From eb476b26cef064ba2d8af1d9c7f274554222c0d0 Mon Sep 17 00:00:00 2001 From: Trance-0 <60459821+Trance-0@users.noreply.github.com> Date: Tue, 3 Mar 2026 12:41:30 -0600 Subject: [PATCH] updates --- content/CSE4303/CSE4303_E1.md | 404 +++++++++++++++++++++++++++++ content/CSE4303/_meta.js | 1 + public/CSE4303/Feistel_network.png | Bin 0 -> 38661 bytes 3 files changed, 405 insertions(+) create mode 100644 content/CSE4303/CSE4303_E1.md create mode 100644 public/CSE4303/Feistel_network.png diff --git a/content/CSE4303/CSE4303_E1.md b/content/CSE4303/CSE4303_E1.md new file mode 100644 index 0000000..3f9d021 --- /dev/null +++ b/content/CSE4303/CSE4303_E1.md @@ -0,0 +1,404 @@ +# CSE4303 Introduction to Computer Security (Exam Review) + +## Details + +Time and location + +– In class exam – Thursday, 3/5 at 11:30 AM +– What is allowed: + - One 8.5” X 11” paper of notes, single-sided only, typed or hand-written + +Topics covered: + +– Security fundamentals +– TCP/IP network stack +– Crypto fundamentals +– Symmetric key cryptography +– Hash functions +– Asymmetric key cryptography + +## Security fundamentals + +### Defining security + +- Understand principles of security analysis + - The security of a system, application, or protocol is always relative to + - A set of desired properties + - An adversary with specific capabilities ("threat model") + +### Key security concepts + +C.I.A. triad: + +- Integrity: Prevent unauthorized modification of data, and/or detect if modification occurred. + - ARP poisoning (ARP spoofing) + - Authentication codes +- Confidentiality: Prevent unauthorized parties from learning the contents of data (in transit or at rest). + - Packet sniffing / eavesdropping + - Data encryption +- Availability: Ensure systems and data are accessible to authorized users when needed. + - Denial-of-Service (DoS) / Distributed DoS (DDoS) + - Rate limiting + traffic filtering (often with DDoS protection/CDN) + +Other security goals: + +- Authenticity: identity of an entity (issuer of info/message) is verified +- Anonymity: identity of an entity remains unknown +- Non-repudiation: messages can't be denied or taken back (e.g. online transaction commitments) + +### Modeling attacks + +Common components: + +- System being attacked (usually a model, with assumptions and abstractions) +- Threat model +- Attack surface: what can be attacked + - Open ports and exposed services + - Public APIs and their parameters + - Web endpoints, forms, cookies + - File system permissions + - Hardware interfaces (USB, JTAG) + - User roles and privilege boundaries +- Attack vector: how the attacker attacks + - SQL injection via POST /login + - Phishing to steal credentials, then SSH login + - Buffer overflow in a network daemon + - Cross-site scripting through a comment field + - Supply-chain poisoning of a dependency +- Vulnerability: what the attacker can do +- Exploit: how the attacker exploits the vulnerability +- Damage: what the attacker can do +- Mitigation: mitigate vulnerability +- Defense: close vulnerability gap + +Importance of correct modeling + +- Attack-surface awareness guides defenses + - E.g. pre-Covid-19 vs. post-Covid attack surface of company servers +- Match resources to expected threat actors + - "Script kiddie": individual or group running off-the-shelf attacks + - Caveat: off-the-shelf attacks can still be quite powerful! Metasploit, Shodan, dark web market. + - "Insider attack": employee with access to internal machines/networks + - "Advanced Persistent Threat (APT)": nation-state level resources and patience + - All these threats have different motivations, require different defenses/responses! +- Reevaluate often + - Threat capabilities change over time + +## TCP/IP network stack + +Local and interdomain routing + +- TCP/IP for routing and messaging +- BGP for routing announcements + +Domain Name System + +- Find IP address from symbolic name (cse.wustl.edu) + +### Layer Summary + +Application: the actual sending message +Transport (TCP, UDP): segment +Network (IP): packet +Data Link (Ethernet): frame + +### Types of Addresses in Internet + +- Media Access Control (MAC) addresses in the network access layer + - Associated w/ network interface card (NIC) + - 00-50-56-C0-00-01 +- IP addresses for the network layer + - IPv4 (32 bit) vs IPv6 (128 bit) + - 128.1.1.3 vs fe80::fc38:6673:f04d:b37b%4 +- IP addresses + ports for the transport layer + - E.g., 10.0.0.2:8080 +- Domain names for the application/human layer + - E.g., www.wustl.edu + +#### Routing and Translation of Addresses + +(All of them are attack surfaces) + +- Translation between IP addresses and MAC addresses + - Address Resolution Protocol (ARP) for IPv4 + - Neighbor Discovery Protocol (NDP) for IPv6 +- Routing with IP addresses + - TCP, UDP for connections, IP for routing packets + - Border Gateway Protocol for routing table updates +- Translation between IP addresses and domain names + - Domain Name System (DNS) + +### Summary for security + +- Confidentiality + - Packet sniffing +- Integrity + - ARP poisoning +- Availability + - Denial of service attacks +- Common + - Address translation poisoning attacks (DNS, ARP) + - Packet spoofing +- Core protocols not designed for security + - Eavesdropping, packet injection, route stealing, DNS poisoning + - Patched over time to prevent basic attacks +- More secure variants exist: + - IP $\to$ IPsec (IPsec is ) + - DNS $\to$ DNSsec + - BGP $\to$ sBGP + +## Crypto fundamentals + +- Well-defined statement about difficulty of compromising a system + - ...with clear implicit or explicit assumptions about: + - Parameters of the system + - Threat model + - Attack surfaces +- Example: "A one-time pad cipher is secure against any cryptanalysis, including a brute-force attack, assuming: + - the key is the same length as the plaintext, + - the key is truly random, and + - the key is never re-used." + +### Common roles in cryptography + +Alice and Bob: Sender and receiver + +Eve: Adversary that can see but not create any packets + +Mallory: Man in the middle, can