjqCedMq_+MyPx@F+3WDO(%B#-J3z^Hc1ed>-c# z&uB8J?n~Hs=2FW%6dke6vju*Xi0_BR9Qw?UD~GXa(cb=0tjL#dM}*uy2*2E3q1tU+x9;{cA;{C1RR?a{&RcRh(RUDs%M zOGS)1w6FJpVVjj@Yu6k0*I&9Sce} z)-9WD&aP$bSgP!$~4chp7Y>zAB+9TKX zSSX~P(ld2=IMg;w%;Z6xD^6lsiOEz?d3=seM8c?!6BfjL;Yu$Vb}vgTR9(Udf^=6W zJirx3IcCp|GL6VQvK?lR^EPvyM}^~f!1Scka%&wr?VcfMyV)|7T_kPB$QyAp4laV+ zQZ`Dnw8bs5RwSntTI@cW%n8=4B*(4Tw8s?22`+CR;>n=ozD=e7A+0L{J=WN;LO`SRh#rISsbHoci)F0))Ho;V%NLqy+4wq`m$I$8Vbta3Io+@Kg&QvLpZ zn%p*yo20!2B?Z(lW82y=LZO+Hm;5T-U)R>kU}U(4MsRqbxih;8{)jq%bRV;MjYjX)Q8lVAT zDD+U9VHgzL>UAE}A{q+?5l$b%v$J%rDU#5+wh89t+D$05rSHd}UxA_*6->=7-?~ zc9&JgUbn>lxtc0&rAemQvLds|bfA>>=}3t+GNFF?XcSInMiZs8REkf!Y^j=6_C|VJ znU42eYjm6@Im6yY^?4+Fu!{DPUniw2$fbJ};%nU>;iR)#z?vTcwg2 zKWvAq=w`d@h}&(Y$XMCDW*l<5ycc7M`M4I1)a;g!YpYsv#9EfhDP|$F>Gb%N(O>Sm zBQ~_)^+vl?n2EbXf7sN!)A@cp%MBH7*8|5>URTih+E^AcF?k(fTIbwu73r6!Qodi` zE7?}$thH2Tx|QmB@f2DNJKLr??#D;B1V=(doJV8*etd4%Tk*k0jFovi zSxo9v6+D4MrOG!O`BgPPDr`>eM8t~d{nIv-$wZR{dp|n2J65_C%`Vr`X-7R|I)|f} zHZu9ssFh$B)uqs?7t|#%QJoQLQ`;yutEN^_$6I^R8}1=muN_w*aGy^G;`H3u7R_j- zp_E2^%Wl^?$yf{OyT#drR6L2+P%hPS@sf6$XeaZS=92NW-XB4bKAIlzeJ)WqqUZV~ z#Ai*r(CTj%*+$#6dXb!Y>Xjy&MyYq24`e+(SxIO3vbUPn^2Vkm8G2{wTR)X%k-Dw*4o+ksRXjk1YAZ3pI}=BD zrUpj#i8sp$C5LztOKvKYVkOrW4(D=H?qs)og2^?9t!=TRoY|dg#SG8v!eAe_4JnyI zc`c}ix5Udc(j_E35-+e;AILRuyMlGYrz(YcV$3dfrnM?))k9|=8b$_kYtRsCz-k9> zAn~JaX;?_6wxw#hwdwFhPU}wllf1Uu^lBp07i(vzH#x0E89kL)5 z&K?$x7&xbA@p@#!q(-e>cVZgnVtz2wW4qQM+RF^3XgVv{$+Oi9iRM|IRPE^~&!^JT zAf0Kp#fDUex{KY+Xuu82jjqj%_o+pe>+~Y~JdEO~C5&3F*PL0^N!M&PT5<;*){RL# z)axpLvr#rJY)aZN(ieODa>S%K zKDzGj=W#Y7mj}yqKQzv0&Ba*HoXY#QU4ZnL@0>Es{mHb1tq|(P16} ze5aHG*^BC_QeK$ldX2Bg4+*AVwNh(&QPP|)nzW!h1^G`%dVU0Y|P%} zw~_i;$?5fDHXmut;>`_r>a*p^O6W|O!cgmRLfzsdHMV=rY`jwqlD|PUD6YU8#fm-G zRODC{LWZ6v;gUY}*4q7js=@hIH6ZFh4I}Os)j(zvHNN$&RRifgssS%S{z0!>J};NG zhAivZNLJOy&GVu%95u{>X~YtT_;B8r8*|GLnw1#WJ{PUMm}n_A!wB&clTASZRe1ts zYRyfuk)A7OeLLCY%8NBP*SFb3at4_@s+g;qMLohO<>5J5TJom_Wa$)odZ%NR(&c}^J} z_WRz1FD#UDWu{H$?Jahoo|2T{QQGnrIA_b*0npWMWolQ#e+nsnj@>vpu*KJEMqvp)=`8 z{YibD+ay(MGOzPPHM6yi>dfR4ZP_fJq)>4jIme8%J#Qr79lv-?4=>er+Wt9$9_0vA=L)$hD+=qgw7?g2;1+f7K7{-aFTbyU0;}i-{+te z(LK{KMu~v|&U5eyJuoaz)X@Sq0QI;-Z_QBx(qxizqw2hL-w|(ofjtd+&>?tYz|j=L zL5zA3f8kPxYI7h~4g(hBcqLGYdScHrt4WYS?RWRuvM^WrwG~aqq^365@CWtGREbv9 zgzP*g{{kbAAusd@G!#G`Xr7^x^EAJb)`NJzwo9F$U#UoQ{=`FTB^ALee$Y0Ajm^$- z-a4~|8xI~Q%fe7%RqCypNX-t6wo67U`ICS=FJB0vJ8gd>FL4#@dr+GS$GapS$O1s8 zfFUq)CSgGEC39$$_xZ%I8`_+tSazqb6LxL1wKzVZK|0m6l+7i$RXrYu+!%ejj1EK* zZY0=e*i(9Vm@Bj5ab7Z4iBz*Sg^C+m+)Tx@5j!;5pLhL1J;y>ALrd6=QM%Oifz#a`Xh*EQ$0X-&$n4ZOHg4 zcZQurs4^F3I`<%ZcS~xOLcRVw7AQZ zGK(o-IW@|yMyI&8S?x+u!_wN(Q$61v%||Pi3yo$CTNdlpg3XzRzd7IsA z2eLY9HdVpO%yaEYJZrVIiJc!BTr9&6x&yPgY%Ql|Y21>^8T(x7??OhjcNol8jZtAd zm1`9U(x&4TcBky4F{K$TRp6X_c9tlnl(x}p8Z902rc_azHd3S5tapmXn&s+naGclF ze0&|+7t5u6osCtpRcky-v&C$mY1zGrXm7`|Etqrg81A;6O{HqLrbk^~mKVmNaG0Ir zP@*-Ss)BtX*N&;IB9E-lW|*Fo(5-2Le!OZ%^uv6fFbc_5u9<~wS7|x!S5ocnM9P+j z#YlMQg-9(#XS|0XlaT09=FEqFnw^}cK ziAEByObe3Jg+r(`QEL(}9qO_KvEU{IvYP20KAYVUPojcpnbTpPo z9J9w^uAAvdqrOt9#&*$RV=HA%>k!JF7Pi8J08iGG9@;``Atj@r`wN$?pdlt}6LLt&Jc?8rPZfP}ETUfVPpgED* zKIC`93bW$JT8J+X=PT_1f}&kbCQ5o?*lHIPHs7%q)eToFAFa~%l&g0KHKCEKY!8td zdac6`6F5~Fyu+o&uueGskMFcB(qle3$Z-Z(S)>qPUmp~jX&rFJUx68+ioWI#Gy zBrjzTr8a-R4L%B_-esh_3F(T!tvA*ET#m=n_MsOqWNU^H*%#-Fq!Ef~wM}%ti!2j~ z=<(3q_CPq78j!+mwg$|yk!iD|y`1S(^Rdk!H;d@SOuVEd8g)(>Tb)@xwW{Q6)_&HN za}g!9!E>8#hY(~!dN@+{Y?kTcLvxi8#BP=UP zx!CXLR_j{E%=UV{{(`TTLv}hBsV~ceV`sS?80q6$u579~rL4_sjBu>Mee&f_xy4s= zvUN&~tx>zHWY_!5swwyRlsK832D4J~JZOsR$uN|$*h(Zm=&6Z}Esxcy*@H^r9H(1eM=Q*T`~D z-L+nSF!SNKnZA@p!yopkjh^0DQV^k=P*j;ANW>}hZ6yWy_}go&wVW4@gni(rkN5HE zkpGU4_wnhF|BjFM@#zqde!omW|8_ZcWqNzy17nNtW2H4>Or?f)zw^|NnI4FwZ$kaN zPp?-Zk1k|kr~~m(XdDRWLL5aQ%LDnak0`1mRGHtd|Z^N;QtEm%Vs6R?uoA z6lI2#IO;yQ3-m90JssFn)3}%mM`1;h2h7=N>@0B#8Qn~b_xGv^2kfyH&BuPLKo#>u z(VHquuKrZ_7|$V#uu6=svU(1OWF3&v)DqEw#p5Dt`Yj%%wt3=dKOU83^e$$6TH(zq z&6YYmghzWj7u8(f57eGxq^^g`I`q7Y?#ssUd}f}{LzP5ag_~JQSXggd+J}^=~@xx+u6=8X5PiUL1@yPf zdDa-vPsKDvvlPcoKR0&;kSe}6fst?8#?SfWPvS_$yEHip%56=q6*40!qtET<23mUo zNX1@7NF+|$s4(!fY^fG$m{^d%pOM~1kFofA-st6f5%NCIbT~K=z-;q1w&bWE@7#h< zpfCtHk-q9az3a_EX{CZiK)`N0BV9M@~3a3t>`vOcDS zw_IoOM(JY^NyN-zY_wmaeT8+UQy3>WZXZYwdXj-kqR!2_UC*obW?o(6eD5I%N1$oW zO`7LCK*>qaFdS)@gfa0oNF8cb&Kx5qpJO4)T#w#s^%jz&;?*X3-x*@dP7HKRu8ev& zqmwV`hjVqUA|l+^NIf%wC?)4!g7b(e5N!3-z%3M9Md9+e4=^_x1HYjzQn0kx*2lGr z@yxc>OsXqi7^s5}K7@|Ra>9Hr$o?e3f$^}{)F2|!^Pw4%?ci7EeQv-yt7(K592i&A z)YXnNFJ>>}Gc(otK53xQ5NNC%O#fIE3(a4wA4O0UmjEdE3xhr3tL@;AyTP08`SH0M z{I2}Xe<^=$YvDfSA|Nk!5&P8(;3809=rD)`-wqc&1KgfY-?V`+OPo$0(!ggb22c1Y zI(h+;KQ<8fC45rPk0u22J2TLC(TV$1O%4W??(f&@#CF{VRhJq%%|RRR+zV^^QFyfbZnm>y1*A6SZ*|IPD5NtlU9?`Aqc<;Lrpgu@7m{lo z?{?lGZ?6n>v0c}l(hALzM(b| zk0*7wW?UzkrzlhJo4s-IDT&rH?0U3ImD2f2-+}>ApwZb9K-DP)Zg1U!&ED7U1Pmga z=AJ38Kh6ZTEzdWCWmnzcua7*{Dh>1wwof=l$KixOq8;WR>dHmN6DN9G$!1}C;V2## zPvB<+CHAA>L~D~@xGOkaVf&Jbt9cT_1UYyU<-O_7kvHM_`NZ{b zklt{U9tP+1xnSvfz#4xrbLf~s9rP{>OkC)wxkrls&GpFZH#AOMcqaYF$K_8?3n*#- z{p0exrv<)V;8~sC1j8VI(LT49FGdOPi#aQw_Pf*Z(u#Yo_fwj9s?nBO=u{62ns5(O zRv{OyfdO4iad37eW%sIF_GsappQ^f3L~zQAp4POih{e5bLDW{M*a_S8i|P&!OTVg{ z5xvUt>1rn+XGA2tZ1W()%y4%xm1dDvNthj>dyDc9zAqB+am0%``r##7Rfe1JyjFG? zxumflNFI6&BuVWqIm2EW4H2uS1Lwl?OdZl}i$9X*!(K^SBNZib`((Rhg|UklJ($x1 z{TCk#VV6MHFh$F}nSiNv#NF5S+=(o1OUS7QhX91yQmLGlP;zM}Ni)?Qcc*E#1y2Su zIJVn1=Y`0a*_0HLdEE5aJ=f1H?1Q3n%6K?Wt5LkJ17!5}|G1h1+UE{v|1$c+a{kA5 z2FJccB_rJSdv*W2^}P9FJug3fi>VSK7OtmZ<+YwO7ZR_RAjx|``*!rOvJ9V}E96UJ z``!bYmG-CK!<~Eg3Nmw6N|2xBQhzfreiZ4TLXk))(id3AvG*cf`}wt;Zje9S`cHT9 zhdY1U9AI((?XCam&fytLKD4{Y-(31YIDiYJcb7hcD}BD&UZD{oIRgkW3w%$Wcl(4D zq;TE%!HZo$xJXrUzZ5Q(#sCz%WZx$JE){b#Tc!FAjl006$S{9oa zt@S&#aR~EloMW6EZkKrN9PohI=G$FNp`lhqclw+Yo1q=Ewahh?aEG=x+YllT{#KFs zr601s?!aR;ptp3?1KVH1&CD`vS4rf;(8ar6Fb6C35!QM!p^eY$q1FA%Z`krZjFKk* z3)jeZTXbWJZ^H{2+`4uTrUnb@?FI>|18^*&7S6Swh6T`GO&VRqm?WAuH2aIWi%z6-y|(1xRzzv6fU0n}3B8xNAH9M32PUj_Ya6mlF_(^*WflQj zsK}f#MRVGc?($OdTY8YKv<%7vY8rR$;1A<@$u4Gn9!+u+9-%zdF0yntF7?@tk3(Dz zgLVvV8IEW)FI4G)WUJ#E40Aof>~B1&{o@+XW=Zy9!2Ct^Jun2Kza;kG^sxU_!Lx5N z!uC@}sIlrTA@!T9kJ}6BuzO)mK^yt2ehyv!xRk;HRDPB9wnBfiucwNl3uWzFuhF3P z-j4YWJ~;vSrivU4iahdZ!d@~8>k7Lx<@9oL=A&dBVg7Lg5(3NP-K97_ zk0f3~Z&KinqkE}X35)tA#?5EbJPzIJDLxUa5^wdBy^5>jjNJ&=J4=SMS(6T(Y)0;O zZp?u6@wL^n32X%;o3j@WWA^SkOD_F3W;gx$0Z5bd?70rIE~_xZyiajlFDB z=3Y9#(;?Jai^)Ua=DNCbLs}=UdAm);zEpie&ZcBEvE?Y$_;tO{h&JZLRax$c zTY~TT8Zm-1gceKk@d3X5Yqq+X`}=+uf*gNy%QOKq?8lALoS<9Katfg#zCX=?ml9T$ z-fRhODAj=()}0~_n+(|pqz0IXegr0si1o@j37y*#?K^uI;*m4-ieWd;kQ<9pEq6QC z13McRttfJu7Vo|{SzUiXRdRD@Dn?cf3J$nUpKl%9)r1-Cl&aC`x%TmFTGwo43;1yg zr6t={*6CQUl9oShPt*Png6+?>_ge$~9TE3s$K*9U{NtK?e^uG-XO*on?3mas&FFU_ zjljC?c%o>0HKS+Y8~TG&|G#m~1^12kx#mVcuDRa;Q`5T-{yYBaUGx3Ty7QCd8(u@+ z*INJ!2;9$_?>8T)_3ClHH7^^*3|iRu zz4}p19t8jlR=znQpm7A160|CrPgg7bBiQ7J2kSf8WZ8G}_QPpuI%XK-sBv9nN6Hi?51{}iQ@M^O?dFFg??yY+1`hgpA| z9Ip@g9(QZLIqd3mYlEl}H=u6B1|Lpb6Nx}|yf#YoHqtku+wC65bA;aTmVly}_XQHZ zxAJL3chr_|2Lfl-(afyZl!&F#>swB{N>^@#GYl{8q=-O`)*a+#S#gErN~3k%Y1{O) zO1q*}ZYCU;H-|ndw~4XDdOb`akiu1-?o_`YS4*H+9(@D(a}_K1^%L0v{fR+OR=102 zWoVR*x+apy+2wY!9`vy>j4TV!%}k$hyibECKv7hBn-505iHGYdFBEl@ziE_^22&>B zp#4NPc@x$^BkDKK%%8v})PdB_cA%T5p+fe@OD4=wBf6IZY=M-%!?% z7yo+guYC-V2ffi8;AS4-dE0^+0w8C@hO4=Q(O=BlJ%I}MT1d@PbJtvdhwWl`L|1V= znzXpdPY(eLgbJKZ@LMMoQ&X4u8J*0;mLEoIQDyGT#?c02XjRE~H?v2irFC zDLtDN4aTzox_Y|^W~?&6z}^P4cZGR3n8J`W`>E)E75ATYJOAd&PjuV;VKadr#=kI4 zLZu9kWuTDPOSL)}JJLW0MCpPX>2m95h?Yj+&By*?m#hwk@Fwi}L)#Y243TQj9A+i$ zv7{aIZsM}(T+Rck9`)nGp=B~g$JSO11R9VFl(=(oCG(+sRM)*)q?h#KmcnYKTzhQE z3}OOEp3EsTlhXEWJULBa-)gZr2ZwW*6o)Zy2#X(ZMA0ATejgUP*VT6crFg#KhFxQB zH{7uTAE{K3r3+I%&1S0De#&@S9_@qmAOV+VJ?B-Wpgx`Yg)d$-1aOz;^~lfYrrq1o z5PK?zrwi@Ss-+JMJZvLRs&1B1DZd9RDxRGpV&6B%4v5=KWilh?MWt)fjbX(|x^(+`X|S!PBU`w!#%Ifo7V3m@e7LF12eMg$-#KT}vv+-kxKc6B<4RAjhv+DO#n zkbBI?esc#$fVBeUlTY!#T#Nj4@h{*?5N^JKD}js^3c$v|&v95UPsvMM$$pA~WZj5k z6?fyDJfnir5PJ_M7yRyVj-#G$UA*R;4aCtYiuE80z|@?i?Gh`yfY_YLFbYb^(`c-8 z#46K^L(^8vc^jVhSaUw{EmA!%Qe7w65vN&VV~dKzdAm){r^Z25E`9=Fi~OnHGEaAx z=Wg!{Tk5b<+BjQ;lS^eXSWAT~f5c}vdm+`Cv#;dd80!ghm+YV)^)<=3ccwS4z6Smf z738FROgu%`DD3Og5Nda18pfFp+yEqA_KC z|3-Kfnpc~d`s;uEC46OD{5SP4|9FY!wx6OonK})W$XzzqVl{nqLqD3Kub=$ije}=N z(X9#U-_I)2jIa{AbMKf}%?f{De?Wm)o^jCjE*4hSK)(~A6Adi{@Om?70`$GN1~Qba z&_93CAm)K5k84u&Mm$Y-->O0Ccu;_`Ii4 zD$5M_?Dn1=Ga5@?Wo4sfPpd-)Y`x!Y;VVh+VJU0Ovf1a{%55Bq$@P6Gw1k!)caKAv z4Qo4mo+dlIv7p>!59k5R2n*Jct03rTQ6w28XQ&NkozLl|v=M@rRQOV~9rP~OI-w@c0TINL{gWteq+joV~A*y7QiePh%S zDl?z`GqC(a1I~#n%>dR&VPoz1Fk+rP$2@30X8W;uF5pubg-8Yo34JgDNSkWd1XK-t z0{jl>Z{s>baw!KK6ZTa4#pMt8^ROqYIx-K}adjvcq6Iqr3YwfQP-M~862(g}oh_w- zj@BM@>nq?MLI)M>lDtr;NE=%$TW6qKNSQqqp4^Pmyal$bu7I|KM#NPx!jNl|bFGuN z9JQ9nFd4Q|qg*mLQylVmzsH>`di7@=**y*F-n9-GQONrh_g!=4M$5A-0yoT=!1sJf z4ni@rRh4`evyw;$JjNJb99G!ANMiQhsZJl9xdO9MvHM3cTdQ<&T_zrV$E<1&j{xjV~S{JpJ(S zFHpBV-l`*G{~PrS*cX|2OOX10@9!u)y;TSq<@UigretmG7T_1h=;{_Z{&-PS=QhsI zm`zyB7&2jE$dy_q3(UGK_bys2{~)Y(B`}B93EYDxad(6uRF2G!VqW73%zHfWrN@U; za?fCXlq%9(ESaPDKB;b$_4G7MyByjAAT3kS6O?-C`E5nuO0=h3^@b=#ytOh36-{}| z*nWLuEUYs(C#+|fVCuj}n282hVOKga%%rlehv6nygMk^_BN%rCT|(_Hh}UDZtq|d{ zeVlHC6wSBQWAz+`i`7{-iUiA`9SFdFevVuu(4-ttNBOY60bi3`Q2U^Pm$`pVF^I6D zXK8I484$Bov-WqpBls0oVnBoE_e$AT&iS%(7!~8JiNt)#pBFab_*~?j2F5EZ0tUg$ z8n`IDs}^^LNx|>)e98qfG8iF8wgs?yVcTIw%NWVz`WquXckpw1FdH8h;9)+HL~FjZxDjcn=(#Izf7T&T=ALz}})%Byd-S8pwp;uU0P=v1OA6a)Qn z1~rq*we2a|mhm|hu&RrVg~Zj2GNnY+Ml6e6jJ_jh3q8TIn_fc3B*cB*Zyeyb*{VL) z2LD)1p2E@fqdqo5=dwLmOE1!B1bLx7fT^el=u;ps2ZDFDr!GgvOdapzW~5dWqb@YI z0$#rsf-57gh^G_4;uI`ur=$C#D4cyYq5O@0c^(MwCjYxK!N|%N{QjQ{g+I5-`0;gE z+kRRZC37CF)5h4H(Eh8(YSMo}#b{_UzfL&daC#@gv;0q`01dz4Q;7tp7x%S$e{SAD zjSocNiGfPzbAyKS76QOZ*gC)qVp4*9S z)1jGrD~rfhI{Ox%w;8wquf7=KUU?K3P|%@yk?dT2izeIqbg1(=6t|Rl++od}9!zQ& zD=WMXwRg&}!fKfqvj96MG|ItaA0>qUEbghteEzt*_)lYH^J(l2v8-^X_Q?dM-_9&w zh=k8F&pYs)TjFV7FIqs0Ta&p}0huBl<#P`s-Cmd66Sf7>OXqdC7g-fex+K}B)h<^$ z_R6O8gYB2?s+H}QGCP?P6AlY&6dXHuyC#E-a7l#sgo0xxS!w8`Cok0T?z#-QS>;y! z@cl0keH4J9j*(*L$x094c0JY;^$o~Kx+hr9(5!2sVY zG@RNTd|b)j%7u?>k*_ZPhjIbP&A%@fkT)vO|4O+aUW6p3YBWPH2q9a*#%t-@hU%{y z$dB+V!LJIJ6?J)2V%)ai4NzITcbj%3;Vz6u+B&ibEeUSZnN2j(UFpg@SHurIQaH7D zyAMRz1HSHg2f2m~yWTTdv9u>?k1$ISX_(c z(VRl1D%i3jZpNCPk@e$ThaEGIo9BtVbe`15+yj~`P{yuz#x+?$4}NesZg)WAzHDi! z>{5Un_FI0G1HVvMG3#8#bMlFYlnWu-`+5mqz{9GXob?LdTPHocKAvrxs8>e+cp%Ok^3TihEG@hVIZXoq z6qtvLO8ywd+Esr{Gryv@Q|rpyT22%j1jRxV7v$4V;CSyk`jGj4y6Z`*+Z~JL&Nvjg^lgT{ z@&x{=tMC?w@D98Fn*jNbecZ>(iPAA2S~ZQmK$HlTIIX{7Zfo`~xgZO4f=IG z$2X*Zs$5^L60lvA9}s9D#66+Rf1yTS83QxF0Q%vrq)<$@e0QpNw*Cb3$oV~|<$GUt zdKpBNg`3rPt~F@XUVJ;iVY1Zb417E2ApC@Adf8%L^R3UKh2MOChi`8HhYcFgqwgqE zMGq(bqk%kq7zOPQ&^DL?8PMVX+cxX*0cSbKUT#;6mv#({cP*mMY)78KJdSx9qg@fz z;}-8xtq4~g-SP>XnyGLwVIgQv*Yqh0MuvERy}u=dZCm6*4V1~T*|wUwB}x@-g~5Ow zQHiM4VL(_X4DCZG+{3$cxDnvGbxVUX9A<;%k2GKzZmsKMVqGCG?V1Q)aKofU@&O3G zpS5Z>E>(Wo&jpI_9wH*}J|*|2hAZ@lAGXQVa!w;?x`7&d5j^Ru>Joe1jJ2YW?^xgR z!5P?|#G1`kbo@AO!X_A->T%jrpu9vk#Ttt0z0MdRfvd}5d$^uZsjB@FeSq9+UyQ&U znnh;uVWsn1Mh=}b6wBTiQ^aaB*-C5@4AJm*B_faeN1Iip0ntHM`K$B(&3NxhI1f`p zIwd%YQ=sGfi{0**;n;7tIcVNs{Mc~o8yOk+on7A|MWZ*qw%t$X7sXLWZ}iLOu~048 zJQCS;bL8VR`;A%m&EsKzfOp@xb=C&VrT^gbfY$6=MgE&y0d_Fad+M;Q0ReoQwmX-? z(cf9-fNwp#L&-x(aCR9__|aL(6HMnVS~nhu5yoJ52#t``S1bbtnqbmy7|09i)25=f z{q9t*@oPI?BPBdsRub(%r$>Vh&nfQZNAeh?xm)96_&A9-qzdM}WNUYl&$7oRZ13&1 zZNTBfk_D)G*>UaE7Z54Pd92p;bCl1yzLQU9!j!FROSzSJ_X;cbZmw|ikXo_$h#G6} zc`+DRMYsO;bX#%LfsIz{(0yVV24que3RFVG2MJxDPiyVsoeqL0(4|rBbLr?l-N`4R z!GudM@Tfp;9KZl{Eb2`*afH)(FqzIu@sx(_W}qCNNh3Xp9??(tv>8>D+2#M7EAVE1 zj=vlK{$}#{<0?D8t+K}FDobzNtW}{tZ_4w5zDWB^-nC!r!;b&UtL%499W0kX4}JLo zU!Du(8>HdIApNHPeQCcS#lk5&#GIV|>5jfhzY-X5{rh$Q zcX#x0L&)on{sURpcs6$KU6^fO^JY>%H}HMCz<@l}*ZGXNY$j*gr5)oo)=Ndk`DNog za$GkWX1nm|=2PvIr~HJuX%Csl|VxR=wQfa;i2`J zV+qQGxR9H5o7GpefTNE>Dwv^)oqj9Ma(y|SymcXvwjauQE%9PAM!MuM+Ca+_y-AS$ z88i~|^?vBCbkSY-sS72S+9Wj1II%}Sf$z7&*p#|i13~Lb7Hg;5+b58OCx_MrWHk6D zSMa{zZL<-P6{y{|aeWXfZw_~LWh%+$<{bQ784}Ih_55PhFzCP1c-~p^=30+dwAz#Q z=?-@0B;eXoJ`w3@ZPOWoUN3cyw}3u-kKRf=6kK)9{{~mx@c>9knZ6Yn3+YZI^;r5; zyjM$KLEWi+xawZe_37wSHMr^=LBc-CBX6#{@LQen5q|Une4aLE5xzzb7nl222nS=l zAS@7ak%uM0J}jxTcxR23XKey~{^{-nY`mDO&DYkk?gxRYf#cy;0i(I?aIZxmaS#EnZYWo5r%D50S@o&CJp)hfxHl7(H<0#Orwy9k+y5lZ}kIn&Pa8Av<@tE zPJ!7xUT9*ez62TewJZ?QPq5?NNbK9fIaLWL^KtT#RCAu2H+}So? z^H#SyYqw%^b=)%q1M%m+t(}GUVGv~d(sbC*Ap%M?wxZ{|nflZggf*V!WE90Qg~AB#Mj zEi09`e-Y|u=q1Rn4LHLmnp$1S5{Hq1{&kZwAy0Z4q zqz&;@0RNvwVX;OkHGR>2mrk$~s9h(&3T%Yn{2Z)Q4X8gkLn?9ner;D+G-z?PSD_n?ITEuEgy!N9c&$n! zF{qi`jKYJr*-Yi~OLsM77REc&}Mg}9UcVcXJA-29tRmHW=N{_5u91~Q(qlEd0B!A-=WjbrVs7psLp9F zCi}eAsm^3tDIkGH&^nN@^^Fk0%a!A9PF73q6(bU(OZ~%QlrEi z=!_IYgLC%#Fo++ucUSfab%HI$RPk3bkyKs)&&UT2*zl_dFv!*OzVi>Lu_)mh(dS5M zddTlcY6n{r>kH@6_$G&Jr2Ssqb78SuJ(WN9yFTwvIjxqggUa;b6bm&pE+t}-ZKGJz zU^jq1q$J$9-B_J$Ohk*?J6s3@w1KyV^cQ=71BOQD`74qN@8kubvy0`CQ3U;+6+@^M zPpG6qACuWsY&s~;$Z8+*(c|J84TM^8_U#lg) z?FAge{7>!&|3*c@WUoCT`R?2h(Rc)75*6~0B2Ec$g{j^#r;aeXgm}<2GnGxFcHAApC5dxeGlc0YKXIY0IT>HB`bYpC*XNgT-pagf-D(CuBK0k1)-E0p>h z)wJG79KU|V*C#~2^Q@Eq=`HW|5nrDW%KWdly#MqgzGxh;c%N4g;}pF`nT6keT96K# zSa+~2Q9u>QD4=2Jct1uVWM{coaNQX?KNxqntv45Fm(x8-Q{w815L#1QXq2W^;(#`& zTuw_8#U@bstzLpYOF`x?&insoz;jV?uGZN|S0_y4e1{_;hg&J74IODgB6 z-Ee%Y0;m&1jRG4}h_&8Dl1go=JkaM!AjttN2CQ)Pl47J!3O^*pS#Ctech zn9ju2l7l57vK+;<4GuH;lX5x<-8#?r7UvcKkF7(PMPL>q-Edjo*?mP(J7M1)8T)a} z3D=#&^0JVeM1#knPs)2@9|twcPZw1Ik=yEe>2)E=X}vn$5b2)JQ?qIDOS5&T;P!bU z4kq9jKw7}NR{kGTM1=>w(#%Rj21fVBM0{F<%^%8!#DQk$z4sGgheRibpsbIJ|9-8I zsz(i$?e{P7x4!l(4E_CE{GWb_6G$Ii4+|`pYZ);vps;zD@cf+O2jP#5!w3c?2rKv- zgQN2+bDN^S(sqA~#6VI_iHlmqv~Ha?m=JH*knOlWmYZ{DlY_tV!H9f=;gl)eN1$=1 zfxRuQ>Y{REJ|4kSyj@;Bz?1k~`V}HoqYtqk>x~FPDU(gbVx|Olx@_Rvm@M?J;_L7h z`XtMgN@J?o77MqYYntWbG(?3xF7=5#~t)rnS*YcOj%PvAXx z9175!F($EVbX&nNkZ~Ml-96CY`dFFX=?@mG_;QrKiTuIjn%zDyjsHQs-=Ef89x}lo zG2;_fqw!&O@T@4j@3Je!?+SW2?&~iP(RBRdDHCL;vSlw^4h!o$yZ};rG%Vc&Rn$Zn zm)HVWw;fQ%zu+`akN|Kq>M_I&)ff!&Upkat0m8Iqpzz3lz*+w}UhdnO80-Nr+xJ^r zGmqX-+OS4{zJ@69A_z5p-YQD{su;>7y$^_vEZwrcXg@qG#a-iNFrNX>Z~*z~c|3vn z&lL3n)QTMhQGZKFnx@pV>62l6+7ABljQbyHSP8?r>>51CSir~au|dSqtyy6a`rKQ4 z?2JAqF7@+Um+}+{%)EfH&OIV|WcNH zRT%U;-J+b&T2GW0>k4ufZ-%0auzt&*u+&7D8bT=ZkDwBuWX^ON^C~1SXL$@X=;ll6vE{x)p zv3^*NxLF~bsm|IMWdWT#%TzX(`p_TJ?Zxe|(mnKYJMS~C;NpO+j+fy^ULbur4w#bi zPDX8_67O3YWnha^`wdcR7?frA9S!qE&RM6gm|ON~`7li{0Xjxk(LPOAKqac0V-It? zsJdcmzq+_-=mEc{S@gS+%tSgrpKD|s52=5OYGF4Jri-f(El^DE7GOj{R(tg3ENAUG zdq6g>LDoPh$nGK`yJhIyT{!9;hS)G_tIFAwy+T-Vv&q@aK5z8uN!A74K97;jerQ74ZFW#otZ#o ztxZ7#TkXP3LXh@-lg?U0>L&@}$+XqHSCgp6${hM>Qe5r+Wua+XmQA=8E;Ayur>I13}vH zeU$gqix6^=uR~*rx?NMVce9&==4qvsL>N@`}44kn;EZ?qo!08?st^uv?D!9HzS^6UZb-KF}c8N0SH~-kw0PXicN)_$`Joj^FbPuaL zBAlx&`6!Ruk~y-NV2TfE5MpV9ZiR8xwivzLd!Ua7;Rt^^6*y2PP6ks-N1nXzg*!M6 z9~KQxNL+#hYh;!Oz0x@~Bqsr)BOdKDh1p>x+8K(EuFaJyrx?#?IDx_c4Eii~mjy;~ zHrBZYZo#}gMl;rhkb^<%GmMIPQ zFE-h|!I&)o9dWzRrY#;31)f7^UEHbp6X}7wDyHsH7#DB9PU@krKxV7=o=mR~aDH$O zA$~6;756niz@au)EGKwC`Z=?MIsX3KvQJsXv)Zgw7NHqV@(AcC7PaQAv3b!}YelQLrW-& z-vV_Z2m^Uf$N2e0h5h}z|I?czfF}CQyTeESw{nnE2+a1KgveH>4$%VzTsYLiY=asn zsO#=#0dhphDo-_`O>8W+QV!euC15LW>sv)O-5t_t;D^f|!6yr1?`?b&MdS{M0PAT0 z>n)HwK*!%VT~4Xh>QMv_2S4vlbj&0+nVpUt;|1zrHXwhdH}}+XzOpf%t$H%jBbQiA z2SfT^)L=+?>>kFGf{cNDv-03jIABDQZb@jLH0+`r&n($8u%%dy5pROcw$M~+x608u zsL-I(ZqCGrCX1j_vJCZdjX<}Vo_TOrSY%_^)KLYs=R`nDvWjwPc<|{o%8jHEk8@d4 z4L9*S9Kiepr=B!mKb%$v0!JYK(|4YEj<)l1$&X@n6lDt_L3lSUJ^G<;JTnTMOn!45 z`)oMB+;;B?1Q6#UzKXfe>~lr|J`h+SFY`@;B=6!VLX-C1oa^GNFY_xG7W%`~3QeE# zDZlPl;uRV;;P|=dPg5y+z$>Zy1M0Jl2Wfv3jC5U$1$g5@(nL!|6v zb~VKCZX&Z-w-cy_R7ma$yba!#c^Y4L=LIpF#P$x`I7;bEI>B(e3|P0&%gNp@BbS7`oI3){=fd8Vf?TE zyZ(2P=KrQw%<->Y@%ZU^7JzjPYCY<2xxvf?^#&x&|9ISi(~e}D@6DZe8YXmiwAwD* zD_w@T_NK3YKh`ubup`Ten@1Px69dM&aFBrY?R`$hOw+@L{EunZF4J~{B2llVL0#T` zhcBkx`7SZ(-v%B(hQ=OW{VMhyF9a>7-mGlY6b`xnq-g}SaF5uanh&(*yR)uHAdo-(D)-(({RNJPLRZCVqg6wdFmkpz%Ipcnak5zx-_i`qF7!z4)RuS*2D=^!+OWaUF90{!T)aK(Dcq;WY=+$kwhqV<#>>3DH@v$=X z6iAbLzCH~gF9e9=cFvFhUyi_a`yp`_Ojuw+SibetmD3M@`5MShgStqLA0Rz|s|JDw zP=kOkuJ3P({P?af2FAY~OwJ4>L+r>CKp5EOX67YHKM;T}@M69^yhB+Kba%Y%o9WqH za!C>M1A8}1e(&G-VHg+s0;#iDJs;#z@jV7=1a@t&0cwl88{rgp_Jn}6)m_|eunW&Z zAnDUJx-XPRo~h2t@>*qL2mJ3dhQ2dY3s zoF?yw9#W1rWdw~CC^hN(X4fAYd|q!s;+HZ0X0zPaoqL0RQ4Xvk8&bb^5Wx6IpVy}A z_P4px1?dz`2qd$`#`)n`yO4}lnosnhlZyV;d9HSX?(i$2;tyU0qGkzgw-weVmwf>6 zOIw^VS|08zi;gJP6i;orLF(9%D8L!5sEeV2(?NI*CXd;vL9Iz!DC6~${ooEUFI1u? zu0j3*0>SrO8Fu36_4L-)f^?hw=VbBa($>YA!5(L(oao(Rtue(qtk@0tw>U6};`oNX zI1cMwIyt~bp7xf;Bohs-Ge7poYENf8d~Zg96powY{kEkwMzv1sVRK{lje$vk!;?-2 zM}$H0mT=Adp4`BoVGcgx4yxsaW=d8VvtssTc#=}N=bx6oQcj8rVE411@9vkwF)G^_ zgwMAg@SWa#Te})Cm@H95%%z8wXdBL5N9EoUK znVVwt?{wTBw!U>bS0^97fB?RFKrn(p97hh_J(pMEyG7;2UL zE5nolU;rNGCEpfw6Jf1%gvQoAz(}aEKywT${?G88zy1I3bO!^p5$^*BuvA+!0;|<) zxGr3v%d z+1Hc?Zh)7v4Wz#gR%yGLqwirE+9wwW%g%QqZ%+JU2)O#PK$2J7-4XwhqJ1xyS82Px zDQ6;8u$Uj0&8gTY$0WN&>kBXThHq7FZ1A86rTmKoLO{Q`l&bn83<=&P@5@P}ep(3<-11J1qw2(YZeLegUk` zy++|+l|$^!9sohP!_*}{uH$h4!hQ>eLmqO1K&Fy*Bp`b+bl+^|GhpMM{ahUrsXwJ3 z@(Yl^%Iy0phkUWj0c7d#%iM3nt6&vmivYq-b{Uc$$~bX*rs6m$=bq4493S%hU`VXx zceH;p2`Aa_-6A^-R_JVM782OSiq2S2PsBXSZ|J=yoL(d zyZW(~twX7L`sP~pd9#{BXd_#3I*2k<4#pjAz+1BkOS;JvI$~2hn^q(Qi)M&KX*kwS zCv=9xxwN{*rVhNRgppV!Aak9oNq#y=bewV*<`~I6mzsqO)f6W)amq8hz3h#;w>s|k zZI77i=9P$N>;2^{66fG#amLQ3YfV=UlK-%>u2pY}Ft4^ZXE4IC+zt(dq>=F4uAl_nAr{>?h1EL-A^OUSe6(&%#xGO8Lq=MU}scb)MYAmRl_11i9mE7u=a zt>9IsmY+H|n)HC)Xjqk`;WWt^dFw4i&oj&~lj{-j8pz z2m^#U2NVREFNN`2+BNVnfft{^c+`UQ%C|N=u;YJzP2rQDI|fCoDaLou&k;aBN2s77 z8{-QEJZPQ6`W1Xxgz7Vv_dh z;qiD*f{IMzxtbf86;dZbz1vyet+zlUDagT~6ggkmz&G=4ZDBAW=`YXYGkd1seX^D4 zP6_MN!)+_UT~=${Q#vHsrWoKPZ-7crwZ^$fkMJRkpmqx+ez0_)jC08d=P5I357rUi z(AtJKQEy%w$;w*y96;%>o(?jy^&P}aJ8G_S`|*@|0fjt=eXBu=?sEor1Qj=RwpT(h zq`-%JWVLd?R29bvbBNZU1ybVu7Fzmq=2BsP$p#7uT7zO74C^tV3@?^sU3ws}72yn|DQq1M&4F^EXM)zXHs@7jaCAsI*s| zy2ufqLP(EIvyb&n}P^6bJqgd3Jw!k>ox=d ziEz1A%D8jhIaTFQ86p){IEj)Ll%1>{x{a zaWLg=0iW@YIuIob?@b?vf5rd9ShA#UJ_|VvMGwEL<-XN)e_9+l=7r4xS;99syA03K zN}F^QLfpMy`#j$c^2{#_<=a6XCK2zk6!fnL`R{cfRBIc^+LXtaK>cHW`GcNU5sUZ# zkGx$VSc8SP0AVD@AF#a1YgP$O;@eAK$rzpR4eBEUK|}K$vIlWdUa z`w9!^@0X_o0_;Gp4PDV!ItK`Up`iTs8uTf?{CFRq4*Bo+cpsk*fcF3EA1`|CZqRl` zetB@;;yl1K0#XCGKx^L9Jk*-V*XR5mbpm$0CE7S%3ZQ4mBc$6o=jrajN}Hc4#6jS2TG?hncmQ-{lteZr^*2;>S6BCU@r}ok7%@hU$8X<1O zYOAbnE0}sUC+bKc?OX$NYX&T%dIdqUv?lA_nP`fc2lEt7=Xuw)!X1X_O+a3E4+!~y zd?xL#Y_9wY{xsNZY%|E@+w(bA$VQx_`w%ctot3mEdOI87W8jEdU+$7DsrG(nca|n< z(IIFdQ=9~C@h(XpWG~;)C~+4Jt&;Wh*sSgrcp<;J$`h7eefz!u{`~DM{XOR5OHB#- zHp62R&7o=Y#O{L|q7@hA5hQ($n&)Jmup36Bs;aI z-MD`Mgy6JT8y*!750cpd)(}{6Enry2Y;1s%3^9g}<^kZ8+a0=7aoj%`_I5=ia30q? zBI;wIh@wYAlo}{Zn(*jr?jb#Hn^d!ih1)zic0H^pJ}Pgt$k)%+XhLNDKj@Z;77d3?O=d4f^KkuQNhYN-8Op zr~Y#%H_g(N#V9Edp`h>W?rVK(#fZ(~X^Y;+)Fp{vr@V#R#6!8$YZUPAIa-S`-Inf? zf@L{8?c`n$C@Q@=H-9sO1yx zg1oNJ?XG&%F31*P;jrAgdtl)!ICEvnxtQ5}7Wep|0f#PIAZ}DWU0)^&9{XcqlUG8$ z0PbtkN|v{k+{_$+aK2DC1Zb-x>d}nJi#k#qRf=?95FT{ftubVSWoCDT(WCV0D#U{M zXa=ldZGa6*n)`+GXDUBH{&}7e|&=t&n+aLQuwwfoG@wWbh1z5 z9pV+ZU`KD#s{RxWJEUD5}hDUGC#O*6tJo z^UxR5x^ybd+^#`yM670qm`}E4))HhFO<s2k=hCQ@b{6jvHe_pa3)_=_Bl%N9+J9ZwnT7#6UDKs zD&SuvZoCA6iNz~~%OMF7&9*KAIV>Kn^Zh2LNwzOFtLTsU)S>Ir`qu7Lop%IvFu?W( zDCz<~Yyj=dSw8Q|fQ+J7rL7t9c~5SgJ|8G^IXgh?G0kNW6TQy0*`fA*??*Jk?=w$v zBkV~?nu!sL1@p;vQ@s*SkMC=Ldr1LDr=Rue*Ly4w=0W;a9L9ge$=@yqh%)kR}eIkT}AJQS;vL=h)EK|v(m$qVTlO9SiN6^g8>c$#V%lF z26;(@zP>Y(GVm(SKyh}98lFzZKymo*Ueg!@Z2p#rF%H4_V;gXh_j)rXze z3PN8#Hf4C(>`yBt$hvOKs8W?NibDtid2`4ex5LnTik{_@i+>FN`31X&*uf=et*o8ke?v$p=|S^D}kG#)c)*ZB*~s zM!dK>LT(4_L@^*QQpxZRK+Fa1cEKWVUO?3h@47}`^+25Or*0sk`{8cU7O!vTisshc zP6ozAIjuG`?jk?FnwX3oS`4WUCD5oAA&SiS~^TpL`$fv%7;1dM|ZK*doO4z3`x?x zb?{{6j;ORY(hzdiaIr5OW}TA2^peOldtIlb7M&rPMu9Raw&1F;1}T9Rd$5n12P8wq z(aXHexYh=)kZk`%0tt+I6@7<^CzuqK-Igr}rttjSbWW0pIi-+zH$;)A;p@P8CyfyD z1g`3j9N`$0ydQUdS!XUR$SXc@kH6NEe}C_{VJtDUhP`883F*fm(CZ~b+Hm=+(!gN# z`aA$L_#_E5sS*5pVS#!rIm~;xetM@u9)Xzz3K)Tfpf#Z|z8L~P0ozvq$o^+Z`H05> zM8|YnS%^&j4oF!-LsWqPpJ8)Gf@A`V9hoBo`%*B_z^|L={Q>w7D}xV+JLY1s10x=Q zK>zu=!7$q|ABR5xgisUwMsZ@I>HYuX8JPj`A(w#^k(oCPcl-Gw3Rukd`Vcx1Hm0Aa zJGQ-@A>str6fMY^W`yX5T%NP!mb5U_G= zGOdDl26?#CW{>Kp;E7x-^}O0UH%qc&L=_?!k@@1!M{>?hNTxxXYGd#5N^eJCr#c0& z$#Gc&bj-}y@aFM{O10Ep;dj@|9nc9fKVl8hRpPp}Amd^5^Q9yc*Ktk-$y2BBv~hO_ z{ImqC8PBEqVp~~2c`sMYdYPJ5AV5Gf@q_(tSKH`fNIFgsMIlI+!H2|m6N#3 zmeRV;TOpKc`{*^H-aI?!aJZIO^I)XQ-q{gluOk&x=t5_|Mn>Se%aOr~Hh&GmHU{Em zqY#;7(DZfUXFf1U5FQugzQMO=dvj~0B=+2g_1G3Z(bHSyemGt9C-pqKz#Gu7Hv!Bd z*$xHjc{g4-gHM+B)D>*kC0jd|B!RvUu^vAAr@iSy=O7;*)%Z-&;pz~GfMrf^r{o@g zCd7FWU_56wRZqn^Fb0-$z}r#_LXv|c)bMRF4H077Pttl)L5QV-jS?+x(6}EnVO?9Q z9Hv_nmV@`w&iPfQHTAH_i!)y#b6t{&k#iWpTf7QVV+JHX9EmB zNT>pGx&o*NQc}LOY`3?_WrZ9p{jGBOgrlsVFTxsQ0qr3kls|svKYilOpFZ>d;64G} z(zaE(nd)A<=qcR&rn|`?Em7t=ejvOs>MfGgi6x$j+etmt{tVb*Bqm*u!dsnf6iM~! zJhPD=io&QMjSkH@&hE7-T^*C}PyJK9^+b8M&tVp-5-s%uprw^S-9iY|vRLQW8r`>1 z^2k}rDxe>tB<+5&FU0I^kadY~-SMD}=&`3UBOY`LM-wd6sDe&RHtGa1!UmAOkUZf$gr<7ePo22}eB2XW>EnFdoQ|AuiC(r%FV0eAr&9k;;O^p26bfwi%cJmWxPpDg5{ zB0L3iI1R+AZec&;t456C9_vY|PsKx)Uauh(AP>14!mU>qsvd3Ai>w=(=S`|^FtJHT zelgh62%pb$U2#En0p6YqF=5Z~$%(DiK~(NVgGzJ+LJfzEiEJOl82o6R{usf$3F_#B z26hc(1FGO=M>q9^#V>x~A}CJR0>MESbUWe$A&JKfR@1f~Beq=Rt!R?1#~oTKjv+}{ zXpAI6v=!(gO&+nE8bp7t{6qv&^148)vmszu)#B18ff5g-;K=yI8M=YcDWrS@P*~5m zC_aQ7U=LU?st;in07kzO;6CwIP_hskNx+3-g=2mCI>O6BxJ`!v%MtZ(z0*v1e$~+f z2Ho$hjL=~#K!24bVBz^MvN+IfZ+?1HXD}Aw9Pa}38yI@5`WBjqN%IxBdn%2D4ZQ=a~UZ9z{1~5)?EqDO18Nnw97Z3}?h>uPq*Sr{FtL-{GKmRCK{iaq0p7+-_ z|1&X}#co%NdL9aY-z(CI)Wn%=aX%I(n7#h6C}7`f4481jy^P(xvMF!?BvWuLvrJUI z5gtT3czG(y2jc?eZnf*Sg>@4B0<8K2PLaKCCUOwfAxKNT_~<-l*&KZ#)pWhA0cWdt z?zW5QG|IwF#Y6B*c9Qm<%&r-F>C&dC1|f?=k_xALGZ&8`?-vLNo!-XFV7hS!tEor8A0V7-p*5l(&X5o1@RgJC;s_|S61 zV&|M(sRCAf+M(N0ckS{*(bJMpRjM^d*I&jYw@&0HbW`o|$Qw3t1^rwod#QQkiAW}( zY8!JB{J~UuW60}NdP8-5&cHAel1i+!+>8u{yeHVby(+0?cLuq6oE7Urh0yJWv?FdW zpo5wy?mV%v*o@{WS{N`SorojRDUnwOFf?lVp$uG^x}}bR;r6Roc(JTru5^U5oekoJ zw-%qpQS%iF-Ok35{piVAe@PFh^#F$}fAY(6HW~MMec80=K2qzP1gu<$5(+QmMggAg z>l5tx#X=xG=$I2b#ht2uGRPy;4C=6U z&|?Tc6aS2f5TAc>VH__%`yP|OzPTR%DQ4q8CnSHmmvBEtAN?ZU`F#gDve{2^*Ef(7 z+(jQ!be740ri}>;)HN6V_TJo)AxYoi1+ICdjIDJXigSVCj11sdOJI zGbo-PyiIvEfCTqenPnF^q}R90>RlVbhWrsq2MYX8d4&u#Ac#z}#HjO7%%3&^%V*ahZ;R!vT{c13Zv&y5!Dk!WYibR zQ8}K9p!d-M4&lz^(^no#+HB~j6}in3BY?IwuQJQXf0djhsG`s?PWzvfNwcR}# z2|ejSd|^lrOp*wgFJhj0l^5A1wF}xIjht=TTHR`_G4PO z6dKe*lgps)4N&}vTIzQBob_BuG0)Y+Xk27zxS0=qyh-)^fb5ypqZ|iLCtHE|V6k#o z*k`^h@&fL!i2}HrsouO>0|Dq#8zv86o|w1&T*%zs!MD0TEW)MIYsgVj0%a2Ip6e&I zq=8se+zLjZACO#4;6{H@2vh^qL$l9QdtA+#?YI;3XdPF$0Vj0b@qZ7xH~+@5@v9>c za{73IYr@>RS=R+LXJ|-oSWg&aUG#_yO@4C(!jkWJC2*X?)B8CHZrmjm5OccBu|wpt zOrEZn1Out+Z8I9>O9O#LFzipUJg+^MABoK0BaDI%C!+4+WT5*r0bmk1CMebJ#WT|0 z26YzON@E_`>G6Ev?aLs+=0+NH*MXz;;cl-APm`5<4$hO?X0qAdGr8|=4#vlv#7YLU zKg;z~y{CHxK*Owh^$+2RFQ3Xw!+DrV`5WUPMkJ?}dlw9WqPuF+&O_mhcpSDUOJrwa zQ7!Wb67E>=4#A^5LnD}!`2IMY)D%CEWCCA7=My4#GB+9=qpk{hgGp+-RLS2VEQRfS z;GKFhhd?CyV|RwHDWQ7{95K4W@u0gS1`KZY_3~)s-JtMey>6*|#s8@Tbo#JO3;5ak zUn|pp4hY@8`^WA(8Qgz3J3s4m`M*`C{}e#}&L4+r_`3jd-Tf(m-1)L}{N5-2L*3qh zRpT@8=u6@LcXj*l%eoDa>W>=yt#JRbZady2zv&lm=iWTK;15|KBE1HKM79Cbo-0E-)yHpwW2*k)H~q@Q|E}YJgZ}42{?B!M+fUZ%KtIs~(+cAzAZeMn z;^eMTw+tZ!qHai#v!Vi6Zz#Oe_8Hux?eiI;ww^sSTZvcs<&Olpm)BSxU(5Cw=QXk? zf~O0AoB5qAob{FqqaUC8_IwDGm(7Ba_UhAGj!WhhCExge6lBbRa}d+)eDfbIWHU-J zoB@tTcKykzKzdqjjP2c-%vn4?P(WfB`lUe)Y3j>iZGeV5lZ=w*v3|H`6s0^swbV6#d$SC`wp_OTJy&m;zN3XswQ|8-X(CklP(AhZLgP6~~~ zPB_?zI5dvG+V`t#KL?`>rkd#eYq9fsOu9ziM(M#)Ej+9{1GKMxf0&Rdtxn%8-2cjX z_qC2g%lCIL^HIp9N!N4aLAWeBOZf9isL$t(YFWH{{JxGec91^njXN1*tyKGajvRCM z;l)|tod^C|5qNR79>=FzdY$C$4zAri5+^O5m%Eo-I_!4oqnDRCFPYtIg?im~^JaIy z4W;67N%}l-NC*?ZlBC^BKO|dx5GN}*cPy?9bwVpO%iX}0m2&$=DZaG zGw#VJ#HtA-XmnUEV^6>ac%WXBwWyT?Ui<3SSD|ub>9)gG88Kx6uOBBWl#zKk?9w?| zsfV;b!8mSa7XnUGRNcG)dt6VxI-1Xm%Ba@p+qubDTbYvngi3r*Vq5lIj1-xYEP zZ0N-;>HhaB`nS9IAFts1x5T6WCh_>~75x4adg;Hug8x^g-CP;+^L7kF!`i?uX9X;1 zKs7mj?>_q_4y4}v)BXHkmHF%6(rJK({r-ObKP~gX82!7>|Gvz3llghy=lE6mvCO~S zc=sBd-ukb>E&t~3{;QG?mF0`-52D`8&T0^EU(nI+TH}aW2qvT%qS{IxAR`8QnO$~D z-E|voFW@Vyh>Kc8=Xzo?O&)_YN^Ekps;wPJ{p{YkzqtICoGzM$n-LnxPJAa0^DAhJ zfrweRUD58on;S~HUWTyjFST4t{s?*o1*}oKQ@F`Nd@>P9!a|tK7AVI-j;k(UA}e=% z_&o@r_1@V(db%y!$H+;fokqtCblQO>w}4Q>?X=Mp@%|dpB)4-V6|d%V zef13xf{Y_Yah3`63|gZ0LR&hptvpaH=J}%jx=uO0J91Uc=V<3HHD# z!EXihVmu{-V0%`((%JTQ3qz=J(KE`6*E`MDX>xTzhoixu=FY3{NC2X~pr>~d=GwV8$}w&vcB z60=s9x4JsR(oaBB1x%#D)~&Bf)?dV zz{vA{Pau^#tiRjje5>2=AAc;}?pt0`ena8Q@%ARdRp!;5r=J(1AId!Y7bW~H@BAV! zdFn?@xWlz`i6A)S9qaLZP$gc>bT_;e<+h?3DG)lMXzgS9ia%`%^6n90^cO7Tq$IW&WMl4eR2!=!;&LGnBi>eL{Dajq6E>TZ`ZT{^#4 zPq)^%`RL1PDUZ@iU=}IzRgdcCaA~6u6Aq`=-y8vUPNpolp}W0J!Dw>(q7Y6;2NSv0 zh@MUHI%DsWvDeV8jQaMyUwP90}z7v(-K5!GZ`@C_! zQ0$~B2INlI$o_daU*g+*UTVt07wH8GZ58hC^bPHHcb78mnH!9@21%beK$!J=5R>KN zo@>@j-n%AouZ!bIVr4QY$ENisy-*okiOy0tcsikr4 z8Jw3poe%}=6CO^_Vq5ooctEib&)!Mg#RsbO$Luf@z3u0R~%^4GwGxm6<+qf%uQ-lP=!FLbCU~ievA-T1bMZhOCw6{esfWurn;?N)VXZ%Iu&Du*(1|b+VCd;u zbS;aQ4#~5J0E_e;W|SPA8RXVo?l|)H+m;8ch7HsX%q2?F!FjFP5?H>}DxomWe? zmtYV-hw-=C0FdOhr!U}_e3{oM@Y;M#)rbiW(E;WzH%cHJoYlM%>Z4k_!#On%|L8aQ zzP=erKRw&3cx3-u^)2NO;3`xt9L(1CZPOF+q!47+I^mAYH} z5Cvy#EbP1Q*qX&Vvq-1;^gKf#ErXsCVz+^t!z|;c+eifGh<=ckBpPW%__$6XPht0v z={^1GnLFr%Uer2^2M*81mA0^cx?8>o0m<=^RgKA~vS^bdSdTo$p=8>!2|`7@^(+$O zym5zq{t=6dv?XXoWsPwg87E;$M_m_M0u%nJzOi8RBgqxkbW~w!4hYFWS|x#9NP{2T z|BL$eMb-rMO|H*fex(|a>f!x8y07l>p;?Q-6OWgHc4Gt9HU1P;Zff?NJZwC{3k{DX ztSz7INn`8g{-ixqZnE)ys}HzB10}W>9B+N`*aN~Q*iN|mkdOUZ2kU~(1aiZuy2^1& zpa28t?5^CySQ28~dmZPfNp^>Pk*ye%Mnl$tm!Gm~l&`69mJ%OWn@==?>>@hxlwO=+ zgW6_-M@Vr%Y&U^&4Y$G8VN?#gV+As;Ni~#Fmdc4xgJJX8?}leR(Cu836=YlAgvU-H z;Np2mGIo6d#C?t+h=e`Py%v;^(UNzO=!h@qK^%mrwCiYV6OUvG0(IZz1zDtEG*PA{Iy!X)vDe z(6EE$(e4iW=z~O4Pfl;PGL{9@u8)w!CEP1SK$NGlhEBup9~)L>EJdVa6(Hp`o?e_| z<@SS!RNgktt=ScoXQHUesYH)OZjBm!tWm77FZ<$ZEMfCZ$o7hqB`l(E{)S8oeKBfz zmtl}chb4;)Zi^_Pn%W1huU!q#5f#``^Hq6QRcpzf}(WnCasc~JS? z{k#K+3{#E6sl2g61(0>p-n?kOn3?8b@_E;x4>S!2(ML=QfBL(4|Kg}BN9n#mWCGkM zG*3iAegkS|CHhuKTPFwXlzFLPhmJPnje}@1A|XyAT}3ck)hEC?Oct1&s|zTh(zT}{ z9^H|~p`Ud|N%w-{J@h^Lw6Ivjvf?V-nf?8-cgO+TZKz>lrE-@2s)FzTv}F`Z<~nxW z1@xUdE0WHE)6D9)<@!1@;wsbm2J15v(SfpTQsu7WLbkN0J%o5 z>~jd_d^ze#ZSx~7gOOV>t%Tq8;z+O&=AO+-!0JlN7*ifXq!j?z&<%SOp_=BoL5!8? z9(NT`4L`K{U&SXM16ySaf3Fu^?yEcP1?>xtJs!?rJDkh!eSjN)>in}2@F$@P2jbgL zp~`XfG0eJDJBn0SNakF|jb5DO4y!}&IuojllT8hSDEf?hW4N`=Ot!VdB{yU()3*ZX zQW+n%oH-`lddEplV1r#w{q!j4UHycylhKn0j;LG+d%=xYCcnBUZS{Q_7~%HRQ;_4- zVU|%8S?cdj3+lhp_4@4Xgk^T;HYM4E87#N)#b>2)+)zjSLgS%+DG|zQK>{Jnh<5kx zXTgAWN7~ul{&eB!5J~MXF+}z%XNvcLL(-bIYqmjn+3hy__8=?6b zN9HV-JD+?|I4>*7ZfQ=7wZo~mG9e(FURm-5N`6DKI4yr6c&9S$Cq#GO*vL> zbY8>qNO8f1}f#J!AC+FL1px67w_R*U7&*h`aG5xnswz)n0HU7?-3Annm6`I7%(0NFbdAk!8DimVacsFR{lOYYs)KwBTj>y2Hv zwSQ_#97cuIXnAL(FvYMNwW_?gY|bU>YQYlTgq1$lkyToV!?heZY|ysgvZP0h100Mi z0L+N=VmHr^^|{oIb+LD^9tMQ}8UF!#J|}EpvH_BPkRDzk0D|Mfk!0|2ADp<)1d6X< zAJzqVGw{oP1@!@RnF?*=cR@9i@qqk~3ZgsC$JCSxfeqV3$yhBdol(CFpAjqxVvOW+ z7oU7oTwRFk0kv*c9iTlwZ^(Tv9#SITJ;2t;E7u%5c@P>%VNYLuU8uP?3muc);D`p(J? z??q8#e!a7DEbs=u4w%2rmstyNjndD!_qY32hMit@F!kB{=h~ZaRKGl?Z}# z3#`rs^srxj!dE{aUkNZEK``cR0J#5r%M`w-6f$oiS)fmTOKCg4Q`+A98_9p8?!Q+i zyc3B3H-Z-6rQuxVGFh zJ7s>rGBB_#_8dzR94_k4;D6nUC)fFU+XP^9hJ5Tz&Yu27s|qNgTUu zkz+x{S{_T@b#$5}0d51!j%RDV_dZyuc6qa>VSU$@IYjBq1SGO$dt5==^T9&g?arsD~oQ~{vNsU(s9 zi%4{aZEj!~tB?h1wj*Cgl?~1NH zhL*qFZ$NCvq*RmXcg36o?G3rKw%4XT4+kvDO=HV91F}19@o(wax=4bXaGa$C#%BjJhPpy<7Ulj)B;>K z2m=|dvkd-@%i{sJP_~JbJ@;@LdPwhC_h3p7oEt}zX}@Ng{P4K{?b8C8Q5mDH^&iIvu+DyX+J6(2yaCto zTl@&@5Ow!rOpk2fJp;ZJ2O>doDn0~(nnq zZG_kot<(aVZ)ZeF$^up+lCYdMJLyv2Yq-1%E@~?*A=C0QcP4ZfC`e$@wLKHgB~v0b z*6}B4Lg0*@og-`~`6F&6WLDOFyJgzbvJ8V+!59j43S`l~YnXoM@NjkqhoH z?EMx@yZM|odBP`e6EZ3de|w5SVHq_N$K+mEuvXPlF#IA&()TUqqn9&!$xtzI6iNH0l(x}k*&*lPOIysNV=<|ow0Ql z$qTi3hgn(MX+j^Jsgv9ug6zD?K1l5!db$r{W6>{v9bqp%Jig{FebO6=-?esMuCIR@ zxN`BkVAkKVDSxAKV&k6*=9}YK>&H*RH*g$p8xQj#3l+=0^-SCP?RVx)Yt>g+e z|MM;H3%~IlsR$K_?xV9my!qK*3+6|q1)k&b1x-r=?Ci~N1hzP{f_{FAl{x;U7(37^Y+0GE?*uT%tDAqzVUaIf}kpnv}jQR`f({>-%BfWeA{d*m1e zIHX8{A^L28TuMK5rSJRYPx}8~X^6f`h&GJD_@=MUUTadbe?QIw?zH8LyIxprM%7?6 zI-&-5^;KS;XYk}5^L4u=Z#2+B2;g+(y(hM7R3q^VK{klHBMg<G(vNZYxbHSHkK^y zIP%t+Ctlri>*+Tg@2`vMPlLtHcN!wyYz)5DYN5L&ZrWwq5vU6wqPp$tx;tu(awb~U zc?C)GJOC~2CET9M%$2RPipZl^`EoO$m+Eoo&ggT2oO;b64vT?G(t%kXY$RYSoH4}J z9h7L!iR5&?J*zAgUBs-AaYpiVSiOD8vI?*<&(&s|b_jc33(4P$ul;g%iHxFQn{=#9 zqQ&Fe<(?mUlqid*14|+mQK!3PoY;nmhDh}U)NVT=5IvG=9x@0G?T zF$bwQVZpuXNM~A2vuK+d_rMPy=w5EgyO*MnTX}3US1alP@`&&D7&;iFP}7_H=%3{Y zNCx%|b;^g$dX@ItU$!uHj!X5qo}c_PRbyH~I;MSM+key$-TDxwQy-qJ z+mThTZ`b(k2(58(0B9FP=0fd*u8uI)zguMx!%c}5fb27vfwl5^X9HU~_BDk7?s0!# zS3iYF(9u_rLkE!D5=LnCyNCk15nhA2+P4>{-#z~42;t994>!v{KmNacdJw99bneIB z#vWuJjr+G%*y|ASFXvuqCU6?`VDeOB^xPo@+=H^2s%&@c~&D(HrsgoFVIaP|3^h8|MGR$5iJS?#y^<#8+DqWg|z=oLI_PO32_5~Sqd(@>W z+Ip}Lq<(@TRXh`$=bXWJ?P8Gt`)arsq3{SR-+&M@X}gNFC0QF0oY}jf_K0Vx;j_VT zed!SsC4M z^0Ac$2jh31i`N33&50@?;9RAJ^?(5E4Bc;X!`KF3o@f<^e+<-N;+vE6I_>PEROmpM z@%WuZm^z+93Tkicgptz4$DzR2#7gn`CUWP-2N#nOvTuAC+ZR{JwB0E|Hi3S^pD>SX zF#*{ZDcK|14u&u(ocCaQVhn)+z%k=^5`WgU_MV6k#iPMeYZ>4g%afZDz$(Y(=xrYZ zH=NMYe-c};r0>gi#s7?Dpws`BZm0X*zMU;k~5cV@EF^R zr8ZO?W@E)3D?6jq3Q$>z2@>rihF|NfX=H4pTn*gosmCM4%zRfnw*bD!pkRfIL8!vi zm*$X=NVzq5-trrmd>4e--B)Cf48T{s!Q>67s?g2Y^`y=lb*mghb;(8#l3MZt4N2(X zPDD7?JKxbUTZkTv>Ms~2m)lbr4n3jK(p^h#&`wHx9ue(QncC~I_dR5DuG18U3!5v8 z6;{#ZYpRb&8*;AH#}Sw)vCiI5zZFH&{ijVHQ^k0B);PtF-)Fd_&n>bw51BTxzs zdJwWn^;vpuh{ia~H*FUyGB56+Z#gQirG*_@&BO{hkb1}9kL?A8ye=zhj(4R|cbc}h z)!mtX5v4q2eA_`^BSrZN;Dr=cZ@2ouusZA&kv2zW|WmgXgBX7&=9bJSPY3}%Xn*O3KLWBj1da1JwS4|h350bhM* zD~q>H_}LCyZe4{u7EVIruxE725~90cpiY=AyVdEn>>y*`_~4Wu`bH&IyMXS=sxB%tVK zqlD`~dHX)wLl-awPk>Q>+d>aR%pbq%Kb`%Xw+b0#EQ|3*$gJ4};|VzY-*T28UYj5m zPt%#|<0)7;C*0~VOD^+)zI`w91jta@eEV#^-kWZ=!uEUBS9$v#PxQUjJH}vmxSWAp z^EKXx1LVb>9zklxS?_OC@mtKY{E1o4-i8a9EE%bE9#fX3?Ja`o;NExfFmVSxlcMMD zl9EDY3`2|qhCze=V$KDx*h^NbmN3BIDq&1@1_ZZ+M^!R!eioq);ZEG~xplyku}<@0 zKMLxw)u$`ajJ2H!$cocrLtm-(a(X~Q4B^CbTS-dT1v~E5r`DWPhK&Nx)38yv!f3WK|Fuyo= z!=bKVjdwE!CSlWOw-eX$eyo%0DcR+edcrw2ib0ZwK^bfy6V(@X_%oxG=`m;WX0?SU zL~68Nx8?08dh65E#oy`)b+zC+i@ICT2=&6L3+<&yJLd$5xT#Im0!hcMaJTQ_l~%k^ zD1r5)jpJt=ubOZ1f(&l|6S0;KkgMX_hYH+Bc%w7Yn+1iJHcME1JL;3YIbBZLPPx9MpB zECb|FFN1o>oD+}IdB%&&A*HuhsoUtt9*-h>(8UsL9+!J3`AM?3Bv~nPXkK=1FrR)L z+5P6IhQ-RKcIc9KHTT>tgh)^yZ5xjl!??t2s5Ks-rKI&bKEabc1P;vD471<*=`w&gSUO z@$IG}N!lKBB8!hGehY7th$%1HSE^=lt56K#Qe2(Z3yz0@DUZ8(TY*gkaih)dXG zDk<}FF*dD|1%AW)qs;Wjb9(##lXH6cu}A;$oGvrm{1DTBcTRu4_W$)c4IJ(N>YP^3 z;qm1Ko(ZV`8t`5vu&*CYbg)^_F&)F+m!WO7rA?~>{>9O^bxBw;IRA}^WcZ#E| zF{_(q^gBKQw6wtcw=P|ExGz5iOgoz_aB`m$1RBF8>GpK(!rqWA>U$$TYi9-_q5Cg} z6YS`lI#0icIao0$lnIL_o%Yle$0u}8RL`&uWn80v|`$R|j)2JtJ z76i!7?X-hyNgHCmkvKg8qjAI^s6I^I;jHFxbJp7@1^c9Cp&(s{I7XT4d70>HE+L}Q z{;&lSxfEX8{T>wEV?saG#NVJ{dM_Nfx5*P0nR2Pol_M4+>4RAOND8EAE#S$|w413= zShl}}d;viXI>`&=i#R@|IoG1V7#$P$tc^W+{uKbUqG;aj@}O|FwVXlecY%fRe#bot zx&~G8a~ptV9(Y1qTs$bAa-$b^%WZeFpbHUnZ%%t1Pt4~0f--V&$7wsa#rh&)%c897 zwkWPhrt^a^To+G~?x!>uUUrb3RGI^w!>WZ*sXBquzmayA9?v+uXf`D!9@x;oKf6N| zw<>?t1l{yC2AcM%u6In5`#HAU+P+3&hx8eMP?C=rMt#qpP6Xt0|5{W%Rp z*V1x5NLN&t%bgo{rLW^F((Ove8dPD7$7dikwrnixtJ1aQbjs8RT|hi<9}$JuLE-l| zH^*9N7&RZ-xj_`O>$3ECCedgGA6nCrO@s&vuTL|+JMM==d3k1JsPXMXetJA@5t5?8 z%;d7&s?oht;NkJP6|qnR#+Q3r#O2CQd?&DFG3oD^Ip%(6nHZfDGagZ;=F<~(BCZRiMS z+bh6<46ECbnr?Uq+0Qb=L#o|eLh`3m@`m%g+$fM_Z&U}6kbTJ?9zLvAs3E=^YErQf zi<<7F=TXmxK*XO16BYChA^?Jm-4v(F*spF4i2W8nJgYks6kzm_*A1mtd<7Ax2FoK< z&%##qz*Qupqc~6dsLe)$q&>BLy96iD1g;grg-xhH8S#npjkkWtk3UBPc-F73 zmgZ5*J4jhokjNoP*HOP;Jy0ZTIAm$M{)^@?f6c;LV-5)Y6scMpxnU21dWI?{DXo}u z!*M4r*(Bx)aB5r^d+MmBB^&f@zXzD~dB~x0#BN@gKO4*~F}a8NLjk+!gRu2e+?&`w|abdp(YqnuJ4xIgnYYCMF^-t-mjIg1aLhvfSBVyeR*HMI@qLstYH7IzPt~KEPQpK-23mp zyq^^$AkPB37RVysxj3KPdj8F=e=A7n_uEv4afNxO9 zeoesw){0$gQ8#pdI^9mT)5nF&0-ZR22mr_#C$*S;hQ7)Z2%JoFyPUZRwY9}P1!C)V zm@$q_rr?=rO9u!y0>vA7@iqpiw;XtHz#1_O0Vj{>)a&T1i$|Y1fp| zed9sh@^&kOy0=h-HYK8ZA{wSUg1UWo6*k2QyQbSfl4fKUr`M_o19?rD&e!t{BQEC? zuuFZ;0F0zey&m*FF7JSx3<*=E@I^6zjYE;W>1Pjz4mJ>o-k$4T=O2t7@mAJA_9M+c z05vf?29i>JC(kCQk{W147TJgh`0U zFjpHkhd2&Q>1NXUpZ8`;-Vus(3H`R*>MHt8LYTRTsHZ2x# zTpoD3zG$}ndhSnBv5P3s0tQZz0A|&Fow%1^dBGnPB;5aTZO?JPbW8Pn(7AmlAQ6B4 zZ-m|H?}|KstH|8(a$0|uKfjj;I*wwTj#m^i&CfR)EcfdZAdk4nrxbb&3-4Cz*>8aiiwfWz9D)=`2 z>qt4nTpY-=wh%oeWmem4o2Sbaa$N4Lxz?Ox ze4}eC2>!VprCUJVQ}?xh-uz-X7sO@@0F+Jp#Ht`M8z*={K=sm9d0YWd*p0+TTLxf% z1z{@UF;0dRT?ap+#Y}`pUUp=&u=o`D{;jloESS7yPO7G12 z4RBa{thLBduV)@Cst6FM=xx^_S#x_$u8eS!G3MpWbP@OwSxU%3PHc7i3`UKz&ZPI3 zN3`@f!1O!}O!P3tM@SyPeBk?EXh=l4{~jrKVu1+?RmuC?5!y%4ZlTvNJDNd6;3xb_ zb$(li(=}Q9VAa(fX-I#W@ebfi4*fQROE^Wo0DD>i_B7kd6gYT8DweG5&bRLiZb2xG zTRed345+tcbyR6=_g>KjJLi7{*zCs?SKzizZAeQ{rtsmmw$B zCdFe1tu|tRBj{7WzLs}{4})r3D*!Sk)$OZ8acP(l8f2i&2hMVVLqOdDTY^1+GAf$Z z_9ybZoo+APbjUyzT!_fTxc#an(mfj}Qgyg9*v?O?4j~%UR*f4iS+|=+Kq!k(M?f*2 z$(1n_ua4%n=0P}HOQ$Irg0dpJZ08@OYuG7jw#9n>;rYEGCRgNdPzsLe9)j%U(aCBe zP}^+Ake9VN6e!wHW?c2a`m-tw&XX?{8Wqe57h$w%W5IA z|9Q1I7i|08#1h3mbjN-)eJAyTsl-)2^wCR6S((PzLTKCb*_A6C-fR5)X|dn$aHjwU|ASIo!bNuG#fj5s^m3zn4Jq`PCw zPL{lSa)K%T;+YYd>ljHe84;p3s$cNR>gYq=wJmk-30dmpOf*giBo!YvY+9l>STzU0 z@we~cc_sLF37GFfzIq^~duRS>gcCml<9$Rv^8wF{c8UXCyd43Tc?J9`*4{5Bs5U4{(nD%!*R$%$>55`z1H& zm#f9~H9j4Gt9?Gi83UX=fnbkpcPI2j!{C)&X7zFCl|Z`^YTNWFIe)cse9n`Q_<+*> z7#U~#mS34j@WDGs8_3Qu+UL!V`)nU{#KbR{7L=!F!)@3t9(g|8vL4|osTL!1q-pi? zUfC8*_EuMfgbq0%1a@A8`(t|!C{Xo>^H_jTgsHl|KQfF{dG7&Kfud3$9?bC4V%h-B zj}fE!O)JCqfsix^?-C^EE;Fevp6p3__*>%Rl@D6ral+5xs+6M%Cy@YB3kbb3o!s|sKCUFY zLj1rIFBj4NM+P&TDtJKrrQgmP)}Q6+|0AsSSzw`fnycW6BOz`#NxR1m0}bbP1U0JrKp z)a~AnblLFinDX*yw+wS^&@W_Y2b9gJz_l8tkdPOsj~;4^Wg{8C^XhN#z?TY5P&k z#ZS{oQL242ATbt1Nf=F^8W!SlT`}>7V8B0+xIyshLR#+*H7?h*zTB-dop>&@FinOXnXpXdvb{x7lMWM zA!n%xmP7Lw#?jq>)3*Nj+&Vu%dt=y;J$66UUxc7J9GLILhU;|530%u zpm+`6gpQ%4H61qGosx(S4AV0H_pd!l!^j*a@3pAy#*=A7U?T)NIYe{u&xd|} zs^meF?s@n2dluV*YaF;MEX@!GOW;VO7YV&gPcywY!7Gtk=<$p>jXN&5C@fio+=h?H z_yERU(Du;WF;ndvX@`*B5FHF3leV`8w6?EDt>e2guHKJq0$~uGyh*@u6!D%vqO|(l zJuL8mM!*6b`)qMU8aay6a6B_1ZRPHzRgd^}E~#?_abEVN9aG`;W{w``(F=Fa8564G z%6qtZU1^WmVdb7n_+=_A9g5bw*L404fs-N@N0lRv%ld?wBgBw%Wu8gX<%N!LOSoyY zC)q1FVC#`7<(P$_5v)_tq0r6w%29_+AH{h8upKAY^!}=O(|Na2ISA5fmtUNiC%{9w@RfHt240Wuquvl-pKBSC(9OcRtv04T+e)8XkR!pPHL`(q^UDSky@?YX`DentGS>rns5ht-=f z;J{PU3zJxzak9=vQjcUZy3RxNmrl3D_r#>yuBh8U9&-b?B1RBW+&8#lIB=1FG6{?_ zymhXCa4B&2)}E8cr~{{nf!>FT=r5daFSZqUt%T>T@hs4tC9TKyez~wTr5TyVX8Q4L zYdl1fftJ8|Hj=O|Clf8)h7p`c>1SMCt$N2+ve9qp!8agg=-Q#@)_w51C|dj&B#lpq z_ym+^@QIZ>pQWayo)lY>6>7gGIwEe+o3{`$ z+4n5d?a3#toy_-WzASWvo?r1|Vvavt_9$3FkFKWPt!-~vR{=b3Pvm-1WVUC-K5FlC zL^9G8Moo6&Bg*)r1njeO5>u~o zDKEVlU5e^vI4o?(i+-SY45%}gJxP;iq2eI9a}6qVKj%hz*|SycZ}hZWq6_}W!NNSC zkd&zH@#|%}A9QgKiAF(9Y!qf_*P8G^vvTR|3*{H}~fs1gt@finkncMQ;^RLT|n%9}|Sw%1*y;1OpJ zvj?C=i08s_0kdv}rCs#wjB2_KzR4oX2sB)x+~3K|b+|6D`Bkj*&cvw@qISEx*+WLH z0yLOUf}V0(Ki!+*J|`xyf93$X5H}gZjfA_yy)^+W0YAcWH}@;5$reBbb*K}K%I1OeB2;3_jlfh2U&J2gxz@+6?l39LZWF0r#@8Uev0MY zATc-lJ(d?bm>amJvH;id3xs@Yf1pS>c1AnU62CVk2Cf!&dU2qJgTpboe>;EYo&KiU zgmZGBaR5ftq1ARZ5`a89ZW4M_3*OLS)pjz3&41`3_itTa2o+Yi=;H?U0$3r${P$pC zh4VguYEWGK_I}OE>GN+zj)Jx{4XRKsGzAun=q}%5s|M_@N zIrQu6aCBoO2t9!m)z9b5Cl45Mgl~`=ykoB@3pobq=LJIZ^KphJ!bd>>J1D%67<__* z+t26WSD-Ki56_<$`~(XB_6={JZ@7amd?gY?QZXbH-&xxHmQ4Kodcm(q zW_f|tO%`W`8w6CaUq2%J1SSgzxE;JQWFdcj2Z+Bi*$2x(7IMp8X7clI%Jke&RM zsSMvpgG^<3fzNxmu@DLQQ%JKFl)FfVY_v~*9@^cH_4mK03%*pq@SSrX*8zYZ=n;%@bRN*n9 zy@Q|N5upTk1)*jT;`a4Nz0=%d2^xd%{g1!uA$>a~%9bE}qTo^xs(tbOs0Eu zJdFxF>sTW=ee3Y<9rmv}#2`pUQw>r^PBt3TOnOt- zQx^&#(HleTRWJH3fWJlirr&}iD8MdVeYhQkXY~%FR_IOrgSiyo46`ZpEw>ULsX=EW zoP7}kiG=`4}w-UFUeBCi=HrZowjEZN+zgI2n&KRXBL=$utn;ECF~D ze28Rf2dJ3)73hsutk5c~wM?^~Qz1iNSWGcY1M%fDm%dXEs}H1LT@Kk!p|-BGZA}PH zHxIxr)2*@R$7Xd1x(N3Al%jYdT|b+zy}<`g3CQ#uym(L7zDe}3u^G0o_^`SLILCMT z9kl)z3ia<81s<}MZXwTX!KX3sC1^L*bJ%wveU_W`)xt(U-jGFn5C}~4+tmjfdv>M8 zS_Ur_?LU+4p_c>ihR**ZJeal;r30zGmJ{4YQ4JQq#=U2iLZ!xkL%U<3MSfn4$N zX+?dP4$Z$!zjqKi`wfd%usB$PX2_ETXOI5#7I@J?GNe1O%@u`T8f6yTF3K$Yh98@& z8|;UD6A1Ls6aFbja&S28J0}Jn2l_|!TN?_qe0XkZ0j4ad#o06=5O^Dkzqe+Mkl7+L3sWa{2r(L5afR$RV)(u$B!Wk0^Ymn|L+VLWQY0o|_fC!;7 z>_%CyBRB%^_3cLQ^EDit={yT^Iocb_UXq&;y1O0^t}DXH0eBC9Wrp2~woUgLEe=62 zNf*yrJ!^Zjp-|#uu=gEC}Lj2j*BHF`28 zBzG}hh@%kGa4<>gI%l~A+>MFabGjK#ERIq+&c#{PbUh3rnQ&hY7j$%4Mm|0A{IpiLS4_dHVd0F8JH_}@{%Vu znzHrQUicK`I?e;lCNNrd-|be_-M=x<;{4t)ET4^!qzZ+b$2K$Ggj2;_@;E$tLFr6Q zCg(tTv7!?Q7#*&4W4x3eCS+T1uKWILg%Q=jN=o`j-=%z`BW0QK<^uo z9EHAKqCPG~%tP0rm^!Z%YV&1xuc6spvQAH9M8IVB+20Zba>E`P!mraE0=-Vc8Lumt z{ww;saF9xw#(5#ZDR$;*?WHai5YiRPJ%vZur>+HCp$^9*jwl z;#KjyWt;^68M-1j9Fk36q#WpfmV!G+;F-2O{y4KffAvpf&plSkwzNX-%|j(QMZYtYG76-D+??e#Y*a74)@{o z?DAZp1?D#K!i%VPIe5dG;nJr|o<#i+s}j52wQYc%-Ujm1L-Iu6h(@alqm^{#*@J^y z&KgN?FWgklcy;GPF-O=jV>R%s%ef>GO|clp%Bi=s&#xzFE>Wy>-X99U8@o?xSt#@I za1-O;W@kpA0fDqdl5ARe)G03Hem;k3K}KS?y#i`9wap=73&agK)+H`a!%<;~YX~jr zUu?atuFrn|s#oxnnVg3Hvk>@M<&oWjmn!;Ee*f$JQ@iOqrs&&;e=Wk-&#`Ge{pdYe z5EF}tFP^xRF(lg6r~CVL*}~wr?d^B?&Q~7_uo*Xv0|gG$)E#(hFCR@V@RJ$?^=Lg+_Ksk z*->jU!<1!8A_)tQu9Yok=H;qV4KMm|DO#-DaoC-7y%JJdPzSoz2022m#LF?H{_)fc1Mou8QDWuegS1Rm z@UcQ9T7_N^U}|O%22Q`6lP*0pwWz@&>cIySK@T3vFQL~vSFwM zyTY{28=YCm_&Wq-o@t>|-oa?@qnpm~kC^e~8<(qCAeQgv1e+mimQ=3pai2b$5SDW4 z(zEiWbs2KMLM-XpC-3SXc`}$+rNY=)U}^rfUG}Rl46q6q^7Cv8-m*V-c;*5tN%jJ# z&cn;w@w(q5&GZsMsSEwzUkdMcxE&PU_hj8+sVtA6!r1S5hljBH5-mZzZ8kAIjzp{1 zus9YPpKMs2#?@o7E$V=A&qMjjuKs?1k~u%&OBs6-fP2mSS*iEOM22z8)7ck+ zUjA}YFovs_9V(5@<#K9Cz)tF*kITdbHh9O=)1aEw#7rv1g$IbdXcE$untsn$p?YbL z6qataiaCX2cImyo=%tx>yDr`rv>4@Azo>+@9F;0vNgK~9mzw~Z_YX7 z@|bn*`3Ugz86g`C7b6lT(r^D3=JBjK-zOU|u87jSR%RZAZ8k|}Ll5kWDx?rhq=ckygORgF0qfG51X&{HQ_^`YC?oMJ5X9b(;=^*xL2(GKm8C)>0 z7BA%r{vWHN{4?fUZ#bgc)6+xxXY>|XmJJ@+*y+`$1SJ&DuNkr$BfDCNn*TrL{7w?jsjRbG>+m@eIHYWGII z>;<$dq`q78r6!_M=>+sdtA|CP^VT&9k~P$gMIsKB~M_aWBFo)^2pKNeo$|8k}j zitY)3*Lm`Tg~d)|*7g7s{C(i_hYI}LC;wK8CHpf5;(y0sMRkfaq7<)~_G|h5Iv1z$ zuQCnG)=XypPA1Rdoa)anl0{19NB0dE=uuhasy9pHjCEjBqI{R+1H_QC_4wm&cIHt-Eo z01>qL3bO5`QepD&)XJ>>;5 zV6ME}ywOl-Ul@|^gi4w3OMNX6sAbfJpU{4$G5}y*$!a@W62c8R=!>r=-45!d5HAq3 zCmY!#ybyeek!`mz4HJ-0bnVO?7wIm3e>YdxU~84qTXN32J80M_}WUDy&$4=$_gV-;Uxe%%h3olr)HoYlokz_}ebP9fr8tJs=Mtg_d*rx)UeKpw-c z7rXlitEw;hS2s5EyF13GJ#P?aE(@=(4#U%PKqV>fAZdTRzR-q#-y*)g*`r%#H~+>= zM3^3G$0!cF2T-*Ri#jjp56vj>dVVE(o#+CmRTWj28|=9#b?uQ&plwPx+ya6HpO;6RLg+gypiID0bT44qCP^t~>wy3Z&VGu}^pg+E1mC1ME0a z5ltYaT&h8E9pD0xmd4i?C5lITj6Gpraa18+NB@{bVsH4I~v!8rUY@dyoy; zrsvu_BIKQnZ+Is_odqu3#CX^_--A{8DsWkWzPw3g2}Fv)8^A*H8FlGh0lUr5b{FCK z1YHk?TVwsiy7R`D`$vz%2;^R~K~&$4YI-FWKEb^68=y6_4R{R>jJchR-mCgNxiMqV zHpB^^?z>0z(oBq>ih^66$9``oiS+W4FplPv@Kh)<_Zp8aE-|KajgXQSo^I$Pk&B~+ zDi7xqG)wIn(AHhRU2t~M;&tTG)>7d_XZo9SfqdFMY|w}!Ah4DmxuCVt+VTo2c^uQLh?ZFU~Iy-(L)yBgOR%K2&@RMbTSv`R!?$D;M>VT;E9wmH? zp|&CmvvPXhK_-P8>g*htRY0zDhb0w0cKk}3=#I$?fvO4gJng}17e@#|(V4T^H%8Up zjhtBz`KaJ`T_AiA<+zQ~;S>DAfa1eE^vfPmfX0g!4P}_9v^&vGe5I~^jLna+ffbNc zP=FiVRrW^?u%Pq*bpnNzA}S}=5&o~w|8~27a3KF#l=|DY2ma&Vc0T{Vbs#H$av*<# zb`EC;i(ura|8DFU|;rDW6dVFueW|C z82)|lckk)Z-VO9np@h90a_e^PVZx^siBrjxtL9jCcKrUnRHY&!MAXPH z1DoGl_Z-~e<%}HCSq;KHJ9grJKzDTtknQgUr&qV0_{;|c_I#HIL4+Rg1D;(h&g{5mb7z z1DqHaaRy@RlwYgNQ zou==!IU4;cDlG4gbEdvKHm&S3_Z(1zqoEEJ;iiYCzax|@ zr&qBp$aaNN@94c%8JzvR3Y0j_|H4;f$9DJ;y7a|@z)|dPy1@Us{{BL&SA5>M1o@JH z=kqU5o(3;GVRrXzm^#m{3F%6JQ~VBXfaIfZQ`e8>1u<+d;dN#1(}Elh8^uYCLi*NzDxJPa|46kZ+gSsr$-Gf zYT@frf8j_2$l^~c**~BZ+#U2q{djHZOYt_kx7O+Kmm-~KDN-~H}D_CPD3%$tTlwz*G3hQtZuK;#Q6i0T60 z)aCI(;z|$B&7d_W;u%NQ;_!aRm)EOcUw8bB*rAvK2LsvhsrEX8w~SyFmv>1R*=|KT zNZ1l$<;hzMFHB{XxyMyLLfDZwm>{RsgVH2bdT=9wP+n)5V{d~+;OI`iRQcHp+O&ajPs%7}3n1?flzHmN*>!#~!5JbS7-F&Vd?SX=_&@)!g?p zEqPlElfu7-$%CW~e(R6lRA%RA#r49_rBzCgFxm5Ax#5R!7wZE|qCqMDc`|E4jvFMy zo5AHvjR(4_i>ZOAOZbZufCQ4KKOO*fzZ2`(`ms52CFIcJmL3)Klg~ z^P1dofiX7Na_Lgs`MIjc-h}WF zAA)A*YNO(qI)H0BlEsrw9}i>iV!*fLHJg|r@`I*LYd@3jnD`jZM8_S4y&6Ug@|Obv zYgzzgXK;fcX}&Wm6XJ+1v?v5O1jH0r;Bt6QXZh3!M+&i`PQS#L*C;3S|AK%uqzuu&pQ|m?#K-Pcb zAn3=!3~YyhTUa`fZlWP{fPY%uAd&E==fKLg`^pxAp_vBi z743&$`)jFF7GS~>I{!Vw@t4Om0YU>eR{geY1`b=Q`tB!p)*0Mc*24ppfCnC_mD3^* z>wtArY8DB%<_`y#`}1>t5O)9+A*4GCfa!ph{lkv%r*-u7i$EoP1CObsAZpa zF9~Kld<|_XwD6t~ehf6Xs@@s8J-~b^Qgw}fv8vQl=A8spuO~;uF{MmC_UDb+DC8b$ zhx-+7>z6JPBt|iQGR@R|R&bdlQ!?`sYG(}3p5(4~&dP)BU|>UdM)xPf*^a)TqD|Tq z;JiG;t!1|vY0Qv#Yeb0;6(X&iw}^_IhGce&Tpq2W@7koWm&GC=0uSd%DK^rWf?T*_ zi2`>2^1E9$+G7akw^UPu9tVMNICUdh&8c1!37|H>SLC#lbd>hhE~QxL#E`%<;Nm*)W<`##1NMDr~_4@lwO$ zRo#ifKa?jZ1%kT}AxKo@S7N~6EfHz_orP^HQqyTQ7%xR$N)wE0B$)EkajetT%vI>o zPq7coUr2xD$hW4HiiFwu7^VfyW`wM|j{quJ9xh2+zN~s;vR7Gpr*nP`>~sOy+n6PB zxWv*0ecnv11Pp(^vXmi|iAK61|9D?czRSajf{qCB$mn~)kqN0?X~?Z_E_dn-{Yn&4 z_vn(l99D@6nhQ7-YQOh=woG>;f!wCse&Ma=re|zeFM^z5*R0{6i9^J|iNAG2<*)ul!Ej38Gj4;>)Pny>2#ChC#0JsWyq zZO>K)ZXr<^*$x}m!LPId$N>k)xF#yKvCrVowjoXq>Cd5kKWO{pAlQ`3!0kjJd!z z9h?pVe;hvsP2Gvq6Z0oB{ew-wOe^~Y*IHjY97peHF>J*wz z$LHwayc9o?nrLqCJ_lpp4slU3FUz?=h=p1j^s%&yBw&pz&F>iZ5BNq5%5!-h4IBDs zT;=NG5*p5-dtEtg3$}Z5Dxc!<+6P*;BMM6`p5Vq)iS<#nIFlJ@kAOlI7hbWEq)h}} z7;pr}D?N>JqnAL28;F=XCfv}Nl8JPbdF+;TLz8GXgPTvcIftnn*j!0`mtJz!ftPob z(QmGx62u^-lRVmpe2@b30gyd&6J#j74*!0{s`t{1Fa`dmd82k$^m(U2Q3lX0eh3d;MVuPx_`o;u3>2nU|HBB^0MxQkrXX2uxGu~*^PRNagFZ88%#p| z4!YUZKzS?lpQ^&|&4D?gN80Tw@?1eEf~wSkI5ru?Hy5)#DuYo|O39of9c%j3ro*zT zudp@N)bj?s1Xa0%6VK=Wqgsvs@6~EcyraMc;{b<)F~ABrZ)4o8@%(_v(=TF=uVLE% z;aZ*lxmH8?%t71K&k+axc2oh-*!Rc&57%ntKd#kTpL>vdUff+W-CNW90KL#&A>_Os z#cUVmV)A-14RqcoX^C$aA2SD0C*FQa1y>d9s3VhgZ%=BealbHba`ap|gO+J#3!Ek= zdarq49xc|#6zrfx2ikIPt@qlj32%=;6^9g66-mxANi|UtiN}amC^f3aTWJr-@8xEu2{&D~&o z6BdH}gb_57Z=w-ahcOyp$FF2pQo|0LoIG=Jns`M?EOad`_Y6hVAc<%8)^C;s)c9~N zQqz3%I|yN$kh2-$(YfytrMXo>&$jI#o}9xQRZi~}rr7O1jf?DfTZxJWhIR#d#$;b& zM;%e1kAsy1$3zxzD=I5CsUvymHxi5(ZsmzA*`vkk#ev5ZvtF_n>3$-)-kDwOf2&s0 z&&M0a4Ex}^s2&ql4|-h1Mv52ycU$wHYqcuFaO=neE_RvUNk5ReLAuiV<}nPhv&VW_ z!O~t>cY1Hxa3crfrU0>*AoX+DcInE3N zq|(c)4B{d7Z6-m(Qa;xY#5(nDUYJ;RNM7`L2XS=z3u40GHX89$tIT720{I6nXnFl!D?3EFS`hC#27|&lbHLcgq1+py9bfY6;-ZuJ1f} zD(mgV%Fo`6i$iuPB3d`erg~$w4m@VqA1q?E$XsQCTC@vTwtILlN9Hb2 zRt^vYuvg{PxMY%)$Sp)6xe!2J-O9Q;2Q;J}wQyX&PQhDV!1n7f`p7%H0x-VH=9kfbwpZ%0x{dU?P86u@4*ne%tk}LwsyeYa`LhR11k%8po07ewpa*Ak{e>8B+h;BkHIZe zbQJ{{5QHilx~Ib?=2CzkkKb*9R}(g49B_!a?FT^SY?$2`&EnAP+ZJF;uxG|uSJ~>V zsLwce`2u?ePfd2OE9}E*t|;V-QIMcq(Rb?8C2nt%mmwMGCL)T$a}z{P@vjZ{vn%Z4 zR+)2VCa>Fw^z0tDHZ;snM4LUOC#~F+s22xaD<8Cw_PZ-ljNxEkpI*%q4Wj)=wVL?f ztJRmc7qfZZ-~{A;M%Rw+QNGm}JA$a6{|{<4G}3-KS3@6D!GEdMzdiPUxK?Zbajo9g znKVO^eu?U{fpF@xTZH>a*yI6csGR~TyZut_yZdXPdmV55zRQ=Xk2X0*($R6wd$F^+ zgQ0ZVp4ve1ez@X+vYt@qxsH?8pY=&>HAoDxE;|iC+1vf- z^x_!QkkBWD)F!1}Gxl%-HoZO|_ddc{h&b)pfFme@he`x@MC zoh?>vOg!sL3!)Dcd-n`2fWO%iWza+}NP;MjZZPThOqL;qwD%xcs95RmSgKusen$Z~ z;kI-6x>tcrOEn&c=g?t6_a%Fj-(q-=qXRFp-N^}4B^z!~7!TbUA{*U;hM_XUdm5fZ zkjT=EtR+xrLhlY$emKq>wBV)%`YPRwa{0v>mFO`ShEVj7HvuwBB6Z#fJl7+4>y~h4wj)Gwcts#%u zh@6cO-B&cfXo13Y0J?s%?xefVLWYT(wtK7^YWps8>{5$bi6?ynE<6N^fTCY($|>;(Zt^8hJsRJiQAX3bRYM@xa&=D`OV-O47lSPtxWp4R~LD{ zQzQqD#@Hk*up&IJcZ@#!uOEKs|LM7U$r2MFOE0!GR%wnx-=0k6(tOTWzpW&HuGPGi z;ckQp?E~Ndc%eI@G*PB}@0TR-E^U_#7aev(V{cIB5ZkkFuUw4Z4*&IH+}&*EXu#b}U(Jg^s_&=tIBSI+4O zGN9fX>qE+WZzduqQI%{WH>qB|Jz@ihAa+d1l-W!8`+@M;T|v>@-=VT(Gc0p33Rsb3 zB4G0KG~o@Z(ROW%zQuofX;)z5uXvL=zP<;kMRSCxx~he4c6rP+Y6%}!Scamvd)P7u z&YHt>64T~!9RWp$CfD&BO-&ghl}@?Qjdj|E5wsEIF8#$Wfq`8>@(BGvz5hXIItkN;BmZ|!jDA9Wi4)(_{a zkM+Kxe)Pl5(?Ppm$KVhmuCxObMC#``-q&-c0K%;`00-`r?>bUp8HLDubmm8Rdg3^M++hG< zEft{>ewa-x7-#};N!K8s_4>tx|9DE+?>>_h2(ONSeKVTCg9Z18%l=QVdiPJ4{hwa- z?pLYBPmT3oSnqsz_yjZ-41O$7+VH!BSdrM3cf=uTu`|M6;_|!^{xOf- zqiXcPDVclFT=}Q%x|ePk2fzYoI4!zhkn;Gv-{Tx6@Sf*Gf|ieFhnzXSU%Oa5X$EO( z)qoJ|Y@}-q%6nms^9M1q7tT)3h!sPsuW*z*AuU+I5!}HD7(ECUuPOTa43c}=@b$^J z=AG-+?-tLK_YudT2fH>t+ks21--FExEGaCQIAJn>rBO0{O$U5`uR8DU40{ZGkEb`; z(iCK(hV`30UX5LFN!IcueSEa4yz%->1yfL5;eJ#JOYED}Y?%%0mZ?fUBk z5fu<-lOylhRU|hI z28CKLf^+BN03t=v69im)5ZlWg)_fXE?p|#hkQ*O-FWmXNRlHvWDjJhYpH+@8H*E!E z6)KVZYe0e2)7D|_Z9uF#y|4Q54Q^!Q41d%w!r2R}N)p|}b}fn@T{C47YMO^0ZoA~YD*3*;qSx@iy@9QZg zMo2~^?Zs8C^Ilia+(7f}8Auwhtb|`ZAQai{&x_LTe`_uMEJ{0Y4uERozq6Kp57_vd zwe+);emC;{&)3q=Qo8%1WdB78_|Mi-ZGHf?3Npj*-``YV#HP0%+EuKQ>N(4r;emz} zRmmSWSQk8F(g*k1StnE!lgs9Q?FfrJ%GAH7xztv%PcIyA>0&_tx zct?h*xVuH7u7lC|d8c&Q?#t}gzo%JmAU3sxIMu3CM3Jor+a_GpVbX#mc)*-ro{7@T z+d%|9Sa^5}D&)oXHNPx;bG=r9T7*aJX`)$Co-}#JZ+mt=cxrL&ntXg|bPd>Sd2G$H z5rMgSZHUO4%3)r2*!z}+!~G4`s3NLevFvW#_%9OF-*z@X<0t-pSMzUoAYXj#XrkZl zKo;g$hu7VDMJM_!*^6v8)Zs7VaA2Ho{ti$3U)<3E%w7I%NAvi3NAoMILWZfqH&n$2 z;j{>ZV-L*{Xr1S|8e|Zxz5j75yHIu{LR$3)_&3|42~c_;0|05 zr7edoLi_w@s0`Vlz4%gS8(mfS0R zR}+3E&T}W|oqd#r)0XJE4)K*ty+-P3v>ShK^=)>7>EF?+Zfi0r`2GsPTQ7B2Itz7p z4U$y9jUF0aep;5+rOWGv_F5`KNYTO+)*Eh+MI9{Npy^vAFZF^ga4>x&=?d0PouUUB zD9<|xIvLO&ojQA8zT$kmj&|5xf{F^qo|R6}2|OCgtqhL%(|qBA)F}IPnrajXUu#7B zn~MPQpTRYNin=>abya4&jn$;9@dG2s{ixcsJ-FtxD-Ir5L9etUVIpHh-O%0U(ZB#> zI5&26za`4~vH4dUT|%e=K*YM~k|C!xB2sd#-1}pS+|0Lftxkj0!0CPiU-r>zVm@1J zRdFoPKO9B=9I9>nq8kmi1Ekhv-%s1S_HT~ce>cU>if?&MKZu`BuHFbFsa4 zvz~qmnu=F;xUJ<3$Okm0E-JAHA;bA#A4}DWoM(4|?HZ8B6Bpvds*2Ac6urq~H>QXO ze-DV{iNagd4lxnWR-2^ z0$QfM2Cdc?qhI^y(oGDi`Z%L)=85hy4-=)NBgY1zuE3w0eHvJ9$2%fi$`jP}bZ>en z-9N6SD3LNJgYYYFVD010e?13O^^&S3%Q z^4F4>Ul$YL<|>_0XUij>^itLYPw#dh@n&o$m`^Fd5x@QHz;w{~h-GJhC@$<7XPA24 z3uSM?0F6JTwSV8+ir%h@O26w|!OSdr6i7&}ATx{{elKf-SsR20{;+!7w=AR&dtp4+ zwmzu`6ILA8jxOVJ+$`Jwzp49^Zbh{%Y8S5iD^8tu8=#<4lpGO|RG>zlNGc%7ufM~{ zcI?>cdEfJWt=*`^YOV+ux@68V$LRg(XCUd6Qr=S9hv3;?`>q&V<8nI?I|qihq%)p} zHFCe+D*w=nv0l?KLNDfvE>R%<(k=W?_Z|QIs1gr9REaw651|7SY00`3nx0VIA;w+y z*DlP=LzP$j|EOl+pl11jc+Y<>BfbV5fQaz74vhY{9hhHF4ZpkO|F#43H>U;wj{Fx_ z{9Vl+f6MeI%wUS_iu@k(Vex=FzP>SOVFw~FM(_qL9J#k(n-7LS+?Ag} z3Bl;r&E3z&CWD~j;?B9Hn&($Ou(5*^{`frZ6x$3Gj6oSS4onC(Ap1J=sXa`NRxrfX zIOk+8wHlGpg8S#pcZC>uaf$n`eck6o4bG!ZI%`b9mqC9p z{qRsc1H6lIeT5iNW=4R0-<5Zx(9`@KrnP?5y-D^DmxQ}l;9nBMD^RZ=*HE)HyW+)N zd?V`D&8OoSveFv>zx6O`4rG2gp;NGu@S<;sQg zQ7A6bq4b69?hMocMghQ}>f}0Xu5jE@SRRE08ohI}VQ)G(=ON74Ts?2+=R?U_IC%s< zKVDe`R&GGKW+u^Lar?dM8sxLqkLtCYg{BvZ=apJx#7qDY{vfG3R<-gYN_-YJX1#VR zj{&_4*OLY>B)x~Q4zQp5P)KIYkwuj7`%Ihd* zuB6VizV1#N?ce%S7Nyq*DfDhgUiHuq)Ifxo!_u>pEL^X*CnQ|4E^`xz!tFU}&ogrJ zD7Qe$^f)yd!Satqknf7caxJ=EZH`~=7Ntgv2EKw<1kPYZ=}eB*vum|1_gN!flBmzv zbRkum;U&YS87+5|kzC9eV!v@(g^X`f#oPz9*Ip+*%-Jpg?ab_O);jNNKbBU8mhx@sCmzo zez5~amWM`5Amj7cLgw-9uD!5YdZC(G1HX@~IY5-y7ZSgGVjCu>G3tEs*QGvj7jZ&$ z7NeL@dCG5%WRbFiK($=G_BM`s6|fGSLbPsX%Z&EP@7y_lA35dhkHjeN1h5;AMdH{< z0aQ>td<&%wH^j{j0C$x#btZ%E^`)I5sL6`Wx|P?#k-ywak$-g z=e>{o-ImX2ipFaHf!@ylDJtY&cxL(irwlm%0C(w@{36$JEJNgy0wKqH%$m^rp>^>o z0~k90iKw~z7!$w@y$BoNLZEm9tAoWoW5_}JL=Z`t_26OHl7kQ&(tOL`=$iD0uDRz2 zzou57<${le=Bv#L@?dm~QZ3B5e+iNN$=UE*UNB5qp6cBK1g!-@Fg6$(z6@@J3J|_u z6Z3XqLDR8o!2JH&!La{Z-2nBU#gU(>&Cin?c#QZt&G+Y*_<4o9|J6(U3OoBBy~NKe z-2MC#zZV++qRudmylH~s=rIJK9#RkdhQX8~zCK^-QKh8ABmsCfgmApstW3!k`+3pFqJ+)a{PsT6v_CysrRuYvxt{RWJf0IgsMeL zUZv+A#^oO9%F*OSzlC*Qpo&)duV=kqx;o7Xlcjk)IOMFg@ZNo1tBPyhLdveiaUUR^ zuv^Yi*50_(k4cHS^-rsB)(rCwx%O@$s8Z7RAT22R(7i!K_gcscw_E+2)7O?~yaM=$jcuZdx6ak|KtTvgN+)!*^ah7@}nI$BWkE=JINyA7sBiWCc*IFh^;tV2dJUs4L2Wy zFy-4Y+uy0nA${w5o1^Wf9B}5iau0dDy zAd~=`#`V^O;3vG%ik`TmXyJ)`-ACIE+3dJ)4CDbW%Wr(ouYIQGpJ_kV|G2 zNJqcg+YALa|8Yc#%p*{iW!x7%nbyrHR&4TGm4qH*kQyGpm z%%P!V`^j+$yAHsea4T=ngAg#H{ocoDoHVGDuF4>W4Uh7ZzQ1AU8$A=i!%;v6xlRdv zH+_lX+v{bwDT}{M-tlBeQ(!Ga6^c}!CsM4d<5-4s{g%A=$BJY3C8YPSDvpnr@*gUW z{|~>+|Dx)+aJB8K*@@lH#kRxb#bw=a+{_e&qYxs#7mL22RmKFndAw&$h zucGbMR+t_Y;p}Bz&|QlAZ9_N!Me^c%Ptu5nYX%qv_-1Ehxv>(S?Z6(cpd=DrH_)|W z-rEs0H3%Ai$RU{ubmT8U#2+#iKB~u~vdxDZgpk~iZ`${85lmAfifTK=+8=JWaPO!G ziCmlg$8sZcP9&Laz)Oz|>y{Q>Rnuxt6dW1oK`=DAUYU+1r zV`xDXze<6z4ud7KDw-?(NqKIgkzAdoKnTit6AC6g@4}33SJQtf`@ls4Lp%0)-|I5qjIYYBaA>~_l=V#=&0TEc8pl>xy+lsZ+>aW1tLySz8Y zfjF`2o~t~eL7;o;8_(>tT^lU2jO4sqlZCyG45~ZSrMC@^x;BkNB#BK^t|Mm%>Kf(k z#OuD^)DKRY^rchA`vnp?8%W4LS~%=8X2sCMctm!|Ej{~-o3Bp7i5XQw1R&@~{M0c| zy{mXF%nK_m%rqH5pVl>s=tNYh+*O&Ijm#PEEa_Qx8r)HkgeVFTrci!&M8=@dS z-JHYyQ*j!SfHg6B?D#ux-kC(Km~s@imR66~J<6+)e_@78J!(@69WgMpIuF@6@1M^8 zwo1g=>>2d%?zQUXn5_WzS|?$i{_a$rXO|nEoCD?lwVT|ceVyP}*&NWr#VTz6>cBSH zoIJUiM0qevnF-uJ@q(%vi|s5S=hA>oEWo&!`i{$}O=eC!Q5YJ^m&5sP@Ms}##}(1A zvEm`)m#+3m8^aW`Am;t+bXFnbV=0rM4i{?Z8opTKQqK+&@Xa3)bi&q%!3y`uK6N zTQ6ixZGN~;@X^)<>|nHF135Pk8XMusOyT$bbU&{=UQ=jq9@0sNJIhak(E^a+KA9m& zq?4~iS-z=gcLjU&z@ZzB06cdz{2a28b>HnN4&30iL4*7Y944}Jc*rpbUZ+QqW4ZhY zN0J3}XPQ#pb04#}hpY(mZn(U&hTB+C4bQ~B#tkf>Z%3KwDYZ02;7X+D5xnhVd6@7> zDyDnh+#%e~LzP0G@VyUs8+*rz1y6j8ma37dFWEji8d$-3S-&-N;Y5r2ekE z@mtlwG0gu(gX3RR9ZdNdG3LLG7$Ks^U!2}v03zayC$;cc;8p)RVr1x_x8g5{|Nm9R z@hLcV|A!R^uVc!8(c}0pD~|tu(fTU{f-JKCM~_iI2ExyzR3ez>f7=zyiL* z5`T+=Q{1SY0_yRwm7eT$0ZIvL-l<(QP1X`Ba`PcvEwYvxV8+jf_DaFe zKZM&c|dG3}mH0<`Fth8BZ#U9{~v*kJS2S?HAWV#!}+6N9t+J$x9dKS7qAb_|_@ zx~kQ~)L!pJz6zNKl(Akmj?zlr3-hm&;Mr!mr^0;AAOQb7Nb$bK=GYM8 z4DGcqcioQ=AoDUpa|r*0S%1s2{^V7E6ILx2jOZb+`p5TJkahj?O`34QHoHQ%aRHCm zmk#9DoN5r(fC3A$t2f2cXBBV%|9xe@C>%%oCj68@(0xEO7^HXMXJ3UBG4pYA#yTT$ zGPbgbZTN972bb%$;Cn9vl5i~JCBF3Mww9a6^6l^N(VIUl2w* zlkqSzfIqffuAGT~zJ!J6mvj3U%ZB`CVgVDX-7nZT2yeQY4~X=r4A6+Gm|{i{MEe~Q zL|%QtnH=$oLogX^dej&`Aem!deNhAM!aW7@KtR#6-*P|TmVsLe(l{~@F-qH4K;|!x zmGtkf=$jV6-2E@E==%ljK3DW#oQ4~lZjw9sq;OUh&JW7)JbCSHphxWRR+l(Wyb{iRFP{X=@euru}ALpq5j2@=(HSUnPO{U zMKPmcCx02x?S8i{$!fhT91=t%tA;LEIP@>0`ca#iT>ho>5pBO23Ffi)k>C zyRsBCEp0|COe-3JKZ!w26XGN7aLIG39V8Pyw)gbv9!$Jk4kiU4uBKkf&hP|5;n_>Q;WQg} z#sa9QH4}%Uf#hKAOugcCQ+3}+%uNC&3x+(Wrf}8>n-o>^d^r|3z;t>kbH@n9NcUrCbT}NC;6G;pGjyPUF zMQ|(@u&zz~6kW`tb!3i#qMlI5pNTe%s+fLZFivalq*@5hE3q`}7c9abR^yMd?61m} z9}WA@$@ygK{;b|-x_wWbI3fB3W-F!8)aJLapg&qIFZ=1qf;Rm*o(<9SJ%eau1y3C9 zT)j1bL*1Vpek5T*g%DA`eBTNZv2j^}ly4FI!NswLJQPrwFqul_jLuk)XK0hdi9VN! zo!saYrd36BD(v5c3bLH1c?4Xna*|=)P3Q z*sH=J()6?RI+HC?ksA4{GsR=|Yn4mkVtuyPM!+!*xuo zT5JrCq|Kv*cV!bN^aT()cqF(-`#F@t$1jGmiTw{idw_f_lGl32>T(5MhhKuzan zrVTlkFEC({^FDLSaYk~`Hu%0F+R1M3KA;(k>G>7UJ!Om$KPoKm=z*9RrK;)l8V<7A zg0(n%Z$RF|WTZl_$JDRw3T!`*%YL=*qM#PV@Z5I(emHZ|C+g_fZbqP$=|xn5oN@-j znV!0Ify@^b$F8J(yqwS;nwFW+8KX?ZGjX%Fs9z9W7#+F!z$GJL1OKhzB6M*CJDB+I zcJKQHP|fH+W)h9<>tAo+u#NxY9`1iiW9%o}EB(|cM0&{R2KjKsy-L>yXxY< z*vt1)2Ur}g0NF_VV%`u&J6Y@Q4wk~?*$#@?D`m)Z^Txk=5ppk>VE>YUHKdm>$0<$_ zZFlzF!wOmOx1LKOGRI4}gn+k8SPeSFjw5^Ai3OGH&*P>C$1^x1Wf^1Emj)>XXK8E_ zGp~_3fGn$-x!rY=(Q%qYqEV^LFdoFUMSv8Z>qQLGuq7O!As!q(7Nn(zoWW zzAnDsddMpkW>^#i_VAuLdpNY5F(&7!EkzN-Kj+e6oB7Cl9V*Tp{8+JBNP>2%Gwoud z6x$bwhirCjMV`89gV6HZ^1SS={juZhN2sK(#~$~6E0>vH9XvH4x*Q2N08WQg#JpqK z+6X2mLp@(_aPD=4WzBcDmn-s9Nc81u!fLy}L;{|7`zt#SM8#Wxr&^P{`8eAvM3w{t z7)qRr#hb6;W%>KGbfXarOTwP=A#QV5uy*ek=tRBL>db0tdd=wo#0C1YbVxVhm;f;w zQFq%ze1!qe^ayy-VV+aA=BWr(Sbvb*%O%i^WWDW(QlV0+^#M&$M8iFmhH!O8D|Sg> zRy}Z#^njBcJ@9hR?xR)XV89Hj%HMUif9&PE?}3^Bb}uImV%CgBqmNA(`TVN_FYtVX z7OxC3JHO1+f5Q=S>G7cVGv{-}%f@30ffFXK``NP)9ck_TYvVoMN9htdUgy^fNU_V^ zxNl>LPpix0O7oNgQ3>uXtV|HN5#ayl{zSph5S z0_5@?HoTyoa%G|3eO1SuFmnBsZu~q{+|wbSdZ#ob>Mn8!zFu7_9$a<`Jjgs z52`BgYkKE1PG;PT4=GJ4+`)1940=g?M0v6;y0Yw4gNLM$TXwVViE7Lv@$@o^9F`t6?vdh^$0gF z$WXw<m;vShh%WlAW8gtzXrIFMZ*=y8WuH+@T^fbZ@b z@@96vXeA@<`V?>2LUE4ZFb>26M%$YV1i*}FPoTxIWX?95z9IDnPu+Q-wWV!B<7&_> z7Cnc^*U~dtPx|igsHh;tE)I}XUbkQz&ya7DAkp9L~BS_AUvLPB8JuRkQanRFc!*1Apfj6+vS=}H6)QVO};{Fz=0Z;o02DJdo z{CTYW`}gbfcJ2OG@7L$;+WoKIug}}H`(M3ZA85oMLW(ZBeSwgoU#JnxF~9lio+Ok2 zk^Q4}p}RxaE3d-Q4T!XT82$T(dcW+`??kxddNTp z7{E;S!r957q)q)gn{b+r+I{wB+Jp+~L33+&+lgZ8;L-ym%mOxSz*{=roR5!q2ussA zpPsATaM}@~dvSwuPA5=?pWuf}M+SEb`(7x8XxI;=s6JlF*PY^do;vp&ez|`oj#$sjU&_L_3uB>65JF5&=J`u7K8|Ssg=(P=Ly}bE=Ye@KwSL`08x~2M@#GZn(s1Y9T=rI(Vjo+ zz#%x<0vUMFOle;axwweI>+z^2I>(XaR&k|YytxtZNptJ(jAyzX(YOR@7!L{Z=7^ej zT?T0H<@@4dI5aaw`QaR>5O{G5>|n2&S9j>C7mE*j;PBunWST?VRKaG&u6aPiW6-HL zga!B(QnUEJN43YwM?L-m<;Xo|xTDqz(Ti3!>q@*g!e}njv+>*fj4~m!(Zv2NMmcsz zc5guo*1=^&r4eCJdg7`~B3~YL65GLgPi!?1%3Y{M0OUg>T((f0(_ge>U*hsihr+dW zq5J~q1`b5+T|#tHNQ^x74*?zjay#Lee`@mnww?U*VUa;TfyV6*S-5(UgIi)gznl?m zi1R|MKaNY^zvN+jrlq^@JInuKW7&P*S^j!s;nshOY| zW%p%gv6bapvLsA)J``Sn0G0NpRxM0>6xdY0J_Z}h=P?MDJpYN6-kW#)*TXZ+lyE+5 zzBa~h4E^!aPd`Oo0?&xD{D+;zKsCD6KlalJ;;RANuv9+C>UTF6^!7Cl^CZ~rzIxSe zpqgvJxRt?Hw03FF~;x3t+XW!L$C*Gtii;l_XG8C_X=ftL5v?u2}N( z$4~!}i~TY02M-@i{yh9mfyw&ElVJ%=(01^f0vb4kXMfDxD;VMcTm6X*rp<|lg|4{l zr3)?T7GRi;q0OI&dee`%lY;glxPs20cvK>BDwz}*=DW-ANZY#~;vSgyJ^yYm^hmFI z(*_`4wIkoN7i#U4=Gf@UX^%V@=mnnutflslV0S!S8+UOGwl6%KOLr7-adEj4X)xSL zvdTbk$G?*Cd{^;^p9zM6X*BI|JN_1z@M(-u z1$~}Sv~TKemgWc9xVaSxqdQ2z@NNnWMhb~|>CcDp0p`-X z1q!&YXfJT|vL7IZ@~IM+FFh#G&VxAwB%I$KEC2ioci%4&l7jxPuWOg@y6l!#0EDj_=V$dFrzhQez-b;z1R51K7G$~I8O|K zSv=*XoQqda9UP{+S$8;(G#x-w}d2%k3&Hc;7GZn?c3xB*UGc zoSp3;y~T&-9X@%jEW;TW_#Blro&-rm(c`{j zQl@{7x&_q^JNy0gXzKfXggnAQ#c7(dy2wH)ubS-0=$I0u5qr4LxCbNXq))$TG>>( z>!3E4g!et54mg{d3{*F(Ul6){58MZcxA^u<3no5<&6#{${AV@`Y<5=F=ZLLKn>b)fpJ=4G&2RUzd!vVAr>1{C>J^e^CHmek+zg!L46Rr%)~bZV*MF1pF>az#2S`V}Ik`bI{Y?3Mk}1m`;E6 zu67s36(&gE%Fpiv<}QzWN^_8z$wl)$Y0U9H6*T%53&^}pW`W!`{P3J8yVzqeJ}JOC zl$7XbFL#|NsD773!$n%lS}b9k^=fWz{JRR~Xa9WHbUl#3JuvNQfXiniYTpq6fyB2` z+eW))*6tGa*7U}LrJ;_f9qb6k?(14NMp9ruC0XRBq zFOc19@4ZWBw-{ghXH>7Bua0blnxY|eRM>IkM+nIABZH{L!`o!nx9eOau4upBNio|p zEIe<(8xPL~WVl)H)#j~4FhSAlH`~HJ&o5i&sv(n7cSo}?R;eVMtwN#$49OyaKir_K zbvdrE&$TiB%5dc^(Z>_66-P}yrQrD-S=mh#%}?%G^&;%#ac$|c*##mMGmydDVv%+a zfHgjNkV%3{?h8hsfI%w?^Qa(wN?4N7yhYO@*gatE-`bThY_Zz7{HBui8sDTGn)J{e zp`mqutm<(OVXD#qkYaBY2_ZN`k06yEMwxLX-hv+M?pu<{aj|}b{@t5=Xn`ng_%RV4 zhQO(hhh4=U0st*i~G+*G9glU{m<{{SoD9G%kMV&pU)HD zzW%4ZpB+DYfA<@zE`CA6dt=SH7YhTLmBKq@=0ELQ(c{mxzz3AYLe_?^e7&_f(2_WNr8 zsY;6Rt*+E{DE4F5bkxe+JEUStvjm5L4~7P+{OS(hunm(I!hoSh_Y^bn(T`DWP;4v<5TM$zYiybd%5a!I>k&`H+x+4;Y~C@(+fMIM7z_Q2yILy9N?Ir(Ygqvh&x5uGM~Zp=BXUgLIozCdI8Y5BFDW} z_n6x0rdZHNo8x%7PigLAXB!9))_ zu^<5j$Q68yy+7Ac?9lD^`+sq8=5hQ*U;#fE@>CEaS!++w)9%0zw@bZw`AG(3bok2h$SK@3AYhJkMo2UP8QftX z`Grr*9lHZDNl9Q;es46z@~sSU0oajyntjMp9D*Ssw~5S5*b|nACs{1yz=L*774sGC zlJ$N79Fccwo1A$XF$Q9sC z$Vpda)VZ12L&VLH>K@nnX72&)qdd;hnYl68UW#@q459udCx162KY`Kx_z zyO>562qXt(BBJfxS$y5%?TJsnfy}>=G(JVmY=3j~|A-p2f#>&I@4r<thQ4l{@&Q7^E*y7gn_L)3PVCGa$oMKWc*n znj_GHIKb6fwiMv_^aLVpZ9Zg| zq-PCrB3~~w8|=3gaJzkmWpA_#*W>dc$r$Nr1Z07QO+`ZR;2TGPY^UB3L}DMW<00j! zuwbf|mNCm^$Zd>Qji{}TU^tP9uREYYYY$;P{&~y+MyP*p5ko5b(1lOGJ0^XRtNVTr#7O z3ynr?O71jt{|wjBx@at_g;fu};+JS_`?itwm5?aTlW*8-O6C5XlQj@G+^2s+lM~B6 z^qF{#){NpCee*l^c-po1IjbD%el5<1M5tP_V@9PjBClaSu%~$OD@gUJdx=*m&|iDyWYD( zga`)8qnC-3x{d!pO8!vir}}#=^?%f4oIwBvE8>6tuq6Imh5pm>$YY=7@$_SP)TKDo zVI!*8^K(_vwRdw_g^|@SLlErC*fjgqe*9S)0YaL6?SZzI;J_jS6H7pLW{%*Lfk47I zlmgPc11O2FOX78dWeb)>`T}Fr=a)7Wz6-&V{I|_g;HZ4}CP2S7`~o-;9k3vLZ4G}q zvlg^`0lB^If)!S;&y1CkJQhZsAhP{fj`s?iK}l-wA9)6!{tKplI%%v2JuZb*VFOga z`|xvx4Fxu2Kd?Vl(z)V0u)@PyiiHr;?L)d&SVIKUKJI*1$>6k4-%74g82d{h4K9l0 z$CW}yZufVC*$;vLC;al4w)&&~k?>(2uHuQOsP#4QPOd|X(; zjPrbY_(FtAWt+r0Pwh_V82Q9@-T39z`(i!Ww@TusaNmum$*ZoilX0i6otjPxGuF08ylVaR7*W&>N8j(9kzW(e6<_22X-DDX)_!v3!ji%^JOOI5Y z5LXCLmHk(|c>Vsoj@q(5b7}!iH{pAA&O3;yXHWU0kKybkEZuH+-QovqCum1$^)S~k zYhP(>MuBpA{b0Fgvz6C~e_IN2PY=}_C{(#f2I_IofN6QpCG zN&ZzY9(h2=?`ML)fa`wQ?0&z=nfun!$;+T+cj71mzt~3TwZ^PgLt*3jcBuFY)cjKa z|50GAerRfNThSL$sMz83JceheIv&@@pfg@NDvJTbZEw8W`$6X+{wY@?-Sk;dBS!U; z$UwcpK6aOiAlrL#@5un~3^mFOV`O2@!5Ncm4gMXPK85(SQpRbp$053@NPUx(kYJv~ z^q{wwLb3O}X2JJ5U3NE;gp?tJxP!R}e~+}dWOwph;SqQ(T$RA`jiiSQNTy>CWen}X zL;g&i<3LOfHPz|?|4Xaxq;zLfX?Iao@B6c?_=Ok6>s-g><0gZGy1hS7lzESHgT_|> z!aAMUyiT2n)3VE%x3YcKcBmzA^G(NFU>D!cA!p} z7~ad)s0Z(8iXpZbni@XcbCQlN*OQVXB~G4bXc=DGYcpF-xSJ2g?QVGqV%An63b1XI#nFpXm!mN&wGzeM4jH>G>I$u~8Bn_23EWFpW-cU|Pj4@r{Yt~pM2 zkDGVfM!50ZT``=TnqMAOcIQt`B&aERCp7})_TsdsTF7W-)mOJ)g-gZHq?|{2dNxi$ z#;n`2s3iEY^4{Ivb6np~yY1o)-4GV+>p{K?^Zs{@EitL8qyb^|B?{uChA)B!Agalb z1g|LnkJJofF-~LAHeVy(KcxnS|E(AC=gQ;Pum7nM5txr98P&cY)PMx}Yt`{ptkwM@ z)&lzY!hVryeC3+#=qGf8z$6uIJg0Eq42(Gh4GGQwVk|iJfLj;qA) zplg&zwc5e}V*+6=fYBTb*uvBVk?mi$-`npQCJU6+$k)8N_IuC0mceIg-KZEKS749~ZMOyrg_?TDUtC+C>I6ENUxIY(Z(1xU za9~XSnYO6_N>NJ%{>=sO^PdMnjP+0N$G>?ycK`PM_&0CI=WzS4-j9FtcEHQD|BJGQ zWf1v^3Pf|hgAT~G_PY9lHL!V}{p$7Jh1QccjUF4%6l$5OHIks$0&#;ZdkYZ2F2q_6 zuY#wy91TzxGaoQ&Vo&w#k`T|F%WTGB!hJ-B7nsL(g)l5Hl(}Jawn5qqACwjbUF)X| zDiPjylDKHq+G_0w8s1i1J98N1(XokrHAd#m+`O{a9&Y*am2p6J$2+8BBsfNxNR!Iv zM!gLkfT#D{+(=}s$f%T8peB?LA^=Ji{4y8-zHd#%;@Nv39ot86Vy@VcX-hW-+J&B? zr|SXtqIX}D)Rjq_Wf*F5auFXwI`*8c9<0vyt;$O}*^kP7l=DYP3QLD#08i^eN8(Tr zK)rhH3KB+vkl7x9{+$;|aA~1HQUSEP$N4H18O$xN-=ivTt?FK2kddXCyOPr0jfHX# zN-Dw|Kw{8IdW!QqK@Y|&S!pvgmJZ<~%^bxfLqRclY|)prEEOM&D*jEjXf5YR@K%A) ztV{IHJ<~_>kRj4^J(v%eHOTv2I-&mA;f>V9>Q$(GFJXq@mGx>4fUJt4l-5LU)Ux7n z6!XvYY3#l1j+&1pKtR0QSL~sCQaa}4R6Xqq)jj44cbtW1drKuX;Dw$5M%~hzI@@!H zV&h8V%zOJ=i76fw~zOPF^Sfd?1qkTZl=`HiulN3PZtdD#A z%-;~mU89s*L6XZn;7n^o81t{nnxE!%e>JX)45wL@^7?k2I2z$U2z`7$a8Ks~#Fam9 zYkta_$0>A-Tc6XOQCh1vMi2vrN$%(js|40Vh7``FNTgcFjK1=4;x%V!IRn`uvSYzu z6zz?5L2|wv*X~?+=+e~6;3$$p2(y!G2wCwkc^PC2nF_Z;OkV;GBj#$zy}&|=`f)uJbP3i0qcQ9f zfF?n5l_?HtVLC}Sry12N-b&eFs= z_vafjZJb_R>LG4&NdMYO{)s&T^94XOh=(u3T^zi)DI~>@`kAdaiL*dQ}`|?VeugD;KWEf67gw~c|yJ`Z&@TaF|;UZH? zAkkCsW!0TNPQ$I`-U?0tsYGK}r0kzaAuIrZ%km40@`9x%eKMCc^LEDFl_Hq(47zpm zEgzG&BsmJvMe}JdMh8W{-uDmGI6s+DcUyOfeHjL_2R(M6;-MVNQ{@hhyffRs0j?D6 zuF}abA)GNe6~g`{-)oDAxfwG#$iD1Rw&PuoAvHGbi%as@3%t)U-SZkj)+4w?^1TQJ zj_W^U>|MhcxI^thpRn~6dO7fc&;P5k<~wKM|FX3Clsf-Z-Z1m0ym|g;w0z2&-@__k zEARiIwE1l107?1Zls2EOeD_zSjlt5)_tHlD7p2W-E8qQDX=B(b`;|~{d~L#f6o6k@ z54gfcP~v=MfzhITQ3Qf9o%KGl!_Uz0%Y$9Fs{f?=yULlK zuI54v7WB-YKd{3@M0AZi~gNS0pZ;|)O!jB~y?oN@G5ARq249V|aR zKuh1x(dwG_jmzH_V|Pat4jqnK zPRzipudQW!zI?Fd+n=ANzpMUsAK4#&(+h@x$eatOHMjSZeeY3(jIt;B?0-@H!Jy~6 z>Mzy!S|ZwhDU2ZLD$}~`gd&NQ@(s1{^)0k{eW}8Aac?GTAU>@-&zk*yMjz}J0%sGD^3SB=c9GMYy1p%k$SCMLfE@fon z@75d1G=#6FRQLCC<9}Ka_~5f5;6DyL#zm6!?Zle8rUC`^o=tn8>BHOmeeeExDrNm7 zEdIio{wRxO>(YF^X^~`x$*bEitsGe3TP~^y~XWf9u%X!P&!H zGEi)Px;OHny^42?XVa}FiPz3qvnW5EqLDfiPiW9X=8D^j_`uV1d)?WgD9@bgbID164`Q4%?2W+N*Ucp|OMN7cLW7OSctuw+=o+tY5 zpYj^zZmL|e$Q6nWZm9&8EEDpEn`hJiFO?XwLiq#NLU=k6oBsoscx;WQM48eW` zL{0AvM&sYpfjX9l1+f{LEbf57a7aWtR2jAh4CRS!AcWMP&KI=0(s4l_Ao4~Yefk*8 zblll8OO@#k4>42R?6*wE1J;#vf2p4Fo)p#7OMCHE5?paK8iVVi!wB6X{ria3K!mt* zK^(N$auKm0ufs>9Rs6Ke%PC1+x#2R0cqABNyP3nx+P#b~Z#t9^pxH#`0S2b;O*l@p z&K(x^c`&!Nv6?bJ(~NonVfnZ~Pf6TO18hnB0$zOSRLdasl=`BD3DS1!schE6wpCa? z5Fd03kqWPH?!{Hmu%I=WUOI?D5Wmi8(A$*Yp|72GSD%L=d$D@kqG%ctxx?VhO~2xY z9F{KVYckRc^h0?o1g+N+H5Nz@@<#1D|0}O4`+rlGFeZY!o3DPbW3wvPr~M zxnB`s0QD=thP%9-i<&$Y!8W>Dd!2U{l;R7~+?Xs@LoJWXp?PopTbxez%X+#Ga|BU{ z=B#U$_b>t~`9M5$+TnWRfw6!hgM5*u_ZXihL|t|;I(=YsoEVjQR%cM)sCTaFHm45l zo`8rGaF|UN1aoi0B6hs&$fuq_jt5i0Rf;rlHH;tm0N|Jq)N;G)=0xpU9BAUul$NHG ztCk`-6D5yDz(d^`z(k(HyI4UDU_*upUcGY!rj+@ec=ob(-Shfivm*9%+94ce_@s$c!d4tKPT9w`+_TqtaNhLRaYX+|8WV1Q%Ec2j(0@ zj9|45_2Y31#7D4WBL%pV53g{MHYJkV8cBlFev4!YX4gGRRW_E2Ll^Rl|F=pK3ZQC~ z=>Cg?km~=VGs-X0y??y1Mhm_%!G${Er`|qbH)GzrY(i- zf2d(MRQ`^LJb&U~KnYJCWtKisTt z;|&^Z0^=wuXTYabx=2^!OQ9N`e^iGT{sQ~GCWijg#iaMhJ~CE@xFs_;(5(GDQ{a|h zVI1Y#;poVl48odj*Yar&BMQP(KqMZzTr(L!#xDW<+ngl_&tI({O^AEIVU1v#kYT$b z!!z~DI|L`alyq7lJ&38t%?@BnGrzR6KDU%+U1U<`rf0m93bbqjkr5-{HBTODG{vjE z42l_MH; zTjp}Yi-!WUjF!NKYzxHnaJuzVz0SBuOeX(c_uf6vaNH zca`;axg+|kg7XG#I~vpaq4u?`apWEL^zmIs02WpW2eTC=j7NC=SVyNNu53q%yUCC| z?)luLI}iQ3d1FVJVh2j_|3T05>2$gUnwyryC54ZtO4#eXbZyrttu@=%ML%2hm->$B87IBMn zwxfdqtwl&Knnl=8yirfNO6U=ei))dboq;IeGRuMrXpie0}K(VZhKxOU|>htmnyYzHEaVoKUaU#Ik(?2^@SQ&RKJ+aosSVSHgJZ&%Qk&iwfB6)}`(R*tY87xUEc2gTOMM8?W-T zAk@Smp=sBk7tb*@96R!4eIT`wW|QVAYM9U~O>0P!_)Mwt8tg7XxoIc)V9a>EFil`|GZ zbsryX50q%pd5t461qc}3yYyUIDb*&bY#Pn&etXJ8_xIXRs(h|>^*2bUf4b2@)%d>3 z%C8&!o&FU;S{CRPYV7!;k7<5`g&tt5e^)32v*D}Teaq7MZ{6`vO5}?56wFjDn zB?>xam_8#2H+aJH0+4pSh%P9-l?yR{$U;TN5b01dO4+tu_?!F$IKuj+y zRQ~Z7eK9NkScBFE%nAp`ZeZt?{ZUWA-=Tdyqpt@4V*>U5F@VDUr%}VVR{H$eN^3O( zH##VxW$73TFxtJ^ng1k(n4@>m19#A4vL~gYCeb)?ZpAL4&aaLVhh$J=4a(rYHDDW8 z)35sA-IZ9_aI343Aes>gA33d%d!bjy`y-tWLx=@g960VN-`3*32>}Z?0;?se$bt4w z;869;)x_j&JBb{{dqSseV);@c&uy>I%f0?A)CVFGr)uG?K0Pck5q;H0Hc^cd$PhMyq|82699O=J>(krNi_{GbIv z644Mjo1!v#;C#CT(PLx6PCmVK1$Feu7cM_UZ}$BV0!_KYk&i?cTLg$?+-eNH6#<7C zpC?3Jv@(nDqX#0cHr_EXOapMyUk}>e8uwpyDN^z z#=$lm*W#bcQveX1>34nlW>!!jXCboSsksbjHQ->r$MH2))NXX@@zfoQ3nn%!z2&!4 zo|!O=zwkEMd2?8?qKVy<4Z~zv$=Ejtalj4`7#E4A)S0JeU~~+#Z>3Oh&yXNdcpw1F zvSC~HuifwrG;}iiD-yH!)1h&m6yv?@WkV>B1-Hh-;nteA5QdNxy*1mtMZ8i&B~P-= zftwK^ea?k2$=wU4A7i9R)}UAhp$#`dPl&7w^4ncto&dzNj<5k-v{gsFB57ow18(KTmeTrJ1U5`%^2_PCSB}t0(iTyB`^_wYGGy;2lMHE8 zL1>3O#d>+ObgivNUJdqYx95*7_Ao$lMBKI4i^o2Xq2I^Y{&a@@s^G4x(@J^BW@19}H*KGecXV`nV|HHZVUp~X$ zO4fg49QfIlT=tJ@+57i=zQlH+m*H|*_CsvyDq%c!{8pyKEZDhcz7wQ)Lcx&_3o)p< zW!_7)8~Y%K%Sp+On_TeR#|{*FYRto=M}e!81fhBd&RpmvnEtxcvBcq-&Z-Ybpy*Uj zS1~KE)v!ItusDq@>=+Hef(mE#=89C8sKxxkM8z^gMv-fVRI=TxoZR_b)q0uiX|LQv zXh*wKwbPB34Ch6HTmS|N+M_uGVV&6PJ13pU4RtPno(efmP~;pQW<^zJe4lp*0jO%^ z!ddy5xZ#%*b9BjWZ`#JVrK1Gd5i(oCo)MJR0xW0`C47ut!6uTKlc3D&z5H;2~jZU+sYh-^h(`RP96PIUgjwk!0d39&MixNVRJG z?G8-Bp=BX%E-THYKv4Vzj>MD5k-aN|ZgB-%AROtJ!~=@!aoJ~>OuEMtnLxmbiiEkA z@<@keEeG6AWq@rAW`i1`xLTZS>vpY#*4E*$)l?X3*m(PiMmBeThQb*e2oA)f&GxbgEWlGa zZv}GQKCW|kc>r#Wn2y>`>mk<7b7asVKB?+Nam+pgMaD~b4#<9M`-?xC&IXCAT`eiS z9bA;avG%S@Db%4nDEDjD*(u97K%r3}yTm8TvVr+Dfy#3jB+#PD#3{e$7>MPN_yxrQ zMEG#fR#TD=5-cuzNUnneuIzexBCz$Kn2541^AJdtWD48tamRp8G!^(bD@ql@2(oML z=q{dvjub@yv6=H*jmmvl=GJ7lxqL-$sb2LksG@lSkm>9B0?~J%_Z-S%F*;GxA*Bdq z6z+LiJiWH~A~<4=*zO+>C{{AEr&?q@XLSW!t}{CC)0kJAaw`;Lr-M+0Ru}Ia1sriC z3!yEybzdif+1_^*pFidfmsDRnP>-|s*gQ2)HVGhEmjk_;91@w+EfORwEUK%W*J>w? zO(|TlNH%t>TpsCZS>QH2&U-|xU8W*09roJ$Cz7s#k(-WLpmh@`6r zwYw4`Dy!1umPub*aw_HO_7XT}1X{*iQh-+pata+g3Spgw~Zjoe` z2GHgxj%=K$IE=GCPP>4MM4c6oNIk)-r=kgaM*GM(-g?R5r@tQu{@6Sm{^M~VJ-lxm z>-#wH>UfW4d3? zV|JGZn8NtB)0Vr)he?2nC7o(dYvWrgboCUsPg30qNS%v=evJxu%DRm^oH8u~so_t# zQD49r_U--EcOa|#azOoZ5O%}xvgzh{*mNwz(-?#?V(XdrxFZ;@e-vlLR|%3tcq#>r zp!m4gb9l(2yrbI(WV^S{ljjy>pgdwfYYhpr0zm z{rL^M{&(N7yZ?7@*em-FbfxR1OS1sZdgZ#=_WUJ;ZEv`9We2BI5@v(@DVfDUq)xm_ zmT80&Y%$tlO*Vc>x9!yvrG&F}&)bHv1`JXEsH&uW)YA{auJkuE#~6N!K=piDuhA!t?qDGg`X`+Q zxS(Qcqwru>VOv>@crr@(VW*N#k!~L+3`KIt-&^;tH7#p)xfBzV`w-?GxaSu!l&)4A zX>+@pyY&%^Go>~tl$|izWdY~Z2+{+VwW5Aqnq%sxqpsYC@qq#W;<+EBbD^wV5arO& z5rfw3(aQr2F<(Ne-}g#}NsB;P``6`Jj{mwV|GMAhe_iSv(BR#WMk$QYQoxAb#}1rw zKZ-GaR-^y&-~ZHQot^jYXZQWEr>S2|ai8+^-A@`Wi-Q30Z?@le?B<5u1%*>J#hWO0 z-;irN^E zB=X!_r{_D&2mI;pZ)EOv^IPKarNWRc-O}>H)XW~9JvRj4A2#5Zxtrdv2Eg5)-*^MS z(f4<5-Y?TUSj*eH2D^Uy_JTbo`9DNA(9~Jho6;Vij($*i(3m5ek9$~1_HxbYM{0sHlXwG zMZqn=ELc4EACAQK`G7!ZTT0%#e?Y?}@bXcBxWdbO=Nf%~$ulIecAr0r9;66E0zg;z z8SUZaeZ;E|@C`ml8dp%bbgtcey!`J!r*{wwt9|?{!-YCnoW;~T+D6pHuA#o+ogc5H@ekEQ=1{|hjTUP19*_F^m)IOACX>U7EADqh% zEt-ylv?jaF0g1?ce!L%dJ8-MZ;!$M@z?WZ8qA*Qm!daq*v&qm*%VV>`-KKXD7BEka z>Gohc?)Qh`=F9vJpJ$caJnl-5jgOopV;K)yO*`M~!W#`VV5qC?@*#DMAlaHfhIoU7 z^NssayZr+_Y2zAOA+0_BcHMzWeL@ko8_akXECOV*zf>o`CSZQAWI(&Uxzw)sCjl5( z(qItF)R3cmUa}UXJ=`qYJ=qCmE$z|^L^B1UbwEK)aHkTXH885g&dNTzq*1b=1aMU; zG1`iJgvl}FQ4wl?m7u3Nv}0h(c6KL8L21BDUvln@Fr0dMhzISyWYOdSLj88bj)-zP z5TJE0u8C?8*N(%ZgFmK&o2jT|son7g;j8X}B;x(4>ngYH-41b8ylcl}u}&=CHSF9x zG2IrA{V7a}Y_D&^15Sz7RY{P;!k~A{bZ?f}n%5LGF>HpJ;4g3%6ZeViyjWwCBO$;F zb+^6;1z0eA=SZttkds!gEi zGWyM?ClIjPt$3@$zh67>EC_}_lBFoq5FnrJSLELx_sc(BEF3hoAV~bq6%`|`w6`x> zI92t}^Y{-Sh4a$|1EDH!K=bqs15qm%Gq5xh6U4KAGe9q=?X0_XF8I57rQgsW&9WeB zlDxywIs5Ze%w`jJ>}1n^gnyXaOM5}DgWa$7GZh*(}DR$ z8hl%i5)>Sm%*TNV;-~!+z$Os;5(uG(uduY7T*QhN)Dg*jl7OGaa?4wtGC1g-+2$l4 z46O&3C#O$98+%yy^Ad4gzgs4FWAnC=@pbEiK_EQE$s?^qa_FVv!o1`zwdu^LD!6V& zvW9dSB0s}E9<0eKKx;y+>*17yVH`r;F1sDzuey|RajU&BNwV!gfzL)LGG5FhIh1(c z^}-}!<9OT}&@*FO^5~F$)peUD8eF4|y26=K)vgjy;@(zy(Z{oJ;FNRL`sx6KjdPC! z4?;OW)hlV|3+6A!i^|RMK60Zn1tz9pXwrs+0N6+Av^{9Hss!6tpmbDBA-Zi}96b`= zP#vE-C?{QB!H;Y1K+OxIVieF#(0mZJ{wp24M^ejr2!nQMF(?&5L;)te-0?7d456+82M$Yi__j`FI@7>IaDs>AhR zKZY7+MKC6=_5HD}DasIKm>Ch$C{I((5LeQ=gxM>+_ft&?AW11EFYdL-oq>nu+B?Ft z3L8`Rz-uWe6CrI5FgcL)pev{=@R{cIn;K*-wu7=+7aVnS6B= z4hX{4Te1p!xy>XY7-00K?#YN%mSX7y+Hp%(4@izSJyd;>8v*O~b`vziTo(=1uDL-* z*LHzu>#)9!A)O`(kYy}L^Ol8^)f+aT5*f9;2jT&!=9doQlJJlRiB@&MHYZnZ=qp&7 zA2-5_dcfaaD|r`O1}K1pv|0VLGriDmkq>2Ybarr4mJ5U-E0Fre`F!I)reXmfe|D3F zV1wMI<+X-9CXZ^#1jv{WkE2cLM0|^+hqy?KbZ6gfs^MD8ZR(`MmYnVGDIn}XV=*TlCW(b}}v`RYy zqN2ikml#FdZj8<@FT9`8w6!A#89y`HhUn4JBBhkAW;@4uNHE#MG`nvx&DwcelGPp_z^~9^L$c`WVXe!yn?g@ zfKC-#*5T~oH%mxvYN!|xZfg^H7v2fTq*lE8R8{Odpj(LXp+-lBw0=o55?AVDNQnmCA*Tzp{Y zeG7|t`;0+D{qYSIO9Pd{-{~EvE&l1#|ahAOMcH0(BcCNdR|6!9E?$@2>Ap zk7YFR)%E>JQlTo;^w}JP00u}hN9P?3ab`bv;m}qC_8|esz!l~*e^9mnu&w}P>)lSV zfJvF)*C**PgZ7j8IQD>hI@Kn6RW@>YeF1jn!<7Ri##eXz`_K$dGCq|fzn4tBSByW} z4{rJG@Kn0Ue`%K&eCUpk5?hYmSVhTk`*=0#db$^TedYq;IVXqb0q}n={2^`2Y`Eqq zyZsf`-A6k<+Nw2f7Y<5S=VhjhWk9k~plV(fL*|s-CNFX1vD7Zh*(Q4+BH)ClbgLF* zFxJV4&27(#xJR*|+0fV=o`^iCxabz!)m!b-XBceHTMvN@-z)l2bSXJ_)fSxwwno&q zPL$ls&a3Kl-p1jk4%Ox0p67Py1Nw#(chGs9oJX!KFY-9J)>W9?=G@dX4kAlDf*wW{ zPXuqj#1)tcE*W;al{?O15AG(SGplba=$2#FPvwgWX&E?-VC5FP$my~N zUnvQh43ASu*C()OU(1m@={VJshqH8Ds7uY!o~wZ#iE8O&=Cwck1gU_bIVK z=fS-(F9kf9V!rPy5KiB=YF;8rGnWU%*n&GYIiK9qc3DFzUwyeLo5~yb!>!|?t(qCp z5GDNqoDqOwo=@}EM|{R>Qw7-zUm{3ng~R2Cylx|)sa&XE)+w?i@KW0q2qwl5#X zCvSKo=)ka#0N7}N!~jO{3jJATz-$I4I8TbZ?%;|EQ_^lovrz7NV~?sx73|Y>zY$Eo zTOBrUWkd2)=}u{X2pdHjE;ptEnc~hD5^QoJ-twF4EM3q#M^ja439mnZax#|J&t$N5wtChg@>VUDQj7W&ttD`f@=1L=fJCf7D_w#$vv$-ga0-8w_4nOBYMyOP-5}n;2+}KPHy_6qXdm=jlohsfl$?qz$ctPU94%Oj=R&c znJ#qZxXj6V#D{=y_xUhJwd15iX;$pG?5mv=V|>I6K|?cyVWj)B_qx?let+3I6@+72 z_IuxMaP%r}9^*(6_rwwX{X`cwF0G`I3rs`Pm@VP?-|i;=t=a?J%fGCEz84!m{hxoT zJ(!OOg5-NjJftaj(L!+b;}riC0WMB|Rd>9r1b~11cj}IJ+3~HA`5)CCoVHWG85f<8 z5(5gEcm{&XM+P?ViNDny-yZu9>W+8W@$H%Y@9U0t+408R{d;xC+c~`c{Q_%4LyTB! zvF9dL_EkaDaMs8L?AmYSe9Dr8!n}ig@Ap%dml#bCLQ$lh3=UY_J&Hi4s!m7f=FzNk z>JHfuTz`A6+}+uo0h)h+`M~qa2g;5n7krLg&;mXzP|j>y<`y$yNh7bTusZ>x2E?#G zw4kD_ZxUOXu+=>8jsUiLy=n>kZG|9FKWyLS)Awcf!bnb-9Li6Cf{+Ir%X7Hy^|4;wYQdZ?nHR|1CaKoVKi7I#2@@kQ~~xT?Fd4n&pix;X~HDeP7;6pgHI0k zs&MB?$g$U7pf&iu*MWqP+q)u%A{?^)$hF|_pxDT*+^ z1aLV##(sb7FJIo*tAm&MzkhjOukO9;`d`1i_bBr{>x5$}Z-0T9$3MM)oZwvhdYij2t+MINN>{m!ovrL8> zTxsz^E9gO|zFwjw(D3vO(j)l*{@Y;)r#z~2U@~6oj=8P38)v8+cR~QexPS24>wG-O zT^DeqaF1U3*lREJ)v2fLExsOTkj0)K2gs1UDNSkK$-BmwxyNvcFx|eeAJ^9vw)4ldcJ9-7V{ME+%c}$KZ+YgHEDWghI#`)WEBF`*L(GBAII~9#~HCOUk^I3BliUPc=Q^` za1ij4WxKt%wZ-8<+Wyz9^W&oV3wKuZQIEhD`70#_bL1CH%FP|wWhh-!MRT}$dRf-h zPr)aUg#|$yH|u(P9!c#=;Dw;`b$r$Oj=8WnZ?OS(k*r`4}$%&Y{YNi2Y5mB ziP+Bp*$(7@PPt!1cr|aFZBok?+^x~&3b3Wyi=9K^kX6l-ihUVWw;pWg+9(v`J*g}f z5B8qBG%AQ(s*im$Dz_+hn80UOVb5>kk-gAV0PL1%n-8XflPzCCbk+&NxSy(sNzMHP z;dk4ZytN_3**Il5N};u!R5`~l$2*z#-A&py{h3`iDtBMEUQjRBj?d6D(Z5FhK(AGa z9g<-}mkfw)^QAZYfMgING#TGU2(rM9|5V{HeEZTj=L}>@l|+fE=4k zPCW|8SRW9bY47GF-yc8%zNCdVrA--BI&;GI!R4ZP*OEayJi4m|k+jnmFzPV|P$FXs zI*#`VbP)4sw4GKP=fojj{1V*{j9Q8=PxDGDUJ=Khi*hly(R zQa>un(nnP)9yBV^Z@0oY+Eu7<= z6L^^0ib4KChxYH*CjUu)0u{TG(2HG`$ZBhQjNBQ$;^uOAo zKr^xY(V~0|8b3#)y5;=4MLsZYGRJAxZ0x z@hE3OSiu`y^p7LbziCyVNBkCLc&YC?1~D_+*K68QLcGvmzhIa;217t|;hjj{i(oPa zo}_Tf70MDlf2(gJN(NdTScH8@quLx2#6=-ah9+QjvOhm)^h`$9B$$YTs^S{0?$(uK z^fEwv(W9cD^teZe3qLIbC0(9Bwkn^TBJdX3py>mDbh|#|!R7e<-oAJR;(|i=_uI0c zTa^dVgc~ft@A0#{whWq^p6B|_Xk$6?7dOZcv4_yA#1MN3x;%}!U^yd!H{{iz`psPi zy_0V0bOYqTgYNo1AYTajJo)@fP?fdro%zOYquD(;YW#LcI|PXP4q(2GOG9zv1XIdQ ziHoSvbq{h~b+C1uBx5Q08tUk+a%cDJ=sKO0oHC3?=(Mb7|NalVlFwMAdm8^?#{573 z(ocUip7^JaI`TPuk*a_c|hTj?y(U>pw9J_y_EY~{Zqx>o2mMDN5O-}{SR?%Ldq5h3-}_7p`uxpr zlLZZw7hj+SYWhSX{q$J&&g7sb;axR+L>C1g!ATI@IvdYN03ILdvvUCu80fpe=WsR@ z`ZISG45XJIUcsM!4-{bEe{b{g^8QW#(+3U-JP#+~c5z=-&nXRlyZKk<#_x2k?>BL$ z0}yHOZkH1~o*{#DzUSUy+g$pU@5Q8>y{EMEpUZYOR8!Xy{M-dR+VN-|jfMfsf)UN# zc)Z6-bKV>()ihpemD=Pj)z z)k{(VZh1@Z0xT0K|G3=)kYUduN3~Tpw@bTgZXPHE>pQ(akePge5gh|j>yTiyBs#Oo9FsmR9NFn?DIgVFgypuc8+^t z|H{(D3)UI}+}hk;j?!*lKOpZ8QWmZ9IHroFYq@3>>M5Iz^il3Gb@PY^ftZ~A-S(%K za6Vv9uNQ%rzExe|Y(h$6Q0fKbBYIbjF>Hh4)B~wTBTE!Vv)1ktpc@dp-X>l=E*l0& z)NWj~z2=-;_}_G+0IXC!FXHZbc7iF^+PbXFpvqdF)|haAWFJyg`Luhi9_9>@tFIP$ z0+LZwZkt`SjTBnI5}#P_H#id?nkfs7V?bC6bFR4Jp*@`m!*0=I&6LLJ+?mnsVq|Mj zGjR9W^`2V*l=^2RzivD{9uIslE&$~m9L)q>y6cNqEO$d4%5xy=_@NR<4#z9R<-B~i zKYi>Ye&V5itO)+Sv~MumQV&3;+|qiCQgmJ)^OoK&d;qH)>gS%}Z@>5_?IpM=zj>wN z#U4&qfh;Wfx~Y2VTuWSo6|0t9aleD4-qSfaqUFPBt+Bp|0YTNB4t>?bN8D(FX&bmm zkO_bpXO|zuIVJ%+zUb0(w<#=~3Xdl@q#>aVb?yFiSycdk9nSOul+6xo(MYewNgYOK zZ4EG`JE0gh^@cpN7q?VF$<&J>n+Z|pZ0Pm6x8N!U%kou((8=euE6nY}+7O^ZyvQ?q z)=OfLvzO^mfD2*9)C#iac{T&o)RXzT$I1sj*FMcH<%SE%<58#(JLr)%pRKK1TkT_; zG_P0Wvn*%{F-9K`Og=p%q(U>W3~E3VAt*I8ju)40cvEqon-{H#HIV_?yd#Xh*j>b)KX6}W!^C59s)GZxn3=$^16YXAyGy$ zp=FQR5joLV&_t0qTsE~!@1$qA-tw0yb5C+6vX`n#J|N^U5(95crNIZ|97h!nXsMM#6ON0nB=^c zsR>60Jq6aIv1~IX1Xx&|)X>!5?j!yt1d;hKgdj4{xAGx`@#&|9SrhNj)?M%?dl@L* zBf2`>old`)Qhp3T1o{HI`ELavzViLJ-wHr{mpdCU7JMt|0~X49S`nOgJf85D9IqKL2{ebh zKm;Adh^!M+XG4YNSaEKCk`ntH^wh^H4b3*=+5otUjNzHlwk3fYI!%3A5d#cOE;Jj+ zRJRIwAWGws+HNL10wQ>6Wh=>|eS9=~Roi8i**n3}p3?^lF`t{O;oqJ;$d2?Y7zs|= z6?u}6mDg)Xqz13*uOI{s=F`8o%>*BfnxGxeT&$UQ(KkEw##Rj-s{@FlL)_?`WoPmq zFa5X4fKVBT-+m-#xNa0kUZ5thJx)>|G*C%f7%o=}#0+K1EeM^-b4Xh<8(lRZY0!rx z*BIW_l20p-5|u6w`glepW@BtJ{)-!BtjsQMLL%I`n+3BM`K|FI_5-}U8k`u-WU z17rpXeTG|*9S< zex=;cnp{!NfPT~dlr^fakVyAVOJF~pByYFldw&0kMFH5^$H(j)KKizkd76FzD(&wa7-SiPA~RJ_xx-w&4u79ZV`hEa=95$CG&EO z>uH}x08;5so}RI`1qLdR`H>yWQCr*LQw5+8iv@j?E zk1wH=*IuZ>LoC27U!0+OUiHp3&(CKeFOqpF;wz=eKy?R&_8vo@UiOn#b@nR z#Yg5GLNer)zHgG#3s0)!P2yo_Y(Q)sFfe7ueTBwJZH>vkACRdG)yaRbKC`v*iNM$w zkIrKthY~toU|Gn6?#GRMqTa~H<5*bElkgmruQ*#@0V$QY#kQ140O1;JYXR~Ew2nyr7i%iHg-&w z8Y1bg2nv$L4pOEdm2iD{K#k&nzRvCY5>SsP87FiB4jI{2*zCj>AWMcM>U>58TL9lg zVuWW_iLsl_G$(*3As0-wF_&9Pli}%0)k4|kpgw`THPS-dY5_uc1}rQ4gsmW zuZX4!DhQ3jHw2`$aiN}AB^(-mX3_jI^!{tV%GciabC@Cu=S*2qjAgeCB%0aB$#NHN zM+MMH{N>b~GTgh2X6ZP<@hNZdqTXP=O5NGrIo#HneCUSj(87EAu*Vv_u+j9kto~B_ zNinp?Jg1YVuKXymL9?c@%H2j&nWiN zvkr2k>;ai(xS&9UwzLIIXhfV#h z2@8|BB9GqGmS{v0_|5BlBj7FA^;|^;5Crk$FlZ>8vu!THB_T#w1?y z!r&hW=(H`oVDA@?9J+L2_{B+iSdKCfNNyN_cgmuKt2R2&7q)<)#BsImw^uTQ=OZj) z1jX`hq|Un_qbPty9hYOG*;bl(<{_OKRX5A7c(vVM;Ej7?tQ)~fd%g4 zV&*~ta*p6+f{ddFjI^4sC~ojFe$2JLv%}#+ev?T*F6GZbSq#H7W&ZwH_T#g8m-Am$ z!W(@2OPTPWJe#j41GBFb91lM(>wvNNCSWlvu-4%VAin4AXkZ#f^XoG>XUmX=B|64( zRkQXk9|y(>5Zua<61skqKI)h~zPMiMq2g~L0V?HDABZEnEnl7K>(b%l^Nq=M&Qn<} zcRK933vfVoaB76J0&iV4c? zBQd$;rAWd!JMa&n6Ne!01t-F23gzb4!otw4VcN{!PLePm7odOW8;mSh8MMK03}%N4 z0~SnG6LENfe)I~1yA)zInEmK)d!D-yBEEagEBBNN^as35gI&2X?MlW?FwNN1#$E=-x2(V7?(0UJB^nwwTG z*GE9}hXvk4825S^-E^OJ-s2%^l3BO0HVE_%=)7WdM;b+kKt$09M{@@3Qn!yR)8i=- zLcIr}7Mq6N8Y2sOvmGyV`?j#_7rvs*QWp2ubSzH~=71_vI$t4-Da!Nn_Fh(oQ0250 zd4-%m%p(e6PBTc=YOf;a71iy{0` zsf8H!5KfOG#p^;!7uvlMRY`X477+>aQ~*i-zPSQ)W=@{hU4M6Xj@YSqjRp~{Xsv8r zs3^c>jg9`sjk>qB69$zy8~OLmLBO80ON3XcI~;Y$z5adA^lN|hPG0|U>@IJ<2PDGG zwjgE(%(=}K>r46S;ay@iGT%S>R}c-aTrjw*g?mRFpSUun*a_q}XwMud^@Kz|W$K$} zLlnkzZhZAtu&U5Ls@1;(Jqoy_G^x9?-w0xz@mM=_M5S+6+oYKDc2)(-yY%y2vuNKv z!-!fSeP#2sI#6R~yFvhJ{SohT?ykOgBrz^8BH#^hSanAYLN!)b$Zt{?m#c{Rr@loW zl^9CrQn3%|ys|JJ)Q_8B7S;3C2)O3Hz3&6u=TvU#7@Sy>t1MC21RhQsl>D%Bwo>u% zkY%Lf@e_Ix{X4vu$E|Q6KrbOk9W=HGUi2+;32(X$pdYNF3SbE#+oJ~M?y%3m&jaq% z$lIRn14A%(2nM~KYIbRm;@~$=_N9aN4IQ%rqt(ZTJM{c5lZP1(7{DoId)_==)))no zr^=SZc%`q@@jg^6k6vIr;fQDru-!`H5Q;dwJjnaobq~5syE~*$^UXtjHBZepC40W* zCbgQKz@WM{rIiXiQcOvA)ZxZV_a`+@10$Sv*KTo_eZL?edSf5do|$!$HvxUI;g#iD z9wBTa98mKLh+(d}1g!DQs6J_DyyX#F*y<(%2^}r6K$?8+$;hjm{c->}-{s8g#anmH zT}ryAn;=_F+3f~eIu3LxYFAVQ(UIs$2zWs<0T_aF_HcVyustQpF3%MDglloZ50x7Q zFazssgmmxBviN5ZfhQooL7(&AwaxFyW!PvvzbWv3HTwM1&CEYQM+dyuubWw?l&*nn zy4li{YmKofde1%?`6 zF?+McKicX)9@{7o*u?;3>+@Mb27T_{6!xJlOlol4%vfEaTz&AbWLK4ucM-^rj!mbs-(wtiWG) z#MG*8_skZ8z@_FI49E0ht@oZ3;d4k~t$ok(!tr6xqcABwRLk`=C>|u^Y9M7=*3IQg z8ALv-R9+_5nF+DcJn5X^-=xY{?eNAb|10Y%o<5B8(BxR?12LbcgV{GPZ z_Z&g_zI(g~!8l%e^t6G@K164n|Uk!^O6)e(L5b4Xp?C?#L+zhbI z@=m?WSav`pk zJTwH0aRinCaUIT{RrzV45;{nouoG05k!g4wgH`(f8z+K_? z$f-?Ci$?n0N%y!K%UlH%);7)n&kB+jW~!ROTH0P9OE7@x;ViD+0l6d`TB#CO?3AF{ zZng$J?1MFVjsjtSUFSe&<=-{F{+H9uUvFxdgaRZ8K7;yB{b0h|YRsyS z)e$-hX=oq2U%WZL`P$9*FFt<&On`u-k&rAfsoHmH`G=|Q2WokGt>4gcf308g;f*c# zL9uH=JRcA1`0_lumH2WXW9vhn%UeJ%r-%24UVx-UHv?W0gT(Ta>XNkh_(pH~xpR(QOP~=K%{O z9MLM&2HtB0h&>MWH$lm#c--NYa-dFn6+efV35>8KSFOHC!a_p=_cgr6QVe%B%`1q` zwHrYFlM@OJ7D}w4vGA>M<#Nc6A1a7^UsQzN+eIjeS18x1(-AV$JETuwDO^A>7dGZt zrX!{4EH29yht1Kudq^@@)}Cyi^{Kh+W;?VSTZI1E-e395nq9SqT%#N!QTP6pmjnPl zyB%qQB7C{JAmy)KXQL(0C6LT5-2wgO3z%=Yyd>N~XyX)OWr+1vZI>L4Z*#6;MtPj) z*9$19mr`{vM1dq=nm@s%19HeP+r|E4066H0d5zdAcw?+X2baOkyM0CA%OfYjf$Rrq zN1dLa5X`IQ&G>#@AiW@;ibqDOJ-JR1DGjBQ+>I>& zW7u-s2h}sn?F`5#0J-r=vas+9ZYX=CulUIiiZ ztN8R#=1I;u1(hg|Ui&TZ2-xPeE7w6qplI9`+UhEv*}p?sMeg7)1!O*Gnev{&v+DmOsgO_}`MW{;Bq1 zKh%2F@>Tm>l*rDVcks#`(7x)TF?078~&ie5xz)O zDoFg^z9FcApj7#`URXaL+k8C;P3BKEPyzb|WjcSF6=b066`u7WDgrC%ASriq65lNs z)JNxeE)3hsH%~!=+D0#&ee!|#a`y#b!2*2iGZGgrg_v7Ldg6EMtm&NN>rYpJ_pIhx6H2UE@GVV0&t;382~`zAvODq>XXH% zoEJcz(GIQ`5ZSUrWE$hYpgGe4spR5)C{r8b#MTFua20{^L^nwtPeo z;+iz4=}3a`Iy%D%3x@-h(;*KSL}Pm8$y6Emw4}u1b4y+VFW@TB>45;RAyCm zxi)*h`#W(?M|4z$I$H_KT&%g~9OD_di&&W%3(Ckwm({9X5LXM-C-EV;!ysngt`H3ka4_HXyfc*cvpy_ayj_YR&Yg%Jkd1k-w!szmsP2BAXi+7%WCwF- z@;ucI!Ld`8jC?KjYY7<*lv!Ib$JK{bwD1RK5c~y*H4>ROL|s%DB&1Pp#yVhsrHki2 z+zl|Y<~_dL+l;;ek~f-tBMF7uHjp{Parb;)KTc$U-Y#f#OKKdxZ+to8YZ$#=kPS_e zE4N|KP5)1xonK>RK^Xx!Lity+?3d>5-#tV5;9d3Q-_DP^SYie({L$Xy7-Gj_UTzs3o#*o)3~b$j+h?7RT^;&2Sc$1~25Jq`M-O$CBQiHksd zFo?rKDhmYnOv98fYo3t?H}SGcG4d`Z9OoIJ5aJ9Lrc)c!#_mWEkAM_o*;Vg|Sq^-n zpn$29KM}Y;nDadvV&X-S3C!yDfF%1YGpeTO#0z}wuaXHMVEyT-;ztDT)4IXL;QAIT z%-~&GpQ@`I{D`BUETQWYp?)ib^!}DyDAnZ|~uahd1_dNUW zH|f$_wAEXkwDD=*#heSH@!~BK*@zJ@7zU$n4^&TL9h>6F5zedv+ zL9*+k%}Wwk|FhKrB4jMGAor}#pdkZEsnDPQb=yZko&3#T@VW299Ocu{2stq-R4cIB z-p!Sd>=+jo*blEgzrVt7>9PNfD+FQEpH(Jsg?~e={Jt<*H;)_gILir_t+CEaI*prX z7<&iNIh4Wj^oeaB0Djk9x9wi;yt8s__FHKtGL#J0&~isT^x+mcjs?bT zhz)QsPj~WlaI1c=9fiY8MU*vQBhxtu0rjD0lZ@1GXd->+Ttj|koz$T7Tl6^N; zi!*4*lQ{XOARLk--t}$K_tz0=%|{Ot(76I+!5ViDJYIIErG2_2cjGtyUijKn_)TH5 z9h5TT2tY=)FtF7($WfD};!+JD>H2MD@@H;{pJxQ`!sIhL$kYJp-bd4;Y>b&J*v;5U z_8d{Wz7}>jbIaE~Z`C#oyVS;?c1OjCsvBfnLbzrvV%FnrTLW<)#yT2_m7_ZB5UacS zeTsGr&vxJ?%k0MxZk8mK`2fGLon@UM45l3E}qM zQr8$_H=aC6v(+5DM6f=V8ANx^wsvcR4Roxom1>G!ryMU2E))c{y=ad;J#oORp!