create and modify packets + +The message M is called the **plaintext**. + +Alice will convert plaintext M to an encrypted form using an +encryption algorithm E that outputs a **ciphertext*- C for M. + +#### Cryptography goals + +Confidentiality: + +- Mallory and Eve cannot recover original message from ciphertext + +Integrity: + +- Mallory cannot modify message from Alice to Bob without detection by Bob + +#### Threat models + +- Attacker may have (with increasing power): + - a) collection of ciphertexts (ciphertext-only attack) + - b) collection of plaintext/ciphertext pairs (known plaintext attack: KPA) + - c) collection of plaintext/ciphertext pairs for plaintexts selected by the attacker (chosen plaintext attack: CPA) + - d) collection of plaintext/ciphertext pairs for ciphertexts selected by the attacker (chosen ciphertext attack: CCA/CCA2) + +## Symmetric key cryptography + +### Classical cryptography + +Techniques: substitution and transposition + +- Substitution: 1:1 mapping of alphabet onto itself +- Transposition: permutation of elements (i.e. rearrange letters) + +- Caesar cipher: rotate each letter by k positions (k is fixed) +- Vigenère cipher: If length of key is known, split letters into groups based on index within key and do frequency analysis within groups + +> The three steps in cryptography: +> +> - Precisely specify threat model +> - Propose a construction +> - Prove that breaking construction under threat mode will solve an underlying hard problem + +#### Perfect secrecy + +Ciphertext attack reveal no "info" about plaintext under ciphertext only attack + +Def: A cipher $(E, D)$ over $(K, M, C)$ has perfect secrecy if + +- $\forall m_0, m_1 \in M$ $(|m_0| = |m_1|)$ and $\forall c \in C$, + - $\Pr[E(k, m_0) = c] = \Pr[E(k, m_1) = c]$ where $k \leftarrow K$ + +#### XOR One-time pad (perfect secrecy) + +Assumptions: + +- Key is as long as message +- Key is random +- Key is never re-used + +In practice, relax this assumption gets "Stream ciphers" + +### Stream cipher + +- Use pseudorandom generator as keystream for xore encryption (security is guaranteed by pseudorandom generator) + +Security abstraction: + +1. XOR transfers randomness of keystream to randomness of CT regardless of PT’s content +2. Security depends on G being “practically” indistinguishable from random string and “practically” unpredictable +3. Idea: shouldn’t be able to predict next bit of generator given all bits seen so far + +#### Semantic security + +- $(E, D)$ has semantic secrecy if $\forall m_0, m_1 \in M$ $(|m_0| = |m_1|)$, + - $\{E(k, m_0)\} \approx_p \{E(k, m_1)\}$ where $k \leftarrow K$ +- ...and the adversary exhibits $m_0, m_1 \in M$ explicitly + +The advantage of adversary is defined as the probability of distinguishing $E(k, m_0)$ from $E(k, m_1)$. + +#### Weakness for stream ciphers + +- Week pseudorandom generator +- Key re-use +- Predicable effect of modifying ciphertext or decrypted plaintext. + +### Block cipher + +View cipher as a Pseudo-Random Permutation (PRP) + +#### Pseudorandom permutation + +- PRP defined over $(K, X)$: + - $E: K \times X \to X$ + - such that: + 1. There exists an "efficient" deterministic algorithm to evaluate $E(k, x)$. + 2. The function $E(k, \cdot)$ is one-to-one. + 3. There exists an "efficient" inversion algorithm $D(k, y)$. + +- i.e. a PRF that is an invertible one-to-one mapping from message space to message space + +#### Security of block ciphers + +Intuition: a PRP is secure if: a random function in $Perms[X]$ is indistinguishable from a random function in $SF$ (real random permutation function) + +The adversarial game is to let adversary decide $x$, then we choose random key $k$ and give $E(k,x)$ and real random permutation $Perm(X)$ to let adversary decide which is which. + +#### Block cipher constructions: Feistel network + +Forward network: + +![Feistel network](https://notenextra.trance-0.com/CSE4303/Feistel_network.png) + +- Forward (round $i$): given $(L_{i-1}, R_{i-1}) \in \{0,1\}^n \times \{0,1\}^n$, + - $L_i = R_{i-1}$ + - $R_i = L_{i-1} \oplus f_i(R_{i-1})$ + +- Proof (construct the inverse): + - Suppose we are given the output of round $i$, namely $(L_i, R_i)$. + - Recover the previous right half immediately: + - $R_{i-1} = L_i$ + - Then recover the previous left half by undoing the XOR: + - $L_{i-1} = R_i \oplus f_i(R_{i-1}) = R_i \oplus f_i(L_i)$ + - Therefore each round map is invertible, with inverse transformation: + - $R_{i-1} = L_i$ + - $L_{i-1} = f_i(L_i) \oplus R_i$ + - Applying this inverse for $i=d,d-1,\ldots,1$ recovers $(L_0,R_0)$ from $(L_d,R_d)$, so the whole Feistel network $F$ is invertible. + +- Notation sketch (each wire is $n$ bits): + - Input: $(L_0, R_0)$ + - Rounds: + - $L_1 = R_0,\ \ R_1 = L_0 \oplus f_1(R_0)$ + - $L_2 = R_1,\ \ R_2 = L_1 \oplus f_2(R_1)$ + - $\cdots$ + - $L_d = R_{d-1},\ \ R_d = L_{d-1} \oplus f_d(R_{d-1})$ + - Output: $(L_d, R_d)$ + +## Hash functions + +## Asymmetric key cryptography + +## Appendix for additional algorithms and methods + +### Feistel network (used by several items below) + +A **Feistel network*- splits a block into left/right halves and iterates rounds of the form $(L_{i+1},R_{i+1})=(R_i, L_i\oplus F(R_i,K_i))$, so decryption reuses the same structure with subkeys in reverse order. + +Feistel-based here: **DES, 3DES, CAMELLIA, SEED, GOST 28147-89 (and thus GOST89MAC uses a Feistel block cipher internally).** + +### A) Cipherlist *filters / set operations- (not crypto primitives) + +These don’t implement encryption or authentication; they just include/exclude suites. + +- **COMPLEMENTOFDEFAULT*- — (selection) picks suites in `ALL` that are not enabled by default (notably RC4/anonymous, depending on build). +- **ALL*- — (selection) all suites except `eNULL`, in a default preference order (OpenSSL-defined ordering). +- **COMPLEMENTOFALL*- — (selection) suites excluded from `ALL` (currently `eNULL`). +- **HIGH / MEDIUM / LOW*- — (selection) groups suites by effective key strength class (OpenSSL policy buckets). +- **TLSv1.2 / TLSv1.0 / SSLv3*- — (selection) restricts to suites whose *minimum supported protocol version- is at least that value. +- **SUITEB128 / SUITEB128ONLY / SUITEB192*- — (selection) enforces “Suite B”-style constraints: only very specific ECDHE-ECDSA-AES-GCM suites and curves/hashes. +- **CBC*- — (mode selector) selects suites using **CBC mode*- for symmetric encryption (confidentiality only unless paired with a MAC). + +--- + +### B) “No encryption” / “no authentication” flags + +- **eNULL, NULL*- — **encryption/decryption: none**; **cipher method: N/A**; core idea: the record payload is not encrypted at all (plaintext). +- **aNULL*- — **authentication: none*- (no peer authentication); **cipher method: N/A**; core idea: uses anonymous key agreement (no cert/signature), enabling MITM. +- **ADH / AECDH*- — **authentication: none**; **cipher method: N/A**; core idea: anonymous (EC)DH establishes a shared secret but without identity binding → MITM-friendly. + +--- + +### C) Key exchange and authentication selectors (not symmetric encryption, not MAC) + +These describe *how keys are negotiated- and/or *how the peer is authenticated*, not whether payload is a block/stream cipher. + +#### RSA / DH / ECDH families + +- **kRSA, RSA*- — (key exchange) the premaster secret is sent encrypted under the server’s RSA public key (classic TLS RSA KX). +- **aRSA, aECDSA, aDSS, aGOST, aGOST01*- — (authentication) the server identity is proven via a certificate signature scheme (RSA / ECDSA / DSA / GOST). +- **kDHr, kDHd, kDH*- — (key exchange) *static- DH key agreement using DH certificates (obsolete/removed in newer OpenSSL). +- **kDHE, kEDH, DH / DHE, EDH / ECDHE, EECDH / kEECDH, kECDHE, ECDH*- — (key exchange) *ephemeral- (EC)DH derives a fresh shared secret each handshake; “authenticated” variants bind it to a cert/signature. +- **aDH*- — (authentication selector) indicates DH-authenticated suites (DH certs; also removed in newer OpenSSL). + +#### PSK family + +- **PSK*- — (keying model) uses a pre-shared secret as the authentication/secret basis. +- **kPSK, kECDHEPSK, kDHEPSK, kRSAPSK*- — (key exchange) PSK combined with (EC)DHE or RSA to derive/transport session keys. +- **aPSK*- — (authentication) PSK itself authenticates endpoints (except RSA_PSK where cert auth may be involved). + +--- + +### D) Symmetric encryption / AEAD (this is where “block vs stream” applies) + +#### AES family + +- **AES128 / AES256 / AES*- — **encryption/decryption**; **block cipher**; core algorithm: AES is an SPN (substitution–permutation network) of repeated SubBytes/ShiftRows/MixColumns/AddRoundKey rounds. +- **AESGCM*- — **both encryption + message authentication (AEAD)**; **both*- (AES block cipher used in counter mode + auth); core algorithm: encrypt with AES-CTR and authenticate with GHASH over ciphertext/AAD to produce a tag. +- **AESCCM / AESCCM8*- — **both encryption + message authentication (AEAD)**; **both**; core algorithm: compute CBC-MAC then encrypt with CTR mode, with 16-byte vs 8-byte tag length variants. + +#### ARIA family + +- **ARIA128 / ARIA256 / ARIA*- — **encryption/decryption**; **block cipher**; core algorithm: ARIA is an SPN-style block cipher with byte-wise substitutions and diffusion layers across rounds. + +#### CAMELLIA family + +- **CAMELLIA128 / CAMELLIA256 / CAMELLIA*- — **encryption/decryption**; **block cipher**; core algorithm: Camellia is a **Feistel network*- with round functions plus extra FL/FL$^{-1}$ layers for nonlinearity and diffusion. *(Feistel: yes)* + +#### ChaCha20 + +- **CHACHA20*- — **encryption/decryption**; **stream cipher**; core algorithm: ChaCha20 generates a keystream via repeated ARX (add-rotate-xor) quarter-rounds on a 512-bit state and XORs it with plaintext. + +#### DES / 3DES + +- **DES*- — **encryption/decryption**; **block cipher**; core algorithm: DES is a 16-round **Feistel network*- using expansion, S-boxes, and permutations. *(Feistel: yes)* +- **3DES*- — **encryption/decryption**; **block cipher**; core algorithm: applies DES three times (EDE or EEE) to increase effective security while retaining the **Feistel*- DES core. *(Feistel: yes)* + +#### RC4 + +- **RC4*- — **encryption/decryption**; **stream cipher**; core algorithm: maintains a 256-byte permutation and produces a keystream byte-by-byte that is XORed with plaintext. + +#### RC2 / IDEA / SEED + +- **RC2*- — **encryption/decryption**; **block cipher**; core algorithm: mixes key-dependent operations (adds, XORs, rotates) across rounds with “mix” and “mash” steps (not Feistel). +- **IDEA*- — **encryption/decryption**; **block cipher**; core algorithm: combines modular addition, modular multiplication, and XOR in a Lai–Massey-like structure to achieve diffusion/nonlinearity (not Feistel). +- **SEED*- — **encryption/decryption**; **block cipher**; core algorithm: a 16-round **Feistel network*- with nonlinear S-box-based round functions. *(Feistel: yes)* + +--- + +### E) Hash / MAC / digest selectors (message authentication side) + +These are not “ciphers” but are used for integrity/authentication (often as HMAC, PRF, signatures). + +- **MD5*- — **message authentication component*- (typically via HMAC, historically); **cipher method: N/A**; core algorithm: iterated Merkle–Damgård hash compressing 512-bit blocks into a 128-bit digest (now considered broken for collision resistance). +- **SHA1, SHA*- — **message authentication component*- (typically HMAC-SHA1 historically); **N/A**; core algorithm: Merkle–Damgård hash producing 160-bit output via 80-step compression (collisions known). +- **SHA256 / SHA384*- — **message authentication component*- (HMAC / TLS PRF / signatures); **N/A**; core algorithm: SHA-2 family Merkle–Damgård hashes with different word sizes/output lengths (256-bit vs 384-bit). +- **GOST94*- — **message authentication component*- (HMAC based on GOST R 34.11-94); **N/A**; core algorithm: builds an HMAC tag by hashing inner/outer padded key with the message using the GOST hash. +- **GOST89MAC*- — **message authentication**; **block-cipher-based MAC (so “block” internally)**; core algorithm: computes a MAC using the GOST 28147-89 block cipher in a MAC mode (cipher-based chaining). *(Feistel internally via GOST 28147-89)* diff --git a/content/CSE4303/_meta.js b/content/CSE4303/_meta.js index ab7862b..d62ca52 100644 --- a/content/CSE4303/_meta.js +++ b/content/CSE4303/_meta.js @@ -3,6 +3,7 @@ export default { "---":{ type: 'separator' }, + CSE4303_E1: "Exam review", CSE4303_L1: "Introduction to Computer Security (Lecture 1)", CSE4303_L2: "Introduction to Computer Security (Lecture 2)", CSE4303_L3: "Introduction to Computer Security (Lecture 3)", diff --git a/public/CSE4303/Feistel_network.png b/public/CSE4303/Feistel_network.png new file mode 100644 index 0000000000000000000000000000000000000000..ad6be5c61664ac7efdddbecfa9796e61c85379ea GIT binary patch literal 38661 zcmeEuWm_9j*KUiJV#VFvi@UqKTXA;?4#hRNySuvtXwl;C?