%l3 zBb9|@0>Qijuj5HuE&_dS(*)m(uNVE{xL)p+UJ)h4_-$|1u+vQ9telrSDF~tZ?-wTg ze_ojA@5f>)e>>b2xQvzUi4eOb8-6WJPCpeU?@Z_qlf$1CCV-dx^dEr(0?M>+2RkhV zSprnn#h1=-AVDJ8mq)1tS?Z9K`NMI@{EEi^M~}r{TJG;q?f>|(_=o8OLbYG{w*wov zDuwTw*l*K^VEzr%fpf4nK7o1o!sZB>W|gTEGPIl5G1TDvc%{*uQQyh!p1x(f21FS` zUqp4p&l z#BATbwwLV|5}AfCp;SNg6rJhhTRf|Z!ZO$mi*Q(zE(PDW0Y0k6Y^%mxz*;k)MfZ~+_* zPJn}odxl72dvx2IUS|m2;VK!olF@(}LHFmixt*EqJ1h4afi zL1!O2TmwvQe?0;|(=Xn~kHz&aKzwohZgK=4RCt-wYxd@KKay4Sfz5g@;O!8dU<9BSYS-wKj{C?Hwk+;|?=k}iWgb={TLM716L zY|m%?P+iI=u{oKLp{hNzSbS*ibJ_1WNIe@R8*-3$x6QUCgF~`6pV=Or&PW}YuyYH`X79MJ>>t0g&YmCheYn16t0B-9pg88-vgythe;xNapbvR2s zB*zW(PJf8U`y!Wx;G*CuF=`NpcvaQt@oWS#&(_5DbTJd{g|R6*4~OR}Fy&S^O8VqV z{H5F9o>?O=kBIajWaK#|t_!8%vextlPGjE-%v8-~{FL|gHM z7h*)|c4{oE=2Vcu8O+v*E!K0bZUGuJ%=Nkfou7XJ?7^!$qZee8!VknYN>IN& z+RAMWoh=L{X%m4$$ItW!T#Z#`UAG$9=i-Jkcx@-IxYl93&;@M=E*v% z1aJI9KTO)=7Qo~Vwm&`5-5T~rc^+ATejR?CjKh_Q?*kUF&mrheN}~d!u4<|H?rn^B zE_DQ<8+iQ4^0ha7GVv#$GyvMB(YY0=XxoI>Ot?RC<<5xZ6FHDr7vXj?CW8MJmrNI)~;Pm{E+?AKf<dfSQ z-q3BD4j!|Ep+O92j{WCObgFrGxE_;NcXe?>aizTS3ML~&_C~cIq%EBS#-+h)I2PC zz_Sw<`9fwI1aLbMQJ|M~KQ0&s5AN(WjzB&U@N1aG$OS|lkM;lq&b!M|Mm8`!-*!hE zZ3RfDJ3GdH+vSsV(dY5!4xsMWm=5I>7H96~~46mzQLo^4*> zW|SBmDhzF$UZ<43pDqf+=cdh~4;gK!a1MH?>hBR>hjbnJlb{RnwQU4V&bs}1Kyoex zowX=mVV?6>9SgCW?vHQv!=K=0p_}+??9U%k(VzbIcl|}#hf0GJzV#P9h-ccl_+}o0 z20$_Jj}*1{2+|6EQ)QGX@okF+Lq9C)H}vVdiUA4+Deb)FO=UHB?p?Y+Ouu|;pF<2o zd@(S73Cqtk>j)O+hyCLL`+0;K*sD!2(DlL42J$$-;?X?cDpnYo7*LV-@zRt4y?+6Y z{+Dm^?mZ?~W>IBn2a{&-hhJMVIk+WUNvlGAlPb*zG5_l!LJz-v_iyKi-%)M9z8PA4 z&RTwmF|yv7Cc(S^@sZby0|bA0zXqha_iNAZKd<-41+@78&gb?1xRC$W=k@-$kpI@_ z_4UpE_`JSgss79}10A4mmKhjCjqZc0&;Sm*iKY-0E+CJqe@wGGE~HTcK@^}yEfY-N zh-tt*k4I`XCM~!Y%0}5yi4P7cfI+2O%v^)qWWjzWg05cXHE(}V!3Kj@*A?KnQ})=Pgk4yn>B_bV9HeKhLKT}RaW8?XUr z(P(i=GNe$M{P3>f7yh{GQVzyzJL>|OaQTH$;rT#8xDvLU(>OZu7R0qzGHU`?rZrea zj`Zzu7)2K;7*#sl!Mq89n9n^gvn>eMU`7Vg9X>>FEhJX#fO6f_w`Hy8muZaOX!Y!QT;QD5DHuz_Ns5LU4HF`*RA1I1qdEw zd#BoK1IXCm*&lL;6C}Ss9Dqr!XeMbb=L^1JIGy>qYgJ20d=nWze3jMJ(i%<&PD5Js`@A zw$-p^*mTKrd4C-pM#Q20{<`l~V=cnMsUp8-w&HFNg5Mo_X{D@j2V*SFE`G( zTvK}J&5BXSQ@SKD)J$+5NVZpLMYaA~6tulh1eH58j(|s(384)6evu+HCtOk6Y4=OB z+IZTwTPBr{x6Mh^S|dN)H>bz-sM>&9?Cvtk`$J=*WnPS3mt4r@W zosb3t_{^;Ybln|1(}&43LYTj5OENPg_&KKIHo5OE<8-ih50xz;&p+jrw`kZTf?^f3vs~-?gz8qgxxUR2emOvJuD31m^^Jn2Mv&1A9;=#XFoJi)q z(Z-|BV!AI-i8G)1jXMgO*0)ILl52YRvx z)Jile1FD1rvwrqM2_lo6ZUSB7XP_cq9u0aGg-6_N9ksrUL{v!w1o#9u%sum%G`-_QBjf(M~ovVw0P>*R%iQjs}q3VVgWs< zuPuluIJ7mW%hnW2-V~)D7?&oXk*&{;3wT&}*69FJHQbt$&Mn`4!>_KIpE#G0=>sCV z6Feb7801^EyZfBIs!ym)VD<|38}QGfhnoB4vj5$yM*ixu zzx9E>1*N^|oWH;7_sA8z+J8241xK8K@@^M#AeXgD)`!heoKHi=#pTqlPO5j_e)g}4 z*OyMxB?^g5m(#13sp4$nX>p3@^*-B~54M!k*i$m(z1+Z6H^XV0Jzh%x!V`4TGj^O_ zWKOS6+o^DAYMsGD;Dj7fn0y@xod3J_CLqe45242|>~r+})6a#{J#ZYb z?9*l}y`%2m9rq$kR`4D-L#${CZu?lpB^UmDBN2Z7J$qU`%wk)xW5slX4}#O4k>g`u z>e)!r(|j<&)au}CWYGF+)$B)Tj1a1v$`oLzt()ubK@7tUYKlT{6$n!a>77tvz8xUm zsR24WxN58^tbu)AJ#sf0)z`FM$p_b097@rroqJFn`aTsPV->M$fd6$|)*q|*gI4<^ z&i4P`RV)o}X59W;xR$F-_K}aa@nl#^#*xF^F%lTJev)@W*AqV7?^iOkKehMN;=i(z zkxvTk7sc5>SQE+x6rsV_m8?S8mb!dh$;f*tzn3=*dDs8#N(MQ`pFe>9-K&15VEn^g zsh}SyGBgPg$|d4~2b_Y38C-R?6Ki7R#=N!&SW$-*1#7cYcF7KulPCGQ*$Aym+9KO# z+%b8nt_o=c27sy7sc(!EZxlx~$ptg@I_554}&v+%_|4|}w`v)zD( zyzFtL;&Z4$G!FQPfI7UN`om5!!Xs%VQU`h0+Fj6Jz~H=J`36rxKIJ?qWCyB*S=g#e zY7{;;6DkIVD)zv%+1bk0=~~K=|1~@xn=q5;@`S-YxGMxJeUS>KEyHEf1`qO(0=ri? zNZvqVK%`y5BilRlQ98_qR*P4_GfvjxFkKKn{dT~2+pg+c;(XjjL|IzP#fMy^oqC-f z<6db|h}t3;30dTq$)DA04}^`1vJC*aCWzW(Z_Ncy%*!}6y0MaRl~LX zvY8{VNYo_3=J3Xo2U3lbDDyk4f+lx#hcUHx1J@sFZiHzQ$+jB_nk7PzqrTEM07wXU znh_iD6NJfac@lakkHKSjI@WH$#XFqk;S2{-uId7UWdxm+BlwN(HUwvEJ;FwDS4VR= zkX)}syHt+rdA$?(+HJ>4siDRgJOyzNF9GOMJnA$%KzlF>kv?|Iyu zW=o68rHD7~VPEcFY$-oaFOYkq?Cq<<@6T8y;FSXp%7+3U9_v3G0e)zI^4XM}iPMs) z^a)D-`U&IcnVPJz0tG1x?2squ+*p}MtXBwsG2f;B&mEaJ{O+?YsxM%8$9XY1Y4zZA z4ai=lv<&(o0aUMHNoAC1bYCK*F%Tr+1A|j_jD~&dQnJHplfOnss7Ko=ZWcp`CfaEH zZTaFIdS~;cX*u?oKSVfC60ehYai-~_&?u7Yn0BKfE|@7GKiKzSC%N1qRMcef2miR~ zVZ4U~h6gz%o_z0LTL^4$wL=6MmT77}fw5&A;#_iDTyq-O6s<@KFe1%N9nK-#DUKdE z7QDiJck#OrRzDDytTbb{QX<9*dL9}8QxZQEVWr{f{W4p}$0|TPF`k{H6V+1=VJTPbSqKZl zUKRW{Kb^ol3GT4|!Jr%;HfaY5Qbp5pV^g2NxMoTpR5dF)0W z`NezH_;4>b;$O8zi~sRgFyZyz=Bj^Q>i=E4lXu_6K=CbK3v?BpN-cnC+cg#gTI`?W z0!&5x*5dr=a5fk4LW^IPwd;bH?ZSgt>ym+W1ty7qOd3n*ZGS2AlLN@l6|XUB@n~}4 z$1xywpLWzpp)ZBgy9(dgF#fUw5R24o_N6OnN{4U?@f)Bh_w%;`8X%D$ZO=c3sj&B} z?`|eoX_If1sUKeav)lN1IQ_+4AOPn1$G7o!cLAEU-`xh6n4Bqd%K(^3f?-Q&&+%XW z{uC7!Ras~pL)s1WE0k$|RmH~B_!lznV%XvKf~KG+fHr`Ar&?Yush}XPREEmEgPOgc z?uC8hud&4R<{eyV`9?V`FA98HbTJL}Cq|I|5Xa`?yEpT6rEi(LztLg;n1SRgKnekd z;vFQ| z{AtCtnqz`N9T7i=2Dc;`MN)FB|k9e0@@w zwkl{679W22Ztkqgwu^&V3jQNqtJA(+nyvwvO2 z^$=I}ut1{q$y%9By*C`pQ^UmSUG@@jTXYKU6 z9qz;wv;e1%pzCQMReupXa}d#`r@m&!xiwU(f5OWCoyXOY^GX}%b!#*#u3Jv1b=8)xi(rI7Q$f5@L?p8K;`(Ac!*@ns8 z`plnuwk(qP;O#GBHEly)CCJCa+cOHjANO~(-6i3PE)Ul`$jFeCq=;RuY_+V_7qifZ z{Cf7$YYM5(NdxvQ{2s42b3N7vkJ*_ht%HK#dP|4kd<52=+YS{#z4TK_uBZc`kHg(@>s@5y=^EdAYE2b`R0hjgmZL5E5I<6F|EzJ`D zv$>WO=n-zmJU$(jYx(SPx=*yzeZS{50b?&o<2;V1Kp{-TGQ0heI<2}Scemv+_~*e& z{MIJ0F}Ush+K8m7U|-_GYzrQ;d3(&i193;(8LbbXLaMEf<}7!$FB2AmngyIYhGE0m zKG>JeF*tz-FUBZ!A_0W(^h5m`(D|*Rrc|&I7I+LlV$~q}Z#0H|Rij@?ngC zdisYD*H3z+hsVdH{f^ft{5;5q{CH{iMHPS+f6!XrJ+v3Z(n6xW_EnSk!)xaM%eVR0 zb;l27htcMte=!`P@X^??!8*twaB?O9+@m`W35dhXz^CnztwHdPDQCLe@G;PN8S=HF z$F&=ukC|s#?EpeQ-3J;4ksW1Km>`7}oi6MdG4ceC)@pFf6`6b{hbpc&&{xa1(JF9R z{-E9l2B2znNA+^K@sIjxLuX*4>gJv$udv2fN)%SbAUS z-C@KaGeO;T<9vJ`djr7s^rl$mn_BmsYsLDFmk@H7C?0&&pbR*EZ1wGDQyH?5EL z&{aXaQFM_&5q_l{$pS4mgwkGz9lqnb19lnIMI=%UKgMHOzwW*He0ZY0#^>inMWd`+ zE`TRmDp@8O`AWf9$jGBiL>?kBNIby^uV-NnpqhK^LFK6vT*%cTZ>;8Phh}|0GC_0e zEhyXwUNo|hAyDkK^=|Xy8Y=d#9$k>sAsePXX-7k3O8%t+wu-=CN!$Rz>p(N>BRzPS zoxCb<&MpSbkT>qcKD^AX@ckurGw*EUW#agv#8^NOMk<)u`uN0&hg~;4tN0x-AfKRr zZ>?0r9>a|!=<~y$UbG(WUZ;G2DV+P7{=sx*uokT`3^fOP$*A;BMY$5pYO#9auepc?~lunnFrOE2<(+LurlrpEB0Rjus~B6d@q zaH}9r)um}v36TKn$A?&0+s$yhB$7Cl@>71o)=-*{=i;$6xXXshbMN^8>1^<`nCi?+ z<}WO7o_G3*MHM8`1PDY3hyGN-?+CsJsgVKf_m{JvZYys$MC~gjlRA5E+@-lH5GiX7 zIzK?em$wEGhL+XUZN1}kYk^E!PW#5nk76tCnQ7ov0?xolb@yj8ENR$hrN z-D%jCWQ9qO^Tt|sGElY919v+CBCW4|_;$z)6oe5JF_5V^x+nCI;8eN|YU>eP>~WOJ zWse^5T~!oU9T<`fz)I)l@WOq8!D2<5l85gE=83;<*E&aFn(dI$eGW(%8iG`K4PP%NDmp8@g(*8*mD*mvVKh66(AZxL z{Up|sJLnGt_wa>~_cj-Szf5Bf`rtC6$Zu*)t4okkmK_Q!=qi}XYG`!FC|3x|;;BIO zH@5jo#;c72t`p)HG{-?OM!G3>pf3fFb#`Y%=3bEs^x>xbb^Povb;o=B?toC>U;owW5l~8^@5<{>3a@|bmXYu8`S-W{ z54wN~MWuFJBLr?Pym>44t(`qO-;xcEXe6D*gPQd(xHp(f0F-svHhW7t7;;^T15BX? zeDyt}SGc`k`(_p}d@x)Qhs0{g)8+p3r209&alVXifJ~OjFpK|TeAA<%eAl=MK|_e0 zJVm+)dDTEXH2gXHIhIWDKm_K2dz^#taI7TD!yOC|$wqml>GqTp?F>Qi)3aU?&m;!? zSzZKyW`myf%95-!A7+nfS0c$4IZf@%0!ue&1f}|zorrPCh@(e+F00@BlzzXeahmu) zxT?Fis;2rDGYw(H801neiAMVDNzAC9R<-c`ulV=B;r}_%lP%2@lRJZW(n5M z=ZufnzQ5)FTUWJ7Am88fpR8)^Z7ln~x6kysQ0tPh;4glT!ZxjqNIBIi3W z)EcNHBmjjkk2;k0o!gcx2zXKAHqlHX?HoP62$!~p?gg}Z|BQb6A>{#v8qKk1TI5{7 z|2$*%YoqG3Pvu2J>}%)<=|o;_q&k!cW8HNr$v3}Bb~nDYTfAe)g5yLPR0BUBC36{GF6zBDR^kRO7&m`3Bz$DQok03w zvdt&#ye7^`G72)0r zTF8NEei}4RzUjwM|9wKD1P)FJpBKSLk);Jq6d)m(FauEvy@v4v@DKw-?+Hy2m}Gpq zIU&5_7Bteqi`4RKh}^e1;t!&u7Ce*{_kB+GzhiU6c8(kzq2pS)!(9NVDH6)|qk$2O zghmUTj8n@l4^r>=oyW21c2OpApN8`#5bJST+|Lm zs>lYa>oL1){YF2pl>|N^6*JArXQ7j4wm8JxrhDq5C>7m`O791{-c< zhL%hw+HOxK!(DVDXPHBDz>w1^yKNT7hS`eWv5;o0#}3S9{Q4-`xp{!h=ylI%5Bnj! zZq$LMLY|2s)8dJ8&-4UOq*?R_45${z1n|OfO55qw4>M1jkcM|1U-7oH)BUP3fmNtN zue0$?&A_}14z-$DE<_?fpi@t|emFoKgFaK)m6das;42a-sU5C8ce`mE1p%)$q=xL= zPT!4>6J0O@zSEX^;Y5G36s{42d$60Kg+awC;Al<0dNihv^)udq4SUm z`YNJ2h2}SQp{vanP)v6w59LGO$QZ;lvnr(A^k^||I_H(kz4_4T$Bst*+#a%HoSZ5o z%dIDfmaPeWt<UeUO5&*YdNSW3nmo3(&?s&Un1hZEIQ-RV^%kwGf{!@eC$&m>>m z6j|v^7xjX~fW#=}d2$MXhOc~kZ)SjnV>*;;+5_@zpK=UaL}Gx#`o&(2Tduk$$OmNO zt90i(1_nInKcj)r+eXDn#WD;W8XzObCMNWI4B)qq|CoV+z>e{|XVj-eM=_XYFB%D2>uF4ti{4v9k6t2TD?8m?N3fj|hIc1yd%r!%+!j)YZDk8T!^?r& z2M=t5d=Nf)2GU&`-y{gYl-Ah;&t@>XMVt5uri#PvC2-;n^s6<06ZWF=TGtyH?hU&y zO$jiNXZAk228?FW+eAKf=vNrwYd?FtB?Y{|F;djF52Y+8Wa^ZY?n=mb`a&*oQ1p54 zQ)EzyT22-gVTMW3t08Y(?x;med)r@6lnsRP3Mi_CJDz5IcGbolJ$0q_{(z?3Gke^E z5)pCYvcJKwjgI)laEn$MRV}-`RuzK7iDS?$ZKd{>*FM>}#q;5+8QNLqMjQj}85lML zQ!gGIj-x`LAOgKow=FHq14Lw7y@6+!soiZ(=V!CHXWZ&XF!P1$GBn*Lnd=)S9PdI^ z7F1Kt_QdV^;6mRjop1I>7hx%K!w#&3`)oyEbY2Nw`Fh0q!)q!h;igV zvI_>`*Bjl=FW9NhT)7TTxa8P*Bwz8mUL%m>2W47J%zf7sw4t4ZYl$?s)w0x+*EqK( zOz_S2@o1Ujv8c}Z@>k~ymj4%=X_9|Qpi%uFk2nA2i?HW_2}ShbuQEjS`2VC#_}h*^ z`YsU8-`t9BJjY9FA4LKK0S;#59Z%+M@Cy}<_^B%({WzO|@F@^)SrNbUT@-x@HI#TC z85bj{bpR@RjaJhupVEf_!2{|VbAWU;m*n`^e3ySI@L;7vci21>NgI_FJA zdzU%h8&dMctNoswfcDQ0B6mW<#sZEk1lE665paRg`;^iGEIc;B@$!BHP$D^RB@(>J z6b34^7h(_+d%EdApZcffLJ)Y1L)?Y)-LO5WU*7%w=Bi{#VVh{4$oTLE@7q%#QpXAZ zhGv3r&WVh64j8ZIv(?;uweXKjm6TZ$ zJ;uwLwAjUR8VoVSE~U|w9#QY+an^O4pQY`I#)6E1k1v0%Br|Zi4g}R+53f+oqoiGt z77vNAzm)!v>-G;lTCBW>@Y$^xCneo%UH3rVv)8smuY2w585YzU)vQO+Lm+ZgA+TdmShsWiTr>(nF9YFXQ}$LEk6xp3AFXBZOxn8qToZy8YhtsegL z7B`w?dd*Y%v;gbk>uWXsB}7?SI2eMDgV%JI~=g43uPRiP;mAOWA8WN&BU}0~i!wK%&P!AHQdWh>|;!mZD!jStI z+`PjEj0Mx#KHvca`gL@fuX{@Nt-E1)ONLr7wh;(qhqaEh#^NS>_oH(Of5axHz*pUt zDm{9+dk20~-Zp8ex_9*o!R4b8K%A6j9&{M6?CZhr%8IwtZQmhT)}3DsFjzz!YrHh` z`WGN%%-7*4nwY%hr&?n+njWZ1N4|{J+vbr zrAr2xkHZBrYO&FsmF|o?R~-cMb2;=R5U7l-&4!RCek9KQimHEy%D}ot09F5&LV0$# z+%rN}pvC*VO^~@$pAP<+maec@{oD}vBb5dsj3_7O4P#2rH}wv6WHwJ_-ZzlNbMEFF z-&3C46nCqYdX%7VOxc7f#G`AL{jwRVA)*q2akS>!!tOzXD$0Uf+8RDu<@yj$_45i+ z8-;q#gZVm=cq*!=LZIPn1H`+;yxIuAq8VWfTIjzFeeQXLM>+Jv99}S zL#}-cF|jXF%1RXULfN`Pf?&9~F7HfgbL+aBGLk@;ml7$VbE0{ioEw87Jb1@3;|2%0 zK_F++jEc?;hR)1a`Q>pE34_@U`tl^nyHpwn&R!I^kE+92v+7PRsitWS5j`6Xza>}1 z4)ey4_tyQYQ8NZm(e!e-Yx*eF#&kbiAWy9#(KRR-@SQ%Nq|7uAF}4Y-pu**#T)oJL zmIP&?3Mh;aEg|w9DI1S$2hIb(NqWnwf&&IxRm|_2OTinidtW_QkX>NIiz|c>Qs?8d zw5)Q8%|R`XF1JpQzqAy{P|f?tCWh3y19^$jqf#21W5kLPz10W-#N!UI+!(+gzF_V@~&%ig%+MGA*y%S08 z87G^$-pn!hVhIyV!(7ftNc_w8U{Mk9L`ZtDz23GIB8VChGfE|347JlmCf5pSLd(6I z$K}>y$#Hw{Q`*-borur<<2WA6S3o)4RGI-`7V~=*C96X3j?WrLTwuo(5Cr*G)%MT( zv-qFw&piK@=0cj;7s}Y@{tUC(ov~guxdyeMn_umV@U@!xTFiXEH-B<0{!4rFduv9# z;J>pszbkR59R62(v-IAZ-*(iu8x{FI0@w$nkm5`m2te-go#hOzHx!e3X_kpCKsGgm zkLT+17eN94^Rs=vzzP9`nR==RZv!Z)9;g)OXD{TBan^kZIo&;ZmfMjx(kx#AV2a`D$J~a;?uF-#HM|EG2bmvUtDMuR+ zbC$-T+Fv#=v7zDQ|I=aWo9$F&aX2nf3CyeZF5kc}?KLIWu39mEFPk0Oha&`9AhR*` zp$7oVZ5CC8S3cr-8}?LJ8_x{-;Pl2*!dj%*=Rx7&Kr{?5)G#BOQf!rNQ5PBz`?amM zrxs4T2v|2(ON9bH+2TqM#3B5zGs|Ve=2!#HSbp#?48_o2&Y*u=!j|s?C-$u)4f^Q^ zbAWbJ)y`y6021}bF7yZdH~7+p{(3rdBlm@zaeudS4Xi>fvhs4aCd60uvuJcd6|us!0x)mpO=ujTnT73K8}U&?%;**oi1; zw~VT*CH(N1=PWokXjsg9k>E+fmL55mZR_;G$V6BOM!8O_E${KFWD@8PShwYFBa!nU zh>@c`dS9M_hM7V9vYejurq6al!UBsHlH(v6iSXIYzysNB#~ScgJMj4gu#2vPVUUt>b-;KCM4l~RT0G~uXjOpuC`gQ1uOwAc z9e_MT8uu*>adZeZM9xJvxb=fCWxI`EH0%Y-k_zJW27T}op3U} zzYNb=-n!csnw)3dLZvam z{`2;M^?WFdbg^(Kv6*8uzO>g#*bOJ`S$$1oLLfN;`ZOmNn)HAE#Xp^%|G>fU5TT^< zC*W~BA!`es8rw4^8^Uu>>OJs}hu*et(&+#&bve2Z$86F<$hn>5Jj_orxFSR&t|8BT zf~Y3qsqx2Y?Y*{CEC{?u2;+tN<6DcjP34Jy-Z3E8Wsj9PG84P(ljw#{5an%-QzA&q z;`8H_lj_s)aZW&0V+$4h_6GT_b6+q>^{|72J~>y=^J&TNtREW<&njTOt+Xel2JDlE4gBmW{=R`N<-7&HxO2sdvSbSkQLUm!_VHijhu#PoCs25Pmi;p$A1u)jY7qrRlr=1}m%7W>SO6>Y4W^)S)Sa~lWnFAZp z58FL{I3|*b=~@I!V>}2q_v-HCXBblv3+Od=3kfFm*eksFke`d#k-Qn& zn;o;Gk^Y1|cEebT4_be|c+*ef9nJ#n`Yt&;h`tamBCM)N@QQ0K=EK=^)=^&U+?$=n>JfW(;_G3UOzVK33QUr zynUVLT|;e|&Lb|d=F^)C-1CO4TcjMS@sYx!+8r?ZnZYug?=DO2 z77ODJ%9_w~aP=6V@4;B$*py$nEWa19u$J^MzsMf<0{*zq#r>;2?U$|nAIr>u;0=2` z^G#-^3b|9y@(RIQKf))!uqU5o?0yHE4FNWr0bfjo+3p&`miudKR$JNj>)x+4lI?v? zTHpJ96N8aGd2>*{8^^}jdmLMfe;}}5rs0Nr`6E_C(k`bXJlJZs{L*X=DiV6nxoEEur8u^@1N_q$BuGljW%=Q{!~=F4j}&s~J?kied)d275v zs~fihu)hA>Ob4BR2T_zC&18Ue7oS)9R@eiK2CT7=3k`{of5>BCRu0E@=JCC&4+4@V zE`W3>xKe10Nw)$xsPLrys;Wyq-c+*M7>^csvjDo-SaMXqHqitZR7J>N8S8!!xLfo6 zw9MB;@}u&`*RcO4Y=UJxA)PbyO5VtIML2O!wdFjD1()6~P*5@8Qy8GGb6r1#72PnmpscDe5Y@xRdB8sudXZ8HC=nR;|-?1a9jkoWD(@ecf8rlQNDzc7ZsQAbVNO+bzYPp560<8AhGyRX1whpaE) z)1kHjq%&~i+;u@B_gzysv~|V!a*7jZM1Tsn$zLtAp#7uiCdYVj_!y(}NqbdbvT`@} z;@w~vf<(_Q%C8R4qrw7s$HV%(=9}*2+z+g}1w+2@3daH%YXkAR)M&3jv!QU#K|WSs zfv2inj|SRZVQ_~-YlKoE{NQ1zT=V3&AQZSJjbXfa9WH*mi*r= zE|r^E0u5O}GzaYSmk8?ZRAl?9^%m~FakIVW76=_A9574g^U?0`#xMi>stFKF(Cw9w zrIT@iW*Nq&v+Y8Y`&tHlozKY4Jeqx9qtG-S6i$ zruEBpaO2#*WqZTyy1WrvNQVF|6)S(5mcgqJ$BX=1eW1P0sQjvtezysLfFAQYW?sl} zJenf@qh86+jtn=(q;+oSA-J;DRI5d6NGk`Dlpi{CaCn9l_@y=Xo6g*yis6F`xv$1k zc@-F_JUaH&zBD8pRzu(I2ta#8k?NnDEw9J{IwpO07ea$x9d37lKnF$zmsA0Y2nyYS zVRdoTJ;aa#9-@aa(Alu{Wqlzvd7HSz8Z%H0kPPFhOWguhmLcV$zCZVouxGXS!5D{= zfq~kdwF;lGJfIg~A{tj0riXK6gA;8lQ0H(L~^IfzA#bj6J6!`&p<-6WY?^ zE#NF0EVhU2Xf0(cVAtBB`@7uBwTC9rYNN&D9&XrEY1P2d?;5S|J#i`-GF)fvr>X^st)FcPJIWah?waI1j@|N%#MqOX*e>6b z!9~v*dokmtzn1ms`IjcVx8(hC1p?jwd`M;g{TOIId5d0)Zy`c1n4rPiB>G{+w~);} z;puH5bn7Epb(aEa*Im#RSQYP$`b$Xx z(O#?i2KqygrvQOhK&k>&<;RQPUaNn-mA|?ZxUzrmR{rWvkneJ&|MXVAHu-+v;|oMx zCGRpk7?Al2?ikEz)&jZ;^V#gv(k`3sc&V=EJ_!~Ak_5hg6&y(>q?=Q78bC3oZKpn0t>kN42bLx38!U7W4IQ{L~*`(`R_{E$0^oRX_`TWYudc^BaY|Ft8ZyDR5YUI`Utegy3uXl|KPJ zzK>27*m4Z#*?{xESA2d&6!(KtU-s$!NKcpr`5_u^tEn{Cia?+hWCDhD2^J$odi9SO z5%BS1eg@v?&g|?6InFTLpRD?wWe1H-bV<4fRT0PIqbB!|AsH$D{`!h9gDOQ)IHjdK zLn;TyQ-5t#`Mx&4l|G>+wWUGmXl-oqa|)a>jTWsl~Qn-&d&MEbNATE`P~PG zeqeFOKd#jeEYAF^cldwh4Zi#1<>1fOseiFlC!|6FyB{LxXFRix~R5Hf_ zTUZi$3RjA8NeYCOcCDS|dN?R=M8-GLA!JA)eL}BCHuUF0>(#l7kJOS7eS`%iqGC~C z9BJ?UULNuR9AD6&$dyJOGnZ>B)Z-lV_=GfZO7X6W_sF*B-cPil>qB!n5z_t@;L3FB z3!duh+P@Xl+TskBxbdjB#8Vu11;VO4K(Hjn+lYI;0$_H?+&F#+uuwY!1f$`?%0x8W z^J;!JM_}iIs>BF}lJByDz;!rbFjtJ5X9>6Aq|>jU#uVRYnWo$t+YTbJk=!B7_v`hA zxf`iRId!s!k?@-#2$qAipb)!UKFgDrUF1m-n~E|Xj``T-9z-iE?g3q2%h?_V6uzaA zfq+;%?NuP6(AI+=LE@XuVbi}wm{F5 zAjOQ?lDdKqcBdhEY{>A@@#OJWsp@}#7q#{Mx?;N-MjtIoO!lQEL&1Ko+Qr!a zN&e$k{Nt~4jLT1$9AAQLn9+9H$RIPjd8213Qr*AkD;#w&10wVVu6nJquY4@CZcbcy z{XN%wP7h--!BxIRERqVg@D75ci1snd#P)ggy>z~8G@c8fZG8%IRPQtl=Heq zMfkX!A!}BDwQ=^A+EhldLu;Xj8}Y2`5b4ooUzMWKyX zbalwN&s#@jPatdK7c~J*yO{gZ(pN+3_v=Gm!}aE#@K*aYGzICvn`^1yIrBEJF|#8c zQBK|r2r6m1Jv0<&`7v;h6g}_zV5xN+QFHgTNf)F5!+riFm8B&q#67)RJb&7nR_e_Y zbyND%-oTjdTQ7w|W`&ZVHw`HCBe~Zf_;T|r>v}6qU%zrQLk(D;zqVq#%X%J<+lezE z^yk3YkNtbNZ~o1&!G60tjwV8)`{NWt$d9!)(px%40yz^>>_W>Hqy1A&cZf8pj{a04 zIx;}6|LC|x1eWwva3=XWc;JFp{l?irEGkF6=2OuOl6(Q?0J)-ZOdYQ?P#Hv! z+~S%`qQ1w8Fr5Up6sx@-_cH;JKfno*hZo^rqx7+Z4MjlxEIY@QB4n>4`iycO=OHA} zA4V02Tc0UIx(fzw@%2hVD;fjhhw}y?6oxZ;z)f70{MGE-ncA;X;olYte_J99pLQYn zvy^xFMe~RUt3MvGC_t9-s7z+W1@b@<1_ewxWM6cRGbOyls>oxPgDbv2U26bMrumqYHA3NtC%Yg4Z*#&~= zKxcj>p7pZs3ng;^Sp06d=AB@OXZ{S(4?)=o02p0B5_Zg z6Ww1c+@;}~cF`hC)zzU{k|X*UjOUu+iph1?1tp=ty99?5M6xB&uVr1_@EI#w$XB!} zifLVd@V<8*>{K@MMfG!WJ0A+jau&R$mtCVjnsmQE2@^=K!AL(nGb!}mCssV|F1I3A zPH?28HweN>GH=Xv=gHltcuTNQkHii_QIs4q`5>th(TTmOPKP{dHxQ!IVF%NOXOt}N z1<4>Ru&5+TO#w#>WLHOK7>Tcy}Z)jdA5|?>(+fyF?9%qiKWK^Tqy$&u7H@4P*BD9##2dTI(w`ml6LJO zv`^17z}krDMTr)`mDDoCZy}ZMoc@sw9i?;k4FRwKgG7wkzxV@1p+`kLqR={qz3~A# z-+qD()#_Cg$nfgp^Cl;H%@4+`r!op3+4H|MF@vn63$UBq>_g!!S^?wFGynja< z|E)d9#Bl>zJ9#c)yUdAF2Hnx9dH*+8!hhS{dlud_j^OJ`_S*`gC-!k$?!8{a zli}o>VUQZ}Y=yY5@4%stfULl=d6sJYIMWiOdaV6)Ph{%U80Z#GCjXE)uf3J)d9h8X zaY-JrPkFXux)T8;_H?_f;|rtQR>Hy?bHEFxA&=%UP_2d-;rtMW(StUWm?txTGD=M1 ziG6fJgkT-V#7(n5{~;b*$?k#xVR6>Owam- z-ycSpz8F?~@9%M2j}NGrt4AsP;fT!V18ilYDVOZ? zjXs(^miWc&uDy3v2UyH>X5{xmEDb&yvnHI5amI z5lef9O)3c5miHR6=(NXjlmollp$A40`>>doG>T-9qHi&r3^4Y<82t_8kMYe5{ZJ>j z67>QB8Kn1y9>8;w(ss|7$brL)=}2vD(Ji5TN?H$hpBh$>;G4<-KnE0YeFso{g(x-~ zczUlekf5$s%4eRXk@$w_zO}uSnLwNMX+}cxJc~=^Szw&7kKKmML={N;0PH23#iAO$ z?Ew5->?82FG*PGUMH7%OXe7Oo$~);C2NeZqA+5N# zm&dy;dza$y+A+}q6bCbZhiIFH0Sxt2RT=%{EP1*?Bnu3BE9b$HS8?H1A;vkC?EbR5 zCoxciGyiZj`ycwa}*U{A5@M;z(vac zj48vh!yixFPcPvklKSPywM7qL{vH%?Iz$QpJPUe$pWlZ*`MK`bDem3V2Bc$rJ*5Y$ z&m>5PfT7zC8iOz_;~)C@Tf8nDxe35`Y}E&u>0IWY&9u1O9ctoqX8R z$kRhHn;@bDX&LsGP(`KT6g=TU9^`SeN3qScX|Xyqn07HfoE&YhSFw3(Es=y^J`x~@ zdUKU4DHET$Px$gW#T4D` zr|ToAdLbnXXr)sC6({sQx#q9uBO6zIL*zapVT+F91Ewn=8APs-UpZinvO3cnQFo;9 zidF*65T%UvZ)lb`^P=AO*E2@1fdGN%?a-H@q%p^9^zMKigfh_NG7_@BACdSNr65(| z=+L>h{JeuaC+cxIz~JU&QT>dG&2&pvU%$<)rUL#3^nH(niyv1+ULN^{;3WR7#yXv;gx14{pgoYa&%)PTD>^ z7w5JsGy$&HC-4V!cLD?L!JLzhccqB^qR(SA{zICsuIWLZR^=Yw}tBQ695NXPhn zZBLN*bGOIv$se(U!**dqLh}5j5Ix-w_G*X7GVnw0ade=c2_;>%De27(oSWvIdDRY) z5H9Z#j4Zu;9C{bsLBCcNx`U$96 zYm7}(QDI&I&LB<##4CD1*MkVc%Fy$|HnNWwD|H_y{RC=&Z{xvlQqX_HH2#Hu#XwTm zF)Dfmuxk6K<5OO6EWOKYY18jD0jQc}7R03gwkR-qFh4hB2?O=!wrpMn-J3ScN2kc= z_QJRUMw+uf^rB;qQD zpJqRMy0IEa`kpQjfclp2k4zM2ouR|C)r~8+GkZIc4bFmj;|o%-&hFu^I*aX^(bG^i zjV0YjG$Yb`>89>nJyvjd(qR=2&TYx{Q?$=;Z0{Nn-ZZAx4j{VF9?)B)OlCGZ7~7T$ zs5Hmd6XV~R<@liEy+99!0o1P>(@IZMdCQOa0RHD=mf8Y?^%a%~7@Ml(ZiX<^iuI$O zywLOzY|qv)SlM?QhC_+DRTa@k2vMEidT<3$t;7|nA>2r}psz8nlvK7)vwoi0yln^Nv7`k&$ zh4|If3kN03v+lR%c?>ONX9!|<9UIpt-iWi@S2CNR*mdlFCYX*2{dGaWu1ut=XrZE6 zIpzdCR{=wYY;lGwFT5ex_1Q&e3kZ(gBR?QMog7|}_`@vYNMPWPIYf>qqgJE+$3?+E zgQx!IMZwwo6b0GO?tvK{?5qm%@QS|@xV|9%O$FB3Zv&a_*Mi_v5A6Q83W85Pu=|^W z;2XQ@uM2|D9AVX=9@v59@<&1Nc@a4G|Gk3XQxEL^HwuDJY}Th9__F>%_3*tQVE-CU z!xb{}5{r6NjxUu~t|JG;4*jI6FOZ^O^^W0h^4)mH3S=JGryei?PdT{fZ!gR#U1Lz9 zvO;ft@{kC;;4xU&TZeODyRaQeZ+Noc!wf?Ys{7#g$&Np}&!<$3bI-EA!g%TPb|3$Z zL-o5s^%n%y+k&mu()R4d^>=6tv-M_w=oB|fhVD<81)})7r-Q*$FsQ=3j+H=HSEUeX zyF7EI+`Ur8GOu)z+6TaJYJ6Z`77!HM#{odU(z!twd;xXgU@F_`7%Ed!$cu^so0v+h zr4y((1P_WlpL7T`mLO&dlivl1FKyfquBF37Jxn`?M;bnD$ghOhUWah{;jcP)kjU4) zN?;`ZBfI?*Ta}hw`wyXfHF5vy^4kD^jO%}#W#J#p5kDRX^ho`CiQtct{@?xjccs24 zd{#B`v(%Tx1J|ST9%5$yTtevnW)b)pxIYK?cQL-MU){gg&w&rShj-#Vh1OpL9`#Ro z|6$XZXbnn19wzdj6}o`+_{x0;(R^&>pTM^-J9+j&Pi^2`hsEmtd`%aA!|wxUMt7m} zW`4)va9sVt#Qddr5wrwi94KQLuy4q?gUbk1?$8qi{i5;_KZ0W(x{jL(d342pfiuIY zbu(R$a|HopGDg5zhEE)~bH|Jx?;Q9=j+^;@@eclczwc|NDm}qleeZj>d9>LxDGvrY z(n()jZ4GfPQq%&y1$KaG>S;XCZa^42mZmG#+xnTbKrz&u7Y$Mn6OJ{sY5b_~-m{=x z3gYnuoAzDG>8HS0`82GpmcAA9ooS;gTFj?g27yy=$}Q65!>U<5yssZA0b zfg(+g8ckxMh{bFeSzZ`=VJo5#h1Zon$cf^=os6}e?r>c>*c)JrxJ1F55kxm1WBF+F zAhJa+;cMt+O4gBkaHNX)$>KRAZl2hu7&`i%JisXH$QadACF5pK-XSv6^xyKXuQ@ty zbd8R5UtAkwnDC^b8k078{jff0ZX*bpdd!eOYB4jBcv*BsWt4iM`v(Q1e09`?Hh6&e zXAE|FVyAEA{EiSa6ng!L@HrUtN?*73N6;qcLDY;PQOC-e#qkS5Kha|&Kc86uIgw=x zp8VKo%U2aco@}twq9)_tmPk`Ui7WeSPTh=5#NuJPzv+0J6!r{R7EX-3@z`nwX?|$= zv`CP!jX0_diSgd-ya5e13Yxl0`ut>4uB9`Ly)O`P22CyGdej$8A=$Cp`;ve4A9UlfZ2<-g;=ooD zq@H{Ct8GXkYF7d%srQP!Oh25jgf#221VD*zt-bG%d#m0+_jR!d#%N*YsWa&alwt1P zKeUapKNnodg0ddG&*u-)2_mE*9|eexV)OMeo8gOySawA;EJaj^EO@-3!3zpyYSEyz z^OYNAx)OYmFXMMKlbECSrVrU6oua0GC%&*i8@_?t_O~g+nXG_siO%7H-E?7rB$fgG zRaamam{JPN%_(3oDDq6YfI38^7|3RMFrxeUb@;pvzk+6$Vv>TrGa|w4l7+>;eE^2F zT>AYJ;4dgZbpl_QFrWy7PYg|_0IVW&g{NmYp7~vi_>m&QNFQv%zYZ!thO2K#9SP>A zjQq-0x+#5U1mn(R-QTCDQ4!}A2NBz|J@P)x^76tcIc-OnRl+Y7p{hJKbYO+VAZrGE z?Ue%~te94)D?>wEvcO|6fR$_HP^Ip~S9OS?^?m zG`yU^uX{!xsqP7Yx?+^M%WGcosJ(Wt=5)_59d}gBf-KbvW%p(Pl4#)^1$YhY+7&d! zP@O>A+SsMQk~rAs!$ms<)QzmFM@FhlLQ!CUSA3?_*QtVQ-%%aA*hn!3`gap+`5qR# zgM8k%&AFPad|M~EVBp)N&v-3)?bUT+Nf1n8xrrt2H&4)S8mcgDL?L=8Q`hW zQM2Qtc_JG$#m4S8PN}|F+dqvAyANc>M2SD(EWlQa*Ixo76TkOK14(8$HG#wsjn2d> zR!sQ4J?HR2^!0f%?{Oc53~Vs;C-s*7fxLkZFA#1Zy{Zb)%eRK&_SqNTAwDon#WP?u65BeC)!}`|D@2Y;K-ek3 zw#}cfN7yeZ%M+n!YP+y#ET7>>Cm+!G(kU;1M~RAa{riRTjZpd9BKf^;lgi!Z}YQgzOn*o)uKrIv2OE+|YRykk|CXD^Z(lcwbcqk-sF zgOFf5Fx1N+tar23h=``nFoNDkdmXLX^Gb%Ooxa?K44{`8K>5q;LSxlu&T|+aES8-* zQx>)yl?^*#r*oobQeHpZyB%Gwr`OB5mdiO+>ZQlCb2MJZC=~$vCw4}Pv%v}7Jv8OD zY7QA)U%gnoWG=2oV8FZN=}JBcxqO^cTAl9H~dTxz<@mSh7NOzMC zoOR}VD8>VOav(SmBvlOn!M6s{w*Rfw2!waOx4{Qff;7 z9KC;a&cD~^-`T!y*s>KB_`HdgSJVoN-2gX5@wMU5y7+S?-k%Gs|Fm(wgSwnilc#OR zw~;c0W!c*SrR;kp^ImP`zk2exZ&6L8QBllRihtTfK|yo zBTfQFm3sBsRdt5r9<-)jt1Y4aKuJ&LbOlT3^9Uf>^Oe24?Zc77Nl>k!lrZr3Sy!Ri zepZ9>vO4OJ+?&(-Jd*~Hkf=EI<0Ma>K2NoXyT11(1M=}X)5I07@ze7hd$SB@0_RG= z#Z+&sHCjN=@TOK%oAW(duEo~9sXt_}DZ#rK#4e#*8fF9Mr| zG!Frn?{7YSlTua5eR$_oG%Tn09W$-Pa|XR5Ny0C7Wy%ZJg+HJhtq^VglBrUTs)4=+ z;5VM7A$VVj<56j{06=U;9>&VkAxga0UTE5_fWFdW_`mCl=Qa_$flug!#&SS3VBvfY zI%x~823j8|9L&s|QJxASs80gKWdLxAzXj`N5Ph7%{~O(?q)p@()}5zbYgK>OzH_*- zTp%f|tD<%|J#l~03jyA@1l>I-UETb09qX2_++_>G3AzSR`@jsRL{AsqxHkm>>oN|e zQBHUEV;R(L(h3)nL!NCGNaG2d#0=+T3~^Xba3P-W9*xuUtsNj#%o~LFQN_y_fo^uv zn!SQKQJDN_`Hqzw0}EKpz|{(v*i1M`dk5RRg- z4#55im{o8X=jW-+*8o|5q(2VB@Oy^jH$Wq2eq+XQ-=i5m-8Bes{m>u*6dvn5^^;)t z6&?E_cj)k=0JIPXAbXX6e`ebj@FmF_ChgzdyES^Vf0=(va6`vZj`uz>sb3D*`KKBe_Ot8(d@OvnLAI5V$Zs7S7f>!Zo>hNHO_(znQ;UkJoeOt z%Uq^D$4?L6wHJh7{kGTY( z13i|<`h6kYe_OuZ4gmSC&p_O?ATr$7Fyu=7x1%o7@IS8=8qcD zW@bF|kW${r2kKM4mWX#qplKS#uj2gPCP6{l%h4fs?$NWzbHiasY3km1ZozSiJP9Vg z-gMjC;|Vqss{}BI7bnVxd<6{AuQwY60LO5{!;&WJGMq0w(4BnzW?%*TDk0?` zH@=ODzAqb{f82YQAC+H37@EyWaLcu%ZL%iL<^nqBr1{Z#*=jzXQ>K zTRt#nv_RRfFY-4xo65000K>g0!tWq4WZlSL>kn1u!*JKiH1$`*3c}8xUK%?B;zq#7j)Or=JLD%*pn{t!@-lH86Y#;gO?x>QNAcK zY%Q&q18+fr50>Jc5^u-tEOhh3a%SQ{65}$1K+;u7woRDOZxj!1LOe!it`FaLFPJTJ^;XvH2aCcP~;+Q+G1D znKAOZ?_Wfa^Ha&Vd*`g4@H_Q9c#0Tt?PdxAl-rpkOee^tx2RS4Q!t4mx0-d zN~Cw8pdDc3?n1sW!rTT-cMruhKWd;DsIq38)f1qD#&8Sk!WKC>?G^LDT#aJezs(wA zt?*aRN1*S!+a;y*?-xO-s|7Wuv_Gptar4oVH(ZJvpTWrmRZ4P(%r^76EYO9scs?jV zkoWG>z;O;&S3mIQ&WFq}thxryTd1UZG9ZNfW(C3lVpOx>Eyk}95*F%{U)dKB;9~6S z&0NKT#1Ag9oscl-q$VdPN z5QzP$_tSbtQNY#hs2dP)SSgS4Dpk>o zH?MK9GKi;%K)i2N5t+hcKFCOZJ5kzd?#V6yH2eNw-=LlGjal;(dHZn-{@xk*Wui#6 zX|S)49WsY>nt9zc)SwKk!WXc*evfa3LiRIJ{FUPRPYw-hx;cx1tB5C%{WHs~wHu~e zb%Z>QBaN+?V_feG-`MH^psR9s+AeBe>KUlgC7jEpoijJ%d{zn3c5STSoRSw?O-4QT!dP&~;Ld%^O_Y3T zrOSs%9GJf#zjuX4?rHU*z9N$n`8@S6CeEPPev*%Po8@E;h5w6(rb{A z*G@Gvt@<7cQlbrg)-L4w~67#7ykCI=hfLJr0fmQfbus0R6QPLSQ(IFE^^cEWK=ATQB&o#3J5I2hZW z;`MLR(f@#8{G&YN|NH}T9RA%D8D9UpbDTYV2Fc-1!1;wKj5?no{RP46vn{^+-^da|RWDf-Cpr8@%`r z9|P4Sd<;6aKR@`rDFr%Ehleihr_=?25?H?V4J@VKaLOwToe%#1^(XVcD);pHPYZYP z{r5V{E*EfU+QiznPK7Tu*HhEgdZf(Jo|*|#VU~x#dpB2L`X@wL=d1?|kbQf-(>P$W z))Qa^K|Z~lko7IqB4nE40gpT{Hn{-{>CYQBdfC0FEBLww+0RjZ-{B58mt{KNXCO#Qp} zwcvfOcH90(qxI{3{eZmRfxRfDIF-V`WO^?jPqp;N+7wFDudCfpE)ZPpB8aA)BYdqv zy8PYa^szrjeTaJ-)TTOgXn$gqpuMSC7-X)2I17%nv8??rc9rTTTufG+O`M$$Z9nQ`MyDde6w=bkIO|___ggjiI_6 zKkozd&34L4&#}JCk-5X68>98Npd(goZ_oIU!<(DM*L~^-hiOkzPotk%70_R|r~8}< z`JHRMCZ-`h2TgEV&h_aPs|mVW>s|uNgQ@Q?*TK318wH?w`;9tB+-KYE6yye5>_e#D3Yar}ItE#q*MKx%Q04gneAc?7mm-y})c> zZj5bLRZ$~{43Z~P?dz$aV#RV!oqjCOgI5>Ln*bWL)&|frxlXOu*hc-JyH|w=OJ^I4 zw!%PpOy@k7hRqvZ?A^=>r*L#YGQPQ9Kdp8XQ}5A+NMDE|fvRwccJlH*Sl0e6M*tfB?pSFB3NwW5C=xir5R!G)yg-{TJ(8e?n%G!US$L+a$ zxI@3O%|kE23Nj0|bz#oi^L4co05u=p+`zLZ5`~s74yzHk>_y(|eU5n5U|j9}8N;>f z)kxV7dklKF4IgR2$`|Ji9FjPXo zHKKjY8PF9?2A1fW!)gRO5BCU#CU3T7GF`zU&9k_V&jytF=Xx?xAEcpD!WWczW%r!- zx_H$F=_@|@MrX+9nbMU*Y|pw(pyBm*Y5sx?qL+TMW(?^BnEanZ!+FWC_8DH*La2Xr zGXDY_`sxJyfi(ofehFb27t#{H;uwC}FG&^ZYr8P{;-DQf;{T@}Pn+*LP>~wo{RGMie z1ND_&nwd8k5a!r|H5A8qooHFWfnF zk?07Xh$DxX&lD&En-)L@kYo=iomu$V++H_+jo2I{V#DPwSPWoF4_CR{+qtW%|VNih2XnBAjmaLa9uvYWpB}nYCKuIb5rOSGTLTVzItsi+2<@UZG`fW zQ#IfAyVG_}W%sf5$?P@ed%tanxr+ zSuW<5Hr4|>TyoiJ4DZs4lZQ-)UC|uU|LiROrO*1`I*VU}e__vV{9O6^`7b*E|2t=~ z{Qsx3SpKh^#oYBUkZ5U9|0qw=5;)~DGim?7Tqd;}oIlLEt? zYF~XIYWvA9rjN_}1y=sc3w>z!Ix@1MMz;o(2upR6QTCd>AR)^NCSVoaR0&t? zJF9NX;~Wq~mxHFV$%L1^+ruqeWzWR0G=$e?OjpL?Elu`^cQ6@~U*t68C}DzTaC;DO z3QKmW&aoG zz6V-V^IU);SGfhEPP9lWWY>UTQSu?MVr1$ZIv zD$z<&I!UkGeD4W=4?Gm-ak*9 z*FRlPS<@T-iJkgYtoMhrm_^iWJV^6X%yB!@&-4;Btne%^1WmSrpT5+a2%)H$J%x&Z zC-GrgbV7y+4OLsyGX#!vf^<5yLmTD3n9jIOKp9R8hsS~zZtr6SZA+w07a}DAx*rhy zM3Nt8t>w7gxfLG}5~v@z_nF1$<{+UaQmpsgu=w6-5~sr4cYFP20L%p3q|r+XFSeH+ zF>T@0g6Ck0XAhy_OND|@m&Uf>@an`XWIv|$;i=^OJH6FAMDR4Qv>}u4(#j`eTAU$m z?{I$r#v`zve&VRo$<&KCqh0;iDLT&h+eyt?r0M)N2SiCF5JTG4uIIJ8$~WJ)Jvgff z^{AGIUV1qNq$QV#c$=lSd`^*}I6wCpSfTG*P8ZgRL4q5VcrQEvZ`*htg}_brSWr$+R`8@57zKVLpP?Oe z+D@VppCCy~-$5hBa;|kmfE{xM<-(&=b!ugDu6qV^dpjr2-jF<;f;B{MJP0UK62BK_ zwSv)_uV)%3>_RaF8Nn_1X=-FDjPOsz2S!3>?e$s+=xj96x&&a;OmL>Q;%0gIvU znDo}2xztBr`($f|j_3Qt$XNSFf%3Qa?PR(cNap>W6eik#b`~H0*#G&vv-o`esB6NX z0;I2d@g!?6*#N#Yj?&TZ{hsa5Z=t&%tlab2+`_<$5?X|zT6Mr6N_dmIz zyOsVke&f^D*%_wHvW5F9OcOHHFD1j6xwBm*{oSY?L{Yw}^zQSbas+UNicX-?0jui? zZba~(Es9^7qW`T$v4|B!@jTPChiSt9{Y3%ZrEkQX-xk3CH;cmj zyG7w_nRIPqn8&{!kj|9)tS*h39UV@PvvMUzQk?zS3#|fsJ-94IZpy=9W1wD7yL<31 zO({G*)0nX6;z^RK6}Lt|1TxvafpOVa4!C*4d*d2iXw~c}r6tu$DF}z)K&n@Dwxsa+ zKV1|y<6M$gX3)yzX?VEt#&*WwJt@V^s=rtiN1j6pn&4<E8a5kQIFDkovHJM`88p>q>kcu;|orJG>KP3Y11F?%@((f=-$WkIswHQ$^%DlFx z2P7mx1<719i13ZQp}Oyg*WljL*G0~3cXVs+uNH-KtIPQ3ynp`X>h?7`_`BsH0MrO( z{XflS2E;n%3Z3k4lks?IgyJv$?azjBfHV6=kg{VQk)m7OBL2)67d}(;9;WGH?32S6 zOM<7#xcZII1R4N{jrgI8`G6NbX0z|J{f`Y4tkJsTVi)IYwvT@1`hR@w_b2)NL3SKC zS^m3E0@TFwA3^ZDzZR@&rm@^8qMgl{YzYv5^dxnJcOoqezu)vsAt)d$@NwvRj!vW%Z} zZDlSl-FeDf4??6B4X?Jl{t`cBMY}BVd8=RY@y@H4Jo7#Bk|a>y@V<5-*Kl(#&XsEq z{@pFJ`_&L4BP2~i!$`;m9_pEd!d-!}sZ6FQ%cBPjN8INPx^ouod-OBI)UzA(`dxoex{4ny*2637)X>MlWed};k1+10*ERaJgDRS4167oUK1z(tcW z5##~E%QmVE^4*UKbGJ^XG)#C$h4k)i?H(dX0@Rnrm1-K3@Xft;7Av7Wc zNBOE%hu0EYc7dGCn6{c~+{B}$TqV1Qc*8T53&(Q~3?(32k5ldj%JE=vP@Ah{08!a! z*03=5(@|ACKkIGGN0dua5T3NWUl6Hs%46}uA>~lOMP7VLs(cvtk=*m)P+y;2)+kcB zvJQ*hgXF5(fXAD5Y&xfl3o!`Cg%;h@`Q)>hO3&>3p?N=058(z@h~G)@k~)ywg?v7I ziH0`66rKDXC@w{4tC2t4XW!MW05CSUTigqGB%xm{e#3@zzK_KN^f~|9oc%7-`ZM9c zpQ>9w;?|BEqaONU2AKQMmYA=x@7G9Yz4EoC4!p9XUaE2zGyZjI=M$KfThU4Mik&0! zIpp;o1lc^EchZrRtsDAWa6%l*HNZ5kQ%1CnN;E$PdxctZwjy_ok{a4_R0%Y-2PQ&`=IvQ91_3>7LrA-uPd|xU z@_d9!f4(2Myl%?28ATzwCm>r8C0~=b4p2=Nk3dGFy{s3?*e10e2dZNUb(BYUD6N*e z?a#Y6Xbkd9D)S@ZV>NUbGT_gLy4T(Is^ciL3D`>)vWc8px|k#-{(vUj|O%?27`h_KIHv`dfsk>0Is->>fs>5WpOCfkj=Ogl!V zbhZ?-d}*(YanfzJc>f0dvcZK0W=h>Cy1X|%+zDJfdgiCg9%Q<7W$s?F*VmAwx@6R2 z&km9v-dJ2X;Ky?n+O^8OSYvWo^VaBp9gWQWpKob$to8E<$NoH8?xzai@6Pix{+W$7 z=O43CGuInKC7j@}?~J$a$0#~p>VGYH<=gUkK}QF7@$wGm=cb$Xnmjdc9Yu=Y+FrFP|Z6KY9Vs5?bbyR9Spn3 z0id5)dR^YA>8WHg0ouuYUconpLhG1^2yp5nJIwfRag2fvq4HqlU4B9ENLP!81T8PQ z#5wb*u|z$dRrd8<>G4l5lq?|L){oS~LUUFY_uvFR>D;j}ROWcE?p-EX%eADyzpD&d zV~#)t#Zqv>?h?qOgUlz;(|yGL-$vy?gMJ5~dQJ{j4w*bT#4diN3Th2}9>HeQq}S^DolA1k5yejkfBhNd;m^$a z`TZA@>%1B}!~OZT_%0$9r%Gde579Y{g!DNHJJP9kZxZjX1&dP4E}>6`mmIdr(iPF?Y@G zb3dlu70B#|SCdZ%Hz^+7(ROe54k4?gWUv$t6^I)ga$jI2FY_-6cxqE=kqrFez59ha z{nbt2$6msF|L^T3!J>fj?kVNKq3DipzshF>{q28^+1UThy~OkXgS~|R(pmh=Ug7{0 z>VJ7J5xoD_USjYXL=tcx-cd~io&0zv8;L`Y&=iybj9*7+EK>gMCJk#DH(*pusU2)# zXXJu#t$SMZx51;8hDjQi>uZ*+`FSm82tY_cLtobFQtbQu;MKO>EfHcpXgUPc>Wf?Y z42)%LHr$~M~njlIOf|6kopEC`qQ|86gNSDUD| z!8vHX^6G?4C_J?#x&r6CO-yGv-N{FAr32lex{^LZ5GvB31B`>{K(i6HwZ8U}N1iT^ zjWVrrT>A@ivXq%oO<5Qo!okfiq~9N}g34aaQAvtiN8`e107tLkO(MH3uEJv(4GAmK6Jx%BTHxJ3vYiOxhyI@lW z;$^*XX!j(Z?^pwR`jdpFsv+{GS=Ll<7FXh|_2}kxTR&F2mVn`@i-nzh!o2Ivd&ieA zLHI8iMEK2{wM6o`Mnq#UODxugJy^xKm9&|XnUZ+hTA&TVURzezDbkqDArDE0p- z^Zf*(!)qvTq%cSXCPC)=%TxUjY5uP~)#sspnutD6^+O-|AIKv&)NlZJE@nu+HpMO1 zv71dnrXatMEB^`!5bXiFX)Jm$bZEt$%_*AwHNfw8b&|^AS~Xq&CiIUW;&5o8 zC)gXSh=RIO5$4I=F%EvxkODgAkV+;K9RdE70`1}yYW5InKA@guCjQIFNCcJMt6ri7Q;Ladoc9s!Qd)t z$3}WD;?B{bj;E@p;6%zGEyO^$p?ZrrK@>r}+ki2?Y!V8L(cS~Yx+RQyvYl@f1%m<7 zf(ivgQi#RFxR-T7Sg;AtjG$b?6NRx?$)`ThzFa~o$T#$MTo#l$%a%{T!5Trb8AqcV zbcsG4`@o6cV!xKCn)1-fq`{Wg=r|*TaAKLk>pKg%sSEL<4u%BoUQkRp!7X57ZjD~I z!!{w;)Ae0v>2o0VLPej-JFAyqbD=ZM3QKQ-T#o$MY6mb)M$<8Vqe$z_ys!ry+C0B^ z+cBXCNU5p&;$CUCb%c200(i3O5^e6q53ftouSBOq23@xo)FhcC+(`yeQRYB}kVeGr z<}?rfANIbpy=^2*_d94pitq|sZ%GPPQDoQx=MYN)>DzUSMW`%-iR17qWSJDQyp)Yd&NI5X2Ojr z5|oGQqhhT;F2j|!U41sjyGeFii4CCFiVn*|a=k6(5XB|0;+5828AZ8UwfLRfH(Dr> zI_N}Wq|ZPzFo%XhpVAemkitE(Ul(6P;hnxMFwjVb0h%u6? zg>7?Ey3e|zCGUWTqyOet|E)9_X)Rjz85;AOR0p097mBluxl~Q#7AL$gn%C8 zw~a=9+gv7rM8?Qov{95`Ih?JQ4OB|;g{zHm*)?D8;mExec8cCwOM1UIl6$rEU3aD& z;G?d%V$$8YLx9aU~F9biTPQx-{)n)Bsx9KqXg(a;_~s#j}~9oKgDoF5>hWThZT1Keckr_GX9t0hwlJ z^!zk8=6ToQDV2+?g#2qu-XpQb*huj zquSCmEv!3{anYAwKgGo0E`np`8l;R>F|uw&SI<&u8%|2_EU%RMcdxO;#12a+?Qr1N z_G!QZ=YGFH-T{;3&UjuDn}Udx7RDU{;!Yi%C@a~n>d5iP5-1U; znVQCG7NeP9tZ#ixrZ%;il29LtG)5^X!|J@^TN;U#_Cf1fwxShaYD1>=B$}Pw%O}sK zv8a<M%qb(a3Xi z;awEBqwugaP?6*EfZV~|xht|;3C1uQUTqrLl`L)3J5);wW{s!%z9J(-+QfIrM-iMG zT&(j5E)WGRp)I@vK}>|F@^USo0x{BOC7~Ytdu|ym=PMpZY<4oXNSmdKb|Z&2mGM zys`Cjqh1&q0snMcp9c+DNeAWlKGPMm>qB!Wcm2V&DrARca2l0BQ&{y@h4MP!f6n9^ z0o2TL6{_=4E}SY?n?A|g_r=49Lv5EeQccasL)BhruM3ewxT~mjnEaLCc+zb&o+_oo zco3|NrFyX=>)O6MsmSeS4MMBhpH|xW5X$GEM0Pzsi4>=$^kA!X#(KJp>>T6KtR6+7 z*BS0gWGxSO^?euG$+$6ZY3tH#-mjOXc+8hr4qO`inJNciSIch-LMo3ydo>r68rh0i z>EKXzrrz@6X{_#%t8cVxmD0&dXwdP+xAFNQ+c^w_FxsihWHoNwwM5jJZhP~QKsT4$ z$=+%rgjkWIOezhJKbs{nDccSqrZVJEwUao1>>`WIpXj!JWf9H4)kZKIMB`zh4}WQpE$Tv#7)oDR(*@ zr1KaRs`04|FIjQ!*T(JHvxtP;U1foUeoblTS6q?yOy9v(uat|m>op~vL4|c=or^sM z=eVAuel0Yc9467}VchNPBZFPF^Bl>>d_82~Qd3fHBJQ-qth8d`gOmGDz*-9q}*WUy{jriIzG-x{=c^Fmouw0aZe^}>_fsH+Lpf?tXk zyPefK?#k#=W8GebdqTU4sMe5jKyHa*G;@ctVdHu^(T!+oE2>NksVBxu`K&j%jE>7u z)Fq#*qr^BKS^AgRb+Xs=_wG>bXjk?YTFJYmF8Nw5wO7_s)9o@+h|I%tx%K1?J>~s@ z+&<|qdXtG^H!%)&Vn}V7%%kF|*6pQpo$z`mbaum0)|HQMLSrc<#cPY$X5F41nwpMs zXx=64g7tl8P|qSA(QMnPq=U)Getd@tsq4;U3Xkc&Kl7|bvx7h~|5P1_6%=(Eu6xVE z-jDi7D4gD|H4(TI-0P)bvk%sNZxn>&0 z90ZrUZmeD%Yy|`l`vV85TY;mCtLuLb@AC6VrLi2Td!IKcsa0VDsy(T-52$3*MYX3r zvKj6+QmE3tL)nCRyi-$m#X{uOR4`{(aOxyx@NHLc9F94OSQokjs2XCUTrECnJ?kww zSvn~4UC$?N2Hw)$g+}}G@^e8{zPSCq;_^$I$tzGvBu3)0slhgrzaZ(0;Cxm}3Malc zF&MT=^&F*W;kjQBf=Y$a=!SLSiapJk=wu9#42G+@TKg~Mc=0d10oQQOPH zBMDC7E?2-^@l-ve)@ott%Si<}-WxYi#c?e!pGrtQ|CGr!YrR%nulbFbzi}93GaZyo zYc`^;UVP@Om3!;)ZWft!HQzQ~nnGz^iKoNWLo6r5r#xO#rc$mlPfgXj?^-0RmE*3Jcn5lFo$)rA>Pnt?- z*NjFt0@%t(A5na(=f%bdB_(;i)VOuF{|L{c?HA3ejY8Mn}C0qXVGlXY&8RUlAs5soWGUcif zOd(y-H8yqBi!n?!Gimmk$g|QY)sQ}t=UG7p^L~7=Fi=e>vz6ju!j={5Y2~!_iF*uZxm}f(dSt zpIPadxtUQ0CL|3VA%zSQhc;O*bJPT(XOvckKZA8NcE$s@sBS`)yyJ+|j_;B3z7s@! ztNgfBpY76CW~P1IF`IS*iI(EUIn=;)VVB`;5NTgeyX+}j(Z?v1&Qdx}QwwBFwb*&3 z-hd?-0ekSQW8wLfru~?Lh8J9NDR6fF3I*4szfI%~e?A-@E%Uu-v000X>MkUuDk*L6 zn)Wi`G|W$-RID3$_9xX843d*j&A(oSL>Q3|+F_V&ZMq3vMh4(;*E{K~3#))HT25{E zVHKL4s$9w@1GUV)=+d8h`<{{#s-SAB4s}>TU5+c6?z%EAM#oA7srj;DwNPkB557C^ zIGJxJpYnmsYOEcqt=UtjvWQ9WV~fh(M%v}=Rinc|-6&`FUP)7mv0BBebrya^0rsP9 zB$(?-iRx2(Q5uvwRk`?_U&IcAm{ax4VOD+)3sK~;2`G2SI2}Rt7gbp#)O2wU1=+TN z)M|tNa(58#!b(5bSF+WLHmK|EV5irPhdO$&f;%-93yz_DuJwkgy0m|4JXa!v%~5h{4`Cs0 z1fG|LMqo0Lw+Jaf`r;6(;Vl>2Nzm`#r3!-}YIyd9NVA>yW#)si><@Icq|X=>%8k@` zybD5ERPyHU^3#GI?+Jl*rSGfeBQ*)qC9DB)7gB<09VqXnN~VQ!AYEhf5P)k<5;dDtz1>&_xa}AHR!vZC>g2-Z@ zf5vfN81kVOQgTlPH6$11oxT_Z(|Mqetomn_d~08Wm#(@f2VDNh%9ozpB_{d1NUEh& zm6<Lbl{tFGV0sx^P3I`$$bNNO|{GReksASoA>eJb9-Ni~Yy0DM@AP4#Iyt$3r6 zm?RGRMWL}s*Txk;QnD&YX|R6W?mliu6a#U|T^Pb95u7GksKh zErp-!p+zBFyiA-uraH)iy%MQVM!nPcBo*P z7LtnJHv#)FC`eErNwH`;QP>W`)7oNe9Q?IbeA?@ewxRkmtaTuAD`{_VywZ9LxTb`) z+RJIhJ2cUYH(EwxpR28*F~wN|QT)6sP>5AF15CRL_LRN8y4XhY2xSye*u z^&;TawL(C{Q69vL>8vYPxa*{*!RZ`1Z-a+Wc&y8%#cJYJX2WeX94pQdgH$g?N3GFt zEH?Iq3jA)Bh}NCnsoCT-=}i{(RA2$uM19gl!mf}|%B&&-IhXAU>*wOLH<(^Q=fAlN z&E$2X?cZ#~O0Vj#8KEJvujePpDsUq%_sacm;6TVy{Jk7VVomnp$&rPeVCp78193Z4{#tXclj0Wqvk6& z$CSX%!F}*&*SHU2KH!Y;W4I4uK3t4p`abT1+0=>o00%)Qvx9g*7}h%b zsuT=$p8K=uGS^=hnt@(n*m-_xHVd(YmJcEC@wyS5!~>JC9$O|lS+8Go)%9?}pDUoC z4Q%!=dDihHl2ZhT?b54Q%L^%Ao`!?_OkdZU6IB?*>ytvK=6bHezDe9|U8uz4y;Qn- zmnd~}cL-}*3<|iojm)kE4tiF47M&(<%i;|sP$53z$%PP+hNPAbx3l1=-IF@mc~M@K z58hNify{2+cBYY82B+;{Owh@ z;78foR-v;-#c8OqJHFg%;16nQH=@+0;q*YR?G}FD8Z|SZ5@@9Npxd)tsM*(~l>aqS z&`{-#HZczF#A>nFEGM#LQ0*l06-mUtAdP%6fmM1);)qYRhylWl(~+`}jAo#;IS)!n z##*sb`bb-JTEI$>T*kHC!2yWvSgi>A6|+m%}Q0)nv`)pT~8IKsU?hoOgL~s zi?2FU($;pp8{DT`vNVfeiZ zjc9v5>qk0MqgU~6LcWAg%q#0qQ;(*!NoL_%uBU}uCK%ZSCh3lM8%t#h;mCHjtlxR- zljc0RFMHKME8}fvOQZQg)P37(D;}yYHp+Obq1 zL`p-FM?YUlXpgHY9x>X z8=<5AlF*Kh5uG2YAU#cJ(r@R+eWkned-Kngp(_(B3zNCgfTXU~Tf#&M?Av*7Vw+t( z=SL{jVg$8XGrFu`vp3m1>e1JV%~)8Nx5hi6KZ{JCymkL*-BX0NjN^omTW@<SODdpYbZ`MDdhs2 z$he}*W#cetxO(f#a@{B&;)g_{SB~^Vv0+G!PGf1zTF=2numx;Hg@ZyxTm=uA9mIm% zWKculB^@l9P>rRLNu%dYK1H+H4a$KaYp1jn4(;K*IFHEcK%XM^Cx!eH(Q-?SZv=g{ z3Qi6gIB2JL!#R*xiFOCwZKUBFwWr=gH9C_z`JmPbR9soVca!ZP<%2)J*S(>6tl4R` z6Wds8;j6Zh=0eb>NbFY2wR)XVbZ`*T;`Avo--ouHYNmo{=lN{bA6M2(U#zir^@g=r zM|gq`J>}2z+QDrgv)k`W6=j*atE^%f4MnBb0iTFOrA4ohn0Ir&ITYcByvi23`B6le z){@90fJzASzN_0v<@UaWcb!d#H|3c+(gJzS*WMNi8x(d&@{iFtn@2^m!S1eD4ISE< zY9*L7_RDrBI9bkm6`@uS9F~QRVl3v!B2pYqV)O9?)mobdLe)gARh1V_ByOBVd#N%k zm;RYvy(@LRtHLxdB)2drr&hh>G~N>BuC^_;+RM$P59PtqRoKno4Vzua@o{H^D|5Sr z5K*W#XWB>(l#OM!T}rMKg{433YowCTPhRhCkcvZ0FDK+>r&|;t+>{V|Q{JSaE@g=< zdO{0SK&)>Q)oeF9?TziA1zkX3syHVVuoVAHY)P zyt*L2?dh_2wJ9h1{;jvYzAIR_{ULvH+tX!_{3njv-mE-CdUV{QW+`*?wx6Q@VY7AM zmCQ@H?NfWyOSGOrPmv<`>7&1BV@?4KmPg&HnN63$Ku61t1cX5pT%QlRRH>YmL~7Mh z5(zis+7wKnqnx9>xgY+Q-FlGnRS!BMGHlPMy>1y9LD?mpl7Xo!rt8}B)wz3g@6>o6V$Rl_mzN|oG_Js?xcoCj(iRE&r z%$0alPZf(RSFp0&4tlM_qSe@UxBilX#8#cKZ?fMau^&Ri6a&WOX=mLCj3O!2Xzn69 zySZN%P+5zGdpp%Ju6VqW$)c7obkI zQh73Fdxabb^Vl@j?zVDKZ*j1RK5zEr%|wmr^-Li(dlu5;WMNTSgOx)<)Taqj*#*{Z zF<037q0L;Dl~rJr+wXR8Moq?^4nk$13cZzKG((NEGsC_wO!EH8$GPebV4xu0LI9dmKeSS*q*o z<>%kVUjRK59_&J|N0g44HroXpkPx2JPr!%miyM+|!7 zS#eyy4V8m5N7K3e9L=tPZ=Oy>cedFpW;0ncL8y$ z9pTy#Y`!FqZ{DA6t)$a2;TwI6GjR5vAr_J%5=pu_Hl$N=hE&$EcwDI32yIW!%m?>b zzm6%n&)T|aO4ipjB|5bB1NVRYhk3qai3m_jXQ#`4kCFJPzok#FooGzdZq3&5V*kmB z_Wj)hP%q4alh{w6aArAqQ7l5tsM+nm+yrIw&&$N{>bIbE_96*PSoGr~XvgE@y~lfh z@6}W~xHgh7VnlEd+~DUxay48#N1#&=AKV_4RnR_py&eYI_n^RQYr^Ib^az-8qaSpl zM340QBe3V@7GIm#c|3FS%(?Nqf}C8$(&`mXFrObz}c<>!v&W=3)q1 z?0;^SbI3SXUSg&+z{!||%jf&RR%D{wNn`fn3;2Yzwy2tJs0ntsZr&4Q=J1y6Ci~NSa}6Li7CFJ*m_L5}h2Bn+xIDepMssgf zjY`V9S3`F-Tm9hvhyKAm(cRK;sLBQ)GJra@o%-k#ME}Q7z$dt+rQ(LTPuQzt0`Nj! zgONk+Ubo}IbensEo@tGXiXAKnv%? zU)%y=uiXqiqde*8QB&7*keQoz-v7FJc=&jC^XsR0Dw8Y!fq<&p+lL4Jj-^USCF#c- zVvllZC|a5+YJB_f-n)1Q((zt&zxRPLu)D`BX@11kak^noACqt{&qP7KB%0uH zd++dQ6Yesz1;o_pMQK3VdgX)CYXB`+Kfz~AbQefEW8f9)`s>@tHfamnV{J!9rC zZ`rd3Yavq7Co7$Xby^?etz0q5 zZ`UvOdc;5+iUsgiP2%3sR&7p$kmi3l*#mUerGx7R2NKV4itx9pm<`#f#Yt7EvFG>y z^4zm?`?OgZI0*a`An46!;bZi-yW97FdQ5`Onk^)QcuMyD2Pfn)%EC#^Z*D*+Z}IT6 z_}eY*{mCSpm~AbLC^kWiXv$0LyYU3?{rCQlVPx6bsOqx{8X-n*-L%zT_$+WA_$UVM za7@D+d=-AvNB(L=CXstVn&%Ss9P7s)u^b-@iAJsi}Oow3j26>%h#h1>B z1v~4sI1iHUkk$u}qQWWAklAzx0uCZt<+_D(PoGcn(2wRd$;=UTHK z>Qe8?AAw z*-k$zLb={))e7x7!i9ylzcFjW?Wm1!5q1k5Te}5|Im%D9GeQt$DRPZPRBHQB>nYuz z4Kk(Y)r$`DJt7Pt>~Qa($uirA!_kck6NcdA3h1 z%E8*Kj?{HXSJUcO2I<*z3*RDEBY-Lf@&3&G7Mbhnf_(CA&p#89hrg>NY?lV@eyI1H@2Kr` zuDRHcOCriaPIKZQlkS$gYrN0v&DOY$N*WSUpoq=oI<5$aed~_P^;Fv5Y}Mn6s4Q!( zbo^WXpO}5ycdw5HJ-RiY_Bho}wRX*RJq@S*R2}nH7X~T-_qU2qLGH+LQk@~8&O)iQ zXZd&saF;}+)M@Aa$j-Rzw18IabiSU-SDHJN0Tb3*&nK=Je6sZp_C17smuO$xOC&Es z@&p9=_Uq|>y#?H?A*xJyuGeb*x}j$AevbDY>%Ebxb?dE!V;@_5A4By{zl;LF7LNG= z<5pYfKlj>7Mb6}&+sk#n-a<}9U$EX6TZi^yJ*)fnKEhuqB_=8<8MXw%&osWBPtLwA z4QBWjK|bi~Q10x3L+wyABQ^#pu{rQ7#aeq_X!xQqFO7XYAsBCUj6{7g7Ss{O5&Ot2 zE(=O~-2*-Vf7fxsA(Rb3rT6{>IJN67f@QqVwz~?78?@Kg&v2T~FwWXMk(kx}IG@zE zSnD8qXNGf}!Wo#BSA(Qd=rrTKp3vV&-FdpPj5k|CeLtASt8y!UD9_Wi^0Y0=!n)R4 z*0z;&d|b~&_qAmU1zX$wb|PBoHFRHp35t?gCrjCOvC^tbec)|rSf;?xgF1y=PRxCTyHkgd8zDc;cVCQh%$KUXU0!bY_%J-_RG?|U2ZoZM?ajws`MF+EvTFh1>ta3GpZERgojgVM?MxnJChOy- zzZ6I;<61x4UYFbLG3+>!?NtxF`n}K;mn`iZ`0-8qm1}a>p z(k*_5$4$`s6n-z__oWOPT5t6VwRw7qXHT_OFwyrJpryvT{yg`WQu#Pin!}!(uHt^8 z{<5V^UqacDWIL0eNz-(%(5ONCC6EEW zjJ;+&QR|db@_ZKTH)le>)s8DjPa=2c)B3cZk!JgSCq16kI{B@P0K5T`V3p@JUtOr} z)g%gx_zWF(%ecHml#E~mTAk<$?+%ScdoTIM`DSOIfwPP)FpxrKSA zpYAPt{)UJcxdqmpkx}Hg-ISK`E;6HO%`O5={Ov|bT=%fI{eE`dsU%DLN^QL@W%eDw z34P8ExX(*P-+tZp&7T`{B=hq1v{I+sC_T56N(PC7#d)IVk0;9WI_}baxhF(xgQV>1 z1Gf}mz3jKp-#onpO?>Vz#3|O5EH$G0rVr<;72Fq}<1KZ$*4i`0S4q*WUQYIX>2^VE z_xjCxuPLJbjITWHck+e7G(YP<3(>@c_z}SX98$1urCalQzCN2LYq%3QuObw{YraR$ z&&irNn4f?C*^{a?Jua83X)BFH%N4ZB5KcdeB<4<*!xfrck>>`Iu7(1S3aTY4P{jX3 z2RHRE7hGr`mCa)96eYm6Qa7JHP*-eJ&GXx5kGha1^O%B)7P{{F&2GSivb45ZJd#4{ z(eV6+E?tkudnA5m=b<}(0+Yb z{s~qWdVmE91S_&6ef$M_mJ0g-S`(TW+Y|l-U0gO!(Vp2~m@ifY#VEtBv4^xS;%S%8g&p)OQ}|$3F98NH>Ir?43h0^89{@jt@5v zx1ZdTIl>a9xf=?RSfebup>%`h@~~Fj(Et2_*^i8|d$PQB6M8{swOHdfRDOnf3Hm|R z{h-{@t~lWi1>{%BqhBXYyr6)_v4CEWY-?9_d%y+TE@(F(^)_KSv^W2ZzTs@!JyAuuL4aXdarKfF9R2Gd`HOKJHBhM!u zQZU@S$Kl_QN*$xC%k2#x^_JNZnFvO$%tlx2i^pMEKi7m`Q-FJE)n}#;kP%V?y+ucB z>xIp42$zo1?epuheOT!EpHXYuAZS zP8Wa&e3h)Tw=D9-h9e}fw)=A5yFK22(y25}P+wl(L_df5m-XyW?9oTSzyAdN9G>hM zNHNneSZxRq&B@Re!+-qv3)fEC6!ct6`48Q#tW=$uRhX8-z0%whgOu5%tCpCmo%A0z zuAFKo&C%bo{L{U7)8g@oxpu{|k&cy9gRfgSI)aLRg?spmOShZa>&I{x%g3{~tp4&S zRWyA177PcBt*=dJK(l;yE?H*|z}O#r9droA2m|b;6O>F`um-iEL8!^c#lS~}wPU(p z1`Iz{(2~QD2BXItu!3j{`6--yX|9|hDPDqSVAPpzNjfB7J{a#}OE+U|+$$Ll0~!?h zNFqWuMeP8_lT3?H=fZ}A(Jl7|y1(7#)IR}GuwT44f8|(WlHjARj^<+WJZu@9vJ4D5hKDo8*H6Nnm8EIN#wAwkgEm2>PxnpYmeN=IYpIV-N@%b@vTfbKf=0FW!N_!ypQ5D`1n*o9eb+xp&Cw z3trLEjPL7}WJ(W8k6Ayq4hYgrBhvFR%fO&zyRgAcGsA;+!38LsN(0598B601=G~ zOj|8Z+R~95!a-@Gj{y`~?#iXF*oae5FM2{<4_EW~YDY_hQ4GFWU|sc3E>{z;qyef~ zvbFGy1u>t%%Z$LyHh@in@2dF<-YuB>Ks5n|alwV+k&7>fr~(!Y4gz+0z@ABDH2o1Iua<<2$SRn)pe*6yVHU95rMaZEb7X13C5y3wK@D>r-YO4=PO_uK`T zNj|t!-D*A6Xt*nN7iwz4F%i#lrMO9 zPOg#q;EvUE4FU*C36?$}jTqjisR=s4cjXlCg+R>!WbX)?5Wrekv^5uZG8HSLFKkbl zEzxR>-DEC{IB&3IXewi9Ww?7le9`|+!norPapdRDjO2A#lGe!8qiPbaUH*aTjA*`e zPZsOBO2=Mz!<7*tA@Q7$Gw{chMcyx@HE90l-}v_y5BXkNpm5!0wSmqC1A$mvX|vX~ z_GC4;9o(!=?9QDc2IhJLnT<&@n1RJa)0u%JF0GF@8eh0MKW7*4*gTH+a%U&gI_>sK zr?InzzTEFQNUW~UJJq35p+z&*39T-YPkw`C4!SpD)KoRG-*4oa2KbAPg zUR@S>D;#m})n&2%&pXEkIdRY)!}Mjj*q0MbWNv`Wkp%aOHT{dN!4RhyX%AxW57W)i z-NZKeV$gFmbwZ8L!N!gA^>GdgJwg?8gwun`SlRo}F!;}}pkMq%zmbZ8SFo9+hblbM z;CihBVD$Xb%$o-92;Xl04{u~UeCH|;xk~Qn*v+S5Ic%FW(k7r-F#gyCP~Af>LCl$c zMj3VTHc}Ph(TOT@70bz|Y^Ol)%n!K>wte^>$@dKhY$F>tj2c1#WsgN<7CwS&$c6A) zk)aXAw9Hd}(#r7-G>3d^tZ`{p(0;N*$EIN_fM|JVlaYu>B{xu1l3#HHOVe*?Wkqmf zZs<%emP*6{&fmvbowYgr=GR}@OspOO5a*$`4*`STbx(Efk%(15ZwhLK;jJ6w{m8od z%=OZ|nD6}Y&BtG8dPL^niOIfqOu_!1X<{vC-Q2QYX+%z`&p~DpPuAj-4dvr`Iopks zRbKAE*#wV=Tip|T4Q`R+*ztw5F;?>xqLoO~39kgU?F*325AI(rVtzbp{Oco?;1qpn z>5QG7eIVS^wT}W}AN>%ZAMEa-xF^x(oZ{!Wb5%?mF#*Ft_1`-?cayfAxL|03!PnbZ!pqF6Hv zp|A3o>NZnla;1fW;R2QpnnM1klcnii%lhYYp6IcGzM4ZbKph{4;3(#tDJ_}w#~%F6 z)@lCtvGo;@6oY|&X0%z`Si*1!}a|B`2l~tzy0p}@Fy9NFd$ZD4Z?2? zn!m@x6lTXar?>%?+(dSe%M7W7t#fUE#1I4sLEWG20v`#UgA#(m*k0MYZGTQ1%{Gf0 zRak(4^}!j9yuekD)g7rK%qh@7;N6EX=yC-Lxc3z@_kVDYFnulM2}4Nw@XQ|#Qs z1K&RwV9y7j9sIWbElha5e=Z9#9ujuyG&^wcoYp>lB7JCri`@=v=V$J<%aGt{3N`jM z0>rckIX^EJt--`s+;*0 zn?qj321a+TVFN^>d<11og;qy<+4WyF|+{0LZ}E3G%-ew%)wX#aDN|v zv4u?zF%Dq9gkvKNmY{A-usVQBYq8@5>=VnGobz5Ru9K5M*845(_fMzD?)lw&gZMz> z5BMh|5L5j_-NWoXSO3tB&EQu5)%)iJ2#=eU&cR#8z*%>k{0oe}=;Km;<*+$hHoK#a zVhKqmX3(rHCtc#DDJ`+ZtB4D+nBC)fvz`#j+xUEJXrnO4TW4#6t5djOhF7+4w(bjb zgLK5IbvB8yA+;H!CymX(q`^#=3+SHAiiLXE2hn}!X6`o1%BUjq3sac0h%wIa5PdTH z1Hi#+;0kj*!?@NMj;9~o0$_a7qh+jd|H>RUa^>b@Db__mgtHl45JyhHge{LBw2+@+ zKQ1$(+l-pnpd}0x*mJ;=hr7{7CP}cHT_>)ltikWdldWN-z+q92G_HhD?0{1oe_}JR>ZW^DAwKS?9XA&Jf79F-cHZ#HNsqV z=+AH7CFrD@;CHj|Wp0^zcYn_Ao(8m>2@>}n#sV|j^^xR>xA*UkQVT_&AlQzqh>pX? z;BIjeBx92aOhKmFdv{|tS+DWv{vAV4OKU{r7ErQuNKOc`7ogE6J7@)~WCM83iDWoD!2LJJwo==`DA}fgr*4HN!d~t@Sg30*= zA*gW^Jpls0FrFWcjx#zkwA8=~VDgX?sALLJAZGMCN4E2|9v2JB{(!ga)G`2phx0K+ zcXotGX2(oUfaBv^$8h?bN%^lEHw8mUAD@{Jb@z#U_}pGE`{y$~{^Y*>mHzv~ZTz_SfP+^~$B#fqO4a+)bmjY`` zKp{r&h>a)YB>_YDK$2&0lfC(`KM)yz%lG>|V^nQs(9)DIFf?=;JjVzSf3<-^1m|%9 zk5&Zx|49hK_ZAp#(Fy+K-aY|GwU4K=Hsd&$NpUK^u<= zRF3=TQpSc^)(pN^;0Xx_2B=5L4#s?CpvK#+v>6dc+i}PgudT&l3=ZPI!klbnw@E`f zC6fS%B!P&l>KTW7Vi-O*E-lVOS}UKCC4`Q()0WM!{FxEpMU!N@cz>;zuiJ$rDpdY#KYeaIf;GjKR)ck z!;cU9;qcRM<|AA{j;9YFfBWa%pRtLK@PAIp%~?C(Pgm#fpa1LEcMqPQy$5;V{hIK)U_{2Thl)d3oFZclRB11;pXHkO>MV23+yp2HkywZWtuh+v*9fDX@( zP-9*e))#a`aM}OZG4*o%?dn8j!eDZ2;IjlKgLlUxf(n-A;%R$S;m2Z7MO$lK{kGOJ$>j4cH;9s`zSK#t6<33cFtCvtliGM!_b7|VOiZ#JP6^Ub63~~^J#Nbfd%SpU*Kv$ z-c{#cTG+uqJ{~K^+=&ExuBN?07YSE+fCZyr!0?wEapZPASdum$%sS%$z60X)8_3aT zi=-ld0OK?HLq>RiBmaKRn%SCj{@Nn76u5OU2-_d7dvc72ARCc~(i}I<+)4qb(&o(A zq2ug}wfmfI07FFc^zv@mI2LJjkmOS&vkx&pOt1o3=yiFbuVLU(R6p&BPZ8T{b6rIE zIF&rtTRLc)?F04}(&#`pYZFhY8QU_1!#U0_$ID+&@X`h#$kYHz3NYrFxDy-b`~kX* zFSj@Wo6(}_o21LSjTDtR_QH~EFX&2lKX8qZnrV^NRl--vL}`+HI6|<8?~hY+9!)0* zUO3UOfY{OLk)qpO0&q4|uR!5tpxU(JMId6sejpJ4d5I{e#Lr&RwtlQ=_gda{c-AGy|Az^YKHvZuT1BtPJEm}Hj zo66X)=q9s&F&TSep?*J28)G-2%rU?Ibi%V*7cbqiZ)Ch&I<#-h*ndjGPe}~HP=@Wq z{qDhd_sRUxji0W7(>hp;HKK1I51xbQ6XTNJd`H=9=HN3gDf=niQ07GVb#MVk^UiVJ zM4)xYX1rhf0wP4Q5A!!Lur~6e$1fgTCq;V|mA?w<9Sn(mo*8XFF6=r-^KZYMMExP-1QhHNN2u9scK><)6uuJ(OnUhJltz|4ZgEq(vNZ*Lq9;&U(N zcgC!kpPI9_CS~yl7c2^nApz!xYfWC$2rz>HMWvHIrAm3ym_C5uV#|f+vbWP2z}hZw zWGBW-c!p|H6AT_{V>rJErBup(%5+oU0W6@P)qk$XYv!o7egwgW$(V8_+pbK+i&)+( z)<=YC^!z8%t5}JbxL$`LA*@2WG-4i!v^=+Duu$@&6@W!SA`FPqxskV;=4SAK!xe%c zuuL9i1A=zcL;l1Ua}3inXZY%XXHj+5h!X@s9D{T8lX1+o0tpv4rpoH}S}sHec*bd1 zoFG?T5Hd04DKQK$0RnE+rlt?RThN~Bu(v=a`NYuT z4`@DkM(#g=+!F&zogc@37K+2^Ns1@9tnbss2o&+%HG5{S7Lw+w+32Tz?=f96`&x{|9MA7G5YsnmM?vG3;n{cSmHnL+@BwQ|JQFP6FyGgv=1G3 z&)$FR2gFdokJhUs6s03L~=t4vz`tk0L zu*`7~Eu8Tzk@4j7`w1j&;$AKuGc${a>yB&~V_1-S+Y^A#7>+pbl?Go%e{1Y-FugEP z;;~J$oC8pI*4Q}ike{4Xir!)z#|L(Ez>8MG;KPMZ7J8uQ%*N?>d<-vR3n0*2DlNMM zoEqN8C)UPge(v_{5#?}iDle|A_9K=Bt11>~E}#4uJdcm`g!O@cnaRyITA>qijNdVP z5UGuDWX0X>B|APKqr3+sZhzT^b+!aQK}QD+yvLrZIN z6b|xX6DSI#*3Ab6Tk-M zn|XZ^`@#}Y-Z)zT(8xeZ+xyGEp~^TPn{={&ux(>7IJKvI`gFxOVdhW&%$+5vWBW3p zU-*3jbr!=c%Km_x=EgSBk}tReSeOvo5_?0AV6pbZ#H4f6jlDMx{^f*)g9@FK3>h8S|EL*!!6CtdzTtDeyjwg~)Gd3$0q3Ge=DeLPT^?)I z$1)C%j;;ejM9$S9jeG(K_Vg+s!hvu^kmX@S7Nbf?k_Qnb6qJKQe^ge&K2a1@(eE1! zly3xtW9F|x18DlRL7ETJd7ne(2n3>ZAHmgsv;(Z(01kmK`wSd-dKDa^D#`=jARHA@ zvSr{?hN|Be^`oYISd7R+Uob3+k#JB1P5CCg@G@$BwubKqjCo4F2#x>ePRX0_VxbzK zafb8}E)GcafmoH}X?y9Ad>vNE!9Y~;`6Iq)&>tEKil9a#0ZEbugQ4J)hCr4;!0!{n z--;ENEBJ1lSR-iZi*WGWi&studwTVB_=n2C7ZJh(zbJ(xQb3TDNHmBdN`66=!{I(3}9dwPBG*!-c-k9%S08w`hHRE!Sgh)+aT zNhJzmA^L~IkWY?&D-xK~{{H2!mHkJA-BOm5)9d8g#VO+AWczhSAo27n6y!)Cf(tSn z4JndO8Vp0hh(D|ZMMYLYGSy&EiiQL+@a<4Inf-SIW6zRleH_F8bN(ir5QtyAzzICP z4h>cDMWdkzDtQwGB2fY3NpdLa3;PFwFltLg>6pmhiW6tk|5k8J5g|KSLfNq#tajch zlGuFIA;m1DFCLQMJ*dIuDdCT=f&?T1_#g#kDH;)dzKANQJ|QUk269*#4kD^A5DZ2K zA;y$3k@ssktCtt^t>A$>HW*A68TJMoK>??G@d8KK)2jf9gnYhWC>#)?5NCW5Fc*@l z4%EP45DAEcAcJ5;K{c>%#F2aN>GZz`2*^P9MU0?@GPd}PVBqQ1k6@g{bTw zghRf_0RN9FgJ2*Wl|6q17zp=^5wk6$-Bm;@W)qS4Nk<5GbW=ntt6_U zP#`b}1M+fUFdT%!5mkvues$<)g3>p^`g8@~3UTP(6-I^N9CIr9UB98Of&qB=5)&Vc z28K!~5b~k&YDAS))Qt~-9-#o34nS8 zWPj8j_zvVaTf_IlLQz2+cqzn>bXjYlrC&ZXAfn(^E)ETQdKE5eWDtl3ade;%QKI2N zP!(j+Cx!#iiwvWKAWB?>gK{YJ&9}8~!sYsUz86ZQqeFo|l$~?lM^{y5+pkBOfo~X& zDv^+^MAfjO3PVUdir^neQbbTCRS8Q_9D$$tZs0hU@%<2?JWg+f#wB@WK)Oy}1>C4n zDX2mtBo5`F8UoX+qRKju1ScmT`$UwDgPiySpuv{#y^vV1<_7>4l~rv5XK7ro-Md@y z-e<~yXRIDQzIu3qg8?LB$iu3vNNOY`3EQSXt=_P$PM9!A-!yp5G zWd0GEQr8fU-avN00YaiE2@%{tP`8EzRftHDh<_N6heH(nRD2?CAqdpLZ`V6p2 z>5_gdr0k%=H=M7phZTUK;2s*v3d9Fd6hlKXphSXxzZ?ul{GzG|0`#$i?Y^%F2^0EOH@i3;Jc-v8V{}sTAst^DM!C}-V2BE48%aA&w>QM2^(a<0aNl6-rk>T+BX|#<)d?`N?G7;gg zfJ|5l4TpYQPte8;1W{6lvOEZc{1O;LS@Gk4zM&HJ|G?7)$Y3cy6f)vp0vQ3y8bAJ$ zBdQcqeX0U!DI5&|O2M!s42BX=2|xX~TZ|yXSdSOYg)gZeNUdO#d|v+L%OLrB#xDR} zm2U_=0t}`?R23uuz(>c4DBY^8#yS*Lm@(kiuGx8p*sG?E2H>#_9OhF)&ZhaW;+9C|76pFGnYALI`Ik6A6{!vL-}7bAQgq zN9OR%d?`)W=d*!6zefiYxqI}DzuJP$UxGU#i&U{!{KDiNQJ7Y54nMpXc8>X+9Io!1 z>5gI*^CmY?dk0bN2|o6PyjEObpv*KOYdwvx-XKff>I2Lei zJ1vnLB{&pOljMx8xnh-&&(p2G!+IoLY?=5`RM z^LNc4c&+|jGwAP{K~xs$yk^kr+zyq@0EdHsI^5JIpF`0Q2(YTF`etq>aXNB2RtN|_ zqCe&hiUN|K_aFsW*^z zz$|v4?o}BsV8~`@7U-Z!qDIFj?;v{KfA+%PheT9 z*p!*H&nl^!-FaH&WGbC2r;?AUdc9I-;pr?a8f&3agRH3cBa7)*6<+O%p5L(QK|G4k zk}=73ihYF2Ljax`u>R^mN1^-TVvHiXoYOD<{#W2LpixS1ZA++!wdvrQTuG~gp%H(6SS4~}vWhKM5sv&)#V#TZu z5$lLu;Do~0OLj4;=1lxa=j51#-&_!iRq@4`Sw2{7HmOz2oQK1?G$K?&FfF_CR*d7I z2RM;<0e6kkU zacnt}rkwVCN`Ij2YAW;CDwkr-L>7l2)_5$pibXWwbHo^Qtn6VBb<83N38i?hgcJIS zdLK?g$WJpH^d*92_H2_9b3b0&4(ILs-?26J;!PN{^}Gt-9Ho1J$YR0S2~KMd>@8DK zYe9XsWy!1mud)*KDap!gaP9fqFB zgqS{-3gcAFF-Kr;9Eq1+tZ&K1i%*|yrV_LXjKAa4CKB2(f#t?Z)?|Hi&Lg768>Mtu zgTb<=!Mi)&Sd7@c9ZnoZfE}aWaSgDvI{{Zrc?Kj=PRsno}ipDgv{n z3P0bl{pSbse-k>;CSK-=2@3&%$&uHw<&mJuND!PrrfHIG<~Fq;UrCq#Mof_Gt4L$jOuhow??%Ws_x&m&S|*{?z3N8VoAjLKh?zOtrYk z4@@b;*6w8GZY|vmF^IU4&xj(2m9=xuBW$CZMf1+7(pM`R*jR7f+n2OH7YqEd==Sz~ z{zl+f?B!LQxa2kdV!*wqFdN~tT^p|NR6w%A)Hv%M-LT8st$wN-nhHMjq~zPA59LHPPQnN5PN z@?<6s?6BpPBeA*^hn*{aeZi1cFY(ygV0)~;bU$edf9V2GKxwVb<_N3@f8An_n~J5L zOy+x*{iS2-yt%A3zJ1Z>XmvjRsS|_)B5^b7S35ni%!3^s_RA*Yq#ywZ1NqZM)Rm~-%8p9 zW?cBpk5>xW=8uM0vn?~fj>v(EnP1scGI|luL3$jXWY&IsWW`%ccyhDS+O|2zb}zW` zRJl9AnbqArmXJOj7Ek+I{KzMwxcMZ=OwWFTk^TentIt$eeKlTQ(Oj-un(w58j+ZQ7 zFh!A&2^AlnESLNMEPkEU<7S?^wt?9E`e;h}iY=fE>#y4bw)_%b9BsvM&zx`A#<4~G zFWxRX9+v6vV#Dz6r9C560E6J=Hd*`j{kOeIRbNq>nNw$q2{!%jU~|r72G-pdZBw~d z477B@zh6s#Ay%9VD_nbMZXR?TtRA$j@jE_eBXm2cE8JOdprDLHSq*VP2vt+FK zrL{r`gWs~QnF+^_Xmqq7f4%ERT^*@=Y&&7zbw7%?OGxa7`Z70F1ty!k)EAJ4 zGMJxBJTJ_W!R`%5<9Lf=>kAs!7R~v4&jmZH3XTvY-{2PGb?2QlmDqvoN%h&PQ zZ$u$Sr>{cA(eC?!;^^#)FnJ9kSJ?rbWhFT`FLHOJ*A5dpvmx-t^K>e8yur=k%6X$T ze66^0apdf|zlvP1o;q~l#MK{n@Xk8^AA<48+I|GQogID=iC-spfRN)v{7}d{`n?8t zTWqscp5&U!&F&78cs9Ww0ltfgy@I(fkO0%{;ygX(qc2#PA(_^>DcXj~k%i&QetX}x zg@M5hmz?u(o(ywbp~miQ=Y{zC5`UOgoo_So6mN&YmB9h6tCsvzSXc_-Z-mL)Koa{F z8}9djfe(1~2rw5GtlDCHESu9;V#G_b)&CYvlqsB%>5rTHpg=fNK{-_jw!Y?7xY(5J z$oKr;qJVO&*ILWhNI=fm#1neLBnvdsA0|{+{NJE`FvK&WO#s*QvExh z&)@lcQst(*k&P9LZVLbYJD<;4KA#4w9D^%>NKL}5s`S90J|rljjB02YjvvvM2V7BW zNt29~qwwxa)DxZ#5@J%C@a?&=GP1yv*ZR>%HW2e7G=*!{IlN=dTq9`g`Gu64=I=fy zd;FsOMy6BYL{?&mSVST_P2g)t9eO-oH&;KxNi)xc zn|l_BOV=aGy|P!@w5hU_Zd zXY4#6uvjD0yON-i*Q%C~AnyQ<%sgS%4^I@Y|e`GH{oVP7DUuauwUbaoW)HZd|HuF-y znah4NFZG+b?6>?<+cMgc@Xr3cz%^4rXYGclJ16TeZHf8zOPg$&|cs}44Q;kTL_z6`w zz40g$oesgHCF|*kdv{O|W|ll1h78U zXFbOqg7pna~4zi1M`v_JpF6a%(#*7^cHy={1gL0`91))@B9#++ABnbz@uin@M8 z&O)jMEtmr78}bHSFqb$#{3?h;w@gk^_+wFMYr{F6v7b)#+)|!z^vRa;GqDf2;n$kC z+o`FrIstqgAF|`lGbEV@nYPJ3)261v@d3Sd{A#(Voa;z%n%bN&Fv4fT-R#cpo|Cfk zZynuV`PlLHrNJk9U)5GuzID!u?U;wvlDZc@veLX%P@TiVF^HAf!sf4S=uUK0?VcC_ ze{Km4)WkTvWk_<#$d#LqrC9ggLj^UEP?-u^|Mc3>S9h0=BKR(F^9*M|q!BJa9G6Aa zX>%FLI?_S=om~coqvl@t=XI)6}tQB>I>H0 z`H^^hG*)CyTO!d4Hq|0yAO%Zfc;oUQoyO;X=)WQ7_%(P~4^JoXD^)Q!>4yi?@u++2 zH)3f{&Zfx*+Nl40cE0HTVn}#%a-tkpr-MA5cLsv`;wd_IeC^zrHORk@>|$mX6K-)v zEXxlI!qgoMt<6Lcb!NA?+hlv)0?VAL8}xv9Tes+Z0Orx{b37m})$MmapcVng1L8N` zL89t>9GjEIW0G#HruOs47#r4e@rpnG`TUC_4d8)jd)5=18Vk`187*OpdSOW?a*|^$)Dx3VO`gd_7d!+Rc02>P=^4cF z<3ldnU^UKXydhTOc*unnn)p#RL4gH>Im8}s2ig|LWBXD*dAbIvF%F#coP97~?Np5& z`m-0f4;(M7&9}5-HVrvpPOK{fwA-ABeR-YmttLy12{~Bew+FA=1k=3Nj#t&Yf9UUc zN+KpCa9FLD6nXav*@^&4`#SjGI!yw`_ZN3f!^)pjF|{B1&F!trV$(TiVJ#FGZ}P2I zmt^OyG@*g!7GTauvkgz@Wp}(I%=^IJT}ygAzhUsTHS3crhJ}YX#Q)D`ht@iNv!-*& zA8{j^eq9U&=287r&D!So)&u4iEiGjgA&&$h$JJ~OeX9GhKQ!+wi`BIHI|^Cs^Yfd{ z1|NhY_%+zb4wnhXZ!}ADbmwE*73c33EUp0eq;GrC94DMzTrSu7mJML7kbmrC4Xp9$ z%$ajIzieMX(<8z#I?UsIFA&rQ-s=Nch?Fpsu{ngr<2V zKkR*ddmA^d@BjW3ldQLr8q0~DzIvNv6Sr_6WFZ*vi8+7*%9aZ zf=7_}?6jigm2G9?CILP&_EZ(u;?vqdK*^XT26a)o?1DlOdZr}Et|LMbGO`}Z9tjqL zun=lmWN2B}Q(6y!OiqO*;4{r};*CrJ3YAiLSty-;5c{JBZ}Mzvp6%|Ou_a5=tv^o^VkiX@Nt)3IwEfwQ#cAnHkn04CtyUzZgb>@ozMl~L%9Es+1~D)-+;wNv^a%Mj&abt5 z>~P2QV?o)adApGIp~JU6*T_!DDCc%$x3Ne^_Wqk4G27cA2icAWT{k|7_3zF4#a|V% z>n;22W`Q){DPA26Ie*{~hi%D`#M6_Uz+6T|2L22Fm!ct)!ey`>ECJ50+0611U0%V4 zgF_nY=}e~yu5NFFdt6f*Xotopnj0Lc)o4m9ZIhF%xMt3J=*C_C0VdbEMr?Qjyi6CNJy0~qoQKnS`5y_sm8z)lc6kZ7%E z^PJYEifOJ(pa2{`D?-c|s^4xNU8<(i&}jdhR&dxj)1d)gz+yHkVZjI_T|wJT14!Hj z{lSdo3eB-30AY!3Ok!f?f*K_~01ev=1ZekI3;D!qSp^ss`F66V7zsC6log6W>^c$T zqx&xK|6q$f{47~1Xb@!DGtprVC#rUM+F{(eoO09{!BGsYKSSM^vbOzfV^=;E1iWtf4))`CIfbpL);J-$Rix z346NOkXoy$eN2KD!pay`+t|if(wfg_I-sbT>2`~JEBE&t+w70LGIJ>)t$ovWKY>7* zZ<9&MP_j_Fa^bMzO9_squrZK#+h&ex$aEXrNs)l0ZSMW_i6g972qDr_Afe<>me#p$ zVZOL>^UQJj-zBf7Z!;N@DX`Yo1_@HyQ7I_43&6XN-c^E(SB-jwgqY^A)w-8P{_z&E z_r=#E-X}QFNOKG71Jb|vJvT{pb#Pd(HE3epW-(GJ>c!1K;cahP8tN%adk79%s8{xi zl(szM1MGBNfvI1Keuy?nWiFCFxl-DnAzcg|p)81~GmUUa00q+z!^nXd;eNHK6Ycv0 zu^yf9opLKBx*r;sFwOADgX6!bS6ZnpWw2Oy_}NF2=2$Kv^6e?r9-z9s{dL>9QwMK} zQcnzU_?8c{;Rd@8H$AK}hNCGSruYqe?07^T*XRwpIPrz6tA`+xTz!N zTQ8~fLS=C*d9+FIa?~t=P(=^Fs-k~pnHo&Qx*Zxfqa}$o3r24O5E@ZB2>mr1#CC6@ zE4d(awy)E(EEw6!88K5$9$s0ix`B7%UoWA&QI|7wzt)`fwVyE zLL3-^LaW}C?l{hab#|P%y@e#UMT4^Aqxt4SvUW&s^sERM_<8hF*&GMF|xWJSPX=luwy_`ee)X_$Ix@g*{K|3zH_X zCo{$_r;3RHL39Fsni6Lgy6GL-QqD>w!H;*gOARH4_st;M(y@@wT+)=WX3}w`5 ziN6-_>4U|)%50_~vwhXQhb2ik{Qo;VARb_mIx*9n@uAOO`Jp^*$H6~Gnn=YjudR$S z~Jxj&UO5P^@V~T#1!F+5ED73 z=Yzr+OG>Mk=qSpd*7p-340W=I z=fu&Fsv+-Y?BL=tbYwIa?}7XmI(U0qVQw%_wpeZLl}lxMYW)%B)yzc)d?n4MmM zQ;g#d3xdX~6FU73g29n&BO--PouVJ;)`Mwim~@Q+yX zfQWQ0>uNu~no^G)elYQ?e9KDL!Gl^x%UK4YRGAfWw#%zM6wt;MF0xJ?`@dnQ4vUJ_ zKK=3N5%F(z+`GO>5V6{WG!V@zLL>!eWA?h=2fK6kprr2;OkK7UCx(4$MN;E&q9 zl#@}Lypg5WMixR!r7{zQ*<(-PS`u}AaJOQJe}Z2uNOYh>_vp##hAMnkqM8DhHaV?z zNYIKl7VL%r`-6hObo-PgyJAR_+6IWCO_hekaj{Qb3TRE9)Ha}nKHLor_NacY(TbB) zhb|SoYtd7jJ0Nk9AuTk8zxyY?qelRak)W6je+?JfOQhLif&% zfms8FtAVNcnj2JF1pwz93|AlqC`4-9P>Bi|83qRbLX2=I+XUPVhp5I1RA#%zpqtVv zi3@P())F(X>EbzaBwT%5rI0@uVrDqI<5b8)O@E*x!?~x%Wi6_g90Jtq zKu8R(j_vi2($2hU%EF!91eIY0rZ_B2p`Olqr=6qq`w#*$>N5RWd7S%p2gP`A;*DC? z>$IGV{tFFOUP873&362rF=<^cy1z8QV=@yyq^W!^q{Z-A=5EZT+BUh;7(yQmmjuoZ z9n)SQ-i`q+Fv}ON%6fqIvj3I`KDiiKtcky?mEXpX9HZOrKVNxG#PinbO3ww}pNDRn zq}*U+m7A_T9JO)6g`ZA`_$zNlANH+2r8B-P64gyQ1I&NYU+UN}zGEciU)CZqyvrw> zK2ZWj|Ai9Qo3!D{;nd|-`T@yH#L;_QEa+V&Y)06%^!n(LWBk3~TVml!>Ov_j6Vnn4 zs&OXT`vXtT$vkX+Z3mr+sv%34jMfC_YrZ_tfD(rIvE z7??y*iDGr3kL`)+sYAmlngM`!-I5&y0%O-nb33B}vDeoY`^}*O+n)Oa0^KU9ELavT zoBw%8xk4IB%tb<)E_A1*3w21e^!C(Pj<<{`mAk3c)6f!5Eh-tK?ZOg6wt$GGHA=&u zD{Co$0;waK2sE>gek{fo)fFu@X~bbnLM6niH$(GMkdq}`>5PnXo>V{fTJ4u%w=tl<72+_9of>O48&HRz?Y`|TX z2FLqU%=b(Qj|3#!O3mb4kkt?#(`{6i-mBs$CYbI?Yd{9x`;rhXS9Zd*nr5`OQsImc6eB{m z{LdOD0O!$Q*70A5>LL;3S`a76d!@){@6iUug&8Ty<0{@Poa*74gYwaaiW3`}0(`Ia zoo$TH1MA8O|846MNiGG6s$n+}PXX2V=Nic5*hr_Jq|2O(#Plp$Ae(*1KTIPnZQN8sM|tbp-W%Q|>GeoEa{e z0eOQe(^19WT>0U@6LPPvw#a}QR>!iGF*D1SHu1byWJP3=-3fjs*%1cOfJ5!L(c`r+E zu%%UVHK*RZ!p2&_AMCZ+%gjCV=}|?K$aDW(=z2p@PyMD+U!lEpRld*VMY>*1pU}n)P2VV-gclYq5=^B zCq>Ubum#bW#f^`bF*2ftgL3H@+4&YvH0t06_AVH!^Y$)~_&-QV40A(RoUQNcK{GUK z(KYU0F0G$oHlOouiq|h(FRgO^oZgZj;{0Sc)iOxVWUs0i&+d3Q8+ne4)AFUgSWm_k ze6$XO?Y2rhr!k@%{+-!QnPq6?W0O?~Dmsg0)Uoh1UZA)}uj)3S zM@z-lmf8hO?}$b$-VXJL5nVVTV_T@06MTay(skTOrbI@)%V3Z6#^4S zDoJYsn)u2v4U_Pkq+tR2PikvDWr@Bz9Lf%4Hja2>=1Xg z;U-fO^9mn}qZ@4vBxX4eC4^h?*|}Hrw4`}Ych5lKnxEhf>r~YiYqlqjgt;hAS39S6 zK;FKMs+4zaC^#jsX1v~d3#nCx4wC_FE33GCh2N_XVIk4Owu+GlPZUwgThCmB+aalH zI5@t6alRS$InB$rvUQs;jezwF6FK)pxq^f`+>S44W56#7nO3Crq@d$!@;C8BY!7$k zRHRI${VF*lsSo=0=#gV5!;jS}Effgq14Ri1u>%OvbNEUrJ?8;u#6-WJA*N_{hl564 zQSJ`C=s)h5z)GV4QT_}9nD~{1xG^Z6*RORfKMg-76@rVLF}+e24x~pcWy3+!Z)HsF zM-UL~=*WJsfWfQ|jQKN#xv6_PWTFOwD5h;N z1O#~w8V;JUpOFInN73~%MqhJ3o6L}DW~$MWSNp}}5|9^8gUHe=x?XjG?(Jez9eTyG zu5lGBR(A#g3xwx_tay5lk9#Yt`uD@Bfu22zr9^m{bNzmb9Tq7n`x?iq|w zOD~rAkTPV37p5$I{2hAfVK<*cwn+*xp5Wy&X~pA`1#I_C68ec=07=Y7Gwz_)hZ&e1 zjNZJ~iwq8(fFdM0w5mH5wPy1538)A=M-QRQ=gl0_-NF3Ra&%QD zzT7i~U?9)msD0QvKCiXw&?M$TATHZ(aA6gt3FWTuT0H6?J#tJH)W3{S?gVbxHiD0S7jMU71gQ8BGO)Tuthtw33Wgqvk~ zTs=an&j-WtEn=*{*#~9mff4|~ZbovY93F|Cidx$P>6n4(97K&_(G$f8?PtmlKr+6=KC^Fr)Ch-i|z zn6jKGAvVB-In?cqB|Z7SJ%h}QpfwlM$yaBtIDr7oX^sW(rVTQNRUt_Wt{PRds{2~z zeaiGPb*$`R;+fJ#T5iWz9Ym{NvR6}1w#9fjg-(FNDOChw1ke!~KqXI>6nCPik)tz( z>Q%!?PAck|V+RtPVCRDBYR5#7wU z*I)BW(Jw5=Nyf1y;EbwW2;0s|fM*)t@<>V>aTE2hV=aWwIM?bg{iQ0=@Fy8Q_H6#N z6DR(*NA778tN69iloKXOp2SW;Q+fXarLcNCM6|jWk6ZCI<=x}bi1qX8+ZW{*Ti67p zw}C%h#M92Fi%+fkr%r!#)A`i-G@|XjPow^)QKgKEr|W2N)_qj@@=@hQCfmTaf_Z0WGCHmm0=i{(ba4~cwY}>7 z_rI(^TKxmg7Tx!5>gaYPvot64icm=(YJ)WM2rgy#mgGTITCC}l$)Hc7*3y zrSSBrH(M=+U|Bq%p~t}}gGDNuG-zj!PJiX$`z&Mi>-!hwv+nO3YhV9SDW9#wHo!6@|8Ryg zq4d&+GM>o6bk#YMOCBCh%qZmGT`U-)9wSc;Ph0BwidDO-_b;}2YT2?qwJ{!AJW?n0ox%LV~oFtQ&{CY|e;G#w0c zLa|3|E@+@xKL0(#E!K`A76*v6|GM&!LfwzFA99XJjvXs0Ll9Cx=|~S*s+_98U3!R& zP2?{j5(DdXOP7^Ox>EcR8&Z0klN<{Z+xF-4y*nU$_?*3%3}<6p^q$q3wFqO;n?`t) zz7t98Jfd`j=x#XEDO>2{RqrF!!V3#G5gQp+3JWEK=~sufx+ZfrxK{jky%OR-4~jcn z%5I6D6#7W)_8&+#LXF1kh$+>H4myP4k5T!>(GQB2=P*!@9-W=7SH5KPL{9el$I1(G z~*lli-rgd>aRVAGPB3;4%4SQo|m7b|I4(#9YfFztd{;XCf zeizxSz}&*xQkT%jPp2P${t^m_4DbR)O4SgCpvOit%S6V?o$~WBtvA%Eu&@6Hw{Nu< zs=kCyX3Gg#FzYah@sz$KXX$5hlS&_5qlB|#ta{f!dR%oOaD&qK@{ii8VdiTLd2z;4 ztH#56T+~hel0P(Is7H+u>9bWCCEBW^8KPW3TIvK}v?rMINxVhZqf@;}P;Uh@q&^g@ z`SD>|AwziZ1hkDLU^FdwCjtvu!!p9wqmV8O-eiOo6Be*%lP}Lcoqc+N|B?y|79$QM z3T_k6cut68-~lEMILf6(iN3dPmg!Ch??>R)$Du<2IqT3YRChdZqqL{_?H!!3($nOmmC5fuRrG(A2j0s?Rg7_N|-53eaL4ciS+~ zqTyRp36|TIWapA@;Q|o_3qo6}w9(K`uMkK>>RU_|r+~Np_cHk)8BQiybsb<>2(h=; zfYWW3mh?9?6+Ht&)W~`RD^*^a=m-`|zIJr)_EnUYq)Ym<$&qipItzM4Mu_7ve}DVv z#V7L@92_zx6%Kk*DA5`Bg*lkQKty`k$AE(&zQ&iziOAp+f$-K&v?L*u=ohM0l(O04 zBZNEUDfg4fR7tejPn=09tB2&YuVA9l#)l%Gko`pRp62~<=i3#MhJu)X0lhsM+g!uVvxoJx9Wc=>4ieNoOtP&*~~*7E2a8y zhUCWqPG0aF)=MGxqz4me2b-n}1Uy<_Dd`n}PNa(-{?Bu)v}lEaedh~A2kxTVxHG^@ z5JS#1r8U^Y|9OZ<7U+JD;aESOz}yKuNeaQFEb0-8K`93|`58Oyp;L8odH5QkG2P!pE|92Y#1NfSf4^Q+#inxR_b+$aYtk?UzRx4SqrYk}!(H|k!B zMmhU6RiTvOm}VFRrBWDH=}8bjQ(HnofDd8}Wo~yC^aM%9FGzFJJT7Rb#V0{zB3OHAm&Y-h{~y@^N7<3r zD5`YaA{;wb4;vD(m+;kl_`eMncea7>PPa1)JWr(IJ6v6lfPj| zXd_P|Ok29oA4x(0k@N^o!33PxP%c^W1MEt2aRNKELGDnvXrXd)h|1alpTPt7*HiBoyl3*6lp>i!Zc%s1 zkO1OE5y z8Pc5)@WfVK7}v9WUs#6I9Nt=}kXnp786m*4zTFK>(!r(-0%vXUSUFIbJ@bT$>qq4Xjx zx{G$xIRRI9gv5fcRR#>A2~%BeT$bOYo2beIm(h=TBRea>YxOb273+1A*5wX>hNsu_ z_M6?QCARR2UWYPd^Bl1r-Z0_4SkE#B)-*W=kYB|T89^D#=xk6iEY7LOK46ij(u zu}GW-NW;OA1PD5xnoxVmDkXoB00y4QVB$y+X-(w*)5(y=wq*H7D&?__Rqia2*YE?GLNKCMShRkIRj+gm*gt6^K^8@f) z(W4zVk~H0fr-q>+0pJm;ny-3hxfp&>lH-FU&CG_4UQ0DZXD`>7vVcEOR z?vX}$*hQSCZeW#w;;hahMWfCN1xsnqOd}JH1RfS+of@wkdXf#$pHb3ziSp&b`ND~kxOI=4jPODI)pzP}$}A?Md_r2F1cHtu0+_&rF7w zJ$`VlJG{ik`+y#uKy#ewz%?gj4&1d>i-*|51(I&u=_BC+(Bepc;zWYsY>IbWF(y5} z4;`5ZgUkM`OEgfP0e$Y{ja7w#nsd+b%Ic7=`d?!@*CLL!-r>J7cZ;__CpT+R7teT& zdlxghOdh7G-@A-))D|gvgYIMOT0;-_2?BBlSHKmQI<7;cgEzphSVVa7`0Mc2t4o}| znvDm&$&Ktsc84pIA!DRXGipPiuZDei8q_s}vAW26Mp$ZVW#t&3Iu}E{WJf%gfkluN zq%ymC0GJ3FRrP6dgC}JvGesCC*Xy7N2e7C+bbAilVhnr_ydNRop77D&yWLy|{#Om0 z*V;LLQ)@M%W;;4+9lmaEH@2gPwKjeuNc*OF{Oa)JI6{q9?cn&A=x`^h9sCmgqj|8s z7Bzl8YBk#J=&-fY+&|iDHc-|)sPCO@HxG8BmuPozcpU9D_nXH6dVClWLItYXK)ao2 zztO6{0_57u=3evom$j9h=J5f++&OGTwdknUI&Ria_G+!@=%jUY*lqy*HozV<4|ZC> z(%5et9Ipc_%A&?={D|7GYI}QxYNd7p>RUu#R6jiWrPbVhbsW7q+}m!T@MQy()n4v3 z1Qj|}->WtE*P`v(er=biYek2E(psTvLS6LcRfCEMUk(4ie%w4fpl;L;4~|>-xrSc0 zj!n}y&30ogs8YUU&VP`xsd7MR&>h6`ct&cCwzv;7;EDJop>A>bN-Mk;>|0r zTf_Us5Y{UTtGc=V#D}NrLuW%@!-7dK~H(aZ2H7-1&@-=0K#xM?GHP+ ze#C+aK$sd}lTsg~-ZEHJ??WL%tKV37NgkO>9%(`6>U+)h(Of80VIG9--gU1v>&Mld z!*<(3^82SNLEmk() zvvbar@}WIl-|$&F9~xEnCf4;}R{dA!ediWAHI~Q#GU!UrFtn6)$s@J1FvoniS)QJG|5wSC?^Lq>OQrF94CS+uXo!m|6Df=p%kk}UvjO6TN)Rynj0e$zlvbXnoKZ_gmEfeoQ_iLH$@GVOaZ+ni> z@=4wAT#li&$d_#nAgFP)qwYGIWKnT2eAnw#e{$8xMmXcRPW00>q5-jFMO4va#bLd3 z+pqGl+IGWs60`-vOZ9%-{zsK=Y`n#ud>%~H zjcTf{*XIB(rq1B~Xi%m9P9~W`Na$Z5!I{E;+wDC|sn5Zqc6B(e9&PVbuL9lvWaHZ> z-)(&B5BO30G3vtq_Vj!iE2nR(Prj>ed>d#1j5EzWqkNO>#3+Y@9CR2kc!XUbfr?&0 zRDSy4i(KG(;qyGEw_oigtz8>8SjA(CO}y%iyS%E?KEV5g-zE?Oy5~a(guVTthX->F z7yN`cDS9^lLo9^Af&ClpIl0Q{1A4_MO-C6%fg} z^5)|kobMTaa2piejt zk{p73;M?tR5N3pVo1t4G1`@xgIr>dz^J$eqn ze1RhimhfY1S68G;cKIgoesm-cn;QL3^)1l>4w4mLuP7AN;h=vP3}h~zh#O@hW84|o z#??M%{0kVoi+sE>=Q0teiLg>6}E16izOND&%JFyr!XJgsIG26ls#7xrqCn zE|y=x*h!&iDqkkE#W6)f_P3Arj%oqy{q52u8udpVT(K}(zg%iA?T5O1H0s9@0-DP~ zJF2wI7P{ExgHw!+m?YE+S3qf zAO_Dzc1kb<|EXbv#EEr4sDXz>5+r@DuVtIv@*vA>k1Cp_et6{z9%6 z!A}vrZ2Akz;dpe@yR2^Dm|`%f{6X_*nUTe&)dV^zWsa*a%MPgnxO&JXap+`=9B5k4 zg?rh#Ni43UY&mG-zz2MZ?2M%#A-+$65Pxu9s?wz(_NLf5iaWQ}*Eqcrz}4RC6*|Fnl|-lCWKV<2R~PhaM6(c@v~9q|aA_EwuO@hQSL_*~t%uZNk8LqYZoak;|m zV*p$Vk-fkv2Zg3dd%L<(m2gi06tN)vMbqm*&eKM49jlv}fc2N?>|wiii__e=4X%6k z@Sb?86n;nzY8ia0Mhc=pT&REk;5r?u9>ml6c%;I8(HvpziNKOCNe&&+QGYgxq*e;9 zB4bp2-HSg2(KU22GMwXWt@l(3sVvCw!2-b%hk$!2^BQD7&6EfI1@dqZe}Et$rR3~k zD}LX@b+k*%g@#&nf{+Pj%G#h~!<5VR3Z08Pp_Kp!H5CY|;(N+472;iW@8v`hm-%?f9NW$wW+(zWl+VqiX)UD9YRhFDep6YwHD zz46r?Mx)mOa>~*BYH1O6dj5vePY2T=*hVTrj}X@I2D_;p3~%r=d$eg6uDXBJoYPsV z5}}F~=Aym)DpURFFVH!MNQ&zXI(@B!4*Ti)XQ4@};a1x>bO-Gq?k2nUmELTzbpoaZ zKNCDOSWfB*@KyaWDyv;5Ts29tpLz#IcZfW~PPILXFKN2E>wty2cQnSpQWzD)WSc1flmjgR=>b zGxU)CU6NeJU;Ne^ZL*8`wa*s*!123&??QfP^2rHb|2liVB%B?KB-k9wL-I{F67HEd z0`=<2b}hN0pakQYWZ}YuonRRZdEM?zJ9e+F@Uo&_OBw9?_--^EB4L?g3K8WN4u-dP zT3!oAZWIQ{>+J=`xm$fR9KWlY4OoAy@-g$J*bFElKz8HWouzq#h)It9_h3z^3UxON z4Ok6nXT-=rv}MGQ+KC-r$=9Al$75V)hdoo)+KHH$yHLyRMZNm+mlQFY`e(q$N7il`WCwU zxva$c6X!Ad*v*+Nhw&uXHp;~a_kvR-ptzBx5e!-IGi3z73L_?S5u&!dC_7Lqo#F@& zQc^GH;>6p`oQoNcaU!LEKMe!q#gt5d{9ZbTkrz=r3FP_O_+e3d(R)C=U!7Ng{1q;C`D0o_ppFTo-fkGC4v{&t>9;h8N&nzIrp050e3#n zly9f4v*vlV0e{*!#EA@%e(zm;@A(c|?ls?CTJAg9g_i10YjM#*U~)i94)FsJ+5u;T zF+|J`C%7&pIEt2&e=JT5LU5i_60)W-xF#QvqXKU_ls+4XaPTu-qM5LJXhff?`>8|F zaxZo0(sFNID8$@L7l!oQM-eJ=?xhGrdY09Kpygg#(52&ZsKDYb&u8>;iaR(S^7|<{ zLSAh02FUL-VT(I29`bw6P{v+#dL{^1eo7Yi1U%%QLGCdPi@Eylyt`Kr4Va5rc^C7& zBwjFA3)#^S`DZYkOvXm_$D;z~+$UoLM_}>%OmUmdsEf>bAMZUTJTMnC&o1Ws&2~Xu zEDRW8UpgeHkQa&yhRB!JGeBO<*1DMQt7MM0w}WlRL=;UWu5J%;;v1)s;;u>!V7Ii6 z^X^L}3)JgR7SL^coQ?Ls5M5U1^9s$U?d`OUBi?a9Pu|D<;fRlBlb7vX;h^{4Nc~zb zJ9n=`@Fn+Gu*0z^K6h^=cRR5@uYcZ^JLw%-1VOEeG*iAQ=zU5GJ*}l?2p-?b9-l^I z&ecV>F)ckEW){YsG)M(-Q)4@ji{Yk;MpqLM-CpiWZl_ht!aZ)(n|o;z8&kQQdP(eV zTUHm%)~suEp};PTu9&b2y5uk}h_2`mYIIBXuGon`#mkq0pm5i!FY|`3kZ4N3LbWZJ z>Yo==>!5mwqv6Rd<3>x4-Umm+k;VogEGQKQNpP;AJ{O65t|5Oq0~GhHOXF=%$3w({?xGg*eDDAQZq-(5#d-Ovl#v`%(!F2d!rH$2(m97Nj%Q@gb5AOT#_Nf-4_V;N}Vgkt?nF)(BV; z+y>P{B749bqF!Nf^DpQg3EM^!VAE+s-&R$)-zF67X|1EmmmT4N8Ga_`RGI*{4%K7%LS%h|Xq60e>1f zCmM7ST~9*?z6-j++lPUth=Qe9Kb%hDe+PzkTMCzg*Ge%!+p$VX#{G6UGwV#}B7?Zy z-VVZcRHC63fz*B98+EU4efz8mmx0%)r*yi}oylPfIGT}V_3kGEsl;45T;rFH`o5=ZWKhU3|-=6IMtoJTPMP7s_9xF9QV zJxVV)&KGmp`Xz4u4fHR3lVU-L1}+SxGtEib<%8jePj#+JYTy7EE;#q4S`~&w7Ztyw zWh^b>PD_D5LW_ zB)aH&IfhTsxk#a$%RN39H5H8$GD+9tUf>2bPB^%?iw}vz70y`ZvgIUoENA242+#RZ zgg4Jm%$ICI5i&jph3iT$*onXsZRB8ZozYwjfHk=bYz`qnp`P&$*K>J-$B)PURHu>@ zNO^?q;I_wFE$}9gF*6(73~^ahgzpi)^95^kdk$Y>SBTOv9>|6l{xP{)1RD9|3%IXP zb2}ghjH?NkNS`a-P79eA>p>hhZ#&n4<4o|mIA!v?Dl301+dH+uwb^OoigjG@ZsSua zL%Rszli*+~0Y1U4r?|crahfGmHvpXM?X?2gOM|Me-PJBn3tk{DqaP03(=z#8I1W1i zu21hqc8Rz|A9jQ5kaoA1;l%C^@6!ZoiSEuK$%sC!XM3PmBbxL-YadD*Ti zUCOWB+dK-QJ-bx26s&$Pyei^p_v&M`OXbS}ob^8j3$fikl`REr@6GX1u)x?I4!hCb z?DAdo1}~6B$2Xm6u)r%aJa|}T)E@@-MXAE2C{ByEkiMOBr*n=wmsGfd<55zn&qb2! zz-1xISkcTyMpsT3*ork*RcC6Xx!7{MmZA>8#6%!+-aw&pI8eke+sRb+p;du#VjRiN zEQY7xFy;0qlV@`@Xx1n#)Uj-Ybdg%MlX&cG@d-fqKRix8g_bR&S)*BHS}y#D&WaKe zJcG6@6}a&!m0me9xwRhr~`RmJ0iG{2Gv5H zXIhpNVIgBt5zY~>>-J&o2>Ss~FZ?;g<$WxOjOFTlud$~ar*!ieoW8co*lFIMJ(LoTVeubRMAzsQw zMuFZJz}}kN+Rx`UaM%GVyN6@Y4!iuJNZ}UnROuz$s){fN99tYI;<@~yu7*=&$d32- zj+@)R1h`Qe9rwEC{x7Fnx%_Ls+^>#$7ZV>ON~5FUhj@Hc$89xugtyc0{U$kzbXj9z4`)l=lh1oq`_*j_oHAbFcWC| z%+-uP9vw7;9`d2q2se~rqy8NfMMx`zD|do~r@As%GzJbOtS#IeVN_9Vi*zV@5tF&NVQ6x^QK)IMg6a zo(6SJU_5EM_i(S<$IT!brV5wg^B&#{9}eJP_u3gItl?6o;e33w?kg5MV5Xv3 z+9)o7E3a?qg9v=f4PtKpvU$1uATrXtj;13HQ?KTW3o@*sXR+3m<9Mxj!q1);x^oIz zWfZ>1(&w^e?18jQT7;v6T`b0tamWWJv?en-=S7SyP+%R(50+CZp?ApJev3xpBzENr z1UzYuLmLIr;Fg4|1bix7hBJG;z1~k%3X24~R{IIWlsM|nqMv4GvnNmD?=Rv@eU3y2 z1n@eW=9zzFH`lx{_SSOPTSAW~R*!-kuLy(96TAfrXmYu5*g#L6Y23n?VI^4CGRXm1h$X?+z5ULx8K5)XE2 zNvMyI&B@B7DkoJZ%a|0rU_6}Qe*t(^n!@os(Y+n@E^h+$C}ker8+^`V_(5j|Zy^BA zWq}rT1T`1t%QWSTT?yKk#oK?03rF4;63T=6?jEinO{!Ad*iCOlsq4d|-68xW#~1Sa zzkI&e+kt6Sw;ZZh-kN=cCWgJq;{#Omh9Wt$a~T#-tL=mRqhJ_RX^PzEQy)+3+dBz( zC|kxCz{8=FemotA@T7Dp`Vfr{p-pda8B0bOx`_1AR6PoEE)Gzr1zKH}DG3)2;C!YE zWb&>07oauhKo$yl2DL9Q2uG%|weI-qpo@clQS$I=i2UK+5nTto;0;utn zF1E>my8yi(;vlQ)0QoK#OHH;6bv(K3&;i`Jo9y|7GVs7%hOW;7UQE>=(W7_>vj;qe zqQ})zSC9x^L51EA)-5A z0}fJAejkZcFFJIX{;njC!smHT@~~cq`VJ-)!>`xc_1bm=uC#HheA#t|JeMbj^}Upb z!l)G67Zbcse0dYj3}21qjpE_>>wp(nv}~72;DC=8P=SAE7v|PfOxN3?+iNKPSPFY8SWrt zT<`^}c!!!=6q*6DuuAkT3rEpyn8S>PTPA#8*|XwKz5 zj_G~t8E$0JYTV&{uJrD0b1HqH2pBwl3XKt1?<#|Q(iQw506P!98@E{)eh{aa2j2}- zEDZlE-;bFG|0{?63&Kx?xw7G-YE;I0YlO>5aZT_Y-RD)~un+!tSt!JF$YXVg#d|^YEY*#Lr^%)l&0AQE7oH}Y z>q||O;02s{V)XSg)9{`{Hp>Qd9X^{pN4u7Rqe8q8e@-k~VC7>nET`xNddnWA$tvcaeg$fcM61LY| z_Uo$1+_6i$9GQ8O2w(V%ro{kbwo8`wu&7V!yq9INSf z(>5aWhj!S%Ll*BXJ#mZchxHS;nCYQB9jTi10IjWQcqA=~jJL+zzQw*p_2mqSL&)Ez z6>KJIt{Um8_rX1xUXSDUPl4Gw8tQTlyMXdIYVRbql6sQE%<`S#3`Z9E=##byzKY5n zvC-se+`0C3pOmH0ya2S>wAY`6;J9!Zc>-T*Uxo8;ze@b%& zehO7&F-zC#;$*Z>9~Uh{U+Wd$m7d7bZXta53U>wZo#{!h#nmRcgWgKp8*%bW0`UHl zK5wuDc;JZ71MWKF`M}e>l~&y8tHXs8J(B)$*wC@d#e?LA{a~-Qh5ht>Xei`pSGRje z)LzQ9ZMEy+E<&q!IlO^WG#ev6R_FIgyuGgiI;b_fxC;akCCkWRyY_Qpx4PZ=sM)*p zW;I~o0iz&SQWY*mXT1^RL$py6@q3qa^Efkgi6uxIPlMdXX_q|6m(Ov>LmLP0@jzyv z+H~ns+)xm!->q*3Yxxjt#8nCy?DlT6`Z5_{MsddbaWBJJm#dgGiokWsK~YHe35tY$ znv0^Kg>K{ZyC>lT-0fi>Nxh>EY4LHFuGG`x8@;E>MFv9PhfK;uV3X{Cs2H<)x4ifa zmKNSm3v310=0=XOrpp&fM)V3Fa`#l-q}e@IY#V0N}#73Wd?y z{Wu=o;b9hE2b*F&!hy?IsJhg-) z3T*3;%}=LYro+o2?uE&+OZhYVpc$%Zlmq~=aC3(?A1GGlm$i?N@wCtlfSUP}_dRTZ#Cv zOu`(02|+J~x2WYy|#L04E67K_8T--L6W-5lIS+P&sbtt5e$QLmB=)0t%6A|iTRJ8G#1 zVFNQlUu0uCX%hVfSgs~Gt_S@>!Qr+ z!EGAHR3toD-c>z5Z2ff7Ai)XfysQVNg9v&n>RZ&A_WWnJy# zlj_TOjI`yXbICbXSX?8PY0{iKl(5b9^&k`t_*sMrKX5^WzOR$ZyOXph+)hStbYfiE zgOn?N)3w*99Bv&V3APIIR5sXiiKSz8dk4=3KiLS@-|DLYZe}v_F*v%q)9c3*-X=Do zDx3+}_`1-BaX>?0m6xT#J0-X%8;%cygMu3SG2W%0klTc`z#?jaUbVrwWi;|Ok}1k= zKUseum(Db+1sY+sCe8(XI5M-OJiP7&*F&K|!z$A6*N5%n*5SV2YgHK9Ba`PXx~veI zw7Aae;rm{vRxBxC~TU(gS=rux#3<97oQTVQ1A+VJFnL0$VDRdnfSXu; zq`~z?C67r0b^&r1Oki30H^BLY$*9A7RkuhpjmKy0QTOBDR#x~z|A>Al zPinIAJ4#_sphcSX#zDK$KHq8XHKJ!xX@Y9Fbd!DR$@;%0!$AokRPDyk^~TY0^Y9?3 zZ*JIkT3E_fRz~CAdsbgXw3l^^tQ(c-kM2~K5V}WXf0YLp}>E7lfy}`HX4m_#<|PCw_|V`UPY{X-RxFCQ7SUf zqfm9m!kia5dR&UuL51M~ewEg5rnmjSs2a!d z$7yMeAf^zuw&L(T98b$|3=hUrQ5tk)k#RHQ{Fz723TE-KbH*eDlQk;$7zM)tH5?Ax zFBigW*)zx@39lpP zUY#dzX-F{{Lrj)UpC4B^;gl)}IpfW?dBT(~tEU-i;qB=rcUmi;Bw9OnJ}1_vbFsef z;88E=5i^7|{4}J!$+@TtJ#MVCRxgohHHD_(|Jp`>6ETpl4>0=jogtiG_403TO-)^?f&zVV&!526a zVnMY*H^6)gtb~YcTSVdz=yR(U7~U%RDHt{gN_-Bg$i~yV(~~l;1ijkYN)Sq8#zslL zdtMOOM1#d1s3;GJxu#uNHR?Gm0L{lmdxX z@ey_B-I&76WoE=$MBZqH^`B#NpFMYE);d1guYmBTIU~@;3aMkit@NKhdF%YxaDQyR zWr3SB+=hE%x{2%IfLnF`nTI@ZW$!uYmdqu_JxPigc?Yf@hNZ{ez#>kn`DDr_nN}xb z{7p+pz`SwB)Kki3V*PT~6lS>D*ef?&Nu#aG#Hu+p(X^c3c1GnAJlN~=f6s=~80uIo z1$^U4=yQj%C0aWZOrzRAIeMKdWl@Dj1^{ayU#n_*Z8tL29{AHR3k+L7 zlS78@4m+7g_Cp~q*=7!(oI-HQ{z~x5ej=6%w``g14)M#Dr*O=Ew2d^+c%7wIkj7lh zH(bUCNn1g=nof;W#amI4`efv0jER2fU4}e|Y_hc*siO-8z6$Y;KLYX(Km5>Y>^6P| z(d8HA?Z!^?pi$vq;$Na(7u3S6Y(*PimZRF<(W_eYINEOR;#$zh*d=@n>mqf_FMiOK zpP!zM_RdBJ>(#fvZ>;@MSy8}LXRE#LRy4(>s)OiiJiLX)noPL{K&UFc?(^SG=aT@; zXe|KB)Mc3F*CYvb9A9A*Pj7|bTJS3Rtou~idb=meA^Z@K4k*vdFScAT$y=lLN-6F^wXhTzrlm&-wPId2Dio?4^&~FViXoWmG%ZhEJX##le;K z6|Qnhu|iY<^U7)8ql%Sj-TeF}?sT7X%LxC#yabagfOa-{6mb{n56fXAcD-(;^1?tN zNS~rJYW5}7HpuMARruSP%rP_5QYw11neRk3=z6iml;OYNrX93C{#-N1Dop7{Q`|D!j~|a`SVjRg+*f7WwN*fgbKCFA3f=fV zrkj+b@?|B$zU{Z1IzkcHl@)zMKW1fb65ZgT1LXZ*kFk$Qfw(K|i4iL=Z#v^^1nPjl zGq{T=#|aIF7t>B}Kx>K)$Qs?Ppe7liXoBlZIaQe+uft2L!^<8;@}lnWlGnU)kck#U zlc+q!2I@ndJ@T-^NV+(gv4XV;ebb*fB0ro>Y4r+|!_m?;EMPACvo6s<&q&heK3%OQ z7^pe-e6j+{XA|^*=v<3<(~|xhbGLZ;IJsGix_WmKH76WTqSOsIZ-ee*T#kTcQXi4# z5ng*DuDH~39pVpoLsz>AizZa^;RZI$tqV@CTp=>ro7~8lc86dYWBeD^`_zW2Uk&?+ zy;9e(TI}LcKty=AR#uMjsdIrqDfdMNR`MS?4~GYUiQqW3N{vLGBu>jk7qMa(@PfT4 zGTlM%W*1mMW7&vA5_*1;@P*x62mV)$sC~F|{HE4wM9p?|)H;0K+-__~4{L4wez?Z^ z?eOF{LXB4K;P{v5a0lx7m*^kOgYC7b@$*ru(QYG3vC`Z>+G{pY);y^1ooqMp*v3n= zJ2*T>+#fOwpvQ+1AylB64Yb>d_8YDGD?qNjZ0L``|3D)h07EgD16xfWwn>sieOaeRDG}3++T~fYx}ibq7JEvfYMr_YC>J~=2e4= z2wx5Vzs?E>-KZZP9Jlau4ZUm~o2GA??Z#SEYc<=%kR4>vtgR3`(E`u`1nmwQ0){(b_+obb3bUghk9A$y%{jUm)rW(t-Zh*?{uf3AF&hsdyuCrEU#@J)@(6XUUrM3Y z+MtU74q{cHL}|HGC)$?+Q@`!#!9@J8<9Wy-Y|_lDT#I5kw8nQ7_-Uy+z`Cncy`J$CLW)|#SIo2J`1;^7relw5oA6-i#*}bA+Bj>JZ&TL2d&1tRq2dRrPu8n zb{5B%C0f^~Rt>wR1`T&O4iE<9cGhh2M`tOQ2>e+V%TmYeS|N^$FxFP|e%R}x<2dec ziOs>SEeI?Ph}zteI333bxd8&UtMbQ|NE+e(Lr+9A-Lhxo0uvFF%h>p{qswu8c7(-T zFhhl0JwM$^8pcs$zWq{#kE2!i0&CF)?mmuIZ)2WWyt}N6hTR!X`5@Ryjt|%)Tmv2& z><8kNby-}`-@qaqzGj&K7Hbb?5>q)_n7LT8S!XqOJgcM zE}!Awmz9T)X?Cn`tZtm0J*4@?{jYA2GGL4piIMFAVh0C16kl|O2q*=5Z?aDwWx4eD zucyEM_3fj-5^(N@g7JWP%0P5?R^<=C@H(|u{4T_=Y;1$~Q?|fNp-@sL?<6;8XrZQ_LX7a=pN9>{ScZ@tq!K&hxiesKnZhBV; z$pNP`zQRz~NH|a=imoP$0w=L<74gOp+wDLC%pq|6!JO9Qtb-nGKl{+A67}8DTdKb0 zh~5GXr?1jSG7q)(dZB-cE>c!+izhK@@fjRn+6Uu+H%CCZqL$JTa{oxjNj0c6(n{E4 z;{UFfo|V=`$+>gcNSVkOH>IBQALZ3^tj(YZP8kHpY*~^i80>!nRRUbPPBJDFo5qE@ zh3t~D+3dm!g|=MEC4Q3R0&9-*;TUHsOIT`@8lr4iOcV4p4qm4cW6M2C?9kYiSeOKJ zZ>@eb8K3P9ujzl+@tEH~zJgx-+X|_C=i^@dK1S9B|5N!jSQO1Dvxf6aB6Q*$e)w?> zo+kwE=k3PJlihQ8)!TcGmi~fiA+_tT8uforz4}dj`OXwKS}i!4C~l0$!?7ubn|(;7 z^kT0mJUDdF9Sq^ukuzXEJ0CMXkv9yW>MJ~muq~Dg_IupLXD5Y+T~)6H@>`=7mN+Wj zC)(?ayFn2#+$(~@h!3x>yfWH!qXI%5BqX?*J$mx_G-#{Jv~nH}^9a3y0Mm36o!|@| zbVBHMq}5Sg5)lVr*qk0<9ga10d6f}V;FI9aN2tp3Ej>p<^~xl~6-01#l`o@>Cr_SK zFvp*ug9@TgKVYx=CB{MHF41@S16Ig50_|fgty<)LDxiw5sBJYyDo3HAWFC}*>441- zo*&jZQ=p}o=#amx@(f1{ZUAk`=z$uJ)*_=a$-}jvS$RnCU4hs3fy}-_EJI4V>=LW) z4%85cIOUH}LxK!Cb2!3^LL4QGlCD}djTTQPI2lmFBZ4%e=tdT3TQDj>z-DA+b%eJ* zaH54qgjPp}M*lUnhJFAs>?Xj*-T|y>9U)WiU>636u=7H=U=j0VMUfRl9oW&8iH%{&99fz(!N?g%5a4cfJE^RT zzELp9NJFTV&Om#uNY!_RQws;CwN->l?lBmob;J3}ln`jrs0;QNv)jxNwJ>q|A9hXg zU(Zld4SJHM3un57XqJ_*ZNmEy&@X0Hl-?vmq`b-Cge>&RQ>gN_7O!&95T#n^{R-Kv zOU`Tury5c#EyOH`)Ft)x zABsl>ixz)H!*)|04iJJ>q}i-t+9x|Z&7aQ^xj%eEc1`{|m$i&p9jICecec6GAwv4i zgW4WN3EQTYT7R53c@cqBMm)CF=_fwp{?ua*r2}2CX40Qb8+JDcWl)jJQHxw9BnMH3 zClmuml%-G(BdBFOY>LtZX&-6XomM`1*TYo=-V#Q`6Lnm}2HN}7rt*CsCO-|Ze0?q6 zgIi(svfuN5v%BP#_|qf&q_+bQSf6;`XfI6y=U(yT5-a_wU&L$NH{`#W{RkGL(7VrA ziy^{w)%&P3glR1!B`Q=%26padt;+4C4Ld9xaD;n*7q>UGa(ug5|sdbs_ zi(vHefjr-K?WidXLz(M(z($y_&wm2`U zxj6L384Fh9i>w`qFp7nV_IJstKDX`FQWB)Q)?yCcee9aIS$K`f6j_GF3{Y|{^nFze z`+_L^y(S;1olXEOp{g{fG;hLbg9|k--?@&BaE7*@ukOk+I9ppBEW*NxQ=3;kg|S}x zq$8W^1L+x(can69hz6^hP*zgsh4G7x|Ej@J@+ZZ=RkLyY?^$mgPn1Gc@f1agXhe2y z^^gZ0Q#JzRx{^PFTaUd{4O6^h9n5uIzPgG>Q+I`NAccZpSl`PheECC35z7zxH-BX7ZR3Vm#sPZ*wD~%|-qyzBGLg2(BjuV*5+NX9oJh>ZOT6%OCx>wCt0ra|Tovc6LwVbVVmEM0C(XbpnmnR!WLv zy4@zVlfC-XR!>t~J*8F zZJJ=xFr0q%wnEg2zsuAa{9gl-sFt}?uPtqrPfN2;qP{TwN_dRCtD!O8wJayIq4y@@ zPKj+H(Bz^3umFOZNVr=HrNSiEQ#$^JZo>>WHeZSm^apg!37kP1?) zliEMkHp+%I#E5nEUXE|Z)GSK`!EE&$xM_AEU8O7Ih;x5tL zn`4|;F(8yq0+Q&jbKD#-0E2Ilm3d01m_|LMXeo5qDu5@!=iHzrrJcAT@yFhjuZC7o zF8fIPv~_s+iC}$}Ti2iG1@WdIHZ4xrNK>{Vkdqt3go0$=%F&QOe|5uUW~$3bJB9$M z^e*g%?mdCQPq0S=6s^v-L&+Z{p~-?{(_L-^c3+{Om+O)H*o!6|oHge?5dk9$aDuMK z{qHke-ZgkSdCQp-Ucb>KyaP5naMx%p>6t{*c`PpIBjr_PJo<)Ib5Fm42jGAq6iY&az;U z6BKo(LKX8rt-nzHjluigc*sw>VlQJeCoMp zsgqAlXvG0;ug!##2AF!|Pq1_+w7Sb)rPp;IuoC1WLYCKhBlQb~(#!)Q8;kqf5%cg_ z^mk$^JX$V;AVWn^!Unk>##dCN@^7Zyo28Is4G#h@e9?r_;)yq{SZj!@sj_}_6`9b` z?tEOArUm$mRRd?AOKLvK9{-B-8E2?BJR*|a(7hXDwsvZ{^{aXt{E^)$uLiG-iT%mjvK~- zgN2qF>4lUI^(dJ_I1DLrDv9k4GVYQ808zx5MwcfLVA?{)fB1|;42ee0_wM=O&JO(G z^Lp**_@vbk+2-A6=qE}(M+{8bJ+VzONVsr;$H5E(cAbO}th_lZ&}A`Xie*_!eW-Eee? z%P!*em@W1>RQNjoJ#Ya{EP&uw!pese4mO5D{>h9q9@I7R$st>~eM$s{t_o zlnlvB1mRo1&|(qEZDhmL45VW~HXE#jkMB$HcsLu~)#x^k#dASgk7kn__%}C5*YMJ| zLmO{8EzR@_liEpE1|obMd?R0r=yUp-lHw3(b8)^smCkq^#cp&SYko1(Y9&vZ+=QlfdVnJYRYPkIX5;0AzsuS&bdiKUcQE^=2zLJHZK2-twMCfU*zXFAe= z5T~&xjRhJU%IP*|+6O+lJLC%1l zMdSrwK{6q$EK^Nt^K2|tt15Kkeqv$>Ji8ESjUj_33sIL2M);(ktvZL zH&C=il=+AiF`YI=+!?csl2>#9M1xgZy=lsxr?;pey-c>tA(dOEVuZxM2UqH1Ks}{# ztB8sQN$NT;sL>@`Ztp)rWB?~x$;YQ;=!B3He6s>kA^dV_HXQv19f~<-cGI99C54{8 ztt*f~Z}fPANUC@aP7Oa0-BTg;??I`g7-NKVz{T{1D*D+e7!<@fBbKs<~24x?&(vda%h=F+Oj{pc=3E$t>O)}>wlTbx0UR3nTAE;U3_ zz+FlQn0h%wt_`5Y#dZaUo@C8LVnRbs5ySXnjC0jEkW3s>5u51bppFF&Hfwl2XThYh zP05AT-=zE!W+@qs_2+p)OfLu1{&|Nq#rZ@w@xm+Pw7$j zYXltEOYkls%!U?p=44_Qg@x6{Rc<$t2ZYnN_%E3v(iJR;Bt~#d;7gX>`n(WS*}tl- zngVVu59;>L9%~>7Cr@Ujh`gPh1V1L7QSTh*zUdb5b7++F%jvj(t`G}@FhFx_l{HWt zYmMK-CI0;nO@}kK;VvX_i5F{x04Vrj783v%8{@ znB6kHR8{$J`-j^&Z>5mIhvDipJd&pFVN#&T38Fvs)C9{@tLYvJGz!$}5{$Iuq-z7= zg|KiA^VhXUe1Z{5*PJrN`8y0U{+B=|Gd@v_fwgG7uZCq_sqMNZ4&=?hwd0%ryR75? zF6&TtkNn?d9sipz>mdIO|0oV27jpcF+j#hS+0GeO7EokZ6;COLmh!8ej|~Jxrgvvl zax~-=XE`_OR?)Y?W!_Uer^#!%YZr%=8X8QZwyHDK`MGj9^<`%gThb9*!apo@baFIr zLzxgUJL4%8_7VMoA~qPdws>djoUVTYGyE1fHA{}TDi4xF-SprcsTi%Q7QnzE7YcyM zg3*33b#R{+rK_s8L@@Mwm`#cBQG?Dhm7M{h^K@8Q3JwJFl)H<+F3rf2v4L$;>+V}z zW$n_Ww(R6HuHyw85w)G(NotHx3|R1YrVifbU^>JSmunt@0?D?DR6m@GW!izGv>p*4 zhT5k*EVBBDf#o!eN`Jw@>y?t~mk^~pxl*#7lrQ!-+TaHrByl^USYLe(SA%(3mpV9$ zN0+jTU*nAuS4AycO;g5y)MQaftLNmRoZI_O*~haP-zoB4Hb*fSJ@#Swx@igu{1vM& zIhesia%xycTMDX3vq48H)Y5~8mQLl3vCoIas&N|W_wz{dRTxC{hyq%u#}cLkCL~pp zQ@R>g5SiEpx8Zs6Nq;*ve3ewGEGeDndlVSP#3sozGIoZA(efR*xfkbZYsLMh`%jxH zLZF(uU$`BhvcIhekPn?cuJaJc*n`uLC8(kb-R%{X)pjzqBXWe7Sk$OmPDjOe&u4~N zHHA#k;)W0_Ls4RfPA9YvPN(?1GIinkrq(tKAid`&{pJx?i*?}&;+}{w=qPUvcRWHh zf4ss7dD0BT<&-5x2MB~I32lZW*v*Lo$cFwl`yEc$To zY)W0R#8#tcUdFEtuP0mOA@iytklicIxmtK=?(;ZkY7oUws^d;TNj|Z*O9G|c32uDS z=1e(Ifq-)88CnuHYDPy#72mb5@uPJMLocKUDbP-jt5*d=^*Mr^O{D4|pka*_W2r$ROx)o>L2zrleG%;uk$gze+uKg{;4WX|8xnbcqhnG zsw<^`vqA6Qv)FdgbjkaGUdeArgT8=Afaz-?)R>1tz#70b728Gm`+9a$l#=Qw6^>js z%y+(iV-<2rc85rZ#0q@UZG=};y?_(wbRQA*1or)b3AIThra`PmhR`AEhah^?oyqBR zgw%Nh1DideWC;>xm+bWD*pk|n)SPFz6kkIygA{&@gqxZzW5sRsk9>dpr>E43n)>ci z$gs=@b>B&?hEenzB_onXu0FRNa5ndupS-J&)zJgkRK z270Gv^}W$W3Zv!3J8(k0cxBfu7E&!4#vUw(2qK2h&Y$iKhMg}_?ev-bT*ve@_{gDD zN%i8+A-fHCu!?_^(LL4Wd7TT8_}vU;$ie8URhN>vEN}$gI3kp#XZnF@;-tuC0O#`har>Df0vS}2{*&|bO%0~1Z z{rQ$Ie5Or9H4oM8!Prftd$W0_*o{TjgpuvBm|U{5wv1<$HAdkF&n5*Q#q?UnXY+=i zP?}7;b-10-D#6Glh09YOVhQvD8dvdQtSDlngjqiSEkc=5En0bqCZunV9NM=TR_S3EzX2C&=`1KNg~=v?C{KBa|EhW+=ro#IM9Y46l=oq9gypP#>NKK~V} z96gE)pWSwl>CDYgVUh%8B6ZVH0()BaLYS2^|AXUp;^;Q;6D zR{L(IY)!LChx)_)2bgRUH=w8^-riAft;=3DE$0-GdNUW_c;Nj>KDXYL_z#s{suoSg!9H75KI zHVuLh9@Po=&8!2$OjetSw7F~kWi=_9`tU3x@j;^s@t7?=T|rS4))SxjKGq+-{WHf- z-GfNlv~IR}%(~kaVZz~GR`=pQugsP zqsl=|sw9w4i6N4!=|mb#d_bbcLKmVFEbt}jDl%0yGL-A30aOb`1kJ{w?g5sr(!%dB z7OosXRPf!N6WLVR{hq*+2j0Ycor)QR&>A`jEUF-BXp=)v%pk$?Vy{PN zxLVLiy#|`?2HRR&`^(O^^T*D8$4kCdRns8ZyU(8Cnz6d7G9x1+BO)UsBP0J({Z}1c zofxo<3UJ06L{f|eLn=7Wqsigh^noIRc)nl@-xwWO^sgKk;F2>%ZTXjuur$^HB4-VD zBgZIXur?r~Kf@Z7bZ}EtnScs-jo&@nN9d=XBR4siPz+>tz72IjqZTfV2IR~m2@MYj z;wmTPWDAc7>eJZq@aBM;`6yjgHw@DRM5Xj3Ny6m70|UCHYFQVM%^Mr6B)%}w9eE6U z;QEn_G({*~$FHI}iVGLnhNcatVy@$JZec`ivqmIsFq2?BDrQ_&>sBKanxHP$@-*m$ zq}{Bhd*uN$V}pn}%nr*Of$`UtpfytlO~~D#yXsrQiB0o@1TnGA*|k6*KC+5(>@;0% z8;KlVIwl%IqcW3CfG-QYGqIUmk_rlkBbsTOqw-2cOffPlBZnc5R9o%IEyb~D&@-~L zwdUsqYHCJ;X6$o29Lz--oGhT4V`+G%(8xLIGok-BzJp?=v2$|t@ZrNR!Larxl2Vn1 z)$i_BNY%4y_l2+3AQV4=kucrnz_>K7)AOxyQ31*|GJ<1l1LHP#-vWt^{DNz)aDt$N z{ndVFMKvCC=+Mlw*3D$>Kf&8Q-jC)>Xe?vDUpQMhwlL)8HM2VwaV4Grss#8Skr)ku zjtJ;QkfC>+`?`h<)RXGoh~XYTb)Y79WO?`40uH~_yZ83(%Gucpa)kb7og-xzk{(LD z00Re%`&U*}2S3GLovwMpP~NDEp`FHl#$nv^F8{s4-hIRSds5)HBgoa|(Zbo_6qkwh zk8UvP`yV>uFe&=D(S@Pg-aKLt$4J<~XsPv!;nCaQuG7d<*#Ehuw~~o*szDFpD&Sm1 z#dry>)DM(J_#bd{rt6$s7~!)(%$O^hN!%F_Rd64yA;y>QkY%MAt6hG(8CDAJgR#1J ziVNYe*0Bl>_FaL^5%4)M5vXPn4@#Qr9ogB`-j-?M)P zp+W-CWzCM!xqqJ--6{)%U~dswAqU@tut;7HCvATv7s{Iu8Kyz-i#H*%_UZX?|`qnA88en+km4-GD3(igf~CcRLF`TlV{ z3OxyFQDj<|>0fC}?sbxI#!o&qkX^fb|AYD)Bd*iN3=io?^4=l)-HsJ{y1DwzA)+ZaHV^k-Y^+H-6m}$s2}hDF zf_lh5G^r+H=k*-S&Ge15&xoJcjj3i9?f(a>n8C#YtVis7kAs>ST>SXyt+dO=cAMs` zesw)7G~d|%_S304xv|Y4cfsx>^z_HifAemA{=0XJ>TQ7zk}!UJV=rVSSFD(x+2>4; zwXGzA@CKkCFbgn80`(3bzluL55VUfRXj+VDaGi-rpthQD`?y{~H=GuS>*r0_n`M7HgTbO6v+P z|0hF2W(_s1aUkVBF-LX@A;^SA%qkX3*S%!}_Z@-?m#~_DV!)l2utXW%PVYaidTik} zQilJaKd$=x_vGs6?RbE1Go3d$`pj2vM*aRdf1GlujDOF1qv25AocDf|BEwUhmgXmf zTAsg=Ul&&+cp(XAgp7;$G#()Ia>QSkeOxAqe}8(5lO+7{uFvd4~k_!*>*0oK8w_zDn560n2|;9>9s z<*$J4SIj0Rl7eJ1*wCgCB4~nQ7tE%GO!hAqdJF&g>K=Zr;QxzAuO;Zkb}SwIH#_Uh zbB!#FdlV4sG&25QzGE`7w3Ta_!pwg$=@ZV&DR^-2QTL#Ga18n#%>63=&QDAo9;@l_Qm#Bim zS}XpJuccP}AS@7Rm~?wK!wOs?=(2aejmt6fES8(Yzq@Bqv~F<@wEy$b=@nBQJjXFN zoGlj#qzWy{+0paxIXKoz0MxE-qgVd|kD>c89YVX~tn-{F-7SvBid#HQ!-;od3pp&? zhoov81P{2gjO=RHu%HZug-*oxH%HfznjXt!LC~`J-G{dp1S%HrPf7(ek6|O7zm79lshXv2gWG@WOTsQS)rgq zn3m5i=K&P_l?;&B0YPZ=YsTmLD&cc`k@>qFi)KDg9OGW_Bcp3zZ-C`3_}oa>%;$kj zfzR#DHGHn6G_=ut2skABTMzFo=+(&Q$AcdS;{lRfKYnM?nQsSU*v@A|pvvTWXn%c%v#JCN8lsLc=TY= zPZU4EX<;!U7Lo$UY2%G?>i6Gx9e^ZOJ%EWZY4)ub|D8;*GWxLH1d9Qp#aTm8RP754 z3jfNzbQx0|9V~|v_2`uEUsOzdB8w((0Uv;88YAQ%+Fo| zqw+W=2;+BM;cK9lv<#NcPjj-7w0Pk!*)GecTFm654pZ>e_QHBj8_M^Tw!_y9YO7DN_!;-40Mhzy90tY*U;K+&r_h|&tt(zR217UO!*lxhU$WrM$I z77xu@LgzhkHU`a4=UX3%c|EeVQJuONOd)K6`CG+;^IGEGQGHxUqd`$|5!=a8z&h!9 z?`H(tfI%4|mi{RZXH? zxkS#E1&a=MV|o$pfq~sHhu=x?60T{n2Spx~pk@e4TAdF{r4u_$Da!j|-cXVBJJVC3 zp+_<`Mkm@FwcPNa-mFnW@JF zfrj}mlHo6v=R3txxNVp8~LCqZgw z08W|p#l>XOB(GxsB+S|EYdI3yC@rZ3%bJq@bvxK1LVjNV=!)gK@@@)74HphbFwKe6 zX${N$Xr@T|+3O(3$**Sqiid<2D~z9pWVF{nrnT*33nfI=4PSVqK{S=~*JA%(1KX|3 zYe?SvIW{*9$+PmeBsq-t2IMoy(~=zNSmk;HOpWI{HC_X`iR5X^3CXk9Z6r?%Imv&k zowFiXfBoj?m1|XYVQ-!F!t2`6K)^0FM8@1mza@j#JohG#4n4^Q!92|lm8dXo|PpxoeJOUdAC-7&yfo?>=qgZ7= z1NdB9_CPwO!F)ZQqzv@T6GyJB$jsZ2o4y9n<~Xt6wY$M0gRua%Y&<3sf^Rjup`b+& zNxJ`xzJu|WWPTSn0Z$GG+@)%yU@1o3&RXxBNmdQVt_SSMuTkY*mz-0Nfr@F$4U9X z&J6P`@pOX``=^W*pQDHxP)W_B&G_*jqHkQw+u|+5g;`XnSUcPS9T*2UXrRjR4gg$C6`&Yj@@3)7dS+>jwxd$S6>T|)$)R{_Ovkigyvu=e>`;MhDxJZ!r(9BcY~uVC$)E^xwUX}M z{SNU(y9hx$e*?VDKiR&yRctkUETbVczjb`D&guQU**|~7tYKK&85x0K7Rq1juX}}d zrU;w0moSN8OO-Jb3PJ4OqqjY#X~tEj6^_cjA@2m7f&q*xxE#+ST*zPJ1}$R+YU46! zWN_{{Pv~TR`G;4Ss*|UE+$&S`(%Wq9r58wh8QzJF9|p-^Pwb^_edx+5*@VCz5^%tn z#v4OrSLxt@|CsK=qEvTI=7{efBrexi{gcE$q*oFjw-^k%(`4XsqS#A}vHeQ=?r*Z5 zdj%ieRL*a|G4K41e<6|Xb*bO-d&V5%D4`aLc`VLeALjMvE4H!px-WnLHaqn!-Gk4cQ0a^03uNdACw#FycOv5DPt% zxICah@d=sGW)k<5y@XKN{U*K>hP{dh%$lb2`(V5}9uJQOFhzgtuS$k#D`-O7ida@S z!%K{A+X*Af&$M7*S8Go|K`g%(4BU#9wTkqX6NkIGfRJjN;22VZP+;7@C2tnK{w36U zFYRTY6Ib3e$n0X_6tn+1Hb4xve$TnNHgqDzb!=!BvK|@^+aFRYK`JRjPxdvmN-Tc4 zxyccnh?&vD%LeD7ppw!&rJnFWo6A#bs`y=lu({#1!W3hwH!#3(vtj4aKHROR^|eLo zPJUMdX=i_)r>QQAbxA=lqe$w0HT#Sf`9+rh64c*?b!QFAhlOfMkO`*EEfmZyv{;hO z<)dpD>_rx`Gf4m-#HsQK`hZZ-C}wa|`T7v)x|tAN z(~%~rNPXbO?oricfn(Rp$nDsY=k(=5j_N~ZI82}|y)Rg-y`XEVW;VLM-ef+xzJ9Bg zy}oKTvXr-fd35pi!d26M?^VtF=bmHaTN)f;am!GoU0hvr+#4OYl|j$-PmLpCkf~Q& zrio{N8jfhdK_pe9%ycX@gl6A^Yu}%7a!MmN?MpbEKht?V9AZgu?jQUSHOzZPBew%s z_J|MCT4+O`@LJ7C2V_su^69C+rSq5PxO(S$Z?eWe%sgNt_8Suc|BUIw9;L4=MV8TJ zEp1DJ@Z1`&ll!DS0dBGQx4C3G6PMfYbhxMQS56MIn0^COy zC?ZD@*@XIzqRAxu+rBZphblJq!8R6laTbubgJUUYq?t#|LctEODPo`>(U2I(%L{T_ zU_+H!5cVQ*#v33vvo&QW*xCph9DWT!EZ*H&WOPvX6lD)t$C8LXj9>V=@U>t@*cW(j z13w(quG|PUjN9i$>c|U{(u>$7l`*!d^LYF%#R_Habg97R;5y`$$=+Z}$R?I@RVQ2( z*B0uiYv)yl+bUAmHGs|owg`ofq7Z*tiPOMdF2Jv4vXqI9smwWotWgLhNup?lv1gIL z=yDxfPcFT-s)+Aht|hg&X-o(Ca!K>knK|b<_+vY0)60s^m_;(c%XQsJLz9Bx;rMiL z6m!e~PaLfVX-@{Du@&X%gMY{M1KkvIOJ%GrP@ez{o#OS)U}cm=(dtQGca+`N#1q%-rc6vWk@iI?m7d z(5t%CE@&zY%laPimixX6R=$Q5+kj5^f1< z4g{wLKUqsY8Q|n#m~VDqM(jg{Ik)SNFle%IHc845$X zxha0k@Qa)0wgAE?bGl|HyZ&ilrxIAR$b_k;c z_&0IsiD_R~hp44%(4@1vPzzr|926?GTwzBoBK$__Rls_OOCp-~Ix?ZKwX6xFuFkIq z)sM~Be$sG3PemmsSjhyy#o@x&*vMuUPlTs3%@4^!v$I$ft_{!5hDp?