(Safr0;W{_c}k~e8^;G zGBerPYwacXx>q8U6eJP9;(q<~=@X)~l$gq=PY~ze{mCyd;H|Lur3?7&vx|zP$fueK z{A2I|l!dUo@TX7pvGA`((BNY@M=5RaMM!=BUY~~?%1l3fO39EG6ISyuILo&1z@J|Z zy-Yt>uT)R6Z+srigrDH<8AX|TOLcnE$_tJCHrKq5QlpsKe_}dpKhybAdqz2&}S=W{cD4XkifQ5aS2U8 z!SU-RrzF`ZO9FYbpxA$eAVj=G1*O`ZZZB9HoO$Hw#{%735m5W^kx;GVnvJ|s}UHvP^n1YiHuOy&7>%v7$i(p_}w zWwT|E=_*e}7+YwS@nr@2|EdCiZ?JHuFz7+m{(S*~v281`<-FI%(@5U#rEfK_!umxJ z5xb+Nu%hDsxnr6D2;OW|Gt^Vu_p~tg%3D*o}!pS}8u{77|GF8FvdGqk;ng)7l zcB9-1ciJ-P?_aO?H@_en%!2M`b)3}PEedRe9q0BsE&6k0w6rv}L)As}?L>7q1Xm(r zY1C4p6nXn!G;857G&J(n8`Ho3>N6nRO&+;uKMyLmYcXKvmj{I>A+@G*Hk!KZ{yd$s zPv-te*vVFnj6}B;|!a)0h_1j89d=q$5+)M7;5b0_{=Md z?{R+n*#q->{t6_8UwuTvf|8O--k*9oCIm>sX9XOu735X3=6N%o&nf!qSI=RiOXRSd zE(!FPdp8-|qp4a5Croa0cFwBSF$730vF<24?CD97!usepltk5+CdSZiSBMsBL7hdo zxuS=2ea>KYgq3^P`azaFNZ)M(ZeeOk_?gur&~!9n2HAxyjdsjV@On zeBd#{Ttq&^N$pbt=ESB<)Ya57hbSZ*x8gHSqK0`|LD?oES`LQ`;1F&%2gK{a@9D4_|%4^Wyavc4W&VjZV2VQ|F3pM zovv>6DWH%_Q*@7{Y-*iy45BHJhY&Z7d@ zoZP71V5eX9T^?`h-+;a3cgTOMgoD)bk_fD$0F>c`K4wQidTlM8IugRfr;rk8|uSK?-p(g93z zlCx@T6i8B9wg9qSdrJO#UDZ#uW0gi58P+@3Pr{Y|5d))Knw6&3{e+2+GIQu?w?9(I zg0I%mxC34;} zsG^VNH1t7z|;faL{YHA=b0p{WdU$v;U;Exn|1(Nj#_Rkw#v@y z%AYW8ZAs&$@RQP~*S!+zbSc)5MhO?~@^oYrHMB)#E^4S{JFM>Z>`Key-ziO{sY-q& zj3ZJ7C+(q*gwsS5Vs8+HLC> zesma1co`)qQ3ICN)&(bHR3du=KA-YujA-zCAyuY{5?a6x3A*5w$WV9k#dS z$R$@?3U;~z2B~=s1HYGSLmH8h)BcTAP1+2S$l*E=Eq=td&x8! zf#pdQ5H1q${3#188Qq_gr^lM|5qbLGmC|S|7u^Wd)jhY?Nkh$L_RPHMmdESg=?EHE zmt_)yC++s*;&HU-Q~Z!Oz=rDIB*ZpubGS84)Km=P}?-HFdOddpna7qrdqMGmb4-uvTcGy zJ;XoQZX0fYtDpfV4lrL?q0b`=zQqo;e`II(yQ1mzQ=Hohi!Q3-*tx7M!|!GYr1FC~BMxVCx6YULh))moX9fpN8mh^S)!( z9cONwTr|iZnm`d{voGoxJ-|HgA{$!Ht-N0rT0)G=xRj{CukvtEZ{axz;f2%G5n51T zS-(tFuUFVXNG@!x3<0C4;wcPTRUBsxfvYLMOf(<40C^chHQNp3W$>pyUDYAQcsA1H z9eaBu*rsWWmXg&a1ssvKw>xf4{wU;8u?V?{{08FUZlJf(7vOlQ;~;Vdw?$FR!j9>H zwaeeCM|6hvY;Vb;l8-U;HgKG8I(1>}Q4&3ApS7xail?mJJbOucLq!J4gBF43&pkFyxp-z@ zzcK73i~)qOe`14p%j!8-79$@a6Algz*l4k^vciJQOii~QU!2ww4O!AB@z7PM-f^$2nUzU{2mobn`-q+700 z7k@iz@ziVVN(nQ^YBaYJAOtSRGhUxkVs8XJ={rU}W(;tC2eRyrCQm;pk0ZoXNo=cIIWqiTog znVGTx00*=-;Z2tWs`2o`_i3#$wqaD^%OAbrbHn9=T@j;{W~hvB!I@0i6ZNH8eb9$F zgY~ma`|s@oe{dvk8+B{)e&lu*1AuN0doI1x(D=S;pTiVJ4~IUSrp{uny95_p%!N12 zZeOC*B1FveSHW^_v)n8nA+midUV?Dvy8T(_%zImaZ8^^8p3TXmK+|DEEsM7rO4a+$ zz_+2BO2fC4mv2Hm^8(5HgM;Y* z#B{j821}cyS)}o`)01QU+b&S2$e`{wla)EB&sFG}vU~EChsRi_?RQe1Jvr7Hy5`?)RfB0MTy7Z$_u8VDXx4A)TgvSvz{<4%0Gxp;2;fb z0zPvex~lXTop>+ZVFDIbmDnQ0M2vR66E)CZ-nU*bW|Y*o7sU?=R*+}-w8SfOTW9$z zGU<)?4#hru-lmY1KWO;!H)fmfEh`pzw&~%TDs-b;?}x=X zCft1OcXC-7^@uy#1oC=Yn{Z`rjhhA^F8r8<@m-h(>4e}CtNvXl4GaqK?8Gl)N?@99 zx$=O`gEz>6Sf|2po(+)>ZsZiLiJX2e1RV))S+HKRqa?*Xmf2V3lTAh^(cPsMPE2{# z%5=X`A1ufFiJjaFVpTxj({DpVE(Gyz;ro&&0-M~`?&FNy)&Esy1T%~*iHRMHxtHRgI!;dFl;RC2h>lyW)2bN zLfLYwcxrpLJ2$EP$RRTXd-G|ub2fI;)tF7AR}Oei_D5^P?wZp%4hfIfH`0S@hfamk ze43T~lDj&fIFYxfe@v?T=JoXiufYMx!SbYf@s00U3bW@$nPl@lB0C#a$&lj6&{bb@ zk-fKAK)_>jG;3Mn<9@xZ9k{;&HTr-|g=t(Bm&G>5-6z7ByfzCegVrH^KS0 z=AHieloobYYZ(h1?`SS}Y%y$jxWlnW#_Ww5pUshRS+A%`nDPdEIqgXs$Rw&NDt8~8 z)5t2+Z9DM6$XEy61%||ctSVZU(>W)5Cprw?hhE~;e(t;S3?p~oWSjXkmb7i>R+FJ9 zXnoEu_e5E<*Q_ip*UphEHYIQ#xi^t(iIiVZVo&So&exPdaMdp@AsIs>I$I%YgHTc{ zq&JP7P}F$7RxPg5Hs~8;{#oVNw<}(yuRGFlUrhgAlyRy!7p~#a_Cds0q3+_E!%v~F zXy2L%*G{Vt6&NEHWo${CG^Y_NYBcga?D$TMSH69nk#Z0FQCt})A+7FGYh`^O<3;Gx z8oq;Tg5t)L?+6l=Uk(fQ@YJS(&vh^=!^jE&f?nMs^2?je#ylJ13mc4954HL3Iu<%E zB#DoZB&Lx1n3ia4<6yZlql)Jz0G27h9}RmB(XS8{eDhyz+~S5Pl+iFRC=!q zqP3et&E@H7vM!Cu(%AI@yGM|ucJGt$y$6~b&>JayU2-?tMknnoAlU)>se!cGWriMf zTdFsaoj$zzkuqLvad=Z3J1@+trBkhO2H+)(4I>NHb<}#`yCuo_{+vF@Tz)LgY9!65 zb>r3b#HSzu3*7YCkNKXT@}}!pXoXwZGJkz_W-Md9`!mP3Q`xOuG&RW=1siksZ>|`1 zlT1=Apn*c*iMPO&-;RDDuyCZG zC2Ey)YU{h!v{X$2Nd5HKlm5HYHM_eC*{R;vc=6Ioovx}*C&I^#4Rs$K6Xk{i6c{Gp?*ZlpM5XOV-KIs=}jsbQyr15l7~@S}_87k0@>87C2f-tu~H#MWv-*(c0Wq zkXBc>KFRcSGr$1XVJ)xYWTiK_Pwtf&~%RUMdN80?daku)=Q zd_0qvQB@u&OD|r{NSIRF^~$(v_zDA8uF_iLn72&q9-7kB2$V2kqq68-fxQH0tcv7d zul(?`-OVXYL9%AgNj59#9L^bpSt?Kbr|xD%A?f47PRVc&umi+VVUJ-mlk2Kbt8k+^Bk1> z@=nG4K}HorCX&TI0da)yEFDav%#_Q>wwU;^QKwT~tvxU-nr&x*hh|Ah_oFIYkwNI( z+F~QO$lLa%OF;rE8n)SNwYNzu8mWc%f1nK^X)&5VKYen0@A8}bcj1gP5T}Mq{%~Q! zJDE+Yg!-b?)ZO-zG197K_mYuD+jNd!=7E>8KyGTer(MuPp@ekF;y;Tiuo*dPEk*^O zxcrb~O*>nS;@Fo2!j?RkS6(qqLTE3-rYPGERem-?!i4YIh~{yEwxDQ)4~gM;7`=9} zuYYZw!hc{`zyIZgPxWo1V~4uKUT^5aIWH!;E5hnh!25y%1ajubItwc~rqsV(45w`&3s}J|mXzZoK=dq()dw2?BsT$! z&o#4^F*fI)R!}8uO{^bgC&C-qnd1oct}3@}9pOeZjvkKwrp_=YrvGVg`Ls@Uum?qx zL4QO>obFZ6+nD6vH=%@KIxn!}_~@59^>f;^T_?P`w4>s$xw_gA9)ZOXPwNR61|$b3 z4>r1%5&ct%`w0~lb+)o->Ok5Gm~n=KrCD-u>wvD&ePgwl=H@+z_rY%MxC$zL6I@XS zzE?jA7fzhT0@;Oj*lDe0-L$&e)O4Q-xtgB8uA$FsZR-S_sk0kiHx0aDB-|H(+*xk4 zni})B5>$?6E3?;QQZh6cT&$0-EW}KirKa+v<&U3^P-hda^`~5C-w;dRtiBP0OGCEB z+>B(yEZP%aMAt|%&@_xY;h>=xpCnnvq|1xHR;3DTH7R8dagd;UQ5aGo*I zZs4+1So-56d8M_x=izojhKhTjInhK`C`TI{ z4B@DiTR43dkt6=bZxmIAf49@et)xz3c|H(+vC2%MxU?`-!o zo!?6%4#KJ9Z4su1?-eN%s5$uWyN))!jR)VisG{6hF*X=RMZxSoKP9}#>*Gk7oHt9@ zM^H<;U=Jvy6;rLjM>gEUg~5z{oPHgBCuEZD`Bpa5bL+hN)xn;5w3XwV?A-?9hHjC@ zFgUl+W5hypM*FECD`zpFVRATLlkl|)tjfQC#0e4qdhjA6JE^BZfRlOx+0)DLC)Dh? zU=z$6@LFo`gK{-*j|$z^-U_*p$Xlvf3h{}3<4UY-Y2dFP0#yieyMR4i9m%j8bO)99 zKwHKLVo6%9uEGe#ltsr$yw&GX*-Q`P362e2wZVyztBu{JEHZ5ny?EZlS_{ zfR;wwkrls_6h^4yjkcc_13_0-D0oqc6r_~-@-6E&CgGD>EFeo4)@zT&(oeIe>HLJq zv>Jc~>`Q`doW9-bE$8+>N`M^&^zHKl1&%}}tAnb1r4H&}nWK+$GHuEQ6*2`S2Ao}J z%HsOL?wBbzi<%s_8-d0R)rezh-wr2S%m_bPf_n6}_7`p;U*Fe0wPqjg*4z^C0n&kj zImOq&dS)Ll{#sw<{!PR6{w#|9IkxkU-s=r=eO0tups@BdIi>>(A(VGTxt;nqO$snz zmu8C*J0v<~BU--tCrya+k}j&(Y%?~_B>wr#QxLDvJ4e+d0{HA=N55I*ZmCQ6%{94Z ziMTX8#I&N4yuxO=GPM&ozN{vptRnPJj{eTigq&gkI3yp|M6faPbuTL-|9EVx`Xb!( zd=@YLAgob|(YgwpJT=#AxsI}>2HuzL)$&IcOnr;IIxD5{>E=jUqpx9*->!-6b2X}x zD=lBZ<~-%$VBpPTjvdj7xV~oN1#a;k2M_b$)hvwHN876KSyD;WBw} z7UefuO5uGf;{}<+Z9c)Xp%)8AVy@>itlzJD#*>oNU8akm zKH9YoUL;5H1y#&FgnG@HA<#?vLML|z51qE1x$1NnJP26OoJ}Y2Ew)Q$$>03~#*%)p zUNSLm|88wnQZtM3%2O-dbH>RwxBgnkTvhKSY0}D5tQHYQKU&2YS#W~Np=}~pQy(`2 z#t|Gl>Q;dSR~-!=bRlQ4j^h|`XOTc{#m+L>Tmo>E?5s*snx*##da<2Gxntw^Jyu7J zDpBOs$e}nNhXt%aSHNag#qFYt8Doy|cAZGNt-EvHsgPm=ef(~GI)~VSZkSHn3q(Y& z;$r>aspr+X-PqrXV8^CY?XzyM0^kT>kp&G3wN_9|sJb*sW+aeDB#RIBN#_g3Oxiij zC#`SyZXb1*I4fG4AFyQ~WcwLpWM51(*54i5PIP{c65Pbvve+c-H4|(lLdQ`NHmt|O z+vAX;Zxc*aRixRQgZHTlcdcokac|^$OA=8KV9(TE9do)YHIZ*@y!XzIo?K&Pan;43 z#L|(oiIwXd-=)O-Q%&Iy|JWx@sb1M#TofRAkkrsPazq9h!=G3xAK#Vw+H6s4VutIr zHY`{}zn7Hwwf*m;w|^YpH)j2*nxT~ISF~IulxF4c7vE!e4zOdaW@CPMghEGk#`VPr zgwjB(gRWmK<^VU4kC@z49M@rVri9&I)Ku9?Lz4!|&)d0~X$P!B6mxFbcOLiLcDKV|Kla4Z3{2RT7-6Sr5%b+IxL5Wy`45a9U zPr4NQ20MVx;RoH}TinB>mFWgvg3y}NezdPPkw67YG2(ztn;>TW`s2WzgJvT0)o>)!a`XPv~aY*|`lRQ(Si{`WqP5M_Up> zp}M1eY~-cDAu|fcPIsG;{fF)A2O-rIsLgH;krevd>qdbVs-PRO>`Y0b)~j)E+2^fn z>ka>U=;KP_Nq_t9UsB&aj>cfx8F)(H@&lPJqZ*ia!?#&&v|a(>*X0zZl%m!a7Q6zR zfs+dWjjOoVFF1a;D`bfpC5O)KR~^}4@!9|eEWe0%BnM07SI~m#6zw)AmJwE3X29X! zJZlXoO{?K1(igZWk=PHh>-n?wEQrH|`!&cTZMSO=wfOk1s1u099ibK0TC5WX8?Bo= zz(s@I=DUZJzOgLSeti!C_ns#~1MhQn!tQ-M-<}aI4epo4d7m3$c4PsqVaePD$G3KsnP_{3Zf6MB z$3{}q+U&)+Y()a7Rp-?hH5oAS*9WiOeYMFKBq6iN zTA}T_J~n5SjabO&f-=yvI-D%$!qrgYR$0EUw{n(71YK;M<1q?Dn`zOv|x=-*_u zxBSt4Qo%lvment7Jvy8B(40Cm1r7s9eHNf!wF${aN$X3t9JU;I8kq!{goCbz}1CmS>V@KO@xmQYm*YO@MKxtP?uMq3t3h- zLEtiJ+^sIwqmf^>MLLU#VK3%beYQ=B)h6P#oEEloy1LF35YYZ13`uSic}dsU|e@AB8xY+pX}%9CAoZfRSRGf)rmP*Sy z=C+jeoGQyf=NRK^VbKaEJ~4r#`@Qz9t&HCj%=$Ws|DsJx>$ z`x8(O1aqlkm$fD?Cz&_b>PoEUI72*df{Z8dD;>|LSyKEGlGaJDXOCIJ4yinR9u#_~ z1MvRNvL|P68(W5=crdLJlHf19x9}I2hu{HUdhKSh6MhqBB&c+p2&u;8%Y#}vx)|(e zhy;s%q{WN8YrD~FIe=R1rO{e`1kO&Vz=fW_J}xe=y($E5@~I7R_q{v_8+`YWZpQ?+ zIa;*Z#vQJeHtawPGC2URUk*n+E`hikA9bM)F>x?%FlveyN97f?^=%?%qFM50%nRs4 z%6;r@_dG3{V%qxX=H6y$p?f;1Y6~5_>8J0#8EdkA=K$9BPya(pm>FMZdX}YN0~!1) zf_d;6061`=l|weD1!5sf2abry;C5YBef*FIM|3ByuEy34PKFk)M_!Ua*X9^5IlwqU zN74SDGm4_l?%}M5wSqqeqjAR4oKSlFtqI_&113LieM^XZAxd+6=!deMARQc*2*!w_ z%PK}d^YcmbO;=Hg^L!k#2UN4$^X+D83&?uqauur1?Rx0uT3@(;#HW?_FF6o% zY>48@S{=(;w&;$u=;pYebtQ48ATi`;!^KQMcj7p+l2%##em@|(WRc_3(<*On4m&%{ z8kbg!Y^-GhV2*+dcq&`*I>|0%RmZov@FIaclhf(U_(*;7CAI9yWzNn+&DtOW`@IOw zQ!c7S1!eWaL)ve52=F$VtJGXI5e|g*N6RO%x7ksE%L(3(czVX}@0sw4=NsIR?t+(5 zb6j=JRT0{T$&QZB`b$gb#8ZaiqYtkfUtS_*6hx;5IjljafLXAA!)NdvPb}x~e zmlkD$BBU$5M^(PM%K&HwQ;TyXpemz{ap2~Z&H~AJmSFW;JS?m)r`H{JI*Liy4@pw* zwc{*+E2F$D;qJnVAXyS~I;%oJ*)?0T$84L3mHzcajaQT4^e}Q4!sjrJzJ_mM2sy^(W~h;#&!>FMa59z4LM~dr zxOwgEuSU+ZB`jVPaJ~JJ^T#*{!s&p7pS6y8gQ>mgt99_hN8_S6b$p~dh$ z^&adx7>aH1)zCQ^#m+H1PlgIH{ah(tP|R(IDVbbOv^28z+2o_v(xH&O&Qla8g(UTA z>w|EA$YP)Mqgs(#JuB-Yit6dIvG(e4bWpj+k8pHk{AF)L^GJHMcv-fh?S#6^P}Z1d z_v{+;t8XaNDn-DEzTm}R_Vbb+7aKiNc??maRW>bcjnQ{3eDK2^*6X)t`4g*Zt zP1xG{I5}DTDRL1+??=uHI&|^;GM4_525Ld>{L&zgOQYoNLn@s2qj^NgMjTaddHG?^ zJ2j#O?Viy(xzi&Mn>-n2Y@=~!y@0Wn1VruX(q2(5JBH5w{yc`00-u5Td@4ZTWo&Rz zrf$V;wjB*_EC5WlFh!W=GWW_FEKYwtm&VhLH0#dUJ)BfrR&tFY3#buqhtOq}DK zn47-CO2?ueTjrm9j;W}qTGI(rSK%HMYp&SjLBO=PETUlft`P@DI#fJLDLGLxc1fMp^IW=dTeCh*(1_K*xx{Y;e0Nspyj2@X#2<} zu%)xwYAyYJKQtWu72rqGVQq2RBAdk{aX@r9DmNZ;{q#aHW}qhl%EavV6|UHu+`azJ zEm*zhAbBVq9;1}Vo6opvokZ<@j$7yg+yh6~zb_w6+@HaW-7eNfOXa7H^ZPMs$D39n zG6`QhRWc)WDueb&^-dkfJvrkWN4yS| zUd^Z$QrIC@`?6=u+k1*~mQc^r%(lC@hgtxz)&xXo_R(`R0|g;@(k-M2tqlW!c#U-Z*TeK^_!LE>x5BovYuD4n5=-i zK;alu^|qrFYk^$N-&G&#SHoE9uP-E`L3oP`PEJ$`=6yZ-i6yfv_PNu7yKOm5M*7{w zp@#wty9qS7tyzrBq*Kj#Dkq`Y)#DIYaxGV_w-mHC8J-ur`fOn)kTbExQWPXv3Kpvg zJq$+1*B+^p^6KhfriE>}91{(DG%-FBEK(R`=K6Bw{?7>`lnbBw1WzK(s}843>o5<;ou1a;vkHalG0dQ%mJQb02VlC@dYgB2_H4Lo4vPSV}_hBGqL*)=gtHXZvtzEe=#u+Tu%ocCy z$UeM$6?_-4;mbxjC5hcuth>pR%H6D$aLL=nsP6w<2q8Zc2}6KQ}zb^_m-6 z)Fsaf+2?!e=OKK*XY}*XC|W$xmoyy-CZ&~UsQ(OKr&77sWx!pda4WA zqXyeuUKH`S&M61Yd46FauxoQUEjB3!oZ(>raT9O79(+ade5&C4NDdwLx`tYBN{KL? z4$^XbH6-Om=9ksY&NeuwGH#whath|FqquA>sh1Pr^fh@!ZrDN-2Q?0v7R-_}7gMZ( z)NSj|VCNNC^J{5ZR7u+yB<*{QP2qMb>b=cPnZmzlYpM~HQWQZq<g+Bii-L?hD@x5vtinL9A9CInA=XG6E z>}-a{=Bi!XoA*3mV)W?mw7hs}!$vw8-#>p^N=HPxH_VsR%-hj#SP9zn7|CSoa^Wpt zAZhqRbPDF!Pov=;&UnMfP-%G>TSNIP0}S6PvMzI{yno;K>!l~~gjm{cm88tFgXt8Z zn?|Pan6_(O0jVWcY{3P#G_uvP;ms-Y`1Bd5U&bU(jJ#x}$#QG0_EM=tODf$5J1(GR2#t9tV>Hr;tBC*}q5jmCBo}G+E(uSW$--fBX)ps31p$tH@LvG;Q^F z+e~5{KU9o0t7C1UkZs=@711t{QeGxe*wj(1t}4sHS#a{B^(cB| z2ASud9*HWWpJeuq>8On&$At72O+E@afwQ`J%PeqrO`;S+u%?!?vfa$Plh%J|4%;PN zsVyZkCMp!g&jKM?Kb2Kz|F*rG{J@|;LM=ab7gr9a+qwwolbo;Mdw&z*=tP&AgZ4Zq zM*+2ut(*#XuEJbD{klL(&46(2T=!T znp1}QlL(LD)(2l7LvQ<28QI8XG!XU;6)~>d>@GhJ6!651J4cmZ0$t^S6U{pP&w*fe;oUn-{P!O!~I*qIjb_`*dNBlal3#&`?j(u=-jwazH zd-fG?@~h;*nGxWkuk0y1z_p=P+8VT^jZ#3{?()>{LjZ>1*X^-<^#n<4?ubd)p=(dQ zV(B}O+MOBjHkXI5?XRNOhGBE*cS0`dsyi3&F&m(CW?OsBrWZn$Y$8;*vU%)b2Jhd8cxh&J5E?;pG zrB+ujw?k+ww*Lip^^_Iaz;KE_d)~DR)ZY?t)oi#a2UMSJB-8u!I<43(PuOi-H)E#ftii)_{&}WIOFDpFM5=t;XIR$ zy#f~jJa&bq6+Xf$u*HE%P)p&*jH++c*-m0Uk6q&QJ#R`mO~%QgsV}yj{M6nfHQ5q7 z(Yy^V*}*rbf3_TNa6rsIMg>GoJVEsFsF*Il9`*pPs4qpkS0A+S<-6$ z$W4!_k)4~@qN#0BN^KH4qsgrNVL63wk5jHNyzjj2zDj+E!#-4DDmjZjcvw*#1&zF5 z8?ef_TX%A1z1FkY#oxi$Xa|f%K4@Q7TECs#(5Xy3hwf~)$;`N8KhD6-h2_u|l@v)~ zcsgTte!CH_r3v^!Je`=C#U4z`Cg~;t)gg#^-#m-^tDg^8Fmm)W`A-uKnHzU{9PM*u zxT^BvjLvEe_1A5wXg7+%)51U}KKoKFQ$ZnD!*NO~x4x5(!M;ZK>#a`6MT2x*VOhEJ zWGXA^ggEjDzMlTjk&Q0tqz<2M@Avv>{(Y?)uR#$-x<^_O2?D*8O{2&>ety;yM=tDR z2N-?H1O|_D+GRhoC!QsqoTL;}ZHW{!mTV^ujfV|fD29{W3nHRnI6<5~q7UZu#EJC5 zScB#%wAx_AWFBooM4K57r#$~s4puHk*yoyWpE$yzAl%#7^8}aJD88jZGo<5e7@(ND zwnP_aiYohaSIdtiQ#*Xu1M%p*E)x|cd;_zunA=$tD&vE-+VY3BZj)^3TG>(Me@0L2 ziQvQzk)fhNigE7S`l$$a((9&iaQuqjg{=WHUJ+B|sZcaFlVRq=8v!P%qCPLf~IG+dIOf1s-IzV6Q)m{(2kv;Lvbp=RI|9D4= z*cNVAS2ZWrSKU5ryK?nYOutdtyB0Cd zDJW|#h*bTClVh~ZZc_=jw4*!SgHHimUp9-cr?iy{6`8uk{QUCC`4{xL&I|_RRuLYYj0*{CzjE924}G08k(sMIw|||>)XWi+Fe1H=VEKqTo=)RYGcur(n;^fNoEPag4eyFQwuo!;pc0?65P=zW%4>R71l@`PWAZuCVuhC|{0mR~)oB zt}4^oh_B$6?N6xpIBRdNl<7n2jv}1avS_rRMkLCEL8tV&OCJ+ybbV)3WKQB^+(>&P z(RL?Eg6MyCD&y`&K~nPcx80JVf=vce!W_79jTjud-FmM_!