=DW5OWIF_{wpNv_HMOdoh~0_Z(p+LDm!l~P%va!vU7=KN2y0^xY)FIM(P|ZBGr5p7 z+3rt2PC%R^lW&);td#Z!K;w#U9}`*fZ)qr%EJ?7NfkhZzpY?c+7RLcQWEfXxvJlye z0NTvu0qx~kYt->ktBCb>a^z625Y0d|6)-PK4H!`4A-Kp38Km0R0LBKOI8n>HB{=jZ zRr&N=j>fKRd$#hP2uT90VM;J0g!yN#K!aFf3TYu46Jz4b_XrYha8)?+A1x zR7h2A!ldNwccz0eRbI8~yoBjn^^z$EH7dfW;UE#{50gJRz0FmonApXLyVJ|Q`7V}s zHhg9e8b-pu%TV|O%W_!T;zLaty(@PRLj9CncBgXJ#pp&eVt@$ebp0@*f0Y24%mK)h zWP0_QTx=sQn#4()X}PqDb8z8b3#e zs7sEw70BIydaQ5gV{jC4+eTN7lpw_e?!Lz!@z?%n;nHv3d19SL(tOnlKVc_J4+M*= z+YuFaw~wE(i1=HD$zK zJQ!S7PI0xkdJ_>0BiLdQOZF?Kcj5`?& zcE=XL{;&HRJL^vl?Fhs!be`IPnJ%%3#|34Ig;SGx5}}BJa&$E!A8lLsoCJFM z3>Qyrvd3Z0jjx;gx+}9oIE&GAgM32^+U1!$Ww*R&X&DuW&yn%HY=~6z7ZGJBu47&8 z!{U$XW?DgS0ytZs67&Jw|1=SGD1-m84uZ-_91t>9v=LyJYg(DE&_Jz8yVGbAa4@US zWw&difdeAy6a}}U@@z+%IHkZ?r%Xktf!C4$<_ybq3{Z(`5ey`pDW$=Ts&Y(vS}VHl z(Ka#w!3>pePOt|2aNc$!plFtfjEx)^_7-9(h);&(A$E*T^XS;XHgeEepdeixMKz1>fp~%8O6O_;oC03)*<`6$nU~^z1 zV1+#9B_cx$kpxZLRHj;T15|tkN|~^=)O5C?&TOtPybx(0+Ek&iwG4EB%{Lk4#Xy(q z*+zmYJANP`6^Ibf+x|-$De64$stox!j7-HBc(#I=Sz#;)xZG;?$4=+_$-J!fxxePR z1`E>HnfQICS(!CW%UC`kv!aSr2+vR>E=s1;KnlymtJTOOaUBtbFj?P#IBKcLYN=sq zAdt`>S+T0idp3!;@So77u5f~h?V%-YYbY`##pR9zlx}ME+N$a)cGj_?!pUAecLKa@ z2_cya1kDgY)Sy!lDpx0@S${aXfeT9}E=^~TdRK4W#!WvElV*6DhAoT&ThdXGHm4ee z`mw{Nu^_yBEZ9>gA8@+y7?9*KX`7#8{IQ4r1 z^7=0sGF5C%(gUbI=wOgAz+oo0q=?76VpMY7jgaOkxS=k3(vl3iwh6LkLmC$LvF*un zCt&JhJ<(60xnj-LV12rGkK~!Hb^lOLaa-F%5$2Ib;US*;&&Z6Io~C zvIi)oT*k*;ozLqSr9&a1NO?tg+GK02Q!0o4&p2R+)e?x9aFvkshFmq>{Lt(i$ejX{ zCyB^WX)R$WL@zQFV6uC+06dUQ9%e3x`H;KzL& z`R#9;Q%i^nZZYH-%B$R9q#F%>M3_VsyuOXK)0T8YT?CHP8?BNsU}2gF1mMkj;8<*O z*I_^ga693gXgq?FxtBjk7S$w%4c@7e2JUJ+hkaZU%kr`a(+yH5;{udUqUYlc8 ziiKRV&SZfKa%{SwA-im~%^>JqbZ4~hf-d@F_0U{r4j~y~mdZ!NLSrY7KFb;L1>wGn!{XXbZ&+QHuwyB{;gcko6q* zlLpWq6)D6}BB@t^9Z)KBZ+#2`?8>_J_iXEV|9H^jlHhl0ba;jEeHdQ#=GsR1gXl`L z>ItWJ90;v9*)W8qvdJtXnh8)^f8E8M$?H2iTRVp@wqC5yS819kq;2_eFqC^i=uo0M z97A(rPn<^zjwOqfTz8y6d9uE}_Y7CPLj1Es>C%iU*UF0UX$|;%vA6nfc`NLDHGYTGt3S)y&Kr&NFz<6-ZC7hZmr?ZnjP8rCtYmy+ z;|i;k9KfZVF^O50)2uT*JUmsKT&+=_UJNgvGEd@E9DaK(U5ZOkg|&2^X_kqA)Q4(i zpDgyzb=}HyS;?{~v=h+!O*D$EdUe@cZ?UA%ZFHBe2b(;$7JpgYwiRqhje5w7s4V2< z)DTGjmX6$kzl4TcW1?eH99@b_Og$4rcy1%lLL?;&8cGbl*W?3J)Zk@U`XryYr-5{c zga3pQ%2uiqwXrrX_NE$j`T`IvA#j_GW&3ktFq%meF%VCNTcHYhmsja_Qw-1i5hh`x<6Z+h08jt!v4G<_f zZMT&-n%67p5O0O#UC;dH9H59>xj;|H7ULpbjoRRd1JT|Zr`pr&tHJ5<6STnnRTUPT z8y99U4h&w3*b@2JO?2&NWcRRUZiJk0HPjr=nE+Ch89LB4**wpd?_Qkl@>#rf@&ycf zHOA6EU^atzywg7SE1s$axJfimOuhZh8AP6LGl%SE@erIKKCsO>06n%0a5FIMApbMvh!MCP97UIzCQzU} z*?Jnxm*(-iljJ_s@H)X2N4OpGH21lde7|R13*+@Swzp8LXtYf$Gp+B=sR{nSHK7m|+H@}&KdWg~y@TadB z4Zk7>K)u9gui&We+r%K4Jj+B`wo)kx_-74C^~mPf+PR;UO`5 z)$Q!>t%>W(Sz3Sz20UdaJL(j$$^2RP&atEbQFsB=_#n^JT{{Px7*@x61R*~FzvA4eSVs-OyduQw0jVB25w4}!SI~!y@ zkOZf~dZ$QV4@LIl0P8EfinrDbM8EpPQyP_so>9(0Y)IU{GV=QDgQ2BKK*eouy6x2qs>S|mlO950a#O>+!wSrr6g$ZIGIi-Sa zc^LCu^A@374Cy{0H0jj$KB&|fuk z;fLYEiCZ=tnlrKpuD^7!33}3bKM`Zv9llP%1{8Meu^We}NJ)*EK?d1N=-cs2yk%IU zm2#G){FIh=0`pH1=<6PCQ&-L4tea*fv~l)PjHX@kAsU$al6K^u;66Kh-A6vnUmWA4 zefx+$v3X&!V01|r$ZeDPikt^*)b4O1ktgfzV0T4YsT>1G=_)1J6vjs&uXP?W^d&0l znCe4{c@qHuu@&iluAu~GZ)aI9Oe1jFrQ z4=~x0^Ic6+LkEePLkA%lx6q9={&G?ixE&+g1uy1`(3*%xO@zW{FobM}i=c+L5yd#3 z&S9aDq<_T@@O$z~Q2kL`g@S@Yof~yaI?^QwYDuOEI3U3@Fp&5JKdW&Y9_Wz0R+#S! zW1QpwgpZ|#HCPy@S8H5AK-@*_axZ_<_|;e>C}YtaN`vdAtTrkx{ul>ei01<_i5GOr zEH!GVj}f;?RmTc?w0*2Z{`GTG4@xtDqqa0RO~s^)`5HeIo2%~CJpiF;%GcGo9Q+D3 zvi92Odfk#tCJRJ+^(*a!t!0As4$Y>2r3%dSDCBD_su`W7Z7Q0sxn80T)aqz~AH_jc zEOn>;m6*hm+J$6DD6_sMmCB7<-!T3U!XgSG4EERKodSqQ#fb%8&$4Qdp=7$=OVLp*>v}i=}wj;;3!$)E2|GV^MA| ztX+*x!;VaiR$!xq3bs%7czFB{R456Mu0CDP@3=G7mjWHQ7Eh6ZZGhv()auD~W97C< zw{x_=vnluNNS=pNoJT0@L4x$c^iYbfH@ zHdJj=CY7ADjE)129*vO@LHbgx@H3X=a;agNGXV?X?{Jy?-TU1~D+i;4^EtRmyNjQ| zS$Z~R#!SZ=KgDMVni}>=`yjl273ZbmLTp@#xF}SDPjiof4+rZ(^)FaNCwN)u1xA9b zbPvA$WbXc;1vRmil(dP)0df!xxb_8q4VrXP`bLO9CkIWY*!iw$;dT|(#!Fyd`BQ~W zBjuZ*OvkrVP6F?G^&o)(#-JdPIz%D%hw|YN_lzE&!kHb04maM9M(0ED0sh4_Ggq;< zNXL}|k`YK>kTbMA<~8z;^AkSMv_7PHVS|O`y=owo!Cr8`z=Wbs4yiR51$n29%ta+J z-=ERhCT5L>28s@3ruj^FP<80RpK4Z79&?6_3x9hl>o)5XCI}h1CUv4N%iQXD z&TJza=g)*9U28@tW2TU+n%JM9Y*YnAby;poP1DlN)u(ne=yeWaK($bp5oaHhV58p3 zb_-Lwt3RcHZBcBG5IrW#`Bi4wou~y>*_n6GEc$2ys6DEP%`#x^-VFIhrjQ39{nC{M>SQaG;l_LI$<+H!?u%dyT$>5NvE z%0){zT&A1(0kL(u7i86y8kQ-wRY_7PbjZ>Gm zY1R4lAKmWDf2`bp^oLjX=2oz8e*Zq6`S{5ko?iY#esvG{)874ors3S9UvWZ!5QFjn z-eB-E*wzy6oWzBYfj@&yXHhX~LyDQuP##y3(5UXq*#ooJmS6Gqk*mwM!x0kIre8kg z7rL3!m!G}Tl#*=s&)2m3vhyET{n5LQ>=~$a_-El*R{rwZ%I=L!>wl@yS1u8;k5T69 ztoo*Z&hWP|N5xvQkOQGd8HVe4%MLgvj1mpE9tXEN(!sFjl(6`aWd>m^8lnL9AeuuH-F*un=yA3ojK#KyQ^?YqvEv=+}L z4RZDB9t^u*5wS@Y_UCTNkCUjVEmjR;1&a1qY%-YEw$7Dj(lH}CNvVt6w^j1S>< zy<29wMWi%JQGnJw`UydGTAq;^hAJuVHZMnx7HgXIJ1tje44XX?b%mLf{VaJuW8gbx zm!|w?IwZU2g6v7;1c9|wQ|0aY$e?Zh+_v`lJJx!sT8BbZ!1FJ_S&c;C^%@%!JN;9+ zpOWx+Tg_vG?dQKjV_4)UKZxTr?Nwy=IHoB|@q0!Cql3pvIcMB zB=hP11xa9=XF3@@cr{nue+V!8l5#~__G|dM82GGOfcEqPQ-MQ=HR1QlMn?f-PB1c$h!X z(E{IY_tC%HIar(%Y&rabt5j<3BPItHl%s%F(t9IRi2_;9YvJfRl$;xXz;?u8SG=V4vs^WEI54NITxutyCX^?8H=Z@A)qyM|+a?E3b9dWy z#YK`Vq$(KRO_g>$ye*WXXMs9@IuK#)3Hr)kvK+AX)Ac|rU|keMzrrjwht9{8;o5=Jl0_z_GLZjM^$-r{id=Kk@hcXGMVeem+(r?2KbA_z+WIXQfR7;l^l zL$zaEvt(aW5DQv;c4?7tCFL@^lpuwCF~gtw$Hp&-%LaE`T`)8xM*hvTMM^PWv2>sT z|E4w}1!0gt2K8zvtz7|_GhwX<1`d>>=*V9wg4kPZ?*P1y))kRXUAAA}Z9VVqRipR= zfwFn{8gMDrSr9W>?}Z*hO`^l58NxmtRYOV#36@C6FFQtNoT@pTcr;{^G4&*vNx_hc zH7V(b+XGWKI8>nain?=D42@ApLO0b2_0tp{lArJbJeyK}?Y=`*{P79t? z!TheT5$_ls8EOuh>91v9cA}Y^aE=BnY4d`+8yLAY*8t-yKc6Bs$QbgYb`##)!3m5o zo3J??KBw}PmDXWMUZ7{-LpajSz|jN@Ve0p4W-G)t^GXkBFEBksiW$h4VnMB|-Cy`R zD<(aPUrFoul$QnJ>OnlMvu<~$^VH+C?us*@PF*e>??#6r{TH~f>Rk4Fsg&$m5a~z~ zFcT3JiblDd3K^hrSvf{wY!nrQ7a^KVgI=l@bh6_(5fvASQe0t)#vOT#5sgsrIS5T{ ziWfc`b9#|Ib-I{ePNk>68vOt=>G+e7%2$&>=iVBTHmX3o>u14pn@Hs=N zp;6yNZ|oL$he%~7CC6fWiv{yC&?|R~*woNiQ1Hl1gh<-jT!itqNndzN;e!8y5t2se zCxc-_g}Rdsn6yelcw90H1$U^qg%Bs9VMt>iBkp4)`4HgJ)!k!sMC$S8P~B$6)CUzG zHOgNBwzdedZDi$G!@QZuq*O!`95Z>COWgtQ5BMX{uA4r@MMX9?iD{XVort8*2`U_; zl-EimOe>%^VdqYc|HV58B1gC0I*{7`+&c(+2ciYRLfjk3-1oM5APh*&b*pWG3}Q3@ z1*l6L8c(^rwstbrZlM^(G;NC}?@m;JiEx;e#&6N_;+|leEE>8eila~KE!Kh(Lf}VN z*0NY&V@Z;HjN3k0fR;+^fvQ=Z1&e+1 zkM8keE2aK}65fjr6IdK@h|+8uCaTsA67{HHmPHxaPP`mC)0JSoO5Bt!SGHcl+%)hV z30z6diq^Rlp+ps4$A}-0#CIcKQ&G5kqT_~MN8kPTO`boFxfTgKO^1h1Hg*mVWxHo_ z@xJ^I3-r)V7*Lb7Y5a!}4E({pV|lw0rV2BhIEN4)!z2q| z=sy(_g%5RY`a{NP(fC{YC1g|2Veq|#SQ`2aV+Hi_h>cdY09!Cw=9*D!=N?TP>=Rn8 zm~aZkAN>5l{t!wmK=t$L=B9joYJd6HCtGX#&(~k<`9|snavmkHumO_7GBm$k-Q0Mx zx>uB4j@>Vr=0{C7-mhIEineS~221$phv%A2i?1l_W?6gcU!{TQ;CO~WxBFxg+Z%4l z#hyETL?e#}+;FxksuCnoK9b6;B~6(znI^Ht@F2Sz-668th=|?6v>>Qa5vU3c^`Nt? z9%6>AC#DE=c@Pet7)qRP;EcWI(5iJn&wASf7c}UQdj_&1yJ-BZXD2gORwkY9B~8j+ zV0Do}=*}&Cot)lK)PW2XkaYuN&fKg6Bn&{}Fie{TT{N%526()OGqF#HqprqK^cb}r zYc6~(RKtyg047(m7I2y{3-5fKftjQQt@SGz9ZSfvmJE^?M^D#Bqv6Ptm0z6?U@Xa< zIodz*)LIcJ;oYsBJ>0$Y&Hm=<4jp(w8wY~K3eS7vA2iB|>Y|*({S`dB@+~7ruTY)M8WT>Z$`-dF*CE>A4%$MshC z`~7NoB5C5@AlDi;U2*$B1u)R2@I4U=oKVGubw@xIC9xa@nDOxB@+Vx9Ci%T_tY>&M zK&;Slbv!(h+u_A$F2U5}s(XpP-`%wucflNJ<645--nPwVPrcW}AN$f5We>zT0#zZm z41gekjDetmeHy>T?hW%sE5Xn%e3y8INlLqe-Z8!#0}nlqT!14|kloBsUqt)Q)*-)7 z_r6=*S+6#BE6=V`-CfT=i8eb>v*^EVr_H($;OLss>i7JVhfV60TEb#QtfS3Y|ub$tfSu3>NzCn z86dAd-q_sO`+mN9y0P~HFlU}_?NqDP_Ug{w#u{}?wY|Tyy|ufJ=AQuUi;WjgchJf@ z=j}zbig(rew|J;_pK-QlQ>**Hen;?I+uHtqXXBe^d)2e8O&lcJtsbufv(?9&>yR9k?uBgG86@1Cvm)ePEO#sAi1`bRg`ws_=dZEqgE+}R6N zzuVYdpRZPTHg-vnr#o8!PjaFLpl`gGLA@923WcN=tiy<)2z#-QP6u3`ti$Yh@ePLO zMOGN2Y1Up0aNQn{ke|-JiJ6O`}i+Q)blrO zCj~Foq5P+u1TdZ1S$WU05X;tP3?%)`3kS5PMD9hIATl5sY}M=NRM*$b{~h{zMx^^= zDQv8aGF=fg@~ss147A`!(%3=A<+|*qDto3uXH#kZzB+q`di;Nb(w;G;t(x@1l=e(i z+R&=ER@yVv?YYvX%Dko0o=KH9mHn-ib~fj>DecYS8&%iTeJ#hTQRWTOmLzGu^-a)V zTsqocsbmr4K7!xt2(p@59dZ?VDfST;IWT8zHncUABCLNdCc54*}MKN^nz{EdV2tL z$3*xLXl=sP0V+Uqz=s#K0^A^-pl9H%)6XKc{3P-pUb{T;i_2&DC=4&)=$8nujTQO9 z7(0AYR^b-y2xM5Qqhm6fsp>Du z6}s(MH%t$KbEc77@1!pQ>O!ZSqa>tyC^&_Opu zjlhz$Sh?#A?H%mFOCR;FqWI+M?Cc#spms@`<_p0(p^BJT?M9Zj$Bk*aFo}Y8J6H~S z?j`vsYf^jrY|iTMuZx09R4_rt`tXfgOWcH^lVhbK8ptLgrEXCX6wO9v{XedH zq@Ckdi~@#R$DkYlnC;A2zA2d?(Rk(U;@<=(3zd5!=WY8D@Bw_c}>;E zj-H!gD&U*6D66E-FDBd7FBq=3@W#EbRP3r>PKLw9*S*pEs`nnas6-bk6DV3KQ=`3+ zsL=*>C_av=p*iS0oCY1Sm5-&rNF0qi!c=*=H{8X}JN%5)UX1%W>tnb7*fUXz#zaRn zD2C@juuJ`Xc=Q8$!kD6CS{8BmYQ^HD$GQ0+S`~q2(f$zP#2}#pG^Q`Mdvkz>di`5Q`gA)__Mboh-iA^?Cvz+6x#w1T zfMIJIaMvyd>m$ug3FEKz&M5*26j?ogC(Nt-FKHs>hB8E@oOe4HZ!d5X7Fp+qNN*4TJIGZPuaH^JpX7bD*cxFh)`5WbZ$|_#LyClyK z@cRUZQ|xK+Ggb$K;M`-JVLCGX>p?4pi&IX4gD~-Rif`do7kpySCr^4y#go>qqNEZ; z%FXKUd7deAW1(?qJ8Prff4=j{xI!pdk5-(SD%T8oLtWJPD7Hy5{=tF#xBffu!sB>1 z>egrrVJ;(KX0=+(u#0k>bQ+kcl8%hs*+Et{7nz@VwIohlks^rWhQBvfa+p-ry9ln@K(6PUfn_6vJ&hN>vjE9QfM|#Ld=6 z`SK8~cJn`7*HNc}Fq}arEj?{|#DPKFVJeqIy<|d~;`QTqGB1M(kn;>;AT3fG?rDwu6%rXXoV%V8B9pB{}RT0OhesA`j|Gd7pA|Y*lro z7tpy?3zL93vGl#9vdTju1NM7wdzaf>e~#0ntf*(1SPc)(;1V#5FR_hRa@S6vtB(^B z%!K7lNJpuG!q_Tt%wL89M0vyu6HM|h2km3s2->=4xiACC=ml;cHg?=*JdE=M&`92m zx$0|PeEL4Lem&WZ->_GIDtUr;!P7w~dlz1I-$$ZE(#W;nZV25JBagZLBiYZu)V*(O2=0m1Xz$UlRa0Z~>=#3ol`!pJ*KB_Jb(KLEzpi`q#~f?RvH#GJ zq<-p;Ww6-KSvejxIC?Iaa5lFR$YhNJIo-~V>b9n<|LmJw$%iy-$kXO^A41dU00JVo z{&L79EXW(@1(vDz*jYuaSUTiLsb(XER2R!=f8}nIe30xAgUI?Lc>~WxWYw z6Dm+3- z+XtQBK7w&3gwHnzowo)sGWOzQ1)U=@lu`O2==^t&Uz~|S=hbb3&SxeBollHkoVjt( zd5mA2`H-OV84EhURs7;iJ?Q)f@ryGW0DqI9^PN7ffH~O4Nz{StxWwoWEE$h*>Vi|b zeGdCMVXaYq&}|o8%#@b(k-*dQM73y?5)ED5I0`%v@vm3?D{kw=lv|hZMS-!yP3z$c z4nSQoPfEJR30D&w;#QR(hd;paW9}}~%{YKTaM9`zgD3w8m}(Z-Yose1oZAVhvb+6r zK?7+fA|1WSI|oUgn)G{xOQ7!@6tiej0Nxoa+|MyRUtdtGVTBy5cI^?awt6FJ2oJ<( zX*Xc&1SKeAUQL?h`kGUFK?zv)OM2#9;feL3KoY9ZQZH{)w9lYEjxqx-&nEMlcxymV z!1Xnmi6}2|WgYAcm}&R!Noxs`0FhQ_N&0VsHv-@3lES;o(L35nNnIS{i=0`(T*X~D z-2-u0s~H=hu+{gWL@+FnCd9oSQUZAn^(w1`ri!~!GApiGL?Q^aX53;Az6@YQj!-Md43EO%VM4ddKOshj<-xJ=oH{=)i zoVJxJ`4U>l0vS;<;D>fQ0aB2Tc-pJP5=?2RCHN*3$Z5#}`Ud?(lZt-meDqm`SL}gs zJVY>G@>&-g31(=@@ljEsgpttR>dHR&0Y@ucP$^PH=YcFXZR8H9hGo0bkPF=&k2Ts+ zWiY1oaH{rFO3Jtp7D$5j_*XK8(h(UvE_h-1t=h~72W={>_BPRvHy{j_^lh!?SP7&C zmtrRE@%kxN1!F-^}z)0*d7b_&572 z!S_yo>b)ChutVpzMlH>hKmyC8RPc@pe_U%sp%=;)p>-R-bXsT|S}Yu+;bQf|xTjNx zh&M=9b|6*kssns@P+Ketsfp9Ddd?ofs&oUg$|a>n z0NGgTF_{7F-oXb*bW?RWhB}?1diYB7aCYEAmXz_)wrKdJm)W~p+ zl0#2wOi@yDN<~(HTKHNxJ*>FQn(&>6gcyl3jDz09jIkj0>uc~Gva)J~6l9Sk5;E0@ z1mV_+xlzj&9g|@#X`~jHn3z);=s_uOV*l90ehA_>6Y`8` zv1&rAX7b!t4A#!wWpWOtZShrnwvcEiS)J(l9v(jr)5~GfY8m_>`+@~ zn)@Mp4;FKs*RrN^fh3*6+}Sn@=SwH@?}yLFw}8o+xsjwK;}nYzwOlcJG|)b(g4FTE z-dds}bw;Iz^y>lbPE#hRrSm1cciwuYcb@w9SYXuukE;QEFKc2x@8Ag=7%YbE)Br_s z$UoNjDz%`aaxz{SrR$^6B@TDKWKTb(?h-Qc?9ppfaOVW*5q|P@T2p-q#sx>6eR4odUDI0t7=7!12E3?^}+@*}7pN{bkmhM?=SRE;#vAl$vXZVrfh;qq<8y4;ZqGes()VK@zFYHmbnX#D6zvX6<3$En3F z4G~Lv@bN=^;MZw2QE}dc3w}B@R9P1`s%E7Dle%D;)83ScHeLg62D`iGBL}!Ezuh%P z+^kRVf06dVc2E6Y^b0%+Mgc2~wfvIWYJXBPX8uU=qd7aGWN<87vVDe3v_W?Dafq1V=T*5k%eF=x> z2L{Vlt?>0TIy8sR?!e7@e0BcQsCU7LMWHP?Nxg>l9CtL+5n$IE7Jf5)S&OA#Q{TBM z0wfi6(BdZ_Try!X9NuP;%{sS56#Y&6FxAWAO%@yH-coCOl6s3t(7j=a`LqWigZ)ma zCXseEjwq?yI0XHlkyV0xlZ?SnZxPW3=dIH!@!pbN41SJE-U|7eq!=k1=(3eiS{To5 zkwBj&{w_gK`I5DpuuMFVB|ZUN`(ZZvR4B-#6Q>fa6M+NdhOZb(Ku$P%jp3EmCrJdZ zkv}5J&=@^T7bhkpo{3qU+QogUfJQQ3G-*UFeLAn&V(Jh8jibK9-q?&DV7%c|&ZVXThgo z-^8nyeWHLndAs!$W4_Vn%SUaIWE5--fjl+2AhqyyP^&WA_|^eNF`ymd8s0aoSk1;K zqtFd<3j_*LLSc*m}>M5d?= z9-YF07o!KZb>2#MkDVD?|1C}H-_ol@p}Tf7z3fgNNG1I!amMh{7E;}LZ36(IK2JB1 zjBFp(_o<612yuyP>T4{7$Y&6(n<~h1V99+SWxu{8!8F_TYS$Ufui34)u85AMM?vP- zk|e(+%Nb3@K9Ch+TvCyUKF_Lt#ysD)UGId7?niNuWQ&bdKZITQ*hrI=nC!-L{`8>8 zblGw%ND#Cd=gBI7Q_61;2y_jZl~?!A)mA)KV#2Bj{ajfIehYO1n=?ZAg)5h^!QV0v zkTjX{tY~2(MtPYI2ZchbFow9bfNxuB$OPeVg!JT9%I1 zP~>aHM)CY0H=DMRxg&DVVsL-_@9<_dQZR8>O*NzI^fZB0!?}Qioh#gCaMllk1VQwL zm(4D54k|q};7;Bw8rIb9^G}R`q({xCtwhLT7eD83N&S z>jRPDnr4NSzayGLqEm87i!_+R_Q|cZAT?p2@=4c?Zy&efYcf2Ol$4{J*OpOHotmDZ z$P3Amt~^DN7YPR`L?1RdP^sIl1)=ryhy_+fa$ZJ4)?fN^+w2fDXJxUKj5#o2yKOTP z164WhHCJ2i8qND6UC3X#_pKcg(2#|);j9dlpcV9=<5%=ZE98tZgFOAVbvQD&SdP~8 zoMEkoB|{>by==KW8Q6qs*>C;glv@4tA*6*>6znlg(>YgR8yzm_t z{y6Cb@1(z6QU~-R!9#iYrJyUC8g!PFD|!Ca4ni$piz5185Q*91UR-I%eQ)S-0>TuG#isLpP)QAlQ!O;g#-8Fr{WX8|N3e zm`r8v>$T2L-@)jzZ;Q+;>4ciG zla2OVJ*qmA6#*6+^B|nhdjX;!KhA{xk;~zZPT}adL!~1Tuj!@0TPBw|uNL5e^`djt zy$Uy1ssq)d${@ZpB>gdQ9Y!sqi7py+&50eTVRF5MHz;Jb=Q)_K{$vgESHJ~q;kZT) z;V8?Xg<>3gF}%I7Gee>m4Lr|3k{B|V377}suU=S)t!8Xw^+XlO=ASAuv96NND1Ea2 z7|FatwznLRmJaddE&F5Oy+itF{G9d4+b|XE<~*;PhiXQRk3AWL@eW<=BStk!4((>p~F{A7JV9kqh%;%U>>_2_FMK1 zBT3@^UnzU7o%;CFc%!CnC!fMSI!pWUeOdsQxZ<-x4w(c2@!|NJWvmA{dq>!SLyS*> zIj~iHg@gU)43|nK@~l5K!9-bUm{a0F@TwI_WS3w?I4^NgD)gYX*I>yfx#Y;P#*MKh zM=@+?1ntQt8UW%o4vL#ZXI;vGN=7eRdO!}nZIDJ=L@H8A65-wEgzNuD$Lg9r>3k|n zq=Kzav=vk7fLj}*`EZ0I6Gurd+ZyJSEy-@WPzx+kguKRi*th9{uLeC(E65Tzb)DHK zvW3yqGoMM>#Q1l38jj&lF&2Zmhrvbh&F>eTaT{z}gEgiBMsBD3q=?;+Abtzd06oBK z8kZ7jA`u-$B!~GOm_m$E@KztOEJ^Yf%RB?;AvWhOV88Z{!wQKlW%Z~@2=o9~Q6GMb z>vM7K{o%$F*yn$Ku=L;ojrIe}f!6Ijd-m;fFQmRq!KdDgpuTpBw2}xUZr~S}$r^rX zMcf2G-moLz2ve3jJSm-2eY~!geQ5^3sBSu{W@ZOt{>HTt;%)boJa`orN@MI8Gmi_u z5!EBy2>~rA@NsU0bL7g*YZ&iHY?6FSeA5XVzrcVTv&9ufQCbmT@a9enL|mC;jao8T zc{eP-;I-IDw+VqOO6#-y5GwP7ga;X3808)|DOZw(buIdD|J(@zzd`G&n_;R!iTLl@5^F-Zw$`2AHNrn^9Cj)d4f4oV=-2@?9~TgwCjP zNq9dg9CB>3`}lK>l9YzSMM_mGK_gmdjQ~FIdC`+lBCTbT;q1U{5KoIGr>d&M!zUX% zhlh)u`(Aszh^**x@lE~0=%wnfNZ~s`O2s#Cka=q9+$HQto#6gwc`&wws@S!^+Hjj;DY<|PezZl}O1bXk}vhRLC9rpkt1L%P+d>W;2Q%I3VO^N)(7T4ngSVtLUCJ%-x{#-QBfKRG4t+ST) zT-Nu*kpT3)yjv!wNE?mh@vz0#kK)cPsz_&UD~fR~BcZ10FElcXep z&O$lJ1Hf_>#J|7?pxfEt9JiSr#sOU>5_e@(@6OMBDo;9uc>G)*b-eKSg*|R=;$aE< z7^q3=^9j3QcoORKQ2~LleE73``-MLh#C!Z))*37PsYuN8=R+y`l0Oy3EBvhW1ZoZ* z9hozTrJb;T>CjkRypy_V zH$JyE(th9_%Pk87XkGB4(mNRfzI!OUodp+42yf6R36x5Dhib`?EX^;Wla=%b4X1sW zUjiDHi~~rUVm<#QJ_yR606p(i zeTr(zuSUT6rO)O_{5a-Jf9nkRkl&Iqt+IieU;3Qilkv^IFVFv(NG6@sH!32S5)jMtUl7xT!wR4zevT>M}#g>vBuSCja=$D{y zRK+fRS&_)8!2NeBO4W~?%mkyGD#&~cmgbjbpac}yf*sA2K-8bh^P(YBC0q=b%m*n! z!3A~E&{xSwNGUd)$#U`lBuiPqD`nD5Op`hQ`gx7hRmZ0jXU4PuDqTz&x$I(HV=vWJ zw!X@{C`vmOyi5wwbgAd@>d%z!bc)OBfcH6><|2hxtdq1|_Mon4bSBNDN?#>VKu^&% z%QZ1*mMbOlvWU)d%2EIAqVo`X;C7-z!cLgT>htbWed5(uIbmh$T~3(yzts?v0eVPF z>{j}PM4BL!RIsTOfUkthA0}2}F%QD3tJM+Vf0#@-1yI#$8JY14xYd?2w)e8CtC_ek zOVuE((a)nL%_ZH{YxsuZj{hkfN4O+`VUF0y6$bzyJ)q|%PbNseMNyE>89%&NdX=!t zmN?#Lv77YX-R&BlBMx}6?`t^0HB@WMk+QQeCvZ@0oj=}sZYYsB{)tWu6xYtg_u{4q zRN|QytDruO@I?Y#!bkOPgpbnByLY@V9Pc`C;m^K%2O9Rzhj>Pa1s{ikrJ=oI%v?F%aXtQ zr||1pXsVOXws^_lk)-)(U{Lg6HmDvN%h0>zYSyvBzcK{4sqm4HYjXi?OoeSM?KHyl zv^RQ^Kz?&`AK3AV#?fWh+SMkQL`FBsB6G5AHcD#LqGYlUill*vw@)}1Vs!ujO_of`mMh^z( zmfGX4`x3Fy5qM8`UPBq#NrBiU@`#I?xuH8>ah`?dRw8un;^Z8f#$B)+?|9fk&>dg`YuN{7VH~2M9Gsa2C{G^$scL;ZZ)W=&MH_nE$wfdmiEBa2g{! zJhyy~hfwAIfrJrOB?{@CfWO>by!WVkfWMdjxcmC#d~|uA4_B|ci;IhMkLGx}cuoU& z)^R%PbpPTA=>^W;sP+Lh^g6zr2#sjJ?fuxVa7Ek|E?hq9A=a#7T9z>aJKiE}exdNz#n6|N2HT_U9a zg4aKx%ul#5k>Ae{=rEwJw~`f97J@)<{hHkzAGkB_D{+$INI)gEJG?3}OdI!b zz5%Sga&V67t`$Mod{D+XEU-Ns52&>eLx2iWo}=v?snVocmGzBLox~M**YLvEt}9X( zKi=^OOdeHt*Dd@9`1ZkP7%!-t@D@KaGzVuFr#wxH!QuD>a1>OL2XRqHd4Q;#6+#Dw z!`+^j#%SQQ1=u?|x_5DwVIvm~=Q7O1qaOC^VGwYZ1=F7OfFfEq3W_zcJ{k=n>`DNa z?3oVdadCR*)K)cs&$!6zT)wv|v<9`Es5|=#0-An@qn$j^&?e?+F(X)Fc%%hn-o^{3 zs=oCnn1oQ!w4;O#qBe*Af&UZ~l=q5*=p?Z;R#xC#=ht`^rZnE1P}QTAN?4ebecL;Q zK={2BiJ_Cz4miX90gnVLsr*i&%XjTCOn|b4e$X|{AnIsE zXOs&};tF?+kdESYSz6{k8({5J)-1Te84p(tKQ!_%uXovw{U#*;U}%zy;kZVWVF7a>7F zPqC@royEdfh66K<^8Svb_?e5tbI~6`U!ARrMhT}eypoC>YO4(B549Q`B1Rw0$;|KT zLTx0CecksPs>!w<1eszKtT*z5@U}8an4si+YGoy2ZAIJI^MQza%6O_YoH&gd#krAA zjKsZQ<7`up!ffJ3c{jJP4C$~c6G}mb0uD*Hyx9O9M<;qAsBjR^^I~x8Zo}s#3mQ;X5*(zNp0QIHCppDqz?Ro0mI}qTqFL7Kl z@sLyP$c`{2$3uNTxsa)vq4*<|DNIcc4qRswQ(`8{s&&-AI7Pw#%|{qtOU6R ze3`6XU;WBAS1)@DC#wrjA1r+N>X%R7%TiV;B4dmNi7w0~y!&E!D(MJ1T*;~&fowRq zWZKbZvozj*c}3(1P{4j%vC(n`ScIlm%r2>c!tlD(O01_PRDP_XgOk%??-KTj!{gw& zlPRE60|>KQEO>45Q3YQ|1_X9fBV?aMgxn8#z`*d(Nha;>r^#1kX9VPM{R@(P%@Y| zF5kszBthpDEJ0x%BpE<5fkQb;ama)N4LG7~O2caba|ZaJ@zUX!d`8j*i4Uz4A#oMa z&bJ9 zUX>iHrT|m%gk~O%yt$Wb%^cFawqb6E#kYIS?nzHg#dx!-dyqb9f^RR+P7iU6U~u{F@EBnY-1Pa=AAasEp30t% z?{_*S5cqsRZd!CvmW|lX{E^J5J~+j2nC2JKT8j?dm2{2K)uPePB&F47GQ-`?rnl z!|$GLfJ?Sl*VgeBAvOL{HfQh(ho8c`$2;q*e>>dVc)_v{lMi)R!Zz)P^n_D)h3<_AmlctD*)dC9)LCF&W)s1BH{4YD)B^k%hy+P2 zc0y}$OGwgi$%v&erRhEpb&X6Y>Vv6?=t}-I%444Y!fTs!6}3{SR0q%6YG2eO4qp#{!lpNZEx7Ko zc_xd+5IyN%ei&TrV}^ut&$p%-`5@k_y`Whhg*TB}aL0sVsTuNE~SXTD_S*9i>VZo+I`q9j9+ zn@iGOl1{akD${t)D9xM!@G`!E$QFetw6Ta7ICzxc&j3dwGIe4|H@T=L5s_TqqQaD( z>|%K_+1E<;oEWC+qb(@9rCK9g#*~nE?kfUISP_TjRPWL}M5~O`QM`-D8_%@ga94e~<7R(mRgme7)kkV0*QB0ivR6cKTfh!wte^u#PMtuIU$ zNRd`vKxG)Z2$k#dJVEj)E-T8xLSG6(us_tmu_uDDN`Ig{OUxn55?X{7&4lM@sH(@40+8JYtJy5Fo z=*n%}^;BjRJE?a2Wt??&Gl@**^RH8a>_YR#%pm`+w{gmz7&uIK*ODuBeZuwPfo~j~ zPh@Uc2ETz8045F7w=Jl3uEx@cluC;EL*Rt(BHB!OSy4yF4 zi6uVJT;(|l{U!+9F}C5PDl(zX>c%IECR1KI3qoP*(r8m6O-w+wt}K~AcLtIp6lCz1 z2VY?dhYkxh_>2__6dGwDyTAh6EkJ?5oT@>@Oc`tML|NtRE~tC=5G^SIswQm$nvR;U zW@NHHwA}Dg94}}2!<~Y@ryV{zJ@^7AKJHOjczM(fpHpkV!&6vL131%SWhhGwY>}|~ zP*fVc$CM9k!7i|7(X7FX!6#~DBql|~7}}i5JTRGb^JVfKlRP5#!cJjh3(#}{Kp?Ix zzydkMev*)6hS$p;qca*`RE?j|m|9{1y3>N-I8yrDXaJfBVSGaEfZJC-9jsG_eFE$ZH|=93qYL|O5{ z>6>+G?=Y@c;FV#@L%4X0B83OX${~`%%6)EcBo;yDsGwbZ`cKCh2Qh-!D@QEQ^=ZJE z?1pGy8{gh6{n=h&r`}&7@r{(ihP%C5hNnngVc*wZIV?EO{S~w95Inr){))aT>3Ag0 z5?xgCE>dGDl#4xgG?vhH1IP87R*gLfD>!vhd4bp;FOV*py;SU?m&%-4UMzOoiR^BRPiQwZb_nIXB3eWC^Rv89!e1Rb;7(;Z&X=3Ny>K&XaJF zl~=-4rYkihSA?yg3}=a>@Xd=&PEr-btiihf*tw;QPGQReSVP3uh8OQfgEwz4t1glj zFF(Ms*MFuCym*Jj*zkC8!hid?ig><~0UG06*D<0nM+4l`ftS!W+&nlR<2UXlz7O*R z!Vq)qom5B?A9CtR86F0L20gKkQ5F%l_g7~5GW*b z{J5zDx8L?g`|wvX>6>lbAh1yK(`9;rQ>b9{%_nwI-sRcF(*Y)>zf}K+hxm}MuRDG>K7`NZkk5z5gHe||liYsvRgYES0b1P8 z#RGplMuHWHevlfi`jpK)A}O;snr!_pYfDh+hL)pL>7Hxdl) zsJ9ou#~TFlttA~N&U~~{i@?CI|5APN0DrOwVk|k1l3?Zb$8oiA%3B~YM+eVF{CwBH zb3dBvIXOos?hwCMa#l;z#r5`rMw!tj1sH4L80;boF2Z-SaH?KC%&X(0(ct28I2t3x zIM7li(Tz0y-MJVb^)rTNgh<^qAy)YC6Fnk6t2{7s z@)I%`-(u4dDW9(-_W?)B4P4g3DaTLEyCu1Rb-3_>`6WRaI+}3mZcf`!KVa?bG6AtX zM#H+y=;llkabSo!%A3$ZMrC6`ekH6!>=DDi1`U8skih-8JdocgK=GS5ZB9eBCjp4SQ&AVlPe>z6Q}31rsWln*$*z) zxaDrN@-j+6V#j{RV)RjoILqs7&@xPdpWj6jWcFdgPemHw-zUDdgSe+7sV#%O-R(TZ ziCP%=a0-Bl-_XVw;8e`FgfSY)^2KWc z-xi4wx&^WoyUkY@$C$PvQlPdY2#E9%vMm{$_#wT|;E7e&8{0zNrXm|OF;1{WBt(wj z=w0=SnsMKsB$Y;RVMAZ2c1(~IeG#hzXB5G`E`X4h^2v%F;ZzSUOh4BUia@~3+b9<0d!{%(`I(B)3zy6pUNc=&8}Q}%qfH#XOI4!Q?(U*RN6b?@NO*K>~$ zD{^q2q+amBgP4k+Y91N8*S|U3dir#C9Y9vM_x5+zrHfMvnZ^OhvSfUD_4=SQu8`jq zVL$Tf0`r)o&VzoSmbMFpicovZjOaJ#&G=S4rV#t9*S1N*YWLi`4i$R5FSNvKB&!3f z30yef;Nrke)z#Tku&XqrtLb$d{zRB4C%#}M4#exmKCj2& zcXrfcx~kRuot*5F={6Cy&EcEDQ8G8Ko}P-99alf~EmXt|pgyb}-XDw3V$zf=LnTwi z8-^tOG#Z}2@wu)|6OWNT#b>42G4ks4aA!(?_4Lh9v^__W10r3gm@_kTf7i=B?!VzJ zBkW}lRan-H>;uk0D=W{RXf)N?@n?vWvX{HhRyA&I{I<80yQhGYRsnKPbW^p>Esdg9$8zNrx;XD+-Z&Y@IQPW=28>(7t);_ z?_!sX{D^HCo1Jm+-t7-b)qtITC|I4bQ<5T-2bn^#77oj%k2iNO>l{|1$sOeDN8;iC z!U-^lemVlM)Cvme>gu0c9oUPIt)B5eZ%INTs?+Lq-_J0}s^*`!B)!)uc$I}kBRCchZu>Jkc#y8LQs%Kl9PjF*n^>`hdFsqL@*Q=-a&a0o+Hdi;E z&sR@YpRazyjTpO`Xokf$HaGUZ$E{J%)&Y128#<^_t?DKP&URqSVs8hJ^VrbY*$Y*_ z+t^*7uU2<9cDeWSbZ6`N{0uLhLJdF%kl%5uW0&?CuZ8A4J=^0EceVNdH~mrYM|>q8 z*WfOM#jOwD;SNXKQV1*m{D?;c@P}Otgq7=di9&q_C+BIhYvS?!u>QuE)h_71zl|BG zqrYg>*`IA4hjJSjKP`t}Ual{FRz2i?SS7NlkyMtwo(49ZqOJO^~ zOD%hwC9vJ~Z@#r+{MlA)dn0s!KfPF;T&tTq&kY`bhJt0gd+VVbf3jRzWOwgxPdA`tcKd&?w*(9PcK)3 z+uMWA&@S+2d$FzkP;6_z1-Jd3Z>$i0IjA~q|7~sCf$?Vxuz!2H`*(xJpAN3`^RY>&tN)L^cW;d1Nb*Jh*QaPS z;&fvp0rt%9tZc)`LfGtr#6_}a=Sp6UkQ(S?(am;C*zDNnv)|t@9+{C@RoyLN&+8uT zj_In(M`UDVWV|vmd?Qy1k7PgPBQmom_{dMfBl$*nB*}zFGJ(*oF8A;qi#tAH4aY~U z)$qtg86LUz;v?2r@woR*=oqUeeB|1Qk5~lZQAs_#AVr5qq1^CH0u7Ik_d>rQ!SD$b z7M@5=@sU)sBDO>jyHU;>9IM>*;oC~V&)kmFcQKu$>krfGbCDJHrrVG;nVL#>RR3)5 zC*<-HQGg2Qp>$jq_(3BYOk`*WAz3}5!$-_`X4pBW6{QBq9W?Z7@M3TcVQ7@%QHmRl z%8;fp1jsnZEL}-Otk5h^ucWwzpf3k=o*C`7rmrq}lrGpzn@xyy6oUK-jCoa`o0}qE z!KmkOA9J|oWKU%$9m5VB)a2*#` zpAKPfOlfaTSvL~F?5UxR)MB6NW>}_vCqBeLa%sMeG|l<%jqk$6e`~Y%ZZbN9wafa6 zRBS-79H>&AbYgz2J5Jba&a%3`T5BPwVf=D3z*WbJjAVN~7s#SdtqTc}THH2T19uCj zCPheRtDtY%MZ^|q(agSGC2Zl^W?#w!;O7Nyc?5pkq^M?q|5>YgSy&ZUFl z*^2uxU5$P`{(f|Rj`%4aTe%!dzR0QoDEsZ`OrxUSo{lfhj}=ny<2E&ujU3qa=H><(`oCRlo4c{X<8 z^JyP1Qv`kXvxCn2g zKp|_|x5OYWg}9*QxVMiXG3~JqhF1}Qjy_5xjQgl1lolEL%J;W>OuFCScy}@dr80ip zp?6@2EMLCbAKu*V4P^Qd3S}^0>Q{WD<%}^49Hz@#Yuy`dEzJp*lTMB=$9f=0aqYdJ z$-)qT?Fp9i3;5}5zn3s5kE>hIQmVt@wy*Hn$=lJfNeahUM8~J_#~)i?y68EQ{jFz@ z^@QZ<`AE)44${<@MCqtAOfyKMSyBYj%t`SyVPR zUrr})C_jm4a;U{+qsKXCgw0 z1Jt_3hk+mo$WBqP;kYm||Lc$w z@-o{xKMxWM2hxr=mnI3?H8|Ar(~_}mfY`#CyMld1cP?OpoeF`ClxtbTa{Z+&VV{PM zHHhWR6&U9ia!+bC<5%T2osmj4PEuPd4=qKwEL6JU?Yg1C?vDlVYx(U}_9WruVMqEo z&&h|afJJ1S;FXO7NbACwBD&Z+!R0Ox3yxTsi;OJNGX)1fKOr8Ykh zwXh2!?CTCz2BwihGCLYI6CN14L9(!6<$A`C<_|Yaiw@Q}P}(Qw453|!7BnlX=<2#g z2=q(Dc{#^QT|4Q6zbX{%9Ijeuk*RnKxN=RET$du87UsiQ_6JR>1oHu*f_{@&xkBlk z{sS-}5iAQ4kD-IybJ<=e746i`bhO0e}7g$Af%d#=m1&eP#$D z!=cOfZ(dHu?~k?-(}S?d@dbX3XOnXpx9Gj?{LUIYaN_@}3wNpFxP|9pXw{dk_VDt} zTf&H{xR&jTmA@XIvogV5w!bGQ|MUK;RbVW+VwHWFE^262v2u?uMCX&q2@Z$&9O%{Se4jK73yb&wxa+f zbEzwExk|FukKjLgx74cl;?tA&S12z<-AA=(=-P!=`2m?BmnQg7@gdJX%k7<4=HDMdaS^=x7sw!VWV@9-bkz`^ZCcJz ze5fmoan0!I#q3C!?ZXjR5z-f7jaSc|9ZqNj_k456i1;Xdf}{s%aixCr^d%!BFM^m06gieUR59766br&tyq zahdrH8%TI#z3Dz5-xE2B=d({*N<)E@%Ztelyh+V3BG}q$Nr1c-ek!agy+c9|n}g7< z9*JSBUoJO%d4k(}o1@d)mF;~CT4d4U@E8&=h2~}=A~{_)KFkg#P8>oRXjftZYU6J7 z?z@IYbfbL#o8AA|-TUJ%&r+D~W|)s3<@AL*)vVr{PM5jMa+S3-Z|X8~%k((4hBrZmNX|N67;TMmdxe2hI0IWWrD0mdRRxwVmCo&5d&o426P(-xImY$5r zbe#-}r^Esz{GDr8ONHJ}bxrGgc38YuWOV(j{}rgkC=(TlU8FQ4<6ImV1)D7&ggv5!`hTRZmv zlv6Lkh2rlut34A;V2Sd0>#BV`b~EB^75RP;zj1;14ZpS6by}tHa=5KH1clfzt2Hea zCnSt@oxb`UW=?x)A>WRw0*CDcH5q|R4@9a66f=^{{_fJQcG%w9M5I=(F&ffs!jBwD zIb;Ayk;d=T%k>9{xp=_QH00Ia{{niuIqr>Th{xyaAu~_O-5II;_TH0kp6+(l_~Ymd z88|Fq1epjSQmdnkLF^Z4G+;_e2sCGZSw{yZmGT%-%QQGegw@2=tZ))d({2QGI0nGW z4tU`r2@6)rTRqCb14A2IXRnS$4@QE|yXYoOhk&El(k@fmNaz6bltL;96hXtGq)o)# z$A;}W_0@u6#zU+DlU*<>&?~0Yv^;kh59;BIFB8!jNN_T2DURkj=o{f)y4;C)_i!_B z>J^8FqnjbhPlAmhuU^j(st}MZ$7|L1vgP&r7*U!wYo&cWOI3`WDHh=})%iM|j9-pk zA@Kk4Ub=U~$pD6@i|Kn1L(a+p7OeHoCSZ*%HGW388nastjuQMrUrJHVa-~cvFeAp4 z=dM9if|0JCI*<|IF5wsoJu#&S$(>V&7!n+L8%{^3Igf~*YzxUp$ifg*;ctwb{IU1B zWgSTcKwd~|h`lrsYATz)$k~Wp&$ z3hJ!C`-W z-NaOgz5VrX`$+jK(G@ZtXPuG&=o~9fmmj2@CpcCAt?DJRy|_&uCqRKVUAPQAz_zx2 z{{_MYLfx#G>(1nhHZ938B*|AIi_)d-1cHfkyBLtM0$Yj84xHMJjQVvkYT?5o)C&%* z-@cTFq+afpZUX@(O*%Ygg_v}>6zb`+&8t}l6O}~c)f{p=AkG2{RRM5`b|4BIm`0wc zi0q=2tOK{l%rxHXSh6<`Vq?PRaxvrqJ6!Rh$|$MI2!VQ`LHdj=gd_m}u(`SSj4AfE z5N961Eqch6Z^`?Imc9(as{}?8xq#uj6_aUfi%>k43N_H69;TRC%@Bjt4vLh8~uRz^J~_v-MB)jE&Q#pjbcfjrZ?Re! z=7a29x~xVsStz_j9O)}$uOZ2Zh$p;Iv67W0M^JRMBPt6*Av!)HUbI4Q|`J6;lVBTF3r zDplqs*u~-!f($J(JctyvKmkdO@!`-(vBA_I@rky|;dCEm(l0pp{bf+G(>snOJ$Sdx zwiz7Z%}D=Bz>0-bU$9-h%g90-*v@Dn3r$IvKK!bxd}|qH*c4@l%Fl6Q3Zs=Zn>N?{ zGxVAmA+2%I)tpE^zYmUNMEhi~av58NJQYPlo0|uJdbV@C_57=Ep7H`r+~httvINaQ_&G?RF%07i+;NJ%J%q`TcZcPb_x?`}O^ zIB^1N8#t=qFr%uRuTs`w{=k9CmR_U+OzF0hgUMR<6_FY*^r3F909R(xa%S5nmtxKX zGcMb!3>4m63nSYu9X$EsT`Bff zT0rzhI$`rRmI4a%sH>rYG$+qCrh|=5YPnyBWdnETBYTfcH1UD1lg8WVJ^6atxgG%U zx(P7LQ*x?3QR$A0Ep`;`LL8(B=VHeCk>&il!GV*jUNb*)4XR!(O&eLl-RPR`CmS_hM%f5-Ga za3OEEiB?px(#FY>z$aj z>IR)1)XL&mLPaWrhC51HxRIqd>YG8$nUE^Y0Jvywj(8j(tJtidx@acsXM{-=I;x^i z%5;y3><-|^vJtuF1W;6)IXxLup^{{eC*vN{zhAuXkrt?10Ti5PL?FZJe z^xNQkJ8mtJOhXq^w)bv?Bk$lsP{dE+s^PiHRo^{st=2<#q9My}9l0$^`(FP0SkoM7$oDJfu{F&Z3D2E> znyp+Cvne&NI`bS9nA7)StTytMgKt_!*lKHWB1dIoTi>F5G#R`tZn4Ti=Eb%twe%Ud zo-f85?3_Lly(2IR@B9{J^Vq)1(F#9q6k}i$&OYs8i5NV&L4#8a-Kn24J8T9diA{|JwZSqfP7q1|yDs_a#&Ke_u{6c+-VnP}pao3^ich z(8|mmkOzadrTQz}>O1KF<-g#aM+?)9zN8Z`!1Qfc_9CT7oePnvkOX@+J9$N6Gj4E5 zXRNnh`%X8DTOA`ggc&A)5*t!nIg<(It$;3KdMjFy^T06n5_l(UWbnc@es-y3Y_=Q) zE)m2Pk4NK&qcbr#zJbz#h?3C^nbv#wTLlFq$E6RwwGuNm!@-ZC&W52fgq~2%=NElS z>jHi@nk&6!i6YTXbF1@KTU)@~Vqs#6j`CTTg!)J>ep*|Nv5u}(6mkIWp*FVwno@^n}04mZ4CU!kMEj&5dnkf*&r?ZI#)= zsy3i)7k%KIj+d{sZnR16#-``fhy$d_KH_M?0^hX8T0j3X+_q%2-uFT_>u9K$tk+lO zSo>L8OBHxkxZI1))^#mJN~xY;j$ zglEZelv3!BiG) zVC{msiFbQ!0+P6}8gy*yYW5x4!-DngA-q)=1y_>+B7p%xUG$C zCKbjH^F?lM{vhG3UJL`%Qo_I+AXFKjPT!n)ps4|6G!@30S|oiX(2ce z5=H^*m4E|2S_I5w;!%fbjX^MuwJ>}nMe}lgn}p7YUZoLBuJ=9#7|{9pkQWSS5SNP< zEz4#HdX3itZVOiBckzBzF-x zm@2V}ix+#0ZdzPh4pQ+M2aLI9oXRpj{Y_*vMNKy|xiO(~f69hpCM|EvjhVq7Rf_Qm z4l9|#$?^>W&Zd@BqcM&)JCp;`=}{)sS-;XfLPu@ZCT>uIZY_p`P9kICj>${rK}@ru zqAAi1-YaG5Ffaqg#v?tqAeb|kS$#`^v?JCI=!G+ofc<60`3uZy*SyNgG1F?DEwN&7 z$?GJeQ!7~7SxcIb5{VQH(U|{p*8;O@4;8O*6U%44^>zMc`LNeCR1Fr% z+d8ybf#SP55+E&0{jTe=wj$T3DvHA&-C@i*u}d>FuTg7r^V^;0U+(SW%7kMio8CF# zMqs=LLDX^-<-pIJAZ8IPJB3yWmld8Aq9)5gD?wKchMQ^nO~2?~d2W4kQ?JHMJ{E(l z>_pbW{`>Ld?QA4!x|K2>1zRvpFxqqqk!~A!ODyA3^@KIyQnd@5;DRqD>1|B}UUdr3 zCZxBlwBmf_8_a@?_^H}N#njDJ-$z(6Bl*2FdMxK^8u>Bp~ zUDdHUqRdJSBlS5_x=221Ce0r7?;M`2|IgO?|9gD&HwhKfxq%Q?7(;7yKDi zEZoE==YhHqW;j<4H{Kn&jg&}BAfjDxS873QkNB%MPN};uN0YyNulkpiMI$=0b=(44 zw4ks(@ryfMxHlryem>@Pp*jZP?uXtcKWkNqrB(u^HYNr13%bU8K`#+(gQXfsWXK*~ zM$f0{r^LXhxqkTi_MT-3X&rw~DFvh@F)RKXNMFRB`;W)Cx1ARz5AiRZM7-;pJFYXW zN4Q#*tOaD+AKy9QL@GCXf;tc;{XJMVX)j?$H&8J%vLq0dft4U|0absYQE~ySXXL#d zK<6`Tqs3p1Pj=wZL1XMs0uI-rf{QhQB#qEqNs3u-=X{2iOyNYe+UWU9SoT~{dYm8p zFM!iEsY0$~8cj$IL@j}P#^=rzR!IR;A5OyNv4K>^sVotC+fFSL`Qg+*5piSvzMs?T zC&Ewb4Mz*GDQtdzr?Cv?0|+6C70ES~zz_H+_A51Sc=l#3cN;f?^nD|c^Fe*wQrd@_ zZfByj5nVoMm7oNtT~AH5t|OEM_QHg*RdopP?sW7 zv^TO47>(#;}PPlg9XIds^5Wr(wgPNqmue&*?^^TF3;+aFKXm+V4M>xfu$l>wlG z5pRO$nX$4?sgaX8+HU`x+wQ)>1txs?dj5Ktec1&LYr;jatat(;k(w}U6 zJ5_U^UZc5(J70eDRc;3-DR|HY4K?r#CBb0FlDNw3|M%r+cp;Pi-{qwHs=exDG+|rk z2`rEKAZ&hE5vH>G@Ns|r-Me=HM-IJF44hk*=aiw+4Zrv_R{2zQMWb5KUb7Rgh-yN{ zZ3mo}9k@?YbKsx)xR)4o9Kdp8##P@LO}IIa`te_D%oUwChmK2AGOKg2+UGkCV{S>G zv@h;mxk_7wU!5>ATWR7)GdSo{U8g4-lUFWkkw_MDUQ*VQS!62a%X~6bkK8)ej(2vy zJ?vM7A(AuzgluxWzw;cUT(Y=s)?GWcq&3)9=S(B^-A;{PX%o+i1jSnf`-^2s_1%4V zRa7m;hK0k8M7AtaeT;$akL9>}k#JC^MoZeRh!gF`)kIw|9&A>F_RK>naVlh%+lV+e zSR(}bwJj4YrL{P?eb{VIr=u6VeVfUCX+Wn50ZNIC&dPdsV6U}_(~odxlz2SGtVp&- z=(Dp4=T$F8Z}KrFoH>!>K|E(ncY?qq57J0aPI4D9*neO7sfert^K5T!f^F^Naw1+_4hSYE&HVeFo? zn))ij^G<_d%{|x-4_j*h#Kms#l0uD2jZWtiL0(4@#6}`5TB*WtWQsx1A*H~+Oui%o zNG?q%6T;*0uL>OaVXb6i{bHoJvI5yc3!@oK+b(=ujvfIhU^-L!;=~0=VTTMAoKaav zH*(v`Hjtued@QPO?q8<7N`V)|3?BO)-1T{|e>1`OvR0g_6~yp@=`9$GrM@!)?NdxLSf;hk>${WwjHLPFr+n>Ck+4wFA-Oh%wjZo8j#Mc9)dm350VEQ z6M)!TM`fBkp=m8xG9P2-mZ5tt|8X2&Z*dBy(3GRoyi$t(dPZqZE+- zP8u1fP5)Z#8z^bCy-N$U2q|Gv$fVJd;T<^Z9=}TYlT&k!7Ph7O zW9&yUHhO=2ji>R%U+}=0mLR)mR94d)wqRQ;MVh9Kz8#(Q#yX&niuzpeCz4S{cT?o^ zeBUz*bw|6VLJMNv{q&CiPX)XiKaa<}bPqNgoXqHHZTM7qRKrc-oA8Jcabu>xIq&(# z{)xPNgMw3yZeuAWN3-YzrDLw!`nQ}BZCjmww}zs zmw6qz)$ZM}hoe|>y#i53JNQzo)D}FnguFZtxp2PDXAOBYfUg+gXyyGC9wlu@^}6*s zj=?Q@U+3~OV;$^!DA{HLR1TDWPI1?2B4Bf-FNkSWhmZ=TF&290k$b=5Rr@YlbP$_9~ z#J+2d-of;pHI>GxvuXsiK}+`6(+P4Bi!~Zplnyx-Y@EZ{>&ZFq3%@snZLL0UAbKuD z6R!-jpA5e6!H4hS79U* ztLVJ1fu!=3-*HQqx`JO7(s;_6Gid>c@f-k!d>=Ebl6)!F;{tNnFm0CTs*>d36d}=+ zv^uwy-p4RUB%~LY%85AI-UZt&&$^xu-vMs?cZfS(FNPy14~7#6k}^VpO<{)j^&R7O zQmk4+-yQ4_Fj#mDg}rBp9v$L2EGD%`P110`#9%R2MGVEF1$dzw`yIt3`~y-**tj-o zDYb$*CW;CZS`sPyt#C==!cdJaIVlYsD*YJ(OKh9t2A$M-Y2-Z;)D zv()cBKR_lSXi8g8dOz9oqbFNm9dB>#i`;H4D|~wBEw&Li*vl8-g_+4=#o0#Y+oE&1 zQ&j`GLJ>P6NqLZ%A1pjeO-60%eKW`~=zJTw~^nmis@!ttP=vs)Sa3 zaFShVlf#stHBnCq7dHeGQj5%C=$8%|VSA2r%2vK#)zO_*pGBgmRNugp#0p0QA zOk=fxY&qt_SAbs|Ff;)bR$X=dT+M?#T zv)~$0&>_fwhQP^9D5`7-qf2I|s*-;vPj`&uBJB%VPkVp`$QGrVFyD=E;tkij5NvIV z)r~)d@0fOFL1Ez92t@Ld!fgGf2Jb8x)?*YF~FOD z``VtEE9?fkWNuR$Sh3mtYIO1X^2L^@FVBZ>A%6^~oM^wuNlhMF$6ta8;dJiK{`S_h zorlK{VP*g#5j1yGqvdXX@;d~~tsYHRsTK5Z-hC*KV}IPjBYk}MYj5${^Sx&~&kr8& z>|eQEumkP%Q})uo?GSBSpYsS<(UtJzE*|Rjwjj;^1D5V+0Y|YWYe&~;7E!x1em9y< z#*E}`iWj=;Gu9f+K_ZX7dVKKpH(wraZ8O>Uz7dmRtP&%sIiP;TrppID)aQSzW(ODkw`Q+6gWp?(sP|$7&tiux;P;zgD5WZ;M5%%lCXq|9f zB^+D{O0neqx-hD-a2W`FStL6S=fOEB<2UmJr_uW7>&|!z4F)ZstqW*4xox@CJ1%(V zjW-0zNXOtE$dT8)n=aK-kK_E}=Ik~_8~zI-#6M*RHV&m$ zy{p;>k$H>;Rdc*-ijlMTfZk%nZH2jNP!4WlGs86tN>z=+nIiEx}uN)m0G3`A!p8Em^aK0Drc^7K`TX%$UqdtrAil!Q6;go^zQA?ouP@dkp!TYS*Iw3OYwZGhD_IZ1UKeArcg2vn z!<9qW`gZH_6I$etH9N3l8a6^1#$g|-ll%e!_T?nLJbm&BqQ&uyw16|j=PJ^2;op{p zf6Ky9^2a)Rx!mu{a=&9a1Sg}>y2XDjOa3cMVirz^C+8KQzb{Mv9wpy?piP?x&yPeCZpcW=n+e8ObHLA@ynm8}cKH<<*stoNEZ0 zKmE6*@LJXSt<+i)l~r9^6ot+{mC|gdO@|%pLnd593uN-)>fO;-hCu7`xkgEd6^z0g;(XL-{&tc66JegwKVl< zGn78`=(U>zWK4|I(j!Pt6S~}S8Kdq4XArec&W07;t$`7&y~6)q=y0vFv-1A$Kl|jf zn`ip}A?-E2e{^h|9S-~I`lVv@lV_j4vl zdv|)jyBpc2W)<*(TO%(}OztiG9PTtEI_wSX!>jNCY2|+E+54%zZ)c<>Gz&(w#)-#& z1Ol6E%(y?w3>$p-N;jySJI_OeK$x+Di=bb=WP|T;+!z_kA}#_$F0lXzG51pQBcw39 zi_X{R;Kl!4%b=)^HNZ7r-wXk=^-cG0-a>pFUmR^~tYs;ALJM=1-}%Gw|DlbgJV^hoT^_QK~4YW z`3}C|*i-T4@h(CyA3www92nzY4s|v2FE52;MCmTv01JwQG9wI!kUqVH3n!9A`hepTP|&}n zMN0U)L}^o#5*akKz+klJqnJB?ZfPX%S%C zngB-H;+2Z%I62>DgTw``x46UQW+4Nw-$w}HW02_ytS-FkN#`G$nCv@@FASX`P7pXi zq9Dx?1Q{t%p`7fojni`oQIMY^(x1SJ<5@8fi5G5Xx(IZqT!hp>%JgoSvyW~B?cyH< z$$`pc+*iVNz`-?89%@I-w>ng!)73RT^DuJCf@Lc&e2^-MMmTIranbO)%F;oD#x1-!f&v-{DIU{Qdapf zmi;Oyq zd7ehr6!)4F!`Wa^io1jUpK!g=n@b326BtpZBP6Qh!42=}7EWzkyq=svuax(I8OJ*i zwtcGFi~6^ay)I&>1#;+4l0xJfpcjZ~ZQ7%RKD2S-zn)m0xDzg(r0R4ebx!<(yDjFQ za7 zGA5$8+S=PHE8avvRSdJR2YfL zwgS>RY_2T)UkW2{;u!cPq5^8;o32JvgB2ae6gm-ll_ng=;GEx92{ZjuGo_eF){uC} zSrVkZXFJ z#IQ((-VDx!yE8u@FqC5vSzxoZ%AI5S>QVxX(lx*;Pgx1>^^FqfUsn(6i}>SSJF6sK zLmZ1qlA;x-&L%WYVdoMNg5c9Mglc2*wPoEVYD4&PsAjdC$2Tz}YZ<53XUE{%3~Bbt zGQhl-933DwM)b_=`FyTX_ZY~fT+jpqKXTdX$;-j5Ro!ba<$8BhkC7=fS|U#=FTB?s zT(7!!xlVMN=Ix9TDyIn(008(HQ!^dG{vV1#_0oh>;U%Phweq#_e(Z5_f~~%DIPC!0 zVixRPJXi7xnlsa7@tl`Mcoo}N+fD;|;j|7;kssX;I$_eWc?*ehj)5o)2P!I%ceH&z znO#nmDrg+7l+;I-ppC|IG^1i-CS$0hAVF*60KxitRvJJYONiUC<^!0Tbe&HyAbR#M zJUgMs;1x9V?%-^0`g#2`#%7Z~byW!bbU+C|LpTwlW6s};^J|7{6Ngo|HluliO7$@s zSPg8ZrGqGYG529 zT)JW@>yt8D{*^qVqYZ>Gdnqdspq56WHri-aNi88nIF1g!9Gd{^+%18-u&Z2S{t$9G z8$^YO{9V{*rMN5u>ihR3JXSivAd9~@v@b?f&_L{rbU>5|QjSpZ}8a+Nj&?bbRS zD={O2c+C4zrQ0N*o7to-7*94Dlk5=RHH9Y>j3^u?*yvFyf}rvOeE2;Np1;DmYKkXd zSt^`J`e`UZ;KzFHE4|mnhGiRjiLng$0&HL%JCUc*8`@*c)Axp(fzD_@(Lc2xHw>k*0iao8i!(U^wB$>&Q#l<_)eVnk)@~ChZ83vYSCwrqt^99w2-4t_*;pyAv4&vE`^Abw!=gy8$@LCQj)3T6w8pbTX29EEmp6HK zC%qwaKK9q}2(H=n5Y%u>g+>kg5-|`ywfZ-@1`_Uj~ zW8Gi{%wNy@D3F_g{}|k0gb@%t>ga)2MJIEE=XVeDZWwYwQ}Jq28>rho7zmQLG!yP4 z;ih?xoCw4luo1#Rt%RH=l;2^8D_NI*1uEH)2CK>|S#Sokw+3Ab`m4BWvOk5W^#aT+ zfM%{jv0LV!X%ek9npb`kJ3w%{Vn#WV>`lOjMmG{c2nZvU>Ie8+&ouQ)qf`)ON@=Z1|AY-{5Ymr4EB;+%nB`i^H65tA&$DlPM_*H1&8}aA2Y)IN_9(KzDu{DM?4E0W(#6Iyg>co-}N{qmg()r1ld5bV7 z(-F=`NMUa-P9dpGC#;3_q zfp;`3Mh?p4UC2Pn3iTKFcE}N7*n(+1W+8Hl%!6SIQTNCL(HKr)Lq=BB+$8yuAOd-y zOwA~oO5amM5(KN1A`?;)YC^2gc66NzTf@?=V=D_b)HZiFigW@0b@*RLo4A{2aI|T^ zZhf>Scg`g0&DvI1=v7{*u6MC=x@35yM(EdE$0tq%pUsdyQ&0om4n4qbH&gvSY1O-=Y6Ncmge(ziD3&;_j?zIMVI>*6 z91t`|DmW2(dPfJWq~|5$vdB!t`zM1kw^Co_u}8tkH7{M+Y>rgi6Ry2;*S`t<~(eDoVi&=10lTK zq?864Zs7>m>aG5*5{wZoe*}ZqzRv*zVbd*NAMYP;J%7ISC)D43m?&-2t|{5e`BA=&qVo z=@iaV0V1X3Mx#ih#Jw3Y0s)k5!qNa?_WsRF+(t)y>@NiZ4@|<7;y`4i_f$Oux@D(q zp_6RVyM_zjCONDk$wPIFOfbBGPA@F^)6++LyMMwd*{9E*>@au0v0V3nG>g5XM~|Q2 z2*I&Lup-~<@t1phPjW$ zq$)*W)op^31m}G&@yIC~4tq$1DhCSKdi)YsCAvdjU+B?GDG|=TTxH>#wKt4frZEf} z*#Iww+ljZzXLH$N9-_|>m1u^|WrK53)p^AulN3Ocr|$kaa4NUf^*0dwJ495^`kVE$ z-q)L>%^7by{QS;+DK;9voZOeLajn<=UaB@&{b`kpeRPW2@VR5AZCStNm6%w6x2y@K zs5B)2havJ*N~45Cx&Z7HEZ7PAEh?o0jB-0&G7OMmA@6u<;wfxz3_!Lvn6)rn+nmvg zt^CY7qodPzE`=tokzk#+Lv;dPP}hk|fVrD<_P*pP>f4F7Apd94J*WU70Lr&Vtg}#n z(ZmKA3>r-k!`@ETkfJhVuqFV=aMtg0tr;!2dH!3v*=LU?(-5z)!k}q%lrFWPpaKm; z4D%HLqDX8fyh(FV5t-#DB&}bn5)|FoX)-z3fow@7WE|iZ!FI7`pv0?;qzD=4ZjD3~ zFz48Vcr^zp<-LqtF@xJh+d)@zLGr?-;mvU=b1gT}fSzK-f;xpeuCq z;7`vycLDMdKHbp>oJQ-Qw_KGG8J6}ua|uwkmjE44B%ZcMrEDfymATv#E9h?=p+Ub{ z6`hfcz#CHF!IP8!d5_lQHLOxr!U>75L2Iy4*$3r5u7=AV(LQs!H^G@4Ta0*;F1%Em zrmWZv&dMO7d>Ca?j5F<`sBOLU=?@vcQ%ZjKVxqL2>M)xIv>_)zpbtTIebPb?E zn?t*@)I@TfCN)Qu_a*4*=|_63ESk~ugPlY(t)a@y$mI1+IZf6|Et4a*%h$QBCR)Nx z$9gQ9Q>*Z8C5T-Um347x6(ljfaY`-p_-ynFm%tPa*70|pLb~(VI zIYM;yt07L{Hzr&Lj#X0)baV6Nbn@mv)Xx+>2~MKidC(t;&I>Kb;_V_*IG_0@n35S) z5zv(wg%09=KwuYM{SrLV73*uC|0qyagKjX-?udJw$wFoBg&+wVtl)&4x{D1r?$Ri2 z>#05$lG%kdoF|M?_k19#LLG-?6Gadr>I~3^5zv-wZaj77_NT=6xbb@Gtq}64)U6=d zqRp@i`pMRbB|}TTGP_a>m;mFm73LK?hA~CbdD9s=n7yAJW3b0aQ~eg}Ws2l8{X4Ul z$8ao$mN)tvfDo+FRSyXo-`RTt`V=k>O~!JsAq!9bNELqPcO@F@Aix=BggT5qnnj=>nDX>9Kb z24nWFE~wh(VRkTpTw8aoqv0BPDu-hiSk;4yEA#3F_p)z``+WG?|f%CT~bmYcz5@irx0PQjm z7=2*_`x+jYZU$)!rgVOXda`Jat+jOyX)E zq}f}6gMgk;Eq8KxG09}q8`uVmXvN7G|DoAEwgt0TGI`zFSXoID;J%!lRP_#F=hO>U z)|-C-d1WP2pq$ARFKh4BIie&B6CAm;$QZbfgWm9Hep^}LB_|b9h)j()QMi8stY`4n z4u`!v!;8~99E`hI0N=*hoxeox{<8qLhr4#t3JLI?PY|>z$twk>8C=4+nrDPtl9vHR zCd$_8#_YB9BqQMbVF$YZo1V2u9a={I1MYremOl<#CX8P|$Nw8)rmUY4U^VkJcJx4N zKD^o7M|+Yo6W6t~QTVB76&Ek}>i@a3K|D=QR|O0zKh3W0keu&aOzt%MOce3(J%|)n z7Kp|_ha}bo8CwpRxz{61PSJYSR%lC6q)q~*f&e%gyj4ug5PDH>b#3sMxBwyYCH5)w za%+{4aKV}5#cgA_Y|}hIvhn!q%}q@QxrOatoE!?LI)22HvPw*@LV6{ZMK^Qr!|Iyc ze7g$Vzr&Yl?}riW&oF;uWkRTasgq;SikO8;TBQnyD@ zrrYQ7fnJ2Tupp-b5kvB>9jpHNi9n4BL+ zz0sxGrkd8~%kcU1X_kZDTJ;rdqO*NYKFtK|&erfF@}@6($GH6P`SCGi#f^u5UJ)~8I^4{>Iym;T+ zSLa>RL7g2c`fcWZ6)a7fB&7K)f4ff=(t#bURI~-V2#pp#&@SkulH7Tw*L4hGukQp= z_C@P&Cc!ATaH^2dxmGYAsuWwUBxb2;REsG9rS&33Fdp{*@)vq$dGV*(aDV<8UGlA^ zJL%yC4A99gO;rdOOVm>-a#&?JcS(;Z?o7iqI8=$K0YNN+PZBCoMeTyp?uF&5oP{V&vI~|_e+hGx(o-6b)jjr39G30#{@ z-#=zxEDq`oI+$l)Z`B|{l3$U*aUqBZ=mC-ZD17Tn-&e57^7O2WSZIXKD=jygah}Z@ zt1xQlY-(nQ!8*DYOkwbNIW4X)f6e4<+X?m%k0s*9BHgyNX0Y@ws_*eclj%`l5&jnZ zVNnBARff|euQ8eGi$&FBaDTtHf{KH<9+uHIR`>G#BL@ii=quF|c` zGDhF-?p;~ofx;9XY`CO$!I44L>P_%4HSErM5VczTmh0<^{hWHjT)7JX@p@lizMwz` zs17DRN>MfVjhfEMJM3+81l>kDyWIna=B2(Ci)|`=Xw1>J0Zr@?G%*p3YI_vO-IgCM zQbMV|*ce}ELXUNd{m4H`W3sV%aAn#*uc_~#H||iRe)X#BBDStY;4a<}m@bhl*w$rp z%ZiCLr)yV@S}T^=$m9v9Waqx3uaGE)IG}$fM_67!`%;QYVxhGQsd1%mE15BtErDM4 zm0>klP_UC@b#@fx0=3(1n=?T~fgjrTsu>gN*#%VG$N$>a#tO+4kQ8xmA*~pi+jmG$ zp8@eG6cFppg_)Jp{aXhLqi!h@2@RCeJzXZT8UiqmVE_bDJeCJ>Zk_-ohDC`?$mLpp?(H5FfL*o!>_zMnHi5UeE_ zNu2!A$thOl``f(-dXg-`0wVX^8^&m{S%|bGM+9x-_n=qnbx&Trls|vqc69}fB zh5eK}S};3l^nG*J6Jaa#QKS%5b<+d)E5Kr|K`U4x3l($;?&Hpo^eZL?{3U=-4G(fc z!3N-S3ROTSa&2BJ*C3Z79Y&mQCn&YpHK>T@0g>_($5=WB+_m2%sf2FXY%|kS3yGcn zlH0gprKI@OLxLx4V>&w&_A1lE&_$L4#PZEn6}#F`$LZVh04(2I zYDS5*ll6hd<Z^-JtDvCMELReY!_d^-@HN>1=-}boS9$HFsB%`RPODX ziL|qC_EZEji-zZa#U3m6l_2H0FittI1i=bRUv6`uxLXR0G2f&#eoL$sR=FuFCMhIJ zkfIkS(@V$|mC&`%JLE(bjV&uu_$_a-`JLNVVhvRu5)krutJWjZXV)yegsT)N58Ix7q)bA+~q=V_n8d?R%k$9uuf%aNAiU(qB^*d1OpS?x;9a!z>I~`I< zIa2hC8~+vPzY8CRX0@5)G|66!+4rNj$WOu`J_NPDa`X7?sL!L>k~bJ9GkLtB$x!;7 z`c%UwOm_Y&dohSTB)5i{+t|!(zPF&=V`07!4@e?S>d~0i@5l1BgdqED>WzX-w@<=EEn z&5PmLS(x)4RPXU{s3YtJcdB z{g7Lm4#JYuJi5WylCBvXd2){P0cXq`4Bt3*z1VI&K;%jEKu1$;W}H%@5HV$CX|W2Y zBj>SPCIGV>o8lqkv#ZgbU<5{dOnr||cq^J7YUDT7D$7iXTa8bj6hIGcllQu-!Fy7l@(P8 zQ(px-C470Pxmk-32@VjevvU}C4Bl|jfyu4)nb(Z z-~1gl)9UjojoPA3K}>B&P;lSLujPtYzS%2OQum$Gw-9-ZFv8NY0ZRudWI92|okay2 za2=RLBw^9k^RK>ny0d%0%y-}Hfav>f@Ivl9WRKyQ=SC$xl9#JYBuCNW3Yr$F*SGRi zOj_HgVUD1Tp@0=BG&O}{+zmrAj`%v^f*F=tKTyO#9~vqdc3elIMEMa20w8~ehx+gh zb8GC2KQQfZBPP_qJDgUckXYo?NN&)a%J&!szd`@b;KAo#{MS!Mvs;71qyFl54{i-M zKE{6@e178yf47eA4IX^4#_y8iH}|ooSfSWu>rf9p#iSov1m^(Z>Mg)=&V~`r8K312 zF}|sd%^jS^iV(k0nFtQ{SIIvDDD~U=eSLv4_9=gf5b}F`&ZE?Jd;kW0Qh_BoNww4@ z8LZy`l%ha9C`!|roTXe}L@1KjpW|Tb_(Cusuu2wl@UiFd3ppNDqW(IpUvhzT{L1r} zP*hhAEv1k&hMCZHAe8nU+D^9ve*r6g+4Jq*C%1Y`(aNCxK69{IjL#>@t7I7_dG~1T!ppT|QKgg5h2V*T5Ar9&(4tEe1JnnRhqQn$}w z*$AoEo(|t$NK>YeFAbJ(wHCN+^`|auU*a?-@v!Cuak{9Jx8#sl;B9*QNIZpOt~ek6 z0`UUHWXN=G>P5%4Xo(64nmBkid^eh0&MJbtkkxbOzy-F~TkqWiK@`+iGy>}5EaR?b zI&dX9f7uI23XlqgrVmO=^Qo)oCDNBTiv6p##FJv>t6z0u>#mlX;9{{CL`oIFabN5$ z8wXAaHF2&&k7#{Rq3Uf9odE$(KZ^oP)&hU*w4)m|H!&Hzp^>&6A z=o$7w(v+7=t5MgFzpksdtN~vyUWLy}bMg8MgI>CcwkPN_H9zo%6eQl45i1`i9p)H$ z`gjF;{CbO*l<3A?U%IxaCtGDirB7#EO80S{$0<^Yrnm)Nb~2VLpudN-VDl$DkBFFL zTruu4MYiY;{??9uA3+1VlvxsHmZ4h;T-~#-sGi@OaxWE>_}_Xv#`?SjaP zM3Y!9i`kDo$ameFm;{Y}5hzHS{mroNf?;S%MO8>=MRl$=OQKk7kd~K?Y}l3LSXGf< z-va`)C}dfbbDU2^)sk_M*hRqAvVgvr^xnB{^`VAt^vbtygu>ii3_4@0n)AY?*+OFagY4k-jT;Y8J4*8ghi4J<+XMTc;pV94dK7 z!&PWf@=)B+!XQc*aP(5{Tm*|ye7h+_?!cPn8kFWR_(+U0kp^SETAf|CeR^`00ZmSqta*E2wF6pB}3d{g#kqvxa zI$uA)X-f;-dzMxw!|WD_JhI`)rtWC7rpTDvV$2P~qDh zzB;*Jkc=sPWfS8`M=NCgjbvM%6>IfqjGSP~vXHp^pM}h@?WQ=7Ov8UYVj>=|8HkX# zTiGsj!DLcu?3Gx~^^%CLOKks)+p_HmwM}Xh;=$(XyA|Y)x)~??Ihwb$A`Gvt9A&9a zIXCxkZNgi~&34{F#$@~kQ}2Nm7z-os7O}CSqNL)xdNmFGxq7{W;q(o16JHFis!9%} zASDBm?=wtmDO;$+&N9id+=& zTcfCekqU;HYLry8q@v~IG)gC|$i>Ik;sXnbdfpaWP>J|wBF~seR>~kykLY_;a%iq$ znS|-(>BXSposbBnA?zK}049i*fDjm=-|^l`CUc>ew~9DOKR6OA!0>F)-#>Wxcvrk2 zNAeT$^vlWHAre8oef@Ux&K;>tpVstam=lEafRJmz-%Q>Ozj><>cg(d%MfP46BaH`%2?Jm^`y9)MDr6>Yh%1xFQ&z z-8}o6kf0{KxA)RyEDh7_+0x`C;j1U(3>eaQC#c`6jD5MTqnC33$wMy?pW?oo&}lEVaD# z5_{@$&3Cun0r{SA@#Px7`|q8wceK8b&~)(bW$5tmlkV1Q%s^~3+hHU|aRFkhvv?b1 z^EtS9pCa=?{f?|eP%V~z9p|OF64^TsiX#O{q)1!PmIcWJ9;~`v?3hXjS4uL zLu}7F1RtTtUrmb_@1G)B3SgHcsu=3<6gjp5QEwfY$3I(XzQ(nY2(0R@b7U;B@`snI zblW~Edor%kJ-Ykpr-%PC79znWBAtj0@+Hqwxc}5j-@E(CZ-uLc{(K8oaBlKqU)Vww zU@bcXCFcR5=!D8(uu*{aUh$#=hnVb!*8_2ed=kG9rd0%E{HE{o(Z8=yYh=z5I0- zIBiVy1Mf5Ltm6I)iqRE5Gan^vI0*;;%~DqRCph}@F1V2K1;%uC!ek$N4b z+j3nJW_u&*q>aFcl3GnJuznxfE~)Poj$|p0%?z~}jXQyf1*WArY? zw^(BALtf8PllCS!0&B47j~Sh*Gw=inzvv6h&g}|nNH7mm+$a*aonbaZX}RbgVEaHK z(pgeheTfJ(`Rrth^#)<_OH@US5G3}=`Mcq_bZ^DfVq#?8=7pvpQWK0kP7I*K4SvY9 z?cBC-XS0mthuHp0! zp_cm{^imdhgkbrR?MmN5K;U^ET-qX6Jj;H-qr2~??2$>~+VgoFy#A-&mL;R4_YS6j5u?6%H9f`}{Lb7KO-V1MZ*ivCTq zkDL6jVs>*=Y3$_kToY}|1uA{N12WHN3L^fAb^X0x^x*u1j2vBRnBDC42-?1vbqaz2 zs%dpl4zZ*0DsGMAz=ANUn%^3DMJcL>S|moDzPz?LkI%#_1UCyK>8el4idw!Q-Xtut zl4U8`ThEWNt{eN%hVE(z#>djYC4?X^E=}iMnlXvr(v3KeIn5wK`D74FT2#~{>)@J^ zRmYtdQ=Qq5x>ec13Og8$FR`tX{d*DtX3{|Yv^K+gy|zQ+bXG3MNPPyjqHCDEq-2Q2 zMJ0?e*HMK+?9&rOIn&sw4`g84UsfMBR3)@d;)H) z{a;=`TkU}eehpq9$O@}%X@37u5)(<_AGn^ga$~FYEaG_{frhq(xB^I|je_A#hp&)2 z2ezudvP0g?3ULedo@A-ZcQZ|lP%MGG6X93rlKj(l8RTh_>spw`7UMrUfJNrJLr>N?JEC$-7qoCYC1 zQI`%4tW&vi`-}g(sCZK7y+Y$CIf!2VL~iT_NF08!daBm(6y#S=_P*SDB3Fd%Kik?C zhv~6iu1UYAi5}P(-@ZMExlIjB>FpSsgd}SVsy7YW%BmHfW??_q?2&aQThy;@w;&W% zWKGo4!!Qddvl5Azh`ssV%3zRF~72hz5KMH720L&Mrs);QIYsSKt7>w18slU?Ctrak6<| z2@J2f7>E?}PRL=eH`vU&QJy05R{dBhPWN}lpbRh_Pu zqCv!G$fq2Jgq<6iln^O#*urqDKO;RGa|;BN+&$R_Y9ayo$pvc=Vc}tLbuJJ%xH^vQ zHmEwqn-@iC*4TAYZB)8t=b6B4gM2KgpCLW8VHk=Bdennri6F&5;WH={C7&Gn(4H3( znVW@T)hz#6u@JaM9V}%U$}3V%nWWObjl%-Lwzx+ntwu!FRMHkLBpFdD35me16W~z# zlmqkj3X|+siB=-uB;}%zWCRhaFYu=jNj+UgTEao7B^>rgXV7&S_U^LKjJ=>{k`W0$NLA*AMbuu zEbV4tnKqdrke<&a@+XHL;@jqU1X+YW6eH-sly7Av2K3`Ufn3*RWLzW}K4zfQwXa5e zn6#`b^rLaaiz=uOzx_&~m6a17CdX>+sl4h!D(t3=0k+gq`E7F2VdtaRk`BtHFfMsr ziHc`_mzlzn8u8#STp{>^j#E6#zbTiLMmOuG8stKa`yhGhFG#1eA4V5E7%l9AI|eVT zv*zL<4VflaD>r@jb^wd7I2vHkSoAgh>2?fyZu2@X?TzcVYd4+gq`mq4{W@K2>(x2uoqhORJUB`-_F zJhlfsxTQpCt!p322Pz(#d2upLd_LPd8kE-^IlRo4KpOvtl{th!|27hXa5el#H~oLd zExviyQl_u`s^07yvsiEpy}-=(*hTy!tI)zyAL0y?E41LuMZ@~d*%6JC$~nUISxFvg z2l1-hX9?i6Nd-;8DFG8%Uq7^+(o+4YbLh?1O(UuX-?>i}96obHoumA`m^&_kirk!{ z<17iaB}x_odo}(#A2Mr8Av#q7CnN9B(#DH1NX?J=W7WoE?S)_X3|fX`{mfrRnAf9s8nXBvCY&VpPq}a@>m{#?4p3&ZD&iA`J{N^8ySm z^wnBLQP8~+bEOcX7@jK_x`x6X{X}Qf^A8_V8z4! zNw$^u5wJoX8NOGj4Ba}#D5HQ>9uR+YWe?ZoU>2XivDj?uqN(zI=PG8$ z(u($=EOI7V-pg}3^QqqXO5jEF$B2oXoZ+}4;D*-{w>P-@CM^$g8HO_{P|}iy^)zj3 zt@}%{8SwH7loULuNiY`M z(mYNm6Xr&WA!P7Xj_|p2H2diAXnHjM4nLUE5&0o7E4e9*_Ft%!AB9cgj{yH$8cY2fPDaRyHRA z2ce)70jcWHlhBT=RKCcj2uMK5E!a!NM>B~xtckxsX(;@G)E@@5B<&Y9S}4Em`$D>} z1S6sS{4UB~fz9Xv$SqU8eP_-l`Yc_^q@{wkF>_fItVwo_5v`P|Xt0K>9NNke(`vU3 zK-$<-&TJcWCsbCfhDouQA+lnf@aXr4;OVf>NY8*}fn*)Q#Qrb&4~P^I0?Oewn@^Ha zGVWamkgt3*r+`_2?G)YCtPb18@nQ^R1=167c+=Hyc;&#qmyU~wq zjK@+xhXE<0dOx1LosHlkmqf%WXUZ49pA(ENK>*_3awxg^y~b6W&4E1AxO2ZnRT;B| z=xOPacJew_@{HZ(Z?fGg5tz`26OA}BRET`k4>f3mQ3J`*LZqm`_z!F9(91fH^q)lz z3t^9c8@tGdSiszx^7Lf-{TYsV`>KK~#cy!Tub}+VuKcU{NumYXoFt^Khi;gb%*1Yr zMhsW}kQO8I3L-Ve=BBca7qpD~nf?~PNX{Wsv<8L3%-OnmaL`Q~jmqy!7}LeO1Kc@m zS`ka!jOfdC=OYqA^Ud&stX6}S{%`Qt`*VLIr(z8pnE9RipELjb{r;_u)juDNkyvM? zF6-nWDkjA31p>Y$=kYyBx+|JMPtuVHako}B`XBWk&w8$r0HOkbsF6_Ce?P=NhC*YU z>SRNJR~rz1+^lV)T6a}&L-FGfOHm5daWDwr-N_UuPTz{ly&9H@Vjd5$(f@OQWgbZt zbF7=N&anP=dAHq~PScFaPgE+}MDB&shg3(RKS8`mvvzE+m|SUS76et#)NFRr0~7Hli(ucoJlNhv1F^;bB~eyPclH9(!0OEwZl zrSY~g119Y#R*2jqEen=TEI%Psx12W>>Kg(;E-cGKS3VT@#>q@->uzl!kF1tx;_n7l z!MQ`f0XhM9A#Vx3w0}H@o=nr|0vDF2Esc20uCN1sEF6QVQcdjz%ZS8ZFgo5MR53a! zDUnjej-A+9;(&gnB83yn3r;GDBET2)m(9&O8d$e*%EVG#f~(~wq=GbS%1|A#|ItU_ zV^!Ua{w7`vU6eRzZ==kLYRmoP?I5mDwLx*axWyyrI9#cesYc7pUsE!hk9voHzB&8z zcZ1*DoZSM7eQB}@IX;tJJe!pHStK+mDBjjy6Tg@46Y{ZoI7HM7!#4&1AD~6L&6z=K zo~yKW`9?mTkj6P}id@!8rc7V5HS_?~w(91xx1qlnS|yn~k+l4TQ<{u6!Vi>IID%nz zSL*{bKSIB>vw4Za$>|$**EIV#XFW}1bduL-m^h%K{*arKeb=|^x)@2IJbT3KAw2Td zJ3vw@94jN%{$UM@k0#SMCl@$OYVm04d698ZIoRL7C6eYr{%M5P0W65l8t2&)o2E5i zWQD?WWm{LdqFw0{Ld9N7s}6Vra-&D!LsVePU>Iq+e0~Z} z2dm`$-l2Wn#QOQ}^E>{Y+);TFR7g;WK_@=PtjARlk%=USMea2jP$m~A=YOPVPu`WZ zhzq_x7Li|diE48!#-_^=9j$TeLJUJ{PnyxE_1+P<&^c1#C6`;^1*lwXQlyC-@7(Ks zJ{rHA+`l>d99dBDqX)$B|KM6~Ywb1?;YofFQDP)iAVLQJ2n@Az;|svF5kYzS^k7fY`2NXRn+&k%oMjLBGAdX z3G=DFL&#E$`1Mh;Rv>W{Ac~<3?f((P=r2mNr{%|;SX!ht0eps3HoUdTwlL=Z*8XLVg3?hyS}{n z2_DN{6t{RMs8aQNJ};@*k&pYDY(yD}H}cox9$`wlcn7$Mmntl_d9xU}eOFD!$P;sZ zKKWsIb}MWg;v~5i8^RuA{$XWB`FSZ*YDMe1d(9_ka?O-A2E@9TOo`Vvou+kzb@Arp zM}%OfHx0F~;OMsKK~_+$g}qk5ZFOt$vW4~2Jf)JGVP4WQV3c=M^rSL3A-u z8eXi`J}Zufcaev^FJ@X{^Zo1kv;1=)z6fPC4`)^|fj*QPBbF!|SnlZm+F{G{mal&6OHkO;%EG2nOs{D}qsv~91;n$7+^L9u9 zu9K)5_2y2p>3ZiUa0;;?vty5YJ*LGb#HI4p)$|g~B-q!YRkyHWbu$*9yT8$C7%%`4 zU@TXSZZL2cPEUR~zJRg~Q>i2=Y5nk*l{GO1kiY2~fn28dPKa_}*nx%f8N-EDl^rK0 z5m{1IPL{bb&mh2Lp5{u&>dp1PC^$dUzQ}2gJU8hQ@#VwJ2?5cPYb2RX$mZoncv}L% zLT!;GId`!5RiQ$ORVq4e0R)A+8sr_0IBqcCBf9pPa68RwgiM#(LLR26YQmnr0pW$WF^=$wH`z8q%AhCJ1iD&Q8qG{|cA zX-;;@ClWVk>>%^{t~#-WDKi+jVuDGNyrxGPa(apg1`+B^;BF0Ooy=&Ar3(K#+nF=5 zwlVmW+i3+t>T`0Vy%Pe-7}X+$l_yM%6UhA~?4b`cPrjx%v_(S7?4{pJytK_X+NFep zE9c#+9reZH?GPCo)+^mV*J~%UObS?-v+k@wI6KH6O;YA2%xXoJX<>@Hcnj@1WmS_+ zTC@?XDhTtw^!O8+uZQ3pEhOm5?5?In?LN70yKL-fTei;2n4>WJ^^PpetpSy73t3KU zJAf$zRA(oyxDapA3{2hK5^6d!83|6io7}0o&OAg*1BL%LoIq8phO?|gEtD)wU zxE}QUYIzgI{1e)swiKg)tMRr^?zU>53HQHZ^Caf=wQi4o6=x#KqwDR@5(* zK}sDoyno>6pU719N_1izu@TO6a6({y8g2>MiA0G9e2Yh2V^l4tMh8Iz*XYZ!8kHtQY+I={HQ7!H_57znb`LOp4x@V70sxJz88o}EpO zJ?4|i;NSPizp>&Mjc-UE_p*Q(P3Edwu_QImtv)SR|LDQPeohXgHUn`9Hp1E>t` z;=G>bt-HS^f97cqt$I4V%Oe2zI{ zMLY>9fr@G}>AeUy-kFds`~+Khqe}(J>(YaY_la>u{w_%0R^7Mzgo2_Yk+844T8^@I z8sz|s@^}S=QyWaZGNv?p1?JNT=HWgUQtWq+bJx-9BTZGq)+FGh4=wvk`nJW~Vslt% zDyV!kJ$k)*O{kQTiUpYLtPVtmJh=99P8+ogD3#8g7nrtsb4Ft&bS$~}65E0hqB6~B zU7|K2(x(_CCKqt_AZ=MXfTC-tI%|C8(0khm!~~n^vfNu1O8!d#sN(jOf~l7QZLSo* z1Xy8PthC9v|8>U{D5BXu1GCW4E;6thgwVh&C z-ZUT3t-M=ZBS2$5GDF)LaI8_^9wYE+HS5s{2HwZd!ff@E$_im@m62bWK7I7`K!iQl5don#G)ad8c`ZB7B~ykbdPf}dhpzqM9Zq1kxfh-k!@`#O(z>x3Q?Sc5#4M=QC6gc7c#=K%@!57 z#L~m;dIptX`60+&u2g7gOuZ-bBpk3)`j}=8nm&O-mpCp4Uu`jeVApI5$lK&yLbKx+ zIM0|(W3EhT8TtLoAQ>FDWp?=H9$nOEY>EwCcUOfDsWq{ zp^^s|EgGAZXqmPTCI4+J(cr#qg-rfY-rH6{IB(mB%y%P=RCA$Q&D@F5A~FlI%x?_e zyuHBfbk3^f#O6N;YZv{rnER&lSVX`AO^F?V99n&3ivFd!Zbu&OrMMfJo4E55P_=kg zaS(bUA^|j3bc0DOtPyxXUADkmDP(maFO<6GQomX9(LYAO@j0%e{hSQ zoZC%tmQBJmRVkM8oZ2^e2@MN>=AT2n+3ceCeCObs=ex&@pE-W`cz^55Cp!;;yLpaVs6R0Ihc)G}nza0mAA#}Q6ooIwM2@=LT5@2-|%qygXtd8SCeU0&zMlBXezCS|&rWQBg~;=!pIv z4w>|mfoc$ZcLQLQ+CZ*t{h`HolhGO4GUI_XG9MhaW*8qJv<)rUQ?oJqAnoNzTALDY z4D)zCe0dIID%`AawIO_KCNb5`0og=nvk{iRUI2*=K|g%U{GwH5 zZ_2@IUHL?=6(D{!R@KP=uUvA_Be%rmQ zyTB`SaWCK$59)P(TMz#%%{)R#wQT}i0`?O$tCS(I@q+3}_! zRGWI6Q~NPlU`t&CXim*NVUjIXGtB>_R7|>T*}wKjuOKrmw}HLJq3Cnu2GTkUh|y*^ zk>+|nv)v^05z{r&^R@F%0$ z#Sm^G%nWzFXS3?4YF{E7v&HITY&@cMpWU5iyPcE=dW(ZvV{D+c|oaZe=g-sJT3a*FKI zy&vEk9U{XiTjmvKr#hsK-ctzTC$EqUfAud21>(=2S7FjQ><@oD9jbpylI2KykmRk9 zUacc9WhB-NZua45;;_45l(7RAC}(2>Z+bZ%6F`%B0FwRsdG+dmT2%#9Bq2rMl4EG$ zIf*LLN^#0aFNB`2M;(##k+_sVl1^hZa#zntCI(v47>V)52U3yTtv=`>%k?WFv|;j61}}`O51_RlQ_FL!P>~dK3G(V?VQQ1 zAw(++--j!{<~bF!&CQ+X&-b2lkca(5213DDE9>_@`Tcjd>lz0;&!0Zt-8$H*Y9(69 zHOt$^T0o8KKLX~Iw%L0CZxxmfM&SC%E}ZElw=sn4dD_f`(rckORuf+>nHqE)Svh4p z{~vX4+Z@-Cq>Fv$uV`_>+rWqbUo>wQqR0z^poATg-~gbsGQdHAK!fZn0FCViNO4DV z!{N{VU`OnP9S%F}upQwDhd=tGf6e|9KTp2Z%Q>gfASulbXIJQRPE}S`R#s+KR#ui^ z6H@DBaQS3bA!m^-W~4FR?OwKEg_HL5V4v={zIrv(fqE(Z%WE znwJVw5Ux0Qx`&4=7L<`n@F?nlc~d97co~b3j0_4opM)}(y2FR zQas|FazGgD9Z*;dHJR-=YKM@V%#DUjqi=_!3+~9ec5U^WMJpIThV{&OMd}FCZdJ=T zc$;?#6Bz&M9%1sXWX1A{+XD3yjx1<07#|@kPs_NZaScjgs6KGn*tV5zi(xi~y%!L54#i(uq*dy4b=5Mm-- zo2X$s<$QQDNFRPt+$d%xPP|*3b;-L=I|&+O2a*?#w9rADRK48Nw>SF}E#dm#T1S#vBbP>=`Xg^ zkKYIHFc${8p`(ThZdc_wGHT@wiap#v_~G@KR#8AY7#-uFve^?e5FI@qd?W}}P=SGl zOcaCCMgX9%6)oeGhh0rBt$A@8b*DA@@tkmp&&O?xPIEz-37uD6S;?)Ofxa7qAGozz zl?he{PsAQhOsZ@jM<#+N(}z11jI5cv!G7jJNXmBEzGOtf#L%$+U?VreUNl7iA^NHdxg31ubn4q%)^wZ8L&dJB|eO3beI+l{f*4@)bS3(=NlI&D3A z-kJs|z^n68!3GX?ln)Lh@f6Ff=~_Uh+f`niA{KOb3ZJEr0nTmYNn8RyW+wxyVd?(Z8@J@FN{=dXP~l1ZSk9HMlvlmcOcB?lDXIXUYya<5m*bu zkHkq9lYj?Fora*DQ=CBG9K0U<$ag#Yi~sU+{=u@UBq*a_ea@U(__wt1E9P2*CY%f! zHFo|aMWq0@9Zt`mU=TFpkG3m14`e%dvxhq!=CA+5y?I7Gr`B;FOYasgM$6$ZJXpB@ z55pfR=#xiDfDDk>fA{(3+Shvn&aO;S1(c_S}H-ss7K zIeD>j2d-GxM)vA9UI}k997v-685=}(2UmPxv?C`J7JGN(f;;T4q~wu7Y^W|{39+JA zl|(if?7Tthpbi)MOavEUX3FqM22a1&U047mWRE8&Hu`VnL3RP~c|##vR#Fn5Lw>6- z-J|LR6;u-Mzh-r(-<_8`bHkS)BiJ?$CLm8>UgirgqlYns!F66sJ0RR=bErb_p&3Jr zFWx^JA?2`xXFaZDb;m>IC!10Mq3Je+c8|xSlP&T8!mI#n!F?n&>P;iLj5DaGMe$=A zIaBUDVOOP($a6tV)C};ypyefRq8sRHLt$x8Q$flBpOVv1_ERY}m(0u+F7&7tc)Gw1u;qRCDJOAZRb7HAm zRj`rG7ne*FOBozt#G z8Oc1+1!u|G*Jzq22J{CQnRq8Q`D{W$;2*X zk111TY*!bRNOwtGOO=);bQ4!m=hS}SGwY*Jo%Jwi$7#VT^tPSM+P;x0V3eaFEhrb% zgrTPeVRo2?p)zl3Y`MS}Y-+8R0Op3ls#GV@jL|Rg=Y0Ra%!{k=yO6;*C-)xFkraK!qDbk^m2WJUeDAx26YktTS1v z1v%CDOUAE>9I{-7Cqs(q$x_Qxe=o7jldyCs(b|bx963l7ID@xuByKs*8Ng zvbw9;Sf;AoV9QG{9ge|pH@J}$K0(>%@bWdr;04U1=8g}?@k34)K$Qa?cCgXlbRRJ; zLgCRI{nzRR-lEl>yMn7hmhbsUhjUjv{h14x9Iu}I?B%Q2A;?~ucFf+;LdYK(n>?6M zzkfZ(F8vX#toPoHHb*j#w~a4w=Yx-5LI#tIMp{yT38nZX`rI|Oda*N?U~Fl?(I*7O z@ zxJGAYK<#0S`6oav8cw)ST()6bpw>b%F&CXdXf?+6lnoTQkihXxR8TwRH`H`~I;?)lPMOpfy7@NWbLuP)Q)CDQdYUX2z87K%xJS z*lWek(CK9H9|woSZ5&BZI~RIraQYTOo*JY0WN+>1izh4F8=L)wYp}iMKl1{A*m$Z|KAWqqZj4GIsG3kkKIK33~eC|~O|j2b$#Wvb2~!d2n52(rrrY-dHCG$EChv1!t` zAUH*qv{&e!lv=*2##$!M&uu7d6b+qD)$fG^iTN!q7G zaY3BJCNVJFGi(6%*H00+HO5)=&Yr1_3Gw#|6~owllu9SJY_ z;F0rQRx z^n9N`B?JS1Bdo;oB=x~}-V~?(n6pKNYrGbg#mmJz-j!OFNX0M>hKFgv9Gg^b;wHD{ z<_nmTxnP&Z;nO;#Qwtp(jSmN7_>AxOKL6aro1$`~XVXZdpOiQY=!tWtU-gC^|9h`q ze?@wHdGz`#>HK|MuG+hI>wfPZ-tfzP6uNca+?ulJ2FE{?#&MG6klSjCG=5ljLR~eb z2T~YdL?)9~YP`BQIvR}q5(^0eLRT%cs7axX7uy&+e=o(K!;BT@avz70lzfI00MQey zvRcZzarBd+ib=0Dt8rRTI=Xf5f-Wx!L|Pi~@#*XM zfRmfUgPz-U!z@+By#%X{R2g_5HtF-9U=653QFSmZs(93B_OT?O*ZjO zauRCFK(y28(t*%wvkXN0NPE9+AVij2X()7Nbd7>E`VphhfzOn2Fno$32(jQiKzixF zrXYhUi%9P>P(dqs4)3ic5*x3Cd zTOg5Nn(hf5&UsVMKDH2o%F`Xxq#Tq_g&<6rch5uZF}@dK(Vx)c1`4e+oe1E=r)d6C zp%tAmT_@@W=bS}MB?aPr5KeJLn0xR|KO|OxLr@=*edN9GQwQCcK;zuHPkAmOyQ;Ky zT7{QszL!%2EuJADFhBH$OG98+?5SA;|2}lVhn^@1yQN&q)`}^cK>lQI!zF+Q1R*h_=iIr9si)p+i(MYP{rb2wac)*y33#@^M=IdbfsT&n^NcW~B;=j*aoof)8hh0JROdh#Y1bC-W1EJlFvj!!^B+BYxFjU=JnOU)=|N%aMW59)C0|6i5HSNJ0iZ# zkqe<_x9p}Dx~#P;nXdK6`|tMXVie0&ZM$oIotE-SDR+(MmkkEgXNw`FxSpM3lyhps1f=IUG{x#p&eYOcUwz>ToPSQbepFlE7O!%8XUea}!pVAO?#pm0+l|W(7%s zW7D_dX4RXB`2fqgIz)^HeyK`LTh9eSk~B|q#%@W^fGxho)b=t8v2>#cb8ykm-^rCj~`u}AhF->Dv#dy zpO`{jg0N8!FBHP%HKM_x{=z`vUw+(D-)HM(o5vIl`=0TrN*_)!{S~X40BE4&LqKAfv}Pva5<}F1 z=V1uMmY3yy?v=AXqscI9=5dwlIP4fmm((4f`P#j7;xo{rK#t~Q?+QX%w$9`2^75k> zPoM8SS^xT*?Y))F&6V#F=3ReX-FW(R1=~c=S2np7#f62oA#sSS3`szK37srTD%{X9 zNyj%Rx7+}>pd_!)zX&wfx<8GN#h$`JPfJqr|nps1R$JSHsh{qaWY~ zmZln}vk#LIZb8fa>=IE$HOw2cw&Ga@j~|AN*HetGrYt!UJ+P%YQe%-h(dV>`Y)1vENXjAEnjm32~`-Qm)A1F;uOHF$B0RK4W+|Zq@C&w1mwg zFgddkA>r!a@QGh6&vE7z^A&L?QWdDEXSS+#zZ?m}LS~BZve-KcznJ;rLhzv2K%JXt zip0XwoVF{qK!LjduuB`ZtWNr0#B~t!vlg^rD|H!%TN0MO`{H!SbVB;%(s`fPwd^09 zTef?X&RGf&eG_en+2~gQ&b`6ivxD)LoQ|V{Rj4)L;1gFUC^#R#kT|ufof&uer&Mmr z$OPEjzvHHax8wE6-i9Q6T19>{Py_6cVn^}J1X<`delT<8-r)c~Jj?@Lj@-BVR&R03 zX>=?*NWWS70u!a-rnBRwe4><9_{UM>bS-e zzBi$3y$L#W5J5}F{+`wH?BLLfq=_Ukv7gyK3W)Q14+~`kyY+9~x=@)UG^AuSq~>Wc z7W~M)axFz;@et?ZRW}N%l&+aUHo#`}Au;%>ck&A3!3!yIuwGv}Ah)H(Hq4risB~*j z8Zfi~4Q~rtK|DC*BpN%&W@GX^O3g8o zmFfZULSEZ}`s&}qJ@qKqM=HggJ9th{ckx6Jn1pxu^|vg3r-%H?TKF!X@x%hZz0DF| z{Pwn%d4oMjJpb;lJii&U2tV@W?|=JiD|NX4ULpPN?(gLlUa+K;KvC{5qd%TLB*UK8 zXbPUuK693eAw`^f_p!3q_jb6BpJG2Sfr6nVK{%hw8DfSzO7(kiy|ou2xNF!p^7avB z;}IsQf&`dcbByj{wHT!g*-WN5o)(c}(&XrPgi9+Fn_JPByDt}(V6!fjb?CN&tumD* zo)rIsVJ>?9#^!;V5Lq9tW))4l$3LscM2juAyWCR zu(;H@2pq-Nm3&%mJn;Cc7%L?ht>zjl9kolP#f>f{#o(&e~` zfrbi_i@dV7irW2KyB0dlqtCzkl7|HuX#Fes!}GV2v50fAg4o%;oI+r9H><2Z2kBEp zU%@|RSv%G0jJW`@lPu`)h0bi|17Z1Rd=vn%z{tobBDZa zpZLm4!BBW%KA4VvV+~M0BgroQFt}CUQbOC33S&KQZ*g89w@HFmaHA|M@G?a4!7dvF zk;F;4#c&gb(jXYiTS{I8!y(yy>WelscMOLt1GDT?>E|y+ISMXvD#Fl3`^!(Ad!_oNNsL$SIRCg1V-tiddFtn}t%)0y(4}KTL}TNa|!{1d+fhHu+)c zeweFV5s__8u2N4&=UAyq4xs6If65MsUTDD`w6l5CxHCR8=4W48{~A(q+S0nY3^pR! z452!S$$~+)e=Q_;w6CVyua2KFM~SAB^B;C_`r-Uye7gPqZ15dC2CMMyzaG47;}I7e zxdVjD?A?{|c>jHTb*9mIZgcZz6r+-s7iT}<_*;30%jjdScX_K^{$>@kIyzvL*D68( zM!Hpn2IulM6%C-6q1h!`Lt@%4NWsifeO~?>^*wny;23cQ23gI3eY85BuBp_{^6Nd7ntnrE6AJCjJ4vhvum8|{ zYFv=hH;9f64wrh{SmL3IToZC#3c|lQ9{lsga6IU_7xPR<7a8AF!^z5Tq#2rX1qHv;s4m#%m*s^a?GSCotd zf&)KsqYQs_k4%Ok+g!s3*)7N@Px-ngmrTYQnaYurqG5F%VJNRJnEtVc{+mzt86jGvBFKB3xzL}@rdU@2C3YLWg3Tk zuNj}1pa=^OafeB-ZS2Uv5c)DDIla1-S*y-@QRXz24DqjIkK#C zw<0!NE?MbYFMDImtrVzz{GNNvF+s7_?Bx!Jhhn*MREzRJGn&B!TZ?OffceyMVodv# zVT%331itJ=HZq@emFdA*nN}yFnwtD`e45g8-jg!2-K)RoGic)&g=ILng=vIv+tRfu z{?_I%CEMmFSE_|-befP6v@loHaoe1z^TjII)rtIxC0RpaZU%fYwrh z7^FPTSvTC+2!t66Ay9*H8yP6jlh*=c0!H_+$s)I@JymGg7o;N;$rWXN|2$L?PVPIL z@|#@;R}19ahhB+}r2H}J*iPMN9!qSZWBV7!MdqfA)g5fQ-u(?7j6dH(TlJ+5G4L`~ z4dYioz@_yRT!OKK4;iS_EY>eha8%-g(gh$F@Ph8`9(LHfIwzW5;S?NCYd2cxs!TMy zzKOz=^}L~}J*zeb*}V57=PB701pfZ51vfhWjWk@Vk;#D%BMI1Z`=tD3lu{zF`1$)H-^T_ODdpOdGD|SWzyffzpOrhX#k-Wcvu^ZI~1C z-J>!UbB=>DU+XAb4cRt|2hMHeZZ1VBpj5ucoQSn|K1o1=xMG~)kl$U6yNTM}_TWtG z*2(2T5~>GL?bB+T?r+E3n}4nb0pW;xY|y|ghOTbFI@^%z99ke)xRnZTYT>wJ&&`lu zxvL>;!sTYpz)UARK>7)0?3;%+n*R-!YzjMSBUb7+3kbHd_sN9Q^x3jGOS5R9cf-qg zU6r#fT(X8cf)G7BILv#PD?9}lyaTfeBsWIVtKsHVTQOaBrO6gxaKt;7UoAfz5AzFk5c;7ul#0K?W1bNtc@3iA&AN}w=hLN1qb!=XW-=EOr((pU7C z8XY9%ltJvIq$I5>n(gR84vpGpS~r?NyZe&EZ6ymR?7}3`rUS`p%{CRuCeUsqbGThd zs*()`Ff$-2CVc_Y6(%tlI9oT8uv$)9fjQFDSfGb4{0*B_2y|QlyRlemKB}81Gq3@3Fu!s_!4ZkulNfWWj(F>*S<2Mb^>Xjl?(;fz2*X_{ICF@EfvAbPu;|^#VANC~*WN6Go!h*%8Fx#oLTxIy{0s+KHWAd4cu$Z7G_@gw!kqfdS3lkzt)UgpLH| zcL0WA;h+!PV1u_X;)Ww`C!2L-K%^Pi7YP_EV5vNARA?{i#)@!|^~qo-E=pv;{81^e z;IwhDK`BTw;Y6(7*C|;sZGiU4@L)U=8%fRvB`c$Hw^^h?f@bMNY0$+2BV$Xm!jy}2 zAoGTKAVEyRE?G#Zs@XFT8NuVC6{9DQFt8iZHJ+FVY+J=D$tWz!xte4^ zyZ%ys#DC}E04x1T92_yMI6DGM459}6_#rpbm@%eo6~p*zB}o%amu8`Ga$8v{$51J9 z);7@*nAwaI{?Y4pbfCchn1LQ=8B>~6%ty*WCetLFL7h@1IHy3paxUg!Mt^*|81>v3fh4ew^28mzv4e-m6#H0Q z+=w<1YFddPmBV^&BpNnU+9ykx<92%N!I2 z00b{nLueZe_|Hn#NIdZ)`=z+{r^eZzqQ?@sq>K#7G0!-syeS|hG|t{xb7A(Vz}Y_* zNVYx~6jO(BX~ln7d|ZfX@%MNWOHiSOdB8X4XKc6wcD zpAtSGMFnhv0F@=C(8;X342$=9K74zGJU$mEr}K9J#c1o_1yc?pZR6@2>%P#tLBo>v zdRKx=3MDyVt%$*OM zJa8$s$d}h533Bqy2`&xM(yG!jkBes-vQBt|P0gzbhIAr}VRnRlo?MGtC_p3wGKiG_ z4@~Sq{Ori|Y6dfzE!^Q1jduEp~R0!1$Y z9+rkXQ;p1cck^0*aJ+vuL9%#yRbtyV4J${_>bV9~JBD77%>V8PZ~4}a+R11D6jHDH zv?e%qpG9w;x^JWkUN7UW=KC*B>1kq+vvUqZpQAz9%IV+00B%`KMT;^-9T{D`xL#z`apLxeyLtYgFjy{vmF{T5XMqZ&`;}PEAgJ{d48?E z2UW6n!KfI`W@n)3K0yS{46rF1&h`)IV>En1iMf>+F}Ct>kdCRdcDJ@S_nxmj+IzD0 zc-uRKNUzH|KUzwRsq`>!%?u#SU~}voWjHt(H-uPlW-_4T31rr@9Imas*NIp<`!4T_V^whlnZh2aOt6=((2TF}8J1sh;^?g;vtU9|?i z0pwH>dx|NfX(mBPoSq-e_irH0N-D!1pa3yXTAy$50yO4A43)7ydF=t)drtRx9V}W` zb`l}Tp+pBztgi@S5-Vj*ReZ94HlK|dR*PJ!wHOfZBv}xsX6-y6ma@sD_=<6djzjt(g<R4Y)wS77O16xmiQ1L>Rhb(uQ|g_hv5Jz3G56Tl)7-PA-)w5`Fo0A6GMFkhvHGR+iL?ap2$1zMz++IHeQx`9Hl8{;B^ zD5VrK5ZP{)>NLEMK}p_S**7sM53OXKVp)~Qt*)ccRB7v_LP8W)^$tLHaO?n<`R*?N z`xF0ji}#H|W2MoIUZ{q_uwmE{S>U6s-zmSTEAL|S*j>SO5h9U}%XP`7`TkQLb$+w| z7KfeBd)T7E(_O?c8h7;sgC1jmBg1p+>So6K5G8*&AYMKQRc-Cv^ZrqX|y`h#1O%i*cu9 zv1wP1Td5J|`!3P55!ye7)Bo^2tWUIod;oU9-%x8q+df$Z(nk(tNu%aWYwS#7mpbgtW?)F?a?@oc(F#03`5QZ-@@f?jD* zk};N>VJ!tYdO1Fq4^p_@16nAc&LM*KsBfFpKqVLd)r4?z{#-+5G@mjxVgo<8(uY=d z8*p%2wuTK*nn-pE1tMMkS-0`M@IhmyJeIBXZ0pxa!I*Tiu35dglYYyO1T@0yJKBNW zeaQ+jZ?*L-3NR4{S3EMUPZn#u1Uu=wDPDHr$VN@?8u`&qPD{Z{$asbBg*<4q{c&9> z1}Y>{hu z8P4buhS73nu==js$=7#(y!~kR$2$*q?*4&$_^pN9+#_pM0WRK0R|A+ZO%~Ut&aWpn(T_qR0pwrwV)=rWNlX0LH5ne1e}*? ztXQ&A3W1jw>+XxV9X<#t;|~QiZO<>T&wA&sIu&iSx3ZnTsDQ+@zN{y6bZr-P!hL%A zE|IJce^&n$#^p+>AfCcOixWeVCoeo#m$|B<;4X5{oP(V4;}-Y zUH@@eh3&`qQg)AflAHvA;W2?q%FuU`A?Pkw06GT9kWaxSrD6( zh^tdW0&QpoMZgqwHexKRwWQ5+q=K`hOJE~A8c;Ap_&kxlU-p&U?o`*r;b;YeVH&w@TL8S2{$kecmk9V|$ z$xmhgRt^J<|1+$N^8~nkr!vyD6qRaQ2#YL=<1I{Jsc#EFo6yygJx%-=U*!tzwUCK% ze~J2kv>BPP3j~YNMl3@(?J#`pd}U*x%$;bOb2g&$5y|mr{TU3@{fqOF$7!*&(?EE8 zCHpvDwb7#Av+{TsKycK=b4&(rx7}a=^+VH{FfJ@Now0A5S3YWD%GU z8BV?#9vztqOuiystAV3LPoCm6t~o*6O8$SX4t4YcV545J>-2H0JtdRWsW*!|}D~;{E-@LzFpZa1xP` zZaZ3WvlKsI)8#gpN-zcj-b0y!CJ1BF&FK;s=hh{1qbU1K(sl7usf$vT3=uSpT;bBF z^fEJCLQpjn@gLho)1hkXhWx0JPom#ykZTbw4&;@@y%ywG%T(l=9mh#> z_4J)9*T%&Z5uq{B)|4Acqvz0S5X?*HhaJdF2AAxb-Yd#g`Ywzl^6(7|^MMZ(2i zn%8E?ExJ#3`iNh%>JB3Ord<98eeDMXc(f-r)y}+@sp{GS@(|x)u~b3ZhTs z;#QCLy58&U+?zwskso)?px?VCFA&W+!KFRK0{?{!!mZOX3!T+%6tOPs91vlvHAxZP z$?7RBzNN191(*oQ?3ftHri;xj-0iU-tC=v9vk!~+dACPjc>zX!Uk$5_=h|xld{Jxh zzJjpJi6yJ9%!8-4rHyj~eR(VU!lA@dLw!pWpdQ$qladO@Fy&DyyPMC(Gh3aA`&b5-Ul8F!^0Kz9D?niYUn14xTDkd zEu=--*iUg)D?U%&44?o9KMoFX*(kjWi?2CGbI3M*j`@QU{j)b`%eQV#_y{K`4sSAs z04rk&DL)yU@9$wPyI)w03p@Rb@vxs#$g@*`MXzj_l@J(n@A#6E<609DcyCW}*ky5m ziB6odaR&oFmd#5r?L4l7$J$XmYV-X!$53)4yH27gWuIRmE#41|dU^K-oCAI*Sp3F$ zhWXEqaQQ&l4N4OG8We$R;I@$AKN%TJLC@hZ&fGiwe}o1xuAJ4|JC5Uk2k1KTp)jOA zBMK@CPL-8?(8H1l`@Lbib58r?L7eQBSR&VFr7bAPG>DA(=FEU*uV%!D5p;d`&hLJA zT~RwgpL=4;D3Nkz6v~N|8j>=Li*rM;fKC=YhWKP~ga{R6ZH_6y!99j^Z+`I(ev0C- zn_EeytRSeVYihq!Gr_pYbeXu5TVw|bYp4kppKxNOota_=V)jz%+pI2;go4Ph%P5Kq z+%k%y_CXIPl-l^^E(swNx2WZV9mFe>C9vo+hT$u6Q2$}}LO6otD2t)u;vF4K$Q%xo zkx2WI(J%FqrI48Ce0a*Fsv@Bwu5eN@Cl@ z38y#@M~Uq0CL`%fG+no<@;n(K+5Ld$O^)BM(RnvG#9HKn7dIp>mr&|btx=rY8LreI z#yYD;mS`)5LR1_1GTkp3#_P5_jT0)>y~ao)1Tlx>cLll_LcPnl`haQX4axL08lq9P z1doQtl-Q*UN%hvvYoV#_LXX3Ru?BK`vH>>PdxtwYtSazeEwT$;B6TZRR~f3{pn6~q0Q40^_YcbJ1$dn$*<^5QN8$eX``g!h3|yz6oHDC- zur0ibqF9U}r5qj}YDm#a zckiam30A-xb|981-HRo$Hj@q-P8zG&9P}0DNIS7@@Idx#X;9dD!V0psRm&W7m%cPu zM?Qmftmh&h-Pl4TO~|RwKbQ5b6em)$str9B$K_X!#5!@xrTSeG$Ti^vfw0ecFBClF zvP_lCavJ(-5`=tg^YQ~^4aU7(G4}7hIlkXts%)m^Wxa=Bdkn`bOxuUBohCRm|7PBW zULhkvxq}GNH9Qw^8S%Ya1kQQr9mFjR*!(E^C^T#ufu()oG9VLy!W0c#zfziw<+Z(vFY-{cL%H|4wim<~f19kWI@O^J@sefx}=@vZhqYE6yoZQ0I zNw?G!F4pi83UmD8c-flded&E>1D`upt;2LPzg(1M?2+YhR2di_Dx`#SZOyV-G>PlGYdX)<%A+90P^Z<#ME4cWNS<+=+YyR+f#( zSWDjQ{rdKQ{4Iv>LkQ96Whr&cCdl?Y1P`)w>d@@F9>E|oC%j842ox}xt`yM0BF%xf z+1|2c2w>c0PCK{BbCGQ#UwOk{9W>w>I-S7F`?fJm=1*!LBlL9t$JjLH$k;+UIrO6@ z?6?54xJbHCpd_c3_XmmIJcW#)zH(i5y20{OBjv)rTPwW!?E4MR=x0d5%5(8wa}EO-^P*5xUj z0*6&BNmjM9On}>UTOOXJ;RJIPz9n%PVHX@urb3r?LIXp&i$$x=AC1ni5Gg1D)l9eL zl$Ot6N&UEY)rRw0v$XqJv&+y92Q&9nLwX=;Sj${-cklOZ9S+{!;zZ!qjoNJZ!Qg_6 z3Fnjz<}@1KQL{tq2%TJHG#HZJsHW(i7Wwm8Hs#II=Sf=Kt(rSvu2$0z4DZ-jh12nj zIVga;EJNVZm?F!42J5Vc)mXp)c+di6boA#=xLfuFt#1jhZK5;jsQTjlgX7WZKzgU& z3%46U#552mS}U+@4y5U0{Se3P)DD~cQ#~RRSnOqxh%~_7V|$yTIfT75whKSENKtJ8N$;4`)5O}$4?JO?~t7MY!8)n zCMZkPpV57CMEx4I=IeJX+8+&0WX?PL18Uw)U4k2zw=j9x74!oO7qXHVp1!4WTc^!| zBx9|yAZDlooP}-DkSYvw&WgFOKruY_307o994t59PU$BQ%dlfVGXqedPoLD&`JUSq zDx06elm7^geDI?QYtVYH!@rN|I~fdqVE7BCcnM*r@85I>z~;)_iEcSGO7p#z?2lh@ z{{wpmZBUCX1tWd3Ch#?zpL{QLnUntOl;>0v6~Y!kS2oNs)KR1eR=1&}&vE>0cX+xd z-YZN{l)s51v}5id09F3?yl=@NMsjfko4}UTaV=fO15Stftr40Fk-hT~99dM7MInwp z1($XJ$Q}{7x`?)&zGhVbAiiddla)}G`Wdqm#3syD!>83B(M&EdJ#6}q9~l}%7QkmM`SYQ7)e@9`YjWP-hS z<|1>CD^e-A$pJjpMn_w35O{WgkT$at{g{>bFd&!Zz)}(;7R0hl2WXk?rFV~k8FD+W z{8*NjG~UCY&ETw-u!#GMNUTx_ijmZh(18jCGQ9q6#VzgKm+~uKpvdw zLS;EHb*g)(W*khzuZUWj?!^V($>|lnl`&P=bPE5#mC^|i~-KzK#uGnU4(g%7UUXUmx*X*2$VjY>GTuQKn_MMrd>gE;iV>6 z$q4{fgwR+1b@}Do9H24oHuKa1O_)RxnFdqivlM&n_xuPj(fKUl8 znPfrcbP-Pq9HVSrIul_$q`j^sWPr~0nLH4w^%;hv*rr9QRM$Q>Z17q#*RJI6bm?IJ zWTyMw*xGx%@^t;l_nD2?4}rLfEy~aTt9!RxDAIj++KbO?)OzVF_$66F6_7_&v7hzW zTO2^cAusXPt&Cq^P{PND%j}LQ__sLI_T6~@?2Jo*N?L}IaT)en&ySlGQPDG2RR~#w zYD4kAYDaAoKNv{Pf-n=1TqgD<_O>^kLyBO%yhk3e|tjW{~Chvz&|=-t2}cEo&+?JemM zU$lJ0Z04WFSg)gfMr5VpNT2;L+!5p5CbpC-;0=zBm|p%Z62mivxWs=t6c)^y#vUlr zz-}CANjoMNEvfuL*YYY8JtEd(VfF0h!LKUYpiDlG< zyn|Dz$V*ipt(zg|6nzZl7Sle1vL-mu7*$z14MPkl^TNf)7bvgKJYubMpad7=M|2q+ z6!Ll=w|2{^IBrtmGyZkw>5v+ax-N;8nIuKH-Uk-$DfwVri!OPp3h^cYx})2PFm%W? zgg+WP4ukH-wc#mVIdiMEeHZl8_E496pO4jyQuaCmi9IPPQm!aJYjh-^tk#r(f|XM&OP?o3089F)@qF62z^R45_CicumFshf}( zENxjt5bwEyn!OxV4UVgbvg_jJ<1ti+Z$hEYVS;iD2) z?AmZlAx0kY9_PHw4k^knwQDGk)7;*z@}s3GJvc{1`B)-%}1xl$eDI= zb|z=zdhckpUNEx(>WC=NH3<~?&ED(LxxAx1xD>av-aY*hVkPfEr{<*C)Ej`(UndCEuCQ~+FG7G8_9ypI8 z_2#68vw02OO9>sYyJgVRoRbE4^$<#lx1DpUy)mt1vxEThxu9Afn|8Rd zax~5wBpz};hBeygCUb5Vms6VaoS2mpr&B5RS9(O_=R#0L-=>lukjyz85ugeKL-B5=!3J(aVR96)*Cl#TX<>o}qf+d{d{ zL^MP?bE`q#Q1W4O5O#)s3II4-L~d|NU)U*0BuIVo6EwIWgx~q(EzxEvtn=eo18Z1- z9_q10k!X~FV9DXjkcWH#lgD|ER019G361$I&8=d)P~7bS=JrcdJ%k733wt0Reb1AkrK9UF&ING@XDE2eZJA9Owq@?M2O5{$olE6 z(HJ|ukgFDp_Qe+&Y-p<5{gq+Lwg>=mI&e{l5mpaYnsjhxXNUc1_@IzXF2)AQ2@0{9 z6i@p`8;#SzPFKpE^!Q}hR<2)85MB0*F*t|pFfbl6{gLSMP(JYtoa`#I30zvHu5-GLT?2Ix%k@7k10n*7jGks)0cZ#WZ$^6lLdNh{SZjU?1aTE8E7; zli{KL!mY4xDDC{7x;Z`GE+2pWvamF2ykviay5De@7+RRR88+3s)4$KOb+Fm6uv$3I+1e5|vEc-CMe>*@zH z=k}NG737_YGN0rUS1lka#-K1PCS|!OIZtOo>n4r6ba+_M5t6u3G0K#mbs8`B?nt&F zXIP3$<71h>oRktnBQcL68&m~ScEpWE8pY&SvHMf=DxxDl+n>aTuSwz0QlSH%nA|+) zWe?rb^Tjmou1DKi7!ycw;`-Nm+JTjQMLALFQq78D(Q!OH88Ymkgt6HBbxUuxFxpcT zJKCFp3J}E*=)7^N>=V+zOMhl0fw$y`_oQoj`dqt(Ymf?57kgje;MCGma;=b}TTC|# z5&$6>vpjH1Mz-DoL`JcjShXk}HA0q=)orJb6-0IN7;BuEBZ{(Lo8@g{RLidWFbj(Q zpqK%VWHAI>9%7d3l@my&3Xm=ckcFkHiKUh*S$Vl(BJn(1<+hvYKxbl)XGy~<{>WP8 zJvRFk7%9f)y`ihBz6@R!ysoB_J<`p|V;`n8JKxZko#Jz;254>p1y_QJOPS&>W zV5m)UXGR316%0sQZVPIk{uM;8-d+F+EBqHR@6hza3oBtXkHjX|uN`XUhYv+>e9PAp38^Ravf zC8Tnmse&R}q+Oc%sdKthuHz5hQM-UJ8lJqM1IcBZnjs@=X_};aZo1W_Oy(kg3r0=w zHzi=qgwb%leyn$7N1vDbb#Rg@B0CuLIS6dk(rkTY#t zmzzp!;oIl>G91LMbR}#q>jaim+mb;kc5TC#D&K@*hm&U`jfyyY_i={psHP?z_)_;(xx{*?o8O<>y~MSoqb#{iVTr2thtU#Q&4c3(7)GFSM&lU zLB^=9vYN| z#iiTQDz|8pz*mx+7tl~@Ti^#rR!j=~o-WnciKEabe9Yv z^B0CXLm>X-VE=4z$diZGQ3S?=#?65SVX=C$@?dVB#U@9V*nl#zlvez%cgRFYbs>h~ zpNkI#&22LNl9?j@5xsj_goz;wb`XnH3Ids`cdXv*nhvNg{|L+$Hr7_mwwN`^*amG` zDqHUhN9^i0D2@+#P6C^7V6a>UEHJCsXDy|z>8f}jpxQBq6rXmSL=vvx+wU%*A3-n@Z{=@OpmCF0! z0HHbL9qG2b?9f=DqcI8=GULbQnN3V0;qi$R)O-OrMk8@nJPa)S>Jbxd$`5C=nS0vA zZR9cSQmpv}eIECC_k-=dmv(7qZ6_wCr zt=GEvF4SeF-EIBN=?5N_4_s*HLr>mo*fu)rI@KwAlswiVm1W~des!(4)kMd*!cJ3} z$YsfA^R(PYul_Uhw5QiNI{#*L7}AD-VV>?`Y`4V7r}q~0PH|zK@o>J}LR_4n7lCm} zOF&`upeBHrM9H1@6dh4&10E@oV6oKr`~q~Ggp<9-$&FKnkij%6LPgn>Fp664(y_+u zS*3z4mS*H=i&`ugsn!1mx=A_2xbZK#l$s~bKtCkjRc`z_|CHWu$8kX zl%7UqY3GxWm>lUOQRj7uh2zZbMJ^UPw;(@1idMN+r1)-hU$Xs{p|%}`Tw8Rk(%Ndp zbJ7-Eu)|7#7*eL=ZXG>ERJs$^ID17l@kn)*FL+6Gb5W2p zaJ*LoquI@J>ZQ&BrW(k}@Ds8SPN#}p1!*VqVrVdV3oFR(2doCr!8B>sV|?%G>73S4 z(~4a+ml%J}peRDR`2r!x{NWyJrtR{J#URzCPl6xQGud1WyF`18o2^I$AzH)f;OrrT zBIRH=%dQ%wQ*MutPT(s1!9)1w8pn>v}PMI0n5fij?yY>4QD2Uf0Gfo(CTf;Li8I;1*N zGKic0Z0$T&6i~xbt?Y=*TPS7C1my#6P^a~1Gws$DosoyKJIbW8T`bO&O2RcnM|87d z0hbxG+EVI50*T=hCV#>bMu(>!1x-8vfdb2rT(Y;)Yn6lUMSQJZQ3-Q?|if zv2K;|8MYcG(_vEsV+x$W1IjhAxY& zG;%?0``XgJ5C>F6^gQDzyoh*B3QnBgKb0*D3JP%Xq&PzzpDv_o{7*eYB0 zrJ$KFX$#?@1Vnnv=(kd&F5vr#h^&zL-P{B(XqbecsXe1+67NoKna70#M@G^pD)ydA zI8~CF(Ic;=?|@PE)}NYQ=UL{4cF-8W8wk5Eu;ayg_m3##6WK_2^*gD23k2;-D}ErWL7GmIlMrjo@7D`S2iJ z9hT=D$Q&{nvxDRWl*(a&*b)^@rtjC}!k%v;JXTp(IkW#&e?h;0I~b$c{o~?m&%Yu~ z0WbT_V{_+myVt@suD_86<_zib+wriEQ<3miT5<4?ttj}%R)Nq*sxm`S=H=HHOm*E# zt@M2=qKn>ME2fuIOGbjY7SZs))6jf1!l7w}1U__0RvKfBrlD^MC4}|55+^zxwB2_0RvD5Pmemy}cysRnh*d zwQ~vffBo;Z$;&$NS4HiwiuPas2dVYf|6Tw5FZ$>I(m(%`{`p_^&;O=>{%`&Be`wE4 z8|++*j2={-^}yV`)=%?Hy+!F6AC39VkEGKCuP5(Mjz*{N7lrE4D7pZ$BuJd)ps){$UQ?Lm`59@%2<8oV47!_6Tp8Fq!Z)(P8qdNP@+7B1IN*)r z(|IBscyi^`hAsDt2x2$3cQ}G4`xLntENz3_RB$vpJ{}>#>+7CjfXy@r(cM1%>b|es-^If& zdyYewM@Qyb7nV2c!73wvE}0#PWo384dlj!6bAv-GGl=tJhW&&-yCiKGzWGsm-}{jB z=Fx8fkCWzRQxznQ@hCQ=tTX7XkBS=>ZLH#(A}y(9gcG{!svWIc4&ZMS4@?Xa$326t zu(*V+RX(Ycta-^h4Efo>`7AMU*MuZgn}q^j%9Hi4pK)^YL<^HLx~$P++bdu1Z9Lyz-*~o#LJ%@XulrOZ@?RqW zUWh2M@OG^zaQB|BJlARhoyrdv(r@lPUwO2*x&HMx+muq+=fW+f#Wx(m`v#xns8#vp z$=YL7%A0de4fF^p^sVArzjDO+US(k)S4_NC(Wybo1$_ifj}E+o1nrQPqA>r~LQ%Nl zmywK0Ta%0}Q5rFktRMpL<8jA-<=I);yFnNiD?-`-PZpxXn+&BZ~`VxCz<0*Mn0HJGsP&+g&{#O)kdRG>RIT!4~hpx2b>(NDIjvAu7i_?kG{s zy(9s5fq~NWrF~SYdQtkBSsdOs1j!+~{cw_OJ<_P+qui$LkjS1CH!mtipKrGr4zIcCo$e z`spP_5w<4IqE?_kqqEI86Fa5QQ$6!N4bBrgA>LUA zFfMQF;pqH)bTVtX%g|D2vtV{<8BmI46yjwx1zxiil#Wg*s&Q@G=_D|z%V1Zz2%P5) za4XOG;7gmEU%eU~AKvGU0zA)!lBg9U2OuUyjCD@mc=2hmVpQ~f-dzLZWktFyC%J(R-j?}S@E)1o0f8A zURI_CiJZ}hi=XQ>p1kF_^43@kj#5%9Ict2|+L2(I) zzb%w$cZs_D1ABQCWa&667Te|m<|))h2C{IGx5+hT3})?c=O@|PBHWO7Q<`F;(x_PU zx3!CHeQfhJe_#(?8qd@}FZ_|ct49rNkdzQkOf}5q9k*~3fgAWD>yTQ(j%0U<1f}js z14y%gx*9SbZ2MXF5Hq%PwEJj@8cW=Gt}?oK0a08$i^NTDPE0AKH?NWgs$Ukcv>bIp zDh6of3&ThyJm$Hquu~42(HTH?f6TOl)on~MSLCLVG|x)RDF158%L^G+ZN-33RtisT zg>v;g2VnBtD2U2M!4rFK6jTBfWtF(?aJ6`bs1|O+Rf}f29lLn6FZiZ`1_0zGfo^Lt zqosn*XvM<%lH0J%F49#U4K-@VJE<(=)<6&~3q=~0v$x*1k*-5PwoI_L-N2Y;P-uzs zN*&Xfn{uNcw}4UU%70=3+*D2wbE{br>dnMTg>T)th+lU5OW0?MGB>n>o3i z-aU0v4+@jL?nv>m*`MNb)~(|G2lTF}-`&Zg*wntNRi(?0=wrSX$@-SRW}oustMsL4 zv&n5G*eRTbg#nWlXnuLD1NcC2vaHEmnDz+~wy}7UeT8Z*g^fSotl)+O0@Wok@2vZE z=Ev#Tf~3b}ZcDwjAJ1^&2nhgjKO}eS=Di8Uz@Kz?r00)pA8DObQ<%|ey&&Q3=T&I_ z+;cdzEucs^;gVWJL67K4I9r|5_*SLa0M%H@JL}bOG0B>6T@xQk1ZC32*8c`@QbNnN z5u$DqU1>?)*x8kaGhs?sns6`aN(1=Ru6&p?Rc=uRVPqAAGgTfEQ)-F-YvE+4! zhJnsg+!%MRb3Iaeg3q^w1oPG>g`COM)Rg`THfsVC+KJ4E000?n?+9pWYSEArBr%cK z#jeA(tF1{+y*61spqy?LO_UN^M~6uRLaVm&R<_wU>;do(%;3DFkOZ>3g(y-?tNJ`K z2(Lz?;|k1jk1tKA7cDUEqL0m4c9aNEPUpz2*gb8A9}!BqzH?Ls(BfhR%2oiD>v>95 z^Z^-RkZ*5-+qBQ$1UdQusT9m;`ULxwI&L$fMXbDsmPi#2_-p{{Zp&4w?M+-xpyZXy z36ywp_!iqzDaup|RqCXSp1 zLsewWYH#tlr(NHKO|dE)a$8H9FUu#72w<0;AyjIrvlS=2G=|y2z&T0yfCh{y15brGZp5=5V1n&&)c`9^Pd!B_PYyIEh5~Qix^{ zTKLK!VzBeMuf383JaaH@0UG?lA}YFH=*3x3oZ?67Bbc3-hH`0& zFqPOL2>vEyQ~L$9Y_x4*na|IbPD}eII7YJn zT7&@R08=0Lw?`wK$~t|It{O-4+ILA|VQ5I!CAE@M8NVQ@rKK!1_j>O-#C{MFvP7`t zgpY|k6HZfch)Ccm&E->|ISO6Gc{a+(f^1K=R=_#Sl0f+-a;+3Gd-sxlw>DQ^QI`N+ zo2HfLjH;$GI>cUO&bZv0U@PtX-~t;+CTGo-_uFD}qpdLTyrS@73Yh*Vn_(^i6{FT? zOR1b&WmStc8Njlc8QpZFnMRYuc^q_~)A>C?1>pwAdeh81&GdUj$? zx4_i26|TTN@M5Q#L~IfFr-sM&h-Jboro~C=rz;xmJVf$GqNvtA((MR9T8kO3hMXdd zL;wkMDnVQD*`|_miI$)=pTZi^B@v`mpD5cu>oyX9&hDyQAD()$Dj^B84S*`d(*2x7 zu^mHxamAnn5cBX*W+t2_%oH5zt;IA0hj5tf0FV^-m0PT32}52Yvs>o6 z!W1fb$MD&Z>9&8Y_=N53m(0MduXdkKKzVG{|UK&lM?3ntQ?SSl-99 zal*nAXTWfxXaj&vGx%>Uf1TnaMrNK)T^Ag-G*x{?dXR4l$B0WoNK@o~!cFK1rAe+B ztTrTNU=gvbZRtVwJ94 z?fg(vuoTLWi0E`no+zJBZKEmO?QWGL*lf}DSs|iH7)pkGe4J)B1ai*4?iI}HY`C2- z%RCLjqFzck(;pIt6hji*@@m6_%k2#XnQPqI^AAEk$JMAv^@eNhW!lUu`yx$@dK`Jh zuN2`zRX9`FRd}4Q)O(AgO8N$ihbeqpa%=`#*tXzXcDeF1W{|CUW@3<^ERBC~5bQIs z4|tK;3)iER!|Ix@M><2~c?pYcCO?x0b5{tGI(+h)vjgjJN$c+Lfp4P$<7~%4Skijn zLoAsT>Ru7?dR(vo>>L+5*Lil_$K!)XN<{_-vEX0~q4~pa!wDA3jclcPuT0eVqRq9M z7BC{tI=0>!VbH`mLU@&R^3z3_H%(_yd@zElZmY2oCytNF$MD5RvVeP7j7!4%XdI;{ zXmb82C_^4;FiD;bk!~je&EZr^F!ygbM%|@u+9J;)|K~r=FYf&5tCydDwJ^W*`NCgl z5jrnRqWPSYag)pW!JC~sFOhm(WSiv>=HT-Z8h*T+Et+k>OfBi{N-Qh(Ow8~$Sb~BY z&^Evd3!Fj(rE%>s3c09=6>2Yfp_hUFG8=^-e_p{Ls4R|S4Cr9|^9@G$p=9H)dxsI0 zs7iM1GPW=ev?GdW9n`dl|N|bU06!C zS2&;M=YEhWJjX5LxgVqhY5^zRUMS$VZOT`ywQTwE)|d0D6pSKC)A^J%Yu23U)p?{} zM9*b*Lo44@WSc8>*E}r-H3xp6DIm#mjjC#H`{%cMHs7U{sp%j$6I^Da!4a69oZ`i+ zs{GJ80(01u|2RD&Ttz)n<|b>Uos{)C=ZvQ!;EFSD?lljk!l10?BbFa9*VImvvsg-n zNw#Je?oPr1(^QhA2^%XemSsz@T|!1dSaXmPGy~act1d(BW!QbX9u6m}(nh`I6*ROu z72ZDbt4)WPr9ed=*zH1}CAF@{JYmdc+Lu}TDfmE)$WWer7Q0?M)1fW3YpQW6k*7sj zBx1L61^oEV6Bm;7gkzS?qx?WExs{(A_OzU?ts@00|DbLENzuE_{iZaih5VEG|Q!NEDw)uW!8$x|0)v#r1=#AH83=4g_?G{qW184WYx zS_N6s5`=-H`ux@K^l(0-2-KND!+aSYBGS#18F1Fr-YcnHwUS4rW-*>M#maeV6mIKC zh8&o~O2CAf7-qyP_#}-(I7FgoTL)4n=~qcq1wIX2KpDA$!e?^kPm9hG!xOliq2u#n zYS3945`BOP0pEOTQPgDA!Hx!kyDm<_Mu_v3*jx#Y@q2MnJt)Nzt87Wvb~})x+ENco z!!Cp}3>cr1HiBR&fMs;aXxB~D{pZ~ja`{SL8curi269<~ z1aKxG3y6SijIK1=bT?bupbsY^7<7)doFB<%uoyysQ8PYbnsXTHLC@-CjGw(FS7nb~ zz+q5ji~z>8g{CbF^2>A*9~AuaNFB#=tD^C-kGp!w+Q^bM+X$tcVnR8pt$XWc7I>LY zp!|H%t>P-%gCe>u8kxZW=Fjs$&8k0)HUthX0dyjPe7V_q@5;Q z0q4d~&CJ*vax98ol8H-l=QPc0Y5%71v)XOo#{}|nZq`aIyliSYtzetZCav4(4*9r+ zKhT$!5Rp>l3JH^5h*eJ;yw*4mu?wA^X+Z4FXW1A{nQhjuk7Ot%;3a0JA=Z++%uHjQ zXFeG8i4<>~{lZC+b5BM-S*OiBA6o{to{cjPaE)(MaI_92E$tXCn<3!+@Z5E*HGjdO zt2@@d2x^f7E!54XY&&6#e$jE-UaXp6E-ae5HTPxt@?ZCelJF?EwQwWy;>*wH(uS7o z`$`?S$Q0h>4UWFx2GSBoqNGF7fGC19iI-~ry)4nn z3^=|(%T{ErJTN>)3E6S#ZLaqN#TyJY*p+Anh;ZSR zl7Ae6qYN^>Ny;>9-imV6OXWd0vQjgEn$6FtkP8oO@_z4kGLxkEJ-wbTna`J7RX!v= z0U)8ZL(K*(D;^036r5Ct+Kgq#(FG&5y)=xC;4!yz5@6L3kD#@cf$?OzTh=)op3vCM zS&upM49({jLWY&kv}V10F_Pqi(l;?6!U*Q8cM;AbbePt_iXH{1p(jR7(BoYf^kxTI z$W*bB(IM|Cw_L;XcYLg{`^PPxN9xMYD!8GUpA+{j6h?L6Up-{G>XOA&?!AEs z!Cjc>S|N<>sCMpm3XxocSGnXh8Vv~SAeS@;2bp!u9@FL_rimX^X8;E>8J@VrkcT`| zybO;Lk7XRDZpE^uOAvkx42sW~MOnvv0C-r&#~0mBl+niU+0YM~G>HzXBydKQ09q5h z{17b`423$p$w!wSWGO`^u?-4n^hs8xV7t0Nwo_U4I5sJ(^>R_;L1(W*zKha{&T){^ zNXKj0nfE6dNbO_RSQ-zZxCAq_FnV4?m}ABFNn$+R;wqwjy>V=r`A=D9s-2<1&Yk+w z@2~2wP`jv9=<#fOPpl*{srHYtV{rH$fmt|?I}xMGi)Ia3&g_zUX}pWEB%Llt$y7P$ z0#)wZl(1CXj<5~Uq8jIs0emtWIDAXfV^v%w4S!o1wQd zYIg1*^{^OA%*!B<*au=aB?ie!MpEEDbA{w1Y6>SE>`M*R7&qE7P~KX{6lhcvMboBi zU<9q$EHDo$bPGG=&W@%#upHhl&7NHUa@_qY+n~`obR%M}I6Jxg7b&(U_AR8KQZ6cF zku&iQO4glo@y=XW$+~MQgl4~~bOXXCM$P0~fHwrED6DMY3ioSGlGMlA5Xc}1N9Hzc zT7x9sEGNN(-tO~np6{(c+s4Hh{{(kT#FeT0$u9ET zow;5quYU#W&jwFyKL^!0h+e?=pVLA_!2pMh3}%T^M(Eowe^$yGOFND^JrW8T15zBJ z17f#0)^<%02Y>Ug5fea8=uyJf4#KO_vqMzNq(N~#( zsOQUUwoQ{t-W%&(gFab?N?CIhJm{5karR*`n3qg1Z^&p~j+lSUu}BQv?6UJv)n$L3 z=ND~u*-N1@|5*#p8P{8viWHk2t$p^kb2L()>$wJo+W4v!{dAMqL(|9o_Dc81H!q6T`aYG~myFfSF1 zT`m^3Ql;9rT##~=?6~&9`qOMQqKDOl4|oo;FbHyxKP@i87GU??y2&Jmo{#~^V(bE) zof{K!Cja-6^?i1=fxh?-w+pO9# zYl?7iPjz(FA(^SzW?Vh@v$`8vNN<(%k4{pydA;1 zB4%YokSj&%66O4JIIWcS30B&F-Bq%UnxcwJ3y6qzoN|Yr8zM9!J1d|QI+jpJ4z#rk zHsY;7n-#+2b7l0WwNsBk6$`ES*M)$JOa_aXZbmzE_WwO^4`;zlN<0|k_-Ay`Xr^yh zp1fGwd$#dx4RZ++(Y_`Gd8Z>*wz?bataJCStnmO`q=$y4N(Y#F%Oe3fenDDVNRcNA2_riW!wihu5 z`HTiV4TpYaN>)>sa!1?Mg4MYPI1+KKn|}uyN>g9>M)hsbz2|D5`jgQiP)Xi%FToy& z(Sjr7;!Uj%eC8yLBg1021q4EmVsyevtmNeEcz8bF|MUFrPYa6=7%6#-Xt$FDo+QLc zSy%=RiFI`s#SX5dFL^PPYR5zpxpvVcZE|)lR5GeNO1*Z<+sFzz<#?2YbkVbH!D|}& zm1Zz#6w$gCa2Ek$Rx0MzJqf>KSgQd0fM7foDW4z|FUY_MR5Rmg%E?ZOb@d8ydSY&B zxU9p6V(r0`$Co=W+cq z(^(u&+q(cck=S{2MhBLmUkyV%|E#J*)IMqTu(oD`#;Ssz;W0D z=f$%>zS!7adsG7?2m)=d)vWVi`8p7}F4cZTOz>|hUM&0y=@!4)R25iOeCKcf|3upeBECpfoYk-x;qROpwUkkgCk-86vX3qugea+C?Q9V>`< z2&{GlMLKo0J3ELd)TZRx1A4CG&6mw2wE3C3Tf39bZ>`YtF3sStWPH5YZ!*W>+HLrm=F$S-qxFdU4p zU3)$lOP&g3^uS@fH-quu)%)J-@jmn+t}Z_s59D&pgE!a#f=3Hf;3Xp13!I?B=oPbh zQ||2d4$$Z|T%$=-uQwSTo%4JT3L_ePG8r8Vk+kIyXS)yNB#Yd8(1QmD>*{$fw6AYj zjq6A;f<_Jp`^PvjB#UtWB!TWD&>nrk+>k6J$hmQPaC~t{92g75&&R`);kmXz&_apH zH2}qC&P~DdCJpW35z?idFmJ`po=Eh`o148u#LSO}uP)B<5~F!MJV4rE{6;@+K{#T{ zA45i+4S~1xbOM033_fMn()oLH=~oXCm_+$#rSlHseMSy4o4uFwD_NK_Xz6{ z^P|!6@#r19250Y~+^#rTzIJUJpY~sk;KLxzb)a#G4yX#bWdJZhKC1R<@&mhvHXd((x3am`Ti@zE-`x0i{Si*o zUSHY5^Yxp(@7A}!*?6(tLy66mXWQTRHXip@o_*i@!}_yFH+yUU^n7z|Ypb`hd2Rja z^C#rnl@?TsEAG*IhnsQ0+{bZv9>8$e!pxc+2) z`}>>M9C*!8~qW{t1d-U|M2b$fl|8N0E%@oak&k2lfF&F!fA z-TKzr&ECr9`W6ZDcyr_F&1)nlY5+Qbpx(1Jg+fvbfnr2ZgamtmPCG8WM{6rj01LzO ztQbCw=7$)Y2r7L&z$NE$g6{cbyo(pRE0z|^KXU8TzjaAjJwfNCQ1i*)?Eu@h)3;qW zF3ur>cUQrlqvL@-g*`rF8odJVSrC7HcN7i-%WytP4_cX)a7Z*p*Pu<$J@d9)o3z2e=o#%x_^dxJJ*~z%gbQi&9B#)gnDeJ#Eqc}+`{>c z%p|z_4Rrt@Gi4W2ImY-GPFyQg5+=~Kt;+%uEFaoA2LqUJ?Mg(Ji}kpR4{wd~dqcQO zGjti`#IK%%+|ae&Nab&x4dKqa<6#$F+we$Bwo+tl@;D&0j~gj>tv%?8>2-1^qv3_GMo@*#|*l&KB7xSS`8N z1a!2kkbL6sbO>@KQrR$6%Kac|uNN=r;N}6q$-zES{AdDfzLN~@qgOQa?Ik>?xB}AZgEe%d`6!e#`w-u*DB6Z+6lzYlgdN|SG~V~YGkOd zukR5qS6yrDsNbjUU?Uz@D1fNJIe0%yVs$Awx-|GtKvMu(^qJ9vtlqr30oLU}n95X( zW^};=O;FzregvK@xo^yUtU7>7$=ZykHC^pmbc_KRJS8H z0D~q+dxLa(5Qx-X_<-fwo>8h15o8JWiEka_Y+a_3?HXr;DhR^=9S9M`>B(V_E~Y=#hI`1_ z+&sN?h`6Z}O3HB~V!9IqadZ>KsWK#++GZ$`lp@v#Znv3o!fnie>vaZAP}=wt*DVd@ z!U9fn7*>w(B{;w+5spJz2|FI%ww3E>DyO@*sNvZ_?r{Wj_cTGXtnOeB*pf+gS4d5d zoulLoi^PV#^JI3xOa#KQ-GQk2GKRLox)F(q4Q_V9Or%0eivkg&FV=Qg#8}{I#7HTW z-X;c2#8YXIV(nSIm|h)S^s6frr(c5(sMK2Bn~$8B>Ki-Nk>g$dbQinC!+OnfZL>Lz zlPvIU`q;?|GrG-;Xngv$C#DZ~cZZpHTY(04HwD^S2M%MLnus9bLTNe{S1OB7%ksx=BOqVgEm7>Wf}2Y>@A=~XqNZ{j9=a@K%Y%9_(Kd2(>528|Y4V)X+1)qm&^ z1`y6NZhBp|4Vq$e2={=!QZD4DXNKV|mF~~!XY{);5P<{U0Vo3}IE6ry%vMB`X7)=s z*3L(%-SQdZCcA}2uj>{*r*;d??YvtzZ~B5T&@Lu)!b}!%$%U(-vR-b)eU+e={KV&{ zxEjG^885OkRgqdzEU>J(k2>T=9OBwzw0H9cYHJ8*Dy!JqnbSYpxw>b#3A8>Bf4clc zJll~eKh@;r)M-~NnAI_a>M-)mS}qW%hmb4G6*bm{pE3^Y;o}h>OyATsIc%+`>fId{ z95?!WE7%?xa`X5>!(MJW^=6JGyD;#lztm8x2Rkw~i`M~4)?D@(qA2Rjvm@2e zB89?^xEa<`#TdMHu>9F3PN_v)*I6$JAuQ=>Q?pl8rzXr_twJ+odb_gGvk^Nh)I~CL z5viy^VQAY2Y+WP%xmEZrHc;#0RCCS&&$duXheK(- zZ+7LYlR|uapt%fYR4|-2*OxIiW`=UpCuh&-AX(cb4iFh-EI@^3Q(poqm|DG3HlK-I zX#=_hARLf0pCqY)!GVpC98n01mFlV;V4y!-#hA}y=ZRrLN=sMykj2_^uJ|+`tCmp` z?kP;7IDi!Gm>%2oP)IFc5hoRlX_z$NEGt+#WVGMu|j$2s#Naw`$m$h1kd6USvd}tZ%L@ z;1=$sG3xZ0+7MOENWHce6)!4#pS3&Es*y-(&y(Q54w3$#CNn{WylseWRjhEd`9f|M zrDeW{20Y&^KsfZS(Nt6du)dvJI!_w46U9Y&*8mq*x1y-RFKwrF)7~tT7&{wM)IN8m zXJK}Kc@Uuzso3$F9izPxK(uoAdr;Swfy|_+7**kQYyt6BqG;dDPD_GY5*olt8@G!v z?%xvxCE>F3*shMsgKz0Fb?Q>0ZCm)y}(T{9U(flr% zWaF4g)sAy`Zf9V*f;(|Is`(YRA_vsWm0>Z988o&-6B-^63;e`qh=^YxhJKa>WR+|z z;VK5-bx4-S!r?kmEjbGcvSpaf$fkQG>N4XU1e@NZu=id|S(6{SX4nX;x)jGwMmHiV zKjc;smKIHgUJkXdxOGZ{Afpu!E3CnCrsHwf?EB7*7H6`Wtv24bS*=8T5#H`$VyqEW zFB^!F6I3nxB{i<@zSeMMVRJd*BFXAT+&F3&V_nZP(EL@ZU{yYOZpOr=w4iO&Dg(60 zjs(C-pLfy7cS(c9#P61B4-tNMqnzpzZEuHqTjo8<4EnE6d7tb2{=-)1-`1q5Ef?^z*a%0v5EM)vtVVZ?l_>V z`YBpF&WWP+LxZ&Qq+{Z2pxVEPZjXaCA!xyIw+h)A+_V`W1-6TE+g$^R$s!I~gS~cv z^bJoaW(X4#2xnE;+Gavh`#r^&O4PfliAUCO4`dtFY1+l604gE`C!Rvh{6mF7Y0 zU_?X4#2Gvrold6)AB#VlL`d>D^&p^7ohUSS!mz=$x(-rgN`{5$6f7g$?Ytdoc;#!0 zK=@oWuR|kzVL3Kg1#d!rOTHGKK^Gi@vmf>gkxT1M*sh%lbcJZ^UB%MOut-!1aK)$^ zROAygfC>0QIBc-E!fX3LVm?@elOXQk#!WT8#nX?>4;qLkVB2Q07nUkcC>>l-MN zcgy7oy8A0Lw`m5=6i$+ePR&>$S zqlTIKO;Okr`Uzako{$1+vOBsEw{RB_JvR^#uP{_wMebx9OCnZ-b=60P#+e>4KOJ0r zc2g|`Liaq9vIU}Pk9|)}q!YI8jnArP7~SRvdu*)~M0)yLGi?J)MqTUluhc_dtX%{` zE-kHYHn4Hzm+*RM**OK@1WkdNjEhODT$(OUVQQPrk580_CdMYF@;F|OaB6WaSRRwG z7FR&bY_l*9-DDi={28!dUC*q8%2I8nICZv!vy6{U4W5m}hdY-XYt9Yh^3Wk1*Si3O zaL#ZLABAgp2A=$4+AAa@a~ks-)e??#mTQ+ArAy78?(R}U87O~%DKG}I3&aR|pe?oI zgX7bqI2s6Oc%8=wLCp3KyBEc^O_nhQ5S3A1iF1ES|FlGC>vZOVBlN4UrPt=K=uRmtEUUSr;n?x%($@{5tsRJi!FS!kMt;We zc+&?i`nz|ijqOfW9=BN)4zzdK^^{i_*lZ+D&@L)z>Fs+;vO za%Tjcc3N|!5{-RhlKs9-9L~qKALfGAkxV-=!F0M%$sAg#Ar{4gcS30&_+q&zMg0h* zHC*#sg~tO-3Z5`?ffHHGMr*if7UwbGAK=MdE6a$btJTlCHGBR%^A_nDHk{zEuH(c> zwVZi|!9v5EtnRoWR1@ z%VssvAu=LVaD`*g6KG?>{3YbZrbo&eMyZyI1r?%3+uewmL7M_*KGNMJE)6cDG{eQb)hr75(czqK*aSa01qhzQ*0!MnKiJIq7P)x zhP+{R89i>HnQM^ro{C-xtNHy1`?pQkt)U>rvUO9n;p69RG$ygi1_CNg3Xi7{Ntr*p zE+}N`S{~LK9%b|aiDH3ebS{K#iPMxDhLdfiVrYpZl&YmY`pE!8&LFCptC?5_y&~XUUycy2}jJ2Wi zWl9-M$Wu`#_zqTn*4Bt)Y#|z>!L=}?`T&%&fpPhRsi;t`xKoA}T38$RdKsM6CohE1 zp{X{+P86rUEHbc~GY(^0$HI}5qIyo0lyfl6``M1Cd3Y1E!&)IE)+Nz+&|3bmScn=T z)w;z?oT#KdEX^@?vd4gKgtZn8mHd;e`pgZwe$^#$0-#1m;rJ;v2QVdd?4=f_O`LHK zdI)V7gPi9wA6n#6wT#36^XrYvIGTpJc7AQ4y1ZH2Y;*-OIRwZyySZ9sJ{w-Dii6zt zUR4)m*&ZNaPdj6YEIyV~^gGCIqFfQ_hQpS6=K+cv(qIgf&*Rb%t~d>3kI8C(HJXwtC+pk0ntTp$Iyp>Z1L zD$7_!cFI!@rXT%ws2qwu{}Vg2DD@u?DI-f2^BOs}7!i!MO{lg^F$xxo-n4P+x%9BG zhQA3JJz(})bF`&>N{7Oru=Z4CxpD=3CO>i8rnUWO1EQ?as9T(Nj*c|}rph0B;_9I) zmj3WErme49ntMrb9kECL>^n|}@G3GGrr3YpJIgAt3XH++Ca!SK^~*;m-Oyf6SXvUy zQ73IFO{%jK_*!OijpB@@42qpAO#`Ap0E+x4S`H3R65kc~8B-w$Ga6{4m@BYoKtg3! zI-rT~CFNTI5)Zh5Z`wT;7fXXdvVnl7Ked*^_t`(MJ{|L3^6bWn-VzD8`Q_bCAw<_Y zR$O#hXa&w+|5;Y{R&wxO@pOd0CS0kO%aY?Vz8usSBe3rl<`E4GYTXHm_mFnL8qJDitD?&osEk(z;~UT#DXUB)AC_nU-(f#Hq4s3W z^~5f!;%W=BYX>D|xehwTS(w8QT(gyyttqACd79vN}RQLe5mD5>k>f|AXQ{lO`=Oj0FuXhi&NYrEk| zTc==~2)W#JGt{%5Dl@7D){pGga%Va0;&)D?rFIv1y0&+$DKJv!t$E<}9qghegYA4c zz4))lN7l56us}%ql<^H4q{K%##{+2R<1{YeggAd?&=^q#-KnxRmDMBRkk~hBrkYy8 z&Mzs-qp|AR<{CzshtjybcOcj7wG-hE6FRZ!eAz}@x$+n#`#E!zQpLjWaFTE#%#dzz z+JkD|@+IW-(DWl*gK+qej1_*{9nxNVNt}J4z#49rrugJS6>D|8sAmwaUZ20}!7)o1 zTsk=FlCdc95$RY7s+b z_l8t8V{E|l-=EVldky?AryD_Z3iM-qE!SKYiUjA~=J#8HZ^ndZ0gTHa?XHI|I{`UUC|M~HL zeDD2(Pky{p{(k1;kI3KO{P-#Seb@XWA3ut}$9`t$<9EsP&zbUHG=G0v{!UdFR|wPg zV6vFYjqSNJ_ldK$3H$8z+--Z_vgggYTpONzzdk+sH}Usg{096!pr3Ecdspn0|Me)| z5BLv)T<%N$_t@ty9%{t1x1gJX7yHV=_I`p~?#Zq?R&(>Y+`ncyJP?|^6@R^-0W{sE z#d04d({$q(w8_04zuwP4F869zy-{DpGwCZHo=GeCIt%4!V-KfebrNFc&% z$FKJ@kjtI+zJBlHEu_Fx9k2Z1+Xr&juV8$h`jf4_cLf8v=PO^xUHkfr#V<^r-`bnQ zgKNbvJpcNi@!K8v_Tt%pyS4XmDfdS1#p1u6+&Xdw-?sLS;ol1vwvNoPkUW1cWppyk(&-IMDc$Zg*C$FF_m6Sw7ZD<9emoL&Z>zO>pm zko)W%9f$FH>&Obeyv&a)9sH-je*(VQ`_qK{>HA*p#h$ZSFpUDH7CDBeEugFlYP&3CNu&-Ld)9D;9~e(JXAt-XBq5{Yu{o_~q5FYMVm!f#tg zNTaPIB+~VJfyVQnzWe2)`0~gP9>l+!4^M9GeHG=e6~A`vu4`|8;q2>^@4NnAvu_t( zyH>e=t@yf>?)zO+{!J*qBDk;%o8Py!_owj9^zbDDzW!%G?6p_UzCV{+dIa48#&`6+ z`qi^99mmHPKg0(gK1yx8`IWc*;+eO9_&>b`lHYtM{@#XX|L*x$egyq~>!r{4{n{fx z_APw;>RX?`(tPWsf64EhaNhR!KY8twPwjb`=x^=a2nKRbZEfvc#or4TUj7kK;pHF0 zKU;f0k0;meY2xz>cWv$cG5NM3-(LDze#yOj1>dfpzb%)${t2M`{E7PjF}Hd5%0K%7 z*8cd_;an8 zdwER$-tqDz{=Qhe>*YCq|H$iaY;Aq^&VLBp_Tayl`10j3eEaO31NisNcjR9E?485% z7Ggy4df_8qLY0^9kdMEIk6U}+h3>rkQ9O8R&-GL2(S@hb^#Bi7-nEZZ=)lM4Pq094 z^DdNmC(Eo5_SW74-hmws;?J+WCRDgqyz3f9cd@bd`sM@AU%B`8&5mmW_nipt{JZaH z?me-Of8KhcoqyhRA~*2g?%BNa`WHa9zE>}P>Wys}QzdVV0*N&_ztjX)=Q0;}{?`>^2aWA9*N+I4`tJ`Re0^Gol1^_yS1aONT&pMT|zeFM2);XjXE`_{3~G~RaY zO_12zw!ZNEXYV-n?fQQ#Jt3v;Ko@_7|74ch+W$FV`g!~)ozLE71Z)q53vCS^zx|U& zto}paZ~YQwYUzcINJ5|Ed1wYmeV``|lk4vwGX<=U*)x`(pii->ao3W+UJfpQpaP zat7$HR3JI!mq4W4|9bglzIvf@9rWa<6)J=44}faVfBFs( z<{bE^lg}pg&7{1!3vZ5H8|e7t^&k2srlCD%Fs_~bdijNW2<8Hiy7vEq2%^LG^!?Te zsGV1(>(pVUeBZ0d8lT_V{|e~3wf`4{x{CkS5dyt7+;Q&<{waBI-xIGvK4cu9|JuDm;pZ#g!leC1Zu+rb9sk3DfAKFM zEL+Du+q~x^uQlKN%`d!6f&c20=U*&-3*velUA?yXM&IVQw)WnQ&wXFt+Iz40d!PJ8 zUr_GtELZ$SU-9dGUqANE%{TqZ1R#I)Eg$*g%{N{9%qL&J_bp$4;RrkM%`d)igbh4V zn*B9MZ4=eD_Fs{IpOt?(=1{QFV)_wUKS|4{z@0{)#WE6raV?zsEGa>w1E_6vn; z*QIMDck%06o1`_^Ve7@>H6tAzn=M8-NQG9x3wS6G>l?F+Rw5uYs>}K`z(9zvkx~ z;HlvNyy89k8yNo;JWKoetIFShf6t?mhm9Gx&*DPeT<#ZdpN>5_b{ondA?z7k?6ry# z?=4P^7svW~yUMFz^Y71{I@NLNq2Y6<5X>_VM}2)Br-}xK2aq;&VBq|z4#V=bI-d0m z=;I56gM)arFyE*ymTK^O;XKkn1_+1`3isgO)2@no%Cc(28tokbh=KR#e)9WHE!H-h zib0=)wO#W)1B1ETdr-H!96s-Gf#uyeru(VZhK#EVdAyS5yaLc-nPx<>Cgz8?;9*)fUp3We2Bw}5Bl%G`$69$j+dMv!%Vr1bDJPt_D>^XI+`<6iZ z`8S?MFW4CPoSi;DH2Fxkh{4`HrTMkSGBXRqP4j4t@L6sE0cOdB!St$8GYF=ZXgQbrpS`CBLp+`k4SuzOxE|hWGS~oua=%Hgf$=RDj2`{a8+e|;zbzYczGvs)h@qKSAEW-y=fN8i)Y zgvEWv^Ocn6a216>JUD#*QGEaD0jvRT&*i?X4dgyIl*`d4XTKM2Ka5i6bJMvJ{w?OF z@M$zRksHVNQT#iC&;0r2JO0DBxp3BBKH=wF4(6`>5WGGy5Af$l(as*gYv$^?YHmHZ z3}{uX04jjIo?FV*P==nTJ=o|tjNeD(?}BW5{Ce(vcy7xNqfR5YC~!6auZp@*YxtSM zoB3QBZv#NAW$&~veXztOB=bXLcL|w!bF^V z51!S9MgcZ|YACr380;Zw(23t(VAO+uu@(T=?g1Zg6j@5~uw%n-t?=mr9#;h4{@gu) zGYL2~w7dzLHND=jov=TF^xO6b>mZ?Fv~HY|S#%smANGK|=h3poI^;m;Vv)WXyk-9z zpz%B~3&-cpcl^^kj^hI2%Gv_Xq+VHDU2mLd$IZL_4TSux%{MyNs*Ckn1D6kX!h-0Z zZ>)7)>S@QB)%EHU4l*J$M+0-;iT0kZ?)H=Sv<1O&1cNr3qqyR8htT@89%>?$>?Uqp zx+-v(>hyTMBH@sg@+1PFF?}sp8t$e4x_AXuISG$3>6u=occOj1f#el173%H5W_56p z)A@;Z#I7|e?I({Pa5ZJ<>ha zJ=6U}ce#7L`wW*G@89+PLErVh zKknP=yW{YEhu?AdhYs&QeC+V)!`BY~hBWA35^Ek)J(s=Ap9>l^%NTp`U!{A3T(M`1>Bd=ivt)zWngB4}bFEFF*VrAO6n| z-+A<&qwhF+;%M>c_=l(!qc9x)+c?1nhsiwR1UGoCr z+2Ygl%ayLS``hjh3X2DVk@(oC<&Xi|wbEQ$ZEGtvmP*e&gNww^p2f}RrSZYD#o)Q;5Mlca=C~lZKRAa# zZFlh1BqedIF=&@2+JlQ1kFkk$Da!5} z6gvu1z}A!WhUK8M7_>JIMc$mq7rGuekUuonbEsV#tgL12^NOvV?3s!F?2)cousSYa9Ue})6kM*=ky2@qf20`QKJ-s)l;llm z;VM!&Ed`zHK|k(~NUJ5)3{-QbpF>_~H-pk1v&pnjW1P2eTSVlUpv613R7(^kxSxK6flA*W6%U22ao7Q3i{w!_DlbM#*=J>zlmg`3%l+N`J>XbAiaE=%S8b9t|B`27CJb7i3@RB%p=Rm0l*=h`!%`p+@utiqrB1GzB9bP^%?5aeaV zh*osiSw#8;j{2aGEVXeX_!SKBgBan?YJ|3?xiVZ~%EDF$*lL0enrSTACm61dXY3b1 z<$wmgC*R$Jn`Rh zcTQC$A6W6^=R^w`40eAI=~aKQ4ozJyBNI;z7eNITTt>XXL?i`w2lqS{4p6CiijZpV zuwQK1qXb5V(#Fgu)G)SJls0G%k+6>Z{txg!sQi#~K>~=ckq(yTwX%fGpPjS${iq2G z-;P+n{pvbJg+GlG9nUll9h#fN|8sNCWxns=`;P4QPxAef z+3(x=zCHPV=Om4w7AJ3`5_x?;SweX}LBUADol(sncn-SLwO|CYK%*UE8%4=eL9_s- zij!j(P82!{&R7s*Vi{&s=VOEriefu8xN8BQ+xLHfoCOJQ$7LZ7{ZeU_q1~8c;FY&C z4J4pp%1Xfs7Rs&$#0&((;Zw;~sGjs)o@T#&TtZYYuFG^T?2Rh&=f9vzZAw4tX^ zAbRLF`Vwatz^a$9Pl7Hx(6Yiz_T? zp{Bej@Qkj_nh`%BfMeF^1x}+wMOhRNx&$uvi9s4C1}@dAWrNi|lUTu=vx@W%2}0z% zN#8)*sfr90L$Hj^fj>o5ONkYwn<_XKug`3X37){S$3qH8q7wxqeKyAzw4SA}!$4Cj z#4GZ^1ej(gRU>dQ+CJtM+k?TZfWpBJ?FTY2%9#v9@A!GWYQyBm#PuzpsyU3yvEG+V zj_5ZS$-XEKEonx$q`Gd-%;h6B4n~u`%wflo1TW;v$XtjyqhxJlvXBteNLL8nJkZ15 zAX~~|IqkO3Mj^N0o_1_%;Z%vug3_90C{ZqHOv|Ej=T%iw$V5g-&MzWs<~U9<@GwhN zl3*G%I^{05NcnIWJ4`JjFE^A61NieWW_E&Hqd1v5mkM;d%TPwwajz?~@#5c6n_qjo zI+~EtB;fUGaph7zdc(sP(sz6vvbN02msZv4ID6OWDiDdBh&u!wzL zyjD(est+f5cx5nN7@kVwAnaxvpR!AJW!g)eR0{E6?nAmlL36{TB8T=oRPtCATH$$6 z;%Ux3TeK6c*cap=`#G(hgihUDFGNSn+&TzAJP2rW3A?K`%8#whV=%s;8|3`}l5D(KK#$@y6N9KQ|6XGyEI4`M?b;V5#KUAvhKR zCwHDWI+~)EMpWJA5vVP|J6wud1V~)UUxZTwrF;ZCPr?>goDy#U#iTtjJek1#pm3bm zaL94WikPT*UKl(gqZtyW^JE4AvBtox4%d!5h8V(3Xhs2y)67T(f1?R>rkht+k#}Jm z)iGidinqwE-CFsWYjP1Su#6yt#_4(F;%HsN=n~}eVc3{{bG*C5%86Rk0BvpV?gQ0H zT1qI<;_9Y@NOlccITU;iRTDu18RJ6f+f^}SoY(-6;ademR6(N(S9c~Y}O!(QaYewF!V!Df$!ph-P1<4^1$=px*E&5Ac(+8Q#F0>5tW2r32K zFBa(w+CdFSNP0(hb=iP8;%o->$ZZIjJ-3Olna$JqPN`zxkZg@o%54R^Z#@d6b*nlH zEiglG#%)S=NFyaXX)~ z;7nX2mrg+>{CTzWr0spAR0~X_lOe1`4% z)rvDzy)^$RWz9voJ1o751v!jm%^HJbq^o)nD&$pv5}06-$p51v;Xsrryc!m zqAj^;m+O*P>M!2`;PAFeKYeG@D5lIC$2XIWYy8)%bpPL)YyT z%1RQ*6gZNK0@jBniNtJdef+vgF(Bh3kYVv?H{yk%HpIxBZeoKtYPPhlFj&4stzp~= z&B_L-k4+8{fUHJF;Ml_2O?X?%}agB#N(9Onx@ZoILCiDdn_Qfot5hj?2|@a|MVL1QR`Uv5I#B z@-eqz(Df^%G(h1fO2NSG3^-{V*zPtWO#Nx#iJ*0?`J)msO-W>>g3LAP zR@nl!;GcHp42%>#3#Dsb4ud!X?ZXBg8i}Xav{`r@DF|n+z1Bd6Zp%q@?@iKsv0gqcokQ;pUBr99Rkre+ zdMvb%gJhQb_#>UgU+o@0XrJ&&yForNpscy!C>@ubbUPf1zyR0**0XIkkAD96B3$x_ z#XY&das1Fp5M5=~v2cICVu)OcRdC?)X&d(7=y%}2!4}{=2T=Y5!0Qav-!C#zu-`Q1 zW*7&f5K<;qvC=iVwgtJYRgG<%gKgqb)q>knEo(*cmw|4be~xs^TAQWPZH5aova(&m zK@>F?+}iv`!S1@@<_YuOTM9dd3?2yfH_%~M2G(u(O_n=x8MLkKMu;Ly$d;XPSKy^9 zmQ1}8Q7h0YOKykHswCOWvm70I-K}m3NumU?B}Fr+Q!_cU8gUM#GwfSbK_4^ z_|ozTvm83M;69!V4jl?qFUSsnmy|ShWs+EPXSbf8crQjdk7gHEp;Oo>R!)_5KBV$@ zd-!Z9t^;FB_7<%ar>1Z_pf+@wX9U;~qS|)UOk&C3qM^qIr^ayrz%=FhbQM;6?edOV zi~0>(G&MdkQ#9>(;P(aQvcA-jVfgS)m?A$qJ~Cl|?|eKG&Wsk=4-KB1LC~gYBQYlE z#x{fB+}0%$wyqPitcT#R6X)s~b)pnHj5ozRo`Nq0N%-keK{;F*0Z$96gx0{eQ_M=O zUi~1$16Q>@<8DZG+O)>d0n$j8Ta35xM^dIFeo0~j$Ka1Ebai!gQ2C2#W%>YhJ_}7o zDw&U=Qe#*)CY8uhV z7=x))6?2=+!lkn*g}9YGBEb-d_R35_ZG|kk|Tw1MexSP#@isdL2FhytWql=P_-5NaqbfO5R#aDP|8dHn4WAd8H)$S6=kFh&8EbDdKuylv*wLB?!Jj0K3u5n&XU zd57V?T17%GJwB7kzhEb+!TmB@71E?!ZHM0H23_@}C~_y2_Ct7Y4GkDEMU<1oYlwDn zUYf|_jL{|RREr&=1=9Q{XxHEB{XoP=>eY?DAYGt2Q+Ek;*9HM$daIoi@+bs|8+P#w z{RDH6hiKxDEeQ_TRsSqKL*a^gOl{~+``kLh^?kLdxMp#TUA9^u4R90&X&t>HWQ8eb zhu^JH%*7*atqjxCL52;A5eaQiSBMuF+GR2(2P@if)JQ}P#4)6m0;lDkZ-;=cLc*dF zKAoa)q^_%lUaQ*@WTwX!JYZJNf1!xs@J0U&reRN85+zwYi!heaq~noLF*`1{gb4_9 z+CH5jJy#-m6ZppB$dV?W4V;j@5ABpr(F^H?3$l9`B?RL&{>M6&- z8#{Y8+6cVZ@cw zv2O^La+9B(!!Sqj9Dw)LsOf#Cqjmy9!RTr$zK2|pYeGFh_CSu9Ksb;??7hiP>F9x% zw{}CzIVqFVfIAB!c>rm0noHCTW5SJ9@uD0Jk7{#qjyAW4 z15$!pl%>m6Y-)9w>b7~B>q-ubuV93+Nl@Qc$N(xKD@L(<3U&+%)|+L(Pv*3aZ6}Uy zR9CC+Qy_LiNJB;iU3YivJmuyY5Z5ATW;*q#+J_H6MD;xo#{G4S6z)K?MWITI7%s{i_ zMug2P;GD7R<)%q(3M)suLzO{d3-SO2@g|9H@kY}YDp}PvEL*@TPNbW8jw6u~9>Dhq zn>ZY+*# zokQb|4@CPBrH1+eJ5q3F6?pPipl)#@CqE*GJfPB%Li()V&_}7y%eWA07g`_NG-)POQq%>loW(_FT zbS!w2oKINT-$kfDm_hg*gb7P-3noXXim7ln62}8~VhEUOq`o;+3DKe)P z@CR32=Z*&bLkW<1RJ<3>&-tz&q(f|)&hkvsgcdWSDU zk;b0&(ktQa8{Ma1!7AsQJ>A{r@H19&=%srV<04YdVjQLXIVSR8X^}(Mh~u=5vXfMh zT;W4mz-Mpso~w(?cGfBs(}l1$mK{loBukNQP^5xLhQ^4ZY}7**pC!oT1j?{*@{D)` zxl6FjSTAG8wseU!E;TkcHfr@I?!_gMGv6a`2|~IG`HhtgCe3P=Av<8C{AEa+N@Tbo ziHm;buo%g}4Ai_jtqT@!AUJeGwbjivYElj}Wj?~}+<5L1{yv7ZU{cb2JyfN9hj8O8 zZumDgq?Ucjm8OK_@EGIDU^8*2qGhS;3L@OmtFoN`%dfity_1i;$z!{5&{UKQ*`B_24NPu;dr& zB>@o|E5pnbTVXWweKs~Ay%!J0l}iuOl5HbHphJYsKnGoef;A%(L4pqCt)O!rDb27g zvVnvv!hXhWk|nZnDB2c%a&p8UQ)1YB#ta7^3@%52EJmg|M;$CwG{sx3-q@%tVjO4N zdbp&U&2LmUDk`!U54QEDJOj0GS27P#Y@<0Akw?8km2oPnG4LD&70(;vr@6;MrU5{Q zHJmHjSB!ELRXiYua1F3C_TSk&6%>ykmn43vApr!O%Ef+MHtZdlPSZ^YVMHkyk_@q6O00`-mEvY?4UBL-dq{51*QzaVu zZ#Do8a)Ogg3^$ZzW(KDyDma_H%^3&pME`a{_!3$^H^_(!`3TtIkDBuyG;JT!!gC1v zg;B4t+?}QGpWo->7GdokU?furkKcO%?A}xGm0!rpy2Cc!5|8kUmZP3QM87){R+Iev z>Zy^Yz;KtQSK#4w=WNjySX&kn(`SlfVdMn$0krNS<`*-xzSVO_?-VZy~NB?X=5 z)LUmB`9)z83QYH`+EllXLxJ75ysT|-vOyLfP81j+edZ0D$)(`o1JT!SYLK%XkD+AnF!+bQFsrBKfu((%qI!uNJ#+4scY6h*al2dJVHn&sPHcHF@ z3TJg_N5kKX+I14&e6&g{uB-5xU3I5eMW^_FY!kU=y>8a2r{#2JL=HvD3-%VQ?xCEB z2E=79a6#I_&&8c?^1?}_K~=W+Gzko4o;~nK1DzU*KI!jgB2Y;sj``KX^brS~IGE0p z3s|36{pC09?azsK-AikSwyA8x_PtT&>MutB&XWdr%<<+E*lSeh1V3G#RP|>E-w*4x zFQl1}StQc3_#?Hx=wPe0DSr9RPDr{w@klESVf3jE6^{YHZ&63k7R)#EtWsYF@&+D8 zDvk`I<2EZ1TvU<&MUreGc$%dV5lAP7Ei4SfCf^Cc^mJgtbfHTL^UKbR3Z2GmIy{jE zM%9Ypk14+m%Wuz5?ai0e7CJqe(!wo+p>>4SF>Cv_kQDI+rt>7+1%vhFO`cmSxONY; z3112}Xvb%+5INZqN@Ad@0Lv~NIA0;zGHJlOziKp0c8iuifrB`PqFq{ z+8fYN43%4AGr8fW;c8ew25UY=f`FZ#wz@KjE4Z~_!O?#^GGgg z4%Gmp>{JPeWOfqc@PQ)b-Dsgl+UQ?{V1NJgxuK!r^t3vGrL3E`lR%f?;l`C3!)75a zC-W@)1gcD6Z^k*mbf8iecCJM;VN&9eoiqsF?1m&RrbobaY-DhB?A%n55}r2?!NAC{ zjtG#0VX@Ki^Mhlf!;xZ_vGs_X))-jMvUDEUWq@gFR>>+M!*1)zwxVSbCPAM%hLB5! zU_U{@FE69PzTblBD#^;cVWkdEZ*4t}(j2(4e2T_}tP7>>+R;)sc(5NrfJNNS8q$f> zlU{t3*~b?^j3R#Ix=w#NPa$+>uxg!f&rbEfE}y-pNR-X1Wfa8*4OPAKripBMPECeT zMYExK*G#yKRHQ_PW6lGt$%m_rjn(<9CQT!LcO>nQ60CK^?qOtB5D%`9O%>6+O!=aQTk1Fvz zWn6^y3jOd_tt&}o)>e99PDih?MIn{Y8E6iSbj)YvcO_9-+yIUqGS5fAF~?kb_?0OJ z4B$t$LTw&ejg&DOeh8q6>C74t8?@GfPl&WPJY%)x>Y~eoqA_gZ6%3SqHi&KBZZZa! zaVdpRzbSq)7Qkd0FwzQDf_Bq(2^$&!1g|EdED^cAdbK^!=^gt*%`g})W61nYYl4EC z8pPJ%zSF}RpJ^dtq6+;;P~R8{86u^oicd;a9k8%&a)w8{)6S735YogrR1z^>Ns6*U z!)yz`6myT?q&#cO0xpzkC_H5LSFsFHlWxYT!+W&q*lkRxV0YNZ1mHmU5&h!A^mO*> z$4zUjKeK`?k%h0sOHIwR&Wi+;E4iIxy?27uIW`g=RprbGlkV&=POYZNP`0&lG2|DhzxH zb#lggb`@AO5az98Fq`+F@I+ap zTz|iFu9wCqrp^wI9rS8?^k7ZS>uoYu%1ofdzES#jcravDsA}RRp}pGWX0)>0_)tCKjH;`zZP#7xu>Mm}e&I z*h;KpClgW}10{X5@9BWz3`yf9R#oVvmnT-4cF!Kxj5Z*p#3>a;1=hYtI2lKW$0RP) zk%aK+sL9(Q+$JM|R>TShl0`VuAqAA^5X;*Rc~x6X6(;L_G65G zRDCPzQTvKMX0%m*5UNGZUoc4+I%-rlgGS{e=gcJ&->opMH>b-+pkheG2vpNY3vrmN zs@Er?2->h<+_+koST$bd*4y3N-HCsC6PLQRwc#%7HE238C~Yz<6u*}SNb>@*Mo^$l-ac(=v}0aGBV}BX)`q)z_|Cp^#v=BZ;b@SZjmzfn z5JwTrO>=Peu9pw-z98&G;^vZ#D)5%RhS*6Nq7K@ieM6!KpIlzyEnI$2K%ylWC}P`gBbg&k#>QMhSO$SngPNa(1V zSB({9N5^$@hF};BkQa|!chI}d1(-@mRDj!27>Wc6Cc4>$_Rkc9>4}jUCrLl z{2pu@8J$5O=5#PJF%=93lY>(;qeJJ$2B(6_b5oNO(?v8t46w*?GBSl$if4=CGhJvE z&w}E4dbz!V-(I*ria9TBQHSN%ad;vQkacOl{u zfKl|4^@iEde`sB4lab~I6DXv)VhQA&Dh(IGxkH0sOHszV^NEd6+g(MF$l9D+IYWKR zj|3eo@%~BoN`egJkxiU9H?x9BHiqoN^uKj&o5*mYH(oalr3B2rC$4fT>6$)8Qda`nMv0k4E4!j zfublo&l=`Vq-f>17`EExZ^cPA(BB&{H;4(Znty47SHZC!huU6;#g2kqcQN$lY}?I^ zxmn8?P7rbv3o$wS`*%iZwVWVmapbW8m_)Zyydv7$-MYP74NNHFX_R(jO&g3WIfG4Nvg=0zGS z%<*AD$7XFyq(aCVo818kmARdObmYS(J;|r{jOT-}zSA27Y@JlDq)F;#dt?GzuC5bm zIKLya3&c*Jsb3nFY+aT<7y zh->BmO#wY3!Z~E4hH#hgE%WFB7lh4ovB^opytJ^fcaPoX5)0W^L`R|kL+>{qB}TCj zP8qUmM;o5Bz`c%`JQiRxkxvL2#y(aLoQ1?$ru%GR4{&hIhTM9ns|qv9aP8@GwT|HJ zYMrwLmhq0HX0M_)#Fp)~USiR8q){3Db@M4yYNJxxtRvN!Pcd12o|_sgotc=Pk)sKY zKz_5BggeT%S@v>`nbLhwJlyEL@G4V(>1Zef&fW5TUx&sLbIc|C??UZLAulU!aU(jS zVPN49iTa&AE!%o*Fi?>(GHuFGMJ9d5dSlsyMLc$t=DFmAHHlf=Czn4KUFPJ16P#8< zYdWlC$>?xMGdb^J919{^6bLL5o3Is2>ar-z=9iiq5~MwwcY_}WZ6mhz77@(g+>&6F z?^{c-j)kk(N&=%-F(ytaP~=L@8n%(BBaqKQg3&QZiX_CyhLr0Y?|~~}!b_7?b&Rt3 zKU5IAWxbdRaM+Ge_q1Y~qzV(+@q}e@1)dHvsn0tcDLM$C9K**@oj8jbz6rS+QXh2p z^z?{wktTi8@8fYic`zaJh_N7)26lcU;=g-lqYDJC6EWPu*;qfos5t<*Xo0g9+kGLgpMGAen#6gj1E+XRxzhu$bl^BiTA#=mUaWFh4i3#YUQ ztetZzga}vRlIE)Fh)qki#saz;$|jcCBf^1iu!+p@IEhU=+$9H)Ne7waCkJQF;3@!Q zBj|fn+Nytt988ynS=$5qt}JCi8omGIqB(_+G3KW zF=(^4xyY0z0Bkvw6EuX?Tb;wsbC0%TT7jfoE65wR-3OIIAUKZ{&e+m8*^?#lhb8bw znqzXHtfIS|p`;m)Sp~0_+$truV^_`YZfHlchzev?hF#HND%WMr;j|5%S(It=mC_mn zmYgfd{mE%bHW1t}*nI)@KoG2-t5sT%fp?&0^^+c^Q>v9~Q`o^o5;%PoZZ?2B?AqN} z@XkT!>X`iuX~`z0sWzq%NCT(brAp{|a~SAOFFY9Nscn;UsLKwnbm6`RKUq1120{V@ z|9zk>xG5+M&+Ty zNLEDWN&%ZS<=R?F=CwjEb5Gp7NA_U8sjEhkFAIys@Uu! zK8I_@aW*|Dc;*fE3^|xGHA??dTj3<+k5q-r7CThb2ilbKI_-`T3>+vT+=6XR0_9gz z4g%|3c3x>JGL_{}_PF;it8R6?%A6}{cnK0tNH!FG)!#pKZfXh}0;R#}66c@s!Lvn} zMyW-o-#a>48lIS$29aX~%$9l~r=x0OE|2mtNk?3xY|N+o60GFb8K9M76Iru!d}OsJ z7Mmm7He+MUg^GwHVV{!TUR;>R8EI=SBT$f2Y;qy$A|X;CzA<4k`3O?=1Uf*ekmV0{ zBO6Aigs>n8li?;Ol1{-!#F1He3X+sniJ+fd;zoAXA%aQtB|ZY$BhQ9RF(buVcbeSU zk;bIlTthldP`?{LR$GITs;lwbc}zlWoHRCxD~=(?6|`o4L$t>8YpYXAkQd40h*7XK z0j3c(ET|{vBI8z3>bF!GP_4$g*4{ZWjxG<93k0NCzKo*-LVdu1F9?RZy1znnZ*B;0 zqTj@A+kPv~b}|rBM@dQQCQn+fO4rppBU6OOI_4b+Vt9vb?3QDI{7rC-n@ZxiDcXOo zsOh|#Y11#REZ1>%(DKxBy|%gW7l^5d+_p?*kiHSF0{l#_;=6F@q>|rdwKiBWziS`iVRh9_orZVZb}-{vM7`#DODFu#FI{ zzY`A1aN_U~f?-Ij>-cV(^g8|Bx42JS7*IAq(q|0b{s5q zScLD)nL|;C1OxnZbUDy5Q4MRQY8p#*r)uJT@;Xm6++KQw)*%f*a)4Z@AzYD!_dV4K zS2Y4TwQH7V(YR_!L!*@uDuV zG$5oM0e3sI6S_e`AUbD2{yDSE%S0dBH6WXSn_8`%`maDakwfchKqVj#Fh$+rUx2q=^Bt&LhKx27<&484jdJoM^wBGU$2ki@u% z1q&zcH`Z*oG}{7n_{z+RVXLVlwl@ECWfBCQs;pv@2b&Xie;qU}^LYc8!200)C!IOM=v*!kN)KtovcVjC~TX4AR=D#tIY2#7X`Sv-)4^&I$~vvz!HUx2jBrZQyZ0Kh8J38k?-mg!tRf23 zW1NPl0T!H=fVWT_AvRm{;YkVFZ@_uI_9&?%4yw&+ zG2~}PC(KdPu)WCJa2&jPx*SQX@l4x;4=Ql-g|6$6d6WsS5zj_PzK@5rZxWP6UQpyf zA|wah5P4x}X>n2d5k% zhz#6yR5u5W8$6cfj}F*VXf8`T9>vsY#|V1Zepdk<6&W*h3tPhNMe%3;xLQWBgo-qA z3JGI`1tKkL=cA@ga$~^wjqC*JR@dPasS5yEA^I@}=rSXSVE=(ix_+8xs!(@)TeKLb z)o`7NM_8~^eR)9hhs<)_wH+37k2r_Kiy>SGC7p-HmE};%g3YW?qH97~fk&tCFdR8L zQz}H9$+P=~Or%>~V!)rw;!J$Q^_w}$0WJt}@a^C5X($je+#Ef8adc;-jfYNUH9R^U zJ{B>d7tii6gD`GPWBqM_w1AS_nQO*iB7?~Iwn|Q1=ec>#Q^1XK&GtRc$ zV$rz;eBy=#QnnL5nJ$ivcx+-FWF}D34IBnQH?W3ewOM|Q^W|Cb_i_IrZiqRVN^D>Y zlo*HT6zSTMV}g#6rm%z(OGG^`As@4tnU7hxk&2l{Vo7@;AWawSduXh9kf|LW+c34G zv@&%I@*qe@Jgl_jxP#{OZj_hBzKF+P8DX%F=8$}2bi4>yPsAuE&QQe~8Y)@+*uG#z z#x`Dqq)b*JqWTnUrJbP`x49{}OCozFp~yM7+fN~(lV%w=o;GyOARYl%7qaH#Hz>T& z@hA_d*Fqm^+&3RvncA6KYGSrEMz}RJq&$_=ZMV8(z4DlsxRY$Y-f7^d7{OQEk$Os3}@M-cb)$hr&l{wh|9{Ob?yG(P)&{ ziP9P`aT4GR>jsptTh@aeLVE@08*z!77#EEG7mFaT|Y{A1&*Bp%5SgWflXExgsdN?@3MPh2CA00p@ub}1k62qWKkyT& zDt4Bg1yCYo65vy#LwqhV@n}YU=y3(cvc}qABbvycO^K-`GU|m6k&Y$gh163|IM>O6 zcifUe!EM6%I2Pa3sSC5u6@p zb7VBd>UpL%0`PxrS-k_tQ5m0^I@v+p$7VYtNIU25aBwYqGlF?^tXLYHoGc>03Csw^ z0ZWXriJ|wFijQMT#XW>kJ@Q?W0?0vPFVH{s#O^S;hb&SwsfC%^pjzxhH4YK53jd5$ zK!+lyAjpg+MS=51r&|cVp(dj0-9?Lpp&PYzC}S?dowt{BFSJTXce(7?AlV!7sD%KC z>MRDx0))jTy54=qWk~D<4T9*4ZgWeL?GLVN_Dnqh2VLki=(tx>SO_)vpg_ zo~1`u=OJr!u>%E{nFby4^efX+;T%j1woHR`!#b@Q@2b}zuhPOahIu};r`HVzQ3Jc;#8#OpVs@3NB%a0vD0n|&*#?@qgq}PoN&MK^ z6Kg0ee}=}2gX8BWOEYJXa*jFNFbnkb@{Zi>veTpQFR~bpzt{#XP@}p#7O;qw?J3zO z_F9b=nAV^a2Syq-{}>ZGJ{kBCD{cbZK<_ZQ>wIXIi*_eU-i3|>a~(Gtp$(vZOfz*T z(z-3Ku1YhjrM>68qA>D5Y#bzP$!-erGianWVQ-zOtyPBY?m_{9KTIWPHstAn5^%C< z?rOP&=q7jow4Uv#*J`*8P6|Gzslli4gx()*N;Z(g3SofHB*H^zylFA8Mj2t_8W|+7 za4aYlG?$uoZjBHKuzcv!U4hXR*^>0j00V$~@WBW@$pdVI!;yFaKbSsC@F`99NO9m3 z+5U{YJQ#FF;gE-I?72By5vgD}Gg(On%33>)87DE^$`R;^`N?45a9FMRCLHQ2k!G$3QX0^>xXe~KWCUq2$bQT6R9ZX%gdG5Pu%~@ZoPu3d9 zb^-$#?AWYJ5+c@w6H8JLacHd<5G5j#0#CGgm4xrBo*alu0N2W0mS-l;7S+LN#Y6HZMEEaO zR%L{g^Ir^4jh+W2`j`F3Jj%Qq_y$Z@3JhsCbW6r3=|Vd+uWZXh2}{^2(%nFa;Z6_g*o zgtN6UynTN%=#f2;nDFvhMAD;3iT6U_7;T}grQjpItcf1Yjwdsdm@>uotMGjdk(ync_GPzXNUM(`e%)R|J%rPR*L2hhQ{2 zhT3gAvAD;|h2f-;K@zylvPcp(K|5F7hf1dEGK{WDj6{6ZdZ{49RGEcp*qmQ=Ed#!G z58B^7v?JXSHb+_su^5fYJyh4-24zdQF816LFS|t^Yg{lQ({e*h?KqFTxCS{g5~KxU zTrKq*ni~gWSD9z767P+KjNpzEIe+OY5E>ivdlhNG(IRW8J+^4fcAx>SR#r94&NY)1 zpti-0RavbUgxvW`{C zQQNB%+2$||R*WdOp&rNfVH05^F^m!w5bbG#uoJN1qX+kK=Ns9;Lu921Ykx)TYuM$T zZazyi90!pxKw;!aWNa`HyAf7l*PB~>kenRANEf$TLLfdjIu8QEtu-YyhROOJ9Jz@t zBSyqtXk{Cu*%RaIxpMHIcR-`3EIj%eAMyCn_oA2}|7+S`uPx4+`O`40BdUaL&R;XU)V| zd3>fNBFj2&JlUgNiMH))Yu`dxY6t!WTi8<&_R+S^iEKZE)#PU3pF#!`nI5*K5$7hV zh+L>MKr2>Heb<8jQ$?^f|I28RHp%t59mo#bhm2zOH98c!JpB^|S^myhfy}inM#5G& zZG<#Y$!`XP@dcN@P|=nq{)|Nl)@e&C;qgXTz_m=(fG!$a#}?&NnmgvaK&TQU^~_ir zq-2rpAtgqmkJN6pOGH{V@)I&guLQ1sSewT!6c$~3*^c{8EvzbsK8m1$`zdiYccWgr zgzO!-VJFlCL{L>2^FShHfT#u5$M87n8@6Rn-SCn2;!M`?znkf)Ll^1!GCN3Jh7+?U z3pw`duLg3c7?&VnAA{Z(5+8RliPA&(oDe`0>Bjm)&Qk_-SclrU728-1U3`JX&JZ(gQrOUPEaIHBh!Kh$TuFUa+)FI4a=;Ecrg@TS3q4Q9J z94C^Mf_+ZTmoZcb7(f#wF33mEYuP%wD2f$$rp+Xnjy?x^kEqWv1t{s_FJ4hCyhknz6)ii{uIqf+9L~QFzn*-aA&`844RK zjjN)$&c2e-8mIz%Ru0_`65-LPM*bA!4$G|iH(qsr?8)-{M16hNuFTpP9 zTr*g=_CVriWq9b$)tz4t52_ODC5=Az5JUJK`-&yAneF+_DiW`pBOwN{1s$CJ5Q3R+ zDPkDn(($csWp_JI+ix5(Z%-YamLPDbNDOV-tQxO?&ct@R(RmGk z@a4r$p#z)9{)zjNcCgGOAPUc}d{FNExoOqx zx7amjQPeRmehfi~c3+~GeXf@t$42cI zVc1w`lnVg1?sCha`WHN^AE0*FagX;TnYkYNTwB0JlT92|)(q!($eabtNEwM~p{N_s{5*Fl+-}s5Ur#1NR5GS1qv+d`PbRFiOAx7KPH<4QqoA>j&;I{Yi!jhK9?WS|> zOnPN664k(P7l5q;VGgG%GU$Y(ig{74O;?%|rZ32zW5AqGe<4spmI_?f$i8L7wjS#@j3-LaIuBK1XQRk@c zZuG3H(;Jik6!tN{RGpWvn5cE2!9q}v#BdNSIc&XKOAre+xDk>>IoD3n4kWgvAmgyI(|9`BXtNX zT-|_N$Zo9ih3ziY%p!eg`IGtnaLmyim~;^y!m3Bhok$d1xcM9$!@rSK8RBtLQe;7{e2!oJ|_!*QAAlKA!t`TL)kYdlamapKv1C!U=>e)8gp zQ_s#XA+^V|4c;vM>_Ua>ooA6ssk(aL6pMB}c+ihp;!?PmEi3aKDgAcLTrVd{Ab#Ng^&IAwAGh&~r*1@*dMZFFql$W^mUMZf>C0 zv(lh-2s6@5Mi?iS?mUU!pgF)U;m zhRkE%B0bzGRfxxQK`7KW#;&Wt7%mx{*b8Fp_z++rAu@l+(ny9bRza4fI<&Dj2~fus z6wEg`z<5Kk}0`E9LX^tDA_!T14VJ1a)FY zx*_Rz0DK(W35W4obA&h8yHX({S@9P)hzOd`I`nV4E$i z2%%_cX5Skt5*pNa=qIul&U&sRIoFAD^wHZzM+XeDah~^#Kd&e^#UC$;WF$&U&d$Ws z1_mbaaH+NmuN>2g@s-)lcIcR^BsnJZl_U!^@FwN41|j1GrYQ#uXG{{!)5J|YtQzr8 zyr3lT5;*{lQ*9{Y6`itaR|S`(=)fI+b`+@_ zPStbq8Q3(Tgioi4hb2BH5QW$wDI0~4!;(Z(<&v>B{Ny9aI%zl#<3)(F0^cEmaqOrW zC741)%i|lXGIdK3Yk*~xQ{u_1gMp(nkBVsjO zDkkLG?_v!d}1#S?fB>z&Yr((kwRM{zXkyp121N3S#3kmZs z0}uQ522qJ~3TJg}sc~*k7iFFHDa!ohiL$&%6Xm43k(#1zTWgy*a>i_t{Evd3k=D?h zNf{{f(xVS82k4Rv|TELJTpbU?%WSV%dkJ7T5UZY>|6R&y?yEGo?PufVs?x z(`|Z3>b(0z@WU-C?Y=9pFeAOd_gDw`WCys@R5cS^7!ST3?tZ0g+|vgEbw}k0TshtW z^ElZL`(lUPiCEs?(j5;8yA`jzZTI4~(R{fKI8X+hZ=6y}mqq9xmePndj+TZob$FJf z2}coOOTKlgjTt;Qk8%*jhrJ?$>DrMOsNYZNuO%DzY6{n|*!=;(gv)MSr zg*Lk6^E(}V15VU)RV}n~nr7DC;lw*UGdIz>p)-Tyk8anuYymiZ^(-P!cv-=X)A#Je z@aV|sj&O(*S=a3?rBI8gslBZzCg6vwdVd6?i~VheFAh^@!|38TqR|aUc)Xfc1*Oc4 z+fpnNtwXhn89+US`0v{4rApbX&n3z+WevmCyDVY!K1g-wYj$*il3jxcC{evg+b$c{ zE>jK~k){tYD9^=pbu6#e7SI>|k=HO+=E}&eybwIptw4(xmwZZM-y zdey{u+)*9wF!MGn*(U_8v~W4`mh~FyJRLI82Sh~6g$`y=QNFtL{mGe z^u@rmGy?a_4JMZAbJMYj8m6@&C%4^2s>s#uOAPh_xv;@PGj1ij-ms9wE^=^zg6yRa zN`_;_rkPX+y(x`I_$!@= zV`zJ5jyP$kvVG{V1m0TxFWHdkRE&S)irr9OI?7u+-N0}jkxp6~NJQH_LOdX8NngLe z_OU{&wzRFEWUo-0+cK$bY!4a(>R?6kBU`vS*;MH(SBB+fP@@Jg7JQY2y`j1y-XBx0G8%K+7_ z91>53FESMf9ZMvlfvt8=7z}3I`!@P<#}kfT*G4uqfGxd{^3u*KUb8UGo34 z_pZ-XR@u7vcm9fKb9O)h0k6&JmK`A|KLsoTI~viOSox3&>*N> za)l@$K?3AbwUO33MI)A9&aV9>E0_zcl}i5!zcHTij5*)6vJxV#d-tg_r6gm#W8TLz z=6vUzW4t46wBLeKqaoiCa#hjQPux7=IFTWP>w8N&m{z)TXykMDB*J?=?x>5aUe-28 zd@BC1mYuEWOq*jpvNmzZmTS$UyqhYhb4m&)5qawopXRNHHxXzr{MDpCzWvDLl4;W( zp7hAu6DR-5E(1-JFY?ZfpURV4Om8}g&#TN|xOC-$qTfp|{eRme@lo5GU|9@az1tcx9TVNmXnB&t7J+MINH#WLB<(UKL2 zpG|I3D>8P`XlX+_S@@R9r#W*fn&{-wbFh_T_{7>`|F~ILuDI&UYyb1}UtB55pyxn| z=`ZnCW2O?HYm;5O_@%TwndN-23$`ZAJv7r^^cWd&?QdV*3M-p@FFpc&t2F_Fy1L28 zEwFgZ+XGn(E6*-(3u4W^E&e;1$LLbh>B&!pSp$MHs%w`n6~jRP#y(a=G>zFpz%S1| zfn>dc+DpfJ86#FddYCw7Njg1_JYCEx$BY|tLN_L~%g&tQf>^ALZg0segqY&dhEI#s zgz{VF_*q4}tcoTt%e_I8rvtp0WQ9T@xpl(v!I(ua zk@JRojj;8+<&|54ollO{&wA)Mz7j02+!9{3`x9ffBHtaPJbmX`mOoZJpzM%4o#9wEAg8JFRxru{9@7KBDrMX zMmqbx`J~FqH8V@5O`csj`_)Yw#JloWazO(%!B}ec?xGl%m0tY)TrZTV!hY?*g%TITiH@-0zP{km$ab@R+R3C zs5G=#{}`h^%L__2t$281XbsYFNmKZM-N|=%R(;0LCnmGbeym~VCze-2N90RqQZ!%8 z{1r3%VSG!|$=PF@cJ(xnw`8bUr_i*e#3rRP7|g|35EKPtdD~e(X_%9 zs$s%JAB@%(X@b<9)h~Hy@>?^fyff*M*^?(f43OJ1!OJ6$OrEA@O@2>)c;bx7v$eQ; z<%|w6+qe9WkF0oT+-YW`a7~j;;#(}T@QS+NVM3**D*x~!lOHOaJVEg*BR^r9L?4v# zRu44!IJDju%26&^1L)z5n1opqWy^p)tkc^+G-Y$<4!<~s%UR5ioxLTA&q&ge@>QE& zkb9{zt;$su;voC6oQ|wsRl0HY5=Co}(4?~4rXMFSU#F`sc~bZ*=_oOZ2pRg!7I9j0 z>pQWma#iVutjoS)N9SzbxK{3Pij-XF4ZzSy2e?%9tkhJVMay6ZPcrZ5^%|rSYb+lq z4bt&Dr4o%pYlOopiPJ?dpG3{Xp#VM31!iNTQE>gCMAK>bWF-&~~P0Ify@z zz8Qon#SG|a#Lg*%dOxgDCe)zj%?M^y`%*h#w#_h@6?0W52xfKEG%X5CJ1_GQ!G%nC z!j`?+hjgf=(Z7{XnLa$SE2O%<6!3T#LERGNDIUX8Nh4B8$Rh-%l0qZ{%$cZjNR0Ot z)JXfuCgvDO0*IWN*%*Kf1wY% zJjj-g7!vDJQX+D*1P3+_*=i-v%{q!i;WV*cSq01BSk9W~S3ue6R5m^o7R$*1>`fX`FgpwCN2p zoPtSe?99j85M!KRxud9jf?YhXZRy9Os&Gu^h1&s|R!;gZuQ#MO2DZ+6cig8fMBh$>U~=(KAV zPO@|_(oTo-YJ;w;qgmmU1dC?Nc}%qmM_+D&{ddv|;uEyVtf$Cr0QoAdACJgTBo8zb zN|;C#&Q)|#M*}(^kM=7n5@#xQ zYY3-FawF&IU=h8!Kj}nh=4R}}xzThZ%T;y6SSRO8ACiRcWVzgT5F1}98)XSDkN%SP zAj72V&$#(2gQP!WDquc+!_hwWy4{g4p;BH^#lQb8DrHblR5|%P>+(uylou_j<#0n( zGB|n0*-WV>-~u2*j2Jc^~Jmw^Ja6LTCTja+e{c`1Op*qrZh z49$|i@-fZGsZG&4?!}_qkD9Yac7r4W4pxlWHZ+M$eKWJRI)JA>ot0Yc=Z`8|Ml`GJ ziEaesG8`ktBWUt>cpRLN_$Qn% zY_?GK9(ny>v{^#ufn*E5diuE`%<`XsIIbC5d8>7GUVhTzQCOTPn2_Fcm zH1%nK7+ZR;S_x|o|9C*#X~Q{S7SWTLL&J=rVombFryxi-jw@+8k+R|(dm z@~?coM8oNpt&WF9xhMHD#V8I(+HvVgY%S_ZhHf$Hrk31oNUl$WYYQNYQ+$8N8{>Xy z*RufH9BEqAyph+TerC1H?W;Hj`Q~=TKHqhdL-W&*j`q*2Sw6lxWYC3wbRz}IWWAkq zSIBzla4?7XI6B$*T;WskJo$d!`i)z38nJmO9AGAQ=zK>luKSrTFTguDidq1ykT)$4X)Uy{ZUIT^bKd$8HQ2ZlbE83)= z=Pj`A9o_D`^O&&*GM8Zbv1@BfvBEao911&E-l+ z?i%uqjs-bi$1T2UWhKGO)&_ekOT3sshV3v%3mcB0+MWcX9P`d8c$D0;`{CaCk9RGi zBN_)I=(e0HyNQ;;#(Amz)_zHJj5RU4a%jOuozt{;bRvTFMgL5)Q%PCaGrN4#h0X+t zSEyvis(9==D?R!Ae#?$444+ftyjn{{-ys`T8{np1?FRmC3|7{ zy2>{<7tLKJXC`PZwwQibyjVZ$yK??q-MV>d`poI#9VzS0JXz?uW`!QtSn@<47e4aG zNz>kXbjmxkC(8|rJZa@Z#6uHt&?r@uu~>(!*8CD7!o6$N@^w1V}JqHPfnhIje$!ngF@@f~&E zTrLN0^7mx>d%6C-!v3}}!i6hVVC=(z4=yA_i`Xo!S$ryvepv6KRXLCBI~zF*E*!>^ zm(UGWhF}o$0LjsB>JGI>Gk?m3tk|raJF>y@j&7V4$NFtc=eyeLb$TZL)CQ{B>x&`JW%D0KSZmEq zM{wjz$2^0i7|+)SA(4LjMMpygHCuZj)Jr^i9Vs8s@un+>S?o0Hmt_m*{~o=y#AYM2 zD|yE?U!JzcHT500O$$~F%Bmw7KeRy|%QkalVon}QK>NZPAj|h9rmeOP*FyYGV#=L#(P`rOHERo&F?#F_IHc_`P6V}7N z7^SNLQcR=EV>dhG8n!bPH^Ru>>;I8 z0zLJ>#DsutmRQyE0U)u)NhU)FS$umhHET0hiemS1K^a2Wj~0`e5$!!$Sbg}8$+-J1 zs~)2AjKc5x#EE{&l4R$EE#c&mm10*rBDvd~ud^Z`@;#Ljk{QH_K$887t7>9)2vwQ- zv}BHcOt_^Icu~GvNX{JD7B&*f{iBD;njeC8 zV7%?nnaU`;c0N-k_wCSN*E!DwOu#GmeOWjEVm6$~VE=H9)XK7KbWTpHd+sw7qNc{` ziu5wCmX)rPVfk12wm^j#65pSYK2sYZHHX#FsY=f|D?hf-|iNiNcl z8kegKxtO3sRxZIw`sIa{Wo55xHRaoM<%n-U>~g zyM+*Qixw73_h=mJypMIIJ2G;(r`G6i@>mY#@}|y;&?a(^jv|)~b|zvHSv+rcSpmsJ z?(tFNvcl&5w%`eYUU>QN9a>51JHr~YC!ljo5GA&1llzbpE$WZ?)-mYMqKz88J@HyW z4fFElQP?e(mG^pz%XXS>2A5fKUPY2)QLJWcUG063mk``-)Z$@!&5SE4+2{HQPAW+( z?FuHAO7QqB#w#B02X#prU8~$fYSCA%+aT*K?g`kpjOA96eDQ)zod|Rli0Sf`d~(K& zayq5Te>q2x$wr0s_2{z4SO!Ax#Pc^Mf z4vr->iyKoSqY(;&HH6Q||BWh?V}yRrzRhi|L#4>Bi;4^3L{on<#@798tN7nh?>V{k zCS&Y+=a}jLj*9bsZtQR}#;*86%!Q-ZcO)LNFW&>QBMot`O}}r$Oq0M}qJpWg5u#)A zq9Sn+3*OOtT`J>vY*vDgl5Q`-*#3_R92Q-fO)c;jPI62l~!~l$kU*e23fZH zrds7LF`G-ZKlmW-lxTgE1~E^Nw3wId2K{5}#4+Ddo^`ioX|ROzEM3cU-_gQcjPXVy z>(Q`^(#S(^AOOAxa?1P!FHCR=FC<(TV8TuH@m4YNAf zI6LY0((O1YU>9+Km?Rrco4R=~z_h&KDN5K{mEz!A06(vleUr|o*6}4l zLEPomQ%=5*&wQI#9E3qisO(gsFEJ@ObwHD zOuUpU^^^Tm>D25}WqmF@L?Xz|QNyUIE@=62gBwTma_uZA_(r)47SKLVUy~nvE4LZ% zJfh#@G5kG<*I2#xMgP4C6P8;vzDoI$9L~waqRB@{*KQ6B#8qU;tWo0RdSvR{#&gfe zR6we3ugVj$Dxu9xW}00CsnWeN&GSm`uVeSnJ?%^yC+Jkd;ssERszfq;xM^Y4Gq}r* zAIuqQA+m?n{Lf(;bDrpx|120vN53JLjwLv&b{Ehl6UvMDAZSofNmL>L#@kqKhN?WK zz4_AV3Mjj7TeJ*@?Nb%bd8+jrnGw}tI*yH`FE*^N)XxX#S4%@B!wl*6ddz~Pi|nRM zPAGoGN6A74&-9mf&2bVxd6+RSGyqwmbW&@sBd%&V$UFBvIOyzJ>>^j?-+mQQ%r z4PfHlVpb9sIeAJR(FLQ#g34QI$-xHJS3bdrWKaG%if1Hu^zV7)f^C;Xd2d@lnUjct zz9~Z#ZqE7*TQ-)zwq{eoq*ap(c^Qy!Nt@Qoi@}xxi5^-h3D&=& zU%FHCSSnv5+^}VW1U=T7R9+`u-6T_RnFy~IMX6lBs$4d`<@3$!SIJj#<@@3Rx`+s|oU6qR;$Mfd)ufzgZ91wJ%p`9(p%GKVhkL@W+TCVkKyD z^hD(Z$yAhh3hFtfK*u+q6ks7(DY#!PA>%iezp`0B%P8}?d}gt%LQ_dQ z9+7i?*}PjT)7l0#^Jr_V9b~lX(l-*pgk2;USzqwR8o3CX)e`BVS0!3}dF7h2)mpRF z>!r(3;-6#O%1rwbSv_;Puj(3=ceUT!m|N%_we7c5ycZ|O@#i;D~9FDZC& z@uJ_&pIbb);K8CLLO(dA;HCLXpIfwSX@N*AE?T(s<$^`?3W^rKT=4w-g>$DA6#xFk z#q!OMf<=ob%wO>03-WP_DFyQv&UsE7t%Eo+*}^6+QDpu@xnan)5=@`~_1A<`yj|dRA+P4xL{7~-6z?)((wXvU(b?na%N3!MHOEdlR4$*;&y}9 zDc^_J)gZ~l!)ZO4nJ$i!bY3CNJ6F)!BSx7&xowh}Z*ihm@;Jg}7d!5pwBUQ>7V4I# zQaVZN^Owx#7VF6BB%!z6t?za5s~x6N+G=}+lJKy9_K2}VkPbg%l4aq-8N?A59v%h*OJ<4RLYfdV^6p0blI>{&SzI5sU@0HuyW*n>r%(O0U0Fu0&|l+i%!V~` zq2ZsZG56P!RTZ+&@K4i{k~gPMpIY+fj8{wEeDc-%YtZU)S-$_%H0ZuHOqS9cB&^>* ziH1Ee^)L4~8giXaEbKo^GX(PY*9=*TRQ&TORl)s^#)i!mtNwYK@xauQM@nW*{nwJ^ zQ~y`VTld?h$_=HfWar|a1Slny_orZT2mGH1Co((UUo+nP=d!*x9M%L)Ub&k-kYnhEAO^^C`WV4D#uM znU6oNOFQo2@R&xvtDa1m*RyPfd6xaF>_NQtTA3Ws=t@%7%&gnALS23r`6r2V2SQe4 z@*=-UHb4CBUd~Ttw?}tdWQUHgN!&?!b+deRcoYH@(ii+>^RMMYU<4CGk*QccGEB0O}}h6{j%NU zdsBI~o07L2vfowJd~J}oL!8sd1(ub$Zn)FUSkfkKEc@S^F6E0ED_2Sw3AxI- zN$g+ghNq@a+puOsJh*&oAhm7~3d*-fHR>zdpMym!}>t{vOn{iuR}O567%3jS&B;EyQyr?rVc zqTrv_KK_V;e_C7lBMSa$?dFdu_$RfYKce8D)}H=|f`4k;`Xh=Shn>|U9&}B?k}d0A zU0<=KB&<*8S8Q5a@~m#`mf^IrL_RGlpFEmWxa8#p^A;_9dF8W~Y0|4}*O$tj=aLuaEH3u-tZX05m@Yvp@;}soGt(ZODYwE$eLiFQv`2r9 zkHnPxUcVRM6`M6HPc`(sW#mut3b7~0fe=rE57L``tG@^yXTJGJ=cEs{Gq$& z&)xlE-`y{o?_St`_rmeJ7dq~?)!l7tyL++r?#0%-U)J3Hvi|O+s=Jqt-M!R)xBbxF z_H%bH@4I`s`R}(~M|xXbdRtq%x;9;HQI+0tEWM*Wz4K6d=ehK* zed%4z>6-27n&au3j`Z%j^zOFwp4#-D*7V+*^xpdPzN+-TW9fbE>HUY&`_HA{-Isp1 zIsM-D^n1tC?{%bW>(aGt=>xUt1Fh+UHR*%(>G!MB?;lIQ-=02nD1GQ$`tZK=;pX%Q z+tVK$Pk+#n{;)3nVOzScHeJ`6K2noDQlI{)D*e&1^hfRKqleN*&!vy;OCM`af4n{Y z@$vM>9qCW%(x0@YKdnuF+L}IIlRjRbK2eoEaV&kJJ$>>}`sBIvseS2F&FT8>>H6d8 z`i^u%UAmzy-B_D$Y)v=Sq?_u~%~k2Nq=6SK3kPOdn|pnJ$>#_`rNtn`F-j0&FL?;r@uI!{-Ps&p)P%) zE!|d|Zfi|ntVv(2Pk&jJ{_mwjaxEZ_n&Fl-Y4EvvXf&XLDxP_ROy1nOz;3nz~F)TV{7{W_N35Pfcb| zeP(Y}X791g-uBGCLz#W&GW+*s_BUtV-JW^(c;?-X%zJg2_u4YGwVB%1%z>KBf%?qB zs?5P-nSKbJYQFLS6lb9j5^@bS#yj?4#jnGf1BAJ%3*Y|YfwWa{cON2)SM zj%ALtXFfWV`RH8c=)TO+=FG9}nPbN@$2u|}*JVC#%Y0Is`J^@TX-($S`pogF%<*HH znTze2FArtDJeRq& zFLS9m)4n~^emv9Ok-1!#x!jhyQk%Kbnz>q&xmus;sLFI4%XGA7IuB(!&tLsfM{Rc%9CYlpVB4sEL$+EzbQT{TpFY^b_@X#1g|?dOJe>>JwAJhXHB z(9YvSJ3EGU)eY@x8>*=ts%ahCT{E=1erQkC(4J#Md)kNg9va$vZfM`Wp?%Fm`?nA6 zKR&d-W9Z$wp?BMc-m4vYuXU)lW~jD)=s?xbfn!4l+J_Dv8ajAx=>2^|?>7$}+CFsX z_|Tz_p~H1Uhueles2%#Cb?C#Ip%3ea>Z*q7jt$kd4;?u)bmZL7NBf38Y92beedy@% zp`#r`$LfZTwGDk-JM?ku&?hx3W-m|eI6gJC^Q77_FxA$(ir0kfvzG^H*P^ z_sAj%UhFn6%qdz@yiz_@Jy&LfB7;c`uB{)-zw?+C*t4FB;=n-$Uj5*;u$4xK2s!lJ!5G=7YncW!4*@aPB%NW zPL=x4&CB}lx7GOj3;f#-&QAPW180Sy0@q22KR{MmG9q`uH9UQQJz#dLLZYyNxynj zBb7?6CKs&REK5DPC%Rs~v??b|c^Wz;hv{vbqOOJ6^705R!WRd46`o(1tCVPexVdf$ zt)n6*XxZAG+cxbA|5B$$Y>3T=R)|vr(PCpKg9QbF-$~_$wQ`@N@R3P{)5ch)i?8D& zn}K&((mp65lZaXM*3m0#i;JIKxkN6lE?v2B(aPclFUsZCx3k!Di{<9($~i?ZE?u@* zFSOYvaA>oHF-+7t4w`(o4iOsUmZ9FJ(&kK%TfsK^Il2ThK?g?+*;^CjyJM=?jtuRm zoJ2lI+35@oQ^gX=PC49^U1WE^+CVN8_s`oydaG zw6a7cG$)?}qQ98dL$pNm7nzwe9((e!ryhOcu_vuC@#$KLNUU;eZ>{M5JyajfG?hos zS6Z$mtJX{WJDE5Xv18lCZ1~cG%Gk+=b*%#o!O0m6x|(yo^Bak>nti;JK#H4X33p;g zEG$NJ4aFqzm18a~e5+bgew8(m>&7w-i-Zi+;~a$$y=YXjqqRXI@8!qQPZVtiDKwYK zsk7s*m!`+qN{>m2iJ|riI1IukR>XMGt*KJo7i`#kQ9;d>Q5+v&;O?cmSW#BCdabTp z*1!6ytP`ZGupnW3?DA)rVI&p26>Q0qlT?D&j=T8spQU_tyBuHh&E4&%ZvV{jm;dv0 zz@y`?fV#uvjN&V08gOYL^g+}B5K_BDRao~5F7b|?&gTuz7o*%a4*DdSjh)}9^%y%@ zZZ-H;GwMqI9(s*Wj%Zg9EmEs^_s39RVK_%w&5gX@JnfOq`pUxm@~#}Pz=_4k$NJP} zWM7l^Y;5JvfeN+{Hiod)Iaj9>#D0?~g0p7DK}gI@Caqc&LjJg6_>JYDnab zWXTf5cIH?M86&ZdqGgibxC_?&VV7AItu#wOAS{0w$dS{_OrsQU17z<;V>e%3%UG7y zIIC2TAd$^gYa>7M-PFpm`QlF|o)r2qC(#ddPr<(wNOUMM=!i#=;7Uj?3{Flu9U;w5 zyH=#R`@DKm;euym;mLRLl}psQN>*et*OlaXAREPj{lcP`iWjr<1;2iYUyC*HYe`A4 zL>rR5mJK!tv1tEVN8kA>!Ku<%~QHif$TY6_9=ry$ZgQx#FW{K`qb; zf{P0d3us# z(Gs*7BOF3!JpRk|ykERQfAI$W#T)cq-k^Cen`9k-Ca>wqPNjJXu9S1m)$%2&LfK?n zYqw2o)d8!gbJ}QcKx$^WK>0B@`s@H!3e4Vq!cK{m??<%x1pJjmEB3%BS^56SSh)q6 zDG2St3xK0%$gMGLbN=du?XxKbd}%-x{dQuwzZe#2+-uIc;FJ4!l5GBNkyY-h*LBjA z?H&2W9Z;Q8!V7lR_H*(c(6c=IPAm_@E_eQ{JzM#$`#Bovj1%n0n@XX&GK1?2&}gmU zl-K$Fz!s8w5v4shmvQ&hy%ZDA^AGip(#(72GyWQn-MzM!{fGPa zUfGPhx?=-rTxu`x0Jb}EZ*3h{e&eh=-jhd#k-tTYX{&fG*eUr#0P`9m$zh}SURAzF zHmvHn?v9Q+osTvZ{xYkoqnHNC!3D5zz&l&CNTanRX4l!W0P-o;{^mTJXBjf3z$Bu5 zNX)-b3J<;Tw!JWpZG(M6j(bB9+wKN${pKb;w;$xB zQmQqsR%=#j&YNiDn&pY-1sG-(&$^YYRv=%F! zkSurHZNK*lA+(&mofx~fac(uX+Da;2I>hl~Hb31WB2+NqA+TIA{xJ>wxfO7Hi;vK# zpRJugKh$(NF$UDI+W0SM=g&Q$qT^$o+Y>D_VlZk@|`EbEXy@6X2WoFGXuEg3KA^LoN+2`lx6P}Yd-#Ph2 zpU*G*e6H}qc_S(ytehMd&Kp@x<&6*XBMTf^HOWiF!gXdI{7=-R*>?dZYLPiC zR3nGCDo@hQGCM6Ot$bbjaJk-Wp8jCLZzV=N4SFWX}Bg zlAB~Ub9%{}PdqOF%e~|$F-QJZ8R0!Hm$4szM*dbg z`TI#pKl4e6)+JY`pOD{AitH0l$?qqGFZnznzn_qNW(xmNk$F_o%+z#J)}#8rq<>8E zdQ@fP`IAzQCnfz%`8`v9Kc?yA@5e;;agm!T^?6*&6#2)rPLk#^$?q|(ztrnd%}dIC zRGvL9^?g**Kc>I6Jt`;Zo>V!_Tk7_t)cJAYJt}`cs((wm$K>~8nuo|ergf74AJ_Is z-j8WIt%J(S@0rS%x;>_ODqo&IF7!+-U+VO@ls{d6OCB>t=1Ix-aru9y)aNnnd-?xK zNjF`7PnUGlr7qK@oayp>y5uok@}DkcO_zM9OZw@WpR{AT2H$&3R zkaRO7-3&=LL(jwe5324OvUBgOlvf5bu$pTd*@y5? z>57RF{jo!Fn20%kvruk|SNIn;fv6#%(k>l(1ylqKTG2GReP$^N4 zSFMptfmWfnCg>#%j-=Q;xoN7V&@SUod|v*vqy>!oo+Uk((iFLu`15&kw}SFz{(QdN zv&7}dt90|)O|x(@B;E@Ndb@GfEd7{|++fk0^11Aw3yE%;XhWkqGs+dKgmCQBM2z(0 zh50a)8&`%uv*IuPYGxP*zcgPek+AL4I-Z1~u0?$km!l=BrF{o2Q6Ju5*UHOCNRz`Q zUsK45&(BrqKm-6w$kn;}SF&F`NjKujanNB$30jTLz6ltuywc-Y+<05=CGV1Meh^{D@JsYE}b&M*Z z`W_Wxnu%fpk`LB;&WQ9E2$U_wWe=Bh9N{w}I~l5YYc^z~JuOv5E>IO6L~WFdyY~GE zC3Dz~p${w}y8B3%y&%J0A|HDc&jSv|@|l8-sRh$z*hF`J7oKbC@T^ELu`ZQo3LaEl z{?5`_y`ZSNF{MCnphG=e0c5>f^rQ?V8?E!7Wg#4wk@fIXGap0`X)#vC>?(-g3vLB3 zMFvY18`EW>E)~;qm6Xrd3jEN<>2DUz5nqspWx{=-;309I(fa*vvi|v${<$>Z1lU2; z!|87pPZy6bN$~X31v6$&o<{Cdk^6)|WV*afjCe-2RlsnowF1pMPaLsnq35T;Za`!- zbDlGOt%6Ap2GGw5X4!ao(T!Nq0mMbyiTAYez`A^HfZvDVMY*rrNBdT(Rb=x;@soZr6Y6HHAtfrV}<%RpJ3H#cD5O zB+iG(Sqdlzp%qYt1J=u-bhxr_H@?eCW%XE4D4u#U`HKsuB-1=KmvUr54}qX)f0{bg z@(|xg1^%D#K{V8mc0+ll!R!Oq1SM^qp-q=A@M~>xPO;?@dlVgMm6tCz;RAZBmPf!* z%3g&h=6fQ8XKxDmpT=1usg1#zQ^t)A*jyp;mS3M#IOiehC>vwx8`X_TlRz$?u|iD# z%$bi(F8GavsF^ugdd45k)JGEY7LT6LCzj+<<*QlMc_I|$_WQ916V_5P!&QSxQsyHC zk3aR)iFX)!{aCXaU4!D9g_R~n3!ma&_~dsXe`H>qu8qK83NgiHY51k8@|us zJ3IKKMcJEjQ9wSirGyN143@dLtaAP4jjPHkAK6?{zFJ-<#a9$k(+Uwh6MCC-F&EEK z5k3g7)ZyEwxx3ckJEZwzD#e%l#QVPNbjwfH4z_*dcf=>_!yfo!IUB@yfUV@G@;%X4 zxET`RII9dxqmLe)ne)i@u5%0FW_4}}vMZA>d)<0w-l4bHjrb^C!K4X=MK`Ksqu}X+ z!fO(gLdmTpB`$@M+ek`W4JE5dN@NQqYe;T4au3NJO3t~_L~@ss#i5`YBfX&AMtVVe zjP#uMDmg!--Djky-EX9)eb-1&`<{{uL!A#OxhQ0H&`8hfeIq@qLq>Xg4;$$@f1u>D zkkt_*J*$t5^sJ5=>1mHC`EuyzkCiM9SsgdhvpQjYdX&}kz*=QB!{hqSFmdfLy7^t7KF>1od@SrJCzyprofRuUXVNzdwn zk)BnXk=|a3lA^+%^Os6)4p~Xe6(v0@39q80XLZ#`Pb;xnCKPT7!ktF?Q;931>b>0* z_$xr8G?0YGPCf-RN^dwxXf*RFpiz3mNkW5_{7T}%=omQ(q|EU;e+8th3M7y+=f*DP z45X|IB#<)a#y&m;QdR{LNSPZ*AZ2wRft2FVKtQ7`kbp*UXds|b7Dzy&I8+1BC=29= z+Q8z_{5mDe0tw(0hiU*gWq|~6o(;_ha9#@}fb(pq#wVKdYk~Y!$!9|~0ISym30OVr z(D(|ldM%KE)pMaBz-mn(0jv40&tCyY<$(l_=7+8Wj>-cG9L*1vB#vBjfTQ`LbBH6? z9N=hvXu>&d;QtqD1*H5bkU+}wp+!K->w&zaX>N>Dc5lCQRp=Wg+Sf~gju&~gxx(+N<1QJ+Sb*XYQ13jMe(UUXxxLF0O@R&sqHF)u6*m4te43?$Thai}EJdt)G>-it#eq23z<3H4qQvVwY7 z1`_JM#E0xU)Vnf}Q12z7AgFg`Afet%LP1dP%0NQBmj+>|_ohHXy_W`IsQ0EoLcN!{ zK3|7=Zw@5Xds*mqsQ2bTLcN!TZijkr4kXlj*$qxl*P-5<0}1tB76t|Cy*ZGWHI_Lv zu4C5N97xO>FNLlH7TyRXu<&vqfrTxB1QuTQIpw;9>6%dZhcHHf#-9TTX#Bx3cpcFA zb07hYKZKqHH2xe&Kx5I3qo#y^#gMHJB!+BRAkiC}1Bu=!@~pmwwwDGH+CD#!(Dw2` zLfaPw6575#kTCVj0tr*UIgr4@wPQZOUjq!+Isy$e$aBtLUjq*E+-cxJo^w+A8i0`J zP6HA0oNLgp0SS5TG%#^(dngYmxKQy=I`}o9us)E0!q=xm$-u(bX95i{{Pj}E4QTj32LlZS_){RE z0MCYgg@(TtNND)N&}-1)ia_m zSbEPC`&)52E6Lf!N#JX7NDF*z3?ye07Y4pIhH`_GO>}glmTb4Io^*7-#@tQ78;JSRY8h;G55bG;r|E*+64n zcsY=m7q$cv^TNM3yQbcRKHWSJXeiXp!-0kh-TW}n(4m`00u3d)`Dvh`Ha7#3ZbDIR zwuI-)XA7MsLY; z=Kn3~|Lu-I0|hs`UH)6NN1hY;-vS5U?hZ8C_wB(zLz{*6{Grab4!h;K1ydk2pWlKl zxb?oLzXkN)+8Le$(YHPd&rzRSbs<00=hi7-QQSg(8iC`VMQf@2b7L?*Oas+8oc{VX5)m#Xw`N zaq9z@|K9rJ%Rs|8-l`3>)%RSWt-iHhzwcpOZk-D>>M#Ax{`ejSMB3{#+Vg!~kcW}@ zKIr53uo6-~_Rsg$-Y)}<_TKt1&}i?iOM!+Rk@4Vr^Y@r;rN5lUbSuw2e=I%axzkvC z-ufiaFhsYy0u4*_eRH6JpYK}&4gB2tEYQHucl!ek{D}T|eSjYsKc|5odG7TAe&o5+ zur~6XFB0Fw+{kmMVQ+3V1$j)<-|Y%C=IL8!0*#6KyS;&izW(2)|9Ia_{QpJ&34Mq( z`tLt#0*(HY=ZEp+!|=;+kYMmH1wyZzPYEq!*cAYhk5U* zKbK&k7kcV1Bv@!@Pt&fR#x5pof^AV&(}&IioO?do)$`d0WPJvUtE^T}_?abCDNp#B zCH(wg&sk@E4pY-}c4yD$p71QJThG~D36|w0QX%14%j^8kp7UOb^Hzy3x_d6LBYQ5O zr+O~zOt4^_!19C_ETKwqm#OE1RpP>)L_({?#hpEEUe${xb#YgM6{IeD8!uW_FCFQ* z#CN8iOF(Rovba|1xdf2PuY?qE3aL-o(U$<#R8>Q&>T_eIs-PXI)*Y$Vi)6K8LQJ*p zO0dwzRO{{p3$;(R?oF^z)l}>L1PjJF)p{Vog1t($UP-X9_)N8SBv@E)rdqoq>oW{T zsCi@gpryC%{wv(LHJPPGF_Ya)$l>bcnK&05}?NW-Q+cf*0$ ze%hV~`i#=^V~?~dT^?ynW7pn`U5yWY0&v zf_;BI(wN9zi1JwItc^4lI;r;X7LaPkRF`VM6h{S<-3u|#E85Dnk%nb>A?i(sJrBAI zGqE7HsY{=)i!@$K7lcv03~R71(y#^#LY*(e8mx;ntii%44{J~nX;_1WQ6AQyBGRx1 z3qyM@!x&UV8n$3zXy0Ynf{IAP7RZZ}1M4!3fxI~d2CRWdaCwrt409k7fdPAPeP4j@ zWf+9(`y&GuK_o(^FbN_N7_bR1Mj9qzL!@C5UX1+$gRmjeum_7H4STRL(y#}MW52;3 zY>YJQLF)2HL31v{AfzrIjT~5n#j$T;5jI8|7GX&&6BeN|(y$0iVwtcAm63);xc*U0 z0F!Y2Xk@@9Tt6NeFbdaCLhj6Rfn7*lJ{38z3`-*o%djcZunbFMy2zP!=^~XE-Z~Y2D`8+(y$B5Zq(B@Uxr=S9BJ5vWx*0%hF#bkY1oBjF+bRa&5?#( zxE@}}Q!+g%!z^46Yv$Bt*oEKuj&$lW?83iA8g}7#u}@$Z{w>n5 z3oiu(T!CG9Bhs)7F9rR+0=w`=q+u6c3KhHpyYNP&VHaKsV|E30;f+YcF1!@#a|L$c zjYz{T{65OVF1#6O*oEK6@?aL;j5Msm%TXRiVN0Z86aL`)->EAw34e|>EW#gReP9s& z9BJ5tKLnk+0(qtrI7}B zi*D?u(p~|0OCt^NUfUK&5a7LbGBN;Ok>GoM>I%Rs5`h8mibN;`*cFMu0CYuyXVs}I zz^+IH2Ed!Tay)i5;G4Q~B60xWuM%|yg1@Scbp?b)B2*0+7Ky+Bh(#h)4Ja0gzyORz zB2*1H7Ky+BkhQMdI!Ijsl(nvb127lIaR8RfA`K`P$5MghvPc8S#j#8Pxh&EE^0lyg zmbwBYUppQ90#FtSZ~9eWStJ4jU=|5)`cP3+TsMkjtpk5U71E|+W8lb**D0IzLp!!-{ zWB}G85xNGr7Ky+Butg$t4UjDofdOcXMCck|TOv}IRN-ykH@NE z#{cVy$N=I+B2*1CzDNWHCVY_yRr^F&ef4TH@PiNJu(5Q)$**bI>f4A_j9W2rD1TOtjM@p6=h!PpXM*o&8AonS4tL>ji@ z?tG;>fMj8C>nqg(Bnv;(sbiZCmpq6ZU|D5+@!A0}t4!b+nmelg z#x0vvhoQM+YvcgUa!wFx12_vK)CPD?b=1VNf#_7n?#KbARVI`TRI5zj0M{ZD%LcMV zCUSsnIRyx{0k(w^Y6EPiI%;Ft0C%e6K;!`3Dig{Eyj3P}fNwbu2_*r%!U!b+yQz+_ zC7@_gj&reWo8>#s zM-GrHXI7y$fUYn?ZGhcWM>rNqbzr7XbzF|M!CbF0p=`|dDib)E??on-jR{|5A_p_R zoLG5nI?YaWhuU2qqSNd|XS5TYW+z0(%kDHgAu@pjJ0WL%p(L{bpT?5R26RRn z&}lZHGunVovjHL#@--VEGJyjdAg6AjB;Z>Z-ou@S@6L$tPQ!O+#CNCRTVz7MhHsGx z9N;_ESsVJZ6BBr<^FZWa2EW-53pdDjMu2x3z=abs2Aor!M`AXZe&y&eGztJ0Mrf1) zyfXs4(*WKX0p4i<7nx9!0bFDP#{k|L0p4ilIoe|)j2Jp@Z z@J<7`$b_;D;35+^2Jp@Z@J<7GX9Res0X$;0(*PdMDN~(*vsgo41#|+tVgdpKKouYa z24E>l6Bq!Yba-G8aaDiY!39qjz$3F`(xv9ZivAYiXG)Lg{t3;%SK-182wS$l-i^ zCUQ6*w?+=<Np!YfOJZL7U}~`rvzw$Lr^FBhoDaM4?&&iAA&m3 zKLmB6e+cSC{{Yk}fm$dXs7?vg0*A0p^bcX3=pVv5(LaQBqJIeMME?-hiT-g|`wMcH z!TNmIrtGqLyYpPEp8@@RWMJC9nW&2)KTgP9Hbr-R8PnJleIUGhA9cST#*ZD7&sNFbl&wr5jk5+c}{s zfbz|_+UN!*zuglvwaM{F%oK=}#Zbr;fD}f^)bQBd6*-1A;e^^7*1Ef5K{kEvhy~g7 zxg!XBYIZ zx28JeQv-DL*3?7}X1Cs&y^#Z5@2xo%IT*#>nuf^1sP)!#1kP??wRd+cYqyoPdq^T!T?4LMxd)e!qL1r(I-Mi;N z)q29^I@GYMh@zHd+XlY+m09{Zf}JO-rl-D z!Gd<*-uhmG1#5bH>wyFd=JWQ}_Y*8Ed~R<&oM6GG-ro9Qf(0Xbd+U(|3%I>+TUZf`xCU_qO~ z`pEkW>U?|a7YQktGq8dbRQ&eViwP;1G_ZmcY})Ou?FlJpIaomocJ21os|hJsHn4&e zUZ-zw-5I5}*>G%2bm2DZ!fj^~QqYpy+dfOMpvbqkC3<3;^~ARG2`QNM+uJTASk~-q ziDqxJW^cQckOH=EZ@ZjeSsS+{+PKZyxUDlG)urp2+uOP$s~R@ocJvVs&A z7`LnI5_w@o0alPQbW|tMQEli@R*=FvjL)Tlsx7i;D^iry+|AoAvht+t17YbRU+#pnmfE zi!3f|>E93R-}Uzc`*^cXD7+0CcRz2^2?e9}_X7tn%m1Nf2eB(fF7G1=1wA9T(_3+n zZTq18?*~3O>)a2}3Br+l6I|w7fAQ}J>O;Qu+N}~#fFI1rb;K6`YxrRo$%00d`WhF9 zMY2j%k_#bq$X1eD`$e*Yt|XVA>X5A@Uw?|^P*q7fjH*MnlDr+F4%tfb9HE#6@v31l z3*yz*V&+W8o%u|=-|9S{Y2S6yD#wer)8+6h3ZbDYH7^q>aK!C#``zJ}G6b z>iwyWLW7ew3RGux$kz5Y+f#MOR-Xkk#d#SAD zY%gywszbJx`-Nqt4%tdxaMG&L=A>1F_e9q-?U(-4YIWJj&CH50+ss;B^{186B?%mL$X1fT zQHN|L2^@9ER+7L`hioN3v7FT*TS;C#R)=gQ2`hETR+6w%hioMYD|N_LlCV;TY$XXR zb;wqduu_L?C5a<-$X1d#Qip6Mi6eE$R+2bUhioN@BX!7DGT_Ka;z%8`^=ZJ7k+kdT zkgZRN6m`f}l1Nd9Y$b^lb;wrolJ%83WGhMFs6)1r1dcjnD@ov}L$;Cxjyhy3N#LkM zwvwC&)gfC*@xKOe)FE3*VnH3Ul_VAxT2|MIg$k0yf;wcYFtMNx*-BEq)gfC+s<%31 zD@pZMhioOO-s+I8WUbXo9kP|=yr2%*N>aVmAzMkRw>o4iN%dBTY$d7Q>X5A@)mt61 zm85#BL$;Ds?Rm~a>a7mhDopiOhioOO-s+I8B-L9TvX!KIt3$SuRBv_2R+8$i z4%tdlz11OGNvgLxWGhMaR)=gQsov_4tt8c39kP|AdaFaWl2mVX$X1f-tq$2rQoYq7 zTS=<7I%F$J^;U;$C8^%(kgX(V4Ry#?lCy?7WGl&8Lmje}Bo@>mTS;O;9kP`q7SthI zNn$}AvX$h{%*$r^uM-;TkgZP%4Ry#?lF(3xY$XW|b;wqd&`^hLB?%36$QDxkuK^8p z$X1d=rViOkvNzNrTS@kYI%Eqe{@0w3kk!}Jc6G?sr_^?J$X1ftt`6BsQrp!bTS=OF zb;wqdrd}Pgl_VC_AzMjeL6$By!e0{&GK-QyJg5Y^=xZWEC5%B#sDx!oRH%e8hzpg# zqTp*HLnVwsFvxO~#S#vsfx+GtpHfP&f5oem41xmA+1fUu0?ye=H(DR7bGDLPJ*jiH zl7xjiXDdlqsB^ZGgoQe1D@jY)wIJfP1#mR0nm>R+9Rz z?%7IG-_<=^NousZXDdmKR`+ZrsnN1jr#N-GG%%>uaM0EiRBJeBD^0zIgSOIKJHbI) zXz|CUvSLT_o2^EwgSI{mizmFre!~f)RGg0WDJKkd&{mQYhB{~~$q7Rpw3Xz9p$^(g za>7stZ6&#QQU`4%xp-0sZ6&#QQU`4%!|YuJKNwlehwvxn}I%q3Nq^X0plEj%hXe&vSse`tX#F#p0 zD@j19gSL`{lR9WCNhk=IKoSZ9C6I)II%umfp`Z@hN(Lwps^0`KI3vJ8{U9|-fP*s# z2X)fc=R|`#X)8%E$Wx~0Tp`cN;B298+M0l~g}P}A`8VpP;o)yoPXoi>sE%@`p_0@_ zF)~2b--x^agUyM*5eNTMMa9z_N)O*}rKzfN1cszHsjL5PhX_f?o zSjSRRJ>dzi[dEMm{8kvH{TfIg>6%Hb2ME}q}0pX68r366^7U^E8>zTlbz#{|CM zN^?ly3$8TBL`tv{IVf@;fF+9Wx0NV$&=S8T;#2~(w@DAx^f@sn&y8jqc zRi4m+H@MK^`;GG84X!i?7T(}Wb7Txp^k-r!1e5`;In(p(?H8(e8ZSiFHz zzW9ElJa~iabFOpX4KB3!ep`Li8(e7`;#=wsuC&)zy}_0C`l>g$(llh^EspW~-s`X4 z;QE}#3f|yKvpw(zSDFS1-r!2pBEcJ6X>YH3gDdUrRc~;m*rB##XM$@Rtb1aF!r&W{ZM$JPlZ zg;vjRB%nJuSnLD3gM-Cp(j8n`4V(yj>JO`jI9LQ{PyGjhMg8lk|1hwqf<5)e0*hMM zQ-30`sE9rFCj*PR*i(Ndu&9nb^=F+W9_iK~b5qxPHPOh>O&u&RvGGJtqt(92OKdzD zSe||3S!Xp<0eYIh=xMfu&9nhM&F#)=@t$b@Ah5hAnm-II?}_GPf#q#%KI5##ok!vcMq1Acou&5 zV0nq=cdsmQvA2ZgcdsmQu{W0a-GjwBfPVL2c|vuv$9ajm*jqyLyN8rl0xWgCSFU*3 zo1nSggXMzedJmS@R;0xBURmO0Zwbxy9xU%NbG--4y9_M#z6aOGNx8Vi(IeMQExXQb zJzZFE^mKAI>*?GVSTyK8od*JoHoK?ugTV57bRG>X2Wn?kPZ!S3dpcbgJJ0vnUBaGD z+Mga};TWi=)77)PuGdS zq7m=uY7DGac23usz@jPa>8fReG*$t+kO2&&qf@P1(lLMmSX34UFaV1>zyJndaljeC z04y#h7{CB54hI7mfOVCXumA>Nbvg?H43s6Y3aqLYzyK_EAp;nIMV(*(17%6L0wgTD zfz#U0cfs)HGlzVc9;e*08O-M00YqMJvk<_C0?qX z>tH#ua1OguLl__p@uVRPK(lW(gaK&kxrQ(R&5qU(2B5i8)({4ux$4mn2B5j>(GUip zIVu{$05mmGLl}Uj&61sSTjr(O`3@(W=g#5ENM*2;O|=teDnkzEFb!jXd}+2di~(p` z2n}NZng(0L7=R{B<)zG)YpHeuMBdAsLrbB743LI%iUu+OecbfnSzC~3*aGOsYfcki z8pr_hTp?&61JGO{Xdna7Tp?&61JJ~j1~LFmaB3g}(9Kq!1~LFmJEMUNK%e&KIG#m#{B2NCTvyZP1VgplKU4 zqycE!1`TNdnzlhh8i1y4(2xe8X&dAy#8c2Z$Z3dkXdmQI!#T7Na<1VV+6XDfIkXZ| zl5=P$G^_#2rk&8R2B2vtG^_z=+6fJ70Gf6}!y165mC&#TplKsCtO01+2n}lhnl?hi z8i1ya(69!eX(KeO0chF?4Ql|JHbTQ1fToSmum+%MBjkw2HHbDsPHCJ&8zBcZuFbR( za#rIU+6fJ9fP85uG_(O|+6fJ90Gf6}LmMb9fec_LG_(O|+6fJ90Gf6}LmPmmozTz* zplK&Gv;k<^2@P!kns!1%8-S*r(9i~;X(u$a0chF@4Q&9Lc0xlNfTo?$&<3DsCp5GH zXj%ykZ2+1!LPHyXriIYZ2B2vlG_(O|S_chn0GhTzLmPmmWzf(DplKI0v;k<^1r2Qg znsz}$8-S)=(9i~;X%{rK0chF<4Q&9Lb^xIbz#xbSVJ3tCWtk(0ce6)LmPl5 zh~-X@4AXXXXOc1LKIRvrFR9oqUvC5D`AWM6^%L!#^k#h*< zq8l1-7Ofzh<-Ue<2xygI4GC$LA%~z=8P<@nRvB^#Y?WaR32l`jhv3#aV_z+Gh49uo zlS6=Or~}lP@YYZVpb2gbbpV>s)=&qa32Y5@0GhzoPzRt1Y`JpfJwRxe1&%~E0Jv4g zdf+PItuo{g;3{J!UnRsw3137Z$IA5hnkW**paB-kA991q3RE8Wb z4pfG{!R3L$tLA_wW-LfRHNOLq=!i^{Ntv@I$_4sDCdFlX8pl_7_=MP;h3blMh`A&0g_W!M7R z7L_4~w&i6no0esZ)3hrZ4gqbXRnc$=plMSy90F)s6b**}n)XD)A%Lbm(QpV#OY8$+ z9pMnbAk+~K0SqEtC0MBrLS1E?MXW>0jBN+O4k@yTc9jx$8)Q$otCX{dcR4`AS)4d& zvXUAU0f~rsmGBA>^uh{tBJLr@3K05`B8%u(DX#zxfJ!-wHUOa!Pz9O*ghl{^7C`6m2npF3n^wz2t$f2qFAN8a|vXXau%_SKnbV;T7PbL1mo9bpxbW0WKXNMHW{ND&-a6@*O2P;%4r3l0XSj$|}(5Hbte#a%-XC6HuC43k{zD zhFc4fU~?r_f@Li-&T?y^Qq0<|g-Ve{J0M5ZERA+R7%Yu;KqWkD+5weu7VQ9}m^JMH zq{!lGK&8BMxg1a_XSs3EKniHETLNKtc@BGJF>_AjH-+Un(GtkPJ6lIfAPiLDn*uC0+I3xxFrxNXSpTNxC*F(TLKMu0)|@xUI9q?F^O1tO1Kr!$O}l~HsF#= zL<>NPh=1nc=vRMbFAS5AlNbYw&f0KhO8G$z zW^J+@(;{_4<34D8y0TUZ&U9R>pIg{9y$}ULT+AkCM3&OA0id2<5oxHBGXqODjBNd z#z-XtlW!U}2YW$oqqJ-d6auA6SSe>E?3A;zER{2}Y?U*!td%pf?3FXKES58~Y?d<< zR?ArlyXCAb%jL{0+vUtG>*dTW`{m3m3+Bu$8|KVt#ccCIVn#U7aW5s+> zAmQs1+|o-)TnV%Xp(gaXgq5%cip^z`ZnsbxYXUNEox}_~%gvBRn}Cd)AYr(S8=%9i zZMU1B!!)DaZhSs;2{$|+x`Z1Y4M>4ARI5*t$+ruKq9vRJG^AK0D3WzWjp@EUB#4yu0Sgh%>wy2 z@->;_4W&wsHUUG4k<6YxfK*rJD;I(nAH+Wqf=e)_8>UNB4fD7b7d?UaG7{s<; zHBEIB*Z<4p30IxUU4sZ$1i(NRgsaZ(E4sfVi7J&mC z>Xt>|P>w{~uzo-U4sg6@5P<_6?-@kk0EcVJUPRykhgRAmaDd}|g$Nwr5Qe>ozyXf; z4I*%W;Q}N3uAVG#lF z|BTrI7Q34poz=rU#pShTW?*#Q>qEMs;kOTu$-Xc3kIEbl^#*#Q>S>bAw~ z0E?Q>m>pnwPi#Z12e3F3-L{w=V0p7GW(Qc_Y>U|e7LCDei`fB|x6xvDfaPtpm>pno z>37>=b|_22b66WKW(Qc?$g-FnV9`k2wwN7Y(V{YD2Us){jM)K}>%9i(VBiccv=GLF zfit+SV$2RC^uE_H9+Yw@Sj-Mcaj|vVVs?PVwH0G_faU1WFdody(P1$=AjK8dZHw6f zRu~S%>;TJE&SG|e<-=hyJHT=+w3r=W`3PCe4zPSUEM|wWhU+;TgK|L^G%a}lQB42C z^&Fc)3s^o}&z1S0efny+p7y<8PT!E81NTEaV!;g8bCurrUV}a7DBkHhW;AVopgE*{ z4a{$k>BgO1q`5rr`v7PD!}YX=eGRNX*9!f+5M^e#o~Ci&2-YXV^;{=_0*g@+u#v4Tu-&>Z^rUyxSntN{cUg*9j>Pi4OBxJ zhwG_81Mea3&Tu_#>tHRS^$gcjo9^s5ZS|ol-D$#|gW-CvmwvFXQViEquln}m;_q-h zm8!oL3;p4G+K+)6)`v^>!8+Vs8Lp>2zSGY7a5n6_SZn3eIQMs-F`6^s;D`H-=6Y$c zq26d(?*6@)zlQ6%dK%nSXU}QI2an@w^l&|w=zXqVwCVlFa1(pDp7UYV|b_fUCW;{>{++&o2I?ekxPkcZ zJ7we5K>YVvVD;e!;(y@0mDfQ04{k-coZ$xIe_;1X)Te>?A2@|OF~b5|Ob3JV0X^-% z2IBwDQ5&xY;=k{d=}&{>|2*>}{`;G4yc!(;_MyDt2I9ZJ!|>YR_;0iRZ6N*!+F2g) zf9D9Cc!nE@|GvElZZ_ON{10y9bK<{mmyK@&@!z-0#;3vY-^}NZ|1a4;j{o-z-wlrc zBZlV&;(zdSyx|Qu5dZyq*&gEG?N0;oKX``u6aPQ7WA|maf%xw`Yx>(j{P$O}eZ>F3 zyJlY-i2s4ZxC=MjK>YXZGkgl{F@6K5uG;t!|37q5pNRjyF0;Q4#QzWNW(sr0>_VwuEE{ZXX1bG49AoBzhmJjhs8`_y!!T&}8Dnd|KL^|uSUmz zN2B!@@jv*!=|`i_|5c~#Iq`pIKlAtbzlQxs{P*plJn`Rm(AF1?#Q#9G>2o9TKX{7c zPy9PR8j1ftx!;BHbo_Tye~AD7{f7TWpZ`B+{fYm9bJP#we}Lwx3 zn!Rcy{@q?RI{v>jyfza5{Z(dP8y)}e+I-qb{0|&xvHBDL16>?n;(u@}^@;euQ^WBh z{_h;M^<*RQf9GTNAMtJuhU z{QqEI5gTqK{`;y~f8xLIEb}M+`_7sD_0RG4e_-p+M&jS+izecKzyjC~Hxd5>M@%1@ zi2uR&J5Zk{;{VQ8(!~FrF0-|2nH*6Y<}-$MmU*`0xMN^rwmV@Bh^7 zkH84_s{f+dKlkD6zhdL<4x9tE%#ZjVIBe~0BK`+X*!s08%>Rb}CgT4N=Z_}hzi)@x zt0u>P4eL+*-#KFA)#USk74!G`zm4S+|NWQD-ubtX2Rld;|9#Y#CgQ(;hpo?=i2wfM zhVLfg-{=i&;RFbK5Fv$zs}ZAO~ily$M4#B6aW1u zn~f&^`!6uP&;PY7pZFj6(B|tV$A72cxrz86JjMDD|AVJY-{pY||25X$W}p9SY`xd)^S^xoZ&+Sy4S#!0KbndE0rSNj zZYKWwKDYHiv*W+b)?>}YfB#2j@0yAK!4AWFGx0xo!q$JyKK~yvd(uq&56Z-^_OqGu zf8SNshx32m4(p$0;=k`h(!_V)3A2~Yj^`t+kK=V0>+AEiY{a5G&esD+ZN6s1n*?Oay__=e+>~}Nqb4OmpQ9t76&X?>T;^$5^+eiG|`RJ0# z6F)z6nSE>~e)_6yecDX?^zGny5bsn7_}TJIy|}5I_C9 zY`xJ!{PZ8T@osVa&>prBKm8wB`&x*f{*#8E7RS#;>)#f~PrK=F3-Qx$AHy1MA$|sS zSp8dwpMe^ik6MVIfm*YlEyT~jNtRFi4Ah(cwfOugFXE~XEk1v8f33ymPkC|1bK+}2 zUUWfo{v41OQP9NOfGo^GbN(EVg*j->p99j7pozzU(>C9?I3CaPx#N-R=@!SMxGE#P z z|2=E(X#%|e|EKFspX12RbI1J4>ruvf8a~ zwOflN&k`Uuk|05{u&->A;MU;Q1PFo)07mrna@kUYa~)w4Xj&mu6$%CLOVyt+Z=UD( zWM$omiC{O}zGD{(#mzBew1UIg$x0_dUxDmQEw0eo+6 zR{a6+Jp$e$fbZQ90E+;=#|@Z80C&Q_2;h71s!TRNivYg&Pzk{zfLjn39dLUTuoeN_ z0=ejbdsYEz(E<0E{CN?;>q82divV6HAy@?PdPz6z76H6IrUZBq!0TfIZV|xiQxe2Q z0IyFefm{S|Cm4$WUZ3TB0ldx+GK&CSpI1T>_py>c*5}33B7oNylu#`Kczu!n!gn1( zU37wcoBldMUg7xgUq^7G869s;0b>#VEvSp|zdwxs!2kYf#uNVc=b3-_-;X=bX@22< z|1#qV{}$9m_}^cYz%9bR6QV`<-zULdg#Ud6coF`6gLD!8_piYt{9B-}!T3T!a6E>zbcy@b4esuEBrv!g)>@0f+)A#x)e6xo}z% z9JdV5E`XV5BQ5}%XQM8FnrCA!0GnsyE`Xb76D|Oh zXHzbKlo%8G0V>aCTmUQ2W?cX*&*oeJ9na2E;E&rpJLdv;cy`_e0Pt+V1rYG;q6={O zXO~@o&p*530-XNYRTtp(*+ittx`Eq2TXX?_9|I&WyMg1!s7ons;Q4X36yW;Nu~ZQ2 zP!LSwFRfq^iWGknLgFv2V4+g{CrY(~MJnybJz|{-tze;2d?a7NB9+EU6>|F$D_E$M ze&;J#q|#Wag1W3=p;G26U%^79Oj^EzMJkPzDrkWfEL57e%L*2$G*+shE-P4MrSk)X z%J^$C{!16Q@qb8*zorVMgiV*m|5JV$|0jSJwxq}qHlehz<^623!zQQ}wxnnlHsQ6f zCFyQ+e$Zz&KX^a3(%V6g*!^Rg+Ni*hx0f}$cQcJ7_pDG z+&agW-Fxfl#BQB~p51#%JDRu75l(h>{SpP>)I8Up63{4tr``3G@kIe4g=_FA0I=PS z6w{*sz-oGkGYSB#b|hulQ2<~y-B*eN0OLYF3h>ri-)Z`eqgF>!rWG{+ta)zAtwI=A z|51hLQX5FwbrcX?YB7=7RNp#Bbg2y_-HrmHOY_{=994)f)saMcR3X6B22xHJ1w@$I zV7lsz0!Ns0<0&jg2_dF7m@ed^fDls~bWeyeyAM+)6*W+Y+F<%EEDC0YNln*6QDCKb z@94YqmB3Uxn$pXt0z|cAebj)T>Zo@Co!T+a9>mm+r<5q#0F>Hs`TDJM@KHPNK?95G zSPIdx3uz~pSy4dV$&HvOAo1i*OcaoL)^sHn1*D#}lj%|}3W%w-lkOOr$gjgugP2+y zPM7CVKt$#KP81-Rwc&JwBMQ*U+Hkr+ivr?lZP?HdPiw=H?OW%Fr>z3wX{&&E+B_FG zyyRyD)cO%=%&l_-)Y|Ek_r!6@L~Ex#F;>NMH`2v+R3XIHPN%yqQGm$S^mBd`ph7j> zACCeAsFqWM_SDW;0+5_qDP8f!E+|c{lrA}&x8mMblIPk8l5idwsg0(jGHM_rwXu{? zMFBEW8&CHcq5u`CjdL#NQIXn2O7o%yD$**jis({1YFI@kIQ{chkqPE5a!B=bGG$M( zi&bPUT~0;;D#8uDC_qJOx}b~#i^z1kWfcV$5nX~tfki|&v7^8uvLG41bsiC^y_@pI zsDXym-c9*p6j(z-#gc=Zw}zZWG0vkQwQx7pu!NjbFuHZ#5^@12JCB4k&yON1aTh`Z zvfxInAq${;9u29*qjNfpCFCN6#7|XfdzaY-5vk64;1QAPY|7hW7mLVsy!*UG*his7UR7k31?;J)5pFqJ~vO4@gA;DpJ!O=P0m<#0ODzb{3H(yP{K>^Q(3v ztH_E6z!}W>RZoRwWW`fq8CikW3zm@;<|dvokz=i%S5GcjMpik!3&=<{R66zbf@NeC zagO`gYU3WBcfm5^oacgN(9eIEzUa*enQNuVcI?`M`HNx3gNFL&gahE)`+PrWQ#xFP>X_X))`^T8_3ziby zqmKhwO7a4vq`Hu9dPWVTq`5Fe6u5wvG%p_o`wNIkO^>$3PSz5wOCJSjNp%5DzhEuV z(+*L?TA~${qrh77h&1Sewd4`W)djRm?1Gf+4I;l6 zP?9}oeHT!Yy+M08O0uV42%`;@ggdNJfRgacaTFjVdwOUz3J{V#J%t+u2+7{@bju_P z5R$zi`x!#Acfuovkn9Z;(l0n2xp3Vhgp%x?G>j<8o}QMC!=NO4!=@7<**j&@5R$#q zNX-Rwq5sh0yJcA4#{6YL-yvms#`!q_U6eP z7toNn|A)^kAR^Tp9w9_z?_EG#u!x+shae(*k(p`k5D|U|jh-PQ&4rRr4;9%9CD%R{ z5j{*E`&dNcv3%8VKB8NbQNtn<4>qfYMdY&Q-y#x^o~VXJWD#Z-oR2K%A(3d+Dsqj~ zDe_La=KJIp@$bl1n6=^Pn(CIjqksIzjGE%+m^RwpK?E*ZNc3}f^OoO7;pd?!u#l`EH5V-;EAV^KLUI@1^E)Zc z1wEt^ji4lZckXCRE?PX)YA<++0(Wr$aKAx8b`XWNoT+quh zQ3WO0TP4`~^_0DJ9|k39F08}jMW-YSy7wKepe1{cNK^fiN?kYHqXt@1*NmQoZY`KuhXJ5K6zPQa?g)@vAEJBj|BlpCk{cTaWy*O5D1+#1J4Rb^RI~9kG~P zJPv>P8!Lmz+(pEsdGQp9t6y5FAA`t?s7YNv;zhHlN&Ps%@}kw`;uQJCMbxAoud!-+ zP?P!)3hZ}RniuD|d2|CPkB(#lj;L| zEOOE+Ku+o_@6r6c`} zJ$h1&ci1%<=*g~LrfuHx+b#Tf8U^S{^HLw!MjVhHUg|?s{fbNTQa@qTFS$gC_d-+Z zb5NPT=Q77R<}bSB1xN}%+(uuJ6n++q0wksGI}U!?WmgX;M-3!pw--wNx=Ztto_CBY zNJ>3!o1{U>-+0j*Ls0`s;TPg4Kv8!4K+rF}G%rnYG3nP{c+4mEK~b8QW@b1JlG401 zi^t{fzUbMv*vXo51(3Z`%x*t2>(^g+94L0Nro@9xIvw(pdOV4w0wkq*=@M?>cVL>A z;>UE=AwemWAS(512(4d)**!*La0yLmUb^YtT2yYKvwj(-ev7=vZ^P^!^MTQn=A|W6 z<`OANeVN23eW{n+qQZj+F$5Ns%cFKtQk3T9F^>wOvVX*bkES#)Pk8hZ zm3`kR_A4{Zg<)9tOEbIrLA-g(Z_VuYqA8cjQuh1%bUuD>X7>zX!Y|J3_jAVa{6i9^ z+9JWnug)|t>(P}s43ZKhu7jpD7fz9_`vsaPAyoJkn*4r+-=W!$PiCaSj%W4Kq4zgX zw|H1D73`Kk!LQNm50%&jQQ05z`5-F$LtMW3O`6&e8tPYR_I=6gcWL(X8c53i5GjY> zrrAG%F8Otu=4CBo6l20A&%R#BiUKZq_D{MaNXq^&PH-7X*+0dF#$_aB|DrR<+_ zM-Y_#(}3>xYIrU%4$BqK{;($kJ=yo~3x2g`|1_8HaRs7bKkb(ASnA|#1+40)4Y=R7D3q`Cpqw&HqFax zBsPB6W_R2pO_s7dPE@~)qBJkZSFPk~NJ{fcA9{G1JY{#>-6v1kpC((ljH2*PZJaTR zvOn$FKv4Ge)_2rEQ1)lIO1O-k?CU+1sDYmB&k;8-TTk@nLDWD`cycKUkdys6q~fyG zWZqpzP4>?cG5q???j*O{{Qk}Uy9|+Ez}b(VhSLc74V>Lct`YnS&i;8c>k3yq`{!|2 zzl77g;sNn%IQwynK&^7cvme*)DnLtir;rlAiL<|e!1`63YCMaeUAW?DUWuD#Dj`2< zUWqWL5~O5z23hk9IlHsO2fvZCA5Yq87fXqr$ZFp5J2^ap6$M=I?B6CBT;b+P^U4xa z;rDX(mzatx){jbpvP5o$<>}229n(-?~;<0&Ujr7EC=QPj7kMQcO#YFFWL@O4P zyJRDNLuY^WeRe@in&k8?~fgW9tozRnm zK480oo*eX}+E<*OT%Gd_A}0s^Tom|)or7cK;a5W$%NS987Ti8J|edd|l0F&{`6&A!)kMl7m^| zu;1UQ-6c|AK}!zi3=>+?e9zacSDc-^cZ|g13Tm?Zo`(@N*?o@-C%?yY@UFew*~xon z$ZY*8&u%xN&G$x-WxvhC!+kNuBqw=+-{(1qAL~;iexaxN-UMCoD?JAb{M_Pq zdUmf94*XKjL0rtL5iWNQBDSc2!J zXr?g~G%z&77@A!S%`Ao{6+;06Lvx9tX~fVBb|3D}21K*h-JM29Gl!u#fT45}L$gH# znyK!tPi3uXmZ+u~!jRZw=rR;TB9EbTvHPXeH%U8&WSwe~bPUNkhLjvbIUx;5!7-%X zRFiUJNVPGf*cei43<))cL>fZ^jUjQykS=3LlQERrb!9^+B~E`zgVUc9-}I+cH~lHS zr440n7}8k`Wo#IdS6o4v8irI=2FsIU6sd`?OtujEs7MV9m9r1jyqr1KM@4Erf|}%V zA3==_sF6{m=A$At9~G(j2x_zs)W|4;@=+0#kBXpt1Sr}EP-Fm#j3Ou>0ZP)8j{qg{ z^idI%j{rpt0E+ejl*5O!(E*ghFJ}gz$N&^o0~Bom6d8b`YJj5S0E!GikpU<&07V9% z$N&@>fFc7>WB`f`K#>6`G5{qR|6KH)e=aKSKNl7EpNqcp&qc+3%ABU*eOjE;r$zC5 zS`@#h7Qf6bpBCrzX>m@UdQMX{<}~&Cspm9PsHe=Sdf+)t`*=>1;W7w{OEsEdMqWC>6ir-V_R1Fm8^l5QUpBBaMX>m@U7U%S-#V?(<#qTrO7!>F9 zsl=};!{Y!y{ztLTwiMUUJndgNBoBe(F#;s@_s{R#1Wq@e%f`27B(G~-n zo!hT^L}{w_EAW*8ziFRe6$8w#pjlgr0p?c(7;PyAm|qo>lV6dX=s3mX^K0fO_3hWi`T4cgEE|v=p7huF?(meqt)iRnoGbeI z4$tztX3@EK&J|hP;R$}%EPDRVxuWauoGbeN4o~fSKfFJk+zyZDds{Ih+2O%_Z!3nZ z9iG7Vw&L*b@a(;}6(?Ya2b1NJJ3N$Z3(C_-@9`PbRusLR_&#BZR~k>AH*(FkdEmh!pHWeGb{0q?Xr-7%>?{;j zX@>`id<15NF)L<=I}2^I!ox$}uP9VIJT>H=0S0YCMi$X_79b-FX*=;Gc{=kfrtK^g z$=KofARnx#T{}D(@pM%7cWUX5MpJ*QPWpSL zP-j(wo66&@v25S2m$D3UCqD65v@}nt-hIh;*GsAI_od&q)Sj&qw2^AY11YJ+l;7<< zpna@D`wwZqJIg3{SPHZYi}tZ-U)CD3AYWQTkg@PqtYUQCS;HgKt(Kj2(a_bM&NV*t zk@_q@TUYSzO4-~F3omuCO`~l~<84d6i^XC~wg|0ih1HbssSO3!)RXuvKI@6M6yxbm zJgSwprL!yd=hA7LUdlYa)179l%%eLxr}9PU*I978lWpAVq`!P8B^~*_q7Ieg z4tb%seEx$r`1pq{W<8C2`8{+9tEfZe_cWK@53Nxz7mF!Ina>$elaCqLDr#wYQDf(A zMei&xat<7!=&R*Lw3Ka}0~Y6i)pic3kdKF!QnT%h_(TCCeO>)bzI3DIjpZA~FjT%l za;Elf+$he$jbeIMjt>zR=I2J+=-nu0Xyte+wOF%l^lmC7rumQOX|j6h?^_D7skgVZ zzsj|D`uqI?9r1yH!ZDUhZI(Qm5nGnuXL?(XpT^T(I@|bkS<#wovx5-HX};Zs&9&8pCyoc5SkQ@8Oc=|{x;|2$l_2VGB`Nw_DT@Bq=;?2zC;D60O!}L-<#=sg z96x{*N3)Hu)#9Z^d9`?LQC=-xT$ERfR~O|~`5d#bTD-m}uND=t91k89j=stzhDLX_ zc#Tme=HcP-Q)_WQF7Me7l}uOZILi?TeXylNd!ad6c-E~`z)SKE|()zK%*%F6L#Tsofk zTP@)5D}6<8tn?MVvC>!c#!7r`s@0x+ zQSHeS^>@(^D}6;jtiCCM8}nX=f&|dL!snS>Uj>>Y;b1KX2+lro3S<#GSai`KoP^FEaO1uzRIJ4CvL6tUw zDyv0;Ds2Q+R@=s>jiAbE+xWB*R9P(&RB0oq(ne6Fji5>!L6vwQrFaf)rH!CU z8$p%TB0-g$pzLN$#RMhos+b_GVzjBm@&?7e6nU!TJgH51qLm^~74wv~ReMmKbiGoI z5A>!Zq^!2uW7Ww>ulCrlWZAE>3%6>I{VG}Ud5o-;Oaro|UHtcp>7s|dh!@jaXY(RH zC?U2fW}TA{hxUxRsRt=0!dIU5qg=;uF4wUc}QSMXN~2i-ls0dC_*$DUQ5o zyXo?x?WW6%g(4v@7K$b+QO^B-SpsE2&o%=-~* zw2jZ0vF)0CGWFz^`kwvWxQ_2+x6T{)ij&>ASDfs|z2amy?iDAyaj!VpjeA8oY{W+; zTTarrha9F;Ys3rWX&V-kjm2bR8SQMi8~2JKqj9e|6^(nv$!^5UU9F=x&m1jA>gE}i ziqn)f&kPs24YN4#VHU{^vxsh(MRuEKc#6p_^T?9sBDS_SbyZDe(J;2rP&)50ThXd{ z=2~%N!(?cwdZ#!G%`pyLqN)mf{VXY^pP_ZkCP|hON}A@zs`IjcA%_>&=$4Hx1qG|cA48t622Lsp zXv;|j0U5&@D^(kAo88iI+w7L&Rqz4@rQxEg#z)8?jk6wZbA{4yn=6!ti+UOR76VF{ z#jHHcVp<+%F=jSPu^vflI7*s5om#0F(3+*uV#U$Ew3jMQ6sI}92cEU3EwR{FtMQqZ z_%%!MS?gA{Ii0Kq@m$eQ_|A`7yC~gIwfK&5t7%>(Q#GF9RW-hQErX9b%isg2GGY~n zR% zm1ASbtuY)F(gCuMy|uMTSa6#-wN0GbCL>^zyiBS)KR{w;vn|5R56D-D1M>r#Y@6|c zZn;g9=Lg&LV1BSo59Z^` zXaxtDA7q?4?s58TQ?R;|$K}zOXIXeSH`~2Ip+N zEZVkj+i0AP??kk1Wi)gOXM5Tr)Y%>)l(!P0Y!abto@sBn)NYQno1^XKSi3piZcenD z5`=stb?Kj*v+b3Om-)@JJ@f5b+qCy=&%5ngiy30Z~vH*tZ{GZ33*#Hpx00Z}b-Dm&onG>2H&)v;A$7b@oJ?x1T-H=Iv+W zgX+bWPqZbQXZb`3u%G1vA-T!yi@~#PKf*W9`d4^wW%g|{`@#A4zT9kQfwz|P zt?g*=#&W(@Xhb~v|9|HE1Gz-Uq3rSY4>XG%hkki1nUa!@SCXOOiEZi4nh!Kf9o=c0 z=BVRvG89yzVtSG11IPP)!L} z$2YW1y4CTPED;iYNIl{_zwmd-;yhnV)`vo?iFBV8*};d%=m>wD<(F*N%xEC#8#L`)7BZAL&=n+ z#n$vT*e@h$VWyXUej!N=Oxp$7XuZ=ZSQ`V>7*s@?=DZ+`N<>=Ez4L_m*-YQ_=ZUw1!XbtfhI~S?Az88%yzsz>e0V*ok$h z)cnSBtF+vQ9F*fOcQjwVBW3USyetWO$A3)2T)rb=@Ay4!WSqYsi*f#QhbUaRP>XujV{Kx5a!}1DJR=$&*r@VqU zeMc=JWv|IX%DyWLDSMnIzr2E$Jx=c^mRFeg$C^7Hmg)E_?W&}!;|*D$_ogh+`-kK( zQC?9#*0Gu1+$*mrAM4mmG?rJ8HpxSI1#NqB zR8667uggN-l46%v&^LN~sjW-O)R3=oyl0pC>n;%EB{b#uDpT6(E)eqF1zh?6O|SQr z?{eyoM^cyWa_+Cn;>;h9%jC@eV|tmee3vuF2V(W(blC5yE+_steXpT>mlJ=SbfbKi zGk>fRzRRgUPO+nWmveudUWF{*<>VhPs%1{Typp0>`7USwp{DjOXa6|8oLIig*_ZVt zs`6c3Jav3XzYv|r>2=-mT~y~WXNc-NPMTQ0OTP42Gk+HqdaRkhiwr$pQ8&?{$0^2? z@1jE=io;myD-G6%DLj_%qD23AP5UB6A0C&97JZl^ZTT)USiU3p?jlDY3aMD7Q%$Gb zrhNCI%#=%%;|*zTlv>3!4k16=1vN(joad|KN3 z&@V?*w_`ctHv16@cPL)s%D8%j#zl~JiLT`$O&EA0QU(@fcu1P zUni(Co?Pi!ihnA?n^lyT;>DGomH4NMc(RJ}Qk?QPe^Zt6Q65P45ys$ipOeWTd``8G zFbcoPR!%hUihFa!9-u~G_a#}Nn`F6igtK{B+d%V^vN)$t$>MZAEekF`BMT}&D+?(9 zjVzd~97~{8Vqw=r%I|6`Ue_s$(fBP{F!ffldLc?@5g&_9t)wfjN-zG`t(xQvhh^b^ zI>TQ4PiNSR|LF{S8GD^!FGH_0>}BM2hQ0Wo&M=m0Pkr$j_L48?40*1yLuc3v<2u7$ z(uG&lQ~WsPB$eJ`wovIMTlkr3j_HWXS1P^a3g6d8GKDu};UnpSqtZ*Jkn)oXKQ?zT zz)0TP+RuU~i%|JvSwx{f`B5_Y9i!uw-%gRV!Vei?vz^)bebr`mK6oFS8F}@$Q(jc* zXHH)I?VqSVv+|FEyPt{p;Qc?)W~L%#W0iiU;>+5`L|`GfSWJY*tRJEM`zzX!dHISg z<^_v+N$GK=pLx;n_A?RR(0)wBH#jl!vTtf5qy5LS80|li#b{$8`B-Egf0`2VO8iD8+A|Q-E3d!-16V4bpdB)VC zC(lvMzYfdR%HP9OP2|i0h~|c5TA}tHPxp9Jn^s9DlU`V@R5KF;5J!_WMcr= z$x6Cj(r)-qR&-b;u-)A%!K<=5(yakJE2~2Zm}hsBC;|1CTO~MP){Yc!04Mxps{}{P z>PYzpaK@}*_zmypBn>{JL!rdi|%W4MSKk^i%eQp`UtRAPSobVD$RW)EF3H5t)BRU8wq*_k}8n z*#JBoPP~f_k$HE~BL<+0E^+c*^a;=DqEmQI7rnx9x}_y09H+DEw{!})PG>hZ zzSDUa8{g@C85`H>{3JHM)A=cEyr=Wi*tk#UXRvXf&d*}wK%HGLQGgG1cDaYRQD+xj z96_5qyXfNxd0uB1og5*V=rSJMg8p#o)z8jOA<1i*k$IF-}b+}Jr4$J%$CV9uFF;8pjXE2E(pT%?tc?sJA z#Qk#gaL0%pUGAA9hr34H=yKnP8eQ%jF{8`9bHs4>h!Yd-m2KLU^vBACbudxBX^9^i}@B9Ha z(09Ix4fdUHVZ(jr53vEi^KER%@BABV(C>T)8}>VYgbn7$X5dBwE~p@jzImF)F#X; z$sPgtuV@>zr<=}|QBePC+BOR33bZ_P)1hF>LpL4YP)+duBU!Mmqio z>3l38ms)vS+hFx?WI^gXvf%VbvY=EKkFio!YUL-|2BAuJM&a{swGBFzyNtr-&$SIQ z)1AJ`C|oKIUS-DeOvA~B*9!lg-_fNxFA8@2E+%yRF7|CaTVr?|&z4uLKyD>&dS`dX z9xyh0@v?4aKZMMKjdbs|vWB}2O3pO@4AM>#$;uufrR4IXO87!Qc34W-{)Dr+!NJ8@s_K}GH4 zxNNwnot%*k8MTx5WWz>n_=s%is12w4$Q9lN?x@A%h^fC2Qai=@!AR{C^8qEb)5laF zPHLwYWJ5}Ac2YL}P}AqxD{IhFiwDQk@!+Kv3r-{(VrsGOL$YC}7Aq+v8)|A7b%$aN zZffyC?6e(nYB$cvhMn3?#us{Ow-_Jzsl9(%^&yCb#wu$>w%YsDC$h1sSY?gKR=a&$ z`xDt}@p4(}4}8?(^^{~2*=q43RkDd}wRmAE*+jP5{UzD(Q@fA964`3^@mC^S?cp8O zhuxaKd{|i{w$=1wZ6#LEmOqALrQ;FbYU_*_5w5l_p5x<(s=v$Nrv9(P|K7w=ZHNE83Hj4H{O?U%)OPsan-Cv7 zB;Bz$Dc*QWI&6*qI{fd&D;Zh;cuu-wZ%+N^LFursYCHVzU8g-Xb??RnZHNE88yp}0 z_ik#u*5QBe7UvKDd$-24Km70AlE19O{~rDr3*e>k-+Q0>@W1yy;|2fqBjRZt{_DpU z)js^!nU8h&uWQlM$~y6}eoX$f4*zw1R=%tpZAhX48)^8^3&G3FEg>-wB+WgY(O6C>Im z{_E57&vp2(Pp@k`{MTo0%7*{?4C4d;buGMDS%?3+mWi*#dNOIg>hIzo@Lzuye}Mmb zyx^bC7yj$+oNXANtbq;D0}U_)0eX@5d9G$%g;^9>yE~_j}YIzVOhoAMXZa z^*7*uKYmz9HvI1&RXpLV4;}kQ<x2mbe$=2aj5_v6Wg)E@lruZXV=_}`D;w$pa_-;Z}!k`4d+TKusRX`jYpLwd0R z|N9%X2mkvUE7~9a4|?T~8}NS+cbQZB@PBZW^Mn6`ql_>79~@?*m2buO z`DMS$e8d02yEk-v_&-2DHsJr@ocN1j)BYFe5Bwj*_nlJz;r}4M+mvkhKZqqBk`4a{ zv3x_a;s4q=A}!T-Sx<+G7y==_$|-Xr4w!F~D5BltfcAL4s29S0An5C42Ty7CDA4<0Iic?ACl z55@B%_&?CnVU_F-UzM&r zg8zd^JkoafKZryi+3Jf`1gG`Kk88ceVFeHGU1w>hvM`)!yZ5-?3EGkC&I@ zC(^7+KVDvrpGcF9mzU$Mhh*dB<#_ok*?4(5-g`(k=T(juACirim$mFmwV(4W_v^g+ z@$$01J6`R_%gcjFg{u8{d3o@*+QZAsTE4XE-_^>4N%gA!VXZuvqH;AZ9+MZ8wLpE< zKdqJfHA(|SxpMrdoAq}9FE96}EVnvC(4xvz|YI^%U0SSH!sI; zTgfKMl?RfFRR@T2<@kLoZHI#Lfc$5GC|4dxDp&Q-eC2pYG1Vu^l?UWMF)SL-fuw5H z7#3_%&C6IF<^D14Pn0Xi5ACTvqFnhX{zQ~3AH|=Da%DxyY7C3oKg#?Q<;q7#)gDo< zd^BBkRbyDFFB$Mpe&zn8Le&@+wx=wj>Yx3}M^jX&#;|C6KihNu&+2&Qzn}BX`Nx0E ze?R_X{`>KVoPXv&=Raj7)q$LU=G*-DGvDUFpZPZbS}(2Yp8(4tTxq}VqHwTPh|@&j(N-az6NSfH zg}6@?o@f=~Ls59LRfr=+;i*<3-V}wWTZOn(6rO1n;#W~vY8B#KQ8>~n#KWR6j((F- z!p)*E`uSekbg4XejjcFczBO9&j>M170E)_7Cv^r=ln_Irj{Srv(ivD$hd2^@jZtz5 zzpV}2poCZw?bvULCY^E9n>xgk&fWX-ln_xmBbB6tn9>=y(kLOSbjHmoN{B0+ar=rA zB1`Obm6DtEFfQRJA-Z(NO=L>Ait3EpdXx}hI`_^kQbLT0mOVa1na=vf4eAhQI%{W! zDIwBy){oz(gjmzLzhvhp+H}@0c{GSOowXsK7ZIm(_u&HV5OX?fr8P>3I-Ru}mnk9c zbk=9R*E*xIyXJ8w_H^zqTQP_}F&E78aqCt660>~VdbPX8sPd9)_T<9DJTVKc=cjCu|N-V~l2Fw>G#{t$C3dh0K7YfJo#P7Je4yqwAvYq&m z_#b!TN1}h+i64pnaVLHx`p2F4k?0?H;zyz%cgg5)77KJp=YA;?s0ch22UL`2fLRn! z5r8TNs0cz80aOH{(tj1fsMKFYKq~E55tK^#RRpHeeHFo}R9{7aD$Q3Bq)PEs1gdJj zJh+;|<9pf$w2B3(n|HJUc2kj3%~%yXji^(nAwYHNG(=hvDxaDd0#c_=Lm(OoukA*Z zOPL`M4RzOc5akEW>JX_!D7&_kNca}P5NQNIkW^#cQ6a7$9I8X45d0uf9U_6?2bAg% z=>s?9szYQB{2*8zLL&HqrW&h$rS?O|)gLq>R9rS95gINVl?VlwjZB1o%SIO}b46C;H(|`1$7T;`1 z?I9R@T6MS@s}ZOA2j`Tk51|;L)2feR)FS6i`=c0pH*_g9gktR8Q|df~VmNgkLNS~= z51|;f_(EQ455=gR)}`qXicyPi-lXj)M(w69MTSs}h*{c>VnoD}jbcQ+l8s_Sw33Zn zM68mHR@5%)QZg2)P2+J`x;}(R9G0%finZD*U5`1FDP12z7+#jH4G}`?@G`vu{+H<$yuVDZp!{WeMR@+CdUXQeyG+yxi0{q| zK>l!E0P`>B1wjAFya4Jyl^1~hr}F~1|4d#0_@B)SAiwLSyae{UT78B7u2yH^|I2@s z#_a_7fA<}1@c-_&wHf-q_N_0-hW=`=F7!`8f3;UPhE70#wO8JD0{W}Hy76-Y`m4R7 z?F95!dv)P|0{W}Hx{!>uG?T+rdvzn{1oT&XZ>vAhANMY0Lw~h*MK<(Td!+^^puZYl zx5{Wa0sYlp(Q^X&tG(;m4*k{MN3x;6+9z60K!3GQ7xE{dzuGsb`q1wit0$np+9&#B zF=m}#pYnlNzZqLM0#87HwNGk!0{W|3v$4u2u;M1J61Wr4U)8F?)f3QPjW3|4^M(Fu zeCIUT&|mG-g+1Tqi1u{jfRA&8ts6rppugIu8$TzYzZ%~?P3?hywGaP*|7supfdEwF zYpAI{3Q+CCKahZGpVavT8c>bzpr-nWK(!BlK?SOPx>0lj8K}k=QB!?%pxTH3AOzL; z4r)%}C#0a-ryCU~(1P8E7i%M$l9T8`AP}P-_tmR?Yo6YdNJH9oEe5^Xt8qDr zM5GOIn|&(V4~9;n7HL~Fr87H;WCU5&z7y5H zNsUH-`tngibJB(zQ9VB<;*;8$jycRv0vYm#IA{6i$y|?a#2IO`PCFN-v>_Wo&MQ}_ zX#G<0;JH+3k2sY_S)1N3SFYGk&J~YzAx>G5<|iCCAC;DtrBgW{O~nx86P!z1+Pg0% zrZqyj%w=<4Y%|xp)`rw3lby?7v=%4uFbzt~2p!JVFgC|gqdSt7lesM3&Pox-SQwu3 zi}4P}kYt_AB{E8*g<1c!bTZe(U?>ipylkC~pTS~)>1eLDF-weSF1SP1+>>NnVHc+? zSKiQs7;(jelezvzX;O;zUgvV`&E7B9<=BweoHJ@@4suzK%?qh}Ohc~ku_0RPi@;m$y^?o5m;3S5CSAxy zKVd@kEmmLJeZ0W@>$5Ef~tp;A!m7b(1vjR=q~4& zhl<#irhpvaWF9jz*H4ojPR;q}@gufnqnU3YkYv2zTEh+`QIz>c)`$-tPk(ZPQ9U1w zVMmdykto&h4Lg4Hoy|IvaVOm4M`9XD8yL~}sW>mq6i11}u!Bc5k|~G6<*X92wOT!eK{?tVphKJB<=uaN1)y zFn7H6=3#9|8^6M_P{i8(<-KEPR0AR0o4Vl~co+$cr@DP#V;JSzn>w|(q>HIxG%s!q z)z(h$uFd!!&?%Jf?a!wJoI>p0!bIgZ*RavIH!)GQH!zX2ul}CeLdU+2iGY0x6U}<{ zl^>`!QuRh&fKa{t2ilG>y@iP)ZLVRXLYr&4cs_;ryorhAyn%_d0n>gGlwBc3TNP|s;;SJl!!khT#DMaB_+em^<^xzHKsKJ|+W8**4IHLxsL=2ol z4xsN8TJVN#l;G>O(Sa}7Mg`t^~I+J8UB9m-Ba{O|ve z_CWqMDZpun|I*LZJiLGZ6`An<epqO_8-fH_8*9f)6o6{ zngaG8{7~9(8rXmEGwlrPZ+=H6sK5ET=sj)Je~1n1-~6(w!}{C#m_qwEze!iY{hNQH z`r!VfcVt5QpZ-)PwEsDMf%b35kaKDP|M^x4$ancig3~bHofkm;;k*FsU(O5Q{*!qD z;D0JF0R2zr1+f2_ya4n+n-@3_cquP&9?O=x+5HQRr^<8C~dZ^%-gC zZuJ>;=x+5Hf#`1a8HqUD>N6^FxYcKb;;$5oU(Dck|2f@ecrk<9{pXXJ7rvNh>|V^L zE0Y)R()Yi=oHoBp$Nyn8nKx+b#oQIyH1^{9s%)J2aZ1Nu+`xlh+!)bj+~mXI%xqjo z!@l=DnMm08UYCi2eJ`=txQ>2(&zljj?|C~4_M;>djq50wO?2R2?)=MLwT==*!6g-- z1yPVX-?)w#{L6-SK@FnD4ebJs&o0OWMt$9;aUB%({hG#gKzx>d?rB^H!)NLKa3h`) zPZu@M(vLrl>mc|n{WjOQ4uH?D>OkQ4EZq-mTxV4OP1<+^xqNnpw&DfA)bw_`6Wh3f zVA@15w^M4_xWPEtWRz?&Mm8Ct?eq&|;|Akn6ScI7R@y`=KkiYlkxHBRnN8fxCSJDv zK>OllHklQh%!*BBWjp=u(1;%oH8_~einlT=Hkp;}bd#fTgITf3tk`5$Y@&xBr~CB{ z7RT(ci4xjG25q8&A15XoERfk@6M}6beKyg(kJEj##tlTzCW>bhxwDDZecY#UM(Av! z6gE)`o9NregW4Byvx&0VMAmGgX&)cez6cs-yug~K%qFT~6V>=w5_1#Pu!(4VoW!qj z6V0%RW_)}q9rq>~k4+MukJBBg#?9k&1Cxa3f$0iBS$0?O- z#4|%WK}`7dR`|6EzaJ<0Zrp@loA7HBer>|<$II#!{Mv+HoA7JX{7O}BnqN%wi)nr_ z;rC%ULvdbk%M+{66K~DRM=(9Hn4VZnCib~_y2ZrW zWMZF-)LTrfO(yoa-24_3Ymn)vzE2gIv)6z`KmS#+*H9itPww3al#w~KyViD7u6+KTs`Zid(tfN@O zG-pNI3>i~hEMmITj!X&@UMxboQxTJcd>4z5@KnSRk?~>?Ql5$!6y&^EgrpaXkoBx+ zoAE;0i$%zLu?UHOE~&kR#M?yTZ6fiQ?<4V9b6eMwH@uI`ry{xa`$&B{s66U@Pmxeb&f3TOlEhyvO`J+`j9W9Y}$ zb+>_nY~Aot(2%Vgu7Qed-E<9fBnmiNlw|9scR@?Gmc0vV5(VsnnnVEugr00IyA2d& zYsI^uDO)S9fvRlX^-<83DBvh4OB8Svv}NnA+dy5mR=o@QvbE|OD9qM97oag)_kCDY zX6wFdpfOtyTmyyKdf*y_knJO`VRbp;epp+Mxa(GyBW}aGa>TQ5RXO6>x2E*EQ7cNX z+pwPWx(%yIuiLPe^dX?}l@R6CeeSw-q|ZmOiuAeb){wq!<*M(aAlrTJ2O1Iucrq#y z1$Z(#vfa;NZ(B+FIqYrgNI!?YZ58R~D7UR4{T$`C6{Me|+(tjP2YeLtBMRhFx6zL% zkW1Z0Keh*a6!aqsbS}5ik0{W&+(tjP2YnRuBMLYQ`Vj>j1^w6_^ij}{DBvjQM-*@r z^ke&|kAi+|A9Wk(M-YGphOFkAV68#<9Ql5Jo9Z5w?IzCF075U83l2oKHf7|&=E9l;K&XN@|AXb#CKAsij z>J~?{qBv^ZMo}V2aU>Ka4`a7clst^xMo}V2aaJfw6mS$2Wy?`3KDm+Lj{=T@qC^3c zi=spU=Ypa{7~?1?N)&Ju6eW*qw^5WR;3z0c9_VhPD0!gs2fVf|hW>_E6wnVVily$h z6~$7wWJR&mEm={lTT50H>(-JL#k#d*MX_!zSy3!POI8$%(2^C!BD9n%3X;3jQWPPz zWJMWdOqW`UqA^{{6$M{h$`yq%U1}+cW^SpaC>pUPD~h38vZ4(6uvU~IrgF)OV)&P= zC__GMt|&OnQm!aW)Kab}d5XBy(v&fDXQ`zsV<^v3OIJ+b63Vijv88l;$=c!+F+K|- zpLUAKB9R?=in!$5#IP+nH@WIYotro#Tyk#WjBv@hi8I0_=O$)r$+^j*8+C5td~eCQ ziL<#S=O)hPmYkb7n_IGyIGbCtk~o`NvXVG?Te6Zkd0VoQIC)#Lk~n!=vXVG?Te6Zk zd0VoQta!4lB+llRtR&9nmaHVs=9a7^&gPb^B+llRtR&9nmaHUB-j=K+PTt~&cg?<& zwsTq0JvX#VowQMDE7PV|8aTc{~C2NyD+t1~jDF+^&$4q9Yu+-sNr;XlXBquSDkKG8MnMX~v}_Hr$}C$$tTM~Fh9K(8 zEe+vF)(}g^a!W&~VGS{=@sf@JSaxr%A$NQfYsekfKtm!qS3bXthUEGDG8(d-I}I9= z=da6XNEFa9G$clZAwol1!-$4#_v8uPGAa^9&ghoWktlLXw`?U@CFU$!NmhwD%T|*6 zu3;s)?;2K;2d-fydEgpWl4aMhk}SK1mE?|Vpd?#&TmvPEi*E(xJ19vMC@9}SN#X*Y z8YoE=Py;22t8r?eBvC*Olq9aCsezJ20X0yPxK5@9N)iRsKuNal0LmSdBnot8a0exc z0$my0K}q6lHN$sMlBl87@D556cLgXwN#Z5|1t>{e(Nlnu#PvEoMM->cY+!yNfb~6C5e-x21=68?H!b)HMh=0^0{>;lFuzl(wbXm zBKh1p6Upb+Dw5BwRV1HVt4Kb#R*`&ets?o{T1E1?wTk3(YZb}oHdhf(lvO03TW2Eq z+&UA<=hm4>-VbLYc|V+q;ykcS2D>zy) zB{BH!ggJ=`a`Pr7ioBy)iAd*KrlnA1Ua}(HkX|t{QRI;@Gle2k6Dh8nH#dbMlM`vK z+iJ0sk9|&0YdTu|SlCxgQ24e7+6)znOi>j1h&e~CB9j!!wa3dWMSATWO;e%BJcZl( zv`ti@h`5|F<+e;!RwT__F;|g{yOzm{blgQ|t59URvLeatiusCLtlrUtWknp(jAcda z2xW0AHa~4RD;5!{w_S6ED0= z)Gihgx1-2iy-VaS77@F%+>5T>C3+W&h~HTqACU;275RjS;i-t;6UC#*@ZBYjXGPwT zNFGJL(7a15&x%}&Se@FEblgRmvYV9d7s`|sc}J8fyJ6}glqnT4swh(w<^4jLibW_> zDq=^JDa%&z94{!Eil~J$Wf`kGfie|~tW5EPliRW~WwOnvTA8vUnzu4#f=n$dQ&vPR zD^sYiYgw7HB5GNgVjNt{$`rHcT2`j47CTy*BGS3Y$`mT+wsK`^6uF*H`(DC{q;WJEBZ!plKduik9-WP^N?^wNR$yCKRDe1-89#X>>LBuc9)s zBg&Lr_PF;bQ|3&D4`oVz&yFZl8VTjXUe7eOMUj;$8!w8iOoirArtEm`1j>|=P0^~A zDMM79ShX_6JqZ_~OxdrcF0wLZ=crDsqDPbRbk%cuENc3KcGdAF+60VM$D34iXp7DsibJNx4sEwJ;81jZyZ=y( zM}MlXYvEO9e(U!0lUZ^4f#Dv>-v1zrJg=&+R5$J+rPZEZZAV9cM-~$LZ)KsLzbOmh z{G2Q_v)VHu8^Nr`QmfgMo%c{n7Ex{7V*<6NYU3W0SLxAHI`^2lN>6&swBc3S|93UU zY+*4?o!Z9y{FW>x=Kqw%jQroSn2M^8$vjkh^f1RgM!Kp+V;lDv-D*!s`vX|1aF@KJN7i^{UOC?&D5! zwfk-EbRTz;tKG+$>>aVfNg7$r_u~}6#P6Ki0b=4;PT5crzj4Zjlk6Uu3P2@(@{|oM*&Q<#Kui1r zDjQm|`)4Wum-s%;k4NdR^ zhn&2?sqit^a3Y)+KvlFM8F&C#tpcaO@#By><^(t|aQd4UIQh*B;A`uOS^zMc5Vmzy zTS3ewjM)S+n+W*Ud)gP|Y{J~uqP7B^O{lX8b~d4I>zeijJDYH46Yy+89;x{Qz_ST= zHUZBj%5B29O%UH&(Y^p~ z6TWRiw@u*Q(z_H7K-(r{V?H$3s{GJgr#D6#4^1_unZ`8Hm`)(?r9MA&@`!1cF-`p3H(F&wdr82wD2MPZezl)P58A5zbUO( zlzRxn#Ue-REcsUqdI-y@7DW!(SuMq~hcKOLQRKKCwZsr)XLVA67ot-x=4I&qD{X^L zWlU?psRU*XHkH7vfu^#lHOTxA9cl(LmC&sLrV_d}xK!fhRp*p=dCfUp+jzw}rD3t` zMB@1qIs!=kwk(KzNftnM$%4mjS>SkB7Bs#r3m88s3l={m3lu*s3lcvg3lKjm3l4ur z78vS^YYhsOO0EH+lE*a|RARXXf}c|>5U6Z%4FEr{ZSePdvcT{6WkKH;WC7n7Wx?Jb z$O64D$%4Eu%L2Tw$b!2+lm&KQl?8QQlLd5Nmj!d*kOgvoBn#rcDGT8KSQfnfi7asY zQ(4gVEm^?!XR_ez+p<9H&t*Z^U&sQie=iHB{!$h=>7r~6mPqi|h?2TSTO&yRZ`zR< zsjDh42KRrYZR@NZ=S z;Ll_M;Ll|N;NQstKwUq2QMdm~+W=5klj{KZ|7aTkRxS_72EoeZLD@j)8!hW#=&S#A zK=jrBIw<-^%{nkv`yQ%2aOC@W4KL@$ckmkPAQ@kcQhlJT_Fj?=mhsIf*?<`zw37{* z)jswI&iIs@wu5JUr${z{#%FwFgJ^t_M>df1ExyJ&n8t^cv>j0So@HYlRIB=)Wn&#! z<9m3j53cbUBiR7U_beM;&W#T&HP(Ta?^!n1!Itk?HoTl0-?MD2gD&5*Y^=jBAGB($ zLvMWgO~;2{zGvC+a&COjvf<_2_=aF(1B&@_R>RA=@jc6imvf6RE~WN2V407@H8!BR zs_$7gyqsILPgne2&W#VxHN2b~-&SjQIk)&kl-h@DzVFrWa&COjvf<_2_?~6M%elp8 zwzNNd^S!{v288oH%Z8V8tLiIE4KL@$_beM5aL)HE8yk?$_beM5u+H}^8ynEh_beM5 z@Xptw8eYzg4`VepV4lyNH8!BWs_$7gVih*s8`3Ae8eYzg?^!lBV4p8nH8!B1?}#WJee}i#{Ik$gV*~zK=&7+m zK#nhqt9|%qp{K?M{PR8ahL>|=p{K?M{Ik$g!^^p`&{M<9xv|hwV*~zK=&9l5+*s(T z;pN;|=&9l5-1vTbV*~#AetTmB{#od$;pN;|=&9l5+~RBJIzRYlp{K?M{PVr{#s(of zzBI1-@Xta|jScvZuas*$fjho{E*t*i^XIbRKfZk~8~)?N=gIc+Y<$DL;pN#_=&9l5 z*~+n^QRWX`o{fc`8eX2Qtc9K$kBHA@E%emz@@r)+^wjY3Yb^BC@bYW1nugjZ7PHV( z!^^Lgwa`<;%deHS&{N|PQJ00D8js*HR^Cv1@L1MDPmM?LSk^*MjYsfU)NAOtI zLQjoH@Ww(?h&X|#(Gs9R4Rj-`bUJyiq-^bJOY)9)&y!iB2-plai27`gv!c<(0>Ff zmB|y?_U8PV9%)TV$ipPPOBs2XM26p|G6`PF$zv-S-WSqC!f`qcTpE^71gr z^1ec4(!7+J$5!&Zl$wW0K=>M!$@Efk9$Rs*l%0o3u9wpDFbM`JKM#{wkP`GTN%vBQ z9wwfbQuHu!yp*GdiQlCpJxts#W$9t!btz2`6Q@ggdYEK=DNzrT5RfwUF!9KgRfmZ~ zrnEXt{P9&zANfy-b!I3?L(;>Ib<4ihg?HxGYhD^SwQ5?0vc}?ka)9z!kYyI z-YlT+W&wFO3#hwUAi0Bu68yqK34URr1i!FQf?rrD!7nV7;1?E3@Cyqi_=SZM{K7&B zeqo^mzpzk(Usx!?FD#Vc7ZytJ3kxOqg@qFQ!a@mtVW9-Suuy_uSSZ0SER+Bi=Pv;) z&R+spoWBIHIDZLXasCp(;`}9m#raDBi}RNN7UwSkEY4p7Se(BEusDASU~&Euz~cNR zfW`Ss0E_dN02b#j0W8j60$7~C1h6=N31D&l62Rj8C4j~GO8|@WmjD*$F99shUjkU1 zzXY&2e+gi5{u032`2p6>53qKAfVJ}jteqcV?fd|1=Lc9jKfv1g0oKkBuy%fcwetfk z&OZXMIR6O1;`}23i}Q~FEY3dyusHt+z~cNP0E_dF04&Zw0;u02UTT02UTT02UTT02UTT02UTT02UTT02UTT02UTT2)M8?0>7{@0>7{@ z0>7{@0>7{@0>7{@0>7{@0>7{@0 zf(C9j3L3cCC}`kjqo9GCje-VlHVPWJ*(hk>W}~2itp#EI_DP zAhekUfHeyMYZd?&7RCS;7RCS;7UGIF1rb;n16WuXBecQ782rM*7{KEEV*rcuj{z*s zKL)Tk{}@Q(-eVw%dyj!6?mY&Qxc3-H;@)E*iF=QMB02L?JjFqGMWq09~pWp-dF!-2=a3b`H!EBtvJ ztnlY?u)?3m!3uvKCl2DkE;;i9qjXc|~tbR3Rw(Q&}R zMaKaL7aa#2Ty&gRhKr8F5iU9oN4V%X9O0tlaDnBu);;h!3q~02P<539ISBB zaj?Qg$H5909S191bR4Y6H^#vVj~xdqJa!zc@Yr#%vd4lI`NlX{*@3~z4h&XyV6d_S zgOwc^tPtdJVwwFJ$`IsnC_|9Pp^SWE9Lntc#4?fM2r!zh(h`%>w+I1^6`!@Cyr*@Cyr*@Cyr*@Cyr*@Cyr*@Cyr*@Cyr*@Cyr* z@Cyr*@Cyr*@Cyr*@Cys^BTRBaSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gSeS%g zSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gSeS%g zSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gSeS%g zSeS%gSeS%gSeS%gSeS%gSeS%gSeS%gvjD$l0e;N_{F(*$H4E@-7U0(`z^_?=U$X$e zW&wW90{of<_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj z_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj z_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj z_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj_=SZj z_=SZj_=SZj_%#dgYZlfM2r!zh(h`%>w+I1^6`!@M{*}*DS!VS%6ng#eZ3-D_e;MXj`uUUX!vjD$l0e;N_{F(*$g@qaTg@qaTg@qaTg@qaTg@qaT zg@qaTg@qaTg@qaTg@qaTg@qaTg@qaTg@qaTg@qaTg@qaTg@qaTg@qaTg@qaTg@qaT zg@qaTg@qaTg@qaTg@qaTg@qaTg@qaTg@qaTg@qaTg@qaTg@qaTg#|C31Pfj~2^MDH z7ZzsV7ZzsV7ZzsV7ZzsV7ZzsV7ZzsV_wR4(NuU`3{!gpeFuGa72GY$DY$)9v#Rk*O zF>E;99LEOK%?WHs-JHY*)y*kvSlyh)2G-3PY-rs~j|(^FXTWuHj_vTeIgbsnn`f~h zcJp0qkljqr*hPCVyLq1NK%4guYBv|y4z`;YvEg>}5;ov&UdD#p%`4cTyLnaiEbMBv zz2^KZ@K%l;r2_bFGJ&)3ySc=60Nz~2hTzRR*dV;Qf(^r)cd>zZ6Ni|E;>~+(2jk8A z*l@i002`1u)AQ_c0+76!p5G4}lsDI@56hby*ucE`2pgK8r01Pue{g4${LbwT?B}SXjS%S0)owWi$=&Th0LT9Z25ISoGfY4bh z0EEt30U&hN3IL(ARsaZ{wE{rstQ7!4XRQDbI%@@R|EvHII%@@h&{-=0gw9$4AavFW z0HL#10268jcn=3a0a}Dw0!*kSz=T=?OsFLQLgy?25ITnhn9w;Z0EEt20U&hF3IL&V zRsaZ{vjRZqoD~2<=d1t_I%frd&^aprgwCM=cF;K#zz#fz0+`S_6u^Yep#Uay4h1lw zb5;NdowEW!=$sV*Lg%ai5ITnf)MfC;q%m{2PKgw9(5 zAavde0HO0%00^D80zl}z6#zo#Q2;yWJPKe!=TQI?I*$UF(0LTVgwCS?CUo8k03h>L z00^D80zl}z6#zo#QGlG#c_#r3@H`S=Lg$eH6FP4Ra0e^_5IXN9fFxqx3IL(=RsaZ{ zw*o-uJPKe!=TQI?I*$UF(0MBWgw9(5AYk4K0HO0%00^D80zl}z6@VBzZv}wRc`E>f z&RYQ>blwU8q4QP%2%WbAxPMjv2%WbAKfC;q%m{2Q# z3AF;4P%D55wE~z>6u^X@MFC9cSrov8o<#vn=vfrNgq}qKOz2rF0DzqR|JZxi?l`XN zTJ$@AMcd&qz*rA7Na7*c)@{5jCZfoYlx0WK;ebd`giQhr09sOPkC6akhMYKrAtX$| zOEhyxIB&stPn!ccjDgrV{P2}9ijh#dnG=5 zuS93>mDudP5}CbM;%9_py;q{H_e#w5UWvHgEAiHQCE9wg#9Hr_Nb9{4XT4XVtoKTc z^zsSytu0Jz>nw=G0?PGK}FS`Eh$F$4rtk`LvhQfKV(>~?~ zS?shA(m@tGfA-J1UhK3FK;gXDX&>H#EOy$*v>e7jI8wwp`J;UTprqZT`*9iq8Myc!|IXzG85K zuQ>ZJ=DxGDqGf`gh?w9dCMI}^iV0rgVuF{*nBXNgCU}XC30~r3f|m%H;3Y;Tc!`4v zJ|ba)k64)CBN`_7h^WCqzqtx~%~jZIuEJh(7515{u+LnD zJ^GhpeLT4e`||I@CgZ8FAO8ld+e@y(UUC)olB=+nT!p>llD(od!VK2D~d&yPUOHQ8J`J1b>ANgwMZ%*FX z`I>z6)#BT1^3_-Q$L2r zf}4yl78Ky{NBhym5jULXoow|Id#P~GYUB0+VV7l;MbU-bgfp!!8G5D%)4d4Y&f z{aaojCRG2n7l;bgFL{Atlj`GMpvk5BWiL>4QhmY;6rNO{^a8Cns(;4|M6l{pUZ5GM z`m`5_V%2B7Kyy;{D_$VdRe#M3#JcKNy+E|9{<;^4ch%qU0uitJcfCL}7rvi=T3=BA z#qIY*$7X@4+3b`=k+Hc&vL>@ve^;_5uZ%=-&tCYs{hp>SZ(GdswnV&ET`S(TNfhnA zDp9O^QKCq9OrkhvFZ|qoPn5G4er~@f#=WGKTb5>MIh()2~SsO<$ELmVRBLNcs(l;;2x#CW^l3ZE4Co z?y{!5)6)DkO?juiqnh$gp7aYe=e;WAuE}zayDXzQ?hVRnj!O~v4ikM?ivW3FYWweh zIQQTG@K0oe1hMmSPl7`kKecL zpWE-t-~9Za?7fKF@5|r(96xfkOXP3+JVcAhY=&fB45LkllRz&$d~5`+fPFf1UkMHRNzU z9<=HI_WPRtKly>J_in#07xZuc<~KgPEnZG6t&L0jD4{;|NTvGYF` zbhgEG`^N&VR%Zpc6Xiac&D?sueZ9Y zE4l00&fc?$biV3PxPw0>aPp+6NmXLf%Afa zlS)8(p|h*+$w)nyg7IAXOn6mW>xcH5uSW9_gC+cj!1pVS$9nnQ3+j>JJsIxZt6-$PcJU$ zezUK=vkT-(wWrSEjt5Y)?;@J%?Y_|Wb~_l~-gO?nqPP28XFJ+Uo$o$(^>Rm7UwdG9 z3ZA8-H&xwtu_N{Q)4JmGhj^3o9qpG6batUNI3sWD?asc7-B&n$PFLm}_d@6MwKBuSi z&8vN=*&7Pab##TRFpg)tds4j}mo6Q^NITJQj&-khtP}JD-QfOGQEw=D`(pRy{Ud>j zF2FJ3mL2Cq&(3#4WxV4zJI?imYeLU2bYHsE{dO4Ix$ds>ok3^4&mA~$2B+HJ?EZEK z$6_dVb@!pGR5t-&Ck$1c>b=;0=~C*=4k-*^K)onRhJ(>veY3X@z<0J^N?qyh;r%Ly z`3&y=Vr%O3iMBJZW=^%Hj-5`OJayu0$68ujQlHP9hWz=bQm-C6^WuqD&ZJP|ROaO~ z-$DcjOXVB=G6RB`RHFc~N*R`dNx1MT#5iMt$j=gm3%r~Ao(01(1%b`tp^He5v zGIQ$8vF2A^%A87_eC5>16Q^5o`xZ3&^0AlOPT?-C$6H@M^9=5avQ+EWAf!&en0e`? zaH|8ESJ3-Yp?|676DPlM>eyFbJd=9y#7ixh<5Eqn=vk)erB=HY2G#sh=GgJ4QZ1R| znXiW4ol2cRE2j>GYSz2dt1q^OqHw*(R-yG#`I7Sa2)0lrczA&zuJEnI=f(6=Ptn`q`a{M-#I|`oeM_Z+m|}t zbhbHjy7g=u6prbS(Z#Ws&zwD;`8w`#5Jb z{!Vkt>+duig*jG*hvzJ5d;Oip8kB^y;W%A(9BO)b-QICiS^cK6`c10entuJArVQF@ zvTG=}qOA4vZ#;!Qg%{LQRlVV#@NPRgGr(hn$tb~NB$VLMIQ~WOjS>XuI7aM_<1id_ ziA^@X{!S*`KD2^{-zZZCNDKC-4#K6wt#!Ti5}X)R_gYovbn~%ep`};Ov_0KWg=<`Y ze#xcwuD7nXztw^2Rb3rd5s_U&ELK?ylV(Q`plj6)LTzg@^nz|Or52NT?DCsu0qD0o zdiu_KzYyFY3hV3kW`1T9WJ%?_e@92XQuIP1nM-eoC zFV(@x`Z2A%)zRmp+JFCW>45`fI!JE3?~*+o;R0%-stKg1JAxg9%0Y81y=dpn_TG-V zBj`S?paZ(brIlkWyKxe6?{B&6&U^8@S|*NaS>bxsi)W6%^fdhEu`_VZ>fK%&0V`H{ z=uGH!K>3jklqx@=K8S7B--l?*18`oC(g6a z9{cLcCr)AO4uPa0=xc?ZjUve|h#CX45y@&wZ=9>e<)ed1{`1{hhY9H@^5R zE_?0lSxghBPoF)DHZS&FzLZ#3aurCOwEmeClk{Be^>y~Wy9fSLsn>zZ+2#|+Pi8Q` zh^~(?iG;{NRHJ&ND#}a;>$itB^675i+wDD_?QbIFt1fG+!UsH+`T}yW9z@mN;0F$N ze+!1)*K@Vw`2+L?XWwqW^et%o+|{1m&TqpOLrsLKS~RArzi{x|heDtij=H~v*7uCD z;#O{f<}gUBZzpVgr1$#v6PqI*>@Qmk{Q6#Cuap{w@(zHUobA?TqF7Z-;@06+mxCm{)@D4Vu6jq4z>Z zk2|`(GnYEMIxch|!c6Ldl8E{xhrT0@cp0gc2J>5OkRZ#cCw>=aVByV0tz4Onc zPG0JOdn2+mPaCj25^5rJfNnsw*IUmb^f`4F0VATluYTHSrQ9woOR%IsC&40{r-DDY z+j@*8OG(>H}z@>~aSdG3R}EBg}|Z zXV3O^pJrsGsp(Gg%+mMn75eRG zs#0%(HeHX@lN(eRS28 zQF0QkR+^yQ_;Xjn^mDnr@7zVqInQ3T`H6lgboBo)KQ0IFbHKx{doPv=SIPPN-5-D1 zfrIBr=?j;-LE+cWbzkj*kvsCKXH!QGrG7JY1Vh7aORD-{CmOGLK83$uf;Z{vA(1Y8?O^8{DU_DUsV}B#5xVX#Nk67mh_1pgsG3L2%wPD8>KC4?`OWIrYMyR< zwID6Y{y4dj!*z2Xwp^?|p7|v% zF9~MPU4%C}mwLLq2`ZG1ac|B?uWHb%?_pFS#MvY1L$>JiSuZWTd=jcoOf9k3Uoupn z)peZxWxO#u3?B<6L;v(KzJAzqG5_)I`H}tp|FwJm%o_Q3aL=5u=%52*_HdV7R8A~b z{FrIwGxz(5rj@W6-O=9l>&>)uS^s-t(c;QCC$3)V=sMos8oTyb`=g9S90q$#Erq7;eX*0xMB1w z%!NS;6JV(5yA<6$cpeq54&K@(lW*dDm|?%UH^Y82T+bQyQIp9x-v|+DuN`;HcT|%+t+FsH>aP3@QjLTs%YvUi=pB2 zuGp2XY};8c?++CKpXXay)pkL$y^he(w-fft(q$V~juswQJ$67m#{qe*iUG0s;Q_Ij zCgXQ;e~RJ$s`G*^Mjq+!{}+0AM%})MXut9r{relXTdj%WAYfKG9Br4)JIQ?I^8uZ` zoz(O}#jE*-sqr|4nUc%GDJ(Je_`@Ekb<5EZL*2ev~)=)S1Vu`=RYO zTJpiL`WTKlD|9j)9IOd^I%&s%(J zAoUw*1YV5Lu^V?Nb@?iub78NmJ@sw8mUKSlXAlPdr{2#eJ6(HMeA;a8Ps6GYh9eBu zr|$h=hm&RFkhc6{b5(d5;oL>^c28d~S(D&QUpIZ4-G%H9vq-AyYFB5~a|i6$AI3d* zprZNxAcRK$X9M5^eHZ{gQwcyQKlG`}$5YFMa=q1MJKV3y>Vr>u((^{g|17Kl3dM5< zFA0tH3K9aqS+eYWfYTI@2Sp7D3ij0KIk(u?s;>53;B(Zyjg!57&Bt%4pS##`?pw*& z_|QVe_2@`(zquuYKp*#?!NZR-J4||#3>!Cj43()#@zAO~>cJ=4N6?crhj9Oq{>3|3 zHW(a+&V34C4?k(`3)6?Ur{~y#geV1Wc;^R0dU%&-U+^EU3R?N@fFtc5+BeCSfD5bL{+cKVZj zy}()holBqpY#W2a9%-OzBf@oDt1@loAll0a%FKI>lAo{G}Bz{O%<3{)d8zPR6P$_t} z52Z&;b&m%d{YB7et8zyX4f>p(G>kI4_2Zt+1PiZfKG|@zMo)T@*23!zHav^S{6v|d zB(eGaHwP>>JNu|Uewx?BHGHq-V*9&T5uFPUxx4VR^-|b&==S}ZnlcykKY!4l-bEXv zI*tzRZGPHV_CH#)vY^#~#S=oy{m%){o;{8i?@qLYSI(bHwO+o`_ipNZ2j36v=z&jp z_*t>f^m{fe?@~iQEWw^YfBGQHF!&6h{(k}0PwS%%Gl1l#_&H#U6%}5(Hros!`nj-O zsVTVpl1E%oe)>x({kb5ErLZ>*!0 z;Q4*ZIvs}Mmp-}Kq|Ms&k@_PIhwF~iSGJFk@*sGPcB-oEJtgaXh`AnP@dsY8$F*U+ zk4GkPN(Y{MSVP|Z{k_>o1M5ua8s1-#gTYpCDEMqIu%LHmd#_yT4DUdIp!_Wc<+Je5 zZ}nZokke)Nhv+^!U>uIE3wH6t?^>`;zFhIS{V!bXov3{4Lf!Z*uU_o+{+E8BXZQc* zU%E&Kv#!vPNK{_>OZ&sB@anj9j@Q>24D@!q72e2C7SnGbMhGvG^j&Q4O5vwI-Jj7< zK6(vbwYPS!g-@`1?=2kn-K@qoGAq_NiS-7uxd0OZdmrAY*>gYpHcHAad(uo#H_;Ow zBv(CKjVBP={;E5A^zhN}NTpKu2T>Q#II5oc4y$|*m+Y&Pdiu*Lo(XfuUS&M!C~xVR zs_z|o_G&LKcGfYPW|eAO1!g#Fo(4@`$IJ6yJ$oAO&7V2j(u%j_@w)WMGq2!P{O|5N z_wtFet;bKE`GzLiv;yE0$tH%XL?DqCqHIB3i#_5NdOh9hqvHBR&j@mZ4H^qEB*03V?srWk(WEdx%rkP0pw^3ibDe)LvK;9#~tk znSa2~#s?S3z)O-|6-#2Rat0g<&x)xO8^&WAU{J07;>u3Zmn8b!>)*bBQRls5N%bT^ zM+rHeXq`P%Jv@ad@8kZ)oGPTr-gaN2SKZ>VMo@$h@C zle_p-EtK=-@y1zhT>r6_`B;AVf)K0XGGxlh=3FRe-2NEMYkay}d4yr@Z^{*G`g^>i z+pjH)f*)^ikKPb?GMWD!{L|xHChR`U$_%k=-x1E|Q9%>u?%=Qz z-w8jKdi{& zc1L?$=%?(*I>}={tD>Lrd7U@A&%gWF8u;)=$6M{XN76fY^k?}4oJ$;+wSD5kg)k_8 z3d=$x0-tAx-+AJ6`7@C6D&B5*euiqalZsHIo5 zjRs`O>=002=nf_qj8yNugre7IJND9xjFDAUUT&nx8siB}q>*%X!FcwJk`}49KXV&q zfqM^)%3Pe9Vg$?Iq`E4xVP@94|LH(@-;qYl!91Q$Q1IKG=ld@1k6_DgocMo~J$ceM zFv@=f>3w9J9l{|_ynExr5|Gs&{=LYrddt2)MpNd8f}d#Xv?&*Mq6vzF2MmCZ)-j51$9=V z%`a)It6>{$t*X)1TE~8b@6)iSwQX%}E!Gn+I?SRs_;Z>nJ{o;06*gWD0*ekfNuN5Z zS&;hDms07ls7T@#Uvg*%%G~M`K&GdK1LMzU%KWWQW#u3T6DxZ$!hHE-ul=-Jn@OL= zM&J2M+&sV=w^$NurPz11{8xtIEnlAe6q{wd6c*8sjs^nRYw&J#*x(GcQvV5o!#lMB z53Ma>iLWP(gb^^P^y`uf6SHOI8oV5i{V!|sD_=>~9ePIPxRsZG0e3pwR?#F(w&t;o zw(ebwM$@&AYBk&qZ$Y!^Prqr{#0+Fp@7ng?py4q$NY_5$4xhOL``;kj@2H;aKN4jl zQ1W=o{l|Xi-#~zh+|~p1zMK2++G#afW~fG(aKkh`cG#bEblfx4$!g{p}U(Ub}z?**)j>97@j0+*wk?_?4JV5EiufH$>VC%zd8YW;r z<+AslrLk)4l?8e{4Z~^!GlG|C2yO-^dhzozo@mgC+T_IHeJAR;+0pyj5ibqgwY$Qy zKjp5i4>i93uHJZZ%e}_I#ZPIx*&6pYl9uUQ+-QOVSWxjfisV;$ztmz6Z-9lN|B6Ag z|LVdq-Sg9mo*%Lzjbd*h_sEF)DVq617e8*qkN$K(b@J;(43a-(Nn<(9&CT$kqVPZw za`^PwKKl%fd8P34#PE{$BR?7dOZR6X{&I5ooeMXI&791kUuLO2r@_{AxHle;m^TmS zzWBvA&{UX6!tXlv>_rsVyFBb-!_aljBS}zxu963jIA@l&{{%WvHn)fop$dOU$*uH? zPE>MYe|u!pO~t< zcs(J3!-8S>T3XL3Ji2-2u~*fWU!_MYe$^9u30m_P4hO^c!9uh{-r_j<(R?@o6WRNm z;Hi$@?yEiLI(nbQJGAHVOOI#qkS)}Driz~zEPsySA0y;>c0^PyTMFnaL)aY-AJ!>% zIIVhJdoNJ-9`0>m`_x!AXPA~ATHf;ZVR$~l?R%54?0TJN{qleiON74e%9mMv?bXn9 z>5l;6xAI_&FQ!xO68vZ7p-$^Am%_xu}E(zAK1>H}37 zTQRnWMQf8CzZs63?f6_cZn0y0+2KG{s~vZQ<2F0yg7>R-{8lJ`(T*>M<70N*8IFI; zj=vd>f7_0koBJg@z7)!j+cDndJW%zr9pg(02dYlkF`k4Us5)uKSHkh{*zxa$<5PBw zw~7u_h40{eh2MNSP!#~cabGBZ#g6ei{R35Bv*T}v<5%tY?Qr~cJANk|2Z(U(yW#kE z?fCb@@sd8Ay7X6+^u5$2eusBSpGjT1!*lvN>Jq>6yQGhzF7cbbOZpb-5>t6C=@Y0+ zf6eRk<aF7X?;OZtrJ(j?F63&>0Oeik$_tXB9H+ND2}G{bZH>hTi3qJ^6J_yRpTY*`&!Z`jhC41Yf0ZTUSh7VC4J0ziJ88Z zh0!vmFaAmR=0dd z676hxOcE_?`L89>mX`lk60K)hA5C7Sy)6Hu&e1}a$0gAwmM2W={J%_1`dIEVfnT0c zRYJY2kKr!=Gl!(F-7XW(WqpKrnE)>9Yv{`cnZAC$!ml8&h*m58p_LU8Y2`giqRz@6 zQ4(2J_-*7BLAFB3Rs`7!AzKk-D}-!CkgX816+yN_$W{c|3L#q&WGjShMUbr!vK2wL zLdaGG*$N?B5o9ZbY(xd{8otHst~(R z4X%oEtEAkjD7Q+=t%`E@`MK{^;kQcsR^{IA-w1bK6`J>{`Bk~M)gSPj&|IUgSLMR) z6O~nAd!MMR%7v|d!0Y6+?$dp*3hDdAVO2=qr>yP*q^i^5GM`Xw9wC+HMy{d0ouhK=Y>KoP{na*Srt2t_LUf0p_t_j;U zvT;q^lq77|=uX$1x+cWdh}fDCTO(p?LTrtQtqHL;GIdQ%U8D7^iK%O3 z>Y5N+BVubpY>n2lCXCj|%{5^pNlaa%Ev<>EtMp52!f2IDT@yxY#Aq#V7_D*QToYnz zhS;Lc@w)XtFlqe{gC^F++jZL6y0Bd*Z`Z}!bAOuG8m1*@*tkyiuZw@{y7px1-b)vcM{L6BD zLUWyHt_#g|qPZ?K*NNu3&|D{)>q2v#Xs!#*b)va0G}npdy8P}s{qDNZTqm~cLM5KG z8_J!o)19u%ovzYA*9B5M$&m2Adsohf_cb4`(o@_QN*@u4`(ofnpImO4^P8Vm-5jv>SINk)0c|UQ0f^@gtohS2twK;p4Wr zyXKNjTET`adz16UhGv#c+Qf$Je3SFV#y_Y{TF9nro_yStUN*_cO=)72eB9L7H_69M zjdqiK-1PC$yKah)o8;rBkBIcx^f8c+o8D{kant)rK5mMSo3yM=@o|&3v?&j2_-)E( zZgT0dspw{t_OdBx9R(~#GGx;WLug?x2gFp@o1a#+Lm~ep-#%*&x+>(86)9-GHf7|5WmaKJ~tCB78Z=3wvlI?Dje_P_;Hu<+D zOWr2`w#2_}@^4Fay-ogYiGSPV-&H4r@4fBgBjdJx zL}c8ykAaNa_Fj{5+ulzyZrgiC#%+6F$hd94I~ljF*Mj6Hg3}jwl#Nb z6Zh>|^_oa;i;dgFc6(muh~~D~xJ~>D;$MM?6~ur7bykqg7pSFzth_+I6lB*0GPNK} zE|8lA*=~VsEXZ05#Ivd98CR*(%A$f|;@u0S3YghPQi6of;8I243KfjAU| zLxDIHghPQi6of;8I243KfjAU|LxDIHghPQi6of;8I243KfjAU|LxDIHghPQi6of;8 zI243KfjAU|LxDIHg+r0rEy@oT$(*7*Uy)oX%GVXij-tFe}!mmjDio&l*{EEV_Nc@VzuSoog!mmjDio&l*{EEV_Nc@VzuSoog!mmjDio&l* z{EEV_Nc@VzuSoog!mmjDio&l*{EEV_Nc@VzuSoog!mmjDio&l*{EEV_Nc@VzuSoog z!mmjDio&l*{EEV_Nc@VzuSooMgx?N%w9{{l+o7-9c~26(+s+?JqCeYtUlKjoj`+7j z{_Ti=JLKPv__sp~*%5v_#BWFV?GV2m;kQHlc7)#!@!Ju8JH&5C`0WtC9pSe_{C0%j z4)NO&emlf(NBHd!za8PXL;QAx-wyHH5q>+wZ%6p;5WgMaw?q7Pgx?PF+tIpi*X}3$ zcJG9_e@AQYUAw!`+~wBrj#lEk))!&B%XPqx;+I|PnULQ7TehiaX4m>D+;{(;=d{$= zwO-2#b{UuNDAL)rF~}x%8JF)U(%I#Rc4Z;Ej0ASY@Lk&HuIy!(k-)C_zDsM}mG$g0 z64({{cWJx3vZY-{0=x1ByR_t8S=KHifn9lqUE1}o>};2jz^?qnF0Fi5R=3MYU{_va zmo~pE8{B0iu&YRCmkijIMgEkLz^)>lpOO!|vd^E=pY1Br`6=14D{K8Jz1yxLou85` zyRzM%($_`(GQxO<_lWuxZp1UZOVls3jAwYCs9zyRJi|Lh{W8>ehWCp46?Vikyj#>S z(~W0zKZPFg47nQh%b4RCdfTX9;YU0}_D20O?|6p(H|kdi63>v&QNIj6o}ovM`W1%6 zGh}$wFABsn^wCkjLXmieoR9kD)Z!UN%Td2b63@^JME#;kJi~}N>K9Ss8Ty5&UsQ=_ z7&S-zB1=3&PZ9NtF7XT_=cr$ViD&3LqJB{(o?-MH^@}v|482LzFWSU2jG&`_5htFZ ze~J1(bkr~M#543bQNQRD&oGjX`bD64hCV175QXBIzY4sJ21KHGhF&5X5RKv) z`iW>jM2ctVDWU;UDW0LPhz3Nac!u608W4fv8G49lK*k@>kloRB*x1;N_ztV?fcXVC$SNf3rj;_o8 zN*|Kp(RJBhY25gCUG`TRH~w9h{guXzf7fMyrE%lmb=hBO-1v80_E#D={#}>-mBx*K z*JXdDapT{0*L>)jemo(ztXtzZ&3DE8aMt8%Kl2@#=k+?UuoRr z8aMt8${tJO#=k+i^wPNTZ%|IXG;aJGlv^*28~+C7*h}NaKcrseR!wQ#_%|r~E{z-i z2IbyMpJ{#=k*1`qH@ZZ&0qjG;aJGl(R35 z8~+C7?n~pGucJXNZA;_E$3X=zrE$*L(V&*MrE$*M(V)Va(m3bsXi!Vs(l}@CXix!8 zX`FL+G^k~6Y25fdsF0^L&iOkU)Ka%J&KW!!bpDSU{|BA_@*vae{s_%$W_iUy2dQ?jpU z!1y&K`-%pPUsJNLXu$Y2CHsm7j9*i-uV}#dH6{Cs28>@*vae{s_%$W_iUy2dQ?jpU z!1y&K`-%pPUsJNLXu$Y2CHsm7j9*i-uV}#dH6{Cs28>@*vae{s_%$W_iUy2dQ?jpU z!1#qU#Pk=@fbnZe_7x2nzoukg(SY%5O7;~E7{8`uU(tZ^YfAPN4H&@*ZeIh&uPMzh(SY%5O7lxJVEmfW{1OeA zeNSnAi3ZHRr!>Dr17_b-nm?ie*{|l0Xu$Y0rTHToF#gPH{)lF6zMR#35zX5CIIH;~ znzi|GR`WqLYxCc%{C{MLnxk3y`)JnYw^{l3Xx8SlS^4v5*5&O*W}Ppy#*bO&$E@*T*7-1N_CM?PKWp|r>-Iit_C4$NJ!|$n>-Icr_B-qLJ8Skj z>-IWp_BreJIcxSf>-IQn_BZSHXIZJES+}=Yv#(jVuUWIFS+}QIv!7YFpINh)S+|#2 zvyWM~k6E*aS+|E-^KY|?FQQqqhgr9WS;If)_~#7&oa3J}{Bw?f&hXDU{yD=x=lJI= z-pM)sIm18a_~#7&oa3J}{Bw?f&hXDU{yD=x=lJIg|D5BWGyHRof6nmFIsQ4rKj--8 z4F8us| ze0hg2Z}8_(FK_VW9lpH5H|Oxp8GLgN-<-iW=kU!Ld~*)p zoWVEe@XZ-~a}M8}!8hmd%^7@i4&R)?H|Oxp8GLgN-<-iW=kU!Ld~;6UIiv5K(|6A3 zJLmMBGy2Xsedmn6b57qm!