{II`yA3c~pNJ0g%M;HQ zeD?s%jmcbE~c69?*`4zzXKaa_VVsDQ|0M97rM^fse3 zts@zg7?!5(W8tIDFNfREnr*fr88))_cM{IX=_UpFk;Lkomi{m%!;+gVGt~U`*v%Oq z>$B?d?$C^IK1f<~m}+Cng&umCHW@*|{?^^W6*F*7pRb2bju?+ZHo!uFjz_6ac!cd7n zh=1iC(e0~zVjH^E28Nx-FtD9cLucUx}{)V zf*T}nqo%VScOlNOYW8+vPrj&iltsJBm*v{cYw1@w&DB8})GoRTcNS3F(%To%&>Gb* zj!UT*a9onOxe`(@0l-^B%{mS46#eyJG?UQfD(|Vga`g zht91VQku5?=-T7U(^@nFb~D(Y39Dk9HT0(O^%2fQH|D^i?TjFks&J+(o(^0-vf7o2 zSOxV~Rz3*+If2Vho9O8dR!&D5M84j>_j2MI+r}4N`5Ovua1O5+L>Nojwg+Rh*l28L zM5B0WEh!-nI6sa%Vm1PbE&N+I#{LwY4jHfrh z-csxN_b;|EMbze-BWW$>xo)Y=2)lt{vCG&LX5eR0Rdd?bnS=}-5O*-S?w|W(gz@`C ztUHx0c0#CB`zX|i!KseC@`s*Fp{9+wq#svK#K+(HpT_T{lQ=B-H~8!g*=lir(^wFU zrm2=X9j2}`v8^i=qq)-jk=CpVKw4us2DG$)Wx>^95yQs`-vYR;A6yH~BrV5*|8)Q< z&7t`J>2-&6H{izgB-%NVjkGBMm)8E<^e$un+$m@|oV_8E|Ly+%K1p-FzHI6L@O73^ zZN*=gu2a0w;#P{g1`ATWMT@(;yIb+%?p}(!I~3R87PPnq_aJlmzw4bfvqnCat`(A- z%elXE_TJBd4A3Lbkx&^lI6lGmn?(#Vk~*FYY3ZWisXG->F*Q;6?dxJ0K9HF~Cvk4; zQh#0MZ(?FWMal_up+K?&S=L)q#_3zZUxKYoyS~(5TdppgMJ;xbGL*4;dzf0cEf=8` z583nB|I763EUSwWRtatT{JV>i@8pUZW@HQ_T-Maq4IUj8b%5Tk&!VobURY9+o0H>f zg(b%^jc|JugGm*BXkAHv3iT4VU9OfmYT^$-9#44Tvbw($nxuTP!BT%^W4e_Kp|vUV z%?+w$t{)d?#_c)2PTLp!A@|8yiT$Lfzt3;mASeho!9WT}1tfB7Sb`AE1^>a>FFUwc zlAoEf_?4R0V7Vj9R)B@wX_+31V&Q6=xGo!>QDL>qVc`G#4pOZ`O>O{{jI!7q^I5ocLR~X z8dEPUtSWj&9>#*pOW%LpTXmbw2I+2wr2JVGDt>B8N+G@a0Yap}=L?r<;pj?jwv-`c zu-hX|Wb`09X!iGcJfVJU%r1LJZb5|J+K_sTzB=VkTE5@fC}g4(GBgoL8nkI#Yfh_# zZ}3h&H5JqmKGUM#XobHc9U2p}W-~KwLI4^P=6Gctaxga7e|+v#T%>}{&SK?>wh@Gj zPe@IiqR<6I8Byp)4nWd~Bht-iCO%rS%E}!5G6Sa1Jc6YHqjZp{@qY6C!=xUqnu3-V z^ zU4#^f*JfPx@1?rmOfk=8D*beLk@cnoe|P$BP8Tyz|%L_24LH60adt4UWg?oV?TgsF=?1H7^p9PC>sdO<%k6d63Y zMxM5nD$67&{wX%?zNZ5MVxYgpK%g^M8coO!+2GvD^ZG*1s``Cu{>0>@kdhJ>@|;pm z6LN~1zBb&aSjWxfJE(ecsYDPwcz^{2fPs{9RaH!LGY`<3TNaLqOb~hQyw4yDzKV37 zQma(h@S*E8iLx`*PEId`;oKPXW%q@hX{zYzbk%Tbw+@dlHC(q_y z*QK_9-_XUS2M!b!Y#0&kMytAUb+{@8;X2yOqa(TW;keB{ow2$n(dFIONpoyQOU#j3 z&;Q-+Ai-ta*hRX5bR`*F^ha4sizv?s%d-{=iJ+1UA3j>xDZ4q=OTU-ZS)lai>6X#y z9)fp!p8osP{uDqkHehV8NCob~k91G5S)Oalekhk^Z=J=C%u1IA>c+w4mAYl6fNARU zt>0Ok(aP8Hrhw|_Fiwxv)XiE7baT_t#XS@F+RU}XSG8F&3)(E^TA2#1!_TLKMLl;^ z!MC>vGOHXn9i4)qz4|QahWFmp)zt$-L+jBw*pYOl#!7bKX)7}~ws8{F^-p7l-~*>j z^0FxuVUTwbiVD7R6!C8-OXtmA7%3vCoL$ zN?C&rGk(VLklbJ|FR-UgR7cZ9(q683^_Yr{EeJOI5e7(3Ms+%UDTO`>VP)Hn-jkj*eP;y=PbW3+Q~+3=!0+Yvs(88jHdT zfr5Y{(Os=Sk+t%!X@iHI*W{ znNl|XRW9+Gh>Yg)ns%vfV;8+Jm6tqg0V8+o%%Q&zYh+q$vb{e?yARqgN)f8AZhsbv z{j-c6J@}Uo3{E3$N|B;NVWX)Ds;KX~fq-dUe9BpTg2kj=$I=+;bjgWC{eQp9P_t07 zc9-4A(kYCe3F2~d4zHK;d9_u7h6>UOqN@Vnq4G#@FJ( zdj`3SFk{V35wEbW(mE};7dY3rEy^lUy}XSz6g`?e;bXg2_r%JTxU-Cw>Q2>LX6^#K ztU3Qh7>ANh0X5QAogQtPVW~4!ZVkwfqr1QhdWCx`qF-?xvPb+XPJLcSIt6jK!uzrW zyzpdK8H+RvjGDvh#kgVPBQM+V{$~KP>Prh#X{@1|H7czY2LVSKYROFKA{ux3`?uwk zsbnm(it4wzxg+2M_QV9-qt66%ShERqr3@;na>b{;9Ig(it@ZLoZXq%T4)LT%@A9{M zaTATmlABs)=QmE1M?;xJ0h&b-_XwO$s1QGVIFiNs*IHwoHd$FQZD{P*kp4o;dbyAC zDZJAmb5@NB0I?#hm%7Z16u6mKTM76aNh+Jz!=-0&wM?hCuk$kHQ&}G^D7tf^caSg~ z*%g#4DjVnfNXHNiGZoQl zH^nr8(>HG&kskQqODD60#J8I3BQ`25GZvm=tzY8$wXaw&O7%za+OC7M0+3vMa$+`6 z*o>0nzJ4B8A8r>|t!n^mdVsuHP_kc$X4Yth6pT7?%ELaS-YW7jdMj>V_^@$=Q%gaz zp+A|Q=4Ty3A8wl{SAMm*_%AXsd~_Rl2~CY|wM}-V`;`Ij&1P`Clj+na{lT=TlM`ee z`4Z=gyUq{_vzbkxGkEjL(8MI}zaq|V+=7(Y3tZKodj^H+xO1{&2{k}UpqbM7iJk%t zm}fg=G;!VhOOCmi2OYPU2o@D;$;N;lk^z#7iB?TbjmAL)r1mQ_5nt0OWXLL_=TkH= z9=yf0ZfKbaB-Y!ZOCwFLVO_e!gTSX~oYKJM5Y@QrSjN-~c?1a;}9Fqfc z+)_3-ace-p3jjbhj+ZUaZ)WCui636Lt-Mj=@2+WNla?OhWLE@IYPnql^$k1!ITyL<5Rg%U@5yryZ|s9A*d0ZmNY-d5$(yG%{X_=1ao ze=(?pdnoqT8G)XygG1XOwfob^SIS}(>lk#>9yFp6G(6~@c{wGB`Digfu*a2m+x^=t zdqm$hwFWKbK=nwYW{NIz93V||TX#2jbq0M1@iJV5^t`0D`uGlZ%-{VGY&+7(G#gPRyh# zy;dN0EL(Faye}-}e<9;bFSxm_F5_w2zU$bU8%x8A>D3aSQt>=frCTj)4jONd1Nj z?iLy{2M0hvL35W*@x`K3u6Ncb$;X7cw$`;2%gxNCRVI1=-ozAXV7}#y`CCkn|L}Pk|A=5$pjG zPXa7D$Cd0fm(g*>9)xMR25}LhiA9$1&J~)x3&Vy*Aew&T**=?+-rC9wyb?7%{U6|! zoFatHuX?Q;;xaO%y}kK?-<$*d^m2`bjjg86*{jmjd`&Djy>sUWUaA?iAfK0*^P@w= zi12eLb|$k9=J!~@7Pa?@V{wJ(t0i2uqo(7SbK`JJx6inyjk54(+EL@^Bu9&+y z){jWEh8Y&Kot9>Jo}OYVcQmEUxbUi46XSi7aJX$6ZyHr=JA zMoSRLVxb{IF@VQC5ev9Azdpy#|4tuY$Hl}5GUJj1a5?9e2!9Io*VT$%cC@ck)t57A zUox{57XvEVje8nKl}QuU*=w=CX0Yt5cF60V16lgI`$LeY`TGvFc*5$}gpuq_EVoAgKu7;)4^?+|? z!sXlC^t>mSI4veey|L-7s9Zq)yW}Yua9Ovma4dNc8qv`1MDAk8bdXn@&vc<2Ovk*t zeWjzqM`xUGvsS)CQ9vmgwlVL=6Kc_2#%Qr@*Ar`rWIz?fZTQ|Xk&4NB`nG=uUzTAO zm!!~W{{v7JzJ2~+y1WIYSG!VVxLe4OuI&*NGSP331n-3=+#UbX%tfa!Q-P{YR86I3 zAF~*ZTMu(*i3{Aux}9&staaMEAtq@3`XpnQ4O;!C!M6yWY@fgPp=AT-fR^RR?ln`Z zmKveH+V<|XzknsQSudII^#ZY|9DoeTZyeqA?cbpWAVqEOREsb_Bn|gA5@MA+OIj0s z?h`alKjTN*3trtgLbxWK8KsTVr<{!H)DiOXv2DynraG-B@DhwrjI}1>`(gS*k^klB zX;nsXd=1%3(vi{A(@R^Gmf(?G@;rxFMZ$iywLRshSuY5q!=S6z$j!2MsTCt5QU(#q z%0GdYjxbRRvXl1l-nzc;5S7-6h^y2IONov303D)od(e;X-s&3{G{;u|cR7{%oXW+O zV=7#tn0@;ICRR zCa&%TcDQp(o>(907n3j7lWKnj7V>?;a?Dc~_aO;?ElxY!ZYjz3d9B_o9Kvagd!_7e z^Zo7?pbB^rBap>HuPPeE0jrXn5=d>XG=$y^p>|H8*_r2VQ5Wd_zEp9QIE%f+1=Pv& z=9avoDmQFRWz=ZZ#))KQ88Zn55XQkb2S|&L}BQw{-Y~T17uN-dk=n@F-S|x)-D!(e7GpA?ET#n zfzl|~idC*20RkfvH^Wps$2N*UA29J@*~@1ic4+yL_RxI%xv@+!3QB+>4}ZePKj1bq zMO8pD@=Fop)*JfUDTU`eS$znm6H?@$jMHjTKPW8(us&(p*BQ1jpKAJ zn8g05X{TPGQ~?PYx#{Tp}^-w$*C`2LMLC&kFfh@oP6 zSoc|Xx~giVMuq-FJ@XiYT;mpB1cA27&BNiFhE^P#hhv)+<;FFqKp(H1v&TCwiiAt4 z;iAp?E_XCMb5bU%xI@eC@f_e-nG%az!vEiTa z;BIqPBM#RGnjwl)mq%vrvQ9LL@md?MzD3}mk!Dz3dG$3%mUQZ1Hzpql5Y032q%u~S zD*Q5KAG#{$`YfkJf|ZK@S)M|Z&nSD9X_sF<70Xae>>Y4MD!Up08Y^AnpDaxrXpksd z5g8B_I?c|&p?vig<~|uK2m_3r=R1*UFGHk0T6LR1n7BAFP5L9+sp+pNc;xfpiq6D1sVt~<*pe^r6mz*F58L?tB(%!q1QvvV$9Ho>5=KsK|YnS>Fs zVl?QUBP*$_pilutevP>}TLeVx15*wl)bO-ZlU&Tf3xeliW^b0JkxCG zz!_j7jgQ|=zNxz;?PA$*Z~`#`8sG()ynTjB@gZ3qj_44G0eE=d-`~&b@^kJMFi**t zXJw-#iRjg*rCXBy8yggf8H)MFSf3@?=21BygEG&LaM`K3M7(w+?LC zv(RdoGu)=Fb~3K}wf7ndg2{igq-yAU++;|^66qKde~fI7UL z${YEcy0ADjzpiaU5fHjRVTSZ%L%#wxFGVGz?(z>178H$gPxXVy>jVr6s9T@`ZPs(0 z?i30d7RnhL;4P(9Mih;$;c2$>lJDH@lzIj}C3O~3O|sWH*65w%0#5NarOUI^S3}HM z<%k$Fhv8#WRYUlplvUN#V(c_D-`UEu#^b+^cYOOUP9NMovA+cnI}5JQ3eSta*Phq&gbtaFA%Ju9hh%^WKh4^* zD1ds3;Sh`mQU@HOu6G;q{91AVQy1@(?6|u9!4?)cyw}f7JFs)Wa8F_K7Yd-1Kg>gNyLT^c}~w>Dvj^7+vfw4TpF)BsGwH|!Fv zOSh`7!=Q2;uB@!7`G9|>>xy;*9u8rxK3txeUYe<+UnSnI>%|BqutXVSHukHZRShW? z`)8Bzt{;T)9!