+*~4pELaD9RE4Pf6norGyLZq|2e~d&hei!{O271Im3U> z@t-sN=N$hz!+*~4pELaD9RE4Pf6norGyLZq|2e~d&hei!{O271Im3U>@t-sN=N$hz z!++lKo44ifyp~_lyxGIN<2i53-+3*+qIt8AdB=C&mcR2_ensYKIcYNk8{G0diYu@mlcf95; z{F~SEKAJcD=N-R!3;*UlJexOrn0GwqE&QAJ@NC}fW5MxVFnkvr-vz^W!SP)%d>0(w z1;cm2@m(-{7aZRO!*{{)S}?p89G?ZlXTkAUFgzA~d9YyoU2uFB44(zZXTk7UaC{aF zp9RNf!SGpdd=?C!1;=N>@L6zt77U*S$7jLtS#1WaPvuOHR zbp0%veimIni>9ANxBo@6|3$a|MYI1!xBo@6|3%m5qUm$d?SIkif6?{3X!>1r`(HHs zUvzyhn!Xp^-!0nmaMAU@X!>7t{V$sS7hV60rvF9P|Dx%C(e=M*`d@VYFPi=rUH^-w z|3%mTqUnFp^}i_nJ3khUAB)b9MdQb!^J78hogWK2@BCOazT9&>7mQE$9M1)vcRUx2 zPxl@5_$Mc@yd(ZK?XZYN6eC`=O_Z*)EmKzHzo+@k-u8*# zQ+K`<_M+qW)EWCtLj0cQruZ7S660%{JL7A_CcdVneSD4B#Md;J#@C2Nd`(OH_?q4O zn&#H{8nKA4X=xu{BNp*B^)0?e-Nx6nw2!Y*xA8UUHoit(#Mh+T_!@N)U(;aXYt(Ig zO~Z+=QMd6m={CMbUB%aAyYV&ZD!wM$jjwU(8()*{#@9G^#($)((D;wY{rCgT&G9g8 zCH_E5@pzcF5`Q4<;$d<*{y^Bp!^2ef2f{8MCYR$6gk3yLF2^4TyLgyfjz7>`5D$~f z@dug<;$d#}#2;ubh=&;)#lwpA;$d#}#KYR^jfWX4#lwpI;$d#}#KS(mVa87Juwub@ zm|H#Zu(o>RVa8JNuwuh_n6@4dYpXXNrme@r;$}QdUlI?CoAEGxNjxlW#>4a_@vyiV z57YMJVR17arZ0(y~+G&KVkMd;p3k$d!6v{Pnf+<`1mKxUMGC~6K1ayKK==_*9jm0gxTwakAK4K zb;8F#VfH%VClqVPlbq|~32jBjlbq|~3B}&=BWC-gOXEqd9pVZ3 z(s+`OI^qfW(s+_dJju02JmLOo()c;y z{%X?rIpO|l()c;y{%X?rIpO|l()c;y{%X?rIpO|l()c;y{%X?rIpO|l()c;y{%X?r zIpO|l()c;y{%X?rIpO|l()c;y{%X?rIpO|l()c-B0+N3r) z<4I%Eq&(ZY8Shy z+3g&A?UWs7?5$IFJH}o*Ww%@Gol|x@#a=mOw@d7eQ+7MVUN~j9JM4W^c00pfH)Vkt zV{eZ!)Msf#`Yer5pQRD$vou0|mPVw{(g^ig8j(IrBh+VUMEWd^P@km{ z>9aIKeU?U~&(a9>SsIZ(OC!{0X+-)gjZmMZ5$UruLVcD-#HZ2-`BWMapGqU-Q)xte zDvgj&r4jL|G(tX=M#QJm2>DdH>H5BD`o8JH5BD`o8JH5BD`o8J< zzG?ct>H5BD`o8JH5BD`o8JH5BD`o8JH5BD`o8J!{GHx!7YTZ;CWt?0Z)jBEqC&PEt@f$V# zvW{QY@XI=WS;H^u_+<^htmBt8{IZJEOIgOHrL5xe`!?LH!;>|5vJOwy;K@21S%V|% zaAXaRtizEtII<2$*5JrG99e@S>u_WZj;zCxH8`>kM^^oFII;#u*5Sw+99h9}pR2A? zR_z`3uRc@)U0rj!*__Zc&mvJ>{O=pzQGrL3NXeu+l*-+U;~;D&K}rK>;r5-OJ@5IumLTZ z-FbiwXvtiCJ-`OEWLo6|Y(Puq>gxeEpe0kg4}2&50k(t@H9hd1@CVourYx8rU`v>? zaDIR-Vafvf0k(uG3+V^g5~eJuA1qKG4}2&5!2-S118jh+KU@Mlzy`Qv(&7O&z$J4{ z@Bka&k_rCjs|UUl|6qZuuLr&p{{UOq?7z(A z!2(xbzxd$~}h;D~z|_$%jxqiNOAbb=D@W8kkG7LG_Q z{M8hLBU&r|YBK>xq#ORqui=RM8ThLW1ssur_$yzBBl>3i)usZDNK5?H^n@e&Yy8#5 z0***k{FRTy5%)ImSDOnsB7N~!e)AVU9OAkVCE8#>2|YVX*UsE-nI4<#Z$O2|Hxi2f)c|9j@XG=&oRYm{)m5G9((QNq~-B_btC?wIv{pvfI2 zoX${3ejO#;H$;ghe3WpCLy3GnN;r$5M0*G*;k1Xp3Eyr15G4uUZ3hu03Ezjsci$w% zIq}`MNl_xc`$j2B#CP8+MTz+Co24ib-+j9jCE~kpn4&~{_bpSDi0{5>iW2eNw@pzZ zzWc^0O2l{HIz@^2?whA55#O<^O^1pS@g4ixULw9@XWL7}ckFF@iTLi@HNW^F7Vh*~ z*tby~TfzV0hrWe_I^rqza=eas>f1V~Bc5V^$LolvzSV;|;wkogypDM4+drryo?;)! z>xiemC4@TSDfWiEj(F`eckFllWEJ#Xz0JuVO>P>Lh;Eb~aEa@vGS6usVrfwcQTXN&G4{KCDjSS8WFbbrQdd z%@C`T_*L5#L7l{}PRnm#f6TFv-a_d@_RPGF{Kk~xW#FYa0sClPM{&ZGf-BUK z-@x9Q*OA|tQh^XGDwK{aySUGgZwK{aySUGgZwK{aySUGgZwK{aySUGgZ zwK{aySUGgZwK{aySUGgZwK{aySUGgZwK{aySUGgZwK{aySUGgZwK{aySUGgZwK{ay zSUGgZwK{aySUGgZwK{aySUGgZwK{aySUGgZwK{aySUGgZwK{Z{5iE4*S{=G;tQ@-I zv**xVMzN^lv**xVW985tpFM}}GLl6dpFM}}8Y_qH`0P1!m(eWh`0P1!*H}4p$7j!> zyEdB--SOFT=&rGH=#I~xLw9X9AG+hS=g?ha<$~PK6?(` zwb}fJzX$q@8+ao!Skw)?5Neir!(NR zLWw#aE#JV~lvc;R`VD)n5_LRUzJWI^t&V&38}_Ot>Ugw#18-eg9rx-t?Db33@o4!5 z-o&&z?$vMDE19U{(ee$vooRL4tKYEKG*QQA&l`AS)9ScazhSR#qKbO_G zVXt$dj(hbRc(c>$xL3bnuXv)4d-WT5+tcc}SHEGeeWH$g^&5Bt)atlbzhSR}qKbO_GVXudxj(hbRcvIBsxL3bnuZ*IOd-WT5d(`TToF}I)WnAt{l%aQQ$9(?E{>bL0?3mAA*&l_u z3Ew*Y(hFBEUO9mO^yyRNm3-k#pF{5T@6^=P)`z?U_{&TPH8qEsBB7?{sAS7sP*am> zuzDHhDS*r*2Q@WKN36U_?KD}v+9u0vP*dBSW`)}3TBbTc!BG{|sh~wQTD(S!wOy-x z3Fw>Mq_*{_E@^GDHd>qY*LqdkYQ3&)ZBs?d)=+a;i56-OTXKe)!}ZqW;d<-M;d&eQ z;f5o2<>3aMXt04HTdtirk`y#}0TV#f96hSPjcGe^w8?sPw8_SE6sib$DQb>F7xq^- zJ1U(VZMK^oZL{9hdAI9otT%PaI#E-Xw*Js=kR&0f_>%XO~hI!jYgQ`cJWH4NOk){GZe8}&6d!uqs9S+86eHT6fVoAnvp zy&iTE`dJSIdDr?jCfKN{$BXuQj=~sjmSWMeJJFyv z)$fe=J0tVXz`U(yv*{+IfnUPsn z=2)p|axFJW%T4NKQ?prOlll-+zJxn8*H}Z%$PL3TG>clzM`VD_QdKjITQv-i=A$yW zX5GBmZ{Dn%Hw)Tksi;}5p}E<5+uYo&CcRg#nPzFG#a%*+G}3Zd=HDXKw75!Iq>>h? zq{VyFqTaML8-rTh^R~3u*jwN%f-YJQo7P(oi=3^p_EzYE72JGUkC^4PHt7n?3)D?( zlX=C~CUvt_LvPiPTVV@UQ$ub`tDsFpZ#!%rq3y5{r|qyc*#<-8m2LHQ^ET!6scC~3 z58Z2P5M*s~+HDOjx};HUHH!Id>QOf0(ziy zCSwE6DB?+Hq@qld4YWy&O*hrph?|5%(_ypDbdwB7&Mn%nlc7d6XG;>vq@TP%6Jxnj*=qW3YBhkG6g;Jy+Q{W}bFDe0bn{^w zK(lweSyX7QS6j{X)<$!Suxo~E3Hoe?XJNmZ5!A6jjxF7ceprDnwb&=!+~#ezS^rwR z8!dIlw-($rT-nm7A-0$|O}D_c^JXo6X`9!u=_K7IjM{JoYqnXKnr?#=Qh~wS20OL_ zi%QdNP?HrvPvQ0dn+M4Hog?uiYc~-*7JvhH;=12qxLR28+%z z4Z?v86@vxQz1|dP0CScf@7xKWOj}M+ByE( zEP(^lZt&O~XvQ2#CPc8j)F!h`2J20$V7@Yw!Ro~d%xj^*I@M$giA>W`UD0IIGj3r6 z4(>NJEw9_wl;(Kbn$%0gBfK|~2Ab92fJTCZgVb$XtBeH)I)Ql|O}4cn4CPZ;I_4y;@a9|$vCivk=u|BqJX1CYC@Y%YtqIeL`!n(2#z$V z;YeYTuSU`}8O?w=@bD&Mb{fu^ros_#i-W_O0&wJQS=^6va#G=lDo@w6z^w)_!ja9% zHEoL7(=}~JZQenqJ?a%%BE9u=jYYF40=d}&!Y!`_OI8tVIkcXxfh~KHbqhr{d8KPC zh)tIzp@eemy0phH>2$5>4+ok%(rE<+>9pqhG$JP5CheU;MBqgVF4Acaz;HzSN1Lz* z>tC(K?gy|(|fuWc&h=d^f_kVKtVrUe}}d3K#{FH!Wg9F!;vJjwONl14mMSvSXRATRzqS04GwgJ zhso&%?`T5Jbf!iM%p}7J^kegx1nG?1O4v8BbK2HOBc>Kk8SSQoB8@eJ>B{Y`#4lc&%pFX|vl(bE7MwSuuFJIpgZqk%MI2cy77jFO99d6sAcu@2<4e>)ssvg4P+ z@nt(c9*(>0_~mfiZO13V@fABh8IFI?j(;Z{_t^2NaNKLhr^9id9iIuuSMB(faQtmM z{#rPG+m2ri$M4wj*TeCDe@r7eGRWGd|H>;!_x8I5UY)V36U= zBtCsXhBK4+Rsb@bnZ!2&@M~g|_%;ACoSDQo0g&O$B)$cJ3}+_s4FF^~Gl@_Ck>SiF zKKVz6Gn4q#9~sU};uHTRJ?~%Q)BYtr>tEuNeq=bantaNS3}+_s2|qHNnZ&32$Z%#7 zpX@K`x&9KL>M!Y;{t}<)Bg2{1ZQm-NJbiO=hi;mm6CSv@kG znZ)Px$Z%$o;h-n}R3kKkFPHvLf4=)#SrdWIHp7k4cg3 z%p^V#UD0FkWj^{uwlkhvA;pmG%p{Tu+0INNjgalkBoYVN&P*a;$aZED0YkPklL#2H zotZ?yknPMQ0)}j7CJ``XJ2Q!ZA={Zr1Ps~EOd?>&c4iU*L$))M2pF=RnMA;l?aU+s zhHPgh5in#sGl_s9+nGrO4B5_1B4EgNW)cBIwlk9m7_yz2G!aliwlkB67_yz2M8uHo z%p@X){AMN*G2}NhiHIS;nMsD22uB}`1Ux*2ggm$%lATdP^0Od`Z%BR?BmstWXF<|i z0!V2VBt6GRqOu?f1|)k5k`#~hV?nxUcR;S7An7?dQXBa87zzqh632%+8r4vtFZFBQ=zueqPIqBFq8O}6;gwlME{J`U?$NcBh4J8RniEF!t5N49ErkAqUMn(%p__aiNZ{x z=8-7OBpNvqg_%SnN1`y3Xyix~W)e|BqA-(a%JS z$-qp?v!)P3a>A0zf+V{}aj z24-#2Eg>10Nz^Bjftf_Ngk)eQ(Jdhvm`QX?NCsvS-4c?4nM8IV8JJ0QOGpN065SG# zftf_akp9agVubWxCJ`f~|1yafA^n$0#0crXOd>`||78*}Li#V0h!N6%nM6l~^j{{? z5h34~NpvsxkvpXrzj}w#@FRDLoD%M9N!x)f&7j^5}A<0F-Rg4vNi@u&>(ALklb;R zlE}o!?jSQ`I45d_AD0DDapo!+ieHwoYWS&HIO&dz@Z&djI!WH+H);|I2r@O=T}WqS zaWsjha$f;t_>EdT}Ps_qd(Q5VYC<)r|E4gse=L_Bvsoi)bQoV(9dJhfB9fKs? zk=!vz@{&jc7bKrq=!fw`JG+0@s%rWOKhs0qpNQ8;aTX+v8L8ibB>P3`w;*ZiMC!L7 z$*Uk?R*+=dn>1!5$l@K5Fbn54q-3Op3zFD_v~WREoQ||`L6ZKF7A{EY3zEGBN$N+k zw;-u!NcI*a%~u;V79@A$-I44qoYU-uWN$&z7?A8ONQ%=p=tnl>HBA#63Js9#E!5O# zk?bu<8m+CDHZdhp2F?{^VBpM!4y_rM`ZOWQ9$jnVy6B6=;zR0H_ zAzzR*10x|{kmOSgl}))6)90oh> z?xuVOlFNm@$Ymh8T#)24kX$ZE^6p437bLj|B$o@4d;*fo1xfaaDY-8h*0RO@@+4gh=foF=DuGpG9uU>X4K!oO2#=c1E%_UbjVuiDYXgkpW1yW)c~I zWNRjo0Z6uH5*dJGYbKEaNVaAY8GvMKCXoS1wq_DFk7R2m(H9`unn}a~$<|CF1CVUZ zB%*?3YbKEaNVaAYF+#F6lgNN=F<^^`ZHob0)Zn%lutof~#egmHVOtE?BAVM`z!n*> zEe326+ifvmiwxKn1Gb3twivKQ25gG~Tf}`^4A>$Aw#9%gTEVs$u*F$oTMXEuO>Aq9 z-QuLWEk0~9g4z}zkQ@+5Z_6uh^-~&_Ubu$X)&#pnProhZAUR;TPR!Y&|J)XHkQ^|a zQzVPzfI$+EkQ^{biffS^Fi2t*k^=@wQ!$bQ21y*-;_SMu31W+U-xlMx$kc5yZrkt^ zc#1663ZF6)_IU<-+~MI3$+~k{E~NazPT~woSWYz&7V2B$J~pA-PI9@Nc@VzuSoog!mmjDio&l*{EEV_Nc@VzuSoog!mmjDio&l*{EEV_ zNc@VzuSoog!mmjDio&l*{EEV_Nc@VzuSoog!mmjDio&l*{EEV_Nc@VzuSoog!mmjD zio&l*{E$qJR#zl`NG4|z@k25>lZYRZ$(cm_kW7velFNZ(NG4|zJ>QPJHa$EE=a-;$>oA1{E%EO zNWu@v<$@&qkX$ZE!Vk&if+YNqTrNn$56R_%B>a$EE=a-;$>oA1{E%EONWu@v<$@&q zkX$ZE!Vk&iAR(EYX^^o$lF6Aw{E$q}q-oY1lSDL;OwP`6?*_@_Od_^OCT9}k5G0c` ziAW=voJovkkW9`b;*Ml;CUG5$WO63a3Xn|BB(4gOOwJ_Q1d_>_#Fz-loBi zNC(N~f+Q63OIDVkC!TawgF} zkxb4cMsi3dXA-Ry$>dC8B!^^jCee07t{I9EeoKryhFmj}d6$rDMl$aca?MEQokFe| z$-Gy{H6xjK3%O<_>wcn6WM8xkxn^{p>txn?AjPa)TgWX6yo*NkK`EaaMz z%s4XSnvqP-g&YWGQCB}H6xk+BIKHp zOpg(A%}A!t2)Sk?(`$rWGm_~yLarIf^bR4{jAZ(UkZVRVJw(XWWHPch1^Y&>CdoEF zUZYLaZ@L#`&tHa`DE!Isg(zfZ7bZ19g0Y?<--mkDgG68UEdY_Ssg zHwj!6QEh1v`PT?6PLBLj1mTl;VO;oN75f!FVMST}4BzeyGCn~+WaXi(sWw7Z9?I@#kd=qB z`xRv6q3nJHS$QbC-#}I#%I+tSm4~wX1!U!+?0x`Qc_=&Yk(GzC^Bh@uC_Ar_m4~wP z7+HBJJ8zMdhqCh&S$QZsFK3OX$iXB18ZVK9N3!t{Id~+ST_OjMWV1u$;E`;0ha5bT zjYr7ABiVR^96XYZC&a&P#Uukd}wzar}^$hqB{`v^ zX?Z9+en`th+3`bK9?Fg%((+Jt{E(K1vg3!eJd_g%R|}mLs}lnjvvzUP5mI)%@i9Wm9+%G>Uj7ZlXx`#t{{~_-Z}|B)5TkjEi~Spj5z_LoJ+}{hjF7U& z#rPN?Wyc#I1ElP6G1Br-cKnf+hqA}TNXtXn?Ez_dD0^Itv^{UfQ1okyA%o_BnZ=7qB3b5Htne30ga=N%uUZK3S=AZ-g}UsoW_3T5Xr(yUPS zbp_J4PE6uml-NhOGbd@7uG)2x*2?@_jFH8<_uNFL5iF{}V59 zJDC50m$)U&|EZVkaotPy*zP3>-~ZN2+=Ax+&Px)`|Gk&ERn7l{mn6LZM=x_*@&Zxz z4hXG~nuiUBWId=5QuCOMWIdEMf{?6-vKSST^-xxWAz2S)F)Bu~9?D`=NY+DHj0(wm zD2q`cSr26~DkSTnEJlT7J(R_$kgSKY7!{KBP!^*?vL4D}R7loCSqcxydMIl~4as_f zjMO|fekAJ&@~{91$$BUYfRL<*vaCHM>!B=L56OBc%hF?fnUb>XJS6L(EGrMmdML}r zL$V&qf2sc9igx zAz2S)MQkBiPmm|vUMFn)6K=0a*2D8|uM;+Yq~_$S<6k*tU3-Cieb z{1a}kNY=yiZm&qzL)q;W$$BWey&_o;Ww+M}8~=pcE0Xo_yxZ%9jeo-Jb;8Dv)I93H zjek-zL_EO=Jf!B)dG6eX)I5?Ik%!bglDTsmQu9b=gdS4!NaoIMNX;Xe5qmtTIUywL z3H_baL$i>qhq6`_Az2S)Jw^-3dMIm!5t8*#)`PW>tcS8z93fc`W%o}LjQB%p9`%P2 zNIdEMoG^bi>HM59e}&XMs&D=Zsd*%uzd~vr$>y&nou3otuaKHY=gnVDIzK1OUm-P* z&YQnNY97hvuaKHYviU2d=8*g&cojsH4t@e>)BJZBNQtZ^rnJCuR3;_+}?%#|z)*r0m{nitEjI%DvT;&0bUPou+KI znsRS6W#%*G-e<~Yqbc_`Q)W;2+^*?++VG!t{HG27X~%!s@Sk@4rw#vU$A8-JpLYDG z4gYD!f74^4?Lu+24%ti2BVR%*cC3{br9d!YArC|1cx( z9rc@i&Iqrl-^Mp1?;Z7amsNd{)M)*ekd@d8u z$a_cqX5TZyJL>0inRrItJL)%kpAr61zxk^fdGDy-?0-h~5cOO1HY4vH^&1~%WFJw# zMQ=0m-ci5tV@CE8^;`5dBkvvc8((H*KT*F$Z!_}VQNQtLM)nl-Tl6;L;roE`X-4)H z4OsLt<7<}zaB$<2;37aI7&mm!xWb!#AY?4eqhlEX%$>)%;Niz8t5;jRD-$KGB$>di^ z*d&>J3JIGelRqJ0lVtKGBy5sQew2`~$z-H(3i?LECdsC6By5sw`bNSg$);~4Y?5sH zM#3h^rf(!{l5F}$!Y0Y4ZzODzZ2CsRCdsC6By5sw`bNSg$);~4Y?5sHM#3h^rte#> zKcsL9vKsVgoAjP?ylZ$ilZkAZ@Y~uBB)J$}hMX$=;P;a5Iv< zE5G1oBzsqW!OckauK35zNcxVuk_Zp3I4!GkKYFP6`_S-n^ib@jrym-99z9fg{?PDs^ib@jrym-<9z9h0 z{?PDu^ib@jrytsE|LCF8`-g_lqlaQIJw0@L@!`J}d>$HoA3YR%>FJ@{iw{*E9vc3S z9xDD0-ClgC<9%rKfAmoCedzY$LmmG^CbbIlk(!-(2v!jQ~kB4qAK2-WR zH2HS)Q2F!F?Zt;mFNY@Yjvk7=^z_i}#fM5ihbI4y9*Vv6^w90a1LfyKF`{+RB$D!Mc2P)qWjo*(B)E+x@d+|W!{h{&y(Sdk-o*ufrc%bs< z(B#3!O?-rt3#6?M+f5V zd3tF6grftMUxy}7jt<1z^YqaC3r7bk&kjw#A03Fd=jox%kB$yhz8#vpKROU^&(lMj zFC87IygM}ce{>+;o~MV-{|CzdhtB^8%KwMX{|CzdhtB^8%KwMX{|CzdhtB^8%KwMX z{|CzdhtB^8%KwMX{|CzdhtB^8%KwMX{|CzdhtB^8%KwMX{|CzdhtB^8%KwMX{|Czd zhtB^8!vDPbP2?djgM&Q%+}Hnj8JxTuzwjo*10oV**q^D;PjH-6`3aPn^a&dcEB-T0lC z!O6SvJ1>KicjNcZb^RB&Xc>dxmq;i)jYaTFWE7spB={v#3QuDb{1Q2Zr!fkCiKN2Q zSOvdCR^e&Pf?p!7@HBS8FOgSx8pGh1NGv>!W$;U67M{j5_$5*cPh%VW61jz^F%Eu- zJTYnk02%RyRN?>CGfkh zz#%2@yRN|@CGfkh!XYK_yRO3_CGfkh#33c{yRO9{CGfkh#vvu}yROF}CGfkh$RQ>0 zyROM0CGfkh${{82yROS2CGfkh%poQ4yROY4CGfkh&LJi6I~GzQF_9AZ{RhVHKM4H( z1LOA}1b+X4@jLv@q8M-sm&sLkMI*)JDtyqM$K&w~DtzCb$KW@uPBE|6Ru5zRpo_}o05-Emfcb_B0@oWkcDJEClrH&MntMH{eJSJD&&5k@K zSK(jxJSJD&^^QCySK)K_JSJD&9gjRFSK){EJSJD&MUOltSK*uYJSJD&ZI3)ASK+Vs zJSJD&m5)3oSAQJjhOXw|&a@ymeq?g>$3brB3J>xGx$z^DtGM~i+cLTO;~+PFWODV# zL2l?u5b6nX<40m!AtlHST^&M7kQ+Y|`wA&RZs>{;Qi9z0k=R&B335YMk&qJP#*f6# zLQ0Suy0V0nAUA$wavp0I-Y=E&y!lO2cpDtKn>W9Ciei;Fzj=ykE8hI(DT-Cz{N^dD zt$6dBrzlo=^P8tAR(}sSzj=ycl{de6irA}w$F(PKgHs5dD|s87rnvUxZE%|6T*=$u zG{vOSi&2OHf+LJfG zd5UUJ-u&h%sy%u0o2RJuIot&2OHfQk^%yd5TK)f9e|n z&_k8#y!p-Zs8r|8Z=Rx3oj1REib{3f{N^bt)p_%qr>Iot&2OHfQk^%yd5TJP-u&h% zD%E-Oo2RH$=gn`PqEekVzj=yEb>95uDJs=@^P8urROiiao}yBnH@|s`N_F1+<|!)G zdGnj6s8r|8Z=Rx3oj1Q}3U7lW{qW{DPf_~e&2OHf^uwFqJVoh;H@|s`(hqNb^Ax2Y z-u&h%Nhc~}@iqa2ne)ANiAKv`t zDM~-Q`OQ<5et7enrzrjK<~L7K`r*xQo}%=_o8LS|>4!JJd5Y2xZ+`O>r61n><|#@) zy!p*jlzw>go2MxK@a8v9QTpM{Z=Ry`!<*kcMd^n(zj=z%4{v_+6r~^D{N^c2KfL+P zQ;dFa^P8ur{^HGVo+A3|XC|{&S4m%=e_)l)&+DtzIKQB;R^9w{eYLvg{j+JgdH-%Y zZgowwn}XBV|6!^NCRV(N9d_yzB3#Zf5>mw8YUPhvA2x2=N^~GW`e;e(;HK z`Ozcmxg-gkM~@5)CjDpO^P`W9Xg~cuOL%Mu{`B`f!K-F}wd%))<%oi#$6oaxcroiD z^LUa8BEgf@WRggd6v)RWiaz~g>)T_KJD>j0>oKvzLZ0N^_}7;3kr_EhF(%xG@#v=^ zCftl1?ECOQV>5D&VobOhIoSK*dCbT;iZS74~6JN57w94I}f&+J3H$)Zg+c~X6sH??`C_ikBl_8vhnrh zYs${-sjI`-}P%YJB{DoZ+044t#)-`rB*vTcJ6k&-9uIN zz1Pm4#g&{mxBL5A+o`Sn)<&<{Zq*v^H@m&=_}K34+D5x|uhHq%8m*1?CYm2R!^%Bp zR*_?TQ~{mHMtkj04sTnX_HKC3-pE?}J3FW>v-86DLKml}pSjvIuV>#!e~6sQ?rb*D zjYe&^x!c%o)HfTQa(_x$yhHtA?O$XFID*x|;FPjBIKb$}cD>VW^bD6oc&Fa#ZZ$eZ zG~-jNaet@TY9R0F_0D?hG?JRF%|?r*Nicne;TX+VwHq4@?HqGxTKl_=PICi*HG2>G zj!rIDf|1?&9vXCF9ZF<2aL21{SO*MMxys5NsLD001L)Fr<9+mItG?513>~Z-1byq) zN{4mI`G2F{ZInBceoY$!kDX)~j#tevP@An@qtmMI1mZ8lTgozid|DY$b{J$k_12yJ z`ke{{`j_!h|233mJ!32~w0TJLfRt_-D?7RGW~0~Gh$B`8w2&d; zJV#D9f=z9_K`B2(cpRfr^g(MoW)Iq(J{nf~Ctu@;4<&p9uuyCmD0@_qHGo}4WB3#i z_~K}%(cRx6x^BHk8m!1;S znCxHrSYYk%?ezsqzCANo{Yno7YabJbW^cdOsL@=kZ$L>_P+vtZfLf6{e5@-9RabQ^ z(E9<~NiYd2?esuFV5~d6Z9sTo>e8#1Uc30prB@TWIv(Wx>rJW}3OQtMKi1-hFPOK6 zRe3_l!9*1lf-d1hHRQJ&TkTGxrcwfU7FCn9Ivn-Ku05&s7^BeH*sksiKYV$8IcDuA z>`Sw6XZYny?9DN&KWTURaft9vb$6aw{S2-1guwTO{fp;rD(OMkI2q*qnEOlR?c-H` zf{xs2^lHu4R=X^x{LA=g@4+6e_p$oU&RGBHL_Ys8k+R+E?bX`*y}kWjx#{HN3C!Bc zQp4Z?Lhm;>d)s9o{7a%9eNu27DJ->ClpP8XwSEWg!u?hSX2g)Nuhpb{d>E6423Iu< zWF5xZcD)7Dwn9tfzb80>xzXG2_9v-f1&7QKgdm!&{v;;f0(}p5qsGd#fFY&7htz#B z_v)Qy{q|1Pti6;4RrmMwPGm2hJ$n|D>COO@owUkOqvEoEcQ9Kl^9T}?;XF3!RTmpZ zW|c}?^fg`4du{lY62Ui=NBfo>21j?Jvwypc3rQY~jp9@^d*h8a5-01MTm>k5$IfKa zF;kc;5BBW)P$UQ$+AT<(?%qzbO6vHhqN$u@FPn`mIOmb=#+BOa%<5e2=JN8~ijJ0kD}I`Q*Pi8NsiRc< z`qDf7itDF|Y-&L9wS~3obJeZur-|%>6#v?rSVGcOtCKBVRj$ss6mT*qQ)@BDc)io9 zKlq-a_InhC>Y{4hnaJMM)WR}UMS;qNsp%}2Q)V=MS4m1>*&0~(=9}5r*hDt2puk5o zKu`{&^wKI*89k*e;{gc9^oht|9_&bqvv8GI}Rn)GEN4j9zh(E9C6I*cGyr z7rowupvtX$4Mj+)JL5%!Kn56)_*H@`9eslbNdN=Xpeu049QfR_PT#T5nDhep4>)q4FlWBm}-ID{$fCi3d1^pn~3we6^Ke9t`VN$wnv-ZYfI~*?xWa zo{V8XaaOMI*x>p?TNz6K5`puSA_oly&P#oHOL?Zn`YNt3e?_lEgJ*`pt_tNRTcLaz>2WN8Wf` zBQ!C{GRaDzOTzCBwtb2q#L;pXLU+4S3Tj)!#xY&;>)Ux<5FF6aI9Qr#;E<(FMla4V zK*KU&8OrdfJUIE)#_7xeizO;>sq2$~=Sx_83}o&j7ZRLiA}Xn7`UzbW$2_Y-Zv;vh zhELSc&%;V@Xn-p&QHCU6s#HaoI*db>%H9kibA>4BQ*1hplDBR8Q5!!2zoU`kENzC4 zAU~#*iLqSnnPwR@RKDaHyW!QIWVm|m;cK5?G~Bu-`aEz~tW}mdxM~^H8vP#Fz^9!R zbwzejluGu2;-|8$%7xgWEF_N7KE3Hg7V^PXezB!geF@GIjerTmcXBEdSQ6&(MvYPO z3%Dm^n86FJ0p`fAA<4P*iIxV``%h+~I^TwZ}=lx_Q(xWbnZI}BkYI`&%ouJ+=(j{bn zc2P+{Vvi#vF)d($pul^WgXIL0(wDr;y2HOjjN}&43qEn$K7;3mp}yD&RyfRbNtVRR zFeV=(n0?Vc(AY|=I*F}2Z0S8v1IBcieLiF!rR(t#eO}}7!4=c%SPSz3>_~he$!RYn zlrcWACkYhCr1E3;Fu&YhCYb#9NHdN~m1wr8?@o`t6Q)9K<&lXdErSGxtd+#&`7+$` zTZGxzQP%tm+&GvMlgcD8#sKTTaPA)96U6}p>c}l~Rk&tyOKua{Zu9-dX7(b31j0*L z;`bpLB5O(jCv=trr?3&tmguzY(C9PA6$BIn^3osC=@%!3!v!cq4$35UY}V)-d!RI* z1Rw;k%Y3cy55qnJ5RLMaT8|Crz~F=c+c8jT$o_7E?l<3jqfdlFaH3U3B@96O33M&s z86KWc?jU7p3};5HLda4cA7QV)@+tsOK}R-VI?XS4N`%9IE0GK%v+cbHo#vhGUN*jQ zCcAKc>a|Jy^BdWG{dTj_%9h)R=-6mBIwK>?jm~bf%jk}*+0C{aoyP44*&S@X>@_wg zvaL>|k+runE(zbkmWf_FtG6Cx*cZ@6f%ffQz1f0Mkkzvdv^avCy=_#}ZEyAN*RfL< z;b_?7+ih<&>!>f=Y;RykWD6l@Y!6$38{KTYx82B2uUd)IXQYwMMtx_b*+OmDJ?xd; zZ}zsKvEVEwW618_iLBY$*xBc1-poJmGYl!@Zj9V~ z_PvJmMMt^S?g3Omw+w&)p`&V_y4wgH&2BdgVHgac7fGQz=pF4E41BY`lkK%T(q6Hf zXVLz(xomZ5e(jx^mAPzTHCtX;`o_Z5xvSafnN_@FGwwSJYuA=;u4TxvGPAh$ZniX^ z%`Co~y}ht_bt0Sl=JLwi>T0&MGO}=E`TD{f(iRqHuiw17u=rMX1?3i(*0SphHx|}V z>Dp4p2Cb@vIh32vZp^LBUPH|@R~D`>ti3xiGQY64$U5hjRKvNCifR`Z7Ux&c%G`~)#kI3&6=~VrH}I0JUYogoolT9*+ywM1gfE+2T7GwB z;jL?H*|nwXSFtxeyD|sJX0BYH)27g=+3Pb4Hzu;HGdE`5B6KU+5^7l)VK#*>d*|95 zli1!2{y)2hE$-~b?9$@e3SKAB%ayfI^qqy(xruCMWnq;FnO|ADF)>1Pq6BJ3B`CKz zr?n8(f}k)W$U=nOM5i5=?CRXib<~C7Sg9_UFTHZ%mGhx|K5N*6zYVh6 zZH$lByNmm~J|#Vasz+N~;@fR*bU^CJAr>OSwnmvOl#5LREiB4SO`XXm$*Eh@(+&Z$ zN%5(<-^hMF8{a}48zWX)T|0X~n?n$+H8&YR~>xtwd~dN7xml&#qMuH*3P}Z(byBI zDLQPkn}rl0r>g48gBN6=hMc+(S}(@+`5=WO6`Eb0iZQgdVDhJ*Y}05GV~nq&=);%q zeJ|7XWJo2-pp6E^>n!81S$9_Xd8N^9?{_vDSN0k6T%BjNxx2U1_~!1;+)jgvXV45r zNl*J>Cr#AafFwC?LeOUiP3*19TO=~jp$>N>(q3mD{(*SHM5OK-0)uWhI)TDdlgH{U zWga;H5`5O~HXhWrnw@SjfVA*cg9NfsN#?k4$5VY{I|Jh}29Xppin@5@k&a6;c>Dl7 z4mg`4wg&0Y9~6EpL1Ns4HuO`iOC@Y@O=OcWAMt-dtWW!j#?FQFU)ecd**R($er4x; zW#_ESo!HKK?R>CvMhb?`Yv)Ubjw{A&YqNPzt&40FKbxD47AH|OH#DK!?jU4L5>SiD zy04Fi%-Ok^PmGB^W)gkTn~mH1cWQK^xf*rn5~}WEHbi+Yf)aKOqc7#`2i@-=5nrGNlx>@S}Ny4Vwy*gSI#BL zX}U*||+!YY4Y6df*EXP|XzwT^A&2N>Q z_Ew<8CI4xuZB%W@H?nm?A}@{;Gk(?AN}w@tT)xsG6WQ3;-5Ba&vWmEHVniynCdXMN z0=!^YdCijNO!nqn$7)w%gwCYL5mGy?3(K z#I7g2fSW)cAb8n2LfZ8l`Z;^?#Ypy5gTXpD6us?E`+kO)_H2C(EH&5Zv^(S7Jy3XW zYkX{`b4MH(*%S`Z=mPbeqvwVe@SMqZ_q#pLvCTIiqvh~SWG{5HJI#AIFJnTAru-{V z$R-r037a|K!yq}Z*J<3T(T=J$2ykt;duJRdQ4UPRKq23_bXnOQlkvA|nAps%EY4i7 z&8@5~txP)*V+(c+Q6|-6bdoYxX0Fz5uFbzzEOVp219Ng0IKtP-*Ti=uCpBO`1oG-O zZ|^*y7oy$ifI;zFynsT@Rkbh8&#%s{6&s-w#KPe=o0}P&9I$v$VRsL%5_h27Zro|M z#6N`rsb>&+$Z9|#rX0|uvPBSaWoGtm&dJ}di36h8>=m3Kf=v+{cQf%aWsUc@>lpJQ z@GEn(H}xR9%34+$8~Yt`xecu4Hy1G5TmvkXmEbEU+QUFuTq^cqu^mP;$SxN|CU!yw zPAm(v`k?GUWIR!iF2Jt&m$CaG9J8V{=%=lKD5*Z8(i_8hs@!>}YjK>tsT?|$$e~!7 zWm696BOVBkcpSPlx&luQ(s_Xh)wDKt_bRvJuHz$vK^>f-@Ie2c7#d2lGIktMf;2}= zqC=?Yqxvx9R^$^bt7cHtU-xrHik*wT4{O_Uehs?B@emt;oHhLU>gX;tLnRs~a}^2_ z%dU~Zj;Ls$i58&;YOQ@2uI;F7vh`IlQ0PGb-Qmv&XSBJg)}6oi;8V$`@N~g^3M3a2 ztVG~}8aV*S*oUP7S%OVau=nszr|l@KrGuKQA9`9LXRq>(+QgrW`TyjUxVPxGoxBYB z1fC##qnf}vn4}?ztaPm=4*g}k{&#{|}Z!a#rv*?_O zOsKI(wAMHpuqzBmQ6HmBLxw;M5#lr1WoSz9^tx;_PCtAtyLbVPGclB~r#5~PfK3ib z)shfLEp(y@GvY2bn?;clycg;+fWwX7#fc$?F4;spZOvBB?=+F!3SGjAQH13^_b{NK zf#m!Z9ek0Kid50;F5GFgJ0v_}IWPFuBM{mkN#@r2TJ4={aComS&&Dz!l_gn{(}^hx@J{@C$f}B&uY{Mp3IU6H>K2I-NCe5+yR<681H|73kkfvpLwv zMiBUo_M)O`yi^tx<-KO3{yT$vIkF7cTjZaUnRS#SQ5K26c59}G9&&kVJp7uTUYl8Y z3lJ*Aa)S(jHVAX2w&MtQCvsg}FchN6M1Xr1ue53ytDXLG*fFOoAc?|udm(2qo&`u3 zG@j(gfiBrCuZ9g91(njBpkw09&#gRIN;dbV$WbHTe$cH=ELK-E8R@CYv|v zaA3$ZOfkYG56*F(tsh$XH+Tr<@$2ljg!0d(T01*{kI zW#Q!lB)z^RJEuTwubrQsmU5$7f)AXpFkrc$FgfKUwg5*(j;PZLODAl*QAc_8&0=)T;?oD&AOU1}n7Z^m3Ea8qLxVkC;NWO}vOB{?KK29&n z3|XizDWOo50){S3eYJ-6)f(DYYiM7^3VC4B$=A>@snEaT3ffehjp*bl&M`G~0B(F9 z=8z8#2oq_VFSjuJqWe(tOYDdKVxra|Gk>@WcP7Squtp|#fVEG2C_Qt!bf9v`JrepI60=!mR zy*~2|9L`0<_f)?;n7UnGn4M82=!S2h9?vs@x!oWmS82oOtDshM->PV@s92|_r}Jfu z*i5HZo7oN6!xlkRXg~Q9Tr5nR(6baq>-*f@UZ+EYgjKRMV+LSTCOjUgh0yi=T|u%E zsTku$k}Nx1XR#LAZeihWeYw-#Xmq>lA?VCm8|H@155uR0kmNJd^))W8nIE=HY|qrN zPUsd|vZ&+Ba{-1hWnAx@BXJamVgYnvj4uR13g`9qo#sYpCPG(8|MFo<8M{2ZHq1V_ z3cDrF*AcG0S?=L%6Y<}(@MKP7$#?vP?inV&)9%12eFqWd zT=i^s9`NJo3HSvSN0XOfqhmx^>2<6YjGrldW38;T?}s(8Tj`@Ud(~SVKQn?}sWT!r z-Rv&OF~C=wU2-XwvZ>ds<7Z>frF)undc6f*oBLaDz0j5Z(@m2N%vS8UW-dW5t{VSF zz_}VJ@dne=sUlNI*)j8G8&WZ7-bpPhA^p+X0LqQ{fR~`i^L4P`^UJIg@m!?C{&e!AVjqFmRYmpvNxCY*B?u@F8&!U1d8J)wOC4cdSY z7_{lk#&6K*m4pw5-P`c+5wqc}+bLa?!1`+-h@2o^gS6cQQv`_{)Jc^nR^*w}|J~)e z+FNsrb1O4+lb4+S{Jd~gJmm1NSBUW-*eUVb`#oBlClv0sUX)ajc+Z`1Qns}rNeYk} zlUD*zArqV;N5&|wy=D>D4FuCSaFDI20IP{HI|$I};!ZuR*@G?zOJ-d(1D$XbSl60j zgz|Mb*`A16o87k>twyK56PpO4%2pzB3W6e^2LZ5N`tqe%lt7vODL8ZQBc4e%YRq$Clq)nr zP;~dVwy+fR8&VVgIDO)36v!;p|UqaeVow5Fc70I)Wo2NaB3~AwN4#& znV{x9HZDE^?5C`OhsMX+dkDL@4aR`Qs1wD}ZljJPcb4mNEs)MUWdq}QTMmkf)Tx1=J zF{S}uzOK%Wu_wff6@d2!v0n@z!CaMffi#SWk}6#*TYX}Qg<2iv6cHnRF#()5TKC4s zh#~kJ5Pup{04xv;fgdnpre+`|pW!u`49qx_d#fRAUZdVE%f@vOBjPKLoKqPMO%;%o%=9vb%{XNp={(VaGGtfcAB zFg=He8El9Lo2n#9gUqva>IL3uvD!mW`ED-eYytj|I_7sXckUoI7qeh6b`*!$$hW)K zqsNi508t7)QDgY1Z>N&jMr-FBCXZH77DKSw%Ao^RAztHf+0P4bF1(k`-sss zianK-_r`wh*7{0?TlT$@`hc8p!l{782;lxUS<&$0HFEf@?JEEFt-#^#vhP+$MPb(j?*ppp|-G zEp>ji)cMs?=T}ReCtB((dC!A|VBVVTy+ISBXz%Kz38jmwDfMtBn!H#NLXlyp#m2_f z4I$H&V$CvJVOTP?BhOE1UyRxu2v+}OaMnumP4fpLm zoeH>j95>btvX)`%j@{>(Gh;YKVay9n-h-YJrK1oa;0Y0snB+7z7$Gb!^0Q-@MmD+| z^}PlTQGxZ-!A3-6haI2EQ4MoT*9DY8V4CI*sy?Wz(ud-l$NE{!=e7VL5gPytf`V7m zTEx4rRdqQ);d?p^RD@Cv*g-Ejh3DiBzhTYr1I>Txa)nB|t0P0D8RN_4!|KfP0^-ZD z*{;c{HXf7RM&}-4N%00SH*en=^Dy$n{!S`AD{V@5l0iwyLg!R0E!Zv^_Z${C`Z0^J zaSHaMZv2t@4W9vh{o0$GS&{9U=yfE<%4UI(Q~XfXt~UeQfDKiY2l+c9FxNXfWL|^e zT3<(J#m&JXI)@j+cN`$%6g+A1*fUOaPp95vv(xME*LU~!2nbj&hgLO|it=OfvWNo` z1872+0d&S1he(iwk|8okC9+3S9U3-QMx~@M3DyYoC{|m@F4p|myrO@veBntRw!SfDYfo}B*p={mmG<&;EHpx@!`f1vCe`n>EqN6-(+x#G{S13W0uQ0O{ADs3IB=v za8#!mWeG`9*l9L-)#x22guOtiGvpTYLM-*EGNC-7QL?WKvkFo(7e=qKy9bxkc=th< zF18xqMKC~TjFC!F7qiwd#gu4Z-LlLiK%)3Z7EJ3Ao76xM?)H9f6Wg|H9s@rKwNKH7`QvZNna$U=s(Z%Q=IE_Ee7-b@iV7!_8N|J+sroV zE$-gMu4#HPuqXqApoO#ANc8j!&>xV_=he@jcm@(2_(0Hs(CH;^5mtShdu1y*=2mdO zMov&!2{JMC>6$#5BX+XL{NrOcTjGYn=5WeXSzp4j0$_Y+3=b;sL03RW9X=gx8QN!( zcnc(!2Ps#i3o%Y6EkcIofLPlQoIG*SYwUX{-7Iulu%cvC`;^MyfFY2_i8u`BlId0WtfRpcI>SkbGi z%_{oEdyj!2JPxS`ki#6~7k=8(dNe_`uECX#qJe;O*fhE(FddfrS06w!?#_bSu3+6? z=%KT}hZvk>ALM8lIE<;)ACe#;74VQ^EXzSQ^H7*n+(I!EOf1zawtrkMt%xl_z(XM- zkVk;YpaB4;2pkLYLG4&wEcR%>CDbP_IpWP7Rz{P=nZhK3d^qkw9q<>|u%=a$Dj?$& z{pkg$dGbuCN5-hKiX@ZQcT~8{$wbld$Jf2qrI^2a+))7^6y@ zNfE=D%pEE9ZV{CwVxkYz09g&R^}~Rw10^+1R8OrOgvJwfKN4l;y7mz38Ga zuoV)?=pw-t*;-x$Gt1lLWyV{Jy(sU2vBR`GG(!$2K|$1v@{GJuu0TVNNY_^z@1DoT4q_0jFqvRc| zFao?S^F()9p7xq121k-oxCl=C!auiadHTTZ|l zn>JC2KB)|(Fu3#V`xZ`@bOiVSr&S)y1c>Au={FfUU@%g#U|mMe5tihP0!ADKIliof z1XHFI+8{6Ca!AvK$kT)XlIwW|LUcO^53^nzc3hV9sn|U=dOzWvN&@o%@a|LF6pb_8 z<15yio}0linm8N54$#Em8MQnl0Y0f@c!uTQU>%DBgvdUlJE6i7on~P)*6i&Tz z@io~#UhWkH>{a+AIZtnQFvqc@5Y#@c%s!7vVL4+3!pMv>t<862VOBl2ZbA6=05RUk zxOJRnkZ-$)eyD~etS!4yrT`W*ZP)KLR?zIK>X5;i%>w1nJkP)kcGsBS#PR7KmYc2S z`!ayR!IGP%z>EoVhF=Bf3n_(uqqQPtQumDAC}kD0FWT|ZDe*JD^9}S(T1W+PB&aY-Ws_zM&Zj39XR3B z@`V?eIKZIjZ57%^B&jS$ZS*m*Hfa-CLe15m?z7PWpGvJdDPp!|yf{7G>@N2nn2hk9 z1FnMEK|mp`6n|*tY0eZC5iS{UV<_vU{2GgxoER@#AYWuv0lSB(8XC(2yc=2NuO~W zkSv0e3B~+nxTh?v;X(!sty!mEH&d87D=lFGRNHzl!*&_7M86MLCKxhI9^8WE=-aM5kD%@@N zTq;fmwNx-^XuB}lpwmId(s8Y!Lamgig(PE$YFbhW02x5K7Ifu$V*LwU#(QN~Lk4tx zVg$V&?d|SeZBlNRmyqx^ou^-B9iW7xa5 z-rcJ0VZT}Jh4UA_dG>`a%m?c-4O#prg{naQ}0htu{t59CH6gtF};*3s6KXoGR14{qV%)Jaxk*hTCm z&9H$9J{hdjpN;4hNhhKfOI#awaeO7>Nv<#9JlMH!W;oAKelA|A0G@?%UZRBeu$&1> zRG+EUt75C1$D6y!vzlB!_scBM8V{7KBB^ZqXrU+h;qqaE20G>KAiSTi6uo)#Q6O`NI69ui%;LYfwPPeKlSBYn?7F-n>o;@_Z8| zXjixSlbM6evEp>cS}II}($v25g#nX{lmz?PG*rFM;>DK)S(CEkL2A z9=*XH^Pmd*%nT@q!Xiq70<%5X)V_KZj#Cp@H5&FRYZ8_hLtpKBoBxGy0O-ig3F4GMF)sEv;oZWtqqTv33%bw7 zp*xQXTqY+SL}Fk0ON3yetO{zF@{r7EBPV}jLy(b|k-(n{S4>qo!SBe0eey7Y7cHthsoJpC&nI$JKUpjT+#5Hhpb#Al% z@oOlWy2DB?bF!mL9APEncx8eE{dn2aDJ!TU{8_xCS=Y(V;}AxZZi=&cqOP#W6ryGS~bZt`q}e3`OVMZIU`42BdJ zI3IkahFdIaS2zvf<&ZqYAgH15A!d`Crth)&MzASE4nDe(E@Y)AAzS0b0z5K08}Xn;LiL5|;$955O0>?3f0 zWa^>uk1Q4btn?&d372ifwk?1--3!NS#=AC&@j*m*S#Q`7^4k$4|ZRp2U>|D z_-&krh?~${lp|~vI++(z?>smoZ7HsAVqJ04ft!*KisIGAop@>Wy=EH(XE?f~D9@F= zz>=2~@3LIaUehMk!;f0+3}DkOxQTvAUL6LtHL^~<$?K(X2{%K#b|r(2gmnOIXXCt} z6jaZ;L&w+|G_Ba5CC!IpZ$ciqo}|6EhbG41JaqTU=C2DTE-BV$ZI5t<=^<8Lm|Ngb zbgm-BBAPie?tN?SV7U>^D>By<*c~ZvCqBt%MJex5y3--C2N3HBpTgdFsj@BjK?o8r z&W02kKizDd76@Nfj1Mhu-acSQibLdDc^#OWxb_#)o&-^{2=!i7(I+zJ)GXQDHQ#(4lbAuvl>B_RAgBI6rj>kTE^w!(y0b+9Ak&@#c{t$|2363k|~74 zpBXa2F`WiF*zOS%XE9c1$UYQx`9qIz2^^=TV+PC15KTKHU3U(M%XQrwc8Bp8Wqyr5 zTy-c%KX74xft>N=qDbw~PGd)|X>SRINhK3pki)HrIBS6J;oQJKK-6T$Sbd351@6e> z9<6V4sKkr`;Jy`+>jDzurakZZt-eu?HbM4+Um?a zPeX+hcHq9rG_*@wg{K2QbkApKR$`=KSBYmtn}!?}XsMFY9td?P1`{G07J#A8pHZV}YNrj63V+obTl|bV(s8`<~b|-$Y0!$T;MXohPE1~KTX_K6#{Mt z>NpJ!f(08+g}e%1p7K;567{K9AWpdRPO|ODj~@)ca@$gQH&CDv?bH2wQ{t!#tW)e9 zZ=-}0;bib|iUA7a$efq6t_?JHtOyuKBa)(t--6FY$5&;II}6zhC-Wj=i=6=XKhsVw z1H0J;26zSJ(Bo*vTzx=0)OW;}kfGBoTTla46p{`gxt}bqgO#74BE57yyk+!Rbu7wh z#imcIBle^G#f}^Qj8dX%MCN-{khqxHctC2b7}_Eis0w|Ru%c@WJn7jUDAN%&r295E zn_FA8eO~%%-BF1s|H9?c;Te6nRuRfAL@DE&s-Wj2 zqeJ=uEa&C44q}q1x;IGxT60_U6(76xy%?>f2Nn3PRR*-B&4lnC!88Z3>YOby+elgr z?T&Fa$@S|59FcTE2qqum@OK(}JDAli^PlbZ4*UU{bJTw8BBQx-afCF>(x!>Q z@1lD-{DIlCuf2FNyZE&iC$o!}L-=O)V)lI|o_`%K##}9k_(B}#<{P7@Ue6jE+ik?@ z;?}v#FJ62dCrV@D&DYmq>~A*S7=6>T@Ky83+#VHfHt6AG)Jm_*W1H(bKk^uhS`BwP z&GAGl1dHm}kkFUw*r?Br!jO+^733&}ePF{Y*2u&FBw|H}s#L$1j}eTgMvUI&aS`w} zY;YYG&wG60in&>PeuMNY;c_zc4ukG;zI%4;4d7E48|q0$(~n;;R=U3_EEE+7Bs4{4 zST~4!q3q;VUZf633O2mU=BUj!yfrl7fw^vvJDXgBvT7A6+LqY}K+o6tQzijLN>2o2 zsL0BhZNbSqA_QY2${&LHkZkq~n%7QO?c%d)hjo7}?jqi)V|j2J+rVgbT5;1x1`e%b z@lob{gXZowV0Yd59ATuE#awttv!^#Bf9Bs>n zX*a1uHGVoI`+JylH&z8|rAL%?)NVI6?ylKvL#r&B2W5i`UXT-72)L;!8adYV7i%Zj zNCAVeOX2O2M$k=5pS-Lv7wstwmzzkIQ!rP+LD51IYmgdWPXKh?kH%>bBw_FL8NrjV ztTU2@E(U=vJDis1_dH6dzK=%bNC|P54GoTUD!C1Oqmn}Gp6%>ZdZK?x?DHrOigWvA zxQ-=oD|C%sFCHXdU74O1e1;MqlQh)6=-?XY)Mo#P@N{5yQ1kDZKgb8LvU|JPON`h# zCi5AB`tzRKMtMT`o5Nv(u)t=4qmRL08d8&Zj*1&s|C$&Nt}%FhqKL?k3>h-SdO1&> zkS7zv&Kjd_$2c4@?sd>1jRP?58@#T8ED#+<+ z#y#t1260JBND~(SVx*VvM^MZct%%6cgKQ1ww#4A@{S)xnh)E%xh~|VCpJYzeI4-+_ zx#4TBkjOkRYzQ)LR)B^<~`zAQA*P z@2q9FV-)seNuG0;0q87ZGqoa~1DP^YeLh_F?UBsu`gW<=+W;5 z3_a61)tDP1{C1}<2VBbWU)F_SgH{i|oiRw*u?Y@a@{~Z(!&9c5N+C>$<&=hqCJ$dO z=Fi1Nr3K_H6|_+-5aORonGqOMnVGRrNoF^Ti{i~yElun3(a=1s+Ecp!E+uHF#+Z!_ zS7bw|gC1lfV%#g_7>~B4U&myd!6fFyWZnYQ?0XBP*<`4sW$i?gTDAJpKPIV~nn9@2 zy~G%y0}HT_V(~R%0Jsu3fE*0gU<@EnF627_3)Q%Y3alut7#dLYxM)bK8iI=?X9&_N zA_NU%L<$IzXgnYU9}|R}icCT3$q%3qRJk)1Xf{bn7);P03q-yJ#lYe@xmSb<4x#ok>ETMu4phZ!@MR8i1jZAR$^DMjI?K<=)4jK zwpu*pE%`}5iY(v5sjVAgfxot$^jj$zu(lJf;1oPq{RsS$$*P3f`A9382o_5GjX+7?*mL9R%!b$Yy!Z29Bsf9s7#4FpB(1 z1iD3hRRJ9QXdKk&FDp+2*MM>fjSBZUV!3Y*^Dj)p=t7;G)G5*=P#}wPXES!t?|F=~ zHz2XoL_8W!qf^y39IFAyJW~4&vIZ-Dd1I{g7l*hA4MvzjlFv25!%;)eIWV3AQv@WL z>l>%L_eXY4_@;=&j|xXRmXi`Tx2Yv4+L-1z@~Dd3%uO&DTwjt%95FeFb+5;%AeAYkP>wVM@kg~JCSQK-4D{Y*~%#<`T|rQyH!JPu}2kBT$W5qagQ(O)NV94I&GvE0#LG-AnG;8>uO)SV1X!zp))@I!9O+ia-7M@%16Q378Vjp z)lohbf%sYgLcsLNh+!omWYT6J#sG{t%XqKbZ$z--l%WIztDzJ%%UHh`J(%Lu6X#`q zr=6m2d*D?KQ^bbVlDCbEgKXmN!OBAFEC zBs2%t9zIK`Qn{Wah%2dnAh=;!ztra-d-@RvI-9$(wNyiHW0%)L+p9PfNicIE5ItcZ zgC|+U=g!V2Ct0^Dm1cWpuxKKZnn$# zDs+r-Lg5r-Y`w`W94$i#T#q~WyvJ%%BQhP0oKh2@*S=8yn5i9#*OD1^yHkSc`(%h@IyWKO`q8^Mqojt_=z z=O~YhZK`$h5K&brtJ3Wt#+`9YBPM`$%M5`t`C`}#EiM%26<@SWvy-PQgri%g(ED1xs zBiop0ddbYmM%trk;6$-tII;F4l8Y2A*>po7l#3j~AGeX!;lu2NrEwWYr|7(ZmQNhw zR3ua};gW8zcDdj|rpIK*vMXn`0m|ZfzHQrnh6Q~FSxdCN!6r&eoN`v_>%2%Cfw^cW zX1O)y>vlB>r)4a$?esA*P~(13-azK*xg9{D{21Nr&`X4K18S2o&h;H!U1*cKQ)xJJ z;{oG!^AM#0DP9{yY`$l&C(Kr$gK%n|9dTj^)%av?b%$>ZDqn9pI-7;#aRcHJxhI(= zdKtSW@^>7C{RF2cGVJ@T0AJ|cgoAb9)+p+c3+n|JB&{4nfathII&4)cS~t@f^*%_; zGLGgmU<87Q6YZS;EG(W+0%h1Cok{fdm_*1=WihZG{ks)U<#LOOguny45R1+OeE6Dv zl2d^De&PlTAv2Y3&U|_BBJY{RC?g1#O&B_{PaHMa0<^z_HOYt)5uBP#RCtq~5hFqD z4K#1d<$%HHf6G^SBILprQ&i@E6wpNVXvahZB7yMC?G&;j?F#}()O^3IUEFA3rpe2l z#(kW4s+;PLg%K-mQbJ-|(Raqfr{~c4>Y(kwbh)0NF>$5cs!MiGkw(IP8J+7^G#1Xt z2`zDQAlr@1H^6hS(|7iF0*5K;=i@?>xBVwCr=Uz;E)GYeVX@uRvi@f$OnsljeH;rOu{0bMNA5R$ybI>NxwX}L9QM_Tq4-b zc;I+YKnMWq5fz``ck?ww1cj({8Gi2(Wcx`% z)TQ?ZK;C1U+NsrB#QMS=`&6is-f=N+j1!Z-3YBswPB~^o3u^Yn#p`pe3ihm6y|dvB zMai<`>kEtX zOSQM=7Ux!Gt|Q&Kv0M+P({k=&9XeqgRY7dkxblu0M=;i<^+H<>6ke!OLV}xpkKZmG( zhx(1n864JVCMIac9q9CX$u(x!6N%X1X0Le(*Dm*3KdTGrZJ3`;< z2=e@7f%#ziFlZk6r2;4~$I=Zp>FlSN%h#W(!|{C_O0;Uyu5g}#iA+OrkcbqS!}dpt zGSU+H@xoAqlP(?DI3i^seG8kUbw3Z6o~jIw?ootA^$?_50&@Bnmj ziesZRVnv*~@l{2PD-HYZ-DE-jl?V&$R5*?U`q2uDhN8p?wfAea&{{Eno(b@kyQ!^A znWBoNb!il-cH-b3ogDZ8> z(P4AAne(ZUB;E)t)uSN;2lj?+=SeuV)4m_;$SJgfYbV}hg~Q1#mIBL0*n*9J&9-$P zUqN3*^NHeN=v<$NH^jZ}y?XcVU7l2TZazD=mYrK(xSGANnO(U2;uJkV=pT=^P!k3} z$T+iD;{pkZEb{l937iYyFplQ80ciY%?io6Y6p*6-65G* z1MxJcirO@jGKrCT0f*#yQT)&WyCtW{0)tSF1nk*nd+}b~ zx}Y2D6;18C$0FzcqbQtdtH0ewi{}qIf%`@4-g8m1<#7wzsUTCVSP%z!c{)g?6mz;h z5c7lj#5lT`FX+t3^eIfx-$r!0*$YHi(k%UtCkc~_T@ZsV$-T(sH^?6SL>06z0%yO~ z{B3L;9K+Ddkr)8@UcEERgZ)(Q$!i_UOn4Qovaw4+g~spH>>QSwE6MSZv2&-#-<%#F z$qIkBzIFPAQ{Q^;*Iz1qLH1G_3nM){b$$L6E-hh|>)*P?3eLRw(&_9>Wr6-poOvnV zEOxA9$PH++GpEnJk3$3#f6Q*Uzy=7L$X*Qn_uoVf*aPTua(1(I_ZIKEf^4>-8{Ngu z3(5=9zr|@0xy0rz`IygM_~s>ZlTlqKAknZjc-Pm@pH_2NXDqUl#0O@aU!kerBxB2W z;R}Kj85Y&=-R@v}f@ENg7^-y~SDEx=>@?3r;R?lB{1jyv03mor2;;ZLIAmyT?DV%z zoz~|I_WYJUPm3e>G#WrI$@&8GeM>U)TL3h)z}8cG!<~fV>-hV1j2?@PPK{2jud{k9 zt3cv~1_?*%EUp%EvIc9B7j7{jU2O=XRu~3U0XW%xOz%#y^SIj(OfUjm$`58BQ=I$8 zG%lJuHz)sI&Cbp8WS$f|)@e~NC;+u{2Gzx7p`1Bxa}HPnJf9O`m~tLY+m1xWf)Q60 z!evNopU3#{EG5lzcI+|-&2xoubJ|1+8OLgSrk`5?-J#SSb%t5wZA@m%B#Q7@Ymq?% zE$i}lm~D$$j0LFM4dO=5yI`ZX7{y`EH7_*n=2=Nf7JIVhI(RdLALeQ+btWkwEYa8H z(zicB?LSMGN*&6d#Wnt>4+%~>+UGI9sgNh9kKw#(I*k207ZJoamrKntyRx_x9^}_d z%A6iMohS7%S@}b0{s?WKIg5u7k`9DKLKj}paFyVB>C9*lJh=*^+NR7(VZMa~7jq);DEcT6 zAo1`mFC)L@GE-%!$W%(k(AmJvCF-a;8qFyr33YU{K&%3gyh(+$vr(%-ajtCXM@p!|{&M$(NKh9z2!EwvOpl+YmUJa0_4HY^ zhn3aj31b@m7FgGo3G{?s*SKMc#gdJs@~%l)QBI9H%}l~0|1q<+;zuW^Qc()$vclG{ zcPg@)Hih3lS4Q9TQ0mqOZg2Ilu2L(qIJ^M*tRtGz8knAzt@N_f9b1QkkT2I7u4pOM z>(Ez}!QBA&zz!u2Bi6QyBfW9-2OGWa`f8(dues4!pXtGxyS?Az zVIuyAlN3Voc>IZ&JDi|6w^q9`w{~smDsPeu*}}Kwm8Ipmm9=-zyf=ay60n6w8D&L} zZQB$EI1cX)f-}#>#hli&)&1K%G!_doKyi~RNcwlY&K1B9m2Fz>%Iu|Rx0KoaV=&Gj zIU%;muOp;1aWc=g_a1bbceZ=k_{N#+!uhG!CNG@7a3Pzo-)=Tq*)l>QS{uzqXJllV zHY?N>9C*-N+l@{G*DKuV)FI6=!N={+a+Sx%HtYjj@Qk>vdh0=knU(BM*&i zHtIVg&6b>G=bvOlC7frZUJ#dD#=&h}8$0`(gn|1l`B`on&=y#=prJd0N-@3@IBIkc z0cD7QZ*K9~kZy^*?BY68tYjM9;t+qiUZ~MxDfHtU*$1bL;M&bSIXs_zh1fU1B@aOd zZgz37siFvH^Wk>YZC=%o7M5GHem+wxva0^1(99zJ+TF+K33c!>cGZ zu{hXnb*D#0*6;~8ieROXebG@yBtN)L&@BTXKE>FboFJi=@yU^bVxm z!@xJeUUmTqghsxbXVLz(xomZ5e(jx^mAPzTH3MsYW8o_9k2*cGig(!L?<|0kaaI;` ztjsK8!@<&gHnaF{hHIIwPGoc6#MSAmtJ%`Z$ij`~>kD&8TUeaEeiL^_y_H=-xy7Zm z?E1nD$mgrs+ET^_t*V7Nl$+0P%&p8`L(MZ+7OpR>y*n{7zp%E*I_H;GvYBjoW@T+* z_U84Om2COu%JS0c9Gbt1Y8SCezk*igZpv`6}&=RFRiSFqVFuM&P`-9E4W=A2$^45x-l_A zbfN@mM%yra-;aSWLA4c;Tgl3R=Ci=vP+roLt z*$Nk=7HA0a6~e3-Z!9ZT8sPS94O2!hcRTC6h6S>xk^Blv7y$sivMrx|vE7^J-6~bN z?cQ;}VI#Cr&O1FV`Ufggo?fDV<*|Sv4f+yN!o>ddHtxA>t41N#{6Z>V5y_A?$*oej zBSgfVx=ce>c;DqH;5EcP2y^M^3fBip{>;z~abVJ8 zDe>-_EQc%$?QkAKBbUZFE|V3edLYx5s>W`~Rqk}(!nsYHG_W)$fPuA;Ixa>$hGYl2 z8ajC%$58W`)GYIjl?IPsBR^8$RrV`35Xz7bGAN_<9q0+%ABmW!$Z0TU1D}P_)uGzORWbED9Dy;|PrMK7!P&ECb0fr^ zHTbUVxQD}&bB$mW*m6FN0~>1&E*+Uw@lY0AcyXInB@Hr}Z_%WcA6=d5$Q&xH@QP~^ zES`3bYtw{G7|e<3L~UAAGF$VSD37H(I&dzO`t*lJqt&9&GkC8KI~(^$Z9=l(f;n5q zpTsg_7t;f54b=`x{?SCbZGH>%w6H!aBC z*zZ8(MJRGjms$yHnq*GV$#4@Y!JNTa_~;MB`Fg)8wXD#~{gB-Olnc~;e-KLykk*km zf_HSU-rEMF3@|dHCXJm61nP}pHe|X1gXsb8GF6d@xD4I|ypO$YT%Ptq7pDu`7zL8e zCULDJ5(OZzTEJFuwLHbr0I(fR&*V6Opd4W01tEfL`qy-0(@iPUKb?>@^e2EEJ^{hW z-$|4i$>7-x*rY-JEWsaK0_bSvF{*T-6pxrKOx%^cSrVh&@~1aWzTow#z*BCx>TJ{uE+cl@<` zD>4w+tZ{##MJF64lHfYJcEKLWIG!DwM!0Ma6B1|=dX8yjU`UrQ9_LkNS;;|gzfjQ< z!2ACP*Op{fg3sp?eb}*eJk}XPe;j}kkV)N>mz&)ydX2Wqp;G2SS_9LvJJ?TBgRPI_ zM8q*ZKGuD(yVY(zIA?S-$r@z^2OKzd;q1$N+>}LZkz&fFr-P4uUp~b-k!v)WMPPwI zWexq@-YO3^1aqswA9!4qyJ>?QOZOK9D!L;7B%|4fJIH>yu^KWSoIS^p&C7%2g8%}a z(yRz?wF#l{x0q=~lM>$1S+`uq!>?eEa{1oun#3O$(kPw7i^(8G^s`$nBt3)Qt(P2- zu|Y+<<)y-AH=oH0USGok4&WEN^4cvYh-Mz-9{wWpf88O*10iq#3GSU3A2nzvFVm+iP>G*ZA@84& z0G2Y&Gorp&rNUt5LXkU(xVPYa{_8_r8855!-3i`d!3FeS5c{CV^M41zwvgYk1c}wB z=T~ugARKo$8oO;=*{*nKLh5iY%d-;_$#?w4(I!O=Vr82cdXpkbSqysp;yT_bcbwE+ zA`d~-1t6)Zf~^WAYunfm(p_rZgo_N0@y4dl9E=+UL!3)_cq+za?)^Quh10vV)O)Ek zjLYcpHG1*akGnYK6DEvAWlcBK*QFax!B7ms$WEi@r?ZoI`amP63$DIuPpH&v?buGA z=O+=Pu|)QGouY%456*}vQi7>q2vNR+2Gbp9mf>u%QI`(1-w{WT0tlT)WUi>73fZ5!#h65>l$NFU`;M`|Ql}+Rc@@&`dtLs^HDV8#8OO*XFL)W>#y9HxbR@AeO!W zX%%oH7G+JfU7wG&#iiQZjb#M1c+IOU6OyZ-(i~Uk5YJNTQ^mLbRpb#+fFS>o-HX0b z_{X>|hh;OYl_lxe^olJIG;Zycvj;* z=D75k#|~;+QdG|0VfeEGK0R#!kKR-Don(b6?N>Pa%um0T=6yvZ3`D`GTUuNK1t2=b zijJ89m`USou@Mqo!^RBh(Ov21U48jBY7OozE-5K|eVLK{*)_L|-4ZR-k^PYn!w3#l<1Jrywd;kb_F^)GEmik$d-Lt&sEV>qz%la5Cq zqhTW>1FOdn64hVwi1gJM^*zQGcq|t}HAcJpTU*WdjR^`0BaEl+%=^*?^S?&^dQSGj za;Fna6KSFkfvR#B#OdFiX+3bU zhc4KGvo=yuS*xQW>UFU=&=O3Zinh<3Kg_J zIz|7}Af&9y8Hu2Ki3$aaMcogyjA{a)PNxQz3qYo5!(exMM#h$-j5vG{d&4SL;K+7p zqHJbcuInI0SXo->jH?I?X*tgEqv8VRAwxgjDG2teDdd~YR?h`XBEWTGDAWH_K1=+YMFQdi>1UvO zmq->ZvVYYyH=_& z6>`aGQFc)X#!fbVgC@x7P}*pf7`i*hO$6lTys_oSny3m?(d*;gSA=}K-E6skQ;Wc_ zq(3zL|1CH+sqPr-801V5rf(;Xc(r6j7=qnhU6g?83z2IxIe1j9=l*%y_Zx_m3~-4t zIl!uyqbqE*7%T$=WY1((xc0tEc8Re$1eU$}=9M-~R^b}$M8qUMu8K~F^_>H^Z`V+Q z_SqL#n;JG>RDEW)7^TonqGm#_b44;?p}I}~c5&N6b8iQ`xvhxlhVvOta!NizWJaUC z-#S!c!iQ>u{q9E;Pw?=?JJ`3=lHCMJ8w0E^bTDxx;*BSJu@h!B37x~RN@@e0IMpNn zP!2?WJDmR+Do3|E?cGQ?y>*uZp8?Fv`|}L;_Ki_U!01P=d8ZD)!iwS zB{naWg>jMcK}mjqPy5%_s^2|!%OIcxb%p|-`DE=MAD$wuc2RZQ(z)4?{rNnXTsf%8 z-SR3HEy)FlNlFnJM$@8x#kDD!Xa+=@UXK&eu~jyT?e5$4drjY%?dpk!h(KCL45{aLovk<4#TSjr)26 zqHPkRgp6k81D=XQ>BbHm=z0dG)xrergX~@msvIFMh$NM07#?GfezkhtaXH@+CwXFT zAWo;OTD(gd;E7@PI8zy`;oy~}6?H;&dHMhjXSq9(O}-*C@`#w?qW8FtuUyx(RgbrA zW4e3y?3fK2#^K~O0Fl`A*UDt{aKOT*UqzU1jpYFpSUN2Xaevt-lUWT@l_hgs_sy@_ zW>}95G##)#YC{W*zNo)tw1B8Ymg)yN4>J4&G1#ORc}bID8|$;wjTx)}Qm!>hXob{; zbV&%5r|`k*D$Zq1|B*sYnKJwv>xt672uFCg)Fl*nGPpLP?Q1zX)TaN2c%}NPfL^nQ zEzf$|KeiO(Zb#YGF0v!4!{T7|+E?ITUKNcTv}vzB*8)FiD1nLQm<{rI^ftvfmX%|w zhz{t=q-1jYSWM?Rb^E=o*Wgd(b5efXT$_K5hjxl=!PILE3HT!Wm_v;ai6oz>7h|c`WPZf~Yr>e^sj1aFcJAChJ-@e|2W5wLfNsq0UYeY` z@bZN*;n$E87zzVVzgS}7-2N-k9C{c)1RVhF-liajnF4ulBkbNk$PNIBu12hKUx17Q z#U0Migx4?|@29wMdK>$%4DKs@9;`kF47cv-Y11mGM|E3S4m!y+ZfzDI$)Qrj?{THH zo0W?6GX3-P@MTQsa62L~K=ZAT6lY{4`NGFM{!}rP8;Nx*o@14{jtO0qOXnz*0Ok^6 zT?8-psS3D3W+X7M8>9daf}*8?b&j5_hn&X>$rY}WtnYt!=KS~Z@BG~S{P#~s=`yVD z)Or4F)t8r42=lUdoN;V~hCRz9<-6^G|T%Q>=sRUs#n8LouB} zVi4StOc7kJOu5np0s0}`97e3GxkZgHl3Z71eJ(8Pgf+|px!N+GkgNVa9=TfHzT_I3 z|0^TcGW3C5?GwmVe^rrd$P>v`lS<@jIgdxKn)&$Ts`)Wz3B+nOU=uGqea}U*V1ZJ# zeaW_@Av!ph2B+>-JHBv`U30ICsW8JrJ&0`syK{A|!lXB?Iu%*hB}OYsI554%Y^m(Y z<@y>1PBSEOtt7`Bgiy7M7ykg8Pd2*i+8IBnOm~%e|nwK`Fia7>GdAZTE=E0#S)GOm^zb9;-5kN zx6E7^%mXI`Y+~Lm0rAd&9=r+Mh@CG)wsm2a|H9pj7@o_JdO<9 zM^IP6PuzF%alg3Nc-7HrhCcl?P4+T7#hl@bOn9V(bXql#oyH6-k9C z_3F#ft#=!jlkpZ59SLnr={TL_kdS#gv(mfjUo8pbn4Sy=_LK-y6h-#s|DVbfYZ}0*KkO5orI9%~oNeX7@F31wP(A;*LL$YL|;8I>A8WWye zzB`dxSfGHUCx{8yfKmYCY5l*Zo~UTAu>9m@nWbY}9_wXs)~H?6dYI-wrqv8lDVI_s?4qu<8p+F@sk(9v(d z^b&WMz}TXAP?Ct<$BzAPzeoMc&IhDODqHARl?hU5*+#36HK*KafC5habv7K>Bj_PD zraX^K0&$UpYPIf8qp`;cf;&=8OyKGnNQBlMUi}70$_0f1(%n(f^@%ZvVKL>BF#sQC zj5HGGBhGG;%$EOK-K!JirUpV)dmelrvVUE5Y#P#apUvX@EJkE~vEA9_4xUD5dKyWE zy(EkCSIe2MmNLCvQPtb!y56p+>}}KrLbB5<6||Yv*@XqPdwTu-3z#du@-qJW4g5E? z{{E{M@tni+68^h@-}Cry7QdMXX)j;Jf0$do!hHDsD#~AY6?4rQyyN*Q^1kvKp06Ms z^}K@TE2!rJ(k~*hcUqarOk?#WF zd6{h@|0TkNGM7-_CBhH5F0wAPdlBDW2D}$h{t}<;5A&hitIWr`0o$v9`DLVC#P5sz zjdGXpyu>GTtJ>z zQSZz6?*ibtMBL-QS5fXfp65~SJYYGGcFyDbdDL+p^`A#u=TWcC>EAz(ew;@g=TUA7 z<)%<>3gxCyZVKh5P;Lt4rciDQ<)+a76xyFc`%{2t3gxFzero=7nKtHesBVqt+k!rB zjs5)JLa>efzyF^9{^BwIJ-z<^EQ-JOGGi_O;_ov3FaAgQ_xI%AeQ~6iQ{>8tO z-%`WTPyRQ&po%#_d<76(nPW9S``?-67r)DYe<_7Nl`21#-~Z(wGX3Z$Qs>c6eqZ1I z7k&JJKK@sI{4;qxlEO!i{wIC=pY@@|KlepARk5|kZ%WB_XaKGObu zr2YFy`}YyCH+J;VAL`?e^r4;pNN{-c(LdM3Ki0>e=;L4L<6r9Ihx+(aef%qZ{2%)G z*ZTNB_3?k{;{$zssE>f@*Kc&xa7thj!xxPGiieym7- ztcZN9SbD4od8`O|tX+AmeR!pZ?#HB8~lp0Qc!nBt;g<;~)5sf9OBH zsCxdnSNO;N<4^p@zwjUb(trHWfBdQc_*eep3##Xl*Yn8XdF1dsa(Es&JdYfnM-I;; zhvy5c=ih1vKmB+1{J=W=k#XdI$bUb2^kj|bE_%;?#RFPvL$cbp3tuR``Mp;CY9hRG7V3WSf70q(my1N7R{fV z%eb~8>Nr(DCzcJWmxf6QbVe0hs?wBikE7BCaiCnuqK)7AMAY!R`j}Cv_UR8l5e)G8 zi3(Ky^7?-8pG7==`g`{LeS5M^%^h3+gZRyU5gxD8Vfci~utB z9*nG?33`4erozue@&8Pex)SEk{*+z+nb<-<6Ls-3k>5X;{681V;^&g*=b{dOE;#zR z4-$-!H_9`GpMCF9dhLklKDBwLOutPo(Sj!*Avlg zPh=pT{4QI0BDFn{+MdX8JrM|>2!v0h{wGrZ6H%j2M2kKV_5MV9{Y0#tCt~b85$ooO z;Ni)iNc}>+Ps9LtBK-bDxc$io@>Q&pCt{pD`H`gjSpNMp`Bw<Y2EErG}5ChL6Rj_*gLfv8eQqMQML5Wc{(|`;UdBKbDdD zSVrMjg2`VA_I@QW{7PE?m0FMWU<>}|*<>}{Q=IQ6+=IQ4WrPI&F)zi-< zI;WpYc1}MRdrvo;&x{4nR6nQB)JRXCNzP86NyJW{sn$;aPR;W4?~FZvr;0oMJGIZ#-&+}e zZ)Nzs1m*PiR+QgcQGTyB@Q2S>>wgf(Ui?}te(`JZ_QkJN@h^U@miOY<64w{M7UCDb zRwH}y&s2gJ|4f;_{A+={{A(e5`8Q&~%fC^Bc=QPCzkw)C4XYcpIGuImi&n&f1>0so=9R|Jdwn_G?14D@&`%ZAH?JrPmCo`j6qM- z%3eHCHNJSFYJBm;3i-qe`9y{M>bDZiuYRj+zWSY`(n|hU5~&w|C6RjZSK{c4zmlN5 zd?Fcq`9w1K@`(iOhnL2Om&S*e#)q$dD{{a3t;qfA zw<^(Bzg3C8`mL(#tKX`=zWS}C=d0hTJ$&^$OZPkR@2lU5e_#E*`1jS{OQ^p3d$rrI z{$A4bg=+MR|5=s&8)MFItj>R9CI5{H-*2RLUi=GboEQH>{C@GTj2-{#pLZKbp(}Sb z((F95xWUIVA8WVxw1HN&#`hgQntUAZ^C?(G3RH1*e)uIHi+mj9-!@7OMlA86w`FD8 z6#6yB9`muq$Mx{g&pH0w=0n-WhX@dwoBX=V$2)xNKj3pAJbuo%`+SJ1gb2YjMfx3n zKjK4_M4I&WEj(J z3ZaL1X?3ZL<3q%Va+S8jbgCE8rqaYBDR;?|$WqZIOU6=r9t+!nJ(X4*Gw~H?#Jn5K zNe}Tz?2!Zr>ur9On5)9YUoliQ{2sslf{%`vB<_i4lCD^IRah)+ET`zQRwDKZP#F|( ziR)1)d!ZIq@$4Z<66z}7Vl9eF$*&l!uS%wejeZtY@B`JMN*Sv`!rVVMK&1UE3g*PM zIhE}u?h?nBMLq8r|JQ_VMfgS5ik^ofifL7M>}77`zDjtcT77p!<(su2E02s5FT#q# zvG99LzbhjamPaPsZwtrV?{OEFM<(@s!iD9LX@}3k3HN)-h2;@`9_0g9K8NREe7(X~ zJq8u4SA&h8^!AgV5cI9L__SBP4ZX_ahv9d_Z!b-1S`)iAt4DZ@4lWkfPs8k>U?%IF9r)jqcdORrrQ(;Bbn&L6xiM zTn6ug;*tGd)LP9mKD}4parc3`)hmbI?+nFtlg-1hm9nj!D?AXjjop~-t}Q7bLhJ8w ziCb{Cw2c&gv3&I5w2ngYYxV81!Npnk%;si3o9Q#MDOb+P=h9?wvDqy_r$_&-?6&OAtswX-E-Y8u+x2?Cma%c> zuydg89P9V;k^!+uc5Yzv0i`uvQfE}|{Dh=PSU0hFzhB?Q77k%YV`=Q}@CcCo))tA< z0XDBRhD3|s{;}aDIP7iCH<-=zXU(=erzml!>X6WmZ0$8{<3{?qv3q|9v1!!$HCz`# zcPCiD&kn1t``7Nlq39tzY>+0mYa(t*({3b+8a;cV^z9?;+2r|D-4LNQTJ2Sm#AD0E z&`{hi;kScOEdAC>B;{r#`sEUTlXykCtrNIg0=0xJjk_stZR2LF#2;sr3+=a1n!?HT zMEh7HWTg_2+nSDL8WOD~iy6nhf>6y$c5D9_p^l-%i2alV$pbcB0lz|EZ zZ;Ed9eG^_)!Y|yB6&Q^rc)Qe`G8rIR5x4-GDk4w;DTri{x&+19S^oT0@&s@$({to3 zPm06lFfsRuf+IbbtM4Wl4VXnOGtk!#D{ zS?ttYQ|*C2M=sp{tk2$EzBhm^?4x6&)1UOe{ZkZR@!*qzkq(!Rua;@IsR$Jj?jp1ylWoE6J%x1RVo#)Az0y|$v3$ek)Estqa z!X_%Tcj<>>_rETo*UdfW1E3#UOIl|W`%>)oz@*ubf>K@q7OKiMx(GyF_+69Aok~(q zXK{<|F`hR(>qJaEUwzk|G)xP^O_3@sy&}<;bJ|6jpTX+L7Ihx-%bDVA+P*OB2J;_! z>(0dZd81pTl0!San*92Q*efzR#EmBRtl7Wq8%;cEK<)RJY2(xFoLh1+HqwQmXe7c& zlk(mMmazA`a7?JAE^TDQs|M1rjXjo7ZmLA@;bB|HP)(~|jH2|1|0zALMC;|ud!Xdk zs%6*H^QJ}5`60QrQeM#=v$n(Xq}wCg%#Y34=+>|7H9A8F^(_Hk$pd7oI$&?=)(57q$K_jY!Gjbw*lB^296=|8>l;eUpcYS-cs zk8SQ6-nPA+>=C@OVJpa)Puxh!`-c7AW9V#2YteQKZs6>i5x27(Rah|Aa+X=z0ch7X zJCU;lXJc!)|Lr%{XNP_vhi%Z>fhWnu7CdvE-bfG_#GRbnC5nRgb1#x9p+g7__qlR| z1-OB;a%tbsuVA1%5Jv_khv~NASs7bY1+sDbI=nxx&Tpues zk#Re-%4jFk{qe~J7tT49aY83K9PK@AyPe9`;6rI-h=bMG9d05Vk0eIEL~42pq;vV? zc8v2dQgZm=Tp^VPc>|?Y8f*lXtDxl0zMo`Mupls|I?3MHaEImlOH08%6vWxqEBX@2mG!?AFIxIq5PxXdcPX6FA06l{>^00p?BF8?kqV{WIX?O97x;rigH7`<{KK+n4WS}us#{|Eu< zyC2tlbl-2lX3f}eSpg1o1Q!kH5n{b;;$*#!LBuEy!l^f16~~S9Qe+qqn#~g0JmH#5YM-4HA+b9enH{bU+GIp@$G?8!6xfK%5z)Fv8nw!+U!rB!-y*(kpt* zP{h}t&n53S?p<2f+-iyum>NsYRT-^-s2O13$uPxr+jL}hX`Y^^zlp2J zNyhn30^eMANwMwJ8=(BLMX(0HV1})(t>CVg8=Kdc*KS!i+=Dfjb*c6z$(fafcW$kn z$(mK25m$q>GoENg>e_uRpgu5~N&C}3C9zqYzj+34F6~$?Cp5kLP%ag%boHa;W8&KZ zUfOg}9{#1zm;!csv8@>h4$aYJHw%q2@hjHGl2_w+x4$&o+Uw9eT2_Hkgc}TZGUS0V z|Fvs{LMHC7w_ztRi$R+Xj~?`T4cyT=YZ{fZBJJURhp7@xf;I8EYktHnkobYF^HpaO z2(t%-LLVH%sW7~Xh3OETt;8o-y5<(#L{{w3K&FQZBd6HuU&j7iam67MIMZWJ1zk5+ zrJwKm&bh|vF;*2n!N0IF=Z}jU(Y;h`S52NdD|e209ELS#RLFN{z{QzIr%t#8;wIbW z?9keSx96Hr=&1_~Rh5P--zP_JJtTwGoa9@yT-d>1Ba%8-qeCY(ajGh%YH_k3nh_Wq=GoR)i? zxyY0pa7?7Lm+<3}vqTuZ%j-Fb3cO=ae4$q<^W30g`s}HCDSdssbhnf@tCiM`PlCe- zRf)TE!H~OZLv`h9I^|uVD*Lbe>ce%zh-uxE_|^6~T&SsgnezU$jI$sYsy5w*Mbmh0`xEWS@N3Gl zH`pa4YqVICIKUEXf5=Z;Y2yW2uaYN(6iz>`Bk0R|{B5jf>u_SijUr<=@BQda{;Kd- z#s3=DCX)GkJ(Hhg>vuNpz5n6ny=?eLSOlfJ5&WG63->2wZb|8ZZ2;H0rQ8`9dC1ie zv&W1-^1Owu%g6g*tsBC8yxlgTQmt5LO$S>BhJBX$stVB?Q-<&4da|}D0M!I1_?`0{ zzo8VfOY!OoYYT3gR`ZL;xOy$^t**8g?M5pTLz{k-7iP*KoyTQ#&PON`=NeAViseE+ zGIeIb37G^8BU14zPkr^{cFogUMx z^Aoh}Ix=?;noVqsb)t~a=|K`QL$#w~hu*q0%N?dyClk9ds<_zX+NI_!{ooLSB){jB z-*~w|uhts$g2}0$140u;b1n2N7j2G_oWIh(7>Ee^=k850(og1mH}28N`miuH3I|Z* zH*Kp^*e|0mIQW2L64#|J;unm$6@Qa1ej}~{hpaMMneK&*X(}_lz9^f@Z0~F;^S!cB zlF8BDNhZg-l2FmX7a2C~cg(-I*fCb|Coi-?%9nX`>Siy*qqE_lhQLwaM1Rt&A=D;S zY?!0^w^&;&U>Drg&K8_kav9Niu`EL92*JJe@;#R1>Vb!b ziR4Zjcnp*b`z**q%WvWXqK(uWUT_O)J1Bo&Swp&!%qQv>(oj1cpW(siY|tBjX?WM})R z%zJ`dymM>z`uy7FEMJ!H-kx7sps&eNxiU6BF*!9oGkbmR#{A89ZvE`%i?^5V{3k1` zYj@v$@BI&cQQg``zrD9#|LFcw>y43D zX@I?OI!FTrw3X1?s*cgCyFa(AQCwct!ZU7lY96MZwSlEP8Q1x%2S@wWt(w2s3jIG7 z1G4sJIGkrw4UbX@U1Iq(t~+xGS>HZBc$E3u*fLmwL6h0RVFyYb}S=#QO8<2+UD-6Pr2*>ObX@Ph)~ z>z{WHOTC^{aKBkqBTS0@`sJ4NWrzSwBedNc5H6y^3C>A`dp?z|`x? zl{)1lz=*&fVk;)L+0tV(3hz9qC)5b&EuW!Ck`Ng>B=eO|5miR4UY=0!A5cEtOPANW>W(I;z0!Vo9msnBNPMF zCWs2tnVLK@SX6>51&iF1QP@(rQz(@;9_!8Mcq&Nh98xBH9pS|3)29^<$N z)_gI!vx^y?-CZ7<;QURmGZPeSWx`Ui=$w%YYRrF;-}Y?|^)}rkXZ)f`1yD%@*Rq4{ z-8#A=+%QAR5yuR`g=A(k$1;Hd=3%hWEx>4*B*N5O#4jc=&IeH{h;s`*F)_}I7H{qf&kQCQkWveVBYBR-s!;v zHR3!=v5bQc;Iv`aQ4lwQ1wculmq>%?DU`Lwj=NAkv>ToT@jbLfrt1o*JZ$$edi?yp zYb3tDkx>|eB%9D&2I}Ct@fI%_a;G17LFrvB{(g67l0oQm)uLjaRW0^0m~$6Zi(?sPL0o1j-ixZG zNN28EJRwQ7C`v_Uj}_{~AlY+TUG!W(cGo5yw>W3HeR!n9K$;!O8M4+-dD%CKuql_c zo_n(0orMCoP3~wT13_1VMx5s=zTsCm1)qGmjE3`fsklqs-NmogjRJGwhID`Rd+*h1 zcegm|-QGNfzDmgOq&XUp?F)5D6TBDHdl%jQ?1RsY%`y-a>))c%`q#w~o|d3ZIejE3 znR{JAfu0$Ru4@S?tyHK^LxmS-i=cl3=w%>dhh*ziqKwBNHJ26cx-VKFjuneI-q9a& z*P_JtrW*6Kd(M5ARrxA)`K?xF`!25EPyN_Y{0T=T)i{e*4l=ZC;>`zBshGN^H_s3_lJG68$ z$#GMFpLjuEh)tTWsFpF$g?TK0VVpyui5Gi6d*a2x4q(P7TI11%J5xOTNfDDc?$l`F z1gQUoqcRs5|C+D$0~aRlH8wXr7e_H>ux{3U<}O#9J}M|h&M$$Munp{NK*_#u!AR1x zEx7!oJ}~j>OBoN1G5cJRHIY~(Uqy_G(i7W-QH48d#8@1&{eB)Nv)K!dU>y4}660yH zba*sp-qTR8XPinyJ?6gHLiKlXzCA3xvk9Qc1h;#F|n>uA?xdAQaMF22dCuo{TnOra)nnWGjV17ELRbg8T_+D=X9scNw9 z%;Iqe!zfaPft8aoKa^s>Vl)2!ESViDD~bw~cQmKZKJB_nvNA*A7XhkqK^es1WHsDK z+c=(?`-y;11ZvF7XBCoZmHP1L_)&^nnp+2ucMqy`s}ttK{4}_oWxN{Duu{kggqB2B z0Gl0}TW&k6TP8qs*KAtf+cuBk4od#2G^{q@j(UZ>28K(Y)ajbMIEoVm1AW)RidBxj zf@B#m>@=+A)~eh4SYmU_Be;t9hxV>s2xagym?S#4+7Sx}sGK2m&Qgb@*e!NA<1tM0 zuxelXEKpeNki}y{?y+fSyR*_lC9*l?2}#S~ZA+t(Th?si+YgnBRwZsXchlhoRvQA0 zpgl_FzbPiaXK6sDIo3N?;LT3s>%edoL8WZ8TjA}h@ z-fh5p;7)B-7E#c#G->A>_+Vy|Q#LtRECIOc<8pZJldq8D=A8G)=J3mE_lR-LILJi~ zXRxpsEK09ll3(1bzn8Bev{jxRD>ZYp8P_^czD|F#Wcx{?Hk9oaR2O#$xd=K;I>f zUHa{E$GNY(q9F`*0H32^gKsCOsc@wFqA@)aU+%o~tCH3F+H|eT<&RfjXCE|uRmz-~ z*4O0NYn|{zUdPSu<9%r(0*Km2QEId=w%lC$HSE&7- zT|f5xCN`k89)d_rTg0urlM@qT6L5STwv};a^PwhjhkvDyp8(j;x?qE<;wUQ-44#H; zRtAGW_>*ZPLGP_GHUI+&`MqwcOgDOMJuDa|ujz!xZn)ttxC;l2?bqBMx9tu4iycS1 z-5yavYc|JirWl0SKv%0-Mx(<|CM04F1#cT){Qj!4KFu73jt~g;^1YcDN+h1I0-Z zGn*ZjF#OK-!r#s|L(90>OTqho^`N~5Pj`?e4nzxrVb({oywOWAyous)cs&e8hWU?V zcbUt`HhXsAzhHM+7rj0cRE^6X3MR}Zr=45x-uApo4%OpHrci~*e4T~47_?4;_u5uw zXml@-Z>|!yq_2^!hg@>Kw1A2=*R{`1^QEt_v8+c;hHZKODE0}SQ&WYlf>FIfQ(LlL z^?PQjsMo*y{e%B7s`-z+kI?F@cdI_L~Q4&+VRIqwfDlP+c zy4Ha-RVPcpbFWIw0e1(Ii%DJqtRBUPDi3 z18L~#k|smj3x=LjQ(bHGpwXOem%C!(3=S!{ z80MerrDlWcR-MDry?cWIT`$!LR`CD^jHK=>_P*2~VD%a>(*>Azt@Qwwmxlx(fX1Ag zQx98e;u^#N(ysAx+wm@#W`rS<0?{Q*h&yr`wL{A!EmY~S+K2$HorC)RHlT|1;sU0F zoe1}^nIlCS0-R|+^dKyH4#e^V#~vcORJSJ?5O}rIWX2Q4@^PL!Vy#0G$j>RyBgb?4 zZmFkmTZhfZJ>VWU54Un~51M2O{KDj!(tMCYkw+rUfP8Tq)x#vqcIOz{1aL*((cw$1 zh2vUn7eJ`TT#mcV=CLnk4OP9DX6OpJ*G%eqABc{7038F-zQ@%5xJJs0nPG7?NJYDb zt^Z_ckp~dbIzEK@=_#R);`cU@gq%E&5GxF7E^TE5F;9!WUSh%$q?pe-;6s)V>OD(X z#}(=cOl!xecUd}S?ZC594$P>_1J!p^5Qzc=Fr}`f3)^FEz|uuO>$8N+@Z8-^$bU%f z5F4z^8oEW&Uwx<))rYwv^Ha#cGcjpak15q%Tz(w*(b28cF;mBlT9p?qxJqEYArB9b zFk+7k4S9He?l}nRJyljg@2%4#YY9L;AN(vTBTvJ_i^;4V95vOPigI~WYqg<>kqg$E z>@TmsU&MqpMjbOAf<>T zWzd7Vv_}`U(jGA{Q$)okah&6|v9Jh3^%3yw?pBYf?23GbX`h4YLG=zcT_ipil?_Z*Uqg*% z8&gAoDTwHL$=bP!byRD@&J$wkN_G^ zDK4NY)<`7gVp|9D+|%}=CFNR;bxfewamJWUOCKg2`?qQby|Dw984Q97y+iY1l<$Yt zW=;e=!}pu${{xpE)^-}K-J%{^FJYOrzD*^JytU-YM7^_j?Etw)yhs*Qh0A)qKaM2PehDPGY}{wppXYn?yGsj8 zHy7vU*5+?$ga#`Eoqh?P@L;9z4erj}+x_k8){e|;#_zZ5sBFG9cgbA7!ErBpC%$^S zm+wcl8kM1oh852ro|?`U`nPyJeH#l}==)pnUl%s(A05EkACH{*-B(vFW~KH3G-Coz zC*2$rr^JAFP6tSDiGbnRNgO|x^; ziJoErv#CTw*fbkKxsTXUX52OkL}df>DGTj)o4DQ(G)Ow- zUJlj6#q?6OR&VN>!_wC$ zMq}6MZXc537I=(yO_SxyA!q&xXDJ~_y&85#kFfI<<{%{OquL7We1wbjj+7q3;M%@;tQeu&(Ie0IwZkEA?T?^5|~Ts5ufRqnj|+y`}(@%d}Wf* z|Jv%rm*}+>N|A`~SfzOSO{w@_PAGUs$Ty%?JXT2FFu>Sz(ywZ=dX_+LA%%wPL)H)|vn(3T;@!4T5 z!5fmMk-4N8@SJQ{Ta7B#QTbAZk#K@DLKZY(+?{MUTMWMV>=@5o97(Gaw)Mql+jYj^ zM=XfXuzC>6tYHH!Ock!$KB~7)wuqF(0$=O!1eZ!M7RMSM0A1tw1hWpUfolCMBwO{5 zKx_Sgl%DL>8Ylbpt&@+MosUkA2AZ9abCUy>kn?uEfi1UK*g|&ohk7{#idrN-0X}Rt zP7bRB{q1_K(>mF~boa?l?XZavCsLfig5CqmTS&@!J*>4iD!$|&_TNU@+m}syJEV2S zOMVRCdy5|OMTzKt1$GXgA_8l`yn-yoZ^?)1A*!X?s2`r-c0%xZtGNxvH}LmiqY}b!YT2+ksPB0mX_&mKSxo8JHsfCdDj6YvoViFj^L0nL${e@~DXuImJT0^Eh zqx#MQyPbd$n~72o9gnQp$Ybjb2AT5O1KA?26bi|8ViPXsvcFh_ z?X>vPI^t9BkB(Z*4OOq~c4`j*x>Il4=N;r(JKW-!5igCs7Bj_SZmV`s-NxHPCEBeY zv`==K<=z+nJtmY9LJChnVjHsc841VIbqjQU#Q2Z!avzeze1Qhw2emys>V!XpWK$+=>sW9&=`=9ei||41KqTRZssLdFpqNMQw53C>gDu+rz86oef3q#XB48_pbcZc0{yN%Tc?#9E^er@Yf23?NA;gT2Lu$ST96P`EU<4%%h zR&C&77_DJu&8_2Vy}=5pX4}ZLPdB6hO}n{!{4w0w19%5#3ER!>I@I+}hCLD;?)Ry3 z(-K@HU^7J4&pTDFthy9e29(K8t$KhhO}bjef68#l<9@Sqj2q1;2HV6zpGMmU&~~7~ zf7T8@%YmrHiFO|-$6WlN=p4)r;h1Fi5kjazM5^7k_XjhmO`zWD93v95SzH-xFcr!% zf;&=ZIN}bcBTO5UD@5<96AbwS-oR~;V^NziAMax~dkRZV@4}SA=AYUQDcfm+WycsVr8}*hL9a#cnEKBf@IceQNJxQ6$@{ zIfkJ!z+Oa!;-GY#zC*>=F~bO(Q27;$IgI>o&1b92H`m^qU761oRFb zg|#K(yt%xR&1QFISJoEhxQ3qHxw~>_d37Gy-vC<9#jhZj`P=hLYs1JDaoPO4_>ryN znq6FER(-Q~LH!Ep%jTBvd>~(=*{$Wp8}o>~J`c)fuP@G9Rw&fm;_Slh!R*HD?b&xo z-AaaAHs@FR2xin}@7>_ZXdX{q4huZwf+qmnG zBWm}@O+oD=?ju}%bhz7WJldFR9%AJYt#)Ho+SltR+r+k5ef-Gc)9q^xlsgUKCFy5a zmt4i(gz7>4vDLWpx*v*5voImjy0!l@PBwyN9r2X!t7dPyp! zjqZT@9^2$J)tz^d>C?#3&Ks$-{@fQR!Ww+d`#4^>LeD&D1ey&S$#xCxf5ZE#1Pm^F zjNVo~f&q1v(VNT08ZLdAZ?$lFY4G1N>k5F|Vqo^Q(J;~c;moCf;ELTag*FTI>WZI1 z3stjqmoXI>bmGpv>;Tm;sHh)a4b?OVS7b`c`m)~KYAm{F z3$QeL&Z|s*54q5vEo?xaDSnFN@VlJ^z7s@NJR7m0>32et*uf@v*RJKX!@9v? zK4)|DxM^iBaeas@Rgtr-5V-ZaK(ymlbWwJ09odBB8THhQ`$g-OWi{^kvTC2ba!!>F z>yux4Fb5}wOdojHSG}0Q^&;h^TJw1shnyNdw=A%}ngaI;m@S&Ld(r?_)m4Bo%7bpD;5l^0eh0h{X-?iOaC4m9Jg1 zPK}GR8`PBg*-!6cQ1P3aHy0M?H#cqVwl?$@Aa25j?YAXH>Qm$%E*FCgV&rIGm|<#H z_Xr8K-~iofsn*;#kD9o2haX`7;!xL+U*#&n+C7G;h&=*I%e7ES?#4<@o62Dm-t07F z3+IcSS5;SWCK1%Gs$+c@tN(1F=wh&$!YOG^&i7qq0fc_7yQ5kWAv~(n(U^c;RMKVr zpj~K+1EKqJrn1Uy6+M{!pdCskcV(UqSivIFRRuUGu9$pETJGGsv-vJ;F_=G_3pe0> zWomSMRM%X334}oI!Mmt=Ttn@_1exE2LA0_tzp}EtVz^B6nJYMmYPX!W4{Eg|9w-jG zB23Iu363gZy(Gri8b=qlj}i+AQsBG3q|x-kO|sktr%C(K+@LNWWdllJjB(Ly%J)oU zu=H~1!csDd?a)_8I@S*frA>VbaVP2btW(C+9M{BB1@2MGs(SlOLqwmkW}bjUmQAk# zV~pp1jCf2b#HYH_8)%~G+@|AmgKS7Ab?vWU3!-g|R{blS+H7}PwNG$oAx|M)bxOm0 zDkq`|i*S0hTrShMm^DCWx6Pq0YCCge650?7oBO(o5oXPOOm(26!1^+ur)6%m<@gk# z!x<}|hMKLX4VWUxn?}BAS$4yvYuDhn$SQ^O6em-hVqWiC?;9VRs0{XvkB?7bntKot z(=*ePgM9jknbFbmV4pn&fmbB4r$v-!#t>1SK|+hb&GCrP(?<}ZGK!}~OjRZjF;xjk zrpBikF+SrVriEj=jLa>`^aPXW=^~~S!KaIuM(UYqK3&8NkxtKqh?z2qH8WF2v_Z^N z#u-6sT*R0n_;eBDEXxd^E@G0!pW)L*ObKEtP&zZk((36UNXN`n%yybQo#E3#h;)z| zB4$L#j3=xNt|P_;N`&`GTc;&A=naJBf9HOIRKQ(dE(dSj@3(=oNS< zavM;A>E-e$Q!wy#iT7!g)CHEXJW3fs6ayDEGs*&$XDWd%2omYyq?m_-%&42+JQH~ZEdb|S(63%!g^W73M@KB-)UlLqoJ%JGfD3%dX2@w=`MulSIos701 zBqS#g<*T0Wj;>h7G0Hlw!DiqRjc>WXGba*}svtm#)UnZo)UuJvz(cW(B7JD8d^b`V1Sli5oRC@;qsJHoC?mBT89j!J zwS_)1dW_AOxg^xHO*1MXwPK_)@aQW>Y81K3*qA|4{5=#~KXApSfOjJz3OS;Ti1DO` z#;w@n39fO&HJ(sUWefB{=kndCXW)sTD&&`>KodqP0}nMJu8xnzgySTrTp1@V4r-hP zF)A{8ob8EGkuG%tjEYOm4>Dr8Vuf%0_r@rN4!%oXJ#UE(18K{_~^`puQa?<-y>ilL{#$#8oLzdyyMQdm*l|G1i?W9G51an21)u7TGa%AAqlj-;pc+YpRzy$%y=n9PHXQL~0hKwRtEeHvX)M+m! z{0y>P5TK0uVEpm3Q6K7&QAT}ekBDM>bb-f3A!SskN4y*Lq5I`$qdxStj51O~gJG1B z8v0sBiB#AyfrT(jm?JEaBubnpkH#8;aU!TFUlS%@7C7q5?52P#^j3T~T%osOlt@(& z5{lF^JFO69q(<>YLPrFG041)L*+coLiueVSA&D}&DoGjH5J5|@rTK2?83bGoeH6Je z)f<3mb2+Gri5xUv5+(E%%2a?-u`7v~$o`s~P!OP$qs%ZLWnxlc5TaCR(Mkgn6B7ji zO2v*=8ljA?L`-ChO-@8RhwrM6Xy-6W%oz(745BCu3?ie)OaP$30;yx{<^aXO(KTi| zM?r`(T%n^t3U(AO2v91}Sg;iMSp`xMpv34g4lsNadm8|UPKWP?K2cU# zlxHF%HF|SlfOI%#CLl8*QiD1uw$OFboFWr_XpohuGPMBgBZWQ^UA7_>#z>TzhE`&= zVL(sfD;UxTIxABWCPYrevf~HmAQ(x~JkAN)CyESA286TKk~*qP$%p{tR1jMJ5a$uH zpYS-RZ0I#LP24_mnym{drbADKA2v2c7_13Kl8*{~Q{WFr=S)zLjC5sJ=rh7JgC!50 z9U-Z|6vkr0{1i#k$tWH+>7+Psp~HzE6vfIkZsZ6h!Vlq`PRB>numJ@*7N$0k%nfU% z$AT5eNH#wo`i#bH3^_d>x>7)(bqP|Thm;DyM|5(LBy>rFOilf1H7Y<(1@n(TY`ABk z$2sLPnhISZAvtTKFjn#Ol(W-Qqknpe(nd%&h=5aOG9t-WAL;4{vs+$;zycqY4soG_ z#H@u%goYP!&Zr|migeUAGiG8l18?LZqnSyyP4rla%;SfucxE!Fa^RY@wu#BIB>5D_ z4jddL!&c0m8A)hRF{3H9cMc;GI@MH|JPIxPL*`nZ8k>p@fj=yAI#?WlnATJj+g9K_ ze^6`?2IE0LSfZ)vO6WcGgF?&5m>fTte0ppqPE+BB+9tw?lRt=araaCHwCdmwGGu0a zB1$rTsO)IAaTbL?SR#g@iupr0Q5%7EtQwGn$*75-1oQ(LF$_voKY$ZuoC^K9egJ1> zvQl=Y0A|GV`#F+%Sk=yS7!Sar1RZz=rC@V$<;l>dF!lk&c;wbNO@gwX#*}dy0f+z< zK7xE7kCisg3=t7>F-<%XCl4pth|vp%Y)x+UG^9}JfPn7yxlEC0^y(qoDa}77@;9Yg zog#ULW10#89eJPwYK9S1ZU!+kLFtgLRYYZ!4FE$)UtN_^PH5QEK`ck_wBD8Oe|fIw?fR?ld~a$jyqLK7w*F78rzA zW;+(TugVy0346LEqI4`Y%*r^07|)O`hT4n>>Yy^thHFp5G0vV4Qyb z84)TQ{RkU?o-PUHuM*`0(#<4#8pI^U5)r=UDv}*ML5+i8ogpHy5CeQh1cSLE^@nFD z+$2R75iyA>O0z(QRGJ;O2IzGWoESr0gd`HninO7Fm?Rxje7Xo)FR%kbl4+W$7!n1D zX%68K5g}M->_R*aHDN>qo=&SOr-PowaEOHIY1z(DIiYh241zLaM9fx32*x`;7t9l* zoc0tBObG*rJzWHKIYvDmDPED){pru&09%jtZYXg4x293lTJn$25;_5MvzZ zjv>ZFjIk1v$tR52mEpXCA#jtI<3dK?wj z?YN!}f}%1GEgc}Jju7Gbf!>vL=xIr2L`R%1#gGn2@$`gY<{GbfdMTWc^@68w4U<|q z#S^H7baIqN8J<4Lq!#Az^mM=kK`!=mNvQfJN5gFOBnEwm(97&ljH38?CFw_L5KjHMNCo)PRe|B5$t*q5sEK^ zby81*u=!w_6fT0}n#rj!y1^@I-<}?V*+z2%y#)9@ITfY_@XBoUv?Q9#pPUXWig+cH z^>h%LIGzrza&ksf&`~E(!hlB-JuQiv&ZMf`MX>20!b>4uS=n(FcuLEhQ?g`~gj;0> z`|$JvGo{&PJiRzfX?_^b2*JW3!ncMgX>EHNQnfZjBoL?0>lHEZZ@Ta;LEO$45xlA|lW+PM%KbX-UR8^g~1_?W7_k zM}mM^2y|G3@wwm?B;kpK4uYu>;c?&q`|7k zJ54_XK^E~&iD7_TTtcl@LiL2P6yI5F1d;l2BXvATEk3LNvB2S)U~h^|E}>uJyEris z3=Blk)MOBe&@>*Rf;EVDS`RL8=%El9rNBoS6jVbf5T@4%H5J+d-<6|QC|$xStH-G@ zZ2~Atw+lQJ2U>`tvh`6c9HL?w(M-r_3k(YHB*Fq8CG_Li^Wkv8E>U-5fuOL`V(SZ| zp96h0`)Vp`B42~D28_}qM>gH1%fdJve6j?Q;6^61OgP*5urf~qQbBrqC^%j z2*t*`5>8XoxrEa!FQ8(vF%?M`VvCX2$dj1tQbO&zaS1h%j4z?1htyJ5T_7mDOEDur zdLPC1gfFp6fW(0-h>D#8-ccQlLf{f&CWldR(w^_2-UR^))HBL68qA~t<^l&L%a2hJ zYK*fFXl@J~lon4Am5_>dK`69^03}NXQDLaUcQD-r4i}mSqv9e5-qo)m@M3}v+@hv} z_C=JsR0O^r8KnZnU2%w_mE{7LBPMGZr7030#qk8AynOLp#n!TdhcaB4nDu3Z(Ma@M zHV9E#QH2tUoWMH;06`!X%LmL6K};xf0R;^r$9D>V1x5rmw6L}j1X6)RPzoH>7)>B( zzi0{JoxDd7suoKa29*>@-2siAAYXW=D}!rW#|s7{tqzFDFA zB)$kj)#6>~6&UrHBO-bWTvVBj8WvR~74Iw%f{>R$6(H2;-VTUlsWOjt_ zWDbHLOxQw4PFUa)O5mq3F&+wpcjXvITlh?c>;jk2RL5ANI&EdD_Z_EEmeicM@g}(0XqN~IW3DSL^4}O28>vEEmMjWdhYTErIleY&h*1a`r1Nd zh1QZnUt;{wB&$N-4zQgE$V$)$s6#0Pgfp(w z?pgrp>$}u}Rvu<}W5XY^@W-b*?huL&LHLhZr~hp`#KNnW5b)>$N6e{@`1Eu6<<{xSYlGRKJ?9T`yhah5BvpnX>U z`8#HCJSDQozqu2S{y>5JN4T3{M@Hnp(zrT+Qxj*hj)x|Cm&>s;zYKO6DcD#&=RG3sH+&IuRr=%e)0_(n?>D#zyv^%#8tnr)F4$P4o6p)TeJBK<67FQm8^P~{ z7t>zAY0V{PJQtgL_3dy$On>QvW(P;(8oY#wg{IemD`%G6F=%79yx{&eIF;_{FP5SMa@Gn!`WKvQP%1-QQ>INJRgX3Lz zkT@T$zm*-rX@^@<+R_8*j@-b^!K@e8Ah7gU#`{)E@DHB-^sTHkdk7C1_3fcW)E};_z=xLm0LMVN_{T2(ajgZ9K_9^{S4^~3 zvya!|DhLjF>eWW_ZO?t{9KeH8{!_yzYwY2SeN2O^M?~FDZD@9NZef9h)ebD~9k}+m zA3=Ak77c$O`F!^sj$1YOkoq_#*neaRW?S&+kt656L-kIr+1ks0xo>HHUVU7>zaMek zces9DZ|&{ZA15E0E&*JTr_4BXh;GAC!A>)u{h{Lqylw5lxmB91=_+NpRew~Cxxint z*mS4b-al@}_*Tc_S2}Q|k>Y7PJaB5TRrs(u_o(GK-1QY+=atXeel@A2V^@~7PU}8c z8ME)W4|ngw?Nz>v9VbP1A8)0V_}FD|D||(>JH@K>H(rPIJS!Qo(bnh!(MiG{ zwF4&@CL#TB*2|8FEO)89=rD-0P@!NB6>&I=s28fU5VX-N_j?hskVk~g4OAPR(j;pr zY-tE0>OUA!PKaQd_3X4+r~v5SBA;?4g{)uAi#L$dku=RVpBBQ`Uy{x>N8n@~Pl$$l z;dJY@Wr^mrQ`^L$ZpvIQ-1zL2HgbvQT)T|aQl6~M^k)qxR6&%lMY_vKKSMHcT3$_M zz)QzA6zy?sO`W)J$-aQHt*pc*l!<(u(V9@S1PCHoO!(tI<-gf!wD;?~aK4f!&>shn zr<&15oQIJFGxUV9H9apIGe(*S0d87Bu67!AUeC4at@!@4?ahIqx2iOIiu3`K7?S9m zVhL5lbf@mb(PYNCnkfRWyK>x1Q*|*dKzYev&7vvL#aHT=L@|qM!bu%UWF0i5<4j5n zgzBnaa7co1VUk#7fW$%8LqPl!|~pwv~% z^_?IO=a{k~C3^{Vv8b5KmXOm> ze(DNyP7yl121pdDAo^)ul=V2aIEyj;CHEz}yLNME+8MNNnuEPi;X0ox?ni0tcmtW< z%IqeD#O7U9QCW192nq|{OByxnWqzzUf9o^8<+wB4UrwFcImF-xO04S^=yDC39h0A! zj^ow2FsAx>jiM(4iaoHY7k_=uU^1MbfIJ^ToqZOoJ&ZTK@~S3${rc?onuvs%?kq50 z*O2!^6TtfPR~(hWdG+m1PlAR1>t!W?4nBoCb65{Mxak*e0Qc0fwlLpTZDf$xrl0%K7w!gejp7-5I7J2r|^e`E4Mb_ zHuRm%Rd@_t+q^Lk|Dc<5vv=0+!U^d~?%UGx=KSqDYaa}7Y7#bQr*U6p%8QqMK(UM< z-NNBohOchlBO63d2|(L(SDJ@r=X?^&{IbZ@Bazo+t16h$6|O%ra4*5gu-7H*E+aXI z>&8zji;lkO>514~8O%1gcCCwEp9w47VZ)Hn*p4xwMXBglVb343U80vyB@LG-U~+Db zH$cJ2TMDiA+O?&dH|T3FA2oNbN)Rhh`^?KJ1<#!`^g%9#)4;wdxB_7Wp6UptNO+@f zDx&Jl+D|N10%_y;n)oACKIXHF;1Vw4IsP9Y~ExVjF2BLaPV?ITcMj0_KZC-O*WTKD5 zkkPz>UahlAiuxP9QqX}Ea?Qb}LJ6V+EsnS7w$e10Ny6&b<`feY(7SYzDL2o~%c$#x z1HJBd(ksL8@psL>X|;58TF-Ul*_a<*VH`9AhUt;d?V8> zra||2L8Iue(`r6y)*H6M;k!7j1QB;4pma16@~k zX5CXe*w~AnWvw%F@UeoO7^I4iU5I93ik4bX*fzFxhQB!yU%EMmOpG6A%qeIVB)Q6$ z=?Am*kRBBv&*@7ye?E6FxyCnSd)`z*u8RRTeBaAD3}cTtk0WE#!}zo)cNke=wYcF| ziwlI}UW!2Ijg-*KOyk^bv^z(dnyY+|XG@bLNoAMJ(4wWXD?EUNsCI>q(oHHKJ9a~0O`JPTU z`IRuQzUcTqDzoF}Wh>!qVIxLk4&Tm{D}hCeO+y7G$d4Wj8~PjE62v>JP4bL-OuWF6 zJhq}Bo);iob#^YndRTC!RFTnyE5Ss|MKTT~xj8M&0EjB(oTo}%SFoxHK()YvTf5?& zKcFIJ=(4>3eA|q?sGyPn>sGM>*U}Kw zjY+KwN6pg;ylh*xzP8IHKK(n5axgEm&~n1BDAc{o0n7mpK?p&W>tP&yl+J>1hH+-Z z=$lDy0?g2%@?7DtTEKnoHDEv*9!t&yj9NmxqREr zkn@1a=sGC|Mf)=L+d0c{mlE3JAhSC)-AGr%<`oUs^~*JL7qxp(-Q#vi*Ydm9kLtWq zj&-e@Z*5#Ghr8rJ8We4-*NRdoz-4)7S%qZW^NkBsj~}JT zHQ8a70}D^oPIr1$?pA{Wn&Fa82dD&)Hu21cFlQSyA+cFC;U{_BbF>g3sGJH?6u-R^ z%R@51_r1zHRIoFr#|p1n9Ei&s&CaOEwKp`*+)~;%Y(SN@ASh|Og!vST=xnH**63Dk zvblmKb;bhRMW$5DBWF-0r2M#VXvkVjPy5R3sh57cB?9I)OtM_XiTz}*iMzpEk%<}vqr&@gMP&ckucW&!WLf&x` zHUjmR=G-YGT&HRmLDsO5b8{27XRfYpZeFCvbJJGZERx2Ysm)U$%c9tXv15qaVM002 zmTk&Q(q|Ml3*~b9Is|r)et&8!a;&GY&x<`1jsDfyI|~}=mbMS-B^vzsSlsQov$co) zIlt=5@K?hP@mcA;Dz2Vw>|M)rvnLN*wQ;ZR!H(Sy%i9olvIq65j&;o~E@a$K!25b} zjTf*FqUXdFwb-Ll8upoCBQ7bii23D3$&{xtxe$qWb-~R`o}55MWq53OG}~!4v8QPV zx6x|)47cF6m~Hlxso~1-gs!-Kgi~wSs~Ap=S-vhG-X?Z*P~(1t&Jmi)PEE;yh1=bd z%qrR9+Nuf~Pn~hTZ>V#$gDvpc&`@Q#a%C822Y455V{bSqo|yR%n^nptR#;55eTw~y zbDOwG77cigjn|)I+uXddu(G*{{jkHsBkk7q2zrTQG^gs(Fsg_X7b$VLa+bqXw{E?A+h6o%=NOzIVw2w?jl}*G0vsP79!1@k-ukI+ER6zBxC~#j zee4M8C10M*C^--n3LSSN)T%h7cnKjO@ozvK_thqJnKy-14W2wuD@CIm#@0gAAa?K6 zaFI4zyrdmO{VXy@V5Oo2dR+ z@V|61I6_m0?O(;tc#2}1by}tXsYDRORjk~jxwJATD!BCWu!%#Y8W{+PRe{^d7`y0( zPB@5EYdnBNF5l*b(Aau2e|vf5gH7Et9f=^rA|ZxiQ;0!EiW2k?Hmt$(2mc(*LW4)H zIi?He1^kVfP8SG8F-bOqS&U6EbW!9MmDyd2k|x@xU~F5H&u;U6W}`>&BJW-onl8Ttvn0>3|T;z^KHOi)2+--oEA`X)rM zzmyZHv{J##g$9pKpi)wx48jZn!5CV?VVgh8!xQgZ4|H{j`x`&Sj!9Yrd1=hGi2;o8 zShLxWLIB?&ML9XMEtKHQZ}K*qC5z0zPr{qi>sAWa5`23RP!2#X6raIp@Zh~>>wdM> z>_Dec0pp_T45r6>n6Pht+|E9R-l}D2$QVN7fGJcfMsYeh?lz8N<19bWIykI0_He)) zIy}3&i53t0fEl!FwQT?R_^5qtWMmJDu(LG`-8TZg$Nxj@oN*$mQ)`dF*~z4I7tNf+ ziovyxa1&J?BZFmyCEtF68z14iilejQC%X;OrezBlnF=nDU`x}2bA9!-Yjun*Rc^as zmP|$`UaNAGi7%2ixk4GDZ^XT>I$h;|9i){>8Np(x1LSgy(}*DsCn{u0YBZE4WxhVU z^$4z$CIMkl4rr|Q#iAT_j^}gg_xi%p?8*mFswmIFQS}&l%2m=j&d%>WDBa^lpb(3` z)IPa(tySBrqfc(peqeRNbAXId)FCPyonbVYZ~=GxfdbP$Nh~T|51v5aq*$jRv~$g) zN4P?E{}@VbAX};*w6ocr8qNtc8iU!-nysCBcD=dBqwP(U5g#BhG?39oDW6-9I6T9A z+Rk9Mi&OUOXepL^*nNh(-K&j9*%3@?TGU%!d~w4&GVN2B3^eWL?lGM|sBgzDq0Q|& zOwyffrwJ{K$#1ukj1Ie<_0tx=vg%S?!9Wt3?0~B{qaxP$PoZDO$`X{4E)C`cl z2PR1PtnSWoAZl@<-3O%TbO%Kz?wxP$)OT^n`LL#9X;{_XAI#8o1NBzt7?9}3IC&2v zZ;<5}ft>;S`k)Ubt%GheKQd39U`RT6!`V(_5u8gj(dw}nNm4v4IlYTpk?ZaK+72n( zX@X_Sk#~+W4Z(Mt2hf=;8WhD2<~d8(26a5r z;WoCz&m(SOX>RfEjfJImvg=5 zgMBv_)|QC#Cd|#*?9S}U+QQu3#o3kY&fOK-OUV8P&@L@3-CRK~^S9@h)`pQQ;etF>YKd_>Q_i#Hn)7|gO!DMZmngvmKSf}(&p^?JSdyJzBq4Lp-`9tShziy z-I%>S`wppF$(Dg-rH^1nUH0Csc}6k6S^S$@!`;s;#@zA}{Bq2#4Wg7QYa!`-3#;>k z+3d=~Dj9NfW%>4CAK8f%zz!rxw={29$Z9bt)CfSxFx(d%5N0>#XBUAB)w7hVKGf#F z|G&R^`mb;P$Ls&}zy1$@^zZ!#|L%YE;{W*7|N1Zg`M=ry*Zo5M|FW$L+ H`}+S6#k8O& delta 379816 zcmbq+30zdw`*-&a!!m4ln1Nv!mH|eFVRtuB!CguPcM}v4Mi>PK84&j+EB7>S`Iwqw zxn-G})wH;_Z&0zyqi=$AN4WBmaM8ic#d4}&g8Y_msB~OZ z3J8DuJ!heO>`tS6$TvXN_-Um>ycOZ$Rn0x*Ga>Qva=%cipQN-R{J853x4fx4wepvb z_!*_)kxC)qjs*#?$%hR};b{M8=>?rqNLV!rcF99imBP*b;nEegQb@QcIprfcJ~Up= z2+&G@k5&o@S3dqyy!=3x(yA^XQX1M@DI|PxS+8t91%LU4fH3JYpC94mkxOUF?R}M& z{{-ly(RU~<3DvJ?*2`0RDusC(gS00^DI_dQd@7txevu|riVjc;2y-udr)33iVnN3s zrGPNZH)B5|-#<_*y~bM*K3V&#o7}a|#a9Nn^E2OTvN?d0F1Vp;)*)SScjzI%j_m*=$oLd@4vUg{hQ6 z!jjG34`<{%g0<2!Hl={@uAB!$yu>^a940k)RSF4@xZ~dNcKK7VUh2wFz^3NXKxz1bJqNB#q$gA{_hi+&x|y*%uNnP4BCWN9f+%>v3dRmNapx z@{;iVd&Z<e)?5}NXWU_I*T-2?=XBZG=8NGXK={*%>Q$SC+t_~wd5=~n&yoD35$%-z z2|wsFHk^s_Q<7PV<&sJmw>W);~3JiLS3S6sJxKi!l7hF0abt zW1{4hhA{b*PG@v!ltRLteO{M6eCjM84NH_W^x?)dE**rI&OB-H)ac1-%+<$AZazc8 z#1D3^l6UGy8c*?;ggrj{{g9{GoxGVw9vB`keamYRF5LZmrkoMcMcx%2A$^XkMMM)0 z{py@aUV;UI5jrWB&xWuj@>m(R7$j}v-4Hs>dy=tszBIs3>4I?eq96^Qw?4kwQ9eDt zw!vOMv8>!qnz}3RlhAPgwPCV0jyM#dr@{ihbqH4`ZwT@*Jg(5`tnS_DsIE{XF1x)l z9N~%PFU+{bx=MF;QC<=*D1D_7U#6Lc*{3wxT@BRvdEPl;>=Z`@A302JHu|v9@31Nz z5LTX_+kwde7Rr(_Sn}aZLpVNg^cm_MTl&eRMjxr3Z!E$IW1oCbK8XsR1f|)imo{_F zMflqM4?p+H#3iFn3gm)GcyHzLG`TFQv$0QAnWL6Sc5r49R$W|6r9Gu?TvHHs`|$oZ zy=0z>3YI$fD03kEC+F)2+14OR4w-z}BtyC>6$m#BnZHWDnyZkC732n!Bt6W>Bpee~ z*+qV@ho^!``he?F!Xu6YBRmTv8=^y{-P{NhrtiFXifyujXtNZ^6$D|^*yo#&;wZT= zS|dLeZIs^S(nq-K^!9_uSf%h%v`*?2t58cgt~Plp8?PWbP`(uHFXzUDN`8D75_bO~ zzz><5D;?uq5+)s9e~>W&TP5^&RNMPHn`*0_Wn7X*r6>as{_t$DzjpvbtU=OnRuE>S z$1Y{+ghrnbtCv3HYfkv^l{6Kz0UKkZr2##aE(tsDobxpsePe8pd?{8dz0B8#FzB_0 zX()u9q+q_HgpC_>(@>QtESMf=mRx)?gr7Ycc-b=<`AA%tR2iX+MR@N1PcAW^gecUR zBcxz|rI4`4J59;nmgCG}l9kVm(2*SR93!7vK4#WRe{f+Z?9%wT;4M6dg?+d^ApGl( zy;dy!t7T%Q;%JnMYMoL*xbcLhhrI3%V_begX79#{6Ycf+1*9~d<0^&l&3*T6mFIUb$}_E!^dz^Z zgqyz386vN$PXk(!ojG(VCgFNX|U&7ii zx*uk`N$EEtG@nnE@Yx;5wIsrZk+>Oc-~c-4{b9Y7r?t&plqkSfOe<;~#aUNjFHvoK(V$F;~8ji?XBS ztPFqo_w-Qd9N&9{)hGAwl!cD*@|PK*^1~T{k=5uK(DDTE?MFEMuGFoqD(R%NTpJON zEH%9@2X~gPZ^in;SHNuV$46Z_3#>Pw>SlMq{d39rj9gPg1 zm4*{em~^QonF(`gR=m`W4^P;CnsqR8^LA-7uT2<#*Uu}_-KC!W<-fB+r6}%-5(by< z3ud~U3Uk_rOONx#C%pD!yZe|hQDI1jP_`GhaXBSyuJV^T(NrP2jSt?TopuA0DQaER zAwu%w2A}YiyrBXr6PxrUC!g?@OV^KjTb#fa8?B1a5w5E$ib2-)k^1rVC7d=vcfd=2 zW5;l5H!ma{wZ3>M+hRn(OC6)6r}@Su+&cTO_q?S0c8WG$<{FLAaQhu6JUXhgtj&y+ zhj%hd8+s|!5C)apeGzpYV`|hOXZd7B_Tt+qRS1ur^!Jf37btu`)hSSl;0_4kw@pJ8 zV@I@|>f{&G#<5+=jX2@J@pqOmEl)K|JL{!^ypZs`!(QrL+tSWH^5dNYrF_2lgj1r% zjY5ft$Cf_w_t^RcE^~wlHD#l419X?Z=Tb`essjSOTnp_QY8rq}FOSZ)S(ND!zLn79 zTPB1=S7=wGbd|3pVW$^YzK1>A>JZ!q=ySr!pR&?B*{!Zx5Be z;xb0K_w_eMv%+iH{_?Kd)$+C5HIkjPlQ3oEoO-6MJr#Op2TS+!3WO^z;VcvSYuPcY5>`N7~%&)wbt&xZ1gi8gS zVT1>EHXY)vH1g^koz#nOWWs6t9-PhsjSq6HQY@Drh8cU$$r*ht@|^CdJh`_ zPwza;GU@O{H^HI;4- zHiXUl%U&8et9P)J!)YSaHkT~*bRf^{9Vn^!A`?Cn(PJ7aVwz2gK!Dn?Gq{G@x>t=v-SRHqQi==d1h}%!-PiEr44=S9a9yJ zdaqfT7vV>j>MrBbTjaBS^pc%VhR|HQ!oXZV;$cSLDCwM9X+_x0az1QT|73Yy-(cx7 zZ$#LkXk0$)Eu*iW{3aG&?4&dzTxt5I$y+G(3zmXYl|sV5@=xaS2?g4S?tzuJp!_RN z1L1*}OYdTq6bUpdEn21+6sB}dIPEVunwxZE3YCT4_Z% zrE1pNRsB0l72KsG?9smX4KGg|{iCGcxe6hCV@%QFRsF5XN$U=wH10-p! zk1`&i;lp1j0f|Y00e-T1pd@|4TM@qgqy8{6pmz<_N$a`H5YDhKxSzGUYha+u_D|* zbkZMKmMl%-YJ|`dbL2h@292`$PT%lKYVr)XnuLcJ4WZbFN~0w=&o~eUpS#=_ZC9e~ zyi=0K@dY64d-if3v*PAEHF1UY&S}#J+N@(vgvXwE`ZJG2$lC^o85_8` z5N_YuWmj98EkoMoJPLmJ>R}9);!K#gbk-}0%VNIe2s2I|`xVPmq#C{?gfDiJ7I;PL z(;+&kZ;UcY!km9x>74s&IkG@6%^0i{67Kp8u3~qw^4NkP=^Wopgaglg^`<#Trn>ka)!NDH3LX{y{a$W}4KGGllTmGmGC~4Mvo)plbpzBaHiY z+-lDv$ny$=rGb3)3E%boJd`yYSzk>f{m3l~;nI8S7EqadsnAbK;(-X^yFI6lko|_n zNH1_9Bn;1=y`J%C@X*N6D4vQW?6k-xKRvXQ59OidABLt$*LNuVAv{rcuUbwT7H7Ph zYc|5W<9=G^S;aW{Sg9_qPj#8gHOQOVyT}7i!iQ%Lbj!zvMaxeP3zsHxElha1;b1o` zXfHj>yC$5r>gr2!`?)&VIW|DvH9WvL5%Y#DC|}0sLMW{W#^C04og6ft)rzextFgQ4 zFwf1ZKFT{JTsf?3xqNhZyU03MeJA4J@0|67ucfSwz`}H?oJ%(0W1oKduB_dtlg%UW z{E$0egby#jZ#CAAma9gDE8LntqPz4%sfwlW33qn%4U)Cfbn@vDiBct3ri8twU0Nw$ z8)cIkd4GhHS9F~rPnn~WPn2TxTjUoyD8Em?A;bH{ath_jq8?HR|ATP+mrGX3*NbfO zmqlTclNS)a-gVG6EXa|j@SRWCykeXn$7A=qN;I-GE?k~f93oBN8-sAum6c8MrlmT0 z{J1#z-C~1r4QDao`rIO~cIi%QEFT(YkdwxROWQ<6JP2Po@x6|B(M3AU3kZLBrg^!1 zdTcbdvPr>VN(;hOLyKSGOJ`A-*lB!s=|k==5Ox)gM>ByrS`;X68y}+7dSQH?1iThu z56z0ZsTQ1n+7M#6fpf&cH--T~o29az(A9&ksFL&zOhw~&|YTT`mMY!(j zy(8ocB|W8qd@Bl=jr)2F6Du|96-cZ)i$RsqBZ*fA)#;K^E*g6Hs8D%KzVOPq|)E}6;;YZj-5YjvsbbDNjRgf-F|-(>*vcA6AenW zxfAP@hbt4OC=XSY4a&pm$_Y{&PgN4`Xg50)NgF7ytuiS!UZ@(cJeVAOu!W9V<;|ZC zK0(JM{_xqPMn*>?ZtNaa-}%YitNY8%ljGUTCVV+0{pTX=zq?%G(8#*#7^S05)lTJM zTQ%pMwq~mGW@*hNK3I)Id6-yRt~?y69j-iBoOdY?^PLmeNCNWIxg>SAEKKSyU#kn1 zv+ImXjnQ=_%EOCwyx-(0{9*MJ&LvHKky6J|U#vX5RbQ$+q`S)40QcflemrZkv#qt$ zmCatda8I8){6L}{)0m`GAJEuKd05tXr}A*3F-LibnmRyvuutuyJUltIxAO4w)Sj%r z$tci|&0f3;cacsmXi8u&H{!_i$6VPV7c?fy%}t89$S*eW{sX4*P70=FNmlHDHWuM? z=`Y?RAFk5L*)zjJhS@QQ%0x$}#^JJOLa)d;6N?q+W9QU>FknIVN93W)Sc8sj8}zkf zLcQKzLE8Ef*O!FOj=VU;#QAj3JF=%rESweWizI?YURtl zJi;X}>BBr!cOa^77`0V1BVP}~7rWf?tf$$nCd-?(Nu$x)6SD}L_iwNDwC_&Cc5h3u z(%xC$rh{VM0paL#Kb-b-aI3`{W}k$KtTxO#z?nrjF}%+~Pjfc@4MHVLu5jZ%J|5xU zLCXs~4Kj(~%(euNY;Z6K>Kt!F_|8>JcAGXyZQG2lvNQMY4bE7?P@m11kwa~btJtY+ z^@)wO=ekLzXetY(S zHV1~KW%ta&Y4ue`bj(p~o&_hoHf``WrXmi^iIt9Ur<>3;FngVRVNPdhJ)bJ!!(?AqfmOG^Xf6^nx- zJqNC@@qI@4!L$>_sFbo2@C3zPN7Cy(mu-DN>r6z4@3C5MX$EggxHs*mL1>}U<%Fft z(noxB!Z&|6V;XLZZqS)8r-;*)pxkCjjDFd?a7 z@_S4D*8fW-3lW!G95Wr3ALxCPjMiW zuN6ipv?nUZqpc%}pD$lN#Fn&fMJ#LHpXUJxV=irdMjpIkh;$F19O3W#r2+DsEhgE# zGEAOze<;*lQ>&qLU%Z;N&*L6A;ehQ|N#iHV(u02T11lq?>0IUr-|hDLQMqnaiv0CT zz0|~85zg8w^kKq|t;~HLW!28gmbm;97Y)LX-i+uffAK(y-1vY_s^B_`aNDP8&(p4; zaidz=KF&p%@MG(OJ=m7}5AmyVrMG!0;hFbGCm?OT8K=u}(!THhu|Sp{R%UW;l~(!? zJwdV+gpW7fjdzLA$0cE-Ek@IwCHotCE5UAgJEbmRA5#*>9C8Ykw<7H>e$-1iEPh2M zlX#_@aA`1i$qD~i?!OS*cbAHIAVavT%WS-xLGqR*J;Xh0!rR8p8HTZjvg_tO6vP&2 zUy4Ev;lv-V#>;ijdn-itu~#!IF^^kd!les}LfT9Zdul~`2-kju>l%M~n9VNlA+@~h zpQMBT(qxlDZ0AxOTsI#3EjT}=%L`vyPe>)kQwpg7KJ zkhq)Gh6v|2yA=m_88|8;p@GZS#fUNBt7Q_VezA1^uU)k z*}W!IdYDr|ICIJRYZ&JGy zAqkf@_bg--&Ux5Ru3PIDRnXW_*VsTdWDl2V!rBY*6TK>!SA{>uCMw6Yr};t=F1+vc zx7k8rt=J)r)zvK>zQyNE_;A+6iMY!;NozQjgjsby{qP|3T}#z*4AiMh8~ZoBQFMeY zeC6>QLZxD^p$MBk-HbQ$P#ZLFh?L&v6C_NkeeIZcs}ybsF%O?!GtpT)eYi*5Phc*D z2qD~dsr(zZ&kr>F$ul;FOYid`2wfX)cd#L-Ft%AMZRac_oZEfYE1);=7Qr(|4B5|K4^)RlT#RYy$dmo&$u@ z+}|L~J$>#@6c|&do5rm!YiO|7wjuZ>u0sh^%aXK;eel1DX58Ba69?OC@XW7G`#HG$ zB&meww>#ys7o&ULIPS>W3j0Jyt-Yc@_x#)Ru$HroaQ@{x4v~X1_g}jhY;UM?wq54d z3sw8u56AyU$@C82>e$4>Pe%y*ov-}#F;6e~|0drptH`@)D~UH1lX!FvQ@BOA)Nmq%2>XVG2DbS3|g7V>oZ`BF{MJ#NS%O@NDKyCh_#v82R*L0rJL8X32q#Nj?cJ z=IiU^Gmm=;HS+aMMu`%CRDrPW$KvN`=g21?3&hqMdCa4s(n4N=aNa+O$5@2qsj%(Q zXs>rZ>9eN6q;9FTmG1Gnrn?&KHN?Wfos>Zczn)Rz=b2i(-2TxR^S{i)Q^`h^;^;O| zD|!8yGmCIe$Bkprn409wt$wM!D$45ca#v=r39g2E%rEi3iHc(G{t#9f7xl&IqZCi0-mZ!p#_7Nn zAmM^}eQh^28Bp7JLlZr3Lb&yt(*eBotE)mZmhR^l@qPllU%J6HpNB`Ba`6mkitdkjHH(^ zdccfydHFWhY5M{^H!Y($6)j_-y}rhQIixmS+qhU0PK(=SmygXtM{{!sk(4!@d>x)- zxD{P5a=HlDTnk_0;bVt>)9UK+UKfswX43OWGx6ho387<4_G>M|eP**Uv88V2fNCc@ zeV*u}%#5(_$?{2<6k$`hw5mJIUTL33y{ouOMz}3!u+6h{>8&b{Dywd^w-M1JoCSo% zb)D{$k8eqn$}^O439}by%o?Vpmxl$*C^N#i(E2;XzQ_PTs} zYkz4Pe@Phni>eS;JykB-h8Mp1;DrAid1MN%++gWP-Zx>b`qzQnGxcL@zH4hhJ5no! zWeruXeB9%nPYV+{ZwUwFj@a)NJ8U6`Z;z73av}(mqmuq$DvackDoolQBX#B#2-p4? zr*G54%h*FbrbP0`D|Kf>r0U++S#n<`IuJXT8K6C@OuZNSvF zqJkJDFFhV19pwWNhTZL7jxF=0&;Vsk2n%NS`35&KkmBzkJ8+5xW=}#qM8YDvE`%mw2`fGFv6vdU6d)STd(E$m73K?Kq`2`>xtuxuzZu{|17LA+tpb2}@*Vw0FdL6qy*!qg*-bX(E zlJ}^kT5`;jfl5*`?a5r}FFrP5_^i5YGE1wT4!hNaBmOuslgA=>>3D#`Xu`iPY#Jd? zsn^Mq_e9A@pVmOx?qq#9QQPeuzDR_hKazn5jHo-R_ZYESSWLCE$zI>5%*9CleT32> z;i(Qga^+r6k5b57_w)$qr;$o2Vd=GQLow(hGUc?r!IFxnItaDb?!f!Fl(@je$xHt7 z$ro=c#qKb0u}#a89dVprgmW*3 zJi)|L=}0;6q1gXX)A4LfG2mJ4KHQKm>816&6=Cdmhu>wY;>oA{slu&T&Ej>OqFlH? zK)&))gmi>=K=`9N>ubKC0oZ}R++$y`^d~ncgyqkjdX*T2twZDm`?S*Y+?Wwg`!H=A zQ^HhuWM7!nmoE|F)Z;&GV(OC$BlibOUAad`IN^)Bd-(d(xWV%H{gUM1=?TIQHO;T$ zRRg`O%*@x3Mk$l=r7OuItcQL4E}I3EFu!-7U2ksz8(n~ zg93d63o+`#D>^m!ogZjx{FCMIZxZ12@bGx~u5UWR+%A6M&>WknmZfifWz)A7*cuU} zh4M)OM###HXbq zm;<}34B;@s?i&tw?G}UNqO*B&^Vt-5#t@_j{c%e)NE1VSKr#kp%+<`)I3}8t9j=nH z`ueiz$reXtt+U?Vie8t^W}d0BG*mfU={;{QHTN*HmL(IJ0k~BMX=cx9k2%>=Z=XW_ z)!Q2y>ub&Mbc`wtc5B6Om_0Z^1NZzQNSU`B#52R23*iA>fNwr#`WW2!urTQS9EdCG$F~LHC9CRVUqDlXCH?aU^(!f{S&z$2tMOLz`)^Ygv|DJAG*)JeMx^Z%H^VLY50~ySmGq!8WtLk7-hBMpI!osl&2vmSmWUE znZPLd>eUj#A&wX@bdlF6Y$NR>sAJkDoJ81OKPA^Amgp9my147IKsqR@IHN*Hhd9bNq!)?Qn>HS6lHtdN6`P3J@9+ z|5dx?W^;vLbI%VDE{M{NL%Amf3GIacwfYcjaQH5j-rpl@aAvXA5O~A(8vE~JtGL-X z<+8>GCw(700;QKLtrh|Cyhyrf1H!d(Ap(SGfBmRR<(En9o{gPs`M(~PR-D-1YD$}Y0G6=ZHie#x=aRP91OL`qOGklso||)ArKr> zRk~5^hg<%C*kf^3Ih%TU)b8lA`dUo9vlR%pal`A?p|n4s*OFj8Ob8KXs@Z(t>k#3C zaBmf2mPh5nu~4DYTy8}@E9m{Lne6OxRHO}dRKmAd)mu?z&h_pUr#YMJ^A>G+Yq1M# zwe(Qn_K(K%Fkxn_qUn@>E%i>!J(QJCE~`XIK{aNBLtFgX!O^{HAJ}~*)B-DKtAat) z3i0t8Tq9Ny$u1(%P`dEGPJ_$ks&JTjQi>AOG$8Eo4_9GTIM!c?fz#Jw{M}Dzg(V`y z$}xU$^j+To$c+k7!{0-N02r$mjzI76f&u!43wn1+xS&#TO9JJQ!c^RsWs?F-5chqI zFZ>;e_0o+(tb3$U*dheBl5dZ3j8`|*Pe;`^G+HnWRJ6zcyq{WINv~_tdhcWvYuZ8H zS(P7@bkXB!`D&j)NQ*`-I$PuMm@LYV0>ELNIuf!^hlIkhXdw%N{Dj+KRE(el*EE9; z-reHo4|8J#$*0=kYJkHZ1Q`NtBtMt}sv&>l9Vr4PzYv5!)DbI;6x_ve!f*jz*Qs^X zrv{FiJ$;Uh7yf|@iv=wNnem_c1Ywy{PoF4Q<=3b=zO8SMM%rE zqBUpxn0B3+wkw-2vx#17hgJw}Aex@p?k0<174*r;Y?rpKp9_VXLL+@pBop9)Z&Xq6 z{^z(oPqq_`MkXCNqnjL7__dv2_fv$&2E|E2 zfdhUqaJN-(gDz4VtG%gfxM&qnO&I)rV0p3-4Xbwfg~5x-f+2uu6Pht(*sx%6Vs!9o zn^5PmY@t@63+%E9lb|9+H29cj%`&@(L-)@;FUf! zXR|Fc-EVae&WZ}l3$k(UM>`8@@)s>`zb=APfOl>eCVPwZF_uP`S7o7U#=r7w+4sKW z6~O60K`*s>N&cP-wyA{#=n^D!)!t~`(%jv0gt;nRaWUG4wvMd(Ku=+k0Jc2AoKs9) z4rfMKx!8`PRyeS*WK_Rl!}AMJ`q~I zX84F+Bl7!{J{c%j#`1YFKrNtQ z6yTQO`>WMzv&}_(GiUTLckkZa+GkL&;ll^_D!hSSk9llGv@Krdd?CKm4K#TAWmH%^BPMui%`UD*hthpIPbgG%{?GOBv?#VX6d7gWXzl^W{37(Q zAy0^c+P=uncltzxhqSHKLVRZ;fL$X*rQ_*ww)e^F#NN>Uqkck0geRXsKfi-pj=QQ5 z+FxikF!j~4eHdxTVt9(I&CyaJ(yvwZC>7ds_^_`q+{m}DxtMVVWynJloarlcGvdx5 zuSp?wHmzg-f`SqKhULJ;LiEfI_eagd^zcvpg%B9-FQj%%Gbi1&b;y6X=_U5vIjc)n z7Ap8Va)cyz^#EbAugA(AA1rh>;Z9MUEZh+!hOL4?NE{+`vstE6hMYELmbnM2Z9G51 zAJ9U*T<@fKP6;hZ*@1hAkO5s^_Ya0kLj)5%@OF&e+Ob2|E?r3uHMbK?)QcXcZohM@aQs9SScw+0^LEyGql06k;3iV`I1HnyZPhmqtHcs zWMZrzv>PoXqOXuY8kPL!iE$AybF>f-dDa9yn6rY_uy3^B57&E!M!;92h50N!08_>Y zgWTuF2ruv{xW@|VaDJ@N3yyrE)?;)ojN}0?&7W@tTuW}j@Lj#Vt{Oksspvf&>ZTbY zTFg6HGB>=O9S{vG2a5r)>y)1wUMWTjKZwv8;nH7zMz>|0U=Sc9Trl|azHLxBUidJy zrGK*0t{b`zC(nTlGWXq>X|}YdMp#=)3Up`&Ldmz4@}IP#OFLL$JUCJBz0 z;hzt$Gl#8yFxVFghX(}1RkJ1l%u_TOaP_^QU|5)KGJs=(5Eo9thYKZ)b~6)hl1_!B z#af#dKAs>P4D-6b$Q{L*q9j_x7;NVa?7c;8LL~27+)AxHt`;t{G08O{JBhE^bfMQT z>L~a)*A&a0+FE;)xp;U>-d=H7(5Vf|GmY$+-jnH~WE(y>t1$;Y$Wc4lMSn8WY0WIo zNXDG$EL?_JRaG_%Mj`NSo~cC8Kx!{jcC0u2p}8?HsP!D6{X?n*p%5PEX-aBWYxV?y zW|qI8jg6ZQnbtC;91t?K3A*y83Vet0Ks7CMGG(k_elOE3#eqt;B1I(rNEAU;6%wU= zK^+10iJ0f?)!WoV?)IZecK)LV=xvJTJK}}jrgSLmV@gcm`9l`vwPtM*N^My+^E%>p ziaNMt4)G21gfFCEc*r)nuc?==Wno(i-sx)^=;N|iPXu#6Q!Hp=LpAZ9NmJCz>>V>^ zESE(!v$HWXW4d!9%7ep+Ea66yS7HrrO(I1bidsgM%$9+aSQ}AknUAM3JkZ}{$z}6r z3r6~~^@1@q+Om`_5{h%QT9x&!g;(=U2|_KL&&N6D%`^Cy;u?A)S0zSm^@0SGWQ^GA zQRU1~Ih07bbyXH5dnyydTL;O3t!lzk159RE__rz)^GLVDib^3iu2pe{HNlMc%*_cH zM0>h}iGeuO;P8#C*(6IIPRPq%pV1cjWV|6YSCw)oS^h?&9K_sEAmYz zMU1E7wA~ZD>p-NKYZ_e*<_UH)r5dx$&U*IH=|+mpmH49pwF$6ikjbgH*VHv&ro1)5 zHpm%lO7-JQ0S|2U35Tq;nt&WeG|ym|tDWT-lvkJ?wdRBjCjMNpCtGKZw<>R@G&&pX z$|ik#u&EqgUZ)8I>pn49OtwLfA*Ocl#S5YSkoT!pf=s(9$iNg8(_VOkt-g#VMOGaS z8%;WWr>rcD>`~aV&DL31>S(a$K*;{^X!yCtlnDv7D0I{8rYy8!yX>Ypfn*u&WfgR- z3=YlL7~sN0Q!tcGH08p5nL3?&-$YZPkVMnu!c^8!UWL>bPe{(qX4?#v8=eEx&nQCI zDio_dQ)43`&R~j~Yn_QsX_2|OVO&abQL!~)T&^v-xGB|ET-+WT7uOfp&Z7U-+wiZ9 z6fC^)Ww9#-D|blF?NRJXomG^RmSG!bo9!a4MY{|UGmdvUJP5tga6a`x$(uhHl)})Qf|+-V=*?Ne}^3MZk|?T=k~N>4H}z8?~2C4>ab#z zK76jLk!}}Z#+dUQsm3zQQ?uzR+L;$o|2Ngn;tiPPqCpgcz$GdfiAE8KX9g3ErERvO zHJ8xj#u!Y|{jD=IGc!`mv&@;rDQxN~G+)!uzEst2m~w;P6&tSZN9YFg9*&nn z%bj)8`{Ng#$;@7+fpo86@cYkkm)f}u^Da(#DNx$DbhnuDkIEf;7 zZJ`kFzOYb;=A1As7QzB}su<5-=C2SU!pI${X(*{j!=8*Av2zxNK2gEZFl2>~QiyAs$2F z>kkSmRv%W8#G8HLt%ro(khEHO9o9c;VqK-eimj>$$T}d#z`Rg>IFvk%-5=fIlMaX0 zpdf8rgS!l`6(oT9VdQOHsZS3@AuNlObWrN!;|tC^@v_41mFN)63sLD{_j>als9!6z zgV2s*Y%9_d*9iln(CyKr_e8fGKM{7+I_Mf8k1|2nVAjK_8EOkWw+?xAMvvb9#+mr% zkoCeEKXQU*I54d~UKQc)`iS5!sG0f)?Qg0?n7DxjdFJPYIQNzfLZkriZxo(j6OS&( zv;5HZep>gYW?_W@W7JXzG=GBe`qA$A*;n2ds0lV|e1f3eF+t}~*CEOptZ6XjQ6bI; z?aXX=;FCCgOI;O4gb;U3FsktZ>#ciKh*s)7|EMqnHh(ULQFs0@|3jY$5$kUJT*Q<8 zQqdRgdJGxQvM8N5V+fjhN({)~!AOHqNp#Y}&a`eS>T zTv<Rr~GzfWIsAoKbWseI@VM<7jIsWpp>S6Xer!5WI{~%c5nye0mCqW$m0he`w zuyzN&tN97d!>TPP5*cgM9U$fjVJf_O)L+65=lp!GbEP@gXM(F#4`%q~>1_dF#m zU^fIp>PT~NjbN#h4nXrWux~Y5lpb>EeYsMqU#Sy2LwC3Q5zT!<1Qw)Q#Q}Mf8x79^JcRj>^>K-fk#8y zVS;gVpbtztB=m!AmqQ|8<;gJrFm^$NrN5E4?06Bf68#MD#~y1iG(T!pL*12FUnqVB zQ%>q7s#sY4ijV{o_TkNz_g@i=iFCh&HK$c{Fk@3#-B{_UC6`c%?BG~C?C|`D;gPF* znKa;h6%!hPKcG8(C@@qFi(W@gu|HRi!d%L!*M$#T4fNX^!e;pFGV=UVl2!xN?;x`m zGz(1Zb&&qL5GtZ=Kl-jv?Cx;{caDK4n9|d0o#|z@E(acfQ7DE%ypIkhy(e^syYa{C zA@d_lf=w=08=&|jq4(;~F~xZ3BjF@G{3=#EbsmNM)W?FKyT@lj2Z3KTf%dCKJzPJI zy2AXa;0r507lJ&Qn4#bMM8W)YKO@}trO-vqhye2?AHDnNmqGwejlBa;ZLq7&ek0nGz(2OvAYg3rslgbRS zc;4sX`oGi(Hzq5UZtB4W?N1~a)Yf(`Oxzcp7Sf-!R4wzxFllM?d2SwFg2X z6#E3@y#m$Cu>6CV1bAm;xCTzg<8`dkX2GaO$#m4B4x&iVb1nwW-y!j+JA>ej?}TTe z^BX=nPiodhd7ib|1Tn`T9YB2v5S>N$9&Cx~fj} zIsxbhRy*rkhJ~wF)tNAKxSt;KuBm6i+aHIAL-b#QhP0NevATispXkPVuBzc*)%L0O zY9z3|4NCtK22f1F7m*Pa%u?G*;~dRue_tb<`%7qWkNaCVD*6)h>^2-r80ZnB4U%t6 ztmkG?vb8jwq;?kjS9!$b-@$7**N_W}*TVLij&47Wf|YN^ML}JmIUiO=i;Mg;EZ#T6 zyD5H=kUthhzBEQmR@{(PF{1syJdg*T5&A+wtmqbOs~^Ji_%(6jV?rAzA_ykNi&DHI zMz~a z)5O`H+N09Nt}5gWM5T+-usdB$gGjSB2m&^%gBACOHiaK;3j9{EMXuFM4Z!9MF(syr z1W`3ttE(4qPnMVfJF~?3%6U$siwM?+s*Uhcd$c|?((vbQ(Je@WQ=f(D$PWmHzdsFX zahMa}yAERiR<7xQj-ttvc&5v7^(_7*DJ(BX*_$%UM-NLniZ(IB3g~0T!iY}d6($&6 zI{U?ev$L4&nf;p1;u|QbrCr4K?oYaiXx9GxL@&XQx8r~lpTa}`>TEF(4rb$i&Ay)$ zd9_O2${XJmuZgE%8&9Cun+K2`>FC~FAm$42>rhb((mUb)P`5QOVD&I`D9;ZSD3M&$LOdqe-1t685YZFfw8qB>*C%2ZU8=;;NOU6X zwNsO={rcvQC>Vy`f|60fQ}s%*z|+U3N--7t4t-r40bf^&y`Zp4d=+|6MQLd75VKQA z0Vv_SLV0@68arO~_1qIxURvo=A{?r~DBv}Rm>R%$E~bihZNZ?+ISF-Gw@|ef{+uLs z4Ygos)PVP~?zB&*>jjWGSxomD&BJDNpkk|0be2vQo4l_#mS8Z5uk*O0Zl(MV2`^@W z;LIMCKBCH5W3R)zPV|z;8TbgBE(Gg3;49MZ=vm=K2sB7kXR>{Ile4~pB{A{;gvMU$ zVy{^$7x%-M8nHhM{IMb3ko=}boDIurMU%>A&V|xi(GbvbL2*{Ch*wwkJH>AWP#sZe z;qQ9U4v*PF^epoYpVpz4$ZZf!iOgg39JJD^^Q#stsg0L7QDwrRhlEI94x;P1m zTs9q@1U?m_+d@Mrx4Y9RXeEK<{bFVv-BFY`>uO6}q8aPq2MzyS$%2(oK~~|>!+%$_ zwyMa(>VF+M9_v=%x99)eV*=JL(t|6SGK zt%~WRR{Uj>gr1FOP)Z7-#NAwndCS7>Vt8N+i?|pp_DKzf?a%n8hmhFY%stI?S%J$@ zv?52eXmo1?GZ#0tCuuZsX3#+;6C*m9V2&^E2l-D_Vr*JoR$q}`UR73GY5y0Q^oZ8< z7km?L5N#Ad18kln4o#)rJjbG>TG*!!t%$R>k-Rt>AO^xWjcREi-v?c&Zk{O%! zTvLT(j>99vEd@jG^NGB%0JlT@Jkj8xnQ!Bgd16%SS5bWOr2oafa;Pro|8<~M|BP-ORl>B+Pc0DJ-MsjbaD9O| zN^u}_?-dRF0=mXp>1e2GoRCgrI5GZc&0zFF7NWOs;9fB!nu{scCMhLOGZW-;(ec0P zK5;OtTPRxChT=U|IBPJNzNx>_tRl`Lc44bo;6O?NeOASVejzYYP)e-<{T6~BWV%SnED_~%f$6bqC)@WIyZlz+->Q&;} z;EYz@QHJ}8RpJN{ekhF&f~beYa~{G}tHm^Q{IXVygE8qjAv(ytY>l`;=)kZ1;~vJO zP{Sy?P*!A_;Aj|!J_{Z=-Spa=4ei#7Ta*DlTPt4k1PHE1{EZqHlTeRCbbg&!t5mF7 zFMa@7%h1j2vj{!ayB`r7S%KSkgXr=`UNf4-9w?m8H;W&8$i9D*n2E0rY!VYauZ}EUc?G$#Kyi@$?mt2k9jpl#lYx#$%; zM5|<}VZTj6#~DhH_5KcOx-ER0r~={p*l@h9CT#Q7!GYx%Rvdjo3{azIVVMl4m!m?z zC*3asns(rH{;M^KYs#)@Uk7&ukj6BH*b4ne~^qx)icuPImTGSm4 zEggXOv|@;Y^PqpwS;ugtdnPY}yZ4CgVO2c3r=RZ;4GI5?7UrkLIHkowizSkx*K}y! zC))7i&j9HDy($#qp4SArPw&TQ2l5VzYv507pdR+k@b5y$Ggc*L^c=u!flD@ZI~a0U zbkXrlJ816dYk8xLCExwNsB`Zg;u|GE z$D?8a3I~PM?oCIP1T(WDN<85G^i{(lHNw`ZDgM z2e#pP%cgITa}&Nmb!+GxXb8uBR_h$jtN^J`=HaKo%AduExmb{o>0&$q_ZHmh%Ys&g zijOi74JW>22NigLUQt1ZHf%Rd_tYg-U~yJg^kLWV==NPx1!X0b^IT>3!NxDeyI|K^ zZ2~MlDei$$r^Fd4URoL5sPro_=|m~Qn^=VjeDM?avD4x&f+yTi{5m}RXU2|A)n?OB zocq967zLuYSF>UEuk^)uP=xl#b|b_{y$BvuQ1!a;G#HQVCQ(N zGlTqAUq-co=Zc~5$_X*-e~>|ck1T-s2!81u(mBxlAHtY*^8&YsD}F@5oa0u4XMFOz9UA37fBo#}qF1{1t_z z`4@4e_s^y5$^GfCVw1qWo^fyaU5palNBN z%c}7L4b(oUiifFZwb}^Ev*8=u+&8(E0JkE#1Z3x;yHUWwwv`B|-82KrOugH=f15AL6Ta9~D$vMY3B7(R95x zJ2SI}{c0OVqMkf9-DHM>egUZO-H-dI{Dc5Y$?$%|@Qa-yIILFTN!o(o1RwluNIUHA z5Mm7Kfww=~RKOeY%~SE%HQyJnB6u!2+;Cqa0V@3P;7ktJM9^tlNO&E(ShWrKc_Pa{ zVvt9g5I*oz*@C$IHdRgccvq|X2sS-}C%SJn;{~R2ovP=5Z&5sPfKxivN)UCbR5+@~%NO_RRWn4< z;)GM<0wbX?N9P0YjSKX1XBt$KegAWZd=aB6ho?t}h56$07f!B(UZ>*p?v1gka1l1e zt1iOcL{;2FQ-i|byF^t!SJmw;Dm|*nve~|oFy5l-?@^zlm-!|HS(=p3SJ?@`hZfa0 zlOxddV)tyypHEE}0_&QnD=t-Tr$J$hwp)XYH)Nn9Gl@4nY z@TWA6*I9y~PpaxD)IDm`Qd4(YnrZ{y)a8G|vj+S+>}UfXnT6O?yTziQO_=u( z;7|{}ITmx+xy%OBHP?}~cyP&nF5PUWUq-aTo>`h`8rcGmWU1bRBj5Rk!L0Twoxeqi zY17QBN8JoYc&RUO|}Z}+Axc2_NdD}ShB-21w#GK3JW%#~9qoBK)+)%yY%1O3C` z(_B>&_~hX~S$V2Ec-)Vh&byvyo4Brpd4p93_hWggJ5}n=Ssk-Fz?D9#6eEuT7&GxY zBz-P`{y$w}pex3q9kV(y&w}L>J7m|!?G=@F zb2(mir%(z1-z+oS%_CG9>WKIj{?b)Di^4tl=PuP@c<*nzOmiJw7|G?EO?u~@8*gw8 zC|1RA3vI1v#B?L36Y0xHk7`_0tkVBi^nmB9;V|oMJkcDI>DLFgTtqE3??oSf_uIv) zXc0ENC3b-0CHV5|d(=DNdZ}t5JBUq#k_oDE{5t7!Cvnsb$FY~D`1EkkELYtx!j?&@ z&M>1Acjm8?@FrZRO4UoZGRL=$2?CXvfccN`ev?lhJnO+dbD$D0zzWlR>R^ro?^WQ@ zkAWuOFH!Q;!oRI{;-!=p|1b;-@V4y)dwsz~cF!I^Wi?JxmAN-gQq>Fa_+5BiV|F!u zOntL;nhjaY&G;)m!SUg6ca19TM*e?Yqssm-{{9K8 zAw`MND*PDb|B&_`;89iE`|vZF(~?P<$)wkrB#?wuI)s+cQA$FSo&*vg5J*S}MLL3w z4w5AniYN$z1Pcd5nuVfN3rLS*1*EB01%dC~`W&y!lZzu)>^eqQ@>o0`}A&8D)<9*rc*s+0y97Y9M*7 zL*y_w%A=}REOBmu-M!5n&>8D#tudyw$jVh zW3$YgOy)Y}@wDLy^J>aSk$^dzW1dcxAJp@wMsv;WfvvP zzd=5T1fdC0%bC7?0GsqX^wBpnNJX@U6-5BkprN4sd4j);4fj7C@xVw%g;^3r0c zlz{q|Cru+;h!`xh^#PEu7T!<2kzk=iOU&zf@cCi{U)%NQmfZvD9TY%ln@p=?A=#Rv zExalac|^LOq2kq?8;s{On{Mwuvs2A@&fMF?rW(ju;$ZyjTMqT^)^c;W?&z^snxCN6 zPs9jRvesLquFpFBXzx;UC{1hRWv9*ufO0!CMDd~?af0ZQgALil1DcG?yK19b8xjKY zbzSJ&7`php85-soEUBI=%t1c7%E&ynhG3kt!rbP+bT)^+$~0uN5MDV=@S@-s*jkGQ zoT2aq^9R`Z;Uo!BGhZ|(V1e|8=E|4!&X>#+y`08eDW{wa_!b7gY<^VFA=Sgv=y0;F z2l(LF%aCHeg)%gcJ&K~^b`#~^41kD##q2G{Rg}TmxAGM;5FcX$WeQwt zP6&i!EG+~X@ukeRn5ia|Z-)rVX+T1e2i_E)$%X9(F zEX;cF(mK5caE1WY3O4ffok@f=Gi9LO^d6{U0rJ9`K{(c^hJ-i%;j|NZS!g$ts%N+ zl}cZ*)l;kA!7A4+9RP1wLeSUmLUxyJGrwwR$`qo)4jI4Q{3I>T^%8BsM`E;CkRHxj z7D}Y*&xLS`BJAd=JIwt|0QL&z(`sK>$}pW{ zhrz|0Kvlg118DkjyC>~^9pAg)FQFL(c2g?-)0s#`J>Z`$-e+$9kmmboU*u94XT z#PLV~q;>VT&&{Vz)O1Ufk2gk=Bjq^q#kt!YN9Ogu zL2CR-b8GDiHrD)#_HZ&Yw;{jijZ;uLj$On+OuOgj$LVz{FPH;;uurk>)ZgPz%HY_bLIpe9e%EhlZ)rfEKZZ&$2*BSo;RmSu;fy) z#GgKo4Rz#8SRN@e=l~FQUUxs=R!Ef^ zHX5GT2}Q6UbSsYCsr!Ec+;qeA>J4$d0aPzSJ7acpZ$WhmJf}$)OtC=*Fc;Gbi(Pl> zBMjJ5XhiGMgyw-->VlrYz~6(FLDp1g$vd0bEC4yOE&2k))V(y22IYA|e>>VzXbh8A z$nbW1e9c2MLLUA(Ff`e7ef4M#qz(cN@pL{-NTR>eg-Xrc0YGwq1$OWl2wRv|ZCIW{ zvsfbn@RW&aJZnR^Lpb4~-{H+teS{>pF2H2sFcCqC@!pvw#!S%PS#rq0Z3 zC?u+{G!`mNW(+FrZ72lM^hQD_>YD-WLtph>n+i-26tH%mO_l3YmFEk*#0`O zJW<5}H8CX^xsAFane0GD6)r)~xbY`|gpAgV25ve2qDez%*43~&+M33tF!Hdt*#xe= zHntwcR_1#Fh76nMM>KnwFW zuBkQ$Bx-9d4gvkPMQk_Gycq1#6dk0Zr@r&c1Iv+0IClK-1O~y^E_I|7)7QhiBD}Rn zXijB1UTtozCputK)>!_z*m@}WYjb`7WJh+-4xOM|_Rj6mvwer2*u-YCVRtNt8u;Yb z*gQNo`UlXL-+1}ap|8y@@6Og3Fl>|t*0EF2H&7ks?J`?nHD`WT*9 zet?Z)zcV+iJcG=&i(mN2RGlD1gvO0Q>eQHuF}(oTD}v(9qB>eIH91j;G-c2uiNbvR zCoEHlrQ3B{L9b%<&i`U z{iTouzRn)fHWm*D-HFbZTUtUbGldMRAx4dFqZy9~!80DxSiD8s01RE7Sv=aI1RfjU zGz|~=NbGX|&V$Q*UPWUKqFlD|grli{e-f4jE~TxJ*tIydZRsJ@E7nybZ3vl`%C}eJ zb6A)(z8+7P(Hr~U;uz_E4?KeRh#uT%F9d{O)s6&TXFhj@>DRJwI^FDshV^SNH0heG zWhmo64?GJ7N4z6{yb)ez{D}`wE2_Ui}%kk&zIK$|)U zssFbdQz>?ge>}|_14fy$j>0B8ciZV+K1eNq8OBp)C!q^ohc<}3*I)@@`F&( zxDt`R+u{7~m&n5s9t@)Jo915X!dvDA0<L^gg830*KdO{qKQ7HRcchQzh>T*4d7-F>EZlm) zo67z08x%n>(Y*w#OviSbLImdXpr1Si2i;GwN@9K~41W3)zx6}~Zby4*9M5WBFJX@< z)Rphaa}gd$_6+uB0Nq-No_5W5sHNBOGkTV1_ybv<{CRE{1O~ZMJl#)e`JHWeekWg& zdOP5T>7>r>95vM@_iBH737QUiQNea$rKlWT0Rsb z4f8F~PgsgEdfiV*c0DUx=II-bRP3UaA&evav^#qQS=V!s}vpFN_a0-*TN1Y+`tiRBjs)9Vhv#~zF zpW38aCHitFcoR+A{KCPs>mAC_CPOQRjV@$a?V5mLkc-W^QW)LsgGm(G&C{BMg=z@x zt}xzMvt4F!E|7OHQM89ZeYdp-TH{j{2ps>n{p_5MH(#=+xF8W+x#9VYn*HZ`Ak)V5 zy@STqMbgL?vm`=&G_{cG&;lQ;oLF-y>vpEj)wEsrvhw*|K&9{a1ti#q2f3%u+kbZ-Oo!}p$#MdU~6<~3(h`6U5AcP3L;PrLOmE>#^Qv!r3 z|0W|0%7&SgaL^+_y%;FG=0Q81a9?|e3PUJ;Hnzw%Pl6<1;B4k1m4uFTbPBKt-~0yK zaVGpO^!QA1C=KX{^fey+bCWXaBay<}9!$)@qdvklkt;x;sv6G_B)ZX+!>G&8WJm1p%M6uU)^#2VV(tLnW|G%O` zHVhDw45CJ$Ly$?2Y#eQGG!P z61b?R38Ot~Z^=kKe@8e^mf1p_sZ33qEgTWG9U+RspBDDf-9{doPq zGlDnGY3U!tocNyV_-6&Pi9Q|>;ZNJ^!r}0Fs1&YlnkQiQ$3Z*!yf6Du=wu)So>&0e zb@4dZ)K^xREn0qTE>Ewc92t|T>Sw{rjzv>37I>$EnouMQWk#48X1IDd)E&fwe8|2K zo(FyHL6Em&`QtSX7Pqy}GHaMvr8T!BLBqp>rXDXN4tw_*%m_!45JzJd3Nh-Eg+eC} zoqI7}w?LTu*Z)l6o~f0?5v7>f)Yp@&ON8w%c^tw>#wGGxg51xJO9emGf2r`S2N2pC zbrU2ZcU91Z{7sem~vp4<*_Hc%h9F<1=; z^XK@Unmz1xn1wvtezKIG78JG#fPoGHLPU*zC25m^_W8l%b90l>`hQ-EDt$J@oS{DP zrtp^OpH*nJ*;b+5g9}u}0!6^XxyYhsl=cqizByBSgO|M}Jo4aC^FPxk+KD~oJsIk)6Y zf{3Vo91^749$|)wQXUay&3#q97b&`zKg8)XodW$R;v?)1&#mzas{9ne_QiVzU)8Zs z7|Y^|&I?kc#BoDTO8?LvsQP>)WSFST7by>=4q0j$laj)nQ85lydI$VGfa`EdGWgUP z+&u;{zEJ>n#W?hhoHL)6J4z5hrHdcK?7sdH+{5qrU`Sw>$dt8T2!hvkXjy*Q zk_rdntrf)uWb*Y0aK^AD&z@BVJqMJ9%+xmA**p`Pw(J)g{PU8&wIAV1cZ!aZ141)H zVatya>(&OXV#WV(Kxl~x!B~n?zXGMpnlrGIcAploEgTY>)7*K04Rn`56@KZE@HD-3 z3_-8wk6~(gtoIG3$3GF`DsP(N>Dre8UgUKX!oKipA(}Fe!_JaUU{jdY9InH?@m4GC z{!%zAavD2Yc~Xc5vKtnc>vtsGI4MZ9XBz@y$|)g>7TSUFpZ%NAmOiorX}u)}sRI}P zfU#t}#YR@mbfYVoxMZ|Xape3Hh`hpTVS&Xh znM?hnS_m?!A6*jW1L5~~&&~fJL}|-ULIwT$6LwOAYDe+aWMwwb*KS`#_pb<%jAuut z)K`Sqe>5vUCf~I}hZ=cIJFdW$JL{_OHpQF~!a_CFJkx6pC76?VSCrGNQm{2;UdO=n zxQ(%$@rNL5fnp>r6i!4aaMqVBPI6iR!;lwU{0#xD>_lIITK^?j)E{pP=S`jvwVGy4 zUk8Js>f65rn=Ni6vP?Swg^cZv8Rvqt)X>E;RNqKX(V>?Q;wY=Z zo}xnjp}?6gER0m>RZr1Ltv$sQ^^m71Y7Ptaf|oeXgSOSNSZPSGm_Q% z+y%wa93^!;MB3m7HP>;?OZ0ONL!EJ;Wwew+7%vx)ZBpzjcGi@ST{4hoW~+ENksGFN zgc|V<=1OI*V<=Q^vzU`=H2o*Eny!ShE~m-Y)lt$ zfjmHM+0CWL=@xCR3pCVJtwS2(rS>809n8*saN2$rCZ_+}{0s^gyVAaGj!+u&2I6v| z5n@k`<>OX_*hg0YVB(2?(BLSsE#*Z6Pr^{*4CI|zA4DeWqD7nTc0jQgW$eito{ zH-z4cl_FzRsNWF@2`v%??;u@I(4CWoJkO{WIouV8_@>OZLVONGJcQ5%r|2a?ZZd8P z&L499gxM=x3$l8}4KL2;re2(WPaz_nTVF@q`*J664Fg-mf4uEPMVLjMJi@$-#^`KN z4vh^eC|v7dC@7f9{Au_v+fyN{DK}1x8B&wW2Uk0z%K?`v`Z|6vFi42BaJ-pu!fkeH zcqdk~iA71Y`)ZwLC~pXoV;Nw8;LuJE_y;gA!-eK=PE|2*@9`vnEe-Gu@BQSDEL)Zn z;7G*K8B|8~HS-Rr|5Ssc-jh-%gVEAi57Ho~9#+D%dSZLma$tc)(G>u1ts+rV?d;dyqQsb#SnVBuh>}K-BLt}_M++VDR(70Jqg#jWw zytCUvyRgHtRtFmu?*F(n0n;J9B;rUEgPgTgM}4G5x91>&Q$yFl#Y)|Jf)@w#<|Vnb>< zTtx0tKWx+e(-D=QKOA86ZX>XBOc^0=qsxzp-Y6@`Y6BFOG6hC^_xU2R6|EjAc89jY zPq1*p&m+apX-gh>uWUh~w0pQn8*%VB}^rdz`qAdX^!5X+R*o^L8bLy;|rQN;lw4+=E+VqS+z{hzo1=6FC zu?(ifa1GK81SVeiH}GW$b9_BU)fM7wihkA7gz?ZiQB1_!UP)jXv`)m(Eu1K>pei4; z&+-t=!1S?}P%6ELWmSF03z!_{8{p_n4yhk=GuBEQCW}CjUhxlSY>TN6raq5&TnsR< zyG1B|?e5J(7{s5pJT5B#B1B!e(cBrzDH**~@Yl8yHUH*&%tiSSx2PKNgb2|4--0Zo zpA?tZWIS;C-mhYOedyZLViDi9d2W|F?HRF|i4K1cFc@;1C7RV&YM@%?i7h=en$GC8 z@HX9ECV?Y44 zc&X@ObYjX35{#ME6IVuQ*G$p>qfP_D+kOHn3YU2>*x!jXreIYGStri%C2kdJ#Qi#NFyp`f8Lh zjCx6IA+UB)#C3ez)~3!tp>*_!MB4C@7zexm=u6_09)2z;7z7F24OFrrE`%1%vWfKL zD$&;t^ohYdue&z@QadUKvE(+LOTrjSh(sMBSPm8OQ|u7V)mWFq%HYCfPI*A2K-U>W zxvNE+?gp5!T1;!tHe9E!cWEvbq;s*fCqN1~>k@$GtQkz+*wEnlnlxhr|1x zQqtTA0T!;oE+3R1iHeTXy*#5CM}yvc?K2tNoXf7^u$T&H&l<6@1ZHaP`TfRJm*3_1 zFL%XL{+p)YglsK*gXjI1mpIm7D3|PjPuj=is|YNhq0x4xiW1_ttI$``w`Ga`d_{aK zLD%G56UL1kM&s1!T~-K{2n+XDO!;$bMY}P__?_BW_BlCUBTlk&8%)F&Z;1W`8Q?=X zuZsCvbR=yV((2P+L)c{PX;ZKT=)fY71aX|u5LL{eRj-M0W+*>&?==yO`@dmY#jO(u z(8T))?EJhA%1!Ppsiik|t{7G+BZe))`)je`bXYH*qBoCV`+D~^IF=xUEY#<9u`m#L zv$A1hN_lA2)l}NoIU1E}vtY;Dzv zl1Rh908XUM0gJ>^+@Y)?3SD*2646kfY6ez{ozUxu^FML1*6;ilPR)$sr=^nJjC^3) zvk~9*;zn_~u?iW*Cv|%RhE%5rloTnAK)B<`=vYNyA!*uLZE77-Q?!S}G~*@~6^tJV zh&@WGI>G{>>h>-y0|<`gWdj4n=)cQppUFEQM!yi~9;8IFo6t5^x)90Ux!tn*v5__H zw}+AA17xoHer-ylx<)$~pH5BoI&8|MVNwk{{CG3?gViWA4UvClT(Vtaf z9?jbdMf&nqaZG3&ge}xveJa<4+Q7N-mKdo^Tda<_2}OkyyA_VlZ=XLNDN>yyTx>vZ zyd{FjL%s8sh{UEM)N1GXBQ5Cbn^5={zk^+Q*Ij>4Ds+1Kshi#rSD9S#5QTQUjgFnP zO|;kSILF?GKLoQD{*e2xiBW3lcCoujb?g+sglkrXCU#;MrgiyFXiE)tW7GL!H+FV5 z6&WR!J{4IXRo?_f$QTv>Sl3~L;S)IQJN)(Nc8i5(e}{cx!ghVW8L;fK5O zPGv_M@S|3Kw0#ZZ6Fb$Bem#hFnQ%}%Ku^UZI?m#`G{)QNNzuo!XpS5c8`G=z@dYg# z+kC0+ad9Sna$Nk}Xxj-NsWG^e^obkaitXu6_RsYAMD@E9qMrvnb6m70b9S-8Txw(I zar8gLG;LJZ!fxXQp^fA{7U-ffQif%W;N#&=1R?w-wgCgCO{HB>Bv{&X|?GY zvCOrBZ#;{Yw(zq^CtbY`!E@`Z*qD*b|s;z0u`r9M_IHZxQB7wG6mzlGuB_*N8>+yKVtNJewOy2U8|j74ii zLQwi>;X1LAzyQZo{H<6(zU$CDHp^7ZvTG*V@f*ag&uwhZ*REo&w)+9A;ny?XLF^dV ze{W+F&pjw6tJObG_)hJc z+;y9#zl-xJKHtwqU;PgM?y;MqOuzn)rElGeY_hmNpq_I+sa1c7i;QKO_NUkm%3ArK zkX`)N&41$7=>OEZ^@r&QezVzP!H5{S)o%3<7Y{*=U1R2C^KysF2Hy6f9k<2H+EcgR z!BqSCcL>AVcf|4hm_akn&;h?NFqSTG1Rr-K7 z>K?vCk)-&#j0$~1QAtHP)3Ms-Gsji@H_yGqkgqOUbgx8pxFl7WsrnOWBh?vE{&dX~ zm_tnzf(hS4>P~&Uq|myUj&P@;l^`H-H4^RD)CHHy&DH63UQz=s` zraYiGv=z&y==Fi9>*DP%C3?`RKuMvz04YddPB|(Flwv#pW?FL47OZiq*9*bGsv**7 z`udPFl+J(Qdt)+0|!4CFGJVTOSbie?X+=SRfDA%rM6;KWp`&1E*~(WFrP$ zgL8cHj4gxybIr+%LDXQ1rZHN29~DmCk4!WrQi`Bek(jMVBBf4l?%UKTsr|qC7N*_; z1oLo|#In&i1T!XDs-%-00mghFwVwkqM>(W{CQ3gSEzo;?0>fFE2P6#tU=(xsr75^Z zs_P?sRvIG>F=hvnzd+OrFaE^$(r`g|SfPZJ%8m+C}n`ZOb3))tMM9i!nIlc-*T6r@q0Y7~ramrzcE z)JN7xCa2NrI+9a8njrmb;^kt1&}DT5s*XS*5#r>#?qsIkTy`&^MR$tmmmqQ?Z z0exFX%^OO8BUgC4q15DGhCsdBP809aJKltT4bnT0m&0&Uax*EE z)n3WY^yoz|G?QuyVEpkDh!IXTljayIP%>@(8rE3#Vu)}Sz&AQRu|;JjvU^`{E^RXF zfEZr!X1mRe91!)JqBvHJGJ~zj4Cx)C5hV=zO^yOe7`zUxP#LCH`5Qfc$7|p?R>mqc zy%>=3^i0Ut2aseNGo>KIaa6&SOO4aS2ro!|IK>J5lqnVcOAopnWE^nTj23?g$H(3* zsU^L7-5j8{YAY@I7rYDAhKv&+<0a&XLh8WrLmnA)BM5+l$|#Rmb$LgruZadu5IkvM z7pX5z`@|#B#Wxb9R&|j|r3Vl)6p|zTs;#UjHL0icvAM?awqvU~Q1$-PJitUxUi1&- zFt&$*snl;DlNuv9qKo8mO6f0U*=kT`am@FEl($(z5`5?Vr9fF{awg{{L^Y1~mp;$~ z0F?uzXXwhGFi`eiG5L};4BQcb$az^?Fr;k>DrZgT$u~^ecLm13b{-`q=DoTKMY|ql1C8dfVzIgi)AWOy-2?m=OjqEq`uly@t!vUlPy*$M**>FIqugJj znH&Fj`hRPK>vP?o?A{EbQ_!0RceZ%Zn{933iOlqLu$Q_JIl6wq%T|IGXDsx{VTDB# zsK*c~2-z&agR%IxK5_^@1LDIR+b9yleL@Uoy|}eUXar(|Mvv6)AMDutifCNn)?V!* zw*$;u7funm(iX*d5Ph914Y0Uh(>qUENB+BfSaNV~AYAxq`I4t0q?_kUtlUB0e5tRx zIbV9zNwSH)f5zsY z_7Ag{O<_&Vb)PBYk;?s~m(vftOn}ggA3wPlPgw_n17f!2&3pqz7By-|;iVCAdg4z` zlr5O9`vYgucCZArJ4RZ&CS{~g#Fz&j#0s-vBDpOPXrdbU#eoMq_`+fU{IR38%m&V+ zk-#AIu47tAiyvccaVd2mZg%$f3uc&h$B#Y{LCl4Tw=u6{&HKQY;f`wv;*#I-xSex4 zwPS_*ILTZfc^-D66q_C+nWQBE?HpfAC5fnzI{%wA=VVTcCx8skF;xiOqK${0FVI-fom(hMtb;D)#FkXN9(C2Q>3FNeIB=-CdFWWgYB)0 zu`#xw>3^a^&GBhcL+Y97(VSkHj@|qCbm=wvCJPb>YR0gxT?*c9U84p};_4h!MzYM6enSOE)00vOg4d-_N*~fspTKKy=pglI?mi_g3}O2jWQRX~Jkd5?d z&-vIN8qSmaty*rR_HnGOG4N}uno1+el zc7oCuOMwy&v&t~eMN+7}eoA`%lm<;5^_yg*H_vF$l%43k2E_kH13CRfxcKIO)hV4rUmgADujP``#W=otJ=&S8G3WM2YR z*YO`&sC*e#-Tce|Zz>oDghA{QsTF;0^G3?cFh3}mmGFGEStK{1U-vp;17Gq(DZB#I z@LRn|MuEOyT<0I*7eSpQKLqi=i}a#xb*;#ck^G!gz62w%XbH?;<+3eE;6qdOLu{bH zW)PV!gZj2~30{7nz|WVGbMUCoXC{W3OG-*<&7?p(F2i5>cYVXj?>x+&;*RiC_AW%a zjYl^>a7S!Ge=jcdv+}2d*~Ti+%y-~*dGi{$Gv4_j7T(8t$lc)AnJ?Qys5;0Sc?d;t z{V7W&C#5Zw61970j6z<|)V1FFZ7Y`|fdfrOb=}iG0(Jiy4?Vn8a?q`%uvyu+P|7mN zs=dQ{)<+h*<&VuDp?#5cxL+gY>KgZgZ!~pXDtT)+WKKdp;+Y?TyW}l<@_m5WSfiF@ z|A_4TWytm0vJ7S!fB5CY-hSF;A@tM!~N3fkOBhP#Qe~ zo*Vwil_UJ@Bwq%)Xyyf^aUPC_2GQd=%$U+m_^ZiIke4oh4k!+4iu8qP<9rnQtC0rHT;)@SkM{lhAzQF));#zQ z%&4bd!hG4YQfep1X-}td!?CVVG}Dvjtj1VwSuMfG&Q{|6x3O1og8RSLfJ=1s5zJId z4)CFQtEDJ50qd`ZRl9hN)JVJj>KfEW{OJ`bTwyybMhx|Y)=G1Y?)Z4E)E_(5k}}^= zs(KxZvSd95c*v`m@cY()wrkH?Ni?qg;x)dj{ry^rTCS7QY4tkkWutggJuSus@_E27 zw<4ov@Oml5c+kA{QkYh4HtRJhj_$KpUdqv0V4P~;q)m-WjAd?pXntc7;LPWgbL^}}31J-R)2ljTv5?@9kLDFubY^8tU%AmPH#?tKx^|V^f${O&@Uc8j3T>R zUPC@{<}SFae*4K87>xxFsFIG*OlK}bR-C;?jxF9RrJ!+bcS~~uQH6n%9_byV>HA2% zkUBH%Zj@(u<$i}CvWb&O@;<2ro!bGi+@KSl!vkn)U`Z>(Uvoa$V(Qh9gMdCo)WE$5zHkjr)?ZGx~@MuRh zJ)2A$k=mNq7O!~ZM`r*-^Ya#BnjMuUYPni}9fd%O_m7CCr;kCxzkCe6k$WZDMkCH! z{g(amEkFWQ2!*l_Vex$}e_+NrDa^N4rGt1n_n8z5)Je`4P^yj|mmHkZeBawP$h;FU zPs2_~Po(MtquHOe3llKZi6&4GJ<=yIt4e?geCC97L|y3`J( zOiI3zK5=O!_s&4?>T_CZ;%cro*Nir^PPBpYtQ3i9wYw07EZbR7=H)AC7yWSt{y*L( zHa!E~CnEYpEAPU_1E%m<$?Ku#_388dSt+3M9CqAU6BKPs{r@(%`B&ESsr42N7k}|wRuX#krzlNva z_^imF7~^a87O)K*DSU{|mcEnX4SxqH z0l$=j)YacfYfZrRmHZ&((%Bs_G%x-jS#5PS^b>Pa=o8rTBb0rEOd92GI?62OC@Zw# zN9ezM_aUgj3(D?&6=acfev-a(v6hPT-1D%xR{!MfqfWmfH8;^;KRSJB*Rg1CYV|Yp z=64RFlJ0XqOTW>x*D(3-tc>-f?boE3Wm7MClkGYd&YWZ35hzc9{dV>Zh*{4YQcpeG zZpaNOLL;`rM7QPygwpdjq!*~<7F5AsHb)jWdoX|WfkGAxs?I=$TJo1xtO6qjZSdJ! zu$Ni|gezu8LZW*1mQ-${jGJi8_l@LWD)?23vBVn~4Jd1w9pS>WpTtI=SRI>1e{PNU zrq!>+i}c8EQa_CXxWl>VX0%`mSY{^G$0L0HBc*xr+0WDf3i@4g+ML-sA~hqUsJ!?1 z$qBUVKhQO#rC3QjLVLX|&hbn>_>|Unq~VyQuicRvcHmDe;LpLo%z9wT zGcOv%2_re%Lg3&@L5EG6%*G&STOo7num)I`sj8&_YBqUSv1 zNC%7e#*Zj28Jdq0n@;S>Fw1x{cXx&xa7^Mr!BJ60~y4#&{lyT{`kH$z>Kt3SWb~4w6{Z`ZTWmTfGoapClv|BHd7!+ zrXaZmT?Hj^d?Fi@!sTb>+~wCX?RuJIr*AL7T*nS8EJHOCG?W)#@hvLh-9H}5vOvLB z4v7h}a7%<8NQtL-t6Zoq07r?bhP+P&d0%rgeV6PVpbiO?B@^||uMi=VximzsXSgU*Qrt1Skc}y%&n*^_5j@CTq^#}N8tq^FH; zeCTiS*HUwUC1G96Z6QjJMc4kZHQq;C^s{5-jua6mccB;KWCy1A-rI0n@(Lh#oVWwS8uaEYt9MR=+f~x@*bU5juu3ft$EI ztYF-lkyI;n#dC=XpMJJqcI?zH(b@&)EPt^H zx0FLEBvZC}qAj{w@m&jf5>xo{TFNe8&cc?iV`0`FoLr!$qbRkN97m>|;O@z84q}g~ ztz=J^DzWu23J0ueCD-#bK0c8ywUU#ld22a?zSx);M9;LAd)L)o&TVIAZI+aQWTf-> zF<@0?oyC75$4z6$OKT%rEYP4(8>NuJfvCKVTuxWp$gPl}ASctnOw7)*Ot~}r*@$ju z;&n+`vR;W`&?p62Viw>75NZ`~l`vJT;{?C!GcY21=XGkeI1w5+>)rskN6W00J0Tl8rye{JZJeLxWn;>H+u>{}xV30}JdG2eU03#!N79z5 z{?@?!@jZqQ=SiqY7_2DNe$a`ptN|3(2QSF!EvNd#xt&X-%HHy53b+|=qmVv$Ou2WG zon70CzU+fJbia>0od!H6`v>5uy-SRzV=u&S;Ai^E`x&N}Y}pXIOCOU5(kIn%Ui4mn zd`NX~cvDjPL6>aNPj*)Jmtl^dQaou%KRJuO>L<7M!kxN{hobw-O=w_$teL9*ayA|8 zh6#i2a8R28=)b4>MEj6m4>{BWOwKn4%F)poe4*-aO#>j*UY`@lpj z&6P(`@UK2dz|EDLL+64)suc`Q%99@hTsJk)O1D?ajlnvx3=SOlS6?_>b#Zw4|GdUF0`W{Sk5@35D|Kra{cy z38ecIgZ=2#pkQD6wNP&UKR%*DLHaNc%F{kOu*cSsvct6^$|+=Ga10f{3?q2zNO^`! zBHbMcVbRM9==y~W&!C3xO|12~IH8eYzyZR%vqn$CGj}J$vz~glNdCx!&SpdfgFlB| zLHi=Spe?@PCsB?S`^L;Ih_3mKk)P0D=^Mt#(JXk*mpwMUi(}+WJ?7y$iag{*HD#?$n%N4eQa#G#I(9d~X0(UuZwrV6u@NKXV?<*FvO_J-;=gmC* zDSMLaMS~|{4|(@$LPSE%+F~=WtPmNi;~}f@qhc%zNU}A;e$#K0=&z{|w0OIno}Y$IHx9RUW3C7k1F-~a6EKR;h*s~G>eEMgQjaO#KiKsL>jWYl6i=@0ytqL8T2`PB@5(15bWj}@HpRsuQ zG0ljPmSq(eAs|++A-r=-FiUt7JI#`RB>Ql9e7nt-d(wpfgcct*>#od}Q~vv`yY)X# zxcSs-uDl4JmbDo@xn(Xsr?t~tM(Ps^n~wB~ro<=Zbv4rt>i_ati1)tnCPabrDJbwI zPhsoexxZ*^UE13n3w6;lYzdrLcHq-;TU!6LJde)IN(`iKrva6}wbyB{9UqUPkmd4d zF^-43oulj6so}G7rRLnI_0$lSJ?u;U7h>eR+F|OBnkP4>&GY1?|NeY+(|oz1>0ci> zlszVx&MlOu{rj^B&w7fwEtcPW@OeF!Kp$T@UzTY95;=v6KXmXB)H?-d73#56ZlgmP zdiT%nK*?387@3z2uGYm%APdecg^m$zi*UaWojHrbo|6~+mu5ZKg|9D{AAhigcowSP zRLV1{9?8Gb3o7ak?A;zLOWN*4H}^s_FL)l70)`7!GK+k~TBr6rFQ>DyilV?3@=`xO zU~aPf!i#cK_4W$+fR0!-rZ0jgT_7L|Rzki_=>m3}2X;+5@vCnj{k2kVSi@$m@0Vbx ziiDq*RRt>@rJ(VxVYbbDM{Yrmu8?zSqm^i?t}BEB@`RPy#Y@saP4idFk!{^Xv*ze` z!?nPB@%PhhIsFPgNZT-=xbw8}6A@OswH@4rY~OO7ie4kvr)^gg!Zk@>m1(o+i7*gk z{3=HrZQT!5Z0#Xr0vJi$K~(k%#Ij>6^pB@Xk@>a!H94HNy(S-|lkZ2`*%I-h;bjgE zA+b`?C|Ch6zwaZH&Pq_Sd2NJ|1_*=F=b;Kh!;7cyF9DB|w-Jl+hiutexe?n))Ab6otCp<8rhR^+{0p7`0NZT! z8?t1L0|c|6i1CwPD`9abSL0y&Wo(i~fmTch)aCNq=z)SNm>gV<;=A3OXB|kK+6qf- z?N-Qs?)Jp&YElCs0u;KAt6W?b!$VtX(R;Qix-rkQ9-Vkw?#Gw|fQVZSiLtu1&5x=d zvEXCg#bmD9X^RC(Ekabs-^KPaekW)OT3z%*D**Ia7JJE`#%+TxdvQQ;AXRRIWaocv zcl~u{8^k6*c6%F)bN<)hiwJBkuEL39S&G6_Nsp;=pkG%+o7|_-U{ww=T)-`8tt!{i z?mw-{0X4^Osu=3cOQCRbv#`~6c@$+vTazd)2NJbtH-cMDcgP>m{5j~myH~-#Q1PCe zuDG@G#rq3iKshqXxujHjus; z>BJdy>LPzwkHsI#aXz)~qE#QtJw$$ptdo@>vV0^@jbg^U6DBOOx0!3q<;B_Iep(gBPW|LgZ%F!61Bu)Y$mL(cNQrtHU9@w1-axsMfv?t#KbD3idi zvy_i60v~Sy$^#Z?H+DRT6|?c6Jj}Jm>Zykz z8qk&79zm+*s2qYqucy(0Y1d_cts<-Qy6o@)ACWGiAmV7jC$4}pqTQkp*k%d!tA55lnX*s5wdA*1x)*Pj6>mHRm&uYO<1E!4NZ zkPn$?;SX|4`t%3cNgwRQbD~e8nS0N|fwJo)Ho4xXpcgzpG#K@KPvNX_i9%b?LBQ1f zO#e!5Y>tUfrF}c`9e9XhPK}Qt=Xv=0o~_5TLTyJ0D~oz@P))Y^VYF690uD9xxhOV!0f z3XRx;d6doSzYLje^`lXjPjPK{kj_ELrXiXMX|};P?SH0_$6apBoJQ4gC|Rb@#msaA>rk9hc=i z?%mz83;wj3a}|WBgHQl*%1&%SGp@)tX!=!orj0*VlLgumrl=pV%G>-b*YR{MIV$}b zPe1-GCh*wpetx_n($4LEVU>|KiF)Gsn9^5H!({pGXF0|Melo>7lDb{P^a!$GK99O4 z*X8q1LG^=z!bxcEiH|UWzBq#=YsiFH`s6wss*bC2s5ch{x`#Yd5 zjIFCwLEmy!VQw0)^s^cd#WVRSIuftUrQ}4oXh1{nuTD!;B1~FxjJm3x@~lZ)H*J%Z z#Wd_G5DVQ)Ry>2^icoBsbue>}uz}%&L`%+KlC@4zX4%DjyB(BpS~VaD{PW&6g?q$$n5;o{cx7o01<`jawn_3LiR?^DlSV^<BTf< zaBH1FvZjr&d13l%E}WVVA31UYP^N6-tqt$$ny$3ev$t8_QFt0A!RB;D?yAj|xH07; zVB0g!+kBL(2J_}vRyT$XidN#9mC|O}I4t|7bLYO@G)@*5%ub(ihw3W~c{#W-n*B%v zrKPcxKGi^BwJv{d0P}NKV+IF1^1K*a?&`1!G@&d?H=~mR&&Q zii-;isBRM_)&}hO1D}@O0`^6-hDv8IY~`G63sr@`Yow$>Wko|AF0KN8;mb{w9J{t4 zYxj_G_E8$%R4HR?<6KkajLxeRlj4Y>HII9T)5&Ja5q!z3&6SfhD?>@5mi^(V*_EM` z8Q+Qr&8Oonls9l$NE_v8c3A-JYy%(6i8hLhx`JQ!V83p3T&s0ieiG_!9pqz9|ivCmhF{AXhBIQC5sk!fQf<9NeAg(2L%B|wwAVbR-DwN zqvHQhy)mCwKdSVizMT~86Dpn)hXNw*wgG9t(UUt z#U9GGe`;0|J)5ocp*2^+9hEtXgHqNi7AA?90}ZUsJTR$?S*&lA!fLOK;@Cl`f;ZBMesML{RqhZ&aLZ$Vf9ZwmE zEpNq5t8XNWhQTfRzzc^??v_8Qq)dCykqK}-x9Y7}{CRv?KQ~Yl!a0MKW&y5UK2AUB z$SXDyL@8syN`;181<=Hvi`Y($9L~#Cn$&fZ<;c65g#5eG5`FWpF((q~ zTCP$}*RLT_A?(ogwlwDMk*EmRFeyy<>74YjKnf$)w$5a z^)ui^?UCb`xw6&`Sy57%$d!X&tRy?ukce z=4d6BHjaj}fqxQWA=Vo}&bWCWG*ydzqJ|9w^;)qKT%)KADpn$DeoZY_B5QuVT&%>@ z{7T(uiK_K0m=>%?dUxO$)bpzH@P;}%M(F{97MnN1AXuZ!HNYsGr>w9d$z`yls8M5; zDwAf2^OTmaCMZ6YrPwLCZO#vcOhD9cRjJad(n# zlAR7t!jk@a65d@t3Hce^QS38WX-+$Xu>^-q#-jO80Tiqz-@*v_vJuo~G+v_Pla)ZX z`HB4Rw#+T!t{S7ZHBzxGw$3zUC7hKLe4W-Tra@uh>b^;?s`l*Bqjzr44mo|g^z5Kb zTCR^eYV=qfZRpC(%3G=gN;uM_g;(WN?2KNNI8}*h?*2sJ33_(#&>k1n#}aURT6R{u zN3%M0$j$27C94-ZjmOeUQm z9!~fZaY%$3;E1+T^BGFEHr>|DP`cM=;!V>u(NJBp1i+vtS3Wu9k}GD$C9PUf?0<3e3{fxym~2uN!lf0pwf(#kx%( z*axQEgm>jef`>r4e*&Vr>Ph7Qv@E8ob3U<(r<8Zye>Z_NV-HiK3^F|`Axk4$f+~p(Eq0SM$R4WWwmv+3Mw0CO_ z9bW(_o%2Oy94&iM`Hm*Pq#V(cO_+62RtWl5W_@H+)WqNj6=B=fCNoq#!0C~ed32=$ zTC-JX|6{9^A?&Zs^!RG!GmTy6fj6&Sqg>`E)aPGOh6{9mo$>?~J%z-$vy*w`kF3WdlWT zibpNp3COYBGZ#Yp_ylA;_#Fkd&IrjirK4{uy`Fvxq5J`a?)h@O4QYFE8|Rhl7Ae^o&p$_U(9wE3=exEEr#Hs*6%{j ze8RvcZ%zkk?7(-G1P>#wQGE*_#C7i~zD(dEZT54BEWW$rgh*H4g&q*S4Qn}c8U$MA zcm$P7R7JLQECF3O6J@{xL@fpg@g2;p74>XOxLd6J4+Gj>tHwjT6B^ouC=$dFxbZU$$=P82G*q|`yGMw+;&K) zJSW!t+3kvFo1WSxrGY!JTj5C>kgX;R?>ZD$R1U!2P}DfbAx+Dm20N5~S{gyQx@d=D za)-d&-{IrA?C=SNw*1G(;sydRurM)51_ldnxA&FEN8A>fhDNC!AOirU)&Xtuxlc!A z;S?4yOc$*g;uGMR<@&k%eP{#xXrPRNV*8XfD?hmg#kkHc6x}V~g;372cRa&sZx9mD z_U}^SW7$4yAS&>=+9XXeG_91@MFolEzgyWwyB~-4x3CEkvo7yenp)iM(?l`|M#Cw0 z55&b@U~xMaV%CYX^o+*yS) z_#b+74;3CT7t`#e7DN!;T?K||ZRrQiW7NkEnpc`MG}!sGtw3=|08icdJeWn__stWH zuoYcWfM&vOw|^1h>&5rY4^ghk>ecE0Kox2FH^AR+zxy-OG(P|gJ_&mL=uA;grM=g! zGPUo32=*->nv305iA|_t;sXH%ve%U8TX4 zG(X;ePq3c?_C*FXGVWLC{K?=q^ucH5l!iV@IBAaUaQ95I6Wa9wo%FXd&Van&yPMOT zlQ_!?CLlrQ+>fXc_GwUD2or-4AYTqE|M1VviLB08r3RLxon7^~Fh5?X=5up!losGw z?{0yHtTqVeVr%;HbBH;MS=tT))65j}g?Ta4wF7AH7uXEYIIW(@8PpEjs8i+ywbv>0 z91~rciulb|r_By;W)qI4y{GVXznq4-WLbq>RO8N=0rS&fqpx!j7q9|lXFQSs7{zqx zHD8)XJ5M1VH*BUuUxB4o}(73u?*%!55>*>`ZqU>BAkRE<`C2i#h`TA>!-nNMkjK>6|`q}rEHO#;iV z!->X$X9^J4%mTHuu*wXG#`xW&HLdyH++6+ad$YfZ=|Ul@=`ypZ{_Ze`n5w9*CK{#^ zCRq)?VotUjrz*2ha8*^)RJ5)gwB?F9AC8Ce(y92&%F=tZ%D!suN#{<6^GKx@w6EMJ zo`u*(afu?3!AcYq=T}rX29_4X`i?h|<2n|j({=NaM5nyzEkYC(hVr8&E5=(CWsNUX~OI9*bci1{)s4Lgo#BXGJDBQtaj6h2)@~K z(~Q8Ro91V|1DJTA4Vc&WgTSI0MS)V~Mf>(Jss0yp4;r&T_Mz~1ptq$PxIvImbD7JC2*f4a+vzbT+i!t-oVmKNt** z;_rTk6{Ufpl8N!yBY&9BHN+6#`_tU3f$M70UuI8FDk%Vxb-RDfqOXRQnyila*9=Ip zLz^Q5{eTgPbY4X9v)KJ)wf468iix&%iP2P1EX2HYBxuHWWA z(__+Ov=ZCgw_pf%RA&)l@9SF%=M}`g8Tl1>n1hyRJpt9Gc-Cy@)Z$Fqkzc8It_@0k z!&4|X(UST0AiB>RNlW`8K%RrWg=m`NEgbRJHiWS+k=sk{4#S#$BNQ}P?jy9Ij}sih z;o3`Bx&s@8)9Hy1N~ViGLU-4`LJR(J2Jdn1Ar2HxU44a4#`1UY5Q5ZozQTA9F**)~ zjyRWBLquV_N&Q$7L@!M3R~F%@(SEB{$j~xJCIn(2KK?=*>h3R$Q(y5Hx}ct9fH0nB z>_x4eiGe~K^gW@slj_a|3R8_AYM&s1Jm`6k*g*B45TVAz3`+fPgL8e^NT_ycloeq@ z6AeaAeJxyg*F!C{3$Gag-R!jG|D%j)zOibqLwMW+B{nM&y^O`z6Jnr@rtJoW5v{X{yvSh(Zvf=BMOi6 z7pT@A6&&C^rwvxtx;jbFQ)PKDc!wn62U8PfYZw>rQstOP25-=G?$_lGYAlzo++9f) znnuD|gnL?@fLs@sk|sDjf*b6ER-_9l2<8*g z)utK3Tb?X)BG6YK3S~~T+q^mJUp)=dNzbN&ANK96rb0rz?w4j59u+8`0GntQqfZ1Q zAQ2auATE!Dh)@m~fi=y9SG+24Qd76)LL0@f@gQ;mzF=0)(vuCfNedy4QQFKFLN}hn zm&toYfEIi&Np#Fx2sgu1jc1TwnRN*UpxQKM8W;cstqoD&NZdvRb9yWTR?XJbXT;h+ zO9SWF6DXhzm5v^5C9I@bWw2`PP~&{)>lwiS3fhY(y)oGW;4e-gvU6s(5KN!76097A zT^G*>mX<^Lr~TPNvk=Z;kxE-!cP=&(}-U-?jWD4xUEXSJVkj3^p83wzm zHLL8vg8J^f$8C*;#x3n61qqtfcI||@CLIS@>x84@xVt6QqwR$oo>bmRK-G@Ug1365 zlklLYz`mHlcvev6{k}G}x*Ho6FGeuzFx*zrJwWO_Ty@l32yQiPz)5%Zz!5R42htA^ zy&6dC4#2FmriV~Q{yl{#BbNyFmyvyiaM^uqRNGq!%W=OFSH|-hEBcmpE-b4zU&fuG zMU|84-=mE^@lD)I^Gt}vqMqm}jP|g&x!hqPhPc~L=%TLZBLv=cOU12|CYcSq3Xu^N zmHo;z%f;LMg`a55Ux4R*_FW;K*7XN?GKvKT7}Wu{Q%GfG0JVz;b#0gqjl8It=;s1Q z+53tx(3T#P?J!si&Zqox;Eqo(jL{0HkX&prIA8QFUHa6;%2;P-Y6m59g-KB?96T5V+BB2KOH43q!03hbRQP%lZ1%v zEjR}<#|qvW(768y!S2mJh$fB24Br|J_@+O0ZNS}QO z1g{wd0&;`>;w@CS1Xa?n_Yh-g<_^)H9_)dtXPjbgj2D)A^Y_t$9au@D#16^zvg2_QpgZfw~6BtbQxX3zh}Q64^~&2xcu3P&8w*UJ|#TGTEEJ!C6jR%b=6}r-j9H3t14h#yQ%-0cjlRX`y zLNF{)@Semce>+`hN<+(p6?f44w`D>PjbKx!3D>m0_Rkbh(yj_AMxD!r^Z-V+*as*d zIlj1%V}H`c=MXpjQn_%(Bx^@9xGwOwFfJq{R*e?zh|bfl%&A0QKgq-7lndGlefxLWj867`ua*l6VeqzpX$D#ko?wxG~2 zm5`k{iqg3ZF@lX=A4@g$nhQ~%4=8gmW@pUmd(6(>c@UisoD7acBA1Y@#pv=hhL!V$ zN^19EcnH}S2nVTXI%<{uxf*uKn~xV zOzH#R&S&1nL7&+o9@d(fg5u7&Ii?Z}!PzANu=Y?11wR3LU9p1*FEE zrI3zaJrDG-okuX@WlIpYpS%r~)m`gd@2)^wZowqsSQDGuEHhIbF?~g)e zSL+@ZN=-3_Edu&}CC`!>%Bmx|pPlr@G9lJwo7wmT>OMF*3FTA(&@L*U|? z%OoUKZxEi+dSG}y`~#v1G~!DP+jJ!@nt*fgb;v@lDPR5uj-xdvkQmndO*Va?Q-o^1Da;1!lE#g1tHKL{ zlfkQ--V*khe7Wlan|SJO;c;5O10XaUb2E;nro}}vju=hL-Vt)S)*XnE0#ue|$&6<{ zO_1p*M6)V(vaCWTV#{}h4)x{VObuSQw3ldQ@VWrL-Xj#Ux}qREC(SoC!WBBcU-*a~ngD$G zPeR3Zbf&8)^9R-Y4+=Vgji;Fq(s4+=UY01M(v=!nY?;q-T%AK^1!3i>&mg((`V@rt*=MjHrG5@Zka-e^e$Gi@3T;0r zw4<9Rg;wlFdT4wF;N2<#5IcTwd2u{KwApS1GvRnlb_lCD!7Uds;>BNJy*sRo4)N6k zt7+dCLK6`%`x+M%>6T5jQ_v}4jQ&~2ehWfACc{OzW0VUWQFNE1S z_p}g81wVQR=)ZaG&E=^NcX#4gyj!E8sfy zXET5nhvB1+pA~B9g|CFMYzks2yNHsPS=BbDrBaq9BmT-_< z7xq!~4?-l|1#w!dN^qNL7U7VLhm=kgf1 zR--Gz`_^b~?Wio&0%tG;$qurp}1cB93nRB#Sq_Rm-XLe=57 zgb60<_j{}b>wWG=AzYhC_4bd#KOTVckNyd=?20^*MI(p&D*S;~*58B|X=ry;rP}a_ zXfZ~4TmVG)=Vt{!HTQR+%*4?zX#FLBpVUFX6P?O2jpF-RCZ7?xuk4;aTE*rz22$n@vpGfgJMnw09R~ifJCSIh@q>miRILxA3y`POa z$|7uPf|vNXNxOZ*TbyzSBgGshsW176kC~`PBC_%(PZBM3<7e^W3pxD*`}IBB8- z(5J-?oX((7{HiLW=yid1azx;u{dj+%LKhY!E41P{A1``0LX0)m=9dU@>i=;3syKcZ z=*K|r8K(@nmo!YqQ`=FQB^y4~ zs&ZiHKxHh6Au@ zF=&b9g$M_My^vqyniOnuRMrZnrt>i9kv$udOmtgd_3)p6-6z_#I*e0`SdEli$YngQ z0rSI;?3S&>i8SOOU<0gsV8*`HO6=@<92}z$>yO`>mMwN-x56pc7sf8@2S8@KkuCP5 zs%)`6zoA*%{zww*s8c$=;C3<$ewUU6BlntBwC|sSeP6j7y8L4);$qE++3puWKebL3 zr_qy7gX{2iXHvzu>NK%04M-DP($X|Bk342T4jkJ9`6@3K1=^}JQ4OQ*Pe?N9)L3jm z{o8LX5P`>bTOwoL(DYxJvGS?Cu{5KRL1LTIc#0C)Vxgbf+<3) z8O=nHI}D*vIHHu#37;sU{0TAFg3;r!s|>r17gA&9Ezu`3cKOM+3-0N&Gpiu?(M zJpl^L5+AjIMJg*nrIWF*M8c5QUaX=q=OW$doiiDpJe#-9A9)D_Fthz~#Fh8p1wTFk zC&^<=#CShLZlb1=p;7sX6!GS_H+{0)|VVD zuLZ=Y&vq8mw8A~rXB^(NEdgbbuXGW^Na`xi=fXJRjThc82GNPG;!u|!7e>Rnfd@VL zSb&`lcLNPDv71F(uyd56Z^Ji`*j*e9mquYZQk=kgX?1t7SSEF&$Kzw*>**JVnvqBU zGI%bGAqbDZiNYpZdx+yTc59jfg>-OF(87t8&{8<}L_0zA7dG!D-qhOl?+yAem@%@9 zdy89D@Zr^-)NDqi{v4m~3w=F&NO?B^xtlC&*_ilvDjFbW(T!f%a+^O6PNKRx6n1%h zkC1SW#kdD!?l({jRlgV{?lIBBJ77I`sWkk~kfEa8<3I6KC^suwnPiBbG&% zX9gFD@y2=kK!G@16EprU5YHJ`&$P27k*!c%tczG13&l3BKkce%f;iKI3mnYo-9Z8a z+B->nP!s&uDPS>-wAekI`HkrPBB-q{#m+@r(DE9uTR*rBP@4pS0aj#I1>4oHj&@ zR|WEcNvH(>&tv}>rmkRm?+IAaj{fNF11L&yk-DNvJY}NhClEA$hmDpQ8&vyDG0~(k z`#Vgm+!le`A>=<>eCdvJ-Vj@0oaT<0t-fB>9G+jIhi@>NkVpH|Y zdEy*TC@G^CiR;MY0Wrh9Mr!T@;@LaSA7g@<&5K)yjwd2~_YT9*cPn9ab3as2J&&P{ zSmUGU)F=qBZ1XarUg>az(8Y(vc`P3vfpySsz+1s<*{9B>^?vce%r_NG%k~Iyck?Wl z>HB3r_||#LyX`gW{NkYlE)n}P#_vbZ`JvFkf=5BfjJXTO&PE;t4k2>xIRu<{*pEU! zJsuN7)CrG?Z|mq^cZ<4Kf*|cfrK~ym0|*&xC)%BdbWRm zHUiC7O$!PfNP1c=ihgc=Fi&N^!!tU783ePlS%8IcmySC;BYdjZn-Zx%lC9ap6@G3l zaEIDgLr$=g7;kpyOqx0n2&J6F>O0$RoQ^{lMMk34;cG;M^XzyAbNcx+VlNGe{_QQ` zByFFC?f|tzhM^P@A-$Q^A4(KgPV*~fm9VPYTKEbmM6MRY`f9#m_oisVgh}pi;wQk} zgTtruSfqNdU_H_LO=6o-ddxEK0TB*}Ae+Iw4(Pbv1E`jr*tj$ixt6SAoN-E_RU)4@ zN8@SJSm{RR^T>k-9u4e7p-h4DHsg0=Rwa~nEfeD##qsgoi8kSvd@ZGjaOoyFNleDS*NEpVR`5pmA zE53*Ld7(K1&;vG$DS#FYw9=r>SeG}3Bg1O#4cN{ed0D(h^CrVfv^Cumkb_%5wyU>e zAd9z%_5_CV!^#tJpCrc5o#|p_`7F#RTLCQ)hO(lOd3tjSYS)$h1w&n3C)f(*m9V{j;M_eIo{L>D}JPuOrj_v5;f1VaL5!Mk! zWgWD@4F``sql_2CP(O`?^?6UE%p<`;Y>I?>UwZt2DT>0EVF{V3zy`+5*IS>LqKct_ z-zl9zyKX^I+OY|&qSY+O)%%XcLGIoJ+X5T4qPs-&so(#(cPu@!O^i@a><|xo(66t; zFvDVjSAFtj5IvskZ&?*}3FQS}gO1dv2hzcZy)OFcg`{2Bc)WHKZ8&5PrdO^;Aq4w4 zQgfeqUF^!L{zOtL!;8#lh5FRx3GhQLdIRDN61%-<>>J?Lu|)SY~$~!~_k@s$KmQ#yczguiW)20Ag=g2zBHdU9mwLZifTg$!OgvOz@*WLp^h>0W;w@{7;M9 zn9~Hs8&8Wfbb-9b8F8T(tENH!o)JR=v^Y@I@xs*T6;o2b6cZXbD|6s#IY+(YcUx2W zm$37u9}-in6;^){<)dfk^?`-{boxU52!??y|VpD1gOgsi3@Q zTp^obK%C@HMe^nTr=l8B?iJCAc0ccmXp0AV>WEfaJJbLI43F^?e&Kx1q>B@j5ZZG^ zY|&RE;kbHlVCz{}QdrJlot@n|FX|n-{bpTiQ%qwYhUcowRWU3W+%JxObXjF@y*q>{ z(DJLWt_&;*45q_Z#XioBA9hXLL*~oiPe9bRQra~bwhJc1LK$%#e|5MnK0>wE#YG%3 zlU4`$S=8@uh~ELnrVgyiehbW~RW^d7@@|PTBoBRiB-5f>FdXwc&;BU-2fFUy?tLf2K)r0SjkVYbFnyZ(M1Qe_-AoI6E-L&bfc;@6Krxj4C=0X$)fdH zH|Wo3MghNw37%+At$zWPG-)dZ1{?RVGO)NBCjVc55&Naw`M6$T{;tcI%BjDKjao5F zAF99@Jz^E~jbU6#Pjs(sV_XHI-=4U*Femrshsd>GVWJv+Alb##`Q@5%Kn8#FH?fV& zS{v~?G~9P4qhM&x?_!5LuJ0aa_oLe1#U{pep2}~jD!?8`MeQVzw+SV?{Uj4Uth;l9? zuYKZWL{E$t;;q#0LkHLXbNV|%04IawzJEjw2wJb4!;PX=lVqop|A;NM{U7$P_`LSl z;eW;9uCSTqo(LRje_Qm^xa!E;2+pUji3oz#(Q1N2c|jf~`+%wdSBvm2Py~C&YE|l` z^@*2F)Baj+l6F!vPiemPbHArl;_8layriH;uKw8fqD-RR9if+I^tP9@MSFIdw=|J{ zO9~Gsho9`@%M#y;CML1+h#}m&?=%K!-^PD(6A`eu@Odm!l!p080~={OKau6*6-{(Q z0;kxjsqb zki3ix7qiq=KcD;iB67u7keV|juKE7SQR-+x3NSU$jXbpwadJu8XHmK&h0<_I8mo=^ zLrH3H2!y*11K}}TmKG>_ptAL{3?VO10e)M zC1h>4XZUrxir}nWN(FvWZ$Bn+BW%5}yepKAWctKUdXRjqQX~NRCDi(MKBj;CYKt_5 z>Q02m@HH~`tE$AVgnJukpzo692#Om!E+f;)&tK}^vcCC_mEmFNr&xThm~i@Pa1FBp zq<-|gzZ9;16d=853IuGFV|<}@OpFJ@7%<;xS5I@8!x7W1u(FaR%%J8%IjWJwAb*}4 zsWn}VrUjT1=s=JZNAK?TY)sqc!Krq59yX`{uX3OS#H9RUjmpSpeqa%K??h4q;Q5qJsv7qJg9q&q^RK$5+bOk*riIdF(g^ckmLqqVWX zrk@%sEuep6rMYx0PI3frdE96*o>R@95D*&R!yD6z7%3BV7?5tkR+)Tbq_K28PFlh7 zHdn?=sMZ9z@&0(J70vlNAe{a<5gy7Hn6AZxUDQ2ju|dRI)*56nF+m#Y#TF3JZomq? znIN^MtVF4?CzBLDN|c^LLw<*+!9SWLbqI2Om77jKB3XKxrcL&<(~xWrE47~sdHlW< z5ZC0%5L}}!NBYp)>?gw~R*O@md1mr&CIOef8Q9#sW|BoR2s#cZVGExE0y=-=JI$n~ z^lLMWBxOoGN^&;`Exr9Fa?a2t%5OJE7aa09vxU@)K1_hE1dkyB<}T43g*~2xE3EEk z*wWj#l%7)k?vtWT#CdyOp=_pst)v)czuGw8vkC2JC7q)k+0vVC^JGH-11W)SRl+J) zw%p&U&FHo^Qf45sDY!2Mn?c)H$;qmztrUisfS%q_YDPQhrZats961uiH*L>jVQFa& zmVa!H)Z6W%`f85U#)A%&Ac+03mL{Pqg2o!R?u0{NW^#B$qru=LI54ydPVUFk_Ri9KsLLD|z)$9-Qzd|_c85#O@D)Sp94d9B z#-Fe<8AEaRn~}CiS}{!WCmJeE)p+izTi=AK_FIA-{>_aRTA47(3a87?_7 z3EQ-S+2P7?&~Nr=Y=pY_U~j~ONERx-Uoso{4Iro|5dGTkeo3UMBc!4Cyy-Dg0xZkt zNQ>dAoC8OK`DYG8Zx0QZqSfsqr9Vv~1BKN2texw-gw_9_QrI4C5%2xCQ2FAAHrR*;RAabeYO(9 z5iZHprq+&w{D29_<417AXe-m05A7+m;3K=0c21I_srD$4a`@fkVf;-UCBk9H$_6V9VMQUbBR-c(7?KZhg6rf>&%<*v;>=cx`&b;E2PB~8^ zhoK}hE{!rvq^lHE2@l=agyaAQX@(F*sw$PzsmW8(NXyKR4WSdI(r-o}EUW!U(dOiE zx?Luj$udnUqZi){M-sy{OiWH7bQK>DtW%_GM;m_%ypV(+8*#W5mf=0M=QI9-}a zIWweCPnh@A`76uHVnp^{JF6(IzAXH(uKMB=ii!WUz)#6lBhN!Msl?+i;RIk@O~2_*h%swznN&; zehzk3{Vp>b!PJFjji_uf3^nscG_-*ek+}hGacz#2agSX*{vOx)lRfTnv!x-NT}*RC z(${k#5aRt3J@=p#V1d$#V&zy|%~nm>^Q3YQDC2Eg#-s?D%<30cF<}U8tBa06GC-^n z?=)7k=h%Hlb*v3XrRYHQiBDOGE_&gkD-a2ZU);0mIlf#vPNP;!)_c%kympfxGdo8}-ekESjPI_q#=Tj? zr;&RLbQE-V9|<()OBfNiF2qf?7yiRSxtf}(^l5Al_Cf!leIjM7La%Ed!l77q4GR^y z1lc~Q8377gBc&kE3p@1VWpJL>euBX1v#X#aEqDad7H{0{NgN5vGhhytPhz3~fDu4D z9+j#nVYM`@dK6A|S}mpUKf1MwMW*3!98o>0aqd6bBUW39C0OmLlou-44~GzArbW5 zblVQTO&9SA>zC^2^I(v@ovY9SFXd6juzmJ47XE|y%f%goJ8O8aEvl`nu<(E0jCk7VKFr&QWt-l7M1z$pbadez@hK zz^D7rCZqyw+5`@HY!hhOzF7)o}AQG;MU*W7(TA&?|T^!jC@&&hVjf9lELM8mMvfJ)#UGxgShL6 z*)uS^{kPz73f+QTp0NeGL~8<)uZ>~%CR6c7q)o2hf{pr<1xEVVZGH&OG}176NWc2X zD^jKhjoc2=k)>AB`t6dp`to*Zw#mXYM~>$0;8jzo?M_J5c{`t5Tjxuj#S$6c&8RDcAwFob!mG z_Srr@)fk;=u6p}5shNjvtc6qfAae4Dy(x`{w72I?X^Uq_XRRI_@=!^3RGA$E)1vTq4X{?7IWE`Ll7-g?0f0|by z#kNK=``2&O5mr|O#_)FMLoOWGKo|r6~Fj1b+8R^q17Ub5b9V1_n!i9+En$z89qu z5BeMRsOjNLQZ>bVgAE~iM~n2>c9>_`4AO#cV0J83rTf^*Thz>NrC8VZIjTM7Aa%-j z(lL{2zbx%CHT0?0>1xhRX|MYvzjO;CIrD4S=<3hX`PDP!5Sw03o<+qX zA-uF)E4l+H!(XM|hC-3m9+?ZfubLEkPz6iyxq=c}Fa9dUI$aaTKSYD`zp|s2=bzpe z6JeOQkfu$=64ibMMnS(xlQfJKQvQ%G zYl8wDk}u`?Vq`&oN`dpaud|<1aIz?27aZWXNkaauPkf)S`c+2Mv9SOs`0x zUPVZER^{8$WD^ZJ8yvQJDN^NKQ=k0CYx3VF=N_9;-iv0O-AF%Vb zK5{cZeSh#hjA%#)LneH}NAB;zs{kPe){8POSx~3hjb6e9`B572nukBBf}G5YOR^Fz zXfYL#q8fh0)$bLQsZE2(^7it7^T$Ix&bcQXOo`{EmrI^)UTF?YFWrj)e zHa{JZq+(}S{)+dYwL+fSC4Qn#bw2*dZ2Q`P={G8EVmzu5h$=CtBP^DJ_A zLgposE-i9r+7}2n$X=`LYl$0g9JSnjOy{lgeKdAsY>;OgOKk(tFOcwlI z$N+WzkYE8RpfD6L-So_$1&{<904)1@&;pWS7fP-!LW7+FfU4vTZUjISX*>y(yn7RL z;bd|I${QJ=KoISoXzNGmLGnUCmjQs758{%^D^TiCRasgLi#L3mbR$T%ud;pTM~+~5 zvexC=VAZ!OWCllXF*X_%4NBw`t=*oyOa+lC>Xiu~0ySC4y2K!FSIG zczbcIPXN#*aCYm^u-YuoXoT-#vrOw}#0F}L{G~=L0*BdVtP_ABV-1zl=fj-O4JgiC z+rWP1y6n9+C>BREQX%RIxOWX99U_244?>5|%-~R@#t$gpm0m&gU^MpPpW~nl zuCPIQD3jqned`>&nIA^W%@G{%*eNj0_!zk*kILnS-eWHV-NA+H=kkZha3~QQc)#|z_J{Tm43`E10LK=Q zXmy-CgHBFCRvMDVQ>pi4PqUrHUEnF^+UZx)&n*g2+X5TofyO`xdqKm0Z#yq3CBMH)_;aP(l@7I($rG8S4~-RsJb^ph7`D} z$h%Q>hU{DKySW#rHc<|ZGIDBET8M=pae$fGfko8;{#r#4Gt zp9YG(FN^M7|1cExq0?;&ZJq$;9Fr^CVw?v$bkU;eOtaD)^4QM$E$W{uM;lTHRp!de zHRl%Uc}}4X{qc3nQz8&4*e_5fp8;|b&D(`~6usGB-+vwMPa9Gqa5SETiNg9RQsAoD zjrRt~k2t&RI}o$W@b&29L0Fs@2V(O?u8KrO@iCDAI2|M-osq%EBK~T!U{_}j0;UiB zQwa|q4VL?B*a~k-*e{_& zwd6+;R+(Ya+|ez)xj>#kJsL-aQ@e#2^nwDxi-s+fCo+^84RgT^YbJvvO{VV_V#nMZ zWDT`(oGA^mr$-46u=1+1%8J1yR5J-xhcn)RUoLWcWNZY!=*~u3@Fa^N%G?o|WkU-b z57WDI^dA;_p+(u!#(hzZcwN7{Iv8A1G!yY(u~C*goeFe^fZnN{_%ub{F->kG0PWDux1%DF?R{Z)R8XuQQVkj($AUlW zQ>b=LL&-Zd2K*ZeqnFv3ZwfyR+mSZSiJEYU;F&~SnoKlinj8gkX!Tg&Tcw_sEDArD zjOJ?H2sy^7tMnfs2M2&A`Ioq{p6=u2x%BEN?DBxoa!Nxq&>)?%S!$3R-HGkLTF;97 zvZ6eFP4j5a+fml}Tu3r@jvj8TkxS*I^3oXynRWSJ?xYm9iT*!+oTTq$)(v0Jh+V8u>G(H!XnS8Uvl`>L{GRuNBI{9L>+*Qd+%%D{DLYXt1w$N47tVLj)2_ArNYu(-*>G zjEw1XBi-|bm@AI7*uZSAm>`e$MSKPWJg0vq$nF1|SuOC@ctcxS_#C`p$!`JaWz!_t zl9HH?AmGZ{)jPK0UIKu+9TByZ9&rQWTCJdon~$#RrU-~alx#_fy&zC9TmxUN$6 z4b^Xf&+A4`{8bM7QZhwNk;5(ZJAfPgLqu1MnSzNNknIso0c`HU=tMY5xvBZ~%=%5zO~Y5yb$A`GsI(`*96s?D7N zsVn^*lR#7np?m!_d7Z`!^2_CLb$Piw8r7?R1}4O$3Mdt}N}%&CtCU+)%``dON5fTN z;FV$ID937Scos?kXC;Bt(em!jkp({s3WPcxW)|Kqc7~kD+HKH&2F-+;fS>Rg%*2O{ zE(LlyYUGI3#UY5F*?>OBmqF%1Cj+f|&KblrK1azkZqXOFr%XzUOqXr{v&@OBuzu>{%^lv%{K?}kphKZb=u$aXiz0h=sVpXe42`^Iq{oaeWx;9nED2C3 z*(KVuRE~^tYYhv7y9AEvC7fAoUE zp`22mz~0=s9Dzpry?`1~GBntS9?nE2%!(&uKN+TTr&)qJoWw`*Oi|a&uNfIA(ehQW zE3A70ZhZ9wY8Iw76%x;h(v+OVnUUb}Ru~g~ejH_U+jI z-_fbH;Idtwk>laXxB1f8r@+=+XV>y|IKp3i3RzJXpOF*P8&Ap69?nO)+}ZFA)&>oK zGO;%6>fdh5x(KEs!V666<$o#cZAe6p$9=u&SwOU^BR9w}zVosIJx_y#=WGH|Ufn1! z)02VbKZkA1K%<$RgDlU>2kl;}Ra77Db)~*|XsD>EN%o!{g)9q2Zl^tixgaJx7h`QZk z7^%|{$7l4SgK;sznEbaQbaMGiFtl@O$es;EQE3x61TSUPWD}$^cEilzhfxr)kd{4< z6M*03_L<$QVLO6-ri>>yGj^w90+8?TZbb8SRcu&8e1fzaPApaz zneiJO;?bZclo8r4kEP3uc9Gvcjt)O9!)Nmd7(-1W7z2P9%jlOQC?K%@S$Q8#dIZII z`3+>NC)3egFpSLGif7%=wMe@Dn(XV5m`E$13lA|EcM&)DR1ZeDT*PZ~Pc|4EJyQz< z0jy^Eu3|Xviv8-ktcCK?=?6T>wAF?sxQK5kk4Oo4*+WO)0;jv{lkYWNSwoYqbC`+&ilu@AD%w0&}0dSjp5iv5K;wZ)hrzZ%?aSp$B;udS%Txm5qWat+ux zEs&t0Th~xd_yDY)O)7(%bCzslk?<8f%ia+;fk_=2%m`z~sWc@D#jS;d@(8xz$u#{n z_y_kDfCKJ0C^x@@qpI(}FME3Eg80)%(u*p zqL1aa8VD)A#!kO}ELYOj50FH$`v_L}{=;&(H-D6>55tT*^cR#bIdd524Ne8VkNs%K zCs0dS^-dShPmKM2|O^IvPRsV^Ld&&IVa>Gtb53eKKFoYeX!e1Mw!sXXuAcX8&e(G2Ki zp9AEBGf^B5>uBNUAk;^vn-NFztlWzhe~yy}eo0_!xyd`6=O9pvJsR`{7!pG>aZQ5D zZvuL@R})-!e|>?O%R7bhXU-{TEo)E79W=Pko2TSSTJ`DD)8G&sn;ao}05|*B;v0?# z4Tkmw>e9{~PG+olE?kB1+JuqijO=ZQ#ldG_SI?@A3)g&MbI-u6jm7e!+B5PibYW4l zzpP+%t3q3(MSA%paswM&`kM@m- z2&E6dljGEv&dS40G`BX;ta_i53%%&Q$&OIwaI?|_U*ma?Y53>%=Rn8&4{zv9eJ;uG zlI;TO-E6yMwIa>~Z2G@?R7RB?FEj1`2D3l*Tbb7xJN=D(!f68E_APdN-#=p{lmvp8 zhfLqeZ)wpD`2HVg$ZN2O)_gB3{&CRsk&DEV)3h^~%KR}DpC90wLou6R>iUD+$aYsN z4LOk>`~jy++ZmDC^6xe&5(U47!d_!8%kO7uk*mEs49gqXse6|`9l))e@vH!m>(ObD z>juJFMSA#(9Lq9B5CGeAV86b3xdXZk8Z;dLf#sJy+ynt`{5I88df4J|sY!E`+}1;6 zJN4_6i-6bxdZ&3T85F8`>Qy-jD44n{0xmi1!i;ch7|pvXH_@cv9a<0iWRHq;qXzX$*N=aRT<{P{bi`DNsM66NQ!ECt$w)(nUr9OB= z{@Fyw>Y&~6h<^ls`yeM)R{WTzsFxyX*6coY?k(Bj!Rt0;XVcoBkeYwI{%xz%-DiA|B!>B;x7JOE^-p$pg+M!*8U04KLUmV=(9iNEu!X3 zXG=kg|AKEO?Qhx4LK!hBEFWusNmP*7t}Vmr&O|giS^k!%(zrIMA>O#se>M%54%^L=A*k zb_*|twSHnA&XVH%g2JT4j8P*;Rius@oxz%p9F2c@J0`i_qx~G#elBl6XRcd&4sk+D z{s15F{~K14W`E1wCoz+8W#z0~Y`aRlTlefUGn+;n33@r*yS4!PfGWT>7vz@}!tPtZ zy@U6Dp7vLIgwA(9F%TH_noa&czj1KiE(1Gt$nDZOZ(#2Z1G{$_h}Uwhs7w` z*|+gE^)B)kj%3vl4A!E}BR6L2@_tXue^&%Dv71+IbR@0?Ulb}e{YaI`1*!od%F6^-!hr#b|qA69#4F`%Hr+MUgqo@@fw9r6bf&O z^0)eNqjKi2V5#8~kk4hmjo=ulSrX4Nrk%ItMnT4xv8RoFqu#nLqm-=^OVFFWr!}21 zDarKA8pKtPe%jYJ#dz|67!!-G8t*Q@iQ*aJv3^ zxF+j>&m#jl%O{H7H!BfVgSo;4T*(SEQk_}pE{;kcH69<-9(KpBf-+3qASe%+sN>-9 zK!4)_R$&gu6HF9+Bqf6$kd%?A&cQ=g*^X4dlax*-iVuniqArTk)SKHQsN^pg#P%qP zK+!Fg=4A3ya-0lklux5DrXj*1fDQ_0Vv-W)z?!Y$M^S~Jveo?!)c-yO08ulMob}a8 z$aN=R3^_s1=Dk*fssysk1Oo(bExH??vuXLpTSt$qr^;hf^7@$0EbsIq+ zX6L830+jZeZm#|lpuFi3qze}8%w>BD#Tao;9Ser(tI5OWbczg7Y$*Kh#*z$B@6I7g zQ^5)9O>;t&WboS;LzFJOLI=QK(N{7B+mse`c@I4NwLAU&=-de(8%yPaAWR#ru*_M* z6q$D0ls*u;Ca$h}%Ou8!0)?hb$Bu3PRvd zp8vu}ruDwD!RpLVWuD20Kc7s~LY4bi{}wejT#-y#+mZ-~31L}EU! zSZnKA7oj8@>lzlRL|~vbkq8><8>#pOGq8&!;~RmM!4PJWX=(ZEd7s08H|O0$Kd0OX;;@mo~$%*4uX4tfnXn|MzszmWHG%YwGp(d#chjjE@ax zOu-}uho0ol9J;0{bLecEGFZ2xwQQ`E=-c*{#!8+^c3bd1V9r5CbwEpMXCqNuHjNSvFl$hJP1xL$>T zw?SAcCeJD0fdw|B;Z3nrag4k5qOY1Nlj;qdv$$E!l-KKBZQfkz&OS$>$C@i2X@BLn zP`1;K)`~Y)S7{%YXs>24vI1 zYeHrY8WhgVcGSBCQL)}{yr}?12DFP%db$kg+o896FZa3kQon)GSN*F-kF@fKqzGDc zO~?R{DgO|5CCn2~@jqAz7uTx?bm=sBz`!0*!Fu=T(_@hP7mRTKf(F|eAJX8>davo& zp>y8gL0#{2@4wy%>o+huu7B0&k;3j8A+Bg6WPeCT!xq^Nu44GMbF|FF|ERF_*ItN(n3Z(u?Z4#EBG|gU#?%C#0+8Oo;V1RcPkPvQhkR zX5OWULO$je&|OSd6TCoacNBaVgOYMu>oW)#yVslQXp#J0 zTwNah1dVI<19KqqM?bUMFvnCV(LPAGm{eNs*7y7)7$|SP{uBm!bplePx6gxrmQO?S zQQYO2lkc8a%oMZ=rOfz^PjREV7GbvwD)3pZ5xiM}T|KrI*Cuo{mM8Z(I$m3gU4R>+ zPnVem#Z}`eugrmTLPqMipTIJtz34&(c6Vi)czv0bO5Esk4A(fsC13j4$COrXqdk2L z)L#2jl1z11!bSRXl2S!ie!=T=KJ}Blv~pNuv5DLN>4!-5QbZI?sl+~e;ysH^BPC8G z2P;9x?W*cgAn0D8j4F_e-?eaw@!W{&m%s@+&s2i^b0_7OGl(i?b;NOB;aHWE4v@Sm z2!8YbjuSk_7t#5Vwivn~0HM)gj`yZv)0J&z-I85FrU(?%DLWe{P|F!gnO2h9`G#IU z`wDcd0?^HAGocL5e=jbS=Fe1G(>pV<-34EuKiAC!Deid|lXu@Nu&zZ9fxAqarA$lF zbxIssde#@9!gxxG>$DNUtsLDaQq*j473*xp*RxwurSn%)C|I3mE9q386yJze&IaM` zo(=gF0u;;(l#>oX>wq~pp_=RnKyj=&ibWTW`^|x{Nc(;9)bd%rKJ@SX;3X~RDi1*X zuPTS|&%|5nbNJdFGcoQfbFpyDWbB$*K5p(dxv&ng0UYZ5#wC+PV?2T}i@`wi9lP1f z&VlHvvjQwsG+&v(90(Sg`W7lUd_7;;LM>{2;5c1?W&3!6(hosCMn(j)aRQ#P*+Qu5 zJ5S)8MHIM9eNICLU9k|f{i?soPM79^!2iCC;T>KG=C$MtNwPo^({x7N*lk~=w2b6> zOD=G`T=R+`Q>`U}8qb4|e6a{)?R3dIvJnJCzAkxXRTTh3WhxJUlyWY4qt4qU?@%yZ zL7*vbM+ufY+iaW-f62}>-hx(UtKTJWoep6f=tXrl-@ z6Om}ydC@MgZg}6cYaene0ij@}Jx^eASG_KTC$QW-NY`kh`Ed}sg1?y!O`l&4(PQC5 zN+WgSL(1D8)N#HX;IC`2dQ29>Aj^8f$3{Gkq0bV=FedwjtMa4D3nqGcc#0xByJRYJ z-Xs1tYJJ#Cq>{%KGh&oireHq*5xjhD`dgjNHH|oq@>dJ7s&%O{(-f_5SUvXxm5j>< z@v5=xyZK<~qh$)@$W8Fk-(IHdqhD`C1G!e?6%x&VLTOBUW*}#P15WIHLivA4`wsA^ zs&4IPCS_)l%qf%JCymL3BqV?!AR+W39TX%aB#=M?2?jYoDTyBrPTs!c%XaK)CUpTiA)xVLOjqY!y%YCSt@A|XG2l!nT#p~AVS32S{GM1 zO!S>^5=|jch16O$+V>Qxlz3$x3LIuFvL?Vu1bYe%U1UuH6?lG;bqvn~&Q=S>M%9Aj z6x3R~1+Wwrwt@k|b>G>8}%9+yW4msr>8b1`Xpo&{UWJN zgy3VV_aGla)!H^-nN{{?14nUNP#%okOFNfZZK3MGsw1TmA+CDTA4_4$j9+H$Ps%Ek z3pzC)2|deJMIx$1=U;50kkl$E$Os_1PnLY=T4<%M+gc|a}I8_WjG9>yRDwE4ze%x|s`)z-@&MsqT`*yARZ2_zfAWaZ z@}X0>-dEvFOkfm_O$h$cj0xO@M0-~lLx$r{V4}gC``>&m8%s|<{og#Jj?l{6@xgR9 zR`7n{u--qe>`f%UX$lNfC#e&Hdpo1A>O$LcBr!0|H8t#7UuGIm2Z(@lj^TO0bF63^ z?AGcPOr|3N5EjnG)@WE|vFB6mjZ^Juna*^ahr_CZq@C7~M{@ES<)&Z=9qH_^{xk@L z9{Hscd$n0D3qlRv;9H=^qbnZWWPQ1}Gki|n-n``GHZ2Eh|2b2f$?RtvX9D-u4bB|g z82=mWnq95i_xDO-T__jEN-?W&)H71dyt^2}7f|7*{fFdC_}U1Lo)($DWi+NfuEq(xb} z);b6Pqb@PP#n9AljW_t!TA}~`v&c{8Xp5|enxW(B58$xkX|7*+$5QcnCdKWwo2W-6 zDmA>n-Wn32cN@9YV@oR4dTrXMpIL8h6$;M7VP;`psP+i0rqm7A)*qdro^{8tf;Y*YQ%s3U0JEe;hZlC9cxhe*N3F>)O350vgz_ z?j5mpP&V)0Ykk|}{6qJjZ`ZLu51?R`_Ks~t5%GUFLaz$jWR2DrQnO9gm28C_-(>Ae zKQl4;-~k|69eynaIwXtP9q3M91m--YDE!@iH7MBqMG@Ojv``4sX} zgdgF_x>gQpTy0G)QFJt_}#i_?vF;STItiG|d9D|k8ow3y4W z78<$L+Ea}M+PBrZm%?ww$I+x>goW?ehW$Fe7&4Vbu?~!knPqlDD5buU$-?Zryqove#{W& z*kK(4t;A%5goyL`D}+&@a=`1-`*)g{(9zq^%+qrd9neG^%cO zJP2n&6>yc|gf1UV^6u!shVD1JZ_;#9=pcwy#$rSZ42E0jvCsN}k;47W0E7P6YVtvT zPi3mo;$th|rB=j3o98s?h)FclkU3Cu9bdpu#erX!{w`aZ0~e*9O%=qZ2<5~)`{yAv z!HdI8J*Z>0_X}%aO}!^o&}beEQtv#&rL90JRlSocqQ85)Vi-JLQ-usJfE@jYPCy(l zE!4l4V2~)v8U&84NFTCulzK!~XAYxKH1r2QAXRy@f?U%x7 z>sK(hakHm=o18+2KEs2Zzs7^yK-D`Rs!-qQ(b07F6pS)wzqYnlZ*KJsOg4i;pqZ^W z1XIT3Z}0?+N;V(WT!lB;5z&E^`oU}LR)8zo8_+v#opE&bAly_iiUAw0)X&?d4NWo! zZD)hzqyyjL9sK1DzGLs04qd0)VZ3AbcX)@}+_mdF*mkx9l$6eXhpV^QRc`Kj?3gu` zhg%*8cU^uA)~D0Q;PeU~U_)}lb-|nL$1wuUj$1p>+RvR_`HLjJK9W!3)jaQHx;@C7 zYED8CUU^-JrL$jQ$5+h*3J>_dAH=l!groGHK!EXlWZj1J+D~ zm3a5dAR7m^A=(q}4qr;Uff*}29&e-E8}LW0`vjO(XSRVSr`$9IP`i%-OdX}p{)8JDF?4ma%puh6PiyO79R!XG z8kKM(SEKw0J@=PM?^Yu!gy9aVu&~ znKbbxY}cIfy?+r>#z!~7cF%SLCVKSW*4Y&PEP`M^_!~o;*Ih_uWkNzI_#aHoj2KA1 z6Mx3DBSMAt^us^aq5dAUj=KK~vFYwDjOC<%p_zZW3%hnmmK4+&hCJr7VulmW<~03- z*A;WGR>lCJfQ)L7>JL;tArzpjx2^4b)kkRRZR^@a;}Egg`HnTjthYmB{y~kA&oTwL zXkPG+puvv?nCajhYYrWW5u7x53l1mVwPr5z7E(wYF9mEJE;Qn}#WtE20wepe+nBj; z4T69%S6(v;g$AvR1M|?M*g=j1$ySbB^ld7=Bnp8_nz!&6V9|Vp7-g+V=x?M`7Hs5r zKOvba{e;i}*zT&vmf;CDN!|QVM{J!5H)NO*MZMck2%zI8L8jQ{l2zH_Ck!!aE_Nl{ zDm-kU%K?x)774;``rsmHPWE)K06KgfXl4%+(zK=u=y7uixf`XTFps|Q6M}-&Y*t5Z z4kTn157CiZJKqsx?O$AE&)3hlmEwqMhO1YEmBAhVCzpc zV^t!9Nb?E8f)yczhrtF{l>^C$p=*t2Y1L|@Fib}ZBlyzn7>R-DA0kQyr{atfQjILA z7$xZ%BUP?EMhIfxUl}U^5BfC3_eqZkB0V$}v*~Xao}{oEA&vav1)K7RU3l6^pS}a% zaIBAjVCO_3oxc7WFk{%|NvJb}x18{DT9Q>~G!qy!$xy2j!37!Z6br+k8Ap(Mw8D&d zjlN03DRP>ff!@ps!o=<%FZKfhTG)MFYa02qV5O|chN!XJ0Kd3&@M8lwX?gim^rkKC zcuDpPU;&feIpi3=Fe6!bh9L-W!IA}nQlC!#;mXg+0?fR+-yn%n(!zq3a?elj7%5ypino21@UiC?|;$-2MZaGpw^9quhbZDo%BWWS4hm-;VuXa zm4T5QWl*NzYfvkxY;FuycV=TD+;v!NaaD#<8Z{A8T(-_ZO@*ec#JG#NAO*de*WuFC zU3LRw*c`SN3$CEFH}cpa4uN;mxu!xRAAXJsvQRJP;fDl=;?qnBHKeV5%q~Hf(wh_%^Aj5c1Vo+jIIMSt;kayre(tsNie;+Fk9W3kq--2cxrjRAZ0!* zET_Xa{Y@mF_YS4Y4}&iKo-N7r$HPK=82doiyI2=AqZ*CL@eNe^wh#t;)8j2nHu|Ks zkk0l*A1~z8gk@nEd0n&~W1=jv3AqiOu=^zB4W1W-?ms`Pu|2r=-O7u zr_UQlS!|G#$}9U-VD!*w)hfHEt&mGkl|^M!UOQ~u_Dz9D_Cg1+%IrFCZ{A&BD0w+~ zD5Lb3F;;2OUWhP+;c1q$q)j8=2i)RFR@r_#TZ0t2bItI#@F zwN4;=qy3{p+IH`bo;88}VSiV&eS`f;dHQf3-(B=jDL(U!`m2*ZQ1m#MhAk=gy!lc4H09nMYk;<0# zCy=7#vVAbq39AQ+F+lay9tER{;FGH?;t;|t%9mMsSzREe$g=81_QvTM_VFd9rD{A; zIt-@JepQv4o6X&yfjo#0%k47N^bt%Q*n8NH%W0c7NG+j}>;5?;JuNq-k^A`GOL&ki zFE#via9`}bjeP{OsI|#1adD;YBnrSR?t!Acl|6+sH1O#lfzF(?z+}`*C}Zaw%9-8* zN`QZJ(t_&O{ROL1*-r>J7~+(L{e?HY{1~W&>MA6|U<`V%K=?2|xobjh*-HrCkp^R2 z^9BkZ>1;UR2_eDYT+{gp!ALLWfnVh22w&4rMd(4@V8KGu2ji)CiqMjNDAVl%^{OBB z4unRgXg9m?SeoSu-M~#}~!WmJJ+HwI~hk>%dA zIYLc%hf`TR3^c|U3lT_)bTru*Z$UOnMtTN9$f%&D&>bjhpqHNw7XZ0d=j}tOJ%j}6 zSu8ZDaXfI@VUaOmgTcL|JMh2%uO-JL2H2|8O5d^YScJyru{A_#-Ob@_v;dV_hJl(> zBAAtbiiIs+HCUWj#oS#msy)lv;@Sm1xix$tEJ`xN4@*G(<|6kEX<3>;ubXr3y8}C& zOY)v=K7vO5JX|c}3+Qwnb}Tye!h&`eZFFfcNYRvXoHFMMVal>{p`*c9TYqiF2#FLh z1|og-7$M$}3qTWy{OiUDm-IWZLIcTOC76QL#2_|%ZuUn@TSrFG*-9*#xb*-a)EBU~ zf=99q^n4&9$){8ctJKZl$Cfs0j9QNs1X9K$hic$hq0Zo^JU2y{WKbZiz3=VA5z^?W zO$w$@{GCCyPva>jBbhYfLYa{bL#XZ;LM6E9#3BKiOw}Zm+h{RLs4I;{09vRO@>rRU z^nr>4PzJBvNcPdgZ)2Vj;+;;A1dUXHFXI1lhNS1VnUXd+Ben5Vr+%rSGes$TMo4yv z9JS91>#*e8J}2DKo9pttuuA{^`}4v^O}1Y%Q@Bivw#5ShcOGcU?SG<8Q7}aTL8zKV zEOS2^{w)JQTmiGYkv$X|?v>j?CW@IQG}l|)G9QySZk7;;qU)=i2p(jO;f5%a_L;PK zpnr&R?L}dO=N-LY5+du}0dNf=LW!O$0J%_a$d<@(mFo2fjj9>c59*kLRtFk9dq!W( z7v7;~D^PKbbu9d`%2EcF`mM3;HrHt+_(V|MrVU83AzW-Kg$0DApYBsza5;OgeE~V$C;6PDFSEChzn;nOOjSnm&7@a^D43Drj*1O9C@FpUijYlX(jnVJ=XO{9 zRR%8>>;_ixH;Q~(`Nz@h)~Ho>13;@N=EQ|ko|M>{mZt~D#oUFg>%I;m!J6QhVamTt1dG9kX#hh=Tm~@}%kZ6;Xo#Fx6;6I*nN)P^bUc26slOC1&q`fqK!SEytU} z)2y3Gl>Zj?*`Z~iS?AsqqLFUahR(c+>266G8Bp4FcZT)eyGO1SBKh6LYlRq-)=N4% z3bq{U-ynXx@l$IBzwG=)zbLtndG0^Gw@j zS`x3i>oFv1^ZHe-dAi&eY1NDWMERC`M&-gfA%=hFFYAQ3`rnyr5-s=K9_oG(kD)HA zQaeDqUlW4sKOM0iWdCTkEtJ}=7p~BeIVez5QEm^Q_8YLQ3pZei&E5dUvu%Tr!m1TB zEsQB5rLckMhQ65i4(MS5E}Z%9gIX}k6YcBaI$P`j2b z?@wGs{`mqxK4#`x40h7c`2cpCb`Ylto(e#~A{->Un z!sy6*!cdz=d6^rJ5#A9H(6ZhaGIdg~OxP}<;Y(Bx@L&HCT z$o5^5Y^4`J5keb)4d|dvOnRv2h*51l46>LD|!J}oenRuuWE z5Z%tBN%c~XlFG{R%KDxrW&~hzV7(Wzlf0d2pMrfXMq?oVuKuyBdQ(*QsSq6QaS@;G zkta~QUkH!%xLPy;VjdQoMvV}Yw_ga=jGmz79(VGrf_z-13HybnE)uvr&l=jzqk;Ot zM5-s=%_JCm@Mu%>#(P|^Js`M3=vtBefDoz&)PX+NI~sgIh;Uz>(S154>^!bl&lr7=eNjfqxBc*IpE-s=g(p4} zK5?Z#psXVTk^?Yjuma*QSQ%x0iG+@e9|5riesGf-kpBKb*g3iAhh&O4{tz|%9IBAt zc#A*v_+043+ytT2Xj>xcj(#p!fx_$do|ZzVE>i=X==|rx%QWK<^cLRSrZs*(^xYw$ zDcKIg6wl9<9Tu9IUEKkEdJttCfoAjNVRVA~(GrhfE`Qk$M+El`t|+zo__KwleFT*q zL0kMz?)|7cf}Z~J5wOKvw_CWpG`6zTNtQau82rWj=5uGUO!fOjH5Fk)ozT~#z1X8* zCog`5J(rDNep+S%%&mY>l0s+8%=mmcJFLI5HhRg-PFiOyKp#Iv&TOZg~|h!|BH{R6GkC zi8&(Wga9CC|8dnG-{k}}E1tr0&CluU&BACXV?+#$dMtbUZPrburi(W-dSOwIvy$KFccHk!&=NMWAr>{_4V%wtBV>RjamuEtsT_}6X^uL zr{N4Zfb~0LY48baAMVDcAq(IKEIR>b%=vasxP6C<-Z51jiiQ^;L%&^R!DuMj2wU(t zbkgK=LO(SZ;>UAB8#O!Ok?(~}dOja`_{+Z+N*EXb?LCkAX?$L=Y5G^U^TK}G+er?m zWUt@h03_)u%BQ56ytR80>rhyF2Dd9 zbrG%!)yu61BS8l_H{2dan=itYGiVDIWMA$o$C&vb0;Qyo4C~}5W7k6FCyz0VQ{Cm9 zTyn=b45vHGd)+DGcYFzO=psz!yT4@P1pyw_on7@!f|J`6Jx?*w<$XU{~UPX1*O zy?f5hyA0FSJ?D1cb6+Xe@jbUpFSDYw0s96|k%15M{IA49qRw(I3c7JUfYBW$8#3os*+J1dG0O=OOW1+|g+2 zAuAmMj>lOO0uJUOPlaU~d0{J%;g>kz*fRP)uiEOPWk>dzhw4H&DKoBNrLE5gAjFNe zB7G0if}A7NP{@n{^xqRe+DA0MiQ4>$&2jWohzw8v2~In?D~eHOpOWM6OT!#Q8E;{7 z-N{!+{(_;}eVB3+6_4D9vu=WeyAOZ52}a4;08i-3`WvK0X#npFKV0y)(301~0B;DQ zi+_VHh2Mh2JM?4V*Q|(v1!|T>WC4M63$*pzEyy7J(jL^CqC*xjl*{&NNHZCZ!>ac0 zzk;1s{R5Y2(!au1#tD|x4<7QPoNA;lJo*_zj|M6T5R@Szcne=I^dA>1rw-9egb&p6qj@y=k@=1UdU%u$!G;VvfpEGQ7bD zFFpfCfn|WGnL9!P_tv~`N}(So0`x)OcbcaZGM|O4=S8s5t$rSrq2}Hdf_aiEFT3;N z5U4yOeME;krEmI(L29hiZrrApOX}<^qVnC3NORoQK(bLAUo^Q^LdaFVuNX~F`HEfD z4*uYa(m$LPPbo+Aa+?59%?2is2V_Ojw?P1y=G2|XIGr?!!!&a77hc47{hjUTasEv# zWgN!R=Vk;x^4+sytxmXjH!9iI;2XZT1!FR72LvvCX+^7tuI0oJd0DIj$03~Yd-%Ra`>mLrBYhWpPj}@MgqQYCs^acF}BcS8W0Gd${-(a}^`Tt*6nKPDNn& zIz);^)O1@=9Cb@a@$WO)fFHjcDek5_(V{Qyjlz;_9xV=_*ch>#eux&2slNha#TE4C z3vl-wh!ta%tFdBdmpa-ePVDI!PVrQ<7)t-xVS+&PhneogiV5^@oY+!VU)#isd7k&j z+r=0<6OTVX9YCN`MoZMf3QG{<)GqZt0c6$T3F2y!5^YvP0c~w)bI{2&Q3~+Xd1!M3 z#6e9<6#GGS0`dX(PbwD@McLTV?Xb*g3|*aD2FuF0Q&i2Iz-dq4CZL5O261nZyDfUe zA;xnDsWQPK&N3R}C?G|=sM|4O8{sSK8j206Q$z6y`XyVm-hXL#Z`qfAo(VlHI8_WZ zv!sJ!rfQAJ4Rlg*syM~tkub`C7(%*~CR%CCNFkceSi$n!;Jej%Xw*`K?L7@Jact(4 z<+#sfBS&Xi(}i?V09E`uT}<+5wj)jzH4-y51(`d8I0g;x3nVVe{1g6!osGmtDKbNh zGPd$tG(!$ldSr<45U92x-2)TkL(4N^6`7Tc{q%LFCim!Fm>>^2s;VvvGgcgy+ z>?29)3?(rPHT4cu^wDm>>(#5c=Fuy}_gEahWrc800FmowcoIY2M`Ym6W?1@ZNw9Tg zJssss7&v#|w5fXaVX*<~A@McA1a2ptcvxJgFXlNd#M$bUVnPB{ggmG6cuR4g!PR5} zJ@N=F+3wlrbNAFE`V#Ne&o6Av(MLo*c8ZQ?Vg3@^i0^ugnP($kw89P>k}cLg@VXD} zO-u|SPAY(jl}cwLjV8L=R%}OO+kt#+YA2@AyZaL*y4((gmqiND84K*xJf|z8G%AW3 z-+Z2cN&NL^bb`l->v)$Uu4Tz#4 zj!kK3_Sb{gxrrkoJByDbdYof7flb2w=Yr5vR|zp|qtTg4TRMx0&FZzoo&gW_Xr+Jo|K5gNuMPC2 z73Fskr_$NZAV!zFh$42|?Ji^d|vj4iUsO<>zDpfRv-W_A~Q({EW|4JbB>P^T<} z+Km|Iw35(6ylutCjCeBZFR$|RfEt0E3iEz@VU#KQaWMih=MT6M zS08k?jm!Ihr(ApAr4J6#bBEoR>L(A6ausUQt;p?ZU4PLp7@w)8`}KC$@2sNS$FNtY zJ|?C-q}K;h)$Rx0t+|=l5NNhyb%L5d4yk8JJENJ__80yAa=6bl7tt5A_lP-|W1KLR6=M2|07T}# z1xvEBFGQyK{V>O)la0~Ay(>$~D-lq|hSqf-_2?%?SoQpPehV!N^o=4UizIY%-R63h z`O&q+1=l&?{@r&Yn`j8G$bvwC$HsnQWbS>puz|Y&L53oD&kOjXaeu1&8J?WvdPP_t zKy|t=y1K_+gSaWz@&DlkbbWjfFisXiR{uTO7)GCY1^b({o&Yxr;hlYtnv!Vn2dFT} z3SrRMV?KT9?jX$Q9&pFnNzk&I;oEcelLVhD^V)UdZ0jP_PB1eO8^>;YLN;xlxh1binWG%-|ZFj8EK zs<}CkK#z?Q|E9pGgb+f@v6Nf}T66Omi;W&F69YsR`G?*zNCg(dOh@m6k<2X}csXt51#8!g7@g^}^?wZFzh2V*KrOSyXqxO|l(#+Jb$ zTSa~Th>4)Qha)Yn*lA?!g;MNc7?K|?hu$#d4n(EV<&aQn%Ed_C&JJ+Ga&Zmys{ljh z7}_w(_|n`8Q9!An3Gnr@z-~6`8ni$~afQauT-T}BA2Cs+Kj$lT9X%Y?qumeF;4$I^ zH87NqSVkrGz0Y6JRvGALd@mpiR#m}E4<9}I@wggH&M?7BsydZa02yL&r5NEM#?qlm zv7w<2-K-QJqIOkSM&@d9XyKP!gIhP5kl_3n%po4GDQEt??P?!Dfe z23$%ECEje^1k7LT1Tg?*IAKkus}}$|B~KI)H#1RuL>=US@9=%wCyI^f)y@baTpF}6CDPEHZS zVl|(PCTiLfSrnj))4(8Q_!g>Meqvx0wVNvTqDR{$K#_gU>7X9%0Bw1O` z(rHj^_|@zgP7`HKgTkey1jd=X@M2yill4EEa%#l*7{0aaU3+%zk4Z(%3OEPheA54; zwKWjIzpBAD4xEnp?mr!?W8QQO14Hv?&7`o>1^sB`3^B%=MRqX@S2(>sLu^6o=fez? zJ`02U*9@@{-Kqkg0l+#U&YpyD=x%_Q+u5}ps=0MmTri#dz>q@rH3*UIeHr>%^cpXz zHd*kmy#-6=H3v*YJj^4XydEZ$=nMqZI^?<6{1a6K736Qgl)@rA5eQqiNEr+Wp$#*| z5EHg6)AMLdrYTrpoI>5ejBV1?S+FShyaEj^^A)kDh3kV%n4!%tK%#o=1yK_DIhJ2v zP}ly8R3+9kfe;`w*O-?|Rk~c@hqBy((-}vuBF;v+%Uu@)3tZyw4KXP4r zLAg*XZZ~L>Gb1;Zh{xdRC&+8u{SIjO>{*yu{WG6J9E|7+I~???$nZ+XzY5)SOao&$ zDis2ERO4Vyy8f#8nzqh0eX6p&yt=n4RY2iFZfUCpeQrT7T!M}CMQuO>dU&bWJvNb* z;4NhpqBz`(_N;!gH@);4!1d296-#LHGHlYhT_Y2en&o1!A%=4>%z+AUJvoo%#G{T| zK`DT%oo#5(3UP*3iQUgJWJss3-8<6CmEb(NE5#z2Q#%c9nm0sWt%OOW;&t&mid`+X z^#V1dm^ZPK7q1rIquIv-;Dl$3y>ty07(DSNzD&5+;&d&(h>n{vi)%re>fVBKJ7^Ua zUg7|Fm6F~Bp9pyqd#u-X%cLf3WJ89%=XwVl5g zy9!3Lwg2^dVXQ@8#wEgA%mM%v3Hm^OFn1O@v+L-_rwtfdUZ{ZjpiOl zcxlGl0SQdd8!> zs8GeP5-n#YeZ9?>XfLD)P9|`jfge(iQ3JS1bwsBNV^#)y`AMta5iAOOtyNE*Q0 zm70w)on$zQ1uQtty-VK zYIt>mDT+m2n3T8Ah+Q=BMPwld(bU6mI0JsqWJL9jwhk0C%KcvSr;!e122K4Q0|l>$ zjn;pU)$;iP6yW#|7I-a?fI~zMIFAqJ4)5%J@jkU*BV=j%dC)pO2DrnQ(htjK+I(J2 zQVW}4(zDnv8{OFq9rNrDumBAH0a9h{4^SlT{(v>jvN1SrXxn)SJ*ciaK8EbeP`hbb zDa;rd*~sz?_(^O|gI`4rsv$q&i~Z&&1e&pHna-a|hkg>1l)rxxQ76f-+8;EmYrG$& z|01H8=aPg(D*gph$?r=N66nWY#AkI&TJ^7Drv7{5uULo&-i+2B6)s?mvfCJg==PEX z3-!1l&Y-J{A>^z-W<$^3L@{ojAd301Q$~!rnJR}MdkP5R+vSW}XH-)<+rT?OwWCbE z0wQws3Ru58k8E?c>~GN|JrFy&E%My5uNh#2xhmGtv@EHQhgw3{lL2|TM?qHX;%lOy zOX7DrBI@I_LGX$94Dd#T!8Nh5+@qj^$8R&j;RlHB3X1DsiJ`97F&K^xmI$Tlx_HXS zO@+0|us{yD0bcXlp`dWCGj2{nid)n{DM&edL;S!%(VxTkvmpS}x&BYFq26E6RC`0I z2TFP%I<(PWV!nX}9FeR+m=6H0aaTHivZ!Kw*@c^8tY*Kv(?yE&RiT5_+(1s}L>cbV zf%%4LGPVK#X?07C)TiaOTjD4hx)f4v;y-XAO*|XxPX)IicJ6*N(btA-Ld~S12V)T` zLpo^ZHJ>orD0nxeUb}p(6m66&WZwxJ*X|p!5QA@vHEOV{{&pLkzYWV{*N+jKXZMxj zm63Nvr-7E$N!CScB)Ehpga*=(a*PbRYFl(d+N)1MMh+s^x2GT$`2z!TIQ@+nt(qK6 zN=u`}@+7(#rDRr!4jO7Re;;}gXKB`LUt z(lNMIqsCUWqAM4X*x&uFfD{F( zj@d}oQ0?l!`$^}$p=VVpU;9hQ$s8#I`Q$=ca44k;QXusZq-Qi}bjOHE%v_FGKmHGn zoXSsv1d8;?CisUoHaJdy+Y& z{w9k74q}EYoe?glNFxwkR+yj~S-l*}i(yi!L5))E^mC9z;So}}g{d-Jf~74Rd;;mB zN$NyBUXHUscCP@o2Fq8b>(L3(3E+$##tfzjf^~SDL6u2fLZ_R{;K7R1*Nc`L#zV`Y zRl8yid9ckyts&Rhsv;Iw_gEzzijqRjRc$Lu*d6qFBw_%LMoEF8Rrfx@GIDW$a+CzV z86`y;0irQ2N=iiZ$Xiho3uLd0!fI@6#^e~Iv6TK<1|n8C41SMx(Gm-{)Kgp0kShps zOtfTI?|d~{^7AnEZe9r5^Lexs)5xU^R*W5rG-qh0u>KXJ)L{WUB?aiFhn9+a7wrBv zm|ls2U;T%i&>(s_67n$?RyBO;n5zP((~(A7?gTY>qX{TP>ojQsAy}pmzHTt0Y!FPCr=mGl>wvMQ{ z1Hzq$G?N~p$9o{LRqBDK zkE=2qY^hSB^~ ztj$ds;A;chNaLtig|81(EGAU2u&3{FPQPCnlr3HJp<51kd>}A1_EiUidMoBg>TN)_ z3FH4hoc~i@C#fOb=_K{lH)fyCpki*%>6o!al`J2MMcg5ku(Jf^mRz0mM{MrFBmB+#CyRWO16{ugw%QbNdH3n~rF>aZ|PTr?M3RnCE-Q&zL z$ZklI4r;(x3tMG+10EIy2fN7A0Z8%%8bhyfF^E;@F0~;R<4Ji3@x@F$peqBU6n&5= zVj!4#+kw(^6#0zJpPD@(J+EeazPt}aYr-H&(MJSwLk6PXnCFD@bEI&dRxu<;itGeD z5(jYA*x2y*YYrWk4+9wh?2?)RaNk)5XM)F_3$iZ;(e@l^IIUQbWTqG&c@|^z(Ah}x`?^{6}*n>o6qL&IeM6#?0jkP9Z1pOk<2%`l=%w9Kcnx7W<$RsG9>IYD~|0Xh~6gjrEaq_@44NoA6^5mH&3t596K zb~6P7`U#bxtQAr<-I9D|T3jJH=&3BsSpB)9*A8G)-WmX+*m(>#hX+APPe$LF9$i*a za~Ndh7KpL|085CB0bxFoar_LiB1nLCRJy zOqd`oR)2LZ!*cCBQR+ZD*JG0`nkemb{febKze6-{^*j7sYbQx*Dy8jv7|ZFmNsK%| z%;tu~(sdIwU8=bnlVX67Y*x?L2Kw!}cUc*GEBrL$WF zZ{>yQlEq+Em%KXAu#$WxB-4j8q*rNwAmUc4o&p7(9+MPK+n$mx(~D1HR1dv{qV>y8 z0-NRIC#5IMyuKTRK)Sxv7N!;o#1W)}mQP6uM&M;FUm}G?uxv)0hL)hO@N{;HWr3fa zCj}|jo|RU*;)>=!FLl96Jn_8LK_{K|nNnw*DxN82>8IArlnQYw;05Ux1fO&t$1->;VD^WCRtQ4ypDGGeH$r(G?&k zfD{2f62+*HsKi{6h4w-OHvmU+JS(nMRa8_~WiKrOx|3)j?9p5?>bz? zSzu5L8Zv{{y&Bxj@~7KsqLeSs)5!w%Ffb! z`Ae$oWn{Z3(V@nI|{5BZYi-78YdJAK#(;sQ1WpigaoTgTOV}S`+ zO}VqAaK$)F8e`;{dH}A`(6BQ<0095AQsf{WoGrbfY?>=QZv-}wje5+NL@i0BVm|l= zM><(DU#e1*krNhx>|`x~z719b`_uxdHKi|cq&gCzxgM^S!cnk|;UV58$r{Di05{m`OV_odoRt2uG?+epS?WxmOgDv4 z)+)gtPI+*FOV~9;$3W~(|pBJi2Q-KdkD8N|cL+>q>Myq;Ai)B)b1w2f}2ctc2 zAUpu+guXOu8McM}4$42g>wx(%dy!Xk2=k!mkR4T6ddXbOpmWQm;7Fb&s()Zk25_;s zFqF#;6Ui_s3M(X=7gj0tS|PQdmrI~XFIyoYhj}F64pJuO=#_L)i3d@F4;wrHBHfum2N0OxvHGfTNhz)Ic$3LEgmo2R*_;t|lr`ey6 zw#G>&PH8|`R_u_Xlxwd;<)ub%ARlb!>>#s}u$moLzAfd`!8fIEC>(_`Y5Q7`@Z>iT zM8NK$1=kT{ed#reRoSslsxqo;q}>MS#_o^6P-+Z5m1IQqeyqi$LP_XTowLshJwFBm+H?~O$I$V)H zwI1270CH_by?Y^u`6fn`tcq0nUw&mACBGvD(AhnbSsDF4wo8B~JE#6DEXj0yyW}*n z(@dA@H4c%$)4TZi`=GyIxt(@MO_DVk?SVbxdYQ+B_f@&+)os{Dmv+In(B>tBg$-$2 zdhrA4Gm9$+mu6oG2o0Fxk(JBJ!2)P%m(;d?8!api^uePowI~|V^EJuOrdOk7aT1k9 zBLS64>ANL|`l#H;JB0Q`c)?Bby2a+7(Nt3;v@fE!%6?`LD6~(MNlwj`Z7Z>3e$22Q`ni=Ky}TSBi3I!^C(M_om_p zghnnuYE+GTPAO)MC5p8)j}~bR`12R6iF;C7a|%%(yU_!pDckQQCT&$#oU54WHwkbu$2QdUt$ixLMEeUvT{g zcnq>Y{h3KUS{tVa6LGHks`hkl8rEMOKs^sZrJdde`rpn&Qh#0UkPo9-*DL+>S3-C0 zb{I08enkpqM6s$9O6L{AG_MB|(w^gp>TxO0(b%{58PBn+?=zRXd)54i)Yf0Sp^Bj; zy51I0t&X3!=Ww3BFc9$a1Sj|uofa@Gox4_$f*U`pJ&J>UyzJXx9pwy%4gFAUpp zvK@l+k)sf>Grp7-s-=VYa-3>`heG%Yi~X7fHBUA*klpdZQsBTiPCM~ zP7eS)fO-aN9-XhHJS4>-l-2Q#)EtF-&PFfo4?%VV`JM3$@O?1pv`Q(0d2I29}JGCV0!4& z4|q61r=_PODn^ZHTUl8!F$d8-h@vYkO=Bj0Ci>FG(^9-o8`yNK=z3#BBFsI5xj)|+ z*rh3ey<~v20P#z9+S4H-JMb4;adojCda5Z~!ddB*8e4BUCymi|n?u(>JU;~t$L-U4 zttG&34Zq<1<54NLh+26CM9_2_j0FRKfp5cB3EczYj(jgZLgsH0ut=|5h3R2>X^1Zk z>5J^e-kU*sAkqvrDvp8I4XXW`YxD8AG)!apK_TRBFv z@?}MKGM$&=0>GK|LR*9Bt$`s?H1s@VjgJ%I*w>jvcbeA_$)r37E&Zm{h`PNT7toM{ z8Of3*6Ue{Y@ztE;%?esM860&}I?|{8x51^+C=c;2QGZJZynxq5vF#zn zB!2{C%oisa1#0zyH9i$JmN806Ko&xmAtGyK=5rjZA26k1O*?=w-+^JzQ9(^GGEQzu z@BQDKQ)>z_N^H`ohPf=+Xd;XoYg#I zl;7gcST4x$Qv(YvZ}u zPnubNUKM)6{A5%kx5&wAd^Ed7VH`>WZ`Jn(GXAoB8-f{_?bK+LIhHaen;Vj})uf_W z)q|W4W?0m|6dEA6Sj5Dx-9d8y13ED zrd+hjj~l2e9MS(Vn@kDxxG0ZOOO+uj8F&~XfMS>zsU>zv$!HKkhU4kZ#z1&H$Mfew z7cS3+D%s#h?(nB!lH6Wj2AMVlWAwBcP0C(LZe*lE!EgXeQ6QDqt{_1$Ay5w2Z#@?y zhcHw0+^Jq6G%8Sju7xJ6fi8J^0MxU(Nf!M?3fL(8gEGl5WiW%DQ;7?bXS!@i_ck0% zSAylr|Bu$^hREslS~oZqFcci?-b&mC-DWkCu_!bW-0w2PTfX}5B z+HumJ7}>73%vxcY84qZM%(3!do1?ItS!>FxVbf7d!B9=C+#0;^gV_3GjZ;@*layn(40)~Cv zeo#8DRCp&rP2d2^?yZ#ltF1Hn><$Q|ACs`g{2R#ckztK*Ak7$#Y$iQ0B9bBCX%tp;_lXBjTzfmHG4(!fi>7N612fnL7Ts{kDi+=J zd43r*_q6PwYddUF^h5*D8C9p89|gns+>g^@=#<{_lZkX)5Oa{ z4dOw_ucl$UH%yaH(SSFgj%}W2u@W^x4spsukm`;!LZ0gr^K7ssq|06C-1o-7G>xli zt|2B5ssRmPbG(uU@V9hr02+#YGDN~VH{#9oTe`eO9oKD*V_H*& z+(9+9)n&*{HKUDU&6KaWw!puQ<#++m#~L;=lk(_~CUSB-Fa4wMR5-4X(OAXg9(Px1 z1`I2Wxkb?B(|zELIc_16LCMp+rt)VlwCG5B>LK~0GNGCLqS4Ikk(`m=VL19ro)QF; zW>+A4ckrVX$+AGnKO)HQ>lU)8Tx=n?F>no46&U)qlJjZP_qx`=7vjI{T-Ft^j7g8k znT8CtU;tlx>Z0)X3UvjkhcZe%Lb=mgjx$h78+l4}8X}D=co^)IN>on=DvdL(prXXd zMGiXBP!6FLkysEt#{rKcCR+}6XV|+XBkjpnG$tF+9UZSCQHsNnvoJE0!GTE6xHSI( z0SA3TLcO9JvGbuz^g#v;6XHoT# zifS1D^{iS)%a*Xa&g>~SH0TjUEZ3*7pt6t&y6pi;3wX#aB`}xt^fLP@=X%M*fIXTI zw{*Wg@^*S;XjFib+*b}zPb%&E$%*`@pgi4Q&NVc4jfR%`0fy<7EfXM!c2%ZISC_i_0r)(wF^8X%ugyS9Cxyqb57CO;uB z#hmKt;*>c^Zb7AkueAu(G z8F}*Sp2t~3lEM4=l5KV=kwA+S3fQl`Y z3%rMw7FN=-u5v_h zxA7dOQN{8b#>6sO#s(z4L@s0=iU4ZW6js_jC9=!ybhkuq;>}H`hFrNhm5r2}xIzI| zjg*Vj2@4q|BbLS=1Fp<2Wi)}W)(^_$_i6a8cu`q68WXCS_OL1LU6-mfsxLhU}8ZlPMJ3YQl`L;?Hv`c?f%X{dzvGM?FSOAjv z#5lR1IvzX6$@|n_bH>X*i`s}!r~-&HBfWb@Kvq~gK@QNF!LA7iJK_&0XD7;i44R9D z*U+QvGvrSV zbl@P2_f4LX8(8^3xP;7_r{tSDwX#1e!$XR7bo)s_Zd`c};{N&ts4#Y>5v)m@Do`Qk z#TryPoAWGS3a|8nOyTtx_~`y;{GZ|>W zF5qB=ONM}Y5LhuUfIuF5Ukvg?nKz`lRTjWGGniG_m>-A`&D}4^K}aC1Pn$J`#UoM< zD%#vuNR#h1Oa3d1Nwe&lN1T)jVyOj6asP^4HymKSAgRu+w$ZZLOjs-}DX2=N)5%7p zP|k*|v|^_0N4D8=WFbUHJdltIJwYq#x<%9Whv`e(X<-TBq=?mp_eYNE-gk;yJ3&4-&ERxfe z{R?G8KQ}9}2vor;E#)UTeW*h%?$O_6CfVU1%3{@3{pe_|yjUF=yAa@8`F4eN{k_tV8IV{4kO6E49(b~Lv79bxol+w; zaG6#XdqJRlRbK7G%~N#XRgl9+4+AeedcJPOsr4AafM_-d0T2#Lm z20#T&e)~1~J7XkN*FppkvR=dAqA4lr=uw}QK{0fvCj#HUT@BtFwnlEEk^uy;dzzjSTBe}f;Y+5w$ z00}c8iC!LV4J+_Yt?$W zvst51tw`E01=Vhl{oQAd4hI%a_MkwNCc6leEJBC_Y4`@YoWj z=z%zxPqsqYl{w zx+16Eqs4ONVBR(a=4Zbr6HR}?@(|f4dTE7t&UW)}N_xhK9PJ8CxAP6ntAzF|s>Uec zKl*z+7H8THd6G-QSi3{+M8EHVT-0c%{FrLQ;Ym*)IlWQVbEll>y7k;nIn;GvKP!gD zVuAlY`$$;DYSJZ(zbgki1CfjSsHDt<7B(VP#lBQrme6Ljj%BCl!WNAghDcpd%-%8~BW3iovKz5X#I zCT@<5X^X(mxy;+1`iVT5ddCJMk*Z#xDEwB2&oL|qxD*8RE%YcuHM6p>AaSia ziO$aXN)FcIZ1j!KZiYVh70BPuy^$KGwPLv@O z>2TQP<3}?LjF*0w>!DpE+Nf())mRixCAqOJ%G2Fgjhz2h)F;9gLVY7_fq9RyP&!2S z*2^(rH$CtItCae{3*(E1q5?6ak@cFQiW{(vym~{9f?Ed)gVu4{e?w)mng#rmP+Lo5 zVgijxfFmKcDYAtc{3%b=H&5mX6ocAx7CR30AN}a#KjnuYm;13~ijMSH1h`iIK4e%P z_O-R8wSURI>F!_hlPM}8attpiDlJr_T^(uY01LQCP2=MRV}T!|=*sIi<#Pt=??4FW zoOciscI`vpX!ZC9)R(oXwD?DU%0Tuvyu9g9mJMkpKa)EgaDAd)Z{`MtzH8!qw`|y?fhy)W*7-ZB9Bf!xrFXw}zXTghggs zivI8(vn}7GeLW>vY%9&YCK9HdW(U|>kipN^56jyYn7~698H_tzIGR084JTwvgu%vF zAgRR{&8IiSYx&n)@3y7GSHQ&B3;ySpB^$MzW}^ zqIx30e0i{CF(CD;9JFN*T&~YzuBh4!YK!3Ee5tg;YK!y*qhq0M zu?uYtsCl!XcnTD3ML|t7n($!D#3F7sXb&YnSy>_2(hT05@aGS*u}Te-sb-KZxP!Ko zV9DXGW=G-Jva*TH)YLcw!jp^RIoM+2&OlW{tS+uBA8$`o%Z*XR3w}v-m8`y&epN`z zDg~3FEp{Zq*F0wnQEp1MQ3g6c)6Y)hY_=d@mP5@<73=+(+*a6*Sb?LV*!$qi&Kmx?Fi(gb>^Y%j7SsG-q zwQb2hwuI*k=#i_go4LDDN1xE+RNZZn+zc-KQ}bb8U$!dJ!ZfH(s>+n_?Tx@9hSmry z|CrhzZ6NnEk%e7%T8{ewP7X7$=()E3eu;GVifp1|-^<^EB~~o-YDO7v2Kds+pTGiMj=sR8ODpl2_@Z2lj1@AR$MA-mtjrsuRmj)A*l`b8|>4!2MS#D9&g zbL~EaY6T@@DZlk2h)?V#d5GXi0Pw9ZHAEd;{;dZt$&XlBEO0V-I`#$_o^V+PzQbjR zo%|~{U6v)6ys`JPd_g@e`rE=hPbbiZmH=9axhm^umQP-lKZ#>2khNS?#0sXXMmBse zTQM5duG?UXqvhA+wz|dU*K2ZfgDaY=31wIK1?lsTWT4;W2(evB_0X}XPEp+fp$E*p z8ihQ$%Qg69PCJ$a+rnvAkPQGzLs2GXPHw1$mj4AS11`Lgk9RZT12i%go?KK3V`)i2 zseP#4CY)2c!tG!P4bajM#^kv*@Fkk%_yM~HY_Z4|-bxSduK%PSuFAt$AAAXwPNG6> zRUFa#o{?jqM8OpGhn!$ZZ`j5;I2{Et$Pi|`Lem4HeCX5@@Y%C{k2>+#_ZVg}{0*V% zT^r8bLw)!i)M%EiJDLB6bkryi%PRY!0JB-AD^w!co=`Evu`3(XrX99i<}X5c6SHfa zK878Ma-C+Xy8w0?7h#L}AGRe;UTSMfjjCfz^ye8^(#|Zk`TL`j7)ibi=x&4!v4H0Q z_jY@k&7^!DX-n1is&XgFHXh856;pgR#@5wKBVEXaOe15wZNdXKn~g>l*(`|e01s)9 zXj|=JWTYPxZ43Vod(qGm8+K`p%~IO{>-4|dl%SiT|Btrs0FSEL+I}WIlYZKyXVOR} z3CT=)s0l@iKmr7$hsk6Dfi#oQq}vf`f-FF#$n~P40v3*_2=+?Ti;9J2xhf)HS5*FY z?{j7{3D~~>`*rvCI34^s3LhF>dRIfmyNW*4@`^ioV=CJD^qV^M`n8i zrCFG59-@9jme7OV%@Q8^>y@hR=_-6`2=lQ0F)9N#D#qo}ZouUDEk~%=YGQ$4@@T(R zSf&Y~(`-WJAIO`3LNmQPv2wO4b&xOH<GOLIY|JjM8dTp;Bh z`7R=f*=2O*6P_pZq%pI^V49GJoe@Ig*o5|#3;eM0HZ7Trhb-a%rEHev3yK$QFBE3c zk-0(<^;je%6UUw?PZct>b7$uZ2+J=9Y)5#p(2tgl5u$>$+-Y7Hiw;%*N^W(ruvwGe zcsnNg3GAX4y?O&P!;DWyBEOQr- zsUHS_)72gQgrWLE{j{Ip&X39HFWB&w--aYd2Lt73{G{ZG*%`ep>9o4PV0FD0H>J?$ z{RIJcUhI$M2ZvBF*{%`>M?;R&X3kXtvFn7^jPz{OlBHc&2{8&2Fkwq$nVKF6laxF_ zu;NRW4G_#e+P=w0JamX~T77<~5YS1+#>J8J>c6qaF1ij|_@XlKE-D9c2UiG#vsd|`LmXh z!uwRE`t6_G<(m!=H(}YTj4~wX}aCAjdigwF^6KD}PI$yD-e@tU*qZ#|0)Yq%ff!emR`i1@3`P^|x_Cxc3#LZC7R`Sk&K?wyAcKkgeW5 zNqEd#9aSxmH{H?|k#AhCPOKGf)CLF?d7F^>hr8)i_K-rC0PIf7rwW-=z7FanUl9+k z6Z+5#DJc>Yay6+&+eF!R$`$q zba(?+?B;hx-{4UrhG0eUD76}D!s&jx#4`nYKQM**H8Cj#L*9`qB9e!l*TXq9=IA~L z3C7weEH!m{MEe3ntDbEXZVJ=%KOnCHfNNAsJmXoMw^*VzPUGqNp%)9_zkm#hdT0%lwi%fpm8Gg{W-#+%NfWj>N*cZaLYWwOx?~x z4j1MIMe~SCZ}z#XZUhtVIbXQey#(`ZTOhcRquV)tM=e5Y$I}Mj zl3eonMxu$wod00M0x~Jvy1b;U#oQn)bva+VGCy|}yw*E!5ZV}j0U~TbSdgox)7Tq@hW5m^nkKSO!sa)5 zq!6WEyb<~;Q@*T2FigvD7T%+%ACOkT7u{XA2+Ixh)bGAl}Rf+&y7v6vVEb7VuxMd6_1x70LtC`6pR`o?qHUN>JZe zD^wV+$PV9Hn}AfAu5e_euE%zGUlSJH#P#3-v(^hO^v!yqlFBy-*U*j)!n1KHEIMo0 zjD~8YbV3erLr?Q%NNeuG6Rs4Xj!L7SW#E)f8l#!x)7G?_JDvY0nq*hz|GU7ng0r&F zCD5%&lA;Ki<2q=W(9`~x^~-+kbK|L*{w@8|oTgW_qElZ)*l6;@LbpF6C9Z7(BR*$s zq)^Acw?0z1;m@_rn{&d#WgQ)?y`BPindM6AW{gYSY&U|WwYE-0;xb-#atS2Q99k6) ztK0i?0)pHIZqMzrLPp48z7OEMuV5{Tx<`on6BVPATB<@VE$nO}lGGuagg)LBb}}&1 zm#4ANwI73dAG{aa5G+BZl)4oL#10l80I;PAfw5Dkm|@z4ZKw^#M*yfh%}H|`VI-WN z1ZJ7|FX53t)I;OiheKx%Zp;mo!=#l91?3;=qx9jwA$7WpM7PoKbfMc7wNummP)r}a zA9i7vPTIlz6H5ah5T<%6)UQ1tJg(i#G*4F&8-zK8r%!LNxA2G&UBn|8kYefdgF=gE z3k}<0Ur@ITs^`gD9uf-a=tIIwe?v2c4e50QC2bU8Exgy;m-g*|HNoW#@gx@WwZLs6;p(1H??)A++9LC*A&$yyM)08s)>h9pBIPz@=+l~i^$M|6cAhe znDC52lMi02ii;q>Cxj6lE%vb3m1yX=urK@3drt_d8i1~{8(T1k(yiSs8K9y~tv6n{K%*+rfOB zOgkSyvgwW}aQ5J5gzFj9hRgTlfnMf5$3q~3|?tz zWPe%MLlZfxa@u+(0=f0f1@!W3LZL4Ho_j^u(Mh~)ze>1z7b%A@AaA`cGeS14e9j8(?H62DP9(-xeL5?W9qbZifZCpCENdLKqCZjUT6{CKN$I=>FiNq3N<a@~P+;^#1r*4TN*QyY9ON_eYcO_d$v7 z+fifi{QJU>F6*B9#Rr1Xi%Pl~ls_S*BiAERyyiGGcdqle=&7DcPYAD5AX8S3ye#A} zGO`fR97Ve8B+h9H(n;YMeR&FcNcd@Ji^rHVa_DKHPU@s;z_$f2RmA(KqbmFYnjUr$ zCgJrjL9|(IT5r32aOM{jI&yoMzA2=D@DC{3srPh2?$SQFgODJ0?3SQ*E#PA*c4NCI$W2lYyC z@ci3=!ydt+nHK$52nq5SMXg4mbrd2y4=)DP+4)KoL}fy{a5>?U!3HFvPPrTH%0CL; z1gZc1T)4`My1p3~Mzo|l?BSV^_$qwe%D zZtEZl0jUesp#zX*2bfJ0;zy+z8WH9#pztEAj?sjOfZkt$rnvF6yAzSI$} zoC;=<(f9Z6^wL*g*cY8~Mw&Pm8RV|)5gk#n_AE?$h_Xvy(RL4?#cN+WD^$CfNcz{p zG&=OPaILYc+Z#ir=LB^qBle`vXUP%3B?WHlJ6{Q+`pS>Or(X2S?-;aZGvaM}T@;q9r!NYx zc=@vJHIWRz;1U*Bkb2>F;W}N?yz^R7HfksZWH9&w6R7EK5Z(pZ0``!LeBSa3#aKU(x<` zZWe;CPp3dhJgdQ=oLm_i;IBEU)5$E0A81AE+3B!KJIZ*#9jMnVp?wE4fW~9n&5l`K&6 z*`IDTA;&i-PW0DGLqPIrhh2_Y9d;^#Zd>jbOpnEhW62Vadx0<-r&UnQP7+h;bUbQ7 zAgjKRp3gBx2C$*z95rHJ2r^d^5zzRi7+#`9Z*lBo1}sljDg3GSV2FqoEL?*ezO!T4 zP!WIqHnUica>sx$Xuc6?y$ce=T&=pI3o9*}5d9fIL(e1w@mfztP4YO$vBS}mND6p5 zF`SG^VyO0uS8K#ajN$b|R=@dyq&^F7Y2f(Y^hq+lE;L0n|LrOv_SNN|@=%!|di1|= z*Yvsx;0DU0!BK{C%|_NcRScxSTL3-H3&1Xp7t{D7ldY%(xhWN($Xp^lkSa#g^l5>> zNbZIU7gOP(PwFC0pd|}g1)eTqCiVEt7(fTQh#Tp*uM;&qZ*(0o2Wesw9ZeJSC@ftp zpsUkCA~&Sta4-AyJ^Pho5s^Y+5liS{i#U*ewTOM`stjCMlmP-_^+DK3&{rA2EE6)t zJQp_cxJ)rsTU>Ngrg)W$&%K!`K2F1rBLI|d0(dN%7TVyjY+eQXrpu`sl%bJwE7pe& zX^Wsco?-6*@>QeL1JIWC=inpub`|}xy6tCzW0TyxTIc@|4Ru%u{o(EunhiT##LbC` zG$dPGMW1Gi@4I@4<`U3S<27Q`TB|rV5V-vOjTXAqDki!QTWOb7oau3xV-u^WZ?0$# zMnFhaBZ?EX)H%}WX`7f3XvwY^SW(r#d`YYO!;wML>atd0JtEt2I6YGrZ>0MR#gM%URfJ!(yiZFpp z_>KoIev7kgMjHx#YgTEkU?6=2aNO?b(6?0!1$7sX)4|C?4>hNk z_`MJ1_7yF@OyNi;`==t}rz=E%FAK`ejS$^IU_1I^BoV-96@gpRQxxfBf3ZK^dqzyA z#(v^)HSH=f*^9Q6iDh(Yu&AigATi5J1KK^j3JM-~_pH5I98TX{Ev}>GTLGwd_YjfT z%e#_aPiWh$MKyMqSmaJhs4N#V7!6JfjG^`AVtRP{Xlha-+4_okYE*^jtvmI*4i`h+ zkM|hC`&>6de1kPNT;C#lOi@IZqIKZId=Sc%Ori)Q@`dU1*avC<2r>8^6iQW#HJpa7GClEZK zl6_k`ow^q1aEr_w0!Ka!6#e)|Tj*@P_@ze!Z%+_&Xu(n`d~FkU$_`H<##5xbo5cPo z8-tmo3yGN`?P?Y+F53B^S$vY?Rq{Lehg^CC(Z7eT6|MBf^$Bo|wP2wHHHZjAdD|}% zD5>~0sYN{PYN4!E>_PT;mc$>I^R-Z76{<^7@7S9lEftYn|$b2V@I)3d|{`p(mPwm8Vu`z5o*bdQ%Tm?K7q zT=5-7YMBGJQaJ~L1c#FN)gW65dF)Hz6Bldf*XuA$qvzt|=FP?K1z7${I)g)B4pB#q zE5ICz=0O^mJWq@pgRZ6^>9>hHZ(XVa5-b={d+XHxmtWB_89g-%xHePj?XyQCe~h_? zc_^8BVxD-LfmR;%W!TWY=KCc9q(MEnQ1tfFoUSJpi-)uUIk{MjQs22=jB%Hh{pCin zKp&!QOG2+w=iVfaHK<2#7MHql5$sDqwHs?gQLnlP<%NdbCL)GxiD=Tr8>E$MFb42{ z=|8*HIA?(2W-Njg@GxzpuX0yrKMTj_c()2sTG^#%y5J-u)137Tg0B@8!yF+}v zNV}a^MD1VIuYbje{(Z|T`}bpeT8B%cM)n`!ab4Z8S}Zlt(?y9vUUm!pxJG<}4(7lk z_Q?K(01yFk$fD_nYO@fn(OFeh-yvlqM^;r~jx@Yb*xseJFxzwcFuo*#-d-zyPS22d zH9b@ZW)S|ipAQYIO!1?x>%=?g>?Wi>9a;xIaB7`+3r+DsBHi5eVwislz^pI_v|^37 ztUkJ4WKOPQ$Ot`ouNX#SHjBY(;bsx}`#dz}mM!8JWUaLLP*Z#gGU)?-{ppvxu@x&P zjPc~ZQQSncY)BE=uoFCT+1=uL+SCMT7Hx@S-W~`>>41PT2WA#^;Z`xoi)Q)3Soqj| z;F-5Pf$DYpKSOHYool=!)SvGY5rNwMzs88L8I8;j&cF+_%G$fOK@n)#CLRzhY zO=tFS%a=VUengX!qzK;zd{{aSe?WZq5AHiop=9`)TNIac4liqqeREf+QvW6sRcdKAsl} zFxsAG_q9{Iu?Nk6R6HYS?9vrJG~V9zI-38OSV>7wLNm^xAy102WO!U0MOBZBjsQI_ zH=V+s5c2|I!~%plGiR=93QS;~T>Z({;Yk1K&^Z&Gc|v^qAN1?z-QxXM>ep^noX-0t z0Md+EQjtm4(9qP#Mue_Hb=JOZj$LWWwAd44RMh7E8+vxy^g`bzJhyK zYzFK3_!V&l`L`jl_l8$N%Iq8ylOkRf2d{li9L;8-Z7Rzz#JIdBjzbK`q1PbnPh5+_ zk%!;(3yhfNt}d&s$1L(Y0P|7P>*6Xe@;@NH;LB3F5WaChEY?^avkL?cc0HyR9TX8l zw)D*q6p=b4Mr$f=7VSNRvAFTO-~<~gG0$jeL7oY0a16T~)+hvRbvl>GshD54(1+gz z_ow=4f#DIY_F89OPqsl%9)={Hdqj*x#13a5Y|m#17)Yz+$KdC)GFhI4k-i?9ay2!- zC8nd~D%L_ZM6I{Pp6RUktNsX1r?phGyHlz?PFM5O^x)fKO7>LXqG=Kp>c+qzlVS&c zV6m+v*MdFDte>lPog?ciAhDIag@~=J|A@xWsc5>^Q4fP`I^IAlUx8|U_8sJea}@-t zDv+f<6~O$Lc>DX*A#sxSSH?!Fu}8%;gJxCC@s(0y0Ah#_V6{yVlHRu-T-HfvWdBFZll0;p6jPO{! zFJ43GvrGc5d0%`xla(f}Ld}$xDyAr7^0g|mecLM*^QO3Nl-LJjvh4#gU0Yu2(GSFX z+|Hx9ABneyc5ICnoC<`!zAsd=KF7u0bZI#X&n-VL_F~`;!L;}zaVX9GQ4S0>x*eE| z%hR|MP+)KLF@~$poDk=EC3bA}3VozszrhmV%?I=YP~4R7U^dwK1uR9t$q1$)A45YO zrOx?S4D|WujScu*JOJqCzZ$02*0tZlFmZV&n6ByuXnFe!agyip;4i_Uro4}x5uX~U zZvRr;=>5;T*#5o0{}$s~DAdCI$uR3K7WGNhfzp@c~ShbRVg6e-PsgX&x4w8Bo!g{ifB<*4uTwfFhO~A7DE4 zBaFA1KZ*U+mY>A=1{VIIc!S+*!5^8wKrBP>$CJRH4fHqSJcb0jm4*6VgeLjJC*I+- z^A41)9J&jc!ms`&Zl%`W#aDxLk&)f0j=Ln*7`QR|&bOq<5Y0l=MH^Uc3rjLc6|SLc zHAweEhm7@-ozY0o`~u%}?sp1JYC4+m$h->>7gw(@-jS*B{2qZAT>(hcamg{^RnA(9d-T}P%^q?7Y4_exg3cfzE9 zUBQ&+PsdZFH)(kUddX~eer$h2uj0EfI6Zs`6^};f1OU@>0T(Il`%`O~3Ts(U0||;$ zZ5#+Wf>p&xZKbX<_|^WC#y}CrkZ&P?&t&B>G`n7^6Owla+geB%EPu={25NNM)#B*Y zC@I<>5)rosvbr6r7%i=KTTiu&4T|^}*4qkS7>X{$NPlGkq+YSoi|`Os>Fo*=_fcWPIi#)u5sfadFF+tAm>Ph-v?>W->6;*B(Bx|ZeYZ&as#vJMzc}X^-wskO3158vitJCxZNC)qX$OsMX@bD0NGC}GkdbT&h30{)c zjZWDGiQ>%CNKJIUKM|#UH?E3L;|7y(pzn5gh{BUVrlli-{I#G_&cv!Po;M>{E~Ql=jRr`|2t8;` zPhuhy+b@&g6>qXg{o<~87oT-@ONApSmY#9~pk+`4l($V8FdFk1wVf*voV9a@>_cIr zEdf+@G60wp4ly=Wj|Il~Y90u5lYqa3Nyn|zC;V){8Be^^J?8bXXTtU#)uA45}2G%H7n zW?Na~Fjx(5ES845HoXlC0Ee5?Q&O<=1(Zm+uJheXq;fO1Eaou+d3E8uP6v|oAj^)1 z_1-?rrcM#vq(`*0#>+)>Kc9h9jB{5fehh!^5B@%D?*XRD?WNLN)Xi6l@`Z4Yh@pu$ z$X#fEnG}CT`SjZ|X)Jv?IW~kQ^pPgh&cQCH(l`C_(bpVzm2WOx1>Ue| zngFNrKoIrGVSu|09V9KIdj?6Ser|6_1JbDK2J#|1ETlyDk)Uu&i}SLx)0(P1t+mt+ z&aZKuoRW3sVv66NJJT0)u*gq)xff0{f6{sB_y;< zbY`$Lz#CIX6<13#poZKR%CDC8gD}E};EVNpGlod%iMUs5ZqTsG{v(E!4XNrsVnq1} zk0%?4NE0+_*!60PnAn+ejA^WT63-jb+x>Znbc29)5u2>#6Y1xd43)lbZzzH}9R@Yl zGSicO!@a{KpzYFy_ky#v!lI85k~Qb=mW(b}eip6REm>&gM?#c(yj+^~T@PQnuUd8G6O{kjZssy|gqA^btA9VNxN-eRGp zIC2fs1EVA>eKAUs(X~sXqym>$qUUJoLAo$nny6*CfCiiAR5sD%+o9_YUynaKdLo5r z>KF;h8e^nBx?$v^X6)ANv;}FDI95svPDJ=`%^ZzPXmc6N9i=xRS@@Q*QWt+$ zyKjz_BIDgK?H&){lS?(tokGS)asF82vofpG=)_p*P47IbmBPkJDQm||3;d^CSJw<- z1?BdbHaT9(q+LVN&-2qIKgt;{h0$;0rCW5L3X{R;!aD5o_fL@0T=@U6Ry4vSR@cK2Rl`K-A%ptRBtuzMzd%aeQ!T-LjmF}j97F1WiWjS`s7pF-1%#6lW zc-`5@){@$5DtmYHH0cRMHs2)0t3tDc)D%3qUnj2i=z1{ZDad*Rlm-MUh-I{ShBS?? zZboHcd8QQa%aQQm#*!+jVTKg<51v=?{LOCp;_g{eGCuhHEa_(#DSbIx%EhU;IZ|I5 zKUcbzp1n&>qMznUCE7<0n+H<6w^mM!KnI)QFLbhL&^olKR!#|YpQa;B#Dmz9!gfgt zn=cKeSxe<~s+$kNt97Yt337cW#BbU#UrM1PE3x%$Tq(`-7*V{;6vO~p(k5b$gW)7> zb^tOS=R+Pi`YwPEF*O0*a-Yz6hbvmZ^1yw>!!*0UNEj3Qpv;4rENIO}OYBal6@BRr zDIHOZuFw@U1pcZOSwLuEAf0?z@>h5}ZhT=qdLoPNSS{V5#qRZ31Anc{-=nonE7wTL zRI)O`w01cB^M}@8U{0=)+!@#t@06I&cJ`gpc)d1dTHgVKss>h8R#a7tC?7Kx7HC`q z6zy8c9dXfntrUxgCajg_7id$P*4R`9s-2B!5OdnFa@V6EOm3{jMz0&Y_5I@W`=ms) zaP8ck*z6wC5VMF0RmB3*EO~dVoIM6Ba1x+6Kww-$m;!t=}Mx zqkbEtP=FaN7O0v6MG0EwUGXJ7f@1slO$i|CKDtnI_(X} zhIO9-RDgD8`>8tY(;j!!qgEilg%UTzXus>`Fe#81GHG-m)biRM-YCevgn=H8kMpOM zo7?An=VmDhGxqjosZfW;Ho7s*naIIqRLGqPTcje|b_Rg~lW#Ny_@Y@L?A*FVnhmI# zEn5KK8hbC6B|_LF>T$0W&azBUivqTp*Ht9s+(R-b{=)6k5Lz4_z zTsHU4GOiY6+VNh{mq)AIbf?Fny5`PI?{CHAwKO55cfS|tse^*&NoWf}Ftq;x2ndHC zkfPvy(>Y9C>qrDYw_wVDdjMShn@lW$L0`cE%+U*nJP3Pm(}U6>`XxIVKG&B3Copci zR1lJaBAKv=LT+K6sfV^p+qG$Eeh35k-Tp+tT0R68#IZZw?2QTE;e@JBVM#^}nGH;m zZ;===caQW>rU@g=(TdL7Jm{85S+w|2Z~_ap{&Rk4d_+p8IRT-7HK_0jr}9UnoxE?} z;K_9DI{(;3A5JlQD z8`&ja)Ei^TI@atP#7?^ElvM7--Wm0%S@h|{`pNF}Mvp1tO~h23+KDZWA?pRfS5c1* zn+L&;*(D93-gTw`3J(nqr>A#GW36%(6=+?@kj&$}xHF zh8pa%2WwiC4d|`z(;&xskHeN)cy3pWgpljC8ziOd#x^$i7K94$@?NgUMuD!ZX!PZE z2~?QJO@=@=4inhsO!gckr%!%TLTJa6($(ZUOE&l7DKc1dowXw_E@(Czd>kCkE-)m( zOr!tl`c8K3Ug+z(>*~ur64Er8i0g`HV;^N?!p^GuVnjcy)rtdFF_S5H@N_e#X{7L7 z;Yof#M`PEl>yRt};UXXcWjv>#Dj0LiVYyk;jJ$wtn1ewXxB>uy36+@VFD`_sOOEU7<)UeVPH?VW0WWBs)9An~>14O}S!qm23WyY^bgDctUIrZ8KFNXC?A<55 ztW`tUykGj1`aBO_UHOWXMV~$=jb?}0-Z1l1;_K1?b^r5He=mArMxX$p)cYk2#G18O zb757oZvfuQ$l0O}e@RL=(4&*&ZuG@Q#3rJgw}f3YrJX8KHg+=DI*w( z4{k<8J6@4`|MC6iSEVGQ$KBm0%WHH6f_-EA@N!Xq?Q2q?57bd48du9})w8eRlaq8o z5uN464Q_tVGUu@x@7g7lu6{$R<6H?j-LY5 z`XZ+c)bj&UJsok%m8*|^5lZt`gWGF)q9+XZPG_;}3howM2$bbO8)_{+>dfa>j zNuehWOEcA*k4UIA`|~%vPPCSWXDj6|lKFQSH{Ovz9bHI*>`aOp1e?yWwqE z!4>vcb{Y%O(QpVkobp7nAB6%{v&;g3)ORIO?mye%Arw}xk01{&S)YPDEWe}xgGHV6k+is7@=l=iFr$p%Abj=IbIFNx z?rT)u*m^>02N?E0DUG289}0+~sSAsyv3roCx%ngnhtF39qT$QJ#^P6QWQ=61eS^UDlX@tklCl0 z%RQe;z%T)xFhzb0*`@L`NFpEEk@Rx#Gmyh8DJXx8fr?QykzlA^Yker3r3`45hw!RT zuZg+GK%-ZrMXEE`#ysFfbZ-oQ4BsnxA>l7gDSr*AY-5H9AwG`Cq{5UQ!1&pyC4ry>tF; zq3^$tz9IADp+2-?U5H4(ekld2!DpmYm*br^%s2pI=I}qn+FGdpSJFnRbNEKl`Y)w8 zOn&xR>6k&oH;q0gLc z=$&t+W8vDBx@J7i;?FGf^mkIV=y4XM-y7_$(=C+sJ;*=%_Yg6>u6cm7t*oX7LMUs} zLhpVrRVmt9hIhTW*~wyTcyrxp6i9o%k(4MnbYEQ@Os+w_YxUIUN5aE~RH8ormze{y%-MX35!UxGnp(#518;^F3~ zRn?X1yyOJ>@I!D(W0fI@Hp(FZRB=yuU?_jd43?=d1YR^=Vu9Yg&p*;&rboIMQpucd z2=GCFn#r)iCo&YH*Q(Xy1HS=#nP^C$-hOhgSgj}EzAz&-G{d&;fjmYl{A3e7>?aQ+ zUw`=ydeC2f)2GAhLTOU~Y=CbCV3lmWGfY^>8k*&-n=-YH-8WuaO)RKDKg+p1hfl9} zR<&Y4*<#S6?9Az1w2~~0CAyNmcx5uCU*cOJ&ayNmCYILWIj9LP!!gLSmEE+EJ(}Wv zrc>iH(Z+O(R;>j~li$nY&-H1><;={KI(8HOo5^-0_A33Yo!fFhoicNL-b8-yeB(mR z*j_cuUXSI(+eK6E{-8-Dtgz~`{1Q84C1^U`uD{UrevAYnPxxS^dyFkEBX|dmIcxOH zQLt5NnQfA&zFTOJ;(05dd`$ouV3d=6wV&H38)E1!3H}po1>FDZLn~iJ7D&ZZ*uQdu zWGKEng-~XnhXn3|tYD#*-N_y#%P4N!em1{veI3FcnX2Y-l7&Kbr_DifWNC-<73g=T zTSs!URi~3$qa&N04*p7!!h&T#Pn6^4d@UUoxU*s2GL;3(smwv^>g+6hY16FMtLp7j zy3@j7D7Mcf2V3a6qexj<94g1KZ0txw7G;LWFReWr>`x)#2r>;1m4Tbf{;a_C|mPEy}Y1mN!=j3IPeZaDz*I$9?th10LYVqpUi>Tit0JGuwhCedUZhbLrcJAk;gu+V&z$gvo^ls8HA#NkK))x;ZzSu1{3Bf1 z{(Q=@_s#6b3wk4-$w5A;@-eMO!ueD=Ru#I)|M6yRRY-CMMP`6;vS?|P0cUZw&2>D` zgWJF9ScZHn?ak6c+1RUTbEX^`#JO67vu!GDMMGj^Qpg%4`}weGV>OHkntI^HTT z@S+{_1k|<6m5pojWOqFhH7ZYDtvhtoNAu-vZco^_Lb;z-et{vXxWO{7tlRuHYBWb_Nthau2B*)=fr4@3b}~RiMj$^yUEMD)$;_j8i}A zF8g}XseOr(k;PoJ&H>7J108-6(s#x)-U3Cn0sd-mFL^MXIEw6~=w5ONuj%c|e~b}5 z3||!hp<+}+=IR9hXQq-}$cIeY0VKO=1tzyV$x z4z?(qPZTJ6gdFrow!x@Bv<=d#I^Zkt3`B52EHHSiu~m66Wrw{PwP~H@oN;zw_&iHa zKTr81<&=)bLd9(r>|iX^?13-^#?xJ6l7aTZ@|(|%l*b3BAZSJB%ocJ~%6mGVDHtU$ z*5XFq7zMk;iAvdzz8NJeT$R85>)?bS7I@iL3*)9OwFxow?sPdfxLsgDDZ=3qsUkgB zFV~r{BO{vD{QzFfX^93l$PIL)K`xXSeX(sq&u2mBnBDIu%;58J{&IIc=mqN>f$E?r zSO^(|nFV|VE^TOE13psEHsN&lH3%Qnd$inF(6%5=D*7w_v77E~#O~5~jXXbI+a0); zhL>a7APDL%3KrS4Bo2Ggg5g@FTJr9#SY)&#&RDqT4oFMm&Y<1SxV&r&Vn1q9nS%Rz|HsUO!7;M>tLawh-C8+}ReNXV zRMZb-aJjCZC_0F=k~TUrJ;X$XPK2OZ0Kb`OAA4Gw* zax7!;AI*oi{n8W=(nkkj`53m^;!ksG<%v|gz~X5R>oP?KjO~LVS2Cw1(30EX!#n+I zpun26#~G6{)6;dVRaoG40gKtY8Jl$(>kuxct*_p7aw5fkhuGKVI#hQWS_|h?^Mqty z+E@n$X8JB9Jgx&tBZo$dwyd5}i^9m@t#DY%e=LPe zlY@XWj2I_0hOn1u@(8+Vnrx%@_Jjp9Z*e$sgX8=F{ws@2WM==^#H3A_0IOKfo^+v? zq9ka0O#8(qI-qJ~#SlbJ!|C3CXhr2%^E@-k*QZ57L1Ky^%Qs^zg?BKC z_pklrWv|c1$WNG%#KNX|=n8v^Eu?PU;4nniQxi(fI&1ncXE@pg2T9e!T%lrj`jG5} zXlhbwQd)NF3|5xO^#nTI)n>^~OPZAGeha$SVF1k?AHn^cDY93ZwH~rZ^-%(yGr8hyL*uTDsPc+vqhH1yPt7K(y|R)cONqmZBz$$9XrD;ejYdB zb6e(k9D^J2=&kP5wH2FyqmNn4(e@*37w)E+xw)^ih1G#V$gLBGB+RhuHk#N9k%l34 znOPu%?wR#?+Kps_y{r}DTT5Jc0>2-FuO%_Ut2ksZjI)t#7_1K$!@Tp?4#nkdvZCJC zCR+_jS}HkD5gO>MZw6BVpYk{aD0sgS@b?zXl#}U>S+Xg|H8LOs*9hn|i!+^#M-~fJ zJb_}p2WHB4nsSqD`e)B1(xbEFF`Ya~Dm+Pj44OlE#T@xn?HByp&Afwj({ee2Z5R3= zqgSpj<0KO_vZ!#boD;xLW7cWmT=~Bw?TZUnubn5q?o*^ah!7xs(hy_l;T~`a8!Ysp z8pu}z5XR0t1x9*&kKA3oYq1>V4))r6y}U7klfD-5pt+f8*Jy|jH{1Z_>xzMyAKoZW zYL_1utd%3xQ8&r=7~C=1df1uz>&^0gUUdGLk1w^%mn3gQYLWd`Lmd6GM1GK}dt@qs z1=d2VmGyw0u_J1eQDapte5cM9P-r7!?Km&u*}(P&GArJuh2Tqw!a>Ma8!LC30(ApM zOxSAh=vD1cVk}*=4H#;K*8;Tt^49S@JK6EM%KBD~*1C0rB_sh)%AuS#xb#u&hfq8`0hUTRQl|0Sa~$htZpk3MvtY)-}({3V>#;Wm`-4F0!V zMNR*fSFnc_)W9_RQNlJkz+X>Np@qv~P8+dJ76M)S9JKw{B`E?6pUVWANr5pXMxYrw zhf0J%0P9>85~Ayy@Zp^a0#rpqKfoCNXFFV~zIzfxIvf?_6AnK(BRKw#Q6hc$EhPST zzm>x@qdIefU^>z=SlumTQD;ME;X)9s5Gif-t>xUS3`V1Km%hVLw;Wj>Jm-%4qQJ$j zaNo#bgQ{Tn!vs_@qnPLIya+_ujBK5>JFKlgrg^HW_BV~a!h)IMu}oYHo2?8@n9x_n zl~!7Z2g&ejKs0UqHJ}IW|Hdbvpa*lp_eyQ;k;8v5@w)FYWZt(hd6hY?%Idk()15)e z29nP8@R4J+caKkVpp*!3h&*3or00x5@e8jwVjV|T{{pR*D-SXIrjFYc8%p@c z=z)Cbg^RT5e1tJcUAIkM)zOQoMq?@J74ocq@BxV-XVHu0(1jh|=QgtI(wm2{(>aL3 zn5Nsnco;<$n+bk5W5tN1V9e;U5Q{9c5q5kYPXQjzcZ-GT8Vlg)C{uZ+5{6XI9nqpl z816%s7NdcY(Z7KUE1KHDG!>&8yFqJ%i7W2bbdwU(m>@==d7ZtmrYJ}84rmv2v;lJM zWUf>%?ZLk(fAB4@(-LH~`X`MHV#LixP*)8YE%U9^Lq6j1+I`#a8Hgna$*3cb$RhI@ zDL#P@69bxIdW*+M>7+`}eI=X9uw+>5i^nTEZucIN+GX!yQwT^aBv35GL!&&Hk{0a% zl@NZRT06v0<|bofuB{SdTCE;olWX&gw<)&jM_P&A{QNu|ql`pucB}h=T=yx5*7aPR z31V}lCr48J8CY_5oRR#K_3=y8l^V~!jCb8_I3JTwn}+!qYw!(b{T4F|z~HQJM&tBG zM0S}q-LV^TfU&6bXWc8xqhU739*3>2_h2qrR0qYKkz(U35P-_f?4Gxxvl=Dy*)t*l z3hFxR2d#PmcGZ`6V6A?%R94pRluyv}jR|4^TjbV!q)~ma6P~46o8>OWY1qqPOKNS+ zzOKHm8p#7JXrr4)f@e+>WcRkN8tr#ysQrccS!vlc`8HYc#VA7EuhAI(;mMSbE?8F0a`JSLB(9W@C3Wr#ju zOlE;Nh`-F)Wv20u!##vz=Q_Gm z-nR{1-KfG!o2trl3{*BsQbZOc&Z2Gc)mq3H*mL&@(jfPHBX)U-YVjU<28AdJ1K|9 zaC3|tU)o$8=;t?bW+T{un)temVozy8YywYeMe?())re@lQUvD%k5i!g-;h`JW5z}p z>={PG{}{`FcI`vuDeJ?b;hJSXyHXCy)wU21`#yLh^E~K;izDn*42Io3rwpd28|5F6 z$5QqakSsSHfCV;hiZLR-V=I?E_v-<9CT)64ws_-fm={*269?ttRCEYF%hiYEUi8i( z`5W4r;U~rbqL!P4@qQ175uaj;OTf^qJc5ajJt6}KaY|UQlH3>Jlg_>n+F@t~vJg|s zJDsu6a%als9K6VLOmm$38VDke`FNFf?=Zc7>H`~d+^rc?C(>>xG>;qwYJV` zYN_dFW|$H5;3%MrRvm@Ar@?{3T_=vpK~X7=1{QIpi3%R0htSk_KtiSO$dA*~b+Ee! zzAKB&{vGxfg!9sO<^9yXo52KUy!Hw>20wfcF6|}7F(EYI7<}lgD;&76_c06?JM!h= zU}WnC)BWo>W>4J4YLdzR$N^$HA{{CfqG;1GnY2=6L*B;(@e~ad@yMmu?nmy3wHOhR z%^%7E0eyL99o~HCefdP^aoPWYoZ!`YSa4DfY}UJ+MqwYqHQSI8gFM1$fFQbB4)JH3 z94Zgf{_PmkjUURRN;-}@8?ZX<6x-05LgErA_yzU~-RjalFCm~q?KyUtR^5%F6_Y-K zz3BKrHw_6!y=};dFxidSFdl z6a{`RC!4rt#uP6Wt>|#UFk5KM=kl$3b`;M)fnvwh6pQ-x=W>iejrdYdGPqfH!5Mk5 zp6z+l8QDp94NnY%MaKA*yxZjfgxF-GBU@9tQuD1Q6Mg=L92(O>O7allu4Pdwwk=s`a?gaw0> z8y<^N$NnT|yY!o7Kg*;KU&b%;Tv|L6m|J%-==XEK$PsRwn28gmC^hGzY&Uq-wNm1f zUMO~g+5pI)TR9rr@4dguWnPFc3J(gE=+dvUHQ36{1Q1#P5k#YZlk0hmINQ@9_Gw$O z=0W@XH!#?L)h0xTRrJ6a#DMmK5HxQR$l!OhmS;O@wwDq~ zAFM-~%T$AMo?!?E(_}BDtH909jBfeoaD&ATKLsvIFJ&B+m3IU5Y?A zRwgM(!U$Is+7*E};ampw5|l)`L;oYwaX~Rr7ZFcP6P0+{Ki-s0r@AVVmOvLe0Z?(n zB*o?hdGTadH2J%vyhNXNRYdj+F?SP9{;(b^McTQhiKZ}mxu+sie754xD!B`OX8dzK zjqAZ=F)5|m?Qfctk(3jOm;WRyih4_=veH2RNl-)tyt028=2EUlY3c--%}NwGqm^vh z5Uu3$XXv+RrGS=XD6v#gr})s-`RJpy6i8kxVwCRwS_Xn;Z9E<O`_a@VuHWogiFS5Ty3tSR zN(zliP-e64m+B=v(BA>9tKG?%p?@RYZZ~C8R-zKBb$V8!LaydI^irYHB;{V$B^7V_ z%0Ss!_>SW#$~M<|Jko`}E>+;Wb6_H#PE}63F1b7R6y0P|ge#BeVGD+9cN$t{6RW{pR_A6Y1HH8A`YuZWt}UNAYmRcpz<;8QMTn1DVN*~k ziCvAO{N0% zzFtarU@FW7IT;y75YtE`SUCZW*2HT2)u19J&vDMiB_nMes1)U8Bo@(u!qDI8E4~ zSZUs7a! zxi{G#RgSt3d(n=^F^x+eQ`V7VhcdGBg}|N4W}+cid{Zo~d0hFNetucGMU8qxxz9lN z98})bTA+D{lw|7ri;}A5A6ERmVqnyr0Cc4ZNi2=0wf*OWBsi4c21#2hObxW~BKXkh zw-f*b-=_Ggz28>)8u(AbPlY!B2ctUw80hff&wqD*#wZwdvystjaZxl@fjqudrqrw=Nb^yzoX)jmM) ztRdU?%2fa*RMONJzgHRp)o5Q+F;wYfQ#7r37^HsiDP^!e%&Percjf%g5xqwgjh|PbCQJJz8l(C<$wFQML)?x34iF6@ool`k~T;<~)oQ7Ji3<5AR}% zr^8p9{9XMDruahaXaA?2TQ=I1@IUIgg-w1aom{QtQ@3ldO_z){RR`E?MTJ&dVG(T| zYicChIE)-*f-X!ZNcNBkc3+D`sHd2S0GXf*3FA$PTHUbH@rcGhASmhD;nMLS#zqko z^Z2Vsz&bo0BgE^3g-kHzQ)X(gNShykEWc=iX%)RU9hpupsUSnE$At|)UxQ#ru|ywg zo@ff9mnNEkW_%N}QVy7~bNy>JB;ge$n2+;4fPNejoEc7#1maM4+H?!WuLgdD`Rjxb z`h60nyhoL3K!Cohn<=^){n=7w8rFX5T$SloZP#8n*;L+s{@`TO>h>eM9V~RkF?3<2 z-DIJ+?52V37tv~cxa%EUlW7GWMCm|C$l0J+b!W9HitokYY#Zy}=~i(3Q>73x_=eo0 z#x$Y5VZ2qLtViHUe4)m)nReEgM0K{)G|NEqr@=9a{WO_UrkECUjAg=}YNOAmm^RRa zMbL4}ZJ4bcQ%y%#&;Kl(?W!@ftIkwQhaFH(a;KRN)0tI);e?$tgc7HlPEnV7te@+j z5aTJbLgLsY&w|XvrgHidYt7^3Bb*W|xqmIYu0hAK6ye zThmZ10+ve6Dy-j}4krSdaK&D8t5;eQbw(Q)0 z+R36~yVaRnTwGh@a8}or zU2KU7>d-BZ(OUR_I9eS$(&}u$81V0RPexiZ$;)EIg?Si{{L4m(pZ#Z3X}9Lq*3_2d zS?zfanR;SIHU&!9&F-og{b31 zdxf+AtXH+U#Wnf)j$Cxfmg^|81(-pbl?;n9o9x#=>q>65y~I)MC@#!(I%*0EY*uHDtZ4#@JVnH0M$CK!`v%g(#PzlQ<2y=&ZXDcYo zEy=a!*Ot`e=T;Y43kqtBa%=34YG<*{R_oCFhTsE7TTZi}8M!>W$cPH%QWnG{F8sTk z$?2@Ett}`iauycV))p347uiZ`i*1;yVk_Ve@*E{>((E>HCO$6EUTSit!DNQQA02q4 z$LKJ=MdoEO0T`j;D~=G({<9G(vDXwjoJA#$y!_nSYS2_oEoRVOf{C=*ZPmH?s4QJj zT~OrN%jT)1E{K64lzUoqZaL+;e=s)1g+=+*wwmJn+S=;;B8Q`(#BQ_NY71%#?0MCN zHfM2BO>SOM33F$&rQSNHp|+`U4)|dsR5qvQ#B>-PieDBJ==^G zDAraCmM}c4r-Bi8S3V3vY3q_Sfx1_~?C{x4(+(OG7+|Jlg(&hG+Ts^LFU~SmdsK&6 zFb4*LudX*0(b+ksLTY{)_f>rC4Qrc@mJHK6tnzC|#TseOI2Z#<=9)5SUs`ymdfi;p z7XhddX&O)W{1?gtOzfH~d1hWRFQ(eEH7%H7@3S7Iyw2z)$ zVmeEAEmHF6)9V$RKMS{qn9R;3(3Y9dcFx>xN{v7OHnZcVS5;j#Xh{F6DhoZc#*|AN zmzjpsnl+}xKf2-PRi=q_-&UwG`&XH|nTv|Cmphzn0IhjNwHR5OWKWzX-z^t_Fy;+c7G-kUk+Ue9u$ z$1}#XJzZVBRJXxoYG1mlx@%u#Jg%j?x~gmGTDmqNj%@^n1S3p>J2*Jwu@bPs*jR)- zi~_MikPwM@kWnB}0!BnaC`!N)C}N3{U!QZ&z4y%F@e+fIR)#{{UzJzVDBLBGmq~05AQ<9|Kk6ul}(c z_woZjcC&ovU;Nn3cfWQS{rJtFd{Lgh^FRLh4gcDUKQEKt@!H2P+!t=d4}Z^lAMTHT z0n~gi3R|%2N02Kyer>*0?_aPg+`roxP-)i}mVy@qsN6>SJV)M(qh83MzeIlR$1Xo; zeELmo*ku7w8eZp~0gV}GRNrM_qS`J1tvcXUByazEAA^>*2U_pTPkfaCUAWJ^_FFHX z{fQgm<(2k7ar3bcyd0OCx~Izz{1B)Nf9L03d;jGV>}$#85B?AUp6>trN%pn;l|R3o zdyOE$$^*3A!)u#CizkqzfkAEe&A;I8ul&JRx)3nG;2zby;+8-#aQR#B`zW9*KL_TF z|M6eA`QUGPe2k!1=stKns_4Kiyz84Uuk>NR&z=sadodi)L_Ey)dH3$$_>(u!KK)q1 zC=ajMBc2yD+k;z97LRAX%zhGJJ-_^YuRR%mnqzK(VQRP^;y0sFE3;tlhm z>wG=%Qmp6jE0|&b#hcGv+@HLWUq1N1_>%w)`jCJDyT3qnejqUAsfKmOn zKk=1~?XUld8}(`*AG-Yhp8|{iyMN{eda#tYehRGjdrJWyL?67jl>7Fn-|-BYU4G8IdxOb}SH4zZTQv5*sR?EZf^IkVGw2)Cqc^XuH<4vjBiGDTlLxVxRc#$EpR|KjO) zUh>`Tn;*A3F{UOW8MY#cwdTQ>z~7JCE??N)qL)ATzdV_Oe#KklZtZP(Y%vnjWuEE= z(XFcyXQ&>rlEw#?TtHO06&jGdciD)6QLeQlZ&mJTbh@!-HgEIC137`|?QS%!NB%6T z^!$LTg|}8+XIHFuqIqDJyId%nd^kbXqBnVYXQ`)Sf%hYr&F*&NC>%|&to4#Irq5bl zHIl8KceS(M2{N8Ld+V4KwU+E6QmYy^6bU|}ymc%=DyoKixtnWyVkY?2p|6d~oK6op zky80S(-JBZcxJ6|!VnNE%Ne#=!2@NAKWCXtIaj^dqcr9*=-Rzc60 zX>ThV&f>@6u{|lt?Bou`sGRI~1>v5;CKw!RwdxBK)2tA~!K~ZGcA*t`D;}_XK|p=D zCDPfFz*-8!+zpOEqfdCV$;Y_l6&GdK(BJOTIH zUlS+6;(8$kJCWEP4<&@s8HHfmmvrqPPTLj33}K32z@cqX_CY#cKh_lzwa%+CrN z&JT;j=scF@49}p@iWvp%o)9Iw3$T4ddS2Ej%w(>_^oVE{r?6tj=%PMzq9T89Z;S%X zsjL_q63kCS**p#UxJYzCIrH)ug)}^d$A;jr%*#Kx0Uu+3=gFIwzw|3$z&S*<6V@?Tx}OeJAv)gaI zgNSfV0C$EVRcqS=xmw|V%p}gpTrHO#86SOsAshpBnFj}Pv_6n^xIJkq#S&cXn#3yI zsObu~A|cb_9KyYz*k{afUMbN*JW#1A_?wieVBy%JtV|YFhTV2Dp_x?Z;acsY&z{_H9zwYwa{=kzr zISt#L4qz2$Xwe!+5~o*1Hc8H6DQfYTJCS$q3%z^i3-&i}-n_#$_dlz&6Ho40Z!AOI ztPMiX=0}&_sM{TJijp;#IdfEo2G9?vj553`wCz-S(_9CWcz|>OpGD(qZjF zh=yUT)sv$zUid-GZneEy%cfzMX*$i1D=DjHPyk0(xxTZ*xL>5bJP_3>p)qm4p$sbG z&P1{(Z9~P9<06@FgRM_*tKC`;2aopDmFF}`SJJw>&SKXg5GXD5?O8aEITksqr8&zs za!?mdnyf9nn{8@jtY?RIMtPDop1OE|+JRd4mEmK>Y<@~l@FFOwIoe4QzBoY^1rOGo zninR@zJn+;p+r zZ&FCS{Mz>ECqMkccjy@q#Ff>9`*?EszJGr6>>FwK>OUsHaQ}y!XRp!s_Ivj(`-NV$ z&#M6g``w9n`)I$$tDhU@{1l`{?;{U3EaEeZ)G$~i#a1G*$-VOs=^Sk2=8qe%&I4>~ z!Ng=i#E#76U;Oy(2e=s1uL}{!a*fo3#G5F6U`a4XC1=R)XB``3{=*KUM!&iPZJb@p zN&HMYcmz($mtVy}T>YW%diue;wQU$K5qD>7AM@}*m-cuQ)n4tYyF5sGQ-CoB?#H%& z)LGpmilrTdlD%4Vguf|PHN=TN?E=ZRHNJ9gJ>1w9Ddnrq-!C zk0a*YYBX~LK0)suB2*)##j>Tik%xiHu@5R}&A(Z7j71jW)U7gU0<;cx( z99eap9_1+!x{y-BI2#aFy<_an5}P{U2TC?GVYb&n*HmpbQ%2zW1P60&X?4P*2+Nf0 zEH_T^`HnQ}z{U)g(J0p0uMRlmOxMv`T7}^v-Sup<)TdH!?oDlX2oSPDr*mU)h=~s8 z#mTG9lRodZYh%<~-d@?^(Ta{HvCeg_I>((ev}PnnlvXn4baA8GX|f9LkCuZ0frOV=Dym}tdmhg$nHuVB5!QUz&M%3(?z_F`^wZcB{&O%;*MrJX^|X81f|qT_j~?m+;82MuSUiCiYG)vSh*bJ)U@dA01ix+|K+ z-s0N$kkTmlnZg4C6|UO^{b*_n6G}x?vnq|Vshn<@b?nM_ z9HR0ETC*)FSfJCaqu`T-uw_XeYp0)?lSaqFnRyu46|kP^v4-muZ6(@fQUoIDwRy~y z-Kp42PUNga{K016U9miBt~NfBi!G-2!*~c+sN5P_T#v%F1S0}RA4w5U4}uuotte%@ zFRKLH=w8g6)MZL0QpT$+)w^~ZO}djK=V_16;C3=m00e!?F!vzUQzLTJC9;!ilAiG% z7FqkXxZ3mE@peJ!&}liESi8nUx`7Jn5qI_`H16nL*>sG1>>G8n-IU>2{oMZCq#oaG zL-Vw7);+qdt*oEg=gtMI+300**>KQyT!Ji?kr-rjoad-LQWGw!=EFE@FK_&nC!cuZ zF=c)k_Wsu21BUaf=#$U9&%2L$>V4F^{Lx={`o^6;P+v9d0VA9}hCS;y3VR&Lmml(G zxfKTt24PQsrRF}~Z+x*W##!;Q`WsI_EWYasUOfTyJn;UTT*2ja_30C!cP{uRZ{7_C zE#SR|_DIloI`{$CyIt49dOi>K3hG<5x?qZct*sKy)3Fp!tRgrwK@CGBwVap(Ct$m+ zx0s%$(yl1XGiff?w3TcLIiD(KLdh-G&3!F8(|o29yRbuYW+e?rs?Kqpq3`Gsh&B@x ziYJGIB((*xJ)YZ^Nx7r!gJhAIC(Qiq&QT*eIS23d{3y6E+u9 zadW`Ul^N$t8R83rZ+p~|Z9ke(Bc@M@$)cd+7Go@mO;;G%s-9XIm3!9-)ox~=^@TZ= zI%GVYN5f=Ew%Zn62y=!Rk6lO>d37~L<4qG3!C=WqJ}s@op%4L3evVsjEjgtjx`nyg zMFL(q!pgfdD9hRlNs1mbT9}&ph!XswCtx13i9EbRBrU6&Og`S*@z|Ov7 z%s8rCbK+vuC@5!8Sd(zGp_-&SH-_cKR z@Mah%3loK#NI8#lPs_*CkrYcya%til6Q{++LL5`XnN06OdO#edK44e|ImOWW6voS^ zb*;@oy(=dQFGcD^KI^u(W~=jboW|DpU}$SpSI82tmULQkYMA>n7w(T0SPhspUREIi zsfAh;e(xlwwlO#OYUV9aeAVr7miI+XBT;%;&&c04IUWfig?If-s3%TYrw0jL=~B=Q z;&CM6IJoyJVW4Gj@O#>jdox-ULXHriG`W1!$Dh7^`O<&#@^ zvDC_o7Kw`*Uk(y0gIIR%aK)XTLkF5^=p8ex<YWIxWRw-#<+Ccz%YG<&YjHmJ z`HEC5U*b)KVb$CX$85cowQi$$=$%}uCq59@XSnh3HNV|cnZG_25H{fs8BFBPgzT4- zd=E&scvW{Z?d;mxL|^EmZL@6DeK#F!bGEOAc|1p$Tcz#qvc82Zchj66hih$ z3B=jaLNum8YHwgjqaS8|DIj-Ze4r63CRbL@#mm&8az0I+2{*D7VX>L$QFkK3(^4_v z+0NWe_t6$QrOR~E9+#U#tB{3LN#k9uaDKHG_jbUo2bfu{4YZo9Rlr<~!oz769HnF` zBDh<1D3{4RZ)}K2(oHk~P#Y6y9!vXtu1JAVAo~=TV*|+ z;b=o(ZZ)z^cHs(sIi1;5zFirI02gZg1ce#mtVk9CgZQ=rMr9}2oEIg}X;Il^b4k@5 zeW_=gjd5%(S;YADZ{Mhbdpu~!Xpjs8)O$^Q%A-y^)l>>u(?w$*2bW!VJxg?>GUQA+ z@xUSqG-VX2mtT70_G9n-)Ze}Nj&Hd9pTFlR@(~z>HC%`u!60f=I&yS*vF4)*#H;S77Vw=b=FaOowzxno$ zL4J>mt~ogcjBylIz2(|_EJ~od?s7-me&&PftQD{ad98jPbBoroON_lzYm?kBO%#jW}5hV;j77c6J2*^|;yk?jh)GO*|hV z9$s58KO&=Qdjv(Khpi2T%`ht12>667%E;36MSb>SRS$E!a=i)fn~9Aw8ly$DajG%ua)la(WgfO~Ji0 z0C<*Ck(YNM;LbKu+K*1b3B2`l?sxmf++`4^`kTBu>77R}5@ph{$NUt9;87ec{Ddbv zZ}6mcu?Eo7+}~_?wb>phdF0CH_Bkdr;|TpqJRD~&w3Tgc-P$-V>nwoeC=&d-jYz-@ zK~xMT>oh)K_#vY6fK^(5xWdq@*q>r&A1s;Re#uCUlRAUTta``+1+Is{m!DUk+}wdP zDEULZf~nx&R2znrByt=M7A${%Qj8gy7>0`+i$dT(038TRJfvt`_5lJ);9XbX9nB{m zlN`KMN;qb9=2#_nR9p!_%3zzy2`oDG3V#E95dZ|r$w`wKvMuEf?9I(?i~V$ z9gDBQX~8AQp^dD-_5^m#)fsGSoCpVEQoZ8tn3vZBF6RVfP@&KA2gsf(CvfUPARdlz ze_EQJcoXLUjx@Y_BjAe(N8`=)Qg*<4xbT&qE2K<_P7iRvVhf>PO@SWlm7gUR&vpv8 z?A19a@CL_iisov;+fB8#cVw7dJKwljo6MA=AC31S$DE;im=Mqgp=-CHyTN{=FXT2u zoj3-6ZvGzuY3a{>^2ysDe6QVq{06$N4%brV;wv8DRR{3?Fq9Wioe;w1i+|(^cvIyc zc>1BsXPMjgU0I2!mi2m%!s%(9F@bvAXPh0ck{sI8+;M6K&BiLJBAKmbNz`fd5$h{rsF}%y@j)F z`T2n)B4~a-Ib6P|ncMCVH%^GO z$o30@UHjuc(x*BqTHs(=DNE62t!6SZy8PM_AZcIv=#vj${{5eQ^2X(L>&d6yf&Tu@ zcYgGPDtO;d={_UCNWtnEa``8}=P78E_|v!F_6B#Yw89r531`83&4A~|=3f?!7*(UT zA_hN1pM%Ii`qfx0{vayHmVO8hfT+MV51A)^N`*4g0SguTD_8IwXS^pUq!^ou@ezIw zGd_?OuWW2L0R6cK8m|-ueh>-ec7fEpd_DKw^{Rb!1XLDSKhIm(?yI>x$AikW4vtPI>;%Nj0H z6Ou0|dEEKze#BR!&|*YHvBqb9HY&ziGFdXcr-8IHtLM2E8zZw``x?B7;_PIdDJe~d zv2iy?8dt2-U?XdhnD3QCyfkE#KTQyG9uQSCIxi`-nrf+`<>1NgM*%O3F^ze=Zl-py z-4FAH)~>UhnfY4`2k=O2ume{%k<5mK>DP)rfF!NilxQZe4cK!*tq1Tsa=C@-4IL5P zES_xVQGP;mf5y@sIyqROfiEnkhLvzZV)K}ci^F-D*}WI-$Tr&!QvlJ`{I&>mrNkL5 z^o<=0W&6!2=dpNe=f_!)ACRT^oGS%61xa0l#qGB!_pV2tQA8+nYC#kxr)iKCw=Hp9 zCknj1eE*Mu9N}}~?Kj?GGVTufeokkcVZc>@I8ByEc8l^-HeJ~@1ji~sqoQOeD)a1C z&7QP`Qo^=1)s|z9Y}{F|Sc8MCR_B4~vSKB0%GjhkMOfz5kOvJakqdq_o{|&?`5qC( zfemVswcMrpado%A*LzGE;vs41S=ZOzMCjRawwrCqHMQ^w0G@17KEv^bq@{8;hmXf& zfCX-IIzXGTP&Y%fsQ^3@Ka>S4WEgy&3AT--9Js1(GrGN07oDIRyRn>nCHEOooYiqs%% zSX^;l8z^HYE;hs>@4dQNY5*NYG=YT@Q1F$~N_@yc(SLsPxo`OpscO#@&~WjLz@AxC z=;Hp;&>tJ$$4! zWn>BHRKKMk>C|>k=@U8B(^UiLR#H}RTO2O0?