*g`<$C(JWW(aJxe3AhH$c|}94g77@AWfeOiDoZz#kQV7P^bQ%VxY} zA|Bhp-k<8j|0u`11G`cqxe#x9*mnqFvnFHT4nc~WbZ{U6g6yjI=gRAeg4Gy2pM8|_ zR!g2H<*y~iYl}>$U6LeKY+v3?D9BSFZGj-4l&Dmz*oK;ai(!T=AG~@7LRBEj$rn^w zt0X64cdIOnaO&@SB+Sek)6Sli%NF0S=y=l)lwa0>i{4kCz*4Sj)SA z$+d{4t*P5Y_nU*e^*D~q^M4Bh#9jvWU>BP)0A;CEC+*qHAtLI}YU(^8>D54ymNx#f zK*_+cews|0h=0j%5iRtc4vt2lHH*X@W-1CUe)Ui@a3|@$l9y3cE~%UO!aV~xBIWlp ztxQZTYM_;9tl-6Isl8C5KAC^Qte;--lMSyxQ3L@pF;`g=pdQ73C<)UC4qkveT+^zPID6RLWo^-_`P?5t(g_+;_IIWFm%gV0qYqQE*^igOblet6eaMjKOTH|0Az zx=#&`OM^rXuV{_xZWA!goYF7r(_>#imBhAj!``;UVn}P@NKcK&@O7lvjdu@KT1evE;wKg&QYRSn+M305vm znue}gfG&v`k^s&HcyNHSHKK+kT0IYypRG5P9|sfG3c`P-fJ#+0`c^xNNM8nfw}fL^ z(B58}c^G%U0~fs*-gA_X-ZFL^rw%gs_v%AUjP0_4(W)!& zXf=a$VRHa5fXb?MlY(t8V99qTjO|!lPC;xnQW7=#->WF48Bk!T3WE87IVI&b4HrEv z4<-arSV7v3;PYBd2_fs!z(}&1?4N`>&x~3(!gbl`HBj{-yrf9)B^P5ytW+AykNirt zcP8~R0K`{DQ7NywJdkKctlGlTc`l>skKx%EVBJ!pL^pa9N z%_l2{6pRbvZ6d+9ZK0qhSZn{r+OIWM4mVkufguxfA*$2I;Lg4^qSEEF)&TDEsDwVZ8%G$bfTjTL=ueBkDFE zKLVb@mqAV&yPCN&e09I-=>Xzm_uA*~4P6n|#dh-~AuVC*CS!!sYM$NlG2O4>pAZoD zWCzqz07wr3r#e#DANz0KC;-6~FtHogz%D~PK7W@!E`v^pkiW#_i9?F$^~+%R4JDAb z??z1;4qQF9S+*s^MTw1D`^P-?j<8CKE)GV`BA*gOS#KuvK4VuF5$)8ok8SuG` z-MCkV>>K?>iQ#QT`0nGI;G%<#|4iJzI!Q2hSm~;0o&UlG5wEN&I;mO+P*Xp z8}t{FB?l>KFACXN*$;7vccv^^mN2m=#O-zdX0PR$ytp_AKGbn6ZCqMiwx3U{c29n6 zeH}D4AAo?l-o>#VxfxL9&G>iYg&B^wd0LR!&8XI}F}gIc&9)Cc$%jNFCSupeixpZb z-s)zIM)DB2SsT!=s2`j0t(bvk`4Qc5;@$$(`xUoePrQ#WjY829^)$~)1WxA!9)1e9 z5@i&3EpSJj9tW@HQ0qMs^r5K6IV<6LlN3a<5V8_tCjhf3PktQ>$8s>tRtBwPC5C~}aZaw*tYBWE&hX3`_bWZoP zJU<9wmu6Tnl)`JV!Y8WE67BVsNi7xAinW?Bvm@YL<=@Ejm+6Qfu>@2#o)S6 zzEV}fO0=>1T`NPHBcwphOYL_x{fI%6)}Qmp^;io6!}tB=9}L;?x8m)Pyo0Og_7l~q zl=Q^m{&owC%}4Lu5#qGu0znSi|8kzZrS`0mPusHpo0mL~b-YYKDQB?b-$2wVK+^0; z>mP9OLf_FhSPu^|A2kGXV7^T-AjPIuvH$#1*`P}IZxJhf%K=A}mY_tU_aDEBub+P| zTD^f~AlR~I@e=;)BUr3|YMJT0dVS-|`iw=2A`3P%4C&*4f}ki&Q;QX?mJuxa@2&(Q$h zy1J;NQgjJ%3H%R$O{Th)wII@3Pci%L_{2hBY-+xKo#T>CsJGSA?oBZo^J()~lhL-Q zCNM#TnkuZkvoye^8; znjA6?3$1-NeZ%67P15!faWR;Ub2*ivAw_+B%|#0`nhAi_AQ)Y)3hkB0=CuF7WLe*Z zW4So#;%XZRT+{=oKz+c(Ywa2+lYY5p=C4`nYb;Qj4BMK8a~PFEXU z(khoNsAx#bX+3RqZa66?j@DG^msqb;2}Ptj9iJ2&jO{eWwGT2K-EfX|++s*7mm5P; zL8Y4Q0kW$ef&E7<2_!oF{#o~rg6&Jh{TtV5{B)`6pD!-!jh`jDjH;$S{ehLCU-jbV z%ip^FY8%Fql*-*2!xJR;xf@Ts6LN-vC2yooc2WgZ)cTpb05qwoyzdKV&-h`wZQhhr1jOZDEZKg_g^m{ot$1+zvH_rg>6~baLU7+E2z#!R5+)%dl{)I(2Bt z)+*EYE;g)S(pLQwC3=jsO_Y>+;<9SZYvQz_%4`fz7Z(mWiDrG^$OMd6pA}aorl_ua z!brk=R*D}%S`yhkWCQxXURmP}G1d(sHFsO$u3laNY~Hsz#BC4eGT^%(Xx!@}jBsch zuh$sXO|ihnns|FxW`?A;HnE$V+vfHg=6c6Hg6Vgh*AKnD$s|dqYlr6iu0Xaa-7@oj zMC8`FER@p*&d<37CzVd=cR2q@a?<&9v{A6iA8~q{Sxd4YF?&*!?!7nWb`mjmbJHte zyYN0DkZGkyNx&@?h7rg2i~RfTaQVWlh}289$rMFXv&$sdVUhN@!+JuN{dt1Gdd^rF z9?t_6@6!Yougme1-C&WzpxyD&E``OrTr}^yl#IvU1lej1qn#?L=a5$_kBnF%=OYoCGDVi-{@3F$x14n9_^*+bks zeuHXED~=zBgH0N-1Os(0z4!?So4ZT)@v69K5NbH!s6*!ISImtiUj3Vn&XL_5X|SCT zT#MXe6qLaqXA^!|2@AVc)ok$TG=j*ZH#~Iq6VQ=6W*eHlYk2A$BZ-BTn^>|_A(!rB zH>r((Sn~^WwEXGfiHt*NWORgpw!ou+{)q*f?~K6OOOIldWpzDAC2Nh!BY!0+_37QrsLGd#rvB-)cC`sWux*DD^F$)9#YEVirw{x!w_Pv{th2+WE*Qs zy@e4Ew>@YYmsvo|gPzA{FcQ}R)%E$lkBwn$K_chVnZo0xT^@}EmXeZ@iW1uvY7x!G zavBXHaQsAInq>!Tbc_whJ3H4Koc|YCqq#ip8@Xz05wYm&G@xpmoi}!{z1dT9=~%T< zg>G*~$6@LT(OjDlb%*7Pa~W-R@l+6@34-`ext+I=-Q#sCcaNSngJm#;JW> zW7~rAZQAPctna{ETeiM|zadV7C&{`Y+l1!Rojhm$XeBAF6BwpQ_nPD%M}}R3?L^Ag1~t)>)9a8v znR5P?p%Z!oHuC4SAiB~H9{4dEpXaayg?38q7;YZ?yGNC$*nb1F=CE+Xxs$Ji6^pij z0_z|Pk@!=61ek_^2dX97c^a@!WCW{r_@y77bNsk{yZX}nqtd$4@U6SXM^)B=p`{K% zr_HUI(nZCte6QLj+5RdqBYI~(28Xf@+kI-eB2Xm>b1nXg`|jIWPB8a5RfEG|PbN&r zh>16Nb=8qH#T~JN|HQAz^B5?s!wm$F)llm|zwD}0i0;s@#0vYfZ2~lGYmmx|#Y~Y) zao&pyeauX<+glYWHAgH@38*NMcv}wMPN8X5?Wceq&mRQK^Mu^ zlrot;5pS#q4VGE)93CpKbURY%^!@(3Z#11VqZO>u_5LNg@E zErHufOYYZpGB8KJ(JT|MJA`-XSLrq^YT%rxTRE4`62F7})>)*>mrvhJ9#Sia6q}WB zyPI7-8Jbfno7(?BAm+EVGA^gC?9;05;uIJW1F9K3<;14doFNI`J!v}ex?|vAi*`2O z%+(-PveC9g8=0YOX9&G<1^cT_U&<|91?4FzJD_6=@N9G1NP9?GInW{JXipj>@y>!g zVVmaDUmH%nH=pJd}AWbEc}u`MvfZaOQMbO@%DWE|_uXA#Qn3yaj6v!ZrdB zGX?dcq*61ihPGM8(mwAlW*8mA5YT8K{aUdenKvIE7FPC_b*wtPw61C~FU{;AC20)@`vG z8DTmZkDGA9ERQ`MPv)V;#Y3Z^#PsFdSlFLZfkpw+V5 z6&1Y0Bo*m0z8ZPvJ7Tk?t1@0)gN+*nI>`ruNERNB$y>6pg(O`luJ$bv4K79yHuB5&d_ z)C9|Z8%1FFTAnS{^yK6q42kRfLdY9F{rBjn+vi1Se)VA(CxMrBkg(CWe3rEN#XOdW z5Mr0JBUCq?>v`n0Tl^`U;N0U`kVHfA( z2Aa#@9q&R{kXs3$g#Xx2I=|h?a#`4}pd-sUm`*C42as0vf7nA8UqKSKUbhc$0NHYT zaW+KhE?NsITK3Y$JALx8ky9GQD-DR*!s_kz6Zj)`B_ z!10qwrWe|?8;v2p#~?<;(DJaq5lFGm_brXCX>`oR0@kJoE3DX0olx`?b*$(*qKvFuaDZ)(6V zd)h-)$KJ2&$UKS{d;=WMI$_S&M|Fok9r+kERYX*RhJ_zD5^aa!J6#dv9}fo{{3r=uzZ%EWP5w0E7#Rt3GaBkez9O z|E-W~-(jwDpGTGcx^ia72{iCN`BL$4dUM6(D4}C!E-Xj%q@hdiDB$FnY}d_-Afiyg zVEOOD>^7X~u<`wOWNz1WZK}oLj8=g;u`Z&G3!5I(GQTN?(whOum1#iB4tv#okS69F zmfai$$JcepDz>eU6{?K@9+d%8!|Aijb%x5FdSG}TK;G&~OgeGx9Psp^jTvbcM#ERD zf3$WD`&nV87^rhSyf<)Be33Ug7@W0uN~8eMkQGNPR^IM7Fr2^+`PaitHJmciO4r$~ z!*0K%jqR})8sSkfptli{$LpOt-Hdjy#!ZpVKHBw1j@zqPn6Ej~qr5pW7-!C*XT-zx zrUJHHwch&Fk9WUGf$WpY7j`TymDN2*NuDmE%zfBi|S;3 z$%DK3A)+GT^lt*rnd(e$EB_9si-s6p}GbyC`X3=&wF2pHaxRw+7tDRcxj88#~>_7Y8YypM4~mWZf2T zWr4edF9y$Kt#x5g;Hylq6A>9`SZd8pI4<1#Xdy_;5*gh4#8wa-&rGmyB*z442R6Y;H)ks*_|KRaVeBYxgD%gConNch$4}TYwkHUagQB*AU1;b>bkJ4P-@Rdy9 zdA^X$=wDNF9YK%Z3&S9jx2p9~icN;d4r9Si;VXK<6LR^Vh7{>X|Md&Fu-tMQ-5ce% z&SeAJKM_cX-ooC}_1QlXq45w4I>&iff+`-6Gw;4f<8bbV;}?8jYWP@X&Mwl;%Q812 z=#id>u05P^JwoMjckH&dN8ZjZJi!>cxVaqV0V@;tyKK4jxH>&y)_{dqJrKRl1!qBT)F2I5)H%i zOW2%)LnHN$Ft?DqDKTUeaO~#iWH1ZLnF@@XhQUgW)GkaY{cAK~b%uAW+K zvZ-9AvWgx3=pCn$+hS-N$2M&}4PeLqeWBHSrSnN9lQVdOB-g{7&1p}B!c})u+4Xo_ z8VyisdlBe_2X@oJG$WOMgut?$Q};Hai>)@{=PxRo&iN=ar5hnrofwE2xMoQ$tCI*k z_-6I(A()J}`>51Ljn81yN=i^ea}%cK`#5AMh*icvy>${OnDmI7X7{AW7FNQXH$n{- z?bpkjOH;Ctd4~IHb_u1tP6}eVvQszTIc!2+5X*3LT+7^95uMk=3=wbe0M@jpMlho zNVprGOH&4TwD=Lk27jO#Z$WQ%DWG zeoTZgWzIHkciKPlDCAp$5dsV9vv(W?Dvb1C<^;F>9CoKUeO_d6%#m~q3+dXxM0nF# z7vZSDs;SE3im_itJ-R0#Bys^ON|0X!KE8QbAve5Ych{N2Pb{y4X);%(;Kijj*;Y?5rY?>2 zDx}_S#~U-IER0YnXxwa1V>4z>b_K?zrLeH{+#>h~joqt4eJ$2>v zUnn;B`DTVBt(Tk|UL!W=FghQ^$6nO|yt@dg1#haFqg#%WxpFGPsN%AKw9TWkRNcR*sIA6AVeK%2L$*R}#k$;Z2U>0B$ae>N3XQZ<6xNjk;5 zhg4jh>_96RJ9aCG?N?04g8Sg+4CQ-k0{$e_is7LC=aq(QPK&3_M6Q}*4lRU@>1gRP z2x#JqiR#cJ`zF8;>&n|li46<@fs9aWN=nGoUXStOVs6hrp$JKK4*z1|TD5$N6*t=% zWd&?{>|tW}-3a44o@Coe#BlrF(x*+UM35;QV_Zz_;=ZKR)VG_lF+i9Peq=4bI&r+B zpg;_~jm3##nuc*jI`^ec3#Nr+Tl4rHF{&&tV}nO^JVGj@8uQ(#HmEaLEbKsfjQ-wwl)YwkpOhe-F^?C$~ixKj};wUxc}*M2Pro+ zS+$Vd@PZZ>bVsUR4`fnP5u#=B$3PsiBtGFllP`~7FqOYxAf3SN>LI|oLZyUb!KC2Z z6*sUkW9HKCnEXH`lGXua8-^V3zXc0CR9LR_md=Na=>N4D%&+q^aDmzu{GbZAS0IxZ z2GGeUnQSGk;TxA_(Wugmn2uHvxi5cj1=@oKN85aY;+GyqfR$R;@MnK57~E24WMqVa z@~&lOvO@((b2K$IJzwmMjEJ$FgQP&ehwpo(^rNjyW3z>E9vz(V9bPiE!7HY>!P+C&qj-Vp*I2T=?E&A=8M^RQ1iDvsGy^~J1|I7;I2P0e(*)$Z z%lw`l4U$LJ;ZNvC<-~>7A_Lvt zKvSTt8cS8LJ$|orqnd1=Evcsj%A)9POV4`Kt@4b+fN8?BlnYbp<6@=6wSZJ>xX%Zp zb72P_FKds93TG@m#F3`EIWt~+CjR?X!~^CZ*;zlxP(-Z+Ir#u6n!%s6FaBtTkEjaZV1VP8JHzX%Z} z`T1w=d<8al3Rly>bGx(ReK@HLw`}-eYJ)82lovneeJyP5X2mBg+Y*=bIXhgu=u3X^N2P+%XM!@6op2w4qWB=~ePsqwya@!isBegA>~ zTK7DvfzkTWcK5d8CjUADN??sTTdsK7!eB_(24 z8=RL^hBxV|49et9F2{19>WHxwEr~WznBB&!Po{Yp7jL}`OiIk~Q6X|1*bTKc;ww`~ zO_v>I{fGQ3m2J`jGU79izhkHghOrd2fMu`&X1VE`TU%@Ax0RPM5Ca}Bf?5|6fI#@# z-IBk9=YhvKq3~09T2Hi;c*~)tU#N5mjr1mq)6fsXSgFxki`#SQooFK#Y`s((Q>Opk zWGVFYOUy#OySw87>*-b(x!8t%N86iWHI3Wfpw9@?{9~=`7sc9S&P<;~9Bp`j6)F!| zBpl<({ofN8YlFv2xNrFXy4TV>>i{v^c+27bZs+M=m==R!1b+lwc}uE|mhBg^*XoPe zUaeh;fyXEJY-8u!1qY^y)!YYEPn$-RP?cc3dZ%Q4{*jr`1q16MHp~CV}r}q^$){x+aiT`mrvTo(QDrqvHB|s7Hps z00l{hBSQEM?4b`>jT<=*QdH_rwd1&Mf55hBy~3}^YfvFE-j4r#)OFqj?|nL5u&6jY zVOaev`R475fk)vRD4EUK8K1!Bz=*lAz@vD(*S4G#_>sQdW6ly^DIuZaDRe4|JDyDD z5zU4Flz;1LP}6DAq4jdzM)WV^y#HZ$#roj2_Qu#;reE$lGVx9KOuGB#TDt31-u=Ob zmgzoY=1p%Cq0@j~x?AtD>s2n~4O&w`N81f?)Wh8;j7sD;elinrk#be4C=}R~x)wQq z2~2+J=$QsBv_Mw<)OoYC4iYCZzkgVjH7Pxshvt`BCb*(hy!J#p0XyBxWS}I;{LPEo zn?-DPs^%3NzS`d;*C>~z8Y_r9mIX!l8PZ*pe7aLY@A=H+C|9VncQc8|o6UW*;li)T_ zh&Y+N7#@Z3lXqO$lIaU)AMkRc)_#}xbo*C$cTw3qg$+m1F{|tVrBNy@-)z@BTyInY zZP-dzUGNtfa+*gS5r};>ew={b73QqWxcbe}=PGMAD8p*MlRV~Iv|g0MQO|pmaI^L4 zn22X<39KrSmswt@)jwdo0lbk-qLswm5~KZamC5#%ZHTHCG@>`0Q?k<)H;QvioiBB z>;7$9Ahe^gJS&f;);9CXmp+nfN3oAb_krrT`ir3|>vi}M6e>}6q(h`3un4>2qqhKC z(9kV9f;FDkQS6Y>4O52B#q6b`p~ zznEYgj6J;{i$vhXc#Q-gjBo%tbXVwf8XBtSJhXI(O{{-5hAi@ZK2r5-?+0xABfqMI zE6HN`jvQscJW2T!QFaFpSr|jfBX|Wef~%MOKFzm?&Y@b5KSi33g{WOfAx*FTr+wu5%2W8R4HvKMA zyQ0Afo0RW`jR4*Fa^f9f$7&Ry&ac@X_S5_Q9Z5b=nZciL%|RKCmUKPwi8|Y;IZJt( zrHZGO8GY*gcz+F5xj8r5DAW;%GTO?p5g~iN7{0o;pTA?q(i>DcYVuE}K{9;Md~U~> zxR-Rs2wb##Wse?zRx_$f5jfXBZ3QPi#a`Fb5V~CQExF$&Grk2jh3nNopUDpr>gq0T zvetgnQ;FLA26afnA+J-)cgt4CHwe_)^Ao$sWQ^6vLy1>=Cbzb9iTY#uH$QLao9dy( z5>rf02q`@;mVf`oukAznl|iQGm9q>U=GI2A_sH8F?<^0U8@~)xBJ$UD*!3emDU05& zq&wQTCff;3-0;4BkJ=}ZV#Pl5x_S;^?~q)N=j?UPex6;Qn|^gf%^G;5-PggCI?*#MTHq<|4l#_0p`rCAP2b9Il)Z&w zgq~1@1@-HOnAh8FzutBJZ_W4!d(c4rNLU|(a)0PhYp)@$1vwKp_>LpFz;m`~?zmtx z&@+rKkd_K!zd4xbu2nwTy7uhjzsXO%f8X`y;W9^0R0^8#IXrcsgC)izlx`)!Z2ta8 zM>bQDs^BE^0Yp_UDS>WOWI@ITjkIMdA$=7NTkzOnbx;obdtZtSsos)4+eF6Yu% zD%3Vq{`8S_!M;UepP#7Ml=B5P%-us{weeTqZtYGZS0wbmvSV&!(*t*Q9O9VB*}&r; zXt9H4aaml}lo!rNc(;a@z&`hw+$v8p!L-I<4-+*dGFs(`m;H^w2gs+iw|@r!#DKf= z)6-KRBsenHz6=IpZomvD-J{iqh5lNk%KbG`0EckPLPr({n>+ZGrf`Ox%?Px3AZA0E zh}m@>%aC$sdZWuUvrb#dxqiBFaL;drS9$CMw@Y}f?~pM-7TmccbKj-pug3ur38F}& zjxPa76hM6ikTs~f7G1dk#CUIjd>sec+>#r=yfHpjpLUJZY5_ZE$MSKsAf)r5jL5Jb zi+e=YV*BH%>1F91ESEi}h&q}pIzYviOqV4hqi^2;V7ptV2fNl8@2#)4xP#}zv%~At z3b<`?Y zug3nm_~_cBxx`zz4XqEHX<~89o-)xKBllIEp4t#aQvt=~hmEd1RRCtKfZP7oI9H{_ zoZe9V>+oQIRxl*<+Up{e9(-&15$yT<5dld=nS^(lg@#~%HFH1mQ)cmgb!evbSnZ$Z z1BI(!EkD&4lJM~r$Hw!szh&q7Lc&hQ%O|wu`3cQdk2gAWs>?`x)?AUG9FXfX7`hm8 zeWHN&LE{eS70skBOZl8F=o4c4`kn%fho8S`T=GOx9=O*=LL`{H{QSD+=PyU`9i4-W z3^61|Z$^iW45zGW$hM8SO+-8v`Q7+8yZ&shisvWUAsrvoyo$tD)@`~pl+7SQ|8wj&zNT5<-DLC{~n*Z%k4ST{)VdvQ$?}c z3U;m|6OH@rfGtf4E|)AFrjjD7fu^}TYo;WJQGsF;#0mlrD%orp;fc;ewSFiZZ@Q#L z&zFkNEQHQy|I?DGwU`fuI3(x}|1c13d=RkMSn59jDlX=Gk`$D}p!5qB z&N;)A2*fb6tqd*9GT)>6&luR+ENa$k8Me)TATxZ+B7Tg=E(s@MH2mdH zXBnz&#thu>y6+Puv&1Ssh{S^3mlpT<%>3{5kyj=cmA2h8-?O40w9wA&qGEJLW3`9~ zi|;CNr@Egf8?3Hq!>kAbFG@7mn2Z#UiZ|@>eg1f0YA2|=!4zSuqK&6BDEJ}&q$3#5 zW`Co@E}ZqTs}Jui!;pP%b&(oYM(_N)ve&D05D7>zxphi@$B31NhUR^#tbYJU!m6O1 zcAxE_u^cVqXwqxy6kD|y=GnL0V5mE+dYJfcinljH ziDWd1ib|y#JfMrd4#dM&oRi|EFKWi4B;t1lVJA4$1D!bw&viIOab0s&0Ob%4S}7VC z7Z>-$(4hDAN4C8=H2phEBgYhI6nAKD#?N#t)q@CCoe-yo;%P&84n)mWvD3o7Uu@P1 zcS4HfI&CQ&LQYbeq3OiNw`nfcD-hGB&{IjpnIyYDltOnKj)1=1#zXr$SW)Xm`qS;= z`pn}?^vmN!M-o3os)Qc}hjK~}*@<6xQpQ&XQlX@!czLexMJO`Hb+I$hr_dQT)s|(Y zu2es)ca8RP%(3m;2DM_378V|Q^KHwVqKCG0_XGk;sJR3RUs-6reigoOu`fS)#n_)}iWR9%WBc7B zy|-67_Cy%5OfMI!o>jm&HPO^vpQ|7Sp_8u*dz4|46hp3|+^v_el+||J5uJIfvfM_q zLo9b|3B26E4m4d&gFa@iX34y*m;N5XD_Ep8{QZCz|LMl|8`3=<&aj2eX7ONUDIfXn zA^AV+XB(UXG3@;u5ERV_-Zjv{2c@_6wG=4XohLix zZtq0Rr*_7|GiyO2x%U#l2XekF~e@Hh6;b-=gYVOP6%a#S;Fot!cxCsph0kOpArC7&=wW zJXaT=gWUwXZJ<3pXppqwHuY#Z1n-bm7_P8blo8Wvl9)Xa@0wLkq(n6dy95A=I z3*6I_2MVc)ck54o#3MhSNcj7?Yi7MOXFQ(!XEj6uU)hcq)Y&<0?$FWMgMB{O_-k=P z-R2pdVD{!5e0=RKqK(?afrAlQySvBTK1Az?_(Vt)uWU=s!H90ql&`1}CPt)hnSTsxI2sAeFQqwhu7Fd2x1*=RPs{GMf zB9=Xin%Hg_m``eSCxv5es_$c;;rVoUVRd&ytgQ%qskMh_(cE!vQT`3hWH*p|PQa{S zX1r`Mb_62dzGfq84!ziD_$G!~T1vk4l}ETV__>;z+6to6>XB*8ZHnB0;3-;uN~_vK zUwl3u{wAV+9?FH2v#FXlja9dEJ@iyg;r9?U;|J)EF5v31V*@kX_ic)j^Ay{zCn}zI z@Q4T)TESIzZPgHAz*a{E?je8FlKFOe3~)*|?7qz;H-;UjLCXkr9@Tn4@P%TEiKhGK zJrs4!Ha^ZenUjq@kq1*0<3&aZ)!7JBhIE~~k^M6h{wb%7tyoNQ)$_>30gvxVLN0O& zbRgR3w_MSLFU;)UHQhyW{Bkf4VWiwt9Z|pQ^!)8+Sw0bxi^B$%pC6?CK*?a zOzhj$Wu=B3$C;*?dar*dmq^>iIab&F>OMkH=li$ENJa?>MdYOBA22`w~la$P*9}PlG$zBjKTx;G0^@-Yspj&a(Kt-J^}r z4=B7~*%-~SUcQFhS@~1LPkRIh%VM&b>AGeZskgI-%d2uef7AhkV9t9Vp|{PeKhu7E zXg{f;UgNG$HY+UvIfEI-%@{^ZS5jXe47H8O50^ArTfA%UnBZMuMyWqN^T_|BvpQA@ zP7PhaNAW0TX_{$>;^qQriOLGgtdNu03ds=1)H`|lJx#%jt}@yo_Jr}LbT0~ye0axVAi1#aDe+~6Pk9(jk2~JHKK8KL7s?HL|NYFID@-8=mH2oo zqG*d*b9Af0d;@1-V zia+ao*F@OX*o{dNCOysX{erC_y1sDP2-kZH8LfCAx=f5%f+=psThZ%UJQo62QYBuU zOY4NLOMTPEYflR9PRvh8$s98^H*H}5q&k@uuy=qUadqxCOYLg>#rbnv4v0u5a2_6% zo~ssvQZFYty}p(4hG}sCE`hIs6KXy_VqOS51e<|>*Vu(hXcyRN4OHfDm#2ukkGN?- z8=G6;uTTXFll+Xq22x)9Cf`Njsjd3DwjB{*8(|1KmM0&))4Ypmji%g*L6l@CmW#US z^uh8q+{7~E4=}LGu}Wjn_$q!=dY1kLJIIMYb2qn78w4mtrkx_$h_gkaW_Kn2Nvq?G zHQvNwW*`D-Xy!eDZ4NX<*Wlw2^oQIv0l(dP94EVW&QZGSXw+{~FnsNDRZj7N$bgCI$Swop+O?k%Eb)CbcX92vPGsz*tJvtTb7KWXBF{@pW6?neJs)~O)#F?v1bIW2Fn zXzPRdwMkJtSR-{qVXoJv(uzspa9B*^zb&c-VJbKK=X1^ZVOER+Z9(HE)BJk<5e+}NhY&Uod3OwtB7wZL6 zs%zzmuZ%dafF~}}1NK)A0~Xq_``J9eL}{EUKDwRRKhz(5S^;-2=yl~;A{`@j9SJ!f zA={QT%0)f;xo^1tjGwAb)^#?(6rR`)G8j^ME(a4V(x?h literal 0 HcmV?d00001