{A;pK_IW$Vppdq=LGmSj!C0t;RG_l zNmea(k+XN@@I0_^-<6_x@=z%w_kMu2N~lL8G8d-~zdnm&PER$cq-L9Pm~%a10UldC zkcg$O>ti3!hGaF}wN!SVBtF6Ci*$in;(2!$wv3o>qJ5t0q6jPbhAK8fGACko1?d8U zIl*YEn;Wv&%D4y(Oz9|cBGW^aXhnx0~&DB%Il(HUG$5Uzn;QXNMS7roWsTX%+tlkL^Z2`XhC4v1u~+ABWsO2+z1c$Q3fqkH@9!y zVKV>>$VALUy+^mWUnuB#&DhgTIU>7ZCA4iCCMq7xR*9oX98f7NRsiS@p#UFmC~oZs z;4P;6QwTasDosVjP}!);!XK7<*Ye!6HJUfmP^*zCMivvFN}J``DzS!Du)K2m`JKG5 zjxhx>_}pfUhArxHviH5{*usGbqcd9Qd@A;CMTm zI0ERC*pe*QAC_JVDMGFJ>4aRV4woi;R!^dGoCb(*#UAPMCXI`8o@D5}2tC3CsN^h| z$T->(go9xVM2T&_G8-=Dsk5g-dxsH58r;XG2`{X^Gp1hAd3L_>mWHDY+$!6dZdgb` z+knSfQE|BU)&L4ePY5Atx_tThZ@c~Y%(|br&E!-c^o5P|4bqfUeoZVs`kH-t?E|-O{l*dmz+iSFaZis> zAg<@HBCR^hpFET9LHQmQ>q0a??oSD5Lo(Ss>L-hyf~ z0XZC;g}!MdGr};ijN`L=vI%4dlkv8mfYzeoOzS3qr`*-u2H#b7j5(a)(>lU+psi%a zTBlOhR}gs10Ivc)!deW;nMP<1Jy%;gX}Q?2BChNbxgaNK+xaa8qq`O3?{E-Q!ik@r ztrYRXzU$`JDs*us1T<(Xq?t)Z(#gkxOm1?lMOuT-o3ixL>tF9qA{_RQb6-Jb%{6`FV4BkAOFX1AU9!k7 z!j5{UEzw~VZnB*-(cC(7?V+57(q2nRGjZhecd0KaX2Pu36e~4 zi1f@%VRYS%f(;>)Q>5BAskwFn)HS$dvCh{Gd}brNk3%Q*lRnF0NnP{}HWzGKvZD06c3_}M31}kMmeyUaW7+~+QtL30fp8S$>FPqEW4BTl!ggn#&2Ya7 zx7=akE{w~su}?qo!TR8~_3qiD@!wYvUqWub?bG)aMEjzGkR=K=jGi>mUB|D8@kUxz zrFUOdd>w%o+U3_?fBNQk(BM7HkLf%KKmgkcU`K856-dDRbCIwgajyLZcEE28xhAN= zdz=E|fs>CUjTcihk$kaRvu4E8mDmB>uGRk`m?{Y<%kPbwBj8X;S3N)qCg8K?YS0VE zl!1`$0f_L}W5*6y@R+60+2b_<_~L5(zXMo5NArybWKu6>S3t3;QPT(2#G_<$uv=-M z5HS`f8%>{^0QvxT{o3Klo8R&4-1H-R^q#x^#NDrdyMWF9&EM}=yItr#_xo_Wm$(1w z&Ge3_pnOZBA)V=&xH}GWV$(v=Axa@9Ca$5=HmK0nqtC3{ZC=f!@qA^L2x%|X1`Gd@&|Lw}#A$HkhpeN&h635}xVpmHfDosDxaMa!jb zR6;qA`h|*~@XaAQtY&2|1)Emyj%+>M9wyO3J&xCqi}?W%!>zkoZ;pPq^exW+ot=+o zi$PfR4(}&YLAU&QtWV*R*sFkkrS=JOQv216mkMQyuxD1MG-I32PLR8==BjG%2-n1R zFjg-{VRrDdk-eXc<{9AZ12ee%BK7pG%P;=mleey1;CBPw<1V{>-&53tt!=qPgrbB#I4cNBCUghU1h3RdZ0^V5=9S&Da5sKT{zlr|!OdCV+s z&Z$=KZzjG{-mNEtG@CU$x|dyQ@7N3p%4dJYMVJM3Ti;yxn(a3k=TC<{9W9MQLsxFJ zLvk>7;(QAClbs|vSP@Xm!{OZMbC%mJ&cX!1|6^oabl7fZRur>bL2*~lgS??6R6H=8 zmPjF4+I>Jc=Up}uTNRc47zgwmW%q#B^ydV;vd04JY4*HxruHbE$%_!AkW=Agu+V@G zD{;I<2!tN(PgEJ|dx9Ux^QprFX}0n=YIDT5I2s$S=w80>>z;h_lLi=It43k=96Xsm z+X5OY@?Utue}LWIe*LrWe8$Wl#NeO%;U}NE{KU=ew|*N?RDiq)J-^J0q*BQuXSERO zHD|=qz*MMuFY0*fYYDu+{L|N;zIFGqSOUtb1PGb+s^cZ^Zdu#wG=fqCClife}p4ZgrWB>Z* z?Zv$#9`xtz`_+A7z=>ZAzvqJYui!nQ{znf_-nx5HL;jmR7UA?a%Nw28wO;kd0KYl}NLTbqVT^Jl#TQoQ|QY#xq2H>kmZglypI)YW>s zU~xqY7#=8vSbysRu!x6|X&tB&PfNDmJcD@?Uq__t7@L1w@W^|rw3qm&@ zHCv&_0epOUUw#5?O1pgB==SwX@|mX}x%1vdsI-)=;rrY`LUX_!k@j0dv3bCe9UMe& zAO``p9svZ|1IFT^UXq~WfdLdzJhC((M2N@k>~o1IbV$4%Bdk zYYDYrAeHl`q)c6jA?$hOtnpOdT8OYk@WK{`X))!Gbz|+3lXZ+Xn}Iql@VgmROd|4V zw2o+H31ZhNmW&_^tcZa)B+HN~2>irO0d>0Pd6!_0AsHM;o;h2RCTh<^SCR1uWcVP& zu4=qE6DB8Sl7s7jJxO)6SX0nit~Ai`?U53kVD={k>pPQLg?+Xl+^`~w zNVhf~5cZ9Bl%p0#R3f1HVS&@RSX1J#8@mw!ty4H>TUh8eR>nlOGuz9G*AbIsKV$&! z>A`q}KsRQ2eOl1)q-jppgqGR$rf%op_wrD2FgV|f0)Ey|kb@da>5#d;!j?#442Y$1 zKoO$o^&uR)^w7)4g5J<7X|32?*sd!oaC6j@ig!Ti{Lfy0LjpWOULK#R02;Xt_Np%5 z|NTJs|EIQ3K6BqO^y&E(daD*M!h^A_25-sxfSh9K!#+NebUwR$@t=YoD{T4XBiiA) zX7H-pw*goT#+v{proTe&9Y||IN}P$IM$ARw2>J&AoF+T~btKgXn@86N0idq&SmQa# zb@`FsfBW&@`qCfApx}Ph9|H*-$YeX{F`We*1E6&N+kbWQ0p_b+0U(>d@+EwQE4cj4 zKY9E9%MY%efK=$Sw;#GAj}5y}MP|w%+^i(fjv3BamelBOw9i#|Xa^q^DFN*|DBhU+ zI^x4^vI>SU8;4=*r3o!Fk;_j5<6tS7Pld~xD0tFR_Oirt;Ue2^H-Ize!(`z%`-M&l zv-Y&rfJBmuha+>>4I2$W?4A zTBe!JoGv{d5yn(-ON0Cp8#l~pg;Ixc>~Bhd1C$_C6V9*mKYi6(A|ihWJiA z6kTZ?RBpNUOc!M3Sg}=6cObR`Y!i7&iQE~$tU#p((nki=o_-rT^1J;B@L>J^qZKxR z0d$jtR#4*Z%o3lk^To&EK&_Tlkf1oPrD*sP*nx+6;>#t zSld@?*f~+DHMD1*9t$QmF4vpBp&W0RvULNs>m9dDq-llVyRw+&NUT@h;43uTdxz<{ z^RzxF>8xKVm~4mThTkbZ(CSSV`N7$&WEL={UE;23K1eze>Vs%0r9pLa)X7Bb=Z%?9 zKw7^;#BDiRo{u)ww?KLyf@ju0PzL|m@^ z>+ zByZaNhQ+5;=yaz6vn^EzLaj%=3zGnKL-a0BbQK?d;7&ydwvw(xPdKV)jF{gIpd0X@ zPFiEY#`lz@vZOX7hJeMPhGK!WhiHDUh1r0gEdY`WF`Bml5Q(^^SYKfP&=dENfZexi zu42%g8H4Rt5a?`A`RW>vffDat#Q*k#ieIp~T?-P~bsK7&V~Pp7EszB*Sh#i1TwFdr z0YV59ZSy#%l?{|Qdw#@aE>I!pIiN&V_);s-U3@SOr#2>P1UJ{hZp#lg?T%P6Hj7}1 z@3$*1t~RjjQOMwkeyeWgK+X-#MQacW%i%_wnRd*>6EY)sei_+JfJWVsx(4#*m{+Vl_2K#N;#`^}xj-&|w3|s|;of*cid9(a?<2bzLEOp8BO; zn^R|x%{68d9<5Z^m=icmx_aU;ps!^fTjY z5_WbU{g+I;-8sS2ey7*?D%zdeF5I%i<%C5|8LD1u zbN`+x1rZ#$GN4=sb^LRe2Ku$cDe!$jomwdzI06 z&UhSK>7kMb*Z`J;wyg(nU_;>V+4;*6)USjn0=fl$1W+O2T|HlT|GsOXvuzBrM%5*lC=T%GCDWHVFutnssxN( zTsYjUOV|4Bh%fA+2i>acG0rrU+D9&nt+9^x3C73}4LhAg6-)K>0Q%{oJ-L|7)X-nA zw#>;N<44WtcXdyJ<_r-i_*jNb*H}P7{+zpuT-PTfrVs4pK}AksHg6B2PcGnI5%A93 zk(Ra{u#To9>#*Jmh5%&|4yjkd=l z$R81#mnDP;QodR`^NS3m#-)gE(UZ8Q=rLY&MO?A+D%6Ah&LIxxO)}9hzx#LJvL6$b zd7m#1S||pr)Rho2&|X5$#z6X2U$8&-^yUr_t61Fuaj=o&=q`&^*_SJVgT#BxsmR+YAh&$bK^5mF zkGAt&q8`@kXt$-f*?G@-6oj2nmt=zkdBY^JNKvyst(l32Ul;IpJy8{X6hYJS@3 zrV_xN3J~cL4#j2BvOt7({c1OLWtQ5N3<+W8VHN8@1c=8tZw$-j7N}hEU`fi;tq>l3 z^@vH^bC26Q`-m*dkc?oqis$B(`}}kw+d8WP_f9N<0A@O^pn5zNVspncMN^-(^gBan?%R#CVF!c?bYH1nwvv<%LclTjWXK+CT})%X7C&3Dr& z4_VdEe)9J13;fS+KlK?Rx|d}kFT9epZ&OQ3DQ$UN@u2(TDi<&=@ap!h%Nq&+$G!@m z^6L;K{(FcL=r?2MJc&h*cFs(%M9JpL-n_*69*GhNFeO)i2jbRql6C;h?(<%oN0Jsq zWRRhSFG*UCq3-)!HwGl)&*jbsQT%dF2YlyY&cYQ3?LnXBBedD$u*=ZX0A%B@`dsMV z>CS-DeW4x!C-xo>3oy(6xr=&57=qQnZ~K?O{4*fc&1=&Sv$K)yX?4f#N72C@<6wMe z-tt>g-ZL1@fHlUekf5%Qa-31)d|dQCGn!CS&^}h|0L!>c3nV*)$#7V)S$dWhC--z7 zp~c{fcowa>$z;88t36V;=Vdo4qB*o2S6p{umC@Jssd4$@_dosksff~s@wsk{B^uF;$9Arv&d`E`h^mx)_jd60 zmEdPqXtJF?a1%+LP4dnH$AAF1r>%8RZconn9Ep6Y3G8h@@3CYT$DrTrVT!_+^NR8} zJ^l1OdVab6uWw$zk!{c`RKsqzC{;ME9YGlH<5}DUu?YWX+pn4#JdeunI_eOI0#?_M#y#Kn0 zp)28e`M$TG-duilbNlh{<|qa9dM9AC$O?c#54HjUBK=*)0z&;)G?sf?nLpafHOIXw zF}|v?TvL>5E%fa2yZ#19IjVA*30u%nNH@Wbt-LG?($KF)4cniW3p-0=HFilFbRS63 zd@FTMmUe|{#wWWmVg%UU78b-Jt@;)q7y`uxb7{P^ogwm3E=m*{h+)Q5eOOr@meVF7 zaMH0|?AMku%-kkg-vtzQkYL{u*K%?spb=i_E-ZjTW(0b$*HLCPnOed-%o03xs^y#M zYP<(ELQS~dOihlzTNUA`Ym5RlmuDjY{$53;4WR_hTYQ7;&dJ!&j8Out`8XG| ze!fN*fWT_`@%IoTj@(*%&`u=I;X`4MJgnCG5>bc4k@3&AXpx6g*J>uzFvG?idsCMm zd|olQXw9CAePm}Fa+qjIrg!;|fAPu3?(h?a@J3PsrA`D8`4wo72fgK~KAFs>O@2Ij zO{UQ7zB|}3ab6YR-^IG!ts!h$l8a%v7HH1Qi5hgnn(}r^oW$O!6%hS4{eD}3Dp5W( z`wcu`;-CQFJQ}-wos@mtRExf9S6MwBdV??UaK)p6c1OTW!BKZw!>5T})cDPWk9a~1;y1Fey;6fY;3yQu61cHh$ap~sfiN0G#} z+PEBk-|h7BrR|fqSLMCb(tHur!J39uEXQUITJj|Dwj@fr1GWa86UE^eZ?<6c3pRiO zME5cNH&=5^U#&SFhcUdYIllcjQ**q~R(-8ihHKRU zy{GJW<2{wc<%@4Weai)aGGHP5fBQn?T4z8nrcb;K;_t3A-gk#1phcg-`+`x$*$N9O z2Ex@d4%+r34B;>wH@n3aCTV?}l$$e1jp+zotw|~2SBl{aYCb^?vRZh_(!eTQK2^&^ zm`>NK5VJZX`p`O}xINJQB3LtmRgX4Fs$CP-U>QgZI@NzmQu9LX5&a%a3MC_#TdHuR zu;7q#)@Nman4yKixjSBxOa z02$yv`O&9O?ikfHT`wnsg>Y_8Zp6hcJ7+beh16ZRdXh1-rMi^%=wBHE|?bvAmb(F5DbWI6iJrN zkvfz#tKHYyKr7TdXodd&A;du-e1*z>l@O=D8X^8N4+Q~w^~zCj0}v4iKo&s@W_#_$ zdvf_-v8Qi+d;6P=@T&_3cE4=?;nNS?8GsdZ!Ne^GnLTE;uLzbZjebQbz|oH=={yP8 z;Hq}2x=oDD9+LJ-6V*e!RxyxK05qL`uf*WX6C6KXy_8Eq*T$`@Ug`>^J(dB&xn!1TtGgBufK3{6sEa}0KJ%1MiP5;_}h zpjT((c6}J-swJnx!!z(%_RL(a|KSD<>^n#-~_-5g8emq=+3kkaO19Lbk{@X0q`KJ?iq z&>h8y49q|;S^`^2#6h>IwV;EXu3A&WEfI)J2@{Ck%pehv;N-;Em3nMJ=N-LnXC!vW zLHpS_fxCh!Ib;L5%k4H~N?panYS$e>JF0GS$O{?>K=nZ*WcMqCd_L+9aFFT>@xeT? zE9ZUBo#Xe-MFB*DX>B;JBEk4{QmNfu?*yYg=d767EbRDTI?QEq1~>)iCQ}>G$Bk`M z0RWtHUYSDnvO8;l2_(a*-wVgd8T{P#I6scko&~?qCZTjB(zHMK(mv$rD zrL`m(+n}XXl1fsQYA=BotyLvesZ^y}RDw{(Ck#Up51C;1H`}xK- z7@LIALcy1tT5BWpptbKBhXQm?EqsJF3u>=unv|rKc7NX9LRHomOs{Hk?QP64&LkYI zyEyL<)db*?8fK7>)diJfWvn z9&GA{F~YYMsj|Zd>KNN@1zW9qVS_^ET9af90$i{)ijL9YTuhzl_1d+invc}m*mvE`$PUGnLLi&B{nSee&* z3r^-u9i8)uYR;wUAgKZX1ZqEYzcKFu1$CkRY6V0M!jAjs~IMw3B?oJ?dpY8u zyV@Y+KZiI7v_XgCIsiCpf0;N)HwJM?ZqhjuuRAn!rhRZjOBwCfaf4rgFZ^;fEbsN$4EWFm72vi=HA2>0wA*oq&-@sdTAt;*6R~BjOq(?=w^#J!D^#N}JraU;~I% zJ4+DeaMOANv}(1J`10as&6}@!#~a0oGlxEOc4raZ0W$PFSb4#vlkJ_r`Nhhgo!)%9 zJo56MQo7Jj5W2zL@kiquEyqf#aRzxU#|9h_Me3Uucw6OuSC$Z?R=d2#a--TE$T4&{ zVpW_J_MkT&k-*HGgP0g>-gdpcx4~QrT5?QPplt|kh|vISTyxN+&+*A!jl;bcHoCRW zaqn@uf7=H`v!L2(7FJ7DsOc8Qqx z90oUszi-{sA%L3wN~Eq|t?#b3Zm>-QtZ=usKful_#xKpc20RNrC3yDgIS|58xmfVp z&a&)8X));XnCq$U{kp;Bs%8;UtQj)jpw)b{p(#^8*^wgO#x(g4pri0h%H z3TI;i9{oKy`SkcOPCYZBHOxa%8 z+jrbj}eL3&g$!|LZP+EzLN-SkioKAb@^Vq-BL2JT6br?SsSd;VFN79)GBBTOtMfb z>1;c$I&B^}Nan1+q)8G-W*fIL_MIVXccf}S?6N`DaoW`k#R>4?Md=z^ZNZA-7O_W}jgBY_-xr*;aVl48rMLfu;q*RcF2r-hSiz6Ml_%BIlS4%MOn(op-Er6x7=5S z6E$rBdXG!`beFf33ZTe$K;aN7KqZ%?OM{C7*6bs}8trs4iD}>m6xb^0TvU-d+qJt^ zBariW2MFZjkmakpjzB;a3W_B6e&X&AJoozfWbAh0u?t|3t0CkBpb+@KdtoAC7?3M=2is1cohiRbX>NeuIwygzKf0@_A-JqqR*nn^XXA?@BKA~25 zbY1L?7CG%zhgsfAy*jQtyBM2|6@*;sEoamo8|c`Q+RaquM42AZOqzl-Vq)%%%3v9K z_90Ss0M8!F70qB*x@>9WMqRnKUT^l;K{d+JAa;95dyv+b%{4xrImr_G!H!@QT#D`3 zI-4{*R@6u(E*4{)O)|5>bL)*(51!aIp6?3_<0cZ=*r)9Ce zPI*>LG=^Uo!=`R+vRuUquYmxi78(cMAz`S^@mP5Vm1oDDEPeu2mF8hF(R~E9TOwm(h^=YZsMP{Oi* z04eY?7Q&7@K&>ih>=h1rlz5|?4VxIK@_n+mli(_)+0X(=&W6de;E)C*CL;_)scgKS zQ`J2kOA=CnCRxtKb$5Y-s$6oV{%!#mnnw7$0cl}6*QT2-YFCVj)f&>T17{1WA3vs5 z!x@JG(#(mGx^^gej$Z>YexCBb9;_s9m-iekAm6=E0 zmNW^dA}4dwB{r3MM@E$HKG|DtFllkCYCUsW#$cLZIy2ot;cGYPUqT{$&L@aD42jo?1F0rJ-k0lQYl-E3vsQ-`?&R-CVwn1k61N3D*x+mhu)51T$M$y zs-m>$Ej`eOcU>u60kF8o_BUNbh%jRHAf_Kk%GF7z+SLH>Fn=tQT&a2PZuzDn81l8kZ>0zhTGHZWuh;G_ z*N`hz+ZVN7Q$;l-r62~Qo?y4@NQD-L%doa3^M&bDQdXJ(CQOMFqUJ2!{mh0mo?UIT z0`$`W@+e@hI1r~xeoiw@$k%}~E(;y%YA7ePgI1Atz-wfd)+AOPN=eXe4;RG{M+X3e z(RaPz(3)!*2cmnO^9N$QumF@s5lz|N8~wGSJBwjjH`~?SLRbwe8RFY8iMK0xm^boG z(2heQ9H{#hwvlH3ya~8Yw9d79s^e=w7$PQFPsX*PQemVSIoE69aNJEH7^7b}gfT|A zNR|(x6gN3VKrKaZTAZ-5mNTr?8E^SHj(cfOgY9nw63M7fH@d@UC`4i0;P#-voD{@r zSokSa?$;|tLBa*3?kwBOH9TdQ$~G>7y*-7L?_^%22haE)~4THTf0; zr7M;-EOx<?or*l3%s6p0W3ySCm^PST7q$#)z_^C*bXVzo%sBy4m z#m)>U<hG>!m7z2U0OU)tzjMl6JYq(P}-A@zpOK` zfpH0NkO4bx)S%5a71|JLby|a(1rXXgoj7ku{QUCE%(@B=qz-8J0fBbhQ~HPLk$4G{ z!;8J+(XCV5{Xrdi(cq))) z`6XUT-15fpyMY>@j4Q{BstxtYBP7gMUi=a`Ru+#Kv(W(Pg~fBILpY)JcFzE6r74x4 zqHezPknMG)i#CQ;BnDN0D4QWPCRg@S z+jkGS+MUe%)z*655-OcU97s+xZrC}aRlr-*R}4t0&Ox@>nHW%uWI!Rx zwl%X7V#|bpjI6i)@ubrQ3qo9BOv~G91h+DMYbMZ`29Vj^j^C~)kZM3J8Hwo>urURP z+o7nDK`;kMDpKPji6}^QMy@tqlSt^Ka6OM*&+4GD^Ig2DQvH-o`5o+^(^wuF)lX>U-OQG$boGPOv-`a8mQ;pwJ77HO36&W{AJFJvny zm({>7Me&v)h>-xy<=t}xT_~f;)0Z9?kk1<#;Kl$x;B^!(pVp`F<$MuC3<8Fu>tjp_ z<)7P!hM*1rf5yc)xH)Hi)80eeRnx}%t4cPkF@+Rs$V_Gi#0EwA{@TZKW>gvCt-=A0 zJ1_u&3qA#N5gDh#Krss_X%A<)#wezbHY9_T)m{q(`_atwc-xwr4#Ll>F|_uplR?Ex z+{3N{Btl`r0MN;bQXkmFUSnM){rOO@TfqcMlfLFmcI2YN@H@~Y8Ahu)*|*aQ(=q!2 zGDDqw0p?}~8_i}K>;j0G+HP`Bnz@SIS7tqRs%|m8-zdl#>MjF))oO4`v%`-!Xt(aJ zzDjLX={+;BL)3x#C)g%C7-=&zvo1tiP&g6Y!9qq|G1Z-MUycA`luC7LLgceVBW5EF z*yu?G$DB-cw=K|f%+=PgN&(SVLg-rg;Sbz=L;1^p>()CUR{a)Iz6k-h^PP{~5+1G@ zNAXfVFMs&&-aIS6{1={l@XcVhdp@TWSM#Iqo80yDSA z?^<_V*@a(H-*Sul09dk*p0YN82#=Z^*u$S zCZFE(IyMLoX=_H$+QGW~L}@JXZ@KlJw;q|OFeqCawRVX>g7y{`bivmv-OJ1%%TImm z*4v*xIh8yB8w1Mm$|ZhTh&ZbGp%9T9<*&c)CJJ4X#;nUXjZM0Bn&?~_0q_S!#oe-B zW6aH{J(R+?>v8raM-+ zIhbHPi~=}|aU|ZYsFoH6FwCGBIRu44mQ=mo z7-e!yLb~||VfRAYnk^-UZbF}7n2%DR(0Au^apC%yzSzQ6Y0c;rNfp-%F0htPobP81 zMJwW7(@8nmoIv?@IqbCLngmr=vzl3;K3NNMm!F$!t=?(1b)bS}wD0qIWX$&F1nu36 zpqzH0=@^yx58VC|1atsE@`j?kRDSRbu-s`Xi-=B3>Sk4On9IKuW0AbU?iLUA_+3<_$FS6L_6)?{(JQ*VUeT zon>u~UH`-=|KQ1+kQ8@fG4dfp&fvOTZ(6{en}Aoc6H}gT5s$rD3rzTv9p4;I zru{WC^pC#w32cFhvru*PZ(0^Tt*U<^bNiY6E(#naQ%UNX#lnLB+{lPGr5&g3`Q+FniszlTB^g>%qtOo9_k@mwNkw z2dCK`xz)MEIG+qdl6~~i#pvC>w^h&4^?EAN8dPwdN~o}-{djOfFdpRV1yg9bYKj#- z-;aF>PCen+pUVJfLmte%#kG0KcRdl#ZL4>MZ9fh&cUjM{9#dg)3a#a?wKGqHmkPE9 zXh6g0l^ewfH?L*N-PN|VF*QHtoF0cz-BC{#bmU(2Zuze7z5U9g*YMGU(YFGc0?w`!<{)5>(k&GA zcw!#5#p=>S$EpD{p>I#vxrMZQCdxxPSkPHW+b%}VN3;1F9W?q2r<>F#y2E!2(Ep3A zNa~mc5R6B$H|fz_#0|DVF(kt2M45IKPfBJnqR>faz#LX62>L3}Crnz>7=*i(S!}KQ z6*S)t%-(wM(}tbYTaxM3h;cYqCQ-EQ#Nx6A5a<4eh6!2d=sO4TMq~onIUv*BhM`e$ zm-q^@He^HH8gi`?h$xT>B%K*{a>zPr_t+SdV=QpcshWFJ9#Zij8*#R(SCbA^tdRxm zepiHP>eR3!O9Mxbt41|yjNqo3#IQJQuDTPdqE}fXZY*NR{t2K#LXG>)yy(@_?l2+R zc5Qx%c17UU>B2#rxX`^9CfQceq&5pi>mdwRlgW6UR~apq7TLrG65l1i{;E?6vgTYH z&h94f9i0Ocqm|CR3FZ#si!j-o+QF*kYBuuP)ehy{JbJDhA0H8{S6u zYgJ>7(Ol^x5V!`*a#A2>*jJ^EMX$1|4>yxB&>?LhB++Wf>6MKVZbr0%S`DgA)p$DV z^jllGzn-<@)L$_xrkSXI5sqfa6lmauSoa!M&9s9xT(IVFwpy#jsC@jLH{WpaLqB=* zbKh1fKXLng3?M~CesoV`({4o5SkXoe!KB4(I-QB=7@PCz3k+y#`9r;1^bM?3d$+#z z@{e~PO>3J1Ox&MYTQ=BPK(9!QW`*@8ko^Ym;aT3QLZ#HJ8p@T}{?|SN>$}&~ z;D5)!zJuJ^1yx+$G&Me~WDR$_K@B!$7gQI#h|d>Hi97~+saj7|Ey;_Q^>MB0ws=OG z=VE;rw-&wr9+Q|R#bN~0Sk`l53qF2`?HFs-sf=jFz=hnah>alum7rXH%nz6I$Ah_S zD*>8zvtYNS63Qwc|B2ho#dmgZF|T-iXYDxaJASabV?v-Pr1U|lJSk6xIZ)T50zL6cBSXCK_R(!*YA<-$x*6f*ZTnKr)S4MPvwVtAL^^w zu5ndgl|&72U-GfM8{0#54D28HQ#)>#V;dqikb7h9HKY1Lf_3U~v^S4y+Gvbju3=T` zat2TV>kYLFm<0we6n}POa46gh5M3B@--MD7=&hh?0(82jJ%B&w#}ZL{1{~0pAztMb z?{*N4aQ9bw>*eo+T>qu+%A<~J*^@K1IChTSaiI3dVrGG$H_L`{vT}`1+zY01W7PtO zcz2)4l|srquhlnz4?9^9fF@jdji6A$$g~d>M}ZhvaxhS15dAcXHIjqI26jbWMOxKo zPKe6{Sg!V*23rWPKwZOZ;uMODIa$y4V68f!Yv2w6dV81`Y~X=tV*%uhjKH^;s_l^) zgl3Ni6MGDLxj@s#XjTL*s=JE1<09tMy;@n|g=pu7FYg?7BUu zD-5?Vg3VSj)1=9*l*ja>*W0X+dEAF`F(+($lde3JW07(Sx>H4qrRDBA5a_-d>Y`{8 z)?SU3+^gaBs+Vu`N`n|VjJlfP8E0|>P{pnD9*yA1Caa<*TkSEd-_up5KkZArEiTf6 zq!qCsNe!A|K0o!Ra%zUT$k9^WZ#M?w-k3)7U`urrwmo9ZF{IXG45Xt7fLj{RCyFa9 zw?HQGCvJ?Rrgxj$2bxulA?Ka4i%G7-R5iQaC|v#T$0J zVSy{i)?%TC0Q`HLwk60XDmcsEHQzgk1A?LbiQlW(l?<{@eQ*o(=EZWb((Q%S#ryj) zX>uEX=eE7!Q0>FASR#EGH~{8U{=JXfdizPnZTy_dPIU7yngoK_SkR7bsCJ)W zZM_)zOG|6pvz^BEh886?@ihq-U~N4nM#G|e6xfTq{Z!bcyHuYh(>*k>*r>Hc8cVoK zt%$S-A;{h!1^O`EBwMd&Lo{f(5nJs&EjPt&R}D5pdsMgr4qi_+4at#AE*l+gl&$d5 zc0>%ixqu^EY{Inq(8lcMn40OVK%&t8?qrquO7J9cR~^wQH3d4LZE2e|iFQ3vih#BU z48QS;-i7>je8Bs?c-vlgd4z3<1AfdF`A{j6smaaskZZ0X0e&}{R0hB!jC3B`RLyiN zCCB+!%<|oSIOow8ZE(e)Rv#^Lbhol`5_RFt8jiyna%Y1JBf;8X&Z2G28Q99JHIcPv zq>p!eZYdlbrm;ZBko#@B%f>uUX4JfwtcpqB9L7!pOT86P4d)TghndU!zP3S$@s4Tk z^(35WroC`CK)wNdF87#)pW)d$LxCMk-I%?*3vd8cc;@~x0^6j(BZjo;K)wyx(bi_%2J+R!uYB$!)8pE`8c}mtIbCg9sI1yU-Ou#CZtl-^BugZ9lTxHcj zX*+B`$b8gF>RmU^`pCMF0B;WYfxT&_3|4+~00PC~jM`?Dysg#@4#M4FxtAF7iAR0& zMQ6i1HL%1Tvu!@rx`jO{!<7Kx+4s=Y$GLG3UCoW7|HQd5-f5TY6iEV!$`_m)+kI$O z+}o3!L>xIt6^@SXF>GIIv=PlN)7YYW&jH;9nxDX{f4&-*HV~st?UYNwY(oQh&n_oXu!ddDqEi7lzn68M()b^4Vh4)#(PPu=8Q3fXv%*ZOtWOZ#tr;4KO-4F>$`j zuu5T1yBTiv2AbW+`w}`?67h%xnOVhY($k=0AMyZ7env)`HU#I8z70~2(Fl*aJJf|C z5E#tp3c)6tG8LvxFQQ>%(sk8&zDlzpK@L`2J+D#KbOo8m4h*Sani3j& zxxy^gzOZwAi?vd5x@D0@RITrez0}+$kSTds$@8GW2DMrNNvjndCugZPu_R&WQ>~>J z7Lx_0H|D`IY#U%GpU%dK#Wbr17%x+L+((Am3KF|GoCtFP5~YFVFmxkY-DFB;3@dW9 z?1uE5?5ACEJlFhHpPgvCc7GU=kl<=odXobn>YHYNrD6LP{GzOg2HxC1Q#l{^tD}wRb*dG6)k<@Y-!WTb zFi!iOBBT6Sof=V_+Drh};MOP)UwgBD-m0#6O&lfDF1z$#lRVvK$wp^)?sCi=IXAZt zQVX(nH~kge%oqp8hR&+Z#wM1y$|PldfrDk7o~cOC0M+7nt&venUNuN@%4^WW_HaIv z$9uO@t7?#)VuB!K-*+nW>U5Q0GO3V-+Y-=pL2d{?Yz}}MyX?$2h=)xTn%*|t>HILU zW!8rM`9_#Xm7eFg-F|P@rJHt*m%Dyg>lRrshbX_!79c?(G?`ZVbhhpq#yIOTLd9Mp zbZ1Z-Lh|iyG@>E0c~lHNMmID=!hvs45m&8w&FzU@ao6gC8kBE0TxVA28!k?mhIdeN zWdX|6p+585OCB;PDx4jy7(XF(X#mRYNZvMSE3dm+V=pdEqhC`;a$5y={ECH;qD_UZ zLyB;BwCr>JRmwr8rZXTEGnrJ@CKBQWI3iQ%q-`3Iv>t4`BdXJzD;!Vt*ydc>NC!0O zlHfB-l3om14UXJ^bkrhc>B+7?ggtb(vua>-yyyr3Hj^M}nrNwLXR!>polM1L{f z*cs=pvv~|zuJUG6OLV%)Xw&61W_XvSs;JTvqfOUowHB&VpH*#Q`04Q1$wdboUPNQ-KZ7sU(+%}3jrdrKF59*vXj@wp?7}clCwKS3K z1|scw;K4FDw%&GvMXDFhaM9h$fi~?4gH98~+&a{LTY0VWV)d(aG_C*TD zLU^A}FIxa9U)J|X&@*X#iEo1`fRd}-rKWln!X@o$sD-^+>@k~ScnMCq_{W1=U%on( z10Msl=Se^*0;>_io!)ubw!nbTSbq5bc=EAFG~Qggi~{B(hPRIw{}Tt02gWa$0WAw6 z-e8-1>bcdR{#=J-Xh_tz%t6qQ?+0+=`pc70&6ICkofJ%s0YI8!-Nv}}oOVZ-1p2a?2rd?HdIZu!43q!-Kn6peU3!|q%(1`Q zE;%-*j}=E9s01h9Tz7PYqG3k}ni18A!O=?x0NW$H7UtPwuNMd0zXMrwi6JWpRiDJp)#uA?|kq9*Ekd~(O6sTN5SkER>0hnm^I-Q=S zrc=MYhWv4xZr1lyCPh(EpY|6@!*+yV6il&cWvwG{(Io(|+uLAJCtuRZCP#UtTaBxD*039!p4(wCJg8)q<|48S4AE-Y z5>Mv=r!gpi3&iHe(`WsbvnIw(Fk&;Fgtj`noxr+V$KwH-mh` z5MsYJq7D;etPeQ2k4KoUk$G*n986utPHY0@N8xCIwff#bTIT|woJL9-HuL(}kfD_5 z4;HJzB!S31lR+EmVujV0JEWp4r=+gY(qcW6?lz|hkcxDl@1$Vn018tUm9LP3W-hux zW8cW^1oXJQrngfr8!-_g2;-f+;Cpvp{UR?efBnCM)$9DP-hAzSqfv?PpvME@Hezpt zYxPzQt+td2RB*Y)x-G``LZDYr95Z2XT(|nU;L^R7){tprE-j!~xnb;-1{IQMF$LM% zXd7%o_A08jZ32R40yzFi>*Rr)bQE+pj4)yAAt%ws}@#e>0IDit*5pK`x`q5G-+$(pgnxlmKsHG1qwfsAuzV-UU z*s-3!OrHq?2*!4ZbXh$Ebg6xJ%*) zO&eH#Hm1Ub)LF817qP8Dk27kGn%NUqO(KlhK-uej(!iimWGzsuzYKgISg{+?W$NR7 zTAz0u6)5Z$Jy-xDknHScvZ`)poEanSZM(Phch$a#*GAt=_-_< zC2K0}r|V8f5Wqzi=NaDG5Tkyos7!a{0JEwI6}}dql$nun%~z%GgEHnkzh ztAU&qc>boch2FK2D7lRgqI(x;mE5$gi z#;x7bGX`^g?sU}7g5KCMxs@}kg#;bQ6yyn6PRLNs}f3? z)2th;yBLlMh?w6m+gV-alL5bIW-*!%mUP{(xQSQcc&ONrhn%5cPlvE3rY$>?x*gAB zOrdMg6W?{B>2ewDMlk+~4Q@jv!gNh+gt}ZUTEn|Wz!#aG5F(@|Rvm;dtG(N@b8as3 zHa*(yMl1E+^mH{lo%g=Li|@gSURyr)4{qOIzT+=$JzD-(-*ofAlP3)_T%ka<-c%qN zHJh-Q#d8I!F9iUTHCI`^Lrkie*c|!|FJt*=6o6@Hu;?@hp#hQ7Gj3SJceyj9AvP`o z@|n+vtBeej6p7Q&%>Wd{a^`fI4pCzO=7Rpz5|;~|iM%Msg+m)=Ks4Ey42O0ND^k}T ztI#W0Y|L{Cs|@JPY?0DDV{Z`xg7zwXZYE3Nq}du4qqaSwb+|1c1hEd)Sbc~VIk|A; zg)l}TsJYtCmicyG<=bhx<+M?bw}+xynZTxwL^{>no(N0zz=GAeOGZN)trdD$Y^-nr z0C`4-RMVlaXU9oC|UuO(;x8h}d>2=Mdno4*3FYT1(X=(e-wo zkMf0`3rX5n*R0X8BNDA(gY9(P3kQTR%JUx4o9{S13Jw(bmOZ~_H8ZO{-9qr^7LlZ7 zYoAp-o~=(sFPZ_|EZEnf9?;I59=>GEszYw|Wv$w#v--Ln6YI8ANt=470z*c7WZ{~j zPgQh6s3UOmrLr>LL*X0uJKb3>CXE%@33f@f#s^u|IcRFq@Hh)A*77tmq^*zF(_YL_ zPB#QoS}SBHd{&u=f@kt(4at4TvjW2|pRoaLcWoBbkVLK6B|$!snXG5bEQ6oUyGq)C z+>^?dhU_(I2J}FPUe&itkC*jsJ{YAmtXdGLt2e)_q1L*lHzZu5I|mGYA9ng!yE6oY znmB0n7Moq_jJg=zNVI??aoflo}OuxWl2e}?4{KD1FOD=X^Vyy$Io?mzK9EZ*5 z&=4-SSFqY?USI8ifaA1Ngizn^C)>( zw^=80;FcX0Ey}``v>r9vP=O7`KFE#Joifi-6?IZ_Ep2Dmye4&95Vs{PG|(m}(-f~K zpa7mb)op-If_8(8>MNm|CzBYcLczQ`CP*ZgdxuaXi;iga31uJmCm2tY-HBWq4z2kT zRB)g*+RLiHfmu#+r%XOB2oLulY=nj^Wv<`M>~)*(ER)9ELsD$7$y9T*fQ0(qLe!Os zI;*vlp`_rP(Q6Ap#NTE@u^sz-mfMTTydc-sAzEA7R?mt=o(SL+>(?Ni*TzsJ+=~X3 zV3&mEPxq=(#6x1Ym@QzW9WzBson>%-bTl_}7)0dZDgjVC&V{zxiEPEV52-V_WSp;rkTCV)#R+vf1sI zCQ!ZGvXr?UIds;NqRG0W1)q zdDw`fwl39Zi6+4*2Y#u7PVo8o0)N>RE-Au zfJmx@QZH~GHfxPF-jAEvvexrh2!Y13g*t`EqOO7sGeo0hj^3+-DoCNsbyR12a1Beo zPE+7oP@EM+w`@G2fv#1aj^{OE=CB|f*6g$k7P&~ScNc3klt7+2(mNs&ISaKrhij)5 z>tOX6x8!XwRBDOl>2sc{>ovIr^Xy={hLAD3eAB-GeE#43jazTM;68opd*4#N?-!x# zh<)PryUL&b^IMO--i?Da@2#O$1nCi+sBPK>MwQ>C06pi<&)$Ab`N$(TAHFdy|Hogv zExi(ygpkY>)pq5ZK66_Fpy`i%;q;h_Av(?iNjf7hUK51 z9%@kOEXALO9OF0r=Iyic!(Vmlk@Dj|4VwT2VoId(7@YQi6%scTx7J3%5Jmk20xpyN zcD&z`ooKuWtzl;tHkLKKIovA{3ek%ip2*42Z)O)e*RD0XeH`&2dNMTUoDX#Yr`b#m zD^5Y^jKa3U-hl_TBNwNM~5e4q$uJ^hMHV*K}nNSK}yLyU}FU zPMCD0<6u;R`nI5B%#w4FaW<{vLEUzt(aI)HwG-N#>HrIdRcWhH8ez4ja|~htq^R&5gY1kg_IA5OW=2evvL)S^$xrgW3vN54Q%|=?%s~Egx3vQ8;np zM6j2$e9HMrV@X5{)gGSofZN?L8J>9@yZ`eA+RP43@gJiWa!xnBf%$On9u{gHX+)H(++I821 z?q+3SNY-W{@`yF)xkbxy;ZZG-^7oC|wAGWA`wVc0tIlRR8W#}Ooz=+JNUJE8x1n+9 z1qbu`WIm`U^%3Ux6@58FL|Mkucs#pw+Mn*szyGPLJM&9Ucjjza(0fTXv<1YN>3bJ& z+6tswyzth1;B;%2AO6|f%GGUIKJs(7A1*)gf!oiN@AeNA~{npa{RD*oaU9o5!mMdxy?HLeI~4I|8` z$v`zjmzrVDlLRevFs+MhC%|F#Rce^E7xVUh)Jq{igoxI4A}xY(pYIO2S(AhAmsgeA zgcMZ{bdV->fvn2|JRDEE1t$@$x+lqlnueg@u;zlin`#v;+SPTBZIk|bFM&YZ=(Lv* z)llusi7u7x3t8g~We4QhRGUH!U>$4F5qlPfssrThV zlhmluhVF@U6@rI$;RZ41S&T*V`p#}jJ+mRSm%vM$dD(`@V^CUwuiWenIc%NR{Rlg- z=&?TQtF0~*K$QJLs6zC&B+~qDI_Rqw!t~6+WG7Lw+<>LmrW-Xhvz@R>oz7NK=F z2?p56h^A0|pcn4cgDrY*swexVU&+OMJnVqv3p}KP*R1g?&|vc5v7&SzSyZInWE_k4 z?o0M_&vOZb-Fu=ed_Jo{M2HlJ`|IHhxWQy=>xHnvtG7FvEY1{eyV$cc0^}*8yB)}NxwY6dn-0=&mIDmT-Fv6aj2?1Z z2EUp3_f7#)zW{SpnZ>I2mtI=Ym3-ixA4c4{OP=5R~umE{F1or)} zeCBv2sztFWAO4l+&crwU%I()25TdomVV+sCn&n5*3rO2LGvOs6<|AR*gVZ6>Xzzdk zX!)W7ngZ}+W9YzzG(k1$PxNr1A|^`Nt^@e3Ea!xxivvR|TX(y*yXQrNH}lM0Mk9Vx zXKd&`ru{|oPP9=_wi$_WJTukDonJu3!Dc@d@J-b&+^;b9xtPy1M%w{&aQu&hXqzyz$+CDIb5w*%LROEx%)NcJqllZ%3Y4 zL0HN&ci#KHJBYJdIr}^1;~zbH@&V#q*t@v$Mtb(TuY?Eh!k&2t@(jfGI9ZTgfAQOq zXW<`KK^Uxp#0yUU^bF169_)u`+H*Vz#Ppevq@0k#ebU7Pf^$7L^r|c!JoAq77ZzuC zZXVxa3oOB7Am{ZrFMlmPyZzAh!zw@fwP*JqxZ}ZG{lMiX;_o6}?m;rFg9QZ3hQ0@Z zAspd21c|c_6pgBM6|b_sQ*}Jtq2aTR$LB5P=^_Ihy|*a;Vs-Ya=N;Cyvvv4?@oYW+ zKtPEA=ivJJf-f^IU;ojw*BwYWAJpfarPH%7@2hk$B7{X1i8&-}aLK?Y9g1`5uu8Ht z=Rt@h7T_3FJ$}};v-HhB@xe!5ef`Kz*VF-j7yYi|`F!Db2hYB|qw)h1vhY~oM}};b z#RB*aF)|=ISf=}++=jo?I0+QW7aY~cKJ?g&9u@VXM+MKmyrT*U)~6^B0&Q8G@EDw8 zDEN={IruwvWT8|s%EA4+=PKG{>uIw3=AZOl`}s%pAPwIjj+HmQ4!+IfqnCFmgzIn~ z3#pp~bP8x1#{wU(dR3Cb9ES_5FygpWNaF6*2}(0yA}+?)zp>-B1cS|b|G{l}{?W5n z!HyBuJyjR-f7Bf^^wU+l;f1YsCLo<&e)!mwI(8K{l0IDAzs=J-D8amO#s!C_=N zUCvoB^D9xdNM_UId1K_YvvVA`z?gdWFq|RwMb8jC`|{2Z=lE4GU^tJY2yksvlpn%3 z=y32w;tmeBSRW|qF3ns&%5+j*eC^pI&l{G?aq%+F4O<1x81A!F7=jAjgYK?_V|YmW zG)$;fJYX50AQ`TD_fz-taFOg`JWR61?0H|z^UhBBhL4`T>Olg|4NaWplRL*pU+9FC zPJZ^fy6c6MO9uo=f>fXOe8P2o8iU^)_dJht8IE9l4<}x5G=AW2o_8G|N1mJ4KmPES zeLRd$FPP65ilA|iJ$^h)VFBY&UVwRw3%3`=F`n;LDVQkyyTeU(b!Lw9Jw#uwgZcFv z>p#l@IRRB=k2i~taXx%sObBQwj&v}NWH62)NzTVG_VW)2>?togV?1&F41MLxKSMZ0 zQE;Eq1i`>KOwm5)ax@N8eF%3{m4x|&b~x9eo+*Fkubn;l&42sj4}9K`ck_N2VYrX| z^|RN1B@XM2FLZ%?{x{?VkWvFF9wZDSA^4FQH=vy-mT;Je@5 zY<*Dg9v6$xyyuzn*M9%($=WmTd6C!DFJJS%&;RLq?ex>{d;SlVul|#>Tjjt1gR`$J z|JQ$U)+>pS}61@*B*#FU4aR0^k{@b$~_m$|cKYD)g^M7)N-zdNJ&mMVQ`KfPu z@RjB7{_z{1y8P>pT)gFpi}!!->?d!OfBjqEa=ZMF-+ttwlKr!@FE795tDkzZ{H8xU z>y+QMc;#c|?|kr~M@#w7&mO;c;(tF=?<@aR>!HUk(my}@o(Ent4ez`i=7;cfPU>ax z7iUl3sF&aI7iVv~cI-w^s^5=SibSe^QSM+ zo9ADDU->f+oPYJjv*+i(b)%e0uew=2_3s~gxV-t)`KvG9`G#}k{_+R@+MUPC#?$A2 zqr|`bvDcN~d3OGqi~sZK^EW(oeEIG2Kbq$cUa((ret6YuU?QGwgFElN16$E7D1W?h z{?P|7pDShkeD%~@?!5rwse>;={t9wDNmtL7zo?&A9)Ip7r}y|WU+%lm ze){|u?z{NzPaVJ3AN%F=ca$IgR1mw)`r=kG1w^$*V&-e(|p#cEloRod+&H`{Yyq=Dv%k&Yt?l`!3$}hNp!4%g=q=`8zHifAdqnd;fisc<~>fdFqE> zaq-swo4GFmkFvV@eBvQ=_h53C4#z=D$`x+-p?kw7IC)T?Crov3RexX#?*SbjB z7Ee!ngHrZ$Bu7l2d%4tS>-(=2(mgh+de4#HcU!%r#Zt~U*_rg}D(Oo4xIy|geGznJ z(zA`yuD%`Kw7wCNlJb|u}<9LY+URwYx9>X{;~$@?Ur2hz4fba2(;}Z0cC=vC~K0lEZ4vwq7b3 zv^CFZ4dv3c>!l&|_+LQNZo0L=!?T8t;&o@@?)w9F+P^{a^+MR4id(}@1m(n`yI4Q? z`+}Wox=Nv2h~%)!f%mW)o#@!SS!r&o*C7&}fx6s8fD5QNJ*=s34Tc+%9VQ@To0#r)1sINEAcATr>iF?WF&+ER zp3^IO2z4#1T2bx~c8A-!IWY)PNBmsoYlhs@vjT)Gx~FlLGKI^dGbIG7#j*y0!n5=Yd3bZo7X zL>=2RGidAiQbL*N5S_G!!a;zRNj`tIH+HvJJi@{snw(!yOf!0qD=pC|H;yvqJM(sriBF)dGhK-!H)_d#sDzq( z>YH&z9o}dSh4I$m>k7j&9ITT6r9;0;%BB})y2exfPqOt%l!d~zZR?8#I|JO-2V1)P zfz8+527+NS+rIzaB%NuajBdqYk+O`wWm}}-w)Bq9=JmmFNb!lo&p6t9fs|ivCAPE& z8$*rb98n2t)`U8v62i@`H2IRGd|KJ!Nlg#6t)JY|(!OD-Xswi{^h&`5o=s<%e%>ox zLW`R`ZtB>X5Ks4AElD)_u*XB8wMjWy*f8y#VSu3n^Jxr*g8}+vtK^yrYTyeuHFuRw z5KZ!4ZV0xt)OSOjR=>KttwErPZ$|3q4lAb zYmWZeodDehrbNLDC68?)?YL07SZ4}zE|wCg{30nq^XXt^-HBO zdfxukQXB;?lhU|Jr(^(SqS6I)X$!9|_8Te1MO^{faG4YwfPw@RlxW>$v5`I-4>2Y>}u$2?g)>g&MU$DU-+#jQy~0WApATW_?vrxQc)cPGyHy& ztf)}mLw;;-TT|?_$_Er+cBr+3w|@V`=;BdLQf8igD8*kTJ*XK-7?sJG81*@hPGmZA zY3zO}CC&$Yr{?q03&;C=1Q7h7=BJ@C3YAS*6ACZUHR;6xWn#7B?`~Vy*1n<5528dL zUWH{Zy;^Fap$D>^QF}Oehm=e2Uo92Wk)uA`I&YWK>^>b_l#(4UQT=v^Ej!*&veQE0 zc@}Jen?Kqv&B9Iewi~2e_tY7+Q)dE*`d-)91hV$AYo!3y?~ptRI;`l2J0!oecvX9Q zOQ3(@zJoiYF}5_dUkl{gCH*K~7s~G21;OT{UDDb4rd*;osh`7)lfjy6q%Eboa8j(V zSwQJ%>Zph3d%Zp={U!$I0E77^Tq|ib`C92ZdgEH@o-9GXjf)n&9lHKH>F>1ldS6k- zLLGN4Ak*`^rBb@`N2yNgAt^)hHFwPt6qixQysa_Q=;(Btl-X&JipXAlpCJCFgp)I~ z8!bW-$({5gX;QNFIS$Z1k&r_xJ-&3ZfydG9_d>p#w9FSzTh|oDdCZcGz#6EiK@rOF z!AP+3T3NB{(+be`Yvp3P>UzoN)1@Dfsg7V*7eY*S<333zC0Nl=Pjh%`dn4`pz?I$i z#PyQPMz7x>4Wsf?I9n@U*zGwM`C|erD5uyzH04HV|BOcLuC`EPv47r-dG%B3=1g92 zwqF;|tdhu4j2j&Vk+j0??Miz~Bk;GJ>ny2Vu&{3K9D3(QY3ZVc@M^?m7PJzpo7WV7 zM>~z}p)RGZJ*?;qMd?CC3m<=-MbSpfLAF$H6mA%rAMqb10KUMFqYE2(iTB+{O} zk}nqQg`VCk718W{*g#w8;(cIcPwkTy6!3BY`LP)Kl1Ek`K$W*jJ-ytBwLS|MO`E%T zkzd>(M$RYQ9n9Cert-0%ST7P0uFkwH+pSVMjlLPIG50npqp$onsmL}&hoVC#I16eQE}Fbx zQGMOC(*ER_Hr*~Q#~te{w@YWz2c?QL6KL4HnngrYHlhRRnhOFiXyc7{IkV{QJESpv z@82QKu+eYsma=z`jE#59hR$uFU|RIzq^vxL0SRnUy5Md}r5o;&)}lq09l97Ek)47e zDHFykBP)hij8Y~lRCu>kFhi-<6*tT~I)O;2BDhKYs$j!9k;3B>t(l~;7-yg6HWUoC zHA3#IA^6f@@@sXZ3WP)9E`YJ2aIR`n(RShCxQ z?sB?$b_E0WafDo|#Z+^fl&`R;uJWYdbU(fBjQZ(yvuf)XPMtibep=lEWa5oE*)3NN z=i}ypxsS&IadZW400TJgCrg!0p@wxj!RYQ3vR3gBU63<&YUHd1jsc;*m^F}v8iY}k z92x|Rr9Vv4N~Q~cBAuDftOcC6*x!wyIOUBv58ysu)X-^l!o5;AwOwGd)01EN5@~Bn zVH{o7>v7U6_d!fNRG6Mm6_3i!coryBQty|%2J7IBLR0UT&R22F>go!v3F*jNys++! zx;ap?D)>>4!2bb1J$k>iwCKBvO`AR|z%0N)@(q%dWEKt31?^H%-`NjJU**#!FGzD` z=8xe}rzw^Dn}`22HTW{?VW3I3JB84M?K^FZu`J9 zG>-NkQZneRzj%hz+)q9E{!kqVVCQNeU8w>F)7}CO5tW4fiz~tQPO6TThbQ5Fz9kff zR7vYU^>{te2b?Ad#4V6oEbI)>EwQqvz~F*WA|g0ML#PF1>B(4m6{Y{x9aC~ z?xC%_rG-r|SkB|4jA6cERaRTG0+hNaIe8_VCY4BC5SZ>(Ch4uX`&Cwj6wweI9Po%D zgAGOX#!8iUwqoDvZa8LP28}cH zNn_632{UnKU#F#Zbhbm&(bZ*S(8&Y-JgPVrn~=;F4+5eAg>HFC$ypO>ESoTRCj(l? z=YVDniXVZ5KB{p-tTX7mnMvDkhCK7T1le6zQo__e+$2uYq8MmbLw6@^O>i|+Jx*=IXljDP-HQp5ft2fKg(F8d+Rj>|gk#_D*a`kfC%(sn3`KMW#&uqN*B_(FA zQls?C)x|rVnQ=p96ZDZ3^K|uOuvWmGN20WaHYoZDD6){fohT}L>4!-Jp(l=yoETX? zJ~uO|25xqD;IIvQBAlo3W%fA8B49${&W-qM6{;$mVD?o!;7mSn3DKVDh$fHCl&4uO zL^a?8j|Fw%nG02#0Y8D`tg#!|BH4ENvwQ2>p!#TTJS`WD#MmrMf&syByCSd;)M()L zF}Dpii&9&^cwy~=`Z;qK)lIE6@UB1T^lfjF0_47#z5Rb^2C zM`^Z2Fd;s0%bmU(2CRv(iegpiH)(Q4@4sjw;4pTcuJMarWN1qSVf5oduiwPPygEZ` zLk(fh6Tmk*7NkSpS*(@m=%liAIaf7ukzt-&%yElFZf&Oh&!y(kxj*+L#iCa_n&Zu( zKTgU@PS8mO?UUr3CggOtg!{qKq9g#LF5b-BHlbu&(00Sm_*pvDM%_M_hm`yA&*q>+vT1}n}&EJJ{ z;3HpqlF9YMfQ#NumJ6c>pO_-gs516@e-b)S{RWz9QpHjSJ>ir+K8z+9HipH7%@|g( zuBYVHMac;+SstV$qnrg{y<{Is77c9E1fxa4c<<49Ytwv*<}%Ut=J>*3f6M@t7n)|F zF=gprOdy1yp$d*C$Zp>m~AYW(#*)l z47*FAVY%|yL~}#Xwii=me!x#B?iMu^!mz%OW>GApl}!gudGgQrcX>3U23R^BeI>&= zQ6ItonlbAefN?0-KtOZc7Biz`rJmf~pFru$u*o+uF&a2}8Yx}}u5Qc*{OY_$kE)Hr(xs();zHKe~>pDtR}LaCR^B|(E7D$ zPI~gBCxz0#^o(apS3wz{coOKZUwd-IhNK<8RuX9bDNhw$dCD_!(rFWkK>GWMzxm&I zhQiaJzYINK_3$}h*&@4$ymzEzB_f*zgknm)Go^s;de=FcUOnN-q9uRzl+gP&S*FAo zFo_G+rlsifyCp^*MJqn@oB-IY|KyhW4^zXO zZ=r^?@95CnUVSqBmsKZ%=tlu#KvisCoeK}xl+1PY21?;SXi4(`cZBGfBBt58;K+?0 z1JY4!S+5nvmrE@=tk;RE5=|G48qA-|zO9Cd?1S)Wb6m8?Eia%=b;%k3sblDCu+-S} zH;<3*&5@n-rc=#e!77Q~$dQY5B9M|R7w}H$pp4I9F7b>kXVHVFJh{F9E)lSZuz6fM zeXm6m6G3{ph;h(K2g8rf7qqnAI_5-YMfT*sd&Z&mBpA2dS|DeY4WOt4u&&?GN)_D8 z1BwwsWD(j7T>t617enChrG0c8p~w{r>Kd-D$JH*B&E!Kzd9e&CHAbQ5Y2nJpny_jpw1JDoCldgIMC=sEz%8Fbkku)PPQ8*^ro(X zja)@b@O-Flp@#~$cW#UtD^tB$$TNm!6`|uL9w`=^n@;*<*J+2l{~=F`LPuk0f|ME% z>@q;u75Fw8Q2ie43*)7&erP2>^~uiv4+Cxk{QlzuF89mI0!(foyZ$%fOQn9DnRkRHrd{v$i<((XcPH++-Y?m}T()?qGLX~mV#S=q6Io-BsH{mw~0F&_@5!e7v@_~78H=z8tf^qfXb&C z%1yn^jersA@%^oSgo{$_BFW@Q3_4vbnF5-N>qnFqsy5s&o9&;*8+9##(JYVA&}7kD z0omWHYYqB!rz=)KP9mw+2nHyY944mDZ4;J05uOjI^12(`eu&XMDQhaZx@Ldi|zad>8VeEE& zLfg6+FUVu9*EJrD<=qLj)7^9NED+!-5F2=PylNTG~p#N+K@ z(0gkQ3_To97F>e=r@f`JmTeN2DBeT^H>5?1&Rd%1>}5|+^AeYxJ_l?|3+)EkoLCA7 zs1bC>FsuPa_S|=Gxn2{iqA=HJmuF?Fk9pY*GGNjoXnC69Q6sR#(0ChERYx%~HWP(K zWfV1gW5g3p_O6GDk=wB}s}T?yYZNV$qX*b4S=-YXDUad1dg9SDq+ow4Y%TRx1ZvaP zVRGJNb6A4|fmLkZuF(}bT(Q;8Y-W!NeKxE|G+-75r|*qTyDQ|PGBg0j^gX%JX=q06 z%#;?+v1RMmhu?{0;b03ehE7z<%Sj$CJ9dBVaV8p9F#)=@N}flDzw*eGHC!G-iGTK_ zrSTEc937#X=&|8Mt_Ws{uukMAC*<5N|n_@Wxw{m^{Y3y zvG`jvPtU`+qPoD>aI3>Au;s{CWxsLqS5)4pNGpDHkIzVERllk8*Koevq(`SiiqJOz z9iJ{glVeB@N+sjFo-sTSD5aeQ^ z92fJz@(NJuMYRhS%w2$wDty$=osM6XEGFnmYk}oR5+@tR_+q+ep?pa^-&=-g$RfGI zxp5;z45LU_xN&L=Zs%y>A`EobBKZlLzgU*y1$&}Ri{&kS8B65K_ykoLJJIxI@{=)& zkJ6UQuhYrpa(Rqz5f!hH-{yZ^=gOmL%VK$mZ4qrcSC%u4v97S}R!FOdi0fPqrhZwy zypgIxa#mmIO8Hq^q8Jq@H+>b9N2eHHT{y3W`o^u2r`uv+G<8dZoEI;$D0j82c-dR2 zy=|GW&)27~?^#d}Lrz2;hsQ;^jdBXEY$_V%aJku0`?^pYAZUP1>~(QX=!@=q96jGC z-$Qr(6UvMo7s}~&u#Bc)R}jVUrO zH)Q5852TAWtd?)J8(mZ08oAl}xNwa;#QL~dNbtHw{IU3SsvwN}>Lwer{{ zgLcD$O?1XGmd{{W9Ns9{dDI|Q0Ewc-7NZtnjyW~aO_WWr+86*qqX`Fe{z0&j1_atr zDo4|go8)pln20S0hi7-LdnpUk?#tnbZ$r_`x2JuiEHvVAHmyFaI?eYxc=Z)?19^>cW zqx`Z%?l20hKTjSxrQaw4)PD097&$0B$3&s_r{~Gqcc7k|CU(m4h5bQqa2*rQK)1YA z#)rNQ0J77-H2{ku>tt3LXD)g~;%EB17*0#VZdT}=`>MO-Mw{*&@L*VeNErU7fnFC2 z^|OFJ1sBWiGB*3J9H$sG40a`LusP~%Zor*7gH0F6%+;c8=_Sq*7;SOZ3Yd&z{e-Iq zoY+^jw_tbcIiSJ%FI>gIZm}qso=sc3mWHD5| zLG~wvIKvjy69_ z`D={%Rn1>x%`ZMgE?>n-l@(^1u=f**y^cyDPxvtcR^S>XtIU!BfuX!&Et3b4m+%NqIUx zvADB@GRx%5bpFM1U6RP)6CnNaV!6Cm_jY4&*RvKESl3oQ6gXw90gS-$lcC?mt%@HE zJn;jWhQXX(AYwFPE|^j>UNO5j8;O`Rp%iueK;BoAlEH|Q)jn(kjqDN`yz4Dgp~ zeklJ}g0b~kfaE+xwY#@iesAqnn zIO4@B3dg9K)>N4A{ck3>Vwqn6$iD(Ej5eG^LUMXbENhbk~Sef%3YhVkBlT-j?D z8DSI|ZdIxrZ6u9|B#kkWAPgGfU)69UX;dW1Y-@BR3C9XCCa_wwBF+~LLFn(4u~u3o zjw1TdF%_d+r6|W@PonW$nl&qtnb)id9*EYO807*$iRy3P`6gL z`z>!OUHLHF(N27ju!@v|^h|Xc2ijR)YYubybohI=ENbd(-@uL5c6O5Ou$oW*xLkG7 z{#EG?YI_k!ThB$_1iJ4beCr+39V$^UL_9u&9f zx4K+(^{a9z{cwinp_R$-yXx4QoSY3Sa=bj5H}rgL9N z&MSmHcdhPG6~c9<1vE4Owa1}9$ZzKw9ImX)@QDKI`OB7o(>?Jz4%&17D9_EaiZq2< zIz)aGJPtr2X!0A-5WM(DS;;rbz@U+RLIol8i{b&=_L(i4O5Tv~H&raJy&+!|3&jh4 z_?GOUi{AuN+;QBSPT#yGUrg(1(8pdLK+qkE7KeKq@@{1Gy+cclx6}AApr^eIv~t&tNDf_lL44 zI&b$8L~E(%Xe}k%0$FtBhiLf54}l)DKEfUU$~V2qB!46ypt^73(HwBFT?aW>O(tG2HE-V+RyB z6*=wceLFvv{Whu%!c+FmZAu}z5(y0^j6nf$WxYQ4RiWa^;DfiKY6LQw>Un!#4cuZQAY2_3IhPnB# zsP)Skh1pboZ&m_5_gC4KBrv@Tgoh5k@5)KQk5E@B<$NYr3a6T#@52gW?>VX?ky*-V zd{zLvT2O7xY5!#9wqPeoq2=8Wz zek>b7e447`HJx}2X1e$PQ%!v0ek{y(2efc#%V@Au4?z}7#1DSt+F zU&|lToqtC(k;SJ#a6UT)Tz7vX52NYdKx^friCfa$wDB7`D@8csGJGMmT&F5M=LoR| zV}s5KvsfMppTRHz=!`82eju`W9;^4l=$qyApLeMnAKhR3F$8OTr%3j@s9_D(;ijEDcSVjPuU7n zg}H&bcC>RDT!+)+6)){B$W9~A$EuwgfZNBAWt< zN?N9lCgRi@Tm^N_D`$MqXq_py{YluSYcy#96F8%M-?~GrBLEusXzXRA@(gk}^BkwX_wc zbXKbozy!OdwYUD~LBq}-5zq)oUp6b0Ni!ULFVGXM-zh8f_-p-u$*5&m+}xo{)Mr-QRqCyn>Tr^hH0$@8oD{CqxN zVW+X{B7FJkXHQ;gz;QVpofcbA=G)NR7;aJ~pj1tbGQ5%jYotMGuctBm#1W1+k(-{o zVrViIrYXrFBh9TCnjl28b=N`oN(Y2-JRc3|fTFl)VVW`{K_4pZO;d6WsY0}foyG-m zs9h6o3ee#+Wq6`4P(Vsa$x!Cgq)dpmzspd@XY`*fn9Nsyik172zt2X0%2M2>knu&9 zBK5MECEVzY;j#NOM=OBYoEWb04HxaUVL_-{AknqyduL$HS;&a4X?#a&!iPwYu4fD! zC%*u#%vR3mHK?m_Y31YjGQZ&HenSVwp053pu~2>{2*OQoyh)s+s&mHawe?i9vUQ0) zo<7M|a(dAoob}ikgVq;7J8d?4s!^X7I~8wS5i}Uo<5aYC z9xPVf93?zKlxt`gAp_q;84_bZ4f za_cc$mZLEu$5;5`UA~B1FDQn&Pb0;k;NS=eif2)%6ZSsAmKmYuHBHbLfy($GHC`EH@(&LV%Us2$Pg zaIC1}<&7nQ9{f?3^Uogfy*$7=M14bo)xvGM*gtvB!a8_0`vbdsJULA|au&nl5&&o?8wM1nqWIyqP-ORCOfVLn@`pTU^V z(TVodxWxlkrK?z{fI!nGfgA!i^aK0pYlWfeuqh9I4*R#lojcE zLB!Y!;_Qi&)-jhdFUv|qNUunG0iEkshRe~J!dh0pP!wk|cuLa&H}=K;)RF=-XjBSi zeX8cjxB)Eo!&M34pAqy&*T*-vA&3>=8w$2k`lqVAI+8DFVqGMkH;+)CPU;_hDyj() zz(MzEXX_~w>lV(aoi&SjP3?loQy0}OsrB<1htT1pwgNinQZn4ul;A%b3X7SXhnd`x z2kCNdj*>{9wI|Eu_2Fc()oFLdtzW<1Pjd^Dp|RtK`ze?Qg(1pLpilFZp&~tHd=;`m@<+{^!7i^)-Oj~aZb-0wVldN++^>`II8$EL1pdPVGh>-$* zL`Qsz++Y^x;dE73*Djq}J8uz!n3zLE^E&3hhIs!_3 z5~~mtjz>V1_r~V-RTnE4+h~#p8l)p-@d?RH+!S4;qir|YTm&=Gc)BH^$XqBjMH#$6 z=1^rZ9e)|2cvkxDnHeC@28Ym*l5QUg%Yi?=jJOxbx0A0#@tPx@QKCq?vP&1g^w@b& z3-h|oGdSWLSYs~lP>_A=;itUp8!+n-hap`y*~Z$CyW}58JPlx zzX*q?qOPJY0Mjg{-;5Y_gw2L|&tSF#LAeUM+G>Q)cS=#C!gpb4Xh88~zTT(`2+2&G ztEi?Fad7t}Kv7#?s+48}@M0nAJK8&7ypHg9U9`PaIhVe;8P0#FP&iwhV=zS4=)+hR z)I30A%RuxqDwTMS+_tg|DkY)W2~;S#eK(aUkJ#uL32}@YhbfAUro4j4FS{y~H{I|? z=FoXTj=Rx@2qo*q1rY806*k^umCD!*Q$sKZ$8+X+v}1_kP6J^uGzXl{R}MKeVz`p! zM=UArzb`z zyJ*2kf-dx z>2|8S6Ij|kUzu(N%6fdhqQ-)N&^Pn3q{9~|BWyuZu8egi%;va7jdXI4H`_=`)06Np zUlRw&5m~fmfs#MU0=sp4+|4mvqSWBHQZ<9xF_jHo1tu7 z?(pW*i%Y<7SDl6MLb^a;h-Iu9AoUZuJ}df^$}$oTKa~BzkO>QkV|9 zW|=jKj_cgn^!zF%l~Nlp=p*iw47&6uV4~|Alo4*0f&@%;oYrToBT=@FG2FFz9?>)8 z{-`A410ik?Fpe<`%PArhy#ER0sH@5m!gyArGCI*%FujFTqiH=rD{XC5+!=<2Et(L~ zXu4?I=fHyTnwk~^MaA(?v~0S!Q8|-DyZ>xbl4Xe911quo(yyo70b|vB}fc z)WW;+F62JZqFhAdnv-0-uULn@vQ@b|2RDQqysZgQ?V=+Q(b_g;sLF)cxP8>44VdQ^ zht6Ug^je#u(DpYSIh5J1bkWee(A%oF16kRIdRR#Os;(@iqqpN4uGt7;4#YofXLI)2eWb7I!}3o zD$?O_RB^VFl%OjyY4S7KxqZ)eDw}LH>_B#UnW6e+*6@Erx0`^&JDe1SYIhv(TT8Y3 zKh)py)l0RZzx_Y0tliqIx{GblW=ixpd#sJ=X{GbdNbv3MQyj_S%z?-rOJ~pGLxqRN^eN5s$34n4 zi0kKVj&mkXYepdK;KnW*e~Ypuj)NZ3&a-2jxZGE|BcFX|?NzR}(RII!%jxZDZPAb4 zgP~bj8L|~U9-guRJvWA+b3vqDun~mBGcIOvkuX{ani~*wiz9k|GV?n+tN>h@0Pc+hejON?|VFGZyb|0^~-P0!#11P_ef+@~xw!SVPb$^t||kC0qL z>H}@tdpIzRcH9njDK7p2#Wt#Nt0QU0&z1Mx28C{bVj&!w#`c8FoN3>K(8>B|;ikNc zQXf(pb@-h3kP?hQir#%l*&Ow`{$V8?^?B-HrH~%kkGQA(X>z>ii;k{_+VF~FxMbdY zX?!)6UKW>56)R&B|L+6+O#1O7N>&u)F9L=M8|{iQ&IJ0)5M`*D2`qKeRliVX_d``S zKwv$)fvS+H_b4^w?o-aE`EN*WS~(GMJ3o6J*K70MRa~)++Cka^a_Kb>1;7_5OfPJPI=s*oRD{zr{kvKPOJzLZ8NAfeM!5 zPenYgn%{W@v75~M=47gU2BPHtcy%3R{Scwps}s~ZdTw(dhbCq-c7@j)H_Y6{ys@9-rWH+gB%CM%5e@gFUJy`eQR3UR|Tz`UtD_R z(EdbKr3W19IIqfvz~Y*uU$L%b{(3zDW?2=<>YVs>eB7c>l2sR6*2g>497*(G1|jWV z8)x|w$*S|3qhGqy@N9yxrNGs77c^&Qr>I54K_Eq}b{0(aObG3~SIvXE1s1C|Z9A#d z?0#NFEJ!B?kK@ZZyoObM`%_iK$V{D;Y^O&zXsPtuG_{h-ieXf8+iyH@c1Txe$GD=! z`u0`qREe7%s=p*lp$9V61P%f&BFC1}bD8RPdgn5SO!G?A6nb-=I-K4^qDmPD09+5~F}x7K;bG7gr|ytjbXzj3N=+H(-`7$$|_iSmh4 z)x_}omG49OG#hPltLKYp(T{W0Ji1C#bEqmuT^W@oc~wZ%InXam%u$EvgJVE&jjOD3 zPI@gLmurM*)=q&nK_?9fOxf0S{xVnjAw7Iht~-;NBHp;S}FY;~~}PQ8mddUD)U z+N_q+)A?#ivcVTQ$~{dkRNWPhiKbbqi3H+C*Fp(UbqftRhbl*@u1ZJs_pc=`vS>r0 zTFP3bI|~7F5#Akfh~w$KLbZrSNvb?~;B@)b7=Io!VJ3It5)kx&b%1Z@f)w|isSBa2Equ_u8j553p3OtGa`geVsJx?{g_dt zT342$^aG8U%90|`q;q{hf%A&g2Kw|~B`X#>M%wqBHcltQ;J{_9Uf4uC&Q;UsH-3~Q zmji^}+I@_@DH}TBdy1F7h7R?^at|=fFZWmThqkLe`qSey2PPHIe#C@-6gU$B@`mhW@$S47vxMN48 zV>)vFcXYe5jDmksTo~3$F(`dV3!6YS8@j`y*Mmd7Iq}f9`BzfKdbQHUMOmAsckB=F zTr>nfRu3Z%-suC5!FlFjsaiO2w2vnlv>vAyTLrM|V7XcsTa8PI;~uZuTK5ckV`UGjxOw_zQ9m~F>R!xkBgNPRus(Y}C9cN(i=FU(T zC0k=T4Q=S-DiqpTiM6?_QkCq`x4{ppm{YPn0Wo`XB?nBunA&`5z7(}e2C&4ki*r*o zjjvL3^xG$cCmHC;*cbz!#{)h!clQW&8iSFlz$Swu)TQE0GLzzzO`uQi1;dT2gXv!R zNOdTO24pipGh^H87!Pe7sZRV)k;^3mU|C*(eYSm+>al=>lw7eGYBRRd=6N6z?~GFa zl5f!j;C&=wJ?{WIcZ}LPpxvu7)Z9d4GPrDcslZDWPr=SeNJ9PWV52vqRHL46&Gdc+ z>a*8su!4tb)OYI!(#&u>j9Kf2=5!#%?3V?6*KZF@dyhVB)}1!PZ9Bl{-UGwE1$|p5 zsyEuE{2RR(*i93csoo?rN_T)7C#zj{Tv@WNoc0ZcCF~#mq9sxJ6t%>#>gYRnih7;R zn)l~Z)dx&_4-C~!Pfk-$nsV2HTD33+g2c8utlI-~!1zC|Rj)R4)d@_77GO)=I34;^ z=NamSW)@e3jQq1R)GY&&PTNE$>eK>OGT~o$oY48CTp1e>gqU{}BE8K6VHe#zR;La( zn-kR{XrDthXR3Py1*Uh;RPSZ%A43!8sPTO#W~wQX`TiRMKpzBv_*i;swmP1ig+SN3 z1?pkanxTj^5!c;!a-pi)QjEPXbTte;C*8Lg;`H&^YK~pkae#VFK=SrEm|@uxbyB<# z(P&!@mO#ieH!V@`q*oq>%gV5cc)riGRCSwgfAvjUsyb}6aFpzhA6WqnB~99?<_yyb zf`2*N7WkLrKfZJ_5{)!YF*!V)6NV7EsRyqQ1n=n=cv<4O*jahl#q}h8XMf6!?+l&1e6k`iVh(p zJ>zp3owrP#NhhYO9y+!RKsq@cGT+mafP+sCM}XO@mjmxa+BwTrN8gjn)tDH1yD%H) zs7nIz^t!4h)7$5&zTIooiG7Rf)j!*4$#w*F<#P-z4XSyz0B6ypb!xe7AoHi#Rcagk zY?V5LZd;m|k8{re0xK{ronCHKm(g<@V5WaT1LWhMuL3NqLh1`T3Z|@98&k}Q`Wo9? zDY!PtLq`tUlIgc?Y7+f;HOk{W=I)DIqdsq=mzvaP`|fB~TVwRqf20Kz9P)1x?diao zV0Mcs1S4a2RFPvLz~|~#^&BfLmr~mxnoMp}m+NUiZd0pk22z@clI+DLhmKkS*=|M~Av9#@wmPy3{}%U#roP8W4L32=si7 zDkqtOZh#JTsgJ=)FgAyFbYQQ)+yXnIJHo1y+ak0zlJ=YrLH?|6bzI+%y46XsX484) zYBAY1Vk=(Iqe>}Oi_G2kcB*I64>zj6qI=h&y;1A5QMCUZC7y2D41kthgcF4Dtti-> zo&A1QqXn&AAwIU;7s9$CMYc@m$`8i3xP$7Ocow7X!Y?NTC<_ z&x<{-Ec##z8gQO0$kfeWk()%`3)DZ*i2%;B!snsrBJ~2i=cG=eZw}&Z$*VUh34Nbj zq`qXMW3OZ;W|-Ci=3$YF$fq-U)hcdh3cWr@OHDG%m(rt`sxu1>ClOdH zm>Jl1CbMw721og_*X3MN)~3eCG=%6xfj2kFDoO|B6xD9}nH)Ij$tmQ`uU|}9rJ#Gz zTc_ji$g16NT%eN&u`O@AOr1{WUZ~zgdpF`;G;x8Jcd1$y$Co8EqZemaG4#hS1w#L3 zD)>{!wfqw5WmuEc%fL#GZ$&Gv*Pvyv#u=|aHDk6v1%hf^A|2ZeUM=qCig&43)7Kol z9-Wx#=}W&xjlnaP*Wo}g_6*-;>@1Th8tTixPOY%f z!Dd*Hw6uHR4fCiProBZ07%;>_pq%v>Q0R-Bu-a8W0;#OJ8Skg1=@|X z6i!ZE-K#)AasLCm=TfDtlAO1w_uwVVBqLzSo42T5vB$F-5!3r@yb%?xm$toSVT`fE#99**?v?jzxG=A}ZBmb!=8(TkqT-l1D zB``;fSfvT~M$KDOj0qXlUxf><_jRw~Zt+Fj~2I=kADLg(G3`kVk=7!TBJK*$R2Q1^tHceh#;F91p(-KE~j z=VtY#tZaJntgQGl-9n{Q(Uwu{oDo9Y8TMX-)860tzXz=YW}f0nx6i#T7flT$59wRP~uP2F{7A|yI0LJAhmA_9#33%pPJ&rb)@Ac z%2*kIiA4pizfY~9(H}|~yltwe@Bmo&{?T4wHQ$51cs=$u@GzCW`~mcZx1UUNBgU{R zp1wXG62`9%fU-Y&X-d}a*%@&T9;0ywbYxq)L?`Zd#>a8m?rN_>E3UWO?ZzV|WUIt8 z7pHGiCp~lnkh|hRblO~F&!pT*_KaTOr@m?q|0-O%trNNmLo@Aw;O)1X>P1+d)0*ChXGPjK3|fBpAjMZ9irb)tM+{Q96?bfH z;hw=BIdi6$)OE3QI3pS$vg6YM-ZNWzLUogG! zfCU3kd#wc<(SO183g5P1Bl<6xUie!VY()PB(@SH)uwEsDF4&0v3nnV)3zo0ybS0wb z$6mwTcGR*{$7CfhkGEAf`$=|zXGNnC-Hhz1oQ)U+ZG-O7{*b5|sc%ufdF$8ECum6I zLG9fT3bsUz!Gh|TewbG^22Fu#(!>YVagpaE=3NJ?KYj!?3s-TWHJyk`DIRWN-*LR) ztqwUu$5KAn3*H^^M~GAq*AKc31&T1;Y6#I`t>2Wn)0sVMrXgU1Hc2FlrqUK+4W{tka|$7q)CtZ5;G#>XY)mL@#<7uf%KjUyG~`A zk`QlIE=&ab73V*CbBf}E!r}C0;dd!h&0yn&o(hdKNNC^BRp<8_@!Y{j9D&|KmG3zU=r=Fgi zG^)Nbkh(kI&7`h-aiSlNN8HEa#an~}76JvIHvl=d!-`N6KEepjJTRGdDlopgbh?sG z-L;ByQUoEFiH**YkRlb0NIU|F(Is`J&+(c_J%&BBx>hNh_pcg=VA3*!Q*Z-O`w-8tE7{DfpT%n?Aub46!To#aL%DWYOWn;bhhdS$y3Y zN?wKu92ONBViZ0D8sEGBq>Q4B0}wg4-imWkL1KC?9cl8!(bgMPhe-e??@m@||08Nz zzXYt2!)`1f&EJunCoqOe9>q!Zoa>UalKDYmV|hqi?x7#NQt(r#XK+L5<6}~sessby zDUW&|Q*W_V<4HJ($73H?r^X8sNrz&61%33m`qS9mPeblgo`Z~B_LMq`?O3t9Ba2O4 zPpR`HEV*^|1*UcCXB&gs(jT6JdgRq@>9`EId1!n(B3t6kCiD5aQmTAfwQl5>KaC-d z{?e94!Rw&B*!wgtYOa`+mP$tsCnWJhKaMg{d6kH7fL4UlC^nTaX~Z{9Fn9`>PdNM% zW@+ELU#d%D`RQ>N_8nUS_v;&P8Fx4Et3`-PTiTcWtojEV{pxPXod#>kDR>Z%Pb1BE zjM@2|3O8&WLv#T2O@2!A33g*FnFYB1*8!7P9Qb{4)IB63pY3=+L~Sg-XYXMmm-`{CT|FKhIAbucCWQ+QQjw!wbY3QfCTHE z7Mkty<1SF{un@j@S+ zMu+}8-4*5WJCY4`gvYO4x5v@wKwO+k6(1y|*-$z!1<$`u@x{^G|D|P6#eHd6co{x9 z{<^2MJo3c)a9KI6I_CW?>0<4wXz_quJF*)XMBH@U5G2^6yYL|o)h>z}|*tfr$Mj7~e68`jb9 zuk)7YFmRbDvqgKTajHIUWju@zV{;Qx3UP2DIA!kk4jqNl|KzfBSOHMBqNI3Ybt&ru zA}N8Px-Z&*wkWvUduB3sh^AOdpoe#R)r^5%(nq_!vf-5_hQ}S#6@-f$wl$}plGl^L zvWxMKu7EH-c_bFk7ar79D!sv5p!r&H6u~5Y?6YJNUTOQ%4sRvC}yb?fF3)oPmERO6kS z=X1xwJTy$l>k)q>c!s7>?>UHzam%?byQ;rf$Jt`@u+uMoGgu9c06jHN8$+2(HI20S znvZ@lU%N5Z*PzgWrJ6gx5+!v%ByD-+=+Ou>#`g9NKmw{?45Q#17HaN1(?Ppzf_}ZK zbE(Q{8s#t2#_DZvTBHr>yK9m5BU`Ph(^%$fU)=>ZIk38^=)yPw=w`+NAFOmEx(1#A z)hyLk(4wW9GgC|sZ}$2SU<{8jHjkq}o~@0TE?k+#Itr9!RM6c8umSlASA9>Q2X2m6 z0iEzOgqBJ}-!o^Pqm}0l9HKtMnHudlM;qEZXzpl@L1&pc>X7l*G__3dmzy&*wOIlX zVy@->nqgdIkh-GJG2E(%{p}D$vmQZMNja%#N!C>gy*fja;`rD`58Q`GHNe>%RB=Oc zx*$}*%Yw65tb)5Dlwkm?|9mLsa3+KuJRD5)RL03@`7@$B(+jZT&ALt6$l5M;RHXJX z*{(S3fMRN&3gqxz10B-#o4th#{2OuTV##!{hIm5e?FdYi^%1}r{yQttwn>Q0Am*lg z1gmcE3eB5u(nx?3{8~J|Be1?ZM42|A%Uvr1L+Hj8+QVW;4K<51f{DdOVd(a-M=aPP zDk2~ppnH$QyXuj1waJt}Is?L49)vR>Uq+(Y2Fdd^Kh3Jw3aYHOR)fm}&vdpP#Q^zg zUuD}icaifo?&5mIU0$Pdi$6TRGGjWE>U zT1r`GR33bQPJWo=?A3;KcXbY1)!a4=&dU4}ZCL|90L%_-A&}W|NE(N=#<%{-f0gCF zNGE<~Okx0H`-#zg_ad0r`CN+jABTTA1H#Lj+FEMf=Ge>KooyyiBB;3QW4OWL?e^rX zCOCQsOIyT2?|{u@2tmPa^W`!>&!9hClblZ8zuEF>+oj1Gy?J?ZVvVi@exnXWou<9y4U7NQTc4k?3y}lAm9{Rz9*LH7>!}EfqPw+&KPCnNMihz5GiMBnSnotE-J|V#xm>=!|h3 zWC4Vit)t=9AGH^BYjNNJe7AuUgYFZt8RpLPD^(MeVU3~n!x(e4amFi^y@>CpA8Y)p z5D1zn>-qXW>-2wk1M5*bx|$f_c|3k@jyLsb#LIMc6eGeqp$`5-wE?q3h8|^>Zl4S- z`N5WSdo1=R?YkU~V7WOU;{ekrx<1D@pU&P8NT&PGC`zIo`H4v+?DdyU)pF>f=WRJT z=;ZVjgqQ^Sd#>B`qOtf5mcA=QcLcQxQf_s{(bKOZ^xIi;wX!pWE3*}t1Yi&cF#uRB zj(&?_?3vS?#i9m4C95EeZCRU^NpGg6#oLAZApC^qpYjc-gRRMFcn%gf{AWFt>7w%A ztEt%#Gli!n=D{A!(43c2!|&DA^u|-REPD0#Fxdd=;S!>hVqaEkeEMRUWletwn0jIT zIi5QEPwIAw_auVKT>7%wWghhOg8(JGqE7JW%^-!N48j(_*v|sE{)`PSvnGuwbW!Uo z>g)k^pLs=ni7`DEFL;TiX z_;W}-t`0R->U!6#J+DF37)&2#A%=w#tH}o>@!bW=uWq{gT_sYRI=M6#vC5Ab1(O!hd}DB9q(bHBsxcxRsa!`CW36r9 zUyiE_ZG47;V=uqPMF-x3#_91xIGY`Q3mS>b-%{VE_e!7+z2$Y#i>u#OM|%u+SSEG` zQt2DSSfZWpsJ)c?uDU56=m!RLvKF4O55B8<;sifR-|WrnoBp2q7@`dD{jlTDYKasT z0vI#}o|@Lt903~Wf}63i9wK1--oy-h=4mBp=bzPPdZsBUk5WH?>ZJSwbsv=;$kqeI zr9Z1k^z4UF?Xbs?9$QY_)6RPa7JWG0451w#Li?lGy>Tv+^yzG$O+6s&(!mc^gn~9* zyWrUseWGUy@&D%lt?I`PLABs@i944rwp(U_Bzk1SqDR)>L4WYE&41Gwu+I>1{yyh= z6fZT7^q!~@g@s$&>BA|F9!^wHfWgNCrNNN@!C1Jssb2W=LkWm|@surr=AMm*OJDd9 zb}6fmrowD_FYx7XFKn4g9);<|`5yt1$6btz)-!L#P4c9$BaYhp677A#kJbBQX#0GZ zhlVA)?C@Z2W{1LYlyL&4{r5OPMi!n>y%D_@a~}{I^QlQgk}0JhpHN3p77NV@pQ@8m z*^Aa7bq%d_(-K$iaHHw!YTbDVI*isvJTeDC6br^WFAhW!0WN3Ljemue{#Q#}K7{9h zG2Tx6FJZFA!Z z;yjzSghyPH-d_-N(EU5{xOUx(u2lNn7izH`b7s*?2+NfIPqiurA5;IS&NZl;xK zP;hUpF0iMX2t6g(iCU{qsRzhW2C@E*Z`AryT_-mSY-1|FdKOWZSv&@7q%TF_x=d|I z+Un-cuJD3xW;k#|r2WtOoY!q(4bg^Vi9V@TavaRdf~>QwU^cviro?DxN)Y=Ogc{+X zIK4B3!$MmFl)7AMm{JKF|C?i=Mffb7ltm{N6=qU=tfnUDzNYl-NHnorbBdUKZu%rv zD~#hTIyzE2+q9O~FFa^loCbql1T@*PDU}DHM}E8dLr=tOBNL3qC&p{A*k=ne{BrB9-`oz}rm|g%%g~uO=45j5 z`3c%t^gx0(n%0CR1f4A^Or%o@S^~Ya4!*?sb}fyHx53qEoE_0)ZtHPn#sVC)?;fvQ zvM?O#5K*QE62S@c9a{q&6@C?H~#wT8k?@J)x3aTtB`aB93=r;WvQXan|g z#SfDcMFi@&E(}Es%Fcs2tGSUnYKmM*oQ#if6J;KO66kMsXee*Lzy<@fMEHL9btdN~ z0oz0g_-;A00*4XKsjK;XI=U@@u)q#XJ6ux)>CXYjqB}EEa_JcV`pf~X5ajDzDoF;6 zraY6Kldvk-IkgF%Exj<7ndbov*Cj)1#R1ywdKN-#W~4}TbF!8NCz+;TC$m;MFImgx z>r|0KnLkB|Pmx5w*n|t9xqr`!r!C2vU9UPNMa!aPDL`cR5w!gy{uJe2Pw^$v^C`GB z;4#{#3lxHmEJbUjHL04E#rjrbcB_Hg5L9SiqpuJ*Z3v-3_oZul1Sd@lHm+y4=3-it zq1Di9Pubie9&J@OUIXOk1{tP2?EmDVW7nCxzu%&(*SzpvGQHu{l8hC`fKyOTGJnmy_v6MJyfiXuF?_(vfl!k#0tOs> z%@;SMA=tLuABLN%KumE^?l9U`u(aidLPE;aCcs+uu}rNfLDz54@l376{GF1et)`*b zS`qy;ODm?gb|&T0T&I>uE1cTTY20XSDRsECwpyV`UdDS%eCtg-5T0C658J#Nb#L^aL~ySLad+- zqbWM%2jx2M#~BlU5UZ$I+mJ4p2VcJG6?VI|q8L!}?N_C`X{uY>P4+OfzaO}@w7zeU zXG=G&CiU{O=vVogoT7iQff*cOL`0#xv$YhJsW79RIZZ*i8K)ryi^ZfrXKNL1T{Jbd zOI!y=wIlTN?T2k}h3Tor&VM3T%W&dBOZ}G9;1n#j(6LMyb8E|cDy9iVrTB(VPEX~O zWmPjpk~mwMRmCo|xDp$B!D7Jnfs#8Sa%RzMS57t?82~1$HZ+ARe~VBBhYLVn;y!?* z>*L4e#6oBR&E6s`O`H&Mp>VJo3hG}!pOQ^CjKMPWjnNu)$}@bdmLn+j+_5l3xIlsg z@!PSQY9@JU?^u*)BIWisa!_)i+!DX)+u8v)+Vo+CvAHks-r}_xR|iIr5#bis8ZFk8yH$_ zric=zd?a?)yijKYQ<{K+&{bw8+S181ucwu2_Jp!Uk<>_8DwnmpQ+1r+z%tkY^q~xO zWtpOFPd00#JRMZD`hE#XnzopFRBci(OXcbyT{6BviP##1cewdbn0bBBKSP+r6c=+8 ze2la#GSY=id>4u207Q&II#GtkC_21yqAQw1N31jYkp>fZYaH~hs>uUqa@}`Nf@A7I z=`Ji|aXODoB0A&WnuHCJkyYT}^_r$6S*_AxO)Km-RxAV9`go9)GOw1?FKdQZn?XCh zT2a5$N4(m^ehFWD!L{anTCG*LSc8d#&JLUxvH5doQYf8}uUwR1(>92`;joq;*=0vSj>p%#o~clWR| zeeQzUlNZ&`UtCwa2%N#M6yc!Fd#b1imm2-b%;BQ5a8Y@cPxBU>p1-7a!IZfRYmEYv zi;9%mmS9I$sIgip3hBR2Yg6=FKW8pN^Xk1DL2$SrRi9F&0;R}ILTq4c@uC&hxM*^b z=7vAp=|u+bnL?*v$H4uJ_v2wtbtd=8$G4~>0t{3Qi5_|UZl87kj&Sth*}5p)rHAZ| zs)m6y6TXznt`v2H_6YwglYj6Askm)2L!^u3p=Y0<(0TL1>A&e1%AVb372pR%8 zkd%i@Ua z-ur#ub8-UMd!O(5Ki~K7bFbvQdtQ6(wbxpE4fNGLcG*;4W4#9SC;xLh1@)9~bYM?L zaWu9}YrL1s#c_UzPyG?7*8MRWpbP#7GvI&p?(v@*=J=C!F0p;9o0B{B6-9UBVC#5h zp033kj7@Q8=@HG}W<35q(>Eypo|9-~rfh0Sz9H0sL*h=Wdhz1Lo{oxjWpV1W*=#X+ zM*1_YCmXFmn{D)Ae*GELUn|Gbpf%2zXLN2cDzrHbvl6S&=;|YxRUaD5x&oLb;ch^1 z_`(>gS|Z(u5to*(Zr-qgBd=R3O~ROl7|9|o(TU7LL?L@Q1pxzIcQR5;E7u@n#kp|k zY72nhi5G3w9jJiYm@CGJRC7w9M8pt(V477T{G?o)VtX#p#{Ob zbb4nfy`a>{oJKl>h8^g@M4OV5L%}I*&u8RM1wu_L;S(usy!t1H;6wNb5~viL2D++O z<*xdiQVE0${eb4b$cTFBQTaAX!b6ZE>`}yGtrv59z8N6_2dnhJrkhE*NUJ}991F}$ zxhrMr4~%5$2?nnsmzF{u#6oB2G(snw` zl>3DWxXo6l6@~0c`$QABe-b~)Z<{(MZ#6r7>WnC^v zR|UAyXkAxjsgm$nKa>dF8qRDv0+=pd4Xt|!4Gsu(Fs>c>k_)nhR5$mz>TW)-q0h^rOZ^64&pt4j1s_Dh4PN=bO4#;P|9}O$RzmO#brg& zI6AY3)p`g~#GH~!9xAgME&sa!FfBB0`&*eJ=?t(jZec!<*84cYQNVV`aCd|HGwl5F z3}yuIt&GMZ8`_HiFZv8D(_@hIgTCc~fKW_(C zh^;^!^9Jp8%vI>pD!cmZxS8{!xgDF|sUm-`x>FSTdKE43WY8IR4GdDyX2uV_UyOI? zc0RSWPArJoP9qkmEe-3RsPE|<%v$x0he@cO-KKh#{T-b~ebzOM$R`oePna&nqFzqg zWOHcT4nXnvd49vj_3drV%i34BEZ>MX-BELO&!0N@Y8LLt(X-G+0F7FL8P{!+a9oBR zBci;D&?T)C(;EEvFDKnUfjBzC$7b}@jbNm~tfuaM^i6%#acShY`}h^OEyrBJKqR0n zw|FQz`cQVoZ2zXP$fT5_FgC~VoNI;IlnzOVslX+&8TH?kRZu8Lo!eO8Kom4MdC1p( z8?qY2PXb+-@0^-jbA#@|Hg&c|x_ju2-@+aFo@R&`Z(o2X_v@pG32@)l838dAt2ehL zYiwcmfm}G;x4}UP`s2G%#YH8WfLCYxQ`IOz;UcjF;WRsZ-t>sRO)#HaxR36G)y$XA zXuv(cVdGSVw(D1(vjTX__+u3Bo&~Sg3x{d?@0`MEsAYJk(Ot)_mmdF0mSa-%K@nsK z0xtABtR~}JprdXt`81xsZ=PzGBTt`wl%A-_Nu%%nB%CHMnALgZRq}$Fi-oCO#8`Zh zPopIbHgak~$pNXC2I}pvnPi4_IGF4+kN;lD|CwH0J2Gp!J&1Sa3y_73-v(2Z9)ueI z0Z-=V8tginav0GLPy7{uYS%uOk1Q6Cz!`qa4Tw^=-p)s${{&Bk7ufkl)c?m^w0Ofx znQ%UMCysfLpVN(W&xiurH^84FgPUma47(UgTN7ViZE{?#T9t~1<;J9%k?KY}FrMbl zvY(+NFBg>4KmQzx$JR1R9dB3tw;yle!*kci5%O`yS@zZ}mi^4GLx?=fZkOkm5PxSB zmE)&2438;XQ%Q^7<4aD>SjJm!GweCHqV;p_DTp2$&z?6PW=v zzU;xW$<$Jj8Ag4DG27ec+7~PoGwbkf<~uYqy(zqt*<1CvZyaL49LIIE`x2|^;1XyF zZa&*?%^GcO%NB@5@iexl)Vs{iql&PodJ#tEac&+BN-&31?6%>*g}8f{ny-}J zI>(-~!DrRuH%pe78vYM>iGq(mq{zO3_Mtvw2;{E;XCXG_#1x-gVSk>!vkH&wSFN#2 z9BnkjR1d^hF`&?pDhn3n{6zPhYZsM_>H0*utMO6+vY;+|sZA%>*hNv{kC?iEhY{YK zAC6*gUXJ$)6w_Dcpg8wbyIxa>C5H<2KIT-JT}sCgL0wlWRK)fxMT2`+(!2Q<{8`~n zML$~&Ln*{oO{PN^XC%|n0edF>a!Fnez54)iUj$q2ztGh8@Hkx3X0Ip|ki;5-gSGiT z)emRNnfu|;ii_=rQ~TPKy3qIg8i}tBP12}zlf>&5c@2<2bAKVu%rJJ7_UyKJi?T})4LT24nHnW%_MOzu^-Ot)P zk1sHzY!R*!UTLl&s+>=i*n+=upexgiS(Jt>G2}Jwe01ceaOS@$XkG<1=KwtQoeK$Qa4{2TdJ^^FR z?A>-+9;8Q?x$FXciVRTFHfVzv?tv*^@-`Udrd)1ky8+T}*kkXY@+>$euD%>>>bL$_ zQ^qnLESD~~x6s~w6$t6R7pq*q*FNBynFb|_R&ZIYNvI?aL9<08E3aTix$?dstQV05 zi0<5H2b!P+<0NWe_9K^rDP;R{Q6cy~1LyRso9`pu0v_FGUrd$1gx|}FAHXWH;YvG@ z>F*BCu^9!l`AQJ_!&_5>>Mt>WWP%O%5IX#`EU1#Ng=yqHQG3|730dxs8% zux_9-NVgq;(*83`b93nEA;^?JH~=%|D>;`9{~T$!+D?J|%D*4^4otltxyD{i)>C0{ z`Rui}>%(~YTz#EgmCC#h@?+8d>+G_8b%Wq1d!-;9rfdzD+H%Zje(p! zs76-@&&K`1FCCS#K4w>nW+kLus!a#51iQ)3he4el5y1c=1MB1z6YM5<3 zk&fQse&m2Z2+zx^PXL*&_ypvs6MwF8Rrfl~*$xVQ*DmCYYe}E9XQk}w7}z=7Pt6B0 zT+t_C)B5e3>~kloUSnE}N8muJdeE*IS6ffbpTzvxcjM+y+gD~VCV`)3XG8kUx9ld` zcFfL0aV>@3%d+UTgLdJx@HX7s%jMmYtMj6~HHk`2^}ws5xwqmv3w<>&SP2vY@RsVV zsSJPR@TE|cQplc7*Ac980t6VIcdMPvZYcZJ+eZFpKo@>_&@Q`lDYFfl*F+!KN!0=W z5i>9OiIbouFVx+nt18jU|A8&zpn41Mp^^t-yY$n~*gvA`2Vv*F0Eo7Z&W*@A z%y3oF-zNvt>BL>Acyvi#G3|W-j`3gogq@S8*5Q7(1b{=gu#`|Snb_x((rF~&Ls0)NicdD@I&n3U51Y__6V5yy??VOJ8mED0!-Qp zw-eg(dAp>9(GJH+W3kr^!Ro)5UqKIj(Jn0z|23hSKFFxaC4ULW?x6>8vakNKy(m+G zN^Lg%_{;X|af|%(SL_b=61d<#`yyk;f9O8DN_+(FzYk6Z3cqOA*I*v^m-}oxwwI9$ zzH0w_QtVj4uiL-Sf!GBM^v2hrPW;NroFJ9oZwIpFBkwJeeKKSpG3M{Rn* zMzRVS??zx}u0FUTkjlo;-QTd+(YHFGHm1&{U_oridGE{Y9vFi?T0V-Fy*30ktn{S>Al!>Wv^8c+89`Ia?xju5Q_|0fjKi ziz!^%x~2`umQgYTT&K%O$x;3Pt{qm!M#-C~t+!x@HO;%1W$IWD=hl^KHT;*~W=VN1 z_TQW`0ih_tde($t6M=u3&L|Tkn3d^I&?ax|KyEB0+-O*P5OocAWK;=gsxSi4206S^ z5463k8`BRw@qIF?up-0k-Ga7-FVwSb}w4X>F))}EElfNO1 zqgSrrrSc+8!C&L5bjiAd9YaAX4H5zT+S&ngX_QpaBdoYgXToL?vK&qY33X3f?&c}4ZXf8 zdeqLJ0Y0^Fp!*73;T=6HDwjNo$H7%h_Z4#0QssB;lETF8e7!RbM(;3`hIai-`$kB= zEywJF{6y`%zRz1a&^I{ff@PcU*J+pG8_V4KGU`%%>oQtX&?nkAi@CT@=f^qpVXR^qudK5G}{ zn`TQ@ZY$q>u74K1^4-tc#nUyu#jL~xVlxv~bi-@D#IT@@dd!QS7QAr{sBs^wwjPK7 zdHeA+k=9b_2W!EmOXT;9o(?!cnHcorN)Bfl5vIdW2a4y0`vsHFXLW@!R?wBT(2lw> z$G>h7G!~t-{qvyDZHh zE!95(7Uk}z>^rlJy@Na)-*WONrR;f@;T^~ty8MXULBBd;e~g|VL4+JWT`Lox5+4*3 z9X{M2qYfp#cLZ@FSj3&5t|XYAYE&w}&cQ$Gz7 zALO5fsahwzHe6`9n2F zwj8=x@GNp5Jo#UC#)J)slR9$I@9eqb=!SC4lp8>MG8kFi*SkZFQA21MqF?>N zo;6Vop-TuY=Aie)O)D1{O3Lq3Y;P72V`X=&*7HfWu5Udv3T z*11kK&3YdvZRg+M<9*_nwS_e2J?uc$+jetoALx2v>=*QUAfLHQMs((0KzjunsQGVB zNv=W+YZxpjd~4YrVO{Q|AYJy3J#T{i{Q5ig3i)f~opN*|V z0>1$U?8XysLWYY0NG~--vNGt)?*T)xh_&>q_w5H%+B(>prc(WT_QZqtJ5>i?L?A*t z$yqa=9e{?CoK^D250jjZGK0nHl@;mK5S(BmqcpVI^T#=N$1XW-yt6XfKQ*?E+Bx3Y zNvm(q&+ssK1Q?9WLT}$$o1Xx2kt=5#EM&f%?6e6A)6*w_ko$f*9ti#?=(0@d)LT;> zE8W%ck4B^8HZn|n;!S9aAAZx$8rhrbJd;E{>CU8F9V{0+qZU|8hti!Ab9aqAp6(z` z2WJ+gv%a67O(hRkWYAj?t8`>`hBG~BB$DauNTOp|&ZIQsI8C=_ISy?(igQ~v(YcDg z9R^S$iWlvZw@22CNh%io}SEcKBK}SSZ}~>4hKDOYmPIOuFS*Pm(Jh&GY-zNJZD!d zJ#ec{qRsiv5?{Zd7+GW=4wh3%fs;wo3Y-gAAwP%hK$7YEE1edO+A4-sIn@3*RL>HP z=1WUcv!;TVRbuD*7C5b~Z&?PIx}s=n+s2ixYuP!Dg;2^Xat_d%m8of&@rloobhyZw z8;%VEDk;qygRMrCM8Gv^VvDnut}k_Vnk}TCwm6$cHk3IJ zCUJT;81X-joF;gDTAY2hMBt5dwhj-$90QT(9)dsM!+A*Q6s>U1&h6?LZ0>Cy80gsB ztkTre3pY9W8ThO&iH;sRS%G9FcBQjeWj^YybhZ*zmQNgqtjZ=+{!-v90-+Tbb!=yo zEA*lcPX}^T_eNk%|3$~CElD_Awv*=(R_DboRKBmtaf(Lz!_Il*=<8P{r4}UU0RcE( znGBS&a=j~}im4~oe=9jbOdmS&<96NB12v}uFjVXYjAiuGujO5ljMM?BV$Vnb~bc*v*61{ahj>MJ*Cmn9t5(Q~ao^v*>Isro4 z|2hu!^fY9>!J)3DyZX}e0`4MfNa85r9A?uK(?J%V`(FNJYX4nDE@vO1hUr)d^5D#& z%2yG&Y@Uv(ZESSzqXSm{gu1=Gef@*okjw=h29bnoMTlBP z30J3EQ#)eMbUu|tsk5Cbs+o<|ZJzCHppX0|J4jE>c2?5LInKPg*!HT#}+352@ft$ezz+#SK9U|EYE@JF&%| zcz&>8WOUoA4DlKwNRR{PeMHS_>KMFm7aoi|2AB2i@`HK_Os;n9hzzt##JQSk7|x{nL}&n>9&=@C0?cWd$$CJd{#~KU z8eS=Cd+)S~K~*bosnoUI-r|-n$!KFPj3&C_EZig_o4Sn2IH-+7Uz>=qi!OsT=^%^` z?|u@&ihnlOSx?Viot@`iq$zG5!-iY3a2V$Sts9%5hT>d4^zj^=nkRB_oF;rFw}ekp zI%3Yiz=IEMY|BUPK&mviWwv)#MZ?Ph>C0{01n)?;%+Gx%rBt$LAv?^a=c@)L&uchW6(5>zgk^rMalocogwn`xfBXsC6O92d!P1 znoT!#Tj^PH&oR`+^!RW$UdOZkSWq(3y3m<7t|Gy8s2VJ?8fTML>?|C4WwCQ^(#Rj0 zoz>&0`f#v_b0MYB#8Ri6o>}I+?!OK{J95o(rwfnSE1ah(=PXb%Nj&zv1;5kaxrk@k zbS^@%KX@+q2DXn*Q7MqA@wi>HPVfneMmU!ZA!a%wRU&L=i%VU_y=yFlfE((HAiZjP zdpxF(e=by9KeN7}-hy<7S}>b{$cN{2zG?O#+Jv-3JlIYIeeePqS#;n3$}Z9p7EJy` z5bIjyOwSR-=by?Lq?6Wt2-?bzKoKGj#3%2ph0*mYC%sH9PKoWz&icq7J+}(iX5nf; zxM(nJ_ryL|ZfQK3ZqZpy$^(YfnAM(zVW{_|}}ej9dR^4QO}vTBl;p zspcszG~NB%24R2S6~PsurqFmvEj_!|X{Y(E&N+0b)v1{r(fLjpJ%2f(N(Ih$0wd3#=j=5-3sx1ZVWJVGb? zag*n5ah9aEt!Qg+Xvkv_(+0Z5X8Q(2=TSIVv9}YuQ{N$fDAZ#MLn!(HmV(nEsTL z0%gNz$4`h#at1YqunS?iI^97%rgg&*-ed+g4EOhg-vhDm&jSUgnunf-uV?5>_pqvT zKczetp3cZVks8`TS1&9F=eg)Zz{zV?f_=jlR=c)rd+BSB0;ZA;Wo`uQ+wX>*npC}5 zPE(Rk&-?+%9h0mM()n&@lWYwAb{I_5;@^W)dS$hwLsvS5nc9-6C$c-zL+fr#MVg)8<2YZq zAFOTv9!$wh7@0T=?2Hi<5~w zQmErP=aO4@fgO3`I;U&|2mbd-ifWwv7zor=JIYcibPLqt6(4sj1TNeMw&Qh}Do9vz ziSlNt(+7^6v3k+Rowf;lrBhvUcrs;O@4QRv%dJAXrv(XV@7iVula^5K4Y&Z;l_NUn zBQ40HcwkjQ8dY`L84H&n$3gey?cIY21W(aQXnimTc!gVr$S3 zRuwFx+o~qj(<3LGoRO6`IoU}R_!MZ=hi-OugGPyM+^3*7NxK2;Sne&(Nmfi3CF89W zLH3+aI}24EBy`Q8=dVYg<%6FF%VL#frqI_;=HwuE5JaCjvpfkPGSCw>sA7BF+(#t1fp|-sz51mJpHFzClinlG|QcgLj2@$@yMz z(jdRMcEghwIt!REKv)?$_8DhS5->k;x)5Z)l6;*bSKaQE3Y;X&A&Vi?=*izB`_l7w zIFqUA57{mB)jwp{Q~$q$Oa+EAf(i`vFJ)(reDPnMiln5_$m4f9+mq=1o|F`tcQ?TJ zz#imR1?Yox=pz{!^yb~pcj?*X2%WH{$C^r;c9w(S^aLiPNTl@|`u@F+W86zbHSo+A zoQ2tldXG5le266w8wqk*-slE z3gz0OzaC^g#wa`9L1oBG$IivYfBf^9N!?$;@n*MADc#=eOPn&GOm_znpQ0C`Dy#_D zPo?jWZJuUrVWPT)H?70kvT>jTM0Aji74S*e0d=^v?4?eH0*;D|0cf3@trh}kDXk@) ze5pdcMdzbL#n_issz2$vFGBlqwaT$rx@wKbEbzGQ`b)aAfLC{Wit6!??`@U=|%I}jSfwJCukCWqx+Imp};!~?8P>9XkX9wa+h z7z&qHClVJ}BsfjPp1HAtK7v`MPW4R!BW*UxgxtXS?90G21hJ#ch0Ri9>8oj>r=O6 zO^Hxkuqb{nDFi&nVqrg8WX(2 zxB)Ox&}HCXIyTELi!NBOpt_}Xd38YLf<>oUPb)967PrP99lMpr1qFJOsKJjIj8JU|Xv5=-@PIqH7OY zoqfFsAv&nIJcQ0>*D(au-wpN#8XHJ`B0UbezIB{?1U*MC@9*i});-j-H?BW*EAlLQ z`-W7e#_lU%vL6Uw)d3_t`EzH+U0JE|N zqTI7`g6r1n7BRaIJ*>C+dRhK$m&@9#VW^0lKzcP&TjHKE?l#=Nl{Xd2EjWtu3Djp= zR6s~5C*OEy`?tbY4r9a0r3;Z~ zQ0|4)_g1Jl7oUt{hW^~pi$gg57lDFYGfUUrmaLa@i;|(=(tAM_WCa(qVog`IfFg)= z2At|t3Iz~%;q>8#*)cRcXw^&_MCx?;w1{Ok^hH;_ob1f>9UzEET7`xK!I%-aAku>Y zknW{VG!*K1?4!nBXd4!kh0;s+Ym~=%fF+Anvw-KrE)=R#6uqC1`vd2@rWSQgX)RE% znKdDD1iYtI$89vo6XEaE0{G?D>;c{O)x=COCay02ZqbMDu?ps3 zu#J5<9o=d~nQHuimoD=`G%;Sk!~W^BG9IRK?|FL)%#6bF%1y}G-MhUH=xWYdJO5@}HbE0ib}RnA zshUZAyGo~6jjW{zk_V*@7r;uT`Vu~kqP0@r`ujjF5U)nujeXT9sXniSN|zMCWj>JVoPSHdUGr}i)m4=y?GGuvq6a|OD6V_P zb@$Sv8MP&un(7D{q?2V3=I*(oHf;jmL3GobStV>ZbYUDj0;(7HMd|%;?ba=dF9Jji zlNw(%pWcYn7L=O%PPk2Bm<;DZ)@?h9%^fW!sYD)S`Eo8d4CIqIai_+X}gUCCJ z8;?)=hP}JC_x0{IMBG|Rn@@&H>B!S%VQP2`1QZT&li5Wd8rz+aClRV}s`8cMWGuAp zznq82deNz;))(>ob0`37n5vg6Qs}A|oy=R4kydiqM=~bUgD*m35huE?ONUVtMD$b+ z#<7vsr-!TDpIP)?6YREr^gDFSiX(dOcg|;&Ht7q$cjhIj7h+5;jh=lOihx6BL2|gM zWl9R&`3eO8C*MMo$g57(NY^X;CMj7|Z~I6_CDImp-gtmE^CaM19=#=_B1I*2qUc96 z3R%OUi!S?UdKvZo5&ez34uZ|WKVl$Jrnhoh%=ViBjT3)_*wcDzMjkB=gwxm>9T^VL zL!*+#k$yF8;sy!Rt^+4(A)O1Thu3iVYtAR>wFd)JeH=67apWf5iPtp)_gf@1f|zV0 z1IG645jgm91ldK@@Co>?86U=|FG#{QCjp$VopjEkznpY_G10VYmDgulw+T=G6>mCI zi_{_IBcY;*Z@(zSAqo*?_Hbno)3YX}FH&Cxt(* zPQY!~L0o?$DZGP`f5xp3R0n8PDX!zsj|(r5TnY64xNs-!7$3eCSv11GWFjzfWJ0(u zY2-^OVQ7Elpg)SVQEBXlCz`gtK)5OdPF53o;Pvpfh(cC3)dgIe+I|OJm#5zd z5<}O)8Yc??`1y&-B6|z~@*9J`)+qGDib6WismiG}U5Oe49q|Qe8eD87coYJ6u2dAUb7=gfP^ZNO`XX z_(JR6fpNgpobVqea2Y+aJuAN^0^DNBi*;T4VPl%bnIQKJAX~AaGsu1O+1zkraGK@T zQIG7k^GE(QFZ|)8T8%$G$~czCAIOZOCUA9r_OuUgqpmvvThOQ(QhCQE6qm+N++v9n`uHPnYt#N%f%WZNCq%=t1&6v+S7H02XIHuGaSl_MxcdiiSM zG^zr~`E>86D?(BA6}eo`v|Bmo``s@+~4B4{%c ziw(_ft5&*}I@@}>A;0tMW9QZ#90*8}5zGM=3GGnY)gWKpAP31+_BWi{uK}IAYCJl$ zd}=|3nu&-_v0#I4xrVG83JL<)R^0_X`l(=flqE$T1GiR<$|l*4D$vL=08TNwTH5HL zxS8zL3aH3>A_GlLNSXt|58MIkdi+KFVTU$t;(hO9`y%np^g!yb@9PSlOcF4;d5H7B z2(Sdwf`3b43^2I5j~)A)nlz4axUiYg7>pf-x4w2h6b=h!tL}Vi<@f!r6mtk=SO`XFh$l!EJsRN zo}f~OD7xf!$Cx&jV&1dW(Uv#RpFxw=+h_H_VFFVzYFNNJ0u?NziH>?0hss+B>t_29 z+6%FZeN)2HmHjD-Etvh#u?JI%muq6_uV*0UZ;bUYb}VH8@q%8e z{!T_U(*RX_;;$+2tn&2)mN5>bFz0Ceb6Ic=yO9biD(44I;)`zmxqRE(m# z4)Zr|L>2!D3Yeb$j-f7CPJ(RF)tA_X1(+u%rU%w3-4S=DilQj$?3Q@C!&_0#(YH~? z>aRu)<=)Mp(Ni#NrK;f->ny@(J=6zXIw*#;s8w1TX}p-n9_s7qLn?Pu+Qi?c#x`Mq zg3-WS-DU9f>g6lz%7chmjB=1jrR5Q$gl?gX%BC9`A~pEXiJLlysiK)acL1i?wUOcp z0@Tuz{LN%GL1(bh12ykL^f>NK4bS>NtfHGWa(suts>P~ShZO{SjE?Z~?_N-e2I5)c zS^ctS?20sVe(BI3oPs&-NyEmE#&e()TVsquS~~fe+^S4Xc9{$W=$!I03r3z`X*T=m zIUfYUQKN#YZW|ofjB9}ZU$_AG?E4=^&65%{1Go~~`6-DHm;2TKCr=os!-JFF!t0mS%np0BPtA!9CI zE^Wu2ZEfv1YaboEw8*t}vR1SQ^Yu)x9IT>s5L3BORUW(6bwPr`}OjbF`1xT!TxX4Ki-Yi*ul zE%7ndHT6>#*KQtIEG0FIo2(^QP7l{QvV6C@WqsS0s%KAxyTWLF5M=r0MlcTeJ3{94 zI@~1N!N#)S-FL9S$X2*D)z0R@DN!?yHPvCxTQu0JvrRBl2HKc2%bPy~kB%HK9bGZU z!xmKX{HC^>aS~jZurmJ7?OI&ZEpelV#U`9%Qf0dR;~O38DJ!7wr&%e{{djrj=LF@dz9dKZeJN=%0wIod5} z1Y@?4RSIt39{!s)(FmVTTul;U)@{wb^Y)CnCvMF|yW$r5Hah_TFyBj}n5H*rp07LE z(SUIKO)y&xrIiLgr-y}Xc~qoluT^3&g!Cy_>~ z0SCe7SC*xYhivcNAuBfy>}7cvBCz4CL9Nx4#C8fsDBZnK_9N^!FHQyHvCih)SXkw7 zk2-*O8>ZvIr2G&YDA}8BmYPAu;qL-tC40IG-y^+JZbrT%kprR(Q!^-pbSU7(HdT+# zQGa+^ux}Js9o%B*R9Gbm2xM_{`3cDd)+NKZ@3talIi_OfkMBG_nsu{vid!HH>5C4i z3lVXR0z5w)m_vzJB$DB!pY4zIFSU|u_l|^X?;gy+}1t8+) z(d$K#2DnEPmt&1g4PEYPhO8rg61-b@%w(+vU%R|Fa=&taxU;8MN15IWYI&@mDpWcP zJ+R>lRS~orQksD5dJ48pGHERs>|7?w5&7if48l93ssIyn)fzkoW_6m*xkuf(nWN@j z{8NxxU~&CpLJMzVK6R=>2=whMlgS7=)YSnnOqOwnGk6$5 zMW`QhS2z(*V4-(&yR9J2qp`sp?g%5wH~%*7L;;1a%*p316l5_spBWt><;JQb_o_y) z3?%E&`#sH?q3&llj|u3N0?BqG8F}4pXQ+m^8&Ov4x}q3EsG^L1H1!fk0hE@yL{lj?&A8tb z{%dLky`E4dP$T_C{*vd20O(qS@2S0g2FxUx**KFPMBN8F|EsSbXQ`Vpv0$feWtQvY za5F69MLNFggcC7%%4F0xaUssQV6;A#`$BfV2Fn;>!GUV=l%*sm^ zRUciQ2@|j@_rvM&x{Xd@xz_&~yYtOUIU?ERL!t_xlMC%oX?%_4FtY9O%0mguH+CT` z9;?bwk&>PWm6pXrmG5G@A{=`^HNsPtnC|G&YXi+OdS))S5=SI z$g3yaP|~rGGjpuU=i$W&?;4TL3jsz^{ve#`Jzf{@?O=O(t^`uIx7{pznF5NKJyzIDCK z10#WX6kL@R0@kev4c2@%2J>o(=LO@cCHwBH&(St{V!pb1T3(-R&FeW4JAl&0k-vPc zr4__36nWK`wqgzb{;&d5%2$E6`SR|1irv?mY&;fDvy5iGscGff<*l_oWLT^aOku-m zns|HfRit~bt;nx%I~=o0F<0?0B(8%JF7<71Tydq_|JZdxT*qw4*wv&f0rJ>&qV90+ zMtBqQ19R#6l{hHPs|BD5k>?EBnK^r7ML7~s4L|daIhc!8XE1=*@#*^&$VAV)MGQ)c zez{k$mGQFS^2X)Mm(RC6oE_W-_v_A6RDiB`TclIbMAgMvXDvTFwhP>KyJ9+-J=PGWgn8$n3)%)hH_SHAHL>1+=E#XQ`?V-L6;>{UyO-`^Z z#;j2@pv$Vq1#KUJi8V!Ww^M9@=B_8= zrxDk!weTFZQRZx)cC$=H(c-f@#0Qal%Kv4Rop42hY3}shR)CJYD2Om+isd;;cPr4+ zkW;6KpUJjG`q}$6@nmht(gw9mP0SWs!;YCUU*w{%Lf9rfpcs+6lwyTC+)#T<6YMM3 zE{V!-h;QZvu`-~3J?zI@;@ z*=Te%3kbjJ`(| zFf`2U7*qDsCzodwNA=P$U$dZvR!e*H>ebej_*XHLT-{rD%oODX!M}W-3NIX*M|N-o z(wPx(d<{4-5xx3o?DAE?=~io&i$3^_sr3PC)E@@Ex=7Y4H3L)*-iqXGKnhnD6TqUk>fQ^Q?_Y4nqQUB#dg)_|* z#{`?vKnX!o&K4bS=S-zLU#>{YkFcSyIF2Ie2~4p7;M!Z?ck&lw;YtUDKQIG*pYd0$ z-X(b|Xcec>H1+|kcS9}8?WmZtWi49(%JGJS+-^8|cd9F&cax8g+7(ohtpmRJ5W(<* zlNVZ7$-MmI@(^f4Y2U1xnqz8S$xvipl6z|>PN(Ay!Srat(fy!U?izBVB}nqUrfizIW^YB5b0%mJiiV(Q=tEH=%!WK%W&=4jgt27^id$txro6Fzl| zddmBD@Uh_iQn&#fq5fmWCA9gQRi(Sk`AUEW?gpU@opE12B=Jh!KHWcN$a_DNCC{3k zAxZ0YmRAyD!c16YZddop)VCQM(z!S)x4ACh?H21eWK!r6lQDAvQf_a0Ra62sy4O1% zv&1Uf4KmQ76Zo=$h3P@Z0*O27ZXbGTIP+@R@db=LdYJhE&&O95n)~zYifG)O4agfl zPP+$)@i5o-2#p`P+>!ksQ5Act^jJ*PM+?#XmDM&;r4<45XZ z)GtB10QG-lfZ|yhfvpr&$A-k@m}Y)ZB$%rR<{xmbN|;yDzB^a{#}6>qm}aM$E26SO zMeqS9s~Q;r+?{Uh=QEmco#0tq!?CCQ!bd8~qOl~}Pz`mIg>0xZ>qjXUF=O$PnI%Il z5{aJGyE_KjJBN4m^95>ZPQ}7}ETwMGmgA-dh$hU2`KqP1j!AZoB1d8l%~Mknt7JOV z*so+uif*+ETlJmK6+MB3`2}{FNpM=mSem)F>A+U2ATCP0nz9z4p)p88j0nyqS@|5C zwD13DI7NGhW-YLa145|ec+iq>6co0F2cb#sh2jZdP_IY&OfriooD4uE^)2k7a4qE(N78TQD)WnV+>bRiCrE_3Y-=8xYJxI5L^8Tp#jG zs}}-&BdlxTdKHfNS^$@IIlOl{9)P>(2yuRksJ9dk%0MU4w(=O>m7>tuQ*hPDDIr1n^xD2s^q@Tk19bU*$5whulF76md8)S~gN)h=-0e6j<#mgE--W91oXi+p#fT>EAwmT`m|(6R2?x<1SUo|n zaWmYCKtR~X>R~(sC~ffR+wfSLE--EI)EtJiuzp9ZGZ>ULw4^8%IX$YXlB385&es39 z(+~-J^G5U7u4o!!MR;(6L8IK_`cUw2+*zag+8uk`!VoQW^1=N^jc)+%9tPmscvPgz z`YQ6LtG;k2xIJ+I9DQ3GsfiCOkQeAk_ugBZ4CbQF5u)gKZrYIuHzxdvf ztEnCA+#pbE;Vk#^Q5?Tovs;%vLAaXlbipE>GQLz1TGO_^_578~TH0IBKDTA*Mj;BG zV#e!-x01=a!VLF(#0^2|U#e)N7q@2x*SS?#FEBa0orA1%ZGCmhZ^^=i1>ktAa^W|4 zbqQvC%aT{wXNRBYbyDY8%w&-9Q|s!2e?6k!Wh?k#c9iSdrAS;H~?XA zS4?)9F=3Ar)`sa4-SjU=xbpZ|g> z2|Si`o}y%Ox-2(XK}&u=J{2LwCuQboNgY_GkC*lZx+#n#od0Y5q`Wj!gT8xhQZXVs zx~#FsvM9!oSScX~OG82wZIGD&(G~wJ6odz%vrAL+)FfgjE!fNJ zR*Y#tv36_@BGaE1P>h{?h@I?m5IcCc1Qf@Ypu%c!F{%QiJuaHXi&O+ceqYs55xBiN zWC=PDI>$W#oV*{r9ff5HAjykxE6ho-HENZj93E?>bn>^AMdJYoidLnT)WxhDS3DLA z`Vg~N6^M_&(%r3gahi+^wKI26Jdu&eBL+P6^02#uG9P`}VaV$9dbf29@8}vbty6pp zUY3xxR4dw4tuJ9kRbw|uw-W}7?rpUT3*BMdi7+cF^X-%Q3KVhM@%5M(pZ2NPe@5#x z2I25`;n6SAW$IN^(uvISU_54HRn%BmRal;&fZ^%wa&ZDQU|C7dY+ITEGU$qL1+8qXI!K0}!iOD=tL4qeWH@d-uz4{i<@_`(f)Ke4|t91AalOQY)1 zR1eIx6x`i@bP0>wvLW#WXrcrhMb3Giax;pmCcZMSM9bOQzw=V&0hx96(Jeh>%xV}h z%+gy7Vdd#+7FIhOH;z{7H{6*F51!mesn zbyw!j+I@C*zfkj2Fg`v0XjMv)hacv}EA}FpAl4;uW;GtD8FVh}0J2j~+pQS$&??%u z?!Mu{6U7ebkW*JH~}V+Wr|mj>oPWHt`kG_jjV>Z0TSSyh$k zSIW^7zpAP%72J30^STV*E#rYn(MNhCYQwq4bZ*oc% z2E%!8y=u8U9n-))3TA!)yeFv8yxgjZDm%a@epOY})Fsz5pO=`mspG+WCPzMISzT&0 zI`qpbD_PppWk0OSp92_r7j(?VX}ZB7X4RG{Y*zU5+?Rt@%UHaCV7$+4SOT8V$1qAT zq^71ge`-3`T2M+4pRCNJb){8Klo3u5EV=Alif4pNR@$|+E4w{@(@?TD|K&6JR6l)2 zrM!3-)`_C$7};j6k+x--n|w+jXtJ2y;aSCeHtI4pZEZEL9akfC)|)9#6gV6AUG<`G z5@y@0LGL-;(k`*oR{9w~9TAo-(VgI)e%yCjNu%e;YZ<)RbAG-qg+anuxe!r&zTjr^ZEE#xkup zacREXd>W18S!#1s-P_X;XW#W>AgD&dn<9eETPZaH33~tPq{786dh@vgcE=4Sr_?uc zT(Pp^TVFk(&9T}CyM~diXO94=+gzE9CKv* z2Gqq&&2J)HS51Hg##6X&sLF_5HZ8VhLVpd8a;EBy;d0{ZP3ERT3&M71LL*Z+y)FFu z6z3d&rfC`HxN%ZS>n%7hh%2l}@_6m^XR8aXcacsoNmP7-Nw^E*Ha$X$QRpyq307ZL%3_Xa*CN|n13xSYaHoF$Z&{nXY{iYs97){N)z6sexf(%__Q#Y1 zS#>WlpX0#N=#O5Ps6KZS(*b4QQZbo&4pfBB0q$-Cf72Ubcj0Oi>;NX5)n^7fSV?ni z#)M&XJoK35p@+|=td zJ|pbbSk^BFAc}3%&=Lv=z;z-xp_r-0E`pybVJ$a}GQUv}DtGtUECwx%Q2=FqqrhUX zN{`WnDwQn;v_k%a4Ty^()*#WurUBA;(=~&e%28v!7&{NdnHboCm*~C!>{QN_y*%GI zEu9KdADmmI<2NI0I^Ntgs;$DE29T|(?bohz%;%LCddr#U{;nX-ZHP{GO29Hxe$CnsgZ)|;| z;APlPgDi{GYytJRs@H^xNXKnjDFD0!7&P|c3Q!8(*iO|qTK7Ccgl}1FRr=wP=~snP zZa6o80^k31WIQ5d1&>tb(#88Ks~9vHbboJUYQ>;dsOxjDw(iSz<` z55PQqi&{G8SBMOC-7m8W>86E~lIgBr{dsnQFBf)PaJp-EKm_D6RtydG zuZj%dmfwtgYoQ<=w`$Y;h{O=gWeB>1Y>}>;2P8hV;H7%r z&;_O*-PluE0Inzm(d|@-;vFksugEyU&MK2Qk&Kxdh&ss~mOg9zTh1qJ=3KSTgQ&<*7FYjb>A|_5oux%HCPb*2(%obW>)?*sY zYinSuC#mg@5Rf+`FKP>eLcII=4^>N89KX>(B1j16v@Suv$13fMh;TA`Y^mTq>=GEr z>c!U8Z{cQdYC4fP3#Zop&O&yRcfHs7(!{4fzy z%Cx$|Ac)#)5OVnEaEKnkd-__|)XM0fO5@Y6P|baCkHfGrYJFh*V!fLm59iM@n;qe; zjG3=uFcO~{y0JUCywtme)QVVBB7d!?j?1!3spsiH`s8YtYJo+A%?;373|Cb}L}Emw zDSlpV3Kvg`{U$o^qO z@hCfbx(CmY^rIi;=kS=3L%tmx8du{_CW6j7}<@?O_?+(^K?3yJT>hPXR_^Kv8t#jd#s!$e=|=mPH| zPBmYId-;Ekg>vcLJBxCrV7>6h*dPRllZ9~14xkO6Xco?eo~W<1y1cBc?sPL?2}jij zg`h_t%nQ@sw}vy;z=j6#&=9ReMHMlz&L<5vHBG`ZD4K0%!&sh7q*KRsWJ_t&m+Y2# zQlz6-R}|=s8P$~YrjoVlY#2jH*+5p}#Vi726r(Vv3?2v}wInR%_n# zJWqW^9(}*1&-t{ZFPYeGzLm5O^8JyqTXcqCXEG1yQJIKdFY2j_QgkSIu2EpX!eU#i47E6BwX{Ah zFX(t9jUIS*1739za=+|gL5S}EbU`j1|A&*xmi=n=LZg-s^zCx@+V`a50coiqu{zTV zpWP{mH@50bsAk+`6(#k05>mQ0u9Bj!3|d#78x1s%=;|$S>r(x~@nwtD9Nb!Jqnnyo zaWw>{!yqHi*HfIipJ`Q9RcV`s%2=I@X}sli&b@oCQuOHevkJ3@`kEyMf*>Nj9)WcF zEb}O;&~HT zNvVB>Fs~Vt1Xa{6hAOculhG;rBbgPk>6fY?PayIAeY*mIv~4(vyk=^c7A{EIM!9ps z#nf<-m7FZ+o9?|FIY3|T2~<(lwRQ^K6SWKI(>;L-I;(7I4n4AXbPrn-B>Xp zMNtxJ{D+fI&ov-_{l`=6!ttObG7J^mpI<_cWMn6ogYAHGg#wPI_xzJb(NJm&rKL<@ zV+d;4QCXNQb`jKAHnosbbuKX~kx>NRMQ7jq4Q_Jp`furpj{YPoIopS13{Sz%Ol7jf z%ZD*$V}Vs!&D?Pu!m(kJ57k|Su&~ntR&cX)?9HqqI)N9L>}`=4GDC+?Ru-M-ZK20Y zyTb^nH0T#k1QlHwMH_hsDR+NXu?$)*0YRA!Lq%-9@sIF92b0`}77teh&yzppc~zas zKsD=p2017zgg3;vLWHeqWa=IOW5Yzy`xy6A1W?_A-p;csqcXPN0FaRiy@{yBHPwjf zlqC@Tk!K3#9&+pru5*lS3I8n<#OCq`=4H&oI=6t0AJ252k?kxdxg#(7s(NSx3P+93wkp_*)rvsxm=>*_Z1EatLY4;!}kH@v-TM#BGCLuAO z@CYbdi5#{wRc+>&qBvV}6JW z#4_=e4XakRwIP06AM^t-L&N_p-t6wk;1mgxKyUo5vWPzUVolLS+zrPt;_(naG_sdH z0(6Jnz3ijV6B&xsseDQ-C#a>fu*U~sEe=yNH7yN?`pz)rOD0$F_~Z7+{}31Dha;K zq`<&x;a64NgyiKf))c0;Gk#WILhJ6ZX81KcY@%jDiMALfFp-MK)!+MDXT_M0(4&71 z6#5nUMrHng-HXsv7cOf=QF2Pi{$B;939K)nq{6ACMPq1)M00T3h_}ToA4^nQSbX&L zZe9;=3i>#>)}4GPP!Khkyh0g8;N-X}fKGmS@JakIX@H7y$oEC-czj=!8-$9cHR>}0 zB<~pN@_pXko!Jvv-QBx$dEWrC*2w$sS;#DbadC3h!w(y}@UVQ8`JGZRkzOPHy_W8~ zAg`odSH_JtNvW^nU+|FL9+7`QVMg@>=??jI`VdbU*XJ;@Gb4FGU%a6Jzv{KKyD_J| zpHV+o($YwJK_n)?y8x2Xfj3pj36LkS-f9D>g^868IE2gtEJfl%9PoyLg}`o=o2|0nE|CrI#Ye##^rT$ncdZV%%~Z}&B@=RyiG0KQO{M{d$8T@V6U;?s%ueF zZr{N^h=|xIn?JfHt!th%S>i=TVJ!AfAqZaz8eth{JUx`^kMCv$x=|>Gn^q}B&<+tG zPa84M3z!ESR04s|w29?E?Xpntk1_$3H%wK2UN%M7d9lk*`jp4^E@2jqrdI z4|M-;_FO8bw&dW1yim*(1spdY2oxmkr(+Lgm(zjastEyalSLnrs*jN*u3Rz3IP37AciG zuLLy)Xw@q=Zfu+0Sl^&?kGVaMdU)XD?x~t$>$%%TxnHO#is~^$bE89$h_GWYk%^J6 zQ?2*4ZX<-SCW}MTOz#@n)idAHH{3#wt*ErN>dM13uo(YIN3OuW0a4nkiZfY!=NKtK z7vF)zj;V4KZy4H(d?sBHQ4}#>NsW&Mg7llml5(l)<%*Pf2{w*5CZ0t*L;FnOz3AOl z6N`jlN|rZ7^&}L(egFLaY7x=Q+`|KR)hhtlIEbu`-N+5TmnJ_o6KrsI8ClK2`z=-b zp-2RdJpZJs!@(-r@e0E4D5x;F(^|%UJb3i zeZyecBZ%$Ux06W=4ix1s3m4J0-pbsl+w6j_zP^4a(YV^6)ziH*Vh#53qcXSI!|eW^ z0ptg-2a}7l07Z=;J1#4u)YX_S+$Up{y1iUAoXN8lyZO=BHzdB@`;gg$83m=8gIZ_| z8sI)z$-@(JQgt&_)$@>GG?Juy{nX)Q!Bmkxl^RzP@+o9hER|?b0QMMFvuAD6+cRS; zoT62W2oeGHM>K|Sa-X%pK42XNKuDuw2;YJQ3#waMmsbZY_kZ-=PZv&{yr64_GK*Yj zZ|&*Zw$qC_jn5IplH1;WxxI)Ef4Z=Qmb4U3n6>~K^)O~Xb?Bqs7AG8G}18PX8tzG3#NC?P-6xcbawAHlazJ&*AQLM*JBDr zAJ0fP=o237MS%dI6#z}ZPBJBB%)q~L(erO1(Q4b;IL|uonsimov6bDZ2H=olzeC1~ zR7a5xkgX=s1CZd})56*<4L@bTs8BE|~{syAy0 z7_7qwixpcSz|z)tzO^KPzL}2n4@wtI z2NH2Db_K3dUP)@>T|(oMJ{P_%Mr{Ksh?qycr(&+K1Dxd7GYDcf5~$?8bo-8ZlwaRL z@7HLH45Sgj>|G`JKSxZ(Fj3#6AQ6o7E`4A?@G0uL2c@L{oUQZ0o<59>$tfOjNNSAKOjb^I+>{I6c_WSE;)16 zLa#3%W<1UFA-g<#Usbkks}V&p+I}Dp{{RedV^H~7gA52@3vEnCXXh{qcMcB2HL4oh zGCJ6gJ;#=J<2RIkl`xxOj}cdjH@Vl>H#G6khtLuOjois;GlzDEZ|3y6p#YL3z*Jr^ zoBwYf7@lrcUYebw(C*N9BZdo`3iuhbn_UuqI$7~DVU-S)Rz1${njM%nYi?*dN-ub} z%Km=tPOeY=z~F%IEQRZPg{g6`5KpQV%L)Dl5fZSv3^els6OPl@Z%%83g^qeZ2&cbm z;@)~;dJF9%m=W{9iUnNZ8^reGz*e;4xv>#f6Lfb+LImRA!;U$w zgn7tZX9szgZFmxcn-E{kJ=MEr`1;YE?9Bx0x|%rwPX0UkP&@~gK(%S><-D5%u?_G8 zOMQN8s~P1@o6f7CjzPT(UoLfYMsSoE7^<0ls0Tp#`#T`=+K0fqJu#42*udPlfVFd# zc!Em2LS=T$o8g*%0XG-EZla4Y1j(nedY7+rhkq2u)`mLd##Rq^bo<9ZqNgzggw+)I zCwf(0(X-SPefAGtVRk6{P*}r+r*Zv7)(V7Glbbkxlw9k>&1-y(=+lw-mrL`1VSUsy z)*Tt-cc?47y1K&G%~o2@^*jrU8QRKDiQ4im>|ymTJkC|`647d^If0JX=M~VwJM-cK zAv_}i$|mbX!3mY!-N45tegIn#0`BtyrP0A5afmHo2t?nZ2r%MmVr{H?6I2@yM5uZ; zPzY2cEqTM^m_MuC-ncB*>5)OezHX9T9r!2iuV3%Q<7J9VBG zHa$fhmEQLwA*b00zD)K9^8dc2o^j38wAx zvB6Pa)o5?kX!l;pNkFO_3P?5|KlhLFyDobbjA5*O9YZ6&dh^FTmB9|EkPEni)i1bl zRgaU=B35>!3K~6DBUW|!(XSY7ch5kTufIx)3p|va9f9G!QZ^CX^#I#q`{s!hB}S;E z{eAwutkja6m&8Q-%^pU3_X;co)_nUwJ=2VN`^PPs>PN74b#)%q39fxI&ujK_d3~o3 zYwD}ITuQIlGohTVhiY~|OJ!9ZU66J5^oQmv1`C%0e+T4pvmLl+>;)c1nvaQ@f!S z8(4Xlzk9T|e(oH>Mw`$ogyyi?sLa^P8Y0xE3`Ytr)rRoWd_GoWHMUTd3NL{P+^R(Z>bRrAF-M;-1b86;i1ewpyTDBN}L5_xxXjCF}W;nsZf{UJ`qBb%f(Ot zXL>ZMHb2x1)PU04MECRv-)A)x-P0#N&3Aw>+ZfoMv5;$ZHrUSZaP`7CEf&(H)^x=n zyG%*vQC?l4opQ0FzC$cA_lmjlc+CZ*?3ZG51FAu5YgEM$1YZlN)gbp2E(84eSq}tCLzzS$xc`M5ZM4ZE(7pyXuYH(Bw_rKn}^(dMrtT0uYTbT2_%4j+rd zPR>>~Al3YBs*J^mlxy#Y7*d7q8PVApVEl~GNJfnwr8hv4@UcGcQJWR)ZDqkY z8U{{u=+lU#^4=7;6A!I%5NMlf-zzr)p4H|engf*f2?^KY?hWrg;L*#@{Sq572f!*$ z39$7Rz>2M6$Ok$N+prSTZpcmWnYXtruD6jEv|jy z@f1xyp0Y^fv}{_^(z>d3Q)?seavi3n+#>1iEL>}Uj^X9lv7R2ESShol&F71Wg)9*A!P9j*^HO#p9!NF)z3h$f*$rz*dblzE zf|-l!NH;LXUSpluBMybx2Ya2_2v!ICE22F}NyFw5hvUob3q#yuzDsB|XF8{;(ek)$ zxeTe`eblipR zLB0#wX8X;hm6va*aGI?^8%@i|bEewLi3A$^gR3Zm2O@@J)pa>I&9d6buITb3W%-8} zR^$}Pv4^s40V6n!)LhX{)8MFZ;|^s?*Ti9Q9SlL=25_w`B9q?Qkm?RSUsj-KnU7-z zRoMy)w+uFSnf79AHkQ5(+X`)=+0QYhn#j(>>vVPi;T9Kv zrmQeQER2_S3>23xlNWtii_BL+1i=R9Cg(WT)#D!?VXLy4U8B3?V+M$M8=b>`>N z55MHd$ch{m-P06Pvp@UUgL1;h@6O2EttFMO-TMa&-5Sf+2QE!3E3A?27aImeh;gR#ADuoGTD zR%a8A+&<1lIyFo!anO^Cvr_xmDT}9v=efH5-SE`I{#s)c{=Me>1Z+!*rpqb}uB3uz zDA2qunfZyZb@A0~uc4t6ak=mzHhbdA90jz3{Rpv$CLcAfvaJAnN0^2oc7bRcSO(=i z`)*SixPvxbVmS+%_36z131QVTf za9UNGy=+3f&WF~f4X5WYiE1Yku z2^wL2(aG2hXOh_}Wj_(0kE0~}U@^`XjweJJB;An`fhsG3%c>`QF~odjS@zVGu`ifK zlY#;tFj+zFy7@H|ZAr8iD!{8Gwp_d#9GQ!ePK`nlp?xBA&awfPHRu znkh%jPhg#+w4j_bco_f*z7F9PXifqH5NjY0Enr+CXNd;ss@9nN+a~|fxm|6MIpcN} zy+b84QV=Xi4-}VTHCGKZ3x6sl|A}%aC7YElM9gT2!(khWSc@g1h0xxed(h1z!!x4~ zyh)AlpEPhfvohI{C(rxXfdBF_P({^)K`hn=&T|F83Gm$ALKlF+VO#omtq{Tke{1ww z2tQJ_AeT%~kal2Sy|$L`UE%gmlqzlAv;D)2@>mpMy+qW?QEH2mSZz+lTr55eLYKfz zB2nho=ru#VLpl}QR$fafyR;ITotjmd%=eqym#uGYq4qsmdD_~>h6@{8+SfO&-E2_S zXW&pT8)4iI?Sz22<@nLWqm{RH#6og65|*G9V^ty-Y8@0HAr}W=WVOIRCR?xp7b8iv zDMHwiALQ;YE~A&9$jqgazsgALnW)`RL(Hv(P_nfs;Ldp}f)q<&M;6xGV$ap77aK|L z8!Mf7AV97eZy!IVD@!o6#KPhYl7cB|F2rV0vey98P!TQ~8OM_!{$yfq2f4{cn4~=2>yN zL|t1Ex_oZ(WJOOA9YN27oAN?IxwfQI5SfA zIe4rrj~@MQneF}NvkO3UU{z(^-#di27gV_2k%F9cyLq`H(ITAcf^o?aLkAnmAwK>u z$aDxK2P`{IYQmwggv0Pmz^@>iGPQ7^Tgrzl7mb(X0{=`&POv}ns0lttkrxbAUy2}j z;nDIWRd>Rlp64fz>Nwdg5GlKbPAao2_P)a9CUd(P`7`?OFU!ysdW_9&(7`_h63 z^z3>H30I*_ic;Oy2`+7emyOsfQ@V+k8LG>s5ngIs4U*6z&WJ@=WhghvEKJaeP(ntL zoZs>DQ6ct2FI zj3NbaL+}nYAdsnIVFrATC{N*#>-}=4EjSq+d7)y)KSD^$CnTiu3aucc^DHtd6aUAE zXcJg%PzcL*Tf1#MJ%Pgv;=H=NHB*fGdj8wyZ8Nl5R!Bt>5xS_iSgV&LN-$3fEo;Iw z>>Ghm4{#$JjLe#jETI_N5~gGln}+>^;x#-PEFZ~ksV~FxYNEH0rYzJ2Mrn-%nzs$p zlATm`A|(}8kbUB^wls>#3am4M!bS#QgQ(3DAE$gWb@Uu(A$*_c(4Wfl3d1!wHc5tn z5A#dSo><4CrnF9U#0x_6>s$q8vIu`;^yAC4qfAz)jNz(v&2Z78mz}wRafQ)e2P)UgC&x_7Czo}Ye5%Ee6CM$14cBQk<(Xrm_= zr5D9i1&=S)j>d>5B2uH|KHjJe#8C51S`FQ{Qd>&JtF$##^>BtWz6%~`UV4AMRvi4- zRodM#wEbd7I<>CR2Iv!?OGwR<=2&#SxCdTj17144M*9eTu1T9qxr=kNba-vCmeR_H z;*%3tP6uh+g@Z1}OpCsnn?FTK&^@C=!iPeAvJdDk_y@@ta~$3V;bUFvv{BJb@Qrm^ zaZKXkuHOE^Zf`Jsy|zAvN^dJoqLbfENT$AKEuHo^YkDk)D*tS=wvDb#PA$w8+_rj| zgi(AWn`-FoHCoMFs9;8Y;<)n#Fri}Z_QUQISsKzkR#+`LN*HveQ>&y~nzU4Rs0~JC zoEcG=+|C#WRaLoisQEwB;_1E(S}{GfL8}tuY-`a9gK-gt}z|ArjN#*-AgX-T*$)VFfNJyZjR_&u%a+}nEaK3|UHfgCbWoqeooKe<}hAz}x zn4C~B4&(jGoj$7Bs+E!ZVr?xwaItm)IWN>^(kC`+S?6l%YnuVL&tHsFBC1?=iI!S^ z_TCLT^#V-KZ~dw`r9!}s96c5XK*Vb_*55J0oel14B+lRp>$@SLw2F;Lo2i@C7rnGyponxFf5o?uQmuLRQ~{jm^j^4)X|}R z(>7~Wj_NzL7Sm{WbEj4Z*QjSYwRS$psWhbv*lo>s9QoAN1!VW}E9~WKRT5!A5=d3td_ay@q@E^i(%$pYmyWF;(=tZXB!J0&Q~eBA@1u z5l`u0v~N(mkRCYg&Pin5BVJRb%hOYGT~NN64e^PG-p@a@Y}mik zx7G*S->{dm2DJh_HxQX_>ywQlq0fflVKiigS7jaybpa^WAc3%1O${zf&0xYR<_y=G zHCPwI-mvgY;pw7c2Ry$*BC1pZLuMBCc&toEC)~ZqMkQWT&Mrf{^YhY$D%~td{vpj% z!D=$ERfBmiGpK;92y$`r5Vri^hqM{=k;}F0DdPuYnlJdwuV<osOHYm28Cm>?Ga^)AJcXR3wLUh zCmr@_@#L<+v0t@Y%Z_8U1Xb_Ws%g@+Bu8*`w^kJ65(1TSTTHfks)@ElRqp zo{qF?4*KBP^dwqvrz4pz+l%R4vNAQD$}ZJ%sqHeH?9_cg=Zx$qYpYgBp1s=be_vlG z_iDouE6#f}C7bp(6=%}oCB^Y6j2NWAMQ`oHntgho*5ELeND?pNLgO@p{&SzUFr#^8 zbNi-^Yuj6vu54V_NQYi@yQZ_zTp&kKYyhEBMWb2v)&_`l^+LIbj9$NQxMR4hcaK3Q z_G3Hhb5c_%;Yw}#GN!`)L(4(*0N#tO_N)q_R!x(nh=`oP=5-W!40spD#`=PSRP+VdftR#P+HWk~)gQEKqV~VKxf#kSCF>Wys$$?rMLyujp z<;IB>c;#xq$eX{bC@2~oTm|IJUM4072jJrAxoK;wHnnM7*j1ZHDX$XFDbAqyWd%M~ zoEP^L^6?Ty*m&upzkO75ge-mrd9Mu-;eFR?Wo4ll%9i{9k1sqHH#)+W?B?HU<*9?a zF<|Tf1IGs+1Kw$)!t1n|smc)%pwq^Wq2x{FLXbN;7{j-Z@HG;(bu9bJt>ZI@(YDd$ z*8vgS_AN&aJ@e(|1=kdz zwy5D_$whQ&Us*aetx8P1kb|!<-NH0^i5St~(Nile^cxo3kv$_Ko*SS2cAOC5d?2MQE1=eE_fS8ttK>qlX|8h=WK zwi})Ic8tI`f26l#`mEX9l03_&z8+IPl^ca?Bmcwa5G20?-p9Ovyd-LLV$FTjuq@S? zF7-ZYp{ab10b|qxPij1f(7+%)y}*-?_Z@|92xYYXk?oi!)=VCvu=cn!A(PtH03#os zDg$Un&6Aq{aYGAhDgXyzK3^vjcn}m`G&j*Hg3#w zf!c^pcH75P6-S&i}9|z4GLRHRA5wlK zH~gi`26puA=o(e^q(U+BsmoAcwsQHxtUT;}dj!2*&X)&=&6;>Cn!fRDSy_?UqRsB9 zlF0pCgujzl4c9_cVFpv2J;rsoJlDm}ffm^hPxKEg^9>1XhX9=R(jB|a4CbCz!Rvcn z!^L4mpvmeR6YqgA1qke6>}P9%F@ufO4bK}KZ8}RfGc_G>2*W%CafxhsPz2fwFM;U2 zw$Ax#*+kWaE8ql8s(ZGNGskS;nj)!W028~AE&$L2Y!W{E=&(E~^w%?WX?9VhufvjokO7%l1 zUKz`n^uQY~FAd#Z88=Oy1oI-4IvBPAhmHzIhQz6%X~QnD4vs0}AedEo|Lijr-@JtU z!&*GY>?U=9ta|F()+fMDG%ae&-=PNbmZ~FWHXx52)xM||B#B#wI9;LQCFn1*2HKZN z^wf)5aVmR2s3M_yQ(E{Ontg~vX&a$=NHzXptF%n`>WY&Og(`p8Dw(HOWP~bBUoKCs z*_S%Vwu+&n&3qtEd8o3hMVKY|c-tzd)2`uPaw7t>08N9Bve^laeHdJdZ(eWy5o$gU zt7oriC9h`r+Ht6IQqVy~K(sj!9mGmFpiRSaBXLkB3C}egjH?+V`|9`r0?3 zC%Eq$+A>;^=b4$)xEm6;5YTYxL;R!$a#T>(bI|DR`KDGL--75+eQIizPA9`fYFjyo7%GnwINE#T3@% zBRAxxiEkiU$^X#K7qrPVzg!M@61DHE)199m^`b%Vmm#Z2(oF8XGZF zBs}4fPia2@Zb9$3wb2hQ2P43(9R6j6R>dFy!ZNg_?6z~v-`CCSp^CzUKG;v|9>__I z<3ZDcpKA!5hhRMmamn4QS4)H}o~=Po+?JUGd?(PYj%ce~)HIBPVLxCaacXewfRvM)nuZ=zT2 zF;~L2ngVxXr+_FR&9DeBBT$Mt3bf4IaE=Oa992bd%0-LnMqzkWKK~=*`@+^)^@jwi z`LNXj3l(-jR9ChiL=0JA=kfi@Nl9!S-lM?G6IGCy8V5wfC507`DP0TTxT+fCqgTBU zs2oH>K(klhjv~_W@hpXQvmSxBhZ|)yjq_k#zEo{9+Qy-a(pRI^86)#^cGku53OqSjn?-g_{>UgK zm0|RV&Go(rfD3+SPuI1rv3RQ>WA@EuYTFJceS%82&^;wd)t-HWu`{2&OIk?5U z+lS3#M|AZ@Si9xjZ|;;RlE7uyf8&>0S*bX777msJ!RkmfPwscK95m?{+Df|RO)a6+ zWa`9%2_26G<_bdS_%ES#?|)OobsATdzV#EWik{dU??_Z!0lodp%G@GB-y#kjqcJ>^F|9tP zEZL$O@F|jI!gz`Ta#<5!V(IzIr5pS?4D85jW@c3n@atKOQ(biAn&cwf z>;!cR$EOrn=`KnYXcQ|BBt=cPX6I4gt6EYlQt7cj$K?f>=qW0M64-tnO^@o>VxgHs z@b7*QGp{(Zp*tp`QDH3i3)evY7H0zXE~e)p&ch<8Qi}y(lqa7HV$y+;6}W?@?l#CY z$XhZE*&}EO0~7{JAzgvBpRj{*)kg<6BIwO-sVJBCX;}F$Fpn&Z{$&x_IG{vaRTRC5 z+ZQSqXh-B#F9aI}zYNf9^$lGeBCF#DMqkHvOatpz%ZtZazS^yLybT+M=sTezN?&KD z28Ksh5AJ|{QBV#PM)Q1qStJ7MaVxy`@-T$@Y#iuTJ@U<_uyom;Z9)>`40Ov3IRI?= z5YHnZyO6KU+0m2&G|dmgK%D@K!C?z3%uKb2<{AQT!E7ft7B>PxOAs;%;lg(^&S1zA z;}pwN4O0i!TK5~kX=ks*u%+sVp9Tz5>O{!CU=0U`1fs!lA7IR5pN9fq1GmhfVO=PW zNdzmP=$D1~BzjU8P^6r}uO5aSpg86g=;)tuA@T1!L0n%3?T{ykzt44oM4A8n6J$R> zBO5OjN6ZFpj6UVY;3RL9xgX;E;DBv!7xAbh#;f7mLAe1OsTx3OI4rxvAzz*d-ha!- zS`NfKw7O_PLcW(j!a&7@>S!PzFfp$M-)d%m2h5)v};V0fTs1J0#_6mbUn<3!ayfLM7*S+ z&tIV9DTP2-o4N==?5fslz`mH3TS52`J>77z*ixf+@s5dbm-FPC4EjRRQnZGqMsKJ( z)KDP2B_7fQ4UHdAw6VA+91A8DrHPqxJ|C`A+VC^Yxd6VS{5skMBaYsk>`mNHz9FNK zo*FGnO7(>#A_)?fCMX0FQW?aKaS~JU_lE%q4dO2Io-%}!h(zr5vdSYsrmt`iq_&;<7xxkIk%ezfkYu4BNUgTF0>TdmpN#DEvE%c2PZE@Gq% zA?F2VvTFu2QIA2?m=}nE&nQr3))Untdx{D~<_JX%gnB@LdUNK0EbiTEhA#P;mRdC- ze1x@xN(>Gg{xiLJlOT+y7_(IJ^LC0Tm}H;|B|%8GRz%Y=E17T%QmHuV{Rmo?Qc)G9 z>_i>Rqtn-?ROX5rkz$$v&|FidlLQ%H#rzD#Oe=GeE8XLXV-*`6e5Euu(KOr~nN#Ve zlf7kec_B5rU8hbRPr8f5v+YTyx||xm0nIUMot@FN&NBPHvdZ{uR+^idN}+e54Hb@p zY_NPytYtQ{aD%GCQJlxgN=ISkfGuBF;V9wf;1is}B4cK$sfrfiEz4DTP1q!376DJ9 zl0+#wn4cS$3FK)N04Am83P&NG&P$8S#L=*Fa86_nFO4&rVplE_dlY0b(o4(IKh}dEgfqy?fs@! z8lhudZr8CgFDL(#cOoK&8mVwy4tdao>N6$S)JvCCW+m&LBM2CQEIL%Jm84oaYlM#Y z-S51`8t?dY9S|!!9Dq&f}#*0=p0Tn~6#{DQLSs=)n zRx3JiI;M2lhd9>28zII(N#}wSpc4?q>)E<%CuI!aIzyYOAl3IFoF9K;!KCD@=s(vl zD@R?BE8JTFIO(31t+-2RC+(sWxcO)kVc-$`KH<5PeOl5_$Tq9J3k_N?H(*;dzZA~eRP(l=%N(ggf2P+n|y%(*$d&KF%fXn8o;%n8d|grhP7v@$CC}@s#x)EV)$13m4hYm3Fu_S zOms2S9O~Zvx)GB?mb=3;b%Zgk^K*AtF)(I3`KHeTo&e4aIoy3%ZwJ$O^iM`$5koys z1h#!(EQG-R@8FdPB(Ntc5@56vfq)toM=i;CC8Ffg=p`AkWQQY`*2Vt_W?>mhXA)t9 zUm5FDCNL12NX6ypt@ZS@wGD*I+A)h&!J${%l#?)bO|RCe<7jN@g%+LgvY}ULI_=bE zQ`4%8?M9W^sX|T7syrTc-`JDJB2=Xw8Pa zs)sH7Wnwo=`ykO52xUmU_CJZgZ0Kw8hecm_EA@Yb_oByAJ!#aO?unn0k|OyhTUU{& z$K;zj{>@z=%+HhH5tIIN?RTWVo0T52LD1@7Xwb$=E30XcWfdsvSyi%WOP%kcSAL-St7vX zu%+kkH)4EpPL4ycj&V9-6bY^|&3>BPIZ3I>OQ6#DMd@ELgNNiBiy z`!X&gF1wLkjJ|?vMxVVhCWD^2Gckd_IGkFVtu!|3<`NJ9T@lo-;%gaF4a6uxD6^^I zX{{)6!2;k)T&6hnZ(6Z=lj%SIO>^NUle<4>IxT(@wxJ&eaUrPr$7ONJFqOl)i8g{a zJfUU8(0~8VU1Rz{q*`NK6LdeNQA~xpdJ($NEX-S>Ph7Nk?rYjzNv2hdUVmK6FEGEr zFH7x{nv1wj9@d$U&`%ZZdPX}O%s-|*8MA((y4c=OmZg|D=lJNox8CH|$Xk5oDjZ>mg64{Mwn(v3!1cc(i!u|s-p(zLHQ zwQ5ypl^L4{w~k~sWOc~GBm7FLbof>mX+1fr0FuqJbZBvT**p&2rMKWoPF$4i!HnQr ziI-Y&X%gxVRY&NISjhH@IDje@*D*e5)O4u^IJ&no&l;jT*)x}peH{)zFMZvmuKj-Q zxU1086PPYO^vu__^i}7#=yEGLfCI!_z77E|&=0rtczqN9N%VF0)+~%B7gcUFb?hiB z6`Bv8TiVL=8@3?EN(b|g0Zc|1z(754%3aB4q(+IksuNStmGd0mJ%f}Z0?JOr!dLz7 zcU+0I&(O+i8sxO2LDzU~lDMbsp~NFDC*8KVJof?x9`G?2o#Po1;ai}9t6l(>N~>OY z8J-pqP^F-W79TJY>CxZ1+EQ1nUB3j0)5Vrh;M-Gb$d!?n7%x~0 zI+=n?HZ0H3ft^WEFyP9@H2!3?tzH_I^hvz>jdp|?BxK|jW$D;o6QVFJ7t_fo5acst;#rw)isQ;rCsT6#(G9y(~XQQafO0(Pg zDEsZ=TnERlmnAG4AWgd>wIt0h;nCa2+|FFpnm^1oN!fc-i|OFS>51@qcRSKmA*n8r znRTtnab65TN_xB$3Yn|2rg=%u?dY#v-YLq)BvQs#u;&t&Pvncau!qvYR3pDkZCuE! zYTTGg<9IPe=~B6&6BWMvB3J1wOh%g274elm$^uA4ZFjWVbklQ&=F!Et5RYY`O&@i2 z`dsk59~fa_K?cL!j&an`nJ;AI(wVOGQW_dfijOsCvg+(Jk!E50T0+XUf5NXqneZ** zyUO68U8 z@4_E85Kt*h^30Nl_Qe#0fZl3=lg9zP)5_j(OJXq{JCKx6j$Kt!RtQNbJsxi_H8@L( zGs4aBbm(N-WMaUc77eg%gX9y90Jwr7mdSLcPx@77O|}DalsO{8E}sC3Iax6!Kirwa z8Z$M#>~zqH%X1RaRIfnNdvUAsdS|{!P7ftRlR_PrB^M`IU{Ui&xbnRH-&*c!sYw=t z5HcPXIJ9;3^=6H*neY{RzR}$^y4HvH4+pj{8yu~2aeK~kjKZdG6#lE?C@9Yl3m_N$ zJpic=6(VKGtCLYRIf4KLECL|wM8e#7+~3mLu(7p$`PzmRSOR?;_-l#%8=IC{shX9# zWc{WlD0??^*(H#{p^tdGAl{64g{?mu$9D zM@E%zOhjn_9b4-oQblRurV^2X;xd^!-Y9m{Tk)y!kOc&>frK$X$5Wi=-Qw>b**(^< zY}3{$X2>Ie-ku!K3TFy?#9<&(>43)AefX6ePZjinkn6mFH<=|%LFcXSS1Bm0%6P|> zG3;eno2gDA6FWw+Uh}eaKY}Sifr@D9)7byGf6H`y@&$K@Idz-Ts@yB!BQwCk0u(!e z$H7Gq`wnW_S=VWfhh{ugU=}Sg~qlTLE+U zzziH&HhipDKRb>D#<#jMfj4?b=73O&PlQ#-I<8_s5R&P_-m=`IT=!78DBnZ*}Pohu^_c=9I1K<_=CaR+JdUa(n{jkoRlcNkQE+#ngHyyjoRZLg)xUxiOokZ0OE&7VPFdrwzzQ3wU z6+Qj9JCD3oa16aFH?4G5i;27x`r!SsQMnMfp;zmJIzI2x53kFLOH{Qf`?kc~B(o_x zl9g6Evr)P4F%F1m)r12$Oo%%v0#9%m(Qq;rOjhP*or$WnXmySluk`Yh;}O3jM=XKf z95TMB`Lg6fzIc;m4VzORd$TeZ@sG`8BD$E3zD0c?U-iq@yqSdMwT(Tj2Q_}P{RCNs zVt$=nM7PvTO$>O(S!O%(|jYIVP%&$j`!i2FC{K+0HFnmB-w0d4#N_5SdjM7{-Pnbi`dC_xFnPUF;lfwtzzm zIu?!>=txg_k$&YC`RZC*Tg{b>y48pxkqFBMg%p_V$fB!$92-w3zo$6^!u`&M#01s= zK!f1a*V_;t-^wrvkVP|a<(r zxLyDZYBF9q8w&^8<`OVRE~qJ+3RGE>J7HmF+?1-Pi{j@T6xIhcI&%7Uzz)dn&NBOI z1kyO)Va-5)SgLdF2oFoGS7A6jF>tGmBUW*(4xx6y-ubD6E@TcGtCBPY8LgmxDCoq%B)~PCQ0~hq=yk~y8K{jNxEGq_i>UWPVyI1o@A`G`LDEm@hf=bn_7Gfz4|O-a$VJcKpPFuA!O3t z=MZP`9{%%-=QIyq??Y%0dHY(i(l8bX?;-5%_)K+2B5GcbbmNJdC%ls)?niTfIf&W8 z{+6~Z+W#$trTf;mv>ER4{j-0ay=?Zkwfrb^P{w;(NxnNCn&499$rN?0N?XU3*{Wr$ z2~dx`;*i8_tN(>6DK}Kx1D%15!VL& zqsydEry2o5@`PxIxgJ}hD8Knyx!k1`U6q4af*|MWqbfx=2QJgiFJu6fiNFPEB1hZ| zs7j%?D>O$MJXEZako%~kbQZ2YErIbxr3!BHpSJ=t&#?lKi+pC+En?K*0BFN-nS+M9 z6XO!(sHou(#FB%HGm>a%(3L)2s*LfR7hg~Lr|wv8)bY~6SCeuri^JOq?tH52&#AOb z4AT8fuKsc^}?!<)T@I4Z&ZmpH}&z*9XIU*C_ z=zu$|kWQWg+Bj#-t~_ z)xUv8cIP|jl9#nbCIe*!EnLPyq}WG_9Yt|mdfWf;ZP@1_>rDvt2Rnj z4TpEI50As6szqW5!PvBKB2oBSo_ zMfVz6;D8kN6Aq5*gC`&-Dl=_(i0?L9;b-{DgK1tfXTt&>JP3trW`jw`RJ*oz*fD4X zc5?dpYaj_Tu6I?&vP=JtpCWqhFQ;c_$S5t_{xvZnh)^vXCq?mgxj6_YmZI4IgN`b5 z*G|d~gsp&DiIA*fqIgE3=F+KE5-WqpO8f9MvI?XlrRGqi9K<{k7s`a=4wMcuUvkPS zE3i&n3XnN6l8(HCrY;7kI*Kb-l?3;0HYd=(nPGbWo1{T~t89}gHmib(4hVn$Q1!?n z;Cjs@Rj5Vy|EmrJXRk7r3HN_X74cf zU7YptMQoBPMDNHVwO(!}$*?SBOo^(f`j23E*s_)=Eo)UY^hfQ9Bon7m z^*h?yIw3L$EX;V0uRe=dAYC0CuYe>}=8h?z>qKLBJmt~3tqkh@VN&`XA9yxd3vpqL=Oy~)O1!i>W0Gep zEqU3QL-$Pbylb_R89Wv1>4>57FX)MMdMDH(+u}XV^zx2$2mK`8v&3r2o#1(D!9=oJ zcxXMK0v{h=D{Rh(Gn>;DIN@H?pJ{w!rVmqF11mk~)hbVQYbPwzfKwTIJi_h=JsyuH zdMYEQS&EmF66n)SIR&wJu%3?W&UH}v%Snl8!r6^i0xi(d7t-N-xj8XmGETMW@;rd0 zwUChF8=56|>FQV#;6O*ReDh&H}!Lwn4D!{HZEtp;!+cMTk1M@xkiE1Y(du~oi zqTH1M>R3{lm#T7jZggNMCQnjq)i)ZF2;B@o&Xd4Oo5QwN2ODW)tklK`Y=ZWoY7Ye@ z=N3d@c(uS`n+Q%SU>-Yf+m5mtM<{mjPTL9WZ#{AD*U3_H6BkBMSjz^xvn`vRcSg+r_!$zJmmt7<$=wB&ln3h?aNoKZEQi0V6ACUqNg({ zJbK_a5lbFl{YMG*@dvFw&3OvoRfc4fFT z>EALum6A;UKEqRF5u?;hkns}_l$BcqH!-*)(~}M2I;$*~Zpreb29IQUvSMI^O~<`zi{Wk*@d%^dDRi|Ymi{r61H#xBCA*> z=5xYA#2==m4$mI?#q}v=RG#WdisL>_!$X2?jwNW@M2d34uaS zODOYHq32`tNRg)?Qy%r{G-Wvf{u{0 z%rlEN&MwbS5+{=n>apz}XS_I^;+*D-6U=>?@FKyRmX&z|#o~kjAKD_v!AFrXyBAJ$ z4zODwl zaXBTH9Ewft>cLpvfP=Xg|{B^IVl$Lru-pJgiRqpc0j9rGOTm)Es)$mM@W4Vrw z7#X#6-;V$>k4^D((4CG7o4P5E$v9m#)dRK2RCJbKh0eUIJlXcwwHo8*OTTa6%Jbtl zP1o)7yQQ!%Gly0^=t`@VFlDm~b^1rcWHBgyq+42FN2jlkV!FzTQbg2k5p<0%@4^e$ z&2y8}sP0;KvM!s$9*dY)V3HIywbG%u1z$-=hv6z5?zS8+oW<#_?-f@FKWYShm7e9Y z3SUX)MulTFcv0p~so_MiMps=?nxK1u#fQd(hlA2y_(r-qhJ4~i97o=g`JzUK3W}p@ z(B6UE!Z`jQ*HK4VxrobxWngwx4WAc9>T)~%99^|4d6Zv%d0E&z;#e`rHX zqH~s5EE$zZ{1kR1_J7^Y2YKpL)vheI1#dZGZMU+gO(~tsOUtSPUki92wmZpKV~}QZ zH3yWTX(u6xakXkOQA|AA&}B8bDzFQWbaB1fWZV#!-P6&FQ*+b9Mnsp-cUHhTC?z?5 zt=Rpqxho3;qKJ9vT4KQcZX4LwHoUKGz+ev`IyL0XrMf%HlM~nj1qmmMraIG2o>R<#j+AR< zYo>3NCJ6haa4>ka(H*1*D7w1vDkeWs!`iVfTu_l2rhZh;6j!Y1<|!qG^w`YAq_;IC`aoLDEJ{5Em*Q8i zg9)8)5zvxn9r+%<8O=Mawnx7GY;M-}F~Aanh)_%bSF=_fN=u_lDx6NfnwgL(1J0Up z8VqWGt+I%&%-4$Xz6f91H0dIwT*zU#*9Tdb53fY_AEnNaJ4-sVA!uIme@H0tubo`;xVydmr zjIY3ANEcjfkl7Ege4~RfH$aEWft%O2AY_L72e@tf%tblzRfB*?y=%{Q=w0MHC#px= z3dpU*0g0^E-7$QYY7#KQss%)E2n{n)R{#TnE_e@=8|3IP?!@EuK_2H>dQ;mZYLA}+ zLoSa*ONNM0_8S;!%jS9Z=L*#W=LC1^$nhn$X}^T%(U-Wzdo_lOuKZM`Acu~ zTq|q5+vwTNzy6K?ETJ1$Kumpfg{Pk0S>fpo{?|&+?Q!(vM$ZNDg7=~$%`jHfG|d9!+LHAC^s7t+vX#tzI`?c^tLX3$}V(wqE16 z4|fdp+VZoS?cLJ)W?Q=nc$L+bTVWgRuk9HnG;kqi5Sq)UE)4H``zFW*mv8}=CkLZuby@!g#Sh)6yD9A^kiNM$>A`^3fnJ#sRkownayw%*hbuFryM9ByEtNOojF#?q+=lWu5Zo(%KjFl;90F>z|3C zx`X38a%NswSjS&!?GR>4Nn;>Yz&Qvny;@VE};TIW~vee}jx^lj7;)NASFyLjPw&5wjMK7l}p3@V8_k2~aO;)QAJaJrqGbWWGl{ZT7=%Z5$%JPFh z`i6cuIXLj5UNDJ1_L4p;__dex^hq@IraPI20(vgJ_X)3)zVl^oDfK<(&5VT`F&(-~ zchW77;nKB+BZ3o9QzL%KM@iJF*)myXnt5>MqIYl7m(#P4dy8oE&A=xar@Z;%kWAWH zMaLiameE5u>r=AZ&85ej#N2{kJEd=o3ugaNpLJURCzdvSv-y**c%J0CLr|*;rhs*+>kl(kO-=CD< zx0&CclHa$R-*?IHJIwF9<@aIp`yTmC=J&nw`#$jYFhn*^kA>>&V8^NZeiT6_|~^X8X| zb7)`;+Q)le1HygpqA4lV@tD_{Q3Lz>1_kUD=S5J(FME?1i0kNwH|a$S|1mlt z=TLgen?wJ8lU|a?)IsaS|3DjBb)$j^ys{ma(25|86hckYTJ!5FWNw^k#aBim00SOaRh=A&j0`SyDg`WExM>#fM9?XfVrItmru3y`?jL4Gh;- zBaU9pGFEY!?BJ|yBQ1u$H59IRTogx`bRs>OZe-HwBIDy!b<~lU&wPk@Kdk`|TnJi< z=Q*Ip{CSDd!>@SfZ?;LZUTC0w13SGsv+he)HQ`b$zlTuo3Vj1TL31@CIA4ME+7M{f zKY(|JqK;A@h1K0wo6C-uqHQGX12)NFuGwXyCL| zy1LBp&_iX$5_+%9D9Movt471Fi1rm)TW%aOmtJ9H@lbhwg%Ia3Y-z0)`ar$9n!QCV zU_MiBJWTiI7)5m2WvooX!@PL?dbElbx(zoTl}D^zh(B1r*>!Yaz0;9wZ83e)ZA{Bx z^e;&UD`Dt6Zll~Gl@#bju|F&loGv$9w4=fZ%;SrCP%YHJO3eC+O{4z4k@|WmyRx0dC2fgDYvLq4}k^yhb6dHH_)>A6^6_VZ|W@ z4fwskWEjPz8XKxLW@;iT;{zvw_M%B`z1>S@hq$};IwRmQiK3k>HJ!MG#8w0H!76&(k&=BvIn;xmc_V2AV zR@vM6*&#goRrZt0@JDEi>Wpg&q};G{<))@J?JcV=VH?b}*)uMfNewrq71LYGE0bae zhey=aq2FXD#_^pAIHkjHsdk!?Mt9w5z#03FR5$ILW+c<3Cvmy+#5ChOiQWDYw!%`w zA1XZoZFF=G`}hI54q3m%s2T0blIw+T&;}-|4n|~NbW|x=ZK>E&ZP`kw6sv@6yWA%m zw-pTQl#VCDxEGjVl+eTPBsgjBOry3)p;pzEy*!nN^zF{nwz$4Sj9$%HvumIRGu5(x2F z_jA{oq z%(9^=08{714sKHKsw`Mhz>$fDc|yYKDH3H~Sr5xos2sSQb?9h8!HZaC8kuh_fKYjK zzA-(9mR>%kkg66M#lqY}u>p9w_bfEDS)LI{|$+fu5i4SOgM{BGnYP*m&-|4`vbNFEO0wIGtPN zQ2{Mex-~U>`A^i-!Xx7Y-n3~g|HGCD^UOqM(KD|iURWKlWy}anf{2>_2A&HJKQk`c zy41)q0V{aKcQ3WjM99;s*!E< zc_Hn)+nq&sUTjPe_l?qr#|FT+!S31F(Y1q)W>(}Q8jSUAYzFk#KAe%A(mysbx>1xB zJf3Evrn3#4rfmbP1g|kl>GOMx=_@x6j=8uU7krapK^<+B8yj`6@cPB*peV=;gR9>+ z+B?`?!`_Anhk5sAEXUSAyLI}H&Bn4xitoJb^nWDM&7DSLyeLM84jDzU;H_xG7O-_s zK3G{s_Z~J1rc}Yc%M6YSCNK1Xxex9VuU_-8V5jRqI4`vxpTESojka&WS)n!n?P;e+ zzz5h-{(tN#h&k({b zwF}n@T^Ug&uco4hY>6mhojttgzRjpAITs|%QtC|$M*|Uq&V`Q)tF#x&GBW}W-L%aJ z(x2yKrjw&w%cTRC8Vi!;s340%h2?exU%Aw1gT9xq9Ul9wD-Nd^7ptTsVnGCbztgyY zkMz)=+?oLB_+1^aG}A?0MtdO>zL2zJZa#J}cvm+wH>Z8ZbriS+d=q<3(2o+08Fc?$ zP!$CBfRDbv2z=+-U0^s~JHXd#FEfUN2|EmLOpGg7(`RgsrKg5dv*_UOTz^&hsw3fxHrenhsyY?baIzb91BUGUfKoxQ%}F!Wn4!0 z4kl;Qx+_3fhIShZ4-Xh|e+Ncrh;h+x_dwb@x!btK>ph>@vn$=UJ>V=R{THOA&+Rdm zV3pBEOKgTs5T9086})J_@x2&ot8nI|z!)w`rk7R+j5RcP6;SdQ`4`k6Ih1}Cv?9n@ zngn7etl?bZGD=+n-wMRG%%}H{0dtrAC;pr`U}T6!`9YF+`omTuFP2p%pKmqFVsU!; zQSEB_{Q+Z)jy+rqjqac;jj}GwO`>bBHnz~|%Uro>tH4#aN~M995QFZ|yT%K`_(I(U>oP=55d6O}UH_=%&CI6bjiQ)uF2`Bc?NxUGs-_UPNrN)mMl{C+voCn)C{1o^Z=#V-9 zl+#v+Gi9Y0K5E>{m2zp{wKz4mUyIe8@^D6BRU;HgV$6`i2X=BxDf|PCh*X5R=bI`V zJqHTv154s^X&X1Rdc>2GT?@{4O+n?O27 zdwnh_$yTvQ5Ar2R79B54t4+3&>G-bPGP?9*fZ&>kGjgZ5jPfYpM2mm^*<%5X7(bTj zX);ZANk^YSENkFS2i^BEW1R%VTuSK&HgjHQAS_3Z%Rz7K%B`aIUzBE(tG+Usz7}*B z)1uwEDORMZw|`YCebpGN#T8A=uZcSw#b+U#bhJFpb;-mHFlY#F&<2HPY0d_nvXnTV zC5>lcJj4*sPRtH0&d3)hd+XU6I?GU_ay(JTT10_S!*O^x>g{23Vb#Oj#Le zS#~AXITQc&kx732!!i{8q!o|2}dn z@Z3dDxHHz8C7B}|cQww;-fX1nX}zJTYg7 z6T$vo`6=ilZ@Jz06%EWTcTw)sh}Cw(9pEUx))<>fU%$gB%9P4s5txa6Oz6!!puK$U zjtU1=A2zZRMehh(c=I8!pdUSK>^{8TNWv}cx9`RjPan)k$~LKqNdk@FYBCaIaGZ5nTKrs9Mv-Mso1oPZ)jYF{>bERUSjm zXJD3i=q_VROee+OZ7hrHWV=L+Bi2D%?*<8Yc!dYg&J`skQ~Etdav|a#Y#-==n*cU= zcyN~$3EZHC_ZZti$nUzx7>#kO^Bnz%)2}{jv^hN^2w&#XOeef1zNJPde^6XW&9T_q38d{TddgpxlA)AeOZfd^ z?BVsLl`fjJ)^J)PE{nfuVK#)0C9YgNX&f2$$Uo4FciQQa8 z3i~;i(dnx(?kCDCi(IxQtp3BMXwoQ$#gj~DM%>YCEvtWcaDcBYUf410XZaAmUgOr> z)=gNRtt4z6h%RvOxw0(rL|!#m9%=t`Dc&W-KMDSX1vGY?7P(BHV1oS)9+E%{*;~51 zvESndCZL0BsFB)+g*Ht%up)GZ*d)NQS&8aSVw@t>h~QGe003t9m1ok_>%bb{yf`Bz z#J(mf)I#o?-Od8Zyb2Ll(gOv*bZHNwO0FYF{r3bLK*qZo&X|w(!T#6T2N7&-KXg(; zpn59>Y<%adT0w$@7^?d*!f|B%2V8uvc2|}{wWp=jGt3&6Pj?7XI(@L@_=Mok4&Z#- zMyjAW(7hlB^tt=9N>WqIBQQEbzyEAPo`Oz+()=Uh-DP#{6^0DcFh}W=DhrfRpk3Uf zX=z6M6b^ya)~5OqHa=EQhFkfB*N-(!*3&9UKm?o)fgtZiI4iAUCVI8@#-c}33yX!?KDY$*Dhgf2ZQdS+K;E^I@R8zU8N{M ztE_t|%MR%*O%?eqH>c*(6@PN4(iak7m@@?qWu<(<0oOme8x-CGp!1zjOux@UzunagT0-7rSNm~3xxJ8}Fi_fnaC&M*Em&FIUW56Zr@b2P6GOowN zUxy1xa`L&C`wv0Dne}u{rf>SKRv3ufXTTev zuB#Uj9stOSeVp!^Z{D4k_kV;6kqb%qLM1rvMM+c_?o}n+qTv8t_`ms!V3ubfpyTtV z-cRcnOud;37f!t>86Z|&jRy$)G`Mi;&x3u7r%s70f;ft^?$wvBU)Q`INI-dSEPxZ; y4a=vxgU>CWdQDu(V?)QXfBj?q;=laiU03qI4|X_~4}5Xbzx>O;tXQ&c$^Qc^g&2?k From 2ab3245ad44a2bd10aca8f05a1e91b1d4a0e2ad1 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Fri, 16 Jun 2023 09:03:18 +0200 Subject: [PATCH 575/698] fix: [app:udpateDatabase] Added missing break statement --- app/Model/AppModel.php | 1 + 1 file changed, 1 insertion(+) diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index b770ace0b..31a997083 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -1953,6 +1953,7 @@ class AppModel extends Model break; case 109: $sqlArray[] = "UPDATE `over_correlating_values` SET `value` = LOWER(`value`) COLLATE utf8mb4_unicode_ci;"; + break; case 110: $sqlArray[] = "ALTER TABLE `users` ADD `totp` varchar(255) DEFAULT NULL;"; $sqlArray[] = "ALTER TABLE `users` ADD `hotp_counter` int(11) DEFAULT NULL;"; From 87c283aa3deff67ded5e9edb7d3046a9a7126c08 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 19 Jun 2023 07:54:08 +0200 Subject: [PATCH 576/698] fix: [urls] allow for encoded spaces - this has been haunting us for a while --- app/.htaccess | 6 +++--- app/webroot/.htaccess | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/.htaccess b/app/.htaccess index fc3aac4b2..b9d0e1016 100644 --- a/app/.htaccess +++ b/app/.htaccess @@ -1,5 +1,5 @@ RewriteEngine on - RewriteRule ^$ webroot/ [L] - RewriteRule (.*) webroot/$1 [L] - \ No newline at end of file + RewriteRule ^$ webroot/ [B,L] + RewriteRule (.*) webroot/$1 [B,L] + diff --git a/app/webroot/.htaccess b/app/webroot/.htaccess index 85e3ae253..982ecad92 100644 --- a/app/webroot/.htaccess +++ b/app/webroot/.htaccess @@ -2,7 +2,7 @@ RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^(.*)$ index.php?/$1 [QSA,L] + RewriteRule ^(.*)$ index.php?/$1 [QSA,L,B] # Adds AUTH support to Rest Plugin: RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last] From ed8bb8f2a3112431115c7cb13c30596caa7a0e30 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 19 Jun 2023 08:02:39 +0200 Subject: [PATCH 577/698] chg: [htaccess] lock the backreference escaping purely to spaces - if we need more we can change it in the future --- app/.htaccess | 4 ++-- app/webroot/.htaccess | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/.htaccess b/app/.htaccess index b9d0e1016..ec36c63bd 100644 --- a/app/.htaccess +++ b/app/.htaccess @@ -1,5 +1,5 @@ RewriteEngine on - RewriteRule ^$ webroot/ [B,L] - RewriteRule (.*) webroot/$1 [B,L] + RewriteRule ^$ webroot/ "[B= ,L]" + RewriteRule (.*) webroot/$1 "[B= ,L]" diff --git a/app/webroot/.htaccess b/app/webroot/.htaccess index 982ecad92..c23955f5d 100644 --- a/app/webroot/.htaccess +++ b/app/webroot/.htaccess @@ -2,7 +2,7 @@ RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^(.*)$ index.php?/$1 [QSA,L,B] + RewriteRule ^(.*)$ index.php?/$1 "[QSA,L,B= ]" # Adds AUTH support to Rest Plugin: RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last] From 48c8357c00083078ed04743b2e440832a05817d2 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 19 Jun 2023 07:54:08 +0200 Subject: [PATCH 578/698] fix: [urls] allow for encoded spaces - this has been haunting us for a while --- app/.htaccess | 6 +++--- app/webroot/.htaccess | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/.htaccess b/app/.htaccess index fc3aac4b2..b9d0e1016 100644 --- a/app/.htaccess +++ b/app/.htaccess @@ -1,5 +1,5 @@ RewriteEngine on - RewriteRule ^$ webroot/ [L] - RewriteRule (.*) webroot/$1 [L] - \ No newline at end of file + RewriteRule ^$ webroot/ [B,L] + RewriteRule (.*) webroot/$1 [B,L] + diff --git a/app/webroot/.htaccess b/app/webroot/.htaccess index 85e3ae253..982ecad92 100644 --- a/app/webroot/.htaccess +++ b/app/webroot/.htaccess @@ -2,7 +2,7 @@ RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^(.*)$ index.php?/$1 [QSA,L] + RewriteRule ^(.*)$ index.php?/$1 [QSA,L,B] # Adds AUTH support to Rest Plugin: RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last] From 736d794681fb93e86833ca074a003a900e004168 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 19 Jun 2023 08:02:39 +0200 Subject: [PATCH 579/698] chg: [htaccess] lock the backreference escaping purely to spaces - if we need more we can change it in the future --- app/.htaccess | 4 ++-- app/webroot/.htaccess | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/.htaccess b/app/.htaccess index b9d0e1016..ec36c63bd 100644 --- a/app/.htaccess +++ b/app/.htaccess @@ -1,5 +1,5 @@ RewriteEngine on - RewriteRule ^$ webroot/ [B,L] - RewriteRule (.*) webroot/$1 [B,L] + RewriteRule ^$ webroot/ "[B= ,L]" + RewriteRule (.*) webroot/$1 "[B= ,L]" diff --git a/app/webroot/.htaccess b/app/webroot/.htaccess index 982ecad92..c23955f5d 100644 --- a/app/webroot/.htaccess +++ b/app/webroot/.htaccess @@ -2,7 +2,7 @@ RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^(.*)$ index.php?/$1 [QSA,L,B] + RewriteRule ^(.*)$ index.php?/$1 "[QSA,L,B= ]" # Adds AUTH support to Rest Plugin: RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last] From f88f19123587864af127893f119e7118228e5b10 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 19 Jun 2023 09:04:54 +0200 Subject: [PATCH 580/698] fix: [indexing] object references table lacked an index on the uuid field causing massive performance issues during ingestion --- app/Model/AppModel.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index 31a997083..64455f608 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -85,7 +85,7 @@ class AppModel extends Model 93 => false, 94 => false, 95 => true, 96 => false, 97 => true, 98 => false, 99 => false, 100 => false, 101 => false, 102 => false, 103 => false, 104 => false, 105 => false, 106 => false, 107 => false, 108 => false, 109 => false, 110 => false, - 111 => false, 112 => false, 113 => true + 111 => false, 112 => false, 113 => true, 114 => false ); const ADVANCED_UPDATES_DESCRIPTION = array( @@ -1970,6 +1970,9 @@ class AppModel extends Model $this->cleanCacheFiles(); $sqlArray[] = "UPDATE roles SET perm_view_feed_correlations = 1;"; break; + case 114: + $indexArray[] = ['object_references', 'uuid']; + break; case 'fixNonEmptySharingGroupID': $sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; $sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; From 3bf85ea29f3041a679ac74b68ac7208da7174813 Mon Sep 17 00:00:00 2001 From: iglocska Date: Wed, 21 Jun 2023 14:52:53 +0200 Subject: [PATCH 581/698] chg: [TOTP] set name --- app/Controller/UsersController.php | 6 +++++- app/Model/Server.php | 8 ++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/app/Controller/UsersController.php b/app/Controller/UsersController.php index e61b61923..ce4751cd7 100644 --- a/app/Controller/UsersController.php +++ b/app/Controller/UsersController.php @@ -1878,7 +1878,11 @@ class UsersController extends AppController ); $writer = new \BaconQrCode\Writer($renderer); $totp->setLabel($user['User']['email']); - $totp->setIssuer(Configure::read('MISP.org') . ' MISP'); + if (Configure::read('Security.otp_issuer')) { + $totp->setIssuer(Configure::read('Security.otp_issuer')); + } else { + $totp->setIssuer(Configure::read('MISP.org') . ' MISP'); + } $qrcode = $writer->writeString($totp->getProvisioningUri()); $qrcode = preg_replace('/^.+\n/', '', $qrcode); // ignore first 'boolean', 'null' => true ), + 'otp_issuer' => array( + 'level' => 2, + 'description' => __('If OTP is enabled, set the issuer string to an arbitrary value. Otherwise, MISP will default to "[MISP.org] MISP".'), + 'value' => false, + 'test' => 'testForEmpty', + 'type' => 'string', + 'null' => true + ), 'email_otp_enabled' => array( 'level' => 2, 'description' => __('Enable two step authentication with a OTP sent by email. Requires e-mailing to be enabled. Warning: You cannot use it in combination with external authentication plugins.'), From 98dd4286ea9a1197476fd0ce080848d22ff68160 Mon Sep 17 00:00:00 2001 From: Stefano Ortolani Date: Sat, 24 Jun 2023 12:54:09 +0100 Subject: [PATCH 582/698] Fix search galaxy clusters --- app/Controller/GalaxyClustersController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Controller/GalaxyClustersController.php b/app/Controller/GalaxyClustersController.php index 5eba82a98..0a6c5e29f 100644 --- a/app/Controller/GalaxyClustersController.php +++ b/app/Controller/GalaxyClustersController.php @@ -38,7 +38,7 @@ class GalaxyClustersController extends AppController public function index($galaxyId) { $galaxyId = $this->Toolbox->findIdByUuid($this->GalaxyCluster->Galaxy, $galaxyId); - $filters = $this->IndexFilter->harvestParameters(array('context', 'searchall')); + $filters = $this->_harvestParameters(array('context', 'searchall')); $aclConditions = $this->GalaxyCluster->buildConditions($this->Auth->user()); $contextConditions = array(); if (empty($filters['context'])) { From 63d9c775a0840d209b1958969ba6b4a59de8b19b Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 26 Jun 2023 09:55:03 +0200 Subject: [PATCH 583/698] fix: [dashboard trending attributes] change !empty() to isset() to allow for local: "0" to be a valid filter --- app/Lib/Dashboard/TrendingAttributesWidget.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Lib/Dashboard/TrendingAttributesWidget.php b/app/Lib/Dashboard/TrendingAttributesWidget.php index 931a152de..56836dec6 100644 --- a/app/Lib/Dashboard/TrendingAttributesWidget.php +++ b/app/Lib/Dashboard/TrendingAttributesWidget.php @@ -38,7 +38,7 @@ class TrendingAttributesWidget $organisationModel = ClassRegistry::init('Organisation'); if (!empty($options['org_filter']) && is_array($options['org_filter'])) { foreach ($this->validOrgFilters as $filterKey) { - if (!empty($options['org_filter'][$filterKey])) { + if (isset($options['org_filter'][$filterKey])) { if ($filterKey === 'local') { $tempConditionBucket['Organisation.local'] = $options['org_filter']['local']; } else { From 4e79275dbb55829b3689dadb1e1188c074606850 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 26 Jun 2023 09:59:58 +0200 Subject: [PATCH 584/698] fix: [api login widget] fixed notice error if no entries were found --- app/Lib/Dashboard/APIActivityWidget.php | 1 + 1 file changed, 1 insertion(+) diff --git a/app/Lib/Dashboard/APIActivityWidget.php b/app/Lib/Dashboard/APIActivityWidget.php index 1b66c0e5e..dc460f1fa 100644 --- a/app/Lib/Dashboard/APIActivityWidget.php +++ b/app/Lib/Dashboard/APIActivityWidget.php @@ -87,6 +87,7 @@ class APIActivityWidget 'recursive' => 1 ]); } + $results = []; $baseurl = empty(Configure::read('MISP.external_baseurl')) ? h(Configure::read('MISP.baseurl')) : Configure::read('MISP.external_baseurl'); foreach ($counts as $key => $junk) { $data = $temp_apikeys[$key]; From 8d0e1981f7ce4e90e3c6e374d341514949a137c5 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 26 Jun 2023 10:00:24 +0200 Subject: [PATCH 585/698] fix: [trending widgets] time ranges fixed --- app/Lib/Dashboard/TrendingAttributesWidget.php | 7 ++++--- app/Lib/Dashboard/TrendingTagsWidget.php | 7 ++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/app/Lib/Dashboard/TrendingAttributesWidget.php b/app/Lib/Dashboard/TrendingAttributesWidget.php index 56836dec6..957b6d7cc 100644 --- a/app/Lib/Dashboard/TrendingAttributesWidget.php +++ b/app/Lib/Dashboard/TrendingAttributesWidget.php @@ -72,9 +72,10 @@ class TrendingAttributesWidget /** @var Event $eventModel */ $attributeModel = ClassRegistry::init('Attribute'); $threshold = empty($options['threshold']) ? 10 : $options['threshold']; - $time_window = empty($options['time_window']) ? (7 * 24 * 60 * 60) : (int)$options['time_window']; - if (is_string($time_window) && substr($time_window, -1) === 'd') { - $time_window = ((int)substr($time_window, 0, -1)) * 24 * 60 * 60; + if (is_string($options['time_window']) && substr($options['time_window'], -1) === 'd') { + $time_window = ((int)substr($options['time_window'], 0, -1)) * 24 * 60 * 60; + } else { + $time_window = empty($options['time_window']) ? (7 * 24 * 60 * 60) : (int)$options['time_window']; } $conditions = $time_window === -1 ? [] : ['Attribute.timestamp >=' => time() - $time_window]; $conditions['Attribute.deleted'] = 0; diff --git a/app/Lib/Dashboard/TrendingTagsWidget.php b/app/Lib/Dashboard/TrendingTagsWidget.php index b3d6f6048..b9d61ce41 100644 --- a/app/Lib/Dashboard/TrendingTagsWidget.php +++ b/app/Lib/Dashboard/TrendingTagsWidget.php @@ -30,9 +30,10 @@ class TrendingTagsWidget /** @var Event $eventModel */ $eventModel = ClassRegistry::init('Event'); $threshold = empty($options['threshold']) ? 10 : $options['threshold']; - $time_window = empty($options['time_window']) ? (7 * 24 * 60 * 60) : $options['time_window']; - if (is_string($time_window) && substr($time_window, -1) === 'd') { - $time_window = ((int)substr($time_window, 0, -1)) * 24 * 60 * 60; + if (is_string($options['time_window']) && substr($options['time_window'], -1) === 'd') { + $time_window = ((int)substr($options['time_window'], 0, -1)) * 24 * 60 * 60; + } else { + $time_window = empty($options['time_window']) ? (7 * 24 * 60 * 60) : (int)$options['time_window']; } $params = $time_window === -1 ? [] : ['timestamp' => time() - $time_window]; From 62f8f290e6949ffca211de633038806009b7aaa8 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 26 Jun 2023 10:05:29 +0200 Subject: [PATCH 586/698] chg: [org index] sort on metafields --- app/View/Organisations/index.ctp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/View/Organisations/index.ctp b/app/View/Organisations/index.ctp index 7e2f809ef..346d9cafa 100644 --- a/app/View/Organisations/index.ctp +++ b/app/View/Organisations/index.ctp @@ -91,16 +91,19 @@ echo $this->element('/genericElements/IndexTable/index_table', [ ], [ 'name' => __('Nationality'), + 'sort' => 'Organisation.nationality', 'data_path' => 'Organisation', 'class' => 'short', 'element' => 'country', ], [ 'name' => __('Sector'), + 'sort' => 'Organisation.sector', 'data_path' => 'Organisation.sector', ], [ 'name' => __('Type'), + 'sort' => 'Organisation.type', 'data_path' => 'Organisation.type', ], [ From 8574c8c4e42de44d4381a6944902e8f1607eae3b Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 26 Jun 2023 10:09:58 +0200 Subject: [PATCH 587/698] fix: [map widget] added alternate name for Russia - in case someone would want to make sure they still have Russian member organisations --- app/Lib/Dashboard/OrganisationMapWidget.php | 1 + 1 file changed, 1 insertion(+) diff --git a/app/Lib/Dashboard/OrganisationMapWidget.php b/app/Lib/Dashboard/OrganisationMapWidget.php index 54dd4e2e7..8d74401f7 100644 --- a/app/Lib/Dashboard/OrganisationMapWidget.php +++ b/app/Lib/Dashboard/OrganisationMapWidget.php @@ -161,6 +161,7 @@ class OrganisationMapWidget 'Qatar' => 'QA', 'Romania' => 'RO', 'Russia' => 'RU', + 'Russian Federation' => 'RU', 'Rwanda' => 'RW', 'S. Sudan' => 'SS', 'Saudi Arabia' => 'SA', From 640e6ef0b5cf2a98f69d8dc112673056cc5a1913 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 26 Jun 2023 18:15:17 +0200 Subject: [PATCH 588/698] new: [dashboard widget] added download parameter to the widget system --- app/Controller/DashboardsController.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/Controller/DashboardsController.php b/app/Controller/DashboardsController.php index 385bf2c94..25df8ec0f 100644 --- a/app/Controller/DashboardsController.php +++ b/app/Controller/DashboardsController.php @@ -192,6 +192,10 @@ class DashboardsController extends AppController 'widget_config' => empty($valueConfig['widget_config']) ? array() : $valueConfig['widget_config'] ); + if (!empty($this->request->params['named']['exportjson'])) { + return $this->RestResponse->viewData($data); + } + $this->layout = false; $this->set('title', $dashboardWidget->title); $this->set('widget_id', $widget_id); From 404c71ade67033911b51c6c8198e0e5def8de80d Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 26 Jun 2023 18:16:31 +0200 Subject: [PATCH 589/698] new: [dashboard widget] added functionalities to download widget raw data - download the JSON passed to the front-end of a widget on-demand --- app/Controller/AppController.php | 2 +- app/View/Elements/dashboard/widget.ctp | 10 +++++++--- app/webroot/js/misp.js | 20 ++++++++++++++++++++ 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index 38d0bd8f3..19f01ac6e 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -33,7 +33,7 @@ class AppController extends Controller public $helpers = array('OrgImg', 'FontAwesome', 'UserName'); - private $__queryVersion = '151'; + private $__queryVersion = '152'; public $pyMispVersion = '2.4.172'; public $phpmin = '7.2'; public $phprec = '7.4'; diff --git a/app/View/Elements/dashboard/widget.ctp b/app/View/Elements/dashboard/widget.ctp index 17d360810..626c34e64 100644 --- a/app/View/Elements/dashboard/widget.ctp +++ b/app/View/Elements/dashboard/widget.ctp @@ -10,14 +10,18 @@ empty($widget['config']) ? '[]' : h(json_encode($widget['config'])), h($widget['widget']), sprintf( - '

    %s %s %s
    %s
    ', + '
    %s %s %s %s
    %s
    ', empty($widget['config']['alias']) ? h($widget['title']) : h($widget['config']['alias']), sprintf( - '', + '', + __('Export raw data') + ), + sprintf( + '', __('Configure widget') ), sprintf( - '', + '', __('Remove widget') ), ' ' diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js index 5c505f42f..020572736 100644 --- a/app/webroot/js/misp.js +++ b/app/webroot/js/misp.js @@ -5515,6 +5515,26 @@ function resetDashboardGrid(grid, save = true) { grid.removeWidget(el); saveDashboardState(); }); + $('.export-widget').click(function() { + var $element = $(this).parent().parent().parent(); + var container_id = $element.attr('id').substring(7); + $.ajax({ + type: 'POST', + url: baseurl + '/dashboards/renderWidget/' + container_id + '/exportjson:1', + data: { + config: $element.attr('config'), + widget: $element.attr('widget') + }, + success:function (data) { + data = JSON.stringify(data, null, 2); + var blob=new Blob([data], {type: 'application/json'}); + var link=window.document.createElement('a'); + link.href=window.URL.createObjectURL(blob); + link.download=$element.attr('widget') + "_" + container_id + "_export.json"; + link.click(); + } + }); + }); } function setHomePage() { From e1bde70185ab4958b2a1678bb379f108c4ccc3a8 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 26 Jun 2023 18:37:29 +0200 Subject: [PATCH 590/698] new: [dashboard widgets] added previous_month boolean option to any widget that had the month option --- app/Lib/Dashboard/APIActivityWidget.php | 9 +++++++-- app/Lib/Dashboard/LoginsWidget.php | 13 +++++++++++- app/Lib/Dashboard/NewOrgsWidget.php | 20 ++++++++++++++++--- app/Lib/Dashboard/NewUsersWidget.php | 20 +++++++++++++++++-- .../OrgContributionToplistWidget.php | 19 ++++++++++++++++-- .../UserContributionToplistWidget.php | 19 ++++++++++++++++-- 6 files changed, 88 insertions(+), 12 deletions(-) diff --git a/app/Lib/Dashboard/APIActivityWidget.php b/app/Lib/Dashboard/APIActivityWidget.php index dc460f1fa..3ff0d7e54 100644 --- a/app/Lib/Dashboard/APIActivityWidget.php +++ b/app/Lib/Dashboard/APIActivityWidget.php @@ -11,6 +11,7 @@ class APIActivityWidget 'limit' => 'Limits the number of displayed APIkeys. (-1 will list all) Default: -1', 'days' => 'How many days back should the list go - for example, setting 7 will only show contributions in the past 7 days. (integer)', 'month' => 'Who contributed most this month? (boolean)', + 'previous_month' => 'Who contributed most the previous, finished month? (boolean)', 'year' => 'Which contributed most this year? (boolean)', ]; public $description = 'Basic widget showing some server statistics in regards to MISP.'; @@ -26,16 +27,20 @@ class APIActivityWidget $begin = new DateTime(date('Y-m-d', strtotime(sprintf("-%s days", $options['days'])))); } else if (!empty($options['month'])) { $begin = new DateTime(date('Y-m-d', strtotime('first day of this month 00:00:00', time()))); + } else if (!empty($options['previous_month'])) { + $begin = new DateTime(date('Y-m-d', strtotime('first day of last month 00:00:00', time()))); + $end = new DateTime(date('Y-m-d', strtotime('last day of last month 23:59:59', time()))); } else if (!empty($options['year'])) { $begin = new DateTime(date('Y-m-d', strtotime('first day of this year 00:00:00', time()))); } else { $begin = new DateTime(date('Y-m-d', strtotime('-7 days', time())));; } - $now = new DateTime(); + + $end = isset($end) ? $end : new DateTime(); $dates = new DatePeriod( $begin, new DateInterval('P1D'), - $now + $end ); $results = []; foreach ($dates as $date) { diff --git a/app/Lib/Dashboard/LoginsWidget.php b/app/Lib/Dashboard/LoginsWidget.php index 7280d6863..cb17b8273 100644 --- a/app/Lib/Dashboard/LoginsWidget.php +++ b/app/Lib/Dashboard/LoginsWidget.php @@ -11,6 +11,7 @@ class LoginsWidget 'limit' => 'Limits the number of displayed APIkeys. (-1 will list all) Default: -1', 'days' => 'How many days back should the list go - for example, setting 7 will only show contributions in the past 7 days. (integer)', 'month' => 'Who contributed most this month? (boolean)', + 'previous_month' => 'Who contributed most the previous, finished month? (boolean)', 'year' => 'Which contributed most this year? (boolean)', ]; public $description = 'Basic widget showing some server statistics in regards to MISP.'; @@ -26,12 +27,22 @@ class LoginsWidget $begin = date('Y-m-d H:i:s', strtotime(sprintf("-%s days", $options['days']))); } else if (!empty($options['month'])) { $begin = date('Y-m-d H:i:s', strtotime('first day of this month 00:00:00', time())); + } else if (!empty($options['previous_month'])) { + $begin = date('Y-m-d H:i:s', strtotime('first day of last month 00:00:00', time())); + $end = date('Y-m-d H:i:s', strtotime('last day of last month 23:59:59', time())); } else if (!empty($options['year'])) { $begin = date('Y-m-d', strtotime('first day of this year 00:00:00', time())); } else { $begin = date('Y-m-d H:i:s', strtotime('-7 days', time())); } - return $begin ? ['Log.created >=' => $begin] : []; + $params = []; + if (!empty($end)) { + $params['Log.created <='] = $end; + } + if (!empty($begin)) { + $params['Log.created >='] = $begin; + } + return $params; } public function handler($user, $options = array()) diff --git a/app/Lib/Dashboard/NewOrgsWidget.php b/app/Lib/Dashboard/NewOrgsWidget.php index 881796d9c..141b6adf8 100644 --- a/app/Lib/Dashboard/NewOrgsWidget.php +++ b/app/Lib/Dashboard/NewOrgsWidget.php @@ -15,6 +15,7 @@ class NewOrgsWidget 'filter' => 'A list of filters by organisation meta information (nationality, sector, type, name, uuid) to include. (dictionary, prepending values with ! uses them as a negation)', 'days' => 'How many days back should the list go - for example, setting 7 will only show the organisations that were added in the past 7 days. (integer)', 'month' => 'Which organisations have been added this month? (boolean)', + 'previous_month' => 'Who contributed most the previous, finished month? (boolean)', 'year' => 'Which organisations have been added this year? (boolean)', 'local' => 'Should the list only show local organisations? (boolean or list of booleans, defaults to 1. To get both sets, use [0,1])', 'fields' => 'Which fields should be displayed, by default all are selected. Pass a list with the following options: [id, uuid, name, sector, type, nationality, creation_date]' @@ -51,6 +52,10 @@ class NewOrgsWidget } else if (!empty($options['month'])) { $condition = strtotime('first day of this month 00:00:00', time()); $this->tableDescription = __('The %d newest organisations created during the current month', $limit); + } else if (!empty($options['previous_month'])) { + $condition = strtotime('first day of last month 00:00:00', time()); + $end_condition = strtotime('last day of last month 23:59:59', time()); + $this->tableDescription = __('The %d newest organisations created during the previous month', $limit); } else if (!empty($options['year'])) { $condition = strtotime('first day of this year 00:00:00', time()); $this->tableDescription = __('The %d newest organisations created during the current year', $limit); @@ -58,9 +63,18 @@ class NewOrgsWidget $this->tableDescription = __('The %d newest organisations created', $limit); return null; } - $datetime = new DateTime(); - $datetime->setTimestamp($condition); - return $datetime->format('Y-m-d H:i:s'); + $conditions = []; + if (!empty($condition)) { + $datetime = new DateTime(); + $datetime->setTimestamp($condition); + $conditions['Organisation.date_created >='] = $datetime->format('Y-m-d H:i:s'); + } + if (!empty($end_condition)) { + $datetime = new DateTime(); + $datetime->setTimestamp($end_condition); + $conditions['Organisation.date_created <='] = $datetime->format('Y-m-d H:i:s'); + } + return $conditions; } public function handler($user, $options = array()) diff --git a/app/Lib/Dashboard/NewUsersWidget.php b/app/Lib/Dashboard/NewUsersWidget.php index f41d43570..5c66ff6e6 100644 --- a/app/Lib/Dashboard/NewUsersWidget.php +++ b/app/Lib/Dashboard/NewUsersWidget.php @@ -15,6 +15,7 @@ class NewUsersWidget 'filter' => 'A list of filters for the organisations (nationality, sector, type, name, uuid) to include. (dictionary, prepending values with ! uses them as a negation)', 'days' => 'How many days back should the list go - for example, setting 7 will only show the organisations that were added in the past 7 days. (integer)', 'month' => 'Which organisations have been added this month? (boolean)', + 'previous_month' => 'Who contributed most the previous, finished month? (boolean)', 'year' => 'Which organisations have been added this year? (boolean)', 'fields' => 'Which fields should be displayed, by default all are selected. Pass a list with the following options: [id, email, Organisation.name, Role.name, date_created]' ]; @@ -57,6 +58,10 @@ class NewUsersWidget } else if (!empty($options['month'])) { $condition = strtotime('first day of this month 00:00:00', time()); $this->tableDescription = __('The %d newest users created during the current month', $limit); + } else if (!empty($options['previous_month'])) { + $condition = strtotime('first day of last month 00:00:00', time()); + $end_condition = strtotime('last day of last month 23:59:59', time()); + $this->tableDescription = __('The %d newest organisations created during the previous month', $limit); } else if (!empty($options['year'])) { $condition = strtotime('first day of this year 00:00:00', time()); $this->tableDescription = __('The %d newest users created during the current year', $limit); @@ -64,7 +69,18 @@ class NewUsersWidget $this->tableDescription = __('The %d newest users created', $limit); return null; } - return $condition; + $conditions = []; + if (!empty($condition)) { + $datetime = new DateTime(); + $datetime->setTimestamp($condition); + $conditions['Organisation.date_created >='] = $datetime->format('Y-m-d H:i:s'); + } + if (!empty($end_condition)) { + $datetime = new DateTime(); + $datetime->setTimestamp($end_condition); + $conditions['Organisation.date_created <='] = $datetime->format('Y-m-d H:i:s'); + } + return $conditions; } public function handler($user, $options = array()) @@ -123,7 +139,7 @@ class NewUsersWidget } $timeConditions = $this->timeConditions($options); if ($timeConditions) { - $params['conditions']['AND'][] = ['User.date_created >=' => $timeConditions]; + $params['conditions']['AND'][] = $timeConditions; } if (isset($options['fields'])) { $fields = []; diff --git a/app/Lib/Dashboard/OrgContributionToplistWidget.php b/app/Lib/Dashboard/OrgContributionToplistWidget.php index ed7079fe3..da0e92619 100644 --- a/app/Lib/Dashboard/OrgContributionToplistWidget.php +++ b/app/Lib/Dashboard/OrgContributionToplistWidget.php @@ -9,6 +9,7 @@ class OrgContributionToplistWidget public $params = [ 'days' => 'How many days back should the list go - for example, setting 7 will only show contributions in the past 7 days. (integer)', 'month' => 'Who contributed most this month? (boolean)', + 'previous_month' => 'Who contributed most the previous, finished month? (boolean)', 'year' => 'Which contributed most this year? (boolean)', 'filter' => 'A list of filters by organisation meta information (nationality, sector, type, name, uuid, local (- expects a boolean or a list of boolean values)) to include. (dictionary, prepending values with ! uses them as a negation)', 'limit' => 'Limits the number of displayed tags. Default: 10' @@ -41,12 +42,26 @@ class OrgContributionToplistWidget $condition = strtotime(sprintf("-%s days", $options['days'])); } else if (!empty($options['month'])) { $condition = strtotime('first day of this month 00:00:00', time()); + } else if (!empty($options['previous_month'])) { + $condition = strtotime('first day of previous month 00:00:00', time()); + $end_condition = strtotime('last day of last month 23:59:59', time()); } else if (!empty($options['year'])) { $condition = strtotime('first day of this year 00:00:00', time()); } else { return null; } - return $condition; + $conditions = []; + if (!empty($condition)) { + $datetime = new DateTime(); + $datetime->setTimestamp($condition); + $conditions['Event.timestamp >='] = $datetime->format('Y-m-d H:i:s'); + } + if (!empty($end_condition)) { + $datetime = new DateTime(); + $datetime->setTimestamp($end_condition); + $conditions['Event.timestamp <='] = $datetime->format('Y-m-d H:i:s'); + } + return $conditions; } @@ -55,7 +70,7 @@ class OrgContributionToplistWidget $params = ['conditions' => []]; $timeConditions = $this->timeConditions($options); if ($timeConditions) { - $params['conditions']['AND'][] = ['Event.timestamp >=' => $timeConditions]; + $params['conditions']['AND'][] = $timeConditions; } if (!empty($options['filter']) && is_array($options['filter'])) { foreach ($this->validFilterKeys as $filterKey) { diff --git a/app/Lib/Dashboard/UserContributionToplistWidget.php b/app/Lib/Dashboard/UserContributionToplistWidget.php index b9ea08c50..ec434c82b 100644 --- a/app/Lib/Dashboard/UserContributionToplistWidget.php +++ b/app/Lib/Dashboard/UserContributionToplistWidget.php @@ -9,6 +9,7 @@ class UserContributionToplistWidget public $params = [ 'days' => 'How many days back should the list go - for example, setting 7 will only show contributions in the past 7 days. (integer)', 'month' => 'Who contributed most this month? (boolean)', + 'previous_month' => 'Who contributed most the previous, finished month? (boolean)', 'year' => 'Which contributed most this year? (boolean)', 'filter' => 'A list of filters by organisation meta information (nationality, sector, type, name, uuid, local (- expects a boolean or a list of boolean values)) to include. (dictionary, prepending values with ! uses them as a negation)', 'limit' => 'Limits the number of displayed tags. Default: 10' @@ -41,12 +42,26 @@ class UserContributionToplistWidget $condition = strtotime(sprintf("-%s days", $options['days'])); } else if (!empty($options['month'])) { $condition = strtotime('first day of this month 00:00:00', time()); + } else if (!empty($options['previous_month'])) { + $condition = strtotime('first day of previous month 00:00:00', time()); + $end_condition = strtotime('last day of last month 23:59:59', time()); } else if (!empty($options['year'])) { $condition = strtotime('first day of this year 00:00:00', time()); } else { return null; } - return $condition; + $conditions = []; + if (!empty($condition)) { + $datetime = new DateTime(); + $datetime->setTimestamp($condition); + $conditions['Event.timestamp >='] = $datetime->format('Y-m-d H:i:s'); + } + if (!empty($end_condition)) { + $datetime = new DateTime(); + $datetime->setTimestamp($end_condition); + $conditions['Event.timestamp <='] = $datetime->format('Y-m-d H:i:s'); + } + return $conditions; } @@ -55,7 +70,7 @@ class UserContributionToplistWidget $params = ['conditions' => []]; $timeConditions = $this->timeConditions($options); if ($timeConditions) { - $params['conditions']['AND'][] = ['Event.timestamp >=' => $timeConditions]; + $params['conditions']['AND'][] = $timeConditions; } if (!empty($options['filter']) && is_array($options['filter'])) { foreach ($this->validFilterKeys as $filterKey) { From 11aadfe1cdca9ac481b09c70c4121924cd72c00b Mon Sep 17 00:00:00 2001 From: iglocska Date: Tue, 27 Jun 2023 13:19:42 +0200 Subject: [PATCH 591/698] new: [dashboard widget toolkit] started a new common library of reusable functions for widgets --- app/Lib/Dashboard/Tools/WidgetToolkit.php | 189 ++++++++++++++++++++++ 1 file changed, 189 insertions(+) create mode 100644 app/Lib/Dashboard/Tools/WidgetToolkit.php diff --git a/app/Lib/Dashboard/Tools/WidgetToolkit.php b/app/Lib/Dashboard/Tools/WidgetToolkit.php new file mode 100644 index 000000000..1da149e94 --- /dev/null +++ b/app/Lib/Dashboard/Tools/WidgetToolkit.php @@ -0,0 +1,189 @@ + 'AF', + 'Albania' => 'AL', + 'Algeria' => 'DZ', + 'Angola' => 'AO', + 'Argentina' => 'AR', + 'Armenia' => 'AM', + 'Australia' => 'AU', + 'Austria' => 'AT', + 'Azerbaijan' => 'AZ', + 'Bahamas' => 'BS', + 'Bangladesh' => 'BD', + 'Belarus' => 'BY', + 'Belgium' => 'BE', + 'Belize' => 'BZ', + 'Benin' => 'BJ', + 'Bhutan' => 'BT', + 'Bolivia' => 'BO', + 'Bosnia and Herz.' => 'BA', + 'Botswana' => 'BW', + 'Brazil' => 'BR', + 'Brunei' => 'BN', + 'Bulgaria' => 'BG', + 'Burkina Faso' => 'BF', + 'Burundi' => 'BI', + 'Cambodia' => 'KH', + 'Cameroon' => 'CM', + 'Canada' => 'CA', + 'Central African Rep.' => 'CF', + 'Chad' => 'TD', + 'Chile' => 'CL', + 'China' => 'CN', + 'Colombia' => 'CO', + 'Congo' => 'CG', + 'Costa Rica' => 'CR', + 'Croatia' => 'HR', + 'Cuba' => 'CU', + 'Cyprus' => 'CY', + 'Czech Rep.' => 'CZ', + 'Czech Republic' => 'CZ', + 'Côte d\'Ivoire' => 'CI', + 'Dem. Rep. Congo' => 'CD', + 'Dem. Rep. Korea' => 'KP', + 'Denmark' => 'DK', + 'Djibouti' => 'DJ', + 'Dominican Rep.' => 'DO', + 'Ecuador' => 'EC', + 'Egypt' => 'EG', + 'El Salvador' => 'SV', + 'Eq. Guinea' => 'GQ', + 'Eritrea' => 'ER', + 'Estonia' => 'EE', + 'Ethiopia' => 'ET', + 'Falkland Is.' => 'FK', + 'Fiji' => 'FJ', + 'Finland' => 'FI', + 'Fr. S. Antarctic Lands' => 'TF', + 'France' => 'FR', + 'Gabon' => 'GA', + 'Gambia' => 'GM', + 'Georgia' => 'GE', + 'Germany' => 'DE', + 'Ghana' => 'GH', + 'Greece' => 'GR', + 'Greenland' => 'GL', + 'Guatemala' => 'GT', + 'Guinea' => 'GN', + 'Guinea-Bissau' => 'GW', + 'Guyana' => 'GY', + 'Haiti' => 'HT', + 'Honduras' => 'HN', + 'Hungary' => 'HU', + 'Iceland' => 'IS', + 'India' => 'IN', + 'Indonesia' => 'ID', + 'Iran' => 'IR', + 'Iraq' => 'IQ', + 'Ireland' => 'IE', + 'Ireland {Republic}' => 'IE', + 'Israel' => 'IL', + 'Italy' => 'IT', + 'Jamaica' => 'JM', + 'Japan' => 'JP', + 'Jordan' => 'JO', + 'Kazakhstan' => 'KZ', + 'Kenya' => 'KE', + 'Korea' => 'KR', + 'Kuwait' => 'KW', + 'Kyrgyzstan' => 'KG', + 'Lao PDR' => 'LA', + 'Latvia' => 'LV', + 'Lebanon' => 'LB', + 'Lesotho' => 'LS', + 'Liberia' => 'LR', + 'Libya' => 'LY', + 'Lithuania' => 'LT', + 'Luxembourg' => 'LU', + 'Macedonia' => 'MK', + 'Madagascar' => 'MG', + 'Mainland China' => 'CN', + 'Malawi' => 'MW', + 'Malaysia' => 'MY', + 'Mali' => 'ML', + 'Malta' => 'MT', + 'Mauritania' => 'MR', + 'Mexico' => 'MX', + 'Moldova' => 'MD', + 'Mongolia' => 'MN', + 'Montenegro' => 'ME', + 'Morocco' => 'MA', + 'Mozamb' => 'MZ', + 'Myanmar' => 'MM', + 'Namibia' => 'NA', + 'Nepal' => 'NP', + 'Netherlands' => 'NL', + 'New Caledonia' => 'NC', + 'New Zealand' => 'NZ', + 'Nicaragua' => 'NI', + 'Niger' => 'NE', + 'Nigeria' => 'NG', + 'Norway' => 'NO', + 'Oman' => 'OM', + 'Pakistan' => 'PK', + 'Palestine' => 'PS', + 'Panama' => 'PA', + 'Papua New Guinea' => 'PG', + 'Paraguay' => 'PY', + 'Peru' => 'PE', + 'Philippines' => 'PH', + 'Poland' => 'PL', + 'Portugal' => 'PT', + 'Puerto Rico' => 'PR', + 'Qatar' => 'QA', + 'Romania' => 'RO', + 'Russia' => 'RU', + 'Russian Federation' => 'RU', + 'Rwanda' => 'RW', + 'S. Sudan' => 'SS', + 'Saudi Arabia' => 'SA', + 'Senegal' => 'SN', + 'Serbia' => 'RS', + 'Sierra Leone' => 'SL', + 'Slovakia' => 'SK', + 'Slovenia' => 'SI', + 'Solomon Is.' => 'SB', + 'Somalia' => 'SO', + 'South Africa' => 'ZA', + 'Spain' => 'ES', + 'Sri Lanka' => 'LK', + 'Sudan' => 'SD', + 'Suriname' => 'SR', + 'Swaziland' => 'SZ', + 'Sweden' => 'SE', + 'Switzerland' => 'CH', + 'Syria' => 'SY', + 'Taiwan' => 'TW', + 'Tajikistan' => 'TJ', + 'Tanzania' => 'TZ', + 'Thailand' => 'TH', + 'Timor-Leste' => 'TL', + 'Togo' => 'TG', + 'Trinidad and Tobago' => 'TT', + 'Tunisia' => 'TN', + 'Turkey' => 'TR', + 'Turkmenistan' => 'TM', + 'Uganda' => 'UG', + 'Ukraine' => 'UA', + 'United Arab Emirates' => 'AE', + 'United Kingdom' => 'GB', + 'United States' => 'US', + 'Uruguay' => 'UY', + 'Uzbekistan' => 'UZ', + 'Vanuatu' => 'VU', + 'Venezuela' => 'VE', + 'Vietnam' => 'VN', + 'W. Sahara' => 'EH', + 'Yemen' => 'YE', + 'Zambia' => 'ZM', + 'Zimbabwe' => 'ZW' + ]; + } +} \ No newline at end of file From eec84d77820a88fca6e96de40aedbe415f1f4d5b Mon Sep 17 00:00:00 2001 From: iglocska Date: Tue, 27 Jun 2023 13:20:13 +0200 Subject: [PATCH 592/698] chg: [map widget] moved country code lookup to the new widget toolkit --- app/Lib/Dashboard/OrganisationMapWidget.php | 184 +------------------- 1 file changed, 4 insertions(+), 180 deletions(-) diff --git a/app/Lib/Dashboard/OrganisationMapWidget.php b/app/Lib/Dashboard/OrganisationMapWidget.php index 8d74401f7..4929ac013 100644 --- a/app/Lib/Dashboard/OrganisationMapWidget.php +++ b/app/Lib/Dashboard/OrganisationMapWidget.php @@ -26,189 +26,13 @@ class OrganisationMapWidget }'; private $Organisation = null; - public $countryCodes = array( - 'Afghanistan' => 'AF', - 'Albania' => 'AL', - 'Algeria' => 'DZ', - 'Angola' => 'AO', - 'Argentina' => 'AR', - 'Armenia' => 'AM', - 'Australia' => 'AU', - 'Austria' => 'AT', - 'Azerbaijan' => 'AZ', - 'Bahamas' => 'BS', - 'Bangladesh' => 'BD', - 'Belarus' => 'BY', - 'Belgium' => 'BE', - 'Belize' => 'BZ', - 'Benin' => 'BJ', - 'Bhutan' => 'BT', - 'Bolivia' => 'BO', - 'Bosnia and Herz.' => 'BA', - 'Botswana' => 'BW', - 'Brazil' => 'BR', - 'Brunei' => 'BN', - 'Bulgaria' => 'BG', - 'Burkina Faso' => 'BF', - 'Burundi' => 'BI', - 'Cambodia' => 'KH', - 'Cameroon' => 'CM', - 'Canada' => 'CA', - 'Central African Rep.' => 'CF', - 'Chad' => 'TD', - 'Chile' => 'CL', - 'China' => 'CN', - 'Colombia' => 'CO', - 'Congo' => 'CG', - 'Costa Rica' => 'CR', - 'Croatia' => 'HR', - 'Cuba' => 'CU', - 'Cyprus' => 'CY', - 'Czech Rep.' => 'CZ', - 'Czech Republic' => 'CZ', - 'Côte d\'Ivoire' => 'CI', - 'Dem. Rep. Congo' => 'CD', - 'Dem. Rep. Korea' => 'KP', - 'Denmark' => 'DK', - 'Djibouti' => 'DJ', - 'Dominican Rep.' => 'DO', - 'Ecuador' => 'EC', - 'Egypt' => 'EG', - 'El Salvador' => 'SV', - 'Eq. Guinea' => 'GQ', - 'Eritrea' => 'ER', - 'Estonia' => 'EE', - 'Ethiopia' => 'ET', - 'Falkland Is.' => 'FK', - 'Fiji' => 'FJ', - 'Finland' => 'FI', - 'Fr. S. Antarctic Lands' => 'TF', - 'France' => 'FR', - 'Gabon' => 'GA', - 'Gambia' => 'GM', - 'Georgia' => 'GE', - 'Germany' => 'DE', - 'Ghana' => 'GH', - 'Greece' => 'GR', - 'Greenland' => 'GL', - 'Guatemala' => 'GT', - 'Guinea' => 'GN', - 'Guinea-Bissau' => 'GW', - 'Guyana' => 'GY', - 'Haiti' => 'HT', - 'Honduras' => 'HN', - 'Hungary' => 'HU', - 'Iceland' => 'IS', - 'India' => 'IN', - 'Indonesia' => 'ID', - 'Iran' => 'IR', - 'Iraq' => 'IQ', - 'Ireland' => 'IE', - 'Ireland {Republic}' => 'IE', - 'Israel' => 'IL', - 'Italy' => 'IT', - 'Jamaica' => 'JM', - 'Japan' => 'JP', - 'Jordan' => 'JO', - 'Kazakhstan' => 'KZ', - 'Kenya' => 'KE', - 'Korea' => 'KR', - 'Kuwait' => 'KW', - 'Kyrgyzstan' => 'KG', - 'Lao PDR' => 'LA', - 'Latvia' => 'LV', - 'Lebanon' => 'LB', - 'Lesotho' => 'LS', - 'Liberia' => 'LR', - 'Libya' => 'LY', - 'Lithuania' => 'LT', - 'Luxembourg' => 'LU', - 'Macedonia' => 'MK', - 'Madagascar' => 'MG', - 'Mainland China' => 'CN', - 'Malawi' => 'MW', - 'Malaysia' => 'MY', - 'Mali' => 'ML', - 'Malta' => 'MT', - 'Mauritania' => 'MR', - 'Mexico' => 'MX', - 'Moldova' => 'MD', - 'Mongolia' => 'MN', - 'Montenegro' => 'ME', - 'Morocco' => 'MA', - 'Mozamb' => 'MZ', - 'Myanmar' => 'MM', - 'Namibia' => 'NA', - 'Nepal' => 'NP', - 'Netherlands' => 'NL', - 'New Caledonia' => 'NC', - 'New Zealand' => 'NZ', - 'Nicaragua' => 'NI', - 'Niger' => 'NE', - 'Nigeria' => 'NG', - 'Norway' => 'NO', - 'Oman' => 'OM', - 'Pakistan' => 'PK', - 'Palestine' => 'PS', - 'Panama' => 'PA', - 'Papua New Guinea' => 'PG', - 'Paraguay' => 'PY', - 'Peru' => 'PE', - 'Philippines' => 'PH', - 'Poland' => 'PL', - 'Portugal' => 'PT', - 'Puerto Rico' => 'PR', - 'Qatar' => 'QA', - 'Romania' => 'RO', - 'Russia' => 'RU', - 'Russian Federation' => 'RU', - 'Rwanda' => 'RW', - 'S. Sudan' => 'SS', - 'Saudi Arabia' => 'SA', - 'Senegal' => 'SN', - 'Serbia' => 'RS', - 'Sierra Leone' => 'SL', - 'Slovakia' => 'SK', - 'Slovenia' => 'SI', - 'Solomon Is.' => 'SB', - 'Somalia' => 'SO', - 'South Africa' => 'ZA', - 'Spain' => 'ES', - 'Sri Lanka' => 'LK', - 'Sudan' => 'SD', - 'Suriname' => 'SR', - 'Swaziland' => 'SZ', - 'Sweden' => 'SE', - 'Switzerland' => 'CH', - 'Syria' => 'SY', - 'Taiwan' => 'TW', - 'Tajikistan' => 'TJ', - 'Tanzania' => 'TZ', - 'Thailand' => 'TH', - 'Timor-Leste' => 'TL', - 'Togo' => 'TG', - 'Trinidad and Tobago' => 'TT', - 'Tunisia' => 'TN', - 'Turkey' => 'TR', - 'Turkmenistan' => 'TM', - 'Uganda' => 'UG', - 'Ukraine' => 'UA', - 'United Arab Emirates' => 'AE', - 'United Kingdom' => 'GB', - 'United States' => 'US', - 'Uruguay' => 'UY', - 'Uzbekistan' => 'UZ', - 'Vanuatu' => 'VU', - 'Venezuela' => 'VE', - 'Vietnam' => 'VN', - 'W. Sahara' => 'EH', - 'Yemen' => 'YE', - 'Zambia' => 'ZM', - 'Zimbabwe' => 'ZW' - ); + public $countryCodes = []; public function handler($user, $options = array()) { + App::uses('WidgetToolkit', 'Lib/Dashboard/Tools'); + $WidgetToolkit = new WidgetToolkit(); + $this->countryCodes = $WidgetToolkit->getCountryCodeMapping(); $params = [ 'conditions' => [ 'Nationality !=' => '' From ae6b066d4a256b12075d1ad23524b71cceb70221 Mon Sep 17 00:00:00 2001 From: iglocska Date: Tue, 27 Jun 2023 13:20:53 +0200 Subject: [PATCH 593/698] new: [org list widget] added --- app/Lib/Dashboard/OrganisationListWidget.php | 81 ++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 app/Lib/Dashboard/OrganisationListWidget.php diff --git a/app/Lib/Dashboard/OrganisationListWidget.php b/app/Lib/Dashboard/OrganisationListWidget.php new file mode 100644 index 000000000..db988b5a0 --- /dev/null +++ b/app/Lib/Dashboard/OrganisationListWidget.php @@ -0,0 +1,81 @@ + 'A list of filters by organisation meta information (sector, type, local (- expects a boolean or a list of boolean values)) to include. (dictionary, prepending values with ! uses them as a negation)', + 'limit' => 'Limits the number of displayed tags. Default: 10' + ]; + public $cacheLifetime = null; + public $autoRefreshDelay = false; + private $validFilterKeys = [ + 'sector', + 'type', + 'local' + ]; + public $placeholder = +'{ + "filter": { + "type": "Member", + "local": [0,1] + } +}'; + private $Organisation = null; + + public $countryCodes = []; + + public function handler($user, $options = array()) + { + App::uses('WidgetToolkit', 'Lib/Dashboard/Tools'); + $WidgetToolkit = new WidgetToolkit(); + $this->countryCodes = $WidgetToolkit->getCountryCodeMapping(); + $params = [ + 'conditions' => [ + 'Nationality !=' => '' + ] + ]; + if (!empty($options['filter']) && is_array($options['filter'])) { + foreach ($this->validFilterKeys as $filterKey) { + if (!empty($options['filter'][$filterKey])) { + if (!is_array($options['filter'][$filterKey])) { + $options['filter'][$filterKey] = [$options['filter'][$filterKey]]; + } + $tempConditionBucket = []; + foreach ($options['filter'][$filterKey] as $value) { + if ($value[0] === '!') { + $tempConditionBucket['Organisation.' . $filterKey . ' NOT IN'][] = mb_substr($value, 1); + } else { + $tempConditionBucket['Organisation.' . $filterKey . ' IN'][] = $value; + } + } + if (!empty($tempConditionBucket)) { + $params['conditions']['AND'][] = $tempConditionBucket; + } + } + } + } + $this->Organisation = ClassRegistry::init('Organisation'); + $orgs = $this->Organisation->find('all', [ + 'recursive' => -1, + 'fields' => ['Organisation.nationality', 'COUNT(Organisation.nationality) AS frequency'], + 'conditions' => $params['conditions'], + 'group' => ['Organisation.nationality'] + ]); + $results = []; + foreach($orgs as $org) { + $country = $org['Organisation']['nationality']; + $count = $org['0']['frequency']; + if (isset($this->countryCodes[$country])) { + $countryCode = $this->countryCodes[$country]; + $results[$countryCode] = $count; + } + } + arsort($results); + return ['data' => $results]; + } +} +?> From 99eff0ab6a36f0f9f9811d4c86cf82f6c03aacc6 Mon Sep 17 00:00:00 2001 From: iglocska Date: Tue, 27 Jun 2023 14:30:49 +0200 Subject: [PATCH 594/698] new: [attack widget] added --- app/Lib/Dashboard/AttackWidget.php | 38 +++++++++++++++++++ .../Elements/dashboard/Widgets/Attack.ctp | 6 +++ 2 files changed, 44 insertions(+) create mode 100644 app/Lib/Dashboard/AttackWidget.php create mode 100644 app/View/Elements/dashboard/Widgets/Attack.ctp diff --git a/app/Lib/Dashboard/AttackWidget.php b/app/Lib/Dashboard/AttackWidget.php new file mode 100644 index 000000000..3c4f38952 --- /dev/null +++ b/app/Lib/Dashboard/AttackWidget.php @@ -0,0 +1,38 @@ + 'A list of restsearch filters to apply to the heatmap. (dictionary, prepending values with ! uses them as a negation)' + ]; + public $cacheLifetime = 1200; + public $autoRefreshDelay = false; + private $validFilterKeys = [ + 'filters' + ]; + private $Event = null; + public $placeholder = +'{ + "filters": { + "attackGalaxy": "mitre-attack-pattern", + "timestamp": ["2023-01-01", "2023-03-31"], + "published": [0,1] + } +}'; + + public function handler($user, $options = array()) + { + $this->Event = ClassRegistry::init('Event'); + $data = null; + if (!empty($options['filters'])) { + $data = $this->Event->restSearch($user, 'attack', $options['filters']); + $data = JsonTool::decode($data->intoString()); + } + return $data; + } +} +?> diff --git a/app/View/Elements/dashboard/Widgets/Attack.ctp b/app/View/Elements/dashboard/Widgets/Attack.ctp new file mode 100644 index 000000000..1e7777bb3 --- /dev/null +++ b/app/View/Elements/dashboard/Widgets/Attack.ctp @@ -0,0 +1,6 @@ +
    +element('view_galaxy_matrix', $data); +?> +
    + From 3bad6f32f5eb11bfbfc348b038d46d2edb74fdec Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 28 Jun 2023 07:33:32 +0200 Subject: [PATCH 595/698] fix: [config] typo fixed --- app/Model/Server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Model/Server.php b/app/Model/Server.php index 1a974aa54..7d87b6b27 100644 --- a/app/Model/Server.php +++ b/app/Model/Server.php @@ -6108,7 +6108,7 @@ class Server extends AppModel ], 'thumbnail_in_redis' => [ 'level' => self::SETTING_OPTIONAL, - 'description' => __('Store image thumbnails in Redis insteadof file system.'), + 'description' => __('Store image thumbnails in Redis instead of file system.'), 'value' => false, 'test' => 'testBool', 'type' => 'boolean', From f125630c1c2d0f5d11079d3653ab7bb2ab5cd908 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Wed, 28 Jun 2023 09:26:15 +0200 Subject: [PATCH 596/698] fix: properly handle different cert file extensions in server sync. #9084 --- app/Controller/ServersController.php | 36 ++++++++++++++++++++++------ app/Lib/Tools/SyncTool.php | 7 ++++-- 2 files changed, 34 insertions(+), 9 deletions(-) diff --git a/app/Controller/ServersController.php b/app/Controller/ServersController.php index 16dff24a4..67699cbf4 100644 --- a/app/Controller/ServersController.php +++ b/app/Controller/ServersController.php @@ -915,30 +915,52 @@ class ServersController extends AppController App::uses('File', 'Utility'); App::uses('Folder', 'Utility'); App::uses('FileAccessTool', 'Tools'); + App::uses('SyncTool', 'Tools'); if (isset($server['Server'][$subm]['name'])) { if ($this->request->data['Server'][$subm]['size'] != 0) { if (!$this->Server->checkFilename($server['Server'][$subm]['name'])) { throw new Exception(__('Filename not allowed')); } - $file = new File($server['Server'][$subm]['name']); - $ext = $file->ext(); + + if (!is_uploaded_file($server['Server'][$subm]['tmp_name'])) { + throw new Exception(__('File not uploaded correctly')); + } + + $ext = pathinfo($server['Server'][$subm]['name'], PATHINFO_EXTENSION); + if (!in_array($ext, SyncTool::ALLOWED_CERT_FILE_EXTENSIONS)) { + $this->Flash->error(__('Invalid extension.')); + $this->redirect(array('action' => 'index')); + } + if (!$server['Server'][$subm]['size'] > 0) { $this->Flash->error(__('Incorrect extension or empty file.')); $this->redirect(array('action' => 'index')); } - // read pem file data - $pemData = FileAccessTool::readFromFile($server['Server'][$subm]['tmp_name'], $server['Server'][$subm]['size']); + // read certificate file data + $certData = FileAccessTool::readFromFile($server['Server'][$subm]['tmp_name'], $server['Server'][$subm]['size']); } else { return true; } } else { - $pemData = base64_decode($server['Server'][$subm]); + $ext = 'pem'; + $certData = base64_decode($server['Server'][$subm]); } + + // check if the file is a valid x509 certificate + try { + $cert = openssl_x509_parse($certData); + if (!$cert) { + throw new Exception(__('Invalid certificate.')); + } + } catch (Exception $e) { + $this->Flash->error(__('Invalid certificate.')); + $this->redirect(array('action' => 'index')); + } + $destpath = APP . "files" . DS . "certs" . DS; - $dir = new Folder(APP . "files" . DS . "certs", true); $pemfile = new File($destpath . $id . $ins . '.' . $ext); - $result = $pemfile->write($pemData); + $result = $pemfile->write($certData); $s = $this->Server->read(null, $id); $s['Server'][$attr] = $s['Server']['id'] . $ins . '.' . $ext; if ($result) { diff --git a/app/Lib/Tools/SyncTool.php b/app/Lib/Tools/SyncTool.php index aa621879b..157123d21 100644 --- a/app/Lib/Tools/SyncTool.php +++ b/app/Lib/Tools/SyncTool.php @@ -2,6 +2,9 @@ class SyncTool { + + const ALLOWED_CERT_FILE_EXTENSIONS = ['pem', 'crt']; + /** * Take a server as parameter and return a HttpSocket object using the ssl options defined in the server settings * @param array|null $server @@ -15,10 +18,10 @@ class SyncTool $params = ['compress' => true]; if (!empty($server)) { if (!empty($server[$model]['cert_file'])) { - $params['ssl_cafile'] = APP . "files" . DS . "certs" . DS . $server[$model]['id'] . '.pem'; + $params['ssl_cafile'] = APP . "files" . DS . "certs" . DS . $server[$model]['cert_file']; } if (!empty($server[$model]['client_cert_file'])) { - $params['ssl_local_cert'] = APP . "files" . DS . "certs" . DS . $server[$model]['id'] . '_client.pem'; + $params['ssl_local_cert'] = APP . "files" . DS . "certs" . DS . $server[$model]['client_cert_file']; } if (!empty($server[$model]['self_signed'])) { $params['ssl_allow_self_signed'] = true; From 26ad0ef607f182ae93fe5a074c1742e95112fe28 Mon Sep 17 00:00:00 2001 From: iglocska Date: Thu, 29 Jun 2023 12:38:29 +0200 Subject: [PATCH 597/698] fix: [customauth] Don't renew the session with each query - Leave the session handling to the normal life-cycle management - should solve the issues where CSRF keeps kicking users off --- app/Controller/AppController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index 19f01ac6e..6ae7b001f 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -1112,7 +1112,7 @@ class AppController extends Controller $user['User'] = $temp; if ($user['User']) { $this->User->updateLoginTimes($user['User']); - $this->Session->renew(); + //$this->Session->renew(); $this->Session->write(AuthComponent::$sessionKey, $user['User']); if (Configure::read('MISP.log_auth')) { $this->Log = ClassRegistry::init('Log'); From 4a2734bb115fc99fdbdbb5c6566017361b4c3e7b Mon Sep 17 00:00:00 2001 From: Alex Jarvis-Blanks <45558436+ajb3932@users.noreply.github.com> Date: Thu, 29 Jun 2023 16:33:59 +0100 Subject: [PATCH 598/698] Update INSTALL.sh The current command adds the line "Listen 443" after the line containing "Listen 80" even if "Listen 443" already exists. In my update, the "Listen 443" line will only be added if it doesn't already exist in the file. --- INSTALL/INSTALL.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/INSTALL/INSTALL.sh b/INSTALL/INSTALL.sh index ce2132009..46f5d4739 100755 --- a/INSTALL/INSTALL.sh +++ b/INSTALL/INSTALL.sh @@ -2543,7 +2543,7 @@ apacheConfig_RHEL7 () { #sudo sed -i "s/SetHandler/\#SetHandler/g" /etc/httpd/conf.d/misp.ssl.conf sudo rm /etc/httpd/conf.d/ssl.conf sudo chmod 644 /etc/httpd/conf.d/misp.ssl.conf - sudo sed -i '/Listen 80/a Listen 443' /etc/httpd/conf/httpd.conf + sudo sed -i '/Listen 443/!s/Listen 80/a Listen 443/' /etc/httpd/conf/httpd.conf # If a valid SSL certificate is not already created for the server, create a self-signed certificate: echo "The Common Name used below will be: ${OPENSSL_CN}" @@ -2591,7 +2591,7 @@ apacheConfig_RHEL8 () { #sudo sed -i "s/SetHandler/\#SetHandler/g" /etc/httpd/conf.d/misp.ssl.conf sudo rm /etc/httpd/conf.d/ssl.conf sudo chmod 644 /etc/httpd/conf.d/misp.ssl.conf - sudo sed -i '/Listen 80/a Listen 443' /etc/httpd/conf/httpd.conf + sudo sed -i '/Listen 443/!s/Listen 80/a Listen 443/' /etc/httpd/conf/httpd.conf # If a valid SSL certificate is not already created for the server, create a self-signed certificate: echo "The Common Name used below will be: ${OPENSSL_CN}" From f3a30ac38c4d75f294329c8eec379211a399def0 Mon Sep 17 00:00:00 2001 From: Steve Clement Date: Sat, 1 Jul 2023 17:10:16 +0200 Subject: [PATCH 599/698] chg: [doc] "Listen 443" line will only be added if it doesn't already exist in the file." --- docs/INSTALL.rhel7.md | 2 +- docs/INSTALL.rhel8.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/INSTALL.rhel7.md b/docs/INSTALL.rhel7.md index 003e36713..b392da793 100644 --- a/docs/INSTALL.rhel7.md +++ b/docs/INSTALL.rhel7.md @@ -411,7 +411,7 @@ apacheConfig_RHEL7 () { #sudo sed -i "s/SetHandler/\#SetHandler/g" /etc/httpd/conf.d/misp.ssl.conf sudo rm /etc/httpd/conf.d/ssl.conf sudo chmod 644 /etc/httpd/conf.d/misp.ssl.conf - sudo sed -i '/Listen 80/a Listen 443' /etc/httpd/conf/httpd.conf + sudo sed -i '/Listen 443/!s/Listen 80/a Listen 443/' /etc/httpd/conf/httpd.conf # If a valid SSL certificate is not already created for the server, create a self-signed certificate: echo "The Common Name used below will be: ${OPENSSL_CN}" diff --git a/docs/INSTALL.rhel8.md b/docs/INSTALL.rhel8.md index 5db35de42..3e8243ee8 100644 --- a/docs/INSTALL.rhel8.md +++ b/docs/INSTALL.rhel8.md @@ -452,7 +452,7 @@ apacheConfig_RHEL8 () { #sudo sed -i "s/SetHandler/\#SetHandler/g" /etc/httpd/conf.d/misp.ssl.conf sudo rm /etc/httpd/conf.d/ssl.conf sudo chmod 644 /etc/httpd/conf.d/misp.ssl.conf - sudo sed -i '/Listen 80/a Listen 443' /etc/httpd/conf/httpd.conf + sudo sed -i '/Listen 443/!s/Listen 80/a Listen 443/' /etc/httpd/conf/httpd.conf # If a valid SSL certificate is not already created for the server, create a self-signed certificate: echo "The Common Name used below will be: ${OPENSSL_CN}" From 648c1c9ea21b85e2d360033a65882fe33c8b9bbe Mon Sep 17 00:00:00 2001 From: Steve Clement Date: Sat, 1 Jul 2023 17:15:15 +0200 Subject: [PATCH 600/698] chg: [installer] Updated installer to latest version. --- INSTALL/INSTALL.sh | 10 +++++++++- INSTALL/INSTALL.sh.sfv | 6 +++--- INSTALL/INSTALL.sh.sha1 | 2 +- INSTALL/INSTALL.sh.sha256 | 2 +- INSTALL/INSTALL.sh.sha384 | 2 +- INSTALL/INSTALL.sh.sha512 | 2 +- 6 files changed, 16 insertions(+), 8 deletions(-) diff --git a/INSTALL/INSTALL.sh b/INSTALL/INSTALL.sh index 46f5d4739..4e01e2c20 100755 --- a/INSTALL/INSTALL.sh +++ b/INSTALL/INSTALL.sh @@ -1509,9 +1509,17 @@ coreCAKE () { ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "GnuPG.homedir" "${PATH_TO_MISP}/.gnupg" ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "GnuPG.password" "${GPG_PASSPHRASE}" ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "GnuPG.obscure_subject" true + ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "GnuPG.key_fetching_disabled" false # FIXME: what if we have not gpg binary but a gpg2 one? ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "GnuPG.binary" "$(which gpg)" + # LinOTP + ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "LinOTPAuth.enabled" false + ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "LinOTPAuth.baseUrl" "https://" + ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "LinOTPAuth.realm" "lino" + ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "LinOTPAuth.verifyssl" true + ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "LinOTPAuth.mixedauth" false + # Enable installer org and tune some configurables ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.host_org_id" 1 ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.email" "info@admin.test" @@ -1870,7 +1878,7 @@ mispmodules () { modulesCAKE () { # Enable Enrichment, set better timeouts ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_services_enable" true - ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_hover_enable" true + ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_hover_enable" false ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_hover_popover_only" false ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_hover_timeout" 150 ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_timeout" 300 diff --git a/INSTALL/INSTALL.sh.sfv b/INSTALL/INSTALL.sh.sfv index 6f53f2312..1e88b1879 100644 --- a/INSTALL/INSTALL.sh.sfv +++ b/INSTALL/INSTALL.sh.sfv @@ -1,5 +1,5 @@ -; Generated by RHash v1.4.2 on 2022-05-23 at 12:45.34 +; Generated by RHash v1.4.2 on 2023-07-01 at 17:15.04 ; Written by Kravchenko Aleksey (Akademgorodok) - http://rhash.sf.net/ ; -; 160126 12:45.34 2022-05-23 INSTALL.sh -INSTALL.sh 4296D40B11B3002DF3FDFD69A508ED5ECACB8C13 D32E5A4B0F37F4C937CD4F85927E998D917BCBE89E4E0E864FFD7EA09E29ADEF BD093D8018C351E3D3722646E269C4B60E6DA19F42150338CE6FD72FEE293B8B89AA69D48A84B19D3EFDDAE25EC9E646 ECACC3071E130058C3DDECC86E1CBF27DD4F11389D10F43B14293B1915F7A24F02D0DA51E299706A38C00F2D2A7505B0FE46E33B705E53594383CE65461F2B08 +; 160686 17:15.04 2023-07-01 INSTALL.sh +INSTALL.sh 9576C31EC5BD942E1C9B12413E6408E4623252F7 78B708FE1FC6B39BE081B9F05C6AA5E1478F8762CAF5A8A7671A12EBA4D3C1C5 27991471FB5788F42AF3BBF86FC80A95341AA17AE9487016EEC94961A48437172702EB8E2D6CB300387E87D9E8E0E3E5 C1C21FD491AEFD662C87C3EF62837D769E63E9CF2446B9BD607CCEF8AFD72528824A8F408C6892FD51109390104010EF90DA7F4828950A8671D2986A6B8E216F diff --git a/INSTALL/INSTALL.sh.sha1 b/INSTALL/INSTALL.sh.sha1 index 90e04e1ef..e1db6c05b 100644 --- a/INSTALL/INSTALL.sh.sha1 +++ b/INSTALL/INSTALL.sh.sha1 @@ -1 +1 @@ -4296d40b11b3002df3fdfd69a508ed5ecacb8c13 INSTALL.sh +9576c31ec5bd942e1c9b12413e6408e4623252f7 INSTALL.sh diff --git a/INSTALL/INSTALL.sh.sha256 b/INSTALL/INSTALL.sh.sha256 index 80d0ca800..6622f0558 100644 --- a/INSTALL/INSTALL.sh.sha256 +++ b/INSTALL/INSTALL.sh.sha256 @@ -1 +1 @@ -d32e5a4b0f37f4c937cd4f85927e998d917bcbe89e4e0e864ffd7ea09e29adef INSTALL.sh +78b708fe1fc6b39be081b9f05c6aa5e1478f8762caf5a8a7671a12eba4d3c1c5 INSTALL.sh diff --git a/INSTALL/INSTALL.sh.sha384 b/INSTALL/INSTALL.sh.sha384 index 58d22834f..0f9ebbe68 100644 --- a/INSTALL/INSTALL.sh.sha384 +++ b/INSTALL/INSTALL.sh.sha384 @@ -1 +1 @@ -bd093d8018c351e3d3722646e269c4b60e6da19f42150338ce6fd72fee293b8b89aa69d48a84b19d3efddae25ec9e646 INSTALL.sh +27991471fb5788f42af3bbf86fc80a95341aa17ae9487016eec94961a48437172702eb8e2d6cb300387e87d9e8e0e3e5 INSTALL.sh diff --git a/INSTALL/INSTALL.sh.sha512 b/INSTALL/INSTALL.sh.sha512 index e83897162..fa8fc6529 100644 --- a/INSTALL/INSTALL.sh.sha512 +++ b/INSTALL/INSTALL.sh.sha512 @@ -1 +1 @@ -ecacc3071e130058c3ddecc86e1cbf27dd4f11389d10f43b14293b1915f7a24f02d0da51e299706a38c00f2d2a7505b0fe46e33b705e53594383ce65461f2b08 INSTALL.sh +c1c21fd491aefd662c87c3ef62837d769e63e9cf2446b9bd607ccef8afd72528824a8f408c6892fd51109390104010ef90da7f4828950a8671d2986a6b8e216f INSTALL.sh From 3cc3549bac9ea42da0202bbed42ad914c0f0fcd7 Mon Sep 17 00:00:00 2001 From: vincenzocaputo <32276363+vincenzocaputo@users.noreply.github.com> Date: Sun, 2 Jul 2023 22:36:17 +0200 Subject: [PATCH 601/698] Add dashboard widget for monthly number of events per org --- app/Lib/Dashboard/OrgEventsWidget.php | 121 ++++++++++++++++++++++++++ 1 file changed, 121 insertions(+) create mode 100644 app/Lib/Dashboard/OrgEventsWidget.php diff --git a/app/Lib/Dashboard/OrgEventsWidget.php b/app/Lib/Dashboard/OrgEventsWidget.php new file mode 100644 index 000000000..cf74e9a88 --- /dev/null +++ b/app/Lib/Dashboard/OrgEventsWidget.php @@ -0,0 +1,121 @@ + 'A list of organisation names to filter out', + 'months' => 'Number of past months to consider for the graph', + 'logarithmic' => 'Visualize data on logarithmic scale' + ); + + public $placeholder = +'{ + "blocklist_orgs": ["Orgs to filter"], + "months": "6", + "logarithmic": "true" +}'; + + + + + + /* + * Target_month must be from 1 to 12 + * Target year must be 4 digits + */ + private function org_events_count($user, $org, $target_month, $target_year) { + $events_count = 0; + + $start_date = $target_year.'-'.$target_month.'-01'; + if($target_month == 12) { + $end_date = ($target_year+1).'-01-01'; + } else { + $end_date = $target_year.'-'.($target_month+1).'-01'; + } + $conditions = array('Event.orgc_id' => $org['Organisation']['id'], 'Event.date >=' => $start_date, 'Event.date <' => $end_date); + + //This is required to enforce the ACL (not pull directly from the DB) + $eventIds = $this->Event->fetchSimpleEventIds($user, array('conditions' => $conditions)); + + if(!empty($eventIds)) { + $params = array('Event.id' => $eventIds); + $events = $this->Event->find('all', array('conditions' => array('AND' => $params))); + foreach($events as $event) { + $events_count+= 1; + } + } + return $events_count; + } + + private function filter_ghost_orgs(&$data, $orgs){ + foreach ($data['data'] as &$item) { + foreach(array_keys($orgs) as $org_name) { + unset($item[$org_name]); + } + } + } + + public function handler($user, $options = array()) + { + $this->Log = ClassRegistry::init('Log'); + $this->Org = ClassRegistry::init('Organisation'); + $this->Event = ClassRegistry::init('Event'); + $orgs = $this->Org->find('all', array( 'conditions' => array('Organisation.local' => 1))); + $current_month = date('n'); + $current_year = date('Y'); + $limit = 6; // months + if(!empty($options['months'])) { + $limit = (int) ($options['months']); + } + $offset = 0; + $ghost_orgs = array(); // track orgs without any contribution + // We start by putting all orgs_id in there: + foreach($orgs as $org) { + // We check for blocklisted orgs + if(!empty($options['blocklist_orgs']) && in_array($org['Organisation']['name'], $options['blocklist_orgs'])) { + unset($orgs[$offset]); + } else { + $ghost_orgs[$org['Organisation']['name']] = true; + } + $offset++; + } + $data = array(); + $data['data'] = array(); + for ($i=0; $i < $limit; $i++) { + $target_month = $current_month - $i; + $target_year = $current_year; + if ($target_month < 1) { + $target_month += 12; + $target_year -= 1; + } + $item = array(); + $item ['date'] = $target_year.'-'.$target_month.'-01'; + foreach($orgs as $org) { + $count = $this->org_events_count($user, $org, $target_month, $target_year); + if($options['logarithmic'] === "true" || $options['logarithmic'] === "1") { + $item[$org['Organisation']['name']] = (int) round(log($count, 1.1)); // taking the logarithmic view + } else if(empty($options['logarithmic']) || $options['logarithmic'] === "true" || $options['logarithmic'] === "1"){ + $item[$org['Organisation']['name']] = $count; + } + // if a positive score is detected at least once it's enough to be + // considered for the graph + if($count > 0) { + unset($ghost_orgs[$org['Organisation']['name']]); + } + } + $data['data'][] = $item; + } + $this->filter_ghost_orgs($data, $ghost_orgs); + return $data; + } +} From 6d7d2cbb453aec8c21e4e5af1971067abbab7957 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 4 Jul 2023 14:59:59 +0200 Subject: [PATCH 602/698] chg: [misp-warninglists] updated --- app/files/warninglists | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/warninglists b/app/files/warninglists index 911aafb91..1a94fcd66 160000 --- a/app/files/warninglists +++ b/app/files/warninglists @@ -1 +1 @@ -Subproject commit 911aafb91a38a68bbf6f5474c06e77a039469c93 +Subproject commit 1a94fcd666bbf7eb505d4fbbc47ef6170c375706 From 1e99d7022f1d7802f2cd98dbbada56e66ec935e3 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 4 Jul 2023 15:01:27 +0200 Subject: [PATCH 603/698] chg: [misp-objects] updated --- app/files/misp-objects | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/misp-objects b/app/files/misp-objects index 2ca2667d7..da801ab14 160000 --- a/app/files/misp-objects +++ b/app/files/misp-objects @@ -1 +1 @@ -Subproject commit 2ca2667d7668067f906e9601e0c97a79d4c7ccf1 +Subproject commit da801ab146fb622a6447c8d2922a95b6049bb70a From 2962ecbe824acc5f23fc6bcfd6a44b0b37b8077d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 4 Jul 2023 15:02:30 +0200 Subject: [PATCH 604/698] chg: [misp-galaxy] updated --- app/files/misp-galaxy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/misp-galaxy b/app/files/misp-galaxy index 734d57edf..7028860c0 160000 --- a/app/files/misp-galaxy +++ b/app/files/misp-galaxy @@ -1 +1 @@ -Subproject commit 734d57edf5e76900cd0c8d5d48d6f5910e29b84e +Subproject commit 7028860c0aa8c471324008d3dc651b7ea9e07c0a From 297f0f73a652369a33bffb75e817a1ebcc652698 Mon Sep 17 00:00:00 2001 From: Sura De Silva Date: Fri, 7 Jul 2023 12:30:03 +1000 Subject: [PATCH 605/698] fix: localisation workflow typo --- app/View/Workflows/editor.ctp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/View/Workflows/editor.ctp b/app/View/Workflows/editor.ctp index d5aec5529..566bacee0 100644 --- a/app/View/Workflows/editor.ctp +++ b/app/View/Workflows/editor.ctp @@ -184,7 +184,7 @@ $debugEnabled = !empty($selectedWorkflow['Workflow']['debug_enabled']);